summaryrefslogtreecommitdiff
path: root/hw
diff options
context:
space:
mode:
authorJunfeng Dong <junfeng.dong@intel.com>2013-11-19 17:45:23 +0800
committerJunfeng Dong <junfeng.dong@intel.com>2013-11-19 17:45:23 +0800
commit340f06c9eaee097e626c251bf7a013350649c091 (patch)
tree107e5705050a12da68fc80a56ae37afd50a2cc94 /hw
parent42bf3037d458a330856a0be584200c1e41c3f417 (diff)
downloadqemu-340f06c9eaee097e626c251bf7a013350649c091.tar.gz
qemu-340f06c9eaee097e626c251bf7a013350649c091.tar.bz2
qemu-340f06c9eaee097e626c251bf7a013350649c091.zip
Import upstream 1.6.0.upstream/1.6.0
Change-Id: Icf52b556470cac8677297f2ef14ded16684f7887 Signed-off-by: Junfeng Dong <junfeng.dong@intel.com>
Diffstat (limited to 'hw')
-rw-r--r--hw/9p.h24
-rw-r--r--hw/9pfs/codir.c4
-rw-r--r--hw/9pfs/cofile.c8
-rw-r--r--hw/9pfs/cofs.c4
-rw-r--r--hw/9pfs/coxattr.c4
-rw-r--r--hw/9pfs/virtio-9p-coth.c5
-rw-r--r--hw/9pfs/virtio-9p-coth.h4
-rw-r--r--hw/9pfs/virtio-9p-device.c128
-rw-r--r--hw/9pfs/virtio-9p-handle.c4
-rw-r--r--hw/9pfs/virtio-9p-local.c64
-rw-r--r--hw/9pfs/virtio-9p-posix-acl.c4
-rw-r--r--hw/9pfs/virtio-9p-proxy.c7
-rw-r--r--hw/9pfs/virtio-9p-synth.c2
-rw-r--r--hw/9pfs/virtio-9p-synth.h4
-rw-r--r--hw/9pfs/virtio-9p-xattr-user.c2
-rw-r--r--hw/9pfs/virtio-9p-xattr.c2
-rw-r--r--hw/9pfs/virtio-9p-xattr.h2
-rw-r--r--hw/9pfs/virtio-9p.c33
-rw-r--r--hw/9pfs/virtio-9p.h19
-rw-r--r--hw/Makefile.objs243
-rw-r--r--hw/a15mpcore.c108
-rw-r--r--hw/a9mpcore.c242
-rw-r--r--hw/ac97.c1438
-rw-r--r--hw/acpi.c470
-rw-r--r--hw/acpi.h155
-rw-r--r--hw/acpi/Makefile.objs2
-rw-r--r--hw/acpi/core.c624
-rw-r--r--hw/acpi/ich9.c230
-rw-r--r--hw/acpi/piix4.c739
-rw-r--r--hw/acpi_ich9.c322
-rw-r--r--hw/acpi_ich9.h47
-rw-r--r--hw/acpi_piix4.c662
-rw-r--r--hw/adb.c455
-rw-r--r--hw/adb.h63
-rw-r--r--hw/adlib.c337
-rw-r--r--hw/ads7846.c177
-rw-r--r--hw/alpha/Makefile.objs5
-rw-r--r--hw/alpha/alpha_sys.h21
-rw-r--r--hw/alpha/dp264.c184
-rw-r--r--hw/alpha/pci.c91
-rw-r--r--hw/alpha/typhoon.c810
-rw-r--r--hw/alpha_dp264.c181
-rw-r--r--hw/alpha_pci.c109
-rw-r--r--hw/alpha_sys.h22
-rw-r--r--hw/alpha_typhoon.c838
-rw-r--r--hw/an5206.c96
-rw-r--r--hw/apb_pci.c542
-rw-r--r--hw/apb_pci.h10
-rw-r--r--hw/apic-msidef.h30
-rw-r--r--hw/apic.c910
-rw-r--r--hw/apic.h32
-rw-r--r--hw/apic_common.c402
-rw-r--r--hw/apic_internal.h149
-rw-r--r--hw/apm.c89
-rw-r--r--hw/apm.h22
-rw-r--r--hw/applesmc.c251
-rw-r--r--hw/arm-misc.h70
-rw-r--r--hw/arm/Makefile.objs40
-rw-r--r--hw/arm/armv7m.c290
-rw-r--r--hw/arm/boot.c476
-rw-r--r--hw/arm/collie.c73
-rw-r--r--hw/arm/exynos4210.c371
-rw-r--r--hw/arm/exynos4_boards.c170
-rw-r--r--hw/arm/gumstix.c141
-rw-r--r--hw/arm/highbank.c386
-rw-r--r--hw/arm/integratorcp.c581
-rw-r--r--hw/arm/kzm.c157
-rw-r--r--hw/arm/mainstone.c190
-rw-r--r--hw/arm/musicpal.c1771
-rw-r--r--hw/arm/nseries.c1415
-rw-r--r--hw/arm/omap1.c4059
-rw-r--r--hw/arm/omap2.c2684
-rw-r--r--hw/arm/omap_sx1.c238
-rw-r--r--hw/arm/palm.c284
-rw-r--r--hw/arm/pic_cpu.c68
-rw-r--r--hw/arm/pxa2xx.c2320
-rw-r--r--hw/arm/pxa2xx_gpio.c358
-rw-r--r--hw/arm/pxa2xx_pic.c341
-rw-r--r--hw/arm/realview.c410
-rw-r--r--hw/arm/spitz.c1145
-rw-r--r--hw/arm/stellaris.c1418
-rw-r--r--hw/arm/strongarm.c1661
-rw-r--r--hw/arm/strongarm.h68
-rw-r--r--hw/arm/tosa.c302
-rw-r--r--hw/arm/versatilepb.c412
-rw-r--r--hw/arm/vexpress.c672
-rw-r--r--hw/arm/xilinx_zynq.c247
-rw-r--r--hw/arm/z2.c384
-rw-r--r--hw/arm11mpcore.c268
-rw-r--r--hw/arm_boot.c465
-rw-r--r--hw/arm_gic.c718
-rw-r--r--hw/arm_gic_common.c184
-rw-r--r--hw/arm_gic_internal.h136
-rw-r--r--hw/arm_l2x0.c194
-rw-r--r--hw/arm_mptimer.c344
-rw-r--r--hw/arm_pic.c40
-rw-r--r--hw/arm_sysctl.c425
-rw-r--r--hw/arm_timer.c399
-rw-r--r--hw/armv7m.c284
-rw-r--r--hw/armv7m_nvic.c550
-rw-r--r--hw/audio/Makefile.objs18
-rw-r--r--hw/audio/ac97.c1442
-rw-r--r--hw/audio/adlib.c391
-rw-r--r--hw/audio/cs4231.c187
-rw-r--r--hw/audio/cs4231a.c708
-rw-r--r--hw/audio/es1370.c1091
-rw-r--r--hw/audio/fmopl.c (renamed from hw/fmopl.c)0
-rw-r--r--hw/audio/fmopl.h (renamed from hw/fmopl.h)0
-rw-r--r--hw/audio/gus.c337
-rw-r--r--hw/audio/gusemu.h (renamed from hw/gusemu.h)0
-rw-r--r--hw/audio/gusemu_hal.c (renamed from hw/gusemu_hal.c)0
-rw-r--r--hw/audio/gusemu_mixer.c (renamed from hw/gusemu_mixer.c)0
-rw-r--r--hw/audio/gustate.h (renamed from hw/gustate.h)0
-rw-r--r--hw/audio/hda-codec.c1101
-rw-r--r--hw/audio/intel-hda-defs.h (renamed from hw/intel-hda-defs.h)0
-rw-r--r--hw/audio/intel-hda.c1342
-rw-r--r--hw/audio/intel-hda.h72
-rw-r--r--hw/audio/lm4549.c336
-rw-r--r--hw/audio/lm4549.h (renamed from hw/lm4549.h)0
-rw-r--r--hw/audio/marvell_88w8618.c305
-rw-r--r--hw/audio/milkymist-ac97.c349
-rw-r--r--hw/audio/pcspk.c212
-rw-r--r--hw/audio/pl041.c653
-rw-r--r--hw/audio/pl041.h (renamed from hw/pl041.h)0
-rw-r--r--hw/audio/pl041.hx (renamed from hw/pl041.hx)0
-rw-r--r--hw/audio/sb16.c1435
-rw-r--r--hw/audio/wm8750.c716
-rw-r--r--hw/audiodev.h20
-rw-r--r--hw/axis_dev88.c365
-rw-r--r--hw/baum.c627
-rw-r--r--hw/baum.h26
-rw-r--r--hw/bitbang_i2c.c245
-rw-r--r--hw/bitbang_i2c.h14
-rw-r--r--hw/blizzard.c997
-rw-r--r--hw/blizzard_template.h136
-rw-r--r--hw/block-common.c64
-rw-r--r--hw/block-common.h79
-rw-r--r--hw/block/Makefile.objs15
-rw-r--r--hw/block/block.c62
-rw-r--r--hw/block/cdrom.c155
-rw-r--r--hw/block/dataplane/Makefile.objs1
-rw-r--r--hw/block/dataplane/ioq.c117
-rw-r--r--hw/block/dataplane/ioq.h57
-rw-r--r--hw/block/dataplane/virtio-blk.c542
-rw-r--r--hw/block/dataplane/virtio-blk.h29
-rw-r--r--hw/block/ecc.c91
-rw-r--r--hw/block/fdc.c2328
-rw-r--r--hw/block/hd-geometry.c157
-rw-r--r--hw/block/m25p80.c703
-rw-r--r--hw/block/nand.c800
-rw-r--r--hw/block/nvme.c887
-rw-r--r--hw/block/nvme.h711
-rw-r--r--hw/block/onenand.c854
-rw-r--r--hw/block/pflash_cfi01.c775
-rw-r--r--hw/block/pflash_cfi02.c789
-rw-r--r--hw/block/tc58128.c178
-rw-r--r--hw/block/virtio-blk.c760
-rw-r--r--hw/block/xen_blkif.h (renamed from hw/xen_blkif.h)0
-rw-r--r--hw/block/xen_disk.c988
-rw-r--r--hw/boards.h47
-rw-r--r--hw/bonito.c847
-rw-r--r--hw/bt-hci-csr.c453
-rw-r--r--hw/bt-hci.c2217
-rw-r--r--hw/bt-hid.c553
-rw-r--r--hw/bt-l2cap.c1365
-rw-r--r--hw/bt-sdp.c967
-rw-r--r--hw/bt.c121
-rw-r--r--hw/bt.h2185
-rw-r--r--hw/bt/Makefile.objs3
-rw-r--r--hw/bt/core.c121
-rw-r--r--hw/bt/hci-csr.c454
-rw-r--r--hw/bt/hci.c2217
-rw-r--r--hw/bt/hid.c553
-rw-r--r--hw/bt/l2cap.c1365
-rw-r--r--hw/bt/sdp.c967
-rw-r--r--hw/cadence_gem.c1233
-rw-r--r--hw/cadence_ttc.c489
-rw-r--r--hw/cadence_uart.c516
-rw-r--r--hw/cbus.c618
-rw-r--r--hw/ccid-card-emulated.c602
-rw-r--r--hw/ccid-card-passthru.c351
-rw-r--r--hw/ccid.h65
-rw-r--r--hw/cdrom.c155
-rw-r--r--hw/char/Makefile.objs27
-rw-r--r--hw/char/cadence_uart.c522
-rw-r--r--hw/char/debugcon.c140
-rw-r--r--hw/char/escc.c941
-rw-r--r--hw/char/etraxfs_ser.c252
-rw-r--r--hw/char/exynos4210_uart.c680
-rw-r--r--hw/char/grlib_apbuart.c298
-rw-r--r--hw/char/imx_serial.c473
-rw-r--r--hw/char/ipack.c116
-rw-r--r--hw/char/ipack.h79
-rw-r--r--hw/char/ipoctal232.c606
-rw-r--r--hw/char/lm32_juart.c162
-rw-r--r--hw/char/lm32_uart.c302
-rw-r--r--hw/char/mcf_uart.c307
-rw-r--r--hw/char/milkymist-uart.c249
-rw-r--r--hw/char/omap_uart.c187
-rw-r--r--hw/char/parallel.c625
-rw-r--r--hw/char/pl011.c332
-rw-r--r--hw/char/sclpconsole.c289
-rw-r--r--hw/char/serial-isa.c138
-rw-r--r--hw/char/serial-pci.c269
-rw-r--r--hw/char/serial.c775
-rw-r--r--hw/char/sh_serial.c410
-rw-r--r--hw/char/spapr_vty.c241
-rw-r--r--hw/char/tpci200.c672
-rw-r--r--hw/char/virtio-console.c207
-rw-r--r--hw/char/virtio-serial-bus.c1044
-rw-r--r--hw/char/xen_console.c305
-rw-r--r--hw/char/xilinx_uartlite.c235
-rw-r--r--hw/cirrus_vga.c3011
-rw-r--r--hw/collie.c72
-rw-r--r--hw/core/Makefile.objs13
-rw-r--r--hw/core/empty_slot.c102
-rw-r--r--hw/core/irq.c136
-rw-r--r--hw/core/loader.c884
-rw-r--r--hw/core/null-machine.c36
-rw-r--r--hw/core/ptimer.c231
-rw-r--r--hw/core/qdev-properties-system.c391
-rw-r--r--hw/core/qdev-properties.c1198
-rw-r--r--hw/core/qdev.c907
-rw-r--r--hw/core/stream.c32
-rw-r--r--hw/core/sysbus.c301
-rw-r--r--hw/core/uboot_image.h158
-rw-r--r--hw/cpu/Makefile.objs5
-rw-r--r--hw/cpu/a15mpcore.c122
-rw-r--r--hw/cpu/a9mpcore.c145
-rw-r--r--hw/cpu/arm11mpcore.c291
-rw-r--r--hw/cpu/icc_bus.c127
-rw-r--r--hw/cris-boot.c98
-rw-r--r--hw/cris-boot.h11
-rw-r--r--hw/cris/Makefile.objs14
-rw-r--r--hw/cris/axis_dev88.c366
-rw-r--r--hw/cris/boot.c98
-rw-r--r--hw/cris/boot.h15
-rw-r--r--hw/cris/pic_cpu.c47
-rw-r--r--hw/cris_pic_cpu.c45
-rw-r--r--hw/cs4231.c181
-rw-r--r--hw/cs4231a.c697
-rw-r--r--hw/cuda.c752
-rw-r--r--hw/debugcon.c117
-rw-r--r--hw/dec_pci.c151
-rw-r--r--hw/device-hotplug.c92
-rw-r--r--hw/devices.h70
-rw-r--r--hw/display/Makefile.objs35
-rw-r--r--hw/display/ads7846.c177
-rw-r--r--hw/display/blizzard.c995
-rw-r--r--hw/display/blizzard_template.h136
-rw-r--r--hw/display/cirrus_vga.c3025
-rw-r--r--hw/display/cirrus_vga_rop.h (renamed from hw/cirrus_vga_rop.h)0
-rw-r--r--hw/display/cirrus_vga_rop2.h (renamed from hw/cirrus_vga_rop2.h)0
-rw-r--r--hw/display/cirrus_vga_template.h (renamed from hw/cirrus_vga_template.h)0
-rw-r--r--hw/display/exynos4210_fimd.c1947
-rw-r--r--hw/display/framebuffer.c113
-rw-r--r--hw/display/framebuffer.h25
-rw-r--r--hw/display/g364fb.c557
-rw-r--r--hw/display/jazz_led.c311
-rw-r--r--hw/display/milkymist-tmu2.c495
-rw-r--r--hw/display/milkymist-vgafb.c345
-rw-r--r--hw/display/milkymist-vgafb_template.h74
-rw-r--r--hw/display/omap_dss.c1086
-rw-r--r--hw/display/omap_lcd_template.h (renamed from hw/omap_lcd_template.h)0
-rw-r--r--hw/display/omap_lcdc.c412
-rw-r--r--hw/display/pl110.c532
-rw-r--r--hw/display/pl110_template.h (renamed from hw/pl110_template.h)0
-rw-r--r--hw/display/pxa2xx_lcd.c1061
-rw-r--r--hw/display/pxa2xx_template.h (renamed from hw/pxa2xx_template.h)0
-rw-r--r--hw/display/qxl-logger.c275
-rw-r--r--hw/display/qxl-render.c280
-rw-r--r--hw/display/qxl.c2369
-rw-r--r--hw/display/qxl.h165
-rw-r--r--hw/display/sm501.c1452
-rw-r--r--hw/display/sm501_template.h (renamed from hw/sm501_template.h)0
-rw-r--r--hw/display/ssd0303.c325
-rw-r--r--hw/display/ssd0323.c376
-rw-r--r--hw/display/tc6393xb.c593
-rw-r--r--hw/display/tc6393xb_template.h68
-rw-r--r--hw/display/tcx.c627
-rw-r--r--hw/display/vga-isa-mm.c142
-rw-r--r--hw/display/vga-isa.c105
-rw-r--r--hw/display/vga-pci.c216
-rw-r--r--hw/display/vga.c2396
-rw-r--r--hw/display/vga.h (renamed from hw/vga.h)0
-rw-r--r--hw/display/vga_int.h214
-rw-r--r--hw/display/vga_template.h (renamed from hw/vga_template.h)0
-rw-r--r--hw/display/vmware_vga.c1324
-rw-r--r--hw/display/xenfb.c1000
-rw-r--r--hw/dma.c565
-rw-r--r--hw/dma/Makefile.objs13
-rw-r--r--hw/dma/etraxfs_dma.c781
-rw-r--r--hw/dma/i82374.c177
-rw-r--r--hw/dma/i8257.c600
-rw-r--r--hw/dma/omap_dma.c2102
-rw-r--r--hw/dma/pl080.c410
-rw-r--r--hw/dma/pl330.c1654
-rw-r--r--hw/dma/puv3_dma.c113
-rw-r--r--hw/dma/pxa2xx_dma.c578
-rw-r--r--hw/dma/rc4030.c825
-rw-r--r--hw/dma/soc_dma.c366
-rw-r--r--hw/dma/sparc32_dma.c321
-rw-r--r--hw/dma/sun4m_iommu.c391
-rw-r--r--hw/dma/xilinx_axidma.c668
-rw-r--r--hw/dp8393x.c913
-rw-r--r--hw/ds1225y.c165
-rw-r--r--hw/ds1338.c193
-rw-r--r--hw/dummy_m68k.c83
-rw-r--r--hw/e1000.c1334
-rw-r--r--hw/ecc.c91
-rw-r--r--hw/eccmemctl.c340
-rw-r--r--hw/eepro100.c2115
-rw-r--r--hw/eeprom93xx.c337
-rw-r--r--hw/eeprom93xx.h40
-rw-r--r--hw/elf_ops.h306
-rw-r--r--hw/empty_slot.c98
-rw-r--r--hw/empty_slot.h2
-rw-r--r--hw/es1370.c1089
-rw-r--r--hw/escc.c938
-rw-r--r--hw/escc.h8
-rw-r--r--hw/esp-pci.c518
-rw-r--r--hw/esp.c727
-rw-r--r--hw/esp.h132
-rw-r--r--hw/etraxfs.h46
-rw-r--r--hw/etraxfs_dma.c781
-rw-r--r--hw/etraxfs_dma.h29
-rw-r--r--hw/etraxfs_eth.c645
-rw-r--r--hw/etraxfs_pic.c180
-rw-r--r--hw/etraxfs_ser.c248
-rw-r--r--hw/etraxfs_timer.c351
-rw-r--r--hw/exynos4210.c338
-rw-r--r--hw/exynos4210.h137
-rw-r--r--hw/exynos4210_combiner.c455
-rw-r--r--hw/exynos4210_fimd.c1928
-rw-r--r--hw/exynos4210_gic.c462
-rw-r--r--hw/exynos4210_i2c.c334
-rw-r--r--hw/exynos4210_mct.c1482
-rw-r--r--hw/exynos4210_pmu.c499
-rw-r--r--hw/exynos4210_pwm.c422
-rw-r--r--hw/exynos4210_rtc.c592
-rw-r--r--hw/exynos4210_uart.c676
-rw-r--r--hw/exynos4_boards.c168
-rw-r--r--hw/fdc.c2284
-rw-r--r--hw/fdc.h24
-rw-r--r--hw/fifo.c78
-rw-r--r--hw/fifo.h99
-rw-r--r--hw/firmware_abi.h73
-rw-r--r--hw/flash.h59
-rw-r--r--hw/framebuffer.c110
-rw-r--r--hw/framebuffer.h25
-rw-r--r--hw/fw_cfg.c589
-rw-r--r--hw/fw_cfg.h70
-rw-r--r--hw/g364fb.c612
-rw-r--r--hw/gpio/Makefile.objs6
-rw-r--r--hw/gpio/max7310.c213
-rw-r--r--hw/gpio/omap_gpio.c806
-rw-r--r--hw/gpio/pl061.c336
-rw-r--r--hw/gpio/puv3_gpio.c145
-rw-r--r--hw/gpio/zaurus.c297
-rw-r--r--hw/grackle_pci.c165
-rw-r--r--hw/grlib.h126
-rw-r--r--hw/grlib_apbuart.c271
-rw-r--r--hw/grlib_gptimer.c404
-rw-r--r--hw/grlib_irqmp.c385
-rw-r--r--hw/gt64xxx.c1188
-rw-r--r--hw/gumstix.c139
-rw-r--r--hw/gus.c332
-rw-r--r--hw/hd-geometry.c157
-rw-r--r--hw/hda-audio.c1098
-rw-r--r--hw/heathrow_pic.c215
-rw-r--r--hw/hid.c467
-rw-r--r--hw/hid.h82
-rw-r--r--hw/highbank.c338
-rw-r--r--hw/hpet.c760
-rw-r--r--hw/hpet_emul.h74
-rw-r--r--hw/hw.h70
-rw-r--r--hw/i2c.c246
-rw-r--r--hw/i2c.h92
-rw-r--r--hw/i2c/Makefile.objs7
-rw-r--r--hw/i2c/bitbang_i2c.c252
-rw-r--r--hw/i2c/bitbang_i2c.h14
-rw-r--r--hw/i2c/core.c247
-rw-r--r--hw/i2c/exynos4210_i2c.c336
-rw-r--r--hw/i2c/omap_i2c.c498
-rw-r--r--hw/i2c/pm_smbus.c207
-rw-r--r--hw/i2c/smbus.c335
-rw-r--r--hw/i2c/smbus_eeprom.c156
-rw-r--r--hw/i2c/smbus_ich9.c127
-rw-r--r--hw/i2c/versatile_i2c.c113
-rw-r--r--hw/i386/Makefile.objs19
-rw-r--r--hw/i386/kvm/Makefile.objs1
-rw-r--r--hw/i386/kvm/apic.c209
-rw-r--r--hw/i386/kvm/clock.c145
-rw-r--r--hw/i386/kvm/i8254.c336
-rw-r--r--hw/i386/kvm/i8259.c162
-rw-r--r--hw/i386/kvm/ioapic.c166
-rw-r--r--hw/i386/kvm/pci-assign.c1946
-rw-r--r--hw/i386/kvmvapic.c838
-rw-r--r--hw/i386/multiboot.c347
-rw-r--r--hw/i386/multiboot.h14
-rw-r--r--hw/i386/pc.c1364
-rw-r--r--hw/i386/pc_piix.c782
-rw-r--r--hw/i386/pc_q35.c283
-rw-r--r--hw/i386/pc_sysfw.c188
-rw-r--r--hw/i386/smbios.c246
-rw-r--r--hw/i386/xen_domainbuild.c299
-rw-r--r--hw/i386/xen_domainbuild.h13
-rw-r--r--hw/i386/xen_machine_pv.c110
-rw-r--r--hw/i82374.c168
-rw-r--r--hw/i82378.c277
-rw-r--r--hw/i8254.c362
-rw-r--r--hw/i8254.h68
-rw-r--r--hw/i8254_common.c311
-rw-r--r--hw/i8254_internal.h85
-rw-r--r--hw/i8259.c496
-rw-r--r--hw/i8259_common.c161
-rw-r--r--hw/i8259_internal.h82
-rw-r--r--hw/i82801b11.c125
-rw-r--r--hw/ich9.h207
-rw-r--r--hw/ide.h39
-rw-r--r--hw/ide/Makefile.objs2
-rw-r--r--hw/ide/ahci.c188
-rw-r--r--hw/ide/ahci.h34
-rw-r--r--hw/ide/atapi.c2
-rw-r--r--hw/ide/cmd646.c93
-rw-r--r--hw/ide/core.c1344
-rw-r--r--hw/ide/ich.c59
-rw-r--r--hw/ide/internal.h15
-rw-r--r--hw/ide/isa.c64
-rw-r--r--hw/ide/macio.c338
-rw-r--r--hw/ide/microdrive.c6
-rw-r--r--hw/ide/mmio.c98
-rw-r--r--hw/ide/pci.c42
-rw-r--r--hw/ide/pci.h8
-rw-r--r--hw/ide/piix.c59
-rw-r--r--hw/ide/qdev.c34
-rw-r--r--hw/ide/via.c41
-rw-r--r--hw/imx.h34
-rw-r--r--hw/imx_avic.c408
-rw-r--r--hw/imx_ccm.c321
-rw-r--r--hw/imx_serial.c467
-rw-r--r--hw/imx_timer.c689
-rw-r--r--hw/input/Makefile.objs13
-rw-r--r--hw/input/adb.c581
-rw-r--r--hw/input/hid.c498
-rw-r--r--hw/input/lm832x.c521
-rw-r--r--hw/input/milkymist-softusb.c338
-rw-r--r--hw/input/pckbd.c542
-rw-r--r--hw/input/pl050.c205
-rw-r--r--hw/input/ps2.c676
-rw-r--r--hw/input/pxa2xx_keypad.c335
-rw-r--r--hw/input/stellaris_input.c89
-rw-r--r--hw/input/tsc2005.c593
-rw-r--r--hw/input/tsc210x.c1293
-rw-r--r--hw/input/vmmouse.c303
-rw-r--r--hw/intc/Makefile.objs25
-rw-r--r--hw/intc/apic.c911
-rw-r--r--hw/intc/apic_common.c408
-rw-r--r--hw/intc/arm_gic.c725
-rw-r--r--hw/intc/arm_gic_common.c176
-rw-r--r--hw/intc/arm_gic_kvm.c169
-rw-r--r--hw/intc/armv7m_nvic.c559
-rw-r--r--hw/intc/etraxfs_pic.c187
-rw-r--r--hw/intc/exynos4210_combiner.c460
-rw-r--r--hw/intc/exynos4210_gic.c473
-rw-r--r--hw/intc/gic_internal.h141
-rw-r--r--hw/intc/grlib_irqmp.c372
-rw-r--r--hw/intc/heathrow_pic.c215
-rw-r--r--hw/intc/i8259.c522
-rw-r--r--hw/intc/i8259_common.c157
-rw-r--r--hw/intc/imx_avic.c416
-rw-r--r--hw/intc/ioapic.c259
-rw-r--r--hw/intc/ioapic_common.c118
-rw-r--r--hw/intc/lm32_pic.c204
-rw-r--r--hw/intc/omap_intc.c662
-rw-r--r--hw/intc/openpic.c1663
-rw-r--r--hw/intc/openpic_kvm.c264
-rw-r--r--hw/intc/pl190.c293
-rw-r--r--hw/intc/puv3_intc.c140
-rw-r--r--hw/intc/realview_gic.c81
-rw-r--r--hw/intc/sh_intc.c512
-rw-r--r--hw/intc/slavio_intctl.c473
-rw-r--r--hw/intc/xics.c708
-rw-r--r--hw/intc/xilinx_intc.c200
-rw-r--r--hw/integratorcp.c565
-rw-r--r--hw/intel-hda.c1302
-rw-r--r--hw/intel-hda.h72
-rw-r--r--hw/ioapic.c259
-rw-r--r--hw/ioapic.h27
-rw-r--r--hw/ioapic_common.c120
-rw-r--r--hw/ioapic_internal.h102
-rw-r--r--hw/ioh3420.c250
-rw-r--r--hw/ioh3420.h10
-rw-r--r--hw/irq.c136
-rw-r--r--hw/irq.h57
-rw-r--r--hw/isa-bus.c267
-rw-r--r--hw/isa.h103
-rw-r--r--hw/isa/Makefile.objs8
-rw-r--r--hw/isa/apm.c102
-rw-r--r--hw/isa/i82378.c149
-rw-r--r--hw/isa/isa-bus.c261
-rw-r--r--hw/isa/lpc_ich9.c629
-rw-r--r--hw/isa/pc87312.c400
-rw-r--r--hw/isa/piix4.c132
-rw-r--r--hw/isa/vt82c686.c502
-rw-r--r--hw/isa_mmio.c81
-rw-r--r--hw/ivshmem.c821
-rw-r--r--hw/jazz_led.c291
-rw-r--r--hw/kvm/Makefile.objs1
-rw-r--r--hw/kvm/apic.c209
-rw-r--r--hw/kvm/clock.c143
-rw-r--r--hw/kvm/clock.h24
-rw-r--r--hw/kvm/i8254.c317
-rw-r--r--hw/kvm/i8259.c138
-rw-r--r--hw/kvm/ioapic.c165
-rw-r--r--hw/kvm/pci-assign.c1905
-rw-r--r--hw/kvmvapic.c821
-rw-r--r--hw/kzm.c156
-rw-r--r--hw/lan9118.c1399
-rw-r--r--hw/lance.c170
-rw-r--r--hw/leon3.c223
-rw-r--r--hw/lm32.h25
-rw-r--r--hw/lm32/Makefile.objs20
-rw-r--r--hw/lm32/lm32.h29
-rw-r--r--hw/lm32/lm32_boards.c309
-rw-r--r--hw/lm32/lm32_hwsetup.h178
-rw-r--r--hw/lm32/milkymist-hw.h207
-rw-r--r--hw/lm32/milkymist.c219
-rw-r--r--hw/lm32_boards.c307
-rw-r--r--hw/lm32_hwsetup.h178
-rw-r--r--hw/lm32_juart.c159
-rw-r--r--hw/lm32_juart.h11
-rw-r--r--hw/lm32_pic.c199
-rw-r--r--hw/lm32_pic.h14
-rw-r--r--hw/lm32_sys.c172
-rw-r--r--hw/lm32_timer.c230
-rw-r--r--hw/lm32_uart.c296
-rw-r--r--hw/lm4549.c336
-rw-r--r--hw/lm832x.c521
-rw-r--r--hw/loader.c801
-rw-r--r--hw/loader.h49
-rw-r--r--hw/lpc_ich9.c525
-rw-r--r--hw/lsi53c895a.c2141
-rw-r--r--hw/m25p80.c651
-rw-r--r--hw/m48t59.c778
-rw-r--r--hw/m68k/Makefile.objs4
-rw-r--r--hw/m68k/an5206.c100
-rw-r--r--hw/m68k/dummy_m68k.c84
-rw-r--r--hw/m68k/mcf5206.c548
-rw-r--r--hw/m68k/mcf5208.c306
-rw-r--r--hw/m68k/mcf_intc.c154
-rw-r--r--hw/mac_dbdma.c854
-rw-r--r--hw/mac_dbdma.h44
-rw-r--r--hw/mac_nvram.c178
-rw-r--r--hw/macio.c140
-rw-r--r--hw/mainstone.c189
-rw-r--r--hw/marvell_88w8618_audio.c303
-rw-r--r--hw/max111x.c193
-rw-r--r--hw/max7310.c213
-rw-r--r--hw/mc146818rtc.c913
-rw-r--r--hw/mc146818rtc.h11
-rw-r--r--hw/mc146818rtc_regs.h67
-rw-r--r--hw/mcf.h30
-rw-r--r--hw/mcf5206.c548
-rw-r--r--hw/mcf5208.c302
-rw-r--r--hw/mcf_fec.c480
-rw-r--r--hw/mcf_intc.c154
-rw-r--r--hw/mcf_uart.c306
-rw-r--r--hw/megasas.c2213
-rw-r--r--hw/microblaze/Makefile.objs12
-rw-r--r--hw/microblaze/boot.c164
-rw-r--r--hw/microblaze/boot.h10
-rw-r--r--hw/microblaze/petalogix_ml605_mmu.c197
-rw-r--r--hw/microblaze/petalogix_s3adsp1800_mmu.c127
-rw-r--r--hw/microblaze/pic_cpu.c47
-rw-r--r--hw/microblaze/pic_cpu.h (renamed from hw/microblaze_pic_cpu.h)0
-rw-r--r--hw/microblaze_boot.c177
-rw-r--r--hw/microblaze_boot.h10
-rw-r--r--hw/microblaze_pic_cpu.c44
-rw-r--r--hw/milkymist-ac97.c344
-rw-r--r--hw/milkymist-hpdmc.c170
-rw-r--r--hw/milkymist-hw.h223
-rw-r--r--hw/milkymist-memcard.c303
-rw-r--r--hw/milkymist-minimac2.c550
-rw-r--r--hw/milkymist-pfpu.c544
-rw-r--r--hw/milkymist-softusb.c331
-rw-r--r--hw/milkymist-sysctl.c338
-rw-r--r--hw/milkymist-tmu2.c490
-rw-r--r--hw/milkymist-uart.c243
-rw-r--r--hw/milkymist-vgafb.c334
-rw-r--r--hw/milkymist-vgafb_template.h74
-rw-r--r--hw/milkymist.c218
-rw-r--r--hw/mips-bios.h8
-rw-r--r--hw/mips.h29
-rw-r--r--hw/mips/Makefile.objs10
-rw-r--r--hw/mips/addr.c34
-rw-r--r--hw/mips/cputimer.c147
-rw-r--r--hw/mips/gt64xxx_pci.c1189
-rw-r--r--hw/mips/mips_fulong2e.c414
-rw-r--r--hw/mips/mips_int.c67
-rw-r--r--hw/mips/mips_jazz.c347
-rw-r--r--hw/mips/mips_malta.c1153
-rw-r--r--hw/mips/mips_mipssim.c243
-rw-r--r--hw/mips/mips_r4k.c317
-rw-r--r--hw/mips_addr.c34
-rw-r--r--hw/mips_cpudevs.h15
-rw-r--r--hw/mips_fulong2e.c410
-rw-r--r--hw/mips_int.c65
-rw-r--r--hw/mips_jazz.c343
-rw-r--r--hw/mips_malta.c1033
-rw-r--r--hw/mips_mipssim.c238
-rw-r--r--hw/mips_r4k.c312
-rw-r--r--hw/mips_timer.c147
-rw-r--r--hw/mipsnet.c284
-rw-r--r--hw/misc/Makefile.objs43
-rw-r--r--hw/misc/a9scu.c165
-rw-r--r--hw/misc/applesmc.c281
-rw-r--r--hw/misc/arm_l2x0.c199
-rw-r--r--hw/misc/arm_sysctl.c656
-rw-r--r--hw/misc/cbus.c618
-rw-r--r--hw/misc/debugexit.c76
-rw-r--r--hw/misc/eccmemctl.c345
-rw-r--r--hw/misc/exynos4210_pmu.c503
-rw-r--r--hw/misc/imx_ccm.c326
-rw-r--r--hw/misc/ivshmem.c839
-rw-r--r--hw/misc/lm32_sys.c176
-rw-r--r--hw/misc/macio/Makefile.objs3
-rw-r--r--hw/misc/macio/cuda.c740
-rw-r--r--hw/misc/macio/mac_dbdma.c764
-rw-r--r--hw/misc/macio/macio.c402
-rw-r--r--hw/misc/max111x.c193
-rw-r--r--hw/misc/milkymist-hpdmc.c175
-rw-r--r--hw/misc/milkymist-pfpu.c549
-rw-r--r--hw/misc/mst_fpga.c267
-rw-r--r--hw/misc/omap_clk.c1264
-rw-r--r--hw/misc/omap_gpmc.c894
-rw-r--r--hw/misc/omap_l4.c162
-rw-r--r--hw/misc/omap_sdrc.c168
-rw-r--r--hw/misc/omap_tap.c116
-rw-r--r--hw/misc/pc-testdev.c207
-rw-r--r--hw/misc/pci-testdev.c334
-rw-r--r--hw/misc/puv3_pm.c153
-rw-r--r--hw/misc/pvpanic.c147
-rw-r--r--hw/misc/pxa2xx_pcmcia.c207
-rw-r--r--hw/misc/sga.c67
-rw-r--r--hw/misc/slavio_misc.c517
-rw-r--r--hw/misc/tmp105.c269
-rw-r--r--hw/misc/tmp105.h47
-rw-r--r--hw/misc/vfio.c3322
-rw-r--r--hw/misc/vmport.c180
-rw-r--r--hw/misc/zynq_slcr.c539
-rw-r--r--hw/moxie/Makefile.objs2
-rw-r--r--hw/moxie/moxiesim.c174
-rw-r--r--hw/mpc8544_guts.c143
-rw-r--r--hw/msi.c395
-rw-r--r--hw/msi.h50
-rw-r--r--hw/msix.c562
-rw-r--r--hw/msix.h41
-rw-r--r--hw/msmouse.c78
-rw-r--r--hw/msmouse.h2
-rw-r--r--hw/mst_fpga.c263
-rw-r--r--hw/multiboot.c349
-rw-r--r--hw/multiboot.h12
-rw-r--r--hw/musicpal.c1697
-rw-r--r--hw/nand.c789
-rw-r--r--hw/ne2000-isa.c112
-rw-r--r--hw/ne2000.c788
-rw-r--r--hw/ne2000.h35
-rw-r--r--hw/net/Makefile.objs33
-rw-r--r--hw/net/cadence_gem.c1224
-rw-r--r--hw/net/dp8393x.c914
-rw-r--r--hw/net/e1000.c1422
-rw-r--r--hw/net/e1000_regs.h (renamed from hw/e1000_hw.h)0
-rw-r--r--hw/net/eepro100.c2116
-rw-r--r--hw/net/etraxfs_eth.c663
-rw-r--r--hw/net/lan9118.c1406
-rw-r--r--hw/net/lance.c178
-rw-r--r--hw/net/mcf_fec.c480
-rw-r--r--hw/net/milkymist-minimac2.c551
-rw-r--r--hw/net/mipsnet.c290
-rw-r--r--hw/net/ne2000-isa.c116
-rw-r--r--hw/net/ne2000.c790
-rw-r--r--hw/net/ne2000.h40
-rw-r--r--hw/net/opencores_eth.c740
-rw-r--r--hw/net/pcnet-pci.c384
-rw-r--r--hw/net/pcnet.c1772
-rw-r--r--hw/net/pcnet.h70
-rw-r--r--hw/net/rtl8139.c3581
-rw-r--r--hw/net/smc91c111.c814
-rw-r--r--hw/net/spapr_llan.c557
-rw-r--r--hw/net/stellaris_enet.c462
-rw-r--r--hw/net/vhost_net.c331
-rw-r--r--hw/net/virtio-net.c1667
-rw-r--r--hw/net/vmware_utils.h143
-rw-r--r--hw/net/vmxnet3.c2472
-rw-r--r--hw/net/vmxnet3.h757
-rw-r--r--hw/net/vmxnet_debug.h115
-rw-r--r--hw/net/vmxnet_rx_pkt.c187
-rw-r--r--hw/net/vmxnet_rx_pkt.h174
-rw-r--r--hw/net/vmxnet_tx_pkt.c567
-rw-r--r--hw/net/vmxnet_tx_pkt.h148
-rw-r--r--hw/net/xen_nic.c439
-rw-r--r--hw/net/xgmac.c440
-rw-r--r--hw/net/xilinx_axienet.c1071
-rw-r--r--hw/net/xilinx_ethlite.c269
-rw-r--r--hw/nseries.c1428
-rw-r--r--hw/null-machine.c35
-rw-r--r--hw/nvram.h34
-rw-r--r--hw/nvram/Makefile.objs5
-rw-r--r--hw/nvram/ds1225y.c170
-rw-r--r--hw/nvram/eeprom93xx.c337
-rw-r--r--hw/nvram/fw_cfg.c598
-rw-r--r--hw/nvram/mac_nvram.c196
-rw-r--r--hw/nvram/spapr_nvram.c200
-rw-r--r--hw/omap.h1015
-rw-r--r--hw/omap1.c4053
-rw-r--r--hw/omap2.c2684
-rw-r--r--hw/omap_clk.c1264
-rw-r--r--hw/omap_dma.c2089
-rw-r--r--hw/omap_dss.c1086
-rw-r--r--hw/omap_gpio.c792
-rw-r--r--hw/omap_gpmc.c894
-rw-r--r--hw/omap_gptimer.c488
-rw-r--r--hw/omap_i2c.c492
-rw-r--r--hw/omap_intc.c649
-rw-r--r--hw/omap_l4.c162
-rw-r--r--hw/omap_lcdc.c489
-rw-r--r--hw/omap_mmc.c641
-rw-r--r--hw/omap_sdrc.c168
-rw-r--r--hw/omap_spi.c349
-rw-r--r--hw/omap_sx1.c236
-rw-r--r--hw/omap_synctimer.c102
-rw-r--r--hw/omap_tap.c116
-rw-r--r--hw/omap_uart.c187
-rw-r--r--hw/onenand.c841
-rw-r--r--hw/opencores_eth.c733
-rw-r--r--hw/openpic.c1710
-rw-r--r--hw/openpic.h18
-rw-r--r--hw/openrisc/Makefile.objs5
-rw-r--r--hw/openrisc/cputimer.c103
-rw-r--r--hw/openrisc/openrisc_sim.c150
-rw-r--r--hw/openrisc/pic_cpu.c61
-rw-r--r--hw/openrisc_pic.c60
-rw-r--r--hw/openrisc_sim.c149
-rw-r--r--hw/openrisc_timer.c101
-rw-r--r--hw/palm.c290
-rw-r--r--hw/pam.c87
-rw-r--r--hw/pam.h97
-rw-r--r--hw/parallel.c614
-rw-r--r--hw/pc.c1109
-rw-r--r--hw/pc.h189
-rw-r--r--hw/pc_piix.c645
-rw-r--r--hw/pc_q35.c223
-rw-r--r--hw/pc_sysfw.c266
-rw-r--r--hw/pci-bridge/Makefile.objs5
-rw-r--r--hw/pci-bridge/dec.c156
-rw-r--r--hw/pci-bridge/dec.h (renamed from hw/dec_pci.h)0
-rw-r--r--hw/pci-bridge/i82801b11.c130
-rw-r--r--hw/pci-bridge/ioh3420.c236
-rw-r--r--hw/pci-bridge/ioh3420.h10
-rw-r--r--hw/pci-bridge/pci_bridge_dev.c165
-rw-r--r--hw/pci-bridge/xio3130_downstream.c203
-rw-r--r--hw/pci-bridge/xio3130_downstream.h11
-rw-r--r--hw/pci-bridge/xio3130_upstream.c183
-rw-r--r--hw/pci-bridge/xio3130_upstream.h10
-rw-r--r--hw/pci-host/Makefile.objs17
-rw-r--r--hw/pci-host/apb.c580
-rw-r--r--hw/pci-host/bonito.c842
-rw-r--r--hw/pci-host/grackle.c165
-rw-r--r--hw/pci-host/pam.c89
-rw-r--r--hw/pci-host/piix.c744
-rw-r--r--hw/pci-host/ppce500.c428
-rw-r--r--hw/pci-host/prep.c235
-rw-r--r--hw/pci-host/q35.c390
-rw-r--r--hw/pci-host/uninorth.c492
-rw-r--r--hw/pci-host/versatile.c532
-rw-r--r--hw/pci-hotplug.c293
-rw-r--r--hw/pci-stub.c47
-rw-r--r--hw/pci.c2168
-rw-r--r--hw/pci.h684
-rw-r--r--hw/pci/Makefile.objs11
-rw-r--r--hw/pci/msi.c395
-rw-r--r--hw/pci/msix.c604
-rw-r--r--hw/pci/pci-hotplug-old.c337
-rw-r--r--hw/pci/pci-stub.c47
-rw-r--r--hw/pci/pci.c2264
-rw-r--r--hw/pci/pci_bridge.c420
-rw-r--r--hw/pci/pci_host.c181
-rw-r--r--hw/pci/pcie.c571
-rw-r--r--hw/pci/pcie_aer.c1031
-rw-r--r--hw/pci/pcie_host.c162
-rw-r--r--hw/pci/pcie_port.c170
-rw-r--r--hw/pci/shpc.c682
-rw-r--r--hw/pci/slotid_cap.c45
-rw-r--r--hw/pci_bridge.c363
-rw-r--r--hw/pci_bridge.h66
-rw-r--r--hw/pci_bridge_dev.c171
-rw-r--r--hw/pci_host.c180
-rw-r--r--hw/pci_host.h62
-rw-r--r--hw/pci_ids.h147
-rw-r--r--hw/pci_internals.h78
-rw-r--r--hw/pci_regs.h717
-rw-r--r--hw/pcie.c555
-rw-r--r--hw/pcie.h142
-rw-r--r--hw/pcie_aer.c1032
-rw-r--r--hw/pcie_aer.h106
-rw-r--r--hw/pcie_host.c161
-rw-r--r--hw/pcie_host.h54
-rw-r--r--hw/pcie_port.c114
-rw-r--r--hw/pcie_port.h51
-rw-r--r--hw/pcie_regs.h156
-rw-r--r--hw/pckbd.c527
-rw-r--r--hw/pcmcia.h51
-rw-r--r--hw/pcnet-pci.c376
-rw-r--r--hw/pcnet.c1767
-rw-r--r--hw/pcnet.h65
-rw-r--r--hw/pcspk.c201
-rw-r--r--hw/pcspk.h45
-rw-r--r--hw/petalogix_ml605_mmu.c184
-rw-r--r--hw/petalogix_s3adsp1800_mmu.c126
-rw-r--r--hw/pflash_cfi01.c754
-rw-r--r--hw/pflash_cfi02.c786
-rw-r--r--hw/piix4.c132
-rw-r--r--hw/piix_pci.c584
-rw-r--r--hw/pixel_ops.h53
-rw-r--r--hw/pl011.c330
-rw-r--r--hw/pl022.c308
-rw-r--r--hw/pl031.c265
-rw-r--r--hw/pl041.c647
-rw-r--r--hw/pl050.c200
-rw-r--r--hw/pl061.c336
-rw-r--r--hw/pl080.c421
-rw-r--r--hw/pl110.c532
-rw-r--r--hw/pl181.c515
-rw-r--r--hw/pl190.c289
-rw-r--r--hw/pm_smbus.c176
-rw-r--r--hw/pm_smbus.h21
-rw-r--r--hw/ppc.c1317
-rw-r--r--hw/ppc.h92
-rw-r--r--hw/ppc/Makefile.objs41
-rw-r--r--hw/ppc/e500-ccsr.h17
-rw-r--r--hw/ppc/e500.c409
-rw-r--r--hw/ppc/e500.h4
-rw-r--r--hw/ppc/e500plat.c19
-rw-r--r--hw/ppc/mac.h184
-rw-r--r--hw/ppc/mac_newworld.c488
-rw-r--r--hw/ppc/mac_oldworld.c361
-rw-r--r--hw/ppc/mpc8544_guts.c140
-rw-r--r--hw/ppc/mpc8544ds.c9
-rw-r--r--hw/ppc/ppc.c1364
-rw-r--r--hw/ppc/ppc405.h81
-rw-r--r--hw/ppc/ppc405_boards.c662
-rw-r--r--hw/ppc/ppc405_uc.c2548
-rw-r--r--hw/ppc/ppc440_bamboo.c307
-rw-r--r--hw/ppc/ppc4xx_devs.c721
-rw-r--r--hw/ppc/ppc4xx_pci.c414
-rw-r--r--hw/ppc/ppc_booke.c326
-rw-r--r--hw/ppc/ppce500_spin.c224
-rw-r--r--hw/ppc/prep.c702
-rw-r--r--hw/ppc/spapr.c1336
-rw-r--r--hw/ppc/spapr_events.c321
-rw-r--r--hw/ppc/spapr_hcall.c739
-rw-r--r--hw/ppc/spapr_iommu.c336
-rw-r--r--hw/ppc/spapr_pci.c868
-rw-r--r--hw/ppc/spapr_rtas.c327
-rw-r--r--hw/ppc/spapr_vio.c675
-rw-r--r--hw/ppc/virtex_ml507.c256
-rw-r--r--hw/ppc405.h81
-rw-r--r--hw/ppc405_boards.c660
-rw-r--r--hw/ppc405_uc.c2540
-rw-r--r--hw/ppc440_bamboo.c305
-rw-r--r--hw/ppc4xx.h64
-rw-r--r--hw/ppc4xx_devs.c721
-rw-r--r--hw/ppc4xx_pci.c414
-rw-r--r--hw/ppc_booke.c254
-rw-r--r--hw/ppc_mac.h81
-rw-r--r--hw/ppc_newworld.c431
-rw-r--r--hw/ppc_oldworld.c351
-rw-r--r--hw/ppc_prep.c704
-rw-r--r--hw/ppce500_pci.c393
-rw-r--r--hw/ppce500_spin.c227
-rw-r--r--hw/prep_pci.c208
-rw-r--r--hw/primecell.h12
-rw-r--r--hw/ps2.c676
-rw-r--r--hw/ps2.h38
-rw-r--r--hw/ptimer.c231
-rw-r--r--hw/ptimer.h39
-rw-r--r--hw/puv3.c133
-rw-r--r--hw/puv3.h49
-rw-r--r--hw/puv3_dma.c109
-rw-r--r--hw/puv3_gpio.c141
-rw-r--r--hw/puv3_intc.c135
-rw-r--r--hw/puv3_ost.c151
-rw-r--r--hw/puv3_pm.c149
-rw-r--r--hw/pxa.h191
-rw-r--r--hw/pxa2xx.c2291
-rw-r--r--hw/pxa2xx_dma.c574
-rw-r--r--hw/pxa2xx_gpio.c349
-rw-r--r--hw/pxa2xx_keypad.c335
-rw-r--r--hw/pxa2xx_lcd.c1051
-rw-r--r--hw/pxa2xx_mmci.c553
-rw-r--r--hw/pxa2xx_pcmcia.c207
-rw-r--r--hw/pxa2xx_pic.c334
-rw-r--r--hw/pxa2xx_timer.c536
-rw-r--r--hw/q35.c309
-rw-r--r--hw/q35.h150
-rw-r--r--hw/qdev-addr.c77
-rw-r--r--hw/qdev-addr.h5
-rw-r--r--hw/qdev-core.h233
-rw-r--r--hw/qdev-dma.h10
-rw-r--r--hw/qdev-monitor.c616
-rw-r--r--hw/qdev-monitor.h16
-rw-r--r--hw/qdev-properties.c1281
-rw-r--r--hw/qdev-properties.h130
-rw-r--r--hw/qdev.c798
-rw-r--r--hw/qdev.h9
-rw-r--r--hw/qxl-logger.c275
-rw-r--r--hw/qxl-render.c277
-rw-r--r--hw/qxl.c2348
-rw-r--r--hw/qxl.h160
-rw-r--r--hw/r2d.c357
-rw-r--r--hw/rc4030.c825
-rw-r--r--hw/realview.c400
-rw-r--r--hw/realview_gic.c74
-rw-r--r--hw/rtl8139.c3554
-rw-r--r--hw/s390-virtio-bus.c571
-rw-r--r--hw/s390-virtio-bus.h102
-rw-r--r--hw/s390-virtio.c354
-rw-r--r--hw/s390x/Makefile.objs9
-rw-r--r--hw/s390x/css.c1280
-rw-r--r--hw/s390x/css.h100
-rw-r--r--hw/s390x/event-facility.c12
-rw-r--r--hw/s390x/event-facility.h96
-rw-r--r--hw/s390x/ipl.c199
-rw-r--r--hw/s390x/s390-virtio-bus.c738
-rw-r--r--hw/s390x/s390-virtio-bus.h187
-rw-r--r--hw/s390x/s390-virtio-ccw.c137
-rw-r--r--hw/s390x/s390-virtio-hcall.c36
-rw-r--r--hw/s390x/s390-virtio.c304
-rw-r--r--hw/s390x/s390-virtio.h29
-rw-r--r--hw/s390x/sclp.c8
-rw-r--r--hw/s390x/sclp.h118
-rw-r--r--hw/s390x/sclpconsole.c306
-rw-r--r--hw/s390x/sclpquiesce.c8
-rw-r--r--hw/s390x/virtio-ccw.c1342
-rw-r--r--hw/s390x/virtio-ccw.h184
-rw-r--r--hw/sb16.c1424
-rw-r--r--hw/sbi.c156
-rw-r--r--hw/scsi-bus.c1881
-rw-r--r--hw/scsi-defs.h303
-rw-r--r--hw/scsi-disk.c2501
-rw-r--r--hw/scsi-generic.c516
-rw-r--r--hw/scsi.h255
-rw-r--r--hw/scsi/Makefile.objs13
-rw-r--r--hw/scsi/esp-pci.c533
-rw-r--r--hw/scsi/esp.c738
-rw-r--r--hw/scsi/lsi53c895a.c2159
-rw-r--r--hw/scsi/megasas.c2232
-rw-r--r--hw/scsi/mfi.h (renamed from hw/mfi.h)0
-rw-r--r--hw/scsi/scsi-bus.c1907
-rw-r--r--hw/scsi/scsi-disk.c2546
-rw-r--r--hw/scsi/scsi-generic.c520
-rw-r--r--hw/scsi/spapr_vscsi.c1109
-rw-r--r--hw/scsi/srp.h (renamed from hw/srp.h)0
-rw-r--r--hw/scsi/vhost-scsi.c289
-rw-r--r--hw/scsi/viosrp.h (renamed from hw/ppc-viosrp.h)0
-rw-r--r--hw/scsi/virtio-scsi.c711
-rw-r--r--hw/scsi/vmw_pvscsi.c1217
-rw-r--r--hw/scsi/vmw_pvscsi.h434
-rw-r--r--hw/sd.c1764
-rw-r--r--hw/sd.h80
-rw-r--r--hw/sd/Makefile.objs8
-rw-r--r--hw/sd/milkymist-memcard.c307
-rw-r--r--hw/sd/omap_mmc.c641
-rw-r--r--hw/sd/pl181.c520
-rw-r--r--hw/sd/pxa2xx_mmci.c553
-rw-r--r--hw/sd/sd.c1771
-rw-r--r--hw/sd/sdhci.c1300
-rw-r--r--hw/sd/sdhci.h312
-rw-r--r--hw/sd/ssi-sd.c274
-rw-r--r--hw/serial-isa.c130
-rw-r--r--hw/serial-pci.c252
-rw-r--r--hw/serial.c797
-rw-r--r--hw/serial.h99
-rw-r--r--hw/sga.c63
-rw-r--r--hw/sh.h57
-rw-r--r--hw/sh4/Makefile.objs7
-rw-r--r--hw/sh4/r2d.c367
-rw-r--r--hw/sh4/sh7750.c843
-rw-r--r--hw/sh4/sh7750_regnames.c97
-rw-r--r--hw/sh4/sh7750_regnames.h (renamed from hw/sh7750_regnames.h)0
-rw-r--r--hw/sh4/sh7750_regs.h (renamed from hw/sh7750_regs.h)0
-rw-r--r--hw/sh4/sh_pci.c198
-rw-r--r--hw/sh4/shix.c107
-rw-r--r--hw/sh7750.c838
-rw-r--r--hw/sh7750_regnames.c97
-rw-r--r--hw/sh_intc.c511
-rw-r--r--hw/sh_intc.h83
-rw-r--r--hw/sh_pci.c186
-rw-r--r--hw/sh_serial.c408
-rw-r--r--hw/sh_timer.c333
-rw-r--r--hw/sharpsl.h17
-rw-r--r--hw/shix.c102
-rw-r--r--hw/shpc.c681
-rw-r--r--hw/shpc.h48
-rw-r--r--hw/slavio_intctl.c471
-rw-r--r--hw/slavio_misc.c508
-rw-r--r--hw/slavio_timer.c435
-rw-r--r--hw/slotid_cap.c44
-rw-r--r--hw/slotid_cap.h11
-rw-r--r--hw/sm501.c1447
-rw-r--r--hw/smbios.c241
-rw-r--r--hw/smbios.h162
-rw-r--r--hw/smbus.c335
-rw-r--r--hw/smbus.h83
-rw-r--r--hw/smbus_eeprom.c156
-rw-r--r--hw/smbus_ich9.c159
-rw-r--r--hw/smc91c111.c805
-rw-r--r--hw/soc_dma.c366
-rw-r--r--hw/soc_dma.h110
-rw-r--r--hw/spapr.c937
-rw-r--r--hw/spapr.h356
-rw-r--r--hw/spapr_events.c321
-rw-r--r--hw/spapr_hcall.c745
-rw-r--r--hw/spapr_iommu.c287
-rw-r--r--hw/spapr_llan.c523
-rw-r--r--hw/spapr_pci.c771
-rw-r--r--hw/spapr_pci.h86
-rw-r--r--hw/spapr_rtas.c332
-rw-r--r--hw/spapr_vio.c666
-rw-r--r--hw/spapr_vio.h136
-rw-r--r--hw/spapr_vscsi.c983
-rw-r--r--hw/spapr_vty.c221
-rw-r--r--hw/sparc/Makefile.objs9
-rw-r--r--hw/sparc/leon3.c227
-rw-r--r--hw/sparc/sun4m.c1506
-rw-r--r--hw/sparc32_dma.c315
-rw-r--r--hw/sparc32_dma.h12
-rw-r--r--hw/sparc64/Makefile.objs5
-rw-r--r--hw/sparc64/sun4u.c1028
-rw-r--r--hw/spitz.c1134
-rw-r--r--hw/ssd0303.c321
-rw-r--r--hw/ssd0323.c372
-rw-r--r--hw/ssi-sd.c274
-rw-r--r--hw/ssi.c174
-rw-r--r--hw/ssi.h93
-rw-r--r--hw/ssi/Makefile.objs6
-rw-r--r--hw/ssi/omap_spi.c373
-rw-r--r--hw/ssi/pl022.c313
-rw-r--r--hw/ssi/ssi.c174
-rw-r--r--hw/ssi/xilinx_spi.c391
-rw-r--r--hw/ssi/xilinx_spips.c772
-rw-r--r--hw/stellaris.c1399
-rw-r--r--hw/stellaris_enet.c449
-rw-r--r--hw/stellaris_input.c89
-rw-r--r--hw/stream.c23
-rw-r--r--hw/stream.h31
-rw-r--r--hw/strongarm.c1622
-rw-r--r--hw/strongarm.h68
-rw-r--r--hw/sun4c_intctl.c208
-rw-r--r--hw/sun4m.c1927
-rw-r--r--hw/sun4m.h36
-rw-r--r--hw/sun4m_iommu.c388
-rw-r--r--hw/sun4u.c1012
-rw-r--r--hw/sysbus.c297
-rw-r--r--hw/sysbus.h89
-rw-r--r--hw/tc58128.c178
-rw-r--r--hw/tc6393xb.c587
-rw-r--r--hw/tc6393xb_template.h67
-rw-r--r--hw/tcx.c730
-rw-r--r--hw/timer/Makefile.objs29
-rw-r--r--hw/timer/arm_mptimer.c316
-rw-r--r--hw/timer/arm_timer.c411
-rw-r--r--hw/timer/cadence_ttc.c495
-rw-r--r--hw/timer/ds1338.c236
-rw-r--r--hw/timer/etraxfs_timer.c357
-rw-r--r--hw/timer/exynos4210_mct.c1486
-rw-r--r--hw/timer/exynos4210_pwm.c426
-rw-r--r--hw/timer/exynos4210_rtc.c596
-rw-r--r--hw/timer/grlib_gptimer.c410
-rw-r--r--hw/timer/hpet.c773
-rw-r--r--hw/timer/i8254.c377
-rw-r--r--hw/timer/i8254_common.c302
-rw-r--r--hw/timer/imx_epit.c432
-rw-r--r--hw/timer/imx_gpt.c557
-rw-r--r--hw/timer/lm32_timer.c235
-rw-r--r--hw/timer/m48t59.c795
-rw-r--r--hw/timer/mc146818rtc.c924
-rw-r--r--hw/timer/milkymist-sysctl.c342
-rw-r--r--hw/timer/omap_gptimer.c488
-rw-r--r--hw/timer/omap_synctimer.c102
-rw-r--r--hw/timer/pl031.c269
-rw-r--r--hw/timer/puv3_ost.c155
-rw-r--r--hw/timer/pxa2xx_timer.c599
-rw-r--r--hw/timer/sh_timer.c333
-rw-r--r--hw/timer/slavio_timer.c440
-rw-r--r--hw/timer/tusb6010.c819
-rw-r--r--hw/timer/twl92230.c882
-rw-r--r--hw/timer/xilinx_timer.c260
-rw-r--r--hw/tmp105.c253
-rw-r--r--hw/tosa.c301
-rw-r--r--hw/tpm/Makefile.objs2
-rw-r--r--hw/tpm/tpm_int.h67
-rw-r--r--hw/tpm/tpm_passthrough.c552
-rw-r--r--hw/tpm/tpm_tis.c931
-rw-r--r--hw/tpm/tpm_tis.h75
-rw-r--r--hw/tsc2005.c593
-rw-r--r--hw/tsc210x.c1293
-rw-r--r--hw/tusb6010.c813
-rw-r--r--hw/twl92230.c882
-rw-r--r--hw/unicore32/Makefile.objs2
-rw-r--r--hw/unicore32/puv3.c139
-rw-r--r--hw/unin_pci.c492
-rw-r--r--hw/usb.h547
-rw-r--r--hw/usb/Makefile.objs38
-rw-r--r--hw/usb/bus.c58
-rw-r--r--hw/usb/ccid-card-emulated.c612
-rw-r--r--hw/usb/ccid-card-passthru.c413
-rw-r--r--hw/usb/ccid.h65
-rw-r--r--hw/usb/combined-packet.c2
-rw-r--r--hw/usb/core.c43
-rw-r--r--hw/usb/desc.c17
-rw-r--r--hw/usb/dev-audio.c4
-rw-r--r--hw/usb/dev-bluetooth.c7
-rw-r--r--hw/usb/dev-hid.c113
-rw-r--r--hw/usb/dev-hub.c23
-rw-r--r--hw/usb/dev-network.c36
-rw-r--r--hw/usb/dev-serial.c21
-rw-r--r--hw/usb/dev-smartcard-reader.c258
-rw-r--r--hw/usb/dev-storage.c131
-rw-r--r--hw/usb/dev-uas.c260
-rw-r--r--hw/usb/dev-wacom.c9
-rw-r--r--hw/usb/hcd-ehci-pci.c70
-rw-r--r--hw/usb/hcd-ehci-sysbus.c179
-rw-r--r--hw/usb/hcd-ehci.c481
-rw-r--r--hw/usb/hcd-ehci.h85
-rw-r--r--hw/usb/hcd-musb.c4
-rw-r--r--hw/usb/hcd-ohci.c286
-rw-r--r--hw/usb/hcd-uhci.c217
-rw-r--r--hw/usb/hcd-xhci.c784
-rw-r--r--hw/usb/host-bsd.c13
-rw-r--r--hw/usb/host-legacy.c144
-rw-r--r--hw/usb/host-libusb.c1528
-rw-r--r--hw/usb/host-linux.c157
-rw-r--r--hw/usb/host-stub.c11
-rw-r--r--hw/usb/host.h44
-rw-r--r--hw/usb/libhw.c8
-rw-r--r--hw/usb/quirks-ftdi-ids.h1255
-rw-r--r--hw/usb/quirks-pl2303-ids.h150
-rw-r--r--hw/usb/quirks.c53
-rw-r--r--hw/usb/quirks.h910
-rw-r--r--hw/usb/redirect.c525
-rw-r--r--hw/versatile_i2c.c107
-rw-r--r--hw/versatile_pci.c164
-rw-r--r--hw/versatilepb.c401
-rw-r--r--hw/vexpress.c498
-rw-r--r--hw/vfio_pci.c2115
-rw-r--r--hw/vga-isa-mm.c143
-rw-r--r--hw/vga-isa.c101
-rw-r--r--hw/vga-pci.c215
-rw-r--r--hw/vga.c2450
-rw-r--r--hw/vga_int.h214
-rw-r--r--hw/vhost.c964
-rw-r--r--hw/vhost.h56
-rw-r--r--hw/vhost_net.c237
-rw-r--r--hw/vhost_net.h20
-rw-r--r--hw/virtex_ml507.c274
-rw-r--r--hw/virtio-balloon.c274
-rw-r--r--hw/virtio-balloon.h55
-rw-r--r--hw/virtio-blk.c658
-rw-r--r--hw/virtio-blk.h114
-rw-r--r--hw/virtio-console.c182
-rw-r--r--hw/virtio-net.c1103
-rw-r--r--hw/virtio-net.h190
-rw-r--r--hw/virtio-pci.c1131
-rw-r--r--hw/virtio-pci.h62
-rw-r--r--hw/virtio-rng.c205
-rw-r--r--hw/virtio-rng.h28
-rw-r--r--hw/virtio-scsi.c744
-rw-r--r--hw/virtio-scsi.h43
-rw-r--r--hw/virtio-serial-bus.c1045
-rw-r--r--hw/virtio-serial.h208
-rw-r--r--hw/virtio.c1058
-rw-r--r--hw/virtio.h247
-rw-r--r--hw/virtio/Makefile.objs8
-rw-r--r--hw/virtio/dataplane/Makefile.objs1
-rw-r--r--hw/virtio/dataplane/hostmem.c183
-rw-r--r--hw/virtio/dataplane/vring.c366
-rw-r--r--hw/virtio/vhost.c1072
-rw-r--r--hw/virtio/virtio-balloon.c414
-rw-r--r--hw/virtio/virtio-bus.c190
-rw-r--r--hw/virtio/virtio-mmio.c425
-rw-r--r--hw/virtio/virtio-pci.c1562
-rw-r--r--hw/virtio/virtio-pci.h206
-rw-r--r--hw/virtio/virtio-rng.c236
-rw-r--r--hw/virtio/virtio.c1199
-rw-r--r--hw/vmmouse.c302
-rw-r--r--hw/vmport.c170
-rw-r--r--hw/vmware_vga.c1259
-rw-r--r--hw/vt82c686.c559
-rw-r--r--hw/vt82c686.h11
-rw-r--r--hw/watchdog.c147
-rw-r--r--hw/watchdog.h43
-rw-r--r--hw/watchdog/Makefile.objs3
-rw-r--r--hw/watchdog/watchdog.c146
-rw-r--r--hw/watchdog/wdt_i6300esb.c470
-rw-r--r--hw/watchdog/wdt_ib700.c156
-rw-r--r--hw/wdt_i6300esb.c455
-rw-r--r--hw/wdt_ib700.c145
-rw-r--r--hw/wm8750.c716
-rw-r--r--hw/xen-host-pci-device.h55
-rw-r--r--hw/xen.h62
-rw-r--r--hw/xen/Makefile.objs6
-rw-r--r--hw/xen/xen-host-pci-device.c (renamed from hw/xen-host-pci-device.c)0
-rw-r--r--hw/xen/xen-host-pci-device.h55
-rw-r--r--hw/xen/xen_apic.c95
-rw-r--r--hw/xen/xen_backend.c800
-rw-r--r--hw/xen/xen_devconfig.c174
-rw-r--r--hw/xen/xen_platform.c449
-rw-r--r--hw/xen/xen_pt.c850
-rw-r--r--hw/xen/xen_pt.h302
-rw-r--r--hw/xen/xen_pt_config_init.c1882
-rw-r--r--hw/xen/xen_pt_msi.c621
-rw-r--r--hw/xen/xen_pvdevice.c131
-rw-r--r--hw/xen_apic.c95
-rw-r--r--hw/xen_backend.c787
-rw-r--r--hw/xen_backend.h108
-rw-r--r--hw/xen_common.h160
-rw-r--r--hw/xen_console.c281
-rw-r--r--hw/xen_devconfig.c174
-rw-r--r--hw/xen_disk.c805
-rw-r--r--hw/xen_domainbuild.c299
-rw-r--r--hw/xen_domainbuild.h13
-rw-r--r--hw/xen_machine_pv.c125
-rw-r--r--hw/xen_nic.c439
-rw-r--r--hw/xen_platform.c436
-rw-r--r--hw/xen_pt.c843
-rw-r--r--hw/xen_pt.h302
-rw-r--r--hw/xen_pt_config_init.c1882
-rw-r--r--hw/xen_pt_msi.c620
-rw-r--r--hw/xenfb.c1025
-rw-r--r--hw/xgmac.c433
-rw-r--r--hw/xics.c573
-rw-r--r--hw/xics.h39
-rw-r--r--hw/xilinx.h92
-rw-r--r--hw/xilinx_axidma.c524
-rw-r--r--hw/xilinx_axienet.c910
-rw-r--r--hw/xilinx_ethlite.c258
-rw-r--r--hw/xilinx_intc.c190
-rw-r--r--hw/xilinx_spi.c385
-rw-r--r--hw/xilinx_spips.c575
-rw-r--r--hw/xilinx_timer.c255
-rw-r--r--hw/xilinx_uartlite.c234
-rw-r--r--hw/xilinx_zynq.c213
-rw-r--r--hw/xio3130_downstream.c217
-rw-r--r--hw/xio3130_downstream.h11
-rw-r--r--hw/xio3130_upstream.c192
-rw-r--r--hw/xio3130_upstream.h10
-rw-r--r--hw/xtensa/Makefile.objs4
-rw-r--r--hw/xtensa/pic_cpu.c166
-rw-r--r--hw/xtensa/xtensa_bootparam.h (renamed from hw/xtensa_bootparam.h)0
-rw-r--r--hw/xtensa/xtensa_lx60.c317
-rw-r--r--hw/xtensa/xtensa_sim.c119
-rw-r--r--hw/xtensa_lx60.c312
-rw-r--r--hw/xtensa_pic.c164
-rw-r--r--hw/xtensa_sim.c116
-rw-r--r--hw/z2.c383
-rw-r--r--hw/zaurus.c292
-rw-r--r--hw/zynq_slcr.c535
1269 files changed, 280261 insertions, 258573 deletions
diff --git a/hw/9p.h b/hw/9p.h
deleted file mode 100644
index d9951d6bc..000000000
--- a/hw/9p.h
+++ /dev/null
@@ -1,24 +0,0 @@
-/*
- * Virtio 9p
- *
- * Copyright IBM, Corp. 2010
- *
- * Authors:
- * Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com>
- *
- * This work is licensed under the terms of the GNU GPL, version 2. See
- * the COPYING file in the top-level directory.
- *
- */
-
-#ifndef QEMU_9P_H
-#define QEMU_9P_H
-
-typedef struct V9fsConf
-{
- /* tag name for the device */
- char *tag;
- char *fsdev_id;
-} V9fsConf;
-
-#endif
diff --git a/hw/9pfs/codir.c b/hw/9pfs/codir.c
index 3d188284b..65ad3298b 100644
--- a/hw/9pfs/codir.c
+++ b/hw/9pfs/codir.c
@@ -13,8 +13,8 @@
*/
#include "fsdev/qemu-fsdev.h"
-#include "qemu-thread.h"
-#include "qemu-coroutine.h"
+#include "qemu/thread.h"
+#include "block/coroutine.h"
#include "virtio-9p-coth.h"
int v9fs_co_readdir_r(V9fsPDU *pdu, V9fsFidState *fidp, struct dirent *dent,
diff --git a/hw/9pfs/cofile.c b/hw/9pfs/cofile.c
index 9345aaeb2..194c1306c 100644
--- a/hw/9pfs/cofile.c
+++ b/hw/9pfs/cofile.c
@@ -13,8 +13,8 @@
*/
#include "fsdev/qemu-fsdev.h"
-#include "qemu-thread.h"
-#include "qemu-coroutine.h"
+#include "qemu/thread.h"
+#include "block/coroutine.h"
#include "virtio-9p-coth.h"
int v9fs_co_st_gen(V9fsPDU *pdu, V9fsPath *path, mode_t st_mode,
@@ -38,6 +38,10 @@ int v9fs_co_st_gen(V9fsPDU *pdu, V9fsPath *path, mode_t st_mode,
});
v9fs_path_unlock(s);
}
+ /* The ioctl may not be supported depending on the path */
+ if (err == -ENOTTY) {
+ err = 0;
+ }
return err;
}
diff --git a/hw/9pfs/cofs.c b/hw/9pfs/cofs.c
index 83f125bd4..389105074 100644
--- a/hw/9pfs/cofs.c
+++ b/hw/9pfs/cofs.c
@@ -13,8 +13,8 @@
*/
#include "fsdev/qemu-fsdev.h"
-#include "qemu-thread.h"
-#include "qemu-coroutine.h"
+#include "qemu/thread.h"
+#include "block/coroutine.h"
#include "virtio-9p-coth.h"
int v9fs_co_readlink(V9fsPDU *pdu, V9fsPath *path, V9fsString *buf)
diff --git a/hw/9pfs/coxattr.c b/hw/9pfs/coxattr.c
index 8a4822870..18ee08df0 100644
--- a/hw/9pfs/coxattr.c
+++ b/hw/9pfs/coxattr.c
@@ -13,8 +13,8 @@
*/
#include "fsdev/qemu-fsdev.h"
-#include "qemu-thread.h"
-#include "qemu-coroutine.h"
+#include "qemu/thread.h"
+#include "block/coroutine.h"
#include "virtio-9p-coth.h"
int v9fs_co_llistxattr(V9fsPDU *pdu, V9fsPath *path, void *value, size_t size)
diff --git a/hw/9pfs/virtio-9p-coth.c b/hw/9pfs/virtio-9p-coth.c
index 25556cc6a..ae6cde800 100644
--- a/hw/9pfs/virtio-9p-coth.c
+++ b/hw/9pfs/virtio-9p-coth.c
@@ -12,10 +12,9 @@
*
*/
-#include "qemu-char.h"
#include "fsdev/qemu-fsdev.h"
-#include "qemu-thread.h"
-#include "qemu-coroutine.h"
+#include "qemu/thread.h"
+#include "block/coroutine.h"
#include "virtio-9p-coth.h"
/* v9fs glib thread pool */
diff --git a/hw/9pfs/virtio-9p-coth.h b/hw/9pfs/virtio-9p-coth.h
index c31c96578..86d5ed416 100644
--- a/hw/9pfs/virtio-9p-coth.h
+++ b/hw/9pfs/virtio-9p-coth.h
@@ -15,8 +15,8 @@
#ifndef _QEMU_VIRTIO_9P_COTH_H
#define _QEMU_VIRTIO_9P_COTH_H
-#include "qemu-thread.h"
-#include "qemu-coroutine.h"
+#include "qemu/thread.h"
+#include "block/coroutine.h"
#include "virtio-9p.h"
#include <glib.h>
diff --git a/hw/9pfs/virtio-9p-device.c b/hw/9pfs/virtio-9p-device.c
index b8220abae..f0ffbe8c0 100644
--- a/hw/9pfs/virtio-9p-device.c
+++ b/hw/9pfs/virtio-9p-device.c
@@ -11,10 +11,10 @@
*
*/
-#include "hw/virtio.h"
-#include "hw/pc.h"
-#include "qemu_socket.h"
-#include "hw/virtio-pci.h"
+#include "hw/virtio/virtio.h"
+#include "hw/virtio/virtio-9p.h"
+#include "hw/i386/pc.h"
+#include "qemu/sockets.h"
#include "virtio-9p.h"
#include "fsdev/qemu-fsdev.h"
#include "virtio-9p-xattr.h"
@@ -26,16 +26,11 @@ static uint32_t virtio_9p_get_features(VirtIODevice *vdev, uint32_t features)
return features;
}
-static V9fsState *to_virtio_9p(VirtIODevice *vdev)
-{
- return (V9fsState *)vdev;
-}
-
static void virtio_9p_get_config(VirtIODevice *vdev, uint8_t *config)
{
int len;
struct virtio_9p_config *cfg;
- V9fsState *s = to_virtio_9p(vdev);
+ V9fsState *s = VIRTIO_9P(vdev);
len = strlen(s->tag);
cfg = g_malloc0(sizeof(struct virtio_9p_config) + len);
@@ -46,19 +41,17 @@ static void virtio_9p_get_config(VirtIODevice *vdev, uint8_t *config)
g_free(cfg);
}
-VirtIODevice *virtio_9p_init(DeviceState *dev, V9fsConf *conf)
+static int virtio_9p_device_init(VirtIODevice *vdev)
{
- V9fsState *s;
+ V9fsState *s = VIRTIO_9P(vdev);
int i, len;
struct stat stat;
FsDriverEntry *fse;
V9fsPath path;
- s = (V9fsState *)virtio_common_init("virtio-9p",
- VIRTIO_ID_9P,
- sizeof(struct virtio_9p_config)+
- MAX_TAG_LEN,
- sizeof(V9fsState));
+ virtio_init(VIRTIO_DEVICE(s), "virtio-9p", VIRTIO_ID_9P,
+ sizeof(struct virtio_9p_config) + MAX_TAG_LEN);
+
/* initialize pdu allocator */
QLIST_INIT(&s->free_list);
QLIST_INIT(&s->active_list);
@@ -66,56 +59,53 @@ VirtIODevice *virtio_9p_init(DeviceState *dev, V9fsConf *conf)
QLIST_INSERT_HEAD(&s->free_list, &s->pdus[i], next);
}
- s->vq = virtio_add_queue(&s->vdev, MAX_REQ, handle_9p_output);
+ s->vq = virtio_add_queue(vdev, MAX_REQ, handle_9p_output);
- fse = get_fsdev_fsentry(conf->fsdev_id);
+ v9fs_path_init(&path);
+
+ fse = get_fsdev_fsentry(s->fsconf.fsdev_id);
if (!fse) {
/* We don't have a fsdev identified by fsdev_id */
fprintf(stderr, "Virtio-9p device couldn't find fsdev with the "
- "id = %s\n", conf->fsdev_id ? conf->fsdev_id : "NULL");
- exit(1);
+ "id = %s\n",
+ s->fsconf.fsdev_id ? s->fsconf.fsdev_id : "NULL");
+ goto out;
}
- if (!conf->tag) {
+ if (!s->fsconf.tag) {
/* we haven't specified a mount_tag */
fprintf(stderr, "fsdev with id %s needs mount_tag arguments\n",
- conf->fsdev_id);
- exit(1);
+ s->fsconf.fsdev_id);
+ goto out;
}
s->ctx.export_flags = fse->export_flags;
- if (fse->path) {
- s->ctx.fs_root = g_strdup(fse->path);
- } else {
- s->ctx.fs_root = NULL;
- }
+ s->ctx.fs_root = g_strdup(fse->path);
s->ctx.exops.get_st_gen = NULL;
- len = strlen(conf->tag);
+ len = strlen(s->fsconf.tag);
if (len > MAX_TAG_LEN - 1) {
fprintf(stderr, "mount tag '%s' (%d bytes) is longer than "
- "maximum (%d bytes)", conf->tag, len, MAX_TAG_LEN - 1);
- exit(1);
+ "maximum (%d bytes)", s->fsconf.tag, len, MAX_TAG_LEN - 1);
+ goto out;
}
- s->tag = strdup(conf->tag);
+ s->tag = g_strdup(s->fsconf.tag);
s->ctx.uid = -1;
s->ops = fse->ops;
- s->vdev.get_features = virtio_9p_get_features;
s->config_size = sizeof(struct virtio_9p_config) + len;
- s->vdev.get_config = virtio_9p_get_config;
s->fid_list = NULL;
qemu_co_rwlock_init(&s->rename_lock);
if (s->ops->init(&s->ctx) < 0) {
fprintf(stderr, "Virtio-9p Failed to initialize fs-driver with id:%s"
- " and export path:%s\n", conf->fsdev_id, s->ctx.fs_root);
- exit(1);
+ " and export path:%s\n", s->fsconf.fsdev_id, s->ctx.fs_root);
+ goto out;
}
if (v9fs_init_worker_threads() < 0) {
fprintf(stderr, "worker thread initialization failed\n");
- exit(1);
+ goto out;
}
/*
@@ -123,71 +113,59 @@ VirtIODevice *virtio_9p_init(DeviceState *dev, V9fsConf *conf)
* call back to do that. Since we are in the init path, we don't
* use co-routines here.
*/
- v9fs_path_init(&path);
if (s->ops->name_to_path(&s->ctx, NULL, "/", &path) < 0) {
fprintf(stderr,
"error in converting name to path %s", strerror(errno));
- exit(1);
+ goto out;
}
if (s->ops->lstat(&s->ctx, &path, &stat)) {
fprintf(stderr, "share path %s does not exist\n", fse->path);
- exit(1);
+ goto out;
} else if (!S_ISDIR(stat.st_mode)) {
fprintf(stderr, "share path %s is not a directory\n", fse->path);
- exit(1);
+ goto out;
}
v9fs_path_free(&path);
- return &s->vdev;
-}
-
-static int virtio_9p_init_pci(PCIDevice *pci_dev)
-{
- VirtIOPCIProxy *proxy = DO_UPCAST(VirtIOPCIProxy, pci_dev, pci_dev);
- VirtIODevice *vdev;
-
- vdev = virtio_9p_init(&pci_dev->qdev, &proxy->fsconf);
- vdev->nvectors = proxy->nvectors;
- virtio_init_pci(proxy, vdev);
- /* make the actual value visible */
- proxy->nvectors = vdev->nvectors;
return 0;
+out:
+ g_free(s->ctx.fs_root);
+ g_free(s->tag);
+ virtio_cleanup(vdev);
+ v9fs_path_free(&path);
+
+ return -1;
+
}
+/* virtio-9p device */
+
static Property virtio_9p_properties[] = {
- DEFINE_PROP_BIT("ioeventfd", VirtIOPCIProxy, flags, VIRTIO_PCI_FLAG_USE_IOEVENTFD_BIT, true),
- DEFINE_PROP_UINT32("vectors", VirtIOPCIProxy, nvectors, 2),
- DEFINE_VIRTIO_COMMON_FEATURES(VirtIOPCIProxy, host_features),
- DEFINE_PROP_STRING("mount_tag", VirtIOPCIProxy, fsconf.tag),
- DEFINE_PROP_STRING("fsdev", VirtIOPCIProxy, fsconf.fsdev_id),
+ DEFINE_VIRTIO_9P_PROPERTIES(V9fsState, fsconf),
DEFINE_PROP_END_OF_LIST(),
};
static void virtio_9p_class_init(ObjectClass *klass, void *data)
{
DeviceClass *dc = DEVICE_CLASS(klass);
- PCIDeviceClass *k = PCI_DEVICE_CLASS(klass);
-
- k->init = virtio_9p_init_pci;
- k->vendor_id = PCI_VENDOR_ID_REDHAT_QUMRANET;
- k->device_id = 0x1009;
- k->revision = VIRTIO_PCI_ABI_VERSION;
- k->class_id = 0x2;
+ VirtioDeviceClass *vdc = VIRTIO_DEVICE_CLASS(klass);
dc->props = virtio_9p_properties;
- dc->reset = virtio_pci_reset;
+ set_bit(DEVICE_CATEGORY_STORAGE, dc->categories);
+ vdc->init = virtio_9p_device_init;
+ vdc->get_features = virtio_9p_get_features;
+ vdc->get_config = virtio_9p_get_config;
}
-static TypeInfo virtio_9p_info = {
- .name = "virtio-9p-pci",
- .parent = TYPE_PCI_DEVICE,
- .instance_size = sizeof(VirtIOPCIProxy),
- .class_init = virtio_9p_class_init,
+static const TypeInfo virtio_device_info = {
+ .name = TYPE_VIRTIO_9P,
+ .parent = TYPE_VIRTIO_DEVICE,
+ .instance_size = sizeof(V9fsState),
+ .class_init = virtio_9p_class_init,
};
static void virtio_9p_register_types(void)
{
- type_register_static(&virtio_9p_info);
- virtio_9p_set_fd_limit();
+ type_register_static(&virtio_device_info);
}
type_init(virtio_9p_register_types)
diff --git a/hw/9pfs/virtio-9p-handle.c b/hw/9pfs/virtio-9p-handle.c
index f96d17a97..fe8e0ed19 100644
--- a/hw/9pfs/virtio-9p-handle.c
+++ b/hw/9pfs/virtio-9p-handle.c
@@ -11,7 +11,7 @@
*
*/
-#include "hw/virtio.h"
+#include "hw/virtio/virtio.h"
#include "virtio-9p.h"
#include "virtio-9p-xattr.h"
#include <arpa/inet.h>
@@ -19,7 +19,7 @@
#include <grp.h>
#include <sys/socket.h>
#include <sys/un.h>
-#include "qemu-xattr.h"
+#include "qemu/xattr.h"
#include <unistd.h>
#include <linux/fs.h>
#ifdef CONFIG_LINUX_MAGIC_H
diff --git a/hw/9pfs/virtio-9p-local.c b/hw/9pfs/virtio-9p-local.c
index 33a41d2e1..fc93e9e6e 100644
--- a/hw/9pfs/virtio-9p-local.c
+++ b/hw/9pfs/virtio-9p-local.c
@@ -11,7 +11,7 @@
*
*/
-#include "hw/virtio.h"
+#include "hw/virtio/virtio.h"
#include "virtio-9p.h"
#include "virtio-9p-xattr.h"
#include <arpa/inet.h>
@@ -19,7 +19,7 @@
#include <grp.h>
#include <sys/socket.h>
#include <sys/un.h>
-#include "qemu-xattr.h"
+#include "qemu/xattr.h"
#include <libgen.h>
#include <linux/fs.h>
#ifdef CONFIG_LINUX_MAGIC_H
@@ -46,7 +46,7 @@ static const char *local_mapped_attr_path(FsContext *ctx,
const char *path, char *buffer)
{
char *dir_name;
- char *tmp_path = strdup(path);
+ char *tmp_path = g_strdup(path);
char *base_name = basename(tmp_path);
/* NULL terminate the directory */
@@ -55,10 +55,37 @@ static const char *local_mapped_attr_path(FsContext *ctx,
snprintf(buffer, PATH_MAX, "%s/%s/%s/%s",
ctx->fs_root, dir_name, VIRTFS_META_DIR, base_name);
- free(tmp_path);
+ g_free(tmp_path);
return buffer;
}
+static FILE *local_fopen(const char *path, const char *mode)
+{
+ int fd, o_mode = 0;
+ FILE *fp;
+ int flags = O_NOFOLLOW;
+ /*
+ * only supports two modes
+ */
+ if (mode[0] == 'r') {
+ flags |= O_RDONLY;
+ } else if (mode[0] == 'w') {
+ flags |= O_WRONLY | O_TRUNC | O_CREAT;
+ o_mode = S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP | S_IROTH | S_IWOTH;
+ } else {
+ return NULL;
+ }
+ fd = open(path, flags, o_mode);
+ if (fd == -1) {
+ return NULL;
+ }
+ fp = fdopen(fd, mode);
+ if (!fp) {
+ close(fd);
+ }
+ return fp;
+}
+
#define ATTR_MAX 100
static void local_mapped_file_attr(FsContext *ctx, const char *path,
struct stat *stbuf)
@@ -68,7 +95,7 @@ static void local_mapped_file_attr(FsContext *ctx, const char *path,
char attr_path[PATH_MAX];
local_mapped_attr_path(ctx, path, attr_path);
- fp = fopen(attr_path, "r");
+ fp = local_fopen(attr_path, "r");
if (!fp) {
return;
}
@@ -130,7 +157,7 @@ static int local_create_mapped_attr_dir(FsContext *ctx, const char *path)
{
int err;
char attr_dir[PATH_MAX];
- char *tmp_path = strdup(path);
+ char *tmp_path = g_strdup(path);
snprintf(attr_dir, PATH_MAX, "%s/%s/%s",
ctx->fs_root, dirname(tmp_path), VIRTFS_META_DIR);
@@ -139,7 +166,7 @@ static int local_create_mapped_attr_dir(FsContext *ctx, const char *path)
if (err < 0 && errno == EEXIST) {
err = 0;
}
- free(tmp_path);
+ g_free(tmp_path);
return err;
}
@@ -152,7 +179,7 @@ static int local_set_mapped_file_attr(FsContext *ctx,
char attr_path[PATH_MAX];
int uid = -1, gid = -1, mode = -1, rdev = -1;
- fp = fopen(local_mapped_attr_path(ctx, path, attr_path), "r");
+ fp = local_fopen(local_mapped_attr_path(ctx, path, attr_path), "r");
if (!fp) {
goto create_map_file;
}
@@ -179,7 +206,7 @@ create_map_file:
}
update_map_file:
- fp = fopen(attr_path, "w");
+ fp = local_fopen(attr_path, "w");
if (!fp) {
ret = -1;
goto err_out;
@@ -284,7 +311,7 @@ static ssize_t local_readlink(FsContext *fs_ctx, V9fsPath *fs_path,
if ((fs_ctx->export_flags & V9FS_SM_MAPPED) ||
(fs_ctx->export_flags & V9FS_SM_MAPPED_FILE)) {
int fd;
- fd = open(rpath(fs_ctx, path, buffer), O_RDONLY);
+ fd = open(rpath(fs_ctx, path, buffer), O_RDONLY | O_NOFOLLOW);
if (fd == -1) {
return -1;
}
@@ -316,7 +343,7 @@ static int local_open(FsContext *ctx, V9fsPath *fs_path,
char buffer[PATH_MAX];
char *path = fs_path->data;
- fs->fd = open(rpath(ctx, path, buffer), flags);
+ fs->fd = open(rpath(ctx, path, buffer), flags | O_NOFOLLOW);
return fs->fd;
}
@@ -601,6 +628,11 @@ static int local_open2(FsContext *fs_ctx, V9fsPath *dir_path, const char *name,
V9fsString fullname;
char buffer[PATH_MAX];
+ /*
+ * Mark all the open to not follow symlinks
+ */
+ flags |= O_NOFOLLOW;
+
v9fs_string_init(&fullname);
v9fs_string_sprintf(&fullname, "%s/%s", dir_path->data, name);
path = fullname.data;
@@ -676,8 +708,9 @@ static int local_symlink(FsContext *fs_ctx, const char *oldpath,
if (fs_ctx->export_flags & V9FS_SM_MAPPED) {
int fd;
ssize_t oldpath_size, write_size;
- fd = open(rpath(fs_ctx, newpath, buffer), O_CREAT|O_EXCL|O_RDWR,
- SM_LOCAL_MODE_BITS);
+ fd = open(rpath(fs_ctx, newpath, buffer),
+ O_CREAT|O_EXCL|O_RDWR|O_NOFOLLOW,
+ SM_LOCAL_MODE_BITS);
if (fd == -1) {
err = fd;
goto out;
@@ -705,7 +738,8 @@ static int local_symlink(FsContext *fs_ctx, const char *oldpath,
} else if (fs_ctx->export_flags & V9FS_SM_MAPPED_FILE) {
int fd;
ssize_t oldpath_size, write_size;
- fd = open(rpath(fs_ctx, newpath, buffer), O_CREAT|O_EXCL|O_RDWR,
+ fd = open(rpath(fs_ctx, newpath, buffer),
+ O_CREAT|O_EXCL|O_RDWR|O_NOFOLLOW,
SM_LOCAL_MODE_BITS);
if (fd == -1) {
err = fd;
@@ -878,7 +912,7 @@ static int local_remove(FsContext *ctx, const char *path)
* Now remove the name from parent directory
* .virtfs_metadata directory
*/
- err = remove(local_mapped_attr_path(ctx, path, buffer));;
+ err = remove(local_mapped_attr_path(ctx, path, buffer));
if (err < 0 && errno != ENOENT) {
/*
* We didn't had the .virtfs_metadata file. May be file created
diff --git a/hw/9pfs/virtio-9p-posix-acl.c b/hw/9pfs/virtio-9p-posix-acl.c
index c064017b1..339c5ecae 100644
--- a/hw/9pfs/virtio-9p-posix-acl.c
+++ b/hw/9pfs/virtio-9p-posix-acl.c
@@ -12,8 +12,8 @@
*/
#include <sys/types.h>
-#include "qemu-xattr.h"
-#include "hw/virtio.h"
+#include "qemu/xattr.h"
+#include "hw/virtio/virtio.h"
#include "virtio-9p.h"
#include "fsdev/file-op-9p.h"
#include "virtio-9p-xattr.h"
diff --git a/hw/9pfs/virtio-9p-proxy.c b/hw/9pfs/virtio-9p-proxy.c
index d5ad208d0..5f44bb758 100644
--- a/hw/9pfs/virtio-9p-proxy.c
+++ b/hw/9pfs/virtio-9p-proxy.c
@@ -11,8 +11,9 @@
*/
#include <sys/socket.h>
#include <sys/un.h>
-#include "hw/virtio.h"
+#include "hw/virtio/virtio.h"
#include "virtio-9p.h"
+#include "qemu/error-report.h"
#include "fsdev/qemu-fsdev.h"
#include "virtio-9p-proxy.h"
@@ -521,7 +522,7 @@ static int v9fs_request(V9fsProxy *proxy, int type,
}
break;
default:
- error_report("Invalid type %d\n", type);
+ error_report("Invalid type %d", type);
retval = -EINVAL;
break;
}
@@ -1152,10 +1153,12 @@ static int proxy_init(FsContext *ctx)
sock_id = atoi(ctx->fs_root);
if (sock_id < 0) {
fprintf(stderr, "socket descriptor not initialized\n");
+ g_free(proxy);
return -1;
}
}
g_free(ctx->fs_root);
+ ctx->fs_root = NULL;
proxy->in_iovec.iov_base = g_malloc(PROXY_MAX_IO_SZ + PROXY_HDR_SZ);
proxy->in_iovec.iov_len = PROXY_MAX_IO_SZ + PROXY_HDR_SZ;
diff --git a/hw/9pfs/virtio-9p-synth.c b/hw/9pfs/virtio-9p-synth.c
index e95a856d2..840e4ebb5 100644
--- a/hw/9pfs/virtio-9p-synth.c
+++ b/hw/9pfs/virtio-9p-synth.c
@@ -12,7 +12,7 @@
*
*/
-#include "hw/virtio.h"
+#include "hw/virtio/virtio.h"
#include "virtio-9p.h"
#include "virtio-9p-xattr.h"
#include "fsdev/qemu-fsdev.h"
diff --git a/hw/9pfs/virtio-9p-synth.h b/hw/9pfs/virtio-9p-synth.h
index e03f43463..ab05a8e78 100644
--- a/hw/9pfs/virtio-9p-synth.h
+++ b/hw/9pfs/virtio-9p-synth.h
@@ -10,6 +10,8 @@
* the COPYING file in the top-level directory.
*
*/
+#ifndef HW_9PFS_VIRTIO9P_SYNTH_H
+#define HW_9PFS_VIRTIO9P_SYNTH_H 1
#include <unistd.h>
#include <sys/types.h>
@@ -48,3 +50,5 @@ extern int qemu_v9fs_synth_mkdir(V9fsSynthNode *parent, int mode,
extern int qemu_v9fs_synth_add_file(V9fsSynthNode *parent, int mode,
const char *name, v9fs_synth_read read,
v9fs_synth_write write, void *arg);
+
+#endif
diff --git a/hw/9pfs/virtio-9p-xattr-user.c b/hw/9pfs/virtio-9p-xattr-user.c
index 5bb602007..e0c92ebf9 100644
--- a/hw/9pfs/virtio-9p-xattr-user.c
+++ b/hw/9pfs/virtio-9p-xattr-user.c
@@ -12,7 +12,7 @@
*/
#include <sys/types.h>
-#include "hw/virtio.h"
+#include "hw/virtio/virtio.h"
#include "virtio-9p.h"
#include "fsdev/file-op-9p.h"
#include "virtio-9p-xattr.h"
diff --git a/hw/9pfs/virtio-9p-xattr.c b/hw/9pfs/virtio-9p-xattr.c
index a83960676..90ae565c1 100644
--- a/hw/9pfs/virtio-9p-xattr.c
+++ b/hw/9pfs/virtio-9p-xattr.c
@@ -11,7 +11,7 @@
*
*/
-#include "hw/virtio.h"
+#include "hw/virtio/virtio.h"
#include "virtio-9p.h"
#include "fsdev/file-op-9p.h"
#include "virtio-9p-xattr.h"
diff --git a/hw/9pfs/virtio-9p-xattr.h b/hw/9pfs/virtio-9p-xattr.h
index 9437280c9..41cc6cbc7 100644
--- a/hw/9pfs/virtio-9p-xattr.h
+++ b/hw/9pfs/virtio-9p-xattr.h
@@ -13,7 +13,7 @@
#ifndef _QEMU_VIRTIO_9P_XATTR_H
#define _QEMU_VIRTIO_9P_XATTR_H
-#include "qemu-xattr.h"
+#include "qemu/xattr.h"
typedef struct xattr_operations
{
diff --git a/hw/9pfs/virtio-9p.c b/hw/9pfs/virtio-9p.c
index 8b9cdc96e..8cbb8ae32 100644
--- a/hw/9pfs/virtio-9p.c
+++ b/hw/9pfs/virtio-9p.c
@@ -11,16 +11,15 @@
*
*/
-#include "hw/virtio.h"
-#include "hw/pc.h"
-#include "qemu_socket.h"
-#include "hw/virtio-pci.h"
+#include "hw/virtio/virtio.h"
+#include "hw/i386/pc.h"
+#include "qemu/sockets.h"
#include "virtio-9p.h"
#include "fsdev/qemu-fsdev.h"
#include "virtio-9p-xattr.h"
#include "virtio-9p-coth.h"
#include "trace.h"
-#include "migration.h"
+#include "migration/migration.h"
int open_fd_hw;
int total_open_fd;
@@ -327,7 +326,7 @@ static int free_fid(V9fsPDU *pdu, V9fsFidState *fidp)
return retval;
}
-static void put_fid(V9fsPDU *pdu, V9fsFidState *fidp)
+static int put_fid(V9fsPDU *pdu, V9fsFidState *fidp)
{
BUG_ON(!fidp->ref);
fidp->ref--;
@@ -348,8 +347,9 @@ static void put_fid(V9fsPDU *pdu, V9fsFidState *fidp)
pdu->s->migration_blocker = NULL;
}
}
- free_fid(pdu, fidp);
+ return free_fid(pdu, fidp);
}
+ return 0;
}
static V9fsFidState *clunk_fid(V9fsState *s, int32_t fid)
@@ -631,7 +631,7 @@ static void complete_pdu(V9fsState *s, V9fsPDU *pdu, ssize_t len)
virtqueue_push(s->vq, &pdu->elem, len);
/* FIXME: we should batch these completions */
- virtio_notify(&s->vdev, s->vq);
+ virtio_notify(VIRTIO_DEVICE(s), s->vq);
/* Now wakeup anybody waiting in flush for this request */
qemu_co_queue_next(&pdu->complete);
@@ -658,7 +658,7 @@ static mode_t v9mode_to_mode(uint32_t mode, V9fsString *extension)
ret |= S_IFIFO;
}
if (mode & P9_STAT_MODE_DEVICE) {
- if (extension && extension->data[0] == 'c') {
+ if (extension->size && extension->data[0] == 'c') {
ret |= S_IFCHR;
} else {
ret |= S_IFBLK;
@@ -1537,9 +1537,10 @@ static void v9fs_clunk(void *opaque)
* free the fid.
*/
fidp->ref++;
- err = offset;
-
- put_fid(pdu, fidp);
+ err = put_fid(pdu, fidp);
+ if (!err) {
+ err = offset;
+ }
out_nofid:
complete_pdu(s, pdu, err);
}
@@ -3101,11 +3102,7 @@ static void v9fs_xattrcreate(void *opaque)
xattr_fidp->fs.xattr.flags = flags;
v9fs_string_init(&xattr_fidp->fs.xattr.name);
v9fs_string_copy(&xattr_fidp->fs.xattr.name, &name);
- if (size) {
- xattr_fidp->fs.xattr.value = g_malloc(size);
- } else {
- xattr_fidp->fs.xattr.value = NULL;
- }
+ xattr_fidp->fs.xattr.value = g_malloc(size);
err = offset;
put_fid(pdu, file_fidp);
out_nofid:
@@ -3271,7 +3268,7 @@ void handle_9p_output(VirtIODevice *vdev, VirtQueue *vq)
free_pdu(s, pdu);
}
-void virtio_9p_set_fd_limit(void)
+static void __attribute__((__constructor__)) virtio_9p_set_fd_limit(void)
{
struct rlimit rlim;
if (getrlimit(RLIMIT_NOFILE, &rlim) < 0) {
diff --git a/hw/9pfs/virtio-9p.h b/hw/9pfs/virtio-9p.h
index 579794404..1d6eedb7d 100644
--- a/hw/9pfs/virtio-9p.h
+++ b/hw/9pfs/virtio-9p.h
@@ -6,12 +6,11 @@
#include <sys/time.h>
#include <utime.h>
#include <sys/resource.h>
-#include "hw/virtio.h"
+#include "hw/virtio/virtio.h"
#include "fsdev/file-op-9p.h"
#include "fsdev/virtio-9p-marshal.h"
-#include "qemu-thread.h"
-#include "qemu-coroutine.h"
-
+#include "qemu/thread.h"
+#include "block/coroutine.h"
/* The feature bitmap for virtio 9P */
/* The mount point is specified in a config variable */
@@ -206,7 +205,7 @@ struct V9fsFidState
typedef struct V9fsState
{
- VirtIODevice vdev;
+ VirtIODevice parent_obj;
VirtQueue *vq;
V9fsPDU pdus[MAX_REQ];
QLIST_HEAD(, V9fsPDU) free_list;
@@ -225,6 +224,7 @@ typedef struct V9fsState
CoRwlock rename_lock;
int32_t root_fid;
Error *migration_blocker;
+ V9fsConf fsconf;
} V9fsState;
typedef struct V9fsStatState {
@@ -389,7 +389,6 @@ static inline uint8_t v9fs_request_cancelled(V9fsPDU *pdu)
}
extern void handle_9p_output(VirtIODevice *vdev, VirtQueue *vq);
-extern void virtio_9p_set_fd_limit(void);
extern void v9fs_reclaim_fd(V9fsPDU *pdu);
extern void v9fs_path_init(V9fsPath *path);
extern void v9fs_path_free(V9fsPath *path);
@@ -402,4 +401,12 @@ extern int v9fs_name_to_path(V9fsState *s, V9fsPath *dirpath,
#define pdu_unmarshal(pdu, offset, fmt, args...) \
v9fs_unmarshal(pdu->elem.out_sg, pdu->elem.out_num, offset, 1, fmt, ##args)
+#define TYPE_VIRTIO_9P "virtio-9p-device"
+#define VIRTIO_9P(obj) \
+ OBJECT_CHECK(V9fsState, (obj), TYPE_VIRTIO_9P)
+
+#define DEFINE_VIRTIO_9P_PROPERTIES(_state, _field) \
+ DEFINE_PROP_STRING("mount_tag", _state, _field.tag), \
+ DEFINE_PROP_STRING("fsdev", _state, _field.fsdev_id)
+
#endif
diff --git a/hw/Makefile.objs b/hw/Makefile.objs
index d581d8d6d..0243d6aa0 100644
--- a/hw/Makefile.objs
+++ b/hw/Makefile.objs
@@ -1,211 +1,32 @@
-common-obj-y = usb/ ide/
-common-obj-y += loader.o
-common-obj-$(CONFIG_VIRTIO) += virtio-console.o
-common-obj-$(CONFIG_VIRTIO) += virtio-rng.o
-common-obj-$(CONFIG_VIRTIO_PCI) += virtio-pci.o
-common-obj-y += fw_cfg.o
-common-obj-$(CONFIG_PCI) += pci.o pci_bridge.o pci_bridge_dev.o
-common-obj-$(CONFIG_PCI) += msix.o msi.o
-common-obj-$(CONFIG_PCI) += shpc.o
-common-obj-$(CONFIG_PCI) += slotid_cap.o
-common-obj-$(CONFIG_PCI) += pci_host.o pcie_host.o
-common-obj-$(CONFIG_PCI) += ioh3420.o xio3130_upstream.o xio3130_downstream.o
-common-obj-$(CONFIG_PCI) += i82801b11.o
-common-obj-y += watchdog.o
-common-obj-$(CONFIG_ISA_MMIO) += isa_mmio.o
-common-obj-$(CONFIG_ECC) += ecc.o
-common-obj-$(CONFIG_NAND) += nand.o
-common-obj-$(CONFIG_PFLASH_CFI01) += pflash_cfi01.o
-common-obj-$(CONFIG_PFLASH_CFI02) += pflash_cfi02.o
-
-common-obj-$(CONFIG_M48T59) += m48t59.o
-common-obj-$(CONFIG_ESCC) += escc.o
-common-obj-$(CONFIG_EMPTY_SLOT) += empty_slot.o
-
-common-obj-$(CONFIG_SERIAL) += serial.o serial-isa.o
-common-obj-$(CONFIG_SERIAL_PCI) += serial-pci.o
-common-obj-$(CONFIG_PARALLEL) += parallel.o
-common-obj-$(CONFIG_I8254) += i8254_common.o i8254.o
-common-obj-$(CONFIG_PCSPK) += pcspk.o
-common-obj-$(CONFIG_PCKBD) += pckbd.o
-common-obj-$(CONFIG_FDC) += fdc.o
-common-obj-$(CONFIG_ACPI) += acpi.o acpi_piix4.o acpi_ich9.o smbus_ich9.o
-common-obj-$(CONFIG_APM) += pm_smbus.o apm.o
-common-obj-$(CONFIG_DMA) += dma.o
-common-obj-$(CONFIG_I82374) += i82374.o
-common-obj-$(CONFIG_HPET) += hpet.o
-common-obj-$(CONFIG_APPLESMC) += applesmc.o
-common-obj-$(CONFIG_SMARTCARD) += ccid-card-passthru.o
-common-obj-$(CONFIG_SMARTCARD_NSS) += ccid-card-emulated.o
-common-obj-$(CONFIG_I8259) += i8259_common.o i8259.o
-common-obj-y += fifo.o
-common-obj-y += pam.o
-
-# PPC devices
-common-obj-$(CONFIG_PREP_PCI) += prep_pci.o
-common-obj-$(CONFIG_I82378) += i82378.o
-# Mac shared devices
-common-obj-$(CONFIG_MACIO) += macio.o
-common-obj-$(CONFIG_CUDA) += cuda.o
-common-obj-$(CONFIG_ADB) += adb.o
-common-obj-$(CONFIG_MAC_NVRAM) += mac_nvram.o
-common-obj-$(CONFIG_MAC_DBDMA) += mac_dbdma.o
-# OldWorld PowerMac
-common-obj-$(CONFIG_HEATHROW_PIC) += heathrow_pic.o
-common-obj-$(CONFIG_GRACKLE_PCI) += grackle_pci.o
-# NewWorld PowerMac
-common-obj-$(CONFIG_UNIN_PCI) += unin_pci.o
-common-obj-$(CONFIG_DEC_PCI) += dec_pci.o
-# PowerPC E500 boards
-common-obj-$(CONFIG_PPCE500_PCI) += ppce500_pci.o
-
-# MIPS devices
-common-obj-$(CONFIG_PIIX4) += piix4.o
-common-obj-$(CONFIG_G364FB) += g364fb.o
-common-obj-$(CONFIG_JAZZ_LED) += jazz_led.o
-
-# Xilinx devices
-common-obj-$(CONFIG_XILINX) += xilinx_intc.o
-common-obj-$(CONFIG_XILINX) += xilinx_timer.o
-common-obj-$(CONFIG_XILINX) += xilinx_uartlite.o
-common-obj-$(CONFIG_XILINX_AXI) += xilinx_axidma.o
-common-obj-$(CONFIG_XILINX_AXI) += xilinx_axienet.o
-common-obj-$(CONFIG_XILINX_AXI) += stream.o
-
-# PKUnity SoC devices
-common-obj-$(CONFIG_PUV3) += puv3_intc.o
-common-obj-$(CONFIG_PUV3) += puv3_ost.o
-common-obj-$(CONFIG_PUV3) += puv3_gpio.o
-common-obj-$(CONFIG_PUV3) += puv3_pm.o
-common-obj-$(CONFIG_PUV3) += puv3_dma.o
-
-# ARM devices
-common-obj-$(CONFIG_ARM_TIMER) += arm_timer.o
-common-obj-$(CONFIG_PL011) += pl011.o
-common-obj-$(CONFIG_PL022) += pl022.o
-common-obj-$(CONFIG_PL031) += pl031.o
-common-obj-$(CONFIG_PL041) += pl041.o lm4549.o
-common-obj-$(CONFIG_PL050) += pl050.o
-common-obj-$(CONFIG_PL061) += pl061.o
-common-obj-$(CONFIG_PL080) += pl080.o
-common-obj-$(CONFIG_PL110) += pl110.o
-common-obj-$(CONFIG_PL181) += pl181.o
-common-obj-$(CONFIG_PL190) += pl190.o
-common-obj-$(CONFIG_PL310) += arm_l2x0.o
-common-obj-$(CONFIG_VERSATILE_PCI) += versatile_pci.o
-common-obj-$(CONFIG_VERSATILE_I2C) += versatile_i2c.o
-common-obj-$(CONFIG_CADENCE) += cadence_uart.o
-common-obj-$(CONFIG_CADENCE) += cadence_ttc.o
-common-obj-$(CONFIG_CADENCE) += cadence_gem.o
-common-obj-$(CONFIG_XGMAC) += xgmac.o
-
-# PCI watchdog devices
-common-obj-$(CONFIG_PCI) += wdt_i6300esb.o
-
-common-obj-$(CONFIG_PCI) += pcie.o pcie_aer.o pcie_port.o
-
-# PCI network cards
-common-obj-$(CONFIG_NE2000_PCI) += ne2000.o
-common-obj-$(CONFIG_EEPRO100_PCI) += eepro100.o
-common-obj-$(CONFIG_PCNET_PCI) += pcnet-pci.o
-common-obj-$(CONFIG_PCNET_COMMON) += pcnet.o
-common-obj-$(CONFIG_E1000_PCI) += e1000.o
-common-obj-$(CONFIG_RTL8139_PCI) += rtl8139.o
-
-common-obj-$(CONFIG_SMC91C111) += smc91c111.o
-common-obj-$(CONFIG_LAN9118) += lan9118.o
-common-obj-$(CONFIG_NE2000_ISA) += ne2000-isa.o
-common-obj-$(CONFIG_OPENCORES_ETH) += opencores_eth.o
-
-# SCSI layer
-common-obj-$(CONFIG_LSI_SCSI_PCI) += lsi53c895a.o
-common-obj-$(CONFIG_MEGASAS_SCSI_PCI) += megasas.o
-common-obj-$(CONFIG_ESP) += esp.o
-common-obj-$(CONFIG_ESP_PCI) += esp-pci.o
-
-common-obj-y += sysbus.o isa-bus.o
-common-obj-y += qdev-addr.o
-
-# VGA
-common-obj-$(CONFIG_VGA_PCI) += vga-pci.o
-common-obj-$(CONFIG_VGA_ISA) += vga-isa.o
-common-obj-$(CONFIG_VGA_ISA_MM) += vga-isa-mm.o
-common-obj-$(CONFIG_VMWARE_VGA) += vmware_vga.o
-common-obj-$(CONFIG_VMMOUSE) += vmmouse.o
-common-obj-$(CONFIG_VGA_CIRRUS) += cirrus_vga.o
-
-common-obj-$(CONFIG_RC4030) += rc4030.o
-common-obj-$(CONFIG_DP8393X) += dp8393x.o
-common-obj-$(CONFIG_DS1225Y) += ds1225y.o
-common-obj-$(CONFIG_MIPSNET) += mipsnet.o
-
-common-obj-y += null-machine.o
-
-# Sound
-sound-obj-y =
-sound-obj-$(CONFIG_SB16) += sb16.o
-sound-obj-$(CONFIG_ES1370) += es1370.o
-sound-obj-$(CONFIG_AC97) += ac97.o
-sound-obj-$(CONFIG_ADLIB) += fmopl.o adlib.o
-sound-obj-$(CONFIG_GUS) += gus.o gusemu_hal.o gusemu_mixer.o
-sound-obj-$(CONFIG_CS4231A) += cs4231a.o
-sound-obj-$(CONFIG_HDA) += intel-hda.o hda-audio.o
-
-$(obj)/adlib.o $(obj)/fmopl.o: QEMU_CFLAGS += -DBUILD_Y8950=0
-
-common-obj-$(CONFIG_SOUND) += $(sound-obj-y)
-
-common-obj-$(CONFIG_REALLY_VIRTFS) += 9pfs/
-
-common-obj-y += usb/
-common-obj-y += irq.o
-common-obj-$(CONFIG_PTIMER) += ptimer.o
-common-obj-$(CONFIG_MAX7310) += max7310.o
-common-obj-$(CONFIG_WM8750) += wm8750.o
-common-obj-$(CONFIG_TWL92230) += twl92230.o
-common-obj-$(CONFIG_TSC2005) += tsc2005.o
-common-obj-$(CONFIG_LM832X) += lm832x.o
-common-obj-$(CONFIG_TMP105) += tmp105.o
-common-obj-$(CONFIG_STELLARIS_INPUT) += stellaris_input.o
-common-obj-$(CONFIG_SSD0303) += ssd0303.o
-common-obj-$(CONFIG_SSD0323) += ssd0323.o
-common-obj-$(CONFIG_ADS7846) += ads7846.o
-common-obj-$(CONFIG_MAX111X) += max111x.o
-common-obj-$(CONFIG_DS1338) += ds1338.o
-common-obj-y += i2c.o smbus.o smbus_eeprom.o
-common-obj-y += eeprom93xx.o
-common-obj-y += scsi-disk.o cdrom.o hd-geometry.o block-common.o
-common-obj-y += scsi-generic.o scsi-bus.o
-common-obj-y += hid.o
-common-obj-$(CONFIG_SSI) += ssi.o
-common-obj-$(CONFIG_SSI_M25P80) += m25p80.o
-common-obj-$(CONFIG_SSI_SD) += ssi-sd.o
-common-obj-$(CONFIG_SD) += sd.o
-common-obj-y += bt.o bt-l2cap.o bt-sdp.o bt-hci.o bt-hid.o
-common-obj-y += bt-hci-csr.o
-common-obj-y += msmouse.o ps2.o
-common-obj-y += qdev.o qdev-properties.o qdev-monitor.o
-common-obj-$(CONFIG_BRLAPI) += baum.o
-
-# xen backend driver support
-common-obj-$(CONFIG_XEN_BACKEND) += xen_backend.o xen_devconfig.o
-common-obj-$(CONFIG_XEN_BACKEND) += xen_console.o xenfb.o xen_disk.o xen_nic.o
-
-# Per-target files
-# virtio has to be here due to weird dependency between PCI and virtio-net.
-# need to fix this properly
-obj-$(CONFIG_VIRTIO) += virtio.o virtio-blk.o virtio-balloon.o virtio-net.o
-obj-$(CONFIG_VIRTIO) += virtio-serial-bus.o virtio-scsi.o
-obj-$(CONFIG_SOFTMMU) += vhost_net.o
-obj-$(CONFIG_VHOST_NET) += vhost.o
-obj-$(CONFIG_REALLY_VIRTFS) += 9pfs/
-obj-$(CONFIG_NO_PCI) += pci-stub.o
-obj-$(CONFIG_VGA) += vga.o
-obj-$(CONFIG_SOFTMMU) += device-hotplug.o
-obj-$(CONFIG_XEN) += xen_domainbuild.o xen_machine_pv.o
-
-# Inter-VM PCI shared memory & VFIO PCI device assignment
-ifeq ($(CONFIG_PCI), y)
-obj-$(CONFIG_KVM) += ivshmem.o
-obj-$(CONFIG_LINUX) += vfio_pci.o
-endif
+devices-dirs-$(CONFIG_REALLY_VIRTFS) += 9pfs/
+devices-dirs-$(CONFIG_ACPI) += acpi/
+devices-dirs-$(CONFIG_SOFTMMU) += audio/
+devices-dirs-$(CONFIG_SOFTMMU) += block/
+devices-dirs-$(CONFIG_SOFTMMU) += bt/
+devices-dirs-$(CONFIG_SOFTMMU) += char/
+devices-dirs-$(CONFIG_SOFTMMU) += cpu/
+devices-dirs-$(CONFIG_SOFTMMU) += display/
+devices-dirs-$(CONFIG_SOFTMMU) += dma/
+devices-dirs-$(CONFIG_SOFTMMU) += gpio/
+devices-dirs-$(CONFIG_SOFTMMU) += i2c/
+devices-dirs-$(CONFIG_SOFTMMU) += ide/
+devices-dirs-$(CONFIG_SOFTMMU) += input/
+devices-dirs-$(CONFIG_SOFTMMU) += intc/
+devices-dirs-$(CONFIG_SOFTMMU) += isa/
+devices-dirs-$(CONFIG_SOFTMMU) += misc/
+devices-dirs-$(CONFIG_SOFTMMU) += net/
+devices-dirs-$(CONFIG_SOFTMMU) += nvram/
+devices-dirs-$(CONFIG_SOFTMMU) += pci/
+devices-dirs-$(CONFIG_PCI) += pci-bridge/ pci-host/
+devices-dirs-$(CONFIG_SOFTMMU) += scsi/
+devices-dirs-$(CONFIG_SOFTMMU) += sd/
+devices-dirs-$(CONFIG_SOFTMMU) += ssi/
+devices-dirs-$(CONFIG_SOFTMMU) += timer/
+devices-dirs-$(CONFIG_TPM) += tpm/
+devices-dirs-$(CONFIG_SOFTMMU) += usb/
+devices-dirs-$(CONFIG_VIRTIO) += virtio/
+devices-dirs-$(CONFIG_SOFTMMU) += watchdog/
+devices-dirs-$(CONFIG_SOFTMMU) += xen/
+devices-dirs-y += core/
+common-obj-y += $(devices-dirs-y)
+obj-y += $(devices-dirs-y)
diff --git a/hw/a15mpcore.c b/hw/a15mpcore.c
deleted file mode 100644
index fc0a02ae8..000000000
--- a/hw/a15mpcore.c
+++ /dev/null
@@ -1,108 +0,0 @@
-/*
- * Cortex-A15MPCore internal peripheral emulation.
- *
- * Copyright (c) 2012 Linaro Limited.
- * Written by Peter Maydell.
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, see <http://www.gnu.org/licenses/>.
- */
-
-#include "sysbus.h"
-
-/* A15MP private memory region. */
-
-typedef struct A15MPPrivState {
- SysBusDevice busdev;
- uint32_t num_cpu;
- uint32_t num_irq;
- MemoryRegion container;
- DeviceState *gic;
-} A15MPPrivState;
-
-static void a15mp_priv_set_irq(void *opaque, int irq, int level)
-{
- A15MPPrivState *s = (A15MPPrivState *)opaque;
- qemu_set_irq(qdev_get_gpio_in(s->gic, irq), level);
-}
-
-static int a15mp_priv_init(SysBusDevice *dev)
-{
- A15MPPrivState *s = FROM_SYSBUS(A15MPPrivState, dev);
- SysBusDevice *busdev;
-
- s->gic = qdev_create(NULL, "arm_gic");
- qdev_prop_set_uint32(s->gic, "num-cpu", s->num_cpu);
- qdev_prop_set_uint32(s->gic, "num-irq", s->num_irq);
- qdev_prop_set_uint32(s->gic, "revision", 2);
- qdev_init_nofail(s->gic);
- busdev = sysbus_from_qdev(s->gic);
-
- /* Pass through outbound IRQ lines from the GIC */
- sysbus_pass_irq(dev, busdev);
-
- /* Pass through inbound GPIO lines to the GIC */
- qdev_init_gpio_in(&s->busdev.qdev, a15mp_priv_set_irq, s->num_irq - 32);
-
- /* Memory map (addresses are offsets from PERIPHBASE):
- * 0x0000-0x0fff -- reserved
- * 0x1000-0x1fff -- GIC Distributor
- * 0x2000-0x2fff -- GIC CPU interface
- * 0x4000-0x4fff -- GIC virtual interface control (not modelled)
- * 0x5000-0x5fff -- GIC virtual interface control (not modelled)
- * 0x6000-0x7fff -- GIC virtual CPU interface (not modelled)
- */
- memory_region_init(&s->container, "a15mp-priv-container", 0x8000);
- memory_region_add_subregion(&s->container, 0x1000,
- sysbus_mmio_get_region(busdev, 0));
- memory_region_add_subregion(&s->container, 0x2000,
- sysbus_mmio_get_region(busdev, 1));
-
- sysbus_init_mmio(dev, &s->container);
- return 0;
-}
-
-static Property a15mp_priv_properties[] = {
- DEFINE_PROP_UINT32("num-cpu", A15MPPrivState, num_cpu, 1),
- /* The Cortex-A15MP may have anything from 0 to 224 external interrupt
- * IRQ lines (with another 32 internal). We default to 64+32, which
- * is the number provided by the Cortex-A15MP test chip in the
- * Versatile Express A15 development board.
- * Other boards may differ and should set this property appropriately.
- */
- DEFINE_PROP_UINT32("num-irq", A15MPPrivState, num_irq, 96),
- DEFINE_PROP_END_OF_LIST(),
-};
-
-static void a15mp_priv_class_init(ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS(klass);
- SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
- k->init = a15mp_priv_init;
- dc->props = a15mp_priv_properties;
- /* We currently have no savable state */
-}
-
-static TypeInfo a15mp_priv_info = {
- .name = "a15mpcore_priv",
- .parent = TYPE_SYS_BUS_DEVICE,
- .instance_size = sizeof(A15MPPrivState),
- .class_init = a15mp_priv_class_init,
-};
-
-static void a15mp_register_types(void)
-{
- type_register_static(&a15mp_priv_info);
-}
-
-type_init(a15mp_register_types)
diff --git a/hw/a9mpcore.c b/hw/a9mpcore.c
deleted file mode 100644
index 824ff0a4d..000000000
--- a/hw/a9mpcore.c
+++ /dev/null
@@ -1,242 +0,0 @@
-/*
- * Cortex-A9MPCore internal peripheral emulation.
- *
- * Copyright (c) 2009 CodeSourcery.
- * Copyright (c) 2011 Linaro Limited.
- * Written by Paul Brook, Peter Maydell.
- *
- * This code is licensed under the GPL.
- */
-
-#include "sysbus.h"
-
-/* A9MP private memory region. */
-
-typedef struct a9mp_priv_state {
- SysBusDevice busdev;
- uint32_t scu_control;
- uint32_t scu_status;
- uint32_t old_timer_status[8];
- uint32_t num_cpu;
- MemoryRegion scu_iomem;
- MemoryRegion ptimer_iomem;
- MemoryRegion container;
- DeviceState *mptimer;
- DeviceState *gic;
- uint32_t num_irq;
-} a9mp_priv_state;
-
-static uint64_t a9_scu_read(void *opaque, hwaddr offset,
- unsigned size)
-{
- a9mp_priv_state *s = (a9mp_priv_state *)opaque;
- switch (offset) {
- case 0x00: /* Control */
- return s->scu_control;
- case 0x04: /* Configuration */
- return (((1 << s->num_cpu) - 1) << 4) | (s->num_cpu - 1);
- case 0x08: /* CPU Power Status */
- return s->scu_status;
- case 0x09: /* CPU status. */
- return s->scu_status >> 8;
- case 0x0a: /* CPU status. */
- return s->scu_status >> 16;
- case 0x0b: /* CPU status. */
- return s->scu_status >> 24;
- case 0x0c: /* Invalidate All Registers In Secure State */
- return 0;
- case 0x40: /* Filtering Start Address Register */
- case 0x44: /* Filtering End Address Register */
- /* RAZ/WI, like an implementation with only one AXI master */
- return 0;
- case 0x50: /* SCU Access Control Register */
- case 0x54: /* SCU Non-secure Access Control Register */
- /* unimplemented, fall through */
- default:
- return 0;
- }
-}
-
-static void a9_scu_write(void *opaque, hwaddr offset,
- uint64_t value, unsigned size)
-{
- a9mp_priv_state *s = (a9mp_priv_state *)opaque;
- uint32_t mask;
- uint32_t shift;
- switch (size) {
- case 1:
- mask = 0xff;
- break;
- case 2:
- mask = 0xffff;
- break;
- case 4:
- mask = 0xffffffff;
- break;
- default:
- fprintf(stderr, "Invalid size %u in write to a9 scu register %x\n",
- size, (unsigned)offset);
- return;
- }
-
- switch (offset) {
- case 0x00: /* Control */
- s->scu_control = value & 1;
- break;
- case 0x4: /* Configuration: RO */
- break;
- case 0x08: case 0x09: case 0x0A: case 0x0B: /* Power Control */
- shift = (offset - 0x8) * 8;
- s->scu_status &= ~(mask << shift);
- s->scu_status |= ((value & mask) << shift);
- break;
- case 0x0c: /* Invalidate All Registers In Secure State */
- /* no-op as we do not implement caches */
- break;
- case 0x40: /* Filtering Start Address Register */
- case 0x44: /* Filtering End Address Register */
- /* RAZ/WI, like an implementation with only one AXI master */
- break;
- case 0x50: /* SCU Access Control Register */
- case 0x54: /* SCU Non-secure Access Control Register */
- /* unimplemented, fall through */
- default:
- break;
- }
-}
-
-static const MemoryRegionOps a9_scu_ops = {
- .read = a9_scu_read,
- .write = a9_scu_write,
- .endianness = DEVICE_NATIVE_ENDIAN,
-};
-
-static void a9mp_priv_reset(DeviceState *dev)
-{
- a9mp_priv_state *s = FROM_SYSBUS(a9mp_priv_state, sysbus_from_qdev(dev));
- int i;
- s->scu_control = 0;
- for (i = 0; i < ARRAY_SIZE(s->old_timer_status); i++) {
- s->old_timer_status[i] = 0;
- }
-}
-
-static void a9mp_priv_set_irq(void *opaque, int irq, int level)
-{
- a9mp_priv_state *s = (a9mp_priv_state *)opaque;
- qemu_set_irq(qdev_get_gpio_in(s->gic, irq), level);
-}
-
-static int a9mp_priv_init(SysBusDevice *dev)
-{
- a9mp_priv_state *s = FROM_SYSBUS(a9mp_priv_state, dev);
- SysBusDevice *busdev, *gicbusdev;
- int i;
-
- s->gic = qdev_create(NULL, "arm_gic");
- qdev_prop_set_uint32(s->gic, "num-cpu", s->num_cpu);
- qdev_prop_set_uint32(s->gic, "num-irq", s->num_irq);
- qdev_init_nofail(s->gic);
- gicbusdev = sysbus_from_qdev(s->gic);
-
- /* Pass through outbound IRQ lines from the GIC */
- sysbus_pass_irq(dev, gicbusdev);
-
- /* Pass through inbound GPIO lines to the GIC */
- qdev_init_gpio_in(&s->busdev.qdev, a9mp_priv_set_irq, s->num_irq - 32);
-
- s->mptimer = qdev_create(NULL, "arm_mptimer");
- qdev_prop_set_uint32(s->mptimer, "num-cpu", s->num_cpu);
- qdev_init_nofail(s->mptimer);
- busdev = sysbus_from_qdev(s->mptimer);
-
- /* Memory map (addresses are offsets from PERIPHBASE):
- * 0x0000-0x00ff -- Snoop Control Unit
- * 0x0100-0x01ff -- GIC CPU interface
- * 0x0200-0x02ff -- Global Timer
- * 0x0300-0x05ff -- nothing
- * 0x0600-0x06ff -- private timers and watchdogs
- * 0x0700-0x0fff -- nothing
- * 0x1000-0x1fff -- GIC Distributor
- *
- * We should implement the global timer but don't currently do so.
- */
- memory_region_init(&s->container, "a9mp-priv-container", 0x2000);
- memory_region_init_io(&s->scu_iomem, &a9_scu_ops, s, "a9mp-scu", 0x100);
- memory_region_add_subregion(&s->container, 0, &s->scu_iomem);
- /* GIC CPU interface */
- memory_region_add_subregion(&s->container, 0x100,
- sysbus_mmio_get_region(gicbusdev, 1));
- /* Note that the A9 exposes only the "timer/watchdog for this core"
- * memory region, not the "timer/watchdog for core X" ones 11MPcore has.
- */
- memory_region_add_subregion(&s->container, 0x600,
- sysbus_mmio_get_region(busdev, 0));
- memory_region_add_subregion(&s->container, 0x620,
- sysbus_mmio_get_region(busdev, 1));
- memory_region_add_subregion(&s->container, 0x1000,
- sysbus_mmio_get_region(gicbusdev, 0));
-
- sysbus_init_mmio(dev, &s->container);
-
- /* Wire up the interrupt from each watchdog and timer.
- * For each core the timer is PPI 29 and the watchdog PPI 30.
- */
- for (i = 0; i < s->num_cpu; i++) {
- int ppibase = (s->num_irq - 32) + i * 32;
- sysbus_connect_irq(busdev, i * 2,
- qdev_get_gpio_in(s->gic, ppibase + 29));
- sysbus_connect_irq(busdev, i * 2 + 1,
- qdev_get_gpio_in(s->gic, ppibase + 30));
- }
- return 0;
-}
-
-static const VMStateDescription vmstate_a9mp_priv = {
- .name = "a9mpcore_priv",
- .version_id = 2,
- .minimum_version_id = 1,
- .fields = (VMStateField[]) {
- VMSTATE_UINT32(scu_control, a9mp_priv_state),
- VMSTATE_UINT32_ARRAY(old_timer_status, a9mp_priv_state, 8),
- VMSTATE_UINT32_V(scu_status, a9mp_priv_state, 2),
- VMSTATE_END_OF_LIST()
- }
-};
-
-static Property a9mp_priv_properties[] = {
- DEFINE_PROP_UINT32("num-cpu", a9mp_priv_state, num_cpu, 1),
- /* The Cortex-A9MP may have anything from 0 to 224 external interrupt
- * IRQ lines (with another 32 internal). We default to 64+32, which
- * is the number provided by the Cortex-A9MP test chip in the
- * Realview PBX-A9 and Versatile Express A9 development boards.
- * Other boards may differ and should set this property appropriately.
- */
- DEFINE_PROP_UINT32("num-irq", a9mp_priv_state, num_irq, 96),
- DEFINE_PROP_END_OF_LIST(),
-};
-
-static void a9mp_priv_class_init(ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS(klass);
- SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
-
- k->init = a9mp_priv_init;
- dc->props = a9mp_priv_properties;
- dc->vmsd = &vmstate_a9mp_priv;
- dc->reset = a9mp_priv_reset;
-}
-
-static TypeInfo a9mp_priv_info = {
- .name = "a9mpcore_priv",
- .parent = TYPE_SYS_BUS_DEVICE,
- .instance_size = sizeof(a9mp_priv_state),
- .class_init = a9mp_priv_class_init,
-};
-
-static void a9mp_register_types(void)
-{
- type_register_static(&a9mp_priv_info);
-}
-
-type_init(a9mp_register_types)
diff --git a/hw/ac97.c b/hw/ac97.c
deleted file mode 100644
index ce6a1dc60..000000000
--- a/hw/ac97.c
+++ /dev/null
@@ -1,1438 +0,0 @@
-/*
- * Copyright (C) 2006 InnoTek Systemberatung GmbH
- *
- * This file is part of VirtualBox Open Source Edition (OSE), as
- * available from http://www.virtualbox.org. This file is free software;
- * you can redistribute it and/or modify it under the terms of the GNU
- * General Public License as published by the Free Software Foundation,
- * in version 2 as it comes in the "COPYING" file of the VirtualBox OSE
- * distribution. VirtualBox OSE is distributed in the hope that it will
- * be useful, but WITHOUT ANY WARRANTY of any kind.
- *
- * If you received this file as part of a commercial VirtualBox
- * distribution, then only the terms of your commercial VirtualBox
- * license agreement apply instead of the previous paragraph.
- *
- * Contributions after 2012-01-13 are licensed under the terms of the
- * GNU GPL, version 2 or (at your option) any later version.
- */
-
-#include "hw.h"
-#include "audiodev.h"
-#include "audio/audio.h"
-#include "pci.h"
-#include "dma.h"
-
-enum {
- AC97_Reset = 0x00,
- AC97_Master_Volume_Mute = 0x02,
- AC97_Headphone_Volume_Mute = 0x04,
- AC97_Master_Volume_Mono_Mute = 0x06,
- AC97_Master_Tone_RL = 0x08,
- AC97_PC_BEEP_Volume_Mute = 0x0A,
- AC97_Phone_Volume_Mute = 0x0C,
- AC97_Mic_Volume_Mute = 0x0E,
- AC97_Line_In_Volume_Mute = 0x10,
- AC97_CD_Volume_Mute = 0x12,
- AC97_Video_Volume_Mute = 0x14,
- AC97_Aux_Volume_Mute = 0x16,
- AC97_PCM_Out_Volume_Mute = 0x18,
- AC97_Record_Select = 0x1A,
- AC97_Record_Gain_Mute = 0x1C,
- AC97_Record_Gain_Mic_Mute = 0x1E,
- AC97_General_Purpose = 0x20,
- AC97_3D_Control = 0x22,
- AC97_AC_97_RESERVED = 0x24,
- AC97_Powerdown_Ctrl_Stat = 0x26,
- AC97_Extended_Audio_ID = 0x28,
- AC97_Extended_Audio_Ctrl_Stat = 0x2A,
- AC97_PCM_Front_DAC_Rate = 0x2C,
- AC97_PCM_Surround_DAC_Rate = 0x2E,
- AC97_PCM_LFE_DAC_Rate = 0x30,
- AC97_PCM_LR_ADC_Rate = 0x32,
- AC97_MIC_ADC_Rate = 0x34,
- AC97_6Ch_Vol_C_LFE_Mute = 0x36,
- AC97_6Ch_Vol_L_R_Surround_Mute = 0x38,
- AC97_Vendor_Reserved = 0x58,
- AC97_Sigmatel_Analog = 0x6c, /* We emulate a Sigmatel codec */
- AC97_Sigmatel_Dac2Invert = 0x6e, /* We emulate a Sigmatel codec */
- AC97_Vendor_ID1 = 0x7c,
- AC97_Vendor_ID2 = 0x7e
-};
-
-#define SOFT_VOLUME
-#define SR_FIFOE 16 /* rwc */
-#define SR_BCIS 8 /* rwc */
-#define SR_LVBCI 4 /* rwc */
-#define SR_CELV 2 /* ro */
-#define SR_DCH 1 /* ro */
-#define SR_VALID_MASK ((1 << 5) - 1)
-#define SR_WCLEAR_MASK (SR_FIFOE | SR_BCIS | SR_LVBCI)
-#define SR_RO_MASK (SR_DCH | SR_CELV)
-#define SR_INT_MASK (SR_FIFOE | SR_BCIS | SR_LVBCI)
-
-#define CR_IOCE 16 /* rw */
-#define CR_FEIE 8 /* rw */
-#define CR_LVBIE 4 /* rw */
-#define CR_RR 2 /* rw */
-#define CR_RPBM 1 /* rw */
-#define CR_VALID_MASK ((1 << 5) - 1)
-#define CR_DONT_CLEAR_MASK (CR_IOCE | CR_FEIE | CR_LVBIE)
-
-#define GC_WR 4 /* rw */
-#define GC_CR 2 /* rw */
-#define GC_VALID_MASK ((1 << 6) - 1)
-
-#define GS_MD3 (1<<17) /* rw */
-#define GS_AD3 (1<<16) /* rw */
-#define GS_RCS (1<<15) /* rwc */
-#define GS_B3S12 (1<<14) /* ro */
-#define GS_B2S12 (1<<13) /* ro */
-#define GS_B1S12 (1<<12) /* ro */
-#define GS_S1R1 (1<<11) /* rwc */
-#define GS_S0R1 (1<<10) /* rwc */
-#define GS_S1CR (1<<9) /* ro */
-#define GS_S0CR (1<<8) /* ro */
-#define GS_MINT (1<<7) /* ro */
-#define GS_POINT (1<<6) /* ro */
-#define GS_PIINT (1<<5) /* ro */
-#define GS_RSRVD ((1<<4)|(1<<3))
-#define GS_MOINT (1<<2) /* ro */
-#define GS_MIINT (1<<1) /* ro */
-#define GS_GSCI 1 /* rwc */
-#define GS_RO_MASK (GS_B3S12| \
- GS_B2S12| \
- GS_B1S12| \
- GS_S1CR| \
- GS_S0CR| \
- GS_MINT| \
- GS_POINT| \
- GS_PIINT| \
- GS_RSRVD| \
- GS_MOINT| \
- GS_MIINT)
-#define GS_VALID_MASK ((1 << 18) - 1)
-#define GS_WCLEAR_MASK (GS_RCS|GS_S1R1|GS_S0R1|GS_GSCI)
-
-#define BD_IOC (1<<31)
-#define BD_BUP (1<<30)
-
-#define EACS_VRA 1
-#define EACS_VRM 8
-
-#define MUTE_SHIFT 15
-
-#define REC_MASK 7
-enum {
- REC_MIC = 0,
- REC_CD,
- REC_VIDEO,
- REC_AUX,
- REC_LINE_IN,
- REC_STEREO_MIX,
- REC_MONO_MIX,
- REC_PHONE
-};
-
-typedef struct BD {
- uint32_t addr;
- uint32_t ctl_len;
-} BD;
-
-typedef struct AC97BusMasterRegs {
- uint32_t bdbar; /* rw 0 */
- uint8_t civ; /* ro 0 */
- uint8_t lvi; /* rw 0 */
- uint16_t sr; /* rw 1 */
- uint16_t picb; /* ro 0 */
- uint8_t piv; /* ro 0 */
- uint8_t cr; /* rw 0 */
- unsigned int bd_valid;
- BD bd;
-} AC97BusMasterRegs;
-
-typedef struct AC97LinkState {
- PCIDevice dev;
- QEMUSoundCard card;
- uint32_t use_broken_id;
- uint32_t glob_cnt;
- uint32_t glob_sta;
- uint32_t cas;
- uint32_t last_samp;
- AC97BusMasterRegs bm_regs[3];
- uint8_t mixer_data[256];
- SWVoiceIn *voice_pi;
- SWVoiceOut *voice_po;
- SWVoiceIn *voice_mc;
- int invalid_freq[3];
- uint8_t silence[128];
- int bup_flag;
- MemoryRegion io_nam;
- MemoryRegion io_nabm;
-} AC97LinkState;
-
-enum {
- BUP_SET = 1,
- BUP_LAST = 2
-};
-
-#ifdef DEBUG_AC97
-#define dolog(...) AUD_log ("ac97", __VA_ARGS__)
-#else
-#define dolog(...)
-#endif
-
-#define MKREGS(prefix, start) \
-enum { \
- prefix ## _BDBAR = start, \
- prefix ## _CIV = start + 4, \
- prefix ## _LVI = start + 5, \
- prefix ## _SR = start + 6, \
- prefix ## _PICB = start + 8, \
- prefix ## _PIV = start + 10, \
- prefix ## _CR = start + 11 \
-}
-
-enum {
- PI_INDEX = 0,
- PO_INDEX,
- MC_INDEX,
- LAST_INDEX
-};
-
-MKREGS (PI, PI_INDEX * 16);
-MKREGS (PO, PO_INDEX * 16);
-MKREGS (MC, MC_INDEX * 16);
-
-enum {
- GLOB_CNT = 0x2c,
- GLOB_STA = 0x30,
- CAS = 0x34
-};
-
-#define GET_BM(index) (((index) >> 4) & 3)
-
-static void po_callback (void *opaque, int free);
-static void pi_callback (void *opaque, int avail);
-static void mc_callback (void *opaque, int avail);
-
-static void warm_reset (AC97LinkState *s)
-{
- (void) s;
-}
-
-static void cold_reset (AC97LinkState * s)
-{
- (void) s;
-}
-
-static void fetch_bd (AC97LinkState *s, AC97BusMasterRegs *r)
-{
- uint8_t b[8];
-
- pci_dma_read (&s->dev, r->bdbar + r->civ * 8, b, 8);
- r->bd_valid = 1;
- r->bd.addr = le32_to_cpu (*(uint32_t *) &b[0]) & ~3;
- r->bd.ctl_len = le32_to_cpu (*(uint32_t *) &b[4]);
- r->picb = r->bd.ctl_len & 0xffff;
- dolog ("bd %2d addr=%#x ctl=%#06x len=%#x(%d bytes)\n",
- r->civ, r->bd.addr, r->bd.ctl_len >> 16,
- r->bd.ctl_len & 0xffff,
- (r->bd.ctl_len & 0xffff) << 1);
-}
-
-static void update_sr (AC97LinkState *s, AC97BusMasterRegs *r, uint32_t new_sr)
-{
- int event = 0;
- int level = 0;
- uint32_t new_mask = new_sr & SR_INT_MASK;
- uint32_t old_mask = r->sr & SR_INT_MASK;
- uint32_t masks[] = {GS_PIINT, GS_POINT, GS_MINT};
-
- if (new_mask ^ old_mask) {
- /** @todo is IRQ deasserted when only one of status bits is cleared? */
- if (!new_mask) {
- event = 1;
- level = 0;
- }
- else {
- if ((new_mask & SR_LVBCI) && (r->cr & CR_LVBIE)) {
- event = 1;
- level = 1;
- }
- if ((new_mask & SR_BCIS) && (r->cr & CR_IOCE)) {
- event = 1;
- level = 1;
- }
- }
- }
-
- r->sr = new_sr;
-
- dolog ("IOC%d LVB%d sr=%#x event=%d level=%d\n",
- r->sr & SR_BCIS, r->sr & SR_LVBCI,
- r->sr,
- event, level);
-
- if (!event)
- return;
-
- if (level) {
- s->glob_sta |= masks[r - s->bm_regs];
- dolog ("set irq level=1\n");
- qemu_set_irq (s->dev.irq[0], 1);
- }
- else {
- s->glob_sta &= ~masks[r - s->bm_regs];
- dolog ("set irq level=0\n");
- qemu_set_irq (s->dev.irq[0], 0);
- }
-}
-
-static void voice_set_active (AC97LinkState *s, int bm_index, int on)
-{
- switch (bm_index) {
- case PI_INDEX:
- AUD_set_active_in (s->voice_pi, on);
- break;
-
- case PO_INDEX:
- AUD_set_active_out (s->voice_po, on);
- break;
-
- case MC_INDEX:
- AUD_set_active_in (s->voice_mc, on);
- break;
-
- default:
- AUD_log ("ac97", "invalid bm_index(%d) in voice_set_active", bm_index);
- break;
- }
-}
-
-static void reset_bm_regs (AC97LinkState *s, AC97BusMasterRegs *r)
-{
- dolog ("reset_bm_regs\n");
- r->bdbar = 0;
- r->civ = 0;
- r->lvi = 0;
- /** todo do we need to do that? */
- update_sr (s, r, SR_DCH);
- r->picb = 0;
- r->piv = 0;
- r->cr = r->cr & CR_DONT_CLEAR_MASK;
- r->bd_valid = 0;
-
- voice_set_active (s, r - s->bm_regs, 0);
- memset (s->silence, 0, sizeof (s->silence));
-}
-
-static void mixer_store (AC97LinkState *s, uint32_t i, uint16_t v)
-{
- if (i + 2 > sizeof (s->mixer_data)) {
- dolog ("mixer_store: index %d out of bounds %zd\n",
- i, sizeof (s->mixer_data));
- return;
- }
-
- s->mixer_data[i + 0] = v & 0xff;
- s->mixer_data[i + 1] = v >> 8;
-}
-
-static uint16_t mixer_load (AC97LinkState *s, uint32_t i)
-{
- uint16_t val = 0xffff;
-
- if (i + 2 > sizeof (s->mixer_data)) {
- dolog ("mixer_load: index %d out of bounds %zd\n",
- i, sizeof (s->mixer_data));
- }
- else {
- val = s->mixer_data[i + 0] | (s->mixer_data[i + 1] << 8);
- }
-
- return val;
-}
-
-static void open_voice (AC97LinkState *s, int index, int freq)
-{
- struct audsettings as;
-
- as.freq = freq;
- as.nchannels = 2;
- as.fmt = AUD_FMT_S16;
- as.endianness = 0;
-
- if (freq > 0) {
- s->invalid_freq[index] = 0;
- switch (index) {
- case PI_INDEX:
- s->voice_pi = AUD_open_in (
- &s->card,
- s->voice_pi,
- "ac97.pi",
- s,
- pi_callback,
- &as
- );
- break;
-
- case PO_INDEX:
- s->voice_po = AUD_open_out (
- &s->card,
- s->voice_po,
- "ac97.po",
- s,
- po_callback,
- &as
- );
- break;
-
- case MC_INDEX:
- s->voice_mc = AUD_open_in (
- &s->card,
- s->voice_mc,
- "ac97.mc",
- s,
- mc_callback,
- &as
- );
- break;
- }
- }
- else {
- s->invalid_freq[index] = freq;
- switch (index) {
- case PI_INDEX:
- AUD_close_in (&s->card, s->voice_pi);
- s->voice_pi = NULL;
- break;
-
- case PO_INDEX:
- AUD_close_out (&s->card, s->voice_po);
- s->voice_po = NULL;
- break;
-
- case MC_INDEX:
- AUD_close_in (&s->card, s->voice_mc);
- s->voice_mc = NULL;
- break;
- }
- }
-}
-
-static void reset_voices (AC97LinkState *s, uint8_t active[LAST_INDEX])
-{
- uint16_t freq;
-
- freq = mixer_load (s, AC97_PCM_LR_ADC_Rate);
- open_voice (s, PI_INDEX, freq);
- AUD_set_active_in (s->voice_pi, active[PI_INDEX]);
-
- freq = mixer_load (s, AC97_PCM_Front_DAC_Rate);
- open_voice (s, PO_INDEX, freq);
- AUD_set_active_out (s->voice_po, active[PO_INDEX]);
-
- freq = mixer_load (s, AC97_MIC_ADC_Rate);
- open_voice (s, MC_INDEX, freq);
- AUD_set_active_in (s->voice_mc, active[MC_INDEX]);
-}
-
-static void get_volume (uint16_t vol, uint16_t mask, int inverse,
- int *mute, uint8_t *lvol, uint8_t *rvol)
-{
- *mute = (vol >> MUTE_SHIFT) & 1;
- *rvol = (255 * (vol & mask)) / mask;
- *lvol = (255 * ((vol >> 8) & mask)) / mask;
-
- if (inverse) {
- *rvol = 255 - *rvol;
- *lvol = 255 - *lvol;
- }
-}
-
-static void update_combined_volume_out (AC97LinkState *s)
-{
- uint8_t lvol, rvol, plvol, prvol;
- int mute, pmute;
-
- get_volume (mixer_load (s, AC97_Master_Volume_Mute), 0x3f, 1,
- &mute, &lvol, &rvol);
- get_volume (mixer_load (s, AC97_PCM_Out_Volume_Mute), 0x1f, 1,
- &pmute, &plvol, &prvol);
-
- mute = mute | pmute;
- lvol = (lvol * plvol) / 255;
- rvol = (rvol * prvol) / 255;
-
- AUD_set_volume_out (s->voice_po, mute, lvol, rvol);
-}
-
-static void update_volume_in (AC97LinkState *s)
-{
- uint8_t lvol, rvol;
- int mute;
-
- get_volume (mixer_load (s, AC97_Record_Gain_Mute), 0x0f, 0,
- &mute, &lvol, &rvol);
-
- AUD_set_volume_in (s->voice_pi, mute, lvol, rvol);
-}
-
-static void set_volume (AC97LinkState *s, int index, uint32_t val)
-{
- switch (index) {
- case AC97_Master_Volume_Mute:
- val &= 0xbf3f;
- mixer_store (s, index, val);
- update_combined_volume_out (s);
- break;
- case AC97_PCM_Out_Volume_Mute:
- val &= 0x9f1f;
- mixer_store (s, index, val);
- update_combined_volume_out (s);
- break;
- case AC97_Record_Gain_Mute:
- val &= 0x8f0f;
- mixer_store (s, index, val);
- update_volume_in (s);
- break;
- }
-}
-
-static void record_select (AC97LinkState *s, uint32_t val)
-{
- uint8_t rs = val & REC_MASK;
- uint8_t ls = (val >> 8) & REC_MASK;
- mixer_store (s, AC97_Record_Select, rs | (ls << 8));
-}
-
-static void mixer_reset (AC97LinkState *s)
-{
- uint8_t active[LAST_INDEX];
-
- dolog ("mixer_reset\n");
- memset (s->mixer_data, 0, sizeof (s->mixer_data));
- memset (active, 0, sizeof (active));
- mixer_store (s, AC97_Reset , 0x0000); /* 6940 */
- mixer_store (s, AC97_Headphone_Volume_Mute , 0x0000);
- mixer_store (s, AC97_Master_Volume_Mono_Mute , 0x0000);
- mixer_store (s, AC97_Master_Tone_RL, 0x0000);
- mixer_store (s, AC97_PC_BEEP_Volume_Mute , 0x0000);
- mixer_store (s, AC97_Phone_Volume_Mute , 0x0000);
- mixer_store (s, AC97_Mic_Volume_Mute , 0x0000);
- mixer_store (s, AC97_Line_In_Volume_Mute , 0x0000);
- mixer_store (s, AC97_CD_Volume_Mute , 0x0000);
- mixer_store (s, AC97_Video_Volume_Mute , 0x0000);
- mixer_store (s, AC97_Aux_Volume_Mute , 0x0000);
- mixer_store (s, AC97_Record_Gain_Mic_Mute , 0x0000);
- mixer_store (s, AC97_General_Purpose , 0x0000);
- mixer_store (s, AC97_3D_Control , 0x0000);
- mixer_store (s, AC97_Powerdown_Ctrl_Stat , 0x000f);
-
- /*
- * Sigmatel 9700 (STAC9700)
- */
- mixer_store (s, AC97_Vendor_ID1 , 0x8384);
- mixer_store (s, AC97_Vendor_ID2 , 0x7600); /* 7608 */
-
- mixer_store (s, AC97_Extended_Audio_ID , 0x0809);
- mixer_store (s, AC97_Extended_Audio_Ctrl_Stat, 0x0009);
- mixer_store (s, AC97_PCM_Front_DAC_Rate , 0xbb80);
- mixer_store (s, AC97_PCM_Surround_DAC_Rate , 0xbb80);
- mixer_store (s, AC97_PCM_LFE_DAC_Rate , 0xbb80);
- mixer_store (s, AC97_PCM_LR_ADC_Rate , 0xbb80);
- mixer_store (s, AC97_MIC_ADC_Rate , 0xbb80);
-
- record_select (s, 0);
- set_volume (s, AC97_Master_Volume_Mute, 0x8000);
- set_volume (s, AC97_PCM_Out_Volume_Mute, 0x8808);
- set_volume (s, AC97_Record_Gain_Mute, 0x8808);
-
- reset_voices (s, active);
-}
-
-/**
- * Native audio mixer
- * I/O Reads
- */
-static uint32_t nam_readb (void *opaque, uint32_t addr)
-{
- AC97LinkState *s = opaque;
- dolog ("U nam readb %#x\n", addr);
- s->cas = 0;
- return ~0U;
-}
-
-static uint32_t nam_readw (void *opaque, uint32_t addr)
-{
- AC97LinkState *s = opaque;
- uint32_t val = ~0U;
- uint32_t index = addr;
- s->cas = 0;
- val = mixer_load (s, index);
- return val;
-}
-
-static uint32_t nam_readl (void *opaque, uint32_t addr)
-{
- AC97LinkState *s = opaque;
- dolog ("U nam readl %#x\n", addr);
- s->cas = 0;
- return ~0U;
-}
-
-/**
- * Native audio mixer
- * I/O Writes
- */
-static void nam_writeb (void *opaque, uint32_t addr, uint32_t val)
-{
- AC97LinkState *s = opaque;
- dolog ("U nam writeb %#x <- %#x\n", addr, val);
- s->cas = 0;
-}
-
-static void nam_writew (void *opaque, uint32_t addr, uint32_t val)
-{
- AC97LinkState *s = opaque;
- uint32_t index = addr;
- s->cas = 0;
- switch (index) {
- case AC97_Reset:
- mixer_reset (s);
- break;
- case AC97_Powerdown_Ctrl_Stat:
- val &= ~0x800f;
- val |= mixer_load (s, index) & 0xf;
- mixer_store (s, index, val);
- break;
- case AC97_PCM_Out_Volume_Mute:
- case AC97_Master_Volume_Mute:
- case AC97_Record_Gain_Mute:
- set_volume (s, index, val);
- break;
- case AC97_Record_Select:
- record_select (s, val);
- break;
- case AC97_Vendor_ID1:
- case AC97_Vendor_ID2:
- dolog ("Attempt to write vendor ID to %#x\n", val);
- break;
- case AC97_Extended_Audio_ID:
- dolog ("Attempt to write extended audio ID to %#x\n", val);
- break;
- case AC97_Extended_Audio_Ctrl_Stat:
- if (!(val & EACS_VRA)) {
- mixer_store (s, AC97_PCM_Front_DAC_Rate, 0xbb80);
- mixer_store (s, AC97_PCM_LR_ADC_Rate, 0xbb80);
- open_voice (s, PI_INDEX, 48000);
- open_voice (s, PO_INDEX, 48000);
- }
- if (!(val & EACS_VRM)) {
- mixer_store (s, AC97_MIC_ADC_Rate, 0xbb80);
- open_voice (s, MC_INDEX, 48000);
- }
- dolog ("Setting extended audio control to %#x\n", val);
- mixer_store (s, AC97_Extended_Audio_Ctrl_Stat, val);
- break;
- case AC97_PCM_Front_DAC_Rate:
- if (mixer_load (s, AC97_Extended_Audio_Ctrl_Stat) & EACS_VRA) {
- mixer_store (s, index, val);
- dolog ("Set front DAC rate to %d\n", val);
- open_voice (s, PO_INDEX, val);
- }
- else {
- dolog ("Attempt to set front DAC rate to %d, "
- "but VRA is not set\n",
- val);
- }
- break;
- case AC97_MIC_ADC_Rate:
- if (mixer_load (s, AC97_Extended_Audio_Ctrl_Stat) & EACS_VRM) {
- mixer_store (s, index, val);
- dolog ("Set MIC ADC rate to %d\n", val);
- open_voice (s, MC_INDEX, val);
- }
- else {
- dolog ("Attempt to set MIC ADC rate to %d, "
- "but VRM is not set\n",
- val);
- }
- break;
- case AC97_PCM_LR_ADC_Rate:
- if (mixer_load (s, AC97_Extended_Audio_Ctrl_Stat) & EACS_VRA) {
- mixer_store (s, index, val);
- dolog ("Set front LR ADC rate to %d\n", val);
- open_voice (s, PI_INDEX, val);
- }
- else {
- dolog ("Attempt to set LR ADC rate to %d, but VRA is not set\n",
- val);
- }
- break;
- case AC97_Headphone_Volume_Mute:
- case AC97_Master_Volume_Mono_Mute:
- case AC97_Master_Tone_RL:
- case AC97_PC_BEEP_Volume_Mute:
- case AC97_Phone_Volume_Mute:
- case AC97_Mic_Volume_Mute:
- case AC97_Line_In_Volume_Mute:
- case AC97_CD_Volume_Mute:
- case AC97_Video_Volume_Mute:
- case AC97_Aux_Volume_Mute:
- case AC97_Record_Gain_Mic_Mute:
- case AC97_General_Purpose:
- case AC97_3D_Control:
- case AC97_Sigmatel_Analog:
- case AC97_Sigmatel_Dac2Invert:
- /* None of the features in these regs are emulated, so they are RO */
- break;
- default:
- dolog ("U nam writew %#x <- %#x\n", addr, val);
- mixer_store (s, index, val);
- break;
- }
-}
-
-static void nam_writel (void *opaque, uint32_t addr, uint32_t val)
-{
- AC97LinkState *s = opaque;
- dolog ("U nam writel %#x <- %#x\n", addr, val);
- s->cas = 0;
-}
-
-/**
- * Native audio bus master
- * I/O Reads
- */
-static uint32_t nabm_readb (void *opaque, uint32_t addr)
-{
- AC97LinkState *s = opaque;
- AC97BusMasterRegs *r = NULL;
- uint32_t index = addr;
- uint32_t val = ~0U;
-
- switch (index) {
- case CAS:
- dolog ("CAS %d\n", s->cas);
- val = s->cas;
- s->cas = 1;
- break;
- case PI_CIV:
- case PO_CIV:
- case MC_CIV:
- r = &s->bm_regs[GET_BM (index)];
- val = r->civ;
- dolog ("CIV[%d] -> %#x\n", GET_BM (index), val);
- break;
- case PI_LVI:
- case PO_LVI:
- case MC_LVI:
- r = &s->bm_regs[GET_BM (index)];
- val = r->lvi;
- dolog ("LVI[%d] -> %#x\n", GET_BM (index), val);
- break;
- case PI_PIV:
- case PO_PIV:
- case MC_PIV:
- r = &s->bm_regs[GET_BM (index)];
- val = r->piv;
- dolog ("PIV[%d] -> %#x\n", GET_BM (index), val);
- break;
- case PI_CR:
- case PO_CR:
- case MC_CR:
- r = &s->bm_regs[GET_BM (index)];
- val = r->cr;
- dolog ("CR[%d] -> %#x\n", GET_BM (index), val);
- break;
- case PI_SR:
- case PO_SR:
- case MC_SR:
- r = &s->bm_regs[GET_BM (index)];
- val = r->sr & 0xff;
- dolog ("SRb[%d] -> %#x\n", GET_BM (index), val);
- break;
- default:
- dolog ("U nabm readb %#x -> %#x\n", addr, val);
- break;
- }
- return val;
-}
-
-static uint32_t nabm_readw (void *opaque, uint32_t addr)
-{
- AC97LinkState *s = opaque;
- AC97BusMasterRegs *r = NULL;
- uint32_t index = addr;
- uint32_t val = ~0U;
-
- switch (index) {
- case PI_SR:
- case PO_SR:
- case MC_SR:
- r = &s->bm_regs[GET_BM (index)];
- val = r->sr;
- dolog ("SR[%d] -> %#x\n", GET_BM (index), val);
- break;
- case PI_PICB:
- case PO_PICB:
- case MC_PICB:
- r = &s->bm_regs[GET_BM (index)];
- val = r->picb;
- dolog ("PICB[%d] -> %#x\n", GET_BM (index), val);
- break;
- default:
- dolog ("U nabm readw %#x -> %#x\n", addr, val);
- break;
- }
- return val;
-}
-
-static uint32_t nabm_readl (void *opaque, uint32_t addr)
-{
- AC97LinkState *s = opaque;
- AC97BusMasterRegs *r = NULL;
- uint32_t index = addr;
- uint32_t val = ~0U;
-
- switch (index) {
- case PI_BDBAR:
- case PO_BDBAR:
- case MC_BDBAR:
- r = &s->bm_regs[GET_BM (index)];
- val = r->bdbar;
- dolog ("BMADDR[%d] -> %#x\n", GET_BM (index), val);
- break;
- case PI_CIV:
- case PO_CIV:
- case MC_CIV:
- r = &s->bm_regs[GET_BM (index)];
- val = r->civ | (r->lvi << 8) | (r->sr << 16);
- dolog ("CIV LVI SR[%d] -> %#x, %#x, %#x\n", GET_BM (index),
- r->civ, r->lvi, r->sr);
- break;
- case PI_PICB:
- case PO_PICB:
- case MC_PICB:
- r = &s->bm_regs[GET_BM (index)];
- val = r->picb | (r->piv << 16) | (r->cr << 24);
- dolog ("PICB PIV CR[%d] -> %#x %#x %#x %#x\n", GET_BM (index),
- val, r->picb, r->piv, r->cr);
- break;
- case GLOB_CNT:
- val = s->glob_cnt;
- dolog ("glob_cnt -> %#x\n", val);
- break;
- case GLOB_STA:
- val = s->glob_sta | GS_S0CR;
- dolog ("glob_sta -> %#x\n", val);
- break;
- default:
- dolog ("U nabm readl %#x -> %#x\n", addr, val);
- break;
- }
- return val;
-}
-
-/**
- * Native audio bus master
- * I/O Writes
- */
-static void nabm_writeb (void *opaque, uint32_t addr, uint32_t val)
-{
- AC97LinkState *s = opaque;
- AC97BusMasterRegs *r = NULL;
- uint32_t index = addr;
- switch (index) {
- case PI_LVI:
- case PO_LVI:
- case MC_LVI:
- r = &s->bm_regs[GET_BM (index)];
- if ((r->cr & CR_RPBM) && (r->sr & SR_DCH)) {
- r->sr &= ~(SR_DCH | SR_CELV);
- r->civ = r->piv;
- r->piv = (r->piv + 1) % 32;
- fetch_bd (s, r);
- }
- r->lvi = val % 32;
- dolog ("LVI[%d] <- %#x\n", GET_BM (index), val);
- break;
- case PI_CR:
- case PO_CR:
- case MC_CR:
- r = &s->bm_regs[GET_BM (index)];
- if (val & CR_RR) {
- reset_bm_regs (s, r);
- }
- else {
- r->cr = val & CR_VALID_MASK;
- if (!(r->cr & CR_RPBM)) {
- voice_set_active (s, r - s->bm_regs, 0);
- r->sr |= SR_DCH;
- }
- else {
- r->civ = r->piv;
- r->piv = (r->piv + 1) % 32;
- fetch_bd (s, r);
- r->sr &= ~SR_DCH;
- voice_set_active (s, r - s->bm_regs, 1);
- }
- }
- dolog ("CR[%d] <- %#x (cr %#x)\n", GET_BM (index), val, r->cr);
- break;
- case PI_SR:
- case PO_SR:
- case MC_SR:
- r = &s->bm_regs[GET_BM (index)];
- r->sr |= val & ~(SR_RO_MASK | SR_WCLEAR_MASK);
- update_sr (s, r, r->sr & ~(val & SR_WCLEAR_MASK));
- dolog ("SR[%d] <- %#x (sr %#x)\n", GET_BM (index), val, r->sr);
- break;
- default:
- dolog ("U nabm writeb %#x <- %#x\n", addr, val);
- break;
- }
-}
-
-static void nabm_writew (void *opaque, uint32_t addr, uint32_t val)
-{
- AC97LinkState *s = opaque;
- AC97BusMasterRegs *r = NULL;
- uint32_t index = addr;
- switch (index) {
- case PI_SR:
- case PO_SR:
- case MC_SR:
- r = &s->bm_regs[GET_BM (index)];
- r->sr |= val & ~(SR_RO_MASK | SR_WCLEAR_MASK);
- update_sr (s, r, r->sr & ~(val & SR_WCLEAR_MASK));
- dolog ("SR[%d] <- %#x (sr %#x)\n", GET_BM (index), val, r->sr);
- break;
- default:
- dolog ("U nabm writew %#x <- %#x\n", addr, val);
- break;
- }
-}
-
-static void nabm_writel (void *opaque, uint32_t addr, uint32_t val)
-{
- AC97LinkState *s = opaque;
- AC97BusMasterRegs *r = NULL;
- uint32_t index = addr;
- switch (index) {
- case PI_BDBAR:
- case PO_BDBAR:
- case MC_BDBAR:
- r = &s->bm_regs[GET_BM (index)];
- r->bdbar = val & ~3;
- dolog ("BDBAR[%d] <- %#x (bdbar %#x)\n",
- GET_BM (index), val, r->bdbar);
- break;
- case GLOB_CNT:
- if (val & GC_WR)
- warm_reset (s);
- if (val & GC_CR)
- cold_reset (s);
- if (!(val & (GC_WR | GC_CR)))
- s->glob_cnt = val & GC_VALID_MASK;
- dolog ("glob_cnt <- %#x (glob_cnt %#x)\n", val, s->glob_cnt);
- break;
- case GLOB_STA:
- s->glob_sta &= ~(val & GS_WCLEAR_MASK);
- s->glob_sta |= (val & ~(GS_WCLEAR_MASK | GS_RO_MASK)) & GS_VALID_MASK;
- dolog ("glob_sta <- %#x (glob_sta %#x)\n", val, s->glob_sta);
- break;
- default:
- dolog ("U nabm writel %#x <- %#x\n", addr, val);
- break;
- }
-}
-
-static int write_audio (AC97LinkState *s, AC97BusMasterRegs *r,
- int max, int *stop)
-{
- uint8_t tmpbuf[4096];
- uint32_t addr = r->bd.addr;
- uint32_t temp = r->picb << 1;
- uint32_t written = 0;
- int to_copy = 0;
- temp = audio_MIN (temp, max);
-
- if (!temp) {
- *stop = 1;
- return 0;
- }
-
- while (temp) {
- int copied;
- to_copy = audio_MIN (temp, sizeof (tmpbuf));
- pci_dma_read (&s->dev, addr, tmpbuf, to_copy);
- copied = AUD_write (s->voice_po, tmpbuf, to_copy);
- dolog ("write_audio max=%x to_copy=%x copied=%x\n",
- max, to_copy, copied);
- if (!copied) {
- *stop = 1;
- break;
- }
- temp -= copied;
- addr += copied;
- written += copied;
- }
-
- if (!temp) {
- if (to_copy < 4) {
- dolog ("whoops\n");
- s->last_samp = 0;
- }
- else {
- s->last_samp = *(uint32_t *) &tmpbuf[to_copy - 4];
- }
- }
-
- r->bd.addr = addr;
- return written;
-}
-
-static void write_bup (AC97LinkState *s, int elapsed)
-{
- dolog ("write_bup\n");
- if (!(s->bup_flag & BUP_SET)) {
- if (s->bup_flag & BUP_LAST) {
- int i;
- uint8_t *p = s->silence;
- for (i = 0; i < sizeof (s->silence) / 4; i++, p += 4) {
- *(uint32_t *) p = s->last_samp;
- }
- }
- else {
- memset (s->silence, 0, sizeof (s->silence));
- }
- s->bup_flag |= BUP_SET;
- }
-
- while (elapsed) {
- int temp = audio_MIN (elapsed, sizeof (s->silence));
- while (temp) {
- int copied = AUD_write (s->voice_po, s->silence, temp);
- if (!copied)
- return;
- temp -= copied;
- elapsed -= copied;
- }
- }
-}
-
-static int read_audio (AC97LinkState *s, AC97BusMasterRegs *r,
- int max, int *stop)
-{
- uint8_t tmpbuf[4096];
- uint32_t addr = r->bd.addr;
- uint32_t temp = r->picb << 1;
- uint32_t nread = 0;
- int to_copy = 0;
- SWVoiceIn *voice = (r - s->bm_regs) == MC_INDEX ? s->voice_mc : s->voice_pi;
-
- temp = audio_MIN (temp, max);
-
- if (!temp) {
- *stop = 1;
- return 0;
- }
-
- while (temp) {
- int acquired;
- to_copy = audio_MIN (temp, sizeof (tmpbuf));
- acquired = AUD_read (voice, tmpbuf, to_copy);
- if (!acquired) {
- *stop = 1;
- break;
- }
- pci_dma_write (&s->dev, addr, tmpbuf, acquired);
- temp -= acquired;
- addr += acquired;
- nread += acquired;
- }
-
- r->bd.addr = addr;
- return nread;
-}
-
-static void transfer_audio (AC97LinkState *s, int index, int elapsed)
-{
- AC97BusMasterRegs *r = &s->bm_regs[index];
- int stop = 0;
-
- if (s->invalid_freq[index]) {
- AUD_log ("ac97", "attempt to use voice %d with invalid frequency %d\n",
- index, s->invalid_freq[index]);
- return;
- }
-
- if (r->sr & SR_DCH) {
- if (r->cr & CR_RPBM) {
- switch (index) {
- case PO_INDEX:
- write_bup (s, elapsed);
- break;
- }
- }
- return;
- }
-
- while ((elapsed >> 1) && !stop) {
- int temp;
-
- if (!r->bd_valid) {
- dolog ("invalid bd\n");
- fetch_bd (s, r);
- }
-
- if (!r->picb) {
- dolog ("fresh bd %d is empty %#x %#x\n",
- r->civ, r->bd.addr, r->bd.ctl_len);
- if (r->civ == r->lvi) {
- r->sr |= SR_DCH; /* CELV? */
- s->bup_flag = 0;
- break;
- }
- r->sr &= ~SR_CELV;
- r->civ = r->piv;
- r->piv = (r->piv + 1) % 32;
- fetch_bd (s, r);
- return;
- }
-
- switch (index) {
- case PO_INDEX:
- temp = write_audio (s, r, elapsed, &stop);
- elapsed -= temp;
- r->picb -= (temp >> 1);
- break;
-
- case PI_INDEX:
- case MC_INDEX:
- temp = read_audio (s, r, elapsed, &stop);
- elapsed -= temp;
- r->picb -= (temp >> 1);
- break;
- }
-
- if (!r->picb) {
- uint32_t new_sr = r->sr & ~SR_CELV;
-
- if (r->bd.ctl_len & BD_IOC) {
- new_sr |= SR_BCIS;
- }
-
- if (r->civ == r->lvi) {
- dolog ("Underrun civ (%d) == lvi (%d)\n", r->civ, r->lvi);
-
- new_sr |= SR_LVBCI | SR_DCH | SR_CELV;
- stop = 1;
- s->bup_flag = (r->bd.ctl_len & BD_BUP) ? BUP_LAST : 0;
- }
- else {
- r->civ = r->piv;
- r->piv = (r->piv + 1) % 32;
- fetch_bd (s, r);
- }
-
- update_sr (s, r, new_sr);
- }
- }
-}
-
-static void pi_callback (void *opaque, int avail)
-{
- transfer_audio (opaque, PI_INDEX, avail);
-}
-
-static void mc_callback (void *opaque, int avail)
-{
- transfer_audio (opaque, MC_INDEX, avail);
-}
-
-static void po_callback (void *opaque, int free)
-{
- transfer_audio (opaque, PO_INDEX, free);
-}
-
-static const VMStateDescription vmstate_ac97_bm_regs = {
- .name = "ac97_bm_regs",
- .version_id = 1,
- .minimum_version_id = 1,
- .minimum_version_id_old = 1,
- .fields = (VMStateField []) {
- VMSTATE_UINT32 (bdbar, AC97BusMasterRegs),
- VMSTATE_UINT8 (civ, AC97BusMasterRegs),
- VMSTATE_UINT8 (lvi, AC97BusMasterRegs),
- VMSTATE_UINT16 (sr, AC97BusMasterRegs),
- VMSTATE_UINT16 (picb, AC97BusMasterRegs),
- VMSTATE_UINT8 (piv, AC97BusMasterRegs),
- VMSTATE_UINT8 (cr, AC97BusMasterRegs),
- VMSTATE_UINT32 (bd_valid, AC97BusMasterRegs),
- VMSTATE_UINT32 (bd.addr, AC97BusMasterRegs),
- VMSTATE_UINT32 (bd.ctl_len, AC97BusMasterRegs),
- VMSTATE_END_OF_LIST ()
- }
-};
-
-static int ac97_post_load (void *opaque, int version_id)
-{
- uint8_t active[LAST_INDEX];
- AC97LinkState *s = opaque;
-
- record_select (s, mixer_load (s, AC97_Record_Select));
- set_volume (s, AC97_Master_Volume_Mute,
- mixer_load (s, AC97_Master_Volume_Mute));
- set_volume (s, AC97_PCM_Out_Volume_Mute,
- mixer_load (s, AC97_PCM_Out_Volume_Mute));
- set_volume (s, AC97_Record_Gain_Mute,
- mixer_load (s, AC97_Record_Gain_Mute));
-
- active[PI_INDEX] = !!(s->bm_regs[PI_INDEX].cr & CR_RPBM);
- active[PO_INDEX] = !!(s->bm_regs[PO_INDEX].cr & CR_RPBM);
- active[MC_INDEX] = !!(s->bm_regs[MC_INDEX].cr & CR_RPBM);
- reset_voices (s, active);
-
- s->bup_flag = 0;
- s->last_samp = 0;
- return 0;
-}
-
-static bool is_version_2 (void *opaque, int version_id)
-{
- return version_id == 2;
-}
-
-static const VMStateDescription vmstate_ac97 = {
- .name = "ac97",
- .version_id = 3,
- .minimum_version_id = 2,
- .minimum_version_id_old = 2,
- .post_load = ac97_post_load,
- .fields = (VMStateField []) {
- VMSTATE_PCI_DEVICE (dev, AC97LinkState),
- VMSTATE_UINT32 (glob_cnt, AC97LinkState),
- VMSTATE_UINT32 (glob_sta, AC97LinkState),
- VMSTATE_UINT32 (cas, AC97LinkState),
- VMSTATE_STRUCT_ARRAY (bm_regs, AC97LinkState, 3, 1,
- vmstate_ac97_bm_regs, AC97BusMasterRegs),
- VMSTATE_BUFFER (mixer_data, AC97LinkState),
- VMSTATE_UNUSED_TEST (is_version_2, 3),
- VMSTATE_END_OF_LIST ()
- }
-};
-
-static uint64_t nam_read(void *opaque, hwaddr addr, unsigned size)
-{
- if ((addr / size) > 256) {
- return -1;
- }
-
- switch (size) {
- case 1:
- return nam_readb(opaque, addr);
- case 2:
- return nam_readw(opaque, addr);
- case 4:
- return nam_readl(opaque, addr);
- default:
- return -1;
- }
-}
-
-static void nam_write(void *opaque, hwaddr addr, uint64_t val,
- unsigned size)
-{
- if ((addr / size) > 256) {
- return;
- }
-
- switch (size) {
- case 1:
- nam_writeb(opaque, addr, val);
- break;
- case 2:
- nam_writew(opaque, addr, val);
- break;
- case 4:
- nam_writel(opaque, addr, val);
- break;
- }
-}
-
-static const MemoryRegionOps ac97_io_nam_ops = {
- .read = nam_read,
- .write = nam_write,
- .impl = {
- .min_access_size = 1,
- .max_access_size = 4,
- },
- .endianness = DEVICE_LITTLE_ENDIAN,
-};
-
-static uint64_t nabm_read(void *opaque, hwaddr addr, unsigned size)
-{
- if ((addr / size) > 64) {
- return -1;
- }
-
- switch (size) {
- case 1:
- return nabm_readb(opaque, addr);
- case 2:
- return nabm_readw(opaque, addr);
- case 4:
- return nabm_readl(opaque, addr);
- default:
- return -1;
- }
-}
-
-static void nabm_write(void *opaque, hwaddr addr, uint64_t val,
- unsigned size)
-{
- if ((addr / size) > 64) {
- return;
- }
-
- switch (size) {
- case 1:
- nabm_writeb(opaque, addr, val);
- break;
- case 2:
- nabm_writew(opaque, addr, val);
- break;
- case 4:
- nabm_writel(opaque, addr, val);
- break;
- }
-}
-
-
-static const MemoryRegionOps ac97_io_nabm_ops = {
- .read = nabm_read,
- .write = nabm_write,
- .impl = {
- .min_access_size = 1,
- .max_access_size = 4,
- },
- .endianness = DEVICE_LITTLE_ENDIAN,
-};
-
-static void ac97_on_reset (void *opaque)
-{
- AC97LinkState *s = opaque;
-
- reset_bm_regs (s, &s->bm_regs[0]);
- reset_bm_regs (s, &s->bm_regs[1]);
- reset_bm_regs (s, &s->bm_regs[2]);
-
- /*
- * Reset the mixer too. The Windows XP driver seems to rely on
- * this. At least it wants to read the vendor id before it resets
- * the codec manually.
- */
- mixer_reset (s);
-}
-
-static int ac97_initfn (PCIDevice *dev)
-{
- AC97LinkState *s = DO_UPCAST (AC97LinkState, dev, dev);
- uint8_t *c = s->dev.config;
-
- /* TODO: no need to override */
- c[PCI_COMMAND] = 0x00; /* pcicmd pci command rw, ro */
- c[PCI_COMMAND + 1] = 0x00;
-
- /* TODO: */
- c[PCI_STATUS] = PCI_STATUS_FAST_BACK; /* pcists pci status rwc, ro */
- c[PCI_STATUS + 1] = PCI_STATUS_DEVSEL_MEDIUM >> 8;
-
- c[PCI_CLASS_PROG] = 0x00; /* pi programming interface ro */
-
- /* TODO set when bar is registered. no need to override. */
- /* nabmar native audio mixer base address rw */
- c[PCI_BASE_ADDRESS_0] = PCI_BASE_ADDRESS_SPACE_IO;
- c[PCI_BASE_ADDRESS_0 + 1] = 0x00;
- c[PCI_BASE_ADDRESS_0 + 2] = 0x00;
- c[PCI_BASE_ADDRESS_0 + 3] = 0x00;
-
- /* TODO set when bar is registered. no need to override. */
- /* nabmbar native audio bus mastering base address rw */
- c[PCI_BASE_ADDRESS_0 + 4] = PCI_BASE_ADDRESS_SPACE_IO;
- c[PCI_BASE_ADDRESS_0 + 5] = 0x00;
- c[PCI_BASE_ADDRESS_0 + 6] = 0x00;
- c[PCI_BASE_ADDRESS_0 + 7] = 0x00;
-
- if (s->use_broken_id) {
- c[PCI_SUBSYSTEM_VENDOR_ID] = 0x86;
- c[PCI_SUBSYSTEM_VENDOR_ID + 1] = 0x80;
- c[PCI_SUBSYSTEM_ID] = 0x00;
- c[PCI_SUBSYSTEM_ID + 1] = 0x00;
- }
-
- c[PCI_INTERRUPT_LINE] = 0x00; /* intr_ln interrupt line rw */
- c[PCI_INTERRUPT_PIN] = 0x01; /* intr_pn interrupt pin ro */
-
- memory_region_init_io (&s->io_nam, &ac97_io_nam_ops, s, "ac97-nam", 1024);
- memory_region_init_io (&s->io_nabm, &ac97_io_nabm_ops, s, "ac97-nabm", 256);
- pci_register_bar (&s->dev, 0, PCI_BASE_ADDRESS_SPACE_IO, &s->io_nam);
- pci_register_bar (&s->dev, 1, PCI_BASE_ADDRESS_SPACE_IO, &s->io_nabm);
- qemu_register_reset (ac97_on_reset, s);
- AUD_register_card ("ac97", &s->card);
- ac97_on_reset (s);
- return 0;
-}
-
-static void ac97_exitfn (PCIDevice *dev)
-{
- AC97LinkState *s = DO_UPCAST (AC97LinkState, dev, dev);
-
- memory_region_destroy (&s->io_nam);
- memory_region_destroy (&s->io_nabm);
-}
-
-int ac97_init (PCIBus *bus)
-{
- pci_create_simple (bus, -1, "AC97");
- return 0;
-}
-
-static Property ac97_properties[] = {
- DEFINE_PROP_UINT32 ("use_broken_id", AC97LinkState, use_broken_id, 0),
- DEFINE_PROP_END_OF_LIST (),
-};
-
-static void ac97_class_init (ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS (klass);
- PCIDeviceClass *k = PCI_DEVICE_CLASS (klass);
-
- k->init = ac97_initfn;
- k->exit = ac97_exitfn;
- k->vendor_id = PCI_VENDOR_ID_INTEL;
- k->device_id = PCI_DEVICE_ID_INTEL_82801AA_5;
- k->revision = 0x01;
- k->class_id = PCI_CLASS_MULTIMEDIA_AUDIO;
- dc->desc = "Intel 82801AA AC97 Audio";
- dc->vmsd = &vmstate_ac97;
- dc->props = ac97_properties;
-}
-
-static TypeInfo ac97_info = {
- .name = "AC97",
- .parent = TYPE_PCI_DEVICE,
- .instance_size = sizeof (AC97LinkState),
- .class_init = ac97_class_init,
-};
-
-static void ac97_register_types (void)
-{
- type_register_static (&ac97_info);
-}
-
-type_init (ac97_register_types)
diff --git a/hw/acpi.c b/hw/acpi.c
deleted file mode 100644
index f4aca493f..000000000
--- a/hw/acpi.c
+++ /dev/null
@@ -1,470 +0,0 @@
-/*
- * ACPI implementation
- *
- * Copyright (c) 2006 Fabrice Bellard
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License version 2 as published by the Free Software Foundation.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, see <http://www.gnu.org/licenses/>
- *
- * Contributions after 2012-01-13 are licensed under the terms of the
- * GNU GPL, version 2 or (at your option) any later version.
- */
-#include "sysemu.h"
-#include "hw.h"
-#include "pc.h"
-#include "acpi.h"
-#include "monitor.h"
-
-struct acpi_table_header {
- uint16_t _length; /* our length, not actual part of the hdr */
- /* XXX why we have 2 length fields here? */
- char sig[4]; /* ACPI signature (4 ASCII characters) */
- uint32_t length; /* Length of table, in bytes, including header */
- uint8_t revision; /* ACPI Specification minor version # */
- uint8_t checksum; /* To make sum of entire table == 0 */
- char oem_id[6]; /* OEM identification */
- char oem_table_id[8]; /* OEM table identification */
- uint32_t oem_revision; /* OEM revision number */
- char asl_compiler_id[4]; /* ASL compiler vendor ID */
- uint32_t asl_compiler_revision; /* ASL compiler revision number */
-} QEMU_PACKED;
-
-#define ACPI_TABLE_HDR_SIZE sizeof(struct acpi_table_header)
-#define ACPI_TABLE_PFX_SIZE sizeof(uint16_t) /* size of the extra prefix */
-
-static const char dfl_hdr[ACPI_TABLE_HDR_SIZE] =
- "\0\0" /* fake _length (2) */
- "QEMU\0\0\0\0\1\0" /* sig (4), len(4), revno (1), csum (1) */
- "QEMUQEQEMUQEMU\1\0\0\0" /* OEM id (6), table (8), revno (4) */
- "QEMU\1\0\0\0" /* ASL compiler ID (4), version (4) */
- ;
-
-char *acpi_tables;
-size_t acpi_tables_len;
-
-static int acpi_checksum(const uint8_t *data, int len)
-{
- int sum, i;
- sum = 0;
- for (i = 0; i < len; i++) {
- sum += data[i];
- }
- return (-sum) & 0xff;
-}
-
-/* XXX fixme: this function uses obsolete argument parsing interface */
-int acpi_table_add(const char *t)
-{
- char buf[1024], *p, *f;
- unsigned long val;
- size_t len, start, allen;
- bool has_header;
- int changed;
- int r;
- struct acpi_table_header hdr;
-
- r = 0;
- r |= get_param_value(buf, sizeof(buf), "data", t) ? 1 : 0;
- r |= get_param_value(buf, sizeof(buf), "file", t) ? 2 : 0;
- switch (r) {
- case 0:
- buf[0] = '\0';
- /* fallthrough for default behavior */
- case 1:
- has_header = false;
- break;
- case 2:
- has_header = true;
- break;
- default:
- fprintf(stderr, "acpitable: both data and file are specified\n");
- return -1;
- }
-
- if (!acpi_tables) {
- allen = sizeof(uint16_t);
- acpi_tables = g_malloc0(allen);
- } else {
- allen = acpi_tables_len;
- }
-
- start = allen;
- acpi_tables = g_realloc(acpi_tables, start + ACPI_TABLE_HDR_SIZE);
- allen += has_header ? ACPI_TABLE_PFX_SIZE : ACPI_TABLE_HDR_SIZE;
-
- /* now read in the data files, reallocating buffer as needed */
-
- for (f = strtok(buf, ":"); f; f = strtok(NULL, ":")) {
- int fd = open(f, O_RDONLY);
-
- if (fd < 0) {
- fprintf(stderr, "can't open file %s: %s\n", f, strerror(errno));
- return -1;
- }
-
- for (;;) {
- char data[8192];
- r = read(fd, data, sizeof(data));
- if (r == 0) {
- break;
- } else if (r > 0) {
- acpi_tables = g_realloc(acpi_tables, allen + r);
- memcpy(acpi_tables + allen, data, r);
- allen += r;
- } else if (errno != EINTR) {
- fprintf(stderr, "can't read file %s: %s\n",
- f, strerror(errno));
- close(fd);
- return -1;
- }
- }
-
- close(fd);
- }
-
- /* now fill in the header fields */
-
- f = acpi_tables + start; /* start of the table */
- changed = 0;
-
- /* copy the header to temp place to align the fields */
- memcpy(&hdr, has_header ? f : dfl_hdr, ACPI_TABLE_HDR_SIZE);
-
- /* length of the table minus our prefix */
- len = allen - start - ACPI_TABLE_PFX_SIZE;
-
- hdr._length = cpu_to_le16(len);
-
- if (get_param_value(buf, sizeof(buf), "sig", t)) {
- /* strncpy is justified: the field need not be NUL-terminated. */
- strncpy(hdr.sig, buf, sizeof(hdr.sig));
- ++changed;
- }
-
- /* length of the table including header, in bytes */
- if (has_header) {
- /* check if actual length is correct */
- val = le32_to_cpu(hdr.length);
- if (val != len) {
- fprintf(stderr,
- "warning: acpitable has wrong length,"
- " header says %lu, actual size %zu bytes\n",
- val, len);
- ++changed;
- }
- }
- /* we may avoid putting length here if has_header is true */
- hdr.length = cpu_to_le32(len);
-
- if (get_param_value(buf, sizeof(buf), "rev", t)) {
- val = strtoul(buf, &p, 0);
- if (val > 255 || *p) {
- fprintf(stderr, "acpitable: \"rev=%s\" is invalid\n", buf);
- return -1;
- }
- hdr.revision = (uint8_t)val;
- ++changed;
- }
-
- if (get_param_value(buf, sizeof(buf), "oem_id", t)) {
- /* strncpy is justified: the field need not be NUL-terminated. */
- strncpy(hdr.oem_id, buf, sizeof(hdr.oem_id));
- ++changed;
- }
-
- if (get_param_value(buf, sizeof(buf), "oem_table_id", t)) {
- /* strncpy is justified: the field need not be NUL-terminated. */
- strncpy(hdr.oem_table_id, buf, sizeof(hdr.oem_table_id));
- ++changed;
- }
-
- if (get_param_value(buf, sizeof(buf), "oem_rev", t)) {
- val = strtol(buf, &p, 0);
- if (*p) {
- fprintf(stderr, "acpitable: \"oem_rev=%s\" is invalid\n", buf);
- return -1;
- }
- hdr.oem_revision = cpu_to_le32(val);
- ++changed;
- }
-
- if (get_param_value(buf, sizeof(buf), "asl_compiler_id", t)) {
- /* strncpy is justified: the field need not be NUL-terminated. */
- strncpy(hdr.asl_compiler_id, buf, sizeof(hdr.asl_compiler_id));
- ++changed;
- }
-
- if (get_param_value(buf, sizeof(buf), "asl_compiler_rev", t)) {
- val = strtol(buf, &p, 0);
- if (*p) {
- fprintf(stderr, "acpitable: \"%s=%s\" is invalid\n",
- "asl_compiler_rev", buf);
- return -1;
- }
- hdr.asl_compiler_revision = cpu_to_le32(val);
- ++changed;
- }
-
- if (!has_header && !changed) {
- fprintf(stderr, "warning: acpitable: no table headers are specified\n");
- }
-
-
- /* now calculate checksum of the table, complete with the header */
- /* we may as well leave checksum intact if has_header is true */
- /* alternatively there may be a way to set cksum to a given value */
- hdr.checksum = 0; /* for checksum calculation */
-
- /* put header back */
- memcpy(f, &hdr, sizeof(hdr));
-
- if (changed || !has_header || 1) {
- ((struct acpi_table_header *)f)->checksum =
- acpi_checksum((uint8_t *)f + ACPI_TABLE_PFX_SIZE, len);
- }
-
- /* increase number of tables */
- (*(uint16_t *)acpi_tables) =
- cpu_to_le32(le32_to_cpu(*(uint16_t *)acpi_tables) + 1);
-
- acpi_tables_len = allen;
- return 0;
-
-}
-
-static void acpi_notify_wakeup(Notifier *notifier, void *data)
-{
- ACPIREGS *ar = container_of(notifier, ACPIREGS, wakeup);
- WakeupReason *reason = data;
-
- switch (*reason) {
- case QEMU_WAKEUP_REASON_RTC:
- ar->pm1.evt.sts |=
- (ACPI_BITMASK_WAKE_STATUS | ACPI_BITMASK_RT_CLOCK_STATUS);
- break;
- case QEMU_WAKEUP_REASON_PMTIMER:
- ar->pm1.evt.sts |=
- (ACPI_BITMASK_WAKE_STATUS | ACPI_BITMASK_TIMER_STATUS);
- break;
- case QEMU_WAKEUP_REASON_OTHER:
- default:
- /* ACPI_BITMASK_WAKE_STATUS should be set on resume.
- Pretend that resume was caused by power button */
- ar->pm1.evt.sts |=
- (ACPI_BITMASK_WAKE_STATUS | ACPI_BITMASK_POWER_BUTTON_STATUS);
- break;
- }
-}
-
-/* ACPI PM1a EVT */
-uint16_t acpi_pm1_evt_get_sts(ACPIREGS *ar)
-{
- int64_t d = acpi_pm_tmr_get_clock();
- if (d >= ar->tmr.overflow_time) {
- ar->pm1.evt.sts |= ACPI_BITMASK_TIMER_STATUS;
- }
- return ar->pm1.evt.sts;
-}
-
-void acpi_pm1_evt_write_sts(ACPIREGS *ar, uint16_t val)
-{
- uint16_t pm1_sts = acpi_pm1_evt_get_sts(ar);
- if (pm1_sts & val & ACPI_BITMASK_TIMER_STATUS) {
- /* if TMRSTS is reset, then compute the new overflow time */
- acpi_pm_tmr_calc_overflow_time(ar);
- }
- ar->pm1.evt.sts &= ~val;
-}
-
-void acpi_pm1_evt_write_en(ACPIREGS *ar, uint16_t val)
-{
- ar->pm1.evt.en = val;
- qemu_system_wakeup_enable(QEMU_WAKEUP_REASON_RTC,
- val & ACPI_BITMASK_RT_CLOCK_ENABLE);
- qemu_system_wakeup_enable(QEMU_WAKEUP_REASON_PMTIMER,
- val & ACPI_BITMASK_TIMER_ENABLE);
-}
-
-void acpi_pm1_evt_power_down(ACPIREGS *ar)
-{
- if (ar->pm1.evt.en & ACPI_BITMASK_POWER_BUTTON_ENABLE) {
- ar->pm1.evt.sts |= ACPI_BITMASK_POWER_BUTTON_STATUS;
- ar->tmr.update_sci(ar);
- }
-}
-
-void acpi_pm1_evt_reset(ACPIREGS *ar)
-{
- ar->pm1.evt.sts = 0;
- ar->pm1.evt.en = 0;
- qemu_system_wakeup_enable(QEMU_WAKEUP_REASON_RTC, 0);
- qemu_system_wakeup_enable(QEMU_WAKEUP_REASON_PMTIMER, 0);
-}
-
-/* ACPI PM_TMR */
-void acpi_pm_tmr_update(ACPIREGS *ar, bool enable)
-{
- int64_t expire_time;
-
- /* schedule a timer interruption if needed */
- if (enable) {
- expire_time = muldiv64(ar->tmr.overflow_time, get_ticks_per_sec(),
- PM_TIMER_FREQUENCY);
- qemu_mod_timer(ar->tmr.timer, expire_time);
- } else {
- qemu_del_timer(ar->tmr.timer);
- }
-}
-
-void acpi_pm_tmr_calc_overflow_time(ACPIREGS *ar)
-{
- int64_t d = acpi_pm_tmr_get_clock();
- ar->tmr.overflow_time = (d + 0x800000LL) & ~0x7fffffLL;
-}
-
-uint32_t acpi_pm_tmr_get(ACPIREGS *ar)
-{
- uint32_t d = acpi_pm_tmr_get_clock();
- return d & 0xffffff;
-}
-
-static void acpi_pm_tmr_timer(void *opaque)
-{
- ACPIREGS *ar = opaque;
- qemu_system_wakeup_request(QEMU_WAKEUP_REASON_PMTIMER);
- ar->tmr.update_sci(ar);
-}
-
-void acpi_pm_tmr_init(ACPIREGS *ar, acpi_update_sci_fn update_sci)
-{
- ar->tmr.update_sci = update_sci;
- ar->tmr.timer = qemu_new_timer_ns(vm_clock, acpi_pm_tmr_timer, ar);
-}
-
-void acpi_pm_tmr_reset(ACPIREGS *ar)
-{
- ar->tmr.overflow_time = 0;
- qemu_del_timer(ar->tmr.timer);
-}
-
-/* ACPI PM1aCNT */
-void acpi_pm1_cnt_init(ACPIREGS *ar)
-{
- ar->wakeup.notify = acpi_notify_wakeup;
- qemu_register_wakeup_notifier(&ar->wakeup);
-}
-
-void acpi_pm1_cnt_write(ACPIREGS *ar, uint16_t val, char s4)
-{
- ar->pm1.cnt.cnt = val & ~(ACPI_BITMASK_SLEEP_ENABLE);
-
- if (val & ACPI_BITMASK_SLEEP_ENABLE) {
- /* change suspend type */
- uint16_t sus_typ = (val >> 10) & 7;
- switch(sus_typ) {
- case 0: /* soft power off */
- qemu_system_shutdown_request();
- break;
- case 1:
- qemu_system_suspend_request();
- break;
- default:
- if (sus_typ == s4) { /* S4 request */
- monitor_protocol_event(QEVENT_SUSPEND_DISK, NULL);
- qemu_system_shutdown_request();
- }
- break;
- }
- }
-}
-
-void acpi_pm1_cnt_update(ACPIREGS *ar,
- bool sci_enable, bool sci_disable)
-{
- /* ACPI specs 3.0, 4.7.2.5 */
- if (sci_enable) {
- ar->pm1.cnt.cnt |= ACPI_BITMASK_SCI_ENABLE;
- } else if (sci_disable) {
- ar->pm1.cnt.cnt &= ~ACPI_BITMASK_SCI_ENABLE;
- }
-}
-
-void acpi_pm1_cnt_reset(ACPIREGS *ar)
-{
- ar->pm1.cnt.cnt = 0;
-}
-
-/* ACPI GPE */
-void acpi_gpe_init(ACPIREGS *ar, uint8_t len)
-{
- ar->gpe.len = len;
- ar->gpe.sts = g_malloc0(len / 2);
- ar->gpe.en = g_malloc0(len / 2);
-}
-
-void acpi_gpe_blk(ACPIREGS *ar, uint32_t blk)
-{
- ar->gpe.blk = blk;
-}
-
-void acpi_gpe_reset(ACPIREGS *ar)
-{
- memset(ar->gpe.sts, 0, ar->gpe.len / 2);
- memset(ar->gpe.en, 0, ar->gpe.len / 2);
-}
-
-static uint8_t *acpi_gpe_ioport_get_ptr(ACPIREGS *ar, uint32_t addr)
-{
- uint8_t *cur = NULL;
-
- if (addr < ar->gpe.len / 2) {
- cur = ar->gpe.sts + addr;
- } else if (addr < ar->gpe.len) {
- cur = ar->gpe.en + addr - ar->gpe.len / 2;
- } else {
- abort();
- }
-
- return cur;
-}
-
-void acpi_gpe_ioport_writeb(ACPIREGS *ar, uint32_t addr, uint32_t val)
-{
- uint8_t *cur;
-
- addr -= ar->gpe.blk;
- cur = acpi_gpe_ioport_get_ptr(ar, addr);
- if (addr < ar->gpe.len / 2) {
- /* GPE_STS */
- *cur = (*cur) & ~val;
- } else if (addr < ar->gpe.len) {
- /* GPE_EN */
- *cur = val;
- } else {
- abort();
- }
-}
-
-uint32_t acpi_gpe_ioport_readb(ACPIREGS *ar, uint32_t addr)
-{
- uint8_t *cur;
- uint32_t val;
-
- addr -= ar->gpe.blk;
- cur = acpi_gpe_ioport_get_ptr(ar, addr);
- val = 0;
- if (cur != NULL) {
- val = *cur;
- }
-
- return val;
-}
diff --git a/hw/acpi.h b/hw/acpi.h
deleted file mode 100644
index 7337f4185..000000000
--- a/hw/acpi.h
+++ /dev/null
@@ -1,155 +0,0 @@
-#ifndef QEMU_HW_ACPI_H
-#define QEMU_HW_ACPI_H
-/*
- * Copyright (c) 2009 Isaku Yamahata <yamahata at valinux co jp>
- * VA Linux Systems Japan K.K.
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, see
- * <http://www.gnu.org/licenses/>.
- */
-
-/* from linux include/acpi/actype.h */
-/* Default ACPI register widths */
-
-#define ACPI_GPE_REGISTER_WIDTH 8
-#define ACPI_PM1_REGISTER_WIDTH 16
-#define ACPI_PM2_REGISTER_WIDTH 8
-#define ACPI_PM_TIMER_WIDTH 32
-
-/* PM Timer ticks per second (HZ) */
-#define PM_TIMER_FREQUENCY 3579545
-
-
-/* ACPI fixed hardware registers */
-
-/* from linux/drivers/acpi/acpica/aclocal.h */
-/* Masks used to access the bit_registers */
-
-/* PM1x_STS */
-#define ACPI_BITMASK_TIMER_STATUS 0x0001
-#define ACPI_BITMASK_BUS_MASTER_STATUS 0x0010
-#define ACPI_BITMASK_GLOBAL_LOCK_STATUS 0x0020
-#define ACPI_BITMASK_POWER_BUTTON_STATUS 0x0100
-#define ACPI_BITMASK_SLEEP_BUTTON_STATUS 0x0200
-#define ACPI_BITMASK_RT_CLOCK_STATUS 0x0400
-#define ACPI_BITMASK_PCIEXP_WAKE_STATUS 0x4000 /* ACPI 3.0 */
-#define ACPI_BITMASK_WAKE_STATUS 0x8000
-
-#define ACPI_BITMASK_ALL_FIXED_STATUS (\
- ACPI_BITMASK_TIMER_STATUS | \
- ACPI_BITMASK_BUS_MASTER_STATUS | \
- ACPI_BITMASK_GLOBAL_LOCK_STATUS | \
- ACPI_BITMASK_POWER_BUTTON_STATUS | \
- ACPI_BITMASK_SLEEP_BUTTON_STATUS | \
- ACPI_BITMASK_RT_CLOCK_STATUS | \
- ACPI_BITMASK_WAKE_STATUS)
-
-/* PM1x_EN */
-#define ACPI_BITMASK_TIMER_ENABLE 0x0001
-#define ACPI_BITMASK_GLOBAL_LOCK_ENABLE 0x0020
-#define ACPI_BITMASK_POWER_BUTTON_ENABLE 0x0100
-#define ACPI_BITMASK_SLEEP_BUTTON_ENABLE 0x0200
-#define ACPI_BITMASK_RT_CLOCK_ENABLE 0x0400
-#define ACPI_BITMASK_PCIEXP_WAKE_DISABLE 0x4000 /* ACPI 3.0 */
-
-/* PM1x_CNT */
-#define ACPI_BITMASK_SCI_ENABLE 0x0001
-#define ACPI_BITMASK_BUS_MASTER_RLD 0x0002
-#define ACPI_BITMASK_GLOBAL_LOCK_RELEASE 0x0004
-#define ACPI_BITMASK_SLEEP_TYPE 0x1C00
-#define ACPI_BITMASK_SLEEP_ENABLE 0x2000
-
-/* PM2_CNT */
-#define ACPI_BITMASK_ARB_DISABLE 0x0001
-
-/* structs */
-typedef struct ACPIPMTimer ACPIPMTimer;
-typedef struct ACPIPM1EVT ACPIPM1EVT;
-typedef struct ACPIPM1CNT ACPIPM1CNT;
-typedef struct ACPIGPE ACPIGPE;
-typedef struct ACPIREGS ACPIREGS;
-
-typedef void (*acpi_update_sci_fn)(ACPIREGS *ar);
-
-struct ACPIPMTimer {
- QEMUTimer *timer;
- int64_t overflow_time;
-
- acpi_update_sci_fn update_sci;
-};
-
-struct ACPIPM1EVT {
- uint16_t sts;
- uint16_t en;
-};
-
-struct ACPIPM1CNT {
- uint16_t cnt;
-};
-
-struct ACPIGPE {
- uint32_t blk;
- uint8_t len;
-
- uint8_t *sts;
- uint8_t *en;
-};
-
-struct ACPIREGS {
- ACPIPMTimer tmr;
- ACPIGPE gpe;
- struct {
- ACPIPM1EVT evt;
- ACPIPM1CNT cnt;
- } pm1;
- Notifier wakeup;
-};
-
-/* PM_TMR */
-void acpi_pm_tmr_update(ACPIREGS *ar, bool enable);
-void acpi_pm_tmr_calc_overflow_time(ACPIREGS *ar);
-uint32_t acpi_pm_tmr_get(ACPIREGS *ar);
-void acpi_pm_tmr_init(ACPIREGS *ar, acpi_update_sci_fn update_sci);
-void acpi_pm_tmr_reset(ACPIREGS *ar);
-
-#include "qemu-timer.h"
-static inline int64_t acpi_pm_tmr_get_clock(void)
-{
- return muldiv64(qemu_get_clock_ns(vm_clock), PM_TIMER_FREQUENCY,
- get_ticks_per_sec());
-}
-
-/* PM1a_EVT: piix and ich9 don't implement PM1b. */
-uint16_t acpi_pm1_evt_get_sts(ACPIREGS *ar);
-void acpi_pm1_evt_write_sts(ACPIREGS *ar, uint16_t val);
-void acpi_pm1_evt_write_en(ACPIREGS *ar, uint16_t val);
-void acpi_pm1_evt_power_down(ACPIREGS *ar);
-void acpi_pm1_evt_reset(ACPIREGS *ar);
-
-/* PM1a_CNT: piix and ich9 don't implement PM1b CNT. */
-void acpi_pm1_cnt_init(ACPIREGS *ar);
-void acpi_pm1_cnt_write(ACPIREGS *ar, uint16_t val, char s4);
-void acpi_pm1_cnt_update(ACPIREGS *ar,
- bool sci_enable, bool sci_disable);
-void acpi_pm1_cnt_reset(ACPIREGS *ar);
-
-/* GPE0 */
-void acpi_gpe_init(ACPIREGS *ar, uint8_t len);
-void acpi_gpe_blk(ACPIREGS *ar, uint32_t blk);
-void acpi_gpe_reset(ACPIREGS *ar);
-
-void acpi_gpe_ioport_writeb(ACPIREGS *ar, uint32_t addr, uint32_t val);
-uint32_t acpi_gpe_ioport_readb(ACPIREGS *ar, uint32_t addr);
-
-#endif /* !QEMU_HW_ACPI_H */
diff --git a/hw/acpi/Makefile.objs b/hw/acpi/Makefile.objs
new file mode 100644
index 000000000..a0b63b562
--- /dev/null
+++ b/hw/acpi/Makefile.objs
@@ -0,0 +1,2 @@
+common-obj-$(CONFIG_ACPI) += core.o piix4.o ich9.o
+
diff --git a/hw/acpi/core.c b/hw/acpi/core.c
new file mode 100644
index 000000000..b07fedac5
--- /dev/null
+++ b/hw/acpi/core.c
@@ -0,0 +1,624 @@
+/*
+ * ACPI implementation
+ *
+ * Copyright (c) 2006 Fabrice Bellard
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License version 2 as published by the Free Software Foundation.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, see <http://www.gnu.org/licenses/>
+ *
+ * Contributions after 2012-01-13 are licensed under the terms of the
+ * GNU GPL, version 2 or (at your option) any later version.
+ */
+#include "sysemu/sysemu.h"
+#include "hw/hw.h"
+#include "hw/i386/pc.h"
+#include "hw/acpi/acpi.h"
+#include "monitor/monitor.h"
+#include "qemu/config-file.h"
+#include "qapi/opts-visitor.h"
+#include "qapi/dealloc-visitor.h"
+#include "qapi-visit.h"
+
+struct acpi_table_header {
+ uint16_t _length; /* our length, not actual part of the hdr */
+ /* allows easier parsing for fw_cfg clients */
+ char sig[4]; /* ACPI signature (4 ASCII characters) */
+ uint32_t length; /* Length of table, in bytes, including header */
+ uint8_t revision; /* ACPI Specification minor version # */
+ uint8_t checksum; /* To make sum of entire table == 0 */
+ char oem_id[6]; /* OEM identification */
+ char oem_table_id[8]; /* OEM table identification */
+ uint32_t oem_revision; /* OEM revision number */
+ char asl_compiler_id[4]; /* ASL compiler vendor ID */
+ uint32_t asl_compiler_revision; /* ASL compiler revision number */
+} QEMU_PACKED;
+
+#define ACPI_TABLE_HDR_SIZE sizeof(struct acpi_table_header)
+#define ACPI_TABLE_PFX_SIZE sizeof(uint16_t) /* size of the extra prefix */
+
+static const char unsigned dfl_hdr[ACPI_TABLE_HDR_SIZE - ACPI_TABLE_PFX_SIZE] =
+ "QEMU\0\0\0\0\1\0" /* sig (4), len(4), revno (1), csum (1) */
+ "QEMUQEQEMUQEMU\1\0\0\0" /* OEM id (6), table (8), revno (4) */
+ "QEMU\1\0\0\0" /* ASL compiler ID (4), version (4) */
+ ;
+
+char unsigned *acpi_tables;
+size_t acpi_tables_len;
+
+static QemuOptsList qemu_acpi_opts = {
+ .name = "acpi",
+ .implied_opt_name = "data",
+ .head = QTAILQ_HEAD_INITIALIZER(qemu_acpi_opts.head),
+ .desc = { { 0 } } /* validated with OptsVisitor */
+};
+
+static void acpi_register_config(void)
+{
+ qemu_add_opts(&qemu_acpi_opts);
+}
+
+machine_init(acpi_register_config);
+
+static int acpi_checksum(const uint8_t *data, int len)
+{
+ int sum, i;
+ sum = 0;
+ for (i = 0; i < len; i++) {
+ sum += data[i];
+ }
+ return (-sum) & 0xff;
+}
+
+
+/* Install a copy of the ACPI table specified in @blob.
+ *
+ * If @has_header is set, @blob starts with the System Description Table Header
+ * structure. Otherwise, "dfl_hdr" is prepended. In any case, each header field
+ * is optionally overwritten from @hdrs.
+ *
+ * It is valid to call this function with
+ * (@blob == NULL && bloblen == 0 && !has_header).
+ *
+ * @hdrs->file and @hdrs->data are ignored.
+ *
+ * SIZE_MAX is considered "infinity" in this function.
+ *
+ * The number of tables that can be installed is not limited, but the 16-bit
+ * counter at the beginning of "acpi_tables" wraps around after UINT16_MAX.
+ */
+static void acpi_table_install(const char unsigned *blob, size_t bloblen,
+ bool has_header,
+ const struct AcpiTableOptions *hdrs,
+ Error **errp)
+{
+ size_t body_start;
+ const char unsigned *hdr_src;
+ size_t body_size, acpi_payload_size;
+ struct acpi_table_header *ext_hdr;
+ unsigned changed_fields;
+
+ /* Calculate where the ACPI table body starts within the blob, plus where
+ * to copy the ACPI table header from.
+ */
+ if (has_header) {
+ /* _length | ACPI header in blob | blob body
+ * ^^^^^^^^^^^^^^^^^^^ ^^^^^^^^^^^^^^^^^^^ ^^^^^^^^^
+ * ACPI_TABLE_PFX_SIZE sizeof dfl_hdr body_size
+ * == body_start
+ *
+ * ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+ * acpi_payload_size == bloblen
+ */
+ body_start = sizeof dfl_hdr;
+
+ if (bloblen < body_start) {
+ error_setg(errp, "ACPI table claiming to have header is too "
+ "short, available: %zu, expected: %zu", bloblen,
+ body_start);
+ return;
+ }
+ hdr_src = blob;
+ } else {
+ /* _length | ACPI header in template | blob body
+ * ^^^^^^^^^^^^^^^^^^^ ^^^^^^^^^^^^^^^^^^^^^^^ ^^^^^^^^^^
+ * ACPI_TABLE_PFX_SIZE sizeof dfl_hdr body_size
+ * == bloblen
+ *
+ * ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+ * acpi_payload_size
+ */
+ body_start = 0;
+ hdr_src = dfl_hdr;
+ }
+ body_size = bloblen - body_start;
+ acpi_payload_size = sizeof dfl_hdr + body_size;
+
+ if (acpi_payload_size > UINT16_MAX) {
+ error_setg(errp, "ACPI table too big, requested: %zu, max: %u",
+ acpi_payload_size, (unsigned)UINT16_MAX);
+ return;
+ }
+
+ /* We won't fail from here on. Initialize / extend the globals. */
+ if (acpi_tables == NULL) {
+ acpi_tables_len = sizeof(uint16_t);
+ acpi_tables = g_malloc0(acpi_tables_len);
+ }
+
+ acpi_tables = g_realloc(acpi_tables, acpi_tables_len +
+ ACPI_TABLE_PFX_SIZE +
+ sizeof dfl_hdr + body_size);
+
+ ext_hdr = (struct acpi_table_header *)(acpi_tables + acpi_tables_len);
+ acpi_tables_len += ACPI_TABLE_PFX_SIZE;
+
+ memcpy(acpi_tables + acpi_tables_len, hdr_src, sizeof dfl_hdr);
+ acpi_tables_len += sizeof dfl_hdr;
+
+ if (blob != NULL) {
+ memcpy(acpi_tables + acpi_tables_len, blob + body_start, body_size);
+ acpi_tables_len += body_size;
+ }
+
+ /* increase number of tables */
+ cpu_to_le16wu((uint16_t *)acpi_tables,
+ le16_to_cpupu((uint16_t *)acpi_tables) + 1u);
+
+ /* Update the header fields. The strings need not be NUL-terminated. */
+ changed_fields = 0;
+ ext_hdr->_length = cpu_to_le16(acpi_payload_size);
+
+ if (hdrs->has_sig) {
+ strncpy(ext_hdr->sig, hdrs->sig, sizeof ext_hdr->sig);
+ ++changed_fields;
+ }
+
+ if (has_header && le32_to_cpu(ext_hdr->length) != acpi_payload_size) {
+ fprintf(stderr,
+ "warning: ACPI table has wrong length, header says "
+ "%" PRIu32 ", actual size %zu bytes\n",
+ le32_to_cpu(ext_hdr->length), acpi_payload_size);
+ }
+ ext_hdr->length = cpu_to_le32(acpi_payload_size);
+
+ if (hdrs->has_rev) {
+ ext_hdr->revision = hdrs->rev;
+ ++changed_fields;
+ }
+
+ ext_hdr->checksum = 0;
+
+ if (hdrs->has_oem_id) {
+ strncpy(ext_hdr->oem_id, hdrs->oem_id, sizeof ext_hdr->oem_id);
+ ++changed_fields;
+ }
+ if (hdrs->has_oem_table_id) {
+ strncpy(ext_hdr->oem_table_id, hdrs->oem_table_id,
+ sizeof ext_hdr->oem_table_id);
+ ++changed_fields;
+ }
+ if (hdrs->has_oem_rev) {
+ ext_hdr->oem_revision = cpu_to_le32(hdrs->oem_rev);
+ ++changed_fields;
+ }
+ if (hdrs->has_asl_compiler_id) {
+ strncpy(ext_hdr->asl_compiler_id, hdrs->asl_compiler_id,
+ sizeof ext_hdr->asl_compiler_id);
+ ++changed_fields;
+ }
+ if (hdrs->has_asl_compiler_rev) {
+ ext_hdr->asl_compiler_revision = cpu_to_le32(hdrs->asl_compiler_rev);
+ ++changed_fields;
+ }
+
+ if (!has_header && changed_fields == 0) {
+ fprintf(stderr, "warning: ACPI table: no headers are specified\n");
+ }
+
+ /* recalculate checksum */
+ ext_hdr->checksum = acpi_checksum((const char unsigned *)ext_hdr +
+ ACPI_TABLE_PFX_SIZE, acpi_payload_size);
+}
+
+void acpi_table_add(const QemuOpts *opts, Error **errp)
+{
+ AcpiTableOptions *hdrs = NULL;
+ Error *err = NULL;
+ char **pathnames = NULL;
+ char **cur;
+ size_t bloblen = 0;
+ char unsigned *blob = NULL;
+
+ {
+ OptsVisitor *ov;
+
+ ov = opts_visitor_new(opts);
+ visit_type_AcpiTableOptions(opts_get_visitor(ov), &hdrs, NULL, &err);
+ opts_visitor_cleanup(ov);
+ }
+
+ if (err) {
+ goto out;
+ }
+ if (hdrs->has_file == hdrs->has_data) {
+ error_setg(&err, "'-acpitable' requires one of 'data' or 'file'");
+ goto out;
+ }
+
+ pathnames = g_strsplit(hdrs->has_file ? hdrs->file : hdrs->data, ":", 0);
+ if (pathnames == NULL || pathnames[0] == NULL) {
+ error_setg(&err, "'-acpitable' requires at least one pathname");
+ goto out;
+ }
+
+ /* now read in the data files, reallocating buffer as needed */
+ for (cur = pathnames; *cur; ++cur) {
+ int fd = open(*cur, O_RDONLY | O_BINARY);
+
+ if (fd < 0) {
+ error_setg(&err, "can't open file %s: %s", *cur, strerror(errno));
+ goto out;
+ }
+
+ for (;;) {
+ char unsigned data[8192];
+ ssize_t r;
+
+ r = read(fd, data, sizeof data);
+ if (r == 0) {
+ break;
+ } else if (r > 0) {
+ blob = g_realloc(blob, bloblen + r);
+ memcpy(blob + bloblen, data, r);
+ bloblen += r;
+ } else if (errno != EINTR) {
+ error_setg(&err, "can't read file %s: %s",
+ *cur, strerror(errno));
+ close(fd);
+ goto out;
+ }
+ }
+
+ close(fd);
+ }
+
+ acpi_table_install(blob, bloblen, hdrs->has_file, hdrs, &err);
+
+out:
+ g_free(blob);
+ g_strfreev(pathnames);
+
+ if (hdrs != NULL) {
+ QapiDeallocVisitor *dv;
+
+ dv = qapi_dealloc_visitor_new();
+ visit_type_AcpiTableOptions(qapi_dealloc_get_visitor(dv), &hdrs, NULL,
+ NULL);
+ qapi_dealloc_visitor_cleanup(dv);
+ }
+
+ error_propagate(errp, err);
+}
+
+static void acpi_notify_wakeup(Notifier *notifier, void *data)
+{
+ ACPIREGS *ar = container_of(notifier, ACPIREGS, wakeup);
+ WakeupReason *reason = data;
+
+ switch (*reason) {
+ case QEMU_WAKEUP_REASON_RTC:
+ ar->pm1.evt.sts |=
+ (ACPI_BITMASK_WAKE_STATUS | ACPI_BITMASK_RT_CLOCK_STATUS);
+ break;
+ case QEMU_WAKEUP_REASON_PMTIMER:
+ ar->pm1.evt.sts |=
+ (ACPI_BITMASK_WAKE_STATUS | ACPI_BITMASK_TIMER_STATUS);
+ break;
+ case QEMU_WAKEUP_REASON_OTHER:
+ default:
+ /* ACPI_BITMASK_WAKE_STATUS should be set on resume.
+ Pretend that resume was caused by power button */
+ ar->pm1.evt.sts |=
+ (ACPI_BITMASK_WAKE_STATUS | ACPI_BITMASK_POWER_BUTTON_STATUS);
+ break;
+ }
+}
+
+/* ACPI PM1a EVT */
+uint16_t acpi_pm1_evt_get_sts(ACPIREGS *ar)
+{
+ int64_t d = acpi_pm_tmr_get_clock();
+ if (d >= ar->tmr.overflow_time) {
+ ar->pm1.evt.sts |= ACPI_BITMASK_TIMER_STATUS;
+ }
+ return ar->pm1.evt.sts;
+}
+
+static void acpi_pm1_evt_write_sts(ACPIREGS *ar, uint16_t val)
+{
+ uint16_t pm1_sts = acpi_pm1_evt_get_sts(ar);
+ if (pm1_sts & val & ACPI_BITMASK_TIMER_STATUS) {
+ /* if TMRSTS is reset, then compute the new overflow time */
+ acpi_pm_tmr_calc_overflow_time(ar);
+ }
+ ar->pm1.evt.sts &= ~val;
+}
+
+static void acpi_pm1_evt_write_en(ACPIREGS *ar, uint16_t val)
+{
+ ar->pm1.evt.en = val;
+ qemu_system_wakeup_enable(QEMU_WAKEUP_REASON_RTC,
+ val & ACPI_BITMASK_RT_CLOCK_ENABLE);
+ qemu_system_wakeup_enable(QEMU_WAKEUP_REASON_PMTIMER,
+ val & ACPI_BITMASK_TIMER_ENABLE);
+}
+
+void acpi_pm1_evt_power_down(ACPIREGS *ar)
+{
+ if (ar->pm1.evt.en & ACPI_BITMASK_POWER_BUTTON_ENABLE) {
+ ar->pm1.evt.sts |= ACPI_BITMASK_POWER_BUTTON_STATUS;
+ ar->tmr.update_sci(ar);
+ }
+}
+
+void acpi_pm1_evt_reset(ACPIREGS *ar)
+{
+ ar->pm1.evt.sts = 0;
+ ar->pm1.evt.en = 0;
+ qemu_system_wakeup_enable(QEMU_WAKEUP_REASON_RTC, 0);
+ qemu_system_wakeup_enable(QEMU_WAKEUP_REASON_PMTIMER, 0);
+}
+
+static uint64_t acpi_pm_evt_read(void *opaque, hwaddr addr, unsigned width)
+{
+ ACPIREGS *ar = opaque;
+ switch (addr) {
+ case 0:
+ return acpi_pm1_evt_get_sts(ar);
+ case 2:
+ return ar->pm1.evt.en;
+ default:
+ return 0;
+ }
+}
+
+static void acpi_pm_evt_write(void *opaque, hwaddr addr, uint64_t val,
+ unsigned width)
+{
+ ACPIREGS *ar = opaque;
+ switch (addr) {
+ case 0:
+ acpi_pm1_evt_write_sts(ar, val);
+ ar->pm1.evt.update_sci(ar);
+ break;
+ case 2:
+ acpi_pm1_evt_write_en(ar, val);
+ ar->pm1.evt.update_sci(ar);
+ break;
+ }
+}
+
+static const MemoryRegionOps acpi_pm_evt_ops = {
+ .read = acpi_pm_evt_read,
+ .write = acpi_pm_evt_write,
+ .valid.min_access_size = 2,
+ .valid.max_access_size = 2,
+ .endianness = DEVICE_LITTLE_ENDIAN,
+};
+
+void acpi_pm1_evt_init(ACPIREGS *ar, acpi_update_sci_fn update_sci,
+ MemoryRegion *parent)
+{
+ ar->pm1.evt.update_sci = update_sci;
+ memory_region_init_io(&ar->pm1.evt.io, memory_region_owner(parent),
+ &acpi_pm_evt_ops, ar, "acpi-evt", 4);
+ memory_region_add_subregion(parent, 0, &ar->pm1.evt.io);
+}
+
+/* ACPI PM_TMR */
+void acpi_pm_tmr_update(ACPIREGS *ar, bool enable)
+{
+ int64_t expire_time;
+
+ /* schedule a timer interruption if needed */
+ if (enable) {
+ expire_time = muldiv64(ar->tmr.overflow_time, get_ticks_per_sec(),
+ PM_TIMER_FREQUENCY);
+ qemu_mod_timer(ar->tmr.timer, expire_time);
+ } else {
+ qemu_del_timer(ar->tmr.timer);
+ }
+}
+
+void acpi_pm_tmr_calc_overflow_time(ACPIREGS *ar)
+{
+ int64_t d = acpi_pm_tmr_get_clock();
+ ar->tmr.overflow_time = (d + 0x800000LL) & ~0x7fffffLL;
+}
+
+static uint32_t acpi_pm_tmr_get(ACPIREGS *ar)
+{
+ uint32_t d = acpi_pm_tmr_get_clock();
+ return d & 0xffffff;
+}
+
+static void acpi_pm_tmr_timer(void *opaque)
+{
+ ACPIREGS *ar = opaque;
+ qemu_system_wakeup_request(QEMU_WAKEUP_REASON_PMTIMER);
+ ar->tmr.update_sci(ar);
+}
+
+static uint64_t acpi_pm_tmr_read(void *opaque, hwaddr addr, unsigned width)
+{
+ return acpi_pm_tmr_get(opaque);
+}
+
+static void acpi_pm_tmr_write(void *opaque, hwaddr addr, uint64_t val,
+ unsigned width)
+{
+ /* nothing */
+}
+
+static const MemoryRegionOps acpi_pm_tmr_ops = {
+ .read = acpi_pm_tmr_read,
+ .write = acpi_pm_tmr_write,
+ .valid.min_access_size = 4,
+ .valid.max_access_size = 4,
+ .endianness = DEVICE_LITTLE_ENDIAN,
+};
+
+void acpi_pm_tmr_init(ACPIREGS *ar, acpi_update_sci_fn update_sci,
+ MemoryRegion *parent)
+{
+ ar->tmr.update_sci = update_sci;
+ ar->tmr.timer = qemu_new_timer_ns(vm_clock, acpi_pm_tmr_timer, ar);
+ memory_region_init_io(&ar->tmr.io, memory_region_owner(parent),
+ &acpi_pm_tmr_ops, ar, "acpi-tmr", 4);
+ memory_region_add_subregion(parent, 8, &ar->tmr.io);
+}
+
+void acpi_pm_tmr_reset(ACPIREGS *ar)
+{
+ ar->tmr.overflow_time = 0;
+ qemu_del_timer(ar->tmr.timer);
+}
+
+/* ACPI PM1aCNT */
+static void acpi_pm1_cnt_write(ACPIREGS *ar, uint16_t val)
+{
+ ar->pm1.cnt.cnt = val & ~(ACPI_BITMASK_SLEEP_ENABLE);
+
+ if (val & ACPI_BITMASK_SLEEP_ENABLE) {
+ /* change suspend type */
+ uint16_t sus_typ = (val >> 10) & 7;
+ switch(sus_typ) {
+ case 0: /* soft power off */
+ qemu_system_shutdown_request();
+ break;
+ case 1:
+ qemu_system_suspend_request();
+ break;
+ default:
+ if (sus_typ == ar->pm1.cnt.s4_val) { /* S4 request */
+ monitor_protocol_event(QEVENT_SUSPEND_DISK, NULL);
+ qemu_system_shutdown_request();
+ }
+ break;
+ }
+ }
+}
+
+void acpi_pm1_cnt_update(ACPIREGS *ar,
+ bool sci_enable, bool sci_disable)
+{
+ /* ACPI specs 3.0, 4.7.2.5 */
+ if (sci_enable) {
+ ar->pm1.cnt.cnt |= ACPI_BITMASK_SCI_ENABLE;
+ } else if (sci_disable) {
+ ar->pm1.cnt.cnt &= ~ACPI_BITMASK_SCI_ENABLE;
+ }
+}
+
+static uint64_t acpi_pm_cnt_read(void *opaque, hwaddr addr, unsigned width)
+{
+ ACPIREGS *ar = opaque;
+ return ar->pm1.cnt.cnt;
+}
+
+static void acpi_pm_cnt_write(void *opaque, hwaddr addr, uint64_t val,
+ unsigned width)
+{
+ acpi_pm1_cnt_write(opaque, val);
+}
+
+static const MemoryRegionOps acpi_pm_cnt_ops = {
+ .read = acpi_pm_cnt_read,
+ .write = acpi_pm_cnt_write,
+ .valid.min_access_size = 2,
+ .valid.max_access_size = 2,
+ .endianness = DEVICE_LITTLE_ENDIAN,
+};
+
+void acpi_pm1_cnt_init(ACPIREGS *ar, MemoryRegion *parent, uint8_t s4_val)
+{
+ ar->pm1.cnt.s4_val = s4_val;
+ ar->wakeup.notify = acpi_notify_wakeup;
+ qemu_register_wakeup_notifier(&ar->wakeup);
+ memory_region_init_io(&ar->pm1.cnt.io, memory_region_owner(parent),
+ &acpi_pm_cnt_ops, ar, "acpi-cnt", 2);
+ memory_region_add_subregion(parent, 4, &ar->pm1.cnt.io);
+}
+
+void acpi_pm1_cnt_reset(ACPIREGS *ar)
+{
+ ar->pm1.cnt.cnt = 0;
+}
+
+/* ACPI GPE */
+void acpi_gpe_init(ACPIREGS *ar, uint8_t len)
+{
+ ar->gpe.len = len;
+ ar->gpe.sts = g_malloc0(len / 2);
+ ar->gpe.en = g_malloc0(len / 2);
+}
+
+void acpi_gpe_reset(ACPIREGS *ar)
+{
+ memset(ar->gpe.sts, 0, ar->gpe.len / 2);
+ memset(ar->gpe.en, 0, ar->gpe.len / 2);
+}
+
+static uint8_t *acpi_gpe_ioport_get_ptr(ACPIREGS *ar, uint32_t addr)
+{
+ uint8_t *cur = NULL;
+
+ if (addr < ar->gpe.len / 2) {
+ cur = ar->gpe.sts + addr;
+ } else if (addr < ar->gpe.len) {
+ cur = ar->gpe.en + addr - ar->gpe.len / 2;
+ } else {
+ abort();
+ }
+
+ return cur;
+}
+
+void acpi_gpe_ioport_writeb(ACPIREGS *ar, uint32_t addr, uint32_t val)
+{
+ uint8_t *cur;
+
+ cur = acpi_gpe_ioport_get_ptr(ar, addr);
+ if (addr < ar->gpe.len / 2) {
+ /* GPE_STS */
+ *cur = (*cur) & ~val;
+ } else if (addr < ar->gpe.len) {
+ /* GPE_EN */
+ *cur = val;
+ } else {
+ abort();
+ }
+}
+
+uint32_t acpi_gpe_ioport_readb(ACPIREGS *ar, uint32_t addr)
+{
+ uint8_t *cur;
+ uint32_t val;
+
+ cur = acpi_gpe_ioport_get_ptr(ar, addr);
+ val = 0;
+ if (cur != NULL) {
+ val = *cur;
+ }
+
+ return val;
+}
diff --git a/hw/acpi/ich9.c b/hw/acpi/ich9.c
new file mode 100644
index 000000000..3fb443d06
--- /dev/null
+++ b/hw/acpi/ich9.c
@@ -0,0 +1,230 @@
+/*
+ * ACPI implementation
+ *
+ * Copyright (c) 2006 Fabrice Bellard
+ * Copyright (c) 2009 Isaku Yamahata <yamahata at valinux co jp>
+ * VA Linux Systems Japan K.K.
+ * Copyright (C) 2012 Jason Baron <jbaron@redhat.com>
+ *
+ * This is based on acpi.c.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License version 2 as published by the Free Software Foundation.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, see <http://www.gnu.org/licenses/>
+ *
+ * Contributions after 2012-01-13 are licensed under the terms of the
+ * GNU GPL, version 2 or (at your option) any later version.
+ */
+#include "hw/hw.h"
+#include "hw/i386/pc.h"
+#include "hw/pci/pci.h"
+#include "qemu/timer.h"
+#include "sysemu/sysemu.h"
+#include "hw/acpi/acpi.h"
+#include "sysemu/kvm.h"
+#include "exec/address-spaces.h"
+
+#include "hw/i386/ich9.h"
+
+//#define DEBUG
+
+#ifdef DEBUG
+#define ICH9_DEBUG(fmt, ...) \
+do { printf("%s "fmt, __func__, ## __VA_ARGS__); } while (0)
+#else
+#define ICH9_DEBUG(fmt, ...) do { } while (0)
+#endif
+
+static void pm_update_sci(ICH9LPCPMRegs *pm)
+{
+ int sci_level, pm1a_sts;
+
+ pm1a_sts = acpi_pm1_evt_get_sts(&pm->acpi_regs);
+
+ sci_level = (((pm1a_sts & pm->acpi_regs.pm1.evt.en) &
+ (ACPI_BITMASK_RT_CLOCK_ENABLE |
+ ACPI_BITMASK_POWER_BUTTON_ENABLE |
+ ACPI_BITMASK_GLOBAL_LOCK_ENABLE |
+ ACPI_BITMASK_TIMER_ENABLE)) != 0);
+ qemu_set_irq(pm->irq, sci_level);
+
+ /* schedule a timer interruption if needed */
+ acpi_pm_tmr_update(&pm->acpi_regs,
+ (pm->acpi_regs.pm1.evt.en & ACPI_BITMASK_TIMER_ENABLE) &&
+ !(pm1a_sts & ACPI_BITMASK_TIMER_STATUS));
+}
+
+static void ich9_pm_update_sci_fn(ACPIREGS *regs)
+{
+ ICH9LPCPMRegs *pm = container_of(regs, ICH9LPCPMRegs, acpi_regs);
+ pm_update_sci(pm);
+}
+
+static uint64_t ich9_gpe_readb(void *opaque, hwaddr addr, unsigned width)
+{
+ ICH9LPCPMRegs *pm = opaque;
+ return acpi_gpe_ioport_readb(&pm->acpi_regs, addr);
+}
+
+static void ich9_gpe_writeb(void *opaque, hwaddr addr, uint64_t val,
+ unsigned width)
+{
+ ICH9LPCPMRegs *pm = opaque;
+ acpi_gpe_ioport_writeb(&pm->acpi_regs, addr, val);
+}
+
+static const MemoryRegionOps ich9_gpe_ops = {
+ .read = ich9_gpe_readb,
+ .write = ich9_gpe_writeb,
+ .valid.min_access_size = 1,
+ .valid.max_access_size = 4,
+ .impl.min_access_size = 1,
+ .impl.max_access_size = 1,
+ .endianness = DEVICE_LITTLE_ENDIAN,
+};
+
+static uint64_t ich9_smi_readl(void *opaque, hwaddr addr, unsigned width)
+{
+ ICH9LPCPMRegs *pm = opaque;
+ switch (addr) {
+ case 0:
+ return pm->smi_en;
+ case 4:
+ return pm->smi_sts;
+ default:
+ return 0;
+ }
+}
+
+static void ich9_smi_writel(void *opaque, hwaddr addr, uint64_t val,
+ unsigned width)
+{
+ ICH9LPCPMRegs *pm = opaque;
+ switch (addr) {
+ case 0:
+ pm->smi_en = val;
+ break;
+ }
+}
+
+static const MemoryRegionOps ich9_smi_ops = {
+ .read = ich9_smi_readl,
+ .write = ich9_smi_writel,
+ .valid.min_access_size = 4,
+ .valid.max_access_size = 4,
+ .endianness = DEVICE_LITTLE_ENDIAN,
+};
+
+void ich9_pm_iospace_update(ICH9LPCPMRegs *pm, uint32_t pm_io_base)
+{
+ ICH9_DEBUG("to 0x%x\n", pm_io_base);
+
+ assert((pm_io_base & ICH9_PMIO_MASK) == 0);
+
+ pm->pm_io_base = pm_io_base;
+ memory_region_transaction_begin();
+ memory_region_set_enabled(&pm->io, pm->pm_io_base != 0);
+ memory_region_set_address(&pm->io, pm->pm_io_base);
+ memory_region_transaction_commit();
+}
+
+static int ich9_pm_post_load(void *opaque, int version_id)
+{
+ ICH9LPCPMRegs *pm = opaque;
+ uint32_t pm_io_base = pm->pm_io_base;
+ pm->pm_io_base = 0;
+ ich9_pm_iospace_update(pm, pm_io_base);
+ return 0;
+}
+
+#define VMSTATE_GPE_ARRAY(_field, _state) \
+ { \
+ .name = (stringify(_field)), \
+ .version_id = 0, \
+ .num = ICH9_PMIO_GPE0_LEN, \
+ .info = &vmstate_info_uint8, \
+ .size = sizeof(uint8_t), \
+ .flags = VMS_ARRAY | VMS_POINTER, \
+ .offset = vmstate_offset_pointer(_state, _field, uint8_t), \
+ }
+
+const VMStateDescription vmstate_ich9_pm = {
+ .name = "ich9_pm",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .minimum_version_id_old = 1,
+ .post_load = ich9_pm_post_load,
+ .fields = (VMStateField[]) {
+ VMSTATE_UINT16(acpi_regs.pm1.evt.sts, ICH9LPCPMRegs),
+ VMSTATE_UINT16(acpi_regs.pm1.evt.en, ICH9LPCPMRegs),
+ VMSTATE_UINT16(acpi_regs.pm1.cnt.cnt, ICH9LPCPMRegs),
+ VMSTATE_TIMER(acpi_regs.tmr.timer, ICH9LPCPMRegs),
+ VMSTATE_INT64(acpi_regs.tmr.overflow_time, ICH9LPCPMRegs),
+ VMSTATE_GPE_ARRAY(acpi_regs.gpe.sts, ICH9LPCPMRegs),
+ VMSTATE_GPE_ARRAY(acpi_regs.gpe.en, ICH9LPCPMRegs),
+ VMSTATE_UINT32(smi_en, ICH9LPCPMRegs),
+ VMSTATE_UINT32(smi_sts, ICH9LPCPMRegs),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+static void pm_reset(void *opaque)
+{
+ ICH9LPCPMRegs *pm = opaque;
+ ich9_pm_iospace_update(pm, 0);
+
+ acpi_pm1_evt_reset(&pm->acpi_regs);
+ acpi_pm1_cnt_reset(&pm->acpi_regs);
+ acpi_pm_tmr_reset(&pm->acpi_regs);
+ acpi_gpe_reset(&pm->acpi_regs);
+
+ if (kvm_enabled()) {
+ /* Mark SMM as already inited to prevent SMM from running. KVM does not
+ * support SMM mode. */
+ pm->smi_en |= ICH9_PMIO_SMI_EN_APMC_EN;
+ }
+
+ pm_update_sci(pm);
+}
+
+static void pm_powerdown_req(Notifier *n, void *opaque)
+{
+ ICH9LPCPMRegs *pm = container_of(n, ICH9LPCPMRegs, powerdown_notifier);
+
+ acpi_pm1_evt_power_down(&pm->acpi_regs);
+}
+
+void ich9_pm_init(PCIDevice *lpc_pci, ICH9LPCPMRegs *pm,
+ qemu_irq sci_irq)
+{
+ memory_region_init(&pm->io, OBJECT(lpc_pci), "ich9-pm", ICH9_PMIO_SIZE);
+ memory_region_set_enabled(&pm->io, false);
+ memory_region_add_subregion(pci_address_space_io(lpc_pci),
+ 0, &pm->io);
+
+ acpi_pm_tmr_init(&pm->acpi_regs, ich9_pm_update_sci_fn, &pm->io);
+ acpi_pm1_evt_init(&pm->acpi_regs, ich9_pm_update_sci_fn, &pm->io);
+ acpi_pm1_cnt_init(&pm->acpi_regs, &pm->io, 2);
+
+ acpi_gpe_init(&pm->acpi_regs, ICH9_PMIO_GPE0_LEN);
+ memory_region_init_io(&pm->io_gpe, OBJECT(lpc_pci), &ich9_gpe_ops, pm,
+ "apci-gpe0", ICH9_PMIO_GPE0_LEN);
+ memory_region_add_subregion(&pm->io, ICH9_PMIO_GPE0_STS, &pm->io_gpe);
+
+ memory_region_init_io(&pm->io_smi, OBJECT(lpc_pci), &ich9_smi_ops, pm,
+ "apci-smi", 8);
+ memory_region_add_subregion(&pm->io, ICH9_PMIO_SMI_EN, &pm->io_smi);
+
+ pm->irq = sci_irq;
+ qemu_register_reset(pm_reset, pm);
+ pm->powerdown_notifier.notify = pm_powerdown_req;
+ qemu_register_powerdown_notifier(&pm->powerdown_notifier);
+}
diff --git a/hw/acpi/piix4.c b/hw/acpi/piix4.c
new file mode 100644
index 000000000..c88569061
--- /dev/null
+++ b/hw/acpi/piix4.c
@@ -0,0 +1,739 @@
+/*
+ * ACPI implementation
+ *
+ * Copyright (c) 2006 Fabrice Bellard
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License version 2 as published by the Free Software Foundation.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, see <http://www.gnu.org/licenses/>
+ *
+ * Contributions after 2012-01-13 are licensed under the terms of the
+ * GNU GPL, version 2 or (at your option) any later version.
+ */
+#include "hw/hw.h"
+#include "hw/i386/pc.h"
+#include "hw/isa/apm.h"
+#include "hw/i2c/pm_smbus.h"
+#include "hw/pci/pci.h"
+#include "hw/acpi/acpi.h"
+#include "sysemu/sysemu.h"
+#include "qemu/range.h"
+#include "exec/ioport.h"
+#include "hw/nvram/fw_cfg.h"
+#include "exec/address-spaces.h"
+
+//#define DEBUG
+
+#ifdef DEBUG
+# define PIIX4_DPRINTF(format, ...) printf(format, ## __VA_ARGS__)
+#else
+# define PIIX4_DPRINTF(format, ...) do { } while (0)
+#endif
+
+#define GPE_BASE 0xafe0
+#define GPE_LEN 4
+
+#define PCI_HOTPLUG_ADDR 0xae00
+#define PCI_HOTPLUG_SIZE 0x000f
+#define PCI_UP_BASE 0xae00
+#define PCI_DOWN_BASE 0xae04
+#define PCI_EJ_BASE 0xae08
+#define PCI_RMV_BASE 0xae0c
+
+#define PIIX4_PROC_BASE 0xaf00
+#define PIIX4_PROC_LEN 32
+
+#define PIIX4_PCI_HOTPLUG_STATUS 2
+#define PIIX4_CPU_HOTPLUG_STATUS 4
+
+struct pci_status {
+ uint32_t up; /* deprecated, maintained for migration compatibility */
+ uint32_t down;
+};
+
+typedef struct CPUStatus {
+ uint8_t sts[PIIX4_PROC_LEN];
+} CPUStatus;
+
+typedef struct PIIX4PMState {
+ /*< private >*/
+ PCIDevice parent_obj;
+ /*< public >*/
+
+ MemoryRegion io;
+ MemoryRegion io_gpe;
+ MemoryRegion io_pci;
+ MemoryRegion io_cpu;
+ ACPIREGS ar;
+
+ APMState apm;
+
+ PMSMBus smb;
+ uint32_t smb_io_base;
+
+ qemu_irq irq;
+ qemu_irq smi_irq;
+ int kvm_enabled;
+ Notifier machine_ready;
+ Notifier powerdown_notifier;
+
+ /* for pci hotplug */
+ struct pci_status pci0_status;
+ uint32_t pci0_hotplug_enable;
+ uint32_t pci0_slot_device_present;
+
+ uint8_t disable_s3;
+ uint8_t disable_s4;
+ uint8_t s4_val;
+
+ CPUStatus gpe_cpu;
+ Notifier cpu_added_notifier;
+} PIIX4PMState;
+
+#define TYPE_PIIX4_PM "PIIX4_PM"
+
+#define PIIX4_PM(obj) \
+ OBJECT_CHECK(PIIX4PMState, (obj), TYPE_PIIX4_PM)
+
+static void piix4_acpi_system_hot_add_init(MemoryRegion *parent,
+ PCIBus *bus, PIIX4PMState *s);
+
+#define ACPI_ENABLE 0xf1
+#define ACPI_DISABLE 0xf0
+
+static void pm_update_sci(PIIX4PMState *s)
+{
+ int sci_level, pmsts;
+
+ pmsts = acpi_pm1_evt_get_sts(&s->ar);
+ sci_level = (((pmsts & s->ar.pm1.evt.en) &
+ (ACPI_BITMASK_RT_CLOCK_ENABLE |
+ ACPI_BITMASK_POWER_BUTTON_ENABLE |
+ ACPI_BITMASK_GLOBAL_LOCK_ENABLE |
+ ACPI_BITMASK_TIMER_ENABLE)) != 0) ||
+ (((s->ar.gpe.sts[0] & s->ar.gpe.en[0]) &
+ (PIIX4_PCI_HOTPLUG_STATUS | PIIX4_CPU_HOTPLUG_STATUS)) != 0);
+
+ qemu_set_irq(s->irq, sci_level);
+ /* schedule a timer interruption if needed */
+ acpi_pm_tmr_update(&s->ar, (s->ar.pm1.evt.en & ACPI_BITMASK_TIMER_ENABLE) &&
+ !(pmsts & ACPI_BITMASK_TIMER_STATUS));
+}
+
+static void pm_tmr_timer(ACPIREGS *ar)
+{
+ PIIX4PMState *s = container_of(ar, PIIX4PMState, ar);
+ pm_update_sci(s);
+}
+
+static void apm_ctrl_changed(uint32_t val, void *arg)
+{
+ PIIX4PMState *s = arg;
+ PCIDevice *d = PCI_DEVICE(s);
+
+ /* ACPI specs 3.0, 4.7.2.5 */
+ acpi_pm1_cnt_update(&s->ar, val == ACPI_ENABLE, val == ACPI_DISABLE);
+
+ if (d->config[0x5b] & (1 << 1)) {
+ if (s->smi_irq) {
+ qemu_irq_raise(s->smi_irq);
+ }
+ }
+}
+
+static void pm_io_space_update(PIIX4PMState *s)
+{
+ PCIDevice *d = PCI_DEVICE(s);
+ uint32_t pm_io_base;
+
+ pm_io_base = le32_to_cpu(*(uint32_t *)(d->config + 0x40));
+ pm_io_base &= 0xffc0;
+
+ memory_region_transaction_begin();
+ memory_region_set_enabled(&s->io, d->config[0x80] & 1);
+ memory_region_set_address(&s->io, pm_io_base);
+ memory_region_transaction_commit();
+}
+
+static void smbus_io_space_update(PIIX4PMState *s)
+{
+ PCIDevice *d = PCI_DEVICE(s);
+
+ s->smb_io_base = le32_to_cpu(*(uint32_t *)(d->config + 0x90));
+ s->smb_io_base &= 0xffc0;
+
+ memory_region_transaction_begin();
+ memory_region_set_enabled(&s->smb.io, d->config[0xd2] & 1);
+ memory_region_set_address(&s->smb.io, s->smb_io_base);
+ memory_region_transaction_commit();
+}
+
+static void pm_write_config(PCIDevice *d,
+ uint32_t address, uint32_t val, int len)
+{
+ pci_default_write_config(d, address, val, len);
+ if (range_covers_byte(address, len, 0x80) ||
+ ranges_overlap(address, len, 0x40, 4)) {
+ pm_io_space_update((PIIX4PMState *)d);
+ }
+ if (range_covers_byte(address, len, 0xd2) ||
+ ranges_overlap(address, len, 0x90, 4)) {
+ smbus_io_space_update((PIIX4PMState *)d);
+ }
+}
+
+static void vmstate_pci_status_pre_save(void *opaque)
+{
+ struct pci_status *pci0_status = opaque;
+ PIIX4PMState *s = container_of(pci0_status, PIIX4PMState, pci0_status);
+
+ /* We no longer track up, so build a safe value for migrating
+ * to a version that still does... of course these might get lost
+ * by an old buggy implementation, but we try. */
+ pci0_status->up = s->pci0_slot_device_present & s->pci0_hotplug_enable;
+}
+
+static int vmstate_acpi_post_load(void *opaque, int version_id)
+{
+ PIIX4PMState *s = opaque;
+
+ pm_io_space_update(s);
+ return 0;
+}
+
+#define VMSTATE_GPE_ARRAY(_field, _state) \
+ { \
+ .name = (stringify(_field)), \
+ .version_id = 0, \
+ .info = &vmstate_info_uint16, \
+ .size = sizeof(uint16_t), \
+ .flags = VMS_SINGLE | VMS_POINTER, \
+ .offset = vmstate_offset_pointer(_state, _field, uint8_t), \
+ }
+
+static const VMStateDescription vmstate_gpe = {
+ .name = "gpe",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .minimum_version_id_old = 1,
+ .fields = (VMStateField []) {
+ VMSTATE_GPE_ARRAY(sts, ACPIGPE),
+ VMSTATE_GPE_ARRAY(en, ACPIGPE),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+static const VMStateDescription vmstate_pci_status = {
+ .name = "pci_status",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .minimum_version_id_old = 1,
+ .pre_save = vmstate_pci_status_pre_save,
+ .fields = (VMStateField []) {
+ VMSTATE_UINT32(up, struct pci_status),
+ VMSTATE_UINT32(down, struct pci_status),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+static int acpi_load_old(QEMUFile *f, void *opaque, int version_id)
+{
+ PIIX4PMState *s = opaque;
+ int ret, i;
+ uint16_t temp;
+
+ ret = pci_device_load(PCI_DEVICE(s), f);
+ if (ret < 0) {
+ return ret;
+ }
+ qemu_get_be16s(f, &s->ar.pm1.evt.sts);
+ qemu_get_be16s(f, &s->ar.pm1.evt.en);
+ qemu_get_be16s(f, &s->ar.pm1.cnt.cnt);
+
+ ret = vmstate_load_state(f, &vmstate_apm, &s->apm, 1);
+ if (ret) {
+ return ret;
+ }
+
+ qemu_get_timer(f, s->ar.tmr.timer);
+ qemu_get_sbe64s(f, &s->ar.tmr.overflow_time);
+
+ qemu_get_be16s(f, (uint16_t *)s->ar.gpe.sts);
+ for (i = 0; i < 3; i++) {
+ qemu_get_be16s(f, &temp);
+ }
+
+ qemu_get_be16s(f, (uint16_t *)s->ar.gpe.en);
+ for (i = 0; i < 3; i++) {
+ qemu_get_be16s(f, &temp);
+ }
+
+ ret = vmstate_load_state(f, &vmstate_pci_status, &s->pci0_status, 1);
+ return ret;
+}
+
+/* qemu-kvm 1.2 uses version 3 but advertised as 2
+ * To support incoming qemu-kvm 1.2 migration, change version_id
+ * and minimum_version_id to 2 below (which breaks migration from
+ * qemu 1.2).
+ *
+ */
+static const VMStateDescription vmstate_acpi = {
+ .name = "piix4_pm",
+ .version_id = 3,
+ .minimum_version_id = 3,
+ .minimum_version_id_old = 1,
+ .load_state_old = acpi_load_old,
+ .post_load = vmstate_acpi_post_load,
+ .fields = (VMStateField []) {
+ VMSTATE_PCI_DEVICE(parent_obj, PIIX4PMState),
+ VMSTATE_UINT16(ar.pm1.evt.sts, PIIX4PMState),
+ VMSTATE_UINT16(ar.pm1.evt.en, PIIX4PMState),
+ VMSTATE_UINT16(ar.pm1.cnt.cnt, PIIX4PMState),
+ VMSTATE_STRUCT(apm, PIIX4PMState, 0, vmstate_apm, APMState),
+ VMSTATE_TIMER(ar.tmr.timer, PIIX4PMState),
+ VMSTATE_INT64(ar.tmr.overflow_time, PIIX4PMState),
+ VMSTATE_STRUCT(ar.gpe, PIIX4PMState, 2, vmstate_gpe, ACPIGPE),
+ VMSTATE_STRUCT(pci0_status, PIIX4PMState, 2, vmstate_pci_status,
+ struct pci_status),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+static void acpi_piix_eject_slot(PIIX4PMState *s, unsigned slots)
+{
+ BusChild *kid, *next;
+ BusState *bus = qdev_get_parent_bus(DEVICE(s));
+ int slot = ffs(slots) - 1;
+ bool slot_free = true;
+
+ /* Mark request as complete */
+ s->pci0_status.down &= ~(1U << slot);
+
+ QTAILQ_FOREACH_SAFE(kid, &bus->children, sibling, next) {
+ DeviceState *qdev = kid->child;
+ PCIDevice *dev = PCI_DEVICE(qdev);
+ PCIDeviceClass *pc = PCI_DEVICE_GET_CLASS(dev);
+ if (PCI_SLOT(dev->devfn) == slot) {
+ if (pc->no_hotplug) {
+ slot_free = false;
+ } else {
+ qdev_free(qdev);
+ }
+ }
+ }
+ if (slot_free) {
+ s->pci0_slot_device_present &= ~(1U << slot);
+ }
+}
+
+static void piix4_update_hotplug(PIIX4PMState *s)
+{
+ BusState *bus = qdev_get_parent_bus(DEVICE(s));
+ BusChild *kid, *next;
+
+ /* Execute any pending removes during reset */
+ while (s->pci0_status.down) {
+ acpi_piix_eject_slot(s, s->pci0_status.down);
+ }
+
+ s->pci0_hotplug_enable = ~0;
+ s->pci0_slot_device_present = 0;
+
+ QTAILQ_FOREACH_SAFE(kid, &bus->children, sibling, next) {
+ DeviceState *qdev = kid->child;
+ PCIDevice *pdev = PCI_DEVICE(qdev);
+ PCIDeviceClass *pc = PCI_DEVICE_GET_CLASS(pdev);
+ int slot = PCI_SLOT(pdev->devfn);
+
+ if (pc->no_hotplug) {
+ s->pci0_hotplug_enable &= ~(1U << slot);
+ }
+
+ s->pci0_slot_device_present |= (1U << slot);
+ }
+}
+
+static void piix4_reset(void *opaque)
+{
+ PIIX4PMState *s = opaque;
+ PCIDevice *d = PCI_DEVICE(s);
+ uint8_t *pci_conf = d->config;
+
+ pci_conf[0x58] = 0;
+ pci_conf[0x59] = 0;
+ pci_conf[0x5a] = 0;
+ pci_conf[0x5b] = 0;
+
+ pci_conf[0x40] = 0x01; /* PM io base read only bit */
+ pci_conf[0x80] = 0;
+
+ if (s->kvm_enabled) {
+ /* Mark SMM as already inited (until KVM supports SMM). */
+ pci_conf[0x5B] = 0x02;
+ }
+ piix4_update_hotplug(s);
+}
+
+static void piix4_pm_powerdown_req(Notifier *n, void *opaque)
+{
+ PIIX4PMState *s = container_of(n, PIIX4PMState, powerdown_notifier);
+
+ assert(s != NULL);
+ acpi_pm1_evt_power_down(&s->ar);
+}
+
+static void piix4_pm_machine_ready(Notifier *n, void *opaque)
+{
+ PIIX4PMState *s = container_of(n, PIIX4PMState, machine_ready);
+ PCIDevice *d = PCI_DEVICE(s);
+ MemoryRegion *io_as = pci_address_space_io(d);
+ uint8_t *pci_conf;
+
+ pci_conf = d->config;
+ pci_conf[0x5f] = 0x10 |
+ (memory_region_present(io_as, 0x378) ? 0x80 : 0);
+ pci_conf[0x63] = 0x60;
+ pci_conf[0x67] = (memory_region_present(io_as, 0x3f8) ? 0x08 : 0) |
+ (memory_region_present(io_as, 0x2f8) ? 0x90 : 0);
+}
+
+static int piix4_pm_initfn(PCIDevice *dev)
+{
+ PIIX4PMState *s = PIIX4_PM(dev);
+ uint8_t *pci_conf;
+
+ pci_conf = dev->config;
+ pci_conf[0x06] = 0x80;
+ pci_conf[0x07] = 0x02;
+ pci_conf[0x09] = 0x00;
+ pci_conf[0x3d] = 0x01; // interrupt pin 1
+
+ /* APM */
+ apm_init(dev, &s->apm, apm_ctrl_changed, s);
+
+ if (s->kvm_enabled) {
+ /* Mark SMM as already inited to prevent SMM from running. KVM does not
+ * support SMM mode. */
+ pci_conf[0x5B] = 0x02;
+ }
+
+ /* XXX: which specification is used ? The i82731AB has different
+ mappings */
+ pci_conf[0x90] = s->smb_io_base | 1;
+ pci_conf[0x91] = s->smb_io_base >> 8;
+ pci_conf[0xd2] = 0x09;
+ pm_smbus_init(DEVICE(dev), &s->smb);
+ memory_region_set_enabled(&s->smb.io, pci_conf[0xd2] & 1);
+ memory_region_add_subregion(pci_address_space_io(dev),
+ s->smb_io_base, &s->smb.io);
+
+ memory_region_init(&s->io, OBJECT(s), "piix4-pm", 64);
+ memory_region_set_enabled(&s->io, false);
+ memory_region_add_subregion(pci_address_space_io(dev),
+ 0, &s->io);
+
+ acpi_pm_tmr_init(&s->ar, pm_tmr_timer, &s->io);
+ acpi_pm1_evt_init(&s->ar, pm_tmr_timer, &s->io);
+ acpi_pm1_cnt_init(&s->ar, &s->io, s->s4_val);
+ acpi_gpe_init(&s->ar, GPE_LEN);
+
+ s->powerdown_notifier.notify = piix4_pm_powerdown_req;
+ qemu_register_powerdown_notifier(&s->powerdown_notifier);
+
+ s->machine_ready.notify = piix4_pm_machine_ready;
+ qemu_add_machine_init_done_notifier(&s->machine_ready);
+ qemu_register_reset(piix4_reset, s);
+
+ piix4_acpi_system_hot_add_init(pci_address_space_io(dev), dev->bus, s);
+
+ return 0;
+}
+
+i2c_bus *piix4_pm_init(PCIBus *bus, int devfn, uint32_t smb_io_base,
+ qemu_irq sci_irq, qemu_irq smi_irq,
+ int kvm_enabled, FWCfgState *fw_cfg)
+{
+ DeviceState *dev;
+ PIIX4PMState *s;
+
+ dev = DEVICE(pci_create(bus, devfn, TYPE_PIIX4_PM));
+ qdev_prop_set_uint32(dev, "smb_io_base", smb_io_base);
+
+ s = PIIX4_PM(dev);
+ s->irq = sci_irq;
+ s->smi_irq = smi_irq;
+ s->kvm_enabled = kvm_enabled;
+
+ qdev_init_nofail(dev);
+
+ if (fw_cfg) {
+ uint8_t suspend[6] = {128, 0, 0, 129, 128, 128};
+ suspend[3] = 1 | ((!s->disable_s3) << 7);
+ suspend[4] = s->s4_val | ((!s->disable_s4) << 7);
+
+ fw_cfg_add_file(fw_cfg, "etc/system-states", g_memdup(suspend, 6), 6);
+ }
+
+ return s->smb.smbus;
+}
+
+static Property piix4_pm_properties[] = {
+ DEFINE_PROP_UINT32("smb_io_base", PIIX4PMState, smb_io_base, 0),
+ DEFINE_PROP_UINT8("disable_s3", PIIX4PMState, disable_s3, 0),
+ DEFINE_PROP_UINT8("disable_s4", PIIX4PMState, disable_s4, 0),
+ DEFINE_PROP_UINT8("s4_val", PIIX4PMState, s4_val, 2),
+ DEFINE_PROP_END_OF_LIST(),
+};
+
+static void piix4_pm_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ PCIDeviceClass *k = PCI_DEVICE_CLASS(klass);
+
+ k->no_hotplug = 1;
+ k->init = piix4_pm_initfn;
+ k->config_write = pm_write_config;
+ k->vendor_id = PCI_VENDOR_ID_INTEL;
+ k->device_id = PCI_DEVICE_ID_INTEL_82371AB_3;
+ k->revision = 0x03;
+ k->class_id = PCI_CLASS_BRIDGE_OTHER;
+ dc->desc = "PM";
+ dc->no_user = 1;
+ dc->vmsd = &vmstate_acpi;
+ dc->props = piix4_pm_properties;
+}
+
+static const TypeInfo piix4_pm_info = {
+ .name = TYPE_PIIX4_PM,
+ .parent = TYPE_PCI_DEVICE,
+ .instance_size = sizeof(PIIX4PMState),
+ .class_init = piix4_pm_class_init,
+};
+
+static void piix4_pm_register_types(void)
+{
+ type_register_static(&piix4_pm_info);
+}
+
+type_init(piix4_pm_register_types)
+
+static uint64_t gpe_readb(void *opaque, hwaddr addr, unsigned width)
+{
+ PIIX4PMState *s = opaque;
+ uint32_t val = acpi_gpe_ioport_readb(&s->ar, addr);
+
+ PIIX4_DPRINTF("gpe read %" HWADDR_PRIx " == %" PRIu32 "\n", addr, val);
+ return val;
+}
+
+static void gpe_writeb(void *opaque, hwaddr addr, uint64_t val,
+ unsigned width)
+{
+ PIIX4PMState *s = opaque;
+
+ acpi_gpe_ioport_writeb(&s->ar, addr, val);
+ pm_update_sci(s);
+
+ PIIX4_DPRINTF("gpe write %" HWADDR_PRIx " <== %" PRIu64 "\n", addr, val);
+}
+
+static const MemoryRegionOps piix4_gpe_ops = {
+ .read = gpe_readb,
+ .write = gpe_writeb,
+ .valid.min_access_size = 1,
+ .valid.max_access_size = 4,
+ .impl.min_access_size = 1,
+ .impl.max_access_size = 1,
+ .endianness = DEVICE_LITTLE_ENDIAN,
+};
+
+static uint64_t pci_read(void *opaque, hwaddr addr, unsigned int size)
+{
+ PIIX4PMState *s = opaque;
+ uint32_t val = 0;
+
+ switch (addr) {
+ case PCI_UP_BASE - PCI_HOTPLUG_ADDR:
+ /* Manufacture an "up" value to cause a device check on any hotplug
+ * slot with a device. Extra device checks are harmless. */
+ val = s->pci0_slot_device_present & s->pci0_hotplug_enable;
+ PIIX4_DPRINTF("pci_up_read %" PRIu32 "\n", val);
+ break;
+ case PCI_DOWN_BASE - PCI_HOTPLUG_ADDR:
+ val = s->pci0_status.down;
+ PIIX4_DPRINTF("pci_down_read %" PRIu32 "\n", val);
+ break;
+ case PCI_EJ_BASE - PCI_HOTPLUG_ADDR:
+ /* No feature defined yet */
+ PIIX4_DPRINTF("pci_features_read %" PRIu32 "\n", val);
+ break;
+ case PCI_RMV_BASE - PCI_HOTPLUG_ADDR:
+ val = s->pci0_hotplug_enable;
+ break;
+ default:
+ break;
+ }
+
+ return val;
+}
+
+static void pci_write(void *opaque, hwaddr addr, uint64_t data,
+ unsigned int size)
+{
+ switch (addr) {
+ case PCI_EJ_BASE - PCI_HOTPLUG_ADDR:
+ acpi_piix_eject_slot(opaque, (uint32_t)data);
+ PIIX4_DPRINTF("pciej write %" HWADDR_PRIx " <== %" PRIu64 "\n",
+ addr, data);
+ break;
+ default:
+ break;
+ }
+}
+
+static const MemoryRegionOps piix4_pci_ops = {
+ .read = pci_read,
+ .write = pci_write,
+ .endianness = DEVICE_LITTLE_ENDIAN,
+ .valid = {
+ .min_access_size = 4,
+ .max_access_size = 4,
+ },
+};
+
+static uint64_t cpu_status_read(void *opaque, hwaddr addr, unsigned int size)
+{
+ PIIX4PMState *s = opaque;
+ CPUStatus *cpus = &s->gpe_cpu;
+ uint64_t val = cpus->sts[addr];
+
+ return val;
+}
+
+static void cpu_status_write(void *opaque, hwaddr addr, uint64_t data,
+ unsigned int size)
+{
+ /* TODO: implement VCPU removal on guest signal that CPU can be removed */
+}
+
+static const MemoryRegionOps cpu_hotplug_ops = {
+ .read = cpu_status_read,
+ .write = cpu_status_write,
+ .endianness = DEVICE_LITTLE_ENDIAN,
+ .valid = {
+ .min_access_size = 1,
+ .max_access_size = 1,
+ },
+};
+
+typedef enum {
+ PLUG,
+ UNPLUG,
+} HotplugEventType;
+
+static void piix4_cpu_hotplug_req(PIIX4PMState *s, CPUState *cpu,
+ HotplugEventType action)
+{
+ CPUStatus *g = &s->gpe_cpu;
+ ACPIGPE *gpe = &s->ar.gpe;
+ CPUClass *k = CPU_GET_CLASS(cpu);
+ int64_t cpu_id;
+
+ assert(s != NULL);
+
+ *gpe->sts = *gpe->sts | PIIX4_CPU_HOTPLUG_STATUS;
+ cpu_id = k->get_arch_id(CPU(cpu));
+ if (action == PLUG) {
+ g->sts[cpu_id / 8] |= (1 << (cpu_id % 8));
+ } else {
+ g->sts[cpu_id / 8] &= ~(1 << (cpu_id % 8));
+ }
+ pm_update_sci(s);
+}
+
+static void piix4_cpu_added_req(Notifier *n, void *opaque)
+{
+ PIIX4PMState *s = container_of(n, PIIX4PMState, cpu_added_notifier);
+
+ piix4_cpu_hotplug_req(s, CPU(opaque), PLUG);
+}
+
+static void piix4_init_cpu_status(CPUState *cpu, void *data)
+{
+ CPUStatus *g = (CPUStatus *)data;
+ CPUClass *k = CPU_GET_CLASS(cpu);
+ int64_t id = k->get_arch_id(cpu);
+
+ g_assert((id / 8) < PIIX4_PROC_LEN);
+ g->sts[id / 8] |= (1 << (id % 8));
+}
+
+static int piix4_device_hotplug(DeviceState *qdev, PCIDevice *dev,
+ PCIHotplugState state);
+
+static void piix4_acpi_system_hot_add_init(MemoryRegion *parent,
+ PCIBus *bus, PIIX4PMState *s)
+{
+ memory_region_init_io(&s->io_gpe, OBJECT(s), &piix4_gpe_ops, s,
+ "acpi-gpe0", GPE_LEN);
+ memory_region_add_subregion(parent, GPE_BASE, &s->io_gpe);
+
+ memory_region_init_io(&s->io_pci, OBJECT(s), &piix4_pci_ops, s,
+ "acpi-pci-hotplug", PCI_HOTPLUG_SIZE);
+ memory_region_add_subregion(parent, PCI_HOTPLUG_ADDR,
+ &s->io_pci);
+ pci_bus_hotplug(bus, piix4_device_hotplug, DEVICE(s));
+
+ qemu_for_each_cpu(piix4_init_cpu_status, &s->gpe_cpu);
+ memory_region_init_io(&s->io_cpu, OBJECT(s), &cpu_hotplug_ops, s,
+ "acpi-cpu-hotplug", PIIX4_PROC_LEN);
+ memory_region_add_subregion(parent, PIIX4_PROC_BASE, &s->io_cpu);
+ s->cpu_added_notifier.notify = piix4_cpu_added_req;
+ qemu_register_cpu_added_notifier(&s->cpu_added_notifier);
+}
+
+static void enable_device(PIIX4PMState *s, int slot)
+{
+ s->ar.gpe.sts[0] |= PIIX4_PCI_HOTPLUG_STATUS;
+ s->pci0_slot_device_present |= (1U << slot);
+}
+
+static void disable_device(PIIX4PMState *s, int slot)
+{
+ s->ar.gpe.sts[0] |= PIIX4_PCI_HOTPLUG_STATUS;
+ s->pci0_status.down |= (1U << slot);
+}
+
+static int piix4_device_hotplug(DeviceState *qdev, PCIDevice *dev,
+ PCIHotplugState state)
+{
+ int slot = PCI_SLOT(dev->devfn);
+ PIIX4PMState *s = PIIX4_PM(qdev);
+
+ /* Don't send event when device is enabled during qemu machine creation:
+ * it is present on boot, no hotplug event is necessary. We do send an
+ * event when the device is disabled later. */
+ if (state == PCI_COLDPLUG_ENABLED) {
+ s->pci0_slot_device_present |= (1U << slot);
+ return 0;
+ }
+
+ if (state == PCI_HOTPLUG_ENABLED) {
+ enable_device(s, slot);
+ } else {
+ disable_device(s, slot);
+ }
+
+ pm_update_sci(s);
+
+ return 0;
+}
diff --git a/hw/acpi_ich9.c b/hw/acpi_ich9.c
deleted file mode 100644
index 61034d3bd..000000000
--- a/hw/acpi_ich9.c
+++ /dev/null
@@ -1,322 +0,0 @@
-/*
- * ACPI implementation
- *
- * Copyright (c) 2006 Fabrice Bellard
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License version 2 as published by the Free Software Foundation.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, see <http://www.gnu.org/licenses/>
- */
-/*
- * Copyright (c) 2009 Isaku Yamahata <yamahata at valinux co jp>
- * VA Linux Systems Japan K.K.
- * Copyright (C) 2012 Jason Baron <jbaron@redhat.com>
- *
- * This is based on acpi.c.
- */
-#include "hw.h"
-#include "pc.h"
-#include "pci.h"
-#include "qemu-timer.h"
-#include "sysemu.h"
-#include "acpi.h"
-#include "kvm.h"
-
-#include "ich9.h"
-
-//#define DEBUG
-
-#ifdef DEBUG
-#define ICH9_DEBUG(fmt, ...) \
-do { printf("%s "fmt, __func__, ## __VA_ARGS__); } while (0)
-#else
-#define ICH9_DEBUG(fmt, ...) do { } while (0)
-#endif
-
-static void pm_ioport_write_fallback(void *opaque, uint32_t addr, int len,
- uint32_t val);
-static uint32_t pm_ioport_read_fallback(void *opaque, uint32_t addr, int len);
-
-static void pm_update_sci(ICH9LPCPMRegs *pm)
-{
- int sci_level, pm1a_sts;
-
- pm1a_sts = acpi_pm1_evt_get_sts(&pm->acpi_regs);
-
- sci_level = (((pm1a_sts & pm->acpi_regs.pm1.evt.en) &
- (ACPI_BITMASK_RT_CLOCK_ENABLE |
- ACPI_BITMASK_POWER_BUTTON_ENABLE |
- ACPI_BITMASK_GLOBAL_LOCK_ENABLE |
- ACPI_BITMASK_TIMER_ENABLE)) != 0);
- qemu_set_irq(pm->irq, sci_level);
-
- /* schedule a timer interruption if needed */
- acpi_pm_tmr_update(&pm->acpi_regs,
- (pm->acpi_regs.pm1.evt.en & ACPI_BITMASK_TIMER_ENABLE) &&
- !(pm1a_sts & ACPI_BITMASK_TIMER_STATUS));
-}
-
-static void ich9_pm_update_sci_fn(ACPIREGS *regs)
-{
- ICH9LPCPMRegs *pm = container_of(regs, ICH9LPCPMRegs, acpi_regs);
- pm_update_sci(pm);
-}
-
-static void pm_ioport_writeb(void *opaque, uint32_t addr, uint32_t val)
-{
- ICH9LPCPMRegs *pm = opaque;
-
- switch (addr & ICH9_PMIO_MASK) {
- case ICH9_PMIO_GPE0_STS ... (ICH9_PMIO_GPE0_STS + ICH9_PMIO_GPE0_LEN - 1):
- acpi_gpe_ioport_writeb(&pm->acpi_regs, addr, val);
- break;
- default:
- break;
- }
-
- ICH9_DEBUG("port=0x%04x val=0x%04x\n", addr, val);
-}
-
-static uint32_t pm_ioport_readb(void *opaque, uint32_t addr)
-{
- ICH9LPCPMRegs *pm = opaque;
- uint32_t val = 0;
-
- switch (addr & ICH9_PMIO_MASK) {
- case ICH9_PMIO_GPE0_STS ... (ICH9_PMIO_GPE0_STS + ICH9_PMIO_GPE0_LEN - 1):
- val = acpi_gpe_ioport_readb(&pm->acpi_regs, addr);
- break;
- default:
- val = 0;
- break;
- }
- ICH9_DEBUG("port=0x%04x val=0x%04x\n", addr, val);
- return val;
-}
-
-static void pm_ioport_writew(void *opaque, uint32_t addr, uint32_t val)
-{
- ICH9LPCPMRegs *pm = opaque;
-
- switch (addr & ICH9_PMIO_MASK) {
- case ICH9_PMIO_PM1_STS:
- acpi_pm1_evt_write_sts(&pm->acpi_regs, val);
- pm_update_sci(pm);
- break;
- case ICH9_PMIO_PM1_EN:
- pm->acpi_regs.pm1.evt.en = val;
- pm_update_sci(pm);
- break;
- case ICH9_PMIO_PM1_CNT:
- acpi_pm1_cnt_write(&pm->acpi_regs, val, 0);
- break;
- default:
- pm_ioport_write_fallback(opaque, addr, 2, val);
- break;
- }
- ICH9_DEBUG("port=0x%04x val=0x%04x\n", addr, val);
-}
-
-static uint32_t pm_ioport_readw(void *opaque, uint32_t addr)
-{
- ICH9LPCPMRegs *pm = opaque;
- uint32_t val;
-
- switch (addr & ICH9_PMIO_MASK) {
- case ICH9_PMIO_PM1_STS:
- val = acpi_pm1_evt_get_sts(&pm->acpi_regs);
- break;
- case ICH9_PMIO_PM1_EN:
- val = pm->acpi_regs.pm1.evt.en;
- break;
- case ICH9_PMIO_PM1_CNT:
- val = pm->acpi_regs.pm1.cnt.cnt;
- break;
- default:
- val = pm_ioport_read_fallback(opaque, addr, 2);
- break;
- }
- ICH9_DEBUG("port=0x%04x val=0x%04x\n", addr, val);
- return val;
-}
-
-static void pm_ioport_writel(void *opaque, uint32_t addr, uint32_t val)
-{
- ICH9LPCPMRegs *pm = opaque;
-
- switch (addr & ICH9_PMIO_MASK) {
- case ICH9_PMIO_SMI_EN:
- pm->smi_en = val;
- break;
- default:
- pm_ioport_write_fallback(opaque, addr, 4, val);
- break;
- }
- ICH9_DEBUG("port=0x%04x val=0x%08x\n", addr, val);
-}
-
-static uint32_t pm_ioport_readl(void *opaque, uint32_t addr)
-{
- ICH9LPCPMRegs *pm = opaque;
- uint32_t val;
-
- switch (addr & ICH9_PMIO_MASK) {
- case ICH9_PMIO_PM1_TMR:
- val = acpi_pm_tmr_get(&pm->acpi_regs);
- break;
- case ICH9_PMIO_SMI_EN:
- val = pm->smi_en;
- break;
-
- default:
- val = pm_ioport_read_fallback(opaque, addr, 4);
- break;
- }
- ICH9_DEBUG("port=0x%04x val=0x%08x\n", addr, val);
- return val;
-}
-
-static void pm_ioport_write_fallback(void *opaque, uint32_t addr, int len,
- uint32_t val)
- {
- int subsize = (len == 4) ? 2 : 1;
- IOPortWriteFunc *ioport_write =
- (subsize == 2) ? pm_ioport_writew : pm_ioport_writeb;
-
- int i;
-
- for (i = 0; i < len; i += subsize) {
- ioport_write(opaque, addr, val);
- val >>= 8 * subsize;
- }
-}
-
-static uint32_t pm_ioport_read_fallback(void *opaque, uint32_t addr, int len)
-{
- int subsize = (len == 4) ? 2 : 1;
- IOPortReadFunc *ioport_read =
- (subsize == 2) ? pm_ioport_readw : pm_ioport_readb;
-
- uint32_t val;
- int i;
-
- val = 0;
- for (i = 0; i < len; i += subsize) {
- val <<= 8 * subsize;
- val |= ioport_read(opaque, addr);
- }
-
- return val;
-}
-
-void ich9_pm_iospace_update(ICH9LPCPMRegs *pm, uint32_t pm_io_base)
-{
- ICH9_DEBUG("to 0x%x\n", pm_io_base);
-
- assert((pm_io_base & ICH9_PMIO_MASK) == 0);
-
- if (pm->pm_io_base != 0) {
- isa_unassign_ioport(pm->pm_io_base, ICH9_PMIO_SIZE);
- }
-
- /* don't map at 0 */
- if (pm_io_base == 0) {
- return;
- }
-
- register_ioport_write(pm_io_base, ICH9_PMIO_SIZE, 1, pm_ioport_writeb, pm);
- register_ioport_read(pm_io_base, ICH9_PMIO_SIZE, 1, pm_ioport_readb, pm);
- register_ioport_write(pm_io_base, ICH9_PMIO_SIZE, 2, pm_ioport_writew, pm);
- register_ioport_read(pm_io_base, ICH9_PMIO_SIZE, 2, pm_ioport_readw, pm);
- register_ioport_write(pm_io_base, ICH9_PMIO_SIZE, 4, pm_ioport_writel, pm);
- register_ioport_read(pm_io_base, ICH9_PMIO_SIZE, 4, pm_ioport_readl, pm);
-
- pm->pm_io_base = pm_io_base;
- acpi_gpe_blk(&pm->acpi_regs, pm_io_base + ICH9_PMIO_GPE0_STS);
-}
-
-static int ich9_pm_post_load(void *opaque, int version_id)
-{
- ICH9LPCPMRegs *pm = opaque;
- uint32_t pm_io_base = pm->pm_io_base;
- pm->pm_io_base = 0;
- ich9_pm_iospace_update(pm, pm_io_base);
- return 0;
-}
-
-#define VMSTATE_GPE_ARRAY(_field, _state) \
- { \
- .name = (stringify(_field)), \
- .version_id = 0, \
- .num = ICH9_PMIO_GPE0_LEN, \
- .info = &vmstate_info_uint8, \
- .size = sizeof(uint8_t), \
- .flags = VMS_ARRAY | VMS_POINTER, \
- .offset = vmstate_offset_pointer(_state, _field, uint8_t), \
- }
-
-const VMStateDescription vmstate_ich9_pm = {
- .name = "ich9_pm",
- .version_id = 1,
- .minimum_version_id = 1,
- .minimum_version_id_old = 1,
- .post_load = ich9_pm_post_load,
- .fields = (VMStateField[]) {
- VMSTATE_UINT16(acpi_regs.pm1.evt.sts, ICH9LPCPMRegs),
- VMSTATE_UINT16(acpi_regs.pm1.evt.en, ICH9LPCPMRegs),
- VMSTATE_UINT16(acpi_regs.pm1.cnt.cnt, ICH9LPCPMRegs),
- VMSTATE_TIMER(acpi_regs.tmr.timer, ICH9LPCPMRegs),
- VMSTATE_INT64(acpi_regs.tmr.overflow_time, ICH9LPCPMRegs),
- VMSTATE_GPE_ARRAY(acpi_regs.gpe.sts, ICH9LPCPMRegs),
- VMSTATE_GPE_ARRAY(acpi_regs.gpe.en, ICH9LPCPMRegs),
- VMSTATE_UINT32(smi_en, ICH9LPCPMRegs),
- VMSTATE_UINT32(smi_sts, ICH9LPCPMRegs),
- VMSTATE_END_OF_LIST()
- }
-};
-
-static void pm_reset(void *opaque)
-{
- ICH9LPCPMRegs *pm = opaque;
- ich9_pm_iospace_update(pm, 0);
-
- acpi_pm1_evt_reset(&pm->acpi_regs);
- acpi_pm1_cnt_reset(&pm->acpi_regs);
- acpi_pm_tmr_reset(&pm->acpi_regs);
- acpi_gpe_reset(&pm->acpi_regs);
-
- if (kvm_enabled()) {
- /* Mark SMM as already inited to prevent SMM from running. KVM does not
- * support SMM mode. */
- pm->smi_en |= ICH9_PMIO_SMI_EN_APMC_EN;
- }
-
- pm_update_sci(pm);
-}
-
-static void pm_powerdown_req(Notifier *n, void *opaque)
-{
- ICH9LPCPMRegs *pm = container_of(n, ICH9LPCPMRegs, powerdown_notifier);
-
- acpi_pm1_evt_power_down(&pm->acpi_regs);
-}
-
-void ich9_pm_init(ICH9LPCPMRegs *pm, qemu_irq sci_irq, qemu_irq cmos_s3)
-{
- acpi_pm_tmr_init(&pm->acpi_regs, ich9_pm_update_sci_fn);
- acpi_pm1_cnt_init(&pm->acpi_regs);
- acpi_gpe_init(&pm->acpi_regs, ICH9_PMIO_GPE0_LEN);
-
- pm->irq = sci_irq;
- qemu_register_reset(pm_reset, pm);
- pm->powerdown_notifier.notify = pm_powerdown_req;
- qemu_register_powerdown_notifier(&pm->powerdown_notifier);
-}
diff --git a/hw/acpi_ich9.h b/hw/acpi_ich9.h
deleted file mode 100644
index 180c40673..000000000
--- a/hw/acpi_ich9.h
+++ /dev/null
@@ -1,47 +0,0 @@
-/*
- * QEMU GMCH/ICH9 LPC PM Emulation
- *
- * Copyright (c) 2009 Isaku Yamahata <yamahata at valinux co jp>
- * VA Linux Systems Japan K.K.
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, see <http://www.gnu.org/licenses/>
- */
-
-#ifndef HW_ACPI_ICH9_H
-#define HW_ACPI_ICH9_H
-
-#include "acpi.h"
-
-typedef struct ICH9LPCPMRegs {
- /*
- * In ich9 spec says that pm1_cnt register is 32bit width and
- * that the upper 16bits are reserved and unused.
- * PM1a_CNT_BLK = 2 in FADT so it is defined as uint16_t.
- */
- ACPIREGS acpi_regs;
- uint32_t smi_en;
- uint32_t smi_sts;
-
- qemu_irq irq; /* SCI */
-
- uint32_t pm_io_base;
- Notifier powerdown_notifier;
-} ICH9LPCPMRegs;
-
-void ich9_pm_init(ICH9LPCPMRegs *pm,
- qemu_irq sci_irq, qemu_irq cmos_s3_resume);
-void ich9_pm_iospace_update(ICH9LPCPMRegs *pm, uint32_t pm_io_base);
-extern const VMStateDescription vmstate_ich9_pm;
-
-#endif /* HW_ACPI_ICH9_H */
diff --git a/hw/acpi_piix4.c b/hw/acpi_piix4.c
deleted file mode 100644
index 519269a01..000000000
--- a/hw/acpi_piix4.c
+++ /dev/null
@@ -1,662 +0,0 @@
-/*
- * ACPI implementation
- *
- * Copyright (c) 2006 Fabrice Bellard
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License version 2 as published by the Free Software Foundation.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, see <http://www.gnu.org/licenses/>
- *
- * Contributions after 2012-01-13 are licensed under the terms of the
- * GNU GPL, version 2 or (at your option) any later version.
- */
-#include "hw.h"
-#include "pc.h"
-#include "apm.h"
-#include "pm_smbus.h"
-#include "pci.h"
-#include "acpi.h"
-#include "sysemu.h"
-#include "range.h"
-#include "ioport.h"
-#include "fw_cfg.h"
-
-//#define DEBUG
-
-#ifdef DEBUG
-# define PIIX4_DPRINTF(format, ...) printf(format, ## __VA_ARGS__)
-#else
-# define PIIX4_DPRINTF(format, ...) do { } while (0)
-#endif
-
-#define ACPI_DBG_IO_ADDR 0xb044
-
-#define GPE_BASE 0xafe0
-#define GPE_LEN 4
-#define PCI_UP_BASE 0xae00
-#define PCI_DOWN_BASE 0xae04
-#define PCI_EJ_BASE 0xae08
-#define PCI_RMV_BASE 0xae0c
-
-#define PIIX4_PCI_HOTPLUG_STATUS 2
-
-struct pci_status {
- uint32_t up; /* deprecated, maintained for migration compatibility */
- uint32_t down;
-};
-
-typedef struct PIIX4PMState {
- PCIDevice dev;
- IORange ioport;
- ACPIREGS ar;
-
- APMState apm;
-
- PMSMBus smb;
- uint32_t smb_io_base;
-
- qemu_irq irq;
- qemu_irq smi_irq;
- int kvm_enabled;
- Notifier machine_ready;
- Notifier powerdown_notifier;
-
- /* for pci hotplug */
- struct pci_status pci0_status;
- uint32_t pci0_hotplug_enable;
- uint32_t pci0_slot_device_present;
-
- uint8_t disable_s3;
- uint8_t disable_s4;
- uint8_t s4_val;
-} PIIX4PMState;
-
-static void piix4_acpi_system_hot_add_init(PCIBus *bus, PIIX4PMState *s);
-
-#define ACPI_ENABLE 0xf1
-#define ACPI_DISABLE 0xf0
-
-static void pm_update_sci(PIIX4PMState *s)
-{
- int sci_level, pmsts;
-
- pmsts = acpi_pm1_evt_get_sts(&s->ar);
- sci_level = (((pmsts & s->ar.pm1.evt.en) &
- (ACPI_BITMASK_RT_CLOCK_ENABLE |
- ACPI_BITMASK_POWER_BUTTON_ENABLE |
- ACPI_BITMASK_GLOBAL_LOCK_ENABLE |
- ACPI_BITMASK_TIMER_ENABLE)) != 0) ||
- (((s->ar.gpe.sts[0] & s->ar.gpe.en[0])
- & PIIX4_PCI_HOTPLUG_STATUS) != 0);
-
- qemu_set_irq(s->irq, sci_level);
- /* schedule a timer interruption if needed */
- acpi_pm_tmr_update(&s->ar, (s->ar.pm1.evt.en & ACPI_BITMASK_TIMER_ENABLE) &&
- !(pmsts & ACPI_BITMASK_TIMER_STATUS));
-}
-
-static void pm_tmr_timer(ACPIREGS *ar)
-{
- PIIX4PMState *s = container_of(ar, PIIX4PMState, ar);
- pm_update_sci(s);
-}
-
-static void pm_ioport_write(IORange *ioport, uint64_t addr, unsigned width,
- uint64_t val)
-{
- PIIX4PMState *s = container_of(ioport, PIIX4PMState, ioport);
-
- if (width != 2) {
- PIIX4_DPRINTF("PM write port=0x%04x width=%d val=0x%08x\n",
- (unsigned)addr, width, (unsigned)val);
- }
-
- switch(addr) {
- case 0x00:
- acpi_pm1_evt_write_sts(&s->ar, val);
- pm_update_sci(s);
- break;
- case 0x02:
- acpi_pm1_evt_write_en(&s->ar, val);
- pm_update_sci(s);
- break;
- case 0x04:
- acpi_pm1_cnt_write(&s->ar, val, s->s4_val);
- break;
- default:
- break;
- }
- PIIX4_DPRINTF("PM writew port=0x%04x val=0x%04x\n", (unsigned int)addr,
- (unsigned int)val);
-}
-
-static void pm_ioport_read(IORange *ioport, uint64_t addr, unsigned width,
- uint64_t *data)
-{
- PIIX4PMState *s = container_of(ioport, PIIX4PMState, ioport);
- uint32_t val;
-
- switch(addr) {
- case 0x00:
- val = acpi_pm1_evt_get_sts(&s->ar);
- break;
- case 0x02:
- val = s->ar.pm1.evt.en;
- break;
- case 0x04:
- val = s->ar.pm1.cnt.cnt;
- break;
- case 0x08:
- val = acpi_pm_tmr_get(&s->ar);
- break;
- default:
- val = 0;
- break;
- }
- PIIX4_DPRINTF("PM readw port=0x%04x val=0x%04x\n", (unsigned int)addr, val);
- *data = val;
-}
-
-static const IORangeOps pm_iorange_ops = {
- .read = pm_ioport_read,
- .write = pm_ioport_write,
-};
-
-static void apm_ctrl_changed(uint32_t val, void *arg)
-{
- PIIX4PMState *s = arg;
-
- /* ACPI specs 3.0, 4.7.2.5 */
- acpi_pm1_cnt_update(&s->ar, val == ACPI_ENABLE, val == ACPI_DISABLE);
-
- if (s->dev.config[0x5b] & (1 << 1)) {
- if (s->smi_irq) {
- qemu_irq_raise(s->smi_irq);
- }
- }
-}
-
-static void acpi_dbg_writel(void *opaque, uint32_t addr, uint32_t val)
-{
- PIIX4_DPRINTF("ACPI: DBG: 0x%08x\n", val);
-}
-
-static void pm_io_space_update(PIIX4PMState *s)
-{
- uint32_t pm_io_base;
-
- if (s->dev.config[0x80] & 1) {
- pm_io_base = le32_to_cpu(*(uint32_t *)(s->dev.config + 0x40));
- pm_io_base &= 0xffc0;
-
- /* XXX: need to improve memory and ioport allocation */
- PIIX4_DPRINTF("PM: mapping to 0x%x\n", pm_io_base);
- iorange_init(&s->ioport, &pm_iorange_ops, pm_io_base, 64);
- ioport_register(&s->ioport);
- }
-}
-
-static void pm_write_config(PCIDevice *d,
- uint32_t address, uint32_t val, int len)
-{
- pci_default_write_config(d, address, val, len);
- if (range_covers_byte(address, len, 0x80))
- pm_io_space_update((PIIX4PMState *)d);
-}
-
-static void vmstate_pci_status_pre_save(void *opaque)
-{
- struct pci_status *pci0_status = opaque;
- PIIX4PMState *s = container_of(pci0_status, PIIX4PMState, pci0_status);
-
- /* We no longer track up, so build a safe value for migrating
- * to a version that still does... of course these might get lost
- * by an old buggy implementation, but we try. */
- pci0_status->up = s->pci0_slot_device_present & s->pci0_hotplug_enable;
-}
-
-static int vmstate_acpi_post_load(void *opaque, int version_id)
-{
- PIIX4PMState *s = opaque;
-
- pm_io_space_update(s);
- return 0;
-}
-
-#define VMSTATE_GPE_ARRAY(_field, _state) \
- { \
- .name = (stringify(_field)), \
- .version_id = 0, \
- .info = &vmstate_info_uint16, \
- .size = sizeof(uint16_t), \
- .flags = VMS_SINGLE | VMS_POINTER, \
- .offset = vmstate_offset_pointer(_state, _field, uint8_t), \
- }
-
-static const VMStateDescription vmstate_gpe = {
- .name = "gpe",
- .version_id = 1,
- .minimum_version_id = 1,
- .minimum_version_id_old = 1,
- .fields = (VMStateField []) {
- VMSTATE_GPE_ARRAY(sts, ACPIGPE),
- VMSTATE_GPE_ARRAY(en, ACPIGPE),
- VMSTATE_END_OF_LIST()
- }
-};
-
-static const VMStateDescription vmstate_pci_status = {
- .name = "pci_status",
- .version_id = 1,
- .minimum_version_id = 1,
- .minimum_version_id_old = 1,
- .pre_save = vmstate_pci_status_pre_save,
- .fields = (VMStateField []) {
- VMSTATE_UINT32(up, struct pci_status),
- VMSTATE_UINT32(down, struct pci_status),
- VMSTATE_END_OF_LIST()
- }
-};
-
-static int acpi_load_old(QEMUFile *f, void *opaque, int version_id)
-{
- PIIX4PMState *s = opaque;
- int ret, i;
- uint16_t temp;
-
- ret = pci_device_load(&s->dev, f);
- if (ret < 0) {
- return ret;
- }
- qemu_get_be16s(f, &s->ar.pm1.evt.sts);
- qemu_get_be16s(f, &s->ar.pm1.evt.en);
- qemu_get_be16s(f, &s->ar.pm1.cnt.cnt);
-
- ret = vmstate_load_state(f, &vmstate_apm, opaque, 1);
- if (ret) {
- return ret;
- }
-
- qemu_get_timer(f, s->ar.tmr.timer);
- qemu_get_sbe64s(f, &s->ar.tmr.overflow_time);
-
- qemu_get_be16s(f, (uint16_t *)s->ar.gpe.sts);
- for (i = 0; i < 3; i++) {
- qemu_get_be16s(f, &temp);
- }
-
- qemu_get_be16s(f, (uint16_t *)s->ar.gpe.en);
- for (i = 0; i < 3; i++) {
- qemu_get_be16s(f, &temp);
- }
-
- ret = vmstate_load_state(f, &vmstate_pci_status, opaque, 1);
- return ret;
-}
-
-/* qemu-kvm 1.2 uses version 3 but advertised as 2
- * To support incoming qemu-kvm 1.2 migration, change version_id
- * and minimum_version_id to 2 below (which breaks migration from
- * qemu 1.2).
- *
- */
-static const VMStateDescription vmstate_acpi = {
- .name = "piix4_pm",
- .version_id = 3,
- .minimum_version_id = 3,
- .minimum_version_id_old = 1,
- .load_state_old = acpi_load_old,
- .post_load = vmstate_acpi_post_load,
- .fields = (VMStateField []) {
- VMSTATE_PCI_DEVICE(dev, PIIX4PMState),
- VMSTATE_UINT16(ar.pm1.evt.sts, PIIX4PMState),
- VMSTATE_UINT16(ar.pm1.evt.en, PIIX4PMState),
- VMSTATE_UINT16(ar.pm1.cnt.cnt, PIIX4PMState),
- VMSTATE_STRUCT(apm, PIIX4PMState, 0, vmstate_apm, APMState),
- VMSTATE_TIMER(ar.tmr.timer, PIIX4PMState),
- VMSTATE_INT64(ar.tmr.overflow_time, PIIX4PMState),
- VMSTATE_STRUCT(ar.gpe, PIIX4PMState, 2, vmstate_gpe, ACPIGPE),
- VMSTATE_STRUCT(pci0_status, PIIX4PMState, 2, vmstate_pci_status,
- struct pci_status),
- VMSTATE_END_OF_LIST()
- }
-};
-
-static void acpi_piix_eject_slot(PIIX4PMState *s, unsigned slots)
-{
- BusChild *kid, *next;
- BusState *bus = qdev_get_parent_bus(&s->dev.qdev);
- int slot = ffs(slots) - 1;
- bool slot_free = true;
-
- /* Mark request as complete */
- s->pci0_status.down &= ~(1U << slot);
-
- QTAILQ_FOREACH_SAFE(kid, &bus->children, sibling, next) {
- DeviceState *qdev = kid->child;
- PCIDevice *dev = PCI_DEVICE(qdev);
- PCIDeviceClass *pc = PCI_DEVICE_GET_CLASS(dev);
- if (PCI_SLOT(dev->devfn) == slot) {
- if (pc->no_hotplug) {
- slot_free = false;
- } else {
- qdev_free(qdev);
- }
- }
- }
- if (slot_free) {
- s->pci0_slot_device_present &= ~(1U << slot);
- }
-}
-
-static void piix4_update_hotplug(PIIX4PMState *s)
-{
- PCIDevice *dev = &s->dev;
- BusState *bus = qdev_get_parent_bus(&dev->qdev);
- BusChild *kid, *next;
-
- /* Execute any pending removes during reset */
- while (s->pci0_status.down) {
- acpi_piix_eject_slot(s, s->pci0_status.down);
- }
-
- s->pci0_hotplug_enable = ~0;
- s->pci0_slot_device_present = 0;
-
- QTAILQ_FOREACH_SAFE(kid, &bus->children, sibling, next) {
- DeviceState *qdev = kid->child;
- PCIDevice *pdev = PCI_DEVICE(qdev);
- PCIDeviceClass *pc = PCI_DEVICE_GET_CLASS(pdev);
- int slot = PCI_SLOT(pdev->devfn);
-
- if (pc->no_hotplug) {
- s->pci0_hotplug_enable &= ~(1U << slot);
- }
-
- s->pci0_slot_device_present |= (1U << slot);
- }
-}
-
-static void piix4_reset(void *opaque)
-{
- PIIX4PMState *s = opaque;
- uint8_t *pci_conf = s->dev.config;
-
- pci_conf[0x58] = 0;
- pci_conf[0x59] = 0;
- pci_conf[0x5a] = 0;
- pci_conf[0x5b] = 0;
-
- pci_conf[0x40] = 0x01; /* PM io base read only bit */
- pci_conf[0x80] = 0;
-
- if (s->kvm_enabled) {
- /* Mark SMM as already inited (until KVM supports SMM). */
- pci_conf[0x5B] = 0x02;
- }
- piix4_update_hotplug(s);
-}
-
-static void piix4_pm_powerdown_req(Notifier *n, void *opaque)
-{
- PIIX4PMState *s = container_of(n, PIIX4PMState, powerdown_notifier);
-
- assert(s != NULL);
- acpi_pm1_evt_power_down(&s->ar);
-}
-
-static void piix4_pm_machine_ready(Notifier *n, void *opaque)
-{
- PIIX4PMState *s = container_of(n, PIIX4PMState, machine_ready);
- uint8_t *pci_conf;
-
- pci_conf = s->dev.config;
- pci_conf[0x5f] = (isa_is_ioport_assigned(0x378) ? 0x80 : 0) | 0x10;
- pci_conf[0x63] = 0x60;
- pci_conf[0x67] = (isa_is_ioport_assigned(0x3f8) ? 0x08 : 0) |
- (isa_is_ioport_assigned(0x2f8) ? 0x90 : 0);
-
-}
-
-static int piix4_pm_initfn(PCIDevice *dev)
-{
- PIIX4PMState *s = DO_UPCAST(PIIX4PMState, dev, dev);
- uint8_t *pci_conf;
-
- pci_conf = s->dev.config;
- pci_conf[0x06] = 0x80;
- pci_conf[0x07] = 0x02;
- pci_conf[0x09] = 0x00;
- pci_conf[0x3d] = 0x01; // interrupt pin 1
-
- /* APM */
- apm_init(&s->apm, apm_ctrl_changed, s);
-
- register_ioport_write(ACPI_DBG_IO_ADDR, 4, 4, acpi_dbg_writel, s);
-
- if (s->kvm_enabled) {
- /* Mark SMM as already inited to prevent SMM from running. KVM does not
- * support SMM mode. */
- pci_conf[0x5B] = 0x02;
- }
-
- /* XXX: which specification is used ? The i82731AB has different
- mappings */
- pci_conf[0x90] = s->smb_io_base | 1;
- pci_conf[0x91] = s->smb_io_base >> 8;
- pci_conf[0xd2] = 0x09;
- register_ioport_write(s->smb_io_base, 64, 1, smb_ioport_writeb, &s->smb);
- register_ioport_read(s->smb_io_base, 64, 1, smb_ioport_readb, &s->smb);
-
- acpi_pm_tmr_init(&s->ar, pm_tmr_timer);
- acpi_gpe_init(&s->ar, GPE_LEN);
-
- s->powerdown_notifier.notify = piix4_pm_powerdown_req;
- qemu_register_powerdown_notifier(&s->powerdown_notifier);
-
- pm_smbus_init(&s->dev.qdev, &s->smb);
- s->machine_ready.notify = piix4_pm_machine_ready;
- qemu_add_machine_init_done_notifier(&s->machine_ready);
- qemu_register_reset(piix4_reset, s);
- piix4_acpi_system_hot_add_init(dev->bus, s);
-
- return 0;
-}
-
-i2c_bus *piix4_pm_init(PCIBus *bus, int devfn, uint32_t smb_io_base,
- qemu_irq sci_irq, qemu_irq smi_irq,
- int kvm_enabled, void *fw_cfg)
-{
- PCIDevice *dev;
- PIIX4PMState *s;
-
- dev = pci_create(bus, devfn, "PIIX4_PM");
- qdev_prop_set_uint32(&dev->qdev, "smb_io_base", smb_io_base);
-
- s = DO_UPCAST(PIIX4PMState, dev, dev);
- s->irq = sci_irq;
- acpi_pm1_cnt_init(&s->ar);
- s->smi_irq = smi_irq;
- s->kvm_enabled = kvm_enabled;
-
- qdev_init_nofail(&dev->qdev);
-
- if (fw_cfg) {
- uint8_t suspend[6] = {128, 0, 0, 129, 128, 128};
- suspend[3] = 1 | ((!s->disable_s3) << 7);
- suspend[4] = s->s4_val | ((!s->disable_s4) << 7);
-
- fw_cfg_add_file(fw_cfg, "etc/system-states", g_memdup(suspend, 6), 6);
- }
-
- return s->smb.smbus;
-}
-
-static Property piix4_pm_properties[] = {
- DEFINE_PROP_UINT32("smb_io_base", PIIX4PMState, smb_io_base, 0),
- DEFINE_PROP_UINT8("disable_s3", PIIX4PMState, disable_s3, 0),
- DEFINE_PROP_UINT8("disable_s4", PIIX4PMState, disable_s4, 0),
- DEFINE_PROP_UINT8("s4_val", PIIX4PMState, s4_val, 2),
- DEFINE_PROP_END_OF_LIST(),
-};
-
-static void piix4_pm_class_init(ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS(klass);
- PCIDeviceClass *k = PCI_DEVICE_CLASS(klass);
-
- k->no_hotplug = 1;
- k->init = piix4_pm_initfn;
- k->config_write = pm_write_config;
- k->vendor_id = PCI_VENDOR_ID_INTEL;
- k->device_id = PCI_DEVICE_ID_INTEL_82371AB_3;
- k->revision = 0x03;
- k->class_id = PCI_CLASS_BRIDGE_OTHER;
- dc->desc = "PM";
- dc->no_user = 1;
- dc->vmsd = &vmstate_acpi;
- dc->props = piix4_pm_properties;
-}
-
-static TypeInfo piix4_pm_info = {
- .name = "PIIX4_PM",
- .parent = TYPE_PCI_DEVICE,
- .instance_size = sizeof(PIIX4PMState),
- .class_init = piix4_pm_class_init,
-};
-
-static void piix4_pm_register_types(void)
-{
- type_register_static(&piix4_pm_info);
-}
-
-type_init(piix4_pm_register_types)
-
-static uint32_t gpe_readb(void *opaque, uint32_t addr)
-{
- PIIX4PMState *s = opaque;
- uint32_t val = acpi_gpe_ioport_readb(&s->ar, addr);
-
- PIIX4_DPRINTF("gpe read %x == %x\n", addr, val);
- return val;
-}
-
-static void gpe_writeb(void *opaque, uint32_t addr, uint32_t val)
-{
- PIIX4PMState *s = opaque;
-
- acpi_gpe_ioport_writeb(&s->ar, addr, val);
- pm_update_sci(s);
-
- PIIX4_DPRINTF("gpe write %x <== %d\n", addr, val);
-}
-
-static uint32_t pci_up_read(void *opaque, uint32_t addr)
-{
- PIIX4PMState *s = opaque;
- uint32_t val;
-
- /* Manufacture an "up" value to cause a device check on any hotplug
- * slot with a device. Extra device checks are harmless. */
- val = s->pci0_slot_device_present & s->pci0_hotplug_enable;
-
- PIIX4_DPRINTF("pci_up_read %x\n", val);
- return val;
-}
-
-static uint32_t pci_down_read(void *opaque, uint32_t addr)
-{
- PIIX4PMState *s = opaque;
- uint32_t val = s->pci0_status.down;
-
- PIIX4_DPRINTF("pci_down_read %x\n", val);
- return val;
-}
-
-static uint32_t pci_features_read(void *opaque, uint32_t addr)
-{
- /* No feature defined yet */
- PIIX4_DPRINTF("pci_features_read %x\n", 0);
- return 0;
-}
-
-static void pciej_write(void *opaque, uint32_t addr, uint32_t val)
-{
- acpi_piix_eject_slot(opaque, val);
-
- PIIX4_DPRINTF("pciej write %x <== %d\n", addr, val);
-}
-
-static uint32_t pcirmv_read(void *opaque, uint32_t addr)
-{
- PIIX4PMState *s = opaque;
-
- return s->pci0_hotplug_enable;
-}
-
-static int piix4_device_hotplug(DeviceState *qdev, PCIDevice *dev,
- PCIHotplugState state);
-
-static void piix4_acpi_system_hot_add_init(PCIBus *bus, PIIX4PMState *s)
-{
-
- register_ioport_write(GPE_BASE, GPE_LEN, 1, gpe_writeb, s);
- register_ioport_read(GPE_BASE, GPE_LEN, 1, gpe_readb, s);
- acpi_gpe_blk(&s->ar, GPE_BASE);
-
- register_ioport_read(PCI_UP_BASE, 4, 4, pci_up_read, s);
- register_ioport_read(PCI_DOWN_BASE, 4, 4, pci_down_read, s);
-
- register_ioport_write(PCI_EJ_BASE, 4, 4, pciej_write, s);
- register_ioport_read(PCI_EJ_BASE, 4, 4, pci_features_read, s);
-
- register_ioport_read(PCI_RMV_BASE, 4, 4, pcirmv_read, s);
-
- pci_bus_hotplug(bus, piix4_device_hotplug, &s->dev.qdev);
-}
-
-static void enable_device(PIIX4PMState *s, int slot)
-{
- s->ar.gpe.sts[0] |= PIIX4_PCI_HOTPLUG_STATUS;
- s->pci0_slot_device_present |= (1U << slot);
-}
-
-static void disable_device(PIIX4PMState *s, int slot)
-{
- s->ar.gpe.sts[0] |= PIIX4_PCI_HOTPLUG_STATUS;
- s->pci0_status.down |= (1U << slot);
-}
-
-static int piix4_device_hotplug(DeviceState *qdev, PCIDevice *dev,
- PCIHotplugState state)
-{
- int slot = PCI_SLOT(dev->devfn);
- PIIX4PMState *s = DO_UPCAST(PIIX4PMState, dev,
- PCI_DEVICE(qdev));
-
- /* Don't send event when device is enabled during qemu machine creation:
- * it is present on boot, no hotplug event is necessary. We do send an
- * event when the device is disabled later. */
- if (state == PCI_COLDPLUG_ENABLED) {
- s->pci0_slot_device_present |= (1U << slot);
- return 0;
- }
-
- if (state == PCI_HOTPLUG_ENABLED) {
- enable_device(s, slot);
- } else {
- disable_device(s, slot);
- }
-
- pm_update_sci(s);
-
- return 0;
-}
diff --git a/hw/adb.c b/hw/adb.c
deleted file mode 100644
index 3b547f0af..000000000
--- a/hw/adb.c
+++ /dev/null
@@ -1,455 +0,0 @@
-/*
- * QEMU ADB support
- *
- * Copyright (c) 2004 Fabrice Bellard
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
- * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
- * THE SOFTWARE.
- */
-#include "hw.h"
-#include "adb.h"
-#include "console.h"
-
-/* debug ADB */
-//#define DEBUG_ADB
-
-#ifdef DEBUG_ADB
-#define ADB_DPRINTF(fmt, ...) \
-do { printf("ADB: " fmt , ## __VA_ARGS__); } while (0)
-#else
-#define ADB_DPRINTF(fmt, ...)
-#endif
-
-/* ADB commands */
-#define ADB_BUSRESET 0x00
-#define ADB_FLUSH 0x01
-#define ADB_WRITEREG 0x08
-#define ADB_READREG 0x0c
-
-/* ADB device commands */
-#define ADB_CMD_SELF_TEST 0xff
-#define ADB_CMD_CHANGE_ID 0xfe
-#define ADB_CMD_CHANGE_ID_AND_ACT 0xfd
-#define ADB_CMD_CHANGE_ID_AND_ENABLE 0x00
-
-/* ADB default device IDs (upper 4 bits of ADB command byte) */
-#define ADB_DONGLE 1
-#define ADB_KEYBOARD 2
-#define ADB_MOUSE 3
-#define ADB_TABLET 4
-#define ADB_MODEM 5
-#define ADB_MISC 7
-
-/* error codes */
-#define ADB_RET_NOTPRESENT (-2)
-
-int adb_request(ADBBusState *s, uint8_t *obuf, const uint8_t *buf, int len)
-{
- ADBDevice *d;
- int devaddr, cmd, i;
-
- cmd = buf[0] & 0xf;
- if (cmd == ADB_BUSRESET) {
- for(i = 0; i < s->nb_devices; i++) {
- d = &s->devices[i];
- if (d->devreset) {
- d->devreset(d);
- }
- }
- return 0;
- }
- devaddr = buf[0] >> 4;
- for(i = 0; i < s->nb_devices; i++) {
- d = &s->devices[i];
- if (d->devaddr == devaddr) {
- return d->devreq(d, obuf, buf, len);
- }
- }
- return ADB_RET_NOTPRESENT;
-}
-
-/* XXX: move that to cuda ? */
-int adb_poll(ADBBusState *s, uint8_t *obuf)
-{
- ADBDevice *d;
- int olen, i;
- uint8_t buf[1];
-
- olen = 0;
- for(i = 0; i < s->nb_devices; i++) {
- if (s->poll_index >= s->nb_devices)
- s->poll_index = 0;
- d = &s->devices[s->poll_index];
- buf[0] = ADB_READREG | (d->devaddr << 4);
- olen = adb_request(s, obuf + 1, buf, 1);
- /* if there is data, we poll again the same device */
- if (olen > 0) {
- obuf[0] = buf[0];
- olen++;
- break;
- }
- s->poll_index++;
- }
- return olen;
-}
-
-static ADBDevice *adb_register_device(ADBBusState *s, int devaddr,
- ADBDeviceRequest *devreq,
- ADBDeviceReset *devreset,
- void *opaque)
-{
- ADBDevice *d;
- if (s->nb_devices >= MAX_ADB_DEVICES)
- return NULL;
- d = &s->devices[s->nb_devices++];
- d->bus = s;
- d->devaddr = devaddr;
- d->devreq = devreq;
- d->devreset = devreset;
- d->opaque = opaque;
- qemu_register_reset((QEMUResetHandler *)devreset, d);
- return d;
-}
-
-/***************************************************************/
-/* Keyboard ADB device */
-
-typedef struct KBDState {
- uint8_t data[128];
- int rptr, wptr, count;
-} KBDState;
-
-static const uint8_t pc_to_adb_keycode[256] = {
- 0, 53, 18, 19, 20, 21, 23, 22, 26, 28, 25, 29, 27, 24, 51, 48,
- 12, 13, 14, 15, 17, 16, 32, 34, 31, 35, 33, 30, 36, 54, 0, 1,
- 2, 3, 5, 4, 38, 40, 37, 41, 39, 50, 56, 42, 6, 7, 8, 9,
- 11, 45, 46, 43, 47, 44,123, 67, 58, 49, 57,122,120, 99,118, 96,
- 97, 98,100,101,109, 71,107, 89, 91, 92, 78, 86, 87, 88, 69, 83,
- 84, 85, 82, 65, 0, 0, 10,103,111, 0, 0,110, 81, 0, 0, 0,
- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
- 0, 0, 0, 94, 0, 93, 0, 0, 0, 0, 0, 0,104,102, 0, 0,
- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 76,125, 0, 0,
- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,105, 0, 0, 0, 0, 0,
- 0, 0, 0, 0, 0, 75, 0, 0,124, 0, 0, 0, 0, 0, 0, 0,
- 0, 0, 0, 0, 0, 0, 0,115, 62,116, 0, 59, 0, 60, 0,119,
- 61,121,114,117, 0, 0, 0, 0, 0, 0, 0, 55,126, 0,127, 0,
- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
- 0, 0, 0, 0, 0, 95, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
-};
-
-static void adb_kbd_put_keycode(void *opaque, int keycode)
-{
- ADBDevice *d = opaque;
- KBDState *s = d->opaque;
-
- if (s->count < sizeof(s->data)) {
- s->data[s->wptr] = keycode;
- if (++s->wptr == sizeof(s->data))
- s->wptr = 0;
- s->count++;
- }
-}
-
-static int adb_kbd_poll(ADBDevice *d, uint8_t *obuf)
-{
- static int ext_keycode;
- KBDState *s = d->opaque;
- int adb_keycode, keycode;
- int olen;
-
- olen = 0;
- for(;;) {
- if (s->count == 0)
- break;
- keycode = s->data[s->rptr];
- if (++s->rptr == sizeof(s->data))
- s->rptr = 0;
- s->count--;
-
- if (keycode == 0xe0) {
- ext_keycode = 1;
- } else {
- if (ext_keycode)
- adb_keycode = pc_to_adb_keycode[keycode | 0x80];
- else
- adb_keycode = pc_to_adb_keycode[keycode & 0x7f];
- obuf[0] = adb_keycode | (keycode & 0x80);
- /* NOTE: could put a second keycode if needed */
- obuf[1] = 0xff;
- olen = 2;
- ext_keycode = 0;
- break;
- }
- }
- return olen;
-}
-
-static int adb_kbd_request(ADBDevice *d, uint8_t *obuf,
- const uint8_t *buf, int len)
-{
- KBDState *s = d->opaque;
- int cmd, reg, olen;
-
- if ((buf[0] & 0x0f) == ADB_FLUSH) {
- /* flush keyboard fifo */
- s->wptr = s->rptr = s->count = 0;
- return 0;
- }
-
- cmd = buf[0] & 0xc;
- reg = buf[0] & 0x3;
- olen = 0;
- switch(cmd) {
- case ADB_WRITEREG:
- switch(reg) {
- case 2:
- /* LED status */
- break;
- case 3:
- switch(buf[2]) {
- case ADB_CMD_SELF_TEST:
- break;
- case ADB_CMD_CHANGE_ID:
- case ADB_CMD_CHANGE_ID_AND_ACT:
- case ADB_CMD_CHANGE_ID_AND_ENABLE:
- d->devaddr = buf[1] & 0xf;
- break;
- default:
- /* XXX: check this */
- d->devaddr = buf[1] & 0xf;
- d->handler = buf[2];
- break;
- }
- }
- break;
- case ADB_READREG:
- switch(reg) {
- case 0:
- olen = adb_kbd_poll(d, obuf);
- break;
- case 1:
- break;
- case 2:
- obuf[0] = 0x00; /* XXX: check this */
- obuf[1] = 0x07; /* led status */
- olen = 2;
- break;
- case 3:
- obuf[0] = d->handler;
- obuf[1] = d->devaddr;
- olen = 2;
- break;
- }
- break;
- }
- return olen;
-}
-
-static const VMStateDescription vmstate_adb_kbd = {
- .name = "adb_kbd",
- .version_id = 1,
- .minimum_version_id = 1,
- .minimum_version_id_old = 1,
- .fields = (VMStateField[]) {
- VMSTATE_BUFFER(data, KBDState),
- VMSTATE_INT32(rptr, KBDState),
- VMSTATE_INT32(wptr, KBDState),
- VMSTATE_INT32(count, KBDState),
- VMSTATE_END_OF_LIST()
- }
-};
-
-static int adb_kbd_reset(ADBDevice *d)
-{
- KBDState *s = d->opaque;
-
- d->handler = 1;
- d->devaddr = ADB_KEYBOARD;
- memset(s, 0, sizeof(KBDState));
-
- return 0;
-}
-
-void adb_kbd_init(ADBBusState *bus)
-{
- ADBDevice *d;
- KBDState *s;
- s = g_malloc0(sizeof(KBDState));
- d = adb_register_device(bus, ADB_KEYBOARD, adb_kbd_request,
- adb_kbd_reset, s);
- qemu_add_kbd_event_handler(adb_kbd_put_keycode, d);
- vmstate_register(NULL, -1, &vmstate_adb_kbd, s);
-}
-
-/***************************************************************/
-/* Mouse ADB device */
-
-typedef struct MouseState {
- int buttons_state, last_buttons_state;
- int dx, dy, dz;
-} MouseState;
-
-static void adb_mouse_event(void *opaque,
- int dx1, int dy1, int dz1, int buttons_state)
-{
- ADBDevice *d = opaque;
- MouseState *s = d->opaque;
-
- s->dx += dx1;
- s->dy += dy1;
- s->dz += dz1;
- s->buttons_state = buttons_state;
-}
-
-
-static int adb_mouse_poll(ADBDevice *d, uint8_t *obuf)
-{
- MouseState *s = d->opaque;
- int dx, dy;
-
- if (s->last_buttons_state == s->buttons_state &&
- s->dx == 0 && s->dy == 0)
- return 0;
-
- dx = s->dx;
- if (dx < -63)
- dx = -63;
- else if (dx > 63)
- dx = 63;
-
- dy = s->dy;
- if (dy < -63)
- dy = -63;
- else if (dy > 63)
- dy = 63;
-
- s->dx -= dx;
- s->dy -= dy;
- s->last_buttons_state = s->buttons_state;
-
- dx &= 0x7f;
- dy &= 0x7f;
-
- if (!(s->buttons_state & MOUSE_EVENT_LBUTTON))
- dy |= 0x80;
- if (!(s->buttons_state & MOUSE_EVENT_RBUTTON))
- dx |= 0x80;
-
- obuf[0] = dy;
- obuf[1] = dx;
- return 2;
-}
-
-static int adb_mouse_request(ADBDevice *d, uint8_t *obuf,
- const uint8_t *buf, int len)
-{
- MouseState *s = d->opaque;
- int cmd, reg, olen;
-
- if ((buf[0] & 0x0f) == ADB_FLUSH) {
- /* flush mouse fifo */
- s->buttons_state = s->last_buttons_state;
- s->dx = 0;
- s->dy = 0;
- s->dz = 0;
- return 0;
- }
-
- cmd = buf[0] & 0xc;
- reg = buf[0] & 0x3;
- olen = 0;
- switch(cmd) {
- case ADB_WRITEREG:
- ADB_DPRINTF("write reg %d val 0x%2.2x\n", reg, buf[1]);
- switch(reg) {
- case 2:
- break;
- case 3:
- switch(buf[2]) {
- case ADB_CMD_SELF_TEST:
- break;
- case ADB_CMD_CHANGE_ID:
- case ADB_CMD_CHANGE_ID_AND_ACT:
- case ADB_CMD_CHANGE_ID_AND_ENABLE:
- d->devaddr = buf[1] & 0xf;
- break;
- default:
- /* XXX: check this */
- d->devaddr = buf[1] & 0xf;
- break;
- }
- }
- break;
- case ADB_READREG:
- switch(reg) {
- case 0:
- olen = adb_mouse_poll(d, obuf);
- break;
- case 1:
- break;
- case 3:
- obuf[0] = d->handler;
- obuf[1] = d->devaddr;
- olen = 2;
- break;
- }
- ADB_DPRINTF("read reg %d obuf[0] 0x%2.2x obuf[1] 0x%2.2x\n", reg,
- obuf[0], obuf[1]);
- break;
- }
- return olen;
-}
-
-static int adb_mouse_reset(ADBDevice *d)
-{
- MouseState *s = d->opaque;
-
- d->handler = 2;
- d->devaddr = ADB_MOUSE;
- memset(s, 0, sizeof(MouseState));
-
- return 0;
-}
-
-static const VMStateDescription vmstate_adb_mouse = {
- .name = "adb_mouse",
- .version_id = 1,
- .minimum_version_id = 1,
- .minimum_version_id_old = 1,
- .fields = (VMStateField[]) {
- VMSTATE_INT32(buttons_state, MouseState),
- VMSTATE_INT32(last_buttons_state, MouseState),
- VMSTATE_INT32(dx, MouseState),
- VMSTATE_INT32(dy, MouseState),
- VMSTATE_INT32(dz, MouseState),
- VMSTATE_END_OF_LIST()
- }
-};
-
-void adb_mouse_init(ADBBusState *bus)
-{
- ADBDevice *d;
- MouseState *s;
-
- s = g_malloc0(sizeof(MouseState));
- d = adb_register_device(bus, ADB_MOUSE, adb_mouse_request,
- adb_mouse_reset, s);
- qemu_add_mouse_event_handler(adb_mouse_event, d, 0, "QEMU ADB Mouse");
- vmstate_register(NULL, -1, &vmstate_adb_mouse, s);
-}
diff --git a/hw/adb.h b/hw/adb.h
deleted file mode 100644
index 5b27da2dd..000000000
--- a/hw/adb.h
+++ /dev/null
@@ -1,63 +0,0 @@
-/*
- * QEMU ADB emulation shared definitions and prototypes
- *
- * Copyright (c) 2004-2007 Fabrice Bellard
- * Copyright (c) 2007 Jocelyn Mayer
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
- * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
- * THE SOFTWARE.
- */
-
-#if !defined(__ADB_H__)
-#define __ADB_H__
-
-#define MAX_ADB_DEVICES 16
-
-#define ADB_MAX_OUT_LEN 16
-
-typedef struct ADBDevice ADBDevice;
-
-/* buf = NULL means polling */
-typedef int ADBDeviceRequest(ADBDevice *d, uint8_t *buf_out,
- const uint8_t *buf, int len);
-typedef int ADBDeviceReset(ADBDevice *d);
-
-struct ADBDevice {
- struct ADBBusState *bus;
- int devaddr;
- int handler;
- ADBDeviceRequest *devreq;
- ADBDeviceReset *devreset;
- void *opaque;
-};
-
-typedef struct ADBBusState {
- ADBDevice devices[MAX_ADB_DEVICES];
- int nb_devices;
- int poll_index;
-} ADBBusState;
-
-int adb_request(ADBBusState *s, uint8_t *buf_out,
- const uint8_t *buf, int len);
-int adb_poll(ADBBusState *s, uint8_t *buf_out);
-
-void adb_kbd_init(ADBBusState *bus);
-void adb_mouse_init(ADBBusState *bus);
-
-extern ADBBusState adb_bus;
-#endif /* !defined(__ADB_H__) */
diff --git a/hw/adlib.c b/hw/adlib.c
deleted file mode 100644
index d39cd9738..000000000
--- a/hw/adlib.c
+++ /dev/null
@@ -1,337 +0,0 @@
-/*
- * QEMU Proxy for OPL2/3 emulation by MAME team
- *
- * Copyright (c) 2004-2005 Vassili Karpov (malc)
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
- * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
- * THE SOFTWARE.
- */
-
-#include "hw.h"
-#include "audiodev.h"
-#include "audio/audio.h"
-#include "isa.h"
-
-//#define DEBUG
-
-#define ADLIB_KILL_TIMERS 1
-
-#ifdef DEBUG
-#include "qemu-timer.h"
-#endif
-
-#define dolog(...) AUD_log ("adlib", __VA_ARGS__)
-#ifdef DEBUG
-#define ldebug(...) dolog (__VA_ARGS__)
-#else
-#define ldebug(...)
-#endif
-
-#ifdef HAS_YMF262
-#include "ymf262.h"
-void YMF262UpdateOneQEMU (int which, INT16 *dst, int length);
-#define SHIFT 2
-#else
-#include "fmopl.h"
-#define SHIFT 1
-#endif
-
-#define IO_READ_PROTO(name) \
- uint32_t name (void *opaque, uint32_t nport)
-#define IO_WRITE_PROTO(name) \
- void name (void *opaque, uint32_t nport, uint32_t val)
-
-static struct {
- int port;
- int freq;
-} conf = {0x220, 44100};
-
-typedef struct {
- QEMUSoundCard card;
- int ticking[2];
- int enabled;
- int active;
- int bufpos;
-#ifdef DEBUG
- int64_t exp[2];
-#endif
- int16_t *mixbuf;
- uint64_t dexp[2];
- SWVoiceOut *voice;
- int left, pos, samples;
- QEMUAudioTimeStamp ats;
-#ifndef HAS_YMF262
- FM_OPL *opl;
-#endif
-} AdlibState;
-
-static AdlibState glob_adlib;
-
-static void adlib_stop_opl_timer (AdlibState *s, size_t n)
-{
-#ifdef HAS_YMF262
- YMF262TimerOver (0, n);
-#else
- OPLTimerOver (s->opl, n);
-#endif
- s->ticking[n] = 0;
-}
-
-static void adlib_kill_timers (AdlibState *s)
-{
- size_t i;
-
- for (i = 0; i < 2; ++i) {
- if (s->ticking[i]) {
- uint64_t delta;
-
- delta = AUD_get_elapsed_usec_out (s->voice, &s->ats);
- ldebug (
- "delta = %f dexp = %f expired => %d\n",
- delta / 1000000.0,
- s->dexp[i] / 1000000.0,
- delta >= s->dexp[i]
- );
- if (ADLIB_KILL_TIMERS || delta >= s->dexp[i]) {
- adlib_stop_opl_timer (s, i);
- AUD_init_time_stamp_out (s->voice, &s->ats);
- }
- }
- }
-}
-
-static IO_WRITE_PROTO (adlib_write)
-{
- AdlibState *s = opaque;
- int a = nport & 3;
-
- s->active = 1;
- AUD_set_active_out (s->voice, 1);
-
- adlib_kill_timers (s);
-
-#ifdef HAS_YMF262
- YMF262Write (0, a, val);
-#else
- OPLWrite (s->opl, a, val);
-#endif
-}
-
-static IO_READ_PROTO (adlib_read)
-{
- AdlibState *s = opaque;
- uint8_t data;
- int a = nport & 3;
-
- adlib_kill_timers (s);
-
-#ifdef HAS_YMF262
- data = YMF262Read (0, a);
-#else
- data = OPLRead (s->opl, a);
-#endif
- return data;
-}
-
-static void timer_handler (int c, double interval_Sec)
-{
- AdlibState *s = &glob_adlib;
- unsigned n = c & 1;
-#ifdef DEBUG
- double interval;
- int64_t exp;
-#endif
-
- if (interval_Sec == 0.0) {
- s->ticking[n] = 0;
- return;
- }
-
- s->ticking[n] = 1;
-#ifdef DEBUG
- interval = get_ticks_per_sec () * interval_Sec;
- exp = qemu_get_clock_ns (vm_clock) + interval;
- s->exp[n] = exp;
-#endif
-
- s->dexp[n] = interval_Sec * 1000000.0;
- AUD_init_time_stamp_out (s->voice, &s->ats);
-}
-
-static int write_audio (AdlibState *s, int samples)
-{
- int net = 0;
- int pos = s->pos;
-
- while (samples) {
- int nbytes, wbytes, wsampl;
-
- nbytes = samples << SHIFT;
- wbytes = AUD_write (
- s->voice,
- s->mixbuf + (pos << (SHIFT - 1)),
- nbytes
- );
-
- if (wbytes) {
- wsampl = wbytes >> SHIFT;
-
- samples -= wsampl;
- pos = (pos + wsampl) % s->samples;
-
- net += wsampl;
- }
- else {
- break;
- }
- }
-
- return net;
-}
-
-static void adlib_callback (void *opaque, int free)
-{
- AdlibState *s = opaque;
- int samples, net = 0, to_play, written;
-
- samples = free >> SHIFT;
- if (!(s->active && s->enabled) || !samples) {
- return;
- }
-
- to_play = audio_MIN (s->left, samples);
- while (to_play) {
- written = write_audio (s, to_play);
-
- if (written) {
- s->left -= written;
- samples -= written;
- to_play -= written;
- s->pos = (s->pos + written) % s->samples;
- }
- else {
- return;
- }
- }
-
- samples = audio_MIN (samples, s->samples - s->pos);
- if (!samples) {
- return;
- }
-
-#ifdef HAS_YMF262
- YMF262UpdateOneQEMU (0, s->mixbuf + s->pos * 2, samples);
-#else
- YM3812UpdateOne (s->opl, s->mixbuf + s->pos, samples);
-#endif
-
- while (samples) {
- written = write_audio (s, samples);
-
- if (written) {
- net += written;
- samples -= written;
- s->pos = (s->pos + written) % s->samples;
- }
- else {
- s->left = samples;
- return;
- }
- }
-}
-
-static void Adlib_fini (AdlibState *s)
-{
-#ifdef HAS_YMF262
- YMF262Shutdown ();
-#else
- if (s->opl) {
- OPLDestroy (s->opl);
- s->opl = NULL;
- }
-#endif
-
- if (s->mixbuf) {
- g_free (s->mixbuf);
- }
-
- s->active = 0;
- s->enabled = 0;
- AUD_remove_card (&s->card);
-}
-
-int Adlib_init (ISABus *bus)
-{
- AdlibState *s = &glob_adlib;
- struct audsettings as;
-
-#ifdef HAS_YMF262
- if (YMF262Init (1, 14318180, conf.freq)) {
- dolog ("YMF262Init %d failed\n", conf.freq);
- return -1;
- }
- else {
- YMF262SetTimerHandler (0, timer_handler, 0);
- s->enabled = 1;
- }
-#else
- s->opl = OPLCreate (OPL_TYPE_YM3812, 3579545, conf.freq);
- if (!s->opl) {
- dolog ("OPLCreate %d failed\n", conf.freq);
- return -1;
- }
- else {
- OPLSetTimerHandler (s->opl, timer_handler, 0);
- s->enabled = 1;
- }
-#endif
-
- as.freq = conf.freq;
- as.nchannels = SHIFT;
- as.fmt = AUD_FMT_S16;
- as.endianness = AUDIO_HOST_ENDIANNESS;
-
- AUD_register_card ("adlib", &s->card);
-
- s->voice = AUD_open_out (
- &s->card,
- s->voice,
- "adlib",
- s,
- adlib_callback,
- &as
- );
- if (!s->voice) {
- Adlib_fini (s);
- return -1;
- }
-
- s->samples = AUD_get_buffer_size_out (s->voice) >> SHIFT;
- s->mixbuf = g_malloc0 (s->samples << SHIFT);
-
- register_ioport_read (0x388, 4, 1, adlib_read, s);
- register_ioport_write (0x388, 4, 1, adlib_write, s);
-
- register_ioport_read (conf.port, 4, 1, adlib_read, s);
- register_ioport_write (conf.port, 4, 1, adlib_write, s);
-
- register_ioport_read (conf.port + 8, 2, 1, adlib_read, s);
- register_ioport_write (conf.port + 8, 2, 1, adlib_write, s);
-
- return 0;
-}
diff --git a/hw/ads7846.c b/hw/ads7846.c
deleted file mode 100644
index 2ea9e55bb..000000000
--- a/hw/ads7846.c
+++ /dev/null
@@ -1,177 +0,0 @@
-/*
- * TI ADS7846 / TSC2046 chip emulation.
- *
- * Copyright (c) 2006 Openedhand Ltd.
- * Written by Andrzej Zaborowski <balrog@zabor.org>
- *
- * This code is licensed under the GNU GPL v2.
- *
- * Contributions after 2012-01-13 are licensed under the terms of the
- * GNU GPL, version 2 or (at your option) any later version.
- */
-
-#include "ssi.h"
-#include "console.h"
-
-typedef struct {
- SSISlave ssidev;
- qemu_irq interrupt;
-
- int input[8];
- int pressure;
- int noise;
-
- int cycle;
- int output;
-} ADS7846State;
-
-/* Control-byte bitfields */
-#define CB_PD0 (1 << 0)
-#define CB_PD1 (1 << 1)
-#define CB_SER (1 << 2)
-#define CB_MODE (1 << 3)
-#define CB_A0 (1 << 4)
-#define CB_A1 (1 << 5)
-#define CB_A2 (1 << 6)
-#define CB_START (1 << 7)
-
-#define X_AXIS_DMAX 3470
-#define X_AXIS_MIN 290
-#define Y_AXIS_DMAX 3450
-#define Y_AXIS_MIN 200
-
-#define ADS_VBAT 2000
-#define ADS_VAUX 2000
-#define ADS_TEMP0 2000
-#define ADS_TEMP1 3000
-#define ADS_XPOS(x, y) (X_AXIS_MIN + ((X_AXIS_DMAX * (x)) >> 15))
-#define ADS_YPOS(x, y) (Y_AXIS_MIN + ((Y_AXIS_DMAX * (y)) >> 15))
-#define ADS_Z1POS(x, y) 600
-#define ADS_Z2POS(x, y) (600 + 6000 / ADS_XPOS(x, y))
-
-static void ads7846_int_update(ADS7846State *s)
-{
- if (s->interrupt)
- qemu_set_irq(s->interrupt, s->pressure == 0);
-}
-
-static uint32_t ads7846_transfer(SSISlave *dev, uint32_t value)
-{
- ADS7846State *s = FROM_SSI_SLAVE(ADS7846State, dev);
-
- switch (s->cycle ++) {
- case 0:
- if (!(value & CB_START)) {
- s->cycle = 0;
- break;
- }
-
- s->output = s->input[(value >> 4) & 7];
-
- /* Imitate the ADC noise, some drivers expect this. */
- s->noise = (s->noise + 3) & 7;
- switch ((value >> 4) & 7) {
- case 1: s->output += s->noise ^ 2; break;
- case 3: s->output += s->noise ^ 0; break;
- case 4: s->output += s->noise ^ 7; break;
- case 5: s->output += s->noise ^ 5; break;
- }
-
- if (value & CB_MODE)
- s->output >>= 4; /* 8 bits instead of 12 */
-
- break;
- case 1:
- s->cycle = 0;
- break;
- }
- return s->output;
-}
-
-static void ads7846_ts_event(void *opaque,
- int x, int y, int z, int buttons_state)
-{
- ADS7846State *s = opaque;
-
- if (buttons_state) {
- x = 0x7fff - x;
- s->input[1] = ADS_XPOS(x, y);
- s->input[3] = ADS_Z1POS(x, y);
- s->input[4] = ADS_Z2POS(x, y);
- s->input[5] = ADS_YPOS(x, y);
- }
-
- if (s->pressure == !buttons_state) {
- s->pressure = !!buttons_state;
-
- ads7846_int_update(s);
- }
-}
-
-static int ads7856_post_load(void *opaque, int version_id)
-{
- ADS7846State *s = opaque;
-
- s->pressure = 0;
- ads7846_int_update(s);
- return 0;
-}
-
-static const VMStateDescription vmstate_ads7846 = {
- .name = "ads7846",
- .version_id = 1,
- .minimum_version_id = 1,
- .minimum_version_id_old = 1,
- .post_load = ads7856_post_load,
- .fields = (VMStateField[]) {
- VMSTATE_SSI_SLAVE(ssidev, ADS7846State),
- VMSTATE_INT32_ARRAY(input, ADS7846State, 8),
- VMSTATE_INT32(noise, ADS7846State),
- VMSTATE_INT32(cycle, ADS7846State),
- VMSTATE_INT32(output, ADS7846State),
- VMSTATE_END_OF_LIST()
- }
-};
-
-static int ads7846_init(SSISlave *dev)
-{
- ADS7846State *s = FROM_SSI_SLAVE(ADS7846State, dev);
-
- qdev_init_gpio_out(&dev->qdev, &s->interrupt, 1);
-
- s->input[0] = ADS_TEMP0; /* TEMP0 */
- s->input[2] = ADS_VBAT; /* VBAT */
- s->input[6] = ADS_VAUX; /* VAUX */
- s->input[7] = ADS_TEMP1; /* TEMP1 */
-
- /* We want absolute coordinates */
- qemu_add_mouse_event_handler(ads7846_ts_event, s, 1,
- "QEMU ADS7846-driven Touchscreen");
-
- ads7846_int_update(s);
-
- vmstate_register(NULL, -1, &vmstate_ads7846, s);
- return 0;
-}
-
-static void ads7846_class_init(ObjectClass *klass, void *data)
-{
- SSISlaveClass *k = SSI_SLAVE_CLASS(klass);
-
- k->init = ads7846_init;
- k->transfer = ads7846_transfer;
-}
-
-static TypeInfo ads7846_info = {
- .name = "ads7846",
- .parent = TYPE_SSI_SLAVE,
- .instance_size = sizeof(ADS7846State),
- .class_init = ads7846_class_init,
-};
-
-static void ads7846_register_types(void)
-{
- type_register_static(&ads7846_info);
-}
-
-type_init(ads7846_register_types)
diff --git a/hw/alpha/Makefile.objs b/hw/alpha/Makefile.objs
index af1c07fa7..5c742756f 100644
--- a/hw/alpha/Makefile.objs
+++ b/hw/alpha/Makefile.objs
@@ -1,4 +1 @@
-obj-y = mc146818rtc.o
-obj-y += alpha_pci.o alpha_dp264.o alpha_typhoon.o
-
-obj-y := $(addprefix ../,$(obj-y))
+obj-y += dp264.o pci.o typhoon.o
diff --git a/hw/alpha/alpha_sys.h b/hw/alpha/alpha_sys.h
new file mode 100644
index 000000000..e11025b4b
--- /dev/null
+++ b/hw/alpha/alpha_sys.h
@@ -0,0 +1,21 @@
+/* Alpha cores and system support chips. */
+
+#ifndef HW_ALPHA_H
+#define HW_ALPHA_H 1
+
+#include "hw/pci/pci.h"
+#include "hw/pci/pci_host.h"
+#include "hw/ide.h"
+#include "hw/i386/pc.h"
+#include "hw/irq.h"
+
+
+PCIBus *typhoon_init(ram_addr_t, ISABus **, qemu_irq *, AlphaCPU *[4],
+ pci_map_irq_fn);
+
+/* alpha_pci.c. */
+extern const MemoryRegionOps alpha_pci_ignore_ops;
+extern const MemoryRegionOps alpha_pci_conf1_ops;
+extern const MemoryRegionOps alpha_pci_iack_ops;
+
+#endif
diff --git a/hw/alpha/dp264.c b/hw/alpha/dp264.c
new file mode 100644
index 000000000..95fde615b
--- /dev/null
+++ b/hw/alpha/dp264.c
@@ -0,0 +1,184 @@
+/*
+ * QEMU Alpha DP264/CLIPPER hardware system emulator.
+ *
+ * Choose CLIPPER IRQ mappings over, say, DP264, MONET, or WEBBRICK
+ * variants because CLIPPER doesn't have an SMC669 SuperIO controller
+ * that we need to emulate as well.
+ */
+
+#include "hw/hw.h"
+#include "elf.h"
+#include "hw/loader.h"
+#include "hw/boards.h"
+#include "alpha_sys.h"
+#include "sysemu/sysemu.h"
+#include "hw/timer/mc146818rtc.h"
+#include "hw/ide.h"
+#include "hw/timer/i8254.h"
+#include "hw/char/serial.h"
+
+#define MAX_IDE_BUS 2
+
+static uint64_t cpu_alpha_superpage_to_phys(void *opaque, uint64_t addr)
+{
+ if (((addr >> 41) & 3) == 2) {
+ addr &= 0xffffffffffull;
+ }
+ return addr;
+}
+
+/* Note that there are at least 3 viewpoints of IRQ numbers on Alpha systems.
+ (0) The dev_irq_n lines into the cpu, which we totally ignore,
+ (1) The DRIR lines in the typhoon chipset,
+ (2) The "vector" aka mangled interrupt number reported by SRM PALcode,
+ (3) The interrupt number assigned by the kernel.
+ The following function is concerned with (1) only. */
+
+static int clipper_pci_map_irq(PCIDevice *d, int irq_num)
+{
+ int slot = d->devfn >> 3;
+
+ assert(irq_num >= 0 && irq_num <= 3);
+
+ return (slot + 1) * 4 + irq_num;
+}
+
+static void clipper_init(QEMUMachineInitArgs *args)
+{
+ ram_addr_t ram_size = args->ram_size;
+ const char *cpu_model = args->cpu_model;
+ const char *kernel_filename = args->kernel_filename;
+ const char *kernel_cmdline = args->kernel_cmdline;
+ const char *initrd_filename = args->initrd_filename;
+ AlphaCPU *cpus[4];
+ PCIBus *pci_bus;
+ ISABus *isa_bus;
+ qemu_irq rtc_irq;
+ long size, i;
+ const char *palcode_filename;
+ uint64_t palcode_entry, palcode_low, palcode_high;
+ uint64_t kernel_entry, kernel_low, kernel_high;
+
+ /* Create up to 4 cpus. */
+ memset(cpus, 0, sizeof(cpus));
+ for (i = 0; i < smp_cpus; ++i) {
+ cpus[i] = cpu_alpha_init(cpu_model ? cpu_model : "ev67");
+ }
+
+ cpus[0]->env.trap_arg0 = ram_size;
+ cpus[0]->env.trap_arg1 = 0;
+ cpus[0]->env.trap_arg2 = smp_cpus;
+
+ /* Init the chipset. */
+ pci_bus = typhoon_init(ram_size, &isa_bus, &rtc_irq, cpus,
+ clipper_pci_map_irq);
+
+ /* Since we have an SRM-compatible PALcode, use the SRM epoch. */
+ rtc_init(isa_bus, 1900, rtc_irq);
+
+ pit_init(isa_bus, 0x40, 0, NULL);
+ isa_create_simple(isa_bus, "i8042");
+
+ /* VGA setup. Don't bother loading the bios. */
+ pci_vga_init(pci_bus);
+
+ /* Serial code setup. */
+ for (i = 0; i < MAX_SERIAL_PORTS; ++i) {
+ if (serial_hds[i]) {
+ serial_isa_init(isa_bus, i, serial_hds[i]);
+ }
+ }
+
+ /* Network setup. e1000 is good enough, failing Tulip support. */
+ for (i = 0; i < nb_nics; i++) {
+ pci_nic_init_nofail(&nd_table[i], pci_bus, "e1000", NULL);
+ }
+
+ /* IDE disk setup. */
+ {
+ DriveInfo *hd[MAX_IDE_BUS * MAX_IDE_DEVS];
+ ide_drive_get(hd, MAX_IDE_BUS);
+
+ pci_cmd646_ide_init(pci_bus, hd, 0);
+ }
+
+ /* Load PALcode. Given that this is not "real" cpu palcode,
+ but one explicitly written for the emulation, we might as
+ well load it directly from and ELF image. */
+ palcode_filename = (bios_name ? bios_name : "palcode-clipper");
+ palcode_filename = qemu_find_file(QEMU_FILE_TYPE_BIOS, palcode_filename);
+ if (palcode_filename == NULL) {
+ hw_error("no palcode provided\n");
+ exit(1);
+ }
+ size = load_elf(palcode_filename, cpu_alpha_superpage_to_phys,
+ NULL, &palcode_entry, &palcode_low, &palcode_high,
+ 0, EM_ALPHA, 0);
+ if (size < 0) {
+ hw_error("could not load palcode '%s'\n", palcode_filename);
+ exit(1);
+ }
+
+ /* Start all cpus at the PALcode RESET entry point. */
+ for (i = 0; i < smp_cpus; ++i) {
+ cpus[i]->env.pal_mode = 1;
+ cpus[i]->env.pc = palcode_entry;
+ cpus[i]->env.palbr = palcode_entry;
+ }
+
+ /* Load a kernel. */
+ if (kernel_filename) {
+ uint64_t param_offset;
+
+ size = load_elf(kernel_filename, cpu_alpha_superpage_to_phys,
+ NULL, &kernel_entry, &kernel_low, &kernel_high,
+ 0, EM_ALPHA, 0);
+ if (size < 0) {
+ hw_error("could not load kernel '%s'\n", kernel_filename);
+ exit(1);
+ }
+
+ cpus[0]->env.trap_arg1 = kernel_entry;
+
+ param_offset = kernel_low - 0x6000;
+
+ if (kernel_cmdline) {
+ pstrcpy_targphys("cmdline", param_offset, 0x100, kernel_cmdline);
+ }
+
+ if (initrd_filename) {
+ long initrd_base, initrd_size;
+
+ initrd_size = get_image_size(initrd_filename);
+ if (initrd_size < 0) {
+ hw_error("could not load initial ram disk '%s'\n",
+ initrd_filename);
+ exit(1);
+ }
+
+ /* Put the initrd image as high in memory as possible. */
+ initrd_base = (ram_size - initrd_size) & TARGET_PAGE_MASK;
+ load_image_targphys(initrd_filename, initrd_base,
+ ram_size - initrd_base);
+
+ stq_phys(param_offset + 0x100, initrd_base + 0xfffffc0000000000ULL);
+ stq_phys(param_offset + 0x108, initrd_size);
+ }
+ }
+}
+
+static QEMUMachine clipper_machine = {
+ .name = "clipper",
+ .desc = "Alpha DP264/CLIPPER",
+ .init = clipper_init,
+ .max_cpus = 4,
+ .is_default = 1,
+ DEFAULT_MACHINE_OPTIONS,
+};
+
+static void clipper_machine_init(void)
+{
+ qemu_register_machine(&clipper_machine);
+}
+
+machine_init(clipper_machine_init);
diff --git a/hw/alpha/pci.c b/hw/alpha/pci.c
new file mode 100644
index 000000000..d839dd556
--- /dev/null
+++ b/hw/alpha/pci.c
@@ -0,0 +1,91 @@
+/*
+ * QEMU Alpha PCI support functions.
+ *
+ * Some of this isn't very Alpha specific at all.
+ *
+ * ??? Sparse memory access not implemented.
+ */
+
+#include "config.h"
+#include "alpha_sys.h"
+#include "qemu/log.h"
+#include "sysemu/sysemu.h"
+
+
+/* Fallback for unassigned PCI I/O operations. Avoids MCHK. */
+
+static uint64_t ignore_read(void *opaque, hwaddr addr, unsigned size)
+{
+ return 0;
+}
+
+static void ignore_write(void *opaque, hwaddr addr, uint64_t v, unsigned size)
+{
+}
+
+const MemoryRegionOps alpha_pci_ignore_ops = {
+ .read = ignore_read,
+ .write = ignore_write,
+ .endianness = DEVICE_LITTLE_ENDIAN,
+ .valid = {
+ .min_access_size = 1,
+ .max_access_size = 8,
+ },
+ .impl = {
+ .min_access_size = 1,
+ .max_access_size = 8,
+ },
+};
+
+
+/* PCI config space reads/writes, to byte-word addressable memory. */
+static uint64_t bw_conf1_read(void *opaque, hwaddr addr,
+ unsigned size)
+{
+ PCIBus *b = opaque;
+ return pci_data_read(b, addr, size);
+}
+
+static void bw_conf1_write(void *opaque, hwaddr addr,
+ uint64_t val, unsigned size)
+{
+ PCIBus *b = opaque;
+ pci_data_write(b, addr, val, size);
+}
+
+const MemoryRegionOps alpha_pci_conf1_ops = {
+ .read = bw_conf1_read,
+ .write = bw_conf1_write,
+ .endianness = DEVICE_LITTLE_ENDIAN,
+ .impl = {
+ .min_access_size = 1,
+ .max_access_size = 4,
+ },
+};
+
+/* PCI/EISA Interrupt Acknowledge Cycle. */
+
+static uint64_t iack_read(void *opaque, hwaddr addr, unsigned size)
+{
+ return pic_read_irq(isa_pic);
+}
+
+static void special_write(void *opaque, hwaddr addr,
+ uint64_t val, unsigned size)
+{
+ qemu_log("pci: special write cycle");
+}
+
+const MemoryRegionOps alpha_pci_iack_ops = {
+ .read = iack_read,
+ .write = special_write,
+ .endianness = DEVICE_LITTLE_ENDIAN,
+ .valid = {
+ .min_access_size = 4,
+ .max_access_size = 4,
+ },
+ .impl = {
+ .min_access_size = 4,
+ .max_access_size = 4,
+ },
+};
diff --git a/hw/alpha/typhoon.c b/hw/alpha/typhoon.c
new file mode 100644
index 000000000..b7fb04406
--- /dev/null
+++ b/hw/alpha/typhoon.c
@@ -0,0 +1,810 @@
+/*
+ * DEC 21272 (TSUNAMI/TYPHOON) chipset emulation.
+ *
+ * Written by Richard Henderson.
+ *
+ * This work is licensed under the GNU GPL license version 2 or later.
+ */
+
+#include "cpu.h"
+#include "hw/hw.h"
+#include "hw/devices.h"
+#include "sysemu/sysemu.h"
+#include "alpha_sys.h"
+#include "exec/address-spaces.h"
+
+
+#define TYPE_TYPHOON_PCI_HOST_BRIDGE "typhoon-pcihost"
+
+typedef struct TyphoonCchip {
+ MemoryRegion region;
+ uint64_t misc;
+ uint64_t drir;
+ uint64_t dim[4];
+ uint32_t iic[4];
+ AlphaCPU *cpu[4];
+} TyphoonCchip;
+
+typedef struct TyphoonWindow {
+ uint32_t base_addr;
+ uint32_t mask;
+ uint32_t translated_base_pfn;
+} TyphoonWindow;
+
+typedef struct TyphoonPchip {
+ MemoryRegion region;
+ MemoryRegion reg_iack;
+ MemoryRegion reg_mem;
+ MemoryRegion reg_io;
+ MemoryRegion reg_conf;
+ uint64_t ctl;
+ TyphoonWindow win[4];
+} TyphoonPchip;
+
+#define TYPHOON_PCI_HOST_BRIDGE(obj) \
+ OBJECT_CHECK(TyphoonState, (obj), TYPE_TYPHOON_PCI_HOST_BRIDGE)
+
+typedef struct TyphoonState {
+ PCIHostState parent_obj;
+
+ TyphoonCchip cchip;
+ TyphoonPchip pchip;
+ MemoryRegion dchip_region;
+ MemoryRegion ram_region;
+} TyphoonState;
+
+/* Called when one of DRIR or DIM changes. */
+static void cpu_irq_change(AlphaCPU *cpu, uint64_t req)
+{
+ /* If there are any non-masked interrupts, tell the cpu. */
+ if (cpu != NULL) {
+ CPUState *cs = CPU(cpu);
+ if (req) {
+ cpu_interrupt(cs, CPU_INTERRUPT_HARD);
+ } else {
+ cpu_reset_interrupt(cs, CPU_INTERRUPT_HARD);
+ }
+ }
+}
+
+static uint64_t cchip_read(void *opaque, hwaddr addr, unsigned size)
+{
+ CPUState *cpu = current_cpu;
+ TyphoonState *s = opaque;
+ uint64_t ret = 0;
+
+ switch (addr) {
+ case 0x0000:
+ /* CSC: Cchip System Configuration Register. */
+ /* All sorts of data here; probably the only thing relevant is
+ PIP<14> Pchip 1 Present = 0. */
+ break;
+
+ case 0x0040:
+ /* MTR: Memory Timing Register. */
+ /* All sorts of stuff related to real DRAM. */
+ break;
+
+ case 0x0080:
+ /* MISC: Miscellaneous Register. */
+ ret = s->cchip.misc | (cpu->cpu_index & 3);
+ break;
+
+ case 0x00c0:
+ /* MPD: Memory Presence Detect Register. */
+ break;
+
+ case 0x0100: /* AAR0 */
+ case 0x0140: /* AAR1 */
+ case 0x0180: /* AAR2 */
+ case 0x01c0: /* AAR3 */
+ /* AAR: Array Address Register. */
+ /* All sorts of information about DRAM. */
+ break;
+
+ case 0x0200:
+ /* DIM0: Device Interrupt Mask Register, CPU0. */
+ ret = s->cchip.dim[0];
+ break;
+ case 0x0240:
+ /* DIM1: Device Interrupt Mask Register, CPU1. */
+ ret = s->cchip.dim[1];
+ break;
+ case 0x0280:
+ /* DIR0: Device Interrupt Request Register, CPU0. */
+ ret = s->cchip.dim[0] & s->cchip.drir;
+ break;
+ case 0x02c0:
+ /* DIR1: Device Interrupt Request Register, CPU1. */
+ ret = s->cchip.dim[1] & s->cchip.drir;
+ break;
+ case 0x0300:
+ /* DRIR: Device Raw Interrupt Request Register. */
+ ret = s->cchip.drir;
+ break;
+
+ case 0x0340:
+ /* PRBEN: Probe Enable Register. */
+ break;
+
+ case 0x0380:
+ /* IIC0: Interval Ignore Count Register, CPU0. */
+ ret = s->cchip.iic[0];
+ break;
+ case 0x03c0:
+ /* IIC1: Interval Ignore Count Register, CPU1. */
+ ret = s->cchip.iic[1];
+ break;
+
+ case 0x0400: /* MPR0 */
+ case 0x0440: /* MPR1 */
+ case 0x0480: /* MPR2 */
+ case 0x04c0: /* MPR3 */
+ /* MPR: Memory Programming Register. */
+ break;
+
+ case 0x0580:
+ /* TTR: TIGbus Timing Register. */
+ /* All sorts of stuff related to interrupt delivery timings. */
+ break;
+ case 0x05c0:
+ /* TDR: TIGbug Device Timing Register. */
+ break;
+
+ case 0x0600:
+ /* DIM2: Device Interrupt Mask Register, CPU2. */
+ ret = s->cchip.dim[2];
+ break;
+ case 0x0640:
+ /* DIM3: Device Interrupt Mask Register, CPU3. */
+ ret = s->cchip.dim[3];
+ break;
+ case 0x0680:
+ /* DIR2: Device Interrupt Request Register, CPU2. */
+ ret = s->cchip.dim[2] & s->cchip.drir;
+ break;
+ case 0x06c0:
+ /* DIR3: Device Interrupt Request Register, CPU3. */
+ ret = s->cchip.dim[3] & s->cchip.drir;
+ break;
+
+ case 0x0700:
+ /* IIC2: Interval Ignore Count Register, CPU2. */
+ ret = s->cchip.iic[2];
+ break;
+ case 0x0740:
+ /* IIC3: Interval Ignore Count Register, CPU3. */
+ ret = s->cchip.iic[3];
+ break;
+
+ case 0x0780:
+ /* PWR: Power Management Control. */
+ break;
+
+ case 0x0c00: /* CMONCTLA */
+ case 0x0c40: /* CMONCTLB */
+ case 0x0c80: /* CMONCNT01 */
+ case 0x0cc0: /* CMONCNT23 */
+ break;
+
+ default:
+ cpu_unassigned_access(cpu, addr, false, false, 0, size);
+ return -1;
+ }
+
+ return ret;
+}
+
+static uint64_t dchip_read(void *opaque, hwaddr addr, unsigned size)
+{
+ /* Skip this. It's all related to DRAM timing and setup. */
+ return 0;
+}
+
+static uint64_t pchip_read(void *opaque, hwaddr addr, unsigned size)
+{
+ TyphoonState *s = opaque;
+ uint64_t ret = 0;
+
+ switch (addr) {
+ case 0x0000:
+ /* WSBA0: Window Space Base Address Register. */
+ ret = s->pchip.win[0].base_addr;
+ break;
+ case 0x0040:
+ /* WSBA1 */
+ ret = s->pchip.win[1].base_addr;
+ break;
+ case 0x0080:
+ /* WSBA2 */
+ ret = s->pchip.win[2].base_addr;
+ break;
+ case 0x00c0:
+ /* WSBA3 */
+ ret = s->pchip.win[3].base_addr;
+ break;
+
+ case 0x0100:
+ /* WSM0: Window Space Mask Register. */
+ ret = s->pchip.win[0].mask;
+ break;
+ case 0x0140:
+ /* WSM1 */
+ ret = s->pchip.win[1].mask;
+ break;
+ case 0x0180:
+ /* WSM2 */
+ ret = s->pchip.win[2].mask;
+ break;
+ case 0x01c0:
+ /* WSM3 */
+ ret = s->pchip.win[3].mask;
+ break;
+
+ case 0x0200:
+ /* TBA0: Translated Base Address Register. */
+ ret = (uint64_t)s->pchip.win[0].translated_base_pfn << 10;
+ break;
+ case 0x0240:
+ /* TBA1 */
+ ret = (uint64_t)s->pchip.win[1].translated_base_pfn << 10;
+ break;
+ case 0x0280:
+ /* TBA2 */
+ ret = (uint64_t)s->pchip.win[2].translated_base_pfn << 10;
+ break;
+ case 0x02c0:
+ /* TBA3 */
+ ret = (uint64_t)s->pchip.win[3].translated_base_pfn << 10;
+ break;
+
+ case 0x0300:
+ /* PCTL: Pchip Control Register. */
+ ret = s->pchip.ctl;
+ break;
+ case 0x0340:
+ /* PLAT: Pchip Master Latency Register. */
+ break;
+ case 0x03c0:
+ /* PERROR: Pchip Error Register. */
+ break;
+ case 0x0400:
+ /* PERRMASK: Pchip Error Mask Register. */
+ break;
+ case 0x0440:
+ /* PERRSET: Pchip Error Set Register. */
+ break;
+ case 0x0480:
+ /* TLBIV: Translation Buffer Invalidate Virtual Register (WO). */
+ break;
+ case 0x04c0:
+ /* TLBIA: Translation Buffer Invalidate All Register (WO). */
+ break;
+ case 0x0500: /* PMONCTL */
+ case 0x0540: /* PMONCNT */
+ case 0x0800: /* SPRST */
+ break;
+
+ default:
+ cpu_unassigned_access(current_cpu, addr, false, false, 0, size);
+ return -1;
+ }
+
+ return ret;
+}
+
+static void cchip_write(void *opaque, hwaddr addr,
+ uint64_t val, unsigned size)
+{
+ TyphoonState *s = opaque;
+ uint64_t oldval, newval;
+
+ switch (addr) {
+ case 0x0000:
+ /* CSC: Cchip System Configuration Register. */
+ /* All sorts of data here; nothing relevant RW. */
+ break;
+
+ case 0x0040:
+ /* MTR: Memory Timing Register. */
+ /* All sorts of stuff related to real DRAM. */
+ break;
+
+ case 0x0080:
+ /* MISC: Miscellaneous Register. */
+ newval = oldval = s->cchip.misc;
+ newval &= ~(val & 0x10000ff0); /* W1C fields */
+ if (val & 0x100000) {
+ newval &= ~0xff0000ull; /* ACL clears ABT and ABW */
+ } else {
+ newval |= val & 0x00f00000; /* ABT field is W1S */
+ if ((newval & 0xf0000) == 0) {
+ newval |= val & 0xf0000; /* ABW field is W1S iff zero */
+ }
+ }
+ newval |= (val & 0xf000) >> 4; /* IPREQ field sets IPINTR. */
+
+ newval &= ~0xf0000000000ull; /* WO and RW fields */
+ newval |= val & 0xf0000000000ull;
+ s->cchip.misc = newval;
+
+ /* Pass on changes to IPI and ITI state. */
+ if ((newval ^ oldval) & 0xff0) {
+ int i;
+ for (i = 0; i < 4; ++i) {
+ AlphaCPU *cpu = s->cchip.cpu[i];
+ if (cpu != NULL) {
+ CPUState *cs = CPU(cpu);
+ /* IPI can be either cleared or set by the write. */
+ if (newval & (1 << (i + 8))) {
+ cpu_interrupt(cs, CPU_INTERRUPT_SMP);
+ } else {
+ cpu_reset_interrupt(cs, CPU_INTERRUPT_SMP);
+ }
+
+ /* ITI can only be cleared by the write. */
+ if ((newval & (1 << (i + 4))) == 0) {
+ cpu_reset_interrupt(cs, CPU_INTERRUPT_TIMER);
+ }
+ }
+ }
+ }
+ break;
+
+ case 0x00c0:
+ /* MPD: Memory Presence Detect Register. */
+ break;
+
+ case 0x0100: /* AAR0 */
+ case 0x0140: /* AAR1 */
+ case 0x0180: /* AAR2 */
+ case 0x01c0: /* AAR3 */
+ /* AAR: Array Address Register. */
+ /* All sorts of information about DRAM. */
+ break;
+
+ case 0x0200: /* DIM0 */
+ /* DIM: Device Interrupt Mask Register, CPU0. */
+ s->cchip.dim[0] = val;
+ cpu_irq_change(s->cchip.cpu[0], val & s->cchip.drir);
+ break;
+ case 0x0240: /* DIM1 */
+ /* DIM: Device Interrupt Mask Register, CPU1. */
+ s->cchip.dim[0] = val;
+ cpu_irq_change(s->cchip.cpu[1], val & s->cchip.drir);
+ break;
+
+ case 0x0280: /* DIR0 (RO) */
+ case 0x02c0: /* DIR1 (RO) */
+ case 0x0300: /* DRIR (RO) */
+ break;
+
+ case 0x0340:
+ /* PRBEN: Probe Enable Register. */
+ break;
+
+ case 0x0380: /* IIC0 */
+ s->cchip.iic[0] = val & 0xffffff;
+ break;
+ case 0x03c0: /* IIC1 */
+ s->cchip.iic[1] = val & 0xffffff;
+ break;
+
+ case 0x0400: /* MPR0 */
+ case 0x0440: /* MPR1 */
+ case 0x0480: /* MPR2 */
+ case 0x04c0: /* MPR3 */
+ /* MPR: Memory Programming Register. */
+ break;
+
+ case 0x0580:
+ /* TTR: TIGbus Timing Register. */
+ /* All sorts of stuff related to interrupt delivery timings. */
+ break;
+ case 0x05c0:
+ /* TDR: TIGbug Device Timing Register. */
+ break;
+
+ case 0x0600:
+ /* DIM2: Device Interrupt Mask Register, CPU2. */
+ s->cchip.dim[2] = val;
+ cpu_irq_change(s->cchip.cpu[2], val & s->cchip.drir);
+ break;
+ case 0x0640:
+ /* DIM3: Device Interrupt Mask Register, CPU3. */
+ s->cchip.dim[3] = val;
+ cpu_irq_change(s->cchip.cpu[3], val & s->cchip.drir);
+ break;
+
+ case 0x0680: /* DIR2 (RO) */
+ case 0x06c0: /* DIR3 (RO) */
+ break;
+
+ case 0x0700: /* IIC2 */
+ s->cchip.iic[2] = val & 0xffffff;
+ break;
+ case 0x0740: /* IIC3 */
+ s->cchip.iic[3] = val & 0xffffff;
+ break;
+
+ case 0x0780:
+ /* PWR: Power Management Control. */
+ break;
+
+ case 0x0c00: /* CMONCTLA */
+ case 0x0c40: /* CMONCTLB */
+ case 0x0c80: /* CMONCNT01 */
+ case 0x0cc0: /* CMONCNT23 */
+ break;
+
+ default:
+ cpu_unassigned_access(current_cpu, addr, true, false, 0, size);
+ return;
+ }
+}
+
+static void dchip_write(void *opaque, hwaddr addr,
+ uint64_t val, unsigned size)
+{
+ /* Skip this. It's all related to DRAM timing and setup. */
+}
+
+static void pchip_write(void *opaque, hwaddr addr,
+ uint64_t val, unsigned size)
+{
+ TyphoonState *s = opaque;
+ uint64_t oldval;
+
+ switch (addr) {
+ case 0x0000:
+ /* WSBA0: Window Space Base Address Register. */
+ s->pchip.win[0].base_addr = val;
+ break;
+ case 0x0040:
+ /* WSBA1 */
+ s->pchip.win[1].base_addr = val;
+ break;
+ case 0x0080:
+ /* WSBA2 */
+ s->pchip.win[2].base_addr = val;
+ break;
+ case 0x00c0:
+ /* WSBA3 */
+ s->pchip.win[3].base_addr = val;
+ break;
+
+ case 0x0100:
+ /* WSM0: Window Space Mask Register. */
+ s->pchip.win[0].mask = val;
+ break;
+ case 0x0140:
+ /* WSM1 */
+ s->pchip.win[1].mask = val;
+ break;
+ case 0x0180:
+ /* WSM2 */
+ s->pchip.win[2].mask = val;
+ break;
+ case 0x01c0:
+ /* WSM3 */
+ s->pchip.win[3].mask = val;
+ break;
+
+ case 0x0200:
+ /* TBA0: Translated Base Address Register. */
+ s->pchip.win[0].translated_base_pfn = val >> 10;
+ break;
+ case 0x0240:
+ /* TBA1 */
+ s->pchip.win[1].translated_base_pfn = val >> 10;
+ break;
+ case 0x0280:
+ /* TBA2 */
+ s->pchip.win[2].translated_base_pfn = val >> 10;
+ break;
+ case 0x02c0:
+ /* TBA3 */
+ s->pchip.win[3].translated_base_pfn = val >> 10;
+ break;
+
+ case 0x0300:
+ /* PCTL: Pchip Control Register. */
+ oldval = s->pchip.ctl;
+ oldval &= ~0x00001cff0fc7ffull; /* RW fields */
+ oldval |= val & 0x00001cff0fc7ffull;
+
+ s->pchip.ctl = oldval;
+ break;
+
+ case 0x0340:
+ /* PLAT: Pchip Master Latency Register. */
+ break;
+ case 0x03c0:
+ /* PERROR: Pchip Error Register. */
+ break;
+ case 0x0400:
+ /* PERRMASK: Pchip Error Mask Register. */
+ break;
+ case 0x0440:
+ /* PERRSET: Pchip Error Set Register. */
+ break;
+
+ case 0x0480:
+ /* TLBIV: Translation Buffer Invalidate Virtual Register. */
+ break;
+
+ case 0x04c0:
+ /* TLBIA: Translation Buffer Invalidate All Register (WO). */
+ break;
+
+ case 0x0500:
+ /* PMONCTL */
+ case 0x0540:
+ /* PMONCNT */
+ case 0x0800:
+ /* SPRST */
+ break;
+
+ default:
+ cpu_unassigned_access(current_cpu, addr, true, false, 0, size);
+ return;
+ }
+}
+
+static const MemoryRegionOps cchip_ops = {
+ .read = cchip_read,
+ .write = cchip_write,
+ .endianness = DEVICE_LITTLE_ENDIAN,
+ .valid = {
+ .min_access_size = 8,
+ .max_access_size = 8,
+ },
+ .impl = {
+ .min_access_size = 8,
+ .max_access_size = 8,
+ },
+};
+
+static const MemoryRegionOps dchip_ops = {
+ .read = dchip_read,
+ .write = dchip_write,
+ .endianness = DEVICE_LITTLE_ENDIAN,
+ .valid = {
+ .min_access_size = 8,
+ .max_access_size = 8,
+ },
+ .impl = {
+ .min_access_size = 8,
+ .max_access_size = 8,
+ },
+};
+
+static const MemoryRegionOps pchip_ops = {
+ .read = pchip_read,
+ .write = pchip_write,
+ .endianness = DEVICE_LITTLE_ENDIAN,
+ .valid = {
+ .min_access_size = 8,
+ .max_access_size = 8,
+ },
+ .impl = {
+ .min_access_size = 8,
+ .max_access_size = 8,
+ },
+};
+
+static void typhoon_set_irq(void *opaque, int irq, int level)
+{
+ TyphoonState *s = opaque;
+ uint64_t drir;
+ int i;
+
+ /* Set/Reset the bit in CCHIP.DRIR based on IRQ+LEVEL. */
+ drir = s->cchip.drir;
+ if (level) {
+ drir |= 1ull << irq;
+ } else {
+ drir &= ~(1ull << irq);
+ }
+ s->cchip.drir = drir;
+
+ for (i = 0; i < 4; ++i) {
+ cpu_irq_change(s->cchip.cpu[i], s->cchip.dim[i] & drir);
+ }
+}
+
+static void typhoon_set_isa_irq(void *opaque, int irq, int level)
+{
+ typhoon_set_irq(opaque, 55, level);
+}
+
+static void typhoon_set_timer_irq(void *opaque, int irq, int level)
+{
+ TyphoonState *s = opaque;
+ int i;
+
+ /* Thankfully, the mc146818rtc code doesn't track the IRQ state,
+ and so we don't have to worry about missing interrupts just
+ because we never actually ACK the interrupt. Just ignore any
+ case of the interrupt level going low. */
+ if (level == 0) {
+ return;
+ }
+
+ /* Deliver the interrupt to each CPU, considering each CPU's IIC. */
+ for (i = 0; i < 4; ++i) {
+ AlphaCPU *cpu = s->cchip.cpu[i];
+ if (cpu != NULL) {
+ uint32_t iic = s->cchip.iic[i];
+
+ /* ??? The verbage in Section 10.2.2.10 isn't 100% clear.
+ Bit 24 is the OverFlow bit, RO, and set when the count
+ decrements past 0. When is OF cleared? My guess is that
+ OF is actually cleared when the IIC is written, and that
+ the ICNT field always decrements. At least, that's an
+ interpretation that makes sense, and "allows the CPU to
+ determine exactly how mant interval timer ticks were
+ skipped". At least within the next 4M ticks... */
+
+ iic = ((iic - 1) & 0x1ffffff) | (iic & 0x1000000);
+ s->cchip.iic[i] = iic;
+
+ if (iic & 0x1000000) {
+ /* Set the ITI bit for this cpu. */
+ s->cchip.misc |= 1 << (i + 4);
+ /* And signal the interrupt. */
+ cpu_interrupt(CPU(cpu), CPU_INTERRUPT_TIMER);
+ }
+ }
+ }
+}
+
+static void typhoon_alarm_timer(void *opaque)
+{
+ TyphoonState *s = (TyphoonState *)((uintptr_t)opaque & ~3);
+ int cpu = (uintptr_t)opaque & 3;
+
+ /* Set the ITI bit for this cpu. */
+ s->cchip.misc |= 1 << (cpu + 4);
+ cpu_interrupt(CPU(s->cchip.cpu[cpu]), CPU_INTERRUPT_TIMER);
+}
+
+PCIBus *typhoon_init(ram_addr_t ram_size, ISABus **isa_bus,
+ qemu_irq *p_rtc_irq,
+ AlphaCPU *cpus[4], pci_map_irq_fn sys_map_irq)
+{
+ const uint64_t MB = 1024 * 1024;
+ const uint64_t GB = 1024 * MB;
+ MemoryRegion *addr_space = get_system_memory();
+ DeviceState *dev;
+ TyphoonState *s;
+ PCIHostState *phb;
+ PCIBus *b;
+ int i;
+
+ dev = qdev_create(NULL, TYPE_TYPHOON_PCI_HOST_BRIDGE);
+ qdev_init_nofail(dev);
+
+ s = TYPHOON_PCI_HOST_BRIDGE(dev);
+ phb = PCI_HOST_BRIDGE(dev);
+
+ /* Remember the CPUs so that we can deliver interrupts to them. */
+ for (i = 0; i < 4; i++) {
+ AlphaCPU *cpu = cpus[i];
+ s->cchip.cpu[i] = cpu;
+ if (cpu != NULL) {
+ cpu->alarm_timer = qemu_new_timer_ns(vm_clock,
+ typhoon_alarm_timer,
+ (void *)((uintptr_t)s + i));
+ }
+ }
+
+ *p_rtc_irq = *qemu_allocate_irqs(typhoon_set_timer_irq, s, 1);
+
+ /* Main memory region, 0x00.0000.0000. Real hardware supports 32GB,
+ but the address space hole reserved at this point is 8TB. */
+ memory_region_init_ram(&s->ram_region, OBJECT(s), "ram", ram_size);
+ vmstate_register_ram_global(&s->ram_region);
+ memory_region_add_subregion(addr_space, 0, &s->ram_region);
+
+ /* TIGbus, 0x801.0000.0000, 1GB. */
+ /* ??? The TIGbus is used for delivering interrupts, and access to
+ the flash ROM. I'm not sure that we need to implement it at all. */
+
+ /* Pchip0 CSRs, 0x801.8000.0000, 256MB. */
+ memory_region_init_io(&s->pchip.region, OBJECT(s), &pchip_ops, s, "pchip0",
+ 256*MB);
+ memory_region_add_subregion(addr_space, 0x80180000000ULL,
+ &s->pchip.region);
+
+ /* Cchip CSRs, 0x801.A000.0000, 256MB. */
+ memory_region_init_io(&s->cchip.region, OBJECT(s), &cchip_ops, s, "cchip0",
+ 256*MB);
+ memory_region_add_subregion(addr_space, 0x801a0000000ULL,
+ &s->cchip.region);
+
+ /* Dchip CSRs, 0x801.B000.0000, 256MB. */
+ memory_region_init_io(&s->dchip_region, OBJECT(s), &dchip_ops, s, "dchip0",
+ 256*MB);
+ memory_region_add_subregion(addr_space, 0x801b0000000ULL,
+ &s->dchip_region);
+
+ /* Pchip0 PCI memory, 0x800.0000.0000, 4GB. */
+ memory_region_init(&s->pchip.reg_mem, OBJECT(s), "pci0-mem", 4*GB);
+ memory_region_add_subregion(addr_space, 0x80000000000ULL,
+ &s->pchip.reg_mem);
+
+ /* Pchip0 PCI I/O, 0x801.FC00.0000, 32MB. */
+ memory_region_init_io(&s->pchip.reg_io, OBJECT(s), &alpha_pci_ignore_ops,
+ NULL, "pci0-io", 32*MB);
+ memory_region_add_subregion(addr_space, 0x801fc000000ULL,
+ &s->pchip.reg_io);
+
+ b = pci_register_bus(dev, "pci",
+ typhoon_set_irq, sys_map_irq, s,
+ &s->pchip.reg_mem, &s->pchip.reg_io,
+ 0, 64, TYPE_PCI_BUS);
+ phb->bus = b;
+
+ /* Pchip0 PCI special/interrupt acknowledge, 0x801.F800.0000, 64MB. */
+ memory_region_init_io(&s->pchip.reg_iack, OBJECT(s), &alpha_pci_iack_ops,
+ b, "pci0-iack", 64*MB);
+ memory_region_add_subregion(addr_space, 0x801f8000000ULL,
+ &s->pchip.reg_iack);
+
+ /* Pchip0 PCI configuration, 0x801.FE00.0000, 16MB. */
+ memory_region_init_io(&s->pchip.reg_conf, OBJECT(s), &alpha_pci_conf1_ops,
+ b, "pci0-conf", 16*MB);
+ memory_region_add_subregion(addr_space, 0x801fe000000ULL,
+ &s->pchip.reg_conf);
+
+ /* For the record, these are the mappings for the second PCI bus.
+ We can get away with not implementing them because we indicate
+ via the Cchip.CSC<PIP> bit that Pchip1 is not present. */
+ /* Pchip1 PCI memory, 0x802.0000.0000, 4GB. */
+ /* Pchip1 CSRs, 0x802.8000.0000, 256MB. */
+ /* Pchip1 PCI special/interrupt acknowledge, 0x802.F800.0000, 64MB. */
+ /* Pchip1 PCI I/O, 0x802.FC00.0000, 32MB. */
+ /* Pchip1 PCI configuration, 0x802.FE00.0000, 16MB. */
+
+ /* Init the ISA bus. */
+ /* ??? Technically there should be a cy82c693ub pci-isa bridge. */
+ {
+ qemu_irq isa_pci_irq, *isa_irqs;
+
+ *isa_bus = isa_bus_new(NULL, &s->pchip.reg_io);
+ isa_pci_irq = *qemu_allocate_irqs(typhoon_set_isa_irq, s, 1);
+ isa_irqs = i8259_init(*isa_bus, isa_pci_irq);
+ isa_bus_irqs(*isa_bus, isa_irqs);
+ }
+
+ return b;
+}
+
+static int typhoon_pcihost_init(SysBusDevice *dev)
+{
+ return 0;
+}
+
+static void typhoon_pcihost_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
+
+ k->init = typhoon_pcihost_init;
+ dc->no_user = 1;
+}
+
+static const TypeInfo typhoon_pcihost_info = {
+ .name = TYPE_TYPHOON_PCI_HOST_BRIDGE,
+ .parent = TYPE_PCI_HOST_BRIDGE,
+ .instance_size = sizeof(TyphoonState),
+ .class_init = typhoon_pcihost_class_init,
+};
+
+static void typhoon_register_types(void)
+{
+ type_register_static(&typhoon_pcihost_info);
+}
+
+type_init(typhoon_register_types)
diff --git a/hw/alpha_dp264.c b/hw/alpha_dp264.c
deleted file mode 100644
index 76d8ae8a8..000000000
--- a/hw/alpha_dp264.c
+++ /dev/null
@@ -1,181 +0,0 @@
-/*
- * QEMU Alpha DP264/CLIPPER hardware system emulator.
- *
- * Choose CLIPPER IRQ mappings over, say, DP264, MONET, or WEBBRICK
- * variants because CLIPPER doesn't have an SMC669 SuperIO controller
- * that we need to emulate as well.
- */
-
-#include "hw.h"
-#include "elf.h"
-#include "loader.h"
-#include "boards.h"
-#include "alpha_sys.h"
-#include "sysemu.h"
-#include "mc146818rtc.h"
-#include "ide.h"
-#include "i8254.h"
-#include "serial.h"
-
-#define MAX_IDE_BUS 2
-
-static uint64_t cpu_alpha_superpage_to_phys(void *opaque, uint64_t addr)
-{
- if (((addr >> 41) & 3) == 2) {
- addr &= 0xffffffffffull;
- }
- return addr;
-}
-
-/* Note that there are at least 3 viewpoints of IRQ numbers on Alpha systems.
- (0) The dev_irq_n lines into the cpu, which we totally ignore,
- (1) The DRIR lines in the typhoon chipset,
- (2) The "vector" aka mangled interrupt number reported by SRM PALcode,
- (3) The interrupt number assigned by the kernel.
- The following function is concerned with (1) only. */
-
-static int clipper_pci_map_irq(PCIDevice *d, int irq_num)
-{
- int slot = d->devfn >> 3;
-
- assert(irq_num >= 0 && irq_num <= 3);
-
- return (slot + 1) * 4 + irq_num;
-}
-
-static void clipper_init(QEMUMachineInitArgs *args)
-{
- ram_addr_t ram_size = args->ram_size;
- const char *cpu_model = args->cpu_model;
- const char *kernel_filename = args->kernel_filename;
- const char *kernel_cmdline = args->kernel_cmdline;
- const char *initrd_filename = args->initrd_filename;
- CPUAlphaState *cpus[4];
- PCIBus *pci_bus;
- ISABus *isa_bus;
- qemu_irq rtc_irq;
- long size, i;
- const char *palcode_filename;
- uint64_t palcode_entry, palcode_low, palcode_high;
- uint64_t kernel_entry, kernel_low, kernel_high;
-
- /* Create up to 4 cpus. */
- memset(cpus, 0, sizeof(cpus));
- for (i = 0; i < smp_cpus; ++i) {
- cpus[i] = cpu_init(cpu_model ? cpu_model : "ev67");
- }
-
- cpus[0]->trap_arg0 = ram_size;
- cpus[0]->trap_arg1 = 0;
- cpus[0]->trap_arg2 = smp_cpus;
-
- /* Init the chipset. */
- pci_bus = typhoon_init(ram_size, &isa_bus, &rtc_irq, cpus,
- clipper_pci_map_irq);
-
- rtc_init(isa_bus, 1980, rtc_irq);
- pit_init(isa_bus, 0x40, 0, NULL);
- isa_create_simple(isa_bus, "i8042");
-
- /* VGA setup. Don't bother loading the bios. */
- pci_vga_init(pci_bus);
-
- /* Serial code setup. */
- for (i = 0; i < MAX_SERIAL_PORTS; ++i) {
- if (serial_hds[i]) {
- serial_isa_init(isa_bus, i, serial_hds[i]);
- }
- }
-
- /* Network setup. e1000 is good enough, failing Tulip support. */
- for (i = 0; i < nb_nics; i++) {
- pci_nic_init_nofail(&nd_table[i], "e1000", NULL);
- }
-
- /* IDE disk setup. */
- {
- DriveInfo *hd[MAX_IDE_BUS * MAX_IDE_DEVS];
- ide_drive_get(hd, MAX_IDE_BUS);
-
- pci_cmd646_ide_init(pci_bus, hd, 0);
- }
-
- /* Load PALcode. Given that this is not "real" cpu palcode,
- but one explicitly written for the emulation, we might as
- well load it directly from and ELF image. */
- palcode_filename = (bios_name ? bios_name : "palcode-clipper");
- palcode_filename = qemu_find_file(QEMU_FILE_TYPE_BIOS, palcode_filename);
- if (palcode_filename == NULL) {
- hw_error("no palcode provided\n");
- exit(1);
- }
- size = load_elf(palcode_filename, cpu_alpha_superpage_to_phys,
- NULL, &palcode_entry, &palcode_low, &palcode_high,
- 0, EM_ALPHA, 0);
- if (size < 0) {
- hw_error("could not load palcode '%s'\n", palcode_filename);
- exit(1);
- }
-
- /* Start all cpus at the PALcode RESET entry point. */
- for (i = 0; i < smp_cpus; ++i) {
- cpus[i]->pal_mode = 1;
- cpus[i]->pc = palcode_entry;
- cpus[i]->palbr = palcode_entry;
- }
-
- /* Load a kernel. */
- if (kernel_filename) {
- uint64_t param_offset;
-
- size = load_elf(kernel_filename, cpu_alpha_superpage_to_phys,
- NULL, &kernel_entry, &kernel_low, &kernel_high,
- 0, EM_ALPHA, 0);
- if (size < 0) {
- hw_error("could not load kernel '%s'\n", kernel_filename);
- exit(1);
- }
-
- cpus[0]->trap_arg1 = kernel_entry;
-
- param_offset = kernel_low - 0x6000;
-
- if (kernel_cmdline) {
- pstrcpy_targphys("cmdline", param_offset, 0x100, kernel_cmdline);
- }
-
- if (initrd_filename) {
- long initrd_base, initrd_size;
-
- initrd_size = get_image_size(initrd_filename);
- if (initrd_size < 0) {
- hw_error("could not load initial ram disk '%s'\n",
- initrd_filename);
- exit(1);
- }
-
- /* Put the initrd image as high in memory as possible. */
- initrd_base = (ram_size - initrd_size) & TARGET_PAGE_MASK;
- load_image_targphys(initrd_filename, initrd_base,
- ram_size - initrd_base);
-
- stq_phys(param_offset + 0x100, initrd_base + 0xfffffc0000000000ULL);
- stq_phys(param_offset + 0x108, initrd_size);
- }
- }
-}
-
-static QEMUMachine clipper_machine = {
- .name = "clipper",
- .desc = "Alpha DP264/CLIPPER",
- .init = clipper_init,
- .max_cpus = 4,
- .is_default = 1,
-};
-
-static void clipper_machine_init(void)
-{
- qemu_register_machine(&clipper_machine);
-}
-
-machine_init(clipper_machine_init);
diff --git a/hw/alpha_pci.c b/hw/alpha_pci.c
deleted file mode 100644
index 7e7b1d27d..000000000
--- a/hw/alpha_pci.c
+++ /dev/null
@@ -1,109 +0,0 @@
-/*
- * QEMU Alpha PCI support functions.
- *
- * Some of this isn't very Alpha specific at all.
- *
- * ??? Sparse memory access not implemented.
- */
-
-#include "config.h"
-#include "alpha_sys.h"
-#include "qemu-log.h"
-#include "sysemu.h"
-
-
-/* PCI IO reads/writes, to byte-word addressable memory. */
-/* ??? Doesn't handle multiple PCI busses. */
-
-static uint64_t bw_io_read(void *opaque, hwaddr addr, unsigned size)
-{
- switch (size) {
- case 1:
- return cpu_inb(addr);
- case 2:
- return cpu_inw(addr);
- case 4:
- return cpu_inl(addr);
- }
- abort();
-}
-
-static void bw_io_write(void *opaque, hwaddr addr,
- uint64_t val, unsigned size)
-{
- switch (size) {
- case 1:
- cpu_outb(addr, val);
- break;
- case 2:
- cpu_outw(addr, val);
- break;
- case 4:
- cpu_outl(addr, val);
- break;
- default:
- abort();
- }
-}
-
-const MemoryRegionOps alpha_pci_bw_io_ops = {
- .read = bw_io_read,
- .write = bw_io_write,
- .endianness = DEVICE_LITTLE_ENDIAN,
- .impl = {
- .min_access_size = 1,
- .max_access_size = 4,
- },
-};
-
-/* PCI config space reads/writes, to byte-word addressable memory. */
-static uint64_t bw_conf1_read(void *opaque, hwaddr addr,
- unsigned size)
-{
- PCIBus *b = opaque;
- return pci_data_read(b, addr, size);
-}
-
-static void bw_conf1_write(void *opaque, hwaddr addr,
- uint64_t val, unsigned size)
-{
- PCIBus *b = opaque;
- pci_data_write(b, addr, val, size);
-}
-
-const MemoryRegionOps alpha_pci_conf1_ops = {
- .read = bw_conf1_read,
- .write = bw_conf1_write,
- .endianness = DEVICE_LITTLE_ENDIAN,
- .impl = {
- .min_access_size = 1,
- .max_access_size = 4,
- },
-};
-
-/* PCI/EISA Interrupt Acknowledge Cycle. */
-
-static uint64_t iack_read(void *opaque, hwaddr addr, unsigned size)
-{
- return pic_read_irq(isa_pic);
-}
-
-static void special_write(void *opaque, hwaddr addr,
- uint64_t val, unsigned size)
-{
- qemu_log("pci: special write cycle");
-}
-
-const MemoryRegionOps alpha_pci_iack_ops = {
- .read = iack_read,
- .write = special_write,
- .endianness = DEVICE_LITTLE_ENDIAN,
- .valid = {
- .min_access_size = 4,
- .max_access_size = 4,
- },
- .impl = {
- .min_access_size = 4,
- .max_access_size = 4,
- },
-};
diff --git a/hw/alpha_sys.h b/hw/alpha_sys.h
deleted file mode 100644
index 7604d09c8..000000000
--- a/hw/alpha_sys.h
+++ /dev/null
@@ -1,22 +0,0 @@
-/* Alpha cores and system support chips. */
-
-#ifndef HW_ALPHA_H
-#define HW_ALPHA_H 1
-
-#include "pci.h"
-#include "pci_host.h"
-#include "ide.h"
-#include "net.h"
-#include "pc.h"
-#include "irq.h"
-
-
-PCIBus *typhoon_init(ram_addr_t, ISABus **, qemu_irq *, CPUAlphaState *[4],
- pci_map_irq_fn);
-
-/* alpha_pci.c. */
-extern const MemoryRegionOps alpha_pci_bw_io_ops;
-extern const MemoryRegionOps alpha_pci_conf1_ops;
-extern const MemoryRegionOps alpha_pci_iack_ops;
-
-#endif
diff --git a/hw/alpha_typhoon.c b/hw/alpha_typhoon.c
deleted file mode 100644
index 9b16d9661..000000000
--- a/hw/alpha_typhoon.c
+++ /dev/null
@@ -1,838 +0,0 @@
-/*
- * DEC 21272 (TSUNAMI/TYPHOON) chipset emulation.
- *
- * Written by Richard Henderson.
- *
- * This work is licensed under the GNU GPL license version 2 or later.
- */
-
-#include "cpu.h"
-#include "exec-all.h"
-#include "hw.h"
-#include "devices.h"
-#include "sysemu.h"
-#include "alpha_sys.h"
-#include "exec-memory.h"
-
-
-#define TYPE_TYPHOON_PCI_HOST_BRIDGE "typhoon-pcihost"
-
-typedef struct TyphoonCchip {
- MemoryRegion region;
- uint64_t misc;
- uint64_t drir;
- uint64_t dim[4];
- uint32_t iic[4];
- CPUAlphaState *cpu[4];
-} TyphoonCchip;
-
-typedef struct TyphoonWindow {
- uint32_t base_addr;
- uint32_t mask;
- uint32_t translated_base_pfn;
-} TyphoonWindow;
-
-typedef struct TyphoonPchip {
- MemoryRegion region;
- MemoryRegion reg_iack;
- MemoryRegion reg_mem;
- MemoryRegion reg_io;
- MemoryRegion reg_conf;
- uint64_t ctl;
- TyphoonWindow win[4];
-} TyphoonPchip;
-
-#define TYPHOON_PCI_HOST_BRIDGE(obj) \
- OBJECT_CHECK(TyphoonState, (obj), TYPE_TYPHOON_PCI_HOST_BRIDGE)
-
-typedef struct TyphoonState {
- PCIHostState parent_obj;
-
- TyphoonCchip cchip;
- TyphoonPchip pchip;
- MemoryRegion dchip_region;
- MemoryRegion ram_region;
-
- /* QEMU emulation state. */
- uint32_t latch_tmp;
-} TyphoonState;
-
-/* Called when one of DRIR or DIM changes. */
-static void cpu_irq_change(CPUAlphaState *env, uint64_t req)
-{
- /* If there are any non-masked interrupts, tell the cpu. */
- if (env) {
- if (req) {
- cpu_interrupt(env, CPU_INTERRUPT_HARD);
- } else {
- cpu_reset_interrupt(env, CPU_INTERRUPT_HARD);
- }
- }
-}
-
-static uint64_t cchip_read(void *opaque, hwaddr addr, unsigned size)
-{
- CPUAlphaState *env = cpu_single_env;
- TyphoonState *s = opaque;
- uint64_t ret = 0;
-
- if (addr & 4) {
- return s->latch_tmp;
- }
-
- switch (addr) {
- case 0x0000:
- /* CSC: Cchip System Configuration Register. */
- /* All sorts of data here; probably the only thing relevant is
- PIP<14> Pchip 1 Present = 0. */
- break;
-
- case 0x0040:
- /* MTR: Memory Timing Register. */
- /* All sorts of stuff related to real DRAM. */
- break;
-
- case 0x0080:
- /* MISC: Miscellaneous Register. */
- ret = s->cchip.misc | (env->cpu_index & 3);
- break;
-
- case 0x00c0:
- /* MPD: Memory Presence Detect Register. */
- break;
-
- case 0x0100: /* AAR0 */
- case 0x0140: /* AAR1 */
- case 0x0180: /* AAR2 */
- case 0x01c0: /* AAR3 */
- /* AAR: Array Address Register. */
- /* All sorts of information about DRAM. */
- break;
-
- case 0x0200:
- /* DIM0: Device Interrupt Mask Register, CPU0. */
- ret = s->cchip.dim[0];
- break;
- case 0x0240:
- /* DIM1: Device Interrupt Mask Register, CPU1. */
- ret = s->cchip.dim[1];
- break;
- case 0x0280:
- /* DIR0: Device Interrupt Request Register, CPU0. */
- ret = s->cchip.dim[0] & s->cchip.drir;
- break;
- case 0x02c0:
- /* DIR1: Device Interrupt Request Register, CPU1. */
- ret = s->cchip.dim[1] & s->cchip.drir;
- break;
- case 0x0300:
- /* DRIR: Device Raw Interrupt Request Register. */
- ret = s->cchip.drir;
- break;
-
- case 0x0340:
- /* PRBEN: Probe Enable Register. */
- break;
-
- case 0x0380:
- /* IIC0: Interval Ignore Count Register, CPU0. */
- ret = s->cchip.iic[0];
- break;
- case 0x03c0:
- /* IIC1: Interval Ignore Count Register, CPU1. */
- ret = s->cchip.iic[1];
- break;
-
- case 0x0400: /* MPR0 */
- case 0x0440: /* MPR1 */
- case 0x0480: /* MPR2 */
- case 0x04c0: /* MPR3 */
- /* MPR: Memory Programming Register. */
- break;
-
- case 0x0580:
- /* TTR: TIGbus Timing Register. */
- /* All sorts of stuff related to interrupt delivery timings. */
- break;
- case 0x05c0:
- /* TDR: TIGbug Device Timing Register. */
- break;
-
- case 0x0600:
- /* DIM2: Device Interrupt Mask Register, CPU2. */
- ret = s->cchip.dim[2];
- break;
- case 0x0640:
- /* DIM3: Device Interrupt Mask Register, CPU3. */
- ret = s->cchip.dim[3];
- break;
- case 0x0680:
- /* DIR2: Device Interrupt Request Register, CPU2. */
- ret = s->cchip.dim[2] & s->cchip.drir;
- break;
- case 0x06c0:
- /* DIR3: Device Interrupt Request Register, CPU3. */
- ret = s->cchip.dim[3] & s->cchip.drir;
- break;
-
- case 0x0700:
- /* IIC2: Interval Ignore Count Register, CPU2. */
- ret = s->cchip.iic[2];
- break;
- case 0x0740:
- /* IIC3: Interval Ignore Count Register, CPU3. */
- ret = s->cchip.iic[3];
- break;
-
- case 0x0780:
- /* PWR: Power Management Control. */
- break;
-
- case 0x0c00: /* CMONCTLA */
- case 0x0c40: /* CMONCTLB */
- case 0x0c80: /* CMONCNT01 */
- case 0x0cc0: /* CMONCNT23 */
- break;
-
- default:
- cpu_unassigned_access(cpu_single_env, addr, 0, 0, 0, size);
- return -1;
- }
-
- s->latch_tmp = ret >> 32;
- return ret;
-}
-
-static uint64_t dchip_read(void *opaque, hwaddr addr, unsigned size)
-{
- /* Skip this. It's all related to DRAM timing and setup. */
- return 0;
-}
-
-static uint64_t pchip_read(void *opaque, hwaddr addr, unsigned size)
-{
- TyphoonState *s = opaque;
- uint64_t ret = 0;
-
- if (addr & 4) {
- return s->latch_tmp;
- }
-
- switch (addr) {
- case 0x0000:
- /* WSBA0: Window Space Base Address Register. */
- ret = s->pchip.win[0].base_addr;
- break;
- case 0x0040:
- /* WSBA1 */
- ret = s->pchip.win[1].base_addr;
- break;
- case 0x0080:
- /* WSBA2 */
- ret = s->pchip.win[2].base_addr;
- break;
- case 0x00c0:
- /* WSBA3 */
- ret = s->pchip.win[3].base_addr;
- break;
-
- case 0x0100:
- /* WSM0: Window Space Mask Register. */
- ret = s->pchip.win[0].mask;
- break;
- case 0x0140:
- /* WSM1 */
- ret = s->pchip.win[1].mask;
- break;
- case 0x0180:
- /* WSM2 */
- ret = s->pchip.win[2].mask;
- break;
- case 0x01c0:
- /* WSM3 */
- ret = s->pchip.win[3].mask;
- break;
-
- case 0x0200:
- /* TBA0: Translated Base Address Register. */
- ret = (uint64_t)s->pchip.win[0].translated_base_pfn << 10;
- break;
- case 0x0240:
- /* TBA1 */
- ret = (uint64_t)s->pchip.win[1].translated_base_pfn << 10;
- break;
- case 0x0280:
- /* TBA2 */
- ret = (uint64_t)s->pchip.win[2].translated_base_pfn << 10;
- break;
- case 0x02c0:
- /* TBA3 */
- ret = (uint64_t)s->pchip.win[3].translated_base_pfn << 10;
- break;
-
- case 0x0300:
- /* PCTL: Pchip Control Register. */
- ret = s->pchip.ctl;
- break;
- case 0x0340:
- /* PLAT: Pchip Master Latency Register. */
- break;
- case 0x03c0:
- /* PERROR: Pchip Error Register. */
- break;
- case 0x0400:
- /* PERRMASK: Pchip Error Mask Register. */
- break;
- case 0x0440:
- /* PERRSET: Pchip Error Set Register. */
- break;
- case 0x0480:
- /* TLBIV: Translation Buffer Invalidate Virtual Register (WO). */
- break;
- case 0x04c0:
- /* TLBIA: Translation Buffer Invalidate All Register (WO). */
- break;
- case 0x0500: /* PMONCTL */
- case 0x0540: /* PMONCNT */
- case 0x0800: /* SPRST */
- break;
-
- default:
- cpu_unassigned_access(cpu_single_env, addr, 0, 0, 0, size);
- return -1;
- }
-
- s->latch_tmp = ret >> 32;
- return ret;
-}
-
-static void cchip_write(void *opaque, hwaddr addr,
- uint64_t v32, unsigned size)
-{
- TyphoonState *s = opaque;
- uint64_t val, oldval, newval;
-
- if (addr & 4) {
- val = v32 << 32 | s->latch_tmp;
- addr ^= 4;
- } else {
- s->latch_tmp = v32;
- return;
- }
-
- switch (addr) {
- case 0x0000:
- /* CSC: Cchip System Configuration Register. */
- /* All sorts of data here; nothing relevant RW. */
- break;
-
- case 0x0040:
- /* MTR: Memory Timing Register. */
- /* All sorts of stuff related to real DRAM. */
- break;
-
- case 0x0080:
- /* MISC: Miscellaneous Register. */
- newval = oldval = s->cchip.misc;
- newval &= ~(val & 0x10000ff0); /* W1C fields */
- if (val & 0x100000) {
- newval &= ~0xff0000ull; /* ACL clears ABT and ABW */
- } else {
- newval |= val & 0x00f00000; /* ABT field is W1S */
- if ((newval & 0xf0000) == 0) {
- newval |= val & 0xf0000; /* ABW field is W1S iff zero */
- }
- }
- newval |= (val & 0xf000) >> 4; /* IPREQ field sets IPINTR. */
-
- newval &= ~0xf0000000000ull; /* WO and RW fields */
- newval |= val & 0xf0000000000ull;
- s->cchip.misc = newval;
-
- /* Pass on changes to IPI and ITI state. */
- if ((newval ^ oldval) & 0xff0) {
- int i;
- for (i = 0; i < 4; ++i) {
- CPUAlphaState *env = s->cchip.cpu[i];
- if (env) {
- /* IPI can be either cleared or set by the write. */
- if (newval & (1 << (i + 8))) {
- cpu_interrupt(env, CPU_INTERRUPT_SMP);
- } else {
- cpu_reset_interrupt(env, CPU_INTERRUPT_SMP);
- }
-
- /* ITI can only be cleared by the write. */
- if ((newval & (1 << (i + 4))) == 0) {
- cpu_reset_interrupt(env, CPU_INTERRUPT_TIMER);
- }
- }
- }
- }
- break;
-
- case 0x00c0:
- /* MPD: Memory Presence Detect Register. */
- break;
-
- case 0x0100: /* AAR0 */
- case 0x0140: /* AAR1 */
- case 0x0180: /* AAR2 */
- case 0x01c0: /* AAR3 */
- /* AAR: Array Address Register. */
- /* All sorts of information about DRAM. */
- break;
-
- case 0x0200: /* DIM0 */
- /* DIM: Device Interrupt Mask Register, CPU0. */
- s->cchip.dim[0] = val;
- cpu_irq_change(s->cchip.cpu[0], val & s->cchip.drir);
- break;
- case 0x0240: /* DIM1 */
- /* DIM: Device Interrupt Mask Register, CPU1. */
- s->cchip.dim[0] = val;
- cpu_irq_change(s->cchip.cpu[1], val & s->cchip.drir);
- break;
-
- case 0x0280: /* DIR0 (RO) */
- case 0x02c0: /* DIR1 (RO) */
- case 0x0300: /* DRIR (RO) */
- break;
-
- case 0x0340:
- /* PRBEN: Probe Enable Register. */
- break;
-
- case 0x0380: /* IIC0 */
- s->cchip.iic[0] = val & 0xffffff;
- break;
- case 0x03c0: /* IIC1 */
- s->cchip.iic[1] = val & 0xffffff;
- break;
-
- case 0x0400: /* MPR0 */
- case 0x0440: /* MPR1 */
- case 0x0480: /* MPR2 */
- case 0x04c0: /* MPR3 */
- /* MPR: Memory Programming Register. */
- break;
-
- case 0x0580:
- /* TTR: TIGbus Timing Register. */
- /* All sorts of stuff related to interrupt delivery timings. */
- break;
- case 0x05c0:
- /* TDR: TIGbug Device Timing Register. */
- break;
-
- case 0x0600:
- /* DIM2: Device Interrupt Mask Register, CPU2. */
- s->cchip.dim[2] = val;
- cpu_irq_change(s->cchip.cpu[2], val & s->cchip.drir);
- break;
- case 0x0640:
- /* DIM3: Device Interrupt Mask Register, CPU3. */
- s->cchip.dim[3] = val;
- cpu_irq_change(s->cchip.cpu[3], val & s->cchip.drir);
- break;
-
- case 0x0680: /* DIR2 (RO) */
- case 0x06c0: /* DIR3 (RO) */
- break;
-
- case 0x0700: /* IIC2 */
- s->cchip.iic[2] = val & 0xffffff;
- break;
- case 0x0740: /* IIC3 */
- s->cchip.iic[3] = val & 0xffffff;
- break;
-
- case 0x0780:
- /* PWR: Power Management Control. */
- break;
-
- case 0x0c00: /* CMONCTLA */
- case 0x0c40: /* CMONCTLB */
- case 0x0c80: /* CMONCNT01 */
- case 0x0cc0: /* CMONCNT23 */
- break;
-
- default:
- cpu_unassigned_access(cpu_single_env, addr, 1, 0, 0, size);
- return;
- }
-}
-
-static void dchip_write(void *opaque, hwaddr addr,
- uint64_t val, unsigned size)
-{
- /* Skip this. It's all related to DRAM timing and setup. */
-}
-
-static void pchip_write(void *opaque, hwaddr addr,
- uint64_t v32, unsigned size)
-{
- TyphoonState *s = opaque;
- uint64_t val, oldval;
-
- if (addr & 4) {
- val = v32 << 32 | s->latch_tmp;
- addr ^= 4;
- } else {
- s->latch_tmp = v32;
- return;
- }
-
- switch (addr) {
- case 0x0000:
- /* WSBA0: Window Space Base Address Register. */
- s->pchip.win[0].base_addr = val;
- break;
- case 0x0040:
- /* WSBA1 */
- s->pchip.win[1].base_addr = val;
- break;
- case 0x0080:
- /* WSBA2 */
- s->pchip.win[2].base_addr = val;
- break;
- case 0x00c0:
- /* WSBA3 */
- s->pchip.win[3].base_addr = val;
- break;
-
- case 0x0100:
- /* WSM0: Window Space Mask Register. */
- s->pchip.win[0].mask = val;
- break;
- case 0x0140:
- /* WSM1 */
- s->pchip.win[1].mask = val;
- break;
- case 0x0180:
- /* WSM2 */
- s->pchip.win[2].mask = val;
- break;
- case 0x01c0:
- /* WSM3 */
- s->pchip.win[3].mask = val;
- break;
-
- case 0x0200:
- /* TBA0: Translated Base Address Register. */
- s->pchip.win[0].translated_base_pfn = val >> 10;
- break;
- case 0x0240:
- /* TBA1 */
- s->pchip.win[1].translated_base_pfn = val >> 10;
- break;
- case 0x0280:
- /* TBA2 */
- s->pchip.win[2].translated_base_pfn = val >> 10;
- break;
- case 0x02c0:
- /* TBA3 */
- s->pchip.win[3].translated_base_pfn = val >> 10;
- break;
-
- case 0x0300:
- /* PCTL: Pchip Control Register. */
- oldval = s->pchip.ctl;
- oldval &= ~0x00001cff0fc7ffull; /* RW fields */
- oldval |= val & 0x00001cff0fc7ffull;
-
- s->pchip.ctl = oldval;
- break;
-
- case 0x0340:
- /* PLAT: Pchip Master Latency Register. */
- break;
- case 0x03c0:
- /* PERROR: Pchip Error Register. */
- break;
- case 0x0400:
- /* PERRMASK: Pchip Error Mask Register. */
- break;
- case 0x0440:
- /* PERRSET: Pchip Error Set Register. */
- break;
-
- case 0x0480:
- /* TLBIV: Translation Buffer Invalidate Virtual Register. */
- break;
-
- case 0x04c0:
- /* TLBIA: Translation Buffer Invalidate All Register (WO). */
- break;
-
- case 0x0500:
- /* PMONCTL */
- case 0x0540:
- /* PMONCNT */
- case 0x0800:
- /* SPRST */
- break;
-
- default:
- cpu_unassigned_access(cpu_single_env, addr, 1, 0, 0, size);
- return;
- }
-}
-
-static const MemoryRegionOps cchip_ops = {
- .read = cchip_read,
- .write = cchip_write,
- .endianness = DEVICE_LITTLE_ENDIAN,
- .valid = {
- .min_access_size = 4, /* ??? Should be 8. */
- .max_access_size = 8,
- },
- .impl = {
- .min_access_size = 4,
- .max_access_size = 4,
- },
-};
-
-static const MemoryRegionOps dchip_ops = {
- .read = dchip_read,
- .write = dchip_write,
- .endianness = DEVICE_LITTLE_ENDIAN,
- .valid = {
- .min_access_size = 4, /* ??? Should be 8. */
- .max_access_size = 8,
- },
- .impl = {
- .min_access_size = 4,
- .max_access_size = 8,
- },
-};
-
-static const MemoryRegionOps pchip_ops = {
- .read = pchip_read,
- .write = pchip_write,
- .endianness = DEVICE_LITTLE_ENDIAN,
- .valid = {
- .min_access_size = 4, /* ??? Should be 8. */
- .max_access_size = 8,
- },
- .impl = {
- .min_access_size = 4,
- .max_access_size = 4,
- },
-};
-
-static void typhoon_set_irq(void *opaque, int irq, int level)
-{
- TyphoonState *s = opaque;
- uint64_t drir;
- int i;
-
- /* Set/Reset the bit in CCHIP.DRIR based on IRQ+LEVEL. */
- drir = s->cchip.drir;
- if (level) {
- drir |= 1ull << irq;
- } else {
- drir &= ~(1ull << irq);
- }
- s->cchip.drir = drir;
-
- for (i = 0; i < 4; ++i) {
- cpu_irq_change(s->cchip.cpu[i], s->cchip.dim[i] & drir);
- }
-}
-
-static void typhoon_set_isa_irq(void *opaque, int irq, int level)
-{
- typhoon_set_irq(opaque, 55, level);
-}
-
-static void typhoon_set_timer_irq(void *opaque, int irq, int level)
-{
- TyphoonState *s = opaque;
- int i;
-
- /* Thankfully, the mc146818rtc code doesn't track the IRQ state,
- and so we don't have to worry about missing interrupts just
- because we never actually ACK the interrupt. Just ignore any
- case of the interrupt level going low. */
- if (level == 0) {
- return;
- }
-
- /* Deliver the interrupt to each CPU, considering each CPU's IIC. */
- for (i = 0; i < 4; ++i) {
- CPUAlphaState *env = s->cchip.cpu[i];
- if (env) {
- uint32_t iic = s->cchip.iic[i];
-
- /* ??? The verbage in Section 10.2.2.10 isn't 100% clear.
- Bit 24 is the OverFlow bit, RO, and set when the count
- decrements past 0. When is OF cleared? My guess is that
- OF is actually cleared when the IIC is written, and that
- the ICNT field always decrements. At least, that's an
- interpretation that makes sense, and "allows the CPU to
- determine exactly how mant interval timer ticks were
- skipped". At least within the next 4M ticks... */
-
- iic = ((iic - 1) & 0x1ffffff) | (iic & 0x1000000);
- s->cchip.iic[i] = iic;
-
- if (iic & 0x1000000) {
- /* Set the ITI bit for this cpu. */
- s->cchip.misc |= 1 << (i + 4);
- /* And signal the interrupt. */
- cpu_interrupt(env, CPU_INTERRUPT_TIMER);
- }
- }
- }
-}
-
-static void typhoon_alarm_timer(void *opaque)
-{
- TyphoonState *s = (TyphoonState *)((uintptr_t)opaque & ~3);
- int cpu = (uintptr_t)opaque & 3;
-
- /* Set the ITI bit for this cpu. */
- s->cchip.misc |= 1 << (cpu + 4);
- cpu_interrupt(s->cchip.cpu[cpu], CPU_INTERRUPT_TIMER);
-}
-
-PCIBus *typhoon_init(ram_addr_t ram_size, ISABus **isa_bus,
- qemu_irq *p_rtc_irq,
- CPUAlphaState *cpus[4], pci_map_irq_fn sys_map_irq)
-{
- const uint64_t MB = 1024 * 1024;
- const uint64_t GB = 1024 * MB;
- MemoryRegion *addr_space = get_system_memory();
- MemoryRegion *addr_space_io = get_system_io();
- DeviceState *dev;
- TyphoonState *s;
- PCIHostState *phb;
- PCIBus *b;
- int i;
-
- dev = qdev_create(NULL, TYPE_TYPHOON_PCI_HOST_BRIDGE);
- qdev_init_nofail(dev);
-
- s = TYPHOON_PCI_HOST_BRIDGE(dev);
- phb = PCI_HOST_BRIDGE(dev);
-
- /* Remember the CPUs so that we can deliver interrupts to them. */
- for (i = 0; i < 4; i++) {
- CPUAlphaState *env = cpus[i];
- s->cchip.cpu[i] = env;
- if (env) {
- env->alarm_timer = qemu_new_timer_ns(rtc_clock,
- typhoon_alarm_timer,
- (void *)((uintptr_t)s + i));
- }
- }
-
- *p_rtc_irq = *qemu_allocate_irqs(typhoon_set_timer_irq, s, 1);
-
- /* Main memory region, 0x00.0000.0000. Real hardware supports 32GB,
- but the address space hole reserved at this point is 8TB. */
- memory_region_init_ram(&s->ram_region, "ram", ram_size);
- vmstate_register_ram_global(&s->ram_region);
- memory_region_add_subregion(addr_space, 0, &s->ram_region);
-
- /* TIGbus, 0x801.0000.0000, 1GB. */
- /* ??? The TIGbus is used for delivering interrupts, and access to
- the flash ROM. I'm not sure that we need to implement it at all. */
-
- /* Pchip0 CSRs, 0x801.8000.0000, 256MB. */
- memory_region_init_io(&s->pchip.region, &pchip_ops, s, "pchip0", 256*MB);
- memory_region_add_subregion(addr_space, 0x80180000000ULL,
- &s->pchip.region);
-
- /* Cchip CSRs, 0x801.A000.0000, 256MB. */
- memory_region_init_io(&s->cchip.region, &cchip_ops, s, "cchip0", 256*MB);
- memory_region_add_subregion(addr_space, 0x801a0000000ULL,
- &s->cchip.region);
-
- /* Dchip CSRs, 0x801.B000.0000, 256MB. */
- memory_region_init_io(&s->dchip_region, &dchip_ops, s, "dchip0", 256*MB);
- memory_region_add_subregion(addr_space, 0x801b0000000ULL,
- &s->dchip_region);
-
- /* Pchip0 PCI memory, 0x800.0000.0000, 4GB. */
- memory_region_init(&s->pchip.reg_mem, "pci0-mem", 4*GB);
- memory_region_add_subregion(addr_space, 0x80000000000ULL,
- &s->pchip.reg_mem);
-
- /* Pchip0 PCI I/O, 0x801.FC00.0000, 32MB. */
- /* ??? Ideally we drop the "system" i/o space on the floor and give the
- PCI subsystem the full address space reserved by the chipset.
- We can't do that until the MEM and IO paths in memory.c are unified. */
- memory_region_init_io(&s->pchip.reg_io, &alpha_pci_bw_io_ops, NULL,
- "pci0-io", 32*MB);
- memory_region_add_subregion(addr_space, 0x801fc000000ULL,
- &s->pchip.reg_io);
-
- b = pci_register_bus(dev, "pci",
- typhoon_set_irq, sys_map_irq, s,
- &s->pchip.reg_mem, addr_space_io, 0, 64);
- phb->bus = b;
-
- /* Pchip0 PCI special/interrupt acknowledge, 0x801.F800.0000, 64MB. */
- memory_region_init_io(&s->pchip.reg_iack, &alpha_pci_iack_ops, b,
- "pci0-iack", 64*MB);
- memory_region_add_subregion(addr_space, 0x801f8000000ULL,
- &s->pchip.reg_iack);
-
- /* Pchip0 PCI configuration, 0x801.FE00.0000, 16MB. */
- memory_region_init_io(&s->pchip.reg_conf, &alpha_pci_conf1_ops, b,
- "pci0-conf", 16*MB);
- memory_region_add_subregion(addr_space, 0x801fe000000ULL,
- &s->pchip.reg_conf);
-
- /* For the record, these are the mappings for the second PCI bus.
- We can get away with not implementing them because we indicate
- via the Cchip.CSC<PIP> bit that Pchip1 is not present. */
- /* Pchip1 PCI memory, 0x802.0000.0000, 4GB. */
- /* Pchip1 CSRs, 0x802.8000.0000, 256MB. */
- /* Pchip1 PCI special/interrupt acknowledge, 0x802.F800.0000, 64MB. */
- /* Pchip1 PCI I/O, 0x802.FC00.0000, 32MB. */
- /* Pchip1 PCI configuration, 0x802.FE00.0000, 16MB. */
-
- /* Init the ISA bus. */
- /* ??? Technically there should be a cy82c693ub pci-isa bridge. */
- {
- qemu_irq isa_pci_irq, *isa_irqs;
-
- *isa_bus = isa_bus_new(NULL, addr_space_io);
- isa_pci_irq = *qemu_allocate_irqs(typhoon_set_isa_irq, s, 1);
- isa_irqs = i8259_init(*isa_bus, isa_pci_irq);
- isa_bus_irqs(*isa_bus, isa_irqs);
- }
-
- return b;
-}
-
-static int typhoon_pcihost_init(SysBusDevice *dev)
-{
- return 0;
-}
-
-static void typhoon_pcihost_class_init(ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS(klass);
- SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
-
- k->init = typhoon_pcihost_init;
- dc->no_user = 1;
-}
-
-static const TypeInfo typhoon_pcihost_info = {
- .name = TYPE_TYPHOON_PCI_HOST_BRIDGE,
- .parent = TYPE_PCI_HOST_BRIDGE,
- .instance_size = sizeof(TyphoonState),
- .class_init = typhoon_pcihost_class_init,
-};
-
-static void typhoon_register_types(void)
-{
- type_register_static(&typhoon_pcihost_info);
-}
-
-type_init(typhoon_register_types)
diff --git a/hw/an5206.c b/hw/an5206.c
deleted file mode 100644
index d887c0e7e..000000000
--- a/hw/an5206.c
+++ /dev/null
@@ -1,96 +0,0 @@
-/*
- * Arnewsh 5206 ColdFire system emulation.
- *
- * Copyright (c) 2007 CodeSourcery.
- *
- * This code is licensed under the GPL
- */
-
-#include "hw.h"
-#include "mcf.h"
-#include "boards.h"
-#include "loader.h"
-#include "elf.h"
-#include "exec-memory.h"
-
-#define KERNEL_LOAD_ADDR 0x10000
-#define AN5206_MBAR_ADDR 0x10000000
-#define AN5206_RAMBAR_ADDR 0x20000000
-
-/* Board init. */
-
-static void an5206_init(QEMUMachineInitArgs *args)
-{
- ram_addr_t ram_size = args->ram_size;
- const char *cpu_model = args->cpu_model;
- const char *kernel_filename = args->kernel_filename;
- CPUM68KState *env;
- int kernel_size;
- uint64_t elf_entry;
- hwaddr entry;
- MemoryRegion *address_space_mem = get_system_memory();
- MemoryRegion *ram = g_new(MemoryRegion, 1);
- MemoryRegion *sram = g_new(MemoryRegion, 1);
-
- if (!cpu_model)
- cpu_model = "m5206";
- env = cpu_init(cpu_model);
- if (!env) {
- hw_error("Unable to find m68k CPU definition\n");
- }
-
- /* Initialize CPU registers. */
- env->vbr = 0;
- /* TODO: allow changing MBAR and RAMBAR. */
- env->mbar = AN5206_MBAR_ADDR | 1;
- env->rambar0 = AN5206_RAMBAR_ADDR | 1;
-
- /* DRAM at address zero */
- memory_region_init_ram(ram, "an5206.ram", ram_size);
- vmstate_register_ram_global(ram);
- memory_region_add_subregion(address_space_mem, 0, ram);
-
- /* Internal SRAM. */
- memory_region_init_ram(sram, "an5206.sram", 512);
- vmstate_register_ram_global(sram);
- memory_region_add_subregion(address_space_mem, AN5206_RAMBAR_ADDR, sram);
-
- mcf5206_init(address_space_mem, AN5206_MBAR_ADDR, env);
-
- /* Load kernel. */
- if (!kernel_filename) {
- fprintf(stderr, "Kernel image must be specified\n");
- exit(1);
- }
-
- kernel_size = load_elf(kernel_filename, NULL, NULL, &elf_entry,
- NULL, NULL, 1, ELF_MACHINE, 0);
- entry = elf_entry;
- if (kernel_size < 0) {
- kernel_size = load_uimage(kernel_filename, &entry, NULL, NULL);
- }
- if (kernel_size < 0) {
- kernel_size = load_image_targphys(kernel_filename, KERNEL_LOAD_ADDR,
- ram_size - KERNEL_LOAD_ADDR);
- entry = KERNEL_LOAD_ADDR;
- }
- if (kernel_size < 0) {
- fprintf(stderr, "qemu: could not load kernel '%s'\n", kernel_filename);
- exit(1);
- }
-
- env->pc = entry;
-}
-
-static QEMUMachine an5206_machine = {
- .name = "an5206",
- .desc = "Arnewsh 5206",
- .init = an5206_init,
-};
-
-static void an5206_machine_init(void)
-{
- qemu_register_machine(&an5206_machine);
-}
-
-machine_init(an5206_machine_init);
diff --git a/hw/apb_pci.c b/hw/apb_pci.c
deleted file mode 100644
index 054814fd4..000000000
--- a/hw/apb_pci.c
+++ /dev/null
@@ -1,542 +0,0 @@
-/*
- * QEMU Ultrasparc APB PCI host
- *
- * Copyright (c) 2006 Fabrice Bellard
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
- * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
- * THE SOFTWARE.
- */
-
-/* XXX This file and most of its contents are somewhat misnamed. The
- Ultrasparc PCI host is called the PCI Bus Module (PBM). The APB is
- the secondary PCI bridge. */
-
-#include "sysbus.h"
-#include "pci.h"
-#include "pci_host.h"
-#include "pci_bridge.h"
-#include "pci_internals.h"
-#include "apb_pci.h"
-#include "sysemu.h"
-#include "exec-memory.h"
-
-/* debug APB */
-//#define DEBUG_APB
-
-#ifdef DEBUG_APB
-#define APB_DPRINTF(fmt, ...) \
-do { printf("APB: " fmt , ## __VA_ARGS__); } while (0)
-#else
-#define APB_DPRINTF(fmt, ...)
-#endif
-
-/*
- * Chipset docs:
- * PBM: "UltraSPARC IIi User's Manual",
- * http://www.sun.com/processors/manuals/805-0087.pdf
- *
- * APB: "Advanced PCI Bridge (APB) User's Manual",
- * http://www.sun.com/processors/manuals/805-1251.pdf
- */
-
-#define PBM_PCI_IMR_MASK 0x7fffffff
-#define PBM_PCI_IMR_ENABLED 0x80000000
-
-#define POR (1 << 31)
-#define SOFT_POR (1 << 30)
-#define SOFT_XIR (1 << 29)
-#define BTN_POR (1 << 28)
-#define BTN_XIR (1 << 27)
-#define RESET_MASK 0xf8000000
-#define RESET_WCMASK 0x98000000
-#define RESET_WMASK 0x60000000
-
-#define MAX_IVEC 0x30
-
-typedef struct APBState {
- SysBusDevice busdev;
- PCIBus *bus;
- MemoryRegion apb_config;
- MemoryRegion pci_config;
- MemoryRegion pci_mmio;
- MemoryRegion pci_ioport;
- uint32_t iommu[4];
- uint32_t pci_control[16];
- uint32_t pci_irq_map[8];
- uint32_t obio_irq_map[32];
- qemu_irq *pbm_irqs;
- qemu_irq *ivec_irqs;
- uint32_t reset_control;
- unsigned int nr_resets;
-} APBState;
-
-static void pci_apb_set_irq(void *opaque, int irq_num, int level);
-
-static void apb_config_writel (void *opaque, hwaddr addr,
- uint64_t val, unsigned size)
-{
- APBState *s = opaque;
-
- APB_DPRINTF("%s: addr " TARGET_FMT_lx " val %" PRIx64 "\n", __func__, addr, val);
-
- switch (addr & 0xffff) {
- case 0x30 ... 0x4f: /* DMA error registers */
- /* XXX: not implemented yet */
- break;
- case 0x200 ... 0x20b: /* IOMMU */
- s->iommu[(addr & 0xf) >> 2] = val;
- break;
- case 0x20c ... 0x3ff: /* IOMMU flush */
- break;
- case 0xc00 ... 0xc3f: /* PCI interrupt control */
- if (addr & 4) {
- s->pci_irq_map[(addr & 0x3f) >> 3] &= PBM_PCI_IMR_MASK;
- s->pci_irq_map[(addr & 0x3f) >> 3] |= val & ~PBM_PCI_IMR_MASK;
- }
- break;
- case 0x1000 ... 0x1080: /* OBIO interrupt control */
- if (addr & 4) {
- s->obio_irq_map[(addr & 0xff) >> 3] &= PBM_PCI_IMR_MASK;
- s->obio_irq_map[(addr & 0xff) >> 3] |= val & ~PBM_PCI_IMR_MASK;
- }
- break;
- case 0x1400 ... 0x143f: /* PCI interrupt clear */
- if (addr & 4) {
- pci_apb_set_irq(s, (addr & 0x3f) >> 3, 0);
- }
- break;
- case 0x1800 ... 0x1860: /* OBIO interrupt clear */
- if (addr & 4) {
- pci_apb_set_irq(s, 0x20 | ((addr & 0xff) >> 3), 0);
- }
- break;
- case 0x2000 ... 0x202f: /* PCI control */
- s->pci_control[(addr & 0x3f) >> 2] = val;
- break;
- case 0xf020 ... 0xf027: /* Reset control */
- if (addr & 4) {
- val &= RESET_MASK;
- s->reset_control &= ~(val & RESET_WCMASK);
- s->reset_control |= val & RESET_WMASK;
- if (val & SOFT_POR) {
- s->nr_resets = 0;
- qemu_system_reset_request();
- } else if (val & SOFT_XIR) {
- qemu_system_reset_request();
- }
- }
- break;
- case 0x5000 ... 0x51cf: /* PIO/DMA diagnostics */
- case 0xa400 ... 0xa67f: /* IOMMU diagnostics */
- case 0xa800 ... 0xa80f: /* Interrupt diagnostics */
- case 0xf000 ... 0xf01f: /* FFB config, memory control */
- /* we don't care */
- default:
- break;
- }
-}
-
-static uint64_t apb_config_readl (void *opaque,
- hwaddr addr, unsigned size)
-{
- APBState *s = opaque;
- uint32_t val;
-
- switch (addr & 0xffff) {
- case 0x30 ... 0x4f: /* DMA error registers */
- val = 0;
- /* XXX: not implemented yet */
- break;
- case 0x200 ... 0x20b: /* IOMMU */
- val = s->iommu[(addr & 0xf) >> 2];
- break;
- case 0x20c ... 0x3ff: /* IOMMU flush */
- val = 0;
- break;
- case 0xc00 ... 0xc3f: /* PCI interrupt control */
- if (addr & 4) {
- val = s->pci_irq_map[(addr & 0x3f) >> 3];
- } else {
- val = 0;
- }
- break;
- case 0x1000 ... 0x1080: /* OBIO interrupt control */
- if (addr & 4) {
- val = s->obio_irq_map[(addr & 0xff) >> 3];
- } else {
- val = 0;
- }
- break;
- case 0x2000 ... 0x202f: /* PCI control */
- val = s->pci_control[(addr & 0x3f) >> 2];
- break;
- case 0xf020 ... 0xf027: /* Reset control */
- if (addr & 4) {
- val = s->reset_control;
- } else {
- val = 0;
- }
- break;
- case 0x5000 ... 0x51cf: /* PIO/DMA diagnostics */
- case 0xa400 ... 0xa67f: /* IOMMU diagnostics */
- case 0xa800 ... 0xa80f: /* Interrupt diagnostics */
- case 0xf000 ... 0xf01f: /* FFB config, memory control */
- /* we don't care */
- default:
- val = 0;
- break;
- }
- APB_DPRINTF("%s: addr " TARGET_FMT_lx " -> %x\n", __func__, addr, val);
-
- return val;
-}
-
-static const MemoryRegionOps apb_config_ops = {
- .read = apb_config_readl,
- .write = apb_config_writel,
- .endianness = DEVICE_NATIVE_ENDIAN,
-};
-
-static void apb_pci_config_write(void *opaque, hwaddr addr,
- uint64_t val, unsigned size)
-{
- APBState *s = opaque;
-
- val = qemu_bswap_len(val, size);
- APB_DPRINTF("%s: addr " TARGET_FMT_lx " val %" PRIx64 "\n", __func__, addr, val);
- pci_data_write(s->bus, addr, val, size);
-}
-
-static uint64_t apb_pci_config_read(void *opaque, hwaddr addr,
- unsigned size)
-{
- uint32_t ret;
- APBState *s = opaque;
-
- ret = pci_data_read(s->bus, addr, size);
- ret = qemu_bswap_len(ret, size);
- APB_DPRINTF("%s: addr " TARGET_FMT_lx " -> %x\n", __func__, addr, ret);
- return ret;
-}
-
-static void pci_apb_iowriteb (void *opaque, hwaddr addr,
- uint32_t val)
-{
- cpu_outb(addr & IOPORTS_MASK, val);
-}
-
-static void pci_apb_iowritew (void *opaque, hwaddr addr,
- uint32_t val)
-{
- cpu_outw(addr & IOPORTS_MASK, bswap16(val));
-}
-
-static void pci_apb_iowritel (void *opaque, hwaddr addr,
- uint32_t val)
-{
- cpu_outl(addr & IOPORTS_MASK, bswap32(val));
-}
-
-static uint32_t pci_apb_ioreadb (void *opaque, hwaddr addr)
-{
- uint32_t val;
-
- val = cpu_inb(addr & IOPORTS_MASK);
- return val;
-}
-
-static uint32_t pci_apb_ioreadw (void *opaque, hwaddr addr)
-{
- uint32_t val;
-
- val = bswap16(cpu_inw(addr & IOPORTS_MASK));
- return val;
-}
-
-static uint32_t pci_apb_ioreadl (void *opaque, hwaddr addr)
-{
- uint32_t val;
-
- val = bswap32(cpu_inl(addr & IOPORTS_MASK));
- return val;
-}
-
-static const MemoryRegionOps pci_ioport_ops = {
- .old_mmio = {
- .read = { pci_apb_ioreadb, pci_apb_ioreadw, pci_apb_ioreadl },
- .write = { pci_apb_iowriteb, pci_apb_iowritew, pci_apb_iowritel, },
- },
- .endianness = DEVICE_NATIVE_ENDIAN,
-};
-
-/* The APB host has an IRQ line for each IRQ line of each slot. */
-static int pci_apb_map_irq(PCIDevice *pci_dev, int irq_num)
-{
- return ((pci_dev->devfn & 0x18) >> 1) + irq_num;
-}
-
-static int pci_pbm_map_irq(PCIDevice *pci_dev, int irq_num)
-{
- int bus_offset;
- if (pci_dev->devfn & 1)
- bus_offset = 16;
- else
- bus_offset = 0;
- return bus_offset + irq_num;
-}
-
-static void pci_apb_set_irq(void *opaque, int irq_num, int level)
-{
- APBState *s = opaque;
-
- /* PCI IRQ map onto the first 32 INO. */
- if (irq_num < 32) {
- if (s->pci_irq_map[irq_num >> 2] & PBM_PCI_IMR_ENABLED) {
- APB_DPRINTF("%s: set irq %d level %d\n", __func__, irq_num, level);
- qemu_set_irq(s->ivec_irqs[irq_num], level);
- } else {
- APB_DPRINTF("%s: not enabled: lower irq %d\n", __func__, irq_num);
- qemu_irq_lower(s->ivec_irqs[irq_num]);
- }
- } else {
- /* OBIO IRQ map onto the next 16 INO. */
- if (s->obio_irq_map[irq_num - 32] & PBM_PCI_IMR_ENABLED) {
- APB_DPRINTF("%s: set irq %d level %d\n", __func__, irq_num, level);
- qemu_set_irq(s->ivec_irqs[irq_num], level);
- } else {
- APB_DPRINTF("%s: not enabled: lower irq %d\n", __func__, irq_num);
- qemu_irq_lower(s->ivec_irqs[irq_num]);
- }
- }
-}
-
-static int apb_pci_bridge_initfn(PCIDevice *dev)
-{
- int rc;
-
- rc = pci_bridge_initfn(dev);
- if (rc < 0) {
- return rc;
- }
-
- /*
- * command register:
- * According to PCI bridge spec, after reset
- * bus master bit is off
- * memory space enable bit is off
- * According to manual (805-1251.pdf).
- * the reset value should be zero unless the boot pin is tied high
- * (which is true) and thus it should be PCI_COMMAND_MEMORY.
- */
- pci_set_word(dev->config + PCI_COMMAND,
- PCI_COMMAND_MEMORY);
- pci_set_word(dev->config + PCI_STATUS,
- PCI_STATUS_FAST_BACK | PCI_STATUS_66MHZ |
- PCI_STATUS_DEVSEL_MEDIUM);
- return 0;
-}
-
-PCIBus *pci_apb_init(hwaddr special_base,
- hwaddr mem_base,
- qemu_irq *ivec_irqs, PCIBus **bus2, PCIBus **bus3,
- qemu_irq **pbm_irqs)
-{
- DeviceState *dev;
- SysBusDevice *s;
- APBState *d;
- PCIDevice *pci_dev;
- PCIBridge *br;
-
- /* Ultrasparc PBM main bus */
- dev = qdev_create(NULL, "pbm");
- qdev_init_nofail(dev);
- s = sysbus_from_qdev(dev);
- /* apb_config */
- sysbus_mmio_map(s, 0, special_base);
- /* PCI configuration space */
- sysbus_mmio_map(s, 1, special_base + 0x1000000ULL);
- /* pci_ioport */
- sysbus_mmio_map(s, 2, special_base + 0x2000000ULL);
- d = FROM_SYSBUS(APBState, s);
-
- memory_region_init(&d->pci_mmio, "pci-mmio", 0x100000000ULL);
- memory_region_add_subregion(get_system_memory(), mem_base, &d->pci_mmio);
-
- d->bus = pci_register_bus(&d->busdev.qdev, "pci",
- pci_apb_set_irq, pci_pbm_map_irq, d,
- &d->pci_mmio,
- get_system_io(),
- 0, 32);
-
- *pbm_irqs = d->pbm_irqs;
- d->ivec_irqs = ivec_irqs;
-
- pci_create_simple(d->bus, 0, "pbm-pci");
-
- /* APB secondary busses */
- pci_dev = pci_create_multifunction(d->bus, PCI_DEVFN(1, 0), true,
- "pbm-bridge");
- br = DO_UPCAST(PCIBridge, dev, pci_dev);
- pci_bridge_map_irq(br, "Advanced PCI Bus secondary bridge 1",
- pci_apb_map_irq);
- qdev_init_nofail(&pci_dev->qdev);
- *bus2 = pci_bridge_get_sec_bus(br);
-
- pci_dev = pci_create_multifunction(d->bus, PCI_DEVFN(1, 1), true,
- "pbm-bridge");
- br = DO_UPCAST(PCIBridge, dev, pci_dev);
- pci_bridge_map_irq(br, "Advanced PCI Bus secondary bridge 2",
- pci_apb_map_irq);
- qdev_init_nofail(&pci_dev->qdev);
- *bus3 = pci_bridge_get_sec_bus(br);
-
- return d->bus;
-}
-
-static void pci_pbm_reset(DeviceState *d)
-{
- unsigned int i;
- APBState *s = container_of(d, APBState, busdev.qdev);
-
- for (i = 0; i < 8; i++) {
- s->pci_irq_map[i] &= PBM_PCI_IMR_MASK;
- }
- for (i = 0; i < 32; i++) {
- s->obio_irq_map[i] &= PBM_PCI_IMR_MASK;
- }
-
- if (s->nr_resets++ == 0) {
- /* Power on reset */
- s->reset_control = POR;
- }
-}
-
-static const MemoryRegionOps pci_config_ops = {
- .read = apb_pci_config_read,
- .write = apb_pci_config_write,
- .endianness = DEVICE_NATIVE_ENDIAN,
-};
-
-static int pci_pbm_init_device(SysBusDevice *dev)
-{
- APBState *s;
- unsigned int i;
-
- s = FROM_SYSBUS(APBState, dev);
- for (i = 0; i < 8; i++) {
- s->pci_irq_map[i] = (0x1f << 6) | (i << 2);
- }
- for (i = 0; i < 32; i++) {
- s->obio_irq_map[i] = ((0x1f << 6) | 0x20) + i;
- }
- s->pbm_irqs = qemu_allocate_irqs(pci_apb_set_irq, s, MAX_IVEC);
-
- /* apb_config */
- memory_region_init_io(&s->apb_config, &apb_config_ops, s, "apb-config",
- 0x10000);
- /* at region 0 */
- sysbus_init_mmio(dev, &s->apb_config);
-
- memory_region_init_io(&s->pci_config, &pci_config_ops, s, "apb-pci-config",
- 0x1000000);
- /* at region 1 */
- sysbus_init_mmio(dev, &s->pci_config);
-
- /* pci_ioport */
- memory_region_init_io(&s->pci_ioport, &pci_ioport_ops, s,
- "apb-pci-ioport", 0x10000);
- /* at region 2 */
- sysbus_init_mmio(dev, &s->pci_ioport);
-
- return 0;
-}
-
-static int pbm_pci_host_init(PCIDevice *d)
-{
- pci_set_word(d->config + PCI_COMMAND,
- PCI_COMMAND_MEMORY | PCI_COMMAND_MASTER);
- pci_set_word(d->config + PCI_STATUS,
- PCI_STATUS_FAST_BACK | PCI_STATUS_66MHZ |
- PCI_STATUS_DEVSEL_MEDIUM);
- return 0;
-}
-
-static void pbm_pci_host_class_init(ObjectClass *klass, void *data)
-{
- PCIDeviceClass *k = PCI_DEVICE_CLASS(klass);
-
- k->init = pbm_pci_host_init;
- k->vendor_id = PCI_VENDOR_ID_SUN;
- k->device_id = PCI_DEVICE_ID_SUN_SABRE;
- k->class_id = PCI_CLASS_BRIDGE_HOST;
-}
-
-static TypeInfo pbm_pci_host_info = {
- .name = "pbm-pci",
- .parent = TYPE_PCI_DEVICE,
- .instance_size = sizeof(PCIDevice),
- .class_init = pbm_pci_host_class_init,
-};
-
-static void pbm_host_class_init(ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS(klass);
- SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
-
- k->init = pci_pbm_init_device;
- dc->reset = pci_pbm_reset;
-}
-
-static TypeInfo pbm_host_info = {
- .name = "pbm",
- .parent = TYPE_SYS_BUS_DEVICE,
- .instance_size = sizeof(APBState),
- .class_init = pbm_host_class_init,
-};
-
-static void pbm_pci_bridge_class_init(ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS(klass);
- PCIDeviceClass *k = PCI_DEVICE_CLASS(klass);
-
- k->init = apb_pci_bridge_initfn;
- k->exit = pci_bridge_exitfn;
- k->vendor_id = PCI_VENDOR_ID_SUN;
- k->device_id = PCI_DEVICE_ID_SUN_SIMBA;
- k->revision = 0x11;
- k->config_write = pci_bridge_write_config;
- k->is_bridge = 1;
- dc->reset = pci_bridge_reset;
- dc->vmsd = &vmstate_pci_device;
-}
-
-static TypeInfo pbm_pci_bridge_info = {
- .name = "pbm-bridge",
- .parent = TYPE_PCI_DEVICE,
- .instance_size = sizeof(PCIBridge),
- .class_init = pbm_pci_bridge_class_init,
-};
-
-static void pbm_register_types(void)
-{
- type_register_static(&pbm_host_info);
- type_register_static(&pbm_pci_host_info);
- type_register_static(&pbm_pci_bridge_info);
-}
-
-type_init(pbm_register_types)
diff --git a/hw/apb_pci.h b/hw/apb_pci.h
deleted file mode 100644
index 736db6118..000000000
--- a/hw/apb_pci.h
+++ /dev/null
@@ -1,10 +0,0 @@
-#ifndef APB_PCI_H
-#define APB_PCI_H
-
-#include "qemu-common.h"
-
-PCIBus *pci_apb_init(hwaddr special_base,
- hwaddr mem_base,
- qemu_irq *ivec_irqs, PCIBus **bus2, PCIBus **bus3,
- qemu_irq **pbm_irqs);
-#endif
diff --git a/hw/apic-msidef.h b/hw/apic-msidef.h
deleted file mode 100644
index 6e2eb71f2..000000000
--- a/hw/apic-msidef.h
+++ /dev/null
@@ -1,30 +0,0 @@
-#ifndef HW_APIC_MSIDEF_H
-#define HW_APIC_MSIDEF_H
-
-/*
- * Intel APIC constants: from include/asm/msidef.h
- */
-
-/*
- * Shifts for MSI data
- */
-
-#define MSI_DATA_VECTOR_SHIFT 0
-#define MSI_DATA_VECTOR_MASK 0x000000ff
-
-#define MSI_DATA_DELIVERY_MODE_SHIFT 8
-#define MSI_DATA_LEVEL_SHIFT 14
-#define MSI_DATA_TRIGGER_SHIFT 15
-
-/*
- * Shift/mask fields for msi address
- */
-
-#define MSI_ADDR_DEST_MODE_SHIFT 2
-
-#define MSI_ADDR_REDIRECTION_SHIFT 3
-
-#define MSI_ADDR_DEST_ID_SHIFT 12
-#define MSI_ADDR_DEST_ID_MASK 0x00ffff0
-
-#endif /* HW_APIC_MSIDEF_H */
diff --git a/hw/apic.c b/hw/apic.c
deleted file mode 100644
index f73fc877a..000000000
--- a/hw/apic.c
+++ /dev/null
@@ -1,910 +0,0 @@
-/*
- * APIC support
- *
- * Copyright (c) 2004-2005 Fabrice Bellard
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, see <http://www.gnu.org/licenses/>
- */
-#include "qemu-thread.h"
-#include "apic_internal.h"
-#include "apic.h"
-#include "ioapic.h"
-#include "msi.h"
-#include "host-utils.h"
-#include "trace.h"
-#include "pc.h"
-#include "apic-msidef.h"
-
-#define MAX_APIC_WORDS 8
-
-#define SYNC_FROM_VAPIC 0x1
-#define SYNC_TO_VAPIC 0x2
-#define SYNC_ISR_IRR_TO_VAPIC 0x4
-
-static APICCommonState *local_apics[MAX_APICS + 1];
-
-static void apic_set_irq(APICCommonState *s, int vector_num, int trigger_mode);
-static void apic_update_irq(APICCommonState *s);
-static void apic_get_delivery_bitmask(uint32_t *deliver_bitmask,
- uint8_t dest, uint8_t dest_mode);
-
-/* Find first bit starting from msb */
-static int fls_bit(uint32_t value)
-{
- return 31 - clz32(value);
-}
-
-/* Find first bit starting from lsb */
-static int ffs_bit(uint32_t value)
-{
- return ctz32(value);
-}
-
-static inline void set_bit(uint32_t *tab, int index)
-{
- int i, mask;
- i = index >> 5;
- mask = 1 << (index & 0x1f);
- tab[i] |= mask;
-}
-
-static inline void reset_bit(uint32_t *tab, int index)
-{
- int i, mask;
- i = index >> 5;
- mask = 1 << (index & 0x1f);
- tab[i] &= ~mask;
-}
-
-static inline int get_bit(uint32_t *tab, int index)
-{
- int i, mask;
- i = index >> 5;
- mask = 1 << (index & 0x1f);
- return !!(tab[i] & mask);
-}
-
-/* return -1 if no bit is set */
-static int get_highest_priority_int(uint32_t *tab)
-{
- int i;
- for (i = 7; i >= 0; i--) {
- if (tab[i] != 0) {
- return i * 32 + fls_bit(tab[i]);
- }
- }
- return -1;
-}
-
-static void apic_sync_vapic(APICCommonState *s, int sync_type)
-{
- VAPICState vapic_state;
- size_t length;
- off_t start;
- int vector;
-
- if (!s->vapic_paddr) {
- return;
- }
- if (sync_type & SYNC_FROM_VAPIC) {
- cpu_physical_memory_rw(s->vapic_paddr, (void *)&vapic_state,
- sizeof(vapic_state), 0);
- s->tpr = vapic_state.tpr;
- }
- if (sync_type & (SYNC_TO_VAPIC | SYNC_ISR_IRR_TO_VAPIC)) {
- start = offsetof(VAPICState, isr);
- length = offsetof(VAPICState, enabled) - offsetof(VAPICState, isr);
-
- if (sync_type & SYNC_TO_VAPIC) {
- assert(qemu_cpu_is_self(CPU(s->cpu)));
-
- vapic_state.tpr = s->tpr;
- vapic_state.enabled = 1;
- start = 0;
- length = sizeof(VAPICState);
- }
-
- vector = get_highest_priority_int(s->isr);
- if (vector < 0) {
- vector = 0;
- }
- vapic_state.isr = vector & 0xf0;
-
- vapic_state.zero = 0;
-
- vector = get_highest_priority_int(s->irr);
- if (vector < 0) {
- vector = 0;
- }
- vapic_state.irr = vector & 0xff;
-
- cpu_physical_memory_write_rom(s->vapic_paddr + start,
- ((void *)&vapic_state) + start, length);
- }
-}
-
-static void apic_vapic_base_update(APICCommonState *s)
-{
- apic_sync_vapic(s, SYNC_TO_VAPIC);
-}
-
-static void apic_local_deliver(APICCommonState *s, int vector)
-{
- uint32_t lvt = s->lvt[vector];
- int trigger_mode;
-
- trace_apic_local_deliver(vector, (lvt >> 8) & 7);
-
- if (lvt & APIC_LVT_MASKED)
- return;
-
- switch ((lvt >> 8) & 7) {
- case APIC_DM_SMI:
- cpu_interrupt(&s->cpu->env, CPU_INTERRUPT_SMI);
- break;
-
- case APIC_DM_NMI:
- cpu_interrupt(&s->cpu->env, CPU_INTERRUPT_NMI);
- break;
-
- case APIC_DM_EXTINT:
- cpu_interrupt(&s->cpu->env, CPU_INTERRUPT_HARD);
- break;
-
- case APIC_DM_FIXED:
- trigger_mode = APIC_TRIGGER_EDGE;
- if ((vector == APIC_LVT_LINT0 || vector == APIC_LVT_LINT1) &&
- (lvt & APIC_LVT_LEVEL_TRIGGER))
- trigger_mode = APIC_TRIGGER_LEVEL;
- apic_set_irq(s, lvt & 0xff, trigger_mode);
- }
-}
-
-void apic_deliver_pic_intr(DeviceState *d, int level)
-{
- APICCommonState *s = DO_UPCAST(APICCommonState, busdev.qdev, d);
-
- if (level) {
- apic_local_deliver(s, APIC_LVT_LINT0);
- } else {
- uint32_t lvt = s->lvt[APIC_LVT_LINT0];
-
- switch ((lvt >> 8) & 7) {
- case APIC_DM_FIXED:
- if (!(lvt & APIC_LVT_LEVEL_TRIGGER))
- break;
- reset_bit(s->irr, lvt & 0xff);
- /* fall through */
- case APIC_DM_EXTINT:
- cpu_reset_interrupt(&s->cpu->env, CPU_INTERRUPT_HARD);
- break;
- }
- }
-}
-
-static void apic_external_nmi(APICCommonState *s)
-{
- apic_local_deliver(s, APIC_LVT_LINT1);
-}
-
-#define foreach_apic(apic, deliver_bitmask, code) \
-{\
- int __i, __j, __mask;\
- for(__i = 0; __i < MAX_APIC_WORDS; __i++) {\
- __mask = deliver_bitmask[__i];\
- if (__mask) {\
- for(__j = 0; __j < 32; __j++) {\
- if (__mask & (1 << __j)) {\
- apic = local_apics[__i * 32 + __j];\
- if (apic) {\
- code;\
- }\
- }\
- }\
- }\
- }\
-}
-
-static void apic_bus_deliver(const uint32_t *deliver_bitmask,
- uint8_t delivery_mode, uint8_t vector_num,
- uint8_t trigger_mode)
-{
- APICCommonState *apic_iter;
-
- switch (delivery_mode) {
- case APIC_DM_LOWPRI:
- /* XXX: search for focus processor, arbitration */
- {
- int i, d;
- d = -1;
- for(i = 0; i < MAX_APIC_WORDS; i++) {
- if (deliver_bitmask[i]) {
- d = i * 32 + ffs_bit(deliver_bitmask[i]);
- break;
- }
- }
- if (d >= 0) {
- apic_iter = local_apics[d];
- if (apic_iter) {
- apic_set_irq(apic_iter, vector_num, trigger_mode);
- }
- }
- }
- return;
-
- case APIC_DM_FIXED:
- break;
-
- case APIC_DM_SMI:
- foreach_apic(apic_iter, deliver_bitmask,
- cpu_interrupt(&apic_iter->cpu->env, CPU_INTERRUPT_SMI)
- );
- return;
-
- case APIC_DM_NMI:
- foreach_apic(apic_iter, deliver_bitmask,
- cpu_interrupt(&apic_iter->cpu->env, CPU_INTERRUPT_NMI)
- );
- return;
-
- case APIC_DM_INIT:
- /* normal INIT IPI sent to processors */
- foreach_apic(apic_iter, deliver_bitmask,
- cpu_interrupt(&apic_iter->cpu->env,
- CPU_INTERRUPT_INIT)
- );
- return;
-
- case APIC_DM_EXTINT:
- /* handled in I/O APIC code */
- break;
-
- default:
- return;
- }
-
- foreach_apic(apic_iter, deliver_bitmask,
- apic_set_irq(apic_iter, vector_num, trigger_mode) );
-}
-
-void apic_deliver_irq(uint8_t dest, uint8_t dest_mode, uint8_t delivery_mode,
- uint8_t vector_num, uint8_t trigger_mode)
-{
- uint32_t deliver_bitmask[MAX_APIC_WORDS];
-
- trace_apic_deliver_irq(dest, dest_mode, delivery_mode, vector_num,
- trigger_mode);
-
- apic_get_delivery_bitmask(deliver_bitmask, dest, dest_mode);
- apic_bus_deliver(deliver_bitmask, delivery_mode, vector_num, trigger_mode);
-}
-
-static void apic_set_base(APICCommonState *s, uint64_t val)
-{
- s->apicbase = (val & 0xfffff000) |
- (s->apicbase & (MSR_IA32_APICBASE_BSP | MSR_IA32_APICBASE_ENABLE));
- /* if disabled, cannot be enabled again */
- if (!(val & MSR_IA32_APICBASE_ENABLE)) {
- s->apicbase &= ~MSR_IA32_APICBASE_ENABLE;
- cpu_clear_apic_feature(&s->cpu->env);
- s->spurious_vec &= ~APIC_SV_ENABLE;
- }
-}
-
-static void apic_set_tpr(APICCommonState *s, uint8_t val)
-{
- /* Updates from cr8 are ignored while the VAPIC is active */
- if (!s->vapic_paddr) {
- s->tpr = val << 4;
- apic_update_irq(s);
- }
-}
-
-static uint8_t apic_get_tpr(APICCommonState *s)
-{
- apic_sync_vapic(s, SYNC_FROM_VAPIC);
- return s->tpr >> 4;
-}
-
-static int apic_get_ppr(APICCommonState *s)
-{
- int tpr, isrv, ppr;
-
- tpr = (s->tpr >> 4);
- isrv = get_highest_priority_int(s->isr);
- if (isrv < 0)
- isrv = 0;
- isrv >>= 4;
- if (tpr >= isrv)
- ppr = s->tpr;
- else
- ppr = isrv << 4;
- return ppr;
-}
-
-static int apic_get_arb_pri(APICCommonState *s)
-{
- /* XXX: arbitration */
- return 0;
-}
-
-
-/*
- * <0 - low prio interrupt,
- * 0 - no interrupt,
- * >0 - interrupt number
- */
-static int apic_irq_pending(APICCommonState *s)
-{
- int irrv, ppr;
- irrv = get_highest_priority_int(s->irr);
- if (irrv < 0) {
- return 0;
- }
- ppr = apic_get_ppr(s);
- if (ppr && (irrv & 0xf0) <= (ppr & 0xf0)) {
- return -1;
- }
-
- return irrv;
-}
-
-/* signal the CPU if an irq is pending */
-static void apic_update_irq(APICCommonState *s)
-{
- CPUState *cpu = CPU(s->cpu);
-
- if (!(s->spurious_vec & APIC_SV_ENABLE)) {
- return;
- }
- if (!qemu_cpu_is_self(cpu)) {
- cpu_interrupt(&s->cpu->env, CPU_INTERRUPT_POLL);
- } else if (apic_irq_pending(s) > 0) {
- cpu_interrupt(&s->cpu->env, CPU_INTERRUPT_HARD);
- }
-}
-
-void apic_poll_irq(DeviceState *d)
-{
- APICCommonState *s = APIC_COMMON(d);
-
- apic_sync_vapic(s, SYNC_FROM_VAPIC);
- apic_update_irq(s);
-}
-
-static void apic_set_irq(APICCommonState *s, int vector_num, int trigger_mode)
-{
- apic_report_irq_delivered(!get_bit(s->irr, vector_num));
-
- set_bit(s->irr, vector_num);
- if (trigger_mode)
- set_bit(s->tmr, vector_num);
- else
- reset_bit(s->tmr, vector_num);
- if (s->vapic_paddr) {
- apic_sync_vapic(s, SYNC_ISR_IRR_TO_VAPIC);
- /*
- * The vcpu thread needs to see the new IRR before we pull its current
- * TPR value. That way, if we miss a lowering of the TRP, the guest
- * has the chance to notice the new IRR and poll for IRQs on its own.
- */
- smp_wmb();
- apic_sync_vapic(s, SYNC_FROM_VAPIC);
- }
- apic_update_irq(s);
-}
-
-static void apic_eoi(APICCommonState *s)
-{
- int isrv;
- isrv = get_highest_priority_int(s->isr);
- if (isrv < 0)
- return;
- reset_bit(s->isr, isrv);
- if (!(s->spurious_vec & APIC_SV_DIRECTED_IO) && get_bit(s->tmr, isrv)) {
- ioapic_eoi_broadcast(isrv);
- }
- apic_sync_vapic(s, SYNC_FROM_VAPIC | SYNC_TO_VAPIC);
- apic_update_irq(s);
-}
-
-static int apic_find_dest(uint8_t dest)
-{
- APICCommonState *apic = local_apics[dest];
- int i;
-
- if (apic && apic->id == dest)
- return dest; /* shortcut in case apic->id == apic->idx */
-
- for (i = 0; i < MAX_APICS; i++) {
- apic = local_apics[i];
- if (apic && apic->id == dest)
- return i;
- if (!apic)
- break;
- }
-
- return -1;
-}
-
-static void apic_get_delivery_bitmask(uint32_t *deliver_bitmask,
- uint8_t dest, uint8_t dest_mode)
-{
- APICCommonState *apic_iter;
- int i;
-
- if (dest_mode == 0) {
- if (dest == 0xff) {
- memset(deliver_bitmask, 0xff, MAX_APIC_WORDS * sizeof(uint32_t));
- } else {
- int idx = apic_find_dest(dest);
- memset(deliver_bitmask, 0x00, MAX_APIC_WORDS * sizeof(uint32_t));
- if (idx >= 0)
- set_bit(deliver_bitmask, idx);
- }
- } else {
- /* XXX: cluster mode */
- memset(deliver_bitmask, 0x00, MAX_APIC_WORDS * sizeof(uint32_t));
- for(i = 0; i < MAX_APICS; i++) {
- apic_iter = local_apics[i];
- if (apic_iter) {
- if (apic_iter->dest_mode == 0xf) {
- if (dest & apic_iter->log_dest)
- set_bit(deliver_bitmask, i);
- } else if (apic_iter->dest_mode == 0x0) {
- if ((dest & 0xf0) == (apic_iter->log_dest & 0xf0) &&
- (dest & apic_iter->log_dest & 0x0f)) {
- set_bit(deliver_bitmask, i);
- }
- }
- } else {
- break;
- }
- }
- }
-}
-
-static void apic_startup(APICCommonState *s, int vector_num)
-{
- s->sipi_vector = vector_num;
- cpu_interrupt(&s->cpu->env, CPU_INTERRUPT_SIPI);
-}
-
-void apic_sipi(DeviceState *d)
-{
- APICCommonState *s = DO_UPCAST(APICCommonState, busdev.qdev, d);
-
- cpu_reset_interrupt(&s->cpu->env, CPU_INTERRUPT_SIPI);
-
- if (!s->wait_for_sipi)
- return;
- cpu_x86_load_seg_cache_sipi(s->cpu, s->sipi_vector);
- s->wait_for_sipi = 0;
-}
-
-static void apic_deliver(DeviceState *d, uint8_t dest, uint8_t dest_mode,
- uint8_t delivery_mode, uint8_t vector_num,
- uint8_t trigger_mode)
-{
- APICCommonState *s = DO_UPCAST(APICCommonState, busdev.qdev, d);
- uint32_t deliver_bitmask[MAX_APIC_WORDS];
- int dest_shorthand = (s->icr[0] >> 18) & 3;
- APICCommonState *apic_iter;
-
- switch (dest_shorthand) {
- case 0:
- apic_get_delivery_bitmask(deliver_bitmask, dest, dest_mode);
- break;
- case 1:
- memset(deliver_bitmask, 0x00, sizeof(deliver_bitmask));
- set_bit(deliver_bitmask, s->idx);
- break;
- case 2:
- memset(deliver_bitmask, 0xff, sizeof(deliver_bitmask));
- break;
- case 3:
- memset(deliver_bitmask, 0xff, sizeof(deliver_bitmask));
- reset_bit(deliver_bitmask, s->idx);
- break;
- }
-
- switch (delivery_mode) {
- case APIC_DM_INIT:
- {
- int trig_mode = (s->icr[0] >> 15) & 1;
- int level = (s->icr[0] >> 14) & 1;
- if (level == 0 && trig_mode == 1) {
- foreach_apic(apic_iter, deliver_bitmask,
- apic_iter->arb_id = apic_iter->id );
- return;
- }
- }
- break;
-
- case APIC_DM_SIPI:
- foreach_apic(apic_iter, deliver_bitmask,
- apic_startup(apic_iter, vector_num) );
- return;
- }
-
- apic_bus_deliver(deliver_bitmask, delivery_mode, vector_num, trigger_mode);
-}
-
-static bool apic_check_pic(APICCommonState *s)
-{
- if (!apic_accept_pic_intr(&s->busdev.qdev) || !pic_get_output(isa_pic)) {
- return false;
- }
- apic_deliver_pic_intr(&s->busdev.qdev, 1);
- return true;
-}
-
-int apic_get_interrupt(DeviceState *d)
-{
- APICCommonState *s = DO_UPCAST(APICCommonState, busdev.qdev, d);
- int intno;
-
- /* if the APIC is installed or enabled, we let the 8259 handle the
- IRQs */
- if (!s)
- return -1;
- if (!(s->spurious_vec & APIC_SV_ENABLE))
- return -1;
-
- apic_sync_vapic(s, SYNC_FROM_VAPIC);
- intno = apic_irq_pending(s);
-
- if (intno == 0) {
- apic_sync_vapic(s, SYNC_TO_VAPIC);
- return -1;
- } else if (intno < 0) {
- apic_sync_vapic(s, SYNC_TO_VAPIC);
- return s->spurious_vec & 0xff;
- }
- reset_bit(s->irr, intno);
- set_bit(s->isr, intno);
- apic_sync_vapic(s, SYNC_TO_VAPIC);
-
- /* re-inject if there is still a pending PIC interrupt */
- apic_check_pic(s);
-
- apic_update_irq(s);
-
- return intno;
-}
-
-int apic_accept_pic_intr(DeviceState *d)
-{
- APICCommonState *s = DO_UPCAST(APICCommonState, busdev.qdev, d);
- uint32_t lvt0;
-
- if (!s)
- return -1;
-
- lvt0 = s->lvt[APIC_LVT_LINT0];
-
- if ((s->apicbase & MSR_IA32_APICBASE_ENABLE) == 0 ||
- (lvt0 & APIC_LVT_MASKED) == 0)
- return 1;
-
- return 0;
-}
-
-static uint32_t apic_get_current_count(APICCommonState *s)
-{
- int64_t d;
- uint32_t val;
- d = (qemu_get_clock_ns(vm_clock) - s->initial_count_load_time) >>
- s->count_shift;
- if (s->lvt[APIC_LVT_TIMER] & APIC_LVT_TIMER_PERIODIC) {
- /* periodic */
- val = s->initial_count - (d % ((uint64_t)s->initial_count + 1));
- } else {
- if (d >= s->initial_count)
- val = 0;
- else
- val = s->initial_count - d;
- }
- return val;
-}
-
-static void apic_timer_update(APICCommonState *s, int64_t current_time)
-{
- if (apic_next_timer(s, current_time)) {
- qemu_mod_timer(s->timer, s->next_time);
- } else {
- qemu_del_timer(s->timer);
- }
-}
-
-static void apic_timer(void *opaque)
-{
- APICCommonState *s = opaque;
-
- apic_local_deliver(s, APIC_LVT_TIMER);
- apic_timer_update(s, s->next_time);
-}
-
-static uint32_t apic_mem_readb(void *opaque, hwaddr addr)
-{
- return 0;
-}
-
-static uint32_t apic_mem_readw(void *opaque, hwaddr addr)
-{
- return 0;
-}
-
-static void apic_mem_writeb(void *opaque, hwaddr addr, uint32_t val)
-{
-}
-
-static void apic_mem_writew(void *opaque, hwaddr addr, uint32_t val)
-{
-}
-
-static uint32_t apic_mem_readl(void *opaque, hwaddr addr)
-{
- DeviceState *d;
- APICCommonState *s;
- uint32_t val;
- int index;
-
- d = cpu_get_current_apic();
- if (!d) {
- return 0;
- }
- s = DO_UPCAST(APICCommonState, busdev.qdev, d);
-
- index = (addr >> 4) & 0xff;
- switch(index) {
- case 0x02: /* id */
- val = s->id << 24;
- break;
- case 0x03: /* version */
- val = 0x11 | ((APIC_LVT_NB - 1) << 16); /* version 0x11 */
- break;
- case 0x08:
- apic_sync_vapic(s, SYNC_FROM_VAPIC);
- if (apic_report_tpr_access) {
- cpu_report_tpr_access(&s->cpu->env, TPR_ACCESS_READ);
- }
- val = s->tpr;
- break;
- case 0x09:
- val = apic_get_arb_pri(s);
- break;
- case 0x0a:
- /* ppr */
- val = apic_get_ppr(s);
- break;
- case 0x0b:
- val = 0;
- break;
- case 0x0d:
- val = s->log_dest << 24;
- break;
- case 0x0e:
- val = s->dest_mode << 28;
- break;
- case 0x0f:
- val = s->spurious_vec;
- break;
- case 0x10 ... 0x17:
- val = s->isr[index & 7];
- break;
- case 0x18 ... 0x1f:
- val = s->tmr[index & 7];
- break;
- case 0x20 ... 0x27:
- val = s->irr[index & 7];
- break;
- case 0x28:
- val = s->esr;
- break;
- case 0x30:
- case 0x31:
- val = s->icr[index & 1];
- break;
- case 0x32 ... 0x37:
- val = s->lvt[index - 0x32];
- break;
- case 0x38:
- val = s->initial_count;
- break;
- case 0x39:
- val = apic_get_current_count(s);
- break;
- case 0x3e:
- val = s->divide_conf;
- break;
- default:
- s->esr |= ESR_ILLEGAL_ADDRESS;
- val = 0;
- break;
- }
- trace_apic_mem_readl(addr, val);
- return val;
-}
-
-static void apic_send_msi(hwaddr addr, uint32_t data)
-{
- uint8_t dest = (addr & MSI_ADDR_DEST_ID_MASK) >> MSI_ADDR_DEST_ID_SHIFT;
- uint8_t vector = (data & MSI_DATA_VECTOR_MASK) >> MSI_DATA_VECTOR_SHIFT;
- uint8_t dest_mode = (addr >> MSI_ADDR_DEST_MODE_SHIFT) & 0x1;
- uint8_t trigger_mode = (data >> MSI_DATA_TRIGGER_SHIFT) & 0x1;
- uint8_t delivery = (data >> MSI_DATA_DELIVERY_MODE_SHIFT) & 0x7;
- /* XXX: Ignore redirection hint. */
- apic_deliver_irq(dest, dest_mode, delivery, vector, trigger_mode);
-}
-
-static void apic_mem_writel(void *opaque, hwaddr addr, uint32_t val)
-{
- DeviceState *d;
- APICCommonState *s;
- int index = (addr >> 4) & 0xff;
- if (addr > 0xfff || !index) {
- /* MSI and MMIO APIC are at the same memory location,
- * but actually not on the global bus: MSI is on PCI bus
- * APIC is connected directly to the CPU.
- * Mapping them on the global bus happens to work because
- * MSI registers are reserved in APIC MMIO and vice versa. */
- apic_send_msi(addr, val);
- return;
- }
-
- d = cpu_get_current_apic();
- if (!d) {
- return;
- }
- s = DO_UPCAST(APICCommonState, busdev.qdev, d);
-
- trace_apic_mem_writel(addr, val);
-
- switch(index) {
- case 0x02:
- s->id = (val >> 24);
- break;
- case 0x03:
- break;
- case 0x08:
- if (apic_report_tpr_access) {
- cpu_report_tpr_access(&s->cpu->env, TPR_ACCESS_WRITE);
- }
- s->tpr = val;
- apic_sync_vapic(s, SYNC_TO_VAPIC);
- apic_update_irq(s);
- break;
- case 0x09:
- case 0x0a:
- break;
- case 0x0b: /* EOI */
- apic_eoi(s);
- break;
- case 0x0d:
- s->log_dest = val >> 24;
- break;
- case 0x0e:
- s->dest_mode = val >> 28;
- break;
- case 0x0f:
- s->spurious_vec = val & 0x1ff;
- apic_update_irq(s);
- break;
- case 0x10 ... 0x17:
- case 0x18 ... 0x1f:
- case 0x20 ... 0x27:
- case 0x28:
- break;
- case 0x30:
- s->icr[0] = val;
- apic_deliver(d, (s->icr[1] >> 24) & 0xff, (s->icr[0] >> 11) & 1,
- (s->icr[0] >> 8) & 7, (s->icr[0] & 0xff),
- (s->icr[0] >> 15) & 1);
- break;
- case 0x31:
- s->icr[1] = val;
- break;
- case 0x32 ... 0x37:
- {
- int n = index - 0x32;
- s->lvt[n] = val;
- if (n == APIC_LVT_TIMER) {
- apic_timer_update(s, qemu_get_clock_ns(vm_clock));
- } else if (n == APIC_LVT_LINT0 && apic_check_pic(s)) {
- apic_update_irq(s);
- }
- }
- break;
- case 0x38:
- s->initial_count = val;
- s->initial_count_load_time = qemu_get_clock_ns(vm_clock);
- apic_timer_update(s, s->initial_count_load_time);
- break;
- case 0x39:
- break;
- case 0x3e:
- {
- int v;
- s->divide_conf = val & 0xb;
- v = (s->divide_conf & 3) | ((s->divide_conf >> 1) & 4);
- s->count_shift = (v + 1) & 7;
- }
- break;
- default:
- s->esr |= ESR_ILLEGAL_ADDRESS;
- break;
- }
-}
-
-static void apic_pre_save(APICCommonState *s)
-{
- apic_sync_vapic(s, SYNC_FROM_VAPIC);
-}
-
-static void apic_post_load(APICCommonState *s)
-{
- if (s->timer_expiry != -1) {
- qemu_mod_timer(s->timer, s->timer_expiry);
- } else {
- qemu_del_timer(s->timer);
- }
-}
-
-static const MemoryRegionOps apic_io_ops = {
- .old_mmio = {
- .read = { apic_mem_readb, apic_mem_readw, apic_mem_readl, },
- .write = { apic_mem_writeb, apic_mem_writew, apic_mem_writel, },
- },
- .endianness = DEVICE_NATIVE_ENDIAN,
-};
-
-static void apic_init(APICCommonState *s)
-{
- memory_region_init_io(&s->io_memory, &apic_io_ops, s, "apic-msi",
- MSI_SPACE_SIZE);
-
- s->timer = qemu_new_timer_ns(vm_clock, apic_timer, s);
- local_apics[s->idx] = s;
-
- msi_supported = true;
-}
-
-static void apic_class_init(ObjectClass *klass, void *data)
-{
- APICCommonClass *k = APIC_COMMON_CLASS(klass);
-
- k->init = apic_init;
- k->set_base = apic_set_base;
- k->set_tpr = apic_set_tpr;
- k->get_tpr = apic_get_tpr;
- k->vapic_base_update = apic_vapic_base_update;
- k->external_nmi = apic_external_nmi;
- k->pre_save = apic_pre_save;
- k->post_load = apic_post_load;
-}
-
-static TypeInfo apic_info = {
- .name = "apic",
- .instance_size = sizeof(APICCommonState),
- .parent = TYPE_APIC_COMMON,
- .class_init = apic_class_init,
-};
-
-static void apic_register_types(void)
-{
- type_register_static(&apic_info);
-}
-
-type_init(apic_register_types)
diff --git a/hw/apic.h b/hw/apic.h
deleted file mode 100644
index 1d48e027c..000000000
--- a/hw/apic.h
+++ /dev/null
@@ -1,32 +0,0 @@
-#ifndef APIC_H
-#define APIC_H
-
-#include "qemu-common.h"
-
-/* apic.c */
-void apic_deliver_irq(uint8_t dest, uint8_t dest_mode, uint8_t delivery_mode,
- uint8_t vector_num, uint8_t trigger_mode);
-int apic_accept_pic_intr(DeviceState *s);
-void apic_deliver_pic_intr(DeviceState *s, int level);
-void apic_deliver_nmi(DeviceState *d);
-int apic_get_interrupt(DeviceState *s);
-void apic_reset_irq_delivered(void);
-int apic_get_irq_delivered(void);
-void cpu_set_apic_base(DeviceState *s, uint64_t val);
-uint64_t cpu_get_apic_base(DeviceState *s);
-void cpu_set_apic_tpr(DeviceState *s, uint8_t val);
-uint8_t cpu_get_apic_tpr(DeviceState *s);
-void apic_init_reset(DeviceState *s);
-void apic_sipi(DeviceState *s);
-void apic_handle_tpr_access_report(DeviceState *d, target_ulong ip,
- TPRAccess access);
-void apic_poll_irq(DeviceState *d);
-void apic_designate_bsp(DeviceState *d);
-
-/* pc.c */
-DeviceState *cpu_get_current_apic(void);
-
-/* cpu.c */
-bool cpu_is_bsp(X86CPU *cpu);
-
-#endif
diff --git a/hw/apic_common.c b/hw/apic_common.c
deleted file mode 100644
index 5f542764e..000000000
--- a/hw/apic_common.c
+++ /dev/null
@@ -1,402 +0,0 @@
-/*
- * APIC support - common bits of emulated and KVM kernel model
- *
- * Copyright (c) 2004-2005 Fabrice Bellard
- * Copyright (c) 2011 Jan Kiszka, Siemens AG
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, see <http://www.gnu.org/licenses/>
- */
-#include "apic.h"
-#include "apic_internal.h"
-#include "trace.h"
-#include "kvm.h"
-
-static int apic_irq_delivered;
-bool apic_report_tpr_access;
-
-void cpu_set_apic_base(DeviceState *d, uint64_t val)
-{
- trace_cpu_set_apic_base(val);
-
- if (d) {
- APICCommonState *s = APIC_COMMON(d);
- APICCommonClass *info = APIC_COMMON_GET_CLASS(s);
- info->set_base(s, val);
- }
-}
-
-uint64_t cpu_get_apic_base(DeviceState *d)
-{
- if (d) {
- APICCommonState *s = APIC_COMMON(d);
- trace_cpu_get_apic_base((uint64_t)s->apicbase);
- return s->apicbase;
- } else {
- trace_cpu_get_apic_base(MSR_IA32_APICBASE_BSP);
- return MSR_IA32_APICBASE_BSP;
- }
-}
-
-void cpu_set_apic_tpr(DeviceState *d, uint8_t val)
-{
- APICCommonState *s;
- APICCommonClass *info;
-
- if (!d) {
- return;
- }
-
- s = APIC_COMMON(d);
- info = APIC_COMMON_GET_CLASS(s);
-
- info->set_tpr(s, val);
-}
-
-uint8_t cpu_get_apic_tpr(DeviceState *d)
-{
- APICCommonState *s;
- APICCommonClass *info;
-
- if (!d) {
- return 0;
- }
-
- s = APIC_COMMON(d);
- info = APIC_COMMON_GET_CLASS(s);
-
- return info->get_tpr(s);
-}
-
-void apic_enable_tpr_access_reporting(DeviceState *d, bool enable)
-{
- APICCommonState *s = DO_UPCAST(APICCommonState, busdev.qdev, d);
- APICCommonClass *info = APIC_COMMON_GET_CLASS(s);
-
- apic_report_tpr_access = enable;
- if (info->enable_tpr_reporting) {
- info->enable_tpr_reporting(s, enable);
- }
-}
-
-void apic_enable_vapic(DeviceState *d, hwaddr paddr)
-{
- APICCommonState *s = DO_UPCAST(APICCommonState, busdev.qdev, d);
- APICCommonClass *info = APIC_COMMON_GET_CLASS(s);
-
- s->vapic_paddr = paddr;
- info->vapic_base_update(s);
-}
-
-void apic_handle_tpr_access_report(DeviceState *d, target_ulong ip,
- TPRAccess access)
-{
- APICCommonState *s = DO_UPCAST(APICCommonState, busdev.qdev, d);
-
- vapic_report_tpr_access(s->vapic, &s->cpu->env, ip, access);
-}
-
-void apic_report_irq_delivered(int delivered)
-{
- apic_irq_delivered += delivered;
-
- trace_apic_report_irq_delivered(apic_irq_delivered);
-}
-
-void apic_reset_irq_delivered(void)
-{
- trace_apic_reset_irq_delivered(apic_irq_delivered);
-
- apic_irq_delivered = 0;
-}
-
-int apic_get_irq_delivered(void)
-{
- trace_apic_get_irq_delivered(apic_irq_delivered);
-
- return apic_irq_delivered;
-}
-
-void apic_deliver_nmi(DeviceState *d)
-{
- APICCommonState *s = APIC_COMMON(d);
- APICCommonClass *info = APIC_COMMON_GET_CLASS(s);
-
- info->external_nmi(s);
-}
-
-bool apic_next_timer(APICCommonState *s, int64_t current_time)
-{
- int64_t d;
-
- /* We need to store the timer state separately to support APIC
- * implementations that maintain a non-QEMU timer, e.g. inside the
- * host kernel. This open-coded state allows us to migrate between
- * both models. */
- s->timer_expiry = -1;
-
- if (s->lvt[APIC_LVT_TIMER] & APIC_LVT_MASKED) {
- return false;
- }
-
- d = (current_time - s->initial_count_load_time) >> s->count_shift;
-
- if (s->lvt[APIC_LVT_TIMER] & APIC_LVT_TIMER_PERIODIC) {
- if (!s->initial_count) {
- return false;
- }
- d = ((d / ((uint64_t)s->initial_count + 1)) + 1) *
- ((uint64_t)s->initial_count + 1);
- } else {
- if (d >= s->initial_count) {
- return false;
- }
- d = (uint64_t)s->initial_count + 1;
- }
- s->next_time = s->initial_count_load_time + (d << s->count_shift);
- s->timer_expiry = s->next_time;
- return true;
-}
-
-void apic_init_reset(DeviceState *d)
-{
- APICCommonState *s = DO_UPCAST(APICCommonState, busdev.qdev, d);
- int i;
-
- if (!s) {
- return;
- }
- s->tpr = 0;
- s->spurious_vec = 0xff;
- s->log_dest = 0;
- s->dest_mode = 0xf;
- memset(s->isr, 0, sizeof(s->isr));
- memset(s->tmr, 0, sizeof(s->tmr));
- memset(s->irr, 0, sizeof(s->irr));
- for (i = 0; i < APIC_LVT_NB; i++) {
- s->lvt[i] = APIC_LVT_MASKED;
- }
- s->esr = 0;
- memset(s->icr, 0, sizeof(s->icr));
- s->divide_conf = 0;
- s->count_shift = 0;
- s->initial_count = 0;
- s->initial_count_load_time = 0;
- s->next_time = 0;
- s->wait_for_sipi = 1;
-
- if (s->timer) {
- qemu_del_timer(s->timer);
- }
- s->timer_expiry = -1;
-}
-
-void apic_designate_bsp(DeviceState *d)
-{
- if (d == NULL) {
- return;
- }
-
- APICCommonState *s = APIC_COMMON(d);
- s->apicbase |= MSR_IA32_APICBASE_BSP;
-}
-
-static void apic_reset_common(DeviceState *d)
-{
- APICCommonState *s = DO_UPCAST(APICCommonState, busdev.qdev, d);
- APICCommonClass *info = APIC_COMMON_GET_CLASS(s);
- bool bsp;
-
- bsp = cpu_is_bsp(s->cpu);
- s->apicbase = 0xfee00000 |
- (bsp ? MSR_IA32_APICBASE_BSP : 0) | MSR_IA32_APICBASE_ENABLE;
-
- s->vapic_paddr = 0;
- info->vapic_base_update(s);
-
- apic_init_reset(d);
-
- if (bsp) {
- /*
- * LINT0 delivery mode on CPU #0 is set to ExtInt at initialization
- * time typically by BIOS, so PIC interrupt can be delivered to the
- * processor when local APIC is enabled.
- */
- s->lvt[APIC_LVT_LINT0] = 0x700;
- }
-}
-
-/* This function is only used for old state version 1 and 2 */
-static int apic_load_old(QEMUFile *f, void *opaque, int version_id)
-{
- APICCommonState *s = opaque;
- APICCommonClass *info = APIC_COMMON_GET_CLASS(s);
- int i;
-
- if (version_id > 2) {
- return -EINVAL;
- }
-
- /* XXX: what if the base changes? (registered memory regions) */
- qemu_get_be32s(f, &s->apicbase);
- qemu_get_8s(f, &s->id);
- qemu_get_8s(f, &s->arb_id);
- qemu_get_8s(f, &s->tpr);
- qemu_get_be32s(f, &s->spurious_vec);
- qemu_get_8s(f, &s->log_dest);
- qemu_get_8s(f, &s->dest_mode);
- for (i = 0; i < 8; i++) {
- qemu_get_be32s(f, &s->isr[i]);
- qemu_get_be32s(f, &s->tmr[i]);
- qemu_get_be32s(f, &s->irr[i]);
- }
- for (i = 0; i < APIC_LVT_NB; i++) {
- qemu_get_be32s(f, &s->lvt[i]);
- }
- qemu_get_be32s(f, &s->esr);
- qemu_get_be32s(f, &s->icr[0]);
- qemu_get_be32s(f, &s->icr[1]);
- qemu_get_be32s(f, &s->divide_conf);
- s->count_shift = qemu_get_be32(f);
- qemu_get_be32s(f, &s->initial_count);
- s->initial_count_load_time = qemu_get_be64(f);
- s->next_time = qemu_get_be64(f);
-
- if (version_id >= 2) {
- s->timer_expiry = qemu_get_be64(f);
- }
-
- if (info->post_load) {
- info->post_load(s);
- }
- return 0;
-}
-
-static int apic_init_common(SysBusDevice *dev)
-{
- APICCommonState *s = APIC_COMMON(dev);
- APICCommonClass *info;
- static DeviceState *vapic;
- static int apic_no;
-
- if (apic_no >= MAX_APICS) {
- return -1;
- }
- s->idx = apic_no++;
-
- info = APIC_COMMON_GET_CLASS(s);
- info->init(s);
-
- sysbus_init_mmio(dev, &s->io_memory);
-
- /* Note: We need at least 1M to map the VAPIC option ROM */
- if (!vapic && s->vapic_control & VAPIC_ENABLE_MASK &&
- ram_size >= 1024 * 1024) {
- vapic = sysbus_create_simple("kvmvapic", -1, NULL);
- }
- s->vapic = vapic;
- if (apic_report_tpr_access && info->enable_tpr_reporting) {
- info->enable_tpr_reporting(s, true);
- }
-
- return 0;
-}
-
-static void apic_dispatch_pre_save(void *opaque)
-{
- APICCommonState *s = APIC_COMMON(opaque);
- APICCommonClass *info = APIC_COMMON_GET_CLASS(s);
-
- if (info->pre_save) {
- info->pre_save(s);
- }
-}
-
-static int apic_dispatch_post_load(void *opaque, int version_id)
-{
- APICCommonState *s = APIC_COMMON(opaque);
- APICCommonClass *info = APIC_COMMON_GET_CLASS(s);
-
- if (info->post_load) {
- info->post_load(s);
- }
- return 0;
-}
-
-static const VMStateDescription vmstate_apic_common = {
- .name = "apic",
- .version_id = 3,
- .minimum_version_id = 3,
- .minimum_version_id_old = 1,
- .load_state_old = apic_load_old,
- .pre_save = apic_dispatch_pre_save,
- .post_load = apic_dispatch_post_load,
- .fields = (VMStateField[]) {
- VMSTATE_UINT32(apicbase, APICCommonState),
- VMSTATE_UINT8(id, APICCommonState),
- VMSTATE_UINT8(arb_id, APICCommonState),
- VMSTATE_UINT8(tpr, APICCommonState),
- VMSTATE_UINT32(spurious_vec, APICCommonState),
- VMSTATE_UINT8(log_dest, APICCommonState),
- VMSTATE_UINT8(dest_mode, APICCommonState),
- VMSTATE_UINT32_ARRAY(isr, APICCommonState, 8),
- VMSTATE_UINT32_ARRAY(tmr, APICCommonState, 8),
- VMSTATE_UINT32_ARRAY(irr, APICCommonState, 8),
- VMSTATE_UINT32_ARRAY(lvt, APICCommonState, APIC_LVT_NB),
- VMSTATE_UINT32(esr, APICCommonState),
- VMSTATE_UINT32_ARRAY(icr, APICCommonState, 2),
- VMSTATE_UINT32(divide_conf, APICCommonState),
- VMSTATE_INT32(count_shift, APICCommonState),
- VMSTATE_UINT32(initial_count, APICCommonState),
- VMSTATE_INT64(initial_count_load_time, APICCommonState),
- VMSTATE_INT64(next_time, APICCommonState),
- VMSTATE_INT64(timer_expiry,
- APICCommonState), /* open-coded timer state */
- VMSTATE_END_OF_LIST()
- }
-};
-
-static Property apic_properties_common[] = {
- DEFINE_PROP_UINT8("id", APICCommonState, id, -1),
- DEFINE_PROP_BIT("vapic", APICCommonState, vapic_control, VAPIC_ENABLE_BIT,
- true),
- DEFINE_PROP_END_OF_LIST(),
-};
-
-static void apic_common_class_init(ObjectClass *klass, void *data)
-{
- SysBusDeviceClass *sc = SYS_BUS_DEVICE_CLASS(klass);
- DeviceClass *dc = DEVICE_CLASS(klass);
-
- dc->vmsd = &vmstate_apic_common;
- dc->reset = apic_reset_common;
- dc->no_user = 1;
- dc->props = apic_properties_common;
- sc->init = apic_init_common;
-}
-
-static TypeInfo apic_common_type = {
- .name = TYPE_APIC_COMMON,
- .parent = TYPE_SYS_BUS_DEVICE,
- .instance_size = sizeof(APICCommonState),
- .class_size = sizeof(APICCommonClass),
- .class_init = apic_common_class_init,
- .abstract = true,
-};
-
-static void register_types(void)
-{
- type_register_static(&apic_common_type);
-}
-
-type_init(register_types)
diff --git a/hw/apic_internal.h b/hw/apic_internal.h
deleted file mode 100644
index 79e2de224..000000000
--- a/hw/apic_internal.h
+++ /dev/null
@@ -1,149 +0,0 @@
-/*
- * APIC support - internal interfaces
- *
- * Copyright (c) 2004-2005 Fabrice Bellard
- * Copyright (c) 2011 Jan Kiszka, Siemens AG
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, see <http://www.gnu.org/licenses/>
- */
-#ifndef QEMU_APIC_INTERNAL_H
-#define QEMU_APIC_INTERNAL_H
-
-#include "memory.h"
-#include "sysbus.h"
-#include "qemu-timer.h"
-
-/* APIC Local Vector Table */
-#define APIC_LVT_TIMER 0
-#define APIC_LVT_THERMAL 1
-#define APIC_LVT_PERFORM 2
-#define APIC_LVT_LINT0 3
-#define APIC_LVT_LINT1 4
-#define APIC_LVT_ERROR 5
-#define APIC_LVT_NB 6
-
-/* APIC delivery modes */
-#define APIC_DM_FIXED 0
-#define APIC_DM_LOWPRI 1
-#define APIC_DM_SMI 2
-#define APIC_DM_NMI 4
-#define APIC_DM_INIT 5
-#define APIC_DM_SIPI 6
-#define APIC_DM_EXTINT 7
-
-/* APIC destination mode */
-#define APIC_DESTMODE_FLAT 0xf
-#define APIC_DESTMODE_CLUSTER 1
-
-#define APIC_TRIGGER_EDGE 0
-#define APIC_TRIGGER_LEVEL 1
-
-#define APIC_LVT_TIMER_PERIODIC (1<<17)
-#define APIC_LVT_MASKED (1<<16)
-#define APIC_LVT_LEVEL_TRIGGER (1<<15)
-#define APIC_LVT_REMOTE_IRR (1<<14)
-#define APIC_INPUT_POLARITY (1<<13)
-#define APIC_SEND_PENDING (1<<12)
-
-#define ESR_ILLEGAL_ADDRESS (1 << 7)
-
-#define APIC_SV_DIRECTED_IO (1<<12)
-#define APIC_SV_ENABLE (1<<8)
-
-#define VAPIC_ENABLE_BIT 0
-#define VAPIC_ENABLE_MASK (1 << VAPIC_ENABLE_BIT)
-
-#define MAX_APICS 255
-
-#define MSI_SPACE_SIZE 0x100000
-
-typedef struct APICCommonState APICCommonState;
-
-#define TYPE_APIC_COMMON "apic-common"
-#define APIC_COMMON(obj) \
- OBJECT_CHECK(APICCommonState, (obj), TYPE_APIC_COMMON)
-#define APIC_COMMON_CLASS(klass) \
- OBJECT_CLASS_CHECK(APICCommonClass, (klass), TYPE_APIC_COMMON)
-#define APIC_COMMON_GET_CLASS(obj) \
- OBJECT_GET_CLASS(APICCommonClass, (obj), TYPE_APIC_COMMON)
-
-typedef struct APICCommonClass
-{
- SysBusDeviceClass parent_class;
-
- void (*init)(APICCommonState *s);
- void (*set_base)(APICCommonState *s, uint64_t val);
- void (*set_tpr)(APICCommonState *s, uint8_t val);
- uint8_t (*get_tpr)(APICCommonState *s);
- void (*enable_tpr_reporting)(APICCommonState *s, bool enable);
- void (*vapic_base_update)(APICCommonState *s);
- void (*external_nmi)(APICCommonState *s);
- void (*pre_save)(APICCommonState *s);
- void (*post_load)(APICCommonState *s);
-} APICCommonClass;
-
-struct APICCommonState {
- SysBusDevice busdev;
-
- MemoryRegion io_memory;
- X86CPU *cpu;
- uint32_t apicbase;
- uint8_t id;
- uint8_t arb_id;
- uint8_t tpr;
- uint32_t spurious_vec;
- uint8_t log_dest;
- uint8_t dest_mode;
- uint32_t isr[8]; /* in service register */
- uint32_t tmr[8]; /* trigger mode register */
- uint32_t irr[8]; /* interrupt request register */
- uint32_t lvt[APIC_LVT_NB];
- uint32_t esr; /* error register */
- uint32_t icr[2];
-
- uint32_t divide_conf;
- int count_shift;
- uint32_t initial_count;
- int64_t initial_count_load_time;
- int64_t next_time;
- int idx;
- QEMUTimer *timer;
- int64_t timer_expiry;
- int sipi_vector;
- int wait_for_sipi;
-
- uint32_t vapic_control;
- DeviceState *vapic;
- hwaddr vapic_paddr; /* note: persistence via kvmvapic */
-};
-
-typedef struct VAPICState {
- uint8_t tpr;
- uint8_t isr;
- uint8_t zero;
- uint8_t irr;
- uint8_t enabled;
-} QEMU_PACKED VAPICState;
-
-extern bool apic_report_tpr_access;
-
-void apic_report_irq_delivered(int delivered);
-bool apic_next_timer(APICCommonState *s, int64_t current_time);
-void apic_enable_tpr_access_reporting(DeviceState *d, bool enable);
-void apic_enable_vapic(DeviceState *d, hwaddr paddr);
-
-void vapic_report_tpr_access(DeviceState *dev, void *cpu, target_ulong ip,
- TPRAccess access);
-
-#endif /* !QEMU_APIC_INTERNAL_H */
diff --git a/hw/apm.c b/hw/apm.c
deleted file mode 100644
index 2aead52a7..000000000
--- a/hw/apm.c
+++ /dev/null
@@ -1,89 +0,0 @@
-/*
- * QEMU PC APM controller Emulation
- * This is split out from acpi.c
- *
- * Copyright (c) 2006 Fabrice Bellard
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License version 2 as published by the Free Software Foundation.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, see <http://www.gnu.org/licenses/>
- *
- * Contributions after 2012-01-13 are licensed under the terms of the
- * GNU GPL, version 2 or (at your option) any later version.
- */
-
-#include "apm.h"
-#include "hw.h"
-
-//#define DEBUG
-
-#ifdef DEBUG
-# define APM_DPRINTF(format, ...) printf(format, ## __VA_ARGS__)
-#else
-# define APM_DPRINTF(format, ...) do { } while (0)
-#endif
-
-/* fixed I/O location */
-#define APM_CNT_IOPORT 0xb2
-#define APM_STS_IOPORT 0xb3
-
-static void apm_ioport_writeb(void *opaque, uint32_t addr, uint32_t val)
-{
- APMState *apm = opaque;
- addr &= 1;
- APM_DPRINTF("apm_ioport_writeb addr=0x%x val=0x%02x\n", addr, val);
- if (addr == 0) {
- apm->apmc = val;
-
- if (apm->callback) {
- (apm->callback)(val, apm->arg);
- }
- } else {
- apm->apms = val;
- }
-}
-
-static uint32_t apm_ioport_readb(void *opaque, uint32_t addr)
-{
- APMState *apm = opaque;
- uint32_t val;
-
- addr &= 1;
- if (addr == 0) {
- val = apm->apmc;
- } else {
- val = apm->apms;
- }
- APM_DPRINTF("apm_ioport_readb addr=0x%x val=0x%02x\n", addr, val);
- return val;
-}
-
-const VMStateDescription vmstate_apm = {
- .name = "APM State",
- .version_id = 1,
- .minimum_version_id = 1,
- .minimum_version_id_old = 1,
- .fields = (VMStateField[]) {
- VMSTATE_UINT8(apmc, APMState),
- VMSTATE_UINT8(apms, APMState),
- VMSTATE_END_OF_LIST()
- }
-};
-
-void apm_init(APMState *apm, apm_ctrl_changed_t callback, void *arg)
-{
- apm->callback = callback;
- apm->arg = arg;
-
- /* ioport 0xb2, 0xb3 */
- register_ioport_write(APM_CNT_IOPORT, 2, 1, apm_ioport_writeb, apm);
- register_ioport_read(APM_CNT_IOPORT, 2, 1, apm_ioport_readb, apm);
-}
diff --git a/hw/apm.h b/hw/apm.h
deleted file mode 100644
index f7c741e32..000000000
--- a/hw/apm.h
+++ /dev/null
@@ -1,22 +0,0 @@
-#ifndef APM_H
-#define APM_H
-
-#include <stdint.h>
-#include "qemu-common.h"
-#include "hw.h"
-
-typedef void (*apm_ctrl_changed_t)(uint32_t val, void *arg);
-
-typedef struct APMState {
- uint8_t apmc;
- uint8_t apms;
-
- apm_ctrl_changed_t callback;
- void *arg;
-} APMState;
-
-void apm_init(APMState *s, apm_ctrl_changed_t callback, void *arg);
-
-extern const VMStateDescription vmstate_apm;
-
-#endif /* APM_H */
diff --git a/hw/applesmc.c b/hw/applesmc.c
deleted file mode 100644
index 8bedaad31..000000000
--- a/hw/applesmc.c
+++ /dev/null
@@ -1,251 +0,0 @@
-/*
- * Apple SMC controller
- *
- * Copyright (c) 2007 Alexander Graf
- *
- * Authors: Alexander Graf <agraf@suse.de>
- * Susanne Graf <suse@csgraf.de>
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, see <http://www.gnu.org/licenses/>.
- *
- * *****************************************************************
- *
- * In all Intel-based Apple hardware there is an SMC chip to control the
- * backlight, fans and several other generic device parameters. It also
- * contains the magic keys used to dongle Mac OS X to the device.
- *
- * This driver was mostly created by looking at the Linux AppleSMC driver
- * implementation and does not support IRQ.
- *
- */
-
-#include "hw.h"
-#include "isa.h"
-#include "console.h"
-#include "qemu-timer.h"
-
-/* #define DEBUG_SMC */
-
-#define APPLESMC_DEFAULT_IOBASE 0x300
-/* data port used by Apple SMC */
-#define APPLESMC_DATA_PORT 0x0
-/* command/status port used by Apple SMC */
-#define APPLESMC_CMD_PORT 0x4
-#define APPLESMC_NR_PORTS 32
-#define APPLESMC_MAX_DATA_LENGTH 32
-
-#define APPLESMC_READ_CMD 0x10
-#define APPLESMC_WRITE_CMD 0x11
-#define APPLESMC_GET_KEY_BY_INDEX_CMD 0x12
-#define APPLESMC_GET_KEY_TYPE_CMD 0x13
-
-#ifdef DEBUG_SMC
-#define smc_debug(...) fprintf(stderr, "AppleSMC: " __VA_ARGS__)
-#else
-#define smc_debug(...) do { } while(0)
-#endif
-
-static char default_osk[64] = "This is a dummy key. Enter the real key "
- "using the -osk parameter";
-
-struct AppleSMCData {
- uint8_t len;
- const char *key;
- const char *data;
- QLIST_ENTRY(AppleSMCData) node;
-};
-
-struct AppleSMCStatus {
- ISADevice dev;
- uint32_t iobase;
- uint8_t cmd;
- uint8_t status;
- uint8_t key[4];
- uint8_t read_pos;
- uint8_t data_len;
- uint8_t data_pos;
- uint8_t data[255];
- uint8_t charactic[4];
- char *osk;
- QLIST_HEAD(, AppleSMCData) data_def;
-};
-
-static void applesmc_io_cmd_writeb(void *opaque, uint32_t addr, uint32_t val)
-{
- struct AppleSMCStatus *s = opaque;
-
- smc_debug("CMD Write B: %#x = %#x\n", addr, val);
- switch(val) {
- case APPLESMC_READ_CMD:
- s->status = 0x0c;
- break;
- }
- s->cmd = val;
- s->read_pos = 0;
- s->data_pos = 0;
-}
-
-static void applesmc_fill_data(struct AppleSMCStatus *s)
-{
- struct AppleSMCData *d;
-
- QLIST_FOREACH(d, &s->data_def, node) {
- if (!memcmp(d->key, s->key, 4)) {
- smc_debug("Key matched (%s Len=%d Data=%s)\n", d->key,
- d->len, d->data);
- memcpy(s->data, d->data, d->len);
- return;
- }
- }
-}
-
-static void applesmc_io_data_writeb(void *opaque, uint32_t addr, uint32_t val)
-{
- struct AppleSMCStatus *s = opaque;
-
- smc_debug("DATA Write B: %#x = %#x\n", addr, val);
- switch(s->cmd) {
- case APPLESMC_READ_CMD:
- if(s->read_pos < 4) {
- s->key[s->read_pos] = val;
- s->status = 0x04;
- } else if(s->read_pos == 4) {
- s->data_len = val;
- s->status = 0x05;
- s->data_pos = 0;
- smc_debug("Key = %c%c%c%c Len = %d\n", s->key[0],
- s->key[1], s->key[2], s->key[3], val);
- applesmc_fill_data(s);
- }
- s->read_pos++;
- break;
- }
-}
-
-static uint32_t applesmc_io_data_readb(void *opaque, uint32_t addr1)
-{
- struct AppleSMCStatus *s = opaque;
- uint8_t retval = 0;
-
- switch(s->cmd) {
- case APPLESMC_READ_CMD:
- if(s->data_pos < s->data_len) {
- retval = s->data[s->data_pos];
- smc_debug("READ_DATA[%d] = %#hhx\n", s->data_pos,
- retval);
- s->data_pos++;
- if(s->data_pos == s->data_len) {
- s->status = 0x00;
- smc_debug("EOF\n");
- } else
- s->status = 0x05;
- }
- }
- smc_debug("DATA Read b: %#x = %#x\n", addr1, retval);
-
- return retval;
-}
-
-static uint32_t applesmc_io_cmd_readb(void *opaque, uint32_t addr1)
-{
- struct AppleSMCStatus *s = opaque;
-
- smc_debug("CMD Read B: %#x\n", addr1);
- return s->status;
-}
-
-static void applesmc_add_key(struct AppleSMCStatus *s, const char *key,
- int len, const char *data)
-{
- struct AppleSMCData *def;
-
- def = g_malloc0(sizeof(struct AppleSMCData));
- def->key = key;
- def->len = len;
- def->data = data;
-
- QLIST_INSERT_HEAD(&s->data_def, def, node);
-}
-
-static void qdev_applesmc_isa_reset(DeviceState *dev)
-{
- struct AppleSMCStatus *s = DO_UPCAST(struct AppleSMCStatus, dev.qdev, dev);
- struct AppleSMCData *d, *next;
-
- /* Remove existing entries */
- QLIST_FOREACH_SAFE(d, &s->data_def, node, next) {
- QLIST_REMOVE(d, node);
- }
-
- applesmc_add_key(s, "REV ", 6, "\x01\x13\x0f\x00\x00\x03");
- applesmc_add_key(s, "OSK0", 32, s->osk);
- applesmc_add_key(s, "OSK1", 32, s->osk + 32);
- applesmc_add_key(s, "NATJ", 1, "\0");
- applesmc_add_key(s, "MSSP", 1, "\0");
- applesmc_add_key(s, "MSSD", 1, "\0x3");
-}
-
-static int applesmc_isa_init(ISADevice *dev)
-{
- struct AppleSMCStatus *s = DO_UPCAST(struct AppleSMCStatus, dev, dev);
-
- register_ioport_read(s->iobase + APPLESMC_DATA_PORT, 4, 1,
- applesmc_io_data_readb, s);
- register_ioport_read(s->iobase + APPLESMC_CMD_PORT, 4, 1,
- applesmc_io_cmd_readb, s);
- register_ioport_write(s->iobase + APPLESMC_DATA_PORT, 4, 1,
- applesmc_io_data_writeb, s);
- register_ioport_write(s->iobase + APPLESMC_CMD_PORT, 4, 1,
- applesmc_io_cmd_writeb, s);
-
- if (!s->osk || (strlen(s->osk) != 64)) {
- fprintf(stderr, "WARNING: Using AppleSMC with invalid key\n");
- s->osk = default_osk;
- }
-
- QLIST_INIT(&s->data_def);
- qdev_applesmc_isa_reset(&dev->qdev);
-
- return 0;
-}
-
-static Property applesmc_isa_properties[] = {
- DEFINE_PROP_HEX32("iobase", struct AppleSMCStatus, iobase,
- APPLESMC_DEFAULT_IOBASE),
- DEFINE_PROP_STRING("osk", struct AppleSMCStatus, osk),
- DEFINE_PROP_END_OF_LIST(),
-};
-
-static void qdev_applesmc_class_init(ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS(klass);
- ISADeviceClass *ic = ISA_DEVICE_CLASS(klass);
- ic->init = applesmc_isa_init;
- dc->reset = qdev_applesmc_isa_reset;
- dc->props = applesmc_isa_properties;
-}
-
-static TypeInfo applesmc_isa_info = {
- .name = "isa-applesmc",
- .parent = TYPE_ISA_DEVICE,
- .instance_size = sizeof(struct AppleSMCStatus),
- .class_init = qdev_applesmc_class_init,
-};
-
-static void applesmc_register_types(void)
-{
- type_register_static(&applesmc_isa_info);
-}
-
-type_init(applesmc_register_types)
diff --git a/hw/arm-misc.h b/hw/arm-misc.h
deleted file mode 100644
index d129678b2..000000000
--- a/hw/arm-misc.h
+++ /dev/null
@@ -1,70 +0,0 @@
-/*
- * Misc ARM declarations
- *
- * Copyright (c) 2006 CodeSourcery.
- * Written by Paul Brook
- *
- * This code is licensed under the LGPL.
- *
- */
-
-#ifndef ARM_MISC_H
-#define ARM_MISC_H 1
-
-#include "memory.h"
-#include "hw/irq.h"
-
-/* The CPU is also modeled as an interrupt controller. */
-#define ARM_PIC_CPU_IRQ 0
-#define ARM_PIC_CPU_FIQ 1
-qemu_irq *arm_pic_init_cpu(ARMCPU *cpu);
-
-/* armv7m.c */
-qemu_irq *armv7m_init(MemoryRegion *address_space_mem,
- int flash_size, int sram_size,
- const char *kernel_filename, const char *cpu_model);
-
-/* arm_boot.c */
-struct arm_boot_info {
- uint64_t ram_size;
- const char *kernel_filename;
- const char *kernel_cmdline;
- const char *initrd_filename;
- const char *dtb_filename;
- hwaddr loader_start;
- /* multicore boards that use the default secondary core boot functions
- * need to put the address of the secondary boot code, the boot reg,
- * and the GIC address in the next 3 values, respectively. boards that
- * have their own boot functions can use these values as they want.
- */
- hwaddr smp_loader_start;
- hwaddr smp_bootreg_addr;
- hwaddr gic_cpu_if_addr;
- int nb_cpus;
- int board_id;
- int (*atag_board)(const struct arm_boot_info *info, void *p);
- /* multicore boards that use the default secondary core boot functions
- * can ignore these two function calls. If the default functions won't
- * work, then write_secondary_boot() should write a suitable blob of
- * code mimicking the secondary CPU startup process used by the board's
- * boot loader/boot ROM code, and secondary_cpu_reset_hook() should
- * perform any necessary CPU reset handling and set the PC for the
- * secondary CPUs to point at this boot blob.
- */
- void (*write_secondary_boot)(ARMCPU *cpu,
- const struct arm_boot_info *info);
- void (*secondary_cpu_reset_hook)(ARMCPU *cpu,
- const struct arm_boot_info *info);
- /* Used internally by arm_boot.c */
- int is_linux;
- hwaddr initrd_start;
- hwaddr initrd_size;
- hwaddr entry;
-};
-void arm_load_kernel(ARMCPU *cpu, struct arm_boot_info *info);
-
-/* Multiplication factor to convert from system clock ticks to qemu timer
- ticks. */
-extern int system_clock_scale;
-
-#endif /* !ARM_MISC_H */
diff --git a/hw/arm/Makefile.objs b/hw/arm/Makefile.objs
index 6d049e7de..9e3a06fc1 100644
--- a/hw/arm/Makefile.objs
+++ b/hw/arm/Makefile.objs
@@ -1,35 +1,7 @@
-obj-y = integratorcp.o versatilepb.o arm_pic.o
-obj-y += arm_boot.o
-obj-y += xilinx_zynq.o zynq_slcr.o
-obj-y += xilinx_spips.o
-obj-y += arm_gic.o arm_gic_common.o
-obj-y += realview_gic.o realview.o arm_sysctl.o arm11mpcore.o a9mpcore.o
-obj-y += exynos4210_gic.o exynos4210_combiner.o exynos4210.o
-obj-y += exynos4_boards.o exynos4210_uart.o exynos4210_pwm.o
-obj-y += exynos4210_pmu.o exynos4210_mct.o exynos4210_fimd.o
-obj-y += exynos4210_rtc.o exynos4210_i2c.o
-obj-y += arm_mptimer.o a15mpcore.o
-obj-y += armv7m.o armv7m_nvic.o stellaris.o stellaris_enet.o
-obj-y += highbank.o
-obj-y += pxa2xx.o pxa2xx_pic.o pxa2xx_gpio.o pxa2xx_timer.o pxa2xx_dma.o
-obj-y += pxa2xx_lcd.o pxa2xx_mmci.o pxa2xx_pcmcia.o pxa2xx_keypad.o
-obj-y += gumstix.o
-obj-y += zaurus.o ide/microdrive.o spitz.o tosa.o tc6393xb.o
-obj-y += omap1.o omap_lcdc.o omap_dma.o omap_clk.o omap_mmc.o omap_i2c.o \
- omap_gpio.o omap_intc.o omap_uart.o
-obj-y += omap2.o omap_dss.o soc_dma.o omap_gptimer.o omap_synctimer.o \
- omap_gpmc.o omap_sdrc.o omap_spi.o omap_tap.o omap_l4.o
-obj-y += omap_sx1.o palm.o tsc210x.o
-obj-y += nseries.o blizzard.o onenand.o cbus.o tusb6010.o usb/hcd-musb.o
-obj-y += mst_fpga.o mainstone.o
-obj-y += z2.o
-obj-y += musicpal.o bitbang_i2c.o marvell_88w8618_audio.o
-obj-y += framebuffer.o
-obj-y += vexpress.o
-obj-y += strongarm.o
-obj-y += collie.o
-obj-y += imx_serial.o imx_ccm.o imx_timer.o imx_avic.o
-obj-y += kzm.o
-obj-$(CONFIG_FDT) += ../device_tree.o
+obj-y += boot.o collie.o exynos4_boards.o gumstix.o highbank.o
+obj-y += integratorcp.o kzm.o mainstone.o musicpal.o nseries.o
+obj-y += omap_sx1.o palm.o pic_cpu.o realview.o spitz.o stellaris.o
+obj-y += tosa.o versatilepb.o vexpress.o xilinx_zynq.o z2.o
-obj-y := $(addprefix ../,$(obj-y))
+obj-y += armv7m.o exynos4210.o pxa2xx.o pxa2xx_gpio.o pxa2xx_pic.o
+obj-y += omap1.o omap2.o strongarm.o
diff --git a/hw/arm/armv7m.c b/hw/arm/armv7m.c
new file mode 100644
index 000000000..82d36fb69
--- /dev/null
+++ b/hw/arm/armv7m.c
@@ -0,0 +1,290 @@
+/*
+ * ARMV7M System emulation.
+ *
+ * Copyright (c) 2006-2007 CodeSourcery.
+ * Written by Paul Brook
+ *
+ * This code is licensed under the GPL.
+ */
+
+#include "hw/sysbus.h"
+#include "hw/arm/arm.h"
+#include "hw/loader.h"
+#include "elf.h"
+
+/* Bitbanded IO. Each word corresponds to a single bit. */
+
+/* Get the byte address of the real memory for a bitband access. */
+static inline uint32_t bitband_addr(void * opaque, uint32_t addr)
+{
+ uint32_t res;
+
+ res = *(uint32_t *)opaque;
+ res |= (addr & 0x1ffffff) >> 5;
+ return res;
+
+}
+
+static uint32_t bitband_readb(void *opaque, hwaddr offset)
+{
+ uint8_t v;
+ cpu_physical_memory_read(bitband_addr(opaque, offset), &v, 1);
+ return (v & (1 << ((offset >> 2) & 7))) != 0;
+}
+
+static void bitband_writeb(void *opaque, hwaddr offset,
+ uint32_t value)
+{
+ uint32_t addr;
+ uint8_t mask;
+ uint8_t v;
+ addr = bitband_addr(opaque, offset);
+ mask = (1 << ((offset >> 2) & 7));
+ cpu_physical_memory_read(addr, &v, 1);
+ if (value & 1)
+ v |= mask;
+ else
+ v &= ~mask;
+ cpu_physical_memory_write(addr, &v, 1);
+}
+
+static uint32_t bitband_readw(void *opaque, hwaddr offset)
+{
+ uint32_t addr;
+ uint16_t mask;
+ uint16_t v;
+ addr = bitband_addr(opaque, offset) & ~1;
+ mask = (1 << ((offset >> 2) & 15));
+ mask = tswap16(mask);
+ cpu_physical_memory_read(addr, &v, 2);
+ return (v & mask) != 0;
+}
+
+static void bitband_writew(void *opaque, hwaddr offset,
+ uint32_t value)
+{
+ uint32_t addr;
+ uint16_t mask;
+ uint16_t v;
+ addr = bitband_addr(opaque, offset) & ~1;
+ mask = (1 << ((offset >> 2) & 15));
+ mask = tswap16(mask);
+ cpu_physical_memory_read(addr, &v, 2);
+ if (value & 1)
+ v |= mask;
+ else
+ v &= ~mask;
+ cpu_physical_memory_write(addr, &v, 2);
+}
+
+static uint32_t bitband_readl(void *opaque, hwaddr offset)
+{
+ uint32_t addr;
+ uint32_t mask;
+ uint32_t v;
+ addr = bitband_addr(opaque, offset) & ~3;
+ mask = (1 << ((offset >> 2) & 31));
+ mask = tswap32(mask);
+ cpu_physical_memory_read(addr, &v, 4);
+ return (v & mask) != 0;
+}
+
+static void bitband_writel(void *opaque, hwaddr offset,
+ uint32_t value)
+{
+ uint32_t addr;
+ uint32_t mask;
+ uint32_t v;
+ addr = bitband_addr(opaque, offset) & ~3;
+ mask = (1 << ((offset >> 2) & 31));
+ mask = tswap32(mask);
+ cpu_physical_memory_read(addr, &v, 4);
+ if (value & 1)
+ v |= mask;
+ else
+ v &= ~mask;
+ cpu_physical_memory_write(addr, &v, 4);
+}
+
+static const MemoryRegionOps bitband_ops = {
+ .old_mmio = {
+ .read = { bitband_readb, bitband_readw, bitband_readl, },
+ .write = { bitband_writeb, bitband_writew, bitband_writel, },
+ },
+ .endianness = DEVICE_NATIVE_ENDIAN,
+};
+
+#define TYPE_BITBAND "ARM,bitband-memory"
+#define BITBAND(obj) OBJECT_CHECK(BitBandState, (obj), TYPE_BITBAND)
+
+typedef struct {
+ /*< private >*/
+ SysBusDevice parent_obj;
+ /*< public >*/
+
+ MemoryRegion iomem;
+ uint32_t base;
+} BitBandState;
+
+static int bitband_init(SysBusDevice *dev)
+{
+ BitBandState *s = BITBAND(dev);
+
+ memory_region_init_io(&s->iomem, OBJECT(s), &bitband_ops, &s->base,
+ "bitband", 0x02000000);
+ sysbus_init_mmio(dev, &s->iomem);
+ return 0;
+}
+
+static void armv7m_bitband_init(void)
+{
+ DeviceState *dev;
+
+ dev = qdev_create(NULL, TYPE_BITBAND);
+ qdev_prop_set_uint32(dev, "base", 0x20000000);
+ qdev_init_nofail(dev);
+ sysbus_mmio_map(SYS_BUS_DEVICE(dev), 0, 0x22000000);
+
+ dev = qdev_create(NULL, TYPE_BITBAND);
+ qdev_prop_set_uint32(dev, "base", 0x40000000);
+ qdev_init_nofail(dev);
+ sysbus_mmio_map(SYS_BUS_DEVICE(dev), 0, 0x42000000);
+}
+
+/* Board init. */
+
+static void armv7m_reset(void *opaque)
+{
+ ARMCPU *cpu = opaque;
+
+ cpu_reset(CPU(cpu));
+}
+
+/* Init CPU and memory for a v7-M based board.
+ flash_size and sram_size are in kb.
+ Returns the NVIC array. */
+
+qemu_irq *armv7m_init(MemoryRegion *address_space_mem,
+ int flash_size, int sram_size,
+ const char *kernel_filename, const char *cpu_model)
+{
+ ARMCPU *cpu;
+ CPUARMState *env;
+ DeviceState *nvic;
+ /* FIXME: make this local state. */
+ static qemu_irq pic[64];
+ qemu_irq *cpu_pic;
+ int image_size;
+ uint64_t entry;
+ uint64_t lowaddr;
+ int i;
+ int big_endian;
+ MemoryRegion *sram = g_new(MemoryRegion, 1);
+ MemoryRegion *flash = g_new(MemoryRegion, 1);
+ MemoryRegion *hack = g_new(MemoryRegion, 1);
+
+ flash_size *= 1024;
+ sram_size *= 1024;
+
+ if (cpu_model == NULL) {
+ cpu_model = "cortex-m3";
+ }
+ cpu = cpu_arm_init(cpu_model);
+ if (cpu == NULL) {
+ fprintf(stderr, "Unable to find CPU definition\n");
+ exit(1);
+ }
+ env = &cpu->env;
+
+#if 0
+ /* > 32Mb SRAM gets complicated because it overlaps the bitband area.
+ We don't have proper commandline options, so allocate half of memory
+ as SRAM, up to a maximum of 32Mb, and the rest as code. */
+ if (ram_size > (512 + 32) * 1024 * 1024)
+ ram_size = (512 + 32) * 1024 * 1024;
+ sram_size = (ram_size / 2) & TARGET_PAGE_MASK;
+ if (sram_size > 32 * 1024 * 1024)
+ sram_size = 32 * 1024 * 1024;
+ code_size = ram_size - sram_size;
+#endif
+
+ /* Flash programming is done via the SCU, so pretend it is ROM. */
+ memory_region_init_ram(flash, NULL, "armv7m.flash", flash_size);
+ vmstate_register_ram_global(flash);
+ memory_region_set_readonly(flash, true);
+ memory_region_add_subregion(address_space_mem, 0, flash);
+ memory_region_init_ram(sram, NULL, "armv7m.sram", sram_size);
+ vmstate_register_ram_global(sram);
+ memory_region_add_subregion(address_space_mem, 0x20000000, sram);
+ armv7m_bitband_init();
+
+ nvic = qdev_create(NULL, "armv7m_nvic");
+ env->nvic = nvic;
+ qdev_init_nofail(nvic);
+ cpu_pic = arm_pic_init_cpu(cpu);
+ sysbus_connect_irq(SYS_BUS_DEVICE(nvic), 0, cpu_pic[ARM_PIC_CPU_IRQ]);
+ for (i = 0; i < 64; i++) {
+ pic[i] = qdev_get_gpio_in(nvic, i);
+ }
+
+#ifdef TARGET_WORDS_BIGENDIAN
+ big_endian = 1;
+#else
+ big_endian = 0;
+#endif
+
+ if (!kernel_filename) {
+ fprintf(stderr, "Guest image must be specified (using -kernel)\n");
+ exit(1);
+ }
+
+ image_size = load_elf(kernel_filename, NULL, NULL, &entry, &lowaddr,
+ NULL, big_endian, ELF_MACHINE, 1);
+ if (image_size < 0) {
+ image_size = load_image_targphys(kernel_filename, 0, flash_size);
+ lowaddr = 0;
+ }
+ if (image_size < 0) {
+ fprintf(stderr, "qemu: could not load kernel '%s'\n",
+ kernel_filename);
+ exit(1);
+ }
+
+ /* Hack to map an additional page of ram at the top of the address
+ space. This stops qemu complaining about executing code outside RAM
+ when returning from an exception. */
+ memory_region_init_ram(hack, NULL, "armv7m.hack", 0x1000);
+ vmstate_register_ram_global(hack);
+ memory_region_add_subregion(address_space_mem, 0xfffff000, hack);
+
+ qemu_register_reset(armv7m_reset, cpu);
+ return pic;
+}
+
+static Property bitband_properties[] = {
+ DEFINE_PROP_UINT32("base", BitBandState, base, 0),
+ DEFINE_PROP_END_OF_LIST(),
+};
+
+static void bitband_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
+
+ k->init = bitband_init;
+ dc->props = bitband_properties;
+}
+
+static const TypeInfo bitband_info = {
+ .name = TYPE_BITBAND,
+ .parent = TYPE_SYS_BUS_DEVICE,
+ .instance_size = sizeof(BitBandState),
+ .class_init = bitband_class_init,
+};
+
+static void armv7m_register_types(void)
+{
+ type_register_static(&bitband_info);
+}
+
+type_init(armv7m_register_types)
diff --git a/hw/arm/boot.c b/hw/arm/boot.c
new file mode 100644
index 000000000..2cbeefdcb
--- /dev/null
+++ b/hw/arm/boot.c
@@ -0,0 +1,476 @@
+/*
+ * ARM kernel loader.
+ *
+ * Copyright (c) 2006-2007 CodeSourcery.
+ * Written by Paul Brook
+ *
+ * This code is licensed under the GPL.
+ */
+
+#include "config.h"
+#include "hw/hw.h"
+#include "hw/arm/arm.h"
+#include "sysemu/sysemu.h"
+#include "hw/boards.h"
+#include "hw/loader.h"
+#include "elf.h"
+#include "sysemu/device_tree.h"
+#include "qemu/config-file.h"
+
+#define KERNEL_ARGS_ADDR 0x100
+#define KERNEL_LOAD_ADDR 0x00010000
+
+/* The worlds second smallest bootloader. Set r0-r2, then jump to kernel. */
+static uint32_t bootloader[] = {
+ 0xe3a00000, /* mov r0, #0 */
+ 0xe59f1004, /* ldr r1, [pc, #4] */
+ 0xe59f2004, /* ldr r2, [pc, #4] */
+ 0xe59ff004, /* ldr pc, [pc, #4] */
+ 0, /* Board ID */
+ 0, /* Address of kernel args. Set by integratorcp_init. */
+ 0 /* Kernel entry point. Set by integratorcp_init. */
+};
+
+/* Handling for secondary CPU boot in a multicore system.
+ * Unlike the uniprocessor/primary CPU boot, this is platform
+ * dependent. The default code here is based on the secondary
+ * CPU boot protocol used on realview/vexpress boards, with
+ * some parameterisation to increase its flexibility.
+ * QEMU platform models for which this code is not appropriate
+ * should override write_secondary_boot and secondary_cpu_reset_hook
+ * instead.
+ *
+ * This code enables the interrupt controllers for the secondary
+ * CPUs and then puts all the secondary CPUs into a loop waiting
+ * for an interprocessor interrupt and polling a configurable
+ * location for the kernel secondary CPU entry point.
+ */
+#define DSB_INSN 0xf57ff04f
+#define CP15_DSB_INSN 0xee070f9a /* mcr cp15, 0, r0, c7, c10, 4 */
+
+static uint32_t smpboot[] = {
+ 0xe59f2028, /* ldr r2, gic_cpu_if */
+ 0xe59f0028, /* ldr r0, startaddr */
+ 0xe3a01001, /* mov r1, #1 */
+ 0xe5821000, /* str r1, [r2] - set GICC_CTLR.Enable */
+ 0xe3a010ff, /* mov r1, #0xff */
+ 0xe5821004, /* str r1, [r2, 4] - set GIC_PMR.Priority to 0xff */
+ DSB_INSN, /* dsb */
+ 0xe320f003, /* wfi */
+ 0xe5901000, /* ldr r1, [r0] */
+ 0xe1110001, /* tst r1, r1 */
+ 0x0afffffb, /* beq <wfi> */
+ 0xe12fff11, /* bx r1 */
+ 0, /* gic_cpu_if: base address of GIC CPU interface */
+ 0 /* bootreg: Boot register address is held here */
+};
+
+static void default_write_secondary(ARMCPU *cpu,
+ const struct arm_boot_info *info)
+{
+ int n;
+ smpboot[ARRAY_SIZE(smpboot) - 1] = info->smp_bootreg_addr;
+ smpboot[ARRAY_SIZE(smpboot) - 2] = info->gic_cpu_if_addr;
+ for (n = 0; n < ARRAY_SIZE(smpboot); n++) {
+ /* Replace DSB with the pre-v7 DSB if necessary. */
+ if (!arm_feature(&cpu->env, ARM_FEATURE_V7) &&
+ smpboot[n] == DSB_INSN) {
+ smpboot[n] = CP15_DSB_INSN;
+ }
+ smpboot[n] = tswap32(smpboot[n]);
+ }
+ rom_add_blob_fixed("smpboot", smpboot, sizeof(smpboot),
+ info->smp_loader_start);
+}
+
+static void default_reset_secondary(ARMCPU *cpu,
+ const struct arm_boot_info *info)
+{
+ CPUARMState *env = &cpu->env;
+
+ stl_phys_notdirty(info->smp_bootreg_addr, 0);
+ env->regs[15] = info->smp_loader_start;
+}
+
+#define WRITE_WORD(p, value) do { \
+ stl_phys_notdirty(p, value); \
+ p += 4; \
+} while (0)
+
+static void set_kernel_args(const struct arm_boot_info *info)
+{
+ int initrd_size = info->initrd_size;
+ hwaddr base = info->loader_start;
+ hwaddr p;
+
+ p = base + KERNEL_ARGS_ADDR;
+ /* ATAG_CORE */
+ WRITE_WORD(p, 5);
+ WRITE_WORD(p, 0x54410001);
+ WRITE_WORD(p, 1);
+ WRITE_WORD(p, 0x1000);
+ WRITE_WORD(p, 0);
+ /* ATAG_MEM */
+ /* TODO: handle multiple chips on one ATAG list */
+ WRITE_WORD(p, 4);
+ WRITE_WORD(p, 0x54410002);
+ WRITE_WORD(p, info->ram_size);
+ WRITE_WORD(p, info->loader_start);
+ if (initrd_size) {
+ /* ATAG_INITRD2 */
+ WRITE_WORD(p, 4);
+ WRITE_WORD(p, 0x54420005);
+ WRITE_WORD(p, info->initrd_start);
+ WRITE_WORD(p, initrd_size);
+ }
+ if (info->kernel_cmdline && *info->kernel_cmdline) {
+ /* ATAG_CMDLINE */
+ int cmdline_size;
+
+ cmdline_size = strlen(info->kernel_cmdline);
+ cpu_physical_memory_write(p + 8, info->kernel_cmdline,
+ cmdline_size + 1);
+ cmdline_size = (cmdline_size >> 2) + 1;
+ WRITE_WORD(p, cmdline_size + 2);
+ WRITE_WORD(p, 0x54410009);
+ p += cmdline_size * 4;
+ }
+ if (info->atag_board) {
+ /* ATAG_BOARD */
+ int atag_board_len;
+ uint8_t atag_board_buf[0x1000];
+
+ atag_board_len = (info->atag_board(info, atag_board_buf) + 3) & ~3;
+ WRITE_WORD(p, (atag_board_len + 8) >> 2);
+ WRITE_WORD(p, 0x414f4d50);
+ cpu_physical_memory_write(p, atag_board_buf, atag_board_len);
+ p += atag_board_len;
+ }
+ /* ATAG_END */
+ WRITE_WORD(p, 0);
+ WRITE_WORD(p, 0);
+}
+
+static void set_kernel_args_old(const struct arm_boot_info *info)
+{
+ hwaddr p;
+ const char *s;
+ int initrd_size = info->initrd_size;
+ hwaddr base = info->loader_start;
+
+ /* see linux/include/asm-arm/setup.h */
+ p = base + KERNEL_ARGS_ADDR;
+ /* page_size */
+ WRITE_WORD(p, 4096);
+ /* nr_pages */
+ WRITE_WORD(p, info->ram_size / 4096);
+ /* ramdisk_size */
+ WRITE_WORD(p, 0);
+#define FLAG_READONLY 1
+#define FLAG_RDLOAD 4
+#define FLAG_RDPROMPT 8
+ /* flags */
+ WRITE_WORD(p, FLAG_READONLY | FLAG_RDLOAD | FLAG_RDPROMPT);
+ /* rootdev */
+ WRITE_WORD(p, (31 << 8) | 0); /* /dev/mtdblock0 */
+ /* video_num_cols */
+ WRITE_WORD(p, 0);
+ /* video_num_rows */
+ WRITE_WORD(p, 0);
+ /* video_x */
+ WRITE_WORD(p, 0);
+ /* video_y */
+ WRITE_WORD(p, 0);
+ /* memc_control_reg */
+ WRITE_WORD(p, 0);
+ /* unsigned char sounddefault */
+ /* unsigned char adfsdrives */
+ /* unsigned char bytes_per_char_h */
+ /* unsigned char bytes_per_char_v */
+ WRITE_WORD(p, 0);
+ /* pages_in_bank[4] */
+ WRITE_WORD(p, 0);
+ WRITE_WORD(p, 0);
+ WRITE_WORD(p, 0);
+ WRITE_WORD(p, 0);
+ /* pages_in_vram */
+ WRITE_WORD(p, 0);
+ /* initrd_start */
+ if (initrd_size) {
+ WRITE_WORD(p, info->initrd_start);
+ } else {
+ WRITE_WORD(p, 0);
+ }
+ /* initrd_size */
+ WRITE_WORD(p, initrd_size);
+ /* rd_start */
+ WRITE_WORD(p, 0);
+ /* system_rev */
+ WRITE_WORD(p, 0);
+ /* system_serial_low */
+ WRITE_WORD(p, 0);
+ /* system_serial_high */
+ WRITE_WORD(p, 0);
+ /* mem_fclk_21285 */
+ WRITE_WORD(p, 0);
+ /* zero unused fields */
+ while (p < base + KERNEL_ARGS_ADDR + 256 + 1024) {
+ WRITE_WORD(p, 0);
+ }
+ s = info->kernel_cmdline;
+ if (s) {
+ cpu_physical_memory_write(p, s, strlen(s) + 1);
+ } else {
+ WRITE_WORD(p, 0);
+ }
+}
+
+static int load_dtb(hwaddr addr, const struct arm_boot_info *binfo)
+{
+ void *fdt = NULL;
+ char *filename;
+ int size, rc;
+ uint32_t acells, scells;
+
+ filename = qemu_find_file(QEMU_FILE_TYPE_BIOS, binfo->dtb_filename);
+ if (!filename) {
+ fprintf(stderr, "Couldn't open dtb file %s\n", binfo->dtb_filename);
+ goto fail;
+ }
+
+ fdt = load_device_tree(filename, &size);
+ if (!fdt) {
+ fprintf(stderr, "Couldn't open dtb file %s\n", filename);
+ g_free(filename);
+ goto fail;
+ }
+ g_free(filename);
+
+ acells = qemu_devtree_getprop_cell(fdt, "/", "#address-cells");
+ scells = qemu_devtree_getprop_cell(fdt, "/", "#size-cells");
+ if (acells == 0 || scells == 0) {
+ fprintf(stderr, "dtb file invalid (#address-cells or #size-cells 0)\n");
+ goto fail;
+ }
+
+ if (scells < 2 && binfo->ram_size >= (1ULL << 32)) {
+ /* This is user error so deserves a friendlier error message
+ * than the failure of setprop_sized_cells would provide
+ */
+ fprintf(stderr, "qemu: dtb file not compatible with "
+ "RAM size > 4GB\n");
+ goto fail;
+ }
+
+ rc = qemu_devtree_setprop_sized_cells(fdt, "/memory", "reg",
+ acells, binfo->loader_start,
+ scells, binfo->ram_size);
+ if (rc < 0) {
+ fprintf(stderr, "couldn't set /memory/reg\n");
+ goto fail;
+ }
+
+ if (binfo->kernel_cmdline && *binfo->kernel_cmdline) {
+ rc = qemu_devtree_setprop_string(fdt, "/chosen", "bootargs",
+ binfo->kernel_cmdline);
+ if (rc < 0) {
+ fprintf(stderr, "couldn't set /chosen/bootargs\n");
+ goto fail;
+ }
+ }
+
+ if (binfo->initrd_size) {
+ rc = qemu_devtree_setprop_cell(fdt, "/chosen", "linux,initrd-start",
+ binfo->initrd_start);
+ if (rc < 0) {
+ fprintf(stderr, "couldn't set /chosen/linux,initrd-start\n");
+ goto fail;
+ }
+
+ rc = qemu_devtree_setprop_cell(fdt, "/chosen", "linux,initrd-end",
+ binfo->initrd_start + binfo->initrd_size);
+ if (rc < 0) {
+ fprintf(stderr, "couldn't set /chosen/linux,initrd-end\n");
+ goto fail;
+ }
+ }
+
+ if (binfo->modify_dtb) {
+ binfo->modify_dtb(binfo, fdt);
+ }
+
+ qemu_devtree_dumpdtb(fdt, size);
+
+ cpu_physical_memory_write(addr, fdt, size);
+
+ g_free(fdt);
+
+ return 0;
+
+fail:
+ g_free(fdt);
+ return -1;
+}
+
+static void do_cpu_reset(void *opaque)
+{
+ ARMCPU *cpu = opaque;
+ CPUARMState *env = &cpu->env;
+ const struct arm_boot_info *info = env->boot_info;
+
+ cpu_reset(CPU(cpu));
+ if (info) {
+ if (!info->is_linux) {
+ /* Jump to the entry point. */
+ env->regs[15] = info->entry & 0xfffffffe;
+ env->thumb = info->entry & 1;
+ } else {
+ if (CPU(cpu) == first_cpu) {
+ env->regs[15] = info->loader_start;
+ if (!info->dtb_filename) {
+ if (old_param) {
+ set_kernel_args_old(info);
+ } else {
+ set_kernel_args(info);
+ }
+ }
+ } else {
+ info->secondary_cpu_reset_hook(cpu, info);
+ }
+ }
+ }
+}
+
+void arm_load_kernel(ARMCPU *cpu, struct arm_boot_info *info)
+{
+ CPUState *cs = CPU(cpu);
+ int kernel_size;
+ int initrd_size;
+ int n;
+ int is_linux = 0;
+ uint64_t elf_entry;
+ hwaddr entry;
+ int big_endian;
+
+ /* Load the kernel. */
+ if (!info->kernel_filename) {
+ fprintf(stderr, "Kernel image must be specified\n");
+ exit(1);
+ }
+
+ info->dtb_filename = qemu_opt_get(qemu_get_machine_opts(), "dtb");
+
+ if (!info->secondary_cpu_reset_hook) {
+ info->secondary_cpu_reset_hook = default_reset_secondary;
+ }
+ if (!info->write_secondary_boot) {
+ info->write_secondary_boot = default_write_secondary;
+ }
+
+ if (info->nb_cpus == 0)
+ info->nb_cpus = 1;
+
+#ifdef TARGET_WORDS_BIGENDIAN
+ big_endian = 1;
+#else
+ big_endian = 0;
+#endif
+
+ /* We want to put the initrd far enough into RAM that when the
+ * kernel is uncompressed it will not clobber the initrd. However
+ * on boards without much RAM we must ensure that we still leave
+ * enough room for a decent sized initrd, and on boards with large
+ * amounts of RAM we must avoid the initrd being so far up in RAM
+ * that it is outside lowmem and inaccessible to the kernel.
+ * So for boards with less than 256MB of RAM we put the initrd
+ * halfway into RAM, and for boards with 256MB of RAM or more we put
+ * the initrd at 128MB.
+ */
+ info->initrd_start = info->loader_start +
+ MIN(info->ram_size / 2, 128 * 1024 * 1024);
+
+ /* Assume that raw images are linux kernels, and ELF images are not. */
+ kernel_size = load_elf(info->kernel_filename, NULL, NULL, &elf_entry,
+ NULL, NULL, big_endian, ELF_MACHINE, 1);
+ entry = elf_entry;
+ if (kernel_size < 0) {
+ kernel_size = load_uimage(info->kernel_filename, &entry, NULL,
+ &is_linux);
+ }
+ if (kernel_size < 0) {
+ entry = info->loader_start + KERNEL_LOAD_ADDR;
+ kernel_size = load_image_targphys(info->kernel_filename, entry,
+ info->ram_size - KERNEL_LOAD_ADDR);
+ is_linux = 1;
+ }
+ if (kernel_size < 0) {
+ fprintf(stderr, "qemu: could not load kernel '%s'\n",
+ info->kernel_filename);
+ exit(1);
+ }
+ info->entry = entry;
+ if (is_linux) {
+ if (info->initrd_filename) {
+ initrd_size = load_ramdisk(info->initrd_filename,
+ info->initrd_start,
+ info->ram_size -
+ info->initrd_start);
+ if (initrd_size < 0) {
+ initrd_size = load_image_targphys(info->initrd_filename,
+ info->initrd_start,
+ info->ram_size -
+ info->initrd_start);
+ }
+ if (initrd_size < 0) {
+ fprintf(stderr, "qemu: could not load initrd '%s'\n",
+ info->initrd_filename);
+ exit(1);
+ }
+ } else {
+ initrd_size = 0;
+ }
+ info->initrd_size = initrd_size;
+
+ bootloader[4] = info->board_id;
+
+ /* for device tree boot, we pass the DTB directly in r2. Otherwise
+ * we point to the kernel args.
+ */
+ if (info->dtb_filename) {
+ /* Place the DTB after the initrd in memory. Note that some
+ * kernels will trash anything in the 4K page the initrd
+ * ends in, so make sure the DTB isn't caught up in that.
+ */
+ hwaddr dtb_start = QEMU_ALIGN_UP(info->initrd_start + initrd_size,
+ 4096);
+ if (load_dtb(dtb_start, info)) {
+ exit(1);
+ }
+ bootloader[5] = dtb_start;
+ } else {
+ bootloader[5] = info->loader_start + KERNEL_ARGS_ADDR;
+ if (info->ram_size >= (1ULL << 32)) {
+ fprintf(stderr, "qemu: RAM size must be less than 4GB to boot"
+ " Linux kernel using ATAGS (try passing a device tree"
+ " using -dtb)\n");
+ exit(1);
+ }
+ }
+ bootloader[6] = entry;
+ for (n = 0; n < sizeof(bootloader) / 4; n++) {
+ bootloader[n] = tswap32(bootloader[n]);
+ }
+ rom_add_blob_fixed("bootloader", bootloader, sizeof(bootloader),
+ info->loader_start);
+ if (info->nb_cpus > 1) {
+ info->write_secondary_boot(cpu, info);
+ }
+ }
+ info->is_linux = is_linux;
+
+ for (; cs; cs = cs->next_cpu) {
+ cpu = ARM_CPU(cs);
+ cpu->env.boot_info = info;
+ qemu_register_reset(do_cpu_reset, cpu);
+ }
+}
diff --git a/hw/arm/collie.c b/hw/arm/collie.c
new file mode 100644
index 000000000..a19857aaa
--- /dev/null
+++ b/hw/arm/collie.c
@@ -0,0 +1,73 @@
+/*
+ * SA-1110-based Sharp Zaurus SL-5500 platform.
+ *
+ * Copyright (C) 2011 Dmitry Eremin-Solenikov
+ *
+ * This code is licensed under GNU GPL v2.
+ *
+ * Contributions after 2012-01-13 are licensed under the terms of the
+ * GNU GPL, version 2 or (at your option) any later version.
+ */
+#include "hw/hw.h"
+#include "hw/sysbus.h"
+#include "hw/boards.h"
+#include "hw/devices.h"
+#include "strongarm.h"
+#include "hw/arm/arm.h"
+#include "hw/block/flash.h"
+#include "sysemu/blockdev.h"
+#include "exec/address-spaces.h"
+
+static struct arm_boot_info collie_binfo = {
+ .loader_start = SA_SDCS0,
+ .ram_size = 0x20000000,
+};
+
+static void collie_init(QEMUMachineInitArgs *args)
+{
+ const char *cpu_model = args->cpu_model;
+ const char *kernel_filename = args->kernel_filename;
+ const char *kernel_cmdline = args->kernel_cmdline;
+ const char *initrd_filename = args->initrd_filename;
+ StrongARMState *s;
+ DriveInfo *dinfo;
+ MemoryRegion *sysmem = get_system_memory();
+
+ if (!cpu_model) {
+ cpu_model = "sa1110";
+ }
+
+ s = sa1110_init(sysmem, collie_binfo.ram_size, cpu_model);
+
+ dinfo = drive_get(IF_PFLASH, 0, 0);
+ pflash_cfi01_register(SA_CS0, NULL, "collie.fl1", 0x02000000,
+ dinfo ? dinfo->bdrv : NULL, (64 * 1024),
+ 512, 4, 0x00, 0x00, 0x00, 0x00, 0);
+
+ dinfo = drive_get(IF_PFLASH, 0, 1);
+ pflash_cfi01_register(SA_CS1, NULL, "collie.fl2", 0x02000000,
+ dinfo ? dinfo->bdrv : NULL, (64 * 1024),
+ 512, 4, 0x00, 0x00, 0x00, 0x00, 0);
+
+ sysbus_create_simple("scoop", 0x40800000, NULL);
+
+ collie_binfo.kernel_filename = kernel_filename;
+ collie_binfo.kernel_cmdline = kernel_cmdline;
+ collie_binfo.initrd_filename = initrd_filename;
+ collie_binfo.board_id = 0x208;
+ arm_load_kernel(s->cpu, &collie_binfo);
+}
+
+static QEMUMachine collie_machine = {
+ .name = "collie",
+ .desc = "Collie PDA (SA-1110)",
+ .init = collie_init,
+ DEFAULT_MACHINE_OPTIONS,
+};
+
+static void collie_machine_init(void)
+{
+ qemu_register_machine(&collie_machine);
+}
+
+machine_init(collie_machine_init)
diff --git a/hw/arm/exynos4210.c b/hw/arm/exynos4210.c
new file mode 100644
index 000000000..216b9b77d
--- /dev/null
+++ b/hw/arm/exynos4210.c
@@ -0,0 +1,371 @@
+/*
+ * Samsung exynos4210 SoC emulation
+ *
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd. All rights reserved.
+ * Maksim Kozlov <m.kozlov@samsung.com>
+ * Evgeny Voevodin <e.voevodin@samsung.com>
+ * Igor Mitsyanko <i.mitsyanko@samsung.com>
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+#include "hw/boards.h"
+#include "sysemu/sysemu.h"
+#include "hw/sysbus.h"
+#include "hw/arm/arm.h"
+#include "hw/loader.h"
+#include "hw/arm/exynos4210.h"
+#include "hw/usb/hcd-ehci.h"
+
+#define EXYNOS4210_CHIPID_ADDR 0x10000000
+
+/* PWM */
+#define EXYNOS4210_PWM_BASE_ADDR 0x139D0000
+
+/* RTC */
+#define EXYNOS4210_RTC_BASE_ADDR 0x10070000
+
+/* MCT */
+#define EXYNOS4210_MCT_BASE_ADDR 0x10050000
+
+/* I2C */
+#define EXYNOS4210_I2C_SHIFT 0x00010000
+#define EXYNOS4210_I2C_BASE_ADDR 0x13860000
+/* Interrupt Group of External Interrupt Combiner for I2C */
+#define EXYNOS4210_I2C_INTG 27
+#define EXYNOS4210_HDMI_INTG 16
+
+/* UART's definitions */
+#define EXYNOS4210_UART0_BASE_ADDR 0x13800000
+#define EXYNOS4210_UART1_BASE_ADDR 0x13810000
+#define EXYNOS4210_UART2_BASE_ADDR 0x13820000
+#define EXYNOS4210_UART3_BASE_ADDR 0x13830000
+#define EXYNOS4210_UART0_FIFO_SIZE 256
+#define EXYNOS4210_UART1_FIFO_SIZE 64
+#define EXYNOS4210_UART2_FIFO_SIZE 16
+#define EXYNOS4210_UART3_FIFO_SIZE 16
+/* Interrupt Group of External Interrupt Combiner for UART */
+#define EXYNOS4210_UART_INT_GRP 26
+
+/* External GIC */
+#define EXYNOS4210_EXT_GIC_CPU_BASE_ADDR 0x10480000
+#define EXYNOS4210_EXT_GIC_DIST_BASE_ADDR 0x10490000
+
+/* Combiner */
+#define EXYNOS4210_EXT_COMBINER_BASE_ADDR 0x10440000
+#define EXYNOS4210_INT_COMBINER_BASE_ADDR 0x10448000
+
+/* PMU SFR base address */
+#define EXYNOS4210_PMU_BASE_ADDR 0x10020000
+
+/* Display controllers (FIMD) */
+#define EXYNOS4210_FIMD0_BASE_ADDR 0x11C00000
+
+/* EHCI */
+#define EXYNOS4210_EHCI_BASE_ADDR 0x12580000
+
+static uint8_t chipid_and_omr[] = { 0x11, 0x02, 0x21, 0x43,
+ 0x09, 0x00, 0x00, 0x00 };
+
+static uint64_t exynos4210_chipid_and_omr_read(void *opaque, hwaddr offset,
+ unsigned size)
+{
+ assert(offset < sizeof(chipid_and_omr));
+ return chipid_and_omr[offset];
+}
+
+static void exynos4210_chipid_and_omr_write(void *opaque, hwaddr offset,
+ uint64_t value, unsigned size)
+{
+ return;
+}
+
+static const MemoryRegionOps exynos4210_chipid_and_omr_ops = {
+ .read = exynos4210_chipid_and_omr_read,
+ .write = exynos4210_chipid_and_omr_write,
+ .endianness = DEVICE_NATIVE_ENDIAN,
+ .impl = {
+ .max_access_size = 1,
+ }
+};
+
+void exynos4210_write_secondary(ARMCPU *cpu,
+ const struct arm_boot_info *info)
+{
+ int n;
+ uint32_t smpboot[] = {
+ 0xe59f3034, /* ldr r3, External gic_cpu_if */
+ 0xe59f2034, /* ldr r2, Internal gic_cpu_if */
+ 0xe59f0034, /* ldr r0, startaddr */
+ 0xe3a01001, /* mov r1, #1 */
+ 0xe5821000, /* str r1, [r2] */
+ 0xe5831000, /* str r1, [r3] */
+ 0xe3a010ff, /* mov r1, #0xff */
+ 0xe5821004, /* str r1, [r2, #4] */
+ 0xe5831004, /* str r1, [r3, #4] */
+ 0xf57ff04f, /* dsb */
+ 0xe320f003, /* wfi */
+ 0xe5901000, /* ldr r1, [r0] */
+ 0xe1110001, /* tst r1, r1 */
+ 0x0afffffb, /* beq <wfi> */
+ 0xe12fff11, /* bx r1 */
+ EXYNOS4210_EXT_GIC_CPU_BASE_ADDR,
+ 0, /* gic_cpu_if: base address of Internal GIC CPU interface */
+ 0 /* bootreg: Boot register address is held here */
+ };
+ smpboot[ARRAY_SIZE(smpboot) - 1] = info->smp_bootreg_addr;
+ smpboot[ARRAY_SIZE(smpboot) - 2] = info->gic_cpu_if_addr;
+ for (n = 0; n < ARRAY_SIZE(smpboot); n++) {
+ smpboot[n] = tswap32(smpboot[n]);
+ }
+ rom_add_blob_fixed("smpboot", smpboot, sizeof(smpboot),
+ info->smp_loader_start);
+}
+
+Exynos4210State *exynos4210_init(MemoryRegion *system_mem,
+ unsigned long ram_size)
+{
+ qemu_irq cpu_irq[EXYNOS4210_NCPUS];
+ int i, n;
+ Exynos4210State *s = g_new(Exynos4210State, 1);
+ qemu_irq *irqp;
+ qemu_irq gate_irq[EXYNOS4210_NCPUS][EXYNOS4210_IRQ_GATE_NINPUTS];
+ unsigned long mem_size;
+ DeviceState *dev;
+ SysBusDevice *busdev;
+
+ for (n = 0; n < EXYNOS4210_NCPUS; n++) {
+ s->cpu[n] = cpu_arm_init("cortex-a9");
+ if (!s->cpu[n]) {
+ fprintf(stderr, "Unable to find CPU %d definition\n", n);
+ exit(1);
+ }
+
+ /* Create PIC controller for each processor instance */
+ irqp = arm_pic_init_cpu(s->cpu[n]);
+
+ /*
+ * Get GICs gpio_in cpu_irq to connect a combiner to them later.
+ * Use only IRQ for a while.
+ */
+ cpu_irq[n] = irqp[ARM_PIC_CPU_IRQ];
+ }
+
+ /*** IRQs ***/
+
+ s->irq_table = exynos4210_init_irq(&s->irqs);
+
+ /* IRQ Gate */
+ for (i = 0; i < EXYNOS4210_NCPUS; i++) {
+ dev = qdev_create(NULL, "exynos4210.irq_gate");
+ qdev_prop_set_uint32(dev, "n_in", EXYNOS4210_IRQ_GATE_NINPUTS);
+ qdev_init_nofail(dev);
+ /* Get IRQ Gate input in gate_irq */
+ for (n = 0; n < EXYNOS4210_IRQ_GATE_NINPUTS; n++) {
+ gate_irq[i][n] = qdev_get_gpio_in(dev, n);
+ }
+ busdev = SYS_BUS_DEVICE(dev);
+
+ /* Connect IRQ Gate output to cpu_irq */
+ sysbus_connect_irq(busdev, 0, cpu_irq[i]);
+ }
+
+ /* Private memory region and Internal GIC */
+ dev = qdev_create(NULL, "a9mpcore_priv");
+ qdev_prop_set_uint32(dev, "num-cpu", EXYNOS4210_NCPUS);
+ qdev_init_nofail(dev);
+ busdev = SYS_BUS_DEVICE(dev);
+ sysbus_mmio_map(busdev, 0, EXYNOS4210_SMP_PRIVATE_BASE_ADDR);
+ for (n = 0; n < EXYNOS4210_NCPUS; n++) {
+ sysbus_connect_irq(busdev, n, gate_irq[n][0]);
+ }
+ for (n = 0; n < EXYNOS4210_INT_GIC_NIRQ; n++) {
+ s->irqs.int_gic_irq[n] = qdev_get_gpio_in(dev, n);
+ }
+
+ /* Cache controller */
+ sysbus_create_simple("l2x0", EXYNOS4210_L2X0_BASE_ADDR, NULL);
+
+ /* External GIC */
+ dev = qdev_create(NULL, "exynos4210.gic");
+ qdev_prop_set_uint32(dev, "num-cpu", EXYNOS4210_NCPUS);
+ qdev_init_nofail(dev);
+ busdev = SYS_BUS_DEVICE(dev);
+ /* Map CPU interface */
+ sysbus_mmio_map(busdev, 0, EXYNOS4210_EXT_GIC_CPU_BASE_ADDR);
+ /* Map Distributer interface */
+ sysbus_mmio_map(busdev, 1, EXYNOS4210_EXT_GIC_DIST_BASE_ADDR);
+ for (n = 0; n < EXYNOS4210_NCPUS; n++) {
+ sysbus_connect_irq(busdev, n, gate_irq[n][1]);
+ }
+ for (n = 0; n < EXYNOS4210_EXT_GIC_NIRQ; n++) {
+ s->irqs.ext_gic_irq[n] = qdev_get_gpio_in(dev, n);
+ }
+
+ /* Internal Interrupt Combiner */
+ dev = qdev_create(NULL, "exynos4210.combiner");
+ qdev_init_nofail(dev);
+ busdev = SYS_BUS_DEVICE(dev);
+ for (n = 0; n < EXYNOS4210_MAX_INT_COMBINER_OUT_IRQ; n++) {
+ sysbus_connect_irq(busdev, n, s->irqs.int_gic_irq[n]);
+ }
+ exynos4210_combiner_get_gpioin(&s->irqs, dev, 0);
+ sysbus_mmio_map(busdev, 0, EXYNOS4210_INT_COMBINER_BASE_ADDR);
+
+ /* External Interrupt Combiner */
+ dev = qdev_create(NULL, "exynos4210.combiner");
+ qdev_prop_set_uint32(dev, "external", 1);
+ qdev_init_nofail(dev);
+ busdev = SYS_BUS_DEVICE(dev);
+ for (n = 0; n < EXYNOS4210_MAX_INT_COMBINER_OUT_IRQ; n++) {
+ sysbus_connect_irq(busdev, n, s->irqs.ext_gic_irq[n]);
+ }
+ exynos4210_combiner_get_gpioin(&s->irqs, dev, 1);
+ sysbus_mmio_map(busdev, 0, EXYNOS4210_EXT_COMBINER_BASE_ADDR);
+
+ /* Initialize board IRQs. */
+ exynos4210_init_board_irqs(&s->irqs);
+
+ /*** Memory ***/
+
+ /* Chip-ID and OMR */
+ memory_region_init_io(&s->chipid_mem, NULL, &exynos4210_chipid_and_omr_ops,
+ NULL, "exynos4210.chipid", sizeof(chipid_and_omr));
+ memory_region_add_subregion(system_mem, EXYNOS4210_CHIPID_ADDR,
+ &s->chipid_mem);
+
+ /* Internal ROM */
+ memory_region_init_ram(&s->irom_mem, NULL, "exynos4210.irom",
+ EXYNOS4210_IROM_SIZE);
+ vmstate_register_ram_global(&s->irom_mem);
+ memory_region_set_readonly(&s->irom_mem, true);
+ memory_region_add_subregion(system_mem, EXYNOS4210_IROM_BASE_ADDR,
+ &s->irom_mem);
+ /* mirror of iROM */
+ memory_region_init_alias(&s->irom_alias_mem, NULL, "exynos4210.irom_alias",
+ &s->irom_mem,
+ 0,
+ EXYNOS4210_IROM_SIZE);
+ memory_region_set_readonly(&s->irom_alias_mem, true);
+ memory_region_add_subregion(system_mem, EXYNOS4210_IROM_MIRROR_BASE_ADDR,
+ &s->irom_alias_mem);
+
+ /* Internal RAM */
+ memory_region_init_ram(&s->iram_mem, NULL, "exynos4210.iram",
+ EXYNOS4210_IRAM_SIZE);
+ vmstate_register_ram_global(&s->iram_mem);
+ memory_region_add_subregion(system_mem, EXYNOS4210_IRAM_BASE_ADDR,
+ &s->iram_mem);
+
+ /* DRAM */
+ mem_size = ram_size;
+ if (mem_size > EXYNOS4210_DRAM_MAX_SIZE) {
+ memory_region_init_ram(&s->dram1_mem, NULL, "exynos4210.dram1",
+ mem_size - EXYNOS4210_DRAM_MAX_SIZE);
+ vmstate_register_ram_global(&s->dram1_mem);
+ memory_region_add_subregion(system_mem, EXYNOS4210_DRAM1_BASE_ADDR,
+ &s->dram1_mem);
+ mem_size = EXYNOS4210_DRAM_MAX_SIZE;
+ }
+ memory_region_init_ram(&s->dram0_mem, NULL, "exynos4210.dram0", mem_size);
+ vmstate_register_ram_global(&s->dram0_mem);
+ memory_region_add_subregion(system_mem, EXYNOS4210_DRAM0_BASE_ADDR,
+ &s->dram0_mem);
+
+ /* PMU.
+ * The only reason of existence at the moment is that secondary CPU boot
+ * loader uses PMU INFORM5 register as a holding pen.
+ */
+ sysbus_create_simple("exynos4210.pmu", EXYNOS4210_PMU_BASE_ADDR, NULL);
+
+ /* PWM */
+ sysbus_create_varargs("exynos4210.pwm", EXYNOS4210_PWM_BASE_ADDR,
+ s->irq_table[exynos4210_get_irq(22, 0)],
+ s->irq_table[exynos4210_get_irq(22, 1)],
+ s->irq_table[exynos4210_get_irq(22, 2)],
+ s->irq_table[exynos4210_get_irq(22, 3)],
+ s->irq_table[exynos4210_get_irq(22, 4)],
+ NULL);
+ /* RTC */
+ sysbus_create_varargs("exynos4210.rtc", EXYNOS4210_RTC_BASE_ADDR,
+ s->irq_table[exynos4210_get_irq(23, 0)],
+ s->irq_table[exynos4210_get_irq(23, 1)],
+ NULL);
+
+ /* Multi Core Timer */
+ dev = qdev_create(NULL, "exynos4210.mct");
+ qdev_init_nofail(dev);
+ busdev = SYS_BUS_DEVICE(dev);
+ for (n = 0; n < 4; n++) {
+ /* Connect global timer interrupts to Combiner gpio_in */
+ sysbus_connect_irq(busdev, n,
+ s->irq_table[exynos4210_get_irq(1, 4 + n)]);
+ }
+ /* Connect local timer interrupts to Combiner gpio_in */
+ sysbus_connect_irq(busdev, 4,
+ s->irq_table[exynos4210_get_irq(51, 0)]);
+ sysbus_connect_irq(busdev, 5,
+ s->irq_table[exynos4210_get_irq(35, 3)]);
+ sysbus_mmio_map(busdev, 0, EXYNOS4210_MCT_BASE_ADDR);
+
+ /*** I2C ***/
+ for (n = 0; n < EXYNOS4210_I2C_NUMBER; n++) {
+ uint32_t addr = EXYNOS4210_I2C_BASE_ADDR + EXYNOS4210_I2C_SHIFT * n;
+ qemu_irq i2c_irq;
+
+ if (n < 8) {
+ i2c_irq = s->irq_table[exynos4210_get_irq(EXYNOS4210_I2C_INTG, n)];
+ } else {
+ i2c_irq = s->irq_table[exynos4210_get_irq(EXYNOS4210_HDMI_INTG, 1)];
+ }
+
+ dev = qdev_create(NULL, "exynos4210.i2c");
+ qdev_init_nofail(dev);
+ busdev = SYS_BUS_DEVICE(dev);
+ sysbus_connect_irq(busdev, 0, i2c_irq);
+ sysbus_mmio_map(busdev, 0, addr);
+ s->i2c_if[n] = (i2c_bus *)qdev_get_child_bus(dev, "i2c");
+ }
+
+
+ /*** UARTs ***/
+ exynos4210_uart_create(EXYNOS4210_UART0_BASE_ADDR,
+ EXYNOS4210_UART0_FIFO_SIZE, 0, NULL,
+ s->irq_table[exynos4210_get_irq(EXYNOS4210_UART_INT_GRP, 0)]);
+
+ exynos4210_uart_create(EXYNOS4210_UART1_BASE_ADDR,
+ EXYNOS4210_UART1_FIFO_SIZE, 1, NULL,
+ s->irq_table[exynos4210_get_irq(EXYNOS4210_UART_INT_GRP, 1)]);
+
+ exynos4210_uart_create(EXYNOS4210_UART2_BASE_ADDR,
+ EXYNOS4210_UART2_FIFO_SIZE, 2, NULL,
+ s->irq_table[exynos4210_get_irq(EXYNOS4210_UART_INT_GRP, 2)]);
+
+ exynos4210_uart_create(EXYNOS4210_UART3_BASE_ADDR,
+ EXYNOS4210_UART3_FIFO_SIZE, 3, NULL,
+ s->irq_table[exynos4210_get_irq(EXYNOS4210_UART_INT_GRP, 3)]);
+
+ /*** Display controller (FIMD) ***/
+ sysbus_create_varargs("exynos4210.fimd", EXYNOS4210_FIMD0_BASE_ADDR,
+ s->irq_table[exynos4210_get_irq(11, 0)],
+ s->irq_table[exynos4210_get_irq(11, 1)],
+ s->irq_table[exynos4210_get_irq(11, 2)],
+ NULL);
+
+ sysbus_create_simple(TYPE_EXYNOS4210_EHCI, EXYNOS4210_EHCI_BASE_ADDR,
+ s->irq_table[exynos4210_get_irq(28, 3)]);
+
+ return s;
+}
diff --git a/hw/arm/exynos4_boards.c b/hw/arm/exynos4_boards.c
new file mode 100644
index 000000000..7c90b2d78
--- /dev/null
+++ b/hw/arm/exynos4_boards.c
@@ -0,0 +1,170 @@
+/*
+ * Samsung exynos4 SoC based boards emulation
+ *
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd. All rights reserved.
+ * Maksim Kozlov <m.kozlov@samsung.com>
+ * Evgeny Voevodin <e.voevodin@samsung.com>
+ * Igor Mitsyanko <i.mitsyanko@samsung.com>
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+#include "sysemu/sysemu.h"
+#include "hw/sysbus.h"
+#include "net/net.h"
+#include "hw/arm/arm.h"
+#include "exec/address-spaces.h"
+#include "hw/arm/exynos4210.h"
+#include "hw/boards.h"
+
+#undef DEBUG
+
+//#define DEBUG
+
+#ifdef DEBUG
+ #undef PRINT_DEBUG
+ #define PRINT_DEBUG(fmt, args...) \
+ do { \
+ fprintf(stderr, " [%s:%d] "fmt, __func__, __LINE__, ##args); \
+ } while (0)
+#else
+ #define PRINT_DEBUG(fmt, args...) do {} while (0)
+#endif
+
+#define SMDK_LAN9118_BASE_ADDR 0x05000000
+
+typedef enum Exynos4BoardType {
+ EXYNOS4_BOARD_NURI,
+ EXYNOS4_BOARD_SMDKC210,
+ EXYNOS4_NUM_OF_BOARDS
+} Exynos4BoardType;
+
+static int exynos4_board_id[EXYNOS4_NUM_OF_BOARDS] = {
+ [EXYNOS4_BOARD_NURI] = 0xD33,
+ [EXYNOS4_BOARD_SMDKC210] = 0xB16,
+};
+
+static int exynos4_board_smp_bootreg_addr[EXYNOS4_NUM_OF_BOARDS] = {
+ [EXYNOS4_BOARD_NURI] = EXYNOS4210_SECOND_CPU_BOOTREG,
+ [EXYNOS4_BOARD_SMDKC210] = EXYNOS4210_SECOND_CPU_BOOTREG,
+};
+
+static unsigned long exynos4_board_ram_size[EXYNOS4_NUM_OF_BOARDS] = {
+ [EXYNOS4_BOARD_NURI] = 0x40000000,
+ [EXYNOS4_BOARD_SMDKC210] = 0x40000000,
+};
+
+static struct arm_boot_info exynos4_board_binfo = {
+ .loader_start = EXYNOS4210_BASE_BOOT_ADDR,
+ .smp_loader_start = EXYNOS4210_SMP_BOOT_ADDR,
+ .nb_cpus = EXYNOS4210_NCPUS,
+ .write_secondary_boot = exynos4210_write_secondary,
+};
+
+static QEMUMachine exynos4_machines[EXYNOS4_NUM_OF_BOARDS];
+
+static void lan9215_init(uint32_t base, qemu_irq irq)
+{
+ DeviceState *dev;
+ SysBusDevice *s;
+
+ /* This should be a 9215 but the 9118 is close enough */
+ if (nd_table[0].used) {
+ qemu_check_nic_model(&nd_table[0], "lan9118");
+ dev = qdev_create(NULL, "lan9118");
+ qdev_set_nic_properties(dev, &nd_table[0]);
+ qdev_prop_set_uint32(dev, "mode_16bit", 1);
+ qdev_init_nofail(dev);
+ s = SYS_BUS_DEVICE(dev);
+ sysbus_mmio_map(s, 0, base);
+ sysbus_connect_irq(s, 0, irq);
+ }
+}
+
+static Exynos4210State *exynos4_boards_init_common(QEMUMachineInitArgs *args,
+ Exynos4BoardType board_type)
+{
+ if (smp_cpus != EXYNOS4210_NCPUS) {
+ fprintf(stderr, "%s board supports only %d CPU cores. Ignoring smp_cpus"
+ " value.\n",
+ exynos4_machines[board_type].name,
+ exynos4_machines[board_type].max_cpus);
+ }
+
+ exynos4_board_binfo.ram_size = exynos4_board_ram_size[board_type];
+ exynos4_board_binfo.board_id = exynos4_board_id[board_type];
+ exynos4_board_binfo.smp_bootreg_addr =
+ exynos4_board_smp_bootreg_addr[board_type];
+ exynos4_board_binfo.kernel_filename = args->kernel_filename;
+ exynos4_board_binfo.initrd_filename = args->initrd_filename;
+ exynos4_board_binfo.kernel_cmdline = args->kernel_cmdline;
+ exynos4_board_binfo.gic_cpu_if_addr =
+ EXYNOS4210_SMP_PRIVATE_BASE_ADDR + 0x100;
+
+ PRINT_DEBUG("\n ram_size: %luMiB [0x%08lx]\n"
+ " kernel_filename: %s\n"
+ " kernel_cmdline: %s\n"
+ " initrd_filename: %s\n",
+ exynos4_board_ram_size[board_type] / 1048576,
+ exynos4_board_ram_size[board_type],
+ args->kernel_filename,
+ args->kernel_cmdline,
+ args->initrd_filename);
+
+ return exynos4210_init(get_system_memory(),
+ exynos4_board_ram_size[board_type]);
+}
+
+static void nuri_init(QEMUMachineInitArgs *args)
+{
+ exynos4_boards_init_common(args, EXYNOS4_BOARD_NURI);
+
+ arm_load_kernel(ARM_CPU(first_cpu), &exynos4_board_binfo);
+}
+
+static void smdkc210_init(QEMUMachineInitArgs *args)
+{
+ Exynos4210State *s = exynos4_boards_init_common(args,
+ EXYNOS4_BOARD_SMDKC210);
+
+ lan9215_init(SMDK_LAN9118_BASE_ADDR,
+ qemu_irq_invert(s->irq_table[exynos4210_get_irq(37, 1)]));
+ arm_load_kernel(ARM_CPU(first_cpu), &exynos4_board_binfo);
+}
+
+static QEMUMachine exynos4_machines[EXYNOS4_NUM_OF_BOARDS] = {
+ [EXYNOS4_BOARD_NURI] = {
+ .name = "nuri",
+ .desc = "Samsung NURI board (Exynos4210)",
+ .init = nuri_init,
+ .max_cpus = EXYNOS4210_NCPUS,
+ DEFAULT_MACHINE_OPTIONS,
+ },
+ [EXYNOS4_BOARD_SMDKC210] = {
+ .name = "smdkc210",
+ .desc = "Samsung SMDKC210 board (Exynos4210)",
+ .init = smdkc210_init,
+ .max_cpus = EXYNOS4210_NCPUS,
+ DEFAULT_MACHINE_OPTIONS,
+ },
+};
+
+static void exynos4_machine_init(void)
+{
+ qemu_register_machine(&exynos4_machines[EXYNOS4_BOARD_NURI]);
+ qemu_register_machine(&exynos4_machines[EXYNOS4_BOARD_SMDKC210]);
+}
+
+machine_init(exynos4_machine_init);
diff --git a/hw/arm/gumstix.c b/hw/arm/gumstix.c
new file mode 100644
index 000000000..b8cab10ba
--- /dev/null
+++ b/hw/arm/gumstix.c
@@ -0,0 +1,141 @@
+/*
+ * Gumstix Platforms
+ *
+ * Copyright (c) 2007 by Thorsten Zitterell <info@bitmux.org>
+ *
+ * Code based on spitz platform by Andrzej Zaborowski <balrog@zabor.org>
+ *
+ * This code is licensed under the GNU GPL v2.
+ *
+ * Contributions after 2012-01-13 are licensed under the terms of the
+ * GNU GPL, version 2 or (at your option) any later version.
+ */
+
+/*
+ * Example usage:
+ *
+ * connex:
+ * =======
+ * create image:
+ * # dd of=flash bs=1k count=16k if=/dev/zero
+ * # dd of=flash bs=1k conv=notrunc if=u-boot.bin
+ * # dd of=flash bs=1k conv=notrunc seek=256 if=rootfs.arm_nofpu.jffs2
+ * start it:
+ * # qemu-system-arm -M connex -pflash flash -monitor null -nographic
+ *
+ * verdex:
+ * =======
+ * create image:
+ * # dd of=flash bs=1k count=32k if=/dev/zero
+ * # dd of=flash bs=1k conv=notrunc if=u-boot.bin
+ * # dd of=flash bs=1k conv=notrunc seek=256 if=rootfs.arm_nofpu.jffs2
+ * # dd of=flash bs=1k conv=notrunc seek=31744 if=uImage
+ * start it:
+ * # qemu-system-arm -M verdex -pflash flash -monitor null -nographic -m 289
+ */
+
+#include "hw/hw.h"
+#include "hw/arm/pxa.h"
+#include "net/net.h"
+#include "hw/block/flash.h"
+#include "hw/devices.h"
+#include "hw/boards.h"
+#include "sysemu/blockdev.h"
+#include "exec/address-spaces.h"
+
+static const int sector_len = 128 * 1024;
+
+static void connex_init(QEMUMachineInitArgs *args)
+{
+ PXA2xxState *cpu;
+ DriveInfo *dinfo;
+ int be;
+ MemoryRegion *address_space_mem = get_system_memory();
+
+ uint32_t connex_rom = 0x01000000;
+ uint32_t connex_ram = 0x04000000;
+
+ cpu = pxa255_init(address_space_mem, connex_ram);
+
+ dinfo = drive_get(IF_PFLASH, 0, 0);
+ if (!dinfo) {
+ fprintf(stderr, "A flash image must be given with the "
+ "'pflash' parameter\n");
+ exit(1);
+ }
+
+#ifdef TARGET_WORDS_BIGENDIAN
+ be = 1;
+#else
+ be = 0;
+#endif
+ if (!pflash_cfi01_register(0x00000000, NULL, "connext.rom", connex_rom,
+ dinfo->bdrv, sector_len, connex_rom / sector_len,
+ 2, 0, 0, 0, 0, be)) {
+ fprintf(stderr, "qemu: Error registering flash memory.\n");
+ exit(1);
+ }
+
+ /* Interrupt line of NIC is connected to GPIO line 36 */
+ smc91c111_init(&nd_table[0], 0x04000300,
+ qdev_get_gpio_in(cpu->gpio, 36));
+}
+
+static void verdex_init(QEMUMachineInitArgs *args)
+{
+ const char *cpu_model = args->cpu_model;
+ PXA2xxState *cpu;
+ DriveInfo *dinfo;
+ int be;
+ MemoryRegion *address_space_mem = get_system_memory();
+
+ uint32_t verdex_rom = 0x02000000;
+ uint32_t verdex_ram = 0x10000000;
+
+ cpu = pxa270_init(address_space_mem, verdex_ram, cpu_model ?: "pxa270-c0");
+
+ dinfo = drive_get(IF_PFLASH, 0, 0);
+ if (!dinfo) {
+ fprintf(stderr, "A flash image must be given with the "
+ "'pflash' parameter\n");
+ exit(1);
+ }
+
+#ifdef TARGET_WORDS_BIGENDIAN
+ be = 1;
+#else
+ be = 0;
+#endif
+ if (!pflash_cfi01_register(0x00000000, NULL, "verdex.rom", verdex_rom,
+ dinfo->bdrv, sector_len, verdex_rom / sector_len,
+ 2, 0, 0, 0, 0, be)) {
+ fprintf(stderr, "qemu: Error registering flash memory.\n");
+ exit(1);
+ }
+
+ /* Interrupt line of NIC is connected to GPIO line 99 */
+ smc91c111_init(&nd_table[0], 0x04000300,
+ qdev_get_gpio_in(cpu->gpio, 99));
+}
+
+static QEMUMachine connex_machine = {
+ .name = "connex",
+ .desc = "Gumstix Connex (PXA255)",
+ .init = connex_init,
+ DEFAULT_MACHINE_OPTIONS,
+};
+
+static QEMUMachine verdex_machine = {
+ .name = "verdex",
+ .desc = "Gumstix Verdex (PXA270)",
+ .init = verdex_init,
+ DEFAULT_MACHINE_OPTIONS,
+};
+
+static void gumstix_machine_init(void)
+{
+ qemu_register_machine(&connex_machine);
+ qemu_register_machine(&verdex_machine);
+}
+
+machine_init(gumstix_machine_init);
diff --git a/hw/arm/highbank.c b/hw/arm/highbank.c
new file mode 100644
index 000000000..35d5511d2
--- /dev/null
+++ b/hw/arm/highbank.c
@@ -0,0 +1,386 @@
+/*
+ * Calxeda Highbank SoC emulation
+ *
+ * Copyright (c) 2010-2012 Calxeda
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms and conditions of the GNU General Public License,
+ * version 2 or later, as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
+ * more details.
+ *
+ * You should have received a copy of the GNU General Public License along with
+ * this program. If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+#include "hw/sysbus.h"
+#include "hw/arm/arm.h"
+#include "hw/devices.h"
+#include "hw/loader.h"
+#include "net/net.h"
+#include "sysemu/sysemu.h"
+#include "hw/boards.h"
+#include "sysemu/blockdev.h"
+#include "exec/address-spaces.h"
+
+#define SMP_BOOT_ADDR 0x100
+#define SMP_BOOT_REG 0x40
+#define GIC_BASE_ADDR 0xfff10000
+
+#define NIRQ_GIC 160
+
+/* Board init. */
+
+static void hb_write_secondary(ARMCPU *cpu, const struct arm_boot_info *info)
+{
+ int n;
+ uint32_t smpboot[] = {
+ 0xee100fb0, /* mrc p15, 0, r0, c0, c0, 5 - read current core id */
+ 0xe210000f, /* ands r0, r0, #0x0f */
+ 0xe3a03040, /* mov r3, #0x40 - jump address is 0x40 + 0x10 * core id */
+ 0xe0830200, /* add r0, r3, r0, lsl #4 */
+ 0xe59f2024, /* ldr r2, privbase */
+ 0xe3a01001, /* mov r1, #1 */
+ 0xe5821100, /* str r1, [r2, #256] - set GICC_CTLR.Enable */
+ 0xe3a010ff, /* mov r1, #0xff */
+ 0xe5821104, /* str r1, [r2, #260] - set GICC_PMR.Priority to 0xff */
+ 0xf57ff04f, /* dsb */
+ 0xe320f003, /* wfi */
+ 0xe5901000, /* ldr r1, [r0] */
+ 0xe1110001, /* tst r1, r1 */
+ 0x0afffffb, /* beq <wfi> */
+ 0xe12fff11, /* bx r1 */
+ GIC_BASE_ADDR /* privbase: gic address. */
+ };
+ for (n = 0; n < ARRAY_SIZE(smpboot); n++) {
+ smpboot[n] = tswap32(smpboot[n]);
+ }
+ rom_add_blob_fixed("smpboot", smpboot, sizeof(smpboot), SMP_BOOT_ADDR);
+}
+
+static void hb_reset_secondary(ARMCPU *cpu, const struct arm_boot_info *info)
+{
+ CPUARMState *env = &cpu->env;
+
+ switch (info->nb_cpus) {
+ case 4:
+ stl_phys_notdirty(SMP_BOOT_REG + 0x30, 0);
+ case 3:
+ stl_phys_notdirty(SMP_BOOT_REG + 0x20, 0);
+ case 2:
+ stl_phys_notdirty(SMP_BOOT_REG + 0x10, 0);
+ env->regs[15] = SMP_BOOT_ADDR;
+ break;
+ default:
+ break;
+ }
+}
+
+#define NUM_REGS 0x200
+static void hb_regs_write(void *opaque, hwaddr offset,
+ uint64_t value, unsigned size)
+{
+ uint32_t *regs = opaque;
+
+ if (offset == 0xf00) {
+ if (value == 1 || value == 2) {
+ qemu_system_reset_request();
+ } else if (value == 3) {
+ qemu_system_shutdown_request();
+ }
+ }
+
+ regs[offset/4] = value;
+}
+
+static uint64_t hb_regs_read(void *opaque, hwaddr offset,
+ unsigned size)
+{
+ uint32_t *regs = opaque;
+ uint32_t value = regs[offset/4];
+
+ if ((offset == 0x100) || (offset == 0x108) || (offset == 0x10C)) {
+ value |= 0x30000000;
+ }
+
+ return value;
+}
+
+static const MemoryRegionOps hb_mem_ops = {
+ .read = hb_regs_read,
+ .write = hb_regs_write,
+ .endianness = DEVICE_NATIVE_ENDIAN,
+};
+
+#define TYPE_HIGHBANK_REGISTERS "highbank-regs"
+#define HIGHBANK_REGISTERS(obj) \
+ OBJECT_CHECK(HighbankRegsState, (obj), TYPE_HIGHBANK_REGISTERS)
+
+typedef struct {
+ /*< private >*/
+ SysBusDevice parent_obj;
+ /*< public >*/
+
+ MemoryRegion *iomem;
+ uint32_t regs[NUM_REGS];
+} HighbankRegsState;
+
+static VMStateDescription vmstate_highbank_regs = {
+ .name = "highbank-regs",
+ .version_id = 0,
+ .minimum_version_id = 0,
+ .minimum_version_id_old = 0,
+ .fields = (VMStateField[]) {
+ VMSTATE_UINT32_ARRAY(regs, HighbankRegsState, NUM_REGS),
+ VMSTATE_END_OF_LIST(),
+ },
+};
+
+static void highbank_regs_reset(DeviceState *dev)
+{
+ HighbankRegsState *s = HIGHBANK_REGISTERS(dev);
+
+ s->regs[0x40] = 0x05F20121;
+ s->regs[0x41] = 0x2;
+ s->regs[0x42] = 0x05F30121;
+ s->regs[0x43] = 0x05F40121;
+}
+
+static int highbank_regs_init(SysBusDevice *dev)
+{
+ HighbankRegsState *s = HIGHBANK_REGISTERS(dev);
+
+ s->iomem = g_new(MemoryRegion, 1);
+ memory_region_init_io(s->iomem, OBJECT(s), &hb_mem_ops, s->regs,
+ "highbank_regs", 0x1000);
+ sysbus_init_mmio(dev, s->iomem);
+
+ return 0;
+}
+
+static void highbank_regs_class_init(ObjectClass *klass, void *data)
+{
+ SysBusDeviceClass *sbc = SYS_BUS_DEVICE_CLASS(klass);
+ DeviceClass *dc = DEVICE_CLASS(klass);
+
+ sbc->init = highbank_regs_init;
+ dc->desc = "Calxeda Highbank registers";
+ dc->vmsd = &vmstate_highbank_regs;
+ dc->reset = highbank_regs_reset;
+}
+
+static const TypeInfo highbank_regs_info = {
+ .name = TYPE_HIGHBANK_REGISTERS,
+ .parent = TYPE_SYS_BUS_DEVICE,
+ .instance_size = sizeof(HighbankRegsState),
+ .class_init = highbank_regs_class_init,
+};
+
+static void highbank_regs_register_types(void)
+{
+ type_register_static(&highbank_regs_info);
+}
+
+type_init(highbank_regs_register_types)
+
+static struct arm_boot_info highbank_binfo;
+
+enum cxmachines {
+ CALXEDA_HIGHBANK,
+ CALXEDA_MIDWAY,
+};
+
+/* ram_size must be set to match the upper bound of memory in the
+ * device tree (linux/arch/arm/boot/dts/highbank.dts), which is
+ * normally 0xff900000 or -m 4089. When running this board on a
+ * 32-bit host, set the reg value of memory to 0xf7ff00000 in the
+ * device tree and pass -m 2047 to QEMU.
+ */
+static void calxeda_init(QEMUMachineInitArgs *args, enum cxmachines machine)
+{
+ ram_addr_t ram_size = args->ram_size;
+ const char *cpu_model = args->cpu_model;
+ const char *kernel_filename = args->kernel_filename;
+ const char *kernel_cmdline = args->kernel_cmdline;
+ const char *initrd_filename = args->initrd_filename;
+ DeviceState *dev = NULL;
+ SysBusDevice *busdev;
+ qemu_irq *irqp;
+ qemu_irq pic[128];
+ int n;
+ qemu_irq cpu_irq[4];
+ MemoryRegion *sysram;
+ MemoryRegion *dram;
+ MemoryRegion *sysmem;
+ char *sysboot_filename;
+
+ if (!cpu_model) {
+ switch (machine) {
+ case CALXEDA_HIGHBANK:
+ cpu_model = "cortex-a9";
+ break;
+ case CALXEDA_MIDWAY:
+ cpu_model = "cortex-a15";
+ break;
+ }
+ }
+
+ for (n = 0; n < smp_cpus; n++) {
+ ARMCPU *cpu;
+ cpu = cpu_arm_init(cpu_model);
+ if (cpu == NULL) {
+ fprintf(stderr, "Unable to find CPU definition\n");
+ exit(1);
+ }
+
+ /* This will become a QOM property eventually */
+ cpu->reset_cbar = GIC_BASE_ADDR;
+ irqp = arm_pic_init_cpu(cpu);
+ cpu_irq[n] = irqp[ARM_PIC_CPU_IRQ];
+ }
+
+ sysmem = get_system_memory();
+ dram = g_new(MemoryRegion, 1);
+ memory_region_init_ram(dram, NULL, "highbank.dram", ram_size);
+ /* SDRAM at address zero. */
+ memory_region_add_subregion(sysmem, 0, dram);
+
+ sysram = g_new(MemoryRegion, 1);
+ memory_region_init_ram(sysram, NULL, "highbank.sysram", 0x8000);
+ memory_region_add_subregion(sysmem, 0xfff88000, sysram);
+ if (bios_name != NULL) {
+ sysboot_filename = qemu_find_file(QEMU_FILE_TYPE_BIOS, bios_name);
+ if (sysboot_filename != NULL) {
+ uint32_t filesize = get_image_size(sysboot_filename);
+ if (load_image_targphys("sysram.bin", 0xfff88000, filesize) < 0) {
+ hw_error("Unable to load %s\n", bios_name);
+ }
+ } else {
+ hw_error("Unable to find %s\n", bios_name);
+ }
+ }
+
+ switch (machine) {
+ case CALXEDA_HIGHBANK:
+ dev = qdev_create(NULL, "l2x0");
+ qdev_init_nofail(dev);
+ busdev = SYS_BUS_DEVICE(dev);
+ sysbus_mmio_map(busdev, 0, 0xfff12000);
+
+ dev = qdev_create(NULL, "a9mpcore_priv");
+ break;
+ case CALXEDA_MIDWAY:
+ dev = qdev_create(NULL, "a15mpcore_priv");
+ break;
+ }
+ qdev_prop_set_uint32(dev, "num-cpu", smp_cpus);
+ qdev_prop_set_uint32(dev, "num-irq", NIRQ_GIC);
+ qdev_init_nofail(dev);
+ busdev = SYS_BUS_DEVICE(dev);
+ sysbus_mmio_map(busdev, 0, GIC_BASE_ADDR);
+ for (n = 0; n < smp_cpus; n++) {
+ sysbus_connect_irq(busdev, n, cpu_irq[n]);
+ }
+
+ for (n = 0; n < 128; n++) {
+ pic[n] = qdev_get_gpio_in(dev, n);
+ }
+
+ dev = qdev_create(NULL, "sp804");
+ qdev_prop_set_uint32(dev, "freq0", 150000000);
+ qdev_prop_set_uint32(dev, "freq1", 150000000);
+ qdev_init_nofail(dev);
+ busdev = SYS_BUS_DEVICE(dev);
+ sysbus_mmio_map(busdev, 0, 0xfff34000);
+ sysbus_connect_irq(busdev, 0, pic[18]);
+ sysbus_create_simple("pl011", 0xfff36000, pic[20]);
+
+ dev = qdev_create(NULL, "highbank-regs");
+ qdev_init_nofail(dev);
+ busdev = SYS_BUS_DEVICE(dev);
+ sysbus_mmio_map(busdev, 0, 0xfff3c000);
+
+ sysbus_create_simple("pl061", 0xfff30000, pic[14]);
+ sysbus_create_simple("pl061", 0xfff31000, pic[15]);
+ sysbus_create_simple("pl061", 0xfff32000, pic[16]);
+ sysbus_create_simple("pl061", 0xfff33000, pic[17]);
+ sysbus_create_simple("pl031", 0xfff35000, pic[19]);
+ sysbus_create_simple("pl022", 0xfff39000, pic[23]);
+
+ sysbus_create_simple("sysbus-ahci", 0xffe08000, pic[83]);
+
+ if (nd_table[0].used) {
+ qemu_check_nic_model(&nd_table[0], "xgmac");
+ dev = qdev_create(NULL, "xgmac");
+ qdev_set_nic_properties(dev, &nd_table[0]);
+ qdev_init_nofail(dev);
+ sysbus_mmio_map(SYS_BUS_DEVICE(dev), 0, 0xfff50000);
+ sysbus_connect_irq(SYS_BUS_DEVICE(dev), 0, pic[77]);
+ sysbus_connect_irq(SYS_BUS_DEVICE(dev), 1, pic[78]);
+ sysbus_connect_irq(SYS_BUS_DEVICE(dev), 2, pic[79]);
+
+ qemu_check_nic_model(&nd_table[1], "xgmac");
+ dev = qdev_create(NULL, "xgmac");
+ qdev_set_nic_properties(dev, &nd_table[1]);
+ qdev_init_nofail(dev);
+ sysbus_mmio_map(SYS_BUS_DEVICE(dev), 0, 0xfff51000);
+ sysbus_connect_irq(SYS_BUS_DEVICE(dev), 0, pic[80]);
+ sysbus_connect_irq(SYS_BUS_DEVICE(dev), 1, pic[81]);
+ sysbus_connect_irq(SYS_BUS_DEVICE(dev), 2, pic[82]);
+ }
+
+ highbank_binfo.ram_size = ram_size;
+ highbank_binfo.kernel_filename = kernel_filename;
+ highbank_binfo.kernel_cmdline = kernel_cmdline;
+ highbank_binfo.initrd_filename = initrd_filename;
+ /* highbank requires a dtb in order to boot, and the dtb will override
+ * the board ID. The following value is ignored, so set it to -1 to be
+ * clear that the value is meaningless.
+ */
+ highbank_binfo.board_id = -1;
+ highbank_binfo.nb_cpus = smp_cpus;
+ highbank_binfo.loader_start = 0;
+ highbank_binfo.write_secondary_boot = hb_write_secondary;
+ highbank_binfo.secondary_cpu_reset_hook = hb_reset_secondary;
+ arm_load_kernel(ARM_CPU(first_cpu), &highbank_binfo);
+}
+
+static void highbank_init(QEMUMachineInitArgs *args)
+{
+ calxeda_init(args, CALXEDA_HIGHBANK);
+}
+
+static void midway_init(QEMUMachineInitArgs *args)
+{
+ calxeda_init(args, CALXEDA_MIDWAY);
+}
+
+static QEMUMachine highbank_machine = {
+ .name = "highbank",
+ .desc = "Calxeda Highbank (ECX-1000)",
+ .init = highbank_init,
+ .block_default_type = IF_SCSI,
+ .max_cpus = 4,
+ DEFAULT_MACHINE_OPTIONS,
+};
+
+static QEMUMachine midway_machine = {
+ .name = "midway",
+ .desc = "Calxeda Midway (ECX-2000)",
+ .init = midway_init,
+ .block_default_type = IF_SCSI,
+ .max_cpus = 4,
+ DEFAULT_MACHINE_OPTIONS,
+};
+
+static void calxeda_machines_init(void)
+{
+ qemu_register_machine(&highbank_machine);
+ qemu_register_machine(&midway_machine);
+}
+
+machine_init(calxeda_machines_init);
diff --git a/hw/arm/integratorcp.c b/hw/arm/integratorcp.c
new file mode 100644
index 000000000..d518188d0
--- /dev/null
+++ b/hw/arm/integratorcp.c
@@ -0,0 +1,581 @@
+/*
+ * ARM Integrator CP System emulation.
+ *
+ * Copyright (c) 2005-2007 CodeSourcery.
+ * Written by Paul Brook
+ *
+ * This code is licensed under the GPL
+ */
+
+#include "hw/sysbus.h"
+#include "hw/devices.h"
+#include "hw/boards.h"
+#include "hw/arm/arm.h"
+#include "net/net.h"
+#include "exec/address-spaces.h"
+#include "sysemu/sysemu.h"
+
+#define TYPE_INTEGRATOR_CM "integrator_core"
+#define INTEGRATOR_CM(obj) \
+ OBJECT_CHECK(IntegratorCMState, (obj), TYPE_INTEGRATOR_CM)
+
+typedef struct IntegratorCMState {
+ /*< private >*/
+ SysBusDevice parent_obj;
+ /*< public >*/
+
+ MemoryRegion iomem;
+ uint32_t memsz;
+ MemoryRegion flash;
+ uint32_t cm_osc;
+ uint32_t cm_ctrl;
+ uint32_t cm_lock;
+ uint32_t cm_auxosc;
+ uint32_t cm_sdram;
+ uint32_t cm_init;
+ uint32_t cm_flags;
+ uint32_t cm_nvflags;
+ uint32_t int_level;
+ uint32_t irq_enabled;
+ uint32_t fiq_enabled;
+} IntegratorCMState;
+
+static uint8_t integrator_spd[128] = {
+ 128, 8, 4, 11, 9, 1, 64, 0, 2, 0xa0, 0xa0, 0, 0, 8, 0, 1,
+ 0xe, 4, 0x1c, 1, 2, 0x20, 0xc0, 0, 0, 0, 0, 0x30, 0x28, 0x30, 0x28, 0x40
+};
+
+static uint64_t integratorcm_read(void *opaque, hwaddr offset,
+ unsigned size)
+{
+ IntegratorCMState *s = opaque;
+ if (offset >= 0x100 && offset < 0x200) {
+ /* CM_SPD */
+ if (offset >= 0x180)
+ return 0;
+ return integrator_spd[offset >> 2];
+ }
+ switch (offset >> 2) {
+ case 0: /* CM_ID */
+ return 0x411a3001;
+ case 1: /* CM_PROC */
+ return 0;
+ case 2: /* CM_OSC */
+ return s->cm_osc;
+ case 3: /* CM_CTRL */
+ return s->cm_ctrl;
+ case 4: /* CM_STAT */
+ return 0x00100000;
+ case 5: /* CM_LOCK */
+ if (s->cm_lock == 0xa05f) {
+ return 0x1a05f;
+ } else {
+ return s->cm_lock;
+ }
+ case 6: /* CM_LMBUSCNT */
+ /* ??? High frequency timer. */
+ hw_error("integratorcm_read: CM_LMBUSCNT");
+ case 7: /* CM_AUXOSC */
+ return s->cm_auxosc;
+ case 8: /* CM_SDRAM */
+ return s->cm_sdram;
+ case 9: /* CM_INIT */
+ return s->cm_init;
+ case 10: /* CM_REFCT */
+ /* ??? High frequency timer. */
+ hw_error("integratorcm_read: CM_REFCT");
+ case 12: /* CM_FLAGS */
+ return s->cm_flags;
+ case 14: /* CM_NVFLAGS */
+ return s->cm_nvflags;
+ case 16: /* CM_IRQ_STAT */
+ return s->int_level & s->irq_enabled;
+ case 17: /* CM_IRQ_RSTAT */
+ return s->int_level;
+ case 18: /* CM_IRQ_ENSET */
+ return s->irq_enabled;
+ case 20: /* CM_SOFT_INTSET */
+ return s->int_level & 1;
+ case 24: /* CM_FIQ_STAT */
+ return s->int_level & s->fiq_enabled;
+ case 25: /* CM_FIQ_RSTAT */
+ return s->int_level;
+ case 26: /* CM_FIQ_ENSET */
+ return s->fiq_enabled;
+ case 32: /* CM_VOLTAGE_CTL0 */
+ case 33: /* CM_VOLTAGE_CTL1 */
+ case 34: /* CM_VOLTAGE_CTL2 */
+ case 35: /* CM_VOLTAGE_CTL3 */
+ /* ??? Voltage control unimplemented. */
+ return 0;
+ default:
+ hw_error("integratorcm_read: Unimplemented offset 0x%x\n",
+ (int)offset);
+ return 0;
+ }
+}
+
+static void integratorcm_do_remap(IntegratorCMState *s)
+{
+ /* Sync memory region state with CM_CTRL REMAP bit:
+ * bit 0 => flash at address 0; bit 1 => RAM
+ */
+ memory_region_set_enabled(&s->flash, !(s->cm_ctrl & 4));
+}
+
+static void integratorcm_set_ctrl(IntegratorCMState *s, uint32_t value)
+{
+ if (value & 8) {
+ qemu_system_reset_request();
+ }
+ if ((s->cm_ctrl ^ value) & 1) {
+ /* (value & 1) != 0 means the green "MISC LED" is lit.
+ * We don't have any nice place to display LEDs. printf is a bad
+ * idea because Linux uses the LED as a heartbeat and the output
+ * will swamp anything else on the terminal.
+ */
+ }
+ /* Note that the RESET bit [3] always reads as zero */
+ s->cm_ctrl = (s->cm_ctrl & ~5) | (value & 5);
+ integratorcm_do_remap(s);
+}
+
+static void integratorcm_update(IntegratorCMState *s)
+{
+ /* ??? The CPU irq/fiq is raised when either the core module or base PIC
+ are active. */
+ if (s->int_level & (s->irq_enabled | s->fiq_enabled))
+ hw_error("Core module interrupt\n");
+}
+
+static void integratorcm_write(void *opaque, hwaddr offset,
+ uint64_t value, unsigned size)
+{
+ IntegratorCMState *s = opaque;
+ switch (offset >> 2) {
+ case 2: /* CM_OSC */
+ if (s->cm_lock == 0xa05f)
+ s->cm_osc = value;
+ break;
+ case 3: /* CM_CTRL */
+ integratorcm_set_ctrl(s, value);
+ break;
+ case 5: /* CM_LOCK */
+ s->cm_lock = value & 0xffff;
+ break;
+ case 7: /* CM_AUXOSC */
+ if (s->cm_lock == 0xa05f)
+ s->cm_auxosc = value;
+ break;
+ case 8: /* CM_SDRAM */
+ s->cm_sdram = value;
+ break;
+ case 9: /* CM_INIT */
+ /* ??? This can change the memory bus frequency. */
+ s->cm_init = value;
+ break;
+ case 12: /* CM_FLAGSS */
+ s->cm_flags |= value;
+ break;
+ case 13: /* CM_FLAGSC */
+ s->cm_flags &= ~value;
+ break;
+ case 14: /* CM_NVFLAGSS */
+ s->cm_nvflags |= value;
+ break;
+ case 15: /* CM_NVFLAGSS */
+ s->cm_nvflags &= ~value;
+ break;
+ case 18: /* CM_IRQ_ENSET */
+ s->irq_enabled |= value;
+ integratorcm_update(s);
+ break;
+ case 19: /* CM_IRQ_ENCLR */
+ s->irq_enabled &= ~value;
+ integratorcm_update(s);
+ break;
+ case 20: /* CM_SOFT_INTSET */
+ s->int_level |= (value & 1);
+ integratorcm_update(s);
+ break;
+ case 21: /* CM_SOFT_INTCLR */
+ s->int_level &= ~(value & 1);
+ integratorcm_update(s);
+ break;
+ case 26: /* CM_FIQ_ENSET */
+ s->fiq_enabled |= value;
+ integratorcm_update(s);
+ break;
+ case 27: /* CM_FIQ_ENCLR */
+ s->fiq_enabled &= ~value;
+ integratorcm_update(s);
+ break;
+ case 32: /* CM_VOLTAGE_CTL0 */
+ case 33: /* CM_VOLTAGE_CTL1 */
+ case 34: /* CM_VOLTAGE_CTL2 */
+ case 35: /* CM_VOLTAGE_CTL3 */
+ /* ??? Voltage control unimplemented. */
+ break;
+ default:
+ hw_error("integratorcm_write: Unimplemented offset 0x%x\n",
+ (int)offset);
+ break;
+ }
+}
+
+/* Integrator/CM control registers. */
+
+static const MemoryRegionOps integratorcm_ops = {
+ .read = integratorcm_read,
+ .write = integratorcm_write,
+ .endianness = DEVICE_NATIVE_ENDIAN,
+};
+
+static int integratorcm_init(SysBusDevice *dev)
+{
+ IntegratorCMState *s = INTEGRATOR_CM(dev);
+
+ s->cm_osc = 0x01000048;
+ /* ??? What should the high bits of this value be? */
+ s->cm_auxosc = 0x0007feff;
+ s->cm_sdram = 0x00011122;
+ if (s->memsz >= 256) {
+ integrator_spd[31] = 64;
+ s->cm_sdram |= 0x10;
+ } else if (s->memsz >= 128) {
+ integrator_spd[31] = 32;
+ s->cm_sdram |= 0x0c;
+ } else if (s->memsz >= 64) {
+ integrator_spd[31] = 16;
+ s->cm_sdram |= 0x08;
+ } else if (s->memsz >= 32) {
+ integrator_spd[31] = 4;
+ s->cm_sdram |= 0x04;
+ } else {
+ integrator_spd[31] = 2;
+ }
+ memcpy(integrator_spd + 73, "QEMU-MEMORY", 11);
+ s->cm_init = 0x00000112;
+ memory_region_init_ram(&s->flash, OBJECT(s), "integrator.flash", 0x100000);
+ vmstate_register_ram_global(&s->flash);
+
+ memory_region_init_io(&s->iomem, OBJECT(s), &integratorcm_ops, s,
+ "integratorcm", 0x00800000);
+ sysbus_init_mmio(dev, &s->iomem);
+
+ integratorcm_do_remap(s);
+ /* ??? Save/restore. */
+ return 0;
+}
+
+/* Integrator/CP hardware emulation. */
+/* Primary interrupt controller. */
+
+#define TYPE_INTEGRATOR_PIC "integrator_pic"
+#define INTEGRATOR_PIC(obj) \
+ OBJECT_CHECK(icp_pic_state, (obj), TYPE_INTEGRATOR_PIC)
+
+typedef struct icp_pic_state {
+ /*< private >*/
+ SysBusDevice parent_obj;
+ /*< public >*/
+
+ MemoryRegion iomem;
+ uint32_t level;
+ uint32_t irq_enabled;
+ uint32_t fiq_enabled;
+ qemu_irq parent_irq;
+ qemu_irq parent_fiq;
+} icp_pic_state;
+
+static void icp_pic_update(icp_pic_state *s)
+{
+ uint32_t flags;
+
+ flags = (s->level & s->irq_enabled);
+ qemu_set_irq(s->parent_irq, flags != 0);
+ flags = (s->level & s->fiq_enabled);
+ qemu_set_irq(s->parent_fiq, flags != 0);
+}
+
+static void icp_pic_set_irq(void *opaque, int irq, int level)
+{
+ icp_pic_state *s = (icp_pic_state *)opaque;
+ if (level)
+ s->level |= 1 << irq;
+ else
+ s->level &= ~(1 << irq);
+ icp_pic_update(s);
+}
+
+static uint64_t icp_pic_read(void *opaque, hwaddr offset,
+ unsigned size)
+{
+ icp_pic_state *s = (icp_pic_state *)opaque;
+
+ switch (offset >> 2) {
+ case 0: /* IRQ_STATUS */
+ return s->level & s->irq_enabled;
+ case 1: /* IRQ_RAWSTAT */
+ return s->level;
+ case 2: /* IRQ_ENABLESET */
+ return s->irq_enabled;
+ case 4: /* INT_SOFTSET */
+ return s->level & 1;
+ case 8: /* FRQ_STATUS */
+ return s->level & s->fiq_enabled;
+ case 9: /* FRQ_RAWSTAT */
+ return s->level;
+ case 10: /* FRQ_ENABLESET */
+ return s->fiq_enabled;
+ case 3: /* IRQ_ENABLECLR */
+ case 5: /* INT_SOFTCLR */
+ case 11: /* FRQ_ENABLECLR */
+ default:
+ printf ("icp_pic_read: Bad register offset 0x%x\n", (int)offset);
+ return 0;
+ }
+}
+
+static void icp_pic_write(void *opaque, hwaddr offset,
+ uint64_t value, unsigned size)
+{
+ icp_pic_state *s = (icp_pic_state *)opaque;
+
+ switch (offset >> 2) {
+ case 2: /* IRQ_ENABLESET */
+ s->irq_enabled |= value;
+ break;
+ case 3: /* IRQ_ENABLECLR */
+ s->irq_enabled &= ~value;
+ break;
+ case 4: /* INT_SOFTSET */
+ if (value & 1)
+ icp_pic_set_irq(s, 0, 1);
+ break;
+ case 5: /* INT_SOFTCLR */
+ if (value & 1)
+ icp_pic_set_irq(s, 0, 0);
+ break;
+ case 10: /* FRQ_ENABLESET */
+ s->fiq_enabled |= value;
+ break;
+ case 11: /* FRQ_ENABLECLR */
+ s->fiq_enabled &= ~value;
+ break;
+ case 0: /* IRQ_STATUS */
+ case 1: /* IRQ_RAWSTAT */
+ case 8: /* FRQ_STATUS */
+ case 9: /* FRQ_RAWSTAT */
+ default:
+ printf ("icp_pic_write: Bad register offset 0x%x\n", (int)offset);
+ return;
+ }
+ icp_pic_update(s);
+}
+
+static const MemoryRegionOps icp_pic_ops = {
+ .read = icp_pic_read,
+ .write = icp_pic_write,
+ .endianness = DEVICE_NATIVE_ENDIAN,
+};
+
+static int icp_pic_init(SysBusDevice *sbd)
+{
+ DeviceState *dev = DEVICE(sbd);
+ icp_pic_state *s = INTEGRATOR_PIC(dev);
+
+ qdev_init_gpio_in(dev, icp_pic_set_irq, 32);
+ sysbus_init_irq(sbd, &s->parent_irq);
+ sysbus_init_irq(sbd, &s->parent_fiq);
+ memory_region_init_io(&s->iomem, OBJECT(s), &icp_pic_ops, s,
+ "icp-pic", 0x00800000);
+ sysbus_init_mmio(sbd, &s->iomem);
+ return 0;
+}
+
+/* CP control registers. */
+
+static uint64_t icp_control_read(void *opaque, hwaddr offset,
+ unsigned size)
+{
+ switch (offset >> 2) {
+ case 0: /* CP_IDFIELD */
+ return 0x41034003;
+ case 1: /* CP_FLASHPROG */
+ return 0;
+ case 2: /* CP_INTREG */
+ return 0;
+ case 3: /* CP_DECODE */
+ return 0x11;
+ default:
+ hw_error("icp_control_read: Bad offset %x\n", (int)offset);
+ return 0;
+ }
+}
+
+static void icp_control_write(void *opaque, hwaddr offset,
+ uint64_t value, unsigned size)
+{
+ switch (offset >> 2) {
+ case 1: /* CP_FLASHPROG */
+ case 2: /* CP_INTREG */
+ case 3: /* CP_DECODE */
+ /* Nothing interesting implemented yet. */
+ break;
+ default:
+ hw_error("icp_control_write: Bad offset %x\n", (int)offset);
+ }
+}
+
+static const MemoryRegionOps icp_control_ops = {
+ .read = icp_control_read,
+ .write = icp_control_write,
+ .endianness = DEVICE_NATIVE_ENDIAN,
+};
+
+static void icp_control_init(hwaddr base)
+{
+ MemoryRegion *io;
+
+ io = (MemoryRegion *)g_malloc0(sizeof(MemoryRegion));
+ memory_region_init_io(io, NULL, &icp_control_ops, NULL,
+ "control", 0x00800000);
+ memory_region_add_subregion(get_system_memory(), base, io);
+ /* ??? Save/restore. */
+}
+
+
+/* Board init. */
+
+static struct arm_boot_info integrator_binfo = {
+ .loader_start = 0x0,
+ .board_id = 0x113,
+};
+
+static void integratorcp_init(QEMUMachineInitArgs *args)
+{
+ ram_addr_t ram_size = args->ram_size;
+ const char *cpu_model = args->cpu_model;
+ const char *kernel_filename = args->kernel_filename;
+ const char *kernel_cmdline = args->kernel_cmdline;
+ const char *initrd_filename = args->initrd_filename;
+ ARMCPU *cpu;
+ MemoryRegion *address_space_mem = get_system_memory();
+ MemoryRegion *ram = g_new(MemoryRegion, 1);
+ MemoryRegion *ram_alias = g_new(MemoryRegion, 1);
+ qemu_irq pic[32];
+ qemu_irq *cpu_pic;
+ DeviceState *dev;
+ int i;
+
+ if (!cpu_model) {
+ cpu_model = "arm926";
+ }
+ cpu = cpu_arm_init(cpu_model);
+ if (!cpu) {
+ fprintf(stderr, "Unable to find CPU definition\n");
+ exit(1);
+ }
+
+ memory_region_init_ram(ram, NULL, "integrator.ram", ram_size);
+ vmstate_register_ram_global(ram);
+ /* ??? On a real system the first 1Mb is mapped as SSRAM or boot flash. */
+ /* ??? RAM should repeat to fill physical memory space. */
+ /* SDRAM at address zero*/
+ memory_region_add_subregion(address_space_mem, 0, ram);
+ /* And again at address 0x80000000 */
+ memory_region_init_alias(ram_alias, NULL, "ram.alias", ram, 0, ram_size);
+ memory_region_add_subregion(address_space_mem, 0x80000000, ram_alias);
+
+ dev = qdev_create(NULL, TYPE_INTEGRATOR_CM);
+ qdev_prop_set_uint32(dev, "memsz", ram_size >> 20);
+ qdev_init_nofail(dev);
+ sysbus_mmio_map((SysBusDevice *)dev, 0, 0x10000000);
+
+ cpu_pic = arm_pic_init_cpu(cpu);
+ dev = sysbus_create_varargs(TYPE_INTEGRATOR_PIC, 0x14000000,
+ cpu_pic[ARM_PIC_CPU_IRQ],
+ cpu_pic[ARM_PIC_CPU_FIQ], NULL);
+ for (i = 0; i < 32; i++) {
+ pic[i] = qdev_get_gpio_in(dev, i);
+ }
+ sysbus_create_simple(TYPE_INTEGRATOR_PIC, 0xca000000, pic[26]);
+ sysbus_create_varargs("integrator_pit", 0x13000000,
+ pic[5], pic[6], pic[7], NULL);
+ sysbus_create_simple("pl031", 0x15000000, pic[8]);
+ sysbus_create_simple("pl011", 0x16000000, pic[1]);
+ sysbus_create_simple("pl011", 0x17000000, pic[2]);
+ icp_control_init(0xcb000000);
+ sysbus_create_simple("pl050_keyboard", 0x18000000, pic[3]);
+ sysbus_create_simple("pl050_mouse", 0x19000000, pic[4]);
+ sysbus_create_varargs("pl181", 0x1c000000, pic[23], pic[24], NULL);
+ if (nd_table[0].used)
+ smc91c111_init(&nd_table[0], 0xc8000000, pic[27]);
+
+ sysbus_create_simple("pl110", 0xc0000000, pic[22]);
+
+ integrator_binfo.ram_size = ram_size;
+ integrator_binfo.kernel_filename = kernel_filename;
+ integrator_binfo.kernel_cmdline = kernel_cmdline;
+ integrator_binfo.initrd_filename = initrd_filename;
+ arm_load_kernel(cpu, &integrator_binfo);
+}
+
+static QEMUMachine integratorcp_machine = {
+ .name = "integratorcp",
+ .desc = "ARM Integrator/CP (ARM926EJ-S)",
+ .init = integratorcp_init,
+ .is_default = 1,
+ DEFAULT_MACHINE_OPTIONS,
+};
+
+static void integratorcp_machine_init(void)
+{
+ qemu_register_machine(&integratorcp_machine);
+}
+
+machine_init(integratorcp_machine_init);
+
+static Property core_properties[] = {
+ DEFINE_PROP_UINT32("memsz", IntegratorCMState, memsz, 0),
+ DEFINE_PROP_END_OF_LIST(),
+};
+
+static void core_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
+
+ k->init = integratorcm_init;
+ dc->props = core_properties;
+}
+
+static const TypeInfo core_info = {
+ .name = TYPE_INTEGRATOR_CM,
+ .parent = TYPE_SYS_BUS_DEVICE,
+ .instance_size = sizeof(IntegratorCMState),
+ .class_init = core_class_init,
+};
+
+static void icp_pic_class_init(ObjectClass *klass, void *data)
+{
+ SysBusDeviceClass *sdc = SYS_BUS_DEVICE_CLASS(klass);
+
+ sdc->init = icp_pic_init;
+}
+
+static const TypeInfo icp_pic_info = {
+ .name = TYPE_INTEGRATOR_PIC,
+ .parent = TYPE_SYS_BUS_DEVICE,
+ .instance_size = sizeof(icp_pic_state),
+ .class_init = icp_pic_class_init,
+};
+
+static void integratorcp_register_types(void)
+{
+ type_register_static(&icp_pic_info);
+ type_register_static(&core_info);
+}
+
+type_init(integratorcp_register_types)
diff --git a/hw/arm/kzm.c b/hw/arm/kzm.c
new file mode 100644
index 000000000..bd6c05ce1
--- /dev/null
+++ b/hw/arm/kzm.c
@@ -0,0 +1,157 @@
+/*
+ * KZM Board System emulation.
+ *
+ * Copyright (c) 2008 OKL and 2011 NICTA
+ * Written by Hans at OK-Labs
+ * Updated by Peter Chubb.
+ *
+ * This code is licensed under the GPL, version 2 or later.
+ * See the file `COPYING' in the top level directory.
+ *
+ * It (partially) emulates a Kyoto Microcomputer
+ * KZM-ARM11-01 evaluation board, with a Freescale
+ * i.MX31 SoC
+ */
+
+#include "hw/sysbus.h"
+#include "exec/address-spaces.h"
+#include "hw/hw.h"
+#include "hw/arm/arm.h"
+#include "hw/devices.h"
+#include "net/net.h"
+#include "sysemu/sysemu.h"
+#include "hw/boards.h"
+#include "hw/char/serial.h"
+#include "hw/arm/imx.h"
+
+ /* Memory map for Kzm Emulation Baseboard:
+ * 0x00000000-0x00003fff 16k secure ROM IGNORED
+ * 0x00004000-0x00407fff Reserved IGNORED
+ * 0x00404000-0x00407fff ROM IGNORED
+ * 0x00408000-0x0fffffff Reserved IGNORED
+ * 0x10000000-0x1fffbfff RAM aliasing IGNORED
+ * 0x1fffc000-0x1fffffff RAM EMULATED
+ * 0x20000000-0x2fffffff Reserved IGNORED
+ * 0x30000000-0x7fffffff I.MX31 Internal Register Space
+ * 0x43f00000 IO_AREA0
+ * 0x43f90000 UART1 EMULATED
+ * 0x43f94000 UART2 EMULATED
+ * 0x68000000 AVIC EMULATED
+ * 0x53f80000 CCM EMULATED
+ * 0x53f94000 PIT 1 EMULATED
+ * 0x53f98000 PIT 2 EMULATED
+ * 0x53f90000 GPT EMULATED
+ * 0x80000000-0x87ffffff RAM EMULATED
+ * 0x88000000-0x8fffffff RAM Aliasing EMULATED
+ * 0xa0000000-0xafffffff NAND Flash IGNORED
+ * 0xb0000000-0xb3ffffff Unavailable IGNORED
+ * 0xb4000000-0xb4000fff 8-bit free space IGNORED
+ * 0xb4001000-0xb400100f Board control IGNORED
+ * 0xb4001003 DIP switch
+ * 0xb4001010-0xb400101f 7-segment LED IGNORED
+ * 0xb4001020-0xb400102f LED IGNORED
+ * 0xb4001030-0xb400103f LED IGNORED
+ * 0xb4001040-0xb400104f FPGA, UART EMULATED
+ * 0xb4001050-0xb400105f FPGA, UART EMULATED
+ * 0xb4001060-0xb40fffff FPGA IGNORED
+ * 0xb6000000-0xb61fffff LAN controller EMULATED
+ * 0xb6200000-0xb62fffff FPGA NAND Controller IGNORED
+ * 0xb6300000-0xb7ffffff Free IGNORED
+ * 0xb8000000-0xb8004fff Memory control registers IGNORED
+ * 0xc0000000-0xc3ffffff PCMCIA/CF IGNORED
+ * 0xc4000000-0xffffffff Reserved IGNORED
+ */
+
+#define KZM_RAMADDRESS (0x80000000)
+#define KZM_FPGA (0xb4001040)
+
+static struct arm_boot_info kzm_binfo = {
+ .loader_start = KZM_RAMADDRESS,
+ .board_id = 1722,
+};
+
+static void kzm_init(QEMUMachineInitArgs *args)
+{
+ ram_addr_t ram_size = args->ram_size;
+ const char *cpu_model = args->cpu_model;
+ const char *kernel_filename = args->kernel_filename;
+ const char *kernel_cmdline = args->kernel_cmdline;
+ const char *initrd_filename = args->initrd_filename;
+ ARMCPU *cpu;
+ MemoryRegion *address_space_mem = get_system_memory();
+ MemoryRegion *ram = g_new(MemoryRegion, 1);
+ MemoryRegion *sram = g_new(MemoryRegion, 1);
+ MemoryRegion *ram_alias = g_new(MemoryRegion, 1);
+ qemu_irq *cpu_pic;
+ DeviceState *dev;
+ DeviceState *ccm;
+
+ if (!cpu_model) {
+ cpu_model = "arm1136";
+ }
+
+ cpu = cpu_arm_init(cpu_model);
+ if (!cpu) {
+ fprintf(stderr, "Unable to find CPU definition\n");
+ exit(1);
+ }
+
+ /* On a real system, the first 16k is a `secure boot rom' */
+
+ memory_region_init_ram(ram, NULL, "kzm.ram", ram_size);
+ vmstate_register_ram_global(ram);
+ memory_region_add_subregion(address_space_mem, KZM_RAMADDRESS, ram);
+
+ memory_region_init_alias(ram_alias, NULL, "ram.alias", ram, 0, ram_size);
+ memory_region_add_subregion(address_space_mem, 0x88000000, ram_alias);
+
+ memory_region_init_ram(sram, NULL, "kzm.sram", 0x4000);
+ memory_region_add_subregion(address_space_mem, 0x1FFFC000, sram);
+
+ cpu_pic = arm_pic_init_cpu(cpu);
+ dev = sysbus_create_varargs("imx_avic", 0x68000000,
+ cpu_pic[ARM_PIC_CPU_IRQ],
+ cpu_pic[ARM_PIC_CPU_FIQ], NULL);
+
+
+ imx_serial_create(0, 0x43f90000, qdev_get_gpio_in(dev, 45));
+ imx_serial_create(1, 0x43f94000, qdev_get_gpio_in(dev, 32));
+
+ ccm = sysbus_create_simple("imx_ccm", 0x53f80000, NULL);
+
+ imx_timerp_create(0x53f94000, qdev_get_gpio_in(dev, 28), ccm);
+ imx_timerp_create(0x53f98000, qdev_get_gpio_in(dev, 27), ccm);
+ imx_timerg_create(0x53f90000, qdev_get_gpio_in(dev, 29), ccm);
+
+ if (nd_table[0].used) {
+ lan9118_init(&nd_table[0], 0xb6000000, qdev_get_gpio_in(dev, 52));
+ }
+
+ if (serial_hds[2]) { /* touchscreen */
+ serial_mm_init(address_space_mem, KZM_FPGA+0x10, 0,
+ qdev_get_gpio_in(dev, 52),
+ 14745600, serial_hds[2],
+ DEVICE_NATIVE_ENDIAN);
+ }
+
+ kzm_binfo.ram_size = ram_size;
+ kzm_binfo.kernel_filename = kernel_filename;
+ kzm_binfo.kernel_cmdline = kernel_cmdline;
+ kzm_binfo.initrd_filename = initrd_filename;
+ kzm_binfo.nb_cpus = 1;
+ arm_load_kernel(cpu, &kzm_binfo);
+}
+
+static QEMUMachine kzm_machine = {
+ .name = "kzm",
+ .desc = "ARM KZM Emulation Baseboard (ARM1136)",
+ .init = kzm_init,
+ DEFAULT_MACHINE_OPTIONS,
+};
+
+static void kzm_machine_init(void)
+{
+ qemu_register_machine(&kzm_machine);
+}
+
+machine_init(kzm_machine_init)
diff --git a/hw/arm/mainstone.c b/hw/arm/mainstone.c
new file mode 100644
index 000000000..8e5fc26e1
--- /dev/null
+++ b/hw/arm/mainstone.c
@@ -0,0 +1,190 @@
+/*
+ * PXA270-based Intel Mainstone platforms.
+ *
+ * Copyright (c) 2007 by Armin Kuster <akuster@kama-aina.net> or
+ * <akuster@mvista.com>
+ *
+ * Code based on spitz platform by Andrzej Zaborowski <balrog@zabor.org>
+ *
+ * This code is licensed under the GNU GPL v2.
+ *
+ * Contributions after 2012-01-13 are licensed under the terms of the
+ * GNU GPL, version 2 or (at your option) any later version.
+ */
+#include "hw/hw.h"
+#include "hw/arm/pxa.h"
+#include "hw/arm/arm.h"
+#include "net/net.h"
+#include "hw/devices.h"
+#include "hw/boards.h"
+#include "hw/block/flash.h"
+#include "sysemu/blockdev.h"
+#include "hw/sysbus.h"
+#include "exec/address-spaces.h"
+
+/* Device addresses */
+#define MST_FPGA_PHYS 0x08000000
+#define MST_ETH_PHYS 0x10000300
+#define MST_FLASH_0 0x00000000
+#define MST_FLASH_1 0x04000000
+
+/* IRQ definitions */
+#define MMC_IRQ 0
+#define USIM_IRQ 1
+#define USBC_IRQ 2
+#define ETHERNET_IRQ 3
+#define AC97_IRQ 4
+#define PEN_IRQ 5
+#define MSINS_IRQ 6
+#define EXBRD_IRQ 7
+#define S0_CD_IRQ 9
+#define S0_STSCHG_IRQ 10
+#define S0_IRQ 11
+#define S1_CD_IRQ 13
+#define S1_STSCHG_IRQ 14
+#define S1_IRQ 15
+
+static struct keymap map[0xE0] = {
+ [0 ... 0xDF] = { -1, -1 },
+ [0x1e] = {0,0}, /* a */
+ [0x30] = {0,1}, /* b */
+ [0x2e] = {0,2}, /* c */
+ [0x20] = {0,3}, /* d */
+ [0x12] = {0,4}, /* e */
+ [0x21] = {0,5}, /* f */
+ [0x22] = {1,0}, /* g */
+ [0x23] = {1,1}, /* h */
+ [0x17] = {1,2}, /* i */
+ [0x24] = {1,3}, /* j */
+ [0x25] = {1,4}, /* k */
+ [0x26] = {1,5}, /* l */
+ [0x32] = {2,0}, /* m */
+ [0x31] = {2,1}, /* n */
+ [0x18] = {2,2}, /* o */
+ [0x19] = {2,3}, /* p */
+ [0x10] = {2,4}, /* q */
+ [0x13] = {2,5}, /* r */
+ [0x1f] = {3,0}, /* s */
+ [0x14] = {3,1}, /* t */
+ [0x16] = {3,2}, /* u */
+ [0x2f] = {3,3}, /* v */
+ [0x11] = {3,4}, /* w */
+ [0x2d] = {3,5}, /* x */
+ [0x15] = {4,2}, /* y */
+ [0x2c] = {4,3}, /* z */
+ [0xc7] = {5,0}, /* Home */
+ [0x2a] = {5,1}, /* shift */
+ [0x39] = {5,2}, /* space */
+ [0x39] = {5,3}, /* space */
+ [0x1c] = {5,5}, /* enter */
+ [0xc8] = {6,0}, /* up */
+ [0xd0] = {6,1}, /* down */
+ [0xcb] = {6,2}, /* left */
+ [0xcd] = {6,3}, /* right */
+};
+
+enum mainstone_model_e { mainstone };
+
+#define MAINSTONE_RAM 0x04000000
+#define MAINSTONE_ROM 0x00800000
+#define MAINSTONE_FLASH 0x02000000
+
+static struct arm_boot_info mainstone_binfo = {
+ .loader_start = PXA2XX_SDRAM_BASE,
+ .ram_size = 0x04000000,
+};
+
+static void mainstone_common_init(MemoryRegion *address_space_mem,
+ QEMUMachineInitArgs *args,
+ enum mainstone_model_e model, int arm_id)
+{
+ uint32_t sector_len = 256 * 1024;
+ hwaddr mainstone_flash_base[] = { MST_FLASH_0, MST_FLASH_1 };
+ PXA2xxState *mpu;
+ DeviceState *mst_irq;
+ DriveInfo *dinfo;
+ int i;
+ int be;
+ MemoryRegion *rom = g_new(MemoryRegion, 1);
+ const char *cpu_model = args->cpu_model;
+
+ if (!cpu_model)
+ cpu_model = "pxa270-c5";
+
+ /* Setup CPU & memory */
+ mpu = pxa270_init(address_space_mem, mainstone_binfo.ram_size, cpu_model);
+ memory_region_init_ram(rom, NULL, "mainstone.rom", MAINSTONE_ROM);
+ vmstate_register_ram_global(rom);
+ memory_region_set_readonly(rom, true);
+ memory_region_add_subregion(address_space_mem, 0, rom);
+
+#ifdef TARGET_WORDS_BIGENDIAN
+ be = 1;
+#else
+ be = 0;
+#endif
+ /* There are two 32MiB flash devices on the board */
+ for (i = 0; i < 2; i ++) {
+ dinfo = drive_get(IF_PFLASH, 0, i);
+ if (!dinfo) {
+ fprintf(stderr, "Two flash images must be given with the "
+ "'pflash' parameter\n");
+ exit(1);
+ }
+
+ if (!pflash_cfi01_register(mainstone_flash_base[i], NULL,
+ i ? "mainstone.flash1" : "mainstone.flash0",
+ MAINSTONE_FLASH,
+ dinfo->bdrv, sector_len,
+ MAINSTONE_FLASH / sector_len, 4, 0, 0, 0, 0,
+ be)) {
+ fprintf(stderr, "qemu: Error registering flash memory.\n");
+ exit(1);
+ }
+ }
+
+ mst_irq = sysbus_create_simple("mainstone-fpga", MST_FPGA_PHYS,
+ qdev_get_gpio_in(mpu->gpio, 0));
+
+ /* setup keypad */
+ printf("map addr %p\n", &map);
+ pxa27x_register_keypad(mpu->kp, map, 0xe0);
+
+ /* MMC/SD host */
+ pxa2xx_mmci_handlers(mpu->mmc, NULL, qdev_get_gpio_in(mst_irq, MMC_IRQ));
+
+ pxa2xx_pcmcia_set_irq_cb(mpu->pcmcia[0],
+ qdev_get_gpio_in(mst_irq, S0_IRQ),
+ qdev_get_gpio_in(mst_irq, S0_CD_IRQ));
+ pxa2xx_pcmcia_set_irq_cb(mpu->pcmcia[1],
+ qdev_get_gpio_in(mst_irq, S1_IRQ),
+ qdev_get_gpio_in(mst_irq, S1_CD_IRQ));
+
+ smc91c111_init(&nd_table[0], MST_ETH_PHYS,
+ qdev_get_gpio_in(mst_irq, ETHERNET_IRQ));
+
+ mainstone_binfo.kernel_filename = args->kernel_filename;
+ mainstone_binfo.kernel_cmdline = args->kernel_cmdline;
+ mainstone_binfo.initrd_filename = args->initrd_filename;
+ mainstone_binfo.board_id = arm_id;
+ arm_load_kernel(mpu->cpu, &mainstone_binfo);
+}
+
+static void mainstone_init(QEMUMachineInitArgs *args)
+{
+ mainstone_common_init(get_system_memory(), args, mainstone, 0x196);
+}
+
+static QEMUMachine mainstone2_machine = {
+ .name = "mainstone",
+ .desc = "Mainstone II (PXA27x)",
+ .init = mainstone_init,
+ DEFAULT_MACHINE_OPTIONS,
+};
+
+static void mainstone_machine_init(void)
+{
+ qemu_register_machine(&mainstone2_machine);
+}
+
+machine_init(mainstone_machine_init);
diff --git a/hw/arm/musicpal.c b/hw/arm/musicpal.c
new file mode 100644
index 000000000..d715143d3
--- /dev/null
+++ b/hw/arm/musicpal.c
@@ -0,0 +1,1771 @@
+/*
+ * Marvell MV88W8618 / Freecom MusicPal emulation.
+ *
+ * Copyright (c) 2008 Jan Kiszka
+ *
+ * This code is licensed under the GNU GPL v2.
+ *
+ * Contributions after 2012-01-13 are licensed under the terms of the
+ * GNU GPL, version 2 or (at your option) any later version.
+ */
+
+#include "hw/sysbus.h"
+#include "hw/arm/arm.h"
+#include "hw/devices.h"
+#include "net/net.h"
+#include "sysemu/sysemu.h"
+#include "hw/boards.h"
+#include "hw/char/serial.h"
+#include "qemu/timer.h"
+#include "hw/ptimer.h"
+#include "block/block.h"
+#include "hw/block/flash.h"
+#include "ui/console.h"
+#include "hw/i2c/i2c.h"
+#include "sysemu/blockdev.h"
+#include "exec/address-spaces.h"
+#include "ui/pixel_ops.h"
+
+#define MP_MISC_BASE 0x80002000
+#define MP_MISC_SIZE 0x00001000
+
+#define MP_ETH_BASE 0x80008000
+#define MP_ETH_SIZE 0x00001000
+
+#define MP_WLAN_BASE 0x8000C000
+#define MP_WLAN_SIZE 0x00000800
+
+#define MP_UART1_BASE 0x8000C840
+#define MP_UART2_BASE 0x8000C940
+
+#define MP_GPIO_BASE 0x8000D000
+#define MP_GPIO_SIZE 0x00001000
+
+#define MP_FLASHCFG_BASE 0x90006000
+#define MP_FLASHCFG_SIZE 0x00001000
+
+#define MP_AUDIO_BASE 0x90007000
+
+#define MP_PIC_BASE 0x90008000
+#define MP_PIC_SIZE 0x00001000
+
+#define MP_PIT_BASE 0x90009000
+#define MP_PIT_SIZE 0x00001000
+
+#define MP_LCD_BASE 0x9000c000
+#define MP_LCD_SIZE 0x00001000
+
+#define MP_SRAM_BASE 0xC0000000
+#define MP_SRAM_SIZE 0x00020000
+
+#define MP_RAM_DEFAULT_SIZE 32*1024*1024
+#define MP_FLASH_SIZE_MAX 32*1024*1024
+
+#define MP_TIMER1_IRQ 4
+#define MP_TIMER2_IRQ 5
+#define MP_TIMER3_IRQ 6
+#define MP_TIMER4_IRQ 7
+#define MP_EHCI_IRQ 8
+#define MP_ETH_IRQ 9
+#define MP_UART1_IRQ 11
+#define MP_UART2_IRQ 11
+#define MP_GPIO_IRQ 12
+#define MP_RTC_IRQ 28
+#define MP_AUDIO_IRQ 30
+
+/* Wolfson 8750 I2C address */
+#define MP_WM_ADDR 0x1A
+
+/* Ethernet register offsets */
+#define MP_ETH_SMIR 0x010
+#define MP_ETH_PCXR 0x408
+#define MP_ETH_SDCMR 0x448
+#define MP_ETH_ICR 0x450
+#define MP_ETH_IMR 0x458
+#define MP_ETH_FRDP0 0x480
+#define MP_ETH_FRDP1 0x484
+#define MP_ETH_FRDP2 0x488
+#define MP_ETH_FRDP3 0x48C
+#define MP_ETH_CRDP0 0x4A0
+#define MP_ETH_CRDP1 0x4A4
+#define MP_ETH_CRDP2 0x4A8
+#define MP_ETH_CRDP3 0x4AC
+#define MP_ETH_CTDP0 0x4E0
+#define MP_ETH_CTDP1 0x4E4
+#define MP_ETH_CTDP2 0x4E8
+#define MP_ETH_CTDP3 0x4EC
+
+/* MII PHY access */
+#define MP_ETH_SMIR_DATA 0x0000FFFF
+#define MP_ETH_SMIR_ADDR 0x03FF0000
+#define MP_ETH_SMIR_OPCODE (1 << 26) /* Read value */
+#define MP_ETH_SMIR_RDVALID (1 << 27)
+
+/* PHY registers */
+#define MP_ETH_PHY1_BMSR 0x00210000
+#define MP_ETH_PHY1_PHYSID1 0x00410000
+#define MP_ETH_PHY1_PHYSID2 0x00610000
+
+#define MP_PHY_BMSR_LINK 0x0004
+#define MP_PHY_BMSR_AUTONEG 0x0008
+
+#define MP_PHY_88E3015 0x01410E20
+
+/* TX descriptor status */
+#define MP_ETH_TX_OWN (1 << 31)
+
+/* RX descriptor status */
+#define MP_ETH_RX_OWN (1 << 31)
+
+/* Interrupt cause/mask bits */
+#define MP_ETH_IRQ_RX_BIT 0
+#define MP_ETH_IRQ_RX (1 << MP_ETH_IRQ_RX_BIT)
+#define MP_ETH_IRQ_TXHI_BIT 2
+#define MP_ETH_IRQ_TXLO_BIT 3
+
+/* Port config bits */
+#define MP_ETH_PCXR_2BSM_BIT 28 /* 2-byte incoming suffix */
+
+/* SDMA command bits */
+#define MP_ETH_CMD_TXHI (1 << 23)
+#define MP_ETH_CMD_TXLO (1 << 22)
+
+typedef struct mv88w8618_tx_desc {
+ uint32_t cmdstat;
+ uint16_t res;
+ uint16_t bytes;
+ uint32_t buffer;
+ uint32_t next;
+} mv88w8618_tx_desc;
+
+typedef struct mv88w8618_rx_desc {
+ uint32_t cmdstat;
+ uint16_t bytes;
+ uint16_t buffer_size;
+ uint32_t buffer;
+ uint32_t next;
+} mv88w8618_rx_desc;
+
+#define TYPE_MV88W8618_ETH "mv88w8618_eth"
+#define MV88W8618_ETH(obj) \
+ OBJECT_CHECK(mv88w8618_eth_state, (obj), TYPE_MV88W8618_ETH)
+
+typedef struct mv88w8618_eth_state {
+ /*< private >*/
+ SysBusDevice parent_obj;
+ /*< public >*/
+
+ MemoryRegion iomem;
+ qemu_irq irq;
+ uint32_t smir;
+ uint32_t icr;
+ uint32_t imr;
+ int mmio_index;
+ uint32_t vlan_header;
+ uint32_t tx_queue[2];
+ uint32_t rx_queue[4];
+ uint32_t frx_queue[4];
+ uint32_t cur_rx[4];
+ NICState *nic;
+ NICConf conf;
+} mv88w8618_eth_state;
+
+static void eth_rx_desc_put(uint32_t addr, mv88w8618_rx_desc *desc)
+{
+ cpu_to_le32s(&desc->cmdstat);
+ cpu_to_le16s(&desc->bytes);
+ cpu_to_le16s(&desc->buffer_size);
+ cpu_to_le32s(&desc->buffer);
+ cpu_to_le32s(&desc->next);
+ cpu_physical_memory_write(addr, desc, sizeof(*desc));
+}
+
+static void eth_rx_desc_get(uint32_t addr, mv88w8618_rx_desc *desc)
+{
+ cpu_physical_memory_read(addr, desc, sizeof(*desc));
+ le32_to_cpus(&desc->cmdstat);
+ le16_to_cpus(&desc->bytes);
+ le16_to_cpus(&desc->buffer_size);
+ le32_to_cpus(&desc->buffer);
+ le32_to_cpus(&desc->next);
+}
+
+static int eth_can_receive(NetClientState *nc)
+{
+ return 1;
+}
+
+static ssize_t eth_receive(NetClientState *nc, const uint8_t *buf, size_t size)
+{
+ mv88w8618_eth_state *s = qemu_get_nic_opaque(nc);
+ uint32_t desc_addr;
+ mv88w8618_rx_desc desc;
+ int i;
+
+ for (i = 0; i < 4; i++) {
+ desc_addr = s->cur_rx[i];
+ if (!desc_addr) {
+ continue;
+ }
+ do {
+ eth_rx_desc_get(desc_addr, &desc);
+ if ((desc.cmdstat & MP_ETH_RX_OWN) && desc.buffer_size >= size) {
+ cpu_physical_memory_write(desc.buffer + s->vlan_header,
+ buf, size);
+ desc.bytes = size + s->vlan_header;
+ desc.cmdstat &= ~MP_ETH_RX_OWN;
+ s->cur_rx[i] = desc.next;
+
+ s->icr |= MP_ETH_IRQ_RX;
+ if (s->icr & s->imr) {
+ qemu_irq_raise(s->irq);
+ }
+ eth_rx_desc_put(desc_addr, &desc);
+ return size;
+ }
+ desc_addr = desc.next;
+ } while (desc_addr != s->rx_queue[i]);
+ }
+ return size;
+}
+
+static void eth_tx_desc_put(uint32_t addr, mv88w8618_tx_desc *desc)
+{
+ cpu_to_le32s(&desc->cmdstat);
+ cpu_to_le16s(&desc->res);
+ cpu_to_le16s(&desc->bytes);
+ cpu_to_le32s(&desc->buffer);
+ cpu_to_le32s(&desc->next);
+ cpu_physical_memory_write(addr, desc, sizeof(*desc));
+}
+
+static void eth_tx_desc_get(uint32_t addr, mv88w8618_tx_desc *desc)
+{
+ cpu_physical_memory_read(addr, desc, sizeof(*desc));
+ le32_to_cpus(&desc->cmdstat);
+ le16_to_cpus(&desc->res);
+ le16_to_cpus(&desc->bytes);
+ le32_to_cpus(&desc->buffer);
+ le32_to_cpus(&desc->next);
+}
+
+static void eth_send(mv88w8618_eth_state *s, int queue_index)
+{
+ uint32_t desc_addr = s->tx_queue[queue_index];
+ mv88w8618_tx_desc desc;
+ uint32_t next_desc;
+ uint8_t buf[2048];
+ int len;
+
+ do {
+ eth_tx_desc_get(desc_addr, &desc);
+ next_desc = desc.next;
+ if (desc.cmdstat & MP_ETH_TX_OWN) {
+ len = desc.bytes;
+ if (len < 2048) {
+ cpu_physical_memory_read(desc.buffer, buf, len);
+ qemu_send_packet(qemu_get_queue(s->nic), buf, len);
+ }
+ desc.cmdstat &= ~MP_ETH_TX_OWN;
+ s->icr |= 1 << (MP_ETH_IRQ_TXLO_BIT - queue_index);
+ eth_tx_desc_put(desc_addr, &desc);
+ }
+ desc_addr = next_desc;
+ } while (desc_addr != s->tx_queue[queue_index]);
+}
+
+static uint64_t mv88w8618_eth_read(void *opaque, hwaddr offset,
+ unsigned size)
+{
+ mv88w8618_eth_state *s = opaque;
+
+ switch (offset) {
+ case MP_ETH_SMIR:
+ if (s->smir & MP_ETH_SMIR_OPCODE) {
+ switch (s->smir & MP_ETH_SMIR_ADDR) {
+ case MP_ETH_PHY1_BMSR:
+ return MP_PHY_BMSR_LINK | MP_PHY_BMSR_AUTONEG |
+ MP_ETH_SMIR_RDVALID;
+ case MP_ETH_PHY1_PHYSID1:
+ return (MP_PHY_88E3015 >> 16) | MP_ETH_SMIR_RDVALID;
+ case MP_ETH_PHY1_PHYSID2:
+ return (MP_PHY_88E3015 & 0xFFFF) | MP_ETH_SMIR_RDVALID;
+ default:
+ return MP_ETH_SMIR_RDVALID;
+ }
+ }
+ return 0;
+
+ case MP_ETH_ICR:
+ return s->icr;
+
+ case MP_ETH_IMR:
+ return s->imr;
+
+ case MP_ETH_FRDP0 ... MP_ETH_FRDP3:
+ return s->frx_queue[(offset - MP_ETH_FRDP0)/4];
+
+ case MP_ETH_CRDP0 ... MP_ETH_CRDP3:
+ return s->rx_queue[(offset - MP_ETH_CRDP0)/4];
+
+ case MP_ETH_CTDP0 ... MP_ETH_CTDP3:
+ return s->tx_queue[(offset - MP_ETH_CTDP0)/4];
+
+ default:
+ return 0;
+ }
+}
+
+static void mv88w8618_eth_write(void *opaque, hwaddr offset,
+ uint64_t value, unsigned size)
+{
+ mv88w8618_eth_state *s = opaque;
+
+ switch (offset) {
+ case MP_ETH_SMIR:
+ s->smir = value;
+ break;
+
+ case MP_ETH_PCXR:
+ s->vlan_header = ((value >> MP_ETH_PCXR_2BSM_BIT) & 1) * 2;
+ break;
+
+ case MP_ETH_SDCMR:
+ if (value & MP_ETH_CMD_TXHI) {
+ eth_send(s, 1);
+ }
+ if (value & MP_ETH_CMD_TXLO) {
+ eth_send(s, 0);
+ }
+ if (value & (MP_ETH_CMD_TXHI | MP_ETH_CMD_TXLO) && s->icr & s->imr) {
+ qemu_irq_raise(s->irq);
+ }
+ break;
+
+ case MP_ETH_ICR:
+ s->icr &= value;
+ break;
+
+ case MP_ETH_IMR:
+ s->imr = value;
+ if (s->icr & s->imr) {
+ qemu_irq_raise(s->irq);
+ }
+ break;
+
+ case MP_ETH_FRDP0 ... MP_ETH_FRDP3:
+ s->frx_queue[(offset - MP_ETH_FRDP0)/4] = value;
+ break;
+
+ case MP_ETH_CRDP0 ... MP_ETH_CRDP3:
+ s->rx_queue[(offset - MP_ETH_CRDP0)/4] =
+ s->cur_rx[(offset - MP_ETH_CRDP0)/4] = value;
+ break;
+
+ case MP_ETH_CTDP0 ... MP_ETH_CTDP3:
+ s->tx_queue[(offset - MP_ETH_CTDP0)/4] = value;
+ break;
+ }
+}
+
+static const MemoryRegionOps mv88w8618_eth_ops = {
+ .read = mv88w8618_eth_read,
+ .write = mv88w8618_eth_write,
+ .endianness = DEVICE_NATIVE_ENDIAN,
+};
+
+static void eth_cleanup(NetClientState *nc)
+{
+ mv88w8618_eth_state *s = qemu_get_nic_opaque(nc);
+
+ s->nic = NULL;
+}
+
+static NetClientInfo net_mv88w8618_info = {
+ .type = NET_CLIENT_OPTIONS_KIND_NIC,
+ .size = sizeof(NICState),
+ .can_receive = eth_can_receive,
+ .receive = eth_receive,
+ .cleanup = eth_cleanup,
+};
+
+static int mv88w8618_eth_init(SysBusDevice *sbd)
+{
+ DeviceState *dev = DEVICE(sbd);
+ mv88w8618_eth_state *s = MV88W8618_ETH(dev);
+
+ sysbus_init_irq(sbd, &s->irq);
+ s->nic = qemu_new_nic(&net_mv88w8618_info, &s->conf,
+ object_get_typename(OBJECT(dev)), dev->id, s);
+ memory_region_init_io(&s->iomem, OBJECT(s), &mv88w8618_eth_ops, s,
+ "mv88w8618-eth", MP_ETH_SIZE);
+ sysbus_init_mmio(sbd, &s->iomem);
+ return 0;
+}
+
+static const VMStateDescription mv88w8618_eth_vmsd = {
+ .name = "mv88w8618_eth",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .minimum_version_id_old = 1,
+ .fields = (VMStateField[]) {
+ VMSTATE_UINT32(smir, mv88w8618_eth_state),
+ VMSTATE_UINT32(icr, mv88w8618_eth_state),
+ VMSTATE_UINT32(imr, mv88w8618_eth_state),
+ VMSTATE_UINT32(vlan_header, mv88w8618_eth_state),
+ VMSTATE_UINT32_ARRAY(tx_queue, mv88w8618_eth_state, 2),
+ VMSTATE_UINT32_ARRAY(rx_queue, mv88w8618_eth_state, 4),
+ VMSTATE_UINT32_ARRAY(frx_queue, mv88w8618_eth_state, 4),
+ VMSTATE_UINT32_ARRAY(cur_rx, mv88w8618_eth_state, 4),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+static Property mv88w8618_eth_properties[] = {
+ DEFINE_NIC_PROPERTIES(mv88w8618_eth_state, conf),
+ DEFINE_PROP_END_OF_LIST(),
+};
+
+static void mv88w8618_eth_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
+
+ k->init = mv88w8618_eth_init;
+ dc->vmsd = &mv88w8618_eth_vmsd;
+ dc->props = mv88w8618_eth_properties;
+}
+
+static const TypeInfo mv88w8618_eth_info = {
+ .name = TYPE_MV88W8618_ETH,
+ .parent = TYPE_SYS_BUS_DEVICE,
+ .instance_size = sizeof(mv88w8618_eth_state),
+ .class_init = mv88w8618_eth_class_init,
+};
+
+/* LCD register offsets */
+#define MP_LCD_IRQCTRL 0x180
+#define MP_LCD_IRQSTAT 0x184
+#define MP_LCD_SPICTRL 0x1ac
+#define MP_LCD_INST 0x1bc
+#define MP_LCD_DATA 0x1c0
+
+/* Mode magics */
+#define MP_LCD_SPI_DATA 0x00100011
+#define MP_LCD_SPI_CMD 0x00104011
+#define MP_LCD_SPI_INVALID 0x00000000
+
+/* Commmands */
+#define MP_LCD_INST_SETPAGE0 0xB0
+/* ... */
+#define MP_LCD_INST_SETPAGE7 0xB7
+
+#define MP_LCD_TEXTCOLOR 0xe0e0ff /* RRGGBB */
+
+#define TYPE_MUSICPAL_LCD "musicpal_lcd"
+#define MUSICPAL_LCD(obj) \
+ OBJECT_CHECK(musicpal_lcd_state, (obj), TYPE_MUSICPAL_LCD)
+
+typedef struct musicpal_lcd_state {
+ /*< private >*/
+ SysBusDevice parent_obj;
+ /*< public >*/
+
+ MemoryRegion iomem;
+ uint32_t brightness;
+ uint32_t mode;
+ uint32_t irqctrl;
+ uint32_t page;
+ uint32_t page_off;
+ QemuConsole *con;
+ uint8_t video_ram[128*64/8];
+} musicpal_lcd_state;
+
+static uint8_t scale_lcd_color(musicpal_lcd_state *s, uint8_t col)
+{
+ switch (s->brightness) {
+ case 7:
+ return col;
+ case 0:
+ return 0;
+ default:
+ return (col * s->brightness) / 7;
+ }
+}
+
+#define SET_LCD_PIXEL(depth, type) \
+static inline void glue(set_lcd_pixel, depth) \
+ (musicpal_lcd_state *s, int x, int y, type col) \
+{ \
+ int dx, dy; \
+ DisplaySurface *surface = qemu_console_surface(s->con); \
+ type *pixel = &((type *) surface_data(surface))[(y * 128 * 3 + x) * 3]; \
+\
+ for (dy = 0; dy < 3; dy++, pixel += 127 * 3) \
+ for (dx = 0; dx < 3; dx++, pixel++) \
+ *pixel = col; \
+}
+SET_LCD_PIXEL(8, uint8_t)
+SET_LCD_PIXEL(16, uint16_t)
+SET_LCD_PIXEL(32, uint32_t)
+
+static void lcd_refresh(void *opaque)
+{
+ musicpal_lcd_state *s = opaque;
+ DisplaySurface *surface = qemu_console_surface(s->con);
+ int x, y, col;
+
+ switch (surface_bits_per_pixel(surface)) {
+ case 0:
+ return;
+#define LCD_REFRESH(depth, func) \
+ case depth: \
+ col = func(scale_lcd_color(s, (MP_LCD_TEXTCOLOR >> 16) & 0xff), \
+ scale_lcd_color(s, (MP_LCD_TEXTCOLOR >> 8) & 0xff), \
+ scale_lcd_color(s, MP_LCD_TEXTCOLOR & 0xff)); \
+ for (x = 0; x < 128; x++) { \
+ for (y = 0; y < 64; y++) { \
+ if (s->video_ram[x + (y/8)*128] & (1 << (y % 8))) { \
+ glue(set_lcd_pixel, depth)(s, x, y, col); \
+ } else { \
+ glue(set_lcd_pixel, depth)(s, x, y, 0); \
+ } \
+ } \
+ } \
+ break;
+ LCD_REFRESH(8, rgb_to_pixel8)
+ LCD_REFRESH(16, rgb_to_pixel16)
+ LCD_REFRESH(32, (is_surface_bgr(surface) ?
+ rgb_to_pixel32bgr : rgb_to_pixel32))
+ default:
+ hw_error("unsupported colour depth %i\n",
+ surface_bits_per_pixel(surface));
+ }
+
+ dpy_gfx_update(s->con, 0, 0, 128*3, 64*3);
+}
+
+static void lcd_invalidate(void *opaque)
+{
+}
+
+static void musicpal_lcd_gpio_brightness_in(void *opaque, int irq, int level)
+{
+ musicpal_lcd_state *s = opaque;
+ s->brightness &= ~(1 << irq);
+ s->brightness |= level << irq;
+}
+
+static uint64_t musicpal_lcd_read(void *opaque, hwaddr offset,
+ unsigned size)
+{
+ musicpal_lcd_state *s = opaque;
+
+ switch (offset) {
+ case MP_LCD_IRQCTRL:
+ return s->irqctrl;
+
+ default:
+ return 0;
+ }
+}
+
+static void musicpal_lcd_write(void *opaque, hwaddr offset,
+ uint64_t value, unsigned size)
+{
+ musicpal_lcd_state *s = opaque;
+
+ switch (offset) {
+ case MP_LCD_IRQCTRL:
+ s->irqctrl = value;
+ break;
+
+ case MP_LCD_SPICTRL:
+ if (value == MP_LCD_SPI_DATA || value == MP_LCD_SPI_CMD) {
+ s->mode = value;
+ } else {
+ s->mode = MP_LCD_SPI_INVALID;
+ }
+ break;
+
+ case MP_LCD_INST:
+ if (value >= MP_LCD_INST_SETPAGE0 && value <= MP_LCD_INST_SETPAGE7) {
+ s->page = value - MP_LCD_INST_SETPAGE0;
+ s->page_off = 0;
+ }
+ break;
+
+ case MP_LCD_DATA:
+ if (s->mode == MP_LCD_SPI_CMD) {
+ if (value >= MP_LCD_INST_SETPAGE0 &&
+ value <= MP_LCD_INST_SETPAGE7) {
+ s->page = value - MP_LCD_INST_SETPAGE0;
+ s->page_off = 0;
+ }
+ } else if (s->mode == MP_LCD_SPI_DATA) {
+ s->video_ram[s->page*128 + s->page_off] = value;
+ s->page_off = (s->page_off + 1) & 127;
+ }
+ break;
+ }
+}
+
+static const MemoryRegionOps musicpal_lcd_ops = {
+ .read = musicpal_lcd_read,
+ .write = musicpal_lcd_write,
+ .endianness = DEVICE_NATIVE_ENDIAN,
+};
+
+static const GraphicHwOps musicpal_gfx_ops = {
+ .invalidate = lcd_invalidate,
+ .gfx_update = lcd_refresh,
+};
+
+static int musicpal_lcd_init(SysBusDevice *sbd)
+{
+ DeviceState *dev = DEVICE(sbd);
+ musicpal_lcd_state *s = MUSICPAL_LCD(dev);
+
+ s->brightness = 7;
+
+ memory_region_init_io(&s->iomem, OBJECT(s), &musicpal_lcd_ops, s,
+ "musicpal-lcd", MP_LCD_SIZE);
+ sysbus_init_mmio(sbd, &s->iomem);
+
+ s->con = graphic_console_init(dev, &musicpal_gfx_ops, s);
+ qemu_console_resize(s->con, 128*3, 64*3);
+
+ qdev_init_gpio_in(dev, musicpal_lcd_gpio_brightness_in, 3);
+
+ return 0;
+}
+
+static const VMStateDescription musicpal_lcd_vmsd = {
+ .name = "musicpal_lcd",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .minimum_version_id_old = 1,
+ .fields = (VMStateField[]) {
+ VMSTATE_UINT32(brightness, musicpal_lcd_state),
+ VMSTATE_UINT32(mode, musicpal_lcd_state),
+ VMSTATE_UINT32(irqctrl, musicpal_lcd_state),
+ VMSTATE_UINT32(page, musicpal_lcd_state),
+ VMSTATE_UINT32(page_off, musicpal_lcd_state),
+ VMSTATE_BUFFER(video_ram, musicpal_lcd_state),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+static void musicpal_lcd_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
+
+ k->init = musicpal_lcd_init;
+ dc->vmsd = &musicpal_lcd_vmsd;
+}
+
+static const TypeInfo musicpal_lcd_info = {
+ .name = TYPE_MUSICPAL_LCD,
+ .parent = TYPE_SYS_BUS_DEVICE,
+ .instance_size = sizeof(musicpal_lcd_state),
+ .class_init = musicpal_lcd_class_init,
+};
+
+/* PIC register offsets */
+#define MP_PIC_STATUS 0x00
+#define MP_PIC_ENABLE_SET 0x08
+#define MP_PIC_ENABLE_CLR 0x0C
+
+#define TYPE_MV88W8618_PIC "mv88w8618_pic"
+#define MV88W8618_PIC(obj) \
+ OBJECT_CHECK(mv88w8618_pic_state, (obj), TYPE_MV88W8618_PIC)
+
+typedef struct mv88w8618_pic_state {
+ /*< private >*/
+ SysBusDevice parent_obj;
+ /*< public >*/
+
+ MemoryRegion iomem;
+ uint32_t level;
+ uint32_t enabled;
+ qemu_irq parent_irq;
+} mv88w8618_pic_state;
+
+static void mv88w8618_pic_update(mv88w8618_pic_state *s)
+{
+ qemu_set_irq(s->parent_irq, (s->level & s->enabled));
+}
+
+static void mv88w8618_pic_set_irq(void *opaque, int irq, int level)
+{
+ mv88w8618_pic_state *s = opaque;
+
+ if (level) {
+ s->level |= 1 << irq;
+ } else {
+ s->level &= ~(1 << irq);
+ }
+ mv88w8618_pic_update(s);
+}
+
+static uint64_t mv88w8618_pic_read(void *opaque, hwaddr offset,
+ unsigned size)
+{
+ mv88w8618_pic_state *s = opaque;
+
+ switch (offset) {
+ case MP_PIC_STATUS:
+ return s->level & s->enabled;
+
+ default:
+ return 0;
+ }
+}
+
+static void mv88w8618_pic_write(void *opaque, hwaddr offset,
+ uint64_t value, unsigned size)
+{
+ mv88w8618_pic_state *s = opaque;
+
+ switch (offset) {
+ case MP_PIC_ENABLE_SET:
+ s->enabled |= value;
+ break;
+
+ case MP_PIC_ENABLE_CLR:
+ s->enabled &= ~value;
+ s->level &= ~value;
+ break;
+ }
+ mv88w8618_pic_update(s);
+}
+
+static void mv88w8618_pic_reset(DeviceState *d)
+{
+ mv88w8618_pic_state *s = MV88W8618_PIC(d);
+
+ s->level = 0;
+ s->enabled = 0;
+}
+
+static const MemoryRegionOps mv88w8618_pic_ops = {
+ .read = mv88w8618_pic_read,
+ .write = mv88w8618_pic_write,
+ .endianness = DEVICE_NATIVE_ENDIAN,
+};
+
+static int mv88w8618_pic_init(SysBusDevice *dev)
+{
+ mv88w8618_pic_state *s = MV88W8618_PIC(dev);
+
+ qdev_init_gpio_in(DEVICE(dev), mv88w8618_pic_set_irq, 32);
+ sysbus_init_irq(dev, &s->parent_irq);
+ memory_region_init_io(&s->iomem, OBJECT(s), &mv88w8618_pic_ops, s,
+ "musicpal-pic", MP_PIC_SIZE);
+ sysbus_init_mmio(dev, &s->iomem);
+ return 0;
+}
+
+static const VMStateDescription mv88w8618_pic_vmsd = {
+ .name = "mv88w8618_pic",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .minimum_version_id_old = 1,
+ .fields = (VMStateField[]) {
+ VMSTATE_UINT32(level, mv88w8618_pic_state),
+ VMSTATE_UINT32(enabled, mv88w8618_pic_state),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+static void mv88w8618_pic_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
+
+ k->init = mv88w8618_pic_init;
+ dc->reset = mv88w8618_pic_reset;
+ dc->vmsd = &mv88w8618_pic_vmsd;
+}
+
+static const TypeInfo mv88w8618_pic_info = {
+ .name = TYPE_MV88W8618_PIC,
+ .parent = TYPE_SYS_BUS_DEVICE,
+ .instance_size = sizeof(mv88w8618_pic_state),
+ .class_init = mv88w8618_pic_class_init,
+};
+
+/* PIT register offsets */
+#define MP_PIT_TIMER1_LENGTH 0x00
+/* ... */
+#define MP_PIT_TIMER4_LENGTH 0x0C
+#define MP_PIT_CONTROL 0x10
+#define MP_PIT_TIMER1_VALUE 0x14
+/* ... */
+#define MP_PIT_TIMER4_VALUE 0x20
+#define MP_BOARD_RESET 0x34
+
+/* Magic board reset value (probably some watchdog behind it) */
+#define MP_BOARD_RESET_MAGIC 0x10000
+
+typedef struct mv88w8618_timer_state {
+ ptimer_state *ptimer;
+ uint32_t limit;
+ int freq;
+ qemu_irq irq;
+} mv88w8618_timer_state;
+
+#define TYPE_MV88W8618_PIT "mv88w8618_pit"
+#define MV88W8618_PIT(obj) \
+ OBJECT_CHECK(mv88w8618_pit_state, (obj), TYPE_MV88W8618_PIT)
+
+typedef struct mv88w8618_pit_state {
+ /*< private >*/
+ SysBusDevice parent_obj;
+ /*< public >*/
+
+ MemoryRegion iomem;
+ mv88w8618_timer_state timer[4];
+} mv88w8618_pit_state;
+
+static void mv88w8618_timer_tick(void *opaque)
+{
+ mv88w8618_timer_state *s = opaque;
+
+ qemu_irq_raise(s->irq);
+}
+
+static void mv88w8618_timer_init(SysBusDevice *dev, mv88w8618_timer_state *s,
+ uint32_t freq)
+{
+ QEMUBH *bh;
+
+ sysbus_init_irq(dev, &s->irq);
+ s->freq = freq;
+
+ bh = qemu_bh_new(mv88w8618_timer_tick, s);
+ s->ptimer = ptimer_init(bh);
+}
+
+static uint64_t mv88w8618_pit_read(void *opaque, hwaddr offset,
+ unsigned size)
+{
+ mv88w8618_pit_state *s = opaque;
+ mv88w8618_timer_state *t;
+
+ switch (offset) {
+ case MP_PIT_TIMER1_VALUE ... MP_PIT_TIMER4_VALUE:
+ t = &s->timer[(offset-MP_PIT_TIMER1_VALUE) >> 2];
+ return ptimer_get_count(t->ptimer);
+
+ default:
+ return 0;
+ }
+}
+
+static void mv88w8618_pit_write(void *opaque, hwaddr offset,
+ uint64_t value, unsigned size)
+{
+ mv88w8618_pit_state *s = opaque;
+ mv88w8618_timer_state *t;
+ int i;
+
+ switch (offset) {
+ case MP_PIT_TIMER1_LENGTH ... MP_PIT_TIMER4_LENGTH:
+ t = &s->timer[offset >> 2];
+ t->limit = value;
+ if (t->limit > 0) {
+ ptimer_set_limit(t->ptimer, t->limit, 1);
+ } else {
+ ptimer_stop(t->ptimer);
+ }
+ break;
+
+ case MP_PIT_CONTROL:
+ for (i = 0; i < 4; i++) {
+ t = &s->timer[i];
+ if (value & 0xf && t->limit > 0) {
+ ptimer_set_limit(t->ptimer, t->limit, 0);
+ ptimer_set_freq(t->ptimer, t->freq);
+ ptimer_run(t->ptimer, 0);
+ } else {
+ ptimer_stop(t->ptimer);
+ }
+ value >>= 4;
+ }
+ break;
+
+ case MP_BOARD_RESET:
+ if (value == MP_BOARD_RESET_MAGIC) {
+ qemu_system_reset_request();
+ }
+ break;
+ }
+}
+
+static void mv88w8618_pit_reset(DeviceState *d)
+{
+ mv88w8618_pit_state *s = MV88W8618_PIT(d);
+ int i;
+
+ for (i = 0; i < 4; i++) {
+ ptimer_stop(s->timer[i].ptimer);
+ s->timer[i].limit = 0;
+ }
+}
+
+static const MemoryRegionOps mv88w8618_pit_ops = {
+ .read = mv88w8618_pit_read,
+ .write = mv88w8618_pit_write,
+ .endianness = DEVICE_NATIVE_ENDIAN,
+};
+
+static int mv88w8618_pit_init(SysBusDevice *dev)
+{
+ mv88w8618_pit_state *s = MV88W8618_PIT(dev);
+ int i;
+
+ /* Letting them all run at 1 MHz is likely just a pragmatic
+ * simplification. */
+ for (i = 0; i < 4; i++) {
+ mv88w8618_timer_init(dev, &s->timer[i], 1000000);
+ }
+
+ memory_region_init_io(&s->iomem, OBJECT(s), &mv88w8618_pit_ops, s,
+ "musicpal-pit", MP_PIT_SIZE);
+ sysbus_init_mmio(dev, &s->iomem);
+ return 0;
+}
+
+static const VMStateDescription mv88w8618_timer_vmsd = {
+ .name = "timer",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .minimum_version_id_old = 1,
+ .fields = (VMStateField[]) {
+ VMSTATE_PTIMER(ptimer, mv88w8618_timer_state),
+ VMSTATE_UINT32(limit, mv88w8618_timer_state),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+static const VMStateDescription mv88w8618_pit_vmsd = {
+ .name = "mv88w8618_pit",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .minimum_version_id_old = 1,
+ .fields = (VMStateField[]) {
+ VMSTATE_STRUCT_ARRAY(timer, mv88w8618_pit_state, 4, 1,
+ mv88w8618_timer_vmsd, mv88w8618_timer_state),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+static void mv88w8618_pit_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
+
+ k->init = mv88w8618_pit_init;
+ dc->reset = mv88w8618_pit_reset;
+ dc->vmsd = &mv88w8618_pit_vmsd;
+}
+
+static const TypeInfo mv88w8618_pit_info = {
+ .name = TYPE_MV88W8618_PIT,
+ .parent = TYPE_SYS_BUS_DEVICE,
+ .instance_size = sizeof(mv88w8618_pit_state),
+ .class_init = mv88w8618_pit_class_init,
+};
+
+/* Flash config register offsets */
+#define MP_FLASHCFG_CFGR0 0x04
+
+#define TYPE_MV88W8618_FLASHCFG "mv88w8618_flashcfg"
+#define MV88W8618_FLASHCFG(obj) \
+ OBJECT_CHECK(mv88w8618_flashcfg_state, (obj), TYPE_MV88W8618_FLASHCFG)
+
+typedef struct mv88w8618_flashcfg_state {
+ /*< private >*/
+ SysBusDevice parent_obj;
+ /*< public >*/
+
+ MemoryRegion iomem;
+ uint32_t cfgr0;
+} mv88w8618_flashcfg_state;
+
+static uint64_t mv88w8618_flashcfg_read(void *opaque,
+ hwaddr offset,
+ unsigned size)
+{
+ mv88w8618_flashcfg_state *s = opaque;
+
+ switch (offset) {
+ case MP_FLASHCFG_CFGR0:
+ return s->cfgr0;
+
+ default:
+ return 0;
+ }
+}
+
+static void mv88w8618_flashcfg_write(void *opaque, hwaddr offset,
+ uint64_t value, unsigned size)
+{
+ mv88w8618_flashcfg_state *s = opaque;
+
+ switch (offset) {
+ case MP_FLASHCFG_CFGR0:
+ s->cfgr0 = value;
+ break;
+ }
+}
+
+static const MemoryRegionOps mv88w8618_flashcfg_ops = {
+ .read = mv88w8618_flashcfg_read,
+ .write = mv88w8618_flashcfg_write,
+ .endianness = DEVICE_NATIVE_ENDIAN,
+};
+
+static int mv88w8618_flashcfg_init(SysBusDevice *dev)
+{
+ mv88w8618_flashcfg_state *s = MV88W8618_FLASHCFG(dev);
+
+ s->cfgr0 = 0xfffe4285; /* Default as set by U-Boot for 8 MB flash */
+ memory_region_init_io(&s->iomem, OBJECT(s), &mv88w8618_flashcfg_ops, s,
+ "musicpal-flashcfg", MP_FLASHCFG_SIZE);
+ sysbus_init_mmio(dev, &s->iomem);
+ return 0;
+}
+
+static const VMStateDescription mv88w8618_flashcfg_vmsd = {
+ .name = "mv88w8618_flashcfg",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .minimum_version_id_old = 1,
+ .fields = (VMStateField[]) {
+ VMSTATE_UINT32(cfgr0, mv88w8618_flashcfg_state),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+static void mv88w8618_flashcfg_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
+
+ k->init = mv88w8618_flashcfg_init;
+ dc->vmsd = &mv88w8618_flashcfg_vmsd;
+}
+
+static const TypeInfo mv88w8618_flashcfg_info = {
+ .name = TYPE_MV88W8618_FLASHCFG,
+ .parent = TYPE_SYS_BUS_DEVICE,
+ .instance_size = sizeof(mv88w8618_flashcfg_state),
+ .class_init = mv88w8618_flashcfg_class_init,
+};
+
+/* Misc register offsets */
+#define MP_MISC_BOARD_REVISION 0x18
+
+#define MP_BOARD_REVISION 0x31
+
+typedef struct {
+ SysBusDevice parent_obj;
+ MemoryRegion iomem;
+} MusicPalMiscState;
+
+#define TYPE_MUSICPAL_MISC "musicpal-misc"
+#define MUSICPAL_MISC(obj) \
+ OBJECT_CHECK(MusicPalMiscState, (obj), TYPE_MUSICPAL_MISC)
+
+static uint64_t musicpal_misc_read(void *opaque, hwaddr offset,
+ unsigned size)
+{
+ switch (offset) {
+ case MP_MISC_BOARD_REVISION:
+ return MP_BOARD_REVISION;
+
+ default:
+ return 0;
+ }
+}
+
+static void musicpal_misc_write(void *opaque, hwaddr offset,
+ uint64_t value, unsigned size)
+{
+}
+
+static const MemoryRegionOps musicpal_misc_ops = {
+ .read = musicpal_misc_read,
+ .write = musicpal_misc_write,
+ .endianness = DEVICE_NATIVE_ENDIAN,
+};
+
+static void musicpal_misc_init(Object *obj)
+{
+ SysBusDevice *sd = SYS_BUS_DEVICE(obj);
+ MusicPalMiscState *s = MUSICPAL_MISC(obj);
+
+ memory_region_init_io(&s->iomem, OBJECT(s), &musicpal_misc_ops, NULL,
+ "musicpal-misc", MP_MISC_SIZE);
+ sysbus_init_mmio(sd, &s->iomem);
+}
+
+static const TypeInfo musicpal_misc_info = {
+ .name = TYPE_MUSICPAL_MISC,
+ .parent = TYPE_SYS_BUS_DEVICE,
+ .instance_init = musicpal_misc_init,
+ .instance_size = sizeof(MusicPalMiscState),
+};
+
+/* WLAN register offsets */
+#define MP_WLAN_MAGIC1 0x11c
+#define MP_WLAN_MAGIC2 0x124
+
+static uint64_t mv88w8618_wlan_read(void *opaque, hwaddr offset,
+ unsigned size)
+{
+ switch (offset) {
+ /* Workaround to allow loading the binary-only wlandrv.ko crap
+ * from the original Freecom firmware. */
+ case MP_WLAN_MAGIC1:
+ return ~3;
+ case MP_WLAN_MAGIC2:
+ return -1;
+
+ default:
+ return 0;
+ }
+}
+
+static void mv88w8618_wlan_write(void *opaque, hwaddr offset,
+ uint64_t value, unsigned size)
+{
+}
+
+static const MemoryRegionOps mv88w8618_wlan_ops = {
+ .read = mv88w8618_wlan_read,
+ .write =mv88w8618_wlan_write,
+ .endianness = DEVICE_NATIVE_ENDIAN,
+};
+
+static int mv88w8618_wlan_init(SysBusDevice *dev)
+{
+ MemoryRegion *iomem = g_new(MemoryRegion, 1);
+
+ memory_region_init_io(iomem, OBJECT(dev), &mv88w8618_wlan_ops, NULL,
+ "musicpal-wlan", MP_WLAN_SIZE);
+ sysbus_init_mmio(dev, iomem);
+ return 0;
+}
+
+/* GPIO register offsets */
+#define MP_GPIO_OE_LO 0x008
+#define MP_GPIO_OUT_LO 0x00c
+#define MP_GPIO_IN_LO 0x010
+#define MP_GPIO_IER_LO 0x014
+#define MP_GPIO_IMR_LO 0x018
+#define MP_GPIO_ISR_LO 0x020
+#define MP_GPIO_OE_HI 0x508
+#define MP_GPIO_OUT_HI 0x50c
+#define MP_GPIO_IN_HI 0x510
+#define MP_GPIO_IER_HI 0x514
+#define MP_GPIO_IMR_HI 0x518
+#define MP_GPIO_ISR_HI 0x520
+
+/* GPIO bits & masks */
+#define MP_GPIO_LCD_BRIGHTNESS 0x00070000
+#define MP_GPIO_I2C_DATA_BIT 29
+#define MP_GPIO_I2C_CLOCK_BIT 30
+
+/* LCD brightness bits in GPIO_OE_HI */
+#define MP_OE_LCD_BRIGHTNESS 0x0007
+
+#define TYPE_MUSICPAL_GPIO "musicpal_gpio"
+#define MUSICPAL_GPIO(obj) \
+ OBJECT_CHECK(musicpal_gpio_state, (obj), TYPE_MUSICPAL_GPIO)
+
+typedef struct musicpal_gpio_state {
+ /*< private >*/
+ SysBusDevice parent_obj;
+ /*< public >*/
+
+ MemoryRegion iomem;
+ uint32_t lcd_brightness;
+ uint32_t out_state;
+ uint32_t in_state;
+ uint32_t ier;
+ uint32_t imr;
+ uint32_t isr;
+ qemu_irq irq;
+ qemu_irq out[5]; /* 3 brightness out + 2 lcd (data and clock ) */
+} musicpal_gpio_state;
+
+static void musicpal_gpio_brightness_update(musicpal_gpio_state *s) {
+ int i;
+ uint32_t brightness;
+
+ /* compute brightness ratio */
+ switch (s->lcd_brightness) {
+ case 0x00000007:
+ brightness = 0;
+ break;
+
+ case 0x00020000:
+ brightness = 1;
+ break;
+
+ case 0x00020001:
+ brightness = 2;
+ break;
+
+ case 0x00040000:
+ brightness = 3;
+ break;
+
+ case 0x00010006:
+ brightness = 4;
+ break;
+
+ case 0x00020005:
+ brightness = 5;
+ break;
+
+ case 0x00040003:
+ brightness = 6;
+ break;
+
+ case 0x00030004:
+ default:
+ brightness = 7;
+ }
+
+ /* set lcd brightness GPIOs */
+ for (i = 0; i <= 2; i++) {
+ qemu_set_irq(s->out[i], (brightness >> i) & 1);
+ }
+}
+
+static void musicpal_gpio_pin_event(void *opaque, int pin, int level)
+{
+ musicpal_gpio_state *s = opaque;
+ uint32_t mask = 1 << pin;
+ uint32_t delta = level << pin;
+ uint32_t old = s->in_state & mask;
+
+ s->in_state &= ~mask;
+ s->in_state |= delta;
+
+ if ((old ^ delta) &&
+ ((level && (s->imr & mask)) || (!level && (s->ier & mask)))) {
+ s->isr = mask;
+ qemu_irq_raise(s->irq);
+ }
+}
+
+static uint64_t musicpal_gpio_read(void *opaque, hwaddr offset,
+ unsigned size)
+{
+ musicpal_gpio_state *s = opaque;
+
+ switch (offset) {
+ case MP_GPIO_OE_HI: /* used for LCD brightness control */
+ return s->lcd_brightness & MP_OE_LCD_BRIGHTNESS;
+
+ case MP_GPIO_OUT_LO:
+ return s->out_state & 0xFFFF;
+ case MP_GPIO_OUT_HI:
+ return s->out_state >> 16;
+
+ case MP_GPIO_IN_LO:
+ return s->in_state & 0xFFFF;
+ case MP_GPIO_IN_HI:
+ return s->in_state >> 16;
+
+ case MP_GPIO_IER_LO:
+ return s->ier & 0xFFFF;
+ case MP_GPIO_IER_HI:
+ return s->ier >> 16;
+
+ case MP_GPIO_IMR_LO:
+ return s->imr & 0xFFFF;
+ case MP_GPIO_IMR_HI:
+ return s->imr >> 16;
+
+ case MP_GPIO_ISR_LO:
+ return s->isr & 0xFFFF;
+ case MP_GPIO_ISR_HI:
+ return s->isr >> 16;
+
+ default:
+ return 0;
+ }
+}
+
+static void musicpal_gpio_write(void *opaque, hwaddr offset,
+ uint64_t value, unsigned size)
+{
+ musicpal_gpio_state *s = opaque;
+ switch (offset) {
+ case MP_GPIO_OE_HI: /* used for LCD brightness control */
+ s->lcd_brightness = (s->lcd_brightness & MP_GPIO_LCD_BRIGHTNESS) |
+ (value & MP_OE_LCD_BRIGHTNESS);
+ musicpal_gpio_brightness_update(s);
+ break;
+
+ case MP_GPIO_OUT_LO:
+ s->out_state = (s->out_state & 0xFFFF0000) | (value & 0xFFFF);
+ break;
+ case MP_GPIO_OUT_HI:
+ s->out_state = (s->out_state & 0xFFFF) | (value << 16);
+ s->lcd_brightness = (s->lcd_brightness & 0xFFFF) |
+ (s->out_state & MP_GPIO_LCD_BRIGHTNESS);
+ musicpal_gpio_brightness_update(s);
+ qemu_set_irq(s->out[3], (s->out_state >> MP_GPIO_I2C_DATA_BIT) & 1);
+ qemu_set_irq(s->out[4], (s->out_state >> MP_GPIO_I2C_CLOCK_BIT) & 1);
+ break;
+
+ case MP_GPIO_IER_LO:
+ s->ier = (s->ier & 0xFFFF0000) | (value & 0xFFFF);
+ break;
+ case MP_GPIO_IER_HI:
+ s->ier = (s->ier & 0xFFFF) | (value << 16);
+ break;
+
+ case MP_GPIO_IMR_LO:
+ s->imr = (s->imr & 0xFFFF0000) | (value & 0xFFFF);
+ break;
+ case MP_GPIO_IMR_HI:
+ s->imr = (s->imr & 0xFFFF) | (value << 16);
+ break;
+ }
+}
+
+static const MemoryRegionOps musicpal_gpio_ops = {
+ .read = musicpal_gpio_read,
+ .write = musicpal_gpio_write,
+ .endianness = DEVICE_NATIVE_ENDIAN,
+};
+
+static void musicpal_gpio_reset(DeviceState *d)
+{
+ musicpal_gpio_state *s = MUSICPAL_GPIO(d);
+
+ s->lcd_brightness = 0;
+ s->out_state = 0;
+ s->in_state = 0xffffffff;
+ s->ier = 0;
+ s->imr = 0;
+ s->isr = 0;
+}
+
+static int musicpal_gpio_init(SysBusDevice *sbd)
+{
+ DeviceState *dev = DEVICE(sbd);
+ musicpal_gpio_state *s = MUSICPAL_GPIO(dev);
+
+ sysbus_init_irq(sbd, &s->irq);
+
+ memory_region_init_io(&s->iomem, OBJECT(s), &musicpal_gpio_ops, s,
+ "musicpal-gpio", MP_GPIO_SIZE);
+ sysbus_init_mmio(sbd, &s->iomem);
+
+ qdev_init_gpio_out(dev, s->out, ARRAY_SIZE(s->out));
+
+ qdev_init_gpio_in(dev, musicpal_gpio_pin_event, 32);
+
+ return 0;
+}
+
+static const VMStateDescription musicpal_gpio_vmsd = {
+ .name = "musicpal_gpio",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .minimum_version_id_old = 1,
+ .fields = (VMStateField[]) {
+ VMSTATE_UINT32(lcd_brightness, musicpal_gpio_state),
+ VMSTATE_UINT32(out_state, musicpal_gpio_state),
+ VMSTATE_UINT32(in_state, musicpal_gpio_state),
+ VMSTATE_UINT32(ier, musicpal_gpio_state),
+ VMSTATE_UINT32(imr, musicpal_gpio_state),
+ VMSTATE_UINT32(isr, musicpal_gpio_state),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+static void musicpal_gpio_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
+
+ k->init = musicpal_gpio_init;
+ dc->reset = musicpal_gpio_reset;
+ dc->vmsd = &musicpal_gpio_vmsd;
+}
+
+static const TypeInfo musicpal_gpio_info = {
+ .name = TYPE_MUSICPAL_GPIO,
+ .parent = TYPE_SYS_BUS_DEVICE,
+ .instance_size = sizeof(musicpal_gpio_state),
+ .class_init = musicpal_gpio_class_init,
+};
+
+/* Keyboard codes & masks */
+#define KEY_RELEASED 0x80
+#define KEY_CODE 0x7f
+
+#define KEYCODE_TAB 0x0f
+#define KEYCODE_ENTER 0x1c
+#define KEYCODE_F 0x21
+#define KEYCODE_M 0x32
+
+#define KEYCODE_EXTENDED 0xe0
+#define KEYCODE_UP 0x48
+#define KEYCODE_DOWN 0x50
+#define KEYCODE_LEFT 0x4b
+#define KEYCODE_RIGHT 0x4d
+
+#define MP_KEY_WHEEL_VOL (1 << 0)
+#define MP_KEY_WHEEL_VOL_INV (1 << 1)
+#define MP_KEY_WHEEL_NAV (1 << 2)
+#define MP_KEY_WHEEL_NAV_INV (1 << 3)
+#define MP_KEY_BTN_FAVORITS (1 << 4)
+#define MP_KEY_BTN_MENU (1 << 5)
+#define MP_KEY_BTN_VOLUME (1 << 6)
+#define MP_KEY_BTN_NAVIGATION (1 << 7)
+
+#define TYPE_MUSICPAL_KEY "musicpal_key"
+#define MUSICPAL_KEY(obj) \
+ OBJECT_CHECK(musicpal_key_state, (obj), TYPE_MUSICPAL_KEY)
+
+typedef struct musicpal_key_state {
+ /*< private >*/
+ SysBusDevice parent_obj;
+ /*< public >*/
+
+ MemoryRegion iomem;
+ uint32_t kbd_extended;
+ uint32_t pressed_keys;
+ qemu_irq out[8];
+} musicpal_key_state;
+
+static void musicpal_key_event(void *opaque, int keycode)
+{
+ musicpal_key_state *s = opaque;
+ uint32_t event = 0;
+ int i;
+
+ if (keycode == KEYCODE_EXTENDED) {
+ s->kbd_extended = 1;
+ return;
+ }
+
+ if (s->kbd_extended) {
+ switch (keycode & KEY_CODE) {
+ case KEYCODE_UP:
+ event = MP_KEY_WHEEL_NAV | MP_KEY_WHEEL_NAV_INV;
+ break;
+
+ case KEYCODE_DOWN:
+ event = MP_KEY_WHEEL_NAV;
+ break;
+
+ case KEYCODE_LEFT:
+ event = MP_KEY_WHEEL_VOL | MP_KEY_WHEEL_VOL_INV;
+ break;
+
+ case KEYCODE_RIGHT:
+ event = MP_KEY_WHEEL_VOL;
+ break;
+ }
+ } else {
+ switch (keycode & KEY_CODE) {
+ case KEYCODE_F:
+ event = MP_KEY_BTN_FAVORITS;
+ break;
+
+ case KEYCODE_TAB:
+ event = MP_KEY_BTN_VOLUME;
+ break;
+
+ case KEYCODE_ENTER:
+ event = MP_KEY_BTN_NAVIGATION;
+ break;
+
+ case KEYCODE_M:
+ event = MP_KEY_BTN_MENU;
+ break;
+ }
+ /* Do not repeat already pressed buttons */
+ if (!(keycode & KEY_RELEASED) && (s->pressed_keys & event)) {
+ event = 0;
+ }
+ }
+
+ if (event) {
+ /* Raise GPIO pin first if repeating a key */
+ if (!(keycode & KEY_RELEASED) && (s->pressed_keys & event)) {
+ for (i = 0; i <= 7; i++) {
+ if (event & (1 << i)) {
+ qemu_set_irq(s->out[i], 1);
+ }
+ }
+ }
+ for (i = 0; i <= 7; i++) {
+ if (event & (1 << i)) {
+ qemu_set_irq(s->out[i], !!(keycode & KEY_RELEASED));
+ }
+ }
+ if (keycode & KEY_RELEASED) {
+ s->pressed_keys &= ~event;
+ } else {
+ s->pressed_keys |= event;
+ }
+ }
+
+ s->kbd_extended = 0;
+}
+
+static int musicpal_key_init(SysBusDevice *sbd)
+{
+ DeviceState *dev = DEVICE(sbd);
+ musicpal_key_state *s = MUSICPAL_KEY(dev);
+
+ memory_region_init(&s->iomem, OBJECT(s), "dummy", 0);
+ sysbus_init_mmio(sbd, &s->iomem);
+
+ s->kbd_extended = 0;
+ s->pressed_keys = 0;
+
+ qdev_init_gpio_out(dev, s->out, ARRAY_SIZE(s->out));
+
+ qemu_add_kbd_event_handler(musicpal_key_event, s);
+
+ return 0;
+}
+
+static const VMStateDescription musicpal_key_vmsd = {
+ .name = "musicpal_key",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .minimum_version_id_old = 1,
+ .fields = (VMStateField[]) {
+ VMSTATE_UINT32(kbd_extended, musicpal_key_state),
+ VMSTATE_UINT32(pressed_keys, musicpal_key_state),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+static void musicpal_key_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
+
+ k->init = musicpal_key_init;
+ dc->vmsd = &musicpal_key_vmsd;
+}
+
+static const TypeInfo musicpal_key_info = {
+ .name = TYPE_MUSICPAL_KEY,
+ .parent = TYPE_SYS_BUS_DEVICE,
+ .instance_size = sizeof(musicpal_key_state),
+ .class_init = musicpal_key_class_init,
+};
+
+static struct arm_boot_info musicpal_binfo = {
+ .loader_start = 0x0,
+ .board_id = 0x20e,
+};
+
+static void musicpal_init(QEMUMachineInitArgs *args)
+{
+ const char *cpu_model = args->cpu_model;
+ const char *kernel_filename = args->kernel_filename;
+ const char *kernel_cmdline = args->kernel_cmdline;
+ const char *initrd_filename = args->initrd_filename;
+ ARMCPU *cpu;
+ qemu_irq *cpu_pic;
+ qemu_irq pic[32];
+ DeviceState *dev;
+ DeviceState *i2c_dev;
+ DeviceState *lcd_dev;
+ DeviceState *key_dev;
+ DeviceState *wm8750_dev;
+ SysBusDevice *s;
+ i2c_bus *i2c;
+ int i;
+ unsigned long flash_size;
+ DriveInfo *dinfo;
+ MemoryRegion *address_space_mem = get_system_memory();
+ MemoryRegion *ram = g_new(MemoryRegion, 1);
+ MemoryRegion *sram = g_new(MemoryRegion, 1);
+
+ if (!cpu_model) {
+ cpu_model = "arm926";
+ }
+ cpu = cpu_arm_init(cpu_model);
+ if (!cpu) {
+ fprintf(stderr, "Unable to find CPU definition\n");
+ exit(1);
+ }
+ cpu_pic = arm_pic_init_cpu(cpu);
+
+ /* For now we use a fixed - the original - RAM size */
+ memory_region_init_ram(ram, NULL, "musicpal.ram", MP_RAM_DEFAULT_SIZE);
+ vmstate_register_ram_global(ram);
+ memory_region_add_subregion(address_space_mem, 0, ram);
+
+ memory_region_init_ram(sram, NULL, "musicpal.sram", MP_SRAM_SIZE);
+ vmstate_register_ram_global(sram);
+ memory_region_add_subregion(address_space_mem, MP_SRAM_BASE, sram);
+
+ dev = sysbus_create_simple(TYPE_MV88W8618_PIC, MP_PIC_BASE,
+ cpu_pic[ARM_PIC_CPU_IRQ]);
+ for (i = 0; i < 32; i++) {
+ pic[i] = qdev_get_gpio_in(dev, i);
+ }
+ sysbus_create_varargs(TYPE_MV88W8618_PIT, MP_PIT_BASE, pic[MP_TIMER1_IRQ],
+ pic[MP_TIMER2_IRQ], pic[MP_TIMER3_IRQ],
+ pic[MP_TIMER4_IRQ], NULL);
+
+ if (serial_hds[0]) {
+ serial_mm_init(address_space_mem, MP_UART1_BASE, 2, pic[MP_UART1_IRQ],
+ 1825000, serial_hds[0], DEVICE_NATIVE_ENDIAN);
+ }
+ if (serial_hds[1]) {
+ serial_mm_init(address_space_mem, MP_UART2_BASE, 2, pic[MP_UART2_IRQ],
+ 1825000, serial_hds[1], DEVICE_NATIVE_ENDIAN);
+ }
+
+ /* Register flash */
+ dinfo = drive_get(IF_PFLASH, 0, 0);
+ if (dinfo) {
+ flash_size = bdrv_getlength(dinfo->bdrv);
+ if (flash_size != 8*1024*1024 && flash_size != 16*1024*1024 &&
+ flash_size != 32*1024*1024) {
+ fprintf(stderr, "Invalid flash image size\n");
+ exit(1);
+ }
+
+ /*
+ * The original U-Boot accesses the flash at 0xFE000000 instead of
+ * 0xFF800000 (if there is 8 MB flash). So remap flash access if the
+ * image is smaller than 32 MB.
+ */
+#ifdef TARGET_WORDS_BIGENDIAN
+ pflash_cfi02_register(0x100000000ULL-MP_FLASH_SIZE_MAX, NULL,
+ "musicpal.flash", flash_size,
+ dinfo->bdrv, 0x10000,
+ (flash_size + 0xffff) >> 16,
+ MP_FLASH_SIZE_MAX / flash_size,
+ 2, 0x00BF, 0x236D, 0x0000, 0x0000,
+ 0x5555, 0x2AAA, 1);
+#else
+ pflash_cfi02_register(0x100000000ULL-MP_FLASH_SIZE_MAX, NULL,
+ "musicpal.flash", flash_size,
+ dinfo->bdrv, 0x10000,
+ (flash_size + 0xffff) >> 16,
+ MP_FLASH_SIZE_MAX / flash_size,
+ 2, 0x00BF, 0x236D, 0x0000, 0x0000,
+ 0x5555, 0x2AAA, 0);
+#endif
+
+ }
+ sysbus_create_simple(TYPE_MV88W8618_FLASHCFG, MP_FLASHCFG_BASE, NULL);
+
+ qemu_check_nic_model(&nd_table[0], "mv88w8618");
+ dev = qdev_create(NULL, TYPE_MV88W8618_ETH);
+ qdev_set_nic_properties(dev, &nd_table[0]);
+ qdev_init_nofail(dev);
+ sysbus_mmio_map(SYS_BUS_DEVICE(dev), 0, MP_ETH_BASE);
+ sysbus_connect_irq(SYS_BUS_DEVICE(dev), 0, pic[MP_ETH_IRQ]);
+
+ sysbus_create_simple("mv88w8618_wlan", MP_WLAN_BASE, NULL);
+
+ sysbus_create_simple(TYPE_MUSICPAL_MISC, MP_MISC_BASE, NULL);
+
+ dev = sysbus_create_simple(TYPE_MUSICPAL_GPIO, MP_GPIO_BASE,
+ pic[MP_GPIO_IRQ]);
+ i2c_dev = sysbus_create_simple("gpio_i2c", -1, NULL);
+ i2c = (i2c_bus *)qdev_get_child_bus(i2c_dev, "i2c");
+
+ lcd_dev = sysbus_create_simple(TYPE_MUSICPAL_LCD, MP_LCD_BASE, NULL);
+ key_dev = sysbus_create_simple(TYPE_MUSICPAL_KEY, -1, NULL);
+
+ /* I2C read data */
+ qdev_connect_gpio_out(i2c_dev, 0,
+ qdev_get_gpio_in(dev, MP_GPIO_I2C_DATA_BIT));
+ /* I2C data */
+ qdev_connect_gpio_out(dev, 3, qdev_get_gpio_in(i2c_dev, 0));
+ /* I2C clock */
+ qdev_connect_gpio_out(dev, 4, qdev_get_gpio_in(i2c_dev, 1));
+
+ for (i = 0; i < 3; i++) {
+ qdev_connect_gpio_out(dev, i, qdev_get_gpio_in(lcd_dev, i));
+ }
+ for (i = 0; i < 4; i++) {
+ qdev_connect_gpio_out(key_dev, i, qdev_get_gpio_in(dev, i + 8));
+ }
+ for (i = 4; i < 8; i++) {
+ qdev_connect_gpio_out(key_dev, i, qdev_get_gpio_in(dev, i + 15));
+ }
+
+ wm8750_dev = i2c_create_slave(i2c, "wm8750", MP_WM_ADDR);
+ dev = qdev_create(NULL, "mv88w8618_audio");
+ s = SYS_BUS_DEVICE(dev);
+ qdev_prop_set_ptr(dev, "wm8750", wm8750_dev);
+ qdev_init_nofail(dev);
+ sysbus_mmio_map(s, 0, MP_AUDIO_BASE);
+ sysbus_connect_irq(s, 0, pic[MP_AUDIO_IRQ]);
+
+ musicpal_binfo.ram_size = MP_RAM_DEFAULT_SIZE;
+ musicpal_binfo.kernel_filename = kernel_filename;
+ musicpal_binfo.kernel_cmdline = kernel_cmdline;
+ musicpal_binfo.initrd_filename = initrd_filename;
+ arm_load_kernel(cpu, &musicpal_binfo);
+}
+
+static QEMUMachine musicpal_machine = {
+ .name = "musicpal",
+ .desc = "Marvell 88w8618 / MusicPal (ARM926EJ-S)",
+ .init = musicpal_init,
+ DEFAULT_MACHINE_OPTIONS,
+};
+
+static void musicpal_machine_init(void)
+{
+ qemu_register_machine(&musicpal_machine);
+}
+
+machine_init(musicpal_machine_init);
+
+static void mv88w8618_wlan_class_init(ObjectClass *klass, void *data)
+{
+ SysBusDeviceClass *sdc = SYS_BUS_DEVICE_CLASS(klass);
+
+ sdc->init = mv88w8618_wlan_init;
+}
+
+static const TypeInfo mv88w8618_wlan_info = {
+ .name = "mv88w8618_wlan",
+ .parent = TYPE_SYS_BUS_DEVICE,
+ .instance_size = sizeof(SysBusDevice),
+ .class_init = mv88w8618_wlan_class_init,
+};
+
+static void musicpal_register_types(void)
+{
+ type_register_static(&mv88w8618_pic_info);
+ type_register_static(&mv88w8618_pit_info);
+ type_register_static(&mv88w8618_flashcfg_info);
+ type_register_static(&mv88w8618_eth_info);
+ type_register_static(&mv88w8618_wlan_info);
+ type_register_static(&musicpal_lcd_info);
+ type_register_static(&musicpal_gpio_info);
+ type_register_static(&musicpal_key_info);
+ type_register_static(&musicpal_misc_info);
+}
+
+type_init(musicpal_register_types)
diff --git a/hw/arm/nseries.c b/hw/arm/nseries.c
new file mode 100644
index 000000000..f6c9dc09e
--- /dev/null
+++ b/hw/arm/nseries.c
@@ -0,0 +1,1415 @@
+/*
+ * Nokia N-series internet tablets.
+ *
+ * Copyright (C) 2007 Nokia Corporation
+ * Written by Andrzej Zaborowski <andrew@openedhand.com>
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License as
+ * published by the Free Software Foundation; either version 2 or
+ * (at your option) version 3 of the License.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "qemu-common.h"
+#include "sysemu/sysemu.h"
+#include "hw/arm/omap.h"
+#include "hw/arm/arm.h"
+#include "hw/irq.h"
+#include "ui/console.h"
+#include "hw/boards.h"
+#include "hw/i2c/i2c.h"
+#include "hw/devices.h"
+#include "hw/block/flash.h"
+#include "hw/hw.h"
+#include "hw/bt.h"
+#include "hw/loader.h"
+#include "sysemu/blockdev.h"
+#include "hw/sysbus.h"
+#include "exec/address-spaces.h"
+
+/* Nokia N8x0 support */
+struct n800_s {
+ struct omap_mpu_state_s *mpu;
+
+ struct rfbi_chip_s blizzard;
+ struct {
+ void *opaque;
+ uint32_t (*txrx)(void *opaque, uint32_t value, int len);
+ uWireSlave *chip;
+ } ts;
+
+ int keymap[0x80];
+ DeviceState *kbd;
+
+ DeviceState *usb;
+ void *retu;
+ void *tahvo;
+ DeviceState *nand;
+};
+
+/* GPIO pins */
+#define N8X0_TUSB_ENABLE_GPIO 0
+#define N800_MMC2_WP_GPIO 8
+#define N800_UNKNOWN_GPIO0 9 /* out */
+#define N810_MMC2_VIOSD_GPIO 9
+#define N810_HEADSET_AMP_GPIO 10
+#define N800_CAM_TURN_GPIO 12
+#define N810_GPS_RESET_GPIO 12
+#define N800_BLIZZARD_POWERDOWN_GPIO 15
+#define N800_MMC1_WP_GPIO 23
+#define N810_MMC2_VSD_GPIO 23
+#define N8X0_ONENAND_GPIO 26
+#define N810_BLIZZARD_RESET_GPIO 30
+#define N800_UNKNOWN_GPIO2 53 /* out */
+#define N8X0_TUSB_INT_GPIO 58
+#define N8X0_BT_WKUP_GPIO 61
+#define N8X0_STI_GPIO 62
+#define N8X0_CBUS_SEL_GPIO 64
+#define N8X0_CBUS_DAT_GPIO 65
+#define N8X0_CBUS_CLK_GPIO 66
+#define N8X0_WLAN_IRQ_GPIO 87
+#define N8X0_BT_RESET_GPIO 92
+#define N8X0_TEA5761_CS_GPIO 93
+#define N800_UNKNOWN_GPIO 94
+#define N810_TSC_RESET_GPIO 94
+#define N800_CAM_ACT_GPIO 95
+#define N810_GPS_WAKEUP_GPIO 95
+#define N8X0_MMC_CS_GPIO 96
+#define N8X0_WLAN_PWR_GPIO 97
+#define N8X0_BT_HOST_WKUP_GPIO 98
+#define N810_SPEAKER_AMP_GPIO 101
+#define N810_KB_LOCK_GPIO 102
+#define N800_TSC_TS_GPIO 103
+#define N810_TSC_TS_GPIO 106
+#define N8X0_HEADPHONE_GPIO 107
+#define N8X0_RETU_GPIO 108
+#define N800_TSC_KP_IRQ_GPIO 109
+#define N810_KEYBOARD_GPIO 109
+#define N800_BAT_COVER_GPIO 110
+#define N810_SLIDE_GPIO 110
+#define N8X0_TAHVO_GPIO 111
+#define N800_UNKNOWN_GPIO4 112 /* out */
+#define N810_SLEEPX_LED_GPIO 112
+#define N800_TSC_RESET_GPIO 118 /* ? */
+#define N810_AIC33_RESET_GPIO 118
+#define N800_TSC_UNKNOWN_GPIO 119 /* out */
+#define N8X0_TMP105_GPIO 125
+
+/* Config */
+#define BT_UART 0
+#define XLDR_LL_UART 1
+
+/* Addresses on the I2C bus 0 */
+#define N810_TLV320AIC33_ADDR 0x18 /* Audio CODEC */
+#define N8X0_TCM825x_ADDR 0x29 /* Camera */
+#define N810_LP5521_ADDR 0x32 /* LEDs */
+#define N810_TSL2563_ADDR 0x3d /* Light sensor */
+#define N810_LM8323_ADDR 0x45 /* Keyboard */
+/* Addresses on the I2C bus 1 */
+#define N8X0_TMP105_ADDR 0x48 /* Temperature sensor */
+#define N8X0_MENELAUS_ADDR 0x72 /* Power management */
+
+/* Chipselects on GPMC NOR interface */
+#define N8X0_ONENAND_CS 0
+#define N8X0_USB_ASYNC_CS 1
+#define N8X0_USB_SYNC_CS 4
+
+#define N8X0_BD_ADDR 0x00, 0x1a, 0x89, 0x9e, 0x3e, 0x81
+
+static void n800_mmc_cs_cb(void *opaque, int line, int level)
+{
+ /* TODO: this seems to actually be connected to the menelaus, to
+ * which also both MMC slots connect. */
+ omap_mmc_enable((struct omap_mmc_s *) opaque, !level);
+}
+
+static void n8x0_gpio_setup(struct n800_s *s)
+{
+ qemu_irq *mmc_cs = qemu_allocate_irqs(n800_mmc_cs_cb, s->mpu->mmc, 1);
+ qdev_connect_gpio_out(s->mpu->gpio, N8X0_MMC_CS_GPIO, mmc_cs[0]);
+
+ qemu_irq_lower(qdev_get_gpio_in(s->mpu->gpio, N800_BAT_COVER_GPIO));
+}
+
+#define MAEMO_CAL_HEADER(...) \
+ 'C', 'o', 'n', 'F', 0x02, 0x00, 0x04, 0x00, \
+ __VA_ARGS__, \
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+
+static const uint8_t n8x0_cal_wlan_mac[] = {
+ MAEMO_CAL_HEADER('w', 'l', 'a', 'n', '-', 'm', 'a', 'c')
+ 0x1c, 0x00, 0x00, 0x00, 0x47, 0xd6, 0x69, 0xb3,
+ 0x30, 0x08, 0xa0, 0x83, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x1a, 0x00, 0x00, 0x00,
+ 0x89, 0x00, 0x00, 0x00, 0x9e, 0x00, 0x00, 0x00,
+ 0x5d, 0x00, 0x00, 0x00, 0xc1, 0x00, 0x00, 0x00,
+};
+
+static const uint8_t n8x0_cal_bt_id[] = {
+ MAEMO_CAL_HEADER('b', 't', '-', 'i', 'd', 0, 0, 0)
+ 0x0a, 0x00, 0x00, 0x00, 0xa3, 0x4b, 0xf6, 0x96,
+ 0xa8, 0xeb, 0xb2, 0x41, 0x00, 0x00, 0x00, 0x00,
+ N8X0_BD_ADDR,
+};
+
+static void n8x0_nand_setup(struct n800_s *s)
+{
+ char *otp_region;
+ DriveInfo *dinfo;
+
+ s->nand = qdev_create(NULL, "onenand");
+ qdev_prop_set_uint16(s->nand, "manufacturer_id", NAND_MFR_SAMSUNG);
+ /* Either 0x40 or 0x48 are OK for the device ID */
+ qdev_prop_set_uint16(s->nand, "device_id", 0x48);
+ qdev_prop_set_uint16(s->nand, "version_id", 0);
+ qdev_prop_set_int32(s->nand, "shift", 1);
+ dinfo = drive_get(IF_MTD, 0, 0);
+ if (dinfo && dinfo->bdrv) {
+ qdev_prop_set_drive_nofail(s->nand, "drive", dinfo->bdrv);
+ }
+ qdev_init_nofail(s->nand);
+ sysbus_connect_irq(SYS_BUS_DEVICE(s->nand), 0,
+ qdev_get_gpio_in(s->mpu->gpio, N8X0_ONENAND_GPIO));
+ omap_gpmc_attach(s->mpu->gpmc, N8X0_ONENAND_CS,
+ sysbus_mmio_get_region(SYS_BUS_DEVICE(s->nand), 0));
+ otp_region = onenand_raw_otp(s->nand);
+
+ memcpy(otp_region + 0x000, n8x0_cal_wlan_mac, sizeof(n8x0_cal_wlan_mac));
+ memcpy(otp_region + 0x800, n8x0_cal_bt_id, sizeof(n8x0_cal_bt_id));
+ /* XXX: in theory should also update the OOB for both pages */
+}
+
+static qemu_irq n8x0_system_powerdown;
+
+static void n8x0_powerdown_req(Notifier *n, void *opaque)
+{
+ qemu_irq_raise(n8x0_system_powerdown);
+}
+
+static Notifier n8x0_system_powerdown_notifier = {
+ .notify = n8x0_powerdown_req
+};
+
+static void n8x0_i2c_setup(struct n800_s *s)
+{
+ DeviceState *dev;
+ qemu_irq tmp_irq = qdev_get_gpio_in(s->mpu->gpio, N8X0_TMP105_GPIO);
+ i2c_bus *i2c = omap_i2c_bus(s->mpu->i2c[0]);
+
+ /* Attach a menelaus PM chip */
+ dev = i2c_create_slave(i2c, "twl92230", N8X0_MENELAUS_ADDR);
+ qdev_connect_gpio_out(dev, 3,
+ qdev_get_gpio_in(s->mpu->ih[0],
+ OMAP_INT_24XX_SYS_NIRQ));
+
+ n8x0_system_powerdown = qdev_get_gpio_in(dev, 3);
+ qemu_register_powerdown_notifier(&n8x0_system_powerdown_notifier);
+
+ /* Attach a TMP105 PM chip (A0 wired to ground) */
+ dev = i2c_create_slave(i2c, "tmp105", N8X0_TMP105_ADDR);
+ qdev_connect_gpio_out(dev, 0, tmp_irq);
+}
+
+/* Touchscreen and keypad controller */
+static MouseTransformInfo n800_pointercal = {
+ .x = 800,
+ .y = 480,
+ .a = { 14560, -68, -3455208, -39, -9621, 35152972, 65536 },
+};
+
+static MouseTransformInfo n810_pointercal = {
+ .x = 800,
+ .y = 480,
+ .a = { 15041, 148, -4731056, 171, -10238, 35933380, 65536 },
+};
+
+#define RETU_KEYCODE 61 /* F3 */
+
+static void n800_key_event(void *opaque, int keycode)
+{
+ struct n800_s *s = (struct n800_s *) opaque;
+ int code = s->keymap[keycode & 0x7f];
+
+ if (code == -1) {
+ if ((keycode & 0x7f) == RETU_KEYCODE)
+ retu_key_event(s->retu, !(keycode & 0x80));
+ return;
+ }
+
+ tsc210x_key_event(s->ts.chip, code, !(keycode & 0x80));
+}
+
+static const int n800_keys[16] = {
+ -1,
+ 72, /* Up */
+ 63, /* Home (F5) */
+ -1,
+ 75, /* Left */
+ 28, /* Enter */
+ 77, /* Right */
+ -1,
+ 1, /* Cycle (ESC) */
+ 80, /* Down */
+ 62, /* Menu (F4) */
+ -1,
+ 66, /* Zoom- (F8) */
+ 64, /* FullScreen (F6) */
+ 65, /* Zoom+ (F7) */
+ -1,
+};
+
+static void n800_tsc_kbd_setup(struct n800_s *s)
+{
+ int i;
+
+ /* XXX: are the three pins inverted inside the chip between the
+ * tsc and the cpu (N4111)? */
+ qemu_irq penirq = NULL; /* NC */
+ qemu_irq kbirq = qdev_get_gpio_in(s->mpu->gpio, N800_TSC_KP_IRQ_GPIO);
+ qemu_irq dav = qdev_get_gpio_in(s->mpu->gpio, N800_TSC_TS_GPIO);
+
+ s->ts.chip = tsc2301_init(penirq, kbirq, dav);
+ s->ts.opaque = s->ts.chip->opaque;
+ s->ts.txrx = tsc210x_txrx;
+
+ for (i = 0; i < 0x80; i ++)
+ s->keymap[i] = -1;
+ for (i = 0; i < 0x10; i ++)
+ if (n800_keys[i] >= 0)
+ s->keymap[n800_keys[i]] = i;
+
+ qemu_add_kbd_event_handler(n800_key_event, s);
+
+ tsc210x_set_transform(s->ts.chip, &n800_pointercal);
+}
+
+static void n810_tsc_setup(struct n800_s *s)
+{
+ qemu_irq pintdav = qdev_get_gpio_in(s->mpu->gpio, N810_TSC_TS_GPIO);
+
+ s->ts.opaque = tsc2005_init(pintdav);
+ s->ts.txrx = tsc2005_txrx;
+
+ tsc2005_set_transform(s->ts.opaque, &n810_pointercal);
+}
+
+/* N810 Keyboard controller */
+static void n810_key_event(void *opaque, int keycode)
+{
+ struct n800_s *s = (struct n800_s *) opaque;
+ int code = s->keymap[keycode & 0x7f];
+
+ if (code == -1) {
+ if ((keycode & 0x7f) == RETU_KEYCODE)
+ retu_key_event(s->retu, !(keycode & 0x80));
+ return;
+ }
+
+ lm832x_key_event(s->kbd, code, !(keycode & 0x80));
+}
+
+#define M 0
+
+static int n810_keys[0x80] = {
+ [0x01] = 16, /* Q */
+ [0x02] = 37, /* K */
+ [0x03] = 24, /* O */
+ [0x04] = 25, /* P */
+ [0x05] = 14, /* Backspace */
+ [0x06] = 30, /* A */
+ [0x07] = 31, /* S */
+ [0x08] = 32, /* D */
+ [0x09] = 33, /* F */
+ [0x0a] = 34, /* G */
+ [0x0b] = 35, /* H */
+ [0x0c] = 36, /* J */
+
+ [0x11] = 17, /* W */
+ [0x12] = 62, /* Menu (F4) */
+ [0x13] = 38, /* L */
+ [0x14] = 40, /* ' (Apostrophe) */
+ [0x16] = 44, /* Z */
+ [0x17] = 45, /* X */
+ [0x18] = 46, /* C */
+ [0x19] = 47, /* V */
+ [0x1a] = 48, /* B */
+ [0x1b] = 49, /* N */
+ [0x1c] = 42, /* Shift (Left shift) */
+ [0x1f] = 65, /* Zoom+ (F7) */
+
+ [0x21] = 18, /* E */
+ [0x22] = 39, /* ; (Semicolon) */
+ [0x23] = 12, /* - (Minus) */
+ [0x24] = 13, /* = (Equal) */
+ [0x2b] = 56, /* Fn (Left Alt) */
+ [0x2c] = 50, /* M */
+ [0x2f] = 66, /* Zoom- (F8) */
+
+ [0x31] = 19, /* R */
+ [0x32] = 29 | M, /* Right Ctrl */
+ [0x34] = 57, /* Space */
+ [0x35] = 51, /* , (Comma) */
+ [0x37] = 72 | M, /* Up */
+ [0x3c] = 82 | M, /* Compose (Insert) */
+ [0x3f] = 64, /* FullScreen (F6) */
+
+ [0x41] = 20, /* T */
+ [0x44] = 52, /* . (Dot) */
+ [0x46] = 77 | M, /* Right */
+ [0x4f] = 63, /* Home (F5) */
+ [0x51] = 21, /* Y */
+ [0x53] = 80 | M, /* Down */
+ [0x55] = 28, /* Enter */
+ [0x5f] = 1, /* Cycle (ESC) */
+
+ [0x61] = 22, /* U */
+ [0x64] = 75 | M, /* Left */
+
+ [0x71] = 23, /* I */
+#if 0
+ [0x75] = 28 | M, /* KP Enter (KP Enter) */
+#else
+ [0x75] = 15, /* KP Enter (Tab) */
+#endif
+};
+
+#undef M
+
+static void n810_kbd_setup(struct n800_s *s)
+{
+ qemu_irq kbd_irq = qdev_get_gpio_in(s->mpu->gpio, N810_KEYBOARD_GPIO);
+ int i;
+
+ for (i = 0; i < 0x80; i ++)
+ s->keymap[i] = -1;
+ for (i = 0; i < 0x80; i ++)
+ if (n810_keys[i] > 0)
+ s->keymap[n810_keys[i]] = i;
+
+ qemu_add_kbd_event_handler(n810_key_event, s);
+
+ /* Attach the LM8322 keyboard to the I2C bus,
+ * should happen in n8x0_i2c_setup and s->kbd be initialised here. */
+ s->kbd = i2c_create_slave(omap_i2c_bus(s->mpu->i2c[0]),
+ "lm8323", N810_LM8323_ADDR);
+ qdev_connect_gpio_out(s->kbd, 0, kbd_irq);
+}
+
+/* LCD MIPI DBI-C controller (URAL) */
+struct mipid_s {
+ int resp[4];
+ int param[4];
+ int p;
+ int pm;
+ int cmd;
+
+ int sleep;
+ int booster;
+ int te;
+ int selfcheck;
+ int partial;
+ int normal;
+ int vscr;
+ int invert;
+ int onoff;
+ int gamma;
+ uint32_t id;
+};
+
+static void mipid_reset(struct mipid_s *s)
+{
+ s->pm = 0;
+ s->cmd = 0;
+
+ s->sleep = 1;
+ s->booster = 0;
+ s->selfcheck =
+ (1 << 7) | /* Register loading OK. */
+ (1 << 5) | /* The chip is attached. */
+ (1 << 4); /* Display glass still in one piece. */
+ s->te = 0;
+ s->partial = 0;
+ s->normal = 1;
+ s->vscr = 0;
+ s->invert = 0;
+ s->onoff = 1;
+ s->gamma = 0;
+}
+
+static uint32_t mipid_txrx(void *opaque, uint32_t cmd, int len)
+{
+ struct mipid_s *s = (struct mipid_s *) opaque;
+ uint8_t ret;
+
+ if (len > 9)
+ hw_error("%s: FIXME: bad SPI word width %i\n", __FUNCTION__, len);
+
+ if (s->p >= ARRAY_SIZE(s->resp))
+ ret = 0;
+ else
+ ret = s->resp[s->p ++];
+ if (s->pm --> 0)
+ s->param[s->pm] = cmd;
+ else
+ s->cmd = cmd;
+
+ switch (s->cmd) {
+ case 0x00: /* NOP */
+ break;
+
+ case 0x01: /* SWRESET */
+ mipid_reset(s);
+ break;
+
+ case 0x02: /* BSTROFF */
+ s->booster = 0;
+ break;
+ case 0x03: /* BSTRON */
+ s->booster = 1;
+ break;
+
+ case 0x04: /* RDDID */
+ s->p = 0;
+ s->resp[0] = (s->id >> 16) & 0xff;
+ s->resp[1] = (s->id >> 8) & 0xff;
+ s->resp[2] = (s->id >> 0) & 0xff;
+ break;
+
+ case 0x06: /* RD_RED */
+ case 0x07: /* RD_GREEN */
+ /* XXX the bootloader sometimes issues RD_BLUE meaning RDDID so
+ * for the bootloader one needs to change this. */
+ case 0x08: /* RD_BLUE */
+ s->p = 0;
+ /* TODO: return first pixel components */
+ s->resp[0] = 0x01;
+ break;
+
+ case 0x09: /* RDDST */
+ s->p = 0;
+ s->resp[0] = s->booster << 7;
+ s->resp[1] = (5 << 4) | (s->partial << 2) |
+ (s->sleep << 1) | s->normal;
+ s->resp[2] = (s->vscr << 7) | (s->invert << 5) |
+ (s->onoff << 2) | (s->te << 1) | (s->gamma >> 2);
+ s->resp[3] = s->gamma << 6;
+ break;
+
+ case 0x0a: /* RDDPM */
+ s->p = 0;
+ s->resp[0] = (s->onoff << 2) | (s->normal << 3) | (s->sleep << 4) |
+ (s->partial << 5) | (s->sleep << 6) | (s->booster << 7);
+ break;
+ case 0x0b: /* RDDMADCTR */
+ s->p = 0;
+ s->resp[0] = 0;
+ break;
+ case 0x0c: /* RDDCOLMOD */
+ s->p = 0;
+ s->resp[0] = 5; /* 65K colours */
+ break;
+ case 0x0d: /* RDDIM */
+ s->p = 0;
+ s->resp[0] = (s->invert << 5) | (s->vscr << 7) | s->gamma;
+ break;
+ case 0x0e: /* RDDSM */
+ s->p = 0;
+ s->resp[0] = s->te << 7;
+ break;
+ case 0x0f: /* RDDSDR */
+ s->p = 0;
+ s->resp[0] = s->selfcheck;
+ break;
+
+ case 0x10: /* SLPIN */
+ s->sleep = 1;
+ break;
+ case 0x11: /* SLPOUT */
+ s->sleep = 0;
+ s->selfcheck ^= 1 << 6; /* POFF self-diagnosis Ok */
+ break;
+
+ case 0x12: /* PTLON */
+ s->partial = 1;
+ s->normal = 0;
+ s->vscr = 0;
+ break;
+ case 0x13: /* NORON */
+ s->partial = 0;
+ s->normal = 1;
+ s->vscr = 0;
+ break;
+
+ case 0x20: /* INVOFF */
+ s->invert = 0;
+ break;
+ case 0x21: /* INVON */
+ s->invert = 1;
+ break;
+
+ case 0x22: /* APOFF */
+ case 0x23: /* APON */
+ goto bad_cmd;
+
+ case 0x25: /* WRCNTR */
+ if (s->pm < 0)
+ s->pm = 1;
+ goto bad_cmd;
+
+ case 0x26: /* GAMSET */
+ if (!s->pm)
+ s->gamma = ffs(s->param[0] & 0xf) - 1;
+ else if (s->pm < 0)
+ s->pm = 1;
+ break;
+
+ case 0x28: /* DISPOFF */
+ s->onoff = 0;
+ break;
+ case 0x29: /* DISPON */
+ s->onoff = 1;
+ break;
+
+ case 0x2a: /* CASET */
+ case 0x2b: /* RASET */
+ case 0x2c: /* RAMWR */
+ case 0x2d: /* RGBSET */
+ case 0x2e: /* RAMRD */
+ case 0x30: /* PTLAR */
+ case 0x33: /* SCRLAR */
+ goto bad_cmd;
+
+ case 0x34: /* TEOFF */
+ s->te = 0;
+ break;
+ case 0x35: /* TEON */
+ if (!s->pm)
+ s->te = 1;
+ else if (s->pm < 0)
+ s->pm = 1;
+ break;
+
+ case 0x36: /* MADCTR */
+ goto bad_cmd;
+
+ case 0x37: /* VSCSAD */
+ s->partial = 0;
+ s->normal = 0;
+ s->vscr = 1;
+ break;
+
+ case 0x38: /* IDMOFF */
+ case 0x39: /* IDMON */
+ case 0x3a: /* COLMOD */
+ goto bad_cmd;
+
+ case 0xb0: /* CLKINT / DISCTL */
+ case 0xb1: /* CLKEXT */
+ if (s->pm < 0)
+ s->pm = 2;
+ break;
+
+ case 0xb4: /* FRMSEL */
+ break;
+
+ case 0xb5: /* FRM8SEL */
+ case 0xb6: /* TMPRNG / INIESC */
+ case 0xb7: /* TMPHIS / NOP2 */
+ case 0xb8: /* TMPREAD / MADCTL */
+ case 0xba: /* DISTCTR */
+ case 0xbb: /* EPVOL */
+ goto bad_cmd;
+
+ case 0xbd: /* Unknown */
+ s->p = 0;
+ s->resp[0] = 0;
+ s->resp[1] = 1;
+ break;
+
+ case 0xc2: /* IFMOD */
+ if (s->pm < 0)
+ s->pm = 2;
+ break;
+
+ case 0xc6: /* PWRCTL */
+ case 0xc7: /* PPWRCTL */
+ case 0xd0: /* EPWROUT */
+ case 0xd1: /* EPWRIN */
+ case 0xd4: /* RDEV */
+ case 0xd5: /* RDRR */
+ goto bad_cmd;
+
+ case 0xda: /* RDID1 */
+ s->p = 0;
+ s->resp[0] = (s->id >> 16) & 0xff;
+ break;
+ case 0xdb: /* RDID2 */
+ s->p = 0;
+ s->resp[0] = (s->id >> 8) & 0xff;
+ break;
+ case 0xdc: /* RDID3 */
+ s->p = 0;
+ s->resp[0] = (s->id >> 0) & 0xff;
+ break;
+
+ default:
+ bad_cmd:
+ qemu_log_mask(LOG_GUEST_ERROR,
+ "%s: unknown command %02x\n", __func__, s->cmd);
+ break;
+ }
+
+ return ret;
+}
+
+static void *mipid_init(void)
+{
+ struct mipid_s *s = (struct mipid_s *) g_malloc0(sizeof(*s));
+
+ s->id = 0x838f03;
+ mipid_reset(s);
+
+ return s;
+}
+
+static void n8x0_spi_setup(struct n800_s *s)
+{
+ void *tsc = s->ts.opaque;
+ void *mipid = mipid_init();
+
+ omap_mcspi_attach(s->mpu->mcspi[0], s->ts.txrx, tsc, 0);
+ omap_mcspi_attach(s->mpu->mcspi[0], mipid_txrx, mipid, 1);
+}
+
+/* This task is normally performed by the bootloader. If we're loading
+ * a kernel directly, we need to enable the Blizzard ourselves. */
+static void n800_dss_init(struct rfbi_chip_s *chip)
+{
+ uint8_t *fb_blank;
+
+ chip->write(chip->opaque, 0, 0x2a); /* LCD Width register */
+ chip->write(chip->opaque, 1, 0x64);
+ chip->write(chip->opaque, 0, 0x2c); /* LCD HNDP register */
+ chip->write(chip->opaque, 1, 0x1e);
+ chip->write(chip->opaque, 0, 0x2e); /* LCD Height 0 register */
+ chip->write(chip->opaque, 1, 0xe0);
+ chip->write(chip->opaque, 0, 0x30); /* LCD Height 1 register */
+ chip->write(chip->opaque, 1, 0x01);
+ chip->write(chip->opaque, 0, 0x32); /* LCD VNDP register */
+ chip->write(chip->opaque, 1, 0x06);
+ chip->write(chip->opaque, 0, 0x68); /* Display Mode register */
+ chip->write(chip->opaque, 1, 1); /* Enable bit */
+
+ chip->write(chip->opaque, 0, 0x6c);
+ chip->write(chip->opaque, 1, 0x00); /* Input X Start Position */
+ chip->write(chip->opaque, 1, 0x00); /* Input X Start Position */
+ chip->write(chip->opaque, 1, 0x00); /* Input Y Start Position */
+ chip->write(chip->opaque, 1, 0x00); /* Input Y Start Position */
+ chip->write(chip->opaque, 1, 0x1f); /* Input X End Position */
+ chip->write(chip->opaque, 1, 0x03); /* Input X End Position */
+ chip->write(chip->opaque, 1, 0xdf); /* Input Y End Position */
+ chip->write(chip->opaque, 1, 0x01); /* Input Y End Position */
+ chip->write(chip->opaque, 1, 0x00); /* Output X Start Position */
+ chip->write(chip->opaque, 1, 0x00); /* Output X Start Position */
+ chip->write(chip->opaque, 1, 0x00); /* Output Y Start Position */
+ chip->write(chip->opaque, 1, 0x00); /* Output Y Start Position */
+ chip->write(chip->opaque, 1, 0x1f); /* Output X End Position */
+ chip->write(chip->opaque, 1, 0x03); /* Output X End Position */
+ chip->write(chip->opaque, 1, 0xdf); /* Output Y End Position */
+ chip->write(chip->opaque, 1, 0x01); /* Output Y End Position */
+ chip->write(chip->opaque, 1, 0x01); /* Input Data Format */
+ chip->write(chip->opaque, 1, 0x01); /* Data Source Select */
+
+ fb_blank = memset(g_malloc(800 * 480 * 2), 0xff, 800 * 480 * 2);
+ /* Display Memory Data Port */
+ chip->block(chip->opaque, 1, fb_blank, 800 * 480 * 2, 800);
+ g_free(fb_blank);
+}
+
+static void n8x0_dss_setup(struct n800_s *s)
+{
+ s->blizzard.opaque = s1d13745_init(NULL);
+ s->blizzard.block = s1d13745_write_block;
+ s->blizzard.write = s1d13745_write;
+ s->blizzard.read = s1d13745_read;
+
+ omap_rfbi_attach(s->mpu->dss, 0, &s->blizzard);
+}
+
+static void n8x0_cbus_setup(struct n800_s *s)
+{
+ qemu_irq dat_out = qdev_get_gpio_in(s->mpu->gpio, N8X0_CBUS_DAT_GPIO);
+ qemu_irq retu_irq = qdev_get_gpio_in(s->mpu->gpio, N8X0_RETU_GPIO);
+ qemu_irq tahvo_irq = qdev_get_gpio_in(s->mpu->gpio, N8X0_TAHVO_GPIO);
+
+ CBus *cbus = cbus_init(dat_out);
+
+ qdev_connect_gpio_out(s->mpu->gpio, N8X0_CBUS_CLK_GPIO, cbus->clk);
+ qdev_connect_gpio_out(s->mpu->gpio, N8X0_CBUS_DAT_GPIO, cbus->dat);
+ qdev_connect_gpio_out(s->mpu->gpio, N8X0_CBUS_SEL_GPIO, cbus->sel);
+
+ cbus_attach(cbus, s->retu = retu_init(retu_irq, 1));
+ cbus_attach(cbus, s->tahvo = tahvo_init(tahvo_irq, 1));
+}
+
+static void n8x0_uart_setup(struct n800_s *s)
+{
+ CharDriverState *radio = uart_hci_init(
+ qdev_get_gpio_in(s->mpu->gpio, N8X0_BT_HOST_WKUP_GPIO));
+
+ qdev_connect_gpio_out(s->mpu->gpio, N8X0_BT_RESET_GPIO,
+ csrhci_pins_get(radio)[csrhci_pin_reset]);
+ qdev_connect_gpio_out(s->mpu->gpio, N8X0_BT_WKUP_GPIO,
+ csrhci_pins_get(radio)[csrhci_pin_wakeup]);
+
+ omap_uart_attach(s->mpu->uart[BT_UART], radio);
+}
+
+static void n8x0_usb_setup(struct n800_s *s)
+{
+ SysBusDevice *dev;
+ s->usb = qdev_create(NULL, "tusb6010");
+ dev = SYS_BUS_DEVICE(s->usb);
+ qdev_init_nofail(s->usb);
+ sysbus_connect_irq(dev, 0,
+ qdev_get_gpio_in(s->mpu->gpio, N8X0_TUSB_INT_GPIO));
+ /* Using the NOR interface */
+ omap_gpmc_attach(s->mpu->gpmc, N8X0_USB_ASYNC_CS,
+ sysbus_mmio_get_region(dev, 0));
+ omap_gpmc_attach(s->mpu->gpmc, N8X0_USB_SYNC_CS,
+ sysbus_mmio_get_region(dev, 1));
+ qdev_connect_gpio_out(s->mpu->gpio, N8X0_TUSB_ENABLE_GPIO,
+ qdev_get_gpio_in(s->usb, 0)); /* tusb_pwr */
+}
+
+/* Setup done before the main bootloader starts by some early setup code
+ * - used when we want to run the main bootloader in emulation. This
+ * isn't documented. */
+static uint32_t n800_pinout[104] = {
+ 0x080f00d8, 0x00d40808, 0x03080808, 0x080800d0,
+ 0x00dc0808, 0x0b0f0f00, 0x080800b4, 0x00c00808,
+ 0x08080808, 0x180800c4, 0x00b80000, 0x08080808,
+ 0x080800bc, 0x00cc0808, 0x08081818, 0x18180128,
+ 0x01241800, 0x18181818, 0x000000f0, 0x01300000,
+ 0x00001b0b, 0x1b0f0138, 0x00e0181b, 0x1b031b0b,
+ 0x180f0078, 0x00740018, 0x0f0f0f1a, 0x00000080,
+ 0x007c0000, 0x00000000, 0x00000088, 0x00840000,
+ 0x00000000, 0x00000094, 0x00980300, 0x0f180003,
+ 0x0000008c, 0x00900f0f, 0x0f0f1b00, 0x0f00009c,
+ 0x01140000, 0x1b1b0f18, 0x0818013c, 0x01400008,
+ 0x00001818, 0x000b0110, 0x010c1800, 0x0b030b0f,
+ 0x181800f4, 0x00f81818, 0x00000018, 0x000000fc,
+ 0x00401808, 0x00000000, 0x0f1b0030, 0x003c0008,
+ 0x00000000, 0x00000038, 0x00340000, 0x00000000,
+ 0x1a080070, 0x00641a1a, 0x08080808, 0x08080060,
+ 0x005c0808, 0x08080808, 0x08080058, 0x00540808,
+ 0x08080808, 0x0808006c, 0x00680808, 0x08080808,
+ 0x000000a8, 0x00b00000, 0x08080808, 0x000000a0,
+ 0x00a40000, 0x00000000, 0x08ff0050, 0x004c0808,
+ 0xffffffff, 0xffff0048, 0x0044ffff, 0xffffffff,
+ 0x000000ac, 0x01040800, 0x08080b0f, 0x18180100,
+ 0x01081818, 0x0b0b1808, 0x1a0300e4, 0x012c0b1a,
+ 0x02020018, 0x0b000134, 0x011c0800, 0x0b1b1b00,
+ 0x0f0000c8, 0x00ec181b, 0x000f0f02, 0x00180118,
+ 0x01200000, 0x0f0b1b1b, 0x0f0200e8, 0x0000020b,
+};
+
+static void n800_setup_nolo_tags(void *sram_base)
+{
+ int i;
+ uint32_t *p = sram_base + 0x8000;
+ uint32_t *v = sram_base + 0xa000;
+
+ memset(p, 0, 0x3000);
+
+ strcpy((void *) (p + 0), "QEMU N800");
+
+ strcpy((void *) (p + 8), "F5");
+
+ stl_raw(p + 10, 0x04f70000);
+ strcpy((void *) (p + 9), "RX-34");
+
+ /* RAM size in MB? */
+ stl_raw(p + 12, 0x80);
+
+ /* Pointer to the list of tags */
+ stl_raw(p + 13, OMAP2_SRAM_BASE + 0x9000);
+
+ /* The NOLO tags start here */
+ p = sram_base + 0x9000;
+#define ADD_TAG(tag, len) \
+ stw_raw((uint16_t *) p + 0, tag); \
+ stw_raw((uint16_t *) p + 1, len); p ++; \
+ stl_raw(p ++, OMAP2_SRAM_BASE | (((void *) v - sram_base) & 0xffff));
+
+ /* OMAP STI console? Pin out settings? */
+ ADD_TAG(0x6e01, 414);
+ for (i = 0; i < ARRAY_SIZE(n800_pinout); i ++)
+ stl_raw(v ++, n800_pinout[i]);
+
+ /* Kernel memsize? */
+ ADD_TAG(0x6e05, 1);
+ stl_raw(v ++, 2);
+
+ /* NOLO serial console */
+ ADD_TAG(0x6e02, 4);
+ stl_raw(v ++, XLDR_LL_UART); /* UART number (1 - 3) */
+
+#if 0
+ /* CBUS settings (Retu/AVilma) */
+ ADD_TAG(0x6e03, 6);
+ stw_raw((uint16_t *) v + 0, 65); /* CBUS GPIO0 */
+ stw_raw((uint16_t *) v + 1, 66); /* CBUS GPIO1 */
+ stw_raw((uint16_t *) v + 2, 64); /* CBUS GPIO2 */
+ v += 2;
+#endif
+
+ /* Nokia ASIC BB5 (Retu/Tahvo) */
+ ADD_TAG(0x6e0a, 4);
+ stw_raw((uint16_t *) v + 0, 111); /* "Retu" interrupt GPIO */
+ stw_raw((uint16_t *) v + 1, 108); /* "Tahvo" interrupt GPIO */
+ v ++;
+
+ /* LCD console? */
+ ADD_TAG(0x6e04, 4);
+ stw_raw((uint16_t *) v + 0, 30); /* ??? */
+ stw_raw((uint16_t *) v + 1, 24); /* ??? */
+ v ++;
+
+#if 0
+ /* LCD settings */
+ ADD_TAG(0x6e06, 2);
+ stw_raw((uint16_t *) (v ++), 15); /* ??? */
+#endif
+
+ /* I^2C (Menelaus) */
+ ADD_TAG(0x6e07, 4);
+ stl_raw(v ++, 0x00720000); /* ??? */
+
+ /* Unknown */
+ ADD_TAG(0x6e0b, 6);
+ stw_raw((uint16_t *) v + 0, 94); /* ??? */
+ stw_raw((uint16_t *) v + 1, 23); /* ??? */
+ stw_raw((uint16_t *) v + 2, 0); /* ??? */
+ v += 2;
+
+ /* OMAP gpio switch info */
+ ADD_TAG(0x6e0c, 80);
+ strcpy((void *) v, "bat_cover"); v += 3;
+ stw_raw((uint16_t *) v + 0, 110); /* GPIO num ??? */
+ stw_raw((uint16_t *) v + 1, 1); /* GPIO num ??? */
+ v += 2;
+ strcpy((void *) v, "cam_act"); v += 3;
+ stw_raw((uint16_t *) v + 0, 95); /* GPIO num ??? */
+ stw_raw((uint16_t *) v + 1, 32); /* GPIO num ??? */
+ v += 2;
+ strcpy((void *) v, "cam_turn"); v += 3;
+ stw_raw((uint16_t *) v + 0, 12); /* GPIO num ??? */
+ stw_raw((uint16_t *) v + 1, 33); /* GPIO num ??? */
+ v += 2;
+ strcpy((void *) v, "headphone"); v += 3;
+ stw_raw((uint16_t *) v + 0, 107); /* GPIO num ??? */
+ stw_raw((uint16_t *) v + 1, 17); /* GPIO num ??? */
+ v += 2;
+
+ /* Bluetooth */
+ ADD_TAG(0x6e0e, 12);
+ stl_raw(v ++, 0x5c623d01); /* ??? */
+ stl_raw(v ++, 0x00000201); /* ??? */
+ stl_raw(v ++, 0x00000000); /* ??? */
+
+ /* CX3110x WLAN settings */
+ ADD_TAG(0x6e0f, 8);
+ stl_raw(v ++, 0x00610025); /* ??? */
+ stl_raw(v ++, 0xffff0057); /* ??? */
+
+ /* MMC host settings */
+ ADD_TAG(0x6e10, 12);
+ stl_raw(v ++, 0xffff000f); /* ??? */
+ stl_raw(v ++, 0xffffffff); /* ??? */
+ stl_raw(v ++, 0x00000060); /* ??? */
+
+ /* OneNAND chip select */
+ ADD_TAG(0x6e11, 10);
+ stl_raw(v ++, 0x00000401); /* ??? */
+ stl_raw(v ++, 0x0002003a); /* ??? */
+ stl_raw(v ++, 0x00000002); /* ??? */
+
+ /* TEA5761 sensor settings */
+ ADD_TAG(0x6e12, 2);
+ stl_raw(v ++, 93); /* GPIO num ??? */
+
+#if 0
+ /* Unknown tag */
+ ADD_TAG(6e09, 0);
+
+ /* Kernel UART / console */
+ ADD_TAG(6e12, 0);
+#endif
+
+ /* End of the list */
+ stl_raw(p ++, 0x00000000);
+ stl_raw(p ++, 0x00000000);
+}
+
+/* This task is normally performed by the bootloader. If we're loading
+ * a kernel directly, we need to set up GPMC mappings ourselves. */
+static void n800_gpmc_init(struct n800_s *s)
+{
+ uint32_t config7 =
+ (0xf << 8) | /* MASKADDRESS */
+ (1 << 6) | /* CSVALID */
+ (4 << 0); /* BASEADDRESS */
+
+ cpu_physical_memory_write(0x6800a078, /* GPMC_CONFIG7_0 */
+ &config7, sizeof(config7));
+}
+
+/* Setup sequence done by the bootloader */
+static void n8x0_boot_init(void *opaque)
+{
+ struct n800_s *s = (struct n800_s *) opaque;
+ uint32_t buf;
+
+ /* PRCM setup */
+#define omap_writel(addr, val) \
+ buf = (val); \
+ cpu_physical_memory_write(addr, &buf, sizeof(buf))
+
+ omap_writel(0x48008060, 0x41); /* PRCM_CLKSRC_CTRL */
+ omap_writel(0x48008070, 1); /* PRCM_CLKOUT_CTRL */
+ omap_writel(0x48008078, 0); /* PRCM_CLKEMUL_CTRL */
+ omap_writel(0x48008090, 0); /* PRCM_VOLTSETUP */
+ omap_writel(0x48008094, 0); /* PRCM_CLKSSETUP */
+ omap_writel(0x48008098, 0); /* PRCM_POLCTRL */
+ omap_writel(0x48008140, 2); /* CM_CLKSEL_MPU */
+ omap_writel(0x48008148, 0); /* CM_CLKSTCTRL_MPU */
+ omap_writel(0x48008158, 1); /* RM_RSTST_MPU */
+ omap_writel(0x480081c8, 0x15); /* PM_WKDEP_MPU */
+ omap_writel(0x480081d4, 0x1d4); /* PM_EVGENCTRL_MPU */
+ omap_writel(0x480081d8, 0); /* PM_EVEGENONTIM_MPU */
+ omap_writel(0x480081dc, 0); /* PM_EVEGENOFFTIM_MPU */
+ omap_writel(0x480081e0, 0xc); /* PM_PWSTCTRL_MPU */
+ omap_writel(0x48008200, 0x047e7ff7); /* CM_FCLKEN1_CORE */
+ omap_writel(0x48008204, 0x00000004); /* CM_FCLKEN2_CORE */
+ omap_writel(0x48008210, 0x047e7ff1); /* CM_ICLKEN1_CORE */
+ omap_writel(0x48008214, 0x00000004); /* CM_ICLKEN2_CORE */
+ omap_writel(0x4800821c, 0x00000000); /* CM_ICLKEN4_CORE */
+ omap_writel(0x48008230, 0); /* CM_AUTOIDLE1_CORE */
+ omap_writel(0x48008234, 0); /* CM_AUTOIDLE2_CORE */
+ omap_writel(0x48008238, 7); /* CM_AUTOIDLE3_CORE */
+ omap_writel(0x4800823c, 0); /* CM_AUTOIDLE4_CORE */
+ omap_writel(0x48008240, 0x04360626); /* CM_CLKSEL1_CORE */
+ omap_writel(0x48008244, 0x00000014); /* CM_CLKSEL2_CORE */
+ omap_writel(0x48008248, 0); /* CM_CLKSTCTRL_CORE */
+ omap_writel(0x48008300, 0x00000000); /* CM_FCLKEN_GFX */
+ omap_writel(0x48008310, 0x00000000); /* CM_ICLKEN_GFX */
+ omap_writel(0x48008340, 0x00000001); /* CM_CLKSEL_GFX */
+ omap_writel(0x48008400, 0x00000004); /* CM_FCLKEN_WKUP */
+ omap_writel(0x48008410, 0x00000004); /* CM_ICLKEN_WKUP */
+ omap_writel(0x48008440, 0x00000000); /* CM_CLKSEL_WKUP */
+ omap_writel(0x48008500, 0x000000cf); /* CM_CLKEN_PLL */
+ omap_writel(0x48008530, 0x0000000c); /* CM_AUTOIDLE_PLL */
+ omap_writel(0x48008540, /* CM_CLKSEL1_PLL */
+ (0x78 << 12) | (6 << 8));
+ omap_writel(0x48008544, 2); /* CM_CLKSEL2_PLL */
+
+ /* GPMC setup */
+ n800_gpmc_init(s);
+
+ /* Video setup */
+ n800_dss_init(&s->blizzard);
+
+ /* CPU setup */
+ s->mpu->cpu->env.GE = 0x5;
+
+ /* If the machine has a slided keyboard, open it */
+ if (s->kbd)
+ qemu_irq_raise(qdev_get_gpio_in(s->mpu->gpio, N810_SLIDE_GPIO));
+}
+
+#define OMAP_TAG_NOKIA_BT 0x4e01
+#define OMAP_TAG_WLAN_CX3110X 0x4e02
+#define OMAP_TAG_CBUS 0x4e03
+#define OMAP_TAG_EM_ASIC_BB5 0x4e04
+
+static struct omap_gpiosw_info_s {
+ const char *name;
+ int line;
+ int type;
+} n800_gpiosw_info[] = {
+ {
+ "bat_cover", N800_BAT_COVER_GPIO,
+ OMAP_GPIOSW_TYPE_COVER | OMAP_GPIOSW_INVERTED,
+ }, {
+ "cam_act", N800_CAM_ACT_GPIO,
+ OMAP_GPIOSW_TYPE_ACTIVITY,
+ }, {
+ "cam_turn", N800_CAM_TURN_GPIO,
+ OMAP_GPIOSW_TYPE_ACTIVITY | OMAP_GPIOSW_INVERTED,
+ }, {
+ "headphone", N8X0_HEADPHONE_GPIO,
+ OMAP_GPIOSW_TYPE_CONNECTION | OMAP_GPIOSW_INVERTED,
+ },
+ { NULL }
+}, n810_gpiosw_info[] = {
+ {
+ "gps_reset", N810_GPS_RESET_GPIO,
+ OMAP_GPIOSW_TYPE_ACTIVITY | OMAP_GPIOSW_OUTPUT,
+ }, {
+ "gps_wakeup", N810_GPS_WAKEUP_GPIO,
+ OMAP_GPIOSW_TYPE_ACTIVITY | OMAP_GPIOSW_OUTPUT,
+ }, {
+ "headphone", N8X0_HEADPHONE_GPIO,
+ OMAP_GPIOSW_TYPE_CONNECTION | OMAP_GPIOSW_INVERTED,
+ }, {
+ "kb_lock", N810_KB_LOCK_GPIO,
+ OMAP_GPIOSW_TYPE_COVER | OMAP_GPIOSW_INVERTED,
+ }, {
+ "sleepx_led", N810_SLEEPX_LED_GPIO,
+ OMAP_GPIOSW_TYPE_ACTIVITY | OMAP_GPIOSW_INVERTED | OMAP_GPIOSW_OUTPUT,
+ }, {
+ "slide", N810_SLIDE_GPIO,
+ OMAP_GPIOSW_TYPE_COVER | OMAP_GPIOSW_INVERTED,
+ },
+ { NULL }
+};
+
+static struct omap_partition_info_s {
+ uint32_t offset;
+ uint32_t size;
+ int mask;
+ const char *name;
+} n800_part_info[] = {
+ { 0x00000000, 0x00020000, 0x3, "bootloader" },
+ { 0x00020000, 0x00060000, 0x0, "config" },
+ { 0x00080000, 0x00200000, 0x0, "kernel" },
+ { 0x00280000, 0x00200000, 0x3, "initfs" },
+ { 0x00480000, 0x0fb80000, 0x3, "rootfs" },
+
+ { 0, 0, 0, NULL }
+}, n810_part_info[] = {
+ { 0x00000000, 0x00020000, 0x3, "bootloader" },
+ { 0x00020000, 0x00060000, 0x0, "config" },
+ { 0x00080000, 0x00220000, 0x0, "kernel" },
+ { 0x002a0000, 0x00400000, 0x0, "initfs" },
+ { 0x006a0000, 0x0f960000, 0x0, "rootfs" },
+
+ { 0, 0, 0, NULL }
+};
+
+static bdaddr_t n8x0_bd_addr = {{ N8X0_BD_ADDR }};
+
+static int n8x0_atag_setup(void *p, int model)
+{
+ uint8_t *b;
+ uint16_t *w;
+ uint32_t *l;
+ struct omap_gpiosw_info_s *gpiosw;
+ struct omap_partition_info_s *partition;
+ const char *tag;
+
+ w = p;
+
+ stw_raw(w ++, OMAP_TAG_UART); /* u16 tag */
+ stw_raw(w ++, 4); /* u16 len */
+ stw_raw(w ++, (1 << 2) | (1 << 1) | (1 << 0)); /* uint enabled_uarts */
+ w ++;
+
+#if 0
+ stw_raw(w ++, OMAP_TAG_SERIAL_CONSOLE); /* u16 tag */
+ stw_raw(w ++, 4); /* u16 len */
+ stw_raw(w ++, XLDR_LL_UART + 1); /* u8 console_uart */
+ stw_raw(w ++, 115200); /* u32 console_speed */
+#endif
+
+ stw_raw(w ++, OMAP_TAG_LCD); /* u16 tag */
+ stw_raw(w ++, 36); /* u16 len */
+ strcpy((void *) w, "QEMU LCD panel"); /* char panel_name[16] */
+ w += 8;
+ strcpy((void *) w, "blizzard"); /* char ctrl_name[16] */
+ w += 8;
+ stw_raw(w ++, N810_BLIZZARD_RESET_GPIO); /* TODO: n800 s16 nreset_gpio */
+ stw_raw(w ++, 24); /* u8 data_lines */
+
+ stw_raw(w ++, OMAP_TAG_CBUS); /* u16 tag */
+ stw_raw(w ++, 8); /* u16 len */
+ stw_raw(w ++, N8X0_CBUS_CLK_GPIO); /* s16 clk_gpio */
+ stw_raw(w ++, N8X0_CBUS_DAT_GPIO); /* s16 dat_gpio */
+ stw_raw(w ++, N8X0_CBUS_SEL_GPIO); /* s16 sel_gpio */
+ w ++;
+
+ stw_raw(w ++, OMAP_TAG_EM_ASIC_BB5); /* u16 tag */
+ stw_raw(w ++, 4); /* u16 len */
+ stw_raw(w ++, N8X0_RETU_GPIO); /* s16 retu_irq_gpio */
+ stw_raw(w ++, N8X0_TAHVO_GPIO); /* s16 tahvo_irq_gpio */
+
+ gpiosw = (model == 810) ? n810_gpiosw_info : n800_gpiosw_info;
+ for (; gpiosw->name; gpiosw ++) {
+ stw_raw(w ++, OMAP_TAG_GPIO_SWITCH); /* u16 tag */
+ stw_raw(w ++, 20); /* u16 len */
+ strcpy((void *) w, gpiosw->name); /* char name[12] */
+ w += 6;
+ stw_raw(w ++, gpiosw->line); /* u16 gpio */
+ stw_raw(w ++, gpiosw->type);
+ stw_raw(w ++, 0);
+ stw_raw(w ++, 0);
+ }
+
+ stw_raw(w ++, OMAP_TAG_NOKIA_BT); /* u16 tag */
+ stw_raw(w ++, 12); /* u16 len */
+ b = (void *) w;
+ stb_raw(b ++, 0x01); /* u8 chip_type (CSR) */
+ stb_raw(b ++, N8X0_BT_WKUP_GPIO); /* u8 bt_wakeup_gpio */
+ stb_raw(b ++, N8X0_BT_HOST_WKUP_GPIO); /* u8 host_wakeup_gpio */
+ stb_raw(b ++, N8X0_BT_RESET_GPIO); /* u8 reset_gpio */
+ stb_raw(b ++, BT_UART + 1); /* u8 bt_uart */
+ memcpy(b, &n8x0_bd_addr, 6); /* u8 bd_addr[6] */
+ b += 6;
+ stb_raw(b ++, 0x02); /* u8 bt_sysclk (38.4) */
+ w = (void *) b;
+
+ stw_raw(w ++, OMAP_TAG_WLAN_CX3110X); /* u16 tag */
+ stw_raw(w ++, 8); /* u16 len */
+ stw_raw(w ++, 0x25); /* u8 chip_type */
+ stw_raw(w ++, N8X0_WLAN_PWR_GPIO); /* s16 power_gpio */
+ stw_raw(w ++, N8X0_WLAN_IRQ_GPIO); /* s16 irq_gpio */
+ stw_raw(w ++, -1); /* s16 spi_cs_gpio */
+
+ stw_raw(w ++, OMAP_TAG_MMC); /* u16 tag */
+ stw_raw(w ++, 16); /* u16 len */
+ if (model == 810) {
+ stw_raw(w ++, 0x23f); /* unsigned flags */
+ stw_raw(w ++, -1); /* s16 power_pin */
+ stw_raw(w ++, -1); /* s16 switch_pin */
+ stw_raw(w ++, -1); /* s16 wp_pin */
+ stw_raw(w ++, 0x240); /* unsigned flags */
+ stw_raw(w ++, 0xc000); /* s16 power_pin */
+ stw_raw(w ++, 0x0248); /* s16 switch_pin */
+ stw_raw(w ++, 0xc000); /* s16 wp_pin */
+ } else {
+ stw_raw(w ++, 0xf); /* unsigned flags */
+ stw_raw(w ++, -1); /* s16 power_pin */
+ stw_raw(w ++, -1); /* s16 switch_pin */
+ stw_raw(w ++, -1); /* s16 wp_pin */
+ stw_raw(w ++, 0); /* unsigned flags */
+ stw_raw(w ++, 0); /* s16 power_pin */
+ stw_raw(w ++, 0); /* s16 switch_pin */
+ stw_raw(w ++, 0); /* s16 wp_pin */
+ }
+
+ stw_raw(w ++, OMAP_TAG_TEA5761); /* u16 tag */
+ stw_raw(w ++, 4); /* u16 len */
+ stw_raw(w ++, N8X0_TEA5761_CS_GPIO); /* u16 enable_gpio */
+ w ++;
+
+ partition = (model == 810) ? n810_part_info : n800_part_info;
+ for (; partition->name; partition ++) {
+ stw_raw(w ++, OMAP_TAG_PARTITION); /* u16 tag */
+ stw_raw(w ++, 28); /* u16 len */
+ strcpy((void *) w, partition->name); /* char name[16] */
+ l = (void *) (w + 8);
+ stl_raw(l ++, partition->size); /* unsigned int size */
+ stl_raw(l ++, partition->offset); /* unsigned int offset */
+ stl_raw(l ++, partition->mask); /* unsigned int mask_flags */
+ w = (void *) l;
+ }
+
+ stw_raw(w ++, OMAP_TAG_BOOT_REASON); /* u16 tag */
+ stw_raw(w ++, 12); /* u16 len */
+#if 0
+ strcpy((void *) w, "por"); /* char reason_str[12] */
+ strcpy((void *) w, "charger"); /* char reason_str[12] */
+ strcpy((void *) w, "32wd_to"); /* char reason_str[12] */
+ strcpy((void *) w, "sw_rst"); /* char reason_str[12] */
+ strcpy((void *) w, "mbus"); /* char reason_str[12] */
+ strcpy((void *) w, "unknown"); /* char reason_str[12] */
+ strcpy((void *) w, "swdg_to"); /* char reason_str[12] */
+ strcpy((void *) w, "sec_vio"); /* char reason_str[12] */
+ strcpy((void *) w, "pwr_key"); /* char reason_str[12] */
+ strcpy((void *) w, "rtc_alarm"); /* char reason_str[12] */
+#else
+ strcpy((void *) w, "pwr_key"); /* char reason_str[12] */
+#endif
+ w += 6;
+
+ tag = (model == 810) ? "RX-44" : "RX-34";
+ stw_raw(w ++, OMAP_TAG_VERSION_STR); /* u16 tag */
+ stw_raw(w ++, 24); /* u16 len */
+ strcpy((void *) w, "product"); /* char component[12] */
+ w += 6;
+ strcpy((void *) w, tag); /* char version[12] */
+ w += 6;
+
+ stw_raw(w ++, OMAP_TAG_VERSION_STR); /* u16 tag */
+ stw_raw(w ++, 24); /* u16 len */
+ strcpy((void *) w, "hw-build"); /* char component[12] */
+ w += 6;
+ strcpy((void *) w, "QEMU ");
+ pstrcat((void *) w, 12, qemu_get_version()); /* char version[12] */
+ w += 6;
+
+ tag = (model == 810) ? "1.1.10-qemu" : "1.1.6-qemu";
+ stw_raw(w ++, OMAP_TAG_VERSION_STR); /* u16 tag */
+ stw_raw(w ++, 24); /* u16 len */
+ strcpy((void *) w, "nolo"); /* char component[12] */
+ w += 6;
+ strcpy((void *) w, tag); /* char version[12] */
+ w += 6;
+
+ return (void *) w - p;
+}
+
+static int n800_atag_setup(const struct arm_boot_info *info, void *p)
+{
+ return n8x0_atag_setup(p, 800);
+}
+
+static int n810_atag_setup(const struct arm_boot_info *info, void *p)
+{
+ return n8x0_atag_setup(p, 810);
+}
+
+static void n8x0_init(QEMUMachineInitArgs *args,
+ struct arm_boot_info *binfo, int model)
+{
+ MemoryRegion *sysmem = get_system_memory();
+ struct n800_s *s = (struct n800_s *) g_malloc0(sizeof(*s));
+ int sdram_size = binfo->ram_size;
+
+ s->mpu = omap2420_mpu_init(sysmem, sdram_size, args->cpu_model);
+
+ /* Setup peripherals
+ *
+ * Believed external peripherals layout in the N810:
+ * (spi bus 1)
+ * tsc2005
+ * lcd_mipid
+ * (spi bus 2)
+ * Conexant cx3110x (WLAN)
+ * optional: pc2400m (WiMAX)
+ * (i2c bus 0)
+ * TLV320AIC33 (audio codec)
+ * TCM825x (camera by Toshiba)
+ * lp5521 (clever LEDs)
+ * tsl2563 (light sensor, hwmon, model 7, rev. 0)
+ * lm8323 (keypad, manf 00, rev 04)
+ * (i2c bus 1)
+ * tmp105 (temperature sensor, hwmon)
+ * menelaus (pm)
+ * (somewhere on i2c - maybe N800-only)
+ * tea5761 (FM tuner)
+ * (serial 0)
+ * GPS
+ * (some serial port)
+ * csr41814 (Bluetooth)
+ */
+ n8x0_gpio_setup(s);
+ n8x0_nand_setup(s);
+ n8x0_i2c_setup(s);
+ if (model == 800)
+ n800_tsc_kbd_setup(s);
+ else if (model == 810) {
+ n810_tsc_setup(s);
+ n810_kbd_setup(s);
+ }
+ n8x0_spi_setup(s);
+ n8x0_dss_setup(s);
+ n8x0_cbus_setup(s);
+ n8x0_uart_setup(s);
+ if (usb_enabled(false)) {
+ n8x0_usb_setup(s);
+ }
+
+ if (args->kernel_filename) {
+ /* Or at the linux loader. */
+ binfo->kernel_filename = args->kernel_filename;
+ binfo->kernel_cmdline = args->kernel_cmdline;
+ binfo->initrd_filename = args->initrd_filename;
+ arm_load_kernel(s->mpu->cpu, binfo);
+
+ qemu_register_reset(n8x0_boot_init, s);
+ }
+
+ if (option_rom[0].name &&
+ (args->boot_device[0] == 'n' || !args->kernel_filename)) {
+ uint8_t nolo_tags[0x10000];
+ /* No, wait, better start at the ROM. */
+ s->mpu->cpu->env.regs[15] = OMAP2_Q2_BASE + 0x400000;
+
+ /* This is intended for loading the `secondary.bin' program from
+ * Nokia images (the NOLO bootloader). The entry point seems
+ * to be at OMAP2_Q2_BASE + 0x400000.
+ *
+ * The `2nd.bin' files contain some kind of earlier boot code and
+ * for them the entry point needs to be set to OMAP2_SRAM_BASE.
+ *
+ * The code above is for loading the `zImage' file from Nokia
+ * images. */
+ load_image_targphys(option_rom[0].name,
+ OMAP2_Q2_BASE + 0x400000,
+ sdram_size - 0x400000);
+
+ n800_setup_nolo_tags(nolo_tags);
+ cpu_physical_memory_write(OMAP2_SRAM_BASE, nolo_tags, 0x10000);
+ }
+}
+
+static struct arm_boot_info n800_binfo = {
+ .loader_start = OMAP2_Q2_BASE,
+ /* Actually two chips of 0x4000000 bytes each */
+ .ram_size = 0x08000000,
+ .board_id = 0x4f7,
+ .atag_board = n800_atag_setup,
+};
+
+static struct arm_boot_info n810_binfo = {
+ .loader_start = OMAP2_Q2_BASE,
+ /* Actually two chips of 0x4000000 bytes each */
+ .ram_size = 0x08000000,
+ /* 0x60c and 0x6bf (WiMAX Edition) have been assigned but are not
+ * used by some older versions of the bootloader and 5555 is used
+ * instead (including versions that shipped with many devices). */
+ .board_id = 0x60c,
+ .atag_board = n810_atag_setup,
+};
+
+static void n800_init(QEMUMachineInitArgs *args)
+{
+ return n8x0_init(args, &n800_binfo, 800);
+}
+
+static void n810_init(QEMUMachineInitArgs *args)
+{
+ return n8x0_init(args, &n810_binfo, 810);
+}
+
+static QEMUMachine n800_machine = {
+ .name = "n800",
+ .desc = "Nokia N800 tablet aka. RX-34 (OMAP2420)",
+ .init = n800_init,
+ DEFAULT_MACHINE_OPTIONS,
+};
+
+static QEMUMachine n810_machine = {
+ .name = "n810",
+ .desc = "Nokia N810 tablet aka. RX-44 (OMAP2420)",
+ .init = n810_init,
+ DEFAULT_MACHINE_OPTIONS,
+};
+
+static void nseries_machine_init(void)
+{
+ qemu_register_machine(&n800_machine);
+ qemu_register_machine(&n810_machine);
+}
+
+machine_init(nseries_machine_init);
diff --git a/hw/arm/omap1.c b/hw/arm/omap1.c
new file mode 100644
index 000000000..19be5fcd0
--- /dev/null
+++ b/hw/arm/omap1.c
@@ -0,0 +1,4059 @@
+/*
+ * TI OMAP processors emulation.
+ *
+ * Copyright (C) 2006-2008 Andrzej Zaborowski <balrog@zabor.org>
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License as
+ * published by the Free Software Foundation; either version 2 or
+ * (at your option) version 3 of the License.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+#include "hw/hw.h"
+#include "hw/arm/arm.h"
+#include "hw/arm/omap.h"
+#include "sysemu/sysemu.h"
+#include "hw/arm/soc_dma.h"
+#include "sysemu/blockdev.h"
+#include "qemu/range.h"
+#include "hw/sysbus.h"
+
+/* Should signal the TCMI/GPMC */
+uint32_t omap_badwidth_read8(void *opaque, hwaddr addr)
+{
+ uint8_t ret;
+
+ OMAP_8B_REG(addr);
+ cpu_physical_memory_read(addr, &ret, 1);
+ return ret;
+}
+
+void omap_badwidth_write8(void *opaque, hwaddr addr,
+ uint32_t value)
+{
+ uint8_t val8 = value;
+
+ OMAP_8B_REG(addr);
+ cpu_physical_memory_write(addr, &val8, 1);
+}
+
+uint32_t omap_badwidth_read16(void *opaque, hwaddr addr)
+{
+ uint16_t ret;
+
+ OMAP_16B_REG(addr);
+ cpu_physical_memory_read(addr, &ret, 2);
+ return ret;
+}
+
+void omap_badwidth_write16(void *opaque, hwaddr addr,
+ uint32_t value)
+{
+ uint16_t val16 = value;
+
+ OMAP_16B_REG(addr);
+ cpu_physical_memory_write(addr, &val16, 2);
+}
+
+uint32_t omap_badwidth_read32(void *opaque, hwaddr addr)
+{
+ uint32_t ret;
+
+ OMAP_32B_REG(addr);
+ cpu_physical_memory_read(addr, &ret, 4);
+ return ret;
+}
+
+void omap_badwidth_write32(void *opaque, hwaddr addr,
+ uint32_t value)
+{
+ OMAP_32B_REG(addr);
+ cpu_physical_memory_write(addr, &value, 4);
+}
+
+/* MPU OS timers */
+struct omap_mpu_timer_s {
+ MemoryRegion iomem;
+ qemu_irq irq;
+ omap_clk clk;
+ uint32_t val;
+ int64_t time;
+ QEMUTimer *timer;
+ QEMUBH *tick;
+ int64_t rate;
+ int it_ena;
+
+ int enable;
+ int ptv;
+ int ar;
+ int st;
+ uint32_t reset_val;
+};
+
+static inline uint32_t omap_timer_read(struct omap_mpu_timer_s *timer)
+{
+ uint64_t distance = qemu_get_clock_ns(vm_clock) - timer->time;
+
+ if (timer->st && timer->enable && timer->rate)
+ return timer->val - muldiv64(distance >> (timer->ptv + 1),
+ timer->rate, get_ticks_per_sec());
+ else
+ return timer->val;
+}
+
+static inline void omap_timer_sync(struct omap_mpu_timer_s *timer)
+{
+ timer->val = omap_timer_read(timer);
+ timer->time = qemu_get_clock_ns(vm_clock);
+}
+
+static inline void omap_timer_update(struct omap_mpu_timer_s *timer)
+{
+ int64_t expires;
+
+ if (timer->enable && timer->st && timer->rate) {
+ timer->val = timer->reset_val; /* Should skip this on clk enable */
+ expires = muldiv64((uint64_t) timer->val << (timer->ptv + 1),
+ get_ticks_per_sec(), timer->rate);
+
+ /* If timer expiry would be sooner than in about 1 ms and
+ * auto-reload isn't set, then fire immediately. This is a hack
+ * to make systems like PalmOS run in acceptable time. PalmOS
+ * sets the interval to a very low value and polls the status bit
+ * in a busy loop when it wants to sleep just a couple of CPU
+ * ticks. */
+ if (expires > (get_ticks_per_sec() >> 10) || timer->ar)
+ qemu_mod_timer(timer->timer, timer->time + expires);
+ else
+ qemu_bh_schedule(timer->tick);
+ } else
+ qemu_del_timer(timer->timer);
+}
+
+static void omap_timer_fire(void *opaque)
+{
+ struct omap_mpu_timer_s *timer = opaque;
+
+ if (!timer->ar) {
+ timer->val = 0;
+ timer->st = 0;
+ }
+
+ if (timer->it_ena)
+ /* Edge-triggered irq */
+ qemu_irq_pulse(timer->irq);
+}
+
+static void omap_timer_tick(void *opaque)
+{
+ struct omap_mpu_timer_s *timer = (struct omap_mpu_timer_s *) opaque;
+
+ omap_timer_sync(timer);
+ omap_timer_fire(timer);
+ omap_timer_update(timer);
+}
+
+static void omap_timer_clk_update(void *opaque, int line, int on)
+{
+ struct omap_mpu_timer_s *timer = (struct omap_mpu_timer_s *) opaque;
+
+ omap_timer_sync(timer);
+ timer->rate = on ? omap_clk_getrate(timer->clk) : 0;
+ omap_timer_update(timer);
+}
+
+static void omap_timer_clk_setup(struct omap_mpu_timer_s *timer)
+{
+ omap_clk_adduser(timer->clk,
+ qemu_allocate_irqs(omap_timer_clk_update, timer, 1)[0]);
+ timer->rate = omap_clk_getrate(timer->clk);
+}
+
+static uint64_t omap_mpu_timer_read(void *opaque, hwaddr addr,
+ unsigned size)
+{
+ struct omap_mpu_timer_s *s = (struct omap_mpu_timer_s *) opaque;
+
+ if (size != 4) {
+ return omap_badwidth_read32(opaque, addr);
+ }
+
+ switch (addr) {
+ case 0x00: /* CNTL_TIMER */
+ return (s->enable << 5) | (s->ptv << 2) | (s->ar << 1) | s->st;
+
+ case 0x04: /* LOAD_TIM */
+ break;
+
+ case 0x08: /* READ_TIM */
+ return omap_timer_read(s);
+ }
+
+ OMAP_BAD_REG(addr);
+ return 0;
+}
+
+static void omap_mpu_timer_write(void *opaque, hwaddr addr,
+ uint64_t value, unsigned size)
+{
+ struct omap_mpu_timer_s *s = (struct omap_mpu_timer_s *) opaque;
+
+ if (size != 4) {
+ return omap_badwidth_write32(opaque, addr, value);
+ }
+
+ switch (addr) {
+ case 0x00: /* CNTL_TIMER */
+ omap_timer_sync(s);
+ s->enable = (value >> 5) & 1;
+ s->ptv = (value >> 2) & 7;
+ s->ar = (value >> 1) & 1;
+ s->st = value & 1;
+ omap_timer_update(s);
+ return;
+
+ case 0x04: /* LOAD_TIM */
+ s->reset_val = value;
+ return;
+
+ case 0x08: /* READ_TIM */
+ OMAP_RO_REG(addr);
+ break;
+
+ default:
+ OMAP_BAD_REG(addr);
+ }
+}
+
+static const MemoryRegionOps omap_mpu_timer_ops = {
+ .read = omap_mpu_timer_read,
+ .write = omap_mpu_timer_write,
+ .endianness = DEVICE_LITTLE_ENDIAN,
+};
+
+static void omap_mpu_timer_reset(struct omap_mpu_timer_s *s)
+{
+ qemu_del_timer(s->timer);
+ s->enable = 0;
+ s->reset_val = 31337;
+ s->val = 0;
+ s->ptv = 0;
+ s->ar = 0;
+ s->st = 0;
+ s->it_ena = 1;
+}
+
+static struct omap_mpu_timer_s *omap_mpu_timer_init(MemoryRegion *system_memory,
+ hwaddr base,
+ qemu_irq irq, omap_clk clk)
+{
+ struct omap_mpu_timer_s *s = (struct omap_mpu_timer_s *)
+ g_malloc0(sizeof(struct omap_mpu_timer_s));
+
+ s->irq = irq;
+ s->clk = clk;
+ s->timer = qemu_new_timer_ns(vm_clock, omap_timer_tick, s);
+ s->tick = qemu_bh_new(omap_timer_fire, s);
+ omap_mpu_timer_reset(s);
+ omap_timer_clk_setup(s);
+
+ memory_region_init_io(&s->iomem, NULL, &omap_mpu_timer_ops, s,
+ "omap-mpu-timer", 0x100);
+
+ memory_region_add_subregion(system_memory, base, &s->iomem);
+
+ return s;
+}
+
+/* Watchdog timer */
+struct omap_watchdog_timer_s {
+ struct omap_mpu_timer_s timer;
+ MemoryRegion iomem;
+ uint8_t last_wr;
+ int mode;
+ int free;
+ int reset;
+};
+
+static uint64_t omap_wd_timer_read(void *opaque, hwaddr addr,
+ unsigned size)
+{
+ struct omap_watchdog_timer_s *s = (struct omap_watchdog_timer_s *) opaque;
+
+ if (size != 2) {
+ return omap_badwidth_read16(opaque, addr);
+ }
+
+ switch (addr) {
+ case 0x00: /* CNTL_TIMER */
+ return (s->timer.ptv << 9) | (s->timer.ar << 8) |
+ (s->timer.st << 7) | (s->free << 1);
+
+ case 0x04: /* READ_TIMER */
+ return omap_timer_read(&s->timer);
+
+ case 0x08: /* TIMER_MODE */
+ return s->mode << 15;
+ }
+
+ OMAP_BAD_REG(addr);
+ return 0;
+}
+
+static void omap_wd_timer_write(void *opaque, hwaddr addr,
+ uint64_t value, unsigned size)
+{
+ struct omap_watchdog_timer_s *s = (struct omap_watchdog_timer_s *) opaque;
+
+ if (size != 2) {
+ return omap_badwidth_write16(opaque, addr, value);
+ }
+
+ switch (addr) {
+ case 0x00: /* CNTL_TIMER */
+ omap_timer_sync(&s->timer);
+ s->timer.ptv = (value >> 9) & 7;
+ s->timer.ar = (value >> 8) & 1;
+ s->timer.st = (value >> 7) & 1;
+ s->free = (value >> 1) & 1;
+ omap_timer_update(&s->timer);
+ break;
+
+ case 0x04: /* LOAD_TIMER */
+ s->timer.reset_val = value & 0xffff;
+ break;
+
+ case 0x08: /* TIMER_MODE */
+ if (!s->mode && ((value >> 15) & 1))
+ omap_clk_get(s->timer.clk);
+ s->mode |= (value >> 15) & 1;
+ if (s->last_wr == 0xf5) {
+ if ((value & 0xff) == 0xa0) {
+ if (s->mode) {
+ s->mode = 0;
+ omap_clk_put(s->timer.clk);
+ }
+ } else {
+ /* XXX: on T|E hardware somehow this has no effect,
+ * on Zire 71 it works as specified. */
+ s->reset = 1;
+ qemu_system_reset_request();
+ }
+ }
+ s->last_wr = value & 0xff;
+ break;
+
+ default:
+ OMAP_BAD_REG(addr);
+ }
+}
+
+static const MemoryRegionOps omap_wd_timer_ops = {
+ .read = omap_wd_timer_read,
+ .write = omap_wd_timer_write,
+ .endianness = DEVICE_NATIVE_ENDIAN,
+};
+
+static void omap_wd_timer_reset(struct omap_watchdog_timer_s *s)
+{
+ qemu_del_timer(s->timer.timer);
+ if (!s->mode)
+ omap_clk_get(s->timer.clk);
+ s->mode = 1;
+ s->free = 1;
+ s->reset = 0;
+ s->timer.enable = 1;
+ s->timer.it_ena = 1;
+ s->timer.reset_val = 0xffff;
+ s->timer.val = 0;
+ s->timer.st = 0;
+ s->timer.ptv = 0;
+ s->timer.ar = 0;
+ omap_timer_update(&s->timer);
+}
+
+static struct omap_watchdog_timer_s *omap_wd_timer_init(MemoryRegion *memory,
+ hwaddr base,
+ qemu_irq irq, omap_clk clk)
+{
+ struct omap_watchdog_timer_s *s = (struct omap_watchdog_timer_s *)
+ g_malloc0(sizeof(struct omap_watchdog_timer_s));
+
+ s->timer.irq = irq;
+ s->timer.clk = clk;
+ s->timer.timer = qemu_new_timer_ns(vm_clock, omap_timer_tick, &s->timer);
+ omap_wd_timer_reset(s);
+ omap_timer_clk_setup(&s->timer);
+
+ memory_region_init_io(&s->iomem, NULL, &omap_wd_timer_ops, s,
+ "omap-wd-timer", 0x100);
+ memory_region_add_subregion(memory, base, &s->iomem);
+
+ return s;
+}
+
+/* 32-kHz timer */
+struct omap_32khz_timer_s {
+ struct omap_mpu_timer_s timer;
+ MemoryRegion iomem;
+};
+
+static uint64_t omap_os_timer_read(void *opaque, hwaddr addr,
+ unsigned size)
+{
+ struct omap_32khz_timer_s *s = (struct omap_32khz_timer_s *) opaque;
+ int offset = addr & OMAP_MPUI_REG_MASK;
+
+ if (size != 4) {
+ return omap_badwidth_read32(opaque, addr);
+ }
+
+ switch (offset) {
+ case 0x00: /* TVR */
+ return s->timer.reset_val;
+
+ case 0x04: /* TCR */
+ return omap_timer_read(&s->timer);
+
+ case 0x08: /* CR */
+ return (s->timer.ar << 3) | (s->timer.it_ena << 2) | s->timer.st;
+
+ default:
+ break;
+ }
+ OMAP_BAD_REG(addr);
+ return 0;
+}
+
+static void omap_os_timer_write(void *opaque, hwaddr addr,
+ uint64_t value, unsigned size)
+{
+ struct omap_32khz_timer_s *s = (struct omap_32khz_timer_s *) opaque;
+ int offset = addr & OMAP_MPUI_REG_MASK;
+
+ if (size != 4) {
+ return omap_badwidth_write32(opaque, addr, value);
+ }
+
+ switch (offset) {
+ case 0x00: /* TVR */
+ s->timer.reset_val = value & 0x00ffffff;
+ break;
+
+ case 0x04: /* TCR */
+ OMAP_RO_REG(addr);
+ break;
+
+ case 0x08: /* CR */
+ s->timer.ar = (value >> 3) & 1;
+ s->timer.it_ena = (value >> 2) & 1;
+ if (s->timer.st != (value & 1) || (value & 2)) {
+ omap_timer_sync(&s->timer);
+ s->timer.enable = value & 1;
+ s->timer.st = value & 1;
+ omap_timer_update(&s->timer);
+ }
+ break;
+
+ default:
+ OMAP_BAD_REG(addr);
+ }
+}
+
+static const MemoryRegionOps omap_os_timer_ops = {
+ .read = omap_os_timer_read,
+ .write = omap_os_timer_write,
+ .endianness = DEVICE_NATIVE_ENDIAN,
+};
+
+static void omap_os_timer_reset(struct omap_32khz_timer_s *s)
+{
+ qemu_del_timer(s->timer.timer);
+ s->timer.enable = 0;
+ s->timer.it_ena = 0;
+ s->timer.reset_val = 0x00ffffff;
+ s->timer.val = 0;
+ s->timer.st = 0;
+ s->timer.ptv = 0;
+ s->timer.ar = 1;
+}
+
+static struct omap_32khz_timer_s *omap_os_timer_init(MemoryRegion *memory,
+ hwaddr base,
+ qemu_irq irq, omap_clk clk)
+{
+ struct omap_32khz_timer_s *s = (struct omap_32khz_timer_s *)
+ g_malloc0(sizeof(struct omap_32khz_timer_s));
+
+ s->timer.irq = irq;
+ s->timer.clk = clk;
+ s->timer.timer = qemu_new_timer_ns(vm_clock, omap_timer_tick, &s->timer);
+ omap_os_timer_reset(s);
+ omap_timer_clk_setup(&s->timer);
+
+ memory_region_init_io(&s->iomem, NULL, &omap_os_timer_ops, s,
+ "omap-os-timer", 0x800);
+ memory_region_add_subregion(memory, base, &s->iomem);
+
+ return s;
+}
+
+/* Ultra Low-Power Device Module */
+static uint64_t omap_ulpd_pm_read(void *opaque, hwaddr addr,
+ unsigned size)
+{
+ struct omap_mpu_state_s *s = (struct omap_mpu_state_s *) opaque;
+ uint16_t ret;
+
+ if (size != 2) {
+ return omap_badwidth_read16(opaque, addr);
+ }
+
+ switch (addr) {
+ case 0x14: /* IT_STATUS */
+ ret = s->ulpd_pm_regs[addr >> 2];
+ s->ulpd_pm_regs[addr >> 2] = 0;
+ qemu_irq_lower(qdev_get_gpio_in(s->ih[1], OMAP_INT_GAUGE_32K));
+ return ret;
+
+ case 0x18: /* Reserved */
+ case 0x1c: /* Reserved */
+ case 0x20: /* Reserved */
+ case 0x28: /* Reserved */
+ case 0x2c: /* Reserved */
+ OMAP_BAD_REG(addr);
+ /* fall through */
+ case 0x00: /* COUNTER_32_LSB */
+ case 0x04: /* COUNTER_32_MSB */
+ case 0x08: /* COUNTER_HIGH_FREQ_LSB */
+ case 0x0c: /* COUNTER_HIGH_FREQ_MSB */
+ case 0x10: /* GAUGING_CTRL */
+ case 0x24: /* SETUP_ANALOG_CELL3_ULPD1 */
+ case 0x30: /* CLOCK_CTRL */
+ case 0x34: /* SOFT_REQ */
+ case 0x38: /* COUNTER_32_FIQ */
+ case 0x3c: /* DPLL_CTRL */
+ case 0x40: /* STATUS_REQ */
+ /* XXX: check clk::usecount state for every clock */
+ case 0x48: /* LOCL_TIME */
+ case 0x4c: /* APLL_CTRL */
+ case 0x50: /* POWER_CTRL */
+ return s->ulpd_pm_regs[addr >> 2];
+ }
+
+ OMAP_BAD_REG(addr);
+ return 0;
+}
+
+static inline void omap_ulpd_clk_update(struct omap_mpu_state_s *s,
+ uint16_t diff, uint16_t value)
+{
+ if (diff & (1 << 4)) /* USB_MCLK_EN */
+ omap_clk_onoff(omap_findclk(s, "usb_clk0"), (value >> 4) & 1);
+ if (diff & (1 << 5)) /* DIS_USB_PVCI_CLK */
+ omap_clk_onoff(omap_findclk(s, "usb_w2fc_ck"), (~value >> 5) & 1);
+}
+
+static inline void omap_ulpd_req_update(struct omap_mpu_state_s *s,
+ uint16_t diff, uint16_t value)
+{
+ if (diff & (1 << 0)) /* SOFT_DPLL_REQ */
+ omap_clk_canidle(omap_findclk(s, "dpll4"), (~value >> 0) & 1);
+ if (diff & (1 << 1)) /* SOFT_COM_REQ */
+ omap_clk_canidle(omap_findclk(s, "com_mclk_out"), (~value >> 1) & 1);
+ if (diff & (1 << 2)) /* SOFT_SDW_REQ */
+ omap_clk_canidle(omap_findclk(s, "bt_mclk_out"), (~value >> 2) & 1);
+ if (diff & (1 << 3)) /* SOFT_USB_REQ */
+ omap_clk_canidle(omap_findclk(s, "usb_clk0"), (~value >> 3) & 1);
+}
+
+static void omap_ulpd_pm_write(void *opaque, hwaddr addr,
+ uint64_t value, unsigned size)
+{
+ struct omap_mpu_state_s *s = (struct omap_mpu_state_s *) opaque;
+ int64_t now, ticks;
+ int div, mult;
+ static const int bypass_div[4] = { 1, 2, 4, 4 };
+ uint16_t diff;
+
+ if (size != 2) {
+ return omap_badwidth_write16(opaque, addr, value);
+ }
+
+ switch (addr) {
+ case 0x00: /* COUNTER_32_LSB */
+ case 0x04: /* COUNTER_32_MSB */
+ case 0x08: /* COUNTER_HIGH_FREQ_LSB */
+ case 0x0c: /* COUNTER_HIGH_FREQ_MSB */
+ case 0x14: /* IT_STATUS */
+ case 0x40: /* STATUS_REQ */
+ OMAP_RO_REG(addr);
+ break;
+
+ case 0x10: /* GAUGING_CTRL */
+ /* Bits 0 and 1 seem to be confused in the OMAP 310 TRM */
+ if ((s->ulpd_pm_regs[addr >> 2] ^ value) & 1) {
+ now = qemu_get_clock_ns(vm_clock);
+
+ if (value & 1)
+ s->ulpd_gauge_start = now;
+ else {
+ now -= s->ulpd_gauge_start;
+
+ /* 32-kHz ticks */
+ ticks = muldiv64(now, 32768, get_ticks_per_sec());
+ s->ulpd_pm_regs[0x00 >> 2] = (ticks >> 0) & 0xffff;
+ s->ulpd_pm_regs[0x04 >> 2] = (ticks >> 16) & 0xffff;
+ if (ticks >> 32) /* OVERFLOW_32K */
+ s->ulpd_pm_regs[0x14 >> 2] |= 1 << 2;
+
+ /* High frequency ticks */
+ ticks = muldiv64(now, 12000000, get_ticks_per_sec());
+ s->ulpd_pm_regs[0x08 >> 2] = (ticks >> 0) & 0xffff;
+ s->ulpd_pm_regs[0x0c >> 2] = (ticks >> 16) & 0xffff;
+ if (ticks >> 32) /* OVERFLOW_HI_FREQ */
+ s->ulpd_pm_regs[0x14 >> 2] |= 1 << 1;
+
+ s->ulpd_pm_regs[0x14 >> 2] |= 1 << 0; /* IT_GAUGING */
+ qemu_irq_raise(qdev_get_gpio_in(s->ih[1], OMAP_INT_GAUGE_32K));
+ }
+ }
+ s->ulpd_pm_regs[addr >> 2] = value;
+ break;
+
+ case 0x18: /* Reserved */
+ case 0x1c: /* Reserved */
+ case 0x20: /* Reserved */
+ case 0x28: /* Reserved */
+ case 0x2c: /* Reserved */
+ OMAP_BAD_REG(addr);
+ /* fall through */
+ case 0x24: /* SETUP_ANALOG_CELL3_ULPD1 */
+ case 0x38: /* COUNTER_32_FIQ */
+ case 0x48: /* LOCL_TIME */
+ case 0x50: /* POWER_CTRL */
+ s->ulpd_pm_regs[addr >> 2] = value;
+ break;
+
+ case 0x30: /* CLOCK_CTRL */
+ diff = s->ulpd_pm_regs[addr >> 2] ^ value;
+ s->ulpd_pm_regs[addr >> 2] = value & 0x3f;
+ omap_ulpd_clk_update(s, diff, value);
+ break;
+
+ case 0x34: /* SOFT_REQ */
+ diff = s->ulpd_pm_regs[addr >> 2] ^ value;
+ s->ulpd_pm_regs[addr >> 2] = value & 0x1f;
+ omap_ulpd_req_update(s, diff, value);
+ break;
+
+ case 0x3c: /* DPLL_CTRL */
+ /* XXX: OMAP310 TRM claims bit 3 is PLL_ENABLE, and bit 4 is
+ * omitted altogether, probably a typo. */
+ /* This register has identical semantics with DPLL(1:3) control
+ * registers, see omap_dpll_write() */
+ diff = s->ulpd_pm_regs[addr >> 2] & value;
+ s->ulpd_pm_regs[addr >> 2] = value & 0x2fff;
+ if (diff & (0x3ff << 2)) {
+ if (value & (1 << 4)) { /* PLL_ENABLE */
+ div = ((value >> 5) & 3) + 1; /* PLL_DIV */
+ mult = MIN((value >> 7) & 0x1f, 1); /* PLL_MULT */
+ } else {
+ div = bypass_div[((value >> 2) & 3)]; /* BYPASS_DIV */
+ mult = 1;
+ }
+ omap_clk_setrate(omap_findclk(s, "dpll4"), div, mult);
+ }
+
+ /* Enter the desired mode. */
+ s->ulpd_pm_regs[addr >> 2] =
+ (s->ulpd_pm_regs[addr >> 2] & 0xfffe) |
+ ((s->ulpd_pm_regs[addr >> 2] >> 4) & 1);
+
+ /* Act as if the lock is restored. */
+ s->ulpd_pm_regs[addr >> 2] |= 2;
+ break;
+
+ case 0x4c: /* APLL_CTRL */
+ diff = s->ulpd_pm_regs[addr >> 2] & value;
+ s->ulpd_pm_regs[addr >> 2] = value & 0xf;
+ if (diff & (1 << 0)) /* APLL_NDPLL_SWITCH */
+ omap_clk_reparent(omap_findclk(s, "ck_48m"), omap_findclk(s,
+ (value & (1 << 0)) ? "apll" : "dpll4"));
+ break;
+
+ default:
+ OMAP_BAD_REG(addr);
+ }
+}
+
+static const MemoryRegionOps omap_ulpd_pm_ops = {
+ .read = omap_ulpd_pm_read,
+ .write = omap_ulpd_pm_write,
+ .endianness = DEVICE_NATIVE_ENDIAN,
+};
+
+static void omap_ulpd_pm_reset(struct omap_mpu_state_s *mpu)
+{
+ mpu->ulpd_pm_regs[0x00 >> 2] = 0x0001;
+ mpu->ulpd_pm_regs[0x04 >> 2] = 0x0000;
+ mpu->ulpd_pm_regs[0x08 >> 2] = 0x0001;
+ mpu->ulpd_pm_regs[0x0c >> 2] = 0x0000;
+ mpu->ulpd_pm_regs[0x10 >> 2] = 0x0000;
+ mpu->ulpd_pm_regs[0x18 >> 2] = 0x01;
+ mpu->ulpd_pm_regs[0x1c >> 2] = 0x01;
+ mpu->ulpd_pm_regs[0x20 >> 2] = 0x01;
+ mpu->ulpd_pm_regs[0x24 >> 2] = 0x03ff;
+ mpu->ulpd_pm_regs[0x28 >> 2] = 0x01;
+ mpu->ulpd_pm_regs[0x2c >> 2] = 0x01;
+ omap_ulpd_clk_update(mpu, mpu->ulpd_pm_regs[0x30 >> 2], 0x0000);
+ mpu->ulpd_pm_regs[0x30 >> 2] = 0x0000;
+ omap_ulpd_req_update(mpu, mpu->ulpd_pm_regs[0x34 >> 2], 0x0000);
+ mpu->ulpd_pm_regs[0x34 >> 2] = 0x0000;
+ mpu->ulpd_pm_regs[0x38 >> 2] = 0x0001;
+ mpu->ulpd_pm_regs[0x3c >> 2] = 0x2211;
+ mpu->ulpd_pm_regs[0x40 >> 2] = 0x0000; /* FIXME: dump a real STATUS_REQ */
+ mpu->ulpd_pm_regs[0x48 >> 2] = 0x960;
+ mpu->ulpd_pm_regs[0x4c >> 2] = 0x08;
+ mpu->ulpd_pm_regs[0x50 >> 2] = 0x08;
+ omap_clk_setrate(omap_findclk(mpu, "dpll4"), 1, 4);
+ omap_clk_reparent(omap_findclk(mpu, "ck_48m"), omap_findclk(mpu, "dpll4"));
+}
+
+static void omap_ulpd_pm_init(MemoryRegion *system_memory,
+ hwaddr base,
+ struct omap_mpu_state_s *mpu)
+{
+ memory_region_init_io(&mpu->ulpd_pm_iomem, NULL, &omap_ulpd_pm_ops, mpu,
+ "omap-ulpd-pm", 0x800);
+ memory_region_add_subregion(system_memory, base, &mpu->ulpd_pm_iomem);
+ omap_ulpd_pm_reset(mpu);
+}
+
+/* OMAP Pin Configuration */
+static uint64_t omap_pin_cfg_read(void *opaque, hwaddr addr,
+ unsigned size)
+{
+ struct omap_mpu_state_s *s = (struct omap_mpu_state_s *) opaque;
+
+ if (size != 4) {
+ return omap_badwidth_read32(opaque, addr);
+ }
+
+ switch (addr) {
+ case 0x00: /* FUNC_MUX_CTRL_0 */
+ case 0x04: /* FUNC_MUX_CTRL_1 */
+ case 0x08: /* FUNC_MUX_CTRL_2 */
+ return s->func_mux_ctrl[addr >> 2];
+
+ case 0x0c: /* COMP_MODE_CTRL_0 */
+ return s->comp_mode_ctrl[0];
+
+ case 0x10: /* FUNC_MUX_CTRL_3 */
+ case 0x14: /* FUNC_MUX_CTRL_4 */
+ case 0x18: /* FUNC_MUX_CTRL_5 */
+ case 0x1c: /* FUNC_MUX_CTRL_6 */
+ case 0x20: /* FUNC_MUX_CTRL_7 */
+ case 0x24: /* FUNC_MUX_CTRL_8 */
+ case 0x28: /* FUNC_MUX_CTRL_9 */
+ case 0x2c: /* FUNC_MUX_CTRL_A */
+ case 0x30: /* FUNC_MUX_CTRL_B */
+ case 0x34: /* FUNC_MUX_CTRL_C */
+ case 0x38: /* FUNC_MUX_CTRL_D */
+ return s->func_mux_ctrl[(addr >> 2) - 1];
+
+ case 0x40: /* PULL_DWN_CTRL_0 */
+ case 0x44: /* PULL_DWN_CTRL_1 */
+ case 0x48: /* PULL_DWN_CTRL_2 */
+ case 0x4c: /* PULL_DWN_CTRL_3 */
+ return s->pull_dwn_ctrl[(addr & 0xf) >> 2];
+
+ case 0x50: /* GATE_INH_CTRL_0 */
+ return s->gate_inh_ctrl[0];
+
+ case 0x60: /* VOLTAGE_CTRL_0 */
+ return s->voltage_ctrl[0];
+
+ case 0x70: /* TEST_DBG_CTRL_0 */
+ return s->test_dbg_ctrl[0];
+
+ case 0x80: /* MOD_CONF_CTRL_0 */
+ return s->mod_conf_ctrl[0];
+ }
+
+ OMAP_BAD_REG(addr);
+ return 0;
+}
+
+static inline void omap_pin_funcmux0_update(struct omap_mpu_state_s *s,
+ uint32_t diff, uint32_t value)
+{
+ if (s->compat1509) {
+ if (diff & (1 << 9)) /* BLUETOOTH */
+ omap_clk_onoff(omap_findclk(s, "bt_mclk_out"),
+ (~value >> 9) & 1);
+ if (diff & (1 << 7)) /* USB.CLKO */
+ omap_clk_onoff(omap_findclk(s, "usb.clko"),
+ (value >> 7) & 1);
+ }
+}
+
+static inline void omap_pin_funcmux1_update(struct omap_mpu_state_s *s,
+ uint32_t diff, uint32_t value)
+{
+ if (s->compat1509) {
+ if (diff & (1 << 31)) /* MCBSP3_CLK_HIZ_DI */
+ omap_clk_onoff(omap_findclk(s, "mcbsp3.clkx"),
+ (value >> 31) & 1);
+ if (diff & (1 << 1)) /* CLK32K */
+ omap_clk_onoff(omap_findclk(s, "clk32k_out"),
+ (~value >> 1) & 1);
+ }
+}
+
+static inline void omap_pin_modconf1_update(struct omap_mpu_state_s *s,
+ uint32_t diff, uint32_t value)
+{
+ if (diff & (1 << 31)) /* CONF_MOD_UART3_CLK_MODE_R */
+ omap_clk_reparent(omap_findclk(s, "uart3_ck"),
+ omap_findclk(s, ((value >> 31) & 1) ?
+ "ck_48m" : "armper_ck"));
+ if (diff & (1 << 30)) /* CONF_MOD_UART2_CLK_MODE_R */
+ omap_clk_reparent(omap_findclk(s, "uart2_ck"),
+ omap_findclk(s, ((value >> 30) & 1) ?
+ "ck_48m" : "armper_ck"));
+ if (diff & (1 << 29)) /* CONF_MOD_UART1_CLK_MODE_R */
+ omap_clk_reparent(omap_findclk(s, "uart1_ck"),
+ omap_findclk(s, ((value >> 29) & 1) ?
+ "ck_48m" : "armper_ck"));
+ if (diff & (1 << 23)) /* CONF_MOD_MMC_SD_CLK_REQ_R */
+ omap_clk_reparent(omap_findclk(s, "mmc_ck"),
+ omap_findclk(s, ((value >> 23) & 1) ?
+ "ck_48m" : "armper_ck"));
+ if (diff & (1 << 12)) /* CONF_MOD_COM_MCLK_12_48_S */
+ omap_clk_reparent(omap_findclk(s, "com_mclk_out"),
+ omap_findclk(s, ((value >> 12) & 1) ?
+ "ck_48m" : "armper_ck"));
+ if (diff & (1 << 9)) /* CONF_MOD_USB_HOST_HHC_UHO */
+ omap_clk_onoff(omap_findclk(s, "usb_hhc_ck"), (value >> 9) & 1);
+}
+
+static void omap_pin_cfg_write(void *opaque, hwaddr addr,
+ uint64_t value, unsigned size)
+{
+ struct omap_mpu_state_s *s = (struct omap_mpu_state_s *) opaque;
+ uint32_t diff;
+
+ if (size != 4) {
+ return omap_badwidth_write32(opaque, addr, value);
+ }
+
+ switch (addr) {
+ case 0x00: /* FUNC_MUX_CTRL_0 */
+ diff = s->func_mux_ctrl[addr >> 2] ^ value;
+ s->func_mux_ctrl[addr >> 2] = value;
+ omap_pin_funcmux0_update(s, diff, value);
+ return;
+
+ case 0x04: /* FUNC_MUX_CTRL_1 */
+ diff = s->func_mux_ctrl[addr >> 2] ^ value;
+ s->func_mux_ctrl[addr >> 2] = value;
+ omap_pin_funcmux1_update(s, diff, value);
+ return;
+
+ case 0x08: /* FUNC_MUX_CTRL_2 */
+ s->func_mux_ctrl[addr >> 2] = value;
+ return;
+
+ case 0x0c: /* COMP_MODE_CTRL_0 */
+ s->comp_mode_ctrl[0] = value;
+ s->compat1509 = (value != 0x0000eaef);
+ omap_pin_funcmux0_update(s, ~0, s->func_mux_ctrl[0]);
+ omap_pin_funcmux1_update(s, ~0, s->func_mux_ctrl[1]);
+ return;
+
+ case 0x10: /* FUNC_MUX_CTRL_3 */
+ case 0x14: /* FUNC_MUX_CTRL_4 */
+ case 0x18: /* FUNC_MUX_CTRL_5 */
+ case 0x1c: /* FUNC_MUX_CTRL_6 */
+ case 0x20: /* FUNC_MUX_CTRL_7 */
+ case 0x24: /* FUNC_MUX_CTRL_8 */
+ case 0x28: /* FUNC_MUX_CTRL_9 */
+ case 0x2c: /* FUNC_MUX_CTRL_A */
+ case 0x30: /* FUNC_MUX_CTRL_B */
+ case 0x34: /* FUNC_MUX_CTRL_C */
+ case 0x38: /* FUNC_MUX_CTRL_D */
+ s->func_mux_ctrl[(addr >> 2) - 1] = value;
+ return;
+
+ case 0x40: /* PULL_DWN_CTRL_0 */
+ case 0x44: /* PULL_DWN_CTRL_1 */
+ case 0x48: /* PULL_DWN_CTRL_2 */
+ case 0x4c: /* PULL_DWN_CTRL_3 */
+ s->pull_dwn_ctrl[(addr & 0xf) >> 2] = value;
+ return;
+
+ case 0x50: /* GATE_INH_CTRL_0 */
+ s->gate_inh_ctrl[0] = value;
+ return;
+
+ case 0x60: /* VOLTAGE_CTRL_0 */
+ s->voltage_ctrl[0] = value;
+ return;
+
+ case 0x70: /* TEST_DBG_CTRL_0 */
+ s->test_dbg_ctrl[0] = value;
+ return;
+
+ case 0x80: /* MOD_CONF_CTRL_0 */
+ diff = s->mod_conf_ctrl[0] ^ value;
+ s->mod_conf_ctrl[0] = value;
+ omap_pin_modconf1_update(s, diff, value);
+ return;
+
+ default:
+ OMAP_BAD_REG(addr);
+ }
+}
+
+static const MemoryRegionOps omap_pin_cfg_ops = {
+ .read = omap_pin_cfg_read,
+ .write = omap_pin_cfg_write,
+ .endianness = DEVICE_NATIVE_ENDIAN,
+};
+
+static void omap_pin_cfg_reset(struct omap_mpu_state_s *mpu)
+{
+ /* Start in Compatibility Mode. */
+ mpu->compat1509 = 1;
+ omap_pin_funcmux0_update(mpu, mpu->func_mux_ctrl[0], 0);
+ omap_pin_funcmux1_update(mpu, mpu->func_mux_ctrl[1], 0);
+ omap_pin_modconf1_update(mpu, mpu->mod_conf_ctrl[0], 0);
+ memset(mpu->func_mux_ctrl, 0, sizeof(mpu->func_mux_ctrl));
+ memset(mpu->comp_mode_ctrl, 0, sizeof(mpu->comp_mode_ctrl));
+ memset(mpu->pull_dwn_ctrl, 0, sizeof(mpu->pull_dwn_ctrl));
+ memset(mpu->gate_inh_ctrl, 0, sizeof(mpu->gate_inh_ctrl));
+ memset(mpu->voltage_ctrl, 0, sizeof(mpu->voltage_ctrl));
+ memset(mpu->test_dbg_ctrl, 0, sizeof(mpu->test_dbg_ctrl));
+ memset(mpu->mod_conf_ctrl, 0, sizeof(mpu->mod_conf_ctrl));
+}
+
+static void omap_pin_cfg_init(MemoryRegion *system_memory,
+ hwaddr base,
+ struct omap_mpu_state_s *mpu)
+{
+ memory_region_init_io(&mpu->pin_cfg_iomem, NULL, &omap_pin_cfg_ops, mpu,
+ "omap-pin-cfg", 0x800);
+ memory_region_add_subregion(system_memory, base, &mpu->pin_cfg_iomem);
+ omap_pin_cfg_reset(mpu);
+}
+
+/* Device Identification, Die Identification */
+static uint64_t omap_id_read(void *opaque, hwaddr addr,
+ unsigned size)
+{
+ struct omap_mpu_state_s *s = (struct omap_mpu_state_s *) opaque;
+
+ if (size != 4) {
+ return omap_badwidth_read32(opaque, addr);
+ }
+
+ switch (addr) {
+ case 0xfffe1800: /* DIE_ID_LSB */
+ return 0xc9581f0e;
+ case 0xfffe1804: /* DIE_ID_MSB */
+ return 0xa8858bfa;
+
+ case 0xfffe2000: /* PRODUCT_ID_LSB */
+ return 0x00aaaafc;
+ case 0xfffe2004: /* PRODUCT_ID_MSB */
+ return 0xcafeb574;
+
+ case 0xfffed400: /* JTAG_ID_LSB */
+ switch (s->mpu_model) {
+ case omap310:
+ return 0x03310315;
+ case omap1510:
+ return 0x03310115;
+ default:
+ hw_error("%s: bad mpu model\n", __FUNCTION__);
+ }
+ break;
+
+ case 0xfffed404: /* JTAG_ID_MSB */
+ switch (s->mpu_model) {
+ case omap310:
+ return 0xfb57402f;
+ case omap1510:
+ return 0xfb47002f;
+ default:
+ hw_error("%s: bad mpu model\n", __FUNCTION__);
+ }
+ break;
+ }
+
+ OMAP_BAD_REG(addr);
+ return 0;
+}
+
+static void omap_id_write(void *opaque, hwaddr addr,
+ uint64_t value, unsigned size)
+{
+ if (size != 4) {
+ return omap_badwidth_write32(opaque, addr, value);
+ }
+
+ OMAP_BAD_REG(addr);
+}
+
+static const MemoryRegionOps omap_id_ops = {
+ .read = omap_id_read,
+ .write = omap_id_write,
+ .endianness = DEVICE_NATIVE_ENDIAN,
+};
+
+static void omap_id_init(MemoryRegion *memory, struct omap_mpu_state_s *mpu)
+{
+ memory_region_init_io(&mpu->id_iomem, NULL, &omap_id_ops, mpu,
+ "omap-id", 0x100000000ULL);
+ memory_region_init_alias(&mpu->id_iomem_e18, NULL, "omap-id-e18", &mpu->id_iomem,
+ 0xfffe1800, 0x800);
+ memory_region_add_subregion(memory, 0xfffe1800, &mpu->id_iomem_e18);
+ memory_region_init_alias(&mpu->id_iomem_ed4, NULL, "omap-id-ed4", &mpu->id_iomem,
+ 0xfffed400, 0x100);
+ memory_region_add_subregion(memory, 0xfffed400, &mpu->id_iomem_ed4);
+ if (!cpu_is_omap15xx(mpu)) {
+ memory_region_init_alias(&mpu->id_iomem_ed4, NULL, "omap-id-e20",
+ &mpu->id_iomem, 0xfffe2000, 0x800);
+ memory_region_add_subregion(memory, 0xfffe2000, &mpu->id_iomem_e20);
+ }
+}
+
+/* MPUI Control (Dummy) */
+static uint64_t omap_mpui_read(void *opaque, hwaddr addr,
+ unsigned size)
+{
+ struct omap_mpu_state_s *s = (struct omap_mpu_state_s *) opaque;
+
+ if (size != 4) {
+ return omap_badwidth_read32(opaque, addr);
+ }
+
+ switch (addr) {
+ case 0x00: /* CTRL */
+ return s->mpui_ctrl;
+ case 0x04: /* DEBUG_ADDR */
+ return 0x01ffffff;
+ case 0x08: /* DEBUG_DATA */
+ return 0xffffffff;
+ case 0x0c: /* DEBUG_FLAG */
+ return 0x00000800;
+ case 0x10: /* STATUS */
+ return 0x00000000;
+
+ /* Not in OMAP310 */
+ case 0x14: /* DSP_STATUS */
+ case 0x18: /* DSP_BOOT_CONFIG */
+ return 0x00000000;
+ case 0x1c: /* DSP_MPUI_CONFIG */
+ return 0x0000ffff;
+ }
+
+ OMAP_BAD_REG(addr);
+ return 0;
+}
+
+static void omap_mpui_write(void *opaque, hwaddr addr,
+ uint64_t value, unsigned size)
+{
+ struct omap_mpu_state_s *s = (struct omap_mpu_state_s *) opaque;
+
+ if (size != 4) {
+ return omap_badwidth_write32(opaque, addr, value);
+ }
+
+ switch (addr) {
+ case 0x00: /* CTRL */
+ s->mpui_ctrl = value & 0x007fffff;
+ break;
+
+ case 0x04: /* DEBUG_ADDR */
+ case 0x08: /* DEBUG_DATA */
+ case 0x0c: /* DEBUG_FLAG */
+ case 0x10: /* STATUS */
+ /* Not in OMAP310 */
+ case 0x14: /* DSP_STATUS */
+ OMAP_RO_REG(addr);
+ break;
+ case 0x18: /* DSP_BOOT_CONFIG */
+ case 0x1c: /* DSP_MPUI_CONFIG */
+ break;
+
+ default:
+ OMAP_BAD_REG(addr);
+ }
+}
+
+static const MemoryRegionOps omap_mpui_ops = {
+ .read = omap_mpui_read,
+ .write = omap_mpui_write,
+ .endianness = DEVICE_NATIVE_ENDIAN,
+};
+
+static void omap_mpui_reset(struct omap_mpu_state_s *s)
+{
+ s->mpui_ctrl = 0x0003ff1b;
+}
+
+static void omap_mpui_init(MemoryRegion *memory, hwaddr base,
+ struct omap_mpu_state_s *mpu)
+{
+ memory_region_init_io(&mpu->mpui_iomem, NULL, &omap_mpui_ops, mpu,
+ "omap-mpui", 0x100);
+ memory_region_add_subregion(memory, base, &mpu->mpui_iomem);
+
+ omap_mpui_reset(mpu);
+}
+
+/* TIPB Bridges */
+struct omap_tipb_bridge_s {
+ qemu_irq abort;
+ MemoryRegion iomem;
+
+ int width_intr;
+ uint16_t control;
+ uint16_t alloc;
+ uint16_t buffer;
+ uint16_t enh_control;
+};
+
+static uint64_t omap_tipb_bridge_read(void *opaque, hwaddr addr,
+ unsigned size)
+{
+ struct omap_tipb_bridge_s *s = (struct omap_tipb_bridge_s *) opaque;
+
+ if (size < 2) {
+ return omap_badwidth_read16(opaque, addr);
+ }
+
+ switch (addr) {
+ case 0x00: /* TIPB_CNTL */
+ return s->control;
+ case 0x04: /* TIPB_BUS_ALLOC */
+ return s->alloc;
+ case 0x08: /* MPU_TIPB_CNTL */
+ return s->buffer;
+ case 0x0c: /* ENHANCED_TIPB_CNTL */
+ return s->enh_control;
+ case 0x10: /* ADDRESS_DBG */
+ case 0x14: /* DATA_DEBUG_LOW */
+ case 0x18: /* DATA_DEBUG_HIGH */
+ return 0xffff;
+ case 0x1c: /* DEBUG_CNTR_SIG */
+ return 0x00f8;
+ }
+
+ OMAP_BAD_REG(addr);
+ return 0;
+}
+
+static void omap_tipb_bridge_write(void *opaque, hwaddr addr,
+ uint64_t value, unsigned size)
+{
+ struct omap_tipb_bridge_s *s = (struct omap_tipb_bridge_s *) opaque;
+
+ if (size < 2) {
+ return omap_badwidth_write16(opaque, addr, value);
+ }
+
+ switch (addr) {
+ case 0x00: /* TIPB_CNTL */
+ s->control = value & 0xffff;
+ break;
+
+ case 0x04: /* TIPB_BUS_ALLOC */
+ s->alloc = value & 0x003f;
+ break;
+
+ case 0x08: /* MPU_TIPB_CNTL */
+ s->buffer = value & 0x0003;
+ break;
+
+ case 0x0c: /* ENHANCED_TIPB_CNTL */
+ s->width_intr = !(value & 2);
+ s->enh_control = value & 0x000f;
+ break;
+
+ case 0x10: /* ADDRESS_DBG */
+ case 0x14: /* DATA_DEBUG_LOW */
+ case 0x18: /* DATA_DEBUG_HIGH */
+ case 0x1c: /* DEBUG_CNTR_SIG */
+ OMAP_RO_REG(addr);
+ break;
+
+ default:
+ OMAP_BAD_REG(addr);
+ }
+}
+
+static const MemoryRegionOps omap_tipb_bridge_ops = {
+ .read = omap_tipb_bridge_read,
+ .write = omap_tipb_bridge_write,
+ .endianness = DEVICE_NATIVE_ENDIAN,
+};
+
+static void omap_tipb_bridge_reset(struct omap_tipb_bridge_s *s)
+{
+ s->control = 0xffff;
+ s->alloc = 0x0009;
+ s->buffer = 0x0000;
+ s->enh_control = 0x000f;
+}
+
+static struct omap_tipb_bridge_s *omap_tipb_bridge_init(
+ MemoryRegion *memory, hwaddr base,
+ qemu_irq abort_irq, omap_clk clk)
+{
+ struct omap_tipb_bridge_s *s = (struct omap_tipb_bridge_s *)
+ g_malloc0(sizeof(struct omap_tipb_bridge_s));
+
+ s->abort = abort_irq;
+ omap_tipb_bridge_reset(s);
+
+ memory_region_init_io(&s->iomem, NULL, &omap_tipb_bridge_ops, s,
+ "omap-tipb-bridge", 0x100);
+ memory_region_add_subregion(memory, base, &s->iomem);
+
+ return s;
+}
+
+/* Dummy Traffic Controller's Memory Interface */
+static uint64_t omap_tcmi_read(void *opaque, hwaddr addr,
+ unsigned size)
+{
+ struct omap_mpu_state_s *s = (struct omap_mpu_state_s *) opaque;
+ uint32_t ret;
+
+ if (size != 4) {
+ return omap_badwidth_read32(opaque, addr);
+ }
+
+ switch (addr) {
+ case 0x00: /* IMIF_PRIO */
+ case 0x04: /* EMIFS_PRIO */
+ case 0x08: /* EMIFF_PRIO */
+ case 0x0c: /* EMIFS_CONFIG */
+ case 0x10: /* EMIFS_CS0_CONFIG */
+ case 0x14: /* EMIFS_CS1_CONFIG */
+ case 0x18: /* EMIFS_CS2_CONFIG */
+ case 0x1c: /* EMIFS_CS3_CONFIG */
+ case 0x24: /* EMIFF_MRS */
+ case 0x28: /* TIMEOUT1 */
+ case 0x2c: /* TIMEOUT2 */
+ case 0x30: /* TIMEOUT3 */
+ case 0x3c: /* EMIFF_SDRAM_CONFIG_2 */
+ case 0x40: /* EMIFS_CFG_DYN_WAIT */
+ return s->tcmi_regs[addr >> 2];
+
+ case 0x20: /* EMIFF_SDRAM_CONFIG */
+ ret = s->tcmi_regs[addr >> 2];
+ s->tcmi_regs[addr >> 2] &= ~1; /* XXX: Clear SLRF on SDRAM access */
+ /* XXX: We can try using the VGA_DIRTY flag for this */
+ return ret;
+ }
+
+ OMAP_BAD_REG(addr);
+ return 0;
+}
+
+static void omap_tcmi_write(void *opaque, hwaddr addr,
+ uint64_t value, unsigned size)
+{
+ struct omap_mpu_state_s *s = (struct omap_mpu_state_s *) opaque;
+
+ if (size != 4) {
+ return omap_badwidth_write32(opaque, addr, value);
+ }
+
+ switch (addr) {
+ case 0x00: /* IMIF_PRIO */
+ case 0x04: /* EMIFS_PRIO */
+ case 0x08: /* EMIFF_PRIO */
+ case 0x10: /* EMIFS_CS0_CONFIG */
+ case 0x14: /* EMIFS_CS1_CONFIG */
+ case 0x18: /* EMIFS_CS2_CONFIG */
+ case 0x1c: /* EMIFS_CS3_CONFIG */
+ case 0x20: /* EMIFF_SDRAM_CONFIG */
+ case 0x24: /* EMIFF_MRS */
+ case 0x28: /* TIMEOUT1 */
+ case 0x2c: /* TIMEOUT2 */
+ case 0x30: /* TIMEOUT3 */
+ case 0x3c: /* EMIFF_SDRAM_CONFIG_2 */
+ case 0x40: /* EMIFS_CFG_DYN_WAIT */
+ s->tcmi_regs[addr >> 2] = value;
+ break;
+ case 0x0c: /* EMIFS_CONFIG */
+ s->tcmi_regs[addr >> 2] = (value & 0xf) | (1 << 4);
+ break;
+
+ default:
+ OMAP_BAD_REG(addr);
+ }
+}
+
+static const MemoryRegionOps omap_tcmi_ops = {
+ .read = omap_tcmi_read,
+ .write = omap_tcmi_write,
+ .endianness = DEVICE_NATIVE_ENDIAN,
+};
+
+static void omap_tcmi_reset(struct omap_mpu_state_s *mpu)
+{
+ mpu->tcmi_regs[0x00 >> 2] = 0x00000000;
+ mpu->tcmi_regs[0x04 >> 2] = 0x00000000;
+ mpu->tcmi_regs[0x08 >> 2] = 0x00000000;
+ mpu->tcmi_regs[0x0c >> 2] = 0x00000010;
+ mpu->tcmi_regs[0x10 >> 2] = 0x0010fffb;
+ mpu->tcmi_regs[0x14 >> 2] = 0x0010fffb;
+ mpu->tcmi_regs[0x18 >> 2] = 0x0010fffb;
+ mpu->tcmi_regs[0x1c >> 2] = 0x0010fffb;
+ mpu->tcmi_regs[0x20 >> 2] = 0x00618800;
+ mpu->tcmi_regs[0x24 >> 2] = 0x00000037;
+ mpu->tcmi_regs[0x28 >> 2] = 0x00000000;
+ mpu->tcmi_regs[0x2c >> 2] = 0x00000000;
+ mpu->tcmi_regs[0x30 >> 2] = 0x00000000;
+ mpu->tcmi_regs[0x3c >> 2] = 0x00000003;
+ mpu->tcmi_regs[0x40 >> 2] = 0x00000000;
+}
+
+static void omap_tcmi_init(MemoryRegion *memory, hwaddr base,
+ struct omap_mpu_state_s *mpu)
+{
+ memory_region_init_io(&mpu->tcmi_iomem, NULL, &omap_tcmi_ops, mpu,
+ "omap-tcmi", 0x100);
+ memory_region_add_subregion(memory, base, &mpu->tcmi_iomem);
+ omap_tcmi_reset(mpu);
+}
+
+/* Digital phase-locked loops control */
+struct dpll_ctl_s {
+ MemoryRegion iomem;
+ uint16_t mode;
+ omap_clk dpll;
+};
+
+static uint64_t omap_dpll_read(void *opaque, hwaddr addr,
+ unsigned size)
+{
+ struct dpll_ctl_s *s = (struct dpll_ctl_s *) opaque;
+
+ if (size != 2) {
+ return omap_badwidth_read16(opaque, addr);
+ }
+
+ if (addr == 0x00) /* CTL_REG */
+ return s->mode;
+
+ OMAP_BAD_REG(addr);
+ return 0;
+}
+
+static void omap_dpll_write(void *opaque, hwaddr addr,
+ uint64_t value, unsigned size)
+{
+ struct dpll_ctl_s *s = (struct dpll_ctl_s *) opaque;
+ uint16_t diff;
+ static const int bypass_div[4] = { 1, 2, 4, 4 };
+ int div, mult;
+
+ if (size != 2) {
+ return omap_badwidth_write16(opaque, addr, value);
+ }
+
+ if (addr == 0x00) { /* CTL_REG */
+ /* See omap_ulpd_pm_write() too */
+ diff = s->mode & value;
+ s->mode = value & 0x2fff;
+ if (diff & (0x3ff << 2)) {
+ if (value & (1 << 4)) { /* PLL_ENABLE */
+ div = ((value >> 5) & 3) + 1; /* PLL_DIV */
+ mult = MIN((value >> 7) & 0x1f, 1); /* PLL_MULT */
+ } else {
+ div = bypass_div[((value >> 2) & 3)]; /* BYPASS_DIV */
+ mult = 1;
+ }
+ omap_clk_setrate(s->dpll, div, mult);
+ }
+
+ /* Enter the desired mode. */
+ s->mode = (s->mode & 0xfffe) | ((s->mode >> 4) & 1);
+
+ /* Act as if the lock is restored. */
+ s->mode |= 2;
+ } else {
+ OMAP_BAD_REG(addr);
+ }
+}
+
+static const MemoryRegionOps omap_dpll_ops = {
+ .read = omap_dpll_read,
+ .write = omap_dpll_write,
+ .endianness = DEVICE_NATIVE_ENDIAN,
+};
+
+static void omap_dpll_reset(struct dpll_ctl_s *s)
+{
+ s->mode = 0x2002;
+ omap_clk_setrate(s->dpll, 1, 1);
+}
+
+static struct dpll_ctl_s *omap_dpll_init(MemoryRegion *memory,
+ hwaddr base, omap_clk clk)
+{
+ struct dpll_ctl_s *s = g_malloc0(sizeof(*s));
+ memory_region_init_io(&s->iomem, NULL, &omap_dpll_ops, s, "omap-dpll", 0x100);
+
+ s->dpll = clk;
+ omap_dpll_reset(s);
+
+ memory_region_add_subregion(memory, base, &s->iomem);
+ return s;
+}
+
+/* MPU Clock/Reset/Power Mode Control */
+static uint64_t omap_clkm_read(void *opaque, hwaddr addr,
+ unsigned size)
+{
+ struct omap_mpu_state_s *s = (struct omap_mpu_state_s *) opaque;
+
+ if (size != 2) {
+ return omap_badwidth_read16(opaque, addr);
+ }
+
+ switch (addr) {
+ case 0x00: /* ARM_CKCTL */
+ return s->clkm.arm_ckctl;
+
+ case 0x04: /* ARM_IDLECT1 */
+ return s->clkm.arm_idlect1;
+
+ case 0x08: /* ARM_IDLECT2 */
+ return s->clkm.arm_idlect2;
+
+ case 0x0c: /* ARM_EWUPCT */
+ return s->clkm.arm_ewupct;
+
+ case 0x10: /* ARM_RSTCT1 */
+ return s->clkm.arm_rstct1;
+
+ case 0x14: /* ARM_RSTCT2 */
+ return s->clkm.arm_rstct2;
+
+ case 0x18: /* ARM_SYSST */
+ return (s->clkm.clocking_scheme << 11) | s->clkm.cold_start;
+
+ case 0x1c: /* ARM_CKOUT1 */
+ return s->clkm.arm_ckout1;
+
+ case 0x20: /* ARM_CKOUT2 */
+ break;
+ }
+
+ OMAP_BAD_REG(addr);
+ return 0;
+}
+
+static inline void omap_clkm_ckctl_update(struct omap_mpu_state_s *s,
+ uint16_t diff, uint16_t value)
+{
+ omap_clk clk;
+
+ if (diff & (1 << 14)) { /* ARM_INTHCK_SEL */
+ if (value & (1 << 14))
+ /* Reserved */;
+ else {
+ clk = omap_findclk(s, "arminth_ck");
+ omap_clk_reparent(clk, omap_findclk(s, "tc_ck"));
+ }
+ }
+ if (diff & (1 << 12)) { /* ARM_TIMXO */
+ clk = omap_findclk(s, "armtim_ck");
+ if (value & (1 << 12))
+ omap_clk_reparent(clk, omap_findclk(s, "clkin"));
+ else
+ omap_clk_reparent(clk, omap_findclk(s, "ck_gen1"));
+ }
+ /* XXX: en_dspck */
+ if (diff & (3 << 10)) { /* DSPMMUDIV */
+ clk = omap_findclk(s, "dspmmu_ck");
+ omap_clk_setrate(clk, 1 << ((value >> 10) & 3), 1);
+ }
+ if (diff & (3 << 8)) { /* TCDIV */
+ clk = omap_findclk(s, "tc_ck");
+ omap_clk_setrate(clk, 1 << ((value >> 8) & 3), 1);
+ }
+ if (diff & (3 << 6)) { /* DSPDIV */
+ clk = omap_findclk(s, "dsp_ck");
+ omap_clk_setrate(clk, 1 << ((value >> 6) & 3), 1);
+ }
+ if (diff & (3 << 4)) { /* ARMDIV */
+ clk = omap_findclk(s, "arm_ck");
+ omap_clk_setrate(clk, 1 << ((value >> 4) & 3), 1);
+ }
+ if (diff & (3 << 2)) { /* LCDDIV */
+ clk = omap_findclk(s, "lcd_ck");
+ omap_clk_setrate(clk, 1 << ((value >> 2) & 3), 1);
+ }
+ if (diff & (3 << 0)) { /* PERDIV */
+ clk = omap_findclk(s, "armper_ck");
+ omap_clk_setrate(clk, 1 << ((value >> 0) & 3), 1);
+ }
+}
+
+static inline void omap_clkm_idlect1_update(struct omap_mpu_state_s *s,
+ uint16_t diff, uint16_t value)
+{
+ omap_clk clk;
+
+ if (value & (1 << 11)) { /* SETARM_IDLE */
+ cpu_interrupt(CPU(s->cpu), CPU_INTERRUPT_HALT);
+ }
+ if (!(value & (1 << 10))) /* WKUP_MODE */
+ qemu_system_shutdown_request(); /* XXX: disable wakeup from IRQ */
+
+#define SET_CANIDLE(clock, bit) \
+ if (diff & (1 << bit)) { \
+ clk = omap_findclk(s, clock); \
+ omap_clk_canidle(clk, (value >> bit) & 1); \
+ }
+ SET_CANIDLE("mpuwd_ck", 0) /* IDLWDT_ARM */
+ SET_CANIDLE("armxor_ck", 1) /* IDLXORP_ARM */
+ SET_CANIDLE("mpuper_ck", 2) /* IDLPER_ARM */
+ SET_CANIDLE("lcd_ck", 3) /* IDLLCD_ARM */
+ SET_CANIDLE("lb_ck", 4) /* IDLLB_ARM */
+ SET_CANIDLE("hsab_ck", 5) /* IDLHSAB_ARM */
+ SET_CANIDLE("tipb_ck", 6) /* IDLIF_ARM */
+ SET_CANIDLE("dma_ck", 6) /* IDLIF_ARM */
+ SET_CANIDLE("tc_ck", 6) /* IDLIF_ARM */
+ SET_CANIDLE("dpll1", 7) /* IDLDPLL_ARM */
+ SET_CANIDLE("dpll2", 7) /* IDLDPLL_ARM */
+ SET_CANIDLE("dpll3", 7) /* IDLDPLL_ARM */
+ SET_CANIDLE("mpui_ck", 8) /* IDLAPI_ARM */
+ SET_CANIDLE("armtim_ck", 9) /* IDLTIM_ARM */
+}
+
+static inline void omap_clkm_idlect2_update(struct omap_mpu_state_s *s,
+ uint16_t diff, uint16_t value)
+{
+ omap_clk clk;
+
+#define SET_ONOFF(clock, bit) \
+ if (diff & (1 << bit)) { \
+ clk = omap_findclk(s, clock); \
+ omap_clk_onoff(clk, (value >> bit) & 1); \
+ }
+ SET_ONOFF("mpuwd_ck", 0) /* EN_WDTCK */
+ SET_ONOFF("armxor_ck", 1) /* EN_XORPCK */
+ SET_ONOFF("mpuper_ck", 2) /* EN_PERCK */
+ SET_ONOFF("lcd_ck", 3) /* EN_LCDCK */
+ SET_ONOFF("lb_ck", 4) /* EN_LBCK */
+ SET_ONOFF("hsab_ck", 5) /* EN_HSABCK */
+ SET_ONOFF("mpui_ck", 6) /* EN_APICK */
+ SET_ONOFF("armtim_ck", 7) /* EN_TIMCK */
+ SET_CANIDLE("dma_ck", 8) /* DMACK_REQ */
+ SET_ONOFF("arm_gpio_ck", 9) /* EN_GPIOCK */
+ SET_ONOFF("lbfree_ck", 10) /* EN_LBFREECK */
+}
+
+static inline void omap_clkm_ckout1_update(struct omap_mpu_state_s *s,
+ uint16_t diff, uint16_t value)
+{
+ omap_clk clk;
+
+ if (diff & (3 << 4)) { /* TCLKOUT */
+ clk = omap_findclk(s, "tclk_out");
+ switch ((value >> 4) & 3) {
+ case 1:
+ omap_clk_reparent(clk, omap_findclk(s, "ck_gen3"));
+ omap_clk_onoff(clk, 1);
+ break;
+ case 2:
+ omap_clk_reparent(clk, omap_findclk(s, "tc_ck"));
+ omap_clk_onoff(clk, 1);
+ break;
+ default:
+ omap_clk_onoff(clk, 0);
+ }
+ }
+ if (diff & (3 << 2)) { /* DCLKOUT */
+ clk = omap_findclk(s, "dclk_out");
+ switch ((value >> 2) & 3) {
+ case 0:
+ omap_clk_reparent(clk, omap_findclk(s, "dspmmu_ck"));
+ break;
+ case 1:
+ omap_clk_reparent(clk, omap_findclk(s, "ck_gen2"));
+ break;
+ case 2:
+ omap_clk_reparent(clk, omap_findclk(s, "dsp_ck"));
+ break;
+ case 3:
+ omap_clk_reparent(clk, omap_findclk(s, "ck_ref14"));
+ break;
+ }
+ }
+ if (diff & (3 << 0)) { /* ACLKOUT */
+ clk = omap_findclk(s, "aclk_out");
+ switch ((value >> 0) & 3) {
+ case 1:
+ omap_clk_reparent(clk, omap_findclk(s, "ck_gen1"));
+ omap_clk_onoff(clk, 1);
+ break;
+ case 2:
+ omap_clk_reparent(clk, omap_findclk(s, "arm_ck"));
+ omap_clk_onoff(clk, 1);
+ break;
+ case 3:
+ omap_clk_reparent(clk, omap_findclk(s, "ck_ref14"));
+ omap_clk_onoff(clk, 1);
+ break;
+ default:
+ omap_clk_onoff(clk, 0);
+ }
+ }
+}
+
+static void omap_clkm_write(void *opaque, hwaddr addr,
+ uint64_t value, unsigned size)
+{
+ struct omap_mpu_state_s *s = (struct omap_mpu_state_s *) opaque;
+ uint16_t diff;
+ omap_clk clk;
+ static const char *clkschemename[8] = {
+ "fully synchronous", "fully asynchronous", "synchronous scalable",
+ "mix mode 1", "mix mode 2", "bypass mode", "mix mode 3", "mix mode 4",
+ };
+
+ if (size != 2) {
+ return omap_badwidth_write16(opaque, addr, value);
+ }
+
+ switch (addr) {
+ case 0x00: /* ARM_CKCTL */
+ diff = s->clkm.arm_ckctl ^ value;
+ s->clkm.arm_ckctl = value & 0x7fff;
+ omap_clkm_ckctl_update(s, diff, value);
+ return;
+
+ case 0x04: /* ARM_IDLECT1 */
+ diff = s->clkm.arm_idlect1 ^ value;
+ s->clkm.arm_idlect1 = value & 0x0fff;
+ omap_clkm_idlect1_update(s, diff, value);
+ return;
+
+ case 0x08: /* ARM_IDLECT2 */
+ diff = s->clkm.arm_idlect2 ^ value;
+ s->clkm.arm_idlect2 = value & 0x07ff;
+ omap_clkm_idlect2_update(s, diff, value);
+ return;
+
+ case 0x0c: /* ARM_EWUPCT */
+ s->clkm.arm_ewupct = value & 0x003f;
+ return;
+
+ case 0x10: /* ARM_RSTCT1 */
+ diff = s->clkm.arm_rstct1 ^ value;
+ s->clkm.arm_rstct1 = value & 0x0007;
+ if (value & 9) {
+ qemu_system_reset_request();
+ s->clkm.cold_start = 0xa;
+ }
+ if (diff & ~value & 4) { /* DSP_RST */
+ omap_mpui_reset(s);
+ omap_tipb_bridge_reset(s->private_tipb);
+ omap_tipb_bridge_reset(s->public_tipb);
+ }
+ if (diff & 2) { /* DSP_EN */
+ clk = omap_findclk(s, "dsp_ck");
+ omap_clk_canidle(clk, (~value >> 1) & 1);
+ }
+ return;
+
+ case 0x14: /* ARM_RSTCT2 */
+ s->clkm.arm_rstct2 = value & 0x0001;
+ return;
+
+ case 0x18: /* ARM_SYSST */
+ if ((s->clkm.clocking_scheme ^ (value >> 11)) & 7) {
+ s->clkm.clocking_scheme = (value >> 11) & 7;
+ printf("%s: clocking scheme set to %s\n", __FUNCTION__,
+ clkschemename[s->clkm.clocking_scheme]);
+ }
+ s->clkm.cold_start &= value & 0x3f;
+ return;
+
+ case 0x1c: /* ARM_CKOUT1 */
+ diff = s->clkm.arm_ckout1 ^ value;
+ s->clkm.arm_ckout1 = value & 0x003f;
+ omap_clkm_ckout1_update(s, diff, value);
+ return;
+
+ case 0x20: /* ARM_CKOUT2 */
+ default:
+ OMAP_BAD_REG(addr);
+ }
+}
+
+static const MemoryRegionOps omap_clkm_ops = {
+ .read = omap_clkm_read,
+ .write = omap_clkm_write,
+ .endianness = DEVICE_NATIVE_ENDIAN,
+};
+
+static uint64_t omap_clkdsp_read(void *opaque, hwaddr addr,
+ unsigned size)
+{
+ struct omap_mpu_state_s *s = (struct omap_mpu_state_s *) opaque;
+ CPUState *cpu = CPU(s->cpu);
+
+ if (size != 2) {
+ return omap_badwidth_read16(opaque, addr);
+ }
+
+ switch (addr) {
+ case 0x04: /* DSP_IDLECT1 */
+ return s->clkm.dsp_idlect1;
+
+ case 0x08: /* DSP_IDLECT2 */
+ return s->clkm.dsp_idlect2;
+
+ case 0x14: /* DSP_RSTCT2 */
+ return s->clkm.dsp_rstct2;
+
+ case 0x18: /* DSP_SYSST */
+ cpu = CPU(s->cpu);
+ return (s->clkm.clocking_scheme << 11) | s->clkm.cold_start |
+ (cpu->halted << 6); /* Quite useless... */
+ }
+
+ OMAP_BAD_REG(addr);
+ return 0;
+}
+
+static inline void omap_clkdsp_idlect1_update(struct omap_mpu_state_s *s,
+ uint16_t diff, uint16_t value)
+{
+ omap_clk clk;
+
+ SET_CANIDLE("dspxor_ck", 1); /* IDLXORP_DSP */
+}
+
+static inline void omap_clkdsp_idlect2_update(struct omap_mpu_state_s *s,
+ uint16_t diff, uint16_t value)
+{
+ omap_clk clk;
+
+ SET_ONOFF("dspxor_ck", 1); /* EN_XORPCK */
+}
+
+static void omap_clkdsp_write(void *opaque, hwaddr addr,
+ uint64_t value, unsigned size)
+{
+ struct omap_mpu_state_s *s = (struct omap_mpu_state_s *) opaque;
+ uint16_t diff;
+
+ if (size != 2) {
+ return omap_badwidth_write16(opaque, addr, value);
+ }
+
+ switch (addr) {
+ case 0x04: /* DSP_IDLECT1 */
+ diff = s->clkm.dsp_idlect1 ^ value;
+ s->clkm.dsp_idlect1 = value & 0x01f7;
+ omap_clkdsp_idlect1_update(s, diff, value);
+ break;
+
+ case 0x08: /* DSP_IDLECT2 */
+ s->clkm.dsp_idlect2 = value & 0x0037;
+ diff = s->clkm.dsp_idlect1 ^ value;
+ omap_clkdsp_idlect2_update(s, diff, value);
+ break;
+
+ case 0x14: /* DSP_RSTCT2 */
+ s->clkm.dsp_rstct2 = value & 0x0001;
+ break;
+
+ case 0x18: /* DSP_SYSST */
+ s->clkm.cold_start &= value & 0x3f;
+ break;
+
+ default:
+ OMAP_BAD_REG(addr);
+ }
+}
+
+static const MemoryRegionOps omap_clkdsp_ops = {
+ .read = omap_clkdsp_read,
+ .write = omap_clkdsp_write,
+ .endianness = DEVICE_NATIVE_ENDIAN,
+};
+
+static void omap_clkm_reset(struct omap_mpu_state_s *s)
+{
+ if (s->wdt && s->wdt->reset)
+ s->clkm.cold_start = 0x6;
+ s->clkm.clocking_scheme = 0;
+ omap_clkm_ckctl_update(s, ~0, 0x3000);
+ s->clkm.arm_ckctl = 0x3000;
+ omap_clkm_idlect1_update(s, s->clkm.arm_idlect1 ^ 0x0400, 0x0400);
+ s->clkm.arm_idlect1 = 0x0400;
+ omap_clkm_idlect2_update(s, s->clkm.arm_idlect2 ^ 0x0100, 0x0100);
+ s->clkm.arm_idlect2 = 0x0100;
+ s->clkm.arm_ewupct = 0x003f;
+ s->clkm.arm_rstct1 = 0x0000;
+ s->clkm.arm_rstct2 = 0x0000;
+ s->clkm.arm_ckout1 = 0x0015;
+ s->clkm.dpll1_mode = 0x2002;
+ omap_clkdsp_idlect1_update(s, s->clkm.dsp_idlect1 ^ 0x0040, 0x0040);
+ s->clkm.dsp_idlect1 = 0x0040;
+ omap_clkdsp_idlect2_update(s, ~0, 0x0000);
+ s->clkm.dsp_idlect2 = 0x0000;
+ s->clkm.dsp_rstct2 = 0x0000;
+}
+
+static void omap_clkm_init(MemoryRegion *memory, hwaddr mpu_base,
+ hwaddr dsp_base, struct omap_mpu_state_s *s)
+{
+ memory_region_init_io(&s->clkm_iomem, NULL, &omap_clkm_ops, s,
+ "omap-clkm", 0x100);
+ memory_region_init_io(&s->clkdsp_iomem, NULL, &omap_clkdsp_ops, s,
+ "omap-clkdsp", 0x1000);
+
+ s->clkm.arm_idlect1 = 0x03ff;
+ s->clkm.arm_idlect2 = 0x0100;
+ s->clkm.dsp_idlect1 = 0x0002;
+ omap_clkm_reset(s);
+ s->clkm.cold_start = 0x3a;
+
+ memory_region_add_subregion(memory, mpu_base, &s->clkm_iomem);
+ memory_region_add_subregion(memory, dsp_base, &s->clkdsp_iomem);
+}
+
+/* MPU I/O */
+struct omap_mpuio_s {
+ qemu_irq irq;
+ qemu_irq kbd_irq;
+ qemu_irq *in;
+ qemu_irq handler[16];
+ qemu_irq wakeup;
+ MemoryRegion iomem;
+
+ uint16_t inputs;
+ uint16_t outputs;
+ uint16_t dir;
+ uint16_t edge;
+ uint16_t mask;
+ uint16_t ints;
+
+ uint16_t debounce;
+ uint16_t latch;
+ uint8_t event;
+
+ uint8_t buttons[5];
+ uint8_t row_latch;
+ uint8_t cols;
+ int kbd_mask;
+ int clk;
+};
+
+static void omap_mpuio_set(void *opaque, int line, int level)
+{
+ struct omap_mpuio_s *s = (struct omap_mpuio_s *) opaque;
+ uint16_t prev = s->inputs;
+
+ if (level)
+ s->inputs |= 1 << line;
+ else
+ s->inputs &= ~(1 << line);
+
+ if (((1 << line) & s->dir & ~s->mask) && s->clk) {
+ if ((s->edge & s->inputs & ~prev) | (~s->edge & ~s->inputs & prev)) {
+ s->ints |= 1 << line;
+ qemu_irq_raise(s->irq);
+ /* TODO: wakeup */
+ }
+ if ((s->event & (1 << 0)) && /* SET_GPIO_EVENT_MODE */
+ (s->event >> 1) == line) /* PIN_SELECT */
+ s->latch = s->inputs;
+ }
+}
+
+static void omap_mpuio_kbd_update(struct omap_mpuio_s *s)
+{
+ int i;
+ uint8_t *row, rows = 0, cols = ~s->cols;
+
+ for (row = s->buttons + 4, i = 1 << 4; i; row --, i >>= 1)
+ if (*row & cols)
+ rows |= i;
+
+ qemu_set_irq(s->kbd_irq, rows && !s->kbd_mask && s->clk);
+ s->row_latch = ~rows;
+}
+
+static uint64_t omap_mpuio_read(void *opaque, hwaddr addr,
+ unsigned size)
+{
+ struct omap_mpuio_s *s = (struct omap_mpuio_s *) opaque;
+ int offset = addr & OMAP_MPUI_REG_MASK;
+ uint16_t ret;
+
+ if (size != 2) {
+ return omap_badwidth_read16(opaque, addr);
+ }
+
+ switch (offset) {
+ case 0x00: /* INPUT_LATCH */
+ return s->inputs;
+
+ case 0x04: /* OUTPUT_REG */
+ return s->outputs;
+
+ case 0x08: /* IO_CNTL */
+ return s->dir;
+
+ case 0x10: /* KBR_LATCH */
+ return s->row_latch;
+
+ case 0x14: /* KBC_REG */
+ return s->cols;
+
+ case 0x18: /* GPIO_EVENT_MODE_REG */
+ return s->event;
+
+ case 0x1c: /* GPIO_INT_EDGE_REG */
+ return s->edge;
+
+ case 0x20: /* KBD_INT */
+ return (~s->row_latch & 0x1f) && !s->kbd_mask;
+
+ case 0x24: /* GPIO_INT */
+ ret = s->ints;
+ s->ints &= s->mask;
+ if (ret)
+ qemu_irq_lower(s->irq);
+ return ret;
+
+ case 0x28: /* KBD_MASKIT */
+ return s->kbd_mask;
+
+ case 0x2c: /* GPIO_MASKIT */
+ return s->mask;
+
+ case 0x30: /* GPIO_DEBOUNCING_REG */
+ return s->debounce;
+
+ case 0x34: /* GPIO_LATCH_REG */
+ return s->latch;
+ }
+
+ OMAP_BAD_REG(addr);
+ return 0;
+}
+
+static void omap_mpuio_write(void *opaque, hwaddr addr,
+ uint64_t value, unsigned size)
+{
+ struct omap_mpuio_s *s = (struct omap_mpuio_s *) opaque;
+ int offset = addr & OMAP_MPUI_REG_MASK;
+ uint16_t diff;
+ int ln;
+
+ if (size != 2) {
+ return omap_badwidth_write16(opaque, addr, value);
+ }
+
+ switch (offset) {
+ case 0x04: /* OUTPUT_REG */
+ diff = (s->outputs ^ value) & ~s->dir;
+ s->outputs = value;
+ while ((ln = ffs(diff))) {
+ ln --;
+ if (s->handler[ln])
+ qemu_set_irq(s->handler[ln], (value >> ln) & 1);
+ diff &= ~(1 << ln);
+ }
+ break;
+
+ case 0x08: /* IO_CNTL */
+ diff = s->outputs & (s->dir ^ value);
+ s->dir = value;
+
+ value = s->outputs & ~s->dir;
+ while ((ln = ffs(diff))) {
+ ln --;
+ if (s->handler[ln])
+ qemu_set_irq(s->handler[ln], (value >> ln) & 1);
+ diff &= ~(1 << ln);
+ }
+ break;
+
+ case 0x14: /* KBC_REG */
+ s->cols = value;
+ omap_mpuio_kbd_update(s);
+ break;
+
+ case 0x18: /* GPIO_EVENT_MODE_REG */
+ s->event = value & 0x1f;
+ break;
+
+ case 0x1c: /* GPIO_INT_EDGE_REG */
+ s->edge = value;
+ break;
+
+ case 0x28: /* KBD_MASKIT */
+ s->kbd_mask = value & 1;
+ omap_mpuio_kbd_update(s);
+ break;
+
+ case 0x2c: /* GPIO_MASKIT */
+ s->mask = value;
+ break;
+
+ case 0x30: /* GPIO_DEBOUNCING_REG */
+ s->debounce = value & 0x1ff;
+ break;
+
+ case 0x00: /* INPUT_LATCH */
+ case 0x10: /* KBR_LATCH */
+ case 0x20: /* KBD_INT */
+ case 0x24: /* GPIO_INT */
+ case 0x34: /* GPIO_LATCH_REG */
+ OMAP_RO_REG(addr);
+ return;
+
+ default:
+ OMAP_BAD_REG(addr);
+ return;
+ }
+}
+
+static const MemoryRegionOps omap_mpuio_ops = {
+ .read = omap_mpuio_read,
+ .write = omap_mpuio_write,
+ .endianness = DEVICE_NATIVE_ENDIAN,
+};
+
+static void omap_mpuio_reset(struct omap_mpuio_s *s)
+{
+ s->inputs = 0;
+ s->outputs = 0;
+ s->dir = ~0;
+ s->event = 0;
+ s->edge = 0;
+ s->kbd_mask = 0;
+ s->mask = 0;
+ s->debounce = 0;
+ s->latch = 0;
+ s->ints = 0;
+ s->row_latch = 0x1f;
+ s->clk = 1;
+}
+
+static void omap_mpuio_onoff(void *opaque, int line, int on)
+{
+ struct omap_mpuio_s *s = (struct omap_mpuio_s *) opaque;
+
+ s->clk = on;
+ if (on)
+ omap_mpuio_kbd_update(s);
+}
+
+static struct omap_mpuio_s *omap_mpuio_init(MemoryRegion *memory,
+ hwaddr base,
+ qemu_irq kbd_int, qemu_irq gpio_int, qemu_irq wakeup,
+ omap_clk clk)
+{
+ struct omap_mpuio_s *s = (struct omap_mpuio_s *)
+ g_malloc0(sizeof(struct omap_mpuio_s));
+
+ s->irq = gpio_int;
+ s->kbd_irq = kbd_int;
+ s->wakeup = wakeup;
+ s->in = qemu_allocate_irqs(omap_mpuio_set, s, 16);
+ omap_mpuio_reset(s);
+
+ memory_region_init_io(&s->iomem, NULL, &omap_mpuio_ops, s,
+ "omap-mpuio", 0x800);
+ memory_region_add_subregion(memory, base, &s->iomem);
+
+ omap_clk_adduser(clk, qemu_allocate_irqs(omap_mpuio_onoff, s, 1)[0]);
+
+ return s;
+}
+
+qemu_irq *omap_mpuio_in_get(struct omap_mpuio_s *s)
+{
+ return s->in;
+}
+
+void omap_mpuio_out_set(struct omap_mpuio_s *s, int line, qemu_irq handler)
+{
+ if (line >= 16 || line < 0)
+ hw_error("%s: No GPIO line %i\n", __FUNCTION__, line);
+ s->handler[line] = handler;
+}
+
+void omap_mpuio_key(struct omap_mpuio_s *s, int row, int col, int down)
+{
+ if (row >= 5 || row < 0)
+ hw_error("%s: No key %i-%i\n", __FUNCTION__, col, row);
+
+ if (down)
+ s->buttons[row] |= 1 << col;
+ else
+ s->buttons[row] &= ~(1 << col);
+
+ omap_mpuio_kbd_update(s);
+}
+
+/* MicroWire Interface */
+struct omap_uwire_s {
+ MemoryRegion iomem;
+ qemu_irq txirq;
+ qemu_irq rxirq;
+ qemu_irq txdrq;
+
+ uint16_t txbuf;
+ uint16_t rxbuf;
+ uint16_t control;
+ uint16_t setup[5];
+
+ uWireSlave *chip[4];
+};
+
+static void omap_uwire_transfer_start(struct omap_uwire_s *s)
+{
+ int chipselect = (s->control >> 10) & 3; /* INDEX */
+ uWireSlave *slave = s->chip[chipselect];
+
+ if ((s->control >> 5) & 0x1f) { /* NB_BITS_WR */
+ if (s->control & (1 << 12)) /* CS_CMD */
+ if (slave && slave->send)
+ slave->send(slave->opaque,
+ s->txbuf >> (16 - ((s->control >> 5) & 0x1f)));
+ s->control &= ~(1 << 14); /* CSRB */
+ /* TODO: depending on s->setup[4] bits [1:0] assert an IRQ or
+ * a DRQ. When is the level IRQ supposed to be reset? */
+ }
+
+ if ((s->control >> 0) & 0x1f) { /* NB_BITS_RD */
+ if (s->control & (1 << 12)) /* CS_CMD */
+ if (slave && slave->receive)
+ s->rxbuf = slave->receive(slave->opaque);
+ s->control |= 1 << 15; /* RDRB */
+ /* TODO: depending on s->setup[4] bits [1:0] assert an IRQ or
+ * a DRQ. When is the level IRQ supposed to be reset? */
+ }
+}
+
+static uint64_t omap_uwire_read(void *opaque, hwaddr addr,
+ unsigned size)
+{
+ struct omap_uwire_s *s = (struct omap_uwire_s *) opaque;
+ int offset = addr & OMAP_MPUI_REG_MASK;
+
+ if (size != 2) {
+ return omap_badwidth_read16(opaque, addr);
+ }
+
+ switch (offset) {
+ case 0x00: /* RDR */
+ s->control &= ~(1 << 15); /* RDRB */
+ return s->rxbuf;
+
+ case 0x04: /* CSR */
+ return s->control;
+
+ case 0x08: /* SR1 */
+ return s->setup[0];
+ case 0x0c: /* SR2 */
+ return s->setup[1];
+ case 0x10: /* SR3 */
+ return s->setup[2];
+ case 0x14: /* SR4 */
+ return s->setup[3];
+ case 0x18: /* SR5 */
+ return s->setup[4];
+ }
+
+ OMAP_BAD_REG(addr);
+ return 0;
+}
+
+static void omap_uwire_write(void *opaque, hwaddr addr,
+ uint64_t value, unsigned size)
+{
+ struct omap_uwire_s *s = (struct omap_uwire_s *) opaque;
+ int offset = addr & OMAP_MPUI_REG_MASK;
+
+ if (size != 2) {
+ return omap_badwidth_write16(opaque, addr, value);
+ }
+
+ switch (offset) {
+ case 0x00: /* TDR */
+ s->txbuf = value; /* TD */
+ if ((s->setup[4] & (1 << 2)) && /* AUTO_TX_EN */
+ ((s->setup[4] & (1 << 3)) || /* CS_TOGGLE_TX_EN */
+ (s->control & (1 << 12)))) { /* CS_CMD */
+ s->control |= 1 << 14; /* CSRB */
+ omap_uwire_transfer_start(s);
+ }
+ break;
+
+ case 0x04: /* CSR */
+ s->control = value & 0x1fff;
+ if (value & (1 << 13)) /* START */
+ omap_uwire_transfer_start(s);
+ break;
+
+ case 0x08: /* SR1 */
+ s->setup[0] = value & 0x003f;
+ break;
+
+ case 0x0c: /* SR2 */
+ s->setup[1] = value & 0x0fc0;
+ break;
+
+ case 0x10: /* SR3 */
+ s->setup[2] = value & 0x0003;
+ break;
+
+ case 0x14: /* SR4 */
+ s->setup[3] = value & 0x0001;
+ break;
+
+ case 0x18: /* SR5 */
+ s->setup[4] = value & 0x000f;
+ break;
+
+ default:
+ OMAP_BAD_REG(addr);
+ return;
+ }
+}
+
+static const MemoryRegionOps omap_uwire_ops = {
+ .read = omap_uwire_read,
+ .write = omap_uwire_write,
+ .endianness = DEVICE_NATIVE_ENDIAN,
+};
+
+static void omap_uwire_reset(struct omap_uwire_s *s)
+{
+ s->control = 0;
+ s->setup[0] = 0;
+ s->setup[1] = 0;
+ s->setup[2] = 0;
+ s->setup[3] = 0;
+ s->setup[4] = 0;
+}
+
+static struct omap_uwire_s *omap_uwire_init(MemoryRegion *system_memory,
+ hwaddr base,
+ qemu_irq txirq, qemu_irq rxirq,
+ qemu_irq dma,
+ omap_clk clk)
+{
+ struct omap_uwire_s *s = (struct omap_uwire_s *)
+ g_malloc0(sizeof(struct omap_uwire_s));
+
+ s->txirq = txirq;
+ s->rxirq = rxirq;
+ s->txdrq = dma;
+ omap_uwire_reset(s);
+
+ memory_region_init_io(&s->iomem, NULL, &omap_uwire_ops, s, "omap-uwire", 0x800);
+ memory_region_add_subregion(system_memory, base, &s->iomem);
+
+ return s;
+}
+
+void omap_uwire_attach(struct omap_uwire_s *s,
+ uWireSlave *slave, int chipselect)
+{
+ if (chipselect < 0 || chipselect > 3) {
+ fprintf(stderr, "%s: Bad chipselect %i\n", __FUNCTION__, chipselect);
+ exit(-1);
+ }
+
+ s->chip[chipselect] = slave;
+}
+
+/* Pseudonoise Pulse-Width Light Modulator */
+struct omap_pwl_s {
+ MemoryRegion iomem;
+ uint8_t output;
+ uint8_t level;
+ uint8_t enable;
+ int clk;
+};
+
+static void omap_pwl_update(struct omap_pwl_s *s)
+{
+ int output = (s->clk && s->enable) ? s->level : 0;
+
+ if (output != s->output) {
+ s->output = output;
+ printf("%s: Backlight now at %i/256\n", __FUNCTION__, output);
+ }
+}
+
+static uint64_t omap_pwl_read(void *opaque, hwaddr addr,
+ unsigned size)
+{
+ struct omap_pwl_s *s = (struct omap_pwl_s *) opaque;
+ int offset = addr & OMAP_MPUI_REG_MASK;
+
+ if (size != 1) {
+ return omap_badwidth_read8(opaque, addr);
+ }
+
+ switch (offset) {
+ case 0x00: /* PWL_LEVEL */
+ return s->level;
+ case 0x04: /* PWL_CTRL */
+ return s->enable;
+ }
+ OMAP_BAD_REG(addr);
+ return 0;
+}
+
+static void omap_pwl_write(void *opaque, hwaddr addr,
+ uint64_t value, unsigned size)
+{
+ struct omap_pwl_s *s = (struct omap_pwl_s *) opaque;
+ int offset = addr & OMAP_MPUI_REG_MASK;
+
+ if (size != 1) {
+ return omap_badwidth_write8(opaque, addr, value);
+ }
+
+ switch (offset) {
+ case 0x00: /* PWL_LEVEL */
+ s->level = value;
+ omap_pwl_update(s);
+ break;
+ case 0x04: /* PWL_CTRL */
+ s->enable = value & 1;
+ omap_pwl_update(s);
+ break;
+ default:
+ OMAP_BAD_REG(addr);
+ return;
+ }
+}
+
+static const MemoryRegionOps omap_pwl_ops = {
+ .read = omap_pwl_read,
+ .write = omap_pwl_write,
+ .endianness = DEVICE_NATIVE_ENDIAN,
+};
+
+static void omap_pwl_reset(struct omap_pwl_s *s)
+{
+ s->output = 0;
+ s->level = 0;
+ s->enable = 0;
+ s->clk = 1;
+ omap_pwl_update(s);
+}
+
+static void omap_pwl_clk_update(void *opaque, int line, int on)
+{
+ struct omap_pwl_s *s = (struct omap_pwl_s *) opaque;
+
+ s->clk = on;
+ omap_pwl_update(s);
+}
+
+static struct omap_pwl_s *omap_pwl_init(MemoryRegion *system_memory,
+ hwaddr base,
+ omap_clk clk)
+{
+ struct omap_pwl_s *s = g_malloc0(sizeof(*s));
+
+ omap_pwl_reset(s);
+
+ memory_region_init_io(&s->iomem, NULL, &omap_pwl_ops, s,
+ "omap-pwl", 0x800);
+ memory_region_add_subregion(system_memory, base, &s->iomem);
+
+ omap_clk_adduser(clk, qemu_allocate_irqs(omap_pwl_clk_update, s, 1)[0]);
+ return s;
+}
+
+/* Pulse-Width Tone module */
+struct omap_pwt_s {
+ MemoryRegion iomem;
+ uint8_t frc;
+ uint8_t vrc;
+ uint8_t gcr;
+ omap_clk clk;
+};
+
+static uint64_t omap_pwt_read(void *opaque, hwaddr addr,
+ unsigned size)
+{
+ struct omap_pwt_s *s = (struct omap_pwt_s *) opaque;
+ int offset = addr & OMAP_MPUI_REG_MASK;
+
+ if (size != 1) {
+ return omap_badwidth_read8(opaque, addr);
+ }
+
+ switch (offset) {
+ case 0x00: /* FRC */
+ return s->frc;
+ case 0x04: /* VCR */
+ return s->vrc;
+ case 0x08: /* GCR */
+ return s->gcr;
+ }
+ OMAP_BAD_REG(addr);
+ return 0;
+}
+
+static void omap_pwt_write(void *opaque, hwaddr addr,
+ uint64_t value, unsigned size)
+{
+ struct omap_pwt_s *s = (struct omap_pwt_s *) opaque;
+ int offset = addr & OMAP_MPUI_REG_MASK;
+
+ if (size != 1) {
+ return omap_badwidth_write8(opaque, addr, value);
+ }
+
+ switch (offset) {
+ case 0x00: /* FRC */
+ s->frc = value & 0x3f;
+ break;
+ case 0x04: /* VRC */
+ if ((value ^ s->vrc) & 1) {
+ if (value & 1)
+ printf("%s: %iHz buzz on\n", __FUNCTION__, (int)
+ /* 1.5 MHz from a 12-MHz or 13-MHz PWT_CLK */
+ ((omap_clk_getrate(s->clk) >> 3) /
+ /* Pre-multiplexer divider */
+ ((s->gcr & 2) ? 1 : 154) /
+ /* Octave multiplexer */
+ (2 << (value & 3)) *
+ /* 101/107 divider */
+ ((value & (1 << 2)) ? 101 : 107) *
+ /* 49/55 divider */
+ ((value & (1 << 3)) ? 49 : 55) *
+ /* 50/63 divider */
+ ((value & (1 << 4)) ? 50 : 63) *
+ /* 80/127 divider */
+ ((value & (1 << 5)) ? 80 : 127) /
+ (107 * 55 * 63 * 127)));
+ else
+ printf("%s: silence!\n", __FUNCTION__);
+ }
+ s->vrc = value & 0x7f;
+ break;
+ case 0x08: /* GCR */
+ s->gcr = value & 3;
+ break;
+ default:
+ OMAP_BAD_REG(addr);
+ return;
+ }
+}
+
+static const MemoryRegionOps omap_pwt_ops = {
+ .read =omap_pwt_read,
+ .write = omap_pwt_write,
+ .endianness = DEVICE_NATIVE_ENDIAN,
+};
+
+static void omap_pwt_reset(struct omap_pwt_s *s)
+{
+ s->frc = 0;
+ s->vrc = 0;
+ s->gcr = 0;
+}
+
+static struct omap_pwt_s *omap_pwt_init(MemoryRegion *system_memory,
+ hwaddr base,
+ omap_clk clk)
+{
+ struct omap_pwt_s *s = g_malloc0(sizeof(*s));
+ s->clk = clk;
+ omap_pwt_reset(s);
+
+ memory_region_init_io(&s->iomem, NULL, &omap_pwt_ops, s,
+ "omap-pwt", 0x800);
+ memory_region_add_subregion(system_memory, base, &s->iomem);
+ return s;
+}
+
+/* Real-time Clock module */
+struct omap_rtc_s {
+ MemoryRegion iomem;
+ qemu_irq irq;
+ qemu_irq alarm;
+ QEMUTimer *clk;
+
+ uint8_t interrupts;
+ uint8_t status;
+ int16_t comp_reg;
+ int running;
+ int pm_am;
+ int auto_comp;
+ int round;
+ struct tm alarm_tm;
+ time_t alarm_ti;
+
+ struct tm current_tm;
+ time_t ti;
+ uint64_t tick;
+};
+
+static void omap_rtc_interrupts_update(struct omap_rtc_s *s)
+{
+ /* s->alarm is level-triggered */
+ qemu_set_irq(s->alarm, (s->status >> 6) & 1);
+}
+
+static void omap_rtc_alarm_update(struct omap_rtc_s *s)
+{
+ s->alarm_ti = mktimegm(&s->alarm_tm);
+ if (s->alarm_ti == -1)
+ printf("%s: conversion failed\n", __FUNCTION__);
+}
+
+static uint64_t omap_rtc_read(void *opaque, hwaddr addr,
+ unsigned size)
+{
+ struct omap_rtc_s *s = (struct omap_rtc_s *) opaque;
+ int offset = addr & OMAP_MPUI_REG_MASK;
+ uint8_t i;
+
+ if (size != 1) {
+ return omap_badwidth_read8(opaque, addr);
+ }
+
+ switch (offset) {
+ case 0x00: /* SECONDS_REG */
+ return to_bcd(s->current_tm.tm_sec);
+
+ case 0x04: /* MINUTES_REG */
+ return to_bcd(s->current_tm.tm_min);
+
+ case 0x08: /* HOURS_REG */
+ if (s->pm_am)
+ return ((s->current_tm.tm_hour > 11) << 7) |
+ to_bcd(((s->current_tm.tm_hour - 1) % 12) + 1);
+ else
+ return to_bcd(s->current_tm.tm_hour);
+
+ case 0x0c: /* DAYS_REG */
+ return to_bcd(s->current_tm.tm_mday);
+
+ case 0x10: /* MONTHS_REG */
+ return to_bcd(s->current_tm.tm_mon + 1);
+
+ case 0x14: /* YEARS_REG */
+ return to_bcd(s->current_tm.tm_year % 100);
+
+ case 0x18: /* WEEK_REG */
+ return s->current_tm.tm_wday;
+
+ case 0x20: /* ALARM_SECONDS_REG */
+ return to_bcd(s->alarm_tm.tm_sec);
+
+ case 0x24: /* ALARM_MINUTES_REG */
+ return to_bcd(s->alarm_tm.tm_min);
+
+ case 0x28: /* ALARM_HOURS_REG */
+ if (s->pm_am)
+ return ((s->alarm_tm.tm_hour > 11) << 7) |
+ to_bcd(((s->alarm_tm.tm_hour - 1) % 12) + 1);
+ else
+ return to_bcd(s->alarm_tm.tm_hour);
+
+ case 0x2c: /* ALARM_DAYS_REG */
+ return to_bcd(s->alarm_tm.tm_mday);
+
+ case 0x30: /* ALARM_MONTHS_REG */
+ return to_bcd(s->alarm_tm.tm_mon + 1);
+
+ case 0x34: /* ALARM_YEARS_REG */
+ return to_bcd(s->alarm_tm.tm_year % 100);
+
+ case 0x40: /* RTC_CTRL_REG */
+ return (s->pm_am << 3) | (s->auto_comp << 2) |
+ (s->round << 1) | s->running;
+
+ case 0x44: /* RTC_STATUS_REG */
+ i = s->status;
+ s->status &= ~0x3d;
+ return i;
+
+ case 0x48: /* RTC_INTERRUPTS_REG */
+ return s->interrupts;
+
+ case 0x4c: /* RTC_COMP_LSB_REG */
+ return ((uint16_t) s->comp_reg) & 0xff;
+
+ case 0x50: /* RTC_COMP_MSB_REG */
+ return ((uint16_t) s->comp_reg) >> 8;
+ }
+
+ OMAP_BAD_REG(addr);
+ return 0;
+}
+
+static void omap_rtc_write(void *opaque, hwaddr addr,
+ uint64_t value, unsigned size)
+{
+ struct omap_rtc_s *s = (struct omap_rtc_s *) opaque;
+ int offset = addr & OMAP_MPUI_REG_MASK;
+ struct tm new_tm;
+ time_t ti[2];
+
+ if (size != 1) {
+ return omap_badwidth_write8(opaque, addr, value);
+ }
+
+ switch (offset) {
+ case 0x00: /* SECONDS_REG */
+#ifdef ALMDEBUG
+ printf("RTC SEC_REG <-- %02x\n", value);
+#endif
+ s->ti -= s->current_tm.tm_sec;
+ s->ti += from_bcd(value);
+ return;
+
+ case 0x04: /* MINUTES_REG */
+#ifdef ALMDEBUG
+ printf("RTC MIN_REG <-- %02x\n", value);
+#endif
+ s->ti -= s->current_tm.tm_min * 60;
+ s->ti += from_bcd(value) * 60;
+ return;
+
+ case 0x08: /* HOURS_REG */
+#ifdef ALMDEBUG
+ printf("RTC HRS_REG <-- %02x\n", value);
+#endif
+ s->ti -= s->current_tm.tm_hour * 3600;
+ if (s->pm_am) {
+ s->ti += (from_bcd(value & 0x3f) & 12) * 3600;
+ s->ti += ((value >> 7) & 1) * 43200;
+ } else
+ s->ti += from_bcd(value & 0x3f) * 3600;
+ return;
+
+ case 0x0c: /* DAYS_REG */
+#ifdef ALMDEBUG
+ printf("RTC DAY_REG <-- %02x\n", value);
+#endif
+ s->ti -= s->current_tm.tm_mday * 86400;
+ s->ti += from_bcd(value) * 86400;
+ return;
+
+ case 0x10: /* MONTHS_REG */
+#ifdef ALMDEBUG
+ printf("RTC MTH_REG <-- %02x\n", value);
+#endif
+ memcpy(&new_tm, &s->current_tm, sizeof(new_tm));
+ new_tm.tm_mon = from_bcd(value);
+ ti[0] = mktimegm(&s->current_tm);
+ ti[1] = mktimegm(&new_tm);
+
+ if (ti[0] != -1 && ti[1] != -1) {
+ s->ti -= ti[0];
+ s->ti += ti[1];
+ } else {
+ /* A less accurate version */
+ s->ti -= s->current_tm.tm_mon * 2592000;
+ s->ti += from_bcd(value) * 2592000;
+ }
+ return;
+
+ case 0x14: /* YEARS_REG */
+#ifdef ALMDEBUG
+ printf("RTC YRS_REG <-- %02x\n", value);
+#endif
+ memcpy(&new_tm, &s->current_tm, sizeof(new_tm));
+ new_tm.tm_year += from_bcd(value) - (new_tm.tm_year % 100);
+ ti[0] = mktimegm(&s->current_tm);
+ ti[1] = mktimegm(&new_tm);
+
+ if (ti[0] != -1 && ti[1] != -1) {
+ s->ti -= ti[0];
+ s->ti += ti[1];
+ } else {
+ /* A less accurate version */
+ s->ti -= (s->current_tm.tm_year % 100) * 31536000;
+ s->ti += from_bcd(value) * 31536000;
+ }
+ return;
+
+ case 0x18: /* WEEK_REG */
+ return; /* Ignored */
+
+ case 0x20: /* ALARM_SECONDS_REG */
+#ifdef ALMDEBUG
+ printf("ALM SEC_REG <-- %02x\n", value);
+#endif
+ s->alarm_tm.tm_sec = from_bcd(value);
+ omap_rtc_alarm_update(s);
+ return;
+
+ case 0x24: /* ALARM_MINUTES_REG */
+#ifdef ALMDEBUG
+ printf("ALM MIN_REG <-- %02x\n", value);
+#endif
+ s->alarm_tm.tm_min = from_bcd(value);
+ omap_rtc_alarm_update(s);
+ return;
+
+ case 0x28: /* ALARM_HOURS_REG */
+#ifdef ALMDEBUG
+ printf("ALM HRS_REG <-- %02x\n", value);
+#endif
+ if (s->pm_am)
+ s->alarm_tm.tm_hour =
+ ((from_bcd(value & 0x3f)) % 12) +
+ ((value >> 7) & 1) * 12;
+ else
+ s->alarm_tm.tm_hour = from_bcd(value);
+ omap_rtc_alarm_update(s);
+ return;
+
+ case 0x2c: /* ALARM_DAYS_REG */
+#ifdef ALMDEBUG
+ printf("ALM DAY_REG <-- %02x\n", value);
+#endif
+ s->alarm_tm.tm_mday = from_bcd(value);
+ omap_rtc_alarm_update(s);
+ return;
+
+ case 0x30: /* ALARM_MONTHS_REG */
+#ifdef ALMDEBUG
+ printf("ALM MON_REG <-- %02x\n", value);
+#endif
+ s->alarm_tm.tm_mon = from_bcd(value);
+ omap_rtc_alarm_update(s);
+ return;
+
+ case 0x34: /* ALARM_YEARS_REG */
+#ifdef ALMDEBUG
+ printf("ALM YRS_REG <-- %02x\n", value);
+#endif
+ s->alarm_tm.tm_year = from_bcd(value);
+ omap_rtc_alarm_update(s);
+ return;
+
+ case 0x40: /* RTC_CTRL_REG */
+#ifdef ALMDEBUG
+ printf("RTC CONTROL <-- %02x\n", value);
+#endif
+ s->pm_am = (value >> 3) & 1;
+ s->auto_comp = (value >> 2) & 1;
+ s->round = (value >> 1) & 1;
+ s->running = value & 1;
+ s->status &= 0xfd;
+ s->status |= s->running << 1;
+ return;
+
+ case 0x44: /* RTC_STATUS_REG */
+#ifdef ALMDEBUG
+ printf("RTC STATUSL <-- %02x\n", value);
+#endif
+ s->status &= ~((value & 0xc0) ^ 0x80);
+ omap_rtc_interrupts_update(s);
+ return;
+
+ case 0x48: /* RTC_INTERRUPTS_REG */
+#ifdef ALMDEBUG
+ printf("RTC INTRS <-- %02x\n", value);
+#endif
+ s->interrupts = value;
+ return;
+
+ case 0x4c: /* RTC_COMP_LSB_REG */
+#ifdef ALMDEBUG
+ printf("RTC COMPLSB <-- %02x\n", value);
+#endif
+ s->comp_reg &= 0xff00;
+ s->comp_reg |= 0x00ff & value;
+ return;
+
+ case 0x50: /* RTC_COMP_MSB_REG */
+#ifdef ALMDEBUG
+ printf("RTC COMPMSB <-- %02x\n", value);
+#endif
+ s->comp_reg &= 0x00ff;
+ s->comp_reg |= 0xff00 & (value << 8);
+ return;
+
+ default:
+ OMAP_BAD_REG(addr);
+ return;
+ }
+}
+
+static const MemoryRegionOps omap_rtc_ops = {
+ .read = omap_rtc_read,
+ .write = omap_rtc_write,
+ .endianness = DEVICE_NATIVE_ENDIAN,
+};
+
+static void omap_rtc_tick(void *opaque)
+{
+ struct omap_rtc_s *s = opaque;
+
+ if (s->round) {
+ /* Round to nearest full minute. */
+ if (s->current_tm.tm_sec < 30)
+ s->ti -= s->current_tm.tm_sec;
+ else
+ s->ti += 60 - s->current_tm.tm_sec;
+
+ s->round = 0;
+ }
+
+ localtime_r(&s->ti, &s->current_tm);
+
+ if ((s->interrupts & 0x08) && s->ti == s->alarm_ti) {
+ s->status |= 0x40;
+ omap_rtc_interrupts_update(s);
+ }
+
+ if (s->interrupts & 0x04)
+ switch (s->interrupts & 3) {
+ case 0:
+ s->status |= 0x04;
+ qemu_irq_pulse(s->irq);
+ break;
+ case 1:
+ if (s->current_tm.tm_sec)
+ break;
+ s->status |= 0x08;
+ qemu_irq_pulse(s->irq);
+ break;
+ case 2:
+ if (s->current_tm.tm_sec || s->current_tm.tm_min)
+ break;
+ s->status |= 0x10;
+ qemu_irq_pulse(s->irq);
+ break;
+ case 3:
+ if (s->current_tm.tm_sec ||
+ s->current_tm.tm_min || s->current_tm.tm_hour)
+ break;
+ s->status |= 0x20;
+ qemu_irq_pulse(s->irq);
+ break;
+ }
+
+ /* Move on */
+ if (s->running)
+ s->ti ++;
+ s->tick += 1000;
+
+ /*
+ * Every full hour add a rough approximation of the compensation
+ * register to the 32kHz Timer (which drives the RTC) value.
+ */
+ if (s->auto_comp && !s->current_tm.tm_sec && !s->current_tm.tm_min)
+ s->tick += s->comp_reg * 1000 / 32768;
+
+ qemu_mod_timer(s->clk, s->tick);
+}
+
+static void omap_rtc_reset(struct omap_rtc_s *s)
+{
+ struct tm tm;
+
+ s->interrupts = 0;
+ s->comp_reg = 0;
+ s->running = 0;
+ s->pm_am = 0;
+ s->auto_comp = 0;
+ s->round = 0;
+ s->tick = qemu_get_clock_ms(rtc_clock);
+ memset(&s->alarm_tm, 0, sizeof(s->alarm_tm));
+ s->alarm_tm.tm_mday = 0x01;
+ s->status = 1 << 7;
+ qemu_get_timedate(&tm, 0);
+ s->ti = mktimegm(&tm);
+
+ omap_rtc_alarm_update(s);
+ omap_rtc_tick(s);
+}
+
+static struct omap_rtc_s *omap_rtc_init(MemoryRegion *system_memory,
+ hwaddr base,
+ qemu_irq timerirq, qemu_irq alarmirq,
+ omap_clk clk)
+{
+ struct omap_rtc_s *s = (struct omap_rtc_s *)
+ g_malloc0(sizeof(struct omap_rtc_s));
+
+ s->irq = timerirq;
+ s->alarm = alarmirq;
+ s->clk = qemu_new_timer_ms(rtc_clock, omap_rtc_tick, s);
+
+ omap_rtc_reset(s);
+
+ memory_region_init_io(&s->iomem, NULL, &omap_rtc_ops, s,
+ "omap-rtc", 0x800);
+ memory_region_add_subregion(system_memory, base, &s->iomem);
+
+ return s;
+}
+
+/* Multi-channel Buffered Serial Port interfaces */
+struct omap_mcbsp_s {
+ MemoryRegion iomem;
+ qemu_irq txirq;
+ qemu_irq rxirq;
+ qemu_irq txdrq;
+ qemu_irq rxdrq;
+
+ uint16_t spcr[2];
+ uint16_t rcr[2];
+ uint16_t xcr[2];
+ uint16_t srgr[2];
+ uint16_t mcr[2];
+ uint16_t pcr;
+ uint16_t rcer[8];
+ uint16_t xcer[8];
+ int tx_rate;
+ int rx_rate;
+ int tx_req;
+ int rx_req;
+
+ I2SCodec *codec;
+ QEMUTimer *source_timer;
+ QEMUTimer *sink_timer;
+};
+
+static void omap_mcbsp_intr_update(struct omap_mcbsp_s *s)
+{
+ int irq;
+
+ switch ((s->spcr[0] >> 4) & 3) { /* RINTM */
+ case 0:
+ irq = (s->spcr[0] >> 1) & 1; /* RRDY */
+ break;
+ case 3:
+ irq = (s->spcr[0] >> 3) & 1; /* RSYNCERR */
+ break;
+ default:
+ irq = 0;
+ break;
+ }
+
+ if (irq)
+ qemu_irq_pulse(s->rxirq);
+
+ switch ((s->spcr[1] >> 4) & 3) { /* XINTM */
+ case 0:
+ irq = (s->spcr[1] >> 1) & 1; /* XRDY */
+ break;
+ case 3:
+ irq = (s->spcr[1] >> 3) & 1; /* XSYNCERR */
+ break;
+ default:
+ irq = 0;
+ break;
+ }
+
+ if (irq)
+ qemu_irq_pulse(s->txirq);
+}
+
+static void omap_mcbsp_rx_newdata(struct omap_mcbsp_s *s)
+{
+ if ((s->spcr[0] >> 1) & 1) /* RRDY */
+ s->spcr[0] |= 1 << 2; /* RFULL */
+ s->spcr[0] |= 1 << 1; /* RRDY */
+ qemu_irq_raise(s->rxdrq);
+ omap_mcbsp_intr_update(s);
+}
+
+static void omap_mcbsp_source_tick(void *opaque)
+{
+ struct omap_mcbsp_s *s = (struct omap_mcbsp_s *) opaque;
+ static const int bps[8] = { 0, 1, 1, 2, 2, 2, -255, -255 };
+
+ if (!s->rx_rate)
+ return;
+ if (s->rx_req)
+ printf("%s: Rx FIFO overrun\n", __FUNCTION__);
+
+ s->rx_req = s->rx_rate << bps[(s->rcr[0] >> 5) & 7];
+
+ omap_mcbsp_rx_newdata(s);
+ qemu_mod_timer(s->source_timer, qemu_get_clock_ns(vm_clock) +
+ get_ticks_per_sec());
+}
+
+static void omap_mcbsp_rx_start(struct omap_mcbsp_s *s)
+{
+ if (!s->codec || !s->codec->rts)
+ omap_mcbsp_source_tick(s);
+ else if (s->codec->in.len) {
+ s->rx_req = s->codec->in.len;
+ omap_mcbsp_rx_newdata(s);
+ }
+}
+
+static void omap_mcbsp_rx_stop(struct omap_mcbsp_s *s)
+{
+ qemu_del_timer(s->source_timer);
+}
+
+static void omap_mcbsp_rx_done(struct omap_mcbsp_s *s)
+{
+ s->spcr[0] &= ~(1 << 1); /* RRDY */
+ qemu_irq_lower(s->rxdrq);
+ omap_mcbsp_intr_update(s);
+}
+
+static void omap_mcbsp_tx_newdata(struct omap_mcbsp_s *s)
+{
+ s->spcr[1] |= 1 << 1; /* XRDY */
+ qemu_irq_raise(s->txdrq);
+ omap_mcbsp_intr_update(s);
+}
+
+static void omap_mcbsp_sink_tick(void *opaque)
+{
+ struct omap_mcbsp_s *s = (struct omap_mcbsp_s *) opaque;
+ static const int bps[8] = { 0, 1, 1, 2, 2, 2, -255, -255 };
+
+ if (!s->tx_rate)
+ return;
+ if (s->tx_req)
+ printf("%s: Tx FIFO underrun\n", __FUNCTION__);
+
+ s->tx_req = s->tx_rate << bps[(s->xcr[0] >> 5) & 7];
+
+ omap_mcbsp_tx_newdata(s);
+ qemu_mod_timer(s->sink_timer, qemu_get_clock_ns(vm_clock) +
+ get_ticks_per_sec());
+}
+
+static void omap_mcbsp_tx_start(struct omap_mcbsp_s *s)
+{
+ if (!s->codec || !s->codec->cts)
+ omap_mcbsp_sink_tick(s);
+ else if (s->codec->out.size) {
+ s->tx_req = s->codec->out.size;
+ omap_mcbsp_tx_newdata(s);
+ }
+}
+
+static void omap_mcbsp_tx_done(struct omap_mcbsp_s *s)
+{
+ s->spcr[1] &= ~(1 << 1); /* XRDY */
+ qemu_irq_lower(s->txdrq);
+ omap_mcbsp_intr_update(s);
+ if (s->codec && s->codec->cts)
+ s->codec->tx_swallow(s->codec->opaque);
+}
+
+static void omap_mcbsp_tx_stop(struct omap_mcbsp_s *s)
+{
+ s->tx_req = 0;
+ omap_mcbsp_tx_done(s);
+ qemu_del_timer(s->sink_timer);
+}
+
+static void omap_mcbsp_req_update(struct omap_mcbsp_s *s)
+{
+ int prev_rx_rate, prev_tx_rate;
+ int rx_rate = 0, tx_rate = 0;
+ int cpu_rate = 1500000; /* XXX */
+
+ /* TODO: check CLKSTP bit */
+ if (s->spcr[1] & (1 << 6)) { /* GRST */
+ if (s->spcr[0] & (1 << 0)) { /* RRST */
+ if ((s->srgr[1] & (1 << 13)) && /* CLKSM */
+ (s->pcr & (1 << 8))) { /* CLKRM */
+ if (~s->pcr & (1 << 7)) /* SCLKME */
+ rx_rate = cpu_rate /
+ ((s->srgr[0] & 0xff) + 1); /* CLKGDV */
+ } else
+ if (s->codec)
+ rx_rate = s->codec->rx_rate;
+ }
+
+ if (s->spcr[1] & (1 << 0)) { /* XRST */
+ if ((s->srgr[1] & (1 << 13)) && /* CLKSM */
+ (s->pcr & (1 << 9))) { /* CLKXM */
+ if (~s->pcr & (1 << 7)) /* SCLKME */
+ tx_rate = cpu_rate /
+ ((s->srgr[0] & 0xff) + 1); /* CLKGDV */
+ } else
+ if (s->codec)
+ tx_rate = s->codec->tx_rate;
+ }
+ }
+ prev_tx_rate = s->tx_rate;
+ prev_rx_rate = s->rx_rate;
+ s->tx_rate = tx_rate;
+ s->rx_rate = rx_rate;
+
+ if (s->codec)
+ s->codec->set_rate(s->codec->opaque, rx_rate, tx_rate);
+
+ if (!prev_tx_rate && tx_rate)
+ omap_mcbsp_tx_start(s);
+ else if (s->tx_rate && !tx_rate)
+ omap_mcbsp_tx_stop(s);
+
+ if (!prev_rx_rate && rx_rate)
+ omap_mcbsp_rx_start(s);
+ else if (prev_tx_rate && !tx_rate)
+ omap_mcbsp_rx_stop(s);
+}
+
+static uint64_t omap_mcbsp_read(void *opaque, hwaddr addr,
+ unsigned size)
+{
+ struct omap_mcbsp_s *s = (struct omap_mcbsp_s *) opaque;
+ int offset = addr & OMAP_MPUI_REG_MASK;
+ uint16_t ret;
+
+ if (size != 2) {
+ return omap_badwidth_read16(opaque, addr);
+ }
+
+ switch (offset) {
+ case 0x00: /* DRR2 */
+ if (((s->rcr[0] >> 5) & 7) < 3) /* RWDLEN1 */
+ return 0x0000;
+ /* Fall through. */
+ case 0x02: /* DRR1 */
+ if (s->rx_req < 2) {
+ printf("%s: Rx FIFO underrun\n", __FUNCTION__);
+ omap_mcbsp_rx_done(s);
+ } else {
+ s->tx_req -= 2;
+ if (s->codec && s->codec->in.len >= 2) {
+ ret = s->codec->in.fifo[s->codec->in.start ++] << 8;
+ ret |= s->codec->in.fifo[s->codec->in.start ++];
+ s->codec->in.len -= 2;
+ } else
+ ret = 0x0000;
+ if (!s->tx_req)
+ omap_mcbsp_rx_done(s);
+ return ret;
+ }
+ return 0x0000;
+
+ case 0x04: /* DXR2 */
+ case 0x06: /* DXR1 */
+ return 0x0000;
+
+ case 0x08: /* SPCR2 */
+ return s->spcr[1];
+ case 0x0a: /* SPCR1 */
+ return s->spcr[0];
+ case 0x0c: /* RCR2 */
+ return s->rcr[1];
+ case 0x0e: /* RCR1 */
+ return s->rcr[0];
+ case 0x10: /* XCR2 */
+ return s->xcr[1];
+ case 0x12: /* XCR1 */
+ return s->xcr[0];
+ case 0x14: /* SRGR2 */
+ return s->srgr[1];
+ case 0x16: /* SRGR1 */
+ return s->srgr[0];
+ case 0x18: /* MCR2 */
+ return s->mcr[1];
+ case 0x1a: /* MCR1 */
+ return s->mcr[0];
+ case 0x1c: /* RCERA */
+ return s->rcer[0];
+ case 0x1e: /* RCERB */
+ return s->rcer[1];
+ case 0x20: /* XCERA */
+ return s->xcer[0];
+ case 0x22: /* XCERB */
+ return s->xcer[1];
+ case 0x24: /* PCR0 */
+ return s->pcr;
+ case 0x26: /* RCERC */
+ return s->rcer[2];
+ case 0x28: /* RCERD */
+ return s->rcer[3];
+ case 0x2a: /* XCERC */
+ return s->xcer[2];
+ case 0x2c: /* XCERD */
+ return s->xcer[3];
+ case 0x2e: /* RCERE */
+ return s->rcer[4];
+ case 0x30: /* RCERF */
+ return s->rcer[5];
+ case 0x32: /* XCERE */
+ return s->xcer[4];
+ case 0x34: /* XCERF */
+ return s->xcer[5];
+ case 0x36: /* RCERG */
+ return s->rcer[6];
+ case 0x38: /* RCERH */
+ return s->rcer[7];
+ case 0x3a: /* XCERG */
+ return s->xcer[6];
+ case 0x3c: /* XCERH */
+ return s->xcer[7];
+ }
+
+ OMAP_BAD_REG(addr);
+ return 0;
+}
+
+static void omap_mcbsp_writeh(void *opaque, hwaddr addr,
+ uint32_t value)
+{
+ struct omap_mcbsp_s *s = (struct omap_mcbsp_s *) opaque;
+ int offset = addr & OMAP_MPUI_REG_MASK;
+
+ switch (offset) {
+ case 0x00: /* DRR2 */
+ case 0x02: /* DRR1 */
+ OMAP_RO_REG(addr);
+ return;
+
+ case 0x04: /* DXR2 */
+ if (((s->xcr[0] >> 5) & 7) < 3) /* XWDLEN1 */
+ return;
+ /* Fall through. */
+ case 0x06: /* DXR1 */
+ if (s->tx_req > 1) {
+ s->tx_req -= 2;
+ if (s->codec && s->codec->cts) {
+ s->codec->out.fifo[s->codec->out.len ++] = (value >> 8) & 0xff;
+ s->codec->out.fifo[s->codec->out.len ++] = (value >> 0) & 0xff;
+ }
+ if (s->tx_req < 2)
+ omap_mcbsp_tx_done(s);
+ } else
+ printf("%s: Tx FIFO overrun\n", __FUNCTION__);
+ return;
+
+ case 0x08: /* SPCR2 */
+ s->spcr[1] &= 0x0002;
+ s->spcr[1] |= 0x03f9 & value;
+ s->spcr[1] |= 0x0004 & (value << 2); /* XEMPTY := XRST */
+ if (~value & 1) /* XRST */
+ s->spcr[1] &= ~6;
+ omap_mcbsp_req_update(s);
+ return;
+ case 0x0a: /* SPCR1 */
+ s->spcr[0] &= 0x0006;
+ s->spcr[0] |= 0xf8f9 & value;
+ if (value & (1 << 15)) /* DLB */
+ printf("%s: Digital Loopback mode enable attempt\n", __FUNCTION__);
+ if (~value & 1) { /* RRST */
+ s->spcr[0] &= ~6;
+ s->rx_req = 0;
+ omap_mcbsp_rx_done(s);
+ }
+ omap_mcbsp_req_update(s);
+ return;
+
+ case 0x0c: /* RCR2 */
+ s->rcr[1] = value & 0xffff;
+ return;
+ case 0x0e: /* RCR1 */
+ s->rcr[0] = value & 0x7fe0;
+ return;
+ case 0x10: /* XCR2 */
+ s->xcr[1] = value & 0xffff;
+ return;
+ case 0x12: /* XCR1 */
+ s->xcr[0] = value & 0x7fe0;
+ return;
+ case 0x14: /* SRGR2 */
+ s->srgr[1] = value & 0xffff;
+ omap_mcbsp_req_update(s);
+ return;
+ case 0x16: /* SRGR1 */
+ s->srgr[0] = value & 0xffff;
+ omap_mcbsp_req_update(s);
+ return;
+ case 0x18: /* MCR2 */
+ s->mcr[1] = value & 0x03e3;
+ if (value & 3) /* XMCM */
+ printf("%s: Tx channel selection mode enable attempt\n",
+ __FUNCTION__);
+ return;
+ case 0x1a: /* MCR1 */
+ s->mcr[0] = value & 0x03e1;
+ if (value & 1) /* RMCM */
+ printf("%s: Rx channel selection mode enable attempt\n",
+ __FUNCTION__);
+ return;
+ case 0x1c: /* RCERA */
+ s->rcer[0] = value & 0xffff;
+ return;
+ case 0x1e: /* RCERB */
+ s->rcer[1] = value & 0xffff;
+ return;
+ case 0x20: /* XCERA */
+ s->xcer[0] = value & 0xffff;
+ return;
+ case 0x22: /* XCERB */
+ s->xcer[1] = value & 0xffff;
+ return;
+ case 0x24: /* PCR0 */
+ s->pcr = value & 0x7faf;
+ return;
+ case 0x26: /* RCERC */
+ s->rcer[2] = value & 0xffff;
+ return;
+ case 0x28: /* RCERD */
+ s->rcer[3] = value & 0xffff;
+ return;
+ case 0x2a: /* XCERC */
+ s->xcer[2] = value & 0xffff;
+ return;
+ case 0x2c: /* XCERD */
+ s->xcer[3] = value & 0xffff;
+ return;
+ case 0x2e: /* RCERE */
+ s->rcer[4] = value & 0xffff;
+ return;
+ case 0x30: /* RCERF */
+ s->rcer[5] = value & 0xffff;
+ return;
+ case 0x32: /* XCERE */
+ s->xcer[4] = value & 0xffff;
+ return;
+ case 0x34: /* XCERF */
+ s->xcer[5] = value & 0xffff;
+ return;
+ case 0x36: /* RCERG */
+ s->rcer[6] = value & 0xffff;
+ return;
+ case 0x38: /* RCERH */
+ s->rcer[7] = value & 0xffff;
+ return;
+ case 0x3a: /* XCERG */
+ s->xcer[6] = value & 0xffff;
+ return;
+ case 0x3c: /* XCERH */
+ s->xcer[7] = value & 0xffff;
+ return;
+ }
+
+ OMAP_BAD_REG(addr);
+}
+
+static void omap_mcbsp_writew(void *opaque, hwaddr addr,
+ uint32_t value)
+{
+ struct omap_mcbsp_s *s = (struct omap_mcbsp_s *) opaque;
+ int offset = addr & OMAP_MPUI_REG_MASK;
+
+ if (offset == 0x04) { /* DXR */
+ if (((s->xcr[0] >> 5) & 7) < 3) /* XWDLEN1 */
+ return;
+ if (s->tx_req > 3) {
+ s->tx_req -= 4;
+ if (s->codec && s->codec->cts) {
+ s->codec->out.fifo[s->codec->out.len ++] =
+ (value >> 24) & 0xff;
+ s->codec->out.fifo[s->codec->out.len ++] =
+ (value >> 16) & 0xff;
+ s->codec->out.fifo[s->codec->out.len ++] =
+ (value >> 8) & 0xff;
+ s->codec->out.fifo[s->codec->out.len ++] =
+ (value >> 0) & 0xff;
+ }
+ if (s->tx_req < 4)
+ omap_mcbsp_tx_done(s);
+ } else
+ printf("%s: Tx FIFO overrun\n", __FUNCTION__);
+ return;
+ }
+
+ omap_badwidth_write16(opaque, addr, value);
+}
+
+static void omap_mcbsp_write(void *opaque, hwaddr addr,
+ uint64_t value, unsigned size)
+{
+ switch (size) {
+ case 2: return omap_mcbsp_writeh(opaque, addr, value);
+ case 4: return omap_mcbsp_writew(opaque, addr, value);
+ default: return omap_badwidth_write16(opaque, addr, value);
+ }
+}
+
+static const MemoryRegionOps omap_mcbsp_ops = {
+ .read = omap_mcbsp_read,
+ .write = omap_mcbsp_write,
+ .endianness = DEVICE_NATIVE_ENDIAN,
+};
+
+static void omap_mcbsp_reset(struct omap_mcbsp_s *s)
+{
+ memset(&s->spcr, 0, sizeof(s->spcr));
+ memset(&s->rcr, 0, sizeof(s->rcr));
+ memset(&s->xcr, 0, sizeof(s->xcr));
+ s->srgr[0] = 0x0001;
+ s->srgr[1] = 0x2000;
+ memset(&s->mcr, 0, sizeof(s->mcr));
+ memset(&s->pcr, 0, sizeof(s->pcr));
+ memset(&s->rcer, 0, sizeof(s->rcer));
+ memset(&s->xcer, 0, sizeof(s->xcer));
+ s->tx_req = 0;
+ s->rx_req = 0;
+ s->tx_rate = 0;
+ s->rx_rate = 0;
+ qemu_del_timer(s->source_timer);
+ qemu_del_timer(s->sink_timer);
+}
+
+static struct omap_mcbsp_s *omap_mcbsp_init(MemoryRegion *system_memory,
+ hwaddr base,
+ qemu_irq txirq, qemu_irq rxirq,
+ qemu_irq *dma, omap_clk clk)
+{
+ struct omap_mcbsp_s *s = (struct omap_mcbsp_s *)
+ g_malloc0(sizeof(struct omap_mcbsp_s));
+
+ s->txirq = txirq;
+ s->rxirq = rxirq;
+ s->txdrq = dma[0];
+ s->rxdrq = dma[1];
+ s->sink_timer = qemu_new_timer_ns(vm_clock, omap_mcbsp_sink_tick, s);
+ s->source_timer = qemu_new_timer_ns(vm_clock, omap_mcbsp_source_tick, s);
+ omap_mcbsp_reset(s);
+
+ memory_region_init_io(&s->iomem, NULL, &omap_mcbsp_ops, s, "omap-mcbsp", 0x800);
+ memory_region_add_subregion(system_memory, base, &s->iomem);
+
+ return s;
+}
+
+static void omap_mcbsp_i2s_swallow(void *opaque, int line, int level)
+{
+ struct omap_mcbsp_s *s = (struct omap_mcbsp_s *) opaque;
+
+ if (s->rx_rate) {
+ s->rx_req = s->codec->in.len;
+ omap_mcbsp_rx_newdata(s);
+ }
+}
+
+static void omap_mcbsp_i2s_start(void *opaque, int line, int level)
+{
+ struct omap_mcbsp_s *s = (struct omap_mcbsp_s *) opaque;
+
+ if (s->tx_rate) {
+ s->tx_req = s->codec->out.size;
+ omap_mcbsp_tx_newdata(s);
+ }
+}
+
+void omap_mcbsp_i2s_attach(struct omap_mcbsp_s *s, I2SCodec *slave)
+{
+ s->codec = slave;
+ slave->rx_swallow = qemu_allocate_irqs(omap_mcbsp_i2s_swallow, s, 1)[0];
+ slave->tx_start = qemu_allocate_irqs(omap_mcbsp_i2s_start, s, 1)[0];
+}
+
+/* LED Pulse Generators */
+struct omap_lpg_s {
+ MemoryRegion iomem;
+ QEMUTimer *tm;
+
+ uint8_t control;
+ uint8_t power;
+ int64_t on;
+ int64_t period;
+ int clk;
+ int cycle;
+};
+
+static void omap_lpg_tick(void *opaque)
+{
+ struct omap_lpg_s *s = opaque;
+
+ if (s->cycle)
+ qemu_mod_timer(s->tm, qemu_get_clock_ms(vm_clock) + s->period - s->on);
+ else
+ qemu_mod_timer(s->tm, qemu_get_clock_ms(vm_clock) + s->on);
+
+ s->cycle = !s->cycle;
+ printf("%s: LED is %s\n", __FUNCTION__, s->cycle ? "on" : "off");
+}
+
+static void omap_lpg_update(struct omap_lpg_s *s)
+{
+ int64_t on, period = 1, ticks = 1000;
+ static const int per[8] = { 1, 2, 4, 8, 12, 16, 20, 24 };
+
+ if (~s->control & (1 << 6)) /* LPGRES */
+ on = 0;
+ else if (s->control & (1 << 7)) /* PERM_ON */
+ on = period;
+ else {
+ period = muldiv64(ticks, per[s->control & 7], /* PERCTRL */
+ 256 / 32);
+ on = (s->clk && s->power) ? muldiv64(ticks,
+ per[(s->control >> 3) & 7], 256) : 0; /* ONCTRL */
+ }
+
+ qemu_del_timer(s->tm);
+ if (on == period && s->on < s->period)
+ printf("%s: LED is on\n", __FUNCTION__);
+ else if (on == 0 && s->on)
+ printf("%s: LED is off\n", __FUNCTION__);
+ else if (on && (on != s->on || period != s->period)) {
+ s->cycle = 0;
+ s->on = on;
+ s->period = period;
+ omap_lpg_tick(s);
+ return;
+ }
+
+ s->on = on;
+ s->period = period;
+}
+
+static void omap_lpg_reset(struct omap_lpg_s *s)
+{
+ s->control = 0x00;
+ s->power = 0x00;
+ s->clk = 1;
+ omap_lpg_update(s);
+}
+
+static uint64_t omap_lpg_read(void *opaque, hwaddr addr,
+ unsigned size)
+{
+ struct omap_lpg_s *s = (struct omap_lpg_s *) opaque;
+ int offset = addr & OMAP_MPUI_REG_MASK;
+
+ if (size != 1) {
+ return omap_badwidth_read8(opaque, addr);
+ }
+
+ switch (offset) {
+ case 0x00: /* LCR */
+ return s->control;
+
+ case 0x04: /* PMR */
+ return s->power;
+ }
+
+ OMAP_BAD_REG(addr);
+ return 0;
+}
+
+static void omap_lpg_write(void *opaque, hwaddr addr,
+ uint64_t value, unsigned size)
+{
+ struct omap_lpg_s *s = (struct omap_lpg_s *) opaque;
+ int offset = addr & OMAP_MPUI_REG_MASK;
+
+ if (size != 1) {
+ return omap_badwidth_write8(opaque, addr, value);
+ }
+
+ switch (offset) {
+ case 0x00: /* LCR */
+ if (~value & (1 << 6)) /* LPGRES */
+ omap_lpg_reset(s);
+ s->control = value & 0xff;
+ omap_lpg_update(s);
+ return;
+
+ case 0x04: /* PMR */
+ s->power = value & 0x01;
+ omap_lpg_update(s);
+ return;
+
+ default:
+ OMAP_BAD_REG(addr);
+ return;
+ }
+}
+
+static const MemoryRegionOps omap_lpg_ops = {
+ .read = omap_lpg_read,
+ .write = omap_lpg_write,
+ .endianness = DEVICE_NATIVE_ENDIAN,
+};
+
+static void omap_lpg_clk_update(void *opaque, int line, int on)
+{
+ struct omap_lpg_s *s = (struct omap_lpg_s *) opaque;
+
+ s->clk = on;
+ omap_lpg_update(s);
+}
+
+static struct omap_lpg_s *omap_lpg_init(MemoryRegion *system_memory,
+ hwaddr base, omap_clk clk)
+{
+ struct omap_lpg_s *s = (struct omap_lpg_s *)
+ g_malloc0(sizeof(struct omap_lpg_s));
+
+ s->tm = qemu_new_timer_ms(vm_clock, omap_lpg_tick, s);
+
+ omap_lpg_reset(s);
+
+ memory_region_init_io(&s->iomem, NULL, &omap_lpg_ops, s, "omap-lpg", 0x800);
+ memory_region_add_subregion(system_memory, base, &s->iomem);
+
+ omap_clk_adduser(clk, qemu_allocate_irqs(omap_lpg_clk_update, s, 1)[0]);
+
+ return s;
+}
+
+/* MPUI Peripheral Bridge configuration */
+static uint64_t omap_mpui_io_read(void *opaque, hwaddr addr,
+ unsigned size)
+{
+ if (size != 2) {
+ return omap_badwidth_read16(opaque, addr);
+ }
+
+ if (addr == OMAP_MPUI_BASE) /* CMR */
+ return 0xfe4d;
+
+ OMAP_BAD_REG(addr);
+ return 0;
+}
+
+static void omap_mpui_io_write(void *opaque, hwaddr addr,
+ uint64_t value, unsigned size)
+{
+ /* FIXME: infinite loop */
+ omap_badwidth_write16(opaque, addr, value);
+}
+
+static const MemoryRegionOps omap_mpui_io_ops = {
+ .read = omap_mpui_io_read,
+ .write = omap_mpui_io_write,
+ .endianness = DEVICE_NATIVE_ENDIAN,
+};
+
+static void omap_setup_mpui_io(MemoryRegion *system_memory,
+ struct omap_mpu_state_s *mpu)
+{
+ memory_region_init_io(&mpu->mpui_io_iomem, NULL, &omap_mpui_io_ops, mpu,
+ "omap-mpui-io", 0x7fff);
+ memory_region_add_subregion(system_memory, OMAP_MPUI_BASE,
+ &mpu->mpui_io_iomem);
+}
+
+/* General chip reset */
+static void omap1_mpu_reset(void *opaque)
+{
+ struct omap_mpu_state_s *mpu = (struct omap_mpu_state_s *) opaque;
+
+ omap_dma_reset(mpu->dma);
+ omap_mpu_timer_reset(mpu->timer[0]);
+ omap_mpu_timer_reset(mpu->timer[1]);
+ omap_mpu_timer_reset(mpu->timer[2]);
+ omap_wd_timer_reset(mpu->wdt);
+ omap_os_timer_reset(mpu->os_timer);
+ omap_lcdc_reset(mpu->lcd);
+ omap_ulpd_pm_reset(mpu);
+ omap_pin_cfg_reset(mpu);
+ omap_mpui_reset(mpu);
+ omap_tipb_bridge_reset(mpu->private_tipb);
+ omap_tipb_bridge_reset(mpu->public_tipb);
+ omap_dpll_reset(mpu->dpll[0]);
+ omap_dpll_reset(mpu->dpll[1]);
+ omap_dpll_reset(mpu->dpll[2]);
+ omap_uart_reset(mpu->uart[0]);
+ omap_uart_reset(mpu->uart[1]);
+ omap_uart_reset(mpu->uart[2]);
+ omap_mmc_reset(mpu->mmc);
+ omap_mpuio_reset(mpu->mpuio);
+ omap_uwire_reset(mpu->microwire);
+ omap_pwl_reset(mpu->pwl);
+ omap_pwt_reset(mpu->pwt);
+ omap_rtc_reset(mpu->rtc);
+ omap_mcbsp_reset(mpu->mcbsp1);
+ omap_mcbsp_reset(mpu->mcbsp2);
+ omap_mcbsp_reset(mpu->mcbsp3);
+ omap_lpg_reset(mpu->led[0]);
+ omap_lpg_reset(mpu->led[1]);
+ omap_clkm_reset(mpu);
+ cpu_reset(CPU(mpu->cpu));
+}
+
+static const struct omap_map_s {
+ hwaddr phys_dsp;
+ hwaddr phys_mpu;
+ uint32_t size;
+ const char *name;
+} omap15xx_dsp_mm[] = {
+ /* Strobe 0 */
+ { 0xe1010000, 0xfffb0000, 0x800, "UART1 BT" }, /* CS0 */
+ { 0xe1010800, 0xfffb0800, 0x800, "UART2 COM" }, /* CS1 */
+ { 0xe1011800, 0xfffb1800, 0x800, "McBSP1 audio" }, /* CS3 */
+ { 0xe1012000, 0xfffb2000, 0x800, "MCSI2 communication" }, /* CS4 */
+ { 0xe1012800, 0xfffb2800, 0x800, "MCSI1 BT u-Law" }, /* CS5 */
+ { 0xe1013000, 0xfffb3000, 0x800, "uWire" }, /* CS6 */
+ { 0xe1013800, 0xfffb3800, 0x800, "I^2C" }, /* CS7 */
+ { 0xe1014000, 0xfffb4000, 0x800, "USB W2FC" }, /* CS8 */
+ { 0xe1014800, 0xfffb4800, 0x800, "RTC" }, /* CS9 */
+ { 0xe1015000, 0xfffb5000, 0x800, "MPUIO" }, /* CS10 */
+ { 0xe1015800, 0xfffb5800, 0x800, "PWL" }, /* CS11 */
+ { 0xe1016000, 0xfffb6000, 0x800, "PWT" }, /* CS12 */
+ { 0xe1017000, 0xfffb7000, 0x800, "McBSP3" }, /* CS14 */
+ { 0xe1017800, 0xfffb7800, 0x800, "MMC" }, /* CS15 */
+ { 0xe1019000, 0xfffb9000, 0x800, "32-kHz timer" }, /* CS18 */
+ { 0xe1019800, 0xfffb9800, 0x800, "UART3" }, /* CS19 */
+ { 0xe101c800, 0xfffbc800, 0x800, "TIPB switches" }, /* CS25 */
+ /* Strobe 1 */
+ { 0xe101e000, 0xfffce000, 0x800, "GPIOs" }, /* CS28 */
+
+ { 0 }
+};
+
+static void omap_setup_dsp_mapping(MemoryRegion *system_memory,
+ const struct omap_map_s *map)
+{
+ MemoryRegion *io;
+
+ for (; map->phys_dsp; map ++) {
+ io = g_new(MemoryRegion, 1);
+ memory_region_init_alias(io, NULL, map->name,
+ system_memory, map->phys_mpu, map->size);
+ memory_region_add_subregion(system_memory, map->phys_dsp, io);
+ }
+}
+
+void omap_mpu_wakeup(void *opaque, int irq, int req)
+{
+ struct omap_mpu_state_s *mpu = (struct omap_mpu_state_s *) opaque;
+ CPUState *cpu = CPU(mpu->cpu);
+
+ if (cpu->halted) {
+ cpu_interrupt(cpu, CPU_INTERRUPT_EXITTB);
+ }
+}
+
+static const struct dma_irq_map omap1_dma_irq_map[] = {
+ { 0, OMAP_INT_DMA_CH0_6 },
+ { 0, OMAP_INT_DMA_CH1_7 },
+ { 0, OMAP_INT_DMA_CH2_8 },
+ { 0, OMAP_INT_DMA_CH3 },
+ { 0, OMAP_INT_DMA_CH4 },
+ { 0, OMAP_INT_DMA_CH5 },
+ { 1, OMAP_INT_1610_DMA_CH6 },
+ { 1, OMAP_INT_1610_DMA_CH7 },
+ { 1, OMAP_INT_1610_DMA_CH8 },
+ { 1, OMAP_INT_1610_DMA_CH9 },
+ { 1, OMAP_INT_1610_DMA_CH10 },
+ { 1, OMAP_INT_1610_DMA_CH11 },
+ { 1, OMAP_INT_1610_DMA_CH12 },
+ { 1, OMAP_INT_1610_DMA_CH13 },
+ { 1, OMAP_INT_1610_DMA_CH14 },
+ { 1, OMAP_INT_1610_DMA_CH15 }
+};
+
+/* DMA ports for OMAP1 */
+static int omap_validate_emiff_addr(struct omap_mpu_state_s *s,
+ hwaddr addr)
+{
+ return range_covers_byte(OMAP_EMIFF_BASE, s->sdram_size, addr);
+}
+
+static int omap_validate_emifs_addr(struct omap_mpu_state_s *s,
+ hwaddr addr)
+{
+ return range_covers_byte(OMAP_EMIFS_BASE, OMAP_EMIFF_BASE - OMAP_EMIFS_BASE,
+ addr);
+}
+
+static int omap_validate_imif_addr(struct omap_mpu_state_s *s,
+ hwaddr addr)
+{
+ return range_covers_byte(OMAP_IMIF_BASE, s->sram_size, addr);
+}
+
+static int omap_validate_tipb_addr(struct omap_mpu_state_s *s,
+ hwaddr addr)
+{
+ return range_covers_byte(0xfffb0000, 0xffff0000 - 0xfffb0000, addr);
+}
+
+static int omap_validate_local_addr(struct omap_mpu_state_s *s,
+ hwaddr addr)
+{
+ return range_covers_byte(OMAP_LOCALBUS_BASE, 0x1000000, addr);
+}
+
+static int omap_validate_tipb_mpui_addr(struct omap_mpu_state_s *s,
+ hwaddr addr)
+{
+ return range_covers_byte(0xe1010000, 0xe1020004 - 0xe1010000, addr);
+}
+
+struct omap_mpu_state_s *omap310_mpu_init(MemoryRegion *system_memory,
+ unsigned long sdram_size,
+ const char *core)
+{
+ int i;
+ struct omap_mpu_state_s *s = (struct omap_mpu_state_s *)
+ g_malloc0(sizeof(struct omap_mpu_state_s));
+ qemu_irq *cpu_irq;
+ qemu_irq dma_irqs[6];
+ DriveInfo *dinfo;
+ SysBusDevice *busdev;
+
+ if (!core)
+ core = "ti925t";
+
+ /* Core */
+ s->mpu_model = omap310;
+ s->cpu = cpu_arm_init(core);
+ if (s->cpu == NULL) {
+ fprintf(stderr, "Unable to find CPU definition\n");
+ exit(1);
+ }
+ s->sdram_size = sdram_size;
+ s->sram_size = OMAP15XX_SRAM_SIZE;
+
+ s->wakeup = qemu_allocate_irqs(omap_mpu_wakeup, s, 1)[0];
+
+ /* Clocks */
+ omap_clk_init(s);
+
+ /* Memory-mapped stuff */
+ memory_region_init_ram(&s->emiff_ram, NULL, "omap1.dram", s->sdram_size);
+ vmstate_register_ram_global(&s->emiff_ram);
+ memory_region_add_subregion(system_memory, OMAP_EMIFF_BASE, &s->emiff_ram);
+ memory_region_init_ram(&s->imif_ram, NULL, "omap1.sram", s->sram_size);
+ vmstate_register_ram_global(&s->imif_ram);
+ memory_region_add_subregion(system_memory, OMAP_IMIF_BASE, &s->imif_ram);
+
+ omap_clkm_init(system_memory, 0xfffece00, 0xe1008000, s);
+
+ cpu_irq = arm_pic_init_cpu(s->cpu);
+ s->ih[0] = qdev_create(NULL, "omap-intc");
+ qdev_prop_set_uint32(s->ih[0], "size", 0x100);
+ qdev_prop_set_ptr(s->ih[0], "clk", omap_findclk(s, "arminth_ck"));
+ qdev_init_nofail(s->ih[0]);
+ busdev = SYS_BUS_DEVICE(s->ih[0]);
+ sysbus_connect_irq(busdev, 0, cpu_irq[ARM_PIC_CPU_IRQ]);
+ sysbus_connect_irq(busdev, 1, cpu_irq[ARM_PIC_CPU_FIQ]);
+ sysbus_mmio_map(busdev, 0, 0xfffecb00);
+ s->ih[1] = qdev_create(NULL, "omap-intc");
+ qdev_prop_set_uint32(s->ih[1], "size", 0x800);
+ qdev_prop_set_ptr(s->ih[1], "clk", omap_findclk(s, "arminth_ck"));
+ qdev_init_nofail(s->ih[1]);
+ busdev = SYS_BUS_DEVICE(s->ih[1]);
+ sysbus_connect_irq(busdev, 0,
+ qdev_get_gpio_in(s->ih[0], OMAP_INT_15XX_IH2_IRQ));
+ /* The second interrupt controller's FIQ output is not wired up */
+ sysbus_mmio_map(busdev, 0, 0xfffe0000);
+
+ for (i = 0; i < 6; i++) {
+ dma_irqs[i] = qdev_get_gpio_in(s->ih[omap1_dma_irq_map[i].ih],
+ omap1_dma_irq_map[i].intr);
+ }
+ s->dma = omap_dma_init(0xfffed800, dma_irqs, system_memory,
+ qdev_get_gpio_in(s->ih[0], OMAP_INT_DMA_LCD),
+ s, omap_findclk(s, "dma_ck"), omap_dma_3_1);
+
+ s->port[emiff ].addr_valid = omap_validate_emiff_addr;
+ s->port[emifs ].addr_valid = omap_validate_emifs_addr;
+ s->port[imif ].addr_valid = omap_validate_imif_addr;
+ s->port[tipb ].addr_valid = omap_validate_tipb_addr;
+ s->port[local ].addr_valid = omap_validate_local_addr;
+ s->port[tipb_mpui].addr_valid = omap_validate_tipb_mpui_addr;
+
+ /* Register SDRAM and SRAM DMA ports for fast transfers. */
+ soc_dma_port_add_mem(s->dma, memory_region_get_ram_ptr(&s->emiff_ram),
+ OMAP_EMIFF_BASE, s->sdram_size);
+ soc_dma_port_add_mem(s->dma, memory_region_get_ram_ptr(&s->imif_ram),
+ OMAP_IMIF_BASE, s->sram_size);
+
+ s->timer[0] = omap_mpu_timer_init(system_memory, 0xfffec500,
+ qdev_get_gpio_in(s->ih[0], OMAP_INT_TIMER1),
+ omap_findclk(s, "mputim_ck"));
+ s->timer[1] = omap_mpu_timer_init(system_memory, 0xfffec600,
+ qdev_get_gpio_in(s->ih[0], OMAP_INT_TIMER2),
+ omap_findclk(s, "mputim_ck"));
+ s->timer[2] = omap_mpu_timer_init(system_memory, 0xfffec700,
+ qdev_get_gpio_in(s->ih[0], OMAP_INT_TIMER3),
+ omap_findclk(s, "mputim_ck"));
+
+ s->wdt = omap_wd_timer_init(system_memory, 0xfffec800,
+ qdev_get_gpio_in(s->ih[0], OMAP_INT_WD_TIMER),
+ omap_findclk(s, "armwdt_ck"));
+
+ s->os_timer = omap_os_timer_init(system_memory, 0xfffb9000,
+ qdev_get_gpio_in(s->ih[1], OMAP_INT_OS_TIMER),
+ omap_findclk(s, "clk32-kHz"));
+
+ s->lcd = omap_lcdc_init(system_memory, 0xfffec000,
+ qdev_get_gpio_in(s->ih[0], OMAP_INT_LCD_CTRL),
+ omap_dma_get_lcdch(s->dma),
+ omap_findclk(s, "lcd_ck"));
+
+ omap_ulpd_pm_init(system_memory, 0xfffe0800, s);
+ omap_pin_cfg_init(system_memory, 0xfffe1000, s);
+ omap_id_init(system_memory, s);
+
+ omap_mpui_init(system_memory, 0xfffec900, s);
+
+ s->private_tipb = omap_tipb_bridge_init(system_memory, 0xfffeca00,
+ qdev_get_gpio_in(s->ih[0], OMAP_INT_BRIDGE_PRIV),
+ omap_findclk(s, "tipb_ck"));
+ s->public_tipb = omap_tipb_bridge_init(system_memory, 0xfffed300,
+ qdev_get_gpio_in(s->ih[0], OMAP_INT_BRIDGE_PUB),
+ omap_findclk(s, "tipb_ck"));
+
+ omap_tcmi_init(system_memory, 0xfffecc00, s);
+
+ s->uart[0] = omap_uart_init(0xfffb0000,
+ qdev_get_gpio_in(s->ih[1], OMAP_INT_UART1),
+ omap_findclk(s, "uart1_ck"),
+ omap_findclk(s, "uart1_ck"),
+ s->drq[OMAP_DMA_UART1_TX], s->drq[OMAP_DMA_UART1_RX],
+ "uart1",
+ serial_hds[0]);
+ s->uart[1] = omap_uart_init(0xfffb0800,
+ qdev_get_gpio_in(s->ih[1], OMAP_INT_UART2),
+ omap_findclk(s, "uart2_ck"),
+ omap_findclk(s, "uart2_ck"),
+ s->drq[OMAP_DMA_UART2_TX], s->drq[OMAP_DMA_UART2_RX],
+ "uart2",
+ serial_hds[0] ? serial_hds[1] : NULL);
+ s->uart[2] = omap_uart_init(0xfffb9800,
+ qdev_get_gpio_in(s->ih[0], OMAP_INT_UART3),
+ omap_findclk(s, "uart3_ck"),
+ omap_findclk(s, "uart3_ck"),
+ s->drq[OMAP_DMA_UART3_TX], s->drq[OMAP_DMA_UART3_RX],
+ "uart3",
+ serial_hds[0] && serial_hds[1] ? serial_hds[2] : NULL);
+
+ s->dpll[0] = omap_dpll_init(system_memory, 0xfffecf00,
+ omap_findclk(s, "dpll1"));
+ s->dpll[1] = omap_dpll_init(system_memory, 0xfffed000,
+ omap_findclk(s, "dpll2"));
+ s->dpll[2] = omap_dpll_init(system_memory, 0xfffed100,
+ omap_findclk(s, "dpll3"));
+
+ dinfo = drive_get(IF_SD, 0, 0);
+ if (!dinfo) {
+ fprintf(stderr, "qemu: missing SecureDigital device\n");
+ exit(1);
+ }
+ s->mmc = omap_mmc_init(0xfffb7800, system_memory, dinfo->bdrv,
+ qdev_get_gpio_in(s->ih[1], OMAP_INT_OQN),
+ &s->drq[OMAP_DMA_MMC_TX],
+ omap_findclk(s, "mmc_ck"));
+
+ s->mpuio = omap_mpuio_init(system_memory, 0xfffb5000,
+ qdev_get_gpio_in(s->ih[1], OMAP_INT_KEYBOARD),
+ qdev_get_gpio_in(s->ih[1], OMAP_INT_MPUIO),
+ s->wakeup, omap_findclk(s, "clk32-kHz"));
+
+ s->gpio = qdev_create(NULL, "omap-gpio");
+ qdev_prop_set_int32(s->gpio, "mpu_model", s->mpu_model);
+ qdev_prop_set_ptr(s->gpio, "clk", omap_findclk(s, "arm_gpio_ck"));
+ qdev_init_nofail(s->gpio);
+ sysbus_connect_irq(SYS_BUS_DEVICE(s->gpio), 0,
+ qdev_get_gpio_in(s->ih[0], OMAP_INT_GPIO_BANK1));
+ sysbus_mmio_map(SYS_BUS_DEVICE(s->gpio), 0, 0xfffce000);
+
+ s->microwire = omap_uwire_init(system_memory, 0xfffb3000,
+ qdev_get_gpio_in(s->ih[1], OMAP_INT_uWireTX),
+ qdev_get_gpio_in(s->ih[1], OMAP_INT_uWireRX),
+ s->drq[OMAP_DMA_UWIRE_TX], omap_findclk(s, "mpuper_ck"));
+
+ s->pwl = omap_pwl_init(system_memory, 0xfffb5800,
+ omap_findclk(s, "armxor_ck"));
+ s->pwt = omap_pwt_init(system_memory, 0xfffb6000,
+ omap_findclk(s, "armxor_ck"));
+
+ s->i2c[0] = qdev_create(NULL, "omap_i2c");
+ qdev_prop_set_uint8(s->i2c[0], "revision", 0x11);
+ qdev_prop_set_ptr(s->i2c[0], "fclk", omap_findclk(s, "mpuper_ck"));
+ qdev_init_nofail(s->i2c[0]);
+ busdev = SYS_BUS_DEVICE(s->i2c[0]);
+ sysbus_connect_irq(busdev, 0, qdev_get_gpio_in(s->ih[1], OMAP_INT_I2C));
+ sysbus_connect_irq(busdev, 1, s->drq[OMAP_DMA_I2C_TX]);
+ sysbus_connect_irq(busdev, 2, s->drq[OMAP_DMA_I2C_RX]);
+ sysbus_mmio_map(busdev, 0, 0xfffb3800);
+
+ s->rtc = omap_rtc_init(system_memory, 0xfffb4800,
+ qdev_get_gpio_in(s->ih[1], OMAP_INT_RTC_TIMER),
+ qdev_get_gpio_in(s->ih[1], OMAP_INT_RTC_ALARM),
+ omap_findclk(s, "clk32-kHz"));
+
+ s->mcbsp1 = omap_mcbsp_init(system_memory, 0xfffb1800,
+ qdev_get_gpio_in(s->ih[1], OMAP_INT_McBSP1TX),
+ qdev_get_gpio_in(s->ih[1], OMAP_INT_McBSP1RX),
+ &s->drq[OMAP_DMA_MCBSP1_TX], omap_findclk(s, "dspxor_ck"));
+ s->mcbsp2 = omap_mcbsp_init(system_memory, 0xfffb1000,
+ qdev_get_gpio_in(s->ih[0],
+ OMAP_INT_310_McBSP2_TX),
+ qdev_get_gpio_in(s->ih[0],
+ OMAP_INT_310_McBSP2_RX),
+ &s->drq[OMAP_DMA_MCBSP2_TX], omap_findclk(s, "mpuper_ck"));
+ s->mcbsp3 = omap_mcbsp_init(system_memory, 0xfffb7000,
+ qdev_get_gpio_in(s->ih[1], OMAP_INT_McBSP3TX),
+ qdev_get_gpio_in(s->ih[1], OMAP_INT_McBSP3RX),
+ &s->drq[OMAP_DMA_MCBSP3_TX], omap_findclk(s, "dspxor_ck"));
+
+ s->led[0] = omap_lpg_init(system_memory,
+ 0xfffbd000, omap_findclk(s, "clk32-kHz"));
+ s->led[1] = omap_lpg_init(system_memory,
+ 0xfffbd800, omap_findclk(s, "clk32-kHz"));
+
+ /* Register mappings not currenlty implemented:
+ * MCSI2 Comm fffb2000 - fffb27ff (not mapped on OMAP310)
+ * MCSI1 Bluetooth fffb2800 - fffb2fff (not mapped on OMAP310)
+ * USB W2FC fffb4000 - fffb47ff
+ * Camera Interface fffb6800 - fffb6fff
+ * USB Host fffba000 - fffba7ff
+ * FAC fffba800 - fffbafff
+ * HDQ/1-Wire fffbc000 - fffbc7ff
+ * TIPB switches fffbc800 - fffbcfff
+ * Mailbox fffcf000 - fffcf7ff
+ * Local bus IF fffec100 - fffec1ff
+ * Local bus MMU fffec200 - fffec2ff
+ * DSP MMU fffed200 - fffed2ff
+ */
+
+ omap_setup_dsp_mapping(system_memory, omap15xx_dsp_mm);
+ omap_setup_mpui_io(system_memory, s);
+
+ qemu_register_reset(omap1_mpu_reset, s);
+
+ return s;
+}
diff --git a/hw/arm/omap2.c b/hw/arm/omap2.c
new file mode 100644
index 000000000..ec9610b7d
--- /dev/null
+++ b/hw/arm/omap2.c
@@ -0,0 +1,2684 @@
+/*
+ * TI OMAP processors emulation.
+ *
+ * Copyright (C) 2007-2008 Nokia Corporation
+ * Written by Andrzej Zaborowski <andrew@openedhand.com>
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License as
+ * published by the Free Software Foundation; either version 2 or
+ * (at your option) version 3 of the License.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "sysemu/blockdev.h"
+#include "hw/hw.h"
+#include "hw/arm/arm.h"
+#include "hw/arm/omap.h"
+#include "sysemu/sysemu.h"
+#include "qemu/timer.h"
+#include "sysemu/char.h"
+#include "hw/block/flash.h"
+#include "hw/arm/soc_dma.h"
+#include "hw/sysbus.h"
+#include "audio/audio.h"
+
+/* Enhanced Audio Controller (CODEC only) */
+struct omap_eac_s {
+ qemu_irq irq;
+ MemoryRegion iomem;
+
+ uint16_t sysconfig;
+ uint8_t config[4];
+ uint8_t control;
+ uint8_t address;
+ uint16_t data;
+ uint8_t vtol;
+ uint8_t vtsl;
+ uint16_t mixer;
+ uint16_t gain[4];
+ uint8_t att;
+ uint16_t max[7];
+
+ struct {
+ qemu_irq txdrq;
+ qemu_irq rxdrq;
+ uint32_t (*txrx)(void *opaque, uint32_t, int);
+ void *opaque;
+
+#define EAC_BUF_LEN 1024
+ uint32_t rxbuf[EAC_BUF_LEN];
+ int rxoff;
+ int rxlen;
+ int rxavail;
+ uint32_t txbuf[EAC_BUF_LEN];
+ int txlen;
+ int txavail;
+
+ int enable;
+ int rate;
+
+ uint16_t config[4];
+
+ /* These need to be moved to the actual codec */
+ QEMUSoundCard card;
+ SWVoiceIn *in_voice;
+ SWVoiceOut *out_voice;
+ int hw_enable;
+ } codec;
+
+ struct {
+ uint8_t control;
+ uint16_t config;
+ } modem, bt;
+};
+
+static inline void omap_eac_interrupt_update(struct omap_eac_s *s)
+{
+ qemu_set_irq(s->irq, (s->codec.config[1] >> 14) & 1); /* AURDI */
+}
+
+static inline void omap_eac_in_dmarequest_update(struct omap_eac_s *s)
+{
+ qemu_set_irq(s->codec.rxdrq, (s->codec.rxavail || s->codec.rxlen) &&
+ ((s->codec.config[1] >> 12) & 1)); /* DMAREN */
+}
+
+static inline void omap_eac_out_dmarequest_update(struct omap_eac_s *s)
+{
+ qemu_set_irq(s->codec.txdrq, s->codec.txlen < s->codec.txavail &&
+ ((s->codec.config[1] >> 11) & 1)); /* DMAWEN */
+}
+
+static inline void omap_eac_in_refill(struct omap_eac_s *s)
+{
+ int left = MIN(EAC_BUF_LEN - s->codec.rxlen, s->codec.rxavail) << 2;
+ int start = ((s->codec.rxoff + s->codec.rxlen) & (EAC_BUF_LEN - 1)) << 2;
+ int leftwrap = MIN(left, (EAC_BUF_LEN << 2) - start);
+ int recv = 1;
+ uint8_t *buf = (uint8_t *) s->codec.rxbuf + start;
+
+ left -= leftwrap;
+ start = 0;
+ while (leftwrap && (recv = AUD_read(s->codec.in_voice, buf + start,
+ leftwrap)) > 0) { /* Be defensive */
+ start += recv;
+ leftwrap -= recv;
+ }
+ if (recv <= 0)
+ s->codec.rxavail = 0;
+ else
+ s->codec.rxavail -= start >> 2;
+ s->codec.rxlen += start >> 2;
+
+ if (recv > 0 && left > 0) {
+ start = 0;
+ while (left && (recv = AUD_read(s->codec.in_voice,
+ (uint8_t *) s->codec.rxbuf + start,
+ left)) > 0) { /* Be defensive */
+ start += recv;
+ left -= recv;
+ }
+ if (recv <= 0)
+ s->codec.rxavail = 0;
+ else
+ s->codec.rxavail -= start >> 2;
+ s->codec.rxlen += start >> 2;
+ }
+}
+
+static inline void omap_eac_out_empty(struct omap_eac_s *s)
+{
+ int left = s->codec.txlen << 2;
+ int start = 0;
+ int sent = 1;
+
+ while (left && (sent = AUD_write(s->codec.out_voice,
+ (uint8_t *) s->codec.txbuf + start,
+ left)) > 0) { /* Be defensive */
+ start += sent;
+ left -= sent;
+ }
+
+ if (!sent) {
+ s->codec.txavail = 0;
+ omap_eac_out_dmarequest_update(s);
+ }
+
+ if (start)
+ s->codec.txlen = 0;
+}
+
+static void omap_eac_in_cb(void *opaque, int avail_b)
+{
+ struct omap_eac_s *s = (struct omap_eac_s *) opaque;
+
+ s->codec.rxavail = avail_b >> 2;
+ omap_eac_in_refill(s);
+ /* TODO: possibly discard current buffer if overrun */
+ omap_eac_in_dmarequest_update(s);
+}
+
+static void omap_eac_out_cb(void *opaque, int free_b)
+{
+ struct omap_eac_s *s = (struct omap_eac_s *) opaque;
+
+ s->codec.txavail = free_b >> 2;
+ if (s->codec.txlen)
+ omap_eac_out_empty(s);
+ else
+ omap_eac_out_dmarequest_update(s);
+}
+
+static void omap_eac_enable_update(struct omap_eac_s *s)
+{
+ s->codec.enable = !(s->codec.config[1] & 1) && /* EACPWD */
+ (s->codec.config[1] & 2) && /* AUDEN */
+ s->codec.hw_enable;
+}
+
+static const int omap_eac_fsint[4] = {
+ 8000,
+ 11025,
+ 22050,
+ 44100,
+};
+
+static const int omap_eac_fsint2[8] = {
+ 8000,
+ 11025,
+ 22050,
+ 44100,
+ 48000,
+ 0, 0, 0,
+};
+
+static const int omap_eac_fsint3[16] = {
+ 8000,
+ 11025,
+ 16000,
+ 22050,
+ 24000,
+ 32000,
+ 44100,
+ 48000,
+ 0, 0, 0, 0, 0, 0, 0, 0,
+};
+
+static void omap_eac_rate_update(struct omap_eac_s *s)
+{
+ int fsint[3];
+
+ fsint[2] = (s->codec.config[3] >> 9) & 0xf;
+ fsint[1] = (s->codec.config[2] >> 0) & 0x7;
+ fsint[0] = (s->codec.config[0] >> 6) & 0x3;
+ if (fsint[2] < 0xf)
+ s->codec.rate = omap_eac_fsint3[fsint[2]];
+ else if (fsint[1] < 0x7)
+ s->codec.rate = omap_eac_fsint2[fsint[1]];
+ else
+ s->codec.rate = omap_eac_fsint[fsint[0]];
+}
+
+static void omap_eac_volume_update(struct omap_eac_s *s)
+{
+ /* TODO */
+}
+
+static void omap_eac_format_update(struct omap_eac_s *s)
+{
+ struct audsettings fmt;
+
+ /* The hardware buffers at most one sample */
+ if (s->codec.rxlen)
+ s->codec.rxlen = 1;
+
+ if (s->codec.in_voice) {
+ AUD_set_active_in(s->codec.in_voice, 0);
+ AUD_close_in(&s->codec.card, s->codec.in_voice);
+ s->codec.in_voice = NULL;
+ }
+ if (s->codec.out_voice) {
+ omap_eac_out_empty(s);
+ AUD_set_active_out(s->codec.out_voice, 0);
+ AUD_close_out(&s->codec.card, s->codec.out_voice);
+ s->codec.out_voice = NULL;
+ s->codec.txavail = 0;
+ }
+ /* Discard what couldn't be written */
+ s->codec.txlen = 0;
+
+ omap_eac_enable_update(s);
+ if (!s->codec.enable)
+ return;
+
+ omap_eac_rate_update(s);
+ fmt.endianness = ((s->codec.config[0] >> 8) & 1); /* LI_BI */
+ fmt.nchannels = ((s->codec.config[0] >> 10) & 1) ? 2 : 1; /* MN_ST */
+ fmt.freq = s->codec.rate;
+ /* TODO: signedness possibly depends on the CODEC hardware - or
+ * does I2S specify it? */
+ /* All register writes are 16 bits so we we store 16-bit samples
+ * in the buffers regardless of AGCFR[B8_16] value. */
+ fmt.fmt = AUD_FMT_U16;
+
+ s->codec.in_voice = AUD_open_in(&s->codec.card, s->codec.in_voice,
+ "eac.codec.in", s, omap_eac_in_cb, &fmt);
+ s->codec.out_voice = AUD_open_out(&s->codec.card, s->codec.out_voice,
+ "eac.codec.out", s, omap_eac_out_cb, &fmt);
+
+ omap_eac_volume_update(s);
+
+ AUD_set_active_in(s->codec.in_voice, 1);
+ AUD_set_active_out(s->codec.out_voice, 1);
+}
+
+static void omap_eac_reset(struct omap_eac_s *s)
+{
+ s->sysconfig = 0;
+ s->config[0] = 0x0c;
+ s->config[1] = 0x09;
+ s->config[2] = 0xab;
+ s->config[3] = 0x03;
+ s->control = 0x00;
+ s->address = 0x00;
+ s->data = 0x0000;
+ s->vtol = 0x00;
+ s->vtsl = 0x00;
+ s->mixer = 0x0000;
+ s->gain[0] = 0xe7e7;
+ s->gain[1] = 0x6767;
+ s->gain[2] = 0x6767;
+ s->gain[3] = 0x6767;
+ s->att = 0xce;
+ s->max[0] = 0;
+ s->max[1] = 0;
+ s->max[2] = 0;
+ s->max[3] = 0;
+ s->max[4] = 0;
+ s->max[5] = 0;
+ s->max[6] = 0;
+
+ s->modem.control = 0x00;
+ s->modem.config = 0x0000;
+ s->bt.control = 0x00;
+ s->bt.config = 0x0000;
+ s->codec.config[0] = 0x0649;
+ s->codec.config[1] = 0x0000;
+ s->codec.config[2] = 0x0007;
+ s->codec.config[3] = 0x1ffc;
+ s->codec.rxoff = 0;
+ s->codec.rxlen = 0;
+ s->codec.txlen = 0;
+ s->codec.rxavail = 0;
+ s->codec.txavail = 0;
+
+ omap_eac_format_update(s);
+ omap_eac_interrupt_update(s);
+}
+
+static uint64_t omap_eac_read(void *opaque, hwaddr addr,
+ unsigned size)
+{
+ struct omap_eac_s *s = (struct omap_eac_s *) opaque;
+ uint32_t ret;
+
+ if (size != 2) {
+ return omap_badwidth_read16(opaque, addr);
+ }
+
+ switch (addr) {
+ case 0x000: /* CPCFR1 */
+ return s->config[0];
+ case 0x004: /* CPCFR2 */
+ return s->config[1];
+ case 0x008: /* CPCFR3 */
+ return s->config[2];
+ case 0x00c: /* CPCFR4 */
+ return s->config[3];
+
+ case 0x010: /* CPTCTL */
+ return s->control | ((s->codec.rxavail + s->codec.rxlen > 0) << 7) |
+ ((s->codec.txlen < s->codec.txavail) << 5);
+
+ case 0x014: /* CPTTADR */
+ return s->address;
+ case 0x018: /* CPTDATL */
+ return s->data & 0xff;
+ case 0x01c: /* CPTDATH */
+ return s->data >> 8;
+ case 0x020: /* CPTVSLL */
+ return s->vtol;
+ case 0x024: /* CPTVSLH */
+ return s->vtsl | (3 << 5); /* CRDY1 | CRDY2 */
+ case 0x040: /* MPCTR */
+ return s->modem.control;
+ case 0x044: /* MPMCCFR */
+ return s->modem.config;
+ case 0x060: /* BPCTR */
+ return s->bt.control;
+ case 0x064: /* BPMCCFR */
+ return s->bt.config;
+ case 0x080: /* AMSCFR */
+ return s->mixer;
+ case 0x084: /* AMVCTR */
+ return s->gain[0];
+ case 0x088: /* AM1VCTR */
+ return s->gain[1];
+ case 0x08c: /* AM2VCTR */
+ return s->gain[2];
+ case 0x090: /* AM3VCTR */
+ return s->gain[3];
+ case 0x094: /* ASTCTR */
+ return s->att;
+ case 0x098: /* APD1LCR */
+ return s->max[0];
+ case 0x09c: /* APD1RCR */
+ return s->max[1];
+ case 0x0a0: /* APD2LCR */
+ return s->max[2];
+ case 0x0a4: /* APD2RCR */
+ return s->max[3];
+ case 0x0a8: /* APD3LCR */
+ return s->max[4];
+ case 0x0ac: /* APD3RCR */
+ return s->max[5];
+ case 0x0b0: /* APD4R */
+ return s->max[6];
+ case 0x0b4: /* ADWR */
+ /* This should be write-only? Docs list it as read-only. */
+ return 0x0000;
+ case 0x0b8: /* ADRDR */
+ if (likely(s->codec.rxlen > 1)) {
+ ret = s->codec.rxbuf[s->codec.rxoff ++];
+ s->codec.rxlen --;
+ s->codec.rxoff &= EAC_BUF_LEN - 1;
+ return ret;
+ } else if (s->codec.rxlen) {
+ ret = s->codec.rxbuf[s->codec.rxoff ++];
+ s->codec.rxlen --;
+ s->codec.rxoff &= EAC_BUF_LEN - 1;
+ if (s->codec.rxavail)
+ omap_eac_in_refill(s);
+ omap_eac_in_dmarequest_update(s);
+ return ret;
+ }
+ return 0x0000;
+ case 0x0bc: /* AGCFR */
+ return s->codec.config[0];
+ case 0x0c0: /* AGCTR */
+ return s->codec.config[1] | ((s->codec.config[1] & 2) << 14);
+ case 0x0c4: /* AGCFR2 */
+ return s->codec.config[2];
+ case 0x0c8: /* AGCFR3 */
+ return s->codec.config[3];
+ case 0x0cc: /* MBPDMACTR */
+ case 0x0d0: /* MPDDMARR */
+ case 0x0d8: /* MPUDMARR */
+ case 0x0e4: /* BPDDMARR */
+ case 0x0ec: /* BPUDMARR */
+ return 0x0000;
+
+ case 0x100: /* VERSION_NUMBER */
+ return 0x0010;
+
+ case 0x104: /* SYSCONFIG */
+ return s->sysconfig;
+
+ case 0x108: /* SYSSTATUS */
+ return 1 | 0xe; /* RESETDONE | stuff */
+ }
+
+ OMAP_BAD_REG(addr);
+ return 0;
+}
+
+static void omap_eac_write(void *opaque, hwaddr addr,
+ uint64_t value, unsigned size)
+{
+ struct omap_eac_s *s = (struct omap_eac_s *) opaque;
+
+ if (size != 2) {
+ return omap_badwidth_write16(opaque, addr, value);
+ }
+
+ switch (addr) {
+ case 0x098: /* APD1LCR */
+ case 0x09c: /* APD1RCR */
+ case 0x0a0: /* APD2LCR */
+ case 0x0a4: /* APD2RCR */
+ case 0x0a8: /* APD3LCR */
+ case 0x0ac: /* APD3RCR */
+ case 0x0b0: /* APD4R */
+ case 0x0b8: /* ADRDR */
+ case 0x0d0: /* MPDDMARR */
+ case 0x0d8: /* MPUDMARR */
+ case 0x0e4: /* BPDDMARR */
+ case 0x0ec: /* BPUDMARR */
+ case 0x100: /* VERSION_NUMBER */
+ case 0x108: /* SYSSTATUS */
+ OMAP_RO_REG(addr);
+ return;
+
+ case 0x000: /* CPCFR1 */
+ s->config[0] = value & 0xff;
+ omap_eac_format_update(s);
+ break;
+ case 0x004: /* CPCFR2 */
+ s->config[1] = value & 0xff;
+ omap_eac_format_update(s);
+ break;
+ case 0x008: /* CPCFR3 */
+ s->config[2] = value & 0xff;
+ omap_eac_format_update(s);
+ break;
+ case 0x00c: /* CPCFR4 */
+ s->config[3] = value & 0xff;
+ omap_eac_format_update(s);
+ break;
+
+ case 0x010: /* CPTCTL */
+ /* Assuming TXF and TXE bits are read-only... */
+ s->control = value & 0x5f;
+ omap_eac_interrupt_update(s);
+ break;
+
+ case 0x014: /* CPTTADR */
+ s->address = value & 0xff;
+ break;
+ case 0x018: /* CPTDATL */
+ s->data &= 0xff00;
+ s->data |= value & 0xff;
+ break;
+ case 0x01c: /* CPTDATH */
+ s->data &= 0x00ff;
+ s->data |= value << 8;
+ break;
+ case 0x020: /* CPTVSLL */
+ s->vtol = value & 0xf8;
+ break;
+ case 0x024: /* CPTVSLH */
+ s->vtsl = value & 0x9f;
+ break;
+ case 0x040: /* MPCTR */
+ s->modem.control = value & 0x8f;
+ break;
+ case 0x044: /* MPMCCFR */
+ s->modem.config = value & 0x7fff;
+ break;
+ case 0x060: /* BPCTR */
+ s->bt.control = value & 0x8f;
+ break;
+ case 0x064: /* BPMCCFR */
+ s->bt.config = value & 0x7fff;
+ break;
+ case 0x080: /* AMSCFR */
+ s->mixer = value & 0x0fff;
+ break;
+ case 0x084: /* AMVCTR */
+ s->gain[0] = value & 0xffff;
+ break;
+ case 0x088: /* AM1VCTR */
+ s->gain[1] = value & 0xff7f;
+ break;
+ case 0x08c: /* AM2VCTR */
+ s->gain[2] = value & 0xff7f;
+ break;
+ case 0x090: /* AM3VCTR */
+ s->gain[3] = value & 0xff7f;
+ break;
+ case 0x094: /* ASTCTR */
+ s->att = value & 0xff;
+ break;
+
+ case 0x0b4: /* ADWR */
+ s->codec.txbuf[s->codec.txlen ++] = value;
+ if (unlikely(s->codec.txlen == EAC_BUF_LEN ||
+ s->codec.txlen == s->codec.txavail)) {
+ if (s->codec.txavail)
+ omap_eac_out_empty(s);
+ /* Discard what couldn't be written */
+ s->codec.txlen = 0;
+ }
+ break;
+
+ case 0x0bc: /* AGCFR */
+ s->codec.config[0] = value & 0x07ff;
+ omap_eac_format_update(s);
+ break;
+ case 0x0c0: /* AGCTR */
+ s->codec.config[1] = value & 0x780f;
+ omap_eac_format_update(s);
+ break;
+ case 0x0c4: /* AGCFR2 */
+ s->codec.config[2] = value & 0x003f;
+ omap_eac_format_update(s);
+ break;
+ case 0x0c8: /* AGCFR3 */
+ s->codec.config[3] = value & 0xffff;
+ omap_eac_format_update(s);
+ break;
+ case 0x0cc: /* MBPDMACTR */
+ case 0x0d4: /* MPDDMAWR */
+ case 0x0e0: /* MPUDMAWR */
+ case 0x0e8: /* BPDDMAWR */
+ case 0x0f0: /* BPUDMAWR */
+ break;
+
+ case 0x104: /* SYSCONFIG */
+ if (value & (1 << 1)) /* SOFTRESET */
+ omap_eac_reset(s);
+ s->sysconfig = value & 0x31d;
+ break;
+
+ default:
+ OMAP_BAD_REG(addr);
+ return;
+ }
+}
+
+static const MemoryRegionOps omap_eac_ops = {
+ .read = omap_eac_read,
+ .write = omap_eac_write,
+ .endianness = DEVICE_NATIVE_ENDIAN,
+};
+
+static struct omap_eac_s *omap_eac_init(struct omap_target_agent_s *ta,
+ qemu_irq irq, qemu_irq *drq, omap_clk fclk, omap_clk iclk)
+{
+ struct omap_eac_s *s = (struct omap_eac_s *)
+ g_malloc0(sizeof(struct omap_eac_s));
+
+ s->irq = irq;
+ s->codec.rxdrq = *drq ++;
+ s->codec.txdrq = *drq;
+ omap_eac_reset(s);
+
+ AUD_register_card("OMAP EAC", &s->codec.card);
+
+ memory_region_init_io(&s->iomem, NULL, &omap_eac_ops, s, "omap.eac",
+ omap_l4_region_size(ta, 0));
+ omap_l4_attach(ta, 0, &s->iomem);
+
+ return s;
+}
+
+/* STI/XTI (emulation interface) console - reverse engineered only */
+struct omap_sti_s {
+ qemu_irq irq;
+ MemoryRegion iomem;
+ MemoryRegion iomem_fifo;
+ CharDriverState *chr;
+
+ uint32_t sysconfig;
+ uint32_t systest;
+ uint32_t irqst;
+ uint32_t irqen;
+ uint32_t clkcontrol;
+ uint32_t serial_config;
+};
+
+#define STI_TRACE_CONSOLE_CHANNEL 239
+#define STI_TRACE_CONTROL_CHANNEL 253
+
+static inline void omap_sti_interrupt_update(struct omap_sti_s *s)
+{
+ qemu_set_irq(s->irq, s->irqst & s->irqen);
+}
+
+static void omap_sti_reset(struct omap_sti_s *s)
+{
+ s->sysconfig = 0;
+ s->irqst = 0;
+ s->irqen = 0;
+ s->clkcontrol = 0;
+ s->serial_config = 0;
+
+ omap_sti_interrupt_update(s);
+}
+
+static uint64_t omap_sti_read(void *opaque, hwaddr addr,
+ unsigned size)
+{
+ struct omap_sti_s *s = (struct omap_sti_s *) opaque;
+
+ if (size != 4) {
+ return omap_badwidth_read32(opaque, addr);
+ }
+
+ switch (addr) {
+ case 0x00: /* STI_REVISION */
+ return 0x10;
+
+ case 0x10: /* STI_SYSCONFIG */
+ return s->sysconfig;
+
+ case 0x14: /* STI_SYSSTATUS / STI_RX_STATUS / XTI_SYSSTATUS */
+ return 0x00;
+
+ case 0x18: /* STI_IRQSTATUS */
+ return s->irqst;
+
+ case 0x1c: /* STI_IRQSETEN / STI_IRQCLREN */
+ return s->irqen;
+
+ case 0x24: /* STI_ER / STI_DR / XTI_TRACESELECT */
+ case 0x28: /* STI_RX_DR / XTI_RXDATA */
+ /* TODO */
+ return 0;
+
+ case 0x2c: /* STI_CLK_CTRL / XTI_SCLKCRTL */
+ return s->clkcontrol;
+
+ case 0x30: /* STI_SERIAL_CFG / XTI_SCONFIG */
+ return s->serial_config;
+ }
+
+ OMAP_BAD_REG(addr);
+ return 0;
+}
+
+static void omap_sti_write(void *opaque, hwaddr addr,
+ uint64_t value, unsigned size)
+{
+ struct omap_sti_s *s = (struct omap_sti_s *) opaque;
+
+ if (size != 4) {
+ return omap_badwidth_write32(opaque, addr, value);
+ }
+
+ switch (addr) {
+ case 0x00: /* STI_REVISION */
+ case 0x14: /* STI_SYSSTATUS / STI_RX_STATUS / XTI_SYSSTATUS */
+ OMAP_RO_REG(addr);
+ return;
+
+ case 0x10: /* STI_SYSCONFIG */
+ if (value & (1 << 1)) /* SOFTRESET */
+ omap_sti_reset(s);
+ s->sysconfig = value & 0xfe;
+ break;
+
+ case 0x18: /* STI_IRQSTATUS */
+ s->irqst &= ~value;
+ omap_sti_interrupt_update(s);
+ break;
+
+ case 0x1c: /* STI_IRQSETEN / STI_IRQCLREN */
+ s->irqen = value & 0xffff;
+ omap_sti_interrupt_update(s);
+ break;
+
+ case 0x2c: /* STI_CLK_CTRL / XTI_SCLKCRTL */
+ s->clkcontrol = value & 0xff;
+ break;
+
+ case 0x30: /* STI_SERIAL_CFG / XTI_SCONFIG */
+ s->serial_config = value & 0xff;
+ break;
+
+ case 0x24: /* STI_ER / STI_DR / XTI_TRACESELECT */
+ case 0x28: /* STI_RX_DR / XTI_RXDATA */
+ /* TODO */
+ return;
+
+ default:
+ OMAP_BAD_REG(addr);
+ return;
+ }
+}
+
+static const MemoryRegionOps omap_sti_ops = {
+ .read = omap_sti_read,
+ .write = omap_sti_write,
+ .endianness = DEVICE_NATIVE_ENDIAN,
+};
+
+static uint64_t omap_sti_fifo_read(void *opaque, hwaddr addr,
+ unsigned size)
+{
+ OMAP_BAD_REG(addr);
+ return 0;
+}
+
+static void omap_sti_fifo_write(void *opaque, hwaddr addr,
+ uint64_t value, unsigned size)
+{
+ struct omap_sti_s *s = (struct omap_sti_s *) opaque;
+ int ch = addr >> 6;
+ uint8_t byte = value;
+
+ if (size != 1) {
+ return omap_badwidth_write8(opaque, addr, size);
+ }
+
+ if (ch == STI_TRACE_CONTROL_CHANNEL) {
+ /* Flush channel <i>value</i>. */
+ qemu_chr_fe_write(s->chr, (const uint8_t *) "\r", 1);
+ } else if (ch == STI_TRACE_CONSOLE_CHANNEL || 1) {
+ if (value == 0xc0 || value == 0xc3) {
+ /* Open channel <i>ch</i>. */
+ } else if (value == 0x00)
+ qemu_chr_fe_write(s->chr, (const uint8_t *) "\n", 1);
+ else
+ qemu_chr_fe_write(s->chr, &byte, 1);
+ }
+}
+
+static const MemoryRegionOps omap_sti_fifo_ops = {
+ .read = omap_sti_fifo_read,
+ .write = omap_sti_fifo_write,
+ .endianness = DEVICE_NATIVE_ENDIAN,
+};
+
+static struct omap_sti_s *omap_sti_init(struct omap_target_agent_s *ta,
+ MemoryRegion *sysmem,
+ hwaddr channel_base, qemu_irq irq, omap_clk clk,
+ CharDriverState *chr)
+{
+ struct omap_sti_s *s = (struct omap_sti_s *)
+ g_malloc0(sizeof(struct omap_sti_s));
+
+ s->irq = irq;
+ omap_sti_reset(s);
+
+ s->chr = chr ?: qemu_chr_new("null", "null", NULL);
+
+ memory_region_init_io(&s->iomem, NULL, &omap_sti_ops, s, "omap.sti",
+ omap_l4_region_size(ta, 0));
+ omap_l4_attach(ta, 0, &s->iomem);
+
+ memory_region_init_io(&s->iomem_fifo, NULL, &omap_sti_fifo_ops, s,
+ "omap.sti.fifo", 0x10000);
+ memory_region_add_subregion(sysmem, channel_base, &s->iomem_fifo);
+
+ return s;
+}
+
+/* L4 Interconnect */
+#define L4TA(n) (n)
+#define L4TAO(n) ((n) + 39)
+
+static const struct omap_l4_region_s omap_l4_region[125] = {
+ [ 1] = { 0x40800, 0x800, 32 }, /* Initiator agent */
+ [ 2] = { 0x41000, 0x1000, 32 }, /* Link agent */
+ [ 0] = { 0x40000, 0x800, 32 }, /* Address and protection */
+ [ 3] = { 0x00000, 0x1000, 32 | 16 | 8 }, /* System Control and Pinout */
+ [ 4] = { 0x01000, 0x1000, 32 | 16 | 8 }, /* L4TAO1 */
+ [ 5] = { 0x04000, 0x1000, 32 | 16 }, /* 32K Timer */
+ [ 6] = { 0x05000, 0x1000, 32 | 16 | 8 }, /* L4TAO2 */
+ [ 7] = { 0x08000, 0x800, 32 }, /* PRCM Region A */
+ [ 8] = { 0x08800, 0x800, 32 }, /* PRCM Region B */
+ [ 9] = { 0x09000, 0x1000, 32 | 16 | 8 }, /* L4TAO */
+ [ 10] = { 0x12000, 0x1000, 32 | 16 | 8 }, /* Test (BCM) */
+ [ 11] = { 0x13000, 0x1000, 32 | 16 | 8 }, /* L4TA1 */
+ [ 12] = { 0x14000, 0x1000, 32 }, /* Test/emulation (TAP) */
+ [ 13] = { 0x15000, 0x1000, 32 | 16 | 8 }, /* L4TA2 */
+ [ 14] = { 0x18000, 0x1000, 32 | 16 | 8 }, /* GPIO1 */
+ [ 16] = { 0x1a000, 0x1000, 32 | 16 | 8 }, /* GPIO2 */
+ [ 18] = { 0x1c000, 0x1000, 32 | 16 | 8 }, /* GPIO3 */
+ [ 19] = { 0x1e000, 0x1000, 32 | 16 | 8 }, /* GPIO4 */
+ [ 15] = { 0x19000, 0x1000, 32 | 16 | 8 }, /* Quad GPIO TOP */
+ [ 17] = { 0x1b000, 0x1000, 32 | 16 | 8 }, /* L4TA3 */
+ [ 20] = { 0x20000, 0x1000, 32 | 16 | 8 }, /* WD Timer 1 (Secure) */
+ [ 22] = { 0x22000, 0x1000, 32 | 16 | 8 }, /* WD Timer 2 (OMAP) */
+ [ 21] = { 0x21000, 0x1000, 32 | 16 | 8 }, /* Dual WD timer TOP */
+ [ 23] = { 0x23000, 0x1000, 32 | 16 | 8 }, /* L4TA4 */
+ [ 24] = { 0x28000, 0x1000, 32 | 16 | 8 }, /* GP Timer 1 */
+ [ 25] = { 0x29000, 0x1000, 32 | 16 | 8 }, /* L4TA7 */
+ [ 26] = { 0x48000, 0x2000, 32 | 16 | 8 }, /* Emulation (ARM11ETB) */
+ [ 27] = { 0x4a000, 0x1000, 32 | 16 | 8 }, /* L4TA9 */
+ [ 28] = { 0x50000, 0x400, 32 | 16 | 8 }, /* Display top */
+ [ 29] = { 0x50400, 0x400, 32 | 16 | 8 }, /* Display control */
+ [ 30] = { 0x50800, 0x400, 32 | 16 | 8 }, /* Display RFBI */
+ [ 31] = { 0x50c00, 0x400, 32 | 16 | 8 }, /* Display encoder */
+ [ 32] = { 0x51000, 0x1000, 32 | 16 | 8 }, /* L4TA10 */
+ [ 33] = { 0x52000, 0x400, 32 | 16 | 8 }, /* Camera top */
+ [ 34] = { 0x52400, 0x400, 32 | 16 | 8 }, /* Camera core */
+ [ 35] = { 0x52800, 0x400, 32 | 16 | 8 }, /* Camera DMA */
+ [ 36] = { 0x52c00, 0x400, 32 | 16 | 8 }, /* Camera MMU */
+ [ 37] = { 0x53000, 0x1000, 32 | 16 | 8 }, /* L4TA11 */
+ [ 38] = { 0x56000, 0x1000, 32 | 16 | 8 }, /* sDMA */
+ [ 39] = { 0x57000, 0x1000, 32 | 16 | 8 }, /* L4TA12 */
+ [ 40] = { 0x58000, 0x1000, 32 | 16 | 8 }, /* SSI top */
+ [ 41] = { 0x59000, 0x1000, 32 | 16 | 8 }, /* SSI GDD */
+ [ 42] = { 0x5a000, 0x1000, 32 | 16 | 8 }, /* SSI Port1 */
+ [ 43] = { 0x5b000, 0x1000, 32 | 16 | 8 }, /* SSI Port2 */
+ [ 44] = { 0x5c000, 0x1000, 32 | 16 | 8 }, /* L4TA13 */
+ [ 45] = { 0x5e000, 0x1000, 32 | 16 | 8 }, /* USB OTG */
+ [ 46] = { 0x5f000, 0x1000, 32 | 16 | 8 }, /* L4TAO4 */
+ [ 47] = { 0x60000, 0x1000, 32 | 16 | 8 }, /* Emulation (WIN_TRACER1SDRC) */
+ [ 48] = { 0x61000, 0x1000, 32 | 16 | 8 }, /* L4TA14 */
+ [ 49] = { 0x62000, 0x1000, 32 | 16 | 8 }, /* Emulation (WIN_TRACER2GPMC) */
+ [ 50] = { 0x63000, 0x1000, 32 | 16 | 8 }, /* L4TA15 */
+ [ 51] = { 0x64000, 0x1000, 32 | 16 | 8 }, /* Emulation (WIN_TRACER3OCM) */
+ [ 52] = { 0x65000, 0x1000, 32 | 16 | 8 }, /* L4TA16 */
+ [ 53] = { 0x66000, 0x300, 32 | 16 | 8 }, /* Emulation (WIN_TRACER4L4) */
+ [ 54] = { 0x67000, 0x1000, 32 | 16 | 8 }, /* L4TA17 */
+ [ 55] = { 0x68000, 0x1000, 32 | 16 | 8 }, /* Emulation (XTI) */
+ [ 56] = { 0x69000, 0x1000, 32 | 16 | 8 }, /* L4TA18 */
+ [ 57] = { 0x6a000, 0x1000, 16 | 8 }, /* UART1 */
+ [ 58] = { 0x6b000, 0x1000, 32 | 16 | 8 }, /* L4TA19 */
+ [ 59] = { 0x6c000, 0x1000, 16 | 8 }, /* UART2 */
+ [ 60] = { 0x6d000, 0x1000, 32 | 16 | 8 }, /* L4TA20 */
+ [ 61] = { 0x6e000, 0x1000, 16 | 8 }, /* UART3 */
+ [ 62] = { 0x6f000, 0x1000, 32 | 16 | 8 }, /* L4TA21 */
+ [ 63] = { 0x70000, 0x1000, 16 }, /* I2C1 */
+ [ 64] = { 0x71000, 0x1000, 32 | 16 | 8 }, /* L4TAO5 */
+ [ 65] = { 0x72000, 0x1000, 16 }, /* I2C2 */
+ [ 66] = { 0x73000, 0x1000, 32 | 16 | 8 }, /* L4TAO6 */
+ [ 67] = { 0x74000, 0x1000, 16 }, /* McBSP1 */
+ [ 68] = { 0x75000, 0x1000, 32 | 16 | 8 }, /* L4TAO7 */
+ [ 69] = { 0x76000, 0x1000, 16 }, /* McBSP2 */
+ [ 70] = { 0x77000, 0x1000, 32 | 16 | 8 }, /* L4TAO8 */
+ [ 71] = { 0x24000, 0x1000, 32 | 16 | 8 }, /* WD Timer 3 (DSP) */
+ [ 72] = { 0x25000, 0x1000, 32 | 16 | 8 }, /* L4TA5 */
+ [ 73] = { 0x26000, 0x1000, 32 | 16 | 8 }, /* WD Timer 4 (IVA) */
+ [ 74] = { 0x27000, 0x1000, 32 | 16 | 8 }, /* L4TA6 */
+ [ 75] = { 0x2a000, 0x1000, 32 | 16 | 8 }, /* GP Timer 2 */
+ [ 76] = { 0x2b000, 0x1000, 32 | 16 | 8 }, /* L4TA8 */
+ [ 77] = { 0x78000, 0x1000, 32 | 16 | 8 }, /* GP Timer 3 */
+ [ 78] = { 0x79000, 0x1000, 32 | 16 | 8 }, /* L4TA22 */
+ [ 79] = { 0x7a000, 0x1000, 32 | 16 | 8 }, /* GP Timer 4 */
+ [ 80] = { 0x7b000, 0x1000, 32 | 16 | 8 }, /* L4TA23 */
+ [ 81] = { 0x7c000, 0x1000, 32 | 16 | 8 }, /* GP Timer 5 */
+ [ 82] = { 0x7d000, 0x1000, 32 | 16 | 8 }, /* L4TA24 */
+ [ 83] = { 0x7e000, 0x1000, 32 | 16 | 8 }, /* GP Timer 6 */
+ [ 84] = { 0x7f000, 0x1000, 32 | 16 | 8 }, /* L4TA25 */
+ [ 85] = { 0x80000, 0x1000, 32 | 16 | 8 }, /* GP Timer 7 */
+ [ 86] = { 0x81000, 0x1000, 32 | 16 | 8 }, /* L4TA26 */
+ [ 87] = { 0x82000, 0x1000, 32 | 16 | 8 }, /* GP Timer 8 */
+ [ 88] = { 0x83000, 0x1000, 32 | 16 | 8 }, /* L4TA27 */
+ [ 89] = { 0x84000, 0x1000, 32 | 16 | 8 }, /* GP Timer 9 */
+ [ 90] = { 0x85000, 0x1000, 32 | 16 | 8 }, /* L4TA28 */
+ [ 91] = { 0x86000, 0x1000, 32 | 16 | 8 }, /* GP Timer 10 */
+ [ 92] = { 0x87000, 0x1000, 32 | 16 | 8 }, /* L4TA29 */
+ [ 93] = { 0x88000, 0x1000, 32 | 16 | 8 }, /* GP Timer 11 */
+ [ 94] = { 0x89000, 0x1000, 32 | 16 | 8 }, /* L4TA30 */
+ [ 95] = { 0x8a000, 0x1000, 32 | 16 | 8 }, /* GP Timer 12 */
+ [ 96] = { 0x8b000, 0x1000, 32 | 16 | 8 }, /* L4TA31 */
+ [ 97] = { 0x90000, 0x1000, 16 }, /* EAC */
+ [ 98] = { 0x91000, 0x1000, 32 | 16 | 8 }, /* L4TA32 */
+ [ 99] = { 0x92000, 0x1000, 16 }, /* FAC */
+ [100] = { 0x93000, 0x1000, 32 | 16 | 8 }, /* L4TA33 */
+ [101] = { 0x94000, 0x1000, 32 | 16 | 8 }, /* IPC (MAILBOX) */
+ [102] = { 0x95000, 0x1000, 32 | 16 | 8 }, /* L4TA34 */
+ [103] = { 0x98000, 0x1000, 32 | 16 | 8 }, /* SPI1 */
+ [104] = { 0x99000, 0x1000, 32 | 16 | 8 }, /* L4TA35 */
+ [105] = { 0x9a000, 0x1000, 32 | 16 | 8 }, /* SPI2 */
+ [106] = { 0x9b000, 0x1000, 32 | 16 | 8 }, /* L4TA36 */
+ [107] = { 0x9c000, 0x1000, 16 | 8 }, /* MMC SDIO */
+ [108] = { 0x9d000, 0x1000, 32 | 16 | 8 }, /* L4TAO9 */
+ [109] = { 0x9e000, 0x1000, 32 | 16 | 8 }, /* MS_PRO */
+ [110] = { 0x9f000, 0x1000, 32 | 16 | 8 }, /* L4TAO10 */
+ [111] = { 0xa0000, 0x1000, 32 }, /* RNG */
+ [112] = { 0xa1000, 0x1000, 32 | 16 | 8 }, /* L4TAO11 */
+ [113] = { 0xa2000, 0x1000, 32 }, /* DES3DES */
+ [114] = { 0xa3000, 0x1000, 32 | 16 | 8 }, /* L4TAO12 */
+ [115] = { 0xa4000, 0x1000, 32 }, /* SHA1MD5 */
+ [116] = { 0xa5000, 0x1000, 32 | 16 | 8 }, /* L4TAO13 */
+ [117] = { 0xa6000, 0x1000, 32 }, /* AES */
+ [118] = { 0xa7000, 0x1000, 32 | 16 | 8 }, /* L4TA37 */
+ [119] = { 0xa8000, 0x2000, 32 }, /* PKA */
+ [120] = { 0xaa000, 0x1000, 32 | 16 | 8 }, /* L4TA38 */
+ [121] = { 0xb0000, 0x1000, 32 }, /* MG */
+ [122] = { 0xb1000, 0x1000, 32 | 16 | 8 },
+ [123] = { 0xb2000, 0x1000, 32 }, /* HDQ/1-Wire */
+ [124] = { 0xb3000, 0x1000, 32 | 16 | 8 }, /* L4TA39 */
+};
+
+static const struct omap_l4_agent_info_s omap_l4_agent_info[54] = {
+ { 0, 0, 3, 2 }, /* L4IA initiatior agent */
+ { L4TAO(1), 3, 2, 1 }, /* Control and pinout module */
+ { L4TAO(2), 5, 2, 1 }, /* 32K timer */
+ { L4TAO(3), 7, 3, 2 }, /* PRCM */
+ { L4TA(1), 10, 2, 1 }, /* BCM */
+ { L4TA(2), 12, 2, 1 }, /* Test JTAG */
+ { L4TA(3), 14, 6, 3 }, /* Quad GPIO */
+ { L4TA(4), 20, 4, 3 }, /* WD timer 1/2 */
+ { L4TA(7), 24, 2, 1 }, /* GP timer 1 */
+ { L4TA(9), 26, 2, 1 }, /* ATM11 ETB */
+ { L4TA(10), 28, 5, 4 }, /* Display subsystem */
+ { L4TA(11), 33, 5, 4 }, /* Camera subsystem */
+ { L4TA(12), 38, 2, 1 }, /* sDMA */
+ { L4TA(13), 40, 5, 4 }, /* SSI */
+ { L4TAO(4), 45, 2, 1 }, /* USB */
+ { L4TA(14), 47, 2, 1 }, /* Win Tracer1 */
+ { L4TA(15), 49, 2, 1 }, /* Win Tracer2 */
+ { L4TA(16), 51, 2, 1 }, /* Win Tracer3 */
+ { L4TA(17), 53, 2, 1 }, /* Win Tracer4 */
+ { L4TA(18), 55, 2, 1 }, /* XTI */
+ { L4TA(19), 57, 2, 1 }, /* UART1 */
+ { L4TA(20), 59, 2, 1 }, /* UART2 */
+ { L4TA(21), 61, 2, 1 }, /* UART3 */
+ { L4TAO(5), 63, 2, 1 }, /* I2C1 */
+ { L4TAO(6), 65, 2, 1 }, /* I2C2 */
+ { L4TAO(7), 67, 2, 1 }, /* McBSP1 */
+ { L4TAO(8), 69, 2, 1 }, /* McBSP2 */
+ { L4TA(5), 71, 2, 1 }, /* WD Timer 3 (DSP) */
+ { L4TA(6), 73, 2, 1 }, /* WD Timer 4 (IVA) */
+ { L4TA(8), 75, 2, 1 }, /* GP Timer 2 */
+ { L4TA(22), 77, 2, 1 }, /* GP Timer 3 */
+ { L4TA(23), 79, 2, 1 }, /* GP Timer 4 */
+ { L4TA(24), 81, 2, 1 }, /* GP Timer 5 */
+ { L4TA(25), 83, 2, 1 }, /* GP Timer 6 */
+ { L4TA(26), 85, 2, 1 }, /* GP Timer 7 */
+ { L4TA(27), 87, 2, 1 }, /* GP Timer 8 */
+ { L4TA(28), 89, 2, 1 }, /* GP Timer 9 */
+ { L4TA(29), 91, 2, 1 }, /* GP Timer 10 */
+ { L4TA(30), 93, 2, 1 }, /* GP Timer 11 */
+ { L4TA(31), 95, 2, 1 }, /* GP Timer 12 */
+ { L4TA(32), 97, 2, 1 }, /* EAC */
+ { L4TA(33), 99, 2, 1 }, /* FAC */
+ { L4TA(34), 101, 2, 1 }, /* IPC */
+ { L4TA(35), 103, 2, 1 }, /* SPI1 */
+ { L4TA(36), 105, 2, 1 }, /* SPI2 */
+ { L4TAO(9), 107, 2, 1 }, /* MMC SDIO */
+ { L4TAO(10), 109, 2, 1 },
+ { L4TAO(11), 111, 2, 1 }, /* RNG */
+ { L4TAO(12), 113, 2, 1 }, /* DES3DES */
+ { L4TAO(13), 115, 2, 1 }, /* SHA1MD5 */
+ { L4TA(37), 117, 2, 1 }, /* AES */
+ { L4TA(38), 119, 2, 1 }, /* PKA */
+ { -1, 121, 2, 1 },
+ { L4TA(39), 123, 2, 1 }, /* HDQ/1-Wire */
+};
+
+#define omap_l4ta(bus, cs) \
+ omap_l4ta_get(bus, omap_l4_region, omap_l4_agent_info, L4TA(cs))
+#define omap_l4tao(bus, cs) \
+ omap_l4ta_get(bus, omap_l4_region, omap_l4_agent_info, L4TAO(cs))
+
+/* Power, Reset, and Clock Management */
+struct omap_prcm_s {
+ qemu_irq irq[3];
+ struct omap_mpu_state_s *mpu;
+ MemoryRegion iomem0;
+ MemoryRegion iomem1;
+
+ uint32_t irqst[3];
+ uint32_t irqen[3];
+
+ uint32_t sysconfig;
+ uint32_t voltctrl;
+ uint32_t scratch[20];
+
+ uint32_t clksrc[1];
+ uint32_t clkout[1];
+ uint32_t clkemul[1];
+ uint32_t clkpol[1];
+ uint32_t clksel[8];
+ uint32_t clken[12];
+ uint32_t clkctrl[4];
+ uint32_t clkidle[7];
+ uint32_t setuptime[2];
+
+ uint32_t wkup[3];
+ uint32_t wken[3];
+ uint32_t wkst[3];
+ uint32_t rst[4];
+ uint32_t rstctrl[1];
+ uint32_t power[4];
+ uint32_t rsttime_wkup;
+
+ uint32_t ev;
+ uint32_t evtime[2];
+
+ int dpll_lock, apll_lock[2];
+};
+
+static void omap_prcm_int_update(struct omap_prcm_s *s, int dom)
+{
+ qemu_set_irq(s->irq[dom], s->irqst[dom] & s->irqen[dom]);
+ /* XXX or is the mask applied before PRCM_IRQSTATUS_* ? */
+}
+
+static uint64_t omap_prcm_read(void *opaque, hwaddr addr,
+ unsigned size)
+{
+ struct omap_prcm_s *s = (struct omap_prcm_s *) opaque;
+ uint32_t ret;
+
+ if (size != 4) {
+ return omap_badwidth_read32(opaque, addr);
+ }
+
+ switch (addr) {
+ case 0x000: /* PRCM_REVISION */
+ return 0x10;
+
+ case 0x010: /* PRCM_SYSCONFIG */
+ return s->sysconfig;
+
+ case 0x018: /* PRCM_IRQSTATUS_MPU */
+ return s->irqst[0];
+
+ case 0x01c: /* PRCM_IRQENABLE_MPU */
+ return s->irqen[0];
+
+ case 0x050: /* PRCM_VOLTCTRL */
+ return s->voltctrl;
+ case 0x054: /* PRCM_VOLTST */
+ return s->voltctrl & 3;
+
+ case 0x060: /* PRCM_CLKSRC_CTRL */
+ return s->clksrc[0];
+ case 0x070: /* PRCM_CLKOUT_CTRL */
+ return s->clkout[0];
+ case 0x078: /* PRCM_CLKEMUL_CTRL */
+ return s->clkemul[0];
+ case 0x080: /* PRCM_CLKCFG_CTRL */
+ case 0x084: /* PRCM_CLKCFG_STATUS */
+ return 0;
+
+ case 0x090: /* PRCM_VOLTSETUP */
+ return s->setuptime[0];
+
+ case 0x094: /* PRCM_CLKSSETUP */
+ return s->setuptime[1];
+
+ case 0x098: /* PRCM_POLCTRL */
+ return s->clkpol[0];
+
+ case 0x0b0: /* GENERAL_PURPOSE1 */
+ case 0x0b4: /* GENERAL_PURPOSE2 */
+ case 0x0b8: /* GENERAL_PURPOSE3 */
+ case 0x0bc: /* GENERAL_PURPOSE4 */
+ case 0x0c0: /* GENERAL_PURPOSE5 */
+ case 0x0c4: /* GENERAL_PURPOSE6 */
+ case 0x0c8: /* GENERAL_PURPOSE7 */
+ case 0x0cc: /* GENERAL_PURPOSE8 */
+ case 0x0d0: /* GENERAL_PURPOSE9 */
+ case 0x0d4: /* GENERAL_PURPOSE10 */
+ case 0x0d8: /* GENERAL_PURPOSE11 */
+ case 0x0dc: /* GENERAL_PURPOSE12 */
+ case 0x0e0: /* GENERAL_PURPOSE13 */
+ case 0x0e4: /* GENERAL_PURPOSE14 */
+ case 0x0e8: /* GENERAL_PURPOSE15 */
+ case 0x0ec: /* GENERAL_PURPOSE16 */
+ case 0x0f0: /* GENERAL_PURPOSE17 */
+ case 0x0f4: /* GENERAL_PURPOSE18 */
+ case 0x0f8: /* GENERAL_PURPOSE19 */
+ case 0x0fc: /* GENERAL_PURPOSE20 */
+ return s->scratch[(addr - 0xb0) >> 2];
+
+ case 0x140: /* CM_CLKSEL_MPU */
+ return s->clksel[0];
+ case 0x148: /* CM_CLKSTCTRL_MPU */
+ return s->clkctrl[0];
+
+ case 0x158: /* RM_RSTST_MPU */
+ return s->rst[0];
+ case 0x1c8: /* PM_WKDEP_MPU */
+ return s->wkup[0];
+ case 0x1d4: /* PM_EVGENCTRL_MPU */
+ return s->ev;
+ case 0x1d8: /* PM_EVEGENONTIM_MPU */
+ return s->evtime[0];
+ case 0x1dc: /* PM_EVEGENOFFTIM_MPU */
+ return s->evtime[1];
+ case 0x1e0: /* PM_PWSTCTRL_MPU */
+ return s->power[0];
+ case 0x1e4: /* PM_PWSTST_MPU */
+ return 0;
+
+ case 0x200: /* CM_FCLKEN1_CORE */
+ return s->clken[0];
+ case 0x204: /* CM_FCLKEN2_CORE */
+ return s->clken[1];
+ case 0x210: /* CM_ICLKEN1_CORE */
+ return s->clken[2];
+ case 0x214: /* CM_ICLKEN2_CORE */
+ return s->clken[3];
+ case 0x21c: /* CM_ICLKEN4_CORE */
+ return s->clken[4];
+
+ case 0x220: /* CM_IDLEST1_CORE */
+ /* TODO: check the actual iclk status */
+ return 0x7ffffff9;
+ case 0x224: /* CM_IDLEST2_CORE */
+ /* TODO: check the actual iclk status */
+ return 0x00000007;
+ case 0x22c: /* CM_IDLEST4_CORE */
+ /* TODO: check the actual iclk status */
+ return 0x0000001f;
+
+ case 0x230: /* CM_AUTOIDLE1_CORE */
+ return s->clkidle[0];
+ case 0x234: /* CM_AUTOIDLE2_CORE */
+ return s->clkidle[1];
+ case 0x238: /* CM_AUTOIDLE3_CORE */
+ return s->clkidle[2];
+ case 0x23c: /* CM_AUTOIDLE4_CORE */
+ return s->clkidle[3];
+
+ case 0x240: /* CM_CLKSEL1_CORE */
+ return s->clksel[1];
+ case 0x244: /* CM_CLKSEL2_CORE */
+ return s->clksel[2];
+
+ case 0x248: /* CM_CLKSTCTRL_CORE */
+ return s->clkctrl[1];
+
+ case 0x2a0: /* PM_WKEN1_CORE */
+ return s->wken[0];
+ case 0x2a4: /* PM_WKEN2_CORE */
+ return s->wken[1];
+
+ case 0x2b0: /* PM_WKST1_CORE */
+ return s->wkst[0];
+ case 0x2b4: /* PM_WKST2_CORE */
+ return s->wkst[1];
+ case 0x2c8: /* PM_WKDEP_CORE */
+ return 0x1e;
+
+ case 0x2e0: /* PM_PWSTCTRL_CORE */
+ return s->power[1];
+ case 0x2e4: /* PM_PWSTST_CORE */
+ return 0x000030 | (s->power[1] & 0xfc00);
+
+ case 0x300: /* CM_FCLKEN_GFX */
+ return s->clken[5];
+ case 0x310: /* CM_ICLKEN_GFX */
+ return s->clken[6];
+ case 0x320: /* CM_IDLEST_GFX */
+ /* TODO: check the actual iclk status */
+ return 0x00000001;
+ case 0x340: /* CM_CLKSEL_GFX */
+ return s->clksel[3];
+ case 0x348: /* CM_CLKSTCTRL_GFX */
+ return s->clkctrl[2];
+ case 0x350: /* RM_RSTCTRL_GFX */
+ return s->rstctrl[0];
+ case 0x358: /* RM_RSTST_GFX */
+ return s->rst[1];
+ case 0x3c8: /* PM_WKDEP_GFX */
+ return s->wkup[1];
+
+ case 0x3e0: /* PM_PWSTCTRL_GFX */
+ return s->power[2];
+ case 0x3e4: /* PM_PWSTST_GFX */
+ return s->power[2] & 3;
+
+ case 0x400: /* CM_FCLKEN_WKUP */
+ return s->clken[7];
+ case 0x410: /* CM_ICLKEN_WKUP */
+ return s->clken[8];
+ case 0x420: /* CM_IDLEST_WKUP */
+ /* TODO: check the actual iclk status */
+ return 0x0000003f;
+ case 0x430: /* CM_AUTOIDLE_WKUP */
+ return s->clkidle[4];
+ case 0x440: /* CM_CLKSEL_WKUP */
+ return s->clksel[4];
+ case 0x450: /* RM_RSTCTRL_WKUP */
+ return 0;
+ case 0x454: /* RM_RSTTIME_WKUP */
+ return s->rsttime_wkup;
+ case 0x458: /* RM_RSTST_WKUP */
+ return s->rst[2];
+ case 0x4a0: /* PM_WKEN_WKUP */
+ return s->wken[2];
+ case 0x4b0: /* PM_WKST_WKUP */
+ return s->wkst[2];
+
+ case 0x500: /* CM_CLKEN_PLL */
+ return s->clken[9];
+ case 0x520: /* CM_IDLEST_CKGEN */
+ ret = 0x0000070 | (s->apll_lock[0] << 9) | (s->apll_lock[1] << 8);
+ if (!(s->clksel[6] & 3))
+ /* Core uses 32-kHz clock */
+ ret |= 3 << 0;
+ else if (!s->dpll_lock)
+ /* DPLL not locked, core uses ref_clk */
+ ret |= 1 << 0;
+ else
+ /* Core uses DPLL */
+ ret |= 2 << 0;
+ return ret;
+ case 0x530: /* CM_AUTOIDLE_PLL */
+ return s->clkidle[5];
+ case 0x540: /* CM_CLKSEL1_PLL */
+ return s->clksel[5];
+ case 0x544: /* CM_CLKSEL2_PLL */
+ return s->clksel[6];
+
+ case 0x800: /* CM_FCLKEN_DSP */
+ return s->clken[10];
+ case 0x810: /* CM_ICLKEN_DSP */
+ return s->clken[11];
+ case 0x820: /* CM_IDLEST_DSP */
+ /* TODO: check the actual iclk status */
+ return 0x00000103;
+ case 0x830: /* CM_AUTOIDLE_DSP */
+ return s->clkidle[6];
+ case 0x840: /* CM_CLKSEL_DSP */
+ return s->clksel[7];
+ case 0x848: /* CM_CLKSTCTRL_DSP */
+ return s->clkctrl[3];
+ case 0x850: /* RM_RSTCTRL_DSP */
+ return 0;
+ case 0x858: /* RM_RSTST_DSP */
+ return s->rst[3];
+ case 0x8c8: /* PM_WKDEP_DSP */
+ return s->wkup[2];
+ case 0x8e0: /* PM_PWSTCTRL_DSP */
+ return s->power[3];
+ case 0x8e4: /* PM_PWSTST_DSP */
+ return 0x008030 | (s->power[3] & 0x3003);
+
+ case 0x8f0: /* PRCM_IRQSTATUS_DSP */
+ return s->irqst[1];
+ case 0x8f4: /* PRCM_IRQENABLE_DSP */
+ return s->irqen[1];
+
+ case 0x8f8: /* PRCM_IRQSTATUS_IVA */
+ return s->irqst[2];
+ case 0x8fc: /* PRCM_IRQENABLE_IVA */
+ return s->irqen[2];
+ }
+
+ OMAP_BAD_REG(addr);
+ return 0;
+}
+
+static void omap_prcm_apll_update(struct omap_prcm_s *s)
+{
+ int mode[2];
+
+ mode[0] = (s->clken[9] >> 6) & 3;
+ s->apll_lock[0] = (mode[0] == 3);
+ mode[1] = (s->clken[9] >> 2) & 3;
+ s->apll_lock[1] = (mode[1] == 3);
+ /* TODO: update clocks */
+
+ if (mode[0] == 1 || mode[0] == 2 || mode[1] == 1 || mode[1] == 2)
+ fprintf(stderr, "%s: bad EN_54M_PLL or bad EN_96M_PLL\n",
+ __FUNCTION__);
+}
+
+static void omap_prcm_dpll_update(struct omap_prcm_s *s)
+{
+ omap_clk dpll = omap_findclk(s->mpu, "dpll");
+ omap_clk dpll_x2 = omap_findclk(s->mpu, "dpll");
+ omap_clk core = omap_findclk(s->mpu, "core_clk");
+ int mode = (s->clken[9] >> 0) & 3;
+ int mult, div;
+
+ mult = (s->clksel[5] >> 12) & 0x3ff;
+ div = (s->clksel[5] >> 8) & 0xf;
+ if (mult == 0 || mult == 1)
+ mode = 1; /* Bypass */
+
+ s->dpll_lock = 0;
+ switch (mode) {
+ case 0:
+ fprintf(stderr, "%s: bad EN_DPLL\n", __FUNCTION__);
+ break;
+ case 1: /* Low-power bypass mode (Default) */
+ case 2: /* Fast-relock bypass mode */
+ omap_clk_setrate(dpll, 1, 1);
+ omap_clk_setrate(dpll_x2, 1, 1);
+ break;
+ case 3: /* Lock mode */
+ s->dpll_lock = 1; /* After 20 FINT cycles (ref_clk / (div + 1)). */
+
+ omap_clk_setrate(dpll, div + 1, mult);
+ omap_clk_setrate(dpll_x2, div + 1, mult * 2);
+ break;
+ }
+
+ switch ((s->clksel[6] >> 0) & 3) {
+ case 0:
+ omap_clk_reparent(core, omap_findclk(s->mpu, "clk32-kHz"));
+ break;
+ case 1:
+ omap_clk_reparent(core, dpll);
+ break;
+ case 2:
+ /* Default */
+ omap_clk_reparent(core, dpll_x2);
+ break;
+ case 3:
+ fprintf(stderr, "%s: bad CORE_CLK_SRC\n", __FUNCTION__);
+ break;
+ }
+}
+
+static void omap_prcm_write(void *opaque, hwaddr addr,
+ uint64_t value, unsigned size)
+{
+ struct omap_prcm_s *s = (struct omap_prcm_s *) opaque;
+
+ if (size != 4) {
+ return omap_badwidth_write32(opaque, addr, value);
+ }
+
+ switch (addr) {
+ case 0x000: /* PRCM_REVISION */
+ case 0x054: /* PRCM_VOLTST */
+ case 0x084: /* PRCM_CLKCFG_STATUS */
+ case 0x1e4: /* PM_PWSTST_MPU */
+ case 0x220: /* CM_IDLEST1_CORE */
+ case 0x224: /* CM_IDLEST2_CORE */
+ case 0x22c: /* CM_IDLEST4_CORE */
+ case 0x2c8: /* PM_WKDEP_CORE */
+ case 0x2e4: /* PM_PWSTST_CORE */
+ case 0x320: /* CM_IDLEST_GFX */
+ case 0x3e4: /* PM_PWSTST_GFX */
+ case 0x420: /* CM_IDLEST_WKUP */
+ case 0x520: /* CM_IDLEST_CKGEN */
+ case 0x820: /* CM_IDLEST_DSP */
+ case 0x8e4: /* PM_PWSTST_DSP */
+ OMAP_RO_REG(addr);
+ return;
+
+ case 0x010: /* PRCM_SYSCONFIG */
+ s->sysconfig = value & 1;
+ break;
+
+ case 0x018: /* PRCM_IRQSTATUS_MPU */
+ s->irqst[0] &= ~value;
+ omap_prcm_int_update(s, 0);
+ break;
+ case 0x01c: /* PRCM_IRQENABLE_MPU */
+ s->irqen[0] = value & 0x3f;
+ omap_prcm_int_update(s, 0);
+ break;
+
+ case 0x050: /* PRCM_VOLTCTRL */
+ s->voltctrl = value & 0xf1c3;
+ break;
+
+ case 0x060: /* PRCM_CLKSRC_CTRL */
+ s->clksrc[0] = value & 0xdb;
+ /* TODO update clocks */
+ break;
+
+ case 0x070: /* PRCM_CLKOUT_CTRL */
+ s->clkout[0] = value & 0xbbbb;
+ /* TODO update clocks */
+ break;
+
+ case 0x078: /* PRCM_CLKEMUL_CTRL */
+ s->clkemul[0] = value & 1;
+ /* TODO update clocks */
+ break;
+
+ case 0x080: /* PRCM_CLKCFG_CTRL */
+ break;
+
+ case 0x090: /* PRCM_VOLTSETUP */
+ s->setuptime[0] = value & 0xffff;
+ break;
+ case 0x094: /* PRCM_CLKSSETUP */
+ s->setuptime[1] = value & 0xffff;
+ break;
+
+ case 0x098: /* PRCM_POLCTRL */
+ s->clkpol[0] = value & 0x701;
+ break;
+
+ case 0x0b0: /* GENERAL_PURPOSE1 */
+ case 0x0b4: /* GENERAL_PURPOSE2 */
+ case 0x0b8: /* GENERAL_PURPOSE3 */
+ case 0x0bc: /* GENERAL_PURPOSE4 */
+ case 0x0c0: /* GENERAL_PURPOSE5 */
+ case 0x0c4: /* GENERAL_PURPOSE6 */
+ case 0x0c8: /* GENERAL_PURPOSE7 */
+ case 0x0cc: /* GENERAL_PURPOSE8 */
+ case 0x0d0: /* GENERAL_PURPOSE9 */
+ case 0x0d4: /* GENERAL_PURPOSE10 */
+ case 0x0d8: /* GENERAL_PURPOSE11 */
+ case 0x0dc: /* GENERAL_PURPOSE12 */
+ case 0x0e0: /* GENERAL_PURPOSE13 */
+ case 0x0e4: /* GENERAL_PURPOSE14 */
+ case 0x0e8: /* GENERAL_PURPOSE15 */
+ case 0x0ec: /* GENERAL_PURPOSE16 */
+ case 0x0f0: /* GENERAL_PURPOSE17 */
+ case 0x0f4: /* GENERAL_PURPOSE18 */
+ case 0x0f8: /* GENERAL_PURPOSE19 */
+ case 0x0fc: /* GENERAL_PURPOSE20 */
+ s->scratch[(addr - 0xb0) >> 2] = value;
+ break;
+
+ case 0x140: /* CM_CLKSEL_MPU */
+ s->clksel[0] = value & 0x1f;
+ /* TODO update clocks */
+ break;
+ case 0x148: /* CM_CLKSTCTRL_MPU */
+ s->clkctrl[0] = value & 0x1f;
+ break;
+
+ case 0x158: /* RM_RSTST_MPU */
+ s->rst[0] &= ~value;
+ break;
+ case 0x1c8: /* PM_WKDEP_MPU */
+ s->wkup[0] = value & 0x15;
+ break;
+
+ case 0x1d4: /* PM_EVGENCTRL_MPU */
+ s->ev = value & 0x1f;
+ break;
+ case 0x1d8: /* PM_EVEGENONTIM_MPU */
+ s->evtime[0] = value;
+ break;
+ case 0x1dc: /* PM_EVEGENOFFTIM_MPU */
+ s->evtime[1] = value;
+ break;
+
+ case 0x1e0: /* PM_PWSTCTRL_MPU */
+ s->power[0] = value & 0xc0f;
+ break;
+
+ case 0x200: /* CM_FCLKEN1_CORE */
+ s->clken[0] = value & 0xbfffffff;
+ /* TODO update clocks */
+ /* The EN_EAC bit only gets/puts func_96m_clk. */
+ break;
+ case 0x204: /* CM_FCLKEN2_CORE */
+ s->clken[1] = value & 0x00000007;
+ /* TODO update clocks */
+ break;
+ case 0x210: /* CM_ICLKEN1_CORE */
+ s->clken[2] = value & 0xfffffff9;
+ /* TODO update clocks */
+ /* The EN_EAC bit only gets/puts core_l4_iclk. */
+ break;
+ case 0x214: /* CM_ICLKEN2_CORE */
+ s->clken[3] = value & 0x00000007;
+ /* TODO update clocks */
+ break;
+ case 0x21c: /* CM_ICLKEN4_CORE */
+ s->clken[4] = value & 0x0000001f;
+ /* TODO update clocks */
+ break;
+
+ case 0x230: /* CM_AUTOIDLE1_CORE */
+ s->clkidle[0] = value & 0xfffffff9;
+ /* TODO update clocks */
+ break;
+ case 0x234: /* CM_AUTOIDLE2_CORE */
+ s->clkidle[1] = value & 0x00000007;
+ /* TODO update clocks */
+ break;
+ case 0x238: /* CM_AUTOIDLE3_CORE */
+ s->clkidle[2] = value & 0x00000007;
+ /* TODO update clocks */
+ break;
+ case 0x23c: /* CM_AUTOIDLE4_CORE */
+ s->clkidle[3] = value & 0x0000001f;
+ /* TODO update clocks */
+ break;
+
+ case 0x240: /* CM_CLKSEL1_CORE */
+ s->clksel[1] = value & 0x0fffbf7f;
+ /* TODO update clocks */
+ break;
+
+ case 0x244: /* CM_CLKSEL2_CORE */
+ s->clksel[2] = value & 0x00fffffc;
+ /* TODO update clocks */
+ break;
+
+ case 0x248: /* CM_CLKSTCTRL_CORE */
+ s->clkctrl[1] = value & 0x7;
+ break;
+
+ case 0x2a0: /* PM_WKEN1_CORE */
+ s->wken[0] = value & 0x04667ff8;
+ break;
+ case 0x2a4: /* PM_WKEN2_CORE */
+ s->wken[1] = value & 0x00000005;
+ break;
+
+ case 0x2b0: /* PM_WKST1_CORE */
+ s->wkst[0] &= ~value;
+ break;
+ case 0x2b4: /* PM_WKST2_CORE */
+ s->wkst[1] &= ~value;
+ break;
+
+ case 0x2e0: /* PM_PWSTCTRL_CORE */
+ s->power[1] = (value & 0x00fc3f) | (1 << 2);
+ break;
+
+ case 0x300: /* CM_FCLKEN_GFX */
+ s->clken[5] = value & 6;
+ /* TODO update clocks */
+ break;
+ case 0x310: /* CM_ICLKEN_GFX */
+ s->clken[6] = value & 1;
+ /* TODO update clocks */
+ break;
+ case 0x340: /* CM_CLKSEL_GFX */
+ s->clksel[3] = value & 7;
+ /* TODO update clocks */
+ break;
+ case 0x348: /* CM_CLKSTCTRL_GFX */
+ s->clkctrl[2] = value & 1;
+ break;
+ case 0x350: /* RM_RSTCTRL_GFX */
+ s->rstctrl[0] = value & 1;
+ /* TODO: reset */
+ break;
+ case 0x358: /* RM_RSTST_GFX */
+ s->rst[1] &= ~value;
+ break;
+ case 0x3c8: /* PM_WKDEP_GFX */
+ s->wkup[1] = value & 0x13;
+ break;
+ case 0x3e0: /* PM_PWSTCTRL_GFX */
+ s->power[2] = (value & 0x00c0f) | (3 << 2);
+ break;
+
+ case 0x400: /* CM_FCLKEN_WKUP */
+ s->clken[7] = value & 0xd;
+ /* TODO update clocks */
+ break;
+ case 0x410: /* CM_ICLKEN_WKUP */
+ s->clken[8] = value & 0x3f;
+ /* TODO update clocks */
+ break;
+ case 0x430: /* CM_AUTOIDLE_WKUP */
+ s->clkidle[4] = value & 0x0000003f;
+ /* TODO update clocks */
+ break;
+ case 0x440: /* CM_CLKSEL_WKUP */
+ s->clksel[4] = value & 3;
+ /* TODO update clocks */
+ break;
+ case 0x450: /* RM_RSTCTRL_WKUP */
+ /* TODO: reset */
+ if (value & 2)
+ qemu_system_reset_request();
+ break;
+ case 0x454: /* RM_RSTTIME_WKUP */
+ s->rsttime_wkup = value & 0x1fff;
+ break;
+ case 0x458: /* RM_RSTST_WKUP */
+ s->rst[2] &= ~value;
+ break;
+ case 0x4a0: /* PM_WKEN_WKUP */
+ s->wken[2] = value & 0x00000005;
+ break;
+ case 0x4b0: /* PM_WKST_WKUP */
+ s->wkst[2] &= ~value;
+ break;
+
+ case 0x500: /* CM_CLKEN_PLL */
+ if (value & 0xffffff30)
+ fprintf(stderr, "%s: write 0s in CM_CLKEN_PLL for "
+ "future compatibility\n", __FUNCTION__);
+ if ((s->clken[9] ^ value) & 0xcc) {
+ s->clken[9] &= ~0xcc;
+ s->clken[9] |= value & 0xcc;
+ omap_prcm_apll_update(s);
+ }
+ if ((s->clken[9] ^ value) & 3) {
+ s->clken[9] &= ~3;
+ s->clken[9] |= value & 3;
+ omap_prcm_dpll_update(s);
+ }
+ break;
+ case 0x530: /* CM_AUTOIDLE_PLL */
+ s->clkidle[5] = value & 0x000000cf;
+ /* TODO update clocks */
+ break;
+ case 0x540: /* CM_CLKSEL1_PLL */
+ if (value & 0xfc4000d7)
+ fprintf(stderr, "%s: write 0s in CM_CLKSEL1_PLL for "
+ "future compatibility\n", __FUNCTION__);
+ if ((s->clksel[5] ^ value) & 0x003fff00) {
+ s->clksel[5] = value & 0x03bfff28;
+ omap_prcm_dpll_update(s);
+ }
+ /* TODO update the other clocks */
+
+ s->clksel[5] = value & 0x03bfff28;
+ break;
+ case 0x544: /* CM_CLKSEL2_PLL */
+ if (value & ~3)
+ fprintf(stderr, "%s: write 0s in CM_CLKSEL2_PLL[31:2] for "
+ "future compatibility\n", __FUNCTION__);
+ if (s->clksel[6] != (value & 3)) {
+ s->clksel[6] = value & 3;
+ omap_prcm_dpll_update(s);
+ }
+ break;
+
+ case 0x800: /* CM_FCLKEN_DSP */
+ s->clken[10] = value & 0x501;
+ /* TODO update clocks */
+ break;
+ case 0x810: /* CM_ICLKEN_DSP */
+ s->clken[11] = value & 0x2;
+ /* TODO update clocks */
+ break;
+ case 0x830: /* CM_AUTOIDLE_DSP */
+ s->clkidle[6] = value & 0x2;
+ /* TODO update clocks */
+ break;
+ case 0x840: /* CM_CLKSEL_DSP */
+ s->clksel[7] = value & 0x3fff;
+ /* TODO update clocks */
+ break;
+ case 0x848: /* CM_CLKSTCTRL_DSP */
+ s->clkctrl[3] = value & 0x101;
+ break;
+ case 0x850: /* RM_RSTCTRL_DSP */
+ /* TODO: reset */
+ break;
+ case 0x858: /* RM_RSTST_DSP */
+ s->rst[3] &= ~value;
+ break;
+ case 0x8c8: /* PM_WKDEP_DSP */
+ s->wkup[2] = value & 0x13;
+ break;
+ case 0x8e0: /* PM_PWSTCTRL_DSP */
+ s->power[3] = (value & 0x03017) | (3 << 2);
+ break;
+
+ case 0x8f0: /* PRCM_IRQSTATUS_DSP */
+ s->irqst[1] &= ~value;
+ omap_prcm_int_update(s, 1);
+ break;
+ case 0x8f4: /* PRCM_IRQENABLE_DSP */
+ s->irqen[1] = value & 0x7;
+ omap_prcm_int_update(s, 1);
+ break;
+
+ case 0x8f8: /* PRCM_IRQSTATUS_IVA */
+ s->irqst[2] &= ~value;
+ omap_prcm_int_update(s, 2);
+ break;
+ case 0x8fc: /* PRCM_IRQENABLE_IVA */
+ s->irqen[2] = value & 0x7;
+ omap_prcm_int_update(s, 2);
+ break;
+
+ default:
+ OMAP_BAD_REG(addr);
+ return;
+ }
+}
+
+static const MemoryRegionOps omap_prcm_ops = {
+ .read = omap_prcm_read,
+ .write = omap_prcm_write,
+ .endianness = DEVICE_NATIVE_ENDIAN,
+};
+
+static void omap_prcm_reset(struct omap_prcm_s *s)
+{
+ s->sysconfig = 0;
+ s->irqst[0] = 0;
+ s->irqst[1] = 0;
+ s->irqst[2] = 0;
+ s->irqen[0] = 0;
+ s->irqen[1] = 0;
+ s->irqen[2] = 0;
+ s->voltctrl = 0x1040;
+ s->ev = 0x14;
+ s->evtime[0] = 0;
+ s->evtime[1] = 0;
+ s->clkctrl[0] = 0;
+ s->clkctrl[1] = 0;
+ s->clkctrl[2] = 0;
+ s->clkctrl[3] = 0;
+ s->clken[1] = 7;
+ s->clken[3] = 7;
+ s->clken[4] = 0;
+ s->clken[5] = 0;
+ s->clken[6] = 0;
+ s->clken[7] = 0xc;
+ s->clken[8] = 0x3e;
+ s->clken[9] = 0x0d;
+ s->clken[10] = 0;
+ s->clken[11] = 0;
+ s->clkidle[0] = 0;
+ s->clkidle[2] = 7;
+ s->clkidle[3] = 0;
+ s->clkidle[4] = 0;
+ s->clkidle[5] = 0x0c;
+ s->clkidle[6] = 0;
+ s->clksel[0] = 0x01;
+ s->clksel[1] = 0x02100121;
+ s->clksel[2] = 0x00000000;
+ s->clksel[3] = 0x01;
+ s->clksel[4] = 0;
+ s->clksel[7] = 0x0121;
+ s->wkup[0] = 0x15;
+ s->wkup[1] = 0x13;
+ s->wkup[2] = 0x13;
+ s->wken[0] = 0x04667ff8;
+ s->wken[1] = 0x00000005;
+ s->wken[2] = 5;
+ s->wkst[0] = 0;
+ s->wkst[1] = 0;
+ s->wkst[2] = 0;
+ s->power[0] = 0x00c;
+ s->power[1] = 4;
+ s->power[2] = 0x0000c;
+ s->power[3] = 0x14;
+ s->rstctrl[0] = 1;
+ s->rst[3] = 1;
+ omap_prcm_apll_update(s);
+ omap_prcm_dpll_update(s);
+}
+
+static void omap_prcm_coldreset(struct omap_prcm_s *s)
+{
+ s->setuptime[0] = 0;
+ s->setuptime[1] = 0;
+ memset(&s->scratch, 0, sizeof(s->scratch));
+ s->rst[0] = 0x01;
+ s->rst[1] = 0x00;
+ s->rst[2] = 0x01;
+ s->clken[0] = 0;
+ s->clken[2] = 0;
+ s->clkidle[1] = 0;
+ s->clksel[5] = 0;
+ s->clksel[6] = 2;
+ s->clksrc[0] = 0x43;
+ s->clkout[0] = 0x0303;
+ s->clkemul[0] = 0;
+ s->clkpol[0] = 0x100;
+ s->rsttime_wkup = 0x1002;
+
+ omap_prcm_reset(s);
+}
+
+static struct omap_prcm_s *omap_prcm_init(struct omap_target_agent_s *ta,
+ qemu_irq mpu_int, qemu_irq dsp_int, qemu_irq iva_int,
+ struct omap_mpu_state_s *mpu)
+{
+ struct omap_prcm_s *s = (struct omap_prcm_s *)
+ g_malloc0(sizeof(struct omap_prcm_s));
+
+ s->irq[0] = mpu_int;
+ s->irq[1] = dsp_int;
+ s->irq[2] = iva_int;
+ s->mpu = mpu;
+ omap_prcm_coldreset(s);
+
+ memory_region_init_io(&s->iomem0, NULL, &omap_prcm_ops, s, "omap.pcrm0",
+ omap_l4_region_size(ta, 0));
+ memory_region_init_io(&s->iomem1, NULL, &omap_prcm_ops, s, "omap.pcrm1",
+ omap_l4_region_size(ta, 1));
+ omap_l4_attach(ta, 0, &s->iomem0);
+ omap_l4_attach(ta, 1, &s->iomem1);
+
+ return s;
+}
+
+/* System and Pinout control */
+struct omap_sysctl_s {
+ struct omap_mpu_state_s *mpu;
+ MemoryRegion iomem;
+
+ uint32_t sysconfig;
+ uint32_t devconfig;
+ uint32_t psaconfig;
+ uint32_t padconf[0x45];
+ uint8_t obs;
+ uint32_t msuspendmux[5];
+};
+
+static uint32_t omap_sysctl_read8(void *opaque, hwaddr addr)
+{
+
+ struct omap_sysctl_s *s = (struct omap_sysctl_s *) opaque;
+ int pad_offset, byte_offset;
+ int value;
+
+ switch (addr) {
+ case 0x030 ... 0x140: /* CONTROL_PADCONF - only used in the POP */
+ pad_offset = (addr - 0x30) >> 2;
+ byte_offset = (addr - 0x30) & (4 - 1);
+
+ value = s->padconf[pad_offset];
+ value = (value >> (byte_offset * 8)) & 0xff;
+
+ return value;
+
+ default:
+ break;
+ }
+
+ OMAP_BAD_REG(addr);
+ return 0;
+}
+
+static uint32_t omap_sysctl_read(void *opaque, hwaddr addr)
+{
+ struct omap_sysctl_s *s = (struct omap_sysctl_s *) opaque;
+
+ switch (addr) {
+ case 0x000: /* CONTROL_REVISION */
+ return 0x20;
+
+ case 0x010: /* CONTROL_SYSCONFIG */
+ return s->sysconfig;
+
+ case 0x030 ... 0x140: /* CONTROL_PADCONF - only used in the POP */
+ return s->padconf[(addr - 0x30) >> 2];
+
+ case 0x270: /* CONTROL_DEBOBS */
+ return s->obs;
+
+ case 0x274: /* CONTROL_DEVCONF */
+ return s->devconfig;
+
+ case 0x28c: /* CONTROL_EMU_SUPPORT */
+ return 0;
+
+ case 0x290: /* CONTROL_MSUSPENDMUX_0 */
+ return s->msuspendmux[0];
+ case 0x294: /* CONTROL_MSUSPENDMUX_1 */
+ return s->msuspendmux[1];
+ case 0x298: /* CONTROL_MSUSPENDMUX_2 */
+ return s->msuspendmux[2];
+ case 0x29c: /* CONTROL_MSUSPENDMUX_3 */
+ return s->msuspendmux[3];
+ case 0x2a0: /* CONTROL_MSUSPENDMUX_4 */
+ return s->msuspendmux[4];
+ case 0x2a4: /* CONTROL_MSUSPENDMUX_5 */
+ return 0;
+
+ case 0x2b8: /* CONTROL_PSA_CTRL */
+ return s->psaconfig;
+ case 0x2bc: /* CONTROL_PSA_CMD */
+ case 0x2c0: /* CONTROL_PSA_VALUE */
+ return 0;
+
+ case 0x2b0: /* CONTROL_SEC_CTRL */
+ return 0x800000f1;
+ case 0x2d0: /* CONTROL_SEC_EMU */
+ return 0x80000015;
+ case 0x2d4: /* CONTROL_SEC_TAP */
+ return 0x8000007f;
+ case 0x2b4: /* CONTROL_SEC_TEST */
+ case 0x2f0: /* CONTROL_SEC_STATUS */
+ case 0x2f4: /* CONTROL_SEC_ERR_STATUS */
+ /* Secure mode is not present on general-pusrpose device. Outside
+ * secure mode these values cannot be read or written. */
+ return 0;
+
+ case 0x2d8: /* CONTROL_OCM_RAM_PERM */
+ return 0xff;
+ case 0x2dc: /* CONTROL_OCM_PUB_RAM_ADD */
+ case 0x2e0: /* CONTROL_EXT_SEC_RAM_START_ADD */
+ case 0x2e4: /* CONTROL_EXT_SEC_RAM_STOP_ADD */
+ /* No secure mode so no Extended Secure RAM present. */
+ return 0;
+
+ case 0x2f8: /* CONTROL_STATUS */
+ /* Device Type => General-purpose */
+ return 0x0300;
+ case 0x2fc: /* CONTROL_GENERAL_PURPOSE_STATUS */
+
+ case 0x300: /* CONTROL_RPUB_KEY_H_0 */
+ case 0x304: /* CONTROL_RPUB_KEY_H_1 */
+ case 0x308: /* CONTROL_RPUB_KEY_H_2 */
+ case 0x30c: /* CONTROL_RPUB_KEY_H_3 */
+ return 0xdecafbad;
+
+ case 0x310: /* CONTROL_RAND_KEY_0 */
+ case 0x314: /* CONTROL_RAND_KEY_1 */
+ case 0x318: /* CONTROL_RAND_KEY_2 */
+ case 0x31c: /* CONTROL_RAND_KEY_3 */
+ case 0x320: /* CONTROL_CUST_KEY_0 */
+ case 0x324: /* CONTROL_CUST_KEY_1 */
+ case 0x330: /* CONTROL_TEST_KEY_0 */
+ case 0x334: /* CONTROL_TEST_KEY_1 */
+ case 0x338: /* CONTROL_TEST_KEY_2 */
+ case 0x33c: /* CONTROL_TEST_KEY_3 */
+ case 0x340: /* CONTROL_TEST_KEY_4 */
+ case 0x344: /* CONTROL_TEST_KEY_5 */
+ case 0x348: /* CONTROL_TEST_KEY_6 */
+ case 0x34c: /* CONTROL_TEST_KEY_7 */
+ case 0x350: /* CONTROL_TEST_KEY_8 */
+ case 0x354: /* CONTROL_TEST_KEY_9 */
+ /* Can only be accessed in secure mode and when C_FieldAccEnable
+ * bit is set in CONTROL_SEC_CTRL.
+ * TODO: otherwise an interconnect access error is generated. */
+ return 0;
+ }
+
+ OMAP_BAD_REG(addr);
+ return 0;
+}
+
+static void omap_sysctl_write8(void *opaque, hwaddr addr,
+ uint32_t value)
+{
+ struct omap_sysctl_s *s = (struct omap_sysctl_s *) opaque;
+ int pad_offset, byte_offset;
+ int prev_value;
+
+ switch (addr) {
+ case 0x030 ... 0x140: /* CONTROL_PADCONF - only used in the POP */
+ pad_offset = (addr - 0x30) >> 2;
+ byte_offset = (addr - 0x30) & (4 - 1);
+
+ prev_value = s->padconf[pad_offset];
+ prev_value &= ~(0xff << (byte_offset * 8));
+ prev_value |= ((value & 0x1f1f1f1f) << (byte_offset * 8)) & 0x1f1f1f1f;
+ s->padconf[pad_offset] = prev_value;
+ break;
+
+ default:
+ OMAP_BAD_REG(addr);
+ break;
+ }
+}
+
+static void omap_sysctl_write(void *opaque, hwaddr addr,
+ uint32_t value)
+{
+ struct omap_sysctl_s *s = (struct omap_sysctl_s *) opaque;
+
+ switch (addr) {
+ case 0x000: /* CONTROL_REVISION */
+ case 0x2a4: /* CONTROL_MSUSPENDMUX_5 */
+ case 0x2c0: /* CONTROL_PSA_VALUE */
+ case 0x2f8: /* CONTROL_STATUS */
+ case 0x2fc: /* CONTROL_GENERAL_PURPOSE_STATUS */
+ case 0x300: /* CONTROL_RPUB_KEY_H_0 */
+ case 0x304: /* CONTROL_RPUB_KEY_H_1 */
+ case 0x308: /* CONTROL_RPUB_KEY_H_2 */
+ case 0x30c: /* CONTROL_RPUB_KEY_H_3 */
+ case 0x310: /* CONTROL_RAND_KEY_0 */
+ case 0x314: /* CONTROL_RAND_KEY_1 */
+ case 0x318: /* CONTROL_RAND_KEY_2 */
+ case 0x31c: /* CONTROL_RAND_KEY_3 */
+ case 0x320: /* CONTROL_CUST_KEY_0 */
+ case 0x324: /* CONTROL_CUST_KEY_1 */
+ case 0x330: /* CONTROL_TEST_KEY_0 */
+ case 0x334: /* CONTROL_TEST_KEY_1 */
+ case 0x338: /* CONTROL_TEST_KEY_2 */
+ case 0x33c: /* CONTROL_TEST_KEY_3 */
+ case 0x340: /* CONTROL_TEST_KEY_4 */
+ case 0x344: /* CONTROL_TEST_KEY_5 */
+ case 0x348: /* CONTROL_TEST_KEY_6 */
+ case 0x34c: /* CONTROL_TEST_KEY_7 */
+ case 0x350: /* CONTROL_TEST_KEY_8 */
+ case 0x354: /* CONTROL_TEST_KEY_9 */
+ OMAP_RO_REG(addr);
+ return;
+
+ case 0x010: /* CONTROL_SYSCONFIG */
+ s->sysconfig = value & 0x1e;
+ break;
+
+ case 0x030 ... 0x140: /* CONTROL_PADCONF - only used in the POP */
+ /* XXX: should check constant bits */
+ s->padconf[(addr - 0x30) >> 2] = value & 0x1f1f1f1f;
+ break;
+
+ case 0x270: /* CONTROL_DEBOBS */
+ s->obs = value & 0xff;
+ break;
+
+ case 0x274: /* CONTROL_DEVCONF */
+ s->devconfig = value & 0xffffc7ff;
+ break;
+
+ case 0x28c: /* CONTROL_EMU_SUPPORT */
+ break;
+
+ case 0x290: /* CONTROL_MSUSPENDMUX_0 */
+ s->msuspendmux[0] = value & 0x3fffffff;
+ break;
+ case 0x294: /* CONTROL_MSUSPENDMUX_1 */
+ s->msuspendmux[1] = value & 0x3fffffff;
+ break;
+ case 0x298: /* CONTROL_MSUSPENDMUX_2 */
+ s->msuspendmux[2] = value & 0x3fffffff;
+ break;
+ case 0x29c: /* CONTROL_MSUSPENDMUX_3 */
+ s->msuspendmux[3] = value & 0x3fffffff;
+ break;
+ case 0x2a0: /* CONTROL_MSUSPENDMUX_4 */
+ s->msuspendmux[4] = value & 0x3fffffff;
+ break;
+
+ case 0x2b8: /* CONTROL_PSA_CTRL */
+ s->psaconfig = value & 0x1c;
+ s->psaconfig |= (value & 0x20) ? 2 : 1;
+ break;
+ case 0x2bc: /* CONTROL_PSA_CMD */
+ break;
+
+ case 0x2b0: /* CONTROL_SEC_CTRL */
+ case 0x2b4: /* CONTROL_SEC_TEST */
+ case 0x2d0: /* CONTROL_SEC_EMU */
+ case 0x2d4: /* CONTROL_SEC_TAP */
+ case 0x2d8: /* CONTROL_OCM_RAM_PERM */
+ case 0x2dc: /* CONTROL_OCM_PUB_RAM_ADD */
+ case 0x2e0: /* CONTROL_EXT_SEC_RAM_START_ADD */
+ case 0x2e4: /* CONTROL_EXT_SEC_RAM_STOP_ADD */
+ case 0x2f0: /* CONTROL_SEC_STATUS */
+ case 0x2f4: /* CONTROL_SEC_ERR_STATUS */
+ break;
+
+ default:
+ OMAP_BAD_REG(addr);
+ return;
+ }
+}
+
+static const MemoryRegionOps omap_sysctl_ops = {
+ .old_mmio = {
+ .read = {
+ omap_sysctl_read8,
+ omap_badwidth_read32, /* TODO */
+ omap_sysctl_read,
+ },
+ .write = {
+ omap_sysctl_write8,
+ omap_badwidth_write32, /* TODO */
+ omap_sysctl_write,
+ },
+ },
+ .endianness = DEVICE_NATIVE_ENDIAN,
+};
+
+static void omap_sysctl_reset(struct omap_sysctl_s *s)
+{
+ /* (power-on reset) */
+ s->sysconfig = 0;
+ s->obs = 0;
+ s->devconfig = 0x0c000000;
+ s->msuspendmux[0] = 0x00000000;
+ s->msuspendmux[1] = 0x00000000;
+ s->msuspendmux[2] = 0x00000000;
+ s->msuspendmux[3] = 0x00000000;
+ s->msuspendmux[4] = 0x00000000;
+ s->psaconfig = 1;
+
+ s->padconf[0x00] = 0x000f0f0f;
+ s->padconf[0x01] = 0x00000000;
+ s->padconf[0x02] = 0x00000000;
+ s->padconf[0x03] = 0x00000000;
+ s->padconf[0x04] = 0x00000000;
+ s->padconf[0x05] = 0x00000000;
+ s->padconf[0x06] = 0x00000000;
+ s->padconf[0x07] = 0x00000000;
+ s->padconf[0x08] = 0x08080800;
+ s->padconf[0x09] = 0x08080808;
+ s->padconf[0x0a] = 0x08080808;
+ s->padconf[0x0b] = 0x08080808;
+ s->padconf[0x0c] = 0x08080808;
+ s->padconf[0x0d] = 0x08080800;
+ s->padconf[0x0e] = 0x08080808;
+ s->padconf[0x0f] = 0x08080808;
+ s->padconf[0x10] = 0x18181808; /* | 0x07070700 if SBoot3 */
+ s->padconf[0x11] = 0x18181818; /* | 0x07070707 if SBoot3 */
+ s->padconf[0x12] = 0x18181818; /* | 0x07070707 if SBoot3 */
+ s->padconf[0x13] = 0x18181818; /* | 0x07070707 if SBoot3 */
+ s->padconf[0x14] = 0x18181818; /* | 0x00070707 if SBoot3 */
+ s->padconf[0x15] = 0x18181818;
+ s->padconf[0x16] = 0x18181818; /* | 0x07000000 if SBoot3 */
+ s->padconf[0x17] = 0x1f001f00;
+ s->padconf[0x18] = 0x1f1f1f1f;
+ s->padconf[0x19] = 0x00000000;
+ s->padconf[0x1a] = 0x1f180000;
+ s->padconf[0x1b] = 0x00001f1f;
+ s->padconf[0x1c] = 0x1f001f00;
+ s->padconf[0x1d] = 0x00000000;
+ s->padconf[0x1e] = 0x00000000;
+ s->padconf[0x1f] = 0x08000000;
+ s->padconf[0x20] = 0x08080808;
+ s->padconf[0x21] = 0x08080808;
+ s->padconf[0x22] = 0x0f080808;
+ s->padconf[0x23] = 0x0f0f0f0f;
+ s->padconf[0x24] = 0x000f0f0f;
+ s->padconf[0x25] = 0x1f1f1f0f;
+ s->padconf[0x26] = 0x080f0f1f;
+ s->padconf[0x27] = 0x070f1808;
+ s->padconf[0x28] = 0x0f070707;
+ s->padconf[0x29] = 0x000f0f1f;
+ s->padconf[0x2a] = 0x0f0f0f1f;
+ s->padconf[0x2b] = 0x08000000;
+ s->padconf[0x2c] = 0x0000001f;
+ s->padconf[0x2d] = 0x0f0f1f00;
+ s->padconf[0x2e] = 0x1f1f0f0f;
+ s->padconf[0x2f] = 0x0f1f1f1f;
+ s->padconf[0x30] = 0x0f0f0f0f;
+ s->padconf[0x31] = 0x0f1f0f1f;
+ s->padconf[0x32] = 0x0f0f0f0f;
+ s->padconf[0x33] = 0x0f1f0f1f;
+ s->padconf[0x34] = 0x1f1f0f0f;
+ s->padconf[0x35] = 0x0f0f1f1f;
+ s->padconf[0x36] = 0x0f0f1f0f;
+ s->padconf[0x37] = 0x0f0f0f0f;
+ s->padconf[0x38] = 0x1f18180f;
+ s->padconf[0x39] = 0x1f1f1f1f;
+ s->padconf[0x3a] = 0x00001f1f;
+ s->padconf[0x3b] = 0x00000000;
+ s->padconf[0x3c] = 0x00000000;
+ s->padconf[0x3d] = 0x0f0f0f0f;
+ s->padconf[0x3e] = 0x18000f0f;
+ s->padconf[0x3f] = 0x00070000;
+ s->padconf[0x40] = 0x00000707;
+ s->padconf[0x41] = 0x0f1f0700;
+ s->padconf[0x42] = 0x1f1f070f;
+ s->padconf[0x43] = 0x0008081f;
+ s->padconf[0x44] = 0x00000800;
+}
+
+static struct omap_sysctl_s *omap_sysctl_init(struct omap_target_agent_s *ta,
+ omap_clk iclk, struct omap_mpu_state_s *mpu)
+{
+ struct omap_sysctl_s *s = (struct omap_sysctl_s *)
+ g_malloc0(sizeof(struct omap_sysctl_s));
+
+ s->mpu = mpu;
+ omap_sysctl_reset(s);
+
+ memory_region_init_io(&s->iomem, NULL, &omap_sysctl_ops, s, "omap.sysctl",
+ omap_l4_region_size(ta, 0));
+ omap_l4_attach(ta, 0, &s->iomem);
+
+ return s;
+}
+
+/* General chip reset */
+static void omap2_mpu_reset(void *opaque)
+{
+ struct omap_mpu_state_s *mpu = (struct omap_mpu_state_s *) opaque;
+
+ omap_dma_reset(mpu->dma);
+ omap_prcm_reset(mpu->prcm);
+ omap_sysctl_reset(mpu->sysc);
+ omap_gp_timer_reset(mpu->gptimer[0]);
+ omap_gp_timer_reset(mpu->gptimer[1]);
+ omap_gp_timer_reset(mpu->gptimer[2]);
+ omap_gp_timer_reset(mpu->gptimer[3]);
+ omap_gp_timer_reset(mpu->gptimer[4]);
+ omap_gp_timer_reset(mpu->gptimer[5]);
+ omap_gp_timer_reset(mpu->gptimer[6]);
+ omap_gp_timer_reset(mpu->gptimer[7]);
+ omap_gp_timer_reset(mpu->gptimer[8]);
+ omap_gp_timer_reset(mpu->gptimer[9]);
+ omap_gp_timer_reset(mpu->gptimer[10]);
+ omap_gp_timer_reset(mpu->gptimer[11]);
+ omap_synctimer_reset(mpu->synctimer);
+ omap_sdrc_reset(mpu->sdrc);
+ omap_gpmc_reset(mpu->gpmc);
+ omap_dss_reset(mpu->dss);
+ omap_uart_reset(mpu->uart[0]);
+ omap_uart_reset(mpu->uart[1]);
+ omap_uart_reset(mpu->uart[2]);
+ omap_mmc_reset(mpu->mmc);
+ omap_mcspi_reset(mpu->mcspi[0]);
+ omap_mcspi_reset(mpu->mcspi[1]);
+ cpu_reset(CPU(mpu->cpu));
+}
+
+static int omap2_validate_addr(struct omap_mpu_state_s *s,
+ hwaddr addr)
+{
+ return 1;
+}
+
+static const struct dma_irq_map omap2_dma_irq_map[] = {
+ { 0, OMAP_INT_24XX_SDMA_IRQ0 },
+ { 0, OMAP_INT_24XX_SDMA_IRQ1 },
+ { 0, OMAP_INT_24XX_SDMA_IRQ2 },
+ { 0, OMAP_INT_24XX_SDMA_IRQ3 },
+};
+
+struct omap_mpu_state_s *omap2420_mpu_init(MemoryRegion *sysmem,
+ unsigned long sdram_size,
+ const char *core)
+{
+ struct omap_mpu_state_s *s = (struct omap_mpu_state_s *)
+ g_malloc0(sizeof(struct omap_mpu_state_s));
+ qemu_irq *cpu_irq;
+ qemu_irq dma_irqs[4];
+ DriveInfo *dinfo;
+ int i;
+ SysBusDevice *busdev;
+ struct omap_target_agent_s *ta;
+
+ /* Core */
+ s->mpu_model = omap2420;
+ s->cpu = cpu_arm_init(core ?: "arm1136-r2");
+ if (s->cpu == NULL) {
+ fprintf(stderr, "Unable to find CPU definition\n");
+ exit(1);
+ }
+ s->sdram_size = sdram_size;
+ s->sram_size = OMAP242X_SRAM_SIZE;
+
+ s->wakeup = qemu_allocate_irqs(omap_mpu_wakeup, s, 1)[0];
+
+ /* Clocks */
+ omap_clk_init(s);
+
+ /* Memory-mapped stuff */
+ memory_region_init_ram(&s->sdram, NULL, "omap2.dram", s->sdram_size);
+ vmstate_register_ram_global(&s->sdram);
+ memory_region_add_subregion(sysmem, OMAP2_Q2_BASE, &s->sdram);
+ memory_region_init_ram(&s->sram, NULL, "omap2.sram", s->sram_size);
+ vmstate_register_ram_global(&s->sram);
+ memory_region_add_subregion(sysmem, OMAP2_SRAM_BASE, &s->sram);
+
+ s->l4 = omap_l4_init(sysmem, OMAP2_L4_BASE, 54);
+
+ /* Actually mapped at any 2K boundary in the ARM11 private-peripheral if */
+ cpu_irq = arm_pic_init_cpu(s->cpu);
+ s->ih[0] = qdev_create(NULL, "omap2-intc");
+ qdev_prop_set_uint8(s->ih[0], "revision", 0x21);
+ qdev_prop_set_ptr(s->ih[0], "fclk", omap_findclk(s, "mpu_intc_fclk"));
+ qdev_prop_set_ptr(s->ih[0], "iclk", omap_findclk(s, "mpu_intc_iclk"));
+ qdev_init_nofail(s->ih[0]);
+ busdev = SYS_BUS_DEVICE(s->ih[0]);
+ sysbus_connect_irq(busdev, 0, cpu_irq[ARM_PIC_CPU_IRQ]);
+ sysbus_connect_irq(busdev, 1, cpu_irq[ARM_PIC_CPU_FIQ]);
+ sysbus_mmio_map(busdev, 0, 0x480fe000);
+ s->prcm = omap_prcm_init(omap_l4tao(s->l4, 3),
+ qdev_get_gpio_in(s->ih[0],
+ OMAP_INT_24XX_PRCM_MPU_IRQ),
+ NULL, NULL, s);
+
+ s->sysc = omap_sysctl_init(omap_l4tao(s->l4, 1),
+ omap_findclk(s, "omapctrl_iclk"), s);
+
+ for (i = 0; i < 4; i++) {
+ dma_irqs[i] = qdev_get_gpio_in(s->ih[omap2_dma_irq_map[i].ih],
+ omap2_dma_irq_map[i].intr);
+ }
+ s->dma = omap_dma4_init(0x48056000, dma_irqs, sysmem, s, 256, 32,
+ omap_findclk(s, "sdma_iclk"),
+ omap_findclk(s, "sdma_fclk"));
+ s->port->addr_valid = omap2_validate_addr;
+
+ /* Register SDRAM and SRAM ports for fast DMA transfers. */
+ soc_dma_port_add_mem(s->dma, memory_region_get_ram_ptr(&s->sdram),
+ OMAP2_Q2_BASE, s->sdram_size);
+ soc_dma_port_add_mem(s->dma, memory_region_get_ram_ptr(&s->sram),
+ OMAP2_SRAM_BASE, s->sram_size);
+
+ s->uart[0] = omap2_uart_init(sysmem, omap_l4ta(s->l4, 19),
+ qdev_get_gpio_in(s->ih[0],
+ OMAP_INT_24XX_UART1_IRQ),
+ omap_findclk(s, "uart1_fclk"),
+ omap_findclk(s, "uart1_iclk"),
+ s->drq[OMAP24XX_DMA_UART1_TX],
+ s->drq[OMAP24XX_DMA_UART1_RX],
+ "uart1",
+ serial_hds[0]);
+ s->uart[1] = omap2_uart_init(sysmem, omap_l4ta(s->l4, 20),
+ qdev_get_gpio_in(s->ih[0],
+ OMAP_INT_24XX_UART2_IRQ),
+ omap_findclk(s, "uart2_fclk"),
+ omap_findclk(s, "uart2_iclk"),
+ s->drq[OMAP24XX_DMA_UART2_TX],
+ s->drq[OMAP24XX_DMA_UART2_RX],
+ "uart2",
+ serial_hds[0] ? serial_hds[1] : NULL);
+ s->uart[2] = omap2_uart_init(sysmem, omap_l4ta(s->l4, 21),
+ qdev_get_gpio_in(s->ih[0],
+ OMAP_INT_24XX_UART3_IRQ),
+ omap_findclk(s, "uart3_fclk"),
+ omap_findclk(s, "uart3_iclk"),
+ s->drq[OMAP24XX_DMA_UART3_TX],
+ s->drq[OMAP24XX_DMA_UART3_RX],
+ "uart3",
+ serial_hds[0] && serial_hds[1] ? serial_hds[2] : NULL);
+
+ s->gptimer[0] = omap_gp_timer_init(omap_l4ta(s->l4, 7),
+ qdev_get_gpio_in(s->ih[0], OMAP_INT_24XX_GPTIMER1),
+ omap_findclk(s, "wu_gpt1_clk"),
+ omap_findclk(s, "wu_l4_iclk"));
+ s->gptimer[1] = omap_gp_timer_init(omap_l4ta(s->l4, 8),
+ qdev_get_gpio_in(s->ih[0], OMAP_INT_24XX_GPTIMER2),
+ omap_findclk(s, "core_gpt2_clk"),
+ omap_findclk(s, "core_l4_iclk"));
+ s->gptimer[2] = omap_gp_timer_init(omap_l4ta(s->l4, 22),
+ qdev_get_gpio_in(s->ih[0], OMAP_INT_24XX_GPTIMER3),
+ omap_findclk(s, "core_gpt3_clk"),
+ omap_findclk(s, "core_l4_iclk"));
+ s->gptimer[3] = omap_gp_timer_init(omap_l4ta(s->l4, 23),
+ qdev_get_gpio_in(s->ih[0], OMAP_INT_24XX_GPTIMER4),
+ omap_findclk(s, "core_gpt4_clk"),
+ omap_findclk(s, "core_l4_iclk"));
+ s->gptimer[4] = omap_gp_timer_init(omap_l4ta(s->l4, 24),
+ qdev_get_gpio_in(s->ih[0], OMAP_INT_24XX_GPTIMER5),
+ omap_findclk(s, "core_gpt5_clk"),
+ omap_findclk(s, "core_l4_iclk"));
+ s->gptimer[5] = omap_gp_timer_init(omap_l4ta(s->l4, 25),
+ qdev_get_gpio_in(s->ih[0], OMAP_INT_24XX_GPTIMER6),
+ omap_findclk(s, "core_gpt6_clk"),
+ omap_findclk(s, "core_l4_iclk"));
+ s->gptimer[6] = omap_gp_timer_init(omap_l4ta(s->l4, 26),
+ qdev_get_gpio_in(s->ih[0], OMAP_INT_24XX_GPTIMER7),
+ omap_findclk(s, "core_gpt7_clk"),
+ omap_findclk(s, "core_l4_iclk"));
+ s->gptimer[7] = omap_gp_timer_init(omap_l4ta(s->l4, 27),
+ qdev_get_gpio_in(s->ih[0], OMAP_INT_24XX_GPTIMER8),
+ omap_findclk(s, "core_gpt8_clk"),
+ omap_findclk(s, "core_l4_iclk"));
+ s->gptimer[8] = omap_gp_timer_init(omap_l4ta(s->l4, 28),
+ qdev_get_gpio_in(s->ih[0], OMAP_INT_24XX_GPTIMER9),
+ omap_findclk(s, "core_gpt9_clk"),
+ omap_findclk(s, "core_l4_iclk"));
+ s->gptimer[9] = omap_gp_timer_init(omap_l4ta(s->l4, 29),
+ qdev_get_gpio_in(s->ih[0], OMAP_INT_24XX_GPTIMER10),
+ omap_findclk(s, "core_gpt10_clk"),
+ omap_findclk(s, "core_l4_iclk"));
+ s->gptimer[10] = omap_gp_timer_init(omap_l4ta(s->l4, 30),
+ qdev_get_gpio_in(s->ih[0], OMAP_INT_24XX_GPTIMER11),
+ omap_findclk(s, "core_gpt11_clk"),
+ omap_findclk(s, "core_l4_iclk"));
+ s->gptimer[11] = omap_gp_timer_init(omap_l4ta(s->l4, 31),
+ qdev_get_gpio_in(s->ih[0], OMAP_INT_24XX_GPTIMER12),
+ omap_findclk(s, "core_gpt12_clk"),
+ omap_findclk(s, "core_l4_iclk"));
+
+ omap_tap_init(omap_l4ta(s->l4, 2), s);
+
+ s->synctimer = omap_synctimer_init(omap_l4tao(s->l4, 2), s,
+ omap_findclk(s, "clk32-kHz"),
+ omap_findclk(s, "core_l4_iclk"));
+
+ s->i2c[0] = qdev_create(NULL, "omap_i2c");
+ qdev_prop_set_uint8(s->i2c[0], "revision", 0x34);
+ qdev_prop_set_ptr(s->i2c[0], "iclk", omap_findclk(s, "i2c1.iclk"));
+ qdev_prop_set_ptr(s->i2c[0], "fclk", omap_findclk(s, "i2c1.fclk"));
+ qdev_init_nofail(s->i2c[0]);
+ busdev = SYS_BUS_DEVICE(s->i2c[0]);
+ sysbus_connect_irq(busdev, 0,
+ qdev_get_gpio_in(s->ih[0], OMAP_INT_24XX_I2C1_IRQ));
+ sysbus_connect_irq(busdev, 1, s->drq[OMAP24XX_DMA_I2C1_TX]);
+ sysbus_connect_irq(busdev, 2, s->drq[OMAP24XX_DMA_I2C1_RX]);
+ sysbus_mmio_map(busdev, 0, omap_l4_region_base(omap_l4tao(s->l4, 5), 0));
+
+ s->i2c[1] = qdev_create(NULL, "omap_i2c");
+ qdev_prop_set_uint8(s->i2c[1], "revision", 0x34);
+ qdev_prop_set_ptr(s->i2c[1], "iclk", omap_findclk(s, "i2c2.iclk"));
+ qdev_prop_set_ptr(s->i2c[1], "fclk", omap_findclk(s, "i2c2.fclk"));
+ qdev_init_nofail(s->i2c[1]);
+ busdev = SYS_BUS_DEVICE(s->i2c[1]);
+ sysbus_connect_irq(busdev, 0,
+ qdev_get_gpio_in(s->ih[0], OMAP_INT_24XX_I2C2_IRQ));
+ sysbus_connect_irq(busdev, 1, s->drq[OMAP24XX_DMA_I2C2_TX]);
+ sysbus_connect_irq(busdev, 2, s->drq[OMAP24XX_DMA_I2C2_RX]);
+ sysbus_mmio_map(busdev, 0, omap_l4_region_base(omap_l4tao(s->l4, 6), 0));
+
+ s->gpio = qdev_create(NULL, "omap2-gpio");
+ qdev_prop_set_int32(s->gpio, "mpu_model", s->mpu_model);
+ qdev_prop_set_ptr(s->gpio, "iclk", omap_findclk(s, "gpio_iclk"));
+ qdev_prop_set_ptr(s->gpio, "fclk0", omap_findclk(s, "gpio1_dbclk"));
+ qdev_prop_set_ptr(s->gpio, "fclk1", omap_findclk(s, "gpio2_dbclk"));
+ qdev_prop_set_ptr(s->gpio, "fclk2", omap_findclk(s, "gpio3_dbclk"));
+ qdev_prop_set_ptr(s->gpio, "fclk3", omap_findclk(s, "gpio4_dbclk"));
+ if (s->mpu_model == omap2430) {
+ qdev_prop_set_ptr(s->gpio, "fclk4", omap_findclk(s, "gpio5_dbclk"));
+ }
+ qdev_init_nofail(s->gpio);
+ busdev = SYS_BUS_DEVICE(s->gpio);
+ sysbus_connect_irq(busdev, 0,
+ qdev_get_gpio_in(s->ih[0], OMAP_INT_24XX_GPIO_BANK1));
+ sysbus_connect_irq(busdev, 3,
+ qdev_get_gpio_in(s->ih[0], OMAP_INT_24XX_GPIO_BANK2));
+ sysbus_connect_irq(busdev, 6,
+ qdev_get_gpio_in(s->ih[0], OMAP_INT_24XX_GPIO_BANK3));
+ sysbus_connect_irq(busdev, 9,
+ qdev_get_gpio_in(s->ih[0], OMAP_INT_24XX_GPIO_BANK4));
+ if (s->mpu_model == omap2430) {
+ sysbus_connect_irq(busdev, 12,
+ qdev_get_gpio_in(s->ih[0],
+ OMAP_INT_243X_GPIO_BANK5));
+ }
+ ta = omap_l4ta(s->l4, 3);
+ sysbus_mmio_map(busdev, 0, omap_l4_region_base(ta, 1));
+ sysbus_mmio_map(busdev, 1, omap_l4_region_base(ta, 0));
+ sysbus_mmio_map(busdev, 2, omap_l4_region_base(ta, 2));
+ sysbus_mmio_map(busdev, 3, omap_l4_region_base(ta, 4));
+ sysbus_mmio_map(busdev, 4, omap_l4_region_base(ta, 5));
+
+ s->sdrc = omap_sdrc_init(sysmem, 0x68009000);
+ s->gpmc = omap_gpmc_init(s, 0x6800a000,
+ qdev_get_gpio_in(s->ih[0], OMAP_INT_24XX_GPMC_IRQ),
+ s->drq[OMAP24XX_DMA_GPMC]);
+
+ dinfo = drive_get(IF_SD, 0, 0);
+ if (!dinfo) {
+ fprintf(stderr, "qemu: missing SecureDigital device\n");
+ exit(1);
+ }
+ s->mmc = omap2_mmc_init(omap_l4tao(s->l4, 9), dinfo->bdrv,
+ qdev_get_gpio_in(s->ih[0], OMAP_INT_24XX_MMC_IRQ),
+ &s->drq[OMAP24XX_DMA_MMC1_TX],
+ omap_findclk(s, "mmc_fclk"), omap_findclk(s, "mmc_iclk"));
+
+ s->mcspi[0] = omap_mcspi_init(omap_l4ta(s->l4, 35), 4,
+ qdev_get_gpio_in(s->ih[0], OMAP_INT_24XX_MCSPI1_IRQ),
+ &s->drq[OMAP24XX_DMA_SPI1_TX0],
+ omap_findclk(s, "spi1_fclk"),
+ omap_findclk(s, "spi1_iclk"));
+ s->mcspi[1] = omap_mcspi_init(omap_l4ta(s->l4, 36), 2,
+ qdev_get_gpio_in(s->ih[0], OMAP_INT_24XX_MCSPI2_IRQ),
+ &s->drq[OMAP24XX_DMA_SPI2_TX0],
+ omap_findclk(s, "spi2_fclk"),
+ omap_findclk(s, "spi2_iclk"));
+
+ s->dss = omap_dss_init(omap_l4ta(s->l4, 10), sysmem, 0x68000800,
+ /* XXX wire M_IRQ_25, D_L2_IRQ_30 and I_IRQ_13 together */
+ qdev_get_gpio_in(s->ih[0], OMAP_INT_24XX_DSS_IRQ),
+ s->drq[OMAP24XX_DMA_DSS],
+ omap_findclk(s, "dss_clk1"), omap_findclk(s, "dss_clk2"),
+ omap_findclk(s, "dss_54m_clk"),
+ omap_findclk(s, "dss_l3_iclk"),
+ omap_findclk(s, "dss_l4_iclk"));
+
+ omap_sti_init(omap_l4ta(s->l4, 18), sysmem, 0x54000000,
+ qdev_get_gpio_in(s->ih[0], OMAP_INT_24XX_STI),
+ omap_findclk(s, "emul_ck"),
+ serial_hds[0] && serial_hds[1] && serial_hds[2] ?
+ serial_hds[3] : NULL);
+
+ s->eac = omap_eac_init(omap_l4ta(s->l4, 32),
+ qdev_get_gpio_in(s->ih[0], OMAP_INT_24XX_EAC_IRQ),
+ /* Ten consecutive lines */
+ &s->drq[OMAP24XX_DMA_EAC_AC_RD],
+ omap_findclk(s, "func_96m_clk"),
+ omap_findclk(s, "core_l4_iclk"));
+
+ /* All register mappings (includin those not currenlty implemented):
+ * SystemControlMod 48000000 - 48000fff
+ * SystemControlL4 48001000 - 48001fff
+ * 32kHz Timer Mod 48004000 - 48004fff
+ * 32kHz Timer L4 48005000 - 48005fff
+ * PRCM ModA 48008000 - 480087ff
+ * PRCM ModB 48008800 - 48008fff
+ * PRCM L4 48009000 - 48009fff
+ * TEST-BCM Mod 48012000 - 48012fff
+ * TEST-BCM L4 48013000 - 48013fff
+ * TEST-TAP Mod 48014000 - 48014fff
+ * TEST-TAP L4 48015000 - 48015fff
+ * GPIO1 Mod 48018000 - 48018fff
+ * GPIO Top 48019000 - 48019fff
+ * GPIO2 Mod 4801a000 - 4801afff
+ * GPIO L4 4801b000 - 4801bfff
+ * GPIO3 Mod 4801c000 - 4801cfff
+ * GPIO4 Mod 4801e000 - 4801efff
+ * WDTIMER1 Mod 48020000 - 48010fff
+ * WDTIMER Top 48021000 - 48011fff
+ * WDTIMER2 Mod 48022000 - 48012fff
+ * WDTIMER L4 48023000 - 48013fff
+ * WDTIMER3 Mod 48024000 - 48014fff
+ * WDTIMER3 L4 48025000 - 48015fff
+ * WDTIMER4 Mod 48026000 - 48016fff
+ * WDTIMER4 L4 48027000 - 48017fff
+ * GPTIMER1 Mod 48028000 - 48018fff
+ * GPTIMER1 L4 48029000 - 48019fff
+ * GPTIMER2 Mod 4802a000 - 4801afff
+ * GPTIMER2 L4 4802b000 - 4801bfff
+ * L4-Config AP 48040000 - 480407ff
+ * L4-Config IP 48040800 - 48040fff
+ * L4-Config LA 48041000 - 48041fff
+ * ARM11ETB Mod 48048000 - 48049fff
+ * ARM11ETB L4 4804a000 - 4804afff
+ * DISPLAY Top 48050000 - 480503ff
+ * DISPLAY DISPC 48050400 - 480507ff
+ * DISPLAY RFBI 48050800 - 48050bff
+ * DISPLAY VENC 48050c00 - 48050fff
+ * DISPLAY L4 48051000 - 48051fff
+ * CAMERA Top 48052000 - 480523ff
+ * CAMERA core 48052400 - 480527ff
+ * CAMERA DMA 48052800 - 48052bff
+ * CAMERA MMU 48052c00 - 48052fff
+ * CAMERA L4 48053000 - 48053fff
+ * SDMA Mod 48056000 - 48056fff
+ * SDMA L4 48057000 - 48057fff
+ * SSI Top 48058000 - 48058fff
+ * SSI GDD 48059000 - 48059fff
+ * SSI Port1 4805a000 - 4805afff
+ * SSI Port2 4805b000 - 4805bfff
+ * SSI L4 4805c000 - 4805cfff
+ * USB Mod 4805e000 - 480fefff
+ * USB L4 4805f000 - 480fffff
+ * WIN_TRACER1 Mod 48060000 - 48060fff
+ * WIN_TRACER1 L4 48061000 - 48061fff
+ * WIN_TRACER2 Mod 48062000 - 48062fff
+ * WIN_TRACER2 L4 48063000 - 48063fff
+ * WIN_TRACER3 Mod 48064000 - 48064fff
+ * WIN_TRACER3 L4 48065000 - 48065fff
+ * WIN_TRACER4 Top 48066000 - 480660ff
+ * WIN_TRACER4 ETT 48066100 - 480661ff
+ * WIN_TRACER4 WT 48066200 - 480662ff
+ * WIN_TRACER4 L4 48067000 - 48067fff
+ * XTI Mod 48068000 - 48068fff
+ * XTI L4 48069000 - 48069fff
+ * UART1 Mod 4806a000 - 4806afff
+ * UART1 L4 4806b000 - 4806bfff
+ * UART2 Mod 4806c000 - 4806cfff
+ * UART2 L4 4806d000 - 4806dfff
+ * UART3 Mod 4806e000 - 4806efff
+ * UART3 L4 4806f000 - 4806ffff
+ * I2C1 Mod 48070000 - 48070fff
+ * I2C1 L4 48071000 - 48071fff
+ * I2C2 Mod 48072000 - 48072fff
+ * I2C2 L4 48073000 - 48073fff
+ * McBSP1 Mod 48074000 - 48074fff
+ * McBSP1 L4 48075000 - 48075fff
+ * McBSP2 Mod 48076000 - 48076fff
+ * McBSP2 L4 48077000 - 48077fff
+ * GPTIMER3 Mod 48078000 - 48078fff
+ * GPTIMER3 L4 48079000 - 48079fff
+ * GPTIMER4 Mod 4807a000 - 4807afff
+ * GPTIMER4 L4 4807b000 - 4807bfff
+ * GPTIMER5 Mod 4807c000 - 4807cfff
+ * GPTIMER5 L4 4807d000 - 4807dfff
+ * GPTIMER6 Mod 4807e000 - 4807efff
+ * GPTIMER6 L4 4807f000 - 4807ffff
+ * GPTIMER7 Mod 48080000 - 48080fff
+ * GPTIMER7 L4 48081000 - 48081fff
+ * GPTIMER8 Mod 48082000 - 48082fff
+ * GPTIMER8 L4 48083000 - 48083fff
+ * GPTIMER9 Mod 48084000 - 48084fff
+ * GPTIMER9 L4 48085000 - 48085fff
+ * GPTIMER10 Mod 48086000 - 48086fff
+ * GPTIMER10 L4 48087000 - 48087fff
+ * GPTIMER11 Mod 48088000 - 48088fff
+ * GPTIMER11 L4 48089000 - 48089fff
+ * GPTIMER12 Mod 4808a000 - 4808afff
+ * GPTIMER12 L4 4808b000 - 4808bfff
+ * EAC Mod 48090000 - 48090fff
+ * EAC L4 48091000 - 48091fff
+ * FAC Mod 48092000 - 48092fff
+ * FAC L4 48093000 - 48093fff
+ * MAILBOX Mod 48094000 - 48094fff
+ * MAILBOX L4 48095000 - 48095fff
+ * SPI1 Mod 48098000 - 48098fff
+ * SPI1 L4 48099000 - 48099fff
+ * SPI2 Mod 4809a000 - 4809afff
+ * SPI2 L4 4809b000 - 4809bfff
+ * MMC/SDIO Mod 4809c000 - 4809cfff
+ * MMC/SDIO L4 4809d000 - 4809dfff
+ * MS_PRO Mod 4809e000 - 4809efff
+ * MS_PRO L4 4809f000 - 4809ffff
+ * RNG Mod 480a0000 - 480a0fff
+ * RNG L4 480a1000 - 480a1fff
+ * DES3DES Mod 480a2000 - 480a2fff
+ * DES3DES L4 480a3000 - 480a3fff
+ * SHA1MD5 Mod 480a4000 - 480a4fff
+ * SHA1MD5 L4 480a5000 - 480a5fff
+ * AES Mod 480a6000 - 480a6fff
+ * AES L4 480a7000 - 480a7fff
+ * PKA Mod 480a8000 - 480a9fff
+ * PKA L4 480aa000 - 480aafff
+ * MG Mod 480b0000 - 480b0fff
+ * MG L4 480b1000 - 480b1fff
+ * HDQ/1-wire Mod 480b2000 - 480b2fff
+ * HDQ/1-wire L4 480b3000 - 480b3fff
+ * MPU interrupt 480fe000 - 480fefff
+ * STI channel base 54000000 - 5400ffff
+ * IVA RAM 5c000000 - 5c01ffff
+ * IVA ROM 5c020000 - 5c027fff
+ * IMG_BUF_A 5c040000 - 5c040fff
+ * IMG_BUF_B 5c042000 - 5c042fff
+ * VLCDS 5c048000 - 5c0487ff
+ * IMX_COEF 5c049000 - 5c04afff
+ * IMX_CMD 5c051000 - 5c051fff
+ * VLCDQ 5c053000 - 5c0533ff
+ * VLCDH 5c054000 - 5c054fff
+ * SEQ_CMD 5c055000 - 5c055fff
+ * IMX_REG 5c056000 - 5c0560ff
+ * VLCD_REG 5c056100 - 5c0561ff
+ * SEQ_REG 5c056200 - 5c0562ff
+ * IMG_BUF_REG 5c056300 - 5c0563ff
+ * SEQIRQ_REG 5c056400 - 5c0564ff
+ * OCP_REG 5c060000 - 5c060fff
+ * SYSC_REG 5c070000 - 5c070fff
+ * MMU_REG 5d000000 - 5d000fff
+ * sDMA R 68000400 - 680005ff
+ * sDMA W 68000600 - 680007ff
+ * Display Control 68000800 - 680009ff
+ * DSP subsystem 68000a00 - 68000bff
+ * MPU subsystem 68000c00 - 68000dff
+ * IVA subsystem 68001000 - 680011ff
+ * USB 68001200 - 680013ff
+ * Camera 68001400 - 680015ff
+ * VLYNQ (firewall) 68001800 - 68001bff
+ * VLYNQ 68001e00 - 68001fff
+ * SSI 68002000 - 680021ff
+ * L4 68002400 - 680025ff
+ * DSP (firewall) 68002800 - 68002bff
+ * DSP subsystem 68002e00 - 68002fff
+ * IVA (firewall) 68003000 - 680033ff
+ * IVA 68003600 - 680037ff
+ * GFX 68003a00 - 68003bff
+ * CMDWR emulation 68003c00 - 68003dff
+ * SMS 68004000 - 680041ff
+ * OCM 68004200 - 680043ff
+ * GPMC 68004400 - 680045ff
+ * RAM (firewall) 68005000 - 680053ff
+ * RAM (err login) 68005400 - 680057ff
+ * ROM (firewall) 68005800 - 68005bff
+ * ROM (err login) 68005c00 - 68005fff
+ * GPMC (firewall) 68006000 - 680063ff
+ * GPMC (err login) 68006400 - 680067ff
+ * SMS (err login) 68006c00 - 68006fff
+ * SMS registers 68008000 - 68008fff
+ * SDRC registers 68009000 - 68009fff
+ * GPMC registers 6800a000 6800afff
+ */
+
+ qemu_register_reset(omap2_mpu_reset, s);
+
+ return s;
+}
diff --git a/hw/arm/omap_sx1.c b/hw/arm/omap_sx1.c
new file mode 100644
index 000000000..05b035308
--- /dev/null
+++ b/hw/arm/omap_sx1.c
@@ -0,0 +1,238 @@
+/* omap_sx1.c Support for the Siemens SX1 smartphone emulation.
+ *
+ * Copyright (C) 2008
+ * Jean-Christophe PLAGNIOL-VILLARD <plagnioj@jcrosoft.com>
+ * Copyright (C) 2007 Vladimir Ananiev <vovan888@gmail.com>
+ *
+ * based on PalmOne's (TM) PDAs support (palm.c)
+ */
+
+/*
+ * PalmOne's (TM) PDAs.
+ *
+ * Copyright (C) 2006-2007 Andrzej Zaborowski <balrog@zabor.org>
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License as
+ * published by the Free Software Foundation; either version 2 of
+ * the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+#include "hw/hw.h"
+#include "ui/console.h"
+#include "hw/arm/omap.h"
+#include "hw/boards.h"
+#include "hw/arm/arm.h"
+#include "hw/block/flash.h"
+#include "sysemu/blockdev.h"
+#include "exec/address-spaces.h"
+
+/*****************************************************************************/
+/* Siemens SX1 Cellphone V1 */
+/* - ARM OMAP310 processor
+ * - SRAM 192 kB
+ * - SDRAM 32 MB at 0x10000000
+ * - Boot flash 16 MB at 0x00000000
+ * - Application flash 8 MB at 0x04000000
+ * - 3 serial ports
+ * - 1 SecureDigital
+ * - 1 LCD display
+ * - 1 RTC
+ */
+
+/*****************************************************************************/
+/* Siemens SX1 Cellphone V2 */
+/* - ARM OMAP310 processor
+ * - SRAM 192 kB
+ * - SDRAM 32 MB at 0x10000000
+ * - Boot flash 32 MB at 0x00000000
+ * - 3 serial ports
+ * - 1 SecureDigital
+ * - 1 LCD display
+ * - 1 RTC
+ */
+
+static uint64_t static_read(void *opaque, hwaddr offset,
+ unsigned size)
+{
+ uint32_t *val = (uint32_t *) opaque;
+ uint32_t mask = (4 / size) - 1;
+
+ return *val >> ((offset & mask) << 3);
+}
+
+static void static_write(void *opaque, hwaddr offset,
+ uint64_t value, unsigned size)
+{
+#ifdef SPY
+ printf("%s: value %" PRIx64 " %u bytes written at 0x%x\n",
+ __func__, value, size, (int)offset);
+#endif
+}
+
+static const MemoryRegionOps static_ops = {
+ .read = static_read,
+ .write = static_write,
+ .endianness = DEVICE_NATIVE_ENDIAN,
+};
+
+#define sdram_size 0x02000000
+#define sector_size (128 * 1024)
+#define flash0_size (16 * 1024 * 1024)
+#define flash1_size ( 8 * 1024 * 1024)
+#define flash2_size (32 * 1024 * 1024)
+#define total_ram_v1 (sdram_size + flash0_size + flash1_size + OMAP15XX_SRAM_SIZE)
+#define total_ram_v2 (sdram_size + flash2_size + OMAP15XX_SRAM_SIZE)
+
+static struct arm_boot_info sx1_binfo = {
+ .loader_start = OMAP_EMIFF_BASE,
+ .ram_size = sdram_size,
+ .board_id = 0x265,
+};
+
+static void sx1_init(QEMUMachineInitArgs *args, const int version)
+{
+ struct omap_mpu_state_s *mpu;
+ MemoryRegion *address_space = get_system_memory();
+ MemoryRegion *flash = g_new(MemoryRegion, 1);
+ MemoryRegion *flash_1 = g_new(MemoryRegion, 1);
+ MemoryRegion *cs = g_new(MemoryRegion, 4);
+ static uint32_t cs0val = 0x00213090;
+ static uint32_t cs1val = 0x00215070;
+ static uint32_t cs2val = 0x00001139;
+ static uint32_t cs3val = 0x00001139;
+ DriveInfo *dinfo;
+ int fl_idx;
+ uint32_t flash_size = flash0_size;
+ int be;
+
+ if (version == 2) {
+ flash_size = flash2_size;
+ }
+
+ mpu = omap310_mpu_init(address_space, sx1_binfo.ram_size, args->cpu_model);
+
+ /* External Flash (EMIFS) */
+ memory_region_init_ram(flash, NULL, "omap_sx1.flash0-0", flash_size);
+ vmstate_register_ram_global(flash);
+ memory_region_set_readonly(flash, true);
+ memory_region_add_subregion(address_space, OMAP_CS0_BASE, flash);
+
+ memory_region_init_io(&cs[0], NULL, &static_ops, &cs0val,
+ "sx1.cs0", OMAP_CS0_SIZE - flash_size);
+ memory_region_add_subregion(address_space,
+ OMAP_CS0_BASE + flash_size, &cs[0]);
+
+
+ memory_region_init_io(&cs[2], NULL, &static_ops, &cs2val,
+ "sx1.cs2", OMAP_CS2_SIZE);
+ memory_region_add_subregion(address_space,
+ OMAP_CS2_BASE, &cs[2]);
+
+ memory_region_init_io(&cs[3], NULL, &static_ops, &cs3val,
+ "sx1.cs3", OMAP_CS3_SIZE);
+ memory_region_add_subregion(address_space,
+ OMAP_CS2_BASE, &cs[3]);
+
+ fl_idx = 0;
+#ifdef TARGET_WORDS_BIGENDIAN
+ be = 1;
+#else
+ be = 0;
+#endif
+
+ if ((dinfo = drive_get(IF_PFLASH, 0, fl_idx)) != NULL) {
+ if (!pflash_cfi01_register(OMAP_CS0_BASE, NULL,
+ "omap_sx1.flash0-1", flash_size,
+ dinfo->bdrv, sector_size,
+ flash_size / sector_size,
+ 4, 0, 0, 0, 0, be)) {
+ fprintf(stderr, "qemu: Error registering flash memory %d.\n",
+ fl_idx);
+ }
+ fl_idx++;
+ }
+
+ if ((version == 1) &&
+ (dinfo = drive_get(IF_PFLASH, 0, fl_idx)) != NULL) {
+ memory_region_init_ram(flash_1, NULL, "omap_sx1.flash1-0", flash1_size);
+ vmstate_register_ram_global(flash_1);
+ memory_region_set_readonly(flash_1, true);
+ memory_region_add_subregion(address_space, OMAP_CS1_BASE, flash_1);
+
+ memory_region_init_io(&cs[1], NULL, &static_ops, &cs1val,
+ "sx1.cs1", OMAP_CS1_SIZE - flash1_size);
+ memory_region_add_subregion(address_space,
+ OMAP_CS1_BASE + flash1_size, &cs[1]);
+
+ if (!pflash_cfi01_register(OMAP_CS1_BASE, NULL,
+ "omap_sx1.flash1-1", flash1_size,
+ dinfo->bdrv, sector_size,
+ flash1_size / sector_size,
+ 4, 0, 0, 0, 0, be)) {
+ fprintf(stderr, "qemu: Error registering flash memory %d.\n",
+ fl_idx);
+ }
+ fl_idx++;
+ } else {
+ memory_region_init_io(&cs[1], NULL, &static_ops, &cs1val,
+ "sx1.cs1", OMAP_CS1_SIZE);
+ memory_region_add_subregion(address_space,
+ OMAP_CS1_BASE, &cs[1]);
+ }
+
+ if (!args->kernel_filename && !fl_idx) {
+ fprintf(stderr, "Kernel or Flash image must be specified\n");
+ exit(1);
+ }
+
+ /* Load the kernel. */
+ if (args->kernel_filename) {
+ sx1_binfo.kernel_filename = args->kernel_filename;
+ sx1_binfo.kernel_cmdline = args->kernel_cmdline;
+ sx1_binfo.initrd_filename = args->initrd_filename;
+ arm_load_kernel(mpu->cpu, &sx1_binfo);
+ }
+
+ /* TODO: fix next line */
+ //~ qemu_console_resize(ds, 640, 480);
+}
+
+static void sx1_init_v1(QEMUMachineInitArgs *args)
+{
+ sx1_init(args, 1);
+}
+
+static void sx1_init_v2(QEMUMachineInitArgs *args)
+{
+ sx1_init(args, 2);
+}
+
+static QEMUMachine sx1_machine_v2 = {
+ .name = "sx1",
+ .desc = "Siemens SX1 (OMAP310) V2",
+ .init = sx1_init_v2,
+ DEFAULT_MACHINE_OPTIONS,
+};
+
+static QEMUMachine sx1_machine_v1 = {
+ .name = "sx1-v1",
+ .desc = "Siemens SX1 (OMAP310) V1",
+ .init = sx1_init_v1,
+ DEFAULT_MACHINE_OPTIONS,
+};
+
+static void sx1_machine_init(void)
+{
+ qemu_register_machine(&sx1_machine_v2);
+ qemu_register_machine(&sx1_machine_v1);
+}
+
+machine_init(sx1_machine_init);
diff --git a/hw/arm/palm.c b/hw/arm/palm.c
new file mode 100644
index 000000000..cdc3c3a0f
--- /dev/null
+++ b/hw/arm/palm.c
@@ -0,0 +1,284 @@
+/*
+ * PalmOne's (TM) PDAs.
+ *
+ * Copyright (C) 2006-2007 Andrzej Zaborowski <balrog@zabor.org>
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License as
+ * published by the Free Software Foundation; either version 2 or
+ * (at your option) version 3 of the License.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+#include "hw/hw.h"
+#include "audio/audio.h"
+#include "sysemu/sysemu.h"
+#include "ui/console.h"
+#include "hw/arm/omap.h"
+#include "hw/boards.h"
+#include "hw/arm/arm.h"
+#include "hw/devices.h"
+#include "hw/loader.h"
+#include "exec/address-spaces.h"
+
+static uint32_t static_readb(void *opaque, hwaddr offset)
+{
+ uint32_t *val = (uint32_t *) opaque;
+ return *val >> ((offset & 3) << 3);
+}
+
+static uint32_t static_readh(void *opaque, hwaddr offset)
+{
+ uint32_t *val = (uint32_t *) opaque;
+ return *val >> ((offset & 1) << 3);
+}
+
+static uint32_t static_readw(void *opaque, hwaddr offset)
+{
+ uint32_t *val = (uint32_t *) opaque;
+ return *val >> ((offset & 0) << 3);
+}
+
+static void static_write(void *opaque, hwaddr offset,
+ uint32_t value)
+{
+#ifdef SPY
+ printf("%s: value %08lx written at " PA_FMT "\n",
+ __FUNCTION__, value, offset);
+#endif
+}
+
+static const MemoryRegionOps static_ops = {
+ .old_mmio = {
+ .read = { static_readb, static_readh, static_readw, },
+ .write = { static_write, static_write, static_write, },
+ },
+ .endianness = DEVICE_NATIVE_ENDIAN,
+};
+
+/* Palm Tunsgten|E support */
+
+/* Shared GPIOs */
+#define PALMTE_USBDETECT_GPIO 0
+#define PALMTE_USB_OR_DC_GPIO 1
+#define PALMTE_TSC_GPIO 4
+#define PALMTE_PINTDAV_GPIO 6
+#define PALMTE_MMC_WP_GPIO 8
+#define PALMTE_MMC_POWER_GPIO 9
+#define PALMTE_HDQ_GPIO 11
+#define PALMTE_HEADPHONES_GPIO 14
+#define PALMTE_SPEAKER_GPIO 15
+/* MPU private GPIOs */
+#define PALMTE_DC_GPIO 2
+#define PALMTE_MMC_SWITCH_GPIO 4
+#define PALMTE_MMC1_GPIO 6
+#define PALMTE_MMC2_GPIO 7
+#define PALMTE_MMC3_GPIO 11
+
+static MouseTransformInfo palmte_pointercal = {
+ .x = 320,
+ .y = 320,
+ .a = { -5909, 8, 22465308, 104, 7644, -1219972, 65536 },
+};
+
+static void palmte_microwire_setup(struct omap_mpu_state_s *cpu)
+{
+ uWireSlave *tsc;
+
+ tsc = tsc2102_init(qdev_get_gpio_in(cpu->gpio, PALMTE_PINTDAV_GPIO));
+
+ omap_uwire_attach(cpu->microwire, tsc, 0);
+ omap_mcbsp_i2s_attach(cpu->mcbsp1, tsc210x_codec(tsc));
+
+ tsc210x_set_transform(tsc, &palmte_pointercal);
+}
+
+static struct {
+ int row;
+ int column;
+} palmte_keymap[0x80] = {
+ [0 ... 0x7f] = { -1, -1 },
+ [0x3b] = { 0, 0 }, /* F1 -> Calendar */
+ [0x3c] = { 1, 0 }, /* F2 -> Contacts */
+ [0x3d] = { 2, 0 }, /* F3 -> Tasks List */
+ [0x3e] = { 3, 0 }, /* F4 -> Note Pad */
+ [0x01] = { 4, 0 }, /* Esc -> Power */
+ [0x4b] = { 0, 1 }, /* Left */
+ [0x50] = { 1, 1 }, /* Down */
+ [0x48] = { 2, 1 }, /* Up */
+ [0x4d] = { 3, 1 }, /* Right */
+ [0x4c] = { 4, 1 }, /* Centre */
+ [0x39] = { 4, 1 }, /* Spc -> Centre */
+};
+
+static void palmte_button_event(void *opaque, int keycode)
+{
+ struct omap_mpu_state_s *cpu = (struct omap_mpu_state_s *) opaque;
+
+ if (palmte_keymap[keycode & 0x7f].row != -1)
+ omap_mpuio_key(cpu->mpuio,
+ palmte_keymap[keycode & 0x7f].row,
+ palmte_keymap[keycode & 0x7f].column,
+ !(keycode & 0x80));
+}
+
+static void palmte_onoff_gpios(void *opaque, int line, int level)
+{
+ switch (line) {
+ case 0:
+ printf("%s: current to MMC/SD card %sabled.\n",
+ __FUNCTION__, level ? "dis" : "en");
+ break;
+ case 1:
+ printf("%s: internal speaker amplifier %s.\n",
+ __FUNCTION__, level ? "down" : "on");
+ break;
+
+ /* These LCD & Audio output signals have not been identified yet. */
+ case 2:
+ case 3:
+ case 4:
+ printf("%s: LCD GPIO%i %s.\n",
+ __FUNCTION__, line - 1, level ? "high" : "low");
+ break;
+ case 5:
+ case 6:
+ printf("%s: Audio GPIO%i %s.\n",
+ __FUNCTION__, line - 4, level ? "high" : "low");
+ break;
+ }
+}
+
+static void palmte_gpio_setup(struct omap_mpu_state_s *cpu)
+{
+ qemu_irq *misc_gpio;
+
+ omap_mmc_handlers(cpu->mmc,
+ qdev_get_gpio_in(cpu->gpio, PALMTE_MMC_WP_GPIO),
+ qemu_irq_invert(omap_mpuio_in_get(cpu->mpuio)
+ [PALMTE_MMC_SWITCH_GPIO]));
+
+ misc_gpio = qemu_allocate_irqs(palmte_onoff_gpios, cpu, 7);
+ qdev_connect_gpio_out(cpu->gpio, PALMTE_MMC_POWER_GPIO, misc_gpio[0]);
+ qdev_connect_gpio_out(cpu->gpio, PALMTE_SPEAKER_GPIO, misc_gpio[1]);
+ qdev_connect_gpio_out(cpu->gpio, 11, misc_gpio[2]);
+ qdev_connect_gpio_out(cpu->gpio, 12, misc_gpio[3]);
+ qdev_connect_gpio_out(cpu->gpio, 13, misc_gpio[4]);
+ omap_mpuio_out_set(cpu->mpuio, 1, misc_gpio[5]);
+ omap_mpuio_out_set(cpu->mpuio, 3, misc_gpio[6]);
+
+ /* Reset some inputs to initial state. */
+ qemu_irq_lower(qdev_get_gpio_in(cpu->gpio, PALMTE_USBDETECT_GPIO));
+ qemu_irq_lower(qdev_get_gpio_in(cpu->gpio, PALMTE_USB_OR_DC_GPIO));
+ qemu_irq_lower(qdev_get_gpio_in(cpu->gpio, 4));
+ qemu_irq_lower(qdev_get_gpio_in(cpu->gpio, PALMTE_HEADPHONES_GPIO));
+ qemu_irq_lower(omap_mpuio_in_get(cpu->mpuio)[PALMTE_DC_GPIO]);
+ qemu_irq_raise(omap_mpuio_in_get(cpu->mpuio)[6]);
+ qemu_irq_raise(omap_mpuio_in_get(cpu->mpuio)[7]);
+ qemu_irq_raise(omap_mpuio_in_get(cpu->mpuio)[11]);
+}
+
+static struct arm_boot_info palmte_binfo = {
+ .loader_start = OMAP_EMIFF_BASE,
+ .ram_size = 0x02000000,
+ .board_id = 0x331,
+};
+
+static void palmte_init(QEMUMachineInitArgs *args)
+{
+ const char *cpu_model = args->cpu_model;
+ const char *kernel_filename = args->kernel_filename;
+ const char *kernel_cmdline = args->kernel_cmdline;
+ const char *initrd_filename = args->initrd_filename;
+ MemoryRegion *address_space_mem = get_system_memory();
+ struct omap_mpu_state_s *mpu;
+ int flash_size = 0x00800000;
+ int sdram_size = palmte_binfo.ram_size;
+ static uint32_t cs0val = 0xffffffff;
+ static uint32_t cs1val = 0x0000e1a0;
+ static uint32_t cs2val = 0x0000e1a0;
+ static uint32_t cs3val = 0xe1a0e1a0;
+ int rom_size, rom_loaded = 0;
+ MemoryRegion *flash = g_new(MemoryRegion, 1);
+ MemoryRegion *cs = g_new(MemoryRegion, 4);
+
+ mpu = omap310_mpu_init(address_space_mem, sdram_size, cpu_model);
+
+ /* External Flash (EMIFS) */
+ memory_region_init_ram(flash, NULL, "palmte.flash", flash_size);
+ vmstate_register_ram_global(flash);
+ memory_region_set_readonly(flash, true);
+ memory_region_add_subregion(address_space_mem, OMAP_CS0_BASE, flash);
+
+ memory_region_init_io(&cs[0], NULL, &static_ops, &cs0val, "palmte-cs0",
+ OMAP_CS0_SIZE - flash_size);
+ memory_region_add_subregion(address_space_mem, OMAP_CS0_BASE + flash_size,
+ &cs[0]);
+ memory_region_init_io(&cs[1], NULL, &static_ops, &cs1val, "palmte-cs1",
+ OMAP_CS1_SIZE);
+ memory_region_add_subregion(address_space_mem, OMAP_CS1_BASE, &cs[1]);
+ memory_region_init_io(&cs[2], NULL, &static_ops, &cs2val, "palmte-cs2",
+ OMAP_CS2_SIZE);
+ memory_region_add_subregion(address_space_mem, OMAP_CS2_BASE, &cs[2]);
+ memory_region_init_io(&cs[3], NULL, &static_ops, &cs3val, "palmte-cs3",
+ OMAP_CS3_SIZE);
+ memory_region_add_subregion(address_space_mem, OMAP_CS3_BASE, &cs[3]);
+
+ palmte_microwire_setup(mpu);
+
+ qemu_add_kbd_event_handler(palmte_button_event, mpu);
+
+ palmte_gpio_setup(mpu);
+
+ /* Setup initial (reset) machine state */
+ if (nb_option_roms) {
+ rom_size = get_image_size(option_rom[0].name);
+ if (rom_size > flash_size) {
+ fprintf(stderr, "%s: ROM image too big (%x > %x)\n",
+ __FUNCTION__, rom_size, flash_size);
+ rom_size = 0;
+ }
+ if (rom_size > 0) {
+ rom_size = load_image_targphys(option_rom[0].name, OMAP_CS0_BASE,
+ flash_size);
+ rom_loaded = 1;
+ }
+ if (rom_size < 0) {
+ fprintf(stderr, "%s: error loading '%s'\n",
+ __FUNCTION__, option_rom[0].name);
+ }
+ }
+
+ if (!rom_loaded && !kernel_filename) {
+ fprintf(stderr, "Kernel or ROM image must be specified\n");
+ exit(1);
+ }
+
+ /* Load the kernel. */
+ if (kernel_filename) {
+ palmte_binfo.kernel_filename = kernel_filename;
+ palmte_binfo.kernel_cmdline = kernel_cmdline;
+ palmte_binfo.initrd_filename = initrd_filename;
+ arm_load_kernel(mpu->cpu, &palmte_binfo);
+ }
+}
+
+static QEMUMachine palmte_machine = {
+ .name = "cheetah",
+ .desc = "Palm Tungsten|E aka. Cheetah PDA (OMAP310)",
+ .init = palmte_init,
+ DEFAULT_MACHINE_OPTIONS,
+};
+
+static void palmte_machine_init(void)
+{
+ qemu_register_machine(&palmte_machine);
+}
+
+machine_init(palmte_machine_init);
diff --git a/hw/arm/pic_cpu.c b/hw/arm/pic_cpu.c
new file mode 100644
index 000000000..875280aa9
--- /dev/null
+++ b/hw/arm/pic_cpu.c
@@ -0,0 +1,68 @@
+/*
+ * Generic ARM Programmable Interrupt Controller support.
+ *
+ * Copyright (c) 2006 CodeSourcery.
+ * Written by Paul Brook
+ *
+ * This code is licensed under the LGPL
+ */
+
+#include "hw/hw.h"
+#include "hw/arm/arm.h"
+#include "sysemu/kvm.h"
+
+/* Input 0 is IRQ and input 1 is FIQ. */
+static void arm_pic_cpu_handler(void *opaque, int irq, int level)
+{
+ ARMCPU *cpu = opaque;
+ CPUState *cs = CPU(cpu);
+
+ switch (irq) {
+ case ARM_PIC_CPU_IRQ:
+ if (level) {
+ cpu_interrupt(cs, CPU_INTERRUPT_HARD);
+ } else {
+ cpu_reset_interrupt(cs, CPU_INTERRUPT_HARD);
+ }
+ break;
+ case ARM_PIC_CPU_FIQ:
+ if (level) {
+ cpu_interrupt(cs, CPU_INTERRUPT_FIQ);
+ } else {
+ cpu_reset_interrupt(cs, CPU_INTERRUPT_FIQ);
+ }
+ break;
+ default:
+ hw_error("arm_pic_cpu_handler: Bad interrupt line %d\n", irq);
+ }
+}
+
+static void kvm_arm_pic_cpu_handler(void *opaque, int irq, int level)
+{
+#ifdef CONFIG_KVM
+ ARMCPU *cpu = opaque;
+ CPUState *cs = CPU(cpu);
+ int kvm_irq = KVM_ARM_IRQ_TYPE_CPU << KVM_ARM_IRQ_TYPE_SHIFT;
+
+ switch (irq) {
+ case ARM_PIC_CPU_IRQ:
+ kvm_irq |= KVM_ARM_IRQ_CPU_IRQ;
+ break;
+ case ARM_PIC_CPU_FIQ:
+ kvm_irq |= KVM_ARM_IRQ_CPU_FIQ;
+ break;
+ default:
+ hw_error("kvm_arm_pic_cpu_handler: Bad interrupt line %d\n", irq);
+ }
+ kvm_irq |= cs->cpu_index << KVM_ARM_IRQ_VCPU_SHIFT;
+ kvm_set_irq(kvm_state, kvm_irq, level ? 1 : 0);
+#endif
+}
+
+qemu_irq *arm_pic_init_cpu(ARMCPU *cpu)
+{
+ if (kvm_enabled()) {
+ return qemu_allocate_irqs(kvm_arm_pic_cpu_handler, cpu, 2);
+ }
+ return qemu_allocate_irqs(arm_pic_cpu_handler, cpu, 2);
+}
diff --git a/hw/arm/pxa2xx.c b/hw/arm/pxa2xx.c
new file mode 100644
index 000000000..17ddd3fab
--- /dev/null
+++ b/hw/arm/pxa2xx.c
@@ -0,0 +1,2320 @@
+/*
+ * Intel XScale PXA255/270 processor support.
+ *
+ * Copyright (c) 2006 Openedhand Ltd.
+ * Written by Andrzej Zaborowski <balrog@zabor.org>
+ *
+ * This code is licensed under the GPL.
+ */
+
+#include "hw/sysbus.h"
+#include "hw/arm/pxa.h"
+#include "sysemu/sysemu.h"
+#include "hw/char/serial.h"
+#include "hw/i2c/i2c.h"
+#include "hw/ssi.h"
+#include "sysemu/char.h"
+#include "sysemu/blockdev.h"
+
+static struct {
+ hwaddr io_base;
+ int irqn;
+} pxa255_serial[] = {
+ { 0x40100000, PXA2XX_PIC_FFUART },
+ { 0x40200000, PXA2XX_PIC_BTUART },
+ { 0x40700000, PXA2XX_PIC_STUART },
+ { 0x41600000, PXA25X_PIC_HWUART },
+ { 0, 0 }
+}, pxa270_serial[] = {
+ { 0x40100000, PXA2XX_PIC_FFUART },
+ { 0x40200000, PXA2XX_PIC_BTUART },
+ { 0x40700000, PXA2XX_PIC_STUART },
+ { 0, 0 }
+};
+
+typedef struct PXASSPDef {
+ hwaddr io_base;
+ int irqn;
+} PXASSPDef;
+
+#if 0
+static PXASSPDef pxa250_ssp[] = {
+ { 0x41000000, PXA2XX_PIC_SSP },
+ { 0, 0 }
+};
+#endif
+
+static PXASSPDef pxa255_ssp[] = {
+ { 0x41000000, PXA2XX_PIC_SSP },
+ { 0x41400000, PXA25X_PIC_NSSP },
+ { 0, 0 }
+};
+
+#if 0
+static PXASSPDef pxa26x_ssp[] = {
+ { 0x41000000, PXA2XX_PIC_SSP },
+ { 0x41400000, PXA25X_PIC_NSSP },
+ { 0x41500000, PXA26X_PIC_ASSP },
+ { 0, 0 }
+};
+#endif
+
+static PXASSPDef pxa27x_ssp[] = {
+ { 0x41000000, PXA2XX_PIC_SSP },
+ { 0x41700000, PXA27X_PIC_SSP2 },
+ { 0x41900000, PXA2XX_PIC_SSP3 },
+ { 0, 0 }
+};
+
+#define PMCR 0x00 /* Power Manager Control register */
+#define PSSR 0x04 /* Power Manager Sleep Status register */
+#define PSPR 0x08 /* Power Manager Scratch-Pad register */
+#define PWER 0x0c /* Power Manager Wake-Up Enable register */
+#define PRER 0x10 /* Power Manager Rising-Edge Detect Enable register */
+#define PFER 0x14 /* Power Manager Falling-Edge Detect Enable register */
+#define PEDR 0x18 /* Power Manager Edge-Detect Status register */
+#define PCFR 0x1c /* Power Manager General Configuration register */
+#define PGSR0 0x20 /* Power Manager GPIO Sleep-State register 0 */
+#define PGSR1 0x24 /* Power Manager GPIO Sleep-State register 1 */
+#define PGSR2 0x28 /* Power Manager GPIO Sleep-State register 2 */
+#define PGSR3 0x2c /* Power Manager GPIO Sleep-State register 3 */
+#define RCSR 0x30 /* Reset Controller Status register */
+#define PSLR 0x34 /* Power Manager Sleep Configuration register */
+#define PTSR 0x38 /* Power Manager Standby Configuration register */
+#define PVCR 0x40 /* Power Manager Voltage Change Control register */
+#define PUCR 0x4c /* Power Manager USIM Card Control/Status register */
+#define PKWR 0x50 /* Power Manager Keyboard Wake-Up Enable register */
+#define PKSR 0x54 /* Power Manager Keyboard Level-Detect Status */
+#define PCMD0 0x80 /* Power Manager I2C Command register File 0 */
+#define PCMD31 0xfc /* Power Manager I2C Command register File 31 */
+
+static uint64_t pxa2xx_pm_read(void *opaque, hwaddr addr,
+ unsigned size)
+{
+ PXA2xxState *s = (PXA2xxState *) opaque;
+
+ switch (addr) {
+ case PMCR ... PCMD31:
+ if (addr & 3)
+ goto fail;
+
+ return s->pm_regs[addr >> 2];
+ default:
+ fail:
+ printf("%s: Bad register " REG_FMT "\n", __FUNCTION__, addr);
+ break;
+ }
+ return 0;
+}
+
+static void pxa2xx_pm_write(void *opaque, hwaddr addr,
+ uint64_t value, unsigned size)
+{
+ PXA2xxState *s = (PXA2xxState *) opaque;
+
+ switch (addr) {
+ case PMCR:
+ /* Clear the write-one-to-clear bits... */
+ s->pm_regs[addr >> 2] &= ~(value & 0x2a);
+ /* ...and set the plain r/w bits */
+ s->pm_regs[addr >> 2] &= ~0x15;
+ s->pm_regs[addr >> 2] |= value & 0x15;
+ break;
+
+ case PSSR: /* Read-clean registers */
+ case RCSR:
+ case PKSR:
+ s->pm_regs[addr >> 2] &= ~value;
+ break;
+
+ default: /* Read-write registers */
+ if (!(addr & 3)) {
+ s->pm_regs[addr >> 2] = value;
+ break;
+ }
+
+ printf("%s: Bad register " REG_FMT "\n", __FUNCTION__, addr);
+ break;
+ }
+}
+
+static const MemoryRegionOps pxa2xx_pm_ops = {
+ .read = pxa2xx_pm_read,
+ .write = pxa2xx_pm_write,
+ .endianness = DEVICE_NATIVE_ENDIAN,
+};
+
+static const VMStateDescription vmstate_pxa2xx_pm = {
+ .name = "pxa2xx_pm",
+ .version_id = 0,
+ .minimum_version_id = 0,
+ .minimum_version_id_old = 0,
+ .fields = (VMStateField[]) {
+ VMSTATE_UINT32_ARRAY(pm_regs, PXA2xxState, 0x40),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+#define CCCR 0x00 /* Core Clock Configuration register */
+#define CKEN 0x04 /* Clock Enable register */
+#define OSCC 0x08 /* Oscillator Configuration register */
+#define CCSR 0x0c /* Core Clock Status register */
+
+static uint64_t pxa2xx_cm_read(void *opaque, hwaddr addr,
+ unsigned size)
+{
+ PXA2xxState *s = (PXA2xxState *) opaque;
+
+ switch (addr) {
+ case CCCR:
+ case CKEN:
+ case OSCC:
+ return s->cm_regs[addr >> 2];
+
+ case CCSR:
+ return s->cm_regs[CCCR >> 2] | (3 << 28);
+
+ default:
+ printf("%s: Bad register " REG_FMT "\n", __FUNCTION__, addr);
+ break;
+ }
+ return 0;
+}
+
+static void pxa2xx_cm_write(void *opaque, hwaddr addr,
+ uint64_t value, unsigned size)
+{
+ PXA2xxState *s = (PXA2xxState *) opaque;
+
+ switch (addr) {
+ case CCCR:
+ case CKEN:
+ s->cm_regs[addr >> 2] = value;
+ break;
+
+ case OSCC:
+ s->cm_regs[addr >> 2] &= ~0x6c;
+ s->cm_regs[addr >> 2] |= value & 0x6e;
+ if ((value >> 1) & 1) /* OON */
+ s->cm_regs[addr >> 2] |= 1 << 0; /* Oscillator is now stable */
+ break;
+
+ default:
+ printf("%s: Bad register " REG_FMT "\n", __FUNCTION__, addr);
+ break;
+ }
+}
+
+static const MemoryRegionOps pxa2xx_cm_ops = {
+ .read = pxa2xx_cm_read,
+ .write = pxa2xx_cm_write,
+ .endianness = DEVICE_NATIVE_ENDIAN,
+};
+
+static const VMStateDescription vmstate_pxa2xx_cm = {
+ .name = "pxa2xx_cm",
+ .version_id = 0,
+ .minimum_version_id = 0,
+ .minimum_version_id_old = 0,
+ .fields = (VMStateField[]) {
+ VMSTATE_UINT32_ARRAY(cm_regs, PXA2xxState, 4),
+ VMSTATE_UINT32(clkcfg, PXA2xxState),
+ VMSTATE_UINT32(pmnc, PXA2xxState),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+static int pxa2xx_clkcfg_read(CPUARMState *env, const ARMCPRegInfo *ri,
+ uint64_t *value)
+{
+ PXA2xxState *s = (PXA2xxState *)ri->opaque;
+ *value = s->clkcfg;
+ return 0;
+}
+
+static int pxa2xx_clkcfg_write(CPUARMState *env, const ARMCPRegInfo *ri,
+ uint64_t value)
+{
+ PXA2xxState *s = (PXA2xxState *)ri->opaque;
+ s->clkcfg = value & 0xf;
+ if (value & 2) {
+ printf("%s: CPU frequency change attempt\n", __func__);
+ }
+ return 0;
+}
+
+static int pxa2xx_pwrmode_write(CPUARMState *env, const ARMCPRegInfo *ri,
+ uint64_t value)
+{
+ PXA2xxState *s = (PXA2xxState *)ri->opaque;
+ static const char *pwrmode[8] = {
+ "Normal", "Idle", "Deep-idle", "Standby",
+ "Sleep", "reserved (!)", "reserved (!)", "Deep-sleep",
+ };
+
+ if (value & 8) {
+ printf("%s: CPU voltage change attempt\n", __func__);
+ }
+ switch (value & 7) {
+ case 0:
+ /* Do nothing */
+ break;
+
+ case 1:
+ /* Idle */
+ if (!(s->cm_regs[CCCR >> 2] & (1 << 31))) { /* CPDIS */
+ cpu_interrupt(CPU(s->cpu), CPU_INTERRUPT_HALT);
+ break;
+ }
+ /* Fall through. */
+
+ case 2:
+ /* Deep-Idle */
+ cpu_interrupt(CPU(s->cpu), CPU_INTERRUPT_HALT);
+ s->pm_regs[RCSR >> 2] |= 0x8; /* Set GPR */
+ goto message;
+
+ case 3:
+ s->cpu->env.uncached_cpsr =
+ ARM_CPU_MODE_SVC | CPSR_A | CPSR_F | CPSR_I;
+ s->cpu->env.cp15.c1_sys = 0;
+ s->cpu->env.cp15.c1_coproc = 0;
+ s->cpu->env.cp15.c2_base0 = 0;
+ s->cpu->env.cp15.c3 = 0;
+ s->pm_regs[PSSR >> 2] |= 0x8; /* Set STS */
+ s->pm_regs[RCSR >> 2] |= 0x8; /* Set GPR */
+
+ /*
+ * The scratch-pad register is almost universally used
+ * for storing the return address on suspend. For the
+ * lack of a resuming bootloader, perform a jump
+ * directly to that address.
+ */
+ memset(s->cpu->env.regs, 0, 4 * 15);
+ s->cpu->env.regs[15] = s->pm_regs[PSPR >> 2];
+
+#if 0
+ buffer = 0xe59ff000; /* ldr pc, [pc, #0] */
+ cpu_physical_memory_write(0, &buffer, 4);
+ buffer = s->pm_regs[PSPR >> 2];
+ cpu_physical_memory_write(8, &buffer, 4);
+#endif
+
+ /* Suspend */
+ cpu_interrupt(current_cpu, CPU_INTERRUPT_HALT);
+
+ goto message;
+
+ default:
+ message:
+ printf("%s: machine entered %s mode\n", __func__,
+ pwrmode[value & 7]);
+ }
+
+ return 0;
+}
+
+static int pxa2xx_cppmnc_read(CPUARMState *env, const ARMCPRegInfo *ri,
+ uint64_t *value)
+{
+ PXA2xxState *s = (PXA2xxState *)ri->opaque;
+ *value = s->pmnc;
+ return 0;
+}
+
+static int pxa2xx_cppmnc_write(CPUARMState *env, const ARMCPRegInfo *ri,
+ uint64_t value)
+{
+ PXA2xxState *s = (PXA2xxState *)ri->opaque;
+ s->pmnc = value;
+ return 0;
+}
+
+static int pxa2xx_cpccnt_read(CPUARMState *env, const ARMCPRegInfo *ri,
+ uint64_t *value)
+{
+ PXA2xxState *s = (PXA2xxState *)ri->opaque;
+ if (s->pmnc & 1) {
+ *value = qemu_get_clock_ns(vm_clock);
+ } else {
+ *value = 0;
+ }
+ return 0;
+}
+
+static const ARMCPRegInfo pxa_cp_reginfo[] = {
+ /* cp14 crm==1: perf registers */
+ { .name = "CPPMNC", .cp = 14, .crn = 0, .crm = 1, .opc1 = 0, .opc2 = 0,
+ .access = PL1_RW,
+ .readfn = pxa2xx_cppmnc_read, .writefn = pxa2xx_cppmnc_write },
+ { .name = "CPCCNT", .cp = 14, .crn = 1, .crm = 1, .opc1 = 0, .opc2 = 0,
+ .access = PL1_RW,
+ .readfn = pxa2xx_cpccnt_read, .writefn = arm_cp_write_ignore },
+ { .name = "CPINTEN", .cp = 14, .crn = 4, .crm = 1, .opc1 = 0, .opc2 = 0,
+ .access = PL1_RW, .type = ARM_CP_CONST, .resetvalue = 0 },
+ { .name = "CPFLAG", .cp = 14, .crn = 5, .crm = 1, .opc1 = 0, .opc2 = 0,
+ .access = PL1_RW, .type = ARM_CP_CONST, .resetvalue = 0 },
+ { .name = "CPEVTSEL", .cp = 14, .crn = 8, .crm = 1, .opc1 = 0, .opc2 = 0,
+ .access = PL1_RW, .type = ARM_CP_CONST, .resetvalue = 0 },
+ /* cp14 crm==2: performance count registers */
+ { .name = "CPPMN0", .cp = 14, .crn = 0, .crm = 2, .opc1 = 0, .opc2 = 0,
+ .access = PL1_RW, .type = ARM_CP_CONST, .resetvalue = 0 },
+ { .name = "CPPMN1", .cp = 14, .crn = 1, .crm = 2, .opc1 = 0, .opc2 = 0,
+ .access = PL1_RW, .type = ARM_CP_CONST, .resetvalue = 0 },
+ { .name = "CPPMN2", .cp = 14, .crn = 2, .crm = 2, .opc1 = 0, .opc2 = 0,
+ .access = PL1_RW, .type = ARM_CP_CONST, .resetvalue = 0 },
+ { .name = "CPPMN3", .cp = 14, .crn = 2, .crm = 3, .opc1 = 0, .opc2 = 0,
+ .access = PL1_RW, .type = ARM_CP_CONST, .resetvalue = 0 },
+ /* cp14 crn==6: CLKCFG */
+ { .name = "CLKCFG", .cp = 14, .crn = 6, .crm = 0, .opc1 = 0, .opc2 = 0,
+ .access = PL1_RW,
+ .readfn = pxa2xx_clkcfg_read, .writefn = pxa2xx_clkcfg_write },
+ /* cp14 crn==7: PWRMODE */
+ { .name = "PWRMODE", .cp = 14, .crn = 7, .crm = 0, .opc1 = 0, .opc2 = 0,
+ .access = PL1_RW,
+ .readfn = arm_cp_read_zero, .writefn = pxa2xx_pwrmode_write },
+ REGINFO_SENTINEL
+};
+
+static void pxa2xx_setup_cp14(PXA2xxState *s)
+{
+ define_arm_cp_regs_with_opaque(s->cpu, pxa_cp_reginfo, s);
+}
+
+#define MDCNFG 0x00 /* SDRAM Configuration register */
+#define MDREFR 0x04 /* SDRAM Refresh Control register */
+#define MSC0 0x08 /* Static Memory Control register 0 */
+#define MSC1 0x0c /* Static Memory Control register 1 */
+#define MSC2 0x10 /* Static Memory Control register 2 */
+#define MECR 0x14 /* Expansion Memory Bus Config register */
+#define SXCNFG 0x1c /* Synchronous Static Memory Config register */
+#define MCMEM0 0x28 /* PC Card Memory Socket 0 Timing register */
+#define MCMEM1 0x2c /* PC Card Memory Socket 1 Timing register */
+#define MCATT0 0x30 /* PC Card Attribute Socket 0 register */
+#define MCATT1 0x34 /* PC Card Attribute Socket 1 register */
+#define MCIO0 0x38 /* PC Card I/O Socket 0 Timing register */
+#define MCIO1 0x3c /* PC Card I/O Socket 1 Timing register */
+#define MDMRS 0x40 /* SDRAM Mode Register Set Config register */
+#define BOOT_DEF 0x44 /* Boot-time Default Configuration register */
+#define ARB_CNTL 0x48 /* Arbiter Control register */
+#define BSCNTR0 0x4c /* Memory Buffer Strength Control register 0 */
+#define BSCNTR1 0x50 /* Memory Buffer Strength Control register 1 */
+#define LCDBSCNTR 0x54 /* LCD Buffer Strength Control register */
+#define MDMRSLP 0x58 /* Low Power SDRAM Mode Set Config register */
+#define BSCNTR2 0x5c /* Memory Buffer Strength Control register 2 */
+#define BSCNTR3 0x60 /* Memory Buffer Strength Control register 3 */
+#define SA1110 0x64 /* SA-1110 Memory Compatibility register */
+
+static uint64_t pxa2xx_mm_read(void *opaque, hwaddr addr,
+ unsigned size)
+{
+ PXA2xxState *s = (PXA2xxState *) opaque;
+
+ switch (addr) {
+ case MDCNFG ... SA1110:
+ if ((addr & 3) == 0)
+ return s->mm_regs[addr >> 2];
+
+ default:
+ printf("%s: Bad register " REG_FMT "\n", __FUNCTION__, addr);
+ break;
+ }
+ return 0;
+}
+
+static void pxa2xx_mm_write(void *opaque, hwaddr addr,
+ uint64_t value, unsigned size)
+{
+ PXA2xxState *s = (PXA2xxState *) opaque;
+
+ switch (addr) {
+ case MDCNFG ... SA1110:
+ if ((addr & 3) == 0) {
+ s->mm_regs[addr >> 2] = value;
+ break;
+ }
+
+ default:
+ printf("%s: Bad register " REG_FMT "\n", __FUNCTION__, addr);
+ break;
+ }
+}
+
+static const MemoryRegionOps pxa2xx_mm_ops = {
+ .read = pxa2xx_mm_read,
+ .write = pxa2xx_mm_write,
+ .endianness = DEVICE_NATIVE_ENDIAN,
+};
+
+static const VMStateDescription vmstate_pxa2xx_mm = {
+ .name = "pxa2xx_mm",
+ .version_id = 0,
+ .minimum_version_id = 0,
+ .minimum_version_id_old = 0,
+ .fields = (VMStateField[]) {
+ VMSTATE_UINT32_ARRAY(mm_regs, PXA2xxState, 0x1a),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+#define TYPE_PXA2XX_SSP "pxa2xx-ssp"
+#define PXA2XX_SSP(obj) \
+ OBJECT_CHECK(PXA2xxSSPState, (obj), TYPE_PXA2XX_SSP)
+
+/* Synchronous Serial Ports */
+typedef struct {
+ /*< private >*/
+ SysBusDevice parent_obj;
+ /*< public >*/
+
+ MemoryRegion iomem;
+ qemu_irq irq;
+ int enable;
+ SSIBus *bus;
+
+ uint32_t sscr[2];
+ uint32_t sspsp;
+ uint32_t ssto;
+ uint32_t ssitr;
+ uint32_t sssr;
+ uint8_t sstsa;
+ uint8_t ssrsa;
+ uint8_t ssacd;
+
+ uint32_t rx_fifo[16];
+ int rx_level;
+ int rx_start;
+} PXA2xxSSPState;
+
+#define SSCR0 0x00 /* SSP Control register 0 */
+#define SSCR1 0x04 /* SSP Control register 1 */
+#define SSSR 0x08 /* SSP Status register */
+#define SSITR 0x0c /* SSP Interrupt Test register */
+#define SSDR 0x10 /* SSP Data register */
+#define SSTO 0x28 /* SSP Time-Out register */
+#define SSPSP 0x2c /* SSP Programmable Serial Protocol register */
+#define SSTSA 0x30 /* SSP TX Time Slot Active register */
+#define SSRSA 0x34 /* SSP RX Time Slot Active register */
+#define SSTSS 0x38 /* SSP Time Slot Status register */
+#define SSACD 0x3c /* SSP Audio Clock Divider register */
+
+/* Bitfields for above registers */
+#define SSCR0_SPI(x) (((x) & 0x30) == 0x00)
+#define SSCR0_SSP(x) (((x) & 0x30) == 0x10)
+#define SSCR0_UWIRE(x) (((x) & 0x30) == 0x20)
+#define SSCR0_PSP(x) (((x) & 0x30) == 0x30)
+#define SSCR0_SSE (1 << 7)
+#define SSCR0_RIM (1 << 22)
+#define SSCR0_TIM (1 << 23)
+#define SSCR0_MOD (1 << 31)
+#define SSCR0_DSS(x) (((((x) >> 16) & 0x10) | ((x) & 0xf)) + 1)
+#define SSCR1_RIE (1 << 0)
+#define SSCR1_TIE (1 << 1)
+#define SSCR1_LBM (1 << 2)
+#define SSCR1_MWDS (1 << 5)
+#define SSCR1_TFT(x) ((((x) >> 6) & 0xf) + 1)
+#define SSCR1_RFT(x) ((((x) >> 10) & 0xf) + 1)
+#define SSCR1_EFWR (1 << 14)
+#define SSCR1_PINTE (1 << 18)
+#define SSCR1_TINTE (1 << 19)
+#define SSCR1_RSRE (1 << 20)
+#define SSCR1_TSRE (1 << 21)
+#define SSCR1_EBCEI (1 << 29)
+#define SSITR_INT (7 << 5)
+#define SSSR_TNF (1 << 2)
+#define SSSR_RNE (1 << 3)
+#define SSSR_TFS (1 << 5)
+#define SSSR_RFS (1 << 6)
+#define SSSR_ROR (1 << 7)
+#define SSSR_PINT (1 << 18)
+#define SSSR_TINT (1 << 19)
+#define SSSR_EOC (1 << 20)
+#define SSSR_TUR (1 << 21)
+#define SSSR_BCE (1 << 23)
+#define SSSR_RW 0x00bc0080
+
+static void pxa2xx_ssp_int_update(PXA2xxSSPState *s)
+{
+ int level = 0;
+
+ level |= s->ssitr & SSITR_INT;
+ level |= (s->sssr & SSSR_BCE) && (s->sscr[1] & SSCR1_EBCEI);
+ level |= (s->sssr & SSSR_TUR) && !(s->sscr[0] & SSCR0_TIM);
+ level |= (s->sssr & SSSR_EOC) && (s->sssr & (SSSR_TINT | SSSR_PINT));
+ level |= (s->sssr & SSSR_TINT) && (s->sscr[1] & SSCR1_TINTE);
+ level |= (s->sssr & SSSR_PINT) && (s->sscr[1] & SSCR1_PINTE);
+ level |= (s->sssr & SSSR_ROR) && !(s->sscr[0] & SSCR0_RIM);
+ level |= (s->sssr & SSSR_RFS) && (s->sscr[1] & SSCR1_RIE);
+ level |= (s->sssr & SSSR_TFS) && (s->sscr[1] & SSCR1_TIE);
+ qemu_set_irq(s->irq, !!level);
+}
+
+static void pxa2xx_ssp_fifo_update(PXA2xxSSPState *s)
+{
+ s->sssr &= ~(0xf << 12); /* Clear RFL */
+ s->sssr &= ~(0xf << 8); /* Clear TFL */
+ s->sssr &= ~SSSR_TFS;
+ s->sssr &= ~SSSR_TNF;
+ if (s->enable) {
+ s->sssr |= ((s->rx_level - 1) & 0xf) << 12;
+ if (s->rx_level >= SSCR1_RFT(s->sscr[1]))
+ s->sssr |= SSSR_RFS;
+ else
+ s->sssr &= ~SSSR_RFS;
+ if (s->rx_level)
+ s->sssr |= SSSR_RNE;
+ else
+ s->sssr &= ~SSSR_RNE;
+ /* TX FIFO is never filled, so it is always in underrun
+ condition if SSP is enabled */
+ s->sssr |= SSSR_TFS;
+ s->sssr |= SSSR_TNF;
+ }
+
+ pxa2xx_ssp_int_update(s);
+}
+
+static uint64_t pxa2xx_ssp_read(void *opaque, hwaddr addr,
+ unsigned size)
+{
+ PXA2xxSSPState *s = (PXA2xxSSPState *) opaque;
+ uint32_t retval;
+
+ switch (addr) {
+ case SSCR0:
+ return s->sscr[0];
+ case SSCR1:
+ return s->sscr[1];
+ case SSPSP:
+ return s->sspsp;
+ case SSTO:
+ return s->ssto;
+ case SSITR:
+ return s->ssitr;
+ case SSSR:
+ return s->sssr | s->ssitr;
+ case SSDR:
+ if (!s->enable)
+ return 0xffffffff;
+ if (s->rx_level < 1) {
+ printf("%s: SSP Rx Underrun\n", __FUNCTION__);
+ return 0xffffffff;
+ }
+ s->rx_level --;
+ retval = s->rx_fifo[s->rx_start ++];
+ s->rx_start &= 0xf;
+ pxa2xx_ssp_fifo_update(s);
+ return retval;
+ case SSTSA:
+ return s->sstsa;
+ case SSRSA:
+ return s->ssrsa;
+ case SSTSS:
+ return 0;
+ case SSACD:
+ return s->ssacd;
+ default:
+ printf("%s: Bad register " REG_FMT "\n", __FUNCTION__, addr);
+ break;
+ }
+ return 0;
+}
+
+static void pxa2xx_ssp_write(void *opaque, hwaddr addr,
+ uint64_t value64, unsigned size)
+{
+ PXA2xxSSPState *s = (PXA2xxSSPState *) opaque;
+ uint32_t value = value64;
+
+ switch (addr) {
+ case SSCR0:
+ s->sscr[0] = value & 0xc7ffffff;
+ s->enable = value & SSCR0_SSE;
+ if (value & SSCR0_MOD)
+ printf("%s: Attempt to use network mode\n", __FUNCTION__);
+ if (s->enable && SSCR0_DSS(value) < 4)
+ printf("%s: Wrong data size: %i bits\n", __FUNCTION__,
+ SSCR0_DSS(value));
+ if (!(value & SSCR0_SSE)) {
+ s->sssr = 0;
+ s->ssitr = 0;
+ s->rx_level = 0;
+ }
+ pxa2xx_ssp_fifo_update(s);
+ break;
+
+ case SSCR1:
+ s->sscr[1] = value;
+ if (value & (SSCR1_LBM | SSCR1_EFWR))
+ printf("%s: Attempt to use SSP test mode\n", __FUNCTION__);
+ pxa2xx_ssp_fifo_update(s);
+ break;
+
+ case SSPSP:
+ s->sspsp = value;
+ break;
+
+ case SSTO:
+ s->ssto = value;
+ break;
+
+ case SSITR:
+ s->ssitr = value & SSITR_INT;
+ pxa2xx_ssp_int_update(s);
+ break;
+
+ case SSSR:
+ s->sssr &= ~(value & SSSR_RW);
+ pxa2xx_ssp_int_update(s);
+ break;
+
+ case SSDR:
+ if (SSCR0_UWIRE(s->sscr[0])) {
+ if (s->sscr[1] & SSCR1_MWDS)
+ value &= 0xffff;
+ else
+ value &= 0xff;
+ } else
+ /* Note how 32bits overflow does no harm here */
+ value &= (1 << SSCR0_DSS(s->sscr[0])) - 1;
+
+ /* Data goes from here to the Tx FIFO and is shifted out from
+ * there directly to the slave, no need to buffer it.
+ */
+ if (s->enable) {
+ uint32_t readval;
+ readval = ssi_transfer(s->bus, value);
+ if (s->rx_level < 0x10) {
+ s->rx_fifo[(s->rx_start + s->rx_level ++) & 0xf] = readval;
+ } else {
+ s->sssr |= SSSR_ROR;
+ }
+ }
+ pxa2xx_ssp_fifo_update(s);
+ break;
+
+ case SSTSA:
+ s->sstsa = value;
+ break;
+
+ case SSRSA:
+ s->ssrsa = value;
+ break;
+
+ case SSACD:
+ s->ssacd = value;
+ break;
+
+ default:
+ printf("%s: Bad register " REG_FMT "\n", __FUNCTION__, addr);
+ break;
+ }
+}
+
+static const MemoryRegionOps pxa2xx_ssp_ops = {
+ .read = pxa2xx_ssp_read,
+ .write = pxa2xx_ssp_write,
+ .endianness = DEVICE_NATIVE_ENDIAN,
+};
+
+static void pxa2xx_ssp_save(QEMUFile *f, void *opaque)
+{
+ PXA2xxSSPState *s = (PXA2xxSSPState *) opaque;
+ int i;
+
+ qemu_put_be32(f, s->enable);
+
+ qemu_put_be32s(f, &s->sscr[0]);
+ qemu_put_be32s(f, &s->sscr[1]);
+ qemu_put_be32s(f, &s->sspsp);
+ qemu_put_be32s(f, &s->ssto);
+ qemu_put_be32s(f, &s->ssitr);
+ qemu_put_be32s(f, &s->sssr);
+ qemu_put_8s(f, &s->sstsa);
+ qemu_put_8s(f, &s->ssrsa);
+ qemu_put_8s(f, &s->ssacd);
+
+ qemu_put_byte(f, s->rx_level);
+ for (i = 0; i < s->rx_level; i ++)
+ qemu_put_byte(f, s->rx_fifo[(s->rx_start + i) & 0xf]);
+}
+
+static int pxa2xx_ssp_load(QEMUFile *f, void *opaque, int version_id)
+{
+ PXA2xxSSPState *s = (PXA2xxSSPState *) opaque;
+ int i;
+
+ s->enable = qemu_get_be32(f);
+
+ qemu_get_be32s(f, &s->sscr[0]);
+ qemu_get_be32s(f, &s->sscr[1]);
+ qemu_get_be32s(f, &s->sspsp);
+ qemu_get_be32s(f, &s->ssto);
+ qemu_get_be32s(f, &s->ssitr);
+ qemu_get_be32s(f, &s->sssr);
+ qemu_get_8s(f, &s->sstsa);
+ qemu_get_8s(f, &s->ssrsa);
+ qemu_get_8s(f, &s->ssacd);
+
+ s->rx_level = qemu_get_byte(f);
+ s->rx_start = 0;
+ for (i = 0; i < s->rx_level; i ++)
+ s->rx_fifo[i] = qemu_get_byte(f);
+
+ return 0;
+}
+
+static int pxa2xx_ssp_init(SysBusDevice *sbd)
+{
+ DeviceState *dev = DEVICE(sbd);
+ PXA2xxSSPState *s = PXA2XX_SSP(dev);
+
+ sysbus_init_irq(sbd, &s->irq);
+
+ memory_region_init_io(&s->iomem, OBJECT(s), &pxa2xx_ssp_ops, s,
+ "pxa2xx-ssp", 0x1000);
+ sysbus_init_mmio(sbd, &s->iomem);
+ register_savevm(dev, "pxa2xx_ssp", -1, 0,
+ pxa2xx_ssp_save, pxa2xx_ssp_load, s);
+
+ s->bus = ssi_create_bus(dev, "ssi");
+ return 0;
+}
+
+/* Real-Time Clock */
+#define RCNR 0x00 /* RTC Counter register */
+#define RTAR 0x04 /* RTC Alarm register */
+#define RTSR 0x08 /* RTC Status register */
+#define RTTR 0x0c /* RTC Timer Trim register */
+#define RDCR 0x10 /* RTC Day Counter register */
+#define RYCR 0x14 /* RTC Year Counter register */
+#define RDAR1 0x18 /* RTC Wristwatch Day Alarm register 1 */
+#define RYAR1 0x1c /* RTC Wristwatch Year Alarm register 1 */
+#define RDAR2 0x20 /* RTC Wristwatch Day Alarm register 2 */
+#define RYAR2 0x24 /* RTC Wristwatch Year Alarm register 2 */
+#define SWCR 0x28 /* RTC Stopwatch Counter register */
+#define SWAR1 0x2c /* RTC Stopwatch Alarm register 1 */
+#define SWAR2 0x30 /* RTC Stopwatch Alarm register 2 */
+#define RTCPICR 0x34 /* RTC Periodic Interrupt Counter register */
+#define PIAR 0x38 /* RTC Periodic Interrupt Alarm register */
+
+#define TYPE_PXA2XX_RTC "pxa2xx_rtc"
+#define PXA2XX_RTC(obj) \
+ OBJECT_CHECK(PXA2xxRTCState, (obj), TYPE_PXA2XX_RTC)
+
+typedef struct {
+ /*< private >*/
+ SysBusDevice parent_obj;
+ /*< public >*/
+
+ MemoryRegion iomem;
+ uint32_t rttr;
+ uint32_t rtsr;
+ uint32_t rtar;
+ uint32_t rdar1;
+ uint32_t rdar2;
+ uint32_t ryar1;
+ uint32_t ryar2;
+ uint32_t swar1;
+ uint32_t swar2;
+ uint32_t piar;
+ uint32_t last_rcnr;
+ uint32_t last_rdcr;
+ uint32_t last_rycr;
+ uint32_t last_swcr;
+ uint32_t last_rtcpicr;
+ int64_t last_hz;
+ int64_t last_sw;
+ int64_t last_pi;
+ QEMUTimer *rtc_hz;
+ QEMUTimer *rtc_rdal1;
+ QEMUTimer *rtc_rdal2;
+ QEMUTimer *rtc_swal1;
+ QEMUTimer *rtc_swal2;
+ QEMUTimer *rtc_pi;
+ qemu_irq rtc_irq;
+} PXA2xxRTCState;
+
+static inline void pxa2xx_rtc_int_update(PXA2xxRTCState *s)
+{
+ qemu_set_irq(s->rtc_irq, !!(s->rtsr & 0x2553));
+}
+
+static void pxa2xx_rtc_hzupdate(PXA2xxRTCState *s)
+{
+ int64_t rt = qemu_get_clock_ms(rtc_clock);
+ s->last_rcnr += ((rt - s->last_hz) << 15) /
+ (1000 * ((s->rttr & 0xffff) + 1));
+ s->last_rdcr += ((rt - s->last_hz) << 15) /
+ (1000 * ((s->rttr & 0xffff) + 1));
+ s->last_hz = rt;
+}
+
+static void pxa2xx_rtc_swupdate(PXA2xxRTCState *s)
+{
+ int64_t rt = qemu_get_clock_ms(rtc_clock);
+ if (s->rtsr & (1 << 12))
+ s->last_swcr += (rt - s->last_sw) / 10;
+ s->last_sw = rt;
+}
+
+static void pxa2xx_rtc_piupdate(PXA2xxRTCState *s)
+{
+ int64_t rt = qemu_get_clock_ms(rtc_clock);
+ if (s->rtsr & (1 << 15))
+ s->last_swcr += rt - s->last_pi;
+ s->last_pi = rt;
+}
+
+static inline void pxa2xx_rtc_alarm_update(PXA2xxRTCState *s,
+ uint32_t rtsr)
+{
+ if ((rtsr & (1 << 2)) && !(rtsr & (1 << 0)))
+ qemu_mod_timer(s->rtc_hz, s->last_hz +
+ (((s->rtar - s->last_rcnr) * 1000 *
+ ((s->rttr & 0xffff) + 1)) >> 15));
+ else
+ qemu_del_timer(s->rtc_hz);
+
+ if ((rtsr & (1 << 5)) && !(rtsr & (1 << 4)))
+ qemu_mod_timer(s->rtc_rdal1, s->last_hz +
+ (((s->rdar1 - s->last_rdcr) * 1000 *
+ ((s->rttr & 0xffff) + 1)) >> 15)); /* TODO: fixup */
+ else
+ qemu_del_timer(s->rtc_rdal1);
+
+ if ((rtsr & (1 << 7)) && !(rtsr & (1 << 6)))
+ qemu_mod_timer(s->rtc_rdal2, s->last_hz +
+ (((s->rdar2 - s->last_rdcr) * 1000 *
+ ((s->rttr & 0xffff) + 1)) >> 15)); /* TODO: fixup */
+ else
+ qemu_del_timer(s->rtc_rdal2);
+
+ if ((rtsr & 0x1200) == 0x1200 && !(rtsr & (1 << 8)))
+ qemu_mod_timer(s->rtc_swal1, s->last_sw +
+ (s->swar1 - s->last_swcr) * 10); /* TODO: fixup */
+ else
+ qemu_del_timer(s->rtc_swal1);
+
+ if ((rtsr & 0x1800) == 0x1800 && !(rtsr & (1 << 10)))
+ qemu_mod_timer(s->rtc_swal2, s->last_sw +
+ (s->swar2 - s->last_swcr) * 10); /* TODO: fixup */
+ else
+ qemu_del_timer(s->rtc_swal2);
+
+ if ((rtsr & 0xc000) == 0xc000 && !(rtsr & (1 << 13)))
+ qemu_mod_timer(s->rtc_pi, s->last_pi +
+ (s->piar & 0xffff) - s->last_rtcpicr);
+ else
+ qemu_del_timer(s->rtc_pi);
+}
+
+static inline void pxa2xx_rtc_hz_tick(void *opaque)
+{
+ PXA2xxRTCState *s = (PXA2xxRTCState *) opaque;
+ s->rtsr |= (1 << 0);
+ pxa2xx_rtc_alarm_update(s, s->rtsr);
+ pxa2xx_rtc_int_update(s);
+}
+
+static inline void pxa2xx_rtc_rdal1_tick(void *opaque)
+{
+ PXA2xxRTCState *s = (PXA2xxRTCState *) opaque;
+ s->rtsr |= (1 << 4);
+ pxa2xx_rtc_alarm_update(s, s->rtsr);
+ pxa2xx_rtc_int_update(s);
+}
+
+static inline void pxa2xx_rtc_rdal2_tick(void *opaque)
+{
+ PXA2xxRTCState *s = (PXA2xxRTCState *) opaque;
+ s->rtsr |= (1 << 6);
+ pxa2xx_rtc_alarm_update(s, s->rtsr);
+ pxa2xx_rtc_int_update(s);
+}
+
+static inline void pxa2xx_rtc_swal1_tick(void *opaque)
+{
+ PXA2xxRTCState *s = (PXA2xxRTCState *) opaque;
+ s->rtsr |= (1 << 8);
+ pxa2xx_rtc_alarm_update(s, s->rtsr);
+ pxa2xx_rtc_int_update(s);
+}
+
+static inline void pxa2xx_rtc_swal2_tick(void *opaque)
+{
+ PXA2xxRTCState *s = (PXA2xxRTCState *) opaque;
+ s->rtsr |= (1 << 10);
+ pxa2xx_rtc_alarm_update(s, s->rtsr);
+ pxa2xx_rtc_int_update(s);
+}
+
+static inline void pxa2xx_rtc_pi_tick(void *opaque)
+{
+ PXA2xxRTCState *s = (PXA2xxRTCState *) opaque;
+ s->rtsr |= (1 << 13);
+ pxa2xx_rtc_piupdate(s);
+ s->last_rtcpicr = 0;
+ pxa2xx_rtc_alarm_update(s, s->rtsr);
+ pxa2xx_rtc_int_update(s);
+}
+
+static uint64_t pxa2xx_rtc_read(void *opaque, hwaddr addr,
+ unsigned size)
+{
+ PXA2xxRTCState *s = (PXA2xxRTCState *) opaque;
+
+ switch (addr) {
+ case RTTR:
+ return s->rttr;
+ case RTSR:
+ return s->rtsr;
+ case RTAR:
+ return s->rtar;
+ case RDAR1:
+ return s->rdar1;
+ case RDAR2:
+ return s->rdar2;
+ case RYAR1:
+ return s->ryar1;
+ case RYAR2:
+ return s->ryar2;
+ case SWAR1:
+ return s->swar1;
+ case SWAR2:
+ return s->swar2;
+ case PIAR:
+ return s->piar;
+ case RCNR:
+ return s->last_rcnr + ((qemu_get_clock_ms(rtc_clock) - s->last_hz) << 15) /
+ (1000 * ((s->rttr & 0xffff) + 1));
+ case RDCR:
+ return s->last_rdcr + ((qemu_get_clock_ms(rtc_clock) - s->last_hz) << 15) /
+ (1000 * ((s->rttr & 0xffff) + 1));
+ case RYCR:
+ return s->last_rycr;
+ case SWCR:
+ if (s->rtsr & (1 << 12))
+ return s->last_swcr + (qemu_get_clock_ms(rtc_clock) - s->last_sw) / 10;
+ else
+ return s->last_swcr;
+ default:
+ printf("%s: Bad register " REG_FMT "\n", __FUNCTION__, addr);
+ break;
+ }
+ return 0;
+}
+
+static void pxa2xx_rtc_write(void *opaque, hwaddr addr,
+ uint64_t value64, unsigned size)
+{
+ PXA2xxRTCState *s = (PXA2xxRTCState *) opaque;
+ uint32_t value = value64;
+
+ switch (addr) {
+ case RTTR:
+ if (!(s->rttr & (1 << 31))) {
+ pxa2xx_rtc_hzupdate(s);
+ s->rttr = value;
+ pxa2xx_rtc_alarm_update(s, s->rtsr);
+ }
+ break;
+
+ case RTSR:
+ if ((s->rtsr ^ value) & (1 << 15))
+ pxa2xx_rtc_piupdate(s);
+
+ if ((s->rtsr ^ value) & (1 << 12))
+ pxa2xx_rtc_swupdate(s);
+
+ if (((s->rtsr ^ value) & 0x4aac) | (value & ~0xdaac))
+ pxa2xx_rtc_alarm_update(s, value);
+
+ s->rtsr = (value & 0xdaac) | (s->rtsr & ~(value & ~0xdaac));
+ pxa2xx_rtc_int_update(s);
+ break;
+
+ case RTAR:
+ s->rtar = value;
+ pxa2xx_rtc_alarm_update(s, s->rtsr);
+ break;
+
+ case RDAR1:
+ s->rdar1 = value;
+ pxa2xx_rtc_alarm_update(s, s->rtsr);
+ break;
+
+ case RDAR2:
+ s->rdar2 = value;
+ pxa2xx_rtc_alarm_update(s, s->rtsr);
+ break;
+
+ case RYAR1:
+ s->ryar1 = value;
+ pxa2xx_rtc_alarm_update(s, s->rtsr);
+ break;
+
+ case RYAR2:
+ s->ryar2 = value;
+ pxa2xx_rtc_alarm_update(s, s->rtsr);
+ break;
+
+ case SWAR1:
+ pxa2xx_rtc_swupdate(s);
+ s->swar1 = value;
+ s->last_swcr = 0;
+ pxa2xx_rtc_alarm_update(s, s->rtsr);
+ break;
+
+ case SWAR2:
+ s->swar2 = value;
+ pxa2xx_rtc_alarm_update(s, s->rtsr);
+ break;
+
+ case PIAR:
+ s->piar = value;
+ pxa2xx_rtc_alarm_update(s, s->rtsr);
+ break;
+
+ case RCNR:
+ pxa2xx_rtc_hzupdate(s);
+ s->last_rcnr = value;
+ pxa2xx_rtc_alarm_update(s, s->rtsr);
+ break;
+
+ case RDCR:
+ pxa2xx_rtc_hzupdate(s);
+ s->last_rdcr = value;
+ pxa2xx_rtc_alarm_update(s, s->rtsr);
+ break;
+
+ case RYCR:
+ s->last_rycr = value;
+ break;
+
+ case SWCR:
+ pxa2xx_rtc_swupdate(s);
+ s->last_swcr = value;
+ pxa2xx_rtc_alarm_update(s, s->rtsr);
+ break;
+
+ case RTCPICR:
+ pxa2xx_rtc_piupdate(s);
+ s->last_rtcpicr = value & 0xffff;
+ pxa2xx_rtc_alarm_update(s, s->rtsr);
+ break;
+
+ default:
+ printf("%s: Bad register " REG_FMT "\n", __FUNCTION__, addr);
+ }
+}
+
+static const MemoryRegionOps pxa2xx_rtc_ops = {
+ .read = pxa2xx_rtc_read,
+ .write = pxa2xx_rtc_write,
+ .endianness = DEVICE_NATIVE_ENDIAN,
+};
+
+static int pxa2xx_rtc_init(SysBusDevice *dev)
+{
+ PXA2xxRTCState *s = PXA2XX_RTC(dev);
+ struct tm tm;
+ int wom;
+
+ s->rttr = 0x7fff;
+ s->rtsr = 0;
+
+ qemu_get_timedate(&tm, 0);
+ wom = ((tm.tm_mday - 1) / 7) + 1;
+
+ s->last_rcnr = (uint32_t) mktimegm(&tm);
+ s->last_rdcr = (wom << 20) | ((tm.tm_wday + 1) << 17) |
+ (tm.tm_hour << 12) | (tm.tm_min << 6) | tm.tm_sec;
+ s->last_rycr = ((tm.tm_year + 1900) << 9) |
+ ((tm.tm_mon + 1) << 5) | tm.tm_mday;
+ s->last_swcr = (tm.tm_hour << 19) |
+ (tm.tm_min << 13) | (tm.tm_sec << 7);
+ s->last_rtcpicr = 0;
+ s->last_hz = s->last_sw = s->last_pi = qemu_get_clock_ms(rtc_clock);
+
+ s->rtc_hz = qemu_new_timer_ms(rtc_clock, pxa2xx_rtc_hz_tick, s);
+ s->rtc_rdal1 = qemu_new_timer_ms(rtc_clock, pxa2xx_rtc_rdal1_tick, s);
+ s->rtc_rdal2 = qemu_new_timer_ms(rtc_clock, pxa2xx_rtc_rdal2_tick, s);
+ s->rtc_swal1 = qemu_new_timer_ms(rtc_clock, pxa2xx_rtc_swal1_tick, s);
+ s->rtc_swal2 = qemu_new_timer_ms(rtc_clock, pxa2xx_rtc_swal2_tick, s);
+ s->rtc_pi = qemu_new_timer_ms(rtc_clock, pxa2xx_rtc_pi_tick, s);
+
+ sysbus_init_irq(dev, &s->rtc_irq);
+
+ memory_region_init_io(&s->iomem, OBJECT(s), &pxa2xx_rtc_ops, s,
+ "pxa2xx-rtc", 0x10000);
+ sysbus_init_mmio(dev, &s->iomem);
+
+ return 0;
+}
+
+static void pxa2xx_rtc_pre_save(void *opaque)
+{
+ PXA2xxRTCState *s = (PXA2xxRTCState *) opaque;
+
+ pxa2xx_rtc_hzupdate(s);
+ pxa2xx_rtc_piupdate(s);
+ pxa2xx_rtc_swupdate(s);
+}
+
+static int pxa2xx_rtc_post_load(void *opaque, int version_id)
+{
+ PXA2xxRTCState *s = (PXA2xxRTCState *) opaque;
+
+ pxa2xx_rtc_alarm_update(s, s->rtsr);
+
+ return 0;
+}
+
+static const VMStateDescription vmstate_pxa2xx_rtc_regs = {
+ .name = "pxa2xx_rtc",
+ .version_id = 0,
+ .minimum_version_id = 0,
+ .minimum_version_id_old = 0,
+ .pre_save = pxa2xx_rtc_pre_save,
+ .post_load = pxa2xx_rtc_post_load,
+ .fields = (VMStateField[]) {
+ VMSTATE_UINT32(rttr, PXA2xxRTCState),
+ VMSTATE_UINT32(rtsr, PXA2xxRTCState),
+ VMSTATE_UINT32(rtar, PXA2xxRTCState),
+ VMSTATE_UINT32(rdar1, PXA2xxRTCState),
+ VMSTATE_UINT32(rdar2, PXA2xxRTCState),
+ VMSTATE_UINT32(ryar1, PXA2xxRTCState),
+ VMSTATE_UINT32(ryar2, PXA2xxRTCState),
+ VMSTATE_UINT32(swar1, PXA2xxRTCState),
+ VMSTATE_UINT32(swar2, PXA2xxRTCState),
+ VMSTATE_UINT32(piar, PXA2xxRTCState),
+ VMSTATE_UINT32(last_rcnr, PXA2xxRTCState),
+ VMSTATE_UINT32(last_rdcr, PXA2xxRTCState),
+ VMSTATE_UINT32(last_rycr, PXA2xxRTCState),
+ VMSTATE_UINT32(last_swcr, PXA2xxRTCState),
+ VMSTATE_UINT32(last_rtcpicr, PXA2xxRTCState),
+ VMSTATE_INT64(last_hz, PXA2xxRTCState),
+ VMSTATE_INT64(last_sw, PXA2xxRTCState),
+ VMSTATE_INT64(last_pi, PXA2xxRTCState),
+ VMSTATE_END_OF_LIST(),
+ },
+};
+
+static void pxa2xx_rtc_sysbus_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
+
+ k->init = pxa2xx_rtc_init;
+ dc->desc = "PXA2xx RTC Controller";
+ dc->vmsd = &vmstate_pxa2xx_rtc_regs;
+}
+
+static const TypeInfo pxa2xx_rtc_sysbus_info = {
+ .name = TYPE_PXA2XX_RTC,
+ .parent = TYPE_SYS_BUS_DEVICE,
+ .instance_size = sizeof(PXA2xxRTCState),
+ .class_init = pxa2xx_rtc_sysbus_class_init,
+};
+
+/* I2C Interface */
+typedef struct {
+ I2CSlave i2c;
+ PXA2xxI2CState *host;
+} PXA2xxI2CSlaveState;
+
+#define TYPE_PXA2XX_I2C "pxa2xx_i2c"
+#define PXA2XX_I2C(obj) \
+ OBJECT_CHECK(PXA2xxI2CState, (obj), TYPE_PXA2XX_I2C)
+
+struct PXA2xxI2CState {
+ /*< private >*/
+ SysBusDevice parent_obj;
+ /*< public >*/
+
+ MemoryRegion iomem;
+ PXA2xxI2CSlaveState *slave;
+ i2c_bus *bus;
+ qemu_irq irq;
+ uint32_t offset;
+ uint32_t region_size;
+
+ uint16_t control;
+ uint16_t status;
+ uint8_t ibmr;
+ uint8_t data;
+};
+
+#define IBMR 0x80 /* I2C Bus Monitor register */
+#define IDBR 0x88 /* I2C Data Buffer register */
+#define ICR 0x90 /* I2C Control register */
+#define ISR 0x98 /* I2C Status register */
+#define ISAR 0xa0 /* I2C Slave Address register */
+
+static void pxa2xx_i2c_update(PXA2xxI2CState *s)
+{
+ uint16_t level = 0;
+ level |= s->status & s->control & (1 << 10); /* BED */
+ level |= (s->status & (1 << 7)) && (s->control & (1 << 9)); /* IRF */
+ level |= (s->status & (1 << 6)) && (s->control & (1 << 8)); /* ITE */
+ level |= s->status & (1 << 9); /* SAD */
+ qemu_set_irq(s->irq, !!level);
+}
+
+/* These are only stubs now. */
+static void pxa2xx_i2c_event(I2CSlave *i2c, enum i2c_event event)
+{
+ PXA2xxI2CSlaveState *slave = FROM_I2C_SLAVE(PXA2xxI2CSlaveState, i2c);
+ PXA2xxI2CState *s = slave->host;
+
+ switch (event) {
+ case I2C_START_SEND:
+ s->status |= (1 << 9); /* set SAD */
+ s->status &= ~(1 << 0); /* clear RWM */
+ break;
+ case I2C_START_RECV:
+ s->status |= (1 << 9); /* set SAD */
+ s->status |= 1 << 0; /* set RWM */
+ break;
+ case I2C_FINISH:
+ s->status |= (1 << 4); /* set SSD */
+ break;
+ case I2C_NACK:
+ s->status |= 1 << 1; /* set ACKNAK */
+ break;
+ }
+ pxa2xx_i2c_update(s);
+}
+
+static int pxa2xx_i2c_rx(I2CSlave *i2c)
+{
+ PXA2xxI2CSlaveState *slave = FROM_I2C_SLAVE(PXA2xxI2CSlaveState, i2c);
+ PXA2xxI2CState *s = slave->host;
+ if ((s->control & (1 << 14)) || !(s->control & (1 << 6)))
+ return 0;
+
+ if (s->status & (1 << 0)) { /* RWM */
+ s->status |= 1 << 6; /* set ITE */
+ }
+ pxa2xx_i2c_update(s);
+
+ return s->data;
+}
+
+static int pxa2xx_i2c_tx(I2CSlave *i2c, uint8_t data)
+{
+ PXA2xxI2CSlaveState *slave = FROM_I2C_SLAVE(PXA2xxI2CSlaveState, i2c);
+ PXA2xxI2CState *s = slave->host;
+ if ((s->control & (1 << 14)) || !(s->control & (1 << 6)))
+ return 1;
+
+ if (!(s->status & (1 << 0))) { /* RWM */
+ s->status |= 1 << 7; /* set IRF */
+ s->data = data;
+ }
+ pxa2xx_i2c_update(s);
+
+ return 1;
+}
+
+static uint64_t pxa2xx_i2c_read(void *opaque, hwaddr addr,
+ unsigned size)
+{
+ PXA2xxI2CState *s = (PXA2xxI2CState *) opaque;
+
+ addr -= s->offset;
+ switch (addr) {
+ case ICR:
+ return s->control;
+ case ISR:
+ return s->status | (i2c_bus_busy(s->bus) << 2);
+ case ISAR:
+ return s->slave->i2c.address;
+ case IDBR:
+ return s->data;
+ case IBMR:
+ if (s->status & (1 << 2))
+ s->ibmr ^= 3; /* Fake SCL and SDA pin changes */
+ else
+ s->ibmr = 0;
+ return s->ibmr;
+ default:
+ printf("%s: Bad register " REG_FMT "\n", __FUNCTION__, addr);
+ break;
+ }
+ return 0;
+}
+
+static void pxa2xx_i2c_write(void *opaque, hwaddr addr,
+ uint64_t value64, unsigned size)
+{
+ PXA2xxI2CState *s = (PXA2xxI2CState *) opaque;
+ uint32_t value = value64;
+ int ack;
+
+ addr -= s->offset;
+ switch (addr) {
+ case ICR:
+ s->control = value & 0xfff7;
+ if ((value & (1 << 3)) && (value & (1 << 6))) { /* TB and IUE */
+ /* TODO: slave mode */
+ if (value & (1 << 0)) { /* START condition */
+ if (s->data & 1)
+ s->status |= 1 << 0; /* set RWM */
+ else
+ s->status &= ~(1 << 0); /* clear RWM */
+ ack = !i2c_start_transfer(s->bus, s->data >> 1, s->data & 1);
+ } else {
+ if (s->status & (1 << 0)) { /* RWM */
+ s->data = i2c_recv(s->bus);
+ if (value & (1 << 2)) /* ACKNAK */
+ i2c_nack(s->bus);
+ ack = 1;
+ } else
+ ack = !i2c_send(s->bus, s->data);
+ }
+
+ if (value & (1 << 1)) /* STOP condition */
+ i2c_end_transfer(s->bus);
+
+ if (ack) {
+ if (value & (1 << 0)) /* START condition */
+ s->status |= 1 << 6; /* set ITE */
+ else
+ if (s->status & (1 << 0)) /* RWM */
+ s->status |= 1 << 7; /* set IRF */
+ else
+ s->status |= 1 << 6; /* set ITE */
+ s->status &= ~(1 << 1); /* clear ACKNAK */
+ } else {
+ s->status |= 1 << 6; /* set ITE */
+ s->status |= 1 << 10; /* set BED */
+ s->status |= 1 << 1; /* set ACKNAK */
+ }
+ }
+ if (!(value & (1 << 3)) && (value & (1 << 6))) /* !TB and IUE */
+ if (value & (1 << 4)) /* MA */
+ i2c_end_transfer(s->bus);
+ pxa2xx_i2c_update(s);
+ break;
+
+ case ISR:
+ s->status &= ~(value & 0x07f0);
+ pxa2xx_i2c_update(s);
+ break;
+
+ case ISAR:
+ i2c_set_slave_address(&s->slave->i2c, value & 0x7f);
+ break;
+
+ case IDBR:
+ s->data = value & 0xff;
+ break;
+
+ default:
+ printf("%s: Bad register " REG_FMT "\n", __FUNCTION__, addr);
+ }
+}
+
+static const MemoryRegionOps pxa2xx_i2c_ops = {
+ .read = pxa2xx_i2c_read,
+ .write = pxa2xx_i2c_write,
+ .endianness = DEVICE_NATIVE_ENDIAN,
+};
+
+static const VMStateDescription vmstate_pxa2xx_i2c_slave = {
+ .name = "pxa2xx_i2c_slave",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .minimum_version_id_old = 1,
+ .fields = (VMStateField []) {
+ VMSTATE_I2C_SLAVE(i2c, PXA2xxI2CSlaveState),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+static const VMStateDescription vmstate_pxa2xx_i2c = {
+ .name = "pxa2xx_i2c",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .minimum_version_id_old = 1,
+ .fields = (VMStateField []) {
+ VMSTATE_UINT16(control, PXA2xxI2CState),
+ VMSTATE_UINT16(status, PXA2xxI2CState),
+ VMSTATE_UINT8(ibmr, PXA2xxI2CState),
+ VMSTATE_UINT8(data, PXA2xxI2CState),
+ VMSTATE_STRUCT_POINTER(slave, PXA2xxI2CState,
+ vmstate_pxa2xx_i2c_slave, PXA2xxI2CSlaveState *),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+static int pxa2xx_i2c_slave_init(I2CSlave *i2c)
+{
+ /* Nothing to do. */
+ return 0;
+}
+
+static void pxa2xx_i2c_slave_class_init(ObjectClass *klass, void *data)
+{
+ I2CSlaveClass *k = I2C_SLAVE_CLASS(klass);
+
+ k->init = pxa2xx_i2c_slave_init;
+ k->event = pxa2xx_i2c_event;
+ k->recv = pxa2xx_i2c_rx;
+ k->send = pxa2xx_i2c_tx;
+}
+
+static const TypeInfo pxa2xx_i2c_slave_info = {
+ .name = "pxa2xx-i2c-slave",
+ .parent = TYPE_I2C_SLAVE,
+ .instance_size = sizeof(PXA2xxI2CSlaveState),
+ .class_init = pxa2xx_i2c_slave_class_init,
+};
+
+PXA2xxI2CState *pxa2xx_i2c_init(hwaddr base,
+ qemu_irq irq, uint32_t region_size)
+{
+ DeviceState *dev;
+ SysBusDevice *i2c_dev;
+ PXA2xxI2CState *s;
+ i2c_bus *i2cbus;
+
+ dev = qdev_create(NULL, TYPE_PXA2XX_I2C);
+ qdev_prop_set_uint32(dev, "size", region_size + 1);
+ qdev_prop_set_uint32(dev, "offset", base & region_size);
+ qdev_init_nofail(dev);
+
+ i2c_dev = SYS_BUS_DEVICE(dev);
+ sysbus_mmio_map(i2c_dev, 0, base & ~region_size);
+ sysbus_connect_irq(i2c_dev, 0, irq);
+
+ s = PXA2XX_I2C(i2c_dev);
+ /* FIXME: Should the slave device really be on a separate bus? */
+ i2cbus = i2c_init_bus(dev, "dummy");
+ dev = i2c_create_slave(i2cbus, "pxa2xx-i2c-slave", 0);
+ s->slave = FROM_I2C_SLAVE(PXA2xxI2CSlaveState, I2C_SLAVE(dev));
+ s->slave->host = s;
+
+ return s;
+}
+
+static int pxa2xx_i2c_initfn(SysBusDevice *sbd)
+{
+ DeviceState *dev = DEVICE(sbd);
+ PXA2xxI2CState *s = PXA2XX_I2C(dev);
+
+ s->bus = i2c_init_bus(dev, "i2c");
+
+ memory_region_init_io(&s->iomem, OBJECT(s), &pxa2xx_i2c_ops, s,
+ "pxa2xx-i2c", s->region_size);
+ sysbus_init_mmio(sbd, &s->iomem);
+ sysbus_init_irq(sbd, &s->irq);
+
+ return 0;
+}
+
+i2c_bus *pxa2xx_i2c_bus(PXA2xxI2CState *s)
+{
+ return s->bus;
+}
+
+static Property pxa2xx_i2c_properties[] = {
+ DEFINE_PROP_UINT32("size", PXA2xxI2CState, region_size, 0x10000),
+ DEFINE_PROP_UINT32("offset", PXA2xxI2CState, offset, 0),
+ DEFINE_PROP_END_OF_LIST(),
+};
+
+static void pxa2xx_i2c_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
+
+ k->init = pxa2xx_i2c_initfn;
+ dc->desc = "PXA2xx I2C Bus Controller";
+ dc->vmsd = &vmstate_pxa2xx_i2c;
+ dc->props = pxa2xx_i2c_properties;
+}
+
+static const TypeInfo pxa2xx_i2c_info = {
+ .name = TYPE_PXA2XX_I2C,
+ .parent = TYPE_SYS_BUS_DEVICE,
+ .instance_size = sizeof(PXA2xxI2CState),
+ .class_init = pxa2xx_i2c_class_init,
+};
+
+/* PXA Inter-IC Sound Controller */
+static void pxa2xx_i2s_reset(PXA2xxI2SState *i2s)
+{
+ i2s->rx_len = 0;
+ i2s->tx_len = 0;
+ i2s->fifo_len = 0;
+ i2s->clk = 0x1a;
+ i2s->control[0] = 0x00;
+ i2s->control[1] = 0x00;
+ i2s->status = 0x00;
+ i2s->mask = 0x00;
+}
+
+#define SACR_TFTH(val) ((val >> 8) & 0xf)
+#define SACR_RFTH(val) ((val >> 12) & 0xf)
+#define SACR_DREC(val) (val & (1 << 3))
+#define SACR_DPRL(val) (val & (1 << 4))
+
+static inline void pxa2xx_i2s_update(PXA2xxI2SState *i2s)
+{
+ int rfs, tfs;
+ rfs = SACR_RFTH(i2s->control[0]) < i2s->rx_len &&
+ !SACR_DREC(i2s->control[1]);
+ tfs = (i2s->tx_len || i2s->fifo_len < SACR_TFTH(i2s->control[0])) &&
+ i2s->enable && !SACR_DPRL(i2s->control[1]);
+
+ qemu_set_irq(i2s->rx_dma, rfs);
+ qemu_set_irq(i2s->tx_dma, tfs);
+
+ i2s->status &= 0xe0;
+ if (i2s->fifo_len < 16 || !i2s->enable)
+ i2s->status |= 1 << 0; /* TNF */
+ if (i2s->rx_len)
+ i2s->status |= 1 << 1; /* RNE */
+ if (i2s->enable)
+ i2s->status |= 1 << 2; /* BSY */
+ if (tfs)
+ i2s->status |= 1 << 3; /* TFS */
+ if (rfs)
+ i2s->status |= 1 << 4; /* RFS */
+ if (!(i2s->tx_len && i2s->enable))
+ i2s->status |= i2s->fifo_len << 8; /* TFL */
+ i2s->status |= MAX(i2s->rx_len, 0xf) << 12; /* RFL */
+
+ qemu_set_irq(i2s->irq, i2s->status & i2s->mask);
+}
+
+#define SACR0 0x00 /* Serial Audio Global Control register */
+#define SACR1 0x04 /* Serial Audio I2S/MSB-Justified Control register */
+#define SASR0 0x0c /* Serial Audio Interface and FIFO Status register */
+#define SAIMR 0x14 /* Serial Audio Interrupt Mask register */
+#define SAICR 0x18 /* Serial Audio Interrupt Clear register */
+#define SADIV 0x60 /* Serial Audio Clock Divider register */
+#define SADR 0x80 /* Serial Audio Data register */
+
+static uint64_t pxa2xx_i2s_read(void *opaque, hwaddr addr,
+ unsigned size)
+{
+ PXA2xxI2SState *s = (PXA2xxI2SState *) opaque;
+
+ switch (addr) {
+ case SACR0:
+ return s->control[0];
+ case SACR1:
+ return s->control[1];
+ case SASR0:
+ return s->status;
+ case SAIMR:
+ return s->mask;
+ case SAICR:
+ return 0;
+ case SADIV:
+ return s->clk;
+ case SADR:
+ if (s->rx_len > 0) {
+ s->rx_len --;
+ pxa2xx_i2s_update(s);
+ return s->codec_in(s->opaque);
+ }
+ return 0;
+ default:
+ printf("%s: Bad register " REG_FMT "\n", __FUNCTION__, addr);
+ break;
+ }
+ return 0;
+}
+
+static void pxa2xx_i2s_write(void *opaque, hwaddr addr,
+ uint64_t value, unsigned size)
+{
+ PXA2xxI2SState *s = (PXA2xxI2SState *) opaque;
+ uint32_t *sample;
+
+ switch (addr) {
+ case SACR0:
+ if (value & (1 << 3)) /* RST */
+ pxa2xx_i2s_reset(s);
+ s->control[0] = value & 0xff3d;
+ if (!s->enable && (value & 1) && s->tx_len) { /* ENB */
+ for (sample = s->fifo; s->fifo_len > 0; s->fifo_len --, sample ++)
+ s->codec_out(s->opaque, *sample);
+ s->status &= ~(1 << 7); /* I2SOFF */
+ }
+ if (value & (1 << 4)) /* EFWR */
+ printf("%s: Attempt to use special function\n", __FUNCTION__);
+ s->enable = (value & 9) == 1; /* ENB && !RST*/
+ pxa2xx_i2s_update(s);
+ break;
+ case SACR1:
+ s->control[1] = value & 0x0039;
+ if (value & (1 << 5)) /* ENLBF */
+ printf("%s: Attempt to use loopback function\n", __FUNCTION__);
+ if (value & (1 << 4)) /* DPRL */
+ s->fifo_len = 0;
+ pxa2xx_i2s_update(s);
+ break;
+ case SAIMR:
+ s->mask = value & 0x0078;
+ pxa2xx_i2s_update(s);
+ break;
+ case SAICR:
+ s->status &= ~(value & (3 << 5));
+ pxa2xx_i2s_update(s);
+ break;
+ case SADIV:
+ s->clk = value & 0x007f;
+ break;
+ case SADR:
+ if (s->tx_len && s->enable) {
+ s->tx_len --;
+ pxa2xx_i2s_update(s);
+ s->codec_out(s->opaque, value);
+ } else if (s->fifo_len < 16) {
+ s->fifo[s->fifo_len ++] = value;
+ pxa2xx_i2s_update(s);
+ }
+ break;
+ default:
+ printf("%s: Bad register " REG_FMT "\n", __FUNCTION__, addr);
+ }
+}
+
+static const MemoryRegionOps pxa2xx_i2s_ops = {
+ .read = pxa2xx_i2s_read,
+ .write = pxa2xx_i2s_write,
+ .endianness = DEVICE_NATIVE_ENDIAN,
+};
+
+static const VMStateDescription vmstate_pxa2xx_i2s = {
+ .name = "pxa2xx_i2s",
+ .version_id = 0,
+ .minimum_version_id = 0,
+ .minimum_version_id_old = 0,
+ .fields = (VMStateField[]) {
+ VMSTATE_UINT32_ARRAY(control, PXA2xxI2SState, 2),
+ VMSTATE_UINT32(status, PXA2xxI2SState),
+ VMSTATE_UINT32(mask, PXA2xxI2SState),
+ VMSTATE_UINT32(clk, PXA2xxI2SState),
+ VMSTATE_INT32(enable, PXA2xxI2SState),
+ VMSTATE_INT32(rx_len, PXA2xxI2SState),
+ VMSTATE_INT32(tx_len, PXA2xxI2SState),
+ VMSTATE_INT32(fifo_len, PXA2xxI2SState),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+static void pxa2xx_i2s_data_req(void *opaque, int tx, int rx)
+{
+ PXA2xxI2SState *s = (PXA2xxI2SState *) opaque;
+ uint32_t *sample;
+
+ /* Signal FIFO errors */
+ if (s->enable && s->tx_len)
+ s->status |= 1 << 5; /* TUR */
+ if (s->enable && s->rx_len)
+ s->status |= 1 << 6; /* ROR */
+
+ /* Should be tx - MIN(tx, s->fifo_len) but we don't really need to
+ * handle the cases where it makes a difference. */
+ s->tx_len = tx - s->fifo_len;
+ s->rx_len = rx;
+ /* Note that is s->codec_out wasn't set, we wouldn't get called. */
+ if (s->enable)
+ for (sample = s->fifo; s->fifo_len; s->fifo_len --, sample ++)
+ s->codec_out(s->opaque, *sample);
+ pxa2xx_i2s_update(s);
+}
+
+static PXA2xxI2SState *pxa2xx_i2s_init(MemoryRegion *sysmem,
+ hwaddr base,
+ qemu_irq irq, qemu_irq rx_dma, qemu_irq tx_dma)
+{
+ PXA2xxI2SState *s = (PXA2xxI2SState *)
+ g_malloc0(sizeof(PXA2xxI2SState));
+
+ s->irq = irq;
+ s->rx_dma = rx_dma;
+ s->tx_dma = tx_dma;
+ s->data_req = pxa2xx_i2s_data_req;
+
+ pxa2xx_i2s_reset(s);
+
+ memory_region_init_io(&s->iomem, NULL, &pxa2xx_i2s_ops, s,
+ "pxa2xx-i2s", 0x100000);
+ memory_region_add_subregion(sysmem, base, &s->iomem);
+
+ vmstate_register(NULL, base, &vmstate_pxa2xx_i2s, s);
+
+ return s;
+}
+
+/* PXA Fast Infra-red Communications Port */
+struct PXA2xxFIrState {
+ MemoryRegion iomem;
+ qemu_irq irq;
+ qemu_irq rx_dma;
+ qemu_irq tx_dma;
+ int enable;
+ CharDriverState *chr;
+
+ uint8_t control[3];
+ uint8_t status[2];
+
+ int rx_len;
+ int rx_start;
+ uint8_t rx_fifo[64];
+};
+
+static void pxa2xx_fir_reset(PXA2xxFIrState *s)
+{
+ s->control[0] = 0x00;
+ s->control[1] = 0x00;
+ s->control[2] = 0x00;
+ s->status[0] = 0x00;
+ s->status[1] = 0x00;
+ s->enable = 0;
+}
+
+static inline void pxa2xx_fir_update(PXA2xxFIrState *s)
+{
+ static const int tresh[4] = { 8, 16, 32, 0 };
+ int intr = 0;
+ if ((s->control[0] & (1 << 4)) && /* RXE */
+ s->rx_len >= tresh[s->control[2] & 3]) /* TRIG */
+ s->status[0] |= 1 << 4; /* RFS */
+ else
+ s->status[0] &= ~(1 << 4); /* RFS */
+ if (s->control[0] & (1 << 3)) /* TXE */
+ s->status[0] |= 1 << 3; /* TFS */
+ else
+ s->status[0] &= ~(1 << 3); /* TFS */
+ if (s->rx_len)
+ s->status[1] |= 1 << 2; /* RNE */
+ else
+ s->status[1] &= ~(1 << 2); /* RNE */
+ if (s->control[0] & (1 << 4)) /* RXE */
+ s->status[1] |= 1 << 0; /* RSY */
+ else
+ s->status[1] &= ~(1 << 0); /* RSY */
+
+ intr |= (s->control[0] & (1 << 5)) && /* RIE */
+ (s->status[0] & (1 << 4)); /* RFS */
+ intr |= (s->control[0] & (1 << 6)) && /* TIE */
+ (s->status[0] & (1 << 3)); /* TFS */
+ intr |= (s->control[2] & (1 << 4)) && /* TRAIL */
+ (s->status[0] & (1 << 6)); /* EOC */
+ intr |= (s->control[0] & (1 << 2)) && /* TUS */
+ (s->status[0] & (1 << 1)); /* TUR */
+ intr |= s->status[0] & 0x25; /* FRE, RAB, EIF */
+
+ qemu_set_irq(s->rx_dma, (s->status[0] >> 4) & 1);
+ qemu_set_irq(s->tx_dma, (s->status[0] >> 3) & 1);
+
+ qemu_set_irq(s->irq, intr && s->enable);
+}
+
+#define ICCR0 0x00 /* FICP Control register 0 */
+#define ICCR1 0x04 /* FICP Control register 1 */
+#define ICCR2 0x08 /* FICP Control register 2 */
+#define ICDR 0x0c /* FICP Data register */
+#define ICSR0 0x14 /* FICP Status register 0 */
+#define ICSR1 0x18 /* FICP Status register 1 */
+#define ICFOR 0x1c /* FICP FIFO Occupancy Status register */
+
+static uint64_t pxa2xx_fir_read(void *opaque, hwaddr addr,
+ unsigned size)
+{
+ PXA2xxFIrState *s = (PXA2xxFIrState *) opaque;
+ uint8_t ret;
+
+ switch (addr) {
+ case ICCR0:
+ return s->control[0];
+ case ICCR1:
+ return s->control[1];
+ case ICCR2:
+ return s->control[2];
+ case ICDR:
+ s->status[0] &= ~0x01;
+ s->status[1] &= ~0x72;
+ if (s->rx_len) {
+ s->rx_len --;
+ ret = s->rx_fifo[s->rx_start ++];
+ s->rx_start &= 63;
+ pxa2xx_fir_update(s);
+ return ret;
+ }
+ printf("%s: Rx FIFO underrun.\n", __FUNCTION__);
+ break;
+ case ICSR0:
+ return s->status[0];
+ case ICSR1:
+ return s->status[1] | (1 << 3); /* TNF */
+ case ICFOR:
+ return s->rx_len;
+ default:
+ printf("%s: Bad register " REG_FMT "\n", __FUNCTION__, addr);
+ break;
+ }
+ return 0;
+}
+
+static void pxa2xx_fir_write(void *opaque, hwaddr addr,
+ uint64_t value64, unsigned size)
+{
+ PXA2xxFIrState *s = (PXA2xxFIrState *) opaque;
+ uint32_t value = value64;
+ uint8_t ch;
+
+ switch (addr) {
+ case ICCR0:
+ s->control[0] = value;
+ if (!(value & (1 << 4))) /* RXE */
+ s->rx_len = s->rx_start = 0;
+ if (!(value & (1 << 3))) { /* TXE */
+ /* Nop */
+ }
+ s->enable = value & 1; /* ITR */
+ if (!s->enable)
+ s->status[0] = 0;
+ pxa2xx_fir_update(s);
+ break;
+ case ICCR1:
+ s->control[1] = value;
+ break;
+ case ICCR2:
+ s->control[2] = value & 0x3f;
+ pxa2xx_fir_update(s);
+ break;
+ case ICDR:
+ if (s->control[2] & (1 << 2)) /* TXP */
+ ch = value;
+ else
+ ch = ~value;
+ if (s->chr && s->enable && (s->control[0] & (1 << 3))) /* TXE */
+ qemu_chr_fe_write(s->chr, &ch, 1);
+ break;
+ case ICSR0:
+ s->status[0] &= ~(value & 0x66);
+ pxa2xx_fir_update(s);
+ break;
+ case ICFOR:
+ break;
+ default:
+ printf("%s: Bad register " REG_FMT "\n", __FUNCTION__, addr);
+ }
+}
+
+static const MemoryRegionOps pxa2xx_fir_ops = {
+ .read = pxa2xx_fir_read,
+ .write = pxa2xx_fir_write,
+ .endianness = DEVICE_NATIVE_ENDIAN,
+};
+
+static int pxa2xx_fir_is_empty(void *opaque)
+{
+ PXA2xxFIrState *s = (PXA2xxFIrState *) opaque;
+ return (s->rx_len < 64);
+}
+
+static void pxa2xx_fir_rx(void *opaque, const uint8_t *buf, int size)
+{
+ PXA2xxFIrState *s = (PXA2xxFIrState *) opaque;
+ if (!(s->control[0] & (1 << 4))) /* RXE */
+ return;
+
+ while (size --) {
+ s->status[1] |= 1 << 4; /* EOF */
+ if (s->rx_len >= 64) {
+ s->status[1] |= 1 << 6; /* ROR */
+ break;
+ }
+
+ if (s->control[2] & (1 << 3)) /* RXP */
+ s->rx_fifo[(s->rx_start + s->rx_len ++) & 63] = *(buf ++);
+ else
+ s->rx_fifo[(s->rx_start + s->rx_len ++) & 63] = ~*(buf ++);
+ }
+
+ pxa2xx_fir_update(s);
+}
+
+static void pxa2xx_fir_event(void *opaque, int event)
+{
+}
+
+static void pxa2xx_fir_save(QEMUFile *f, void *opaque)
+{
+ PXA2xxFIrState *s = (PXA2xxFIrState *) opaque;
+ int i;
+
+ qemu_put_be32(f, s->enable);
+
+ qemu_put_8s(f, &s->control[0]);
+ qemu_put_8s(f, &s->control[1]);
+ qemu_put_8s(f, &s->control[2]);
+ qemu_put_8s(f, &s->status[0]);
+ qemu_put_8s(f, &s->status[1]);
+
+ qemu_put_byte(f, s->rx_len);
+ for (i = 0; i < s->rx_len; i ++)
+ qemu_put_byte(f, s->rx_fifo[(s->rx_start + i) & 63]);
+}
+
+static int pxa2xx_fir_load(QEMUFile *f, void *opaque, int version_id)
+{
+ PXA2xxFIrState *s = (PXA2xxFIrState *) opaque;
+ int i;
+
+ s->enable = qemu_get_be32(f);
+
+ qemu_get_8s(f, &s->control[0]);
+ qemu_get_8s(f, &s->control[1]);
+ qemu_get_8s(f, &s->control[2]);
+ qemu_get_8s(f, &s->status[0]);
+ qemu_get_8s(f, &s->status[1]);
+
+ s->rx_len = qemu_get_byte(f);
+ s->rx_start = 0;
+ for (i = 0; i < s->rx_len; i ++)
+ s->rx_fifo[i] = qemu_get_byte(f);
+
+ return 0;
+}
+
+static PXA2xxFIrState *pxa2xx_fir_init(MemoryRegion *sysmem,
+ hwaddr base,
+ qemu_irq irq, qemu_irq rx_dma, qemu_irq tx_dma,
+ CharDriverState *chr)
+{
+ PXA2xxFIrState *s = (PXA2xxFIrState *)
+ g_malloc0(sizeof(PXA2xxFIrState));
+
+ s->irq = irq;
+ s->rx_dma = rx_dma;
+ s->tx_dma = tx_dma;
+ s->chr = chr;
+
+ pxa2xx_fir_reset(s);
+
+ memory_region_init_io(&s->iomem, NULL, &pxa2xx_fir_ops, s, "pxa2xx-fir", 0x1000);
+ memory_region_add_subregion(sysmem, base, &s->iomem);
+
+ if (chr) {
+ qemu_chr_fe_claim_no_fail(chr);
+ qemu_chr_add_handlers(chr, pxa2xx_fir_is_empty,
+ pxa2xx_fir_rx, pxa2xx_fir_event, s);
+ }
+
+ register_savevm(NULL, "pxa2xx_fir", 0, 0, pxa2xx_fir_save,
+ pxa2xx_fir_load, s);
+
+ return s;
+}
+
+static void pxa2xx_reset(void *opaque, int line, int level)
+{
+ PXA2xxState *s = (PXA2xxState *) opaque;
+
+ if (level && (s->pm_regs[PCFR >> 2] & 0x10)) { /* GPR_EN */
+ cpu_reset(CPU(s->cpu));
+ /* TODO: reset peripherals */
+ }
+}
+
+/* Initialise a PXA270 integrated chip (ARM based core). */
+PXA2xxState *pxa270_init(MemoryRegion *address_space,
+ unsigned int sdram_size, const char *revision)
+{
+ PXA2xxState *s;
+ int i;
+ DriveInfo *dinfo;
+ s = (PXA2xxState *) g_malloc0(sizeof(PXA2xxState));
+
+ if (revision && strncmp(revision, "pxa27", 5)) {
+ fprintf(stderr, "Machine requires a PXA27x processor.\n");
+ exit(1);
+ }
+ if (!revision)
+ revision = "pxa270";
+
+ s->cpu = cpu_arm_init(revision);
+ if (s->cpu == NULL) {
+ fprintf(stderr, "Unable to find CPU definition\n");
+ exit(1);
+ }
+ s->reset = qemu_allocate_irqs(pxa2xx_reset, s, 1)[0];
+
+ /* SDRAM & Internal Memory Storage */
+ memory_region_init_ram(&s->sdram, NULL, "pxa270.sdram", sdram_size);
+ vmstate_register_ram_global(&s->sdram);
+ memory_region_add_subregion(address_space, PXA2XX_SDRAM_BASE, &s->sdram);
+ memory_region_init_ram(&s->internal, NULL, "pxa270.internal", 0x40000);
+ vmstate_register_ram_global(&s->internal);
+ memory_region_add_subregion(address_space, PXA2XX_INTERNAL_BASE,
+ &s->internal);
+
+ s->pic = pxa2xx_pic_init(0x40d00000, s->cpu);
+
+ s->dma = pxa27x_dma_init(0x40000000,
+ qdev_get_gpio_in(s->pic, PXA2XX_PIC_DMA));
+
+ sysbus_create_varargs("pxa27x-timer", 0x40a00000,
+ qdev_get_gpio_in(s->pic, PXA2XX_PIC_OST_0 + 0),
+ qdev_get_gpio_in(s->pic, PXA2XX_PIC_OST_0 + 1),
+ qdev_get_gpio_in(s->pic, PXA2XX_PIC_OST_0 + 2),
+ qdev_get_gpio_in(s->pic, PXA2XX_PIC_OST_0 + 3),
+ qdev_get_gpio_in(s->pic, PXA27X_PIC_OST_4_11),
+ NULL);
+
+ s->gpio = pxa2xx_gpio_init(0x40e00000, s->cpu, s->pic, 121);
+
+ dinfo = drive_get(IF_SD, 0, 0);
+ if (!dinfo) {
+ fprintf(stderr, "qemu: missing SecureDigital device\n");
+ exit(1);
+ }
+ s->mmc = pxa2xx_mmci_init(address_space, 0x41100000, dinfo->bdrv,
+ qdev_get_gpio_in(s->pic, PXA2XX_PIC_MMC),
+ qdev_get_gpio_in(s->dma, PXA2XX_RX_RQ_MMCI),
+ qdev_get_gpio_in(s->dma, PXA2XX_TX_RQ_MMCI));
+
+ for (i = 0; pxa270_serial[i].io_base; i++) {
+ if (serial_hds[i]) {
+ serial_mm_init(address_space, pxa270_serial[i].io_base, 2,
+ qdev_get_gpio_in(s->pic, pxa270_serial[i].irqn),
+ 14857000 / 16, serial_hds[i],
+ DEVICE_NATIVE_ENDIAN);
+ } else {
+ break;
+ }
+ }
+ if (serial_hds[i])
+ s->fir = pxa2xx_fir_init(address_space, 0x40800000,
+ qdev_get_gpio_in(s->pic, PXA2XX_PIC_ICP),
+ qdev_get_gpio_in(s->dma, PXA2XX_RX_RQ_ICP),
+ qdev_get_gpio_in(s->dma, PXA2XX_TX_RQ_ICP),
+ serial_hds[i]);
+
+ s->lcd = pxa2xx_lcdc_init(address_space, 0x44000000,
+ qdev_get_gpio_in(s->pic, PXA2XX_PIC_LCD));
+
+ s->cm_base = 0x41300000;
+ s->cm_regs[CCCR >> 2] = 0x02000210; /* 416.0 MHz */
+ s->clkcfg = 0x00000009; /* Turbo mode active */
+ memory_region_init_io(&s->cm_iomem, NULL, &pxa2xx_cm_ops, s, "pxa2xx-cm", 0x1000);
+ memory_region_add_subregion(address_space, s->cm_base, &s->cm_iomem);
+ vmstate_register(NULL, 0, &vmstate_pxa2xx_cm, s);
+
+ pxa2xx_setup_cp14(s);
+
+ s->mm_base = 0x48000000;
+ s->mm_regs[MDMRS >> 2] = 0x00020002;
+ s->mm_regs[MDREFR >> 2] = 0x03ca4000;
+ s->mm_regs[MECR >> 2] = 0x00000001; /* Two PC Card sockets */
+ memory_region_init_io(&s->mm_iomem, NULL, &pxa2xx_mm_ops, s, "pxa2xx-mm", 0x1000);
+ memory_region_add_subregion(address_space, s->mm_base, &s->mm_iomem);
+ vmstate_register(NULL, 0, &vmstate_pxa2xx_mm, s);
+
+ s->pm_base = 0x40f00000;
+ memory_region_init_io(&s->pm_iomem, NULL, &pxa2xx_pm_ops, s, "pxa2xx-pm", 0x100);
+ memory_region_add_subregion(address_space, s->pm_base, &s->pm_iomem);
+ vmstate_register(NULL, 0, &vmstate_pxa2xx_pm, s);
+
+ for (i = 0; pxa27x_ssp[i].io_base; i ++);
+ s->ssp = (SSIBus **)g_malloc0(sizeof(SSIBus *) * i);
+ for (i = 0; pxa27x_ssp[i].io_base; i ++) {
+ DeviceState *dev;
+ dev = sysbus_create_simple(TYPE_PXA2XX_SSP, pxa27x_ssp[i].io_base,
+ qdev_get_gpio_in(s->pic, pxa27x_ssp[i].irqn));
+ s->ssp[i] = (SSIBus *)qdev_get_child_bus(dev, "ssi");
+ }
+
+ if (usb_enabled(false)) {
+ sysbus_create_simple("sysbus-ohci", 0x4c000000,
+ qdev_get_gpio_in(s->pic, PXA2XX_PIC_USBH1));
+ }
+
+ s->pcmcia[0] = pxa2xx_pcmcia_init(address_space, 0x20000000);
+ s->pcmcia[1] = pxa2xx_pcmcia_init(address_space, 0x30000000);
+
+ sysbus_create_simple(TYPE_PXA2XX_RTC, 0x40900000,
+ qdev_get_gpio_in(s->pic, PXA2XX_PIC_RTCALARM));
+
+ s->i2c[0] = pxa2xx_i2c_init(0x40301600,
+ qdev_get_gpio_in(s->pic, PXA2XX_PIC_I2C), 0xffff);
+ s->i2c[1] = pxa2xx_i2c_init(0x40f00100,
+ qdev_get_gpio_in(s->pic, PXA2XX_PIC_PWRI2C), 0xff);
+
+ s->i2s = pxa2xx_i2s_init(address_space, 0x40400000,
+ qdev_get_gpio_in(s->pic, PXA2XX_PIC_I2S),
+ qdev_get_gpio_in(s->dma, PXA2XX_RX_RQ_I2S),
+ qdev_get_gpio_in(s->dma, PXA2XX_TX_RQ_I2S));
+
+ s->kp = pxa27x_keypad_init(address_space, 0x41500000,
+ qdev_get_gpio_in(s->pic, PXA2XX_PIC_KEYPAD));
+
+ /* GPIO1 resets the processor */
+ /* The handler can be overridden by board-specific code */
+ qdev_connect_gpio_out(s->gpio, 1, s->reset);
+ return s;
+}
+
+/* Initialise a PXA255 integrated chip (ARM based core). */
+PXA2xxState *pxa255_init(MemoryRegion *address_space, unsigned int sdram_size)
+{
+ PXA2xxState *s;
+ int i;
+ DriveInfo *dinfo;
+
+ s = (PXA2xxState *) g_malloc0(sizeof(PXA2xxState));
+
+ s->cpu = cpu_arm_init("pxa255");
+ if (s->cpu == NULL) {
+ fprintf(stderr, "Unable to find CPU definition\n");
+ exit(1);
+ }
+ s->reset = qemu_allocate_irqs(pxa2xx_reset, s, 1)[0];
+
+ /* SDRAM & Internal Memory Storage */
+ memory_region_init_ram(&s->sdram, NULL, "pxa255.sdram", sdram_size);
+ vmstate_register_ram_global(&s->sdram);
+ memory_region_add_subregion(address_space, PXA2XX_SDRAM_BASE, &s->sdram);
+ memory_region_init_ram(&s->internal, NULL, "pxa255.internal",
+ PXA2XX_INTERNAL_SIZE);
+ vmstate_register_ram_global(&s->internal);
+ memory_region_add_subregion(address_space, PXA2XX_INTERNAL_BASE,
+ &s->internal);
+
+ s->pic = pxa2xx_pic_init(0x40d00000, s->cpu);
+
+ s->dma = pxa255_dma_init(0x40000000,
+ qdev_get_gpio_in(s->pic, PXA2XX_PIC_DMA));
+
+ sysbus_create_varargs("pxa25x-timer", 0x40a00000,
+ qdev_get_gpio_in(s->pic, PXA2XX_PIC_OST_0 + 0),
+ qdev_get_gpio_in(s->pic, PXA2XX_PIC_OST_0 + 1),
+ qdev_get_gpio_in(s->pic, PXA2XX_PIC_OST_0 + 2),
+ qdev_get_gpio_in(s->pic, PXA2XX_PIC_OST_0 + 3),
+ NULL);
+
+ s->gpio = pxa2xx_gpio_init(0x40e00000, s->cpu, s->pic, 85);
+
+ dinfo = drive_get(IF_SD, 0, 0);
+ if (!dinfo) {
+ fprintf(stderr, "qemu: missing SecureDigital device\n");
+ exit(1);
+ }
+ s->mmc = pxa2xx_mmci_init(address_space, 0x41100000, dinfo->bdrv,
+ qdev_get_gpio_in(s->pic, PXA2XX_PIC_MMC),
+ qdev_get_gpio_in(s->dma, PXA2XX_RX_RQ_MMCI),
+ qdev_get_gpio_in(s->dma, PXA2XX_TX_RQ_MMCI));
+
+ for (i = 0; pxa255_serial[i].io_base; i++) {
+ if (serial_hds[i]) {
+ serial_mm_init(address_space, pxa255_serial[i].io_base, 2,
+ qdev_get_gpio_in(s->pic, pxa255_serial[i].irqn),
+ 14745600 / 16, serial_hds[i],
+ DEVICE_NATIVE_ENDIAN);
+ } else {
+ break;
+ }
+ }
+ if (serial_hds[i])
+ s->fir = pxa2xx_fir_init(address_space, 0x40800000,
+ qdev_get_gpio_in(s->pic, PXA2XX_PIC_ICP),
+ qdev_get_gpio_in(s->dma, PXA2XX_RX_RQ_ICP),
+ qdev_get_gpio_in(s->dma, PXA2XX_TX_RQ_ICP),
+ serial_hds[i]);
+
+ s->lcd = pxa2xx_lcdc_init(address_space, 0x44000000,
+ qdev_get_gpio_in(s->pic, PXA2XX_PIC_LCD));
+
+ s->cm_base = 0x41300000;
+ s->cm_regs[CCCR >> 2] = 0x02000210; /* 416.0 MHz */
+ s->clkcfg = 0x00000009; /* Turbo mode active */
+ memory_region_init_io(&s->cm_iomem, NULL, &pxa2xx_cm_ops, s, "pxa2xx-cm", 0x1000);
+ memory_region_add_subregion(address_space, s->cm_base, &s->cm_iomem);
+ vmstate_register(NULL, 0, &vmstate_pxa2xx_cm, s);
+
+ pxa2xx_setup_cp14(s);
+
+ s->mm_base = 0x48000000;
+ s->mm_regs[MDMRS >> 2] = 0x00020002;
+ s->mm_regs[MDREFR >> 2] = 0x03ca4000;
+ s->mm_regs[MECR >> 2] = 0x00000001; /* Two PC Card sockets */
+ memory_region_init_io(&s->mm_iomem, NULL, &pxa2xx_mm_ops, s, "pxa2xx-mm", 0x1000);
+ memory_region_add_subregion(address_space, s->mm_base, &s->mm_iomem);
+ vmstate_register(NULL, 0, &vmstate_pxa2xx_mm, s);
+
+ s->pm_base = 0x40f00000;
+ memory_region_init_io(&s->pm_iomem, NULL, &pxa2xx_pm_ops, s, "pxa2xx-pm", 0x100);
+ memory_region_add_subregion(address_space, s->pm_base, &s->pm_iomem);
+ vmstate_register(NULL, 0, &vmstate_pxa2xx_pm, s);
+
+ for (i = 0; pxa255_ssp[i].io_base; i ++);
+ s->ssp = (SSIBus **)g_malloc0(sizeof(SSIBus *) * i);
+ for (i = 0; pxa255_ssp[i].io_base; i ++) {
+ DeviceState *dev;
+ dev = sysbus_create_simple(TYPE_PXA2XX_SSP, pxa255_ssp[i].io_base,
+ qdev_get_gpio_in(s->pic, pxa255_ssp[i].irqn));
+ s->ssp[i] = (SSIBus *)qdev_get_child_bus(dev, "ssi");
+ }
+
+ if (usb_enabled(false)) {
+ sysbus_create_simple("sysbus-ohci", 0x4c000000,
+ qdev_get_gpio_in(s->pic, PXA2XX_PIC_USBH1));
+ }
+
+ s->pcmcia[0] = pxa2xx_pcmcia_init(address_space, 0x20000000);
+ s->pcmcia[1] = pxa2xx_pcmcia_init(address_space, 0x30000000);
+
+ sysbus_create_simple(TYPE_PXA2XX_RTC, 0x40900000,
+ qdev_get_gpio_in(s->pic, PXA2XX_PIC_RTCALARM));
+
+ s->i2c[0] = pxa2xx_i2c_init(0x40301600,
+ qdev_get_gpio_in(s->pic, PXA2XX_PIC_I2C), 0xffff);
+ s->i2c[1] = pxa2xx_i2c_init(0x40f00100,
+ qdev_get_gpio_in(s->pic, PXA2XX_PIC_PWRI2C), 0xff);
+
+ s->i2s = pxa2xx_i2s_init(address_space, 0x40400000,
+ qdev_get_gpio_in(s->pic, PXA2XX_PIC_I2S),
+ qdev_get_gpio_in(s->dma, PXA2XX_RX_RQ_I2S),
+ qdev_get_gpio_in(s->dma, PXA2XX_TX_RQ_I2S));
+
+ /* GPIO1 resets the processor */
+ /* The handler can be overridden by board-specific code */
+ qdev_connect_gpio_out(s->gpio, 1, s->reset);
+ return s;
+}
+
+static void pxa2xx_ssp_class_init(ObjectClass *klass, void *data)
+{
+ SysBusDeviceClass *sdc = SYS_BUS_DEVICE_CLASS(klass);
+
+ sdc->init = pxa2xx_ssp_init;
+}
+
+static const TypeInfo pxa2xx_ssp_info = {
+ .name = TYPE_PXA2XX_SSP,
+ .parent = TYPE_SYS_BUS_DEVICE,
+ .instance_size = sizeof(PXA2xxSSPState),
+ .class_init = pxa2xx_ssp_class_init,
+};
+
+static void pxa2xx_register_types(void)
+{
+ type_register_static(&pxa2xx_i2c_slave_info);
+ type_register_static(&pxa2xx_ssp_info);
+ type_register_static(&pxa2xx_i2c_info);
+ type_register_static(&pxa2xx_rtc_sysbus_info);
+}
+
+type_init(pxa2xx_register_types)
diff --git a/hw/arm/pxa2xx_gpio.c b/hw/arm/pxa2xx_gpio.c
new file mode 100644
index 000000000..ca77f56c9
--- /dev/null
+++ b/hw/arm/pxa2xx_gpio.c
@@ -0,0 +1,358 @@
+/*
+ * Intel XScale PXA255/270 GPIO controller emulation.
+ *
+ * Copyright (c) 2006 Openedhand Ltd.
+ * Written by Andrzej Zaborowski <balrog@zabor.org>
+ *
+ * This code is licensed under the GPL.
+ */
+
+#include "hw/hw.h"
+#include "hw/sysbus.h"
+#include "hw/arm/pxa.h"
+
+#define PXA2XX_GPIO_BANKS 4
+
+#define TYPE_PXA2XX_GPIO "pxa2xx-gpio"
+#define PXA2XX_GPIO(obj) \
+ OBJECT_CHECK(PXA2xxGPIOInfo, (obj), TYPE_PXA2XX_GPIO)
+
+typedef struct PXA2xxGPIOInfo PXA2xxGPIOInfo;
+struct PXA2xxGPIOInfo {
+ /*< private >*/
+ SysBusDevice parent_obj;
+ /*< public >*/
+
+ MemoryRegion iomem;
+ qemu_irq irq0, irq1, irqX;
+ int lines;
+ int ncpu;
+ ARMCPU *cpu;
+
+ /* XXX: GNU C vectors are more suitable */
+ uint32_t ilevel[PXA2XX_GPIO_BANKS];
+ uint32_t olevel[PXA2XX_GPIO_BANKS];
+ uint32_t dir[PXA2XX_GPIO_BANKS];
+ uint32_t rising[PXA2XX_GPIO_BANKS];
+ uint32_t falling[PXA2XX_GPIO_BANKS];
+ uint32_t status[PXA2XX_GPIO_BANKS];
+ uint32_t gpsr[PXA2XX_GPIO_BANKS];
+ uint32_t gafr[PXA2XX_GPIO_BANKS * 2];
+
+ uint32_t prev_level[PXA2XX_GPIO_BANKS];
+ qemu_irq handler[PXA2XX_GPIO_BANKS * 32];
+ qemu_irq read_notify;
+};
+
+static struct {
+ enum {
+ GPIO_NONE,
+ GPLR,
+ GPSR,
+ GPCR,
+ GPDR,
+ GRER,
+ GFER,
+ GEDR,
+ GAFR_L,
+ GAFR_U,
+ } reg;
+ int bank;
+} pxa2xx_gpio_regs[0x200] = {
+ [0 ... 0x1ff] = { GPIO_NONE, 0 },
+#define PXA2XX_REG(reg, a0, a1, a2, a3) \
+ [a0] = { reg, 0 }, [a1] = { reg, 1 }, [a2] = { reg, 2 }, [a3] = { reg, 3 },
+
+ PXA2XX_REG(GPLR, 0x000, 0x004, 0x008, 0x100)
+ PXA2XX_REG(GPSR, 0x018, 0x01c, 0x020, 0x118)
+ PXA2XX_REG(GPCR, 0x024, 0x028, 0x02c, 0x124)
+ PXA2XX_REG(GPDR, 0x00c, 0x010, 0x014, 0x10c)
+ PXA2XX_REG(GRER, 0x030, 0x034, 0x038, 0x130)
+ PXA2XX_REG(GFER, 0x03c, 0x040, 0x044, 0x13c)
+ PXA2XX_REG(GEDR, 0x048, 0x04c, 0x050, 0x148)
+ PXA2XX_REG(GAFR_L, 0x054, 0x05c, 0x064, 0x06c)
+ PXA2XX_REG(GAFR_U, 0x058, 0x060, 0x068, 0x070)
+};
+
+static void pxa2xx_gpio_irq_update(PXA2xxGPIOInfo *s)
+{
+ if (s->status[0] & (1 << 0))
+ qemu_irq_raise(s->irq0);
+ else
+ qemu_irq_lower(s->irq0);
+
+ if (s->status[0] & (1 << 1))
+ qemu_irq_raise(s->irq1);
+ else
+ qemu_irq_lower(s->irq1);
+
+ if ((s->status[0] & ~3) | s->status[1] | s->status[2] | s->status[3])
+ qemu_irq_raise(s->irqX);
+ else
+ qemu_irq_lower(s->irqX);
+}
+
+/* Bitmap of pins used as standby and sleep wake-up sources. */
+static const int pxa2xx_gpio_wake[PXA2XX_GPIO_BANKS] = {
+ 0x8003fe1b, 0x002001fc, 0xec080000, 0x0012007f,
+};
+
+static void pxa2xx_gpio_set(void *opaque, int line, int level)
+{
+ PXA2xxGPIOInfo *s = (PXA2xxGPIOInfo *) opaque;
+ CPUState *cpu = CPU(s->cpu);
+ int bank;
+ uint32_t mask;
+
+ if (line >= s->lines) {
+ printf("%s: No GPIO pin %i\n", __FUNCTION__, line);
+ return;
+ }
+
+ bank = line >> 5;
+ mask = 1 << (line & 31);
+
+ if (level) {
+ s->status[bank] |= s->rising[bank] & mask &
+ ~s->ilevel[bank] & ~s->dir[bank];
+ s->ilevel[bank] |= mask;
+ } else {
+ s->status[bank] |= s->falling[bank] & mask &
+ s->ilevel[bank] & ~s->dir[bank];
+ s->ilevel[bank] &= ~mask;
+ }
+
+ if (s->status[bank] & mask)
+ pxa2xx_gpio_irq_update(s);
+
+ /* Wake-up GPIOs */
+ if (cpu->halted && (mask & ~s->dir[bank] & pxa2xx_gpio_wake[bank])) {
+ cpu_interrupt(cpu, CPU_INTERRUPT_EXITTB);
+ }
+}
+
+static void pxa2xx_gpio_handler_update(PXA2xxGPIOInfo *s) {
+ uint32_t level, diff;
+ int i, bit, line;
+ for (i = 0; i < PXA2XX_GPIO_BANKS; i ++) {
+ level = s->olevel[i] & s->dir[i];
+
+ for (diff = s->prev_level[i] ^ level; diff; diff ^= 1 << bit) {
+ bit = ffs(diff) - 1;
+ line = bit + 32 * i;
+ qemu_set_irq(s->handler[line], (level >> bit) & 1);
+ }
+
+ s->prev_level[i] = level;
+ }
+}
+
+static uint64_t pxa2xx_gpio_read(void *opaque, hwaddr offset,
+ unsigned size)
+{
+ PXA2xxGPIOInfo *s = (PXA2xxGPIOInfo *) opaque;
+ uint32_t ret;
+ int bank;
+ if (offset >= 0x200)
+ return 0;
+
+ bank = pxa2xx_gpio_regs[offset].bank;
+ switch (pxa2xx_gpio_regs[offset].reg) {
+ case GPDR: /* GPIO Pin-Direction registers */
+ return s->dir[bank];
+
+ case GPSR: /* GPIO Pin-Output Set registers */
+ printf("%s: Read from a write-only register " REG_FMT "\n",
+ __FUNCTION__, offset);
+ return s->gpsr[bank]; /* Return last written value. */
+
+ case GPCR: /* GPIO Pin-Output Clear registers */
+ printf("%s: Read from a write-only register " REG_FMT "\n",
+ __FUNCTION__, offset);
+ return 31337; /* Specified as unpredictable in the docs. */
+
+ case GRER: /* GPIO Rising-Edge Detect Enable registers */
+ return s->rising[bank];
+
+ case GFER: /* GPIO Falling-Edge Detect Enable registers */
+ return s->falling[bank];
+
+ case GAFR_L: /* GPIO Alternate Function registers */
+ return s->gafr[bank * 2];
+
+ case GAFR_U: /* GPIO Alternate Function registers */
+ return s->gafr[bank * 2 + 1];
+
+ case GPLR: /* GPIO Pin-Level registers */
+ ret = (s->olevel[bank] & s->dir[bank]) |
+ (s->ilevel[bank] & ~s->dir[bank]);
+ qemu_irq_raise(s->read_notify);
+ return ret;
+
+ case GEDR: /* GPIO Edge Detect Status registers */
+ return s->status[bank];
+
+ default:
+ hw_error("%s: Bad offset " REG_FMT "\n", __FUNCTION__, offset);
+ }
+
+ return 0;
+}
+
+static void pxa2xx_gpio_write(void *opaque, hwaddr offset,
+ uint64_t value, unsigned size)
+{
+ PXA2xxGPIOInfo *s = (PXA2xxGPIOInfo *) opaque;
+ int bank;
+ if (offset >= 0x200)
+ return;
+
+ bank = pxa2xx_gpio_regs[offset].bank;
+ switch (pxa2xx_gpio_regs[offset].reg) {
+ case GPDR: /* GPIO Pin-Direction registers */
+ s->dir[bank] = value;
+ pxa2xx_gpio_handler_update(s);
+ break;
+
+ case GPSR: /* GPIO Pin-Output Set registers */
+ s->olevel[bank] |= value;
+ pxa2xx_gpio_handler_update(s);
+ s->gpsr[bank] = value;
+ break;
+
+ case GPCR: /* GPIO Pin-Output Clear registers */
+ s->olevel[bank] &= ~value;
+ pxa2xx_gpio_handler_update(s);
+ break;
+
+ case GRER: /* GPIO Rising-Edge Detect Enable registers */
+ s->rising[bank] = value;
+ break;
+
+ case GFER: /* GPIO Falling-Edge Detect Enable registers */
+ s->falling[bank] = value;
+ break;
+
+ case GAFR_L: /* GPIO Alternate Function registers */
+ s->gafr[bank * 2] = value;
+ break;
+
+ case GAFR_U: /* GPIO Alternate Function registers */
+ s->gafr[bank * 2 + 1] = value;
+ break;
+
+ case GEDR: /* GPIO Edge Detect Status registers */
+ s->status[bank] &= ~value;
+ pxa2xx_gpio_irq_update(s);
+ break;
+
+ default:
+ hw_error("%s: Bad offset " REG_FMT "\n", __FUNCTION__, offset);
+ }
+}
+
+static const MemoryRegionOps pxa_gpio_ops = {
+ .read = pxa2xx_gpio_read,
+ .write = pxa2xx_gpio_write,
+ .endianness = DEVICE_NATIVE_ENDIAN,
+};
+
+DeviceState *pxa2xx_gpio_init(hwaddr base,
+ ARMCPU *cpu, DeviceState *pic, int lines)
+{
+ CPUState *cs = CPU(cpu);
+ DeviceState *dev;
+
+ dev = qdev_create(NULL, TYPE_PXA2XX_GPIO);
+ qdev_prop_set_int32(dev, "lines", lines);
+ qdev_prop_set_int32(dev, "ncpu", cs->cpu_index);
+ qdev_init_nofail(dev);
+
+ sysbus_mmio_map(SYS_BUS_DEVICE(dev), 0, base);
+ sysbus_connect_irq(SYS_BUS_DEVICE(dev), 0,
+ qdev_get_gpio_in(pic, PXA2XX_PIC_GPIO_0));
+ sysbus_connect_irq(SYS_BUS_DEVICE(dev), 1,
+ qdev_get_gpio_in(pic, PXA2XX_PIC_GPIO_1));
+ sysbus_connect_irq(SYS_BUS_DEVICE(dev), 2,
+ qdev_get_gpio_in(pic, PXA2XX_PIC_GPIO_X));
+
+ return dev;
+}
+
+static int pxa2xx_gpio_initfn(SysBusDevice *sbd)
+{
+ DeviceState *dev = DEVICE(sbd);
+ PXA2xxGPIOInfo *s = PXA2XX_GPIO(dev);
+
+ s->cpu = ARM_CPU(qemu_get_cpu(s->ncpu));
+
+ qdev_init_gpio_in(dev, pxa2xx_gpio_set, s->lines);
+ qdev_init_gpio_out(dev, s->handler, s->lines);
+
+ memory_region_init_io(&s->iomem, OBJECT(s), &pxa_gpio_ops, s, "pxa2xx-gpio", 0x1000);
+ sysbus_init_mmio(sbd, &s->iomem);
+ sysbus_init_irq(sbd, &s->irq0);
+ sysbus_init_irq(sbd, &s->irq1);
+ sysbus_init_irq(sbd, &s->irqX);
+
+ return 0;
+}
+
+/*
+ * Registers a callback to notify on GPLR reads. This normally
+ * shouldn't be needed but it is used for the hack on Spitz machines.
+ */
+void pxa2xx_gpio_read_notifier(DeviceState *dev, qemu_irq handler)
+{
+ PXA2xxGPIOInfo *s = PXA2XX_GPIO(dev);
+
+ s->read_notify = handler;
+}
+
+static const VMStateDescription vmstate_pxa2xx_gpio_regs = {
+ .name = "pxa2xx-gpio",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .minimum_version_id_old = 1,
+ .fields = (VMStateField []) {
+ VMSTATE_INT32(lines, PXA2xxGPIOInfo),
+ VMSTATE_UINT32_ARRAY(ilevel, PXA2xxGPIOInfo, PXA2XX_GPIO_BANKS),
+ VMSTATE_UINT32_ARRAY(olevel, PXA2xxGPIOInfo, PXA2XX_GPIO_BANKS),
+ VMSTATE_UINT32_ARRAY(dir, PXA2xxGPIOInfo, PXA2XX_GPIO_BANKS),
+ VMSTATE_UINT32_ARRAY(rising, PXA2xxGPIOInfo, PXA2XX_GPIO_BANKS),
+ VMSTATE_UINT32_ARRAY(falling, PXA2xxGPIOInfo, PXA2XX_GPIO_BANKS),
+ VMSTATE_UINT32_ARRAY(status, PXA2xxGPIOInfo, PXA2XX_GPIO_BANKS),
+ VMSTATE_UINT32_ARRAY(gafr, PXA2xxGPIOInfo, PXA2XX_GPIO_BANKS * 2),
+ VMSTATE_END_OF_LIST(),
+ },
+};
+
+static Property pxa2xx_gpio_properties[] = {
+ DEFINE_PROP_INT32("lines", PXA2xxGPIOInfo, lines, 0),
+ DEFINE_PROP_INT32("ncpu", PXA2xxGPIOInfo, ncpu, 0),
+ DEFINE_PROP_END_OF_LIST(),
+};
+
+static void pxa2xx_gpio_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
+
+ k->init = pxa2xx_gpio_initfn;
+ dc->desc = "PXA2xx GPIO controller";
+ dc->props = pxa2xx_gpio_properties;
+}
+
+static const TypeInfo pxa2xx_gpio_info = {
+ .name = TYPE_PXA2XX_GPIO,
+ .parent = TYPE_SYS_BUS_DEVICE,
+ .instance_size = sizeof(PXA2xxGPIOInfo),
+ .class_init = pxa2xx_gpio_class_init,
+};
+
+static void pxa2xx_gpio_register_types(void)
+{
+ type_register_static(&pxa2xx_gpio_info);
+}
+
+type_init(pxa2xx_gpio_register_types)
diff --git a/hw/arm/pxa2xx_pic.c b/hw/arm/pxa2xx_pic.c
new file mode 100644
index 000000000..46d337cf8
--- /dev/null
+++ b/hw/arm/pxa2xx_pic.c
@@ -0,0 +1,341 @@
+/*
+ * Intel XScale PXA Programmable Interrupt Controller.
+ *
+ * Copyright (c) 2006 Openedhand Ltd.
+ * Copyright (c) 2006 Thorsten Zitterell
+ * Written by Andrzej Zaborowski <balrog@zabor.org>
+ *
+ * This code is licensed under the GPL.
+ */
+
+#include "hw/hw.h"
+#include "hw/arm/pxa.h"
+#include "hw/sysbus.h"
+
+#define ICIP 0x00 /* Interrupt Controller IRQ Pending register */
+#define ICMR 0x04 /* Interrupt Controller Mask register */
+#define ICLR 0x08 /* Interrupt Controller Level register */
+#define ICFP 0x0c /* Interrupt Controller FIQ Pending register */
+#define ICPR 0x10 /* Interrupt Controller Pending register */
+#define ICCR 0x14 /* Interrupt Controller Control register */
+#define ICHP 0x18 /* Interrupt Controller Highest Priority register */
+#define IPR0 0x1c /* Interrupt Controller Priority register 0 */
+#define IPR31 0x98 /* Interrupt Controller Priority register 31 */
+#define ICIP2 0x9c /* Interrupt Controller IRQ Pending register 2 */
+#define ICMR2 0xa0 /* Interrupt Controller Mask register 2 */
+#define ICLR2 0xa4 /* Interrupt Controller Level register 2 */
+#define ICFP2 0xa8 /* Interrupt Controller FIQ Pending register 2 */
+#define ICPR2 0xac /* Interrupt Controller Pending register 2 */
+#define IPR32 0xb0 /* Interrupt Controller Priority register 32 */
+#define IPR39 0xcc /* Interrupt Controller Priority register 39 */
+
+#define PXA2XX_PIC_SRCS 40
+
+#define TYPE_PXA2XX_PIC "pxa2xx_pic"
+#define PXA2XX_PIC(obj) \
+ OBJECT_CHECK(PXA2xxPICState, (obj), TYPE_PXA2XX_PIC)
+
+typedef struct {
+ /*< private >*/
+ SysBusDevice parent_obj;
+ /*< public >*/
+
+ MemoryRegion iomem;
+ ARMCPU *cpu;
+ uint32_t int_enabled[2];
+ uint32_t int_pending[2];
+ uint32_t is_fiq[2];
+ uint32_t int_idle;
+ uint32_t priority[PXA2XX_PIC_SRCS];
+} PXA2xxPICState;
+
+static void pxa2xx_pic_update(void *opaque)
+{
+ uint32_t mask[2];
+ PXA2xxPICState *s = (PXA2xxPICState *) opaque;
+ CPUState *cpu = CPU(s->cpu);
+
+ if (cpu->halted) {
+ mask[0] = s->int_pending[0] & (s->int_enabled[0] | s->int_idle);
+ mask[1] = s->int_pending[1] & (s->int_enabled[1] | s->int_idle);
+ if (mask[0] || mask[1]) {
+ cpu_interrupt(cpu, CPU_INTERRUPT_EXITTB);
+ }
+ }
+
+ mask[0] = s->int_pending[0] & s->int_enabled[0];
+ mask[1] = s->int_pending[1] & s->int_enabled[1];
+
+ if ((mask[0] & s->is_fiq[0]) || (mask[1] & s->is_fiq[1])) {
+ cpu_interrupt(cpu, CPU_INTERRUPT_FIQ);
+ } else {
+ cpu_reset_interrupt(cpu, CPU_INTERRUPT_FIQ);
+ }
+
+ if ((mask[0] & ~s->is_fiq[0]) || (mask[1] & ~s->is_fiq[1])) {
+ cpu_interrupt(cpu, CPU_INTERRUPT_HARD);
+ } else {
+ cpu_reset_interrupt(cpu, CPU_INTERRUPT_HARD);
+ }
+}
+
+/* Note: Here level means state of the signal on a pin, not
+ * IRQ/FIQ distinction as in PXA Developer Manual. */
+static void pxa2xx_pic_set_irq(void *opaque, int irq, int level)
+{
+ PXA2xxPICState *s = (PXA2xxPICState *) opaque;
+ int int_set = (irq >= 32);
+ irq &= 31;
+
+ if (level)
+ s->int_pending[int_set] |= 1 << irq;
+ else
+ s->int_pending[int_set] &= ~(1 << irq);
+
+ pxa2xx_pic_update(opaque);
+}
+
+static inline uint32_t pxa2xx_pic_highest(PXA2xxPICState *s) {
+ int i, int_set, irq;
+ uint32_t bit, mask[2];
+ uint32_t ichp = 0x003f003f; /* Both IDs invalid */
+
+ mask[0] = s->int_pending[0] & s->int_enabled[0];
+ mask[1] = s->int_pending[1] & s->int_enabled[1];
+
+ for (i = PXA2XX_PIC_SRCS - 1; i >= 0; i --) {
+ irq = s->priority[i] & 0x3f;
+ if ((s->priority[i] & (1 << 31)) && irq < PXA2XX_PIC_SRCS) {
+ /* Source peripheral ID is valid. */
+ bit = 1 << (irq & 31);
+ int_set = (irq >= 32);
+
+ if (mask[int_set] & bit & s->is_fiq[int_set]) {
+ /* FIQ asserted */
+ ichp &= 0xffff0000;
+ ichp |= (1 << 15) | irq;
+ }
+
+ if (mask[int_set] & bit & ~s->is_fiq[int_set]) {
+ /* IRQ asserted */
+ ichp &= 0x0000ffff;
+ ichp |= (1 << 31) | (irq << 16);
+ }
+ }
+ }
+
+ return ichp;
+}
+
+static uint64_t pxa2xx_pic_mem_read(void *opaque, hwaddr offset,
+ unsigned size)
+{
+ PXA2xxPICState *s = (PXA2xxPICState *) opaque;
+
+ switch (offset) {
+ case ICIP: /* IRQ Pending register */
+ return s->int_pending[0] & ~s->is_fiq[0] & s->int_enabled[0];
+ case ICIP2: /* IRQ Pending register 2 */
+ return s->int_pending[1] & ~s->is_fiq[1] & s->int_enabled[1];
+ case ICMR: /* Mask register */
+ return s->int_enabled[0];
+ case ICMR2: /* Mask register 2 */
+ return s->int_enabled[1];
+ case ICLR: /* Level register */
+ return s->is_fiq[0];
+ case ICLR2: /* Level register 2 */
+ return s->is_fiq[1];
+ case ICCR: /* Idle mask */
+ return (s->int_idle == 0);
+ case ICFP: /* FIQ Pending register */
+ return s->int_pending[0] & s->is_fiq[0] & s->int_enabled[0];
+ case ICFP2: /* FIQ Pending register 2 */
+ return s->int_pending[1] & s->is_fiq[1] & s->int_enabled[1];
+ case ICPR: /* Pending register */
+ return s->int_pending[0];
+ case ICPR2: /* Pending register 2 */
+ return s->int_pending[1];
+ case IPR0 ... IPR31:
+ return s->priority[0 + ((offset - IPR0 ) >> 2)];
+ case IPR32 ... IPR39:
+ return s->priority[32 + ((offset - IPR32) >> 2)];
+ case ICHP: /* Highest Priority register */
+ return pxa2xx_pic_highest(s);
+ default:
+ printf("%s: Bad register offset " REG_FMT "\n", __FUNCTION__, offset);
+ return 0;
+ }
+}
+
+static void pxa2xx_pic_mem_write(void *opaque, hwaddr offset,
+ uint64_t value, unsigned size)
+{
+ PXA2xxPICState *s = (PXA2xxPICState *) opaque;
+
+ switch (offset) {
+ case ICMR: /* Mask register */
+ s->int_enabled[0] = value;
+ break;
+ case ICMR2: /* Mask register 2 */
+ s->int_enabled[1] = value;
+ break;
+ case ICLR: /* Level register */
+ s->is_fiq[0] = value;
+ break;
+ case ICLR2: /* Level register 2 */
+ s->is_fiq[1] = value;
+ break;
+ case ICCR: /* Idle mask */
+ s->int_idle = (value & 1) ? 0 : ~0;
+ break;
+ case IPR0 ... IPR31:
+ s->priority[0 + ((offset - IPR0 ) >> 2)] = value & 0x8000003f;
+ break;
+ case IPR32 ... IPR39:
+ s->priority[32 + ((offset - IPR32) >> 2)] = value & 0x8000003f;
+ break;
+ default:
+ printf("%s: Bad register offset " REG_FMT "\n", __FUNCTION__, offset);
+ return;
+ }
+ pxa2xx_pic_update(opaque);
+}
+
+/* Interrupt Controller Coprocessor Space Register Mapping */
+static const int pxa2xx_cp_reg_map[0x10] = {
+ [0x0 ... 0xf] = -1,
+ [0x0] = ICIP,
+ [0x1] = ICMR,
+ [0x2] = ICLR,
+ [0x3] = ICFP,
+ [0x4] = ICPR,
+ [0x5] = ICHP,
+ [0x6] = ICIP2,
+ [0x7] = ICMR2,
+ [0x8] = ICLR2,
+ [0x9] = ICFP2,
+ [0xa] = ICPR2,
+};
+
+static int pxa2xx_pic_cp_read(CPUARMState *env, const ARMCPRegInfo *ri,
+ uint64_t *value)
+{
+ int offset = pxa2xx_cp_reg_map[ri->crn];
+ *value = pxa2xx_pic_mem_read(ri->opaque, offset, 4);
+ return 0;
+}
+
+static int pxa2xx_pic_cp_write(CPUARMState *env, const ARMCPRegInfo *ri,
+ uint64_t value)
+{
+ int offset = pxa2xx_cp_reg_map[ri->crn];
+ pxa2xx_pic_mem_write(ri->opaque, offset, value, 4);
+ return 0;
+}
+
+#define REGINFO_FOR_PIC_CP(NAME, CRN) \
+ { .name = NAME, .cp = 6, .crn = CRN, .crm = 0, .opc1 = 0, .opc2 = 0, \
+ .access = PL1_RW, \
+ .readfn = pxa2xx_pic_cp_read, .writefn = pxa2xx_pic_cp_write }
+
+static const ARMCPRegInfo pxa_pic_cp_reginfo[] = {
+ REGINFO_FOR_PIC_CP("ICIP", 0),
+ REGINFO_FOR_PIC_CP("ICMR", 1),
+ REGINFO_FOR_PIC_CP("ICLR", 2),
+ REGINFO_FOR_PIC_CP("ICFP", 3),
+ REGINFO_FOR_PIC_CP("ICPR", 4),
+ REGINFO_FOR_PIC_CP("ICHP", 5),
+ REGINFO_FOR_PIC_CP("ICIP2", 6),
+ REGINFO_FOR_PIC_CP("ICMR2", 7),
+ REGINFO_FOR_PIC_CP("ICLR2", 8),
+ REGINFO_FOR_PIC_CP("ICFP2", 9),
+ REGINFO_FOR_PIC_CP("ICPR2", 0xa),
+ REGINFO_SENTINEL
+};
+
+static const MemoryRegionOps pxa2xx_pic_ops = {
+ .read = pxa2xx_pic_mem_read,
+ .write = pxa2xx_pic_mem_write,
+ .endianness = DEVICE_NATIVE_ENDIAN,
+};
+
+static int pxa2xx_pic_post_load(void *opaque, int version_id)
+{
+ pxa2xx_pic_update(opaque);
+ return 0;
+}
+
+DeviceState *pxa2xx_pic_init(hwaddr base, ARMCPU *cpu)
+{
+ DeviceState *dev = qdev_create(NULL, TYPE_PXA2XX_PIC);
+ PXA2xxPICState *s = PXA2XX_PIC(dev);
+
+ s->cpu = cpu;
+
+ s->int_pending[0] = 0;
+ s->int_pending[1] = 0;
+ s->int_enabled[0] = 0;
+ s->int_enabled[1] = 0;
+ s->is_fiq[0] = 0;
+ s->is_fiq[1] = 0;
+
+ qdev_init_nofail(dev);
+
+ qdev_init_gpio_in(dev, pxa2xx_pic_set_irq, PXA2XX_PIC_SRCS);
+
+ /* Enable IC memory-mapped registers access. */
+ memory_region_init_io(&s->iomem, OBJECT(s), &pxa2xx_pic_ops, s,
+ "pxa2xx-pic", 0x00100000);
+ sysbus_init_mmio(SYS_BUS_DEVICE(dev), &s->iomem);
+ sysbus_mmio_map(SYS_BUS_DEVICE(dev), 0, base);
+
+ /* Enable IC coprocessor access. */
+ define_arm_cp_regs_with_opaque(cpu, pxa_pic_cp_reginfo, s);
+
+ return dev;
+}
+
+static VMStateDescription vmstate_pxa2xx_pic_regs = {
+ .name = "pxa2xx_pic",
+ .version_id = 0,
+ .minimum_version_id = 0,
+ .minimum_version_id_old = 0,
+ .post_load = pxa2xx_pic_post_load,
+ .fields = (VMStateField[]) {
+ VMSTATE_UINT32_ARRAY(int_enabled, PXA2xxPICState, 2),
+ VMSTATE_UINT32_ARRAY(int_pending, PXA2xxPICState, 2),
+ VMSTATE_UINT32_ARRAY(is_fiq, PXA2xxPICState, 2),
+ VMSTATE_UINT32(int_idle, PXA2xxPICState),
+ VMSTATE_UINT32_ARRAY(priority, PXA2xxPICState, PXA2XX_PIC_SRCS),
+ VMSTATE_END_OF_LIST(),
+ },
+};
+
+static int pxa2xx_pic_initfn(SysBusDevice *dev)
+{
+ return 0;
+}
+
+static void pxa2xx_pic_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
+
+ k->init = pxa2xx_pic_initfn;
+ dc->desc = "PXA2xx PIC";
+ dc->vmsd = &vmstate_pxa2xx_pic_regs;
+}
+
+static const TypeInfo pxa2xx_pic_info = {
+ .name = TYPE_PXA2XX_PIC,
+ .parent = TYPE_SYS_BUS_DEVICE,
+ .instance_size = sizeof(PXA2xxPICState),
+ .class_init = pxa2xx_pic_class_init,
+};
+
+static void pxa2xx_pic_register_types(void)
+{
+ type_register_static(&pxa2xx_pic_info);
+}
+
+type_init(pxa2xx_pic_register_types)
diff --git a/hw/arm/realview.c b/hw/arm/realview.c
new file mode 100644
index 000000000..3060f48f7
--- /dev/null
+++ b/hw/arm/realview.c
@@ -0,0 +1,410 @@
+/*
+ * ARM RealView Baseboard System emulation.
+ *
+ * Copyright (c) 2006-2007 CodeSourcery.
+ * Written by Paul Brook
+ *
+ * This code is licensed under the GPL.
+ */
+
+#include "hw/sysbus.h"
+#include "hw/arm/arm.h"
+#include "hw/arm/primecell.h"
+#include "hw/devices.h"
+#include "hw/pci/pci.h"
+#include "net/net.h"
+#include "sysemu/sysemu.h"
+#include "hw/boards.h"
+#include "hw/i2c/i2c.h"
+#include "sysemu/blockdev.h"
+#include "exec/address-spaces.h"
+
+#define SMP_BOOT_ADDR 0xe0000000
+#define SMP_BOOTREG_ADDR 0x10000030
+
+/* Board init. */
+
+static struct arm_boot_info realview_binfo = {
+ .smp_loader_start = SMP_BOOT_ADDR,
+ .smp_bootreg_addr = SMP_BOOTREG_ADDR,
+};
+
+/* The following two lists must be consistent. */
+enum realview_board_type {
+ BOARD_EB,
+ BOARD_EB_MPCORE,
+ BOARD_PB_A8,
+ BOARD_PBX_A9,
+};
+
+static const int realview_board_id[] = {
+ 0x33b,
+ 0x33b,
+ 0x769,
+ 0x76d
+};
+
+static void realview_init(QEMUMachineInitArgs *args,
+ enum realview_board_type board_type)
+{
+ ARMCPU *cpu = NULL;
+ CPUARMState *env;
+ MemoryRegion *sysmem = get_system_memory();
+ MemoryRegion *ram_lo = g_new(MemoryRegion, 1);
+ MemoryRegion *ram_hi = g_new(MemoryRegion, 1);
+ MemoryRegion *ram_alias = g_new(MemoryRegion, 1);
+ MemoryRegion *ram_hack = g_new(MemoryRegion, 1);
+ DeviceState *dev, *sysctl, *gpio2, *pl041;
+ SysBusDevice *busdev;
+ qemu_irq *irqp;
+ qemu_irq pic[64];
+ qemu_irq mmc_irq[2];
+ PCIBus *pci_bus = NULL;
+ NICInfo *nd;
+ i2c_bus *i2c;
+ int n;
+ int done_nic = 0;
+ qemu_irq cpu_irq[4];
+ int is_mpcore = 0;
+ int is_pb = 0;
+ uint32_t proc_id = 0;
+ uint32_t sys_id;
+ ram_addr_t low_ram_size;
+ ram_addr_t ram_size = args->ram_size;
+
+ switch (board_type) {
+ case BOARD_EB:
+ break;
+ case BOARD_EB_MPCORE:
+ is_mpcore = 1;
+ break;
+ case BOARD_PB_A8:
+ is_pb = 1;
+ break;
+ case BOARD_PBX_A9:
+ is_mpcore = 1;
+ is_pb = 1;
+ break;
+ }
+ for (n = 0; n < smp_cpus; n++) {
+ cpu = cpu_arm_init(args->cpu_model);
+ if (!cpu) {
+ fprintf(stderr, "Unable to find CPU definition\n");
+ exit(1);
+ }
+ irqp = arm_pic_init_cpu(cpu);
+ cpu_irq[n] = irqp[ARM_PIC_CPU_IRQ];
+ }
+ env = &cpu->env;
+ if (arm_feature(env, ARM_FEATURE_V7)) {
+ if (is_mpcore) {
+ proc_id = 0x0c000000;
+ } else {
+ proc_id = 0x0e000000;
+ }
+ } else if (arm_feature(env, ARM_FEATURE_V6K)) {
+ proc_id = 0x06000000;
+ } else if (arm_feature(env, ARM_FEATURE_V6)) {
+ proc_id = 0x04000000;
+ } else {
+ proc_id = 0x02000000;
+ }
+
+ if (is_pb && ram_size > 0x20000000) {
+ /* Core tile RAM. */
+ low_ram_size = ram_size - 0x20000000;
+ ram_size = 0x20000000;
+ memory_region_init_ram(ram_lo, NULL, "realview.lowmem", low_ram_size);
+ vmstate_register_ram_global(ram_lo);
+ memory_region_add_subregion(sysmem, 0x20000000, ram_lo);
+ }
+
+ memory_region_init_ram(ram_hi, NULL, "realview.highmem", ram_size);
+ vmstate_register_ram_global(ram_hi);
+ low_ram_size = ram_size;
+ if (low_ram_size > 0x10000000)
+ low_ram_size = 0x10000000;
+ /* SDRAM at address zero. */
+ memory_region_init_alias(ram_alias, NULL, "realview.alias",
+ ram_hi, 0, low_ram_size);
+ memory_region_add_subregion(sysmem, 0, ram_alias);
+ if (is_pb) {
+ /* And again at a high address. */
+ memory_region_add_subregion(sysmem, 0x70000000, ram_hi);
+ } else {
+ ram_size = low_ram_size;
+ }
+
+ sys_id = is_pb ? 0x01780500 : 0xc1400400;
+ sysctl = qdev_create(NULL, "realview_sysctl");
+ qdev_prop_set_uint32(sysctl, "sys_id", sys_id);
+ qdev_prop_set_uint32(sysctl, "proc_id", proc_id);
+ qdev_init_nofail(sysctl);
+ sysbus_mmio_map(SYS_BUS_DEVICE(sysctl), 0, 0x10000000);
+
+ if (is_mpcore) {
+ hwaddr periphbase;
+ dev = qdev_create(NULL, is_pb ? "a9mpcore_priv": "realview_mpcore");
+ qdev_prop_set_uint32(dev, "num-cpu", smp_cpus);
+ qdev_init_nofail(dev);
+ busdev = SYS_BUS_DEVICE(dev);
+ if (is_pb) {
+ periphbase = 0x1f000000;
+ } else {
+ periphbase = 0x10100000;
+ }
+ sysbus_mmio_map(busdev, 0, periphbase);
+ for (n = 0; n < smp_cpus; n++) {
+ sysbus_connect_irq(busdev, n, cpu_irq[n]);
+ }
+ sysbus_create_varargs("l2x0", periphbase + 0x2000, NULL);
+ /* Both A9 and 11MPCore put the GIC CPU i/f at base + 0x100 */
+ realview_binfo.gic_cpu_if_addr = periphbase + 0x100;
+ } else {
+ uint32_t gic_addr = is_pb ? 0x1e000000 : 0x10040000;
+ /* For now just create the nIRQ GIC, and ignore the others. */
+ dev = sysbus_create_simple("realview_gic", gic_addr, cpu_irq[0]);
+ }
+ for (n = 0; n < 64; n++) {
+ pic[n] = qdev_get_gpio_in(dev, n);
+ }
+
+ pl041 = qdev_create(NULL, "pl041");
+ qdev_prop_set_uint32(pl041, "nc_fifo_depth", 512);
+ qdev_init_nofail(pl041);
+ sysbus_mmio_map(SYS_BUS_DEVICE(pl041), 0, 0x10004000);
+ sysbus_connect_irq(SYS_BUS_DEVICE(pl041), 0, pic[19]);
+
+ sysbus_create_simple("pl050_keyboard", 0x10006000, pic[20]);
+ sysbus_create_simple("pl050_mouse", 0x10007000, pic[21]);
+
+ sysbus_create_simple("pl011", 0x10009000, pic[12]);
+ sysbus_create_simple("pl011", 0x1000a000, pic[13]);
+ sysbus_create_simple("pl011", 0x1000b000, pic[14]);
+ sysbus_create_simple("pl011", 0x1000c000, pic[15]);
+
+ /* DMA controller is optional, apparently. */
+ sysbus_create_simple("pl081", 0x10030000, pic[24]);
+
+ sysbus_create_simple("sp804", 0x10011000, pic[4]);
+ sysbus_create_simple("sp804", 0x10012000, pic[5]);
+
+ sysbus_create_simple("pl061", 0x10013000, pic[6]);
+ sysbus_create_simple("pl061", 0x10014000, pic[7]);
+ gpio2 = sysbus_create_simple("pl061", 0x10015000, pic[8]);
+
+ sysbus_create_simple("pl111", 0x10020000, pic[23]);
+
+ dev = sysbus_create_varargs("pl181", 0x10005000, pic[17], pic[18], NULL);
+ /* Wire up MMC card detect and read-only signals. These have
+ * to go to both the PL061 GPIO and the sysctl register.
+ * Note that the PL181 orders these lines (readonly,inserted)
+ * and the PL061 has them the other way about. Also the card
+ * detect line is inverted.
+ */
+ mmc_irq[0] = qemu_irq_split(
+ qdev_get_gpio_in(sysctl, ARM_SYSCTL_GPIO_MMC_WPROT),
+ qdev_get_gpio_in(gpio2, 1));
+ mmc_irq[1] = qemu_irq_split(
+ qdev_get_gpio_in(sysctl, ARM_SYSCTL_GPIO_MMC_CARDIN),
+ qemu_irq_invert(qdev_get_gpio_in(gpio2, 0)));
+ qdev_connect_gpio_out(dev, 0, mmc_irq[0]);
+ qdev_connect_gpio_out(dev, 1, mmc_irq[1]);
+
+ sysbus_create_simple("pl031", 0x10017000, pic[10]);
+
+ if (!is_pb) {
+ dev = qdev_create(NULL, "realview_pci");
+ busdev = SYS_BUS_DEVICE(dev);
+ qdev_init_nofail(dev);
+ sysbus_mmio_map(busdev, 0, 0x10019000); /* PCI controller registers */
+ sysbus_mmio_map(busdev, 1, 0x60000000); /* PCI self-config */
+ sysbus_mmio_map(busdev, 2, 0x61000000); /* PCI config */
+ sysbus_mmio_map(busdev, 3, 0x62000000); /* PCI I/O */
+ sysbus_mmio_map(busdev, 4, 0x63000000); /* PCI memory window 1 */
+ sysbus_mmio_map(busdev, 5, 0x64000000); /* PCI memory window 2 */
+ sysbus_mmio_map(busdev, 6, 0x68000000); /* PCI memory window 3 */
+ sysbus_connect_irq(busdev, 0, pic[48]);
+ sysbus_connect_irq(busdev, 1, pic[49]);
+ sysbus_connect_irq(busdev, 2, pic[50]);
+ sysbus_connect_irq(busdev, 3, pic[51]);
+ pci_bus = (PCIBus *)qdev_get_child_bus(dev, "pci");
+ if (usb_enabled(false)) {
+ pci_create_simple(pci_bus, -1, "pci-ohci");
+ }
+ n = drive_get_max_bus(IF_SCSI);
+ while (n >= 0) {
+ pci_create_simple(pci_bus, -1, "lsi53c895a");
+ n--;
+ }
+ }
+ for(n = 0; n < nb_nics; n++) {
+ nd = &nd_table[n];
+
+ if (!done_nic && (!nd->model ||
+ strcmp(nd->model, is_pb ? "lan9118" : "smc91c111") == 0)) {
+ if (is_pb) {
+ lan9118_init(nd, 0x4e000000, pic[28]);
+ } else {
+ smc91c111_init(nd, 0x4e000000, pic[28]);
+ }
+ done_nic = 1;
+ } else {
+ if (pci_bus) {
+ pci_nic_init_nofail(nd, pci_bus, "rtl8139", NULL);
+ }
+ }
+ }
+
+ dev = sysbus_create_simple("versatile_i2c", 0x10002000, NULL);
+ i2c = (i2c_bus *)qdev_get_child_bus(dev, "i2c");
+ i2c_create_slave(i2c, "ds1338", 0x68);
+
+ /* Memory map for RealView Emulation Baseboard: */
+ /* 0x10000000 System registers. */
+ /* 0x10001000 System controller. */
+ /* 0x10002000 Two-Wire Serial Bus. */
+ /* 0x10003000 Reserved. */
+ /* 0x10004000 AACI. */
+ /* 0x10005000 MCI. */
+ /* 0x10006000 KMI0. */
+ /* 0x10007000 KMI1. */
+ /* 0x10008000 Character LCD. (EB) */
+ /* 0x10009000 UART0. */
+ /* 0x1000a000 UART1. */
+ /* 0x1000b000 UART2. */
+ /* 0x1000c000 UART3. */
+ /* 0x1000d000 SSPI. */
+ /* 0x1000e000 SCI. */
+ /* 0x1000f000 Reserved. */
+ /* 0x10010000 Watchdog. */
+ /* 0x10011000 Timer 0+1. */
+ /* 0x10012000 Timer 2+3. */
+ /* 0x10013000 GPIO 0. */
+ /* 0x10014000 GPIO 1. */
+ /* 0x10015000 GPIO 2. */
+ /* 0x10002000 Two-Wire Serial Bus - DVI. (PB) */
+ /* 0x10017000 RTC. */
+ /* 0x10018000 DMC. */
+ /* 0x10019000 PCI controller config. */
+ /* 0x10020000 CLCD. */
+ /* 0x10030000 DMA Controller. */
+ /* 0x10040000 GIC1. (EB) */
+ /* 0x10050000 GIC2. (EB) */
+ /* 0x10060000 GIC3. (EB) */
+ /* 0x10070000 GIC4. (EB) */
+ /* 0x10080000 SMC. */
+ /* 0x1e000000 GIC1. (PB) */
+ /* 0x1e001000 GIC2. (PB) */
+ /* 0x1e002000 GIC3. (PB) */
+ /* 0x1e003000 GIC4. (PB) */
+ /* 0x40000000 NOR flash. */
+ /* 0x44000000 DoC flash. */
+ /* 0x48000000 SRAM. */
+ /* 0x4c000000 Configuration flash. */
+ /* 0x4e000000 Ethernet. */
+ /* 0x4f000000 USB. */
+ /* 0x50000000 PISMO. */
+ /* 0x54000000 PISMO. */
+ /* 0x58000000 PISMO. */
+ /* 0x5c000000 PISMO. */
+ /* 0x60000000 PCI. */
+ /* 0x60000000 PCI Self Config. */
+ /* 0x61000000 PCI Config. */
+ /* 0x62000000 PCI IO. */
+ /* 0x63000000 PCI mem 0. */
+ /* 0x64000000 PCI mem 1. */
+ /* 0x68000000 PCI mem 2. */
+
+ /* ??? Hack to map an additional page of ram for the secondary CPU
+ startup code. I guess this works on real hardware because the
+ BootROM happens to be in ROM/flash or in memory that isn't clobbered
+ until after Linux boots the secondary CPUs. */
+ memory_region_init_ram(ram_hack, NULL, "realview.hack", 0x1000);
+ vmstate_register_ram_global(ram_hack);
+ memory_region_add_subregion(sysmem, SMP_BOOT_ADDR, ram_hack);
+
+ realview_binfo.ram_size = ram_size;
+ realview_binfo.kernel_filename = args->kernel_filename;
+ realview_binfo.kernel_cmdline = args->kernel_cmdline;
+ realview_binfo.initrd_filename = args->initrd_filename;
+ realview_binfo.nb_cpus = smp_cpus;
+ realview_binfo.board_id = realview_board_id[board_type];
+ realview_binfo.loader_start = (board_type == BOARD_PB_A8 ? 0x70000000 : 0);
+ arm_load_kernel(ARM_CPU(first_cpu), &realview_binfo);
+}
+
+static void realview_eb_init(QEMUMachineInitArgs *args)
+{
+ if (!args->cpu_model) {
+ args->cpu_model = "arm926";
+ }
+ realview_init(args, BOARD_EB);
+}
+
+static void realview_eb_mpcore_init(QEMUMachineInitArgs *args)
+{
+ if (!args->cpu_model) {
+ args->cpu_model = "arm11mpcore";
+ }
+ realview_init(args, BOARD_EB_MPCORE);
+}
+
+static void realview_pb_a8_init(QEMUMachineInitArgs *args)
+{
+ if (!args->cpu_model) {
+ args->cpu_model = "cortex-a8";
+ }
+ realview_init(args, BOARD_PB_A8);
+}
+
+static void realview_pbx_a9_init(QEMUMachineInitArgs *args)
+{
+ if (!args->cpu_model) {
+ args->cpu_model = "cortex-a9";
+ }
+ realview_init(args, BOARD_PBX_A9);
+}
+
+static QEMUMachine realview_eb_machine = {
+ .name = "realview-eb",
+ .desc = "ARM RealView Emulation Baseboard (ARM926EJ-S)",
+ .init = realview_eb_init,
+ .block_default_type = IF_SCSI,
+ DEFAULT_MACHINE_OPTIONS,
+};
+
+static QEMUMachine realview_eb_mpcore_machine = {
+ .name = "realview-eb-mpcore",
+ .desc = "ARM RealView Emulation Baseboard (ARM11MPCore)",
+ .init = realview_eb_mpcore_init,
+ .block_default_type = IF_SCSI,
+ .max_cpus = 4,
+ DEFAULT_MACHINE_OPTIONS,
+};
+
+static QEMUMachine realview_pb_a8_machine = {
+ .name = "realview-pb-a8",
+ .desc = "ARM RealView Platform Baseboard for Cortex-A8",
+ .init = realview_pb_a8_init,
+ DEFAULT_MACHINE_OPTIONS,
+};
+
+static QEMUMachine realview_pbx_a9_machine = {
+ .name = "realview-pbx-a9",
+ .desc = "ARM RealView Platform Baseboard Explore for Cortex-A9",
+ .init = realview_pbx_a9_init,
+ .block_default_type = IF_SCSI,
+ .max_cpus = 4,
+ DEFAULT_MACHINE_OPTIONS,
+};
+
+static void realview_machine_init(void)
+{
+ qemu_register_machine(&realview_eb_machine);
+ qemu_register_machine(&realview_eb_mpcore_machine);
+ qemu_register_machine(&realview_pb_a8_machine);
+ qemu_register_machine(&realview_pbx_a9_machine);
+}
+
+machine_init(realview_machine_init);
diff --git a/hw/arm/spitz.c b/hw/arm/spitz.c
new file mode 100644
index 000000000..34f958268
--- /dev/null
+++ b/hw/arm/spitz.c
@@ -0,0 +1,1145 @@
+/*
+ * PXA270-based Clamshell PDA platforms.
+ *
+ * Copyright (c) 2006 Openedhand Ltd.
+ * Written by Andrzej Zaborowski <balrog@zabor.org>
+ *
+ * This code is licensed under the GNU GPL v2.
+ *
+ * Contributions after 2012-01-13 are licensed under the terms of the
+ * GNU GPL, version 2 or (at your option) any later version.
+ */
+
+#include "hw/hw.h"
+#include "hw/arm/pxa.h"
+#include "hw/arm/arm.h"
+#include "sysemu/sysemu.h"
+#include "hw/pcmcia.h"
+#include "hw/i2c/i2c.h"
+#include "hw/ssi.h"
+#include "hw/block/flash.h"
+#include "qemu/timer.h"
+#include "hw/devices.h"
+#include "hw/arm/sharpsl.h"
+#include "ui/console.h"
+#include "block/block.h"
+#include "audio/audio.h"
+#include "hw/boards.h"
+#include "sysemu/blockdev.h"
+#include "hw/sysbus.h"
+#include "exec/address-spaces.h"
+
+#undef REG_FMT
+#define REG_FMT "0x%02lx"
+
+/* Spitz Flash */
+#define FLASH_BASE 0x0c000000
+#define FLASH_ECCLPLB 0x00 /* Line parity 7 - 0 bit */
+#define FLASH_ECCLPUB 0x04 /* Line parity 15 - 8 bit */
+#define FLASH_ECCCP 0x08 /* Column parity 5 - 0 bit */
+#define FLASH_ECCCNTR 0x0c /* ECC byte counter */
+#define FLASH_ECCCLRR 0x10 /* Clear ECC */
+#define FLASH_FLASHIO 0x14 /* Flash I/O */
+#define FLASH_FLASHCTL 0x18 /* Flash Control */
+
+#define FLASHCTL_CE0 (1 << 0)
+#define FLASHCTL_CLE (1 << 1)
+#define FLASHCTL_ALE (1 << 2)
+#define FLASHCTL_WP (1 << 3)
+#define FLASHCTL_CE1 (1 << 4)
+#define FLASHCTL_RYBY (1 << 5)
+#define FLASHCTL_NCE (FLASHCTL_CE0 | FLASHCTL_CE1)
+
+#define TYPE_SL_NAND "sl-nand"
+#define SL_NAND(obj) OBJECT_CHECK(SLNANDState, (obj), TYPE_SL_NAND)
+
+typedef struct {
+ SysBusDevice parent_obj;
+
+ MemoryRegion iomem;
+ DeviceState *nand;
+ uint8_t ctl;
+ uint8_t manf_id;
+ uint8_t chip_id;
+ ECCState ecc;
+} SLNANDState;
+
+static uint64_t sl_read(void *opaque, hwaddr addr, unsigned size)
+{
+ SLNANDState *s = (SLNANDState *) opaque;
+ int ryby;
+
+ switch (addr) {
+#define BSHR(byte, from, to) ((s->ecc.lp[byte] >> (from - to)) & (1 << to))
+ case FLASH_ECCLPLB:
+ return BSHR(0, 4, 0) | BSHR(0, 5, 2) | BSHR(0, 6, 4) | BSHR(0, 7, 6) |
+ BSHR(1, 4, 1) | BSHR(1, 5, 3) | BSHR(1, 6, 5) | BSHR(1, 7, 7);
+
+#define BSHL(byte, from, to) ((s->ecc.lp[byte] << (to - from)) & (1 << to))
+ case FLASH_ECCLPUB:
+ return BSHL(0, 0, 0) | BSHL(0, 1, 2) | BSHL(0, 2, 4) | BSHL(0, 3, 6) |
+ BSHL(1, 0, 1) | BSHL(1, 1, 3) | BSHL(1, 2, 5) | BSHL(1, 3, 7);
+
+ case FLASH_ECCCP:
+ return s->ecc.cp;
+
+ case FLASH_ECCCNTR:
+ return s->ecc.count & 0xff;
+
+ case FLASH_FLASHCTL:
+ nand_getpins(s->nand, &ryby);
+ if (ryby)
+ return s->ctl | FLASHCTL_RYBY;
+ else
+ return s->ctl;
+
+ case FLASH_FLASHIO:
+ if (size == 4) {
+ return ecc_digest(&s->ecc, nand_getio(s->nand)) |
+ (ecc_digest(&s->ecc, nand_getio(s->nand)) << 16);
+ }
+ return ecc_digest(&s->ecc, nand_getio(s->nand));
+
+ default:
+ zaurus_printf("Bad register offset " REG_FMT "\n", (unsigned long)addr);
+ }
+ return 0;
+}
+
+static void sl_write(void *opaque, hwaddr addr,
+ uint64_t value, unsigned size)
+{
+ SLNANDState *s = (SLNANDState *) opaque;
+
+ switch (addr) {
+ case FLASH_ECCCLRR:
+ /* Value is ignored. */
+ ecc_reset(&s->ecc);
+ break;
+
+ case FLASH_FLASHCTL:
+ s->ctl = value & 0xff & ~FLASHCTL_RYBY;
+ nand_setpins(s->nand,
+ s->ctl & FLASHCTL_CLE,
+ s->ctl & FLASHCTL_ALE,
+ s->ctl & FLASHCTL_NCE,
+ s->ctl & FLASHCTL_WP,
+ 0);
+ break;
+
+ case FLASH_FLASHIO:
+ nand_setio(s->nand, ecc_digest(&s->ecc, value & 0xff));
+ break;
+
+ default:
+ zaurus_printf("Bad register offset " REG_FMT "\n", (unsigned long)addr);
+ }
+}
+
+enum {
+ FLASH_128M,
+ FLASH_1024M,
+};
+
+static const MemoryRegionOps sl_ops = {
+ .read = sl_read,
+ .write = sl_write,
+ .endianness = DEVICE_NATIVE_ENDIAN,
+};
+
+static void sl_flash_register(PXA2xxState *cpu, int size)
+{
+ DeviceState *dev;
+
+ dev = qdev_create(NULL, TYPE_SL_NAND);
+
+ qdev_prop_set_uint8(dev, "manf_id", NAND_MFR_SAMSUNG);
+ if (size == FLASH_128M)
+ qdev_prop_set_uint8(dev, "chip_id", 0x73);
+ else if (size == FLASH_1024M)
+ qdev_prop_set_uint8(dev, "chip_id", 0xf1);
+
+ qdev_init_nofail(dev);
+ sysbus_mmio_map(SYS_BUS_DEVICE(dev), 0, FLASH_BASE);
+}
+
+static int sl_nand_init(SysBusDevice *dev)
+{
+ SLNANDState *s = SL_NAND(dev);
+ DriveInfo *nand;
+
+ s->ctl = 0;
+ nand = drive_get(IF_MTD, 0, 0);
+ s->nand = nand_init(nand ? nand->bdrv : NULL, s->manf_id, s->chip_id);
+
+ memory_region_init_io(&s->iomem, OBJECT(s), &sl_ops, s, "sl", 0x40);
+ sysbus_init_mmio(dev, &s->iomem);
+
+ return 0;
+}
+
+/* Spitz Keyboard */
+
+#define SPITZ_KEY_STROBE_NUM 11
+#define SPITZ_KEY_SENSE_NUM 7
+
+static const int spitz_gpio_key_sense[SPITZ_KEY_SENSE_NUM] = {
+ 12, 17, 91, 34, 36, 38, 39
+};
+
+static const int spitz_gpio_key_strobe[SPITZ_KEY_STROBE_NUM] = {
+ 88, 23, 24, 25, 26, 27, 52, 103, 107, 108, 114
+};
+
+/* Eighth additional row maps the special keys */
+static int spitz_keymap[SPITZ_KEY_SENSE_NUM + 1][SPITZ_KEY_STROBE_NUM] = {
+ { 0x1d, 0x02, 0x04, 0x06, 0x07, 0x08, 0x0a, 0x0b, 0x0e, 0x3f, 0x40 },
+ { -1 , 0x03, 0x05, 0x13, 0x15, 0x09, 0x17, 0x18, 0x19, 0x41, 0x42 },
+ { 0x0f, 0x10, 0x12, 0x14, 0x22, 0x16, 0x24, 0x25, -1 , -1 , -1 },
+ { 0x3c, 0x11, 0x1f, 0x21, 0x2f, 0x23, 0x32, 0x26, -1 , 0x36, -1 },
+ { 0x3b, 0x1e, 0x20, 0x2e, 0x30, 0x31, 0x34, -1 , 0x1c, 0x2a, -1 },
+ { 0x44, 0x2c, 0x2d, 0x0c, 0x39, 0x33, -1 , 0x48, -1 , -1 , 0x38 },
+ { 0x37, 0x3d, -1 , 0x45, 0x57, 0x58, 0x4b, 0x50, 0x4d, -1 , -1 },
+ { 0x52, 0x43, 0x01, 0x47, 0x49, -1 , -1 , -1 , -1 , -1 , -1 },
+};
+
+#define SPITZ_GPIO_AK_INT 13 /* Remote control */
+#define SPITZ_GPIO_SYNC 16 /* Sync button */
+#define SPITZ_GPIO_ON_KEY 95 /* Power button */
+#define SPITZ_GPIO_SWA 97 /* Lid */
+#define SPITZ_GPIO_SWB 96 /* Tablet mode */
+
+/* The special buttons are mapped to unused keys */
+static const int spitz_gpiomap[5] = {
+ SPITZ_GPIO_AK_INT, SPITZ_GPIO_SYNC, SPITZ_GPIO_ON_KEY,
+ SPITZ_GPIO_SWA, SPITZ_GPIO_SWB,
+};
+
+#define TYPE_SPITZ_KEYBOARD "spitz-keyboard"
+#define SPITZ_KEYBOARD(obj) \
+ OBJECT_CHECK(SpitzKeyboardState, (obj), TYPE_SPITZ_KEYBOARD)
+
+typedef struct {
+ SysBusDevice parent_obj;
+
+ qemu_irq sense[SPITZ_KEY_SENSE_NUM];
+ qemu_irq gpiomap[5];
+ int keymap[0x80];
+ uint16_t keyrow[SPITZ_KEY_SENSE_NUM];
+ uint16_t strobe_state;
+ uint16_t sense_state;
+
+ uint16_t pre_map[0x100];
+ uint16_t modifiers;
+ uint16_t imodifiers;
+ uint8_t fifo[16];
+ int fifopos, fifolen;
+ QEMUTimer *kbdtimer;
+} SpitzKeyboardState;
+
+static void spitz_keyboard_sense_update(SpitzKeyboardState *s)
+{
+ int i;
+ uint16_t strobe, sense = 0;
+ for (i = 0; i < SPITZ_KEY_SENSE_NUM; i ++) {
+ strobe = s->keyrow[i] & s->strobe_state;
+ if (strobe) {
+ sense |= 1 << i;
+ if (!(s->sense_state & (1 << i)))
+ qemu_irq_raise(s->sense[i]);
+ } else if (s->sense_state & (1 << i))
+ qemu_irq_lower(s->sense[i]);
+ }
+
+ s->sense_state = sense;
+}
+
+static void spitz_keyboard_strobe(void *opaque, int line, int level)
+{
+ SpitzKeyboardState *s = (SpitzKeyboardState *) opaque;
+
+ if (level)
+ s->strobe_state |= 1 << line;
+ else
+ s->strobe_state &= ~(1 << line);
+ spitz_keyboard_sense_update(s);
+}
+
+static void spitz_keyboard_keydown(SpitzKeyboardState *s, int keycode)
+{
+ int spitz_keycode = s->keymap[keycode & 0x7f];
+ if (spitz_keycode == -1)
+ return;
+
+ /* Handle the additional keys */
+ if ((spitz_keycode >> 4) == SPITZ_KEY_SENSE_NUM) {
+ qemu_set_irq(s->gpiomap[spitz_keycode & 0xf], (keycode < 0x80));
+ return;
+ }
+
+ if (keycode & 0x80)
+ s->keyrow[spitz_keycode >> 4] &= ~(1 << (spitz_keycode & 0xf));
+ else
+ s->keyrow[spitz_keycode >> 4] |= 1 << (spitz_keycode & 0xf);
+
+ spitz_keyboard_sense_update(s);
+}
+
+#define MOD_SHIFT (1 << 7)
+#define MOD_CTRL (1 << 8)
+#define MOD_FN (1 << 9)
+
+#define QUEUE_KEY(c) s->fifo[(s->fifopos + s->fifolen ++) & 0xf] = c
+
+static void spitz_keyboard_handler(void *opaque, int keycode)
+{
+ SpitzKeyboardState *s = opaque;
+ uint16_t code;
+ int mapcode;
+ switch (keycode) {
+ case 0x2a: /* Left Shift */
+ s->modifiers |= 1;
+ break;
+ case 0xaa:
+ s->modifiers &= ~1;
+ break;
+ case 0x36: /* Right Shift */
+ s->modifiers |= 2;
+ break;
+ case 0xb6:
+ s->modifiers &= ~2;
+ break;
+ case 0x1d: /* Control */
+ s->modifiers |= 4;
+ break;
+ case 0x9d:
+ s->modifiers &= ~4;
+ break;
+ case 0x38: /* Alt */
+ s->modifiers |= 8;
+ break;
+ case 0xb8:
+ s->modifiers &= ~8;
+ break;
+ }
+
+ code = s->pre_map[mapcode = ((s->modifiers & 3) ?
+ (keycode | MOD_SHIFT) :
+ (keycode & ~MOD_SHIFT))];
+
+ if (code != mapcode) {
+#if 0
+ if ((code & MOD_SHIFT) && !(s->modifiers & 1))
+ QUEUE_KEY(0x2a | (keycode & 0x80));
+ if ((code & MOD_CTRL ) && !(s->modifiers & 4))
+ QUEUE_KEY(0x1d | (keycode & 0x80));
+ if ((code & MOD_FN ) && !(s->modifiers & 8))
+ QUEUE_KEY(0x38 | (keycode & 0x80));
+ if ((code & MOD_FN ) && (s->modifiers & 1))
+ QUEUE_KEY(0x2a | (~keycode & 0x80));
+ if ((code & MOD_FN ) && (s->modifiers & 2))
+ QUEUE_KEY(0x36 | (~keycode & 0x80));
+#else
+ if (keycode & 0x80) {
+ if ((s->imodifiers & 1 ) && !(s->modifiers & 1))
+ QUEUE_KEY(0x2a | 0x80);
+ if ((s->imodifiers & 4 ) && !(s->modifiers & 4))
+ QUEUE_KEY(0x1d | 0x80);
+ if ((s->imodifiers & 8 ) && !(s->modifiers & 8))
+ QUEUE_KEY(0x38 | 0x80);
+ if ((s->imodifiers & 0x10) && (s->modifiers & 1))
+ QUEUE_KEY(0x2a);
+ if ((s->imodifiers & 0x20) && (s->modifiers & 2))
+ QUEUE_KEY(0x36);
+ s->imodifiers = 0;
+ } else {
+ if ((code & MOD_SHIFT) && !((s->modifiers | s->imodifiers) & 1)) {
+ QUEUE_KEY(0x2a);
+ s->imodifiers |= 1;
+ }
+ if ((code & MOD_CTRL ) && !((s->modifiers | s->imodifiers) & 4)) {
+ QUEUE_KEY(0x1d);
+ s->imodifiers |= 4;
+ }
+ if ((code & MOD_FN ) && !((s->modifiers | s->imodifiers) & 8)) {
+ QUEUE_KEY(0x38);
+ s->imodifiers |= 8;
+ }
+ if ((code & MOD_FN ) && (s->modifiers & 1) &&
+ !(s->imodifiers & 0x10)) {
+ QUEUE_KEY(0x2a | 0x80);
+ s->imodifiers |= 0x10;
+ }
+ if ((code & MOD_FN ) && (s->modifiers & 2) &&
+ !(s->imodifiers & 0x20)) {
+ QUEUE_KEY(0x36 | 0x80);
+ s->imodifiers |= 0x20;
+ }
+ }
+#endif
+ }
+
+ QUEUE_KEY((code & 0x7f) | (keycode & 0x80));
+}
+
+static void spitz_keyboard_tick(void *opaque)
+{
+ SpitzKeyboardState *s = (SpitzKeyboardState *) opaque;
+
+ if (s->fifolen) {
+ spitz_keyboard_keydown(s, s->fifo[s->fifopos ++]);
+ s->fifolen --;
+ if (s->fifopos >= 16)
+ s->fifopos = 0;
+ }
+
+ qemu_mod_timer(s->kbdtimer, qemu_get_clock_ns(vm_clock) +
+ get_ticks_per_sec() / 32);
+}
+
+static void spitz_keyboard_pre_map(SpitzKeyboardState *s)
+{
+ int i;
+ for (i = 0; i < 0x100; i ++)
+ s->pre_map[i] = i;
+ s->pre_map[0x02 | MOD_SHIFT ] = 0x02 | MOD_SHIFT; /* exclam */
+ s->pre_map[0x28 | MOD_SHIFT ] = 0x03 | MOD_SHIFT; /* quotedbl */
+ s->pre_map[0x04 | MOD_SHIFT ] = 0x04 | MOD_SHIFT; /* numbersign */
+ s->pre_map[0x05 | MOD_SHIFT ] = 0x05 | MOD_SHIFT; /* dollar */
+ s->pre_map[0x06 | MOD_SHIFT ] = 0x06 | MOD_SHIFT; /* percent */
+ s->pre_map[0x08 | MOD_SHIFT ] = 0x07 | MOD_SHIFT; /* ampersand */
+ s->pre_map[0x28 ] = 0x08 | MOD_SHIFT; /* apostrophe */
+ s->pre_map[0x0a | MOD_SHIFT ] = 0x09 | MOD_SHIFT; /* parenleft */
+ s->pre_map[0x0b | MOD_SHIFT ] = 0x0a | MOD_SHIFT; /* parenright */
+ s->pre_map[0x29 | MOD_SHIFT ] = 0x0b | MOD_SHIFT; /* asciitilde */
+ s->pre_map[0x03 | MOD_SHIFT ] = 0x0c | MOD_SHIFT; /* at */
+ s->pre_map[0xd3 ] = 0x0e | MOD_FN; /* Delete */
+ s->pre_map[0x3a ] = 0x0f | MOD_FN; /* Caps_Lock */
+ s->pre_map[0x07 | MOD_SHIFT ] = 0x11 | MOD_FN; /* asciicircum */
+ s->pre_map[0x0d ] = 0x12 | MOD_FN; /* equal */
+ s->pre_map[0x0d | MOD_SHIFT ] = 0x13 | MOD_FN; /* plus */
+ s->pre_map[0x1a ] = 0x14 | MOD_FN; /* bracketleft */
+ s->pre_map[0x1b ] = 0x15 | MOD_FN; /* bracketright */
+ s->pre_map[0x1a | MOD_SHIFT ] = 0x16 | MOD_FN; /* braceleft */
+ s->pre_map[0x1b | MOD_SHIFT ] = 0x17 | MOD_FN; /* braceright */
+ s->pre_map[0x27 ] = 0x22 | MOD_FN; /* semicolon */
+ s->pre_map[0x27 | MOD_SHIFT ] = 0x23 | MOD_FN; /* colon */
+ s->pre_map[0x09 | MOD_SHIFT ] = 0x24 | MOD_FN; /* asterisk */
+ s->pre_map[0x2b ] = 0x25 | MOD_FN; /* backslash */
+ s->pre_map[0x2b | MOD_SHIFT ] = 0x26 | MOD_FN; /* bar */
+ s->pre_map[0x0c | MOD_SHIFT ] = 0x30 | MOD_FN; /* underscore */
+ s->pre_map[0x33 | MOD_SHIFT ] = 0x33 | MOD_FN; /* less */
+ s->pre_map[0x35 ] = 0x33 | MOD_SHIFT; /* slash */
+ s->pre_map[0x34 | MOD_SHIFT ] = 0x34 | MOD_FN; /* greater */
+ s->pre_map[0x35 | MOD_SHIFT ] = 0x34 | MOD_SHIFT; /* question */
+ s->pre_map[0x49 ] = 0x48 | MOD_FN; /* Page_Up */
+ s->pre_map[0x51 ] = 0x50 | MOD_FN; /* Page_Down */
+
+ s->modifiers = 0;
+ s->imodifiers = 0;
+ s->fifopos = 0;
+ s->fifolen = 0;
+}
+
+#undef MOD_SHIFT
+#undef MOD_CTRL
+#undef MOD_FN
+
+static int spitz_keyboard_post_load(void *opaque, int version_id)
+{
+ SpitzKeyboardState *s = (SpitzKeyboardState *) opaque;
+
+ /* Release all pressed keys */
+ memset(s->keyrow, 0, sizeof(s->keyrow));
+ spitz_keyboard_sense_update(s);
+ s->modifiers = 0;
+ s->imodifiers = 0;
+ s->fifopos = 0;
+ s->fifolen = 0;
+
+ return 0;
+}
+
+static void spitz_keyboard_register(PXA2xxState *cpu)
+{
+ int i;
+ DeviceState *dev;
+ SpitzKeyboardState *s;
+
+ dev = sysbus_create_simple(TYPE_SPITZ_KEYBOARD, -1, NULL);
+ s = SPITZ_KEYBOARD(dev);
+
+ for (i = 0; i < SPITZ_KEY_SENSE_NUM; i ++)
+ qdev_connect_gpio_out(dev, i, qdev_get_gpio_in(cpu->gpio, spitz_gpio_key_sense[i]));
+
+ for (i = 0; i < 5; i ++)
+ s->gpiomap[i] = qdev_get_gpio_in(cpu->gpio, spitz_gpiomap[i]);
+
+ if (!graphic_rotate)
+ s->gpiomap[4] = qemu_irq_invert(s->gpiomap[4]);
+
+ for (i = 0; i < 5; i++)
+ qemu_set_irq(s->gpiomap[i], 0);
+
+ for (i = 0; i < SPITZ_KEY_STROBE_NUM; i ++)
+ qdev_connect_gpio_out(cpu->gpio, spitz_gpio_key_strobe[i],
+ qdev_get_gpio_in(dev, i));
+
+ qemu_mod_timer(s->kbdtimer, qemu_get_clock_ns(vm_clock));
+
+ qemu_add_kbd_event_handler(spitz_keyboard_handler, s);
+}
+
+static int spitz_keyboard_init(SysBusDevice *sbd)
+{
+ DeviceState *dev = DEVICE(sbd);
+ SpitzKeyboardState *s = SPITZ_KEYBOARD(dev);
+ int i, j;
+
+ for (i = 0; i < 0x80; i ++)
+ s->keymap[i] = -1;
+ for (i = 0; i < SPITZ_KEY_SENSE_NUM + 1; i ++)
+ for (j = 0; j < SPITZ_KEY_STROBE_NUM; j ++)
+ if (spitz_keymap[i][j] != -1)
+ s->keymap[spitz_keymap[i][j]] = (i << 4) | j;
+
+ spitz_keyboard_pre_map(s);
+
+ s->kbdtimer = qemu_new_timer_ns(vm_clock, spitz_keyboard_tick, s);
+ qdev_init_gpio_in(dev, spitz_keyboard_strobe, SPITZ_KEY_STROBE_NUM);
+ qdev_init_gpio_out(dev, s->sense, SPITZ_KEY_SENSE_NUM);
+
+ return 0;
+}
+
+/* LCD backlight controller */
+
+#define LCDTG_RESCTL 0x00
+#define LCDTG_PHACTRL 0x01
+#define LCDTG_DUTYCTRL 0x02
+#define LCDTG_POWERREG0 0x03
+#define LCDTG_POWERREG1 0x04
+#define LCDTG_GPOR3 0x05
+#define LCDTG_PICTRL 0x06
+#define LCDTG_POLCTRL 0x07
+
+typedef struct {
+ SSISlave ssidev;
+ uint32_t bl_intensity;
+ uint32_t bl_power;
+} SpitzLCDTG;
+
+static void spitz_bl_update(SpitzLCDTG *s)
+{
+ if (s->bl_power && s->bl_intensity)
+ zaurus_printf("LCD Backlight now at %i/63\n", s->bl_intensity);
+ else
+ zaurus_printf("LCD Backlight now off\n");
+}
+
+/* FIXME: Implement GPIO properly and remove this hack. */
+static SpitzLCDTG *spitz_lcdtg;
+
+static inline void spitz_bl_bit5(void *opaque, int line, int level)
+{
+ SpitzLCDTG *s = spitz_lcdtg;
+ int prev = s->bl_intensity;
+
+ if (level)
+ s->bl_intensity &= ~0x20;
+ else
+ s->bl_intensity |= 0x20;
+
+ if (s->bl_power && prev != s->bl_intensity)
+ spitz_bl_update(s);
+}
+
+static inline void spitz_bl_power(void *opaque, int line, int level)
+{
+ SpitzLCDTG *s = spitz_lcdtg;
+ s->bl_power = !!level;
+ spitz_bl_update(s);
+}
+
+static uint32_t spitz_lcdtg_transfer(SSISlave *dev, uint32_t value)
+{
+ SpitzLCDTG *s = FROM_SSI_SLAVE(SpitzLCDTG, dev);
+ int addr;
+ addr = value >> 5;
+ value &= 0x1f;
+
+ switch (addr) {
+ case LCDTG_RESCTL:
+ if (value)
+ zaurus_printf("LCD in QVGA mode\n");
+ else
+ zaurus_printf("LCD in VGA mode\n");
+ break;
+
+ case LCDTG_DUTYCTRL:
+ s->bl_intensity &= ~0x1f;
+ s->bl_intensity |= value;
+ if (s->bl_power)
+ spitz_bl_update(s);
+ break;
+
+ case LCDTG_POWERREG0:
+ /* Set common voltage to M62332FP */
+ break;
+ }
+ return 0;
+}
+
+static int spitz_lcdtg_init(SSISlave *dev)
+{
+ SpitzLCDTG *s = FROM_SSI_SLAVE(SpitzLCDTG, dev);
+
+ spitz_lcdtg = s;
+ s->bl_power = 0;
+ s->bl_intensity = 0x20;
+
+ return 0;
+}
+
+/* SSP devices */
+
+#define CORGI_SSP_PORT 2
+
+#define SPITZ_GPIO_LCDCON_CS 53
+#define SPITZ_GPIO_ADS7846_CS 14
+#define SPITZ_GPIO_MAX1111_CS 20
+#define SPITZ_GPIO_TP_INT 11
+
+static DeviceState *max1111;
+
+/* "Demux" the signal based on current chipselect */
+typedef struct {
+ SSISlave ssidev;
+ SSIBus *bus[3];
+ uint32_t enable[3];
+} CorgiSSPState;
+
+static uint32_t corgi_ssp_transfer(SSISlave *dev, uint32_t value)
+{
+ CorgiSSPState *s = FROM_SSI_SLAVE(CorgiSSPState, dev);
+ int i;
+
+ for (i = 0; i < 3; i++) {
+ if (s->enable[i]) {
+ return ssi_transfer(s->bus[i], value);
+ }
+ }
+ return 0;
+}
+
+static void corgi_ssp_gpio_cs(void *opaque, int line, int level)
+{
+ CorgiSSPState *s = (CorgiSSPState *)opaque;
+ assert(line >= 0 && line < 3);
+ s->enable[line] = !level;
+}
+
+#define MAX1111_BATT_VOLT 1
+#define MAX1111_BATT_TEMP 2
+#define MAX1111_ACIN_VOLT 3
+
+#define SPITZ_BATTERY_TEMP 0xe0 /* About 2.9V */
+#define SPITZ_BATTERY_VOLT 0xd0 /* About 4.0V */
+#define SPITZ_CHARGEON_ACIN 0x80 /* About 5.0V */
+
+static void spitz_adc_temp_on(void *opaque, int line, int level)
+{
+ if (!max1111)
+ return;
+
+ if (level)
+ max111x_set_input(max1111, MAX1111_BATT_TEMP, SPITZ_BATTERY_TEMP);
+ else
+ max111x_set_input(max1111, MAX1111_BATT_TEMP, 0);
+}
+
+static int corgi_ssp_init(SSISlave *dev)
+{
+ CorgiSSPState *s = FROM_SSI_SLAVE(CorgiSSPState, dev);
+
+ qdev_init_gpio_in(&dev->qdev, corgi_ssp_gpio_cs, 3);
+ s->bus[0] = ssi_create_bus(&dev->qdev, "ssi0");
+ s->bus[1] = ssi_create_bus(&dev->qdev, "ssi1");
+ s->bus[2] = ssi_create_bus(&dev->qdev, "ssi2");
+
+ return 0;
+}
+
+static void spitz_ssp_attach(PXA2xxState *cpu)
+{
+ DeviceState *mux;
+ DeviceState *dev;
+ void *bus;
+
+ mux = ssi_create_slave(cpu->ssp[CORGI_SSP_PORT - 1], "corgi-ssp");
+
+ bus = qdev_get_child_bus(mux, "ssi0");
+ ssi_create_slave(bus, "spitz-lcdtg");
+
+ bus = qdev_get_child_bus(mux, "ssi1");
+ dev = ssi_create_slave(bus, "ads7846");
+ qdev_connect_gpio_out(dev, 0,
+ qdev_get_gpio_in(cpu->gpio, SPITZ_GPIO_TP_INT));
+
+ bus = qdev_get_child_bus(mux, "ssi2");
+ max1111 = ssi_create_slave(bus, "max1111");
+ max111x_set_input(max1111, MAX1111_BATT_VOLT, SPITZ_BATTERY_VOLT);
+ max111x_set_input(max1111, MAX1111_BATT_TEMP, 0);
+ max111x_set_input(max1111, MAX1111_ACIN_VOLT, SPITZ_CHARGEON_ACIN);
+
+ qdev_connect_gpio_out(cpu->gpio, SPITZ_GPIO_LCDCON_CS,
+ qdev_get_gpio_in(mux, 0));
+ qdev_connect_gpio_out(cpu->gpio, SPITZ_GPIO_ADS7846_CS,
+ qdev_get_gpio_in(mux, 1));
+ qdev_connect_gpio_out(cpu->gpio, SPITZ_GPIO_MAX1111_CS,
+ qdev_get_gpio_in(mux, 2));
+}
+
+/* CF Microdrive */
+
+static void spitz_microdrive_attach(PXA2xxState *cpu, int slot)
+{
+ PCMCIACardState *md;
+ DriveInfo *dinfo;
+
+ dinfo = drive_get(IF_IDE, 0, 0);
+ if (!dinfo || dinfo->media_cd)
+ return;
+ md = dscm1xxxx_init(dinfo);
+ pxa2xx_pcmcia_attach(cpu->pcmcia[slot], md);
+}
+
+/* Wm8750 and Max7310 on I2C */
+
+#define AKITA_MAX_ADDR 0x18
+#define SPITZ_WM_ADDRL 0x1b
+#define SPITZ_WM_ADDRH 0x1a
+
+#define SPITZ_GPIO_WM 5
+
+static void spitz_wm8750_addr(void *opaque, int line, int level)
+{
+ I2CSlave *wm = (I2CSlave *) opaque;
+ if (level)
+ i2c_set_slave_address(wm, SPITZ_WM_ADDRH);
+ else
+ i2c_set_slave_address(wm, SPITZ_WM_ADDRL);
+}
+
+static void spitz_i2c_setup(PXA2xxState *cpu)
+{
+ /* Attach the CPU on one end of our I2C bus. */
+ i2c_bus *bus = pxa2xx_i2c_bus(cpu->i2c[0]);
+
+ DeviceState *wm;
+
+ /* Attach a WM8750 to the bus */
+ wm = i2c_create_slave(bus, "wm8750", 0);
+
+ spitz_wm8750_addr(wm, 0, 0);
+ qdev_connect_gpio_out(cpu->gpio, SPITZ_GPIO_WM,
+ qemu_allocate_irqs(spitz_wm8750_addr, wm, 1)[0]);
+ /* .. and to the sound interface. */
+ cpu->i2s->opaque = wm;
+ cpu->i2s->codec_out = wm8750_dac_dat;
+ cpu->i2s->codec_in = wm8750_adc_dat;
+ wm8750_data_req_set(wm, cpu->i2s->data_req, cpu->i2s);
+}
+
+static void spitz_akita_i2c_setup(PXA2xxState *cpu)
+{
+ /* Attach a Max7310 to Akita I2C bus. */
+ i2c_create_slave(pxa2xx_i2c_bus(cpu->i2c[0]), "max7310",
+ AKITA_MAX_ADDR);
+}
+
+/* Other peripherals */
+
+static void spitz_out_switch(void *opaque, int line, int level)
+{
+ switch (line) {
+ case 0:
+ zaurus_printf("Charging %s.\n", level ? "off" : "on");
+ break;
+ case 1:
+ zaurus_printf("Discharging %s.\n", level ? "on" : "off");
+ break;
+ case 2:
+ zaurus_printf("Green LED %s.\n", level ? "on" : "off");
+ break;
+ case 3:
+ zaurus_printf("Orange LED %s.\n", level ? "on" : "off");
+ break;
+ case 4:
+ spitz_bl_bit5(opaque, line, level);
+ break;
+ case 5:
+ spitz_bl_power(opaque, line, level);
+ break;
+ case 6:
+ spitz_adc_temp_on(opaque, line, level);
+ break;
+ }
+}
+
+#define SPITZ_SCP_LED_GREEN 1
+#define SPITZ_SCP_JK_B 2
+#define SPITZ_SCP_CHRG_ON 3
+#define SPITZ_SCP_MUTE_L 4
+#define SPITZ_SCP_MUTE_R 5
+#define SPITZ_SCP_CF_POWER 6
+#define SPITZ_SCP_LED_ORANGE 7
+#define SPITZ_SCP_JK_A 8
+#define SPITZ_SCP_ADC_TEMP_ON 9
+#define SPITZ_SCP2_IR_ON 1
+#define SPITZ_SCP2_AKIN_PULLUP 2
+#define SPITZ_SCP2_BACKLIGHT_CONT 7
+#define SPITZ_SCP2_BACKLIGHT_ON 8
+#define SPITZ_SCP2_MIC_BIAS 9
+
+static void spitz_scoop_gpio_setup(PXA2xxState *cpu,
+ DeviceState *scp0, DeviceState *scp1)
+{
+ qemu_irq *outsignals = qemu_allocate_irqs(spitz_out_switch, cpu, 8);
+
+ qdev_connect_gpio_out(scp0, SPITZ_SCP_CHRG_ON, outsignals[0]);
+ qdev_connect_gpio_out(scp0, SPITZ_SCP_JK_B, outsignals[1]);
+ qdev_connect_gpio_out(scp0, SPITZ_SCP_LED_GREEN, outsignals[2]);
+ qdev_connect_gpio_out(scp0, SPITZ_SCP_LED_ORANGE, outsignals[3]);
+
+ if (scp1) {
+ qdev_connect_gpio_out(scp1, SPITZ_SCP2_BACKLIGHT_CONT, outsignals[4]);
+ qdev_connect_gpio_out(scp1, SPITZ_SCP2_BACKLIGHT_ON, outsignals[5]);
+ }
+
+ qdev_connect_gpio_out(scp0, SPITZ_SCP_ADC_TEMP_ON, outsignals[6]);
+}
+
+#define SPITZ_GPIO_HSYNC 22
+#define SPITZ_GPIO_SD_DETECT 9
+#define SPITZ_GPIO_SD_WP 81
+#define SPITZ_GPIO_ON_RESET 89
+#define SPITZ_GPIO_BAT_COVER 90
+#define SPITZ_GPIO_CF1_IRQ 105
+#define SPITZ_GPIO_CF1_CD 94
+#define SPITZ_GPIO_CF2_IRQ 106
+#define SPITZ_GPIO_CF2_CD 93
+
+static int spitz_hsync;
+
+static void spitz_lcd_hsync_handler(void *opaque, int line, int level)
+{
+ PXA2xxState *cpu = (PXA2xxState *) opaque;
+ qemu_set_irq(qdev_get_gpio_in(cpu->gpio, SPITZ_GPIO_HSYNC), spitz_hsync);
+ spitz_hsync ^= 1;
+}
+
+static void spitz_gpio_setup(PXA2xxState *cpu, int slots)
+{
+ qemu_irq lcd_hsync;
+ /*
+ * Bad hack: We toggle the LCD hsync GPIO on every GPIO status
+ * read to satisfy broken guests that poll-wait for hsync.
+ * Simulating a real hsync event would be less practical and
+ * wouldn't guarantee that a guest ever exits the loop.
+ */
+ spitz_hsync = 0;
+ lcd_hsync = qemu_allocate_irqs(spitz_lcd_hsync_handler, cpu, 1)[0];
+ pxa2xx_gpio_read_notifier(cpu->gpio, lcd_hsync);
+ pxa2xx_lcd_vsync_notifier(cpu->lcd, lcd_hsync);
+
+ /* MMC/SD host */
+ pxa2xx_mmci_handlers(cpu->mmc,
+ qdev_get_gpio_in(cpu->gpio, SPITZ_GPIO_SD_WP),
+ qdev_get_gpio_in(cpu->gpio, SPITZ_GPIO_SD_DETECT));
+
+ /* Battery lock always closed */
+ qemu_irq_raise(qdev_get_gpio_in(cpu->gpio, SPITZ_GPIO_BAT_COVER));
+
+ /* Handle reset */
+ qdev_connect_gpio_out(cpu->gpio, SPITZ_GPIO_ON_RESET, cpu->reset);
+
+ /* PCMCIA signals: card's IRQ and Card-Detect */
+ if (slots >= 1)
+ pxa2xx_pcmcia_set_irq_cb(cpu->pcmcia[0],
+ qdev_get_gpio_in(cpu->gpio, SPITZ_GPIO_CF1_IRQ),
+ qdev_get_gpio_in(cpu->gpio, SPITZ_GPIO_CF1_CD));
+ if (slots >= 2)
+ pxa2xx_pcmcia_set_irq_cb(cpu->pcmcia[1],
+ qdev_get_gpio_in(cpu->gpio, SPITZ_GPIO_CF2_IRQ),
+ qdev_get_gpio_in(cpu->gpio, SPITZ_GPIO_CF2_CD));
+}
+
+/* Board init. */
+enum spitz_model_e { spitz, akita, borzoi, terrier };
+
+#define SPITZ_RAM 0x04000000
+#define SPITZ_ROM 0x00800000
+
+static struct arm_boot_info spitz_binfo = {
+ .loader_start = PXA2XX_SDRAM_BASE,
+ .ram_size = 0x04000000,
+};
+
+static void spitz_common_init(QEMUMachineInitArgs *args,
+ enum spitz_model_e model, int arm_id)
+{
+ PXA2xxState *mpu;
+ DeviceState *scp0, *scp1 = NULL;
+ MemoryRegion *address_space_mem = get_system_memory();
+ MemoryRegion *rom = g_new(MemoryRegion, 1);
+ const char *cpu_model = args->cpu_model;
+
+ if (!cpu_model)
+ cpu_model = (model == terrier) ? "pxa270-c5" : "pxa270-c0";
+
+ /* Setup CPU & memory */
+ mpu = pxa270_init(address_space_mem, spitz_binfo.ram_size, cpu_model);
+
+ sl_flash_register(mpu, (model == spitz) ? FLASH_128M : FLASH_1024M);
+
+ memory_region_init_ram(rom, NULL, "spitz.rom", SPITZ_ROM);
+ vmstate_register_ram_global(rom);
+ memory_region_set_readonly(rom, true);
+ memory_region_add_subregion(address_space_mem, 0, rom);
+
+ /* Setup peripherals */
+ spitz_keyboard_register(mpu);
+
+ spitz_ssp_attach(mpu);
+
+ scp0 = sysbus_create_simple("scoop", 0x10800000, NULL);
+ if (model != akita) {
+ scp1 = sysbus_create_simple("scoop", 0x08800040, NULL);
+ }
+
+ spitz_scoop_gpio_setup(mpu, scp0, scp1);
+
+ spitz_gpio_setup(mpu, (model == akita) ? 1 : 2);
+
+ spitz_i2c_setup(mpu);
+
+ if (model == akita)
+ spitz_akita_i2c_setup(mpu);
+
+ if (model == terrier)
+ /* A 6.0 GB microdrive is permanently sitting in CF slot 1. */
+ spitz_microdrive_attach(mpu, 1);
+ else if (model != akita)
+ /* A 4.0 GB microdrive is permanently sitting in CF slot 0. */
+ spitz_microdrive_attach(mpu, 0);
+
+ spitz_binfo.kernel_filename = args->kernel_filename;
+ spitz_binfo.kernel_cmdline = args->kernel_cmdline;
+ spitz_binfo.initrd_filename = args->initrd_filename;
+ spitz_binfo.board_id = arm_id;
+ arm_load_kernel(mpu->cpu, &spitz_binfo);
+ sl_bootparam_write(SL_PXA_PARAM_BASE);
+}
+
+static void spitz_init(QEMUMachineInitArgs *args)
+{
+ spitz_common_init(args, spitz, 0x2c9);
+}
+
+static void borzoi_init(QEMUMachineInitArgs *args)
+{
+ spitz_common_init(args, borzoi, 0x33f);
+}
+
+static void akita_init(QEMUMachineInitArgs *args)
+{
+ spitz_common_init(args, akita, 0x2e8);
+}
+
+static void terrier_init(QEMUMachineInitArgs *args)
+{
+ spitz_common_init(args, terrier, 0x33f);
+}
+
+static QEMUMachine akitapda_machine = {
+ .name = "akita",
+ .desc = "Akita PDA (PXA270)",
+ .init = akita_init,
+ DEFAULT_MACHINE_OPTIONS,
+};
+
+static QEMUMachine spitzpda_machine = {
+ .name = "spitz",
+ .desc = "Spitz PDA (PXA270)",
+ .init = spitz_init,
+ DEFAULT_MACHINE_OPTIONS,
+};
+
+static QEMUMachine borzoipda_machine = {
+ .name = "borzoi",
+ .desc = "Borzoi PDA (PXA270)",
+ .init = borzoi_init,
+ DEFAULT_MACHINE_OPTIONS,
+};
+
+static QEMUMachine terrierpda_machine = {
+ .name = "terrier",
+ .desc = "Terrier PDA (PXA270)",
+ .init = terrier_init,
+ DEFAULT_MACHINE_OPTIONS,
+};
+
+static void spitz_machine_init(void)
+{
+ qemu_register_machine(&akitapda_machine);
+ qemu_register_machine(&spitzpda_machine);
+ qemu_register_machine(&borzoipda_machine);
+ qemu_register_machine(&terrierpda_machine);
+}
+
+machine_init(spitz_machine_init);
+
+static bool is_version_0(void *opaque, int version_id)
+{
+ return version_id == 0;
+}
+
+static VMStateDescription vmstate_sl_nand_info = {
+ .name = "sl-nand",
+ .version_id = 0,
+ .minimum_version_id = 0,
+ .minimum_version_id_old = 0,
+ .fields = (VMStateField []) {
+ VMSTATE_UINT8(ctl, SLNANDState),
+ VMSTATE_STRUCT(ecc, SLNANDState, 0, vmstate_ecc_state, ECCState),
+ VMSTATE_END_OF_LIST(),
+ },
+};
+
+static Property sl_nand_properties[] = {
+ DEFINE_PROP_UINT8("manf_id", SLNANDState, manf_id, NAND_MFR_SAMSUNG),
+ DEFINE_PROP_UINT8("chip_id", SLNANDState, chip_id, 0xf1),
+ DEFINE_PROP_END_OF_LIST(),
+};
+
+static void sl_nand_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
+
+ k->init = sl_nand_init;
+ dc->vmsd = &vmstate_sl_nand_info;
+ dc->props = sl_nand_properties;
+}
+
+static const TypeInfo sl_nand_info = {
+ .name = TYPE_SL_NAND,
+ .parent = TYPE_SYS_BUS_DEVICE,
+ .instance_size = sizeof(SLNANDState),
+ .class_init = sl_nand_class_init,
+};
+
+static VMStateDescription vmstate_spitz_kbd = {
+ .name = "spitz-keyboard",
+ .version_id = 1,
+ .minimum_version_id = 0,
+ .minimum_version_id_old = 0,
+ .post_load = spitz_keyboard_post_load,
+ .fields = (VMStateField []) {
+ VMSTATE_UINT16(sense_state, SpitzKeyboardState),
+ VMSTATE_UINT16(strobe_state, SpitzKeyboardState),
+ VMSTATE_UNUSED_TEST(is_version_0, 5),
+ VMSTATE_END_OF_LIST(),
+ },
+};
+
+static Property spitz_keyboard_properties[] = {
+ DEFINE_PROP_END_OF_LIST(),
+};
+
+static void spitz_keyboard_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
+
+ k->init = spitz_keyboard_init;
+ dc->vmsd = &vmstate_spitz_kbd;
+ dc->props = spitz_keyboard_properties;
+}
+
+static const TypeInfo spitz_keyboard_info = {
+ .name = TYPE_SPITZ_KEYBOARD,
+ .parent = TYPE_SYS_BUS_DEVICE,
+ .instance_size = sizeof(SpitzKeyboardState),
+ .class_init = spitz_keyboard_class_init,
+};
+
+static const VMStateDescription vmstate_corgi_ssp_regs = {
+ .name = "corgi-ssp",
+ .version_id = 2,
+ .minimum_version_id = 2,
+ .minimum_version_id_old = 2,
+ .fields = (VMStateField []) {
+ VMSTATE_SSI_SLAVE(ssidev, CorgiSSPState),
+ VMSTATE_UINT32_ARRAY(enable, CorgiSSPState, 3),
+ VMSTATE_END_OF_LIST(),
+ }
+};
+
+static void corgi_ssp_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ SSISlaveClass *k = SSI_SLAVE_CLASS(klass);
+
+ k->init = corgi_ssp_init;
+ k->transfer = corgi_ssp_transfer;
+ dc->vmsd = &vmstate_corgi_ssp_regs;
+}
+
+static const TypeInfo corgi_ssp_info = {
+ .name = "corgi-ssp",
+ .parent = TYPE_SSI_SLAVE,
+ .instance_size = sizeof(CorgiSSPState),
+ .class_init = corgi_ssp_class_init,
+};
+
+static const VMStateDescription vmstate_spitz_lcdtg_regs = {
+ .name = "spitz-lcdtg",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .minimum_version_id_old = 1,
+ .fields = (VMStateField []) {
+ VMSTATE_SSI_SLAVE(ssidev, SpitzLCDTG),
+ VMSTATE_UINT32(bl_intensity, SpitzLCDTG),
+ VMSTATE_UINT32(bl_power, SpitzLCDTG),
+ VMSTATE_END_OF_LIST(),
+ }
+};
+
+static void spitz_lcdtg_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ SSISlaveClass *k = SSI_SLAVE_CLASS(klass);
+
+ k->init = spitz_lcdtg_init;
+ k->transfer = spitz_lcdtg_transfer;
+ dc->vmsd = &vmstate_spitz_lcdtg_regs;
+}
+
+static const TypeInfo spitz_lcdtg_info = {
+ .name = "spitz-lcdtg",
+ .parent = TYPE_SSI_SLAVE,
+ .instance_size = sizeof(SpitzLCDTG),
+ .class_init = spitz_lcdtg_class_init,
+};
+
+static void spitz_register_types(void)
+{
+ type_register_static(&corgi_ssp_info);
+ type_register_static(&spitz_lcdtg_info);
+ type_register_static(&spitz_keyboard_info);
+ type_register_static(&sl_nand_info);
+}
+
+type_init(spitz_register_types)
diff --git a/hw/arm/stellaris.c b/hw/arm/stellaris.c
new file mode 100644
index 000000000..79f6b4e31
--- /dev/null
+++ b/hw/arm/stellaris.c
@@ -0,0 +1,1418 @@
+/*
+ * Luminary Micro Stellaris peripherals
+ *
+ * Copyright (c) 2006 CodeSourcery.
+ * Written by Paul Brook
+ *
+ * This code is licensed under the GPL.
+ */
+
+#include "hw/sysbus.h"
+#include "hw/ssi.h"
+#include "hw/arm/arm.h"
+#include "hw/devices.h"
+#include "qemu/timer.h"
+#include "hw/i2c/i2c.h"
+#include "net/net.h"
+#include "hw/boards.h"
+#include "exec/address-spaces.h"
+
+#define GPIO_A 0
+#define GPIO_B 1
+#define GPIO_C 2
+#define GPIO_D 3
+#define GPIO_E 4
+#define GPIO_F 5
+#define GPIO_G 6
+
+#define BP_OLED_I2C 0x01
+#define BP_OLED_SSI 0x02
+#define BP_GAMEPAD 0x04
+
+typedef const struct {
+ const char *name;
+ uint32_t did0;
+ uint32_t did1;
+ uint32_t dc0;
+ uint32_t dc1;
+ uint32_t dc2;
+ uint32_t dc3;
+ uint32_t dc4;
+ uint32_t peripherals;
+} stellaris_board_info;
+
+/* General purpose timer module. */
+
+#define TYPE_STELLARIS_GPTM "stellaris-gptm"
+#define STELLARIS_GPTM(obj) \
+ OBJECT_CHECK(gptm_state, (obj), TYPE_STELLARIS_GPTM)
+
+typedef struct gptm_state {
+ SysBusDevice parent_obj;
+
+ MemoryRegion iomem;
+ uint32_t config;
+ uint32_t mode[2];
+ uint32_t control;
+ uint32_t state;
+ uint32_t mask;
+ uint32_t load[2];
+ uint32_t match[2];
+ uint32_t prescale[2];
+ uint32_t match_prescale[2];
+ uint32_t rtc;
+ int64_t tick[2];
+ struct gptm_state *opaque[2];
+ QEMUTimer *timer[2];
+ /* The timers have an alternate output used to trigger the ADC. */
+ qemu_irq trigger;
+ qemu_irq irq;
+} gptm_state;
+
+static void gptm_update_irq(gptm_state *s)
+{
+ int level;
+ level = (s->state & s->mask) != 0;
+ qemu_set_irq(s->irq, level);
+}
+
+static void gptm_stop(gptm_state *s, int n)
+{
+ qemu_del_timer(s->timer[n]);
+}
+
+static void gptm_reload(gptm_state *s, int n, int reset)
+{
+ int64_t tick;
+ if (reset)
+ tick = qemu_get_clock_ns(vm_clock);
+ else
+ tick = s->tick[n];
+
+ if (s->config == 0) {
+ /* 32-bit CountDown. */
+ uint32_t count;
+ count = s->load[0] | (s->load[1] << 16);
+ tick += (int64_t)count * system_clock_scale;
+ } else if (s->config == 1) {
+ /* 32-bit RTC. 1Hz tick. */
+ tick += get_ticks_per_sec();
+ } else if (s->mode[n] == 0xa) {
+ /* PWM mode. Not implemented. */
+ } else {
+ hw_error("TODO: 16-bit timer mode 0x%x\n", s->mode[n]);
+ }
+ s->tick[n] = tick;
+ qemu_mod_timer(s->timer[n], tick);
+}
+
+static void gptm_tick(void *opaque)
+{
+ gptm_state **p = (gptm_state **)opaque;
+ gptm_state *s;
+ int n;
+
+ s = *p;
+ n = p - s->opaque;
+ if (s->config == 0) {
+ s->state |= 1;
+ if ((s->control & 0x20)) {
+ /* Output trigger. */
+ qemu_irq_pulse(s->trigger);
+ }
+ if (s->mode[0] & 1) {
+ /* One-shot. */
+ s->control &= ~1;
+ } else {
+ /* Periodic. */
+ gptm_reload(s, 0, 0);
+ }
+ } else if (s->config == 1) {
+ /* RTC. */
+ uint32_t match;
+ s->rtc++;
+ match = s->match[0] | (s->match[1] << 16);
+ if (s->rtc > match)
+ s->rtc = 0;
+ if (s->rtc == 0) {
+ s->state |= 8;
+ }
+ gptm_reload(s, 0, 0);
+ } else if (s->mode[n] == 0xa) {
+ /* PWM mode. Not implemented. */
+ } else {
+ hw_error("TODO: 16-bit timer mode 0x%x\n", s->mode[n]);
+ }
+ gptm_update_irq(s);
+}
+
+static uint64_t gptm_read(void *opaque, hwaddr offset,
+ unsigned size)
+{
+ gptm_state *s = (gptm_state *)opaque;
+
+ switch (offset) {
+ case 0x00: /* CFG */
+ return s->config;
+ case 0x04: /* TAMR */
+ return s->mode[0];
+ case 0x08: /* TBMR */
+ return s->mode[1];
+ case 0x0c: /* CTL */
+ return s->control;
+ case 0x18: /* IMR */
+ return s->mask;
+ case 0x1c: /* RIS */
+ return s->state;
+ case 0x20: /* MIS */
+ return s->state & s->mask;
+ case 0x24: /* CR */
+ return 0;
+ case 0x28: /* TAILR */
+ return s->load[0] | ((s->config < 4) ? (s->load[1] << 16) : 0);
+ case 0x2c: /* TBILR */
+ return s->load[1];
+ case 0x30: /* TAMARCHR */
+ return s->match[0] | ((s->config < 4) ? (s->match[1] << 16) : 0);
+ case 0x34: /* TBMATCHR */
+ return s->match[1];
+ case 0x38: /* TAPR */
+ return s->prescale[0];
+ case 0x3c: /* TBPR */
+ return s->prescale[1];
+ case 0x40: /* TAPMR */
+ return s->match_prescale[0];
+ case 0x44: /* TBPMR */
+ return s->match_prescale[1];
+ case 0x48: /* TAR */
+ if (s->control == 1)
+ return s->rtc;
+ case 0x4c: /* TBR */
+ hw_error("TODO: Timer value read\n");
+ default:
+ hw_error("gptm_read: Bad offset 0x%x\n", (int)offset);
+ return 0;
+ }
+}
+
+static void gptm_write(void *opaque, hwaddr offset,
+ uint64_t value, unsigned size)
+{
+ gptm_state *s = (gptm_state *)opaque;
+ uint32_t oldval;
+
+ /* The timers should be disabled before changing the configuration.
+ We take advantage of this and defer everything until the timer
+ is enabled. */
+ switch (offset) {
+ case 0x00: /* CFG */
+ s->config = value;
+ break;
+ case 0x04: /* TAMR */
+ s->mode[0] = value;
+ break;
+ case 0x08: /* TBMR */
+ s->mode[1] = value;
+ break;
+ case 0x0c: /* CTL */
+ oldval = s->control;
+ s->control = value;
+ /* TODO: Implement pause. */
+ if ((oldval ^ value) & 1) {
+ if (value & 1) {
+ gptm_reload(s, 0, 1);
+ } else {
+ gptm_stop(s, 0);
+ }
+ }
+ if (((oldval ^ value) & 0x100) && s->config >= 4) {
+ if (value & 0x100) {
+ gptm_reload(s, 1, 1);
+ } else {
+ gptm_stop(s, 1);
+ }
+ }
+ break;
+ case 0x18: /* IMR */
+ s->mask = value & 0x77;
+ gptm_update_irq(s);
+ break;
+ case 0x24: /* CR */
+ s->state &= ~value;
+ break;
+ case 0x28: /* TAILR */
+ s->load[0] = value & 0xffff;
+ if (s->config < 4) {
+ s->load[1] = value >> 16;
+ }
+ break;
+ case 0x2c: /* TBILR */
+ s->load[1] = value & 0xffff;
+ break;
+ case 0x30: /* TAMARCHR */
+ s->match[0] = value & 0xffff;
+ if (s->config < 4) {
+ s->match[1] = value >> 16;
+ }
+ break;
+ case 0x34: /* TBMATCHR */
+ s->match[1] = value >> 16;
+ break;
+ case 0x38: /* TAPR */
+ s->prescale[0] = value;
+ break;
+ case 0x3c: /* TBPR */
+ s->prescale[1] = value;
+ break;
+ case 0x40: /* TAPMR */
+ s->match_prescale[0] = value;
+ break;
+ case 0x44: /* TBPMR */
+ s->match_prescale[0] = value;
+ break;
+ default:
+ hw_error("gptm_write: Bad offset 0x%x\n", (int)offset);
+ }
+ gptm_update_irq(s);
+}
+
+static const MemoryRegionOps gptm_ops = {
+ .read = gptm_read,
+ .write = gptm_write,
+ .endianness = DEVICE_NATIVE_ENDIAN,
+};
+
+static const VMStateDescription vmstate_stellaris_gptm = {
+ .name = "stellaris_gptm",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .minimum_version_id_old = 1,
+ .fields = (VMStateField[]) {
+ VMSTATE_UINT32(config, gptm_state),
+ VMSTATE_UINT32_ARRAY(mode, gptm_state, 2),
+ VMSTATE_UINT32(control, gptm_state),
+ VMSTATE_UINT32(state, gptm_state),
+ VMSTATE_UINT32(mask, gptm_state),
+ VMSTATE_UNUSED(8),
+ VMSTATE_UINT32_ARRAY(load, gptm_state, 2),
+ VMSTATE_UINT32_ARRAY(match, gptm_state, 2),
+ VMSTATE_UINT32_ARRAY(prescale, gptm_state, 2),
+ VMSTATE_UINT32_ARRAY(match_prescale, gptm_state, 2),
+ VMSTATE_UINT32(rtc, gptm_state),
+ VMSTATE_INT64_ARRAY(tick, gptm_state, 2),
+ VMSTATE_TIMER_ARRAY(timer, gptm_state, 2),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+static int stellaris_gptm_init(SysBusDevice *sbd)
+{
+ DeviceState *dev = DEVICE(sbd);
+ gptm_state *s = STELLARIS_GPTM(dev);
+
+ sysbus_init_irq(sbd, &s->irq);
+ qdev_init_gpio_out(dev, &s->trigger, 1);
+
+ memory_region_init_io(&s->iomem, OBJECT(s), &gptm_ops, s,
+ "gptm", 0x1000);
+ sysbus_init_mmio(sbd, &s->iomem);
+
+ s->opaque[0] = s->opaque[1] = s;
+ s->timer[0] = qemu_new_timer_ns(vm_clock, gptm_tick, &s->opaque[0]);
+ s->timer[1] = qemu_new_timer_ns(vm_clock, gptm_tick, &s->opaque[1]);
+ vmstate_register(dev, -1, &vmstate_stellaris_gptm, s);
+ return 0;
+}
+
+
+/* System controller. */
+
+typedef struct {
+ MemoryRegion iomem;
+ uint32_t pborctl;
+ uint32_t ldopctl;
+ uint32_t int_status;
+ uint32_t int_mask;
+ uint32_t resc;
+ uint32_t rcc;
+ uint32_t rcc2;
+ uint32_t rcgc[3];
+ uint32_t scgc[3];
+ uint32_t dcgc[3];
+ uint32_t clkvclr;
+ uint32_t ldoarst;
+ uint32_t user0;
+ uint32_t user1;
+ qemu_irq irq;
+ stellaris_board_info *board;
+} ssys_state;
+
+static void ssys_update(ssys_state *s)
+{
+ qemu_set_irq(s->irq, (s->int_status & s->int_mask) != 0);
+}
+
+static uint32_t pllcfg_sandstorm[16] = {
+ 0x31c0, /* 1 Mhz */
+ 0x1ae0, /* 1.8432 Mhz */
+ 0x18c0, /* 2 Mhz */
+ 0xd573, /* 2.4576 Mhz */
+ 0x37a6, /* 3.57954 Mhz */
+ 0x1ae2, /* 3.6864 Mhz */
+ 0x0c40, /* 4 Mhz */
+ 0x98bc, /* 4.906 Mhz */
+ 0x935b, /* 4.9152 Mhz */
+ 0x09c0, /* 5 Mhz */
+ 0x4dee, /* 5.12 Mhz */
+ 0x0c41, /* 6 Mhz */
+ 0x75db, /* 6.144 Mhz */
+ 0x1ae6, /* 7.3728 Mhz */
+ 0x0600, /* 8 Mhz */
+ 0x585b /* 8.192 Mhz */
+};
+
+static uint32_t pllcfg_fury[16] = {
+ 0x3200, /* 1 Mhz */
+ 0x1b20, /* 1.8432 Mhz */
+ 0x1900, /* 2 Mhz */
+ 0xf42b, /* 2.4576 Mhz */
+ 0x37e3, /* 3.57954 Mhz */
+ 0x1b21, /* 3.6864 Mhz */
+ 0x0c80, /* 4 Mhz */
+ 0x98ee, /* 4.906 Mhz */
+ 0xd5b4, /* 4.9152 Mhz */
+ 0x0a00, /* 5 Mhz */
+ 0x4e27, /* 5.12 Mhz */
+ 0x1902, /* 6 Mhz */
+ 0xec1c, /* 6.144 Mhz */
+ 0x1b23, /* 7.3728 Mhz */
+ 0x0640, /* 8 Mhz */
+ 0xb11c /* 8.192 Mhz */
+};
+
+#define DID0_VER_MASK 0x70000000
+#define DID0_VER_0 0x00000000
+#define DID0_VER_1 0x10000000
+
+#define DID0_CLASS_MASK 0x00FF0000
+#define DID0_CLASS_SANDSTORM 0x00000000
+#define DID0_CLASS_FURY 0x00010000
+
+static int ssys_board_class(const ssys_state *s)
+{
+ uint32_t did0 = s->board->did0;
+ switch (did0 & DID0_VER_MASK) {
+ case DID0_VER_0:
+ return DID0_CLASS_SANDSTORM;
+ case DID0_VER_1:
+ switch (did0 & DID0_CLASS_MASK) {
+ case DID0_CLASS_SANDSTORM:
+ case DID0_CLASS_FURY:
+ return did0 & DID0_CLASS_MASK;
+ }
+ /* for unknown classes, fall through */
+ default:
+ hw_error("ssys_board_class: Unknown class 0x%08x\n", did0);
+ }
+}
+
+static uint64_t ssys_read(void *opaque, hwaddr offset,
+ unsigned size)
+{
+ ssys_state *s = (ssys_state *)opaque;
+
+ switch (offset) {
+ case 0x000: /* DID0 */
+ return s->board->did0;
+ case 0x004: /* DID1 */
+ return s->board->did1;
+ case 0x008: /* DC0 */
+ return s->board->dc0;
+ case 0x010: /* DC1 */
+ return s->board->dc1;
+ case 0x014: /* DC2 */
+ return s->board->dc2;
+ case 0x018: /* DC3 */
+ return s->board->dc3;
+ case 0x01c: /* DC4 */
+ return s->board->dc4;
+ case 0x030: /* PBORCTL */
+ return s->pborctl;
+ case 0x034: /* LDOPCTL */
+ return s->ldopctl;
+ case 0x040: /* SRCR0 */
+ return 0;
+ case 0x044: /* SRCR1 */
+ return 0;
+ case 0x048: /* SRCR2 */
+ return 0;
+ case 0x050: /* RIS */
+ return s->int_status;
+ case 0x054: /* IMC */
+ return s->int_mask;
+ case 0x058: /* MISC */
+ return s->int_status & s->int_mask;
+ case 0x05c: /* RESC */
+ return s->resc;
+ case 0x060: /* RCC */
+ return s->rcc;
+ case 0x064: /* PLLCFG */
+ {
+ int xtal;
+ xtal = (s->rcc >> 6) & 0xf;
+ switch (ssys_board_class(s)) {
+ case DID0_CLASS_FURY:
+ return pllcfg_fury[xtal];
+ case DID0_CLASS_SANDSTORM:
+ return pllcfg_sandstorm[xtal];
+ default:
+ hw_error("ssys_read: Unhandled class for PLLCFG read.\n");
+ return 0;
+ }
+ }
+ case 0x070: /* RCC2 */
+ return s->rcc2;
+ case 0x100: /* RCGC0 */
+ return s->rcgc[0];
+ case 0x104: /* RCGC1 */
+ return s->rcgc[1];
+ case 0x108: /* RCGC2 */
+ return s->rcgc[2];
+ case 0x110: /* SCGC0 */
+ return s->scgc[0];
+ case 0x114: /* SCGC1 */
+ return s->scgc[1];
+ case 0x118: /* SCGC2 */
+ return s->scgc[2];
+ case 0x120: /* DCGC0 */
+ return s->dcgc[0];
+ case 0x124: /* DCGC1 */
+ return s->dcgc[1];
+ case 0x128: /* DCGC2 */
+ return s->dcgc[2];
+ case 0x150: /* CLKVCLR */
+ return s->clkvclr;
+ case 0x160: /* LDOARST */
+ return s->ldoarst;
+ case 0x1e0: /* USER0 */
+ return s->user0;
+ case 0x1e4: /* USER1 */
+ return s->user1;
+ default:
+ hw_error("ssys_read: Bad offset 0x%x\n", (int)offset);
+ return 0;
+ }
+}
+
+static bool ssys_use_rcc2(ssys_state *s)
+{
+ return (s->rcc2 >> 31) & 0x1;
+}
+
+/*
+ * Caculate the sys. clock period in ms.
+ */
+static void ssys_calculate_system_clock(ssys_state *s)
+{
+ if (ssys_use_rcc2(s)) {
+ system_clock_scale = 5 * (((s->rcc2 >> 23) & 0x3f) + 1);
+ } else {
+ system_clock_scale = 5 * (((s->rcc >> 23) & 0xf) + 1);
+ }
+}
+
+static void ssys_write(void *opaque, hwaddr offset,
+ uint64_t value, unsigned size)
+{
+ ssys_state *s = (ssys_state *)opaque;
+
+ switch (offset) {
+ case 0x030: /* PBORCTL */
+ s->pborctl = value & 0xffff;
+ break;
+ case 0x034: /* LDOPCTL */
+ s->ldopctl = value & 0x1f;
+ break;
+ case 0x040: /* SRCR0 */
+ case 0x044: /* SRCR1 */
+ case 0x048: /* SRCR2 */
+ fprintf(stderr, "Peripheral reset not implemented\n");
+ break;
+ case 0x054: /* IMC */
+ s->int_mask = value & 0x7f;
+ break;
+ case 0x058: /* MISC */
+ s->int_status &= ~value;
+ break;
+ case 0x05c: /* RESC */
+ s->resc = value & 0x3f;
+ break;
+ case 0x060: /* RCC */
+ if ((s->rcc & (1 << 13)) != 0 && (value & (1 << 13)) == 0) {
+ /* PLL enable. */
+ s->int_status |= (1 << 6);
+ }
+ s->rcc = value;
+ ssys_calculate_system_clock(s);
+ break;
+ case 0x070: /* RCC2 */
+ if (ssys_board_class(s) == DID0_CLASS_SANDSTORM) {
+ break;
+ }
+
+ if ((s->rcc2 & (1 << 13)) != 0 && (value & (1 << 13)) == 0) {
+ /* PLL enable. */
+ s->int_status |= (1 << 6);
+ }
+ s->rcc2 = value;
+ ssys_calculate_system_clock(s);
+ break;
+ case 0x100: /* RCGC0 */
+ s->rcgc[0] = value;
+ break;
+ case 0x104: /* RCGC1 */
+ s->rcgc[1] = value;
+ break;
+ case 0x108: /* RCGC2 */
+ s->rcgc[2] = value;
+ break;
+ case 0x110: /* SCGC0 */
+ s->scgc[0] = value;
+ break;
+ case 0x114: /* SCGC1 */
+ s->scgc[1] = value;
+ break;
+ case 0x118: /* SCGC2 */
+ s->scgc[2] = value;
+ break;
+ case 0x120: /* DCGC0 */
+ s->dcgc[0] = value;
+ break;
+ case 0x124: /* DCGC1 */
+ s->dcgc[1] = value;
+ break;
+ case 0x128: /* DCGC2 */
+ s->dcgc[2] = value;
+ break;
+ case 0x150: /* CLKVCLR */
+ s->clkvclr = value;
+ break;
+ case 0x160: /* LDOARST */
+ s->ldoarst = value;
+ break;
+ default:
+ hw_error("ssys_write: Bad offset 0x%x\n", (int)offset);
+ }
+ ssys_update(s);
+}
+
+static const MemoryRegionOps ssys_ops = {
+ .read = ssys_read,
+ .write = ssys_write,
+ .endianness = DEVICE_NATIVE_ENDIAN,
+};
+
+static void ssys_reset(void *opaque)
+{
+ ssys_state *s = (ssys_state *)opaque;
+
+ s->pborctl = 0x7ffd;
+ s->rcc = 0x078e3ac0;
+
+ if (ssys_board_class(s) == DID0_CLASS_SANDSTORM) {
+ s->rcc2 = 0;
+ } else {
+ s->rcc2 = 0x07802810;
+ }
+ s->rcgc[0] = 1;
+ s->scgc[0] = 1;
+ s->dcgc[0] = 1;
+ ssys_calculate_system_clock(s);
+}
+
+static int stellaris_sys_post_load(void *opaque, int version_id)
+{
+ ssys_state *s = opaque;
+
+ ssys_calculate_system_clock(s);
+
+ return 0;
+}
+
+static const VMStateDescription vmstate_stellaris_sys = {
+ .name = "stellaris_sys",
+ .version_id = 2,
+ .minimum_version_id = 1,
+ .minimum_version_id_old = 1,
+ .post_load = stellaris_sys_post_load,
+ .fields = (VMStateField[]) {
+ VMSTATE_UINT32(pborctl, ssys_state),
+ VMSTATE_UINT32(ldopctl, ssys_state),
+ VMSTATE_UINT32(int_mask, ssys_state),
+ VMSTATE_UINT32(int_status, ssys_state),
+ VMSTATE_UINT32(resc, ssys_state),
+ VMSTATE_UINT32(rcc, ssys_state),
+ VMSTATE_UINT32_V(rcc2, ssys_state, 2),
+ VMSTATE_UINT32_ARRAY(rcgc, ssys_state, 3),
+ VMSTATE_UINT32_ARRAY(scgc, ssys_state, 3),
+ VMSTATE_UINT32_ARRAY(dcgc, ssys_state, 3),
+ VMSTATE_UINT32(clkvclr, ssys_state),
+ VMSTATE_UINT32(ldoarst, ssys_state),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+static int stellaris_sys_init(uint32_t base, qemu_irq irq,
+ stellaris_board_info * board,
+ uint8_t *macaddr)
+{
+ ssys_state *s;
+
+ s = (ssys_state *)g_malloc0(sizeof(ssys_state));
+ s->irq = irq;
+ s->board = board;
+ /* Most devices come preprogrammed with a MAC address in the user data. */
+ s->user0 = macaddr[0] | (macaddr[1] << 8) | (macaddr[2] << 16);
+ s->user1 = macaddr[3] | (macaddr[4] << 8) | (macaddr[5] << 16);
+
+ memory_region_init_io(&s->iomem, NULL, &ssys_ops, s, "ssys", 0x00001000);
+ memory_region_add_subregion(get_system_memory(), base, &s->iomem);
+ ssys_reset(s);
+ vmstate_register(NULL, -1, &vmstate_stellaris_sys, s);
+ return 0;
+}
+
+
+/* I2C controller. */
+
+#define TYPE_STELLARIS_I2C "stellaris-i2c"
+#define STELLARIS_I2C(obj) \
+ OBJECT_CHECK(stellaris_i2c_state, (obj), TYPE_STELLARIS_I2C)
+
+typedef struct {
+ SysBusDevice parent_obj;
+
+ i2c_bus *bus;
+ qemu_irq irq;
+ MemoryRegion iomem;
+ uint32_t msa;
+ uint32_t mcs;
+ uint32_t mdr;
+ uint32_t mtpr;
+ uint32_t mimr;
+ uint32_t mris;
+ uint32_t mcr;
+} stellaris_i2c_state;
+
+#define STELLARIS_I2C_MCS_BUSY 0x01
+#define STELLARIS_I2C_MCS_ERROR 0x02
+#define STELLARIS_I2C_MCS_ADRACK 0x04
+#define STELLARIS_I2C_MCS_DATACK 0x08
+#define STELLARIS_I2C_MCS_ARBLST 0x10
+#define STELLARIS_I2C_MCS_IDLE 0x20
+#define STELLARIS_I2C_MCS_BUSBSY 0x40
+
+static uint64_t stellaris_i2c_read(void *opaque, hwaddr offset,
+ unsigned size)
+{
+ stellaris_i2c_state *s = (stellaris_i2c_state *)opaque;
+
+ switch (offset) {
+ case 0x00: /* MSA */
+ return s->msa;
+ case 0x04: /* MCS */
+ /* We don't emulate timing, so the controller is never busy. */
+ return s->mcs | STELLARIS_I2C_MCS_IDLE;
+ case 0x08: /* MDR */
+ return s->mdr;
+ case 0x0c: /* MTPR */
+ return s->mtpr;
+ case 0x10: /* MIMR */
+ return s->mimr;
+ case 0x14: /* MRIS */
+ return s->mris;
+ case 0x18: /* MMIS */
+ return s->mris & s->mimr;
+ case 0x20: /* MCR */
+ return s->mcr;
+ default:
+ hw_error("strllaris_i2c_read: Bad offset 0x%x\n", (int)offset);
+ return 0;
+ }
+}
+
+static void stellaris_i2c_update(stellaris_i2c_state *s)
+{
+ int level;
+
+ level = (s->mris & s->mimr) != 0;
+ qemu_set_irq(s->irq, level);
+}
+
+static void stellaris_i2c_write(void *opaque, hwaddr offset,
+ uint64_t value, unsigned size)
+{
+ stellaris_i2c_state *s = (stellaris_i2c_state *)opaque;
+
+ switch (offset) {
+ case 0x00: /* MSA */
+ s->msa = value & 0xff;
+ break;
+ case 0x04: /* MCS */
+ if ((s->mcr & 0x10) == 0) {
+ /* Disabled. Do nothing. */
+ break;
+ }
+ /* Grab the bus if this is starting a transfer. */
+ if ((value & 2) && (s->mcs & STELLARIS_I2C_MCS_BUSBSY) == 0) {
+ if (i2c_start_transfer(s->bus, s->msa >> 1, s->msa & 1)) {
+ s->mcs |= STELLARIS_I2C_MCS_ARBLST;
+ } else {
+ s->mcs &= ~STELLARIS_I2C_MCS_ARBLST;
+ s->mcs |= STELLARIS_I2C_MCS_BUSBSY;
+ }
+ }
+ /* If we don't have the bus then indicate an error. */
+ if (!i2c_bus_busy(s->bus)
+ || (s->mcs & STELLARIS_I2C_MCS_BUSBSY) == 0) {
+ s->mcs |= STELLARIS_I2C_MCS_ERROR;
+ break;
+ }
+ s->mcs &= ~STELLARIS_I2C_MCS_ERROR;
+ if (value & 1) {
+ /* Transfer a byte. */
+ /* TODO: Handle errors. */
+ if (s->msa & 1) {
+ /* Recv */
+ s->mdr = i2c_recv(s->bus) & 0xff;
+ } else {
+ /* Send */
+ i2c_send(s->bus, s->mdr);
+ }
+ /* Raise an interrupt. */
+ s->mris |= 1;
+ }
+ if (value & 4) {
+ /* Finish transfer. */
+ i2c_end_transfer(s->bus);
+ s->mcs &= ~STELLARIS_I2C_MCS_BUSBSY;
+ }
+ break;
+ case 0x08: /* MDR */
+ s->mdr = value & 0xff;
+ break;
+ case 0x0c: /* MTPR */
+ s->mtpr = value & 0xff;
+ break;
+ case 0x10: /* MIMR */
+ s->mimr = 1;
+ break;
+ case 0x1c: /* MICR */
+ s->mris &= ~value;
+ break;
+ case 0x20: /* MCR */
+ if (value & 1)
+ hw_error(
+ "stellaris_i2c_write: Loopback not implemented\n");
+ if (value & 0x20)
+ hw_error(
+ "stellaris_i2c_write: Slave mode not implemented\n");
+ s->mcr = value & 0x31;
+ break;
+ default:
+ hw_error("stellaris_i2c_write: Bad offset 0x%x\n",
+ (int)offset);
+ }
+ stellaris_i2c_update(s);
+}
+
+static void stellaris_i2c_reset(stellaris_i2c_state *s)
+{
+ if (s->mcs & STELLARIS_I2C_MCS_BUSBSY)
+ i2c_end_transfer(s->bus);
+
+ s->msa = 0;
+ s->mcs = 0;
+ s->mdr = 0;
+ s->mtpr = 1;
+ s->mimr = 0;
+ s->mris = 0;
+ s->mcr = 0;
+ stellaris_i2c_update(s);
+}
+
+static const MemoryRegionOps stellaris_i2c_ops = {
+ .read = stellaris_i2c_read,
+ .write = stellaris_i2c_write,
+ .endianness = DEVICE_NATIVE_ENDIAN,
+};
+
+static const VMStateDescription vmstate_stellaris_i2c = {
+ .name = "stellaris_i2c",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .minimum_version_id_old = 1,
+ .fields = (VMStateField[]) {
+ VMSTATE_UINT32(msa, stellaris_i2c_state),
+ VMSTATE_UINT32(mcs, stellaris_i2c_state),
+ VMSTATE_UINT32(mdr, stellaris_i2c_state),
+ VMSTATE_UINT32(mtpr, stellaris_i2c_state),
+ VMSTATE_UINT32(mimr, stellaris_i2c_state),
+ VMSTATE_UINT32(mris, stellaris_i2c_state),
+ VMSTATE_UINT32(mcr, stellaris_i2c_state),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+static int stellaris_i2c_init(SysBusDevice *sbd)
+{
+ DeviceState *dev = DEVICE(sbd);
+ stellaris_i2c_state *s = STELLARIS_I2C(dev);
+ i2c_bus *bus;
+
+ sysbus_init_irq(sbd, &s->irq);
+ bus = i2c_init_bus(dev, "i2c");
+ s->bus = bus;
+
+ memory_region_init_io(&s->iomem, OBJECT(s), &stellaris_i2c_ops, s,
+ "i2c", 0x1000);
+ sysbus_init_mmio(sbd, &s->iomem);
+ /* ??? For now we only implement the master interface. */
+ stellaris_i2c_reset(s);
+ vmstate_register(dev, -1, &vmstate_stellaris_i2c, s);
+ return 0;
+}
+
+/* Analogue to Digital Converter. This is only partially implemented,
+ enough for applications that use a combined ADC and timer tick. */
+
+#define STELLARIS_ADC_EM_CONTROLLER 0
+#define STELLARIS_ADC_EM_COMP 1
+#define STELLARIS_ADC_EM_EXTERNAL 4
+#define STELLARIS_ADC_EM_TIMER 5
+#define STELLARIS_ADC_EM_PWM0 6
+#define STELLARIS_ADC_EM_PWM1 7
+#define STELLARIS_ADC_EM_PWM2 8
+
+#define STELLARIS_ADC_FIFO_EMPTY 0x0100
+#define STELLARIS_ADC_FIFO_FULL 0x1000
+
+#define TYPE_STELLARIS_ADC "stellaris-adc"
+#define STELLARIS_ADC(obj) \
+ OBJECT_CHECK(stellaris_adc_state, (obj), TYPE_STELLARIS_ADC)
+
+typedef struct StellarisADCState {
+ SysBusDevice parent_obj;
+
+ MemoryRegion iomem;
+ uint32_t actss;
+ uint32_t ris;
+ uint32_t im;
+ uint32_t emux;
+ uint32_t ostat;
+ uint32_t ustat;
+ uint32_t sspri;
+ uint32_t sac;
+ struct {
+ uint32_t state;
+ uint32_t data[16];
+ } fifo[4];
+ uint32_t ssmux[4];
+ uint32_t ssctl[4];
+ uint32_t noise;
+ qemu_irq irq[4];
+} stellaris_adc_state;
+
+static uint32_t stellaris_adc_fifo_read(stellaris_adc_state *s, int n)
+{
+ int tail;
+
+ tail = s->fifo[n].state & 0xf;
+ if (s->fifo[n].state & STELLARIS_ADC_FIFO_EMPTY) {
+ s->ustat |= 1 << n;
+ } else {
+ s->fifo[n].state = (s->fifo[n].state & ~0xf) | ((tail + 1) & 0xf);
+ s->fifo[n].state &= ~STELLARIS_ADC_FIFO_FULL;
+ if (tail + 1 == ((s->fifo[n].state >> 4) & 0xf))
+ s->fifo[n].state |= STELLARIS_ADC_FIFO_EMPTY;
+ }
+ return s->fifo[n].data[tail];
+}
+
+static void stellaris_adc_fifo_write(stellaris_adc_state *s, int n,
+ uint32_t value)
+{
+ int head;
+
+ /* TODO: Real hardware has limited size FIFOs. We have a full 16 entry
+ FIFO fir each sequencer. */
+ head = (s->fifo[n].state >> 4) & 0xf;
+ if (s->fifo[n].state & STELLARIS_ADC_FIFO_FULL) {
+ s->ostat |= 1 << n;
+ return;
+ }
+ s->fifo[n].data[head] = value;
+ head = (head + 1) & 0xf;
+ s->fifo[n].state &= ~STELLARIS_ADC_FIFO_EMPTY;
+ s->fifo[n].state = (s->fifo[n].state & ~0xf0) | (head << 4);
+ if ((s->fifo[n].state & 0xf) == head)
+ s->fifo[n].state |= STELLARIS_ADC_FIFO_FULL;
+}
+
+static void stellaris_adc_update(stellaris_adc_state *s)
+{
+ int level;
+ int n;
+
+ for (n = 0; n < 4; n++) {
+ level = (s->ris & s->im & (1 << n)) != 0;
+ qemu_set_irq(s->irq[n], level);
+ }
+}
+
+static void stellaris_adc_trigger(void *opaque, int irq, int level)
+{
+ stellaris_adc_state *s = (stellaris_adc_state *)opaque;
+ int n;
+
+ for (n = 0; n < 4; n++) {
+ if ((s->actss & (1 << n)) == 0) {
+ continue;
+ }
+
+ if (((s->emux >> (n * 4)) & 0xff) != 5) {
+ continue;
+ }
+
+ /* Some applications use the ADC as a random number source, so introduce
+ some variation into the signal. */
+ s->noise = s->noise * 314159 + 1;
+ /* ??? actual inputs not implemented. Return an arbitrary value. */
+ stellaris_adc_fifo_write(s, n, 0x200 + ((s->noise >> 16) & 7));
+ s->ris |= (1 << n);
+ stellaris_adc_update(s);
+ }
+}
+
+static void stellaris_adc_reset(stellaris_adc_state *s)
+{
+ int n;
+
+ for (n = 0; n < 4; n++) {
+ s->ssmux[n] = 0;
+ s->ssctl[n] = 0;
+ s->fifo[n].state = STELLARIS_ADC_FIFO_EMPTY;
+ }
+}
+
+static uint64_t stellaris_adc_read(void *opaque, hwaddr offset,
+ unsigned size)
+{
+ stellaris_adc_state *s = (stellaris_adc_state *)opaque;
+
+ /* TODO: Implement this. */
+ if (offset >= 0x40 && offset < 0xc0) {
+ int n;
+ n = (offset - 0x40) >> 5;
+ switch (offset & 0x1f) {
+ case 0x00: /* SSMUX */
+ return s->ssmux[n];
+ case 0x04: /* SSCTL */
+ return s->ssctl[n];
+ case 0x08: /* SSFIFO */
+ return stellaris_adc_fifo_read(s, n);
+ case 0x0c: /* SSFSTAT */
+ return s->fifo[n].state;
+ default:
+ break;
+ }
+ }
+ switch (offset) {
+ case 0x00: /* ACTSS */
+ return s->actss;
+ case 0x04: /* RIS */
+ return s->ris;
+ case 0x08: /* IM */
+ return s->im;
+ case 0x0c: /* ISC */
+ return s->ris & s->im;
+ case 0x10: /* OSTAT */
+ return s->ostat;
+ case 0x14: /* EMUX */
+ return s->emux;
+ case 0x18: /* USTAT */
+ return s->ustat;
+ case 0x20: /* SSPRI */
+ return s->sspri;
+ case 0x30: /* SAC */
+ return s->sac;
+ default:
+ hw_error("strllaris_adc_read: Bad offset 0x%x\n",
+ (int)offset);
+ return 0;
+ }
+}
+
+static void stellaris_adc_write(void *opaque, hwaddr offset,
+ uint64_t value, unsigned size)
+{
+ stellaris_adc_state *s = (stellaris_adc_state *)opaque;
+
+ /* TODO: Implement this. */
+ if (offset >= 0x40 && offset < 0xc0) {
+ int n;
+ n = (offset - 0x40) >> 5;
+ switch (offset & 0x1f) {
+ case 0x00: /* SSMUX */
+ s->ssmux[n] = value & 0x33333333;
+ return;
+ case 0x04: /* SSCTL */
+ if (value != 6) {
+ hw_error("ADC: Unimplemented sequence %" PRIx64 "\n",
+ value);
+ }
+ s->ssctl[n] = value;
+ return;
+ default:
+ break;
+ }
+ }
+ switch (offset) {
+ case 0x00: /* ACTSS */
+ s->actss = value & 0xf;
+ break;
+ case 0x08: /* IM */
+ s->im = value;
+ break;
+ case 0x0c: /* ISC */
+ s->ris &= ~value;
+ break;
+ case 0x10: /* OSTAT */
+ s->ostat &= ~value;
+ break;
+ case 0x14: /* EMUX */
+ s->emux = value;
+ break;
+ case 0x18: /* USTAT */
+ s->ustat &= ~value;
+ break;
+ case 0x20: /* SSPRI */
+ s->sspri = value;
+ break;
+ case 0x28: /* PSSI */
+ hw_error("Not implemented: ADC sample initiate\n");
+ break;
+ case 0x30: /* SAC */
+ s->sac = value;
+ break;
+ default:
+ hw_error("stellaris_adc_write: Bad offset 0x%x\n", (int)offset);
+ }
+ stellaris_adc_update(s);
+}
+
+static const MemoryRegionOps stellaris_adc_ops = {
+ .read = stellaris_adc_read,
+ .write = stellaris_adc_write,
+ .endianness = DEVICE_NATIVE_ENDIAN,
+};
+
+static const VMStateDescription vmstate_stellaris_adc = {
+ .name = "stellaris_adc",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .minimum_version_id_old = 1,
+ .fields = (VMStateField[]) {
+ VMSTATE_UINT32(actss, stellaris_adc_state),
+ VMSTATE_UINT32(ris, stellaris_adc_state),
+ VMSTATE_UINT32(im, stellaris_adc_state),
+ VMSTATE_UINT32(emux, stellaris_adc_state),
+ VMSTATE_UINT32(ostat, stellaris_adc_state),
+ VMSTATE_UINT32(ustat, stellaris_adc_state),
+ VMSTATE_UINT32(sspri, stellaris_adc_state),
+ VMSTATE_UINT32(sac, stellaris_adc_state),
+ VMSTATE_UINT32(fifo[0].state, stellaris_adc_state),
+ VMSTATE_UINT32_ARRAY(fifo[0].data, stellaris_adc_state, 16),
+ VMSTATE_UINT32(ssmux[0], stellaris_adc_state),
+ VMSTATE_UINT32(ssctl[0], stellaris_adc_state),
+ VMSTATE_UINT32(fifo[1].state, stellaris_adc_state),
+ VMSTATE_UINT32_ARRAY(fifo[1].data, stellaris_adc_state, 16),
+ VMSTATE_UINT32(ssmux[1], stellaris_adc_state),
+ VMSTATE_UINT32(ssctl[1], stellaris_adc_state),
+ VMSTATE_UINT32(fifo[2].state, stellaris_adc_state),
+ VMSTATE_UINT32_ARRAY(fifo[2].data, stellaris_adc_state, 16),
+ VMSTATE_UINT32(ssmux[2], stellaris_adc_state),
+ VMSTATE_UINT32(ssctl[2], stellaris_adc_state),
+ VMSTATE_UINT32(fifo[3].state, stellaris_adc_state),
+ VMSTATE_UINT32_ARRAY(fifo[3].data, stellaris_adc_state, 16),
+ VMSTATE_UINT32(ssmux[3], stellaris_adc_state),
+ VMSTATE_UINT32(ssctl[3], stellaris_adc_state),
+ VMSTATE_UINT32(noise, stellaris_adc_state),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+static int stellaris_adc_init(SysBusDevice *sbd)
+{
+ DeviceState *dev = DEVICE(sbd);
+ stellaris_adc_state *s = STELLARIS_ADC(dev);
+ int n;
+
+ for (n = 0; n < 4; n++) {
+ sysbus_init_irq(sbd, &s->irq[n]);
+ }
+
+ memory_region_init_io(&s->iomem, OBJECT(s), &stellaris_adc_ops, s,
+ "adc", 0x1000);
+ sysbus_init_mmio(sbd, &s->iomem);
+ stellaris_adc_reset(s);
+ qdev_init_gpio_in(dev, stellaris_adc_trigger, 1);
+ vmstate_register(dev, -1, &vmstate_stellaris_adc, s);
+ return 0;
+}
+
+/* Board init. */
+static stellaris_board_info stellaris_boards[] = {
+ { "LM3S811EVB",
+ 0,
+ 0x0032000e,
+ 0x001f001f, /* dc0 */
+ 0x001132bf,
+ 0x01071013,
+ 0x3f0f01ff,
+ 0x0000001f,
+ BP_OLED_I2C
+ },
+ { "LM3S6965EVB",
+ 0x10010002,
+ 0x1073402e,
+ 0x00ff007f, /* dc0 */
+ 0x001133ff,
+ 0x030f5317,
+ 0x0f0f87ff,
+ 0x5000007f,
+ BP_OLED_SSI | BP_GAMEPAD
+ }
+};
+
+static void stellaris_init(const char *kernel_filename, const char *cpu_model,
+ stellaris_board_info *board)
+{
+ static const int uart_irq[] = {5, 6, 33, 34};
+ static const int timer_irq[] = {19, 21, 23, 35};
+ static const uint32_t gpio_addr[7] =
+ { 0x40004000, 0x40005000, 0x40006000, 0x40007000,
+ 0x40024000, 0x40025000, 0x40026000};
+ static const int gpio_irq[7] = {0, 1, 2, 3, 4, 30, 31};
+
+ MemoryRegion *address_space_mem = get_system_memory();
+ qemu_irq *pic;
+ DeviceState *gpio_dev[7];
+ qemu_irq gpio_in[7][8];
+ qemu_irq gpio_out[7][8];
+ qemu_irq adc;
+ int sram_size;
+ int flash_size;
+ i2c_bus *i2c;
+ DeviceState *dev;
+ int i;
+ int j;
+
+ flash_size = ((board->dc0 & 0xffff) + 1) << 1;
+ sram_size = (board->dc0 >> 18) + 1;
+ pic = armv7m_init(address_space_mem,
+ flash_size, sram_size, kernel_filename, cpu_model);
+
+ if (board->dc1 & (1 << 16)) {
+ dev = sysbus_create_varargs(TYPE_STELLARIS_ADC, 0x40038000,
+ pic[14], pic[15], pic[16], pic[17], NULL);
+ adc = qdev_get_gpio_in(dev, 0);
+ } else {
+ adc = NULL;
+ }
+ for (i = 0; i < 4; i++) {
+ if (board->dc2 & (0x10000 << i)) {
+ dev = sysbus_create_simple(TYPE_STELLARIS_GPTM,
+ 0x40030000 + i * 0x1000,
+ pic[timer_irq[i]]);
+ /* TODO: This is incorrect, but we get away with it because
+ the ADC output is only ever pulsed. */
+ qdev_connect_gpio_out(dev, 0, adc);
+ }
+ }
+
+ stellaris_sys_init(0x400fe000, pic[28], board, nd_table[0].macaddr.a);
+
+ for (i = 0; i < 7; i++) {
+ if (board->dc4 & (1 << i)) {
+ gpio_dev[i] = sysbus_create_simple("pl061_luminary", gpio_addr[i],
+ pic[gpio_irq[i]]);
+ for (j = 0; j < 8; j++) {
+ gpio_in[i][j] = qdev_get_gpio_in(gpio_dev[i], j);
+ gpio_out[i][j] = NULL;
+ }
+ }
+ }
+
+ if (board->dc2 & (1 << 12)) {
+ dev = sysbus_create_simple(TYPE_STELLARIS_I2C, 0x40020000, pic[8]);
+ i2c = (i2c_bus *)qdev_get_child_bus(dev, "i2c");
+ if (board->peripherals & BP_OLED_I2C) {
+ i2c_create_slave(i2c, "ssd0303", 0x3d);
+ }
+ }
+
+ for (i = 0; i < 4; i++) {
+ if (board->dc2 & (1 << i)) {
+ sysbus_create_simple("pl011_luminary", 0x4000c000 + i * 0x1000,
+ pic[uart_irq[i]]);
+ }
+ }
+ if (board->dc2 & (1 << 4)) {
+ dev = sysbus_create_simple("pl022", 0x40008000, pic[7]);
+ if (board->peripherals & BP_OLED_SSI) {
+ void *bus;
+ DeviceState *sddev;
+ DeviceState *ssddev;
+
+ /* Some boards have both an OLED controller and SD card connected to
+ * the same SSI port, with the SD card chip select connected to a
+ * GPIO pin. Technically the OLED chip select is connected to the
+ * SSI Fss pin. We do not bother emulating that as both devices
+ * should never be selected simultaneously, and our OLED controller
+ * ignores stray 0xff commands that occur when deselecting the SD
+ * card.
+ */
+ bus = qdev_get_child_bus(dev, "ssi");
+
+ sddev = ssi_create_slave(bus, "ssi-sd");
+ ssddev = ssi_create_slave(bus, "ssd0323");
+ gpio_out[GPIO_D][0] = qemu_irq_split(qdev_get_gpio_in(sddev, 0),
+ qdev_get_gpio_in(ssddev, 0));
+ gpio_out[GPIO_C][7] = qdev_get_gpio_in(ssddev, 1);
+
+ /* Make sure the select pin is high. */
+ qemu_irq_raise(gpio_out[GPIO_D][0]);
+ }
+ }
+ if (board->dc4 & (1 << 28)) {
+ DeviceState *enet;
+
+ qemu_check_nic_model(&nd_table[0], "stellaris");
+
+ enet = qdev_create(NULL, "stellaris_enet");
+ qdev_set_nic_properties(enet, &nd_table[0]);
+ qdev_init_nofail(enet);
+ sysbus_mmio_map(SYS_BUS_DEVICE(enet), 0, 0x40048000);
+ sysbus_connect_irq(SYS_BUS_DEVICE(enet), 0, pic[42]);
+ }
+ if (board->peripherals & BP_GAMEPAD) {
+ qemu_irq gpad_irq[5];
+ static const int gpad_keycode[5] = { 0xc8, 0xd0, 0xcb, 0xcd, 0x1d };
+
+ gpad_irq[0] = qemu_irq_invert(gpio_in[GPIO_E][0]); /* up */
+ gpad_irq[1] = qemu_irq_invert(gpio_in[GPIO_E][1]); /* down */
+ gpad_irq[2] = qemu_irq_invert(gpio_in[GPIO_E][2]); /* left */
+ gpad_irq[3] = qemu_irq_invert(gpio_in[GPIO_E][3]); /* right */
+ gpad_irq[4] = qemu_irq_invert(gpio_in[GPIO_F][1]); /* select */
+
+ stellaris_gamepad_init(5, gpad_irq, gpad_keycode);
+ }
+ for (i = 0; i < 7; i++) {
+ if (board->dc4 & (1 << i)) {
+ for (j = 0; j < 8; j++) {
+ if (gpio_out[i][j]) {
+ qdev_connect_gpio_out(gpio_dev[i], j, gpio_out[i][j]);
+ }
+ }
+ }
+ }
+}
+
+/* FIXME: Figure out how to generate these from stellaris_boards. */
+static void lm3s811evb_init(QEMUMachineInitArgs *args)
+{
+ const char *cpu_model = args->cpu_model;
+ const char *kernel_filename = args->kernel_filename;
+ stellaris_init(kernel_filename, cpu_model, &stellaris_boards[0]);
+}
+
+static void lm3s6965evb_init(QEMUMachineInitArgs *args)
+{
+ const char *cpu_model = args->cpu_model;
+ const char *kernel_filename = args->kernel_filename;
+ stellaris_init(kernel_filename, cpu_model, &stellaris_boards[1]);
+}
+
+static QEMUMachine lm3s811evb_machine = {
+ .name = "lm3s811evb",
+ .desc = "Stellaris LM3S811EVB",
+ .init = lm3s811evb_init,
+ DEFAULT_MACHINE_OPTIONS,
+};
+
+static QEMUMachine lm3s6965evb_machine = {
+ .name = "lm3s6965evb",
+ .desc = "Stellaris LM3S6965EVB",
+ .init = lm3s6965evb_init,
+ DEFAULT_MACHINE_OPTIONS,
+};
+
+static void stellaris_machine_init(void)
+{
+ qemu_register_machine(&lm3s811evb_machine);
+ qemu_register_machine(&lm3s6965evb_machine);
+}
+
+machine_init(stellaris_machine_init);
+
+static void stellaris_i2c_class_init(ObjectClass *klass, void *data)
+{
+ SysBusDeviceClass *sdc = SYS_BUS_DEVICE_CLASS(klass);
+
+ sdc->init = stellaris_i2c_init;
+}
+
+static const TypeInfo stellaris_i2c_info = {
+ .name = TYPE_STELLARIS_I2C,
+ .parent = TYPE_SYS_BUS_DEVICE,
+ .instance_size = sizeof(stellaris_i2c_state),
+ .class_init = stellaris_i2c_class_init,
+};
+
+static void stellaris_gptm_class_init(ObjectClass *klass, void *data)
+{
+ SysBusDeviceClass *sdc = SYS_BUS_DEVICE_CLASS(klass);
+
+ sdc->init = stellaris_gptm_init;
+}
+
+static const TypeInfo stellaris_gptm_info = {
+ .name = TYPE_STELLARIS_GPTM,
+ .parent = TYPE_SYS_BUS_DEVICE,
+ .instance_size = sizeof(gptm_state),
+ .class_init = stellaris_gptm_class_init,
+};
+
+static void stellaris_adc_class_init(ObjectClass *klass, void *data)
+{
+ SysBusDeviceClass *sdc = SYS_BUS_DEVICE_CLASS(klass);
+
+ sdc->init = stellaris_adc_init;
+}
+
+static const TypeInfo stellaris_adc_info = {
+ .name = TYPE_STELLARIS_ADC,
+ .parent = TYPE_SYS_BUS_DEVICE,
+ .instance_size = sizeof(stellaris_adc_state),
+ .class_init = stellaris_adc_class_init,
+};
+
+static void stellaris_register_types(void)
+{
+ type_register_static(&stellaris_i2c_info);
+ type_register_static(&stellaris_gptm_info);
+ type_register_static(&stellaris_adc_info);
+}
+
+type_init(stellaris_register_types)
diff --git a/hw/arm/strongarm.c b/hw/arm/strongarm.c
new file mode 100644
index 000000000..82a9492fd
--- /dev/null
+++ b/hw/arm/strongarm.c
@@ -0,0 +1,1661 @@
+/*
+ * StrongARM SA-1100/SA-1110 emulation
+ *
+ * Copyright (C) 2011 Dmitry Eremin-Solenikov
+ *
+ * Largely based on StrongARM emulation:
+ * Copyright (c) 2006 Openedhand Ltd.
+ * Written by Andrzej Zaborowski <balrog@zabor.org>
+ *
+ * UART code based on QEMU 16550A UART emulation
+ * Copyright (c) 2003-2004 Fabrice Bellard
+ * Copyright (c) 2008 Citrix Systems, Inc.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, see <http://www.gnu.org/licenses/>.
+ *
+ * Contributions after 2012-01-13 are licensed under the terms of the
+ * GNU GPL, version 2 or (at your option) any later version.
+ */
+#include "hw/sysbus.h"
+#include "strongarm.h"
+#include "qemu/error-report.h"
+#include "hw/arm/arm.h"
+#include "sysemu/char.h"
+#include "sysemu/sysemu.h"
+#include "hw/ssi.h"
+
+//#define DEBUG
+
+/*
+ TODO
+ - Implement cp15, c14 ?
+ - Implement cp15, c15 !!! (idle used in L)
+ - Implement idle mode handling/DIM
+ - Implement sleep mode/Wake sources
+ - Implement reset control
+ - Implement memory control regs
+ - PCMCIA handling
+ - Maybe support MBGNT/MBREQ
+ - DMA channels
+ - GPCLK
+ - IrDA
+ - MCP
+ - Enhance UART with modem signals
+ */
+
+#ifdef DEBUG
+# define DPRINTF(format, ...) printf(format , ## __VA_ARGS__)
+#else
+# define DPRINTF(format, ...) do { } while (0)
+#endif
+
+static struct {
+ hwaddr io_base;
+ int irq;
+} sa_serial[] = {
+ { 0x80010000, SA_PIC_UART1 },
+ { 0x80030000, SA_PIC_UART2 },
+ { 0x80050000, SA_PIC_UART3 },
+ { 0, 0 }
+};
+
+/* Interrupt Controller */
+
+#define TYPE_STRONGARM_PIC "strongarm_pic"
+#define STRONGARM_PIC(obj) \
+ OBJECT_CHECK(StrongARMPICState, (obj), TYPE_STRONGARM_PIC)
+
+typedef struct StrongARMPICState {
+ SysBusDevice parent_obj;
+
+ MemoryRegion iomem;
+ qemu_irq irq;
+ qemu_irq fiq;
+
+ uint32_t pending;
+ uint32_t enabled;
+ uint32_t is_fiq;
+ uint32_t int_idle;
+} StrongARMPICState;
+
+#define ICIP 0x00
+#define ICMR 0x04
+#define ICLR 0x08
+#define ICFP 0x10
+#define ICPR 0x20
+#define ICCR 0x0c
+
+#define SA_PIC_SRCS 32
+
+
+static void strongarm_pic_update(void *opaque)
+{
+ StrongARMPICState *s = opaque;
+
+ /* FIXME: reflect DIM */
+ qemu_set_irq(s->fiq, s->pending & s->enabled & s->is_fiq);
+ qemu_set_irq(s->irq, s->pending & s->enabled & ~s->is_fiq);
+}
+
+static void strongarm_pic_set_irq(void *opaque, int irq, int level)
+{
+ StrongARMPICState *s = opaque;
+
+ if (level) {
+ s->pending |= 1 << irq;
+ } else {
+ s->pending &= ~(1 << irq);
+ }
+
+ strongarm_pic_update(s);
+}
+
+static uint64_t strongarm_pic_mem_read(void *opaque, hwaddr offset,
+ unsigned size)
+{
+ StrongARMPICState *s = opaque;
+
+ switch (offset) {
+ case ICIP:
+ return s->pending & ~s->is_fiq & s->enabled;
+ case ICMR:
+ return s->enabled;
+ case ICLR:
+ return s->is_fiq;
+ case ICCR:
+ return s->int_idle == 0;
+ case ICFP:
+ return s->pending & s->is_fiq & s->enabled;
+ case ICPR:
+ return s->pending;
+ default:
+ printf("%s: Bad register offset 0x" TARGET_FMT_plx "\n",
+ __func__, offset);
+ return 0;
+ }
+}
+
+static void strongarm_pic_mem_write(void *opaque, hwaddr offset,
+ uint64_t value, unsigned size)
+{
+ StrongARMPICState *s = opaque;
+
+ switch (offset) {
+ case ICMR:
+ s->enabled = value;
+ break;
+ case ICLR:
+ s->is_fiq = value;
+ break;
+ case ICCR:
+ s->int_idle = (value & 1) ? 0 : ~0;
+ break;
+ default:
+ printf("%s: Bad register offset 0x" TARGET_FMT_plx "\n",
+ __func__, offset);
+ break;
+ }
+ strongarm_pic_update(s);
+}
+
+static const MemoryRegionOps strongarm_pic_ops = {
+ .read = strongarm_pic_mem_read,
+ .write = strongarm_pic_mem_write,
+ .endianness = DEVICE_NATIVE_ENDIAN,
+};
+
+static int strongarm_pic_initfn(SysBusDevice *sbd)
+{
+ DeviceState *dev = DEVICE(sbd);
+ StrongARMPICState *s = STRONGARM_PIC(dev);
+
+ qdev_init_gpio_in(dev, strongarm_pic_set_irq, SA_PIC_SRCS);
+ memory_region_init_io(&s->iomem, OBJECT(s), &strongarm_pic_ops, s,
+ "pic", 0x1000);
+ sysbus_init_mmio(sbd, &s->iomem);
+ sysbus_init_irq(sbd, &s->irq);
+ sysbus_init_irq(sbd, &s->fiq);
+
+ return 0;
+}
+
+static int strongarm_pic_post_load(void *opaque, int version_id)
+{
+ strongarm_pic_update(opaque);
+ return 0;
+}
+
+static VMStateDescription vmstate_strongarm_pic_regs = {
+ .name = "strongarm_pic",
+ .version_id = 0,
+ .minimum_version_id = 0,
+ .minimum_version_id_old = 0,
+ .post_load = strongarm_pic_post_load,
+ .fields = (VMStateField[]) {
+ VMSTATE_UINT32(pending, StrongARMPICState),
+ VMSTATE_UINT32(enabled, StrongARMPICState),
+ VMSTATE_UINT32(is_fiq, StrongARMPICState),
+ VMSTATE_UINT32(int_idle, StrongARMPICState),
+ VMSTATE_END_OF_LIST(),
+ },
+};
+
+static void strongarm_pic_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
+
+ k->init = strongarm_pic_initfn;
+ dc->desc = "StrongARM PIC";
+ dc->vmsd = &vmstate_strongarm_pic_regs;
+}
+
+static const TypeInfo strongarm_pic_info = {
+ .name = TYPE_STRONGARM_PIC,
+ .parent = TYPE_SYS_BUS_DEVICE,
+ .instance_size = sizeof(StrongARMPICState),
+ .class_init = strongarm_pic_class_init,
+};
+
+/* Real-Time Clock */
+#define RTAR 0x00 /* RTC Alarm register */
+#define RCNR 0x04 /* RTC Counter register */
+#define RTTR 0x08 /* RTC Timer Trim register */
+#define RTSR 0x10 /* RTC Status register */
+
+#define RTSR_AL (1 << 0) /* RTC Alarm detected */
+#define RTSR_HZ (1 << 1) /* RTC 1Hz detected */
+#define RTSR_ALE (1 << 2) /* RTC Alarm enable */
+#define RTSR_HZE (1 << 3) /* RTC 1Hz enable */
+
+/* 16 LSB of RTTR are clockdiv for internal trim logic,
+ * trim delete isn't emulated, so
+ * f = 32 768 / (RTTR_trim + 1) */
+
+#define TYPE_STRONGARM_RTC "strongarm-rtc"
+#define STRONGARM_RTC(obj) \
+ OBJECT_CHECK(StrongARMRTCState, (obj), TYPE_STRONGARM_RTC)
+
+typedef struct StrongARMRTCState {
+ SysBusDevice parent_obj;
+
+ MemoryRegion iomem;
+ uint32_t rttr;
+ uint32_t rtsr;
+ uint32_t rtar;
+ uint32_t last_rcnr;
+ int64_t last_hz;
+ QEMUTimer *rtc_alarm;
+ QEMUTimer *rtc_hz;
+ qemu_irq rtc_irq;
+ qemu_irq rtc_hz_irq;
+} StrongARMRTCState;
+
+static inline void strongarm_rtc_int_update(StrongARMRTCState *s)
+{
+ qemu_set_irq(s->rtc_irq, s->rtsr & RTSR_AL);
+ qemu_set_irq(s->rtc_hz_irq, s->rtsr & RTSR_HZ);
+}
+
+static void strongarm_rtc_hzupdate(StrongARMRTCState *s)
+{
+ int64_t rt = qemu_get_clock_ms(rtc_clock);
+ s->last_rcnr += ((rt - s->last_hz) << 15) /
+ (1000 * ((s->rttr & 0xffff) + 1));
+ s->last_hz = rt;
+}
+
+static inline void strongarm_rtc_timer_update(StrongARMRTCState *s)
+{
+ if ((s->rtsr & RTSR_HZE) && !(s->rtsr & RTSR_HZ)) {
+ qemu_mod_timer(s->rtc_hz, s->last_hz + 1000);
+ } else {
+ qemu_del_timer(s->rtc_hz);
+ }
+
+ if ((s->rtsr & RTSR_ALE) && !(s->rtsr & RTSR_AL)) {
+ qemu_mod_timer(s->rtc_alarm, s->last_hz +
+ (((s->rtar - s->last_rcnr) * 1000 *
+ ((s->rttr & 0xffff) + 1)) >> 15));
+ } else {
+ qemu_del_timer(s->rtc_alarm);
+ }
+}
+
+static inline void strongarm_rtc_alarm_tick(void *opaque)
+{
+ StrongARMRTCState *s = opaque;
+ s->rtsr |= RTSR_AL;
+ strongarm_rtc_timer_update(s);
+ strongarm_rtc_int_update(s);
+}
+
+static inline void strongarm_rtc_hz_tick(void *opaque)
+{
+ StrongARMRTCState *s = opaque;
+ s->rtsr |= RTSR_HZ;
+ strongarm_rtc_timer_update(s);
+ strongarm_rtc_int_update(s);
+}
+
+static uint64_t strongarm_rtc_read(void *opaque, hwaddr addr,
+ unsigned size)
+{
+ StrongARMRTCState *s = opaque;
+
+ switch (addr) {
+ case RTTR:
+ return s->rttr;
+ case RTSR:
+ return s->rtsr;
+ case RTAR:
+ return s->rtar;
+ case RCNR:
+ return s->last_rcnr +
+ ((qemu_get_clock_ms(rtc_clock) - s->last_hz) << 15) /
+ (1000 * ((s->rttr & 0xffff) + 1));
+ default:
+ printf("%s: Bad register 0x" TARGET_FMT_plx "\n", __func__, addr);
+ return 0;
+ }
+}
+
+static void strongarm_rtc_write(void *opaque, hwaddr addr,
+ uint64_t value, unsigned size)
+{
+ StrongARMRTCState *s = opaque;
+ uint32_t old_rtsr;
+
+ switch (addr) {
+ case RTTR:
+ strongarm_rtc_hzupdate(s);
+ s->rttr = value;
+ strongarm_rtc_timer_update(s);
+ break;
+
+ case RTSR:
+ old_rtsr = s->rtsr;
+ s->rtsr = (value & (RTSR_ALE | RTSR_HZE)) |
+ (s->rtsr & ~(value & (RTSR_AL | RTSR_HZ)));
+
+ if (s->rtsr != old_rtsr) {
+ strongarm_rtc_timer_update(s);
+ }
+
+ strongarm_rtc_int_update(s);
+ break;
+
+ case RTAR:
+ s->rtar = value;
+ strongarm_rtc_timer_update(s);
+ break;
+
+ case RCNR:
+ strongarm_rtc_hzupdate(s);
+ s->last_rcnr = value;
+ strongarm_rtc_timer_update(s);
+ break;
+
+ default:
+ printf("%s: Bad register 0x" TARGET_FMT_plx "\n", __func__, addr);
+ }
+}
+
+static const MemoryRegionOps strongarm_rtc_ops = {
+ .read = strongarm_rtc_read,
+ .write = strongarm_rtc_write,
+ .endianness = DEVICE_NATIVE_ENDIAN,
+};
+
+static int strongarm_rtc_init(SysBusDevice *dev)
+{
+ StrongARMRTCState *s = STRONGARM_RTC(dev);
+ struct tm tm;
+
+ s->rttr = 0x0;
+ s->rtsr = 0;
+
+ qemu_get_timedate(&tm, 0);
+
+ s->last_rcnr = (uint32_t) mktimegm(&tm);
+ s->last_hz = qemu_get_clock_ms(rtc_clock);
+
+ s->rtc_alarm = qemu_new_timer_ms(rtc_clock, strongarm_rtc_alarm_tick, s);
+ s->rtc_hz = qemu_new_timer_ms(rtc_clock, strongarm_rtc_hz_tick, s);
+
+ sysbus_init_irq(dev, &s->rtc_irq);
+ sysbus_init_irq(dev, &s->rtc_hz_irq);
+
+ memory_region_init_io(&s->iomem, OBJECT(s), &strongarm_rtc_ops, s,
+ "rtc", 0x10000);
+ sysbus_init_mmio(dev, &s->iomem);
+
+ return 0;
+}
+
+static void strongarm_rtc_pre_save(void *opaque)
+{
+ StrongARMRTCState *s = opaque;
+
+ strongarm_rtc_hzupdate(s);
+}
+
+static int strongarm_rtc_post_load(void *opaque, int version_id)
+{
+ StrongARMRTCState *s = opaque;
+
+ strongarm_rtc_timer_update(s);
+ strongarm_rtc_int_update(s);
+
+ return 0;
+}
+
+static const VMStateDescription vmstate_strongarm_rtc_regs = {
+ .name = "strongarm-rtc",
+ .version_id = 0,
+ .minimum_version_id = 0,
+ .minimum_version_id_old = 0,
+ .pre_save = strongarm_rtc_pre_save,
+ .post_load = strongarm_rtc_post_load,
+ .fields = (VMStateField[]) {
+ VMSTATE_UINT32(rttr, StrongARMRTCState),
+ VMSTATE_UINT32(rtsr, StrongARMRTCState),
+ VMSTATE_UINT32(rtar, StrongARMRTCState),
+ VMSTATE_UINT32(last_rcnr, StrongARMRTCState),
+ VMSTATE_INT64(last_hz, StrongARMRTCState),
+ VMSTATE_END_OF_LIST(),
+ },
+};
+
+static void strongarm_rtc_sysbus_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
+
+ k->init = strongarm_rtc_init;
+ dc->desc = "StrongARM RTC Controller";
+ dc->vmsd = &vmstate_strongarm_rtc_regs;
+}
+
+static const TypeInfo strongarm_rtc_sysbus_info = {
+ .name = TYPE_STRONGARM_RTC,
+ .parent = TYPE_SYS_BUS_DEVICE,
+ .instance_size = sizeof(StrongARMRTCState),
+ .class_init = strongarm_rtc_sysbus_class_init,
+};
+
+/* GPIO */
+#define GPLR 0x00
+#define GPDR 0x04
+#define GPSR 0x08
+#define GPCR 0x0c
+#define GRER 0x10
+#define GFER 0x14
+#define GEDR 0x18
+#define GAFR 0x1c
+
+#define TYPE_STRONGARM_GPIO "strongarm-gpio"
+#define STRONGARM_GPIO(obj) \
+ OBJECT_CHECK(StrongARMGPIOInfo, (obj), TYPE_STRONGARM_GPIO)
+
+typedef struct StrongARMGPIOInfo StrongARMGPIOInfo;
+struct StrongARMGPIOInfo {
+ SysBusDevice busdev;
+ MemoryRegion iomem;
+ qemu_irq handler[28];
+ qemu_irq irqs[11];
+ qemu_irq irqX;
+
+ uint32_t ilevel;
+ uint32_t olevel;
+ uint32_t dir;
+ uint32_t rising;
+ uint32_t falling;
+ uint32_t status;
+ uint32_t gpsr;
+ uint32_t gafr;
+
+ uint32_t prev_level;
+};
+
+
+static void strongarm_gpio_irq_update(StrongARMGPIOInfo *s)
+{
+ int i;
+ for (i = 0; i < 11; i++) {
+ qemu_set_irq(s->irqs[i], s->status & (1 << i));
+ }
+
+ qemu_set_irq(s->irqX, (s->status & ~0x7ff));
+}
+
+static void strongarm_gpio_set(void *opaque, int line, int level)
+{
+ StrongARMGPIOInfo *s = opaque;
+ uint32_t mask;
+
+ mask = 1 << line;
+
+ if (level) {
+ s->status |= s->rising & mask &
+ ~s->ilevel & ~s->dir;
+ s->ilevel |= mask;
+ } else {
+ s->status |= s->falling & mask &
+ s->ilevel & ~s->dir;
+ s->ilevel &= ~mask;
+ }
+
+ if (s->status & mask) {
+ strongarm_gpio_irq_update(s);
+ }
+}
+
+static void strongarm_gpio_handler_update(StrongARMGPIOInfo *s)
+{
+ uint32_t level, diff;
+ int bit;
+
+ level = s->olevel & s->dir;
+
+ for (diff = s->prev_level ^ level; diff; diff ^= 1 << bit) {
+ bit = ffs(diff) - 1;
+ qemu_set_irq(s->handler[bit], (level >> bit) & 1);
+ }
+
+ s->prev_level = level;
+}
+
+static uint64_t strongarm_gpio_read(void *opaque, hwaddr offset,
+ unsigned size)
+{
+ StrongARMGPIOInfo *s = opaque;
+
+ switch (offset) {
+ case GPDR: /* GPIO Pin-Direction registers */
+ return s->dir;
+
+ case GPSR: /* GPIO Pin-Output Set registers */
+ DPRINTF("%s: Read from a write-only register 0x" TARGET_FMT_plx "\n",
+ __func__, offset);
+ return s->gpsr; /* Return last written value. */
+
+ case GPCR: /* GPIO Pin-Output Clear registers */
+ DPRINTF("%s: Read from a write-only register 0x" TARGET_FMT_plx "\n",
+ __func__, offset);
+ return 31337; /* Specified as unpredictable in the docs. */
+
+ case GRER: /* GPIO Rising-Edge Detect Enable registers */
+ return s->rising;
+
+ case GFER: /* GPIO Falling-Edge Detect Enable registers */
+ return s->falling;
+
+ case GAFR: /* GPIO Alternate Function registers */
+ return s->gafr;
+
+ case GPLR: /* GPIO Pin-Level registers */
+ return (s->olevel & s->dir) |
+ (s->ilevel & ~s->dir);
+
+ case GEDR: /* GPIO Edge Detect Status registers */
+ return s->status;
+
+ default:
+ printf("%s: Bad offset 0x" TARGET_FMT_plx "\n", __func__, offset);
+ }
+
+ return 0;
+}
+
+static void strongarm_gpio_write(void *opaque, hwaddr offset,
+ uint64_t value, unsigned size)
+{
+ StrongARMGPIOInfo *s = opaque;
+
+ switch (offset) {
+ case GPDR: /* GPIO Pin-Direction registers */
+ s->dir = value;
+ strongarm_gpio_handler_update(s);
+ break;
+
+ case GPSR: /* GPIO Pin-Output Set registers */
+ s->olevel |= value;
+ strongarm_gpio_handler_update(s);
+ s->gpsr = value;
+ break;
+
+ case GPCR: /* GPIO Pin-Output Clear registers */
+ s->olevel &= ~value;
+ strongarm_gpio_handler_update(s);
+ break;
+
+ case GRER: /* GPIO Rising-Edge Detect Enable registers */
+ s->rising = value;
+ break;
+
+ case GFER: /* GPIO Falling-Edge Detect Enable registers */
+ s->falling = value;
+ break;
+
+ case GAFR: /* GPIO Alternate Function registers */
+ s->gafr = value;
+ break;
+
+ case GEDR: /* GPIO Edge Detect Status registers */
+ s->status &= ~value;
+ strongarm_gpio_irq_update(s);
+ break;
+
+ default:
+ printf("%s: Bad offset 0x" TARGET_FMT_plx "\n", __func__, offset);
+ }
+}
+
+static const MemoryRegionOps strongarm_gpio_ops = {
+ .read = strongarm_gpio_read,
+ .write = strongarm_gpio_write,
+ .endianness = DEVICE_NATIVE_ENDIAN,
+};
+
+static DeviceState *strongarm_gpio_init(hwaddr base,
+ DeviceState *pic)
+{
+ DeviceState *dev;
+ int i;
+
+ dev = qdev_create(NULL, TYPE_STRONGARM_GPIO);
+ qdev_init_nofail(dev);
+
+ sysbus_mmio_map(SYS_BUS_DEVICE(dev), 0, base);
+ for (i = 0; i < 12; i++)
+ sysbus_connect_irq(SYS_BUS_DEVICE(dev), i,
+ qdev_get_gpio_in(pic, SA_PIC_GPIO0_EDGE + i));
+
+ return dev;
+}
+
+static int strongarm_gpio_initfn(SysBusDevice *sbd)
+{
+ DeviceState *dev = DEVICE(sbd);
+ StrongARMGPIOInfo *s = STRONGARM_GPIO(dev);
+ int i;
+
+ qdev_init_gpio_in(dev, strongarm_gpio_set, 28);
+ qdev_init_gpio_out(dev, s->handler, 28);
+
+ memory_region_init_io(&s->iomem, OBJECT(s), &strongarm_gpio_ops, s,
+ "gpio", 0x1000);
+
+ sysbus_init_mmio(sbd, &s->iomem);
+ for (i = 0; i < 11; i++) {
+ sysbus_init_irq(sbd, &s->irqs[i]);
+ }
+ sysbus_init_irq(sbd, &s->irqX);
+
+ return 0;
+}
+
+static const VMStateDescription vmstate_strongarm_gpio_regs = {
+ .name = "strongarm-gpio",
+ .version_id = 0,
+ .minimum_version_id = 0,
+ .minimum_version_id_old = 0,
+ .fields = (VMStateField[]) {
+ VMSTATE_UINT32(ilevel, StrongARMGPIOInfo),
+ VMSTATE_UINT32(olevel, StrongARMGPIOInfo),
+ VMSTATE_UINT32(dir, StrongARMGPIOInfo),
+ VMSTATE_UINT32(rising, StrongARMGPIOInfo),
+ VMSTATE_UINT32(falling, StrongARMGPIOInfo),
+ VMSTATE_UINT32(status, StrongARMGPIOInfo),
+ VMSTATE_UINT32(gafr, StrongARMGPIOInfo),
+ VMSTATE_END_OF_LIST(),
+ },
+};
+
+static void strongarm_gpio_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
+
+ k->init = strongarm_gpio_initfn;
+ dc->desc = "StrongARM GPIO controller";
+}
+
+static const TypeInfo strongarm_gpio_info = {
+ .name = TYPE_STRONGARM_GPIO,
+ .parent = TYPE_SYS_BUS_DEVICE,
+ .instance_size = sizeof(StrongARMGPIOInfo),
+ .class_init = strongarm_gpio_class_init,
+};
+
+/* Peripheral Pin Controller */
+#define PPDR 0x00
+#define PPSR 0x04
+#define PPAR 0x08
+#define PSDR 0x0c
+#define PPFR 0x10
+
+#define TYPE_STRONGARM_PPC "strongarm-ppc"
+#define STRONGARM_PPC(obj) \
+ OBJECT_CHECK(StrongARMPPCInfo, (obj), TYPE_STRONGARM_PPC)
+
+typedef struct StrongARMPPCInfo StrongARMPPCInfo;
+struct StrongARMPPCInfo {
+ SysBusDevice parent_obj;
+
+ MemoryRegion iomem;
+ qemu_irq handler[28];
+
+ uint32_t ilevel;
+ uint32_t olevel;
+ uint32_t dir;
+ uint32_t ppar;
+ uint32_t psdr;
+ uint32_t ppfr;
+
+ uint32_t prev_level;
+};
+
+static void strongarm_ppc_set(void *opaque, int line, int level)
+{
+ StrongARMPPCInfo *s = opaque;
+
+ if (level) {
+ s->ilevel |= 1 << line;
+ } else {
+ s->ilevel &= ~(1 << line);
+ }
+}
+
+static void strongarm_ppc_handler_update(StrongARMPPCInfo *s)
+{
+ uint32_t level, diff;
+ int bit;
+
+ level = s->olevel & s->dir;
+
+ for (diff = s->prev_level ^ level; diff; diff ^= 1 << bit) {
+ bit = ffs(diff) - 1;
+ qemu_set_irq(s->handler[bit], (level >> bit) & 1);
+ }
+
+ s->prev_level = level;
+}
+
+static uint64_t strongarm_ppc_read(void *opaque, hwaddr offset,
+ unsigned size)
+{
+ StrongARMPPCInfo *s = opaque;
+
+ switch (offset) {
+ case PPDR: /* PPC Pin Direction registers */
+ return s->dir | ~0x3fffff;
+
+ case PPSR: /* PPC Pin State registers */
+ return (s->olevel & s->dir) |
+ (s->ilevel & ~s->dir) |
+ ~0x3fffff;
+
+ case PPAR:
+ return s->ppar | ~0x41000;
+
+ case PSDR:
+ return s->psdr;
+
+ case PPFR:
+ return s->ppfr | ~0x7f001;
+
+ default:
+ printf("%s: Bad offset 0x" TARGET_FMT_plx "\n", __func__, offset);
+ }
+
+ return 0;
+}
+
+static void strongarm_ppc_write(void *opaque, hwaddr offset,
+ uint64_t value, unsigned size)
+{
+ StrongARMPPCInfo *s = opaque;
+
+ switch (offset) {
+ case PPDR: /* PPC Pin Direction registers */
+ s->dir = value & 0x3fffff;
+ strongarm_ppc_handler_update(s);
+ break;
+
+ case PPSR: /* PPC Pin State registers */
+ s->olevel = value & s->dir & 0x3fffff;
+ strongarm_ppc_handler_update(s);
+ break;
+
+ case PPAR:
+ s->ppar = value & 0x41000;
+ break;
+
+ case PSDR:
+ s->psdr = value & 0x3fffff;
+ break;
+
+ case PPFR:
+ s->ppfr = value & 0x7f001;
+ break;
+
+ default:
+ printf("%s: Bad offset 0x" TARGET_FMT_plx "\n", __func__, offset);
+ }
+}
+
+static const MemoryRegionOps strongarm_ppc_ops = {
+ .read = strongarm_ppc_read,
+ .write = strongarm_ppc_write,
+ .endianness = DEVICE_NATIVE_ENDIAN,
+};
+
+static int strongarm_ppc_init(SysBusDevice *sbd)
+{
+ DeviceState *dev = DEVICE(sbd);
+ StrongARMPPCInfo *s = STRONGARM_PPC(dev);
+
+ qdev_init_gpio_in(dev, strongarm_ppc_set, 22);
+ qdev_init_gpio_out(dev, s->handler, 22);
+
+ memory_region_init_io(&s->iomem, OBJECT(s), &strongarm_ppc_ops, s,
+ "ppc", 0x1000);
+
+ sysbus_init_mmio(sbd, &s->iomem);
+
+ return 0;
+}
+
+static const VMStateDescription vmstate_strongarm_ppc_regs = {
+ .name = "strongarm-ppc",
+ .version_id = 0,
+ .minimum_version_id = 0,
+ .minimum_version_id_old = 0,
+ .fields = (VMStateField[]) {
+ VMSTATE_UINT32(ilevel, StrongARMPPCInfo),
+ VMSTATE_UINT32(olevel, StrongARMPPCInfo),
+ VMSTATE_UINT32(dir, StrongARMPPCInfo),
+ VMSTATE_UINT32(ppar, StrongARMPPCInfo),
+ VMSTATE_UINT32(psdr, StrongARMPPCInfo),
+ VMSTATE_UINT32(ppfr, StrongARMPPCInfo),
+ VMSTATE_END_OF_LIST(),
+ },
+};
+
+static void strongarm_ppc_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
+
+ k->init = strongarm_ppc_init;
+ dc->desc = "StrongARM PPC controller";
+}
+
+static const TypeInfo strongarm_ppc_info = {
+ .name = TYPE_STRONGARM_PPC,
+ .parent = TYPE_SYS_BUS_DEVICE,
+ .instance_size = sizeof(StrongARMPPCInfo),
+ .class_init = strongarm_ppc_class_init,
+};
+
+/* UART Ports */
+#define UTCR0 0x00
+#define UTCR1 0x04
+#define UTCR2 0x08
+#define UTCR3 0x0c
+#define UTDR 0x14
+#define UTSR0 0x1c
+#define UTSR1 0x20
+
+#define UTCR0_PE (1 << 0) /* Parity enable */
+#define UTCR0_OES (1 << 1) /* Even parity */
+#define UTCR0_SBS (1 << 2) /* 2 stop bits */
+#define UTCR0_DSS (1 << 3) /* 8-bit data */
+
+#define UTCR3_RXE (1 << 0) /* Rx enable */
+#define UTCR3_TXE (1 << 1) /* Tx enable */
+#define UTCR3_BRK (1 << 2) /* Force Break */
+#define UTCR3_RIE (1 << 3) /* Rx int enable */
+#define UTCR3_TIE (1 << 4) /* Tx int enable */
+#define UTCR3_LBM (1 << 5) /* Loopback */
+
+#define UTSR0_TFS (1 << 0) /* Tx FIFO nearly empty */
+#define UTSR0_RFS (1 << 1) /* Rx FIFO nearly full */
+#define UTSR0_RID (1 << 2) /* Receiver Idle */
+#define UTSR0_RBB (1 << 3) /* Receiver begin break */
+#define UTSR0_REB (1 << 4) /* Receiver end break */
+#define UTSR0_EIF (1 << 5) /* Error in FIFO */
+
+#define UTSR1_RNE (1 << 1) /* Receive FIFO not empty */
+#define UTSR1_TNF (1 << 2) /* Transmit FIFO not full */
+#define UTSR1_PRE (1 << 3) /* Parity error */
+#define UTSR1_FRE (1 << 4) /* Frame error */
+#define UTSR1_ROR (1 << 5) /* Receive Over Run */
+
+#define RX_FIFO_PRE (1 << 8)
+#define RX_FIFO_FRE (1 << 9)
+#define RX_FIFO_ROR (1 << 10)
+
+#define TYPE_STRONGARM_UART "strongarm-uart"
+#define STRONGARM_UART(obj) \
+ OBJECT_CHECK(StrongARMUARTState, (obj), TYPE_STRONGARM_UART)
+
+typedef struct StrongARMUARTState {
+ SysBusDevice parent_obj;
+
+ MemoryRegion iomem;
+ CharDriverState *chr;
+ qemu_irq irq;
+
+ uint8_t utcr0;
+ uint16_t brd;
+ uint8_t utcr3;
+ uint8_t utsr0;
+ uint8_t utsr1;
+
+ uint8_t tx_fifo[8];
+ uint8_t tx_start;
+ uint8_t tx_len;
+ uint16_t rx_fifo[12]; /* value + error flags in high bits */
+ uint8_t rx_start;
+ uint8_t rx_len;
+
+ uint64_t char_transmit_time; /* time to transmit a char in ticks*/
+ bool wait_break_end;
+ QEMUTimer *rx_timeout_timer;
+ QEMUTimer *tx_timer;
+} StrongARMUARTState;
+
+static void strongarm_uart_update_status(StrongARMUARTState *s)
+{
+ uint16_t utsr1 = 0;
+
+ if (s->tx_len != 8) {
+ utsr1 |= UTSR1_TNF;
+ }
+
+ if (s->rx_len != 0) {
+ uint16_t ent = s->rx_fifo[s->rx_start];
+
+ utsr1 |= UTSR1_RNE;
+ if (ent & RX_FIFO_PRE) {
+ s->utsr1 |= UTSR1_PRE;
+ }
+ if (ent & RX_FIFO_FRE) {
+ s->utsr1 |= UTSR1_FRE;
+ }
+ if (ent & RX_FIFO_ROR) {
+ s->utsr1 |= UTSR1_ROR;
+ }
+ }
+
+ s->utsr1 = utsr1;
+}
+
+static void strongarm_uart_update_int_status(StrongARMUARTState *s)
+{
+ uint16_t utsr0 = s->utsr0 &
+ (UTSR0_REB | UTSR0_RBB | UTSR0_RID);
+ int i;
+
+ if ((s->utcr3 & UTCR3_TXE) &&
+ (s->utcr3 & UTCR3_TIE) &&
+ s->tx_len <= 4) {
+ utsr0 |= UTSR0_TFS;
+ }
+
+ if ((s->utcr3 & UTCR3_RXE) &&
+ (s->utcr3 & UTCR3_RIE) &&
+ s->rx_len > 4) {
+ utsr0 |= UTSR0_RFS;
+ }
+
+ for (i = 0; i < s->rx_len && i < 4; i++)
+ if (s->rx_fifo[(s->rx_start + i) % 12] & ~0xff) {
+ utsr0 |= UTSR0_EIF;
+ break;
+ }
+
+ s->utsr0 = utsr0;
+ qemu_set_irq(s->irq, utsr0);
+}
+
+static void strongarm_uart_update_parameters(StrongARMUARTState *s)
+{
+ int speed, parity, data_bits, stop_bits, frame_size;
+ QEMUSerialSetParams ssp;
+
+ /* Start bit. */
+ frame_size = 1;
+ if (s->utcr0 & UTCR0_PE) {
+ /* Parity bit. */
+ frame_size++;
+ if (s->utcr0 & UTCR0_OES) {
+ parity = 'E';
+ } else {
+ parity = 'O';
+ }
+ } else {
+ parity = 'N';
+ }
+ if (s->utcr0 & UTCR0_SBS) {
+ stop_bits = 2;
+ } else {
+ stop_bits = 1;
+ }
+
+ data_bits = (s->utcr0 & UTCR0_DSS) ? 8 : 7;
+ frame_size += data_bits + stop_bits;
+ speed = 3686400 / 16 / (s->brd + 1);
+ ssp.speed = speed;
+ ssp.parity = parity;
+ ssp.data_bits = data_bits;
+ ssp.stop_bits = stop_bits;
+ s->char_transmit_time = (get_ticks_per_sec() / speed) * frame_size;
+ if (s->chr) {
+ qemu_chr_fe_ioctl(s->chr, CHR_IOCTL_SERIAL_SET_PARAMS, &ssp);
+ }
+
+ DPRINTF(stderr, "%s speed=%d parity=%c data=%d stop=%d\n", s->chr->label,
+ speed, parity, data_bits, stop_bits);
+}
+
+static void strongarm_uart_rx_to(void *opaque)
+{
+ StrongARMUARTState *s = opaque;
+
+ if (s->rx_len) {
+ s->utsr0 |= UTSR0_RID;
+ strongarm_uart_update_int_status(s);
+ }
+}
+
+static void strongarm_uart_rx_push(StrongARMUARTState *s, uint16_t c)
+{
+ if ((s->utcr3 & UTCR3_RXE) == 0) {
+ /* rx disabled */
+ return;
+ }
+
+ if (s->wait_break_end) {
+ s->utsr0 |= UTSR0_REB;
+ s->wait_break_end = false;
+ }
+
+ if (s->rx_len < 12) {
+ s->rx_fifo[(s->rx_start + s->rx_len) % 12] = c;
+ s->rx_len++;
+ } else
+ s->rx_fifo[(s->rx_start + 11) % 12] |= RX_FIFO_ROR;
+}
+
+static int strongarm_uart_can_receive(void *opaque)
+{
+ StrongARMUARTState *s = opaque;
+
+ if (s->rx_len == 12) {
+ return 0;
+ }
+ /* It's best not to get more than 2/3 of RX FIFO, so advertise that much */
+ if (s->rx_len < 8) {
+ return 8 - s->rx_len;
+ }
+ return 1;
+}
+
+static void strongarm_uart_receive(void *opaque, const uint8_t *buf, int size)
+{
+ StrongARMUARTState *s = opaque;
+ int i;
+
+ for (i = 0; i < size; i++) {
+ strongarm_uart_rx_push(s, buf[i]);
+ }
+
+ /* call the timeout receive callback in 3 char transmit time */
+ qemu_mod_timer(s->rx_timeout_timer,
+ qemu_get_clock_ns(vm_clock) + s->char_transmit_time * 3);
+
+ strongarm_uart_update_status(s);
+ strongarm_uart_update_int_status(s);
+}
+
+static void strongarm_uart_event(void *opaque, int event)
+{
+ StrongARMUARTState *s = opaque;
+ if (event == CHR_EVENT_BREAK) {
+ s->utsr0 |= UTSR0_RBB;
+ strongarm_uart_rx_push(s, RX_FIFO_FRE);
+ s->wait_break_end = true;
+ strongarm_uart_update_status(s);
+ strongarm_uart_update_int_status(s);
+ }
+}
+
+static void strongarm_uart_tx(void *opaque)
+{
+ StrongARMUARTState *s = opaque;
+ uint64_t new_xmit_ts = qemu_get_clock_ns(vm_clock);
+
+ if (s->utcr3 & UTCR3_LBM) /* loopback */ {
+ strongarm_uart_receive(s, &s->tx_fifo[s->tx_start], 1);
+ } else if (s->chr) {
+ qemu_chr_fe_write(s->chr, &s->tx_fifo[s->tx_start], 1);
+ }
+
+ s->tx_start = (s->tx_start + 1) % 8;
+ s->tx_len--;
+ if (s->tx_len) {
+ qemu_mod_timer(s->tx_timer, new_xmit_ts + s->char_transmit_time);
+ }
+ strongarm_uart_update_status(s);
+ strongarm_uart_update_int_status(s);
+}
+
+static uint64_t strongarm_uart_read(void *opaque, hwaddr addr,
+ unsigned size)
+{
+ StrongARMUARTState *s = opaque;
+ uint16_t ret;
+
+ switch (addr) {
+ case UTCR0:
+ return s->utcr0;
+
+ case UTCR1:
+ return s->brd >> 8;
+
+ case UTCR2:
+ return s->brd & 0xff;
+
+ case UTCR3:
+ return s->utcr3;
+
+ case UTDR:
+ if (s->rx_len != 0) {
+ ret = s->rx_fifo[s->rx_start];
+ s->rx_start = (s->rx_start + 1) % 12;
+ s->rx_len--;
+ strongarm_uart_update_status(s);
+ strongarm_uart_update_int_status(s);
+ return ret;
+ }
+ return 0;
+
+ case UTSR0:
+ return s->utsr0;
+
+ case UTSR1:
+ return s->utsr1;
+
+ default:
+ printf("%s: Bad register 0x" TARGET_FMT_plx "\n", __func__, addr);
+ return 0;
+ }
+}
+
+static void strongarm_uart_write(void *opaque, hwaddr addr,
+ uint64_t value, unsigned size)
+{
+ StrongARMUARTState *s = opaque;
+
+ switch (addr) {
+ case UTCR0:
+ s->utcr0 = value & 0x7f;
+ strongarm_uart_update_parameters(s);
+ break;
+
+ case UTCR1:
+ s->brd = (s->brd & 0xff) | ((value & 0xf) << 8);
+ strongarm_uart_update_parameters(s);
+ break;
+
+ case UTCR2:
+ s->brd = (s->brd & 0xf00) | (value & 0xff);
+ strongarm_uart_update_parameters(s);
+ break;
+
+ case UTCR3:
+ s->utcr3 = value & 0x3f;
+ if ((s->utcr3 & UTCR3_RXE) == 0) {
+ s->rx_len = 0;
+ }
+ if ((s->utcr3 & UTCR3_TXE) == 0) {
+ s->tx_len = 0;
+ }
+ strongarm_uart_update_status(s);
+ strongarm_uart_update_int_status(s);
+ break;
+
+ case UTDR:
+ if ((s->utcr3 & UTCR3_TXE) && s->tx_len != 8) {
+ s->tx_fifo[(s->tx_start + s->tx_len) % 8] = value;
+ s->tx_len++;
+ strongarm_uart_update_status(s);
+ strongarm_uart_update_int_status(s);
+ if (s->tx_len == 1) {
+ strongarm_uart_tx(s);
+ }
+ }
+ break;
+
+ case UTSR0:
+ s->utsr0 = s->utsr0 & ~(value &
+ (UTSR0_REB | UTSR0_RBB | UTSR0_RID));
+ strongarm_uart_update_int_status(s);
+ break;
+
+ default:
+ printf("%s: Bad register 0x" TARGET_FMT_plx "\n", __func__, addr);
+ }
+}
+
+static const MemoryRegionOps strongarm_uart_ops = {
+ .read = strongarm_uart_read,
+ .write = strongarm_uart_write,
+ .endianness = DEVICE_NATIVE_ENDIAN,
+};
+
+static int strongarm_uart_init(SysBusDevice *dev)
+{
+ StrongARMUARTState *s = STRONGARM_UART(dev);
+
+ memory_region_init_io(&s->iomem, OBJECT(s), &strongarm_uart_ops, s,
+ "uart", 0x10000);
+ sysbus_init_mmio(dev, &s->iomem);
+ sysbus_init_irq(dev, &s->irq);
+
+ s->rx_timeout_timer = qemu_new_timer_ns(vm_clock, strongarm_uart_rx_to, s);
+ s->tx_timer = qemu_new_timer_ns(vm_clock, strongarm_uart_tx, s);
+
+ if (s->chr) {
+ qemu_chr_add_handlers(s->chr,
+ strongarm_uart_can_receive,
+ strongarm_uart_receive,
+ strongarm_uart_event,
+ s);
+ }
+
+ return 0;
+}
+
+static void strongarm_uart_reset(DeviceState *dev)
+{
+ StrongARMUARTState *s = STRONGARM_UART(dev);
+
+ s->utcr0 = UTCR0_DSS; /* 8 data, no parity */
+ s->brd = 23; /* 9600 */
+ /* enable send & recv - this actually violates spec */
+ s->utcr3 = UTCR3_TXE | UTCR3_RXE;
+
+ s->rx_len = s->tx_len = 0;
+
+ strongarm_uart_update_parameters(s);
+ strongarm_uart_update_status(s);
+ strongarm_uart_update_int_status(s);
+}
+
+static int strongarm_uart_post_load(void *opaque, int version_id)
+{
+ StrongARMUARTState *s = opaque;
+
+ strongarm_uart_update_parameters(s);
+ strongarm_uart_update_status(s);
+ strongarm_uart_update_int_status(s);
+
+ /* tx and restart timer */
+ if (s->tx_len) {
+ strongarm_uart_tx(s);
+ }
+
+ /* restart rx timeout timer */
+ if (s->rx_len) {
+ qemu_mod_timer(s->rx_timeout_timer,
+ qemu_get_clock_ns(vm_clock) + s->char_transmit_time * 3);
+ }
+
+ return 0;
+}
+
+static const VMStateDescription vmstate_strongarm_uart_regs = {
+ .name = "strongarm-uart",
+ .version_id = 0,
+ .minimum_version_id = 0,
+ .minimum_version_id_old = 0,
+ .post_load = strongarm_uart_post_load,
+ .fields = (VMStateField[]) {
+ VMSTATE_UINT8(utcr0, StrongARMUARTState),
+ VMSTATE_UINT16(brd, StrongARMUARTState),
+ VMSTATE_UINT8(utcr3, StrongARMUARTState),
+ VMSTATE_UINT8(utsr0, StrongARMUARTState),
+ VMSTATE_UINT8_ARRAY(tx_fifo, StrongARMUARTState, 8),
+ VMSTATE_UINT8(tx_start, StrongARMUARTState),
+ VMSTATE_UINT8(tx_len, StrongARMUARTState),
+ VMSTATE_UINT16_ARRAY(rx_fifo, StrongARMUARTState, 12),
+ VMSTATE_UINT8(rx_start, StrongARMUARTState),
+ VMSTATE_UINT8(rx_len, StrongARMUARTState),
+ VMSTATE_BOOL(wait_break_end, StrongARMUARTState),
+ VMSTATE_END_OF_LIST(),
+ },
+};
+
+static Property strongarm_uart_properties[] = {
+ DEFINE_PROP_CHR("chardev", StrongARMUARTState, chr),
+ DEFINE_PROP_END_OF_LIST(),
+};
+
+static void strongarm_uart_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
+
+ k->init = strongarm_uart_init;
+ dc->desc = "StrongARM UART controller";
+ dc->reset = strongarm_uart_reset;
+ dc->vmsd = &vmstate_strongarm_uart_regs;
+ dc->props = strongarm_uart_properties;
+}
+
+static const TypeInfo strongarm_uart_info = {
+ .name = TYPE_STRONGARM_UART,
+ .parent = TYPE_SYS_BUS_DEVICE,
+ .instance_size = sizeof(StrongARMUARTState),
+ .class_init = strongarm_uart_class_init,
+};
+
+/* Synchronous Serial Ports */
+
+#define TYPE_STRONGARM_SSP "strongarm-ssp"
+#define STRONGARM_SSP(obj) \
+ OBJECT_CHECK(StrongARMSSPState, (obj), TYPE_STRONGARM_SSP)
+
+typedef struct StrongARMSSPState {
+ SysBusDevice parent_obj;
+
+ MemoryRegion iomem;
+ qemu_irq irq;
+ SSIBus *bus;
+
+ uint16_t sscr[2];
+ uint16_t sssr;
+
+ uint16_t rx_fifo[8];
+ uint8_t rx_level;
+ uint8_t rx_start;
+} StrongARMSSPState;
+
+#define SSCR0 0x60 /* SSP Control register 0 */
+#define SSCR1 0x64 /* SSP Control register 1 */
+#define SSDR 0x6c /* SSP Data register */
+#define SSSR 0x74 /* SSP Status register */
+
+/* Bitfields for above registers */
+#define SSCR0_SPI(x) (((x) & 0x30) == 0x00)
+#define SSCR0_SSP(x) (((x) & 0x30) == 0x10)
+#define SSCR0_UWIRE(x) (((x) & 0x30) == 0x20)
+#define SSCR0_PSP(x) (((x) & 0x30) == 0x30)
+#define SSCR0_SSE (1 << 7)
+#define SSCR0_DSS(x) (((x) & 0xf) + 1)
+#define SSCR1_RIE (1 << 0)
+#define SSCR1_TIE (1 << 1)
+#define SSCR1_LBM (1 << 2)
+#define SSSR_TNF (1 << 2)
+#define SSSR_RNE (1 << 3)
+#define SSSR_TFS (1 << 5)
+#define SSSR_RFS (1 << 6)
+#define SSSR_ROR (1 << 7)
+#define SSSR_RW 0x0080
+
+static void strongarm_ssp_int_update(StrongARMSSPState *s)
+{
+ int level = 0;
+
+ level |= (s->sssr & SSSR_ROR);
+ level |= (s->sssr & SSSR_RFS) && (s->sscr[1] & SSCR1_RIE);
+ level |= (s->sssr & SSSR_TFS) && (s->sscr[1] & SSCR1_TIE);
+ qemu_set_irq(s->irq, level);
+}
+
+static void strongarm_ssp_fifo_update(StrongARMSSPState *s)
+{
+ s->sssr &= ~SSSR_TFS;
+ s->sssr &= ~SSSR_TNF;
+ if (s->sscr[0] & SSCR0_SSE) {
+ if (s->rx_level >= 4) {
+ s->sssr |= SSSR_RFS;
+ } else {
+ s->sssr &= ~SSSR_RFS;
+ }
+ if (s->rx_level) {
+ s->sssr |= SSSR_RNE;
+ } else {
+ s->sssr &= ~SSSR_RNE;
+ }
+ /* TX FIFO is never filled, so it is always in underrun
+ condition if SSP is enabled */
+ s->sssr |= SSSR_TFS;
+ s->sssr |= SSSR_TNF;
+ }
+
+ strongarm_ssp_int_update(s);
+}
+
+static uint64_t strongarm_ssp_read(void *opaque, hwaddr addr,
+ unsigned size)
+{
+ StrongARMSSPState *s = opaque;
+ uint32_t retval;
+
+ switch (addr) {
+ case SSCR0:
+ return s->sscr[0];
+ case SSCR1:
+ return s->sscr[1];
+ case SSSR:
+ return s->sssr;
+ case SSDR:
+ if (~s->sscr[0] & SSCR0_SSE) {
+ return 0xffffffff;
+ }
+ if (s->rx_level < 1) {
+ printf("%s: SSP Rx Underrun\n", __func__);
+ return 0xffffffff;
+ }
+ s->rx_level--;
+ retval = s->rx_fifo[s->rx_start++];
+ s->rx_start &= 0x7;
+ strongarm_ssp_fifo_update(s);
+ return retval;
+ default:
+ printf("%s: Bad register 0x" TARGET_FMT_plx "\n", __func__, addr);
+ break;
+ }
+ return 0;
+}
+
+static void strongarm_ssp_write(void *opaque, hwaddr addr,
+ uint64_t value, unsigned size)
+{
+ StrongARMSSPState *s = opaque;
+
+ switch (addr) {
+ case SSCR0:
+ s->sscr[0] = value & 0xffbf;
+ if ((s->sscr[0] & SSCR0_SSE) && SSCR0_DSS(value) < 4) {
+ printf("%s: Wrong data size: %i bits\n", __func__,
+ (int)SSCR0_DSS(value));
+ }
+ if (!(value & SSCR0_SSE)) {
+ s->sssr = 0;
+ s->rx_level = 0;
+ }
+ strongarm_ssp_fifo_update(s);
+ break;
+
+ case SSCR1:
+ s->sscr[1] = value & 0x2f;
+ if (value & SSCR1_LBM) {
+ printf("%s: Attempt to use SSP LBM mode\n", __func__);
+ }
+ strongarm_ssp_fifo_update(s);
+ break;
+
+ case SSSR:
+ s->sssr &= ~(value & SSSR_RW);
+ strongarm_ssp_int_update(s);
+ break;
+
+ case SSDR:
+ if (SSCR0_UWIRE(s->sscr[0])) {
+ value &= 0xff;
+ } else
+ /* Note how 32bits overflow does no harm here */
+ value &= (1 << SSCR0_DSS(s->sscr[0])) - 1;
+
+ /* Data goes from here to the Tx FIFO and is shifted out from
+ * there directly to the slave, no need to buffer it.
+ */
+ if (s->sscr[0] & SSCR0_SSE) {
+ uint32_t readval;
+ if (s->sscr[1] & SSCR1_LBM) {
+ readval = value;
+ } else {
+ readval = ssi_transfer(s->bus, value);
+ }
+
+ if (s->rx_level < 0x08) {
+ s->rx_fifo[(s->rx_start + s->rx_level++) & 0x7] = readval;
+ } else {
+ s->sssr |= SSSR_ROR;
+ }
+ }
+ strongarm_ssp_fifo_update(s);
+ break;
+
+ default:
+ printf("%s: Bad register 0x" TARGET_FMT_plx "\n", __func__, addr);
+ break;
+ }
+}
+
+static const MemoryRegionOps strongarm_ssp_ops = {
+ .read = strongarm_ssp_read,
+ .write = strongarm_ssp_write,
+ .endianness = DEVICE_NATIVE_ENDIAN,
+};
+
+static int strongarm_ssp_post_load(void *opaque, int version_id)
+{
+ StrongARMSSPState *s = opaque;
+
+ strongarm_ssp_fifo_update(s);
+
+ return 0;
+}
+
+static int strongarm_ssp_init(SysBusDevice *sbd)
+{
+ DeviceState *dev = DEVICE(sbd);
+ StrongARMSSPState *s = STRONGARM_SSP(dev);
+
+ sysbus_init_irq(sbd, &s->irq);
+
+ memory_region_init_io(&s->iomem, OBJECT(s), &strongarm_ssp_ops, s,
+ "ssp", 0x1000);
+ sysbus_init_mmio(sbd, &s->iomem);
+
+ s->bus = ssi_create_bus(dev, "ssi");
+ return 0;
+}
+
+static void strongarm_ssp_reset(DeviceState *dev)
+{
+ StrongARMSSPState *s = STRONGARM_SSP(dev);
+
+ s->sssr = 0x03; /* 3 bit data, SPI, disabled */
+ s->rx_start = 0;
+ s->rx_level = 0;
+}
+
+static const VMStateDescription vmstate_strongarm_ssp_regs = {
+ .name = "strongarm-ssp",
+ .version_id = 0,
+ .minimum_version_id = 0,
+ .minimum_version_id_old = 0,
+ .post_load = strongarm_ssp_post_load,
+ .fields = (VMStateField[]) {
+ VMSTATE_UINT16_ARRAY(sscr, StrongARMSSPState, 2),
+ VMSTATE_UINT16(sssr, StrongARMSSPState),
+ VMSTATE_UINT16_ARRAY(rx_fifo, StrongARMSSPState, 8),
+ VMSTATE_UINT8(rx_start, StrongARMSSPState),
+ VMSTATE_UINT8(rx_level, StrongARMSSPState),
+ VMSTATE_END_OF_LIST(),
+ },
+};
+
+static void strongarm_ssp_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
+
+ k->init = strongarm_ssp_init;
+ dc->desc = "StrongARM SSP controller";
+ dc->reset = strongarm_ssp_reset;
+ dc->vmsd = &vmstate_strongarm_ssp_regs;
+}
+
+static const TypeInfo strongarm_ssp_info = {
+ .name = TYPE_STRONGARM_SSP,
+ .parent = TYPE_SYS_BUS_DEVICE,
+ .instance_size = sizeof(StrongARMSSPState),
+ .class_init = strongarm_ssp_class_init,
+};
+
+/* Main CPU functions */
+StrongARMState *sa1110_init(MemoryRegion *sysmem,
+ unsigned int sdram_size, const char *rev)
+{
+ StrongARMState *s;
+ qemu_irq *pic;
+ int i;
+
+ s = g_malloc0(sizeof(StrongARMState));
+
+ if (!rev) {
+ rev = "sa1110-b5";
+ }
+
+ if (strncmp(rev, "sa1110", 6)) {
+ error_report("Machine requires a SA1110 processor.");
+ exit(1);
+ }
+
+ s->cpu = cpu_arm_init(rev);
+
+ if (!s->cpu) {
+ error_report("Unable to find CPU definition");
+ exit(1);
+ }
+
+ memory_region_init_ram(&s->sdram, NULL, "strongarm.sdram", sdram_size);
+ vmstate_register_ram_global(&s->sdram);
+ memory_region_add_subregion(sysmem, SA_SDCS0, &s->sdram);
+
+ pic = arm_pic_init_cpu(s->cpu);
+ s->pic = sysbus_create_varargs("strongarm_pic", 0x90050000,
+ pic[ARM_PIC_CPU_IRQ], pic[ARM_PIC_CPU_FIQ], NULL);
+
+ sysbus_create_varargs("pxa25x-timer", 0x90000000,
+ qdev_get_gpio_in(s->pic, SA_PIC_OSTC0),
+ qdev_get_gpio_in(s->pic, SA_PIC_OSTC1),
+ qdev_get_gpio_in(s->pic, SA_PIC_OSTC2),
+ qdev_get_gpio_in(s->pic, SA_PIC_OSTC3),
+ NULL);
+
+ sysbus_create_simple(TYPE_STRONGARM_RTC, 0x90010000,
+ qdev_get_gpio_in(s->pic, SA_PIC_RTC_ALARM));
+
+ s->gpio = strongarm_gpio_init(0x90040000, s->pic);
+
+ s->ppc = sysbus_create_varargs(TYPE_STRONGARM_PPC, 0x90060000, NULL);
+
+ for (i = 0; sa_serial[i].io_base; i++) {
+ DeviceState *dev = qdev_create(NULL, TYPE_STRONGARM_UART);
+ qdev_prop_set_chr(dev, "chardev", serial_hds[i]);
+ qdev_init_nofail(dev);
+ sysbus_mmio_map(SYS_BUS_DEVICE(dev), 0,
+ sa_serial[i].io_base);
+ sysbus_connect_irq(SYS_BUS_DEVICE(dev), 0,
+ qdev_get_gpio_in(s->pic, sa_serial[i].irq));
+ }
+
+ s->ssp = sysbus_create_varargs(TYPE_STRONGARM_SSP, 0x80070000,
+ qdev_get_gpio_in(s->pic, SA_PIC_SSP), NULL);
+ s->ssp_bus = (SSIBus *)qdev_get_child_bus(s->ssp, "ssi");
+
+ return s;
+}
+
+static void strongarm_register_types(void)
+{
+ type_register_static(&strongarm_pic_info);
+ type_register_static(&strongarm_rtc_sysbus_info);
+ type_register_static(&strongarm_gpio_info);
+ type_register_static(&strongarm_ppc_info);
+ type_register_static(&strongarm_uart_info);
+ type_register_static(&strongarm_ssp_info);
+}
+
+type_init(strongarm_register_types)
diff --git a/hw/arm/strongarm.h b/hw/arm/strongarm.h
new file mode 100644
index 000000000..2893f9444
--- /dev/null
+++ b/hw/arm/strongarm.h
@@ -0,0 +1,68 @@
+#ifndef _STRONGARM_H
+#define _STRONGARM_H
+
+#include "exec/memory.h"
+
+#define SA_CS0 0x00000000
+#define SA_CS1 0x08000000
+#define SA_CS2 0x10000000
+#define SA_CS3 0x18000000
+#define SA_PCMCIA_CS0 0x20000000
+#define SA_PCMCIA_CS1 0x30000000
+#define SA_CS4 0x40000000
+#define SA_CS5 0x48000000
+/* system registers here */
+#define SA_SDCS0 0xc0000000
+#define SA_SDCS1 0xc8000000
+#define SA_SDCS2 0xd0000000
+#define SA_SDCS3 0xd8000000
+
+enum {
+ SA_PIC_GPIO0_EDGE = 0,
+ SA_PIC_GPIO1_EDGE,
+ SA_PIC_GPIO2_EDGE,
+ SA_PIC_GPIO3_EDGE,
+ SA_PIC_GPIO4_EDGE,
+ SA_PIC_GPIO5_EDGE,
+ SA_PIC_GPIO6_EDGE,
+ SA_PIC_GPIO7_EDGE,
+ SA_PIC_GPIO8_EDGE,
+ SA_PIC_GPIO9_EDGE,
+ SA_PIC_GPIO10_EDGE,
+ SA_PIC_GPIOX_EDGE,
+ SA_PIC_LCD,
+ SA_PIC_UDC,
+ SA_PIC_RSVD1,
+ SA_PIC_UART1,
+ SA_PIC_UART2,
+ SA_PIC_UART3,
+ SA_PIC_MCP,
+ SA_PIC_SSP,
+ SA_PIC_DMA_CH0,
+ SA_PIC_DMA_CH1,
+ SA_PIC_DMA_CH2,
+ SA_PIC_DMA_CH3,
+ SA_PIC_DMA_CH4,
+ SA_PIC_DMA_CH5,
+ SA_PIC_OSTC0,
+ SA_PIC_OSTC1,
+ SA_PIC_OSTC2,
+ SA_PIC_OSTC3,
+ SA_PIC_RTC_HZ,
+ SA_PIC_RTC_ALARM,
+};
+
+typedef struct {
+ ARMCPU *cpu;
+ MemoryRegion sdram;
+ DeviceState *pic;
+ DeviceState *gpio;
+ DeviceState *ppc;
+ DeviceState *ssp;
+ SSIBus *ssp_bus;
+} StrongARMState;
+
+StrongARMState *sa1110_init(MemoryRegion *sysmem,
+ unsigned int sdram_size, const char *rev);
+
+#endif
diff --git a/hw/arm/tosa.c b/hw/arm/tosa.c
new file mode 100644
index 000000000..47d1f4ff9
--- /dev/null
+++ b/hw/arm/tosa.c
@@ -0,0 +1,302 @@
+/* vim:set shiftwidth=4 ts=4 et: */
+/*
+ * PXA255 Sharp Zaurus SL-6000 PDA platform
+ *
+ * Copyright (c) 2008 Dmitry Baryshkov
+ *
+ * Code based on spitz platform by Andrzej Zaborowski <balrog@zabor.org>
+ * This code is licensed under the GNU GPL v2.
+ *
+ * Contributions after 2012-01-13 are licensed under the terms of the
+ * GNU GPL, version 2 or (at your option) any later version.
+ */
+
+#include "hw/hw.h"
+#include "hw/arm/pxa.h"
+#include "hw/arm/arm.h"
+#include "hw/devices.h"
+#include "hw/arm/sharpsl.h"
+#include "hw/pcmcia.h"
+#include "block/block.h"
+#include "hw/boards.h"
+#include "hw/i2c/i2c.h"
+#include "hw/ssi.h"
+#include "sysemu/blockdev.h"
+#include "hw/sysbus.h"
+#include "exec/address-spaces.h"
+
+#define TOSA_RAM 0x04000000
+#define TOSA_ROM 0x00800000
+
+#define TOSA_GPIO_USB_IN (5)
+#define TOSA_GPIO_nSD_DETECT (9)
+#define TOSA_GPIO_ON_RESET (19)
+#define TOSA_GPIO_CF_IRQ (21) /* CF slot0 Ready */
+#define TOSA_GPIO_CF_CD (13)
+#define TOSA_GPIO_TC6393XB_INT (15)
+#define TOSA_GPIO_JC_CF_IRQ (36) /* CF slot1 Ready */
+
+#define TOSA_SCOOP_GPIO_BASE 1
+#define TOSA_GPIO_IR_POWERDWN (TOSA_SCOOP_GPIO_BASE + 2)
+#define TOSA_GPIO_SD_WP (TOSA_SCOOP_GPIO_BASE + 3)
+#define TOSA_GPIO_PWR_ON (TOSA_SCOOP_GPIO_BASE + 4)
+
+#define TOSA_SCOOP_JC_GPIO_BASE 1
+#define TOSA_GPIO_BT_LED (TOSA_SCOOP_JC_GPIO_BASE + 0)
+#define TOSA_GPIO_NOTE_LED (TOSA_SCOOP_JC_GPIO_BASE + 1)
+#define TOSA_GPIO_CHRG_ERR_LED (TOSA_SCOOP_JC_GPIO_BASE + 2)
+#define TOSA_GPIO_TC6393XB_L3V_ON (TOSA_SCOOP_JC_GPIO_BASE + 5)
+#define TOSA_GPIO_WLAN_LED (TOSA_SCOOP_JC_GPIO_BASE + 7)
+
+#define DAC_BASE 0x4e
+#define DAC_CH1 0
+#define DAC_CH2 1
+
+static void tosa_microdrive_attach(PXA2xxState *cpu)
+{
+ PCMCIACardState *md;
+ DriveInfo *dinfo;
+
+ dinfo = drive_get(IF_IDE, 0, 0);
+ if (!dinfo || dinfo->media_cd)
+ return;
+ md = dscm1xxxx_init(dinfo);
+ pxa2xx_pcmcia_attach(cpu->pcmcia[0], md);
+}
+
+static void tosa_out_switch(void *opaque, int line, int level)
+{
+ switch (line) {
+ case 0:
+ fprintf(stderr, "blue LED %s.\n", level ? "on" : "off");
+ break;
+ case 1:
+ fprintf(stderr, "green LED %s.\n", level ? "on" : "off");
+ break;
+ case 2:
+ fprintf(stderr, "amber LED %s.\n", level ? "on" : "off");
+ break;
+ case 3:
+ fprintf(stderr, "wlan LED %s.\n", level ? "on" : "off");
+ break;
+ default:
+ fprintf(stderr, "Uhandled out event: %d = %d\n", line, level);
+ break;
+ }
+}
+
+
+static void tosa_gpio_setup(PXA2xxState *cpu,
+ DeviceState *scp0,
+ DeviceState *scp1,
+ TC6393xbState *tmio)
+{
+ qemu_irq *outsignals = qemu_allocate_irqs(tosa_out_switch, cpu, 4);
+ /* MMC/SD host */
+ pxa2xx_mmci_handlers(cpu->mmc,
+ qdev_get_gpio_in(scp0, TOSA_GPIO_SD_WP),
+ qemu_irq_invert(qdev_get_gpio_in(cpu->gpio, TOSA_GPIO_nSD_DETECT)));
+
+ /* Handle reset */
+ qdev_connect_gpio_out(cpu->gpio, TOSA_GPIO_ON_RESET, cpu->reset);
+
+ /* PCMCIA signals: card's IRQ and Card-Detect */
+ pxa2xx_pcmcia_set_irq_cb(cpu->pcmcia[0],
+ qdev_get_gpio_in(cpu->gpio, TOSA_GPIO_CF_IRQ),
+ qdev_get_gpio_in(cpu->gpio, TOSA_GPIO_CF_CD));
+
+ pxa2xx_pcmcia_set_irq_cb(cpu->pcmcia[1],
+ qdev_get_gpio_in(cpu->gpio, TOSA_GPIO_JC_CF_IRQ),
+ NULL);
+
+ qdev_connect_gpio_out(scp1, TOSA_GPIO_BT_LED, outsignals[0]);
+ qdev_connect_gpio_out(scp1, TOSA_GPIO_NOTE_LED, outsignals[1]);
+ qdev_connect_gpio_out(scp1, TOSA_GPIO_CHRG_ERR_LED, outsignals[2]);
+ qdev_connect_gpio_out(scp1, TOSA_GPIO_WLAN_LED, outsignals[3]);
+
+ qdev_connect_gpio_out(scp1, TOSA_GPIO_TC6393XB_L3V_ON, tc6393xb_l3v_get(tmio));
+
+ /* UDC Vbus */
+ qemu_irq_raise(qdev_get_gpio_in(cpu->gpio, TOSA_GPIO_USB_IN));
+}
+
+static uint32_t tosa_ssp_tansfer(SSISlave *dev, uint32_t value)
+{
+ fprintf(stderr, "TG: %d %02x\n", value >> 5, value & 0x1f);
+ return 0;
+}
+
+static int tosa_ssp_init(SSISlave *dev)
+{
+ /* Nothing to do. */
+ return 0;
+}
+
+typedef struct {
+ I2CSlave i2c;
+ int len;
+ char buf[3];
+} TosaDACState;
+
+static int tosa_dac_send(I2CSlave *i2c, uint8_t data)
+{
+ TosaDACState *s = FROM_I2C_SLAVE(TosaDACState, i2c);
+ s->buf[s->len] = data;
+ if (s->len ++ > 2) {
+#ifdef VERBOSE
+ fprintf(stderr, "%s: message too long (%i bytes)\n", __FUNCTION__, s->len);
+#endif
+ return 1;
+ }
+
+ if (s->len == 2) {
+ fprintf(stderr, "dac: channel %d value 0x%02x\n",
+ s->buf[0], s->buf[1]);
+ }
+
+ return 0;
+}
+
+static void tosa_dac_event(I2CSlave *i2c, enum i2c_event event)
+{
+ TosaDACState *s = FROM_I2C_SLAVE(TosaDACState, i2c);
+ s->len = 0;
+ switch (event) {
+ case I2C_START_SEND:
+ break;
+ case I2C_START_RECV:
+ printf("%s: recv not supported!!!\n", __FUNCTION__);
+ break;
+ case I2C_FINISH:
+#ifdef VERBOSE
+ if (s->len < 2)
+ printf("%s: message too short (%i bytes)\n", __FUNCTION__, s->len);
+ if (s->len > 2)
+ printf("%s: message too long\n", __FUNCTION__);
+#endif
+ break;
+ default:
+ break;
+ }
+}
+
+static int tosa_dac_recv(I2CSlave *s)
+{
+ printf("%s: recv not supported!!!\n", __FUNCTION__);
+ return -1;
+}
+
+static int tosa_dac_init(I2CSlave *i2c)
+{
+ /* Nothing to do. */
+ return 0;
+}
+
+static void tosa_tg_init(PXA2xxState *cpu)
+{
+ i2c_bus *bus = pxa2xx_i2c_bus(cpu->i2c[0]);
+ i2c_create_slave(bus, "tosa_dac", DAC_BASE);
+ ssi_create_slave(cpu->ssp[1], "tosa-ssp");
+}
+
+
+static struct arm_boot_info tosa_binfo = {
+ .loader_start = PXA2XX_SDRAM_BASE,
+ .ram_size = 0x04000000,
+};
+
+static void tosa_init(QEMUMachineInitArgs *args)
+{
+ const char *cpu_model = args->cpu_model;
+ const char *kernel_filename = args->kernel_filename;
+ const char *kernel_cmdline = args->kernel_cmdline;
+ const char *initrd_filename = args->initrd_filename;
+ MemoryRegion *address_space_mem = get_system_memory();
+ MemoryRegion *rom = g_new(MemoryRegion, 1);
+ PXA2xxState *mpu;
+ TC6393xbState *tmio;
+ DeviceState *scp0, *scp1;
+
+ if (!cpu_model)
+ cpu_model = "pxa255";
+
+ mpu = pxa255_init(address_space_mem, tosa_binfo.ram_size);
+
+ memory_region_init_ram(rom, NULL, "tosa.rom", TOSA_ROM);
+ vmstate_register_ram_global(rom);
+ memory_region_set_readonly(rom, true);
+ memory_region_add_subregion(address_space_mem, 0, rom);
+
+ tmio = tc6393xb_init(address_space_mem, 0x10000000,
+ qdev_get_gpio_in(mpu->gpio, TOSA_GPIO_TC6393XB_INT));
+
+ scp0 = sysbus_create_simple("scoop", 0x08800000, NULL);
+ scp1 = sysbus_create_simple("scoop", 0x14800040, NULL);
+
+ tosa_gpio_setup(mpu, scp0, scp1, tmio);
+
+ tosa_microdrive_attach(mpu);
+
+ tosa_tg_init(mpu);
+
+ tosa_binfo.kernel_filename = kernel_filename;
+ tosa_binfo.kernel_cmdline = kernel_cmdline;
+ tosa_binfo.initrd_filename = initrd_filename;
+ tosa_binfo.board_id = 0x208;
+ arm_load_kernel(mpu->cpu, &tosa_binfo);
+ sl_bootparam_write(SL_PXA_PARAM_BASE);
+}
+
+static QEMUMachine tosapda_machine = {
+ .name = "tosa",
+ .desc = "Tosa PDA (PXA255)",
+ .init = tosa_init,
+ DEFAULT_MACHINE_OPTIONS,
+};
+
+static void tosapda_machine_init(void)
+{
+ qemu_register_machine(&tosapda_machine);
+}
+
+machine_init(tosapda_machine_init);
+
+static void tosa_dac_class_init(ObjectClass *klass, void *data)
+{
+ I2CSlaveClass *k = I2C_SLAVE_CLASS(klass);
+
+ k->init = tosa_dac_init;
+ k->event = tosa_dac_event;
+ k->recv = tosa_dac_recv;
+ k->send = tosa_dac_send;
+}
+
+static const TypeInfo tosa_dac_info = {
+ .name = "tosa_dac",
+ .parent = TYPE_I2C_SLAVE,
+ .instance_size = sizeof(TosaDACState),
+ .class_init = tosa_dac_class_init,
+};
+
+static void tosa_ssp_class_init(ObjectClass *klass, void *data)
+{
+ SSISlaveClass *k = SSI_SLAVE_CLASS(klass);
+
+ k->init = tosa_ssp_init;
+ k->transfer = tosa_ssp_tansfer;
+}
+
+static const TypeInfo tosa_ssp_info = {
+ .name = "tosa-ssp",
+ .parent = TYPE_SSI_SLAVE,
+ .instance_size = sizeof(SSISlave),
+ .class_init = tosa_ssp_class_init,
+};
+
+static void tosa_register_types(void)
+{
+ type_register_static(&tosa_dac_info);
+ type_register_static(&tosa_ssp_info);
+}
+
+type_init(tosa_register_types)
diff --git a/hw/arm/versatilepb.c b/hw/arm/versatilepb.c
new file mode 100644
index 000000000..b48d84c67
--- /dev/null
+++ b/hw/arm/versatilepb.c
@@ -0,0 +1,412 @@
+/*
+ * ARM Versatile Platform/Application Baseboard System emulation.
+ *
+ * Copyright (c) 2005-2007 CodeSourcery.
+ * Written by Paul Brook
+ *
+ * This code is licensed under the GPL.
+ */
+
+#include "hw/sysbus.h"
+#include "hw/arm/arm.h"
+#include "hw/devices.h"
+#include "net/net.h"
+#include "sysemu/sysemu.h"
+#include "hw/pci/pci.h"
+#include "hw/i2c/i2c.h"
+#include "hw/boards.h"
+#include "sysemu/blockdev.h"
+#include "exec/address-spaces.h"
+#include "hw/block/flash.h"
+
+#define VERSATILE_FLASH_ADDR 0x34000000
+#define VERSATILE_FLASH_SIZE (64 * 1024 * 1024)
+#define VERSATILE_FLASH_SECT_SIZE (256 * 1024)
+
+/* Primary interrupt controller. */
+
+#define TYPE_VERSATILE_PB_SIC "versatilepb_sic"
+#define VERSATILE_PB_SIC(obj) \
+ OBJECT_CHECK(vpb_sic_state, (obj), TYPE_VERSATILE_PB_SIC)
+
+typedef struct vpb_sic_state {
+ SysBusDevice parent_obj;
+
+ MemoryRegion iomem;
+ uint32_t level;
+ uint32_t mask;
+ uint32_t pic_enable;
+ qemu_irq parent[32];
+ int irq;
+} vpb_sic_state;
+
+static const VMStateDescription vmstate_vpb_sic = {
+ .name = "versatilepb_sic",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .fields = (VMStateField[]) {
+ VMSTATE_UINT32(level, vpb_sic_state),
+ VMSTATE_UINT32(mask, vpb_sic_state),
+ VMSTATE_UINT32(pic_enable, vpb_sic_state),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+static void vpb_sic_update(vpb_sic_state *s)
+{
+ uint32_t flags;
+
+ flags = s->level & s->mask;
+ qemu_set_irq(s->parent[s->irq], flags != 0);
+}
+
+static void vpb_sic_update_pic(vpb_sic_state *s)
+{
+ int i;
+ uint32_t mask;
+
+ for (i = 21; i <= 30; i++) {
+ mask = 1u << i;
+ if (!(s->pic_enable & mask))
+ continue;
+ qemu_set_irq(s->parent[i], (s->level & mask) != 0);
+ }
+}
+
+static void vpb_sic_set_irq(void *opaque, int irq, int level)
+{
+ vpb_sic_state *s = (vpb_sic_state *)opaque;
+ if (level)
+ s->level |= 1u << irq;
+ else
+ s->level &= ~(1u << irq);
+ if (s->pic_enable & (1u << irq))
+ qemu_set_irq(s->parent[irq], level);
+ vpb_sic_update(s);
+}
+
+static uint64_t vpb_sic_read(void *opaque, hwaddr offset,
+ unsigned size)
+{
+ vpb_sic_state *s = (vpb_sic_state *)opaque;
+
+ switch (offset >> 2) {
+ case 0: /* STATUS */
+ return s->level & s->mask;
+ case 1: /* RAWSTAT */
+ return s->level;
+ case 2: /* ENABLE */
+ return s->mask;
+ case 4: /* SOFTINT */
+ return s->level & 1;
+ case 8: /* PICENABLE */
+ return s->pic_enable;
+ default:
+ printf ("vpb_sic_read: Bad register offset 0x%x\n", (int)offset);
+ return 0;
+ }
+}
+
+static void vpb_sic_write(void *opaque, hwaddr offset,
+ uint64_t value, unsigned size)
+{
+ vpb_sic_state *s = (vpb_sic_state *)opaque;
+
+ switch (offset >> 2) {
+ case 2: /* ENSET */
+ s->mask |= value;
+ break;
+ case 3: /* ENCLR */
+ s->mask &= ~value;
+ break;
+ case 4: /* SOFTINTSET */
+ if (value)
+ s->mask |= 1;
+ break;
+ case 5: /* SOFTINTCLR */
+ if (value)
+ s->mask &= ~1u;
+ break;
+ case 8: /* PICENSET */
+ s->pic_enable |= (value & 0x7fe00000);
+ vpb_sic_update_pic(s);
+ break;
+ case 9: /* PICENCLR */
+ s->pic_enable &= ~value;
+ vpb_sic_update_pic(s);
+ break;
+ default:
+ printf ("vpb_sic_write: Bad register offset 0x%x\n", (int)offset);
+ return;
+ }
+ vpb_sic_update(s);
+}
+
+static const MemoryRegionOps vpb_sic_ops = {
+ .read = vpb_sic_read,
+ .write = vpb_sic_write,
+ .endianness = DEVICE_NATIVE_ENDIAN,
+};
+
+static int vpb_sic_init(SysBusDevice *sbd)
+{
+ DeviceState *dev = DEVICE(sbd);
+ vpb_sic_state *s = VERSATILE_PB_SIC(dev);
+ int i;
+
+ qdev_init_gpio_in(dev, vpb_sic_set_irq, 32);
+ for (i = 0; i < 32; i++) {
+ sysbus_init_irq(sbd, &s->parent[i]);
+ }
+ s->irq = 31;
+ memory_region_init_io(&s->iomem, OBJECT(s), &vpb_sic_ops, s,
+ "vpb-sic", 0x1000);
+ sysbus_init_mmio(sbd, &s->iomem);
+ return 0;
+}
+
+/* Board init. */
+
+/* The AB and PB boards both use the same core, just with different
+ peripherals and expansion busses. For now we emulate a subset of the
+ PB peripherals and just change the board ID. */
+
+static struct arm_boot_info versatile_binfo;
+
+static void versatile_init(QEMUMachineInitArgs *args, int board_id)
+{
+ ARMCPU *cpu;
+ MemoryRegion *sysmem = get_system_memory();
+ MemoryRegion *ram = g_new(MemoryRegion, 1);
+ qemu_irq *cpu_pic;
+ qemu_irq pic[32];
+ qemu_irq sic[32];
+ DeviceState *dev, *sysctl;
+ SysBusDevice *busdev;
+ DeviceState *pl041;
+ PCIBus *pci_bus;
+ NICInfo *nd;
+ i2c_bus *i2c;
+ int n;
+ int done_smc = 0;
+ DriveInfo *dinfo;
+
+ if (!args->cpu_model) {
+ args->cpu_model = "arm926";
+ }
+ cpu = cpu_arm_init(args->cpu_model);
+ if (!cpu) {
+ fprintf(stderr, "Unable to find CPU definition\n");
+ exit(1);
+ }
+ memory_region_init_ram(ram, NULL, "versatile.ram", args->ram_size);
+ vmstate_register_ram_global(ram);
+ /* ??? RAM should repeat to fill physical memory space. */
+ /* SDRAM at address zero. */
+ memory_region_add_subregion(sysmem, 0, ram);
+
+ sysctl = qdev_create(NULL, "realview_sysctl");
+ qdev_prop_set_uint32(sysctl, "sys_id", 0x41007004);
+ qdev_prop_set_uint32(sysctl, "proc_id", 0x02000000);
+ qdev_init_nofail(sysctl);
+ sysbus_mmio_map(SYS_BUS_DEVICE(sysctl), 0, 0x10000000);
+
+ cpu_pic = arm_pic_init_cpu(cpu);
+ dev = sysbus_create_varargs("pl190", 0x10140000,
+ cpu_pic[ARM_PIC_CPU_IRQ],
+ cpu_pic[ARM_PIC_CPU_FIQ], NULL);
+ for (n = 0; n < 32; n++) {
+ pic[n] = qdev_get_gpio_in(dev, n);
+ }
+ dev = sysbus_create_simple(TYPE_VERSATILE_PB_SIC, 0x10003000, NULL);
+ for (n = 0; n < 32; n++) {
+ sysbus_connect_irq(SYS_BUS_DEVICE(dev), n, pic[n]);
+ sic[n] = qdev_get_gpio_in(dev, n);
+ }
+
+ sysbus_create_simple("pl050_keyboard", 0x10006000, sic[3]);
+ sysbus_create_simple("pl050_mouse", 0x10007000, sic[4]);
+
+ dev = qdev_create(NULL, "versatile_pci");
+ busdev = SYS_BUS_DEVICE(dev);
+ qdev_init_nofail(dev);
+ sysbus_mmio_map(busdev, 0, 0x10001000); /* PCI controller regs */
+ sysbus_mmio_map(busdev, 1, 0x41000000); /* PCI self-config */
+ sysbus_mmio_map(busdev, 2, 0x42000000); /* PCI config */
+ sysbus_mmio_map(busdev, 3, 0x43000000); /* PCI I/O */
+ sysbus_mmio_map(busdev, 4, 0x44000000); /* PCI memory window 1 */
+ sysbus_mmio_map(busdev, 5, 0x50000000); /* PCI memory window 2 */
+ sysbus_mmio_map(busdev, 6, 0x60000000); /* PCI memory window 3 */
+ sysbus_connect_irq(busdev, 0, sic[27]);
+ sysbus_connect_irq(busdev, 1, sic[28]);
+ sysbus_connect_irq(busdev, 2, sic[29]);
+ sysbus_connect_irq(busdev, 3, sic[30]);
+ pci_bus = (PCIBus *)qdev_get_child_bus(dev, "pci");
+
+ for(n = 0; n < nb_nics; n++) {
+ nd = &nd_table[n];
+
+ if (!done_smc && (!nd->model || strcmp(nd->model, "smc91c111") == 0)) {
+ smc91c111_init(nd, 0x10010000, sic[25]);
+ done_smc = 1;
+ } else {
+ pci_nic_init_nofail(nd, pci_bus, "rtl8139", NULL);
+ }
+ }
+ if (usb_enabled(false)) {
+ pci_create_simple(pci_bus, -1, "pci-ohci");
+ }
+ n = drive_get_max_bus(IF_SCSI);
+ while (n >= 0) {
+ pci_create_simple(pci_bus, -1, "lsi53c895a");
+ n--;
+ }
+
+ sysbus_create_simple("pl011", 0x101f1000, pic[12]);
+ sysbus_create_simple("pl011", 0x101f2000, pic[13]);
+ sysbus_create_simple("pl011", 0x101f3000, pic[14]);
+ sysbus_create_simple("pl011", 0x10009000, sic[6]);
+
+ sysbus_create_simple("pl080", 0x10130000, pic[17]);
+ sysbus_create_simple("sp804", 0x101e2000, pic[4]);
+ sysbus_create_simple("sp804", 0x101e3000, pic[5]);
+
+ sysbus_create_simple("pl061", 0x101e4000, pic[6]);
+ sysbus_create_simple("pl061", 0x101e5000, pic[7]);
+ sysbus_create_simple("pl061", 0x101e6000, pic[8]);
+ sysbus_create_simple("pl061", 0x101e7000, pic[9]);
+
+ /* The versatile/PB actually has a modified Color LCD controller
+ that includes hardware cursor support from the PL111. */
+ dev = sysbus_create_simple("pl110_versatile", 0x10120000, pic[16]);
+ /* Wire up the mux control signals from the SYS_CLCD register */
+ qdev_connect_gpio_out(sysctl, 0, qdev_get_gpio_in(dev, 0));
+
+ sysbus_create_varargs("pl181", 0x10005000, sic[22], sic[1], NULL);
+ sysbus_create_varargs("pl181", 0x1000b000, sic[23], sic[2], NULL);
+
+ /* Add PL031 Real Time Clock. */
+ sysbus_create_simple("pl031", 0x101e8000, pic[10]);
+
+ dev = sysbus_create_simple("versatile_i2c", 0x10002000, NULL);
+ i2c = (i2c_bus *)qdev_get_child_bus(dev, "i2c");
+ i2c_create_slave(i2c, "ds1338", 0x68);
+
+ /* Add PL041 AACI Interface to the LM4549 codec */
+ pl041 = qdev_create(NULL, "pl041");
+ qdev_prop_set_uint32(pl041, "nc_fifo_depth", 512);
+ qdev_init_nofail(pl041);
+ sysbus_mmio_map(SYS_BUS_DEVICE(pl041), 0, 0x10004000);
+ sysbus_connect_irq(SYS_BUS_DEVICE(pl041), 0, sic[24]);
+
+ /* Memory map for Versatile/PB: */
+ /* 0x10000000 System registers. */
+ /* 0x10001000 PCI controller config registers. */
+ /* 0x10002000 Serial bus interface. */
+ /* 0x10003000 Secondary interrupt controller. */
+ /* 0x10004000 AACI (audio). */
+ /* 0x10005000 MMCI0. */
+ /* 0x10006000 KMI0 (keyboard). */
+ /* 0x10007000 KMI1 (mouse). */
+ /* 0x10008000 Character LCD Interface. */
+ /* 0x10009000 UART3. */
+ /* 0x1000a000 Smart card 1. */
+ /* 0x1000b000 MMCI1. */
+ /* 0x10010000 Ethernet. */
+ /* 0x10020000 USB. */
+ /* 0x10100000 SSMC. */
+ /* 0x10110000 MPMC. */
+ /* 0x10120000 CLCD Controller. */
+ /* 0x10130000 DMA Controller. */
+ /* 0x10140000 Vectored interrupt controller. */
+ /* 0x101d0000 AHB Monitor Interface. */
+ /* 0x101e0000 System Controller. */
+ /* 0x101e1000 Watchdog Interface. */
+ /* 0x101e2000 Timer 0/1. */
+ /* 0x101e3000 Timer 2/3. */
+ /* 0x101e4000 GPIO port 0. */
+ /* 0x101e5000 GPIO port 1. */
+ /* 0x101e6000 GPIO port 2. */
+ /* 0x101e7000 GPIO port 3. */
+ /* 0x101e8000 RTC. */
+ /* 0x101f0000 Smart card 0. */
+ /* 0x101f1000 UART0. */
+ /* 0x101f2000 UART1. */
+ /* 0x101f3000 UART2. */
+ /* 0x101f4000 SSPI. */
+ /* 0x34000000 NOR Flash */
+
+ dinfo = drive_get(IF_PFLASH, 0, 0);
+ if (!pflash_cfi01_register(VERSATILE_FLASH_ADDR, NULL, "versatile.flash",
+ VERSATILE_FLASH_SIZE, dinfo ? dinfo->bdrv : NULL,
+ VERSATILE_FLASH_SECT_SIZE,
+ VERSATILE_FLASH_SIZE / VERSATILE_FLASH_SECT_SIZE,
+ 4, 0x0089, 0x0018, 0x0000, 0x0, 0)) {
+ fprintf(stderr, "qemu: Error registering flash memory.\n");
+ }
+
+ versatile_binfo.ram_size = args->ram_size;
+ versatile_binfo.kernel_filename = args->kernel_filename;
+ versatile_binfo.kernel_cmdline = args->kernel_cmdline;
+ versatile_binfo.initrd_filename = args->initrd_filename;
+ versatile_binfo.board_id = board_id;
+ arm_load_kernel(cpu, &versatile_binfo);
+}
+
+static void vpb_init(QEMUMachineInitArgs *args)
+{
+ versatile_init(args, 0x183);
+}
+
+static void vab_init(QEMUMachineInitArgs *args)
+{
+ versatile_init(args, 0x25e);
+}
+
+static QEMUMachine versatilepb_machine = {
+ .name = "versatilepb",
+ .desc = "ARM Versatile/PB (ARM926EJ-S)",
+ .init = vpb_init,
+ .block_default_type = IF_SCSI,
+ DEFAULT_MACHINE_OPTIONS,
+};
+
+static QEMUMachine versatileab_machine = {
+ .name = "versatileab",
+ .desc = "ARM Versatile/AB (ARM926EJ-S)",
+ .init = vab_init,
+ .block_default_type = IF_SCSI,
+ DEFAULT_MACHINE_OPTIONS,
+};
+
+static void versatile_machine_init(void)
+{
+ qemu_register_machine(&versatilepb_machine);
+ qemu_register_machine(&versatileab_machine);
+}
+
+machine_init(versatile_machine_init);
+
+static void vpb_sic_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
+
+ k->init = vpb_sic_init;
+ dc->no_user = 1;
+ dc->vmsd = &vmstate_vpb_sic;
+}
+
+static const TypeInfo vpb_sic_info = {
+ .name = TYPE_VERSATILE_PB_SIC,
+ .parent = TYPE_SYS_BUS_DEVICE,
+ .instance_size = sizeof(vpb_sic_state),
+ .class_init = vpb_sic_class_init,
+};
+
+static void versatilepb_register_types(void)
+{
+ type_register_static(&vpb_sic_info);
+}
+
+type_init(versatilepb_register_types)
diff --git a/hw/arm/vexpress.c b/hw/arm/vexpress.c
new file mode 100644
index 000000000..9586e3880
--- /dev/null
+++ b/hw/arm/vexpress.c
@@ -0,0 +1,672 @@
+/*
+ * ARM Versatile Express emulation.
+ *
+ * Copyright (c) 2010 - 2011 B Labs Ltd.
+ * Copyright (c) 2011 Linaro Limited
+ * Written by Bahadir Balban, Amit Mahajan, Peter Maydell
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, see <http://www.gnu.org/licenses/>.
+ *
+ * Contributions after 2012-01-13 are licensed under the terms of the
+ * GNU GPL, version 2 or (at your option) any later version.
+ */
+
+#include "hw/sysbus.h"
+#include "hw/arm/arm.h"
+#include "hw/arm/primecell.h"
+#include "hw/devices.h"
+#include "net/net.h"
+#include "sysemu/sysemu.h"
+#include "hw/boards.h"
+#include "exec/address-spaces.h"
+#include "sysemu/blockdev.h"
+#include "hw/block/flash.h"
+#include "sysemu/device_tree.h"
+#include <libfdt.h>
+
+#define VEXPRESS_BOARD_ID 0x8e0
+#define VEXPRESS_FLASH_SIZE (64 * 1024 * 1024)
+#define VEXPRESS_FLASH_SECT_SIZE (256 * 1024)
+
+/* Number of virtio transports to create (0..8; limited by
+ * number of available IRQ lines).
+ */
+#define NUM_VIRTIO_TRANSPORTS 4
+
+/* Address maps for peripherals:
+ * the Versatile Express motherboard has two possible maps,
+ * the "legacy" one (used for A9) and the "Cortex-A Series"
+ * map (used for newer cores).
+ * Individual daughterboards can also have different maps for
+ * their peripherals.
+ */
+
+enum {
+ VE_SYSREGS,
+ VE_SP810,
+ VE_SERIALPCI,
+ VE_PL041,
+ VE_MMCI,
+ VE_KMI0,
+ VE_KMI1,
+ VE_UART0,
+ VE_UART1,
+ VE_UART2,
+ VE_UART3,
+ VE_WDT,
+ VE_TIMER01,
+ VE_TIMER23,
+ VE_SERIALDVI,
+ VE_RTC,
+ VE_COMPACTFLASH,
+ VE_CLCD,
+ VE_NORFLASH0,
+ VE_NORFLASH1,
+ VE_NORFLASHALIAS,
+ VE_SRAM,
+ VE_VIDEORAM,
+ VE_ETHERNET,
+ VE_USB,
+ VE_DAPROM,
+ VE_VIRTIO,
+};
+
+static hwaddr motherboard_legacy_map[] = {
+ /* CS7: 0x10000000 .. 0x10020000 */
+ [VE_SYSREGS] = 0x10000000,
+ [VE_SP810] = 0x10001000,
+ [VE_SERIALPCI] = 0x10002000,
+ [VE_PL041] = 0x10004000,
+ [VE_MMCI] = 0x10005000,
+ [VE_KMI0] = 0x10006000,
+ [VE_KMI1] = 0x10007000,
+ [VE_UART0] = 0x10009000,
+ [VE_UART1] = 0x1000a000,
+ [VE_UART2] = 0x1000b000,
+ [VE_UART3] = 0x1000c000,
+ [VE_WDT] = 0x1000f000,
+ [VE_TIMER01] = 0x10011000,
+ [VE_TIMER23] = 0x10012000,
+ [VE_VIRTIO] = 0x10013000,
+ [VE_SERIALDVI] = 0x10016000,
+ [VE_RTC] = 0x10017000,
+ [VE_COMPACTFLASH] = 0x1001a000,
+ [VE_CLCD] = 0x1001f000,
+ /* CS0: 0x40000000 .. 0x44000000 */
+ [VE_NORFLASH0] = 0x40000000,
+ /* CS1: 0x44000000 .. 0x48000000 */
+ [VE_NORFLASH1] = 0x44000000,
+ /* CS2: 0x48000000 .. 0x4a000000 */
+ [VE_SRAM] = 0x48000000,
+ /* CS3: 0x4c000000 .. 0x50000000 */
+ [VE_VIDEORAM] = 0x4c000000,
+ [VE_ETHERNET] = 0x4e000000,
+ [VE_USB] = 0x4f000000,
+ [VE_NORFLASHALIAS] = -1, /* not present */
+};
+
+static hwaddr motherboard_aseries_map[] = {
+ [VE_NORFLASHALIAS] = 0,
+ /* CS0: 0x08000000 .. 0x0c000000 */
+ [VE_NORFLASH0] = 0x08000000,
+ /* CS4: 0x0c000000 .. 0x10000000 */
+ [VE_NORFLASH1] = 0x0c000000,
+ /* CS5: 0x10000000 .. 0x14000000 */
+ /* CS1: 0x14000000 .. 0x18000000 */
+ [VE_SRAM] = 0x14000000,
+ /* CS2: 0x18000000 .. 0x1c000000 */
+ [VE_VIDEORAM] = 0x18000000,
+ [VE_ETHERNET] = 0x1a000000,
+ [VE_USB] = 0x1b000000,
+ /* CS3: 0x1c000000 .. 0x20000000 */
+ [VE_DAPROM] = 0x1c000000,
+ [VE_SYSREGS] = 0x1c010000,
+ [VE_SP810] = 0x1c020000,
+ [VE_SERIALPCI] = 0x1c030000,
+ [VE_PL041] = 0x1c040000,
+ [VE_MMCI] = 0x1c050000,
+ [VE_KMI0] = 0x1c060000,
+ [VE_KMI1] = 0x1c070000,
+ [VE_UART0] = 0x1c090000,
+ [VE_UART1] = 0x1c0a0000,
+ [VE_UART2] = 0x1c0b0000,
+ [VE_UART3] = 0x1c0c0000,
+ [VE_WDT] = 0x1c0f0000,
+ [VE_TIMER01] = 0x1c110000,
+ [VE_TIMER23] = 0x1c120000,
+ [VE_VIRTIO] = 0x1c130000,
+ [VE_SERIALDVI] = 0x1c160000,
+ [VE_RTC] = 0x1c170000,
+ [VE_COMPACTFLASH] = 0x1c1a0000,
+ [VE_CLCD] = 0x1c1f0000,
+};
+
+/* Structure defining the peculiarities of a specific daughterboard */
+
+typedef struct VEDBoardInfo VEDBoardInfo;
+
+typedef void DBoardInitFn(const VEDBoardInfo *daughterboard,
+ ram_addr_t ram_size,
+ const char *cpu_model,
+ qemu_irq *pic);
+
+struct VEDBoardInfo {
+ struct arm_boot_info bootinfo;
+ const hwaddr *motherboard_map;
+ hwaddr loader_start;
+ const hwaddr gic_cpu_if_addr;
+ uint32_t proc_id;
+ uint32_t num_voltage_sensors;
+ const uint32_t *voltages;
+ uint32_t num_clocks;
+ const uint32_t *clocks;
+ DBoardInitFn *init;
+};
+
+static void a9_daughterboard_init(const VEDBoardInfo *daughterboard,
+ ram_addr_t ram_size,
+ const char *cpu_model,
+ qemu_irq *pic)
+{
+ MemoryRegion *sysmem = get_system_memory();
+ MemoryRegion *ram = g_new(MemoryRegion, 1);
+ MemoryRegion *lowram = g_new(MemoryRegion, 1);
+ DeviceState *dev;
+ SysBusDevice *busdev;
+ qemu_irq *irqp;
+ int n;
+ qemu_irq cpu_irq[4];
+ ram_addr_t low_ram_size;
+
+ if (!cpu_model) {
+ cpu_model = "cortex-a9";
+ }
+
+ for (n = 0; n < smp_cpus; n++) {
+ ARMCPU *cpu = cpu_arm_init(cpu_model);
+ if (!cpu) {
+ fprintf(stderr, "Unable to find CPU definition\n");
+ exit(1);
+ }
+ irqp = arm_pic_init_cpu(cpu);
+ cpu_irq[n] = irqp[ARM_PIC_CPU_IRQ];
+ }
+
+ if (ram_size > 0x40000000) {
+ /* 1GB is the maximum the address space permits */
+ fprintf(stderr, "vexpress-a9: cannot model more than 1GB RAM\n");
+ exit(1);
+ }
+
+ memory_region_init_ram(ram, NULL, "vexpress.highmem", ram_size);
+ vmstate_register_ram_global(ram);
+ low_ram_size = ram_size;
+ if (low_ram_size > 0x4000000) {
+ low_ram_size = 0x4000000;
+ }
+ /* RAM is from 0x60000000 upwards. The bottom 64MB of the
+ * address space should in theory be remappable to various
+ * things including ROM or RAM; we always map the RAM there.
+ */
+ memory_region_init_alias(lowram, NULL, "vexpress.lowmem", ram, 0, low_ram_size);
+ memory_region_add_subregion(sysmem, 0x0, lowram);
+ memory_region_add_subregion(sysmem, 0x60000000, ram);
+
+ /* 0x1e000000 A9MPCore (SCU) private memory region */
+ dev = qdev_create(NULL, "a9mpcore_priv");
+ qdev_prop_set_uint32(dev, "num-cpu", smp_cpus);
+ qdev_init_nofail(dev);
+ busdev = SYS_BUS_DEVICE(dev);
+ sysbus_mmio_map(busdev, 0, 0x1e000000);
+ for (n = 0; n < smp_cpus; n++) {
+ sysbus_connect_irq(busdev, n, cpu_irq[n]);
+ }
+ /* Interrupts [42:0] are from the motherboard;
+ * [47:43] are reserved; [63:48] are daughterboard
+ * peripherals. Note that some documentation numbers
+ * external interrupts starting from 32 (because the
+ * A9MP has internal interrupts 0..31).
+ */
+ for (n = 0; n < 64; n++) {
+ pic[n] = qdev_get_gpio_in(dev, n);
+ }
+
+ /* Daughterboard peripherals : 0x10020000 .. 0x20000000 */
+
+ /* 0x10020000 PL111 CLCD (daughterboard) */
+ sysbus_create_simple("pl111", 0x10020000, pic[44]);
+
+ /* 0x10060000 AXI RAM */
+ /* 0x100e0000 PL341 Dynamic Memory Controller */
+ /* 0x100e1000 PL354 Static Memory Controller */
+ /* 0x100e2000 System Configuration Controller */
+
+ sysbus_create_simple("sp804", 0x100e4000, pic[48]);
+ /* 0x100e5000 SP805 Watchdog module */
+ /* 0x100e6000 BP147 TrustZone Protection Controller */
+ /* 0x100e9000 PL301 'Fast' AXI matrix */
+ /* 0x100ea000 PL301 'Slow' AXI matrix */
+ /* 0x100ec000 TrustZone Address Space Controller */
+ /* 0x10200000 CoreSight debug APB */
+ /* 0x1e00a000 PL310 L2 Cache Controller */
+ sysbus_create_varargs("l2x0", 0x1e00a000, NULL);
+}
+
+/* Voltage values for SYS_CFG_VOLT daughterboard registers;
+ * values are in microvolts.
+ */
+static const uint32_t a9_voltages[] = {
+ 1000000, /* VD10 : 1.0V : SoC internal logic voltage */
+ 1000000, /* VD10_S2 : 1.0V : PL310, L2 cache, RAM, non-PL310 logic */
+ 1000000, /* VD10_S3 : 1.0V : Cortex-A9, cores, MPEs, SCU, PL310 logic */
+ 1800000, /* VCC1V8 : 1.8V : DDR2 SDRAM, test chip DDR2 I/O supply */
+ 900000, /* DDR2VTT : 0.9V : DDR2 SDRAM VTT termination voltage */
+ 3300000, /* VCC3V3 : 3.3V : local board supply for misc external logic */
+};
+
+/* Reset values for daughterboard oscillators (in Hz) */
+static const uint32_t a9_clocks[] = {
+ 45000000, /* AMBA AXI ACLK: 45MHz */
+ 23750000, /* daughterboard CLCD clock: 23.75MHz */
+ 66670000, /* Test chip reference clock: 66.67MHz */
+};
+
+static VEDBoardInfo a9_daughterboard = {
+ .motherboard_map = motherboard_legacy_map,
+ .loader_start = 0x60000000,
+ .gic_cpu_if_addr = 0x1e000100,
+ .proc_id = 0x0c000191,
+ .num_voltage_sensors = ARRAY_SIZE(a9_voltages),
+ .voltages = a9_voltages,
+ .num_clocks = ARRAY_SIZE(a9_clocks),
+ .clocks = a9_clocks,
+ .init = a9_daughterboard_init,
+};
+
+static void a15_daughterboard_init(const VEDBoardInfo *daughterboard,
+ ram_addr_t ram_size,
+ const char *cpu_model,
+ qemu_irq *pic)
+{
+ int n;
+ MemoryRegion *sysmem = get_system_memory();
+ MemoryRegion *ram = g_new(MemoryRegion, 1);
+ MemoryRegion *sram = g_new(MemoryRegion, 1);
+ qemu_irq cpu_irq[4];
+ DeviceState *dev;
+ SysBusDevice *busdev;
+
+ if (!cpu_model) {
+ cpu_model = "cortex-a15";
+ }
+
+ for (n = 0; n < smp_cpus; n++) {
+ ARMCPU *cpu;
+ qemu_irq *irqp;
+
+ cpu = cpu_arm_init(cpu_model);
+ if (!cpu) {
+ fprintf(stderr, "Unable to find CPU definition\n");
+ exit(1);
+ }
+ irqp = arm_pic_init_cpu(cpu);
+ cpu_irq[n] = irqp[ARM_PIC_CPU_IRQ];
+ }
+
+ {
+ /* We have to use a separate 64 bit variable here to avoid the gcc
+ * "comparison is always false due to limited range of data type"
+ * warning if we are on a host where ram_addr_t is 32 bits.
+ */
+ uint64_t rsz = ram_size;
+ if (rsz > (30ULL * 1024 * 1024 * 1024)) {
+ fprintf(stderr, "vexpress-a15: cannot model more than 30GB RAM\n");
+ exit(1);
+ }
+ }
+
+ memory_region_init_ram(ram, NULL, "vexpress.highmem", ram_size);
+ vmstate_register_ram_global(ram);
+ /* RAM is from 0x80000000 upwards; there is no low-memory alias for it. */
+ memory_region_add_subregion(sysmem, 0x80000000, ram);
+
+ /* 0x2c000000 A15MPCore private memory region (GIC) */
+ dev = qdev_create(NULL, "a15mpcore_priv");
+ qdev_prop_set_uint32(dev, "num-cpu", smp_cpus);
+ qdev_init_nofail(dev);
+ busdev = SYS_BUS_DEVICE(dev);
+ sysbus_mmio_map(busdev, 0, 0x2c000000);
+ for (n = 0; n < smp_cpus; n++) {
+ sysbus_connect_irq(busdev, n, cpu_irq[n]);
+ }
+ /* Interrupts [42:0] are from the motherboard;
+ * [47:43] are reserved; [63:48] are daughterboard
+ * peripherals. Note that some documentation numbers
+ * external interrupts starting from 32 (because there
+ * are internal interrupts 0..31).
+ */
+ for (n = 0; n < 64; n++) {
+ pic[n] = qdev_get_gpio_in(dev, n);
+ }
+
+ /* A15 daughterboard peripherals: */
+
+ /* 0x20000000: CoreSight interfaces: not modelled */
+ /* 0x2a000000: PL301 AXI interconnect: not modelled */
+ /* 0x2a420000: SCC: not modelled */
+ /* 0x2a430000: system counter: not modelled */
+ /* 0x2b000000: HDLCD controller: not modelled */
+ /* 0x2b060000: SP805 watchdog: not modelled */
+ /* 0x2b0a0000: PL341 dynamic memory controller: not modelled */
+ /* 0x2e000000: system SRAM */
+ memory_region_init_ram(sram, NULL, "vexpress.a15sram", 0x10000);
+ vmstate_register_ram_global(sram);
+ memory_region_add_subregion(sysmem, 0x2e000000, sram);
+
+ /* 0x7ffb0000: DMA330 DMA controller: not modelled */
+ /* 0x7ffd0000: PL354 static memory controller: not modelled */
+}
+
+static const uint32_t a15_voltages[] = {
+ 900000, /* Vcore: 0.9V : CPU core voltage */
+};
+
+static const uint32_t a15_clocks[] = {
+ 60000000, /* OSCCLK0: 60MHz : CPU_CLK reference */
+ 0, /* OSCCLK1: reserved */
+ 0, /* OSCCLK2: reserved */
+ 0, /* OSCCLK3: reserved */
+ 40000000, /* OSCCLK4: 40MHz : external AXI master clock */
+ 23750000, /* OSCCLK5: 23.75MHz : HDLCD PLL reference */
+ 50000000, /* OSCCLK6: 50MHz : static memory controller clock */
+ 60000000, /* OSCCLK7: 60MHz : SYSCLK reference */
+ 40000000, /* OSCCLK8: 40MHz : DDR2 PLL reference */
+};
+
+static VEDBoardInfo a15_daughterboard = {
+ .motherboard_map = motherboard_aseries_map,
+ .loader_start = 0x80000000,
+ .gic_cpu_if_addr = 0x2c002000,
+ .proc_id = 0x14000237,
+ .num_voltage_sensors = ARRAY_SIZE(a15_voltages),
+ .voltages = a15_voltages,
+ .num_clocks = ARRAY_SIZE(a15_clocks),
+ .clocks = a15_clocks,
+ .init = a15_daughterboard_init,
+};
+
+static int add_virtio_mmio_node(void *fdt, uint32_t acells, uint32_t scells,
+ hwaddr addr, hwaddr size, uint32_t intc,
+ int irq)
+{
+ /* Add a virtio_mmio node to the device tree blob:
+ * virtio_mmio@ADDRESS {
+ * compatible = "virtio,mmio";
+ * reg = <ADDRESS, SIZE>;
+ * interrupt-parent = <&intc>;
+ * interrupts = <0, irq, 1>;
+ * }
+ * (Note that the format of the interrupts property is dependent on the
+ * interrupt controller that interrupt-parent points to; these are for
+ * the ARM GIC and indicate an SPI interrupt, rising-edge-triggered.)
+ */
+ int rc;
+ char *nodename = g_strdup_printf("/virtio_mmio@%" PRIx64, addr);
+
+ rc = qemu_devtree_add_subnode(fdt, nodename);
+ rc |= qemu_devtree_setprop_string(fdt, nodename,
+ "compatible", "virtio,mmio");
+ rc |= qemu_devtree_setprop_sized_cells(fdt, nodename, "reg",
+ acells, addr, scells, size);
+ qemu_devtree_setprop_cells(fdt, nodename, "interrupt-parent", intc);
+ qemu_devtree_setprop_cells(fdt, nodename, "interrupts", 0, irq, 1);
+ g_free(nodename);
+ if (rc) {
+ return -1;
+ }
+ return 0;
+}
+
+static uint32_t find_int_controller(void *fdt)
+{
+ /* Find the FDT node corresponding to the interrupt controller
+ * for virtio-mmio devices. We do this by scanning the fdt for
+ * a node with the right compatibility, since we know there is
+ * only one GIC on a vexpress board.
+ * We return the phandle of the node, or 0 if none was found.
+ */
+ const char *compat = "arm,cortex-a9-gic";
+ int offset;
+
+ offset = fdt_node_offset_by_compatible(fdt, -1, compat);
+ if (offset >= 0) {
+ return fdt_get_phandle(fdt, offset);
+ }
+ return 0;
+}
+
+static void vexpress_modify_dtb(const struct arm_boot_info *info, void *fdt)
+{
+ uint32_t acells, scells, intc;
+ const VEDBoardInfo *daughterboard = (const VEDBoardInfo *)info;
+
+ acells = qemu_devtree_getprop_cell(fdt, "/", "#address-cells");
+ scells = qemu_devtree_getprop_cell(fdt, "/", "#size-cells");
+ intc = find_int_controller(fdt);
+ if (!intc) {
+ /* Not fatal, we just won't provide virtio. This will
+ * happen with older device tree blobs.
+ */
+ fprintf(stderr, "QEMU: warning: couldn't find interrupt controller in "
+ "dtb; will not include virtio-mmio devices in the dtb.\n");
+ } else {
+ int i;
+ const hwaddr *map = daughterboard->motherboard_map;
+
+ /* We iterate backwards here because adding nodes
+ * to the dtb puts them in last-first.
+ */
+ for (i = NUM_VIRTIO_TRANSPORTS - 1; i >= 0; i--) {
+ add_virtio_mmio_node(fdt, acells, scells,
+ map[VE_VIRTIO] + 0x200 * i,
+ 0x200, intc, 40 + i);
+ }
+ }
+}
+
+static void vexpress_common_init(VEDBoardInfo *daughterboard,
+ QEMUMachineInitArgs *args)
+{
+ DeviceState *dev, *sysctl, *pl041;
+ qemu_irq pic[64];
+ uint32_t sys_id;
+ DriveInfo *dinfo;
+ pflash_t *pflash0;
+ ram_addr_t vram_size, sram_size;
+ MemoryRegion *sysmem = get_system_memory();
+ MemoryRegion *vram = g_new(MemoryRegion, 1);
+ MemoryRegion *sram = g_new(MemoryRegion, 1);
+ MemoryRegion *flashalias = g_new(MemoryRegion, 1);
+ MemoryRegion *flash0mem;
+ const hwaddr *map = daughterboard->motherboard_map;
+ int i;
+
+ daughterboard->init(daughterboard, args->ram_size, args->cpu_model, pic);
+
+ /* Motherboard peripherals: the wiring is the same but the
+ * addresses vary between the legacy and A-Series memory maps.
+ */
+
+ sys_id = 0x1190f500;
+
+ sysctl = qdev_create(NULL, "realview_sysctl");
+ qdev_prop_set_uint32(sysctl, "sys_id", sys_id);
+ qdev_prop_set_uint32(sysctl, "proc_id", daughterboard->proc_id);
+ qdev_prop_set_uint32(sysctl, "len-db-voltage",
+ daughterboard->num_voltage_sensors);
+ for (i = 0; i < daughterboard->num_voltage_sensors; i++) {
+ char *propname = g_strdup_printf("db-voltage[%d]", i);
+ qdev_prop_set_uint32(sysctl, propname, daughterboard->voltages[i]);
+ g_free(propname);
+ }
+ qdev_prop_set_uint32(sysctl, "len-db-clock",
+ daughterboard->num_clocks);
+ for (i = 0; i < daughterboard->num_clocks; i++) {
+ char *propname = g_strdup_printf("db-clock[%d]", i);
+ qdev_prop_set_uint32(sysctl, propname, daughterboard->clocks[i]);
+ g_free(propname);
+ }
+ qdev_init_nofail(sysctl);
+ sysbus_mmio_map(SYS_BUS_DEVICE(sysctl), 0, map[VE_SYSREGS]);
+
+ /* VE_SP810: not modelled */
+ /* VE_SERIALPCI: not modelled */
+
+ pl041 = qdev_create(NULL, "pl041");
+ qdev_prop_set_uint32(pl041, "nc_fifo_depth", 512);
+ qdev_init_nofail(pl041);
+ sysbus_mmio_map(SYS_BUS_DEVICE(pl041), 0, map[VE_PL041]);
+ sysbus_connect_irq(SYS_BUS_DEVICE(pl041), 0, pic[11]);
+
+ dev = sysbus_create_varargs("pl181", map[VE_MMCI], pic[9], pic[10], NULL);
+ /* Wire up MMC card detect and read-only signals */
+ qdev_connect_gpio_out(dev, 0,
+ qdev_get_gpio_in(sysctl, ARM_SYSCTL_GPIO_MMC_WPROT));
+ qdev_connect_gpio_out(dev, 1,
+ qdev_get_gpio_in(sysctl, ARM_SYSCTL_GPIO_MMC_CARDIN));
+
+ sysbus_create_simple("pl050_keyboard", map[VE_KMI0], pic[12]);
+ sysbus_create_simple("pl050_mouse", map[VE_KMI1], pic[13]);
+
+ sysbus_create_simple("pl011", map[VE_UART0], pic[5]);
+ sysbus_create_simple("pl011", map[VE_UART1], pic[6]);
+ sysbus_create_simple("pl011", map[VE_UART2], pic[7]);
+ sysbus_create_simple("pl011", map[VE_UART3], pic[8]);
+
+ sysbus_create_simple("sp804", map[VE_TIMER01], pic[2]);
+ sysbus_create_simple("sp804", map[VE_TIMER23], pic[3]);
+
+ /* VE_SERIALDVI: not modelled */
+
+ sysbus_create_simple("pl031", map[VE_RTC], pic[4]); /* RTC */
+
+ /* VE_COMPACTFLASH: not modelled */
+
+ sysbus_create_simple("pl111", map[VE_CLCD], pic[14]);
+
+ dinfo = drive_get_next(IF_PFLASH);
+ pflash0 = pflash_cfi01_register(map[VE_NORFLASH0], NULL, "vexpress.flash0",
+ VEXPRESS_FLASH_SIZE, dinfo ? dinfo->bdrv : NULL,
+ VEXPRESS_FLASH_SECT_SIZE,
+ VEXPRESS_FLASH_SIZE / VEXPRESS_FLASH_SECT_SIZE, 4,
+ 0x00, 0x89, 0x00, 0x18, 0);
+ if (!pflash0) {
+ fprintf(stderr, "vexpress: error registering flash 0.\n");
+ exit(1);
+ }
+
+ if (map[VE_NORFLASHALIAS] != -1) {
+ /* Map flash 0 as an alias into low memory */
+ flash0mem = sysbus_mmio_get_region(SYS_BUS_DEVICE(pflash0), 0);
+ memory_region_init_alias(flashalias, NULL, "vexpress.flashalias",
+ flash0mem, 0, VEXPRESS_FLASH_SIZE);
+ memory_region_add_subregion(sysmem, map[VE_NORFLASHALIAS], flashalias);
+ }
+
+ dinfo = drive_get_next(IF_PFLASH);
+ if (!pflash_cfi01_register(map[VE_NORFLASH1], NULL, "vexpress.flash1",
+ VEXPRESS_FLASH_SIZE, dinfo ? dinfo->bdrv : NULL,
+ VEXPRESS_FLASH_SECT_SIZE,
+ VEXPRESS_FLASH_SIZE / VEXPRESS_FLASH_SECT_SIZE, 4,
+ 0x00, 0x89, 0x00, 0x18, 0)) {
+ fprintf(stderr, "vexpress: error registering flash 1.\n");
+ exit(1);
+ }
+
+ sram_size = 0x2000000;
+ memory_region_init_ram(sram, NULL, "vexpress.sram", sram_size);
+ vmstate_register_ram_global(sram);
+ memory_region_add_subregion(sysmem, map[VE_SRAM], sram);
+
+ vram_size = 0x800000;
+ memory_region_init_ram(vram, NULL, "vexpress.vram", vram_size);
+ vmstate_register_ram_global(vram);
+ memory_region_add_subregion(sysmem, map[VE_VIDEORAM], vram);
+
+ /* 0x4e000000 LAN9118 Ethernet */
+ if (nd_table[0].used) {
+ lan9118_init(&nd_table[0], map[VE_ETHERNET], pic[15]);
+ }
+
+ /* VE_USB: not modelled */
+
+ /* VE_DAPROM: not modelled */
+
+ /* Create mmio transports, so the user can create virtio backends
+ * (which will be automatically plugged in to the transports). If
+ * no backend is created the transport will just sit harmlessly idle.
+ */
+ for (i = 0; i < NUM_VIRTIO_TRANSPORTS; i++) {
+ sysbus_create_simple("virtio-mmio", map[VE_VIRTIO] + 0x200 * i,
+ pic[40 + i]);
+ }
+
+ daughterboard->bootinfo.ram_size = args->ram_size;
+ daughterboard->bootinfo.kernel_filename = args->kernel_filename;
+ daughterboard->bootinfo.kernel_cmdline = args->kernel_cmdline;
+ daughterboard->bootinfo.initrd_filename = args->initrd_filename;
+ daughterboard->bootinfo.nb_cpus = smp_cpus;
+ daughterboard->bootinfo.board_id = VEXPRESS_BOARD_ID;
+ daughterboard->bootinfo.loader_start = daughterboard->loader_start;
+ daughterboard->bootinfo.smp_loader_start = map[VE_SRAM];
+ daughterboard->bootinfo.smp_bootreg_addr = map[VE_SYSREGS] + 0x30;
+ daughterboard->bootinfo.gic_cpu_if_addr = daughterboard->gic_cpu_if_addr;
+ daughterboard->bootinfo.modify_dtb = vexpress_modify_dtb;
+ arm_load_kernel(ARM_CPU(first_cpu), &daughterboard->bootinfo);
+}
+
+static void vexpress_a9_init(QEMUMachineInitArgs *args)
+{
+ vexpress_common_init(&a9_daughterboard, args);
+}
+
+static void vexpress_a15_init(QEMUMachineInitArgs *args)
+{
+ vexpress_common_init(&a15_daughterboard, args);
+}
+
+static QEMUMachine vexpress_a9_machine = {
+ .name = "vexpress-a9",
+ .desc = "ARM Versatile Express for Cortex-A9",
+ .init = vexpress_a9_init,
+ .block_default_type = IF_SCSI,
+ .max_cpus = 4,
+ DEFAULT_MACHINE_OPTIONS,
+};
+
+static QEMUMachine vexpress_a15_machine = {
+ .name = "vexpress-a15",
+ .desc = "ARM Versatile Express for Cortex-A15",
+ .init = vexpress_a15_init,
+ .block_default_type = IF_SCSI,
+ .max_cpus = 4,
+ DEFAULT_MACHINE_OPTIONS,
+};
+
+static void vexpress_machine_init(void)
+{
+ qemu_register_machine(&vexpress_a9_machine);
+ qemu_register_machine(&vexpress_a15_machine);
+}
+
+machine_init(vexpress_machine_init);
diff --git a/hw/arm/xilinx_zynq.c b/hw/arm/xilinx_zynq.c
new file mode 100644
index 000000000..3444823f3
--- /dev/null
+++ b/hw/arm/xilinx_zynq.c
@@ -0,0 +1,247 @@
+/*
+ * Xilinx Zynq Baseboard System emulation.
+ *
+ * Copyright (c) 2010 Xilinx.
+ * Copyright (c) 2012 Peter A.G. Crosthwaite (peter.croshtwaite@petalogix.com)
+ * Copyright (c) 2012 Petalogix Pty Ltd.
+ * Written by Haibing Ma
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version
+ * 2 of the License, or (at your option) any later version.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "hw/sysbus.h"
+#include "hw/arm/arm.h"
+#include "net/net.h"
+#include "exec/address-spaces.h"
+#include "sysemu/sysemu.h"
+#include "hw/boards.h"
+#include "hw/block/flash.h"
+#include "sysemu/blockdev.h"
+#include "hw/loader.h"
+#include "hw/ssi.h"
+
+#define NUM_SPI_FLASHES 4
+#define NUM_QSPI_FLASHES 2
+#define NUM_QSPI_BUSSES 2
+
+#define FLASH_SIZE (64 * 1024 * 1024)
+#define FLASH_SECTOR_SIZE (128 * 1024)
+
+#define IRQ_OFFSET 32 /* pic interrupts start from index 32 */
+
+static const int dma_irqs[8] = {
+ 46, 47, 48, 49, 72, 73, 74, 75
+};
+
+static struct arm_boot_info zynq_binfo = {};
+
+static void gem_init(NICInfo *nd, uint32_t base, qemu_irq irq)
+{
+ DeviceState *dev;
+ SysBusDevice *s;
+
+ qemu_check_nic_model(nd, "cadence_gem");
+ dev = qdev_create(NULL, "cadence_gem");
+ qdev_set_nic_properties(dev, nd);
+ qdev_init_nofail(dev);
+ s = SYS_BUS_DEVICE(dev);
+ sysbus_mmio_map(s, 0, base);
+ sysbus_connect_irq(s, 0, irq);
+}
+
+static inline void zynq_init_spi_flashes(uint32_t base_addr, qemu_irq irq,
+ bool is_qspi)
+{
+ DeviceState *dev;
+ SysBusDevice *busdev;
+ SSIBus *spi;
+ DeviceState *flash_dev;
+ int i, j;
+ int num_busses = is_qspi ? NUM_QSPI_BUSSES : 1;
+ int num_ss = is_qspi ? NUM_QSPI_FLASHES : NUM_SPI_FLASHES;
+
+ dev = qdev_create(NULL, is_qspi ? "xlnx.ps7-qspi" : "xlnx.ps7-spi");
+ qdev_prop_set_uint8(dev, "num-txrx-bytes", is_qspi ? 4 : 1);
+ qdev_prop_set_uint8(dev, "num-ss-bits", num_ss);
+ qdev_prop_set_uint8(dev, "num-busses", num_busses);
+ qdev_init_nofail(dev);
+ busdev = SYS_BUS_DEVICE(dev);
+ sysbus_mmio_map(busdev, 0, base_addr);
+ if (is_qspi) {
+ sysbus_mmio_map(busdev, 1, 0xFC000000);
+ }
+ sysbus_connect_irq(busdev, 0, irq);
+
+ for (i = 0; i < num_busses; ++i) {
+ char bus_name[16];
+ qemu_irq cs_line;
+
+ snprintf(bus_name, 16, "spi%d", i);
+ spi = (SSIBus *)qdev_get_child_bus(dev, bus_name);
+
+ for (j = 0; j < num_ss; ++j) {
+ flash_dev = ssi_create_slave(spi, "n25q128");
+
+ cs_line = qdev_get_gpio_in(flash_dev, 0);
+ sysbus_connect_irq(busdev, i * num_ss + j + 1, cs_line);
+ }
+ }
+
+}
+
+static void zynq_init(QEMUMachineInitArgs *args)
+{
+ ram_addr_t ram_size = args->ram_size;
+ const char *cpu_model = args->cpu_model;
+ const char *kernel_filename = args->kernel_filename;
+ const char *kernel_cmdline = args->kernel_cmdline;
+ const char *initrd_filename = args->initrd_filename;
+ ARMCPU *cpu;
+ MemoryRegion *address_space_mem = get_system_memory();
+ MemoryRegion *ext_ram = g_new(MemoryRegion, 1);
+ MemoryRegion *ocm_ram = g_new(MemoryRegion, 1);
+ DeviceState *dev;
+ SysBusDevice *busdev;
+ qemu_irq *irqp;
+ qemu_irq pic[64];
+ NICInfo *nd;
+ int n;
+ qemu_irq cpu_irq;
+
+ if (!cpu_model) {
+ cpu_model = "cortex-a9";
+ }
+
+ cpu = cpu_arm_init(cpu_model);
+ if (!cpu) {
+ fprintf(stderr, "Unable to find CPU definition\n");
+ exit(1);
+ }
+ irqp = arm_pic_init_cpu(cpu);
+ cpu_irq = irqp[ARM_PIC_CPU_IRQ];
+
+ /* max 2GB ram */
+ if (ram_size > 0x80000000) {
+ ram_size = 0x80000000;
+ }
+
+ /* DDR remapped to address zero. */
+ memory_region_init_ram(ext_ram, NULL, "zynq.ext_ram", ram_size);
+ vmstate_register_ram_global(ext_ram);
+ memory_region_add_subregion(address_space_mem, 0, ext_ram);
+
+ /* 256K of on-chip memory */
+ memory_region_init_ram(ocm_ram, NULL, "zynq.ocm_ram", 256 << 10);
+ vmstate_register_ram_global(ocm_ram);
+ memory_region_add_subregion(address_space_mem, 0xFFFC0000, ocm_ram);
+
+ DriveInfo *dinfo = drive_get(IF_PFLASH, 0, 0);
+
+ /* AMD */
+ pflash_cfi02_register(0xe2000000, NULL, "zynq.pflash", FLASH_SIZE,
+ dinfo ? dinfo->bdrv : NULL, FLASH_SECTOR_SIZE,
+ FLASH_SIZE/FLASH_SECTOR_SIZE, 1,
+ 1, 0x0066, 0x0022, 0x0000, 0x0000, 0x0555, 0x2aa,
+ 0);
+
+ dev = qdev_create(NULL, "xilinx,zynq_slcr");
+ qdev_init_nofail(dev);
+ sysbus_mmio_map(SYS_BUS_DEVICE(dev), 0, 0xF8000000);
+
+ dev = qdev_create(NULL, "a9mpcore_priv");
+ qdev_prop_set_uint32(dev, "num-cpu", 1);
+ qdev_init_nofail(dev);
+ busdev = SYS_BUS_DEVICE(dev);
+ sysbus_mmio_map(busdev, 0, 0xF8F00000);
+ sysbus_connect_irq(busdev, 0, cpu_irq);
+
+ for (n = 0; n < 64; n++) {
+ pic[n] = qdev_get_gpio_in(dev, n);
+ }
+
+ zynq_init_spi_flashes(0xE0006000, pic[58-IRQ_OFFSET], false);
+ zynq_init_spi_flashes(0xE0007000, pic[81-IRQ_OFFSET], false);
+ zynq_init_spi_flashes(0xE000D000, pic[51-IRQ_OFFSET], true);
+
+ sysbus_create_simple("xlnx,ps7-usb", 0xE0002000, pic[53-IRQ_OFFSET]);
+ sysbus_create_simple("xlnx,ps7-usb", 0xE0003000, pic[76-IRQ_OFFSET]);
+
+ sysbus_create_simple("cadence_uart", 0xE0000000, pic[59-IRQ_OFFSET]);
+ sysbus_create_simple("cadence_uart", 0xE0001000, pic[82-IRQ_OFFSET]);
+
+ sysbus_create_varargs("cadence_ttc", 0xF8001000,
+ pic[42-IRQ_OFFSET], pic[43-IRQ_OFFSET], pic[44-IRQ_OFFSET], NULL);
+ sysbus_create_varargs("cadence_ttc", 0xF8002000,
+ pic[69-IRQ_OFFSET], pic[70-IRQ_OFFSET], pic[71-IRQ_OFFSET], NULL);
+
+ for (n = 0; n < nb_nics; n++) {
+ nd = &nd_table[n];
+ if (n == 0) {
+ gem_init(nd, 0xE000B000, pic[54-IRQ_OFFSET]);
+ } else if (n == 1) {
+ gem_init(nd, 0xE000C000, pic[77-IRQ_OFFSET]);
+ }
+ }
+
+ dev = qdev_create(NULL, "generic-sdhci");
+ qdev_init_nofail(dev);
+ sysbus_mmio_map(SYS_BUS_DEVICE(dev), 0, 0xE0100000);
+ sysbus_connect_irq(SYS_BUS_DEVICE(dev), 0, pic[56-IRQ_OFFSET]);
+
+ dev = qdev_create(NULL, "generic-sdhci");
+ qdev_init_nofail(dev);
+ sysbus_mmio_map(SYS_BUS_DEVICE(dev), 0, 0xE0101000);
+ sysbus_connect_irq(SYS_BUS_DEVICE(dev), 0, pic[79-IRQ_OFFSET]);
+
+ dev = qdev_create(NULL, "pl330");
+ qdev_prop_set_uint8(dev, "num_chnls", 8);
+ qdev_prop_set_uint8(dev, "num_periph_req", 4);
+ qdev_prop_set_uint8(dev, "num_events", 16);
+
+ qdev_prop_set_uint8(dev, "data_width", 64);
+ qdev_prop_set_uint8(dev, "wr_cap", 8);
+ qdev_prop_set_uint8(dev, "wr_q_dep", 16);
+ qdev_prop_set_uint8(dev, "rd_cap", 8);
+ qdev_prop_set_uint8(dev, "rd_q_dep", 16);
+ qdev_prop_set_uint16(dev, "data_buffer_dep", 256);
+
+ qdev_init_nofail(dev);
+ busdev = SYS_BUS_DEVICE(dev);
+ sysbus_mmio_map(busdev, 0, 0xF8003000);
+ sysbus_connect_irq(busdev, 0, pic[45-IRQ_OFFSET]); /* abort irq line */
+ for (n = 0; n < 8; ++n) { /* event irqs */
+ sysbus_connect_irq(busdev, n + 1, pic[dma_irqs[n] - IRQ_OFFSET]);
+ }
+
+ zynq_binfo.ram_size = ram_size;
+ zynq_binfo.kernel_filename = kernel_filename;
+ zynq_binfo.kernel_cmdline = kernel_cmdline;
+ zynq_binfo.initrd_filename = initrd_filename;
+ zynq_binfo.nb_cpus = 1;
+ zynq_binfo.board_id = 0xd32;
+ zynq_binfo.loader_start = 0;
+ arm_load_kernel(ARM_CPU(first_cpu), &zynq_binfo);
+}
+
+static QEMUMachine zynq_machine = {
+ .name = "xilinx-zynq-a9",
+ .desc = "Xilinx Zynq Platform Baseboard for Cortex-A9",
+ .init = zynq_init,
+ .block_default_type = IF_SCSI,
+ .max_cpus = 1,
+ .no_sdcard = 1,
+ DEFAULT_MACHINE_OPTIONS,
+};
+
+static void zynq_machine_init(void)
+{
+ qemu_register_machine(&zynq_machine);
+}
+
+machine_init(zynq_machine_init);
diff --git a/hw/arm/z2.c b/hw/arm/z2.c
new file mode 100644
index 000000000..07a127b49
--- /dev/null
+++ b/hw/arm/z2.c
@@ -0,0 +1,384 @@
+/*
+ * PXA270-based Zipit Z2 device
+ *
+ * Copyright (c) 2011 by Vasily Khoruzhick <anarsoul@gmail.com>
+ *
+ * Code is based on mainstone platform.
+ *
+ * This code is licensed under the GNU GPL v2.
+ *
+ * Contributions after 2012-01-13 are licensed under the terms of the
+ * GNU GPL, version 2 or (at your option) any later version.
+ */
+
+#include "hw/hw.h"
+#include "hw/arm/pxa.h"
+#include "hw/arm/arm.h"
+#include "hw/devices.h"
+#include "hw/i2c/i2c.h"
+#include "hw/ssi.h"
+#include "hw/boards.h"
+#include "sysemu/sysemu.h"
+#include "hw/block/flash.h"
+#include "sysemu/blockdev.h"
+#include "ui/console.h"
+#include "audio/audio.h"
+#include "exec/address-spaces.h"
+
+#ifdef DEBUG_Z2
+#define DPRINTF(fmt, ...) \
+ printf(fmt, ## __VA_ARGS__)
+#else
+#define DPRINTF(fmt, ...)
+#endif
+
+static struct keymap map[0x100] = {
+ [0 ... 0xff] = { -1, -1 },
+ [0x3b] = {0, 0}, /* Option = F1 */
+ [0xc8] = {0, 1}, /* Up */
+ [0xd0] = {0, 2}, /* Down */
+ [0xcb] = {0, 3}, /* Left */
+ [0xcd] = {0, 4}, /* Right */
+ [0xcf] = {0, 5}, /* End */
+ [0x0d] = {0, 6}, /* KPPLUS */
+ [0xc7] = {1, 0}, /* Home */
+ [0x10] = {1, 1}, /* Q */
+ [0x17] = {1, 2}, /* I */
+ [0x22] = {1, 3}, /* G */
+ [0x2d] = {1, 4}, /* X */
+ [0x1c] = {1, 5}, /* Enter */
+ [0x0c] = {1, 6}, /* KPMINUS */
+ [0xc9] = {2, 0}, /* PageUp */
+ [0x11] = {2, 1}, /* W */
+ [0x18] = {2, 2}, /* O */
+ [0x23] = {2, 3}, /* H */
+ [0x2e] = {2, 4}, /* C */
+ [0x38] = {2, 5}, /* LeftAlt */
+ [0xd1] = {3, 0}, /* PageDown */
+ [0x12] = {3, 1}, /* E */
+ [0x19] = {3, 2}, /* P */
+ [0x24] = {3, 3}, /* J */
+ [0x2f] = {3, 4}, /* V */
+ [0x2a] = {3, 5}, /* LeftShift */
+ [0x01] = {4, 0}, /* Esc */
+ [0x13] = {4, 1}, /* R */
+ [0x1e] = {4, 2}, /* A */
+ [0x25] = {4, 3}, /* K */
+ [0x30] = {4, 4}, /* B */
+ [0x1d] = {4, 5}, /* LeftCtrl */
+ [0x0f] = {5, 0}, /* Tab */
+ [0x14] = {5, 1}, /* T */
+ [0x1f] = {5, 2}, /* S */
+ [0x26] = {5, 3}, /* L */
+ [0x31] = {5, 4}, /* N */
+ [0x39] = {5, 5}, /* Space */
+ [0x3c] = {6, 0}, /* Stop = F2 */
+ [0x15] = {6, 1}, /* Y */
+ [0x20] = {6, 2}, /* D */
+ [0x0e] = {6, 3}, /* Backspace */
+ [0x32] = {6, 4}, /* M */
+ [0x33] = {6, 5}, /* Comma */
+ [0x3d] = {7, 0}, /* Play = F3 */
+ [0x16] = {7, 1}, /* U */
+ [0x21] = {7, 2}, /* F */
+ [0x2c] = {7, 3}, /* Z */
+ [0x27] = {7, 4}, /* Semicolon */
+ [0x34] = {7, 5}, /* Dot */
+};
+
+#define Z2_RAM_SIZE 0x02000000
+#define Z2_FLASH_BASE 0x00000000
+#define Z2_FLASH_SIZE 0x00800000
+
+static struct arm_boot_info z2_binfo = {
+ .loader_start = PXA2XX_SDRAM_BASE,
+ .ram_size = Z2_RAM_SIZE,
+};
+
+#define Z2_GPIO_SD_DETECT 96
+#define Z2_GPIO_AC_IN 0
+#define Z2_GPIO_KEY_ON 1
+#define Z2_GPIO_LCD_CS 88
+
+typedef struct {
+ SSISlave ssidev;
+ int32_t selected;
+ int32_t enabled;
+ uint8_t buf[3];
+ uint32_t cur_reg;
+ int pos;
+} ZipitLCD;
+
+static uint32_t zipit_lcd_transfer(SSISlave *dev, uint32_t value)
+{
+ ZipitLCD *z = FROM_SSI_SLAVE(ZipitLCD, dev);
+ uint16_t val;
+ if (z->selected) {
+ z->buf[z->pos] = value & 0xff;
+ z->pos++;
+ }
+ if (z->pos == 3) {
+ switch (z->buf[0]) {
+ case 0x74:
+ DPRINTF("%s: reg: 0x%.2x\n", __func__, z->buf[2]);
+ z->cur_reg = z->buf[2];
+ break;
+ case 0x76:
+ val = z->buf[1] << 8 | z->buf[2];
+ DPRINTF("%s: value: 0x%.4x\n", __func__, val);
+ if (z->cur_reg == 0x22 && val == 0x0000) {
+ z->enabled = 1;
+ printf("%s: LCD enabled\n", __func__);
+ } else if (z->cur_reg == 0x10 && val == 0x0000) {
+ z->enabled = 0;
+ printf("%s: LCD disabled\n", __func__);
+ }
+ break;
+ default:
+ DPRINTF("%s: unknown command!\n", __func__);
+ break;
+ }
+ z->pos = 0;
+ }
+ return 0;
+}
+
+static void z2_lcd_cs(void *opaque, int line, int level)
+{
+ ZipitLCD *z2_lcd = opaque;
+ z2_lcd->selected = !level;
+}
+
+static int zipit_lcd_init(SSISlave *dev)
+{
+ ZipitLCD *z = FROM_SSI_SLAVE(ZipitLCD, dev);
+ z->selected = 0;
+ z->enabled = 0;
+ z->pos = 0;
+
+ return 0;
+}
+
+static VMStateDescription vmstate_zipit_lcd_state = {
+ .name = "zipit-lcd",
+ .version_id = 2,
+ .minimum_version_id = 2,
+ .minimum_version_id_old = 2,
+ .fields = (VMStateField[]) {
+ VMSTATE_SSI_SLAVE(ssidev, ZipitLCD),
+ VMSTATE_INT32(selected, ZipitLCD),
+ VMSTATE_INT32(enabled, ZipitLCD),
+ VMSTATE_BUFFER(buf, ZipitLCD),
+ VMSTATE_UINT32(cur_reg, ZipitLCD),
+ VMSTATE_INT32(pos, ZipitLCD),
+ VMSTATE_END_OF_LIST(),
+ }
+};
+
+static void zipit_lcd_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ SSISlaveClass *k = SSI_SLAVE_CLASS(klass);
+
+ k->init = zipit_lcd_init;
+ k->transfer = zipit_lcd_transfer;
+ dc->vmsd = &vmstate_zipit_lcd_state;
+}
+
+static const TypeInfo zipit_lcd_info = {
+ .name = "zipit-lcd",
+ .parent = TYPE_SSI_SLAVE,
+ .instance_size = sizeof(ZipitLCD),
+ .class_init = zipit_lcd_class_init,
+};
+
+typedef struct {
+ I2CSlave i2c;
+ int len;
+ uint8_t buf[3];
+} AER915State;
+
+static int aer915_send(I2CSlave *i2c, uint8_t data)
+{
+ AER915State *s = FROM_I2C_SLAVE(AER915State, i2c);
+ s->buf[s->len] = data;
+ if (s->len++ > 2) {
+ DPRINTF("%s: message too long (%i bytes)\n",
+ __func__, s->len);
+ return 1;
+ }
+
+ if (s->len == 2) {
+ DPRINTF("%s: reg %d value 0x%02x\n", __func__,
+ s->buf[0], s->buf[1]);
+ }
+
+ return 0;
+}
+
+static void aer915_event(I2CSlave *i2c, enum i2c_event event)
+{
+ AER915State *s = FROM_I2C_SLAVE(AER915State, i2c);
+ switch (event) {
+ case I2C_START_SEND:
+ s->len = 0;
+ break;
+ case I2C_START_RECV:
+ if (s->len != 1) {
+ DPRINTF("%s: short message!?\n", __func__);
+ }
+ break;
+ case I2C_FINISH:
+ break;
+ default:
+ break;
+ }
+}
+
+static int aer915_recv(I2CSlave *slave)
+{
+ int retval = 0x00;
+ AER915State *s = FROM_I2C_SLAVE(AER915State, slave);
+
+ switch (s->buf[0]) {
+ /* Return hardcoded battery voltage,
+ * 0xf0 means ~4.1V
+ */
+ case 0x02:
+ retval = 0xf0;
+ break;
+ /* Return 0x00 for other regs,
+ * we don't know what they are for,
+ * anyway they return 0x00 on real hardware.
+ */
+ default:
+ break;
+ }
+
+ return retval;
+}
+
+static int aer915_init(I2CSlave *i2c)
+{
+ /* Nothing to do. */
+ return 0;
+}
+
+static VMStateDescription vmstate_aer915_state = {
+ .name = "aer915",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .minimum_version_id_old = 1,
+ .fields = (VMStateField[]) {
+ VMSTATE_INT32(len, AER915State),
+ VMSTATE_BUFFER(buf, AER915State),
+ VMSTATE_END_OF_LIST(),
+ }
+};
+
+static void aer915_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ I2CSlaveClass *k = I2C_SLAVE_CLASS(klass);
+
+ k->init = aer915_init;
+ k->event = aer915_event;
+ k->recv = aer915_recv;
+ k->send = aer915_send;
+ dc->vmsd = &vmstate_aer915_state;
+}
+
+static const TypeInfo aer915_info = {
+ .name = "aer915",
+ .parent = TYPE_I2C_SLAVE,
+ .instance_size = sizeof(AER915State),
+ .class_init = aer915_class_init,
+};
+
+static void z2_init(QEMUMachineInitArgs *args)
+{
+ const char *cpu_model = args->cpu_model;
+ const char *kernel_filename = args->kernel_filename;
+ const char *kernel_cmdline = args->kernel_cmdline;
+ const char *initrd_filename = args->initrd_filename;
+ MemoryRegion *address_space_mem = get_system_memory();
+ uint32_t sector_len = 0x10000;
+ PXA2xxState *mpu;
+ DriveInfo *dinfo;
+ int be;
+ void *z2_lcd;
+ i2c_bus *bus;
+ DeviceState *wm;
+
+ if (!cpu_model) {
+ cpu_model = "pxa270-c5";
+ }
+
+ /* Setup CPU & memory */
+ mpu = pxa270_init(address_space_mem, z2_binfo.ram_size, cpu_model);
+
+#ifdef TARGET_WORDS_BIGENDIAN
+ be = 1;
+#else
+ be = 0;
+#endif
+ dinfo = drive_get(IF_PFLASH, 0, 0);
+ if (!dinfo) {
+ fprintf(stderr, "Flash image must be given with the "
+ "'pflash' parameter\n");
+ exit(1);
+ }
+
+ if (!pflash_cfi01_register(Z2_FLASH_BASE,
+ NULL, "z2.flash0", Z2_FLASH_SIZE,
+ dinfo->bdrv, sector_len,
+ Z2_FLASH_SIZE / sector_len, 4, 0, 0, 0, 0,
+ be)) {
+ fprintf(stderr, "qemu: Error registering flash memory.\n");
+ exit(1);
+ }
+
+ /* setup keypad */
+ pxa27x_register_keypad(mpu->kp, map, 0x100);
+
+ /* MMC/SD host */
+ pxa2xx_mmci_handlers(mpu->mmc,
+ NULL,
+ qdev_get_gpio_in(mpu->gpio, Z2_GPIO_SD_DETECT));
+
+ type_register_static(&zipit_lcd_info);
+ type_register_static(&aer915_info);
+ z2_lcd = ssi_create_slave(mpu->ssp[1], "zipit-lcd");
+ bus = pxa2xx_i2c_bus(mpu->i2c[0]);
+ i2c_create_slave(bus, "aer915", 0x55);
+ wm = i2c_create_slave(bus, "wm8750", 0x1b);
+ mpu->i2s->opaque = wm;
+ mpu->i2s->codec_out = wm8750_dac_dat;
+ mpu->i2s->codec_in = wm8750_adc_dat;
+ wm8750_data_req_set(wm, mpu->i2s->data_req, mpu->i2s);
+
+ qdev_connect_gpio_out(mpu->gpio, Z2_GPIO_LCD_CS,
+ qemu_allocate_irqs(z2_lcd_cs, z2_lcd, 1)[0]);
+
+ if (kernel_filename) {
+ z2_binfo.kernel_filename = kernel_filename;
+ z2_binfo.kernel_cmdline = kernel_cmdline;
+ z2_binfo.initrd_filename = initrd_filename;
+ z2_binfo.board_id = 0x6dd;
+ arm_load_kernel(mpu->cpu, &z2_binfo);
+ }
+}
+
+static QEMUMachine z2_machine = {
+ .name = "z2",
+ .desc = "Zipit Z2 (PXA27x)",
+ .init = z2_init,
+ DEFAULT_MACHINE_OPTIONS,
+};
+
+static void z2_machine_init(void)
+{
+ qemu_register_machine(&z2_machine);
+}
+
+machine_init(z2_machine_init);
diff --git a/hw/arm11mpcore.c b/hw/arm11mpcore.c
deleted file mode 100644
index 640ed20a6..000000000
--- a/hw/arm11mpcore.c
+++ /dev/null
@@ -1,268 +0,0 @@
-/*
- * ARM11MPCore internal peripheral emulation.
- *
- * Copyright (c) 2006-2007 CodeSourcery.
- * Written by Paul Brook
- *
- * This code is licensed under the GPL.
- */
-
-#include "sysbus.h"
-#include "qemu-timer.h"
-
-/* MPCore private memory region. */
-
-typedef struct mpcore_priv_state {
- SysBusDevice busdev;
- uint32_t scu_control;
- int iomemtype;
- uint32_t old_timer_status[8];
- uint32_t num_cpu;
- MemoryRegion iomem;
- MemoryRegion container;
- DeviceState *mptimer;
- DeviceState *gic;
- uint32_t num_irq;
-} mpcore_priv_state;
-
-/* Per-CPU private memory mapped IO. */
-
-static uint64_t mpcore_scu_read(void *opaque, hwaddr offset,
- unsigned size)
-{
- mpcore_priv_state *s = (mpcore_priv_state *)opaque;
- int id;
- /* SCU */
- switch (offset) {
- case 0x00: /* Control. */
- return s->scu_control;
- case 0x04: /* Configuration. */
- id = ((1 << s->num_cpu) - 1) << 4;
- return id | (s->num_cpu - 1);
- case 0x08: /* CPU status. */
- return 0;
- case 0x0c: /* Invalidate all. */
- return 0;
- default:
- qemu_log_mask(LOG_GUEST_ERROR,
- "mpcore_priv_read: Bad offset %x\n", (int)offset);
- return 0;
- }
-}
-
-static void mpcore_scu_write(void *opaque, hwaddr offset,
- uint64_t value, unsigned size)
-{
- mpcore_priv_state *s = (mpcore_priv_state *)opaque;
- /* SCU */
- switch (offset) {
- case 0: /* Control register. */
- s->scu_control = value & 1;
- break;
- case 0x0c: /* Invalidate all. */
- /* This is a no-op as cache is not emulated. */
- break;
- default:
- qemu_log_mask(LOG_GUEST_ERROR,
- "mpcore_priv_read: Bad offset %x\n", (int)offset);
- }
-}
-
-static const MemoryRegionOps mpcore_scu_ops = {
- .read = mpcore_scu_read,
- .write = mpcore_scu_write,
- .endianness = DEVICE_NATIVE_ENDIAN,
-};
-
-static void mpcore_priv_set_irq(void *opaque, int irq, int level)
-{
- mpcore_priv_state *s = (mpcore_priv_state *)opaque;
- qemu_set_irq(qdev_get_gpio_in(s->gic, irq), level);
-}
-
-static void mpcore_priv_map_setup(mpcore_priv_state *s)
-{
- int i;
- SysBusDevice *gicbusdev = sysbus_from_qdev(s->gic);
- SysBusDevice *busdev = sysbus_from_qdev(s->mptimer);
- memory_region_init(&s->container, "mpcode-priv-container", 0x2000);
- memory_region_init_io(&s->iomem, &mpcore_scu_ops, s, "mpcore-scu", 0x100);
- memory_region_add_subregion(&s->container, 0, &s->iomem);
- /* GIC CPU interfaces: "current CPU" at 0x100, then specific CPUs
- * at 0x200, 0x300...
- */
- for (i = 0; i < (s->num_cpu + 1); i++) {
- hwaddr offset = 0x100 + (i * 0x100);
- memory_region_add_subregion(&s->container, offset,
- sysbus_mmio_get_region(gicbusdev, i + 1));
- }
- /* Add the regions for timer and watchdog for "current CPU" and
- * for each specific CPU.
- */
- for (i = 0; i < (s->num_cpu + 1) * 2; i++) {
- /* Timers at 0x600, 0x700, ...; watchdogs at 0x620, 0x720, ... */
- hwaddr offset = 0x600 + (i >> 1) * 0x100 + (i & 1) * 0x20;
- memory_region_add_subregion(&s->container, offset,
- sysbus_mmio_get_region(busdev, i));
- }
- memory_region_add_subregion(&s->container, 0x1000,
- sysbus_mmio_get_region(gicbusdev, 0));
- /* Wire up the interrupt from each watchdog and timer.
- * For each core the timer is PPI 29 and the watchdog PPI 30.
- */
- for (i = 0; i < s->num_cpu; i++) {
- int ppibase = (s->num_irq - 32) + i * 32;
- sysbus_connect_irq(busdev, i * 2,
- qdev_get_gpio_in(s->gic, ppibase + 29));
- sysbus_connect_irq(busdev, i * 2 + 1,
- qdev_get_gpio_in(s->gic, ppibase + 30));
- }
-}
-
-static int mpcore_priv_init(SysBusDevice *dev)
-{
- mpcore_priv_state *s = FROM_SYSBUS(mpcore_priv_state, dev);
-
- s->gic = qdev_create(NULL, "arm_gic");
- qdev_prop_set_uint32(s->gic, "num-cpu", s->num_cpu);
- qdev_prop_set_uint32(s->gic, "num-irq", s->num_irq);
- /* Request the legacy 11MPCore GIC behaviour: */
- qdev_prop_set_uint32(s->gic, "revision", 0);
- qdev_init_nofail(s->gic);
-
- /* Pass through outbound IRQ lines from the GIC */
- sysbus_pass_irq(dev, sysbus_from_qdev(s->gic));
-
- /* Pass through inbound GPIO lines to the GIC */
- qdev_init_gpio_in(&s->busdev.qdev, mpcore_priv_set_irq, s->num_irq - 32);
-
- s->mptimer = qdev_create(NULL, "arm_mptimer");
- qdev_prop_set_uint32(s->mptimer, "num-cpu", s->num_cpu);
- qdev_init_nofail(s->mptimer);
- mpcore_priv_map_setup(s);
- sysbus_init_mmio(dev, &s->container);
- return 0;
-}
-
-/* Dummy PIC to route IRQ lines. The baseboard has 4 independent IRQ
- controllers. The output of these, plus some of the raw input lines
- are fed into a single SMP-aware interrupt controller on the CPU. */
-typedef struct {
- SysBusDevice busdev;
- SysBusDevice *priv;
- qemu_irq cpuic[32];
- qemu_irq rvic[4][64];
- uint32_t num_cpu;
-} mpcore_rirq_state;
-
-/* Map baseboard IRQs onto CPU IRQ lines. */
-static const int mpcore_irq_map[32] = {
- -1, -1, -1, -1, 1, 2, -1, -1,
- -1, -1, 6, -1, 4, 5, -1, -1,
- -1, 14, 15, 0, 7, 8, -1, -1,
- -1, -1, -1, -1, 9, 3, -1, -1,
-};
-
-static void mpcore_rirq_set_irq(void *opaque, int irq, int level)
-{
- mpcore_rirq_state *s = (mpcore_rirq_state *)opaque;
- int i;
-
- for (i = 0; i < 4; i++) {
- qemu_set_irq(s->rvic[i][irq], level);
- }
- if (irq < 32) {
- irq = mpcore_irq_map[irq];
- if (irq >= 0) {
- qemu_set_irq(s->cpuic[irq], level);
- }
- }
-}
-
-static int realview_mpcore_init(SysBusDevice *dev)
-{
- mpcore_rirq_state *s = FROM_SYSBUS(mpcore_rirq_state, dev);
- DeviceState *gic;
- DeviceState *priv;
- int n;
- int i;
-
- priv = qdev_create(NULL, "arm11mpcore_priv");
- qdev_prop_set_uint32(priv, "num-cpu", s->num_cpu);
- qdev_init_nofail(priv);
- s->priv = sysbus_from_qdev(priv);
- sysbus_pass_irq(dev, s->priv);
- for (i = 0; i < 32; i++) {
- s->cpuic[i] = qdev_get_gpio_in(priv, i);
- }
- /* ??? IRQ routing is hardcoded to "normal" mode. */
- for (n = 0; n < 4; n++) {
- gic = sysbus_create_simple("realview_gic", 0x10040000 + n * 0x10000,
- s->cpuic[10 + n]);
- for (i = 0; i < 64; i++) {
- s->rvic[n][i] = qdev_get_gpio_in(gic, i);
- }
- }
- qdev_init_gpio_in(&dev->qdev, mpcore_rirq_set_irq, 64);
- sysbus_init_mmio(dev, sysbus_mmio_get_region(s->priv, 0));
- return 0;
-}
-
-static Property mpcore_rirq_properties[] = {
- DEFINE_PROP_UINT32("num-cpu", mpcore_rirq_state, num_cpu, 1),
- DEFINE_PROP_END_OF_LIST(),
-};
-
-static void mpcore_rirq_class_init(ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS(klass);
- SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
-
- k->init = realview_mpcore_init;
- dc->props = mpcore_rirq_properties;
-}
-
-static TypeInfo mpcore_rirq_info = {
- .name = "realview_mpcore",
- .parent = TYPE_SYS_BUS_DEVICE,
- .instance_size = sizeof(mpcore_rirq_state),
- .class_init = mpcore_rirq_class_init,
-};
-
-static Property mpcore_priv_properties[] = {
- DEFINE_PROP_UINT32("num-cpu", mpcore_priv_state, num_cpu, 1),
- /* The ARM11 MPCORE TRM says the on-chip controller may have
- * anything from 0 to 224 external interrupt IRQ lines (with another
- * 32 internal). We default to 32+32, which is the number provided by
- * the ARM11 MPCore test chip in the Realview Versatile Express
- * coretile. Other boards may differ and should set this property
- * appropriately. Some Linux kernels may not boot if the hardware
- * has more IRQ lines than the kernel expects.
- */
- DEFINE_PROP_UINT32("num-irq", mpcore_priv_state, num_irq, 64),
- DEFINE_PROP_END_OF_LIST(),
-};
-
-static void mpcore_priv_class_init(ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS(klass);
- SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
-
- k->init = mpcore_priv_init;
- dc->props = mpcore_priv_properties;
-}
-
-static TypeInfo mpcore_priv_info = {
- .name = "arm11mpcore_priv",
- .parent = TYPE_SYS_BUS_DEVICE,
- .instance_size = sizeof(mpcore_priv_state),
- .class_init = mpcore_priv_class_init,
-};
-
-static void arm11mpcore_register_types(void)
-{
- type_register_static(&mpcore_rirq_info);
- type_register_static(&mpcore_priv_info);
-}
-
-type_init(arm11mpcore_register_types)
diff --git a/hw/arm_boot.c b/hw/arm_boot.c
deleted file mode 100644
index 92e2cab47..000000000
--- a/hw/arm_boot.c
+++ /dev/null
@@ -1,465 +0,0 @@
-/*
- * ARM kernel loader.
- *
- * Copyright (c) 2006-2007 CodeSourcery.
- * Written by Paul Brook
- *
- * This code is licensed under the GPL.
- */
-
-#include "config.h"
-#include "hw.h"
-#include "arm-misc.h"
-#include "sysemu.h"
-#include "boards.h"
-#include "loader.h"
-#include "elf.h"
-#include "device_tree.h"
-
-#define KERNEL_ARGS_ADDR 0x100
-#define KERNEL_LOAD_ADDR 0x00010000
-
-/* The worlds second smallest bootloader. Set r0-r2, then jump to kernel. */
-static uint32_t bootloader[] = {
- 0xe3a00000, /* mov r0, #0 */
- 0xe59f1004, /* ldr r1, [pc, #4] */
- 0xe59f2004, /* ldr r2, [pc, #4] */
- 0xe59ff004, /* ldr pc, [pc, #4] */
- 0, /* Board ID */
- 0, /* Address of kernel args. Set by integratorcp_init. */
- 0 /* Kernel entry point. Set by integratorcp_init. */
-};
-
-/* Handling for secondary CPU boot in a multicore system.
- * Unlike the uniprocessor/primary CPU boot, this is platform
- * dependent. The default code here is based on the secondary
- * CPU boot protocol used on realview/vexpress boards, with
- * some parameterisation to increase its flexibility.
- * QEMU platform models for which this code is not appropriate
- * should override write_secondary_boot and secondary_cpu_reset_hook
- * instead.
- *
- * This code enables the interrupt controllers for the secondary
- * CPUs and then puts all the secondary CPUs into a loop waiting
- * for an interprocessor interrupt and polling a configurable
- * location for the kernel secondary CPU entry point.
- */
-static uint32_t smpboot[] = {
- 0xe59f201c, /* ldr r2, gic_cpu_if */
- 0xe59f001c, /* ldr r0, startaddr */
- 0xe3a01001, /* mov r1, #1 */
- 0xe5821000, /* str r1, [r2] */
- 0xe320f003, /* wfi */
- 0xe5901000, /* ldr r1, [r0] */
- 0xe1110001, /* tst r1, r1 */
- 0x0afffffb, /* beq <wfi> */
- 0xe12fff11, /* bx r1 */
- 0, /* gic_cpu_if: base address of GIC CPU interface */
- 0 /* bootreg: Boot register address is held here */
-};
-
-static void default_write_secondary(ARMCPU *cpu,
- const struct arm_boot_info *info)
-{
- int n;
- smpboot[ARRAY_SIZE(smpboot) - 1] = info->smp_bootreg_addr;
- smpboot[ARRAY_SIZE(smpboot) - 2] = info->gic_cpu_if_addr;
- for (n = 0; n < ARRAY_SIZE(smpboot); n++) {
- smpboot[n] = tswap32(smpboot[n]);
- }
- rom_add_blob_fixed("smpboot", smpboot, sizeof(smpboot),
- info->smp_loader_start);
-}
-
-static void default_reset_secondary(ARMCPU *cpu,
- const struct arm_boot_info *info)
-{
- CPUARMState *env = &cpu->env;
-
- stl_phys_notdirty(info->smp_bootreg_addr, 0);
- env->regs[15] = info->smp_loader_start;
-}
-
-#define WRITE_WORD(p, value) do { \
- stl_phys_notdirty(p, value); \
- p += 4; \
-} while (0)
-
-static void set_kernel_args(const struct arm_boot_info *info)
-{
- int initrd_size = info->initrd_size;
- hwaddr base = info->loader_start;
- hwaddr p;
-
- p = base + KERNEL_ARGS_ADDR;
- /* ATAG_CORE */
- WRITE_WORD(p, 5);
- WRITE_WORD(p, 0x54410001);
- WRITE_WORD(p, 1);
- WRITE_WORD(p, 0x1000);
- WRITE_WORD(p, 0);
- /* ATAG_MEM */
- /* TODO: handle multiple chips on one ATAG list */
- WRITE_WORD(p, 4);
- WRITE_WORD(p, 0x54410002);
- WRITE_WORD(p, info->ram_size);
- WRITE_WORD(p, info->loader_start);
- if (initrd_size) {
- /* ATAG_INITRD2 */
- WRITE_WORD(p, 4);
- WRITE_WORD(p, 0x54420005);
- WRITE_WORD(p, info->initrd_start);
- WRITE_WORD(p, initrd_size);
- }
- if (info->kernel_cmdline && *info->kernel_cmdline) {
- /* ATAG_CMDLINE */
- int cmdline_size;
-
- cmdline_size = strlen(info->kernel_cmdline);
- cpu_physical_memory_write(p + 8, (void *)info->kernel_cmdline,
- cmdline_size + 1);
- cmdline_size = (cmdline_size >> 2) + 1;
- WRITE_WORD(p, cmdline_size + 2);
- WRITE_WORD(p, 0x54410009);
- p += cmdline_size * 4;
- }
- if (info->atag_board) {
- /* ATAG_BOARD */
- int atag_board_len;
- uint8_t atag_board_buf[0x1000];
-
- atag_board_len = (info->atag_board(info, atag_board_buf) + 3) & ~3;
- WRITE_WORD(p, (atag_board_len + 8) >> 2);
- WRITE_WORD(p, 0x414f4d50);
- cpu_physical_memory_write(p, atag_board_buf, atag_board_len);
- p += atag_board_len;
- }
- /* ATAG_END */
- WRITE_WORD(p, 0);
- WRITE_WORD(p, 0);
-}
-
-static void set_kernel_args_old(const struct arm_boot_info *info)
-{
- hwaddr p;
- const char *s;
- int initrd_size = info->initrd_size;
- hwaddr base = info->loader_start;
-
- /* see linux/include/asm-arm/setup.h */
- p = base + KERNEL_ARGS_ADDR;
- /* page_size */
- WRITE_WORD(p, 4096);
- /* nr_pages */
- WRITE_WORD(p, info->ram_size / 4096);
- /* ramdisk_size */
- WRITE_WORD(p, 0);
-#define FLAG_READONLY 1
-#define FLAG_RDLOAD 4
-#define FLAG_RDPROMPT 8
- /* flags */
- WRITE_WORD(p, FLAG_READONLY | FLAG_RDLOAD | FLAG_RDPROMPT);
- /* rootdev */
- WRITE_WORD(p, (31 << 8) | 0); /* /dev/mtdblock0 */
- /* video_num_cols */
- WRITE_WORD(p, 0);
- /* video_num_rows */
- WRITE_WORD(p, 0);
- /* video_x */
- WRITE_WORD(p, 0);
- /* video_y */
- WRITE_WORD(p, 0);
- /* memc_control_reg */
- WRITE_WORD(p, 0);
- /* unsigned char sounddefault */
- /* unsigned char adfsdrives */
- /* unsigned char bytes_per_char_h */
- /* unsigned char bytes_per_char_v */
- WRITE_WORD(p, 0);
- /* pages_in_bank[4] */
- WRITE_WORD(p, 0);
- WRITE_WORD(p, 0);
- WRITE_WORD(p, 0);
- WRITE_WORD(p, 0);
- /* pages_in_vram */
- WRITE_WORD(p, 0);
- /* initrd_start */
- if (initrd_size) {
- WRITE_WORD(p, info->initrd_start);
- } else {
- WRITE_WORD(p, 0);
- }
- /* initrd_size */
- WRITE_WORD(p, initrd_size);
- /* rd_start */
- WRITE_WORD(p, 0);
- /* system_rev */
- WRITE_WORD(p, 0);
- /* system_serial_low */
- WRITE_WORD(p, 0);
- /* system_serial_high */
- WRITE_WORD(p, 0);
- /* mem_fclk_21285 */
- WRITE_WORD(p, 0);
- /* zero unused fields */
- while (p < base + KERNEL_ARGS_ADDR + 256 + 1024) {
- WRITE_WORD(p, 0);
- }
- s = info->kernel_cmdline;
- if (s) {
- cpu_physical_memory_write(p, (void *)s, strlen(s) + 1);
- } else {
- WRITE_WORD(p, 0);
- }
-}
-
-static int load_dtb(hwaddr addr, const struct arm_boot_info *binfo)
-{
-#ifdef CONFIG_FDT
- uint32_t *mem_reg_property;
- uint32_t mem_reg_propsize;
- void *fdt = NULL;
- char *filename;
- int size, rc;
- uint32_t acells, scells, hival;
-
- filename = qemu_find_file(QEMU_FILE_TYPE_BIOS, binfo->dtb_filename);
- if (!filename) {
- fprintf(stderr, "Couldn't open dtb file %s\n", binfo->dtb_filename);
- return -1;
- }
-
- fdt = load_device_tree(filename, &size);
- if (!fdt) {
- fprintf(stderr, "Couldn't open dtb file %s\n", filename);
- g_free(filename);
- return -1;
- }
- g_free(filename);
-
- acells = qemu_devtree_getprop_cell(fdt, "/", "#address-cells");
- scells = qemu_devtree_getprop_cell(fdt, "/", "#size-cells");
- if (acells == 0 || scells == 0) {
- fprintf(stderr, "dtb file invalid (#address-cells or #size-cells 0)\n");
- return -1;
- }
-
- mem_reg_propsize = acells + scells;
- mem_reg_property = g_new0(uint32_t, mem_reg_propsize);
- mem_reg_property[acells - 1] = cpu_to_be32(binfo->loader_start);
- hival = cpu_to_be32(binfo->loader_start >> 32);
- if (acells > 1) {
- mem_reg_property[acells - 2] = hival;
- } else if (hival != 0) {
- fprintf(stderr, "qemu: dtb file not compatible with "
- "RAM start address > 4GB\n");
- exit(1);
- }
- mem_reg_property[acells + scells - 1] = cpu_to_be32(binfo->ram_size);
- hival = cpu_to_be32(binfo->ram_size >> 32);
- if (scells > 1) {
- mem_reg_property[acells + scells - 2] = hival;
- } else if (hival != 0) {
- fprintf(stderr, "qemu: dtb file not compatible with "
- "RAM size > 4GB\n");
- exit(1);
- }
-
- rc = qemu_devtree_setprop(fdt, "/memory", "reg", mem_reg_property,
- mem_reg_propsize * sizeof(uint32_t));
- if (rc < 0) {
- fprintf(stderr, "couldn't set /memory/reg\n");
- }
-
- if (binfo->kernel_cmdline && *binfo->kernel_cmdline) {
- rc = qemu_devtree_setprop_string(fdt, "/chosen", "bootargs",
- binfo->kernel_cmdline);
- if (rc < 0) {
- fprintf(stderr, "couldn't set /chosen/bootargs\n");
- }
- }
-
- if (binfo->initrd_size) {
- rc = qemu_devtree_setprop_cell(fdt, "/chosen", "linux,initrd-start",
- binfo->initrd_start);
- if (rc < 0) {
- fprintf(stderr, "couldn't set /chosen/linux,initrd-start\n");
- }
-
- rc = qemu_devtree_setprop_cell(fdt, "/chosen", "linux,initrd-end",
- binfo->initrd_start + binfo->initrd_size);
- if (rc < 0) {
- fprintf(stderr, "couldn't set /chosen/linux,initrd-end\n");
- }
- }
-
- cpu_physical_memory_write(addr, fdt, size);
-
- return 0;
-
-#else
- fprintf(stderr, "Device tree requested, "
- "but qemu was compiled without fdt support\n");
- return -1;
-#endif
-}
-
-static void do_cpu_reset(void *opaque)
-{
- ARMCPU *cpu = opaque;
- CPUARMState *env = &cpu->env;
- const struct arm_boot_info *info = env->boot_info;
-
- cpu_reset(CPU(cpu));
- if (info) {
- if (!info->is_linux) {
- /* Jump to the entry point. */
- env->regs[15] = info->entry & 0xfffffffe;
- env->thumb = info->entry & 1;
- } else {
- if (env == first_cpu) {
- env->regs[15] = info->loader_start;
- if (!info->dtb_filename) {
- if (old_param) {
- set_kernel_args_old(info);
- } else {
- set_kernel_args(info);
- }
- }
- } else {
- info->secondary_cpu_reset_hook(cpu, info);
- }
- }
- }
-}
-
-void arm_load_kernel(ARMCPU *cpu, struct arm_boot_info *info)
-{
- CPUARMState *env = &cpu->env;
- int kernel_size;
- int initrd_size;
- int n;
- int is_linux = 0;
- uint64_t elf_entry;
- hwaddr entry;
- int big_endian;
- QemuOpts *machine_opts;
-
- /* Load the kernel. */
- if (!info->kernel_filename) {
- fprintf(stderr, "Kernel image must be specified\n");
- exit(1);
- }
-
- machine_opts = qemu_opts_find(qemu_find_opts("machine"), 0);
- if (machine_opts) {
- info->dtb_filename = qemu_opt_get(machine_opts, "dtb");
- } else {
- info->dtb_filename = NULL;
- }
-
- if (!info->secondary_cpu_reset_hook) {
- info->secondary_cpu_reset_hook = default_reset_secondary;
- }
- if (!info->write_secondary_boot) {
- info->write_secondary_boot = default_write_secondary;
- }
-
- if (info->nb_cpus == 0)
- info->nb_cpus = 1;
-
-#ifdef TARGET_WORDS_BIGENDIAN
- big_endian = 1;
-#else
- big_endian = 0;
-#endif
-
- /* We want to put the initrd far enough into RAM that when the
- * kernel is uncompressed it will not clobber the initrd. However
- * on boards without much RAM we must ensure that we still leave
- * enough room for a decent sized initrd, and on boards with large
- * amounts of RAM we must avoid the initrd being so far up in RAM
- * that it is outside lowmem and inaccessible to the kernel.
- * So for boards with less than 256MB of RAM we put the initrd
- * halfway into RAM, and for boards with 256MB of RAM or more we put
- * the initrd at 128MB.
- */
- info->initrd_start = info->loader_start +
- MIN(info->ram_size / 2, 128 * 1024 * 1024);
-
- /* Assume that raw images are linux kernels, and ELF images are not. */
- kernel_size = load_elf(info->kernel_filename, NULL, NULL, &elf_entry,
- NULL, NULL, big_endian, ELF_MACHINE, 1);
- entry = elf_entry;
- if (kernel_size < 0) {
- kernel_size = load_uimage(info->kernel_filename, &entry, NULL,
- &is_linux);
- }
- if (kernel_size < 0) {
- entry = info->loader_start + KERNEL_LOAD_ADDR;
- kernel_size = load_image_targphys(info->kernel_filename, entry,
- info->ram_size - KERNEL_LOAD_ADDR);
- is_linux = 1;
- }
- if (kernel_size < 0) {
- fprintf(stderr, "qemu: could not load kernel '%s'\n",
- info->kernel_filename);
- exit(1);
- }
- info->entry = entry;
- if (is_linux) {
- if (info->initrd_filename) {
- initrd_size = load_image_targphys(info->initrd_filename,
- info->initrd_start,
- info->ram_size -
- info->initrd_start);
- if (initrd_size < 0) {
- fprintf(stderr, "qemu: could not load initrd '%s'\n",
- info->initrd_filename);
- exit(1);
- }
- } else {
- initrd_size = 0;
- }
- info->initrd_size = initrd_size;
-
- bootloader[4] = info->board_id;
-
- /* for device tree boot, we pass the DTB directly in r2. Otherwise
- * we point to the kernel args.
- */
- if (info->dtb_filename) {
- /* Place the DTB after the initrd in memory */
- hwaddr dtb_start = TARGET_PAGE_ALIGN(info->initrd_start +
- initrd_size);
- if (load_dtb(dtb_start, info)) {
- exit(1);
- }
- bootloader[5] = dtb_start;
- } else {
- bootloader[5] = info->loader_start + KERNEL_ARGS_ADDR;
- if (info->ram_size >= (1ULL << 32)) {
- fprintf(stderr, "qemu: RAM size must be less than 4GB to boot"
- " Linux kernel using ATAGS (try passing a device tree"
- " using -dtb)\n");
- exit(1);
- }
- }
- bootloader[6] = entry;
- for (n = 0; n < sizeof(bootloader) / 4; n++) {
- bootloader[n] = tswap32(bootloader[n]);
- }
- rom_add_blob_fixed("bootloader", bootloader, sizeof(bootloader),
- info->loader_start);
- if (info->nb_cpus > 1) {
- info->write_secondary_boot(cpu, info);
- }
- }
- info->is_linux = is_linux;
-
- for (; env; env = env->next_cpu) {
- cpu = arm_env_get_cpu(env);
- env->boot_info = info;
- qemu_register_reset(do_cpu_reset, cpu);
- }
-}
diff --git a/hw/arm_gic.c b/hw/arm_gic.c
deleted file mode 100644
index f9e423f15..000000000
--- a/hw/arm_gic.c
+++ /dev/null
@@ -1,718 +0,0 @@
-/*
- * ARM Generic/Distributed Interrupt Controller
- *
- * Copyright (c) 2006-2007 CodeSourcery.
- * Written by Paul Brook
- *
- * This code is licensed under the GPL.
- */
-
-/* This file contains implementation code for the RealView EB interrupt
- * controller, MPCore distributed interrupt controller and ARMv7-M
- * Nested Vectored Interrupt Controller.
- * It is compiled in two ways:
- * (1) as a standalone file to produce a sysbus device which is a GIC
- * that can be used on the realview board and as one of the builtin
- * private peripherals for the ARM MP CPUs (11MPCore, A9, etc)
- * (2) by being directly #included into armv7m_nvic.c to produce the
- * armv7m_nvic device.
- */
-
-#include "sysbus.h"
-#include "arm_gic_internal.h"
-
-//#define DEBUG_GIC
-
-#ifdef DEBUG_GIC
-#define DPRINTF(fmt, ...) \
-do { fprintf(stderr, "arm_gic: " fmt , ## __VA_ARGS__); } while (0)
-#else
-#define DPRINTF(fmt, ...) do {} while(0)
-#endif
-
-static const uint8_t gic_id[] = {
- 0x90, 0x13, 0x04, 0x00, 0x0d, 0xf0, 0x05, 0xb1
-};
-
-#define NUM_CPU(s) ((s)->num_cpu)
-
-static inline int gic_get_current_cpu(GICState *s)
-{
- if (s->num_cpu > 1) {
- return cpu_single_env->cpu_index;
- }
- return 0;
-}
-
-/* TODO: Many places that call this routine could be optimized. */
-/* Update interrupt status after enabled or pending bits have been changed. */
-void gic_update(GICState *s)
-{
- int best_irq;
- int best_prio;
- int irq;
- int level;
- int cpu;
- int cm;
-
- for (cpu = 0; cpu < NUM_CPU(s); cpu++) {
- cm = 1 << cpu;
- s->current_pending[cpu] = 1023;
- if (!s->enabled || !s->cpu_enabled[cpu]) {
- qemu_irq_lower(s->parent_irq[cpu]);
- return;
- }
- best_prio = 0x100;
- best_irq = 1023;
- for (irq = 0; irq < s->num_irq; irq++) {
- if (GIC_TEST_ENABLED(irq, cm) && GIC_TEST_PENDING(irq, cm)) {
- if (GIC_GET_PRIORITY(irq, cpu) < best_prio) {
- best_prio = GIC_GET_PRIORITY(irq, cpu);
- best_irq = irq;
- }
- }
- }
- level = 0;
- if (best_prio <= s->priority_mask[cpu]) {
- s->current_pending[cpu] = best_irq;
- if (best_prio < s->running_priority[cpu]) {
- DPRINTF("Raised pending IRQ %d\n", best_irq);
- level = 1;
- }
- }
- qemu_set_irq(s->parent_irq[cpu], level);
- }
-}
-
-void gic_set_pending_private(GICState *s, int cpu, int irq)
-{
- int cm = 1 << cpu;
-
- if (GIC_TEST_PENDING(irq, cm))
- return;
-
- DPRINTF("Set %d pending cpu %d\n", irq, cpu);
- GIC_SET_PENDING(irq, cm);
- gic_update(s);
-}
-
-/* Process a change in an external IRQ input. */
-static void gic_set_irq(void *opaque, int irq, int level)
-{
- /* Meaning of the 'irq' parameter:
- * [0..N-1] : external interrupts
- * [N..N+31] : PPI (internal) interrupts for CPU 0
- * [N+32..N+63] : PPI (internal interrupts for CPU 1
- * ...
- */
- GICState *s = (GICState *)opaque;
- int cm, target;
- if (irq < (s->num_irq - GIC_INTERNAL)) {
- /* The first external input line is internal interrupt 32. */
- cm = ALL_CPU_MASK;
- irq += GIC_INTERNAL;
- target = GIC_TARGET(irq);
- } else {
- int cpu;
- irq -= (s->num_irq - GIC_INTERNAL);
- cpu = irq / GIC_INTERNAL;
- irq %= GIC_INTERNAL;
- cm = 1 << cpu;
- target = cm;
- }
-
- if (level == GIC_TEST_LEVEL(irq, cm)) {
- return;
- }
-
- if (level) {
- GIC_SET_LEVEL(irq, cm);
- if (GIC_TEST_TRIGGER(irq) || GIC_TEST_ENABLED(irq, cm)) {
- DPRINTF("Set %d pending mask %x\n", irq, target);
- GIC_SET_PENDING(irq, target);
- }
- } else {
- GIC_CLEAR_LEVEL(irq, cm);
- }
- gic_update(s);
-}
-
-static void gic_set_running_irq(GICState *s, int cpu, int irq)
-{
- s->running_irq[cpu] = irq;
- if (irq == 1023) {
- s->running_priority[cpu] = 0x100;
- } else {
- s->running_priority[cpu] = GIC_GET_PRIORITY(irq, cpu);
- }
- gic_update(s);
-}
-
-uint32_t gic_acknowledge_irq(GICState *s, int cpu)
-{
- int new_irq;
- int cm = 1 << cpu;
- new_irq = s->current_pending[cpu];
- if (new_irq == 1023
- || GIC_GET_PRIORITY(new_irq, cpu) >= s->running_priority[cpu]) {
- DPRINTF("ACK no pending IRQ\n");
- return 1023;
- }
- s->last_active[new_irq][cpu] = s->running_irq[cpu];
- /* Clear pending flags for both level and edge triggered interrupts.
- Level triggered IRQs will be reasserted once they become inactive. */
- GIC_CLEAR_PENDING(new_irq, GIC_TEST_MODEL(new_irq) ? ALL_CPU_MASK : cm);
- gic_set_running_irq(s, cpu, new_irq);
- DPRINTF("ACK %d\n", new_irq);
- return new_irq;
-}
-
-void gic_complete_irq(GICState *s, int cpu, int irq)
-{
- int update = 0;
- int cm = 1 << cpu;
- DPRINTF("EOI %d\n", irq);
- if (irq >= s->num_irq) {
- /* This handles two cases:
- * 1. If software writes the ID of a spurious interrupt [ie 1023]
- * to the GICC_EOIR, the GIC ignores that write.
- * 2. If software writes the number of a non-existent interrupt
- * this must be a subcase of "value written does not match the last
- * valid interrupt value read from the Interrupt Acknowledge
- * register" and so this is UNPREDICTABLE. We choose to ignore it.
- */
- return;
- }
- if (s->running_irq[cpu] == 1023)
- return; /* No active IRQ. */
- /* Mark level triggered interrupts as pending if they are still
- raised. */
- if (!GIC_TEST_TRIGGER(irq) && GIC_TEST_ENABLED(irq, cm)
- && GIC_TEST_LEVEL(irq, cm) && (GIC_TARGET(irq) & cm) != 0) {
- DPRINTF("Set %d pending mask %x\n", irq, cm);
- GIC_SET_PENDING(irq, cm);
- update = 1;
- }
- if (irq != s->running_irq[cpu]) {
- /* Complete an IRQ that is not currently running. */
- int tmp = s->running_irq[cpu];
- while (s->last_active[tmp][cpu] != 1023) {
- if (s->last_active[tmp][cpu] == irq) {
- s->last_active[tmp][cpu] = s->last_active[irq][cpu];
- break;
- }
- tmp = s->last_active[tmp][cpu];
- }
- if (update) {
- gic_update(s);
- }
- } else {
- /* Complete the current running IRQ. */
- gic_set_running_irq(s, cpu, s->last_active[s->running_irq[cpu]][cpu]);
- }
-}
-
-static uint32_t gic_dist_readb(void *opaque, hwaddr offset)
-{
- GICState *s = (GICState *)opaque;
- uint32_t res;
- int irq;
- int i;
- int cpu;
- int cm;
- int mask;
-
- cpu = gic_get_current_cpu(s);
- cm = 1 << cpu;
- if (offset < 0x100) {
- if (offset == 0)
- return s->enabled;
- if (offset == 4)
- return ((s->num_irq / 32) - 1) | ((NUM_CPU(s) - 1) << 5);
- if (offset < 0x08)
- return 0;
- if (offset >= 0x80) {
- /* Interrupt Security , RAZ/WI */
- return 0;
- }
- goto bad_reg;
- } else if (offset < 0x200) {
- /* Interrupt Set/Clear Enable. */
- if (offset < 0x180)
- irq = (offset - 0x100) * 8;
- else
- irq = (offset - 0x180) * 8;
- irq += GIC_BASE_IRQ;
- if (irq >= s->num_irq)
- goto bad_reg;
- res = 0;
- for (i = 0; i < 8; i++) {
- if (GIC_TEST_ENABLED(irq + i, cm)) {
- res |= (1 << i);
- }
- }
- } else if (offset < 0x300) {
- /* Interrupt Set/Clear Pending. */
- if (offset < 0x280)
- irq = (offset - 0x200) * 8;
- else
- irq = (offset - 0x280) * 8;
- irq += GIC_BASE_IRQ;
- if (irq >= s->num_irq)
- goto bad_reg;
- res = 0;
- mask = (irq < GIC_INTERNAL) ? cm : ALL_CPU_MASK;
- for (i = 0; i < 8; i++) {
- if (GIC_TEST_PENDING(irq + i, mask)) {
- res |= (1 << i);
- }
- }
- } else if (offset < 0x400) {
- /* Interrupt Active. */
- irq = (offset - 0x300) * 8 + GIC_BASE_IRQ;
- if (irq >= s->num_irq)
- goto bad_reg;
- res = 0;
- mask = (irq < GIC_INTERNAL) ? cm : ALL_CPU_MASK;
- for (i = 0; i < 8; i++) {
- if (GIC_TEST_ACTIVE(irq + i, mask)) {
- res |= (1 << i);
- }
- }
- } else if (offset < 0x800) {
- /* Interrupt Priority. */
- irq = (offset - 0x400) + GIC_BASE_IRQ;
- if (irq >= s->num_irq)
- goto bad_reg;
- res = GIC_GET_PRIORITY(irq, cpu);
- } else if (offset < 0xc00) {
- /* Interrupt CPU Target. */
- if (s->num_cpu == 1 && s->revision != REV_11MPCORE) {
- /* For uniprocessor GICs these RAZ/WI */
- res = 0;
- } else {
- irq = (offset - 0x800) + GIC_BASE_IRQ;
- if (irq >= s->num_irq) {
- goto bad_reg;
- }
- if (irq >= 29 && irq <= 31) {
- res = cm;
- } else {
- res = GIC_TARGET(irq);
- }
- }
- } else if (offset < 0xf00) {
- /* Interrupt Configuration. */
- irq = (offset - 0xc00) * 2 + GIC_BASE_IRQ;
- if (irq >= s->num_irq)
- goto bad_reg;
- res = 0;
- for (i = 0; i < 4; i++) {
- if (GIC_TEST_MODEL(irq + i))
- res |= (1 << (i * 2));
- if (GIC_TEST_TRIGGER(irq + i))
- res |= (2 << (i * 2));
- }
- } else if (offset < 0xfe0) {
- goto bad_reg;
- } else /* offset >= 0xfe0 */ {
- if (offset & 3) {
- res = 0;
- } else {
- res = gic_id[(offset - 0xfe0) >> 2];
- }
- }
- return res;
-bad_reg:
- qemu_log_mask(LOG_GUEST_ERROR,
- "gic_dist_readb: Bad offset %x\n", (int)offset);
- return 0;
-}
-
-static uint32_t gic_dist_readw(void *opaque, hwaddr offset)
-{
- uint32_t val;
- val = gic_dist_readb(opaque, offset);
- val |= gic_dist_readb(opaque, offset + 1) << 8;
- return val;
-}
-
-static uint32_t gic_dist_readl(void *opaque, hwaddr offset)
-{
- uint32_t val;
- val = gic_dist_readw(opaque, offset);
- val |= gic_dist_readw(opaque, offset + 2) << 16;
- return val;
-}
-
-static void gic_dist_writeb(void *opaque, hwaddr offset,
- uint32_t value)
-{
- GICState *s = (GICState *)opaque;
- int irq;
- int i;
- int cpu;
-
- cpu = gic_get_current_cpu(s);
- if (offset < 0x100) {
- if (offset == 0) {
- s->enabled = (value & 1);
- DPRINTF("Distribution %sabled\n", s->enabled ? "En" : "Dis");
- } else if (offset < 4) {
- /* ignored. */
- } else if (offset >= 0x80) {
- /* Interrupt Security Registers, RAZ/WI */
- } else {
- goto bad_reg;
- }
- } else if (offset < 0x180) {
- /* Interrupt Set Enable. */
- irq = (offset - 0x100) * 8 + GIC_BASE_IRQ;
- if (irq >= s->num_irq)
- goto bad_reg;
- if (irq < 16)
- value = 0xff;
- for (i = 0; i < 8; i++) {
- if (value & (1 << i)) {
- int mask = (irq < GIC_INTERNAL) ? (1 << cpu) : GIC_TARGET(irq);
- int cm = (irq < GIC_INTERNAL) ? (1 << cpu) : ALL_CPU_MASK;
-
- if (!GIC_TEST_ENABLED(irq + i, cm)) {
- DPRINTF("Enabled IRQ %d\n", irq + i);
- }
- GIC_SET_ENABLED(irq + i, cm);
- /* If a raised level triggered IRQ enabled then mark
- is as pending. */
- if (GIC_TEST_LEVEL(irq + i, mask)
- && !GIC_TEST_TRIGGER(irq + i)) {
- DPRINTF("Set %d pending mask %x\n", irq + i, mask);
- GIC_SET_PENDING(irq + i, mask);
- }
- }
- }
- } else if (offset < 0x200) {
- /* Interrupt Clear Enable. */
- irq = (offset - 0x180) * 8 + GIC_BASE_IRQ;
- if (irq >= s->num_irq)
- goto bad_reg;
- if (irq < 16)
- value = 0;
- for (i = 0; i < 8; i++) {
- if (value & (1 << i)) {
- int cm = (irq < GIC_INTERNAL) ? (1 << cpu) : ALL_CPU_MASK;
-
- if (GIC_TEST_ENABLED(irq + i, cm)) {
- DPRINTF("Disabled IRQ %d\n", irq + i);
- }
- GIC_CLEAR_ENABLED(irq + i, cm);
- }
- }
- } else if (offset < 0x280) {
- /* Interrupt Set Pending. */
- irq = (offset - 0x200) * 8 + GIC_BASE_IRQ;
- if (irq >= s->num_irq)
- goto bad_reg;
- if (irq < 16)
- irq = 0;
-
- for (i = 0; i < 8; i++) {
- if (value & (1 << i)) {
- GIC_SET_PENDING(irq + i, GIC_TARGET(irq));
- }
- }
- } else if (offset < 0x300) {
- /* Interrupt Clear Pending. */
- irq = (offset - 0x280) * 8 + GIC_BASE_IRQ;
- if (irq >= s->num_irq)
- goto bad_reg;
- for (i = 0; i < 8; i++) {
- /* ??? This currently clears the pending bit for all CPUs, even
- for per-CPU interrupts. It's unclear whether this is the
- corect behavior. */
- if (value & (1 << i)) {
- GIC_CLEAR_PENDING(irq + i, ALL_CPU_MASK);
- }
- }
- } else if (offset < 0x400) {
- /* Interrupt Active. */
- goto bad_reg;
- } else if (offset < 0x800) {
- /* Interrupt Priority. */
- irq = (offset - 0x400) + GIC_BASE_IRQ;
- if (irq >= s->num_irq)
- goto bad_reg;
- if (irq < GIC_INTERNAL) {
- s->priority1[irq][cpu] = value;
- } else {
- s->priority2[irq - GIC_INTERNAL] = value;
- }
- } else if (offset < 0xc00) {
- /* Interrupt CPU Target. RAZ/WI on uniprocessor GICs, with the
- * annoying exception of the 11MPCore's GIC.
- */
- if (s->num_cpu != 1 || s->revision == REV_11MPCORE) {
- irq = (offset - 0x800) + GIC_BASE_IRQ;
- if (irq >= s->num_irq) {
- goto bad_reg;
- }
- if (irq < 29) {
- value = 0;
- } else if (irq < GIC_INTERNAL) {
- value = ALL_CPU_MASK;
- }
- s->irq_target[irq] = value & ALL_CPU_MASK;
- }
- } else if (offset < 0xf00) {
- /* Interrupt Configuration. */
- irq = (offset - 0xc00) * 4 + GIC_BASE_IRQ;
- if (irq >= s->num_irq)
- goto bad_reg;
- if (irq < GIC_INTERNAL)
- value |= 0xaa;
- for (i = 0; i < 4; i++) {
- if (value & (1 << (i * 2))) {
- GIC_SET_MODEL(irq + i);
- } else {
- GIC_CLEAR_MODEL(irq + i);
- }
- if (value & (2 << (i * 2))) {
- GIC_SET_TRIGGER(irq + i);
- } else {
- GIC_CLEAR_TRIGGER(irq + i);
- }
- }
- } else {
- /* 0xf00 is only handled for 32-bit writes. */
- goto bad_reg;
- }
- gic_update(s);
- return;
-bad_reg:
- qemu_log_mask(LOG_GUEST_ERROR,
- "gic_dist_writeb: Bad offset %x\n", (int)offset);
-}
-
-static void gic_dist_writew(void *opaque, hwaddr offset,
- uint32_t value)
-{
- gic_dist_writeb(opaque, offset, value & 0xff);
- gic_dist_writeb(opaque, offset + 1, value >> 8);
-}
-
-static void gic_dist_writel(void *opaque, hwaddr offset,
- uint32_t value)
-{
- GICState *s = (GICState *)opaque;
- if (offset == 0xf00) {
- int cpu;
- int irq;
- int mask;
-
- cpu = gic_get_current_cpu(s);
- irq = value & 0x3ff;
- switch ((value >> 24) & 3) {
- case 0:
- mask = (value >> 16) & ALL_CPU_MASK;
- break;
- case 1:
- mask = ALL_CPU_MASK ^ (1 << cpu);
- break;
- case 2:
- mask = 1 << cpu;
- break;
- default:
- DPRINTF("Bad Soft Int target filter\n");
- mask = ALL_CPU_MASK;
- break;
- }
- GIC_SET_PENDING(irq, mask);
- gic_update(s);
- return;
- }
- gic_dist_writew(opaque, offset, value & 0xffff);
- gic_dist_writew(opaque, offset + 2, value >> 16);
-}
-
-static const MemoryRegionOps gic_dist_ops = {
- .old_mmio = {
- .read = { gic_dist_readb, gic_dist_readw, gic_dist_readl, },
- .write = { gic_dist_writeb, gic_dist_writew, gic_dist_writel, },
- },
- .endianness = DEVICE_NATIVE_ENDIAN,
-};
-
-static uint32_t gic_cpu_read(GICState *s, int cpu, int offset)
-{
- switch (offset) {
- case 0x00: /* Control */
- return s->cpu_enabled[cpu];
- case 0x04: /* Priority mask */
- return s->priority_mask[cpu];
- case 0x08: /* Binary Point */
- /* ??? Not implemented. */
- return 0;
- case 0x0c: /* Acknowledge */
- return gic_acknowledge_irq(s, cpu);
- case 0x14: /* Running Priority */
- return s->running_priority[cpu];
- case 0x18: /* Highest Pending Interrupt */
- return s->current_pending[cpu];
- default:
- qemu_log_mask(LOG_GUEST_ERROR,
- "gic_cpu_read: Bad offset %x\n", (int)offset);
- return 0;
- }
-}
-
-static void gic_cpu_write(GICState *s, int cpu, int offset, uint32_t value)
-{
- switch (offset) {
- case 0x00: /* Control */
- s->cpu_enabled[cpu] = (value & 1);
- DPRINTF("CPU %d %sabled\n", cpu, s->cpu_enabled[cpu] ? "En" : "Dis");
- break;
- case 0x04: /* Priority mask */
- s->priority_mask[cpu] = (value & 0xff);
- break;
- case 0x08: /* Binary Point */
- /* ??? Not implemented. */
- break;
- case 0x10: /* End Of Interrupt */
- return gic_complete_irq(s, cpu, value & 0x3ff);
- default:
- qemu_log_mask(LOG_GUEST_ERROR,
- "gic_cpu_write: Bad offset %x\n", (int)offset);
- return;
- }
- gic_update(s);
-}
-
-/* Wrappers to read/write the GIC CPU interface for the current CPU */
-static uint64_t gic_thiscpu_read(void *opaque, hwaddr addr,
- unsigned size)
-{
- GICState *s = (GICState *)opaque;
- return gic_cpu_read(s, gic_get_current_cpu(s), addr);
-}
-
-static void gic_thiscpu_write(void *opaque, hwaddr addr,
- uint64_t value, unsigned size)
-{
- GICState *s = (GICState *)opaque;
- gic_cpu_write(s, gic_get_current_cpu(s), addr, value);
-}
-
-/* Wrappers to read/write the GIC CPU interface for a specific CPU.
- * These just decode the opaque pointer into GICState* + cpu id.
- */
-static uint64_t gic_do_cpu_read(void *opaque, hwaddr addr,
- unsigned size)
-{
- GICState **backref = (GICState **)opaque;
- GICState *s = *backref;
- int id = (backref - s->backref);
- return gic_cpu_read(s, id, addr);
-}
-
-static void gic_do_cpu_write(void *opaque, hwaddr addr,
- uint64_t value, unsigned size)
-{
- GICState **backref = (GICState **)opaque;
- GICState *s = *backref;
- int id = (backref - s->backref);
- gic_cpu_write(s, id, addr, value);
-}
-
-static const MemoryRegionOps gic_thiscpu_ops = {
- .read = gic_thiscpu_read,
- .write = gic_thiscpu_write,
- .endianness = DEVICE_NATIVE_ENDIAN,
-};
-
-static const MemoryRegionOps gic_cpu_ops = {
- .read = gic_do_cpu_read,
- .write = gic_do_cpu_write,
- .endianness = DEVICE_NATIVE_ENDIAN,
-};
-
-void gic_init_irqs_and_distributor(GICState *s, int num_irq)
-{
- int i;
-
- i = s->num_irq - GIC_INTERNAL;
- /* For the GIC, also expose incoming GPIO lines for PPIs for each CPU.
- * GPIO array layout is thus:
- * [0..N-1] SPIs
- * [N..N+31] PPIs for CPU 0
- * [N+32..N+63] PPIs for CPU 1
- * ...
- */
- if (s->revision != REV_NVIC) {
- i += (GIC_INTERNAL * s->num_cpu);
- }
- qdev_init_gpio_in(&s->busdev.qdev, gic_set_irq, i);
- for (i = 0; i < NUM_CPU(s); i++) {
- sysbus_init_irq(&s->busdev, &s->parent_irq[i]);
- }
- memory_region_init_io(&s->iomem, &gic_dist_ops, s, "gic_dist", 0x1000);
-}
-
-static int arm_gic_init(SysBusDevice *dev)
-{
- /* Device instance init function for the GIC sysbus device */
- int i;
- GICState *s = FROM_SYSBUS(GICState, dev);
- ARMGICClass *agc = ARM_GIC_GET_CLASS(s);
-
- agc->parent_init(dev);
-
- gic_init_irqs_and_distributor(s, s->num_irq);
-
- /* Memory regions for the CPU interfaces (NVIC doesn't have these):
- * a region for "CPU interface for this core", then a region for
- * "CPU interface for core 0", "for core 1", ...
- * NB that the memory region size of 0x100 applies for the 11MPCore
- * and also cores following the GIC v1 spec (ie A9).
- * GIC v2 defines a larger memory region (0x1000) so this will need
- * to be extended when we implement A15.
- */
- memory_region_init_io(&s->cpuiomem[0], &gic_thiscpu_ops, s,
- "gic_cpu", 0x100);
- for (i = 0; i < NUM_CPU(s); i++) {
- s->backref[i] = s;
- memory_region_init_io(&s->cpuiomem[i+1], &gic_cpu_ops, &s->backref[i],
- "gic_cpu", 0x100);
- }
- /* Distributor */
- sysbus_init_mmio(dev, &s->iomem);
- /* cpu interfaces (one for "current cpu" plus one per cpu) */
- for (i = 0; i <= NUM_CPU(s); i++) {
- sysbus_init_mmio(dev, &s->cpuiomem[i]);
- }
- return 0;
-}
-
-static void arm_gic_class_init(ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS(klass);
- SysBusDeviceClass *sbc = SYS_BUS_DEVICE_CLASS(klass);
- ARMGICClass *agc = ARM_GIC_CLASS(klass);
- agc->parent_init = sbc->init;
- sbc->init = arm_gic_init;
- dc->no_user = 1;
-}
-
-static TypeInfo arm_gic_info = {
- .name = TYPE_ARM_GIC,
- .parent = TYPE_ARM_GIC_COMMON,
- .instance_size = sizeof(GICState),
- .class_init = arm_gic_class_init,
- .class_size = sizeof(ARMGICClass),
-};
-
-static void arm_gic_register_types(void)
-{
- type_register_static(&arm_gic_info);
-}
-
-type_init(arm_gic_register_types)
diff --git a/hw/arm_gic_common.c b/hw/arm_gic_common.c
deleted file mode 100644
index 8369309d2..000000000
--- a/hw/arm_gic_common.c
+++ /dev/null
@@ -1,184 +0,0 @@
-/*
- * ARM GIC support - common bits of emulated and KVM kernel model
- *
- * Copyright (c) 2012 Linaro Limited
- * Written by Peter Maydell
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation, either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, see <http://www.gnu.org/licenses/>.
- */
-
-#include "arm_gic_internal.h"
-
-static void gic_save(QEMUFile *f, void *opaque)
-{
- GICState *s = (GICState *)opaque;
- int i;
- int j;
-
- qemu_put_be32(f, s->enabled);
- for (i = 0; i < s->num_cpu; i++) {
- qemu_put_be32(f, s->cpu_enabled[i]);
- for (j = 0; j < GIC_INTERNAL; j++) {
- qemu_put_be32(f, s->priority1[j][i]);
- }
- for (j = 0; j < s->num_irq; j++) {
- qemu_put_be32(f, s->last_active[j][i]);
- }
- qemu_put_be32(f, s->priority_mask[i]);
- qemu_put_be32(f, s->running_irq[i]);
- qemu_put_be32(f, s->running_priority[i]);
- qemu_put_be32(f, s->current_pending[i]);
- }
- for (i = 0; i < s->num_irq - GIC_INTERNAL; i++) {
- qemu_put_be32(f, s->priority2[i]);
- }
- for (i = 0; i < s->num_irq; i++) {
- qemu_put_be32(f, s->irq_target[i]);
- qemu_put_byte(f, s->irq_state[i].enabled);
- qemu_put_byte(f, s->irq_state[i].pending);
- qemu_put_byte(f, s->irq_state[i].active);
- qemu_put_byte(f, s->irq_state[i].level);
- qemu_put_byte(f, s->irq_state[i].model);
- qemu_put_byte(f, s->irq_state[i].trigger);
- }
-}
-
-static int gic_load(QEMUFile *f, void *opaque, int version_id)
-{
- GICState *s = (GICState *)opaque;
- int i;
- int j;
-
- if (version_id != 3) {
- return -EINVAL;
- }
-
- s->enabled = qemu_get_be32(f);
- for (i = 0; i < s->num_cpu; i++) {
- s->cpu_enabled[i] = qemu_get_be32(f);
- for (j = 0; j < GIC_INTERNAL; j++) {
- s->priority1[j][i] = qemu_get_be32(f);
- }
- for (j = 0; j < s->num_irq; j++) {
- s->last_active[j][i] = qemu_get_be32(f);
- }
- s->priority_mask[i] = qemu_get_be32(f);
- s->running_irq[i] = qemu_get_be32(f);
- s->running_priority[i] = qemu_get_be32(f);
- s->current_pending[i] = qemu_get_be32(f);
- }
- for (i = 0; i < s->num_irq - GIC_INTERNAL; i++) {
- s->priority2[i] = qemu_get_be32(f);
- }
- for (i = 0; i < s->num_irq; i++) {
- s->irq_target[i] = qemu_get_be32(f);
- s->irq_state[i].enabled = qemu_get_byte(f);
- s->irq_state[i].pending = qemu_get_byte(f);
- s->irq_state[i].active = qemu_get_byte(f);
- s->irq_state[i].level = qemu_get_byte(f);
- s->irq_state[i].model = qemu_get_byte(f);
- s->irq_state[i].trigger = qemu_get_byte(f);
- }
-
- return 0;
-}
-
-static int arm_gic_common_init(SysBusDevice *dev)
-{
- GICState *s = FROM_SYSBUS(GICState, dev);
- int num_irq = s->num_irq;
-
- if (s->num_cpu > NCPU) {
- hw_error("requested %u CPUs exceeds GIC maximum %d\n",
- s->num_cpu, NCPU);
- }
- s->num_irq += GIC_BASE_IRQ;
- if (s->num_irq > GIC_MAXIRQ) {
- hw_error("requested %u interrupt lines exceeds GIC maximum %d\n",
- num_irq, GIC_MAXIRQ);
- }
- /* ITLinesNumber is represented as (N / 32) - 1 (see
- * gic_dist_readb) so this is an implementation imposed
- * restriction, not an architectural one:
- */
- if (s->num_irq < 32 || (s->num_irq % 32)) {
- hw_error("%d interrupt lines unsupported: not divisible by 32\n",
- num_irq);
- }
-
- register_savevm(NULL, "arm_gic", -1, 3, gic_save, gic_load, s);
- return 0;
-}
-
-static void arm_gic_common_reset(DeviceState *dev)
-{
- GICState *s = FROM_SYSBUS(GICState, sysbus_from_qdev(dev));
- int i;
- memset(s->irq_state, 0, GIC_MAXIRQ * sizeof(gic_irq_state));
- for (i = 0 ; i < s->num_cpu; i++) {
- s->priority_mask[i] = 0xf0;
- s->current_pending[i] = 1023;
- s->running_irq[i] = 1023;
- s->running_priority[i] = 0x100;
- s->cpu_enabled[i] = 0;
- }
- for (i = 0; i < 16; i++) {
- GIC_SET_ENABLED(i, ALL_CPU_MASK);
- GIC_SET_TRIGGER(i);
- }
- if (s->num_cpu == 1) {
- /* For uniprocessor GICs all interrupts always target the sole CPU */
- for (i = 0; i < GIC_MAXIRQ; i++) {
- s->irq_target[i] = 1;
- }
- }
- s->enabled = 0;
-}
-
-static Property arm_gic_common_properties[] = {
- DEFINE_PROP_UINT32("num-cpu", GICState, num_cpu, 1),
- DEFINE_PROP_UINT32("num-irq", GICState, num_irq, 32),
- /* Revision can be 1 or 2 for GIC architecture specification
- * versions 1 or 2, or 0 to indicate the legacy 11MPCore GIC.
- * (Internally, 0xffffffff also indicates "not a GIC but an NVIC".)
- */
- DEFINE_PROP_UINT32("revision", GICState, revision, 1),
- DEFINE_PROP_END_OF_LIST(),
-};
-
-static void arm_gic_common_class_init(ObjectClass *klass, void *data)
-{
- SysBusDeviceClass *sc = SYS_BUS_DEVICE_CLASS(klass);
- DeviceClass *dc = DEVICE_CLASS(klass);
- dc->reset = arm_gic_common_reset;
- dc->props = arm_gic_common_properties;
- dc->no_user = 1;
- sc->init = arm_gic_common_init;
-}
-
-static TypeInfo arm_gic_common_type = {
- .name = TYPE_ARM_GIC_COMMON,
- .parent = TYPE_SYS_BUS_DEVICE,
- .instance_size = sizeof(GICState),
- .class_size = sizeof(ARMGICCommonClass),
- .class_init = arm_gic_common_class_init,
- .abstract = true,
-};
-
-static void register_types(void)
-{
- type_register_static(&arm_gic_common_type);
-}
-
-type_init(register_types)
diff --git a/hw/arm_gic_internal.h b/hw/arm_gic_internal.h
deleted file mode 100644
index 699352ca8..000000000
--- a/hw/arm_gic_internal.h
+++ /dev/null
@@ -1,136 +0,0 @@
-/*
- * ARM GIC support - internal interfaces
- *
- * Copyright (c) 2012 Linaro Limited
- * Written by Peter Maydell
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation, either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, see <http://www.gnu.org/licenses/>.
- */
-
-#ifndef QEMU_ARM_GIC_INTERNAL_H
-#define QEMU_ARM_GIC_INTERNAL_H
-
-#include "sysbus.h"
-
-/* Maximum number of possible interrupts, determined by the GIC architecture */
-#define GIC_MAXIRQ 1020
-/* First 32 are private to each CPU (SGIs and PPIs). */
-#define GIC_INTERNAL 32
-/* Maximum number of possible CPU interfaces, determined by GIC architecture */
-#define NCPU 8
-
-#define ALL_CPU_MASK ((unsigned)(((1 << NCPU) - 1)))
-
-/* The NVIC has 16 internal vectors. However these are not exposed
- through the normal GIC interface. */
-#define GIC_BASE_IRQ ((s->revision == REV_NVIC) ? 32 : 0)
-
-#define GIC_SET_ENABLED(irq, cm) s->irq_state[irq].enabled |= (cm)
-#define GIC_CLEAR_ENABLED(irq, cm) s->irq_state[irq].enabled &= ~(cm)
-#define GIC_TEST_ENABLED(irq, cm) ((s->irq_state[irq].enabled & (cm)) != 0)
-#define GIC_SET_PENDING(irq, cm) s->irq_state[irq].pending |= (cm)
-#define GIC_CLEAR_PENDING(irq, cm) s->irq_state[irq].pending &= ~(cm)
-#define GIC_TEST_PENDING(irq, cm) ((s->irq_state[irq].pending & (cm)) != 0)
-#define GIC_SET_ACTIVE(irq, cm) s->irq_state[irq].active |= (cm)
-#define GIC_CLEAR_ACTIVE(irq, cm) s->irq_state[irq].active &= ~(cm)
-#define GIC_TEST_ACTIVE(irq, cm) ((s->irq_state[irq].active & (cm)) != 0)
-#define GIC_SET_MODEL(irq) s->irq_state[irq].model = 1
-#define GIC_CLEAR_MODEL(irq) s->irq_state[irq].model = 0
-#define GIC_TEST_MODEL(irq) s->irq_state[irq].model
-#define GIC_SET_LEVEL(irq, cm) s->irq_state[irq].level = (cm)
-#define GIC_CLEAR_LEVEL(irq, cm) s->irq_state[irq].level &= ~(cm)
-#define GIC_TEST_LEVEL(irq, cm) ((s->irq_state[irq].level & (cm)) != 0)
-#define GIC_SET_TRIGGER(irq) s->irq_state[irq].trigger = 1
-#define GIC_CLEAR_TRIGGER(irq) s->irq_state[irq].trigger = 0
-#define GIC_TEST_TRIGGER(irq) s->irq_state[irq].trigger
-#define GIC_GET_PRIORITY(irq, cpu) (((irq) < GIC_INTERNAL) ? \
- s->priority1[irq][cpu] : \
- s->priority2[(irq) - GIC_INTERNAL])
-#define GIC_TARGET(irq) s->irq_target[irq]
-
-typedef struct gic_irq_state {
- /* The enable bits are only banked for per-cpu interrupts. */
- unsigned enabled:NCPU;
- unsigned pending:NCPU;
- unsigned active:NCPU;
- unsigned level:NCPU;
- unsigned model:1; /* 0 = N:N, 1 = 1:N */
- unsigned trigger:1; /* nonzero = edge triggered. */
-} gic_irq_state;
-
-typedef struct GICState {
- SysBusDevice busdev;
- qemu_irq parent_irq[NCPU];
- int enabled;
- int cpu_enabled[NCPU];
-
- gic_irq_state irq_state[GIC_MAXIRQ];
- int irq_target[GIC_MAXIRQ];
- int priority1[GIC_INTERNAL][NCPU];
- int priority2[GIC_MAXIRQ - GIC_INTERNAL];
- int last_active[GIC_MAXIRQ][NCPU];
-
- int priority_mask[NCPU];
- int running_irq[NCPU];
- int running_priority[NCPU];
- int current_pending[NCPU];
-
- uint32_t num_cpu;
-
- MemoryRegion iomem; /* Distributor */
- /* This is just so we can have an opaque pointer which identifies
- * both this GIC and which CPU interface we should be accessing.
- */
- struct GICState *backref[NCPU];
- MemoryRegion cpuiomem[NCPU+1]; /* CPU interfaces */
- uint32_t num_irq;
- uint32_t revision;
-} GICState;
-
-/* The special cases for the revision property: */
-#define REV_11MPCORE 0
-#define REV_NVIC 0xffffffff
-
-void gic_set_pending_private(GICState *s, int cpu, int irq);
-uint32_t gic_acknowledge_irq(GICState *s, int cpu);
-void gic_complete_irq(GICState *s, int cpu, int irq);
-void gic_update(GICState *s);
-void gic_init_irqs_and_distributor(GICState *s, int num_irq);
-
-#define TYPE_ARM_GIC_COMMON "arm_gic_common"
-#define ARM_GIC_COMMON(obj) \
- OBJECT_CHECK(GICState, (obj), TYPE_ARM_GIC_COMMON)
-#define ARM_GIC_COMMON_CLASS(klass) \
- OBJECT_CLASS_CHECK(ARMGICCommonClass, (klass), TYPE_ARM_GIC_COMMON)
-#define ARM_GIC_COMMON_GET_CLASS(obj) \
- OBJECT_GET_CLASS(ARMGICCommonClass, (obj), TYPE_ARM_GIC_COMMON)
-
-typedef struct ARMGICCommonClass {
- SysBusDeviceClass parent_class;
-} ARMGICCommonClass;
-
-#define TYPE_ARM_GIC "arm_gic"
-#define ARM_GIC(obj) \
- OBJECT_CHECK(GICState, (obj), TYPE_ARM_GIC)
-#define ARM_GIC_CLASS(klass) \
- OBJECT_CLASS_CHECK(ARMGICClass, (klass), TYPE_ARM_GIC)
-#define ARM_GIC_GET_CLASS(obj) \
- OBJECT_GET_CLASS(ARMGICClass, (obj), TYPE_ARM_GIC)
-
-typedef struct ARMGICClass {
- ARMGICCommonClass parent_class;
- int (*parent_init)(SysBusDevice *dev);
-} ARMGICClass;
-
-#endif /* !QEMU_ARM_GIC_INTERNAL_H */
diff --git a/hw/arm_l2x0.c b/hw/arm_l2x0.c
deleted file mode 100644
index 6abf0ee16..000000000
--- a/hw/arm_l2x0.c
+++ /dev/null
@@ -1,194 +0,0 @@
-/*
- * ARM dummy L210, L220, PL310 cache controller.
- *
- * Copyright (c) 2010-2012 Calxeda
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms and conditions of the GNU General Public License,
- * version 2 or any later version, as published by the Free Software
- * Foundation.
- *
- * This program is distributed in the hope it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
- * more details.
- *
- * You should have received a copy of the GNU General Public License along with
- * this program. If not, see <http://www.gnu.org/licenses/>.
- *
- */
-
-#include "sysbus.h"
-
-/* L2C-310 r3p2 */
-#define CACHE_ID 0x410000c8
-
-typedef struct l2x0_state {
- SysBusDevice busdev;
- MemoryRegion iomem;
- uint32_t cache_type;
- uint32_t ctrl;
- uint32_t aux_ctrl;
- uint32_t data_ctrl;
- uint32_t tag_ctrl;
- uint32_t filter_start;
- uint32_t filter_end;
-} l2x0_state;
-
-static const VMStateDescription vmstate_l2x0 = {
- .name = "l2x0",
- .version_id = 1,
- .minimum_version_id = 1,
- .fields = (VMStateField[]) {
- VMSTATE_UINT32(ctrl, l2x0_state),
- VMSTATE_UINT32(aux_ctrl, l2x0_state),
- VMSTATE_UINT32(data_ctrl, l2x0_state),
- VMSTATE_UINT32(tag_ctrl, l2x0_state),
- VMSTATE_UINT32(filter_start, l2x0_state),
- VMSTATE_UINT32(filter_end, l2x0_state),
- VMSTATE_END_OF_LIST()
- }
-};
-
-
-static uint64_t l2x0_priv_read(void *opaque, hwaddr offset,
- unsigned size)
-{
- uint32_t cache_data;
- l2x0_state *s = (l2x0_state *)opaque;
- offset &= 0xfff;
- if (offset >= 0x730 && offset < 0x800) {
- return 0; /* cache ops complete */
- }
- switch (offset) {
- case 0:
- return CACHE_ID;
- case 0x4:
- /* aux_ctrl values affect cache_type values */
- cache_data = (s->aux_ctrl & (7 << 17)) >> 15;
- cache_data |= (s->aux_ctrl & (1 << 16)) >> 16;
- return s->cache_type |= (cache_data << 18) | (cache_data << 6);
- case 0x100:
- return s->ctrl;
- case 0x104:
- return s->aux_ctrl;
- case 0x108:
- return s->tag_ctrl;
- case 0x10C:
- return s->data_ctrl;
- case 0xC00:
- return s->filter_start;
- case 0xC04:
- return s->filter_end;
- case 0xF40:
- return 0;
- case 0xF60:
- return 0;
- case 0xF80:
- return 0;
- default:
- qemu_log_mask(LOG_GUEST_ERROR,
- "l2x0_priv_read: Bad offset %x\n", (int)offset);
- break;
- }
- return 0;
-}
-
-static void l2x0_priv_write(void *opaque, hwaddr offset,
- uint64_t value, unsigned size)
-{
- l2x0_state *s = (l2x0_state *)opaque;
- offset &= 0xfff;
- if (offset >= 0x730 && offset < 0x800) {
- /* ignore */
- return;
- }
- switch (offset) {
- case 0x100:
- s->ctrl = value & 1;
- break;
- case 0x104:
- s->aux_ctrl = value;
- break;
- case 0x108:
- s->tag_ctrl = value;
- break;
- case 0x10C:
- s->data_ctrl = value;
- break;
- case 0xC00:
- s->filter_start = value;
- break;
- case 0xC04:
- s->filter_end = value;
- break;
- case 0xF40:
- return;
- case 0xF60:
- return;
- case 0xF80:
- return;
- default:
- qemu_log_mask(LOG_GUEST_ERROR,
- "l2x0_priv_write: Bad offset %x\n", (int)offset);
- break;
- }
-}
-
-static void l2x0_priv_reset(DeviceState *dev)
-{
- l2x0_state *s = DO_UPCAST(l2x0_state, busdev.qdev, dev);
-
- s->ctrl = 0;
- s->aux_ctrl = 0x02020000;
- s->tag_ctrl = 0;
- s->data_ctrl = 0;
- s->filter_start = 0;
- s->filter_end = 0;
-}
-
-static const MemoryRegionOps l2x0_mem_ops = {
- .read = l2x0_priv_read,
- .write = l2x0_priv_write,
- .endianness = DEVICE_NATIVE_ENDIAN,
- };
-
-static int l2x0_priv_init(SysBusDevice *dev)
-{
- l2x0_state *s = FROM_SYSBUS(l2x0_state, dev);
-
- memory_region_init_io(&s->iomem, &l2x0_mem_ops, s, "l2x0_cc", 0x1000);
- sysbus_init_mmio(dev, &s->iomem);
- return 0;
-}
-
-static Property l2x0_properties[] = {
- DEFINE_PROP_UINT32("cache-type", l2x0_state, cache_type, 0x1c100100),
- DEFINE_PROP_END_OF_LIST(),
-};
-
-static void l2x0_class_init(ObjectClass *klass, void *data)
-{
- SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
- DeviceClass *dc = DEVICE_CLASS(klass);
-
- k->init = l2x0_priv_init;
- dc->vmsd = &vmstate_l2x0;
- dc->no_user = 1;
- dc->props = l2x0_properties;
- dc->reset = l2x0_priv_reset;
-}
-
-static TypeInfo l2x0_info = {
- .name = "l2x0",
- .parent = TYPE_SYS_BUS_DEVICE,
- .instance_size = sizeof(l2x0_state),
- .class_init = l2x0_class_init,
-};
-
-static void l2x0_register_types(void)
-{
- type_register_static(&l2x0_info);
-}
-
-type_init(l2x0_register_types)
diff --git a/hw/arm_mptimer.c b/hw/arm_mptimer.c
deleted file mode 100644
index 679083223..000000000
--- a/hw/arm_mptimer.c
+++ /dev/null
@@ -1,344 +0,0 @@
-/*
- * Private peripheral timer/watchdog blocks for ARM 11MPCore and A9MP
- *
- * Copyright (c) 2006-2007 CodeSourcery.
- * Copyright (c) 2011 Linaro Limited
- * Written by Paul Brook, Peter Maydell
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License
- * as published by the Free Software Foundation; either version
- * 2 of the License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, see <http://www.gnu.org/licenses/>.
- */
-
-#include "sysbus.h"
-#include "qemu-timer.h"
-
-/* This device implements the per-cpu private timer and watchdog block
- * which is used in both the ARM11MPCore and Cortex-A9MP.
- */
-
-#define MAX_CPUS 4
-
-/* State of a single timer or watchdog block */
-typedef struct {
- uint32_t count;
- uint32_t load;
- uint32_t control;
- uint32_t status;
- int64_t tick;
- QEMUTimer *timer;
- qemu_irq irq;
- MemoryRegion iomem;
-} timerblock;
-
-typedef struct {
- SysBusDevice busdev;
- uint32_t num_cpu;
- timerblock timerblock[MAX_CPUS * 2];
- MemoryRegion iomem[2];
-} arm_mptimer_state;
-
-static inline int get_current_cpu(arm_mptimer_state *s)
-{
- if (cpu_single_env->cpu_index >= s->num_cpu) {
- hw_error("arm_mptimer: num-cpu %d but this cpu is %d!\n",
- s->num_cpu, cpu_single_env->cpu_index);
- }
- return cpu_single_env->cpu_index;
-}
-
-static inline void timerblock_update_irq(timerblock *tb)
-{
- qemu_set_irq(tb->irq, tb->status);
-}
-
-/* Return conversion factor from mpcore timer ticks to qemu timer ticks. */
-static inline uint32_t timerblock_scale(timerblock *tb)
-{
- return (((tb->control >> 8) & 0xff) + 1) * 10;
-}
-
-static void timerblock_reload(timerblock *tb, int restart)
-{
- if (tb->count == 0) {
- return;
- }
- if (restart) {
- tb->tick = qemu_get_clock_ns(vm_clock);
- }
- tb->tick += (int64_t)tb->count * timerblock_scale(tb);
- qemu_mod_timer(tb->timer, tb->tick);
-}
-
-static void timerblock_tick(void *opaque)
-{
- timerblock *tb = (timerblock *)opaque;
- tb->status = 1;
- if (tb->control & 2) {
- tb->count = tb->load;
- timerblock_reload(tb, 0);
- } else {
- tb->count = 0;
- }
- timerblock_update_irq(tb);
-}
-
-static uint64_t timerblock_read(void *opaque, hwaddr addr,
- unsigned size)
-{
- timerblock *tb = (timerblock *)opaque;
- int64_t val;
- switch (addr) {
- case 0: /* Load */
- return tb->load;
- case 4: /* Counter. */
- if (((tb->control & 1) == 0) || (tb->count == 0)) {
- return 0;
- }
- /* Slow and ugly, but hopefully won't happen too often. */
- val = tb->tick - qemu_get_clock_ns(vm_clock);
- val /= timerblock_scale(tb);
- if (val < 0) {
- val = 0;
- }
- return val;
- case 8: /* Control. */
- return tb->control;
- case 12: /* Interrupt status. */
- return tb->status;
- default:
- return 0;
- }
-}
-
-static void timerblock_write(void *opaque, hwaddr addr,
- uint64_t value, unsigned size)
-{
- timerblock *tb = (timerblock *)opaque;
- int64_t old;
- switch (addr) {
- case 0: /* Load */
- tb->load = value;
- /* Fall through. */
- case 4: /* Counter. */
- if ((tb->control & 1) && tb->count) {
- /* Cancel the previous timer. */
- qemu_del_timer(tb->timer);
- }
- tb->count = value;
- if (tb->control & 1) {
- timerblock_reload(tb, 1);
- }
- break;
- case 8: /* Control. */
- old = tb->control;
- tb->control = value;
- if (((old & 1) == 0) && (value & 1)) {
- if (tb->count == 0 && (tb->control & 2)) {
- tb->count = tb->load;
- }
- timerblock_reload(tb, 1);
- }
- break;
- case 12: /* Interrupt status. */
- tb->status &= ~value;
- timerblock_update_irq(tb);
- break;
- }
-}
-
-/* Wrapper functions to implement the "read timer/watchdog for
- * the current CPU" memory regions.
- */
-static uint64_t arm_thistimer_read(void *opaque, hwaddr addr,
- unsigned size)
-{
- arm_mptimer_state *s = (arm_mptimer_state *)opaque;
- int id = get_current_cpu(s);
- return timerblock_read(&s->timerblock[id * 2], addr, size);
-}
-
-static void arm_thistimer_write(void *opaque, hwaddr addr,
- uint64_t value, unsigned size)
-{
- arm_mptimer_state *s = (arm_mptimer_state *)opaque;
- int id = get_current_cpu(s);
- timerblock_write(&s->timerblock[id * 2], addr, value, size);
-}
-
-static uint64_t arm_thiswdog_read(void *opaque, hwaddr addr,
- unsigned size)
-{
- arm_mptimer_state *s = (arm_mptimer_state *)opaque;
- int id = get_current_cpu(s);
- return timerblock_read(&s->timerblock[id * 2 + 1], addr, size);
-}
-
-static void arm_thiswdog_write(void *opaque, hwaddr addr,
- uint64_t value, unsigned size)
-{
- arm_mptimer_state *s = (arm_mptimer_state *)opaque;
- int id = get_current_cpu(s);
- timerblock_write(&s->timerblock[id * 2 + 1], addr, value, size);
-}
-
-static const MemoryRegionOps arm_thistimer_ops = {
- .read = arm_thistimer_read,
- .write = arm_thistimer_write,
- .valid = {
- .min_access_size = 4,
- .max_access_size = 4,
- },
- .endianness = DEVICE_NATIVE_ENDIAN,
-};
-
-static const MemoryRegionOps arm_thiswdog_ops = {
- .read = arm_thiswdog_read,
- .write = arm_thiswdog_write,
- .valid = {
- .min_access_size = 4,
- .max_access_size = 4,
- },
- .endianness = DEVICE_NATIVE_ENDIAN,
-};
-
-static const MemoryRegionOps timerblock_ops = {
- .read = timerblock_read,
- .write = timerblock_write,
- .valid = {
- .min_access_size = 4,
- .max_access_size = 4,
- },
- .endianness = DEVICE_NATIVE_ENDIAN,
-};
-
-static void timerblock_reset(timerblock *tb)
-{
- tb->count = 0;
- tb->load = 0;
- tb->control = 0;
- tb->status = 0;
- tb->tick = 0;
- if (tb->timer) {
- qemu_del_timer(tb->timer);
- }
-}
-
-static void arm_mptimer_reset(DeviceState *dev)
-{
- arm_mptimer_state *s =
- FROM_SYSBUS(arm_mptimer_state, sysbus_from_qdev(dev));
- int i;
- /* We reset every timer in the array, not just the ones we're using,
- * because vmsave will look at every array element.
- */
- for (i = 0; i < ARRAY_SIZE(s->timerblock); i++) {
- timerblock_reset(&s->timerblock[i]);
- }
-}
-
-static int arm_mptimer_init(SysBusDevice *dev)
-{
- arm_mptimer_state *s = FROM_SYSBUS(arm_mptimer_state, dev);
- int i;
- if (s->num_cpu < 1 || s->num_cpu > MAX_CPUS) {
- hw_error("%s: num-cpu must be between 1 and %d\n", __func__, MAX_CPUS);
- }
- /* We implement one timer and one watchdog block per CPU, and
- * expose multiple MMIO regions:
- * * region 0 is "timer for this core"
- * * region 1 is "watchdog for this core"
- * * region 2 is "timer for core 0"
- * * region 3 is "watchdog for core 0"
- * * region 4 is "timer for core 1"
- * * region 5 is "watchdog for core 1"
- * and so on.
- * The outgoing interrupt lines are
- * * timer for core 0
- * * watchdog for core 0
- * * timer for core 1
- * * watchdog for core 1
- * and so on.
- */
- memory_region_init_io(&s->iomem[0], &arm_thistimer_ops, s,
- "arm_mptimer_timer", 0x20);
- sysbus_init_mmio(dev, &s->iomem[0]);
- memory_region_init_io(&s->iomem[1], &arm_thiswdog_ops, s,
- "arm_mptimer_wdog", 0x20);
- sysbus_init_mmio(dev, &s->iomem[1]);
- for (i = 0; i < (s->num_cpu * 2); i++) {
- timerblock *tb = &s->timerblock[i];
- tb->timer = qemu_new_timer_ns(vm_clock, timerblock_tick, tb);
- sysbus_init_irq(dev, &tb->irq);
- memory_region_init_io(&tb->iomem, &timerblock_ops, tb,
- "arm_mptimer_timerblock", 0x20);
- sysbus_init_mmio(dev, &tb->iomem);
- }
-
- return 0;
-}
-
-static const VMStateDescription vmstate_timerblock = {
- .name = "arm_mptimer_timerblock",
- .version_id = 1,
- .minimum_version_id = 1,
- .fields = (VMStateField[]) {
- VMSTATE_UINT32(count, timerblock),
- VMSTATE_UINT32(load, timerblock),
- VMSTATE_UINT32(control, timerblock),
- VMSTATE_UINT32(status, timerblock),
- VMSTATE_INT64(tick, timerblock),
- VMSTATE_END_OF_LIST()
- }
-};
-
-static const VMStateDescription vmstate_arm_mptimer = {
- .name = "arm_mptimer",
- .version_id = 1,
- .minimum_version_id = 1,
- .fields = (VMStateField[]) {
- VMSTATE_STRUCT_ARRAY(timerblock, arm_mptimer_state, (MAX_CPUS * 2),
- 1, vmstate_timerblock, timerblock),
- VMSTATE_END_OF_LIST()
- }
-};
-
-static Property arm_mptimer_properties[] = {
- DEFINE_PROP_UINT32("num-cpu", arm_mptimer_state, num_cpu, 0),
- DEFINE_PROP_END_OF_LIST()
-};
-
-static void arm_mptimer_class_init(ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS(klass);
- SysBusDeviceClass *sbc = SYS_BUS_DEVICE_CLASS(klass);
-
- sbc->init = arm_mptimer_init;
- dc->vmsd = &vmstate_arm_mptimer;
- dc->reset = arm_mptimer_reset;
- dc->no_user = 1;
- dc->props = arm_mptimer_properties;
-}
-
-static TypeInfo arm_mptimer_info = {
- .name = "arm_mptimer",
- .parent = TYPE_SYS_BUS_DEVICE,
- .instance_size = sizeof(arm_mptimer_state),
- .class_init = arm_mptimer_class_init,
-};
-
-static void arm_mptimer_register_types(void)
-{
- type_register_static(&arm_mptimer_info);
-}
-
-type_init(arm_mptimer_register_types)
diff --git a/hw/arm_pic.c b/hw/arm_pic.c
deleted file mode 100644
index ffb4d4171..000000000
--- a/hw/arm_pic.c
+++ /dev/null
@@ -1,40 +0,0 @@
-/*
- * Generic ARM Programmable Interrupt Controller support.
- *
- * Copyright (c) 2006 CodeSourcery.
- * Written by Paul Brook
- *
- * This code is licensed under the LGPL
- */
-
-#include "hw.h"
-#include "arm-misc.h"
-
-/* Input 0 is IRQ and input 1 is FIQ. */
-static void arm_pic_cpu_handler(void *opaque, int irq, int level)
-{
- ARMCPU *cpu = opaque;
- CPUARMState *env = &cpu->env;
-
- switch (irq) {
- case ARM_PIC_CPU_IRQ:
- if (level)
- cpu_interrupt(env, CPU_INTERRUPT_HARD);
- else
- cpu_reset_interrupt(env, CPU_INTERRUPT_HARD);
- break;
- case ARM_PIC_CPU_FIQ:
- if (level)
- cpu_interrupt(env, CPU_INTERRUPT_FIQ);
- else
- cpu_reset_interrupt(env, CPU_INTERRUPT_FIQ);
- break;
- default:
- hw_error("arm_pic_cpu_handler: Bad interrupt line %d\n", irq);
- }
-}
-
-qemu_irq *arm_pic_init_cpu(ARMCPU *cpu)
-{
- return qemu_allocate_irqs(arm_pic_cpu_handler, cpu, 2);
-}
diff --git a/hw/arm_sysctl.c b/hw/arm_sysctl.c
deleted file mode 100644
index 58eb98216..000000000
--- a/hw/arm_sysctl.c
+++ /dev/null
@@ -1,425 +0,0 @@
-/*
- * Status and system control registers for ARM RealView/Versatile boards.
- *
- * Copyright (c) 2006-2007 CodeSourcery.
- * Written by Paul Brook
- *
- * This code is licensed under the GPL.
- */
-
-#include "hw.h"
-#include "qemu-timer.h"
-#include "sysbus.h"
-#include "primecell.h"
-#include "sysemu.h"
-
-#define LOCK_VALUE 0xa05f
-
-typedef struct {
- SysBusDevice busdev;
- MemoryRegion iomem;
- qemu_irq pl110_mux_ctrl;
-
- uint32_t sys_id;
- uint32_t leds;
- uint16_t lockval;
- uint32_t cfgdata1;
- uint32_t cfgdata2;
- uint32_t flags;
- uint32_t nvflags;
- uint32_t resetlevel;
- uint32_t proc_id;
- uint32_t sys_mci;
- uint32_t sys_cfgdata;
- uint32_t sys_cfgctrl;
- uint32_t sys_cfgstat;
- uint32_t sys_clcd;
-} arm_sysctl_state;
-
-static const VMStateDescription vmstate_arm_sysctl = {
- .name = "realview_sysctl",
- .version_id = 3,
- .minimum_version_id = 1,
- .fields = (VMStateField[]) {
- VMSTATE_UINT32(leds, arm_sysctl_state),
- VMSTATE_UINT16(lockval, arm_sysctl_state),
- VMSTATE_UINT32(cfgdata1, arm_sysctl_state),
- VMSTATE_UINT32(cfgdata2, arm_sysctl_state),
- VMSTATE_UINT32(flags, arm_sysctl_state),
- VMSTATE_UINT32(nvflags, arm_sysctl_state),
- VMSTATE_UINT32(resetlevel, arm_sysctl_state),
- VMSTATE_UINT32_V(sys_mci, arm_sysctl_state, 2),
- VMSTATE_UINT32_V(sys_cfgdata, arm_sysctl_state, 2),
- VMSTATE_UINT32_V(sys_cfgctrl, arm_sysctl_state, 2),
- VMSTATE_UINT32_V(sys_cfgstat, arm_sysctl_state, 2),
- VMSTATE_UINT32_V(sys_clcd, arm_sysctl_state, 3),
- VMSTATE_END_OF_LIST()
- }
-};
-
-/* The PB926 actually uses a different format for
- * its SYS_ID register. Fortunately the bits which are
- * board type on later boards are distinct.
- */
-#define BOARD_ID_PB926 0x100
-#define BOARD_ID_EB 0x140
-#define BOARD_ID_PBA8 0x178
-#define BOARD_ID_PBX 0x182
-#define BOARD_ID_VEXPRESS 0x190
-
-static int board_id(arm_sysctl_state *s)
-{
- /* Extract the board ID field from the SYS_ID register value */
- return (s->sys_id >> 16) & 0xfff;
-}
-
-static void arm_sysctl_reset(DeviceState *d)
-{
- arm_sysctl_state *s = FROM_SYSBUS(arm_sysctl_state, sysbus_from_qdev(d));
-
- s->leds = 0;
- s->lockval = 0;
- s->cfgdata1 = 0;
- s->cfgdata2 = 0;
- s->flags = 0;
- s->resetlevel = 0;
- if (board_id(s) == BOARD_ID_VEXPRESS) {
- /* On VExpress this register will RAZ/WI */
- s->sys_clcd = 0;
- } else {
- /* All others: CLCDID 0x1f, indicating VGA */
- s->sys_clcd = 0x1f00;
- }
-}
-
-static uint64_t arm_sysctl_read(void *opaque, hwaddr offset,
- unsigned size)
-{
- arm_sysctl_state *s = (arm_sysctl_state *)opaque;
-
- switch (offset) {
- case 0x00: /* ID */
- return s->sys_id;
- case 0x04: /* SW */
- /* General purpose hardware switches.
- We don't have a useful way of exposing these to the user. */
- return 0;
- case 0x08: /* LED */
- return s->leds;
- case 0x20: /* LOCK */
- return s->lockval;
- case 0x0c: /* OSC0 */
- case 0x10: /* OSC1 */
- case 0x14: /* OSC2 */
- case 0x18: /* OSC3 */
- case 0x1c: /* OSC4 */
- case 0x24: /* 100HZ */
- /* ??? Implement these. */
- return 0;
- case 0x28: /* CFGDATA1 */
- return s->cfgdata1;
- case 0x2c: /* CFGDATA2 */
- return s->cfgdata2;
- case 0x30: /* FLAGS */
- return s->flags;
- case 0x38: /* NVFLAGS */
- return s->nvflags;
- case 0x40: /* RESETCTL */
- if (board_id(s) == BOARD_ID_VEXPRESS) {
- /* reserved: RAZ/WI */
- return 0;
- }
- return s->resetlevel;
- case 0x44: /* PCICTL */
- return 1;
- case 0x48: /* MCI */
- return s->sys_mci;
- case 0x4c: /* FLASH */
- return 0;
- case 0x50: /* CLCD */
- return s->sys_clcd;
- case 0x54: /* CLCDSER */
- return 0;
- case 0x58: /* BOOTCS */
- return 0;
- case 0x5c: /* 24MHz */
- return muldiv64(qemu_get_clock_ns(vm_clock), 24000000, get_ticks_per_sec());
- case 0x60: /* MISC */
- return 0;
- case 0x84: /* PROCID0 */
- return s->proc_id;
- case 0x88: /* PROCID1 */
- return 0xff000000;
- case 0x64: /* DMAPSR0 */
- case 0x68: /* DMAPSR1 */
- case 0x6c: /* DMAPSR2 */
- case 0x70: /* IOSEL */
- case 0x74: /* PLDCTL */
- case 0x80: /* BUSID */
- case 0x8c: /* OSCRESET0 */
- case 0x90: /* OSCRESET1 */
- case 0x94: /* OSCRESET2 */
- case 0x98: /* OSCRESET3 */
- case 0x9c: /* OSCRESET4 */
- case 0xc0: /* SYS_TEST_OSC0 */
- case 0xc4: /* SYS_TEST_OSC1 */
- case 0xc8: /* SYS_TEST_OSC2 */
- case 0xcc: /* SYS_TEST_OSC3 */
- case 0xd0: /* SYS_TEST_OSC4 */
- return 0;
- case 0xa0: /* SYS_CFGDATA */
- if (board_id(s) != BOARD_ID_VEXPRESS) {
- goto bad_reg;
- }
- return s->sys_cfgdata;
- case 0xa4: /* SYS_CFGCTRL */
- if (board_id(s) != BOARD_ID_VEXPRESS) {
- goto bad_reg;
- }
- return s->sys_cfgctrl;
- case 0xa8: /* SYS_CFGSTAT */
- if (board_id(s) != BOARD_ID_VEXPRESS) {
- goto bad_reg;
- }
- return s->sys_cfgstat;
- default:
- bad_reg:
- qemu_log_mask(LOG_GUEST_ERROR,
- "arm_sysctl_read: Bad register offset 0x%x\n",
- (int)offset);
- return 0;
- }
-}
-
-static void arm_sysctl_write(void *opaque, hwaddr offset,
- uint64_t val, unsigned size)
-{
- arm_sysctl_state *s = (arm_sysctl_state *)opaque;
-
- switch (offset) {
- case 0x08: /* LED */
- s->leds = val;
- case 0x0c: /* OSC0 */
- case 0x10: /* OSC1 */
- case 0x14: /* OSC2 */
- case 0x18: /* OSC3 */
- case 0x1c: /* OSC4 */
- /* ??? */
- break;
- case 0x20: /* LOCK */
- if (val == LOCK_VALUE)
- s->lockval = val;
- else
- s->lockval = val & 0x7fff;
- break;
- case 0x28: /* CFGDATA1 */
- /* ??? Need to implement this. */
- s->cfgdata1 = val;
- break;
- case 0x2c: /* CFGDATA2 */
- /* ??? Need to implement this. */
- s->cfgdata2 = val;
- break;
- case 0x30: /* FLAGSSET */
- s->flags |= val;
- break;
- case 0x34: /* FLAGSCLR */
- s->flags &= ~val;
- break;
- case 0x38: /* NVFLAGSSET */
- s->nvflags |= val;
- break;
- case 0x3c: /* NVFLAGSCLR */
- s->nvflags &= ~val;
- break;
- case 0x40: /* RESETCTL */
- switch (board_id(s)) {
- case BOARD_ID_PB926:
- if (s->lockval == LOCK_VALUE) {
- s->resetlevel = val;
- if (val & 0x100) {
- qemu_system_reset_request();
- }
- }
- break;
- case BOARD_ID_PBX:
- case BOARD_ID_PBA8:
- if (s->lockval == LOCK_VALUE) {
- s->resetlevel = val;
- if (val & 0x04) {
- qemu_system_reset_request();
- }
- }
- break;
- case BOARD_ID_VEXPRESS:
- case BOARD_ID_EB:
- default:
- /* reserved: RAZ/WI */
- break;
- }
- break;
- case 0x44: /* PCICTL */
- /* nothing to do. */
- break;
- case 0x4c: /* FLASH */
- break;
- case 0x50: /* CLCD */
- switch (board_id(s)) {
- case BOARD_ID_PB926:
- /* On 926 bits 13:8 are R/O, bits 1:0 control
- * the mux that defines how to interpret the PL110
- * graphics format, and other bits are r/w but we
- * don't implement them to do anything.
- */
- s->sys_clcd &= 0x3f00;
- s->sys_clcd |= val & ~0x3f00;
- qemu_set_irq(s->pl110_mux_ctrl, val & 3);
- break;
- case BOARD_ID_EB:
- /* The EB is the same except that there is no mux since
- * the EB has a PL111.
- */
- s->sys_clcd &= 0x3f00;
- s->sys_clcd |= val & ~0x3f00;
- break;
- case BOARD_ID_PBA8:
- case BOARD_ID_PBX:
- /* On PBA8 and PBX bit 7 is r/w and all other bits
- * are either r/o or RAZ/WI.
- */
- s->sys_clcd &= (1 << 7);
- s->sys_clcd |= val & ~(1 << 7);
- break;
- case BOARD_ID_VEXPRESS:
- default:
- /* On VExpress this register is unimplemented and will RAZ/WI */
- break;
- }
- case 0x54: /* CLCDSER */
- case 0x64: /* DMAPSR0 */
- case 0x68: /* DMAPSR1 */
- case 0x6c: /* DMAPSR2 */
- case 0x70: /* IOSEL */
- case 0x74: /* PLDCTL */
- case 0x80: /* BUSID */
- case 0x84: /* PROCID0 */
- case 0x88: /* PROCID1 */
- case 0x8c: /* OSCRESET0 */
- case 0x90: /* OSCRESET1 */
- case 0x94: /* OSCRESET2 */
- case 0x98: /* OSCRESET3 */
- case 0x9c: /* OSCRESET4 */
- break;
- case 0xa0: /* SYS_CFGDATA */
- if (board_id(s) != BOARD_ID_VEXPRESS) {
- goto bad_reg;
- }
- s->sys_cfgdata = val;
- return;
- case 0xa4: /* SYS_CFGCTRL */
- if (board_id(s) != BOARD_ID_VEXPRESS) {
- goto bad_reg;
- }
- s->sys_cfgctrl = val & ~(3 << 18);
- s->sys_cfgstat = 1; /* complete */
- switch (s->sys_cfgctrl) {
- case 0xc0800000: /* SYS_CFG_SHUTDOWN to motherboard */
- qemu_system_shutdown_request();
- break;
- case 0xc0900000: /* SYS_CFG_REBOOT to motherboard */
- qemu_system_reset_request();
- break;
- default:
- s->sys_cfgstat |= 2; /* error */
- }
- return;
- case 0xa8: /* SYS_CFGSTAT */
- if (board_id(s) != BOARD_ID_VEXPRESS) {
- goto bad_reg;
- }
- s->sys_cfgstat = val & 3;
- return;
- default:
- bad_reg:
- qemu_log_mask(LOG_GUEST_ERROR,
- "arm_sysctl_write: Bad register offset 0x%x\n",
- (int)offset);
- return;
- }
-}
-
-static const MemoryRegionOps arm_sysctl_ops = {
- .read = arm_sysctl_read,
- .write = arm_sysctl_write,
- .endianness = DEVICE_NATIVE_ENDIAN,
-};
-
-static void arm_sysctl_gpio_set(void *opaque, int line, int level)
-{
- arm_sysctl_state *s = (arm_sysctl_state *)opaque;
- switch (line) {
- case ARM_SYSCTL_GPIO_MMC_WPROT:
- {
- /* For PB926 and EB write-protect is bit 2 of SYS_MCI;
- * for all later boards it is bit 1.
- */
- int bit = 2;
- if ((board_id(s) == BOARD_ID_PB926) || (board_id(s) == BOARD_ID_EB)) {
- bit = 4;
- }
- s->sys_mci &= ~bit;
- if (level) {
- s->sys_mci |= bit;
- }
- break;
- }
- case ARM_SYSCTL_GPIO_MMC_CARDIN:
- s->sys_mci &= ~1;
- if (level) {
- s->sys_mci |= 1;
- }
- break;
- }
-}
-
-static int arm_sysctl_init(SysBusDevice *dev)
-{
- arm_sysctl_state *s = FROM_SYSBUS(arm_sysctl_state, dev);
-
- memory_region_init_io(&s->iomem, &arm_sysctl_ops, s, "arm-sysctl", 0x1000);
- sysbus_init_mmio(dev, &s->iomem);
- qdev_init_gpio_in(&s->busdev.qdev, arm_sysctl_gpio_set, 2);
- qdev_init_gpio_out(&s->busdev.qdev, &s->pl110_mux_ctrl, 1);
- return 0;
-}
-
-static Property arm_sysctl_properties[] = {
- DEFINE_PROP_UINT32("sys_id", arm_sysctl_state, sys_id, 0),
- DEFINE_PROP_UINT32("proc_id", arm_sysctl_state, proc_id, 0),
- DEFINE_PROP_END_OF_LIST(),
-};
-
-static void arm_sysctl_class_init(ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS(klass);
- SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
-
- k->init = arm_sysctl_init;
- dc->reset = arm_sysctl_reset;
- dc->vmsd = &vmstate_arm_sysctl;
- dc->props = arm_sysctl_properties;
-}
-
-static TypeInfo arm_sysctl_info = {
- .name = "realview_sysctl",
- .parent = TYPE_SYS_BUS_DEVICE,
- .instance_size = sizeof(arm_sysctl_state),
- .class_init = arm_sysctl_class_init,
-};
-
-static void arm_sysctl_register_types(void)
-{
- type_register_static(&arm_sysctl_info);
-}
-
-type_init(arm_sysctl_register_types)
diff --git a/hw/arm_timer.c b/hw/arm_timer.c
deleted file mode 100644
index af339d3d1..000000000
--- a/hw/arm_timer.c
+++ /dev/null
@@ -1,399 +0,0 @@
-/*
- * ARM PrimeCell Timer modules.
- *
- * Copyright (c) 2005-2006 CodeSourcery.
- * Written by Paul Brook
- *
- * This code is licensed under the GPL.
- */
-
-#include "sysbus.h"
-#include "qemu-timer.h"
-#include "qemu-common.h"
-#include "qdev.h"
-#include "ptimer.h"
-
-/* Common timer implementation. */
-
-#define TIMER_CTRL_ONESHOT (1 << 0)
-#define TIMER_CTRL_32BIT (1 << 1)
-#define TIMER_CTRL_DIV1 (0 << 2)
-#define TIMER_CTRL_DIV16 (1 << 2)
-#define TIMER_CTRL_DIV256 (2 << 2)
-#define TIMER_CTRL_IE (1 << 5)
-#define TIMER_CTRL_PERIODIC (1 << 6)
-#define TIMER_CTRL_ENABLE (1 << 7)
-
-typedef struct {
- ptimer_state *timer;
- uint32_t control;
- uint32_t limit;
- int freq;
- int int_level;
- qemu_irq irq;
-} arm_timer_state;
-
-/* Check all active timers, and schedule the next timer interrupt. */
-
-static void arm_timer_update(arm_timer_state *s)
-{
- /* Update interrupts. */
- if (s->int_level && (s->control & TIMER_CTRL_IE)) {
- qemu_irq_raise(s->irq);
- } else {
- qemu_irq_lower(s->irq);
- }
-}
-
-static uint32_t arm_timer_read(void *opaque, hwaddr offset)
-{
- arm_timer_state *s = (arm_timer_state *)opaque;
-
- switch (offset >> 2) {
- case 0: /* TimerLoad */
- case 6: /* TimerBGLoad */
- return s->limit;
- case 1: /* TimerValue */
- return ptimer_get_count(s->timer);
- case 2: /* TimerControl */
- return s->control;
- case 4: /* TimerRIS */
- return s->int_level;
- case 5: /* TimerMIS */
- if ((s->control & TIMER_CTRL_IE) == 0)
- return 0;
- return s->int_level;
- default:
- qemu_log_mask(LOG_GUEST_ERROR,
- "%s: Bad offset %x\n", __func__, (int)offset);
- return 0;
- }
-}
-
-/* Reset the timer limit after settings have changed. */
-static void arm_timer_recalibrate(arm_timer_state *s, int reload)
-{
- uint32_t limit;
-
- if ((s->control & (TIMER_CTRL_PERIODIC | TIMER_CTRL_ONESHOT)) == 0) {
- /* Free running. */
- if (s->control & TIMER_CTRL_32BIT)
- limit = 0xffffffff;
- else
- limit = 0xffff;
- } else {
- /* Periodic. */
- limit = s->limit;
- }
- ptimer_set_limit(s->timer, limit, reload);
-}
-
-static void arm_timer_write(void *opaque, hwaddr offset,
- uint32_t value)
-{
- arm_timer_state *s = (arm_timer_state *)opaque;
- int freq;
-
- switch (offset >> 2) {
- case 0: /* TimerLoad */
- s->limit = value;
- arm_timer_recalibrate(s, 1);
- break;
- case 1: /* TimerValue */
- /* ??? Linux seems to want to write to this readonly register.
- Ignore it. */
- break;
- case 2: /* TimerControl */
- if (s->control & TIMER_CTRL_ENABLE) {
- /* Pause the timer if it is running. This may cause some
- inaccuracy dure to rounding, but avoids a whole lot of other
- messyness. */
- ptimer_stop(s->timer);
- }
- s->control = value;
- freq = s->freq;
- /* ??? Need to recalculate expiry time after changing divisor. */
- switch ((value >> 2) & 3) {
- case 1: freq >>= 4; break;
- case 2: freq >>= 8; break;
- }
- arm_timer_recalibrate(s, s->control & TIMER_CTRL_ENABLE);
- ptimer_set_freq(s->timer, freq);
- if (s->control & TIMER_CTRL_ENABLE) {
- /* Restart the timer if still enabled. */
- ptimer_run(s->timer, (s->control & TIMER_CTRL_ONESHOT) != 0);
- }
- break;
- case 3: /* TimerIntClr */
- s->int_level = 0;
- break;
- case 6: /* TimerBGLoad */
- s->limit = value;
- arm_timer_recalibrate(s, 0);
- break;
- default:
- qemu_log_mask(LOG_GUEST_ERROR,
- "%s: Bad offset %x\n", __func__, (int)offset);
- }
- arm_timer_update(s);
-}
-
-static void arm_timer_tick(void *opaque)
-{
- arm_timer_state *s = (arm_timer_state *)opaque;
- s->int_level = 1;
- arm_timer_update(s);
-}
-
-static const VMStateDescription vmstate_arm_timer = {
- .name = "arm_timer",
- .version_id = 1,
- .minimum_version_id = 1,
- .minimum_version_id_old = 1,
- .fields = (VMStateField[]) {
- VMSTATE_UINT32(control, arm_timer_state),
- VMSTATE_UINT32(limit, arm_timer_state),
- VMSTATE_INT32(int_level, arm_timer_state),
- VMSTATE_PTIMER(timer, arm_timer_state),
- VMSTATE_END_OF_LIST()
- }
-};
-
-static arm_timer_state *arm_timer_init(uint32_t freq)
-{
- arm_timer_state *s;
- QEMUBH *bh;
-
- s = (arm_timer_state *)g_malloc0(sizeof(arm_timer_state));
- s->freq = freq;
- s->control = TIMER_CTRL_IE;
-
- bh = qemu_bh_new(arm_timer_tick, s);
- s->timer = ptimer_init(bh);
- vmstate_register(NULL, -1, &vmstate_arm_timer, s);
- return s;
-}
-
-/* ARM PrimeCell SP804 dual timer module.
- * Docs at
- * http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.ddi0271d/index.html
-*/
-
-typedef struct {
- SysBusDevice busdev;
- MemoryRegion iomem;
- arm_timer_state *timer[2];
- uint32_t freq0, freq1;
- int level[2];
- qemu_irq irq;
-} sp804_state;
-
-static const uint8_t sp804_ids[] = {
- /* Timer ID */
- 0x04, 0x18, 0x14, 0,
- /* PrimeCell ID */
- 0xd, 0xf0, 0x05, 0xb1
-};
-
-/* Merge the IRQs from the two component devices. */
-static void sp804_set_irq(void *opaque, int irq, int level)
-{
- sp804_state *s = (sp804_state *)opaque;
-
- s->level[irq] = level;
- qemu_set_irq(s->irq, s->level[0] || s->level[1]);
-}
-
-static uint64_t sp804_read(void *opaque, hwaddr offset,
- unsigned size)
-{
- sp804_state *s = (sp804_state *)opaque;
-
- if (offset < 0x20) {
- return arm_timer_read(s->timer[0], offset);
- }
- if (offset < 0x40) {
- return arm_timer_read(s->timer[1], offset - 0x20);
- }
-
- /* TimerPeriphID */
- if (offset >= 0xfe0 && offset <= 0xffc) {
- return sp804_ids[(offset - 0xfe0) >> 2];
- }
-
- switch (offset) {
- /* Integration Test control registers, which we won't support */
- case 0xf00: /* TimerITCR */
- case 0xf04: /* TimerITOP (strictly write only but..) */
- qemu_log_mask(LOG_UNIMP,
- "%s: integration test registers unimplemented\n",
- __func__);
- return 0;
- }
-
- qemu_log_mask(LOG_GUEST_ERROR,
- "%s: Bad offset %x\n", __func__, (int)offset);
- return 0;
-}
-
-static void sp804_write(void *opaque, hwaddr offset,
- uint64_t value, unsigned size)
-{
- sp804_state *s = (sp804_state *)opaque;
-
- if (offset < 0x20) {
- arm_timer_write(s->timer[0], offset, value);
- return;
- }
-
- if (offset < 0x40) {
- arm_timer_write(s->timer[1], offset - 0x20, value);
- return;
- }
-
- /* Technically we could be writing to the Test Registers, but not likely */
- qemu_log_mask(LOG_GUEST_ERROR, "%s: Bad offset %x\n",
- __func__, (int)offset);
-}
-
-static const MemoryRegionOps sp804_ops = {
- .read = sp804_read,
- .write = sp804_write,
- .endianness = DEVICE_NATIVE_ENDIAN,
-};
-
-static const VMStateDescription vmstate_sp804 = {
- .name = "sp804",
- .version_id = 1,
- .minimum_version_id = 1,
- .minimum_version_id_old = 1,
- .fields = (VMStateField[]) {
- VMSTATE_INT32_ARRAY(level, sp804_state, 2),
- VMSTATE_END_OF_LIST()
- }
-};
-
-static int sp804_init(SysBusDevice *dev)
-{
- sp804_state *s = FROM_SYSBUS(sp804_state, dev);
- qemu_irq *qi;
-
- qi = qemu_allocate_irqs(sp804_set_irq, s, 2);
- sysbus_init_irq(dev, &s->irq);
- s->timer[0] = arm_timer_init(s->freq0);
- s->timer[1] = arm_timer_init(s->freq1);
- s->timer[0]->irq = qi[0];
- s->timer[1]->irq = qi[1];
- memory_region_init_io(&s->iomem, &sp804_ops, s, "sp804", 0x1000);
- sysbus_init_mmio(dev, &s->iomem);
- vmstate_register(&dev->qdev, -1, &vmstate_sp804, s);
- return 0;
-}
-
-/* Integrator/CP timer module. */
-
-typedef struct {
- SysBusDevice busdev;
- MemoryRegion iomem;
- arm_timer_state *timer[3];
-} icp_pit_state;
-
-static uint64_t icp_pit_read(void *opaque, hwaddr offset,
- unsigned size)
-{
- icp_pit_state *s = (icp_pit_state *)opaque;
- int n;
-
- /* ??? Don't know the PrimeCell ID for this device. */
- n = offset >> 8;
- if (n > 2) {
- qemu_log_mask(LOG_GUEST_ERROR, "%s: Bad timer %d\n", __func__, n);
- }
-
- return arm_timer_read(s->timer[n], offset & 0xff);
-}
-
-static void icp_pit_write(void *opaque, hwaddr offset,
- uint64_t value, unsigned size)
-{
- icp_pit_state *s = (icp_pit_state *)opaque;
- int n;
-
- n = offset >> 8;
- if (n > 2) {
- qemu_log_mask(LOG_GUEST_ERROR, "%s: Bad timer %d\n", __func__, n);
- }
-
- arm_timer_write(s->timer[n], offset & 0xff, value);
-}
-
-static const MemoryRegionOps icp_pit_ops = {
- .read = icp_pit_read,
- .write = icp_pit_write,
- .endianness = DEVICE_NATIVE_ENDIAN,
-};
-
-static int icp_pit_init(SysBusDevice *dev)
-{
- icp_pit_state *s = FROM_SYSBUS(icp_pit_state, dev);
-
- /* Timer 0 runs at the system clock speed (40MHz). */
- s->timer[0] = arm_timer_init(40000000);
- /* The other two timers run at 1MHz. */
- s->timer[1] = arm_timer_init(1000000);
- s->timer[2] = arm_timer_init(1000000);
-
- sysbus_init_irq(dev, &s->timer[0]->irq);
- sysbus_init_irq(dev, &s->timer[1]->irq);
- sysbus_init_irq(dev, &s->timer[2]->irq);
-
- memory_region_init_io(&s->iomem, &icp_pit_ops, s, "icp_pit", 0x1000);
- sysbus_init_mmio(dev, &s->iomem);
- /* This device has no state to save/restore. The component timers will
- save themselves. */
- return 0;
-}
-
-static void icp_pit_class_init(ObjectClass *klass, void *data)
-{
- SysBusDeviceClass *sdc = SYS_BUS_DEVICE_CLASS(klass);
-
- sdc->init = icp_pit_init;
-}
-
-static TypeInfo icp_pit_info = {
- .name = "integrator_pit",
- .parent = TYPE_SYS_BUS_DEVICE,
- .instance_size = sizeof(icp_pit_state),
- .class_init = icp_pit_class_init,
-};
-
-static Property sp804_properties[] = {
- DEFINE_PROP_UINT32("freq0", sp804_state, freq0, 1000000),
- DEFINE_PROP_UINT32("freq1", sp804_state, freq1, 1000000),
- DEFINE_PROP_END_OF_LIST(),
-};
-
-static void sp804_class_init(ObjectClass *klass, void *data)
-{
- SysBusDeviceClass *sdc = SYS_BUS_DEVICE_CLASS(klass);
- DeviceClass *k = DEVICE_CLASS(klass);
-
- sdc->init = sp804_init;
- k->props = sp804_properties;
-}
-
-static TypeInfo sp804_info = {
- .name = "sp804",
- .parent = TYPE_SYS_BUS_DEVICE,
- .instance_size = sizeof(sp804_state),
- .class_init = sp804_class_init,
-};
-
-static void arm_timer_register_types(void)
-{
- type_register_static(&icp_pit_info);
- type_register_static(&sp804_info);
-}
-
-type_init(arm_timer_register_types)
diff --git a/hw/armv7m.c b/hw/armv7m.c
deleted file mode 100644
index ce2ec9b4d..000000000
--- a/hw/armv7m.c
+++ /dev/null
@@ -1,284 +0,0 @@
-/*
- * ARMV7M System emulation.
- *
- * Copyright (c) 2006-2007 CodeSourcery.
- * Written by Paul Brook
- *
- * This code is licensed under the GPL.
- */
-
-#include "sysbus.h"
-#include "arm-misc.h"
-#include "loader.h"
-#include "elf.h"
-
-/* Bitbanded IO. Each word corresponds to a single bit. */
-
-/* Get the byte address of the real memory for a bitband access. */
-static inline uint32_t bitband_addr(void * opaque, uint32_t addr)
-{
- uint32_t res;
-
- res = *(uint32_t *)opaque;
- res |= (addr & 0x1ffffff) >> 5;
- return res;
-
-}
-
-static uint32_t bitband_readb(void *opaque, hwaddr offset)
-{
- uint8_t v;
- cpu_physical_memory_read(bitband_addr(opaque, offset), &v, 1);
- return (v & (1 << ((offset >> 2) & 7))) != 0;
-}
-
-static void bitband_writeb(void *opaque, hwaddr offset,
- uint32_t value)
-{
- uint32_t addr;
- uint8_t mask;
- uint8_t v;
- addr = bitband_addr(opaque, offset);
- mask = (1 << ((offset >> 2) & 7));
- cpu_physical_memory_read(addr, &v, 1);
- if (value & 1)
- v |= mask;
- else
- v &= ~mask;
- cpu_physical_memory_write(addr, &v, 1);
-}
-
-static uint32_t bitband_readw(void *opaque, hwaddr offset)
-{
- uint32_t addr;
- uint16_t mask;
- uint16_t v;
- addr = bitband_addr(opaque, offset) & ~1;
- mask = (1 << ((offset >> 2) & 15));
- mask = tswap16(mask);
- cpu_physical_memory_read(addr, (uint8_t *)&v, 2);
- return (v & mask) != 0;
-}
-
-static void bitband_writew(void *opaque, hwaddr offset,
- uint32_t value)
-{
- uint32_t addr;
- uint16_t mask;
- uint16_t v;
- addr = bitband_addr(opaque, offset) & ~1;
- mask = (1 << ((offset >> 2) & 15));
- mask = tswap16(mask);
- cpu_physical_memory_read(addr, (uint8_t *)&v, 2);
- if (value & 1)
- v |= mask;
- else
- v &= ~mask;
- cpu_physical_memory_write(addr, (uint8_t *)&v, 2);
-}
-
-static uint32_t bitband_readl(void *opaque, hwaddr offset)
-{
- uint32_t addr;
- uint32_t mask;
- uint32_t v;
- addr = bitband_addr(opaque, offset) & ~3;
- mask = (1 << ((offset >> 2) & 31));
- mask = tswap32(mask);
- cpu_physical_memory_read(addr, (uint8_t *)&v, 4);
- return (v & mask) != 0;
-}
-
-static void bitband_writel(void *opaque, hwaddr offset,
- uint32_t value)
-{
- uint32_t addr;
- uint32_t mask;
- uint32_t v;
- addr = bitband_addr(opaque, offset) & ~3;
- mask = (1 << ((offset >> 2) & 31));
- mask = tswap32(mask);
- cpu_physical_memory_read(addr, (uint8_t *)&v, 4);
- if (value & 1)
- v |= mask;
- else
- v &= ~mask;
- cpu_physical_memory_write(addr, (uint8_t *)&v, 4);
-}
-
-static const MemoryRegionOps bitband_ops = {
- .old_mmio = {
- .read = { bitband_readb, bitband_readw, bitband_readl, },
- .write = { bitband_writeb, bitband_writew, bitband_writel, },
- },
- .endianness = DEVICE_NATIVE_ENDIAN,
-};
-
-typedef struct {
- SysBusDevice busdev;
- MemoryRegion iomem;
- uint32_t base;
-} BitBandState;
-
-static int bitband_init(SysBusDevice *dev)
-{
- BitBandState *s = FROM_SYSBUS(BitBandState, dev);
-
- memory_region_init_io(&s->iomem, &bitband_ops, &s->base, "bitband",
- 0x02000000);
- sysbus_init_mmio(dev, &s->iomem);
- return 0;
-}
-
-static void armv7m_bitband_init(void)
-{
- DeviceState *dev;
-
- dev = qdev_create(NULL, "ARM,bitband-memory");
- qdev_prop_set_uint32(dev, "base", 0x20000000);
- qdev_init_nofail(dev);
- sysbus_mmio_map(sysbus_from_qdev(dev), 0, 0x22000000);
-
- dev = qdev_create(NULL, "ARM,bitband-memory");
- qdev_prop_set_uint32(dev, "base", 0x40000000);
- qdev_init_nofail(dev);
- sysbus_mmio_map(sysbus_from_qdev(dev), 0, 0x42000000);
-}
-
-/* Board init. */
-
-static void armv7m_reset(void *opaque)
-{
- ARMCPU *cpu = opaque;
-
- cpu_reset(CPU(cpu));
-}
-
-/* Init CPU and memory for a v7-M based board.
- flash_size and sram_size are in kb.
- Returns the NVIC array. */
-
-qemu_irq *armv7m_init(MemoryRegion *address_space_mem,
- int flash_size, int sram_size,
- const char *kernel_filename, const char *cpu_model)
-{
- ARMCPU *cpu;
- CPUARMState *env;
- DeviceState *nvic;
- /* FIXME: make this local state. */
- static qemu_irq pic[64];
- qemu_irq *cpu_pic;
- int image_size;
- uint64_t entry;
- uint64_t lowaddr;
- int i;
- int big_endian;
- MemoryRegion *sram = g_new(MemoryRegion, 1);
- MemoryRegion *flash = g_new(MemoryRegion, 1);
- MemoryRegion *hack = g_new(MemoryRegion, 1);
-
- flash_size *= 1024;
- sram_size *= 1024;
-
- if (cpu_model == NULL) {
- cpu_model = "cortex-m3";
- }
- cpu = cpu_arm_init(cpu_model);
- if (cpu == NULL) {
- fprintf(stderr, "Unable to find CPU definition\n");
- exit(1);
- }
- env = &cpu->env;
-
-#if 0
- /* > 32Mb SRAM gets complicated because it overlaps the bitband area.
- We don't have proper commandline options, so allocate half of memory
- as SRAM, up to a maximum of 32Mb, and the rest as code. */
- if (ram_size > (512 + 32) * 1024 * 1024)
- ram_size = (512 + 32) * 1024 * 1024;
- sram_size = (ram_size / 2) & TARGET_PAGE_MASK;
- if (sram_size > 32 * 1024 * 1024)
- sram_size = 32 * 1024 * 1024;
- code_size = ram_size - sram_size;
-#endif
-
- /* Flash programming is done via the SCU, so pretend it is ROM. */
- memory_region_init_ram(flash, "armv7m.flash", flash_size);
- vmstate_register_ram_global(flash);
- memory_region_set_readonly(flash, true);
- memory_region_add_subregion(address_space_mem, 0, flash);
- memory_region_init_ram(sram, "armv7m.sram", sram_size);
- vmstate_register_ram_global(sram);
- memory_region_add_subregion(address_space_mem, 0x20000000, sram);
- armv7m_bitband_init();
-
- nvic = qdev_create(NULL, "armv7m_nvic");
- env->nvic = nvic;
- qdev_init_nofail(nvic);
- cpu_pic = arm_pic_init_cpu(cpu);
- sysbus_connect_irq(sysbus_from_qdev(nvic), 0, cpu_pic[ARM_PIC_CPU_IRQ]);
- for (i = 0; i < 64; i++) {
- pic[i] = qdev_get_gpio_in(nvic, i);
- }
-
-#ifdef TARGET_WORDS_BIGENDIAN
- big_endian = 1;
-#else
- big_endian = 0;
-#endif
-
- if (!kernel_filename) {
- fprintf(stderr, "Guest image must be specified (using -kernel)\n");
- exit(1);
- }
-
- image_size = load_elf(kernel_filename, NULL, NULL, &entry, &lowaddr,
- NULL, big_endian, ELF_MACHINE, 1);
- if (image_size < 0) {
- image_size = load_image_targphys(kernel_filename, 0, flash_size);
- lowaddr = 0;
- }
- if (image_size < 0) {
- fprintf(stderr, "qemu: could not load kernel '%s'\n",
- kernel_filename);
- exit(1);
- }
-
- /* Hack to map an additional page of ram at the top of the address
- space. This stops qemu complaining about executing code outside RAM
- when returning from an exception. */
- memory_region_init_ram(hack, "armv7m.hack", 0x1000);
- vmstate_register_ram_global(hack);
- memory_region_add_subregion(address_space_mem, 0xfffff000, hack);
-
- qemu_register_reset(armv7m_reset, cpu);
- return pic;
-}
-
-static Property bitband_properties[] = {
- DEFINE_PROP_UINT32("base", BitBandState, base, 0),
- DEFINE_PROP_END_OF_LIST(),
-};
-
-static void bitband_class_init(ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS(klass);
- SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
-
- k->init = bitband_init;
- dc->props = bitband_properties;
-}
-
-static TypeInfo bitband_info = {
- .name = "ARM,bitband-memory",
- .parent = TYPE_SYS_BUS_DEVICE,
- .instance_size = sizeof(BitBandState),
- .class_init = bitband_class_init,
-};
-
-static void armv7m_register_types(void)
-{
- type_register_static(&bitband_info);
-}
-
-type_init(armv7m_register_types)
diff --git a/hw/armv7m_nvic.c b/hw/armv7m_nvic.c
deleted file mode 100644
index f0a2e7b5d..000000000
--- a/hw/armv7m_nvic.c
+++ /dev/null
@@ -1,550 +0,0 @@
-/*
- * ARM Nested Vectored Interrupt Controller
- *
- * Copyright (c) 2006-2007 CodeSourcery.
- * Written by Paul Brook
- *
- * This code is licensed under the GPL.
- *
- * The ARMv7M System controller is fairly tightly tied in with the
- * NVIC. Much of that is also implemented here.
- */
-
-#include "sysbus.h"
-#include "qemu-timer.h"
-#include "arm-misc.h"
-#include "exec-memory.h"
-#include "arm_gic_internal.h"
-
-typedef struct {
- GICState gic;
- struct {
- uint32_t control;
- uint32_t reload;
- int64_t tick;
- QEMUTimer *timer;
- } systick;
- MemoryRegion sysregmem;
- MemoryRegion gic_iomem_alias;
- MemoryRegion container;
- uint32_t num_irq;
-} nvic_state;
-
-#define TYPE_NVIC "armv7m_nvic"
-/**
- * NVICClass:
- * @parent_reset: the parent class' reset handler.
- *
- * A model of the v7M NVIC and System Controller
- */
-typedef struct NVICClass {
- /*< private >*/
- ARMGICClass parent_class;
- /*< public >*/
- int (*parent_init)(SysBusDevice *dev);
- void (*parent_reset)(DeviceState *dev);
-} NVICClass;
-
-#define NVIC_CLASS(klass) \
- OBJECT_CLASS_CHECK(NVICClass, (klass), TYPE_NVIC)
-#define NVIC_GET_CLASS(obj) \
- OBJECT_GET_CLASS(NVICClass, (obj), TYPE_NVIC)
-#define NVIC(obj) \
- OBJECT_CHECK(nvic_state, (obj), TYPE_NVIC)
-
-static const uint8_t nvic_id[] = {
- 0x00, 0xb0, 0x1b, 0x00, 0x0d, 0xe0, 0x05, 0xb1
-};
-
-/* qemu timers run at 1GHz. We want something closer to 1MHz. */
-#define SYSTICK_SCALE 1000ULL
-
-#define SYSTICK_ENABLE (1 << 0)
-#define SYSTICK_TICKINT (1 << 1)
-#define SYSTICK_CLKSOURCE (1 << 2)
-#define SYSTICK_COUNTFLAG (1 << 16)
-
-int system_clock_scale;
-
-/* Conversion factor from qemu timer to SysTick frequencies. */
-static inline int64_t systick_scale(nvic_state *s)
-{
- if (s->systick.control & SYSTICK_CLKSOURCE)
- return system_clock_scale;
- else
- return 1000;
-}
-
-static void systick_reload(nvic_state *s, int reset)
-{
- if (reset)
- s->systick.tick = qemu_get_clock_ns(vm_clock);
- s->systick.tick += (s->systick.reload + 1) * systick_scale(s);
- qemu_mod_timer(s->systick.timer, s->systick.tick);
-}
-
-static void systick_timer_tick(void * opaque)
-{
- nvic_state *s = (nvic_state *)opaque;
- s->systick.control |= SYSTICK_COUNTFLAG;
- if (s->systick.control & SYSTICK_TICKINT) {
- /* Trigger the interrupt. */
- armv7m_nvic_set_pending(s, ARMV7M_EXCP_SYSTICK);
- }
- if (s->systick.reload == 0) {
- s->systick.control &= ~SYSTICK_ENABLE;
- } else {
- systick_reload(s, 0);
- }
-}
-
-static void systick_reset(nvic_state *s)
-{
- s->systick.control = 0;
- s->systick.reload = 0;
- s->systick.tick = 0;
- qemu_del_timer(s->systick.timer);
-}
-
-/* The external routines use the hardware vector numbering, ie. the first
- IRQ is #16. The internal GIC routines use #32 as the first IRQ. */
-void armv7m_nvic_set_pending(void *opaque, int irq)
-{
- nvic_state *s = (nvic_state *)opaque;
- if (irq >= 16)
- irq += 16;
- gic_set_pending_private(&s->gic, 0, irq);
-}
-
-/* Make pending IRQ active. */
-int armv7m_nvic_acknowledge_irq(void *opaque)
-{
- nvic_state *s = (nvic_state *)opaque;
- uint32_t irq;
-
- irq = gic_acknowledge_irq(&s->gic, 0);
- if (irq == 1023)
- hw_error("Interrupt but no vector\n");
- if (irq >= 32)
- irq -= 16;
- return irq;
-}
-
-void armv7m_nvic_complete_irq(void *opaque, int irq)
-{
- nvic_state *s = (nvic_state *)opaque;
- if (irq >= 16)
- irq += 16;
- gic_complete_irq(&s->gic, 0, irq);
-}
-
-static uint32_t nvic_readl(nvic_state *s, uint32_t offset)
-{
- uint32_t val;
- int irq;
-
- switch (offset) {
- case 4: /* Interrupt Control Type. */
- return (s->num_irq / 32) - 1;
- case 0x10: /* SysTick Control and Status. */
- val = s->systick.control;
- s->systick.control &= ~SYSTICK_COUNTFLAG;
- return val;
- case 0x14: /* SysTick Reload Value. */
- return s->systick.reload;
- case 0x18: /* SysTick Current Value. */
- {
- int64_t t;
- if ((s->systick.control & SYSTICK_ENABLE) == 0)
- return 0;
- t = qemu_get_clock_ns(vm_clock);
- if (t >= s->systick.tick)
- return 0;
- val = ((s->systick.tick - (t + 1)) / systick_scale(s)) + 1;
- /* The interrupt in triggered when the timer reaches zero.
- However the counter is not reloaded until the next clock
- tick. This is a hack to return zero during the first tick. */
- if (val > s->systick.reload)
- val = 0;
- return val;
- }
- case 0x1c: /* SysTick Calibration Value. */
- return 10000;
- case 0xd00: /* CPUID Base. */
- return cpu_single_env->cp15.c0_cpuid;
- case 0xd04: /* Interrypt Control State. */
- /* VECTACTIVE */
- val = s->gic.running_irq[0];
- if (val == 1023) {
- val = 0;
- } else if (val >= 32) {
- val -= 16;
- }
- /* RETTOBASE */
- if (s->gic.running_irq[0] == 1023
- || s->gic.last_active[s->gic.running_irq[0]][0] == 1023) {
- val |= (1 << 11);
- }
- /* VECTPENDING */
- if (s->gic.current_pending[0] != 1023)
- val |= (s->gic.current_pending[0] << 12);
- /* ISRPENDING */
- for (irq = 32; irq < s->num_irq; irq++) {
- if (s->gic.irq_state[irq].pending) {
- val |= (1 << 22);
- break;
- }
- }
- /* PENDSTSET */
- if (s->gic.irq_state[ARMV7M_EXCP_SYSTICK].pending)
- val |= (1 << 26);
- /* PENDSVSET */
- if (s->gic.irq_state[ARMV7M_EXCP_PENDSV].pending)
- val |= (1 << 28);
- /* NMIPENDSET */
- if (s->gic.irq_state[ARMV7M_EXCP_NMI].pending)
- val |= (1 << 31);
- return val;
- case 0xd08: /* Vector Table Offset. */
- return cpu_single_env->v7m.vecbase;
- case 0xd0c: /* Application Interrupt/Reset Control. */
- return 0xfa05000;
- case 0xd10: /* System Control. */
- /* TODO: Implement SLEEPONEXIT. */
- return 0;
- case 0xd14: /* Configuration Control. */
- /* TODO: Implement Configuration Control bits. */
- return 0;
- case 0xd24: /* System Handler Status. */
- val = 0;
- if (s->gic.irq_state[ARMV7M_EXCP_MEM].active) val |= (1 << 0);
- if (s->gic.irq_state[ARMV7M_EXCP_BUS].active) val |= (1 << 1);
- if (s->gic.irq_state[ARMV7M_EXCP_USAGE].active) val |= (1 << 3);
- if (s->gic.irq_state[ARMV7M_EXCP_SVC].active) val |= (1 << 7);
- if (s->gic.irq_state[ARMV7M_EXCP_DEBUG].active) val |= (1 << 8);
- if (s->gic.irq_state[ARMV7M_EXCP_PENDSV].active) val |= (1 << 10);
- if (s->gic.irq_state[ARMV7M_EXCP_SYSTICK].active) val |= (1 << 11);
- if (s->gic.irq_state[ARMV7M_EXCP_USAGE].pending) val |= (1 << 12);
- if (s->gic.irq_state[ARMV7M_EXCP_MEM].pending) val |= (1 << 13);
- if (s->gic.irq_state[ARMV7M_EXCP_BUS].pending) val |= (1 << 14);
- if (s->gic.irq_state[ARMV7M_EXCP_SVC].pending) val |= (1 << 15);
- if (s->gic.irq_state[ARMV7M_EXCP_MEM].enabled) val |= (1 << 16);
- if (s->gic.irq_state[ARMV7M_EXCP_BUS].enabled) val |= (1 << 17);
- if (s->gic.irq_state[ARMV7M_EXCP_USAGE].enabled) val |= (1 << 18);
- return val;
- case 0xd28: /* Configurable Fault Status. */
- /* TODO: Implement Fault Status. */
- qemu_log_mask(LOG_UNIMP, "Configurable Fault Status unimplemented\n");
- return 0;
- case 0xd2c: /* Hard Fault Status. */
- case 0xd30: /* Debug Fault Status. */
- case 0xd34: /* Mem Manage Address. */
- case 0xd38: /* Bus Fault Address. */
- case 0xd3c: /* Aux Fault Status. */
- /* TODO: Implement fault status registers. */
- qemu_log_mask(LOG_UNIMP, "Fault status registers unimplemented\n");
- return 0;
- case 0xd40: /* PFR0. */
- return 0x00000030;
- case 0xd44: /* PRF1. */
- return 0x00000200;
- case 0xd48: /* DFR0. */
- return 0x00100000;
- case 0xd4c: /* AFR0. */
- return 0x00000000;
- case 0xd50: /* MMFR0. */
- return 0x00000030;
- case 0xd54: /* MMFR1. */
- return 0x00000000;
- case 0xd58: /* MMFR2. */
- return 0x00000000;
- case 0xd5c: /* MMFR3. */
- return 0x00000000;
- case 0xd60: /* ISAR0. */
- return 0x01141110;
- case 0xd64: /* ISAR1. */
- return 0x02111000;
- case 0xd68: /* ISAR2. */
- return 0x21112231;
- case 0xd6c: /* ISAR3. */
- return 0x01111110;
- case 0xd70: /* ISAR4. */
- return 0x01310102;
- /* TODO: Implement debug registers. */
- default:
- qemu_log_mask(LOG_GUEST_ERROR, "NVIC: Bad read offset 0x%x\n", offset);
- return 0;
- }
-}
-
-static void nvic_writel(nvic_state *s, uint32_t offset, uint32_t value)
-{
- uint32_t oldval;
- switch (offset) {
- case 0x10: /* SysTick Control and Status. */
- oldval = s->systick.control;
- s->systick.control &= 0xfffffff8;
- s->systick.control |= value & 7;
- if ((oldval ^ value) & SYSTICK_ENABLE) {
- int64_t now = qemu_get_clock_ns(vm_clock);
- if (value & SYSTICK_ENABLE) {
- if (s->systick.tick) {
- s->systick.tick += now;
- qemu_mod_timer(s->systick.timer, s->systick.tick);
- } else {
- systick_reload(s, 1);
- }
- } else {
- qemu_del_timer(s->systick.timer);
- s->systick.tick -= now;
- if (s->systick.tick < 0)
- s->systick.tick = 0;
- }
- } else if ((oldval ^ value) & SYSTICK_CLKSOURCE) {
- /* This is a hack. Force the timer to be reloaded
- when the reference clock is changed. */
- systick_reload(s, 1);
- }
- break;
- case 0x14: /* SysTick Reload Value. */
- s->systick.reload = value;
- break;
- case 0x18: /* SysTick Current Value. Writes reload the timer. */
- systick_reload(s, 1);
- s->systick.control &= ~SYSTICK_COUNTFLAG;
- break;
- case 0xd04: /* Interrupt Control State. */
- if (value & (1 << 31)) {
- armv7m_nvic_set_pending(s, ARMV7M_EXCP_NMI);
- }
- if (value & (1 << 28)) {
- armv7m_nvic_set_pending(s, ARMV7M_EXCP_PENDSV);
- } else if (value & (1 << 27)) {
- s->gic.irq_state[ARMV7M_EXCP_PENDSV].pending = 0;
- gic_update(&s->gic);
- }
- if (value & (1 << 26)) {
- armv7m_nvic_set_pending(s, ARMV7M_EXCP_SYSTICK);
- } else if (value & (1 << 25)) {
- s->gic.irq_state[ARMV7M_EXCP_SYSTICK].pending = 0;
- gic_update(&s->gic);
- }
- break;
- case 0xd08: /* Vector Table Offset. */
- cpu_single_env->v7m.vecbase = value & 0xffffff80;
- break;
- case 0xd0c: /* Application Interrupt/Reset Control. */
- if ((value >> 16) == 0x05fa) {
- if (value & 2) {
- qemu_log_mask(LOG_UNIMP, "VECTCLRACTIVE unimplemented\n");
- }
- if (value & 5) {
- qemu_log_mask(LOG_UNIMP, "AIRCR system reset unimplemented\n");
- }
- }
- break;
- case 0xd10: /* System Control. */
- case 0xd14: /* Configuration Control. */
- /* TODO: Implement control registers. */
- qemu_log_mask(LOG_UNIMP, "NVIC: SCR and CCR unimplemented\n");
- break;
- case 0xd24: /* System Handler Control. */
- /* TODO: Real hardware allows you to set/clear the active bits
- under some circumstances. We don't implement this. */
- s->gic.irq_state[ARMV7M_EXCP_MEM].enabled = (value & (1 << 16)) != 0;
- s->gic.irq_state[ARMV7M_EXCP_BUS].enabled = (value & (1 << 17)) != 0;
- s->gic.irq_state[ARMV7M_EXCP_USAGE].enabled = (value & (1 << 18)) != 0;
- break;
- case 0xd28: /* Configurable Fault Status. */
- case 0xd2c: /* Hard Fault Status. */
- case 0xd30: /* Debug Fault Status. */
- case 0xd34: /* Mem Manage Address. */
- case 0xd38: /* Bus Fault Address. */
- case 0xd3c: /* Aux Fault Status. */
- qemu_log_mask(LOG_UNIMP,
- "NVIC: fault status registers unimplemented\n");
- break;
- case 0xf00: /* Software Triggered Interrupt Register */
- if ((value & 0x1ff) < s->num_irq) {
- gic_set_pending_private(&s->gic, 0, value & 0x1ff);
- }
- break;
- default:
- qemu_log_mask(LOG_GUEST_ERROR,
- "NVIC: Bad write offset 0x%x\n", offset);
- }
-}
-
-static uint64_t nvic_sysreg_read(void *opaque, hwaddr addr,
- unsigned size)
-{
- nvic_state *s = (nvic_state *)opaque;
- uint32_t offset = addr;
- int i;
- uint32_t val;
-
- switch (offset) {
- case 0xd18 ... 0xd23: /* System Handler Priority. */
- val = 0;
- for (i = 0; i < size; i++) {
- val |= s->gic.priority1[(offset - 0xd14) + i][0] << (i * 8);
- }
- return val;
- case 0xfe0 ... 0xfff: /* ID. */
- if (offset & 3) {
- return 0;
- }
- return nvic_id[(offset - 0xfe0) >> 2];
- }
- if (size == 4) {
- return nvic_readl(s, offset);
- }
- qemu_log_mask(LOG_GUEST_ERROR,
- "NVIC: Bad read of size %d at offset 0x%x\n", size, offset);
- return 0;
-}
-
-static void nvic_sysreg_write(void *opaque, hwaddr addr,
- uint64_t value, unsigned size)
-{
- nvic_state *s = (nvic_state *)opaque;
- uint32_t offset = addr;
- int i;
-
- switch (offset) {
- case 0xd18 ... 0xd23: /* System Handler Priority. */
- for (i = 0; i < size; i++) {
- s->gic.priority1[(offset - 0xd14) + i][0] =
- (value >> (i * 8)) & 0xff;
- }
- gic_update(&s->gic);
- return;
- }
- if (size == 4) {
- nvic_writel(s, offset, value);
- return;
- }
- qemu_log_mask(LOG_GUEST_ERROR,
- "NVIC: Bad write of size %d at offset 0x%x\n", size, offset);
-}
-
-static const MemoryRegionOps nvic_sysreg_ops = {
- .read = nvic_sysreg_read,
- .write = nvic_sysreg_write,
- .endianness = DEVICE_NATIVE_ENDIAN,
-};
-
-static const VMStateDescription vmstate_nvic = {
- .name = "armv7m_nvic",
- .version_id = 1,
- .minimum_version_id = 1,
- .minimum_version_id_old = 1,
- .fields = (VMStateField[]) {
- VMSTATE_UINT32(systick.control, nvic_state),
- VMSTATE_UINT32(systick.reload, nvic_state),
- VMSTATE_INT64(systick.tick, nvic_state),
- VMSTATE_TIMER(systick.timer, nvic_state),
- VMSTATE_END_OF_LIST()
- }
-};
-
-static void armv7m_nvic_reset(DeviceState *dev)
-{
- nvic_state *s = NVIC(dev);
- NVICClass *nc = NVIC_GET_CLASS(s);
- nc->parent_reset(dev);
- /* Common GIC reset resets to disabled; the NVIC doesn't have
- * per-CPU interfaces so mark our non-existent CPU interface
- * as enabled by default.
- */
- s->gic.cpu_enabled[0] = 1;
- /* The NVIC as a whole is always enabled. */
- s->gic.enabled = 1;
- systick_reset(s);
-}
-
-static int armv7m_nvic_init(SysBusDevice *dev)
-{
- nvic_state *s = NVIC(dev);
- NVICClass *nc = NVIC_GET_CLASS(s);
-
- /* The NVIC always has only one CPU */
- s->gic.num_cpu = 1;
- /* Tell the common code we're an NVIC */
- s->gic.revision = 0xffffffff;
- s->num_irq = s->gic.num_irq;
- nc->parent_init(dev);
- gic_init_irqs_and_distributor(&s->gic, s->num_irq);
- /* The NVIC and system controller register area looks like this:
- * 0..0xff : system control registers, including systick
- * 0x100..0xcff : GIC-like registers
- * 0xd00..0xfff : system control registers
- * We use overlaying to put the GIC like registers
- * over the top of the system control register region.
- */
- memory_region_init(&s->container, "nvic", 0x1000);
- /* The system register region goes at the bottom of the priority
- * stack as it covers the whole page.
- */
- memory_region_init_io(&s->sysregmem, &nvic_sysreg_ops, s,
- "nvic_sysregs", 0x1000);
- memory_region_add_subregion(&s->container, 0, &s->sysregmem);
- /* Alias the GIC region so we can get only the section of it
- * we need, and layer it on top of the system register region.
- */
- memory_region_init_alias(&s->gic_iomem_alias, "nvic-gic", &s->gic.iomem,
- 0x100, 0xc00);
- memory_region_add_subregion_overlap(&s->container, 0x100,
- &s->gic_iomem_alias, 1);
- /* Map the whole thing into system memory at the location required
- * by the v7M architecture.
- */
- memory_region_add_subregion(get_system_memory(), 0xe000e000, &s->container);
- s->systick.timer = qemu_new_timer_ns(vm_clock, systick_timer_tick, s);
- return 0;
-}
-
-static void armv7m_nvic_instance_init(Object *obj)
-{
- /* We have a different default value for the num-irq property
- * than our superclass. This function runs after qdev init
- * has set the defaults from the Property array and before
- * any user-specified property setting, so just modify the
- * value in the GICState struct.
- */
- GICState *s = ARM_GIC_COMMON(obj);
- /* The ARM v7m may have anything from 0 to 496 external interrupt
- * IRQ lines. We default to 64. Other boards may differ and should
- * set the num-irq property appropriately.
- */
- s->num_irq = 64;
-}
-
-static void armv7m_nvic_class_init(ObjectClass *klass, void *data)
-{
- NVICClass *nc = NVIC_CLASS(klass);
- DeviceClass *dc = DEVICE_CLASS(klass);
- SysBusDeviceClass *sdc = SYS_BUS_DEVICE_CLASS(klass);
-
- nc->parent_reset = dc->reset;
- nc->parent_init = sdc->init;
- sdc->init = armv7m_nvic_init;
- dc->vmsd = &vmstate_nvic;
- dc->reset = armv7m_nvic_reset;
-}
-
-static TypeInfo armv7m_nvic_info = {
- .name = TYPE_NVIC,
- .parent = TYPE_ARM_GIC_COMMON,
- .instance_init = armv7m_nvic_instance_init,
- .instance_size = sizeof(nvic_state),
- .class_init = armv7m_nvic_class_init,
- .class_size = sizeof(NVICClass),
-};
-
-static void armv7m_nvic_register_types(void)
-{
- type_register_static(&armv7m_nvic_info);
-}
-
-type_init(armv7m_nvic_register_types)
diff --git a/hw/audio/Makefile.objs b/hw/audio/Makefile.objs
new file mode 100644
index 000000000..7ce85a2e8
--- /dev/null
+++ b/hw/audio/Makefile.objs
@@ -0,0 +1,18 @@
+# Sound
+common-obj-$(CONFIG_SB16) += sb16.o
+common-obj-$(CONFIG_ES1370) += es1370.o
+common-obj-$(CONFIG_AC97) += ac97.o
+common-obj-$(CONFIG_ADLIB) += fmopl.o adlib.o
+common-obj-$(CONFIG_GUS) += gus.o gusemu_hal.o gusemu_mixer.o
+common-obj-$(CONFIG_CS4231A) += cs4231a.o
+common-obj-$(CONFIG_HDA) += intel-hda.o hda-codec.o
+
+common-obj-$(CONFIG_PCSPK) += pcspk.o
+common-obj-$(CONFIG_WM8750) += wm8750.o
+common-obj-$(CONFIG_PL041) += pl041.o lm4549.o
+
+common-obj-$(CONFIG_CS4231) += cs4231.o
+common-obj-$(CONFIG_MARVELL_88W8618) += marvell_88w8618.o
+common-obj-$(CONFIG_MILKYMIST) += milkymist-ac97.o
+
+$(obj)/adlib.o $(obj)/fmopl.o: QEMU_CFLAGS += -DBUILD_Y8950=0
diff --git a/hw/audio/ac97.c b/hw/audio/ac97.c
new file mode 100644
index 000000000..01b4dfbc6
--- /dev/null
+++ b/hw/audio/ac97.c
@@ -0,0 +1,1442 @@
+/*
+ * Copyright (C) 2006 InnoTek Systemberatung GmbH
+ *
+ * This file is part of VirtualBox Open Source Edition (OSE), as
+ * available from http://www.virtualbox.org. This file is free software;
+ * you can redistribute it and/or modify it under the terms of the GNU
+ * General Public License as published by the Free Software Foundation,
+ * in version 2 as it comes in the "COPYING" file of the VirtualBox OSE
+ * distribution. VirtualBox OSE is distributed in the hope that it will
+ * be useful, but WITHOUT ANY WARRANTY of any kind.
+ *
+ * If you received this file as part of a commercial VirtualBox
+ * distribution, then only the terms of your commercial VirtualBox
+ * license agreement apply instead of the previous paragraph.
+ *
+ * Contributions after 2012-01-13 are licensed under the terms of the
+ * GNU GPL, version 2 or (at your option) any later version.
+ */
+
+#include "hw/hw.h"
+#include "hw/audio/audio.h"
+#include "audio/audio.h"
+#include "hw/pci/pci.h"
+#include "sysemu/dma.h"
+
+enum {
+ AC97_Reset = 0x00,
+ AC97_Master_Volume_Mute = 0x02,
+ AC97_Headphone_Volume_Mute = 0x04,
+ AC97_Master_Volume_Mono_Mute = 0x06,
+ AC97_Master_Tone_RL = 0x08,
+ AC97_PC_BEEP_Volume_Mute = 0x0A,
+ AC97_Phone_Volume_Mute = 0x0C,
+ AC97_Mic_Volume_Mute = 0x0E,
+ AC97_Line_In_Volume_Mute = 0x10,
+ AC97_CD_Volume_Mute = 0x12,
+ AC97_Video_Volume_Mute = 0x14,
+ AC97_Aux_Volume_Mute = 0x16,
+ AC97_PCM_Out_Volume_Mute = 0x18,
+ AC97_Record_Select = 0x1A,
+ AC97_Record_Gain_Mute = 0x1C,
+ AC97_Record_Gain_Mic_Mute = 0x1E,
+ AC97_General_Purpose = 0x20,
+ AC97_3D_Control = 0x22,
+ AC97_AC_97_RESERVED = 0x24,
+ AC97_Powerdown_Ctrl_Stat = 0x26,
+ AC97_Extended_Audio_ID = 0x28,
+ AC97_Extended_Audio_Ctrl_Stat = 0x2A,
+ AC97_PCM_Front_DAC_Rate = 0x2C,
+ AC97_PCM_Surround_DAC_Rate = 0x2E,
+ AC97_PCM_LFE_DAC_Rate = 0x30,
+ AC97_PCM_LR_ADC_Rate = 0x32,
+ AC97_MIC_ADC_Rate = 0x34,
+ AC97_6Ch_Vol_C_LFE_Mute = 0x36,
+ AC97_6Ch_Vol_L_R_Surround_Mute = 0x38,
+ AC97_Vendor_Reserved = 0x58,
+ AC97_Sigmatel_Analog = 0x6c, /* We emulate a Sigmatel codec */
+ AC97_Sigmatel_Dac2Invert = 0x6e, /* We emulate a Sigmatel codec */
+ AC97_Vendor_ID1 = 0x7c,
+ AC97_Vendor_ID2 = 0x7e
+};
+
+#define SOFT_VOLUME
+#define SR_FIFOE 16 /* rwc */
+#define SR_BCIS 8 /* rwc */
+#define SR_LVBCI 4 /* rwc */
+#define SR_CELV 2 /* ro */
+#define SR_DCH 1 /* ro */
+#define SR_VALID_MASK ((1 << 5) - 1)
+#define SR_WCLEAR_MASK (SR_FIFOE | SR_BCIS | SR_LVBCI)
+#define SR_RO_MASK (SR_DCH | SR_CELV)
+#define SR_INT_MASK (SR_FIFOE | SR_BCIS | SR_LVBCI)
+
+#define CR_IOCE 16 /* rw */
+#define CR_FEIE 8 /* rw */
+#define CR_LVBIE 4 /* rw */
+#define CR_RR 2 /* rw */
+#define CR_RPBM 1 /* rw */
+#define CR_VALID_MASK ((1 << 5) - 1)
+#define CR_DONT_CLEAR_MASK (CR_IOCE | CR_FEIE | CR_LVBIE)
+
+#define GC_WR 4 /* rw */
+#define GC_CR 2 /* rw */
+#define GC_VALID_MASK ((1 << 6) - 1)
+
+#define GS_MD3 (1<<17) /* rw */
+#define GS_AD3 (1<<16) /* rw */
+#define GS_RCS (1<<15) /* rwc */
+#define GS_B3S12 (1<<14) /* ro */
+#define GS_B2S12 (1<<13) /* ro */
+#define GS_B1S12 (1<<12) /* ro */
+#define GS_S1R1 (1<<11) /* rwc */
+#define GS_S0R1 (1<<10) /* rwc */
+#define GS_S1CR (1<<9) /* ro */
+#define GS_S0CR (1<<8) /* ro */
+#define GS_MINT (1<<7) /* ro */
+#define GS_POINT (1<<6) /* ro */
+#define GS_PIINT (1<<5) /* ro */
+#define GS_RSRVD ((1<<4)|(1<<3))
+#define GS_MOINT (1<<2) /* ro */
+#define GS_MIINT (1<<1) /* ro */
+#define GS_GSCI 1 /* rwc */
+#define GS_RO_MASK (GS_B3S12| \
+ GS_B2S12| \
+ GS_B1S12| \
+ GS_S1CR| \
+ GS_S0CR| \
+ GS_MINT| \
+ GS_POINT| \
+ GS_PIINT| \
+ GS_RSRVD| \
+ GS_MOINT| \
+ GS_MIINT)
+#define GS_VALID_MASK ((1 << 18) - 1)
+#define GS_WCLEAR_MASK (GS_RCS|GS_S1R1|GS_S0R1|GS_GSCI)
+
+#define BD_IOC (1<<31)
+#define BD_BUP (1<<30)
+
+#define EACS_VRA 1
+#define EACS_VRM 8
+
+#define MUTE_SHIFT 15
+
+#define REC_MASK 7
+enum {
+ REC_MIC = 0,
+ REC_CD,
+ REC_VIDEO,
+ REC_AUX,
+ REC_LINE_IN,
+ REC_STEREO_MIX,
+ REC_MONO_MIX,
+ REC_PHONE
+};
+
+typedef struct BD {
+ uint32_t addr;
+ uint32_t ctl_len;
+} BD;
+
+typedef struct AC97BusMasterRegs {
+ uint32_t bdbar; /* rw 0 */
+ uint8_t civ; /* ro 0 */
+ uint8_t lvi; /* rw 0 */
+ uint16_t sr; /* rw 1 */
+ uint16_t picb; /* ro 0 */
+ uint8_t piv; /* ro 0 */
+ uint8_t cr; /* rw 0 */
+ unsigned int bd_valid;
+ BD bd;
+} AC97BusMasterRegs;
+
+typedef struct AC97LinkState {
+ PCIDevice dev;
+ QEMUSoundCard card;
+ uint32_t use_broken_id;
+ uint32_t glob_cnt;
+ uint32_t glob_sta;
+ uint32_t cas;
+ uint32_t last_samp;
+ AC97BusMasterRegs bm_regs[3];
+ uint8_t mixer_data[256];
+ SWVoiceIn *voice_pi;
+ SWVoiceOut *voice_po;
+ SWVoiceIn *voice_mc;
+ int invalid_freq[3];
+ uint8_t silence[128];
+ int bup_flag;
+ MemoryRegion io_nam;
+ MemoryRegion io_nabm;
+} AC97LinkState;
+
+enum {
+ BUP_SET = 1,
+ BUP_LAST = 2
+};
+
+#ifdef DEBUG_AC97
+#define dolog(...) AUD_log ("ac97", __VA_ARGS__)
+#else
+#define dolog(...)
+#endif
+
+#define MKREGS(prefix, start) \
+enum { \
+ prefix ## _BDBAR = start, \
+ prefix ## _CIV = start + 4, \
+ prefix ## _LVI = start + 5, \
+ prefix ## _SR = start + 6, \
+ prefix ## _PICB = start + 8, \
+ prefix ## _PIV = start + 10, \
+ prefix ## _CR = start + 11 \
+}
+
+enum {
+ PI_INDEX = 0,
+ PO_INDEX,
+ MC_INDEX,
+ LAST_INDEX
+};
+
+MKREGS (PI, PI_INDEX * 16);
+MKREGS (PO, PO_INDEX * 16);
+MKREGS (MC, MC_INDEX * 16);
+
+enum {
+ GLOB_CNT = 0x2c,
+ GLOB_STA = 0x30,
+ CAS = 0x34
+};
+
+#define GET_BM(index) (((index) >> 4) & 3)
+
+static void po_callback (void *opaque, int free);
+static void pi_callback (void *opaque, int avail);
+static void mc_callback (void *opaque, int avail);
+
+static void warm_reset (AC97LinkState *s)
+{
+ (void) s;
+}
+
+static void cold_reset (AC97LinkState * s)
+{
+ (void) s;
+}
+
+static void fetch_bd (AC97LinkState *s, AC97BusMasterRegs *r)
+{
+ uint8_t b[8];
+
+ pci_dma_read (&s->dev, r->bdbar + r->civ * 8, b, 8);
+ r->bd_valid = 1;
+ r->bd.addr = le32_to_cpu (*(uint32_t *) &b[0]) & ~3;
+ r->bd.ctl_len = le32_to_cpu (*(uint32_t *) &b[4]);
+ r->picb = r->bd.ctl_len & 0xffff;
+ dolog ("bd %2d addr=%#x ctl=%#06x len=%#x(%d bytes)\n",
+ r->civ, r->bd.addr, r->bd.ctl_len >> 16,
+ r->bd.ctl_len & 0xffff,
+ (r->bd.ctl_len & 0xffff) << 1);
+}
+
+static void update_sr (AC97LinkState *s, AC97BusMasterRegs *r, uint32_t new_sr)
+{
+ int event = 0;
+ int level = 0;
+ uint32_t new_mask = new_sr & SR_INT_MASK;
+ uint32_t old_mask = r->sr & SR_INT_MASK;
+ uint32_t masks[] = {GS_PIINT, GS_POINT, GS_MINT};
+
+ if (new_mask ^ old_mask) {
+ /** @todo is IRQ deasserted when only one of status bits is cleared? */
+ if (!new_mask) {
+ event = 1;
+ level = 0;
+ }
+ else {
+ if ((new_mask & SR_LVBCI) && (r->cr & CR_LVBIE)) {
+ event = 1;
+ level = 1;
+ }
+ if ((new_mask & SR_BCIS) && (r->cr & CR_IOCE)) {
+ event = 1;
+ level = 1;
+ }
+ }
+ }
+
+ r->sr = new_sr;
+
+ dolog ("IOC%d LVB%d sr=%#x event=%d level=%d\n",
+ r->sr & SR_BCIS, r->sr & SR_LVBCI,
+ r->sr,
+ event, level);
+
+ if (!event)
+ return;
+
+ if (level) {
+ s->glob_sta |= masks[r - s->bm_regs];
+ dolog ("set irq level=1\n");
+ qemu_set_irq (s->dev.irq[0], 1);
+ }
+ else {
+ s->glob_sta &= ~masks[r - s->bm_regs];
+ dolog ("set irq level=0\n");
+ qemu_set_irq (s->dev.irq[0], 0);
+ }
+}
+
+static void voice_set_active (AC97LinkState *s, int bm_index, int on)
+{
+ switch (bm_index) {
+ case PI_INDEX:
+ AUD_set_active_in (s->voice_pi, on);
+ break;
+
+ case PO_INDEX:
+ AUD_set_active_out (s->voice_po, on);
+ break;
+
+ case MC_INDEX:
+ AUD_set_active_in (s->voice_mc, on);
+ break;
+
+ default:
+ AUD_log ("ac97", "invalid bm_index(%d) in voice_set_active", bm_index);
+ break;
+ }
+}
+
+static void reset_bm_regs (AC97LinkState *s, AC97BusMasterRegs *r)
+{
+ dolog ("reset_bm_regs\n");
+ r->bdbar = 0;
+ r->civ = 0;
+ r->lvi = 0;
+ /** todo do we need to do that? */
+ update_sr (s, r, SR_DCH);
+ r->picb = 0;
+ r->piv = 0;
+ r->cr = r->cr & CR_DONT_CLEAR_MASK;
+ r->bd_valid = 0;
+
+ voice_set_active (s, r - s->bm_regs, 0);
+ memset (s->silence, 0, sizeof (s->silence));
+}
+
+static void mixer_store (AC97LinkState *s, uint32_t i, uint16_t v)
+{
+ if (i + 2 > sizeof (s->mixer_data)) {
+ dolog ("mixer_store: index %d out of bounds %zd\n",
+ i, sizeof (s->mixer_data));
+ return;
+ }
+
+ s->mixer_data[i + 0] = v & 0xff;
+ s->mixer_data[i + 1] = v >> 8;
+}
+
+static uint16_t mixer_load (AC97LinkState *s, uint32_t i)
+{
+ uint16_t val = 0xffff;
+
+ if (i + 2 > sizeof (s->mixer_data)) {
+ dolog ("mixer_load: index %d out of bounds %zd\n",
+ i, sizeof (s->mixer_data));
+ }
+ else {
+ val = s->mixer_data[i + 0] | (s->mixer_data[i + 1] << 8);
+ }
+
+ return val;
+}
+
+static void open_voice (AC97LinkState *s, int index, int freq)
+{
+ struct audsettings as;
+
+ as.freq = freq;
+ as.nchannels = 2;
+ as.fmt = AUD_FMT_S16;
+ as.endianness = 0;
+
+ if (freq > 0) {
+ s->invalid_freq[index] = 0;
+ switch (index) {
+ case PI_INDEX:
+ s->voice_pi = AUD_open_in (
+ &s->card,
+ s->voice_pi,
+ "ac97.pi",
+ s,
+ pi_callback,
+ &as
+ );
+ break;
+
+ case PO_INDEX:
+ s->voice_po = AUD_open_out (
+ &s->card,
+ s->voice_po,
+ "ac97.po",
+ s,
+ po_callback,
+ &as
+ );
+ break;
+
+ case MC_INDEX:
+ s->voice_mc = AUD_open_in (
+ &s->card,
+ s->voice_mc,
+ "ac97.mc",
+ s,
+ mc_callback,
+ &as
+ );
+ break;
+ }
+ }
+ else {
+ s->invalid_freq[index] = freq;
+ switch (index) {
+ case PI_INDEX:
+ AUD_close_in (&s->card, s->voice_pi);
+ s->voice_pi = NULL;
+ break;
+
+ case PO_INDEX:
+ AUD_close_out (&s->card, s->voice_po);
+ s->voice_po = NULL;
+ break;
+
+ case MC_INDEX:
+ AUD_close_in (&s->card, s->voice_mc);
+ s->voice_mc = NULL;
+ break;
+ }
+ }
+}
+
+static void reset_voices (AC97LinkState *s, uint8_t active[LAST_INDEX])
+{
+ uint16_t freq;
+
+ freq = mixer_load (s, AC97_PCM_LR_ADC_Rate);
+ open_voice (s, PI_INDEX, freq);
+ AUD_set_active_in (s->voice_pi, active[PI_INDEX]);
+
+ freq = mixer_load (s, AC97_PCM_Front_DAC_Rate);
+ open_voice (s, PO_INDEX, freq);
+ AUD_set_active_out (s->voice_po, active[PO_INDEX]);
+
+ freq = mixer_load (s, AC97_MIC_ADC_Rate);
+ open_voice (s, MC_INDEX, freq);
+ AUD_set_active_in (s->voice_mc, active[MC_INDEX]);
+}
+
+static void get_volume (uint16_t vol, uint16_t mask, int inverse,
+ int *mute, uint8_t *lvol, uint8_t *rvol)
+{
+ *mute = (vol >> MUTE_SHIFT) & 1;
+ *rvol = (255 * (vol & mask)) / mask;
+ *lvol = (255 * ((vol >> 8) & mask)) / mask;
+
+ if (inverse) {
+ *rvol = 255 - *rvol;
+ *lvol = 255 - *lvol;
+ }
+}
+
+static void update_combined_volume_out (AC97LinkState *s)
+{
+ uint8_t lvol, rvol, plvol, prvol;
+ int mute, pmute;
+
+ get_volume (mixer_load (s, AC97_Master_Volume_Mute), 0x3f, 1,
+ &mute, &lvol, &rvol);
+ get_volume (mixer_load (s, AC97_PCM_Out_Volume_Mute), 0x1f, 1,
+ &pmute, &plvol, &prvol);
+
+ mute = mute | pmute;
+ lvol = (lvol * plvol) / 255;
+ rvol = (rvol * prvol) / 255;
+
+ AUD_set_volume_out (s->voice_po, mute, lvol, rvol);
+}
+
+static void update_volume_in (AC97LinkState *s)
+{
+ uint8_t lvol, rvol;
+ int mute;
+
+ get_volume (mixer_load (s, AC97_Record_Gain_Mute), 0x0f, 0,
+ &mute, &lvol, &rvol);
+
+ AUD_set_volume_in (s->voice_pi, mute, lvol, rvol);
+}
+
+static void set_volume (AC97LinkState *s, int index, uint32_t val)
+{
+ switch (index) {
+ case AC97_Master_Volume_Mute:
+ val &= 0xbf3f;
+ mixer_store (s, index, val);
+ update_combined_volume_out (s);
+ break;
+ case AC97_PCM_Out_Volume_Mute:
+ val &= 0x9f1f;
+ mixer_store (s, index, val);
+ update_combined_volume_out (s);
+ break;
+ case AC97_Record_Gain_Mute:
+ val &= 0x8f0f;
+ mixer_store (s, index, val);
+ update_volume_in (s);
+ break;
+ }
+}
+
+static void record_select (AC97LinkState *s, uint32_t val)
+{
+ uint8_t rs = val & REC_MASK;
+ uint8_t ls = (val >> 8) & REC_MASK;
+ mixer_store (s, AC97_Record_Select, rs | (ls << 8));
+}
+
+static void mixer_reset (AC97LinkState *s)
+{
+ uint8_t active[LAST_INDEX];
+
+ dolog ("mixer_reset\n");
+ memset (s->mixer_data, 0, sizeof (s->mixer_data));
+ memset (active, 0, sizeof (active));
+ mixer_store (s, AC97_Reset , 0x0000); /* 6940 */
+ mixer_store (s, AC97_Headphone_Volume_Mute , 0x0000);
+ mixer_store (s, AC97_Master_Volume_Mono_Mute , 0x0000);
+ mixer_store (s, AC97_Master_Tone_RL, 0x0000);
+ mixer_store (s, AC97_PC_BEEP_Volume_Mute , 0x0000);
+ mixer_store (s, AC97_Phone_Volume_Mute , 0x0000);
+ mixer_store (s, AC97_Mic_Volume_Mute , 0x0000);
+ mixer_store (s, AC97_Line_In_Volume_Mute , 0x0000);
+ mixer_store (s, AC97_CD_Volume_Mute , 0x0000);
+ mixer_store (s, AC97_Video_Volume_Mute , 0x0000);
+ mixer_store (s, AC97_Aux_Volume_Mute , 0x0000);
+ mixer_store (s, AC97_Record_Gain_Mic_Mute , 0x0000);
+ mixer_store (s, AC97_General_Purpose , 0x0000);
+ mixer_store (s, AC97_3D_Control , 0x0000);
+ mixer_store (s, AC97_Powerdown_Ctrl_Stat , 0x000f);
+
+ /*
+ * Sigmatel 9700 (STAC9700)
+ */
+ mixer_store (s, AC97_Vendor_ID1 , 0x8384);
+ mixer_store (s, AC97_Vendor_ID2 , 0x7600); /* 7608 */
+
+ mixer_store (s, AC97_Extended_Audio_ID , 0x0809);
+ mixer_store (s, AC97_Extended_Audio_Ctrl_Stat, 0x0009);
+ mixer_store (s, AC97_PCM_Front_DAC_Rate , 0xbb80);
+ mixer_store (s, AC97_PCM_Surround_DAC_Rate , 0xbb80);
+ mixer_store (s, AC97_PCM_LFE_DAC_Rate , 0xbb80);
+ mixer_store (s, AC97_PCM_LR_ADC_Rate , 0xbb80);
+ mixer_store (s, AC97_MIC_ADC_Rate , 0xbb80);
+
+ record_select (s, 0);
+ set_volume (s, AC97_Master_Volume_Mute, 0x8000);
+ set_volume (s, AC97_PCM_Out_Volume_Mute, 0x8808);
+ set_volume (s, AC97_Record_Gain_Mute, 0x8808);
+
+ reset_voices (s, active);
+}
+
+/**
+ * Native audio mixer
+ * I/O Reads
+ */
+static uint32_t nam_readb (void *opaque, uint32_t addr)
+{
+ AC97LinkState *s = opaque;
+ dolog ("U nam readb %#x\n", addr);
+ s->cas = 0;
+ return ~0U;
+}
+
+static uint32_t nam_readw (void *opaque, uint32_t addr)
+{
+ AC97LinkState *s = opaque;
+ uint32_t val = ~0U;
+ uint32_t index = addr;
+ s->cas = 0;
+ val = mixer_load (s, index);
+ return val;
+}
+
+static uint32_t nam_readl (void *opaque, uint32_t addr)
+{
+ AC97LinkState *s = opaque;
+ dolog ("U nam readl %#x\n", addr);
+ s->cas = 0;
+ return ~0U;
+}
+
+/**
+ * Native audio mixer
+ * I/O Writes
+ */
+static void nam_writeb (void *opaque, uint32_t addr, uint32_t val)
+{
+ AC97LinkState *s = opaque;
+ dolog ("U nam writeb %#x <- %#x\n", addr, val);
+ s->cas = 0;
+}
+
+static void nam_writew (void *opaque, uint32_t addr, uint32_t val)
+{
+ AC97LinkState *s = opaque;
+ uint32_t index = addr;
+ s->cas = 0;
+ switch (index) {
+ case AC97_Reset:
+ mixer_reset (s);
+ break;
+ case AC97_Powerdown_Ctrl_Stat:
+ val &= ~0x800f;
+ val |= mixer_load (s, index) & 0xf;
+ mixer_store (s, index, val);
+ break;
+ case AC97_PCM_Out_Volume_Mute:
+ case AC97_Master_Volume_Mute:
+ case AC97_Record_Gain_Mute:
+ set_volume (s, index, val);
+ break;
+ case AC97_Record_Select:
+ record_select (s, val);
+ break;
+ case AC97_Vendor_ID1:
+ case AC97_Vendor_ID2:
+ dolog ("Attempt to write vendor ID to %#x\n", val);
+ break;
+ case AC97_Extended_Audio_ID:
+ dolog ("Attempt to write extended audio ID to %#x\n", val);
+ break;
+ case AC97_Extended_Audio_Ctrl_Stat:
+ if (!(val & EACS_VRA)) {
+ mixer_store (s, AC97_PCM_Front_DAC_Rate, 0xbb80);
+ mixer_store (s, AC97_PCM_LR_ADC_Rate, 0xbb80);
+ open_voice (s, PI_INDEX, 48000);
+ open_voice (s, PO_INDEX, 48000);
+ }
+ if (!(val & EACS_VRM)) {
+ mixer_store (s, AC97_MIC_ADC_Rate, 0xbb80);
+ open_voice (s, MC_INDEX, 48000);
+ }
+ dolog ("Setting extended audio control to %#x\n", val);
+ mixer_store (s, AC97_Extended_Audio_Ctrl_Stat, val);
+ break;
+ case AC97_PCM_Front_DAC_Rate:
+ if (mixer_load (s, AC97_Extended_Audio_Ctrl_Stat) & EACS_VRA) {
+ mixer_store (s, index, val);
+ dolog ("Set front DAC rate to %d\n", val);
+ open_voice (s, PO_INDEX, val);
+ }
+ else {
+ dolog ("Attempt to set front DAC rate to %d, "
+ "but VRA is not set\n",
+ val);
+ }
+ break;
+ case AC97_MIC_ADC_Rate:
+ if (mixer_load (s, AC97_Extended_Audio_Ctrl_Stat) & EACS_VRM) {
+ mixer_store (s, index, val);
+ dolog ("Set MIC ADC rate to %d\n", val);
+ open_voice (s, MC_INDEX, val);
+ }
+ else {
+ dolog ("Attempt to set MIC ADC rate to %d, "
+ "but VRM is not set\n",
+ val);
+ }
+ break;
+ case AC97_PCM_LR_ADC_Rate:
+ if (mixer_load (s, AC97_Extended_Audio_Ctrl_Stat) & EACS_VRA) {
+ mixer_store (s, index, val);
+ dolog ("Set front LR ADC rate to %d\n", val);
+ open_voice (s, PI_INDEX, val);
+ }
+ else {
+ dolog ("Attempt to set LR ADC rate to %d, but VRA is not set\n",
+ val);
+ }
+ break;
+ case AC97_Headphone_Volume_Mute:
+ case AC97_Master_Volume_Mono_Mute:
+ case AC97_Master_Tone_RL:
+ case AC97_PC_BEEP_Volume_Mute:
+ case AC97_Phone_Volume_Mute:
+ case AC97_Mic_Volume_Mute:
+ case AC97_Line_In_Volume_Mute:
+ case AC97_CD_Volume_Mute:
+ case AC97_Video_Volume_Mute:
+ case AC97_Aux_Volume_Mute:
+ case AC97_Record_Gain_Mic_Mute:
+ case AC97_General_Purpose:
+ case AC97_3D_Control:
+ case AC97_Sigmatel_Analog:
+ case AC97_Sigmatel_Dac2Invert:
+ /* None of the features in these regs are emulated, so they are RO */
+ break;
+ default:
+ dolog ("U nam writew %#x <- %#x\n", addr, val);
+ mixer_store (s, index, val);
+ break;
+ }
+}
+
+static void nam_writel (void *opaque, uint32_t addr, uint32_t val)
+{
+ AC97LinkState *s = opaque;
+ dolog ("U nam writel %#x <- %#x\n", addr, val);
+ s->cas = 0;
+}
+
+/**
+ * Native audio bus master
+ * I/O Reads
+ */
+static uint32_t nabm_readb (void *opaque, uint32_t addr)
+{
+ AC97LinkState *s = opaque;
+ AC97BusMasterRegs *r = NULL;
+ uint32_t index = addr;
+ uint32_t val = ~0U;
+
+ switch (index) {
+ case CAS:
+ dolog ("CAS %d\n", s->cas);
+ val = s->cas;
+ s->cas = 1;
+ break;
+ case PI_CIV:
+ case PO_CIV:
+ case MC_CIV:
+ r = &s->bm_regs[GET_BM (index)];
+ val = r->civ;
+ dolog ("CIV[%d] -> %#x\n", GET_BM (index), val);
+ break;
+ case PI_LVI:
+ case PO_LVI:
+ case MC_LVI:
+ r = &s->bm_regs[GET_BM (index)];
+ val = r->lvi;
+ dolog ("LVI[%d] -> %#x\n", GET_BM (index), val);
+ break;
+ case PI_PIV:
+ case PO_PIV:
+ case MC_PIV:
+ r = &s->bm_regs[GET_BM (index)];
+ val = r->piv;
+ dolog ("PIV[%d] -> %#x\n", GET_BM (index), val);
+ break;
+ case PI_CR:
+ case PO_CR:
+ case MC_CR:
+ r = &s->bm_regs[GET_BM (index)];
+ val = r->cr;
+ dolog ("CR[%d] -> %#x\n", GET_BM (index), val);
+ break;
+ case PI_SR:
+ case PO_SR:
+ case MC_SR:
+ r = &s->bm_regs[GET_BM (index)];
+ val = r->sr & 0xff;
+ dolog ("SRb[%d] -> %#x\n", GET_BM (index), val);
+ break;
+ default:
+ dolog ("U nabm readb %#x -> %#x\n", addr, val);
+ break;
+ }
+ return val;
+}
+
+static uint32_t nabm_readw (void *opaque, uint32_t addr)
+{
+ AC97LinkState *s = opaque;
+ AC97BusMasterRegs *r = NULL;
+ uint32_t index = addr;
+ uint32_t val = ~0U;
+
+ switch (index) {
+ case PI_SR:
+ case PO_SR:
+ case MC_SR:
+ r = &s->bm_regs[GET_BM (index)];
+ val = r->sr;
+ dolog ("SR[%d] -> %#x\n", GET_BM (index), val);
+ break;
+ case PI_PICB:
+ case PO_PICB:
+ case MC_PICB:
+ r = &s->bm_regs[GET_BM (index)];
+ val = r->picb;
+ dolog ("PICB[%d] -> %#x\n", GET_BM (index), val);
+ break;
+ default:
+ dolog ("U nabm readw %#x -> %#x\n", addr, val);
+ break;
+ }
+ return val;
+}
+
+static uint32_t nabm_readl (void *opaque, uint32_t addr)
+{
+ AC97LinkState *s = opaque;
+ AC97BusMasterRegs *r = NULL;
+ uint32_t index = addr;
+ uint32_t val = ~0U;
+
+ switch (index) {
+ case PI_BDBAR:
+ case PO_BDBAR:
+ case MC_BDBAR:
+ r = &s->bm_regs[GET_BM (index)];
+ val = r->bdbar;
+ dolog ("BMADDR[%d] -> %#x\n", GET_BM (index), val);
+ break;
+ case PI_CIV:
+ case PO_CIV:
+ case MC_CIV:
+ r = &s->bm_regs[GET_BM (index)];
+ val = r->civ | (r->lvi << 8) | (r->sr << 16);
+ dolog ("CIV LVI SR[%d] -> %#x, %#x, %#x\n", GET_BM (index),
+ r->civ, r->lvi, r->sr);
+ break;
+ case PI_PICB:
+ case PO_PICB:
+ case MC_PICB:
+ r = &s->bm_regs[GET_BM (index)];
+ val = r->picb | (r->piv << 16) | (r->cr << 24);
+ dolog ("PICB PIV CR[%d] -> %#x %#x %#x %#x\n", GET_BM (index),
+ val, r->picb, r->piv, r->cr);
+ break;
+ case GLOB_CNT:
+ val = s->glob_cnt;
+ dolog ("glob_cnt -> %#x\n", val);
+ break;
+ case GLOB_STA:
+ val = s->glob_sta | GS_S0CR;
+ dolog ("glob_sta -> %#x\n", val);
+ break;
+ default:
+ dolog ("U nabm readl %#x -> %#x\n", addr, val);
+ break;
+ }
+ return val;
+}
+
+/**
+ * Native audio bus master
+ * I/O Writes
+ */
+static void nabm_writeb (void *opaque, uint32_t addr, uint32_t val)
+{
+ AC97LinkState *s = opaque;
+ AC97BusMasterRegs *r = NULL;
+ uint32_t index = addr;
+ switch (index) {
+ case PI_LVI:
+ case PO_LVI:
+ case MC_LVI:
+ r = &s->bm_regs[GET_BM (index)];
+ if ((r->cr & CR_RPBM) && (r->sr & SR_DCH)) {
+ r->sr &= ~(SR_DCH | SR_CELV);
+ r->civ = r->piv;
+ r->piv = (r->piv + 1) % 32;
+ fetch_bd (s, r);
+ }
+ r->lvi = val % 32;
+ dolog ("LVI[%d] <- %#x\n", GET_BM (index), val);
+ break;
+ case PI_CR:
+ case PO_CR:
+ case MC_CR:
+ r = &s->bm_regs[GET_BM (index)];
+ if (val & CR_RR) {
+ reset_bm_regs (s, r);
+ }
+ else {
+ r->cr = val & CR_VALID_MASK;
+ if (!(r->cr & CR_RPBM)) {
+ voice_set_active (s, r - s->bm_regs, 0);
+ r->sr |= SR_DCH;
+ }
+ else {
+ r->civ = r->piv;
+ r->piv = (r->piv + 1) % 32;
+ fetch_bd (s, r);
+ r->sr &= ~SR_DCH;
+ voice_set_active (s, r - s->bm_regs, 1);
+ }
+ }
+ dolog ("CR[%d] <- %#x (cr %#x)\n", GET_BM (index), val, r->cr);
+ break;
+ case PI_SR:
+ case PO_SR:
+ case MC_SR:
+ r = &s->bm_regs[GET_BM (index)];
+ r->sr |= val & ~(SR_RO_MASK | SR_WCLEAR_MASK);
+ update_sr (s, r, r->sr & ~(val & SR_WCLEAR_MASK));
+ dolog ("SR[%d] <- %#x (sr %#x)\n", GET_BM (index), val, r->sr);
+ break;
+ default:
+ dolog ("U nabm writeb %#x <- %#x\n", addr, val);
+ break;
+ }
+}
+
+static void nabm_writew (void *opaque, uint32_t addr, uint32_t val)
+{
+ AC97LinkState *s = opaque;
+ AC97BusMasterRegs *r = NULL;
+ uint32_t index = addr;
+ switch (index) {
+ case PI_SR:
+ case PO_SR:
+ case MC_SR:
+ r = &s->bm_regs[GET_BM (index)];
+ r->sr |= val & ~(SR_RO_MASK | SR_WCLEAR_MASK);
+ update_sr (s, r, r->sr & ~(val & SR_WCLEAR_MASK));
+ dolog ("SR[%d] <- %#x (sr %#x)\n", GET_BM (index), val, r->sr);
+ break;
+ default:
+ dolog ("U nabm writew %#x <- %#x\n", addr, val);
+ break;
+ }
+}
+
+static void nabm_writel (void *opaque, uint32_t addr, uint32_t val)
+{
+ AC97LinkState *s = opaque;
+ AC97BusMasterRegs *r = NULL;
+ uint32_t index = addr;
+ switch (index) {
+ case PI_BDBAR:
+ case PO_BDBAR:
+ case MC_BDBAR:
+ r = &s->bm_regs[GET_BM (index)];
+ r->bdbar = val & ~3;
+ dolog ("BDBAR[%d] <- %#x (bdbar %#x)\n",
+ GET_BM (index), val, r->bdbar);
+ break;
+ case GLOB_CNT:
+ if (val & GC_WR)
+ warm_reset (s);
+ if (val & GC_CR)
+ cold_reset (s);
+ if (!(val & (GC_WR | GC_CR)))
+ s->glob_cnt = val & GC_VALID_MASK;
+ dolog ("glob_cnt <- %#x (glob_cnt %#x)\n", val, s->glob_cnt);
+ break;
+ case GLOB_STA:
+ s->glob_sta &= ~(val & GS_WCLEAR_MASK);
+ s->glob_sta |= (val & ~(GS_WCLEAR_MASK | GS_RO_MASK)) & GS_VALID_MASK;
+ dolog ("glob_sta <- %#x (glob_sta %#x)\n", val, s->glob_sta);
+ break;
+ default:
+ dolog ("U nabm writel %#x <- %#x\n", addr, val);
+ break;
+ }
+}
+
+static int write_audio (AC97LinkState *s, AC97BusMasterRegs *r,
+ int max, int *stop)
+{
+ uint8_t tmpbuf[4096];
+ uint32_t addr = r->bd.addr;
+ uint32_t temp = r->picb << 1;
+ uint32_t written = 0;
+ int to_copy = 0;
+ temp = audio_MIN (temp, max);
+
+ if (!temp) {
+ *stop = 1;
+ return 0;
+ }
+
+ while (temp) {
+ int copied;
+ to_copy = audio_MIN (temp, sizeof (tmpbuf));
+ pci_dma_read (&s->dev, addr, tmpbuf, to_copy);
+ copied = AUD_write (s->voice_po, tmpbuf, to_copy);
+ dolog ("write_audio max=%x to_copy=%x copied=%x\n",
+ max, to_copy, copied);
+ if (!copied) {
+ *stop = 1;
+ break;
+ }
+ temp -= copied;
+ addr += copied;
+ written += copied;
+ }
+
+ if (!temp) {
+ if (to_copy < 4) {
+ dolog ("whoops\n");
+ s->last_samp = 0;
+ }
+ else {
+ s->last_samp = *(uint32_t *) &tmpbuf[to_copy - 4];
+ }
+ }
+
+ r->bd.addr = addr;
+ return written;
+}
+
+static void write_bup (AC97LinkState *s, int elapsed)
+{
+ dolog ("write_bup\n");
+ if (!(s->bup_flag & BUP_SET)) {
+ if (s->bup_flag & BUP_LAST) {
+ int i;
+ uint8_t *p = s->silence;
+ for (i = 0; i < sizeof (s->silence) / 4; i++, p += 4) {
+ *(uint32_t *) p = s->last_samp;
+ }
+ }
+ else {
+ memset (s->silence, 0, sizeof (s->silence));
+ }
+ s->bup_flag |= BUP_SET;
+ }
+
+ while (elapsed) {
+ int temp = audio_MIN (elapsed, sizeof (s->silence));
+ while (temp) {
+ int copied = AUD_write (s->voice_po, s->silence, temp);
+ if (!copied)
+ return;
+ temp -= copied;
+ elapsed -= copied;
+ }
+ }
+}
+
+static int read_audio (AC97LinkState *s, AC97BusMasterRegs *r,
+ int max, int *stop)
+{
+ uint8_t tmpbuf[4096];
+ uint32_t addr = r->bd.addr;
+ uint32_t temp = r->picb << 1;
+ uint32_t nread = 0;
+ int to_copy = 0;
+ SWVoiceIn *voice = (r - s->bm_regs) == MC_INDEX ? s->voice_mc : s->voice_pi;
+
+ temp = audio_MIN (temp, max);
+
+ if (!temp) {
+ *stop = 1;
+ return 0;
+ }
+
+ while (temp) {
+ int acquired;
+ to_copy = audio_MIN (temp, sizeof (tmpbuf));
+ acquired = AUD_read (voice, tmpbuf, to_copy);
+ if (!acquired) {
+ *stop = 1;
+ break;
+ }
+ pci_dma_write (&s->dev, addr, tmpbuf, acquired);
+ temp -= acquired;
+ addr += acquired;
+ nread += acquired;
+ }
+
+ r->bd.addr = addr;
+ return nread;
+}
+
+static void transfer_audio (AC97LinkState *s, int index, int elapsed)
+{
+ AC97BusMasterRegs *r = &s->bm_regs[index];
+ int stop = 0;
+
+ if (s->invalid_freq[index]) {
+ AUD_log ("ac97", "attempt to use voice %d with invalid frequency %d\n",
+ index, s->invalid_freq[index]);
+ return;
+ }
+
+ if (r->sr & SR_DCH) {
+ if (r->cr & CR_RPBM) {
+ switch (index) {
+ case PO_INDEX:
+ write_bup (s, elapsed);
+ break;
+ }
+ }
+ return;
+ }
+
+ while ((elapsed >> 1) && !stop) {
+ int temp;
+
+ if (!r->bd_valid) {
+ dolog ("invalid bd\n");
+ fetch_bd (s, r);
+ }
+
+ if (!r->picb) {
+ dolog ("fresh bd %d is empty %#x %#x\n",
+ r->civ, r->bd.addr, r->bd.ctl_len);
+ if (r->civ == r->lvi) {
+ r->sr |= SR_DCH; /* CELV? */
+ s->bup_flag = 0;
+ break;
+ }
+ r->sr &= ~SR_CELV;
+ r->civ = r->piv;
+ r->piv = (r->piv + 1) % 32;
+ fetch_bd (s, r);
+ return;
+ }
+
+ switch (index) {
+ case PO_INDEX:
+ temp = write_audio (s, r, elapsed, &stop);
+ elapsed -= temp;
+ r->picb -= (temp >> 1);
+ break;
+
+ case PI_INDEX:
+ case MC_INDEX:
+ temp = read_audio (s, r, elapsed, &stop);
+ elapsed -= temp;
+ r->picb -= (temp >> 1);
+ break;
+ }
+
+ if (!r->picb) {
+ uint32_t new_sr = r->sr & ~SR_CELV;
+
+ if (r->bd.ctl_len & BD_IOC) {
+ new_sr |= SR_BCIS;
+ }
+
+ if (r->civ == r->lvi) {
+ dolog ("Underrun civ (%d) == lvi (%d)\n", r->civ, r->lvi);
+
+ new_sr |= SR_LVBCI | SR_DCH | SR_CELV;
+ stop = 1;
+ s->bup_flag = (r->bd.ctl_len & BD_BUP) ? BUP_LAST : 0;
+ }
+ else {
+ r->civ = r->piv;
+ r->piv = (r->piv + 1) % 32;
+ fetch_bd (s, r);
+ }
+
+ update_sr (s, r, new_sr);
+ }
+ }
+}
+
+static void pi_callback (void *opaque, int avail)
+{
+ transfer_audio (opaque, PI_INDEX, avail);
+}
+
+static void mc_callback (void *opaque, int avail)
+{
+ transfer_audio (opaque, MC_INDEX, avail);
+}
+
+static void po_callback (void *opaque, int free)
+{
+ transfer_audio (opaque, PO_INDEX, free);
+}
+
+static const VMStateDescription vmstate_ac97_bm_regs = {
+ .name = "ac97_bm_regs",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .minimum_version_id_old = 1,
+ .fields = (VMStateField []) {
+ VMSTATE_UINT32 (bdbar, AC97BusMasterRegs),
+ VMSTATE_UINT8 (civ, AC97BusMasterRegs),
+ VMSTATE_UINT8 (lvi, AC97BusMasterRegs),
+ VMSTATE_UINT16 (sr, AC97BusMasterRegs),
+ VMSTATE_UINT16 (picb, AC97BusMasterRegs),
+ VMSTATE_UINT8 (piv, AC97BusMasterRegs),
+ VMSTATE_UINT8 (cr, AC97BusMasterRegs),
+ VMSTATE_UINT32 (bd_valid, AC97BusMasterRegs),
+ VMSTATE_UINT32 (bd.addr, AC97BusMasterRegs),
+ VMSTATE_UINT32 (bd.ctl_len, AC97BusMasterRegs),
+ VMSTATE_END_OF_LIST ()
+ }
+};
+
+static int ac97_post_load (void *opaque, int version_id)
+{
+ uint8_t active[LAST_INDEX];
+ AC97LinkState *s = opaque;
+
+ record_select (s, mixer_load (s, AC97_Record_Select));
+ set_volume (s, AC97_Master_Volume_Mute,
+ mixer_load (s, AC97_Master_Volume_Mute));
+ set_volume (s, AC97_PCM_Out_Volume_Mute,
+ mixer_load (s, AC97_PCM_Out_Volume_Mute));
+ set_volume (s, AC97_Record_Gain_Mute,
+ mixer_load (s, AC97_Record_Gain_Mute));
+
+ active[PI_INDEX] = !!(s->bm_regs[PI_INDEX].cr & CR_RPBM);
+ active[PO_INDEX] = !!(s->bm_regs[PO_INDEX].cr & CR_RPBM);
+ active[MC_INDEX] = !!(s->bm_regs[MC_INDEX].cr & CR_RPBM);
+ reset_voices (s, active);
+
+ s->bup_flag = 0;
+ s->last_samp = 0;
+ return 0;
+}
+
+static bool is_version_2 (void *opaque, int version_id)
+{
+ return version_id == 2;
+}
+
+static const VMStateDescription vmstate_ac97 = {
+ .name = "ac97",
+ .version_id = 3,
+ .minimum_version_id = 2,
+ .minimum_version_id_old = 2,
+ .post_load = ac97_post_load,
+ .fields = (VMStateField []) {
+ VMSTATE_PCI_DEVICE (dev, AC97LinkState),
+ VMSTATE_UINT32 (glob_cnt, AC97LinkState),
+ VMSTATE_UINT32 (glob_sta, AC97LinkState),
+ VMSTATE_UINT32 (cas, AC97LinkState),
+ VMSTATE_STRUCT_ARRAY (bm_regs, AC97LinkState, 3, 1,
+ vmstate_ac97_bm_regs, AC97BusMasterRegs),
+ VMSTATE_BUFFER (mixer_data, AC97LinkState),
+ VMSTATE_UNUSED_TEST (is_version_2, 3),
+ VMSTATE_END_OF_LIST ()
+ }
+};
+
+static uint64_t nam_read(void *opaque, hwaddr addr, unsigned size)
+{
+ if ((addr / size) > 256) {
+ return -1;
+ }
+
+ switch (size) {
+ case 1:
+ return nam_readb(opaque, addr);
+ case 2:
+ return nam_readw(opaque, addr);
+ case 4:
+ return nam_readl(opaque, addr);
+ default:
+ return -1;
+ }
+}
+
+static void nam_write(void *opaque, hwaddr addr, uint64_t val,
+ unsigned size)
+{
+ if ((addr / size) > 256) {
+ return;
+ }
+
+ switch (size) {
+ case 1:
+ nam_writeb(opaque, addr, val);
+ break;
+ case 2:
+ nam_writew(opaque, addr, val);
+ break;
+ case 4:
+ nam_writel(opaque, addr, val);
+ break;
+ }
+}
+
+static const MemoryRegionOps ac97_io_nam_ops = {
+ .read = nam_read,
+ .write = nam_write,
+ .impl = {
+ .min_access_size = 1,
+ .max_access_size = 4,
+ },
+ .endianness = DEVICE_LITTLE_ENDIAN,
+};
+
+static uint64_t nabm_read(void *opaque, hwaddr addr, unsigned size)
+{
+ if ((addr / size) > 64) {
+ return -1;
+ }
+
+ switch (size) {
+ case 1:
+ return nabm_readb(opaque, addr);
+ case 2:
+ return nabm_readw(opaque, addr);
+ case 4:
+ return nabm_readl(opaque, addr);
+ default:
+ return -1;
+ }
+}
+
+static void nabm_write(void *opaque, hwaddr addr, uint64_t val,
+ unsigned size)
+{
+ if ((addr / size) > 64) {
+ return;
+ }
+
+ switch (size) {
+ case 1:
+ nabm_writeb(opaque, addr, val);
+ break;
+ case 2:
+ nabm_writew(opaque, addr, val);
+ break;
+ case 4:
+ nabm_writel(opaque, addr, val);
+ break;
+ }
+}
+
+
+static const MemoryRegionOps ac97_io_nabm_ops = {
+ .read = nabm_read,
+ .write = nabm_write,
+ .impl = {
+ .min_access_size = 1,
+ .max_access_size = 4,
+ },
+ .endianness = DEVICE_LITTLE_ENDIAN,
+};
+
+static void ac97_on_reset (void *opaque)
+{
+ AC97LinkState *s = opaque;
+
+ reset_bm_regs (s, &s->bm_regs[0]);
+ reset_bm_regs (s, &s->bm_regs[1]);
+ reset_bm_regs (s, &s->bm_regs[2]);
+
+ /*
+ * Reset the mixer too. The Windows XP driver seems to rely on
+ * this. At least it wants to read the vendor id before it resets
+ * the codec manually.
+ */
+ mixer_reset (s);
+}
+
+static int ac97_initfn (PCIDevice *dev)
+{
+ AC97LinkState *s = DO_UPCAST (AC97LinkState, dev, dev);
+ uint8_t *c = s->dev.config;
+
+ /* TODO: no need to override */
+ c[PCI_COMMAND] = 0x00; /* pcicmd pci command rw, ro */
+ c[PCI_COMMAND + 1] = 0x00;
+
+ /* TODO: */
+ c[PCI_STATUS] = PCI_STATUS_FAST_BACK; /* pcists pci status rwc, ro */
+ c[PCI_STATUS + 1] = PCI_STATUS_DEVSEL_MEDIUM >> 8;
+
+ c[PCI_CLASS_PROG] = 0x00; /* pi programming interface ro */
+
+ /* TODO set when bar is registered. no need to override. */
+ /* nabmar native audio mixer base address rw */
+ c[PCI_BASE_ADDRESS_0] = PCI_BASE_ADDRESS_SPACE_IO;
+ c[PCI_BASE_ADDRESS_0 + 1] = 0x00;
+ c[PCI_BASE_ADDRESS_0 + 2] = 0x00;
+ c[PCI_BASE_ADDRESS_0 + 3] = 0x00;
+
+ /* TODO set when bar is registered. no need to override. */
+ /* nabmbar native audio bus mastering base address rw */
+ c[PCI_BASE_ADDRESS_0 + 4] = PCI_BASE_ADDRESS_SPACE_IO;
+ c[PCI_BASE_ADDRESS_0 + 5] = 0x00;
+ c[PCI_BASE_ADDRESS_0 + 6] = 0x00;
+ c[PCI_BASE_ADDRESS_0 + 7] = 0x00;
+
+ if (s->use_broken_id) {
+ c[PCI_SUBSYSTEM_VENDOR_ID] = 0x86;
+ c[PCI_SUBSYSTEM_VENDOR_ID + 1] = 0x80;
+ c[PCI_SUBSYSTEM_ID] = 0x00;
+ c[PCI_SUBSYSTEM_ID + 1] = 0x00;
+ }
+
+ c[PCI_INTERRUPT_LINE] = 0x00; /* intr_ln interrupt line rw */
+ c[PCI_INTERRUPT_PIN] = 0x01; /* intr_pn interrupt pin ro */
+
+ memory_region_init_io (&s->io_nam, OBJECT(s), &ac97_io_nam_ops, s,
+ "ac97-nam", 1024);
+ memory_region_init_io (&s->io_nabm, OBJECT(s), &ac97_io_nabm_ops, s,
+ "ac97-nabm", 256);
+ pci_register_bar (&s->dev, 0, PCI_BASE_ADDRESS_SPACE_IO, &s->io_nam);
+ pci_register_bar (&s->dev, 1, PCI_BASE_ADDRESS_SPACE_IO, &s->io_nabm);
+ qemu_register_reset (ac97_on_reset, s);
+ AUD_register_card ("ac97", &s->card);
+ ac97_on_reset (s);
+ return 0;
+}
+
+static void ac97_exitfn (PCIDevice *dev)
+{
+ AC97LinkState *s = DO_UPCAST (AC97LinkState, dev, dev);
+
+ memory_region_destroy (&s->io_nam);
+ memory_region_destroy (&s->io_nabm);
+}
+
+static int ac97_init (PCIBus *bus)
+{
+ pci_create_simple (bus, -1, "AC97");
+ return 0;
+}
+
+static Property ac97_properties[] = {
+ DEFINE_PROP_UINT32 ("use_broken_id", AC97LinkState, use_broken_id, 0),
+ DEFINE_PROP_END_OF_LIST (),
+};
+
+static void ac97_class_init (ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS (klass);
+ PCIDeviceClass *k = PCI_DEVICE_CLASS (klass);
+
+ k->init = ac97_initfn;
+ k->exit = ac97_exitfn;
+ k->vendor_id = PCI_VENDOR_ID_INTEL;
+ k->device_id = PCI_DEVICE_ID_INTEL_82801AA_5;
+ k->revision = 0x01;
+ k->class_id = PCI_CLASS_MULTIMEDIA_AUDIO;
+ set_bit(DEVICE_CATEGORY_SOUND, dc->categories);
+ dc->desc = "Intel 82801AA AC97 Audio";
+ dc->vmsd = &vmstate_ac97;
+ dc->props = ac97_properties;
+}
+
+static const TypeInfo ac97_info = {
+ .name = "AC97",
+ .parent = TYPE_PCI_DEVICE,
+ .instance_size = sizeof (AC97LinkState),
+ .class_init = ac97_class_init,
+};
+
+static void ac97_register_types (void)
+{
+ type_register_static (&ac97_info);
+ pci_register_soundhw("ac97", "Intel 82801AA AC97 Audio", ac97_init);
+}
+
+type_init (ac97_register_types)
diff --git a/hw/audio/adlib.c b/hw/audio/adlib.c
new file mode 100644
index 000000000..0421d473f
--- /dev/null
+++ b/hw/audio/adlib.c
@@ -0,0 +1,391 @@
+/*
+ * QEMU Proxy for OPL2/3 emulation by MAME team
+ *
+ * Copyright (c) 2004-2005 Vassili Karpov (malc)
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+#include "hw/hw.h"
+#include "hw/audio/audio.h"
+#include "audio/audio.h"
+#include "hw/isa/isa.h"
+
+//#define DEBUG
+
+#define ADLIB_KILL_TIMERS 1
+
+#ifdef HAS_YMF262
+#define ADLIB_DESC "Yamaha YMF262 (OPL3)"
+#else
+#define ADLIB_DESC "Yamaha YM3812 (OPL2)"
+#endif
+
+#ifdef DEBUG
+#include "qemu/timer.h"
+#endif
+
+#define dolog(...) AUD_log ("adlib", __VA_ARGS__)
+#ifdef DEBUG
+#define ldebug(...) dolog (__VA_ARGS__)
+#else
+#define ldebug(...)
+#endif
+
+#ifdef HAS_YMF262
+#include "ymf262.h"
+void YMF262UpdateOneQEMU (int which, INT16 *dst, int length);
+#define SHIFT 2
+#else
+#include "fmopl.h"
+#define SHIFT 1
+#endif
+
+#define IO_READ_PROTO(name) \
+ uint32_t name (void *opaque, uint32_t nport)
+#define IO_WRITE_PROTO(name) \
+ void name (void *opaque, uint32_t nport, uint32_t val)
+
+#define TYPE_ADLIB "adlib"
+#define ADLIB(obj) OBJECT_CHECK(AdlibState, (obj), TYPE_ADLIB)
+
+typedef struct {
+ ISADevice parent_obj;
+
+ QEMUSoundCard card;
+ uint32_t freq;
+ uint32_t port;
+ int ticking[2];
+ int enabled;
+ int active;
+ int bufpos;
+#ifdef DEBUG
+ int64_t exp[2];
+#endif
+ int16_t *mixbuf;
+ uint64_t dexp[2];
+ SWVoiceOut *voice;
+ int left, pos, samples;
+ QEMUAudioTimeStamp ats;
+#ifndef HAS_YMF262
+ FM_OPL *opl;
+#endif
+} AdlibState;
+
+static AdlibState *glob_adlib;
+
+static void adlib_stop_opl_timer (AdlibState *s, size_t n)
+{
+#ifdef HAS_YMF262
+ YMF262TimerOver (0, n);
+#else
+ OPLTimerOver (s->opl, n);
+#endif
+ s->ticking[n] = 0;
+}
+
+static void adlib_kill_timers (AdlibState *s)
+{
+ size_t i;
+
+ for (i = 0; i < 2; ++i) {
+ if (s->ticking[i]) {
+ uint64_t delta;
+
+ delta = AUD_get_elapsed_usec_out (s->voice, &s->ats);
+ ldebug (
+ "delta = %f dexp = %f expired => %d\n",
+ delta / 1000000.0,
+ s->dexp[i] / 1000000.0,
+ delta >= s->dexp[i]
+ );
+ if (ADLIB_KILL_TIMERS || delta >= s->dexp[i]) {
+ adlib_stop_opl_timer (s, i);
+ AUD_init_time_stamp_out (s->voice, &s->ats);
+ }
+ }
+ }
+}
+
+static IO_WRITE_PROTO (adlib_write)
+{
+ AdlibState *s = opaque;
+ int a = nport & 3;
+
+ s->active = 1;
+ AUD_set_active_out (s->voice, 1);
+
+ adlib_kill_timers (s);
+
+#ifdef HAS_YMF262
+ YMF262Write (0, a, val);
+#else
+ OPLWrite (s->opl, a, val);
+#endif
+}
+
+static IO_READ_PROTO (adlib_read)
+{
+ AdlibState *s = opaque;
+ uint8_t data;
+ int a = nport & 3;
+
+ adlib_kill_timers (s);
+
+#ifdef HAS_YMF262
+ data = YMF262Read (0, a);
+#else
+ data = OPLRead (s->opl, a);
+#endif
+ return data;
+}
+
+static void timer_handler (int c, double interval_Sec)
+{
+ AdlibState *s = glob_adlib;
+ unsigned n = c & 1;
+#ifdef DEBUG
+ double interval;
+ int64_t exp;
+#endif
+
+ if (interval_Sec == 0.0) {
+ s->ticking[n] = 0;
+ return;
+ }
+
+ s->ticking[n] = 1;
+#ifdef DEBUG
+ interval = get_ticks_per_sec () * interval_Sec;
+ exp = qemu_get_clock_ns (vm_clock) + interval;
+ s->exp[n] = exp;
+#endif
+
+ s->dexp[n] = interval_Sec * 1000000.0;
+ AUD_init_time_stamp_out (s->voice, &s->ats);
+}
+
+static int write_audio (AdlibState *s, int samples)
+{
+ int net = 0;
+ int pos = s->pos;
+
+ while (samples) {
+ int nbytes, wbytes, wsampl;
+
+ nbytes = samples << SHIFT;
+ wbytes = AUD_write (
+ s->voice,
+ s->mixbuf + (pos << (SHIFT - 1)),
+ nbytes
+ );
+
+ if (wbytes) {
+ wsampl = wbytes >> SHIFT;
+
+ samples -= wsampl;
+ pos = (pos + wsampl) % s->samples;
+
+ net += wsampl;
+ }
+ else {
+ break;
+ }
+ }
+
+ return net;
+}
+
+static void adlib_callback (void *opaque, int free)
+{
+ AdlibState *s = opaque;
+ int samples, net = 0, to_play, written;
+
+ samples = free >> SHIFT;
+ if (!(s->active && s->enabled) || !samples) {
+ return;
+ }
+
+ to_play = audio_MIN (s->left, samples);
+ while (to_play) {
+ written = write_audio (s, to_play);
+
+ if (written) {
+ s->left -= written;
+ samples -= written;
+ to_play -= written;
+ s->pos = (s->pos + written) % s->samples;
+ }
+ else {
+ return;
+ }
+ }
+
+ samples = audio_MIN (samples, s->samples - s->pos);
+ if (!samples) {
+ return;
+ }
+
+#ifdef HAS_YMF262
+ YMF262UpdateOneQEMU (0, s->mixbuf + s->pos * 2, samples);
+#else
+ YM3812UpdateOne (s->opl, s->mixbuf + s->pos, samples);
+#endif
+
+ while (samples) {
+ written = write_audio (s, samples);
+
+ if (written) {
+ net += written;
+ samples -= written;
+ s->pos = (s->pos + written) % s->samples;
+ }
+ else {
+ s->left = samples;
+ return;
+ }
+ }
+}
+
+static void Adlib_fini (AdlibState *s)
+{
+#ifdef HAS_YMF262
+ YMF262Shutdown ();
+#else
+ if (s->opl) {
+ OPLDestroy (s->opl);
+ s->opl = NULL;
+ }
+#endif
+
+ if (s->mixbuf) {
+ g_free (s->mixbuf);
+ }
+
+ s->active = 0;
+ s->enabled = 0;
+ AUD_remove_card (&s->card);
+}
+
+static MemoryRegionPortio adlib_portio_list[] = {
+ { 0x388, 4, 1, .read = adlib_read, .write = adlib_write, },
+ { 0, 4, 1, .read = adlib_read, .write = adlib_write, },
+ { 0, 2, 1, .read = adlib_read, .write = adlib_write, },
+ PORTIO_END_OF_LIST(),
+};
+
+static void adlib_realizefn (DeviceState *dev, Error **errp)
+{
+ AdlibState *s = ADLIB(dev);
+ PortioList *port_list = g_new(PortioList, 1);
+ struct audsettings as;
+
+ if (glob_adlib) {
+ error_setg (errp, "Cannot create more than 1 adlib device");
+ return;
+ }
+ glob_adlib = s;
+
+#ifdef HAS_YMF262
+ if (YMF262Init (1, 14318180, s->freq)) {
+ error_setg (errp, "YMF262Init %d failed", s->freq);
+ return;
+ }
+ else {
+ YMF262SetTimerHandler (0, timer_handler, 0);
+ s->enabled = 1;
+ }
+#else
+ s->opl = OPLCreate (OPL_TYPE_YM3812, 3579545, s->freq);
+ if (!s->opl) {
+ error_setg (errp, "OPLCreate %d failed", s->freq);
+ return;
+ }
+ else {
+ OPLSetTimerHandler (s->opl, timer_handler, 0);
+ s->enabled = 1;
+ }
+#endif
+
+ as.freq = s->freq;
+ as.nchannels = SHIFT;
+ as.fmt = AUD_FMT_S16;
+ as.endianness = AUDIO_HOST_ENDIANNESS;
+
+ AUD_register_card ("adlib", &s->card);
+
+ s->voice = AUD_open_out (
+ &s->card,
+ s->voice,
+ "adlib",
+ s,
+ adlib_callback,
+ &as
+ );
+ if (!s->voice) {
+ Adlib_fini (s);
+ error_setg (errp, "Initializing audio voice failed");
+ return;
+ }
+
+ s->samples = AUD_get_buffer_size_out (s->voice) >> SHIFT;
+ s->mixbuf = g_malloc0 (s->samples << SHIFT);
+
+ adlib_portio_list[1].offset = s->port;
+ adlib_portio_list[2].offset = s->port + 8;
+ portio_list_init (port_list, OBJECT(s), adlib_portio_list, s, "adlib");
+ portio_list_add (port_list, isa_address_space_io(&s->parent_obj), 0);
+}
+
+static Property adlib_properties[] = {
+ DEFINE_PROP_HEX32 ("iobase", AdlibState, port, 0x220),
+ DEFINE_PROP_UINT32 ("freq", AdlibState, freq, 44100),
+ DEFINE_PROP_END_OF_LIST (),
+};
+
+static void adlib_class_initfn (ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS (klass);
+
+ dc->realize = adlib_realizefn;
+ set_bit(DEVICE_CATEGORY_SOUND, dc->categories);
+ dc->desc = ADLIB_DESC;
+ dc->props = adlib_properties;
+}
+
+static const TypeInfo adlib_info = {
+ .name = TYPE_ADLIB,
+ .parent = TYPE_ISA_DEVICE,
+ .instance_size = sizeof (AdlibState),
+ .class_init = adlib_class_initfn,
+};
+
+static int Adlib_init (ISABus *bus)
+{
+ isa_create_simple (bus, TYPE_ADLIB);
+ return 0;
+}
+
+static void adlib_register_types (void)
+{
+ type_register_static (&adlib_info);
+ isa_register_soundhw("adlib", ADLIB_DESC, Adlib_init);
+}
+
+type_init (adlib_register_types)
diff --git a/hw/audio/cs4231.c b/hw/audio/cs4231.c
new file mode 100644
index 000000000..d19195afc
--- /dev/null
+++ b/hw/audio/cs4231.c
@@ -0,0 +1,187 @@
+/*
+ * QEMU Crystal CS4231 audio chip emulation
+ *
+ * Copyright (c) 2006 Fabrice Bellard
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+#include "hw/sysbus.h"
+#include "trace.h"
+
+/*
+ * In addition to Crystal CS4231 there is a DMA controller on Sparc.
+ */
+#define CS_SIZE 0x40
+#define CS_REGS 16
+#define CS_DREGS 32
+#define CS_MAXDREG (CS_DREGS - 1)
+
+#define TYPE_CS4231 "SUNW,CS4231"
+#define CS4231(obj) \
+ OBJECT_CHECK(CSState, (obj), TYPE_CS4231)
+
+typedef struct CSState {
+ SysBusDevice parent_obj;
+
+ MemoryRegion iomem;
+ qemu_irq irq;
+ uint32_t regs[CS_REGS];
+ uint8_t dregs[CS_DREGS];
+} CSState;
+
+#define CS_RAP(s) ((s)->regs[0] & CS_MAXDREG)
+#define CS_VER 0xa0
+#define CS_CDC_VER 0x8a
+
+static void cs_reset(DeviceState *d)
+{
+ CSState *s = CS4231(d);
+
+ memset(s->regs, 0, CS_REGS * 4);
+ memset(s->dregs, 0, CS_DREGS);
+ s->dregs[12] = CS_CDC_VER;
+ s->dregs[25] = CS_VER;
+}
+
+static uint64_t cs_mem_read(void *opaque, hwaddr addr,
+ unsigned size)
+{
+ CSState *s = opaque;
+ uint32_t saddr, ret;
+
+ saddr = addr >> 2;
+ switch (saddr) {
+ case 1:
+ switch (CS_RAP(s)) {
+ case 3: // Write only
+ ret = 0;
+ break;
+ default:
+ ret = s->dregs[CS_RAP(s)];
+ break;
+ }
+ trace_cs4231_mem_readl_dreg(CS_RAP(s), ret);
+ break;
+ default:
+ ret = s->regs[saddr];
+ trace_cs4231_mem_readl_reg(saddr, ret);
+ break;
+ }
+ return ret;
+}
+
+static void cs_mem_write(void *opaque, hwaddr addr,
+ uint64_t val, unsigned size)
+{
+ CSState *s = opaque;
+ uint32_t saddr;
+
+ saddr = addr >> 2;
+ trace_cs4231_mem_writel_reg(saddr, s->regs[saddr], val);
+ switch (saddr) {
+ case 1:
+ trace_cs4231_mem_writel_dreg(CS_RAP(s), s->dregs[CS_RAP(s)], val);
+ switch(CS_RAP(s)) {
+ case 11:
+ case 25: // Read only
+ break;
+ case 12:
+ val &= 0x40;
+ val |= CS_CDC_VER; // Codec version
+ s->dregs[CS_RAP(s)] = val;
+ break;
+ default:
+ s->dregs[CS_RAP(s)] = val;
+ break;
+ }
+ break;
+ case 2: // Read only
+ break;
+ case 4:
+ if (val & 1) {
+ cs_reset(DEVICE(s));
+ }
+ val &= 0x7f;
+ s->regs[saddr] = val;
+ break;
+ default:
+ s->regs[saddr] = val;
+ break;
+ }
+}
+
+static const MemoryRegionOps cs_mem_ops = {
+ .read = cs_mem_read,
+ .write = cs_mem_write,
+ .endianness = DEVICE_NATIVE_ENDIAN,
+};
+
+static const VMStateDescription vmstate_cs4231 = {
+ .name ="cs4231",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .minimum_version_id_old = 1,
+ .fields = (VMStateField []) {
+ VMSTATE_UINT32_ARRAY(regs, CSState, CS_REGS),
+ VMSTATE_UINT8_ARRAY(dregs, CSState, CS_DREGS),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+static int cs4231_init1(SysBusDevice *dev)
+{
+ CSState *s = CS4231(dev);
+
+ memory_region_init_io(&s->iomem, OBJECT(s), &cs_mem_ops, s, "cs4321",
+ CS_SIZE);
+ sysbus_init_mmio(dev, &s->iomem);
+ sysbus_init_irq(dev, &s->irq);
+
+ return 0;
+}
+
+static Property cs4231_properties[] = {
+ {.name = NULL},
+};
+
+static void cs4231_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
+
+ k->init = cs4231_init1;
+ dc->reset = cs_reset;
+ dc->vmsd = &vmstate_cs4231;
+ dc->props = cs4231_properties;
+}
+
+static const TypeInfo cs4231_info = {
+ .name = TYPE_CS4231,
+ .parent = TYPE_SYS_BUS_DEVICE,
+ .instance_size = sizeof(CSState),
+ .class_init = cs4231_class_init,
+};
+
+static void cs4231_register_types(void)
+{
+ type_register_static(&cs4231_info);
+}
+
+type_init(cs4231_register_types)
diff --git a/hw/audio/cs4231a.c b/hw/audio/cs4231a.c
new file mode 100644
index 000000000..666096be0
--- /dev/null
+++ b/hw/audio/cs4231a.c
@@ -0,0 +1,708 @@
+/*
+ * QEMU Crystal CS4231 audio chip emulation
+ *
+ * Copyright (c) 2006 Fabrice Bellard
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+#include "hw/hw.h"
+#include "hw/audio/audio.h"
+#include "audio/audio.h"
+#include "hw/isa/isa.h"
+#include "hw/qdev.h"
+#include "qemu/timer.h"
+
+/*
+ Missing features:
+ ADC
+ Loopback
+ Timer
+ ADPCM
+ More...
+*/
+
+/* #define DEBUG */
+/* #define DEBUG_XLAW */
+
+static struct {
+ int aci_counter;
+} conf = {1};
+
+#ifdef DEBUG
+#define dolog(...) AUD_log ("cs4231a", __VA_ARGS__)
+#else
+#define dolog(...)
+#endif
+
+#define lwarn(...) AUD_log ("cs4231a", "warning: " __VA_ARGS__)
+#define lerr(...) AUD_log ("cs4231a", "error: " __VA_ARGS__)
+
+#define CS_REGS 16
+#define CS_DREGS 32
+
+#define TYPE_CS4231A "cs4231a"
+#define CS4231A(obj) OBJECT_CHECK (CSState, (obj), TYPE_CS4231A)
+
+typedef struct CSState {
+ ISADevice dev;
+ QEMUSoundCard card;
+ MemoryRegion ioports;
+ qemu_irq pic;
+ uint32_t regs[CS_REGS];
+ uint8_t dregs[CS_DREGS];
+ uint32_t irq;
+ uint32_t dma;
+ uint32_t port;
+ int shift;
+ int dma_running;
+ int audio_free;
+ int transferred;
+ int aci_counter;
+ SWVoiceOut *voice;
+ int16_t *tab;
+} CSState;
+
+#define MODE2 (1 << 6)
+#define MCE (1 << 6)
+#define PMCE (1 << 4)
+#define CMCE (1 << 5)
+#define TE (1 << 6)
+#define PEN (1 << 0)
+#define INT (1 << 0)
+#define IEN (1 << 1)
+#define PPIO (1 << 6)
+#define PI (1 << 4)
+#define CI (1 << 5)
+#define TI (1 << 6)
+
+enum {
+ Index_Address,
+ Index_Data,
+ Status,
+ PIO_Data
+};
+
+enum {
+ Left_ADC_Input_Control,
+ Right_ADC_Input_Control,
+ Left_AUX1_Input_Control,
+ Right_AUX1_Input_Control,
+ Left_AUX2_Input_Control,
+ Right_AUX2_Input_Control,
+ Left_DAC_Output_Control,
+ Right_DAC_Output_Control,
+ FS_And_Playback_Data_Format,
+ Interface_Configuration,
+ Pin_Control,
+ Error_Status_And_Initialization,
+ MODE_And_ID,
+ Loopback_Control,
+ Playback_Upper_Base_Count,
+ Playback_Lower_Base_Count,
+ Alternate_Feature_Enable_I,
+ Alternate_Feature_Enable_II,
+ Left_Line_Input_Control,
+ Right_Line_Input_Control,
+ Timer_Low_Base,
+ Timer_High_Base,
+ RESERVED,
+ Alternate_Feature_Enable_III,
+ Alternate_Feature_Status,
+ Version_Chip_ID,
+ Mono_Input_And_Output_Control,
+ RESERVED_2,
+ Capture_Data_Format,
+ RESERVED_3,
+ Capture_Upper_Base_Count,
+ Capture_Lower_Base_Count
+};
+
+static int freqs[2][8] = {
+ { 8000, 16000, 27420, 32000, -1, -1, 48000, 9000 },
+ { 5510, 11025, 18900, 22050, 37800, 44100, 33075, 6620 }
+};
+
+/* Tables courtesy http://hazelware.luggle.com/tutorials/mulawcompression.html */
+static int16_t MuLawDecompressTable[256] =
+{
+ -32124,-31100,-30076,-29052,-28028,-27004,-25980,-24956,
+ -23932,-22908,-21884,-20860,-19836,-18812,-17788,-16764,
+ -15996,-15484,-14972,-14460,-13948,-13436,-12924,-12412,
+ -11900,-11388,-10876,-10364, -9852, -9340, -8828, -8316,
+ -7932, -7676, -7420, -7164, -6908, -6652, -6396, -6140,
+ -5884, -5628, -5372, -5116, -4860, -4604, -4348, -4092,
+ -3900, -3772, -3644, -3516, -3388, -3260, -3132, -3004,
+ -2876, -2748, -2620, -2492, -2364, -2236, -2108, -1980,
+ -1884, -1820, -1756, -1692, -1628, -1564, -1500, -1436,
+ -1372, -1308, -1244, -1180, -1116, -1052, -988, -924,
+ -876, -844, -812, -780, -748, -716, -684, -652,
+ -620, -588, -556, -524, -492, -460, -428, -396,
+ -372, -356, -340, -324, -308, -292, -276, -260,
+ -244, -228, -212, -196, -180, -164, -148, -132,
+ -120, -112, -104, -96, -88, -80, -72, -64,
+ -56, -48, -40, -32, -24, -16, -8, 0,
+ 32124, 31100, 30076, 29052, 28028, 27004, 25980, 24956,
+ 23932, 22908, 21884, 20860, 19836, 18812, 17788, 16764,
+ 15996, 15484, 14972, 14460, 13948, 13436, 12924, 12412,
+ 11900, 11388, 10876, 10364, 9852, 9340, 8828, 8316,
+ 7932, 7676, 7420, 7164, 6908, 6652, 6396, 6140,
+ 5884, 5628, 5372, 5116, 4860, 4604, 4348, 4092,
+ 3900, 3772, 3644, 3516, 3388, 3260, 3132, 3004,
+ 2876, 2748, 2620, 2492, 2364, 2236, 2108, 1980,
+ 1884, 1820, 1756, 1692, 1628, 1564, 1500, 1436,
+ 1372, 1308, 1244, 1180, 1116, 1052, 988, 924,
+ 876, 844, 812, 780, 748, 716, 684, 652,
+ 620, 588, 556, 524, 492, 460, 428, 396,
+ 372, 356, 340, 324, 308, 292, 276, 260,
+ 244, 228, 212, 196, 180, 164, 148, 132,
+ 120, 112, 104, 96, 88, 80, 72, 64,
+ 56, 48, 40, 32, 24, 16, 8, 0
+};
+
+static int16_t ALawDecompressTable[256] =
+{
+ -5504, -5248, -6016, -5760, -4480, -4224, -4992, -4736,
+ -7552, -7296, -8064, -7808, -6528, -6272, -7040, -6784,
+ -2752, -2624, -3008, -2880, -2240, -2112, -2496, -2368,
+ -3776, -3648, -4032, -3904, -3264, -3136, -3520, -3392,
+ -22016,-20992,-24064,-23040,-17920,-16896,-19968,-18944,
+ -30208,-29184,-32256,-31232,-26112,-25088,-28160,-27136,
+ -11008,-10496,-12032,-11520,-8960, -8448, -9984, -9472,
+ -15104,-14592,-16128,-15616,-13056,-12544,-14080,-13568,
+ -344, -328, -376, -360, -280, -264, -312, -296,
+ -472, -456, -504, -488, -408, -392, -440, -424,
+ -88, -72, -120, -104, -24, -8, -56, -40,
+ -216, -200, -248, -232, -152, -136, -184, -168,
+ -1376, -1312, -1504, -1440, -1120, -1056, -1248, -1184,
+ -1888, -1824, -2016, -1952, -1632, -1568, -1760, -1696,
+ -688, -656, -752, -720, -560, -528, -624, -592,
+ -944, -912, -1008, -976, -816, -784, -880, -848,
+ 5504, 5248, 6016, 5760, 4480, 4224, 4992, 4736,
+ 7552, 7296, 8064, 7808, 6528, 6272, 7040, 6784,
+ 2752, 2624, 3008, 2880, 2240, 2112, 2496, 2368,
+ 3776, 3648, 4032, 3904, 3264, 3136, 3520, 3392,
+ 22016, 20992, 24064, 23040, 17920, 16896, 19968, 18944,
+ 30208, 29184, 32256, 31232, 26112, 25088, 28160, 27136,
+ 11008, 10496, 12032, 11520, 8960, 8448, 9984, 9472,
+ 15104, 14592, 16128, 15616, 13056, 12544, 14080, 13568,
+ 344, 328, 376, 360, 280, 264, 312, 296,
+ 472, 456, 504, 488, 408, 392, 440, 424,
+ 88, 72, 120, 104, 24, 8, 56, 40,
+ 216, 200, 248, 232, 152, 136, 184, 168,
+ 1376, 1312, 1504, 1440, 1120, 1056, 1248, 1184,
+ 1888, 1824, 2016, 1952, 1632, 1568, 1760, 1696,
+ 688, 656, 752, 720, 560, 528, 624, 592,
+ 944, 912, 1008, 976, 816, 784, 880, 848
+};
+
+static void cs4231a_reset (DeviceState *dev)
+{
+ CSState *s = CS4231A (dev);
+
+ s->regs[Index_Address] = 0x40;
+ s->regs[Index_Data] = 0x00;
+ s->regs[Status] = 0x00;
+ s->regs[PIO_Data] = 0x00;
+
+ s->dregs[Left_ADC_Input_Control] = 0x00;
+ s->dregs[Right_ADC_Input_Control] = 0x00;
+ s->dregs[Left_AUX1_Input_Control] = 0x88;
+ s->dregs[Right_AUX1_Input_Control] = 0x88;
+ s->dregs[Left_AUX2_Input_Control] = 0x88;
+ s->dregs[Right_AUX2_Input_Control] = 0x88;
+ s->dregs[Left_DAC_Output_Control] = 0x80;
+ s->dregs[Right_DAC_Output_Control] = 0x80;
+ s->dregs[FS_And_Playback_Data_Format] = 0x00;
+ s->dregs[Interface_Configuration] = 0x08;
+ s->dregs[Pin_Control] = 0x00;
+ s->dregs[Error_Status_And_Initialization] = 0x00;
+ s->dregs[MODE_And_ID] = 0x8a;
+ s->dregs[Loopback_Control] = 0x00;
+ s->dregs[Playback_Upper_Base_Count] = 0x00;
+ s->dregs[Playback_Lower_Base_Count] = 0x00;
+ s->dregs[Alternate_Feature_Enable_I] = 0x00;
+ s->dregs[Alternate_Feature_Enable_II] = 0x00;
+ s->dregs[Left_Line_Input_Control] = 0x88;
+ s->dregs[Right_Line_Input_Control] = 0x88;
+ s->dregs[Timer_Low_Base] = 0x00;
+ s->dregs[Timer_High_Base] = 0x00;
+ s->dregs[RESERVED] = 0x00;
+ s->dregs[Alternate_Feature_Enable_III] = 0x00;
+ s->dregs[Alternate_Feature_Status] = 0x00;
+ s->dregs[Version_Chip_ID] = 0xa0;
+ s->dregs[Mono_Input_And_Output_Control] = 0xa0;
+ s->dregs[RESERVED_2] = 0x00;
+ s->dregs[Capture_Data_Format] = 0x00;
+ s->dregs[RESERVED_3] = 0x00;
+ s->dregs[Capture_Upper_Base_Count] = 0x00;
+ s->dregs[Capture_Lower_Base_Count] = 0x00;
+}
+
+static void cs_audio_callback (void *opaque, int free)
+{
+ CSState *s = opaque;
+ s->audio_free = free;
+}
+
+static void cs_reset_voices (CSState *s, uint32_t val)
+{
+ int xtal;
+ struct audsettings as;
+
+#ifdef DEBUG_XLAW
+ if (val == 0 || val == 32)
+ val = (1 << 4) | (1 << 5);
+#endif
+
+ xtal = val & 1;
+ as.freq = freqs[xtal][(val >> 1) & 7];
+
+ if (as.freq == -1) {
+ lerr ("unsupported frequency (val=%#x)\n", val);
+ goto error;
+ }
+
+ as.nchannels = (val & (1 << 4)) ? 2 : 1;
+ as.endianness = 0;
+ s->tab = NULL;
+
+ switch ((val >> 5) & ((s->dregs[MODE_And_ID] & MODE2) ? 7 : 3)) {
+ case 0:
+ as.fmt = AUD_FMT_U8;
+ s->shift = as.nchannels == 2;
+ break;
+
+ case 1:
+ s->tab = MuLawDecompressTable;
+ goto x_law;
+ case 3:
+ s->tab = ALawDecompressTable;
+ x_law:
+ as.fmt = AUD_FMT_S16;
+ as.endianness = AUDIO_HOST_ENDIANNESS;
+ s->shift = as.nchannels == 2;
+ break;
+
+ case 6:
+ as.endianness = 1;
+ case 2:
+ as.fmt = AUD_FMT_S16;
+ s->shift = as.nchannels;
+ break;
+
+ case 7:
+ case 4:
+ lerr ("attempt to use reserved format value (%#x)\n", val);
+ goto error;
+
+ case 5:
+ lerr ("ADPCM 4 bit IMA compatible format is not supported\n");
+ goto error;
+ }
+
+ s->voice = AUD_open_out (
+ &s->card,
+ s->voice,
+ "cs4231a",
+ s,
+ cs_audio_callback,
+ &as
+ );
+
+ if (s->dregs[Interface_Configuration] & PEN) {
+ if (!s->dma_running) {
+ DMA_hold_DREQ (s->dma);
+ AUD_set_active_out (s->voice, 1);
+ s->transferred = 0;
+ }
+ s->dma_running = 1;
+ }
+ else {
+ if (s->dma_running) {
+ DMA_release_DREQ (s->dma);
+ AUD_set_active_out (s->voice, 0);
+ }
+ s->dma_running = 0;
+ }
+ return;
+
+ error:
+ if (s->dma_running) {
+ DMA_release_DREQ (s->dma);
+ AUD_set_active_out (s->voice, 0);
+ }
+}
+
+static uint64_t cs_read (void *opaque, hwaddr addr, unsigned size)
+{
+ CSState *s = opaque;
+ uint32_t saddr, iaddr, ret;
+
+ saddr = addr;
+ iaddr = ~0U;
+
+ switch (saddr) {
+ case Index_Address:
+ ret = s->regs[saddr] & ~0x80;
+ break;
+
+ case Index_Data:
+ if (!(s->dregs[MODE_And_ID] & MODE2))
+ iaddr = s->regs[Index_Address] & 0x0f;
+ else
+ iaddr = s->regs[Index_Address] & 0x1f;
+
+ ret = s->dregs[iaddr];
+ if (iaddr == Error_Status_And_Initialization) {
+ /* keep SEAL happy */
+ if (s->aci_counter) {
+ ret |= 1 << 5;
+ s->aci_counter -= 1;
+ }
+ }
+ break;
+
+ default:
+ ret = s->regs[saddr];
+ break;
+ }
+ dolog ("read %d:%d -> %d\n", saddr, iaddr, ret);
+ return ret;
+}
+
+static void cs_write (void *opaque, hwaddr addr,
+ uint64_t val64, unsigned size)
+{
+ CSState *s = opaque;
+ uint32_t saddr, iaddr, val;
+
+ saddr = addr;
+ val = val64;
+
+ switch (saddr) {
+ case Index_Address:
+ if (!(s->regs[Index_Address] & MCE) && (val & MCE)
+ && (s->dregs[Interface_Configuration] & (3 << 3)))
+ s->aci_counter = conf.aci_counter;
+
+ s->regs[Index_Address] = val & ~(1 << 7);
+ break;
+
+ case Index_Data:
+ if (!(s->dregs[MODE_And_ID] & MODE2))
+ iaddr = s->regs[Index_Address] & 0x0f;
+ else
+ iaddr = s->regs[Index_Address] & 0x1f;
+
+ switch (iaddr) {
+ case RESERVED:
+ case RESERVED_2:
+ case RESERVED_3:
+ lwarn ("attempt to write %#x to reserved indirect register %d\n",
+ val, iaddr);
+ break;
+
+ case FS_And_Playback_Data_Format:
+ if (s->regs[Index_Address] & MCE) {
+ cs_reset_voices (s, val);
+ }
+ else {
+ if (s->dregs[Alternate_Feature_Status] & PMCE) {
+ val = (val & ~0x0f) | (s->dregs[iaddr] & 0x0f);
+ cs_reset_voices (s, val);
+ }
+ else {
+ lwarn ("[P]MCE(%#x, %#x) is not set, val=%#x\n",
+ s->regs[Index_Address],
+ s->dregs[Alternate_Feature_Status],
+ val);
+ break;
+ }
+ }
+ s->dregs[iaddr] = val;
+ break;
+
+ case Interface_Configuration:
+ val &= ~(1 << 5); /* D5 is reserved */
+ s->dregs[iaddr] = val;
+ if (val & PPIO) {
+ lwarn ("PIO is not supported (%#x)\n", val);
+ break;
+ }
+ if (val & PEN) {
+ if (!s->dma_running) {
+ cs_reset_voices (s, s->dregs[FS_And_Playback_Data_Format]);
+ }
+ }
+ else {
+ if (s->dma_running) {
+ DMA_release_DREQ (s->dma);
+ AUD_set_active_out (s->voice, 0);
+ s->dma_running = 0;
+ }
+ }
+ break;
+
+ case Error_Status_And_Initialization:
+ lwarn ("attempt to write to read only register %d\n", iaddr);
+ break;
+
+ case MODE_And_ID:
+ dolog ("val=%#x\n", val);
+ if (val & MODE2)
+ s->dregs[iaddr] |= MODE2;
+ else
+ s->dregs[iaddr] &= ~MODE2;
+ break;
+
+ case Alternate_Feature_Enable_I:
+ if (val & TE)
+ lerr ("timer is not yet supported\n");
+ s->dregs[iaddr] = val;
+ break;
+
+ case Alternate_Feature_Status:
+ if ((s->dregs[iaddr] & PI) && !(val & PI)) {
+ /* XXX: TI CI */
+ qemu_irq_lower (s->pic);
+ s->regs[Status] &= ~INT;
+ }
+ s->dregs[iaddr] = val;
+ break;
+
+ case Version_Chip_ID:
+ lwarn ("write to Version_Chip_ID register %#x\n", val);
+ s->dregs[iaddr] = val;
+ break;
+
+ default:
+ s->dregs[iaddr] = val;
+ break;
+ }
+ dolog ("written value %#x to indirect register %d\n", val, iaddr);
+ break;
+
+ case Status:
+ if (s->regs[Status] & INT) {
+ qemu_irq_lower (s->pic);
+ }
+ s->regs[Status] &= ~INT;
+ s->dregs[Alternate_Feature_Status] &= ~(PI | CI | TI);
+ break;
+
+ case PIO_Data:
+ lwarn ("attempt to write value %#x to PIO register\n", val);
+ break;
+ }
+}
+
+static int cs_write_audio (CSState *s, int nchan, int dma_pos,
+ int dma_len, int len)
+{
+ int temp, net;
+ uint8_t tmpbuf[4096];
+
+ temp = len;
+ net = 0;
+
+ while (temp) {
+ int left = dma_len - dma_pos;
+ int copied;
+ size_t to_copy;
+
+ to_copy = audio_MIN (temp, left);
+ if (to_copy > sizeof (tmpbuf)) {
+ to_copy = sizeof (tmpbuf);
+ }
+
+ copied = DMA_read_memory (nchan, tmpbuf, dma_pos, to_copy);
+ if (s->tab) {
+ int i;
+ int16_t linbuf[4096];
+
+ for (i = 0; i < copied; ++i)
+ linbuf[i] = s->tab[tmpbuf[i]];
+ copied = AUD_write (s->voice, linbuf, copied << 1);
+ copied >>= 1;
+ }
+ else {
+ copied = AUD_write (s->voice, tmpbuf, copied);
+ }
+
+ temp -= copied;
+ dma_pos = (dma_pos + copied) % dma_len;
+ net += copied;
+
+ if (!copied) {
+ break;
+ }
+ }
+
+ return net;
+}
+
+static int cs_dma_read (void *opaque, int nchan, int dma_pos, int dma_len)
+{
+ CSState *s = opaque;
+ int copy, written;
+ int till = -1;
+
+ copy = s->voice ? (s->audio_free >> (s->tab != NULL)) : dma_len;
+
+ if (s->dregs[Pin_Control] & IEN) {
+ till = (s->dregs[Playback_Lower_Base_Count]
+ | (s->dregs[Playback_Upper_Base_Count] << 8)) << s->shift;
+ till -= s->transferred;
+ copy = audio_MIN (till, copy);
+ }
+
+ if ((copy <= 0) || (dma_len <= 0)) {
+ return dma_pos;
+ }
+
+ written = cs_write_audio (s, nchan, dma_pos, dma_len, copy);
+
+ dma_pos = (dma_pos + written) % dma_len;
+ s->audio_free -= (written << (s->tab != NULL));
+
+ if (written == till) {
+ s->regs[Status] |= INT;
+ s->dregs[Alternate_Feature_Status] |= PI;
+ s->transferred = 0;
+ qemu_irq_raise (s->pic);
+ }
+ else {
+ s->transferred += written;
+ }
+
+ return dma_pos;
+}
+
+static int cs4231a_pre_load (void *opaque)
+{
+ CSState *s = opaque;
+
+ if (s->dma_running) {
+ DMA_release_DREQ (s->dma);
+ AUD_set_active_out (s->voice, 0);
+ }
+ s->dma_running = 0;
+ return 0;
+}
+
+static int cs4231a_post_load (void *opaque, int version_id)
+{
+ CSState *s = opaque;
+
+ if (s->dma_running && (s->dregs[Interface_Configuration] & PEN)) {
+ s->dma_running = 0;
+ cs_reset_voices (s, s->dregs[FS_And_Playback_Data_Format]);
+ }
+ return 0;
+}
+
+static const VMStateDescription vmstate_cs4231a = {
+ .name = "cs4231a",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .minimum_version_id_old = 1,
+ .pre_load = cs4231a_pre_load,
+ .post_load = cs4231a_post_load,
+ .fields = (VMStateField []) {
+ VMSTATE_UINT32_ARRAY (regs, CSState, CS_REGS),
+ VMSTATE_BUFFER (dregs, CSState),
+ VMSTATE_INT32 (dma_running, CSState),
+ VMSTATE_INT32 (audio_free, CSState),
+ VMSTATE_INT32 (transferred, CSState),
+ VMSTATE_INT32 (aci_counter, CSState),
+ VMSTATE_END_OF_LIST ()
+ }
+};
+
+static const MemoryRegionOps cs_ioport_ops = {
+ .read = cs_read,
+ .write = cs_write,
+ .impl = {
+ .min_access_size = 1,
+ .max_access_size = 1,
+ }
+};
+
+static void cs4231a_initfn (Object *obj)
+{
+ CSState *s = CS4231A (obj);
+
+ memory_region_init_io (&s->ioports, OBJECT(s), &cs_ioport_ops, s,
+ "cs4231a", 4);
+}
+
+static void cs4231a_realizefn (DeviceState *dev, Error **errp)
+{
+ ISADevice *d = ISA_DEVICE (dev);
+ CSState *s = CS4231A (dev);
+
+ isa_init_irq (d, &s->pic, s->irq);
+
+ isa_register_ioport (d, &s->ioports, s->port);
+
+ DMA_register_channel (s->dma, cs_dma_read, s);
+
+ AUD_register_card ("cs4231a", &s->card);
+}
+
+static int cs4231a_init (ISABus *bus)
+{
+ isa_create_simple (bus, TYPE_CS4231A);
+ return 0;
+}
+
+static Property cs4231a_properties[] = {
+ DEFINE_PROP_HEX32 ("iobase", CSState, port, 0x534),
+ DEFINE_PROP_UINT32 ("irq", CSState, irq, 9),
+ DEFINE_PROP_UINT32 ("dma", CSState, dma, 3),
+ DEFINE_PROP_END_OF_LIST (),
+};
+
+static void cs4231a_class_initfn (ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS (klass);
+
+ dc->realize = cs4231a_realizefn;
+ dc->reset = cs4231a_reset;
+ set_bit(DEVICE_CATEGORY_SOUND, dc->categories);
+ dc->desc = "Crystal Semiconductor CS4231A";
+ dc->vmsd = &vmstate_cs4231a;
+ dc->props = cs4231a_properties;
+}
+
+static const TypeInfo cs4231a_info = {
+ .name = TYPE_CS4231A,
+ .parent = TYPE_ISA_DEVICE,
+ .instance_size = sizeof (CSState),
+ .instance_init = cs4231a_initfn,
+ .class_init = cs4231a_class_initfn,
+};
+
+static void cs4231a_register_types (void)
+{
+ type_register_static (&cs4231a_info);
+ isa_register_soundhw("cs4231a", "CS4231A", cs4231a_init);
+}
+
+type_init (cs4231a_register_types)
diff --git a/hw/audio/es1370.c b/hw/audio/es1370.c
new file mode 100644
index 000000000..adb66ced7
--- /dev/null
+++ b/hw/audio/es1370.c
@@ -0,0 +1,1091 @@
+/*
+ * QEMU ES1370 emulation
+ *
+ * Copyright (c) 2005 Vassili Karpov (malc)
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+/* #define DEBUG_ES1370 */
+/* #define VERBOSE_ES1370 */
+#define SILENT_ES1370
+
+#include "hw/hw.h"
+#include "hw/audio/audio.h"
+#include "audio/audio.h"
+#include "hw/pci/pci.h"
+#include "sysemu/dma.h"
+
+/* Missing stuff:
+ SCTRL_P[12](END|ST)INC
+ SCTRL_P1SCTRLD
+ SCTRL_P2DACSEN
+ CTRL_DAC_SYNC
+ MIDI
+ non looped mode
+ surely more
+*/
+
+/*
+ Following macros and samplerate array were copied verbatim from
+ Linux kernel 2.4.30: drivers/sound/es1370.c
+
+ Copyright (C) 1998-2001, 2003 Thomas Sailer (t.sailer@alumni.ethz.ch)
+*/
+
+/* Start blatant GPL violation */
+
+#define ES1370_REG_CONTROL 0x00
+#define ES1370_REG_STATUS 0x04
+#define ES1370_REG_UART_DATA 0x08
+#define ES1370_REG_UART_STATUS 0x09
+#define ES1370_REG_UART_CONTROL 0x09
+#define ES1370_REG_UART_TEST 0x0a
+#define ES1370_REG_MEMPAGE 0x0c
+#define ES1370_REG_CODEC 0x10
+#define ES1370_REG_SERIAL_CONTROL 0x20
+#define ES1370_REG_DAC1_SCOUNT 0x24
+#define ES1370_REG_DAC2_SCOUNT 0x28
+#define ES1370_REG_ADC_SCOUNT 0x2c
+
+#define ES1370_REG_DAC1_FRAMEADR 0xc30
+#define ES1370_REG_DAC1_FRAMECNT 0xc34
+#define ES1370_REG_DAC2_FRAMEADR 0xc38
+#define ES1370_REG_DAC2_FRAMECNT 0xc3c
+#define ES1370_REG_ADC_FRAMEADR 0xd30
+#define ES1370_REG_ADC_FRAMECNT 0xd34
+#define ES1370_REG_PHANTOM_FRAMEADR 0xd38
+#define ES1370_REG_PHANTOM_FRAMECNT 0xd3c
+
+static const unsigned dac1_samplerate[] = { 5512, 11025, 22050, 44100 };
+
+#define DAC2_SRTODIV(x) (((1411200+(x)/2)/(x))-2)
+#define DAC2_DIVTOSR(x) (1411200/((x)+2))
+
+#define CTRL_ADC_STOP 0x80000000 /* 1 = ADC stopped */
+#define CTRL_XCTL1 0x40000000 /* electret mic bias */
+#define CTRL_OPEN 0x20000000 /* no function, can be read and written */
+#define CTRL_PCLKDIV 0x1fff0000 /* ADC/DAC2 clock divider */
+#define CTRL_SH_PCLKDIV 16
+#define CTRL_MSFMTSEL 0x00008000 /* MPEG serial data fmt: 0 = Sony, 1 = I2S */
+#define CTRL_M_SBB 0x00004000 /* DAC2 clock: 0 = PCLKDIV, 1 = MPEG */
+#define CTRL_WTSRSEL 0x00003000 /* DAC1 clock freq: 0=5512, 1=11025, 2=22050, 3=44100 */
+#define CTRL_SH_WTSRSEL 12
+#define CTRL_DAC_SYNC 0x00000800 /* 1 = DAC2 runs off DAC1 clock */
+#define CTRL_CCB_INTRM 0x00000400 /* 1 = CCB "voice" ints enabled */
+#define CTRL_M_CB 0x00000200 /* recording source: 0 = ADC, 1 = MPEG */
+#define CTRL_XCTL0 0x00000100 /* 0 = Line in, 1 = Line out */
+#define CTRL_BREQ 0x00000080 /* 1 = test mode (internal mem test) */
+#define CTRL_DAC1_EN 0x00000040 /* enable DAC1 */
+#define CTRL_DAC2_EN 0x00000020 /* enable DAC2 */
+#define CTRL_ADC_EN 0x00000010 /* enable ADC */
+#define CTRL_UART_EN 0x00000008 /* enable MIDI uart */
+#define CTRL_JYSTK_EN 0x00000004 /* enable Joystick port (presumably at address 0x200) */
+#define CTRL_CDC_EN 0x00000002 /* enable serial (CODEC) interface */
+#define CTRL_SERR_DIS 0x00000001 /* 1 = disable PCI SERR signal */
+
+#define STAT_INTR 0x80000000 /* wired or of all interrupt bits */
+#define STAT_CSTAT 0x00000400 /* 1 = codec busy or codec write in progress */
+#define STAT_CBUSY 0x00000200 /* 1 = codec busy */
+#define STAT_CWRIP 0x00000100 /* 1 = codec write in progress */
+#define STAT_VC 0x00000060 /* CCB int source, 0=DAC1, 1=DAC2, 2=ADC, 3=undef */
+#define STAT_SH_VC 5
+#define STAT_MCCB 0x00000010 /* CCB int pending */
+#define STAT_UART 0x00000008 /* UART int pending */
+#define STAT_DAC1 0x00000004 /* DAC1 int pending */
+#define STAT_DAC2 0x00000002 /* DAC2 int pending */
+#define STAT_ADC 0x00000001 /* ADC int pending */
+
+#define USTAT_RXINT 0x80 /* UART rx int pending */
+#define USTAT_TXINT 0x04 /* UART tx int pending */
+#define USTAT_TXRDY 0x02 /* UART tx ready */
+#define USTAT_RXRDY 0x01 /* UART rx ready */
+
+#define UCTRL_RXINTEN 0x80 /* 1 = enable RX ints */
+#define UCTRL_TXINTEN 0x60 /* TX int enable field mask */
+#define UCTRL_ENA_TXINT 0x20 /* enable TX int */
+#define UCTRL_CNTRL 0x03 /* control field */
+#define UCTRL_CNTRL_SWR 0x03 /* software reset command */
+
+#define SCTRL_P2ENDINC 0x00380000 /* */
+#define SCTRL_SH_P2ENDINC 19
+#define SCTRL_P2STINC 0x00070000 /* */
+#define SCTRL_SH_P2STINC 16
+#define SCTRL_R1LOOPSEL 0x00008000 /* 0 = loop mode */
+#define SCTRL_P2LOOPSEL 0x00004000 /* 0 = loop mode */
+#define SCTRL_P1LOOPSEL 0x00002000 /* 0 = loop mode */
+#define SCTRL_P2PAUSE 0x00001000 /* 1 = pause mode */
+#define SCTRL_P1PAUSE 0x00000800 /* 1 = pause mode */
+#define SCTRL_R1INTEN 0x00000400 /* enable interrupt */
+#define SCTRL_P2INTEN 0x00000200 /* enable interrupt */
+#define SCTRL_P1INTEN 0x00000100 /* enable interrupt */
+#define SCTRL_P1SCTRLD 0x00000080 /* reload sample count register for DAC1 */
+#define SCTRL_P2DACSEN 0x00000040 /* 1 = DAC2 play back last sample when disabled */
+#define SCTRL_R1SEB 0x00000020 /* 1 = 16bit */
+#define SCTRL_R1SMB 0x00000010 /* 1 = stereo */
+#define SCTRL_R1FMT 0x00000030 /* format mask */
+#define SCTRL_SH_R1FMT 4
+#define SCTRL_P2SEB 0x00000008 /* 1 = 16bit */
+#define SCTRL_P2SMB 0x00000004 /* 1 = stereo */
+#define SCTRL_P2FMT 0x0000000c /* format mask */
+#define SCTRL_SH_P2FMT 2
+#define SCTRL_P1SEB 0x00000002 /* 1 = 16bit */
+#define SCTRL_P1SMB 0x00000001 /* 1 = stereo */
+#define SCTRL_P1FMT 0x00000003 /* format mask */
+#define SCTRL_SH_P1FMT 0
+
+/* End blatant GPL violation */
+
+#define NB_CHANNELS 3
+#define DAC1_CHANNEL 0
+#define DAC2_CHANNEL 1
+#define ADC_CHANNEL 2
+
+#define IO_READ_PROTO(n) \
+static uint32_t n (void *opaque, uint32_t addr)
+#define IO_WRITE_PROTO(n) \
+static void n (void *opaque, uint32_t addr, uint32_t val)
+
+static void es1370_dac1_callback (void *opaque, int free);
+static void es1370_dac2_callback (void *opaque, int free);
+static void es1370_adc_callback (void *opaque, int avail);
+
+#ifdef DEBUG_ES1370
+
+#define ldebug(...) AUD_log ("es1370", __VA_ARGS__)
+
+static void print_ctl (uint32_t val)
+{
+ char buf[1024];
+
+ buf[0] = '\0';
+#define a(n) if (val & CTRL_##n) strcat (buf, " "#n)
+ a (ADC_STOP);
+ a (XCTL1);
+ a (OPEN);
+ a (MSFMTSEL);
+ a (M_SBB);
+ a (DAC_SYNC);
+ a (CCB_INTRM);
+ a (M_CB);
+ a (XCTL0);
+ a (BREQ);
+ a (DAC1_EN);
+ a (DAC2_EN);
+ a (ADC_EN);
+ a (UART_EN);
+ a (JYSTK_EN);
+ a (CDC_EN);
+ a (SERR_DIS);
+#undef a
+ AUD_log ("es1370", "ctl - PCLKDIV %d(DAC2 freq %d), freq %d,%s\n",
+ (val & CTRL_PCLKDIV) >> CTRL_SH_PCLKDIV,
+ DAC2_DIVTOSR ((val & CTRL_PCLKDIV) >> CTRL_SH_PCLKDIV),
+ dac1_samplerate[(val & CTRL_WTSRSEL) >> CTRL_SH_WTSRSEL],
+ buf);
+}
+
+static void print_sctl (uint32_t val)
+{
+ static const char *fmt_names[] = {"8M", "8S", "16M", "16S"};
+ char buf[1024];
+
+ buf[0] = '\0';
+
+#define a(n) if (val & SCTRL_##n) strcat (buf, " "#n)
+#define b(n) if (!(val & SCTRL_##n)) strcat (buf, " "#n)
+ b (R1LOOPSEL);
+ b (P2LOOPSEL);
+ b (P1LOOPSEL);
+ a (P2PAUSE);
+ a (P1PAUSE);
+ a (R1INTEN);
+ a (P2INTEN);
+ a (P1INTEN);
+ a (P1SCTRLD);
+ a (P2DACSEN);
+ if (buf[0]) {
+ strcat (buf, "\n ");
+ }
+ else {
+ buf[0] = ' ';
+ buf[1] = '\0';
+ }
+#undef b
+#undef a
+ AUD_log ("es1370",
+ "%s"
+ "p2_end_inc %d, p2_st_inc %d, r1_fmt %s, p2_fmt %s, p1_fmt %s\n",
+ buf,
+ (val & SCTRL_P2ENDINC) >> SCTRL_SH_P2ENDINC,
+ (val & SCTRL_P2STINC) >> SCTRL_SH_P2STINC,
+ fmt_names [(val >> SCTRL_SH_R1FMT) & 3],
+ fmt_names [(val >> SCTRL_SH_P2FMT) & 3],
+ fmt_names [(val >> SCTRL_SH_P1FMT) & 3]
+ );
+}
+#else
+#define ldebug(...)
+#define print_ctl(...)
+#define print_sctl(...)
+#endif
+
+#ifdef VERBOSE_ES1370
+#define dolog(...) AUD_log ("es1370", __VA_ARGS__)
+#else
+#define dolog(...)
+#endif
+
+#ifndef SILENT_ES1370
+#define lwarn(...) AUD_log ("es1370: warning", __VA_ARGS__)
+#else
+#define lwarn(...)
+#endif
+
+struct chan {
+ uint32_t shift;
+ uint32_t leftover;
+ uint32_t scount;
+ uint32_t frame_addr;
+ uint32_t frame_cnt;
+};
+
+typedef struct ES1370State {
+ PCIDevice dev;
+ QEMUSoundCard card;
+ MemoryRegion io;
+ struct chan chan[NB_CHANNELS];
+ SWVoiceOut *dac_voice[2];
+ SWVoiceIn *adc_voice;
+
+ uint32_t ctl;
+ uint32_t status;
+ uint32_t mempage;
+ uint32_t codec;
+ uint32_t sctl;
+} ES1370State;
+
+struct chan_bits {
+ uint32_t ctl_en;
+ uint32_t stat_int;
+ uint32_t sctl_pause;
+ uint32_t sctl_inten;
+ uint32_t sctl_fmt;
+ uint32_t sctl_sh_fmt;
+ uint32_t sctl_loopsel;
+ void (*calc_freq) (ES1370State *s, uint32_t ctl,
+ uint32_t *old_freq, uint32_t *new_freq);
+};
+
+static void es1370_dac1_calc_freq (ES1370State *s, uint32_t ctl,
+ uint32_t *old_freq, uint32_t *new_freq);
+static void es1370_dac2_and_adc_calc_freq (ES1370State *s, uint32_t ctl,
+ uint32_t *old_freq,
+ uint32_t *new_freq);
+
+static const struct chan_bits es1370_chan_bits[] = {
+ {CTRL_DAC1_EN, STAT_DAC1, SCTRL_P1PAUSE, SCTRL_P1INTEN,
+ SCTRL_P1FMT, SCTRL_SH_P1FMT, SCTRL_P1LOOPSEL,
+ es1370_dac1_calc_freq},
+
+ {CTRL_DAC2_EN, STAT_DAC2, SCTRL_P2PAUSE, SCTRL_P2INTEN,
+ SCTRL_P2FMT, SCTRL_SH_P2FMT, SCTRL_P2LOOPSEL,
+ es1370_dac2_and_adc_calc_freq},
+
+ {CTRL_ADC_EN, STAT_ADC, 0, SCTRL_R1INTEN,
+ SCTRL_R1FMT, SCTRL_SH_R1FMT, SCTRL_R1LOOPSEL,
+ es1370_dac2_and_adc_calc_freq}
+};
+
+static void es1370_update_status (ES1370State *s, uint32_t new_status)
+{
+ uint32_t level = new_status & (STAT_DAC1 | STAT_DAC2 | STAT_ADC);
+
+ if (level) {
+ s->status = new_status | STAT_INTR;
+ }
+ else {
+ s->status = new_status & ~STAT_INTR;
+ }
+ qemu_set_irq (s->dev.irq[0], !!level);
+}
+
+static void es1370_reset (ES1370State *s)
+{
+ size_t i;
+
+ s->ctl = 1;
+ s->status = 0x60;
+ s->mempage = 0;
+ s->codec = 0;
+ s->sctl = 0;
+
+ for (i = 0; i < NB_CHANNELS; ++i) {
+ struct chan *d = &s->chan[i];
+ d->scount = 0;
+ d->leftover = 0;
+ if (i == ADC_CHANNEL) {
+ AUD_close_in (&s->card, s->adc_voice);
+ s->adc_voice = NULL;
+ }
+ else {
+ AUD_close_out (&s->card, s->dac_voice[i]);
+ s->dac_voice[i] = NULL;
+ }
+ }
+ qemu_irq_lower (s->dev.irq[0]);
+}
+
+static void es1370_maybe_lower_irq (ES1370State *s, uint32_t sctl)
+{
+ uint32_t new_status = s->status;
+
+ if (!(sctl & SCTRL_P1INTEN) && (s->sctl & SCTRL_P1INTEN)) {
+ new_status &= ~STAT_DAC1;
+ }
+
+ if (!(sctl & SCTRL_P2INTEN) && (s->sctl & SCTRL_P2INTEN)) {
+ new_status &= ~STAT_DAC2;
+ }
+
+ if (!(sctl & SCTRL_R1INTEN) && (s->sctl & SCTRL_R1INTEN)) {
+ new_status &= ~STAT_ADC;
+ }
+
+ if (new_status != s->status) {
+ es1370_update_status (s, new_status);
+ }
+}
+
+static void es1370_dac1_calc_freq (ES1370State *s, uint32_t ctl,
+ uint32_t *old_freq, uint32_t *new_freq)
+
+{
+ *old_freq = dac1_samplerate[(s->ctl & CTRL_WTSRSEL) >> CTRL_SH_WTSRSEL];
+ *new_freq = dac1_samplerate[(ctl & CTRL_WTSRSEL) >> CTRL_SH_WTSRSEL];
+}
+
+static void es1370_dac2_and_adc_calc_freq (ES1370State *s, uint32_t ctl,
+ uint32_t *old_freq,
+ uint32_t *new_freq)
+
+{
+ uint32_t old_pclkdiv, new_pclkdiv;
+
+ new_pclkdiv = (ctl & CTRL_PCLKDIV) >> CTRL_SH_PCLKDIV;
+ old_pclkdiv = (s->ctl & CTRL_PCLKDIV) >> CTRL_SH_PCLKDIV;
+ *new_freq = DAC2_DIVTOSR (new_pclkdiv);
+ *old_freq = DAC2_DIVTOSR (old_pclkdiv);
+}
+
+static void es1370_update_voices (ES1370State *s, uint32_t ctl, uint32_t sctl)
+{
+ size_t i;
+ uint32_t old_freq, new_freq, old_fmt, new_fmt;
+
+ for (i = 0; i < NB_CHANNELS; ++i) {
+ struct chan *d = &s->chan[i];
+ const struct chan_bits *b = &es1370_chan_bits[i];
+
+ new_fmt = (sctl & b->sctl_fmt) >> b->sctl_sh_fmt;
+ old_fmt = (s->sctl & b->sctl_fmt) >> b->sctl_sh_fmt;
+
+ b->calc_freq (s, ctl, &old_freq, &new_freq);
+
+ if ((old_fmt != new_fmt) || (old_freq != new_freq)) {
+ d->shift = (new_fmt & 1) + (new_fmt >> 1);
+ ldebug ("channel %zu, freq = %d, nchannels %d, fmt %d, shift %d\n",
+ i,
+ new_freq,
+ 1 << (new_fmt & 1),
+ (new_fmt & 2) ? AUD_FMT_S16 : AUD_FMT_U8,
+ d->shift);
+ if (new_freq) {
+ struct audsettings as;
+
+ as.freq = new_freq;
+ as.nchannels = 1 << (new_fmt & 1);
+ as.fmt = (new_fmt & 2) ? AUD_FMT_S16 : AUD_FMT_U8;
+ as.endianness = 0;
+
+ if (i == ADC_CHANNEL) {
+ s->adc_voice =
+ AUD_open_in (
+ &s->card,
+ s->adc_voice,
+ "es1370.adc",
+ s,
+ es1370_adc_callback,
+ &as
+ );
+ }
+ else {
+ s->dac_voice[i] =
+ AUD_open_out (
+ &s->card,
+ s->dac_voice[i],
+ i ? "es1370.dac2" : "es1370.dac1",
+ s,
+ i ? es1370_dac2_callback : es1370_dac1_callback,
+ &as
+ );
+ }
+ }
+ }
+
+ if (((ctl ^ s->ctl) & b->ctl_en)
+ || ((sctl ^ s->sctl) & b->sctl_pause)) {
+ int on = (ctl & b->ctl_en) && !(sctl & b->sctl_pause);
+
+ if (i == ADC_CHANNEL) {
+ AUD_set_active_in (s->adc_voice, on);
+ }
+ else {
+ AUD_set_active_out (s->dac_voice[i], on);
+ }
+ }
+ }
+
+ s->ctl = ctl;
+ s->sctl = sctl;
+}
+
+static inline uint32_t es1370_fixup (ES1370State *s, uint32_t addr)
+{
+ addr &= 0xff;
+ if (addr >= 0x30 && addr <= 0x3f)
+ addr |= s->mempage << 8;
+ return addr;
+}
+
+IO_WRITE_PROTO (es1370_writeb)
+{
+ ES1370State *s = opaque;
+ uint32_t shift, mask;
+
+ addr = es1370_fixup (s, addr);
+
+ switch (addr) {
+ case ES1370_REG_CONTROL:
+ case ES1370_REG_CONTROL + 1:
+ case ES1370_REG_CONTROL + 2:
+ case ES1370_REG_CONTROL + 3:
+ shift = (addr - ES1370_REG_CONTROL) << 3;
+ mask = 0xff << shift;
+ val = (s->ctl & ~mask) | ((val & 0xff) << shift);
+ es1370_update_voices (s, val, s->sctl);
+ print_ctl (val);
+ break;
+ case ES1370_REG_MEMPAGE:
+ s->mempage = val;
+ break;
+ case ES1370_REG_SERIAL_CONTROL:
+ case ES1370_REG_SERIAL_CONTROL + 1:
+ case ES1370_REG_SERIAL_CONTROL + 2:
+ case ES1370_REG_SERIAL_CONTROL + 3:
+ shift = (addr - ES1370_REG_SERIAL_CONTROL) << 3;
+ mask = 0xff << shift;
+ val = (s->sctl & ~mask) | ((val & 0xff) << shift);
+ es1370_maybe_lower_irq (s, val);
+ es1370_update_voices (s, s->ctl, val);
+ print_sctl (val);
+ break;
+ default:
+ lwarn ("writeb %#x <- %#x\n", addr, val);
+ break;
+ }
+}
+
+IO_WRITE_PROTO (es1370_writew)
+{
+ ES1370State *s = opaque;
+ addr = es1370_fixup (s, addr);
+ uint32_t shift, mask;
+ struct chan *d = &s->chan[0];
+
+ switch (addr) {
+ case ES1370_REG_CODEC:
+ dolog ("ignored codec write address %#x, data %#x\n",
+ (val >> 8) & 0xff, val & 0xff);
+ s->codec = val;
+ break;
+
+ case ES1370_REG_CONTROL:
+ case ES1370_REG_CONTROL + 2:
+ shift = (addr != ES1370_REG_CONTROL) << 4;
+ mask = 0xffff << shift;
+ val = (s->ctl & ~mask) | ((val & 0xffff) << shift);
+ es1370_update_voices (s, val, s->sctl);
+ print_ctl (val);
+ break;
+
+ case ES1370_REG_ADC_SCOUNT:
+ d++;
+ case ES1370_REG_DAC2_SCOUNT:
+ d++;
+ case ES1370_REG_DAC1_SCOUNT:
+ d->scount = (d->scount & ~0xffff) | (val & 0xffff);
+ break;
+
+ default:
+ lwarn ("writew %#x <- %#x\n", addr, val);
+ break;
+ }
+}
+
+IO_WRITE_PROTO (es1370_writel)
+{
+ ES1370State *s = opaque;
+ struct chan *d = &s->chan[0];
+
+ addr = es1370_fixup (s, addr);
+
+ switch (addr) {
+ case ES1370_REG_CONTROL:
+ es1370_update_voices (s, val, s->sctl);
+ print_ctl (val);
+ break;
+
+ case ES1370_REG_MEMPAGE:
+ s->mempage = val & 0xf;
+ break;
+
+ case ES1370_REG_SERIAL_CONTROL:
+ es1370_maybe_lower_irq (s, val);
+ es1370_update_voices (s, s->ctl, val);
+ print_sctl (val);
+ break;
+
+ case ES1370_REG_ADC_SCOUNT:
+ d++;
+ case ES1370_REG_DAC2_SCOUNT:
+ d++;
+ case ES1370_REG_DAC1_SCOUNT:
+ d->scount = (val & 0xffff) | (d->scount & ~0xffff);
+ ldebug ("chan %td CURR_SAMP_CT %d, SAMP_CT %d\n",
+ d - &s->chan[0], val >> 16, (val & 0xffff));
+ break;
+
+ case ES1370_REG_ADC_FRAMEADR:
+ d++;
+ case ES1370_REG_DAC2_FRAMEADR:
+ d++;
+ case ES1370_REG_DAC1_FRAMEADR:
+ d->frame_addr = val;
+ ldebug ("chan %td frame address %#x\n", d - &s->chan[0], val);
+ break;
+
+ case ES1370_REG_PHANTOM_FRAMECNT:
+ lwarn ("writing to phantom frame count %#x\n", val);
+ break;
+ case ES1370_REG_PHANTOM_FRAMEADR:
+ lwarn ("writing to phantom frame address %#x\n", val);
+ break;
+
+ case ES1370_REG_ADC_FRAMECNT:
+ d++;
+ case ES1370_REG_DAC2_FRAMECNT:
+ d++;
+ case ES1370_REG_DAC1_FRAMECNT:
+ d->frame_cnt = val;
+ d->leftover = 0;
+ ldebug ("chan %td frame count %d, buffer size %d\n",
+ d - &s->chan[0], val >> 16, val & 0xffff);
+ break;
+
+ default:
+ lwarn ("writel %#x <- %#x\n", addr, val);
+ break;
+ }
+}
+
+IO_READ_PROTO (es1370_readb)
+{
+ ES1370State *s = opaque;
+ uint32_t val;
+
+ addr = es1370_fixup (s, addr);
+
+ switch (addr) {
+ case 0x1b: /* Legacy */
+ lwarn ("Attempt to read from legacy register\n");
+ val = 5;
+ break;
+ case ES1370_REG_MEMPAGE:
+ val = s->mempage;
+ break;
+ case ES1370_REG_CONTROL + 0:
+ case ES1370_REG_CONTROL + 1:
+ case ES1370_REG_CONTROL + 2:
+ case ES1370_REG_CONTROL + 3:
+ val = s->ctl >> ((addr - ES1370_REG_CONTROL) << 3);
+ break;
+ case ES1370_REG_STATUS + 0:
+ case ES1370_REG_STATUS + 1:
+ case ES1370_REG_STATUS + 2:
+ case ES1370_REG_STATUS + 3:
+ val = s->status >> ((addr - ES1370_REG_STATUS) << 3);
+ break;
+ default:
+ val = ~0;
+ lwarn ("readb %#x -> %#x\n", addr, val);
+ break;
+ }
+ return val;
+}
+
+IO_READ_PROTO (es1370_readw)
+{
+ ES1370State *s = opaque;
+ struct chan *d = &s->chan[0];
+ uint32_t val;
+
+ addr = es1370_fixup (s, addr);
+
+ switch (addr) {
+ case ES1370_REG_ADC_SCOUNT + 2:
+ d++;
+ case ES1370_REG_DAC2_SCOUNT + 2:
+ d++;
+ case ES1370_REG_DAC1_SCOUNT + 2:
+ val = d->scount >> 16;
+ break;
+
+ case ES1370_REG_ADC_FRAMECNT:
+ d++;
+ case ES1370_REG_DAC2_FRAMECNT:
+ d++;
+ case ES1370_REG_DAC1_FRAMECNT:
+ val = d->frame_cnt & 0xffff;
+ break;
+
+ case ES1370_REG_ADC_FRAMECNT + 2:
+ d++;
+ case ES1370_REG_DAC2_FRAMECNT + 2:
+ d++;
+ case ES1370_REG_DAC1_FRAMECNT + 2:
+ val = d->frame_cnt >> 16;
+ break;
+
+ default:
+ val = ~0;
+ lwarn ("readw %#x -> %#x\n", addr, val);
+ break;
+ }
+
+ return val;
+}
+
+IO_READ_PROTO (es1370_readl)
+{
+ ES1370State *s = opaque;
+ uint32_t val;
+ struct chan *d = &s->chan[0];
+
+ addr = es1370_fixup (s, addr);
+
+ switch (addr) {
+ case ES1370_REG_CONTROL:
+ val = s->ctl;
+ break;
+ case ES1370_REG_STATUS:
+ val = s->status;
+ break;
+ case ES1370_REG_MEMPAGE:
+ val = s->mempage;
+ break;
+ case ES1370_REG_CODEC:
+ val = s->codec;
+ break;
+ case ES1370_REG_SERIAL_CONTROL:
+ val = s->sctl;
+ break;
+
+ case ES1370_REG_ADC_SCOUNT:
+ d++;
+ case ES1370_REG_DAC2_SCOUNT:
+ d++;
+ case ES1370_REG_DAC1_SCOUNT:
+ val = d->scount;
+#ifdef DEBUG_ES1370
+ {
+ uint32_t curr_count = d->scount >> 16;
+ uint32_t count = d->scount & 0xffff;
+
+ curr_count <<= d->shift;
+ count <<= d->shift;
+ dolog ("read scount curr %d, total %d\n", curr_count, count);
+ }
+#endif
+ break;
+
+ case ES1370_REG_ADC_FRAMECNT:
+ d++;
+ case ES1370_REG_DAC2_FRAMECNT:
+ d++;
+ case ES1370_REG_DAC1_FRAMECNT:
+ val = d->frame_cnt;
+#ifdef DEBUG_ES1370
+ {
+ uint32_t size = ((d->frame_cnt & 0xffff) + 1) << 2;
+ uint32_t curr = ((d->frame_cnt >> 16) + 1) << 2;
+ if (curr > size) {
+ dolog ("read framecnt curr %d, size %d %d\n", curr, size,
+ curr > size);
+ }
+ }
+#endif
+ break;
+
+ case ES1370_REG_ADC_FRAMEADR:
+ d++;
+ case ES1370_REG_DAC2_FRAMEADR:
+ d++;
+ case ES1370_REG_DAC1_FRAMEADR:
+ val = d->frame_addr;
+ break;
+
+ case ES1370_REG_PHANTOM_FRAMECNT:
+ val = ~0U;
+ lwarn ("reading from phantom frame count\n");
+ break;
+ case ES1370_REG_PHANTOM_FRAMEADR:
+ val = ~0U;
+ lwarn ("reading from phantom frame address\n");
+ break;
+
+ default:
+ val = ~0U;
+ lwarn ("readl %#x -> %#x\n", addr, val);
+ break;
+ }
+ return val;
+}
+
+static void es1370_transfer_audio (ES1370State *s, struct chan *d, int loop_sel,
+ int max, int *irq)
+{
+ uint8_t tmpbuf[4096];
+ uint32_t addr = d->frame_addr;
+ int sc = d->scount & 0xffff;
+ int csc = d->scount >> 16;
+ int csc_bytes = (csc + 1) << d->shift;
+ int cnt = d->frame_cnt >> 16;
+ int size = d->frame_cnt & 0xffff;
+ int left = ((size - cnt + 1) << 2) + d->leftover;
+ int transferred = 0;
+ int temp = audio_MIN (max, audio_MIN (left, csc_bytes));
+ int index = d - &s->chan[0];
+
+ addr += (cnt << 2) + d->leftover;
+
+ if (index == ADC_CHANNEL) {
+ while (temp) {
+ int acquired, to_copy;
+
+ to_copy = audio_MIN ((size_t) temp, sizeof (tmpbuf));
+ acquired = AUD_read (s->adc_voice, tmpbuf, to_copy);
+ if (!acquired)
+ break;
+
+ pci_dma_write (&s->dev, addr, tmpbuf, acquired);
+
+ temp -= acquired;
+ addr += acquired;
+ transferred += acquired;
+ }
+ }
+ else {
+ SWVoiceOut *voice = s->dac_voice[index];
+
+ while (temp) {
+ int copied, to_copy;
+
+ to_copy = audio_MIN ((size_t) temp, sizeof (tmpbuf));
+ pci_dma_read (&s->dev, addr, tmpbuf, to_copy);
+ copied = AUD_write (voice, tmpbuf, to_copy);
+ if (!copied)
+ break;
+ temp -= copied;
+ addr += copied;
+ transferred += copied;
+ }
+ }
+
+ if (csc_bytes == transferred) {
+ *irq = 1;
+ d->scount = sc | (sc << 16);
+ ldebug ("sc = %d, rate = %f\n",
+ (sc + 1) << d->shift,
+ (sc + 1) / (double) 44100);
+ }
+ else {
+ *irq = 0;
+ d->scount = sc | (((csc_bytes - transferred - 1) >> d->shift) << 16);
+ }
+
+ cnt += (transferred + d->leftover) >> 2;
+
+ if (s->sctl & loop_sel) {
+ /* Bah, how stupid is that having a 0 represent true value?
+ i just spent few hours on this shit */
+ AUD_log ("es1370: warning", "non looping mode\n");
+ }
+ else {
+ d->frame_cnt = size;
+
+ if ((uint32_t) cnt <= d->frame_cnt)
+ d->frame_cnt |= cnt << 16;
+ }
+
+ d->leftover = (transferred + d->leftover) & 3;
+}
+
+static void es1370_run_channel (ES1370State *s, size_t chan, int free_or_avail)
+{
+ uint32_t new_status = s->status;
+ int max_bytes, irq;
+ struct chan *d = &s->chan[chan];
+ const struct chan_bits *b = &es1370_chan_bits[chan];
+
+ if (!(s->ctl & b->ctl_en) || (s->sctl & b->sctl_pause)) {
+ return;
+ }
+
+ max_bytes = free_or_avail;
+ max_bytes &= ~((1 << d->shift) - 1);
+ if (!max_bytes) {
+ return;
+ }
+
+ es1370_transfer_audio (s, d, b->sctl_loopsel, max_bytes, &irq);
+
+ if (irq) {
+ if (s->sctl & b->sctl_inten) {
+ new_status |= b->stat_int;
+ }
+ }
+
+ if (new_status != s->status) {
+ es1370_update_status (s, new_status);
+ }
+}
+
+static void es1370_dac1_callback (void *opaque, int free)
+{
+ ES1370State *s = opaque;
+
+ es1370_run_channel (s, DAC1_CHANNEL, free);
+}
+
+static void es1370_dac2_callback (void *opaque, int free)
+{
+ ES1370State *s = opaque;
+
+ es1370_run_channel (s, DAC2_CHANNEL, free);
+}
+
+static void es1370_adc_callback (void *opaque, int avail)
+{
+ ES1370State *s = opaque;
+
+ es1370_run_channel (s, ADC_CHANNEL, avail);
+}
+
+static uint64_t es1370_read(void *opaque, hwaddr addr,
+ unsigned size)
+{
+ switch (size) {
+ case 1:
+ return es1370_readb(opaque, addr);
+ case 2:
+ return es1370_readw(opaque, addr);
+ case 4:
+ return es1370_readl(opaque, addr);
+ default:
+ return -1;
+ }
+}
+
+static void es1370_write(void *opaque, hwaddr addr, uint64_t val,
+ unsigned size)
+{
+ switch (size) {
+ case 1:
+ es1370_writeb(opaque, addr, val);
+ break;
+ case 2:
+ es1370_writew(opaque, addr, val);
+ break;
+ case 4:
+ es1370_writel(opaque, addr, val);
+ break;
+ }
+}
+
+static const MemoryRegionOps es1370_io_ops = {
+ .read = es1370_read,
+ .write = es1370_write,
+ .impl = {
+ .min_access_size = 1,
+ .max_access_size = 4,
+ },
+ .endianness = DEVICE_LITTLE_ENDIAN,
+};
+
+static const VMStateDescription vmstate_es1370_channel = {
+ .name = "es1370_channel",
+ .version_id = 2,
+ .minimum_version_id = 2,
+ .minimum_version_id_old = 2,
+ .fields = (VMStateField []) {
+ VMSTATE_UINT32 (shift, struct chan),
+ VMSTATE_UINT32 (leftover, struct chan),
+ VMSTATE_UINT32 (scount, struct chan),
+ VMSTATE_UINT32 (frame_addr, struct chan),
+ VMSTATE_UINT32 (frame_cnt, struct chan),
+ VMSTATE_END_OF_LIST ()
+ }
+};
+
+static int es1370_post_load (void *opaque, int version_id)
+{
+ uint32_t ctl, sctl;
+ ES1370State *s = opaque;
+ size_t i;
+
+ for (i = 0; i < NB_CHANNELS; ++i) {
+ if (i == ADC_CHANNEL) {
+ if (s->adc_voice) {
+ AUD_close_in (&s->card, s->adc_voice);
+ s->adc_voice = NULL;
+ }
+ }
+ else {
+ if (s->dac_voice[i]) {
+ AUD_close_out (&s->card, s->dac_voice[i]);
+ s->dac_voice[i] = NULL;
+ }
+ }
+ }
+
+ ctl = s->ctl;
+ sctl = s->sctl;
+ s->ctl = 0;
+ s->sctl = 0;
+ es1370_update_voices (s, ctl, sctl);
+ return 0;
+}
+
+static const VMStateDescription vmstate_es1370 = {
+ .name = "es1370",
+ .version_id = 2,
+ .minimum_version_id = 2,
+ .minimum_version_id_old = 2,
+ .post_load = es1370_post_load,
+ .fields = (VMStateField []) {
+ VMSTATE_PCI_DEVICE (dev, ES1370State),
+ VMSTATE_STRUCT_ARRAY (chan, ES1370State, NB_CHANNELS, 2,
+ vmstate_es1370_channel, struct chan),
+ VMSTATE_UINT32 (ctl, ES1370State),
+ VMSTATE_UINT32 (status, ES1370State),
+ VMSTATE_UINT32 (mempage, ES1370State),
+ VMSTATE_UINT32 (codec, ES1370State),
+ VMSTATE_UINT32 (sctl, ES1370State),
+ VMSTATE_END_OF_LIST ()
+ }
+};
+
+static void es1370_on_reset (void *opaque)
+{
+ ES1370State *s = opaque;
+ es1370_reset (s);
+}
+
+static int es1370_initfn (PCIDevice *dev)
+{
+ ES1370State *s = DO_UPCAST (ES1370State, dev, dev);
+ uint8_t *c = s->dev.config;
+
+ c[PCI_STATUS + 1] = PCI_STATUS_DEVSEL_SLOW >> 8;
+
+#if 0
+ c[PCI_CAPABILITY_LIST] = 0xdc;
+ c[PCI_INTERRUPT_LINE] = 10;
+ c[0xdc] = 0x00;
+#endif
+
+ c[PCI_INTERRUPT_PIN] = 1;
+ c[PCI_MIN_GNT] = 0x0c;
+ c[PCI_MAX_LAT] = 0x80;
+
+ memory_region_init_io (&s->io, OBJECT(s), &es1370_io_ops, s, "es1370", 256);
+ pci_register_bar (&s->dev, 0, PCI_BASE_ADDRESS_SPACE_IO, &s->io);
+ qemu_register_reset (es1370_on_reset, s);
+
+ AUD_register_card ("es1370", &s->card);
+ es1370_reset (s);
+ return 0;
+}
+
+static void es1370_exitfn (PCIDevice *dev)
+{
+ ES1370State *s = DO_UPCAST (ES1370State, dev, dev);
+
+ memory_region_destroy (&s->io);
+}
+
+static int es1370_init (PCIBus *bus)
+{
+ pci_create_simple (bus, -1, "ES1370");
+ return 0;
+}
+
+static void es1370_class_init (ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS (klass);
+ PCIDeviceClass *k = PCI_DEVICE_CLASS (klass);
+
+ k->init = es1370_initfn;
+ k->exit = es1370_exitfn;
+ k->vendor_id = PCI_VENDOR_ID_ENSONIQ;
+ k->device_id = PCI_DEVICE_ID_ENSONIQ_ES1370;
+ k->class_id = PCI_CLASS_MULTIMEDIA_AUDIO;
+ k->subsystem_vendor_id = 0x4942;
+ k->subsystem_id = 0x4c4c;
+ set_bit(DEVICE_CATEGORY_SOUND, dc->categories);
+ dc->desc = "ENSONIQ AudioPCI ES1370";
+ dc->vmsd = &vmstate_es1370;
+}
+
+static const TypeInfo es1370_info = {
+ .name = "ES1370",
+ .parent = TYPE_PCI_DEVICE,
+ .instance_size = sizeof (ES1370State),
+ .class_init = es1370_class_init,
+};
+
+static void es1370_register_types (void)
+{
+ type_register_static (&es1370_info);
+ pci_register_soundhw("es1370", "ENSONIQ AudioPCI ES1370", es1370_init);
+}
+
+type_init (es1370_register_types)
+
diff --git a/hw/fmopl.c b/hw/audio/fmopl.c
index f0a023477..f0a023477 100644
--- a/hw/fmopl.c
+++ b/hw/audio/fmopl.c
diff --git a/hw/fmopl.h b/hw/audio/fmopl.h
index 24ba5f480..24ba5f480 100644
--- a/hw/fmopl.h
+++ b/hw/audio/fmopl.h
diff --git a/hw/audio/gus.c b/hw/audio/gus.c
new file mode 100644
index 000000000..71be3c6ba
--- /dev/null
+++ b/hw/audio/gus.c
@@ -0,0 +1,337 @@
+/*
+ * QEMU Proxy for Gravis Ultrasound GF1 emulation by Tibor "TS" Schütz
+ *
+ * Copyright (c) 2002-2005 Vassili Karpov (malc)
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+#include "hw/hw.h"
+#include "hw/audio/audio.h"
+#include "audio/audio.h"
+#include "hw/isa/isa.h"
+#include "gusemu.h"
+#include "gustate.h"
+
+#define dolog(...) AUD_log ("audio", __VA_ARGS__)
+#ifdef DEBUG
+#define ldebug(...) dolog (__VA_ARGS__)
+#else
+#define ldebug(...)
+#endif
+
+#ifdef HOST_WORDS_BIGENDIAN
+#define GUS_ENDIANNESS 1
+#else
+#define GUS_ENDIANNESS 0
+#endif
+
+#define IO_READ_PROTO(name) \
+ static uint32_t name (void *opaque, uint32_t nport)
+#define IO_WRITE_PROTO(name) \
+ static void name (void *opaque, uint32_t nport, uint32_t val)
+
+#define TYPE_GUS "gus"
+#define GUS(obj) OBJECT_CHECK (GUSState, (obj), TYPE_GUS)
+
+typedef struct GUSState {
+ ISADevice dev;
+ GUSEmuState emu;
+ QEMUSoundCard card;
+ uint32_t freq;
+ uint32_t port;
+ int pos, left, shift, irqs;
+ GUSsample *mixbuf;
+ uint8_t himem[1024 * 1024 + 32 + 4096];
+ int samples;
+ SWVoiceOut *voice;
+ int64_t last_ticks;
+ qemu_irq pic;
+} GUSState;
+
+IO_READ_PROTO (gus_readb)
+{
+ GUSState *s = opaque;
+
+ return gus_read (&s->emu, nport, 1);
+}
+
+IO_READ_PROTO (gus_readw)
+{
+ GUSState *s = opaque;
+
+ return gus_read (&s->emu, nport, 2);
+}
+
+IO_WRITE_PROTO (gus_writeb)
+{
+ GUSState *s = opaque;
+
+ gus_write (&s->emu, nport, 1, val);
+}
+
+IO_WRITE_PROTO (gus_writew)
+{
+ GUSState *s = opaque;
+
+ gus_write (&s->emu, nport, 2, val);
+}
+
+static int write_audio (GUSState *s, int samples)
+{
+ int net = 0;
+ int pos = s->pos;
+
+ while (samples) {
+ int nbytes, wbytes, wsampl;
+
+ nbytes = samples << s->shift;
+ wbytes = AUD_write (
+ s->voice,
+ s->mixbuf + (pos << (s->shift - 1)),
+ nbytes
+ );
+
+ if (wbytes) {
+ wsampl = wbytes >> s->shift;
+
+ samples -= wsampl;
+ pos = (pos + wsampl) % s->samples;
+
+ net += wsampl;
+ }
+ else {
+ break;
+ }
+ }
+
+ return net;
+}
+
+static void GUS_callback (void *opaque, int free)
+{
+ int samples, to_play, net = 0;
+ GUSState *s = opaque;
+
+ samples = free >> s->shift;
+ to_play = audio_MIN (samples, s->left);
+
+ while (to_play) {
+ int written = write_audio (s, to_play);
+
+ if (!written) {
+ goto reset;
+ }
+
+ s->left -= written;
+ to_play -= written;
+ samples -= written;
+ net += written;
+ }
+
+ samples = audio_MIN (samples, s->samples);
+ if (samples) {
+ gus_mixvoices (&s->emu, s->freq, samples, s->mixbuf);
+
+ while (samples) {
+ int written = write_audio (s, samples);
+ if (!written) {
+ break;
+ }
+ samples -= written;
+ net += written;
+ }
+ }
+ s->left = samples;
+
+ reset:
+ gus_irqgen (&s->emu, muldiv64 (net, 1000000, s->freq));
+}
+
+int GUS_irqrequest (GUSEmuState *emu, int hwirq, int n)
+{
+ GUSState *s = emu->opaque;
+ /* qemu_irq_lower (s->pic); */
+ qemu_irq_raise (s->pic);
+ s->irqs += n;
+ ldebug ("irqrequest %d %d %d\n", hwirq, n, s->irqs);
+ return n;
+}
+
+void GUS_irqclear (GUSEmuState *emu, int hwirq)
+{
+ GUSState *s = emu->opaque;
+ ldebug ("irqclear %d %d\n", hwirq, s->irqs);
+ qemu_irq_lower (s->pic);
+ s->irqs -= 1;
+#ifdef IRQ_STORM
+ if (s->irqs > 0) {
+ qemu_irq_raise (s->pic[hwirq]);
+ }
+#endif
+}
+
+void GUS_dmarequest (GUSEmuState *der)
+{
+ /* GUSState *s = (GUSState *) der; */
+ ldebug ("dma request %d\n", der->gusdma);
+ DMA_hold_DREQ (der->gusdma);
+}
+
+static int GUS_read_DMA (void *opaque, int nchan, int dma_pos, int dma_len)
+{
+ GUSState *s = opaque;
+ char tmpbuf[4096];
+ int pos = dma_pos, mode, left = dma_len - dma_pos;
+
+ ldebug ("read DMA %#x %d\n", dma_pos, dma_len);
+ mode = DMA_get_channel_mode (s->emu.gusdma);
+ while (left) {
+ int to_copy = audio_MIN ((size_t) left, sizeof (tmpbuf));
+ int copied;
+
+ ldebug ("left=%d to_copy=%d pos=%d\n", left, to_copy, pos);
+ copied = DMA_read_memory (nchan, tmpbuf, pos, to_copy);
+ gus_dma_transferdata (&s->emu, tmpbuf, copied, left == copied);
+ left -= copied;
+ pos += copied;
+ }
+
+ if (0 == ((mode >> 4) & 1)) {
+ DMA_release_DREQ (s->emu.gusdma);
+ }
+ return dma_len;
+}
+
+static const VMStateDescription vmstate_gus = {
+ .name = "gus",
+ .version_id = 2,
+ .minimum_version_id = 2,
+ .minimum_version_id_old = 2,
+ .fields = (VMStateField []) {
+ VMSTATE_INT32 (pos, GUSState),
+ VMSTATE_INT32 (left, GUSState),
+ VMSTATE_INT32 (shift, GUSState),
+ VMSTATE_INT32 (irqs, GUSState),
+ VMSTATE_INT32 (samples, GUSState),
+ VMSTATE_INT64 (last_ticks, GUSState),
+ VMSTATE_BUFFER (himem, GUSState),
+ VMSTATE_END_OF_LIST ()
+ }
+};
+
+static const MemoryRegionPortio gus_portio_list1[] = {
+ {0x000, 1, 1, .write = gus_writeb },
+ {0x000, 1, 2, .write = gus_writew },
+ {0x006, 10, 1, .read = gus_readb, .write = gus_writeb },
+ {0x006, 10, 2, .read = gus_readw, .write = gus_writew },
+ {0x100, 8, 1, .read = gus_readb, .write = gus_writeb },
+ {0x100, 8, 2, .read = gus_readw, .write = gus_writew },
+ PORTIO_END_OF_LIST (),
+};
+
+static const MemoryRegionPortio gus_portio_list2[] = {
+ {0, 1, 1, .read = gus_readb },
+ {0, 1, 2, .read = gus_readw },
+ PORTIO_END_OF_LIST (),
+};
+
+static void gus_realizefn (DeviceState *dev, Error **errp)
+{
+ ISADevice *d = ISA_DEVICE(dev);
+ GUSState *s = GUS (dev);
+ struct audsettings as;
+
+ AUD_register_card ("gus", &s->card);
+
+ as.freq = s->freq;
+ as.nchannels = 2;
+ as.fmt = AUD_FMT_S16;
+ as.endianness = GUS_ENDIANNESS;
+
+ s->voice = AUD_open_out (
+ &s->card,
+ NULL,
+ "gus",
+ s,
+ GUS_callback,
+ &as
+ );
+
+ if (!s->voice) {
+ AUD_remove_card (&s->card);
+ error_setg(errp, "No voice");
+ return;
+ }
+
+ s->shift = 2;
+ s->samples = AUD_get_buffer_size_out (s->voice) >> s->shift;
+ s->mixbuf = g_malloc0 (s->samples << s->shift);
+
+ isa_register_portio_list (d, s->port, gus_portio_list1, s, "gus");
+ isa_register_portio_list (d, (s->port + 0x100) & 0xf00,
+ gus_portio_list2, s, "gus");
+
+ DMA_register_channel (s->emu.gusdma, GUS_read_DMA, s);
+ s->emu.himemaddr = s->himem;
+ s->emu.gusdatapos = s->emu.himemaddr + 1024 * 1024 + 32;
+ s->emu.opaque = s;
+ isa_init_irq (d, &s->pic, s->emu.gusirq);
+
+ AUD_set_active_out (s->voice, 1);
+}
+
+static int GUS_init (ISABus *bus)
+{
+ isa_create_simple (bus, TYPE_GUS);
+ return 0;
+}
+
+static Property gus_properties[] = {
+ DEFINE_PROP_UINT32 ("freq", GUSState, freq, 44100),
+ DEFINE_PROP_HEX32 ("iobase", GUSState, port, 0x240),
+ DEFINE_PROP_UINT32 ("irq", GUSState, emu.gusirq, 7),
+ DEFINE_PROP_UINT32 ("dma", GUSState, emu.gusdma, 3),
+ DEFINE_PROP_END_OF_LIST (),
+};
+
+static void gus_class_initfn (ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS (klass);
+
+ dc->realize = gus_realizefn;
+ set_bit(DEVICE_CATEGORY_SOUND, dc->categories);
+ dc->desc = "Gravis Ultrasound GF1";
+ dc->vmsd = &vmstate_gus;
+ dc->props = gus_properties;
+}
+
+static const TypeInfo gus_info = {
+ .name = TYPE_GUS,
+ .parent = TYPE_ISA_DEVICE,
+ .instance_size = sizeof (GUSState),
+ .class_init = gus_class_initfn,
+};
+
+static void gus_register_types (void)
+{
+ type_register_static (&gus_info);
+ isa_register_soundhw("gus", "Gravis Ultrasound GF1", GUS_init);
+}
+
+type_init (gus_register_types)
diff --git a/hw/gusemu.h b/hw/audio/gusemu.h
index 331bb6fec..331bb6fec 100644
--- a/hw/gusemu.h
+++ b/hw/audio/gusemu.h
diff --git a/hw/gusemu_hal.c b/hw/audio/gusemu_hal.c
index 609669073..609669073 100644
--- a/hw/gusemu_hal.c
+++ b/hw/audio/gusemu_hal.c
diff --git a/hw/gusemu_mixer.c b/hw/audio/gusemu_mixer.c
index 6d8d9ced1..6d8d9ced1 100644
--- a/hw/gusemu_mixer.c
+++ b/hw/audio/gusemu_mixer.c
diff --git a/hw/gustate.h b/hw/audio/gustate.h
index ece903abb..ece903abb 100644
--- a/hw/gustate.h
+++ b/hw/audio/gustate.h
diff --git a/hw/audio/hda-codec.c b/hw/audio/hda-codec.c
new file mode 100644
index 000000000..9550c97e6
--- /dev/null
+++ b/hw/audio/hda-codec.c
@@ -0,0 +1,1101 @@
+/*
+ * Copyright (C) 2010 Red Hat, Inc.
+ *
+ * written by Gerd Hoffmann <kraxel@redhat.com>
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License as
+ * published by the Free Software Foundation; either version 2 or
+ * (at your option) version 3 of the License.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "hw/hw.h"
+#include "hw/pci/pci.h"
+#include "intel-hda.h"
+#include "intel-hda-defs.h"
+#include "audio/audio.h"
+
+/* -------------------------------------------------------------------------- */
+
+typedef struct desc_param {
+ uint32_t id;
+ uint32_t val;
+} desc_param;
+
+typedef struct desc_node {
+ uint32_t nid;
+ const char *name;
+ const desc_param *params;
+ uint32_t nparams;
+ uint32_t config;
+ uint32_t pinctl;
+ uint32_t *conn;
+ uint32_t stindex;
+} desc_node;
+
+typedef struct desc_codec {
+ const char *name;
+ uint32_t iid;
+ const desc_node *nodes;
+ uint32_t nnodes;
+} desc_codec;
+
+static const desc_param* hda_codec_find_param(const desc_node *node, uint32_t id)
+{
+ int i;
+
+ for (i = 0; i < node->nparams; i++) {
+ if (node->params[i].id == id) {
+ return &node->params[i];
+ }
+ }
+ return NULL;
+}
+
+static const desc_node* hda_codec_find_node(const desc_codec *codec, uint32_t nid)
+{
+ int i;
+
+ for (i = 0; i < codec->nnodes; i++) {
+ if (codec->nodes[i].nid == nid) {
+ return &codec->nodes[i];
+ }
+ }
+ return NULL;
+}
+
+static void hda_codec_parse_fmt(uint32_t format, struct audsettings *as)
+{
+ if (format & AC_FMT_TYPE_NON_PCM) {
+ return;
+ }
+
+ as->freq = (format & AC_FMT_BASE_44K) ? 44100 : 48000;
+
+ switch ((format & AC_FMT_MULT_MASK) >> AC_FMT_MULT_SHIFT) {
+ case 1: as->freq *= 2; break;
+ case 2: as->freq *= 3; break;
+ case 3: as->freq *= 4; break;
+ }
+
+ switch ((format & AC_FMT_DIV_MASK) >> AC_FMT_DIV_SHIFT) {
+ case 1: as->freq /= 2; break;
+ case 2: as->freq /= 3; break;
+ case 3: as->freq /= 4; break;
+ case 4: as->freq /= 5; break;
+ case 5: as->freq /= 6; break;
+ case 6: as->freq /= 7; break;
+ case 7: as->freq /= 8; break;
+ }
+
+ switch (format & AC_FMT_BITS_MASK) {
+ case AC_FMT_BITS_8: as->fmt = AUD_FMT_S8; break;
+ case AC_FMT_BITS_16: as->fmt = AUD_FMT_S16; break;
+ case AC_FMT_BITS_32: as->fmt = AUD_FMT_S32; break;
+ }
+
+ as->nchannels = ((format & AC_FMT_CHAN_MASK) >> AC_FMT_CHAN_SHIFT) + 1;
+}
+
+/* -------------------------------------------------------------------------- */
+/*
+ * HDA codec descriptions
+ */
+
+/* some defines */
+
+#define QEMU_HDA_ID_VENDOR 0x1af4
+#define QEMU_HDA_PCM_FORMATS (AC_SUPPCM_BITS_16 | \
+ 0x1fc /* 16 -> 96 kHz */)
+#define QEMU_HDA_AMP_NONE (0)
+#define QEMU_HDA_AMP_STEPS 0x4a
+
+#ifdef CONFIG_MIXEMU
+# define QEMU_HDA_ID_OUTPUT ((QEMU_HDA_ID_VENDOR << 16) | 0x12)
+# define QEMU_HDA_ID_DUPLEX ((QEMU_HDA_ID_VENDOR << 16) | 0x22)
+# define QEMU_HDA_ID_MICRO ((QEMU_HDA_ID_VENDOR << 16) | 0x32)
+# define QEMU_HDA_AMP_CAPS \
+ (AC_AMPCAP_MUTE | \
+ (QEMU_HDA_AMP_STEPS << AC_AMPCAP_OFFSET_SHIFT) | \
+ (QEMU_HDA_AMP_STEPS << AC_AMPCAP_NUM_STEPS_SHIFT) | \
+ (3 << AC_AMPCAP_STEP_SIZE_SHIFT))
+#else
+# define QEMU_HDA_ID_OUTPUT ((QEMU_HDA_ID_VENDOR << 16) | 0x11)
+# define QEMU_HDA_ID_DUPLEX ((QEMU_HDA_ID_VENDOR << 16) | 0x21)
+# define QEMU_HDA_ID_MICRO ((QEMU_HDA_ID_VENDOR << 16) | 0x31)
+# define QEMU_HDA_AMP_CAPS QEMU_HDA_AMP_NONE
+#endif
+
+/* common: audio output widget */
+static const desc_param common_params_audio_dac[] = {
+ {
+ .id = AC_PAR_AUDIO_WIDGET_CAP,
+ .val = ((AC_WID_AUD_OUT << AC_WCAP_TYPE_SHIFT) |
+ AC_WCAP_FORMAT_OVRD |
+ AC_WCAP_AMP_OVRD |
+ AC_WCAP_OUT_AMP |
+ AC_WCAP_STEREO),
+ },{
+ .id = AC_PAR_PCM,
+ .val = QEMU_HDA_PCM_FORMATS,
+ },{
+ .id = AC_PAR_STREAM,
+ .val = AC_SUPFMT_PCM,
+ },{
+ .id = AC_PAR_AMP_IN_CAP,
+ .val = QEMU_HDA_AMP_NONE,
+ },{
+ .id = AC_PAR_AMP_OUT_CAP,
+ .val = QEMU_HDA_AMP_CAPS,
+ },
+};
+
+/* common: audio input widget */
+static const desc_param common_params_audio_adc[] = {
+ {
+ .id = AC_PAR_AUDIO_WIDGET_CAP,
+ .val = ((AC_WID_AUD_IN << AC_WCAP_TYPE_SHIFT) |
+ AC_WCAP_CONN_LIST |
+ AC_WCAP_FORMAT_OVRD |
+ AC_WCAP_AMP_OVRD |
+ AC_WCAP_IN_AMP |
+ AC_WCAP_STEREO),
+ },{
+ .id = AC_PAR_CONNLIST_LEN,
+ .val = 1,
+ },{
+ .id = AC_PAR_PCM,
+ .val = QEMU_HDA_PCM_FORMATS,
+ },{
+ .id = AC_PAR_STREAM,
+ .val = AC_SUPFMT_PCM,
+ },{
+ .id = AC_PAR_AMP_IN_CAP,
+ .val = QEMU_HDA_AMP_CAPS,
+ },{
+ .id = AC_PAR_AMP_OUT_CAP,
+ .val = QEMU_HDA_AMP_NONE,
+ },
+};
+
+/* common: pin widget (line-out) */
+static const desc_param common_params_audio_lineout[] = {
+ {
+ .id = AC_PAR_AUDIO_WIDGET_CAP,
+ .val = ((AC_WID_PIN << AC_WCAP_TYPE_SHIFT) |
+ AC_WCAP_CONN_LIST |
+ AC_WCAP_STEREO),
+ },{
+ .id = AC_PAR_PIN_CAP,
+ .val = AC_PINCAP_OUT,
+ },{
+ .id = AC_PAR_CONNLIST_LEN,
+ .val = 1,
+ },{
+ .id = AC_PAR_AMP_IN_CAP,
+ .val = QEMU_HDA_AMP_NONE,
+ },{
+ .id = AC_PAR_AMP_OUT_CAP,
+ .val = QEMU_HDA_AMP_NONE,
+ },
+};
+
+/* common: pin widget (line-in) */
+static const desc_param common_params_audio_linein[] = {
+ {
+ .id = AC_PAR_AUDIO_WIDGET_CAP,
+ .val = ((AC_WID_PIN << AC_WCAP_TYPE_SHIFT) |
+ AC_WCAP_STEREO),
+ },{
+ .id = AC_PAR_PIN_CAP,
+ .val = AC_PINCAP_IN,
+ },{
+ .id = AC_PAR_AMP_IN_CAP,
+ .val = QEMU_HDA_AMP_NONE,
+ },{
+ .id = AC_PAR_AMP_OUT_CAP,
+ .val = QEMU_HDA_AMP_NONE,
+ },
+};
+
+/* output: root node */
+static const desc_param output_params_root[] = {
+ {
+ .id = AC_PAR_VENDOR_ID,
+ .val = QEMU_HDA_ID_OUTPUT,
+ },{
+ .id = AC_PAR_SUBSYSTEM_ID,
+ .val = QEMU_HDA_ID_OUTPUT,
+ },{
+ .id = AC_PAR_REV_ID,
+ .val = 0x00100101,
+ },{
+ .id = AC_PAR_NODE_COUNT,
+ .val = 0x00010001,
+ },
+};
+
+/* output: audio function */
+static const desc_param output_params_audio_func[] = {
+ {
+ .id = AC_PAR_FUNCTION_TYPE,
+ .val = AC_GRP_AUDIO_FUNCTION,
+ },{
+ .id = AC_PAR_SUBSYSTEM_ID,
+ .val = QEMU_HDA_ID_OUTPUT,
+ },{
+ .id = AC_PAR_NODE_COUNT,
+ .val = 0x00020002,
+ },{
+ .id = AC_PAR_PCM,
+ .val = QEMU_HDA_PCM_FORMATS,
+ },{
+ .id = AC_PAR_STREAM,
+ .val = AC_SUPFMT_PCM,
+ },{
+ .id = AC_PAR_AMP_IN_CAP,
+ .val = QEMU_HDA_AMP_NONE,
+ },{
+ .id = AC_PAR_AMP_OUT_CAP,
+ .val = QEMU_HDA_AMP_NONE,
+ },{
+ .id = AC_PAR_GPIO_CAP,
+ .val = 0,
+ },{
+ .id = AC_PAR_AUDIO_FG_CAP,
+ .val = 0x00000808,
+ },{
+ .id = AC_PAR_POWER_STATE,
+ .val = 0,
+ },
+};
+
+/* output: nodes */
+static const desc_node output_nodes[] = {
+ {
+ .nid = AC_NODE_ROOT,
+ .name = "root",
+ .params = output_params_root,
+ .nparams = ARRAY_SIZE(output_params_root),
+ },{
+ .nid = 1,
+ .name = "func",
+ .params = output_params_audio_func,
+ .nparams = ARRAY_SIZE(output_params_audio_func),
+ },{
+ .nid = 2,
+ .name = "dac",
+ .params = common_params_audio_dac,
+ .nparams = ARRAY_SIZE(common_params_audio_dac),
+ .stindex = 0,
+ },{
+ .nid = 3,
+ .name = "out",
+ .params = common_params_audio_lineout,
+ .nparams = ARRAY_SIZE(common_params_audio_lineout),
+ .config = ((AC_JACK_PORT_COMPLEX << AC_DEFCFG_PORT_CONN_SHIFT) |
+ (AC_JACK_LINE_OUT << AC_DEFCFG_DEVICE_SHIFT) |
+ (AC_JACK_CONN_UNKNOWN << AC_DEFCFG_CONN_TYPE_SHIFT) |
+ (AC_JACK_COLOR_GREEN << AC_DEFCFG_COLOR_SHIFT) |
+ 0x10),
+ .pinctl = AC_PINCTL_OUT_EN,
+ .conn = (uint32_t[]) { 2 },
+ }
+};
+
+/* output: codec */
+static const desc_codec output = {
+ .name = "output",
+ .iid = QEMU_HDA_ID_OUTPUT,
+ .nodes = output_nodes,
+ .nnodes = ARRAY_SIZE(output_nodes),
+};
+
+/* duplex: root node */
+static const desc_param duplex_params_root[] = {
+ {
+ .id = AC_PAR_VENDOR_ID,
+ .val = QEMU_HDA_ID_DUPLEX,
+ },{
+ .id = AC_PAR_SUBSYSTEM_ID,
+ .val = QEMU_HDA_ID_DUPLEX,
+ },{
+ .id = AC_PAR_REV_ID,
+ .val = 0x00100101,
+ },{
+ .id = AC_PAR_NODE_COUNT,
+ .val = 0x00010001,
+ },
+};
+
+/* duplex: audio function */
+static const desc_param duplex_params_audio_func[] = {
+ {
+ .id = AC_PAR_FUNCTION_TYPE,
+ .val = AC_GRP_AUDIO_FUNCTION,
+ },{
+ .id = AC_PAR_SUBSYSTEM_ID,
+ .val = QEMU_HDA_ID_DUPLEX,
+ },{
+ .id = AC_PAR_NODE_COUNT,
+ .val = 0x00020004,
+ },{
+ .id = AC_PAR_PCM,
+ .val = QEMU_HDA_PCM_FORMATS,
+ },{
+ .id = AC_PAR_STREAM,
+ .val = AC_SUPFMT_PCM,
+ },{
+ .id = AC_PAR_AMP_IN_CAP,
+ .val = QEMU_HDA_AMP_NONE,
+ },{
+ .id = AC_PAR_AMP_OUT_CAP,
+ .val = QEMU_HDA_AMP_NONE,
+ },{
+ .id = AC_PAR_GPIO_CAP,
+ .val = 0,
+ },{
+ .id = AC_PAR_AUDIO_FG_CAP,
+ .val = 0x00000808,
+ },{
+ .id = AC_PAR_POWER_STATE,
+ .val = 0,
+ },
+};
+
+/* duplex: nodes */
+static const desc_node duplex_nodes[] = {
+ {
+ .nid = AC_NODE_ROOT,
+ .name = "root",
+ .params = duplex_params_root,
+ .nparams = ARRAY_SIZE(duplex_params_root),
+ },{
+ .nid = 1,
+ .name = "func",
+ .params = duplex_params_audio_func,
+ .nparams = ARRAY_SIZE(duplex_params_audio_func),
+ },{
+ .nid = 2,
+ .name = "dac",
+ .params = common_params_audio_dac,
+ .nparams = ARRAY_SIZE(common_params_audio_dac),
+ .stindex = 0,
+ },{
+ .nid = 3,
+ .name = "out",
+ .params = common_params_audio_lineout,
+ .nparams = ARRAY_SIZE(common_params_audio_lineout),
+ .config = ((AC_JACK_PORT_COMPLEX << AC_DEFCFG_PORT_CONN_SHIFT) |
+ (AC_JACK_LINE_OUT << AC_DEFCFG_DEVICE_SHIFT) |
+ (AC_JACK_CONN_UNKNOWN << AC_DEFCFG_CONN_TYPE_SHIFT) |
+ (AC_JACK_COLOR_GREEN << AC_DEFCFG_COLOR_SHIFT) |
+ 0x10),
+ .pinctl = AC_PINCTL_OUT_EN,
+ .conn = (uint32_t[]) { 2 },
+ },{
+ .nid = 4,
+ .name = "adc",
+ .params = common_params_audio_adc,
+ .nparams = ARRAY_SIZE(common_params_audio_adc),
+ .stindex = 1,
+ .conn = (uint32_t[]) { 5 },
+ },{
+ .nid = 5,
+ .name = "in",
+ .params = common_params_audio_linein,
+ .nparams = ARRAY_SIZE(common_params_audio_linein),
+ .config = ((AC_JACK_PORT_COMPLEX << AC_DEFCFG_PORT_CONN_SHIFT) |
+ (AC_JACK_LINE_IN << AC_DEFCFG_DEVICE_SHIFT) |
+ (AC_JACK_CONN_UNKNOWN << AC_DEFCFG_CONN_TYPE_SHIFT) |
+ (AC_JACK_COLOR_RED << AC_DEFCFG_COLOR_SHIFT) |
+ 0x20),
+ .pinctl = AC_PINCTL_IN_EN,
+ }
+};
+
+/* duplex: codec */
+static const desc_codec duplex = {
+ .name = "duplex",
+ .iid = QEMU_HDA_ID_DUPLEX,
+ .nodes = duplex_nodes,
+ .nnodes = ARRAY_SIZE(duplex_nodes),
+};
+
+/* micro: root node */
+static const desc_param micro_params_root[] = {
+ {
+ .id = AC_PAR_VENDOR_ID,
+ .val = QEMU_HDA_ID_MICRO,
+ },{
+ .id = AC_PAR_SUBSYSTEM_ID,
+ .val = QEMU_HDA_ID_MICRO,
+ },{
+ .id = AC_PAR_REV_ID,
+ .val = 0x00100101,
+ },{
+ .id = AC_PAR_NODE_COUNT,
+ .val = 0x00010001,
+ },
+};
+
+/* micro: audio function */
+static const desc_param micro_params_audio_func[] = {
+ {
+ .id = AC_PAR_FUNCTION_TYPE,
+ .val = AC_GRP_AUDIO_FUNCTION,
+ },{
+ .id = AC_PAR_SUBSYSTEM_ID,
+ .val = QEMU_HDA_ID_MICRO,
+ },{
+ .id = AC_PAR_NODE_COUNT,
+ .val = 0x00020004,
+ },{
+ .id = AC_PAR_PCM,
+ .val = QEMU_HDA_PCM_FORMATS,
+ },{
+ .id = AC_PAR_STREAM,
+ .val = AC_SUPFMT_PCM,
+ },{
+ .id = AC_PAR_AMP_IN_CAP,
+ .val = QEMU_HDA_AMP_NONE,
+ },{
+ .id = AC_PAR_AMP_OUT_CAP,
+ .val = QEMU_HDA_AMP_NONE,
+ },{
+ .id = AC_PAR_GPIO_CAP,
+ .val = 0,
+ },{
+ .id = AC_PAR_AUDIO_FG_CAP,
+ .val = 0x00000808,
+ },{
+ .id = AC_PAR_POWER_STATE,
+ .val = 0,
+ },
+};
+
+/* micro: nodes */
+static const desc_node micro_nodes[] = {
+ {
+ .nid = AC_NODE_ROOT,
+ .name = "root",
+ .params = micro_params_root,
+ .nparams = ARRAY_SIZE(micro_params_root),
+ },{
+ .nid = 1,
+ .name = "func",
+ .params = micro_params_audio_func,
+ .nparams = ARRAY_SIZE(micro_params_audio_func),
+ },{
+ .nid = 2,
+ .name = "dac",
+ .params = common_params_audio_dac,
+ .nparams = ARRAY_SIZE(common_params_audio_dac),
+ .stindex = 0,
+ },{
+ .nid = 3,
+ .name = "out",
+ .params = common_params_audio_lineout,
+ .nparams = ARRAY_SIZE(common_params_audio_lineout),
+ .config = ((AC_JACK_PORT_COMPLEX << AC_DEFCFG_PORT_CONN_SHIFT) |
+ (AC_JACK_SPEAKER << AC_DEFCFG_DEVICE_SHIFT) |
+ (AC_JACK_CONN_UNKNOWN << AC_DEFCFG_CONN_TYPE_SHIFT) |
+ (AC_JACK_COLOR_GREEN << AC_DEFCFG_COLOR_SHIFT) |
+ 0x10),
+ .pinctl = AC_PINCTL_OUT_EN,
+ .conn = (uint32_t[]) { 2 },
+ },{
+ .nid = 4,
+ .name = "adc",
+ .params = common_params_audio_adc,
+ .nparams = ARRAY_SIZE(common_params_audio_adc),
+ .stindex = 1,
+ .conn = (uint32_t[]) { 5 },
+ },{
+ .nid = 5,
+ .name = "in",
+ .params = common_params_audio_linein,
+ .nparams = ARRAY_SIZE(common_params_audio_linein),
+ .config = ((AC_JACK_PORT_COMPLEX << AC_DEFCFG_PORT_CONN_SHIFT) |
+ (AC_JACK_MIC_IN << AC_DEFCFG_DEVICE_SHIFT) |
+ (AC_JACK_CONN_UNKNOWN << AC_DEFCFG_CONN_TYPE_SHIFT) |
+ (AC_JACK_COLOR_RED << AC_DEFCFG_COLOR_SHIFT) |
+ 0x20),
+ .pinctl = AC_PINCTL_IN_EN,
+ }
+};
+
+/* micro: codec */
+static const desc_codec micro = {
+ .name = "micro",
+ .iid = QEMU_HDA_ID_MICRO,
+ .nodes = micro_nodes,
+ .nnodes = ARRAY_SIZE(micro_nodes),
+};
+
+/* -------------------------------------------------------------------------- */
+
+static const char *fmt2name[] = {
+ [ AUD_FMT_U8 ] = "PCM-U8",
+ [ AUD_FMT_S8 ] = "PCM-S8",
+ [ AUD_FMT_U16 ] = "PCM-U16",
+ [ AUD_FMT_S16 ] = "PCM-S16",
+ [ AUD_FMT_U32 ] = "PCM-U32",
+ [ AUD_FMT_S32 ] = "PCM-S32",
+};
+
+typedef struct HDAAudioState HDAAudioState;
+typedef struct HDAAudioStream HDAAudioStream;
+
+struct HDAAudioStream {
+ HDAAudioState *state;
+ const desc_node *node;
+ bool output, running;
+ uint32_t stream;
+ uint32_t channel;
+ uint32_t format;
+ uint32_t gain_left, gain_right;
+ bool mute_left, mute_right;
+ struct audsettings as;
+ union {
+ SWVoiceIn *in;
+ SWVoiceOut *out;
+ } voice;
+ uint8_t buf[HDA_BUFFER_SIZE];
+ uint32_t bpos;
+};
+
+struct HDAAudioState {
+ HDACodecDevice hda;
+ const char *name;
+
+ QEMUSoundCard card;
+ const desc_codec *desc;
+ HDAAudioStream st[4];
+ bool running_compat[16];
+ bool running_real[2 * 16];
+
+ /* properties */
+ uint32_t debug;
+};
+
+static void hda_audio_input_cb(void *opaque, int avail)
+{
+ HDAAudioStream *st = opaque;
+ int recv = 0;
+ int len;
+ bool rc;
+
+ while (avail - recv >= sizeof(st->buf)) {
+ if (st->bpos != sizeof(st->buf)) {
+ len = AUD_read(st->voice.in, st->buf + st->bpos,
+ sizeof(st->buf) - st->bpos);
+ st->bpos += len;
+ recv += len;
+ if (st->bpos != sizeof(st->buf)) {
+ break;
+ }
+ }
+ rc = hda_codec_xfer(&st->state->hda, st->stream, false,
+ st->buf, sizeof(st->buf));
+ if (!rc) {
+ break;
+ }
+ st->bpos = 0;
+ }
+}
+
+static void hda_audio_output_cb(void *opaque, int avail)
+{
+ HDAAudioStream *st = opaque;
+ int sent = 0;
+ int len;
+ bool rc;
+
+ while (avail - sent >= sizeof(st->buf)) {
+ if (st->bpos == sizeof(st->buf)) {
+ rc = hda_codec_xfer(&st->state->hda, st->stream, true,
+ st->buf, sizeof(st->buf));
+ if (!rc) {
+ break;
+ }
+ st->bpos = 0;
+ }
+ len = AUD_write(st->voice.out, st->buf + st->bpos,
+ sizeof(st->buf) - st->bpos);
+ st->bpos += len;
+ sent += len;
+ if (st->bpos != sizeof(st->buf)) {
+ break;
+ }
+ }
+}
+
+static void hda_audio_set_running(HDAAudioStream *st, bool running)
+{
+ if (st->node == NULL) {
+ return;
+ }
+ if (st->running == running) {
+ return;
+ }
+ st->running = running;
+ dprint(st->state, 1, "%s: %s (stream %d)\n", st->node->name,
+ st->running ? "on" : "off", st->stream);
+ if (st->output) {
+ AUD_set_active_out(st->voice.out, st->running);
+ } else {
+ AUD_set_active_in(st->voice.in, st->running);
+ }
+}
+
+static void hda_audio_set_amp(HDAAudioStream *st)
+{
+ bool muted;
+ uint32_t left, right;
+
+ if (st->node == NULL) {
+ return;
+ }
+
+ muted = st->mute_left && st->mute_right;
+ left = st->mute_left ? 0 : st->gain_left;
+ right = st->mute_right ? 0 : st->gain_right;
+
+ left = left * 255 / QEMU_HDA_AMP_STEPS;
+ right = right * 255 / QEMU_HDA_AMP_STEPS;
+
+ if (st->output) {
+ AUD_set_volume_out(st->voice.out, muted, left, right);
+ } else {
+ AUD_set_volume_in(st->voice.in, muted, left, right);
+ }
+}
+
+static void hda_audio_setup(HDAAudioStream *st)
+{
+ if (st->node == NULL) {
+ return;
+ }
+
+ dprint(st->state, 1, "%s: format: %d x %s @ %d Hz\n",
+ st->node->name, st->as.nchannels,
+ fmt2name[st->as.fmt], st->as.freq);
+
+ if (st->output) {
+ st->voice.out = AUD_open_out(&st->state->card, st->voice.out,
+ st->node->name, st,
+ hda_audio_output_cb, &st->as);
+ } else {
+ st->voice.in = AUD_open_in(&st->state->card, st->voice.in,
+ st->node->name, st,
+ hda_audio_input_cb, &st->as);
+ }
+}
+
+static void hda_audio_command(HDACodecDevice *hda, uint32_t nid, uint32_t data)
+{
+ HDAAudioState *a = DO_UPCAST(HDAAudioState, hda, hda);
+ HDAAudioStream *st;
+ const desc_node *node = NULL;
+ const desc_param *param;
+ uint32_t verb, payload, response, count, shift;
+
+ if ((data & 0x70000) == 0x70000) {
+ /* 12/8 id/payload */
+ verb = (data >> 8) & 0xfff;
+ payload = data & 0x00ff;
+ } else {
+ /* 4/16 id/payload */
+ verb = (data >> 8) & 0xf00;
+ payload = data & 0xffff;
+ }
+
+ node = hda_codec_find_node(a->desc, nid);
+ if (node == NULL) {
+ goto fail;
+ }
+ dprint(a, 2, "%s: nid %d (%s), verb 0x%x, payload 0x%x\n",
+ __FUNCTION__, nid, node->name, verb, payload);
+
+ switch (verb) {
+ /* all nodes */
+ case AC_VERB_PARAMETERS:
+ param = hda_codec_find_param(node, payload);
+ if (param == NULL) {
+ goto fail;
+ }
+ hda_codec_response(hda, true, param->val);
+ break;
+ case AC_VERB_GET_SUBSYSTEM_ID:
+ hda_codec_response(hda, true, a->desc->iid);
+ break;
+
+ /* all functions */
+ case AC_VERB_GET_CONNECT_LIST:
+ param = hda_codec_find_param(node, AC_PAR_CONNLIST_LEN);
+ count = param ? param->val : 0;
+ response = 0;
+ shift = 0;
+ while (payload < count && shift < 32) {
+ response |= node->conn[payload] << shift;
+ payload++;
+ shift += 8;
+ }
+ hda_codec_response(hda, true, response);
+ break;
+
+ /* pin widget */
+ case AC_VERB_GET_CONFIG_DEFAULT:
+ hda_codec_response(hda, true, node->config);
+ break;
+ case AC_VERB_GET_PIN_WIDGET_CONTROL:
+ hda_codec_response(hda, true, node->pinctl);
+ break;
+ case AC_VERB_SET_PIN_WIDGET_CONTROL:
+ if (node->pinctl != payload) {
+ dprint(a, 1, "unhandled pin control bit\n");
+ }
+ hda_codec_response(hda, true, 0);
+ break;
+
+ /* audio in/out widget */
+ case AC_VERB_SET_CHANNEL_STREAMID:
+ st = a->st + node->stindex;
+ if (st->node == NULL) {
+ goto fail;
+ }
+ hda_audio_set_running(st, false);
+ st->stream = (payload >> 4) & 0x0f;
+ st->channel = payload & 0x0f;
+ dprint(a, 2, "%s: stream %d, channel %d\n",
+ st->node->name, st->stream, st->channel);
+ hda_audio_set_running(st, a->running_real[st->output * 16 + st->stream]);
+ hda_codec_response(hda, true, 0);
+ break;
+ case AC_VERB_GET_CONV:
+ st = a->st + node->stindex;
+ if (st->node == NULL) {
+ goto fail;
+ }
+ response = st->stream << 4 | st->channel;
+ hda_codec_response(hda, true, response);
+ break;
+ case AC_VERB_SET_STREAM_FORMAT:
+ st = a->st + node->stindex;
+ if (st->node == NULL) {
+ goto fail;
+ }
+ st->format = payload;
+ hda_codec_parse_fmt(st->format, &st->as);
+ hda_audio_setup(st);
+ hda_codec_response(hda, true, 0);
+ break;
+ case AC_VERB_GET_STREAM_FORMAT:
+ st = a->st + node->stindex;
+ if (st->node == NULL) {
+ goto fail;
+ }
+ hda_codec_response(hda, true, st->format);
+ break;
+ case AC_VERB_GET_AMP_GAIN_MUTE:
+ st = a->st + node->stindex;
+ if (st->node == NULL) {
+ goto fail;
+ }
+ if (payload & AC_AMP_GET_LEFT) {
+ response = st->gain_left | (st->mute_left ? AC_AMP_MUTE : 0);
+ } else {
+ response = st->gain_right | (st->mute_right ? AC_AMP_MUTE : 0);
+ }
+ hda_codec_response(hda, true, response);
+ break;
+ case AC_VERB_SET_AMP_GAIN_MUTE:
+ st = a->st + node->stindex;
+ if (st->node == NULL) {
+ goto fail;
+ }
+ dprint(a, 1, "amp (%s): %s%s%s%s index %d gain %3d %s\n",
+ st->node->name,
+ (payload & AC_AMP_SET_OUTPUT) ? "o" : "-",
+ (payload & AC_AMP_SET_INPUT) ? "i" : "-",
+ (payload & AC_AMP_SET_LEFT) ? "l" : "-",
+ (payload & AC_AMP_SET_RIGHT) ? "r" : "-",
+ (payload & AC_AMP_SET_INDEX) >> AC_AMP_SET_INDEX_SHIFT,
+ (payload & AC_AMP_GAIN),
+ (payload & AC_AMP_MUTE) ? "muted" : "");
+ if (payload & AC_AMP_SET_LEFT) {
+ st->gain_left = payload & AC_AMP_GAIN;
+ st->mute_left = payload & AC_AMP_MUTE;
+ }
+ if (payload & AC_AMP_SET_RIGHT) {
+ st->gain_right = payload & AC_AMP_GAIN;
+ st->mute_right = payload & AC_AMP_MUTE;
+ }
+ hda_audio_set_amp(st);
+ hda_codec_response(hda, true, 0);
+ break;
+
+ /* not supported */
+ case AC_VERB_SET_POWER_STATE:
+ case AC_VERB_GET_POWER_STATE:
+ case AC_VERB_GET_SDI_SELECT:
+ hda_codec_response(hda, true, 0);
+ break;
+ default:
+ goto fail;
+ }
+ return;
+
+fail:
+ dprint(a, 1, "%s: not handled: nid %d (%s), verb 0x%x, payload 0x%x\n",
+ __FUNCTION__, nid, node ? node->name : "?", verb, payload);
+ hda_codec_response(hda, true, 0);
+}
+
+static void hda_audio_stream(HDACodecDevice *hda, uint32_t stnr, bool running, bool output)
+{
+ HDAAudioState *a = DO_UPCAST(HDAAudioState, hda, hda);
+ int s;
+
+ a->running_compat[stnr] = running;
+ a->running_real[output * 16 + stnr] = running;
+ for (s = 0; s < ARRAY_SIZE(a->st); s++) {
+ if (a->st[s].node == NULL) {
+ continue;
+ }
+ if (a->st[s].output != output) {
+ continue;
+ }
+ if (a->st[s].stream != stnr) {
+ continue;
+ }
+ hda_audio_set_running(&a->st[s], running);
+ }
+}
+
+static int hda_audio_init(HDACodecDevice *hda, const struct desc_codec *desc)
+{
+ HDAAudioState *a = DO_UPCAST(HDAAudioState, hda, hda);
+ HDAAudioStream *st;
+ const desc_node *node;
+ const desc_param *param;
+ uint32_t i, type;
+
+ a->desc = desc;
+ a->name = object_get_typename(OBJECT(a));
+ dprint(a, 1, "%s: cad %d\n", __FUNCTION__, a->hda.cad);
+
+ AUD_register_card("hda", &a->card);
+ for (i = 0; i < a->desc->nnodes; i++) {
+ node = a->desc->nodes + i;
+ param = hda_codec_find_param(node, AC_PAR_AUDIO_WIDGET_CAP);
+ if (NULL == param)
+ continue;
+ type = (param->val & AC_WCAP_TYPE) >> AC_WCAP_TYPE_SHIFT;
+ switch (type) {
+ case AC_WID_AUD_OUT:
+ case AC_WID_AUD_IN:
+ assert(node->stindex < ARRAY_SIZE(a->st));
+ st = a->st + node->stindex;
+ st->state = a;
+ st->node = node;
+ if (type == AC_WID_AUD_OUT) {
+ /* unmute output by default */
+ st->gain_left = QEMU_HDA_AMP_STEPS;
+ st->gain_right = QEMU_HDA_AMP_STEPS;
+ st->bpos = sizeof(st->buf);
+ st->output = true;
+ } else {
+ st->output = false;
+ }
+ st->format = AC_FMT_TYPE_PCM | AC_FMT_BITS_16 |
+ (1 << AC_FMT_CHAN_SHIFT);
+ hda_codec_parse_fmt(st->format, &st->as);
+ hda_audio_setup(st);
+ break;
+ }
+ }
+ return 0;
+}
+
+static int hda_audio_exit(HDACodecDevice *hda)
+{
+ HDAAudioState *a = DO_UPCAST(HDAAudioState, hda, hda);
+ HDAAudioStream *st;
+ int i;
+
+ dprint(a, 1, "%s\n", __FUNCTION__);
+ for (i = 0; i < ARRAY_SIZE(a->st); i++) {
+ st = a->st + i;
+ if (st->node == NULL) {
+ continue;
+ }
+ if (st->output) {
+ AUD_close_out(&a->card, st->voice.out);
+ } else {
+ AUD_close_in(&a->card, st->voice.in);
+ }
+ }
+ AUD_remove_card(&a->card);
+ return 0;
+}
+
+static int hda_audio_post_load(void *opaque, int version)
+{
+ HDAAudioState *a = opaque;
+ HDAAudioStream *st;
+ int i;
+
+ dprint(a, 1, "%s\n", __FUNCTION__);
+ if (version == 1) {
+ /* assume running_compat[] is for output streams */
+ for (i = 0; i < ARRAY_SIZE(a->running_compat); i++)
+ a->running_real[16 + i] = a->running_compat[i];
+ }
+
+ for (i = 0; i < ARRAY_SIZE(a->st); i++) {
+ st = a->st + i;
+ if (st->node == NULL)
+ continue;
+ hda_codec_parse_fmt(st->format, &st->as);
+ hda_audio_setup(st);
+ hda_audio_set_amp(st);
+ hda_audio_set_running(st, a->running_real[st->output * 16 + st->stream]);
+ }
+ return 0;
+}
+
+static const VMStateDescription vmstate_hda_audio_stream = {
+ .name = "hda-audio-stream",
+ .version_id = 1,
+ .fields = (VMStateField []) {
+ VMSTATE_UINT32(stream, HDAAudioStream),
+ VMSTATE_UINT32(channel, HDAAudioStream),
+ VMSTATE_UINT32(format, HDAAudioStream),
+ VMSTATE_UINT32(gain_left, HDAAudioStream),
+ VMSTATE_UINT32(gain_right, HDAAudioStream),
+ VMSTATE_BOOL(mute_left, HDAAudioStream),
+ VMSTATE_BOOL(mute_right, HDAAudioStream),
+ VMSTATE_UINT32(bpos, HDAAudioStream),
+ VMSTATE_BUFFER(buf, HDAAudioStream),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+static const VMStateDescription vmstate_hda_audio = {
+ .name = "hda-audio",
+ .version_id = 2,
+ .post_load = hda_audio_post_load,
+ .fields = (VMStateField []) {
+ VMSTATE_STRUCT_ARRAY(st, HDAAudioState, 4, 0,
+ vmstate_hda_audio_stream,
+ HDAAudioStream),
+ VMSTATE_BOOL_ARRAY(running_compat, HDAAudioState, 16),
+ VMSTATE_BOOL_ARRAY_V(running_real, HDAAudioState, 2 * 16, 2),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+static Property hda_audio_properties[] = {
+ DEFINE_PROP_UINT32("debug", HDAAudioState, debug, 0),
+ DEFINE_PROP_END_OF_LIST(),
+};
+
+static int hda_audio_init_output(HDACodecDevice *hda)
+{
+ return hda_audio_init(hda, &output);
+}
+
+static int hda_audio_init_duplex(HDACodecDevice *hda)
+{
+ return hda_audio_init(hda, &duplex);
+}
+
+static int hda_audio_init_micro(HDACodecDevice *hda)
+{
+ return hda_audio_init(hda, &micro);
+}
+
+static void hda_audio_output_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ HDACodecDeviceClass *k = HDA_CODEC_DEVICE_CLASS(klass);
+
+ k->init = hda_audio_init_output;
+ k->exit = hda_audio_exit;
+ k->command = hda_audio_command;
+ k->stream = hda_audio_stream;
+ set_bit(DEVICE_CATEGORY_SOUND, dc->categories);
+ dc->desc = "HDA Audio Codec, output-only (line-out)";
+ dc->vmsd = &vmstate_hda_audio;
+ dc->props = hda_audio_properties;
+}
+
+static const TypeInfo hda_audio_output_info = {
+ .name = "hda-output",
+ .parent = TYPE_HDA_CODEC_DEVICE,
+ .instance_size = sizeof(HDAAudioState),
+ .class_init = hda_audio_output_class_init,
+};
+
+static void hda_audio_duplex_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ HDACodecDeviceClass *k = HDA_CODEC_DEVICE_CLASS(klass);
+
+ k->init = hda_audio_init_duplex;
+ k->exit = hda_audio_exit;
+ k->command = hda_audio_command;
+ k->stream = hda_audio_stream;
+ set_bit(DEVICE_CATEGORY_SOUND, dc->categories);
+ dc->desc = "HDA Audio Codec, duplex (line-out, line-in)";
+ dc->vmsd = &vmstate_hda_audio;
+ dc->props = hda_audio_properties;
+}
+
+static const TypeInfo hda_audio_duplex_info = {
+ .name = "hda-duplex",
+ .parent = TYPE_HDA_CODEC_DEVICE,
+ .instance_size = sizeof(HDAAudioState),
+ .class_init = hda_audio_duplex_class_init,
+};
+
+static void hda_audio_micro_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ HDACodecDeviceClass *k = HDA_CODEC_DEVICE_CLASS(klass);
+
+ k->init = hda_audio_init_micro;
+ k->exit = hda_audio_exit;
+ k->command = hda_audio_command;
+ k->stream = hda_audio_stream;
+ set_bit(DEVICE_CATEGORY_SOUND, dc->categories);
+ dc->desc = "HDA Audio Codec, duplex (speaker, microphone)";
+ dc->vmsd = &vmstate_hda_audio;
+ dc->props = hda_audio_properties;
+}
+
+static const TypeInfo hda_audio_micro_info = {
+ .name = "hda-micro",
+ .parent = TYPE_HDA_CODEC_DEVICE,
+ .instance_size = sizeof(HDAAudioState),
+ .class_init = hda_audio_micro_class_init,
+};
+
+static void hda_audio_register_types(void)
+{
+ type_register_static(&hda_audio_output_info);
+ type_register_static(&hda_audio_duplex_info);
+ type_register_static(&hda_audio_micro_info);
+}
+
+type_init(hda_audio_register_types)
diff --git a/hw/intel-hda-defs.h b/hw/audio/intel-hda-defs.h
index 2e37e5b87..2e37e5b87 100644
--- a/hw/intel-hda-defs.h
+++ b/hw/audio/intel-hda-defs.h
diff --git a/hw/audio/intel-hda.c b/hw/audio/intel-hda.c
new file mode 100644
index 000000000..32e44adb5
--- /dev/null
+++ b/hw/audio/intel-hda.c
@@ -0,0 +1,1342 @@
+/*
+ * Copyright (C) 2010 Red Hat, Inc.
+ *
+ * written by Gerd Hoffmann <kraxel@redhat.com>
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License as
+ * published by the Free Software Foundation; either version 2 or
+ * (at your option) version 3 of the License.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "hw/hw.h"
+#include "hw/pci/pci.h"
+#include "hw/pci/msi.h"
+#include "qemu/timer.h"
+#include "hw/audio/audio.h"
+#include "intel-hda.h"
+#include "intel-hda-defs.h"
+#include "sysemu/dma.h"
+
+/* --------------------------------------------------------------------- */
+/* hda bus */
+
+static Property hda_props[] = {
+ DEFINE_PROP_UINT32("cad", HDACodecDevice, cad, -1),
+ DEFINE_PROP_END_OF_LIST()
+};
+
+static const TypeInfo hda_codec_bus_info = {
+ .name = TYPE_HDA_BUS,
+ .parent = TYPE_BUS,
+ .instance_size = sizeof(HDACodecBus),
+};
+
+void hda_codec_bus_init(DeviceState *dev, HDACodecBus *bus,
+ hda_codec_response_func response,
+ hda_codec_xfer_func xfer)
+{
+ qbus_create_inplace(&bus->qbus, TYPE_HDA_BUS, dev, NULL);
+ bus->response = response;
+ bus->xfer = xfer;
+}
+
+static int hda_codec_dev_init(DeviceState *qdev)
+{
+ HDACodecBus *bus = DO_UPCAST(HDACodecBus, qbus, qdev->parent_bus);
+ HDACodecDevice *dev = DO_UPCAST(HDACodecDevice, qdev, qdev);
+ HDACodecDeviceClass *cdc = HDA_CODEC_DEVICE_GET_CLASS(dev);
+
+ if (dev->cad == -1) {
+ dev->cad = bus->next_cad;
+ }
+ if (dev->cad >= 15) {
+ return -1;
+ }
+ bus->next_cad = dev->cad + 1;
+ return cdc->init(dev);
+}
+
+static int hda_codec_dev_exit(DeviceState *qdev)
+{
+ HDACodecDevice *dev = DO_UPCAST(HDACodecDevice, qdev, qdev);
+ HDACodecDeviceClass *cdc = HDA_CODEC_DEVICE_GET_CLASS(dev);
+
+ if (cdc->exit) {
+ cdc->exit(dev);
+ }
+ return 0;
+}
+
+HDACodecDevice *hda_codec_find(HDACodecBus *bus, uint32_t cad)
+{
+ BusChild *kid;
+ HDACodecDevice *cdev;
+
+ QTAILQ_FOREACH(kid, &bus->qbus.children, sibling) {
+ DeviceState *qdev = kid->child;
+ cdev = DO_UPCAST(HDACodecDevice, qdev, qdev);
+ if (cdev->cad == cad) {
+ return cdev;
+ }
+ }
+ return NULL;
+}
+
+void hda_codec_response(HDACodecDevice *dev, bool solicited, uint32_t response)
+{
+ HDACodecBus *bus = DO_UPCAST(HDACodecBus, qbus, dev->qdev.parent_bus);
+ bus->response(dev, solicited, response);
+}
+
+bool hda_codec_xfer(HDACodecDevice *dev, uint32_t stnr, bool output,
+ uint8_t *buf, uint32_t len)
+{
+ HDACodecBus *bus = DO_UPCAST(HDACodecBus, qbus, dev->qdev.parent_bus);
+ return bus->xfer(dev, stnr, output, buf, len);
+}
+
+/* --------------------------------------------------------------------- */
+/* intel hda emulation */
+
+typedef struct IntelHDAStream IntelHDAStream;
+typedef struct IntelHDAState IntelHDAState;
+typedef struct IntelHDAReg IntelHDAReg;
+
+typedef struct bpl {
+ uint64_t addr;
+ uint32_t len;
+ uint32_t flags;
+} bpl;
+
+struct IntelHDAStream {
+ /* registers */
+ uint32_t ctl;
+ uint32_t lpib;
+ uint32_t cbl;
+ uint32_t lvi;
+ uint32_t fmt;
+ uint32_t bdlp_lbase;
+ uint32_t bdlp_ubase;
+
+ /* state */
+ bpl *bpl;
+ uint32_t bentries;
+ uint32_t bsize, be, bp;
+};
+
+struct IntelHDAState {
+ PCIDevice pci;
+ const char *name;
+ HDACodecBus codecs;
+
+ /* registers */
+ uint32_t g_ctl;
+ uint32_t wake_en;
+ uint32_t state_sts;
+ uint32_t int_ctl;
+ uint32_t int_sts;
+ uint32_t wall_clk;
+
+ uint32_t corb_lbase;
+ uint32_t corb_ubase;
+ uint32_t corb_rp;
+ uint32_t corb_wp;
+ uint32_t corb_ctl;
+ uint32_t corb_sts;
+ uint32_t corb_size;
+
+ uint32_t rirb_lbase;
+ uint32_t rirb_ubase;
+ uint32_t rirb_wp;
+ uint32_t rirb_cnt;
+ uint32_t rirb_ctl;
+ uint32_t rirb_sts;
+ uint32_t rirb_size;
+
+ uint32_t dp_lbase;
+ uint32_t dp_ubase;
+
+ uint32_t icw;
+ uint32_t irr;
+ uint32_t ics;
+
+ /* streams */
+ IntelHDAStream st[8];
+
+ /* state */
+ MemoryRegion mmio;
+ uint32_t rirb_count;
+ int64_t wall_base_ns;
+
+ /* debug logging */
+ const IntelHDAReg *last_reg;
+ uint32_t last_val;
+ uint32_t last_write;
+ uint32_t last_sec;
+ uint32_t repeat_count;
+
+ /* properties */
+ uint32_t debug;
+ uint32_t msi;
+};
+
+#define TYPE_INTEL_HDA_GENERIC "intel-hda-generic"
+
+#define INTEL_HDA(obj) \
+ OBJECT_CHECK(IntelHDAState, (obj), TYPE_INTEL_HDA_GENERIC)
+
+struct IntelHDAReg {
+ const char *name; /* register name */
+ uint32_t size; /* size in bytes */
+ uint32_t reset; /* reset value */
+ uint32_t wmask; /* write mask */
+ uint32_t wclear; /* write 1 to clear bits */
+ uint32_t offset; /* location in IntelHDAState */
+ uint32_t shift; /* byte access entries for dwords */
+ uint32_t stream;
+ void (*whandler)(IntelHDAState *d, const IntelHDAReg *reg, uint32_t old);
+ void (*rhandler)(IntelHDAState *d, const IntelHDAReg *reg);
+};
+
+static void intel_hda_reset(DeviceState *dev);
+
+/* --------------------------------------------------------------------- */
+
+static hwaddr intel_hda_addr(uint32_t lbase, uint32_t ubase)
+{
+ hwaddr addr;
+
+ addr = ((uint64_t)ubase << 32) | lbase;
+ return addr;
+}
+
+static void intel_hda_update_int_sts(IntelHDAState *d)
+{
+ uint32_t sts = 0;
+ uint32_t i;
+
+ /* update controller status */
+ if (d->rirb_sts & ICH6_RBSTS_IRQ) {
+ sts |= (1 << 30);
+ }
+ if (d->rirb_sts & ICH6_RBSTS_OVERRUN) {
+ sts |= (1 << 30);
+ }
+ if (d->state_sts & d->wake_en) {
+ sts |= (1 << 30);
+ }
+
+ /* update stream status */
+ for (i = 0; i < 8; i++) {
+ /* buffer completion interrupt */
+ if (d->st[i].ctl & (1 << 26)) {
+ sts |= (1 << i);
+ }
+ }
+
+ /* update global status */
+ if (sts & d->int_ctl) {
+ sts |= (1 << 31);
+ }
+
+ d->int_sts = sts;
+}
+
+static void intel_hda_update_irq(IntelHDAState *d)
+{
+ int msi = d->msi && msi_enabled(&d->pci);
+ int level;
+
+ intel_hda_update_int_sts(d);
+ if (d->int_sts & (1 << 31) && d->int_ctl & (1 << 31)) {
+ level = 1;
+ } else {
+ level = 0;
+ }
+ dprint(d, 2, "%s: level %d [%s]\n", __FUNCTION__,
+ level, msi ? "msi" : "intx");
+ if (msi) {
+ if (level) {
+ msi_notify(&d->pci, 0);
+ }
+ } else {
+ qemu_set_irq(d->pci.irq[0], level);
+ }
+}
+
+static int intel_hda_send_command(IntelHDAState *d, uint32_t verb)
+{
+ uint32_t cad, nid, data;
+ HDACodecDevice *codec;
+ HDACodecDeviceClass *cdc;
+
+ cad = (verb >> 28) & 0x0f;
+ if (verb & (1 << 27)) {
+ /* indirect node addressing, not specified in HDA 1.0 */
+ dprint(d, 1, "%s: indirect node addressing (guest bug?)\n", __FUNCTION__);
+ return -1;
+ }
+ nid = (verb >> 20) & 0x7f;
+ data = verb & 0xfffff;
+
+ codec = hda_codec_find(&d->codecs, cad);
+ if (codec == NULL) {
+ dprint(d, 1, "%s: addressed non-existing codec\n", __FUNCTION__);
+ return -1;
+ }
+ cdc = HDA_CODEC_DEVICE_GET_CLASS(codec);
+ cdc->command(codec, nid, data);
+ return 0;
+}
+
+static void intel_hda_corb_run(IntelHDAState *d)
+{
+ hwaddr addr;
+ uint32_t rp, verb;
+
+ if (d->ics & ICH6_IRS_BUSY) {
+ dprint(d, 2, "%s: [icw] verb 0x%08x\n", __FUNCTION__, d->icw);
+ intel_hda_send_command(d, d->icw);
+ return;
+ }
+
+ for (;;) {
+ if (!(d->corb_ctl & ICH6_CORBCTL_RUN)) {
+ dprint(d, 2, "%s: !run\n", __FUNCTION__);
+ return;
+ }
+ if ((d->corb_rp & 0xff) == d->corb_wp) {
+ dprint(d, 2, "%s: corb ring empty\n", __FUNCTION__);
+ return;
+ }
+ if (d->rirb_count == d->rirb_cnt) {
+ dprint(d, 2, "%s: rirb count reached\n", __FUNCTION__);
+ return;
+ }
+
+ rp = (d->corb_rp + 1) & 0xff;
+ addr = intel_hda_addr(d->corb_lbase, d->corb_ubase);
+ verb = ldl_le_pci_dma(&d->pci, addr + 4*rp);
+ d->corb_rp = rp;
+
+ dprint(d, 2, "%s: [rp 0x%x] verb 0x%08x\n", __FUNCTION__, rp, verb);
+ intel_hda_send_command(d, verb);
+ }
+}
+
+static void intel_hda_response(HDACodecDevice *dev, bool solicited, uint32_t response)
+{
+ HDACodecBus *bus = DO_UPCAST(HDACodecBus, qbus, dev->qdev.parent_bus);
+ IntelHDAState *d = container_of(bus, IntelHDAState, codecs);
+ hwaddr addr;
+ uint32_t wp, ex;
+
+ if (d->ics & ICH6_IRS_BUSY) {
+ dprint(d, 2, "%s: [irr] response 0x%x, cad 0x%x\n",
+ __FUNCTION__, response, dev->cad);
+ d->irr = response;
+ d->ics &= ~(ICH6_IRS_BUSY | 0xf0);
+ d->ics |= (ICH6_IRS_VALID | (dev->cad << 4));
+ return;
+ }
+
+ if (!(d->rirb_ctl & ICH6_RBCTL_DMA_EN)) {
+ dprint(d, 1, "%s: rirb dma disabled, drop codec response\n", __FUNCTION__);
+ return;
+ }
+
+ ex = (solicited ? 0 : (1 << 4)) | dev->cad;
+ wp = (d->rirb_wp + 1) & 0xff;
+ addr = intel_hda_addr(d->rirb_lbase, d->rirb_ubase);
+ stl_le_pci_dma(&d->pci, addr + 8*wp, response);
+ stl_le_pci_dma(&d->pci, addr + 8*wp + 4, ex);
+ d->rirb_wp = wp;
+
+ dprint(d, 2, "%s: [wp 0x%x] response 0x%x, extra 0x%x\n",
+ __FUNCTION__, wp, response, ex);
+
+ d->rirb_count++;
+ if (d->rirb_count == d->rirb_cnt) {
+ dprint(d, 2, "%s: rirb count reached (%d)\n", __FUNCTION__, d->rirb_count);
+ if (d->rirb_ctl & ICH6_RBCTL_IRQ_EN) {
+ d->rirb_sts |= ICH6_RBSTS_IRQ;
+ intel_hda_update_irq(d);
+ }
+ } else if ((d->corb_rp & 0xff) == d->corb_wp) {
+ dprint(d, 2, "%s: corb ring empty (%d/%d)\n", __FUNCTION__,
+ d->rirb_count, d->rirb_cnt);
+ if (d->rirb_ctl & ICH6_RBCTL_IRQ_EN) {
+ d->rirb_sts |= ICH6_RBSTS_IRQ;
+ intel_hda_update_irq(d);
+ }
+ }
+}
+
+static bool intel_hda_xfer(HDACodecDevice *dev, uint32_t stnr, bool output,
+ uint8_t *buf, uint32_t len)
+{
+ HDACodecBus *bus = DO_UPCAST(HDACodecBus, qbus, dev->qdev.parent_bus);
+ IntelHDAState *d = container_of(bus, IntelHDAState, codecs);
+ hwaddr addr;
+ uint32_t s, copy, left;
+ IntelHDAStream *st;
+ bool irq = false;
+
+ st = output ? d->st + 4 : d->st;
+ for (s = 0; s < 4; s++) {
+ if (stnr == ((st[s].ctl >> 20) & 0x0f)) {
+ st = st + s;
+ break;
+ }
+ }
+ if (s == 4) {
+ return false;
+ }
+ if (st->bpl == NULL) {
+ return false;
+ }
+ if (st->ctl & (1 << 26)) {
+ /*
+ * Wait with the next DMA xfer until the guest
+ * has acked the buffer completion interrupt
+ */
+ return false;
+ }
+
+ left = len;
+ while (left > 0) {
+ copy = left;
+ if (copy > st->bsize - st->lpib)
+ copy = st->bsize - st->lpib;
+ if (copy > st->bpl[st->be].len - st->bp)
+ copy = st->bpl[st->be].len - st->bp;
+
+ dprint(d, 3, "dma: entry %d, pos %d/%d, copy %d\n",
+ st->be, st->bp, st->bpl[st->be].len, copy);
+
+ pci_dma_rw(&d->pci, st->bpl[st->be].addr + st->bp, buf, copy, !output);
+ st->lpib += copy;
+ st->bp += copy;
+ buf += copy;
+ left -= copy;
+
+ if (st->bpl[st->be].len == st->bp) {
+ /* bpl entry filled */
+ if (st->bpl[st->be].flags & 0x01) {
+ irq = true;
+ }
+ st->bp = 0;
+ st->be++;
+ if (st->be == st->bentries) {
+ /* bpl wrap around */
+ st->be = 0;
+ st->lpib = 0;
+ }
+ }
+ }
+ if (d->dp_lbase & 0x01) {
+ addr = intel_hda_addr(d->dp_lbase & ~0x01, d->dp_ubase);
+ stl_le_pci_dma(&d->pci, addr + 8*s, st->lpib);
+ }
+ dprint(d, 3, "dma: --\n");
+
+ if (irq) {
+ st->ctl |= (1 << 26); /* buffer completion interrupt */
+ intel_hda_update_irq(d);
+ }
+ return true;
+}
+
+static void intel_hda_parse_bdl(IntelHDAState *d, IntelHDAStream *st)
+{
+ hwaddr addr;
+ uint8_t buf[16];
+ uint32_t i;
+
+ addr = intel_hda_addr(st->bdlp_lbase, st->bdlp_ubase);
+ st->bentries = st->lvi +1;
+ g_free(st->bpl);
+ st->bpl = g_malloc(sizeof(bpl) * st->bentries);
+ for (i = 0; i < st->bentries; i++, addr += 16) {
+ pci_dma_read(&d->pci, addr, buf, 16);
+ st->bpl[i].addr = le64_to_cpu(*(uint64_t *)buf);
+ st->bpl[i].len = le32_to_cpu(*(uint32_t *)(buf + 8));
+ st->bpl[i].flags = le32_to_cpu(*(uint32_t *)(buf + 12));
+ dprint(d, 1, "bdl/%d: 0x%" PRIx64 " +0x%x, 0x%x\n",
+ i, st->bpl[i].addr, st->bpl[i].len, st->bpl[i].flags);
+ }
+
+ st->bsize = st->cbl;
+ st->lpib = 0;
+ st->be = 0;
+ st->bp = 0;
+}
+
+static void intel_hda_notify_codecs(IntelHDAState *d, uint32_t stream, bool running, bool output)
+{
+ BusChild *kid;
+ HDACodecDevice *cdev;
+
+ QTAILQ_FOREACH(kid, &d->codecs.qbus.children, sibling) {
+ DeviceState *qdev = kid->child;
+ HDACodecDeviceClass *cdc;
+
+ cdev = DO_UPCAST(HDACodecDevice, qdev, qdev);
+ cdc = HDA_CODEC_DEVICE_GET_CLASS(cdev);
+ if (cdc->stream) {
+ cdc->stream(cdev, stream, running, output);
+ }
+ }
+}
+
+/* --------------------------------------------------------------------- */
+
+static void intel_hda_set_g_ctl(IntelHDAState *d, const IntelHDAReg *reg, uint32_t old)
+{
+ if ((d->g_ctl & ICH6_GCTL_RESET) == 0) {
+ intel_hda_reset(DEVICE(d));
+ }
+}
+
+static void intel_hda_set_wake_en(IntelHDAState *d, const IntelHDAReg *reg, uint32_t old)
+{
+ intel_hda_update_irq(d);
+}
+
+static void intel_hda_set_state_sts(IntelHDAState *d, const IntelHDAReg *reg, uint32_t old)
+{
+ intel_hda_update_irq(d);
+}
+
+static void intel_hda_set_int_ctl(IntelHDAState *d, const IntelHDAReg *reg, uint32_t old)
+{
+ intel_hda_update_irq(d);
+}
+
+static void intel_hda_get_wall_clk(IntelHDAState *d, const IntelHDAReg *reg)
+{
+ int64_t ns;
+
+ ns = qemu_get_clock_ns(vm_clock) - d->wall_base_ns;
+ d->wall_clk = (uint32_t)(ns * 24 / 1000); /* 24 MHz */
+}
+
+static void intel_hda_set_corb_wp(IntelHDAState *d, const IntelHDAReg *reg, uint32_t old)
+{
+ intel_hda_corb_run(d);
+}
+
+static void intel_hda_set_corb_ctl(IntelHDAState *d, const IntelHDAReg *reg, uint32_t old)
+{
+ intel_hda_corb_run(d);
+}
+
+static void intel_hda_set_rirb_wp(IntelHDAState *d, const IntelHDAReg *reg, uint32_t old)
+{
+ if (d->rirb_wp & ICH6_RIRBWP_RST) {
+ d->rirb_wp = 0;
+ }
+}
+
+static void intel_hda_set_rirb_sts(IntelHDAState *d, const IntelHDAReg *reg, uint32_t old)
+{
+ intel_hda_update_irq(d);
+
+ if ((old & ICH6_RBSTS_IRQ) && !(d->rirb_sts & ICH6_RBSTS_IRQ)) {
+ /* cleared ICH6_RBSTS_IRQ */
+ d->rirb_count = 0;
+ intel_hda_corb_run(d);
+ }
+}
+
+static void intel_hda_set_ics(IntelHDAState *d, const IntelHDAReg *reg, uint32_t old)
+{
+ if (d->ics & ICH6_IRS_BUSY) {
+ intel_hda_corb_run(d);
+ }
+}
+
+static void intel_hda_set_st_ctl(IntelHDAState *d, const IntelHDAReg *reg, uint32_t old)
+{
+ bool output = reg->stream >= 4;
+ IntelHDAStream *st = d->st + reg->stream;
+
+ if (st->ctl & 0x01) {
+ /* reset */
+ dprint(d, 1, "st #%d: reset\n", reg->stream);
+ st->ctl = 0;
+ }
+ if ((st->ctl & 0x02) != (old & 0x02)) {
+ uint32_t stnr = (st->ctl >> 20) & 0x0f;
+ /* run bit flipped */
+ if (st->ctl & 0x02) {
+ /* start */
+ dprint(d, 1, "st #%d: start %d (ring buf %d bytes)\n",
+ reg->stream, stnr, st->cbl);
+ intel_hda_parse_bdl(d, st);
+ intel_hda_notify_codecs(d, stnr, true, output);
+ } else {
+ /* stop */
+ dprint(d, 1, "st #%d: stop %d\n", reg->stream, stnr);
+ intel_hda_notify_codecs(d, stnr, false, output);
+ }
+ }
+ intel_hda_update_irq(d);
+}
+
+/* --------------------------------------------------------------------- */
+
+#define ST_REG(_n, _o) (0x80 + (_n) * 0x20 + (_o))
+
+static const struct IntelHDAReg regtab[] = {
+ /* global */
+ [ ICH6_REG_GCAP ] = {
+ .name = "GCAP",
+ .size = 2,
+ .reset = 0x4401,
+ },
+ [ ICH6_REG_VMIN ] = {
+ .name = "VMIN",
+ .size = 1,
+ },
+ [ ICH6_REG_VMAJ ] = {
+ .name = "VMAJ",
+ .size = 1,
+ .reset = 1,
+ },
+ [ ICH6_REG_OUTPAY ] = {
+ .name = "OUTPAY",
+ .size = 2,
+ .reset = 0x3c,
+ },
+ [ ICH6_REG_INPAY ] = {
+ .name = "INPAY",
+ .size = 2,
+ .reset = 0x1d,
+ },
+ [ ICH6_REG_GCTL ] = {
+ .name = "GCTL",
+ .size = 4,
+ .wmask = 0x0103,
+ .offset = offsetof(IntelHDAState, g_ctl),
+ .whandler = intel_hda_set_g_ctl,
+ },
+ [ ICH6_REG_WAKEEN ] = {
+ .name = "WAKEEN",
+ .size = 2,
+ .wmask = 0x7fff,
+ .offset = offsetof(IntelHDAState, wake_en),
+ .whandler = intel_hda_set_wake_en,
+ },
+ [ ICH6_REG_STATESTS ] = {
+ .name = "STATESTS",
+ .size = 2,
+ .wmask = 0x7fff,
+ .wclear = 0x7fff,
+ .offset = offsetof(IntelHDAState, state_sts),
+ .whandler = intel_hda_set_state_sts,
+ },
+
+ /* interrupts */
+ [ ICH6_REG_INTCTL ] = {
+ .name = "INTCTL",
+ .size = 4,
+ .wmask = 0xc00000ff,
+ .offset = offsetof(IntelHDAState, int_ctl),
+ .whandler = intel_hda_set_int_ctl,
+ },
+ [ ICH6_REG_INTSTS ] = {
+ .name = "INTSTS",
+ .size = 4,
+ .wmask = 0xc00000ff,
+ .wclear = 0xc00000ff,
+ .offset = offsetof(IntelHDAState, int_sts),
+ },
+
+ /* misc */
+ [ ICH6_REG_WALLCLK ] = {
+ .name = "WALLCLK",
+ .size = 4,
+ .offset = offsetof(IntelHDAState, wall_clk),
+ .rhandler = intel_hda_get_wall_clk,
+ },
+ [ ICH6_REG_WALLCLK + 0x2000 ] = {
+ .name = "WALLCLK(alias)",
+ .size = 4,
+ .offset = offsetof(IntelHDAState, wall_clk),
+ .rhandler = intel_hda_get_wall_clk,
+ },
+
+ /* dma engine */
+ [ ICH6_REG_CORBLBASE ] = {
+ .name = "CORBLBASE",
+ .size = 4,
+ .wmask = 0xffffff80,
+ .offset = offsetof(IntelHDAState, corb_lbase),
+ },
+ [ ICH6_REG_CORBUBASE ] = {
+ .name = "CORBUBASE",
+ .size = 4,
+ .wmask = 0xffffffff,
+ .offset = offsetof(IntelHDAState, corb_ubase),
+ },
+ [ ICH6_REG_CORBWP ] = {
+ .name = "CORBWP",
+ .size = 2,
+ .wmask = 0xff,
+ .offset = offsetof(IntelHDAState, corb_wp),
+ .whandler = intel_hda_set_corb_wp,
+ },
+ [ ICH6_REG_CORBRP ] = {
+ .name = "CORBRP",
+ .size = 2,
+ .wmask = 0x80ff,
+ .offset = offsetof(IntelHDAState, corb_rp),
+ },
+ [ ICH6_REG_CORBCTL ] = {
+ .name = "CORBCTL",
+ .size = 1,
+ .wmask = 0x03,
+ .offset = offsetof(IntelHDAState, corb_ctl),
+ .whandler = intel_hda_set_corb_ctl,
+ },
+ [ ICH6_REG_CORBSTS ] = {
+ .name = "CORBSTS",
+ .size = 1,
+ .wmask = 0x01,
+ .wclear = 0x01,
+ .offset = offsetof(IntelHDAState, corb_sts),
+ },
+ [ ICH6_REG_CORBSIZE ] = {
+ .name = "CORBSIZE",
+ .size = 1,
+ .reset = 0x42,
+ .offset = offsetof(IntelHDAState, corb_size),
+ },
+ [ ICH6_REG_RIRBLBASE ] = {
+ .name = "RIRBLBASE",
+ .size = 4,
+ .wmask = 0xffffff80,
+ .offset = offsetof(IntelHDAState, rirb_lbase),
+ },
+ [ ICH6_REG_RIRBUBASE ] = {
+ .name = "RIRBUBASE",
+ .size = 4,
+ .wmask = 0xffffffff,
+ .offset = offsetof(IntelHDAState, rirb_ubase),
+ },
+ [ ICH6_REG_RIRBWP ] = {
+ .name = "RIRBWP",
+ .size = 2,
+ .wmask = 0x8000,
+ .offset = offsetof(IntelHDAState, rirb_wp),
+ .whandler = intel_hda_set_rirb_wp,
+ },
+ [ ICH6_REG_RINTCNT ] = {
+ .name = "RINTCNT",
+ .size = 2,
+ .wmask = 0xff,
+ .offset = offsetof(IntelHDAState, rirb_cnt),
+ },
+ [ ICH6_REG_RIRBCTL ] = {
+ .name = "RIRBCTL",
+ .size = 1,
+ .wmask = 0x07,
+ .offset = offsetof(IntelHDAState, rirb_ctl),
+ },
+ [ ICH6_REG_RIRBSTS ] = {
+ .name = "RIRBSTS",
+ .size = 1,
+ .wmask = 0x05,
+ .wclear = 0x05,
+ .offset = offsetof(IntelHDAState, rirb_sts),
+ .whandler = intel_hda_set_rirb_sts,
+ },
+ [ ICH6_REG_RIRBSIZE ] = {
+ .name = "RIRBSIZE",
+ .size = 1,
+ .reset = 0x42,
+ .offset = offsetof(IntelHDAState, rirb_size),
+ },
+
+ [ ICH6_REG_DPLBASE ] = {
+ .name = "DPLBASE",
+ .size = 4,
+ .wmask = 0xffffff81,
+ .offset = offsetof(IntelHDAState, dp_lbase),
+ },
+ [ ICH6_REG_DPUBASE ] = {
+ .name = "DPUBASE",
+ .size = 4,
+ .wmask = 0xffffffff,
+ .offset = offsetof(IntelHDAState, dp_ubase),
+ },
+
+ [ ICH6_REG_IC ] = {
+ .name = "ICW",
+ .size = 4,
+ .wmask = 0xffffffff,
+ .offset = offsetof(IntelHDAState, icw),
+ },
+ [ ICH6_REG_IR ] = {
+ .name = "IRR",
+ .size = 4,
+ .offset = offsetof(IntelHDAState, irr),
+ },
+ [ ICH6_REG_IRS ] = {
+ .name = "ICS",
+ .size = 2,
+ .wmask = 0x0003,
+ .wclear = 0x0002,
+ .offset = offsetof(IntelHDAState, ics),
+ .whandler = intel_hda_set_ics,
+ },
+
+#define HDA_STREAM(_t, _i) \
+ [ ST_REG(_i, ICH6_REG_SD_CTL) ] = { \
+ .stream = _i, \
+ .name = _t stringify(_i) " CTL", \
+ .size = 4, \
+ .wmask = 0x1cff001f, \
+ .offset = offsetof(IntelHDAState, st[_i].ctl), \
+ .whandler = intel_hda_set_st_ctl, \
+ }, \
+ [ ST_REG(_i, ICH6_REG_SD_CTL) + 2] = { \
+ .stream = _i, \
+ .name = _t stringify(_i) " CTL(stnr)", \
+ .size = 1, \
+ .shift = 16, \
+ .wmask = 0x00ff0000, \
+ .offset = offsetof(IntelHDAState, st[_i].ctl), \
+ .whandler = intel_hda_set_st_ctl, \
+ }, \
+ [ ST_REG(_i, ICH6_REG_SD_STS)] = { \
+ .stream = _i, \
+ .name = _t stringify(_i) " CTL(sts)", \
+ .size = 1, \
+ .shift = 24, \
+ .wmask = 0x1c000000, \
+ .wclear = 0x1c000000, \
+ .offset = offsetof(IntelHDAState, st[_i].ctl), \
+ .whandler = intel_hda_set_st_ctl, \
+ }, \
+ [ ST_REG(_i, ICH6_REG_SD_LPIB) ] = { \
+ .stream = _i, \
+ .name = _t stringify(_i) " LPIB", \
+ .size = 4, \
+ .offset = offsetof(IntelHDAState, st[_i].lpib), \
+ }, \
+ [ ST_REG(_i, ICH6_REG_SD_LPIB) + 0x2000 ] = { \
+ .stream = _i, \
+ .name = _t stringify(_i) " LPIB(alias)", \
+ .size = 4, \
+ .offset = offsetof(IntelHDAState, st[_i].lpib), \
+ }, \
+ [ ST_REG(_i, ICH6_REG_SD_CBL) ] = { \
+ .stream = _i, \
+ .name = _t stringify(_i) " CBL", \
+ .size = 4, \
+ .wmask = 0xffffffff, \
+ .offset = offsetof(IntelHDAState, st[_i].cbl), \
+ }, \
+ [ ST_REG(_i, ICH6_REG_SD_LVI) ] = { \
+ .stream = _i, \
+ .name = _t stringify(_i) " LVI", \
+ .size = 2, \
+ .wmask = 0x00ff, \
+ .offset = offsetof(IntelHDAState, st[_i].lvi), \
+ }, \
+ [ ST_REG(_i, ICH6_REG_SD_FIFOSIZE) ] = { \
+ .stream = _i, \
+ .name = _t stringify(_i) " FIFOS", \
+ .size = 2, \
+ .reset = HDA_BUFFER_SIZE, \
+ }, \
+ [ ST_REG(_i, ICH6_REG_SD_FORMAT) ] = { \
+ .stream = _i, \
+ .name = _t stringify(_i) " FMT", \
+ .size = 2, \
+ .wmask = 0x7f7f, \
+ .offset = offsetof(IntelHDAState, st[_i].fmt), \
+ }, \
+ [ ST_REG(_i, ICH6_REG_SD_BDLPL) ] = { \
+ .stream = _i, \
+ .name = _t stringify(_i) " BDLPL", \
+ .size = 4, \
+ .wmask = 0xffffff80, \
+ .offset = offsetof(IntelHDAState, st[_i].bdlp_lbase), \
+ }, \
+ [ ST_REG(_i, ICH6_REG_SD_BDLPU) ] = { \
+ .stream = _i, \
+ .name = _t stringify(_i) " BDLPU", \
+ .size = 4, \
+ .wmask = 0xffffffff, \
+ .offset = offsetof(IntelHDAState, st[_i].bdlp_ubase), \
+ }, \
+
+ HDA_STREAM("IN", 0)
+ HDA_STREAM("IN", 1)
+ HDA_STREAM("IN", 2)
+ HDA_STREAM("IN", 3)
+
+ HDA_STREAM("OUT", 4)
+ HDA_STREAM("OUT", 5)
+ HDA_STREAM("OUT", 6)
+ HDA_STREAM("OUT", 7)
+
+};
+
+static const IntelHDAReg *intel_hda_reg_find(IntelHDAState *d, hwaddr addr)
+{
+ const IntelHDAReg *reg;
+
+ if (addr >= sizeof(regtab)/sizeof(regtab[0])) {
+ goto noreg;
+ }
+ reg = regtab+addr;
+ if (reg->name == NULL) {
+ goto noreg;
+ }
+ return reg;
+
+noreg:
+ dprint(d, 1, "unknown register, addr 0x%x\n", (int) addr);
+ return NULL;
+}
+
+static uint32_t *intel_hda_reg_addr(IntelHDAState *d, const IntelHDAReg *reg)
+{
+ uint8_t *addr = (void*)d;
+
+ addr += reg->offset;
+ return (uint32_t*)addr;
+}
+
+static void intel_hda_reg_write(IntelHDAState *d, const IntelHDAReg *reg, uint32_t val,
+ uint32_t wmask)
+{
+ uint32_t *addr;
+ uint32_t old;
+
+ if (!reg) {
+ return;
+ }
+
+ if (d->debug) {
+ time_t now = time(NULL);
+ if (d->last_write && d->last_reg == reg && d->last_val == val) {
+ d->repeat_count++;
+ if (d->last_sec != now) {
+ dprint(d, 2, "previous register op repeated %d times\n", d->repeat_count);
+ d->last_sec = now;
+ d->repeat_count = 0;
+ }
+ } else {
+ if (d->repeat_count) {
+ dprint(d, 2, "previous register op repeated %d times\n", d->repeat_count);
+ }
+ dprint(d, 2, "write %-16s: 0x%x (%x)\n", reg->name, val, wmask);
+ d->last_write = 1;
+ d->last_reg = reg;
+ d->last_val = val;
+ d->last_sec = now;
+ d->repeat_count = 0;
+ }
+ }
+ assert(reg->offset != 0);
+
+ addr = intel_hda_reg_addr(d, reg);
+ old = *addr;
+
+ if (reg->shift) {
+ val <<= reg->shift;
+ wmask <<= reg->shift;
+ }
+ wmask &= reg->wmask;
+ *addr &= ~wmask;
+ *addr |= wmask & val;
+ *addr &= ~(val & reg->wclear);
+
+ if (reg->whandler) {
+ reg->whandler(d, reg, old);
+ }
+}
+
+static uint32_t intel_hda_reg_read(IntelHDAState *d, const IntelHDAReg *reg,
+ uint32_t rmask)
+{
+ uint32_t *addr, ret;
+
+ if (!reg) {
+ return 0;
+ }
+
+ if (reg->rhandler) {
+ reg->rhandler(d, reg);
+ }
+
+ if (reg->offset == 0) {
+ /* constant read-only register */
+ ret = reg->reset;
+ } else {
+ addr = intel_hda_reg_addr(d, reg);
+ ret = *addr;
+ if (reg->shift) {
+ ret >>= reg->shift;
+ }
+ ret &= rmask;
+ }
+ if (d->debug) {
+ time_t now = time(NULL);
+ if (!d->last_write && d->last_reg == reg && d->last_val == ret) {
+ d->repeat_count++;
+ if (d->last_sec != now) {
+ dprint(d, 2, "previous register op repeated %d times\n", d->repeat_count);
+ d->last_sec = now;
+ d->repeat_count = 0;
+ }
+ } else {
+ if (d->repeat_count) {
+ dprint(d, 2, "previous register op repeated %d times\n", d->repeat_count);
+ }
+ dprint(d, 2, "read %-16s: 0x%x (%x)\n", reg->name, ret, rmask);
+ d->last_write = 0;
+ d->last_reg = reg;
+ d->last_val = ret;
+ d->last_sec = now;
+ d->repeat_count = 0;
+ }
+ }
+ return ret;
+}
+
+static void intel_hda_regs_reset(IntelHDAState *d)
+{
+ uint32_t *addr;
+ int i;
+
+ for (i = 0; i < sizeof(regtab)/sizeof(regtab[0]); i++) {
+ if (regtab[i].name == NULL) {
+ continue;
+ }
+ if (regtab[i].offset == 0) {
+ continue;
+ }
+ addr = intel_hda_reg_addr(d, regtab + i);
+ *addr = regtab[i].reset;
+ }
+}
+
+/* --------------------------------------------------------------------- */
+
+static void intel_hda_mmio_writeb(void *opaque, hwaddr addr, uint32_t val)
+{
+ IntelHDAState *d = opaque;
+ const IntelHDAReg *reg = intel_hda_reg_find(d, addr);
+
+ intel_hda_reg_write(d, reg, val, 0xff);
+}
+
+static void intel_hda_mmio_writew(void *opaque, hwaddr addr, uint32_t val)
+{
+ IntelHDAState *d = opaque;
+ const IntelHDAReg *reg = intel_hda_reg_find(d, addr);
+
+ intel_hda_reg_write(d, reg, val, 0xffff);
+}
+
+static void intel_hda_mmio_writel(void *opaque, hwaddr addr, uint32_t val)
+{
+ IntelHDAState *d = opaque;
+ const IntelHDAReg *reg = intel_hda_reg_find(d, addr);
+
+ intel_hda_reg_write(d, reg, val, 0xffffffff);
+}
+
+static uint32_t intel_hda_mmio_readb(void *opaque, hwaddr addr)
+{
+ IntelHDAState *d = opaque;
+ const IntelHDAReg *reg = intel_hda_reg_find(d, addr);
+
+ return intel_hda_reg_read(d, reg, 0xff);
+}
+
+static uint32_t intel_hda_mmio_readw(void *opaque, hwaddr addr)
+{
+ IntelHDAState *d = opaque;
+ const IntelHDAReg *reg = intel_hda_reg_find(d, addr);
+
+ return intel_hda_reg_read(d, reg, 0xffff);
+}
+
+static uint32_t intel_hda_mmio_readl(void *opaque, hwaddr addr)
+{
+ IntelHDAState *d = opaque;
+ const IntelHDAReg *reg = intel_hda_reg_find(d, addr);
+
+ return intel_hda_reg_read(d, reg, 0xffffffff);
+}
+
+static const MemoryRegionOps intel_hda_mmio_ops = {
+ .old_mmio = {
+ .read = {
+ intel_hda_mmio_readb,
+ intel_hda_mmio_readw,
+ intel_hda_mmio_readl,
+ },
+ .write = {
+ intel_hda_mmio_writeb,
+ intel_hda_mmio_writew,
+ intel_hda_mmio_writel,
+ },
+ },
+ .endianness = DEVICE_NATIVE_ENDIAN,
+};
+
+/* --------------------------------------------------------------------- */
+
+static void intel_hda_reset(DeviceState *dev)
+{
+ BusChild *kid;
+ IntelHDAState *d = INTEL_HDA(dev);
+ HDACodecDevice *cdev;
+
+ intel_hda_regs_reset(d);
+ d->wall_base_ns = qemu_get_clock_ns(vm_clock);
+
+ /* reset codecs */
+ QTAILQ_FOREACH(kid, &d->codecs.qbus.children, sibling) {
+ DeviceState *qdev = kid->child;
+ cdev = DO_UPCAST(HDACodecDevice, qdev, qdev);
+ device_reset(DEVICE(cdev));
+ d->state_sts |= (1 << cdev->cad);
+ }
+ intel_hda_update_irq(d);
+}
+
+static int intel_hda_init(PCIDevice *pci)
+{
+ IntelHDAState *d = INTEL_HDA(pci);
+ uint8_t *conf = d->pci.config;
+
+ d->name = object_get_typename(OBJECT(d));
+
+ pci_config_set_interrupt_pin(conf, 1);
+
+ /* HDCTL off 0x40 bit 0 selects signaling mode (1-HDA, 0 - Ac97) 18.1.19 */
+ conf[0x40] = 0x01;
+
+ memory_region_init_io(&d->mmio, OBJECT(d), &intel_hda_mmio_ops, d,
+ "intel-hda", 0x4000);
+ pci_register_bar(&d->pci, 0, 0, &d->mmio);
+ if (d->msi) {
+ msi_init(&d->pci, 0x50, 1, true, false);
+ }
+
+ hda_codec_bus_init(DEVICE(pci), &d->codecs,
+ intel_hda_response, intel_hda_xfer);
+
+ return 0;
+}
+
+static void intel_hda_exit(PCIDevice *pci)
+{
+ IntelHDAState *d = INTEL_HDA(pci);
+
+ msi_uninit(&d->pci);
+ memory_region_destroy(&d->mmio);
+}
+
+static int intel_hda_post_load(void *opaque, int version)
+{
+ IntelHDAState* d = opaque;
+ int i;
+
+ dprint(d, 1, "%s\n", __FUNCTION__);
+ for (i = 0; i < ARRAY_SIZE(d->st); i++) {
+ if (d->st[i].ctl & 0x02) {
+ intel_hda_parse_bdl(d, &d->st[i]);
+ }
+ }
+ intel_hda_update_irq(d);
+ return 0;
+}
+
+static const VMStateDescription vmstate_intel_hda_stream = {
+ .name = "intel-hda-stream",
+ .version_id = 1,
+ .fields = (VMStateField []) {
+ VMSTATE_UINT32(ctl, IntelHDAStream),
+ VMSTATE_UINT32(lpib, IntelHDAStream),
+ VMSTATE_UINT32(cbl, IntelHDAStream),
+ VMSTATE_UINT32(lvi, IntelHDAStream),
+ VMSTATE_UINT32(fmt, IntelHDAStream),
+ VMSTATE_UINT32(bdlp_lbase, IntelHDAStream),
+ VMSTATE_UINT32(bdlp_ubase, IntelHDAStream),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+static const VMStateDescription vmstate_intel_hda = {
+ .name = "intel-hda",
+ .version_id = 1,
+ .post_load = intel_hda_post_load,
+ .fields = (VMStateField []) {
+ VMSTATE_PCI_DEVICE(pci, IntelHDAState),
+
+ /* registers */
+ VMSTATE_UINT32(g_ctl, IntelHDAState),
+ VMSTATE_UINT32(wake_en, IntelHDAState),
+ VMSTATE_UINT32(state_sts, IntelHDAState),
+ VMSTATE_UINT32(int_ctl, IntelHDAState),
+ VMSTATE_UINT32(int_sts, IntelHDAState),
+ VMSTATE_UINT32(wall_clk, IntelHDAState),
+ VMSTATE_UINT32(corb_lbase, IntelHDAState),
+ VMSTATE_UINT32(corb_ubase, IntelHDAState),
+ VMSTATE_UINT32(corb_rp, IntelHDAState),
+ VMSTATE_UINT32(corb_wp, IntelHDAState),
+ VMSTATE_UINT32(corb_ctl, IntelHDAState),
+ VMSTATE_UINT32(corb_sts, IntelHDAState),
+ VMSTATE_UINT32(corb_size, IntelHDAState),
+ VMSTATE_UINT32(rirb_lbase, IntelHDAState),
+ VMSTATE_UINT32(rirb_ubase, IntelHDAState),
+ VMSTATE_UINT32(rirb_wp, IntelHDAState),
+ VMSTATE_UINT32(rirb_cnt, IntelHDAState),
+ VMSTATE_UINT32(rirb_ctl, IntelHDAState),
+ VMSTATE_UINT32(rirb_sts, IntelHDAState),
+ VMSTATE_UINT32(rirb_size, IntelHDAState),
+ VMSTATE_UINT32(dp_lbase, IntelHDAState),
+ VMSTATE_UINT32(dp_ubase, IntelHDAState),
+ VMSTATE_UINT32(icw, IntelHDAState),
+ VMSTATE_UINT32(irr, IntelHDAState),
+ VMSTATE_UINT32(ics, IntelHDAState),
+ VMSTATE_STRUCT_ARRAY(st, IntelHDAState, 8, 0,
+ vmstate_intel_hda_stream,
+ IntelHDAStream),
+
+ /* additional state info */
+ VMSTATE_UINT32(rirb_count, IntelHDAState),
+ VMSTATE_INT64(wall_base_ns, IntelHDAState),
+
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+static Property intel_hda_properties[] = {
+ DEFINE_PROP_UINT32("debug", IntelHDAState, debug, 0),
+ DEFINE_PROP_UINT32("msi", IntelHDAState, msi, 1),
+ DEFINE_PROP_END_OF_LIST(),
+};
+
+static void intel_hda_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ PCIDeviceClass *k = PCI_DEVICE_CLASS(klass);
+
+ k->init = intel_hda_init;
+ k->exit = intel_hda_exit;
+ k->vendor_id = PCI_VENDOR_ID_INTEL;
+ k->class_id = PCI_CLASS_MULTIMEDIA_HD_AUDIO;
+ dc->reset = intel_hda_reset;
+ dc->vmsd = &vmstate_intel_hda;
+ dc->props = intel_hda_properties;
+}
+
+static void intel_hda_class_init_ich6(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ PCIDeviceClass *k = PCI_DEVICE_CLASS(klass);
+
+ k->device_id = 0x2668;
+ k->revision = 1;
+ set_bit(DEVICE_CATEGORY_SOUND, dc->categories);
+ dc->desc = "Intel HD Audio Controller (ich6)";
+}
+
+static void intel_hda_class_init_ich9(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ PCIDeviceClass *k = PCI_DEVICE_CLASS(klass);
+
+ k->device_id = 0x293e;
+ k->revision = 3;
+ set_bit(DEVICE_CATEGORY_SOUND, dc->categories);
+ dc->desc = "Intel HD Audio Controller (ich9)";
+}
+
+static const TypeInfo intel_hda_info = {
+ .name = TYPE_INTEL_HDA_GENERIC,
+ .parent = TYPE_PCI_DEVICE,
+ .instance_size = sizeof(IntelHDAState),
+ .class_init = intel_hda_class_init,
+ .abstract = true,
+};
+
+static const TypeInfo intel_hda_info_ich6 = {
+ .name = "intel-hda",
+ .parent = TYPE_INTEL_HDA_GENERIC,
+ .class_init = intel_hda_class_init_ich6,
+};
+
+static const TypeInfo intel_hda_info_ich9 = {
+ .name = "ich9-intel-hda",
+ .parent = TYPE_INTEL_HDA_GENERIC,
+ .class_init = intel_hda_class_init_ich9,
+};
+
+static void hda_codec_device_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *k = DEVICE_CLASS(klass);
+ k->init = hda_codec_dev_init;
+ k->exit = hda_codec_dev_exit;
+ set_bit(DEVICE_CATEGORY_SOUND, k->categories);
+ k->bus_type = TYPE_HDA_BUS;
+ k->props = hda_props;
+}
+
+static const TypeInfo hda_codec_device_type_info = {
+ .name = TYPE_HDA_CODEC_DEVICE,
+ .parent = TYPE_DEVICE,
+ .instance_size = sizeof(HDACodecDevice),
+ .abstract = true,
+ .class_size = sizeof(HDACodecDeviceClass),
+ .class_init = hda_codec_device_class_init,
+};
+
+/*
+ * create intel hda controller with codec attached to it,
+ * so '-soundhw hda' works.
+ */
+static int intel_hda_and_codec_init(PCIBus *bus)
+{
+ DeviceState *controller;
+ BusState *hdabus;
+ DeviceState *codec;
+
+ controller = DEVICE(pci_create_simple(bus, -1, "intel-hda"));
+ hdabus = QLIST_FIRST(&controller->child_bus);
+ codec = qdev_create(hdabus, "hda-duplex");
+ qdev_init_nofail(codec);
+ return 0;
+}
+
+static void intel_hda_register_types(void)
+{
+ type_register_static(&hda_codec_bus_info);
+ type_register_static(&intel_hda_info);
+ type_register_static(&intel_hda_info_ich6);
+ type_register_static(&intel_hda_info_ich9);
+ type_register_static(&hda_codec_device_type_info);
+ pci_register_soundhw("hda", "Intel HD Audio", intel_hda_and_codec_init);
+}
+
+type_init(intel_hda_register_types)
diff --git a/hw/audio/intel-hda.h b/hw/audio/intel-hda.h
new file mode 100644
index 000000000..2544f0a34
--- /dev/null
+++ b/hw/audio/intel-hda.h
@@ -0,0 +1,72 @@
+#ifndef HW_INTEL_HDA_H
+#define HW_INTEL_HDA_H
+
+#include "hw/qdev.h"
+
+/* --------------------------------------------------------------------- */
+/* hda bus */
+
+#define TYPE_HDA_CODEC_DEVICE "hda-codec"
+#define HDA_CODEC_DEVICE(obj) \
+ OBJECT_CHECK(HDACodecDevice, (obj), TYPE_HDA_CODEC_DEVICE)
+#define HDA_CODEC_DEVICE_CLASS(klass) \
+ OBJECT_CLASS_CHECK(HDACodecDeviceClass, (klass), TYPE_HDA_CODEC_DEVICE)
+#define HDA_CODEC_DEVICE_GET_CLASS(obj) \
+ OBJECT_GET_CLASS(HDACodecDeviceClass, (obj), TYPE_HDA_CODEC_DEVICE)
+
+#define TYPE_HDA_BUS "HDA"
+#define HDA_BUS(obj) OBJECT_CHECK(HDACodecBus, (obj), TYPE_HDA_BUS)
+
+typedef struct HDACodecBus HDACodecBus;
+typedef struct HDACodecDevice HDACodecDevice;
+
+typedef void (*hda_codec_response_func)(HDACodecDevice *dev,
+ bool solicited, uint32_t response);
+typedef bool (*hda_codec_xfer_func)(HDACodecDevice *dev,
+ uint32_t stnr, bool output,
+ uint8_t *buf, uint32_t len);
+
+struct HDACodecBus {
+ BusState qbus;
+ uint32_t next_cad;
+ hda_codec_response_func response;
+ hda_codec_xfer_func xfer;
+};
+
+typedef struct HDACodecDeviceClass
+{
+ DeviceClass parent_class;
+
+ int (*init)(HDACodecDevice *dev);
+ int (*exit)(HDACodecDevice *dev);
+ void (*command)(HDACodecDevice *dev, uint32_t nid, uint32_t data);
+ void (*stream)(HDACodecDevice *dev, uint32_t stnr, bool running, bool output);
+} HDACodecDeviceClass;
+
+struct HDACodecDevice {
+ DeviceState qdev;
+ uint32_t cad; /* codec address */
+};
+
+void hda_codec_bus_init(DeviceState *dev, HDACodecBus *bus,
+ hda_codec_response_func response,
+ hda_codec_xfer_func xfer);
+HDACodecDevice *hda_codec_find(HDACodecBus *bus, uint32_t cad);
+
+void hda_codec_response(HDACodecDevice *dev, bool solicited, uint32_t response);
+bool hda_codec_xfer(HDACodecDevice *dev, uint32_t stnr, bool output,
+ uint8_t *buf, uint32_t len);
+
+/* --------------------------------------------------------------------- */
+
+#define dprint(_dev, _level, _fmt, ...) \
+ do { \
+ if (_dev->debug >= _level) { \
+ fprintf(stderr, "%s: ", _dev->name); \
+ fprintf(stderr, _fmt, ## __VA_ARGS__); \
+ } \
+ } while (0)
+
+/* --------------------------------------------------------------------- */
+
+#endif
diff --git a/hw/audio/lm4549.c b/hw/audio/lm4549.c
new file mode 100644
index 000000000..d75f7ec21
--- /dev/null
+++ b/hw/audio/lm4549.c
@@ -0,0 +1,336 @@
+/*
+ * LM4549 Audio Codec Interface
+ *
+ * Copyright (c) 2011
+ * Written by Mathieu Sonet - www.elasticsheep.com
+ *
+ * This code is licensed under the GPL.
+ *
+ * *****************************************************************
+ *
+ * This driver emulates the LM4549 codec.
+ *
+ * It supports only one playback voice and no record voice.
+ */
+
+#include "hw/hw.h"
+#include "audio/audio.h"
+#include "lm4549.h"
+
+#if 0
+#define LM4549_DEBUG 1
+#endif
+
+#if 0
+#define LM4549_DUMP_DAC_INPUT 1
+#endif
+
+#ifdef LM4549_DEBUG
+#define DPRINTF(fmt, ...) \
+do { printf("lm4549: " fmt , ## __VA_ARGS__); } while (0)
+#else
+#define DPRINTF(fmt, ...) do {} while (0)
+#endif
+
+#if defined(LM4549_DUMP_DAC_INPUT)
+#include <stdio.h>
+static FILE *fp_dac_input;
+#endif
+
+/* LM4549 register list */
+enum {
+ LM4549_Reset = 0x00,
+ LM4549_Master_Volume = 0x02,
+ LM4549_Line_Out_Volume = 0x04,
+ LM4549_Master_Volume_Mono = 0x06,
+ LM4549_PC_Beep_Volume = 0x0A,
+ LM4549_Phone_Volume = 0x0C,
+ LM4549_Mic_Volume = 0x0E,
+ LM4549_Line_In_Volume = 0x10,
+ LM4549_CD_Volume = 0x12,
+ LM4549_Video_Volume = 0x14,
+ LM4549_Aux_Volume = 0x16,
+ LM4549_PCM_Out_Volume = 0x18,
+ LM4549_Record_Select = 0x1A,
+ LM4549_Record_Gain = 0x1C,
+ LM4549_General_Purpose = 0x20,
+ LM4549_3D_Control = 0x22,
+ LM4549_Powerdown_Ctrl_Stat = 0x26,
+ LM4549_Ext_Audio_ID = 0x28,
+ LM4549_Ext_Audio_Stat_Ctrl = 0x2A,
+ LM4549_PCM_Front_DAC_Rate = 0x2C,
+ LM4549_PCM_ADC_Rate = 0x32,
+ LM4549_Vendor_ID1 = 0x7C,
+ LM4549_Vendor_ID2 = 0x7E
+};
+
+static void lm4549_reset(lm4549_state *s)
+{
+ uint16_t *regfile = s->regfile;
+
+ regfile[LM4549_Reset] = 0x0d50;
+ regfile[LM4549_Master_Volume] = 0x8008;
+ regfile[LM4549_Line_Out_Volume] = 0x8000;
+ regfile[LM4549_Master_Volume_Mono] = 0x8000;
+ regfile[LM4549_PC_Beep_Volume] = 0x0000;
+ regfile[LM4549_Phone_Volume] = 0x8008;
+ regfile[LM4549_Mic_Volume] = 0x8008;
+ regfile[LM4549_Line_In_Volume] = 0x8808;
+ regfile[LM4549_CD_Volume] = 0x8808;
+ regfile[LM4549_Video_Volume] = 0x8808;
+ regfile[LM4549_Aux_Volume] = 0x8808;
+ regfile[LM4549_PCM_Out_Volume] = 0x8808;
+ regfile[LM4549_Record_Select] = 0x0000;
+ regfile[LM4549_Record_Gain] = 0x8000;
+ regfile[LM4549_General_Purpose] = 0x0000;
+ regfile[LM4549_3D_Control] = 0x0101;
+ regfile[LM4549_Powerdown_Ctrl_Stat] = 0x000f;
+ regfile[LM4549_Ext_Audio_ID] = 0x0001;
+ regfile[LM4549_Ext_Audio_Stat_Ctrl] = 0x0000;
+ regfile[LM4549_PCM_Front_DAC_Rate] = 0xbb80;
+ regfile[LM4549_PCM_ADC_Rate] = 0xbb80;
+ regfile[LM4549_Vendor_ID1] = 0x4e53;
+ regfile[LM4549_Vendor_ID2] = 0x4331;
+}
+
+static void lm4549_audio_transfer(lm4549_state *s)
+{
+ uint32_t written_bytes, written_samples;
+ uint32_t i;
+
+ /* Activate the voice */
+ AUD_set_active_out(s->voice, 1);
+ s->voice_is_active = 1;
+
+ /* Try to write the buffer content */
+ written_bytes = AUD_write(s->voice, s->buffer,
+ s->buffer_level * sizeof(uint16_t));
+ written_samples = written_bytes >> 1;
+
+#if defined(LM4549_DUMP_DAC_INPUT)
+ fwrite(s->buffer, sizeof(uint8_t), written_bytes, fp_dac_input);
+#endif
+
+ s->buffer_level -= written_samples;
+
+ if (s->buffer_level > 0) {
+ /* Move the data back to the start of the buffer */
+ for (i = 0; i < s->buffer_level; i++) {
+ s->buffer[i] = s->buffer[i + written_samples];
+ }
+ }
+}
+
+static void lm4549_audio_out_callback(void *opaque, int free)
+{
+ lm4549_state *s = (lm4549_state *)opaque;
+ static uint32_t prev_buffer_level;
+
+#ifdef LM4549_DEBUG
+ int size = AUD_get_buffer_size_out(s->voice);
+ DPRINTF("audio_out_callback size = %i free = %i\n", size, free);
+#endif
+
+ /* Detect that no data are consumed
+ => disable the voice */
+ if (s->buffer_level == prev_buffer_level) {
+ AUD_set_active_out(s->voice, 0);
+ s->voice_is_active = 0;
+ }
+ prev_buffer_level = s->buffer_level;
+
+ /* Check if a buffer transfer is pending */
+ if (s->buffer_level == LM4549_BUFFER_SIZE) {
+ lm4549_audio_transfer(s);
+
+ /* Request more data */
+ if (s->data_req_cb != NULL) {
+ (s->data_req_cb)(s->opaque);
+ }
+ }
+}
+
+uint32_t lm4549_read(lm4549_state *s, hwaddr offset)
+{
+ uint16_t *regfile = s->regfile;
+ uint32_t value = 0;
+
+ /* Read the stored value */
+ assert(offset < 128);
+ value = regfile[offset];
+
+ DPRINTF("read [0x%02x] = 0x%04x\n", offset, value);
+
+ return value;
+}
+
+void lm4549_write(lm4549_state *s,
+ hwaddr offset, uint32_t value)
+{
+ uint16_t *regfile = s->regfile;
+
+ assert(offset < 128);
+ DPRINTF("write [0x%02x] = 0x%04x\n", offset, value);
+
+ switch (offset) {
+ case LM4549_Reset:
+ lm4549_reset(s);
+ break;
+
+ case LM4549_PCM_Front_DAC_Rate:
+ regfile[LM4549_PCM_Front_DAC_Rate] = value;
+ DPRINTF("DAC rate change = %i\n", value);
+
+ /* Re-open a voice with the new sample rate */
+ struct audsettings as;
+ as.freq = value;
+ as.nchannels = 2;
+ as.fmt = AUD_FMT_S16;
+ as.endianness = 0;
+
+ s->voice = AUD_open_out(
+ &s->card,
+ s->voice,
+ "lm4549.out",
+ s,
+ lm4549_audio_out_callback,
+ &as
+ );
+ break;
+
+ case LM4549_Powerdown_Ctrl_Stat:
+ value &= ~0xf;
+ value |= regfile[LM4549_Powerdown_Ctrl_Stat] & 0xf;
+ regfile[LM4549_Powerdown_Ctrl_Stat] = value;
+ break;
+
+ case LM4549_Ext_Audio_ID:
+ case LM4549_Vendor_ID1:
+ case LM4549_Vendor_ID2:
+ DPRINTF("Write to read-only register 0x%x\n", (int)offset);
+ break;
+
+ default:
+ /* Store the new value */
+ regfile[offset] = value;
+ break;
+ }
+}
+
+uint32_t lm4549_write_samples(lm4549_state *s, uint32_t left, uint32_t right)
+{
+ /* The left and right samples are in 20-bit resolution.
+ The LM4549 has 18-bit resolution and only uses the bits [19:2].
+ This model supports 16-bit playback.
+ */
+
+ if (s->buffer_level > LM4549_BUFFER_SIZE - 2) {
+ DPRINTF("write_sample Buffer full\n");
+ return 0;
+ }
+
+ /* Store 16-bit samples in the buffer */
+ s->buffer[s->buffer_level++] = (left >> 4);
+ s->buffer[s->buffer_level++] = (right >> 4);
+
+ if (s->buffer_level == LM4549_BUFFER_SIZE) {
+ /* Trigger the transfer of the buffer to the audio host */
+ lm4549_audio_transfer(s);
+ }
+
+ return 1;
+}
+
+static int lm4549_post_load(void *opaque, int version_id)
+{
+ lm4549_state *s = (lm4549_state *)opaque;
+ uint16_t *regfile = s->regfile;
+
+ /* Re-open a voice with the current sample rate */
+ uint32_t freq = regfile[LM4549_PCM_Front_DAC_Rate];
+
+ DPRINTF("post_load freq = %i\n", freq);
+ DPRINTF("post_load voice_is_active = %i\n", s->voice_is_active);
+
+ struct audsettings as;
+ as.freq = freq;
+ as.nchannels = 2;
+ as.fmt = AUD_FMT_S16;
+ as.endianness = 0;
+
+ s->voice = AUD_open_out(
+ &s->card,
+ s->voice,
+ "lm4549.out",
+ s,
+ lm4549_audio_out_callback,
+ &as
+ );
+
+ /* Request data */
+ if (s->voice_is_active == 1) {
+ lm4549_audio_out_callback(s, AUD_get_buffer_size_out(s->voice));
+ }
+
+ return 0;
+}
+
+void lm4549_init(lm4549_state *s, lm4549_callback data_req_cb, void* opaque)
+{
+ struct audsettings as;
+
+ /* Store the callback and opaque pointer */
+ s->data_req_cb = data_req_cb;
+ s->opaque = opaque;
+
+ /* Init the registers */
+ lm4549_reset(s);
+
+ /* Register an audio card */
+ AUD_register_card("lm4549", &s->card);
+
+ /* Open a default voice */
+ as.freq = 48000;
+ as.nchannels = 2;
+ as.fmt = AUD_FMT_S16;
+ as.endianness = 0;
+
+ s->voice = AUD_open_out(
+ &s->card,
+ s->voice,
+ "lm4549.out",
+ s,
+ lm4549_audio_out_callback,
+ &as
+ );
+
+ AUD_set_volume_out(s->voice, 0, 255, 255);
+
+ s->voice_is_active = 0;
+
+ /* Reset the input buffer */
+ memset(s->buffer, 0x00, sizeof(s->buffer));
+ s->buffer_level = 0;
+
+#if defined(LM4549_DUMP_DAC_INPUT)
+ fp_dac_input = fopen("lm4549_dac_input.pcm", "wb");
+ if (!fp_dac_input) {
+ hw_error("Unable to open lm4549_dac_input.pcm for writing\n");
+ }
+#endif
+}
+
+const VMStateDescription vmstate_lm4549_state = {
+ .name = "lm4549_state",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .minimum_version_id_old = 1,
+ .post_load = &lm4549_post_load,
+ .fields = (VMStateField[]) {
+ VMSTATE_UINT32(voice_is_active, lm4549_state),
+ VMSTATE_UINT16_ARRAY(regfile, lm4549_state, 128),
+ VMSTATE_UINT16_ARRAY(buffer, lm4549_state, LM4549_BUFFER_SIZE),
+ VMSTATE_UINT32(buffer_level, lm4549_state),
+ VMSTATE_END_OF_LIST()
+ }
+};
diff --git a/hw/lm4549.h b/hw/audio/lm4549.h
index 812a7a444..812a7a444 100644
--- a/hw/lm4549.h
+++ b/hw/audio/lm4549.h
diff --git a/hw/audio/marvell_88w8618.c b/hw/audio/marvell_88w8618.c
new file mode 100644
index 000000000..97194ce7a
--- /dev/null
+++ b/hw/audio/marvell_88w8618.c
@@ -0,0 +1,305 @@
+/*
+ * Marvell 88w8618 audio emulation extracted from
+ * Marvell MV88w8618 / Freecom MusicPal emulation.
+ *
+ * Copyright (c) 2008 Jan Kiszka
+ *
+ * This code is licensed under the GNU GPL v2.
+ *
+ * Contributions after 2012-01-13 are licensed under the terms of the
+ * GNU GPL, version 2 or (at your option) any later version.
+ */
+#include "hw/sysbus.h"
+#include "hw/hw.h"
+#include "hw/i2c/i2c.h"
+#include "audio/audio.h"
+
+#define MP_AUDIO_SIZE 0x00001000
+
+/* Audio register offsets */
+#define MP_AUDIO_PLAYBACK_MODE 0x00
+#define MP_AUDIO_CLOCK_DIV 0x18
+#define MP_AUDIO_IRQ_STATUS 0x20
+#define MP_AUDIO_IRQ_ENABLE 0x24
+#define MP_AUDIO_TX_START_LO 0x28
+#define MP_AUDIO_TX_THRESHOLD 0x2C
+#define MP_AUDIO_TX_STATUS 0x38
+#define MP_AUDIO_TX_START_HI 0x40
+
+/* Status register and IRQ enable bits */
+#define MP_AUDIO_TX_HALF (1 << 6)
+#define MP_AUDIO_TX_FULL (1 << 7)
+
+/* Playback mode bits */
+#define MP_AUDIO_16BIT_SAMPLE (1 << 0)
+#define MP_AUDIO_PLAYBACK_EN (1 << 7)
+#define MP_AUDIO_CLOCK_24MHZ (1 << 9)
+#define MP_AUDIO_MONO (1 << 14)
+
+#define TYPE_MV88W8618_AUDIO "mv88w8618_audio"
+#define MV88W8618_AUDIO(obj) \
+ OBJECT_CHECK(mv88w8618_audio_state, (obj), TYPE_MV88W8618_AUDIO)
+
+typedef struct mv88w8618_audio_state {
+ SysBusDevice parent_obj;
+
+ MemoryRegion iomem;
+ qemu_irq irq;
+ uint32_t playback_mode;
+ uint32_t status;
+ uint32_t irq_enable;
+ uint32_t phys_buf;
+ uint32_t target_buffer;
+ uint32_t threshold;
+ uint32_t play_pos;
+ uint32_t last_free;
+ uint32_t clock_div;
+ void *wm;
+} mv88w8618_audio_state;
+
+static void mv88w8618_audio_callback(void *opaque, int free_out, int free_in)
+{
+ mv88w8618_audio_state *s = opaque;
+ int16_t *codec_buffer;
+ int8_t buf[4096];
+ int8_t *mem_buffer;
+ int pos, block_size;
+
+ if (!(s->playback_mode & MP_AUDIO_PLAYBACK_EN)) {
+ return;
+ }
+ if (s->playback_mode & MP_AUDIO_16BIT_SAMPLE) {
+ free_out <<= 1;
+ }
+ if (!(s->playback_mode & MP_AUDIO_MONO)) {
+ free_out <<= 1;
+ }
+ block_size = s->threshold / 2;
+ if (free_out - s->last_free < block_size) {
+ return;
+ }
+ if (block_size > 4096) {
+ return;
+ }
+ cpu_physical_memory_read(s->target_buffer + s->play_pos, buf, block_size);
+ mem_buffer = buf;
+ if (s->playback_mode & MP_AUDIO_16BIT_SAMPLE) {
+ if (s->playback_mode & MP_AUDIO_MONO) {
+ codec_buffer = wm8750_dac_buffer(s->wm, block_size >> 1);
+ for (pos = 0; pos < block_size; pos += 2) {
+ *codec_buffer++ = *(int16_t *)mem_buffer;
+ *codec_buffer++ = *(int16_t *)mem_buffer;
+ mem_buffer += 2;
+ }
+ } else {
+ memcpy(wm8750_dac_buffer(s->wm, block_size >> 2),
+ (uint32_t *)mem_buffer, block_size);
+ }
+ } else {
+ if (s->playback_mode & MP_AUDIO_MONO) {
+ codec_buffer = wm8750_dac_buffer(s->wm, block_size);
+ for (pos = 0; pos < block_size; pos++) {
+ *codec_buffer++ = cpu_to_le16(256 * *mem_buffer);
+ *codec_buffer++ = cpu_to_le16(256 * *mem_buffer++);
+ }
+ } else {
+ codec_buffer = wm8750_dac_buffer(s->wm, block_size >> 1);
+ for (pos = 0; pos < block_size; pos += 2) {
+ *codec_buffer++ = cpu_to_le16(256 * *mem_buffer++);
+ *codec_buffer++ = cpu_to_le16(256 * *mem_buffer++);
+ }
+ }
+ }
+ wm8750_dac_commit(s->wm);
+
+ s->last_free = free_out - block_size;
+
+ if (s->play_pos == 0) {
+ s->status |= MP_AUDIO_TX_HALF;
+ s->play_pos = block_size;
+ } else {
+ s->status |= MP_AUDIO_TX_FULL;
+ s->play_pos = 0;
+ }
+
+ if (s->status & s->irq_enable) {
+ qemu_irq_raise(s->irq);
+ }
+}
+
+static void mv88w8618_audio_clock_update(mv88w8618_audio_state *s)
+{
+ int rate;
+
+ if (s->playback_mode & MP_AUDIO_CLOCK_24MHZ) {
+ rate = 24576000 / 64; /* 24.576MHz */
+ } else {
+ rate = 11289600 / 64; /* 11.2896MHz */
+ }
+ rate /= ((s->clock_div >> 8) & 0xff) + 1;
+
+ wm8750_set_bclk_in(s->wm, rate);
+}
+
+static uint64_t mv88w8618_audio_read(void *opaque, hwaddr offset,
+ unsigned size)
+{
+ mv88w8618_audio_state *s = opaque;
+
+ switch (offset) {
+ case MP_AUDIO_PLAYBACK_MODE:
+ return s->playback_mode;
+
+ case MP_AUDIO_CLOCK_DIV:
+ return s->clock_div;
+
+ case MP_AUDIO_IRQ_STATUS:
+ return s->status;
+
+ case MP_AUDIO_IRQ_ENABLE:
+ return s->irq_enable;
+
+ case MP_AUDIO_TX_STATUS:
+ return s->play_pos >> 2;
+
+ default:
+ return 0;
+ }
+}
+
+static void mv88w8618_audio_write(void *opaque, hwaddr offset,
+ uint64_t value, unsigned size)
+{
+ mv88w8618_audio_state *s = opaque;
+
+ switch (offset) {
+ case MP_AUDIO_PLAYBACK_MODE:
+ if (value & MP_AUDIO_PLAYBACK_EN &&
+ !(s->playback_mode & MP_AUDIO_PLAYBACK_EN)) {
+ s->status = 0;
+ s->last_free = 0;
+ s->play_pos = 0;
+ }
+ s->playback_mode = value;
+ mv88w8618_audio_clock_update(s);
+ break;
+
+ case MP_AUDIO_CLOCK_DIV:
+ s->clock_div = value;
+ s->last_free = 0;
+ s->play_pos = 0;
+ mv88w8618_audio_clock_update(s);
+ break;
+
+ case MP_AUDIO_IRQ_STATUS:
+ s->status &= ~value;
+ break;
+
+ case MP_AUDIO_IRQ_ENABLE:
+ s->irq_enable = value;
+ if (s->status & s->irq_enable) {
+ qemu_irq_raise(s->irq);
+ }
+ break;
+
+ case MP_AUDIO_TX_START_LO:
+ s->phys_buf = (s->phys_buf & 0xFFFF0000) | (value & 0xFFFF);
+ s->target_buffer = s->phys_buf;
+ s->play_pos = 0;
+ s->last_free = 0;
+ break;
+
+ case MP_AUDIO_TX_THRESHOLD:
+ s->threshold = (value + 1) * 4;
+ break;
+
+ case MP_AUDIO_TX_START_HI:
+ s->phys_buf = (s->phys_buf & 0xFFFF) | (value << 16);
+ s->target_buffer = s->phys_buf;
+ s->play_pos = 0;
+ s->last_free = 0;
+ break;
+ }
+}
+
+static void mv88w8618_audio_reset(DeviceState *d)
+{
+ mv88w8618_audio_state *s = MV88W8618_AUDIO(d);
+
+ s->playback_mode = 0;
+ s->status = 0;
+ s->irq_enable = 0;
+ s->clock_div = 0;
+ s->threshold = 0;
+ s->phys_buf = 0;
+}
+
+static const MemoryRegionOps mv88w8618_audio_ops = {
+ .read = mv88w8618_audio_read,
+ .write = mv88w8618_audio_write,
+ .endianness = DEVICE_NATIVE_ENDIAN,
+};
+
+static int mv88w8618_audio_init(SysBusDevice *dev)
+{
+ mv88w8618_audio_state *s = MV88W8618_AUDIO(dev);
+
+ sysbus_init_irq(dev, &s->irq);
+
+ wm8750_data_req_set(s->wm, mv88w8618_audio_callback, s);
+
+ memory_region_init_io(&s->iomem, OBJECT(s), &mv88w8618_audio_ops, s,
+ "audio", MP_AUDIO_SIZE);
+ sysbus_init_mmio(dev, &s->iomem);
+
+ return 0;
+}
+
+static const VMStateDescription mv88w8618_audio_vmsd = {
+ .name = "mv88w8618_audio",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .minimum_version_id_old = 1,
+ .fields = (VMStateField[]) {
+ VMSTATE_UINT32(playback_mode, mv88w8618_audio_state),
+ VMSTATE_UINT32(status, mv88w8618_audio_state),
+ VMSTATE_UINT32(irq_enable, mv88w8618_audio_state),
+ VMSTATE_UINT32(phys_buf, mv88w8618_audio_state),
+ VMSTATE_UINT32(target_buffer, mv88w8618_audio_state),
+ VMSTATE_UINT32(threshold, mv88w8618_audio_state),
+ VMSTATE_UINT32(play_pos, mv88w8618_audio_state),
+ VMSTATE_UINT32(last_free, mv88w8618_audio_state),
+ VMSTATE_UINT32(clock_div, mv88w8618_audio_state),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+static Property mv88w8618_audio_properties[] = {
+ DEFINE_PROP_PTR("wm8750", mv88w8618_audio_state, wm),
+ {/* end of list */},
+};
+
+static void mv88w8618_audio_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
+
+ k->init = mv88w8618_audio_init;
+ dc->reset = mv88w8618_audio_reset;
+ dc->vmsd = &mv88w8618_audio_vmsd;
+ dc->props = mv88w8618_audio_properties;
+}
+
+static const TypeInfo mv88w8618_audio_info = {
+ .name = TYPE_MV88W8618_AUDIO,
+ .parent = TYPE_SYS_BUS_DEVICE,
+ .instance_size = sizeof(mv88w8618_audio_state),
+ .class_init = mv88w8618_audio_class_init,
+};
+
+static void mv88w8618_register_types(void)
+{
+ type_register_static(&mv88w8618_audio_info);
+}
+
+type_init(mv88w8618_register_types)
diff --git a/hw/audio/milkymist-ac97.c b/hw/audio/milkymist-ac97.c
new file mode 100644
index 000000000..9c0f7a092
--- /dev/null
+++ b/hw/audio/milkymist-ac97.c
@@ -0,0 +1,349 @@
+/*
+ * QEMU model of the Milkymist System Controller.
+ *
+ * Copyright (c) 2010 Michael Walle <michael@walle.cc>
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, see <http://www.gnu.org/licenses/>.
+ *
+ *
+ * Specification available at:
+ * http://www.milkymist.org/socdoc/ac97.pdf
+ */
+
+#include "hw/hw.h"
+#include "hw/sysbus.h"
+#include "trace.h"
+#include "audio/audio.h"
+#include "qemu/error-report.h"
+
+enum {
+ R_AC97_CTRL = 0,
+ R_AC97_ADDR,
+ R_AC97_DATAOUT,
+ R_AC97_DATAIN,
+ R_D_CTRL,
+ R_D_ADDR,
+ R_D_REMAINING,
+ R_RESERVED,
+ R_U_CTRL,
+ R_U_ADDR,
+ R_U_REMAINING,
+ R_MAX
+};
+
+enum {
+ AC97_CTRL_RQEN = (1<<0),
+ AC97_CTRL_WRITE = (1<<1),
+};
+
+enum {
+ CTRL_EN = (1<<0),
+};
+
+#define TYPE_MILKYMIST_AC97 "milkymist-ac97"
+#define MILKYMIST_AC97(obj) \
+ OBJECT_CHECK(MilkymistAC97State, (obj), TYPE_MILKYMIST_AC97)
+
+struct MilkymistAC97State {
+ SysBusDevice parent_obj;
+
+ MemoryRegion regs_region;
+
+ QEMUSoundCard card;
+ SWVoiceIn *voice_in;
+ SWVoiceOut *voice_out;
+
+ uint32_t regs[R_MAX];
+
+ qemu_irq crrequest_irq;
+ qemu_irq crreply_irq;
+ qemu_irq dmar_irq;
+ qemu_irq dmaw_irq;
+};
+typedef struct MilkymistAC97State MilkymistAC97State;
+
+static void update_voices(MilkymistAC97State *s)
+{
+ if (s->regs[R_D_CTRL] & CTRL_EN) {
+ AUD_set_active_out(s->voice_out, 1);
+ } else {
+ AUD_set_active_out(s->voice_out, 0);
+ }
+
+ if (s->regs[R_U_CTRL] & CTRL_EN) {
+ AUD_set_active_in(s->voice_in, 1);
+ } else {
+ AUD_set_active_in(s->voice_in, 0);
+ }
+}
+
+static uint64_t ac97_read(void *opaque, hwaddr addr,
+ unsigned size)
+{
+ MilkymistAC97State *s = opaque;
+ uint32_t r = 0;
+
+ addr >>= 2;
+ switch (addr) {
+ case R_AC97_CTRL:
+ case R_AC97_ADDR:
+ case R_AC97_DATAOUT:
+ case R_AC97_DATAIN:
+ case R_D_CTRL:
+ case R_D_ADDR:
+ case R_D_REMAINING:
+ case R_U_CTRL:
+ case R_U_ADDR:
+ case R_U_REMAINING:
+ r = s->regs[addr];
+ break;
+
+ default:
+ error_report("milkymist_ac97: read access to unknown register 0x"
+ TARGET_FMT_plx, addr << 2);
+ break;
+ }
+
+ trace_milkymist_ac97_memory_read(addr << 2, r);
+
+ return r;
+}
+
+static void ac97_write(void *opaque, hwaddr addr, uint64_t value,
+ unsigned size)
+{
+ MilkymistAC97State *s = opaque;
+
+ trace_milkymist_ac97_memory_write(addr, value);
+
+ addr >>= 2;
+ switch (addr) {
+ case R_AC97_CTRL:
+ /* always raise an IRQ according to the direction */
+ if (value & AC97_CTRL_RQEN) {
+ if (value & AC97_CTRL_WRITE) {
+ trace_milkymist_ac97_pulse_irq_crrequest();
+ qemu_irq_pulse(s->crrequest_irq);
+ } else {
+ trace_milkymist_ac97_pulse_irq_crreply();
+ qemu_irq_pulse(s->crreply_irq);
+ }
+ }
+
+ /* RQEN is self clearing */
+ s->regs[addr] = value & ~AC97_CTRL_RQEN;
+ break;
+ case R_D_CTRL:
+ case R_U_CTRL:
+ s->regs[addr] = value;
+ update_voices(s);
+ break;
+ case R_AC97_ADDR:
+ case R_AC97_DATAOUT:
+ case R_AC97_DATAIN:
+ case R_D_ADDR:
+ case R_D_REMAINING:
+ case R_U_ADDR:
+ case R_U_REMAINING:
+ s->regs[addr] = value;
+ break;
+
+ default:
+ error_report("milkymist_ac97: write access to unknown register 0x"
+ TARGET_FMT_plx, addr);
+ break;
+ }
+
+}
+
+static const MemoryRegionOps ac97_mmio_ops = {
+ .read = ac97_read,
+ .write = ac97_write,
+ .valid = {
+ .min_access_size = 4,
+ .max_access_size = 4,
+ },
+ .endianness = DEVICE_NATIVE_ENDIAN,
+};
+
+static void ac97_in_cb(void *opaque, int avail_b)
+{
+ MilkymistAC97State *s = opaque;
+ uint8_t buf[4096];
+ uint32_t remaining = s->regs[R_U_REMAINING];
+ int temp = audio_MIN(remaining, avail_b);
+ uint32_t addr = s->regs[R_U_ADDR];
+ int transferred = 0;
+
+ trace_milkymist_ac97_in_cb(avail_b, remaining);
+
+ /* prevent from raising an IRQ */
+ if (temp == 0) {
+ return;
+ }
+
+ while (temp) {
+ int acquired, to_copy;
+
+ to_copy = audio_MIN(temp, sizeof(buf));
+ acquired = AUD_read(s->voice_in, buf, to_copy);
+ if (!acquired) {
+ break;
+ }
+
+ cpu_physical_memory_write(addr, buf, acquired);
+
+ temp -= acquired;
+ addr += acquired;
+ transferred += acquired;
+ }
+
+ trace_milkymist_ac97_in_cb_transferred(transferred);
+
+ s->regs[R_U_ADDR] = addr;
+ s->regs[R_U_REMAINING] -= transferred;
+
+ if ((s->regs[R_U_CTRL] & CTRL_EN) && (s->regs[R_U_REMAINING] == 0)) {
+ trace_milkymist_ac97_pulse_irq_dmaw();
+ qemu_irq_pulse(s->dmaw_irq);
+ }
+}
+
+static void ac97_out_cb(void *opaque, int free_b)
+{
+ MilkymistAC97State *s = opaque;
+ uint8_t buf[4096];
+ uint32_t remaining = s->regs[R_D_REMAINING];
+ int temp = audio_MIN(remaining, free_b);
+ uint32_t addr = s->regs[R_D_ADDR];
+ int transferred = 0;
+
+ trace_milkymist_ac97_out_cb(free_b, remaining);
+
+ /* prevent from raising an IRQ */
+ if (temp == 0) {
+ return;
+ }
+
+ while (temp) {
+ int copied, to_copy;
+
+ to_copy = audio_MIN(temp, sizeof(buf));
+ cpu_physical_memory_read(addr, buf, to_copy);
+ copied = AUD_write(s->voice_out, buf, to_copy);
+ if (!copied) {
+ break;
+ }
+ temp -= copied;
+ addr += copied;
+ transferred += copied;
+ }
+
+ trace_milkymist_ac97_out_cb_transferred(transferred);
+
+ s->regs[R_D_ADDR] = addr;
+ s->regs[R_D_REMAINING] -= transferred;
+
+ if ((s->regs[R_D_CTRL] & CTRL_EN) && (s->regs[R_D_REMAINING] == 0)) {
+ trace_milkymist_ac97_pulse_irq_dmar();
+ qemu_irq_pulse(s->dmar_irq);
+ }
+}
+
+static void milkymist_ac97_reset(DeviceState *d)
+{
+ MilkymistAC97State *s = MILKYMIST_AC97(d);
+ int i;
+
+ for (i = 0; i < R_MAX; i++) {
+ s->regs[i] = 0;
+ }
+
+ AUD_set_active_in(s->voice_in, 0);
+ AUD_set_active_out(s->voice_out, 0);
+}
+
+static int ac97_post_load(void *opaque, int version_id)
+{
+ MilkymistAC97State *s = opaque;
+
+ update_voices(s);
+
+ return 0;
+}
+
+static int milkymist_ac97_init(SysBusDevice *dev)
+{
+ MilkymistAC97State *s = MILKYMIST_AC97(dev);
+
+ struct audsettings as;
+ sysbus_init_irq(dev, &s->crrequest_irq);
+ sysbus_init_irq(dev, &s->crreply_irq);
+ sysbus_init_irq(dev, &s->dmar_irq);
+ sysbus_init_irq(dev, &s->dmaw_irq);
+
+ AUD_register_card("Milkymist AC'97", &s->card);
+
+ as.freq = 48000;
+ as.nchannels = 2;
+ as.fmt = AUD_FMT_S16;
+ as.endianness = 1;
+
+ s->voice_in = AUD_open_in(&s->card, s->voice_in,
+ "mm_ac97.in", s, ac97_in_cb, &as);
+ s->voice_out = AUD_open_out(&s->card, s->voice_out,
+ "mm_ac97.out", s, ac97_out_cb, &as);
+
+ memory_region_init_io(&s->regs_region, OBJECT(s), &ac97_mmio_ops, s,
+ "milkymist-ac97", R_MAX * 4);
+ sysbus_init_mmio(dev, &s->regs_region);
+
+ return 0;
+}
+
+static const VMStateDescription vmstate_milkymist_ac97 = {
+ .name = "milkymist-ac97",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .minimum_version_id_old = 1,
+ .post_load = ac97_post_load,
+ .fields = (VMStateField[]) {
+ VMSTATE_UINT32_ARRAY(regs, MilkymistAC97State, R_MAX),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+static void milkymist_ac97_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
+
+ k->init = milkymist_ac97_init;
+ dc->reset = milkymist_ac97_reset;
+ dc->vmsd = &vmstate_milkymist_ac97;
+}
+
+static const TypeInfo milkymist_ac97_info = {
+ .name = TYPE_MILKYMIST_AC97,
+ .parent = TYPE_SYS_BUS_DEVICE,
+ .instance_size = sizeof(MilkymistAC97State),
+ .class_init = milkymist_ac97_class_init,
+};
+
+static void milkymist_ac97_register_types(void)
+{
+ type_register_static(&milkymist_ac97_info);
+}
+
+type_init(milkymist_ac97_register_types)
diff --git a/hw/audio/pcspk.c b/hw/audio/pcspk.c
new file mode 100644
index 000000000..9004ce3d1
--- /dev/null
+++ b/hw/audio/pcspk.c
@@ -0,0 +1,212 @@
+/*
+ * QEMU PC speaker emulation
+ *
+ * Copyright (c) 2006 Joachim Henke
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+#include "hw/hw.h"
+#include "hw/i386/pc.h"
+#include "hw/isa/isa.h"
+#include "hw/audio/audio.h"
+#include "audio/audio.h"
+#include "qemu/timer.h"
+#include "hw/timer/i8254.h"
+#include "hw/audio/pcspk.h"
+
+#define PCSPK_BUF_LEN 1792
+#define PCSPK_SAMPLE_RATE 32000
+#define PCSPK_MAX_FREQ (PCSPK_SAMPLE_RATE >> 1)
+#define PCSPK_MIN_COUNT ((PIT_FREQ + PCSPK_MAX_FREQ - 1) / PCSPK_MAX_FREQ)
+
+#define PC_SPEAKER(obj) OBJECT_CHECK(PCSpkState, (obj), TYPE_PC_SPEAKER)
+
+typedef struct {
+ ISADevice parent_obj;
+
+ MemoryRegion ioport;
+ uint32_t iobase;
+ uint8_t sample_buf[PCSPK_BUF_LEN];
+ QEMUSoundCard card;
+ SWVoiceOut *voice;
+ void *pit;
+ unsigned int pit_count;
+ unsigned int samples;
+ unsigned int play_pos;
+ int data_on;
+ int dummy_refresh_clock;
+} PCSpkState;
+
+static const char *s_spk = "pcspk";
+static PCSpkState *pcspk_state;
+
+static inline void generate_samples(PCSpkState *s)
+{
+ unsigned int i;
+
+ if (s->pit_count) {
+ const uint32_t m = PCSPK_SAMPLE_RATE * s->pit_count;
+ const uint32_t n = ((uint64_t)PIT_FREQ << 32) / m;
+
+ /* multiple of wavelength for gapless looping */
+ s->samples = (PCSPK_BUF_LEN * PIT_FREQ / m * m / (PIT_FREQ >> 1) + 1) >> 1;
+ for (i = 0; i < s->samples; ++i)
+ s->sample_buf[i] = (64 & (n * i >> 25)) - 32;
+ } else {
+ s->samples = PCSPK_BUF_LEN;
+ for (i = 0; i < PCSPK_BUF_LEN; ++i)
+ s->sample_buf[i] = 128; /* silence */
+ }
+}
+
+static void pcspk_callback(void *opaque, int free)
+{
+ PCSpkState *s = opaque;
+ PITChannelInfo ch;
+ unsigned int n;
+
+ pit_get_channel_info(s->pit, 2, &ch);
+
+ if (ch.mode != 3) {
+ return;
+ }
+
+ n = ch.initial_count;
+ /* avoid frequencies that are not reproducible with sample rate */
+ if (n < PCSPK_MIN_COUNT)
+ n = 0;
+
+ if (s->pit_count != n) {
+ s->pit_count = n;
+ s->play_pos = 0;
+ generate_samples(s);
+ }
+
+ while (free > 0) {
+ n = audio_MIN(s->samples - s->play_pos, (unsigned int)free);
+ n = AUD_write(s->voice, &s->sample_buf[s->play_pos], n);
+ if (!n)
+ break;
+ s->play_pos = (s->play_pos + n) % s->samples;
+ free -= n;
+ }
+}
+
+static int pcspk_audio_init(ISABus *bus)
+{
+ PCSpkState *s = pcspk_state;
+ struct audsettings as = {PCSPK_SAMPLE_RATE, 1, AUD_FMT_U8, 0};
+
+ AUD_register_card(s_spk, &s->card);
+
+ s->voice = AUD_open_out(&s->card, s->voice, s_spk, s, pcspk_callback, &as);
+ if (!s->voice) {
+ AUD_log(s_spk, "Could not open voice\n");
+ return -1;
+ }
+
+ return 0;
+}
+
+static uint64_t pcspk_io_read(void *opaque, hwaddr addr,
+ unsigned size)
+{
+ PCSpkState *s = opaque;
+ PITChannelInfo ch;
+
+ pit_get_channel_info(s->pit, 2, &ch);
+
+ s->dummy_refresh_clock ^= (1 << 4);
+
+ return ch.gate | (s->data_on << 1) | s->dummy_refresh_clock |
+ (ch.out << 5);
+}
+
+static void pcspk_io_write(void *opaque, hwaddr addr, uint64_t val,
+ unsigned size)
+{
+ PCSpkState *s = opaque;
+ const int gate = val & 1;
+
+ s->data_on = (val >> 1) & 1;
+ pit_set_gate(s->pit, 2, gate);
+ if (s->voice) {
+ if (gate) /* restart */
+ s->play_pos = 0;
+ AUD_set_active_out(s->voice, gate & s->data_on);
+ }
+}
+
+static const MemoryRegionOps pcspk_io_ops = {
+ .read = pcspk_io_read,
+ .write = pcspk_io_write,
+ .impl = {
+ .min_access_size = 1,
+ .max_access_size = 1,
+ },
+};
+
+static void pcspk_initfn(Object *obj)
+{
+ PCSpkState *s = PC_SPEAKER(obj);
+
+ memory_region_init_io(&s->ioport, OBJECT(s), &pcspk_io_ops, s, "elcr", 1);
+}
+
+static void pcspk_realizefn(DeviceState *dev, Error **errp)
+{
+ ISADevice *isadev = ISA_DEVICE(dev);
+ PCSpkState *s = PC_SPEAKER(dev);
+
+ isa_register_ioport(isadev, &s->ioport, s->iobase);
+
+ pcspk_state = s;
+}
+
+static Property pcspk_properties[] = {
+ DEFINE_PROP_HEX32("iobase", PCSpkState, iobase, -1),
+ DEFINE_PROP_PTR("pit", PCSpkState, pit),
+ DEFINE_PROP_END_OF_LIST(),
+};
+
+static void pcspk_class_initfn(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+
+ dc->realize = pcspk_realizefn;
+ set_bit(DEVICE_CATEGORY_SOUND, dc->categories);
+ dc->no_user = 1;
+ dc->props = pcspk_properties;
+}
+
+static const TypeInfo pcspk_info = {
+ .name = TYPE_PC_SPEAKER,
+ .parent = TYPE_ISA_DEVICE,
+ .instance_size = sizeof(PCSpkState),
+ .instance_init = pcspk_initfn,
+ .class_init = pcspk_class_initfn,
+};
+
+static void pcspk_register(void)
+{
+ type_register_static(&pcspk_info);
+ isa_register_soundhw("pcspk", "PC speaker", pcspk_audio_init);
+}
+type_init(pcspk_register)
diff --git a/hw/audio/pl041.c b/hw/audio/pl041.c
new file mode 100644
index 000000000..5393b520b
--- /dev/null
+++ b/hw/audio/pl041.c
@@ -0,0 +1,653 @@
+/*
+ * Arm PrimeCell PL041 Advanced Audio Codec Interface
+ *
+ * Copyright (c) 2011
+ * Written by Mathieu Sonet - www.elasticsheep.com
+ *
+ * This code is licensed under the GPL.
+ *
+ * *****************************************************************
+ *
+ * This driver emulates the ARM AACI interface
+ * connected to a LM4549 codec.
+ *
+ * Limitations:
+ * - Supports only a playback on one channel (Versatile/Vexpress)
+ * - Supports only one TX FIFO in compact-mode or non-compact mode.
+ * - Supports playback of 12, 16, 18 and 20 bits samples.
+ * - Record is not supported.
+ * - The PL041 is hardwired to a LM4549 codec.
+ *
+ */
+
+#include "hw/sysbus.h"
+
+#include "pl041.h"
+#include "lm4549.h"
+
+#if 0
+#define PL041_DEBUG_LEVEL 1
+#endif
+
+#if defined(PL041_DEBUG_LEVEL) && (PL041_DEBUG_LEVEL >= 1)
+#define DBG_L1(fmt, ...) \
+do { printf("pl041: " fmt , ## __VA_ARGS__); } while (0)
+#else
+#define DBG_L1(fmt, ...) \
+do { } while (0)
+#endif
+
+#if defined(PL041_DEBUG_LEVEL) && (PL041_DEBUG_LEVEL >= 2)
+#define DBG_L2(fmt, ...) \
+do { printf("pl041: " fmt , ## __VA_ARGS__); } while (0)
+#else
+#define DBG_L2(fmt, ...) \
+do { } while (0)
+#endif
+
+
+#define MAX_FIFO_DEPTH (1024)
+#define DEFAULT_FIFO_DEPTH (8)
+
+#define SLOT1_RW (1 << 19)
+
+/* This FIFO only stores 20-bit samples on 32-bit words.
+ So its level is independent of the selected mode */
+typedef struct {
+ uint32_t level;
+ uint32_t data[MAX_FIFO_DEPTH];
+} pl041_fifo;
+
+typedef struct {
+ pl041_fifo tx_fifo;
+ uint8_t tx_enabled;
+ uint8_t tx_compact_mode;
+ uint8_t tx_sample_size;
+
+ pl041_fifo rx_fifo;
+ uint8_t rx_enabled;
+ uint8_t rx_compact_mode;
+ uint8_t rx_sample_size;
+} pl041_channel;
+
+#define TYPE_PL041 "pl041"
+#define PL041(obj) OBJECT_CHECK(PL041State, (obj), TYPE_PL041)
+
+typedef struct PL041State {
+ SysBusDevice parent_obj;
+
+ MemoryRegion iomem;
+ qemu_irq irq;
+
+ uint32_t fifo_depth; /* FIFO depth in non-compact mode */
+
+ pl041_regfile regs;
+ pl041_channel fifo1;
+ lm4549_state codec;
+} PL041State;
+
+
+static const unsigned char pl041_default_id[8] = {
+ 0x41, 0x10, 0x04, 0x00, 0x0d, 0xf0, 0x05, 0xb1
+};
+
+#if defined(PL041_DEBUG_LEVEL)
+#define REGISTER(name, offset) #name,
+static const char *pl041_regs_name[] = {
+ #include "pl041.hx"
+};
+#undef REGISTER
+#endif
+
+
+#if defined(PL041_DEBUG_LEVEL)
+static const char *get_reg_name(hwaddr offset)
+{
+ if (offset <= PL041_dr1_7) {
+ return pl041_regs_name[offset >> 2];
+ }
+
+ return "unknown";
+}
+#endif
+
+static uint8_t pl041_compute_periphid3(PL041State *s)
+{
+ uint8_t id3 = 1; /* One channel */
+
+ /* Add the fifo depth information */
+ switch (s->fifo_depth) {
+ case 8:
+ id3 |= 0 << 3;
+ break;
+ case 32:
+ id3 |= 1 << 3;
+ break;
+ case 64:
+ id3 |= 2 << 3;
+ break;
+ case 128:
+ id3 |= 3 << 3;
+ break;
+ case 256:
+ id3 |= 4 << 3;
+ break;
+ case 512:
+ id3 |= 5 << 3;
+ break;
+ case 1024:
+ id3 |= 6 << 3;
+ break;
+ case 2048:
+ id3 |= 7 << 3;
+ break;
+ }
+
+ return id3;
+}
+
+static void pl041_reset(PL041State *s)
+{
+ DBG_L1("pl041_reset\n");
+
+ memset(&s->regs, 0x00, sizeof(pl041_regfile));
+
+ s->regs.slfr = SL1TXEMPTY | SL2TXEMPTY | SL12TXEMPTY;
+ s->regs.sr1 = TXFE | RXFE | TXHE;
+ s->regs.isr1 = 0;
+
+ memset(&s->fifo1, 0x00, sizeof(s->fifo1));
+}
+
+
+static void pl041_fifo1_write(PL041State *s, uint32_t value)
+{
+ pl041_channel *channel = &s->fifo1;
+ pl041_fifo *fifo = &s->fifo1.tx_fifo;
+
+ /* Push the value in the FIFO */
+ if (channel->tx_compact_mode == 0) {
+ /* Non-compact mode */
+
+ if (fifo->level < s->fifo_depth) {
+ /* Pad the value with 0 to obtain a 20-bit sample */
+ switch (channel->tx_sample_size) {
+ case 12:
+ value = (value << 8) & 0xFFFFF;
+ break;
+ case 16:
+ value = (value << 4) & 0xFFFFF;
+ break;
+ case 18:
+ value = (value << 2) & 0xFFFFF;
+ break;
+ case 20:
+ default:
+ break;
+ }
+
+ /* Store the sample in the FIFO */
+ fifo->data[fifo->level++] = value;
+ }
+#if defined(PL041_DEBUG_LEVEL)
+ else {
+ DBG_L1("fifo1 write: overrun\n");
+ }
+#endif
+ } else {
+ /* Compact mode */
+
+ if ((fifo->level + 2) < s->fifo_depth) {
+ uint32_t i = 0;
+ uint32_t sample = 0;
+
+ for (i = 0; i < 2; i++) {
+ sample = value & 0xFFFF;
+ value = value >> 16;
+
+ /* Pad each sample with 0 to obtain a 20-bit sample */
+ switch (channel->tx_sample_size) {
+ case 12:
+ sample = sample << 8;
+ break;
+ case 16:
+ default:
+ sample = sample << 4;
+ break;
+ }
+
+ /* Store the sample in the FIFO */
+ fifo->data[fifo->level++] = sample;
+ }
+ }
+#if defined(PL041_DEBUG_LEVEL)
+ else {
+ DBG_L1("fifo1 write: overrun\n");
+ }
+#endif
+ }
+
+ /* Update the status register */
+ if (fifo->level > 0) {
+ s->regs.sr1 &= ~(TXUNDERRUN | TXFE);
+ }
+
+ if (fifo->level >= (s->fifo_depth / 2)) {
+ s->regs.sr1 &= ~TXHE;
+ }
+
+ if (fifo->level >= s->fifo_depth) {
+ s->regs.sr1 |= TXFF;
+ }
+
+ DBG_L2("fifo1_push sr1 = 0x%08x\n", s->regs.sr1);
+}
+
+static void pl041_fifo1_transmit(PL041State *s)
+{
+ pl041_channel *channel = &s->fifo1;
+ pl041_fifo *fifo = &s->fifo1.tx_fifo;
+ uint32_t slots = s->regs.txcr1 & TXSLOT_MASK;
+ uint32_t written_samples;
+
+ /* Check if FIFO1 transmit is enabled */
+ if ((channel->tx_enabled) && (slots & (TXSLOT3 | TXSLOT4))) {
+ if (fifo->level >= (s->fifo_depth / 2)) {
+ int i;
+
+ DBG_L1("Transfer FIFO level = %i\n", fifo->level);
+
+ /* Try to transfer the whole FIFO */
+ for (i = 0; i < (fifo->level / 2); i++) {
+ uint32_t left = fifo->data[i * 2];
+ uint32_t right = fifo->data[i * 2 + 1];
+
+ /* Transmit two 20-bit samples to the codec */
+ if (lm4549_write_samples(&s->codec, left, right) == 0) {
+ DBG_L1("Codec buffer full\n");
+ break;
+ }
+ }
+
+ written_samples = i * 2;
+ if (written_samples > 0) {
+ /* Update the FIFO level */
+ fifo->level -= written_samples;
+
+ /* Move back the pending samples to the start of the FIFO */
+ for (i = 0; i < fifo->level; i++) {
+ fifo->data[i] = fifo->data[written_samples + i];
+ }
+
+ /* Update the status register */
+ s->regs.sr1 &= ~TXFF;
+
+ if (fifo->level <= (s->fifo_depth / 2)) {
+ s->regs.sr1 |= TXHE;
+ }
+
+ if (fifo->level == 0) {
+ s->regs.sr1 |= TXFE | TXUNDERRUN;
+ DBG_L1("Empty FIFO\n");
+ }
+ }
+ }
+ }
+}
+
+static void pl041_isr1_update(PL041State *s)
+{
+ /* Update ISR1 */
+ if (s->regs.sr1 & TXUNDERRUN) {
+ s->regs.isr1 |= URINTR;
+ } else {
+ s->regs.isr1 &= ~URINTR;
+ }
+
+ if (s->regs.sr1 & TXHE) {
+ s->regs.isr1 |= TXINTR;
+ } else {
+ s->regs.isr1 &= ~TXINTR;
+ }
+
+ if (!(s->regs.sr1 & TXBUSY) && (s->regs.sr1 & TXFE)) {
+ s->regs.isr1 |= TXCINTR;
+ } else {
+ s->regs.isr1 &= ~TXCINTR;
+ }
+
+ /* Update the irq state */
+ qemu_set_irq(s->irq, ((s->regs.isr1 & s->regs.ie1) > 0) ? 1 : 0);
+ DBG_L2("Set interrupt sr1 = 0x%08x isr1 = 0x%08x masked = 0x%08x\n",
+ s->regs.sr1, s->regs.isr1, s->regs.isr1 & s->regs.ie1);
+}
+
+static void pl041_request_data(void *opaque)
+{
+ PL041State *s = (PL041State *)opaque;
+
+ /* Trigger pending transfers */
+ pl041_fifo1_transmit(s);
+ pl041_isr1_update(s);
+}
+
+static uint64_t pl041_read(void *opaque, hwaddr offset,
+ unsigned size)
+{
+ PL041State *s = (PL041State *)opaque;
+ int value;
+
+ if ((offset >= PL041_periphid0) && (offset <= PL041_pcellid3)) {
+ if (offset == PL041_periphid3) {
+ value = pl041_compute_periphid3(s);
+ } else {
+ value = pl041_default_id[(offset - PL041_periphid0) >> 2];
+ }
+
+ DBG_L1("pl041_read [0x%08x] => 0x%08x\n", offset, value);
+ return value;
+ } else if (offset <= PL041_dr4_7) {
+ value = *((uint32_t *)&s->regs + (offset >> 2));
+ } else {
+ DBG_L1("pl041_read: Reserved offset %x\n", (int)offset);
+ return 0;
+ }
+
+ switch (offset) {
+ case PL041_allints:
+ value = s->regs.isr1 & 0x7F;
+ break;
+ }
+
+ DBG_L1("pl041_read [0x%08x] %s => 0x%08x\n", offset,
+ get_reg_name(offset), value);
+
+ return value;
+}
+
+static void pl041_write(void *opaque, hwaddr offset,
+ uint64_t value, unsigned size)
+{
+ PL041State *s = (PL041State *)opaque;
+ uint16_t control, data;
+ uint32_t result;
+
+ DBG_L1("pl041_write [0x%08x] %s <= 0x%08x\n", offset,
+ get_reg_name(offset), (unsigned int)value);
+
+ /* Write the register */
+ if (offset <= PL041_dr4_7) {
+ *((uint32_t *)&s->regs + (offset >> 2)) = value;
+ } else {
+ DBG_L1("pl041_write: Reserved offset %x\n", (int)offset);
+ return;
+ }
+
+ /* Execute the actions */
+ switch (offset) {
+ case PL041_txcr1:
+ {
+ pl041_channel *channel = &s->fifo1;
+
+ uint32_t txen = s->regs.txcr1 & TXEN;
+ uint32_t tsize = (s->regs.txcr1 & TSIZE_MASK) >> TSIZE_MASK_BIT;
+ uint32_t compact_mode = (s->regs.txcr1 & TXCOMPACT) ? 1 : 0;
+#if defined(PL041_DEBUG_LEVEL)
+ uint32_t slots = (s->regs.txcr1 & TXSLOT_MASK) >> TXSLOT_MASK_BIT;
+ uint32_t txfen = (s->regs.txcr1 & TXFEN) > 0 ? 1 : 0;
+#endif
+
+ DBG_L1("=> txen = %i slots = 0x%01x tsize = %i compact = %i "
+ "txfen = %i\n", txen, slots, tsize, compact_mode, txfen);
+
+ channel->tx_enabled = txen;
+ channel->tx_compact_mode = compact_mode;
+
+ switch (tsize) {
+ case 0:
+ channel->tx_sample_size = 16;
+ break;
+ case 1:
+ channel->tx_sample_size = 18;
+ break;
+ case 2:
+ channel->tx_sample_size = 20;
+ break;
+ case 3:
+ channel->tx_sample_size = 12;
+ break;
+ }
+
+ DBG_L1("TX enabled = %i\n", channel->tx_enabled);
+ DBG_L1("TX compact mode = %i\n", channel->tx_compact_mode);
+ DBG_L1("TX sample width = %i\n", channel->tx_sample_size);
+
+ /* Check if compact mode is allowed with selected tsize */
+ if (channel->tx_compact_mode == 1) {
+ if ((channel->tx_sample_size == 18) ||
+ (channel->tx_sample_size == 20)) {
+ channel->tx_compact_mode = 0;
+ DBG_L1("Compact mode not allowed with 18/20-bit sample size\n");
+ }
+ }
+
+ break;
+ }
+ case PL041_sl1tx:
+ s->regs.slfr &= ~SL1TXEMPTY;
+
+ control = (s->regs.sl1tx >> 12) & 0x7F;
+ data = (s->regs.sl2tx >> 4) & 0xFFFF;
+
+ if ((s->regs.sl1tx & SLOT1_RW) == 0) {
+ /* Write operation */
+ lm4549_write(&s->codec, control, data);
+ } else {
+ /* Read operation */
+ result = lm4549_read(&s->codec, control);
+
+ /* Store the returned value */
+ s->regs.sl1rx = s->regs.sl1tx & ~SLOT1_RW;
+ s->regs.sl2rx = result << 4;
+
+ s->regs.slfr &= ~(SL1RXBUSY | SL2RXBUSY);
+ s->regs.slfr |= SL1RXVALID | SL2RXVALID;
+ }
+ break;
+
+ case PL041_sl2tx:
+ s->regs.sl2tx = value;
+ s->regs.slfr &= ~SL2TXEMPTY;
+ break;
+
+ case PL041_intclr:
+ DBG_L1("=> Clear interrupt intclr = 0x%08x isr1 = 0x%08x\n",
+ s->regs.intclr, s->regs.isr1);
+
+ if (s->regs.intclr & TXUEC1) {
+ s->regs.sr1 &= ~TXUNDERRUN;
+ }
+ break;
+
+ case PL041_maincr:
+ {
+#if defined(PL041_DEBUG_LEVEL)
+ char debug[] = " AACIFE SL1RXEN SL1TXEN";
+ if (!(value & AACIFE)) {
+ debug[0] = '!';
+ }
+ if (!(value & SL1RXEN)) {
+ debug[8] = '!';
+ }
+ if (!(value & SL1TXEN)) {
+ debug[17] = '!';
+ }
+ DBG_L1("%s\n", debug);
+#endif
+
+ if ((s->regs.maincr & AACIFE) == 0) {
+ pl041_reset(s);
+ }
+ break;
+ }
+
+ case PL041_dr1_0:
+ case PL041_dr1_1:
+ case PL041_dr1_2:
+ case PL041_dr1_3:
+ pl041_fifo1_write(s, value);
+ break;
+ }
+
+ /* Transmit the FIFO content */
+ pl041_fifo1_transmit(s);
+
+ /* Update the ISR1 register */
+ pl041_isr1_update(s);
+}
+
+static void pl041_device_reset(DeviceState *d)
+{
+ PL041State *s = PL041(d);
+
+ pl041_reset(s);
+}
+
+static const MemoryRegionOps pl041_ops = {
+ .read = pl041_read,
+ .write = pl041_write,
+ .endianness = DEVICE_NATIVE_ENDIAN,
+};
+
+static int pl041_init(SysBusDevice *dev)
+{
+ PL041State *s = PL041(dev);
+
+ DBG_L1("pl041_init 0x%08x\n", (uint32_t)s);
+
+ /* Check the device properties */
+ switch (s->fifo_depth) {
+ case 8:
+ case 32:
+ case 64:
+ case 128:
+ case 256:
+ case 512:
+ case 1024:
+ case 2048:
+ break;
+ case 16:
+ default:
+ /* NC FIFO depth of 16 is not allowed because its id bits in
+ AACIPERIPHID3 overlap with the id for the default NC FIFO depth */
+ qemu_log_mask(LOG_UNIMP,
+ "pl041: unsupported non-compact fifo depth [%i]\n",
+ s->fifo_depth);
+ return -1;
+ }
+
+ /* Connect the device to the sysbus */
+ memory_region_init_io(&s->iomem, OBJECT(s), &pl041_ops, s, "pl041", 0x1000);
+ sysbus_init_mmio(dev, &s->iomem);
+ sysbus_init_irq(dev, &s->irq);
+
+ /* Init the codec */
+ lm4549_init(&s->codec, &pl041_request_data, (void *)s);
+
+ return 0;
+}
+
+static const VMStateDescription vmstate_pl041_regfile = {
+ .name = "pl041_regfile",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .minimum_version_id_old = 1,
+ .fields = (VMStateField[]) {
+#define REGISTER(name, offset) VMSTATE_UINT32(name, pl041_regfile),
+ #include "pl041.hx"
+#undef REGISTER
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+static const VMStateDescription vmstate_pl041_fifo = {
+ .name = "pl041_fifo",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .minimum_version_id_old = 1,
+ .fields = (VMStateField[]) {
+ VMSTATE_UINT32(level, pl041_fifo),
+ VMSTATE_UINT32_ARRAY(data, pl041_fifo, MAX_FIFO_DEPTH),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+static const VMStateDescription vmstate_pl041_channel = {
+ .name = "pl041_channel",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .minimum_version_id_old = 1,
+ .fields = (VMStateField[]) {
+ VMSTATE_STRUCT(tx_fifo, pl041_channel, 0,
+ vmstate_pl041_fifo, pl041_fifo),
+ VMSTATE_UINT8(tx_enabled, pl041_channel),
+ VMSTATE_UINT8(tx_compact_mode, pl041_channel),
+ VMSTATE_UINT8(tx_sample_size, pl041_channel),
+ VMSTATE_STRUCT(rx_fifo, pl041_channel, 0,
+ vmstate_pl041_fifo, pl041_fifo),
+ VMSTATE_UINT8(rx_enabled, pl041_channel),
+ VMSTATE_UINT8(rx_compact_mode, pl041_channel),
+ VMSTATE_UINT8(rx_sample_size, pl041_channel),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+static const VMStateDescription vmstate_pl041 = {
+ .name = "pl041",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .fields = (VMStateField[]) {
+ VMSTATE_UINT32(fifo_depth, PL041State),
+ VMSTATE_STRUCT(regs, PL041State, 0,
+ vmstate_pl041_regfile, pl041_regfile),
+ VMSTATE_STRUCT(fifo1, PL041State, 0,
+ vmstate_pl041_channel, pl041_channel),
+ VMSTATE_STRUCT(codec, PL041State, 0,
+ vmstate_lm4549_state, lm4549_state),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+static Property pl041_device_properties[] = {
+ /* Non-compact FIFO depth property */
+ DEFINE_PROP_UINT32("nc_fifo_depth", PL041State, fifo_depth,
+ DEFAULT_FIFO_DEPTH),
+ DEFINE_PROP_END_OF_LIST(),
+};
+
+static void pl041_device_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
+
+ k->init = pl041_init;
+ set_bit(DEVICE_CATEGORY_SOUND, dc->categories);
+ dc->no_user = 1;
+ dc->reset = pl041_device_reset;
+ dc->vmsd = &vmstate_pl041;
+ dc->props = pl041_device_properties;
+}
+
+static const TypeInfo pl041_device_info = {
+ .name = TYPE_PL041,
+ .parent = TYPE_SYS_BUS_DEVICE,
+ .instance_size = sizeof(PL041State),
+ .class_init = pl041_device_class_init,
+};
+
+static void pl041_register_types(void)
+{
+ type_register_static(&pl041_device_info);
+}
+
+type_init(pl041_register_types)
diff --git a/hw/pl041.h b/hw/audio/pl041.h
index 427ab6d6f..427ab6d6f 100644
--- a/hw/pl041.h
+++ b/hw/audio/pl041.h
diff --git a/hw/pl041.hx b/hw/audio/pl041.hx
index dd7188cbc..dd7188cbc 100644
--- a/hw/pl041.hx
+++ b/hw/audio/pl041.hx
diff --git a/hw/audio/sb16.c b/hw/audio/sb16.c
new file mode 100644
index 000000000..3e586888e
--- /dev/null
+++ b/hw/audio/sb16.c
@@ -0,0 +1,1435 @@
+/*
+ * QEMU Soundblaster 16 emulation
+ *
+ * Copyright (c) 2003-2005 Vassili Karpov (malc)
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+#include "hw/hw.h"
+#include "hw/audio/audio.h"
+#include "audio/audio.h"
+#include "hw/isa/isa.h"
+#include "hw/qdev.h"
+#include "qemu/timer.h"
+#include "qemu/host-utils.h"
+
+#define dolog(...) AUD_log ("sb16", __VA_ARGS__)
+
+/* #define DEBUG */
+/* #define DEBUG_SB16_MOST */
+
+#ifdef DEBUG
+#define ldebug(...) dolog (__VA_ARGS__)
+#else
+#define ldebug(...)
+#endif
+
+#define IO_READ_PROTO(name) \
+ uint32_t name (void *opaque, uint32_t nport)
+#define IO_WRITE_PROTO(name) \
+ void name (void *opaque, uint32_t nport, uint32_t val)
+
+static const char e3[] = "COPYRIGHT (C) CREATIVE TECHNOLOGY LTD, 1992.";
+
+#define TYPE_SB16 "sb16"
+#define SB16(obj) OBJECT_CHECK (SB16State, (obj), TYPE_SB16)
+
+typedef struct SB16State {
+ ISADevice parent_obj;
+
+ QEMUSoundCard card;
+ qemu_irq pic;
+ uint32_t irq;
+ uint32_t dma;
+ uint32_t hdma;
+ uint32_t port;
+ uint32_t ver;
+
+ int in_index;
+ int out_data_len;
+ int fmt_stereo;
+ int fmt_signed;
+ int fmt_bits;
+ audfmt_e fmt;
+ int dma_auto;
+ int block_size;
+ int fifo;
+ int freq;
+ int time_const;
+ int speaker;
+ int needed_bytes;
+ int cmd;
+ int use_hdma;
+ int highspeed;
+ int can_write;
+
+ int v2x6;
+
+ uint8_t csp_param;
+ uint8_t csp_value;
+ uint8_t csp_mode;
+ uint8_t csp_regs[256];
+ uint8_t csp_index;
+ uint8_t csp_reg83[4];
+ int csp_reg83r;
+ int csp_reg83w;
+
+ uint8_t in2_data[10];
+ uint8_t out_data[50];
+ uint8_t test_reg;
+ uint8_t last_read_byte;
+ int nzero;
+
+ int left_till_irq;
+
+ int dma_running;
+ int bytes_per_second;
+ int align;
+ int audio_free;
+ SWVoiceOut *voice;
+
+ QEMUTimer *aux_ts;
+ /* mixer state */
+ int mixer_nreg;
+ uint8_t mixer_regs[256];
+} SB16State;
+
+static void SB_audio_callback (void *opaque, int free);
+
+static int magic_of_irq (int irq)
+{
+ switch (irq) {
+ case 5:
+ return 2;
+ case 7:
+ return 4;
+ case 9:
+ return 1;
+ case 10:
+ return 8;
+ default:
+ dolog ("bad irq %d\n", irq);
+ return 2;
+ }
+}
+
+static int irq_of_magic (int magic)
+{
+ switch (magic) {
+ case 1:
+ return 9;
+ case 2:
+ return 5;
+ case 4:
+ return 7;
+ case 8:
+ return 10;
+ default:
+ dolog ("bad irq magic %d\n", magic);
+ return -1;
+ }
+}
+
+#if 0
+static void log_dsp (SB16State *dsp)
+{
+ ldebug ("%s:%s:%d:%s:dmasize=%d:freq=%d:const=%d:speaker=%d\n",
+ dsp->fmt_stereo ? "Stereo" : "Mono",
+ dsp->fmt_signed ? "Signed" : "Unsigned",
+ dsp->fmt_bits,
+ dsp->dma_auto ? "Auto" : "Single",
+ dsp->block_size,
+ dsp->freq,
+ dsp->time_const,
+ dsp->speaker);
+}
+#endif
+
+static void speaker (SB16State *s, int on)
+{
+ s->speaker = on;
+ /* AUD_enable (s->voice, on); */
+}
+
+static void control (SB16State *s, int hold)
+{
+ int dma = s->use_hdma ? s->hdma : s->dma;
+ s->dma_running = hold;
+
+ ldebug ("hold %d high %d dma %d\n", hold, s->use_hdma, dma);
+
+ if (hold) {
+ DMA_hold_DREQ (dma);
+ AUD_set_active_out (s->voice, 1);
+ }
+ else {
+ DMA_release_DREQ (dma);
+ AUD_set_active_out (s->voice, 0);
+ }
+}
+
+static void aux_timer (void *opaque)
+{
+ SB16State *s = opaque;
+ s->can_write = 1;
+ qemu_irq_raise (s->pic);
+}
+
+#define DMA8_AUTO 1
+#define DMA8_HIGH 2
+
+static void continue_dma8 (SB16State *s)
+{
+ if (s->freq > 0) {
+ struct audsettings as;
+
+ s->audio_free = 0;
+
+ as.freq = s->freq;
+ as.nchannels = 1 << s->fmt_stereo;
+ as.fmt = s->fmt;
+ as.endianness = 0;
+
+ s->voice = AUD_open_out (
+ &s->card,
+ s->voice,
+ "sb16",
+ s,
+ SB_audio_callback,
+ &as
+ );
+ }
+
+ control (s, 1);
+}
+
+static void dma_cmd8 (SB16State *s, int mask, int dma_len)
+{
+ s->fmt = AUD_FMT_U8;
+ s->use_hdma = 0;
+ s->fmt_bits = 8;
+ s->fmt_signed = 0;
+ s->fmt_stereo = (s->mixer_regs[0x0e] & 2) != 0;
+ if (-1 == s->time_const) {
+ if (s->freq <= 0)
+ s->freq = 11025;
+ }
+ else {
+ int tmp = (256 - s->time_const);
+ s->freq = (1000000 + (tmp / 2)) / tmp;
+ }
+
+ if (dma_len != -1) {
+ s->block_size = dma_len << s->fmt_stereo;
+ }
+ else {
+ /* This is apparently the only way to make both Act1/PL
+ and SecondReality/FC work
+
+ Act1 sets block size via command 0x48 and it's an odd number
+ SR does the same with even number
+ Both use stereo, and Creatives own documentation states that
+ 0x48 sets block size in bytes less one.. go figure */
+ s->block_size &= ~s->fmt_stereo;
+ }
+
+ s->freq >>= s->fmt_stereo;
+ s->left_till_irq = s->block_size;
+ s->bytes_per_second = (s->freq << s->fmt_stereo);
+ /* s->highspeed = (mask & DMA8_HIGH) != 0; */
+ s->dma_auto = (mask & DMA8_AUTO) != 0;
+ s->align = (1 << s->fmt_stereo) - 1;
+
+ if (s->block_size & s->align) {
+ dolog ("warning: misaligned block size %d, alignment %d\n",
+ s->block_size, s->align + 1);
+ }
+
+ ldebug ("freq %d, stereo %d, sign %d, bits %d, "
+ "dma %d, auto %d, fifo %d, high %d\n",
+ s->freq, s->fmt_stereo, s->fmt_signed, s->fmt_bits,
+ s->block_size, s->dma_auto, s->fifo, s->highspeed);
+
+ continue_dma8 (s);
+ speaker (s, 1);
+}
+
+static void dma_cmd (SB16State *s, uint8_t cmd, uint8_t d0, int dma_len)
+{
+ s->use_hdma = cmd < 0xc0;
+ s->fifo = (cmd >> 1) & 1;
+ s->dma_auto = (cmd >> 2) & 1;
+ s->fmt_signed = (d0 >> 4) & 1;
+ s->fmt_stereo = (d0 >> 5) & 1;
+
+ switch (cmd >> 4) {
+ case 11:
+ s->fmt_bits = 16;
+ break;
+
+ case 12:
+ s->fmt_bits = 8;
+ break;
+ }
+
+ if (-1 != s->time_const) {
+#if 1
+ int tmp = 256 - s->time_const;
+ s->freq = (1000000 + (tmp / 2)) / tmp;
+#else
+ /* s->freq = 1000000 / ((255 - s->time_const) << s->fmt_stereo); */
+ s->freq = 1000000 / ((255 - s->time_const));
+#endif
+ s->time_const = -1;
+ }
+
+ s->block_size = dma_len + 1;
+ s->block_size <<= (s->fmt_bits == 16);
+ if (!s->dma_auto) {
+ /* It is clear that for DOOM and auto-init this value
+ shouldn't take stereo into account, while Miles Sound Systems
+ setsound.exe with single transfer mode wouldn't work without it
+ wonders of SB16 yet again */
+ s->block_size <<= s->fmt_stereo;
+ }
+
+ ldebug ("freq %d, stereo %d, sign %d, bits %d, "
+ "dma %d, auto %d, fifo %d, high %d\n",
+ s->freq, s->fmt_stereo, s->fmt_signed, s->fmt_bits,
+ s->block_size, s->dma_auto, s->fifo, s->highspeed);
+
+ if (16 == s->fmt_bits) {
+ if (s->fmt_signed) {
+ s->fmt = AUD_FMT_S16;
+ }
+ else {
+ s->fmt = AUD_FMT_U16;
+ }
+ }
+ else {
+ if (s->fmt_signed) {
+ s->fmt = AUD_FMT_S8;
+ }
+ else {
+ s->fmt = AUD_FMT_U8;
+ }
+ }
+
+ s->left_till_irq = s->block_size;
+
+ s->bytes_per_second = (s->freq << s->fmt_stereo) << (s->fmt_bits == 16);
+ s->highspeed = 0;
+ s->align = (1 << (s->fmt_stereo + (s->fmt_bits == 16))) - 1;
+ if (s->block_size & s->align) {
+ dolog ("warning: misaligned block size %d, alignment %d\n",
+ s->block_size, s->align + 1);
+ }
+
+ if (s->freq) {
+ struct audsettings as;
+
+ s->audio_free = 0;
+
+ as.freq = s->freq;
+ as.nchannels = 1 << s->fmt_stereo;
+ as.fmt = s->fmt;
+ as.endianness = 0;
+
+ s->voice = AUD_open_out (
+ &s->card,
+ s->voice,
+ "sb16",
+ s,
+ SB_audio_callback,
+ &as
+ );
+ }
+
+ control (s, 1);
+ speaker (s, 1);
+}
+
+static inline void dsp_out_data (SB16State *s, uint8_t val)
+{
+ ldebug ("outdata %#x\n", val);
+ if ((size_t) s->out_data_len < sizeof (s->out_data)) {
+ s->out_data[s->out_data_len++] = val;
+ }
+}
+
+static inline uint8_t dsp_get_data (SB16State *s)
+{
+ if (s->in_index) {
+ return s->in2_data[--s->in_index];
+ }
+ else {
+ dolog ("buffer underflow\n");
+ return 0;
+ }
+}
+
+static void command (SB16State *s, uint8_t cmd)
+{
+ ldebug ("command %#x\n", cmd);
+
+ if (cmd > 0xaf && cmd < 0xd0) {
+ if (cmd & 8) {
+ dolog ("ADC not yet supported (command %#x)\n", cmd);
+ }
+
+ switch (cmd >> 4) {
+ case 11:
+ case 12:
+ break;
+ default:
+ dolog ("%#x wrong bits\n", cmd);
+ }
+ s->needed_bytes = 3;
+ }
+ else {
+ s->needed_bytes = 0;
+
+ switch (cmd) {
+ case 0x03:
+ dsp_out_data (s, 0x10); /* s->csp_param); */
+ goto warn;
+
+ case 0x04:
+ s->needed_bytes = 1;
+ goto warn;
+
+ case 0x05:
+ s->needed_bytes = 2;
+ goto warn;
+
+ case 0x08:
+ /* __asm__ ("int3"); */
+ goto warn;
+
+ case 0x0e:
+ s->needed_bytes = 2;
+ goto warn;
+
+ case 0x09:
+ dsp_out_data (s, 0xf8);
+ goto warn;
+
+ case 0x0f:
+ s->needed_bytes = 1;
+ goto warn;
+
+ case 0x10:
+ s->needed_bytes = 1;
+ goto warn;
+
+ case 0x14:
+ s->needed_bytes = 2;
+ s->block_size = 0;
+ break;
+
+ case 0x1c: /* Auto-Initialize DMA DAC, 8-bit */
+ dma_cmd8 (s, DMA8_AUTO, -1);
+ break;
+
+ case 0x20: /* Direct ADC, Juice/PL */
+ dsp_out_data (s, 0xff);
+ goto warn;
+
+ case 0x35:
+ dolog ("0x35 - MIDI command not implemented\n");
+ break;
+
+ case 0x40:
+ s->freq = -1;
+ s->time_const = -1;
+ s->needed_bytes = 1;
+ break;
+
+ case 0x41:
+ s->freq = -1;
+ s->time_const = -1;
+ s->needed_bytes = 2;
+ break;
+
+ case 0x42:
+ s->freq = -1;
+ s->time_const = -1;
+ s->needed_bytes = 2;
+ goto warn;
+
+ case 0x45:
+ dsp_out_data (s, 0xaa);
+ goto warn;
+
+ case 0x47: /* Continue Auto-Initialize DMA 16bit */
+ break;
+
+ case 0x48:
+ s->needed_bytes = 2;
+ break;
+
+ case 0x74:
+ s->needed_bytes = 2; /* DMA DAC, 4-bit ADPCM */
+ dolog ("0x75 - DMA DAC, 4-bit ADPCM not implemented\n");
+ break;
+
+ case 0x75: /* DMA DAC, 4-bit ADPCM Reference */
+ s->needed_bytes = 2;
+ dolog ("0x74 - DMA DAC, 4-bit ADPCM Reference not implemented\n");
+ break;
+
+ case 0x76: /* DMA DAC, 2.6-bit ADPCM */
+ s->needed_bytes = 2;
+ dolog ("0x74 - DMA DAC, 2.6-bit ADPCM not implemented\n");
+ break;
+
+ case 0x77: /* DMA DAC, 2.6-bit ADPCM Reference */
+ s->needed_bytes = 2;
+ dolog ("0x74 - DMA DAC, 2.6-bit ADPCM Reference not implemented\n");
+ break;
+
+ case 0x7d:
+ dolog ("0x7d - Autio-Initialize DMA DAC, 4-bit ADPCM Reference\n");
+ dolog ("not implemented\n");
+ break;
+
+ case 0x7f:
+ dolog (
+ "0x7d - Autio-Initialize DMA DAC, 2.6-bit ADPCM Reference\n"
+ );
+ dolog ("not implemented\n");
+ break;
+
+ case 0x80:
+ s->needed_bytes = 2;
+ break;
+
+ case 0x90:
+ case 0x91:
+ dma_cmd8 (s, ((cmd & 1) == 0) | DMA8_HIGH, -1);
+ break;
+
+ case 0xd0: /* halt DMA operation. 8bit */
+ control (s, 0);
+ break;
+
+ case 0xd1: /* speaker on */
+ speaker (s, 1);
+ break;
+
+ case 0xd3: /* speaker off */
+ speaker (s, 0);
+ break;
+
+ case 0xd4: /* continue DMA operation. 8bit */
+ /* KQ6 (or maybe Sierras audblst.drv in general) resets
+ the frequency between halt/continue */
+ continue_dma8 (s);
+ break;
+
+ case 0xd5: /* halt DMA operation. 16bit */
+ control (s, 0);
+ break;
+
+ case 0xd6: /* continue DMA operation. 16bit */
+ control (s, 1);
+ break;
+
+ case 0xd9: /* exit auto-init DMA after this block. 16bit */
+ s->dma_auto = 0;
+ break;
+
+ case 0xda: /* exit auto-init DMA after this block. 8bit */
+ s->dma_auto = 0;
+ break;
+
+ case 0xe0: /* DSP identification */
+ s->needed_bytes = 1;
+ break;
+
+ case 0xe1:
+ dsp_out_data (s, s->ver & 0xff);
+ dsp_out_data (s, s->ver >> 8);
+ break;
+
+ case 0xe2:
+ s->needed_bytes = 1;
+ goto warn;
+
+ case 0xe3:
+ {
+ int i;
+ for (i = sizeof (e3) - 1; i >= 0; --i)
+ dsp_out_data (s, e3[i]);
+ }
+ break;
+
+ case 0xe4: /* write test reg */
+ s->needed_bytes = 1;
+ break;
+
+ case 0xe7:
+ dolog ("Attempt to probe for ESS (0xe7)?\n");
+ break;
+
+ case 0xe8: /* read test reg */
+ dsp_out_data (s, s->test_reg);
+ break;
+
+ case 0xf2:
+ case 0xf3:
+ dsp_out_data (s, 0xaa);
+ s->mixer_regs[0x82] |= (cmd == 0xf2) ? 1 : 2;
+ qemu_irq_raise (s->pic);
+ break;
+
+ case 0xf9:
+ s->needed_bytes = 1;
+ goto warn;
+
+ case 0xfa:
+ dsp_out_data (s, 0);
+ goto warn;
+
+ case 0xfc: /* FIXME */
+ dsp_out_data (s, 0);
+ goto warn;
+
+ default:
+ dolog ("Unrecognized command %#x\n", cmd);
+ break;
+ }
+ }
+
+ if (!s->needed_bytes) {
+ ldebug ("\n");
+ }
+
+ exit:
+ if (!s->needed_bytes) {
+ s->cmd = -1;
+ }
+ else {
+ s->cmd = cmd;
+ }
+ return;
+
+ warn:
+ dolog ("warning: command %#x,%d is not truly understood yet\n",
+ cmd, s->needed_bytes);
+ goto exit;
+
+}
+
+static uint16_t dsp_get_lohi (SB16State *s)
+{
+ uint8_t hi = dsp_get_data (s);
+ uint8_t lo = dsp_get_data (s);
+ return (hi << 8) | lo;
+}
+
+static uint16_t dsp_get_hilo (SB16State *s)
+{
+ uint8_t lo = dsp_get_data (s);
+ uint8_t hi = dsp_get_data (s);
+ return (hi << 8) | lo;
+}
+
+static void complete (SB16State *s)
+{
+ int d0, d1, d2;
+ ldebug ("complete command %#x, in_index %d, needed_bytes %d\n",
+ s->cmd, s->in_index, s->needed_bytes);
+
+ if (s->cmd > 0xaf && s->cmd < 0xd0) {
+ d2 = dsp_get_data (s);
+ d1 = dsp_get_data (s);
+ d0 = dsp_get_data (s);
+
+ if (s->cmd & 8) {
+ dolog ("ADC params cmd = %#x d0 = %d, d1 = %d, d2 = %d\n",
+ s->cmd, d0, d1, d2);
+ }
+ else {
+ ldebug ("cmd = %#x d0 = %d, d1 = %d, d2 = %d\n",
+ s->cmd, d0, d1, d2);
+ dma_cmd (s, s->cmd, d0, d1 + (d2 << 8));
+ }
+ }
+ else {
+ switch (s->cmd) {
+ case 0x04:
+ s->csp_mode = dsp_get_data (s);
+ s->csp_reg83r = 0;
+ s->csp_reg83w = 0;
+ ldebug ("CSP command 0x04: mode=%#x\n", s->csp_mode);
+ break;
+
+ case 0x05:
+ s->csp_param = dsp_get_data (s);
+ s->csp_value = dsp_get_data (s);
+ ldebug ("CSP command 0x05: param=%#x value=%#x\n",
+ s->csp_param,
+ s->csp_value);
+ break;
+
+ case 0x0e:
+ d0 = dsp_get_data (s);
+ d1 = dsp_get_data (s);
+ ldebug ("write CSP register %d <- %#x\n", d1, d0);
+ if (d1 == 0x83) {
+ ldebug ("0x83[%d] <- %#x\n", s->csp_reg83r, d0);
+ s->csp_reg83[s->csp_reg83r % 4] = d0;
+ s->csp_reg83r += 1;
+ }
+ else {
+ s->csp_regs[d1] = d0;
+ }
+ break;
+
+ case 0x0f:
+ d0 = dsp_get_data (s);
+ ldebug ("read CSP register %#x -> %#x, mode=%#x\n",
+ d0, s->csp_regs[d0], s->csp_mode);
+ if (d0 == 0x83) {
+ ldebug ("0x83[%d] -> %#x\n",
+ s->csp_reg83w,
+ s->csp_reg83[s->csp_reg83w % 4]);
+ dsp_out_data (s, s->csp_reg83[s->csp_reg83w % 4]);
+ s->csp_reg83w += 1;
+ }
+ else {
+ dsp_out_data (s, s->csp_regs[d0]);
+ }
+ break;
+
+ case 0x10:
+ d0 = dsp_get_data (s);
+ dolog ("cmd 0x10 d0=%#x\n", d0);
+ break;
+
+ case 0x14:
+ dma_cmd8 (s, 0, dsp_get_lohi (s) + 1);
+ break;
+
+ case 0x40:
+ s->time_const = dsp_get_data (s);
+ ldebug ("set time const %d\n", s->time_const);
+ break;
+
+ case 0x42: /* FT2 sets output freq with this, go figure */
+#if 0
+ dolog ("cmd 0x42 might not do what it think it should\n");
+#endif
+ case 0x41:
+ s->freq = dsp_get_hilo (s);
+ ldebug ("set freq %d\n", s->freq);
+ break;
+
+ case 0x48:
+ s->block_size = dsp_get_lohi (s) + 1;
+ ldebug ("set dma block len %d\n", s->block_size);
+ break;
+
+ case 0x74:
+ case 0x75:
+ case 0x76:
+ case 0x77:
+ /* ADPCM stuff, ignore */
+ break;
+
+ case 0x80:
+ {
+ int freq, samples, bytes;
+ int64_t ticks;
+
+ freq = s->freq > 0 ? s->freq : 11025;
+ samples = dsp_get_lohi (s) + 1;
+ bytes = samples << s->fmt_stereo << (s->fmt_bits == 16);
+ ticks = muldiv64 (bytes, get_ticks_per_sec (), freq);
+ if (ticks < get_ticks_per_sec () / 1024) {
+ qemu_irq_raise (s->pic);
+ }
+ else {
+ if (s->aux_ts) {
+ qemu_mod_timer (
+ s->aux_ts,
+ qemu_get_clock_ns (vm_clock) + ticks
+ );
+ }
+ }
+ ldebug ("mix silence %d %d %" PRId64 "\n", samples, bytes, ticks);
+ }
+ break;
+
+ case 0xe0:
+ d0 = dsp_get_data (s);
+ s->out_data_len = 0;
+ ldebug ("E0 data = %#x\n", d0);
+ dsp_out_data (s, ~d0);
+ break;
+
+ case 0xe2:
+#ifdef DEBUG
+ d0 = dsp_get_data (s);
+ dolog ("E2 = %#x\n", d0);
+#endif
+ break;
+
+ case 0xe4:
+ s->test_reg = dsp_get_data (s);
+ break;
+
+ case 0xf9:
+ d0 = dsp_get_data (s);
+ ldebug ("command 0xf9 with %#x\n", d0);
+ switch (d0) {
+ case 0x0e:
+ dsp_out_data (s, 0xff);
+ break;
+
+ case 0x0f:
+ dsp_out_data (s, 0x07);
+ break;
+
+ case 0x37:
+ dsp_out_data (s, 0x38);
+ break;
+
+ default:
+ dsp_out_data (s, 0x00);
+ break;
+ }
+ break;
+
+ default:
+ dolog ("complete: unrecognized command %#x\n", s->cmd);
+ return;
+ }
+ }
+
+ ldebug ("\n");
+ s->cmd = -1;
+}
+
+static void legacy_reset (SB16State *s)
+{
+ struct audsettings as;
+
+ s->freq = 11025;
+ s->fmt_signed = 0;
+ s->fmt_bits = 8;
+ s->fmt_stereo = 0;
+
+ as.freq = s->freq;
+ as.nchannels = 1;
+ as.fmt = AUD_FMT_U8;
+ as.endianness = 0;
+
+ s->voice = AUD_open_out (
+ &s->card,
+ s->voice,
+ "sb16",
+ s,
+ SB_audio_callback,
+ &as
+ );
+
+ /* Not sure about that... */
+ /* AUD_set_active_out (s->voice, 1); */
+}
+
+static void reset (SB16State *s)
+{
+ qemu_irq_lower (s->pic);
+ if (s->dma_auto) {
+ qemu_irq_raise (s->pic);
+ qemu_irq_lower (s->pic);
+ }
+
+ s->mixer_regs[0x82] = 0;
+ s->dma_auto = 0;
+ s->in_index = 0;
+ s->out_data_len = 0;
+ s->left_till_irq = 0;
+ s->needed_bytes = 0;
+ s->block_size = -1;
+ s->nzero = 0;
+ s->highspeed = 0;
+ s->v2x6 = 0;
+ s->cmd = -1;
+
+ dsp_out_data (s, 0xaa);
+ speaker (s, 0);
+ control (s, 0);
+ legacy_reset (s);
+}
+
+static IO_WRITE_PROTO (dsp_write)
+{
+ SB16State *s = opaque;
+ int iport;
+
+ iport = nport - s->port;
+
+ ldebug ("write %#x <- %#x\n", nport, val);
+ switch (iport) {
+ case 0x06:
+ switch (val) {
+ case 0x00:
+ if (s->v2x6 == 1) {
+ reset (s);
+ }
+ s->v2x6 = 0;
+ break;
+
+ case 0x01:
+ case 0x03: /* FreeBSD kludge */
+ s->v2x6 = 1;
+ break;
+
+ case 0xc6:
+ s->v2x6 = 0; /* Prince of Persia, csp.sys, diagnose.exe */
+ break;
+
+ case 0xb8: /* Panic */
+ reset (s);
+ break;
+
+ case 0x39:
+ dsp_out_data (s, 0x38);
+ reset (s);
+ s->v2x6 = 0x39;
+ break;
+
+ default:
+ s->v2x6 = val;
+ break;
+ }
+ break;
+
+ case 0x0c: /* write data or command | write status */
+/* if (s->highspeed) */
+/* break; */
+
+ if (0 == s->needed_bytes) {
+ command (s, val);
+#if 0
+ if (0 == s->needed_bytes) {
+ log_dsp (s);
+ }
+#endif
+ }
+ else {
+ if (s->in_index == sizeof (s->in2_data)) {
+ dolog ("in data overrun\n");
+ }
+ else {
+ s->in2_data[s->in_index++] = val;
+ if (s->in_index == s->needed_bytes) {
+ s->needed_bytes = 0;
+ complete (s);
+#if 0
+ log_dsp (s);
+#endif
+ }
+ }
+ }
+ break;
+
+ default:
+ ldebug ("(nport=%#x, val=%#x)\n", nport, val);
+ break;
+ }
+}
+
+static IO_READ_PROTO (dsp_read)
+{
+ SB16State *s = opaque;
+ int iport, retval, ack = 0;
+
+ iport = nport - s->port;
+
+ switch (iport) {
+ case 0x06: /* reset */
+ retval = 0xff;
+ break;
+
+ case 0x0a: /* read data */
+ if (s->out_data_len) {
+ retval = s->out_data[--s->out_data_len];
+ s->last_read_byte = retval;
+ }
+ else {
+ if (s->cmd != -1) {
+ dolog ("empty output buffer for command %#x\n",
+ s->cmd);
+ }
+ retval = s->last_read_byte;
+ /* goto error; */
+ }
+ break;
+
+ case 0x0c: /* 0 can write */
+ retval = s->can_write ? 0 : 0x80;
+ break;
+
+ case 0x0d: /* timer interrupt clear */
+ /* dolog ("timer interrupt clear\n"); */
+ retval = 0;
+ break;
+
+ case 0x0e: /* data available status | irq 8 ack */
+ retval = (!s->out_data_len || s->highspeed) ? 0 : 0x80;
+ if (s->mixer_regs[0x82] & 1) {
+ ack = 1;
+ s->mixer_regs[0x82] &= 1;
+ qemu_irq_lower (s->pic);
+ }
+ break;
+
+ case 0x0f: /* irq 16 ack */
+ retval = 0xff;
+ if (s->mixer_regs[0x82] & 2) {
+ ack = 1;
+ s->mixer_regs[0x82] &= 2;
+ qemu_irq_lower (s->pic);
+ }
+ break;
+
+ default:
+ goto error;
+ }
+
+ if (!ack) {
+ ldebug ("read %#x -> %#x\n", nport, retval);
+ }
+
+ return retval;
+
+ error:
+ dolog ("warning: dsp_read %#x error\n", nport);
+ return 0xff;
+}
+
+static void reset_mixer (SB16State *s)
+{
+ int i;
+
+ memset (s->mixer_regs, 0xff, 0x7f);
+ memset (s->mixer_regs + 0x83, 0xff, sizeof (s->mixer_regs) - 0x83);
+
+ s->mixer_regs[0x02] = 4; /* master volume 3bits */
+ s->mixer_regs[0x06] = 4; /* MIDI volume 3bits */
+ s->mixer_regs[0x08] = 0; /* CD volume 3bits */
+ s->mixer_regs[0x0a] = 0; /* voice volume 2bits */
+
+ /* d5=input filt, d3=lowpass filt, d1,d2=input source */
+ s->mixer_regs[0x0c] = 0;
+
+ /* d5=output filt, d1=stereo switch */
+ s->mixer_regs[0x0e] = 0;
+
+ /* voice volume L d5,d7, R d1,d3 */
+ s->mixer_regs[0x04] = (4 << 5) | (4 << 1);
+ /* master ... */
+ s->mixer_regs[0x22] = (4 << 5) | (4 << 1);
+ /* MIDI ... */
+ s->mixer_regs[0x26] = (4 << 5) | (4 << 1);
+
+ for (i = 0x30; i < 0x48; i++) {
+ s->mixer_regs[i] = 0x20;
+ }
+}
+
+static IO_WRITE_PROTO (mixer_write_indexb)
+{
+ SB16State *s = opaque;
+ (void) nport;
+ s->mixer_nreg = val;
+}
+
+static IO_WRITE_PROTO (mixer_write_datab)
+{
+ SB16State *s = opaque;
+
+ (void) nport;
+ ldebug ("mixer_write [%#x] <- %#x\n", s->mixer_nreg, val);
+
+ switch (s->mixer_nreg) {
+ case 0x00:
+ reset_mixer (s);
+ break;
+
+ case 0x80:
+ {
+ int irq = irq_of_magic (val);
+ ldebug ("setting irq to %d (val=%#x)\n", irq, val);
+ if (irq > 0) {
+ s->irq = irq;
+ }
+ }
+ break;
+
+ case 0x81:
+ {
+ int dma, hdma;
+
+ dma = ctz32 (val & 0xf);
+ hdma = ctz32 (val & 0xf0);
+ if (dma != s->dma || hdma != s->hdma) {
+ dolog (
+ "attempt to change DMA "
+ "8bit %d(%d), 16bit %d(%d) (val=%#x)\n",
+ dma, s->dma, hdma, s->hdma, val);
+ }
+#if 0
+ s->dma = dma;
+ s->hdma = hdma;
+#endif
+ }
+ break;
+
+ case 0x82:
+ dolog ("attempt to write into IRQ status register (val=%#x)\n",
+ val);
+ return;
+
+ default:
+ if (s->mixer_nreg >= 0x80) {
+ ldebug ("attempt to write mixer[%#x] <- %#x\n", s->mixer_nreg, val);
+ }
+ break;
+ }
+
+ s->mixer_regs[s->mixer_nreg] = val;
+}
+
+static IO_WRITE_PROTO (mixer_write_indexw)
+{
+ mixer_write_indexb (opaque, nport, val & 0xff);
+ mixer_write_datab (opaque, nport, (val >> 8) & 0xff);
+}
+
+static IO_READ_PROTO (mixer_read)
+{
+ SB16State *s = opaque;
+
+ (void) nport;
+#ifndef DEBUG_SB16_MOST
+ if (s->mixer_nreg != 0x82) {
+ ldebug ("mixer_read[%#x] -> %#x\n",
+ s->mixer_nreg, s->mixer_regs[s->mixer_nreg]);
+ }
+#else
+ ldebug ("mixer_read[%#x] -> %#x\n",
+ s->mixer_nreg, s->mixer_regs[s->mixer_nreg]);
+#endif
+ return s->mixer_regs[s->mixer_nreg];
+}
+
+static int write_audio (SB16State *s, int nchan, int dma_pos,
+ int dma_len, int len)
+{
+ int temp, net;
+ uint8_t tmpbuf[4096];
+
+ temp = len;
+ net = 0;
+
+ while (temp) {
+ int left = dma_len - dma_pos;
+ int copied;
+ size_t to_copy;
+
+ to_copy = audio_MIN (temp, left);
+ if (to_copy > sizeof (tmpbuf)) {
+ to_copy = sizeof (tmpbuf);
+ }
+
+ copied = DMA_read_memory (nchan, tmpbuf, dma_pos, to_copy);
+ copied = AUD_write (s->voice, tmpbuf, copied);
+
+ temp -= copied;
+ dma_pos = (dma_pos + copied) % dma_len;
+ net += copied;
+
+ if (!copied) {
+ break;
+ }
+ }
+
+ return net;
+}
+
+static int SB_read_DMA (void *opaque, int nchan, int dma_pos, int dma_len)
+{
+ SB16State *s = opaque;
+ int till, copy, written, free;
+
+ if (s->block_size <= 0) {
+ dolog ("invalid block size=%d nchan=%d dma_pos=%d dma_len=%d\n",
+ s->block_size, nchan, dma_pos, dma_len);
+ return dma_pos;
+ }
+
+ if (s->left_till_irq < 0) {
+ s->left_till_irq = s->block_size;
+ }
+
+ if (s->voice) {
+ free = s->audio_free & ~s->align;
+ if ((free <= 0) || !dma_len) {
+ return dma_pos;
+ }
+ }
+ else {
+ free = dma_len;
+ }
+
+ copy = free;
+ till = s->left_till_irq;
+
+#ifdef DEBUG_SB16_MOST
+ dolog ("pos:%06d %d till:%d len:%d\n",
+ dma_pos, free, till, dma_len);
+#endif
+
+ if (till <= copy) {
+ if (0 == s->dma_auto) {
+ copy = till;
+ }
+ }
+
+ written = write_audio (s, nchan, dma_pos, dma_len, copy);
+ dma_pos = (dma_pos + written) % dma_len;
+ s->left_till_irq -= written;
+
+ if (s->left_till_irq <= 0) {
+ s->mixer_regs[0x82] |= (nchan & 4) ? 2 : 1;
+ qemu_irq_raise (s->pic);
+ if (0 == s->dma_auto) {
+ control (s, 0);
+ speaker (s, 0);
+ }
+ }
+
+#ifdef DEBUG_SB16_MOST
+ ldebug ("pos %5d free %5d size %5d till % 5d copy %5d written %5d size %5d\n",
+ dma_pos, free, dma_len, s->left_till_irq, copy, written,
+ s->block_size);
+#endif
+
+ while (s->left_till_irq <= 0) {
+ s->left_till_irq = s->block_size + s->left_till_irq;
+ }
+
+ return dma_pos;
+}
+
+static void SB_audio_callback (void *opaque, int free)
+{
+ SB16State *s = opaque;
+ s->audio_free = free;
+}
+
+static int sb16_post_load (void *opaque, int version_id)
+{
+ SB16State *s = opaque;
+
+ if (s->voice) {
+ AUD_close_out (&s->card, s->voice);
+ s->voice = NULL;
+ }
+
+ if (s->dma_running) {
+ if (s->freq) {
+ struct audsettings as;
+
+ s->audio_free = 0;
+
+ as.freq = s->freq;
+ as.nchannels = 1 << s->fmt_stereo;
+ as.fmt = s->fmt;
+ as.endianness = 0;
+
+ s->voice = AUD_open_out (
+ &s->card,
+ s->voice,
+ "sb16",
+ s,
+ SB_audio_callback,
+ &as
+ );
+ }
+
+ control (s, 1);
+ speaker (s, s->speaker);
+ }
+ return 0;
+}
+
+static const VMStateDescription vmstate_sb16 = {
+ .name = "sb16",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .minimum_version_id_old = 1,
+ .post_load = sb16_post_load,
+ .fields = (VMStateField []) {
+ VMSTATE_UINT32 (irq, SB16State),
+ VMSTATE_UINT32 (dma, SB16State),
+ VMSTATE_UINT32 (hdma, SB16State),
+ VMSTATE_UINT32 (port, SB16State),
+ VMSTATE_UINT32 (ver, SB16State),
+ VMSTATE_INT32 (in_index, SB16State),
+ VMSTATE_INT32 (out_data_len, SB16State),
+ VMSTATE_INT32 (fmt_stereo, SB16State),
+ VMSTATE_INT32 (fmt_signed, SB16State),
+ VMSTATE_INT32 (fmt_bits, SB16State),
+ VMSTATE_UINT32 (fmt, SB16State),
+ VMSTATE_INT32 (dma_auto, SB16State),
+ VMSTATE_INT32 (block_size, SB16State),
+ VMSTATE_INT32 (fifo, SB16State),
+ VMSTATE_INT32 (freq, SB16State),
+ VMSTATE_INT32 (time_const, SB16State),
+ VMSTATE_INT32 (speaker, SB16State),
+ VMSTATE_INT32 (needed_bytes, SB16State),
+ VMSTATE_INT32 (cmd, SB16State),
+ VMSTATE_INT32 (use_hdma, SB16State),
+ VMSTATE_INT32 (highspeed, SB16State),
+ VMSTATE_INT32 (can_write, SB16State),
+ VMSTATE_INT32 (v2x6, SB16State),
+
+ VMSTATE_UINT8 (csp_param, SB16State),
+ VMSTATE_UINT8 (csp_value, SB16State),
+ VMSTATE_UINT8 (csp_mode, SB16State),
+ VMSTATE_UINT8 (csp_param, SB16State),
+ VMSTATE_BUFFER (csp_regs, SB16State),
+ VMSTATE_UINT8 (csp_index, SB16State),
+ VMSTATE_BUFFER (csp_reg83, SB16State),
+ VMSTATE_INT32 (csp_reg83r, SB16State),
+ VMSTATE_INT32 (csp_reg83w, SB16State),
+
+ VMSTATE_BUFFER (in2_data, SB16State),
+ VMSTATE_BUFFER (out_data, SB16State),
+ VMSTATE_UINT8 (test_reg, SB16State),
+ VMSTATE_UINT8 (last_read_byte, SB16State),
+
+ VMSTATE_INT32 (nzero, SB16State),
+ VMSTATE_INT32 (left_till_irq, SB16State),
+ VMSTATE_INT32 (dma_running, SB16State),
+ VMSTATE_INT32 (bytes_per_second, SB16State),
+ VMSTATE_INT32 (align, SB16State),
+
+ VMSTATE_INT32 (mixer_nreg, SB16State),
+ VMSTATE_BUFFER (mixer_regs, SB16State),
+
+ VMSTATE_END_OF_LIST ()
+ }
+};
+
+static const MemoryRegionPortio sb16_ioport_list[] = {
+ { 4, 1, 1, .write = mixer_write_indexb },
+ { 4, 1, 2, .write = mixer_write_indexw },
+ { 5, 1, 1, .read = mixer_read, .write = mixer_write_datab },
+ { 6, 1, 1, .read = dsp_read, .write = dsp_write },
+ { 10, 1, 1, .read = dsp_read },
+ { 12, 1, 1, .write = dsp_write },
+ { 12, 4, 1, .read = dsp_read },
+ PORTIO_END_OF_LIST (),
+};
+
+
+static void sb16_initfn (Object *obj)
+{
+ SB16State *s = SB16 (obj);
+
+ s->cmd = -1;
+}
+
+static void sb16_realizefn (DeviceState *dev, Error **errp)
+{
+ ISADevice *isadev = ISA_DEVICE (dev);
+ SB16State *s = SB16 (dev);
+
+ isa_init_irq (isadev, &s->pic, s->irq);
+
+ s->mixer_regs[0x80] = magic_of_irq (s->irq);
+ s->mixer_regs[0x81] = (1 << s->dma) | (1 << s->hdma);
+ s->mixer_regs[0x82] = 2 << 5;
+
+ s->csp_regs[5] = 1;
+ s->csp_regs[9] = 0xf8;
+
+ reset_mixer (s);
+ s->aux_ts = qemu_new_timer_ns (vm_clock, aux_timer, s);
+ if (!s->aux_ts) {
+ dolog ("warning: Could not create auxiliary timer\n");
+ }
+
+ isa_register_portio_list (isadev, s->port, sb16_ioport_list, s, "sb16");
+
+ DMA_register_channel (s->hdma, SB_read_DMA, s);
+ DMA_register_channel (s->dma, SB_read_DMA, s);
+ s->can_write = 1;
+
+ AUD_register_card ("sb16", &s->card);
+}
+
+static int SB16_init (ISABus *bus)
+{
+ isa_create_simple (bus, TYPE_SB16);
+ return 0;
+}
+
+static Property sb16_properties[] = {
+ DEFINE_PROP_HEX32 ("version", SB16State, ver, 0x0405), /* 4.5 */
+ DEFINE_PROP_HEX32 ("iobase", SB16State, port, 0x220),
+ DEFINE_PROP_UINT32 ("irq", SB16State, irq, 5),
+ DEFINE_PROP_UINT32 ("dma", SB16State, dma, 1),
+ DEFINE_PROP_UINT32 ("dma16", SB16State, hdma, 5),
+ DEFINE_PROP_END_OF_LIST (),
+};
+
+static void sb16_class_initfn (ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS (klass);
+
+ dc->realize = sb16_realizefn;
+ set_bit(DEVICE_CATEGORY_SOUND, dc->categories);
+ dc->desc = "Creative Sound Blaster 16";
+ dc->vmsd = &vmstate_sb16;
+ dc->props = sb16_properties;
+}
+
+static const TypeInfo sb16_info = {
+ .name = TYPE_SB16,
+ .parent = TYPE_ISA_DEVICE,
+ .instance_size = sizeof (SB16State),
+ .instance_init = sb16_initfn,
+ .class_init = sb16_class_initfn,
+};
+
+static void sb16_register_types (void)
+{
+ type_register_static (&sb16_info);
+ isa_register_soundhw("sb16", "Creative Sound Blaster 16", SB16_init);
+}
+
+type_init (sb16_register_types)
diff --git a/hw/audio/wm8750.c b/hw/audio/wm8750.c
new file mode 100644
index 000000000..6b5a3499b
--- /dev/null
+++ b/hw/audio/wm8750.c
@@ -0,0 +1,716 @@
+/*
+ * WM8750 audio CODEC.
+ *
+ * Copyright (c) 2006 Openedhand Ltd.
+ * Written by Andrzej Zaborowski <balrog@zabor.org>
+ *
+ * This file is licensed under GNU GPL.
+ */
+
+#include "hw/hw.h"
+#include "hw/i2c/i2c.h"
+#include "audio/audio.h"
+
+#define IN_PORT_N 3
+#define OUT_PORT_N 3
+
+#define CODEC "wm8750"
+
+typedef struct {
+ int adc;
+ int adc_hz;
+ int dac;
+ int dac_hz;
+} WMRate;
+
+typedef struct {
+ I2CSlave i2c;
+ uint8_t i2c_data[2];
+ int i2c_len;
+ QEMUSoundCard card;
+ SWVoiceIn *adc_voice[IN_PORT_N];
+ SWVoiceOut *dac_voice[OUT_PORT_N];
+ int enable;
+ void (*data_req)(void *, int, int);
+ void *opaque;
+ uint8_t data_in[4096];
+ uint8_t data_out[4096];
+ int idx_in, req_in;
+ int idx_out, req_out;
+
+ SWVoiceOut **out[2];
+ uint8_t outvol[7], outmute[2];
+ SWVoiceIn **in[2];
+ uint8_t invol[4], inmute[2];
+
+ uint8_t diff[2], pol, ds, monomix[2], alc, mute;
+ uint8_t path[4], mpath[2], power, format;
+ const WMRate *rate;
+ uint8_t rate_vmstate;
+ int adc_hz, dac_hz, ext_adc_hz, ext_dac_hz, master;
+} WM8750State;
+
+/* pow(10.0, -i / 20.0) * 255, i = 0..42 */
+static const uint8_t wm8750_vol_db_table[] = {
+ 255, 227, 203, 181, 161, 143, 128, 114, 102, 90, 81, 72, 64, 57, 51, 45,
+ 40, 36, 32, 29, 26, 23, 20, 18, 16, 14, 13, 11, 10, 9, 8, 7, 6, 6, 5, 5,
+ 4, 4, 3, 3, 3, 2, 2
+};
+
+#define WM8750_OUTVOL_TRANSFORM(x) wm8750_vol_db_table[(0x7f - x) / 3]
+#define WM8750_INVOL_TRANSFORM(x) (x << 2)
+
+static inline void wm8750_in_load(WM8750State *s)
+{
+ if (s->idx_in + s->req_in <= sizeof(s->data_in))
+ return;
+ s->idx_in = audio_MAX(0, (int) sizeof(s->data_in) - s->req_in);
+ AUD_read(*s->in[0], s->data_in + s->idx_in,
+ sizeof(s->data_in) - s->idx_in);
+}
+
+static inline void wm8750_out_flush(WM8750State *s)
+{
+ int sent = 0;
+ while (sent < s->idx_out)
+ sent += AUD_write(*s->out[0], s->data_out + sent, s->idx_out - sent)
+ ?: s->idx_out;
+ s->idx_out = 0;
+}
+
+static void wm8750_audio_in_cb(void *opaque, int avail_b)
+{
+ WM8750State *s = (WM8750State *) opaque;
+ s->req_in = avail_b;
+ s->data_req(s->opaque, s->req_out >> 2, avail_b >> 2);
+}
+
+static void wm8750_audio_out_cb(void *opaque, int free_b)
+{
+ WM8750State *s = (WM8750State *) opaque;
+
+ if (s->idx_out >= free_b) {
+ s->idx_out = free_b;
+ s->req_out = 0;
+ wm8750_out_flush(s);
+ } else
+ s->req_out = free_b - s->idx_out;
+
+ s->data_req(s->opaque, s->req_out >> 2, s->req_in >> 2);
+}
+
+static const WMRate wm_rate_table[] = {
+ { 256, 48000, 256, 48000 }, /* SR: 00000 */
+ { 384, 48000, 384, 48000 }, /* SR: 00001 */
+ { 256, 48000, 1536, 8000 }, /* SR: 00010 */
+ { 384, 48000, 2304, 8000 }, /* SR: 00011 */
+ { 1536, 8000, 256, 48000 }, /* SR: 00100 */
+ { 2304, 8000, 384, 48000 }, /* SR: 00101 */
+ { 1536, 8000, 1536, 8000 }, /* SR: 00110 */
+ { 2304, 8000, 2304, 8000 }, /* SR: 00111 */
+ { 1024, 12000, 1024, 12000 }, /* SR: 01000 */
+ { 1526, 12000, 1536, 12000 }, /* SR: 01001 */
+ { 768, 16000, 768, 16000 }, /* SR: 01010 */
+ { 1152, 16000, 1152, 16000 }, /* SR: 01011 */
+ { 384, 32000, 384, 32000 }, /* SR: 01100 */
+ { 576, 32000, 576, 32000 }, /* SR: 01101 */
+ { 128, 96000, 128, 96000 }, /* SR: 01110 */
+ { 192, 96000, 192, 96000 }, /* SR: 01111 */
+ { 256, 44100, 256, 44100 }, /* SR: 10000 */
+ { 384, 44100, 384, 44100 }, /* SR: 10001 */
+ { 256, 44100, 1408, 8018 }, /* SR: 10010 */
+ { 384, 44100, 2112, 8018 }, /* SR: 10011 */
+ { 1408, 8018, 256, 44100 }, /* SR: 10100 */
+ { 2112, 8018, 384, 44100 }, /* SR: 10101 */
+ { 1408, 8018, 1408, 8018 }, /* SR: 10110 */
+ { 2112, 8018, 2112, 8018 }, /* SR: 10111 */
+ { 1024, 11025, 1024, 11025 }, /* SR: 11000 */
+ { 1536, 11025, 1536, 11025 }, /* SR: 11001 */
+ { 512, 22050, 512, 22050 }, /* SR: 11010 */
+ { 768, 22050, 768, 22050 }, /* SR: 11011 */
+ { 512, 24000, 512, 24000 }, /* SR: 11100 */
+ { 768, 24000, 768, 24000 }, /* SR: 11101 */
+ { 128, 88200, 128, 88200 }, /* SR: 11110 */
+ { 192, 88200, 192, 88200 }, /* SR: 11111 */
+};
+
+static void wm8750_vol_update(WM8750State *s)
+{
+ /* FIXME: multiply all volumes by s->invol[2], s->invol[3] */
+
+ AUD_set_volume_in(s->adc_voice[0], s->mute,
+ s->inmute[0] ? 0 : WM8750_INVOL_TRANSFORM(s->invol[0]),
+ s->inmute[1] ? 0 : WM8750_INVOL_TRANSFORM(s->invol[1]));
+ AUD_set_volume_in(s->adc_voice[1], s->mute,
+ s->inmute[0] ? 0 : WM8750_INVOL_TRANSFORM(s->invol[0]),
+ s->inmute[1] ? 0 : WM8750_INVOL_TRANSFORM(s->invol[1]));
+ AUD_set_volume_in(s->adc_voice[2], s->mute,
+ s->inmute[0] ? 0 : WM8750_INVOL_TRANSFORM(s->invol[0]),
+ s->inmute[1] ? 0 : WM8750_INVOL_TRANSFORM(s->invol[1]));
+
+ /* FIXME: multiply all volumes by s->outvol[0], s->outvol[1] */
+
+ /* Speaker: LOUT2VOL ROUT2VOL */
+ AUD_set_volume_out(s->dac_voice[0], s->mute,
+ s->outmute[0] ? 0 : WM8750_OUTVOL_TRANSFORM(s->outvol[4]),
+ s->outmute[1] ? 0 : WM8750_OUTVOL_TRANSFORM(s->outvol[5]));
+
+ /* Headphone: LOUT1VOL ROUT1VOL */
+ AUD_set_volume_out(s->dac_voice[1], s->mute,
+ s->outmute[0] ? 0 : WM8750_OUTVOL_TRANSFORM(s->outvol[2]),
+ s->outmute[1] ? 0 : WM8750_OUTVOL_TRANSFORM(s->outvol[3]));
+
+ /* MONOOUT: MONOVOL MONOVOL */
+ AUD_set_volume_out(s->dac_voice[2], s->mute,
+ s->outmute[0] ? 0 : WM8750_OUTVOL_TRANSFORM(s->outvol[6]),
+ s->outmute[1] ? 0 : WM8750_OUTVOL_TRANSFORM(s->outvol[6]));
+}
+
+static void wm8750_set_format(WM8750State *s)
+{
+ int i;
+ struct audsettings in_fmt;
+ struct audsettings out_fmt;
+
+ wm8750_out_flush(s);
+
+ if (s->in[0] && *s->in[0])
+ AUD_set_active_in(*s->in[0], 0);
+ if (s->out[0] && *s->out[0])
+ AUD_set_active_out(*s->out[0], 0);
+
+ for (i = 0; i < IN_PORT_N; i ++)
+ if (s->adc_voice[i]) {
+ AUD_close_in(&s->card, s->adc_voice[i]);
+ s->adc_voice[i] = NULL;
+ }
+ for (i = 0; i < OUT_PORT_N; i ++)
+ if (s->dac_voice[i]) {
+ AUD_close_out(&s->card, s->dac_voice[i]);
+ s->dac_voice[i] = NULL;
+ }
+
+ if (!s->enable)
+ return;
+
+ /* Setup input */
+ in_fmt.endianness = 0;
+ in_fmt.nchannels = 2;
+ in_fmt.freq = s->adc_hz;
+ in_fmt.fmt = AUD_FMT_S16;
+
+ s->adc_voice[0] = AUD_open_in(&s->card, s->adc_voice[0],
+ CODEC ".input1", s, wm8750_audio_in_cb, &in_fmt);
+ s->adc_voice[1] = AUD_open_in(&s->card, s->adc_voice[1],
+ CODEC ".input2", s, wm8750_audio_in_cb, &in_fmt);
+ s->adc_voice[2] = AUD_open_in(&s->card, s->adc_voice[2],
+ CODEC ".input3", s, wm8750_audio_in_cb, &in_fmt);
+
+ /* Setup output */
+ out_fmt.endianness = 0;
+ out_fmt.nchannels = 2;
+ out_fmt.freq = s->dac_hz;
+ out_fmt.fmt = AUD_FMT_S16;
+
+ s->dac_voice[0] = AUD_open_out(&s->card, s->dac_voice[0],
+ CODEC ".speaker", s, wm8750_audio_out_cb, &out_fmt);
+ s->dac_voice[1] = AUD_open_out(&s->card, s->dac_voice[1],
+ CODEC ".headphone", s, wm8750_audio_out_cb, &out_fmt);
+ /* MONOMIX is also in stereo for simplicity */
+ s->dac_voice[2] = AUD_open_out(&s->card, s->dac_voice[2],
+ CODEC ".monomix", s, wm8750_audio_out_cb, &out_fmt);
+ /* no sense emulating OUT3 which is a mix of other outputs */
+
+ wm8750_vol_update(s);
+
+ /* We should connect the left and right channels to their
+ * respective inputs/outputs but we have completely no need
+ * for mixing or combining paths to different ports, so we
+ * connect both channels to where the left channel is routed. */
+ if (s->in[0] && *s->in[0])
+ AUD_set_active_in(*s->in[0], 1);
+ if (s->out[0] && *s->out[0])
+ AUD_set_active_out(*s->out[0], 1);
+}
+
+static void wm8750_clk_update(WM8750State *s, int ext)
+{
+ if (s->master || !s->ext_dac_hz)
+ s->dac_hz = s->rate->dac_hz;
+ else
+ s->dac_hz = s->ext_dac_hz;
+
+ if (s->master || !s->ext_adc_hz)
+ s->adc_hz = s->rate->adc_hz;
+ else
+ s->adc_hz = s->ext_adc_hz;
+
+ if (s->master || (!s->ext_dac_hz && !s->ext_adc_hz)) {
+ if (!ext)
+ wm8750_set_format(s);
+ } else {
+ if (ext)
+ wm8750_set_format(s);
+ }
+}
+
+static void wm8750_reset(I2CSlave *i2c)
+{
+ WM8750State *s = (WM8750State *) i2c;
+ s->rate = &wm_rate_table[0];
+ s->enable = 0;
+ wm8750_clk_update(s, 1);
+ s->diff[0] = 0;
+ s->diff[1] = 0;
+ s->ds = 0;
+ s->alc = 0;
+ s->in[0] = &s->adc_voice[0];
+ s->invol[0] = 0x17;
+ s->invol[1] = 0x17;
+ s->invol[2] = 0xc3;
+ s->invol[3] = 0xc3;
+ s->out[0] = &s->dac_voice[0];
+ s->outvol[0] = 0xff;
+ s->outvol[1] = 0xff;
+ s->outvol[2] = 0x79;
+ s->outvol[3] = 0x79;
+ s->outvol[4] = 0x79;
+ s->outvol[5] = 0x79;
+ s->outvol[6] = 0x79;
+ s->inmute[0] = 0;
+ s->inmute[1] = 0;
+ s->outmute[0] = 0;
+ s->outmute[1] = 0;
+ s->mute = 1;
+ s->path[0] = 0;
+ s->path[1] = 0;
+ s->path[2] = 0;
+ s->path[3] = 0;
+ s->mpath[0] = 0;
+ s->mpath[1] = 0;
+ s->format = 0x0a;
+ s->idx_in = sizeof(s->data_in);
+ s->req_in = 0;
+ s->idx_out = 0;
+ s->req_out = 0;
+ wm8750_vol_update(s);
+ s->i2c_len = 0;
+}
+
+static void wm8750_event(I2CSlave *i2c, enum i2c_event event)
+{
+ WM8750State *s = (WM8750State *) i2c;
+
+ switch (event) {
+ case I2C_START_SEND:
+ s->i2c_len = 0;
+ break;
+ case I2C_FINISH:
+#ifdef VERBOSE
+ if (s->i2c_len < 2)
+ printf("%s: message too short (%i bytes)\n",
+ __FUNCTION__, s->i2c_len);
+#endif
+ break;
+ default:
+ break;
+ }
+}
+
+#define WM8750_LINVOL 0x00
+#define WM8750_RINVOL 0x01
+#define WM8750_LOUT1V 0x02
+#define WM8750_ROUT1V 0x03
+#define WM8750_ADCDAC 0x05
+#define WM8750_IFACE 0x07
+#define WM8750_SRATE 0x08
+#define WM8750_LDAC 0x0a
+#define WM8750_RDAC 0x0b
+#define WM8750_BASS 0x0c
+#define WM8750_TREBLE 0x0d
+#define WM8750_RESET 0x0f
+#define WM8750_3D 0x10
+#define WM8750_ALC1 0x11
+#define WM8750_ALC2 0x12
+#define WM8750_ALC3 0x13
+#define WM8750_NGATE 0x14
+#define WM8750_LADC 0x15
+#define WM8750_RADC 0x16
+#define WM8750_ADCTL1 0x17
+#define WM8750_ADCTL2 0x18
+#define WM8750_PWR1 0x19
+#define WM8750_PWR2 0x1a
+#define WM8750_ADCTL3 0x1b
+#define WM8750_ADCIN 0x1f
+#define WM8750_LADCIN 0x20
+#define WM8750_RADCIN 0x21
+#define WM8750_LOUTM1 0x22
+#define WM8750_LOUTM2 0x23
+#define WM8750_ROUTM1 0x24
+#define WM8750_ROUTM2 0x25
+#define WM8750_MOUTM1 0x26
+#define WM8750_MOUTM2 0x27
+#define WM8750_LOUT2V 0x28
+#define WM8750_ROUT2V 0x29
+#define WM8750_MOUTV 0x2a
+
+static int wm8750_tx(I2CSlave *i2c, uint8_t data)
+{
+ WM8750State *s = (WM8750State *) i2c;
+ uint8_t cmd;
+ uint16_t value;
+
+ if (s->i2c_len >= 2) {
+#ifdef VERBOSE
+ printf("%s: long message (%i bytes)\n", __func__, s->i2c_len);
+#endif
+ return 1;
+ }
+ s->i2c_data[s->i2c_len ++] = data;
+ if (s->i2c_len != 2)
+ return 0;
+
+ cmd = s->i2c_data[0] >> 1;
+ value = ((s->i2c_data[0] << 8) | s->i2c_data[1]) & 0x1ff;
+
+ switch (cmd) {
+ case WM8750_LADCIN: /* ADC Signal Path Control (Left) */
+ s->diff[0] = (((value >> 6) & 3) == 3); /* LINSEL */
+ if (s->diff[0])
+ s->in[0] = &s->adc_voice[0 + s->ds * 1];
+ else
+ s->in[0] = &s->adc_voice[((value >> 6) & 3) * 1 + 0];
+ break;
+
+ case WM8750_RADCIN: /* ADC Signal Path Control (Right) */
+ s->diff[1] = (((value >> 6) & 3) == 3); /* RINSEL */
+ if (s->diff[1])
+ s->in[1] = &s->adc_voice[0 + s->ds * 1];
+ else
+ s->in[1] = &s->adc_voice[((value >> 6) & 3) * 1 + 0];
+ break;
+
+ case WM8750_ADCIN: /* ADC Input Mode */
+ s->ds = (value >> 8) & 1; /* DS */
+ if (s->diff[0])
+ s->in[0] = &s->adc_voice[0 + s->ds * 1];
+ if (s->diff[1])
+ s->in[1] = &s->adc_voice[0 + s->ds * 1];
+ s->monomix[0] = (value >> 6) & 3; /* MONOMIX */
+ break;
+
+ case WM8750_ADCTL1: /* Additional Control (1) */
+ s->monomix[1] = (value >> 1) & 1; /* DMONOMIX */
+ break;
+
+ case WM8750_PWR1: /* Power Management (1) */
+ s->enable = ((value >> 6) & 7) == 3; /* VMIDSEL, VREF */
+ wm8750_set_format(s);
+ break;
+
+ case WM8750_LINVOL: /* Left Channel PGA */
+ s->invol[0] = value & 0x3f; /* LINVOL */
+ s->inmute[0] = (value >> 7) & 1; /* LINMUTE */
+ wm8750_vol_update(s);
+ break;
+
+ case WM8750_RINVOL: /* Right Channel PGA */
+ s->invol[1] = value & 0x3f; /* RINVOL */
+ s->inmute[1] = (value >> 7) & 1; /* RINMUTE */
+ wm8750_vol_update(s);
+ break;
+
+ case WM8750_ADCDAC: /* ADC and DAC Control */
+ s->pol = (value >> 5) & 3; /* ADCPOL */
+ s->mute = (value >> 3) & 1; /* DACMU */
+ wm8750_vol_update(s);
+ break;
+
+ case WM8750_ADCTL3: /* Additional Control (3) */
+ break;
+
+ case WM8750_LADC: /* Left ADC Digital Volume */
+ s->invol[2] = value & 0xff; /* LADCVOL */
+ wm8750_vol_update(s);
+ break;
+
+ case WM8750_RADC: /* Right ADC Digital Volume */
+ s->invol[3] = value & 0xff; /* RADCVOL */
+ wm8750_vol_update(s);
+ break;
+
+ case WM8750_ALC1: /* ALC Control (1) */
+ s->alc = (value >> 7) & 3; /* ALCSEL */
+ break;
+
+ case WM8750_NGATE: /* Noise Gate Control */
+ case WM8750_3D: /* 3D enhance */
+ break;
+
+ case WM8750_LDAC: /* Left Channel Digital Volume */
+ s->outvol[0] = value & 0xff; /* LDACVOL */
+ wm8750_vol_update(s);
+ break;
+
+ case WM8750_RDAC: /* Right Channel Digital Volume */
+ s->outvol[1] = value & 0xff; /* RDACVOL */
+ wm8750_vol_update(s);
+ break;
+
+ case WM8750_BASS: /* Bass Control */
+ break;
+
+ case WM8750_LOUTM1: /* Left Mixer Control (1) */
+ s->path[0] = (value >> 8) & 1; /* LD2LO */
+ /* TODO: mute/unmute respective paths */
+ wm8750_vol_update(s);
+ break;
+
+ case WM8750_LOUTM2: /* Left Mixer Control (2) */
+ s->path[1] = (value >> 8) & 1; /* RD2LO */
+ /* TODO: mute/unmute respective paths */
+ wm8750_vol_update(s);
+ break;
+
+ case WM8750_ROUTM1: /* Right Mixer Control (1) */
+ s->path[2] = (value >> 8) & 1; /* LD2RO */
+ /* TODO: mute/unmute respective paths */
+ wm8750_vol_update(s);
+ break;
+
+ case WM8750_ROUTM2: /* Right Mixer Control (2) */
+ s->path[3] = (value >> 8) & 1; /* RD2RO */
+ /* TODO: mute/unmute respective paths */
+ wm8750_vol_update(s);
+ break;
+
+ case WM8750_MOUTM1: /* Mono Mixer Control (1) */
+ s->mpath[0] = (value >> 8) & 1; /* LD2MO */
+ /* TODO: mute/unmute respective paths */
+ wm8750_vol_update(s);
+ break;
+
+ case WM8750_MOUTM2: /* Mono Mixer Control (2) */
+ s->mpath[1] = (value >> 8) & 1; /* RD2MO */
+ /* TODO: mute/unmute respective paths */
+ wm8750_vol_update(s);
+ break;
+
+ case WM8750_LOUT1V: /* LOUT1 Volume */
+ s->outvol[2] = value & 0x7f; /* LOUT1VOL */
+ wm8750_vol_update(s);
+ break;
+
+ case WM8750_LOUT2V: /* LOUT2 Volume */
+ s->outvol[4] = value & 0x7f; /* LOUT2VOL */
+ wm8750_vol_update(s);
+ break;
+
+ case WM8750_ROUT1V: /* ROUT1 Volume */
+ s->outvol[3] = value & 0x7f; /* ROUT1VOL */
+ wm8750_vol_update(s);
+ break;
+
+ case WM8750_ROUT2V: /* ROUT2 Volume */
+ s->outvol[5] = value & 0x7f; /* ROUT2VOL */
+ wm8750_vol_update(s);
+ break;
+
+ case WM8750_MOUTV: /* MONOOUT Volume */
+ s->outvol[6] = value & 0x7f; /* MONOOUTVOL */
+ wm8750_vol_update(s);
+ break;
+
+ case WM8750_ADCTL2: /* Additional Control (2) */
+ break;
+
+ case WM8750_PWR2: /* Power Management (2) */
+ s->power = value & 0x7e;
+ /* TODO: mute/unmute respective paths */
+ wm8750_vol_update(s);
+ break;
+
+ case WM8750_IFACE: /* Digital Audio Interface Format */
+ s->format = value;
+ s->master = (value >> 6) & 1; /* MS */
+ wm8750_clk_update(s, s->master);
+ break;
+
+ case WM8750_SRATE: /* Clocking and Sample Rate Control */
+ s->rate = &wm_rate_table[(value >> 1) & 0x1f];
+ wm8750_clk_update(s, 0);
+ break;
+
+ case WM8750_RESET: /* Reset */
+ wm8750_reset(&s->i2c);
+ break;
+
+#ifdef VERBOSE
+ default:
+ printf("%s: unknown register %02x\n", __FUNCTION__, cmd);
+#endif
+ }
+
+ return 0;
+}
+
+static int wm8750_rx(I2CSlave *i2c)
+{
+ return 0x00;
+}
+
+static void wm8750_pre_save(void *opaque)
+{
+ WM8750State *s = opaque;
+
+ s->rate_vmstate = s->rate - wm_rate_table;
+}
+
+static int wm8750_post_load(void *opaque, int version_id)
+{
+ WM8750State *s = opaque;
+
+ s->rate = &wm_rate_table[s->rate_vmstate & 0x1f];
+ return 0;
+}
+
+static const VMStateDescription vmstate_wm8750 = {
+ .name = CODEC,
+ .version_id = 0,
+ .minimum_version_id = 0,
+ .minimum_version_id_old = 0,
+ .pre_save = wm8750_pre_save,
+ .post_load = wm8750_post_load,
+ .fields = (VMStateField []) {
+ VMSTATE_UINT8_ARRAY(i2c_data, WM8750State, 2),
+ VMSTATE_INT32(i2c_len, WM8750State),
+ VMSTATE_INT32(enable, WM8750State),
+ VMSTATE_INT32(idx_in, WM8750State),
+ VMSTATE_INT32(req_in, WM8750State),
+ VMSTATE_INT32(idx_out, WM8750State),
+ VMSTATE_INT32(req_out, WM8750State),
+ VMSTATE_UINT8_ARRAY(outvol, WM8750State, 7),
+ VMSTATE_UINT8_ARRAY(outmute, WM8750State, 2),
+ VMSTATE_UINT8_ARRAY(invol, WM8750State, 4),
+ VMSTATE_UINT8_ARRAY(inmute, WM8750State, 2),
+ VMSTATE_UINT8_ARRAY(diff, WM8750State, 2),
+ VMSTATE_UINT8(pol, WM8750State),
+ VMSTATE_UINT8(ds, WM8750State),
+ VMSTATE_UINT8_ARRAY(monomix, WM8750State, 2),
+ VMSTATE_UINT8(alc, WM8750State),
+ VMSTATE_UINT8(mute, WM8750State),
+ VMSTATE_UINT8_ARRAY(path, WM8750State, 4),
+ VMSTATE_UINT8_ARRAY(mpath, WM8750State, 2),
+ VMSTATE_UINT8(format, WM8750State),
+ VMSTATE_UINT8(power, WM8750State),
+ VMSTATE_UINT8(rate_vmstate, WM8750State),
+ VMSTATE_I2C_SLAVE(i2c, WM8750State),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+static int wm8750_init(I2CSlave *i2c)
+{
+ WM8750State *s = FROM_I2C_SLAVE(WM8750State, i2c);
+
+ AUD_register_card(CODEC, &s->card);
+ wm8750_reset(&s->i2c);
+
+ return 0;
+}
+
+#if 0
+static void wm8750_fini(I2CSlave *i2c)
+{
+ WM8750State *s = (WM8750State *) i2c;
+ wm8750_reset(&s->i2c);
+ AUD_remove_card(&s->card);
+ g_free(s);
+}
+#endif
+
+void wm8750_data_req_set(DeviceState *dev,
+ void (*data_req)(void *, int, int), void *opaque)
+{
+ WM8750State *s = FROM_I2C_SLAVE(WM8750State, I2C_SLAVE(dev));
+ s->data_req = data_req;
+ s->opaque = opaque;
+}
+
+void wm8750_dac_dat(void *opaque, uint32_t sample)
+{
+ WM8750State *s = (WM8750State *) opaque;
+
+ *(uint32_t *) &s->data_out[s->idx_out] = sample;
+ s->req_out -= 4;
+ s->idx_out += 4;
+ if (s->idx_out >= sizeof(s->data_out) || s->req_out <= 0)
+ wm8750_out_flush(s);
+}
+
+void *wm8750_dac_buffer(void *opaque, int samples)
+{
+ WM8750State *s = (WM8750State *) opaque;
+ /* XXX: Should check if there are <i>samples</i> free samples available */
+ void *ret = s->data_out + s->idx_out;
+
+ s->idx_out += samples << 2;
+ s->req_out -= samples << 2;
+ return ret;
+}
+
+void wm8750_dac_commit(void *opaque)
+{
+ WM8750State *s = (WM8750State *) opaque;
+
+ wm8750_out_flush(s);
+}
+
+uint32_t wm8750_adc_dat(void *opaque)
+{
+ WM8750State *s = (WM8750State *) opaque;
+ uint32_t *data;
+
+ if (s->idx_in >= sizeof(s->data_in))
+ wm8750_in_load(s);
+
+ data = (uint32_t *) &s->data_in[s->idx_in];
+ s->req_in -= 4;
+ s->idx_in += 4;
+ return *data;
+}
+
+void wm8750_set_bclk_in(void *opaque, int new_hz)
+{
+ WM8750State *s = (WM8750State *) opaque;
+
+ s->ext_adc_hz = new_hz;
+ s->ext_dac_hz = new_hz;
+ wm8750_clk_update(s, 1);
+}
+
+static void wm8750_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ I2CSlaveClass *sc = I2C_SLAVE_CLASS(klass);
+
+ sc->init = wm8750_init;
+ sc->event = wm8750_event;
+ sc->recv = wm8750_rx;
+ sc->send = wm8750_tx;
+ dc->vmsd = &vmstate_wm8750;
+}
+
+static const TypeInfo wm8750_info = {
+ .name = "wm8750",
+ .parent = TYPE_I2C_SLAVE,
+ .instance_size = sizeof(WM8750State),
+ .class_init = wm8750_class_init,
+};
+
+static void wm8750_register_types(void)
+{
+ type_register_static(&wm8750_info);
+}
+
+type_init(wm8750_register_types)
diff --git a/hw/audiodev.h b/hw/audiodev.h
deleted file mode 100644
index ed2790f5f..000000000
--- a/hw/audiodev.h
+++ /dev/null
@@ -1,20 +0,0 @@
-/* es1370.c */
-int es1370_init(PCIBus *bus);
-
-/* sb16.c */
-int SB16_init(ISABus *bus);
-
-/* adlib.c */
-int Adlib_init(ISABus *bus);
-
-/* gus.c */
-int GUS_init(ISABus *bus);
-
-/* ac97.c */
-int ac97_init(PCIBus *bus);
-
-/* cs4231a.c */
-int cs4231a_init(ISABus *bus);
-
-/* intel-hda.c + hda-audio.c */
-int intel_hda_and_codec_init(PCIBus *bus);
diff --git a/hw/axis_dev88.c b/hw/axis_dev88.c
deleted file mode 100644
index aa1ac9e47..000000000
--- a/hw/axis_dev88.c
+++ /dev/null
@@ -1,365 +0,0 @@
-/*
- * QEMU model for the AXIS devboard 88.
- *
- * Copyright (c) 2009 Edgar E. Iglesias, Axis Communications AB.
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
- * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
- * THE SOFTWARE.
- */
-
-#include "sysbus.h"
-#include "net.h"
-#include "flash.h"
-#include "boards.h"
-#include "etraxfs.h"
-#include "loader.h"
-#include "elf.h"
-#include "cris-boot.h"
-#include "blockdev.h"
-#include "exec-memory.h"
-
-#define D(x)
-#define DNAND(x)
-
-struct nand_state_t
-{
- DeviceState *nand;
- MemoryRegion iomem;
- unsigned int rdy:1;
- unsigned int ale:1;
- unsigned int cle:1;
- unsigned int ce:1;
-};
-
-static struct nand_state_t nand_state;
-static uint64_t nand_read(void *opaque, hwaddr addr, unsigned size)
-{
- struct nand_state_t *s = opaque;
- uint32_t r;
- int rdy;
-
- r = nand_getio(s->nand);
- nand_getpins(s->nand, &rdy);
- s->rdy = rdy;
-
- DNAND(printf("%s addr=%x r=%x\n", __func__, addr, r));
- return r;
-}
-
-static void
-nand_write(void *opaque, hwaddr addr, uint64_t value,
- unsigned size)
-{
- struct nand_state_t *s = opaque;
- int rdy;
-
- DNAND(printf("%s addr=%x v=%x\n", __func__, addr, (unsigned)value));
- nand_setpins(s->nand, s->cle, s->ale, s->ce, 1, 0);
- nand_setio(s->nand, value);
- nand_getpins(s->nand, &rdy);
- s->rdy = rdy;
-}
-
-static const MemoryRegionOps nand_ops = {
- .read = nand_read,
- .write = nand_write,
- .endianness = DEVICE_NATIVE_ENDIAN,
-};
-
-struct tempsensor_t
-{
- unsigned int shiftreg;
- unsigned int count;
- enum {
- ST_OUT, ST_IN, ST_Z
- } state;
-
- uint16_t regs[3];
-};
-
-static void tempsensor_clkedge(struct tempsensor_t *s,
- unsigned int clk, unsigned int data_in)
-{
- D(printf("%s clk=%d state=%d sr=%x\n", __func__,
- clk, s->state, s->shiftreg));
- if (s->count == 0) {
- s->count = 16;
- s->state = ST_OUT;
- }
- switch (s->state) {
- case ST_OUT:
- /* Output reg is clocked at negedge. */
- if (!clk) {
- s->count--;
- s->shiftreg <<= 1;
- if (s->count == 0) {
- s->shiftreg = 0;
- s->state = ST_IN;
- s->count = 16;
- }
- }
- break;
- case ST_Z:
- if (clk) {
- s->count--;
- if (s->count == 0) {
- s->shiftreg = 0;
- s->state = ST_OUT;
- s->count = 16;
- }
- }
- break;
- case ST_IN:
- /* Indata is sampled at posedge. */
- if (clk) {
- s->count--;
- s->shiftreg <<= 1;
- s->shiftreg |= data_in & 1;
- if (s->count == 0) {
- D(printf("%s cfgreg=%x\n", __func__, s->shiftreg));
- s->regs[0] = s->shiftreg;
- s->state = ST_OUT;
- s->count = 16;
-
- if ((s->regs[0] & 0xff) == 0) {
- /* 25 degrees celcius. */
- s->shiftreg = 0x0b9f;
- } else if ((s->regs[0] & 0xff) == 0xff) {
- /* Sensor ID, 0x8100 LM70. */
- s->shiftreg = 0x8100;
- } else
- printf("Invalid tempsens state %x\n", s->regs[0]);
- }
- }
- break;
- }
-}
-
-
-#define RW_PA_DOUT 0x00
-#define R_PA_DIN 0x01
-#define RW_PA_OE 0x02
-#define RW_PD_DOUT 0x10
-#define R_PD_DIN 0x11
-#define RW_PD_OE 0x12
-
-static struct gpio_state_t
-{
- MemoryRegion iomem;
- struct nand_state_t *nand;
- struct tempsensor_t tempsensor;
- uint32_t regs[0x5c / 4];
-} gpio_state;
-
-static uint64_t gpio_read(void *opaque, hwaddr addr, unsigned size)
-{
- struct gpio_state_t *s = opaque;
- uint32_t r = 0;
-
- addr >>= 2;
- switch (addr)
- {
- case R_PA_DIN:
- r = s->regs[RW_PA_DOUT] & s->regs[RW_PA_OE];
-
- /* Encode pins from the nand. */
- r |= s->nand->rdy << 7;
- break;
- case R_PD_DIN:
- r = s->regs[RW_PD_DOUT] & s->regs[RW_PD_OE];
-
- /* Encode temp sensor pins. */
- r |= (!!(s->tempsensor.shiftreg & 0x10000)) << 4;
- break;
-
- default:
- r = s->regs[addr];
- break;
- }
- return r;
- D(printf("%s %x=%x\n", __func__, addr, r));
-}
-
-static void gpio_write(void *opaque, hwaddr addr, uint64_t value,
- unsigned size)
-{
- struct gpio_state_t *s = opaque;
- D(printf("%s %x=%x\n", __func__, addr, (unsigned)value));
-
- addr >>= 2;
- switch (addr)
- {
- case RW_PA_DOUT:
- /* Decode nand pins. */
- s->nand->ale = !!(value & (1 << 6));
- s->nand->cle = !!(value & (1 << 5));
- s->nand->ce = !!(value & (1 << 4));
-
- s->regs[addr] = value;
- break;
-
- case RW_PD_DOUT:
- /* Temp sensor clk. */
- if ((s->regs[addr] ^ value) & 2)
- tempsensor_clkedge(&s->tempsensor, !!(value & 2),
- !!(value & 16));
- s->regs[addr] = value;
- break;
-
- default:
- s->regs[addr] = value;
- break;
- }
-}
-
-static const MemoryRegionOps gpio_ops = {
- .read = gpio_read,
- .write = gpio_write,
- .endianness = DEVICE_NATIVE_ENDIAN,
- .valid = {
- .min_access_size = 4,
- .max_access_size = 4,
- },
-};
-
-#define INTMEM_SIZE (128 * 1024)
-
-static struct cris_load_info li;
-
-static
-void axisdev88_init(QEMUMachineInitArgs *args)
-{
- ram_addr_t ram_size = args->ram_size;
- const char *cpu_model = args->cpu_model;
- const char *kernel_filename = args->kernel_filename;
- const char *kernel_cmdline = args->kernel_cmdline;
- CRISCPU *cpu;
- CPUCRISState *env;
- DeviceState *dev;
- SysBusDevice *s;
- DriveInfo *nand;
- qemu_irq irq[30], nmi[2], *cpu_irq;
- void *etraxfs_dmac;
- struct etraxfs_dma_client *dma_eth;
- int i;
- MemoryRegion *address_space_mem = get_system_memory();
- MemoryRegion *phys_ram = g_new(MemoryRegion, 1);
- MemoryRegion *phys_intmem = g_new(MemoryRegion, 1);
-
- /* init CPUs */
- if (cpu_model == NULL) {
- cpu_model = "crisv32";
- }
- cpu = cpu_cris_init(cpu_model);
- env = &cpu->env;
-
- /* allocate RAM */
- memory_region_init_ram(phys_ram, "axisdev88.ram", ram_size);
- vmstate_register_ram_global(phys_ram);
- memory_region_add_subregion(address_space_mem, 0x40000000, phys_ram);
-
- /* The ETRAX-FS has 128Kb on chip ram, the docs refer to it as the
- internal memory. */
- memory_region_init_ram(phys_intmem, "axisdev88.chipram", INTMEM_SIZE);
- vmstate_register_ram_global(phys_intmem);
- memory_region_add_subregion(address_space_mem, 0x38000000, phys_intmem);
-
- /* Attach a NAND flash to CS1. */
- nand = drive_get(IF_MTD, 0, 0);
- nand_state.nand = nand_init(nand ? nand->bdrv : NULL,
- NAND_MFR_STMICRO, 0x39);
- memory_region_init_io(&nand_state.iomem, &nand_ops, &nand_state,
- "nand", 0x05000000);
- memory_region_add_subregion(address_space_mem, 0x10000000,
- &nand_state.iomem);
-
- gpio_state.nand = &nand_state;
- memory_region_init_io(&gpio_state.iomem, &gpio_ops, &gpio_state,
- "gpio", 0x5c);
- memory_region_add_subregion(address_space_mem, 0x3001a000,
- &gpio_state.iomem);
-
-
- cpu_irq = cris_pic_init_cpu(env);
- dev = qdev_create(NULL, "etraxfs,pic");
- /* FIXME: Is there a proper way to signal vectors to the CPU core? */
- qdev_prop_set_ptr(dev, "interrupt_vector", &env->interrupt_vector);
- qdev_init_nofail(dev);
- s = sysbus_from_qdev(dev);
- sysbus_mmio_map(s, 0, 0x3001c000);
- sysbus_connect_irq(s, 0, cpu_irq[0]);
- sysbus_connect_irq(s, 1, cpu_irq[1]);
- for (i = 0; i < 30; i++) {
- irq[i] = qdev_get_gpio_in(dev, i);
- }
- nmi[0] = qdev_get_gpio_in(dev, 30);
- nmi[1] = qdev_get_gpio_in(dev, 31);
-
- etraxfs_dmac = etraxfs_dmac_init(0x30000000, 10);
- for (i = 0; i < 10; i++) {
- /* On ETRAX, odd numbered channels are inputs. */
- etraxfs_dmac_connect(etraxfs_dmac, i, irq + 7 + i, i & 1);
- }
-
- /* Add the two ethernet blocks. */
- dma_eth = g_malloc0(sizeof dma_eth[0] * 4); /* Allocate 4 channels. */
- etraxfs_eth_init(&nd_table[0], 0x30034000, 1, &dma_eth[0], &dma_eth[1]);
- if (nb_nics > 1) {
- etraxfs_eth_init(&nd_table[1], 0x30036000, 2, &dma_eth[2], &dma_eth[3]);
- }
-
- /* The DMA Connector block is missing, hardwire things for now. */
- etraxfs_dmac_connect_client(etraxfs_dmac, 0, &dma_eth[0]);
- etraxfs_dmac_connect_client(etraxfs_dmac, 1, &dma_eth[1]);
- if (nb_nics > 1) {
- etraxfs_dmac_connect_client(etraxfs_dmac, 6, &dma_eth[2]);
- etraxfs_dmac_connect_client(etraxfs_dmac, 7, &dma_eth[3]);
- }
-
- /* 2 timers. */
- sysbus_create_varargs("etraxfs,timer", 0x3001e000, irq[0x1b], nmi[1], NULL);
- sysbus_create_varargs("etraxfs,timer", 0x3005e000, irq[0x1b], nmi[1], NULL);
-
- for (i = 0; i < 4; i++) {
- sysbus_create_simple("etraxfs,serial", 0x30026000 + i * 0x2000,
- irq[0x14 + i]);
- }
-
- if (!kernel_filename) {
- fprintf(stderr, "Kernel image must be specified\n");
- exit(1);
- }
-
- li.image_filename = kernel_filename;
- li.cmdline = kernel_cmdline;
- cris_load_image(cpu, &li);
-}
-
-static QEMUMachine axisdev88_machine = {
- .name = "axis-dev88",
- .desc = "AXIS devboard 88",
- .init = axisdev88_init,
- .is_default = 1,
-};
-
-static void axisdev88_machine_init(void)
-{
- qemu_register_machine(&axisdev88_machine);
-}
-
-machine_init(axisdev88_machine_init);
diff --git a/hw/baum.c b/hw/baum.c
deleted file mode 100644
index 3e94f84e5..000000000
--- a/hw/baum.c
+++ /dev/null
@@ -1,627 +0,0 @@
-/*
- * QEMU Baum Braille Device
- *
- * Copyright (c) 2008 Samuel Thibault
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
- * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
- * THE SOFTWARE.
- */
-#include "qemu-common.h"
-#include "qemu-char.h"
-#include "qemu-timer.h"
-#include "usb.h"
-#include "baum.h"
-#include <brlapi.h>
-#include <brlapi_constants.h>
-#include <brlapi_keycodes.h>
-#ifdef CONFIG_SDL
-#include <SDL_syswm.h>
-#endif
-
-#if 0
-#define DPRINTF(fmt, ...) \
- printf(fmt, ## __VA_ARGS__)
-#else
-#define DPRINTF(fmt, ...)
-#endif
-
-#define ESC 0x1B
-
-#define BAUM_REQ_DisplayData 0x01
-#define BAUM_REQ_GetVersionNumber 0x05
-#define BAUM_REQ_GetKeys 0x08
-#define BAUM_REQ_SetMode 0x12
-#define BAUM_REQ_SetProtocol 0x15
-#define BAUM_REQ_GetDeviceIdentity 0x84
-#define BAUM_REQ_GetSerialNumber 0x8A
-
-#define BAUM_RSP_CellCount 0x01
-#define BAUM_RSP_VersionNumber 0x05
-#define BAUM_RSP_ModeSetting 0x11
-#define BAUM_RSP_CommunicationChannel 0x16
-#define BAUM_RSP_PowerdownSignal 0x17
-#define BAUM_RSP_HorizontalSensors 0x20
-#define BAUM_RSP_VerticalSensors 0x21
-#define BAUM_RSP_RoutingKeys 0x22
-#define BAUM_RSP_Switches 0x23
-#define BAUM_RSP_TopKeys 0x24
-#define BAUM_RSP_HorizontalSensor 0x25
-#define BAUM_RSP_VerticalSensor 0x26
-#define BAUM_RSP_RoutingKey 0x27
-#define BAUM_RSP_FrontKeys6 0x28
-#define BAUM_RSP_BackKeys6 0x29
-#define BAUM_RSP_CommandKeys 0x2B
-#define BAUM_RSP_FrontKeys10 0x2C
-#define BAUM_RSP_BackKeys10 0x2D
-#define BAUM_RSP_EntryKeys 0x33
-#define BAUM_RSP_JoyStick 0x34
-#define BAUM_RSP_ErrorCode 0x40
-#define BAUM_RSP_InfoBlock 0x42
-#define BAUM_RSP_DeviceIdentity 0x84
-#define BAUM_RSP_SerialNumber 0x8A
-#define BAUM_RSP_BluetoothName 0x8C
-
-#define BAUM_TL1 0x01
-#define BAUM_TL2 0x02
-#define BAUM_TL3 0x04
-#define BAUM_TR1 0x08
-#define BAUM_TR2 0x10
-#define BAUM_TR3 0x20
-
-#define BUF_SIZE 256
-
-typedef struct {
- CharDriverState *chr;
-
- brlapi_handle_t *brlapi;
- int brlapi_fd;
- unsigned int x, y;
-
- uint8_t in_buf[BUF_SIZE];
- uint8_t in_buf_used;
- uint8_t out_buf[BUF_SIZE];
- uint8_t out_buf_used, out_buf_ptr;
-
- QEMUTimer *cellCount_timer;
-} BaumDriverState;
-
-/* Let's assume NABCC by default */
-static const uint8_t nabcc_translation[256] = {
- [0] = ' ',
-#ifndef BRLAPI_DOTS
-#define BRLAPI_DOTS(d1,d2,d3,d4,d5,d6,d7,d8) \
- ((d1?BRLAPI_DOT1:0)|\
- (d2?BRLAPI_DOT2:0)|\
- (d3?BRLAPI_DOT3:0)|\
- (d4?BRLAPI_DOT4:0)|\
- (d5?BRLAPI_DOT5:0)|\
- (d6?BRLAPI_DOT6:0)|\
- (d7?BRLAPI_DOT7:0)|\
- (d8?BRLAPI_DOT8:0))
-#endif
- [BRLAPI_DOTS(1,0,0,0,0,0,0,0)] = 'a',
- [BRLAPI_DOTS(1,1,0,0,0,0,0,0)] = 'b',
- [BRLAPI_DOTS(1,0,0,1,0,0,0,0)] = 'c',
- [BRLAPI_DOTS(1,0,0,1,1,0,0,0)] = 'd',
- [BRLAPI_DOTS(1,0,0,0,1,0,0,0)] = 'e',
- [BRLAPI_DOTS(1,1,0,1,0,0,0,0)] = 'f',
- [BRLAPI_DOTS(1,1,0,1,1,0,0,0)] = 'g',
- [BRLAPI_DOTS(1,1,0,0,1,0,0,0)] = 'h',
- [BRLAPI_DOTS(0,1,0,1,0,0,0,0)] = 'i',
- [BRLAPI_DOTS(0,1,0,1,1,0,0,0)] = 'j',
- [BRLAPI_DOTS(1,0,1,0,0,0,0,0)] = 'k',
- [BRLAPI_DOTS(1,1,1,0,0,0,0,0)] = 'l',
- [BRLAPI_DOTS(1,0,1,1,0,0,0,0)] = 'm',
- [BRLAPI_DOTS(1,0,1,1,1,0,0,0)] = 'n',
- [BRLAPI_DOTS(1,0,1,0,1,0,0,0)] = 'o',
- [BRLAPI_DOTS(1,1,1,1,0,0,0,0)] = 'p',
- [BRLAPI_DOTS(1,1,1,1,1,0,0,0)] = 'q',
- [BRLAPI_DOTS(1,1,1,0,1,0,0,0)] = 'r',
- [BRLAPI_DOTS(0,1,1,1,0,0,0,0)] = 's',
- [BRLAPI_DOTS(0,1,1,1,1,0,0,0)] = 't',
- [BRLAPI_DOTS(1,0,1,0,0,1,0,0)] = 'u',
- [BRLAPI_DOTS(1,1,1,0,0,1,0,0)] = 'v',
- [BRLAPI_DOTS(0,1,0,1,1,1,0,0)] = 'w',
- [BRLAPI_DOTS(1,0,1,1,0,1,0,0)] = 'x',
- [BRLAPI_DOTS(1,0,1,1,1,1,0,0)] = 'y',
- [BRLAPI_DOTS(1,0,1,0,1,1,0,0)] = 'z',
-
- [BRLAPI_DOTS(1,0,0,0,0,0,1,0)] = 'A',
- [BRLAPI_DOTS(1,1,0,0,0,0,1,0)] = 'B',
- [BRLAPI_DOTS(1,0,0,1,0,0,1,0)] = 'C',
- [BRLAPI_DOTS(1,0,0,1,1,0,1,0)] = 'D',
- [BRLAPI_DOTS(1,0,0,0,1,0,1,0)] = 'E',
- [BRLAPI_DOTS(1,1,0,1,0,0,1,0)] = 'F',
- [BRLAPI_DOTS(1,1,0,1,1,0,1,0)] = 'G',
- [BRLAPI_DOTS(1,1,0,0,1,0,1,0)] = 'H',
- [BRLAPI_DOTS(0,1,0,1,0,0,1,0)] = 'I',
- [BRLAPI_DOTS(0,1,0,1,1,0,1,0)] = 'J',
- [BRLAPI_DOTS(1,0,1,0,0,0,1,0)] = 'K',
- [BRLAPI_DOTS(1,1,1,0,0,0,1,0)] = 'L',
- [BRLAPI_DOTS(1,0,1,1,0,0,1,0)] = 'M',
- [BRLAPI_DOTS(1,0,1,1,1,0,1,0)] = 'N',
- [BRLAPI_DOTS(1,0,1,0,1,0,1,0)] = 'O',
- [BRLAPI_DOTS(1,1,1,1,0,0,1,0)] = 'P',
- [BRLAPI_DOTS(1,1,1,1,1,0,1,0)] = 'Q',
- [BRLAPI_DOTS(1,1,1,0,1,0,1,0)] = 'R',
- [BRLAPI_DOTS(0,1,1,1,0,0,1,0)] = 'S',
- [BRLAPI_DOTS(0,1,1,1,1,0,1,0)] = 'T',
- [BRLAPI_DOTS(1,0,1,0,0,1,1,0)] = 'U',
- [BRLAPI_DOTS(1,1,1,0,0,1,1,0)] = 'V',
- [BRLAPI_DOTS(0,1,0,1,1,1,1,0)] = 'W',
- [BRLAPI_DOTS(1,0,1,1,0,1,1,0)] = 'X',
- [BRLAPI_DOTS(1,0,1,1,1,1,1,0)] = 'Y',
- [BRLAPI_DOTS(1,0,1,0,1,1,1,0)] = 'Z',
-
- [BRLAPI_DOTS(0,0,1,0,1,1,0,0)] = '0',
- [BRLAPI_DOTS(0,1,0,0,0,0,0,0)] = '1',
- [BRLAPI_DOTS(0,1,1,0,0,0,0,0)] = '2',
- [BRLAPI_DOTS(0,1,0,0,1,0,0,0)] = '3',
- [BRLAPI_DOTS(0,1,0,0,1,1,0,0)] = '4',
- [BRLAPI_DOTS(0,1,0,0,0,1,0,0)] = '5',
- [BRLAPI_DOTS(0,1,1,0,1,0,0,0)] = '6',
- [BRLAPI_DOTS(0,1,1,0,1,1,0,0)] = '7',
- [BRLAPI_DOTS(0,1,1,0,0,1,0,0)] = '8',
- [BRLAPI_DOTS(0,0,1,0,1,0,0,0)] = '9',
-
- [BRLAPI_DOTS(0,0,0,1,0,1,0,0)] = '.',
- [BRLAPI_DOTS(0,0,1,1,0,1,0,0)] = '+',
- [BRLAPI_DOTS(0,0,1,0,0,1,0,0)] = '-',
- [BRLAPI_DOTS(1,0,0,0,0,1,0,0)] = '*',
- [BRLAPI_DOTS(0,0,1,1,0,0,0,0)] = '/',
- [BRLAPI_DOTS(1,1,1,0,1,1,0,0)] = '(',
- [BRLAPI_DOTS(0,1,1,1,1,1,0,0)] = ')',
-
- [BRLAPI_DOTS(1,1,1,1,0,1,0,0)] = '&',
- [BRLAPI_DOTS(0,0,1,1,1,1,0,0)] = '#',
-
- [BRLAPI_DOTS(0,0,0,0,0,1,0,0)] = ',',
- [BRLAPI_DOTS(0,0,0,0,1,1,0,0)] = ';',
- [BRLAPI_DOTS(1,0,0,0,1,1,0,0)] = ':',
- [BRLAPI_DOTS(0,1,1,1,0,1,0,0)] = '!',
- [BRLAPI_DOTS(1,0,0,1,1,1,0,0)] = '?',
- [BRLAPI_DOTS(0,0,0,0,1,0,0,0)] = '"',
- [BRLAPI_DOTS(0,0,1,0,0,0,0,0)] ='\'',
- [BRLAPI_DOTS(0,0,0,1,0,0,0,0)] = '`',
- [BRLAPI_DOTS(0,0,0,1,1,0,1,0)] = '^',
- [BRLAPI_DOTS(0,0,0,1,1,0,0,0)] = '~',
- [BRLAPI_DOTS(0,1,0,1,0,1,1,0)] = '[',
- [BRLAPI_DOTS(1,1,0,1,1,1,1,0)] = ']',
- [BRLAPI_DOTS(0,1,0,1,0,1,0,0)] = '{',
- [BRLAPI_DOTS(1,1,0,1,1,1,0,0)] = '}',
- [BRLAPI_DOTS(1,1,1,1,1,1,0,0)] = '=',
- [BRLAPI_DOTS(1,1,0,0,0,1,0,0)] = '<',
- [BRLAPI_DOTS(0,0,1,1,1,0,0,0)] = '>',
- [BRLAPI_DOTS(1,1,0,1,0,1,0,0)] = '$',
- [BRLAPI_DOTS(1,0,0,1,0,1,0,0)] = '%',
- [BRLAPI_DOTS(0,0,0,1,0,0,1,0)] = '@',
- [BRLAPI_DOTS(1,1,0,0,1,1,0,0)] = '|',
- [BRLAPI_DOTS(1,1,0,0,1,1,1,0)] ='\\',
- [BRLAPI_DOTS(0,0,0,1,1,1,0,0)] = '_',
-};
-
-/* The serial port can receive more of our data */
-static void baum_accept_input(struct CharDriverState *chr)
-{
- BaumDriverState *baum = chr->opaque;
- int room, first;
-
- if (!baum->out_buf_used)
- return;
- room = qemu_chr_be_can_write(chr);
- if (!room)
- return;
- if (room > baum->out_buf_used)
- room = baum->out_buf_used;
-
- first = BUF_SIZE - baum->out_buf_ptr;
- if (room > first) {
- qemu_chr_be_write(chr, baum->out_buf + baum->out_buf_ptr, first);
- baum->out_buf_ptr = 0;
- baum->out_buf_used -= first;
- room -= first;
- }
- qemu_chr_be_write(chr, baum->out_buf + baum->out_buf_ptr, room);
- baum->out_buf_ptr += room;
- baum->out_buf_used -= room;
-}
-
-/* We want to send a packet */
-static void baum_write_packet(BaumDriverState *baum, const uint8_t *buf, int len)
-{
- uint8_t io_buf[1 + 2 * len], *cur = io_buf;
- int room;
- *cur++ = ESC;
- while (len--)
- if ((*cur++ = *buf++) == ESC)
- *cur++ = ESC;
- room = qemu_chr_be_can_write(baum->chr);
- len = cur - io_buf;
- if (len <= room) {
- /* Fits */
- qemu_chr_be_write(baum->chr, io_buf, len);
- } else {
- int first;
- uint8_t out;
- /* Can't fit all, send what can be, and store the rest. */
- qemu_chr_be_write(baum->chr, io_buf, room);
- len -= room;
- cur = io_buf + room;
- if (len > BUF_SIZE - baum->out_buf_used) {
- /* Can't even store it, drop the previous data... */
- assert(len <= BUF_SIZE);
- baum->out_buf_used = 0;
- baum->out_buf_ptr = 0;
- }
- out = baum->out_buf_ptr;
- baum->out_buf_used += len;
- first = BUF_SIZE - baum->out_buf_ptr;
- if (len > first) {
- memcpy(baum->out_buf + out, cur, first);
- out = 0;
- len -= first;
- cur += first;
- }
- memcpy(baum->out_buf + out, cur, len);
- }
-}
-
-/* Called when the other end seems to have a wrong idea of our display size */
-static void baum_cellCount_timer_cb(void *opaque)
-{
- BaumDriverState *baum = opaque;
- uint8_t cell_count[] = { BAUM_RSP_CellCount, baum->x * baum->y };
- DPRINTF("Timeout waiting for DisplayData, sending cell count\n");
- baum_write_packet(baum, cell_count, sizeof(cell_count));
-}
-
-/* Try to interpret a whole incoming packet */
-static int baum_eat_packet(BaumDriverState *baum, const uint8_t *buf, int len)
-{
- const uint8_t *cur = buf;
- uint8_t req = 0;
-
- if (!len--)
- return 0;
- if (*cur++ != ESC) {
- while (*cur != ESC) {
- if (!len--)
- return 0;
- cur++;
- }
- DPRINTF("Dropped %d bytes!\n", cur - buf);
- }
-
-#define EAT(c) do {\
- if (!len--) \
- return 0; \
- if ((c = *cur++) == ESC) { \
- if (!len--) \
- return 0; \
- if (*cur++ != ESC) { \
- DPRINTF("Broken packet %#2x, tossing\n", req); \
- if (qemu_timer_pending(baum->cellCount_timer)) { \
- qemu_del_timer(baum->cellCount_timer); \
- baum_cellCount_timer_cb(baum); \
- } \
- return (cur - 2 - buf); \
- } \
- } \
-} while (0)
-
- EAT(req);
- switch (req) {
- case BAUM_REQ_DisplayData:
- {
- uint8_t cells[baum->x * baum->y], c;
- uint8_t text[baum->x * baum->y];
- uint8_t zero[baum->x * baum->y];
- int cursor = BRLAPI_CURSOR_OFF;
- int i;
-
- /* Allow 100ms to complete the DisplayData packet */
- qemu_mod_timer(baum->cellCount_timer, qemu_get_clock_ns(vm_clock) +
- get_ticks_per_sec() / 10);
- for (i = 0; i < baum->x * baum->y ; i++) {
- EAT(c);
- cells[i] = c;
- if ((c & (BRLAPI_DOT7|BRLAPI_DOT8))
- == (BRLAPI_DOT7|BRLAPI_DOT8)) {
- cursor = i + 1;
- c &= ~(BRLAPI_DOT7|BRLAPI_DOT8);
- }
- if (!(c = nabcc_translation[c]))
- c = '?';
- text[i] = c;
- }
- qemu_del_timer(baum->cellCount_timer);
-
- memset(zero, 0, sizeof(zero));
-
- brlapi_writeArguments_t wa = {
- .displayNumber = BRLAPI_DISPLAY_DEFAULT,
- .regionBegin = 1,
- .regionSize = baum->x * baum->y,
- .text = (char *)text,
- .textSize = baum->x * baum->y,
- .andMask = zero,
- .orMask = cells,
- .cursor = cursor,
- .charset = (char *)"ISO-8859-1",
- };
-
- if (brlapi__write(baum->brlapi, &wa) == -1)
- brlapi_perror("baum brlapi_write");
- break;
- }
- case BAUM_REQ_SetMode:
- {
- uint8_t mode, setting;
- DPRINTF("SetMode\n");
- EAT(mode);
- EAT(setting);
- /* ignore */
- break;
- }
- case BAUM_REQ_SetProtocol:
- {
- uint8_t protocol;
- DPRINTF("SetProtocol\n");
- EAT(protocol);
- /* ignore */
- break;
- }
- case BAUM_REQ_GetDeviceIdentity:
- {
- uint8_t identity[17] = { BAUM_RSP_DeviceIdentity,
- 'B','a','u','m',' ','V','a','r','i','o' };
- DPRINTF("GetDeviceIdentity\n");
- identity[11] = '0' + baum->x / 10;
- identity[12] = '0' + baum->x % 10;
- baum_write_packet(baum, identity, sizeof(identity));
- break;
- }
- case BAUM_REQ_GetVersionNumber:
- {
- uint8_t version[] = { BAUM_RSP_VersionNumber, 1 }; /* ? */
- DPRINTF("GetVersionNumber\n");
- baum_write_packet(baum, version, sizeof(version));
- break;
- }
- case BAUM_REQ_GetSerialNumber:
- {
- uint8_t serial[] = { BAUM_RSP_SerialNumber,
- '0','0','0','0','0','0','0','0' };
- DPRINTF("GetSerialNumber\n");
- baum_write_packet(baum, serial, sizeof(serial));
- break;
- }
- case BAUM_REQ_GetKeys:
- {
- DPRINTF("Get%0#2x\n", req);
- /* ignore */
- break;
- }
- default:
- DPRINTF("unrecognized request %0#2x\n", req);
- do
- if (!len--)
- return 0;
- while (*cur++ != ESC);
- cur--;
- break;
- }
- return cur - buf;
-}
-
-/* The other end is writing some data. Store it and try to interpret */
-static int baum_write(CharDriverState *chr, const uint8_t *buf, int len)
-{
- BaumDriverState *baum = chr->opaque;
- int tocopy, cur, eaten, orig_len = len;
-
- if (!len)
- return 0;
- if (!baum->brlapi)
- return len;
-
- while (len) {
- /* Complete our buffer as much as possible */
- tocopy = len;
- if (tocopy > BUF_SIZE - baum->in_buf_used)
- tocopy = BUF_SIZE - baum->in_buf_used;
-
- memcpy(baum->in_buf + baum->in_buf_used, buf, tocopy);
- baum->in_buf_used += tocopy;
- buf += tocopy;
- len -= tocopy;
-
- /* Interpret it as much as possible */
- cur = 0;
- while (cur < baum->in_buf_used &&
- (eaten = baum_eat_packet(baum, baum->in_buf + cur, baum->in_buf_used - cur)))
- cur += eaten;
-
- /* Shift the remainder */
- if (cur) {
- memmove(baum->in_buf, baum->in_buf + cur, baum->in_buf_used - cur);
- baum->in_buf_used -= cur;
- }
-
- /* And continue if any data left */
- }
- return orig_len;
-}
-
-/* Send the key code to the other end */
-static void baum_send_key(BaumDriverState *baum, uint8_t type, uint8_t value) {
- uint8_t packet[] = { type, value };
- DPRINTF("writing key %x %x\n", type, value);
- baum_write_packet(baum, packet, sizeof(packet));
-}
-
-/* We got some data on the BrlAPI socket */
-static void baum_chr_read(void *opaque)
-{
- BaumDriverState *baum = opaque;
- brlapi_keyCode_t code;
- int ret;
- if (!baum->brlapi)
- return;
- while ((ret = brlapi__readKey(baum->brlapi, 0, &code)) == 1) {
- DPRINTF("got key %"BRLAPI_PRIxKEYCODE"\n", code);
- /* Emulate */
- switch (code & BRLAPI_KEY_TYPE_MASK) {
- case BRLAPI_KEY_TYPE_CMD:
- switch (code & BRLAPI_KEY_CMD_BLK_MASK) {
- case BRLAPI_KEY_CMD_ROUTE:
- baum_send_key(baum, BAUM_RSP_RoutingKey, (code & BRLAPI_KEY_CMD_ARG_MASK)+1);
- baum_send_key(baum, BAUM_RSP_RoutingKey, 0);
- break;
- case 0:
- switch (code & BRLAPI_KEY_CMD_ARG_MASK) {
- case BRLAPI_KEY_CMD_FWINLT:
- baum_send_key(baum, BAUM_RSP_TopKeys, BAUM_TL2);
- baum_send_key(baum, BAUM_RSP_TopKeys, 0);
- break;
- case BRLAPI_KEY_CMD_FWINRT:
- baum_send_key(baum, BAUM_RSP_TopKeys, BAUM_TR2);
- baum_send_key(baum, BAUM_RSP_TopKeys, 0);
- break;
- case BRLAPI_KEY_CMD_LNUP:
- baum_send_key(baum, BAUM_RSP_TopKeys, BAUM_TR1);
- baum_send_key(baum, BAUM_RSP_TopKeys, 0);
- break;
- case BRLAPI_KEY_CMD_LNDN:
- baum_send_key(baum, BAUM_RSP_TopKeys, BAUM_TR3);
- baum_send_key(baum, BAUM_RSP_TopKeys, 0);
- break;
- case BRLAPI_KEY_CMD_TOP:
- baum_send_key(baum, BAUM_RSP_TopKeys, BAUM_TL1|BAUM_TR1);
- baum_send_key(baum, BAUM_RSP_TopKeys, 0);
- break;
- case BRLAPI_KEY_CMD_BOT:
- baum_send_key(baum, BAUM_RSP_TopKeys, BAUM_TL3|BAUM_TR3);
- baum_send_key(baum, BAUM_RSP_TopKeys, 0);
- break;
- case BRLAPI_KEY_CMD_TOP_LEFT:
- baum_send_key(baum, BAUM_RSP_TopKeys, BAUM_TL2|BAUM_TR1);
- baum_send_key(baum, BAUM_RSP_TopKeys, 0);
- break;
- case BRLAPI_KEY_CMD_BOT_LEFT:
- baum_send_key(baum, BAUM_RSP_TopKeys, BAUM_TL2|BAUM_TR3);
- baum_send_key(baum, BAUM_RSP_TopKeys, 0);
- break;
- case BRLAPI_KEY_CMD_HOME:
- baum_send_key(baum, BAUM_RSP_TopKeys, BAUM_TL2|BAUM_TR1|BAUM_TR3);
- baum_send_key(baum, BAUM_RSP_TopKeys, 0);
- break;
- case BRLAPI_KEY_CMD_PREFMENU:
- baum_send_key(baum, BAUM_RSP_TopKeys, BAUM_TL1|BAUM_TL3|BAUM_TR1);
- baum_send_key(baum, BAUM_RSP_TopKeys, 0);
- break;
- }
- }
- break;
- case BRLAPI_KEY_TYPE_SYM:
- break;
- }
- }
- if (ret == -1 && (brlapi_errno != BRLAPI_ERROR_LIBCERR || errno != EINTR)) {
- brlapi_perror("baum: brlapi_readKey");
- brlapi__closeConnection(baum->brlapi);
- g_free(baum->brlapi);
- baum->brlapi = NULL;
- }
-}
-
-static void baum_close(struct CharDriverState *chr)
-{
- BaumDriverState *baum = chr->opaque;
-
- qemu_free_timer(baum->cellCount_timer);
- if (baum->brlapi) {
- brlapi__closeConnection(baum->brlapi);
- g_free(baum->brlapi);
- }
- g_free(baum);
-}
-
-CharDriverState *chr_baum_init(QemuOpts *opts)
-{
- BaumDriverState *baum;
- CharDriverState *chr;
- brlapi_handle_t *handle;
-#ifdef CONFIG_SDL
- SDL_SysWMinfo info;
-#endif
- int tty;
-
- baum = g_malloc0(sizeof(BaumDriverState));
- baum->chr = chr = g_malloc0(sizeof(CharDriverState));
-
- chr->opaque = baum;
- chr->chr_write = baum_write;
- chr->chr_accept_input = baum_accept_input;
- chr->chr_close = baum_close;
-
- handle = g_malloc0(brlapi_getHandleSize());
- baum->brlapi = handle;
-
- baum->brlapi_fd = brlapi__openConnection(handle, NULL, NULL);
- if (baum->brlapi_fd == -1) {
- brlapi_perror("baum_init: brlapi_openConnection");
- goto fail_handle;
- }
-
- baum->cellCount_timer = qemu_new_timer_ns(vm_clock, baum_cellCount_timer_cb, baum);
-
- if (brlapi__getDisplaySize(handle, &baum->x, &baum->y) == -1) {
- brlapi_perror("baum_init: brlapi_getDisplaySize");
- goto fail;
- }
-
-#ifdef CONFIG_SDL
- memset(&info, 0, sizeof(info));
- SDL_VERSION(&info.version);
- if (SDL_GetWMInfo(&info))
- tty = info.info.x11.wmwindow;
- else
-#endif
- tty = BRLAPI_TTY_DEFAULT;
-
- if (brlapi__enterTtyMode(handle, tty, NULL) == -1) {
- brlapi_perror("baum_init: brlapi_enterTtyMode");
- goto fail;
- }
-
- qemu_set_fd_handler(baum->brlapi_fd, baum_chr_read, NULL, baum);
-
- qemu_chr_generic_open(chr);
-
- return chr;
-
-fail:
- qemu_free_timer(baum->cellCount_timer);
- brlapi__closeConnection(handle);
-fail_handle:
- g_free(handle);
- g_free(chr);
- g_free(baum);
- return NULL;
-}
diff --git a/hw/baum.h b/hw/baum.h
deleted file mode 100644
index 8af710fa2..000000000
--- a/hw/baum.h
+++ /dev/null
@@ -1,26 +0,0 @@
-/*
- * QEMU Baum
- *
- * Copyright (c) 2008 Samuel Thibault
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
- * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
- * THE SOFTWARE.
- */
-
-/* char device */
-CharDriverState *chr_baum_init(QemuOpts *opts);
diff --git a/hw/bitbang_i2c.c b/hw/bitbang_i2c.c
deleted file mode 100644
index 44ed7f4d6..000000000
--- a/hw/bitbang_i2c.c
+++ /dev/null
@@ -1,245 +0,0 @@
-/*
- * Bit-Bang i2c emulation extracted from
- * Marvell MV88W8618 / Freecom MusicPal emulation.
- *
- * Copyright (c) 2008 Jan Kiszka
- *
- * This code is licensed under the GNU GPL v2.
- *
- * Contributions after 2012-01-13 are licensed under the terms of the
- * GNU GPL, version 2 or (at your option) any later version.
- */
-#include "hw.h"
-#include "bitbang_i2c.h"
-#include "sysbus.h"
-
-//#define DEBUG_BITBANG_I2C
-
-#ifdef DEBUG_BITBANG_I2C
-#define DPRINTF(fmt, ...) \
-do { printf("bitbang_i2c: " fmt , ## __VA_ARGS__); } while (0)
-#else
-#define DPRINTF(fmt, ...) do {} while(0)
-#endif
-
-typedef enum bitbang_i2c_state {
- STOPPED = 0,
- SENDING_BIT7,
- SENDING_BIT6,
- SENDING_BIT5,
- SENDING_BIT4,
- SENDING_BIT3,
- SENDING_BIT2,
- SENDING_BIT1,
- SENDING_BIT0,
- WAITING_FOR_ACK,
- RECEIVING_BIT7,
- RECEIVING_BIT6,
- RECEIVING_BIT5,
- RECEIVING_BIT4,
- RECEIVING_BIT3,
- RECEIVING_BIT2,
- RECEIVING_BIT1,
- RECEIVING_BIT0,
- SENDING_ACK,
- SENT_NACK
-} bitbang_i2c_state;
-
-struct bitbang_i2c_interface {
- i2c_bus *bus;
- bitbang_i2c_state state;
- int last_data;
- int last_clock;
- int device_out;
- uint8_t buffer;
- int current_addr;
-};
-
-static void bitbang_i2c_enter_stop(bitbang_i2c_interface *i2c)
-{
- DPRINTF("STOP\n");
- if (i2c->current_addr >= 0)
- i2c_end_transfer(i2c->bus);
- i2c->current_addr = -1;
- i2c->state = STOPPED;
-}
-
-/* Set device data pin. */
-static int bitbang_i2c_ret(bitbang_i2c_interface *i2c, int level)
-{
- i2c->device_out = level;
- //DPRINTF("%d %d %d\n", i2c->last_clock, i2c->last_data, i2c->device_out);
- return level & i2c->last_data;
-}
-
-/* Leave device data pin unodified. */
-static int bitbang_i2c_nop(bitbang_i2c_interface *i2c)
-{
- return bitbang_i2c_ret(i2c, i2c->device_out);
-}
-
-/* Returns data line level. */
-int bitbang_i2c_set(bitbang_i2c_interface *i2c, int line, int level)
-{
- int data;
-
- if (level != 0 && level != 1) {
- abort();
- }
-
- if (line == BITBANG_I2C_SDA) {
- if (level == i2c->last_data) {
- return bitbang_i2c_nop(i2c);
- }
- i2c->last_data = level;
- if (i2c->last_clock == 0) {
- return bitbang_i2c_nop(i2c);
- }
- if (level == 0) {
- DPRINTF("START\n");
- /* START condition. */
- i2c->state = SENDING_BIT7;
- i2c->current_addr = -1;
- } else {
- /* STOP condition. */
- bitbang_i2c_enter_stop(i2c);
- }
- return bitbang_i2c_ret(i2c, 1);
- }
-
- data = i2c->last_data;
- if (i2c->last_clock == level) {
- return bitbang_i2c_nop(i2c);
- }
- i2c->last_clock = level;
- if (level == 0) {
- /* State is set/read at the start of the clock pulse.
- release the data line at the end. */
- return bitbang_i2c_ret(i2c, 1);
- }
- switch (i2c->state) {
- case STOPPED:
- case SENT_NACK:
- return bitbang_i2c_ret(i2c, 1);
-
- case SENDING_BIT7 ... SENDING_BIT0:
- i2c->buffer = (i2c->buffer << 1) | data;
- /* will end up in WAITING_FOR_ACK */
- i2c->state++;
- return bitbang_i2c_ret(i2c, 1);
-
- case WAITING_FOR_ACK:
- if (i2c->current_addr < 0) {
- i2c->current_addr = i2c->buffer;
- DPRINTF("Address 0x%02x\n", i2c->current_addr);
- i2c_start_transfer(i2c->bus, i2c->current_addr >> 1,
- i2c->current_addr & 1);
- } else {
- DPRINTF("Sent 0x%02x\n", i2c->buffer);
- i2c_send(i2c->bus, i2c->buffer);
- }
- if (i2c->current_addr & 1) {
- i2c->state = RECEIVING_BIT7;
- } else {
- i2c->state = SENDING_BIT7;
- }
- return bitbang_i2c_ret(i2c, 0);
-
- case RECEIVING_BIT7:
- i2c->buffer = i2c_recv(i2c->bus);
- DPRINTF("RX byte 0x%02x\n", i2c->buffer);
- /* Fall through... */
- case RECEIVING_BIT6 ... RECEIVING_BIT0:
- data = i2c->buffer >> 7;
- /* will end up in SENDING_ACK */
- i2c->state++;
- i2c->buffer <<= 1;
- return bitbang_i2c_ret(i2c, data);
-
- case SENDING_ACK:
- i2c->state = RECEIVING_BIT7;
- if (data != 0) {
- DPRINTF("NACKED\n");
- i2c->state = SENT_NACK;
- i2c_nack(i2c->bus);
- } else {
- DPRINTF("ACKED\n");
- }
- return bitbang_i2c_ret(i2c, 1);
- }
- abort();
-}
-
-bitbang_i2c_interface *bitbang_i2c_init(i2c_bus *bus)
-{
- bitbang_i2c_interface *s;
-
- s = g_malloc0(sizeof(bitbang_i2c_interface));
-
- s->bus = bus;
- s->last_data = 1;
- s->last_clock = 1;
- s->device_out = 1;
-
- return s;
-}
-
-/* GPIO interface. */
-typedef struct {
- SysBusDevice busdev;
- MemoryRegion dummy_iomem;
- bitbang_i2c_interface *bitbang;
- int last_level;
- qemu_irq out;
-} GPIOI2CState;
-
-static void bitbang_i2c_gpio_set(void *opaque, int irq, int level)
-{
- GPIOI2CState *s = opaque;
-
- level = bitbang_i2c_set(s->bitbang, irq, level);
- if (level != s->last_level) {
- s->last_level = level;
- qemu_set_irq(s->out, level);
- }
-}
-
-static int gpio_i2c_init(SysBusDevice *dev)
-{
- GPIOI2CState *s = FROM_SYSBUS(GPIOI2CState, dev);
- i2c_bus *bus;
-
- memory_region_init(&s->dummy_iomem, "gpio_i2c", 0);
- sysbus_init_mmio(dev, &s->dummy_iomem);
-
- bus = i2c_init_bus(&dev->qdev, "i2c");
- s->bitbang = bitbang_i2c_init(bus);
-
- qdev_init_gpio_in(&dev->qdev, bitbang_i2c_gpio_set, 2);
- qdev_init_gpio_out(&dev->qdev, &s->out, 1);
-
- return 0;
-}
-
-static void gpio_i2c_class_init(ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS(klass);
- SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
-
- k->init = gpio_i2c_init;
- dc->desc = "Virtual GPIO to I2C bridge";
-}
-
-static TypeInfo gpio_i2c_info = {
- .name = "gpio_i2c",
- .parent = TYPE_SYS_BUS_DEVICE,
- .instance_size = sizeof(GPIOI2CState),
- .class_init = gpio_i2c_class_init,
-};
-
-static void bitbang_i2c_register_types(void)
-{
- type_register_static(&gpio_i2c_info);
-}
-
-type_init(bitbang_i2c_register_types)
diff --git a/hw/bitbang_i2c.h b/hw/bitbang_i2c.h
deleted file mode 100644
index 519d2dc22..000000000
--- a/hw/bitbang_i2c.h
+++ /dev/null
@@ -1,14 +0,0 @@
-#ifndef BITBANG_I2C_H
-#define BITBANG_I2C_H
-
-#include "i2c.h"
-
-typedef struct bitbang_i2c_interface bitbang_i2c_interface;
-
-#define BITBANG_I2C_SDA 0
-#define BITBANG_I2C_SCL 1
-
-bitbang_i2c_interface *bitbang_i2c_init(i2c_bus *bus);
-int bitbang_i2c_set(bitbang_i2c_interface *i2c, int line, int level);
-
-#endif
diff --git a/hw/blizzard.c b/hw/blizzard.c
deleted file mode 100644
index 1b57eb539..000000000
--- a/hw/blizzard.c
+++ /dev/null
@@ -1,997 +0,0 @@
-/*
- * Epson S1D13744/S1D13745 (Blizzard/Hailstorm/Tornado) LCD/TV controller.
- *
- * Copyright (C) 2008 Nokia Corporation
- * Written by Andrzej Zaborowski <andrew@openedhand.com>
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License as
- * published by the Free Software Foundation; either version 2 or
- * (at your option) version 3 of the License.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, see <http://www.gnu.org/licenses/>.
- */
-
-#include "qemu-common.h"
-#include "console.h"
-#include "devices.h"
-#include "vga_int.h"
-#include "pixel_ops.h"
-
-typedef void (*blizzard_fn_t)(uint8_t *, const uint8_t *, unsigned int);
-
-typedef struct {
- uint8_t reg;
- uint32_t addr;
- int swallow;
-
- int pll;
- int pll_range;
- int pll_ctrl;
- uint8_t pll_mode;
- uint8_t clksel;
- int memenable;
- int memrefresh;
- uint8_t timing[3];
- int priority;
-
- uint8_t lcd_config;
- int x;
- int y;
- int skipx;
- int skipy;
- uint8_t hndp;
- uint8_t vndp;
- uint8_t hsync;
- uint8_t vsync;
- uint8_t pclk;
- uint8_t u;
- uint8_t v;
- uint8_t yrc[2];
- int ix[2];
- int iy[2];
- int ox[2];
- int oy[2];
-
- int enable;
- int blank;
- int bpp;
- int invalidate;
- int mx[2];
- int my[2];
- uint8_t mode;
- uint8_t effect;
- uint8_t iformat;
- uint8_t source;
- DisplayState *state;
- blizzard_fn_t *line_fn_tab[2];
- void *fb;
-
- uint8_t hssi_config[3];
- uint8_t tv_config;
- uint8_t tv_timing[4];
- uint8_t vbi;
- uint8_t tv_x;
- uint8_t tv_y;
- uint8_t tv_test;
- uint8_t tv_filter_config;
- uint8_t tv_filter_idx;
- uint8_t tv_filter_coeff[0x20];
- uint8_t border_r;
- uint8_t border_g;
- uint8_t border_b;
- uint8_t gamma_config;
- uint8_t gamma_idx;
- uint8_t gamma_lut[0x100];
- uint8_t matrix_ena;
- uint8_t matrix_coeff[0x12];
- uint8_t matrix_r;
- uint8_t matrix_g;
- uint8_t matrix_b;
- uint8_t pm;
- uint8_t status;
- uint8_t rgbgpio_dir;
- uint8_t rgbgpio;
- uint8_t gpio_dir;
- uint8_t gpio;
- uint8_t gpio_edge[2];
- uint8_t gpio_irq;
- uint8_t gpio_pdown;
-
- struct {
- int x;
- int y;
- int dx;
- int dy;
- int len;
- int buflen;
- void *buf;
- void *data;
- uint16_t *ptr;
- int angle;
- int pitch;
- blizzard_fn_t line_fn;
- } data;
-} BlizzardState;
-
-/* Bytes(!) per pixel */
-static const int blizzard_iformat_bpp[0x10] = {
- 0,
- 2, /* RGB 5:6:5*/
- 3, /* RGB 6:6:6 mode 1 */
- 3, /* RGB 8:8:8 mode 1 */
- 0, 0,
- 4, /* RGB 6:6:6 mode 2 */
- 4, /* RGB 8:8:8 mode 2 */
- 0, /* YUV 4:2:2 */
- 0, /* YUV 4:2:0 */
- 0, 0, 0, 0, 0, 0,
-};
-
-static inline void blizzard_rgb2yuv(int r, int g, int b,
- int *y, int *u, int *v)
-{
- *y = 0x10 + ((0x838 * r + 0x1022 * g + 0x322 * b) >> 13);
- *u = 0x80 + ((0xe0e * b - 0x04c1 * r - 0x94e * g) >> 13);
- *v = 0x80 + ((0xe0e * r - 0x0bc7 * g - 0x247 * b) >> 13);
-}
-
-static void blizzard_window(BlizzardState *s)
-{
- uint8_t *src, *dst;
- int bypp[2];
- int bypl[3];
- int y;
- blizzard_fn_t fn = s->data.line_fn;
-
- if (!fn)
- return;
- if (s->mx[0] > s->data.x)
- s->mx[0] = s->data.x;
- if (s->my[0] > s->data.y)
- s->my[0] = s->data.y;
- if (s->mx[1] < s->data.x + s->data.dx)
- s->mx[1] = s->data.x + s->data.dx;
- if (s->my[1] < s->data.y + s->data.dy)
- s->my[1] = s->data.y + s->data.dy;
-
- bypp[0] = s->bpp;
- bypp[1] = (ds_get_bits_per_pixel(s->state) + 7) >> 3;
- bypl[0] = bypp[0] * s->data.pitch;
- bypl[1] = bypp[1] * s->x;
- bypl[2] = bypp[0] * s->data.dx;
-
- src = s->data.data;
- dst = s->fb + bypl[1] * s->data.y + bypp[1] * s->data.x;
- for (y = s->data.dy; y > 0; y --, src += bypl[0], dst += bypl[1])
- fn(dst, src, bypl[2]);
-}
-
-static int blizzard_transfer_setup(BlizzardState *s)
-{
- if (s->source > 3 || !s->bpp ||
- s->ix[1] < s->ix[0] || s->iy[1] < s->iy[0])
- return 0;
-
- s->data.angle = s->effect & 3;
- s->data.line_fn = s->line_fn_tab[!!s->data.angle][s->iformat];
- s->data.x = s->ix[0];
- s->data.y = s->iy[0];
- s->data.dx = s->ix[1] - s->ix[0] + 1;
- s->data.dy = s->iy[1] - s->iy[0] + 1;
- s->data.len = s->bpp * s->data.dx * s->data.dy;
- s->data.pitch = s->data.dx;
- if (s->data.len > s->data.buflen) {
- s->data.buf = g_realloc(s->data.buf, s->data.len);
- s->data.buflen = s->data.len;
- }
- s->data.ptr = s->data.buf;
- s->data.data = s->data.buf;
- s->data.len /= 2;
- return 1;
-}
-
-static void blizzard_reset(BlizzardState *s)
-{
- s->reg = 0;
- s->swallow = 0;
-
- s->pll = 9;
- s->pll_range = 1;
- s->pll_ctrl = 0x14;
- s->pll_mode = 0x32;
- s->clksel = 0x00;
- s->memenable = 0;
- s->memrefresh = 0x25c;
- s->timing[0] = 0x3f;
- s->timing[1] = 0x13;
- s->timing[2] = 0x21;
- s->priority = 0;
-
- s->lcd_config = 0x74;
- s->x = 8;
- s->y = 1;
- s->skipx = 0;
- s->skipy = 0;
- s->hndp = 3;
- s->vndp = 2;
- s->hsync = 1;
- s->vsync = 1;
- s->pclk = 0x80;
-
- s->ix[0] = 0;
- s->ix[1] = 0;
- s->iy[0] = 0;
- s->iy[1] = 0;
- s->ox[0] = 0;
- s->ox[1] = 0;
- s->oy[0] = 0;
- s->oy[1] = 0;
-
- s->yrc[0] = 0x00;
- s->yrc[1] = 0x30;
- s->u = 0;
- s->v = 0;
-
- s->iformat = 3;
- s->source = 0;
- s->bpp = blizzard_iformat_bpp[s->iformat];
-
- s->hssi_config[0] = 0x00;
- s->hssi_config[1] = 0x00;
- s->hssi_config[2] = 0x01;
- s->tv_config = 0x00;
- s->tv_timing[0] = 0x00;
- s->tv_timing[1] = 0x00;
- s->tv_timing[2] = 0x00;
- s->tv_timing[3] = 0x00;
- s->vbi = 0x10;
- s->tv_x = 0x14;
- s->tv_y = 0x03;
- s->tv_test = 0x00;
- s->tv_filter_config = 0x80;
- s->tv_filter_idx = 0x00;
- s->border_r = 0x10;
- s->border_g = 0x80;
- s->border_b = 0x80;
- s->gamma_config = 0x00;
- s->gamma_idx = 0x00;
- s->matrix_ena = 0x00;
- memset(&s->matrix_coeff, 0, sizeof(s->matrix_coeff));
- s->matrix_r = 0x00;
- s->matrix_g = 0x00;
- s->matrix_b = 0x00;
- s->pm = 0x02;
- s->status = 0x00;
- s->rgbgpio_dir = 0x00;
- s->gpio_dir = 0x00;
- s->gpio_edge[0] = 0x00;
- s->gpio_edge[1] = 0x00;
- s->gpio_irq = 0x00;
- s->gpio_pdown = 0xff;
-}
-
-static inline void blizzard_invalidate_display(void *opaque) {
- BlizzardState *s = (BlizzardState *) opaque;
-
- s->invalidate = 1;
-}
-
-static uint16_t blizzard_reg_read(void *opaque, uint8_t reg)
-{
- BlizzardState *s = (BlizzardState *) opaque;
-
- switch (reg) {
- case 0x00: /* Revision Code */
- return 0xa5;
-
- case 0x02: /* Configuration Readback */
- return 0x83; /* Macrovision OK, CNF[2:0] = 3 */
-
- case 0x04: /* PLL M-Divider */
- return (s->pll - 1) | (1 << 7);
- case 0x06: /* PLL Lock Range Control */
- return s->pll_range;
- case 0x08: /* PLL Lock Synthesis Control 0 */
- return s->pll_ctrl & 0xff;
- case 0x0a: /* PLL Lock Synthesis Control 1 */
- return s->pll_ctrl >> 8;
- case 0x0c: /* PLL Mode Control 0 */
- return s->pll_mode;
-
- case 0x0e: /* Clock-Source Select */
- return s->clksel;
-
- case 0x10: /* Memory Controller Activate */
- case 0x14: /* Memory Controller Bank 0 Status Flag */
- return s->memenable;
-
- case 0x18: /* Auto-Refresh Interval Setting 0 */
- return s->memrefresh & 0xff;
- case 0x1a: /* Auto-Refresh Interval Setting 1 */
- return s->memrefresh >> 8;
-
- case 0x1c: /* Power-On Sequence Timing Control */
- return s->timing[0];
- case 0x1e: /* Timing Control 0 */
- return s->timing[1];
- case 0x20: /* Timing Control 1 */
- return s->timing[2];
-
- case 0x24: /* Arbitration Priority Control */
- return s->priority;
-
- case 0x28: /* LCD Panel Configuration */
- return s->lcd_config;
-
- case 0x2a: /* LCD Horizontal Display Width */
- return s->x >> 3;
- case 0x2c: /* LCD Horizontal Non-display Period */
- return s->hndp;
- case 0x2e: /* LCD Vertical Display Height 0 */
- return s->y & 0xff;
- case 0x30: /* LCD Vertical Display Height 1 */
- return s->y >> 8;
- case 0x32: /* LCD Vertical Non-display Period */
- return s->vndp;
- case 0x34: /* LCD HS Pulse-width */
- return s->hsync;
- case 0x36: /* LCd HS Pulse Start Position */
- return s->skipx >> 3;
- case 0x38: /* LCD VS Pulse-width */
- return s->vsync;
- case 0x3a: /* LCD VS Pulse Start Position */
- return s->skipy;
-
- case 0x3c: /* PCLK Polarity */
- return s->pclk;
-
- case 0x3e: /* High-speed Serial Interface Tx Configuration Port 0 */
- return s->hssi_config[0];
- case 0x40: /* High-speed Serial Interface Tx Configuration Port 1 */
- return s->hssi_config[1];
- case 0x42: /* High-speed Serial Interface Tx Mode */
- return s->hssi_config[2];
- case 0x44: /* TV Display Configuration */
- return s->tv_config;
- case 0x46 ... 0x4c: /* TV Vertical Blanking Interval Data bits */
- return s->tv_timing[(reg - 0x46) >> 1];
- case 0x4e: /* VBI: Closed Caption / XDS Control / Status */
- return s->vbi;
- case 0x50: /* TV Horizontal Start Position */
- return s->tv_x;
- case 0x52: /* TV Vertical Start Position */
- return s->tv_y;
- case 0x54: /* TV Test Pattern Setting */
- return s->tv_test;
- case 0x56: /* TV Filter Setting */
- return s->tv_filter_config;
- case 0x58: /* TV Filter Coefficient Index */
- return s->tv_filter_idx;
- case 0x5a: /* TV Filter Coefficient Data */
- if (s->tv_filter_idx < 0x20)
- return s->tv_filter_coeff[s->tv_filter_idx ++];
- return 0;
-
- case 0x60: /* Input YUV/RGB Translate Mode 0 */
- return s->yrc[0];
- case 0x62: /* Input YUV/RGB Translate Mode 1 */
- return s->yrc[1];
- case 0x64: /* U Data Fix */
- return s->u;
- case 0x66: /* V Data Fix */
- return s->v;
-
- case 0x68: /* Display Mode */
- return s->mode;
-
- case 0x6a: /* Special Effects */
- return s->effect;
-
- case 0x6c: /* Input Window X Start Position 0 */
- return s->ix[0] & 0xff;
- case 0x6e: /* Input Window X Start Position 1 */
- return s->ix[0] >> 3;
- case 0x70: /* Input Window Y Start Position 0 */
- return s->ix[0] & 0xff;
- case 0x72: /* Input Window Y Start Position 1 */
- return s->ix[0] >> 3;
- case 0x74: /* Input Window X End Position 0 */
- return s->ix[1] & 0xff;
- case 0x76: /* Input Window X End Position 1 */
- return s->ix[1] >> 3;
- case 0x78: /* Input Window Y End Position 0 */
- return s->ix[1] & 0xff;
- case 0x7a: /* Input Window Y End Position 1 */
- return s->ix[1] >> 3;
- case 0x7c: /* Output Window X Start Position 0 */
- return s->ox[0] & 0xff;
- case 0x7e: /* Output Window X Start Position 1 */
- return s->ox[0] >> 3;
- case 0x80: /* Output Window Y Start Position 0 */
- return s->oy[0] & 0xff;
- case 0x82: /* Output Window Y Start Position 1 */
- return s->oy[0] >> 3;
- case 0x84: /* Output Window X End Position 0 */
- return s->ox[1] & 0xff;
- case 0x86: /* Output Window X End Position 1 */
- return s->ox[1] >> 3;
- case 0x88: /* Output Window Y End Position 0 */
- return s->oy[1] & 0xff;
- case 0x8a: /* Output Window Y End Position 1 */
- return s->oy[1] >> 3;
-
- case 0x8c: /* Input Data Format */
- return s->iformat;
- case 0x8e: /* Data Source Select */
- return s->source;
- case 0x90: /* Display Memory Data Port */
- return 0;
-
- case 0xa8: /* Border Color 0 */
- return s->border_r;
- case 0xaa: /* Border Color 1 */
- return s->border_g;
- case 0xac: /* Border Color 2 */
- return s->border_b;
-
- case 0xb4: /* Gamma Correction Enable */
- return s->gamma_config;
- case 0xb6: /* Gamma Correction Table Index */
- return s->gamma_idx;
- case 0xb8: /* Gamma Correction Table Data */
- return s->gamma_lut[s->gamma_idx ++];
-
- case 0xba: /* 3x3 Matrix Enable */
- return s->matrix_ena;
- case 0xbc ... 0xde: /* Coefficient Registers */
- return s->matrix_coeff[(reg - 0xbc) >> 1];
- case 0xe0: /* 3x3 Matrix Red Offset */
- return s->matrix_r;
- case 0xe2: /* 3x3 Matrix Green Offset */
- return s->matrix_g;
- case 0xe4: /* 3x3 Matrix Blue Offset */
- return s->matrix_b;
-
- case 0xe6: /* Power-save */
- return s->pm;
- case 0xe8: /* Non-display Period Control / Status */
- return s->status | (1 << 5);
- case 0xea: /* RGB Interface Control */
- return s->rgbgpio_dir;
- case 0xec: /* RGB Interface Status */
- return s->rgbgpio;
- case 0xee: /* General-purpose IO Pins Configuration */
- return s->gpio_dir;
- case 0xf0: /* General-purpose IO Pins Status / Control */
- return s->gpio;
- case 0xf2: /* GPIO Positive Edge Interrupt Trigger */
- return s->gpio_edge[0];
- case 0xf4: /* GPIO Negative Edge Interrupt Trigger */
- return s->gpio_edge[1];
- case 0xf6: /* GPIO Interrupt Status */
- return s->gpio_irq;
- case 0xf8: /* GPIO Pull-down Control */
- return s->gpio_pdown;
-
- default:
- fprintf(stderr, "%s: unknown register %02x\n", __FUNCTION__, reg);
- return 0;
- }
-}
-
-static void blizzard_reg_write(void *opaque, uint8_t reg, uint16_t value)
-{
- BlizzardState *s = (BlizzardState *) opaque;
-
- switch (reg) {
- case 0x04: /* PLL M-Divider */
- s->pll = (value & 0x3f) + 1;
- break;
- case 0x06: /* PLL Lock Range Control */
- s->pll_range = value & 3;
- break;
- case 0x08: /* PLL Lock Synthesis Control 0 */
- s->pll_ctrl &= 0xf00;
- s->pll_ctrl |= (value << 0) & 0x0ff;
- break;
- case 0x0a: /* PLL Lock Synthesis Control 1 */
- s->pll_ctrl &= 0x0ff;
- s->pll_ctrl |= (value << 8) & 0xf00;
- break;
- case 0x0c: /* PLL Mode Control 0 */
- s->pll_mode = value & 0x77;
- if ((value & 3) == 0 || (value & 3) == 3)
- fprintf(stderr, "%s: wrong PLL Control bits (%i)\n",
- __FUNCTION__, value & 3);
- break;
-
- case 0x0e: /* Clock-Source Select */
- s->clksel = value & 0xff;
- break;
-
- case 0x10: /* Memory Controller Activate */
- s->memenable = value & 1;
- break;
- case 0x14: /* Memory Controller Bank 0 Status Flag */
- break;
-
- case 0x18: /* Auto-Refresh Interval Setting 0 */
- s->memrefresh &= 0xf00;
- s->memrefresh |= (value << 0) & 0x0ff;
- break;
- case 0x1a: /* Auto-Refresh Interval Setting 1 */
- s->memrefresh &= 0x0ff;
- s->memrefresh |= (value << 8) & 0xf00;
- break;
-
- case 0x1c: /* Power-On Sequence Timing Control */
- s->timing[0] = value & 0x7f;
- break;
- case 0x1e: /* Timing Control 0 */
- s->timing[1] = value & 0x17;
- break;
- case 0x20: /* Timing Control 1 */
- s->timing[2] = value & 0x35;
- break;
-
- case 0x24: /* Arbitration Priority Control */
- s->priority = value & 1;
- break;
-
- case 0x28: /* LCD Panel Configuration */
- s->lcd_config = value & 0xff;
- if (value & (1 << 7))
- fprintf(stderr, "%s: data swap not supported!\n", __FUNCTION__);
- break;
-
- case 0x2a: /* LCD Horizontal Display Width */
- s->x = value << 3;
- break;
- case 0x2c: /* LCD Horizontal Non-display Period */
- s->hndp = value & 0xff;
- break;
- case 0x2e: /* LCD Vertical Display Height 0 */
- s->y &= 0x300;
- s->y |= (value << 0) & 0x0ff;
- break;
- case 0x30: /* LCD Vertical Display Height 1 */
- s->y &= 0x0ff;
- s->y |= (value << 8) & 0x300;
- break;
- case 0x32: /* LCD Vertical Non-display Period */
- s->vndp = value & 0xff;
- break;
- case 0x34: /* LCD HS Pulse-width */
- s->hsync = value & 0xff;
- break;
- case 0x36: /* LCD HS Pulse Start Position */
- s->skipx = value & 0xff;
- break;
- case 0x38: /* LCD VS Pulse-width */
- s->vsync = value & 0xbf;
- break;
- case 0x3a: /* LCD VS Pulse Start Position */
- s->skipy = value & 0xff;
- break;
-
- case 0x3c: /* PCLK Polarity */
- s->pclk = value & 0x82;
- /* Affects calculation of s->hndp, s->hsync and s->skipx. */
- break;
-
- case 0x3e: /* High-speed Serial Interface Tx Configuration Port 0 */
- s->hssi_config[0] = value;
- break;
- case 0x40: /* High-speed Serial Interface Tx Configuration Port 1 */
- s->hssi_config[1] = value;
- if (((value >> 4) & 3) == 3)
- fprintf(stderr, "%s: Illegal active-data-links value\n",
- __FUNCTION__);
- break;
- case 0x42: /* High-speed Serial Interface Tx Mode */
- s->hssi_config[2] = value & 0xbd;
- break;
-
- case 0x44: /* TV Display Configuration */
- s->tv_config = value & 0xfe;
- break;
- case 0x46 ... 0x4c: /* TV Vertical Blanking Interval Data bits 0 */
- s->tv_timing[(reg - 0x46) >> 1] = value;
- break;
- case 0x4e: /* VBI: Closed Caption / XDS Control / Status */
- s->vbi = value;
- break;
- case 0x50: /* TV Horizontal Start Position */
- s->tv_x = value;
- break;
- case 0x52: /* TV Vertical Start Position */
- s->tv_y = value & 0x7f;
- break;
- case 0x54: /* TV Test Pattern Setting */
- s->tv_test = value;
- break;
- case 0x56: /* TV Filter Setting */
- s->tv_filter_config = value & 0xbf;
- break;
- case 0x58: /* TV Filter Coefficient Index */
- s->tv_filter_idx = value & 0x1f;
- break;
- case 0x5a: /* TV Filter Coefficient Data */
- if (s->tv_filter_idx < 0x20)
- s->tv_filter_coeff[s->tv_filter_idx ++] = value;
- break;
-
- case 0x60: /* Input YUV/RGB Translate Mode 0 */
- s->yrc[0] = value & 0xb0;
- break;
- case 0x62: /* Input YUV/RGB Translate Mode 1 */
- s->yrc[1] = value & 0x30;
- break;
- case 0x64: /* U Data Fix */
- s->u = value & 0xff;
- break;
- case 0x66: /* V Data Fix */
- s->v = value & 0xff;
- break;
-
- case 0x68: /* Display Mode */
- if ((s->mode ^ value) & 3)
- s->invalidate = 1;
- s->mode = value & 0xb7;
- s->enable = value & 1;
- s->blank = (value >> 1) & 1;
- if (value & (1 << 4))
- fprintf(stderr, "%s: Macrovision enable attempt!\n", __FUNCTION__);
- break;
-
- case 0x6a: /* Special Effects */
- s->effect = value & 0xfb;
- break;
-
- case 0x6c: /* Input Window X Start Position 0 */
- s->ix[0] &= 0x300;
- s->ix[0] |= (value << 0) & 0x0ff;
- break;
- case 0x6e: /* Input Window X Start Position 1 */
- s->ix[0] &= 0x0ff;
- s->ix[0] |= (value << 8) & 0x300;
- break;
- case 0x70: /* Input Window Y Start Position 0 */
- s->iy[0] &= 0x300;
- s->iy[0] |= (value << 0) & 0x0ff;
- break;
- case 0x72: /* Input Window Y Start Position 1 */
- s->iy[0] &= 0x0ff;
- s->iy[0] |= (value << 8) & 0x300;
- break;
- case 0x74: /* Input Window X End Position 0 */
- s->ix[1] &= 0x300;
- s->ix[1] |= (value << 0) & 0x0ff;
- break;
- case 0x76: /* Input Window X End Position 1 */
- s->ix[1] &= 0x0ff;
- s->ix[1] |= (value << 8) & 0x300;
- break;
- case 0x78: /* Input Window Y End Position 0 */
- s->iy[1] &= 0x300;
- s->iy[1] |= (value << 0) & 0x0ff;
- break;
- case 0x7a: /* Input Window Y End Position 1 */
- s->iy[1] &= 0x0ff;
- s->iy[1] |= (value << 8) & 0x300;
- break;
- case 0x7c: /* Output Window X Start Position 0 */
- s->ox[0] &= 0x300;
- s->ox[0] |= (value << 0) & 0x0ff;
- break;
- case 0x7e: /* Output Window X Start Position 1 */
- s->ox[0] &= 0x0ff;
- s->ox[0] |= (value << 8) & 0x300;
- break;
- case 0x80: /* Output Window Y Start Position 0 */
- s->oy[0] &= 0x300;
- s->oy[0] |= (value << 0) & 0x0ff;
- break;
- case 0x82: /* Output Window Y Start Position 1 */
- s->oy[0] &= 0x0ff;
- s->oy[0] |= (value << 8) & 0x300;
- break;
- case 0x84: /* Output Window X End Position 0 */
- s->ox[1] &= 0x300;
- s->ox[1] |= (value << 0) & 0x0ff;
- break;
- case 0x86: /* Output Window X End Position 1 */
- s->ox[1] &= 0x0ff;
- s->ox[1] |= (value << 8) & 0x300;
- break;
- case 0x88: /* Output Window Y End Position 0 */
- s->oy[1] &= 0x300;
- s->oy[1] |= (value << 0) & 0x0ff;
- break;
- case 0x8a: /* Output Window Y End Position 1 */
- s->oy[1] &= 0x0ff;
- s->oy[1] |= (value << 8) & 0x300;
- break;
-
- case 0x8c: /* Input Data Format */
- s->iformat = value & 0xf;
- s->bpp = blizzard_iformat_bpp[s->iformat];
- if (!s->bpp)
- fprintf(stderr, "%s: Illegal or unsupported input format %x\n",
- __FUNCTION__, s->iformat);
- break;
- case 0x8e: /* Data Source Select */
- s->source = value & 7;
- /* Currently all windows will be "destructive overlays". */
- if ((!(s->effect & (1 << 3)) && (s->ix[0] != s->ox[0] ||
- s->iy[0] != s->oy[0] ||
- s->ix[1] != s->ox[1] ||
- s->iy[1] != s->oy[1])) ||
- !((s->ix[1] - s->ix[0]) & (s->iy[1] - s->iy[0]) &
- (s->ox[1] - s->ox[0]) & (s->oy[1] - s->oy[0]) & 1))
- fprintf(stderr, "%s: Illegal input/output window positions\n",
- __FUNCTION__);
-
- blizzard_transfer_setup(s);
- break;
-
- case 0x90: /* Display Memory Data Port */
- if (!s->data.len && !blizzard_transfer_setup(s))
- break;
-
- *s->data.ptr ++ = value;
- if (-- s->data.len == 0)
- blizzard_window(s);
- break;
-
- case 0xa8: /* Border Color 0 */
- s->border_r = value;
- break;
- case 0xaa: /* Border Color 1 */
- s->border_g = value;
- break;
- case 0xac: /* Border Color 2 */
- s->border_b = value;
- break;
-
- case 0xb4: /* Gamma Correction Enable */
- s->gamma_config = value & 0x87;
- break;
- case 0xb6: /* Gamma Correction Table Index */
- s->gamma_idx = value;
- break;
- case 0xb8: /* Gamma Correction Table Data */
- s->gamma_lut[s->gamma_idx ++] = value;
- break;
-
- case 0xba: /* 3x3 Matrix Enable */
- s->matrix_ena = value & 1;
- break;
- case 0xbc ... 0xde: /* Coefficient Registers */
- s->matrix_coeff[(reg - 0xbc) >> 1] = value & ((reg & 2) ? 0x80 : 0xff);
- break;
- case 0xe0: /* 3x3 Matrix Red Offset */
- s->matrix_r = value;
- break;
- case 0xe2: /* 3x3 Matrix Green Offset */
- s->matrix_g = value;
- break;
- case 0xe4: /* 3x3 Matrix Blue Offset */
- s->matrix_b = value;
- break;
-
- case 0xe6: /* Power-save */
- s->pm = value & 0x83;
- if (value & s->mode & 1)
- fprintf(stderr, "%s: The display must be disabled before entering "
- "Standby Mode\n", __FUNCTION__);
- break;
- case 0xe8: /* Non-display Period Control / Status */
- s->status = value & 0x1b;
- break;
- case 0xea: /* RGB Interface Control */
- s->rgbgpio_dir = value & 0x8f;
- break;
- case 0xec: /* RGB Interface Status */
- s->rgbgpio = value & 0xcf;
- break;
- case 0xee: /* General-purpose IO Pins Configuration */
- s->gpio_dir = value;
- break;
- case 0xf0: /* General-purpose IO Pins Status / Control */
- s->gpio = value;
- break;
- case 0xf2: /* GPIO Positive Edge Interrupt Trigger */
- s->gpio_edge[0] = value;
- break;
- case 0xf4: /* GPIO Negative Edge Interrupt Trigger */
- s->gpio_edge[1] = value;
- break;
- case 0xf6: /* GPIO Interrupt Status */
- s->gpio_irq &= value;
- break;
- case 0xf8: /* GPIO Pull-down Control */
- s->gpio_pdown = value;
- break;
-
- default:
- fprintf(stderr, "%s: unknown register %02x\n", __FUNCTION__, reg);
- break;
- }
-}
-
-uint16_t s1d13745_read(void *opaque, int dc)
-{
- BlizzardState *s = (BlizzardState *) opaque;
- uint16_t value = blizzard_reg_read(s, s->reg);
-
- if (s->swallow -- > 0)
- return 0;
- if (dc)
- s->reg ++;
-
- return value;
-}
-
-void s1d13745_write(void *opaque, int dc, uint16_t value)
-{
- BlizzardState *s = (BlizzardState *) opaque;
-
- if (s->swallow -- > 0)
- return;
- if (dc) {
- blizzard_reg_write(s, s->reg, value);
-
- if (s->reg != 0x90 && s->reg != 0x5a && s->reg != 0xb8)
- s->reg += 2;
- } else
- s->reg = value & 0xff;
-}
-
-void s1d13745_write_block(void *opaque, int dc,
- void *buf, size_t len, int pitch)
-{
- BlizzardState *s = (BlizzardState *) opaque;
-
- while (len > 0) {
- if (s->reg == 0x90 && dc &&
- (s->data.len || blizzard_transfer_setup(s)) &&
- len >= (s->data.len << 1)) {
- len -= s->data.len << 1;
- s->data.len = 0;
- s->data.data = buf;
- if (pitch)
- s->data.pitch = pitch;
- blizzard_window(s);
- s->data.data = s->data.buf;
- continue;
- }
-
- s1d13745_write(opaque, dc, *(uint16_t *) buf);
- len -= 2;
- buf += 2;
- }
-}
-
-static void blizzard_update_display(void *opaque)
-{
- BlizzardState *s = (BlizzardState *) opaque;
- int y, bypp, bypl, bwidth;
- uint8_t *src, *dst;
-
- if (!s->enable)
- return;
-
- if (s->x != ds_get_width(s->state) || s->y != ds_get_height(s->state)) {
- s->invalidate = 1;
- qemu_console_resize(s->state, s->x, s->y);
- }
-
- if (s->invalidate) {
- s->invalidate = 0;
-
- if (s->blank) {
- bypp = (ds_get_bits_per_pixel(s->state) + 7) >> 3;
- memset(ds_get_data(s->state), 0, bypp * s->x * s->y);
- return;
- }
-
- s->mx[0] = 0;
- s->mx[1] = s->x;
- s->my[0] = 0;
- s->my[1] = s->y;
- }
-
- if (s->mx[1] <= s->mx[0])
- return;
-
- bypp = (ds_get_bits_per_pixel(s->state) + 7) >> 3;
- bypl = bypp * s->x;
- bwidth = bypp * (s->mx[1] - s->mx[0]);
- y = s->my[0];
- src = s->fb + bypl * y + bypp * s->mx[0];
- dst = ds_get_data(s->state) + bypl * y + bypp * s->mx[0];
- for (; y < s->my[1]; y ++, src += bypl, dst += bypl)
- memcpy(dst, src, bwidth);
-
- dpy_gfx_update(s->state, s->mx[0], s->my[0],
- s->mx[1] - s->mx[0], y - s->my[0]);
-
- s->mx[0] = s->x;
- s->mx[1] = 0;
- s->my[0] = s->y;
- s->my[1] = 0;
-}
-
-static void blizzard_screen_dump(void *opaque, const char *filename,
- bool cswitch, Error **errp)
-{
- BlizzardState *s = (BlizzardState *) opaque;
-
- blizzard_update_display(opaque);
- if (s && ds_get_data(s->state))
- ppm_save(filename, s->state->surface, errp);
-}
-
-#define DEPTH 8
-#include "blizzard_template.h"
-#define DEPTH 15
-#include "blizzard_template.h"
-#define DEPTH 16
-#include "blizzard_template.h"
-#define DEPTH 24
-#include "blizzard_template.h"
-#define DEPTH 32
-#include "blizzard_template.h"
-
-void *s1d13745_init(qemu_irq gpio_int)
-{
- BlizzardState *s = (BlizzardState *) g_malloc0(sizeof(*s));
-
- s->fb = g_malloc(0x180000);
-
- s->state = graphic_console_init(blizzard_update_display,
- blizzard_invalidate_display,
- blizzard_screen_dump, NULL, s);
-
- switch (ds_get_bits_per_pixel(s->state)) {
- case 0:
- s->line_fn_tab[0] = s->line_fn_tab[1] =
- g_malloc0(sizeof(blizzard_fn_t) * 0x10);
- break;
- case 8:
- s->line_fn_tab[0] = blizzard_draw_fn_8;
- s->line_fn_tab[1] = blizzard_draw_fn_r_8;
- break;
- case 15:
- s->line_fn_tab[0] = blizzard_draw_fn_15;
- s->line_fn_tab[1] = blizzard_draw_fn_r_15;
- break;
- case 16:
- s->line_fn_tab[0] = blizzard_draw_fn_16;
- s->line_fn_tab[1] = blizzard_draw_fn_r_16;
- break;
- case 24:
- s->line_fn_tab[0] = blizzard_draw_fn_24;
- s->line_fn_tab[1] = blizzard_draw_fn_r_24;
- break;
- case 32:
- s->line_fn_tab[0] = blizzard_draw_fn_32;
- s->line_fn_tab[1] = blizzard_draw_fn_r_32;
- break;
- default:
- fprintf(stderr, "%s: Bad color depth\n", __FUNCTION__);
- exit(1);
- }
-
- blizzard_reset(s);
-
- return s;
-}
diff --git a/hw/blizzard_template.h b/hw/blizzard_template.h
deleted file mode 100644
index 42f4e90b0..000000000
--- a/hw/blizzard_template.h
+++ /dev/null
@@ -1,136 +0,0 @@
-/*
- * QEMU Epson S1D13744/S1D13745 templates
- *
- * Copyright (C) 2008 Nokia Corporation
- * Written by Andrzej Zaborowski <andrew@openedhand.com>
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License as
- * published by the Free Software Foundation; either version 2 or
- * (at your option) version 3 of the License.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, see <http://www.gnu.org/licenses/>.
- */
-
-#define SKIP_PIXEL(to) to += deststep
-#if DEPTH == 8
-# define PIXEL_TYPE uint8_t
-# define COPY_PIXEL(to, from) *to = from; SKIP_PIXEL(to)
-# define COPY_PIXEL1(to, from) *to ++ = from
-#elif DEPTH == 15 || DEPTH == 16
-# define PIXEL_TYPE uint16_t
-# define COPY_PIXEL(to, from) *to = from; SKIP_PIXEL(to)
-# define COPY_PIXEL1(to, from) *to ++ = from
-#elif DEPTH == 24
-# define PIXEL_TYPE uint8_t
-# define COPY_PIXEL(to, from) \
- to[0] = from; to[1] = (from) >> 8; to[2] = (from) >> 16; SKIP_PIXEL(to)
-# define COPY_PIXEL1(to, from) \
- *to ++ = from; *to ++ = (from) >> 8; *to ++ = (from) >> 16
-#elif DEPTH == 32
-# define PIXEL_TYPE uint32_t
-# define COPY_PIXEL(to, from) *to = from; SKIP_PIXEL(to)
-# define COPY_PIXEL1(to, from) *to ++ = from
-#else
-# error unknown bit depth
-#endif
-
-#ifdef HOST_WORDS_BIGENDIAN
-# define SWAP_WORDS 1
-#endif
-
-static void glue(blizzard_draw_line16_, DEPTH)(PIXEL_TYPE *dest,
- const uint16_t *src, unsigned int width)
-{
-#if !defined(SWAP_WORDS) && DEPTH == 16
- memcpy(dest, src, width);
-#else
- uint16_t data;
- unsigned int r, g, b;
- const uint16_t *end = (const void *) src + width;
- while (src < end) {
- data = lduw_raw(src ++);
- b = (data & 0x1f) << 3;
- data >>= 5;
- g = (data & 0x3f) << 2;
- data >>= 6;
- r = (data & 0x1f) << 3;
- data >>= 5;
- COPY_PIXEL1(dest, glue(rgb_to_pixel, DEPTH)(r, g, b));
- }
-#endif
-}
-
-static void glue(blizzard_draw_line24mode1_, DEPTH)(PIXEL_TYPE *dest,
- const uint8_t *src, unsigned int width)
-{
- /* TODO: check if SDL 24-bit planes are not in the same format and
- * if so, use memcpy */
- unsigned int r[2], g[2], b[2];
- const uint8_t *end = src + width;
- while (src < end) {
- g[0] = *src ++;
- r[0] = *src ++;
- r[1] = *src ++;
- b[0] = *src ++;
- COPY_PIXEL1(dest, glue(rgb_to_pixel, DEPTH)(r[0], g[0], b[0]));
- b[1] = *src ++;
- g[1] = *src ++;
- COPY_PIXEL1(dest, glue(rgb_to_pixel, DEPTH)(r[1], g[1], b[1]));
- }
-}
-
-static void glue(blizzard_draw_line24mode2_, DEPTH)(PIXEL_TYPE *dest,
- const uint8_t *src, unsigned int width)
-{
- unsigned int r, g, b;
- const uint8_t *end = src + width;
- while (src < end) {
- r = *src ++;
- src ++;
- b = *src ++;
- g = *src ++;
- COPY_PIXEL1(dest, glue(rgb_to_pixel, DEPTH)(r, g, b));
- }
-}
-
-/* No rotation */
-static blizzard_fn_t glue(blizzard_draw_fn_, DEPTH)[0x10] = {
- NULL,
- /* RGB 5:6:5*/
- (blizzard_fn_t) glue(blizzard_draw_line16_, DEPTH),
- /* RGB 6:6:6 mode 1 */
- (blizzard_fn_t) glue(blizzard_draw_line24mode1_, DEPTH),
- /* RGB 8:8:8 mode 1 */
- (blizzard_fn_t) glue(blizzard_draw_line24mode1_, DEPTH),
- NULL, NULL,
- /* RGB 6:6:6 mode 2 */
- (blizzard_fn_t) glue(blizzard_draw_line24mode2_, DEPTH),
- /* RGB 8:8:8 mode 2 */
- (blizzard_fn_t) glue(blizzard_draw_line24mode2_, DEPTH),
- /* YUV 4:2:2 */
- NULL,
- /* YUV 4:2:0 */
- NULL,
- NULL, NULL, NULL, NULL, NULL, NULL,
-};
-
-/* 90deg, 180deg and 270deg rotation */
-static blizzard_fn_t glue(blizzard_draw_fn_r_, DEPTH)[0x10] = {
- /* TODO */
- [0 ... 0xf] = NULL,
-};
-
-#undef DEPTH
-#undef SKIP_PIXEL
-#undef COPY_PIXEL
-#undef COPY_PIXEL1
-#undef PIXEL_TYPE
-
-#undef SWAP_WORDS
diff --git a/hw/block-common.c b/hw/block-common.c
deleted file mode 100644
index f0196d78d..000000000
--- a/hw/block-common.c
+++ /dev/null
@@ -1,64 +0,0 @@
-/*
- * Common code for block device models
- *
- * Copyright (C) 2012 Red Hat, Inc.
- *
- * This work is licensed under the terms of the GNU GPL, version 2 or
- * later. See the COPYING file in the top-level directory.
- */
-
-#include "blockdev.h"
-#include "hw/block-common.h"
-#include "qemu-error.h"
-
-void blkconf_serial(BlockConf *conf, char **serial)
-{
- DriveInfo *dinfo;
-
- if (!*serial) {
- /* try to fall back to value set with legacy -drive serial=... */
- dinfo = drive_get_by_blockdev(conf->bs);
- if (dinfo->serial) {
- *serial = g_strdup(dinfo->serial);
- }
- }
-}
-
-int blkconf_geometry(BlockConf *conf, int *ptrans,
- unsigned cyls_max, unsigned heads_max, unsigned secs_max)
-{
- DriveInfo *dinfo;
-
- if (!conf->cyls && !conf->heads && !conf->secs) {
- /* try to fall back to value set with legacy -drive cyls=... */
- dinfo = drive_get_by_blockdev(conf->bs);
- conf->cyls = dinfo->cyls;
- conf->heads = dinfo->heads;
- conf->secs = dinfo->secs;
- if (ptrans) {
- *ptrans = dinfo->trans;
- }
- }
- if (!conf->cyls && !conf->heads && !conf->secs) {
- hd_geometry_guess(conf->bs,
- &conf->cyls, &conf->heads, &conf->secs,
- ptrans);
- } else if (ptrans && *ptrans == BIOS_ATA_TRANSLATION_AUTO) {
- *ptrans = hd_bios_chs_auto_trans(conf->cyls, conf->heads, conf->secs);
- }
- if (conf->cyls || conf->heads || conf->secs) {
- if (conf->cyls < 1 || conf->cyls > cyls_max) {
- error_report("cyls must be between 1 and %u", cyls_max);
- return -1;
- }
- if (conf->heads < 1 || conf->heads > heads_max) {
- error_report("heads must be between 1 and %u", heads_max);
- return -1;
- }
- if (conf->secs < 1 || conf->secs > secs_max) {
- error_report("secs must be between 1 and %u", secs_max);
- return -1;
- }
- }
- return 0;
-}
diff --git a/hw/block-common.h b/hw/block-common.h
deleted file mode 100644
index bb808f7f5..000000000
--- a/hw/block-common.h
+++ /dev/null
@@ -1,79 +0,0 @@
-/*
- * Common code for block device models
- *
- * Copyright (C) 2012 Red Hat, Inc.
- * Copyright (c) 2003-2008 Fabrice Bellard
- *
- * This work is licensed under the terms of the GNU GPL, version 2 or
- * later. See the COPYING file in the top-level directory.
- */
-
-#ifndef HW_BLOCK_COMMON_H
-#define HW_BLOCK_COMMON_H
-
-#include "qemu-common.h"
-
-/* Configuration */
-
-typedef struct BlockConf {
- BlockDriverState *bs;
- uint16_t physical_block_size;
- uint16_t logical_block_size;
- uint16_t min_io_size;
- uint32_t opt_io_size;
- int32_t bootindex;
- uint32_t discard_granularity;
- /* geometry, not all devices use this */
- uint32_t cyls, heads, secs;
-} BlockConf;
-
-static inline unsigned int get_physical_block_exp(BlockConf *conf)
-{
- unsigned int exp = 0, size;
-
- for (size = conf->physical_block_size;
- size > conf->logical_block_size;
- size >>= 1) {
- exp++;
- }
-
- return exp;
-}
-
-#define DEFINE_BLOCK_PROPERTIES(_state, _conf) \
- DEFINE_PROP_DRIVE("drive", _state, _conf.bs), \
- DEFINE_PROP_BLOCKSIZE("logical_block_size", _state, \
- _conf.logical_block_size, 512), \
- DEFINE_PROP_BLOCKSIZE("physical_block_size", _state, \
- _conf.physical_block_size, 512), \
- DEFINE_PROP_UINT16("min_io_size", _state, _conf.min_io_size, 0), \
- DEFINE_PROP_UINT32("opt_io_size", _state, _conf.opt_io_size, 0), \
- DEFINE_PROP_INT32("bootindex", _state, _conf.bootindex, -1), \
- DEFINE_PROP_UINT32("discard_granularity", _state, \
- _conf.discard_granularity, 0)
-
-#define DEFINE_BLOCK_CHS_PROPERTIES(_state, _conf) \
- DEFINE_PROP_UINT32("cyls", _state, _conf.cyls, 0), \
- DEFINE_PROP_UINT32("heads", _state, _conf.heads, 0), \
- DEFINE_PROP_UINT32("secs", _state, _conf.secs, 0)
-
-/* Configuration helpers */
-
-void blkconf_serial(BlockConf *conf, char **serial);
-int blkconf_geometry(BlockConf *conf, int *trans,
- unsigned cyls_max, unsigned heads_max, unsigned secs_max);
-
-/* Hard disk geometry */
-
-#define BIOS_ATA_TRANSLATION_AUTO 0
-#define BIOS_ATA_TRANSLATION_NONE 1
-#define BIOS_ATA_TRANSLATION_LBA 2
-#define BIOS_ATA_TRANSLATION_LARGE 3
-#define BIOS_ATA_TRANSLATION_RECHS 4
-
-void hd_geometry_guess(BlockDriverState *bs,
- uint32_t *pcyls, uint32_t *pheads, uint32_t *psecs,
- int *ptrans);
-int hd_bios_chs_auto_trans(uint32_t cyls, uint32_t heads, uint32_t secs);
-
-#endif
diff --git a/hw/block/Makefile.objs b/hw/block/Makefile.objs
new file mode 100644
index 000000000..bf46f03b7
--- /dev/null
+++ b/hw/block/Makefile.objs
@@ -0,0 +1,15 @@
+common-obj-y += block.o cdrom.o hd-geometry.o
+common-obj-$(CONFIG_FDC) += fdc.o
+common-obj-$(CONFIG_SSI_M25P80) += m25p80.o
+common-obj-$(CONFIG_NAND) += nand.o
+common-obj-$(CONFIG_PFLASH_CFI01) += pflash_cfi01.o
+common-obj-$(CONFIG_PFLASH_CFI02) += pflash_cfi02.o
+common-obj-$(CONFIG_XEN_BACKEND) += xen_disk.o
+common-obj-$(CONFIG_ECC) += ecc.o
+common-obj-$(CONFIG_ONENAND) += onenand.o
+common-obj-$(CONFIG_NVME_PCI) += nvme.o
+
+obj-$(CONFIG_SH4) += tc58128.o
+
+obj-$(CONFIG_VIRTIO) += virtio-blk.o
+obj-$(CONFIG_VIRTIO_BLK_DATA_PLANE) += dataplane/
diff --git a/hw/block/block.c b/hw/block/block.c
new file mode 100644
index 000000000..33dd3f33b
--- /dev/null
+++ b/hw/block/block.c
@@ -0,0 +1,62 @@
+/*
+ * Common code for block device models
+ *
+ * Copyright (C) 2012 Red Hat, Inc.
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or
+ * later. See the COPYING file in the top-level directory.
+ */
+
+#include "sysemu/blockdev.h"
+#include "hw/block/block.h"
+#include "qemu/error-report.h"
+
+void blkconf_serial(BlockConf *conf, char **serial)
+{
+ DriveInfo *dinfo;
+
+ if (!*serial) {
+ /* try to fall back to value set with legacy -drive serial=... */
+ dinfo = drive_get_by_blockdev(conf->bs);
+ *serial = g_strdup(dinfo->serial);
+ }
+}
+
+int blkconf_geometry(BlockConf *conf, int *ptrans,
+ unsigned cyls_max, unsigned heads_max, unsigned secs_max)
+{
+ DriveInfo *dinfo;
+
+ if (!conf->cyls && !conf->heads && !conf->secs) {
+ /* try to fall back to value set with legacy -drive cyls=... */
+ dinfo = drive_get_by_blockdev(conf->bs);
+ conf->cyls = dinfo->cyls;
+ conf->heads = dinfo->heads;
+ conf->secs = dinfo->secs;
+ if (ptrans) {
+ *ptrans = dinfo->trans;
+ }
+ }
+ if (!conf->cyls && !conf->heads && !conf->secs) {
+ hd_geometry_guess(conf->bs,
+ &conf->cyls, &conf->heads, &conf->secs,
+ ptrans);
+ } else if (ptrans && *ptrans == BIOS_ATA_TRANSLATION_AUTO) {
+ *ptrans = hd_bios_chs_auto_trans(conf->cyls, conf->heads, conf->secs);
+ }
+ if (conf->cyls || conf->heads || conf->secs) {
+ if (conf->cyls < 1 || conf->cyls > cyls_max) {
+ error_report("cyls must be between 1 and %u", cyls_max);
+ return -1;
+ }
+ if (conf->heads < 1 || conf->heads > heads_max) {
+ error_report("heads must be between 1 and %u", heads_max);
+ return -1;
+ }
+ if (conf->secs < 1 || conf->secs > secs_max) {
+ error_report("secs must be between 1 and %u", secs_max);
+ return -1;
+ }
+ }
+ return 0;
+}
diff --git a/hw/block/cdrom.c b/hw/block/cdrom.c
new file mode 100644
index 000000000..38469fa92
--- /dev/null
+++ b/hw/block/cdrom.c
@@ -0,0 +1,155 @@
+/*
+ * QEMU ATAPI CD-ROM Emulator
+ *
+ * Copyright (c) 2006 Fabrice Bellard
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+/* ??? Most of the ATAPI emulation is still in ide.c. It should be moved
+ here. */
+
+#include "qemu-common.h"
+#include "hw/scsi/scsi.h"
+
+static void lba_to_msf(uint8_t *buf, int lba)
+{
+ lba += 150;
+ buf[0] = (lba / 75) / 60;
+ buf[1] = (lba / 75) % 60;
+ buf[2] = lba % 75;
+}
+
+/* same toc as bochs. Return -1 if error or the toc length */
+/* XXX: check this */
+int cdrom_read_toc(int nb_sectors, uint8_t *buf, int msf, int start_track)
+{
+ uint8_t *q;
+ int len;
+
+ if (start_track > 1 && start_track != 0xaa)
+ return -1;
+ q = buf + 2;
+ *q++ = 1; /* first session */
+ *q++ = 1; /* last session */
+ if (start_track <= 1) {
+ *q++ = 0; /* reserved */
+ *q++ = 0x14; /* ADR, control */
+ *q++ = 1; /* track number */
+ *q++ = 0; /* reserved */
+ if (msf) {
+ *q++ = 0; /* reserved */
+ lba_to_msf(q, 0);
+ q += 3;
+ } else {
+ /* sector 0 */
+ cpu_to_be32wu((uint32_t *)q, 0);
+ q += 4;
+ }
+ }
+ /* lead out track */
+ *q++ = 0; /* reserved */
+ *q++ = 0x16; /* ADR, control */
+ *q++ = 0xaa; /* track number */
+ *q++ = 0; /* reserved */
+ if (msf) {
+ *q++ = 0; /* reserved */
+ lba_to_msf(q, nb_sectors);
+ q += 3;
+ } else {
+ cpu_to_be32wu((uint32_t *)q, nb_sectors);
+ q += 4;
+ }
+ len = q - buf;
+ cpu_to_be16wu((uint16_t *)buf, len - 2);
+ return len;
+}
+
+/* mostly same info as PearPc */
+int cdrom_read_toc_raw(int nb_sectors, uint8_t *buf, int msf, int session_num)
+{
+ uint8_t *q;
+ int len;
+
+ q = buf + 2;
+ *q++ = 1; /* first session */
+ *q++ = 1; /* last session */
+
+ *q++ = 1; /* session number */
+ *q++ = 0x14; /* data track */
+ *q++ = 0; /* track number */
+ *q++ = 0xa0; /* lead-in */
+ *q++ = 0; /* min */
+ *q++ = 0; /* sec */
+ *q++ = 0; /* frame */
+ *q++ = 0;
+ *q++ = 1; /* first track */
+ *q++ = 0x00; /* disk type */
+ *q++ = 0x00;
+
+ *q++ = 1; /* session number */
+ *q++ = 0x14; /* data track */
+ *q++ = 0; /* track number */
+ *q++ = 0xa1;
+ *q++ = 0; /* min */
+ *q++ = 0; /* sec */
+ *q++ = 0; /* frame */
+ *q++ = 0;
+ *q++ = 1; /* last track */
+ *q++ = 0x00;
+ *q++ = 0x00;
+
+ *q++ = 1; /* session number */
+ *q++ = 0x14; /* data track */
+ *q++ = 0; /* track number */
+ *q++ = 0xa2; /* lead-out */
+ *q++ = 0; /* min */
+ *q++ = 0; /* sec */
+ *q++ = 0; /* frame */
+ if (msf) {
+ *q++ = 0; /* reserved */
+ lba_to_msf(q, nb_sectors);
+ q += 3;
+ } else {
+ cpu_to_be32wu((uint32_t *)q, nb_sectors);
+ q += 4;
+ }
+
+ *q++ = 1; /* session number */
+ *q++ = 0x14; /* ADR, control */
+ *q++ = 0; /* track number */
+ *q++ = 1; /* point */
+ *q++ = 0; /* min */
+ *q++ = 0; /* sec */
+ *q++ = 0; /* frame */
+ if (msf) {
+ *q++ = 0;
+ lba_to_msf(q, 0);
+ q += 3;
+ } else {
+ *q++ = 0;
+ *q++ = 0;
+ *q++ = 0;
+ *q++ = 0;
+ }
+
+ len = q - buf;
+ cpu_to_be16wu((uint16_t *)buf, len - 2);
+ return len;
+}
diff --git a/hw/block/dataplane/Makefile.objs b/hw/block/dataplane/Makefile.objs
new file mode 100644
index 000000000..9da2eb82b
--- /dev/null
+++ b/hw/block/dataplane/Makefile.objs
@@ -0,0 +1 @@
+obj-y += ioq.o virtio-blk.o
diff --git a/hw/block/dataplane/ioq.c b/hw/block/dataplane/ioq.c
new file mode 100644
index 000000000..f709f87ed
--- /dev/null
+++ b/hw/block/dataplane/ioq.c
@@ -0,0 +1,117 @@
+/*
+ * Linux AIO request queue
+ *
+ * Copyright 2012 IBM, Corp.
+ * Copyright 2012 Red Hat, Inc. and/or its affiliates
+ *
+ * Authors:
+ * Stefan Hajnoczi <stefanha@redhat.com>
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or later.
+ * See the COPYING file in the top-level directory.
+ *
+ */
+
+#include "ioq.h"
+
+void ioq_init(IOQueue *ioq, int fd, unsigned int max_reqs)
+{
+ int rc;
+
+ ioq->fd = fd;
+ ioq->max_reqs = max_reqs;
+
+ memset(&ioq->io_ctx, 0, sizeof ioq->io_ctx);
+ rc = io_setup(max_reqs, &ioq->io_ctx);
+ if (rc != 0) {
+ fprintf(stderr, "ioq io_setup failed %d\n", rc);
+ exit(1);
+ }
+
+ rc = event_notifier_init(&ioq->io_notifier, 0);
+ if (rc != 0) {
+ fprintf(stderr, "ioq io event notifier creation failed %d\n", rc);
+ exit(1);
+ }
+
+ ioq->freelist = g_malloc0(sizeof ioq->freelist[0] * max_reqs);
+ ioq->freelist_idx = 0;
+
+ ioq->queue = g_malloc0(sizeof ioq->queue[0] * max_reqs);
+ ioq->queue_idx = 0;
+}
+
+void ioq_cleanup(IOQueue *ioq)
+{
+ g_free(ioq->freelist);
+ g_free(ioq->queue);
+
+ event_notifier_cleanup(&ioq->io_notifier);
+ io_destroy(ioq->io_ctx);
+}
+
+EventNotifier *ioq_get_notifier(IOQueue *ioq)
+{
+ return &ioq->io_notifier;
+}
+
+struct iocb *ioq_get_iocb(IOQueue *ioq)
+{
+ /* Underflow cannot happen since ioq is sized for max_reqs */
+ assert(ioq->freelist_idx != 0);
+
+ struct iocb *iocb = ioq->freelist[--ioq->freelist_idx];
+ ioq->queue[ioq->queue_idx++] = iocb;
+ return iocb;
+}
+
+void ioq_put_iocb(IOQueue *ioq, struct iocb *iocb)
+{
+ /* Overflow cannot happen since ioq is sized for max_reqs */
+ assert(ioq->freelist_idx != ioq->max_reqs);
+
+ ioq->freelist[ioq->freelist_idx++] = iocb;
+}
+
+struct iocb *ioq_rdwr(IOQueue *ioq, bool read, struct iovec *iov,
+ unsigned int count, long long offset)
+{
+ struct iocb *iocb = ioq_get_iocb(ioq);
+
+ if (read) {
+ io_prep_preadv(iocb, ioq->fd, iov, count, offset);
+ } else {
+ io_prep_pwritev(iocb, ioq->fd, iov, count, offset);
+ }
+ io_set_eventfd(iocb, event_notifier_get_fd(&ioq->io_notifier));
+ return iocb;
+}
+
+int ioq_submit(IOQueue *ioq)
+{
+ int rc = io_submit(ioq->io_ctx, ioq->queue_idx, ioq->queue);
+ ioq->queue_idx = 0; /* reset */
+ return rc;
+}
+
+int ioq_run_completion(IOQueue *ioq, IOQueueCompletion *completion,
+ void *opaque)
+{
+ struct io_event events[ioq->max_reqs];
+ int nevents, i;
+
+ do {
+ nevents = io_getevents(ioq->io_ctx, 0, ioq->max_reqs, events, NULL);
+ } while (nevents < 0 && errno == EINTR);
+ if (nevents < 0) {
+ return nevents;
+ }
+
+ for (i = 0; i < nevents; i++) {
+ ssize_t ret = ((uint64_t)events[i].res2 << 32) | events[i].res;
+
+ completion(events[i].obj, ret, opaque);
+ ioq_put_iocb(ioq, events[i].obj);
+ }
+ return nevents;
+}
diff --git a/hw/block/dataplane/ioq.h b/hw/block/dataplane/ioq.h
new file mode 100644
index 000000000..b49b5de7f
--- /dev/null
+++ b/hw/block/dataplane/ioq.h
@@ -0,0 +1,57 @@
+/*
+ * Linux AIO request queue
+ *
+ * Copyright 2012 IBM, Corp.
+ * Copyright 2012 Red Hat, Inc. and/or its affiliates
+ *
+ * Authors:
+ * Stefan Hajnoczi <stefanha@redhat.com>
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or later.
+ * See the COPYING file in the top-level directory.
+ *
+ */
+
+#ifndef IOQ_H
+#define IOQ_H
+
+#include <libaio.h>
+#include "qemu/event_notifier.h"
+
+typedef struct {
+ int fd; /* file descriptor */
+ unsigned int max_reqs; /* max length of freelist and queue */
+
+ io_context_t io_ctx; /* Linux AIO context */
+ EventNotifier io_notifier; /* Linux AIO eventfd */
+
+ /* Requests can complete in any order so a free list is necessary to manage
+ * available iocbs.
+ */
+ struct iocb **freelist; /* free iocbs */
+ unsigned int freelist_idx;
+
+ /* Multiple requests are queued up before submitting them all in one go */
+ struct iocb **queue; /* queued iocbs */
+ unsigned int queue_idx;
+} IOQueue;
+
+void ioq_init(IOQueue *ioq, int fd, unsigned int max_reqs);
+void ioq_cleanup(IOQueue *ioq);
+EventNotifier *ioq_get_notifier(IOQueue *ioq);
+struct iocb *ioq_get_iocb(IOQueue *ioq);
+void ioq_put_iocb(IOQueue *ioq, struct iocb *iocb);
+struct iocb *ioq_rdwr(IOQueue *ioq, bool read, struct iovec *iov,
+ unsigned int count, long long offset);
+int ioq_submit(IOQueue *ioq);
+
+static inline unsigned int ioq_num_queued(IOQueue *ioq)
+{
+ return ioq->queue_idx;
+}
+
+typedef void IOQueueCompletion(struct iocb *iocb, ssize_t ret, void *opaque);
+int ioq_run_completion(IOQueue *ioq, IOQueueCompletion *completion,
+ void *opaque);
+
+#endif /* IOQ_H */
diff --git a/hw/block/dataplane/virtio-blk.c b/hw/block/dataplane/virtio-blk.c
new file mode 100644
index 000000000..411becc06
--- /dev/null
+++ b/hw/block/dataplane/virtio-blk.c
@@ -0,0 +1,542 @@
+/*
+ * Dedicated thread for virtio-blk I/O processing
+ *
+ * Copyright 2012 IBM, Corp.
+ * Copyright 2012 Red Hat, Inc. and/or its affiliates
+ *
+ * Authors:
+ * Stefan Hajnoczi <stefanha@redhat.com>
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or later.
+ * See the COPYING file in the top-level directory.
+ *
+ */
+
+#include "trace.h"
+#include "qemu/iov.h"
+#include "qemu/thread.h"
+#include "qemu/error-report.h"
+#include "hw/virtio/dataplane/vring.h"
+#include "ioq.h"
+#include "block/block.h"
+#include "hw/virtio/virtio-blk.h"
+#include "virtio-blk.h"
+#include "block/aio.h"
+#include "hw/virtio/virtio-bus.h"
+
+enum {
+ SEG_MAX = 126, /* maximum number of I/O segments */
+ VRING_MAX = SEG_MAX + 2, /* maximum number of vring descriptors */
+ REQ_MAX = VRING_MAX, /* maximum number of requests in the vring,
+ * is VRING_MAX / 2 with traditional and
+ * VRING_MAX with indirect descriptors */
+};
+
+typedef struct {
+ struct iocb iocb; /* Linux AIO control block */
+ QEMUIOVector *inhdr; /* iovecs for virtio_blk_inhdr */
+ unsigned int head; /* vring descriptor index */
+ struct iovec *bounce_iov; /* used if guest buffers are unaligned */
+ QEMUIOVector *read_qiov; /* for read completion /w bounce buffer */
+} VirtIOBlockRequest;
+
+struct VirtIOBlockDataPlane {
+ bool started;
+ bool stopping;
+ QEMUBH *start_bh;
+ QemuThread thread;
+
+ VirtIOBlkConf *blk;
+ int fd; /* image file descriptor */
+
+ VirtIODevice *vdev;
+ Vring vring; /* virtqueue vring */
+ EventNotifier *guest_notifier; /* irq */
+
+ /* Note that these EventNotifiers are assigned by value. This is
+ * fine as long as you do not call event_notifier_cleanup on them
+ * (because you don't own the file descriptor or handle; you just
+ * use it).
+ */
+ AioContext *ctx;
+ EventNotifier io_notifier; /* Linux AIO completion */
+ EventNotifier host_notifier; /* doorbell */
+
+ IOQueue ioqueue; /* Linux AIO queue (should really be per
+ dataplane thread) */
+ VirtIOBlockRequest requests[REQ_MAX]; /* pool of requests, managed by the
+ queue */
+
+ unsigned int num_reqs;
+};
+
+/* Raise an interrupt to signal guest, if necessary */
+static void notify_guest(VirtIOBlockDataPlane *s)
+{
+ if (!vring_should_notify(s->vdev, &s->vring)) {
+ return;
+ }
+
+ event_notifier_set(s->guest_notifier);
+}
+
+static void complete_request(struct iocb *iocb, ssize_t ret, void *opaque)
+{
+ VirtIOBlockDataPlane *s = opaque;
+ VirtIOBlockRequest *req = container_of(iocb, VirtIOBlockRequest, iocb);
+ struct virtio_blk_inhdr hdr;
+ int len;
+
+ if (likely(ret >= 0)) {
+ hdr.status = VIRTIO_BLK_S_OK;
+ len = ret;
+ } else {
+ hdr.status = VIRTIO_BLK_S_IOERR;
+ len = 0;
+ }
+
+ trace_virtio_blk_data_plane_complete_request(s, req->head, ret);
+
+ if (req->read_qiov) {
+ assert(req->bounce_iov);
+ qemu_iovec_from_buf(req->read_qiov, 0, req->bounce_iov->iov_base, len);
+ qemu_iovec_destroy(req->read_qiov);
+ g_slice_free(QEMUIOVector, req->read_qiov);
+ }
+
+ if (req->bounce_iov) {
+ qemu_vfree(req->bounce_iov->iov_base);
+ g_slice_free(struct iovec, req->bounce_iov);
+ }
+
+ qemu_iovec_from_buf(req->inhdr, 0, &hdr, sizeof(hdr));
+ qemu_iovec_destroy(req->inhdr);
+ g_slice_free(QEMUIOVector, req->inhdr);
+
+ /* According to the virtio specification len should be the number of bytes
+ * written to, but for virtio-blk it seems to be the number of bytes
+ * transferred plus the status bytes.
+ */
+ vring_push(&s->vring, req->head, len + sizeof(hdr));
+
+ s->num_reqs--;
+}
+
+static void complete_request_early(VirtIOBlockDataPlane *s, unsigned int head,
+ QEMUIOVector *inhdr, unsigned char status)
+{
+ struct virtio_blk_inhdr hdr = {
+ .status = status,
+ };
+
+ qemu_iovec_from_buf(inhdr, 0, &hdr, sizeof(hdr));
+ qemu_iovec_destroy(inhdr);
+ g_slice_free(QEMUIOVector, inhdr);
+
+ vring_push(&s->vring, head, sizeof(hdr));
+ notify_guest(s);
+}
+
+/* Get disk serial number */
+static void do_get_id_cmd(VirtIOBlockDataPlane *s,
+ struct iovec *iov, unsigned int iov_cnt,
+ unsigned int head, QEMUIOVector *inhdr)
+{
+ char id[VIRTIO_BLK_ID_BYTES];
+
+ /* Serial number not NUL-terminated when shorter than buffer */
+ strncpy(id, s->blk->serial ? s->blk->serial : "", sizeof(id));
+ iov_from_buf(iov, iov_cnt, 0, id, sizeof(id));
+ complete_request_early(s, head, inhdr, VIRTIO_BLK_S_OK);
+}
+
+static int do_rdwr_cmd(VirtIOBlockDataPlane *s, bool read,
+ struct iovec *iov, unsigned int iov_cnt,
+ long long offset, unsigned int head,
+ QEMUIOVector *inhdr)
+{
+ struct iocb *iocb;
+ QEMUIOVector qiov;
+ struct iovec *bounce_iov = NULL;
+ QEMUIOVector *read_qiov = NULL;
+
+ qemu_iovec_init_external(&qiov, iov, iov_cnt);
+ if (!bdrv_qiov_is_aligned(s->blk->conf.bs, &qiov)) {
+ void *bounce_buffer = qemu_blockalign(s->blk->conf.bs, qiov.size);
+
+ if (read) {
+ /* Need to copy back from bounce buffer on completion */
+ read_qiov = g_slice_new(QEMUIOVector);
+ qemu_iovec_init(read_qiov, iov_cnt);
+ qemu_iovec_concat_iov(read_qiov, iov, iov_cnt, 0, qiov.size);
+ } else {
+ qemu_iovec_to_buf(&qiov, 0, bounce_buffer, qiov.size);
+ }
+
+ /* Redirect I/O to aligned bounce buffer */
+ bounce_iov = g_slice_new(struct iovec);
+ bounce_iov->iov_base = bounce_buffer;
+ bounce_iov->iov_len = qiov.size;
+ iov = bounce_iov;
+ iov_cnt = 1;
+ }
+
+ iocb = ioq_rdwr(&s->ioqueue, read, iov, iov_cnt, offset);
+
+ /* Fill in virtio block metadata needed for completion */
+ VirtIOBlockRequest *req = container_of(iocb, VirtIOBlockRequest, iocb);
+ req->head = head;
+ req->inhdr = inhdr;
+ req->bounce_iov = bounce_iov;
+ req->read_qiov = read_qiov;
+ return 0;
+}
+
+static int process_request(IOQueue *ioq, struct iovec iov[],
+ unsigned int out_num, unsigned int in_num,
+ unsigned int head)
+{
+ VirtIOBlockDataPlane *s = container_of(ioq, VirtIOBlockDataPlane, ioqueue);
+ struct iovec *in_iov = &iov[out_num];
+ struct virtio_blk_outhdr outhdr;
+ QEMUIOVector *inhdr;
+ size_t in_size;
+
+ /* Copy in outhdr */
+ if (unlikely(iov_to_buf(iov, out_num, 0, &outhdr,
+ sizeof(outhdr)) != sizeof(outhdr))) {
+ error_report("virtio-blk request outhdr too short");
+ return -EFAULT;
+ }
+ iov_discard_front(&iov, &out_num, sizeof(outhdr));
+
+ /* Grab inhdr for later */
+ in_size = iov_size(in_iov, in_num);
+ if (in_size < sizeof(struct virtio_blk_inhdr)) {
+ error_report("virtio_blk request inhdr too short");
+ return -EFAULT;
+ }
+ inhdr = g_slice_new(QEMUIOVector);
+ qemu_iovec_init(inhdr, 1);
+ qemu_iovec_concat_iov(inhdr, in_iov, in_num,
+ in_size - sizeof(struct virtio_blk_inhdr),
+ sizeof(struct virtio_blk_inhdr));
+ iov_discard_back(in_iov, &in_num, sizeof(struct virtio_blk_inhdr));
+
+ /* TODO Linux sets the barrier bit even when not advertised! */
+ outhdr.type &= ~VIRTIO_BLK_T_BARRIER;
+
+ switch (outhdr.type) {
+ case VIRTIO_BLK_T_IN:
+ do_rdwr_cmd(s, true, in_iov, in_num, outhdr.sector * 512, head, inhdr);
+ return 0;
+
+ case VIRTIO_BLK_T_OUT:
+ do_rdwr_cmd(s, false, iov, out_num, outhdr.sector * 512, head, inhdr);
+ return 0;
+
+ case VIRTIO_BLK_T_SCSI_CMD:
+ /* TODO support SCSI commands */
+ complete_request_early(s, head, inhdr, VIRTIO_BLK_S_UNSUPP);
+ return 0;
+
+ case VIRTIO_BLK_T_FLUSH:
+ /* TODO fdsync not supported by Linux AIO, do it synchronously here! */
+ if (qemu_fdatasync(s->fd) < 0) {
+ complete_request_early(s, head, inhdr, VIRTIO_BLK_S_IOERR);
+ } else {
+ complete_request_early(s, head, inhdr, VIRTIO_BLK_S_OK);
+ }
+ return 0;
+
+ case VIRTIO_BLK_T_GET_ID:
+ do_get_id_cmd(s, in_iov, in_num, head, inhdr);
+ return 0;
+
+ default:
+ error_report("virtio-blk unsupported request type %#x", outhdr.type);
+ qemu_iovec_destroy(inhdr);
+ g_slice_free(QEMUIOVector, inhdr);
+ return -EFAULT;
+ }
+}
+
+static int flush_true(EventNotifier *e)
+{
+ return true;
+}
+
+static void handle_notify(EventNotifier *e)
+{
+ VirtIOBlockDataPlane *s = container_of(e, VirtIOBlockDataPlane,
+ host_notifier);
+
+ /* There is one array of iovecs into which all new requests are extracted
+ * from the vring. Requests are read from the vring and the translated
+ * descriptors are written to the iovecs array. The iovecs do not have to
+ * persist across handle_notify() calls because the kernel copies the
+ * iovecs on io_submit().
+ *
+ * Handling io_submit() EAGAIN may require storing the requests across
+ * handle_notify() calls until the kernel has sufficient resources to
+ * accept more I/O. This is not implemented yet.
+ */
+ struct iovec iovec[VRING_MAX];
+ struct iovec *end = &iovec[VRING_MAX];
+ struct iovec *iov = iovec;
+
+ /* When a request is read from the vring, the index of the first descriptor
+ * (aka head) is returned so that the completed request can be pushed onto
+ * the vring later.
+ *
+ * The number of hypervisor read-only iovecs is out_num. The number of
+ * hypervisor write-only iovecs is in_num.
+ */
+ int head;
+ unsigned int out_num = 0, in_num = 0;
+ unsigned int num_queued;
+
+ event_notifier_test_and_clear(&s->host_notifier);
+ for (;;) {
+ /* Disable guest->host notifies to avoid unnecessary vmexits */
+ vring_disable_notification(s->vdev, &s->vring);
+
+ for (;;) {
+ head = vring_pop(s->vdev, &s->vring, iov, end, &out_num, &in_num);
+ if (head < 0) {
+ break; /* no more requests */
+ }
+
+ trace_virtio_blk_data_plane_process_request(s, out_num, in_num,
+ head);
+
+ if (process_request(&s->ioqueue, iov, out_num, in_num, head) < 0) {
+ vring_set_broken(&s->vring);
+ break;
+ }
+ iov += out_num + in_num;
+ }
+
+ if (likely(head == -EAGAIN)) { /* vring emptied */
+ /* Re-enable guest->host notifies and stop processing the vring.
+ * But if the guest has snuck in more descriptors, keep processing.
+ */
+ if (vring_enable_notification(s->vdev, &s->vring)) {
+ break;
+ }
+ } else { /* head == -ENOBUFS or fatal error, iovecs[] is depleted */
+ /* Since there are no iovecs[] left, stop processing for now. Do
+ * not re-enable guest->host notifies since the I/O completion
+ * handler knows to check for more vring descriptors anyway.
+ */
+ break;
+ }
+ }
+
+ num_queued = ioq_num_queued(&s->ioqueue);
+ if (num_queued > 0) {
+ s->num_reqs += num_queued;
+
+ int rc = ioq_submit(&s->ioqueue);
+ if (unlikely(rc < 0)) {
+ fprintf(stderr, "ioq_submit failed %d\n", rc);
+ exit(1);
+ }
+ }
+}
+
+static int flush_io(EventNotifier *e)
+{
+ VirtIOBlockDataPlane *s = container_of(e, VirtIOBlockDataPlane,
+ io_notifier);
+
+ return s->num_reqs > 0;
+}
+
+static void handle_io(EventNotifier *e)
+{
+ VirtIOBlockDataPlane *s = container_of(e, VirtIOBlockDataPlane,
+ io_notifier);
+
+ event_notifier_test_and_clear(&s->io_notifier);
+ if (ioq_run_completion(&s->ioqueue, complete_request, s) > 0) {
+ notify_guest(s);
+ }
+
+ /* If there were more requests than iovecs, the vring will not be empty yet
+ * so check again. There should now be enough resources to process more
+ * requests.
+ */
+ if (unlikely(vring_more_avail(&s->vring))) {
+ handle_notify(&s->host_notifier);
+ }
+}
+
+static void *data_plane_thread(void *opaque)
+{
+ VirtIOBlockDataPlane *s = opaque;
+
+ do {
+ aio_poll(s->ctx, true);
+ } while (!s->stopping || s->num_reqs > 0);
+ return NULL;
+}
+
+static void start_data_plane_bh(void *opaque)
+{
+ VirtIOBlockDataPlane *s = opaque;
+
+ qemu_bh_delete(s->start_bh);
+ s->start_bh = NULL;
+ qemu_thread_create(&s->thread, data_plane_thread,
+ s, QEMU_THREAD_JOINABLE);
+}
+
+bool virtio_blk_data_plane_create(VirtIODevice *vdev, VirtIOBlkConf *blk,
+ VirtIOBlockDataPlane **dataplane)
+{
+ VirtIOBlockDataPlane *s;
+ int fd;
+
+ *dataplane = NULL;
+
+ if (!blk->data_plane) {
+ return true;
+ }
+
+ if (blk->scsi) {
+ error_report("device is incompatible with x-data-plane, use scsi=off");
+ return false;
+ }
+
+ if (blk->config_wce) {
+ error_report("device is incompatible with x-data-plane, "
+ "use config-wce=off");
+ return false;
+ }
+
+ /* If dataplane is (re-)enabled while the guest is running there could be
+ * block jobs that can conflict.
+ */
+ if (bdrv_in_use(blk->conf.bs)) {
+ error_report("cannot start dataplane thread while device is in use");
+ return false;
+ }
+
+ fd = raw_get_aio_fd(blk->conf.bs);
+ if (fd < 0) {
+ error_report("drive is incompatible with x-data-plane, "
+ "use format=raw,cache=none,aio=native");
+ return false;
+ }
+
+ s = g_new0(VirtIOBlockDataPlane, 1);
+ s->vdev = vdev;
+ s->fd = fd;
+ s->blk = blk;
+
+ /* Prevent block operations that conflict with data plane thread */
+ bdrv_set_in_use(blk->conf.bs, 1);
+
+ *dataplane = s;
+ return true;
+}
+
+void virtio_blk_data_plane_destroy(VirtIOBlockDataPlane *s)
+{
+ if (!s) {
+ return;
+ }
+
+ virtio_blk_data_plane_stop(s);
+ bdrv_set_in_use(s->blk->conf.bs, 0);
+ g_free(s);
+}
+
+void virtio_blk_data_plane_start(VirtIOBlockDataPlane *s)
+{
+ BusState *qbus = BUS(qdev_get_parent_bus(DEVICE(s->vdev)));
+ VirtioBusClass *k = VIRTIO_BUS_GET_CLASS(qbus);
+ VirtQueue *vq;
+ int i;
+
+ if (s->started) {
+ return;
+ }
+
+ vq = virtio_get_queue(s->vdev, 0);
+ if (!vring_setup(&s->vring, s->vdev, 0)) {
+ return;
+ }
+
+ s->ctx = aio_context_new();
+
+ /* Set up guest notifier (irq) */
+ if (k->set_guest_notifiers(qbus->parent, 1, true) != 0) {
+ fprintf(stderr, "virtio-blk failed to set guest notifier, "
+ "ensure -enable-kvm is set\n");
+ exit(1);
+ }
+ s->guest_notifier = virtio_queue_get_guest_notifier(vq);
+
+ /* Set up virtqueue notify */
+ if (k->set_host_notifier(qbus->parent, 0, true) != 0) {
+ fprintf(stderr, "virtio-blk failed to set host notifier\n");
+ exit(1);
+ }
+ s->host_notifier = *virtio_queue_get_host_notifier(vq);
+ aio_set_event_notifier(s->ctx, &s->host_notifier, handle_notify, flush_true);
+
+ /* Set up ioqueue */
+ ioq_init(&s->ioqueue, s->fd, REQ_MAX);
+ for (i = 0; i < ARRAY_SIZE(s->requests); i++) {
+ ioq_put_iocb(&s->ioqueue, &s->requests[i].iocb);
+ }
+ s->io_notifier = *ioq_get_notifier(&s->ioqueue);
+ aio_set_event_notifier(s->ctx, &s->io_notifier, handle_io, flush_io);
+
+ s->started = true;
+ trace_virtio_blk_data_plane_start(s);
+
+ /* Kick right away to begin processing requests already in vring */
+ event_notifier_set(virtio_queue_get_host_notifier(vq));
+
+ /* Spawn thread in BH so it inherits iothread cpusets */
+ s->start_bh = qemu_bh_new(start_data_plane_bh, s);
+ qemu_bh_schedule(s->start_bh);
+}
+
+void virtio_blk_data_plane_stop(VirtIOBlockDataPlane *s)
+{
+ BusState *qbus = BUS(qdev_get_parent_bus(DEVICE(s->vdev)));
+ VirtioBusClass *k = VIRTIO_BUS_GET_CLASS(qbus);
+ if (!s->started || s->stopping) {
+ return;
+ }
+ s->stopping = true;
+ trace_virtio_blk_data_plane_stop(s);
+
+ /* Stop thread or cancel pending thread creation BH */
+ if (s->start_bh) {
+ qemu_bh_delete(s->start_bh);
+ s->start_bh = NULL;
+ } else {
+ aio_notify(s->ctx);
+ qemu_thread_join(&s->thread);
+ }
+
+ aio_set_event_notifier(s->ctx, &s->io_notifier, NULL, NULL);
+ ioq_cleanup(&s->ioqueue);
+
+ aio_set_event_notifier(s->ctx, &s->host_notifier, NULL, NULL);
+ k->set_host_notifier(qbus->parent, 0, false);
+
+ aio_context_unref(s->ctx);
+
+ /* Clean up guest notifier (irq) */
+ k->set_guest_notifiers(qbus->parent, 1, false);
+
+ vring_teardown(&s->vring, s->vdev, 0);
+ s->started = false;
+ s->stopping = false;
+}
diff --git a/hw/block/dataplane/virtio-blk.h b/hw/block/dataplane/virtio-blk.h
new file mode 100644
index 000000000..c90e99f48
--- /dev/null
+++ b/hw/block/dataplane/virtio-blk.h
@@ -0,0 +1,29 @@
+/*
+ * Dedicated thread for virtio-blk I/O processing
+ *
+ * Copyright 2012 IBM, Corp.
+ * Copyright 2012 Red Hat, Inc. and/or its affiliates
+ *
+ * Authors:
+ * Stefan Hajnoczi <stefanha@redhat.com>
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or later.
+ * See the COPYING file in the top-level directory.
+ *
+ */
+
+#ifndef HW_DATAPLANE_VIRTIO_BLK_H
+#define HW_DATAPLANE_VIRTIO_BLK_H
+
+#include "hw/virtio/virtio.h"
+
+typedef struct VirtIOBlockDataPlane VirtIOBlockDataPlane;
+
+bool virtio_blk_data_plane_create(VirtIODevice *vdev, VirtIOBlkConf *blk,
+ VirtIOBlockDataPlane **dataplane);
+void virtio_blk_data_plane_destroy(VirtIOBlockDataPlane *s);
+void virtio_blk_data_plane_start(VirtIOBlockDataPlane *s);
+void virtio_blk_data_plane_stop(VirtIOBlockDataPlane *s);
+void virtio_blk_data_plane_drain(VirtIOBlockDataPlane *s);
+
+#endif /* HW_DATAPLANE_VIRTIO_BLK_H */
diff --git a/hw/block/ecc.c b/hw/block/ecc.c
new file mode 100644
index 000000000..8c888cc12
--- /dev/null
+++ b/hw/block/ecc.c
@@ -0,0 +1,91 @@
+/*
+ * Calculate Error-correcting Codes. Used by NAND Flash controllers
+ * (not by NAND chips).
+ *
+ * Copyright (c) 2006 Openedhand Ltd.
+ * Written by Andrzej Zaborowski <balrog@zabor.org>
+ *
+ * This code is licensed under the GNU GPL v2.
+ *
+ * Contributions after 2012-01-13 are licensed under the terms of the
+ * GNU GPL, version 2 or (at your option) any later version.
+ */
+
+#include "hw/hw.h"
+#include "hw/block/flash.h"
+
+/*
+ * Pre-calculated 256-way 1 byte column parity. Table borrowed from Linux.
+ */
+static const uint8_t nand_ecc_precalc_table[] = {
+ 0x00, 0x55, 0x56, 0x03, 0x59, 0x0c, 0x0f, 0x5a,
+ 0x5a, 0x0f, 0x0c, 0x59, 0x03, 0x56, 0x55, 0x00,
+ 0x65, 0x30, 0x33, 0x66, 0x3c, 0x69, 0x6a, 0x3f,
+ 0x3f, 0x6a, 0x69, 0x3c, 0x66, 0x33, 0x30, 0x65,
+ 0x66, 0x33, 0x30, 0x65, 0x3f, 0x6a, 0x69, 0x3c,
+ 0x3c, 0x69, 0x6a, 0x3f, 0x65, 0x30, 0x33, 0x66,
+ 0x03, 0x56, 0x55, 0x00, 0x5a, 0x0f, 0x0c, 0x59,
+ 0x59, 0x0c, 0x0f, 0x5a, 0x00, 0x55, 0x56, 0x03,
+ 0x69, 0x3c, 0x3f, 0x6a, 0x30, 0x65, 0x66, 0x33,
+ 0x33, 0x66, 0x65, 0x30, 0x6a, 0x3f, 0x3c, 0x69,
+ 0x0c, 0x59, 0x5a, 0x0f, 0x55, 0x00, 0x03, 0x56,
+ 0x56, 0x03, 0x00, 0x55, 0x0f, 0x5a, 0x59, 0x0c,
+ 0x0f, 0x5a, 0x59, 0x0c, 0x56, 0x03, 0x00, 0x55,
+ 0x55, 0x00, 0x03, 0x56, 0x0c, 0x59, 0x5a, 0x0f,
+ 0x6a, 0x3f, 0x3c, 0x69, 0x33, 0x66, 0x65, 0x30,
+ 0x30, 0x65, 0x66, 0x33, 0x69, 0x3c, 0x3f, 0x6a,
+ 0x6a, 0x3f, 0x3c, 0x69, 0x33, 0x66, 0x65, 0x30,
+ 0x30, 0x65, 0x66, 0x33, 0x69, 0x3c, 0x3f, 0x6a,
+ 0x0f, 0x5a, 0x59, 0x0c, 0x56, 0x03, 0x00, 0x55,
+ 0x55, 0x00, 0x03, 0x56, 0x0c, 0x59, 0x5a, 0x0f,
+ 0x0c, 0x59, 0x5a, 0x0f, 0x55, 0x00, 0x03, 0x56,
+ 0x56, 0x03, 0x00, 0x55, 0x0f, 0x5a, 0x59, 0x0c,
+ 0x69, 0x3c, 0x3f, 0x6a, 0x30, 0x65, 0x66, 0x33,
+ 0x33, 0x66, 0x65, 0x30, 0x6a, 0x3f, 0x3c, 0x69,
+ 0x03, 0x56, 0x55, 0x00, 0x5a, 0x0f, 0x0c, 0x59,
+ 0x59, 0x0c, 0x0f, 0x5a, 0x00, 0x55, 0x56, 0x03,
+ 0x66, 0x33, 0x30, 0x65, 0x3f, 0x6a, 0x69, 0x3c,
+ 0x3c, 0x69, 0x6a, 0x3f, 0x65, 0x30, 0x33, 0x66,
+ 0x65, 0x30, 0x33, 0x66, 0x3c, 0x69, 0x6a, 0x3f,
+ 0x3f, 0x6a, 0x69, 0x3c, 0x66, 0x33, 0x30, 0x65,
+ 0x00, 0x55, 0x56, 0x03, 0x59, 0x0c, 0x0f, 0x5a,
+ 0x5a, 0x0f, 0x0c, 0x59, 0x03, 0x56, 0x55, 0x00,
+};
+
+/* Update ECC parity count. */
+uint8_t ecc_digest(ECCState *s, uint8_t sample)
+{
+ uint8_t idx = nand_ecc_precalc_table[sample];
+
+ s->cp ^= idx & 0x3f;
+ if (idx & 0x40) {
+ s->lp[0] ^= ~s->count;
+ s->lp[1] ^= s->count;
+ }
+ s->count ++;
+
+ return sample;
+}
+
+/* Reinitialise the counters. */
+void ecc_reset(ECCState *s)
+{
+ s->lp[0] = 0x0000;
+ s->lp[1] = 0x0000;
+ s->cp = 0x00;
+ s->count = 0;
+}
+
+/* Save/restore */
+VMStateDescription vmstate_ecc_state = {
+ .name = "ecc-state",
+ .version_id = 0,
+ .minimum_version_id = 0,
+ .minimum_version_id_old = 0,
+ .fields = (VMStateField []) {
+ VMSTATE_UINT8(cp, ECCState),
+ VMSTATE_UINT16_ARRAY(lp, ECCState, 2),
+ VMSTATE_UINT16(count, ECCState),
+ VMSTATE_END_OF_LIST(),
+ },
+};
diff --git a/hw/block/fdc.c b/hw/block/fdc.c
new file mode 100644
index 000000000..e35ed2eab
--- /dev/null
+++ b/hw/block/fdc.c
@@ -0,0 +1,2328 @@
+/*
+ * QEMU Floppy disk emulator (Intel 82078)
+ *
+ * Copyright (c) 2003, 2007 Jocelyn Mayer
+ * Copyright (c) 2008 Hervé Poussineau
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+/*
+ * The controller is used in Sun4m systems in a slightly different
+ * way. There are changes in DOR register and DMA is not available.
+ */
+
+#include "hw/hw.h"
+#include "hw/block/fdc.h"
+#include "qemu/error-report.h"
+#include "qemu/timer.h"
+#include "hw/isa/isa.h"
+#include "hw/sysbus.h"
+#include "sysemu/blockdev.h"
+#include "sysemu/sysemu.h"
+#include "qemu/log.h"
+
+/********************************************************/
+/* debug Floppy devices */
+//#define DEBUG_FLOPPY
+
+#ifdef DEBUG_FLOPPY
+#define FLOPPY_DPRINTF(fmt, ...) \
+ do { printf("FLOPPY: " fmt , ## __VA_ARGS__); } while (0)
+#else
+#define FLOPPY_DPRINTF(fmt, ...)
+#endif
+
+/********************************************************/
+/* Floppy drive emulation */
+
+typedef enum FDriveRate {
+ FDRIVE_RATE_500K = 0x00, /* 500 Kbps */
+ FDRIVE_RATE_300K = 0x01, /* 300 Kbps */
+ FDRIVE_RATE_250K = 0x02, /* 250 Kbps */
+ FDRIVE_RATE_1M = 0x03, /* 1 Mbps */
+} FDriveRate;
+
+typedef struct FDFormat {
+ FDriveType drive;
+ uint8_t last_sect;
+ uint8_t max_track;
+ uint8_t max_head;
+ FDriveRate rate;
+} FDFormat;
+
+static const FDFormat fd_formats[] = {
+ /* First entry is default format */
+ /* 1.44 MB 3"1/2 floppy disks */
+ { FDRIVE_DRV_144, 18, 80, 1, FDRIVE_RATE_500K, },
+ { FDRIVE_DRV_144, 20, 80, 1, FDRIVE_RATE_500K, },
+ { FDRIVE_DRV_144, 21, 80, 1, FDRIVE_RATE_500K, },
+ { FDRIVE_DRV_144, 21, 82, 1, FDRIVE_RATE_500K, },
+ { FDRIVE_DRV_144, 21, 83, 1, FDRIVE_RATE_500K, },
+ { FDRIVE_DRV_144, 22, 80, 1, FDRIVE_RATE_500K, },
+ { FDRIVE_DRV_144, 23, 80, 1, FDRIVE_RATE_500K, },
+ { FDRIVE_DRV_144, 24, 80, 1, FDRIVE_RATE_500K, },
+ /* 2.88 MB 3"1/2 floppy disks */
+ { FDRIVE_DRV_288, 36, 80, 1, FDRIVE_RATE_1M, },
+ { FDRIVE_DRV_288, 39, 80, 1, FDRIVE_RATE_1M, },
+ { FDRIVE_DRV_288, 40, 80, 1, FDRIVE_RATE_1M, },
+ { FDRIVE_DRV_288, 44, 80, 1, FDRIVE_RATE_1M, },
+ { FDRIVE_DRV_288, 48, 80, 1, FDRIVE_RATE_1M, },
+ /* 720 kB 3"1/2 floppy disks */
+ { FDRIVE_DRV_144, 9, 80, 1, FDRIVE_RATE_250K, },
+ { FDRIVE_DRV_144, 10, 80, 1, FDRIVE_RATE_250K, },
+ { FDRIVE_DRV_144, 10, 82, 1, FDRIVE_RATE_250K, },
+ { FDRIVE_DRV_144, 10, 83, 1, FDRIVE_RATE_250K, },
+ { FDRIVE_DRV_144, 13, 80, 1, FDRIVE_RATE_250K, },
+ { FDRIVE_DRV_144, 14, 80, 1, FDRIVE_RATE_250K, },
+ /* 1.2 MB 5"1/4 floppy disks */
+ { FDRIVE_DRV_120, 15, 80, 1, FDRIVE_RATE_500K, },
+ { FDRIVE_DRV_120, 18, 80, 1, FDRIVE_RATE_500K, },
+ { FDRIVE_DRV_120, 18, 82, 1, FDRIVE_RATE_500K, },
+ { FDRIVE_DRV_120, 18, 83, 1, FDRIVE_RATE_500K, },
+ { FDRIVE_DRV_120, 20, 80, 1, FDRIVE_RATE_500K, },
+ /* 720 kB 5"1/4 floppy disks */
+ { FDRIVE_DRV_120, 9, 80, 1, FDRIVE_RATE_250K, },
+ { FDRIVE_DRV_120, 11, 80, 1, FDRIVE_RATE_250K, },
+ /* 360 kB 5"1/4 floppy disks */
+ { FDRIVE_DRV_120, 9, 40, 1, FDRIVE_RATE_300K, },
+ { FDRIVE_DRV_120, 9, 40, 0, FDRIVE_RATE_300K, },
+ { FDRIVE_DRV_120, 10, 41, 1, FDRIVE_RATE_300K, },
+ { FDRIVE_DRV_120, 10, 42, 1, FDRIVE_RATE_300K, },
+ /* 320 kB 5"1/4 floppy disks */
+ { FDRIVE_DRV_120, 8, 40, 1, FDRIVE_RATE_250K, },
+ { FDRIVE_DRV_120, 8, 40, 0, FDRIVE_RATE_250K, },
+ /* 360 kB must match 5"1/4 better than 3"1/2... */
+ { FDRIVE_DRV_144, 9, 80, 0, FDRIVE_RATE_250K, },
+ /* end */
+ { FDRIVE_DRV_NONE, -1, -1, 0, 0, },
+};
+
+static void pick_geometry(BlockDriverState *bs, int *nb_heads,
+ int *max_track, int *last_sect,
+ FDriveType drive_in, FDriveType *drive,
+ FDriveRate *rate)
+{
+ const FDFormat *parse;
+ uint64_t nb_sectors, size;
+ int i, first_match, match;
+
+ bdrv_get_geometry(bs, &nb_sectors);
+ match = -1;
+ first_match = -1;
+ for (i = 0; ; i++) {
+ parse = &fd_formats[i];
+ if (parse->drive == FDRIVE_DRV_NONE) {
+ break;
+ }
+ if (drive_in == parse->drive ||
+ drive_in == FDRIVE_DRV_NONE) {
+ size = (parse->max_head + 1) * parse->max_track *
+ parse->last_sect;
+ if (nb_sectors == size) {
+ match = i;
+ break;
+ }
+ if (first_match == -1) {
+ first_match = i;
+ }
+ }
+ }
+ if (match == -1) {
+ if (first_match == -1) {
+ match = 1;
+ } else {
+ match = first_match;
+ }
+ parse = &fd_formats[match];
+ }
+ *nb_heads = parse->max_head + 1;
+ *max_track = parse->max_track;
+ *last_sect = parse->last_sect;
+ *drive = parse->drive;
+ *rate = parse->rate;
+}
+
+#define GET_CUR_DRV(fdctrl) ((fdctrl)->cur_drv)
+#define SET_CUR_DRV(fdctrl, drive) ((fdctrl)->cur_drv = (drive))
+
+/* Will always be a fixed parameter for us */
+#define FD_SECTOR_LEN 512
+#define FD_SECTOR_SC 2 /* Sector size code */
+#define FD_RESET_SENSEI_COUNT 4 /* Number of sense interrupts on RESET */
+
+typedef struct FDCtrl FDCtrl;
+
+/* Floppy disk drive emulation */
+typedef enum FDiskFlags {
+ FDISK_DBL_SIDES = 0x01,
+} FDiskFlags;
+
+typedef struct FDrive {
+ FDCtrl *fdctrl;
+ BlockDriverState *bs;
+ /* Drive status */
+ FDriveType drive;
+ uint8_t perpendicular; /* 2.88 MB access mode */
+ /* Position */
+ uint8_t head;
+ uint8_t track;
+ uint8_t sect;
+ /* Media */
+ FDiskFlags flags;
+ uint8_t last_sect; /* Nb sector per track */
+ uint8_t max_track; /* Nb of tracks */
+ uint16_t bps; /* Bytes per sector */
+ uint8_t ro; /* Is read-only */
+ uint8_t media_changed; /* Is media changed */
+ uint8_t media_rate; /* Data rate of medium */
+} FDrive;
+
+static void fd_init(FDrive *drv)
+{
+ /* Drive */
+ drv->drive = FDRIVE_DRV_NONE;
+ drv->perpendicular = 0;
+ /* Disk */
+ drv->last_sect = 0;
+ drv->max_track = 0;
+}
+
+#define NUM_SIDES(drv) ((drv)->flags & FDISK_DBL_SIDES ? 2 : 1)
+
+static int fd_sector_calc(uint8_t head, uint8_t track, uint8_t sect,
+ uint8_t last_sect, uint8_t num_sides)
+{
+ return (((track * num_sides) + head) * last_sect) + sect - 1;
+}
+
+/* Returns current position, in sectors, for given drive */
+static int fd_sector(FDrive *drv)
+{
+ return fd_sector_calc(drv->head, drv->track, drv->sect, drv->last_sect,
+ NUM_SIDES(drv));
+}
+
+/* Seek to a new position:
+ * returns 0 if already on right track
+ * returns 1 if track changed
+ * returns 2 if track is invalid
+ * returns 3 if sector is invalid
+ * returns 4 if seek is disabled
+ */
+static int fd_seek(FDrive *drv, uint8_t head, uint8_t track, uint8_t sect,
+ int enable_seek)
+{
+ uint32_t sector;
+ int ret;
+
+ if (track > drv->max_track ||
+ (head != 0 && (drv->flags & FDISK_DBL_SIDES) == 0)) {
+ FLOPPY_DPRINTF("try to read %d %02x %02x (max=%d %d %02x %02x)\n",
+ head, track, sect, 1,
+ (drv->flags & FDISK_DBL_SIDES) == 0 ? 0 : 1,
+ drv->max_track, drv->last_sect);
+ return 2;
+ }
+ if (sect > drv->last_sect) {
+ FLOPPY_DPRINTF("try to read %d %02x %02x (max=%d %d %02x %02x)\n",
+ head, track, sect, 1,
+ (drv->flags & FDISK_DBL_SIDES) == 0 ? 0 : 1,
+ drv->max_track, drv->last_sect);
+ return 3;
+ }
+ sector = fd_sector_calc(head, track, sect, drv->last_sect, NUM_SIDES(drv));
+ ret = 0;
+ if (sector != fd_sector(drv)) {
+#if 0
+ if (!enable_seek) {
+ FLOPPY_DPRINTF("error: no implicit seek %d %02x %02x"
+ " (max=%d %02x %02x)\n",
+ head, track, sect, 1, drv->max_track,
+ drv->last_sect);
+ return 4;
+ }
+#endif
+ drv->head = head;
+ if (drv->track != track) {
+ if (drv->bs != NULL && bdrv_is_inserted(drv->bs)) {
+ drv->media_changed = 0;
+ }
+ ret = 1;
+ }
+ drv->track = track;
+ drv->sect = sect;
+ }
+
+ if (drv->bs == NULL || !bdrv_is_inserted(drv->bs)) {
+ ret = 2;
+ }
+
+ return ret;
+}
+
+/* Set drive back to track 0 */
+static void fd_recalibrate(FDrive *drv)
+{
+ FLOPPY_DPRINTF("recalibrate\n");
+ fd_seek(drv, 0, 0, 1, 1);
+}
+
+/* Revalidate a disk drive after a disk change */
+static void fd_revalidate(FDrive *drv)
+{
+ int nb_heads, max_track, last_sect, ro;
+ FDriveType drive;
+ FDriveRate rate;
+
+ FLOPPY_DPRINTF("revalidate\n");
+ if (drv->bs != NULL) {
+ ro = bdrv_is_read_only(drv->bs);
+ pick_geometry(drv->bs, &nb_heads, &max_track,
+ &last_sect, drv->drive, &drive, &rate);
+ if (!bdrv_is_inserted(drv->bs)) {
+ FLOPPY_DPRINTF("No disk in drive\n");
+ } else {
+ FLOPPY_DPRINTF("Floppy disk (%d h %d t %d s) %s\n", nb_heads,
+ max_track, last_sect, ro ? "ro" : "rw");
+ }
+ if (nb_heads == 1) {
+ drv->flags &= ~FDISK_DBL_SIDES;
+ } else {
+ drv->flags |= FDISK_DBL_SIDES;
+ }
+ drv->max_track = max_track;
+ drv->last_sect = last_sect;
+ drv->ro = ro;
+ drv->drive = drive;
+ drv->media_rate = rate;
+ } else {
+ FLOPPY_DPRINTF("No drive connected\n");
+ drv->last_sect = 0;
+ drv->max_track = 0;
+ drv->flags &= ~FDISK_DBL_SIDES;
+ }
+}
+
+/********************************************************/
+/* Intel 82078 floppy disk controller emulation */
+
+static void fdctrl_reset(FDCtrl *fdctrl, int do_irq);
+static void fdctrl_reset_fifo(FDCtrl *fdctrl);
+static int fdctrl_transfer_handler (void *opaque, int nchan,
+ int dma_pos, int dma_len);
+static void fdctrl_raise_irq(FDCtrl *fdctrl);
+static FDrive *get_cur_drv(FDCtrl *fdctrl);
+
+static uint32_t fdctrl_read_statusA(FDCtrl *fdctrl);
+static uint32_t fdctrl_read_statusB(FDCtrl *fdctrl);
+static uint32_t fdctrl_read_dor(FDCtrl *fdctrl);
+static void fdctrl_write_dor(FDCtrl *fdctrl, uint32_t value);
+static uint32_t fdctrl_read_tape(FDCtrl *fdctrl);
+static void fdctrl_write_tape(FDCtrl *fdctrl, uint32_t value);
+static uint32_t fdctrl_read_main_status(FDCtrl *fdctrl);
+static void fdctrl_write_rate(FDCtrl *fdctrl, uint32_t value);
+static uint32_t fdctrl_read_data(FDCtrl *fdctrl);
+static void fdctrl_write_data(FDCtrl *fdctrl, uint32_t value);
+static uint32_t fdctrl_read_dir(FDCtrl *fdctrl);
+static void fdctrl_write_ccr(FDCtrl *fdctrl, uint32_t value);
+
+enum {
+ FD_DIR_WRITE = 0,
+ FD_DIR_READ = 1,
+ FD_DIR_SCANE = 2,
+ FD_DIR_SCANL = 3,
+ FD_DIR_SCANH = 4,
+ FD_DIR_VERIFY = 5,
+};
+
+enum {
+ FD_STATE_MULTI = 0x01, /* multi track flag */
+ FD_STATE_FORMAT = 0x02, /* format flag */
+};
+
+enum {
+ FD_REG_SRA = 0x00,
+ FD_REG_SRB = 0x01,
+ FD_REG_DOR = 0x02,
+ FD_REG_TDR = 0x03,
+ FD_REG_MSR = 0x04,
+ FD_REG_DSR = 0x04,
+ FD_REG_FIFO = 0x05,
+ FD_REG_DIR = 0x07,
+ FD_REG_CCR = 0x07,
+};
+
+enum {
+ FD_CMD_READ_TRACK = 0x02,
+ FD_CMD_SPECIFY = 0x03,
+ FD_CMD_SENSE_DRIVE_STATUS = 0x04,
+ FD_CMD_WRITE = 0x05,
+ FD_CMD_READ = 0x06,
+ FD_CMD_RECALIBRATE = 0x07,
+ FD_CMD_SENSE_INTERRUPT_STATUS = 0x08,
+ FD_CMD_WRITE_DELETED = 0x09,
+ FD_CMD_READ_ID = 0x0a,
+ FD_CMD_READ_DELETED = 0x0c,
+ FD_CMD_FORMAT_TRACK = 0x0d,
+ FD_CMD_DUMPREG = 0x0e,
+ FD_CMD_SEEK = 0x0f,
+ FD_CMD_VERSION = 0x10,
+ FD_CMD_SCAN_EQUAL = 0x11,
+ FD_CMD_PERPENDICULAR_MODE = 0x12,
+ FD_CMD_CONFIGURE = 0x13,
+ FD_CMD_LOCK = 0x14,
+ FD_CMD_VERIFY = 0x16,
+ FD_CMD_POWERDOWN_MODE = 0x17,
+ FD_CMD_PART_ID = 0x18,
+ FD_CMD_SCAN_LOW_OR_EQUAL = 0x19,
+ FD_CMD_SCAN_HIGH_OR_EQUAL = 0x1d,
+ FD_CMD_SAVE = 0x2e,
+ FD_CMD_OPTION = 0x33,
+ FD_CMD_RESTORE = 0x4e,
+ FD_CMD_DRIVE_SPECIFICATION_COMMAND = 0x8e,
+ FD_CMD_RELATIVE_SEEK_OUT = 0x8f,
+ FD_CMD_FORMAT_AND_WRITE = 0xcd,
+ FD_CMD_RELATIVE_SEEK_IN = 0xcf,
+};
+
+enum {
+ FD_CONFIG_PRETRK = 0xff, /* Pre-compensation set to track 0 */
+ FD_CONFIG_FIFOTHR = 0x0f, /* FIFO threshold set to 1 byte */
+ FD_CONFIG_POLL = 0x10, /* Poll enabled */
+ FD_CONFIG_EFIFO = 0x20, /* FIFO disabled */
+ FD_CONFIG_EIS = 0x40, /* No implied seeks */
+};
+
+enum {
+ FD_SR0_DS0 = 0x01,
+ FD_SR0_DS1 = 0x02,
+ FD_SR0_HEAD = 0x04,
+ FD_SR0_EQPMT = 0x10,
+ FD_SR0_SEEK = 0x20,
+ FD_SR0_ABNTERM = 0x40,
+ FD_SR0_INVCMD = 0x80,
+ FD_SR0_RDYCHG = 0xc0,
+};
+
+enum {
+ FD_SR1_MA = 0x01, /* Missing address mark */
+ FD_SR1_NW = 0x02, /* Not writable */
+ FD_SR1_EC = 0x80, /* End of cylinder */
+};
+
+enum {
+ FD_SR2_SNS = 0x04, /* Scan not satisfied */
+ FD_SR2_SEH = 0x08, /* Scan equal hit */
+};
+
+enum {
+ FD_SRA_DIR = 0x01,
+ FD_SRA_nWP = 0x02,
+ FD_SRA_nINDX = 0x04,
+ FD_SRA_HDSEL = 0x08,
+ FD_SRA_nTRK0 = 0x10,
+ FD_SRA_STEP = 0x20,
+ FD_SRA_nDRV2 = 0x40,
+ FD_SRA_INTPEND = 0x80,
+};
+
+enum {
+ FD_SRB_MTR0 = 0x01,
+ FD_SRB_MTR1 = 0x02,
+ FD_SRB_WGATE = 0x04,
+ FD_SRB_RDATA = 0x08,
+ FD_SRB_WDATA = 0x10,
+ FD_SRB_DR0 = 0x20,
+};
+
+enum {
+#if MAX_FD == 4
+ FD_DOR_SELMASK = 0x03,
+#else
+ FD_DOR_SELMASK = 0x01,
+#endif
+ FD_DOR_nRESET = 0x04,
+ FD_DOR_DMAEN = 0x08,
+ FD_DOR_MOTEN0 = 0x10,
+ FD_DOR_MOTEN1 = 0x20,
+ FD_DOR_MOTEN2 = 0x40,
+ FD_DOR_MOTEN3 = 0x80,
+};
+
+enum {
+#if MAX_FD == 4
+ FD_TDR_BOOTSEL = 0x0c,
+#else
+ FD_TDR_BOOTSEL = 0x04,
+#endif
+};
+
+enum {
+ FD_DSR_DRATEMASK= 0x03,
+ FD_DSR_PWRDOWN = 0x40,
+ FD_DSR_SWRESET = 0x80,
+};
+
+enum {
+ FD_MSR_DRV0BUSY = 0x01,
+ FD_MSR_DRV1BUSY = 0x02,
+ FD_MSR_DRV2BUSY = 0x04,
+ FD_MSR_DRV3BUSY = 0x08,
+ FD_MSR_CMDBUSY = 0x10,
+ FD_MSR_NONDMA = 0x20,
+ FD_MSR_DIO = 0x40,
+ FD_MSR_RQM = 0x80,
+};
+
+enum {
+ FD_DIR_DSKCHG = 0x80,
+};
+
+#define FD_MULTI_TRACK(state) ((state) & FD_STATE_MULTI)
+#define FD_FORMAT_CMD(state) ((state) & FD_STATE_FORMAT)
+
+struct FDCtrl {
+ MemoryRegion iomem;
+ qemu_irq irq;
+ /* Controller state */
+ QEMUTimer *result_timer;
+ int dma_chann;
+ /* Controller's identification */
+ uint8_t version;
+ /* HW */
+ uint8_t sra;
+ uint8_t srb;
+ uint8_t dor;
+ uint8_t dor_vmstate; /* only used as temp during vmstate */
+ uint8_t tdr;
+ uint8_t dsr;
+ uint8_t msr;
+ uint8_t cur_drv;
+ uint8_t status0;
+ uint8_t status1;
+ uint8_t status2;
+ /* Command FIFO */
+ uint8_t *fifo;
+ int32_t fifo_size;
+ uint32_t data_pos;
+ uint32_t data_len;
+ uint8_t data_state;
+ uint8_t data_dir;
+ uint8_t eot; /* last wanted sector */
+ /* States kept only to be returned back */
+ /* precompensation */
+ uint8_t precomp_trk;
+ uint8_t config;
+ uint8_t lock;
+ /* Power down config (also with status regB access mode */
+ uint8_t pwrd;
+ /* Floppy drives */
+ uint8_t num_floppies;
+ /* Sun4m quirks? */
+ int sun4m;
+ FDrive drives[MAX_FD];
+ int reset_sensei;
+ uint32_t check_media_rate;
+ /* Timers state */
+ uint8_t timer0;
+ uint8_t timer1;
+};
+
+#define TYPE_SYSBUS_FDC "base-sysbus-fdc"
+#define SYSBUS_FDC(obj) OBJECT_CHECK(FDCtrlSysBus, (obj), TYPE_SYSBUS_FDC)
+
+typedef struct FDCtrlSysBus {
+ /*< private >*/
+ SysBusDevice parent_obj;
+ /*< public >*/
+
+ struct FDCtrl state;
+} FDCtrlSysBus;
+
+#define ISA_FDC(obj) OBJECT_CHECK(FDCtrlISABus, (obj), TYPE_ISA_FDC)
+
+typedef struct FDCtrlISABus {
+ ISADevice parent_obj;
+
+ uint32_t iobase;
+ uint32_t irq;
+ uint32_t dma;
+ struct FDCtrl state;
+ int32_t bootindexA;
+ int32_t bootindexB;
+} FDCtrlISABus;
+
+static uint32_t fdctrl_read (void *opaque, uint32_t reg)
+{
+ FDCtrl *fdctrl = opaque;
+ uint32_t retval;
+
+ reg &= 7;
+ switch (reg) {
+ case FD_REG_SRA:
+ retval = fdctrl_read_statusA(fdctrl);
+ break;
+ case FD_REG_SRB:
+ retval = fdctrl_read_statusB(fdctrl);
+ break;
+ case FD_REG_DOR:
+ retval = fdctrl_read_dor(fdctrl);
+ break;
+ case FD_REG_TDR:
+ retval = fdctrl_read_tape(fdctrl);
+ break;
+ case FD_REG_MSR:
+ retval = fdctrl_read_main_status(fdctrl);
+ break;
+ case FD_REG_FIFO:
+ retval = fdctrl_read_data(fdctrl);
+ break;
+ case FD_REG_DIR:
+ retval = fdctrl_read_dir(fdctrl);
+ break;
+ default:
+ retval = (uint32_t)(-1);
+ break;
+ }
+ FLOPPY_DPRINTF("read reg%d: 0x%02x\n", reg & 7, retval);
+
+ return retval;
+}
+
+static void fdctrl_write (void *opaque, uint32_t reg, uint32_t value)
+{
+ FDCtrl *fdctrl = opaque;
+
+ FLOPPY_DPRINTF("write reg%d: 0x%02x\n", reg & 7, value);
+
+ reg &= 7;
+ switch (reg) {
+ case FD_REG_DOR:
+ fdctrl_write_dor(fdctrl, value);
+ break;
+ case FD_REG_TDR:
+ fdctrl_write_tape(fdctrl, value);
+ break;
+ case FD_REG_DSR:
+ fdctrl_write_rate(fdctrl, value);
+ break;
+ case FD_REG_FIFO:
+ fdctrl_write_data(fdctrl, value);
+ break;
+ case FD_REG_CCR:
+ fdctrl_write_ccr(fdctrl, value);
+ break;
+ default:
+ break;
+ }
+}
+
+static uint64_t fdctrl_read_mem (void *opaque, hwaddr reg,
+ unsigned ize)
+{
+ return fdctrl_read(opaque, (uint32_t)reg);
+}
+
+static void fdctrl_write_mem (void *opaque, hwaddr reg,
+ uint64_t value, unsigned size)
+{
+ fdctrl_write(opaque, (uint32_t)reg, value);
+}
+
+static const MemoryRegionOps fdctrl_mem_ops = {
+ .read = fdctrl_read_mem,
+ .write = fdctrl_write_mem,
+ .endianness = DEVICE_NATIVE_ENDIAN,
+};
+
+static const MemoryRegionOps fdctrl_mem_strict_ops = {
+ .read = fdctrl_read_mem,
+ .write = fdctrl_write_mem,
+ .endianness = DEVICE_NATIVE_ENDIAN,
+ .valid = {
+ .min_access_size = 1,
+ .max_access_size = 1,
+ },
+};
+
+static bool fdrive_media_changed_needed(void *opaque)
+{
+ FDrive *drive = opaque;
+
+ return (drive->bs != NULL && drive->media_changed != 1);
+}
+
+static const VMStateDescription vmstate_fdrive_media_changed = {
+ .name = "fdrive/media_changed",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .minimum_version_id_old = 1,
+ .fields = (VMStateField[]) {
+ VMSTATE_UINT8(media_changed, FDrive),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+static bool fdrive_media_rate_needed(void *opaque)
+{
+ FDrive *drive = opaque;
+
+ return drive->fdctrl->check_media_rate;
+}
+
+static const VMStateDescription vmstate_fdrive_media_rate = {
+ .name = "fdrive/media_rate",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .minimum_version_id_old = 1,
+ .fields = (VMStateField[]) {
+ VMSTATE_UINT8(media_rate, FDrive),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+static const VMStateDescription vmstate_fdrive = {
+ .name = "fdrive",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .minimum_version_id_old = 1,
+ .fields = (VMStateField[]) {
+ VMSTATE_UINT8(head, FDrive),
+ VMSTATE_UINT8(track, FDrive),
+ VMSTATE_UINT8(sect, FDrive),
+ VMSTATE_END_OF_LIST()
+ },
+ .subsections = (VMStateSubsection[]) {
+ {
+ .vmsd = &vmstate_fdrive_media_changed,
+ .needed = &fdrive_media_changed_needed,
+ } , {
+ .vmsd = &vmstate_fdrive_media_rate,
+ .needed = &fdrive_media_rate_needed,
+ } , {
+ /* empty */
+ }
+ }
+};
+
+static void fdc_pre_save(void *opaque)
+{
+ FDCtrl *s = opaque;
+
+ s->dor_vmstate = s->dor | GET_CUR_DRV(s);
+}
+
+static int fdc_post_load(void *opaque, int version_id)
+{
+ FDCtrl *s = opaque;
+
+ SET_CUR_DRV(s, s->dor_vmstate & FD_DOR_SELMASK);
+ s->dor = s->dor_vmstate & ~FD_DOR_SELMASK;
+ return 0;
+}
+
+static const VMStateDescription vmstate_fdc = {
+ .name = "fdc",
+ .version_id = 2,
+ .minimum_version_id = 2,
+ .minimum_version_id_old = 2,
+ .pre_save = fdc_pre_save,
+ .post_load = fdc_post_load,
+ .fields = (VMStateField []) {
+ /* Controller State */
+ VMSTATE_UINT8(sra, FDCtrl),
+ VMSTATE_UINT8(srb, FDCtrl),
+ VMSTATE_UINT8(dor_vmstate, FDCtrl),
+ VMSTATE_UINT8(tdr, FDCtrl),
+ VMSTATE_UINT8(dsr, FDCtrl),
+ VMSTATE_UINT8(msr, FDCtrl),
+ VMSTATE_UINT8(status0, FDCtrl),
+ VMSTATE_UINT8(status1, FDCtrl),
+ VMSTATE_UINT8(status2, FDCtrl),
+ /* Command FIFO */
+ VMSTATE_VARRAY_INT32(fifo, FDCtrl, fifo_size, 0, vmstate_info_uint8,
+ uint8_t),
+ VMSTATE_UINT32(data_pos, FDCtrl),
+ VMSTATE_UINT32(data_len, FDCtrl),
+ VMSTATE_UINT8(data_state, FDCtrl),
+ VMSTATE_UINT8(data_dir, FDCtrl),
+ VMSTATE_UINT8(eot, FDCtrl),
+ /* States kept only to be returned back */
+ VMSTATE_UINT8(timer0, FDCtrl),
+ VMSTATE_UINT8(timer1, FDCtrl),
+ VMSTATE_UINT8(precomp_trk, FDCtrl),
+ VMSTATE_UINT8(config, FDCtrl),
+ VMSTATE_UINT8(lock, FDCtrl),
+ VMSTATE_UINT8(pwrd, FDCtrl),
+ VMSTATE_UINT8_EQUAL(num_floppies, FDCtrl),
+ VMSTATE_STRUCT_ARRAY(drives, FDCtrl, MAX_FD, 1,
+ vmstate_fdrive, FDrive),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+static void fdctrl_external_reset_sysbus(DeviceState *d)
+{
+ FDCtrlSysBus *sys = SYSBUS_FDC(d);
+ FDCtrl *s = &sys->state;
+
+ fdctrl_reset(s, 0);
+}
+
+static void fdctrl_external_reset_isa(DeviceState *d)
+{
+ FDCtrlISABus *isa = ISA_FDC(d);
+ FDCtrl *s = &isa->state;
+
+ fdctrl_reset(s, 0);
+}
+
+static void fdctrl_handle_tc(void *opaque, int irq, int level)
+{
+ //FDCtrl *s = opaque;
+
+ if (level) {
+ // XXX
+ FLOPPY_DPRINTF("TC pulsed\n");
+ }
+}
+
+/* Change IRQ state */
+static void fdctrl_reset_irq(FDCtrl *fdctrl)
+{
+ fdctrl->status0 = 0;
+ if (!(fdctrl->sra & FD_SRA_INTPEND))
+ return;
+ FLOPPY_DPRINTF("Reset interrupt\n");
+ qemu_set_irq(fdctrl->irq, 0);
+ fdctrl->sra &= ~FD_SRA_INTPEND;
+}
+
+static void fdctrl_raise_irq(FDCtrl *fdctrl)
+{
+ /* Sparc mutation */
+ if (fdctrl->sun4m && (fdctrl->msr & FD_MSR_CMDBUSY)) {
+ /* XXX: not sure */
+ fdctrl->msr &= ~FD_MSR_CMDBUSY;
+ fdctrl->msr |= FD_MSR_RQM | FD_MSR_DIO;
+ return;
+ }
+ if (!(fdctrl->sra & FD_SRA_INTPEND)) {
+ qemu_set_irq(fdctrl->irq, 1);
+ fdctrl->sra |= FD_SRA_INTPEND;
+ }
+
+ fdctrl->reset_sensei = 0;
+ FLOPPY_DPRINTF("Set interrupt status to 0x%02x\n", fdctrl->status0);
+}
+
+/* Reset controller */
+static void fdctrl_reset(FDCtrl *fdctrl, int do_irq)
+{
+ int i;
+
+ FLOPPY_DPRINTF("reset controller\n");
+ fdctrl_reset_irq(fdctrl);
+ /* Initialise controller */
+ fdctrl->sra = 0;
+ fdctrl->srb = 0xc0;
+ if (!fdctrl->drives[1].bs)
+ fdctrl->sra |= FD_SRA_nDRV2;
+ fdctrl->cur_drv = 0;
+ fdctrl->dor = FD_DOR_nRESET;
+ fdctrl->dor |= (fdctrl->dma_chann != -1) ? FD_DOR_DMAEN : 0;
+ fdctrl->msr = FD_MSR_RQM;
+ /* FIFO state */
+ fdctrl->data_pos = 0;
+ fdctrl->data_len = 0;
+ fdctrl->data_state = 0;
+ fdctrl->data_dir = FD_DIR_WRITE;
+ for (i = 0; i < MAX_FD; i++)
+ fd_recalibrate(&fdctrl->drives[i]);
+ fdctrl_reset_fifo(fdctrl);
+ if (do_irq) {
+ fdctrl->status0 |= FD_SR0_RDYCHG;
+ fdctrl_raise_irq(fdctrl);
+ fdctrl->reset_sensei = FD_RESET_SENSEI_COUNT;
+ }
+}
+
+static inline FDrive *drv0(FDCtrl *fdctrl)
+{
+ return &fdctrl->drives[(fdctrl->tdr & FD_TDR_BOOTSEL) >> 2];
+}
+
+static inline FDrive *drv1(FDCtrl *fdctrl)
+{
+ if ((fdctrl->tdr & FD_TDR_BOOTSEL) < (1 << 2))
+ return &fdctrl->drives[1];
+ else
+ return &fdctrl->drives[0];
+}
+
+#if MAX_FD == 4
+static inline FDrive *drv2(FDCtrl *fdctrl)
+{
+ if ((fdctrl->tdr & FD_TDR_BOOTSEL) < (2 << 2))
+ return &fdctrl->drives[2];
+ else
+ return &fdctrl->drives[1];
+}
+
+static inline FDrive *drv3(FDCtrl *fdctrl)
+{
+ if ((fdctrl->tdr & FD_TDR_BOOTSEL) < (3 << 2))
+ return &fdctrl->drives[3];
+ else
+ return &fdctrl->drives[2];
+}
+#endif
+
+static FDrive *get_cur_drv(FDCtrl *fdctrl)
+{
+ switch (fdctrl->cur_drv) {
+ case 0: return drv0(fdctrl);
+ case 1: return drv1(fdctrl);
+#if MAX_FD == 4
+ case 2: return drv2(fdctrl);
+ case 3: return drv3(fdctrl);
+#endif
+ default: return NULL;
+ }
+}
+
+/* Status A register : 0x00 (read-only) */
+static uint32_t fdctrl_read_statusA(FDCtrl *fdctrl)
+{
+ uint32_t retval = fdctrl->sra;
+
+ FLOPPY_DPRINTF("status register A: 0x%02x\n", retval);
+
+ return retval;
+}
+
+/* Status B register : 0x01 (read-only) */
+static uint32_t fdctrl_read_statusB(FDCtrl *fdctrl)
+{
+ uint32_t retval = fdctrl->srb;
+
+ FLOPPY_DPRINTF("status register B: 0x%02x\n", retval);
+
+ return retval;
+}
+
+/* Digital output register : 0x02 */
+static uint32_t fdctrl_read_dor(FDCtrl *fdctrl)
+{
+ uint32_t retval = fdctrl->dor;
+
+ /* Selected drive */
+ retval |= fdctrl->cur_drv;
+ FLOPPY_DPRINTF("digital output register: 0x%02x\n", retval);
+
+ return retval;
+}
+
+static void fdctrl_write_dor(FDCtrl *fdctrl, uint32_t value)
+{
+ FLOPPY_DPRINTF("digital output register set to 0x%02x\n", value);
+
+ /* Motors */
+ if (value & FD_DOR_MOTEN0)
+ fdctrl->srb |= FD_SRB_MTR0;
+ else
+ fdctrl->srb &= ~FD_SRB_MTR0;
+ if (value & FD_DOR_MOTEN1)
+ fdctrl->srb |= FD_SRB_MTR1;
+ else
+ fdctrl->srb &= ~FD_SRB_MTR1;
+
+ /* Drive */
+ if (value & 1)
+ fdctrl->srb |= FD_SRB_DR0;
+ else
+ fdctrl->srb &= ~FD_SRB_DR0;
+
+ /* Reset */
+ if (!(value & FD_DOR_nRESET)) {
+ if (fdctrl->dor & FD_DOR_nRESET) {
+ FLOPPY_DPRINTF("controller enter RESET state\n");
+ }
+ } else {
+ if (!(fdctrl->dor & FD_DOR_nRESET)) {
+ FLOPPY_DPRINTF("controller out of RESET state\n");
+ fdctrl_reset(fdctrl, 1);
+ fdctrl->dsr &= ~FD_DSR_PWRDOWN;
+ }
+ }
+ /* Selected drive */
+ fdctrl->cur_drv = value & FD_DOR_SELMASK;
+
+ fdctrl->dor = value;
+}
+
+/* Tape drive register : 0x03 */
+static uint32_t fdctrl_read_tape(FDCtrl *fdctrl)
+{
+ uint32_t retval = fdctrl->tdr;
+
+ FLOPPY_DPRINTF("tape drive register: 0x%02x\n", retval);
+
+ return retval;
+}
+
+static void fdctrl_write_tape(FDCtrl *fdctrl, uint32_t value)
+{
+ /* Reset mode */
+ if (!(fdctrl->dor & FD_DOR_nRESET)) {
+ FLOPPY_DPRINTF("Floppy controller in RESET state !\n");
+ return;
+ }
+ FLOPPY_DPRINTF("tape drive register set to 0x%02x\n", value);
+ /* Disk boot selection indicator */
+ fdctrl->tdr = value & FD_TDR_BOOTSEL;
+ /* Tape indicators: never allow */
+}
+
+/* Main status register : 0x04 (read) */
+static uint32_t fdctrl_read_main_status(FDCtrl *fdctrl)
+{
+ uint32_t retval = fdctrl->msr;
+
+ fdctrl->dsr &= ~FD_DSR_PWRDOWN;
+ fdctrl->dor |= FD_DOR_nRESET;
+
+ /* Sparc mutation */
+ if (fdctrl->sun4m) {
+ retval |= FD_MSR_DIO;
+ fdctrl_reset_irq(fdctrl);
+ };
+
+ FLOPPY_DPRINTF("main status register: 0x%02x\n", retval);
+
+ return retval;
+}
+
+/* Data select rate register : 0x04 (write) */
+static void fdctrl_write_rate(FDCtrl *fdctrl, uint32_t value)
+{
+ /* Reset mode */
+ if (!(fdctrl->dor & FD_DOR_nRESET)) {
+ FLOPPY_DPRINTF("Floppy controller in RESET state !\n");
+ return;
+ }
+ FLOPPY_DPRINTF("select rate register set to 0x%02x\n", value);
+ /* Reset: autoclear */
+ if (value & FD_DSR_SWRESET) {
+ fdctrl->dor &= ~FD_DOR_nRESET;
+ fdctrl_reset(fdctrl, 1);
+ fdctrl->dor |= FD_DOR_nRESET;
+ }
+ if (value & FD_DSR_PWRDOWN) {
+ fdctrl_reset(fdctrl, 1);
+ }
+ fdctrl->dsr = value;
+}
+
+/* Configuration control register: 0x07 (write) */
+static void fdctrl_write_ccr(FDCtrl *fdctrl, uint32_t value)
+{
+ /* Reset mode */
+ if (!(fdctrl->dor & FD_DOR_nRESET)) {
+ FLOPPY_DPRINTF("Floppy controller in RESET state !\n");
+ return;
+ }
+ FLOPPY_DPRINTF("configuration control register set to 0x%02x\n", value);
+
+ /* Only the rate selection bits used in AT mode, and we
+ * store those in the DSR.
+ */
+ fdctrl->dsr = (fdctrl->dsr & ~FD_DSR_DRATEMASK) |
+ (value & FD_DSR_DRATEMASK);
+}
+
+static int fdctrl_media_changed(FDrive *drv)
+{
+ return drv->media_changed;
+}
+
+/* Digital input register : 0x07 (read-only) */
+static uint32_t fdctrl_read_dir(FDCtrl *fdctrl)
+{
+ uint32_t retval = 0;
+
+ if (fdctrl_media_changed(get_cur_drv(fdctrl))) {
+ retval |= FD_DIR_DSKCHG;
+ }
+ if (retval != 0) {
+ FLOPPY_DPRINTF("Floppy digital input register: 0x%02x\n", retval);
+ }
+
+ return retval;
+}
+
+/* FIFO state control */
+static void fdctrl_reset_fifo(FDCtrl *fdctrl)
+{
+ fdctrl->data_dir = FD_DIR_WRITE;
+ fdctrl->data_pos = 0;
+ fdctrl->msr &= ~(FD_MSR_CMDBUSY | FD_MSR_DIO);
+}
+
+/* Set FIFO status for the host to read */
+static void fdctrl_set_fifo(FDCtrl *fdctrl, int fifo_len)
+{
+ fdctrl->data_dir = FD_DIR_READ;
+ fdctrl->data_len = fifo_len;
+ fdctrl->data_pos = 0;
+ fdctrl->msr |= FD_MSR_CMDBUSY | FD_MSR_RQM | FD_MSR_DIO;
+}
+
+/* Set an error: unimplemented/unknown command */
+static void fdctrl_unimplemented(FDCtrl *fdctrl, int direction)
+{
+ qemu_log_mask(LOG_UNIMP, "fdc: unimplemented command 0x%02x\n",
+ fdctrl->fifo[0]);
+ fdctrl->fifo[0] = FD_SR0_INVCMD;
+ fdctrl_set_fifo(fdctrl, 1);
+}
+
+/* Seek to next sector
+ * returns 0 when end of track reached (for DBL_SIDES on head 1)
+ * otherwise returns 1
+ */
+static int fdctrl_seek_to_next_sect(FDCtrl *fdctrl, FDrive *cur_drv)
+{
+ FLOPPY_DPRINTF("seek to next sector (%d %02x %02x => %d)\n",
+ cur_drv->head, cur_drv->track, cur_drv->sect,
+ fd_sector(cur_drv));
+ /* XXX: cur_drv->sect >= cur_drv->last_sect should be an
+ error in fact */
+ uint8_t new_head = cur_drv->head;
+ uint8_t new_track = cur_drv->track;
+ uint8_t new_sect = cur_drv->sect;
+
+ int ret = 1;
+
+ if (new_sect >= cur_drv->last_sect ||
+ new_sect == fdctrl->eot) {
+ new_sect = 1;
+ if (FD_MULTI_TRACK(fdctrl->data_state)) {
+ if (new_head == 0 &&
+ (cur_drv->flags & FDISK_DBL_SIDES) != 0) {
+ new_head = 1;
+ } else {
+ new_head = 0;
+ new_track++;
+ fdctrl->status0 |= FD_SR0_SEEK;
+ if ((cur_drv->flags & FDISK_DBL_SIDES) == 0) {
+ ret = 0;
+ }
+ }
+ } else {
+ fdctrl->status0 |= FD_SR0_SEEK;
+ new_track++;
+ ret = 0;
+ }
+ if (ret == 1) {
+ FLOPPY_DPRINTF("seek to next track (%d %02x %02x => %d)\n",
+ new_head, new_track, new_sect, fd_sector(cur_drv));
+ }
+ } else {
+ new_sect++;
+ }
+ fd_seek(cur_drv, new_head, new_track, new_sect, 1);
+ return ret;
+}
+
+/* Callback for transfer end (stop or abort) */
+static void fdctrl_stop_transfer(FDCtrl *fdctrl, uint8_t status0,
+ uint8_t status1, uint8_t status2)
+{
+ FDrive *cur_drv;
+ cur_drv = get_cur_drv(fdctrl);
+
+ fdctrl->status0 &= ~(FD_SR0_DS0 | FD_SR0_DS1 | FD_SR0_HEAD);
+ fdctrl->status0 |= GET_CUR_DRV(fdctrl);
+ if (cur_drv->head) {
+ fdctrl->status0 |= FD_SR0_HEAD;
+ }
+ fdctrl->status0 |= status0;
+
+ FLOPPY_DPRINTF("transfer status: %02x %02x %02x (%02x)\n",
+ status0, status1, status2, fdctrl->status0);
+ fdctrl->fifo[0] = fdctrl->status0;
+ fdctrl->fifo[1] = status1;
+ fdctrl->fifo[2] = status2;
+ fdctrl->fifo[3] = cur_drv->track;
+ fdctrl->fifo[4] = cur_drv->head;
+ fdctrl->fifo[5] = cur_drv->sect;
+ fdctrl->fifo[6] = FD_SECTOR_SC;
+ fdctrl->data_dir = FD_DIR_READ;
+ if (!(fdctrl->msr & FD_MSR_NONDMA)) {
+ DMA_release_DREQ(fdctrl->dma_chann);
+ }
+ fdctrl->msr |= FD_MSR_RQM | FD_MSR_DIO;
+ fdctrl->msr &= ~FD_MSR_NONDMA;
+
+ fdctrl_set_fifo(fdctrl, 7);
+ fdctrl_raise_irq(fdctrl);
+}
+
+/* Prepare a data transfer (either DMA or FIFO) */
+static void fdctrl_start_transfer(FDCtrl *fdctrl, int direction)
+{
+ FDrive *cur_drv;
+ uint8_t kh, kt, ks;
+
+ SET_CUR_DRV(fdctrl, fdctrl->fifo[1] & FD_DOR_SELMASK);
+ cur_drv = get_cur_drv(fdctrl);
+ kt = fdctrl->fifo[2];
+ kh = fdctrl->fifo[3];
+ ks = fdctrl->fifo[4];
+ FLOPPY_DPRINTF("Start transfer at %d %d %02x %02x (%d)\n",
+ GET_CUR_DRV(fdctrl), kh, kt, ks,
+ fd_sector_calc(kh, kt, ks, cur_drv->last_sect,
+ NUM_SIDES(cur_drv)));
+ switch (fd_seek(cur_drv, kh, kt, ks, fdctrl->config & FD_CONFIG_EIS)) {
+ case 2:
+ /* sect too big */
+ fdctrl_stop_transfer(fdctrl, FD_SR0_ABNTERM, 0x00, 0x00);
+ fdctrl->fifo[3] = kt;
+ fdctrl->fifo[4] = kh;
+ fdctrl->fifo[5] = ks;
+ return;
+ case 3:
+ /* track too big */
+ fdctrl_stop_transfer(fdctrl, FD_SR0_ABNTERM, FD_SR1_EC, 0x00);
+ fdctrl->fifo[3] = kt;
+ fdctrl->fifo[4] = kh;
+ fdctrl->fifo[5] = ks;
+ return;
+ case 4:
+ /* No seek enabled */
+ fdctrl_stop_transfer(fdctrl, FD_SR0_ABNTERM, 0x00, 0x00);
+ fdctrl->fifo[3] = kt;
+ fdctrl->fifo[4] = kh;
+ fdctrl->fifo[5] = ks;
+ return;
+ case 1:
+ fdctrl->status0 |= FD_SR0_SEEK;
+ break;
+ default:
+ break;
+ }
+
+ /* Check the data rate. If the programmed data rate does not match
+ * the currently inserted medium, the operation has to fail. */
+ if (fdctrl->check_media_rate &&
+ (fdctrl->dsr & FD_DSR_DRATEMASK) != cur_drv->media_rate) {
+ FLOPPY_DPRINTF("data rate mismatch (fdc=%d, media=%d)\n",
+ fdctrl->dsr & FD_DSR_DRATEMASK, cur_drv->media_rate);
+ fdctrl_stop_transfer(fdctrl, FD_SR0_ABNTERM, FD_SR1_MA, 0x00);
+ fdctrl->fifo[3] = kt;
+ fdctrl->fifo[4] = kh;
+ fdctrl->fifo[5] = ks;
+ return;
+ }
+
+ /* Set the FIFO state */
+ fdctrl->data_dir = direction;
+ fdctrl->data_pos = 0;
+ assert(fdctrl->msr & FD_MSR_CMDBUSY);
+ if (fdctrl->fifo[0] & 0x80)
+ fdctrl->data_state |= FD_STATE_MULTI;
+ else
+ fdctrl->data_state &= ~FD_STATE_MULTI;
+ if (fdctrl->fifo[5] == 0) {
+ fdctrl->data_len = fdctrl->fifo[8];
+ } else {
+ int tmp;
+ fdctrl->data_len = 128 << (fdctrl->fifo[5] > 7 ? 7 : fdctrl->fifo[5]);
+ tmp = (fdctrl->fifo[6] - ks + 1);
+ if (fdctrl->fifo[0] & 0x80)
+ tmp += fdctrl->fifo[6];
+ fdctrl->data_len *= tmp;
+ }
+ fdctrl->eot = fdctrl->fifo[6];
+ if (fdctrl->dor & FD_DOR_DMAEN) {
+ int dma_mode;
+ /* DMA transfer are enabled. Check if DMA channel is well programmed */
+ dma_mode = DMA_get_channel_mode(fdctrl->dma_chann);
+ dma_mode = (dma_mode >> 2) & 3;
+ FLOPPY_DPRINTF("dma_mode=%d direction=%d (%d - %d)\n",
+ dma_mode, direction,
+ (128 << fdctrl->fifo[5]) *
+ (cur_drv->last_sect - ks + 1), fdctrl->data_len);
+ if (((direction == FD_DIR_SCANE || direction == FD_DIR_SCANL ||
+ direction == FD_DIR_SCANH) && dma_mode == 0) ||
+ (direction == FD_DIR_WRITE && dma_mode == 2) ||
+ (direction == FD_DIR_READ && dma_mode == 1) ||
+ (direction == FD_DIR_VERIFY)) {
+ /* No access is allowed until DMA transfer has completed */
+ fdctrl->msr &= ~FD_MSR_RQM;
+ if (direction != FD_DIR_VERIFY) {
+ /* Now, we just have to wait for the DMA controller to
+ * recall us...
+ */
+ DMA_hold_DREQ(fdctrl->dma_chann);
+ DMA_schedule(fdctrl->dma_chann);
+ } else {
+ /* Start transfer */
+ fdctrl_transfer_handler(fdctrl, fdctrl->dma_chann, 0,
+ fdctrl->data_len);
+ }
+ return;
+ } else {
+ FLOPPY_DPRINTF("bad dma_mode=%d direction=%d\n", dma_mode,
+ direction);
+ }
+ }
+ FLOPPY_DPRINTF("start non-DMA transfer\n");
+ fdctrl->msr |= FD_MSR_NONDMA;
+ if (direction != FD_DIR_WRITE)
+ fdctrl->msr |= FD_MSR_DIO;
+ /* IO based transfer: calculate len */
+ fdctrl_raise_irq(fdctrl);
+}
+
+/* Prepare a transfer of deleted data */
+static void fdctrl_start_transfer_del(FDCtrl *fdctrl, int direction)
+{
+ qemu_log_mask(LOG_UNIMP, "fdctrl_start_transfer_del() unimplemented\n");
+
+ /* We don't handle deleted data,
+ * so we don't return *ANYTHING*
+ */
+ fdctrl_stop_transfer(fdctrl, FD_SR0_ABNTERM | FD_SR0_SEEK, 0x00, 0x00);
+}
+
+/* handlers for DMA transfers */
+static int fdctrl_transfer_handler (void *opaque, int nchan,
+ int dma_pos, int dma_len)
+{
+ FDCtrl *fdctrl;
+ FDrive *cur_drv;
+ int len, start_pos, rel_pos;
+ uint8_t status0 = 0x00, status1 = 0x00, status2 = 0x00;
+
+ fdctrl = opaque;
+ if (fdctrl->msr & FD_MSR_RQM) {
+ FLOPPY_DPRINTF("Not in DMA transfer mode !\n");
+ return 0;
+ }
+ cur_drv = get_cur_drv(fdctrl);
+ if (fdctrl->data_dir == FD_DIR_SCANE || fdctrl->data_dir == FD_DIR_SCANL ||
+ fdctrl->data_dir == FD_DIR_SCANH)
+ status2 = FD_SR2_SNS;
+ if (dma_len > fdctrl->data_len)
+ dma_len = fdctrl->data_len;
+ if (cur_drv->bs == NULL) {
+ if (fdctrl->data_dir == FD_DIR_WRITE)
+ fdctrl_stop_transfer(fdctrl, FD_SR0_ABNTERM | FD_SR0_SEEK, 0x00, 0x00);
+ else
+ fdctrl_stop_transfer(fdctrl, FD_SR0_ABNTERM, 0x00, 0x00);
+ len = 0;
+ goto transfer_error;
+ }
+ rel_pos = fdctrl->data_pos % FD_SECTOR_LEN;
+ for (start_pos = fdctrl->data_pos; fdctrl->data_pos < dma_len;) {
+ len = dma_len - fdctrl->data_pos;
+ if (len + rel_pos > FD_SECTOR_LEN)
+ len = FD_SECTOR_LEN - rel_pos;
+ FLOPPY_DPRINTF("copy %d bytes (%d %d %d) %d pos %d %02x "
+ "(%d-0x%08x 0x%08x)\n", len, dma_len, fdctrl->data_pos,
+ fdctrl->data_len, GET_CUR_DRV(fdctrl), cur_drv->head,
+ cur_drv->track, cur_drv->sect, fd_sector(cur_drv),
+ fd_sector(cur_drv) * FD_SECTOR_LEN);
+ if (fdctrl->data_dir != FD_DIR_WRITE ||
+ len < FD_SECTOR_LEN || rel_pos != 0) {
+ /* READ & SCAN commands and realign to a sector for WRITE */
+ if (bdrv_read(cur_drv->bs, fd_sector(cur_drv),
+ fdctrl->fifo, 1) < 0) {
+ FLOPPY_DPRINTF("Floppy: error getting sector %d\n",
+ fd_sector(cur_drv));
+ /* Sure, image size is too small... */
+ memset(fdctrl->fifo, 0, FD_SECTOR_LEN);
+ }
+ }
+ switch (fdctrl->data_dir) {
+ case FD_DIR_READ:
+ /* READ commands */
+ DMA_write_memory (nchan, fdctrl->fifo + rel_pos,
+ fdctrl->data_pos, len);
+ break;
+ case FD_DIR_WRITE:
+ /* WRITE commands */
+ if (cur_drv->ro) {
+ /* Handle readonly medium early, no need to do DMA, touch the
+ * LED or attempt any writes. A real floppy doesn't attempt
+ * to write to readonly media either. */
+ fdctrl_stop_transfer(fdctrl,
+ FD_SR0_ABNTERM | FD_SR0_SEEK, FD_SR1_NW,
+ 0x00);
+ goto transfer_error;
+ }
+
+ DMA_read_memory (nchan, fdctrl->fifo + rel_pos,
+ fdctrl->data_pos, len);
+ if (bdrv_write(cur_drv->bs, fd_sector(cur_drv),
+ fdctrl->fifo, 1) < 0) {
+ FLOPPY_DPRINTF("error writing sector %d\n",
+ fd_sector(cur_drv));
+ fdctrl_stop_transfer(fdctrl, FD_SR0_ABNTERM | FD_SR0_SEEK, 0x00, 0x00);
+ goto transfer_error;
+ }
+ break;
+ case FD_DIR_VERIFY:
+ /* VERIFY commands */
+ break;
+ default:
+ /* SCAN commands */
+ {
+ uint8_t tmpbuf[FD_SECTOR_LEN];
+ int ret;
+ DMA_read_memory (nchan, tmpbuf, fdctrl->data_pos, len);
+ ret = memcmp(tmpbuf, fdctrl->fifo + rel_pos, len);
+ if (ret == 0) {
+ status2 = FD_SR2_SEH;
+ goto end_transfer;
+ }
+ if ((ret < 0 && fdctrl->data_dir == FD_DIR_SCANL) ||
+ (ret > 0 && fdctrl->data_dir == FD_DIR_SCANH)) {
+ status2 = 0x00;
+ goto end_transfer;
+ }
+ }
+ break;
+ }
+ fdctrl->data_pos += len;
+ rel_pos = fdctrl->data_pos % FD_SECTOR_LEN;
+ if (rel_pos == 0) {
+ /* Seek to next sector */
+ if (!fdctrl_seek_to_next_sect(fdctrl, cur_drv))
+ break;
+ }
+ }
+ end_transfer:
+ len = fdctrl->data_pos - start_pos;
+ FLOPPY_DPRINTF("end transfer %d %d %d\n",
+ fdctrl->data_pos, len, fdctrl->data_len);
+ if (fdctrl->data_dir == FD_DIR_SCANE ||
+ fdctrl->data_dir == FD_DIR_SCANL ||
+ fdctrl->data_dir == FD_DIR_SCANH)
+ status2 = FD_SR2_SEH;
+ fdctrl->data_len -= len;
+ fdctrl_stop_transfer(fdctrl, status0, status1, status2);
+ transfer_error:
+
+ return len;
+}
+
+/* Data register : 0x05 */
+static uint32_t fdctrl_read_data(FDCtrl *fdctrl)
+{
+ FDrive *cur_drv;
+ uint32_t retval = 0;
+ int pos;
+
+ cur_drv = get_cur_drv(fdctrl);
+ fdctrl->dsr &= ~FD_DSR_PWRDOWN;
+ if (!(fdctrl->msr & FD_MSR_RQM) || !(fdctrl->msr & FD_MSR_DIO)) {
+ FLOPPY_DPRINTF("error: controller not ready for reading\n");
+ return 0;
+ }
+ pos = fdctrl->data_pos;
+ if (fdctrl->msr & FD_MSR_NONDMA) {
+ pos %= FD_SECTOR_LEN;
+ if (pos == 0) {
+ if (fdctrl->data_pos != 0)
+ if (!fdctrl_seek_to_next_sect(fdctrl, cur_drv)) {
+ FLOPPY_DPRINTF("error seeking to next sector %d\n",
+ fd_sector(cur_drv));
+ return 0;
+ }
+ if (bdrv_read(cur_drv->bs, fd_sector(cur_drv), fdctrl->fifo, 1) < 0) {
+ FLOPPY_DPRINTF("error getting sector %d\n",
+ fd_sector(cur_drv));
+ /* Sure, image size is too small... */
+ memset(fdctrl->fifo, 0, FD_SECTOR_LEN);
+ }
+ }
+ }
+ retval = fdctrl->fifo[pos];
+ if (++fdctrl->data_pos == fdctrl->data_len) {
+ fdctrl->data_pos = 0;
+ /* Switch from transfer mode to status mode
+ * then from status mode to command mode
+ */
+ if (fdctrl->msr & FD_MSR_NONDMA) {
+ fdctrl_stop_transfer(fdctrl, 0x00, 0x00, 0x00);
+ } else {
+ fdctrl_reset_fifo(fdctrl);
+ fdctrl_reset_irq(fdctrl);
+ }
+ }
+ FLOPPY_DPRINTF("data register: 0x%02x\n", retval);
+
+ return retval;
+}
+
+static void fdctrl_format_sector(FDCtrl *fdctrl)
+{
+ FDrive *cur_drv;
+ uint8_t kh, kt, ks;
+
+ SET_CUR_DRV(fdctrl, fdctrl->fifo[1] & FD_DOR_SELMASK);
+ cur_drv = get_cur_drv(fdctrl);
+ kt = fdctrl->fifo[6];
+ kh = fdctrl->fifo[7];
+ ks = fdctrl->fifo[8];
+ FLOPPY_DPRINTF("format sector at %d %d %02x %02x (%d)\n",
+ GET_CUR_DRV(fdctrl), kh, kt, ks,
+ fd_sector_calc(kh, kt, ks, cur_drv->last_sect,
+ NUM_SIDES(cur_drv)));
+ switch (fd_seek(cur_drv, kh, kt, ks, fdctrl->config & FD_CONFIG_EIS)) {
+ case 2:
+ /* sect too big */
+ fdctrl_stop_transfer(fdctrl, FD_SR0_ABNTERM, 0x00, 0x00);
+ fdctrl->fifo[3] = kt;
+ fdctrl->fifo[4] = kh;
+ fdctrl->fifo[5] = ks;
+ return;
+ case 3:
+ /* track too big */
+ fdctrl_stop_transfer(fdctrl, FD_SR0_ABNTERM, FD_SR1_EC, 0x00);
+ fdctrl->fifo[3] = kt;
+ fdctrl->fifo[4] = kh;
+ fdctrl->fifo[5] = ks;
+ return;
+ case 4:
+ /* No seek enabled */
+ fdctrl_stop_transfer(fdctrl, FD_SR0_ABNTERM, 0x00, 0x00);
+ fdctrl->fifo[3] = kt;
+ fdctrl->fifo[4] = kh;
+ fdctrl->fifo[5] = ks;
+ return;
+ case 1:
+ fdctrl->status0 |= FD_SR0_SEEK;
+ break;
+ default:
+ break;
+ }
+ memset(fdctrl->fifo, 0, FD_SECTOR_LEN);
+ if (cur_drv->bs == NULL ||
+ bdrv_write(cur_drv->bs, fd_sector(cur_drv), fdctrl->fifo, 1) < 0) {
+ FLOPPY_DPRINTF("error formatting sector %d\n", fd_sector(cur_drv));
+ fdctrl_stop_transfer(fdctrl, FD_SR0_ABNTERM | FD_SR0_SEEK, 0x00, 0x00);
+ } else {
+ if (cur_drv->sect == cur_drv->last_sect) {
+ fdctrl->data_state &= ~FD_STATE_FORMAT;
+ /* Last sector done */
+ fdctrl_stop_transfer(fdctrl, 0x00, 0x00, 0x00);
+ } else {
+ /* More to do */
+ fdctrl->data_pos = 0;
+ fdctrl->data_len = 4;
+ }
+ }
+}
+
+static void fdctrl_handle_lock(FDCtrl *fdctrl, int direction)
+{
+ fdctrl->lock = (fdctrl->fifo[0] & 0x80) ? 1 : 0;
+ fdctrl->fifo[0] = fdctrl->lock << 4;
+ fdctrl_set_fifo(fdctrl, 1);
+}
+
+static void fdctrl_handle_dumpreg(FDCtrl *fdctrl, int direction)
+{
+ FDrive *cur_drv = get_cur_drv(fdctrl);
+
+ /* Drives position */
+ fdctrl->fifo[0] = drv0(fdctrl)->track;
+ fdctrl->fifo[1] = drv1(fdctrl)->track;
+#if MAX_FD == 4
+ fdctrl->fifo[2] = drv2(fdctrl)->track;
+ fdctrl->fifo[3] = drv3(fdctrl)->track;
+#else
+ fdctrl->fifo[2] = 0;
+ fdctrl->fifo[3] = 0;
+#endif
+ /* timers */
+ fdctrl->fifo[4] = fdctrl->timer0;
+ fdctrl->fifo[5] = (fdctrl->timer1 << 1) | (fdctrl->dor & FD_DOR_DMAEN ? 1 : 0);
+ fdctrl->fifo[6] = cur_drv->last_sect;
+ fdctrl->fifo[7] = (fdctrl->lock << 7) |
+ (cur_drv->perpendicular << 2);
+ fdctrl->fifo[8] = fdctrl->config;
+ fdctrl->fifo[9] = fdctrl->precomp_trk;
+ fdctrl_set_fifo(fdctrl, 10);
+}
+
+static void fdctrl_handle_version(FDCtrl *fdctrl, int direction)
+{
+ /* Controller's version */
+ fdctrl->fifo[0] = fdctrl->version;
+ fdctrl_set_fifo(fdctrl, 1);
+}
+
+static void fdctrl_handle_partid(FDCtrl *fdctrl, int direction)
+{
+ fdctrl->fifo[0] = 0x41; /* Stepping 1 */
+ fdctrl_set_fifo(fdctrl, 1);
+}
+
+static void fdctrl_handle_restore(FDCtrl *fdctrl, int direction)
+{
+ FDrive *cur_drv = get_cur_drv(fdctrl);
+
+ /* Drives position */
+ drv0(fdctrl)->track = fdctrl->fifo[3];
+ drv1(fdctrl)->track = fdctrl->fifo[4];
+#if MAX_FD == 4
+ drv2(fdctrl)->track = fdctrl->fifo[5];
+ drv3(fdctrl)->track = fdctrl->fifo[6];
+#endif
+ /* timers */
+ fdctrl->timer0 = fdctrl->fifo[7];
+ fdctrl->timer1 = fdctrl->fifo[8];
+ cur_drv->last_sect = fdctrl->fifo[9];
+ fdctrl->lock = fdctrl->fifo[10] >> 7;
+ cur_drv->perpendicular = (fdctrl->fifo[10] >> 2) & 0xF;
+ fdctrl->config = fdctrl->fifo[11];
+ fdctrl->precomp_trk = fdctrl->fifo[12];
+ fdctrl->pwrd = fdctrl->fifo[13];
+ fdctrl_reset_fifo(fdctrl);
+}
+
+static void fdctrl_handle_save(FDCtrl *fdctrl, int direction)
+{
+ FDrive *cur_drv = get_cur_drv(fdctrl);
+
+ fdctrl->fifo[0] = 0;
+ fdctrl->fifo[1] = 0;
+ /* Drives position */
+ fdctrl->fifo[2] = drv0(fdctrl)->track;
+ fdctrl->fifo[3] = drv1(fdctrl)->track;
+#if MAX_FD == 4
+ fdctrl->fifo[4] = drv2(fdctrl)->track;
+ fdctrl->fifo[5] = drv3(fdctrl)->track;
+#else
+ fdctrl->fifo[4] = 0;
+ fdctrl->fifo[5] = 0;
+#endif
+ /* timers */
+ fdctrl->fifo[6] = fdctrl->timer0;
+ fdctrl->fifo[7] = fdctrl->timer1;
+ fdctrl->fifo[8] = cur_drv->last_sect;
+ fdctrl->fifo[9] = (fdctrl->lock << 7) |
+ (cur_drv->perpendicular << 2);
+ fdctrl->fifo[10] = fdctrl->config;
+ fdctrl->fifo[11] = fdctrl->precomp_trk;
+ fdctrl->fifo[12] = fdctrl->pwrd;
+ fdctrl->fifo[13] = 0;
+ fdctrl->fifo[14] = 0;
+ fdctrl_set_fifo(fdctrl, 15);
+}
+
+static void fdctrl_handle_readid(FDCtrl *fdctrl, int direction)
+{
+ FDrive *cur_drv = get_cur_drv(fdctrl);
+
+ cur_drv->head = (fdctrl->fifo[1] >> 2) & 1;
+ qemu_mod_timer(fdctrl->result_timer,
+ qemu_get_clock_ns(vm_clock) + (get_ticks_per_sec() / 50));
+}
+
+static void fdctrl_handle_format_track(FDCtrl *fdctrl, int direction)
+{
+ FDrive *cur_drv;
+
+ SET_CUR_DRV(fdctrl, fdctrl->fifo[1] & FD_DOR_SELMASK);
+ cur_drv = get_cur_drv(fdctrl);
+ fdctrl->data_state |= FD_STATE_FORMAT;
+ if (fdctrl->fifo[0] & 0x80)
+ fdctrl->data_state |= FD_STATE_MULTI;
+ else
+ fdctrl->data_state &= ~FD_STATE_MULTI;
+ cur_drv->bps =
+ fdctrl->fifo[2] > 7 ? 16384 : 128 << fdctrl->fifo[2];
+#if 0
+ cur_drv->last_sect =
+ cur_drv->flags & FDISK_DBL_SIDES ? fdctrl->fifo[3] :
+ fdctrl->fifo[3] / 2;
+#else
+ cur_drv->last_sect = fdctrl->fifo[3];
+#endif
+ /* TODO: implement format using DMA expected by the Bochs BIOS
+ * and Linux fdformat (read 3 bytes per sector via DMA and fill
+ * the sector with the specified fill byte
+ */
+ fdctrl->data_state &= ~FD_STATE_FORMAT;
+ fdctrl_stop_transfer(fdctrl, 0x00, 0x00, 0x00);
+}
+
+static void fdctrl_handle_specify(FDCtrl *fdctrl, int direction)
+{
+ fdctrl->timer0 = (fdctrl->fifo[1] >> 4) & 0xF;
+ fdctrl->timer1 = fdctrl->fifo[2] >> 1;
+ if (fdctrl->fifo[2] & 1)
+ fdctrl->dor &= ~FD_DOR_DMAEN;
+ else
+ fdctrl->dor |= FD_DOR_DMAEN;
+ /* No result back */
+ fdctrl_reset_fifo(fdctrl);
+}
+
+static void fdctrl_handle_sense_drive_status(FDCtrl *fdctrl, int direction)
+{
+ FDrive *cur_drv;
+
+ SET_CUR_DRV(fdctrl, fdctrl->fifo[1] & FD_DOR_SELMASK);
+ cur_drv = get_cur_drv(fdctrl);
+ cur_drv->head = (fdctrl->fifo[1] >> 2) & 1;
+ /* 1 Byte status back */
+ fdctrl->fifo[0] = (cur_drv->ro << 6) |
+ (cur_drv->track == 0 ? 0x10 : 0x00) |
+ (cur_drv->head << 2) |
+ GET_CUR_DRV(fdctrl) |
+ 0x28;
+ fdctrl_set_fifo(fdctrl, 1);
+}
+
+static void fdctrl_handle_recalibrate(FDCtrl *fdctrl, int direction)
+{
+ FDrive *cur_drv;
+
+ SET_CUR_DRV(fdctrl, fdctrl->fifo[1] & FD_DOR_SELMASK);
+ cur_drv = get_cur_drv(fdctrl);
+ fd_recalibrate(cur_drv);
+ fdctrl_reset_fifo(fdctrl);
+ /* Raise Interrupt */
+ fdctrl->status0 |= FD_SR0_SEEK;
+ fdctrl_raise_irq(fdctrl);
+}
+
+static void fdctrl_handle_sense_interrupt_status(FDCtrl *fdctrl, int direction)
+{
+ FDrive *cur_drv = get_cur_drv(fdctrl);
+
+ if (fdctrl->reset_sensei > 0) {
+ fdctrl->fifo[0] =
+ FD_SR0_RDYCHG + FD_RESET_SENSEI_COUNT - fdctrl->reset_sensei;
+ fdctrl->reset_sensei--;
+ } else if (!(fdctrl->sra & FD_SRA_INTPEND)) {
+ fdctrl->fifo[0] = FD_SR0_INVCMD;
+ fdctrl_set_fifo(fdctrl, 1);
+ return;
+ } else {
+ fdctrl->fifo[0] =
+ (fdctrl->status0 & ~(FD_SR0_HEAD | FD_SR0_DS1 | FD_SR0_DS0))
+ | GET_CUR_DRV(fdctrl);
+ }
+
+ fdctrl->fifo[1] = cur_drv->track;
+ fdctrl_set_fifo(fdctrl, 2);
+ fdctrl_reset_irq(fdctrl);
+ fdctrl->status0 = FD_SR0_RDYCHG;
+}
+
+static void fdctrl_handle_seek(FDCtrl *fdctrl, int direction)
+{
+ FDrive *cur_drv;
+
+ SET_CUR_DRV(fdctrl, fdctrl->fifo[1] & FD_DOR_SELMASK);
+ cur_drv = get_cur_drv(fdctrl);
+ fdctrl_reset_fifo(fdctrl);
+ /* The seek command just sends step pulses to the drive and doesn't care if
+ * there is a medium inserted of if it's banging the head against the drive.
+ */
+ fd_seek(cur_drv, cur_drv->head, fdctrl->fifo[2], cur_drv->sect, 1);
+ /* Raise Interrupt */
+ fdctrl->status0 |= FD_SR0_SEEK;
+ fdctrl_raise_irq(fdctrl);
+}
+
+static void fdctrl_handle_perpendicular_mode(FDCtrl *fdctrl, int direction)
+{
+ FDrive *cur_drv = get_cur_drv(fdctrl);
+
+ if (fdctrl->fifo[1] & 0x80)
+ cur_drv->perpendicular = fdctrl->fifo[1] & 0x7;
+ /* No result back */
+ fdctrl_reset_fifo(fdctrl);
+}
+
+static void fdctrl_handle_configure(FDCtrl *fdctrl, int direction)
+{
+ fdctrl->config = fdctrl->fifo[2];
+ fdctrl->precomp_trk = fdctrl->fifo[3];
+ /* No result back */
+ fdctrl_reset_fifo(fdctrl);
+}
+
+static void fdctrl_handle_powerdown_mode(FDCtrl *fdctrl, int direction)
+{
+ fdctrl->pwrd = fdctrl->fifo[1];
+ fdctrl->fifo[0] = fdctrl->fifo[1];
+ fdctrl_set_fifo(fdctrl, 1);
+}
+
+static void fdctrl_handle_option(FDCtrl *fdctrl, int direction)
+{
+ /* No result back */
+ fdctrl_reset_fifo(fdctrl);
+}
+
+static void fdctrl_handle_drive_specification_command(FDCtrl *fdctrl, int direction)
+{
+ FDrive *cur_drv = get_cur_drv(fdctrl);
+
+ if (fdctrl->fifo[fdctrl->data_pos - 1] & 0x80) {
+ /* Command parameters done */
+ if (fdctrl->fifo[fdctrl->data_pos - 1] & 0x40) {
+ fdctrl->fifo[0] = fdctrl->fifo[1];
+ fdctrl->fifo[2] = 0;
+ fdctrl->fifo[3] = 0;
+ fdctrl_set_fifo(fdctrl, 4);
+ } else {
+ fdctrl_reset_fifo(fdctrl);
+ }
+ } else if (fdctrl->data_len > 7) {
+ /* ERROR */
+ fdctrl->fifo[0] = 0x80 |
+ (cur_drv->head << 2) | GET_CUR_DRV(fdctrl);
+ fdctrl_set_fifo(fdctrl, 1);
+ }
+}
+
+static void fdctrl_handle_relative_seek_in(FDCtrl *fdctrl, int direction)
+{
+ FDrive *cur_drv;
+
+ SET_CUR_DRV(fdctrl, fdctrl->fifo[1] & FD_DOR_SELMASK);
+ cur_drv = get_cur_drv(fdctrl);
+ if (fdctrl->fifo[2] + cur_drv->track >= cur_drv->max_track) {
+ fd_seek(cur_drv, cur_drv->head, cur_drv->max_track - 1,
+ cur_drv->sect, 1);
+ } else {
+ fd_seek(cur_drv, cur_drv->head,
+ cur_drv->track + fdctrl->fifo[2], cur_drv->sect, 1);
+ }
+ fdctrl_reset_fifo(fdctrl);
+ /* Raise Interrupt */
+ fdctrl->status0 |= FD_SR0_SEEK;
+ fdctrl_raise_irq(fdctrl);
+}
+
+static void fdctrl_handle_relative_seek_out(FDCtrl *fdctrl, int direction)
+{
+ FDrive *cur_drv;
+
+ SET_CUR_DRV(fdctrl, fdctrl->fifo[1] & FD_DOR_SELMASK);
+ cur_drv = get_cur_drv(fdctrl);
+ if (fdctrl->fifo[2] > cur_drv->track) {
+ fd_seek(cur_drv, cur_drv->head, 0, cur_drv->sect, 1);
+ } else {
+ fd_seek(cur_drv, cur_drv->head,
+ cur_drv->track - fdctrl->fifo[2], cur_drv->sect, 1);
+ }
+ fdctrl_reset_fifo(fdctrl);
+ /* Raise Interrupt */
+ fdctrl->status0 |= FD_SR0_SEEK;
+ fdctrl_raise_irq(fdctrl);
+}
+
+static const struct {
+ uint8_t value;
+ uint8_t mask;
+ const char* name;
+ int parameters;
+ void (*handler)(FDCtrl *fdctrl, int direction);
+ int direction;
+} handlers[] = {
+ { FD_CMD_READ, 0x1f, "READ", 8, fdctrl_start_transfer, FD_DIR_READ },
+ { FD_CMD_WRITE, 0x3f, "WRITE", 8, fdctrl_start_transfer, FD_DIR_WRITE },
+ { FD_CMD_SEEK, 0xff, "SEEK", 2, fdctrl_handle_seek },
+ { FD_CMD_SENSE_INTERRUPT_STATUS, 0xff, "SENSE INTERRUPT STATUS", 0, fdctrl_handle_sense_interrupt_status },
+ { FD_CMD_RECALIBRATE, 0xff, "RECALIBRATE", 1, fdctrl_handle_recalibrate },
+ { FD_CMD_FORMAT_TRACK, 0xbf, "FORMAT TRACK", 5, fdctrl_handle_format_track },
+ { FD_CMD_READ_TRACK, 0xbf, "READ TRACK", 8, fdctrl_start_transfer, FD_DIR_READ },
+ { FD_CMD_RESTORE, 0xff, "RESTORE", 17, fdctrl_handle_restore }, /* part of READ DELETED DATA */
+ { FD_CMD_SAVE, 0xff, "SAVE", 0, fdctrl_handle_save }, /* part of READ DELETED DATA */
+ { FD_CMD_READ_DELETED, 0x1f, "READ DELETED DATA", 8, fdctrl_start_transfer_del, FD_DIR_READ },
+ { FD_CMD_SCAN_EQUAL, 0x1f, "SCAN EQUAL", 8, fdctrl_start_transfer, FD_DIR_SCANE },
+ { FD_CMD_VERIFY, 0x1f, "VERIFY", 8, fdctrl_start_transfer, FD_DIR_VERIFY },
+ { FD_CMD_SCAN_LOW_OR_EQUAL, 0x1f, "SCAN LOW OR EQUAL", 8, fdctrl_start_transfer, FD_DIR_SCANL },
+ { FD_CMD_SCAN_HIGH_OR_EQUAL, 0x1f, "SCAN HIGH OR EQUAL", 8, fdctrl_start_transfer, FD_DIR_SCANH },
+ { FD_CMD_WRITE_DELETED, 0x3f, "WRITE DELETED DATA", 8, fdctrl_start_transfer_del, FD_DIR_WRITE },
+ { FD_CMD_READ_ID, 0xbf, "READ ID", 1, fdctrl_handle_readid },
+ { FD_CMD_SPECIFY, 0xff, "SPECIFY", 2, fdctrl_handle_specify },
+ { FD_CMD_SENSE_DRIVE_STATUS, 0xff, "SENSE DRIVE STATUS", 1, fdctrl_handle_sense_drive_status },
+ { FD_CMD_PERPENDICULAR_MODE, 0xff, "PERPENDICULAR MODE", 1, fdctrl_handle_perpendicular_mode },
+ { FD_CMD_CONFIGURE, 0xff, "CONFIGURE", 3, fdctrl_handle_configure },
+ { FD_CMD_POWERDOWN_MODE, 0xff, "POWERDOWN MODE", 2, fdctrl_handle_powerdown_mode },
+ { FD_CMD_OPTION, 0xff, "OPTION", 1, fdctrl_handle_option },
+ { FD_CMD_DRIVE_SPECIFICATION_COMMAND, 0xff, "DRIVE SPECIFICATION COMMAND", 5, fdctrl_handle_drive_specification_command },
+ { FD_CMD_RELATIVE_SEEK_OUT, 0xff, "RELATIVE SEEK OUT", 2, fdctrl_handle_relative_seek_out },
+ { FD_CMD_FORMAT_AND_WRITE, 0xff, "FORMAT AND WRITE", 10, fdctrl_unimplemented },
+ { FD_CMD_RELATIVE_SEEK_IN, 0xff, "RELATIVE SEEK IN", 2, fdctrl_handle_relative_seek_in },
+ { FD_CMD_LOCK, 0x7f, "LOCK", 0, fdctrl_handle_lock },
+ { FD_CMD_DUMPREG, 0xff, "DUMPREG", 0, fdctrl_handle_dumpreg },
+ { FD_CMD_VERSION, 0xff, "VERSION", 0, fdctrl_handle_version },
+ { FD_CMD_PART_ID, 0xff, "PART ID", 0, fdctrl_handle_partid },
+ { FD_CMD_WRITE, 0x1f, "WRITE (BeOS)", 8, fdctrl_start_transfer, FD_DIR_WRITE }, /* not in specification ; BeOS 4.5 bug */
+ { 0, 0, "unknown", 0, fdctrl_unimplemented }, /* default handler */
+};
+/* Associate command to an index in the 'handlers' array */
+static uint8_t command_to_handler[256];
+
+static void fdctrl_write_data(FDCtrl *fdctrl, uint32_t value)
+{
+ FDrive *cur_drv;
+ int pos;
+
+ /* Reset mode */
+ if (!(fdctrl->dor & FD_DOR_nRESET)) {
+ FLOPPY_DPRINTF("Floppy controller in RESET state !\n");
+ return;
+ }
+ if (!(fdctrl->msr & FD_MSR_RQM) || (fdctrl->msr & FD_MSR_DIO)) {
+ FLOPPY_DPRINTF("error: controller not ready for writing\n");
+ return;
+ }
+ fdctrl->dsr &= ~FD_DSR_PWRDOWN;
+ /* Is it write command time ? */
+ if (fdctrl->msr & FD_MSR_NONDMA) {
+ /* FIFO data write */
+ pos = fdctrl->data_pos++;
+ pos %= FD_SECTOR_LEN;
+ fdctrl->fifo[pos] = value;
+ if (pos == FD_SECTOR_LEN - 1 ||
+ fdctrl->data_pos == fdctrl->data_len) {
+ cur_drv = get_cur_drv(fdctrl);
+ if (bdrv_write(cur_drv->bs, fd_sector(cur_drv), fdctrl->fifo, 1) < 0) {
+ FLOPPY_DPRINTF("error writing sector %d\n",
+ fd_sector(cur_drv));
+ return;
+ }
+ if (!fdctrl_seek_to_next_sect(fdctrl, cur_drv)) {
+ FLOPPY_DPRINTF("error seeking to next sector %d\n",
+ fd_sector(cur_drv));
+ return;
+ }
+ }
+ /* Switch from transfer mode to status mode
+ * then from status mode to command mode
+ */
+ if (fdctrl->data_pos == fdctrl->data_len)
+ fdctrl_stop_transfer(fdctrl, 0x00, 0x00, 0x00);
+ return;
+ }
+ if (fdctrl->data_pos == 0) {
+ /* Command */
+ pos = command_to_handler[value & 0xff];
+ FLOPPY_DPRINTF("%s command\n", handlers[pos].name);
+ fdctrl->data_len = handlers[pos].parameters + 1;
+ fdctrl->msr |= FD_MSR_CMDBUSY;
+ }
+
+ FLOPPY_DPRINTF("%s: %02x\n", __func__, value);
+ fdctrl->fifo[fdctrl->data_pos++] = value;
+ if (fdctrl->data_pos == fdctrl->data_len) {
+ /* We now have all parameters
+ * and will be able to treat the command
+ */
+ if (fdctrl->data_state & FD_STATE_FORMAT) {
+ fdctrl_format_sector(fdctrl);
+ return;
+ }
+
+ pos = command_to_handler[fdctrl->fifo[0] & 0xff];
+ FLOPPY_DPRINTF("treat %s command\n", handlers[pos].name);
+ (*handlers[pos].handler)(fdctrl, handlers[pos].direction);
+ }
+}
+
+static void fdctrl_result_timer(void *opaque)
+{
+ FDCtrl *fdctrl = opaque;
+ FDrive *cur_drv = get_cur_drv(fdctrl);
+
+ /* Pretend we are spinning.
+ * This is needed for Coherent, which uses READ ID to check for
+ * sector interleaving.
+ */
+ if (cur_drv->last_sect != 0) {
+ cur_drv->sect = (cur_drv->sect % cur_drv->last_sect) + 1;
+ }
+ /* READ_ID can't automatically succeed! */
+ if (fdctrl->check_media_rate &&
+ (fdctrl->dsr & FD_DSR_DRATEMASK) != cur_drv->media_rate) {
+ FLOPPY_DPRINTF("read id rate mismatch (fdc=%d, media=%d)\n",
+ fdctrl->dsr & FD_DSR_DRATEMASK, cur_drv->media_rate);
+ fdctrl_stop_transfer(fdctrl, FD_SR0_ABNTERM, FD_SR1_MA, 0x00);
+ } else {
+ fdctrl_stop_transfer(fdctrl, 0x00, 0x00, 0x00);
+ }
+}
+
+static void fdctrl_change_cb(void *opaque, bool load)
+{
+ FDrive *drive = opaque;
+
+ drive->media_changed = 1;
+ fd_revalidate(drive);
+}
+
+static const BlockDevOps fdctrl_block_ops = {
+ .change_media_cb = fdctrl_change_cb,
+};
+
+/* Init functions */
+static void fdctrl_connect_drives(FDCtrl *fdctrl, Error **errp)
+{
+ unsigned int i;
+ FDrive *drive;
+
+ for (i = 0; i < MAX_FD; i++) {
+ drive = &fdctrl->drives[i];
+ drive->fdctrl = fdctrl;
+
+ if (drive->bs) {
+ if (bdrv_get_on_error(drive->bs, 0) != BLOCKDEV_ON_ERROR_ENOSPC) {
+ error_setg(errp, "fdc doesn't support drive option werror");
+ return;
+ }
+ if (bdrv_get_on_error(drive->bs, 1) != BLOCKDEV_ON_ERROR_REPORT) {
+ error_setg(errp, "fdc doesn't support drive option rerror");
+ return;
+ }
+ }
+
+ fd_init(drive);
+ fdctrl_change_cb(drive, 0);
+ if (drive->bs) {
+ bdrv_set_dev_ops(drive->bs, &fdctrl_block_ops, drive);
+ }
+ }
+}
+
+ISADevice *fdctrl_init_isa(ISABus *bus, DriveInfo **fds)
+{
+ DeviceState *dev;
+ ISADevice *isadev;
+
+ isadev = isa_try_create(bus, TYPE_ISA_FDC);
+ if (!isadev) {
+ return NULL;
+ }
+ dev = DEVICE(isadev);
+
+ if (fds[0]) {
+ qdev_prop_set_drive_nofail(dev, "driveA", fds[0]->bdrv);
+ }
+ if (fds[1]) {
+ qdev_prop_set_drive_nofail(dev, "driveB", fds[1]->bdrv);
+ }
+ qdev_init_nofail(dev);
+
+ return isadev;
+}
+
+void fdctrl_init_sysbus(qemu_irq irq, int dma_chann,
+ hwaddr mmio_base, DriveInfo **fds)
+{
+ FDCtrl *fdctrl;
+ DeviceState *dev;
+ SysBusDevice *sbd;
+ FDCtrlSysBus *sys;
+
+ dev = qdev_create(NULL, "sysbus-fdc");
+ sys = SYSBUS_FDC(dev);
+ fdctrl = &sys->state;
+ fdctrl->dma_chann = dma_chann; /* FIXME */
+ if (fds[0]) {
+ qdev_prop_set_drive_nofail(dev, "driveA", fds[0]->bdrv);
+ }
+ if (fds[1]) {
+ qdev_prop_set_drive_nofail(dev, "driveB", fds[1]->bdrv);
+ }
+ qdev_init_nofail(dev);
+ sbd = SYS_BUS_DEVICE(dev);
+ sysbus_connect_irq(sbd, 0, irq);
+ sysbus_mmio_map(sbd, 0, mmio_base);
+}
+
+void sun4m_fdctrl_init(qemu_irq irq, hwaddr io_base,
+ DriveInfo **fds, qemu_irq *fdc_tc)
+{
+ DeviceState *dev;
+ FDCtrlSysBus *sys;
+
+ dev = qdev_create(NULL, "SUNW,fdtwo");
+ if (fds[0]) {
+ qdev_prop_set_drive_nofail(dev, "drive", fds[0]->bdrv);
+ }
+ qdev_init_nofail(dev);
+ sys = SYSBUS_FDC(dev);
+ sysbus_connect_irq(SYS_BUS_DEVICE(sys), 0, irq);
+ sysbus_mmio_map(SYS_BUS_DEVICE(sys), 0, io_base);
+ *fdc_tc = qdev_get_gpio_in(dev, 0);
+}
+
+static void fdctrl_realize_common(FDCtrl *fdctrl, Error **errp)
+{
+ int i, j;
+ static int command_tables_inited = 0;
+
+ /* Fill 'command_to_handler' lookup table */
+ if (!command_tables_inited) {
+ command_tables_inited = 1;
+ for (i = ARRAY_SIZE(handlers) - 1; i >= 0; i--) {
+ for (j = 0; j < sizeof(command_to_handler); j++) {
+ if ((j & handlers[i].mask) == handlers[i].value) {
+ command_to_handler[j] = i;
+ }
+ }
+ }
+ }
+
+ FLOPPY_DPRINTF("init controller\n");
+ fdctrl->fifo = qemu_memalign(512, FD_SECTOR_LEN);
+ fdctrl->fifo_size = 512;
+ fdctrl->result_timer = qemu_new_timer_ns(vm_clock,
+ fdctrl_result_timer, fdctrl);
+
+ fdctrl->version = 0x90; /* Intel 82078 controller */
+ fdctrl->config = FD_CONFIG_EIS | FD_CONFIG_EFIFO; /* Implicit seek, polling & FIFO enabled */
+ fdctrl->num_floppies = MAX_FD;
+
+ if (fdctrl->dma_chann != -1) {
+ DMA_register_channel(fdctrl->dma_chann, &fdctrl_transfer_handler, fdctrl);
+ }
+ fdctrl_connect_drives(fdctrl, errp);
+}
+
+static const MemoryRegionPortio fdc_portio_list[] = {
+ { 1, 5, 1, .read = fdctrl_read, .write = fdctrl_write },
+ { 7, 1, 1, .read = fdctrl_read, .write = fdctrl_write },
+ PORTIO_END_OF_LIST(),
+};
+
+static void isabus_fdc_realize(DeviceState *dev, Error **errp)
+{
+ ISADevice *isadev = ISA_DEVICE(dev);
+ FDCtrlISABus *isa = ISA_FDC(dev);
+ FDCtrl *fdctrl = &isa->state;
+ Error *err = NULL;
+
+ isa_register_portio_list(isadev, isa->iobase, fdc_portio_list, fdctrl,
+ "fdc");
+
+ isa_init_irq(isadev, &fdctrl->irq, isa->irq);
+ fdctrl->dma_chann = isa->dma;
+
+ qdev_set_legacy_instance_id(dev, isa->iobase, 2);
+ fdctrl_realize_common(fdctrl, &err);
+ if (err != NULL) {
+ error_propagate(errp, err);
+ return;
+ }
+
+ add_boot_device_path(isa->bootindexA, dev, "/floppy@0");
+ add_boot_device_path(isa->bootindexB, dev, "/floppy@1");
+}
+
+static void sysbus_fdc_initfn(Object *obj)
+{
+ SysBusDevice *sbd = SYS_BUS_DEVICE(obj);
+ FDCtrlSysBus *sys = SYSBUS_FDC(obj);
+ FDCtrl *fdctrl = &sys->state;
+
+ fdctrl->dma_chann = -1;
+
+ memory_region_init_io(&fdctrl->iomem, obj, &fdctrl_mem_ops, fdctrl,
+ "fdc", 0x08);
+ sysbus_init_mmio(sbd, &fdctrl->iomem);
+}
+
+static void sun4m_fdc_initfn(Object *obj)
+{
+ SysBusDevice *sbd = SYS_BUS_DEVICE(obj);
+ FDCtrlSysBus *sys = SYSBUS_FDC(obj);
+ FDCtrl *fdctrl = &sys->state;
+
+ fdctrl->sun4m = 1;
+
+ memory_region_init_io(&fdctrl->iomem, obj, &fdctrl_mem_strict_ops,
+ fdctrl, "fdctrl", 0x08);
+ sysbus_init_mmio(sbd, &fdctrl->iomem);
+}
+
+static void sysbus_fdc_common_initfn(Object *obj)
+{
+ DeviceState *dev = DEVICE(obj);
+ SysBusDevice *sbd = SYS_BUS_DEVICE(dev);
+ FDCtrlSysBus *sys = SYSBUS_FDC(obj);
+ FDCtrl *fdctrl = &sys->state;
+
+ qdev_set_legacy_instance_id(dev, 0 /* io */, 2); /* FIXME */
+
+ sysbus_init_irq(sbd, &fdctrl->irq);
+ qdev_init_gpio_in(dev, fdctrl_handle_tc, 1);
+}
+
+static void sysbus_fdc_common_realize(DeviceState *dev, Error **errp)
+{
+ FDCtrlSysBus *sys = SYSBUS_FDC(dev);
+ FDCtrl *fdctrl = &sys->state;
+
+ fdctrl_realize_common(fdctrl, errp);
+}
+
+FDriveType isa_fdc_get_drive_type(ISADevice *fdc, int i)
+{
+ FDCtrlISABus *isa = ISA_FDC(fdc);
+
+ return isa->state.drives[i].drive;
+}
+
+static const VMStateDescription vmstate_isa_fdc ={
+ .name = "fdc",
+ .version_id = 2,
+ .minimum_version_id = 2,
+ .fields = (VMStateField []) {
+ VMSTATE_STRUCT(state, FDCtrlISABus, 0, vmstate_fdc, FDCtrl),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+static Property isa_fdc_properties[] = {
+ DEFINE_PROP_HEX32("iobase", FDCtrlISABus, iobase, 0x3f0),
+ DEFINE_PROP_UINT32("irq", FDCtrlISABus, irq, 6),
+ DEFINE_PROP_UINT32("dma", FDCtrlISABus, dma, 2),
+ DEFINE_PROP_DRIVE("driveA", FDCtrlISABus, state.drives[0].bs),
+ DEFINE_PROP_DRIVE("driveB", FDCtrlISABus, state.drives[1].bs),
+ DEFINE_PROP_INT32("bootindexA", FDCtrlISABus, bootindexA, -1),
+ DEFINE_PROP_INT32("bootindexB", FDCtrlISABus, bootindexB, -1),
+ DEFINE_PROP_BIT("check_media_rate", FDCtrlISABus, state.check_media_rate,
+ 0, true),
+ DEFINE_PROP_END_OF_LIST(),
+};
+
+static void isabus_fdc_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+
+ dc->realize = isabus_fdc_realize;
+ dc->fw_name = "fdc";
+ dc->no_user = 1;
+ dc->reset = fdctrl_external_reset_isa;
+ dc->vmsd = &vmstate_isa_fdc;
+ dc->props = isa_fdc_properties;
+ set_bit(DEVICE_CATEGORY_STORAGE, dc->categories);
+}
+
+static const TypeInfo isa_fdc_info = {
+ .name = TYPE_ISA_FDC,
+ .parent = TYPE_ISA_DEVICE,
+ .instance_size = sizeof(FDCtrlISABus),
+ .class_init = isabus_fdc_class_init,
+};
+
+static const VMStateDescription vmstate_sysbus_fdc ={
+ .name = "fdc",
+ .version_id = 2,
+ .minimum_version_id = 2,
+ .fields = (VMStateField []) {
+ VMSTATE_STRUCT(state, FDCtrlSysBus, 0, vmstate_fdc, FDCtrl),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+static Property sysbus_fdc_properties[] = {
+ DEFINE_PROP_DRIVE("driveA", FDCtrlSysBus, state.drives[0].bs),
+ DEFINE_PROP_DRIVE("driveB", FDCtrlSysBus, state.drives[1].bs),
+ DEFINE_PROP_END_OF_LIST(),
+};
+
+static void sysbus_fdc_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+
+ dc->props = sysbus_fdc_properties;
+ set_bit(DEVICE_CATEGORY_STORAGE, dc->categories);
+}
+
+static const TypeInfo sysbus_fdc_info = {
+ .name = "sysbus-fdc",
+ .parent = TYPE_SYSBUS_FDC,
+ .instance_init = sysbus_fdc_initfn,
+ .class_init = sysbus_fdc_class_init,
+};
+
+static Property sun4m_fdc_properties[] = {
+ DEFINE_PROP_DRIVE("drive", FDCtrlSysBus, state.drives[0].bs),
+ DEFINE_PROP_END_OF_LIST(),
+};
+
+static void sun4m_fdc_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+
+ dc->props = sun4m_fdc_properties;
+ set_bit(DEVICE_CATEGORY_STORAGE, dc->categories);
+}
+
+static const TypeInfo sun4m_fdc_info = {
+ .name = "SUNW,fdtwo",
+ .parent = TYPE_SYSBUS_FDC,
+ .instance_init = sun4m_fdc_initfn,
+ .class_init = sun4m_fdc_class_init,
+};
+
+static void sysbus_fdc_common_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+
+ dc->realize = sysbus_fdc_common_realize;
+ dc->reset = fdctrl_external_reset_sysbus;
+ dc->vmsd = &vmstate_sysbus_fdc;
+}
+
+static const TypeInfo sysbus_fdc_type_info = {
+ .name = TYPE_SYSBUS_FDC,
+ .parent = TYPE_SYS_BUS_DEVICE,
+ .instance_size = sizeof(FDCtrlSysBus),
+ .instance_init = sysbus_fdc_common_initfn,
+ .abstract = true,
+ .class_init = sysbus_fdc_common_class_init,
+};
+
+static void fdc_register_types(void)
+{
+ type_register_static(&isa_fdc_info);
+ type_register_static(&sysbus_fdc_type_info);
+ type_register_static(&sysbus_fdc_info);
+ type_register_static(&sun4m_fdc_info);
+}
+
+type_init(fdc_register_types)
diff --git a/hw/block/hd-geometry.c b/hw/block/hd-geometry.c
new file mode 100644
index 000000000..6feb4f817
--- /dev/null
+++ b/hw/block/hd-geometry.c
@@ -0,0 +1,157 @@
+/*
+ * Hard disk geometry utilities
+ *
+ * Copyright (C) 2012 Red Hat, Inc.
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or later.
+ * See the COPYING file in the top-level directory.
+ *
+ * This file incorporates work covered by the following copyright and
+ * permission notice:
+ *
+ * Copyright (c) 2003 Fabrice Bellard
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+#include "block/block.h"
+#include "hw/block/block.h"
+#include "trace.h"
+
+struct partition {
+ uint8_t boot_ind; /* 0x80 - active */
+ uint8_t head; /* starting head */
+ uint8_t sector; /* starting sector */
+ uint8_t cyl; /* starting cylinder */
+ uint8_t sys_ind; /* What partition type */
+ uint8_t end_head; /* end head */
+ uint8_t end_sector; /* end sector */
+ uint8_t end_cyl; /* end cylinder */
+ uint32_t start_sect; /* starting sector counting from 0 */
+ uint32_t nr_sects; /* nr of sectors in partition */
+} QEMU_PACKED;
+
+/* try to guess the disk logical geometry from the MSDOS partition table.
+ Return 0 if OK, -1 if could not guess */
+static int guess_disk_lchs(BlockDriverState *bs,
+ int *pcylinders, int *pheads, int *psectors)
+{
+ uint8_t buf[BDRV_SECTOR_SIZE];
+ int i, heads, sectors, cylinders;
+ struct partition *p;
+ uint32_t nr_sects;
+ uint64_t nb_sectors;
+
+ bdrv_get_geometry(bs, &nb_sectors);
+
+ /**
+ * The function will be invoked during startup not only in sync I/O mode,
+ * but also in async I/O mode. So the I/O throttling function has to
+ * be disabled temporarily here, not permanently.
+ */
+ if (bdrv_read_unthrottled(bs, 0, buf, 1) < 0) {
+ return -1;
+ }
+ /* test msdos magic */
+ if (buf[510] != 0x55 || buf[511] != 0xaa) {
+ return -1;
+ }
+ for (i = 0; i < 4; i++) {
+ p = ((struct partition *)(buf + 0x1be)) + i;
+ nr_sects = le32_to_cpu(p->nr_sects);
+ if (nr_sects && p->end_head) {
+ /* We make the assumption that the partition terminates on
+ a cylinder boundary */
+ heads = p->end_head + 1;
+ sectors = p->end_sector & 63;
+ if (sectors == 0) {
+ continue;
+ }
+ cylinders = nb_sectors / (heads * sectors);
+ if (cylinders < 1 || cylinders > 16383) {
+ continue;
+ }
+ *pheads = heads;
+ *psectors = sectors;
+ *pcylinders = cylinders;
+ trace_hd_geometry_lchs_guess(bs, cylinders, heads, sectors);
+ return 0;
+ }
+ }
+ return -1;
+}
+
+static void guess_chs_for_size(BlockDriverState *bs,
+ uint32_t *pcyls, uint32_t *pheads, uint32_t *psecs)
+{
+ uint64_t nb_sectors;
+ int cylinders;
+
+ bdrv_get_geometry(bs, &nb_sectors);
+
+ cylinders = nb_sectors / (16 * 63);
+ if (cylinders > 16383) {
+ cylinders = 16383;
+ } else if (cylinders < 2) {
+ cylinders = 2;
+ }
+ *pcyls = cylinders;
+ *pheads = 16;
+ *psecs = 63;
+}
+
+void hd_geometry_guess(BlockDriverState *bs,
+ uint32_t *pcyls, uint32_t *pheads, uint32_t *psecs,
+ int *ptrans)
+{
+ int cylinders, heads, secs, translation;
+
+ if (guess_disk_lchs(bs, &cylinders, &heads, &secs) < 0) {
+ /* no LCHS guess: use a standard physical disk geometry */
+ guess_chs_for_size(bs, pcyls, pheads, psecs);
+ translation = hd_bios_chs_auto_trans(*pcyls, *pheads, *psecs);
+ } else if (heads > 16) {
+ /* LCHS guess with heads > 16 means that a BIOS LBA
+ translation was active, so a standard physical disk
+ geometry is OK */
+ guess_chs_for_size(bs, pcyls, pheads, psecs);
+ translation = *pcyls * *pheads <= 131072
+ ? BIOS_ATA_TRANSLATION_LARGE
+ : BIOS_ATA_TRANSLATION_LBA;
+ } else {
+ /* LCHS guess with heads <= 16: use as physical geometry */
+ *pcyls = cylinders;
+ *pheads = heads;
+ *psecs = secs;
+ /* disable any translation to be in sync with
+ the logical geometry */
+ translation = BIOS_ATA_TRANSLATION_NONE;
+ }
+ if (ptrans) {
+ *ptrans = translation;
+ }
+ trace_hd_geometry_guess(bs, *pcyls, *pheads, *psecs, translation);
+}
+
+int hd_bios_chs_auto_trans(uint32_t cyls, uint32_t heads, uint32_t secs)
+{
+ return cyls <= 1024 && heads <= 16 && secs <= 63
+ ? BIOS_ATA_TRANSLATION_NONE
+ : BIOS_ATA_TRANSLATION_LBA;
+}
diff --git a/hw/block/m25p80.c b/hw/block/m25p80.c
new file mode 100644
index 000000000..8c3b7f0d3
--- /dev/null
+++ b/hw/block/m25p80.c
@@ -0,0 +1,703 @@
+/*
+ * ST M25P80 emulator. Emulate all SPI flash devices based on the m25p80 command
+ * set. Known devices table current as of Jun/2012 and taken from linux.
+ * See drivers/mtd/devices/m25p80.c.
+ *
+ * Copyright (C) 2011 Edgar E. Iglesias <edgar.iglesias@gmail.com>
+ * Copyright (C) 2012 Peter A. G. Crosthwaite <peter.crosthwaite@petalogix.com>
+ * Copyright (C) 2012 PetaLogix
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License as
+ * published by the Free Software Foundation; either version 2 or
+ * (at your option) a later version of the License.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "hw/hw.h"
+#include "sysemu/blockdev.h"
+#include "hw/ssi.h"
+
+#ifndef M25P80_ERR_DEBUG
+#define M25P80_ERR_DEBUG 0
+#endif
+
+#define DB_PRINT_L(level, ...) do { \
+ if (M25P80_ERR_DEBUG > (level)) { \
+ fprintf(stderr, ": %s: ", __func__); \
+ fprintf(stderr, ## __VA_ARGS__); \
+ } \
+} while (0);
+
+/* Fields for FlashPartInfo->flags */
+
+/* erase capabilities */
+#define ER_4K 1
+#define ER_32K 2
+/* set to allow the page program command to write 0s back to 1. Useful for
+ * modelling EEPROM with SPI flash command set
+ */
+#define WR_1 0x100
+
+typedef struct FlashPartInfo {
+ const char *part_name;
+ /* jedec code. (jedec >> 16) & 0xff is the 1st byte, >> 8 the 2nd etc */
+ uint32_t jedec;
+ /* extended jedec code */
+ uint16_t ext_jedec;
+ /* there is confusion between manufacturers as to what a sector is. In this
+ * device model, a "sector" is the size that is erased by the ERASE_SECTOR
+ * command (opcode 0xd8).
+ */
+ uint32_t sector_size;
+ uint32_t n_sectors;
+ uint32_t page_size;
+ uint8_t flags;
+} FlashPartInfo;
+
+/* adapted from linux */
+
+#define INFO(_part_name, _jedec, _ext_jedec, _sector_size, _n_sectors, _flags)\
+ .part_name = (_part_name),\
+ .jedec = (_jedec),\
+ .ext_jedec = (_ext_jedec),\
+ .sector_size = (_sector_size),\
+ .n_sectors = (_n_sectors),\
+ .page_size = 256,\
+ .flags = (_flags),\
+
+#define JEDEC_NUMONYX 0x20
+#define JEDEC_WINBOND 0xEF
+#define JEDEC_SPANSION 0x01
+
+static const FlashPartInfo known_devices[] = {
+ /* Atmel -- some are (confusingly) marketed as "DataFlash" */
+ { INFO("at25fs010", 0x1f6601, 0, 32 << 10, 4, ER_4K) },
+ { INFO("at25fs040", 0x1f6604, 0, 64 << 10, 8, ER_4K) },
+
+ { INFO("at25df041a", 0x1f4401, 0, 64 << 10, 8, ER_4K) },
+ { INFO("at25df321a", 0x1f4701, 0, 64 << 10, 64, ER_4K) },
+ { INFO("at25df641", 0x1f4800, 0, 64 << 10, 128, ER_4K) },
+
+ { INFO("at26f004", 0x1f0400, 0, 64 << 10, 8, ER_4K) },
+ { INFO("at26df081a", 0x1f4501, 0, 64 << 10, 16, ER_4K) },
+ { INFO("at26df161a", 0x1f4601, 0, 64 << 10, 32, ER_4K) },
+ { INFO("at26df321", 0x1f4700, 0, 64 << 10, 64, ER_4K) },
+
+ { INFO("at45db081d", 0x1f2500, 0, 64 << 10, 16, ER_4K) },
+
+ /* EON -- en25xxx */
+ { INFO("en25f32", 0x1c3116, 0, 64 << 10, 64, ER_4K) },
+ { INFO("en25p32", 0x1c2016, 0, 64 << 10, 64, 0) },
+ { INFO("en25q32b", 0x1c3016, 0, 64 << 10, 64, 0) },
+ { INFO("en25p64", 0x1c2017, 0, 64 << 10, 128, 0) },
+ { INFO("en25q64", 0x1c3017, 0, 64 << 10, 128, ER_4K) },
+
+ /* GigaDevice */
+ { INFO("gd25q32", 0xc84016, 0, 64 << 10, 64, ER_4K) },
+ { INFO("gd25q64", 0xc84017, 0, 64 << 10, 128, ER_4K) },
+
+ /* Intel/Numonyx -- xxxs33b */
+ { INFO("160s33b", 0x898911, 0, 64 << 10, 32, 0) },
+ { INFO("320s33b", 0x898912, 0, 64 << 10, 64, 0) },
+ { INFO("640s33b", 0x898913, 0, 64 << 10, 128, 0) },
+ { INFO("n25q064", 0x20ba17, 0, 64 << 10, 128, 0) },
+
+ /* Macronix */
+ { INFO("mx25l2005a", 0xc22012, 0, 64 << 10, 4, ER_4K) },
+ { INFO("mx25l4005a", 0xc22013, 0, 64 << 10, 8, ER_4K) },
+ { INFO("mx25l8005", 0xc22014, 0, 64 << 10, 16, 0) },
+ { INFO("mx25l1606e", 0xc22015, 0, 64 << 10, 32, ER_4K) },
+ { INFO("mx25l3205d", 0xc22016, 0, 64 << 10, 64, 0) },
+ { INFO("mx25l6405d", 0xc22017, 0, 64 << 10, 128, 0) },
+ { INFO("mx25l12805d", 0xc22018, 0, 64 << 10, 256, 0) },
+ { INFO("mx25l12855e", 0xc22618, 0, 64 << 10, 256, 0) },
+ { INFO("mx25l25635e", 0xc22019, 0, 64 << 10, 512, 0) },
+ { INFO("mx25l25655e", 0xc22619, 0, 64 << 10, 512, 0) },
+
+ /* Micron */
+ { INFO("n25q032a11", 0x20bb16, 0, 64 << 10, 64, ER_4K) },
+ { INFO("n25q032a13", 0x20ba16, 0, 64 << 10, 64, ER_4K) },
+ { INFO("n25q064a11", 0x20bb17, 0, 64 << 10, 128, ER_4K) },
+ { INFO("n25q064a13", 0x20ba17, 0, 64 << 10, 128, ER_4K) },
+ { INFO("n25q128a11", 0x20bb18, 0, 64 << 10, 256, ER_4K) },
+ { INFO("n25q128a13", 0x20ba18, 0, 64 << 10, 256, ER_4K) },
+ { INFO("n25q256a11", 0x20bb19, 0, 64 << 10, 512, ER_4K) },
+ { INFO("n25q256a13", 0x20ba19, 0, 64 << 10, 512, ER_4K) },
+
+ /* Spansion -- single (large) sector size only, at least
+ * for the chips listed here (without boot sectors).
+ */
+ { INFO("s25sl032p", 0x010215, 0x4d00, 64 << 10, 64, ER_4K) },
+ { INFO("s25sl064p", 0x010216, 0x4d00, 64 << 10, 128, ER_4K) },
+ { INFO("s25fl256s0", 0x010219, 0x4d00, 256 << 10, 128, 0) },
+ { INFO("s25fl256s1", 0x010219, 0x4d01, 64 << 10, 512, 0) },
+ { INFO("s25fl512s", 0x010220, 0x4d00, 256 << 10, 256, 0) },
+ { INFO("s70fl01gs", 0x010221, 0x4d00, 256 << 10, 256, 0) },
+ { INFO("s25sl12800", 0x012018, 0x0300, 256 << 10, 64, 0) },
+ { INFO("s25sl12801", 0x012018, 0x0301, 64 << 10, 256, 0) },
+ { INFO("s25fl129p0", 0x012018, 0x4d00, 256 << 10, 64, 0) },
+ { INFO("s25fl129p1", 0x012018, 0x4d01, 64 << 10, 256, 0) },
+ { INFO("s25sl004a", 0x010212, 0, 64 << 10, 8, 0) },
+ { INFO("s25sl008a", 0x010213, 0, 64 << 10, 16, 0) },
+ { INFO("s25sl016a", 0x010214, 0, 64 << 10, 32, 0) },
+ { INFO("s25sl032a", 0x010215, 0, 64 << 10, 64, 0) },
+ { INFO("s25sl064a", 0x010216, 0, 64 << 10, 128, 0) },
+ { INFO("s25fl016k", 0xef4015, 0, 64 << 10, 32, ER_4K | ER_32K) },
+ { INFO("s25fl064k", 0xef4017, 0, 64 << 10, 128, ER_4K | ER_32K) },
+
+ /* SST -- large erase sizes are "overlays", "sectors" are 4<< 10 */
+ { INFO("sst25vf040b", 0xbf258d, 0, 64 << 10, 8, ER_4K) },
+ { INFO("sst25vf080b", 0xbf258e, 0, 64 << 10, 16, ER_4K) },
+ { INFO("sst25vf016b", 0xbf2541, 0, 64 << 10, 32, ER_4K) },
+ { INFO("sst25vf032b", 0xbf254a, 0, 64 << 10, 64, ER_4K) },
+ { INFO("sst25wf512", 0xbf2501, 0, 64 << 10, 1, ER_4K) },
+ { INFO("sst25wf010", 0xbf2502, 0, 64 << 10, 2, ER_4K) },
+ { INFO("sst25wf020", 0xbf2503, 0, 64 << 10, 4, ER_4K) },
+ { INFO("sst25wf040", 0xbf2504, 0, 64 << 10, 8, ER_4K) },
+
+ /* ST Microelectronics -- newer production may have feature updates */
+ { INFO("m25p05", 0x202010, 0, 32 << 10, 2, 0) },
+ { INFO("m25p10", 0x202011, 0, 32 << 10, 4, 0) },
+ { INFO("m25p20", 0x202012, 0, 64 << 10, 4, 0) },
+ { INFO("m25p40", 0x202013, 0, 64 << 10, 8, 0) },
+ { INFO("m25p80", 0x202014, 0, 64 << 10, 16, 0) },
+ { INFO("m25p16", 0x202015, 0, 64 << 10, 32, 0) },
+ { INFO("m25p32", 0x202016, 0, 64 << 10, 64, 0) },
+ { INFO("m25p64", 0x202017, 0, 64 << 10, 128, 0) },
+ { INFO("m25p128", 0x202018, 0, 256 << 10, 64, 0) },
+ { INFO("n25q032", 0x20ba16, 0, 64 << 10, 64, 0) },
+
+ { INFO("m45pe10", 0x204011, 0, 64 << 10, 2, 0) },
+ { INFO("m45pe80", 0x204014, 0, 64 << 10, 16, 0) },
+ { INFO("m45pe16", 0x204015, 0, 64 << 10, 32, 0) },
+
+ { INFO("m25pe20", 0x208012, 0, 64 << 10, 4, 0) },
+ { INFO("m25pe80", 0x208014, 0, 64 << 10, 16, 0) },
+ { INFO("m25pe16", 0x208015, 0, 64 << 10, 32, ER_4K) },
+
+ { INFO("m25px32", 0x207116, 0, 64 << 10, 64, ER_4K) },
+ { INFO("m25px32-s0", 0x207316, 0, 64 << 10, 64, ER_4K) },
+ { INFO("m25px32-s1", 0x206316, 0, 64 << 10, 64, ER_4K) },
+ { INFO("m25px64", 0x207117, 0, 64 << 10, 128, 0) },
+
+ /* Winbond -- w25x "blocks" are 64k, "sectors" are 4KiB */
+ { INFO("w25x10", 0xef3011, 0, 64 << 10, 2, ER_4K) },
+ { INFO("w25x20", 0xef3012, 0, 64 << 10, 4, ER_4K) },
+ { INFO("w25x40", 0xef3013, 0, 64 << 10, 8, ER_4K) },
+ { INFO("w25x80", 0xef3014, 0, 64 << 10, 16, ER_4K) },
+ { INFO("w25x16", 0xef3015, 0, 64 << 10, 32, ER_4K) },
+ { INFO("w25x32", 0xef3016, 0, 64 << 10, 64, ER_4K) },
+ { INFO("w25q32", 0xef4016, 0, 64 << 10, 64, ER_4K) },
+ { INFO("w25q32dw", 0xef6016, 0, 64 << 10, 64, ER_4K) },
+ { INFO("w25x64", 0xef3017, 0, 64 << 10, 128, ER_4K) },
+ { INFO("w25q64", 0xef4017, 0, 64 << 10, 128, ER_4K) },
+ { INFO("w25q80", 0xef5014, 0, 64 << 10, 16, ER_4K) },
+ { INFO("w25q80bl", 0xef4014, 0, 64 << 10, 16, ER_4K) },
+ { INFO("w25q256", 0xef4019, 0, 64 << 10, 512, ER_4K) },
+
+ /* Numonyx -- n25q128 */
+ { INFO("n25q128", 0x20ba18, 0, 64 << 10, 256, 0) },
+};
+
+typedef enum {
+ NOP = 0,
+ WRSR = 0x1,
+ WRDI = 0x4,
+ RDSR = 0x5,
+ WREN = 0x6,
+ JEDEC_READ = 0x9f,
+ BULK_ERASE = 0xc7,
+
+ READ = 0x3,
+ FAST_READ = 0xb,
+ DOR = 0x3b,
+ QOR = 0x6b,
+ DIOR = 0xbb,
+ QIOR = 0xeb,
+
+ PP = 0x2,
+ DPP = 0xa2,
+ QPP = 0x32,
+
+ ERASE_4K = 0x20,
+ ERASE_32K = 0x52,
+ ERASE_SECTOR = 0xd8,
+} FlashCMD;
+
+typedef enum {
+ STATE_IDLE,
+ STATE_PAGE_PROGRAM,
+ STATE_READ,
+ STATE_COLLECTING_DATA,
+ STATE_READING_DATA,
+} CMDState;
+
+typedef struct Flash {
+ SSISlave ssidev;
+ uint32_t r;
+
+ BlockDriverState *bdrv;
+
+ uint8_t *storage;
+ uint32_t size;
+ int page_size;
+
+ uint8_t state;
+ uint8_t data[16];
+ uint32_t len;
+ uint32_t pos;
+ uint8_t needed_bytes;
+ uint8_t cmd_in_progress;
+ uint64_t cur_addr;
+ bool write_enable;
+
+ int64_t dirty_page;
+
+ const FlashPartInfo *pi;
+
+} Flash;
+
+typedef struct M25P80Class {
+ SSISlaveClass parent_class;
+ FlashPartInfo *pi;
+} M25P80Class;
+
+#define TYPE_M25P80 "m25p80-generic"
+#define M25P80(obj) \
+ OBJECT_CHECK(Flash, (obj), TYPE_M25P80)
+#define M25P80_CLASS(klass) \
+ OBJECT_CLASS_CHECK(M25P80Class, (klass), TYPE_M25P80)
+#define M25P80_GET_CLASS(obj) \
+ OBJECT_GET_CLASS(M25P80Class, (obj), TYPE_M25P80)
+
+static void bdrv_sync_complete(void *opaque, int ret)
+{
+ /* do nothing. Masters do not directly interact with the backing store,
+ * only the working copy so no mutexing required.
+ */
+}
+
+static void flash_sync_page(Flash *s, int page)
+{
+ if (s->bdrv) {
+ int bdrv_sector, nb_sectors;
+ QEMUIOVector iov;
+
+ bdrv_sector = (page * s->pi->page_size) / BDRV_SECTOR_SIZE;
+ nb_sectors = DIV_ROUND_UP(s->pi->page_size, BDRV_SECTOR_SIZE);
+ qemu_iovec_init(&iov, 1);
+ qemu_iovec_add(&iov, s->storage + bdrv_sector * BDRV_SECTOR_SIZE,
+ nb_sectors * BDRV_SECTOR_SIZE);
+ bdrv_aio_writev(s->bdrv, bdrv_sector, &iov, nb_sectors,
+ bdrv_sync_complete, NULL);
+ }
+}
+
+static inline void flash_sync_area(Flash *s, int64_t off, int64_t len)
+{
+ int64_t start, end, nb_sectors;
+ QEMUIOVector iov;
+
+ if (!s->bdrv) {
+ return;
+ }
+
+ assert(!(len % BDRV_SECTOR_SIZE));
+ start = off / BDRV_SECTOR_SIZE;
+ end = (off + len) / BDRV_SECTOR_SIZE;
+ nb_sectors = end - start;
+ qemu_iovec_init(&iov, 1);
+ qemu_iovec_add(&iov, s->storage + (start * BDRV_SECTOR_SIZE),
+ nb_sectors * BDRV_SECTOR_SIZE);
+ bdrv_aio_writev(s->bdrv, start, &iov, nb_sectors, bdrv_sync_complete, NULL);
+}
+
+static void flash_erase(Flash *s, int offset, FlashCMD cmd)
+{
+ uint32_t len;
+ uint8_t capa_to_assert = 0;
+
+ switch (cmd) {
+ case ERASE_4K:
+ len = 4 << 10;
+ capa_to_assert = ER_4K;
+ break;
+ case ERASE_32K:
+ len = 32 << 10;
+ capa_to_assert = ER_32K;
+ break;
+ case ERASE_SECTOR:
+ len = s->pi->sector_size;
+ break;
+ case BULK_ERASE:
+ len = s->size;
+ break;
+ default:
+ abort();
+ }
+
+ DB_PRINT_L(0, "offset = %#x, len = %d\n", offset, len);
+ if ((s->pi->flags & capa_to_assert) != capa_to_assert) {
+ qemu_log_mask(LOG_GUEST_ERROR, "M25P80: %d erase size not supported by"
+ " device\n", len);
+ }
+
+ if (!s->write_enable) {
+ qemu_log_mask(LOG_GUEST_ERROR, "M25P80: erase with write protect!\n");
+ return;
+ }
+ memset(s->storage + offset, 0xff, len);
+ flash_sync_area(s, offset, len);
+}
+
+static inline void flash_sync_dirty(Flash *s, int64_t newpage)
+{
+ if (s->dirty_page >= 0 && s->dirty_page != newpage) {
+ flash_sync_page(s, s->dirty_page);
+ s->dirty_page = newpage;
+ }
+}
+
+static inline
+void flash_write8(Flash *s, uint64_t addr, uint8_t data)
+{
+ int64_t page = addr / s->pi->page_size;
+ uint8_t prev = s->storage[s->cur_addr];
+
+ if (!s->write_enable) {
+ qemu_log_mask(LOG_GUEST_ERROR, "M25P80: write with write protect!\n");
+ }
+
+ if ((prev ^ data) & data) {
+ DB_PRINT_L(1, "programming zero to one! addr=%" PRIx64 " %" PRIx8
+ " -> %" PRIx8 "\n", addr, prev, data);
+ }
+
+ if (s->pi->flags & WR_1) {
+ s->storage[s->cur_addr] = data;
+ } else {
+ s->storage[s->cur_addr] &= data;
+ }
+
+ flash_sync_dirty(s, page);
+ s->dirty_page = page;
+}
+
+static void complete_collecting_data(Flash *s)
+{
+ s->cur_addr = s->data[0] << 16;
+ s->cur_addr |= s->data[1] << 8;
+ s->cur_addr |= s->data[2];
+
+ s->state = STATE_IDLE;
+
+ switch (s->cmd_in_progress) {
+ case DPP:
+ case QPP:
+ case PP:
+ s->state = STATE_PAGE_PROGRAM;
+ break;
+ case READ:
+ case FAST_READ:
+ case DOR:
+ case QOR:
+ case DIOR:
+ case QIOR:
+ s->state = STATE_READ;
+ break;
+ case ERASE_4K:
+ case ERASE_32K:
+ case ERASE_SECTOR:
+ flash_erase(s, s->cur_addr, s->cmd_in_progress);
+ break;
+ case WRSR:
+ if (s->write_enable) {
+ s->write_enable = false;
+ }
+ break;
+ default:
+ break;
+ }
+}
+
+static void decode_new_cmd(Flash *s, uint32_t value)
+{
+ s->cmd_in_progress = value;
+ DB_PRINT_L(0, "decoded new command:%x\n", value);
+
+ switch (value) {
+
+ case ERASE_4K:
+ case ERASE_32K:
+ case ERASE_SECTOR:
+ case READ:
+ case DPP:
+ case QPP:
+ case PP:
+ s->needed_bytes = 3;
+ s->pos = 0;
+ s->len = 0;
+ s->state = STATE_COLLECTING_DATA;
+ break;
+
+ case FAST_READ:
+ case DOR:
+ case QOR:
+ s->needed_bytes = 4;
+ s->pos = 0;
+ s->len = 0;
+ s->state = STATE_COLLECTING_DATA;
+ break;
+
+ case DIOR:
+ switch ((s->pi->jedec >> 16) & 0xFF) {
+ case JEDEC_WINBOND:
+ case JEDEC_SPANSION:
+ s->needed_bytes = 4;
+ break;
+ case JEDEC_NUMONYX:
+ default:
+ s->needed_bytes = 5;
+ }
+ s->pos = 0;
+ s->len = 0;
+ s->state = STATE_COLLECTING_DATA;
+ break;
+
+ case QIOR:
+ switch ((s->pi->jedec >> 16) & 0xFF) {
+ case JEDEC_WINBOND:
+ case JEDEC_SPANSION:
+ s->needed_bytes = 6;
+ break;
+ case JEDEC_NUMONYX:
+ default:
+ s->needed_bytes = 8;
+ }
+ s->pos = 0;
+ s->len = 0;
+ s->state = STATE_COLLECTING_DATA;
+ break;
+
+ case WRSR:
+ if (s->write_enable) {
+ s->needed_bytes = 1;
+ s->pos = 0;
+ s->len = 0;
+ s->state = STATE_COLLECTING_DATA;
+ }
+ break;
+
+ case WRDI:
+ s->write_enable = false;
+ break;
+ case WREN:
+ s->write_enable = true;
+ break;
+
+ case RDSR:
+ s->data[0] = (!!s->write_enable) << 1;
+ s->pos = 0;
+ s->len = 1;
+ s->state = STATE_READING_DATA;
+ break;
+
+ case JEDEC_READ:
+ DB_PRINT_L(0, "populated jedec code\n");
+ s->data[0] = (s->pi->jedec >> 16) & 0xff;
+ s->data[1] = (s->pi->jedec >> 8) & 0xff;
+ s->data[2] = s->pi->jedec & 0xff;
+ if (s->pi->ext_jedec) {
+ s->data[3] = (s->pi->ext_jedec >> 8) & 0xff;
+ s->data[4] = s->pi->ext_jedec & 0xff;
+ s->len = 5;
+ } else {
+ s->len = 3;
+ }
+ s->pos = 0;
+ s->state = STATE_READING_DATA;
+ break;
+
+ case BULK_ERASE:
+ if (s->write_enable) {
+ DB_PRINT_L(0, "chip erase\n");
+ flash_erase(s, 0, BULK_ERASE);
+ } else {
+ qemu_log_mask(LOG_GUEST_ERROR, "M25P80: chip erase with write "
+ "protect!\n");
+ }
+ break;
+ case NOP:
+ break;
+ default:
+ qemu_log_mask(LOG_GUEST_ERROR, "M25P80: Unknown cmd %x\n", value);
+ break;
+ }
+}
+
+static int m25p80_cs(SSISlave *ss, bool select)
+{
+ Flash *s = FROM_SSI_SLAVE(Flash, ss);
+
+ if (select) {
+ s->len = 0;
+ s->pos = 0;
+ s->state = STATE_IDLE;
+ flash_sync_dirty(s, -1);
+ }
+
+ DB_PRINT_L(0, "%sselect\n", select ? "de" : "");
+
+ return 0;
+}
+
+static uint32_t m25p80_transfer8(SSISlave *ss, uint32_t tx)
+{
+ Flash *s = FROM_SSI_SLAVE(Flash, ss);
+ uint32_t r = 0;
+
+ switch (s->state) {
+
+ case STATE_PAGE_PROGRAM:
+ DB_PRINT_L(1, "page program cur_addr=%#" PRIx64 " data=%" PRIx8 "\n",
+ s->cur_addr, (uint8_t)tx);
+ flash_write8(s, s->cur_addr, (uint8_t)tx);
+ s->cur_addr++;
+ break;
+
+ case STATE_READ:
+ r = s->storage[s->cur_addr];
+ DB_PRINT_L(1, "READ 0x%" PRIx64 "=%" PRIx8 "\n", s->cur_addr,
+ (uint8_t)r);
+ s->cur_addr = (s->cur_addr + 1) % s->size;
+ break;
+
+ case STATE_COLLECTING_DATA:
+ s->data[s->len] = (uint8_t)tx;
+ s->len++;
+
+ if (s->len == s->needed_bytes) {
+ complete_collecting_data(s);
+ }
+ break;
+
+ case STATE_READING_DATA:
+ r = s->data[s->pos];
+ s->pos++;
+ if (s->pos == s->len) {
+ s->pos = 0;
+ s->state = STATE_IDLE;
+ }
+ break;
+
+ default:
+ case STATE_IDLE:
+ decode_new_cmd(s, (uint8_t)tx);
+ break;
+ }
+
+ return r;
+}
+
+static int m25p80_init(SSISlave *ss)
+{
+ DriveInfo *dinfo;
+ Flash *s = FROM_SSI_SLAVE(Flash, ss);
+ M25P80Class *mc = M25P80_GET_CLASS(s);
+
+ s->pi = mc->pi;
+
+ s->size = s->pi->sector_size * s->pi->n_sectors;
+ s->dirty_page = -1;
+ s->storage = qemu_blockalign(s->bdrv, s->size);
+
+ dinfo = drive_get_next(IF_MTD);
+
+ if (dinfo && dinfo->bdrv) {
+ DB_PRINT_L(0, "Binding to IF_MTD drive\n");
+ s->bdrv = dinfo->bdrv;
+ /* FIXME: Move to late init */
+ if (bdrv_read(s->bdrv, 0, s->storage, DIV_ROUND_UP(s->size,
+ BDRV_SECTOR_SIZE))) {
+ fprintf(stderr, "Failed to initialize SPI flash!\n");
+ return 1;
+ }
+ } else {
+ DB_PRINT_L(0, "No BDRV - binding to RAM\n");
+ memset(s->storage, 0xFF, s->size);
+ }
+
+ return 0;
+}
+
+static void m25p80_pre_save(void *opaque)
+{
+ flash_sync_dirty((Flash *)opaque, -1);
+}
+
+static const VMStateDescription vmstate_m25p80 = {
+ .name = "xilinx_spi",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .minimum_version_id_old = 1,
+ .pre_save = m25p80_pre_save,
+ .fields = (VMStateField[]) {
+ VMSTATE_UINT8(state, Flash),
+ VMSTATE_UINT8_ARRAY(data, Flash, 16),
+ VMSTATE_UINT32(len, Flash),
+ VMSTATE_UINT32(pos, Flash),
+ VMSTATE_UINT8(needed_bytes, Flash),
+ VMSTATE_UINT8(cmd_in_progress, Flash),
+ VMSTATE_UINT64(cur_addr, Flash),
+ VMSTATE_BOOL(write_enable, Flash),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+static void m25p80_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ SSISlaveClass *k = SSI_SLAVE_CLASS(klass);
+ M25P80Class *mc = M25P80_CLASS(klass);
+
+ k->init = m25p80_init;
+ k->transfer = m25p80_transfer8;
+ k->set_cs = m25p80_cs;
+ k->cs_polarity = SSI_CS_LOW;
+ dc->vmsd = &vmstate_m25p80;
+ mc->pi = data;
+}
+
+static const TypeInfo m25p80_info = {
+ .name = TYPE_M25P80,
+ .parent = TYPE_SSI_SLAVE,
+ .instance_size = sizeof(Flash),
+ .class_size = sizeof(M25P80Class),
+ .abstract = true,
+};
+
+static void m25p80_register_types(void)
+{
+ int i;
+
+ type_register_static(&m25p80_info);
+ for (i = 0; i < ARRAY_SIZE(known_devices); ++i) {
+ TypeInfo ti = {
+ .name = known_devices[i].part_name,
+ .parent = TYPE_M25P80,
+ .class_init = m25p80_class_init,
+ .class_data = (void *)&known_devices[i],
+ };
+ type_register(&ti);
+ }
+}
+
+type_init(m25p80_register_types)
diff --git a/hw/block/nand.c b/hw/block/nand.c
new file mode 100644
index 000000000..a871ce059
--- /dev/null
+++ b/hw/block/nand.c
@@ -0,0 +1,800 @@
+/*
+ * Flash NAND memory emulation. Based on "16M x 8 Bit NAND Flash
+ * Memory" datasheet for the KM29U128AT / K9F2808U0A chips from
+ * Samsung Electronic.
+ *
+ * Copyright (c) 2006 Openedhand Ltd.
+ * Written by Andrzej Zaborowski <balrog@zabor.org>
+ *
+ * Support for additional features based on "MT29F2G16ABCWP 2Gx16"
+ * datasheet from Micron Technology and "NAND02G-B2C" datasheet
+ * from ST Microelectronics.
+ *
+ * This code is licensed under the GNU GPL v2.
+ *
+ * Contributions after 2012-01-13 are licensed under the terms of the
+ * GNU GPL, version 2 or (at your option) any later version.
+ */
+
+#ifndef NAND_IO
+
+# include "hw/hw.h"
+# include "hw/block/flash.h"
+# include "sysemu/blockdev.h"
+#include "hw/qdev.h"
+#include "qemu/error-report.h"
+
+# define NAND_CMD_READ0 0x00
+# define NAND_CMD_READ1 0x01
+# define NAND_CMD_READ2 0x50
+# define NAND_CMD_LPREAD2 0x30
+# define NAND_CMD_NOSERIALREAD2 0x35
+# define NAND_CMD_RANDOMREAD1 0x05
+# define NAND_CMD_RANDOMREAD2 0xe0
+# define NAND_CMD_READID 0x90
+# define NAND_CMD_RESET 0xff
+# define NAND_CMD_PAGEPROGRAM1 0x80
+# define NAND_CMD_PAGEPROGRAM2 0x10
+# define NAND_CMD_CACHEPROGRAM2 0x15
+# define NAND_CMD_BLOCKERASE1 0x60
+# define NAND_CMD_BLOCKERASE2 0xd0
+# define NAND_CMD_READSTATUS 0x70
+# define NAND_CMD_COPYBACKPRG1 0x85
+
+# define NAND_IOSTATUS_ERROR (1 << 0)
+# define NAND_IOSTATUS_PLANE0 (1 << 1)
+# define NAND_IOSTATUS_PLANE1 (1 << 2)
+# define NAND_IOSTATUS_PLANE2 (1 << 3)
+# define NAND_IOSTATUS_PLANE3 (1 << 4)
+# define NAND_IOSTATUS_READY (1 << 6)
+# define NAND_IOSTATUS_UNPROTCT (1 << 7)
+
+# define MAX_PAGE 0x800
+# define MAX_OOB 0x40
+
+typedef struct NANDFlashState NANDFlashState;
+struct NANDFlashState {
+ DeviceState parent_obj;
+
+ uint8_t manf_id, chip_id;
+ uint8_t buswidth; /* in BYTES */
+ int size, pages;
+ int page_shift, oob_shift, erase_shift, addr_shift;
+ uint8_t *storage;
+ BlockDriverState *bdrv;
+ int mem_oob;
+
+ uint8_t cle, ale, ce, wp, gnd;
+
+ uint8_t io[MAX_PAGE + MAX_OOB + 0x400];
+ uint8_t *ioaddr;
+ int iolen;
+
+ uint32_t cmd;
+ uint64_t addr;
+ int addrlen;
+ int status;
+ int offset;
+
+ void (*blk_write)(NANDFlashState *s);
+ void (*blk_erase)(NANDFlashState *s);
+ void (*blk_load)(NANDFlashState *s, uint64_t addr, int offset);
+
+ uint32_t ioaddr_vmstate;
+};
+
+#define TYPE_NAND "nand"
+
+#define NAND(obj) \
+ OBJECT_CHECK(NANDFlashState, (obj), TYPE_NAND)
+
+static void mem_and(uint8_t *dest, const uint8_t *src, size_t n)
+{
+ /* Like memcpy() but we logical-AND the data into the destination */
+ int i;
+ for (i = 0; i < n; i++) {
+ dest[i] &= src[i];
+ }
+}
+
+# define NAND_NO_AUTOINCR 0x00000001
+# define NAND_BUSWIDTH_16 0x00000002
+# define NAND_NO_PADDING 0x00000004
+# define NAND_CACHEPRG 0x00000008
+# define NAND_COPYBACK 0x00000010
+# define NAND_IS_AND 0x00000020
+# define NAND_4PAGE_ARRAY 0x00000040
+# define NAND_NO_READRDY 0x00000100
+# define NAND_SAMSUNG_LP (NAND_NO_PADDING | NAND_COPYBACK)
+
+# define NAND_IO
+
+# define PAGE(addr) ((addr) >> ADDR_SHIFT)
+# define PAGE_START(page) (PAGE(page) * (PAGE_SIZE + OOB_SIZE))
+# define PAGE_MASK ((1 << ADDR_SHIFT) - 1)
+# define OOB_SHIFT (PAGE_SHIFT - 5)
+# define OOB_SIZE (1 << OOB_SHIFT)
+# define SECTOR(addr) ((addr) >> (9 + ADDR_SHIFT - PAGE_SHIFT))
+# define SECTOR_OFFSET(addr) ((addr) & ((511 >> PAGE_SHIFT) << 8))
+
+# define PAGE_SIZE 256
+# define PAGE_SHIFT 8
+# define PAGE_SECTORS 1
+# define ADDR_SHIFT 8
+# include "nand.c"
+# define PAGE_SIZE 512
+# define PAGE_SHIFT 9
+# define PAGE_SECTORS 1
+# define ADDR_SHIFT 8
+# include "nand.c"
+# define PAGE_SIZE 2048
+# define PAGE_SHIFT 11
+# define PAGE_SECTORS 4
+# define ADDR_SHIFT 16
+# include "nand.c"
+
+/* Information based on Linux drivers/mtd/nand/nand_ids.c */
+static const struct {
+ int size;
+ int width;
+ int page_shift;
+ int erase_shift;
+ uint32_t options;
+} nand_flash_ids[0x100] = {
+ [0 ... 0xff] = { 0 },
+
+ [0x6e] = { 1, 8, 8, 4, 0 },
+ [0x64] = { 2, 8, 8, 4, 0 },
+ [0x6b] = { 4, 8, 9, 4, 0 },
+ [0xe8] = { 1, 8, 8, 4, 0 },
+ [0xec] = { 1, 8, 8, 4, 0 },
+ [0xea] = { 2, 8, 8, 4, 0 },
+ [0xd5] = { 4, 8, 9, 4, 0 },
+ [0xe3] = { 4, 8, 9, 4, 0 },
+ [0xe5] = { 4, 8, 9, 4, 0 },
+ [0xd6] = { 8, 8, 9, 4, 0 },
+
+ [0x39] = { 8, 8, 9, 4, 0 },
+ [0xe6] = { 8, 8, 9, 4, 0 },
+ [0x49] = { 8, 16, 9, 4, NAND_BUSWIDTH_16 },
+ [0x59] = { 8, 16, 9, 4, NAND_BUSWIDTH_16 },
+
+ [0x33] = { 16, 8, 9, 5, 0 },
+ [0x73] = { 16, 8, 9, 5, 0 },
+ [0x43] = { 16, 16, 9, 5, NAND_BUSWIDTH_16 },
+ [0x53] = { 16, 16, 9, 5, NAND_BUSWIDTH_16 },
+
+ [0x35] = { 32, 8, 9, 5, 0 },
+ [0x75] = { 32, 8, 9, 5, 0 },
+ [0x45] = { 32, 16, 9, 5, NAND_BUSWIDTH_16 },
+ [0x55] = { 32, 16, 9, 5, NAND_BUSWIDTH_16 },
+
+ [0x36] = { 64, 8, 9, 5, 0 },
+ [0x76] = { 64, 8, 9, 5, 0 },
+ [0x46] = { 64, 16, 9, 5, NAND_BUSWIDTH_16 },
+ [0x56] = { 64, 16, 9, 5, NAND_BUSWIDTH_16 },
+
+ [0x78] = { 128, 8, 9, 5, 0 },
+ [0x39] = { 128, 8, 9, 5, 0 },
+ [0x79] = { 128, 8, 9, 5, 0 },
+ [0x72] = { 128, 16, 9, 5, NAND_BUSWIDTH_16 },
+ [0x49] = { 128, 16, 9, 5, NAND_BUSWIDTH_16 },
+ [0x74] = { 128, 16, 9, 5, NAND_BUSWIDTH_16 },
+ [0x59] = { 128, 16, 9, 5, NAND_BUSWIDTH_16 },
+
+ [0x71] = { 256, 8, 9, 5, 0 },
+
+ /*
+ * These are the new chips with large page size. The pagesize and the
+ * erasesize is determined from the extended id bytes
+ */
+# define LP_OPTIONS (NAND_SAMSUNG_LP | NAND_NO_READRDY | NAND_NO_AUTOINCR)
+# define LP_OPTIONS16 (LP_OPTIONS | NAND_BUSWIDTH_16)
+
+ /* 512 Megabit */
+ [0xa2] = { 64, 8, 0, 0, LP_OPTIONS },
+ [0xf2] = { 64, 8, 0, 0, LP_OPTIONS },
+ [0xb2] = { 64, 16, 0, 0, LP_OPTIONS16 },
+ [0xc2] = { 64, 16, 0, 0, LP_OPTIONS16 },
+
+ /* 1 Gigabit */
+ [0xa1] = { 128, 8, 0, 0, LP_OPTIONS },
+ [0xf1] = { 128, 8, 0, 0, LP_OPTIONS },
+ [0xb1] = { 128, 16, 0, 0, LP_OPTIONS16 },
+ [0xc1] = { 128, 16, 0, 0, LP_OPTIONS16 },
+
+ /* 2 Gigabit */
+ [0xaa] = { 256, 8, 0, 0, LP_OPTIONS },
+ [0xda] = { 256, 8, 0, 0, LP_OPTIONS },
+ [0xba] = { 256, 16, 0, 0, LP_OPTIONS16 },
+ [0xca] = { 256, 16, 0, 0, LP_OPTIONS16 },
+
+ /* 4 Gigabit */
+ [0xac] = { 512, 8, 0, 0, LP_OPTIONS },
+ [0xdc] = { 512, 8, 0, 0, LP_OPTIONS },
+ [0xbc] = { 512, 16, 0, 0, LP_OPTIONS16 },
+ [0xcc] = { 512, 16, 0, 0, LP_OPTIONS16 },
+
+ /* 8 Gigabit */
+ [0xa3] = { 1024, 8, 0, 0, LP_OPTIONS },
+ [0xd3] = { 1024, 8, 0, 0, LP_OPTIONS },
+ [0xb3] = { 1024, 16, 0, 0, LP_OPTIONS16 },
+ [0xc3] = { 1024, 16, 0, 0, LP_OPTIONS16 },
+
+ /* 16 Gigabit */
+ [0xa5] = { 2048, 8, 0, 0, LP_OPTIONS },
+ [0xd5] = { 2048, 8, 0, 0, LP_OPTIONS },
+ [0xb5] = { 2048, 16, 0, 0, LP_OPTIONS16 },
+ [0xc5] = { 2048, 16, 0, 0, LP_OPTIONS16 },
+};
+
+static void nand_reset(DeviceState *dev)
+{
+ NANDFlashState *s = NAND(dev);
+ s->cmd = NAND_CMD_READ0;
+ s->addr = 0;
+ s->addrlen = 0;
+ s->iolen = 0;
+ s->offset = 0;
+ s->status &= NAND_IOSTATUS_UNPROTCT;
+ s->status |= NAND_IOSTATUS_READY;
+}
+
+static inline void nand_pushio_byte(NANDFlashState *s, uint8_t value)
+{
+ s->ioaddr[s->iolen++] = value;
+ for (value = s->buswidth; --value;) {
+ s->ioaddr[s->iolen++] = 0;
+ }
+}
+
+static void nand_command(NANDFlashState *s)
+{
+ unsigned int offset;
+ switch (s->cmd) {
+ case NAND_CMD_READ0:
+ s->iolen = 0;
+ break;
+
+ case NAND_CMD_READID:
+ s->ioaddr = s->io;
+ s->iolen = 0;
+ nand_pushio_byte(s, s->manf_id);
+ nand_pushio_byte(s, s->chip_id);
+ nand_pushio_byte(s, 'Q'); /* Don't-care byte (often 0xa5) */
+ if (nand_flash_ids[s->chip_id].options & NAND_SAMSUNG_LP) {
+ /* Page Size, Block Size, Spare Size; bit 6 indicates
+ * 8 vs 16 bit width NAND.
+ */
+ nand_pushio_byte(s, (s->buswidth == 2) ? 0x55 : 0x15);
+ } else {
+ nand_pushio_byte(s, 0xc0); /* Multi-plane */
+ }
+ break;
+
+ case NAND_CMD_RANDOMREAD2:
+ case NAND_CMD_NOSERIALREAD2:
+ if (!(nand_flash_ids[s->chip_id].options & NAND_SAMSUNG_LP))
+ break;
+ offset = s->addr & ((1 << s->addr_shift) - 1);
+ s->blk_load(s, s->addr, offset);
+ if (s->gnd)
+ s->iolen = (1 << s->page_shift) - offset;
+ else
+ s->iolen = (1 << s->page_shift) + (1 << s->oob_shift) - offset;
+ break;
+
+ case NAND_CMD_RESET:
+ nand_reset(DEVICE(s));
+ break;
+
+ case NAND_CMD_PAGEPROGRAM1:
+ s->ioaddr = s->io;
+ s->iolen = 0;
+ break;
+
+ case NAND_CMD_PAGEPROGRAM2:
+ if (s->wp) {
+ s->blk_write(s);
+ }
+ break;
+
+ case NAND_CMD_BLOCKERASE1:
+ break;
+
+ case NAND_CMD_BLOCKERASE2:
+ s->addr &= (1ull << s->addrlen * 8) - 1;
+ s->addr <<= nand_flash_ids[s->chip_id].options & NAND_SAMSUNG_LP ?
+ 16 : 8;
+
+ if (s->wp) {
+ s->blk_erase(s);
+ }
+ break;
+
+ case NAND_CMD_READSTATUS:
+ s->ioaddr = s->io;
+ s->iolen = 0;
+ nand_pushio_byte(s, s->status);
+ break;
+
+ default:
+ printf("%s: Unknown NAND command 0x%02x\n", __FUNCTION__, s->cmd);
+ }
+}
+
+static void nand_pre_save(void *opaque)
+{
+ NANDFlashState *s = NAND(opaque);
+
+ s->ioaddr_vmstate = s->ioaddr - s->io;
+}
+
+static int nand_post_load(void *opaque, int version_id)
+{
+ NANDFlashState *s = NAND(opaque);
+
+ if (s->ioaddr_vmstate > sizeof(s->io)) {
+ return -EINVAL;
+ }
+ s->ioaddr = s->io + s->ioaddr_vmstate;
+
+ return 0;
+}
+
+static const VMStateDescription vmstate_nand = {
+ .name = "nand",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .minimum_version_id_old = 1,
+ .pre_save = nand_pre_save,
+ .post_load = nand_post_load,
+ .fields = (VMStateField[]) {
+ VMSTATE_UINT8(cle, NANDFlashState),
+ VMSTATE_UINT8(ale, NANDFlashState),
+ VMSTATE_UINT8(ce, NANDFlashState),
+ VMSTATE_UINT8(wp, NANDFlashState),
+ VMSTATE_UINT8(gnd, NANDFlashState),
+ VMSTATE_BUFFER(io, NANDFlashState),
+ VMSTATE_UINT32(ioaddr_vmstate, NANDFlashState),
+ VMSTATE_INT32(iolen, NANDFlashState),
+ VMSTATE_UINT32(cmd, NANDFlashState),
+ VMSTATE_UINT64(addr, NANDFlashState),
+ VMSTATE_INT32(addrlen, NANDFlashState),
+ VMSTATE_INT32(status, NANDFlashState),
+ VMSTATE_INT32(offset, NANDFlashState),
+ /* XXX: do we want to save s->storage too? */
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+static void nand_realize(DeviceState *dev, Error **errp)
+{
+ int pagesize;
+ NANDFlashState *s = NAND(dev);
+
+ s->buswidth = nand_flash_ids[s->chip_id].width >> 3;
+ s->size = nand_flash_ids[s->chip_id].size << 20;
+ if (nand_flash_ids[s->chip_id].options & NAND_SAMSUNG_LP) {
+ s->page_shift = 11;
+ s->erase_shift = 6;
+ } else {
+ s->page_shift = nand_flash_ids[s->chip_id].page_shift;
+ s->erase_shift = nand_flash_ids[s->chip_id].erase_shift;
+ }
+
+ switch (1 << s->page_shift) {
+ case 256:
+ nand_init_256(s);
+ break;
+ case 512:
+ nand_init_512(s);
+ break;
+ case 2048:
+ nand_init_2048(s);
+ break;
+ default:
+ error_setg(errp, "Unsupported NAND block size %#x\n",
+ 1 << s->page_shift);
+ return;
+ }
+
+ pagesize = 1 << s->oob_shift;
+ s->mem_oob = 1;
+ if (s->bdrv) {
+ if (bdrv_is_read_only(s->bdrv)) {
+ error_setg(errp, "Can't use a read-only drive");
+ return;
+ }
+ if (bdrv_getlength(s->bdrv) >=
+ (s->pages << s->page_shift) + (s->pages << s->oob_shift)) {
+ pagesize = 0;
+ s->mem_oob = 0;
+ }
+ } else {
+ pagesize += 1 << s->page_shift;
+ }
+ if (pagesize) {
+ s->storage = (uint8_t *) memset(g_malloc(s->pages * pagesize),
+ 0xff, s->pages * pagesize);
+ }
+ /* Give s->ioaddr a sane value in case we save state before it is used. */
+ s->ioaddr = s->io;
+}
+
+static Property nand_properties[] = {
+ DEFINE_PROP_UINT8("manufacturer_id", NANDFlashState, manf_id, 0),
+ DEFINE_PROP_UINT8("chip_id", NANDFlashState, chip_id, 0),
+ DEFINE_PROP_DRIVE("drive", NANDFlashState, bdrv),
+ DEFINE_PROP_END_OF_LIST(),
+};
+
+static void nand_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+
+ dc->realize = nand_realize;
+ dc->reset = nand_reset;
+ dc->vmsd = &vmstate_nand;
+ dc->props = nand_properties;
+}
+
+static const TypeInfo nand_info = {
+ .name = TYPE_NAND,
+ .parent = TYPE_DEVICE,
+ .instance_size = sizeof(NANDFlashState),
+ .class_init = nand_class_init,
+};
+
+static void nand_register_types(void)
+{
+ type_register_static(&nand_info);
+}
+
+/*
+ * Chip inputs are CLE, ALE, CE, WP, GND and eight I/O pins. Chip
+ * outputs are R/B and eight I/O pins.
+ *
+ * CE, WP and R/B are active low.
+ */
+void nand_setpins(DeviceState *dev, uint8_t cle, uint8_t ale,
+ uint8_t ce, uint8_t wp, uint8_t gnd)
+{
+ NANDFlashState *s = NAND(dev);
+
+ s->cle = cle;
+ s->ale = ale;
+ s->ce = ce;
+ s->wp = wp;
+ s->gnd = gnd;
+ if (wp) {
+ s->status |= NAND_IOSTATUS_UNPROTCT;
+ } else {
+ s->status &= ~NAND_IOSTATUS_UNPROTCT;
+ }
+}
+
+void nand_getpins(DeviceState *dev, int *rb)
+{
+ *rb = 1;
+}
+
+void nand_setio(DeviceState *dev, uint32_t value)
+{
+ int i;
+ NANDFlashState *s = NAND(dev);
+
+ if (!s->ce && s->cle) {
+ if (nand_flash_ids[s->chip_id].options & NAND_SAMSUNG_LP) {
+ if (s->cmd == NAND_CMD_READ0 && value == NAND_CMD_LPREAD2)
+ return;
+ if (value == NAND_CMD_RANDOMREAD1) {
+ s->addr &= ~((1 << s->addr_shift) - 1);
+ s->addrlen = 0;
+ return;
+ }
+ }
+ if (value == NAND_CMD_READ0) {
+ s->offset = 0;
+ } else if (value == NAND_CMD_READ1) {
+ s->offset = 0x100;
+ value = NAND_CMD_READ0;
+ } else if (value == NAND_CMD_READ2) {
+ s->offset = 1 << s->page_shift;
+ value = NAND_CMD_READ0;
+ }
+
+ s->cmd = value;
+
+ if (s->cmd == NAND_CMD_READSTATUS ||
+ s->cmd == NAND_CMD_PAGEPROGRAM2 ||
+ s->cmd == NAND_CMD_BLOCKERASE1 ||
+ s->cmd == NAND_CMD_BLOCKERASE2 ||
+ s->cmd == NAND_CMD_NOSERIALREAD2 ||
+ s->cmd == NAND_CMD_RANDOMREAD2 ||
+ s->cmd == NAND_CMD_RESET) {
+ nand_command(s);
+ }
+
+ if (s->cmd != NAND_CMD_RANDOMREAD2) {
+ s->addrlen = 0;
+ }
+ }
+
+ if (s->ale) {
+ unsigned int shift = s->addrlen * 8;
+ unsigned int mask = ~(0xff << shift);
+ unsigned int v = value << shift;
+
+ s->addr = (s->addr & mask) | v;
+ s->addrlen ++;
+
+ switch (s->addrlen) {
+ case 1:
+ if (s->cmd == NAND_CMD_READID) {
+ nand_command(s);
+ }
+ break;
+ case 2: /* fix cache address as a byte address */
+ s->addr <<= (s->buswidth - 1);
+ break;
+ case 3:
+ if (!(nand_flash_ids[s->chip_id].options & NAND_SAMSUNG_LP) &&
+ (s->cmd == NAND_CMD_READ0 ||
+ s->cmd == NAND_CMD_PAGEPROGRAM1)) {
+ nand_command(s);
+ }
+ break;
+ case 4:
+ if ((nand_flash_ids[s->chip_id].options & NAND_SAMSUNG_LP) &&
+ nand_flash_ids[s->chip_id].size < 256 && /* 1Gb or less */
+ (s->cmd == NAND_CMD_READ0 ||
+ s->cmd == NAND_CMD_PAGEPROGRAM1)) {
+ nand_command(s);
+ }
+ break;
+ case 5:
+ if ((nand_flash_ids[s->chip_id].options & NAND_SAMSUNG_LP) &&
+ nand_flash_ids[s->chip_id].size >= 256 && /* 2Gb or more */
+ (s->cmd == NAND_CMD_READ0 ||
+ s->cmd == NAND_CMD_PAGEPROGRAM1)) {
+ nand_command(s);
+ }
+ break;
+ default:
+ break;
+ }
+ }
+
+ if (!s->cle && !s->ale && s->cmd == NAND_CMD_PAGEPROGRAM1) {
+ if (s->iolen < (1 << s->page_shift) + (1 << s->oob_shift)) {
+ for (i = s->buswidth; i--; value >>= 8) {
+ s->io[s->iolen ++] = (uint8_t) (value & 0xff);
+ }
+ }
+ } else if (!s->cle && !s->ale && s->cmd == NAND_CMD_COPYBACKPRG1) {
+ if ((s->addr & ((1 << s->addr_shift) - 1)) <
+ (1 << s->page_shift) + (1 << s->oob_shift)) {
+ for (i = s->buswidth; i--; s->addr++, value >>= 8) {
+ s->io[s->iolen + (s->addr & ((1 << s->addr_shift) - 1))] =
+ (uint8_t) (value & 0xff);
+ }
+ }
+ }
+}
+
+uint32_t nand_getio(DeviceState *dev)
+{
+ int offset;
+ uint32_t x = 0;
+ NANDFlashState *s = NAND(dev);
+
+ /* Allow sequential reading */
+ if (!s->iolen && s->cmd == NAND_CMD_READ0) {
+ offset = (int) (s->addr & ((1 << s->addr_shift) - 1)) + s->offset;
+ s->offset = 0;
+
+ s->blk_load(s, s->addr, offset);
+ if (s->gnd)
+ s->iolen = (1 << s->page_shift) - offset;
+ else
+ s->iolen = (1 << s->page_shift) + (1 << s->oob_shift) - offset;
+ }
+
+ if (s->ce || s->iolen <= 0) {
+ return 0;
+ }
+
+ for (offset = s->buswidth; offset--;) {
+ x |= s->ioaddr[offset] << (offset << 3);
+ }
+ /* after receiving READ STATUS command all subsequent reads will
+ * return the status register value until another command is issued
+ */
+ if (s->cmd != NAND_CMD_READSTATUS) {
+ s->addr += s->buswidth;
+ s->ioaddr += s->buswidth;
+ s->iolen -= s->buswidth;
+ }
+ return x;
+}
+
+uint32_t nand_getbuswidth(DeviceState *dev)
+{
+ NANDFlashState *s = (NANDFlashState *) dev;
+ return s->buswidth << 3;
+}
+
+DeviceState *nand_init(BlockDriverState *bdrv, int manf_id, int chip_id)
+{
+ DeviceState *dev;
+
+ if (nand_flash_ids[chip_id].size == 0) {
+ hw_error("%s: Unsupported NAND chip ID.\n", __FUNCTION__);
+ }
+ dev = qdev_create(NULL, "nand");
+ qdev_prop_set_uint8(dev, "manufacturer_id", manf_id);
+ qdev_prop_set_uint8(dev, "chip_id", chip_id);
+ if (bdrv) {
+ qdev_prop_set_drive_nofail(dev, "drive", bdrv);
+ }
+
+ qdev_init_nofail(dev);
+ return dev;
+}
+
+type_init(nand_register_types)
+
+#else
+
+/* Program a single page */
+static void glue(nand_blk_write_, PAGE_SIZE)(NANDFlashState *s)
+{
+ uint64_t off, page, sector, soff;
+ uint8_t iobuf[(PAGE_SECTORS + 2) * 0x200];
+ if (PAGE(s->addr) >= s->pages)
+ return;
+
+ if (!s->bdrv) {
+ mem_and(s->storage + PAGE_START(s->addr) + (s->addr & PAGE_MASK) +
+ s->offset, s->io, s->iolen);
+ } else if (s->mem_oob) {
+ sector = SECTOR(s->addr);
+ off = (s->addr & PAGE_MASK) + s->offset;
+ soff = SECTOR_OFFSET(s->addr);
+ if (bdrv_read(s->bdrv, sector, iobuf, PAGE_SECTORS) < 0) {
+ printf("%s: read error in sector %" PRIu64 "\n", __func__, sector);
+ return;
+ }
+
+ mem_and(iobuf + (soff | off), s->io, MIN(s->iolen, PAGE_SIZE - off));
+ if (off + s->iolen > PAGE_SIZE) {
+ page = PAGE(s->addr);
+ mem_and(s->storage + (page << OOB_SHIFT), s->io + PAGE_SIZE - off,
+ MIN(OOB_SIZE, off + s->iolen - PAGE_SIZE));
+ }
+
+ if (bdrv_write(s->bdrv, sector, iobuf, PAGE_SECTORS) < 0) {
+ printf("%s: write error in sector %" PRIu64 "\n", __func__, sector);
+ }
+ } else {
+ off = PAGE_START(s->addr) + (s->addr & PAGE_MASK) + s->offset;
+ sector = off >> 9;
+ soff = off & 0x1ff;
+ if (bdrv_read(s->bdrv, sector, iobuf, PAGE_SECTORS + 2) < 0) {
+ printf("%s: read error in sector %" PRIu64 "\n", __func__, sector);
+ return;
+ }
+
+ mem_and(iobuf + soff, s->io, s->iolen);
+
+ if (bdrv_write(s->bdrv, sector, iobuf, PAGE_SECTORS + 2) < 0) {
+ printf("%s: write error in sector %" PRIu64 "\n", __func__, sector);
+ }
+ }
+ s->offset = 0;
+}
+
+/* Erase a single block */
+static void glue(nand_blk_erase_, PAGE_SIZE)(NANDFlashState *s)
+{
+ uint64_t i, page, addr;
+ uint8_t iobuf[0x200] = { [0 ... 0x1ff] = 0xff, };
+ addr = s->addr & ~((1 << (ADDR_SHIFT + s->erase_shift)) - 1);
+
+ if (PAGE(addr) >= s->pages) {
+ return;
+ }
+
+ if (!s->bdrv) {
+ memset(s->storage + PAGE_START(addr),
+ 0xff, (PAGE_SIZE + OOB_SIZE) << s->erase_shift);
+ } else if (s->mem_oob) {
+ memset(s->storage + (PAGE(addr) << OOB_SHIFT),
+ 0xff, OOB_SIZE << s->erase_shift);
+ i = SECTOR(addr);
+ page = SECTOR(addr + (ADDR_SHIFT + s->erase_shift));
+ for (; i < page; i ++)
+ if (bdrv_write(s->bdrv, i, iobuf, 1) < 0) {
+ printf("%s: write error in sector %" PRIu64 "\n", __func__, i);
+ }
+ } else {
+ addr = PAGE_START(addr);
+ page = addr >> 9;
+ if (bdrv_read(s->bdrv, page, iobuf, 1) < 0) {
+ printf("%s: read error in sector %" PRIu64 "\n", __func__, page);
+ }
+ memset(iobuf + (addr & 0x1ff), 0xff, (~addr & 0x1ff) + 1);
+ if (bdrv_write(s->bdrv, page, iobuf, 1) < 0) {
+ printf("%s: write error in sector %" PRIu64 "\n", __func__, page);
+ }
+
+ memset(iobuf, 0xff, 0x200);
+ i = (addr & ~0x1ff) + 0x200;
+ for (addr += ((PAGE_SIZE + OOB_SIZE) << s->erase_shift) - 0x200;
+ i < addr; i += 0x200) {
+ if (bdrv_write(s->bdrv, i >> 9, iobuf, 1) < 0) {
+ printf("%s: write error in sector %" PRIu64 "\n",
+ __func__, i >> 9);
+ }
+ }
+
+ page = i >> 9;
+ if (bdrv_read(s->bdrv, page, iobuf, 1) < 0) {
+ printf("%s: read error in sector %" PRIu64 "\n", __func__, page);
+ }
+ memset(iobuf, 0xff, ((addr - 1) & 0x1ff) + 1);
+ if (bdrv_write(s->bdrv, page, iobuf, 1) < 0) {
+ printf("%s: write error in sector %" PRIu64 "\n", __func__, page);
+ }
+ }
+}
+
+static void glue(nand_blk_load_, PAGE_SIZE)(NANDFlashState *s,
+ uint64_t addr, int offset)
+{
+ if (PAGE(addr) >= s->pages) {
+ return;
+ }
+
+ if (s->bdrv) {
+ if (s->mem_oob) {
+ if (bdrv_read(s->bdrv, SECTOR(addr), s->io, PAGE_SECTORS) < 0) {
+ printf("%s: read error in sector %" PRIu64 "\n",
+ __func__, SECTOR(addr));
+ }
+ memcpy(s->io + SECTOR_OFFSET(s->addr) + PAGE_SIZE,
+ s->storage + (PAGE(s->addr) << OOB_SHIFT),
+ OOB_SIZE);
+ s->ioaddr = s->io + SECTOR_OFFSET(s->addr) + offset;
+ } else {
+ if (bdrv_read(s->bdrv, PAGE_START(addr) >> 9,
+ s->io, (PAGE_SECTORS + 2)) < 0) {
+ printf("%s: read error in sector %" PRIu64 "\n",
+ __func__, PAGE_START(addr) >> 9);
+ }
+ s->ioaddr = s->io + (PAGE_START(addr) & 0x1ff) + offset;
+ }
+ } else {
+ memcpy(s->io, s->storage + PAGE_START(s->addr) +
+ offset, PAGE_SIZE + OOB_SIZE - offset);
+ s->ioaddr = s->io;
+ }
+}
+
+static void glue(nand_init_, PAGE_SIZE)(NANDFlashState *s)
+{
+ s->oob_shift = PAGE_SHIFT - 5;
+ s->pages = s->size >> PAGE_SHIFT;
+ s->addr_shift = ADDR_SHIFT;
+
+ s->blk_erase = glue(nand_blk_erase_, PAGE_SIZE);
+ s->blk_write = glue(nand_blk_write_, PAGE_SIZE);
+ s->blk_load = glue(nand_blk_load_, PAGE_SIZE);
+}
+
+# undef PAGE_SIZE
+# undef PAGE_SHIFT
+# undef PAGE_SECTORS
+# undef ADDR_SHIFT
+#endif /* NAND_IO */
diff --git a/hw/block/nvme.c b/hw/block/nvme.c
new file mode 100644
index 000000000..0263e5c63
--- /dev/null
+++ b/hw/block/nvme.c
@@ -0,0 +1,887 @@
+/*
+ * QEMU NVM Express Controller
+ *
+ * Copyright (c) 2012, Intel Corporation
+ *
+ * Written by Keith Busch <keith.busch@intel.com>
+ *
+ * This code is licensed under the GNU GPL v2 or later.
+ */
+
+/**
+ * Reference Specs: http://www.nvmexpress.org, 1.1, 1.0e
+ *
+ * http://www.nvmexpress.org/resources/
+ */
+
+/**
+ * Usage: add options:
+ * -drive file=<file>,if=none,id=<drive_id>
+ * -device nvme,drive=<drive_id>,serial=<serial>,id=<id[optional]>
+ */
+
+#include <hw/block/block.h>
+#include <hw/hw.h>
+#include <hw/pci/msix.h>
+#include <hw/pci/pci.h>
+
+#include "nvme.h"
+
+static void nvme_process_sq(void *opaque);
+
+static int nvme_check_sqid(NvmeCtrl *n, uint16_t sqid)
+{
+ return sqid < n->num_queues && n->sq[sqid] != NULL ? 0 : -1;
+}
+
+static int nvme_check_cqid(NvmeCtrl *n, uint16_t cqid)
+{
+ return cqid < n->num_queues && n->cq[cqid] != NULL ? 0 : -1;
+}
+
+static void nvme_inc_cq_tail(NvmeCQueue *cq)
+{
+ cq->tail++;
+ if (cq->tail >= cq->size) {
+ cq->tail = 0;
+ cq->phase = !cq->phase;
+ }
+}
+
+static void nvme_inc_sq_head(NvmeSQueue *sq)
+{
+ sq->head = (sq->head + 1) % sq->size;
+}
+
+static uint8_t nvme_cq_full(NvmeCQueue *cq)
+{
+ return (cq->tail + 1) % cq->size == cq->head;
+}
+
+static uint8_t nvme_sq_empty(NvmeSQueue *sq)
+{
+ return sq->head == sq->tail;
+}
+
+static void nvme_isr_notify(NvmeCtrl *n, NvmeCQueue *cq)
+{
+ if (cq->irq_enabled) {
+ if (msix_enabled(&(n->parent_obj))) {
+ msix_notify(&(n->parent_obj), cq->vector);
+ } else {
+ qemu_irq_pulse(n->parent_obj.irq[0]);
+ }
+ }
+}
+
+static uint16_t nvme_map_prp(QEMUSGList *qsg, uint64_t prp1, uint64_t prp2,
+ uint32_t len, NvmeCtrl *n)
+{
+ hwaddr trans_len = n->page_size - (prp1 % n->page_size);
+ trans_len = MIN(len, trans_len);
+ int num_prps = (len >> n->page_bits) + 1;
+
+ if (!prp1) {
+ return NVME_INVALID_FIELD | NVME_DNR;
+ }
+
+ pci_dma_sglist_init(qsg, &n->parent_obj, num_prps);
+ qemu_sglist_add(qsg, prp1, trans_len);
+ len -= trans_len;
+ if (len) {
+ if (!prp2) {
+ goto unmap;
+ }
+ if (len > n->page_size) {
+ uint64_t prp_list[n->max_prp_ents];
+ uint32_t nents, prp_trans;
+ int i = 0;
+
+ nents = (len + n->page_size - 1) >> n->page_bits;
+ prp_trans = MIN(n->max_prp_ents, nents) * sizeof(uint64_t);
+ pci_dma_read(&n->parent_obj, prp2, (void *)prp_list, prp_trans);
+ while (len != 0) {
+ uint64_t prp_ent = le64_to_cpu(prp_list[i]);
+
+ if (i == n->max_prp_ents - 1 && len > n->page_size) {
+ if (!prp_ent || prp_ent & (n->page_size - 1)) {
+ goto unmap;
+ }
+
+ i = 0;
+ nents = (len + n->page_size - 1) >> n->page_bits;
+ prp_trans = MIN(n->max_prp_ents, nents) * sizeof(uint64_t);
+ pci_dma_read(&n->parent_obj, prp_ent, (void *)prp_list,
+ prp_trans);
+ prp_ent = le64_to_cpu(prp_list[i]);
+ }
+
+ if (!prp_ent || prp_ent & (n->page_size - 1)) {
+ goto unmap;
+ }
+
+ trans_len = MIN(len, n->page_size);
+ qemu_sglist_add(qsg, prp_ent, trans_len);
+ len -= trans_len;
+ i++;
+ }
+ } else {
+ if (prp2 & (n->page_size - 1)) {
+ goto unmap;
+ }
+ qemu_sglist_add(qsg, prp2, len);
+ }
+ }
+ return NVME_SUCCESS;
+
+ unmap:
+ qemu_sglist_destroy(qsg);
+ return NVME_INVALID_FIELD | NVME_DNR;
+}
+
+static uint16_t nvme_dma_read_prp(NvmeCtrl *n, uint8_t *ptr, uint32_t len,
+ uint64_t prp1, uint64_t prp2)
+{
+ QEMUSGList qsg;
+
+ if (nvme_map_prp(&qsg, prp1, prp2, len, n)) {
+ return NVME_INVALID_FIELD | NVME_DNR;
+ }
+ if (dma_buf_read(ptr, len, &qsg)) {
+ qemu_sglist_destroy(&qsg);
+ return NVME_INVALID_FIELD | NVME_DNR;
+ }
+ return NVME_SUCCESS;
+}
+
+static void nvme_post_cqes(void *opaque)
+{
+ NvmeCQueue *cq = opaque;
+ NvmeCtrl *n = cq->ctrl;
+ NvmeRequest *req, *next;
+
+ QTAILQ_FOREACH_SAFE(req, &cq->req_list, entry, next) {
+ NvmeSQueue *sq;
+ hwaddr addr;
+
+ if (nvme_cq_full(cq)) {
+ break;
+ }
+
+ QTAILQ_REMOVE(&cq->req_list, req, entry);
+ sq = req->sq;
+ req->cqe.status = cpu_to_le16((req->status << 1) | cq->phase);
+ req->cqe.sq_id = cpu_to_le16(sq->sqid);
+ req->cqe.sq_head = cpu_to_le16(sq->head);
+ addr = cq->dma_addr + cq->tail * n->cqe_size;
+ nvme_inc_cq_tail(cq);
+ pci_dma_write(&n->parent_obj, addr, (void *)&req->cqe,
+ sizeof(req->cqe));
+ QTAILQ_INSERT_TAIL(&sq->req_list, req, entry);
+ }
+ nvme_isr_notify(n, cq);
+}
+
+static void nvme_enqueue_req_completion(NvmeCQueue *cq, NvmeRequest *req)
+{
+ assert(cq->cqid == req->sq->cqid);
+ QTAILQ_REMOVE(&req->sq->out_req_list, req, entry);
+ QTAILQ_INSERT_TAIL(&cq->req_list, req, entry);
+ qemu_mod_timer(cq->timer, qemu_get_clock_ns(vm_clock) + 500);
+}
+
+static void nvme_rw_cb(void *opaque, int ret)
+{
+ NvmeRequest *req = opaque;
+ NvmeSQueue *sq = req->sq;
+ NvmeCtrl *n = sq->ctrl;
+ NvmeCQueue *cq = n->cq[sq->cqid];
+
+ bdrv_acct_done(n->conf.bs, &req->acct);
+ if (!ret) {
+ req->status = NVME_SUCCESS;
+ } else {
+ req->status = NVME_INTERNAL_DEV_ERROR;
+ }
+
+ qemu_sglist_destroy(&req->qsg);
+ nvme_enqueue_req_completion(cq, req);
+}
+
+static uint16_t nvme_rw(NvmeCtrl *n, NvmeNamespace *ns, NvmeCmd *cmd,
+ NvmeRequest *req)
+{
+ NvmeRwCmd *rw = (NvmeRwCmd *)cmd;
+ uint32_t nlb = le32_to_cpu(rw->nlb) + 1;
+ uint64_t slba = le64_to_cpu(rw->slba);
+ uint64_t prp1 = le64_to_cpu(rw->prp1);
+ uint64_t prp2 = le64_to_cpu(rw->prp2);
+
+ uint8_t lba_index = NVME_ID_NS_FLBAS_INDEX(ns->id_ns.flbas);
+ uint8_t data_shift = ns->id_ns.lbaf[lba_index].ds;
+ uint64_t data_size = nlb << data_shift;
+ uint64_t aio_slba = slba << (data_shift - BDRV_SECTOR_BITS);
+ int is_write = rw->opcode == NVME_CMD_WRITE ? 1 : 0;
+
+ if ((slba + nlb) > ns->id_ns.nsze) {
+ return NVME_LBA_RANGE | NVME_DNR;
+ }
+ if (nvme_map_prp(&req->qsg, prp1, prp2, data_size, n)) {
+ return NVME_INVALID_FIELD | NVME_DNR;
+ }
+ assert((nlb << data_shift) == req->qsg.size);
+
+ dma_acct_start(n->conf.bs, &req->acct, &req->qsg, is_write ?
+ BDRV_ACCT_WRITE : BDRV_ACCT_READ);
+ req->aiocb = is_write ?
+ dma_bdrv_write(n->conf.bs, &req->qsg, aio_slba, nvme_rw_cb, req) :
+ dma_bdrv_read(n->conf.bs, &req->qsg, aio_slba, nvme_rw_cb, req);
+
+ return NVME_NO_COMPLETE;
+}
+
+static uint16_t nvme_io_cmd(NvmeCtrl *n, NvmeCmd *cmd, NvmeRequest *req)
+{
+ NvmeNamespace *ns;
+ uint32_t nsid = le32_to_cpu(cmd->nsid);
+
+ if (nsid == 0 || nsid > n->num_namespaces) {
+ return NVME_INVALID_NSID | NVME_DNR;
+ }
+
+ ns = &n->namespaces[nsid - 1];
+ switch (cmd->opcode) {
+ case NVME_CMD_FLUSH:
+ return NVME_SUCCESS;
+ case NVME_CMD_WRITE:
+ case NVME_CMD_READ:
+ return nvme_rw(n, ns, cmd, req);
+ default:
+ return NVME_INVALID_OPCODE | NVME_DNR;
+ }
+}
+
+static void nvme_free_sq(NvmeSQueue *sq, NvmeCtrl *n)
+{
+ n->sq[sq->sqid] = NULL;
+ qemu_del_timer(sq->timer);
+ qemu_free_timer(sq->timer);
+ g_free(sq->io_req);
+ if (sq->sqid) {
+ g_free(sq);
+ }
+}
+
+static uint16_t nvme_del_sq(NvmeCtrl *n, NvmeCmd *cmd)
+{
+ NvmeDeleteQ *c = (NvmeDeleteQ *)cmd;
+ NvmeRequest *req, *next;
+ NvmeSQueue *sq;
+ NvmeCQueue *cq;
+ uint16_t qid = le16_to_cpu(c->qid);
+
+ if (!qid || nvme_check_sqid(n, qid)) {
+ return NVME_INVALID_QID | NVME_DNR;
+ }
+
+ sq = n->sq[qid];
+ while (!QTAILQ_EMPTY(&sq->out_req_list)) {
+ req = QTAILQ_FIRST(&sq->out_req_list);
+ assert(req->aiocb);
+ bdrv_aio_cancel(req->aiocb);
+ }
+ if (!nvme_check_cqid(n, sq->cqid)) {
+ cq = n->cq[sq->cqid];
+ QTAILQ_REMOVE(&cq->sq_list, sq, entry);
+
+ nvme_post_cqes(cq);
+ QTAILQ_FOREACH_SAFE(req, &cq->req_list, entry, next) {
+ if (req->sq == sq) {
+ QTAILQ_REMOVE(&cq->req_list, req, entry);
+ QTAILQ_INSERT_TAIL(&sq->req_list, req, entry);
+ }
+ }
+ }
+
+ nvme_free_sq(sq, n);
+ return NVME_SUCCESS;
+}
+
+static void nvme_init_sq(NvmeSQueue *sq, NvmeCtrl *n, uint64_t dma_addr,
+ uint16_t sqid, uint16_t cqid, uint16_t size)
+{
+ int i;
+ NvmeCQueue *cq;
+
+ sq->ctrl = n;
+ sq->dma_addr = dma_addr;
+ sq->sqid = sqid;
+ sq->size = size;
+ sq->cqid = cqid;
+ sq->head = sq->tail = 0;
+ sq->io_req = g_malloc(sq->size * sizeof(*sq->io_req));
+
+ QTAILQ_INIT(&sq->req_list);
+ QTAILQ_INIT(&sq->out_req_list);
+ for (i = 0; i < sq->size; i++) {
+ sq->io_req[i].sq = sq;
+ QTAILQ_INSERT_TAIL(&(sq->req_list), &sq->io_req[i], entry);
+ }
+ sq->timer = qemu_new_timer_ns(vm_clock, nvme_process_sq, sq);
+
+ assert(n->cq[cqid]);
+ cq = n->cq[cqid];
+ QTAILQ_INSERT_TAIL(&(cq->sq_list), sq, entry);
+ n->sq[sqid] = sq;
+}
+
+static uint16_t nvme_create_sq(NvmeCtrl *n, NvmeCmd *cmd)
+{
+ NvmeSQueue *sq;
+ NvmeCreateSq *c = (NvmeCreateSq *)cmd;
+
+ uint16_t cqid = le16_to_cpu(c->cqid);
+ uint16_t sqid = le16_to_cpu(c->sqid);
+ uint16_t qsize = le16_to_cpu(c->qsize);
+ uint16_t qflags = le16_to_cpu(c->sq_flags);
+ uint64_t prp1 = le64_to_cpu(c->prp1);
+
+ if (!cqid || nvme_check_cqid(n, cqid)) {
+ return NVME_INVALID_CQID | NVME_DNR;
+ }
+ if (!sqid || (sqid && !nvme_check_sqid(n, sqid))) {
+ return NVME_INVALID_QID | NVME_DNR;
+ }
+ if (!qsize || qsize > NVME_CAP_MQES(n->bar.cap)) {
+ return NVME_MAX_QSIZE_EXCEEDED | NVME_DNR;
+ }
+ if (!prp1 || prp1 & (n->page_size - 1)) {
+ return NVME_INVALID_FIELD | NVME_DNR;
+ }
+ if (!(NVME_SQ_FLAGS_PC(qflags))) {
+ return NVME_INVALID_FIELD | NVME_DNR;
+ }
+ sq = g_malloc0(sizeof(*sq));
+ nvme_init_sq(sq, n, prp1, sqid, cqid, qsize + 1);
+ return NVME_SUCCESS;
+}
+
+static void nvme_free_cq(NvmeCQueue *cq, NvmeCtrl *n)
+{
+ n->cq[cq->cqid] = NULL;
+ qemu_del_timer(cq->timer);
+ qemu_free_timer(cq->timer);
+ msix_vector_unuse(&n->parent_obj, cq->vector);
+ if (cq->cqid) {
+ g_free(cq);
+ }
+}
+
+static uint16_t nvme_del_cq(NvmeCtrl *n, NvmeCmd *cmd)
+{
+ NvmeDeleteQ *c = (NvmeDeleteQ *)cmd;
+ NvmeCQueue *cq;
+ uint16_t qid = le16_to_cpu(c->qid);
+
+ if (!qid || nvme_check_cqid(n, qid)) {
+ return NVME_INVALID_CQID | NVME_DNR;
+ }
+
+ cq = n->cq[qid];
+ if (!QTAILQ_EMPTY(&cq->sq_list)) {
+ return NVME_INVALID_QUEUE_DEL;
+ }
+ nvme_free_cq(cq, n);
+ return NVME_SUCCESS;
+}
+
+static void nvme_init_cq(NvmeCQueue *cq, NvmeCtrl *n, uint64_t dma_addr,
+ uint16_t cqid, uint16_t vector, uint16_t size, uint16_t irq_enabled)
+{
+ cq->ctrl = n;
+ cq->cqid = cqid;
+ cq->size = size;
+ cq->dma_addr = dma_addr;
+ cq->phase = 1;
+ cq->irq_enabled = irq_enabled;
+ cq->vector = vector;
+ cq->head = cq->tail = 0;
+ QTAILQ_INIT(&cq->req_list);
+ QTAILQ_INIT(&cq->sq_list);
+ msix_vector_use(&n->parent_obj, cq->vector);
+ n->cq[cqid] = cq;
+ cq->timer = qemu_new_timer_ns(vm_clock, nvme_post_cqes, cq);
+}
+
+static uint16_t nvme_create_cq(NvmeCtrl *n, NvmeCmd *cmd)
+{
+ NvmeCQueue *cq;
+ NvmeCreateCq *c = (NvmeCreateCq *)cmd;
+ uint16_t cqid = le16_to_cpu(c->cqid);
+ uint16_t vector = le16_to_cpu(c->irq_vector);
+ uint16_t qsize = le16_to_cpu(c->qsize);
+ uint16_t qflags = le16_to_cpu(c->cq_flags);
+ uint64_t prp1 = le64_to_cpu(c->prp1);
+
+ if (!cqid || (cqid && !nvme_check_cqid(n, cqid))) {
+ return NVME_INVALID_CQID | NVME_DNR;
+ }
+ if (!qsize || qsize > NVME_CAP_MQES(n->bar.cap)) {
+ return NVME_MAX_QSIZE_EXCEEDED | NVME_DNR;
+ }
+ if (!prp1) {
+ return NVME_INVALID_FIELD | NVME_DNR;
+ }
+ if (vector > n->num_queues) {
+ return NVME_INVALID_IRQ_VECTOR | NVME_DNR;
+ }
+ if (!(NVME_CQ_FLAGS_PC(qflags))) {
+ return NVME_INVALID_FIELD | NVME_DNR;
+ }
+
+ cq = g_malloc0(sizeof(*cq));
+ nvme_init_cq(cq, n, prp1, cqid, vector, qsize + 1,
+ NVME_CQ_FLAGS_IEN(qflags));
+ return NVME_SUCCESS;
+}
+
+static uint16_t nvme_identify(NvmeCtrl *n, NvmeCmd *cmd)
+{
+ NvmeNamespace *ns;
+ NvmeIdentify *c = (NvmeIdentify *)cmd;
+ uint32_t cns = le32_to_cpu(c->cns);
+ uint32_t nsid = le32_to_cpu(c->nsid);
+ uint64_t prp1 = le64_to_cpu(c->prp1);
+ uint64_t prp2 = le64_to_cpu(c->prp2);
+
+ if (cns) {
+ return nvme_dma_read_prp(n, (uint8_t *)&n->id_ctrl, sizeof(n->id_ctrl),
+ prp1, prp2);
+ }
+ if (nsid == 0 || nsid > n->num_namespaces) {
+ return NVME_INVALID_NSID | NVME_DNR;
+ }
+
+ ns = &n->namespaces[nsid - 1];
+ return nvme_dma_read_prp(n, (uint8_t *)&ns->id_ns, sizeof(ns->id_ns),
+ prp1, prp2);
+}
+
+static uint16_t nvme_get_feature(NvmeCtrl *n, NvmeCmd *cmd, NvmeRequest *req)
+{
+ uint32_t dw10 = le32_to_cpu(cmd->cdw10);
+
+ switch (dw10) {
+ case NVME_NUMBER_OF_QUEUES:
+ req->cqe.result = cpu_to_le32(n->num_queues);
+ break;
+ default:
+ return NVME_INVALID_FIELD | NVME_DNR;
+ }
+ return NVME_SUCCESS;
+}
+
+static uint16_t nvme_set_feature(NvmeCtrl *n, NvmeCmd *cmd, NvmeRequest *req)
+{
+ uint32_t dw10 = le32_to_cpu(cmd->cdw10);
+
+ switch (dw10) {
+ case NVME_NUMBER_OF_QUEUES:
+ req->cqe.result = cpu_to_le32(n->num_queues);
+ break;
+ default:
+ return NVME_INVALID_FIELD | NVME_DNR;
+ }
+ return NVME_SUCCESS;
+}
+
+static uint16_t nvme_admin_cmd(NvmeCtrl *n, NvmeCmd *cmd, NvmeRequest *req)
+{
+ switch (cmd->opcode) {
+ case NVME_ADM_CMD_DELETE_SQ:
+ return nvme_del_sq(n, cmd);
+ case NVME_ADM_CMD_CREATE_SQ:
+ return nvme_create_sq(n, cmd);
+ case NVME_ADM_CMD_DELETE_CQ:
+ return nvme_del_cq(n, cmd);
+ case NVME_ADM_CMD_CREATE_CQ:
+ return nvme_create_cq(n, cmd);
+ case NVME_ADM_CMD_IDENTIFY:
+ return nvme_identify(n, cmd);
+ case NVME_ADM_CMD_SET_FEATURES:
+ return nvme_set_feature(n, cmd, req);
+ case NVME_ADM_CMD_GET_FEATURES:
+ return nvme_get_feature(n, cmd, req);
+ default:
+ return NVME_INVALID_OPCODE | NVME_DNR;
+ }
+}
+
+static void nvme_process_sq(void *opaque)
+{
+ NvmeSQueue *sq = opaque;
+ NvmeCtrl *n = sq->ctrl;
+ NvmeCQueue *cq = n->cq[sq->cqid];
+
+ uint16_t status;
+ hwaddr addr;
+ NvmeCmd cmd;
+ NvmeRequest *req;
+
+ while (!(nvme_sq_empty(sq) || QTAILQ_EMPTY(&sq->req_list))) {
+ addr = sq->dma_addr + sq->head * n->sqe_size;
+ pci_dma_read(&n->parent_obj, addr, (void *)&cmd, sizeof(cmd));
+ nvme_inc_sq_head(sq);
+
+ req = QTAILQ_FIRST(&sq->req_list);
+ QTAILQ_REMOVE(&sq->req_list, req, entry);
+ QTAILQ_INSERT_TAIL(&sq->out_req_list, req, entry);
+ memset(&req->cqe, 0, sizeof(req->cqe));
+ req->cqe.cid = cmd.cid;
+
+ status = sq->sqid ? nvme_io_cmd(n, &cmd, req) :
+ nvme_admin_cmd(n, &cmd, req);
+ if (status != NVME_NO_COMPLETE) {
+ req->status = status;
+ nvme_enqueue_req_completion(cq, req);
+ }
+ }
+}
+
+static void nvme_clear_ctrl(NvmeCtrl *n)
+{
+ int i;
+
+ for (i = 0; i < n->num_queues; i++) {
+ if (n->sq[i] != NULL) {
+ nvme_free_sq(n->sq[i], n);
+ }
+ }
+ for (i = 0; i < n->num_queues; i++) {
+ if (n->cq[i] != NULL) {
+ nvme_free_cq(n->cq[i], n);
+ }
+ }
+
+ bdrv_flush(n->conf.bs);
+ n->bar.cc = 0;
+}
+
+static int nvme_start_ctrl(NvmeCtrl *n)
+{
+ uint32_t page_bits = NVME_CC_MPS(n->bar.cc) + 12;
+ uint32_t page_size = 1 << page_bits;
+
+ if (n->cq[0] || n->sq[0] || !n->bar.asq || !n->bar.acq ||
+ n->bar.asq & (page_size - 1) || n->bar.acq & (page_size - 1) ||
+ NVME_CC_MPS(n->bar.cc) < NVME_CAP_MPSMIN(n->bar.cap) ||
+ NVME_CC_MPS(n->bar.cc) > NVME_CAP_MPSMAX(n->bar.cap) ||
+ NVME_CC_IOCQES(n->bar.cc) < NVME_CTRL_CQES_MIN(n->id_ctrl.cqes) ||
+ NVME_CC_IOCQES(n->bar.cc) > NVME_CTRL_CQES_MAX(n->id_ctrl.cqes) ||
+ NVME_CC_IOSQES(n->bar.cc) < NVME_CTRL_SQES_MIN(n->id_ctrl.sqes) ||
+ NVME_CC_IOSQES(n->bar.cc) > NVME_CTRL_SQES_MAX(n->id_ctrl.sqes) ||
+ !NVME_AQA_ASQS(n->bar.aqa) || NVME_AQA_ASQS(n->bar.aqa) > 4095 ||
+ !NVME_AQA_ACQS(n->bar.aqa) || NVME_AQA_ACQS(n->bar.aqa) > 4095) {
+ return -1;
+ }
+
+ n->page_bits = page_bits;
+ n->page_size = page_size;
+ n->max_prp_ents = n->page_size / sizeof(uint64_t);
+ n->cqe_size = 1 << NVME_CC_IOCQES(n->bar.cc);
+ n->sqe_size = 1 << NVME_CC_IOSQES(n->bar.cc);
+ nvme_init_cq(&n->admin_cq, n, n->bar.acq, 0, 0,
+ NVME_AQA_ACQS(n->bar.aqa) + 1, 1);
+ nvme_init_sq(&n->admin_sq, n, n->bar.asq, 0, 0,
+ NVME_AQA_ASQS(n->bar.aqa) + 1);
+
+ return 0;
+}
+
+static void nvme_write_bar(NvmeCtrl *n, hwaddr offset, uint64_t data,
+ unsigned size)
+{
+ switch (offset) {
+ case 0xc:
+ n->bar.intms |= data & 0xffffffff;
+ n->bar.intmc = n->bar.intms;
+ break;
+ case 0x10:
+ n->bar.intms &= ~(data & 0xffffffff);
+ n->bar.intmc = n->bar.intms;
+ break;
+ case 0x14:
+ if (NVME_CC_EN(data) && !NVME_CC_EN(n->bar.cc)) {
+ n->bar.cc = data;
+ if (nvme_start_ctrl(n)) {
+ n->bar.csts = NVME_CSTS_FAILED;
+ } else {
+ n->bar.csts = NVME_CSTS_READY;
+ }
+ } else if (!NVME_CC_EN(data) && NVME_CC_EN(n->bar.cc)) {
+ nvme_clear_ctrl(n);
+ n->bar.csts &= ~NVME_CSTS_READY;
+ }
+ if (NVME_CC_SHN(data) && !(NVME_CC_SHN(n->bar.cc))) {
+ nvme_clear_ctrl(n);
+ n->bar.cc = data;
+ n->bar.csts |= NVME_CSTS_SHST_COMPLETE;
+ } else if (!NVME_CC_SHN(data) && NVME_CC_SHN(n->bar.cc)) {
+ n->bar.csts &= ~NVME_CSTS_SHST_COMPLETE;
+ n->bar.cc = data;
+ }
+ break;
+ case 0x24:
+ n->bar.aqa = data & 0xffffffff;
+ break;
+ case 0x28:
+ n->bar.asq = data;
+ break;
+ case 0x2c:
+ n->bar.asq |= data << 32;
+ break;
+ case 0x30:
+ n->bar.acq = data;
+ break;
+ case 0x34:
+ n->bar.acq |= data << 32;
+ break;
+ default:
+ break;
+ }
+}
+
+static uint64_t nvme_mmio_read(void *opaque, hwaddr addr, unsigned size)
+{
+ NvmeCtrl *n = (NvmeCtrl *)opaque;
+ uint8_t *ptr = (uint8_t *)&n->bar;
+ uint64_t val = 0;
+
+ if (addr < sizeof(n->bar)) {
+ memcpy(&val, ptr + addr, size);
+ }
+ return val;
+}
+
+static void nvme_process_db(NvmeCtrl *n, hwaddr addr, int val)
+{
+ uint32_t qid;
+
+ if (addr & ((1 << 2) - 1)) {
+ return;
+ }
+
+ if (((addr - 0x1000) >> 2) & 1) {
+ uint16_t new_head = val & 0xffff;
+ int start_sqs;
+ NvmeCQueue *cq;
+
+ qid = (addr - (0x1000 + (1 << 2))) >> 3;
+ if (nvme_check_cqid(n, qid)) {
+ return;
+ }
+
+ cq = n->cq[qid];
+ if (new_head >= cq->size) {
+ return;
+ }
+
+ start_sqs = nvme_cq_full(cq) ? 1 : 0;
+ cq->head = new_head;
+ if (start_sqs) {
+ NvmeSQueue *sq;
+ QTAILQ_FOREACH(sq, &cq->sq_list, entry) {
+ qemu_mod_timer(sq->timer, qemu_get_clock_ns(vm_clock) + 500);
+ }
+ qemu_mod_timer(cq->timer, qemu_get_clock_ns(vm_clock) + 500);
+ }
+
+ if (cq->tail != cq->head) {
+ nvme_isr_notify(n, cq);
+ }
+ } else {
+ uint16_t new_tail = val & 0xffff;
+ NvmeSQueue *sq;
+
+ qid = (addr - 0x1000) >> 3;
+ if (nvme_check_sqid(n, qid)) {
+ return;
+ }
+
+ sq = n->sq[qid];
+ if (new_tail >= sq->size) {
+ return;
+ }
+
+ sq->tail = new_tail;
+ qemu_mod_timer(sq->timer, qemu_get_clock_ns(vm_clock) + 500);
+ }
+}
+
+static void nvme_mmio_write(void *opaque, hwaddr addr, uint64_t data,
+ unsigned size)
+{
+ NvmeCtrl *n = (NvmeCtrl *)opaque;
+ if (addr < sizeof(n->bar)) {
+ nvme_write_bar(n, addr, data, size);
+ } else if (addr >= 0x1000) {
+ nvme_process_db(n, addr, data);
+ }
+}
+
+static const MemoryRegionOps nvme_mmio_ops = {
+ .read = nvme_mmio_read,
+ .write = nvme_mmio_write,
+ .endianness = DEVICE_LITTLE_ENDIAN,
+ .impl = {
+ .min_access_size = 2,
+ .max_access_size = 8,
+ },
+};
+
+static int nvme_init(PCIDevice *pci_dev)
+{
+ NvmeCtrl *n = NVME(pci_dev);
+ NvmeIdCtrl *id = &n->id_ctrl;
+
+ int i;
+ int64_t bs_size;
+ uint8_t *pci_conf;
+
+ if (!(n->conf.bs)) {
+ return -1;
+ }
+
+ bs_size = bdrv_getlength(n->conf.bs);
+ if (bs_size <= 0) {
+ return -1;
+ }
+
+ blkconf_serial(&n->conf, &n->serial);
+ if (!n->serial) {
+ return -1;
+ }
+
+ pci_conf = pci_dev->config;
+ pci_conf[PCI_INTERRUPT_PIN] = 1;
+ pci_config_set_prog_interface(pci_dev->config, 0x2);
+ pci_config_set_class(pci_dev->config, PCI_CLASS_STORAGE_EXPRESS);
+ pcie_endpoint_cap_init(&n->parent_obj, 0x80);
+
+ n->num_namespaces = 1;
+ n->num_queues = 64;
+ n->reg_size = 1 << qemu_fls(0x1004 + 2 * (n->num_queues + 1) * 4);
+ n->ns_size = bs_size / (uint64_t)n->num_namespaces;
+
+ n->namespaces = g_malloc0(sizeof(*n->namespaces)*n->num_namespaces);
+ n->sq = g_malloc0(sizeof(*n->sq)*n->num_queues);
+ n->cq = g_malloc0(sizeof(*n->cq)*n->num_queues);
+
+ memory_region_init_io(&n->iomem, OBJECT(n), &nvme_mmio_ops, n,
+ "nvme", n->reg_size);
+ pci_register_bar(&n->parent_obj, 0,
+ PCI_BASE_ADDRESS_SPACE_MEMORY | PCI_BASE_ADDRESS_MEM_TYPE_64,
+ &n->iomem);
+ msix_init_exclusive_bar(&n->parent_obj, n->num_queues, 4);
+
+ id->vid = cpu_to_le16(pci_get_word(pci_conf + PCI_VENDOR_ID));
+ id->ssvid = cpu_to_le16(pci_get_word(pci_conf + PCI_SUBSYSTEM_VENDOR_ID));
+ strpadcpy((char *)id->mn, sizeof(id->mn), "QEMU NVMe Ctrl", ' ');
+ strpadcpy((char *)id->fr, sizeof(id->fr), "1.0", ' ');
+ strpadcpy((char *)id->sn, sizeof(id->sn), n->serial, ' ');
+ id->rab = 6;
+ id->ieee[0] = 0x00;
+ id->ieee[1] = 0x02;
+ id->ieee[2] = 0xb3;
+ id->oacs = cpu_to_le16(0);
+ id->frmw = 7 << 1;
+ id->lpa = 1 << 0;
+ id->sqes = (0x6 << 4) | 0x6;
+ id->cqes = (0x4 << 4) | 0x4;
+ id->nn = cpu_to_le32(n->num_namespaces);
+ id->psd[0].mp = cpu_to_le16(0x9c4);
+ id->psd[0].enlat = cpu_to_le32(0x10);
+ id->psd[0].exlat = cpu_to_le32(0x4);
+
+ n->bar.cap = 0;
+ NVME_CAP_SET_MQES(n->bar.cap, 0x7ff);
+ NVME_CAP_SET_CQR(n->bar.cap, 1);
+ NVME_CAP_SET_AMS(n->bar.cap, 1);
+ NVME_CAP_SET_TO(n->bar.cap, 0xf);
+ NVME_CAP_SET_CSS(n->bar.cap, 1);
+
+ n->bar.vs = 0x00010001;
+ n->bar.intmc = n->bar.intms = 0;
+
+ for (i = 0; i < n->num_namespaces; i++) {
+ NvmeNamespace *ns = &n->namespaces[i];
+ NvmeIdNs *id_ns = &ns->id_ns;
+ id_ns->nsfeat = 0;
+ id_ns->nlbaf = 0;
+ id_ns->flbas = 0;
+ id_ns->mc = 0;
+ id_ns->dpc = 0;
+ id_ns->dps = 0;
+ id_ns->lbaf[0].ds = BDRV_SECTOR_BITS;
+ id_ns->ncap = id_ns->nuse = id_ns->nsze =
+ cpu_to_le64(n->ns_size >>
+ id_ns->lbaf[NVME_ID_NS_FLBAS_INDEX(ns->id_ns.flbas)].ds);
+ }
+ return 0;
+}
+
+static void nvme_exit(PCIDevice *pci_dev)
+{
+ NvmeCtrl *n = NVME(pci_dev);
+
+ nvme_clear_ctrl(n);
+ g_free(n->namespaces);
+ g_free(n->cq);
+ g_free(n->sq);
+ msix_uninit_exclusive_bar(pci_dev);
+ memory_region_destroy(&n->iomem);
+}
+
+static Property nvme_props[] = {
+ DEFINE_BLOCK_PROPERTIES(NvmeCtrl, conf),
+ DEFINE_PROP_STRING("serial", NvmeCtrl, serial),
+ DEFINE_PROP_END_OF_LIST(),
+};
+
+static const VMStateDescription nvme_vmstate = {
+ .name = "nvme",
+ .unmigratable = 1,
+};
+
+static void nvme_class_init(ObjectClass *oc, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(oc);
+ PCIDeviceClass *pc = PCI_DEVICE_CLASS(oc);
+
+ pc->init = nvme_init;
+ pc->exit = nvme_exit;
+ pc->class_id = PCI_CLASS_STORAGE_EXPRESS;
+ pc->vendor_id = PCI_VENDOR_ID_INTEL;
+ pc->device_id = 0x5845;
+ pc->revision = 1;
+ pc->is_express = 1;
+
+ set_bit(DEVICE_CATEGORY_STORAGE, dc->categories);
+ dc->desc = "Non-Volatile Memory Express";
+ dc->props = nvme_props;
+ dc->vmsd = &nvme_vmstate;
+}
+
+static const TypeInfo nvme_info = {
+ .name = "nvme",
+ .parent = TYPE_PCI_DEVICE,
+ .instance_size = sizeof(NvmeCtrl),
+ .class_init = nvme_class_init,
+};
+
+static void nvme_register_types(void)
+{
+ type_register_static(&nvme_info);
+}
+
+type_init(nvme_register_types)
diff --git a/hw/block/nvme.h b/hw/block/nvme.h
new file mode 100644
index 000000000..bd8fc3e4b
--- /dev/null
+++ b/hw/block/nvme.h
@@ -0,0 +1,711 @@
+#ifndef HW_NVME_H
+#define HW_NVME_H
+
+typedef struct NvmeBar {
+ uint64_t cap;
+ uint32_t vs;
+ uint32_t intms;
+ uint32_t intmc;
+ uint32_t cc;
+ uint32_t rsvd1;
+ uint32_t csts;
+ uint32_t nssrc;
+ uint32_t aqa;
+ uint64_t asq;
+ uint64_t acq;
+} NvmeBar;
+
+enum NvmeCapShift {
+ CAP_MQES_SHIFT = 0,
+ CAP_CQR_SHIFT = 16,
+ CAP_AMS_SHIFT = 17,
+ CAP_TO_SHIFT = 24,
+ CAP_DSTRD_SHIFT = 32,
+ CAP_NSSRS_SHIFT = 33,
+ CAP_CSS_SHIFT = 37,
+ CAP_MPSMIN_SHIFT = 48,
+ CAP_MPSMAX_SHIFT = 52,
+};
+
+enum NvmeCapMask {
+ CAP_MQES_MASK = 0xffff,
+ CAP_CQR_MASK = 0x1,
+ CAP_AMS_MASK = 0x3,
+ CAP_TO_MASK = 0xff,
+ CAP_DSTRD_MASK = 0xf,
+ CAP_NSSRS_MASK = 0x1,
+ CAP_CSS_MASK = 0xff,
+ CAP_MPSMIN_MASK = 0xf,
+ CAP_MPSMAX_MASK = 0xf,
+};
+
+#define NVME_CAP_MQES(cap) (((cap) >> CAP_MQES_SHIFT) & CAP_MQES_MASK)
+#define NVME_CAP_CQR(cap) (((cap) >> CAP_CQR_SHIFT) & CAP_CQR_MASK)
+#define NVME_CAP_AMS(cap) (((cap) >> CAP_AMS_SHIFT) & CAP_AMS_MASK)
+#define NVME_CAP_TO(cap) (((cap) >> CAP_TO_SHIFT) & CAP_TO_MASK)
+#define NVME_CAP_DSTRD(cap) (((cap) >> CAP_DSTRD_SHIFT) & CAP_DSTRD_MASK)
+#define NVME_CAP_NSSRS(cap) (((cap) >> CAP_NSSRS_SHIFT) & CAP_NSSRS_MASK)
+#define NVME_CAP_CSS(cap) (((cap) >> CAP_CSS_SHIFT) & CAP_CSS_MASK)
+#define NVME_CAP_MPSMIN(cap)(((cap) >> CAP_MPSMIN_SHIFT) & CAP_MPSMIN_MASK)
+#define NVME_CAP_MPSMAX(cap)(((cap) >> CAP_MPSMAX_SHIFT) & CAP_MPSMAX_MASK)
+
+#define NVME_CAP_SET_MQES(cap, val) (cap |= (uint64_t)(val & CAP_MQES_MASK) \
+ << CAP_MQES_SHIFT)
+#define NVME_CAP_SET_CQR(cap, val) (cap |= (uint64_t)(val & CAP_CQR_MASK) \
+ << CAP_CQR_SHIFT)
+#define NVME_CAP_SET_AMS(cap, val) (cap |= (uint64_t)(val & CAP_AMS_MASK) \
+ << CAP_AMS_SHIFT)
+#define NVME_CAP_SET_TO(cap, val) (cap |= (uint64_t)(val & CAP_TO_MASK) \
+ << CAP_TO_SHIFT)
+#define NVME_CAP_SET_DSTRD(cap, val) (cap |= (uint64_t)(val & CAP_DSTRD_MASK) \
+ << CAP_DSTRD_SHIFT)
+#define NVME_CAP_SET_NSSRS(cap, val) (cap |= (uint64_t)(val & CAP_NSSRS_MASK) \
+ << CAP_NSSRS_SHIFT)
+#define NVME_CAP_SET_CSS(cap, val) (cap |= (uint64_t)(val & CAP_CSS_MASK) \
+ << CAP_CSS_SHIFT)
+#define NVME_CAP_SET_MPSMIN(cap, val) (cap |= (uint64_t)(val & CAP_MPSMIN_MASK)\
+ << CAP_MPSMIN_SHIFT)
+#define NVME_CAP_SET_MPSMAX(cap, val) (cap |= (uint64_t)(val & CAP_MPSMAX_MASK)\
+ << CAP_MPSMAX_SHIFT)
+
+enum NvmeCcShift {
+ CC_EN_SHIFT = 0,
+ CC_CSS_SHIFT = 4,
+ CC_MPS_SHIFT = 7,
+ CC_AMS_SHIFT = 11,
+ CC_SHN_SHIFT = 14,
+ CC_IOSQES_SHIFT = 16,
+ CC_IOCQES_SHIFT = 20,
+};
+
+enum NvmeCcMask {
+ CC_EN_MASK = 0x1,
+ CC_CSS_MASK = 0x7,
+ CC_MPS_MASK = 0xf,
+ CC_AMS_MASK = 0x7,
+ CC_SHN_MASK = 0x3,
+ CC_IOSQES_MASK = 0xf,
+ CC_IOCQES_MASK = 0xf,
+};
+
+#define NVME_CC_EN(cc) ((cc >> CC_EN_SHIFT) & CC_EN_MASK)
+#define NVME_CC_CSS(cc) ((cc >> CC_CSS_SHIFT) & CC_CSS_MASK)
+#define NVME_CC_MPS(cc) ((cc >> CC_MPS_SHIFT) & CC_MPS_MASK)
+#define NVME_CC_AMS(cc) ((cc >> CC_AMS_SHIFT) & CC_AMS_MASK)
+#define NVME_CC_SHN(cc) ((cc >> CC_SHN_SHIFT) & CC_SHN_MASK)
+#define NVME_CC_IOSQES(cc) ((cc >> CC_IOSQES_SHIFT) & CC_IOSQES_MASK)
+#define NVME_CC_IOCQES(cc) ((cc >> CC_IOCQES_SHIFT) & CC_IOCQES_MASK)
+
+enum NvmeCstsShift {
+ CSTS_RDY_SHIFT = 0,
+ CSTS_CFS_SHIFT = 1,
+ CSTS_SHST_SHIFT = 2,
+ CSTS_NSSRO_SHIFT = 4,
+};
+
+enum NvmeCstsMask {
+ CSTS_RDY_MASK = 0x1,
+ CSTS_CFS_MASK = 0x1,
+ CSTS_SHST_MASK = 0x3,
+ CSTS_NSSRO_MASK = 0x1,
+};
+
+enum NvmeCsts {
+ NVME_CSTS_READY = 1 << CSTS_RDY_SHIFT,
+ NVME_CSTS_FAILED = 1 << CSTS_CFS_SHIFT,
+ NVME_CSTS_SHST_NORMAL = 0 << CSTS_SHST_SHIFT,
+ NVME_CSTS_SHST_PROGRESS = 1 << CSTS_SHST_SHIFT,
+ NVME_CSTS_SHST_COMPLETE = 2 << CSTS_SHST_SHIFT,
+ NVME_CSTS_NSSRO = 1 << CSTS_NSSRO_SHIFT,
+};
+
+#define NVME_CSTS_RDY(csts) ((csts >> CSTS_RDY_SHIFT) & CSTS_RDY_MASK)
+#define NVME_CSTS_CFS(csts) ((csts >> CSTS_CFS_SHIFT) & CSTS_CFS_MASK)
+#define NVME_CSTS_SHST(csts) ((csts >> CSTS_SHST_SHIFT) & CSTS_SHST_MASK)
+#define NVME_CSTS_NSSRO(csts) ((csts >> CSTS_NSSRO_SHIFT) & CSTS_NSSRO_MASK)
+
+enum NvmeAqaShift {
+ AQA_ASQS_SHIFT = 0,
+ AQA_ACQS_SHIFT = 16,
+};
+
+enum NvmeAqaMask {
+ AQA_ASQS_MASK = 0xfff,
+ AQA_ACQS_MASK = 0xfff,
+};
+
+#define NVME_AQA_ASQS(aqa) ((aqa >> AQA_ASQS_SHIFT) & AQA_ASQS_MASK)
+#define NVME_AQA_ACQS(aqa) ((aqa >> AQA_ACQS_SHIFT) & AQA_ACQS_MASK)
+
+typedef struct NvmeCmd {
+ uint8_t opcode;
+ uint8_t fuse;
+ uint16_t cid;
+ uint32_t nsid;
+ uint64_t res1;
+ uint64_t mptr;
+ uint64_t prp1;
+ uint64_t prp2;
+ uint32_t cdw10;
+ uint32_t cdw11;
+ uint32_t cdw12;
+ uint32_t cdw13;
+ uint32_t cdw14;
+ uint32_t cdw15;
+} NvmeCmd;
+
+enum NvmeAdminCommands {
+ NVME_ADM_CMD_DELETE_SQ = 0x00,
+ NVME_ADM_CMD_CREATE_SQ = 0x01,
+ NVME_ADM_CMD_GET_LOG_PAGE = 0x02,
+ NVME_ADM_CMD_DELETE_CQ = 0x04,
+ NVME_ADM_CMD_CREATE_CQ = 0x05,
+ NVME_ADM_CMD_IDENTIFY = 0x06,
+ NVME_ADM_CMD_ABORT = 0x08,
+ NVME_ADM_CMD_SET_FEATURES = 0x09,
+ NVME_ADM_CMD_GET_FEATURES = 0x0a,
+ NVME_ADM_CMD_ASYNC_EV_REQ = 0x0c,
+ NVME_ADM_CMD_ACTIVATE_FW = 0x10,
+ NVME_ADM_CMD_DOWNLOAD_FW = 0x11,
+ NVME_ADM_CMD_FORMAT_NVM = 0x80,
+ NVME_ADM_CMD_SECURITY_SEND = 0x81,
+ NVME_ADM_CMD_SECURITY_RECV = 0x82,
+};
+
+enum NvmeIoCommands {
+ NVME_CMD_FLUSH = 0x00,
+ NVME_CMD_WRITE = 0x01,
+ NVME_CMD_READ = 0x02,
+ NVME_CMD_WRITE_UNCOR = 0x04,
+ NVME_CMD_COMPARE = 0x05,
+ NVME_CMD_DSM = 0x09,
+};
+
+typedef struct NvmeDeleteQ {
+ uint8_t opcode;
+ uint8_t flags;
+ uint16_t cid;
+ uint32_t rsvd1[9];
+ uint16_t qid;
+ uint16_t rsvd10;
+ uint32_t rsvd11[5];
+} NvmeDeleteQ;
+
+typedef struct NvmeCreateCq {
+ uint8_t opcode;
+ uint8_t flags;
+ uint16_t cid;
+ uint32_t rsvd1[5];
+ uint64_t prp1;
+ uint64_t rsvd8;
+ uint16_t cqid;
+ uint16_t qsize;
+ uint16_t cq_flags;
+ uint16_t irq_vector;
+ uint32_t rsvd12[4];
+} NvmeCreateCq;
+
+#define NVME_CQ_FLAGS_PC(cq_flags) (cq_flags & 0x1)
+#define NVME_CQ_FLAGS_IEN(cq_flags) ((cq_flags >> 1) & 0x1)
+
+typedef struct NvmeCreateSq {
+ uint8_t opcode;
+ uint8_t flags;
+ uint16_t cid;
+ uint32_t rsvd1[5];
+ uint64_t prp1;
+ uint64_t rsvd8;
+ uint16_t sqid;
+ uint16_t qsize;
+ uint16_t sq_flags;
+ uint16_t cqid;
+ uint32_t rsvd12[4];
+} NvmeCreateSq;
+
+#define NVME_SQ_FLAGS_PC(sq_flags) (sq_flags & 0x1)
+#define NVME_SQ_FLAGS_QPRIO(sq_flags) ((sq_flags >> 1) & 0x3)
+
+enum NvmeQueueFlags {
+ NVME_Q_PC = 1,
+ NVME_Q_PRIO_URGENT = 0,
+ NVME_Q_PRIO_HIGH = 1,
+ NVME_Q_PRIO_NORMAL = 2,
+ NVME_Q_PRIO_LOW = 3,
+};
+
+typedef struct NvmeIdentify {
+ uint8_t opcode;
+ uint8_t flags;
+ uint16_t cid;
+ uint32_t nsid;
+ uint64_t rsvd2[2];
+ uint64_t prp1;
+ uint64_t prp2;
+ uint32_t cns;
+ uint32_t rsvd11[5];
+} NvmeIdentify;
+
+typedef struct NvmeRwCmd {
+ uint8_t opcode;
+ uint8_t flags;
+ uint16_t cid;
+ uint32_t nsid;
+ uint64_t rsvd2;
+ uint64_t mptr;
+ uint64_t prp1;
+ uint64_t prp2;
+ uint64_t slba;
+ uint16_t nlb;
+ uint16_t control;
+ uint32_t dsmgmt;
+ uint32_t reftag;
+ uint16_t apptag;
+ uint16_t appmask;
+} NvmeRwCmd;
+
+enum {
+ NVME_RW_LR = 1 << 15,
+ NVME_RW_FUA = 1 << 14,
+ NVME_RW_DSM_FREQ_UNSPEC = 0,
+ NVME_RW_DSM_FREQ_TYPICAL = 1,
+ NVME_RW_DSM_FREQ_RARE = 2,
+ NVME_RW_DSM_FREQ_READS = 3,
+ NVME_RW_DSM_FREQ_WRITES = 4,
+ NVME_RW_DSM_FREQ_RW = 5,
+ NVME_RW_DSM_FREQ_ONCE = 6,
+ NVME_RW_DSM_FREQ_PREFETCH = 7,
+ NVME_RW_DSM_FREQ_TEMP = 8,
+ NVME_RW_DSM_LATENCY_NONE = 0 << 4,
+ NVME_RW_DSM_LATENCY_IDLE = 1 << 4,
+ NVME_RW_DSM_LATENCY_NORM = 2 << 4,
+ NVME_RW_DSM_LATENCY_LOW = 3 << 4,
+ NVME_RW_DSM_SEQ_REQ = 1 << 6,
+ NVME_RW_DSM_COMPRESSED = 1 << 7,
+ NVME_RW_PRINFO_PRACT = 1 << 13,
+ NVME_RW_PRINFO_PRCHK_GUARD = 1 << 12,
+ NVME_RW_PRINFO_PRCHK_APP = 1 << 11,
+ NVME_RW_PRINFO_PRCHK_REF = 1 << 10,
+};
+
+typedef struct NvmeDsmCmd {
+ uint8_t opcode;
+ uint8_t flags;
+ uint16_t cid;
+ uint32_t nsid;
+ uint64_t rsvd2[2];
+ uint64_t prp1;
+ uint64_t prp2;
+ uint32_t nr;
+ uint32_t attributes;
+ uint32_t rsvd12[4];
+} NvmeDsmCmd;
+
+enum {
+ NVME_DSMGMT_IDR = 1 << 0,
+ NVME_DSMGMT_IDW = 1 << 1,
+ NVME_DSMGMT_AD = 1 << 2,
+};
+
+typedef struct NvmeDsmRange {
+ uint32_t cattr;
+ uint32_t nlb;
+ uint64_t slba;
+} NvmeDsmRange;
+
+enum NvmeAsyncEventRequest {
+ NVME_AER_TYPE_ERROR = 0,
+ NVME_AER_TYPE_SMART = 1,
+ NVME_AER_TYPE_IO_SPECIFIC = 6,
+ NVME_AER_TYPE_VENDOR_SPECIFIC = 7,
+ NVME_AER_INFO_ERR_INVALID_SQ = 0,
+ NVME_AER_INFO_ERR_INVALID_DB = 1,
+ NVME_AER_INFO_ERR_DIAG_FAIL = 2,
+ NVME_AER_INFO_ERR_PERS_INTERNAL_ERR = 3,
+ NVME_AER_INFO_ERR_TRANS_INTERNAL_ERR = 4,
+ NVME_AER_INFO_ERR_FW_IMG_LOAD_ERR = 5,
+ NVME_AER_INFO_SMART_RELIABILITY = 0,
+ NVME_AER_INFO_SMART_TEMP_THRESH = 1,
+ NVME_AER_INFO_SMART_SPARE_THRESH = 2,
+};
+
+typedef struct NvmeAerResult {
+ uint8_t event_type;
+ uint8_t event_info;
+ uint8_t log_page;
+ uint8_t resv;
+} NvmeAerResult;
+
+typedef struct NvmeCqe {
+ uint32_t result;
+ uint32_t rsvd;
+ uint16_t sq_head;
+ uint16_t sq_id;
+ uint16_t cid;
+ uint16_t status;
+} NvmeCqe;
+
+enum NvmeStatusCodes {
+ NVME_SUCCESS = 0x0000,
+ NVME_INVALID_OPCODE = 0x0001,
+ NVME_INVALID_FIELD = 0x0002,
+ NVME_CID_CONFLICT = 0x0003,
+ NVME_DATA_TRAS_ERROR = 0x0004,
+ NVME_POWER_LOSS_ABORT = 0x0005,
+ NVME_INTERNAL_DEV_ERROR = 0x0006,
+ NVME_CMD_ABORT_REQ = 0x0007,
+ NVME_CMD_ABORT_SQ_DEL = 0x0008,
+ NVME_CMD_ABORT_FAILED_FUSE = 0x0009,
+ NVME_CMD_ABORT_MISSING_FUSE = 0x000a,
+ NVME_INVALID_NSID = 0x000b,
+ NVME_CMD_SEQ_ERROR = 0x000c,
+ NVME_LBA_RANGE = 0x0080,
+ NVME_CAP_EXCEEDED = 0x0081,
+ NVME_NS_NOT_READY = 0x0082,
+ NVME_NS_RESV_CONFLICT = 0x0083,
+ NVME_INVALID_CQID = 0x0100,
+ NVME_INVALID_QID = 0x0101,
+ NVME_MAX_QSIZE_EXCEEDED = 0x0102,
+ NVME_ACL_EXCEEDED = 0x0103,
+ NVME_RESERVED = 0x0104,
+ NVME_AER_LIMIT_EXCEEDED = 0x0105,
+ NVME_INVALID_FW_SLOT = 0x0106,
+ NVME_INVALID_FW_IMAGE = 0x0107,
+ NVME_INVALID_IRQ_VECTOR = 0x0108,
+ NVME_INVALID_LOG_ID = 0x0109,
+ NVME_INVALID_FORMAT = 0x010a,
+ NVME_FW_REQ_RESET = 0x010b,
+ NVME_INVALID_QUEUE_DEL = 0x010c,
+ NVME_FID_NOT_SAVEABLE = 0x010d,
+ NVME_FID_NOT_NSID_SPEC = 0x010f,
+ NVME_FW_REQ_SUSYSTEM_RESET = 0x0110,
+ NVME_CONFLICTING_ATTRS = 0x0180,
+ NVME_INVALID_PROT_INFO = 0x0181,
+ NVME_WRITE_TO_RO = 0x0182,
+ NVME_WRITE_FAULT = 0x0280,
+ NVME_UNRECOVERED_READ = 0x0281,
+ NVME_E2E_GUARD_ERROR = 0x0282,
+ NVME_E2E_APP_ERROR = 0x0283,
+ NVME_E2E_REF_ERROR = 0x0284,
+ NVME_CMP_FAILURE = 0x0285,
+ NVME_ACCESS_DENIED = 0x0286,
+ NVME_MORE = 0x2000,
+ NVME_DNR = 0x4000,
+ NVME_NO_COMPLETE = 0xffff,
+};
+
+typedef struct NvmeFwSlotInfoLog {
+ uint8_t afi;
+ uint8_t reserved1[7];
+ uint8_t frs1[8];
+ uint8_t frs2[8];
+ uint8_t frs3[8];
+ uint8_t frs4[8];
+ uint8_t frs5[8];
+ uint8_t frs6[8];
+ uint8_t frs7[8];
+ uint8_t reserved2[448];
+} NvmeFwSlotInfoLog;
+
+typedef struct NvmeErrorLog {
+ uint64_t error_count;
+ uint16_t sqid;
+ uint16_t cid;
+ uint16_t status_field;
+ uint16_t param_error_location;
+ uint64_t lba;
+ uint32_t nsid;
+ uint8_t vs;
+ uint8_t resv[35];
+} NvmeErrorLog;
+
+typedef struct NvmeSmartLog {
+ uint8_t critical_warning;
+ uint8_t temperature[2];
+ uint8_t available_spare;
+ uint8_t available_spare_threshold;
+ uint8_t percentage_used;
+ uint8_t reserved1[26];
+ uint64_t data_units_read[2];
+ uint64_t data_units_written[2];
+ uint64_t host_read_commands[2];
+ uint64_t host_write_commands[2];
+ uint64_t controller_busy_time[2];
+ uint64_t power_cycles[2];
+ uint64_t power_on_hours[2];
+ uint64_t unsafe_shutdowns[2];
+ uint64_t media_errors[2];
+ uint64_t number_of_error_log_entries[2];
+ uint8_t reserved2[320];
+} NvmeSmartLog;
+
+enum NvmeSmartWarn {
+ NVME_SMART_SPARE = 1 << 0,
+ NVME_SMART_TEMPERATURE = 1 << 1,
+ NVME_SMART_RELIABILITY = 1 << 2,
+ NVME_SMART_MEDIA_READ_ONLY = 1 << 3,
+ NVME_SMART_FAILED_VOLATILE_MEDIA = 1 << 4,
+};
+
+enum LogIdentifier {
+ NVME_LOG_ERROR_INFO = 0x01,
+ NVME_LOG_SMART_INFO = 0x02,
+ NVME_LOG_FW_SLOT_INFO = 0x03,
+};
+
+typedef struct NvmePSD {
+ uint16_t mp;
+ uint16_t reserved;
+ uint32_t enlat;
+ uint32_t exlat;
+ uint8_t rrt;
+ uint8_t rrl;
+ uint8_t rwt;
+ uint8_t rwl;
+ uint8_t resv[16];
+} NvmePSD;
+
+typedef struct NvmeIdCtrl {
+ uint16_t vid;
+ uint16_t ssvid;
+ uint8_t sn[20];
+ uint8_t mn[40];
+ uint8_t fr[8];
+ uint8_t rab;
+ uint8_t ieee[3];
+ uint8_t cmic;
+ uint8_t mdts;
+ uint8_t rsvd255[178];
+ uint16_t oacs;
+ uint8_t acl;
+ uint8_t aerl;
+ uint8_t frmw;
+ uint8_t lpa;
+ uint8_t elpe;
+ uint8_t npss;
+ uint8_t rsvd511[248];
+ uint8_t sqes;
+ uint8_t cqes;
+ uint16_t rsvd515;
+ uint32_t nn;
+ uint16_t oncs;
+ uint16_t fuses;
+ uint8_t fna;
+ uint8_t vwc;
+ uint16_t awun;
+ uint16_t awupf;
+ uint8_t rsvd703[174];
+ uint8_t rsvd2047[1344];
+ NvmePSD psd[32];
+ uint8_t vs[1024];
+} NvmeIdCtrl;
+
+enum NvmeIdCtrlOacs {
+ NVME_OACS_SECURITY = 1 << 0,
+ NVME_OACS_FORMAT = 1 << 1,
+ NVME_OACS_FW = 1 << 2,
+};
+
+enum NvmeIdCtrlOncs {
+ NVME_ONCS_COMPARE = 1 << 0,
+ NVME_ONCS_WRITE_UNCORR = 1 << 1,
+ NVME_ONCS_DSM = 1 << 2,
+ NVME_ONCS_WRITE_ZEROS = 1 << 3,
+ NVME_ONCS_FEATURES = 1 << 4,
+ NVME_ONCS_RESRVATIONS = 1 << 5,
+};
+
+#define NVME_CTRL_SQES_MIN(sqes) ((sqes) & 0xf)
+#define NVME_CTRL_SQES_MAX(sqes) (((sqes) >> 4) & 0xf)
+#define NVME_CTRL_CQES_MIN(cqes) ((cqes) & 0xf)
+#define NVME_CTRL_CQES_MAX(cqes) (((cqes) >> 4) & 0xf)
+
+typedef struct NvmeFeatureVal {
+ uint32_t arbitration;
+ uint32_t power_mgmt;
+ uint32_t temp_thresh;
+ uint32_t err_rec;
+ uint32_t volatile_wc;
+ uint32_t num_queues;
+ uint32_t int_coalescing;
+ uint32_t *int_vector_config;
+ uint32_t write_atomicity;
+ uint32_t async_config;
+ uint32_t sw_prog_marker;
+} NvmeFeatureVal;
+
+#define NVME_ARB_AB(arb) (arb & 0x7)
+#define NVME_ARB_LPW(arb) ((arb >> 8) & 0xff)
+#define NVME_ARB_MPW(arb) ((arb >> 16) & 0xff)
+#define NVME_ARB_HPW(arb) ((arb >> 24) & 0xff)
+
+#define NVME_INTC_THR(intc) (intc & 0xff)
+#define NVME_INTC_TIME(intc) ((intc >> 8) & 0xff)
+
+enum NvmeFeatureIds {
+ NVME_ARBITRATION = 0x1,
+ NVME_POWER_MANAGEMENT = 0x2,
+ NVME_LBA_RANGE_TYPE = 0x3,
+ NVME_TEMPERATURE_THRESHOLD = 0x4,
+ NVME_ERROR_RECOVERY = 0x5,
+ NVME_VOLATILE_WRITE_CACHE = 0x6,
+ NVME_NUMBER_OF_QUEUES = 0x7,
+ NVME_INTERRUPT_COALESCING = 0x8,
+ NVME_INTERRUPT_VECTOR_CONF = 0x9,
+ NVME_WRITE_ATOMICITY = 0xa,
+ NVME_ASYNCHRONOUS_EVENT_CONF = 0xb,
+ NVME_SOFTWARE_PROGRESS_MARKER = 0x80
+};
+
+typedef struct NvmeRangeType {
+ uint8_t type;
+ uint8_t attributes;
+ uint8_t rsvd2[14];
+ uint64_t slba;
+ uint64_t nlb;
+ uint8_t guid[16];
+ uint8_t rsvd48[16];
+} NvmeRangeType;
+
+typedef struct NvmeLBAF {
+ uint16_t ms;
+ uint8_t ds;
+ uint8_t rp;
+} NvmeLBAF;
+
+typedef struct NvmeIdNs {
+ uint64_t nsze;
+ uint64_t ncap;
+ uint64_t nuse;
+ uint8_t nsfeat;
+ uint8_t nlbaf;
+ uint8_t flbas;
+ uint8_t mc;
+ uint8_t dpc;
+ uint8_t dps;
+ uint8_t res30[98];
+ NvmeLBAF lbaf[16];
+ uint8_t res192[192];
+ uint8_t vs[3712];
+} NvmeIdNs;
+
+#define NVME_ID_NS_NSFEAT_THIN(nsfeat) ((nsfeat & 0x1))
+#define NVME_ID_NS_FLBAS_EXTENDED(flbas) ((flbas >> 4) & 0x1)
+#define NVME_ID_NS_FLBAS_INDEX(flbas) ((flbas & 0xf))
+#define NVME_ID_NS_MC_SEPARATE(mc) ((mc >> 1) & 0x1)
+#define NVME_ID_NS_MC_EXTENDED(mc) ((mc & 0x1))
+#define NVME_ID_NS_DPC_LAST_EIGHT(dpc) ((dpc >> 4) & 0x1)
+#define NVME_ID_NS_DPC_FIRST_EIGHT(dpc) ((dpc >> 3) & 0x1)
+#define NVME_ID_NS_DPC_TYPE_3(dpc) ((dpc >> 2) & 0x1)
+#define NVME_ID_NS_DPC_TYPE_2(dpc) ((dpc >> 1) & 0x1)
+#define NVME_ID_NS_DPC_TYPE_1(dpc) ((dpc & 0x1))
+#define NVME_ID_NS_DPC_TYPE_MASK 0x7
+
+enum NvmeIdNsDps {
+ DPS_TYPE_NONE = 0,
+ DPS_TYPE_1 = 1,
+ DPS_TYPE_2 = 2,
+ DPS_TYPE_3 = 3,
+ DPS_TYPE_MASK = 0x7,
+ DPS_FIRST_EIGHT = 8,
+};
+
+static inline void _nvme_check_size(void)
+{
+ QEMU_BUILD_BUG_ON(sizeof(NvmeAerResult) != 4);
+ QEMU_BUILD_BUG_ON(sizeof(NvmeCqe) != 16);
+ QEMU_BUILD_BUG_ON(sizeof(NvmeDsmRange) != 16);
+ QEMU_BUILD_BUG_ON(sizeof(NvmeCmd) != 64);
+ QEMU_BUILD_BUG_ON(sizeof(NvmeDeleteQ) != 64);
+ QEMU_BUILD_BUG_ON(sizeof(NvmeCreateCq) != 64);
+ QEMU_BUILD_BUG_ON(sizeof(NvmeCreateSq) != 64);
+ QEMU_BUILD_BUG_ON(sizeof(NvmeIdentify) != 64);
+ QEMU_BUILD_BUG_ON(sizeof(NvmeRwCmd) != 64);
+ QEMU_BUILD_BUG_ON(sizeof(NvmeDsmCmd) != 64);
+ QEMU_BUILD_BUG_ON(sizeof(NvmeRangeType) != 64);
+ QEMU_BUILD_BUG_ON(sizeof(NvmeErrorLog) != 64);
+ QEMU_BUILD_BUG_ON(sizeof(NvmeFwSlotInfoLog) != 512);
+ QEMU_BUILD_BUG_ON(sizeof(NvmeSmartLog) != 512);
+ QEMU_BUILD_BUG_ON(sizeof(NvmeIdCtrl) != 4096);
+ QEMU_BUILD_BUG_ON(sizeof(NvmeIdNs) != 4096);
+}
+
+typedef struct NvmeAsyncEvent {
+ QSIMPLEQ_ENTRY(NvmeAsyncEvent) entry;
+ NvmeAerResult result;
+} NvmeAsyncEvent;
+
+typedef struct NvmeRequest {
+ struct NvmeSQueue *sq;
+ BlockDriverAIOCB *aiocb;
+ uint16_t status;
+ NvmeCqe cqe;
+ BlockAcctCookie acct;
+ QEMUSGList qsg;
+ QTAILQ_ENTRY(NvmeRequest)entry;
+} NvmeRequest;
+
+typedef struct NvmeSQueue {
+ struct NvmeCtrl *ctrl;
+ uint16_t sqid;
+ uint16_t cqid;
+ uint32_t head;
+ uint32_t tail;
+ uint32_t size;
+ uint64_t dma_addr;
+ QEMUTimer *timer;
+ NvmeRequest *io_req;
+ QTAILQ_HEAD(sq_req_list, NvmeRequest) req_list;
+ QTAILQ_HEAD(out_req_list, NvmeRequest) out_req_list;
+ QTAILQ_ENTRY(NvmeSQueue) entry;
+} NvmeSQueue;
+
+typedef struct NvmeCQueue {
+ struct NvmeCtrl *ctrl;
+ uint8_t phase;
+ uint16_t cqid;
+ uint16_t irq_enabled;
+ uint32_t head;
+ uint32_t tail;
+ uint32_t vector;
+ uint32_t size;
+ uint64_t dma_addr;
+ QEMUTimer *timer;
+ QTAILQ_HEAD(sq_list, NvmeSQueue) sq_list;
+ QTAILQ_HEAD(cq_req_list, NvmeRequest) req_list;
+} NvmeCQueue;
+
+typedef struct NvmeNamespace {
+ NvmeIdNs id_ns;
+} NvmeNamespace;
+
+#define TYPE_NVME "nvme"
+#define NVME(obj) \
+ OBJECT_CHECK(NvmeCtrl, (obj), TYPE_NVME)
+
+typedef struct NvmeCtrl {
+ PCIDevice parent_obj;
+ MemoryRegion iomem;
+ NvmeBar bar;
+ BlockConf conf;
+
+ uint16_t page_size;
+ uint16_t page_bits;
+ uint16_t max_prp_ents;
+ uint16_t cqe_size;
+ uint16_t sqe_size;
+ uint32_t reg_size;
+ uint32_t num_namespaces;
+ uint32_t num_queues;
+ uint32_t max_q_ents;
+ uint64_t ns_size;
+
+ char *serial;
+ NvmeNamespace *namespaces;
+ NvmeSQueue **sq;
+ NvmeCQueue **cq;
+ NvmeSQueue admin_sq;
+ NvmeCQueue admin_cq;
+ NvmeIdCtrl id_ctrl;
+} NvmeCtrl;
+
+#endif /* HW_NVME_H */
diff --git a/hw/block/onenand.c b/hw/block/onenand.c
new file mode 100644
index 000000000..aae9ee753
--- /dev/null
+++ b/hw/block/onenand.c
@@ -0,0 +1,854 @@
+/*
+ * OneNAND flash memories emulation.
+ *
+ * Copyright (C) 2008 Nokia Corporation
+ * Written by Andrzej Zaborowski <andrew@openedhand.com>
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License as
+ * published by the Free Software Foundation; either version 2 or
+ * (at your option) version 3 of the License.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "qemu-common.h"
+#include "hw/hw.h"
+#include "hw/block/flash.h"
+#include "hw/irq.h"
+#include "sysemu/blockdev.h"
+#include "exec/memory.h"
+#include "exec/address-spaces.h"
+#include "hw/sysbus.h"
+#include "qemu/error-report.h"
+
+/* 11 for 2kB-page OneNAND ("2nd generation") and 10 for 1kB-page chips */
+#define PAGE_SHIFT 11
+
+/* Fixed */
+#define BLOCK_SHIFT (PAGE_SHIFT + 6)
+
+#define TYPE_ONE_NAND "onenand"
+#define ONE_NAND(obj) OBJECT_CHECK(OneNANDState, (obj), TYPE_ONE_NAND)
+
+typedef struct OneNANDState {
+ SysBusDevice parent_obj;
+
+ struct {
+ uint16_t man;
+ uint16_t dev;
+ uint16_t ver;
+ } id;
+ int shift;
+ hwaddr base;
+ qemu_irq intr;
+ qemu_irq rdy;
+ BlockDriverState *bdrv;
+ BlockDriverState *bdrv_cur;
+ uint8_t *image;
+ uint8_t *otp;
+ uint8_t *current;
+ MemoryRegion ram;
+ MemoryRegion mapped_ram;
+ uint8_t current_direction;
+ uint8_t *boot[2];
+ uint8_t *data[2][2];
+ MemoryRegion iomem;
+ MemoryRegion container;
+ int cycle;
+ int otpmode;
+
+ uint16_t addr[8];
+ uint16_t unladdr[8];
+ int bufaddr;
+ int count;
+ uint16_t command;
+ uint16_t config[2];
+ uint16_t status;
+ uint16_t intstatus;
+ uint16_t wpstatus;
+
+ ECCState ecc;
+
+ int density_mask;
+ int secs;
+ int secs_cur;
+ int blocks;
+ uint8_t *blockwp;
+} OneNANDState;
+
+enum {
+ ONEN_BUF_BLOCK = 0,
+ ONEN_BUF_BLOCK2 = 1,
+ ONEN_BUF_DEST_BLOCK = 2,
+ ONEN_BUF_DEST_PAGE = 3,
+ ONEN_BUF_PAGE = 7,
+};
+
+enum {
+ ONEN_ERR_CMD = 1 << 10,
+ ONEN_ERR_ERASE = 1 << 11,
+ ONEN_ERR_PROG = 1 << 12,
+ ONEN_ERR_LOAD = 1 << 13,
+};
+
+enum {
+ ONEN_INT_RESET = 1 << 4,
+ ONEN_INT_ERASE = 1 << 5,
+ ONEN_INT_PROG = 1 << 6,
+ ONEN_INT_LOAD = 1 << 7,
+ ONEN_INT = 1 << 15,
+};
+
+enum {
+ ONEN_LOCK_LOCKTIGHTEN = 1 << 0,
+ ONEN_LOCK_LOCKED = 1 << 1,
+ ONEN_LOCK_UNLOCKED = 1 << 2,
+};
+
+static void onenand_mem_setup(OneNANDState *s)
+{
+ /* XXX: We should use IO_MEM_ROMD but we broke it earlier...
+ * Both 0x0000 ... 0x01ff and 0x8000 ... 0x800f can be used to
+ * write boot commands. Also take note of the BWPS bit. */
+ memory_region_init(&s->container, OBJECT(s), "onenand",
+ 0x10000 << s->shift);
+ memory_region_add_subregion(&s->container, 0, &s->iomem);
+ memory_region_init_alias(&s->mapped_ram, OBJECT(s), "onenand-mapped-ram",
+ &s->ram, 0x0200 << s->shift,
+ 0xbe00 << s->shift);
+ memory_region_add_subregion_overlap(&s->container,
+ 0x0200 << s->shift,
+ &s->mapped_ram,
+ 1);
+}
+
+static void onenand_intr_update(OneNANDState *s)
+{
+ qemu_set_irq(s->intr, ((s->intstatus >> 15) ^ (~s->config[0] >> 6)) & 1);
+}
+
+static void onenand_pre_save(void *opaque)
+{
+ OneNANDState *s = opaque;
+ if (s->current == s->otp) {
+ s->current_direction = 1;
+ } else if (s->current == s->image) {
+ s->current_direction = 2;
+ } else {
+ s->current_direction = 0;
+ }
+}
+
+static int onenand_post_load(void *opaque, int version_id)
+{
+ OneNANDState *s = opaque;
+ switch (s->current_direction) {
+ case 0:
+ break;
+ case 1:
+ s->current = s->otp;
+ break;
+ case 2:
+ s->current = s->image;
+ break;
+ default:
+ return -1;
+ }
+ onenand_intr_update(s);
+ return 0;
+}
+
+static const VMStateDescription vmstate_onenand = {
+ .name = "onenand",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .minimum_version_id_old = 1,
+ .pre_save = onenand_pre_save,
+ .post_load = onenand_post_load,
+ .fields = (VMStateField[]) {
+ VMSTATE_UINT8(current_direction, OneNANDState),
+ VMSTATE_INT32(cycle, OneNANDState),
+ VMSTATE_INT32(otpmode, OneNANDState),
+ VMSTATE_UINT16_ARRAY(addr, OneNANDState, 8),
+ VMSTATE_UINT16_ARRAY(unladdr, OneNANDState, 8),
+ VMSTATE_INT32(bufaddr, OneNANDState),
+ VMSTATE_INT32(count, OneNANDState),
+ VMSTATE_UINT16(command, OneNANDState),
+ VMSTATE_UINT16_ARRAY(config, OneNANDState, 2),
+ VMSTATE_UINT16(status, OneNANDState),
+ VMSTATE_UINT16(intstatus, OneNANDState),
+ VMSTATE_UINT16(wpstatus, OneNANDState),
+ VMSTATE_INT32(secs_cur, OneNANDState),
+ VMSTATE_PARTIAL_VBUFFER(blockwp, OneNANDState, blocks),
+ VMSTATE_UINT8(ecc.cp, OneNANDState),
+ VMSTATE_UINT16_ARRAY(ecc.lp, OneNANDState, 2),
+ VMSTATE_UINT16(ecc.count, OneNANDState),
+ VMSTATE_BUFFER_POINTER_UNSAFE(otp, OneNANDState, 0,
+ ((64 + 2) << PAGE_SHIFT)),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+/* Hot reset (Reset OneNAND command) or warm reset (RP pin low) */
+static void onenand_reset(OneNANDState *s, int cold)
+{
+ memset(&s->addr, 0, sizeof(s->addr));
+ s->command = 0;
+ s->count = 1;
+ s->bufaddr = 0;
+ s->config[0] = 0x40c0;
+ s->config[1] = 0x0000;
+ onenand_intr_update(s);
+ qemu_irq_raise(s->rdy);
+ s->status = 0x0000;
+ s->intstatus = cold ? 0x8080 : 0x8010;
+ s->unladdr[0] = 0;
+ s->unladdr[1] = 0;
+ s->wpstatus = 0x0002;
+ s->cycle = 0;
+ s->otpmode = 0;
+ s->bdrv_cur = s->bdrv;
+ s->current = s->image;
+ s->secs_cur = s->secs;
+
+ if (cold) {
+ /* Lock the whole flash */
+ memset(s->blockwp, ONEN_LOCK_LOCKED, s->blocks);
+
+ if (s->bdrv_cur && bdrv_read(s->bdrv_cur, 0, s->boot[0], 8) < 0) {
+ hw_error("%s: Loading the BootRAM failed.\n", __func__);
+ }
+ }
+}
+
+static void onenand_system_reset(DeviceState *dev)
+{
+ OneNANDState *s = ONE_NAND(dev);
+
+ onenand_reset(s, 1);
+}
+
+static inline int onenand_load_main(OneNANDState *s, int sec, int secn,
+ void *dest)
+{
+ if (s->bdrv_cur)
+ return bdrv_read(s->bdrv_cur, sec, dest, secn) < 0;
+ else if (sec + secn > s->secs_cur)
+ return 1;
+
+ memcpy(dest, s->current + (sec << 9), secn << 9);
+
+ return 0;
+}
+
+static inline int onenand_prog_main(OneNANDState *s, int sec, int secn,
+ void *src)
+{
+ int result = 0;
+
+ if (secn > 0) {
+ uint32_t size = (uint32_t)secn * 512;
+ const uint8_t *sp = (const uint8_t *)src;
+ uint8_t *dp = 0;
+ if (s->bdrv_cur) {
+ dp = g_malloc(size);
+ if (!dp || bdrv_read(s->bdrv_cur, sec, dp, secn) < 0) {
+ result = 1;
+ }
+ } else {
+ if (sec + secn > s->secs_cur) {
+ result = 1;
+ } else {
+ dp = (uint8_t *)s->current + (sec << 9);
+ }
+ }
+ if (!result) {
+ uint32_t i;
+ for (i = 0; i < size; i++) {
+ dp[i] &= sp[i];
+ }
+ if (s->bdrv_cur) {
+ result = bdrv_write(s->bdrv_cur, sec, dp, secn) < 0;
+ }
+ }
+ if (dp && s->bdrv_cur) {
+ g_free(dp);
+ }
+ }
+
+ return result;
+}
+
+static inline int onenand_load_spare(OneNANDState *s, int sec, int secn,
+ void *dest)
+{
+ uint8_t buf[512];
+
+ if (s->bdrv_cur) {
+ if (bdrv_read(s->bdrv_cur, s->secs_cur + (sec >> 5), buf, 1) < 0)
+ return 1;
+ memcpy(dest, buf + ((sec & 31) << 4), secn << 4);
+ } else if (sec + secn > s->secs_cur)
+ return 1;
+ else
+ memcpy(dest, s->current + (s->secs_cur << 9) + (sec << 4), secn << 4);
+
+ return 0;
+}
+
+static inline int onenand_prog_spare(OneNANDState *s, int sec, int secn,
+ void *src)
+{
+ int result = 0;
+ if (secn > 0) {
+ const uint8_t *sp = (const uint8_t *)src;
+ uint8_t *dp = 0, *dpp = 0;
+ if (s->bdrv_cur) {
+ dp = g_malloc(512);
+ if (!dp || bdrv_read(s->bdrv_cur,
+ s->secs_cur + (sec >> 5),
+ dp, 1) < 0) {
+ result = 1;
+ } else {
+ dpp = dp + ((sec & 31) << 4);
+ }
+ } else {
+ if (sec + secn > s->secs_cur) {
+ result = 1;
+ } else {
+ dpp = s->current + (s->secs_cur << 9) + (sec << 4);
+ }
+ }
+ if (!result) {
+ uint32_t i;
+ for (i = 0; i < (secn << 4); i++) {
+ dpp[i] &= sp[i];
+ }
+ if (s->bdrv_cur) {
+ result = bdrv_write(s->bdrv_cur, s->secs_cur + (sec >> 5),
+ dp, 1) < 0;
+ }
+ }
+ if (dp) {
+ g_free(dp);
+ }
+ }
+ return result;
+}
+
+static inline int onenand_erase(OneNANDState *s, int sec, int num)
+{
+ uint8_t *blankbuf, *tmpbuf;
+ blankbuf = g_malloc(512);
+ if (!blankbuf) {
+ return 1;
+ }
+ tmpbuf = g_malloc(512);
+ if (!tmpbuf) {
+ g_free(blankbuf);
+ return 1;
+ }
+ memset(blankbuf, 0xff, 512);
+ for (; num > 0; num--, sec++) {
+ if (s->bdrv_cur) {
+ int erasesec = s->secs_cur + (sec >> 5);
+ if (bdrv_write(s->bdrv_cur, sec, blankbuf, 1) < 0) {
+ goto fail;
+ }
+ if (bdrv_read(s->bdrv_cur, erasesec, tmpbuf, 1) < 0) {
+ goto fail;
+ }
+ memcpy(tmpbuf + ((sec & 31) << 4), blankbuf, 1 << 4);
+ if (bdrv_write(s->bdrv_cur, erasesec, tmpbuf, 1) < 0) {
+ goto fail;
+ }
+ } else {
+ if (sec + 1 > s->secs_cur) {
+ goto fail;
+ }
+ memcpy(s->current + (sec << 9), blankbuf, 512);
+ memcpy(s->current + (s->secs_cur << 9) + (sec << 4),
+ blankbuf, 1 << 4);
+ }
+ }
+
+ g_free(tmpbuf);
+ g_free(blankbuf);
+ return 0;
+
+fail:
+ g_free(tmpbuf);
+ g_free(blankbuf);
+ return 1;
+}
+
+static void onenand_command(OneNANDState *s)
+{
+ int b;
+ int sec;
+ void *buf;
+#define SETADDR(block, page) \
+ sec = (s->addr[page] & 3) + \
+ ((((s->addr[page] >> 2) & 0x3f) + \
+ (((s->addr[block] & 0xfff) | \
+ (s->addr[block] >> 15 ? \
+ s->density_mask : 0)) << 6)) << (PAGE_SHIFT - 9));
+#define SETBUF_M() \
+ buf = (s->bufaddr & 8) ? \
+ s->data[(s->bufaddr >> 2) & 1][0] : s->boot[0]; \
+ buf += (s->bufaddr & 3) << 9;
+#define SETBUF_S() \
+ buf = (s->bufaddr & 8) ? \
+ s->data[(s->bufaddr >> 2) & 1][1] : s->boot[1]; \
+ buf += (s->bufaddr & 3) << 4;
+
+ switch (s->command) {
+ case 0x00: /* Load single/multiple sector data unit into buffer */
+ SETADDR(ONEN_BUF_BLOCK, ONEN_BUF_PAGE)
+
+ SETBUF_M()
+ if (onenand_load_main(s, sec, s->count, buf))
+ s->status |= ONEN_ERR_CMD | ONEN_ERR_LOAD;
+
+#if 0
+ SETBUF_S()
+ if (onenand_load_spare(s, sec, s->count, buf))
+ s->status |= ONEN_ERR_CMD | ONEN_ERR_LOAD;
+#endif
+
+ /* TODO: if (s->bufaddr & 3) + s->count was > 4 (2k-pages)
+ * or if (s->bufaddr & 1) + s->count was > 2 (1k-pages)
+ * then we need two split the read/write into two chunks.
+ */
+ s->intstatus |= ONEN_INT | ONEN_INT_LOAD;
+ break;
+ case 0x13: /* Load single/multiple spare sector into buffer */
+ SETADDR(ONEN_BUF_BLOCK, ONEN_BUF_PAGE)
+
+ SETBUF_S()
+ if (onenand_load_spare(s, sec, s->count, buf))
+ s->status |= ONEN_ERR_CMD | ONEN_ERR_LOAD;
+
+ /* TODO: if (s->bufaddr & 3) + s->count was > 4 (2k-pages)
+ * or if (s->bufaddr & 1) + s->count was > 2 (1k-pages)
+ * then we need two split the read/write into two chunks.
+ */
+ s->intstatus |= ONEN_INT | ONEN_INT_LOAD;
+ break;
+ case 0x80: /* Program single/multiple sector data unit from buffer */
+ SETADDR(ONEN_BUF_BLOCK, ONEN_BUF_PAGE)
+
+ SETBUF_M()
+ if (onenand_prog_main(s, sec, s->count, buf))
+ s->status |= ONEN_ERR_CMD | ONEN_ERR_PROG;
+
+#if 0
+ SETBUF_S()
+ if (onenand_prog_spare(s, sec, s->count, buf))
+ s->status |= ONEN_ERR_CMD | ONEN_ERR_PROG;
+#endif
+
+ /* TODO: if (s->bufaddr & 3) + s->count was > 4 (2k-pages)
+ * or if (s->bufaddr & 1) + s->count was > 2 (1k-pages)
+ * then we need two split the read/write into two chunks.
+ */
+ s->intstatus |= ONEN_INT | ONEN_INT_PROG;
+ break;
+ case 0x1a: /* Program single/multiple spare area sector from buffer */
+ SETADDR(ONEN_BUF_BLOCK, ONEN_BUF_PAGE)
+
+ SETBUF_S()
+ if (onenand_prog_spare(s, sec, s->count, buf))
+ s->status |= ONEN_ERR_CMD | ONEN_ERR_PROG;
+
+ /* TODO: if (s->bufaddr & 3) + s->count was > 4 (2k-pages)
+ * or if (s->bufaddr & 1) + s->count was > 2 (1k-pages)
+ * then we need two split the read/write into two chunks.
+ */
+ s->intstatus |= ONEN_INT | ONEN_INT_PROG;
+ break;
+ case 0x1b: /* Copy-back program */
+ SETBUF_S()
+
+ SETADDR(ONEN_BUF_BLOCK, ONEN_BUF_PAGE)
+ if (onenand_load_main(s, sec, s->count, buf))
+ s->status |= ONEN_ERR_CMD | ONEN_ERR_PROG;
+
+ SETADDR(ONEN_BUF_DEST_BLOCK, ONEN_BUF_DEST_PAGE)
+ if (onenand_prog_main(s, sec, s->count, buf))
+ s->status |= ONEN_ERR_CMD | ONEN_ERR_PROG;
+
+ /* TODO: spare areas */
+
+ s->intstatus |= ONEN_INT | ONEN_INT_PROG;
+ break;
+
+ case 0x23: /* Unlock NAND array block(s) */
+ s->intstatus |= ONEN_INT;
+
+ /* XXX the previous (?) area should be locked automatically */
+ for (b = s->unladdr[0]; b <= s->unladdr[1]; b ++) {
+ if (b >= s->blocks) {
+ s->status |= ONEN_ERR_CMD;
+ break;
+ }
+ if (s->blockwp[b] == ONEN_LOCK_LOCKTIGHTEN)
+ break;
+
+ s->wpstatus = s->blockwp[b] = ONEN_LOCK_UNLOCKED;
+ }
+ break;
+ case 0x27: /* Unlock All NAND array blocks */
+ s->intstatus |= ONEN_INT;
+
+ for (b = 0; b < s->blocks; b ++) {
+ if (b >= s->blocks) {
+ s->status |= ONEN_ERR_CMD;
+ break;
+ }
+ if (s->blockwp[b] == ONEN_LOCK_LOCKTIGHTEN)
+ break;
+
+ s->wpstatus = s->blockwp[b] = ONEN_LOCK_UNLOCKED;
+ }
+ break;
+
+ case 0x2a: /* Lock NAND array block(s) */
+ s->intstatus |= ONEN_INT;
+
+ for (b = s->unladdr[0]; b <= s->unladdr[1]; b ++) {
+ if (b >= s->blocks) {
+ s->status |= ONEN_ERR_CMD;
+ break;
+ }
+ if (s->blockwp[b] == ONEN_LOCK_LOCKTIGHTEN)
+ break;
+
+ s->wpstatus = s->blockwp[b] = ONEN_LOCK_LOCKED;
+ }
+ break;
+ case 0x2c: /* Lock-tight NAND array block(s) */
+ s->intstatus |= ONEN_INT;
+
+ for (b = s->unladdr[0]; b <= s->unladdr[1]; b ++) {
+ if (b >= s->blocks) {
+ s->status |= ONEN_ERR_CMD;
+ break;
+ }
+ if (s->blockwp[b] == ONEN_LOCK_UNLOCKED)
+ continue;
+
+ s->wpstatus = s->blockwp[b] = ONEN_LOCK_LOCKTIGHTEN;
+ }
+ break;
+
+ case 0x71: /* Erase-Verify-Read */
+ s->intstatus |= ONEN_INT;
+ break;
+ case 0x95: /* Multi-block erase */
+ qemu_irq_pulse(s->intr);
+ /* Fall through. */
+ case 0x94: /* Block erase */
+ sec = ((s->addr[ONEN_BUF_BLOCK] & 0xfff) |
+ (s->addr[ONEN_BUF_BLOCK] >> 15 ? s->density_mask : 0))
+ << (BLOCK_SHIFT - 9);
+ if (onenand_erase(s, sec, 1 << (BLOCK_SHIFT - 9)))
+ s->status |= ONEN_ERR_CMD | ONEN_ERR_ERASE;
+
+ s->intstatus |= ONEN_INT | ONEN_INT_ERASE;
+ break;
+ case 0xb0: /* Erase suspend */
+ break;
+ case 0x30: /* Erase resume */
+ s->intstatus |= ONEN_INT | ONEN_INT_ERASE;
+ break;
+
+ case 0xf0: /* Reset NAND Flash core */
+ onenand_reset(s, 0);
+ break;
+ case 0xf3: /* Reset OneNAND */
+ onenand_reset(s, 0);
+ break;
+
+ case 0x65: /* OTP Access */
+ s->intstatus |= ONEN_INT;
+ s->bdrv_cur = NULL;
+ s->current = s->otp;
+ s->secs_cur = 1 << (BLOCK_SHIFT - 9);
+ s->addr[ONEN_BUF_BLOCK] = 0;
+ s->otpmode = 1;
+ break;
+
+ default:
+ s->status |= ONEN_ERR_CMD;
+ s->intstatus |= ONEN_INT;
+ fprintf(stderr, "%s: unknown OneNAND command %x\n",
+ __func__, s->command);
+ }
+
+ onenand_intr_update(s);
+}
+
+static uint64_t onenand_read(void *opaque, hwaddr addr,
+ unsigned size)
+{
+ OneNANDState *s = (OneNANDState *) opaque;
+ int offset = addr >> s->shift;
+
+ switch (offset) {
+ case 0x0000 ... 0xc000:
+ return lduw_le_p(s->boot[0] + addr);
+
+ case 0xf000: /* Manufacturer ID */
+ return s->id.man;
+ case 0xf001: /* Device ID */
+ return s->id.dev;
+ case 0xf002: /* Version ID */
+ return s->id.ver;
+ /* TODO: get the following values from a real chip! */
+ case 0xf003: /* Data Buffer size */
+ return 1 << PAGE_SHIFT;
+ case 0xf004: /* Boot Buffer size */
+ return 0x200;
+ case 0xf005: /* Amount of buffers */
+ return 1 | (2 << 8);
+ case 0xf006: /* Technology */
+ return 0;
+
+ case 0xf100 ... 0xf107: /* Start addresses */
+ return s->addr[offset - 0xf100];
+
+ case 0xf200: /* Start buffer */
+ return (s->bufaddr << 8) | ((s->count - 1) & (1 << (PAGE_SHIFT - 10)));
+
+ case 0xf220: /* Command */
+ return s->command;
+ case 0xf221: /* System Configuration 1 */
+ return s->config[0] & 0xffe0;
+ case 0xf222: /* System Configuration 2 */
+ return s->config[1];
+
+ case 0xf240: /* Controller Status */
+ return s->status;
+ case 0xf241: /* Interrupt */
+ return s->intstatus;
+ case 0xf24c: /* Unlock Start Block Address */
+ return s->unladdr[0];
+ case 0xf24d: /* Unlock End Block Address */
+ return s->unladdr[1];
+ case 0xf24e: /* Write Protection Status */
+ return s->wpstatus;
+
+ case 0xff00: /* ECC Status */
+ return 0x00;
+ case 0xff01: /* ECC Result of main area data */
+ case 0xff02: /* ECC Result of spare area data */
+ case 0xff03: /* ECC Result of main area data */
+ case 0xff04: /* ECC Result of spare area data */
+ hw_error("%s: imeplement ECC\n", __FUNCTION__);
+ return 0x0000;
+ }
+
+ fprintf(stderr, "%s: unknown OneNAND register %x\n",
+ __FUNCTION__, offset);
+ return 0;
+}
+
+static void onenand_write(void *opaque, hwaddr addr,
+ uint64_t value, unsigned size)
+{
+ OneNANDState *s = (OneNANDState *) opaque;
+ int offset = addr >> s->shift;
+ int sec;
+
+ switch (offset) {
+ case 0x0000 ... 0x01ff:
+ case 0x8000 ... 0x800f:
+ if (s->cycle) {
+ s->cycle = 0;
+
+ if (value == 0x0000) {
+ SETADDR(ONEN_BUF_BLOCK, ONEN_BUF_PAGE)
+ onenand_load_main(s, sec,
+ 1 << (PAGE_SHIFT - 9), s->data[0][0]);
+ s->addr[ONEN_BUF_PAGE] += 4;
+ s->addr[ONEN_BUF_PAGE] &= 0xff;
+ }
+ break;
+ }
+
+ switch (value) {
+ case 0x00f0: /* Reset OneNAND */
+ onenand_reset(s, 0);
+ break;
+
+ case 0x00e0: /* Load Data into Buffer */
+ s->cycle = 1;
+ break;
+
+ case 0x0090: /* Read Identification Data */
+ memset(s->boot[0], 0, 3 << s->shift);
+ s->boot[0][0 << s->shift] = s->id.man & 0xff;
+ s->boot[0][1 << s->shift] = s->id.dev & 0xff;
+ s->boot[0][2 << s->shift] = s->wpstatus & 0xff;
+ break;
+
+ default:
+ fprintf(stderr, "%s: unknown OneNAND boot command %"PRIx64"\n",
+ __FUNCTION__, value);
+ }
+ break;
+
+ case 0xf100 ... 0xf107: /* Start addresses */
+ s->addr[offset - 0xf100] = value;
+ break;
+
+ case 0xf200: /* Start buffer */
+ s->bufaddr = (value >> 8) & 0xf;
+ if (PAGE_SHIFT == 11)
+ s->count = (value & 3) ?: 4;
+ else if (PAGE_SHIFT == 10)
+ s->count = (value & 1) ?: 2;
+ break;
+
+ case 0xf220: /* Command */
+ if (s->intstatus & (1 << 15))
+ break;
+ s->command = value;
+ onenand_command(s);
+ break;
+ case 0xf221: /* System Configuration 1 */
+ s->config[0] = value;
+ onenand_intr_update(s);
+ qemu_set_irq(s->rdy, (s->config[0] >> 7) & 1);
+ break;
+ case 0xf222: /* System Configuration 2 */
+ s->config[1] = value;
+ break;
+
+ case 0xf241: /* Interrupt */
+ s->intstatus &= value;
+ if ((1 << 15) & ~s->intstatus)
+ s->status &= ~(ONEN_ERR_CMD | ONEN_ERR_ERASE |
+ ONEN_ERR_PROG | ONEN_ERR_LOAD);
+ onenand_intr_update(s);
+ break;
+ case 0xf24c: /* Unlock Start Block Address */
+ s->unladdr[0] = value & (s->blocks - 1);
+ /* For some reason we have to set the end address to by default
+ * be same as start because the software forgets to write anything
+ * in there. */
+ s->unladdr[1] = value & (s->blocks - 1);
+ break;
+ case 0xf24d: /* Unlock End Block Address */
+ s->unladdr[1] = value & (s->blocks - 1);
+ break;
+
+ default:
+ fprintf(stderr, "%s: unknown OneNAND register %x\n",
+ __FUNCTION__, offset);
+ }
+}
+
+static const MemoryRegionOps onenand_ops = {
+ .read = onenand_read,
+ .write = onenand_write,
+ .endianness = DEVICE_NATIVE_ENDIAN,
+};
+
+static int onenand_initfn(SysBusDevice *sbd)
+{
+ DeviceState *dev = DEVICE(sbd);
+ OneNANDState *s = ONE_NAND(dev);
+ uint32_t size = 1 << (24 + ((s->id.dev >> 4) & 7));
+ void *ram;
+
+ s->base = (hwaddr)-1;
+ s->rdy = NULL;
+ s->blocks = size >> BLOCK_SHIFT;
+ s->secs = size >> 9;
+ s->blockwp = g_malloc(s->blocks);
+ s->density_mask = (s->id.dev & 0x08)
+ ? (1 << (6 + ((s->id.dev >> 4) & 7))) : 0;
+ memory_region_init_io(&s->iomem, OBJECT(s), &onenand_ops, s, "onenand",
+ 0x10000 << s->shift);
+ if (!s->bdrv) {
+ s->image = memset(g_malloc(size + (size >> 5)),
+ 0xff, size + (size >> 5));
+ } else {
+ if (bdrv_is_read_only(s->bdrv)) {
+ error_report("Can't use a read-only drive");
+ return -1;
+ }
+ s->bdrv_cur = s->bdrv;
+ }
+ s->otp = memset(g_malloc((64 + 2) << PAGE_SHIFT),
+ 0xff, (64 + 2) << PAGE_SHIFT);
+ memory_region_init_ram(&s->ram, OBJECT(s), "onenand.ram",
+ 0xc000 << s->shift);
+ vmstate_register_ram_global(&s->ram);
+ ram = memory_region_get_ram_ptr(&s->ram);
+ s->boot[0] = ram + (0x0000 << s->shift);
+ s->boot[1] = ram + (0x8000 << s->shift);
+ s->data[0][0] = ram + ((0x0200 + (0 << (PAGE_SHIFT - 1))) << s->shift);
+ s->data[0][1] = ram + ((0x8010 + (0 << (PAGE_SHIFT - 6))) << s->shift);
+ s->data[1][0] = ram + ((0x0200 + (1 << (PAGE_SHIFT - 1))) << s->shift);
+ s->data[1][1] = ram + ((0x8010 + (1 << (PAGE_SHIFT - 6))) << s->shift);
+ onenand_mem_setup(s);
+ sysbus_init_irq(sbd, &s->intr);
+ sysbus_init_mmio(sbd, &s->container);
+ vmstate_register(dev,
+ ((s->shift & 0x7f) << 24)
+ | ((s->id.man & 0xff) << 16)
+ | ((s->id.dev & 0xff) << 8)
+ | (s->id.ver & 0xff),
+ &vmstate_onenand, s);
+ return 0;
+}
+
+static Property onenand_properties[] = {
+ DEFINE_PROP_UINT16("manufacturer_id", OneNANDState, id.man, 0),
+ DEFINE_PROP_UINT16("device_id", OneNANDState, id.dev, 0),
+ DEFINE_PROP_UINT16("version_id", OneNANDState, id.ver, 0),
+ DEFINE_PROP_INT32("shift", OneNANDState, shift, 0),
+ DEFINE_PROP_DRIVE("drive", OneNANDState, bdrv),
+ DEFINE_PROP_END_OF_LIST(),
+};
+
+static void onenand_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
+
+ k->init = onenand_initfn;
+ dc->reset = onenand_system_reset;
+ dc->props = onenand_properties;
+}
+
+static const TypeInfo onenand_info = {
+ .name = TYPE_ONE_NAND,
+ .parent = TYPE_SYS_BUS_DEVICE,
+ .instance_size = sizeof(OneNANDState),
+ .class_init = onenand_class_init,
+};
+
+static void onenand_register_types(void)
+{
+ type_register_static(&onenand_info);
+}
+
+void *onenand_raw_otp(DeviceState *onenand_device)
+{
+ OneNANDState *s = ONE_NAND(onenand_device);
+
+ return s->otp;
+}
+
+type_init(onenand_register_types)
diff --git a/hw/block/pflash_cfi01.c b/hw/block/pflash_cfi01.c
new file mode 100644
index 000000000..825011d8c
--- /dev/null
+++ b/hw/block/pflash_cfi01.c
@@ -0,0 +1,775 @@
+/*
+ * CFI parallel flash with Intel command set emulation
+ *
+ * Copyright (c) 2006 Thorsten Zitterell
+ * Copyright (c) 2005 Jocelyn Mayer
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+/*
+ * For now, this code can emulate flashes of 1, 2 or 4 bytes width.
+ * Supported commands/modes are:
+ * - flash read
+ * - flash write
+ * - flash ID read
+ * - sector erase
+ * - CFI queries
+ *
+ * It does not support timings
+ * It does not support flash interleaving
+ * It does not implement software data protection as found in many real chips
+ * It does not implement erase suspend/resume commands
+ * It does not implement multiple sectors erase
+ *
+ * It does not implement much more ...
+ */
+
+#include "hw/hw.h"
+#include "hw/block/flash.h"
+#include "block/block.h"
+#include "qemu/timer.h"
+#include "exec/address-spaces.h"
+#include "qemu/host-utils.h"
+#include "hw/sysbus.h"
+
+#define PFLASH_BUG(fmt, ...) \
+do { \
+ fprintf(stderr, "PFLASH: Possible BUG - " fmt, ## __VA_ARGS__); \
+ exit(1); \
+} while(0)
+
+/* #define PFLASH_DEBUG */
+#ifdef PFLASH_DEBUG
+#define DPRINTF(fmt, ...) \
+do { \
+ fprintf(stderr, "PFLASH: " fmt , ## __VA_ARGS__); \
+} while (0)
+#else
+#define DPRINTF(fmt, ...) do { } while (0)
+#endif
+
+#define TYPE_CFI_PFLASH01 "cfi.pflash01"
+#define CFI_PFLASH01(obj) OBJECT_CHECK(pflash_t, (obj), TYPE_CFI_PFLASH01)
+
+struct pflash_t {
+ /*< private >*/
+ SysBusDevice parent_obj;
+ /*< public >*/
+
+ BlockDriverState *bs;
+ uint32_t nb_blocs;
+ uint64_t sector_len;
+ uint8_t width;
+ uint8_t be;
+ uint8_t wcycle; /* if 0, the flash is read normally */
+ int ro;
+ uint8_t cmd;
+ uint8_t status;
+ uint16_t ident0;
+ uint16_t ident1;
+ uint16_t ident2;
+ uint16_t ident3;
+ uint8_t cfi_len;
+ uint8_t cfi_table[0x52];
+ uint64_t counter;
+ unsigned int writeblock_size;
+ QEMUTimer *timer;
+ MemoryRegion mem;
+ char *name;
+ void *storage;
+};
+
+static const VMStateDescription vmstate_pflash = {
+ .name = "pflash_cfi01",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .fields = (VMStateField[]) {
+ VMSTATE_UINT8(wcycle, pflash_t),
+ VMSTATE_UINT8(cmd, pflash_t),
+ VMSTATE_UINT8(status, pflash_t),
+ VMSTATE_UINT64(counter, pflash_t),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+static void pflash_timer (void *opaque)
+{
+ pflash_t *pfl = opaque;
+
+ DPRINTF("%s: command %02x done\n", __func__, pfl->cmd);
+ /* Reset flash */
+ pfl->status ^= 0x80;
+ memory_region_rom_device_set_romd(&pfl->mem, true);
+ pfl->wcycle = 0;
+ pfl->cmd = 0;
+}
+
+static uint32_t pflash_read (pflash_t *pfl, hwaddr offset,
+ int width, int be)
+{
+ hwaddr boff;
+ uint32_t ret;
+ uint8_t *p;
+
+ ret = -1;
+ boff = offset & 0xFF; /* why this here ?? */
+
+ if (pfl->width == 2)
+ boff = boff >> 1;
+ else if (pfl->width == 4)
+ boff = boff >> 2;
+
+#if 0
+ DPRINTF("%s: reading offset " TARGET_FMT_plx " under cmd %02x width %d\n",
+ __func__, offset, pfl->cmd, width);
+#endif
+ switch (pfl->cmd) {
+ default:
+ /* This should never happen : reset state & treat it as a read */
+ DPRINTF("%s: unknown command state: %x\n", __func__, pfl->cmd);
+ pfl->wcycle = 0;
+ pfl->cmd = 0;
+ /* fall through to read code */
+ case 0x00:
+ /* Flash area read */
+ p = pfl->storage;
+ switch (width) {
+ case 1:
+ ret = p[offset];
+ DPRINTF("%s: data offset " TARGET_FMT_plx " %02x\n",
+ __func__, offset, ret);
+ break;
+ case 2:
+ if (be) {
+ ret = p[offset] << 8;
+ ret |= p[offset + 1];
+ } else {
+ ret = p[offset];
+ ret |= p[offset + 1] << 8;
+ }
+ DPRINTF("%s: data offset " TARGET_FMT_plx " %04x\n",
+ __func__, offset, ret);
+ break;
+ case 4:
+ if (be) {
+ ret = p[offset] << 24;
+ ret |= p[offset + 1] << 16;
+ ret |= p[offset + 2] << 8;
+ ret |= p[offset + 3];
+ } else {
+ ret = p[offset];
+ ret |= p[offset + 1] << 8;
+ ret |= p[offset + 2] << 16;
+ ret |= p[offset + 3] << 24;
+ }
+ DPRINTF("%s: data offset " TARGET_FMT_plx " %08x\n",
+ __func__, offset, ret);
+ break;
+ default:
+ DPRINTF("BUG in %s\n", __func__);
+ }
+
+ break;
+ case 0x10: /* Single byte program */
+ case 0x20: /* Block erase */
+ case 0x28: /* Block erase */
+ case 0x40: /* single byte program */
+ case 0x50: /* Clear status register */
+ case 0x60: /* Block /un)lock */
+ case 0x70: /* Status Register */
+ case 0xe8: /* Write block */
+ /* Status register read */
+ ret = pfl->status;
+ if (width > 2) {
+ ret |= pfl->status << 16;
+ }
+ DPRINTF("%s: status %x\n", __func__, ret);
+ break;
+ case 0x90:
+ switch (boff) {
+ case 0:
+ ret = pfl->ident0 << 8 | pfl->ident1;
+ DPRINTF("%s: Manufacturer Code %04x\n", __func__, ret);
+ break;
+ case 1:
+ ret = pfl->ident2 << 8 | pfl->ident3;
+ DPRINTF("%s: Device ID Code %04x\n", __func__, ret);
+ break;
+ default:
+ DPRINTF("%s: Read Device Information boff=%x\n", __func__,
+ (unsigned)boff);
+ ret = 0;
+ break;
+ }
+ break;
+ case 0x98: /* Query mode */
+ if (boff > pfl->cfi_len)
+ ret = 0;
+ else
+ ret = pfl->cfi_table[boff];
+ break;
+ }
+ return ret;
+}
+
+/* update flash content on disk */
+static void pflash_update(pflash_t *pfl, int offset,
+ int size)
+{
+ int offset_end;
+ if (pfl->bs) {
+ offset_end = offset + size;
+ /* round to sectors */
+ offset = offset >> 9;
+ offset_end = (offset_end + 511) >> 9;
+ bdrv_write(pfl->bs, offset, pfl->storage + (offset << 9),
+ offset_end - offset);
+ }
+}
+
+static inline void pflash_data_write(pflash_t *pfl, hwaddr offset,
+ uint32_t value, int width, int be)
+{
+ uint8_t *p = pfl->storage;
+
+ DPRINTF("%s: block write offset " TARGET_FMT_plx
+ " value %x counter %016" PRIx64 "\n",
+ __func__, offset, value, pfl->counter);
+ switch (width) {
+ case 1:
+ p[offset] = value;
+ break;
+ case 2:
+ if (be) {
+ p[offset] = value >> 8;
+ p[offset + 1] = value;
+ } else {
+ p[offset] = value;
+ p[offset + 1] = value >> 8;
+ }
+ break;
+ case 4:
+ if (be) {
+ p[offset] = value >> 24;
+ p[offset + 1] = value >> 16;
+ p[offset + 2] = value >> 8;
+ p[offset + 3] = value;
+ } else {
+ p[offset] = value;
+ p[offset + 1] = value >> 8;
+ p[offset + 2] = value >> 16;
+ p[offset + 3] = value >> 24;
+ }
+ break;
+ }
+
+}
+
+static void pflash_write(pflash_t *pfl, hwaddr offset,
+ uint32_t value, int width, int be)
+{
+ uint8_t *p;
+ uint8_t cmd;
+
+ cmd = value;
+
+ DPRINTF("%s: writing offset " TARGET_FMT_plx " value %08x width %d wcycle 0x%x\n",
+ __func__, offset, value, width, pfl->wcycle);
+
+ if (!pfl->wcycle) {
+ /* Set the device in I/O access mode */
+ memory_region_rom_device_set_romd(&pfl->mem, false);
+ }
+
+ switch (pfl->wcycle) {
+ case 0:
+ /* read mode */
+ switch (cmd) {
+ case 0x00: /* ??? */
+ goto reset_flash;
+ case 0x10: /* Single Byte Program */
+ case 0x40: /* Single Byte Program */
+ DPRINTF("%s: Single Byte Program\n", __func__);
+ break;
+ case 0x20: /* Block erase */
+ p = pfl->storage;
+ offset &= ~(pfl->sector_len - 1);
+
+ DPRINTF("%s: block erase at " TARGET_FMT_plx " bytes %x\n",
+ __func__, offset, (unsigned)pfl->sector_len);
+
+ if (!pfl->ro) {
+ memset(p + offset, 0xff, pfl->sector_len);
+ pflash_update(pfl, offset, pfl->sector_len);
+ } else {
+ pfl->status |= 0x20; /* Block erase error */
+ }
+ pfl->status |= 0x80; /* Ready! */
+ break;
+ case 0x50: /* Clear status bits */
+ DPRINTF("%s: Clear status bits\n", __func__);
+ pfl->status = 0x0;
+ goto reset_flash;
+ case 0x60: /* Block (un)lock */
+ DPRINTF("%s: Block unlock\n", __func__);
+ break;
+ case 0x70: /* Status Register */
+ DPRINTF("%s: Read status register\n", __func__);
+ pfl->cmd = cmd;
+ return;
+ case 0x90: /* Read Device ID */
+ DPRINTF("%s: Read Device information\n", __func__);
+ pfl->cmd = cmd;
+ return;
+ case 0x98: /* CFI query */
+ DPRINTF("%s: CFI query\n", __func__);
+ break;
+ case 0xe8: /* Write to buffer */
+ DPRINTF("%s: Write to buffer\n", __func__);
+ pfl->status |= 0x80; /* Ready! */
+ break;
+ case 0xf0: /* Probe for AMD flash */
+ DPRINTF("%s: Probe for AMD flash\n", __func__);
+ goto reset_flash;
+ case 0xff: /* Read array mode */
+ DPRINTF("%s: Read array mode\n", __func__);
+ goto reset_flash;
+ default:
+ goto error_flash;
+ }
+ pfl->wcycle++;
+ pfl->cmd = cmd;
+ break;
+ case 1:
+ switch (pfl->cmd) {
+ case 0x10: /* Single Byte Program */
+ case 0x40: /* Single Byte Program */
+ DPRINTF("%s: Single Byte Program\n", __func__);
+ if (!pfl->ro) {
+ pflash_data_write(pfl, offset, value, width, be);
+ pflash_update(pfl, offset, width);
+ } else {
+ pfl->status |= 0x10; /* Programming error */
+ }
+ pfl->status |= 0x80; /* Ready! */
+ pfl->wcycle = 0;
+ break;
+ case 0x20: /* Block erase */
+ case 0x28:
+ if (cmd == 0xd0) { /* confirm */
+ pfl->wcycle = 0;
+ pfl->status |= 0x80;
+ } else if (cmd == 0xff) { /* read array mode */
+ goto reset_flash;
+ } else
+ goto error_flash;
+
+ break;
+ case 0xe8:
+ DPRINTF("%s: block write of %x bytes\n", __func__, value);
+ pfl->counter = value;
+ pfl->wcycle++;
+ break;
+ case 0x60:
+ if (cmd == 0xd0) {
+ pfl->wcycle = 0;
+ pfl->status |= 0x80;
+ } else if (cmd == 0x01) {
+ pfl->wcycle = 0;
+ pfl->status |= 0x80;
+ } else if (cmd == 0xff) {
+ goto reset_flash;
+ } else {
+ DPRINTF("%s: Unknown (un)locking command\n", __func__);
+ goto reset_flash;
+ }
+ break;
+ case 0x98:
+ if (cmd == 0xff) {
+ goto reset_flash;
+ } else {
+ DPRINTF("%s: leaving query mode\n", __func__);
+ }
+ break;
+ default:
+ goto error_flash;
+ }
+ break;
+ case 2:
+ switch (pfl->cmd) {
+ case 0xe8: /* Block write */
+ if (!pfl->ro) {
+ pflash_data_write(pfl, offset, value, width, be);
+ } else {
+ pfl->status |= 0x10; /* Programming error */
+ }
+
+ pfl->status |= 0x80;
+
+ if (!pfl->counter) {
+ hwaddr mask = pfl->writeblock_size - 1;
+ mask = ~mask;
+
+ DPRINTF("%s: block write finished\n", __func__);
+ pfl->wcycle++;
+ if (!pfl->ro) {
+ /* Flush the entire write buffer onto backing storage. */
+ pflash_update(pfl, offset & mask, pfl->writeblock_size);
+ } else {
+ pfl->status |= 0x10; /* Programming error */
+ }
+ }
+
+ pfl->counter--;
+ break;
+ default:
+ goto error_flash;
+ }
+ break;
+ case 3: /* Confirm mode */
+ switch (pfl->cmd) {
+ case 0xe8: /* Block write */
+ if (cmd == 0xd0) {
+ pfl->wcycle = 0;
+ pfl->status |= 0x80;
+ } else {
+ DPRINTF("%s: unknown command for \"write block\"\n", __func__);
+ PFLASH_BUG("Write block confirm");
+ goto reset_flash;
+ }
+ break;
+ default:
+ goto error_flash;
+ }
+ break;
+ default:
+ /* Should never happen */
+ DPRINTF("%s: invalid write state\n", __func__);
+ goto reset_flash;
+ }
+ return;
+
+ error_flash:
+ qemu_log_mask(LOG_UNIMP, "%s: Unimplemented flash cmd sequence "
+ "(offset " TARGET_FMT_plx ", wcycle 0x%x cmd 0x%x value 0x%x)"
+ "\n", __func__, offset, pfl->wcycle, pfl->cmd, value);
+
+ reset_flash:
+ memory_region_rom_device_set_romd(&pfl->mem, true);
+
+ pfl->wcycle = 0;
+ pfl->cmd = 0;
+}
+
+
+static uint32_t pflash_readb_be(void *opaque, hwaddr addr)
+{
+ return pflash_read(opaque, addr, 1, 1);
+}
+
+static uint32_t pflash_readb_le(void *opaque, hwaddr addr)
+{
+ return pflash_read(opaque, addr, 1, 0);
+}
+
+static uint32_t pflash_readw_be(void *opaque, hwaddr addr)
+{
+ pflash_t *pfl = opaque;
+
+ return pflash_read(pfl, addr, 2, 1);
+}
+
+static uint32_t pflash_readw_le(void *opaque, hwaddr addr)
+{
+ pflash_t *pfl = opaque;
+
+ return pflash_read(pfl, addr, 2, 0);
+}
+
+static uint32_t pflash_readl_be(void *opaque, hwaddr addr)
+{
+ pflash_t *pfl = opaque;
+
+ return pflash_read(pfl, addr, 4, 1);
+}
+
+static uint32_t pflash_readl_le(void *opaque, hwaddr addr)
+{
+ pflash_t *pfl = opaque;
+
+ return pflash_read(pfl, addr, 4, 0);
+}
+
+static void pflash_writeb_be(void *opaque, hwaddr addr,
+ uint32_t value)
+{
+ pflash_write(opaque, addr, value, 1, 1);
+}
+
+static void pflash_writeb_le(void *opaque, hwaddr addr,
+ uint32_t value)
+{
+ pflash_write(opaque, addr, value, 1, 0);
+}
+
+static void pflash_writew_be(void *opaque, hwaddr addr,
+ uint32_t value)
+{
+ pflash_t *pfl = opaque;
+
+ pflash_write(pfl, addr, value, 2, 1);
+}
+
+static void pflash_writew_le(void *opaque, hwaddr addr,
+ uint32_t value)
+{
+ pflash_t *pfl = opaque;
+
+ pflash_write(pfl, addr, value, 2, 0);
+}
+
+static void pflash_writel_be(void *opaque, hwaddr addr,
+ uint32_t value)
+{
+ pflash_t *pfl = opaque;
+
+ pflash_write(pfl, addr, value, 4, 1);
+}
+
+static void pflash_writel_le(void *opaque, hwaddr addr,
+ uint32_t value)
+{
+ pflash_t *pfl = opaque;
+
+ pflash_write(pfl, addr, value, 4, 0);
+}
+
+static const MemoryRegionOps pflash_cfi01_ops_be = {
+ .old_mmio = {
+ .read = { pflash_readb_be, pflash_readw_be, pflash_readl_be, },
+ .write = { pflash_writeb_be, pflash_writew_be, pflash_writel_be, },
+ },
+ .endianness = DEVICE_NATIVE_ENDIAN,
+};
+
+static const MemoryRegionOps pflash_cfi01_ops_le = {
+ .old_mmio = {
+ .read = { pflash_readb_le, pflash_readw_le, pflash_readl_le, },
+ .write = { pflash_writeb_le, pflash_writew_le, pflash_writel_le, },
+ },
+ .endianness = DEVICE_NATIVE_ENDIAN,
+};
+
+static void pflash_cfi01_realize(DeviceState *dev, Error **errp)
+{
+ pflash_t *pfl = CFI_PFLASH01(dev);
+ uint64_t total_len;
+ int ret;
+
+ total_len = pfl->sector_len * pfl->nb_blocs;
+
+ /* XXX: to be fixed */
+#if 0
+ if (total_len != (8 * 1024 * 1024) && total_len != (16 * 1024 * 1024) &&
+ total_len != (32 * 1024 * 1024) && total_len != (64 * 1024 * 1024))
+ return NULL;
+#endif
+
+ memory_region_init_rom_device(
+ &pfl->mem, OBJECT(dev),
+ pfl->be ? &pflash_cfi01_ops_be : &pflash_cfi01_ops_le, pfl,
+ pfl->name, total_len);
+ vmstate_register_ram(&pfl->mem, DEVICE(pfl));
+ pfl->storage = memory_region_get_ram_ptr(&pfl->mem);
+ sysbus_init_mmio(SYS_BUS_DEVICE(dev), &pfl->mem);
+
+ if (pfl->bs) {
+ /* read the initial flash content */
+ ret = bdrv_read(pfl->bs, 0, pfl->storage, total_len >> 9);
+
+ if (ret < 0) {
+ vmstate_unregister_ram(&pfl->mem, DEVICE(pfl));
+ memory_region_destroy(&pfl->mem);
+ error_setg(errp, "failed to read the initial flash content");
+ return;
+ }
+ }
+
+ if (pfl->bs) {
+ pfl->ro = bdrv_is_read_only(pfl->bs);
+ } else {
+ pfl->ro = 0;
+ }
+
+ pfl->timer = qemu_new_timer_ns(vm_clock, pflash_timer, pfl);
+ pfl->wcycle = 0;
+ pfl->cmd = 0;
+ pfl->status = 0;
+ /* Hardcoded CFI table */
+ pfl->cfi_len = 0x52;
+ /* Standard "QRY" string */
+ pfl->cfi_table[0x10] = 'Q';
+ pfl->cfi_table[0x11] = 'R';
+ pfl->cfi_table[0x12] = 'Y';
+ /* Command set (Intel) */
+ pfl->cfi_table[0x13] = 0x01;
+ pfl->cfi_table[0x14] = 0x00;
+ /* Primary extended table address (none) */
+ pfl->cfi_table[0x15] = 0x31;
+ pfl->cfi_table[0x16] = 0x00;
+ /* Alternate command set (none) */
+ pfl->cfi_table[0x17] = 0x00;
+ pfl->cfi_table[0x18] = 0x00;
+ /* Alternate extended table (none) */
+ pfl->cfi_table[0x19] = 0x00;
+ pfl->cfi_table[0x1A] = 0x00;
+ /* Vcc min */
+ pfl->cfi_table[0x1B] = 0x45;
+ /* Vcc max */
+ pfl->cfi_table[0x1C] = 0x55;
+ /* Vpp min (no Vpp pin) */
+ pfl->cfi_table[0x1D] = 0x00;
+ /* Vpp max (no Vpp pin) */
+ pfl->cfi_table[0x1E] = 0x00;
+ /* Reserved */
+ pfl->cfi_table[0x1F] = 0x07;
+ /* Timeout for min size buffer write */
+ pfl->cfi_table[0x20] = 0x07;
+ /* Typical timeout for block erase */
+ pfl->cfi_table[0x21] = 0x0a;
+ /* Typical timeout for full chip erase (4096 ms) */
+ pfl->cfi_table[0x22] = 0x00;
+ /* Reserved */
+ pfl->cfi_table[0x23] = 0x04;
+ /* Max timeout for buffer write */
+ pfl->cfi_table[0x24] = 0x04;
+ /* Max timeout for block erase */
+ pfl->cfi_table[0x25] = 0x04;
+ /* Max timeout for chip erase */
+ pfl->cfi_table[0x26] = 0x00;
+ /* Device size */
+ pfl->cfi_table[0x27] = ctz32(total_len); // + 1;
+ /* Flash device interface (8 & 16 bits) */
+ pfl->cfi_table[0x28] = 0x02;
+ pfl->cfi_table[0x29] = 0x00;
+ /* Max number of bytes in multi-bytes write */
+ if (pfl->width == 1) {
+ pfl->cfi_table[0x2A] = 0x08;
+ } else {
+ pfl->cfi_table[0x2A] = 0x0B;
+ }
+ pfl->writeblock_size = 1 << pfl->cfi_table[0x2A];
+
+ pfl->cfi_table[0x2B] = 0x00;
+ /* Number of erase block regions (uniform) */
+ pfl->cfi_table[0x2C] = 0x01;
+ /* Erase block region 1 */
+ pfl->cfi_table[0x2D] = pfl->nb_blocs - 1;
+ pfl->cfi_table[0x2E] = (pfl->nb_blocs - 1) >> 8;
+ pfl->cfi_table[0x2F] = pfl->sector_len >> 8;
+ pfl->cfi_table[0x30] = pfl->sector_len >> 16;
+
+ /* Extended */
+ pfl->cfi_table[0x31] = 'P';
+ pfl->cfi_table[0x32] = 'R';
+ pfl->cfi_table[0x33] = 'I';
+
+ pfl->cfi_table[0x34] = '1';
+ pfl->cfi_table[0x35] = '0';
+
+ pfl->cfi_table[0x36] = 0x00;
+ pfl->cfi_table[0x37] = 0x00;
+ pfl->cfi_table[0x38] = 0x00;
+ pfl->cfi_table[0x39] = 0x00;
+
+ pfl->cfi_table[0x3a] = 0x00;
+
+ pfl->cfi_table[0x3b] = 0x00;
+ pfl->cfi_table[0x3c] = 0x00;
+
+ pfl->cfi_table[0x3f] = 0x01; /* Number of protection fields */
+}
+
+static Property pflash_cfi01_properties[] = {
+ DEFINE_PROP_DRIVE("drive", struct pflash_t, bs),
+ DEFINE_PROP_UINT32("num-blocks", struct pflash_t, nb_blocs, 0),
+ DEFINE_PROP_UINT64("sector-length", struct pflash_t, sector_len, 0),
+ DEFINE_PROP_UINT8("width", struct pflash_t, width, 0),
+ DEFINE_PROP_UINT8("big-endian", struct pflash_t, be, 0),
+ DEFINE_PROP_UINT16("id0", struct pflash_t, ident0, 0),
+ DEFINE_PROP_UINT16("id1", struct pflash_t, ident1, 0),
+ DEFINE_PROP_UINT16("id2", struct pflash_t, ident2, 0),
+ DEFINE_PROP_UINT16("id3", struct pflash_t, ident3, 0),
+ DEFINE_PROP_STRING("name", struct pflash_t, name),
+ DEFINE_PROP_END_OF_LIST(),
+};
+
+static void pflash_cfi01_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+
+ dc->realize = pflash_cfi01_realize;
+ dc->props = pflash_cfi01_properties;
+ dc->vmsd = &vmstate_pflash;
+ set_bit(DEVICE_CATEGORY_STORAGE, dc->categories);
+}
+
+
+static const TypeInfo pflash_cfi01_info = {
+ .name = TYPE_CFI_PFLASH01,
+ .parent = TYPE_SYS_BUS_DEVICE,
+ .instance_size = sizeof(struct pflash_t),
+ .class_init = pflash_cfi01_class_init,
+};
+
+static void pflash_cfi01_register_types(void)
+{
+ type_register_static(&pflash_cfi01_info);
+}
+
+type_init(pflash_cfi01_register_types)
+
+pflash_t *pflash_cfi01_register(hwaddr base,
+ DeviceState *qdev, const char *name,
+ hwaddr size,
+ BlockDriverState *bs,
+ uint32_t sector_len, int nb_blocs, int width,
+ uint16_t id0, uint16_t id1,
+ uint16_t id2, uint16_t id3, int be)
+{
+ DeviceState *dev = qdev_create(NULL, TYPE_CFI_PFLASH01);
+
+ if (bs && qdev_prop_set_drive(dev, "drive", bs)) {
+ abort();
+ }
+ qdev_prop_set_uint32(dev, "num-blocks", nb_blocs);
+ qdev_prop_set_uint64(dev, "sector-length", sector_len);
+ qdev_prop_set_uint8(dev, "width", width);
+ qdev_prop_set_uint8(dev, "big-endian", !!be);
+ qdev_prop_set_uint16(dev, "id0", id0);
+ qdev_prop_set_uint16(dev, "id1", id1);
+ qdev_prop_set_uint16(dev, "id2", id2);
+ qdev_prop_set_uint16(dev, "id3", id3);
+ qdev_prop_set_string(dev, "name", name);
+ qdev_init_nofail(dev);
+
+ sysbus_mmio_map(SYS_BUS_DEVICE(dev), 0, base);
+ return CFI_PFLASH01(dev);
+}
+
+MemoryRegion *pflash_cfi01_get_memory(pflash_t *fl)
+{
+ return &fl->mem;
+}
diff --git a/hw/block/pflash_cfi02.c b/hw/block/pflash_cfi02.c
new file mode 100644
index 000000000..9fc02e3d6
--- /dev/null
+++ b/hw/block/pflash_cfi02.c
@@ -0,0 +1,789 @@
+/*
+ * CFI parallel flash with AMD command set emulation
+ *
+ * Copyright (c) 2005 Jocelyn Mayer
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+/*
+ * For now, this code can emulate flashes of 1, 2 or 4 bytes width.
+ * Supported commands/modes are:
+ * - flash read
+ * - flash write
+ * - flash ID read
+ * - sector erase
+ * - chip erase
+ * - unlock bypass command
+ * - CFI queries
+ *
+ * It does not support flash interleaving.
+ * It does not implement boot blocs with reduced size
+ * It does not implement software data protection as found in many real chips
+ * It does not implement erase suspend/resume commands
+ * It does not implement multiple sectors erase
+ */
+
+#include "hw/hw.h"
+#include "hw/block/flash.h"
+#include "qemu/timer.h"
+#include "block/block.h"
+#include "exec/address-spaces.h"
+#include "qemu/host-utils.h"
+#include "hw/sysbus.h"
+
+//#define PFLASH_DEBUG
+#ifdef PFLASH_DEBUG
+#define DPRINTF(fmt, ...) \
+do { \
+ fprintf(stderr "PFLASH: " fmt , ## __VA_ARGS__); \
+} while (0)
+#else
+#define DPRINTF(fmt, ...) do { } while (0)
+#endif
+
+#define PFLASH_LAZY_ROMD_THRESHOLD 42
+
+#define TYPE_CFI_PFLASH02 "cfi.pflash02"
+#define CFI_PFLASH02(obj) OBJECT_CHECK(pflash_t, (obj), TYPE_CFI_PFLASH02)
+
+struct pflash_t {
+ /*< private >*/
+ SysBusDevice parent_obj;
+ /*< public >*/
+
+ BlockDriverState *bs;
+ uint32_t sector_len;
+ uint32_t nb_blocs;
+ uint32_t chip_len;
+ uint8_t mappings;
+ uint8_t width;
+ uint8_t be;
+ int wcycle; /* if 0, the flash is read normally */
+ int bypass;
+ int ro;
+ uint8_t cmd;
+ uint8_t status;
+ /* FIXME: implement array device properties */
+ uint16_t ident0;
+ uint16_t ident1;
+ uint16_t ident2;
+ uint16_t ident3;
+ uint16_t unlock_addr0;
+ uint16_t unlock_addr1;
+ uint8_t cfi_len;
+ uint8_t cfi_table[0x52];
+ QEMUTimer *timer;
+ /* The device replicates the flash memory across its memory space. Emulate
+ * that by having a container (.mem) filled with an array of aliases
+ * (.mem_mappings) pointing to the flash memory (.orig_mem).
+ */
+ MemoryRegion mem;
+ MemoryRegion *mem_mappings; /* array; one per mapping */
+ MemoryRegion orig_mem;
+ int rom_mode;
+ int read_counter; /* used for lazy switch-back to rom mode */
+ char *name;
+ void *storage;
+};
+
+/*
+ * Set up replicated mappings of the same region.
+ */
+static void pflash_setup_mappings(pflash_t *pfl)
+{
+ unsigned i;
+ hwaddr size = memory_region_size(&pfl->orig_mem);
+
+ memory_region_init(&pfl->mem, OBJECT(pfl), "pflash", pfl->mappings * size);
+ pfl->mem_mappings = g_new(MemoryRegion, pfl->mappings);
+ for (i = 0; i < pfl->mappings; ++i) {
+ memory_region_init_alias(&pfl->mem_mappings[i], OBJECT(pfl),
+ "pflash-alias", &pfl->orig_mem, 0, size);
+ memory_region_add_subregion(&pfl->mem, i * size, &pfl->mem_mappings[i]);
+ }
+}
+
+static void pflash_register_memory(pflash_t *pfl, int rom_mode)
+{
+ memory_region_rom_device_set_romd(&pfl->orig_mem, rom_mode);
+ pfl->rom_mode = rom_mode;
+}
+
+static void pflash_timer (void *opaque)
+{
+ pflash_t *pfl = opaque;
+
+ DPRINTF("%s: command %02x done\n", __func__, pfl->cmd);
+ /* Reset flash */
+ pfl->status ^= 0x80;
+ if (pfl->bypass) {
+ pfl->wcycle = 2;
+ } else {
+ pflash_register_memory(pfl, 1);
+ pfl->wcycle = 0;
+ }
+ pfl->cmd = 0;
+}
+
+static uint32_t pflash_read (pflash_t *pfl, hwaddr offset,
+ int width, int be)
+{
+ hwaddr boff;
+ uint32_t ret;
+ uint8_t *p;
+
+ DPRINTF("%s: offset " TARGET_FMT_plx "\n", __func__, offset);
+ ret = -1;
+ /* Lazy reset to ROMD mode after a certain amount of read accesses */
+ if (!pfl->rom_mode && pfl->wcycle == 0 &&
+ ++pfl->read_counter > PFLASH_LAZY_ROMD_THRESHOLD) {
+ pflash_register_memory(pfl, 1);
+ }
+ offset &= pfl->chip_len - 1;
+ boff = offset & 0xFF;
+ if (pfl->width == 2)
+ boff = boff >> 1;
+ else if (pfl->width == 4)
+ boff = boff >> 2;
+ switch (pfl->cmd) {
+ default:
+ /* This should never happen : reset state & treat it as a read*/
+ DPRINTF("%s: unknown command state: %x\n", __func__, pfl->cmd);
+ pfl->wcycle = 0;
+ pfl->cmd = 0;
+ /* fall through to the read code */
+ case 0x80:
+ /* We accept reads during second unlock sequence... */
+ case 0x00:
+ flash_read:
+ /* Flash area read */
+ p = pfl->storage;
+ switch (width) {
+ case 1:
+ ret = p[offset];
+// DPRINTF("%s: data offset %08x %02x\n", __func__, offset, ret);
+ break;
+ case 2:
+ if (be) {
+ ret = p[offset] << 8;
+ ret |= p[offset + 1];
+ } else {
+ ret = p[offset];
+ ret |= p[offset + 1] << 8;
+ }
+// DPRINTF("%s: data offset %08x %04x\n", __func__, offset, ret);
+ break;
+ case 4:
+ if (be) {
+ ret = p[offset] << 24;
+ ret |= p[offset + 1] << 16;
+ ret |= p[offset + 2] << 8;
+ ret |= p[offset + 3];
+ } else {
+ ret = p[offset];
+ ret |= p[offset + 1] << 8;
+ ret |= p[offset + 2] << 16;
+ ret |= p[offset + 3] << 24;
+ }
+// DPRINTF("%s: data offset %08x %08x\n", __func__, offset, ret);
+ break;
+ }
+ break;
+ case 0x90:
+ /* flash ID read */
+ switch (boff) {
+ case 0x00:
+ case 0x01:
+ ret = boff & 0x01 ? pfl->ident1 : pfl->ident0;
+ break;
+ case 0x02:
+ ret = 0x00; /* Pretend all sectors are unprotected */
+ break;
+ case 0x0E:
+ case 0x0F:
+ ret = boff & 0x01 ? pfl->ident3 : pfl->ident2;
+ if (ret == (uint8_t)-1) {
+ goto flash_read;
+ }
+ break;
+ default:
+ goto flash_read;
+ }
+ DPRINTF("%s: ID " TARGET_FMT_plx " %x\n", __func__, boff, ret);
+ break;
+ case 0xA0:
+ case 0x10:
+ case 0x30:
+ /* Status register read */
+ ret = pfl->status;
+ DPRINTF("%s: status %x\n", __func__, ret);
+ /* Toggle bit 6 */
+ pfl->status ^= 0x40;
+ break;
+ case 0x98:
+ /* CFI query mode */
+ if (boff > pfl->cfi_len)
+ ret = 0;
+ else
+ ret = pfl->cfi_table[boff];
+ break;
+ }
+
+ return ret;
+}
+
+/* update flash content on disk */
+static void pflash_update(pflash_t *pfl, int offset,
+ int size)
+{
+ int offset_end;
+ if (pfl->bs) {
+ offset_end = offset + size;
+ /* round to sectors */
+ offset = offset >> 9;
+ offset_end = (offset_end + 511) >> 9;
+ bdrv_write(pfl->bs, offset, pfl->storage + (offset << 9),
+ offset_end - offset);
+ }
+}
+
+static void pflash_write (pflash_t *pfl, hwaddr offset,
+ uint32_t value, int width, int be)
+{
+ hwaddr boff;
+ uint8_t *p;
+ uint8_t cmd;
+
+ cmd = value;
+ if (pfl->cmd != 0xA0 && cmd == 0xF0) {
+#if 0
+ DPRINTF("%s: flash reset asked (%02x %02x)\n",
+ __func__, pfl->cmd, cmd);
+#endif
+ goto reset_flash;
+ }
+ DPRINTF("%s: offset " TARGET_FMT_plx " %08x %d %d\n", __func__,
+ offset, value, width, pfl->wcycle);
+ offset &= pfl->chip_len - 1;
+
+ DPRINTF("%s: offset " TARGET_FMT_plx " %08x %d\n", __func__,
+ offset, value, width);
+ boff = offset & (pfl->sector_len - 1);
+ if (pfl->width == 2)
+ boff = boff >> 1;
+ else if (pfl->width == 4)
+ boff = boff >> 2;
+ switch (pfl->wcycle) {
+ case 0:
+ /* Set the device in I/O access mode if required */
+ if (pfl->rom_mode)
+ pflash_register_memory(pfl, 0);
+ pfl->read_counter = 0;
+ /* We're in read mode */
+ check_unlock0:
+ if (boff == 0x55 && cmd == 0x98) {
+ enter_CFI_mode:
+ /* Enter CFI query mode */
+ pfl->wcycle = 7;
+ pfl->cmd = 0x98;
+ return;
+ }
+ if (boff != pfl->unlock_addr0 || cmd != 0xAA) {
+ DPRINTF("%s: unlock0 failed " TARGET_FMT_plx " %02x %04x\n",
+ __func__, boff, cmd, pfl->unlock_addr0);
+ goto reset_flash;
+ }
+ DPRINTF("%s: unlock sequence started\n", __func__);
+ break;
+ case 1:
+ /* We started an unlock sequence */
+ check_unlock1:
+ if (boff != pfl->unlock_addr1 || cmd != 0x55) {
+ DPRINTF("%s: unlock1 failed " TARGET_FMT_plx " %02x\n", __func__,
+ boff, cmd);
+ goto reset_flash;
+ }
+ DPRINTF("%s: unlock sequence done\n", __func__);
+ break;
+ case 2:
+ /* We finished an unlock sequence */
+ if (!pfl->bypass && boff != pfl->unlock_addr0) {
+ DPRINTF("%s: command failed " TARGET_FMT_plx " %02x\n", __func__,
+ boff, cmd);
+ goto reset_flash;
+ }
+ switch (cmd) {
+ case 0x20:
+ pfl->bypass = 1;
+ goto do_bypass;
+ case 0x80:
+ case 0x90:
+ case 0xA0:
+ pfl->cmd = cmd;
+ DPRINTF("%s: starting command %02x\n", __func__, cmd);
+ break;
+ default:
+ DPRINTF("%s: unknown command %02x\n", __func__, cmd);
+ goto reset_flash;
+ }
+ break;
+ case 3:
+ switch (pfl->cmd) {
+ case 0x80:
+ /* We need another unlock sequence */
+ goto check_unlock0;
+ case 0xA0:
+ DPRINTF("%s: write data offset " TARGET_FMT_plx " %08x %d\n",
+ __func__, offset, value, width);
+ p = pfl->storage;
+ if (!pfl->ro) {
+ switch (width) {
+ case 1:
+ p[offset] &= value;
+ pflash_update(pfl, offset, 1);
+ break;
+ case 2:
+ if (be) {
+ p[offset] &= value >> 8;
+ p[offset + 1] &= value;
+ } else {
+ p[offset] &= value;
+ p[offset + 1] &= value >> 8;
+ }
+ pflash_update(pfl, offset, 2);
+ break;
+ case 4:
+ if (be) {
+ p[offset] &= value >> 24;
+ p[offset + 1] &= value >> 16;
+ p[offset + 2] &= value >> 8;
+ p[offset + 3] &= value;
+ } else {
+ p[offset] &= value;
+ p[offset + 1] &= value >> 8;
+ p[offset + 2] &= value >> 16;
+ p[offset + 3] &= value >> 24;
+ }
+ pflash_update(pfl, offset, 4);
+ break;
+ }
+ }
+ pfl->status = 0x00 | ~(value & 0x80);
+ /* Let's pretend write is immediate */
+ if (pfl->bypass)
+ goto do_bypass;
+ goto reset_flash;
+ case 0x90:
+ if (pfl->bypass && cmd == 0x00) {
+ /* Unlock bypass reset */
+ goto reset_flash;
+ }
+ /* We can enter CFI query mode from autoselect mode */
+ if (boff == 0x55 && cmd == 0x98)
+ goto enter_CFI_mode;
+ /* No break here */
+ default:
+ DPRINTF("%s: invalid write for command %02x\n",
+ __func__, pfl->cmd);
+ goto reset_flash;
+ }
+ case 4:
+ switch (pfl->cmd) {
+ case 0xA0:
+ /* Ignore writes while flash data write is occurring */
+ /* As we suppose write is immediate, this should never happen */
+ return;
+ case 0x80:
+ goto check_unlock1;
+ default:
+ /* Should never happen */
+ DPRINTF("%s: invalid command state %02x (wc 4)\n",
+ __func__, pfl->cmd);
+ goto reset_flash;
+ }
+ break;
+ case 5:
+ switch (cmd) {
+ case 0x10:
+ if (boff != pfl->unlock_addr0) {
+ DPRINTF("%s: chip erase: invalid address " TARGET_FMT_plx "\n",
+ __func__, offset);
+ goto reset_flash;
+ }
+ /* Chip erase */
+ DPRINTF("%s: start chip erase\n", __func__);
+ if (!pfl->ro) {
+ memset(pfl->storage, 0xFF, pfl->chip_len);
+ pflash_update(pfl, 0, pfl->chip_len);
+ }
+ pfl->status = 0x00;
+ /* Let's wait 5 seconds before chip erase is done */
+ qemu_mod_timer(pfl->timer,
+ qemu_get_clock_ns(vm_clock) + (get_ticks_per_sec() * 5));
+ break;
+ case 0x30:
+ /* Sector erase */
+ p = pfl->storage;
+ offset &= ~(pfl->sector_len - 1);
+ DPRINTF("%s: start sector erase at " TARGET_FMT_plx "\n", __func__,
+ offset);
+ if (!pfl->ro) {
+ memset(p + offset, 0xFF, pfl->sector_len);
+ pflash_update(pfl, offset, pfl->sector_len);
+ }
+ pfl->status = 0x00;
+ /* Let's wait 1/2 second before sector erase is done */
+ qemu_mod_timer(pfl->timer,
+ qemu_get_clock_ns(vm_clock) + (get_ticks_per_sec() / 2));
+ break;
+ default:
+ DPRINTF("%s: invalid command %02x (wc 5)\n", __func__, cmd);
+ goto reset_flash;
+ }
+ pfl->cmd = cmd;
+ break;
+ case 6:
+ switch (pfl->cmd) {
+ case 0x10:
+ /* Ignore writes during chip erase */
+ return;
+ case 0x30:
+ /* Ignore writes during sector erase */
+ return;
+ default:
+ /* Should never happen */
+ DPRINTF("%s: invalid command state %02x (wc 6)\n",
+ __func__, pfl->cmd);
+ goto reset_flash;
+ }
+ break;
+ case 7: /* Special value for CFI queries */
+ DPRINTF("%s: invalid write in CFI query mode\n", __func__);
+ goto reset_flash;
+ default:
+ /* Should never happen */
+ DPRINTF("%s: invalid write state (wc 7)\n", __func__);
+ goto reset_flash;
+ }
+ pfl->wcycle++;
+
+ return;
+
+ /* Reset flash */
+ reset_flash:
+ pfl->bypass = 0;
+ pfl->wcycle = 0;
+ pfl->cmd = 0;
+ return;
+
+ do_bypass:
+ pfl->wcycle = 2;
+ pfl->cmd = 0;
+}
+
+
+static uint32_t pflash_readb_be(void *opaque, hwaddr addr)
+{
+ return pflash_read(opaque, addr, 1, 1);
+}
+
+static uint32_t pflash_readb_le(void *opaque, hwaddr addr)
+{
+ return pflash_read(opaque, addr, 1, 0);
+}
+
+static uint32_t pflash_readw_be(void *opaque, hwaddr addr)
+{
+ pflash_t *pfl = opaque;
+
+ return pflash_read(pfl, addr, 2, 1);
+}
+
+static uint32_t pflash_readw_le(void *opaque, hwaddr addr)
+{
+ pflash_t *pfl = opaque;
+
+ return pflash_read(pfl, addr, 2, 0);
+}
+
+static uint32_t pflash_readl_be(void *opaque, hwaddr addr)
+{
+ pflash_t *pfl = opaque;
+
+ return pflash_read(pfl, addr, 4, 1);
+}
+
+static uint32_t pflash_readl_le(void *opaque, hwaddr addr)
+{
+ pflash_t *pfl = opaque;
+
+ return pflash_read(pfl, addr, 4, 0);
+}
+
+static void pflash_writeb_be(void *opaque, hwaddr addr,
+ uint32_t value)
+{
+ pflash_write(opaque, addr, value, 1, 1);
+}
+
+static void pflash_writeb_le(void *opaque, hwaddr addr,
+ uint32_t value)
+{
+ pflash_write(opaque, addr, value, 1, 0);
+}
+
+static void pflash_writew_be(void *opaque, hwaddr addr,
+ uint32_t value)
+{
+ pflash_t *pfl = opaque;
+
+ pflash_write(pfl, addr, value, 2, 1);
+}
+
+static void pflash_writew_le(void *opaque, hwaddr addr,
+ uint32_t value)
+{
+ pflash_t *pfl = opaque;
+
+ pflash_write(pfl, addr, value, 2, 0);
+}
+
+static void pflash_writel_be(void *opaque, hwaddr addr,
+ uint32_t value)
+{
+ pflash_t *pfl = opaque;
+
+ pflash_write(pfl, addr, value, 4, 1);
+}
+
+static void pflash_writel_le(void *opaque, hwaddr addr,
+ uint32_t value)
+{
+ pflash_t *pfl = opaque;
+
+ pflash_write(pfl, addr, value, 4, 0);
+}
+
+static const MemoryRegionOps pflash_cfi02_ops_be = {
+ .old_mmio = {
+ .read = { pflash_readb_be, pflash_readw_be, pflash_readl_be, },
+ .write = { pflash_writeb_be, pflash_writew_be, pflash_writel_be, },
+ },
+ .endianness = DEVICE_NATIVE_ENDIAN,
+};
+
+static const MemoryRegionOps pflash_cfi02_ops_le = {
+ .old_mmio = {
+ .read = { pflash_readb_le, pflash_readw_le, pflash_readl_le, },
+ .write = { pflash_writeb_le, pflash_writew_le, pflash_writel_le, },
+ },
+ .endianness = DEVICE_NATIVE_ENDIAN,
+};
+
+static void pflash_cfi02_realize(DeviceState *dev, Error **errp)
+{
+ pflash_t *pfl = CFI_PFLASH02(dev);
+ uint32_t chip_len;
+ int ret;
+
+ chip_len = pfl->sector_len * pfl->nb_blocs;
+ /* XXX: to be fixed */
+#if 0
+ if (total_len != (8 * 1024 * 1024) && total_len != (16 * 1024 * 1024) &&
+ total_len != (32 * 1024 * 1024) && total_len != (64 * 1024 * 1024))
+ return NULL;
+#endif
+
+ memory_region_init_rom_device(&pfl->orig_mem, OBJECT(pfl), pfl->be ?
+ &pflash_cfi02_ops_be : &pflash_cfi02_ops_le,
+ pfl, pfl->name, chip_len);
+ vmstate_register_ram(&pfl->orig_mem, DEVICE(pfl));
+ pfl->storage = memory_region_get_ram_ptr(&pfl->orig_mem);
+ pfl->chip_len = chip_len;
+ if (pfl->bs) {
+ /* read the initial flash content */
+ ret = bdrv_read(pfl->bs, 0, pfl->storage, chip_len >> 9);
+ if (ret < 0) {
+ vmstate_unregister_ram(&pfl->orig_mem, DEVICE(pfl));
+ memory_region_destroy(&pfl->orig_mem);
+ error_setg(errp, "failed to read the initial flash content");
+ return;
+ }
+ }
+
+ pflash_setup_mappings(pfl);
+ pfl->rom_mode = 1;
+ sysbus_init_mmio(SYS_BUS_DEVICE(dev), &pfl->mem);
+
+ if (pfl->bs) {
+ pfl->ro = bdrv_is_read_only(pfl->bs);
+ } else {
+ pfl->ro = 0;
+ }
+
+ pfl->timer = qemu_new_timer_ns(vm_clock, pflash_timer, pfl);
+ pfl->wcycle = 0;
+ pfl->cmd = 0;
+ pfl->status = 0;
+ /* Hardcoded CFI table (mostly from SG29 Spansion flash) */
+ pfl->cfi_len = 0x52;
+ /* Standard "QRY" string */
+ pfl->cfi_table[0x10] = 'Q';
+ pfl->cfi_table[0x11] = 'R';
+ pfl->cfi_table[0x12] = 'Y';
+ /* Command set (AMD/Fujitsu) */
+ pfl->cfi_table[0x13] = 0x02;
+ pfl->cfi_table[0x14] = 0x00;
+ /* Primary extended table address */
+ pfl->cfi_table[0x15] = 0x31;
+ pfl->cfi_table[0x16] = 0x00;
+ /* Alternate command set (none) */
+ pfl->cfi_table[0x17] = 0x00;
+ pfl->cfi_table[0x18] = 0x00;
+ /* Alternate extended table (none) */
+ pfl->cfi_table[0x19] = 0x00;
+ pfl->cfi_table[0x1A] = 0x00;
+ /* Vcc min */
+ pfl->cfi_table[0x1B] = 0x27;
+ /* Vcc max */
+ pfl->cfi_table[0x1C] = 0x36;
+ /* Vpp min (no Vpp pin) */
+ pfl->cfi_table[0x1D] = 0x00;
+ /* Vpp max (no Vpp pin) */
+ pfl->cfi_table[0x1E] = 0x00;
+ /* Reserved */
+ pfl->cfi_table[0x1F] = 0x07;
+ /* Timeout for min size buffer write (NA) */
+ pfl->cfi_table[0x20] = 0x00;
+ /* Typical timeout for block erase (512 ms) */
+ pfl->cfi_table[0x21] = 0x09;
+ /* Typical timeout for full chip erase (4096 ms) */
+ pfl->cfi_table[0x22] = 0x0C;
+ /* Reserved */
+ pfl->cfi_table[0x23] = 0x01;
+ /* Max timeout for buffer write (NA) */
+ pfl->cfi_table[0x24] = 0x00;
+ /* Max timeout for block erase */
+ pfl->cfi_table[0x25] = 0x0A;
+ /* Max timeout for chip erase */
+ pfl->cfi_table[0x26] = 0x0D;
+ /* Device size */
+ pfl->cfi_table[0x27] = ctz32(chip_len);
+ /* Flash device interface (8 & 16 bits) */
+ pfl->cfi_table[0x28] = 0x02;
+ pfl->cfi_table[0x29] = 0x00;
+ /* Max number of bytes in multi-bytes write */
+ /* XXX: disable buffered write as it's not supported */
+ // pfl->cfi_table[0x2A] = 0x05;
+ pfl->cfi_table[0x2A] = 0x00;
+ pfl->cfi_table[0x2B] = 0x00;
+ /* Number of erase block regions (uniform) */
+ pfl->cfi_table[0x2C] = 0x01;
+ /* Erase block region 1 */
+ pfl->cfi_table[0x2D] = pfl->nb_blocs - 1;
+ pfl->cfi_table[0x2E] = (pfl->nb_blocs - 1) >> 8;
+ pfl->cfi_table[0x2F] = pfl->sector_len >> 8;
+ pfl->cfi_table[0x30] = pfl->sector_len >> 16;
+
+ /* Extended */
+ pfl->cfi_table[0x31] = 'P';
+ pfl->cfi_table[0x32] = 'R';
+ pfl->cfi_table[0x33] = 'I';
+
+ pfl->cfi_table[0x34] = '1';
+ pfl->cfi_table[0x35] = '0';
+
+ pfl->cfi_table[0x36] = 0x00;
+ pfl->cfi_table[0x37] = 0x00;
+ pfl->cfi_table[0x38] = 0x00;
+ pfl->cfi_table[0x39] = 0x00;
+
+ pfl->cfi_table[0x3a] = 0x00;
+
+ pfl->cfi_table[0x3b] = 0x00;
+ pfl->cfi_table[0x3c] = 0x00;
+}
+
+static Property pflash_cfi02_properties[] = {
+ DEFINE_PROP_DRIVE("drive", struct pflash_t, bs),
+ DEFINE_PROP_UINT32("num-blocks", struct pflash_t, nb_blocs, 0),
+ DEFINE_PROP_UINT32("sector-length", struct pflash_t, sector_len, 0),
+ DEFINE_PROP_UINT8("width", struct pflash_t, width, 0),
+ DEFINE_PROP_UINT8("mappings", struct pflash_t, mappings, 0),
+ DEFINE_PROP_UINT8("big-endian", struct pflash_t, be, 0),
+ DEFINE_PROP_UINT16("id0", struct pflash_t, ident0, 0),
+ DEFINE_PROP_UINT16("id1", struct pflash_t, ident1, 0),
+ DEFINE_PROP_UINT16("id2", struct pflash_t, ident2, 0),
+ DEFINE_PROP_UINT16("id3", struct pflash_t, ident3, 0),
+ DEFINE_PROP_UINT16("unlock-addr0", struct pflash_t, unlock_addr0, 0),
+ DEFINE_PROP_UINT16("unlock-addr1", struct pflash_t, unlock_addr1, 0),
+ DEFINE_PROP_STRING("name", struct pflash_t, name),
+ DEFINE_PROP_END_OF_LIST(),
+};
+
+static void pflash_cfi02_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+
+ dc->realize = pflash_cfi02_realize;
+ dc->props = pflash_cfi02_properties;
+}
+
+static const TypeInfo pflash_cfi02_info = {
+ .name = TYPE_CFI_PFLASH02,
+ .parent = TYPE_SYS_BUS_DEVICE,
+ .instance_size = sizeof(struct pflash_t),
+ .class_init = pflash_cfi02_class_init,
+};
+
+static void pflash_cfi02_register_types(void)
+{
+ type_register_static(&pflash_cfi02_info);
+}
+
+type_init(pflash_cfi02_register_types)
+
+pflash_t *pflash_cfi02_register(hwaddr base,
+ DeviceState *qdev, const char *name,
+ hwaddr size,
+ BlockDriverState *bs, uint32_t sector_len,
+ int nb_blocs, int nb_mappings, int width,
+ uint16_t id0, uint16_t id1,
+ uint16_t id2, uint16_t id3,
+ uint16_t unlock_addr0, uint16_t unlock_addr1,
+ int be)
+{
+ DeviceState *dev = qdev_create(NULL, TYPE_CFI_PFLASH02);
+
+ if (bs && qdev_prop_set_drive(dev, "drive", bs)) {
+ abort();
+ }
+ qdev_prop_set_uint32(dev, "num-blocks", nb_blocs);
+ qdev_prop_set_uint32(dev, "sector-length", sector_len);
+ qdev_prop_set_uint8(dev, "width", width);
+ qdev_prop_set_uint8(dev, "mappings", nb_mappings);
+ qdev_prop_set_uint8(dev, "big-endian", !!be);
+ qdev_prop_set_uint16(dev, "id0", id0);
+ qdev_prop_set_uint16(dev, "id1", id1);
+ qdev_prop_set_uint16(dev, "id2", id2);
+ qdev_prop_set_uint16(dev, "id3", id3);
+ qdev_prop_set_uint16(dev, "unlock-addr0", unlock_addr0);
+ qdev_prop_set_uint16(dev, "unlock-addr1", unlock_addr1);
+ qdev_prop_set_string(dev, "name", name);
+ qdev_init_nofail(dev);
+
+ sysbus_mmio_map(SYS_BUS_DEVICE(dev), 0, base);
+ return CFI_PFLASH02(dev);
+}
diff --git a/hw/block/tc58128.c b/hw/block/tc58128.c
new file mode 100644
index 000000000..a3929d444
--- /dev/null
+++ b/hw/block/tc58128.c
@@ -0,0 +1,178 @@
+#include "hw/hw.h"
+#include "hw/sh4/sh.h"
+#include "hw/loader.h"
+
+#define CE1 0x0100
+#define CE2 0x0200
+#define RE 0x0400
+#define WE 0x0800
+#define ALE 0x1000
+#define CLE 0x2000
+#define RDY1 0x4000
+#define RDY2 0x8000
+#define RDY(n) ((n) == 0 ? RDY1 : RDY2)
+
+typedef enum { WAIT, READ1, READ2, READ3 } state_t;
+
+typedef struct {
+ uint8_t *flash_contents;
+ state_t state;
+ uint32_t address;
+ uint8_t address_cycle;
+} tc58128_dev;
+
+static tc58128_dev tc58128_devs[2];
+
+#define FLASH_SIZE (16*1024*1024)
+
+static void init_dev(tc58128_dev * dev, const char *filename)
+{
+ int ret, blocks;
+
+ dev->state = WAIT;
+ dev->flash_contents = g_malloc(FLASH_SIZE);
+ memset(dev->flash_contents, 0xff, FLASH_SIZE);
+ if (filename) {
+ /* Load flash image skipping the first block */
+ ret = load_image(filename, dev->flash_contents + 528 * 32);
+ if (ret < 0) {
+ fprintf(stderr, "ret=%d\n", ret);
+ fprintf(stderr, "qemu: could not load flash image %s\n",
+ filename);
+ exit(1);
+ } else {
+ /* Build first block with number of blocks */
+ blocks = (ret + 528 * 32 - 1) / (528 * 32);
+ dev->flash_contents[0] = blocks & 0xff;
+ dev->flash_contents[1] = (blocks >> 8) & 0xff;
+ dev->flash_contents[2] = (blocks >> 16) & 0xff;
+ dev->flash_contents[3] = (blocks >> 24) & 0xff;
+ fprintf(stderr, "loaded %d bytes for %s into flash\n", ret,
+ filename);
+ }
+ }
+}
+
+static void handle_command(tc58128_dev * dev, uint8_t command)
+{
+ switch (command) {
+ case 0xff:
+ fprintf(stderr, "reset flash device\n");
+ dev->state = WAIT;
+ break;
+ case 0x00:
+ fprintf(stderr, "read mode 1\n");
+ dev->state = READ1;
+ dev->address_cycle = 0;
+ break;
+ case 0x01:
+ fprintf(stderr, "read mode 2\n");
+ dev->state = READ2;
+ dev->address_cycle = 0;
+ break;
+ case 0x50:
+ fprintf(stderr, "read mode 3\n");
+ dev->state = READ3;
+ dev->address_cycle = 0;
+ break;
+ default:
+ fprintf(stderr, "unknown flash command 0x%02x\n", command);
+ abort();
+ }
+}
+
+static void handle_address(tc58128_dev * dev, uint8_t data)
+{
+ switch (dev->state) {
+ case READ1:
+ case READ2:
+ case READ3:
+ switch (dev->address_cycle) {
+ case 0:
+ dev->address = data;
+ if (dev->state == READ2)
+ dev->address |= 0x100;
+ else if (dev->state == READ3)
+ dev->address |= 0x200;
+ break;
+ case 1:
+ dev->address += data * 528 * 0x100;
+ break;
+ case 2:
+ dev->address += data * 528;
+ fprintf(stderr, "address pointer in flash: 0x%08x\n",
+ dev->address);
+ break;
+ default:
+ /* Invalid data */
+ abort();
+ }
+ dev->address_cycle++;
+ break;
+ default:
+ abort();
+ }
+}
+
+static uint8_t handle_read(tc58128_dev * dev)
+{
+#if 0
+ if (dev->address % 0x100000 == 0)
+ fprintf(stderr, "reading flash at address 0x%08x\n", dev->address);
+#endif
+ return dev->flash_contents[dev->address++];
+}
+
+/* We never mark the device as busy, so interrupts cannot be triggered
+ XXXXX */
+
+static int tc58128_cb(uint16_t porta, uint16_t portb,
+ uint16_t * periph_pdtra, uint16_t * periph_portadir,
+ uint16_t * periph_pdtrb, uint16_t * periph_portbdir)
+{
+ int dev;
+
+ if ((porta & CE1) == 0)
+ dev = 0;
+ else if ((porta & CE2) == 0)
+ dev = 1;
+ else
+ return 0; /* No device selected */
+
+ if ((porta & RE) && (porta & WE)) {
+ /* Nothing to do, assert ready and return to input state */
+ *periph_portadir &= 0xff00;
+ *periph_portadir |= RDY(dev);
+ *periph_pdtra |= RDY(dev);
+ return 1;
+ }
+
+ if (porta & CLE) {
+ /* Command */
+ assert((porta & WE) == 0);
+ handle_command(&tc58128_devs[dev], porta & 0x00ff);
+ } else if (porta & ALE) {
+ assert((porta & WE) == 0);
+ handle_address(&tc58128_devs[dev], porta & 0x00ff);
+ } else if ((porta & RE) == 0) {
+ *periph_portadir |= 0x00ff;
+ *periph_pdtra &= 0xff00;
+ *periph_pdtra |= handle_read(&tc58128_devs[dev]);
+ } else {
+ abort();
+ }
+ return 1;
+}
+
+static sh7750_io_device tc58128 = {
+ RE | WE, /* Port A triggers */
+ 0, /* Port B triggers */
+ tc58128_cb /* Callback */
+};
+
+int tc58128_init(struct SH7750State *s, const char *zone1, const char *zone2)
+{
+ init_dev(&tc58128_devs[0], zone1);
+ init_dev(&tc58128_devs[1], zone2);
+ return sh7750_register_io_device(s, &tc58128);
+}
diff --git a/hw/block/virtio-blk.c b/hw/block/virtio-blk.c
new file mode 100644
index 000000000..e2f55cc94
--- /dev/null
+++ b/hw/block/virtio-blk.c
@@ -0,0 +1,760 @@
+/*
+ * Virtio Block Device
+ *
+ * Copyright IBM, Corp. 2007
+ *
+ * Authors:
+ * Anthony Liguori <aliguori@us.ibm.com>
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2. See
+ * the COPYING file in the top-level directory.
+ *
+ */
+
+#include "qemu-common.h"
+#include "qemu/error-report.h"
+#include "trace.h"
+#include "hw/block/block.h"
+#include "sysemu/blockdev.h"
+#include "hw/virtio/virtio-blk.h"
+#ifdef CONFIG_VIRTIO_BLK_DATA_PLANE
+# include "dataplane/virtio-blk.h"
+# include "migration/migration.h"
+#endif
+#include "block/scsi.h"
+#ifdef __linux__
+# include <scsi/sg.h>
+#endif
+#include "hw/virtio/virtio-bus.h"
+
+typedef struct VirtIOBlockReq
+{
+ VirtIOBlock *dev;
+ VirtQueueElement elem;
+ struct virtio_blk_inhdr *in;
+ struct virtio_blk_outhdr *out;
+ struct virtio_scsi_inhdr *scsi;
+ QEMUIOVector qiov;
+ struct VirtIOBlockReq *next;
+ BlockAcctCookie acct;
+} VirtIOBlockReq;
+
+static void virtio_blk_req_complete(VirtIOBlockReq *req, int status)
+{
+ VirtIOBlock *s = req->dev;
+ VirtIODevice *vdev = VIRTIO_DEVICE(s);
+
+ trace_virtio_blk_req_complete(req, status);
+
+ stb_p(&req->in->status, status);
+ virtqueue_push(s->vq, &req->elem, req->qiov.size + sizeof(*req->in));
+ virtio_notify(vdev, s->vq);
+}
+
+static int virtio_blk_handle_rw_error(VirtIOBlockReq *req, int error,
+ bool is_read)
+{
+ BlockErrorAction action = bdrv_get_error_action(req->dev->bs, is_read, error);
+ VirtIOBlock *s = req->dev;
+
+ if (action == BDRV_ACTION_STOP) {
+ req->next = s->rq;
+ s->rq = req;
+ } else if (action == BDRV_ACTION_REPORT) {
+ virtio_blk_req_complete(req, VIRTIO_BLK_S_IOERR);
+ bdrv_acct_done(s->bs, &req->acct);
+ g_free(req);
+ }
+
+ bdrv_error_action(s->bs, action, is_read, error);
+ return action != BDRV_ACTION_IGNORE;
+}
+
+static void virtio_blk_rw_complete(void *opaque, int ret)
+{
+ VirtIOBlockReq *req = opaque;
+
+ trace_virtio_blk_rw_complete(req, ret);
+
+ if (ret) {
+ bool is_read = !(ldl_p(&req->out->type) & VIRTIO_BLK_T_OUT);
+ if (virtio_blk_handle_rw_error(req, -ret, is_read))
+ return;
+ }
+
+ virtio_blk_req_complete(req, VIRTIO_BLK_S_OK);
+ bdrv_acct_done(req->dev->bs, &req->acct);
+ g_free(req);
+}
+
+static void virtio_blk_flush_complete(void *opaque, int ret)
+{
+ VirtIOBlockReq *req = opaque;
+
+ if (ret) {
+ if (virtio_blk_handle_rw_error(req, -ret, 0)) {
+ return;
+ }
+ }
+
+ virtio_blk_req_complete(req, VIRTIO_BLK_S_OK);
+ bdrv_acct_done(req->dev->bs, &req->acct);
+ g_free(req);
+}
+
+static VirtIOBlockReq *virtio_blk_alloc_request(VirtIOBlock *s)
+{
+ VirtIOBlockReq *req = g_malloc(sizeof(*req));
+ req->dev = s;
+ req->qiov.size = 0;
+ req->next = NULL;
+ return req;
+}
+
+static VirtIOBlockReq *virtio_blk_get_request(VirtIOBlock *s)
+{
+ VirtIOBlockReq *req = virtio_blk_alloc_request(s);
+
+ if (req != NULL) {
+ if (!virtqueue_pop(s->vq, &req->elem)) {
+ g_free(req);
+ return NULL;
+ }
+ }
+
+ return req;
+}
+
+static void virtio_blk_handle_scsi(VirtIOBlockReq *req)
+{
+#ifdef __linux__
+ int ret;
+ int i;
+#endif
+ int status = VIRTIO_BLK_S_OK;
+
+ /*
+ * We require at least one output segment each for the virtio_blk_outhdr
+ * and the SCSI command block.
+ *
+ * We also at least require the virtio_blk_inhdr, the virtio_scsi_inhdr
+ * and the sense buffer pointer in the input segments.
+ */
+ if (req->elem.out_num < 2 || req->elem.in_num < 3) {
+ virtio_blk_req_complete(req, VIRTIO_BLK_S_IOERR);
+ g_free(req);
+ return;
+ }
+
+ /*
+ * The scsi inhdr is placed in the second-to-last input segment, just
+ * before the regular inhdr.
+ */
+ req->scsi = (void *)req->elem.in_sg[req->elem.in_num - 2].iov_base;
+
+ if (!req->dev->blk.scsi) {
+ status = VIRTIO_BLK_S_UNSUPP;
+ goto fail;
+ }
+
+ /*
+ * No support for bidirection commands yet.
+ */
+ if (req->elem.out_num > 2 && req->elem.in_num > 3) {
+ status = VIRTIO_BLK_S_UNSUPP;
+ goto fail;
+ }
+
+#ifdef __linux__
+ struct sg_io_hdr hdr;
+ memset(&hdr, 0, sizeof(struct sg_io_hdr));
+ hdr.interface_id = 'S';
+ hdr.cmd_len = req->elem.out_sg[1].iov_len;
+ hdr.cmdp = req->elem.out_sg[1].iov_base;
+ hdr.dxfer_len = 0;
+
+ if (req->elem.out_num > 2) {
+ /*
+ * If there are more than the minimally required 2 output segments
+ * there is write payload starting from the third iovec.
+ */
+ hdr.dxfer_direction = SG_DXFER_TO_DEV;
+ hdr.iovec_count = req->elem.out_num - 2;
+
+ for (i = 0; i < hdr.iovec_count; i++)
+ hdr.dxfer_len += req->elem.out_sg[i + 2].iov_len;
+
+ hdr.dxferp = req->elem.out_sg + 2;
+
+ } else if (req->elem.in_num > 3) {
+ /*
+ * If we have more than 3 input segments the guest wants to actually
+ * read data.
+ */
+ hdr.dxfer_direction = SG_DXFER_FROM_DEV;
+ hdr.iovec_count = req->elem.in_num - 3;
+ for (i = 0; i < hdr.iovec_count; i++)
+ hdr.dxfer_len += req->elem.in_sg[i].iov_len;
+
+ hdr.dxferp = req->elem.in_sg;
+ } else {
+ /*
+ * Some SCSI commands don't actually transfer any data.
+ */
+ hdr.dxfer_direction = SG_DXFER_NONE;
+ }
+
+ hdr.sbp = req->elem.in_sg[req->elem.in_num - 3].iov_base;
+ hdr.mx_sb_len = req->elem.in_sg[req->elem.in_num - 3].iov_len;
+
+ ret = bdrv_ioctl(req->dev->bs, SG_IO, &hdr);
+ if (ret) {
+ status = VIRTIO_BLK_S_UNSUPP;
+ goto fail;
+ }
+
+ /*
+ * From SCSI-Generic-HOWTO: "Some lower level drivers (e.g. ide-scsi)
+ * clear the masked_status field [hence status gets cleared too, see
+ * block/scsi_ioctl.c] even when a CHECK_CONDITION or COMMAND_TERMINATED
+ * status has occurred. However they do set DRIVER_SENSE in driver_status
+ * field. Also a (sb_len_wr > 0) indicates there is a sense buffer.
+ */
+ if (hdr.status == 0 && hdr.sb_len_wr > 0) {
+ hdr.status = CHECK_CONDITION;
+ }
+
+ stl_p(&req->scsi->errors,
+ hdr.status | (hdr.msg_status << 8) |
+ (hdr.host_status << 16) | (hdr.driver_status << 24));
+ stl_p(&req->scsi->residual, hdr.resid);
+ stl_p(&req->scsi->sense_len, hdr.sb_len_wr);
+ stl_p(&req->scsi->data_len, hdr.dxfer_len);
+
+ virtio_blk_req_complete(req, status);
+ g_free(req);
+ return;
+#else
+ abort();
+#endif
+
+fail:
+ /* Just put anything nonzero so that the ioctl fails in the guest. */
+ stl_p(&req->scsi->errors, 255);
+ virtio_blk_req_complete(req, status);
+ g_free(req);
+}
+
+typedef struct MultiReqBuffer {
+ BlockRequest blkreq[32];
+ unsigned int num_writes;
+} MultiReqBuffer;
+
+static void virtio_submit_multiwrite(BlockDriverState *bs, MultiReqBuffer *mrb)
+{
+ int i, ret;
+
+ if (!mrb->num_writes) {
+ return;
+ }
+
+ ret = bdrv_aio_multiwrite(bs, mrb->blkreq, mrb->num_writes);
+ if (ret != 0) {
+ for (i = 0; i < mrb->num_writes; i++) {
+ if (mrb->blkreq[i].error) {
+ virtio_blk_rw_complete(mrb->blkreq[i].opaque, -EIO);
+ }
+ }
+ }
+
+ mrb->num_writes = 0;
+}
+
+static void virtio_blk_handle_flush(VirtIOBlockReq *req, MultiReqBuffer *mrb)
+{
+ bdrv_acct_start(req->dev->bs, &req->acct, 0, BDRV_ACCT_FLUSH);
+
+ /*
+ * Make sure all outstanding writes are posted to the backing device.
+ */
+ virtio_submit_multiwrite(req->dev->bs, mrb);
+ bdrv_aio_flush(req->dev->bs, virtio_blk_flush_complete, req);
+}
+
+static void virtio_blk_handle_write(VirtIOBlockReq *req, MultiReqBuffer *mrb)
+{
+ BlockRequest *blkreq;
+ uint64_t sector;
+
+ sector = ldq_p(&req->out->sector);
+
+ bdrv_acct_start(req->dev->bs, &req->acct, req->qiov.size, BDRV_ACCT_WRITE);
+
+ trace_virtio_blk_handle_write(req, sector, req->qiov.size / 512);
+
+ if (sector & req->dev->sector_mask) {
+ virtio_blk_rw_complete(req, -EIO);
+ return;
+ }
+ if (req->qiov.size % req->dev->conf->logical_block_size) {
+ virtio_blk_rw_complete(req, -EIO);
+ return;
+ }
+
+ if (mrb->num_writes == 32) {
+ virtio_submit_multiwrite(req->dev->bs, mrb);
+ }
+
+ blkreq = &mrb->blkreq[mrb->num_writes];
+ blkreq->sector = sector;
+ blkreq->nb_sectors = req->qiov.size / BDRV_SECTOR_SIZE;
+ blkreq->qiov = &req->qiov;
+ blkreq->cb = virtio_blk_rw_complete;
+ blkreq->opaque = req;
+ blkreq->error = 0;
+
+ mrb->num_writes++;
+}
+
+static void virtio_blk_handle_read(VirtIOBlockReq *req)
+{
+ uint64_t sector;
+
+ sector = ldq_p(&req->out->sector);
+
+ bdrv_acct_start(req->dev->bs, &req->acct, req->qiov.size, BDRV_ACCT_READ);
+
+ trace_virtio_blk_handle_read(req, sector, req->qiov.size / 512);
+
+ if (sector & req->dev->sector_mask) {
+ virtio_blk_rw_complete(req, -EIO);
+ return;
+ }
+ if (req->qiov.size % req->dev->conf->logical_block_size) {
+ virtio_blk_rw_complete(req, -EIO);
+ return;
+ }
+ bdrv_aio_readv(req->dev->bs, sector, &req->qiov,
+ req->qiov.size / BDRV_SECTOR_SIZE,
+ virtio_blk_rw_complete, req);
+}
+
+static void virtio_blk_handle_request(VirtIOBlockReq *req,
+ MultiReqBuffer *mrb)
+{
+ uint32_t type;
+
+ if (req->elem.out_num < 1 || req->elem.in_num < 1) {
+ error_report("virtio-blk missing headers");
+ exit(1);
+ }
+
+ if (req->elem.out_sg[0].iov_len < sizeof(*req->out) ||
+ req->elem.in_sg[req->elem.in_num - 1].iov_len < sizeof(*req->in)) {
+ error_report("virtio-blk header not in correct element");
+ exit(1);
+ }
+
+ req->out = (void *)req->elem.out_sg[0].iov_base;
+ req->in = (void *)req->elem.in_sg[req->elem.in_num - 1].iov_base;
+
+ type = ldl_p(&req->out->type);
+
+ if (type & VIRTIO_BLK_T_FLUSH) {
+ virtio_blk_handle_flush(req, mrb);
+ } else if (type & VIRTIO_BLK_T_SCSI_CMD) {
+ virtio_blk_handle_scsi(req);
+ } else if (type & VIRTIO_BLK_T_GET_ID) {
+ VirtIOBlock *s = req->dev;
+
+ /*
+ * NB: per existing s/n string convention the string is
+ * terminated by '\0' only when shorter than buffer.
+ */
+ strncpy(req->elem.in_sg[0].iov_base,
+ s->blk.serial ? s->blk.serial : "",
+ MIN(req->elem.in_sg[0].iov_len, VIRTIO_BLK_ID_BYTES));
+ virtio_blk_req_complete(req, VIRTIO_BLK_S_OK);
+ g_free(req);
+ } else if (type & VIRTIO_BLK_T_OUT) {
+ qemu_iovec_init_external(&req->qiov, &req->elem.out_sg[1],
+ req->elem.out_num - 1);
+ virtio_blk_handle_write(req, mrb);
+ } else if (type == VIRTIO_BLK_T_IN || type == VIRTIO_BLK_T_BARRIER) {
+ /* VIRTIO_BLK_T_IN is 0, so we can't just & it. */
+ qemu_iovec_init_external(&req->qiov, &req->elem.in_sg[0],
+ req->elem.in_num - 1);
+ virtio_blk_handle_read(req);
+ } else {
+ virtio_blk_req_complete(req, VIRTIO_BLK_S_UNSUPP);
+ g_free(req);
+ }
+}
+
+static void virtio_blk_handle_output(VirtIODevice *vdev, VirtQueue *vq)
+{
+ VirtIOBlock *s = VIRTIO_BLK(vdev);
+ VirtIOBlockReq *req;
+ MultiReqBuffer mrb = {
+ .num_writes = 0,
+ };
+
+#ifdef CONFIG_VIRTIO_BLK_DATA_PLANE
+ /* Some guests kick before setting VIRTIO_CONFIG_S_DRIVER_OK so start
+ * dataplane here instead of waiting for .set_status().
+ */
+ if (s->dataplane) {
+ virtio_blk_data_plane_start(s->dataplane);
+ return;
+ }
+#endif
+
+ while ((req = virtio_blk_get_request(s))) {
+ virtio_blk_handle_request(req, &mrb);
+ }
+
+ virtio_submit_multiwrite(s->bs, &mrb);
+
+ /*
+ * FIXME: Want to check for completions before returning to guest mode,
+ * so cached reads and writes are reported as quickly as possible. But
+ * that should be done in the generic block layer.
+ */
+}
+
+static void virtio_blk_dma_restart_bh(void *opaque)
+{
+ VirtIOBlock *s = opaque;
+ VirtIOBlockReq *req = s->rq;
+ MultiReqBuffer mrb = {
+ .num_writes = 0,
+ };
+
+ qemu_bh_delete(s->bh);
+ s->bh = NULL;
+
+ s->rq = NULL;
+
+ while (req) {
+ virtio_blk_handle_request(req, &mrb);
+ req = req->next;
+ }
+
+ virtio_submit_multiwrite(s->bs, &mrb);
+}
+
+static void virtio_blk_dma_restart_cb(void *opaque, int running,
+ RunState state)
+{
+ VirtIOBlock *s = opaque;
+
+ if (!running) {
+ return;
+ }
+
+ if (!s->bh) {
+ s->bh = qemu_bh_new(virtio_blk_dma_restart_bh, s);
+ qemu_bh_schedule(s->bh);
+ }
+}
+
+static void virtio_blk_reset(VirtIODevice *vdev)
+{
+#ifdef CONFIG_VIRTIO_BLK_DATA_PLANE
+ VirtIOBlock *s = VIRTIO_BLK(vdev);
+
+ if (s->dataplane) {
+ virtio_blk_data_plane_stop(s->dataplane);
+ }
+#endif
+
+ /*
+ * This should cancel pending requests, but can't do nicely until there
+ * are per-device request lists.
+ */
+ bdrv_drain_all();
+}
+
+/* coalesce internal state, copy to pci i/o region 0
+ */
+static void virtio_blk_update_config(VirtIODevice *vdev, uint8_t *config)
+{
+ VirtIOBlock *s = VIRTIO_BLK(vdev);
+ struct virtio_blk_config blkcfg;
+ uint64_t capacity;
+ int blk_size = s->conf->logical_block_size;
+
+ bdrv_get_geometry(s->bs, &capacity);
+ memset(&blkcfg, 0, sizeof(blkcfg));
+ stq_raw(&blkcfg.capacity, capacity);
+ stl_raw(&blkcfg.seg_max, 128 - 2);
+ stw_raw(&blkcfg.cylinders, s->conf->cyls);
+ stl_raw(&blkcfg.blk_size, blk_size);
+ stw_raw(&blkcfg.min_io_size, s->conf->min_io_size / blk_size);
+ stw_raw(&blkcfg.opt_io_size, s->conf->opt_io_size / blk_size);
+ blkcfg.heads = s->conf->heads;
+ /*
+ * We must ensure that the block device capacity is a multiple of
+ * the logical block size. If that is not the case, let's use
+ * sector_mask to adopt the geometry to have a correct picture.
+ * For those devices where the capacity is ok for the given geometry
+ * we don't touch the sector value of the geometry, since some devices
+ * (like s390 dasd) need a specific value. Here the capacity is already
+ * cyls*heads*secs*blk_size and the sector value is not block size
+ * divided by 512 - instead it is the amount of blk_size blocks
+ * per track (cylinder).
+ */
+ if (bdrv_getlength(s->bs) / s->conf->heads / s->conf->secs % blk_size) {
+ blkcfg.sectors = s->conf->secs & ~s->sector_mask;
+ } else {
+ blkcfg.sectors = s->conf->secs;
+ }
+ blkcfg.size_max = 0;
+ blkcfg.physical_block_exp = get_physical_block_exp(s->conf);
+ blkcfg.alignment_offset = 0;
+ blkcfg.wce = bdrv_enable_write_cache(s->bs);
+ memcpy(config, &blkcfg, sizeof(struct virtio_blk_config));
+}
+
+static void virtio_blk_set_config(VirtIODevice *vdev, const uint8_t *config)
+{
+ VirtIOBlock *s = VIRTIO_BLK(vdev);
+ struct virtio_blk_config blkcfg;
+
+ memcpy(&blkcfg, config, sizeof(blkcfg));
+ bdrv_set_enable_write_cache(s->bs, blkcfg.wce != 0);
+}
+
+static uint32_t virtio_blk_get_features(VirtIODevice *vdev, uint32_t features)
+{
+ VirtIOBlock *s = VIRTIO_BLK(vdev);
+
+ features |= (1 << VIRTIO_BLK_F_SEG_MAX);
+ features |= (1 << VIRTIO_BLK_F_GEOMETRY);
+ features |= (1 << VIRTIO_BLK_F_TOPOLOGY);
+ features |= (1 << VIRTIO_BLK_F_BLK_SIZE);
+ features |= (1 << VIRTIO_BLK_F_SCSI);
+
+ if (s->blk.config_wce) {
+ features |= (1 << VIRTIO_BLK_F_CONFIG_WCE);
+ }
+ if (bdrv_enable_write_cache(s->bs))
+ features |= (1 << VIRTIO_BLK_F_WCE);
+
+ if (bdrv_is_read_only(s->bs))
+ features |= 1 << VIRTIO_BLK_F_RO;
+
+ return features;
+}
+
+static void virtio_blk_set_status(VirtIODevice *vdev, uint8_t status)
+{
+ VirtIOBlock *s = VIRTIO_BLK(vdev);
+ uint32_t features;
+
+#ifdef CONFIG_VIRTIO_BLK_DATA_PLANE
+ if (s->dataplane && !(status & (VIRTIO_CONFIG_S_DRIVER |
+ VIRTIO_CONFIG_S_DRIVER_OK))) {
+ virtio_blk_data_plane_stop(s->dataplane);
+ }
+#endif
+
+ if (!(status & VIRTIO_CONFIG_S_DRIVER_OK)) {
+ return;
+ }
+
+ features = vdev->guest_features;
+ bdrv_set_enable_write_cache(s->bs, !!(features & (1 << VIRTIO_BLK_F_WCE)));
+}
+
+static void virtio_blk_save(QEMUFile *f, void *opaque)
+{
+ VirtIOBlock *s = opaque;
+ VirtIODevice *vdev = VIRTIO_DEVICE(s);
+ VirtIOBlockReq *req = s->rq;
+
+ virtio_save(vdev, f);
+
+ while (req) {
+ qemu_put_sbyte(f, 1);
+ qemu_put_buffer(f, (unsigned char*)&req->elem, sizeof(req->elem));
+ req = req->next;
+ }
+ qemu_put_sbyte(f, 0);
+}
+
+static int virtio_blk_load(QEMUFile *f, void *opaque, int version_id)
+{
+ VirtIOBlock *s = opaque;
+ VirtIODevice *vdev = VIRTIO_DEVICE(s);
+ int ret;
+
+ if (version_id != 2)
+ return -EINVAL;
+
+ ret = virtio_load(vdev, f);
+ if (ret) {
+ return ret;
+ }
+
+ while (qemu_get_sbyte(f)) {
+ VirtIOBlockReq *req = virtio_blk_alloc_request(s);
+ qemu_get_buffer(f, (unsigned char*)&req->elem, sizeof(req->elem));
+ req->next = s->rq;
+ s->rq = req;
+
+ virtqueue_map_sg(req->elem.in_sg, req->elem.in_addr,
+ req->elem.in_num, 1);
+ virtqueue_map_sg(req->elem.out_sg, req->elem.out_addr,
+ req->elem.out_num, 0);
+ }
+
+ return 0;
+}
+
+static void virtio_blk_resize(void *opaque)
+{
+ VirtIODevice *vdev = VIRTIO_DEVICE(opaque);
+
+ virtio_notify_config(vdev);
+}
+
+static const BlockDevOps virtio_block_ops = {
+ .resize_cb = virtio_blk_resize,
+};
+
+void virtio_blk_set_conf(DeviceState *dev, VirtIOBlkConf *blk)
+{
+ VirtIOBlock *s = VIRTIO_BLK(dev);
+ memcpy(&(s->blk), blk, sizeof(struct VirtIOBlkConf));
+}
+
+#ifdef CONFIG_VIRTIO_BLK_DATA_PLANE
+/* Disable dataplane thread during live migration since it does not
+ * update the dirty memory bitmap yet.
+ */
+static void virtio_blk_migration_state_changed(Notifier *notifier, void *data)
+{
+ VirtIOBlock *s = container_of(notifier, VirtIOBlock,
+ migration_state_notifier);
+ MigrationState *mig = data;
+
+ if (migration_in_setup(mig)) {
+ if (!s->dataplane) {
+ return;
+ }
+ virtio_blk_data_plane_destroy(s->dataplane);
+ s->dataplane = NULL;
+ } else if (migration_has_finished(mig) ||
+ migration_has_failed(mig)) {
+ if (s->dataplane) {
+ return;
+ }
+ bdrv_drain_all(); /* complete in-flight non-dataplane requests */
+ virtio_blk_data_plane_create(VIRTIO_DEVICE(s), &s->blk,
+ &s->dataplane);
+ }
+}
+#endif /* CONFIG_VIRTIO_BLK_DATA_PLANE */
+
+static int virtio_blk_device_init(VirtIODevice *vdev)
+{
+ DeviceState *qdev = DEVICE(vdev);
+ VirtIOBlock *s = VIRTIO_BLK(vdev);
+ VirtIOBlkConf *blk = &(s->blk);
+ static int virtio_blk_id;
+
+ if (!blk->conf.bs) {
+ error_report("drive property not set");
+ return -1;
+ }
+ if (!bdrv_is_inserted(blk->conf.bs)) {
+ error_report("Device needs media, but drive is empty");
+ return -1;
+ }
+
+ blkconf_serial(&blk->conf, &blk->serial);
+ if (blkconf_geometry(&blk->conf, NULL, 65535, 255, 255) < 0) {
+ return -1;
+ }
+
+ virtio_init(vdev, "virtio-blk", VIRTIO_ID_BLOCK,
+ sizeof(struct virtio_blk_config));
+
+ s->bs = blk->conf.bs;
+ s->conf = &blk->conf;
+ memcpy(&(s->blk), blk, sizeof(struct VirtIOBlkConf));
+ s->rq = NULL;
+ s->sector_mask = (s->conf->logical_block_size / BDRV_SECTOR_SIZE) - 1;
+
+ s->vq = virtio_add_queue(vdev, 128, virtio_blk_handle_output);
+#ifdef CONFIG_VIRTIO_BLK_DATA_PLANE
+ if (!virtio_blk_data_plane_create(vdev, blk, &s->dataplane)) {
+ virtio_cleanup(vdev);
+ return -1;
+ }
+ s->migration_state_notifier.notify = virtio_blk_migration_state_changed;
+ add_migration_state_change_notifier(&s->migration_state_notifier);
+#endif
+
+ s->change = qemu_add_vm_change_state_handler(virtio_blk_dma_restart_cb, s);
+ register_savevm(qdev, "virtio-blk", virtio_blk_id++, 2,
+ virtio_blk_save, virtio_blk_load, s);
+ bdrv_set_dev_ops(s->bs, &virtio_block_ops, s);
+ bdrv_set_buffer_alignment(s->bs, s->conf->logical_block_size);
+
+ bdrv_iostatus_enable(s->bs);
+
+ add_boot_device_path(s->conf->bootindex, qdev, "/disk@0,0");
+ return 0;
+}
+
+static int virtio_blk_device_exit(DeviceState *dev)
+{
+ VirtIODevice *vdev = VIRTIO_DEVICE(dev);
+ VirtIOBlock *s = VIRTIO_BLK(dev);
+#ifdef CONFIG_VIRTIO_BLK_DATA_PLANE
+ remove_migration_state_change_notifier(&s->migration_state_notifier);
+ virtio_blk_data_plane_destroy(s->dataplane);
+ s->dataplane = NULL;
+#endif
+ qemu_del_vm_change_state_handler(s->change);
+ unregister_savevm(dev, "virtio-blk", s);
+ blockdev_mark_auto_del(s->bs);
+ virtio_cleanup(vdev);
+ return 0;
+}
+
+static Property virtio_blk_properties[] = {
+ DEFINE_VIRTIO_BLK_PROPERTIES(VirtIOBlock, blk),
+ DEFINE_PROP_END_OF_LIST(),
+};
+
+static void virtio_blk_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ VirtioDeviceClass *vdc = VIRTIO_DEVICE_CLASS(klass);
+ dc->exit = virtio_blk_device_exit;
+ dc->props = virtio_blk_properties;
+ set_bit(DEVICE_CATEGORY_STORAGE, dc->categories);
+ vdc->init = virtio_blk_device_init;
+ vdc->get_config = virtio_blk_update_config;
+ vdc->set_config = virtio_blk_set_config;
+ vdc->get_features = virtio_blk_get_features;
+ vdc->set_status = virtio_blk_set_status;
+ vdc->reset = virtio_blk_reset;
+}
+
+static const TypeInfo virtio_device_info = {
+ .name = TYPE_VIRTIO_BLK,
+ .parent = TYPE_VIRTIO_DEVICE,
+ .instance_size = sizeof(VirtIOBlock),
+ .class_init = virtio_blk_class_init,
+};
+
+static void virtio_register_types(void)
+{
+ type_register_static(&virtio_device_info);
+}
+
+type_init(virtio_register_types)
diff --git a/hw/xen_blkif.h b/hw/block/xen_blkif.h
index c0f413622..c0f413622 100644
--- a/hw/xen_blkif.h
+++ b/hw/block/xen_blkif.h
diff --git a/hw/block/xen_disk.c b/hw/block/xen_disk.c
new file mode 100644
index 000000000..727f4331c
--- /dev/null
+++ b/hw/block/xen_disk.c
@@ -0,0 +1,988 @@
+/*
+ * xen paravirt block device backend
+ *
+ * (c) Gerd Hoffmann <kraxel@redhat.com>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; under version 2 of the License.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, see <http://www.gnu.org/licenses/>.
+ *
+ * Contributions after 2012-01-13 are licensed under the terms of the
+ * GNU GPL, version 2 or (at your option) any later version.
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <stdarg.h>
+#include <string.h>
+#include <unistd.h>
+#include <signal.h>
+#include <inttypes.h>
+#include <time.h>
+#include <fcntl.h>
+#include <errno.h>
+#include <sys/ioctl.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <sys/mman.h>
+#include <sys/uio.h>
+
+#include "hw/hw.h"
+#include "hw/xen/xen_backend.h"
+#include "xen_blkif.h"
+#include "sysemu/blockdev.h"
+
+/* ------------------------------------------------------------- */
+
+static int batch_maps = 0;
+
+static int max_requests = 32;
+
+/* ------------------------------------------------------------- */
+
+#define BLOCK_SIZE 512
+#define IOCB_COUNT (BLKIF_MAX_SEGMENTS_PER_REQUEST + 2)
+
+struct PersistentGrant {
+ void *page;
+ struct XenBlkDev *blkdev;
+};
+
+typedef struct PersistentGrant PersistentGrant;
+
+struct ioreq {
+ blkif_request_t req;
+ int16_t status;
+
+ /* parsed request */
+ off_t start;
+ QEMUIOVector v;
+ int presync;
+ int postsync;
+ uint8_t mapped;
+
+ /* grant mapping */
+ uint32_t domids[BLKIF_MAX_SEGMENTS_PER_REQUEST];
+ uint32_t refs[BLKIF_MAX_SEGMENTS_PER_REQUEST];
+ int prot;
+ void *page[BLKIF_MAX_SEGMENTS_PER_REQUEST];
+ void *pages;
+ int num_unmap;
+
+ /* aio status */
+ int aio_inflight;
+ int aio_errors;
+
+ struct XenBlkDev *blkdev;
+ QLIST_ENTRY(ioreq) list;
+ BlockAcctCookie acct;
+};
+
+struct XenBlkDev {
+ struct XenDevice xendev; /* must be first */
+ char *params;
+ char *mode;
+ char *type;
+ char *dev;
+ char *devtype;
+ bool directiosafe;
+ const char *fileproto;
+ const char *filename;
+ int ring_ref;
+ void *sring;
+ int64_t file_blk;
+ int64_t file_size;
+ int protocol;
+ blkif_back_rings_t rings;
+ int more_work;
+ int cnt_map;
+
+ /* request lists */
+ QLIST_HEAD(inflight_head, ioreq) inflight;
+ QLIST_HEAD(finished_head, ioreq) finished;
+ QLIST_HEAD(freelist_head, ioreq) freelist;
+ int requests_total;
+ int requests_inflight;
+ int requests_finished;
+
+ /* Persistent grants extension */
+ gboolean feature_persistent;
+ GTree *persistent_gnts;
+ unsigned int persistent_gnt_count;
+ unsigned int max_grants;
+
+ /* qemu block driver */
+ DriveInfo *dinfo;
+ BlockDriverState *bs;
+ QEMUBH *bh;
+};
+
+/* ------------------------------------------------------------- */
+
+static void ioreq_reset(struct ioreq *ioreq)
+{
+ memset(&ioreq->req, 0, sizeof(ioreq->req));
+ ioreq->status = 0;
+ ioreq->start = 0;
+ ioreq->presync = 0;
+ ioreq->postsync = 0;
+ ioreq->mapped = 0;
+
+ memset(ioreq->domids, 0, sizeof(ioreq->domids));
+ memset(ioreq->refs, 0, sizeof(ioreq->refs));
+ ioreq->prot = 0;
+ memset(ioreq->page, 0, sizeof(ioreq->page));
+ ioreq->pages = NULL;
+
+ ioreq->aio_inflight = 0;
+ ioreq->aio_errors = 0;
+
+ ioreq->blkdev = NULL;
+ memset(&ioreq->list, 0, sizeof(ioreq->list));
+ memset(&ioreq->acct, 0, sizeof(ioreq->acct));
+
+ qemu_iovec_reset(&ioreq->v);
+}
+
+static gint int_cmp(gconstpointer a, gconstpointer b, gpointer user_data)
+{
+ uint ua = GPOINTER_TO_UINT(a);
+ uint ub = GPOINTER_TO_UINT(b);
+ return (ua > ub) - (ua < ub);
+}
+
+static void destroy_grant(gpointer pgnt)
+{
+ PersistentGrant *grant = pgnt;
+ XenGnttab gnt = grant->blkdev->xendev.gnttabdev;
+
+ if (xc_gnttab_munmap(gnt, grant->page, 1) != 0) {
+ xen_be_printf(&grant->blkdev->xendev, 0,
+ "xc_gnttab_munmap failed: %s\n",
+ strerror(errno));
+ }
+ grant->blkdev->persistent_gnt_count--;
+ xen_be_printf(&grant->blkdev->xendev, 3,
+ "unmapped grant %p\n", grant->page);
+ g_free(grant);
+}
+
+static struct ioreq *ioreq_start(struct XenBlkDev *blkdev)
+{
+ struct ioreq *ioreq = NULL;
+
+ if (QLIST_EMPTY(&blkdev->freelist)) {
+ if (blkdev->requests_total >= max_requests) {
+ goto out;
+ }
+ /* allocate new struct */
+ ioreq = g_malloc0(sizeof(*ioreq));
+ ioreq->blkdev = blkdev;
+ blkdev->requests_total++;
+ qemu_iovec_init(&ioreq->v, BLKIF_MAX_SEGMENTS_PER_REQUEST);
+ } else {
+ /* get one from freelist */
+ ioreq = QLIST_FIRST(&blkdev->freelist);
+ QLIST_REMOVE(ioreq, list);
+ }
+ QLIST_INSERT_HEAD(&blkdev->inflight, ioreq, list);
+ blkdev->requests_inflight++;
+
+out:
+ return ioreq;
+}
+
+static void ioreq_finish(struct ioreq *ioreq)
+{
+ struct XenBlkDev *blkdev = ioreq->blkdev;
+
+ QLIST_REMOVE(ioreq, list);
+ QLIST_INSERT_HEAD(&blkdev->finished, ioreq, list);
+ blkdev->requests_inflight--;
+ blkdev->requests_finished++;
+}
+
+static void ioreq_release(struct ioreq *ioreq, bool finish)
+{
+ struct XenBlkDev *blkdev = ioreq->blkdev;
+
+ QLIST_REMOVE(ioreq, list);
+ ioreq_reset(ioreq);
+ ioreq->blkdev = blkdev;
+ QLIST_INSERT_HEAD(&blkdev->freelist, ioreq, list);
+ if (finish) {
+ blkdev->requests_finished--;
+ } else {
+ blkdev->requests_inflight--;
+ }
+}
+
+/*
+ * translate request into iovec + start offset
+ * do sanity checks along the way
+ */
+static int ioreq_parse(struct ioreq *ioreq)
+{
+ struct XenBlkDev *blkdev = ioreq->blkdev;
+ uintptr_t mem;
+ size_t len;
+ int i;
+
+ xen_be_printf(&blkdev->xendev, 3,
+ "op %d, nr %d, handle %d, id %" PRId64 ", sector %" PRId64 "\n",
+ ioreq->req.operation, ioreq->req.nr_segments,
+ ioreq->req.handle, ioreq->req.id, ioreq->req.sector_number);
+ switch (ioreq->req.operation) {
+ case BLKIF_OP_READ:
+ ioreq->prot = PROT_WRITE; /* to memory */
+ break;
+ case BLKIF_OP_FLUSH_DISKCACHE:
+ ioreq->presync = 1;
+ if (!ioreq->req.nr_segments) {
+ return 0;
+ }
+ /* fall through */
+ case BLKIF_OP_WRITE:
+ ioreq->prot = PROT_READ; /* from memory */
+ break;
+ default:
+ xen_be_printf(&blkdev->xendev, 0, "error: unknown operation (%d)\n",
+ ioreq->req.operation);
+ goto err;
+ };
+
+ if (ioreq->req.operation != BLKIF_OP_READ && blkdev->mode[0] != 'w') {
+ xen_be_printf(&blkdev->xendev, 0, "error: write req for ro device\n");
+ goto err;
+ }
+
+ ioreq->start = ioreq->req.sector_number * blkdev->file_blk;
+ for (i = 0; i < ioreq->req.nr_segments; i++) {
+ if (i == BLKIF_MAX_SEGMENTS_PER_REQUEST) {
+ xen_be_printf(&blkdev->xendev, 0, "error: nr_segments too big\n");
+ goto err;
+ }
+ if (ioreq->req.seg[i].first_sect > ioreq->req.seg[i].last_sect) {
+ xen_be_printf(&blkdev->xendev, 0, "error: first > last sector\n");
+ goto err;
+ }
+ if (ioreq->req.seg[i].last_sect * BLOCK_SIZE >= XC_PAGE_SIZE) {
+ xen_be_printf(&blkdev->xendev, 0, "error: page crossing\n");
+ goto err;
+ }
+
+ ioreq->domids[i] = blkdev->xendev.dom;
+ ioreq->refs[i] = ioreq->req.seg[i].gref;
+
+ mem = ioreq->req.seg[i].first_sect * blkdev->file_blk;
+ len = (ioreq->req.seg[i].last_sect - ioreq->req.seg[i].first_sect + 1) * blkdev->file_blk;
+ qemu_iovec_add(&ioreq->v, (void*)mem, len);
+ }
+ if (ioreq->start + ioreq->v.size > blkdev->file_size) {
+ xen_be_printf(&blkdev->xendev, 0, "error: access beyond end of file\n");
+ goto err;
+ }
+ return 0;
+
+err:
+ ioreq->status = BLKIF_RSP_ERROR;
+ return -1;
+}
+
+static void ioreq_unmap(struct ioreq *ioreq)
+{
+ XenGnttab gnt = ioreq->blkdev->xendev.gnttabdev;
+ int i;
+
+ if (ioreq->num_unmap == 0 || ioreq->mapped == 0) {
+ return;
+ }
+ if (batch_maps) {
+ if (!ioreq->pages) {
+ return;
+ }
+ if (xc_gnttab_munmap(gnt, ioreq->pages, ioreq->num_unmap) != 0) {
+ xen_be_printf(&ioreq->blkdev->xendev, 0, "xc_gnttab_munmap failed: %s\n",
+ strerror(errno));
+ }
+ ioreq->blkdev->cnt_map -= ioreq->num_unmap;
+ ioreq->pages = NULL;
+ } else {
+ for (i = 0; i < ioreq->num_unmap; i++) {
+ if (!ioreq->page[i]) {
+ continue;
+ }
+ if (xc_gnttab_munmap(gnt, ioreq->page[i], 1) != 0) {
+ xen_be_printf(&ioreq->blkdev->xendev, 0, "xc_gnttab_munmap failed: %s\n",
+ strerror(errno));
+ }
+ ioreq->blkdev->cnt_map--;
+ ioreq->page[i] = NULL;
+ }
+ }
+ ioreq->mapped = 0;
+}
+
+static int ioreq_map(struct ioreq *ioreq)
+{
+ XenGnttab gnt = ioreq->blkdev->xendev.gnttabdev;
+ uint32_t domids[BLKIF_MAX_SEGMENTS_PER_REQUEST];
+ uint32_t refs[BLKIF_MAX_SEGMENTS_PER_REQUEST];
+ void *page[BLKIF_MAX_SEGMENTS_PER_REQUEST];
+ int i, j, new_maps = 0;
+ PersistentGrant *grant;
+ /* domids and refs variables will contain the information necessary
+ * to map the grants that are needed to fulfill this request.
+ *
+ * After mapping the needed grants, the page array will contain the
+ * memory address of each granted page in the order specified in ioreq
+ * (disregarding if it's a persistent grant or not).
+ */
+
+ if (ioreq->v.niov == 0 || ioreq->mapped == 1) {
+ return 0;
+ }
+ if (ioreq->blkdev->feature_persistent) {
+ for (i = 0; i < ioreq->v.niov; i++) {
+ grant = g_tree_lookup(ioreq->blkdev->persistent_gnts,
+ GUINT_TO_POINTER(ioreq->refs[i]));
+
+ if (grant != NULL) {
+ page[i] = grant->page;
+ xen_be_printf(&ioreq->blkdev->xendev, 3,
+ "using persistent-grant %" PRIu32 "\n",
+ ioreq->refs[i]);
+ } else {
+ /* Add the grant to the list of grants that
+ * should be mapped
+ */
+ domids[new_maps] = ioreq->domids[i];
+ refs[new_maps] = ioreq->refs[i];
+ page[i] = NULL;
+ new_maps++;
+ }
+ }
+ /* Set the protection to RW, since grants may be reused later
+ * with a different protection than the one needed for this request
+ */
+ ioreq->prot = PROT_WRITE | PROT_READ;
+ } else {
+ /* All grants in the request should be mapped */
+ memcpy(refs, ioreq->refs, sizeof(refs));
+ memcpy(domids, ioreq->domids, sizeof(domids));
+ memset(page, 0, sizeof(page));
+ new_maps = ioreq->v.niov;
+ }
+
+ if (batch_maps && new_maps) {
+ ioreq->pages = xc_gnttab_map_grant_refs
+ (gnt, new_maps, domids, refs, ioreq->prot);
+ if (ioreq->pages == NULL) {
+ xen_be_printf(&ioreq->blkdev->xendev, 0,
+ "can't map %d grant refs (%s, %d maps)\n",
+ new_maps, strerror(errno), ioreq->blkdev->cnt_map);
+ return -1;
+ }
+ for (i = 0, j = 0; i < ioreq->v.niov; i++) {
+ if (page[i] == NULL) {
+ page[i] = ioreq->pages + (j++) * XC_PAGE_SIZE;
+ }
+ }
+ ioreq->blkdev->cnt_map += new_maps;
+ } else if (new_maps) {
+ for (i = 0; i < new_maps; i++) {
+ ioreq->page[i] = xc_gnttab_map_grant_ref
+ (gnt, domids[i], refs[i], ioreq->prot);
+ if (ioreq->page[i] == NULL) {
+ xen_be_printf(&ioreq->blkdev->xendev, 0,
+ "can't map grant ref %d (%s, %d maps)\n",
+ refs[i], strerror(errno), ioreq->blkdev->cnt_map);
+ ioreq_unmap(ioreq);
+ return -1;
+ }
+ ioreq->blkdev->cnt_map++;
+ }
+ for (i = 0, j = 0; i < ioreq->v.niov; i++) {
+ if (page[i] == NULL) {
+ page[i] = ioreq->page[j++];
+ }
+ }
+ }
+ if (ioreq->blkdev->feature_persistent) {
+ while ((ioreq->blkdev->persistent_gnt_count < ioreq->blkdev->max_grants)
+ && new_maps) {
+ /* Go through the list of newly mapped grants and add as many
+ * as possible to the list of persistently mapped grants.
+ *
+ * Since we start at the end of ioreq->page(s), we only need
+ * to decrease new_maps to prevent this granted pages from
+ * being unmapped in ioreq_unmap.
+ */
+ grant = g_malloc0(sizeof(*grant));
+ new_maps--;
+ if (batch_maps) {
+ grant->page = ioreq->pages + (new_maps) * XC_PAGE_SIZE;
+ } else {
+ grant->page = ioreq->page[new_maps];
+ }
+ grant->blkdev = ioreq->blkdev;
+ xen_be_printf(&ioreq->blkdev->xendev, 3,
+ "adding grant %" PRIu32 " page: %p\n",
+ refs[new_maps], grant->page);
+ g_tree_insert(ioreq->blkdev->persistent_gnts,
+ GUINT_TO_POINTER(refs[new_maps]),
+ grant);
+ ioreq->blkdev->persistent_gnt_count++;
+ }
+ }
+ for (i = 0; i < ioreq->v.niov; i++) {
+ ioreq->v.iov[i].iov_base += (uintptr_t)page[i];
+ }
+ ioreq->mapped = 1;
+ ioreq->num_unmap = new_maps;
+ return 0;
+}
+
+static int ioreq_runio_qemu_aio(struct ioreq *ioreq);
+
+static void qemu_aio_complete(void *opaque, int ret)
+{
+ struct ioreq *ioreq = opaque;
+
+ if (ret != 0) {
+ xen_be_printf(&ioreq->blkdev->xendev, 0, "%s I/O error\n",
+ ioreq->req.operation == BLKIF_OP_READ ? "read" : "write");
+ ioreq->aio_errors++;
+ }
+
+ ioreq->aio_inflight--;
+ if (ioreq->presync) {
+ ioreq->presync = 0;
+ ioreq_runio_qemu_aio(ioreq);
+ return;
+ }
+ if (ioreq->aio_inflight > 0) {
+ return;
+ }
+ if (ioreq->postsync) {
+ ioreq->postsync = 0;
+ ioreq->aio_inflight++;
+ bdrv_aio_flush(ioreq->blkdev->bs, qemu_aio_complete, ioreq);
+ return;
+ }
+
+ ioreq->status = ioreq->aio_errors ? BLKIF_RSP_ERROR : BLKIF_RSP_OKAY;
+ ioreq_unmap(ioreq);
+ ioreq_finish(ioreq);
+ bdrv_acct_done(ioreq->blkdev->bs, &ioreq->acct);
+ qemu_bh_schedule(ioreq->blkdev->bh);
+}
+
+static int ioreq_runio_qemu_aio(struct ioreq *ioreq)
+{
+ struct XenBlkDev *blkdev = ioreq->blkdev;
+
+ if (ioreq->req.nr_segments && ioreq_map(ioreq) == -1) {
+ goto err_no_map;
+ }
+
+ ioreq->aio_inflight++;
+ if (ioreq->presync) {
+ bdrv_aio_flush(ioreq->blkdev->bs, qemu_aio_complete, ioreq);
+ return 0;
+ }
+
+ switch (ioreq->req.operation) {
+ case BLKIF_OP_READ:
+ bdrv_acct_start(blkdev->bs, &ioreq->acct, ioreq->v.size, BDRV_ACCT_READ);
+ ioreq->aio_inflight++;
+ bdrv_aio_readv(blkdev->bs, ioreq->start / BLOCK_SIZE,
+ &ioreq->v, ioreq->v.size / BLOCK_SIZE,
+ qemu_aio_complete, ioreq);
+ break;
+ case BLKIF_OP_WRITE:
+ case BLKIF_OP_FLUSH_DISKCACHE:
+ if (!ioreq->req.nr_segments) {
+ break;
+ }
+
+ bdrv_acct_start(blkdev->bs, &ioreq->acct, ioreq->v.size, BDRV_ACCT_WRITE);
+ ioreq->aio_inflight++;
+ bdrv_aio_writev(blkdev->bs, ioreq->start / BLOCK_SIZE,
+ &ioreq->v, ioreq->v.size / BLOCK_SIZE,
+ qemu_aio_complete, ioreq);
+ break;
+ default:
+ /* unknown operation (shouldn't happen -- parse catches this) */
+ goto err;
+ }
+
+ qemu_aio_complete(ioreq, 0);
+
+ return 0;
+
+err:
+ ioreq_unmap(ioreq);
+err_no_map:
+ ioreq_finish(ioreq);
+ ioreq->status = BLKIF_RSP_ERROR;
+ return -1;
+}
+
+static int blk_send_response_one(struct ioreq *ioreq)
+{
+ struct XenBlkDev *blkdev = ioreq->blkdev;
+ int send_notify = 0;
+ int have_requests = 0;
+ blkif_response_t resp;
+ void *dst;
+
+ resp.id = ioreq->req.id;
+ resp.operation = ioreq->req.operation;
+ resp.status = ioreq->status;
+
+ /* Place on the response ring for the relevant domain. */
+ switch (blkdev->protocol) {
+ case BLKIF_PROTOCOL_NATIVE:
+ dst = RING_GET_RESPONSE(&blkdev->rings.native, blkdev->rings.native.rsp_prod_pvt);
+ break;
+ case BLKIF_PROTOCOL_X86_32:
+ dst = RING_GET_RESPONSE(&blkdev->rings.x86_32_part,
+ blkdev->rings.x86_32_part.rsp_prod_pvt);
+ break;
+ case BLKIF_PROTOCOL_X86_64:
+ dst = RING_GET_RESPONSE(&blkdev->rings.x86_64_part,
+ blkdev->rings.x86_64_part.rsp_prod_pvt);
+ break;
+ default:
+ dst = NULL;
+ }
+ memcpy(dst, &resp, sizeof(resp));
+ blkdev->rings.common.rsp_prod_pvt++;
+
+ RING_PUSH_RESPONSES_AND_CHECK_NOTIFY(&blkdev->rings.common, send_notify);
+ if (blkdev->rings.common.rsp_prod_pvt == blkdev->rings.common.req_cons) {
+ /*
+ * Tail check for pending requests. Allows frontend to avoid
+ * notifications if requests are already in flight (lower
+ * overheads and promotes batching).
+ */
+ RING_FINAL_CHECK_FOR_REQUESTS(&blkdev->rings.common, have_requests);
+ } else if (RING_HAS_UNCONSUMED_REQUESTS(&blkdev->rings.common)) {
+ have_requests = 1;
+ }
+
+ if (have_requests) {
+ blkdev->more_work++;
+ }
+ return send_notify;
+}
+
+/* walk finished list, send outstanding responses, free requests */
+static void blk_send_response_all(struct XenBlkDev *blkdev)
+{
+ struct ioreq *ioreq;
+ int send_notify = 0;
+
+ while (!QLIST_EMPTY(&blkdev->finished)) {
+ ioreq = QLIST_FIRST(&blkdev->finished);
+ send_notify += blk_send_response_one(ioreq);
+ ioreq_release(ioreq, true);
+ }
+ if (send_notify) {
+ xen_be_send_notify(&blkdev->xendev);
+ }
+}
+
+static int blk_get_request(struct XenBlkDev *blkdev, struct ioreq *ioreq, RING_IDX rc)
+{
+ switch (blkdev->protocol) {
+ case BLKIF_PROTOCOL_NATIVE:
+ memcpy(&ioreq->req, RING_GET_REQUEST(&blkdev->rings.native, rc),
+ sizeof(ioreq->req));
+ break;
+ case BLKIF_PROTOCOL_X86_32:
+ blkif_get_x86_32_req(&ioreq->req,
+ RING_GET_REQUEST(&blkdev->rings.x86_32_part, rc));
+ break;
+ case BLKIF_PROTOCOL_X86_64:
+ blkif_get_x86_64_req(&ioreq->req,
+ RING_GET_REQUEST(&blkdev->rings.x86_64_part, rc));
+ break;
+ }
+ return 0;
+}
+
+static void blk_handle_requests(struct XenBlkDev *blkdev)
+{
+ RING_IDX rc, rp;
+ struct ioreq *ioreq;
+
+ blkdev->more_work = 0;
+
+ rc = blkdev->rings.common.req_cons;
+ rp = blkdev->rings.common.sring->req_prod;
+ xen_rmb(); /* Ensure we see queued requests up to 'rp'. */
+
+ blk_send_response_all(blkdev);
+ while (rc != rp) {
+ /* pull request from ring */
+ if (RING_REQUEST_CONS_OVERFLOW(&blkdev->rings.common, rc)) {
+ break;
+ }
+ ioreq = ioreq_start(blkdev);
+ if (ioreq == NULL) {
+ blkdev->more_work++;
+ break;
+ }
+ blk_get_request(blkdev, ioreq, rc);
+ blkdev->rings.common.req_cons = ++rc;
+
+ /* parse them */
+ if (ioreq_parse(ioreq) != 0) {
+ if (blk_send_response_one(ioreq)) {
+ xen_be_send_notify(&blkdev->xendev);
+ }
+ ioreq_release(ioreq, false);
+ continue;
+ }
+
+ ioreq_runio_qemu_aio(ioreq);
+ }
+
+ if (blkdev->more_work && blkdev->requests_inflight < max_requests) {
+ qemu_bh_schedule(blkdev->bh);
+ }
+}
+
+/* ------------------------------------------------------------- */
+
+static void blk_bh(void *opaque)
+{
+ struct XenBlkDev *blkdev = opaque;
+ blk_handle_requests(blkdev);
+}
+
+/*
+ * We need to account for the grant allocations requiring contiguous
+ * chunks; the worst case number would be
+ * max_req * max_seg + (max_req - 1) * (max_seg - 1) + 1,
+ * but in order to keep things simple just use
+ * 2 * max_req * max_seg.
+ */
+#define MAX_GRANTS(max_req, max_seg) (2 * (max_req) * (max_seg))
+
+static void blk_alloc(struct XenDevice *xendev)
+{
+ struct XenBlkDev *blkdev = container_of(xendev, struct XenBlkDev, xendev);
+
+ QLIST_INIT(&blkdev->inflight);
+ QLIST_INIT(&blkdev->finished);
+ QLIST_INIT(&blkdev->freelist);
+ blkdev->bh = qemu_bh_new(blk_bh, blkdev);
+ if (xen_mode != XEN_EMULATE) {
+ batch_maps = 1;
+ }
+ if (xc_gnttab_set_max_grants(xendev->gnttabdev,
+ MAX_GRANTS(max_requests, BLKIF_MAX_SEGMENTS_PER_REQUEST)) < 0) {
+ xen_be_printf(xendev, 0, "xc_gnttab_set_max_grants failed: %s\n",
+ strerror(errno));
+ }
+}
+
+static int blk_init(struct XenDevice *xendev)
+{
+ struct XenBlkDev *blkdev = container_of(xendev, struct XenBlkDev, xendev);
+ int info = 0;
+ char *directiosafe = NULL;
+
+ /* read xenstore entries */
+ if (blkdev->params == NULL) {
+ char *h = NULL;
+ blkdev->params = xenstore_read_be_str(&blkdev->xendev, "params");
+ if (blkdev->params != NULL) {
+ h = strchr(blkdev->params, ':');
+ }
+ if (h != NULL) {
+ blkdev->fileproto = blkdev->params;
+ blkdev->filename = h+1;
+ *h = 0;
+ } else {
+ blkdev->fileproto = "<unset>";
+ blkdev->filename = blkdev->params;
+ }
+ }
+ if (!strcmp("aio", blkdev->fileproto)) {
+ blkdev->fileproto = "raw";
+ }
+ if (blkdev->mode == NULL) {
+ blkdev->mode = xenstore_read_be_str(&blkdev->xendev, "mode");
+ }
+ if (blkdev->type == NULL) {
+ blkdev->type = xenstore_read_be_str(&blkdev->xendev, "type");
+ }
+ if (blkdev->dev == NULL) {
+ blkdev->dev = xenstore_read_be_str(&blkdev->xendev, "dev");
+ }
+ if (blkdev->devtype == NULL) {
+ blkdev->devtype = xenstore_read_be_str(&blkdev->xendev, "device-type");
+ }
+ directiosafe = xenstore_read_be_str(&blkdev->xendev, "direct-io-safe");
+ blkdev->directiosafe = (directiosafe && atoi(directiosafe));
+
+ /* do we have all we need? */
+ if (blkdev->params == NULL ||
+ blkdev->mode == NULL ||
+ blkdev->type == NULL ||
+ blkdev->dev == NULL) {
+ goto out_error;
+ }
+
+ /* read-only ? */
+ if (strcmp(blkdev->mode, "w")) {
+ info |= VDISK_READONLY;
+ }
+
+ /* cdrom ? */
+ if (blkdev->devtype && !strcmp(blkdev->devtype, "cdrom")) {
+ info |= VDISK_CDROM;
+ }
+
+ blkdev->file_blk = BLOCK_SIZE;
+
+ /* fill info
+ * blk_connect supplies sector-size and sectors
+ */
+ xenstore_write_be_int(&blkdev->xendev, "feature-flush-cache", 1);
+ xenstore_write_be_int(&blkdev->xendev, "feature-persistent", 1);
+ xenstore_write_be_int(&blkdev->xendev, "info", info);
+
+ g_free(directiosafe);
+ return 0;
+
+out_error:
+ g_free(blkdev->params);
+ blkdev->params = NULL;
+ g_free(blkdev->mode);
+ blkdev->mode = NULL;
+ g_free(blkdev->type);
+ blkdev->type = NULL;
+ g_free(blkdev->dev);
+ blkdev->dev = NULL;
+ g_free(blkdev->devtype);
+ blkdev->devtype = NULL;
+ g_free(directiosafe);
+ blkdev->directiosafe = false;
+ return -1;
+}
+
+static int blk_connect(struct XenDevice *xendev)
+{
+ struct XenBlkDev *blkdev = container_of(xendev, struct XenBlkDev, xendev);
+ int pers, index, qflags;
+ bool readonly = true;
+
+ /* read-only ? */
+ if (blkdev->directiosafe) {
+ qflags = BDRV_O_NOCACHE | BDRV_O_NATIVE_AIO;
+ } else {
+ qflags = BDRV_O_CACHE_WB;
+ }
+ if (strcmp(blkdev->mode, "w") == 0) {
+ qflags |= BDRV_O_RDWR;
+ readonly = false;
+ }
+
+ /* init qemu block driver */
+ index = (blkdev->xendev.dev - 202 * 256) / 16;
+ blkdev->dinfo = drive_get(IF_XEN, 0, index);
+ if (!blkdev->dinfo) {
+ /* setup via xenbus -> create new block driver instance */
+ xen_be_printf(&blkdev->xendev, 2, "create new bdrv (xenbus setup)\n");
+ blkdev->bs = bdrv_new(blkdev->dev);
+ if (blkdev->bs) {
+ BlockDriver *drv = bdrv_find_whitelisted_format(blkdev->fileproto,
+ readonly);
+ if (bdrv_open(blkdev->bs,
+ blkdev->filename, NULL, qflags, drv) != 0) {
+ bdrv_delete(blkdev->bs);
+ blkdev->bs = NULL;
+ }
+ }
+ if (!blkdev->bs) {
+ return -1;
+ }
+ } else {
+ /* setup via qemu cmdline -> already setup for us */
+ xen_be_printf(&blkdev->xendev, 2, "get configured bdrv (cmdline setup)\n");
+ blkdev->bs = blkdev->dinfo->bdrv;
+ }
+ bdrv_attach_dev_nofail(blkdev->bs, blkdev);
+ blkdev->file_size = bdrv_getlength(blkdev->bs);
+ if (blkdev->file_size < 0) {
+ xen_be_printf(&blkdev->xendev, 1, "bdrv_getlength: %d (%s) | drv %s\n",
+ (int)blkdev->file_size, strerror(-blkdev->file_size),
+ bdrv_get_format_name(blkdev->bs) ?: "-");
+ blkdev->file_size = 0;
+ }
+
+ xen_be_printf(xendev, 1, "type \"%s\", fileproto \"%s\", filename \"%s\","
+ " size %" PRId64 " (%" PRId64 " MB)\n",
+ blkdev->type, blkdev->fileproto, blkdev->filename,
+ blkdev->file_size, blkdev->file_size >> 20);
+
+ /* Fill in number of sector size and number of sectors */
+ xenstore_write_be_int(&blkdev->xendev, "sector-size", blkdev->file_blk);
+ xenstore_write_be_int64(&blkdev->xendev, "sectors",
+ blkdev->file_size / blkdev->file_blk);
+
+ if (xenstore_read_fe_int(&blkdev->xendev, "ring-ref", &blkdev->ring_ref) == -1) {
+ return -1;
+ }
+ if (xenstore_read_fe_int(&blkdev->xendev, "event-channel",
+ &blkdev->xendev.remote_port) == -1) {
+ return -1;
+ }
+ if (xenstore_read_fe_int(&blkdev->xendev, "feature-persistent", &pers)) {
+ blkdev->feature_persistent = FALSE;
+ } else {
+ blkdev->feature_persistent = !!pers;
+ }
+
+ blkdev->protocol = BLKIF_PROTOCOL_NATIVE;
+ if (blkdev->xendev.protocol) {
+ if (strcmp(blkdev->xendev.protocol, XEN_IO_PROTO_ABI_X86_32) == 0) {
+ blkdev->protocol = BLKIF_PROTOCOL_X86_32;
+ }
+ if (strcmp(blkdev->xendev.protocol, XEN_IO_PROTO_ABI_X86_64) == 0) {
+ blkdev->protocol = BLKIF_PROTOCOL_X86_64;
+ }
+ }
+
+ blkdev->sring = xc_gnttab_map_grant_ref(blkdev->xendev.gnttabdev,
+ blkdev->xendev.dom,
+ blkdev->ring_ref,
+ PROT_READ | PROT_WRITE);
+ if (!blkdev->sring) {
+ return -1;
+ }
+ blkdev->cnt_map++;
+
+ switch (blkdev->protocol) {
+ case BLKIF_PROTOCOL_NATIVE:
+ {
+ blkif_sring_t *sring_native = blkdev->sring;
+ BACK_RING_INIT(&blkdev->rings.native, sring_native, XC_PAGE_SIZE);
+ break;
+ }
+ case BLKIF_PROTOCOL_X86_32:
+ {
+ blkif_x86_32_sring_t *sring_x86_32 = blkdev->sring;
+
+ BACK_RING_INIT(&blkdev->rings.x86_32_part, sring_x86_32, XC_PAGE_SIZE);
+ break;
+ }
+ case BLKIF_PROTOCOL_X86_64:
+ {
+ blkif_x86_64_sring_t *sring_x86_64 = blkdev->sring;
+
+ BACK_RING_INIT(&blkdev->rings.x86_64_part, sring_x86_64, XC_PAGE_SIZE);
+ break;
+ }
+ }
+
+ if (blkdev->feature_persistent) {
+ /* Init persistent grants */
+ blkdev->max_grants = max_requests * BLKIF_MAX_SEGMENTS_PER_REQUEST;
+ blkdev->persistent_gnts = g_tree_new_full((GCompareDataFunc)int_cmp,
+ NULL, NULL,
+ (GDestroyNotify)destroy_grant);
+ blkdev->persistent_gnt_count = 0;
+ }
+
+ xen_be_bind_evtchn(&blkdev->xendev);
+
+ xen_be_printf(&blkdev->xendev, 1, "ok: proto %s, ring-ref %d, "
+ "remote port %d, local port %d\n",
+ blkdev->xendev.protocol, blkdev->ring_ref,
+ blkdev->xendev.remote_port, blkdev->xendev.local_port);
+ return 0;
+}
+
+static void blk_disconnect(struct XenDevice *xendev)
+{
+ struct XenBlkDev *blkdev = container_of(xendev, struct XenBlkDev, xendev);
+
+ if (blkdev->bs) {
+ if (!blkdev->dinfo) {
+ /* close/delete only if we created it ourself */
+ bdrv_close(blkdev->bs);
+ bdrv_detach_dev(blkdev->bs, blkdev);
+ bdrv_delete(blkdev->bs);
+ }
+ blkdev->bs = NULL;
+ }
+ xen_be_unbind_evtchn(&blkdev->xendev);
+
+ if (blkdev->sring) {
+ xc_gnttab_munmap(blkdev->xendev.gnttabdev, blkdev->sring, 1);
+ blkdev->cnt_map--;
+ blkdev->sring = NULL;
+ }
+}
+
+static int blk_free(struct XenDevice *xendev)
+{
+ struct XenBlkDev *blkdev = container_of(xendev, struct XenBlkDev, xendev);
+ struct ioreq *ioreq;
+
+ if (blkdev->bs || blkdev->sring) {
+ blk_disconnect(xendev);
+ }
+
+ /* Free persistent grants */
+ if (blkdev->feature_persistent) {
+ g_tree_destroy(blkdev->persistent_gnts);
+ }
+
+ while (!QLIST_EMPTY(&blkdev->freelist)) {
+ ioreq = QLIST_FIRST(&blkdev->freelist);
+ QLIST_REMOVE(ioreq, list);
+ qemu_iovec_destroy(&ioreq->v);
+ g_free(ioreq);
+ }
+
+ g_free(blkdev->params);
+ g_free(blkdev->mode);
+ g_free(blkdev->type);
+ g_free(blkdev->dev);
+ g_free(blkdev->devtype);
+ qemu_bh_delete(blkdev->bh);
+ return 0;
+}
+
+static void blk_event(struct XenDevice *xendev)
+{
+ struct XenBlkDev *blkdev = container_of(xendev, struct XenBlkDev, xendev);
+
+ qemu_bh_schedule(blkdev->bh);
+}
+
+struct XenDevOps xen_blkdev_ops = {
+ .size = sizeof(struct XenBlkDev),
+ .flags = DEVOPS_FLAG_NEED_GNTDEV,
+ .alloc = blk_alloc,
+ .init = blk_init,
+ .initialise = blk_connect,
+ .disconnect = blk_disconnect,
+ .event = blk_event,
+ .free = blk_free,
+};
diff --git a/hw/boards.h b/hw/boards.h
deleted file mode 100644
index 813d0e510..000000000
--- a/hw/boards.h
+++ /dev/null
@@ -1,47 +0,0 @@
-/* Declarations for use by board files for creating devices. */
-
-#ifndef HW_BOARDS_H
-#define HW_BOARDS_H
-
-#include "qdev.h"
-
-typedef struct QEMUMachineInitArgs {
- ram_addr_t ram_size;
- const char *boot_device;
- const char *kernel_filename;
- const char *kernel_cmdline;
- const char *initrd_filename;
- const char *cpu_model;
-} QEMUMachineInitArgs;
-
-typedef void QEMUMachineInitFunc(QEMUMachineInitArgs *args);
-
-typedef void QEMUMachineResetFunc(void);
-
-typedef struct QEMUMachine {
- const char *name;
- const char *alias;
- const char *desc;
- QEMUMachineInitFunc *init;
- QEMUMachineResetFunc *reset;
- int use_scsi;
- int max_cpus;
- unsigned int no_serial:1,
- no_parallel:1,
- use_virtcon:1,
- no_floppy:1,
- no_cdrom:1,
- no_sdcard:1;
- int is_default;
- const char *default_machine_opts;
- GlobalProperty *compat_props;
- struct QEMUMachine *next;
- const char *hw_version;
-} QEMUMachine;
-
-int qemu_register_machine(QEMUMachine *m);
-QEMUMachine *find_default_machine(void);
-
-extern QEMUMachine *current_machine;
-
-#endif
diff --git a/hw/bonito.c b/hw/bonito.c
deleted file mode 100644
index 0bf6d4aa5..000000000
--- a/hw/bonito.c
+++ /dev/null
@@ -1,847 +0,0 @@
-/*
- * bonito north bridge support
- *
- * Copyright (c) 2008 yajin (yajin@vm-kernel.org)
- * Copyright (c) 2010 Huacai Chen (zltjiangshi@gmail.com)
- *
- * This code is licensed under the GNU GPL v2.
- *
- * Contributions after 2012-01-13 are licensed under the terms of the
- * GNU GPL, version 2 or (at your option) any later version.
- */
-
-/*
- * fulong 2e mini pc has a bonito north bridge.
- */
-
-/* what is the meaning of devfn in qemu and IDSEL in bonito northbridge?
- *
- * devfn pci_slot<<3 + funno
- * one pci bus can have 32 devices and each device can have 8 functions.
- *
- * In bonito north bridge, pci slot = IDSEL bit - 12.
- * For example, PCI_IDSEL_VIA686B = 17,
- * pci slot = 17-12=5
- *
- * so
- * VT686B_FUN0's devfn = (5<<3)+0
- * VT686B_FUN1's devfn = (5<<3)+1
- *
- * qemu also uses pci address for north bridge to access pci config register.
- * bus_no [23:16]
- * dev_no [15:11]
- * fun_no [10:8]
- * reg_no [7:2]
- *
- * so function bonito_sbridge_pciaddr for the translation from
- * north bridge address to pci address.
- */
-
-#include <assert.h>
-
-#include "hw.h"
-#include "pci.h"
-#include "pc.h"
-#include "mips.h"
-#include "pci_host.h"
-#include "sysemu.h"
-#include "exec-memory.h"
-
-//#define DEBUG_BONITO
-
-#ifdef DEBUG_BONITO
-#define DPRINTF(fmt, ...) fprintf(stderr, "%s: " fmt, __FUNCTION__, ##__VA_ARGS__)
-#else
-#define DPRINTF(fmt, ...)
-#endif
-
-/* from linux soure code. include/asm-mips/mips-boards/bonito64.h*/
-#define BONITO_BOOT_BASE 0x1fc00000
-#define BONITO_BOOT_SIZE 0x00100000
-#define BONITO_BOOT_TOP (BONITO_BOOT_BASE+BONITO_BOOT_SIZE-1)
-#define BONITO_FLASH_BASE 0x1c000000
-#define BONITO_FLASH_SIZE 0x03000000
-#define BONITO_FLASH_TOP (BONITO_FLASH_BASE+BONITO_FLASH_SIZE-1)
-#define BONITO_SOCKET_BASE 0x1f800000
-#define BONITO_SOCKET_SIZE 0x00400000
-#define BONITO_SOCKET_TOP (BONITO_SOCKET_BASE+BONITO_SOCKET_SIZE-1)
-#define BONITO_REG_BASE 0x1fe00000
-#define BONITO_REG_SIZE 0x00040000
-#define BONITO_REG_TOP (BONITO_REG_BASE+BONITO_REG_SIZE-1)
-#define BONITO_DEV_BASE 0x1ff00000
-#define BONITO_DEV_SIZE 0x00100000
-#define BONITO_DEV_TOP (BONITO_DEV_BASE+BONITO_DEV_SIZE-1)
-#define BONITO_PCILO_BASE 0x10000000
-#define BONITO_PCILO_BASE_VA 0xb0000000
-#define BONITO_PCILO_SIZE 0x0c000000
-#define BONITO_PCILO_TOP (BONITO_PCILO_BASE+BONITO_PCILO_SIZE-1)
-#define BONITO_PCILO0_BASE 0x10000000
-#define BONITO_PCILO1_BASE 0x14000000
-#define BONITO_PCILO2_BASE 0x18000000
-#define BONITO_PCIHI_BASE 0x20000000
-#define BONITO_PCIHI_SIZE 0x20000000
-#define BONITO_PCIHI_TOP (BONITO_PCIHI_BASE+BONITO_PCIHI_SIZE-1)
-#define BONITO_PCIIO_BASE 0x1fd00000
-#define BONITO_PCIIO_BASE_VA 0xbfd00000
-#define BONITO_PCIIO_SIZE 0x00010000
-#define BONITO_PCIIO_TOP (BONITO_PCIIO_BASE+BONITO_PCIIO_SIZE-1)
-#define BONITO_PCICFG_BASE 0x1fe80000
-#define BONITO_PCICFG_SIZE 0x00080000
-#define BONITO_PCICFG_TOP (BONITO_PCICFG_BASE+BONITO_PCICFG_SIZE-1)
-
-
-#define BONITO_PCICONFIGBASE 0x00
-#define BONITO_REGBASE 0x100
-
-#define BONITO_PCICONFIG_BASE (BONITO_PCICONFIGBASE+BONITO_REG_BASE)
-#define BONITO_PCICONFIG_SIZE (0x100)
-
-#define BONITO_INTERNAL_REG_BASE (BONITO_REGBASE+BONITO_REG_BASE)
-#define BONITO_INTERNAL_REG_SIZE (0x70)
-
-#define BONITO_SPCICONFIG_BASE (BONITO_PCICFG_BASE)
-#define BONITO_SPCICONFIG_SIZE (BONITO_PCICFG_SIZE)
-
-
-
-/* 1. Bonito h/w Configuration */
-/* Power on register */
-
-#define BONITO_BONPONCFG (0x00 >> 2) /* 0x100 */
-#define BONITO_BONGENCFG_OFFSET 0x4
-#define BONITO_BONGENCFG (BONITO_BONGENCFG_OFFSET>>2) /*0x104 */
-
-/* 2. IO & IDE configuration */
-#define BONITO_IODEVCFG (0x08 >> 2) /* 0x108 */
-
-/* 3. IO & IDE configuration */
-#define BONITO_SDCFG (0x0c >> 2) /* 0x10c */
-
-/* 4. PCI address map control */
-#define BONITO_PCIMAP (0x10 >> 2) /* 0x110 */
-#define BONITO_PCIMEMBASECFG (0x14 >> 2) /* 0x114 */
-#define BONITO_PCIMAP_CFG (0x18 >> 2) /* 0x118 */
-
-/* 5. ICU & GPIO regs */
-/* GPIO Regs - r/w */
-#define BONITO_GPIODATA_OFFSET 0x1c
-#define BONITO_GPIODATA (BONITO_GPIODATA_OFFSET >> 2) /* 0x11c */
-#define BONITO_GPIOIE (0x20 >> 2) /* 0x120 */
-
-/* ICU Configuration Regs - r/w */
-#define BONITO_INTEDGE (0x24 >> 2) /* 0x124 */
-#define BONITO_INTSTEER (0x28 >> 2) /* 0x128 */
-#define BONITO_INTPOL (0x2c >> 2) /* 0x12c */
-
-/* ICU Enable Regs - IntEn & IntISR are r/o. */
-#define BONITO_INTENSET (0x30 >> 2) /* 0x130 */
-#define BONITO_INTENCLR (0x34 >> 2) /* 0x134 */
-#define BONITO_INTEN (0x38 >> 2) /* 0x138 */
-#define BONITO_INTISR (0x3c >> 2) /* 0x13c */
-
-/* PCI mail boxes */
-#define BONITO_PCIMAIL0_OFFSET 0x40
-#define BONITO_PCIMAIL1_OFFSET 0x44
-#define BONITO_PCIMAIL2_OFFSET 0x48
-#define BONITO_PCIMAIL3_OFFSET 0x4c
-#define BONITO_PCIMAIL0 (0x40 >> 2) /* 0x140 */
-#define BONITO_PCIMAIL1 (0x44 >> 2) /* 0x144 */
-#define BONITO_PCIMAIL2 (0x48 >> 2) /* 0x148 */
-#define BONITO_PCIMAIL3 (0x4c >> 2) /* 0x14c */
-
-/* 6. PCI cache */
-#define BONITO_PCICACHECTRL (0x50 >> 2) /* 0x150 */
-#define BONITO_PCICACHETAG (0x54 >> 2) /* 0x154 */
-#define BONITO_PCIBADADDR (0x58 >> 2) /* 0x158 */
-#define BONITO_PCIMSTAT (0x5c >> 2) /* 0x15c */
-
-/* 7. other*/
-#define BONITO_TIMECFG (0x60 >> 2) /* 0x160 */
-#define BONITO_CPUCFG (0x64 >> 2) /* 0x164 */
-#define BONITO_DQCFG (0x68 >> 2) /* 0x168 */
-#define BONITO_MEMSIZE (0x6C >> 2) /* 0x16c */
-
-#define BONITO_REGS (0x70 >> 2)
-
-/* PCI config for south bridge. type 0 */
-#define BONITO_PCICONF_IDSEL_MASK 0xfffff800 /* [31:11] */
-#define BONITO_PCICONF_IDSEL_OFFSET 11
-#define BONITO_PCICONF_FUN_MASK 0x700 /* [10:8] */
-#define BONITO_PCICONF_FUN_OFFSET 8
-#define BONITO_PCICONF_REG_MASK 0xFC
-#define BONITO_PCICONF_REG_OFFSET 0
-
-
-/* idsel BIT = pci slot number +12 */
-#define PCI_SLOT_BASE 12
-#define PCI_IDSEL_VIA686B_BIT (17)
-#define PCI_IDSEL_VIA686B (1<<PCI_IDSEL_VIA686B_BIT)
-
-#define PCI_ADDR(busno,devno,funno,regno) \
- ((((busno)<<16)&0xff0000) + (((devno)<<11)&0xf800) + (((funno)<<8)&0x700) + (regno))
-
-#define TYPE_BONITO_PCI_HOST_BRIDGE "Bonito-pcihost"
-
-typedef struct BonitoState BonitoState;
-
-typedef struct PCIBonitoState
-{
- PCIDevice dev;
-
- BonitoState *pcihost;
- uint32_t regs[BONITO_REGS];
-
- struct bonldma {
- uint32_t ldmactrl;
- uint32_t ldmastat;
- uint32_t ldmaaddr;
- uint32_t ldmago;
- } bonldma;
-
- /* Based at 1fe00300, bonito Copier */
- struct boncop {
- uint32_t copctrl;
- uint32_t copstat;
- uint32_t coppaddr;
- uint32_t copgo;
- } boncop;
-
- /* Bonito registers */
- MemoryRegion iomem;
- MemoryRegion iomem_ldma;
- MemoryRegion iomem_cop;
-
- hwaddr bonito_pciio_start;
- hwaddr bonito_pciio_length;
- int bonito_pciio_handle;
-
- hwaddr bonito_localio_start;
- hwaddr bonito_localio_length;
- int bonito_localio_handle;
-
-} PCIBonitoState;
-
-#define BONITO_PCI_HOST_BRIDGE(obj) \
- OBJECT_CHECK(BonitoState, (obj), TYPE_BONITO_PCI_HOST_BRIDGE)
-
-struct BonitoState {
- PCIHostState parent_obj;
-
- qemu_irq *pic;
-
- PCIBonitoState *pci_dev;
-};
-
-static void bonito_writel(void *opaque, hwaddr addr,
- uint64_t val, unsigned size)
-{
- PCIBonitoState *s = opaque;
- uint32_t saddr;
- int reset = 0;
-
- saddr = (addr - BONITO_REGBASE) >> 2;
-
- DPRINTF("bonito_writel "TARGET_FMT_plx" val %x saddr %x\n", addr, val, saddr);
- switch (saddr) {
- case BONITO_BONPONCFG:
- case BONITO_IODEVCFG:
- case BONITO_SDCFG:
- case BONITO_PCIMAP:
- case BONITO_PCIMEMBASECFG:
- case BONITO_PCIMAP_CFG:
- case BONITO_GPIODATA:
- case BONITO_GPIOIE:
- case BONITO_INTEDGE:
- case BONITO_INTSTEER:
- case BONITO_INTPOL:
- case BONITO_PCIMAIL0:
- case BONITO_PCIMAIL1:
- case BONITO_PCIMAIL2:
- case BONITO_PCIMAIL3:
- case BONITO_PCICACHECTRL:
- case BONITO_PCICACHETAG:
- case BONITO_PCIBADADDR:
- case BONITO_PCIMSTAT:
- case BONITO_TIMECFG:
- case BONITO_CPUCFG:
- case BONITO_DQCFG:
- case BONITO_MEMSIZE:
- s->regs[saddr] = val;
- break;
- case BONITO_BONGENCFG:
- if (!(s->regs[saddr] & 0x04) && (val & 0x04)) {
- reset = 1; /* bit 2 jump from 0 to 1 cause reset */
- }
- s->regs[saddr] = val;
- if (reset) {
- qemu_system_reset_request();
- }
- break;
- case BONITO_INTENSET:
- s->regs[BONITO_INTENSET] = val;
- s->regs[BONITO_INTEN] |= val;
- break;
- case BONITO_INTENCLR:
- s->regs[BONITO_INTENCLR] = val;
- s->regs[BONITO_INTEN] &= ~val;
- break;
- case BONITO_INTEN:
- case BONITO_INTISR:
- DPRINTF("write to readonly bonito register %x\n", saddr);
- break;
- default:
- DPRINTF("write to unknown bonito register %x\n", saddr);
- break;
- }
-}
-
-static uint64_t bonito_readl(void *opaque, hwaddr addr,
- unsigned size)
-{
- PCIBonitoState *s = opaque;
- uint32_t saddr;
-
- saddr = (addr - BONITO_REGBASE) >> 2;
-
- DPRINTF("bonito_readl "TARGET_FMT_plx"\n", addr);
- switch (saddr) {
- case BONITO_INTISR:
- return s->regs[saddr];
- default:
- return s->regs[saddr];
- }
-}
-
-static const MemoryRegionOps bonito_ops = {
- .read = bonito_readl,
- .write = bonito_writel,
- .endianness = DEVICE_NATIVE_ENDIAN,
- .valid = {
- .min_access_size = 4,
- .max_access_size = 4,
- },
-};
-
-static void bonito_pciconf_writel(void *opaque, hwaddr addr,
- uint64_t val, unsigned size)
-{
- PCIBonitoState *s = opaque;
- PCIDevice *d = PCI_DEVICE(s);
-
- DPRINTF("bonito_pciconf_writel "TARGET_FMT_plx" val %x\n", addr, val);
- d->config_write(d, addr, val, 4);
-}
-
-static uint64_t bonito_pciconf_readl(void *opaque, hwaddr addr,
- unsigned size)
-{
-
- PCIBonitoState *s = opaque;
- PCIDevice *d = PCI_DEVICE(s);
-
- DPRINTF("bonito_pciconf_readl "TARGET_FMT_plx"\n", addr);
- return d->config_read(d, addr, 4);
-}
-
-/* north bridge PCI configure space. 0x1fe0 0000 - 0x1fe0 00ff */
-
-static const MemoryRegionOps bonito_pciconf_ops = {
- .read = bonito_pciconf_readl,
- .write = bonito_pciconf_writel,
- .endianness = DEVICE_NATIVE_ENDIAN,
- .valid = {
- .min_access_size = 4,
- .max_access_size = 4,
- },
-};
-
-static uint64_t bonito_ldma_readl(void *opaque, hwaddr addr,
- unsigned size)
-{
- uint32_t val;
- PCIBonitoState *s = opaque;
-
- val = ((uint32_t *)(&s->bonldma))[addr/sizeof(uint32_t)];
-
- return val;
-}
-
-static void bonito_ldma_writel(void *opaque, hwaddr addr,
- uint64_t val, unsigned size)
-{
- PCIBonitoState *s = opaque;
-
- ((uint32_t *)(&s->bonldma))[addr/sizeof(uint32_t)] = val & 0xffffffff;
-}
-
-static const MemoryRegionOps bonito_ldma_ops = {
- .read = bonito_ldma_readl,
- .write = bonito_ldma_writel,
- .endianness = DEVICE_NATIVE_ENDIAN,
- .valid = {
- .min_access_size = 4,
- .max_access_size = 4,
- },
-};
-
-static uint64_t bonito_cop_readl(void *opaque, hwaddr addr,
- unsigned size)
-{
- uint32_t val;
- PCIBonitoState *s = opaque;
-
- val = ((uint32_t *)(&s->boncop))[addr/sizeof(uint32_t)];
-
- return val;
-}
-
-static void bonito_cop_writel(void *opaque, hwaddr addr,
- uint64_t val, unsigned size)
-{
- PCIBonitoState *s = opaque;
-
- ((uint32_t *)(&s->boncop))[addr/sizeof(uint32_t)] = val & 0xffffffff;
-}
-
-static const MemoryRegionOps bonito_cop_ops = {
- .read = bonito_cop_readl,
- .write = bonito_cop_writel,
- .endianness = DEVICE_NATIVE_ENDIAN,
- .valid = {
- .min_access_size = 4,
- .max_access_size = 4,
- },
-};
-
-static uint32_t bonito_sbridge_pciaddr(void *opaque, hwaddr addr)
-{
- PCIBonitoState *s = opaque;
- PCIHostState *phb = PCI_HOST_BRIDGE(s->pcihost);
- uint32_t cfgaddr;
- uint32_t idsel;
- uint32_t devno;
- uint32_t funno;
- uint32_t regno;
- uint32_t pciaddr;
-
- /* support type0 pci config */
- if ((s->regs[BONITO_PCIMAP_CFG] & 0x10000) != 0x0) {
- return 0xffffffff;
- }
-
- cfgaddr = addr & 0xffff;
- cfgaddr |= (s->regs[BONITO_PCIMAP_CFG] & 0xffff) << 16;
-
- idsel = (cfgaddr & BONITO_PCICONF_IDSEL_MASK) >> BONITO_PCICONF_IDSEL_OFFSET;
- devno = ffs(idsel) - 1;
- funno = (cfgaddr & BONITO_PCICONF_FUN_MASK) >> BONITO_PCICONF_FUN_OFFSET;
- regno = (cfgaddr & BONITO_PCICONF_REG_MASK) >> BONITO_PCICONF_REG_OFFSET;
-
- if (idsel == 0) {
- fprintf(stderr, "error in bonito pci config address " TARGET_FMT_plx
- ",pcimap_cfg=%x\n", addr, s->regs[BONITO_PCIMAP_CFG]);
- exit(1);
- }
- pciaddr = PCI_ADDR(pci_bus_num(phb->bus), devno, funno, regno);
- DPRINTF("cfgaddr %x pciaddr %x busno %x devno %d funno %d regno %d\n",
- cfgaddr, pciaddr, pci_bus_num(phb->bus), devno, funno, regno);
-
- return pciaddr;
-}
-
-static void bonito_spciconf_writeb(void *opaque, hwaddr addr,
- uint32_t val)
-{
- PCIBonitoState *s = opaque;
- PCIDevice *d = PCI_DEVICE(s);
- PCIHostState *phb = PCI_HOST_BRIDGE(s->pcihost);
- uint32_t pciaddr;
- uint16_t status;
-
- DPRINTF("bonito_spciconf_writeb "TARGET_FMT_plx" val %x\n", addr, val);
- pciaddr = bonito_sbridge_pciaddr(s, addr);
-
- if (pciaddr == 0xffffffff) {
- return;
- }
-
- /* set the pci address in s->config_reg */
- phb->config_reg = (pciaddr) | (1u << 31);
- pci_data_write(phb->bus, phb->config_reg, val & 0xff, 1);
-
- /* clear PCI_STATUS_REC_MASTER_ABORT and PCI_STATUS_REC_TARGET_ABORT */
- status = pci_get_word(d->config + PCI_STATUS);
- status &= ~(PCI_STATUS_REC_MASTER_ABORT | PCI_STATUS_REC_TARGET_ABORT);
- pci_set_word(d->config + PCI_STATUS, status);
-}
-
-static void bonito_spciconf_writew(void *opaque, hwaddr addr,
- uint32_t val)
-{
- PCIBonitoState *s = opaque;
- PCIDevice *d = PCI_DEVICE(s);
- PCIHostState *phb = PCI_HOST_BRIDGE(s->pcihost);
- uint32_t pciaddr;
- uint16_t status;
-
- DPRINTF("bonito_spciconf_writew "TARGET_FMT_plx" val %x\n", addr, val);
- assert((addr & 0x1) == 0);
-
- pciaddr = bonito_sbridge_pciaddr(s, addr);
-
- if (pciaddr == 0xffffffff) {
- return;
- }
-
- /* set the pci address in s->config_reg */
- phb->config_reg = (pciaddr) | (1u << 31);
- pci_data_write(phb->bus, phb->config_reg, val, 2);
-
- /* clear PCI_STATUS_REC_MASTER_ABORT and PCI_STATUS_REC_TARGET_ABORT */
- status = pci_get_word(d->config + PCI_STATUS);
- status &= ~(PCI_STATUS_REC_MASTER_ABORT | PCI_STATUS_REC_TARGET_ABORT);
- pci_set_word(d->config + PCI_STATUS, status);
-}
-
-static void bonito_spciconf_writel(void *opaque, hwaddr addr,
- uint32_t val)
-{
- PCIBonitoState *s = opaque;
- PCIDevice *d = PCI_DEVICE(s);
- PCIHostState *phb = PCI_HOST_BRIDGE(s->pcihost);
- uint32_t pciaddr;
- uint16_t status;
-
- DPRINTF("bonito_spciconf_writel "TARGET_FMT_plx" val %x\n", addr, val);
- assert((addr & 0x3) == 0);
-
- pciaddr = bonito_sbridge_pciaddr(s, addr);
-
- if (pciaddr == 0xffffffff) {
- return;
- }
-
- /* set the pci address in s->config_reg */
- phb->config_reg = (pciaddr) | (1u << 31);
- pci_data_write(phb->bus, phb->config_reg, val, 4);
-
- /* clear PCI_STATUS_REC_MASTER_ABORT and PCI_STATUS_REC_TARGET_ABORT */
- status = pci_get_word(d->config + PCI_STATUS);
- status &= ~(PCI_STATUS_REC_MASTER_ABORT | PCI_STATUS_REC_TARGET_ABORT);
- pci_set_word(d->config + PCI_STATUS, status);
-}
-
-static uint32_t bonito_spciconf_readb(void *opaque, hwaddr addr)
-{
- PCIBonitoState *s = opaque;
- PCIDevice *d = PCI_DEVICE(s);
- PCIHostState *phb = PCI_HOST_BRIDGE(s->pcihost);
- uint32_t pciaddr;
- uint16_t status;
-
- DPRINTF("bonito_spciconf_readb "TARGET_FMT_plx"\n", addr);
- pciaddr = bonito_sbridge_pciaddr(s, addr);
-
- if (pciaddr == 0xffffffff) {
- return 0xff;
- }
-
- /* set the pci address in s->config_reg */
- phb->config_reg = (pciaddr) | (1u << 31);
-
- /* clear PCI_STATUS_REC_MASTER_ABORT and PCI_STATUS_REC_TARGET_ABORT */
- status = pci_get_word(d->config + PCI_STATUS);
- status &= ~(PCI_STATUS_REC_MASTER_ABORT | PCI_STATUS_REC_TARGET_ABORT);
- pci_set_word(d->config + PCI_STATUS, status);
-
- return pci_data_read(phb->bus, phb->config_reg, 1);
-}
-
-static uint32_t bonito_spciconf_readw(void *opaque, hwaddr addr)
-{
- PCIBonitoState *s = opaque;
- PCIDevice *d = PCI_DEVICE(s);
- PCIHostState *phb = PCI_HOST_BRIDGE(s->pcihost);
- uint32_t pciaddr;
- uint16_t status;
-
- DPRINTF("bonito_spciconf_readw "TARGET_FMT_plx"\n", addr);
- assert((addr & 0x1) == 0);
-
- pciaddr = bonito_sbridge_pciaddr(s, addr);
-
- if (pciaddr == 0xffffffff) {
- return 0xffff;
- }
-
- /* set the pci address in s->config_reg */
- phb->config_reg = (pciaddr) | (1u << 31);
-
- /* clear PCI_STATUS_REC_MASTER_ABORT and PCI_STATUS_REC_TARGET_ABORT */
- status = pci_get_word(d->config + PCI_STATUS);
- status &= ~(PCI_STATUS_REC_MASTER_ABORT | PCI_STATUS_REC_TARGET_ABORT);
- pci_set_word(d->config + PCI_STATUS, status);
-
- return pci_data_read(phb->bus, phb->config_reg, 2);
-}
-
-static uint32_t bonito_spciconf_readl(void *opaque, hwaddr addr)
-{
- PCIBonitoState *s = opaque;
- PCIDevice *d = PCI_DEVICE(s);
- PCIHostState *phb = PCI_HOST_BRIDGE(s->pcihost);
- uint32_t pciaddr;
- uint16_t status;
-
- DPRINTF("bonito_spciconf_readl "TARGET_FMT_plx"\n", addr);
- assert((addr & 0x3) == 0);
-
- pciaddr = bonito_sbridge_pciaddr(s, addr);
-
- if (pciaddr == 0xffffffff) {
- return 0xffffffff;
- }
-
- /* set the pci address in s->config_reg */
- phb->config_reg = (pciaddr) | (1u << 31);
-
- /* clear PCI_STATUS_REC_MASTER_ABORT and PCI_STATUS_REC_TARGET_ABORT */
- status = pci_get_word(d->config + PCI_STATUS);
- status &= ~(PCI_STATUS_REC_MASTER_ABORT | PCI_STATUS_REC_TARGET_ABORT);
- pci_set_word(d->config + PCI_STATUS, status);
-
- return pci_data_read(phb->bus, phb->config_reg, 4);
-}
-
-/* south bridge PCI configure space. 0x1fe8 0000 - 0x1fef ffff */
-static const MemoryRegionOps bonito_spciconf_ops = {
- .old_mmio = {
- .read = {
- bonito_spciconf_readb,
- bonito_spciconf_readw,
- bonito_spciconf_readl,
- },
- .write = {
- bonito_spciconf_writeb,
- bonito_spciconf_writew,
- bonito_spciconf_writel,
- },
- },
- .endianness = DEVICE_NATIVE_ENDIAN,
-};
-
-#define BONITO_IRQ_BASE 32
-
-static void pci_bonito_set_irq(void *opaque, int irq_num, int level)
-{
- BonitoState *s = opaque;
- qemu_irq *pic = s->pic;
- PCIBonitoState *bonito_state = s->pci_dev;
- int internal_irq = irq_num - BONITO_IRQ_BASE;
-
- if (bonito_state->regs[BONITO_INTEDGE] & (1 << internal_irq)) {
- qemu_irq_pulse(*pic);
- } else { /* level triggered */
- if (bonito_state->regs[BONITO_INTPOL] & (1 << internal_irq)) {
- qemu_irq_raise(*pic);
- } else {
- qemu_irq_lower(*pic);
- }
- }
-}
-
-/* map the original irq (0~3) to bonito irq (16~47, but 16~31 are unused) */
-static int pci_bonito_map_irq(PCIDevice * pci_dev, int irq_num)
-{
- int slot;
-
- slot = (pci_dev->devfn >> 3);
-
- switch (slot) {
- case 5: /* FULONG2E_VIA_SLOT, SouthBridge, IDE, USB, ACPI, AC97, MC97 */
- return irq_num % 4 + BONITO_IRQ_BASE;
- case 6: /* FULONG2E_ATI_SLOT, VGA */
- return 4 + BONITO_IRQ_BASE;
- case 7: /* FULONG2E_RTL_SLOT, RTL8139 */
- return 5 + BONITO_IRQ_BASE;
- case 8 ... 12: /* PCI slot 1 to 4 */
- return (slot - 8 + irq_num) + 6 + BONITO_IRQ_BASE;
- default: /* Unknown device, don't do any translation */
- return irq_num;
- }
-}
-
-static void bonito_reset(void *opaque)
-{
- PCIBonitoState *s = opaque;
-
- /* set the default value of north bridge registers */
-
- s->regs[BONITO_BONPONCFG] = 0xc40;
- s->regs[BONITO_BONGENCFG] = 0x1384;
- s->regs[BONITO_IODEVCFG] = 0x2bff8010;
- s->regs[BONITO_SDCFG] = 0x255e0091;
-
- s->regs[BONITO_GPIODATA] = 0x1ff;
- s->regs[BONITO_GPIOIE] = 0x1ff;
- s->regs[BONITO_DQCFG] = 0x8;
- s->regs[BONITO_MEMSIZE] = 0x10000000;
- s->regs[BONITO_PCIMAP] = 0x6140;
-}
-
-static const VMStateDescription vmstate_bonito = {
- .name = "Bonito",
- .version_id = 1,
- .minimum_version_id = 1,
- .minimum_version_id_old = 1,
- .fields = (VMStateField []) {
- VMSTATE_PCI_DEVICE(dev, PCIBonitoState),
- VMSTATE_END_OF_LIST()
- }
-};
-
-static int bonito_pcihost_initfn(SysBusDevice *dev)
-{
- PCIHostState *phb = PCI_HOST_BRIDGE(dev);
-
- phb->bus = pci_register_bus(DEVICE(dev), "pci",
- pci_bonito_set_irq, pci_bonito_map_irq, dev,
- get_system_memory(), get_system_io(),
- 0x28, 32);
-
- return 0;
-}
-
-static int bonito_initfn(PCIDevice *dev)
-{
- PCIBonitoState *s = DO_UPCAST(PCIBonitoState, dev, dev);
- SysBusDevice *sysbus = SYS_BUS_DEVICE(s->pcihost);
- PCIHostState *phb = PCI_HOST_BRIDGE(s->pcihost);
-
- /* Bonito North Bridge, built on FPGA, VENDOR_ID/DEVICE_ID are "undefined" */
- pci_config_set_prog_interface(dev->config, 0x00);
-
- /* set the north bridge register mapping */
- memory_region_init_io(&s->iomem, &bonito_ops, s,
- "north-bridge-register", BONITO_INTERNAL_REG_SIZE);
- sysbus_init_mmio(sysbus, &s->iomem);
- sysbus_mmio_map(sysbus, 0, BONITO_INTERNAL_REG_BASE);
-
- /* set the north bridge pci configure mapping */
- memory_region_init_io(&phb->conf_mem, &bonito_pciconf_ops, s,
- "north-bridge-pci-config", BONITO_PCICONFIG_SIZE);
- sysbus_init_mmio(sysbus, &phb->conf_mem);
- sysbus_mmio_map(sysbus, 1, BONITO_PCICONFIG_BASE);
-
- /* set the south bridge pci configure mapping */
- memory_region_init_io(&phb->data_mem, &bonito_spciconf_ops, s,
- "south-bridge-pci-config", BONITO_SPCICONFIG_SIZE);
- sysbus_init_mmio(sysbus, &phb->data_mem);
- sysbus_mmio_map(sysbus, 2, BONITO_SPCICONFIG_BASE);
-
- memory_region_init_io(&s->iomem_ldma, &bonito_ldma_ops, s,
- "ldma", 0x100);
- sysbus_init_mmio(sysbus, &s->iomem_ldma);
- sysbus_mmio_map(sysbus, 3, 0xbfe00200);
-
- memory_region_init_io(&s->iomem_cop, &bonito_cop_ops, s,
- "cop", 0x100);
- sysbus_init_mmio(sysbus, &s->iomem_cop);
- sysbus_mmio_map(sysbus, 4, 0xbfe00300);
-
- /* Map PCI IO Space 0x1fd0 0000 - 0x1fd1 0000 */
- s->bonito_pciio_start = BONITO_PCIIO_BASE;
- s->bonito_pciio_length = BONITO_PCIIO_SIZE;
- isa_mem_base = s->bonito_pciio_start;
- isa_mmio_init(s->bonito_pciio_start, s->bonito_pciio_length);
-
- /* add pci local io mapping */
- s->bonito_localio_start = BONITO_DEV_BASE;
- s->bonito_localio_length = BONITO_DEV_SIZE;
- isa_mmio_init(s->bonito_localio_start, s->bonito_localio_length);
-
- /* set the default value of north bridge pci config */
- pci_set_word(dev->config + PCI_COMMAND, 0x0000);
- pci_set_word(dev->config + PCI_STATUS, 0x0000);
- pci_set_word(dev->config + PCI_SUBSYSTEM_VENDOR_ID, 0x0000);
- pci_set_word(dev->config + PCI_SUBSYSTEM_ID, 0x0000);
-
- pci_set_byte(dev->config + PCI_INTERRUPT_LINE, 0x00);
- pci_set_byte(dev->config + PCI_INTERRUPT_PIN, 0x01);
- pci_set_byte(dev->config + PCI_MIN_GNT, 0x3c);
- pci_set_byte(dev->config + PCI_MAX_LAT, 0x00);
-
- qemu_register_reset(bonito_reset, s);
-
- return 0;
-}
-
-PCIBus *bonito_init(qemu_irq *pic)
-{
- DeviceState *dev;
- BonitoState *pcihost;
- PCIHostState *phb;
- PCIBonitoState *s;
- PCIDevice *d;
-
- dev = qdev_create(NULL, TYPE_BONITO_PCI_HOST_BRIDGE);
- phb = PCI_HOST_BRIDGE(dev);
- pcihost = BONITO_PCI_HOST_BRIDGE(dev);
- pcihost->pic = pic;
- qdev_init_nofail(dev);
-
- /* set the pcihost pointer before bonito_initfn is called */
- d = pci_create(phb->bus, PCI_DEVFN(0, 0), "Bonito");
- s = DO_UPCAST(PCIBonitoState, dev, d);
- s->pcihost = pcihost;
- pcihost->pci_dev = s;
- qdev_init_nofail(DEVICE(d));
-
- return phb->bus;
-}
-
-static void bonito_class_init(ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS(klass);
- PCIDeviceClass *k = PCI_DEVICE_CLASS(klass);
-
- k->init = bonito_initfn;
- k->vendor_id = 0xdf53;
- k->device_id = 0x00d5;
- k->revision = 0x01;
- k->class_id = PCI_CLASS_BRIDGE_HOST;
- dc->desc = "Host bridge";
- dc->no_user = 1;
- dc->vmsd = &vmstate_bonito;
-}
-
-static const TypeInfo bonito_info = {
- .name = "Bonito",
- .parent = TYPE_PCI_DEVICE,
- .instance_size = sizeof(PCIBonitoState),
- .class_init = bonito_class_init,
-};
-
-static void bonito_pcihost_class_init(ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS(klass);
- SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
-
- k->init = bonito_pcihost_initfn;
- dc->no_user = 1;
-}
-
-static const TypeInfo bonito_pcihost_info = {
- .name = TYPE_BONITO_PCI_HOST_BRIDGE,
- .parent = TYPE_PCI_HOST_BRIDGE,
- .instance_size = sizeof(BonitoState),
- .class_init = bonito_pcihost_class_init,
-};
-
-static void bonito_register_types(void)
-{
- type_register_static(&bonito_pcihost_info);
- type_register_static(&bonito_info);
-}
-
-type_init(bonito_register_types)
diff --git a/hw/bt-hci-csr.c b/hw/bt-hci-csr.c
deleted file mode 100644
index 772b677ba..000000000
--- a/hw/bt-hci-csr.c
+++ /dev/null
@@ -1,453 +0,0 @@
-/*
- * Bluetooth serial HCI transport.
- * CSR41814 HCI with H4p vendor extensions.
- *
- * Copyright (C) 2008 Andrzej Zaborowski <balrog@zabor.org>
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License as
- * published by the Free Software Foundation; either version 2 or
- * (at your option) version 3 of the License.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, see <http://www.gnu.org/licenses/>.
- */
-
-#include "qemu-common.h"
-#include "qemu-char.h"
-#include "qemu-timer.h"
-#include "irq.h"
-#include "net.h"
-#include "bt.h"
-
-struct csrhci_s {
- int enable;
- qemu_irq *pins;
- int pin_state;
- int modem_state;
- CharDriverState chr;
-#define FIFO_LEN 4096
- int out_start;
- int out_len;
- int out_size;
- uint8_t outfifo[FIFO_LEN * 2];
- uint8_t inpkt[FIFO_LEN];
- int in_len;
- int in_hdr;
- int in_data;
- QEMUTimer *out_tm;
- int64_t baud_delay;
-
- bdaddr_t bd_addr;
- struct HCIInfo *hci;
-};
-
-/* H4+ packet types */
-enum {
- H4_CMD_PKT = 1,
- H4_ACL_PKT = 2,
- H4_SCO_PKT = 3,
- H4_EVT_PKT = 4,
- H4_NEG_PKT = 6,
- H4_ALIVE_PKT = 7,
-};
-
-/* CSR41814 negotiation start magic packet */
-static const uint8_t csrhci_neg_packet[] = {
- H4_NEG_PKT, 10,
- 0x00, 0xa0, 0x01, 0x00, 0x00,
- 0x4c, 0x00, 0x96, 0x00, 0x00,
-};
-
-/* CSR41814 vendor-specific command OCFs */
-enum {
- OCF_CSR_SEND_FIRMWARE = 0x000,
-};
-
-static inline void csrhci_fifo_wake(struct csrhci_s *s)
-{
- if (!s->enable || !s->out_len)
- return;
-
- /* XXX: Should wait for s->modem_state & CHR_TIOCM_RTS? */
- if (s->chr.chr_can_read && s->chr.chr_can_read(s->chr.handler_opaque) &&
- s->chr.chr_read) {
- s->chr.chr_read(s->chr.handler_opaque,
- s->outfifo + s->out_start ++, 1);
- s->out_len --;
- if (s->out_start >= s->out_size) {
- s->out_start = 0;
- s->out_size = FIFO_LEN;
- }
- }
-
- if (s->out_len)
- qemu_mod_timer(s->out_tm, qemu_get_clock_ns(vm_clock) + s->baud_delay);
-}
-
-#define csrhci_out_packetz(s, len) memset(csrhci_out_packet(s, len), 0, len)
-static uint8_t *csrhci_out_packet(struct csrhci_s *s, int len)
-{
- int off = s->out_start + s->out_len;
-
- /* TODO: do the padding here, i.e. align len */
- s->out_len += len;
-
- if (off < FIFO_LEN) {
- if (off + len > FIFO_LEN && (s->out_size = off + len) > FIFO_LEN * 2) {
- fprintf(stderr, "%s: can't alloc %i bytes\n", __FUNCTION__, len);
- exit(-1);
- }
- return s->outfifo + off;
- }
-
- if (s->out_len > s->out_size) {
- fprintf(stderr, "%s: can't alloc %i bytes\n", __FUNCTION__, len);
- exit(-1);
- }
-
- return s->outfifo + off - s->out_size;
-}
-
-static inline uint8_t *csrhci_out_packet_csr(struct csrhci_s *s,
- int type, int len)
-{
- uint8_t *ret = csrhci_out_packetz(s, len + 2);
-
- *ret ++ = type;
- *ret ++ = len;
-
- return ret;
-}
-
-static inline uint8_t *csrhci_out_packet_event(struct csrhci_s *s,
- int evt, int len)
-{
- uint8_t *ret = csrhci_out_packetz(s,
- len + 1 + sizeof(struct hci_event_hdr));
-
- *ret ++ = H4_EVT_PKT;
- ((struct hci_event_hdr *) ret)->evt = evt;
- ((struct hci_event_hdr *) ret)->plen = len;
-
- return ret + sizeof(struct hci_event_hdr);
-}
-
-static void csrhci_in_packet_vendor(struct csrhci_s *s, int ocf,
- uint8_t *data, int len)
-{
- int offset;
- uint8_t *rpkt;
-
- switch (ocf) {
- case OCF_CSR_SEND_FIRMWARE:
- /* Check if this is the bd_address packet */
- if (len >= 18 + 8 && data[12] == 0x01 && data[13] == 0x00) {
- offset = 18;
- s->bd_addr.b[0] = data[offset + 7]; /* Beyond cmd packet end(!?) */
- s->bd_addr.b[1] = data[offset + 6];
- s->bd_addr.b[2] = data[offset + 4];
- s->bd_addr.b[3] = data[offset + 0];
- s->bd_addr.b[4] = data[offset + 3];
- s->bd_addr.b[5] = data[offset + 2];
-
- s->hci->bdaddr_set(s->hci, s->bd_addr.b);
- fprintf(stderr, "%s: bd_address loaded from firmware: "
- "%02x:%02x:%02x:%02x:%02x:%02x\n", __FUNCTION__,
- s->bd_addr.b[0], s->bd_addr.b[1], s->bd_addr.b[2],
- s->bd_addr.b[3], s->bd_addr.b[4], s->bd_addr.b[5]);
- }
-
- rpkt = csrhci_out_packet_event(s, EVT_VENDOR, 11);
- /* Status bytes: no error */
- rpkt[9] = 0x00;
- rpkt[10] = 0x00;
- break;
-
- default:
- fprintf(stderr, "%s: got a bad CMD packet\n", __FUNCTION__);
- return;
- }
-
- csrhci_fifo_wake(s);
-}
-
-static void csrhci_in_packet(struct csrhci_s *s, uint8_t *pkt)
-{
- uint8_t *rpkt;
- int opc;
-
- switch (*pkt ++) {
- case H4_CMD_PKT:
- opc = le16_to_cpu(((struct hci_command_hdr *) pkt)->opcode);
- if (cmd_opcode_ogf(opc) == OGF_VENDOR_CMD) {
- csrhci_in_packet_vendor(s, cmd_opcode_ocf(opc),
- pkt + sizeof(struct hci_command_hdr),
- s->in_len - sizeof(struct hci_command_hdr) - 1);
- return;
- }
-
- /* TODO: if the command is OCF_READ_LOCAL_COMMANDS or the likes,
- * we need to send it to the HCI layer and then add our supported
- * commands to the returned mask (such as OGF_VENDOR_CMD). With
- * bt-hci.c we could just have hooks for this kind of commands but
- * we can't with bt-host.c. */
-
- s->hci->cmd_send(s->hci, pkt, s->in_len - 1);
- break;
-
- case H4_EVT_PKT:
- goto bad_pkt;
-
- case H4_ACL_PKT:
- s->hci->acl_send(s->hci, pkt, s->in_len - 1);
- break;
-
- case H4_SCO_PKT:
- s->hci->sco_send(s->hci, pkt, s->in_len - 1);
- break;
-
- case H4_NEG_PKT:
- if (s->in_hdr != sizeof(csrhci_neg_packet) ||
- memcmp(pkt - 1, csrhci_neg_packet, s->in_hdr)) {
- fprintf(stderr, "%s: got a bad NEG packet\n", __FUNCTION__);
- return;
- }
- pkt += 2;
-
- rpkt = csrhci_out_packet_csr(s, H4_NEG_PKT, 10);
-
- *rpkt ++ = 0x20; /* Operational settings negotiation Ok */
- memcpy(rpkt, pkt, 7); rpkt += 7;
- *rpkt ++ = 0xff;
- *rpkt = 0xff;
- break;
-
- case H4_ALIVE_PKT:
- if (s->in_hdr != 4 || pkt[1] != 0x55 || pkt[2] != 0x00) {
- fprintf(stderr, "%s: got a bad ALIVE packet\n", __FUNCTION__);
- return;
- }
-
- rpkt = csrhci_out_packet_csr(s, H4_ALIVE_PKT, 2);
-
- *rpkt ++ = 0xcc;
- *rpkt = 0x00;
- break;
-
- default:
- bad_pkt:
- /* TODO: error out */
- fprintf(stderr, "%s: got a bad packet\n", __FUNCTION__);
- break;
- }
-
- csrhci_fifo_wake(s);
-}
-
-static int csrhci_header_len(const uint8_t *pkt)
-{
- switch (pkt[0]) {
- case H4_CMD_PKT:
- return HCI_COMMAND_HDR_SIZE;
- case H4_EVT_PKT:
- return HCI_EVENT_HDR_SIZE;
- case H4_ACL_PKT:
- return HCI_ACL_HDR_SIZE;
- case H4_SCO_PKT:
- return HCI_SCO_HDR_SIZE;
- case H4_NEG_PKT:
- return pkt[1] + 1;
- case H4_ALIVE_PKT:
- return 3;
- }
-
- exit(-1);
-}
-
-static int csrhci_data_len(const uint8_t *pkt)
-{
- switch (*pkt ++) {
- case H4_CMD_PKT:
- /* It seems that vendor-specific command packets for H4+ are all
- * one byte longer than indicated in the standard header. */
- if (le16_to_cpu(((struct hci_command_hdr *) pkt)->opcode) == 0xfc00)
- return (((struct hci_command_hdr *) pkt)->plen + 1) & ~1;
-
- return ((struct hci_command_hdr *) pkt)->plen;
- case H4_EVT_PKT:
- return ((struct hci_event_hdr *) pkt)->plen;
- case H4_ACL_PKT:
- return le16_to_cpu(((struct hci_acl_hdr *) pkt)->dlen);
- case H4_SCO_PKT:
- return ((struct hci_sco_hdr *) pkt)->dlen;
- case H4_NEG_PKT:
- case H4_ALIVE_PKT:
- return 0;
- }
-
- exit(-1);
-}
-
-static int csrhci_write(struct CharDriverState *chr,
- const uint8_t *buf, int len)
-{
- struct csrhci_s *s = (struct csrhci_s *) chr->opaque;
- int plen = s->in_len;
-
- if (!s->enable)
- return 0;
-
- s->in_len += len;
- memcpy(s->inpkt + plen, buf, len);
-
- while (1) {
- if (s->in_len >= 2 && plen < 2)
- s->in_hdr = csrhci_header_len(s->inpkt) + 1;
-
- if (s->in_len >= s->in_hdr && plen < s->in_hdr)
- s->in_data = csrhci_data_len(s->inpkt) + s->in_hdr;
-
- if (s->in_len >= s->in_data) {
- csrhci_in_packet(s, s->inpkt);
-
- memmove(s->inpkt, s->inpkt + s->in_len, s->in_len - s->in_data);
- s->in_len -= s->in_data;
- s->in_hdr = INT_MAX;
- s->in_data = INT_MAX;
- plen = 0;
- } else
- break;
- }
-
- return len;
-}
-
-static void csrhci_out_hci_packet_event(void *opaque,
- const uint8_t *data, int len)
-{
- struct csrhci_s *s = (struct csrhci_s *) opaque;
- uint8_t *pkt = csrhci_out_packet(s, (len + 2) & ~1); /* Align */
-
- *pkt ++ = H4_EVT_PKT;
- memcpy(pkt, data, len);
-
- csrhci_fifo_wake(s);
-}
-
-static void csrhci_out_hci_packet_acl(void *opaque,
- const uint8_t *data, int len)
-{
- struct csrhci_s *s = (struct csrhci_s *) opaque;
- uint8_t *pkt = csrhci_out_packet(s, (len + 2) & ~1); /* Align */
-
- *pkt ++ = H4_ACL_PKT;
- pkt[len & ~1] = 0;
- memcpy(pkt, data, len);
-
- csrhci_fifo_wake(s);
-}
-
-static int csrhci_ioctl(struct CharDriverState *chr, int cmd, void *arg)
-{
- QEMUSerialSetParams *ssp;
- struct csrhci_s *s = (struct csrhci_s *) chr->opaque;
- int prev_state = s->modem_state;
-
- switch (cmd) {
- case CHR_IOCTL_SERIAL_SET_PARAMS:
- ssp = (QEMUSerialSetParams *) arg;
- s->baud_delay = get_ticks_per_sec() / ssp->speed;
- /* Moments later... (but shorter than 100ms) */
- s->modem_state |= CHR_TIOCM_CTS;
- break;
-
- case CHR_IOCTL_SERIAL_GET_TIOCM:
- *(int *) arg = s->modem_state;
- break;
-
- case CHR_IOCTL_SERIAL_SET_TIOCM:
- s->modem_state = *(int *) arg;
- if (~s->modem_state & prev_state & CHR_TIOCM_RTS)
- s->modem_state &= ~CHR_TIOCM_CTS;
- break;
-
- default:
- return -ENOTSUP;
- }
- return 0;
-}
-
-static void csrhci_reset(struct csrhci_s *s)
-{
- s->out_len = 0;
- s->out_size = FIFO_LEN;
- s->in_len = 0;
- s->baud_delay = get_ticks_per_sec();
- s->enable = 0;
- s->in_hdr = INT_MAX;
- s->in_data = INT_MAX;
-
- s->modem_state = 0;
- /* After a while... (but sooner than 10ms) */
- s->modem_state |= CHR_TIOCM_CTS;
-
- memset(&s->bd_addr, 0, sizeof(bdaddr_t));
-}
-
-static void csrhci_out_tick(void *opaque)
-{
- csrhci_fifo_wake((struct csrhci_s *) opaque);
-}
-
-static void csrhci_pins(void *opaque, int line, int level)
-{
- struct csrhci_s *s = (struct csrhci_s *) opaque;
- int state = s->pin_state;
-
- s->pin_state &= ~(1 << line);
- s->pin_state |= (!!level) << line;
-
- if ((state & ~s->pin_state) & (1 << csrhci_pin_reset)) {
- /* TODO: Disappear from lower layers */
- csrhci_reset(s);
- }
-
- if (s->pin_state == 3 && state != 3) {
- s->enable = 1;
- /* TODO: Wake lower layers up */
- }
-}
-
-qemu_irq *csrhci_pins_get(CharDriverState *chr)
-{
- struct csrhci_s *s = (struct csrhci_s *) chr->opaque;
-
- return s->pins;
-}
-
-CharDriverState *uart_hci_init(qemu_irq wakeup)
-{
- struct csrhci_s *s = (struct csrhci_s *)
- g_malloc0(sizeof(struct csrhci_s));
-
- s->chr.opaque = s;
- s->chr.chr_write = csrhci_write;
- s->chr.chr_ioctl = csrhci_ioctl;
-
- s->hci = qemu_next_hci();
- s->hci->opaque = s;
- s->hci->evt_recv = csrhci_out_hci_packet_event;
- s->hci->acl_recv = csrhci_out_hci_packet_acl;
-
- s->out_tm = qemu_new_timer_ns(vm_clock, csrhci_out_tick, s);
- s->pins = qemu_allocate_irqs(csrhci_pins, s, __csrhci_pins);
- csrhci_reset(s);
-
- return &s->chr;
-}
diff --git a/hw/bt-hci.c b/hw/bt-hci.c
deleted file mode 100644
index e54cfd781..000000000
--- a/hw/bt-hci.c
+++ /dev/null
@@ -1,2217 +0,0 @@
-/*
- * QEMU Bluetooth HCI logic.
- *
- * Copyright (C) 2007 OpenMoko, Inc.
- * Copyright (C) 2008 Andrzej Zaborowski <balrog@zabor.org>
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License as
- * published by the Free Software Foundation; either version 2 of
- * the License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, see <http://www.gnu.org/licenses/>.
- */
-
-#include "qemu-common.h"
-#include "qemu-timer.h"
-#include "usb.h"
-#include "net.h"
-#include "bt.h"
-
-struct bt_hci_s {
- uint8_t *(*evt_packet)(void *opaque);
- void (*evt_submit)(void *opaque, int len);
- void *opaque;
- uint8_t evt_buf[256];
-
- uint8_t acl_buf[4096];
- int acl_len;
-
- uint16_t asb_handle;
- uint16_t psb_handle;
-
- int last_cmd; /* Note: Always little-endian */
-
- struct bt_device_s *conn_req_host;
-
- struct {
- int inquire;
- int periodic;
- int responses_left;
- int responses;
- QEMUTimer *inquiry_done;
- QEMUTimer *inquiry_next;
- int inquiry_length;
- int inquiry_period;
- int inquiry_mode;
-
-#define HCI_HANDLE_OFFSET 0x20
-#define HCI_HANDLES_MAX 0x10
- struct bt_hci_master_link_s {
- struct bt_link_s *link;
- void (*lmp_acl_data)(struct bt_link_s *link,
- const uint8_t *data, int start, int len);
- QEMUTimer *acl_mode_timer;
- } handle[HCI_HANDLES_MAX];
- uint32_t role_bmp;
- int last_handle;
- int connecting;
- bdaddr_t awaiting_bdaddr[HCI_HANDLES_MAX];
- } lm;
-
- uint8_t event_mask[8];
- uint16_t voice_setting; /* Notw: Always little-endian */
- uint16_t conn_accept_tout;
- QEMUTimer *conn_accept_timer;
-
- struct HCIInfo info;
- struct bt_device_s device;
-};
-
-#define DEFAULT_RSSI_DBM 20
-
-#define hci_from_info(ptr) container_of((ptr), struct bt_hci_s, info)
-#define hci_from_device(ptr) container_of((ptr), struct bt_hci_s, device)
-
-struct bt_hci_link_s {
- struct bt_link_s btlink;
- uint16_t handle; /* Local */
-};
-
-/* LMP layer emulation */
-#if 0
-static void bt_submit_lmp(struct bt_device_s *bt, int length, uint8_t *data)
-{
- int resp, resplen, error, op, tr;
- uint8_t respdata[17];
-
- if (length < 1)
- return;
-
- tr = *data & 1;
- op = *(data ++) >> 1;
- resp = LMP_ACCEPTED;
- resplen = 2;
- respdata[1] = op;
- error = 0;
- length --;
-
- if (op >= 0x7c) { /* Extended opcode */
- op |= *(data ++) << 8;
- resp = LMP_ACCEPTED_EXT;
- resplen = 4;
- respdata[0] = op >> 8;
- respdata[1] = op & 0xff;
- length --;
- }
-
- switch (op) {
- case LMP_ACCEPTED:
- /* data[0] Op code
- */
- if (length < 1) {
- error = HCI_UNSUPPORTED_LMP_PARAMETER_VALUE;
- goto not_accepted;
- }
- resp = 0;
- break;
-
- case LMP_ACCEPTED_EXT:
- /* data[0] Escape op code
- * data[1] Extended op code
- */
- if (length < 2) {
- error = HCI_UNSUPPORTED_LMP_PARAMETER_VALUE;
- goto not_accepted;
- }
- resp = 0;
- break;
-
- case LMP_NOT_ACCEPTED:
- /* data[0] Op code
- * data[1] Error code
- */
- if (length < 2) {
- error = HCI_UNSUPPORTED_LMP_PARAMETER_VALUE;
- goto not_accepted;
- }
- resp = 0;
- break;
-
- case LMP_NOT_ACCEPTED_EXT:
- /* data[0] Op code
- * data[1] Extended op code
- * data[2] Error code
- */
- if (length < 3) {
- error = HCI_UNSUPPORTED_LMP_PARAMETER_VALUE;
- goto not_accepted;
- }
- resp = 0;
- break;
-
- case LMP_HOST_CONNECTION_REQ:
- break;
-
- case LMP_SETUP_COMPLETE:
- resp = LMP_SETUP_COMPLETE;
- resplen = 1;
- bt->setup = 1;
- break;
-
- case LMP_DETACH:
- /* data[0] Error code
- */
- if (length < 1) {
- error = HCI_UNSUPPORTED_LMP_PARAMETER_VALUE;
- goto not_accepted;
- }
- bt->setup = 0;
- resp = 0;
- break;
-
- case LMP_SUPERVISION_TIMEOUT:
- /* data[0,1] Supervision timeout
- */
- if (length < 2) {
- error = HCI_UNSUPPORTED_LMP_PARAMETER_VALUE;
- goto not_accepted;
- }
- resp = 0;
- break;
-
- case LMP_QUALITY_OF_SERVICE:
- resp = 0;
- /* Fall through */
- case LMP_QOS_REQ:
- /* data[0,1] Poll interval
- * data[2] N(BC)
- */
- if (length < 3) {
- error = HCI_UNSUPPORTED_LMP_PARAMETER_VALUE;
- goto not_accepted;
- }
- break;
-
- case LMP_MAX_SLOT:
- resp = 0;
- /* Fall through */
- case LMP_MAX_SLOT_REQ:
- /* data[0] Max slots
- */
- if (length < 1) {
- error = HCI_UNSUPPORTED_LMP_PARAMETER_VALUE;
- goto not_accepted;
- }
- break;
-
- case LMP_AU_RAND:
- case LMP_IN_RAND:
- case LMP_COMB_KEY:
- /* data[0-15] Random number
- */
- if (length < 16) {
- error = HCI_UNSUPPORTED_LMP_PARAMETER_VALUE;
- goto not_accepted;
- }
- if (op == LMP_AU_RAND) {
- if (bt->key_present) {
- resp = LMP_SRES;
- resplen = 5;
- /* XXX: [Part H] Section 6.1 on page 801 */
- } else {
- error = HCI_PIN_OR_KEY_MISSING;
- goto not_accepted;
- }
- } else if (op == LMP_IN_RAND) {
- error = HCI_PAIRING_NOT_ALLOWED;
- goto not_accepted;
- } else {
- /* XXX: [Part H] Section 3.2 on page 779 */
- resp = LMP_UNIT_KEY;
- resplen = 17;
- memcpy(respdata + 1, bt->key, 16);
-
- error = HCI_UNIT_LINK_KEY_USED;
- goto not_accepted;
- }
- break;
-
- case LMP_UNIT_KEY:
- /* data[0-15] Key
- */
- if (length < 16) {
- error = HCI_UNSUPPORTED_LMP_PARAMETER_VALUE;
- goto not_accepted;
- }
- memcpy(bt->key, data, 16);
- bt->key_present = 1;
- break;
-
- case LMP_SRES:
- /* data[0-3] Authentication response
- */
- if (length < 4) {
- error = HCI_UNSUPPORTED_LMP_PARAMETER_VALUE;
- goto not_accepted;
- }
- break;
-
- case LMP_CLKOFFSET_REQ:
- resp = LMP_CLKOFFSET_RES;
- resplen = 3;
- respdata[1] = 0x33;
- respdata[2] = 0x33;
- break;
-
- case LMP_CLKOFFSET_RES:
- /* data[0,1] Clock offset
- * (Slave to master only)
- */
- if (length < 2) {
- error = HCI_UNSUPPORTED_LMP_PARAMETER_VALUE;
- goto not_accepted;
- }
- break;
-
- case LMP_VERSION_REQ:
- case LMP_VERSION_RES:
- /* data[0] VersNr
- * data[1,2] CompId
- * data[3,4] SubVersNr
- */
- if (length < 5) {
- error = HCI_UNSUPPORTED_LMP_PARAMETER_VALUE;
- goto not_accepted;
- }
- if (op == LMP_VERSION_REQ) {
- resp = LMP_VERSION_RES;
- resplen = 6;
- respdata[1] = 0x20;
- respdata[2] = 0xff;
- respdata[3] = 0xff;
- respdata[4] = 0xff;
- respdata[5] = 0xff;
- } else
- resp = 0;
- break;
-
- case LMP_FEATURES_REQ:
- case LMP_FEATURES_RES:
- /* data[0-7] Features
- */
- if (length < 8) {
- error = HCI_UNSUPPORTED_LMP_PARAMETER_VALUE;
- goto not_accepted;
- }
- if (op == LMP_FEATURES_REQ) {
- resp = LMP_FEATURES_RES;
- resplen = 9;
- respdata[1] = (bt->lmp_caps >> 0) & 0xff;
- respdata[2] = (bt->lmp_caps >> 8) & 0xff;
- respdata[3] = (bt->lmp_caps >> 16) & 0xff;
- respdata[4] = (bt->lmp_caps >> 24) & 0xff;
- respdata[5] = (bt->lmp_caps >> 32) & 0xff;
- respdata[6] = (bt->lmp_caps >> 40) & 0xff;
- respdata[7] = (bt->lmp_caps >> 48) & 0xff;
- respdata[8] = (bt->lmp_caps >> 56) & 0xff;
- } else
- resp = 0;
- break;
-
- case LMP_NAME_REQ:
- /* data[0] Name offset
- */
- if (length < 1) {
- error = HCI_UNSUPPORTED_LMP_PARAMETER_VALUE;
- goto not_accepted;
- }
- resp = LMP_NAME_RES;
- resplen = 17;
- respdata[1] = data[0];
- respdata[2] = strlen(bt->lmp_name);
- memset(respdata + 3, 0x00, 14);
- if (respdata[2] > respdata[1])
- memcpy(respdata + 3, bt->lmp_name + respdata[1],
- respdata[2] - respdata[1]);
- break;
-
- case LMP_NAME_RES:
- /* data[0] Name offset
- * data[1] Name length
- * data[2-15] Name fragment
- */
- if (length < 16) {
- error = HCI_UNSUPPORTED_LMP_PARAMETER_VALUE;
- goto not_accepted;
- }
- resp = 0;
- break;
-
- default:
- error = HCI_UNKNOWN_LMP_PDU;
- /* Fall through */
- not_accepted:
- if (op >> 8) {
- resp = LMP_NOT_ACCEPTED_EXT;
- resplen = 5;
- respdata[0] = op >> 8;
- respdata[1] = op & 0xff;
- respdata[2] = error;
- } else {
- resp = LMP_NOT_ACCEPTED;
- resplen = 3;
- respdata[0] = op & 0xff;
- respdata[1] = error;
- }
- }
-
- if (resp == 0)
- return;
-
- if (resp >> 8) {
- respdata[0] = resp >> 8;
- respdata[1] = resp & 0xff;
- } else
- respdata[0] = resp & 0xff;
-
- respdata[0] <<= 1;
- respdata[0] |= tr;
-}
-
-static void bt_submit_raw_acl(struct bt_piconet_s *net, int length, uint8_t *data)
-{
- struct bt_device_s *slave;
- if (length < 1)
- return;
-
- slave = 0;
-#if 0
- slave = net->slave;
-#endif
-
- switch (data[0] & 3) {
- case LLID_ACLC:
- bt_submit_lmp(slave, length - 1, data + 1);
- break;
- case LLID_ACLU_START:
-#if 0
- bt_sumbit_l2cap(slave, length - 1, data + 1, (data[0] >> 2) & 1);
- breka;
-#endif
- default:
- case LLID_ACLU_CONT:
- break;
- }
-}
-#endif
-
-/* HCI layer emulation */
-
-/* Note: we could ignore endiannes because unswapped handles will still
- * be valid as connection identifiers for the guest - they don't have to
- * be continuously allocated. We do it though, to preserve similar
- * behaviour between hosts. Some things, like the BD_ADDR cannot be
- * preserved though (for example if a real hci is used). */
-#ifdef HOST_WORDS_BIGENDIAN
-# define HNDL(raw) bswap16(raw)
-#else
-# define HNDL(raw) (raw)
-#endif
-
-static const uint8_t bt_event_reserved_mask[8] = {
- 0xff, 0x9f, 0xfb, 0xff, 0x07, 0x18, 0x00, 0x00,
-};
-
-static inline uint8_t *bt_hci_event_start(struct bt_hci_s *hci,
- int evt, int len)
-{
- uint8_t *packet, mask;
- int mask_byte;
-
- if (len > 255) {
- fprintf(stderr, "%s: HCI event params too long (%ib)\n",
- __FUNCTION__, len);
- exit(-1);
- }
-
- mask_byte = (evt - 1) >> 3;
- mask = 1 << ((evt - 1) & 3);
- if (mask & bt_event_reserved_mask[mask_byte] & ~hci->event_mask[mask_byte])
- return NULL;
-
- packet = hci->evt_packet(hci->opaque);
- packet[0] = evt;
- packet[1] = len;
-
- return &packet[2];
-}
-
-static inline void bt_hci_event(struct bt_hci_s *hci, int evt,
- void *params, int len)
-{
- uint8_t *packet = bt_hci_event_start(hci, evt, len);
-
- if (!packet)
- return;
-
- if (len)
- memcpy(packet, params, len);
-
- hci->evt_submit(hci->opaque, len + 2);
-}
-
-static inline void bt_hci_event_status(struct bt_hci_s *hci, int status)
-{
- evt_cmd_status params = {
- .status = status,
- .ncmd = 1,
- .opcode = hci->last_cmd,
- };
-
- bt_hci_event(hci, EVT_CMD_STATUS, &params, EVT_CMD_STATUS_SIZE);
-}
-
-static inline void bt_hci_event_complete(struct bt_hci_s *hci,
- void *ret, int len)
-{
- uint8_t *packet = bt_hci_event_start(hci, EVT_CMD_COMPLETE,
- len + EVT_CMD_COMPLETE_SIZE);
- evt_cmd_complete *params = (evt_cmd_complete *) packet;
-
- if (!packet)
- return;
-
- params->ncmd = 1;
- params->opcode = hci->last_cmd;
- if (len)
- memcpy(&packet[EVT_CMD_COMPLETE_SIZE], ret, len);
-
- hci->evt_submit(hci->opaque, len + EVT_CMD_COMPLETE_SIZE + 2);
-}
-
-static void bt_hci_inquiry_done(void *opaque)
-{
- struct bt_hci_s *hci = (struct bt_hci_s *) opaque;
- uint8_t status = HCI_SUCCESS;
-
- if (!hci->lm.periodic)
- hci->lm.inquire = 0;
-
- /* The specification is inconsistent about this one. Page 565 reads
- * "The event parameters of Inquiry Complete event will have a summary
- * of the result from the Inquiry process, which reports the number of
- * nearby Bluetooth devices that responded [so hci->responses].", but
- * Event Parameters (see page 729) has only Status. */
- bt_hci_event(hci, EVT_INQUIRY_COMPLETE, &status, 1);
-}
-
-static void bt_hci_inquiry_result_standard(struct bt_hci_s *hci,
- struct bt_device_s *slave)
-{
- inquiry_info params = {
- .num_responses = 1,
- .bdaddr = BAINIT(&slave->bd_addr),
- .pscan_rep_mode = 0x00, /* R0 */
- .pscan_period_mode = 0x00, /* P0 - deprecated */
- .pscan_mode = 0x00, /* Standard scan - deprecated */
- .dev_class[0] = slave->class[0],
- .dev_class[1] = slave->class[1],
- .dev_class[2] = slave->class[2],
- /* TODO: return the clkoff *differenece* */
- .clock_offset = slave->clkoff, /* Note: no swapping */
- };
-
- bt_hci_event(hci, EVT_INQUIRY_RESULT, &params, INQUIRY_INFO_SIZE);
-}
-
-static void bt_hci_inquiry_result_with_rssi(struct bt_hci_s *hci,
- struct bt_device_s *slave)
-{
- inquiry_info_with_rssi params = {
- .num_responses = 1,
- .bdaddr = BAINIT(&slave->bd_addr),
- .pscan_rep_mode = 0x00, /* R0 */
- .pscan_period_mode = 0x00, /* P0 - deprecated */
- .dev_class[0] = slave->class[0],
- .dev_class[1] = slave->class[1],
- .dev_class[2] = slave->class[2],
- /* TODO: return the clkoff *differenece* */
- .clock_offset = slave->clkoff, /* Note: no swapping */
- .rssi = DEFAULT_RSSI_DBM,
- };
-
- bt_hci_event(hci, EVT_INQUIRY_RESULT_WITH_RSSI,
- &params, INQUIRY_INFO_WITH_RSSI_SIZE);
-}
-
-static void bt_hci_inquiry_result(struct bt_hci_s *hci,
- struct bt_device_s *slave)
-{
- if (!slave->inquiry_scan || !hci->lm.responses_left)
- return;
-
- hci->lm.responses_left --;
- hci->lm.responses ++;
-
- switch (hci->lm.inquiry_mode) {
- case 0x00:
- bt_hci_inquiry_result_standard(hci, slave);
- return;
- case 0x01:
- bt_hci_inquiry_result_with_rssi(hci, slave);
- return;
- default:
- fprintf(stderr, "%s: bad inquiry mode %02x\n", __FUNCTION__,
- hci->lm.inquiry_mode);
- exit(-1);
- }
-}
-
-static void bt_hci_mod_timer_1280ms(QEMUTimer *timer, int period)
-{
- qemu_mod_timer(timer, qemu_get_clock_ns(vm_clock) +
- muldiv64(period << 7, get_ticks_per_sec(), 100));
-}
-
-static void bt_hci_inquiry_start(struct bt_hci_s *hci, int length)
-{
- struct bt_device_s *slave;
-
- hci->lm.inquiry_length = length;
- for (slave = hci->device.net->slave; slave; slave = slave->next)
- /* Don't uncover ourselves. */
- if (slave != &hci->device)
- bt_hci_inquiry_result(hci, slave);
-
- /* TODO: register for a callback on a new device's addition to the
- * scatternet so that if it's added before inquiry_length expires,
- * an Inquiry Result is generated immediately. Alternatively re-loop
- * through the devices on the inquiry_length expiration and report
- * devices not seen before. */
- if (hci->lm.responses_left)
- bt_hci_mod_timer_1280ms(hci->lm.inquiry_done, hci->lm.inquiry_length);
- else
- bt_hci_inquiry_done(hci);
-
- if (hci->lm.periodic)
- bt_hci_mod_timer_1280ms(hci->lm.inquiry_next, hci->lm.inquiry_period);
-}
-
-static void bt_hci_inquiry_next(void *opaque)
-{
- struct bt_hci_s *hci = (struct bt_hci_s *) opaque;
-
- hci->lm.responses_left += hci->lm.responses;
- hci->lm.responses = 0;
- bt_hci_inquiry_start(hci, hci->lm.inquiry_length);
-}
-
-static inline int bt_hci_handle_bad(struct bt_hci_s *hci, uint16_t handle)
-{
- return !(handle & HCI_HANDLE_OFFSET) ||
- handle >= (HCI_HANDLE_OFFSET | HCI_HANDLES_MAX) ||
- !hci->lm.handle[handle & ~HCI_HANDLE_OFFSET].link;
-}
-
-static inline int bt_hci_role_master(struct bt_hci_s *hci, uint16_t handle)
-{
- return !!(hci->lm.role_bmp & (1 << (handle & ~HCI_HANDLE_OFFSET)));
-}
-
-static inline struct bt_device_s *bt_hci_remote_dev(struct bt_hci_s *hci,
- uint16_t handle)
-{
- struct bt_link_s *link = hci->lm.handle[handle & ~HCI_HANDLE_OFFSET].link;
-
- return bt_hci_role_master(hci, handle) ? link->slave : link->host;
-}
-
-static void bt_hci_mode_tick(void *opaque);
-static void bt_hci_lmp_link_establish(struct bt_hci_s *hci,
- struct bt_link_s *link, int master)
-{
- hci->lm.handle[hci->lm.last_handle].link = link;
-
- if (master) {
- /* We are the master side of an ACL link */
- hci->lm.role_bmp |= 1 << hci->lm.last_handle;
-
- hci->lm.handle[hci->lm.last_handle].lmp_acl_data =
- link->slave->lmp_acl_data;
- } else {
- /* We are the slave side of an ACL link */
- hci->lm.role_bmp &= ~(1 << hci->lm.last_handle);
-
- hci->lm.handle[hci->lm.last_handle].lmp_acl_data =
- link->host->lmp_acl_resp;
- }
-
- /* Mode */
- if (master) {
- link->acl_mode = acl_active;
- hci->lm.handle[hci->lm.last_handle].acl_mode_timer =
- qemu_new_timer_ns(vm_clock, bt_hci_mode_tick, link);
- }
-}
-
-static void bt_hci_lmp_link_teardown(struct bt_hci_s *hci, uint16_t handle)
-{
- handle &= ~HCI_HANDLE_OFFSET;
- hci->lm.handle[handle].link = NULL;
-
- if (bt_hci_role_master(hci, handle)) {
- qemu_del_timer(hci->lm.handle[handle].acl_mode_timer);
- qemu_free_timer(hci->lm.handle[handle].acl_mode_timer);
- }
-}
-
-static int bt_hci_connect(struct bt_hci_s *hci, bdaddr_t *bdaddr)
-{
- struct bt_device_s *slave;
- struct bt_link_s link;
-
- for (slave = hci->device.net->slave; slave; slave = slave->next)
- if (slave->page_scan && !bacmp(&slave->bd_addr, bdaddr))
- break;
- if (!slave || slave == &hci->device)
- return -ENODEV;
-
- bacpy(&hci->lm.awaiting_bdaddr[hci->lm.connecting ++], &slave->bd_addr);
-
- link.slave = slave;
- link.host = &hci->device;
- link.slave->lmp_connection_request(&link); /* Always last */
-
- return 0;
-}
-
-static void bt_hci_connection_reject(struct bt_hci_s *hci,
- struct bt_device_s *host, uint8_t because)
-{
- struct bt_link_s link = {
- .slave = &hci->device,
- .host = host,
- /* Rest uninitialised */
- };
-
- host->reject_reason = because;
- host->lmp_connection_complete(&link);
-}
-
-static void bt_hci_connection_reject_event(struct bt_hci_s *hci,
- bdaddr_t *bdaddr)
-{
- evt_conn_complete params;
-
- params.status = HCI_NO_CONNECTION;
- params.handle = 0;
- bacpy(&params.bdaddr, bdaddr);
- params.link_type = ACL_LINK;
- params.encr_mode = 0x00; /* Encryption not required */
- bt_hci_event(hci, EVT_CONN_COMPLETE, &params, EVT_CONN_COMPLETE_SIZE);
-}
-
-static void bt_hci_connection_accept(struct bt_hci_s *hci,
- struct bt_device_s *host)
-{
- struct bt_hci_link_s *link = g_malloc0(sizeof(struct bt_hci_link_s));
- evt_conn_complete params;
- uint16_t handle;
- uint8_t status = HCI_SUCCESS;
- int tries = HCI_HANDLES_MAX;
-
- /* Make a connection handle */
- do {
- while (hci->lm.handle[++ hci->lm.last_handle].link && -- tries)
- hci->lm.last_handle &= HCI_HANDLES_MAX - 1;
- handle = hci->lm.last_handle | HCI_HANDLE_OFFSET;
- } while ((handle == hci->asb_handle || handle == hci->psb_handle) &&
- tries);
-
- if (!tries) {
- g_free(link);
- bt_hci_connection_reject(hci, host, HCI_REJECTED_LIMITED_RESOURCES);
- status = HCI_NO_CONNECTION;
- goto complete;
- }
-
- link->btlink.slave = &hci->device;
- link->btlink.host = host;
- link->handle = handle;
-
- /* Link established */
- bt_hci_lmp_link_establish(hci, &link->btlink, 0);
-
-complete:
- params.status = status;
- params.handle = HNDL(handle);
- bacpy(&params.bdaddr, &host->bd_addr);
- params.link_type = ACL_LINK;
- params.encr_mode = 0x00; /* Encryption not required */
- bt_hci_event(hci, EVT_CONN_COMPLETE, &params, EVT_CONN_COMPLETE_SIZE);
-
- /* Neets to be done at the very end because it can trigger a (nested)
- * disconnected, in case the other and had cancelled the request
- * locally. */
- if (status == HCI_SUCCESS) {
- host->reject_reason = 0;
- host->lmp_connection_complete(&link->btlink);
- }
-}
-
-static void bt_hci_lmp_connection_request(struct bt_link_s *link)
-{
- struct bt_hci_s *hci = hci_from_device(link->slave);
- evt_conn_request params;
-
- if (hci->conn_req_host) {
- bt_hci_connection_reject(hci, link->host,
- HCI_REJECTED_LIMITED_RESOURCES);
- return;
- }
- hci->conn_req_host = link->host;
- /* TODO: if masked and auto-accept, then auto-accept,
- * if masked and not auto-accept, then auto-reject */
- /* TODO: kick the hci->conn_accept_timer, timeout after
- * hci->conn_accept_tout * 0.625 msec */
-
- bacpy(&params.bdaddr, &link->host->bd_addr);
- memcpy(&params.dev_class, &link->host->class, sizeof(params.dev_class));
- params.link_type = ACL_LINK;
- bt_hci_event(hci, EVT_CONN_REQUEST, &params, EVT_CONN_REQUEST_SIZE);
-}
-
-static void bt_hci_conn_accept_timeout(void *opaque)
-{
- struct bt_hci_s *hci = (struct bt_hci_s *) opaque;
-
- if (!hci->conn_req_host)
- /* Already accepted or rejected. If the other end cancelled the
- * connection request then we still have to reject or accept it
- * and then we'll get a disconnect. */
- return;
-
- /* TODO */
-}
-
-/* Remove from the list of devices which we wanted to connect to and
- * are awaiting a response from. If the callback sees a response from
- * a device which is not on the list it will assume it's a connection
- * that's been cancelled by the host in the meantime and immediately
- * try to detach the link and send a Connection Complete. */
-static int bt_hci_lmp_connection_ready(struct bt_hci_s *hci,
- bdaddr_t *bdaddr)
-{
- int i;
-
- for (i = 0; i < hci->lm.connecting; i ++)
- if (!bacmp(&hci->lm.awaiting_bdaddr[i], bdaddr)) {
- if (i < -- hci->lm.connecting)
- bacpy(&hci->lm.awaiting_bdaddr[i],
- &hci->lm.awaiting_bdaddr[hci->lm.connecting]);
- return 0;
- }
-
- return 1;
-}
-
-static void bt_hci_lmp_connection_complete(struct bt_link_s *link)
-{
- struct bt_hci_s *hci = hci_from_device(link->host);
- evt_conn_complete params;
- uint16_t handle;
- uint8_t status = HCI_SUCCESS;
- int tries = HCI_HANDLES_MAX;
-
- if (bt_hci_lmp_connection_ready(hci, &link->slave->bd_addr)) {
- if (!hci->device.reject_reason)
- link->slave->lmp_disconnect_slave(link);
- handle = 0;
- status = HCI_NO_CONNECTION;
- goto complete;
- }
-
- if (hci->device.reject_reason) {
- handle = 0;
- status = hci->device.reject_reason;
- goto complete;
- }
-
- /* Make a connection handle */
- do {
- while (hci->lm.handle[++ hci->lm.last_handle].link && -- tries)
- hci->lm.last_handle &= HCI_HANDLES_MAX - 1;
- handle = hci->lm.last_handle | HCI_HANDLE_OFFSET;
- } while ((handle == hci->asb_handle || handle == hci->psb_handle) &&
- tries);
-
- if (!tries) {
- link->slave->lmp_disconnect_slave(link);
- status = HCI_NO_CONNECTION;
- goto complete;
- }
-
- /* Link established */
- link->handle = handle;
- bt_hci_lmp_link_establish(hci, link, 1);
-
-complete:
- params.status = status;
- params.handle = HNDL(handle);
- params.link_type = ACL_LINK;
- bacpy(&params.bdaddr, &link->slave->bd_addr);
- params.encr_mode = 0x00; /* Encryption not required */
- bt_hci_event(hci, EVT_CONN_COMPLETE, &params, EVT_CONN_COMPLETE_SIZE);
-}
-
-static void bt_hci_disconnect(struct bt_hci_s *hci,
- uint16_t handle, int reason)
-{
- struct bt_link_s *btlink =
- hci->lm.handle[handle & ~HCI_HANDLE_OFFSET].link;
- struct bt_hci_link_s *link;
- evt_disconn_complete params;
-
- if (bt_hci_role_master(hci, handle)) {
- btlink->slave->reject_reason = reason;
- btlink->slave->lmp_disconnect_slave(btlink);
- /* The link pointer is invalid from now on */
-
- goto complete;
- }
-
- btlink->host->reject_reason = reason;
- btlink->host->lmp_disconnect_master(btlink);
-
- /* We are the slave, we get to clean this burden */
- link = (struct bt_hci_link_s *) btlink;
- g_free(link);
-
-complete:
- bt_hci_lmp_link_teardown(hci, handle);
-
- params.status = HCI_SUCCESS;
- params.handle = HNDL(handle);
- params.reason = HCI_CONNECTION_TERMINATED;
- bt_hci_event(hci, EVT_DISCONN_COMPLETE,
- &params, EVT_DISCONN_COMPLETE_SIZE);
-}
-
-/* TODO: use only one function */
-static void bt_hci_lmp_disconnect_host(struct bt_link_s *link)
-{
- struct bt_hci_s *hci = hci_from_device(link->host);
- uint16_t handle = link->handle;
- evt_disconn_complete params;
-
- bt_hci_lmp_link_teardown(hci, handle);
-
- params.status = HCI_SUCCESS;
- params.handle = HNDL(handle);
- params.reason = hci->device.reject_reason;
- bt_hci_event(hci, EVT_DISCONN_COMPLETE,
- &params, EVT_DISCONN_COMPLETE_SIZE);
-}
-
-static void bt_hci_lmp_disconnect_slave(struct bt_link_s *btlink)
-{
- struct bt_hci_link_s *link = (struct bt_hci_link_s *) btlink;
- struct bt_hci_s *hci = hci_from_device(btlink->slave);
- uint16_t handle = link->handle;
- evt_disconn_complete params;
-
- g_free(link);
-
- bt_hci_lmp_link_teardown(hci, handle);
-
- params.status = HCI_SUCCESS;
- params.handle = HNDL(handle);
- params.reason = hci->device.reject_reason;
- bt_hci_event(hci, EVT_DISCONN_COMPLETE,
- &params, EVT_DISCONN_COMPLETE_SIZE);
-}
-
-static int bt_hci_name_req(struct bt_hci_s *hci, bdaddr_t *bdaddr)
-{
- struct bt_device_s *slave;
- evt_remote_name_req_complete params;
-
- for (slave = hci->device.net->slave; slave; slave = slave->next)
- if (slave->page_scan && !bacmp(&slave->bd_addr, bdaddr))
- break;
- if (!slave)
- return -ENODEV;
-
- bt_hci_event_status(hci, HCI_SUCCESS);
-
- params.status = HCI_SUCCESS;
- bacpy(&params.bdaddr, &slave->bd_addr);
- pstrcpy(params.name, sizeof(params.name), slave->lmp_name ?: "");
- bt_hci_event(hci, EVT_REMOTE_NAME_REQ_COMPLETE,
- &params, EVT_REMOTE_NAME_REQ_COMPLETE_SIZE);
-
- return 0;
-}
-
-static int bt_hci_features_req(struct bt_hci_s *hci, uint16_t handle)
-{
- struct bt_device_s *slave;
- evt_read_remote_features_complete params;
-
- if (bt_hci_handle_bad(hci, handle))
- return -ENODEV;
-
- slave = bt_hci_remote_dev(hci, handle);
-
- bt_hci_event_status(hci, HCI_SUCCESS);
-
- params.status = HCI_SUCCESS;
- params.handle = HNDL(handle);
- params.features[0] = (slave->lmp_caps >> 0) & 0xff;
- params.features[1] = (slave->lmp_caps >> 8) & 0xff;
- params.features[2] = (slave->lmp_caps >> 16) & 0xff;
- params.features[3] = (slave->lmp_caps >> 24) & 0xff;
- params.features[4] = (slave->lmp_caps >> 32) & 0xff;
- params.features[5] = (slave->lmp_caps >> 40) & 0xff;
- params.features[6] = (slave->lmp_caps >> 48) & 0xff;
- params.features[7] = (slave->lmp_caps >> 56) & 0xff;
- bt_hci_event(hci, EVT_READ_REMOTE_FEATURES_COMPLETE,
- &params, EVT_READ_REMOTE_FEATURES_COMPLETE_SIZE);
-
- return 0;
-}
-
-static int bt_hci_version_req(struct bt_hci_s *hci, uint16_t handle)
-{
- evt_read_remote_version_complete params;
-
- if (bt_hci_handle_bad(hci, handle))
- return -ENODEV;
-
- bt_hci_remote_dev(hci, handle);
-
- bt_hci_event_status(hci, HCI_SUCCESS);
-
- params.status = HCI_SUCCESS;
- params.handle = HNDL(handle);
- params.lmp_ver = 0x03;
- params.manufacturer = cpu_to_le16(0xa000);
- params.lmp_subver = cpu_to_le16(0xa607);
- bt_hci_event(hci, EVT_READ_REMOTE_VERSION_COMPLETE,
- &params, EVT_READ_REMOTE_VERSION_COMPLETE_SIZE);
-
- return 0;
-}
-
-static int bt_hci_clkoffset_req(struct bt_hci_s *hci, uint16_t handle)
-{
- struct bt_device_s *slave;
- evt_read_clock_offset_complete params;
-
- if (bt_hci_handle_bad(hci, handle))
- return -ENODEV;
-
- slave = bt_hci_remote_dev(hci, handle);
-
- bt_hci_event_status(hci, HCI_SUCCESS);
-
- params.status = HCI_SUCCESS;
- params.handle = HNDL(handle);
- /* TODO: return the clkoff *differenece* */
- params.clock_offset = slave->clkoff; /* Note: no swapping */
- bt_hci_event(hci, EVT_READ_CLOCK_OFFSET_COMPLETE,
- &params, EVT_READ_CLOCK_OFFSET_COMPLETE_SIZE);
-
- return 0;
-}
-
-static void bt_hci_event_mode(struct bt_hci_s *hci, struct bt_link_s *link,
- uint16_t handle)
-{
- evt_mode_change params = {
- .status = HCI_SUCCESS,
- .handle = HNDL(handle),
- .mode = link->acl_mode,
- .interval = cpu_to_le16(link->acl_interval),
- };
-
- bt_hci_event(hci, EVT_MODE_CHANGE, &params, EVT_MODE_CHANGE_SIZE);
-}
-
-static void bt_hci_lmp_mode_change_master(struct bt_hci_s *hci,
- struct bt_link_s *link, int mode, uint16_t interval)
-{
- link->acl_mode = mode;
- link->acl_interval = interval;
-
- bt_hci_event_mode(hci, link, link->handle);
-
- link->slave->lmp_mode_change(link);
-}
-
-static void bt_hci_lmp_mode_change_slave(struct bt_link_s *btlink)
-{
- struct bt_hci_link_s *link = (struct bt_hci_link_s *) btlink;
- struct bt_hci_s *hci = hci_from_device(btlink->slave);
-
- bt_hci_event_mode(hci, btlink, link->handle);
-}
-
-static int bt_hci_mode_change(struct bt_hci_s *hci, uint16_t handle,
- int interval, int mode)
-{
- struct bt_hci_master_link_s *link;
-
- if (bt_hci_handle_bad(hci, handle) || !bt_hci_role_master(hci, handle))
- return -ENODEV;
-
- link = &hci->lm.handle[handle & ~HCI_HANDLE_OFFSET];
- if (link->link->acl_mode != acl_active) {
- bt_hci_event_status(hci, HCI_COMMAND_DISALLOWED);
- return 0;
- }
-
- bt_hci_event_status(hci, HCI_SUCCESS);
-
- qemu_mod_timer(link->acl_mode_timer, qemu_get_clock_ns(vm_clock) +
- muldiv64(interval * 625, get_ticks_per_sec(), 1000000));
- bt_hci_lmp_mode_change_master(hci, link->link, mode, interval);
-
- return 0;
-}
-
-static int bt_hci_mode_cancel(struct bt_hci_s *hci, uint16_t handle, int mode)
-{
- struct bt_hci_master_link_s *link;
-
- if (bt_hci_handle_bad(hci, handle) || !bt_hci_role_master(hci, handle))
- return -ENODEV;
-
- link = &hci->lm.handle[handle & ~HCI_HANDLE_OFFSET];
- if (link->link->acl_mode != mode) {
- bt_hci_event_status(hci, HCI_COMMAND_DISALLOWED);
-
- return 0;
- }
-
- bt_hci_event_status(hci, HCI_SUCCESS);
-
- qemu_del_timer(link->acl_mode_timer);
- bt_hci_lmp_mode_change_master(hci, link->link, acl_active, 0);
-
- return 0;
-}
-
-static void bt_hci_mode_tick(void *opaque)
-{
- struct bt_link_s *link = opaque;
- struct bt_hci_s *hci = hci_from_device(link->host);
-
- bt_hci_lmp_mode_change_master(hci, link, acl_active, 0);
-}
-
-static void bt_hci_reset(struct bt_hci_s *hci)
-{
- hci->acl_len = 0;
- hci->last_cmd = 0;
- hci->lm.connecting = 0;
-
- hci->event_mask[0] = 0xff;
- hci->event_mask[1] = 0xff;
- hci->event_mask[2] = 0xff;
- hci->event_mask[3] = 0xff;
- hci->event_mask[4] = 0xff;
- hci->event_mask[5] = 0x1f;
- hci->event_mask[6] = 0x00;
- hci->event_mask[7] = 0x00;
- hci->device.inquiry_scan = 0;
- hci->device.page_scan = 0;
- if (hci->device.lmp_name)
- g_free((void *) hci->device.lmp_name);
- hci->device.lmp_name = NULL;
- hci->device.class[0] = 0x00;
- hci->device.class[1] = 0x00;
- hci->device.class[2] = 0x00;
- hci->voice_setting = 0x0000;
- hci->conn_accept_tout = 0x1f40;
- hci->lm.inquiry_mode = 0x00;
-
- hci->psb_handle = 0x000;
- hci->asb_handle = 0x000;
-
- /* XXX: qemu_del_timer(sl->acl_mode_timer); for all links */
- qemu_del_timer(hci->lm.inquiry_done);
- qemu_del_timer(hci->lm.inquiry_next);
- qemu_del_timer(hci->conn_accept_timer);
-}
-
-static void bt_hci_read_local_version_rp(struct bt_hci_s *hci)
-{
- read_local_version_rp lv = {
- .status = HCI_SUCCESS,
- .hci_ver = 0x03,
- .hci_rev = cpu_to_le16(0xa607),
- .lmp_ver = 0x03,
- .manufacturer = cpu_to_le16(0xa000),
- .lmp_subver = cpu_to_le16(0xa607),
- };
-
- bt_hci_event_complete(hci, &lv, READ_LOCAL_VERSION_RP_SIZE);
-}
-
-static void bt_hci_read_local_commands_rp(struct bt_hci_s *hci)
-{
- read_local_commands_rp lc = {
- .status = HCI_SUCCESS,
- .commands = {
- /* Keep updated! */
- /* Also, keep in sync with hci->device.lmp_caps in bt_new_hci */
- 0xbf, 0x80, 0xf9, 0x03, 0xb2, 0xc0, 0x03, 0xc3,
- 0x00, 0x0f, 0x80, 0x00, 0xc0, 0x00, 0xe8, 0x13,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- },
- };
-
- bt_hci_event_complete(hci, &lc, READ_LOCAL_COMMANDS_RP_SIZE);
-}
-
-static void bt_hci_read_local_features_rp(struct bt_hci_s *hci)
-{
- read_local_features_rp lf = {
- .status = HCI_SUCCESS,
- .features = {
- (hci->device.lmp_caps >> 0) & 0xff,
- (hci->device.lmp_caps >> 8) & 0xff,
- (hci->device.lmp_caps >> 16) & 0xff,
- (hci->device.lmp_caps >> 24) & 0xff,
- (hci->device.lmp_caps >> 32) & 0xff,
- (hci->device.lmp_caps >> 40) & 0xff,
- (hci->device.lmp_caps >> 48) & 0xff,
- (hci->device.lmp_caps >> 56) & 0xff,
- },
- };
-
- bt_hci_event_complete(hci, &lf, READ_LOCAL_FEATURES_RP_SIZE);
-}
-
-static void bt_hci_read_local_ext_features_rp(struct bt_hci_s *hci, int page)
-{
- read_local_ext_features_rp lef = {
- .status = HCI_SUCCESS,
- .page_num = page,
- .max_page_num = 0x00,
- .features = {
- /* Keep updated! */
- 0x5f, 0x35, 0x85, 0x7e, 0x9b, 0x19, 0x00, 0x80,
- },
- };
- if (page)
- memset(lef.features, 0, sizeof(lef.features));
-
- bt_hci_event_complete(hci, &lef, READ_LOCAL_EXT_FEATURES_RP_SIZE);
-}
-
-static void bt_hci_read_buffer_size_rp(struct bt_hci_s *hci)
-{
- read_buffer_size_rp bs = {
- /* This can be made configurable, for one standard USB dongle HCI
- * the four values are cpu_to_le16(0x0180), 0x40,
- * cpu_to_le16(0x0008), cpu_to_le16(0x0008). */
- .status = HCI_SUCCESS,
- .acl_mtu = cpu_to_le16(0x0200),
- .sco_mtu = 0,
- .acl_max_pkt = cpu_to_le16(0x0001),
- .sco_max_pkt = cpu_to_le16(0x0000),
- };
-
- bt_hci_event_complete(hci, &bs, READ_BUFFER_SIZE_RP_SIZE);
-}
-
-/* Deprecated in V2.0 (page 661) */
-static void bt_hci_read_country_code_rp(struct bt_hci_s *hci)
-{
- read_country_code_rp cc ={
- .status = HCI_SUCCESS,
- .country_code = 0x00, /* North America & Europe^1 and Japan */
- };
-
- bt_hci_event_complete(hci, &cc, READ_COUNTRY_CODE_RP_SIZE);
-
- /* ^1. Except France, sorry */
-}
-
-static void bt_hci_read_bd_addr_rp(struct bt_hci_s *hci)
-{
- read_bd_addr_rp ba = {
- .status = HCI_SUCCESS,
- .bdaddr = BAINIT(&hci->device.bd_addr),
- };
-
- bt_hci_event_complete(hci, &ba, READ_BD_ADDR_RP_SIZE);
-}
-
-static int bt_hci_link_quality_rp(struct bt_hci_s *hci, uint16_t handle)
-{
- read_link_quality_rp lq = {
- .status = HCI_SUCCESS,
- .handle = HNDL(handle),
- .link_quality = 0xff,
- };
-
- if (bt_hci_handle_bad(hci, handle))
- lq.status = HCI_NO_CONNECTION;
-
- bt_hci_event_complete(hci, &lq, READ_LINK_QUALITY_RP_SIZE);
- return 0;
-}
-
-/* Generate a Command Complete event with only the Status parameter */
-static inline void bt_hci_event_complete_status(struct bt_hci_s *hci,
- uint8_t status)
-{
- bt_hci_event_complete(hci, &status, 1);
-}
-
-static inline void bt_hci_event_complete_conn_cancel(struct bt_hci_s *hci,
- uint8_t status, bdaddr_t *bd_addr)
-{
- create_conn_cancel_rp params = {
- .status = status,
- .bdaddr = BAINIT(bd_addr),
- };
-
- bt_hci_event_complete(hci, &params, CREATE_CONN_CANCEL_RP_SIZE);
-}
-
-static inline void bt_hci_event_auth_complete(struct bt_hci_s *hci,
- uint16_t handle)
-{
- evt_auth_complete params = {
- .status = HCI_SUCCESS,
- .handle = HNDL(handle),
- };
-
- bt_hci_event(hci, EVT_AUTH_COMPLETE, &params, EVT_AUTH_COMPLETE_SIZE);
-}
-
-static inline void bt_hci_event_encrypt_change(struct bt_hci_s *hci,
- uint16_t handle, uint8_t mode)
-{
- evt_encrypt_change params = {
- .status = HCI_SUCCESS,
- .handle = HNDL(handle),
- .encrypt = mode,
- };
-
- bt_hci_event(hci, EVT_ENCRYPT_CHANGE, &params, EVT_ENCRYPT_CHANGE_SIZE);
-}
-
-static inline void bt_hci_event_complete_name_cancel(struct bt_hci_s *hci,
- bdaddr_t *bd_addr)
-{
- remote_name_req_cancel_rp params = {
- .status = HCI_INVALID_PARAMETERS,
- .bdaddr = BAINIT(bd_addr),
- };
-
- bt_hci_event_complete(hci, &params, REMOTE_NAME_REQ_CANCEL_RP_SIZE);
-}
-
-static inline void bt_hci_event_read_remote_ext_features(struct bt_hci_s *hci,
- uint16_t handle)
-{
- evt_read_remote_ext_features_complete params = {
- .status = HCI_UNSUPPORTED_FEATURE,
- .handle = HNDL(handle),
- /* Rest uninitialised */
- };
-
- bt_hci_event(hci, EVT_READ_REMOTE_EXT_FEATURES_COMPLETE,
- &params, EVT_READ_REMOTE_EXT_FEATURES_COMPLETE_SIZE);
-}
-
-static inline void bt_hci_event_complete_lmp_handle(struct bt_hci_s *hci,
- uint16_t handle)
-{
- read_lmp_handle_rp params = {
- .status = HCI_NO_CONNECTION,
- .handle = HNDL(handle),
- .reserved = 0,
- /* Rest uninitialised */
- };
-
- bt_hci_event_complete(hci, &params, READ_LMP_HANDLE_RP_SIZE);
-}
-
-static inline void bt_hci_event_complete_role_discovery(struct bt_hci_s *hci,
- int status, uint16_t handle, int master)
-{
- role_discovery_rp params = {
- .status = status,
- .handle = HNDL(handle),
- .role = master ? 0x00 : 0x01,
- };
-
- bt_hci_event_complete(hci, &params, ROLE_DISCOVERY_RP_SIZE);
-}
-
-static inline void bt_hci_event_complete_flush(struct bt_hci_s *hci,
- int status, uint16_t handle)
-{
- flush_rp params = {
- .status = status,
- .handle = HNDL(handle),
- };
-
- bt_hci_event_complete(hci, &params, FLUSH_RP_SIZE);
-}
-
-static inline void bt_hci_event_complete_read_local_name(struct bt_hci_s *hci)
-{
- read_local_name_rp params;
- params.status = HCI_SUCCESS;
- memset(params.name, 0, sizeof(params.name));
- if (hci->device.lmp_name)
- pstrcpy(params.name, sizeof(params.name), hci->device.lmp_name);
-
- bt_hci_event_complete(hci, &params, READ_LOCAL_NAME_RP_SIZE);
-}
-
-static inline void bt_hci_event_complete_read_conn_accept_timeout(
- struct bt_hci_s *hci)
-{
- read_conn_accept_timeout_rp params = {
- .status = HCI_SUCCESS,
- .timeout = cpu_to_le16(hci->conn_accept_tout),
- };
-
- bt_hci_event_complete(hci, &params, READ_CONN_ACCEPT_TIMEOUT_RP_SIZE);
-}
-
-static inline void bt_hci_event_complete_read_scan_enable(struct bt_hci_s *hci)
-{
- read_scan_enable_rp params = {
- .status = HCI_SUCCESS,
- .enable =
- (hci->device.inquiry_scan ? SCAN_INQUIRY : 0) |
- (hci->device.page_scan ? SCAN_PAGE : 0),
- };
-
- bt_hci_event_complete(hci, &params, READ_SCAN_ENABLE_RP_SIZE);
-}
-
-static inline void bt_hci_event_complete_read_local_class(struct bt_hci_s *hci)
-{
- read_class_of_dev_rp params;
-
- params.status = HCI_SUCCESS;
- memcpy(params.dev_class, hci->device.class, sizeof(params.dev_class));
-
- bt_hci_event_complete(hci, &params, READ_CLASS_OF_DEV_RP_SIZE);
-}
-
-static inline void bt_hci_event_complete_voice_setting(struct bt_hci_s *hci)
-{
- read_voice_setting_rp params = {
- .status = HCI_SUCCESS,
- .voice_setting = hci->voice_setting, /* Note: no swapping */
- };
-
- bt_hci_event_complete(hci, &params, READ_VOICE_SETTING_RP_SIZE);
-}
-
-static inline void bt_hci_event_complete_read_inquiry_mode(
- struct bt_hci_s *hci)
-{
- read_inquiry_mode_rp params = {
- .status = HCI_SUCCESS,
- .mode = hci->lm.inquiry_mode,
- };
-
- bt_hci_event_complete(hci, &params, READ_INQUIRY_MODE_RP_SIZE);
-}
-
-static inline void bt_hci_event_num_comp_pkts(struct bt_hci_s *hci,
- uint16_t handle, int packets)
-{
- uint16_t buf[EVT_NUM_COMP_PKTS_SIZE(1) / 2 + 1];
- evt_num_comp_pkts *params = (void *) ((uint8_t *) buf + 1);
-
- params->num_hndl = 1;
- params->connection->handle = HNDL(handle);
- params->connection->num_packets = cpu_to_le16(packets);
-
- bt_hci_event(hci, EVT_NUM_COMP_PKTS, params, EVT_NUM_COMP_PKTS_SIZE(1));
-}
-
-static void bt_submit_hci(struct HCIInfo *info,
- const uint8_t *data, int length)
-{
- struct bt_hci_s *hci = hci_from_info(info);
- uint16_t cmd;
- int paramlen, i;
-
- if (length < HCI_COMMAND_HDR_SIZE)
- goto short_hci;
-
- memcpy(&hci->last_cmd, data, 2);
-
- cmd = (data[1] << 8) | data[0];
- paramlen = data[2];
- if (cmd_opcode_ogf(cmd) == 0 || cmd_opcode_ocf(cmd) == 0) /* NOP */
- return;
-
- data += HCI_COMMAND_HDR_SIZE;
- length -= HCI_COMMAND_HDR_SIZE;
-
- if (paramlen > length)
- return;
-
-#define PARAM(cmd, param) (((cmd##_cp *) data)->param)
-#define PARAM16(cmd, param) le16_to_cpup(&PARAM(cmd, param))
-#define PARAMHANDLE(cmd) HNDL(PARAM(cmd, handle))
-#define LENGTH_CHECK(cmd) if (length < sizeof(cmd##_cp)) goto short_hci
- /* Note: the supported commands bitmask in bt_hci_read_local_commands_rp
- * needs to be updated every time a command is implemented here! */
- switch (cmd) {
- case cmd_opcode_pack(OGF_LINK_CTL, OCF_INQUIRY):
- LENGTH_CHECK(inquiry);
-
- if (PARAM(inquiry, length) < 1) {
- bt_hci_event_complete_status(hci, HCI_INVALID_PARAMETERS);
- break;
- }
-
- hci->lm.inquire = 1;
- hci->lm.periodic = 0;
- hci->lm.responses_left = PARAM(inquiry, num_rsp) ?: INT_MAX;
- hci->lm.responses = 0;
- bt_hci_event_status(hci, HCI_SUCCESS);
- bt_hci_inquiry_start(hci, PARAM(inquiry, length));
- break;
-
- case cmd_opcode_pack(OGF_LINK_CTL, OCF_INQUIRY_CANCEL):
- if (!hci->lm.inquire || hci->lm.periodic) {
- fprintf(stderr, "%s: Inquiry Cancel should only be issued after "
- "the Inquiry command has been issued, a Command "
- "Status event has been received for the Inquiry "
- "command, and before the Inquiry Complete event "
- "occurs", __FUNCTION__);
- bt_hci_event_complete_status(hci, HCI_COMMAND_DISALLOWED);
- break;
- }
-
- hci->lm.inquire = 0;
- qemu_del_timer(hci->lm.inquiry_done);
- bt_hci_event_complete_status(hci, HCI_SUCCESS);
- break;
-
- case cmd_opcode_pack(OGF_LINK_CTL, OCF_PERIODIC_INQUIRY):
- LENGTH_CHECK(periodic_inquiry);
-
- if (!(PARAM(periodic_inquiry, length) <
- PARAM16(periodic_inquiry, min_period) &&
- PARAM16(periodic_inquiry, min_period) <
- PARAM16(periodic_inquiry, max_period)) ||
- PARAM(periodic_inquiry, length) < 1 ||
- PARAM16(periodic_inquiry, min_period) < 2 ||
- PARAM16(periodic_inquiry, max_period) < 3) {
- bt_hci_event_complete_status(hci, HCI_INVALID_PARAMETERS);
- break;
- }
-
- hci->lm.inquire = 1;
- hci->lm.periodic = 1;
- hci->lm.responses_left = PARAM(periodic_inquiry, num_rsp);
- hci->lm.responses = 0;
- hci->lm.inquiry_period = PARAM16(periodic_inquiry, max_period);
- bt_hci_event_complete_status(hci, HCI_SUCCESS);
- bt_hci_inquiry_start(hci, PARAM(periodic_inquiry, length));
- break;
-
- case cmd_opcode_pack(OGF_LINK_CTL, OCF_EXIT_PERIODIC_INQUIRY):
- if (!hci->lm.inquire || !hci->lm.periodic) {
- fprintf(stderr, "%s: Inquiry Cancel should only be issued after "
- "the Inquiry command has been issued, a Command "
- "Status event has been received for the Inquiry "
- "command, and before the Inquiry Complete event "
- "occurs", __FUNCTION__);
- bt_hci_event_complete_status(hci, HCI_COMMAND_DISALLOWED);
- break;
- }
- hci->lm.inquire = 0;
- qemu_del_timer(hci->lm.inquiry_done);
- qemu_del_timer(hci->lm.inquiry_next);
- bt_hci_event_complete_status(hci, HCI_SUCCESS);
- break;
-
- case cmd_opcode_pack(OGF_LINK_CTL, OCF_CREATE_CONN):
- LENGTH_CHECK(create_conn);
-
- if (hci->lm.connecting >= HCI_HANDLES_MAX) {
- bt_hci_event_status(hci, HCI_REJECTED_LIMITED_RESOURCES);
- break;
- }
- bt_hci_event_status(hci, HCI_SUCCESS);
-
- if (bt_hci_connect(hci, &PARAM(create_conn, bdaddr)))
- bt_hci_connection_reject_event(hci, &PARAM(create_conn, bdaddr));
- break;
-
- case cmd_opcode_pack(OGF_LINK_CTL, OCF_DISCONNECT):
- LENGTH_CHECK(disconnect);
-
- if (bt_hci_handle_bad(hci, PARAMHANDLE(disconnect))) {
- bt_hci_event_status(hci, HCI_NO_CONNECTION);
- break;
- }
-
- bt_hci_event_status(hci, HCI_SUCCESS);
- bt_hci_disconnect(hci, PARAMHANDLE(disconnect),
- PARAM(disconnect, reason));
- break;
-
- case cmd_opcode_pack(OGF_LINK_CTL, OCF_CREATE_CONN_CANCEL):
- LENGTH_CHECK(create_conn_cancel);
-
- if (bt_hci_lmp_connection_ready(hci,
- &PARAM(create_conn_cancel, bdaddr))) {
- for (i = 0; i < HCI_HANDLES_MAX; i ++)
- if (bt_hci_role_master(hci, i) && hci->lm.handle[i].link &&
- !bacmp(&hci->lm.handle[i].link->slave->bd_addr,
- &PARAM(create_conn_cancel, bdaddr)))
- break;
-
- bt_hci_event_complete_conn_cancel(hci, i < HCI_HANDLES_MAX ?
- HCI_ACL_CONNECTION_EXISTS : HCI_NO_CONNECTION,
- &PARAM(create_conn_cancel, bdaddr));
- } else
- bt_hci_event_complete_conn_cancel(hci, HCI_SUCCESS,
- &PARAM(create_conn_cancel, bdaddr));
- break;
-
- case cmd_opcode_pack(OGF_LINK_CTL, OCF_ACCEPT_CONN_REQ):
- LENGTH_CHECK(accept_conn_req);
-
- if (!hci->conn_req_host ||
- bacmp(&PARAM(accept_conn_req, bdaddr),
- &hci->conn_req_host->bd_addr)) {
- bt_hci_event_status(hci, HCI_INVALID_PARAMETERS);
- break;
- }
-
- bt_hci_event_status(hci, HCI_SUCCESS);
- bt_hci_connection_accept(hci, hci->conn_req_host);
- hci->conn_req_host = NULL;
- break;
-
- case cmd_opcode_pack(OGF_LINK_CTL, OCF_REJECT_CONN_REQ):
- LENGTH_CHECK(reject_conn_req);
-
- if (!hci->conn_req_host ||
- bacmp(&PARAM(reject_conn_req, bdaddr),
- &hci->conn_req_host->bd_addr)) {
- bt_hci_event_status(hci, HCI_INVALID_PARAMETERS);
- break;
- }
-
- bt_hci_event_status(hci, HCI_SUCCESS);
- bt_hci_connection_reject(hci, hci->conn_req_host,
- PARAM(reject_conn_req, reason));
- bt_hci_connection_reject_event(hci, &hci->conn_req_host->bd_addr);
- hci->conn_req_host = NULL;
- break;
-
- case cmd_opcode_pack(OGF_LINK_CTL, OCF_AUTH_REQUESTED):
- LENGTH_CHECK(auth_requested);
-
- if (bt_hci_handle_bad(hci, PARAMHANDLE(auth_requested)))
- bt_hci_event_status(hci, HCI_NO_CONNECTION);
- else {
- bt_hci_event_status(hci, HCI_SUCCESS);
- bt_hci_event_auth_complete(hci, PARAMHANDLE(auth_requested));
- }
- break;
-
- case cmd_opcode_pack(OGF_LINK_CTL, OCF_SET_CONN_ENCRYPT):
- LENGTH_CHECK(set_conn_encrypt);
-
- if (bt_hci_handle_bad(hci, PARAMHANDLE(set_conn_encrypt)))
- bt_hci_event_status(hci, HCI_NO_CONNECTION);
- else {
- bt_hci_event_status(hci, HCI_SUCCESS);
- bt_hci_event_encrypt_change(hci,
- PARAMHANDLE(set_conn_encrypt),
- PARAM(set_conn_encrypt, encrypt));
- }
- break;
-
- case cmd_opcode_pack(OGF_LINK_CTL, OCF_REMOTE_NAME_REQ):
- LENGTH_CHECK(remote_name_req);
-
- if (bt_hci_name_req(hci, &PARAM(remote_name_req, bdaddr)))
- bt_hci_event_status(hci, HCI_NO_CONNECTION);
- break;
-
- case cmd_opcode_pack(OGF_LINK_CTL, OCF_REMOTE_NAME_REQ_CANCEL):
- LENGTH_CHECK(remote_name_req_cancel);
-
- bt_hci_event_complete_name_cancel(hci,
- &PARAM(remote_name_req_cancel, bdaddr));
- break;
-
- case cmd_opcode_pack(OGF_LINK_CTL, OCF_READ_REMOTE_FEATURES):
- LENGTH_CHECK(read_remote_features);
-
- if (bt_hci_features_req(hci, PARAMHANDLE(read_remote_features)))
- bt_hci_event_status(hci, HCI_NO_CONNECTION);
- break;
-
- case cmd_opcode_pack(OGF_LINK_CTL, OCF_READ_REMOTE_EXT_FEATURES):
- LENGTH_CHECK(read_remote_ext_features);
-
- if (bt_hci_handle_bad(hci, PARAMHANDLE(read_remote_ext_features)))
- bt_hci_event_status(hci, HCI_NO_CONNECTION);
- else {
- bt_hci_event_status(hci, HCI_SUCCESS);
- bt_hci_event_read_remote_ext_features(hci,
- PARAMHANDLE(read_remote_ext_features));
- }
- break;
-
- case cmd_opcode_pack(OGF_LINK_CTL, OCF_READ_REMOTE_VERSION):
- LENGTH_CHECK(read_remote_version);
-
- if (bt_hci_version_req(hci, PARAMHANDLE(read_remote_version)))
- bt_hci_event_status(hci, HCI_NO_CONNECTION);
- break;
-
- case cmd_opcode_pack(OGF_LINK_CTL, OCF_READ_CLOCK_OFFSET):
- LENGTH_CHECK(read_clock_offset);
-
- if (bt_hci_clkoffset_req(hci, PARAMHANDLE(read_clock_offset)))
- bt_hci_event_status(hci, HCI_NO_CONNECTION);
- break;
-
- case cmd_opcode_pack(OGF_LINK_CTL, OCF_READ_LMP_HANDLE):
- LENGTH_CHECK(read_lmp_handle);
-
- /* TODO: */
- bt_hci_event_complete_lmp_handle(hci, PARAMHANDLE(read_lmp_handle));
- break;
-
- case cmd_opcode_pack(OGF_LINK_POLICY, OCF_HOLD_MODE):
- LENGTH_CHECK(hold_mode);
-
- if (PARAM16(hold_mode, min_interval) >
- PARAM16(hold_mode, max_interval) ||
- PARAM16(hold_mode, min_interval) < 0x0002 ||
- PARAM16(hold_mode, max_interval) > 0xff00 ||
- (PARAM16(hold_mode, min_interval) & 1) ||
- (PARAM16(hold_mode, max_interval) & 1)) {
- bt_hci_event_status(hci, HCI_INVALID_PARAMETERS);
- break;
- }
-
- if (bt_hci_mode_change(hci, PARAMHANDLE(hold_mode),
- PARAM16(hold_mode, max_interval),
- acl_hold))
- bt_hci_event_status(hci, HCI_NO_CONNECTION);
- break;
-
- case cmd_opcode_pack(OGF_LINK_POLICY, OCF_PARK_MODE):
- LENGTH_CHECK(park_mode);
-
- if (PARAM16(park_mode, min_interval) >
- PARAM16(park_mode, max_interval) ||
- PARAM16(park_mode, min_interval) < 0x000e ||
- (PARAM16(park_mode, min_interval) & 1) ||
- (PARAM16(park_mode, max_interval) & 1)) {
- bt_hci_event_status(hci, HCI_INVALID_PARAMETERS);
- break;
- }
-
- if (bt_hci_mode_change(hci, PARAMHANDLE(park_mode),
- PARAM16(park_mode, max_interval),
- acl_parked))
- bt_hci_event_status(hci, HCI_NO_CONNECTION);
- break;
-
- case cmd_opcode_pack(OGF_LINK_POLICY, OCF_EXIT_PARK_MODE):
- LENGTH_CHECK(exit_park_mode);
-
- if (bt_hci_mode_cancel(hci, PARAMHANDLE(exit_park_mode),
- acl_parked))
- bt_hci_event_status(hci, HCI_NO_CONNECTION);
- break;
-
- case cmd_opcode_pack(OGF_LINK_POLICY, OCF_ROLE_DISCOVERY):
- LENGTH_CHECK(role_discovery);
-
- if (bt_hci_handle_bad(hci, PARAMHANDLE(role_discovery)))
- bt_hci_event_complete_role_discovery(hci,
- HCI_NO_CONNECTION, PARAMHANDLE(role_discovery), 0);
- else
- bt_hci_event_complete_role_discovery(hci,
- HCI_SUCCESS, PARAMHANDLE(role_discovery),
- bt_hci_role_master(hci,
- PARAMHANDLE(role_discovery)));
- break;
-
- case cmd_opcode_pack(OGF_HOST_CTL, OCF_SET_EVENT_MASK):
- LENGTH_CHECK(set_event_mask);
-
- memcpy(hci->event_mask, PARAM(set_event_mask, mask), 8);
- bt_hci_event_complete_status(hci, HCI_SUCCESS);
- break;
-
- case cmd_opcode_pack(OGF_HOST_CTL, OCF_RESET):
- bt_hci_reset(hci);
- bt_hci_event_status(hci, HCI_SUCCESS);
- break;
-
- case cmd_opcode_pack(OGF_HOST_CTL, OCF_SET_EVENT_FLT):
- if (length >= 1 && PARAM(set_event_flt, flt_type) == FLT_CLEAR_ALL)
- /* No length check */;
- else
- LENGTH_CHECK(set_event_flt);
-
- /* Filters are not implemented */
- bt_hci_event_complete_status(hci, HCI_SUCCESS);
- break;
-
- case cmd_opcode_pack(OGF_HOST_CTL, OCF_FLUSH):
- LENGTH_CHECK(flush);
-
- if (bt_hci_handle_bad(hci, PARAMHANDLE(flush)))
- bt_hci_event_complete_flush(hci,
- HCI_NO_CONNECTION, PARAMHANDLE(flush));
- else {
- /* TODO: ordering? */
- bt_hci_event(hci, EVT_FLUSH_OCCURRED,
- &PARAM(flush, handle),
- EVT_FLUSH_OCCURRED_SIZE);
- bt_hci_event_complete_flush(hci,
- HCI_SUCCESS, PARAMHANDLE(flush));
- }
- break;
-
- case cmd_opcode_pack(OGF_HOST_CTL, OCF_CHANGE_LOCAL_NAME):
- LENGTH_CHECK(change_local_name);
-
- if (hci->device.lmp_name)
- g_free((void *) hci->device.lmp_name);
- hci->device.lmp_name = g_strndup(PARAM(change_local_name, name),
- sizeof(PARAM(change_local_name, name)));
- bt_hci_event_complete_status(hci, HCI_SUCCESS);
- break;
-
- case cmd_opcode_pack(OGF_HOST_CTL, OCF_READ_LOCAL_NAME):
- bt_hci_event_complete_read_local_name(hci);
- break;
-
- case cmd_opcode_pack(OGF_HOST_CTL, OCF_READ_CONN_ACCEPT_TIMEOUT):
- bt_hci_event_complete_read_conn_accept_timeout(hci);
- break;
-
- case cmd_opcode_pack(OGF_HOST_CTL, OCF_WRITE_CONN_ACCEPT_TIMEOUT):
- /* TODO */
- LENGTH_CHECK(write_conn_accept_timeout);
-
- if (PARAM16(write_conn_accept_timeout, timeout) < 0x0001 ||
- PARAM16(write_conn_accept_timeout, timeout) > 0xb540) {
- bt_hci_event_complete_status(hci, HCI_INVALID_PARAMETERS);
- break;
- }
-
- hci->conn_accept_tout = PARAM16(write_conn_accept_timeout, timeout);
- bt_hci_event_complete_status(hci, HCI_SUCCESS);
- break;
-
- case cmd_opcode_pack(OGF_HOST_CTL, OCF_READ_SCAN_ENABLE):
- bt_hci_event_complete_read_scan_enable(hci);
- break;
-
- case cmd_opcode_pack(OGF_HOST_CTL, OCF_WRITE_SCAN_ENABLE):
- LENGTH_CHECK(write_scan_enable);
-
- /* TODO: check that the remaining bits are all 0 */
- hci->device.inquiry_scan =
- !!(PARAM(write_scan_enable, scan_enable) & SCAN_INQUIRY);
- hci->device.page_scan =
- !!(PARAM(write_scan_enable, scan_enable) & SCAN_PAGE);
- bt_hci_event_complete_status(hci, HCI_SUCCESS);
- break;
-
- case cmd_opcode_pack(OGF_HOST_CTL, OCF_READ_CLASS_OF_DEV):
- bt_hci_event_complete_read_local_class(hci);
- break;
-
- case cmd_opcode_pack(OGF_HOST_CTL, OCF_WRITE_CLASS_OF_DEV):
- LENGTH_CHECK(write_class_of_dev);
-
- memcpy(hci->device.class, PARAM(write_class_of_dev, dev_class),
- sizeof(PARAM(write_class_of_dev, dev_class)));
- bt_hci_event_complete_status(hci, HCI_SUCCESS);
- break;
-
- case cmd_opcode_pack(OGF_HOST_CTL, OCF_READ_VOICE_SETTING):
- bt_hci_event_complete_voice_setting(hci);
- break;
-
- case cmd_opcode_pack(OGF_HOST_CTL, OCF_WRITE_VOICE_SETTING):
- LENGTH_CHECK(write_voice_setting);
-
- hci->voice_setting = PARAM(write_voice_setting, voice_setting);
- bt_hci_event_complete_status(hci, HCI_SUCCESS);
- break;
-
- case cmd_opcode_pack(OGF_HOST_CTL, OCF_HOST_NUMBER_OF_COMPLETED_PACKETS):
- if (length < data[0] * 2 + 1)
- goto short_hci;
-
- for (i = 0; i < data[0]; i ++)
- if (bt_hci_handle_bad(hci,
- data[i * 2 + 1] | (data[i * 2 + 2] << 8)))
- bt_hci_event_complete_status(hci, HCI_INVALID_PARAMETERS);
- break;
-
- case cmd_opcode_pack(OGF_HOST_CTL, OCF_READ_INQUIRY_MODE):
- /* Only if (local_features[3] & 0x40) && (local_commands[12] & 0x40)
- * else
- * goto unknown_command */
- bt_hci_event_complete_read_inquiry_mode(hci);
- break;
-
- case cmd_opcode_pack(OGF_HOST_CTL, OCF_WRITE_INQUIRY_MODE):
- /* Only if (local_features[3] & 0x40) && (local_commands[12] & 0x80)
- * else
- * goto unknown_command */
- LENGTH_CHECK(write_inquiry_mode);
-
- if (PARAM(write_inquiry_mode, mode) > 0x01) {
- bt_hci_event_complete_status(hci, HCI_INVALID_PARAMETERS);
- break;
- }
-
- hci->lm.inquiry_mode = PARAM(write_inquiry_mode, mode);
- bt_hci_event_complete_status(hci, HCI_SUCCESS);
- break;
-
- case cmd_opcode_pack(OGF_INFO_PARAM, OCF_READ_LOCAL_VERSION):
- bt_hci_read_local_version_rp(hci);
- break;
-
- case cmd_opcode_pack(OGF_INFO_PARAM, OCF_READ_LOCAL_COMMANDS):
- bt_hci_read_local_commands_rp(hci);
- break;
-
- case cmd_opcode_pack(OGF_INFO_PARAM, OCF_READ_LOCAL_FEATURES):
- bt_hci_read_local_features_rp(hci);
- break;
-
- case cmd_opcode_pack(OGF_INFO_PARAM, OCF_READ_LOCAL_EXT_FEATURES):
- LENGTH_CHECK(read_local_ext_features);
-
- bt_hci_read_local_ext_features_rp(hci,
- PARAM(read_local_ext_features, page_num));
- break;
-
- case cmd_opcode_pack(OGF_INFO_PARAM, OCF_READ_BUFFER_SIZE):
- bt_hci_read_buffer_size_rp(hci);
- break;
-
- case cmd_opcode_pack(OGF_INFO_PARAM, OCF_READ_COUNTRY_CODE):
- bt_hci_read_country_code_rp(hci);
- break;
-
- case cmd_opcode_pack(OGF_INFO_PARAM, OCF_READ_BD_ADDR):
- bt_hci_read_bd_addr_rp(hci);
- break;
-
- case cmd_opcode_pack(OGF_STATUS_PARAM, OCF_READ_LINK_QUALITY):
- LENGTH_CHECK(read_link_quality);
-
- bt_hci_link_quality_rp(hci, PARAMHANDLE(read_link_quality));
- break;
-
- default:
- bt_hci_event_status(hci, HCI_UNKNOWN_COMMAND);
- break;
-
- short_hci:
- fprintf(stderr, "%s: HCI packet too short (%iB)\n",
- __FUNCTION__, length);
- bt_hci_event_status(hci, HCI_INVALID_PARAMETERS);
- break;
- }
-}
-
-/* We could perform fragmentation here, we can't do "recombination" because
- * at this layer the length of the payload is not know ahead, so we only
- * know that a packet contained the last fragment of the SDU when the next
- * SDU starts. */
-static inline void bt_hci_lmp_acl_data(struct bt_hci_s *hci, uint16_t handle,
- const uint8_t *data, int start, int len)
-{
- struct hci_acl_hdr *pkt = (void *) hci->acl_buf;
-
- /* TODO: packet flags */
- /* TODO: avoid memcpy'ing */
-
- if (len + HCI_ACL_HDR_SIZE > sizeof(hci->acl_buf)) {
- fprintf(stderr, "%s: can't take ACL packets %i bytes long\n",
- __FUNCTION__, len);
- return;
- }
- memcpy(hci->acl_buf + HCI_ACL_HDR_SIZE, data, len);
-
- pkt->handle = cpu_to_le16(
- acl_handle_pack(handle, start ? ACL_START : ACL_CONT));
- pkt->dlen = cpu_to_le16(len);
- hci->info.acl_recv(hci->info.opaque,
- hci->acl_buf, len + HCI_ACL_HDR_SIZE);
-}
-
-static void bt_hci_lmp_acl_data_slave(struct bt_link_s *btlink,
- const uint8_t *data, int start, int len)
-{
- struct bt_hci_link_s *link = (struct bt_hci_link_s *) btlink;
-
- bt_hci_lmp_acl_data(hci_from_device(btlink->slave),
- link->handle, data, start, len);
-}
-
-static void bt_hci_lmp_acl_data_host(struct bt_link_s *link,
- const uint8_t *data, int start, int len)
-{
- bt_hci_lmp_acl_data(hci_from_device(link->host),
- link->handle, data, start, len);
-}
-
-static void bt_submit_acl(struct HCIInfo *info,
- const uint8_t *data, int length)
-{
- struct bt_hci_s *hci = hci_from_info(info);
- uint16_t handle;
- int datalen, flags;
- struct bt_link_s *link;
-
- if (length < HCI_ACL_HDR_SIZE) {
- fprintf(stderr, "%s: ACL packet too short (%iB)\n",
- __FUNCTION__, length);
- return;
- }
-
- handle = acl_handle((data[1] << 8) | data[0]);
- flags = acl_flags((data[1] << 8) | data[0]);
- datalen = (data[3] << 8) | data[2];
- data += HCI_ACL_HDR_SIZE;
- length -= HCI_ACL_HDR_SIZE;
-
- if (bt_hci_handle_bad(hci, handle)) {
- fprintf(stderr, "%s: invalid ACL handle %03x\n",
- __FUNCTION__, handle);
- /* TODO: signal an error */
- return;
- }
- handle &= ~HCI_HANDLE_OFFSET;
-
- if (datalen > length) {
- fprintf(stderr, "%s: ACL packet too short (%iB < %iB)\n",
- __FUNCTION__, length, datalen);
- return;
- }
-
- link = hci->lm.handle[handle].link;
-
- if ((flags & ~3) == ACL_ACTIVE_BCAST) {
- if (!hci->asb_handle)
- hci->asb_handle = handle;
- else if (handle != hci->asb_handle) {
- fprintf(stderr, "%s: Bad handle %03x in Active Slave Broadcast\n",
- __FUNCTION__, handle);
- /* TODO: signal an error */
- return;
- }
-
- /* TODO */
- }
-
- if ((flags & ~3) == ACL_PICO_BCAST) {
- if (!hci->psb_handle)
- hci->psb_handle = handle;
- else if (handle != hci->psb_handle) {
- fprintf(stderr, "%s: Bad handle %03x in Parked Slave Broadcast\n",
- __FUNCTION__, handle);
- /* TODO: signal an error */
- return;
- }
-
- /* TODO */
- }
-
- /* TODO: increase counter and send EVT_NUM_COMP_PKTS */
- bt_hci_event_num_comp_pkts(hci, handle | HCI_HANDLE_OFFSET, 1);
-
- /* Do this last as it can trigger further events even in this HCI */
- hci->lm.handle[handle].lmp_acl_data(link, data,
- (flags & 3) == ACL_START, length);
-}
-
-static void bt_submit_sco(struct HCIInfo *info,
- const uint8_t *data, int length)
-{
- struct bt_hci_s *hci = hci_from_info(info);
- uint16_t handle;
- int datalen;
-
- if (length < 3)
- return;
-
- handle = acl_handle((data[1] << 8) | data[0]);
- datalen = data[2];
- length -= 3;
-
- if (bt_hci_handle_bad(hci, handle)) {
- fprintf(stderr, "%s: invalid SCO handle %03x\n",
- __FUNCTION__, handle);
- return;
- }
-
- if (datalen > length) {
- fprintf(stderr, "%s: SCO packet too short (%iB < %iB)\n",
- __FUNCTION__, length, datalen);
- return;
- }
-
- /* TODO */
-
- /* TODO: increase counter and send EVT_NUM_COMP_PKTS if synchronous
- * Flow Control is enabled.
- * (See Read/Write_Synchronous_Flow_Control_Enable on page 513 and
- * page 514.) */
-}
-
-static uint8_t *bt_hci_evt_packet(void *opaque)
-{
- /* TODO: allocate a packet from upper layer */
- struct bt_hci_s *s = opaque;
-
- return s->evt_buf;
-}
-
-static void bt_hci_evt_submit(void *opaque, int len)
-{
- /* TODO: notify upper layer */
- struct bt_hci_s *s = opaque;
-
- s->info.evt_recv(s->info.opaque, s->evt_buf, len);
-}
-
-static int bt_hci_bdaddr_set(struct HCIInfo *info, const uint8_t *bd_addr)
-{
- struct bt_hci_s *hci = hci_from_info(info);
-
- bacpy(&hci->device.bd_addr, (const bdaddr_t *) bd_addr);
- return 0;
-}
-
-static void bt_hci_done(struct HCIInfo *info);
-static void bt_hci_destroy(struct bt_device_s *dev)
-{
- struct bt_hci_s *hci = hci_from_device(dev);
-
- bt_hci_done(&hci->info);
-}
-
-struct HCIInfo *bt_new_hci(struct bt_scatternet_s *net)
-{
- struct bt_hci_s *s = g_malloc0(sizeof(struct bt_hci_s));
-
- s->lm.inquiry_done = qemu_new_timer_ns(vm_clock, bt_hci_inquiry_done, s);
- s->lm.inquiry_next = qemu_new_timer_ns(vm_clock, bt_hci_inquiry_next, s);
- s->conn_accept_timer =
- qemu_new_timer_ns(vm_clock, bt_hci_conn_accept_timeout, s);
-
- s->evt_packet = bt_hci_evt_packet;
- s->evt_submit = bt_hci_evt_submit;
- s->opaque = s;
-
- bt_device_init(&s->device, net);
- s->device.lmp_connection_request = bt_hci_lmp_connection_request;
- s->device.lmp_connection_complete = bt_hci_lmp_connection_complete;
- s->device.lmp_disconnect_master = bt_hci_lmp_disconnect_host;
- s->device.lmp_disconnect_slave = bt_hci_lmp_disconnect_slave;
- s->device.lmp_acl_data = bt_hci_lmp_acl_data_slave;
- s->device.lmp_acl_resp = bt_hci_lmp_acl_data_host;
- s->device.lmp_mode_change = bt_hci_lmp_mode_change_slave;
-
- /* Keep updated! */
- /* Also keep in sync with supported commands bitmask in
- * bt_hci_read_local_commands_rp */
- s->device.lmp_caps = 0x8000199b7e85355fll;
-
- bt_hci_reset(s);
-
- s->info.cmd_send = bt_submit_hci;
- s->info.sco_send = bt_submit_sco;
- s->info.acl_send = bt_submit_acl;
- s->info.bdaddr_set = bt_hci_bdaddr_set;
-
- s->device.handle_destroy = bt_hci_destroy;
-
- return &s->info;
-}
-
-static void bt_hci_done(struct HCIInfo *info)
-{
- struct bt_hci_s *hci = hci_from_info(info);
- int handle;
-
- bt_device_done(&hci->device);
-
- if (hci->device.lmp_name)
- g_free((void *) hci->device.lmp_name);
-
- /* Be gentle and send DISCONNECT to all connected peers and those
- * currently waiting for us to accept or reject a connection request.
- * This frees the links. */
- if (hci->conn_req_host) {
- bt_hci_connection_reject(hci,
- hci->conn_req_host, HCI_OE_POWER_OFF);
- return;
- }
-
- for (handle = HCI_HANDLE_OFFSET;
- handle < (HCI_HANDLE_OFFSET | HCI_HANDLES_MAX); handle ++)
- if (!bt_hci_handle_bad(hci, handle))
- bt_hci_disconnect(hci, handle, HCI_OE_POWER_OFF);
-
- /* TODO: this is not enough actually, there may be slaves from whom
- * we have requested a connection who will soon (or not) respond with
- * an accept or a reject, so we should also check if hci->lm.connecting
- * is non-zero and if so, avoid freeing the hci but otherwise disappear
- * from all qemu social life (e.g. stop scanning and request to be
- * removed from s->device.net) and arrange for
- * s->device.lmp_connection_complete to free the remaining bits once
- * hci->lm.awaiting_bdaddr[] is empty. */
-
- qemu_free_timer(hci->lm.inquiry_done);
- qemu_free_timer(hci->lm.inquiry_next);
- qemu_free_timer(hci->conn_accept_timer);
-
- g_free(hci);
-}
diff --git a/hw/bt-hid.c b/hw/bt-hid.c
deleted file mode 100644
index 8d7a3dae2..000000000
--- a/hw/bt-hid.c
+++ /dev/null
@@ -1,553 +0,0 @@
-/*
- * QEMU Bluetooth HID Profile wrapper for USB HID.
- *
- * Copyright (C) 2007-2008 OpenMoko, Inc.
- * Written by Andrzej Zaborowski <andrew@openedhand.com>
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License as
- * published by the Free Software Foundation; either version 2 or
- * (at your option) version 3 of the License.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, if not, see <http://www.gnu.org/licenses/>.
- */
-
-#include "qemu-common.h"
-#include "qemu-timer.h"
-#include "console.h"
-#include "hid.h"
-#include "bt.h"
-
-enum hid_transaction_req {
- BT_HANDSHAKE = 0x0,
- BT_HID_CONTROL = 0x1,
- BT_GET_REPORT = 0x4,
- BT_SET_REPORT = 0x5,
- BT_GET_PROTOCOL = 0x6,
- BT_SET_PROTOCOL = 0x7,
- BT_GET_IDLE = 0x8,
- BT_SET_IDLE = 0x9,
- BT_DATA = 0xa,
- BT_DATC = 0xb,
-};
-
-enum hid_transaction_handshake {
- BT_HS_SUCCESSFUL = 0x0,
- BT_HS_NOT_READY = 0x1,
- BT_HS_ERR_INVALID_REPORT_ID = 0x2,
- BT_HS_ERR_UNSUPPORTED_REQUEST = 0x3,
- BT_HS_ERR_INVALID_PARAMETER = 0x4,
- BT_HS_ERR_UNKNOWN = 0xe,
- BT_HS_ERR_FATAL = 0xf,
-};
-
-enum hid_transaction_control {
- BT_HC_NOP = 0x0,
- BT_HC_HARD_RESET = 0x1,
- BT_HC_SOFT_RESET = 0x2,
- BT_HC_SUSPEND = 0x3,
- BT_HC_EXIT_SUSPEND = 0x4,
- BT_HC_VIRTUAL_CABLE_UNPLUG = 0x5,
-};
-
-enum hid_protocol {
- BT_HID_PROTO_BOOT = 0,
- BT_HID_PROTO_REPORT = 1,
-};
-
-enum hid_boot_reportid {
- BT_HID_BOOT_INVALID = 0,
- BT_HID_BOOT_KEYBOARD,
- BT_HID_BOOT_MOUSE,
-};
-
-enum hid_data_pkt {
- BT_DATA_OTHER = 0,
- BT_DATA_INPUT,
- BT_DATA_OUTPUT,
- BT_DATA_FEATURE,
-};
-
-#define BT_HID_MTU 48
-
-/* HID interface requests */
-#define GET_REPORT 0xa101
-#define GET_IDLE 0xa102
-#define GET_PROTOCOL 0xa103
-#define SET_REPORT 0x2109
-#define SET_IDLE 0x210a
-#define SET_PROTOCOL 0x210b
-
-struct bt_hid_device_s {
- struct bt_l2cap_device_s btdev;
- struct bt_l2cap_conn_params_s *control;
- struct bt_l2cap_conn_params_s *interrupt;
- HIDState hid;
-
- int proto;
- int connected;
- int data_type;
- int intr_state;
- struct {
- int len;
- uint8_t buffer[1024];
- } dataother, datain, dataout, feature, intrdataout;
- enum {
- bt_state_ready,
- bt_state_transaction,
- bt_state_suspend,
- } state;
-};
-
-static void bt_hid_reset(struct bt_hid_device_s *s)
-{
- struct bt_scatternet_s *net = s->btdev.device.net;
-
- /* Go as far as... */
- bt_l2cap_device_done(&s->btdev);
- bt_l2cap_device_init(&s->btdev, net);
-
- hid_reset(&s->hid);
- s->proto = BT_HID_PROTO_REPORT;
- s->state = bt_state_ready;
- s->dataother.len = 0;
- s->datain.len = 0;
- s->dataout.len = 0;
- s->feature.len = 0;
- s->intrdataout.len = 0;
- s->intr_state = 0;
-}
-
-static int bt_hid_out(struct bt_hid_device_s *s)
-{
- if (s->data_type == BT_DATA_OUTPUT) {
- /* nothing */
- ;
- }
-
- if (s->data_type == BT_DATA_FEATURE) {
- /* XXX:
- * does this send a USB_REQ_CLEAR_FEATURE/USB_REQ_SET_FEATURE
- * or a SET_REPORT? */
- ;
- }
-
- return -1;
-}
-
-static int bt_hid_in(struct bt_hid_device_s *s)
-{
- s->datain.len = hid_keyboard_poll(&s->hid, s->datain.buffer,
- sizeof(s->datain.buffer));
- return s->datain.len;
-}
-
-static void bt_hid_send_handshake(struct bt_hid_device_s *s, int result)
-{
- *s->control->sdu_out(s->control, 1) =
- (BT_HANDSHAKE << 4) | result;
- s->control->sdu_submit(s->control);
-}
-
-static void bt_hid_send_control(struct bt_hid_device_s *s, int operation)
-{
- *s->control->sdu_out(s->control, 1) =
- (BT_HID_CONTROL << 4) | operation;
- s->control->sdu_submit(s->control);
-}
-
-static void bt_hid_disconnect(struct bt_hid_device_s *s)
-{
- /* Disconnect s->control and s->interrupt */
-}
-
-static void bt_hid_send_data(struct bt_l2cap_conn_params_s *ch, int type,
- const uint8_t *data, int len)
-{
- uint8_t *pkt, hdr = (BT_DATA << 4) | type;
- int plen;
-
- do {
- plen = MIN(len, ch->remote_mtu - 1);
- pkt = ch->sdu_out(ch, plen + 1);
-
- pkt[0] = hdr;
- if (plen)
- memcpy(pkt + 1, data, plen);
- ch->sdu_submit(ch);
-
- len -= plen;
- data += plen;
- hdr = (BT_DATC << 4) | type;
- } while (plen == ch->remote_mtu - 1);
-}
-
-static void bt_hid_control_transaction(struct bt_hid_device_s *s,
- const uint8_t *data, int len)
-{
- uint8_t type, parameter;
- int rlen, ret = -1;
- if (len < 1)
- return;
-
- type = data[0] >> 4;
- parameter = data[0] & 0xf;
-
- switch (type) {
- case BT_HANDSHAKE:
- case BT_DATA:
- switch (parameter) {
- default:
- /* These are not expected to be sent this direction. */
- ret = BT_HS_ERR_INVALID_PARAMETER;
- }
- break;
-
- case BT_HID_CONTROL:
- if (len != 1 || (parameter != BT_HC_VIRTUAL_CABLE_UNPLUG &&
- s->state == bt_state_transaction)) {
- ret = BT_HS_ERR_INVALID_PARAMETER;
- break;
- }
- switch (parameter) {
- case BT_HC_NOP:
- break;
- case BT_HC_HARD_RESET:
- case BT_HC_SOFT_RESET:
- bt_hid_reset(s);
- break;
- case BT_HC_SUSPEND:
- if (s->state == bt_state_ready)
- s->state = bt_state_suspend;
- else
- ret = BT_HS_ERR_INVALID_PARAMETER;
- break;
- case BT_HC_EXIT_SUSPEND:
- if (s->state == bt_state_suspend)
- s->state = bt_state_ready;
- else
- ret = BT_HS_ERR_INVALID_PARAMETER;
- break;
- case BT_HC_VIRTUAL_CABLE_UNPLUG:
- bt_hid_disconnect(s);
- break;
- default:
- ret = BT_HS_ERR_INVALID_PARAMETER;
- }
- break;
-
- case BT_GET_REPORT:
- /* No ReportIDs declared. */
- if (((parameter & 8) && len != 3) ||
- (!(parameter & 8) && len != 1) ||
- s->state != bt_state_ready) {
- ret = BT_HS_ERR_INVALID_PARAMETER;
- break;
- }
- if (parameter & 8)
- rlen = data[2] | (data[3] << 8);
- else
- rlen = INT_MAX;
- switch (parameter & 3) {
- case BT_DATA_OTHER:
- ret = BT_HS_ERR_INVALID_PARAMETER;
- break;
- case BT_DATA_INPUT:
- /* Here we can as well poll s->usbdev */
- bt_hid_send_data(s->control, BT_DATA_INPUT,
- s->datain.buffer, MIN(rlen, s->datain.len));
- break;
- case BT_DATA_OUTPUT:
- bt_hid_send_data(s->control, BT_DATA_OUTPUT,
- s->dataout.buffer, MIN(rlen, s->dataout.len));
- break;
- case BT_DATA_FEATURE:
- bt_hid_send_data(s->control, BT_DATA_FEATURE,
- s->feature.buffer, MIN(rlen, s->feature.len));
- break;
- }
- break;
-
- case BT_SET_REPORT:
- if (len < 2 || len > BT_HID_MTU || s->state != bt_state_ready ||
- (parameter & 3) == BT_DATA_OTHER ||
- (parameter & 3) == BT_DATA_INPUT) {
- ret = BT_HS_ERR_INVALID_PARAMETER;
- break;
- }
- s->data_type = parameter & 3;
- if (s->data_type == BT_DATA_OUTPUT) {
- s->dataout.len = len - 1;
- memcpy(s->dataout.buffer, data + 1, s->dataout.len);
- } else {
- s->feature.len = len - 1;
- memcpy(s->feature.buffer, data + 1, s->feature.len);
- }
- if (len == BT_HID_MTU)
- s->state = bt_state_transaction;
- else
- bt_hid_out(s);
- break;
-
- case BT_GET_PROTOCOL:
- if (len != 1 || s->state == bt_state_transaction) {
- ret = BT_HS_ERR_INVALID_PARAMETER;
- break;
- }
- *s->control->sdu_out(s->control, 1) = s->proto;
- s->control->sdu_submit(s->control);
- break;
-
- case BT_SET_PROTOCOL:
- if (len != 1 || s->state == bt_state_transaction ||
- (parameter != BT_HID_PROTO_BOOT &&
- parameter != BT_HID_PROTO_REPORT)) {
- ret = BT_HS_ERR_INVALID_PARAMETER;
- break;
- }
- s->proto = parameter;
- s->hid.protocol = parameter;
- ret = BT_HS_SUCCESSFUL;
- break;
-
- case BT_GET_IDLE:
- if (len != 1 || s->state == bt_state_transaction) {
- ret = BT_HS_ERR_INVALID_PARAMETER;
- break;
- }
- *s->control->sdu_out(s->control, 1) = s->hid.idle;
- s->control->sdu_submit(s->control);
- break;
-
- case BT_SET_IDLE:
- if (len != 2 || s->state == bt_state_transaction) {
- ret = BT_HS_ERR_INVALID_PARAMETER;
- break;
- }
-
- s->hid.idle = data[1];
- /* XXX: Does this generate a handshake? */
- break;
-
- case BT_DATC:
- if (len > BT_HID_MTU || s->state != bt_state_transaction) {
- ret = BT_HS_ERR_INVALID_PARAMETER;
- break;
- }
- if (s->data_type == BT_DATA_OUTPUT) {
- memcpy(s->dataout.buffer + s->dataout.len, data + 1, len - 1);
- s->dataout.len += len - 1;
- } else {
- memcpy(s->feature.buffer + s->feature.len, data + 1, len - 1);
- s->feature.len += len - 1;
- }
- if (len < BT_HID_MTU) {
- bt_hid_out(s);
- s->state = bt_state_ready;
- }
- break;
-
- default:
- ret = BT_HS_ERR_UNSUPPORTED_REQUEST;
- }
-
- if (ret != -1)
- bt_hid_send_handshake(s, ret);
-}
-
-static void bt_hid_control_sdu(void *opaque, const uint8_t *data, int len)
-{
- struct bt_hid_device_s *hid = opaque;
-
- bt_hid_control_transaction(hid, data, len);
-}
-
-static void bt_hid_datain(HIDState *hs)
-{
- struct bt_hid_device_s *hid =
- container_of(hs, struct bt_hid_device_s, hid);
-
- /* If suspended, wake-up and send a wake-up event first. We might
- * want to also inspect the input report and ignore event like
- * mouse movements until a button event occurs. */
- if (hid->state == bt_state_suspend) {
- hid->state = bt_state_ready;
- }
-
- if (bt_hid_in(hid) > 0)
- /* TODO: when in boot-mode precede any Input reports with the ReportID
- * byte, here and in GetReport/SetReport on the Control channel. */
- bt_hid_send_data(hid->interrupt, BT_DATA_INPUT,
- hid->datain.buffer, hid->datain.len);
-}
-
-static void bt_hid_interrupt_sdu(void *opaque, const uint8_t *data, int len)
-{
- struct bt_hid_device_s *hid = opaque;
-
- if (len > BT_HID_MTU || len < 1)
- goto bad;
- if ((data[0] & 3) != BT_DATA_OUTPUT)
- goto bad;
- if ((data[0] >> 4) == BT_DATA) {
- if (hid->intr_state)
- goto bad;
-
- hid->data_type = BT_DATA_OUTPUT;
- hid->intrdataout.len = 0;
- } else if ((data[0] >> 4) == BT_DATC) {
- if (!hid->intr_state)
- goto bad;
- } else
- goto bad;
-
- memcpy(hid->intrdataout.buffer + hid->intrdataout.len, data + 1, len - 1);
- hid->intrdataout.len += len - 1;
- hid->intr_state = (len == BT_HID_MTU);
- if (!hid->intr_state) {
- memcpy(hid->dataout.buffer, hid->intrdataout.buffer,
- hid->dataout.len = hid->intrdataout.len);
- bt_hid_out(hid);
- }
-
- return;
-bad:
- fprintf(stderr, "%s: bad transaction on Interrupt channel.\n",
- __FUNCTION__);
-}
-
-/* "Virtual cable" plug/unplug event. */
-static void bt_hid_connected_update(struct bt_hid_device_s *hid)
-{
- int prev = hid->connected;
-
- hid->connected = hid->control && hid->interrupt;
-
- /* Stop page-/inquiry-scanning when a host is connected. */
- hid->btdev.device.page_scan = !hid->connected;
- hid->btdev.device.inquiry_scan = !hid->connected;
-
- if (hid->connected && !prev) {
- hid_reset(&hid->hid);
- hid->proto = BT_HID_PROTO_REPORT;
- }
-
- /* Should set HIDVirtualCable in SDP (possibly need to check that SDP
- * isn't destroyed yet, in case we're being called from handle_destroy) */
-}
-
-static void bt_hid_close_control(void *opaque)
-{
- struct bt_hid_device_s *hid = opaque;
-
- hid->control = NULL;
- bt_hid_connected_update(hid);
-}
-
-static void bt_hid_close_interrupt(void *opaque)
-{
- struct bt_hid_device_s *hid = opaque;
-
- hid->interrupt = NULL;
- bt_hid_connected_update(hid);
-}
-
-static int bt_hid_new_control_ch(struct bt_l2cap_device_s *dev,
- struct bt_l2cap_conn_params_s *params)
-{
- struct bt_hid_device_s *hid = (struct bt_hid_device_s *) dev;
-
- if (hid->control)
- return 1;
-
- hid->control = params;
- hid->control->opaque = hid;
- hid->control->close = bt_hid_close_control;
- hid->control->sdu_in = bt_hid_control_sdu;
-
- bt_hid_connected_update(hid);
-
- return 0;
-}
-
-static int bt_hid_new_interrupt_ch(struct bt_l2cap_device_s *dev,
- struct bt_l2cap_conn_params_s *params)
-{
- struct bt_hid_device_s *hid = (struct bt_hid_device_s *) dev;
-
- if (hid->interrupt)
- return 1;
-
- hid->interrupt = params;
- hid->interrupt->opaque = hid;
- hid->interrupt->close = bt_hid_close_interrupt;
- hid->interrupt->sdu_in = bt_hid_interrupt_sdu;
-
- bt_hid_connected_update(hid);
-
- return 0;
-}
-
-static void bt_hid_destroy(struct bt_device_s *dev)
-{
- struct bt_hid_device_s *hid = (struct bt_hid_device_s *) dev;
-
- if (hid->connected)
- bt_hid_send_control(hid, BT_HC_VIRTUAL_CABLE_UNPLUG);
- bt_l2cap_device_done(&hid->btdev);
-
- hid_free(&hid->hid);
-
- g_free(hid);
-}
-
-enum peripheral_minor_class {
- class_other = 0 << 4,
- class_keyboard = 1 << 4,
- class_pointing = 2 << 4,
- class_combo = 3 << 4,
-};
-
-static struct bt_device_s *bt_hid_init(struct bt_scatternet_s *net,
- enum peripheral_minor_class minor)
-{
- struct bt_hid_device_s *s = g_malloc0(sizeof(*s));
- uint32_t class =
- /* Format type */
- (0 << 0) |
- /* Device class */
- (minor << 2) |
- (5 << 8) | /* "Peripheral" */
- /* Service classes */
- (1 << 13) | /* Limited discoverable mode */
- (1 << 19); /* Capturing device (?) */
-
- bt_l2cap_device_init(&s->btdev, net);
- bt_l2cap_sdp_init(&s->btdev);
- bt_l2cap_psm_register(&s->btdev, BT_PSM_HID_CTRL,
- BT_HID_MTU, bt_hid_new_control_ch);
- bt_l2cap_psm_register(&s->btdev, BT_PSM_HID_INTR,
- BT_HID_MTU, bt_hid_new_interrupt_ch);
-
- hid_init(&s->hid, HID_KEYBOARD, bt_hid_datain);
- s->btdev.device.lmp_name = "BT Keyboard";
-
- s->btdev.device.handle_destroy = bt_hid_destroy;
-
- s->btdev.device.class[0] = (class >> 0) & 0xff;
- s->btdev.device.class[1] = (class >> 8) & 0xff;
- s->btdev.device.class[2] = (class >> 16) & 0xff;
-
- return &s->btdev.device;
-}
-
-struct bt_device_s *bt_keyboard_init(struct bt_scatternet_s *net)
-{
- return bt_hid_init(net, class_keyboard);
-}
diff --git a/hw/bt-l2cap.c b/hw/bt-l2cap.c
deleted file mode 100644
index cb43ee773..000000000
--- a/hw/bt-l2cap.c
+++ /dev/null
@@ -1,1365 +0,0 @@
-/*
- * QEMU Bluetooth L2CAP logic.
- *
- * Copyright (C) 2008 Andrzej Zaborowski <balrog@zabor.org>
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License as
- * published by the Free Software Foundation; either version 2 of
- * the License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, see <http://www.gnu.org/licenses/>.
- */
-
-#include "qemu-common.h"
-#include "qemu-timer.h"
-#include "bt.h"
-
-#define L2CAP_CID_MAX 0x100 /* Between 0x40 and 0x10000 */
-
-struct l2cap_instance_s {
- struct bt_link_s *link;
- struct bt_l2cap_device_s *dev;
- int role;
-
- uint8_t frame_in[65535 + L2CAP_HDR_SIZE] __attribute__ ((aligned (4)));
- int frame_in_len;
-
- uint8_t frame_out[65535 + L2CAP_HDR_SIZE] __attribute__ ((aligned (4)));
- int frame_out_len;
-
- /* Signalling channel timers. They exist per-request but we can make
- * sure we have no more than one outstanding request at any time. */
- QEMUTimer *rtx;
- QEMUTimer *ertx;
-
- int last_id;
- int next_id;
-
- struct l2cap_chan_s {
- struct bt_l2cap_conn_params_s params;
-
- void (*frame_in)(struct l2cap_chan_s *chan, uint16_t cid,
- const l2cap_hdr *hdr, int len);
- int mps;
- int min_mtu;
-
- struct l2cap_instance_s *l2cap;
-
- /* Only allocated channels */
- uint16_t remote_cid;
-#define L2CAP_CFG_INIT 2
-#define L2CAP_CFG_ACC 1
- int config_req_id; /* TODO: handle outgoing requests generically */
- int config;
-
- /* Only connection-oriented channels. Note: if we allow the tx and
- * rx traffic to be in different modes at any time, we need two. */
- int mode;
-
- /* Only flow-controlled, connection-oriented channels */
- uint8_t sdu[65536]; /* TODO: dynamically allocate */
- int len_cur, len_total;
- int rexmit;
- int monitor_timeout;
- QEMUTimer *monitor_timer;
- QEMUTimer *retransmission_timer;
- } *cid[L2CAP_CID_MAX];
- /* The channel state machine states map as following:
- * CLOSED -> !cid[N]
- * WAIT_CONNECT -> never occurs
- * WAIT_CONNECT_RSP -> never occurs
- * CONFIG -> cid[N] && config < 3
- * WAIT_CONFIG -> never occurs, cid[N] && config == 0 && !config_r
- * WAIT_SEND_CONFIG -> never occurs, cid[N] && config == 1 && !config_r
- * WAIT_CONFIG_REQ_RSP -> cid[N] && config == 0 && config_req_id
- * WAIT_CONFIG_RSP -> cid[N] && config == 1 && config_req_id
- * WAIT_CONFIG_REQ -> cid[N] && config == 2
- * OPEN -> cid[N] && config == 3
- * WAIT_DISCONNECT -> never occurs
- */
-
- struct l2cap_chan_s signalling_ch;
- struct l2cap_chan_s group_ch;
-};
-
-struct slave_l2cap_instance_s {
- struct bt_link_s link; /* Underlying logical link (ACL) */
- struct l2cap_instance_s l2cap;
-};
-
-struct bt_l2cap_psm_s {
- int psm;
- int min_mtu;
- int (*new_channel)(struct bt_l2cap_device_s *device,
- struct bt_l2cap_conn_params_s *params);
- struct bt_l2cap_psm_s *next;
-};
-
-static const uint16_t l2cap_fcs16_table[256] = {
- 0x0000, 0xc0c1, 0xc181, 0x0140, 0xc301, 0x03c0, 0x0280, 0xc241,
- 0xc601, 0x06c0, 0x0780, 0xc741, 0x0500, 0xc5c1, 0xc481, 0x0440,
- 0xcc01, 0x0cc0, 0x0d80, 0xcd41, 0x0f00, 0xcfc1, 0xce81, 0x0e40,
- 0x0a00, 0xcac1, 0xcb81, 0x0b40, 0xc901, 0x09c0, 0x0880, 0xc841,
- 0xd801, 0x18c0, 0x1980, 0xd941, 0x1b00, 0xdbc1, 0xda81, 0x1a40,
- 0x1e00, 0xdec1, 0xdf81, 0x1f40, 0xdd01, 0x1dc0, 0x1c80, 0xdc41,
- 0x1400, 0xd4c1, 0xd581, 0x1540, 0xd701, 0x17c0, 0x1680, 0xd641,
- 0xd201, 0x12c0, 0x1380, 0xd341, 0x1100, 0xd1c1, 0xd081, 0x1040,
- 0xf001, 0x30c0, 0x3180, 0xf141, 0x3300, 0xf3c1, 0xf281, 0x3240,
- 0x3600, 0xf6c1, 0xf781, 0x3740, 0xf501, 0x35c0, 0x3480, 0xf441,
- 0x3c00, 0xfcc1, 0xfd81, 0x3d40, 0xff01, 0x3fc0, 0x3e80, 0xfe41,
- 0xfa01, 0x3ac0, 0x3b80, 0xfb41, 0x3900, 0xf9c1, 0xf881, 0x3840,
- 0x2800, 0xe8c1, 0xe981, 0x2940, 0xeb01, 0x2bc0, 0x2a80, 0xea41,
- 0xee01, 0x2ec0, 0x2f80, 0xef41, 0x2d00, 0xedc1, 0xec81, 0x2c40,
- 0xe401, 0x24c0, 0x2580, 0xe541, 0x2700, 0xe7c1, 0xe681, 0x2640,
- 0x2200, 0xe2c1, 0xe381, 0x2340, 0xe101, 0x21c0, 0x2080, 0xe041,
- 0xa001, 0x60c0, 0x6180, 0xa141, 0x6300, 0xa3c1, 0xa281, 0x6240,
- 0x6600, 0xa6c1, 0xa781, 0x6740, 0xa501, 0x65c0, 0x6480, 0xa441,
- 0x6c00, 0xacc1, 0xad81, 0x6d40, 0xaf01, 0x6fc0, 0x6e80, 0xae41,
- 0xaa01, 0x6ac0, 0x6b80, 0xab41, 0x6900, 0xa9c1, 0xa881, 0x6840,
- 0x7800, 0xb8c1, 0xb981, 0x7940, 0xbb01, 0x7bc0, 0x7a80, 0xba41,
- 0xbe01, 0x7ec0, 0x7f80, 0xbf41, 0x7d00, 0xbdc1, 0xbc81, 0x7c40,
- 0xb401, 0x74c0, 0x7580, 0xb541, 0x7700, 0xb7c1, 0xb681, 0x7640,
- 0x7200, 0xb2c1, 0xb381, 0x7340, 0xb101, 0x71c0, 0x7080, 0xb041,
- 0x5000, 0x90c1, 0x9181, 0x5140, 0x9301, 0x53c0, 0x5280, 0x9241,
- 0x9601, 0x56c0, 0x5780, 0x9741, 0x5500, 0x95c1, 0x9481, 0x5440,
- 0x9c01, 0x5cc0, 0x5d80, 0x9d41, 0x5f00, 0x9fc1, 0x9e81, 0x5e40,
- 0x5a00, 0x9ac1, 0x9b81, 0x5b40, 0x9901, 0x59c0, 0x5880, 0x9841,
- 0x8801, 0x48c0, 0x4980, 0x8941, 0x4b00, 0x8bc1, 0x8a81, 0x4a40,
- 0x4e00, 0x8ec1, 0x8f81, 0x4f40, 0x8d01, 0x4dc0, 0x4c80, 0x8c41,
- 0x4400, 0x84c1, 0x8581, 0x4540, 0x8701, 0x47c0, 0x4680, 0x8641,
- 0x8201, 0x42c0, 0x4380, 0x8341, 0x4100, 0x81c1, 0x8081, 0x4040,
-};
-
-static uint16_t l2cap_fcs16(const uint8_t *message, int len)
-{
- uint16_t fcs = 0x0000;
-
- while (len --)
-#if 0
- {
- int i;
-
- fcs ^= *message ++;
- for (i = 8; i; -- i)
- if (fcs & 1)
- fcs = (fcs >> 1) ^ 0xa001;
- else
- fcs = (fcs >> 1);
- }
-#else
- fcs = (fcs >> 8) ^ l2cap_fcs16_table[(fcs ^ *message ++) & 0xff];
-#endif
-
- return fcs;
-}
-
-/* L2CAP layer logic (protocol) */
-
-static void l2cap_retransmission_timer_update(struct l2cap_chan_s *ch)
-{
-#if 0
- if (ch->mode != L2CAP_MODE_BASIC && ch->rexmit)
- qemu_mod_timer(ch->retransmission_timer);
- else
- qemu_del_timer(ch->retransmission_timer);
-#endif
-}
-
-static void l2cap_monitor_timer_update(struct l2cap_chan_s *ch)
-{
-#if 0
- if (ch->mode != L2CAP_MODE_BASIC && !ch->rexmit)
- qemu_mod_timer(ch->monitor_timer);
- else
- qemu_del_timer(ch->monitor_timer);
-#endif
-}
-
-static void l2cap_command_reject(struct l2cap_instance_s *l2cap, int id,
- uint16_t reason, const void *data, int plen)
-{
- uint8_t *pkt;
- l2cap_cmd_hdr *hdr;
- l2cap_cmd_rej *params;
- uint16_t len;
-
- reason = cpu_to_le16(reason);
- len = cpu_to_le16(L2CAP_CMD_REJ_SIZE + plen);
-
- pkt = l2cap->signalling_ch.params.sdu_out(&l2cap->signalling_ch.params,
- L2CAP_CMD_HDR_SIZE + L2CAP_CMD_REJ_SIZE + plen);
- hdr = (void *) (pkt + 0);
- params = (void *) (pkt + L2CAP_CMD_HDR_SIZE);
-
- hdr->code = L2CAP_COMMAND_REJ;
- hdr->ident = id;
- memcpy(&hdr->len, &len, sizeof(hdr->len));
- memcpy(&params->reason, &reason, sizeof(reason));
- if (plen)
- memcpy(pkt + L2CAP_CMD_HDR_SIZE + L2CAP_CMD_REJ_SIZE, data, plen);
-
- l2cap->signalling_ch.params.sdu_submit(&l2cap->signalling_ch.params);
-}
-
-static void l2cap_command_reject_cid(struct l2cap_instance_s *l2cap, int id,
- uint16_t reason, uint16_t dcid, uint16_t scid)
-{
- l2cap_cmd_rej_cid params = {
- .dcid = dcid,
- .scid = scid,
- };
-
- l2cap_command_reject(l2cap, id, reason, &params, L2CAP_CMD_REJ_CID_SIZE);
-}
-
-static void l2cap_connection_response(struct l2cap_instance_s *l2cap,
- int dcid, int scid, int result, int status)
-{
- uint8_t *pkt;
- l2cap_cmd_hdr *hdr;
- l2cap_conn_rsp *params;
-
- pkt = l2cap->signalling_ch.params.sdu_out(&l2cap->signalling_ch.params,
- L2CAP_CMD_HDR_SIZE + L2CAP_CONN_RSP_SIZE);
- hdr = (void *) (pkt + 0);
- params = (void *) (pkt + L2CAP_CMD_HDR_SIZE);
-
- hdr->code = L2CAP_CONN_RSP;
- hdr->ident = l2cap->last_id;
- hdr->len = cpu_to_le16(L2CAP_CONN_RSP_SIZE);
-
- params->dcid = cpu_to_le16(dcid);
- params->scid = cpu_to_le16(scid);
- params->result = cpu_to_le16(result);
- params->status = cpu_to_le16(status);
-
- l2cap->signalling_ch.params.sdu_submit(&l2cap->signalling_ch.params);
-}
-
-static void l2cap_configuration_request(struct l2cap_instance_s *l2cap,
- int dcid, int flag, const uint8_t *data, int len)
-{
- uint8_t *pkt;
- l2cap_cmd_hdr *hdr;
- l2cap_conf_req *params;
-
- pkt = l2cap->signalling_ch.params.sdu_out(&l2cap->signalling_ch.params,
- L2CAP_CMD_HDR_SIZE + L2CAP_CONF_REQ_SIZE(len));
- hdr = (void *) (pkt + 0);
- params = (void *) (pkt + L2CAP_CMD_HDR_SIZE);
-
- /* TODO: unify the id sequencing */
- l2cap->last_id = l2cap->next_id;
- l2cap->next_id = l2cap->next_id == 255 ? 1 : l2cap->next_id + 1;
-
- hdr->code = L2CAP_CONF_REQ;
- hdr->ident = l2cap->last_id;
- hdr->len = cpu_to_le16(L2CAP_CONF_REQ_SIZE(len));
-
- params->dcid = cpu_to_le16(dcid);
- params->flags = cpu_to_le16(flag);
- if (len)
- memcpy(params->data, data, len);
-
- l2cap->signalling_ch.params.sdu_submit(&l2cap->signalling_ch.params);
-}
-
-static void l2cap_configuration_response(struct l2cap_instance_s *l2cap,
- int scid, int flag, int result, const uint8_t *data, int len)
-{
- uint8_t *pkt;
- l2cap_cmd_hdr *hdr;
- l2cap_conf_rsp *params;
-
- pkt = l2cap->signalling_ch.params.sdu_out(&l2cap->signalling_ch.params,
- L2CAP_CMD_HDR_SIZE + L2CAP_CONF_RSP_SIZE(len));
- hdr = (void *) (pkt + 0);
- params = (void *) (pkt + L2CAP_CMD_HDR_SIZE);
-
- hdr->code = L2CAP_CONF_RSP;
- hdr->ident = l2cap->last_id;
- hdr->len = cpu_to_le16(L2CAP_CONF_RSP_SIZE(len));
-
- params->scid = cpu_to_le16(scid);
- params->flags = cpu_to_le16(flag);
- params->result = cpu_to_le16(result);
- if (len)
- memcpy(params->data, data, len);
-
- l2cap->signalling_ch.params.sdu_submit(&l2cap->signalling_ch.params);
-}
-
-static void l2cap_disconnection_response(struct l2cap_instance_s *l2cap,
- int dcid, int scid)
-{
- uint8_t *pkt;
- l2cap_cmd_hdr *hdr;
- l2cap_disconn_rsp *params;
-
- pkt = l2cap->signalling_ch.params.sdu_out(&l2cap->signalling_ch.params,
- L2CAP_CMD_HDR_SIZE + L2CAP_DISCONN_RSP_SIZE);
- hdr = (void *) (pkt + 0);
- params = (void *) (pkt + L2CAP_CMD_HDR_SIZE);
-
- hdr->code = L2CAP_DISCONN_RSP;
- hdr->ident = l2cap->last_id;
- hdr->len = cpu_to_le16(L2CAP_DISCONN_RSP_SIZE);
-
- params->dcid = cpu_to_le16(dcid);
- params->scid = cpu_to_le16(scid);
-
- l2cap->signalling_ch.params.sdu_submit(&l2cap->signalling_ch.params);
-}
-
-static void l2cap_echo_response(struct l2cap_instance_s *l2cap,
- const uint8_t *data, int len)
-{
- uint8_t *pkt;
- l2cap_cmd_hdr *hdr;
- uint8_t *params;
-
- pkt = l2cap->signalling_ch.params.sdu_out(&l2cap->signalling_ch.params,
- L2CAP_CMD_HDR_SIZE + len);
- hdr = (void *) (pkt + 0);
- params = (void *) (pkt + L2CAP_CMD_HDR_SIZE);
-
- hdr->code = L2CAP_ECHO_RSP;
- hdr->ident = l2cap->last_id;
- hdr->len = cpu_to_le16(len);
-
- memcpy(params, data, len);
-
- l2cap->signalling_ch.params.sdu_submit(&l2cap->signalling_ch.params);
-}
-
-static void l2cap_info_response(struct l2cap_instance_s *l2cap, int type,
- int result, const uint8_t *data, int len)
-{
- uint8_t *pkt;
- l2cap_cmd_hdr *hdr;
- l2cap_info_rsp *params;
-
- pkt = l2cap->signalling_ch.params.sdu_out(&l2cap->signalling_ch.params,
- L2CAP_CMD_HDR_SIZE + L2CAP_INFO_RSP_SIZE + len);
- hdr = (void *) (pkt + 0);
- params = (void *) (pkt + L2CAP_CMD_HDR_SIZE);
-
- hdr->code = L2CAP_INFO_RSP;
- hdr->ident = l2cap->last_id;
- hdr->len = cpu_to_le16(L2CAP_INFO_RSP_SIZE + len);
-
- params->type = cpu_to_le16(type);
- params->result = cpu_to_le16(result);
- if (len)
- memcpy(params->data, data, len);
-
- l2cap->signalling_ch.params.sdu_submit(&l2cap->signalling_ch.params);
-}
-
-static uint8_t *l2cap_bframe_out(struct bt_l2cap_conn_params_s *parm, int len);
-static void l2cap_bframe_submit(struct bt_l2cap_conn_params_s *parms);
-#if 0
-static uint8_t *l2cap_iframe_out(struct bt_l2cap_conn_params_s *parm, int len);
-static void l2cap_iframe_submit(struct bt_l2cap_conn_params_s *parm);
-#endif
-static void l2cap_bframe_in(struct l2cap_chan_s *ch, uint16_t cid,
- const l2cap_hdr *hdr, int len);
-static void l2cap_iframe_in(struct l2cap_chan_s *ch, uint16_t cid,
- const l2cap_hdr *hdr, int len);
-
-static int l2cap_cid_new(struct l2cap_instance_s *l2cap)
-{
- int i;
-
- for (i = L2CAP_CID_ALLOC; i < L2CAP_CID_MAX; i ++)
- if (!l2cap->cid[i])
- return i;
-
- return L2CAP_CID_INVALID;
-}
-
-static inline struct bt_l2cap_psm_s *l2cap_psm(
- struct bt_l2cap_device_s *device, int psm)
-{
- struct bt_l2cap_psm_s *ret = device->first_psm;
-
- while (ret && ret->psm != psm)
- ret = ret->next;
-
- return ret;
-}
-
-static struct l2cap_chan_s *l2cap_channel_open(struct l2cap_instance_s *l2cap,
- int psm, int source_cid)
-{
- struct l2cap_chan_s *ch = NULL;
- struct bt_l2cap_psm_s *psm_info;
- int result, status;
- int cid = l2cap_cid_new(l2cap);
-
- if (cid) {
- /* See what the channel is to be used for.. */
- psm_info = l2cap_psm(l2cap->dev, psm);
-
- if (psm_info) {
- /* Device supports this use-case. */
- ch = g_malloc0(sizeof(*ch));
- ch->params.sdu_out = l2cap_bframe_out;
- ch->params.sdu_submit = l2cap_bframe_submit;
- ch->frame_in = l2cap_bframe_in;
- ch->mps = 65536;
- ch->min_mtu = MAX(48, psm_info->min_mtu);
- ch->params.remote_mtu = MAX(672, ch->min_mtu);
- ch->remote_cid = source_cid;
- ch->mode = L2CAP_MODE_BASIC;
- ch->l2cap = l2cap;
-
- /* Does it feel like opening yet another channel though? */
- if (!psm_info->new_channel(l2cap->dev, &ch->params)) {
- l2cap->cid[cid] = ch;
-
- result = L2CAP_CR_SUCCESS;
- status = L2CAP_CS_NO_INFO;
- } else {
- g_free(ch);
-
- result = L2CAP_CR_NO_MEM;
- status = L2CAP_CS_NO_INFO;
- }
- } else {
- result = L2CAP_CR_BAD_PSM;
- status = L2CAP_CS_NO_INFO;
- }
- } else {
- result = L2CAP_CR_NO_MEM;
- status = L2CAP_CS_NO_INFO;
- }
-
- l2cap_connection_response(l2cap, cid, source_cid, result, status);
-
- return ch;
-}
-
-static void l2cap_channel_close(struct l2cap_instance_s *l2cap,
- int cid, int source_cid)
-{
- struct l2cap_chan_s *ch = NULL;
-
- /* According to Volume 3, section 6.1.1, pg 1048 of BT Core V2.0, a
- * connection in CLOSED state still responds with a L2CAP_DisconnectRsp
- * message on an L2CAP_DisconnectReq event. */
- if (unlikely(cid < L2CAP_CID_ALLOC)) {
- l2cap_command_reject_cid(l2cap, l2cap->last_id, L2CAP_REJ_CID_INVAL,
- cid, source_cid);
- return;
- }
- if (likely(cid >= L2CAP_CID_ALLOC && cid < L2CAP_CID_MAX))
- ch = l2cap->cid[cid];
-
- if (likely(ch)) {
- if (ch->remote_cid != source_cid) {
- fprintf(stderr, "%s: Ignoring a Disconnection Request with the "
- "invalid SCID %04x.\n", __FUNCTION__, source_cid);
- return;
- }
-
- l2cap->cid[cid] = NULL;
-
- ch->params.close(ch->params.opaque);
- g_free(ch);
- }
-
- l2cap_disconnection_response(l2cap, cid, source_cid);
-}
-
-static void l2cap_channel_config_null(struct l2cap_instance_s *l2cap,
- struct l2cap_chan_s *ch)
-{
- l2cap_configuration_request(l2cap, ch->remote_cid, 0, NULL, 0);
- ch->config_req_id = l2cap->last_id;
- ch->config &= ~L2CAP_CFG_INIT;
-}
-
-static void l2cap_channel_config_req_event(struct l2cap_instance_s *l2cap,
- struct l2cap_chan_s *ch)
-{
- /* Use all default channel options and terminate negotiation. */
- l2cap_channel_config_null(l2cap, ch);
-}
-
-static int l2cap_channel_config(struct l2cap_instance_s *l2cap,
- struct l2cap_chan_s *ch, int flag,
- const uint8_t *data, int len)
-{
- l2cap_conf_opt *opt;
- l2cap_conf_opt_qos *qos;
- uint32_t val;
- uint8_t rsp[len];
- int result = L2CAP_CONF_SUCCESS;
-
- data = memcpy(rsp, data, len);
- while (len) {
- opt = (void *) data;
-
- if (len < L2CAP_CONF_OPT_SIZE ||
- len < L2CAP_CONF_OPT_SIZE + opt->len) {
- result = L2CAP_CONF_REJECT;
- break;
- }
- data += L2CAP_CONF_OPT_SIZE + opt->len;
- len -= L2CAP_CONF_OPT_SIZE + opt->len;
-
- switch (opt->type & 0x7f) {
- case L2CAP_CONF_MTU:
- if (opt->len != 2) {
- result = L2CAP_CONF_REJECT;
- break;
- }
-
- /* MTU */
- val = le16_to_cpup((void *) opt->val);
- if (val < ch->min_mtu) {
- cpu_to_le16w((void *) opt->val, ch->min_mtu);
- result = L2CAP_CONF_UNACCEPT;
- break;
- }
-
- ch->params.remote_mtu = val;
- break;
-
- case L2CAP_CONF_FLUSH_TO:
- if (opt->len != 2) {
- result = L2CAP_CONF_REJECT;
- break;
- }
-
- /* Flush Timeout */
- val = le16_to_cpup((void *) opt->val);
- if (val < 0x0001) {
- opt->val[0] = 0xff;
- opt->val[1] = 0xff;
- result = L2CAP_CONF_UNACCEPT;
- break;
- }
- break;
-
- case L2CAP_CONF_QOS:
- if (opt->len != L2CAP_CONF_OPT_QOS_SIZE) {
- result = L2CAP_CONF_REJECT;
- break;
- }
- qos = (void *) opt->val;
-
- /* Flags */
- val = qos->flags;
- if (val) {
- qos->flags = 0;
- result = L2CAP_CONF_UNACCEPT;
- }
-
- /* Service type */
- val = qos->service_type;
- if (val != L2CAP_CONF_QOS_BEST_EFFORT &&
- val != L2CAP_CONF_QOS_NO_TRAFFIC) {
- qos->service_type = L2CAP_CONF_QOS_BEST_EFFORT;
- result = L2CAP_CONF_UNACCEPT;
- }
-
- if (val != L2CAP_CONF_QOS_NO_TRAFFIC) {
- /* XXX: These values should possibly be calculated
- * based on LM / baseband properties also. */
-
- /* Token rate */
- val = le32_to_cpu(qos->token_rate);
- if (val == L2CAP_CONF_QOS_WILDCARD)
- qos->token_rate = cpu_to_le32(0x100000);
-
- /* Token bucket size */
- val = le32_to_cpu(qos->token_bucket_size);
- if (val == L2CAP_CONF_QOS_WILDCARD)
- qos->token_bucket_size = cpu_to_le32(65500);
-
- /* Any Peak bandwidth value is correct to return as-is */
- /* Any Access latency value is correct to return as-is */
- /* Any Delay variation value is correct to return as-is */
- }
- break;
-
- case L2CAP_CONF_RFC:
- if (opt->len != 9) {
- result = L2CAP_CONF_REJECT;
- break;
- }
-
- /* Mode */
- val = opt->val[0];
- switch (val) {
- case L2CAP_MODE_BASIC:
- ch->mode = val;
- ch->frame_in = l2cap_bframe_in;
-
- /* All other parameters shall be ignored */
- break;
-
- case L2CAP_MODE_RETRANS:
- case L2CAP_MODE_FLOWCTL:
- ch->mode = val;
- ch->frame_in = l2cap_iframe_in;
- /* Note: most of these parameters refer to incoming traffic
- * so we don't need to save them as long as we can accept
- * incoming PDUs at any values of the parameters. */
-
- /* TxWindow size */
- val = opt->val[1];
- if (val < 1 || val > 32) {
- opt->val[1] = 32;
- result = L2CAP_CONF_UNACCEPT;
- break;
- }
-
- /* MaxTransmit */
- val = opt->val[2];
- if (val < 1) {
- opt->val[2] = 1;
- result = L2CAP_CONF_UNACCEPT;
- break;
- }
-
- /* Remote Retransmission time-out shouldn't affect local
- * operation (?) */
-
- /* The Monitor time-out drives the local Monitor timer (?),
- * so save the value. */
- val = (opt->val[6] << 8) | opt->val[5];
- if (val < 30) {
- opt->val[5] = 100 & 0xff;
- opt->val[6] = 100 >> 8;
- result = L2CAP_CONF_UNACCEPT;
- break;
- }
- ch->monitor_timeout = val;
- l2cap_monitor_timer_update(ch);
-
- /* MPS */
- val = (opt->val[8] << 8) | opt->val[7];
- if (val < ch->min_mtu) {
- opt->val[7] = ch->min_mtu & 0xff;
- opt->val[8] = ch->min_mtu >> 8;
- result = L2CAP_CONF_UNACCEPT;
- break;
- }
- ch->mps = val;
- break;
-
- default:
- result = L2CAP_CONF_UNACCEPT;
- break;
- }
- break;
-
- default:
- if (!(opt->type >> 7))
- result = L2CAP_CONF_UNKNOWN;
- break;
- }
-
- if (result != L2CAP_CONF_SUCCESS)
- break; /* XXX: should continue? */
- }
-
- l2cap_configuration_response(l2cap, ch->remote_cid,
- flag, result, rsp, len);
-
- return result == L2CAP_CONF_SUCCESS && !flag;
-}
-
-static void l2cap_channel_config_req_msg(struct l2cap_instance_s *l2cap,
- int flag, int cid, const uint8_t *data, int len)
-{
- struct l2cap_chan_s *ch;
-
- if (unlikely(cid >= L2CAP_CID_MAX || !l2cap->cid[cid])) {
- l2cap_command_reject_cid(l2cap, l2cap->last_id, L2CAP_REJ_CID_INVAL,
- cid, 0x0000);
- return;
- }
- ch = l2cap->cid[cid];
-
- /* From OPEN go to WAIT_CONFIG_REQ and from WAIT_CONFIG_REQ_RSP to
- * WAIT_CONFIG_REQ_RSP. This is assuming the transition chart for OPEN
- * on pg 1053, section 6.1.5, volume 3 of BT Core V2.0 has a mistake
- * and on options-acceptable we go back to OPEN and otherwise to
- * WAIT_CONFIG_REQ and not the other way. */
- ch->config &= ~L2CAP_CFG_ACC;
-
- if (l2cap_channel_config(l2cap, ch, flag, data, len))
- /* Go to OPEN or WAIT_CONFIG_RSP */
- ch->config |= L2CAP_CFG_ACC;
-
- /* TODO: if the incoming traffic flow control or retransmission mode
- * changed then we probably need to also generate the
- * ConfigureChannel_Req event and set the outgoing traffic to the same
- * mode. */
- if (!(ch->config & L2CAP_CFG_INIT) && (ch->config & L2CAP_CFG_ACC) &&
- !ch->config_req_id)
- l2cap_channel_config_req_event(l2cap, ch);
-}
-
-static int l2cap_channel_config_rsp_msg(struct l2cap_instance_s *l2cap,
- int result, int flag, int cid, const uint8_t *data, int len)
-{
- struct l2cap_chan_s *ch;
-
- if (unlikely(cid >= L2CAP_CID_MAX || !l2cap->cid[cid])) {
- l2cap_command_reject_cid(l2cap, l2cap->last_id, L2CAP_REJ_CID_INVAL,
- cid, 0x0000);
- return 0;
- }
- ch = l2cap->cid[cid];
-
- if (ch->config_req_id != l2cap->last_id)
- return 1;
- ch->config_req_id = 0;
-
- if (result == L2CAP_CONF_SUCCESS) {
- if (!flag)
- ch->config |= L2CAP_CFG_INIT;
- else
- l2cap_channel_config_null(l2cap, ch);
- } else
- /* Retry until we succeed */
- l2cap_channel_config_req_event(l2cap, ch);
-
- return 0;
-}
-
-static void l2cap_channel_open_req_msg(struct l2cap_instance_s *l2cap,
- int psm, int source_cid)
-{
- struct l2cap_chan_s *ch = l2cap_channel_open(l2cap, psm, source_cid);
-
- if (!ch)
- return;
-
- /* Optional */
- if (!(ch->config & L2CAP_CFG_INIT) && !ch->config_req_id)
- l2cap_channel_config_req_event(l2cap, ch);
-}
-
-static void l2cap_info(struct l2cap_instance_s *l2cap, int type)
-{
- uint8_t data[4];
- int len = 0;
- int result = L2CAP_IR_SUCCESS;
-
- switch (type) {
- case L2CAP_IT_CL_MTU:
- data[len ++] = l2cap->group_ch.mps & 0xff;
- data[len ++] = l2cap->group_ch.mps >> 8;
- break;
-
- case L2CAP_IT_FEAT_MASK:
- /* (Prematurely) report Flow control and Retransmission modes. */
- data[len ++] = 0x03;
- data[len ++] = 0x00;
- data[len ++] = 0x00;
- data[len ++] = 0x00;
- break;
-
- default:
- result = L2CAP_IR_NOTSUPP;
- }
-
- l2cap_info_response(l2cap, type, result, data, len);
-}
-
-static void l2cap_command(struct l2cap_instance_s *l2cap, int code, int id,
- const uint8_t *params, int len)
-{
- int err;
-
-#if 0
- /* TODO: do the IDs really have to be in sequence? */
- if (!id || (id != l2cap->last_id && id != l2cap->next_id)) {
- fprintf(stderr, "%s: out of sequence command packet ignored.\n",
- __FUNCTION__);
- return;
- }
-#else
- l2cap->next_id = id;
-#endif
- if (id == l2cap->next_id) {
- l2cap->last_id = l2cap->next_id;
- l2cap->next_id = l2cap->next_id == 255 ? 1 : l2cap->next_id + 1;
- } else {
- /* TODO: Need to re-send the same response, without re-executing
- * the corresponding command! */
- }
-
- switch (code) {
- case L2CAP_COMMAND_REJ:
- if (unlikely(len != 2 && len != 4 && len != 6)) {
- err = L2CAP_REJ_CMD_NOT_UNDERSTOOD;
- goto reject;
- }
-
- /* We never issue commands other than Command Reject currently. */
- fprintf(stderr, "%s: stray Command Reject (%02x, %04x) "
- "packet, ignoring.\n", __FUNCTION__, id,
- le16_to_cpu(((l2cap_cmd_rej *) params)->reason));
- break;
-
- case L2CAP_CONN_REQ:
- if (unlikely(len != L2CAP_CONN_REQ_SIZE)) {
- err = L2CAP_REJ_CMD_NOT_UNDERSTOOD;
- goto reject;
- }
-
- l2cap_channel_open_req_msg(l2cap,
- le16_to_cpu(((l2cap_conn_req *) params)->psm),
- le16_to_cpu(((l2cap_conn_req *) params)->scid));
- break;
-
- case L2CAP_CONN_RSP:
- if (unlikely(len != L2CAP_CONN_RSP_SIZE)) {
- err = L2CAP_REJ_CMD_NOT_UNDERSTOOD;
- goto reject;
- }
-
- /* We never issue Connection Requests currently. TODO */
- fprintf(stderr, "%s: unexpected Connection Response (%02x) "
- "packet, ignoring.\n", __FUNCTION__, id);
- break;
-
- case L2CAP_CONF_REQ:
- if (unlikely(len < L2CAP_CONF_REQ_SIZE(0))) {
- err = L2CAP_REJ_CMD_NOT_UNDERSTOOD;
- goto reject;
- }
-
- l2cap_channel_config_req_msg(l2cap,
- le16_to_cpu(((l2cap_conf_req *) params)->flags) & 1,
- le16_to_cpu(((l2cap_conf_req *) params)->dcid),
- ((l2cap_conf_req *) params)->data,
- len - L2CAP_CONF_REQ_SIZE(0));
- break;
-
- case L2CAP_CONF_RSP:
- if (unlikely(len < L2CAP_CONF_RSP_SIZE(0))) {
- err = L2CAP_REJ_CMD_NOT_UNDERSTOOD;
- goto reject;
- }
-
- if (l2cap_channel_config_rsp_msg(l2cap,
- le16_to_cpu(((l2cap_conf_rsp *) params)->result),
- le16_to_cpu(((l2cap_conf_rsp *) params)->flags) & 1,
- le16_to_cpu(((l2cap_conf_rsp *) params)->scid),
- ((l2cap_conf_rsp *) params)->data,
- len - L2CAP_CONF_RSP_SIZE(0)))
- fprintf(stderr, "%s: unexpected Configure Response (%02x) "
- "packet, ignoring.\n", __FUNCTION__, id);
- break;
-
- case L2CAP_DISCONN_REQ:
- if (unlikely(len != L2CAP_DISCONN_REQ_SIZE)) {
- err = L2CAP_REJ_CMD_NOT_UNDERSTOOD;
- goto reject;
- }
-
- l2cap_channel_close(l2cap,
- le16_to_cpu(((l2cap_disconn_req *) params)->dcid),
- le16_to_cpu(((l2cap_disconn_req *) params)->scid));
- break;
-
- case L2CAP_DISCONN_RSP:
- if (unlikely(len != L2CAP_DISCONN_RSP_SIZE)) {
- err = L2CAP_REJ_CMD_NOT_UNDERSTOOD;
- goto reject;
- }
-
- /* We never issue Disconnection Requests currently. TODO */
- fprintf(stderr, "%s: unexpected Disconnection Response (%02x) "
- "packet, ignoring.\n", __FUNCTION__, id);
- break;
-
- case L2CAP_ECHO_REQ:
- l2cap_echo_response(l2cap, params, len);
- break;
-
- case L2CAP_ECHO_RSP:
- /* We never issue Echo Requests currently. TODO */
- fprintf(stderr, "%s: unexpected Echo Response (%02x) "
- "packet, ignoring.\n", __FUNCTION__, id);
- break;
-
- case L2CAP_INFO_REQ:
- if (unlikely(len != L2CAP_INFO_REQ_SIZE)) {
- err = L2CAP_REJ_CMD_NOT_UNDERSTOOD;
- goto reject;
- }
-
- l2cap_info(l2cap, le16_to_cpu(((l2cap_info_req *) params)->type));
- break;
-
- case L2CAP_INFO_RSP:
- if (unlikely(len != L2CAP_INFO_RSP_SIZE)) {
- err = L2CAP_REJ_CMD_NOT_UNDERSTOOD;
- goto reject;
- }
-
- /* We never issue Information Requests currently. TODO */
- fprintf(stderr, "%s: unexpected Information Response (%02x) "
- "packet, ignoring.\n", __FUNCTION__, id);
- break;
-
- default:
- err = L2CAP_REJ_CMD_NOT_UNDERSTOOD;
- reject:
- l2cap_command_reject(l2cap, id, err, 0, 0);
- break;
- }
-}
-
-static void l2cap_rexmit_enable(struct l2cap_chan_s *ch, int enable)
-{
- ch->rexmit = enable;
-
- l2cap_retransmission_timer_update(ch);
- l2cap_monitor_timer_update(ch);
-}
-
-/* Command frame SDU */
-static void l2cap_cframe_in(void *opaque, const uint8_t *data, int len)
-{
- struct l2cap_instance_s *l2cap = opaque;
- const l2cap_cmd_hdr *hdr;
- int clen;
-
- while (len) {
- hdr = (void *) data;
- if (len < L2CAP_CMD_HDR_SIZE)
- /* TODO: signal an error */
- return;
- len -= L2CAP_CMD_HDR_SIZE;
- data += L2CAP_CMD_HDR_SIZE;
-
- clen = le16_to_cpu(hdr->len);
- if (len < clen) {
- l2cap_command_reject(l2cap, hdr->ident,
- L2CAP_REJ_CMD_NOT_UNDERSTOOD, 0, 0);
- break;
- }
-
- l2cap_command(l2cap, hdr->code, hdr->ident, data, clen);
- len -= clen;
- data += clen;
- }
-}
-
-/* Group frame SDU */
-static void l2cap_gframe_in(void *opaque, const uint8_t *data, int len)
-{
-}
-
-/* Supervisory frame */
-static void l2cap_sframe_in(struct l2cap_chan_s *ch, uint16_t ctrl)
-{
-}
-
-/* Basic L2CAP mode Information frame */
-static void l2cap_bframe_in(struct l2cap_chan_s *ch, uint16_t cid,
- const l2cap_hdr *hdr, int len)
-{
- /* We have a full SDU, no further processing */
- ch->params.sdu_in(ch->params.opaque, hdr->data, len);
-}
-
-/* Flow Control and Retransmission mode frame */
-static void l2cap_iframe_in(struct l2cap_chan_s *ch, uint16_t cid,
- const l2cap_hdr *hdr, int len)
-{
- uint16_t fcs = le16_to_cpup((void *) (hdr->data + len - 2));
-
- if (len < 4)
- goto len_error;
- if (l2cap_fcs16((const uint8_t *) hdr, L2CAP_HDR_SIZE + len - 2) != fcs)
- goto fcs_error;
-
- if ((hdr->data[0] >> 7) == ch->rexmit)
- l2cap_rexmit_enable(ch, !(hdr->data[0] >> 7));
-
- if (hdr->data[0] & 1) {
- if (len != 4) {
- /* TODO: Signal an error? */
- return;
- }
- l2cap_sframe_in(ch, le16_to_cpup((void *) hdr->data));
- return;
- }
-
- switch (hdr->data[1] >> 6) { /* SAR */
- case L2CAP_SAR_NO_SEG:
- if (ch->len_total)
- goto seg_error;
- if (len - 4 > ch->mps)
- goto len_error;
-
- ch->params.sdu_in(ch->params.opaque, hdr->data + 2, len - 4);
- break;
-
- case L2CAP_SAR_START:
- if (ch->len_total || len < 6)
- goto seg_error;
- if (len - 6 > ch->mps)
- goto len_error;
-
- ch->len_total = le16_to_cpup((void *) (hdr->data + 2));
- if (len >= 6 + ch->len_total)
- goto seg_error;
-
- ch->len_cur = len - 6;
- memcpy(ch->sdu, hdr->data + 4, ch->len_cur);
- break;
-
- case L2CAP_SAR_END:
- if (!ch->len_total || ch->len_cur + len - 4 < ch->len_total)
- goto seg_error;
- if (len - 4 > ch->mps)
- goto len_error;
-
- memcpy(ch->sdu + ch->len_cur, hdr->data + 2, len - 4);
- ch->params.sdu_in(ch->params.opaque, ch->sdu, ch->len_total);
- break;
-
- case L2CAP_SAR_CONT:
- if (!ch->len_total || ch->len_cur + len - 4 >= ch->len_total)
- goto seg_error;
- if (len - 4 > ch->mps)
- goto len_error;
-
- memcpy(ch->sdu + ch->len_cur, hdr->data + 2, len - 4);
- ch->len_cur += len - 4;
- break;
-
- seg_error:
- len_error: /* TODO */
- fcs_error: /* TODO */
- ch->len_cur = 0;
- ch->len_total = 0;
- break;
- }
-}
-
-static void l2cap_frame_in(struct l2cap_instance_s *l2cap,
- const l2cap_hdr *frame)
-{
- uint16_t cid = le16_to_cpu(frame->cid);
- uint16_t len = le16_to_cpu(frame->len);
-
- if (unlikely(cid >= L2CAP_CID_MAX || !l2cap->cid[cid])) {
- fprintf(stderr, "%s: frame addressed to a non-existent L2CAP "
- "channel %04x received.\n", __FUNCTION__, cid);
- return;
- }
-
- l2cap->cid[cid]->frame_in(l2cap->cid[cid], cid, frame, len);
-}
-
-/* "Recombination" */
-static void l2cap_pdu_in(struct l2cap_instance_s *l2cap,
- const uint8_t *data, int len)
-{
- const l2cap_hdr *hdr = (void *) l2cap->frame_in;
-
- if (unlikely(len + l2cap->frame_in_len > sizeof(l2cap->frame_in))) {
- if (l2cap->frame_in_len < sizeof(l2cap->frame_in)) {
- memcpy(l2cap->frame_in + l2cap->frame_in_len, data,
- sizeof(l2cap->frame_in) - l2cap->frame_in_len);
- l2cap->frame_in_len = sizeof(l2cap->frame_in);
- /* TODO: truncate */
- l2cap_frame_in(l2cap, hdr);
- }
-
- return;
- }
-
- memcpy(l2cap->frame_in + l2cap->frame_in_len, data, len);
- l2cap->frame_in_len += len;
-
- if (len >= L2CAP_HDR_SIZE)
- if (len >= L2CAP_HDR_SIZE + le16_to_cpu(hdr->len))
- l2cap_frame_in(l2cap, hdr);
- /* There is never a start of a new PDU in the same ACL packet, so
- * no need to memmove the remaining payload and loop. */
-}
-
-static inline uint8_t *l2cap_pdu_out(struct l2cap_instance_s *l2cap,
- uint16_t cid, uint16_t len)
-{
- l2cap_hdr *hdr = (void *) l2cap->frame_out;
-
- l2cap->frame_out_len = len + L2CAP_HDR_SIZE;
-
- hdr->cid = cpu_to_le16(cid);
- hdr->len = cpu_to_le16(len);
-
- return l2cap->frame_out + L2CAP_HDR_SIZE;
-}
-
-static inline void l2cap_pdu_submit(struct l2cap_instance_s *l2cap)
-{
- /* TODO: Fragmentation */
- (l2cap->role ?
- l2cap->link->slave->lmp_acl_data : l2cap->link->host->lmp_acl_resp)
- (l2cap->link, l2cap->frame_out, 1, l2cap->frame_out_len);
-}
-
-static uint8_t *l2cap_bframe_out(struct bt_l2cap_conn_params_s *parm, int len)
-{
- struct l2cap_chan_s *chan = (struct l2cap_chan_s *) parm;
-
- if (len > chan->params.remote_mtu) {
- fprintf(stderr, "%s: B-Frame for CID %04x longer than %i octets.\n",
- __FUNCTION__,
- chan->remote_cid, chan->params.remote_mtu);
- exit(-1);
- }
-
- return l2cap_pdu_out(chan->l2cap, chan->remote_cid, len);
-}
-
-static void l2cap_bframe_submit(struct bt_l2cap_conn_params_s *parms)
-{
- struct l2cap_chan_s *chan = (struct l2cap_chan_s *) parms;
-
- l2cap_pdu_submit(chan->l2cap);
-}
-
-#if 0
-/* Stub: Only used if an emulated device requests outgoing flow control */
-static uint8_t *l2cap_iframe_out(struct bt_l2cap_conn_params_s *parm, int len)
-{
- struct l2cap_chan_s *chan = (struct l2cap_chan_s *) parm;
-
- if (len > chan->params.remote_mtu) {
- /* TODO: slice into segments and queue each segment as a separate
- * I-Frame in a FIFO of I-Frames, local to the CID. */
- } else {
- /* TODO: add to the FIFO of I-Frames, local to the CID. */
- /* Possibly we need to return a pointer to a contiguous buffer
- * for now and then memcpy from it into FIFOs in l2cap_iframe_submit
- * while segmenting at the same time. */
- }
- return 0;
-}
-
-static void l2cap_iframe_submit(struct bt_l2cap_conn_params_s *parm)
-{
- /* TODO: If flow control indicates clear to send, start submitting the
- * invidual I-Frames from the FIFO, but don't remove them from there.
- * Kick the appropriate timer until we get an S-Frame, and only then
- * remove from FIFO or resubmit and re-kick the timer if the timer
- * expired. */
-}
-#endif
-
-static void l2cap_init(struct l2cap_instance_s *l2cap,
- struct bt_link_s *link, int role)
-{
- l2cap->link = link;
- l2cap->role = role;
- l2cap->dev = (struct bt_l2cap_device_s *)
- (role ? link->host : link->slave);
-
- l2cap->next_id = 1;
-
- /* Establish the signalling channel */
- l2cap->signalling_ch.params.sdu_in = l2cap_cframe_in;
- l2cap->signalling_ch.params.sdu_out = l2cap_bframe_out;
- l2cap->signalling_ch.params.sdu_submit = l2cap_bframe_submit;
- l2cap->signalling_ch.params.opaque = l2cap;
- l2cap->signalling_ch.params.remote_mtu = 48;
- l2cap->signalling_ch.remote_cid = L2CAP_CID_SIGNALLING;
- l2cap->signalling_ch.frame_in = l2cap_bframe_in;
- l2cap->signalling_ch.mps = 65536;
- l2cap->signalling_ch.min_mtu = 48;
- l2cap->signalling_ch.mode = L2CAP_MODE_BASIC;
- l2cap->signalling_ch.l2cap = l2cap;
- l2cap->cid[L2CAP_CID_SIGNALLING] = &l2cap->signalling_ch;
-
- /* Establish the connection-less data channel */
- l2cap->group_ch.params.sdu_in = l2cap_gframe_in;
- l2cap->group_ch.params.opaque = l2cap;
- l2cap->group_ch.frame_in = l2cap_bframe_in;
- l2cap->group_ch.mps = 65533;
- l2cap->group_ch.l2cap = l2cap;
- l2cap->group_ch.remote_cid = L2CAP_CID_INVALID;
- l2cap->cid[L2CAP_CID_GROUP] = &l2cap->group_ch;
-}
-
-static void l2cap_teardown(struct l2cap_instance_s *l2cap, int send_disconnect)
-{
- int cid;
-
- /* Don't send DISCONNECT if we are currently handling a DISCONNECT
- * sent from the other side. */
- if (send_disconnect) {
- if (l2cap->role)
- l2cap->dev->device.lmp_disconnect_slave(l2cap->link);
- /* l2cap->link is invalid from now on. */
- else
- l2cap->dev->device.lmp_disconnect_master(l2cap->link);
- }
-
- for (cid = L2CAP_CID_ALLOC; cid < L2CAP_CID_MAX; cid ++)
- if (l2cap->cid[cid]) {
- l2cap->cid[cid]->params.close(l2cap->cid[cid]->params.opaque);
- g_free(l2cap->cid[cid]);
- }
-
- if (l2cap->role)
- g_free(l2cap);
- else
- g_free(l2cap->link);
-}
-
-/* L2CAP glue to lower layers in bluetooth stack (LMP) */
-
-static void l2cap_lmp_connection_request(struct bt_link_s *link)
-{
- struct bt_l2cap_device_s *dev = (struct bt_l2cap_device_s *) link->slave;
- struct slave_l2cap_instance_s *l2cap;
-
- /* Always accept - we only get called if (dev->device->page_scan). */
-
- l2cap = g_malloc0(sizeof(struct slave_l2cap_instance_s));
- l2cap->link.slave = &dev->device;
- l2cap->link.host = link->host;
- l2cap_init(&l2cap->l2cap, &l2cap->link, 0);
-
- /* Always at the end */
- link->host->reject_reason = 0;
- link->host->lmp_connection_complete(&l2cap->link);
-}
-
-/* Stub */
-static void l2cap_lmp_connection_complete(struct bt_link_s *link)
-{
- struct bt_l2cap_device_s *dev = (struct bt_l2cap_device_s *) link->host;
- struct l2cap_instance_s *l2cap;
-
- if (dev->device.reject_reason) {
- /* Signal to upper layer */
- return;
- }
-
- l2cap = g_malloc0(sizeof(struct l2cap_instance_s));
- l2cap_init(l2cap, link, 1);
-
- link->acl_mode = acl_active;
-
- /* Signal to upper layer */
-}
-
-/* Stub */
-static void l2cap_lmp_disconnect_host(struct bt_link_s *link)
-{
- struct bt_l2cap_device_s *dev = (struct bt_l2cap_device_s *) link->host;
- struct l2cap_instance_s *l2cap =
- /* TODO: Retrieve from upper layer */ (void *) dev;
-
- /* Signal to upper layer */
-
- l2cap_teardown(l2cap, 0);
-}
-
-static void l2cap_lmp_disconnect_slave(struct bt_link_s *link)
-{
- struct slave_l2cap_instance_s *l2cap =
- (struct slave_l2cap_instance_s *) link;
-
- l2cap_teardown(&l2cap->l2cap, 0);
-}
-
-static void l2cap_lmp_acl_data_slave(struct bt_link_s *link,
- const uint8_t *data, int start, int len)
-{
- struct slave_l2cap_instance_s *l2cap =
- (struct slave_l2cap_instance_s *) link;
-
- if (start)
- l2cap->l2cap.frame_in_len = 0;
-
- l2cap_pdu_in(&l2cap->l2cap, data, len);
-}
-
-/* Stub */
-static void l2cap_lmp_acl_data_host(struct bt_link_s *link,
- const uint8_t *data, int start, int len)
-{
- struct bt_l2cap_device_s *dev = (struct bt_l2cap_device_s *) link->host;
- struct l2cap_instance_s *l2cap =
- /* TODO: Retrieve from upper layer */ (void *) dev;
-
- if (start)
- l2cap->frame_in_len = 0;
-
- l2cap_pdu_in(l2cap, data, len);
-}
-
-static void l2cap_dummy_destroy(struct bt_device_s *dev)
-{
- struct bt_l2cap_device_s *l2cap_dev = (struct bt_l2cap_device_s *) dev;
-
- bt_l2cap_device_done(l2cap_dev);
-}
-
-void bt_l2cap_device_init(struct bt_l2cap_device_s *dev,
- struct bt_scatternet_s *net)
-{
- bt_device_init(&dev->device, net);
-
- dev->device.lmp_connection_request = l2cap_lmp_connection_request;
- dev->device.lmp_connection_complete = l2cap_lmp_connection_complete;
- dev->device.lmp_disconnect_master = l2cap_lmp_disconnect_host;
- dev->device.lmp_disconnect_slave = l2cap_lmp_disconnect_slave;
- dev->device.lmp_acl_data = l2cap_lmp_acl_data_slave;
- dev->device.lmp_acl_resp = l2cap_lmp_acl_data_host;
-
- dev->device.handle_destroy = l2cap_dummy_destroy;
-}
-
-void bt_l2cap_device_done(struct bt_l2cap_device_s *dev)
-{
- bt_device_done(&dev->device);
-
- /* Should keep a list of all instances and go through it and
- * invoke l2cap_teardown() for each. */
-}
-
-void bt_l2cap_psm_register(struct bt_l2cap_device_s *dev, int psm, int min_mtu,
- int (*new_channel)(struct bt_l2cap_device_s *dev,
- struct bt_l2cap_conn_params_s *params))
-{
- struct bt_l2cap_psm_s *new_psm = l2cap_psm(dev, psm);
-
- if (new_psm) {
- fprintf(stderr, "%s: PSM %04x already registered for device `%s'.\n",
- __FUNCTION__, psm, dev->device.lmp_name);
- exit(-1);
- }
-
- new_psm = g_malloc0(sizeof(*new_psm));
- new_psm->psm = psm;
- new_psm->min_mtu = min_mtu;
- new_psm->new_channel = new_channel;
- new_psm->next = dev->first_psm;
- dev->first_psm = new_psm;
-}
diff --git a/hw/bt-sdp.c b/hw/bt-sdp.c
deleted file mode 100644
index c0431d1a4..000000000
--- a/hw/bt-sdp.c
+++ /dev/null
@@ -1,967 +0,0 @@
-/*
- * Service Discover Protocol server for QEMU L2CAP devices
- *
- * Copyright (C) 2008 Andrzej Zaborowski <balrog@zabor.org>
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License as
- * published by the Free Software Foundation; either version 2 of
- * the License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, see <http://www.gnu.org/licenses/>.
- */
-
-#include "qemu-common.h"
-#include "bt.h"
-
-struct bt_l2cap_sdp_state_s {
- struct bt_l2cap_conn_params_s *channel;
-
- struct sdp_service_record_s {
- int match;
-
- int *uuid;
- int uuids;
- struct sdp_service_attribute_s {
- int match;
-
- int attribute_id;
- int len;
- void *pair;
- } *attribute_list;
- int attributes;
- } *service_list;
- int services;
-};
-
-static ssize_t sdp_datalen(const uint8_t **element, ssize_t *left)
-{
- size_t len = *(*element) ++ & SDP_DSIZE_MASK;
-
- if (!*left)
- return -1;
- (*left) --;
-
- if (len < SDP_DSIZE_NEXT1)
- return 1 << len;
- else if (len == SDP_DSIZE_NEXT1) {
- if (*left < 1)
- return -1;
- (*left) --;
-
- return *(*element) ++;
- } else if (len == SDP_DSIZE_NEXT2) {
- if (*left < 2)
- return -1;
- (*left) -= 2;
-
- len = (*(*element) ++) << 8;
- return len | (*(*element) ++);
- } else {
- if (*left < 4)
- return -1;
- (*left) -= 4;
-
- len = (*(*element) ++) << 24;
- len |= (*(*element) ++) << 16;
- len |= (*(*element) ++) << 8;
- return len | (*(*element) ++);
- }
-}
-
-static const uint8_t bt_base_uuid[12] = {
- 0x00, 0x00, 0x10, 0x00, 0x80, 0x00, 0x00, 0x80, 0x5f, 0x9b, 0x34, 0xfb,
-};
-
-static int sdp_uuid_match(struct sdp_service_record_s *record,
- const uint8_t *uuid, ssize_t datalen)
-{
- int *lo, hi, val;
-
- if (datalen == 16 || datalen == 4) {
- if (datalen == 16 && memcmp(uuid + 4, bt_base_uuid, 12))
- return 0;
-
- if (uuid[0] | uuid[1])
- return 0;
- uuid += 2;
- }
-
- val = (uuid[0] << 8) | uuid[1];
- lo = record->uuid;
- hi = record->uuids;
- while (hi >>= 1)
- if (lo[hi] <= val)
- lo += hi;
-
- return *lo == val;
-}
-
-#define CONTINUATION_PARAM_SIZE (1 + sizeof(int))
-#define MAX_PDU_OUT_SIZE 96 /* Arbitrary */
-#define PDU_HEADER_SIZE 5
-#define MAX_RSP_PARAM_SIZE (MAX_PDU_OUT_SIZE - PDU_HEADER_SIZE - \
- CONTINUATION_PARAM_SIZE)
-
-static int sdp_svc_match(struct bt_l2cap_sdp_state_s *sdp,
- const uint8_t **req, ssize_t *len)
-{
- size_t datalen;
- int i;
-
- if ((**req & ~SDP_DSIZE_MASK) != SDP_DTYPE_UUID)
- return 1;
-
- datalen = sdp_datalen(req, len);
- if (datalen != 2 && datalen != 4 && datalen != 16)
- return 1;
-
- for (i = 0; i < sdp->services; i ++)
- if (sdp_uuid_match(&sdp->service_list[i], *req, datalen))
- sdp->service_list[i].match = 1;
-
- (*req) += datalen;
- (*len) -= datalen;
-
- return 0;
-}
-
-static ssize_t sdp_svc_search(struct bt_l2cap_sdp_state_s *sdp,
- uint8_t *rsp, const uint8_t *req, ssize_t len)
-{
- ssize_t seqlen;
- int i, count, start, end, max;
- int32_t handle;
-
- /* Perform the search */
- for (i = 0; i < sdp->services; i ++)
- sdp->service_list[i].match = 0;
-
- if (len < 1)
- return -SDP_INVALID_SYNTAX;
- if ((*req & ~SDP_DSIZE_MASK) == SDP_DTYPE_SEQ) {
- seqlen = sdp_datalen(&req, &len);
- if (seqlen < 3 || len < seqlen)
- return -SDP_INVALID_SYNTAX;
- len -= seqlen;
-
- while (seqlen)
- if (sdp_svc_match(sdp, &req, &seqlen))
- return -SDP_INVALID_SYNTAX;
- } else if (sdp_svc_match(sdp, &req, &seqlen))
- return -SDP_INVALID_SYNTAX;
-
- if (len < 3)
- return -SDP_INVALID_SYNTAX;
- max = (req[0] << 8) | req[1];
- req += 2;
- len -= 2;
-
- if (*req) {
- if (len <= sizeof(int))
- return -SDP_INVALID_SYNTAX;
- len -= sizeof(int);
- memcpy(&start, req + 1, sizeof(int));
- } else
- start = 0;
-
- if (len > 1)
- return -SDP_INVALID_SYNTAX;
-
- /* Output the results */
- len = 4;
- count = 0;
- end = start;
- for (i = 0; i < sdp->services; i ++)
- if (sdp->service_list[i].match) {
- if (count >= start && count < max && len + 4 < MAX_RSP_PARAM_SIZE) {
- handle = i;
- memcpy(rsp + len, &handle, 4);
- len += 4;
- end = count + 1;
- }
-
- count ++;
- }
-
- rsp[0] = count >> 8;
- rsp[1] = count & 0xff;
- rsp[2] = (end - start) >> 8;
- rsp[3] = (end - start) & 0xff;
-
- if (end < count) {
- rsp[len ++] = sizeof(int);
- memcpy(rsp + len, &end, sizeof(int));
- len += 4;
- } else
- rsp[len ++] = 0;
-
- return len;
-}
-
-static int sdp_attr_match(struct sdp_service_record_s *record,
- const uint8_t **req, ssize_t *len)
-{
- int i, start, end;
-
- if (**req == (SDP_DTYPE_UINT | SDP_DSIZE_2)) {
- (*req) ++;
- if (*len < 3)
- return 1;
-
- start = (*(*req) ++) << 8;
- start |= *(*req) ++;
- end = start;
- *len -= 3;
- } else if (**req == (SDP_DTYPE_UINT | SDP_DSIZE_4)) {
- (*req) ++;
- if (*len < 5)
- return 1;
-
- start = (*(*req) ++) << 8;
- start |= *(*req) ++;
- end = (*(*req) ++) << 8;
- end |= *(*req) ++;
- *len -= 5;
- } else
- return 1;
-
- for (i = 0; i < record->attributes; i ++)
- if (record->attribute_list[i].attribute_id >= start &&
- record->attribute_list[i].attribute_id <= end)
- record->attribute_list[i].match = 1;
-
- return 0;
-}
-
-static ssize_t sdp_attr_get(struct bt_l2cap_sdp_state_s *sdp,
- uint8_t *rsp, const uint8_t *req, ssize_t len)
-{
- ssize_t seqlen;
- int i, start, end, max;
- int32_t handle;
- struct sdp_service_record_s *record;
- uint8_t *lst;
-
- /* Perform the search */
- if (len < 7)
- return -SDP_INVALID_SYNTAX;
- memcpy(&handle, req, 4);
- req += 4;
- len -= 4;
-
- if (handle < 0 || handle > sdp->services)
- return -SDP_INVALID_RECORD_HANDLE;
- record = &sdp->service_list[handle];
-
- for (i = 0; i < record->attributes; i ++)
- record->attribute_list[i].match = 0;
-
- max = (req[0] << 8) | req[1];
- req += 2;
- len -= 2;
- if (max < 0x0007)
- return -SDP_INVALID_SYNTAX;
-
- if ((*req & ~SDP_DSIZE_MASK) == SDP_DTYPE_SEQ) {
- seqlen = sdp_datalen(&req, &len);
- if (seqlen < 3 || len < seqlen)
- return -SDP_INVALID_SYNTAX;
- len -= seqlen;
-
- while (seqlen)
- if (sdp_attr_match(record, &req, &seqlen))
- return -SDP_INVALID_SYNTAX;
- } else if (sdp_attr_match(record, &req, &seqlen))
- return -SDP_INVALID_SYNTAX;
-
- if (len < 1)
- return -SDP_INVALID_SYNTAX;
-
- if (*req) {
- if (len <= sizeof(int))
- return -SDP_INVALID_SYNTAX;
- len -= sizeof(int);
- memcpy(&start, req + 1, sizeof(int));
- } else
- start = 0;
-
- if (len > 1)
- return -SDP_INVALID_SYNTAX;
-
- /* Output the results */
- lst = rsp + 2;
- max = MIN(max, MAX_RSP_PARAM_SIZE);
- len = 3 - start;
- end = 0;
- for (i = 0; i < record->attributes; i ++)
- if (record->attribute_list[i].match) {
- if (len >= 0 && len + record->attribute_list[i].len < max) {
- memcpy(lst + len, record->attribute_list[i].pair,
- record->attribute_list[i].len);
- end = len + record->attribute_list[i].len;
- }
- len += record->attribute_list[i].len;
- }
- if (0 >= start) {
- lst[0] = SDP_DTYPE_SEQ | SDP_DSIZE_NEXT2;
- lst[1] = (len + start - 3) >> 8;
- lst[2] = (len + start - 3) & 0xff;
- }
-
- rsp[0] = end >> 8;
- rsp[1] = end & 0xff;
-
- if (end < len) {
- len = end + start;
- lst[end ++] = sizeof(int);
- memcpy(lst + end, &len, sizeof(int));
- end += sizeof(int);
- } else
- lst[end ++] = 0;
-
- return end + 2;
-}
-
-static int sdp_svc_attr_match(struct bt_l2cap_sdp_state_s *sdp,
- const uint8_t **req, ssize_t *len)
-{
- int i, j, start, end;
- struct sdp_service_record_s *record;
-
- if (**req == (SDP_DTYPE_UINT | SDP_DSIZE_2)) {
- (*req) ++;
- if (*len < 3)
- return 1;
-
- start = (*(*req) ++) << 8;
- start |= *(*req) ++;
- end = start;
- *len -= 3;
- } else if (**req == (SDP_DTYPE_UINT | SDP_DSIZE_4)) {
- (*req) ++;
- if (*len < 5)
- return 1;
-
- start = (*(*req) ++) << 8;
- start |= *(*req) ++;
- end = (*(*req) ++) << 8;
- end |= *(*req) ++;
- *len -= 5;
- } else
- return 1;
-
- for (i = 0; i < sdp->services; i ++)
- if ((record = &sdp->service_list[i])->match)
- for (j = 0; j < record->attributes; j ++)
- if (record->attribute_list[j].attribute_id >= start &&
- record->attribute_list[j].attribute_id <= end)
- record->attribute_list[j].match = 1;
-
- return 0;
-}
-
-static ssize_t sdp_svc_search_attr_get(struct bt_l2cap_sdp_state_s *sdp,
- uint8_t *rsp, const uint8_t *req, ssize_t len)
-{
- ssize_t seqlen;
- int i, j, start, end, max;
- struct sdp_service_record_s *record;
- uint8_t *lst;
-
- /* Perform the search */
- for (i = 0; i < sdp->services; i ++) {
- sdp->service_list[i].match = 0;
- for (j = 0; j < sdp->service_list[i].attributes; j ++)
- sdp->service_list[i].attribute_list[j].match = 0;
- }
-
- if (len < 1)
- return -SDP_INVALID_SYNTAX;
- if ((*req & ~SDP_DSIZE_MASK) == SDP_DTYPE_SEQ) {
- seqlen = sdp_datalen(&req, &len);
- if (seqlen < 3 || len < seqlen)
- return -SDP_INVALID_SYNTAX;
- len -= seqlen;
-
- while (seqlen)
- if (sdp_svc_match(sdp, &req, &seqlen))
- return -SDP_INVALID_SYNTAX;
- } else if (sdp_svc_match(sdp, &req, &seqlen))
- return -SDP_INVALID_SYNTAX;
-
- if (len < 3)
- return -SDP_INVALID_SYNTAX;
- max = (req[0] << 8) | req[1];
- req += 2;
- len -= 2;
- if (max < 0x0007)
- return -SDP_INVALID_SYNTAX;
-
- if ((*req & ~SDP_DSIZE_MASK) == SDP_DTYPE_SEQ) {
- seqlen = sdp_datalen(&req, &len);
- if (seqlen < 3 || len < seqlen)
- return -SDP_INVALID_SYNTAX;
- len -= seqlen;
-
- while (seqlen)
- if (sdp_svc_attr_match(sdp, &req, &seqlen))
- return -SDP_INVALID_SYNTAX;
- } else if (sdp_svc_attr_match(sdp, &req, &seqlen))
- return -SDP_INVALID_SYNTAX;
-
- if (len < 1)
- return -SDP_INVALID_SYNTAX;
-
- if (*req) {
- if (len <= sizeof(int))
- return -SDP_INVALID_SYNTAX;
- len -= sizeof(int);
- memcpy(&start, req + 1, sizeof(int));
- } else
- start = 0;
-
- if (len > 1)
- return -SDP_INVALID_SYNTAX;
-
- /* Output the results */
- /* This assumes empty attribute lists are never to be returned even
- * for matching Service Records. In practice this shouldn't happen
- * as the requestor will usually include the always present
- * ServiceRecordHandle AttributeID in AttributeIDList. */
- lst = rsp + 2;
- max = MIN(max, MAX_RSP_PARAM_SIZE);
- len = 3 - start;
- end = 0;
- for (i = 0; i < sdp->services; i ++)
- if ((record = &sdp->service_list[i])->match) {
- len += 3;
- seqlen = len;
- for (j = 0; j < record->attributes; j ++)
- if (record->attribute_list[j].match) {
- if (len >= 0)
- if (len + record->attribute_list[j].len < max) {
- memcpy(lst + len, record->attribute_list[j].pair,
- record->attribute_list[j].len);
- end = len + record->attribute_list[j].len;
- }
- len += record->attribute_list[j].len;
- }
- if (seqlen == len)
- len -= 3;
- else if (seqlen >= 3 && seqlen < max) {
- lst[seqlen - 3] = SDP_DTYPE_SEQ | SDP_DSIZE_NEXT2;
- lst[seqlen - 2] = (len - seqlen) >> 8;
- lst[seqlen - 1] = (len - seqlen) & 0xff;
- }
- }
- if (len == 3 - start)
- len -= 3;
- else if (0 >= start) {
- lst[0] = SDP_DTYPE_SEQ | SDP_DSIZE_NEXT2;
- lst[1] = (len + start - 3) >> 8;
- lst[2] = (len + start - 3) & 0xff;
- }
-
- rsp[0] = end >> 8;
- rsp[1] = end & 0xff;
-
- if (end < len) {
- len = end + start;
- lst[end ++] = sizeof(int);
- memcpy(lst + end, &len, sizeof(int));
- end += sizeof(int);
- } else
- lst[end ++] = 0;
-
- return end + 2;
-}
-
-static void bt_l2cap_sdp_sdu_in(void *opaque, const uint8_t *data, int len)
-{
- struct bt_l2cap_sdp_state_s *sdp = opaque;
- enum bt_sdp_cmd pdu_id;
- uint8_t rsp[MAX_PDU_OUT_SIZE - PDU_HEADER_SIZE], *sdu_out;
- int transaction_id, plen;
- int err = 0;
- int rsp_len = 0;
-
- if (len < 5) {
- fprintf(stderr, "%s: short SDP PDU (%iB).\n", __FUNCTION__, len);
- return;
- }
-
- pdu_id = *data ++;
- transaction_id = (data[0] << 8) | data[1];
- plen = (data[2] << 8) | data[3];
- data += 4;
- len -= 5;
-
- if (len != plen) {
- fprintf(stderr, "%s: wrong SDP PDU length (%iB != %iB).\n",
- __FUNCTION__, plen, len);
- err = SDP_INVALID_PDU_SIZE;
- goto respond;
- }
-
- switch (pdu_id) {
- case SDP_SVC_SEARCH_REQ:
- rsp_len = sdp_svc_search(sdp, rsp, data, len);
- pdu_id = SDP_SVC_SEARCH_RSP;
- break;
-
- case SDP_SVC_ATTR_REQ:
- rsp_len = sdp_attr_get(sdp, rsp, data, len);
- pdu_id = SDP_SVC_ATTR_RSP;
- break;
-
- case SDP_SVC_SEARCH_ATTR_REQ:
- rsp_len = sdp_svc_search_attr_get(sdp, rsp, data, len);
- pdu_id = SDP_SVC_SEARCH_ATTR_RSP;
- break;
-
- case SDP_ERROR_RSP:
- case SDP_SVC_ATTR_RSP:
- case SDP_SVC_SEARCH_RSP:
- case SDP_SVC_SEARCH_ATTR_RSP:
- default:
- fprintf(stderr, "%s: unexpected SDP PDU ID %02x.\n",
- __FUNCTION__, pdu_id);
- err = SDP_INVALID_SYNTAX;
- break;
- }
-
- if (rsp_len < 0) {
- err = -rsp_len;
- rsp_len = 0;
- }
-
-respond:
- if (err) {
- pdu_id = SDP_ERROR_RSP;
- rsp[rsp_len ++] = err >> 8;
- rsp[rsp_len ++] = err & 0xff;
- }
-
- sdu_out = sdp->channel->sdu_out(sdp->channel, rsp_len + PDU_HEADER_SIZE);
-
- sdu_out[0] = pdu_id;
- sdu_out[1] = transaction_id >> 8;
- sdu_out[2] = transaction_id & 0xff;
- sdu_out[3] = rsp_len >> 8;
- sdu_out[4] = rsp_len & 0xff;
- memcpy(sdu_out + PDU_HEADER_SIZE, rsp, rsp_len);
-
- sdp->channel->sdu_submit(sdp->channel);
-}
-
-static void bt_l2cap_sdp_close_ch(void *opaque)
-{
- struct bt_l2cap_sdp_state_s *sdp = opaque;
- int i;
-
- for (i = 0; i < sdp->services; i ++) {
- g_free(sdp->service_list[i].attribute_list->pair);
- g_free(sdp->service_list[i].attribute_list);
- g_free(sdp->service_list[i].uuid);
- }
- g_free(sdp->service_list);
- g_free(sdp);
-}
-
-struct sdp_def_service_s {
- uint16_t class_uuid;
- struct sdp_def_attribute_s {
- uint16_t id;
- struct sdp_def_data_element_s {
- uint8_t type;
- union {
- uint32_t uint;
- const char *str;
- struct sdp_def_data_element_s *list;
- } value;
- } data;
- } attributes[];
-};
-
-/* Calculate a safe byte count to allocate that will store the given
- * element, at the same time count elements of a UUID type. */
-static int sdp_attr_max_size(struct sdp_def_data_element_s *element,
- int *uuids)
-{
- int type = element->type & ~SDP_DSIZE_MASK;
- int len;
-
- if (type == SDP_DTYPE_UINT || type == SDP_DTYPE_UUID ||
- type == SDP_DTYPE_BOOL) {
- if (type == SDP_DTYPE_UUID)
- (*uuids) ++;
- return 1 + (1 << (element->type & SDP_DSIZE_MASK));
- }
-
- if (type == SDP_DTYPE_STRING || type == SDP_DTYPE_URL) {
- if (element->type & SDP_DSIZE_MASK) {
- for (len = 0; element->value.str[len] |
- element->value.str[len + 1]; len ++);
- return len;
- } else
- return 2 + strlen(element->value.str);
- }
-
- if (type != SDP_DTYPE_SEQ)
- exit(-1);
- len = 2;
- element = element->value.list;
- while (element->type)
- len += sdp_attr_max_size(element ++, uuids);
- if (len > 255)
- exit (-1);
-
- return len;
-}
-
-static int sdp_attr_write(uint8_t *data,
- struct sdp_def_data_element_s *element, int **uuid)
-{
- int type = element->type & ~SDP_DSIZE_MASK;
- int len = 0;
-
- if (type == SDP_DTYPE_UINT || type == SDP_DTYPE_BOOL) {
- data[len ++] = element->type;
- if ((element->type & SDP_DSIZE_MASK) == SDP_DSIZE_1)
- data[len ++] = (element->value.uint >> 0) & 0xff;
- else if ((element->type & SDP_DSIZE_MASK) == SDP_DSIZE_2) {
- data[len ++] = (element->value.uint >> 8) & 0xff;
- data[len ++] = (element->value.uint >> 0) & 0xff;
- } else if ((element->type & SDP_DSIZE_MASK) == SDP_DSIZE_4) {
- data[len ++] = (element->value.uint >> 24) & 0xff;
- data[len ++] = (element->value.uint >> 16) & 0xff;
- data[len ++] = (element->value.uint >> 8) & 0xff;
- data[len ++] = (element->value.uint >> 0) & 0xff;
- }
-
- return len;
- }
-
- if (type == SDP_DTYPE_UUID) {
- *(*uuid) ++ = element->value.uint;
-
- data[len ++] = element->type;
- data[len ++] = (element->value.uint >> 24) & 0xff;
- data[len ++] = (element->value.uint >> 16) & 0xff;
- data[len ++] = (element->value.uint >> 8) & 0xff;
- data[len ++] = (element->value.uint >> 0) & 0xff;
- memcpy(data + len, bt_base_uuid, 12);
-
- return len + 12;
- }
-
- data[0] = type | SDP_DSIZE_NEXT1;
- if (type == SDP_DTYPE_STRING || type == SDP_DTYPE_URL) {
- if (element->type & SDP_DSIZE_MASK)
- for (len = 0; element->value.str[len] |
- element->value.str[len + 1]; len ++);
- else
- len = strlen(element->value.str);
- memcpy(data + 2, element->value.str, data[1] = len);
-
- return len + 2;
- }
-
- len = 2;
- element = element->value.list;
- while (element->type)
- len += sdp_attr_write(data + len, element ++, uuid);
- data[1] = len - 2;
-
- return len;
-}
-
-static int sdp_attributeid_compare(const struct sdp_service_attribute_s *a,
- const struct sdp_service_attribute_s *b)
-{
- return (int) b->attribute_id - a->attribute_id;
-}
-
-static int sdp_uuid_compare(const int *a, const int *b)
-{
- return *a - *b;
-}
-
-static void sdp_service_record_build(struct sdp_service_record_s *record,
- struct sdp_def_service_s *def, int handle)
-{
- int len = 0;
- uint8_t *data;
- int *uuid;
-
- record->uuids = 0;
- while (def->attributes[record->attributes].data.type) {
- len += 3;
- len += sdp_attr_max_size(&def->attributes[record->attributes ++].data,
- &record->uuids);
- }
- record->uuids = 1 << ffs(record->uuids - 1);
- record->attribute_list =
- g_malloc0(record->attributes * sizeof(*record->attribute_list));
- record->uuid =
- g_malloc0(record->uuids * sizeof(*record->uuid));
- data = g_malloc(len);
-
- record->attributes = 0;
- uuid = record->uuid;
- while (def->attributes[record->attributes].data.type) {
- record->attribute_list[record->attributes].pair = data;
-
- len = 0;
- data[len ++] = SDP_DTYPE_UINT | SDP_DSIZE_2;
- data[len ++] = def->attributes[record->attributes].id >> 8;
- data[len ++] = def->attributes[record->attributes].id & 0xff;
- len += sdp_attr_write(data + len,
- &def->attributes[record->attributes].data, &uuid);
-
- /* Special case: assign a ServiceRecordHandle in sequence */
- if (def->attributes[record->attributes].id == SDP_ATTR_RECORD_HANDLE)
- def->attributes[record->attributes].data.value.uint = handle;
- /* Note: we could also assign a ServiceDescription based on
- * sdp->device.device->lmp_name. */
-
- record->attribute_list[record->attributes ++].len = len;
- data += len;
- }
-
- /* Sort the attribute list by the AttributeID */
- qsort(record->attribute_list, record->attributes,
- sizeof(*record->attribute_list),
- (void *) sdp_attributeid_compare);
- /* Sort the searchable UUIDs list for bisection */
- qsort(record->uuid, record->uuids,
- sizeof(*record->uuid),
- (void *) sdp_uuid_compare);
-}
-
-static void sdp_service_db_build(struct bt_l2cap_sdp_state_s *sdp,
- struct sdp_def_service_s **service)
-{
- sdp->services = 0;
- while (service[sdp->services])
- sdp->services ++;
- sdp->service_list =
- g_malloc0(sdp->services * sizeof(*sdp->service_list));
-
- sdp->services = 0;
- while (*service) {
- sdp_service_record_build(&sdp->service_list[sdp->services],
- *service, sdp->services);
- service ++;
- sdp->services ++;
- }
-}
-
-#define LAST { .type = 0 }
-#define SERVICE(name, attrs) \
- static struct sdp_def_service_s glue(glue(sdp_service_, name), _s) = { \
- .attributes = { attrs { .data = LAST } }, \
- };
-#define ATTRIBUTE(attrid, val) { .id = glue(SDP_ATTR_, attrid), .data = val },
-#define UINT8(val) { \
- .type = SDP_DTYPE_UINT | SDP_DSIZE_1, \
- .value.uint = val, \
- },
-#define UINT16(val) { \
- .type = SDP_DTYPE_UINT | SDP_DSIZE_2, \
- .value.uint = val, \
- },
-#define UINT32(val) { \
- .type = SDP_DTYPE_UINT | SDP_DSIZE_4, \
- .value.uint = val, \
- },
-#define UUID128(val) { \
- .type = SDP_DTYPE_UUID | SDP_DSIZE_16, \
- .value.uint = val, \
- },
-#define SDP_TRUE { \
- .type = SDP_DTYPE_BOOL | SDP_DSIZE_1, \
- .value.uint = 1, \
- },
-#define SDP_FALSE { \
- .type = SDP_DTYPE_BOOL | SDP_DSIZE_1, \
- .value.uint = 0, \
- },
-#define STRING(val) { \
- .type = SDP_DTYPE_STRING, \
- .value.str = val, \
- },
-#define ARRAY(...) { \
- .type = SDP_DTYPE_STRING | SDP_DSIZE_2, \
- .value.str = (char []) { __VA_ARGS__, 0, 0 }, \
- },
-#define URL(val) { \
- .type = SDP_DTYPE_URL, \
- .value.str = val, \
- },
-#if 1
-#define LIST(val) { \
- .type = SDP_DTYPE_SEQ, \
- .value.list = (struct sdp_def_data_element_s []) { val LAST }, \
- },
-#endif
-
-/* Try to keep each single attribute below MAX_PDU_OUT_SIZE bytes
- * in resulting SDP data representation size. */
-
-SERVICE(hid,
- ATTRIBUTE(RECORD_HANDLE, UINT32(0)) /* Filled in later */
- ATTRIBUTE(SVCLASS_ID_LIST, LIST(UUID128(HID_SVCLASS_ID)))
- ATTRIBUTE(RECORD_STATE, UINT32(1))
- ATTRIBUTE(PROTO_DESC_LIST, LIST(
- LIST(UUID128(L2CAP_UUID) UINT16(BT_PSM_HID_CTRL))
- LIST(UUID128(HIDP_UUID))
- ))
- ATTRIBUTE(BROWSE_GRP_LIST, LIST(UUID128(0x1002)))
- ATTRIBUTE(LANG_BASE_ATTR_ID_LIST, LIST(
- UINT16(0x656e) UINT16(0x006a) UINT16(0x0100)
- ))
- ATTRIBUTE(PFILE_DESC_LIST, LIST(
- LIST(UUID128(HID_PROFILE_ID) UINT16(0x0100))
- ))
- ATTRIBUTE(DOC_URL, URL("http://bellard.org/qemu/user-doc.html"))
- ATTRIBUTE(SVCNAME_PRIMARY, STRING("QEMU Bluetooth HID"))
- ATTRIBUTE(SVCDESC_PRIMARY, STRING("QEMU Keyboard/Mouse"))
- ATTRIBUTE(SVCPROV_PRIMARY, STRING("QEMU"))
-
- /* Profile specific */
- ATTRIBUTE(DEVICE_RELEASE_NUMBER, UINT16(0x0091)) /* Deprecated, remove */
- ATTRIBUTE(PARSER_VERSION, UINT16(0x0111))
- /* TODO: extract from l2cap_device->device.class[0] */
- ATTRIBUTE(DEVICE_SUBCLASS, UINT8(0x40))
- ATTRIBUTE(COUNTRY_CODE, UINT8(0x15))
- ATTRIBUTE(VIRTUAL_CABLE, SDP_TRUE)
- ATTRIBUTE(RECONNECT_INITIATE, SDP_FALSE)
- /* TODO: extract from hid->usbdev->report_desc */
- ATTRIBUTE(DESCRIPTOR_LIST, LIST(
- LIST(UINT8(0x22) ARRAY(
- 0x05, 0x01, /* Usage Page (Generic Desktop) */
- 0x09, 0x06, /* Usage (Keyboard) */
- 0xa1, 0x01, /* Collection (Application) */
- 0x75, 0x01, /* Report Size (1) */
- 0x95, 0x08, /* Report Count (8) */
- 0x05, 0x07, /* Usage Page (Key Codes) */
- 0x19, 0xe0, /* Usage Minimum (224) */
- 0x29, 0xe7, /* Usage Maximum (231) */
- 0x15, 0x00, /* Logical Minimum (0) */
- 0x25, 0x01, /* Logical Maximum (1) */
- 0x81, 0x02, /* Input (Data, Variable, Absolute) */
- 0x95, 0x01, /* Report Count (1) */
- 0x75, 0x08, /* Report Size (8) */
- 0x81, 0x01, /* Input (Constant) */
- 0x95, 0x05, /* Report Count (5) */
- 0x75, 0x01, /* Report Size (1) */
- 0x05, 0x08, /* Usage Page (LEDs) */
- 0x19, 0x01, /* Usage Minimum (1) */
- 0x29, 0x05, /* Usage Maximum (5) */
- 0x91, 0x02, /* Output (Data, Variable, Absolute) */
- 0x95, 0x01, /* Report Count (1) */
- 0x75, 0x03, /* Report Size (3) */
- 0x91, 0x01, /* Output (Constant) */
- 0x95, 0x06, /* Report Count (6) */
- 0x75, 0x08, /* Report Size (8) */
- 0x15, 0x00, /* Logical Minimum (0) */
- 0x25, 0xff, /* Logical Maximum (255) */
- 0x05, 0x07, /* Usage Page (Key Codes) */
- 0x19, 0x00, /* Usage Minimum (0) */
- 0x29, 0xff, /* Usage Maximum (255) */
- 0x81, 0x00, /* Input (Data, Array) */
- 0xc0 /* End Collection */
- ))))
- ATTRIBUTE(LANG_ID_BASE_LIST, LIST(
- LIST(UINT16(0x0409) UINT16(0x0100))
- ))
- ATTRIBUTE(SDP_DISABLE, SDP_FALSE)
- ATTRIBUTE(BATTERY_POWER, SDP_TRUE)
- ATTRIBUTE(REMOTE_WAKEUP, SDP_TRUE)
- ATTRIBUTE(BOOT_DEVICE, SDP_TRUE) /* XXX: untested */
- ATTRIBUTE(SUPERVISION_TIMEOUT, UINT16(0x0c80))
- ATTRIBUTE(NORMALLY_CONNECTABLE, SDP_TRUE)
- ATTRIBUTE(PROFILE_VERSION, UINT16(0x0100))
-)
-
-SERVICE(sdp,
- ATTRIBUTE(RECORD_HANDLE, UINT32(0)) /* Filled in later */
- ATTRIBUTE(SVCLASS_ID_LIST, LIST(UUID128(SDP_SERVER_SVCLASS_ID)))
- ATTRIBUTE(RECORD_STATE, UINT32(1))
- ATTRIBUTE(PROTO_DESC_LIST, LIST(
- LIST(UUID128(L2CAP_UUID) UINT16(BT_PSM_SDP))
- LIST(UUID128(SDP_UUID))
- ))
- ATTRIBUTE(BROWSE_GRP_LIST, LIST(UUID128(0x1002)))
- ATTRIBUTE(LANG_BASE_ATTR_ID_LIST, LIST(
- UINT16(0x656e) UINT16(0x006a) UINT16(0x0100)
- ))
- ATTRIBUTE(PFILE_DESC_LIST, LIST(
- LIST(UUID128(SDP_SERVER_PROFILE_ID) UINT16(0x0100))
- ))
- ATTRIBUTE(DOC_URL, URL("http://bellard.org/qemu/user-doc.html"))
- ATTRIBUTE(SVCPROV_PRIMARY, STRING("QEMU"))
-
- /* Profile specific */
- ATTRIBUTE(VERSION_NUM_LIST, LIST(UINT16(0x0100)))
- ATTRIBUTE(SVCDB_STATE , UINT32(1))
-)
-
-SERVICE(pnp,
- ATTRIBUTE(RECORD_HANDLE, UINT32(0)) /* Filled in later */
- ATTRIBUTE(SVCLASS_ID_LIST, LIST(UUID128(PNP_INFO_SVCLASS_ID)))
- ATTRIBUTE(RECORD_STATE, UINT32(1))
- ATTRIBUTE(PROTO_DESC_LIST, LIST(
- LIST(UUID128(L2CAP_UUID) UINT16(BT_PSM_SDP))
- LIST(UUID128(SDP_UUID))
- ))
- ATTRIBUTE(BROWSE_GRP_LIST, LIST(UUID128(0x1002)))
- ATTRIBUTE(LANG_BASE_ATTR_ID_LIST, LIST(
- UINT16(0x656e) UINT16(0x006a) UINT16(0x0100)
- ))
- ATTRIBUTE(PFILE_DESC_LIST, LIST(
- LIST(UUID128(PNP_INFO_PROFILE_ID) UINT16(0x0100))
- ))
- ATTRIBUTE(DOC_URL, URL("http://bellard.org/qemu/user-doc.html"))
- ATTRIBUTE(SVCPROV_PRIMARY, STRING("QEMU"))
-
- /* Profile specific */
- ATTRIBUTE(SPECIFICATION_ID, UINT16(0x0100))
- ATTRIBUTE(VERSION, UINT16(0x0100))
- ATTRIBUTE(PRIMARY_RECORD, SDP_TRUE)
-)
-
-static int bt_l2cap_sdp_new_ch(struct bt_l2cap_device_s *dev,
- struct bt_l2cap_conn_params_s *params)
-{
- struct bt_l2cap_sdp_state_s *sdp = g_malloc0(sizeof(*sdp));
- struct sdp_def_service_s *services[] = {
- &sdp_service_sdp_s,
- &sdp_service_hid_s,
- &sdp_service_pnp_s,
- NULL,
- };
-
- sdp->channel = params;
- sdp->channel->opaque = sdp;
- sdp->channel->close = bt_l2cap_sdp_close_ch;
- sdp->channel->sdu_in = bt_l2cap_sdp_sdu_in;
-
- sdp_service_db_build(sdp, services);
-
- return 0;
-}
-
-void bt_l2cap_sdp_init(struct bt_l2cap_device_s *dev)
-{
- bt_l2cap_psm_register(dev, BT_PSM_SDP,
- MAX_PDU_OUT_SIZE, bt_l2cap_sdp_new_ch);
-}
diff --git a/hw/bt.c b/hw/bt.c
deleted file mode 100644
index dc99fc28f..000000000
--- a/hw/bt.c
+++ /dev/null
@@ -1,121 +0,0 @@
-/*
- * Convenience functions for bluetooth.
- *
- * Copyright (C) 2008 Andrzej Zaborowski <balrog@zabor.org>
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License as
- * published by the Free Software Foundation; either version 2 or
- * (at your option) version 3 of the License.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, see <http://www.gnu.org/licenses/>.
- */
-
-#include "qemu-common.h"
-#include "net.h"
-#include "bt.h"
-
-/* Slave implementations can ignore this */
-static void bt_dummy_lmp_mode_change(struct bt_link_s *link)
-{
-}
-
-/* Slaves should never receive these PDUs */
-static void bt_dummy_lmp_connection_complete(struct bt_link_s *link)
-{
- if (link->slave->reject_reason)
- fprintf(stderr, "%s: stray LMP_not_accepted received, fixme\n",
- __FUNCTION__);
- else
- fprintf(stderr, "%s: stray LMP_accepted received, fixme\n",
- __FUNCTION__);
- exit(-1);
-}
-
-static void bt_dummy_lmp_disconnect_master(struct bt_link_s *link)
-{
- fprintf(stderr, "%s: stray LMP_detach received, fixme\n", __FUNCTION__);
- exit(-1);
-}
-
-static void bt_dummy_lmp_acl_resp(struct bt_link_s *link,
- const uint8_t *data, int start, int len)
-{
- fprintf(stderr, "%s: stray ACL response PDU, fixme\n", __FUNCTION__);
- exit(-1);
-}
-
-/* Slaves that don't hold any additional per link state can use these */
-static void bt_dummy_lmp_connection_request(struct bt_link_s *req)
-{
- struct bt_link_s *link = g_malloc0(sizeof(struct bt_link_s));
-
- link->slave = req->slave;
- link->host = req->host;
-
- req->host->reject_reason = 0;
- req->host->lmp_connection_complete(link);
-}
-
-static void bt_dummy_lmp_disconnect_slave(struct bt_link_s *link)
-{
- g_free(link);
-}
-
-static void bt_dummy_destroy(struct bt_device_s *device)
-{
- bt_device_done(device);
- g_free(device);
-}
-
-static int bt_dev_idx = 0;
-
-void bt_device_init(struct bt_device_s *dev, struct bt_scatternet_s *net)
-{
- memset(dev, 0, sizeof(*dev));
- dev->inquiry_scan = 1;
- dev->page_scan = 1;
-
- dev->bd_addr.b[0] = bt_dev_idx & 0xff;
- dev->bd_addr.b[1] = bt_dev_idx >> 8;
- dev->bd_addr.b[2] = 0xd0;
- dev->bd_addr.b[3] = 0xba;
- dev->bd_addr.b[4] = 0xbe;
- dev->bd_addr.b[5] = 0xba;
- bt_dev_idx ++;
-
- /* Simple slave-only devices need to implement only .lmp_acl_data */
- dev->lmp_connection_complete = bt_dummy_lmp_connection_complete;
- dev->lmp_disconnect_master = bt_dummy_lmp_disconnect_master;
- dev->lmp_acl_resp = bt_dummy_lmp_acl_resp;
- dev->lmp_mode_change = bt_dummy_lmp_mode_change;
- dev->lmp_connection_request = bt_dummy_lmp_connection_request;
- dev->lmp_disconnect_slave = bt_dummy_lmp_disconnect_slave;
-
- dev->handle_destroy = bt_dummy_destroy;
-
- dev->net = net;
- dev->next = net->slave;
- net->slave = dev;
-}
-
-void bt_device_done(struct bt_device_s *dev)
-{
- struct bt_device_s **p = &dev->net->slave;
-
- while (*p && *p != dev)
- p = &(*p)->next;
- if (*p != dev) {
- fprintf(stderr, "%s: bad bt device \"%s\"\n", __FUNCTION__,
- dev->lmp_name ?: "(null)");
- exit(-1);
- }
-
- *p = dev->next;
-}
diff --git a/hw/bt.h b/hw/bt.h
deleted file mode 100644
index ebf6a370a..000000000
--- a/hw/bt.h
+++ /dev/null
@@ -1,2185 +0,0 @@
-/*
- * QEMU Bluetooth HCI helpers.
- *
- * Copyright (C) 2007 OpenMoko, Inc.
- * Written by Andrzej Zaborowski <andrew@openedhand.com>
- *
- * Useful definitions taken from BlueZ project's headers.
- * Copyright (C) 2000-2001 Qualcomm Incorporated
- * Copyright (C) 2002-2003 Maxim Krasnyansky <maxk@qualcomm.com>
- * Copyright (C) 2002-2006 Marcel Holtmann <marcel@holtmann.org>
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License as
- * published by the Free Software Foundation; either version 2 of
- * the License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, see <http://www.gnu.org/licenses/>.
- */
-
-#include "hw/irq.h"
-
-/* BD Address */
-typedef struct {
- uint8_t b[6];
-} QEMU_PACKED bdaddr_t;
-
-#define BDADDR_ANY (&(bdaddr_t) {{0, 0, 0, 0, 0, 0}})
-#define BDADDR_ALL (&(bdaddr_t) {{0xff, 0xff, 0xff, 0xff, 0xff, 0xff}})
-#define BDADDR_LOCAL (&(bdaddr_t) {{0, 0, 0, 0xff, 0xff, 0xff}})
-
-/* Copy, swap, convert BD Address */
-static inline int bacmp(const bdaddr_t *ba1, const bdaddr_t *ba2)
-{
- return memcmp(ba1, ba2, sizeof(bdaddr_t));
-}
-static inline void bacpy(bdaddr_t *dst, const bdaddr_t *src)
-{
- memcpy(dst, src, sizeof(bdaddr_t));
-}
-
-#define BAINIT(orig) { .b = { \
- (orig)->b[0], (orig)->b[1], (orig)->b[2], \
- (orig)->b[3], (orig)->b[4], (orig)->b[5], \
-}, }
-
-/* The twisted structures of a bluetooth environment */
-struct bt_device_s;
-struct bt_scatternet_s;
-struct bt_piconet_s;
-struct bt_link_s;
-
-struct bt_scatternet_s {
- struct bt_device_s *slave;
-};
-
-struct bt_link_s {
- struct bt_device_s *slave, *host;
- uint16_t handle; /* Master (host) side handle */
- uint16_t acl_interval;
- enum {
- acl_active,
- acl_hold,
- acl_sniff,
- acl_parked,
- } acl_mode;
-};
-
-struct bt_device_s {
- int lt_addr;
- bdaddr_t bd_addr;
- int mtu;
- int setup;
- struct bt_scatternet_s *net;
-
- uint8_t key[16];
- int key_present;
- uint8_t class[3];
-
- uint8_t reject_reason;
-
- uint64_t lmp_caps;
- const char *lmp_name;
- void (*lmp_connection_request)(struct bt_link_s *link);
- void (*lmp_connection_complete)(struct bt_link_s *link);
- void (*lmp_disconnect_master)(struct bt_link_s *link);
- void (*lmp_disconnect_slave)(struct bt_link_s *link);
- void (*lmp_acl_data)(struct bt_link_s *link, const uint8_t *data,
- int start, int len);
- void (*lmp_acl_resp)(struct bt_link_s *link, const uint8_t *data,
- int start, int len);
- void (*lmp_mode_change)(struct bt_link_s *link);
-
- void (*handle_destroy)(struct bt_device_s *device);
- struct bt_device_s *next; /* Next in the piconet/scatternet */
-
- int inquiry_scan;
- int page_scan;
-
- uint16_t clkoff; /* Note: Always little-endian */
-};
-
-/* bt.c */
-void bt_device_init(struct bt_device_s *dev, struct bt_scatternet_s *net);
-void bt_device_done(struct bt_device_s *dev);
-
-/* bt-hci.c */
-struct HCIInfo *bt_new_hci(struct bt_scatternet_s *net);
-
-/* bt-vhci.c */
-void bt_vhci_init(struct HCIInfo *info);
-
-/* bt-hci-csr.c */
-enum {
- csrhci_pin_reset,
- csrhci_pin_wakeup,
- __csrhci_pins,
-};
-qemu_irq *csrhci_pins_get(CharDriverState *chr);
-CharDriverState *uart_hci_init(qemu_irq wakeup);
-
-/* bt-l2cap.c */
-struct bt_l2cap_device_s;
-struct bt_l2cap_conn_params_s;
-struct bt_l2cap_psm_s;
-void bt_l2cap_device_init(struct bt_l2cap_device_s *dev,
- struct bt_scatternet_s *net);
-void bt_l2cap_device_done(struct bt_l2cap_device_s *dev);
-void bt_l2cap_psm_register(struct bt_l2cap_device_s *dev, int psm,
- int min_mtu, int (*new_channel)(struct bt_l2cap_device_s *dev,
- struct bt_l2cap_conn_params_s *params));
-
-struct bt_l2cap_device_s {
- struct bt_device_s device;
- struct bt_l2cap_psm_s *first_psm;
-};
-
-struct bt_l2cap_conn_params_s {
- /* Input */
- uint8_t *(*sdu_out)(struct bt_l2cap_conn_params_s *chan, int len);
- void (*sdu_submit)(struct bt_l2cap_conn_params_s *chan);
- int remote_mtu;
- /* Output */
- void *opaque;
- void (*sdu_in)(void *opaque, const uint8_t *data, int len);
- void (*close)(void *opaque);
-};
-
-enum bt_l2cap_psm_predef {
- BT_PSM_SDP = 0x0001,
- BT_PSM_RFCOMM = 0x0003,
- BT_PSM_TELEPHONY = 0x0005,
- BT_PSM_TCS = 0x0007,
- BT_PSM_BNEP = 0x000f,
- BT_PSM_HID_CTRL = 0x0011,
- BT_PSM_HID_INTR = 0x0013,
- BT_PSM_UPNP = 0x0015,
- BT_PSM_AVCTP = 0x0017,
- BT_PSM_AVDTP = 0x0019,
-};
-
-/* bt-sdp.c */
-void bt_l2cap_sdp_init(struct bt_l2cap_device_s *dev);
-
-/* bt-hid.c */
-struct bt_device_s *bt_mouse_init(struct bt_scatternet_s *net);
-struct bt_device_s *bt_tablet_init(struct bt_scatternet_s *net);
-struct bt_device_s *bt_keyboard_init(struct bt_scatternet_s *net);
-
-/* Link Management Protocol layer defines */
-
-#define LLID_ACLU_CONT 0x1
-#define LLID_ACLU_START 0x2
-#define LLID_ACLC 0x3
-
-enum lmp_pdu_type {
- LMP_NAME_REQ = 0x0001,
- LMP_NAME_RES = 0x0002,
- LMP_ACCEPTED = 0x0003,
- LMP_NOT_ACCEPTED = 0x0004,
- LMP_CLKOFFSET_REQ = 0x0005,
- LMP_CLKOFFSET_RES = 0x0006,
- LMP_DETACH = 0x0007,
- LMP_IN_RAND = 0x0008,
- LMP_COMB_KEY = 0x0009,
- LMP_UNIT_KEY = 0x000a,
- LMP_AU_RAND = 0x000b,
- LMP_SRES = 0x000c,
- LMP_TEMP_RAND = 0x000d,
- LMP_TEMP_KEY = 0x000e,
- LMP_CRYPT_MODE_REQ = 0x000f,
- LMP_CRYPT_KEY_SIZE_REQ = 0x0010,
- LMP_START_ENCRYPT_REQ = 0x0011,
- LMP_STOP_ENCRYPT_REQ = 0x0012,
- LMP_SWITCH_REQ = 0x0013,
- LMP_HOLD = 0x0014,
- LMP_HOLD_REQ = 0x0015,
- LMP_SNIFF_REQ = 0x0017,
- LMP_UNSNIFF_REQ = 0x0018,
- LMP_LMP_PARK_REQ = 0x0019,
- LMP_SET_BCAST_SCAN_WND = 0x001b,
- LMP_MODIFY_BEACON = 0x001c,
- LMP_UNPARK_BD_ADDR_REQ = 0x001d,
- LMP_UNPARK_PM_ADDR_REQ = 0x001e,
- LMP_INCR_POWER_REQ = 0x001f,
- LMP_DECR_POWER_REQ = 0x0020,
- LMP_MAX_POWER = 0x0021,
- LMP_MIN_POWER = 0x0022,
- LMP_AUTO_RATE = 0x0023,
- LMP_PREFERRED_RATE = 0x0024,
- LMP_VERSION_REQ = 0x0025,
- LMP_VERSION_RES = 0x0026,
- LMP_FEATURES_REQ = 0x0027,
- LMP_FEATURES_RES = 0x0028,
- LMP_QUALITY_OF_SERVICE = 0x0029,
- LMP_QOS_REQ = 0x002a,
- LMP_RM_SCO_LINK_REQ = 0x002b,
- LMP_SCO_LINK_REQ = 0x002c,
- LMP_MAX_SLOT = 0x002d,
- LMP_MAX_SLOT_REQ = 0x002e,
- LMP_TIMING_ACCURACY_REQ = 0x002f,
- LMP_TIMING_ACCURACY_RES = 0x0030,
- LMP_SETUP_COMPLETE = 0x0031,
- LMP_USE_SEMIPERM_KEY = 0x0032,
- LMP_HOST_CONNECTION_REQ = 0x0033,
- LMP_SLOT_OFFSET = 0x0034,
- LMP_PAGE_MODE_REQ = 0x0035,
- LMP_PAGE_SCAN_MODE_REQ = 0x0036,
- LMP_SUPERVISION_TIMEOUT = 0x0037,
- LMP_TEST_ACTIVATE = 0x0038,
- LMP_TEST_CONTROL = 0x0039,
- LMP_CRYPT_KEY_MASK_REQ = 0x003a,
- LMP_CRYPT_KEY_MASK_RES = 0x003b,
- LMP_SET_AFH = 0x003c,
- LMP_ACCEPTED_EXT = 0x7f01,
- LMP_NOT_ACCEPTED_EXT = 0x7f02,
- LMP_FEATURES_REQ_EXT = 0x7f03,
- LMP_FEATURES_RES_EXT = 0x7f04,
- LMP_PACKET_TYPE_TBL_REQ = 0x7f0b,
- LMP_ESCO_LINK_REQ = 0x7f0c,
- LMP_RM_ESCO_LINK_REQ = 0x7f0d,
- LMP_CHANNEL_CLASS_REQ = 0x7f10,
- LMP_CHANNEL_CLASS = 0x7f11,
-};
-
-/* Host Controller Interface layer defines */
-
-enum hci_packet_type {
- HCI_COMMAND_PKT = 0x01,
- HCI_ACLDATA_PKT = 0x02,
- HCI_SCODATA_PKT = 0x03,
- HCI_EVENT_PKT = 0x04,
- HCI_VENDOR_PKT = 0xff,
-};
-
-enum bt_packet_type {
- HCI_2DH1 = 1 << 1,
- HCI_3DH1 = 1 << 2,
- HCI_DM1 = 1 << 3,
- HCI_DH1 = 1 << 4,
- HCI_2DH3 = 1 << 8,
- HCI_3DH3 = 1 << 9,
- HCI_DM3 = 1 << 10,
- HCI_DH3 = 1 << 11,
- HCI_2DH5 = 1 << 12,
- HCI_3DH5 = 1 << 13,
- HCI_DM5 = 1 << 14,
- HCI_DH5 = 1 << 15,
-};
-
-enum sco_packet_type {
- HCI_HV1 = 1 << 5,
- HCI_HV2 = 1 << 6,
- HCI_HV3 = 1 << 7,
-};
-
-enum ev_packet_type {
- HCI_EV3 = 1 << 3,
- HCI_EV4 = 1 << 4,
- HCI_EV5 = 1 << 5,
- HCI_2EV3 = 1 << 6,
- HCI_3EV3 = 1 << 7,
- HCI_2EV5 = 1 << 8,
- HCI_3EV5 = 1 << 9,
-};
-
-enum hci_error_code {
- HCI_SUCCESS = 0x00,
- HCI_UNKNOWN_COMMAND = 0x01,
- HCI_NO_CONNECTION = 0x02,
- HCI_HARDWARE_FAILURE = 0x03,
- HCI_PAGE_TIMEOUT = 0x04,
- HCI_AUTHENTICATION_FAILURE = 0x05,
- HCI_PIN_OR_KEY_MISSING = 0x06,
- HCI_MEMORY_FULL = 0x07,
- HCI_CONNECTION_TIMEOUT = 0x08,
- HCI_MAX_NUMBER_OF_CONNECTIONS = 0x09,
- HCI_MAX_NUMBER_OF_SCO_CONNECTIONS = 0x0a,
- HCI_ACL_CONNECTION_EXISTS = 0x0b,
- HCI_COMMAND_DISALLOWED = 0x0c,
- HCI_REJECTED_LIMITED_RESOURCES = 0x0d,
- HCI_REJECTED_SECURITY = 0x0e,
- HCI_REJECTED_PERSONAL = 0x0f,
- HCI_HOST_TIMEOUT = 0x10,
- HCI_UNSUPPORTED_FEATURE = 0x11,
- HCI_INVALID_PARAMETERS = 0x12,
- HCI_OE_USER_ENDED_CONNECTION = 0x13,
- HCI_OE_LOW_RESOURCES = 0x14,
- HCI_OE_POWER_OFF = 0x15,
- HCI_CONNECTION_TERMINATED = 0x16,
- HCI_REPEATED_ATTEMPTS = 0x17,
- HCI_PAIRING_NOT_ALLOWED = 0x18,
- HCI_UNKNOWN_LMP_PDU = 0x19,
- HCI_UNSUPPORTED_REMOTE_FEATURE = 0x1a,
- HCI_SCO_OFFSET_REJECTED = 0x1b,
- HCI_SCO_INTERVAL_REJECTED = 0x1c,
- HCI_AIR_MODE_REJECTED = 0x1d,
- HCI_INVALID_LMP_PARAMETERS = 0x1e,
- HCI_UNSPECIFIED_ERROR = 0x1f,
- HCI_UNSUPPORTED_LMP_PARAMETER_VALUE = 0x20,
- HCI_ROLE_CHANGE_NOT_ALLOWED = 0x21,
- HCI_LMP_RESPONSE_TIMEOUT = 0x22,
- HCI_LMP_ERROR_TRANSACTION_COLLISION = 0x23,
- HCI_LMP_PDU_NOT_ALLOWED = 0x24,
- HCI_ENCRYPTION_MODE_NOT_ACCEPTED = 0x25,
- HCI_UNIT_LINK_KEY_USED = 0x26,
- HCI_QOS_NOT_SUPPORTED = 0x27,
- HCI_INSTANT_PASSED = 0x28,
- HCI_PAIRING_NOT_SUPPORTED = 0x29,
- HCI_TRANSACTION_COLLISION = 0x2a,
- HCI_QOS_UNACCEPTABLE_PARAMETER = 0x2c,
- HCI_QOS_REJECTED = 0x2d,
- HCI_CLASSIFICATION_NOT_SUPPORTED = 0x2e,
- HCI_INSUFFICIENT_SECURITY = 0x2f,
- HCI_PARAMETER_OUT_OF_RANGE = 0x30,
- HCI_ROLE_SWITCH_PENDING = 0x32,
- HCI_SLOT_VIOLATION = 0x34,
- HCI_ROLE_SWITCH_FAILED = 0x35,
-};
-
-enum acl_flag_bits {
- ACL_CONT = 1 << 0,
- ACL_START = 1 << 1,
- ACL_ACTIVE_BCAST = 1 << 2,
- ACL_PICO_BCAST = 1 << 3,
-};
-
-enum baseband_link_type {
- SCO_LINK = 0x00,
- ACL_LINK = 0x01,
-};
-
-enum lmp_feature_bits0 {
- LMP_3SLOT = 1 << 0,
- LMP_5SLOT = 1 << 1,
- LMP_ENCRYPT = 1 << 2,
- LMP_SOFFSET = 1 << 3,
- LMP_TACCURACY = 1 << 4,
- LMP_RSWITCH = 1 << 5,
- LMP_HOLD_MODE = 1 << 6,
- LMP_SNIFF_MODE = 1 << 7,
-};
-
-enum lmp_feature_bits1 {
- LMP_PARK = 1 << 0,
- LMP_RSSI = 1 << 1,
- LMP_QUALITY = 1 << 2,
- LMP_SCO = 1 << 3,
- LMP_HV2 = 1 << 4,
- LMP_HV3 = 1 << 5,
- LMP_ULAW = 1 << 6,
- LMP_ALAW = 1 << 7,
-};
-
-enum lmp_feature_bits2 {
- LMP_CVSD = 1 << 0,
- LMP_PSCHEME = 1 << 1,
- LMP_PCONTROL = 1 << 2,
- LMP_TRSP_SCO = 1 << 3,
- LMP_BCAST_ENC = 1 << 7,
-};
-
-enum lmp_feature_bits3 {
- LMP_EDR_ACL_2M = 1 << 1,
- LMP_EDR_ACL_3M = 1 << 2,
- LMP_ENH_ISCAN = 1 << 3,
- LMP_ILACE_ISCAN = 1 << 4,
- LMP_ILACE_PSCAN = 1 << 5,
- LMP_RSSI_INQ = 1 << 6,
- LMP_ESCO = 1 << 7,
-};
-
-enum lmp_feature_bits4 {
- LMP_EV4 = 1 << 0,
- LMP_EV5 = 1 << 1,
- LMP_AFH_CAP_SLV = 1 << 3,
- LMP_AFH_CLS_SLV = 1 << 4,
- LMP_EDR_3SLOT = 1 << 7,
-};
-
-enum lmp_feature_bits5 {
- LMP_EDR_5SLOT = 1 << 0,
- LMP_SNIFF_SUBR = 1 << 1,
- LMP_AFH_CAP_MST = 1 << 3,
- LMP_AFH_CLS_MST = 1 << 4,
- LMP_EDR_ESCO_2M = 1 << 5,
- LMP_EDR_ESCO_3M = 1 << 6,
- LMP_EDR_3S_ESCO = 1 << 7,
-};
-
-enum lmp_feature_bits6 {
- LMP_EXT_INQ = 1 << 0,
-};
-
-enum lmp_feature_bits7 {
- LMP_EXT_FEAT = 1 << 7,
-};
-
-enum hci_link_policy {
- HCI_LP_RSWITCH = 1 << 0,
- HCI_LP_HOLD = 1 << 1,
- HCI_LP_SNIFF = 1 << 2,
- HCI_LP_PARK = 1 << 3,
-};
-
-enum hci_link_mode {
- HCI_LM_ACCEPT = 1 << 15,
- HCI_LM_MASTER = 1 << 0,
- HCI_LM_AUTH = 1 << 1,
- HCI_LM_ENCRYPT = 1 << 2,
- HCI_LM_TRUSTED = 1 << 3,
- HCI_LM_RELIABLE = 1 << 4,
- HCI_LM_SECURE = 1 << 5,
-};
-
-/* HCI Commands */
-
-/* Link Control */
-#define OGF_LINK_CTL 0x01
-
-#define OCF_INQUIRY 0x0001
-typedef struct {
- uint8_t lap[3];
- uint8_t length; /* 1.28s units */
- uint8_t num_rsp;
-} QEMU_PACKED inquiry_cp;
-#define INQUIRY_CP_SIZE 5
-
-typedef struct {
- uint8_t status;
- bdaddr_t bdaddr;
-} QEMU_PACKED status_bdaddr_rp;
-#define STATUS_BDADDR_RP_SIZE 7
-
-#define OCF_INQUIRY_CANCEL 0x0002
-
-#define OCF_PERIODIC_INQUIRY 0x0003
-typedef struct {
- uint16_t max_period; /* 1.28s units */
- uint16_t min_period; /* 1.28s units */
- uint8_t lap[3];
- uint8_t length; /* 1.28s units */
- uint8_t num_rsp;
-} QEMU_PACKED periodic_inquiry_cp;
-#define PERIODIC_INQUIRY_CP_SIZE 9
-
-#define OCF_EXIT_PERIODIC_INQUIRY 0x0004
-
-#define OCF_CREATE_CONN 0x0005
-typedef struct {
- bdaddr_t bdaddr;
- uint16_t pkt_type;
- uint8_t pscan_rep_mode;
- uint8_t pscan_mode;
- uint16_t clock_offset;
- uint8_t role_switch;
-} QEMU_PACKED create_conn_cp;
-#define CREATE_CONN_CP_SIZE 13
-
-#define OCF_DISCONNECT 0x0006
-typedef struct {
- uint16_t handle;
- uint8_t reason;
-} QEMU_PACKED disconnect_cp;
-#define DISCONNECT_CP_SIZE 3
-
-#define OCF_ADD_SCO 0x0007
-typedef struct {
- uint16_t handle;
- uint16_t pkt_type;
-} QEMU_PACKED add_sco_cp;
-#define ADD_SCO_CP_SIZE 4
-
-#define OCF_CREATE_CONN_CANCEL 0x0008
-typedef struct {
- uint8_t status;
- bdaddr_t bdaddr;
-} QEMU_PACKED create_conn_cancel_cp;
-#define CREATE_CONN_CANCEL_CP_SIZE 6
-
-typedef struct {
- uint8_t status;
- bdaddr_t bdaddr;
-} QEMU_PACKED create_conn_cancel_rp;
-#define CREATE_CONN_CANCEL_RP_SIZE 7
-
-#define OCF_ACCEPT_CONN_REQ 0x0009
-typedef struct {
- bdaddr_t bdaddr;
- uint8_t role;
-} QEMU_PACKED accept_conn_req_cp;
-#define ACCEPT_CONN_REQ_CP_SIZE 7
-
-#define OCF_REJECT_CONN_REQ 0x000A
-typedef struct {
- bdaddr_t bdaddr;
- uint8_t reason;
-} QEMU_PACKED reject_conn_req_cp;
-#define REJECT_CONN_REQ_CP_SIZE 7
-
-#define OCF_LINK_KEY_REPLY 0x000B
-typedef struct {
- bdaddr_t bdaddr;
- uint8_t link_key[16];
-} QEMU_PACKED link_key_reply_cp;
-#define LINK_KEY_REPLY_CP_SIZE 22
-
-#define OCF_LINK_KEY_NEG_REPLY 0x000C
-
-#define OCF_PIN_CODE_REPLY 0x000D
-typedef struct {
- bdaddr_t bdaddr;
- uint8_t pin_len;
- uint8_t pin_code[16];
-} QEMU_PACKED pin_code_reply_cp;
-#define PIN_CODE_REPLY_CP_SIZE 23
-
-#define OCF_PIN_CODE_NEG_REPLY 0x000E
-
-#define OCF_SET_CONN_PTYPE 0x000F
-typedef struct {
- uint16_t handle;
- uint16_t pkt_type;
-} QEMU_PACKED set_conn_ptype_cp;
-#define SET_CONN_PTYPE_CP_SIZE 4
-
-#define OCF_AUTH_REQUESTED 0x0011
-typedef struct {
- uint16_t handle;
-} QEMU_PACKED auth_requested_cp;
-#define AUTH_REQUESTED_CP_SIZE 2
-
-#define OCF_SET_CONN_ENCRYPT 0x0013
-typedef struct {
- uint16_t handle;
- uint8_t encrypt;
-} QEMU_PACKED set_conn_encrypt_cp;
-#define SET_CONN_ENCRYPT_CP_SIZE 3
-
-#define OCF_CHANGE_CONN_LINK_KEY 0x0015
-typedef struct {
- uint16_t handle;
-} QEMU_PACKED change_conn_link_key_cp;
-#define CHANGE_CONN_LINK_KEY_CP_SIZE 2
-
-#define OCF_MASTER_LINK_KEY 0x0017
-typedef struct {
- uint8_t key_flag;
-} QEMU_PACKED master_link_key_cp;
-#define MASTER_LINK_KEY_CP_SIZE 1
-
-#define OCF_REMOTE_NAME_REQ 0x0019
-typedef struct {
- bdaddr_t bdaddr;
- uint8_t pscan_rep_mode;
- uint8_t pscan_mode;
- uint16_t clock_offset;
-} QEMU_PACKED remote_name_req_cp;
-#define REMOTE_NAME_REQ_CP_SIZE 10
-
-#define OCF_REMOTE_NAME_REQ_CANCEL 0x001A
-typedef struct {
- bdaddr_t bdaddr;
-} QEMU_PACKED remote_name_req_cancel_cp;
-#define REMOTE_NAME_REQ_CANCEL_CP_SIZE 6
-
-typedef struct {
- uint8_t status;
- bdaddr_t bdaddr;
-} QEMU_PACKED remote_name_req_cancel_rp;
-#define REMOTE_NAME_REQ_CANCEL_RP_SIZE 7
-
-#define OCF_READ_REMOTE_FEATURES 0x001B
-typedef struct {
- uint16_t handle;
-} QEMU_PACKED read_remote_features_cp;
-#define READ_REMOTE_FEATURES_CP_SIZE 2
-
-#define OCF_READ_REMOTE_EXT_FEATURES 0x001C
-typedef struct {
- uint16_t handle;
- uint8_t page_num;
-} QEMU_PACKED read_remote_ext_features_cp;
-#define READ_REMOTE_EXT_FEATURES_CP_SIZE 3
-
-#define OCF_READ_REMOTE_VERSION 0x001D
-typedef struct {
- uint16_t handle;
-} QEMU_PACKED read_remote_version_cp;
-#define READ_REMOTE_VERSION_CP_SIZE 2
-
-#define OCF_READ_CLOCK_OFFSET 0x001F
-typedef struct {
- uint16_t handle;
-} QEMU_PACKED read_clock_offset_cp;
-#define READ_CLOCK_OFFSET_CP_SIZE 2
-
-#define OCF_READ_LMP_HANDLE 0x0020
-typedef struct {
- uint16_t handle;
-} QEMU_PACKED read_lmp_handle_cp;
-#define READ_LMP_HANDLE_CP_SIZE 2
-
-typedef struct {
- uint8_t status;
- uint16_t handle;
- uint8_t lmp_handle;
- uint32_t reserved;
-} QEMU_PACKED read_lmp_handle_rp;
-#define READ_LMP_HANDLE_RP_SIZE 8
-
-#define OCF_SETUP_SYNC_CONN 0x0028
-typedef struct {
- uint16_t handle;
- uint32_t tx_bandwith;
- uint32_t rx_bandwith;
- uint16_t max_latency;
- uint16_t voice_setting;
- uint8_t retrans_effort;
- uint16_t pkt_type;
-} QEMU_PACKED setup_sync_conn_cp;
-#define SETUP_SYNC_CONN_CP_SIZE 17
-
-#define OCF_ACCEPT_SYNC_CONN_REQ 0x0029
-typedef struct {
- bdaddr_t bdaddr;
- uint32_t tx_bandwith;
- uint32_t rx_bandwith;
- uint16_t max_latency;
- uint16_t voice_setting;
- uint8_t retrans_effort;
- uint16_t pkt_type;
-} QEMU_PACKED accept_sync_conn_req_cp;
-#define ACCEPT_SYNC_CONN_REQ_CP_SIZE 21
-
-#define OCF_REJECT_SYNC_CONN_REQ 0x002A
-typedef struct {
- bdaddr_t bdaddr;
- uint8_t reason;
-} QEMU_PACKED reject_sync_conn_req_cp;
-#define REJECT_SYNC_CONN_REQ_CP_SIZE 7
-
-/* Link Policy */
-#define OGF_LINK_POLICY 0x02
-
-#define OCF_HOLD_MODE 0x0001
-typedef struct {
- uint16_t handle;
- uint16_t max_interval;
- uint16_t min_interval;
-} QEMU_PACKED hold_mode_cp;
-#define HOLD_MODE_CP_SIZE 6
-
-#define OCF_SNIFF_MODE 0x0003
-typedef struct {
- uint16_t handle;
- uint16_t max_interval;
- uint16_t min_interval;
- uint16_t attempt;
- uint16_t timeout;
-} QEMU_PACKED sniff_mode_cp;
-#define SNIFF_MODE_CP_SIZE 10
-
-#define OCF_EXIT_SNIFF_MODE 0x0004
-typedef struct {
- uint16_t handle;
-} QEMU_PACKED exit_sniff_mode_cp;
-#define EXIT_SNIFF_MODE_CP_SIZE 2
-
-#define OCF_PARK_MODE 0x0005
-typedef struct {
- uint16_t handle;
- uint16_t max_interval;
- uint16_t min_interval;
-} QEMU_PACKED park_mode_cp;
-#define PARK_MODE_CP_SIZE 6
-
-#define OCF_EXIT_PARK_MODE 0x0006
-typedef struct {
- uint16_t handle;
-} QEMU_PACKED exit_park_mode_cp;
-#define EXIT_PARK_MODE_CP_SIZE 2
-
-#define OCF_QOS_SETUP 0x0007
-typedef struct {
- uint8_t service_type; /* 1 = best effort */
- uint32_t token_rate; /* Byte per seconds */
- uint32_t peak_bandwidth; /* Byte per seconds */
- uint32_t latency; /* Microseconds */
- uint32_t delay_variation; /* Microseconds */
-} QEMU_PACKED hci_qos;
-#define HCI_QOS_CP_SIZE 17
-typedef struct {
- uint16_t handle;
- uint8_t flags; /* Reserved */
- hci_qos qos;
-} QEMU_PACKED qos_setup_cp;
-#define QOS_SETUP_CP_SIZE (3 + HCI_QOS_CP_SIZE)
-
-#define OCF_ROLE_DISCOVERY 0x0009
-typedef struct {
- uint16_t handle;
-} QEMU_PACKED role_discovery_cp;
-#define ROLE_DISCOVERY_CP_SIZE 2
-typedef struct {
- uint8_t status;
- uint16_t handle;
- uint8_t role;
-} QEMU_PACKED role_discovery_rp;
-#define ROLE_DISCOVERY_RP_SIZE 4
-
-#define OCF_SWITCH_ROLE 0x000B
-typedef struct {
- bdaddr_t bdaddr;
- uint8_t role;
-} QEMU_PACKED switch_role_cp;
-#define SWITCH_ROLE_CP_SIZE 7
-
-#define OCF_READ_LINK_POLICY 0x000C
-typedef struct {
- uint16_t handle;
-} QEMU_PACKED read_link_policy_cp;
-#define READ_LINK_POLICY_CP_SIZE 2
-typedef struct {
- uint8_t status;
- uint16_t handle;
- uint16_t policy;
-} QEMU_PACKED read_link_policy_rp;
-#define READ_LINK_POLICY_RP_SIZE 5
-
-#define OCF_WRITE_LINK_POLICY 0x000D
-typedef struct {
- uint16_t handle;
- uint16_t policy;
-} QEMU_PACKED write_link_policy_cp;
-#define WRITE_LINK_POLICY_CP_SIZE 4
-typedef struct {
- uint8_t status;
- uint16_t handle;
-} QEMU_PACKED write_link_policy_rp;
-#define WRITE_LINK_POLICY_RP_SIZE 3
-
-#define OCF_READ_DEFAULT_LINK_POLICY 0x000E
-
-#define OCF_WRITE_DEFAULT_LINK_POLICY 0x000F
-
-#define OCF_FLOW_SPECIFICATION 0x0010
-
-#define OCF_SNIFF_SUBRATE 0x0011
-typedef struct {
- uint16_t handle;
- uint16_t max_remote_latency;
- uint16_t max_local_latency;
- uint16_t min_remote_timeout;
- uint16_t min_local_timeout;
-} QEMU_PACKED sniff_subrate_cp;
-#define SNIFF_SUBRATE_CP_SIZE 10
-
-/* Host Controller and Baseband */
-#define OGF_HOST_CTL 0x03
-
-#define OCF_SET_EVENT_MASK 0x0001
-typedef struct {
- uint8_t mask[8];
-} QEMU_PACKED set_event_mask_cp;
-#define SET_EVENT_MASK_CP_SIZE 8
-
-#define OCF_RESET 0x0003
-
-#define OCF_SET_EVENT_FLT 0x0005
-typedef struct {
- uint8_t flt_type;
- uint8_t cond_type;
- uint8_t condition[0];
-} QEMU_PACKED set_event_flt_cp;
-#define SET_EVENT_FLT_CP_SIZE 2
-
-enum bt_filter_type {
- FLT_CLEAR_ALL = 0x00,
- FLT_INQ_RESULT = 0x01,
- FLT_CONN_SETUP = 0x02,
-};
-enum inq_result_cond_type {
- INQ_RESULT_RETURN_ALL = 0x00,
- INQ_RESULT_RETURN_CLASS = 0x01,
- INQ_RESULT_RETURN_BDADDR = 0x02,
-};
-enum conn_setup_cond_type {
- CONN_SETUP_ALLOW_ALL = 0x00,
- CONN_SETUP_ALLOW_CLASS = 0x01,
- CONN_SETUP_ALLOW_BDADDR = 0x02,
-};
-enum conn_setup_cond {
- CONN_SETUP_AUTO_OFF = 0x01,
- CONN_SETUP_AUTO_ON = 0x02,
-};
-
-#define OCF_FLUSH 0x0008
-typedef struct {
- uint16_t handle;
-} QEMU_PACKED flush_cp;
-#define FLUSH_CP_SIZE 2
-
-typedef struct {
- uint8_t status;
- uint16_t handle;
-} QEMU_PACKED flush_rp;
-#define FLUSH_RP_SIZE 3
-
-#define OCF_READ_PIN_TYPE 0x0009
-typedef struct {
- uint8_t status;
- uint8_t pin_type;
-} QEMU_PACKED read_pin_type_rp;
-#define READ_PIN_TYPE_RP_SIZE 2
-
-#define OCF_WRITE_PIN_TYPE 0x000A
-typedef struct {
- uint8_t pin_type;
-} QEMU_PACKED write_pin_type_cp;
-#define WRITE_PIN_TYPE_CP_SIZE 1
-
-#define OCF_CREATE_NEW_UNIT_KEY 0x000B
-
-#define OCF_READ_STORED_LINK_KEY 0x000D
-typedef struct {
- bdaddr_t bdaddr;
- uint8_t read_all;
-} QEMU_PACKED read_stored_link_key_cp;
-#define READ_STORED_LINK_KEY_CP_SIZE 7
-typedef struct {
- uint8_t status;
- uint16_t max_keys;
- uint16_t num_keys;
-} QEMU_PACKED read_stored_link_key_rp;
-#define READ_STORED_LINK_KEY_RP_SIZE 5
-
-#define OCF_WRITE_STORED_LINK_KEY 0x0011
-typedef struct {
- uint8_t num_keys;
- /* variable length part */
-} QEMU_PACKED write_stored_link_key_cp;
-#define WRITE_STORED_LINK_KEY_CP_SIZE 1
-typedef struct {
- uint8_t status;
- uint8_t num_keys;
-} QEMU_PACKED write_stored_link_key_rp;
-#define READ_WRITE_LINK_KEY_RP_SIZE 2
-
-#define OCF_DELETE_STORED_LINK_KEY 0x0012
-typedef struct {
- bdaddr_t bdaddr;
- uint8_t delete_all;
-} QEMU_PACKED delete_stored_link_key_cp;
-#define DELETE_STORED_LINK_KEY_CP_SIZE 7
-typedef struct {
- uint8_t status;
- uint16_t num_keys;
-} QEMU_PACKED delete_stored_link_key_rp;
-#define DELETE_STORED_LINK_KEY_RP_SIZE 3
-
-#define OCF_CHANGE_LOCAL_NAME 0x0013
-typedef struct {
- char name[248];
-} QEMU_PACKED change_local_name_cp;
-#define CHANGE_LOCAL_NAME_CP_SIZE 248
-
-#define OCF_READ_LOCAL_NAME 0x0014
-typedef struct {
- uint8_t status;
- char name[248];
-} QEMU_PACKED read_local_name_rp;
-#define READ_LOCAL_NAME_RP_SIZE 249
-
-#define OCF_READ_CONN_ACCEPT_TIMEOUT 0x0015
-typedef struct {
- uint8_t status;
- uint16_t timeout;
-} QEMU_PACKED read_conn_accept_timeout_rp;
-#define READ_CONN_ACCEPT_TIMEOUT_RP_SIZE 3
-
-#define OCF_WRITE_CONN_ACCEPT_TIMEOUT 0x0016
-typedef struct {
- uint16_t timeout;
-} QEMU_PACKED write_conn_accept_timeout_cp;
-#define WRITE_CONN_ACCEPT_TIMEOUT_CP_SIZE 2
-
-#define OCF_READ_PAGE_TIMEOUT 0x0017
-typedef struct {
- uint8_t status;
- uint16_t timeout;
-} QEMU_PACKED read_page_timeout_rp;
-#define READ_PAGE_TIMEOUT_RP_SIZE 3
-
-#define OCF_WRITE_PAGE_TIMEOUT 0x0018
-typedef struct {
- uint16_t timeout;
-} QEMU_PACKED write_page_timeout_cp;
-#define WRITE_PAGE_TIMEOUT_CP_SIZE 2
-
-#define OCF_READ_SCAN_ENABLE 0x0019
-typedef struct {
- uint8_t status;
- uint8_t enable;
-} QEMU_PACKED read_scan_enable_rp;
-#define READ_SCAN_ENABLE_RP_SIZE 2
-
-#define OCF_WRITE_SCAN_ENABLE 0x001A
-typedef struct {
- uint8_t scan_enable;
-} QEMU_PACKED write_scan_enable_cp;
-#define WRITE_SCAN_ENABLE_CP_SIZE 1
-
-enum scan_enable_bits {
- SCAN_DISABLED = 0,
- SCAN_INQUIRY = 1 << 0,
- SCAN_PAGE = 1 << 1,
-};
-
-#define OCF_READ_PAGE_ACTIVITY 0x001B
-typedef struct {
- uint8_t status;
- uint16_t interval;
- uint16_t window;
-} QEMU_PACKED read_page_activity_rp;
-#define READ_PAGE_ACTIVITY_RP_SIZE 5
-
-#define OCF_WRITE_PAGE_ACTIVITY 0x001C
-typedef struct {
- uint16_t interval;
- uint16_t window;
-} QEMU_PACKED write_page_activity_cp;
-#define WRITE_PAGE_ACTIVITY_CP_SIZE 4
-
-#define OCF_READ_INQ_ACTIVITY 0x001D
-typedef struct {
- uint8_t status;
- uint16_t interval;
- uint16_t window;
-} QEMU_PACKED read_inq_activity_rp;
-#define READ_INQ_ACTIVITY_RP_SIZE 5
-
-#define OCF_WRITE_INQ_ACTIVITY 0x001E
-typedef struct {
- uint16_t interval;
- uint16_t window;
-} QEMU_PACKED write_inq_activity_cp;
-#define WRITE_INQ_ACTIVITY_CP_SIZE 4
-
-#define OCF_READ_AUTH_ENABLE 0x001F
-
-#define OCF_WRITE_AUTH_ENABLE 0x0020
-
-#define AUTH_DISABLED 0x00
-#define AUTH_ENABLED 0x01
-
-#define OCF_READ_ENCRYPT_MODE 0x0021
-
-#define OCF_WRITE_ENCRYPT_MODE 0x0022
-
-#define ENCRYPT_DISABLED 0x00
-#define ENCRYPT_P2P 0x01
-#define ENCRYPT_BOTH 0x02
-
-#define OCF_READ_CLASS_OF_DEV 0x0023
-typedef struct {
- uint8_t status;
- uint8_t dev_class[3];
-} QEMU_PACKED read_class_of_dev_rp;
-#define READ_CLASS_OF_DEV_RP_SIZE 4
-
-#define OCF_WRITE_CLASS_OF_DEV 0x0024
-typedef struct {
- uint8_t dev_class[3];
-} QEMU_PACKED write_class_of_dev_cp;
-#define WRITE_CLASS_OF_DEV_CP_SIZE 3
-
-#define OCF_READ_VOICE_SETTING 0x0025
-typedef struct {
- uint8_t status;
- uint16_t voice_setting;
-} QEMU_PACKED read_voice_setting_rp;
-#define READ_VOICE_SETTING_RP_SIZE 3
-
-#define OCF_WRITE_VOICE_SETTING 0x0026
-typedef struct {
- uint16_t voice_setting;
-} QEMU_PACKED write_voice_setting_cp;
-#define WRITE_VOICE_SETTING_CP_SIZE 2
-
-#define OCF_READ_AUTOMATIC_FLUSH_TIMEOUT 0x0027
-
-#define OCF_WRITE_AUTOMATIC_FLUSH_TIMEOUT 0x0028
-
-#define OCF_READ_NUM_BROADCAST_RETRANS 0x0029
-
-#define OCF_WRITE_NUM_BROADCAST_RETRANS 0x002A
-
-#define OCF_READ_HOLD_MODE_ACTIVITY 0x002B
-
-#define OCF_WRITE_HOLD_MODE_ACTIVITY 0x002C
-
-#define OCF_READ_TRANSMIT_POWER_LEVEL 0x002D
-typedef struct {
- uint16_t handle;
- uint8_t type;
-} QEMU_PACKED read_transmit_power_level_cp;
-#define READ_TRANSMIT_POWER_LEVEL_CP_SIZE 3
-typedef struct {
- uint8_t status;
- uint16_t handle;
- int8_t level;
-} QEMU_PACKED read_transmit_power_level_rp;
-#define READ_TRANSMIT_POWER_LEVEL_RP_SIZE 4
-
-#define OCF_HOST_BUFFER_SIZE 0x0033
-typedef struct {
- uint16_t acl_mtu;
- uint8_t sco_mtu;
- uint16_t acl_max_pkt;
- uint16_t sco_max_pkt;
-} QEMU_PACKED host_buffer_size_cp;
-#define HOST_BUFFER_SIZE_CP_SIZE 7
-
-#define OCF_HOST_NUMBER_OF_COMPLETED_PACKETS 0x0035
-
-#define OCF_READ_LINK_SUPERVISION_TIMEOUT 0x0036
-typedef struct {
- uint8_t status;
- uint16_t handle;
- uint16_t link_sup_to;
-} QEMU_PACKED read_link_supervision_timeout_rp;
-#define READ_LINK_SUPERVISION_TIMEOUT_RP_SIZE 5
-
-#define OCF_WRITE_LINK_SUPERVISION_TIMEOUT 0x0037
-typedef struct {
- uint16_t handle;
- uint16_t link_sup_to;
-} QEMU_PACKED write_link_supervision_timeout_cp;
-#define WRITE_LINK_SUPERVISION_TIMEOUT_CP_SIZE 4
-typedef struct {
- uint8_t status;
- uint16_t handle;
-} QEMU_PACKED write_link_supervision_timeout_rp;
-#define WRITE_LINK_SUPERVISION_TIMEOUT_RP_SIZE 3
-
-#define OCF_READ_NUM_SUPPORTED_IAC 0x0038
-
-#define MAX_IAC_LAP 0x40
-#define OCF_READ_CURRENT_IAC_LAP 0x0039
-typedef struct {
- uint8_t status;
- uint8_t num_current_iac;
- uint8_t lap[MAX_IAC_LAP][3];
-} QEMU_PACKED read_current_iac_lap_rp;
-#define READ_CURRENT_IAC_LAP_RP_SIZE 2+3*MAX_IAC_LAP
-
-#define OCF_WRITE_CURRENT_IAC_LAP 0x003A
-typedef struct {
- uint8_t num_current_iac;
- uint8_t lap[MAX_IAC_LAP][3];
-} QEMU_PACKED write_current_iac_lap_cp;
-#define WRITE_CURRENT_IAC_LAP_CP_SIZE 1+3*MAX_IAC_LAP
-
-#define OCF_READ_PAGE_SCAN_PERIOD_MODE 0x003B
-
-#define OCF_WRITE_PAGE_SCAN_PERIOD_MODE 0x003C
-
-#define OCF_READ_PAGE_SCAN_MODE 0x003D
-
-#define OCF_WRITE_PAGE_SCAN_MODE 0x003E
-
-#define OCF_SET_AFH_CLASSIFICATION 0x003F
-typedef struct {
- uint8_t map[10];
-} QEMU_PACKED set_afh_classification_cp;
-#define SET_AFH_CLASSIFICATION_CP_SIZE 10
-typedef struct {
- uint8_t status;
-} QEMU_PACKED set_afh_classification_rp;
-#define SET_AFH_CLASSIFICATION_RP_SIZE 1
-
-#define OCF_READ_INQUIRY_SCAN_TYPE 0x0042
-typedef struct {
- uint8_t status;
- uint8_t type;
-} QEMU_PACKED read_inquiry_scan_type_rp;
-#define READ_INQUIRY_SCAN_TYPE_RP_SIZE 2
-
-#define OCF_WRITE_INQUIRY_SCAN_TYPE 0x0043
-typedef struct {
- uint8_t type;
-} QEMU_PACKED write_inquiry_scan_type_cp;
-#define WRITE_INQUIRY_SCAN_TYPE_CP_SIZE 1
-typedef struct {
- uint8_t status;
-} QEMU_PACKED write_inquiry_scan_type_rp;
-#define WRITE_INQUIRY_SCAN_TYPE_RP_SIZE 1
-
-#define OCF_READ_INQUIRY_MODE 0x0044
-typedef struct {
- uint8_t status;
- uint8_t mode;
-} QEMU_PACKED read_inquiry_mode_rp;
-#define READ_INQUIRY_MODE_RP_SIZE 2
-
-#define OCF_WRITE_INQUIRY_MODE 0x0045
-typedef struct {
- uint8_t mode;
-} QEMU_PACKED write_inquiry_mode_cp;
-#define WRITE_INQUIRY_MODE_CP_SIZE 1
-typedef struct {
- uint8_t status;
-} QEMU_PACKED write_inquiry_mode_rp;
-#define WRITE_INQUIRY_MODE_RP_SIZE 1
-
-#define OCF_READ_PAGE_SCAN_TYPE 0x0046
-
-#define OCF_WRITE_PAGE_SCAN_TYPE 0x0047
-
-#define OCF_READ_AFH_MODE 0x0048
-typedef struct {
- uint8_t status;
- uint8_t mode;
-} QEMU_PACKED read_afh_mode_rp;
-#define READ_AFH_MODE_RP_SIZE 2
-
-#define OCF_WRITE_AFH_MODE 0x0049
-typedef struct {
- uint8_t mode;
-} QEMU_PACKED write_afh_mode_cp;
-#define WRITE_AFH_MODE_CP_SIZE 1
-typedef struct {
- uint8_t status;
-} QEMU_PACKED write_afh_mode_rp;
-#define WRITE_AFH_MODE_RP_SIZE 1
-
-#define OCF_READ_EXT_INQUIRY_RESPONSE 0x0051
-typedef struct {
- uint8_t status;
- uint8_t fec;
- uint8_t data[240];
-} QEMU_PACKED read_ext_inquiry_response_rp;
-#define READ_EXT_INQUIRY_RESPONSE_RP_SIZE 242
-
-#define OCF_WRITE_EXT_INQUIRY_RESPONSE 0x0052
-typedef struct {
- uint8_t fec;
- uint8_t data[240];
-} QEMU_PACKED write_ext_inquiry_response_cp;
-#define WRITE_EXT_INQUIRY_RESPONSE_CP_SIZE 241
-typedef struct {
- uint8_t status;
-} QEMU_PACKED write_ext_inquiry_response_rp;
-#define WRITE_EXT_INQUIRY_RESPONSE_RP_SIZE 1
-
-/* Informational Parameters */
-#define OGF_INFO_PARAM 0x04
-
-#define OCF_READ_LOCAL_VERSION 0x0001
-typedef struct {
- uint8_t status;
- uint8_t hci_ver;
- uint16_t hci_rev;
- uint8_t lmp_ver;
- uint16_t manufacturer;
- uint16_t lmp_subver;
-} QEMU_PACKED read_local_version_rp;
-#define READ_LOCAL_VERSION_RP_SIZE 9
-
-#define OCF_READ_LOCAL_COMMANDS 0x0002
-typedef struct {
- uint8_t status;
- uint8_t commands[64];
-} QEMU_PACKED read_local_commands_rp;
-#define READ_LOCAL_COMMANDS_RP_SIZE 65
-
-#define OCF_READ_LOCAL_FEATURES 0x0003
-typedef struct {
- uint8_t status;
- uint8_t features[8];
-} QEMU_PACKED read_local_features_rp;
-#define READ_LOCAL_FEATURES_RP_SIZE 9
-
-#define OCF_READ_LOCAL_EXT_FEATURES 0x0004
-typedef struct {
- uint8_t page_num;
-} QEMU_PACKED read_local_ext_features_cp;
-#define READ_LOCAL_EXT_FEATURES_CP_SIZE 1
-typedef struct {
- uint8_t status;
- uint8_t page_num;
- uint8_t max_page_num;
- uint8_t features[8];
-} QEMU_PACKED read_local_ext_features_rp;
-#define READ_LOCAL_EXT_FEATURES_RP_SIZE 11
-
-#define OCF_READ_BUFFER_SIZE 0x0005
-typedef struct {
- uint8_t status;
- uint16_t acl_mtu;
- uint8_t sco_mtu;
- uint16_t acl_max_pkt;
- uint16_t sco_max_pkt;
-} QEMU_PACKED read_buffer_size_rp;
-#define READ_BUFFER_SIZE_RP_SIZE 8
-
-#define OCF_READ_COUNTRY_CODE 0x0007
-typedef struct {
- uint8_t status;
- uint8_t country_code;
-} QEMU_PACKED read_country_code_rp;
-#define READ_COUNTRY_CODE_RP_SIZE 2
-
-#define OCF_READ_BD_ADDR 0x0009
-typedef struct {
- uint8_t status;
- bdaddr_t bdaddr;
-} QEMU_PACKED read_bd_addr_rp;
-#define READ_BD_ADDR_RP_SIZE 7
-
-/* Status params */
-#define OGF_STATUS_PARAM 0x05
-
-#define OCF_READ_FAILED_CONTACT_COUNTER 0x0001
-typedef struct {
- uint8_t status;
- uint16_t handle;
- uint8_t counter;
-} QEMU_PACKED read_failed_contact_counter_rp;
-#define READ_FAILED_CONTACT_COUNTER_RP_SIZE 4
-
-#define OCF_RESET_FAILED_CONTACT_COUNTER 0x0002
-typedef struct {
- uint8_t status;
- uint16_t handle;
-} QEMU_PACKED reset_failed_contact_counter_rp;
-#define RESET_FAILED_CONTACT_COUNTER_RP_SIZE 4
-
-#define OCF_READ_LINK_QUALITY 0x0003
-typedef struct {
- uint16_t handle;
-} QEMU_PACKED read_link_quality_cp;
-#define READ_LINK_QUALITY_CP_SIZE 4
-
-typedef struct {
- uint8_t status;
- uint16_t handle;
- uint8_t link_quality;
-} QEMU_PACKED read_link_quality_rp;
-#define READ_LINK_QUALITY_RP_SIZE 4
-
-#define OCF_READ_RSSI 0x0005
-typedef struct {
- uint8_t status;
- uint16_t handle;
- int8_t rssi;
-} QEMU_PACKED read_rssi_rp;
-#define READ_RSSI_RP_SIZE 4
-
-#define OCF_READ_AFH_MAP 0x0006
-typedef struct {
- uint8_t status;
- uint16_t handle;
- uint8_t mode;
- uint8_t map[10];
-} QEMU_PACKED read_afh_map_rp;
-#define READ_AFH_MAP_RP_SIZE 14
-
-#define OCF_READ_CLOCK 0x0007
-typedef struct {
- uint16_t handle;
- uint8_t which_clock;
-} QEMU_PACKED read_clock_cp;
-#define READ_CLOCK_CP_SIZE 3
-typedef struct {
- uint8_t status;
- uint16_t handle;
- uint32_t clock;
- uint16_t accuracy;
-} QEMU_PACKED read_clock_rp;
-#define READ_CLOCK_RP_SIZE 9
-
-/* Testing commands */
-#define OGF_TESTING_CMD 0x3e
-
-/* Vendor specific commands */
-#define OGF_VENDOR_CMD 0x3f
-
-/* HCI Events */
-
-#define EVT_INQUIRY_COMPLETE 0x01
-
-#define EVT_INQUIRY_RESULT 0x02
-typedef struct {
- uint8_t num_responses;
- bdaddr_t bdaddr;
- uint8_t pscan_rep_mode;
- uint8_t pscan_period_mode;
- uint8_t pscan_mode;
- uint8_t dev_class[3];
- uint16_t clock_offset;
-} QEMU_PACKED inquiry_info;
-#define INQUIRY_INFO_SIZE 14
-
-#define EVT_CONN_COMPLETE 0x03
-typedef struct {
- uint8_t status;
- uint16_t handle;
- bdaddr_t bdaddr;
- uint8_t link_type;
- uint8_t encr_mode;
-} QEMU_PACKED evt_conn_complete;
-#define EVT_CONN_COMPLETE_SIZE 11
-
-#define EVT_CONN_REQUEST 0x04
-typedef struct {
- bdaddr_t bdaddr;
- uint8_t dev_class[3];
- uint8_t link_type;
-} QEMU_PACKED evt_conn_request;
-#define EVT_CONN_REQUEST_SIZE 10
-
-#define EVT_DISCONN_COMPLETE 0x05
-typedef struct {
- uint8_t status;
- uint16_t handle;
- uint8_t reason;
-} QEMU_PACKED evt_disconn_complete;
-#define EVT_DISCONN_COMPLETE_SIZE 4
-
-#define EVT_AUTH_COMPLETE 0x06
-typedef struct {
- uint8_t status;
- uint16_t handle;
-} QEMU_PACKED evt_auth_complete;
-#define EVT_AUTH_COMPLETE_SIZE 3
-
-#define EVT_REMOTE_NAME_REQ_COMPLETE 0x07
-typedef struct {
- uint8_t status;
- bdaddr_t bdaddr;
- char name[248];
-} QEMU_PACKED evt_remote_name_req_complete;
-#define EVT_REMOTE_NAME_REQ_COMPLETE_SIZE 255
-
-#define EVT_ENCRYPT_CHANGE 0x08
-typedef struct {
- uint8_t status;
- uint16_t handle;
- uint8_t encrypt;
-} QEMU_PACKED evt_encrypt_change;
-#define EVT_ENCRYPT_CHANGE_SIZE 5
-
-#define EVT_CHANGE_CONN_LINK_KEY_COMPLETE 0x09
-typedef struct {
- uint8_t status;
- uint16_t handle;
-} QEMU_PACKED evt_change_conn_link_key_complete;
-#define EVT_CHANGE_CONN_LINK_KEY_COMPLETE_SIZE 3
-
-#define EVT_MASTER_LINK_KEY_COMPLETE 0x0A
-typedef struct {
- uint8_t status;
- uint16_t handle;
- uint8_t key_flag;
-} QEMU_PACKED evt_master_link_key_complete;
-#define EVT_MASTER_LINK_KEY_COMPLETE_SIZE 4
-
-#define EVT_READ_REMOTE_FEATURES_COMPLETE 0x0B
-typedef struct {
- uint8_t status;
- uint16_t handle;
- uint8_t features[8];
-} QEMU_PACKED evt_read_remote_features_complete;
-#define EVT_READ_REMOTE_FEATURES_COMPLETE_SIZE 11
-
-#define EVT_READ_REMOTE_VERSION_COMPLETE 0x0C
-typedef struct {
- uint8_t status;
- uint16_t handle;
- uint8_t lmp_ver;
- uint16_t manufacturer;
- uint16_t lmp_subver;
-} QEMU_PACKED evt_read_remote_version_complete;
-#define EVT_READ_REMOTE_VERSION_COMPLETE_SIZE 8
-
-#define EVT_QOS_SETUP_COMPLETE 0x0D
-typedef struct {
- uint8_t status;
- uint16_t handle;
- uint8_t flags; /* Reserved */
- hci_qos qos;
-} QEMU_PACKED evt_qos_setup_complete;
-#define EVT_QOS_SETUP_COMPLETE_SIZE (4 + HCI_QOS_CP_SIZE)
-
-#define EVT_CMD_COMPLETE 0x0E
-typedef struct {
- uint8_t ncmd;
- uint16_t opcode;
-} QEMU_PACKED evt_cmd_complete;
-#define EVT_CMD_COMPLETE_SIZE 3
-
-#define EVT_CMD_STATUS 0x0F
-typedef struct {
- uint8_t status;
- uint8_t ncmd;
- uint16_t opcode;
-} QEMU_PACKED evt_cmd_status;
-#define EVT_CMD_STATUS_SIZE 4
-
-#define EVT_HARDWARE_ERROR 0x10
-typedef struct {
- uint8_t code;
-} QEMU_PACKED evt_hardware_error;
-#define EVT_HARDWARE_ERROR_SIZE 1
-
-#define EVT_FLUSH_OCCURRED 0x11
-typedef struct {
- uint16_t handle;
-} QEMU_PACKED evt_flush_occurred;
-#define EVT_FLUSH_OCCURRED_SIZE 2
-
-#define EVT_ROLE_CHANGE 0x12
-typedef struct {
- uint8_t status;
- bdaddr_t bdaddr;
- uint8_t role;
-} QEMU_PACKED evt_role_change;
-#define EVT_ROLE_CHANGE_SIZE 8
-
-#define EVT_NUM_COMP_PKTS 0x13
-typedef struct {
- uint8_t num_hndl;
- struct {
- uint16_t handle;
- uint16_t num_packets;
- } connection[0];
-} QEMU_PACKED evt_num_comp_pkts;
-#define EVT_NUM_COMP_PKTS_SIZE(num_hndl) (1 + 4 * (num_hndl))
-
-#define EVT_MODE_CHANGE 0x14
-typedef struct {
- uint8_t status;
- uint16_t handle;
- uint8_t mode;
- uint16_t interval;
-} QEMU_PACKED evt_mode_change;
-#define EVT_MODE_CHANGE_SIZE 6
-
-#define EVT_RETURN_LINK_KEYS 0x15
-typedef struct {
- uint8_t num_keys;
- /* variable length part */
-} QEMU_PACKED evt_return_link_keys;
-#define EVT_RETURN_LINK_KEYS_SIZE 1
-
-#define EVT_PIN_CODE_REQ 0x16
-typedef struct {
- bdaddr_t bdaddr;
-} QEMU_PACKED evt_pin_code_req;
-#define EVT_PIN_CODE_REQ_SIZE 6
-
-#define EVT_LINK_KEY_REQ 0x17
-typedef struct {
- bdaddr_t bdaddr;
-} QEMU_PACKED evt_link_key_req;
-#define EVT_LINK_KEY_REQ_SIZE 6
-
-#define EVT_LINK_KEY_NOTIFY 0x18
-typedef struct {
- bdaddr_t bdaddr;
- uint8_t link_key[16];
- uint8_t key_type;
-} QEMU_PACKED evt_link_key_notify;
-#define EVT_LINK_KEY_NOTIFY_SIZE 23
-
-#define EVT_LOOPBACK_COMMAND 0x19
-
-#define EVT_DATA_BUFFER_OVERFLOW 0x1A
-typedef struct {
- uint8_t link_type;
-} QEMU_PACKED evt_data_buffer_overflow;
-#define EVT_DATA_BUFFER_OVERFLOW_SIZE 1
-
-#define EVT_MAX_SLOTS_CHANGE 0x1B
-typedef struct {
- uint16_t handle;
- uint8_t max_slots;
-} QEMU_PACKED evt_max_slots_change;
-#define EVT_MAX_SLOTS_CHANGE_SIZE 3
-
-#define EVT_READ_CLOCK_OFFSET_COMPLETE 0x1C
-typedef struct {
- uint8_t status;
- uint16_t handle;
- uint16_t clock_offset;
-} QEMU_PACKED evt_read_clock_offset_complete;
-#define EVT_READ_CLOCK_OFFSET_COMPLETE_SIZE 5
-
-#define EVT_CONN_PTYPE_CHANGED 0x1D
-typedef struct {
- uint8_t status;
- uint16_t handle;
- uint16_t ptype;
-} QEMU_PACKED evt_conn_ptype_changed;
-#define EVT_CONN_PTYPE_CHANGED_SIZE 5
-
-#define EVT_QOS_VIOLATION 0x1E
-typedef struct {
- uint16_t handle;
-} QEMU_PACKED evt_qos_violation;
-#define EVT_QOS_VIOLATION_SIZE 2
-
-#define EVT_PSCAN_REP_MODE_CHANGE 0x20
-typedef struct {
- bdaddr_t bdaddr;
- uint8_t pscan_rep_mode;
-} QEMU_PACKED evt_pscan_rep_mode_change;
-#define EVT_PSCAN_REP_MODE_CHANGE_SIZE 7
-
-#define EVT_FLOW_SPEC_COMPLETE 0x21
-typedef struct {
- uint8_t status;
- uint16_t handle;
- uint8_t flags;
- uint8_t direction;
- hci_qos qos;
-} QEMU_PACKED evt_flow_spec_complete;
-#define EVT_FLOW_SPEC_COMPLETE_SIZE (5 + HCI_QOS_CP_SIZE)
-
-#define EVT_INQUIRY_RESULT_WITH_RSSI 0x22
-typedef struct {
- uint8_t num_responses;
- bdaddr_t bdaddr;
- uint8_t pscan_rep_mode;
- uint8_t pscan_period_mode;
- uint8_t dev_class[3];
- uint16_t clock_offset;
- int8_t rssi;
-} QEMU_PACKED inquiry_info_with_rssi;
-#define INQUIRY_INFO_WITH_RSSI_SIZE 15
-typedef struct {
- uint8_t num_responses;
- bdaddr_t bdaddr;
- uint8_t pscan_rep_mode;
- uint8_t pscan_period_mode;
- uint8_t pscan_mode;
- uint8_t dev_class[3];
- uint16_t clock_offset;
- int8_t rssi;
-} QEMU_PACKED inquiry_info_with_rssi_and_pscan_mode;
-#define INQUIRY_INFO_WITH_RSSI_AND_PSCAN_MODE_SIZE 16
-
-#define EVT_READ_REMOTE_EXT_FEATURES_COMPLETE 0x23
-typedef struct {
- uint8_t status;
- uint16_t handle;
- uint8_t page_num;
- uint8_t max_page_num;
- uint8_t features[8];
-} QEMU_PACKED evt_read_remote_ext_features_complete;
-#define EVT_READ_REMOTE_EXT_FEATURES_COMPLETE_SIZE 13
-
-#define EVT_SYNC_CONN_COMPLETE 0x2C
-typedef struct {
- uint8_t status;
- uint16_t handle;
- bdaddr_t bdaddr;
- uint8_t link_type;
- uint8_t trans_interval;
- uint8_t retrans_window;
- uint16_t rx_pkt_len;
- uint16_t tx_pkt_len;
- uint8_t air_mode;
-} QEMU_PACKED evt_sync_conn_complete;
-#define EVT_SYNC_CONN_COMPLETE_SIZE 17
-
-#define EVT_SYNC_CONN_CHANGED 0x2D
-typedef struct {
- uint8_t status;
- uint16_t handle;
- uint8_t trans_interval;
- uint8_t retrans_window;
- uint16_t rx_pkt_len;
- uint16_t tx_pkt_len;
-} QEMU_PACKED evt_sync_conn_changed;
-#define EVT_SYNC_CONN_CHANGED_SIZE 9
-
-#define EVT_SNIFF_SUBRATE 0x2E
-typedef struct {
- uint8_t status;
- uint16_t handle;
- uint16_t max_remote_latency;
- uint16_t max_local_latency;
- uint16_t min_remote_timeout;
- uint16_t min_local_timeout;
-} QEMU_PACKED evt_sniff_subrate;
-#define EVT_SNIFF_SUBRATE_SIZE 11
-
-#define EVT_EXTENDED_INQUIRY_RESULT 0x2F
-typedef struct {
- bdaddr_t bdaddr;
- uint8_t pscan_rep_mode;
- uint8_t pscan_period_mode;
- uint8_t dev_class[3];
- uint16_t clock_offset;
- int8_t rssi;
- uint8_t data[240];
-} QEMU_PACKED extended_inquiry_info;
-#define EXTENDED_INQUIRY_INFO_SIZE 254
-
-#define EVT_TESTING 0xFE
-
-#define EVT_VENDOR 0xFF
-
-/* Command opcode pack/unpack */
-#define cmd_opcode_pack(ogf, ocf) (uint16_t)((ocf & 0x03ff)|(ogf << 10))
-#define cmd_opcode_ogf(op) (op >> 10)
-#define cmd_opcode_ocf(op) (op & 0x03ff)
-
-/* ACL handle and flags pack/unpack */
-#define acl_handle_pack(h, f) (uint16_t)(((h) & 0x0fff)|((f) << 12))
-#define acl_handle(h) ((h) & 0x0fff)
-#define acl_flags(h) ((h) >> 12)
-
-/* HCI Packet structures */
-#define HCI_COMMAND_HDR_SIZE 3
-#define HCI_EVENT_HDR_SIZE 2
-#define HCI_ACL_HDR_SIZE 4
-#define HCI_SCO_HDR_SIZE 3
-
-struct hci_command_hdr {
- uint16_t opcode; /* OCF & OGF */
- uint8_t plen;
-} QEMU_PACKED;
-
-struct hci_event_hdr {
- uint8_t evt;
- uint8_t plen;
-} QEMU_PACKED;
-
-struct hci_acl_hdr {
- uint16_t handle; /* Handle & Flags(PB, BC) */
- uint16_t dlen;
-} QEMU_PACKED;
-
-struct hci_sco_hdr {
- uint16_t handle;
- uint8_t dlen;
-} QEMU_PACKED;
-
-/* L2CAP layer defines */
-
-enum bt_l2cap_lm_bits {
- L2CAP_LM_MASTER = 1 << 0,
- L2CAP_LM_AUTH = 1 << 1,
- L2CAP_LM_ENCRYPT = 1 << 2,
- L2CAP_LM_TRUSTED = 1 << 3,
- L2CAP_LM_RELIABLE = 1 << 4,
- L2CAP_LM_SECURE = 1 << 5,
-};
-
-enum bt_l2cap_cid_predef {
- L2CAP_CID_INVALID = 0x0000,
- L2CAP_CID_SIGNALLING= 0x0001,
- L2CAP_CID_GROUP = 0x0002,
- L2CAP_CID_ALLOC = 0x0040,
-};
-
-/* L2CAP command codes */
-enum bt_l2cap_cmd {
- L2CAP_COMMAND_REJ = 1,
- L2CAP_CONN_REQ,
- L2CAP_CONN_RSP,
- L2CAP_CONF_REQ,
- L2CAP_CONF_RSP,
- L2CAP_DISCONN_REQ,
- L2CAP_DISCONN_RSP,
- L2CAP_ECHO_REQ,
- L2CAP_ECHO_RSP,
- L2CAP_INFO_REQ,
- L2CAP_INFO_RSP,
-};
-
-enum bt_l2cap_sar_bits {
- L2CAP_SAR_NO_SEG = 0,
- L2CAP_SAR_START,
- L2CAP_SAR_END,
- L2CAP_SAR_CONT,
-};
-
-/* L2CAP structures */
-typedef struct {
- uint16_t len;
- uint16_t cid;
- uint8_t data[0];
-} QEMU_PACKED l2cap_hdr;
-#define L2CAP_HDR_SIZE 4
-
-typedef struct {
- uint8_t code;
- uint8_t ident;
- uint16_t len;
-} QEMU_PACKED l2cap_cmd_hdr;
-#define L2CAP_CMD_HDR_SIZE 4
-
-typedef struct {
- uint16_t reason;
-} QEMU_PACKED l2cap_cmd_rej;
-#define L2CAP_CMD_REJ_SIZE 2
-
-typedef struct {
- uint16_t dcid;
- uint16_t scid;
-} QEMU_PACKED l2cap_cmd_rej_cid;
-#define L2CAP_CMD_REJ_CID_SIZE 4
-
-/* reject reason */
-enum bt_l2cap_rej_reason {
- L2CAP_REJ_CMD_NOT_UNDERSTOOD = 0,
- L2CAP_REJ_SIG_TOOBIG,
- L2CAP_REJ_CID_INVAL,
-};
-
-typedef struct {
- uint16_t psm;
- uint16_t scid;
-} QEMU_PACKED l2cap_conn_req;
-#define L2CAP_CONN_REQ_SIZE 4
-
-typedef struct {
- uint16_t dcid;
- uint16_t scid;
- uint16_t result;
- uint16_t status;
-} QEMU_PACKED l2cap_conn_rsp;
-#define L2CAP_CONN_RSP_SIZE 8
-
-/* connect result */
-enum bt_l2cap_conn_res {
- L2CAP_CR_SUCCESS = 0,
- L2CAP_CR_PEND,
- L2CAP_CR_BAD_PSM,
- L2CAP_CR_SEC_BLOCK,
- L2CAP_CR_NO_MEM,
-};
-
-/* connect status */
-enum bt_l2cap_conn_stat {
- L2CAP_CS_NO_INFO = 0,
- L2CAP_CS_AUTHEN_PEND,
- L2CAP_CS_AUTHOR_PEND,
-};
-
-typedef struct {
- uint16_t dcid;
- uint16_t flags;
- uint8_t data[0];
-} QEMU_PACKED l2cap_conf_req;
-#define L2CAP_CONF_REQ_SIZE(datalen) (4 + (datalen))
-
-typedef struct {
- uint16_t scid;
- uint16_t flags;
- uint16_t result;
- uint8_t data[0];
-} QEMU_PACKED l2cap_conf_rsp;
-#define L2CAP_CONF_RSP_SIZE(datalen) (6 + datalen)
-
-enum bt_l2cap_conf_res {
- L2CAP_CONF_SUCCESS = 0,
- L2CAP_CONF_UNACCEPT,
- L2CAP_CONF_REJECT,
- L2CAP_CONF_UNKNOWN,
-};
-
-typedef struct {
- uint8_t type;
- uint8_t len;
- uint8_t val[0];
-} QEMU_PACKED l2cap_conf_opt;
-#define L2CAP_CONF_OPT_SIZE 2
-
-enum bt_l2cap_conf_val {
- L2CAP_CONF_MTU = 1,
- L2CAP_CONF_FLUSH_TO,
- L2CAP_CONF_QOS,
- L2CAP_CONF_RFC,
- L2CAP_CONF_RFC_MODE = L2CAP_CONF_RFC,
-};
-
-typedef struct {
- uint8_t flags;
- uint8_t service_type;
- uint32_t token_rate;
- uint32_t token_bucket_size;
- uint32_t peak_bandwidth;
- uint32_t latency;
- uint32_t delay_variation;
-} QEMU_PACKED l2cap_conf_opt_qos;
-#define L2CAP_CONF_OPT_QOS_SIZE 22
-
-enum bt_l2cap_conf_opt_qos_st {
- L2CAP_CONF_QOS_NO_TRAFFIC = 0x00,
- L2CAP_CONF_QOS_BEST_EFFORT,
- L2CAP_CONF_QOS_GUARANTEED,
-};
-
-#define L2CAP_CONF_QOS_WILDCARD 0xffffffff
-
-enum bt_l2cap_mode {
- L2CAP_MODE_BASIC = 0,
- L2CAP_MODE_RETRANS = 1,
- L2CAP_MODE_FLOWCTL = 2,
-};
-
-typedef struct {
- uint16_t dcid;
- uint16_t scid;
-} QEMU_PACKED l2cap_disconn_req;
-#define L2CAP_DISCONN_REQ_SIZE 4
-
-typedef struct {
- uint16_t dcid;
- uint16_t scid;
-} QEMU_PACKED l2cap_disconn_rsp;
-#define L2CAP_DISCONN_RSP_SIZE 4
-
-typedef struct {
- uint16_t type;
-} QEMU_PACKED l2cap_info_req;
-#define L2CAP_INFO_REQ_SIZE 2
-
-typedef struct {
- uint16_t type;
- uint16_t result;
- uint8_t data[0];
-} QEMU_PACKED l2cap_info_rsp;
-#define L2CAP_INFO_RSP_SIZE 4
-
-/* info type */
-enum bt_l2cap_info_type {
- L2CAP_IT_CL_MTU = 1,
- L2CAP_IT_FEAT_MASK,
-};
-
-/* info result */
-enum bt_l2cap_info_result {
- L2CAP_IR_SUCCESS = 0,
- L2CAP_IR_NOTSUPP,
-};
-
-/* Service Discovery Protocol defines */
-/* Note that all multibyte values in lower layer protocols (above in this file)
- * are little-endian while SDP is big-endian. */
-
-/* Protocol UUIDs */
-enum sdp_proto_uuid {
- SDP_UUID = 0x0001,
- UDP_UUID = 0x0002,
- RFCOMM_UUID = 0x0003,
- TCP_UUID = 0x0004,
- TCS_BIN_UUID = 0x0005,
- TCS_AT_UUID = 0x0006,
- OBEX_UUID = 0x0008,
- IP_UUID = 0x0009,
- FTP_UUID = 0x000a,
- HTTP_UUID = 0x000c,
- WSP_UUID = 0x000e,
- BNEP_UUID = 0x000f,
- UPNP_UUID = 0x0010,
- HIDP_UUID = 0x0011,
- HCRP_CTRL_UUID = 0x0012,
- HCRP_DATA_UUID = 0x0014,
- HCRP_NOTE_UUID = 0x0016,
- AVCTP_UUID = 0x0017,
- AVDTP_UUID = 0x0019,
- CMTP_UUID = 0x001b,
- UDI_UUID = 0x001d,
- MCAP_CTRL_UUID = 0x001e,
- MCAP_DATA_UUID = 0x001f,
- L2CAP_UUID = 0x0100,
-};
-
-/*
- * Service class identifiers of standard services and service groups
- */
-enum service_class_id {
- SDP_SERVER_SVCLASS_ID = 0x1000,
- BROWSE_GRP_DESC_SVCLASS_ID = 0x1001,
- PUBLIC_BROWSE_GROUP = 0x1002,
- SERIAL_PORT_SVCLASS_ID = 0x1101,
- LAN_ACCESS_SVCLASS_ID = 0x1102,
- DIALUP_NET_SVCLASS_ID = 0x1103,
- IRMC_SYNC_SVCLASS_ID = 0x1104,
- OBEX_OBJPUSH_SVCLASS_ID = 0x1105,
- OBEX_FILETRANS_SVCLASS_ID = 0x1106,
- IRMC_SYNC_CMD_SVCLASS_ID = 0x1107,
- HEADSET_SVCLASS_ID = 0x1108,
- CORDLESS_TELEPHONY_SVCLASS_ID = 0x1109,
- AUDIO_SOURCE_SVCLASS_ID = 0x110a,
- AUDIO_SINK_SVCLASS_ID = 0x110b,
- AV_REMOTE_TARGET_SVCLASS_ID = 0x110c,
- ADVANCED_AUDIO_SVCLASS_ID = 0x110d,
- AV_REMOTE_SVCLASS_ID = 0x110e,
- VIDEO_CONF_SVCLASS_ID = 0x110f,
- INTERCOM_SVCLASS_ID = 0x1110,
- FAX_SVCLASS_ID = 0x1111,
- HEADSET_AGW_SVCLASS_ID = 0x1112,
- WAP_SVCLASS_ID = 0x1113,
- WAP_CLIENT_SVCLASS_ID = 0x1114,
- PANU_SVCLASS_ID = 0x1115,
- NAP_SVCLASS_ID = 0x1116,
- GN_SVCLASS_ID = 0x1117,
- DIRECT_PRINTING_SVCLASS_ID = 0x1118,
- REFERENCE_PRINTING_SVCLASS_ID = 0x1119,
- IMAGING_SVCLASS_ID = 0x111a,
- IMAGING_RESPONDER_SVCLASS_ID = 0x111b,
- IMAGING_ARCHIVE_SVCLASS_ID = 0x111c,
- IMAGING_REFOBJS_SVCLASS_ID = 0x111d,
- HANDSFREE_SVCLASS_ID = 0x111e,
- HANDSFREE_AGW_SVCLASS_ID = 0x111f,
- DIRECT_PRT_REFOBJS_SVCLASS_ID = 0x1120,
- REFLECTED_UI_SVCLASS_ID = 0x1121,
- BASIC_PRINTING_SVCLASS_ID = 0x1122,
- PRINTING_STATUS_SVCLASS_ID = 0x1123,
- HID_SVCLASS_ID = 0x1124,
- HCR_SVCLASS_ID = 0x1125,
- HCR_PRINT_SVCLASS_ID = 0x1126,
- HCR_SCAN_SVCLASS_ID = 0x1127,
- CIP_SVCLASS_ID = 0x1128,
- VIDEO_CONF_GW_SVCLASS_ID = 0x1129,
- UDI_MT_SVCLASS_ID = 0x112a,
- UDI_TA_SVCLASS_ID = 0x112b,
- AV_SVCLASS_ID = 0x112c,
- SAP_SVCLASS_ID = 0x112d,
- PBAP_PCE_SVCLASS_ID = 0x112e,
- PBAP_PSE_SVCLASS_ID = 0x112f,
- PBAP_SVCLASS_ID = 0x1130,
- PNP_INFO_SVCLASS_ID = 0x1200,
- GENERIC_NETWORKING_SVCLASS_ID = 0x1201,
- GENERIC_FILETRANS_SVCLASS_ID = 0x1202,
- GENERIC_AUDIO_SVCLASS_ID = 0x1203,
- GENERIC_TELEPHONY_SVCLASS_ID = 0x1204,
- UPNP_SVCLASS_ID = 0x1205,
- UPNP_IP_SVCLASS_ID = 0x1206,
- UPNP_PAN_SVCLASS_ID = 0x1300,
- UPNP_LAP_SVCLASS_ID = 0x1301,
- UPNP_L2CAP_SVCLASS_ID = 0x1302,
- VIDEO_SOURCE_SVCLASS_ID = 0x1303,
- VIDEO_SINK_SVCLASS_ID = 0x1304,
- VIDEO_DISTRIBUTION_SVCLASS_ID = 0x1305,
- MDP_SVCLASS_ID = 0x1400,
- MDP_SOURCE_SVCLASS_ID = 0x1401,
- MDP_SINK_SVCLASS_ID = 0x1402,
- APPLE_AGENT_SVCLASS_ID = 0x2112,
-};
-
-/*
- * Standard profile descriptor identifiers; note these
- * may be identical to some of the service classes defined above
- */
-#define SDP_SERVER_PROFILE_ID SDP_SERVER_SVCLASS_ID
-#define BROWSE_GRP_DESC_PROFILE_ID BROWSE_GRP_DESC_SVCLASS_ID
-#define SERIAL_PORT_PROFILE_ID SERIAL_PORT_SVCLASS_ID
-#define LAN_ACCESS_PROFILE_ID LAN_ACCESS_SVCLASS_ID
-#define DIALUP_NET_PROFILE_ID DIALUP_NET_SVCLASS_ID
-#define IRMC_SYNC_PROFILE_ID IRMC_SYNC_SVCLASS_ID
-#define OBEX_OBJPUSH_PROFILE_ID OBEX_OBJPUSH_SVCLASS_ID
-#define OBEX_FILETRANS_PROFILE_ID OBEX_FILETRANS_SVCLASS_ID
-#define IRMC_SYNC_CMD_PROFILE_ID IRMC_SYNC_CMD_SVCLASS_ID
-#define HEADSET_PROFILE_ID HEADSET_SVCLASS_ID
-#define CORDLESS_TELEPHONY_PROFILE_ID CORDLESS_TELEPHONY_SVCLASS_ID
-#define AUDIO_SOURCE_PROFILE_ID AUDIO_SOURCE_SVCLASS_ID
-#define AUDIO_SINK_PROFILE_ID AUDIO_SINK_SVCLASS_ID
-#define AV_REMOTE_TARGET_PROFILE_ID AV_REMOTE_TARGET_SVCLASS_ID
-#define ADVANCED_AUDIO_PROFILE_ID ADVANCED_AUDIO_SVCLASS_ID
-#define AV_REMOTE_PROFILE_ID AV_REMOTE_SVCLASS_ID
-#define VIDEO_CONF_PROFILE_ID VIDEO_CONF_SVCLASS_ID
-#define INTERCOM_PROFILE_ID INTERCOM_SVCLASS_ID
-#define FAX_PROFILE_ID FAX_SVCLASS_ID
-#define HEADSET_AGW_PROFILE_ID HEADSET_AGW_SVCLASS_ID
-#define WAP_PROFILE_ID WAP_SVCLASS_ID
-#define WAP_CLIENT_PROFILE_ID WAP_CLIENT_SVCLASS_ID
-#define PANU_PROFILE_ID PANU_SVCLASS_ID
-#define NAP_PROFILE_ID NAP_SVCLASS_ID
-#define GN_PROFILE_ID GN_SVCLASS_ID
-#define DIRECT_PRINTING_PROFILE_ID DIRECT_PRINTING_SVCLASS_ID
-#define REFERENCE_PRINTING_PROFILE_ID REFERENCE_PRINTING_SVCLASS_ID
-#define IMAGING_PROFILE_ID IMAGING_SVCLASS_ID
-#define IMAGING_RESPONDER_PROFILE_ID IMAGING_RESPONDER_SVCLASS_ID
-#define IMAGING_ARCHIVE_PROFILE_ID IMAGING_ARCHIVE_SVCLASS_ID
-#define IMAGING_REFOBJS_PROFILE_ID IMAGING_REFOBJS_SVCLASS_ID
-#define HANDSFREE_PROFILE_ID HANDSFREE_SVCLASS_ID
-#define HANDSFREE_AGW_PROFILE_ID HANDSFREE_AGW_SVCLASS_ID
-#define DIRECT_PRT_REFOBJS_PROFILE_ID DIRECT_PRT_REFOBJS_SVCLASS_ID
-#define REFLECTED_UI_PROFILE_ID REFLECTED_UI_SVCLASS_ID
-#define BASIC_PRINTING_PROFILE_ID BASIC_PRINTING_SVCLASS_ID
-#define PRINTING_STATUS_PROFILE_ID PRINTING_STATUS_SVCLASS_ID
-#define HID_PROFILE_ID HID_SVCLASS_ID
-#define HCR_PROFILE_ID HCR_SCAN_SVCLASS_ID
-#define HCR_PRINT_PROFILE_ID HCR_PRINT_SVCLASS_ID
-#define HCR_SCAN_PROFILE_ID HCR_SCAN_SVCLASS_ID
-#define CIP_PROFILE_ID CIP_SVCLASS_ID
-#define VIDEO_CONF_GW_PROFILE_ID VIDEO_CONF_GW_SVCLASS_ID
-#define UDI_MT_PROFILE_ID UDI_MT_SVCLASS_ID
-#define UDI_TA_PROFILE_ID UDI_TA_SVCLASS_ID
-#define AV_PROFILE_ID AV_SVCLASS_ID
-#define SAP_PROFILE_ID SAP_SVCLASS_ID
-#define PBAP_PCE_PROFILE_ID PBAP_PCE_SVCLASS_ID
-#define PBAP_PSE_PROFILE_ID PBAP_PSE_SVCLASS_ID
-#define PBAP_PROFILE_ID PBAP_SVCLASS_ID
-#define PNP_INFO_PROFILE_ID PNP_INFO_SVCLASS_ID
-#define GENERIC_NETWORKING_PROFILE_ID GENERIC_NETWORKING_SVCLASS_ID
-#define GENERIC_FILETRANS_PROFILE_ID GENERIC_FILETRANS_SVCLASS_ID
-#define GENERIC_AUDIO_PROFILE_ID GENERIC_AUDIO_SVCLASS_ID
-#define GENERIC_TELEPHONY_PROFILE_ID GENERIC_TELEPHONY_SVCLASS_ID
-#define UPNP_PROFILE_ID UPNP_SVCLASS_ID
-#define UPNP_IP_PROFILE_ID UPNP_IP_SVCLASS_ID
-#define UPNP_PAN_PROFILE_ID UPNP_PAN_SVCLASS_ID
-#define UPNP_LAP_PROFILE_ID UPNP_LAP_SVCLASS_ID
-#define UPNP_L2CAP_PROFILE_ID UPNP_L2CAP_SVCLASS_ID
-#define VIDEO_SOURCE_PROFILE_ID VIDEO_SOURCE_SVCLASS_ID
-#define VIDEO_SINK_PROFILE_ID VIDEO_SINK_SVCLASS_ID
-#define VIDEO_DISTRIBUTION_PROFILE_ID VIDEO_DISTRIBUTION_SVCLASS_ID
-#define MDP_PROFILE_ID MDP_SVCLASS_ID
-#define MDP_SOURCE_PROFILE_ID MDP_SROUCE_SVCLASS_ID
-#define MDP_SINK_PROFILE_ID MDP_SINK_SVCLASS_ID
-#define APPLE_AGENT_PROFILE_ID APPLE_AGENT_SVCLASS_ID
-
-/* Data Representation */
-enum bt_sdp_data_type {
- SDP_DTYPE_NIL = 0 << 3,
- SDP_DTYPE_UINT = 1 << 3,
- SDP_DTYPE_SINT = 2 << 3,
- SDP_DTYPE_UUID = 3 << 3,
- SDP_DTYPE_STRING = 4 << 3,
- SDP_DTYPE_BOOL = 5 << 3,
- SDP_DTYPE_SEQ = 6 << 3,
- SDP_DTYPE_ALT = 7 << 3,
- SDP_DTYPE_URL = 8 << 3,
-};
-
-enum bt_sdp_data_size {
- SDP_DSIZE_1 = 0,
- SDP_DSIZE_2,
- SDP_DSIZE_4,
- SDP_DSIZE_8,
- SDP_DSIZE_16,
- SDP_DSIZE_NEXT1,
- SDP_DSIZE_NEXT2,
- SDP_DSIZE_NEXT4,
- SDP_DSIZE_MASK = SDP_DSIZE_NEXT4,
-};
-
-enum bt_sdp_cmd {
- SDP_ERROR_RSP = 0x01,
- SDP_SVC_SEARCH_REQ = 0x02,
- SDP_SVC_SEARCH_RSP = 0x03,
- SDP_SVC_ATTR_REQ = 0x04,
- SDP_SVC_ATTR_RSP = 0x05,
- SDP_SVC_SEARCH_ATTR_REQ = 0x06,
- SDP_SVC_SEARCH_ATTR_RSP = 0x07,
-};
-
-enum bt_sdp_errorcode {
- SDP_INVALID_VERSION = 0x0001,
- SDP_INVALID_RECORD_HANDLE = 0x0002,
- SDP_INVALID_SYNTAX = 0x0003,
- SDP_INVALID_PDU_SIZE = 0x0004,
- SDP_INVALID_CSTATE = 0x0005,
-};
-
-/*
- * String identifiers are based on the SDP spec stating that
- * "base attribute id of the primary (universal) language must be 0x0100"
- *
- * Other languages should have their own offset; e.g.:
- * #define XXXLangBase yyyy
- * #define AttrServiceName_XXX 0x0000+XXXLangBase
- */
-#define SDP_PRIMARY_LANG_BASE 0x0100
-
-enum bt_sdp_attribute_id {
- SDP_ATTR_RECORD_HANDLE = 0x0000,
- SDP_ATTR_SVCLASS_ID_LIST = 0x0001,
- SDP_ATTR_RECORD_STATE = 0x0002,
- SDP_ATTR_SERVICE_ID = 0x0003,
- SDP_ATTR_PROTO_DESC_LIST = 0x0004,
- SDP_ATTR_BROWSE_GRP_LIST = 0x0005,
- SDP_ATTR_LANG_BASE_ATTR_ID_LIST = 0x0006,
- SDP_ATTR_SVCINFO_TTL = 0x0007,
- SDP_ATTR_SERVICE_AVAILABILITY = 0x0008,
- SDP_ATTR_PFILE_DESC_LIST = 0x0009,
- SDP_ATTR_DOC_URL = 0x000a,
- SDP_ATTR_CLNT_EXEC_URL = 0x000b,
- SDP_ATTR_ICON_URL = 0x000c,
- SDP_ATTR_ADD_PROTO_DESC_LIST = 0x000d,
-
- SDP_ATTR_SVCNAME_PRIMARY = SDP_PRIMARY_LANG_BASE + 0,
- SDP_ATTR_SVCDESC_PRIMARY = SDP_PRIMARY_LANG_BASE + 1,
- SDP_ATTR_SVCPROV_PRIMARY = SDP_PRIMARY_LANG_BASE + 2,
-
- SDP_ATTR_GROUP_ID = 0x0200,
- SDP_ATTR_IP_SUBNET = 0x0200,
-
- /* SDP */
- SDP_ATTR_VERSION_NUM_LIST = 0x0200,
- SDP_ATTR_SVCDB_STATE = 0x0201,
-
- SDP_ATTR_SERVICE_VERSION = 0x0300,
- SDP_ATTR_EXTERNAL_NETWORK = 0x0301,
- SDP_ATTR_SUPPORTED_DATA_STORES_LIST = 0x0301,
- SDP_ATTR_FAX_CLASS1_SUPPORT = 0x0302,
- SDP_ATTR_REMOTE_AUDIO_VOLUME_CONTROL = 0x0302,
- SDP_ATTR_FAX_CLASS20_SUPPORT = 0x0303,
- SDP_ATTR_SUPPORTED_FORMATS_LIST = 0x0303,
- SDP_ATTR_FAX_CLASS2_SUPPORT = 0x0304,
- SDP_ATTR_AUDIO_FEEDBACK_SUPPORT = 0x0305,
- SDP_ATTR_NETWORK_ADDRESS = 0x0306,
- SDP_ATTR_WAP_GATEWAY = 0x0307,
- SDP_ATTR_HOMEPAGE_URL = 0x0308,
- SDP_ATTR_WAP_STACK_TYPE = 0x0309,
- SDP_ATTR_SECURITY_DESC = 0x030a,
- SDP_ATTR_NET_ACCESS_TYPE = 0x030b,
- SDP_ATTR_MAX_NET_ACCESSRATE = 0x030c,
- SDP_ATTR_IP4_SUBNET = 0x030d,
- SDP_ATTR_IP6_SUBNET = 0x030e,
- SDP_ATTR_SUPPORTED_CAPABILITIES = 0x0310,
- SDP_ATTR_SUPPORTED_FEATURES = 0x0311,
- SDP_ATTR_SUPPORTED_FUNCTIONS = 0x0312,
- SDP_ATTR_TOTAL_IMAGING_DATA_CAPACITY = 0x0313,
- SDP_ATTR_SUPPORTED_REPOSITORIES = 0x0314,
-
- /* PnP Information */
- SDP_ATTR_SPECIFICATION_ID = 0x0200,
- SDP_ATTR_VENDOR_ID = 0x0201,
- SDP_ATTR_PRODUCT_ID = 0x0202,
- SDP_ATTR_VERSION = 0x0203,
- SDP_ATTR_PRIMARY_RECORD = 0x0204,
- SDP_ATTR_VENDOR_ID_SOURCE = 0x0205,
-
- /* BT HID */
- SDP_ATTR_DEVICE_RELEASE_NUMBER = 0x0200,
- SDP_ATTR_PARSER_VERSION = 0x0201,
- SDP_ATTR_DEVICE_SUBCLASS = 0x0202,
- SDP_ATTR_COUNTRY_CODE = 0x0203,
- SDP_ATTR_VIRTUAL_CABLE = 0x0204,
- SDP_ATTR_RECONNECT_INITIATE = 0x0205,
- SDP_ATTR_DESCRIPTOR_LIST = 0x0206,
- SDP_ATTR_LANG_ID_BASE_LIST = 0x0207,
- SDP_ATTR_SDP_DISABLE = 0x0208,
- SDP_ATTR_BATTERY_POWER = 0x0209,
- SDP_ATTR_REMOTE_WAKEUP = 0x020a,
- SDP_ATTR_PROFILE_VERSION = 0x020b,
- SDP_ATTR_SUPERVISION_TIMEOUT = 0x020c,
- SDP_ATTR_NORMALLY_CONNECTABLE = 0x020d,
- SDP_ATTR_BOOT_DEVICE = 0x020e,
-};
diff --git a/hw/bt/Makefile.objs b/hw/bt/Makefile.objs
new file mode 100644
index 000000000..867a7d2e8
--- /dev/null
+++ b/hw/bt/Makefile.objs
@@ -0,0 +1,3 @@
+common-obj-y += core.o l2cap.o sdp.o hci.o hid.o
+common-obj-y += hci-csr.o
+
diff --git a/hw/bt/core.c b/hw/bt/core.c
new file mode 100644
index 000000000..49012e028
--- /dev/null
+++ b/hw/bt/core.c
@@ -0,0 +1,121 @@
+/*
+ * Convenience functions for bluetooth.
+ *
+ * Copyright (C) 2008 Andrzej Zaborowski <balrog@zabor.org>
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License as
+ * published by the Free Software Foundation; either version 2 or
+ * (at your option) version 3 of the License.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "qemu-common.h"
+#include "sysemu/bt.h"
+#include "hw/bt.h"
+
+/* Slave implementations can ignore this */
+static void bt_dummy_lmp_mode_change(struct bt_link_s *link)
+{
+}
+
+/* Slaves should never receive these PDUs */
+static void bt_dummy_lmp_connection_complete(struct bt_link_s *link)
+{
+ if (link->slave->reject_reason)
+ fprintf(stderr, "%s: stray LMP_not_accepted received, fixme\n",
+ __FUNCTION__);
+ else
+ fprintf(stderr, "%s: stray LMP_accepted received, fixme\n",
+ __FUNCTION__);
+ exit(-1);
+}
+
+static void bt_dummy_lmp_disconnect_master(struct bt_link_s *link)
+{
+ fprintf(stderr, "%s: stray LMP_detach received, fixme\n", __FUNCTION__);
+ exit(-1);
+}
+
+static void bt_dummy_lmp_acl_resp(struct bt_link_s *link,
+ const uint8_t *data, int start, int len)
+{
+ fprintf(stderr, "%s: stray ACL response PDU, fixme\n", __FUNCTION__);
+ exit(-1);
+}
+
+/* Slaves that don't hold any additional per link state can use these */
+static void bt_dummy_lmp_connection_request(struct bt_link_s *req)
+{
+ struct bt_link_s *link = g_malloc0(sizeof(struct bt_link_s));
+
+ link->slave = req->slave;
+ link->host = req->host;
+
+ req->host->reject_reason = 0;
+ req->host->lmp_connection_complete(link);
+}
+
+static void bt_dummy_lmp_disconnect_slave(struct bt_link_s *link)
+{
+ g_free(link);
+}
+
+static void bt_dummy_destroy(struct bt_device_s *device)
+{
+ bt_device_done(device);
+ g_free(device);
+}
+
+static int bt_dev_idx = 0;
+
+void bt_device_init(struct bt_device_s *dev, struct bt_scatternet_s *net)
+{
+ memset(dev, 0, sizeof(*dev));
+ dev->inquiry_scan = 1;
+ dev->page_scan = 1;
+
+ dev->bd_addr.b[0] = bt_dev_idx & 0xff;
+ dev->bd_addr.b[1] = bt_dev_idx >> 8;
+ dev->bd_addr.b[2] = 0xd0;
+ dev->bd_addr.b[3] = 0xba;
+ dev->bd_addr.b[4] = 0xbe;
+ dev->bd_addr.b[5] = 0xba;
+ bt_dev_idx ++;
+
+ /* Simple slave-only devices need to implement only .lmp_acl_data */
+ dev->lmp_connection_complete = bt_dummy_lmp_connection_complete;
+ dev->lmp_disconnect_master = bt_dummy_lmp_disconnect_master;
+ dev->lmp_acl_resp = bt_dummy_lmp_acl_resp;
+ dev->lmp_mode_change = bt_dummy_lmp_mode_change;
+ dev->lmp_connection_request = bt_dummy_lmp_connection_request;
+ dev->lmp_disconnect_slave = bt_dummy_lmp_disconnect_slave;
+
+ dev->handle_destroy = bt_dummy_destroy;
+
+ dev->net = net;
+ dev->next = net->slave;
+ net->slave = dev;
+}
+
+void bt_device_done(struct bt_device_s *dev)
+{
+ struct bt_device_s **p = &dev->net->slave;
+
+ while (*p && *p != dev)
+ p = &(*p)->next;
+ if (*p != dev) {
+ fprintf(stderr, "%s: bad bt device \"%s\"\n", __FUNCTION__,
+ dev->lmp_name ?: "(null)");
+ exit(-1);
+ }
+
+ *p = dev->next;
+}
diff --git a/hw/bt/hci-csr.c b/hw/bt/hci-csr.c
new file mode 100644
index 000000000..16a25cb34
--- /dev/null
+++ b/hw/bt/hci-csr.c
@@ -0,0 +1,454 @@
+/*
+ * Bluetooth serial HCI transport.
+ * CSR41814 HCI with H4p vendor extensions.
+ *
+ * Copyright (C) 2008 Andrzej Zaborowski <balrog@zabor.org>
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License as
+ * published by the Free Software Foundation; either version 2 or
+ * (at your option) version 3 of the License.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "qemu-common.h"
+#include "sysemu/char.h"
+#include "qemu/timer.h"
+#include "hw/irq.h"
+#include "sysemu/bt.h"
+#include "hw/bt.h"
+
+struct csrhci_s {
+ int enable;
+ qemu_irq *pins;
+ int pin_state;
+ int modem_state;
+ CharDriverState chr;
+#define FIFO_LEN 4096
+ int out_start;
+ int out_len;
+ int out_size;
+ uint8_t outfifo[FIFO_LEN * 2];
+ uint8_t inpkt[FIFO_LEN];
+ int in_len;
+ int in_hdr;
+ int in_data;
+ QEMUTimer *out_tm;
+ int64_t baud_delay;
+
+ bdaddr_t bd_addr;
+ struct HCIInfo *hci;
+};
+
+/* H4+ packet types */
+enum {
+ H4_CMD_PKT = 1,
+ H4_ACL_PKT = 2,
+ H4_SCO_PKT = 3,
+ H4_EVT_PKT = 4,
+ H4_NEG_PKT = 6,
+ H4_ALIVE_PKT = 7,
+};
+
+/* CSR41814 negotiation start magic packet */
+static const uint8_t csrhci_neg_packet[] = {
+ H4_NEG_PKT, 10,
+ 0x00, 0xa0, 0x01, 0x00, 0x00,
+ 0x4c, 0x00, 0x96, 0x00, 0x00,
+};
+
+/* CSR41814 vendor-specific command OCFs */
+enum {
+ OCF_CSR_SEND_FIRMWARE = 0x000,
+};
+
+static inline void csrhci_fifo_wake(struct csrhci_s *s)
+{
+ if (!s->enable || !s->out_len)
+ return;
+
+ /* XXX: Should wait for s->modem_state & CHR_TIOCM_RTS? */
+ if (s->chr.chr_can_read && s->chr.chr_can_read(s->chr.handler_opaque) &&
+ s->chr.chr_read) {
+ s->chr.chr_read(s->chr.handler_opaque,
+ s->outfifo + s->out_start ++, 1);
+ s->out_len --;
+ if (s->out_start >= s->out_size) {
+ s->out_start = 0;
+ s->out_size = FIFO_LEN;
+ }
+ }
+
+ if (s->out_len)
+ qemu_mod_timer(s->out_tm, qemu_get_clock_ns(vm_clock) + s->baud_delay);
+}
+
+#define csrhci_out_packetz(s, len) memset(csrhci_out_packet(s, len), 0, len)
+static uint8_t *csrhci_out_packet(struct csrhci_s *s, int len)
+{
+ int off = s->out_start + s->out_len;
+
+ /* TODO: do the padding here, i.e. align len */
+ s->out_len += len;
+
+ if (off < FIFO_LEN) {
+ if (off + len > FIFO_LEN && (s->out_size = off + len) > FIFO_LEN * 2) {
+ fprintf(stderr, "%s: can't alloc %i bytes\n", __FUNCTION__, len);
+ exit(-1);
+ }
+ return s->outfifo + off;
+ }
+
+ if (s->out_len > s->out_size) {
+ fprintf(stderr, "%s: can't alloc %i bytes\n", __FUNCTION__, len);
+ exit(-1);
+ }
+
+ return s->outfifo + off - s->out_size;
+}
+
+static inline uint8_t *csrhci_out_packet_csr(struct csrhci_s *s,
+ int type, int len)
+{
+ uint8_t *ret = csrhci_out_packetz(s, len + 2);
+
+ *ret ++ = type;
+ *ret ++ = len;
+
+ return ret;
+}
+
+static inline uint8_t *csrhci_out_packet_event(struct csrhci_s *s,
+ int evt, int len)
+{
+ uint8_t *ret = csrhci_out_packetz(s,
+ len + 1 + sizeof(struct hci_event_hdr));
+
+ *ret ++ = H4_EVT_PKT;
+ ((struct hci_event_hdr *) ret)->evt = evt;
+ ((struct hci_event_hdr *) ret)->plen = len;
+
+ return ret + sizeof(struct hci_event_hdr);
+}
+
+static void csrhci_in_packet_vendor(struct csrhci_s *s, int ocf,
+ uint8_t *data, int len)
+{
+ int offset;
+ uint8_t *rpkt;
+
+ switch (ocf) {
+ case OCF_CSR_SEND_FIRMWARE:
+ /* Check if this is the bd_address packet */
+ if (len >= 18 + 8 && data[12] == 0x01 && data[13] == 0x00) {
+ offset = 18;
+ s->bd_addr.b[0] = data[offset + 7]; /* Beyond cmd packet end(!?) */
+ s->bd_addr.b[1] = data[offset + 6];
+ s->bd_addr.b[2] = data[offset + 4];
+ s->bd_addr.b[3] = data[offset + 0];
+ s->bd_addr.b[4] = data[offset + 3];
+ s->bd_addr.b[5] = data[offset + 2];
+
+ s->hci->bdaddr_set(s->hci, s->bd_addr.b);
+ fprintf(stderr, "%s: bd_address loaded from firmware: "
+ "%02x:%02x:%02x:%02x:%02x:%02x\n", __FUNCTION__,
+ s->bd_addr.b[0], s->bd_addr.b[1], s->bd_addr.b[2],
+ s->bd_addr.b[3], s->bd_addr.b[4], s->bd_addr.b[5]);
+ }
+
+ rpkt = csrhci_out_packet_event(s, EVT_VENDOR, 11);
+ /* Status bytes: no error */
+ rpkt[9] = 0x00;
+ rpkt[10] = 0x00;
+ break;
+
+ default:
+ fprintf(stderr, "%s: got a bad CMD packet\n", __FUNCTION__);
+ return;
+ }
+
+ csrhci_fifo_wake(s);
+}
+
+static void csrhci_in_packet(struct csrhci_s *s, uint8_t *pkt)
+{
+ uint8_t *rpkt;
+ int opc;
+
+ switch (*pkt ++) {
+ case H4_CMD_PKT:
+ opc = le16_to_cpu(((struct hci_command_hdr *) pkt)->opcode);
+ if (cmd_opcode_ogf(opc) == OGF_VENDOR_CMD) {
+ csrhci_in_packet_vendor(s, cmd_opcode_ocf(opc),
+ pkt + sizeof(struct hci_command_hdr),
+ s->in_len - sizeof(struct hci_command_hdr) - 1);
+ return;
+ }
+
+ /* TODO: if the command is OCF_READ_LOCAL_COMMANDS or the likes,
+ * we need to send it to the HCI layer and then add our supported
+ * commands to the returned mask (such as OGF_VENDOR_CMD). With
+ * bt-hci.c we could just have hooks for this kind of commands but
+ * we can't with bt-host.c. */
+
+ s->hci->cmd_send(s->hci, pkt, s->in_len - 1);
+ break;
+
+ case H4_EVT_PKT:
+ goto bad_pkt;
+
+ case H4_ACL_PKT:
+ s->hci->acl_send(s->hci, pkt, s->in_len - 1);
+ break;
+
+ case H4_SCO_PKT:
+ s->hci->sco_send(s->hci, pkt, s->in_len - 1);
+ break;
+
+ case H4_NEG_PKT:
+ if (s->in_hdr != sizeof(csrhci_neg_packet) ||
+ memcmp(pkt - 1, csrhci_neg_packet, s->in_hdr)) {
+ fprintf(stderr, "%s: got a bad NEG packet\n", __FUNCTION__);
+ return;
+ }
+ pkt += 2;
+
+ rpkt = csrhci_out_packet_csr(s, H4_NEG_PKT, 10);
+
+ *rpkt ++ = 0x20; /* Operational settings negotiation Ok */
+ memcpy(rpkt, pkt, 7); rpkt += 7;
+ *rpkt ++ = 0xff;
+ *rpkt = 0xff;
+ break;
+
+ case H4_ALIVE_PKT:
+ if (s->in_hdr != 4 || pkt[1] != 0x55 || pkt[2] != 0x00) {
+ fprintf(stderr, "%s: got a bad ALIVE packet\n", __FUNCTION__);
+ return;
+ }
+
+ rpkt = csrhci_out_packet_csr(s, H4_ALIVE_PKT, 2);
+
+ *rpkt ++ = 0xcc;
+ *rpkt = 0x00;
+ break;
+
+ default:
+ bad_pkt:
+ /* TODO: error out */
+ fprintf(stderr, "%s: got a bad packet\n", __FUNCTION__);
+ break;
+ }
+
+ csrhci_fifo_wake(s);
+}
+
+static int csrhci_header_len(const uint8_t *pkt)
+{
+ switch (pkt[0]) {
+ case H4_CMD_PKT:
+ return HCI_COMMAND_HDR_SIZE;
+ case H4_EVT_PKT:
+ return HCI_EVENT_HDR_SIZE;
+ case H4_ACL_PKT:
+ return HCI_ACL_HDR_SIZE;
+ case H4_SCO_PKT:
+ return HCI_SCO_HDR_SIZE;
+ case H4_NEG_PKT:
+ return pkt[1] + 1;
+ case H4_ALIVE_PKT:
+ return 3;
+ }
+
+ exit(-1);
+}
+
+static int csrhci_data_len(const uint8_t *pkt)
+{
+ switch (*pkt ++) {
+ case H4_CMD_PKT:
+ /* It seems that vendor-specific command packets for H4+ are all
+ * one byte longer than indicated in the standard header. */
+ if (le16_to_cpu(((struct hci_command_hdr *) pkt)->opcode) == 0xfc00)
+ return (((struct hci_command_hdr *) pkt)->plen + 1) & ~1;
+
+ return ((struct hci_command_hdr *) pkt)->plen;
+ case H4_EVT_PKT:
+ return ((struct hci_event_hdr *) pkt)->plen;
+ case H4_ACL_PKT:
+ return le16_to_cpu(((struct hci_acl_hdr *) pkt)->dlen);
+ case H4_SCO_PKT:
+ return ((struct hci_sco_hdr *) pkt)->dlen;
+ case H4_NEG_PKT:
+ case H4_ALIVE_PKT:
+ return 0;
+ }
+
+ exit(-1);
+}
+
+static int csrhci_write(struct CharDriverState *chr,
+ const uint8_t *buf, int len)
+{
+ struct csrhci_s *s = (struct csrhci_s *) chr->opaque;
+ int plen = s->in_len;
+
+ if (!s->enable)
+ return 0;
+
+ s->in_len += len;
+ memcpy(s->inpkt + plen, buf, len);
+
+ while (1) {
+ if (s->in_len >= 2 && plen < 2)
+ s->in_hdr = csrhci_header_len(s->inpkt) + 1;
+
+ if (s->in_len >= s->in_hdr && plen < s->in_hdr)
+ s->in_data = csrhci_data_len(s->inpkt) + s->in_hdr;
+
+ if (s->in_len >= s->in_data) {
+ csrhci_in_packet(s, s->inpkt);
+
+ memmove(s->inpkt, s->inpkt + s->in_len, s->in_len - s->in_data);
+ s->in_len -= s->in_data;
+ s->in_hdr = INT_MAX;
+ s->in_data = INT_MAX;
+ plen = 0;
+ } else
+ break;
+ }
+
+ return len;
+}
+
+static void csrhci_out_hci_packet_event(void *opaque,
+ const uint8_t *data, int len)
+{
+ struct csrhci_s *s = (struct csrhci_s *) opaque;
+ uint8_t *pkt = csrhci_out_packet(s, (len + 2) & ~1); /* Align */
+
+ *pkt ++ = H4_EVT_PKT;
+ memcpy(pkt, data, len);
+
+ csrhci_fifo_wake(s);
+}
+
+static void csrhci_out_hci_packet_acl(void *opaque,
+ const uint8_t *data, int len)
+{
+ struct csrhci_s *s = (struct csrhci_s *) opaque;
+ uint8_t *pkt = csrhci_out_packet(s, (len + 2) & ~1); /* Align */
+
+ *pkt ++ = H4_ACL_PKT;
+ pkt[len & ~1] = 0;
+ memcpy(pkt, data, len);
+
+ csrhci_fifo_wake(s);
+}
+
+static int csrhci_ioctl(struct CharDriverState *chr, int cmd, void *arg)
+{
+ QEMUSerialSetParams *ssp;
+ struct csrhci_s *s = (struct csrhci_s *) chr->opaque;
+ int prev_state = s->modem_state;
+
+ switch (cmd) {
+ case CHR_IOCTL_SERIAL_SET_PARAMS:
+ ssp = (QEMUSerialSetParams *) arg;
+ s->baud_delay = get_ticks_per_sec() / ssp->speed;
+ /* Moments later... (but shorter than 100ms) */
+ s->modem_state |= CHR_TIOCM_CTS;
+ break;
+
+ case CHR_IOCTL_SERIAL_GET_TIOCM:
+ *(int *) arg = s->modem_state;
+ break;
+
+ case CHR_IOCTL_SERIAL_SET_TIOCM:
+ s->modem_state = *(int *) arg;
+ if (~s->modem_state & prev_state & CHR_TIOCM_RTS)
+ s->modem_state &= ~CHR_TIOCM_CTS;
+ break;
+
+ default:
+ return -ENOTSUP;
+ }
+ return 0;
+}
+
+static void csrhci_reset(struct csrhci_s *s)
+{
+ s->out_len = 0;
+ s->out_size = FIFO_LEN;
+ s->in_len = 0;
+ s->baud_delay = get_ticks_per_sec();
+ s->enable = 0;
+ s->in_hdr = INT_MAX;
+ s->in_data = INT_MAX;
+
+ s->modem_state = 0;
+ /* After a while... (but sooner than 10ms) */
+ s->modem_state |= CHR_TIOCM_CTS;
+
+ memset(&s->bd_addr, 0, sizeof(bdaddr_t));
+}
+
+static void csrhci_out_tick(void *opaque)
+{
+ csrhci_fifo_wake((struct csrhci_s *) opaque);
+}
+
+static void csrhci_pins(void *opaque, int line, int level)
+{
+ struct csrhci_s *s = (struct csrhci_s *) opaque;
+ int state = s->pin_state;
+
+ s->pin_state &= ~(1 << line);
+ s->pin_state |= (!!level) << line;
+
+ if ((state & ~s->pin_state) & (1 << csrhci_pin_reset)) {
+ /* TODO: Disappear from lower layers */
+ csrhci_reset(s);
+ }
+
+ if (s->pin_state == 3 && state != 3) {
+ s->enable = 1;
+ /* TODO: Wake lower layers up */
+ }
+}
+
+qemu_irq *csrhci_pins_get(CharDriverState *chr)
+{
+ struct csrhci_s *s = (struct csrhci_s *) chr->opaque;
+
+ return s->pins;
+}
+
+CharDriverState *uart_hci_init(qemu_irq wakeup)
+{
+ struct csrhci_s *s = (struct csrhci_s *)
+ g_malloc0(sizeof(struct csrhci_s));
+
+ s->chr.opaque = s;
+ s->chr.chr_write = csrhci_write;
+ s->chr.chr_ioctl = csrhci_ioctl;
+ s->chr.avail_connections = 1;
+
+ s->hci = qemu_next_hci();
+ s->hci->opaque = s;
+ s->hci->evt_recv = csrhci_out_hci_packet_event;
+ s->hci->acl_recv = csrhci_out_hci_packet_acl;
+
+ s->out_tm = qemu_new_timer_ns(vm_clock, csrhci_out_tick, s);
+ s->pins = qemu_allocate_irqs(csrhci_pins, s, __csrhci_pins);
+ csrhci_reset(s);
+
+ return &s->chr;
+}
diff --git a/hw/bt/hci.c b/hw/bt/hci.c
new file mode 100644
index 000000000..b53cd5dea
--- /dev/null
+++ b/hw/bt/hci.c
@@ -0,0 +1,2217 @@
+/*
+ * QEMU Bluetooth HCI logic.
+ *
+ * Copyright (C) 2007 OpenMoko, Inc.
+ * Copyright (C) 2008 Andrzej Zaborowski <balrog@zabor.org>
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License as
+ * published by the Free Software Foundation; either version 2 of
+ * the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "qemu-common.h"
+#include "qemu/timer.h"
+#include "hw/usb.h"
+#include "sysemu/bt.h"
+#include "hw/bt.h"
+
+struct bt_hci_s {
+ uint8_t *(*evt_packet)(void *opaque);
+ void (*evt_submit)(void *opaque, int len);
+ void *opaque;
+ uint8_t evt_buf[256];
+
+ uint8_t acl_buf[4096];
+ int acl_len;
+
+ uint16_t asb_handle;
+ uint16_t psb_handle;
+
+ int last_cmd; /* Note: Always little-endian */
+
+ struct bt_device_s *conn_req_host;
+
+ struct {
+ int inquire;
+ int periodic;
+ int responses_left;
+ int responses;
+ QEMUTimer *inquiry_done;
+ QEMUTimer *inquiry_next;
+ int inquiry_length;
+ int inquiry_period;
+ int inquiry_mode;
+
+#define HCI_HANDLE_OFFSET 0x20
+#define HCI_HANDLES_MAX 0x10
+ struct bt_hci_master_link_s {
+ struct bt_link_s *link;
+ void (*lmp_acl_data)(struct bt_link_s *link,
+ const uint8_t *data, int start, int len);
+ QEMUTimer *acl_mode_timer;
+ } handle[HCI_HANDLES_MAX];
+ uint32_t role_bmp;
+ int last_handle;
+ int connecting;
+ bdaddr_t awaiting_bdaddr[HCI_HANDLES_MAX];
+ } lm;
+
+ uint8_t event_mask[8];
+ uint16_t voice_setting; /* Notw: Always little-endian */
+ uint16_t conn_accept_tout;
+ QEMUTimer *conn_accept_timer;
+
+ struct HCIInfo info;
+ struct bt_device_s device;
+};
+
+#define DEFAULT_RSSI_DBM 20
+
+#define hci_from_info(ptr) container_of((ptr), struct bt_hci_s, info)
+#define hci_from_device(ptr) container_of((ptr), struct bt_hci_s, device)
+
+struct bt_hci_link_s {
+ struct bt_link_s btlink;
+ uint16_t handle; /* Local */
+};
+
+/* LMP layer emulation */
+#if 0
+static void bt_submit_lmp(struct bt_device_s *bt, int length, uint8_t *data)
+{
+ int resp, resplen, error, op, tr;
+ uint8_t respdata[17];
+
+ if (length < 1)
+ return;
+
+ tr = *data & 1;
+ op = *(data ++) >> 1;
+ resp = LMP_ACCEPTED;
+ resplen = 2;
+ respdata[1] = op;
+ error = 0;
+ length --;
+
+ if (op >= 0x7c) { /* Extended opcode */
+ op |= *(data ++) << 8;
+ resp = LMP_ACCEPTED_EXT;
+ resplen = 4;
+ respdata[0] = op >> 8;
+ respdata[1] = op & 0xff;
+ length --;
+ }
+
+ switch (op) {
+ case LMP_ACCEPTED:
+ /* data[0] Op code
+ */
+ if (length < 1) {
+ error = HCI_UNSUPPORTED_LMP_PARAMETER_VALUE;
+ goto not_accepted;
+ }
+ resp = 0;
+ break;
+
+ case LMP_ACCEPTED_EXT:
+ /* data[0] Escape op code
+ * data[1] Extended op code
+ */
+ if (length < 2) {
+ error = HCI_UNSUPPORTED_LMP_PARAMETER_VALUE;
+ goto not_accepted;
+ }
+ resp = 0;
+ break;
+
+ case LMP_NOT_ACCEPTED:
+ /* data[0] Op code
+ * data[1] Error code
+ */
+ if (length < 2) {
+ error = HCI_UNSUPPORTED_LMP_PARAMETER_VALUE;
+ goto not_accepted;
+ }
+ resp = 0;
+ break;
+
+ case LMP_NOT_ACCEPTED_EXT:
+ /* data[0] Op code
+ * data[1] Extended op code
+ * data[2] Error code
+ */
+ if (length < 3) {
+ error = HCI_UNSUPPORTED_LMP_PARAMETER_VALUE;
+ goto not_accepted;
+ }
+ resp = 0;
+ break;
+
+ case LMP_HOST_CONNECTION_REQ:
+ break;
+
+ case LMP_SETUP_COMPLETE:
+ resp = LMP_SETUP_COMPLETE;
+ resplen = 1;
+ bt->setup = 1;
+ break;
+
+ case LMP_DETACH:
+ /* data[0] Error code
+ */
+ if (length < 1) {
+ error = HCI_UNSUPPORTED_LMP_PARAMETER_VALUE;
+ goto not_accepted;
+ }
+ bt->setup = 0;
+ resp = 0;
+ break;
+
+ case LMP_SUPERVISION_TIMEOUT:
+ /* data[0,1] Supervision timeout
+ */
+ if (length < 2) {
+ error = HCI_UNSUPPORTED_LMP_PARAMETER_VALUE;
+ goto not_accepted;
+ }
+ resp = 0;
+ break;
+
+ case LMP_QUALITY_OF_SERVICE:
+ resp = 0;
+ /* Fall through */
+ case LMP_QOS_REQ:
+ /* data[0,1] Poll interval
+ * data[2] N(BC)
+ */
+ if (length < 3) {
+ error = HCI_UNSUPPORTED_LMP_PARAMETER_VALUE;
+ goto not_accepted;
+ }
+ break;
+
+ case LMP_MAX_SLOT:
+ resp = 0;
+ /* Fall through */
+ case LMP_MAX_SLOT_REQ:
+ /* data[0] Max slots
+ */
+ if (length < 1) {
+ error = HCI_UNSUPPORTED_LMP_PARAMETER_VALUE;
+ goto not_accepted;
+ }
+ break;
+
+ case LMP_AU_RAND:
+ case LMP_IN_RAND:
+ case LMP_COMB_KEY:
+ /* data[0-15] Random number
+ */
+ if (length < 16) {
+ error = HCI_UNSUPPORTED_LMP_PARAMETER_VALUE;
+ goto not_accepted;
+ }
+ if (op == LMP_AU_RAND) {
+ if (bt->key_present) {
+ resp = LMP_SRES;
+ resplen = 5;
+ /* XXX: [Part H] Section 6.1 on page 801 */
+ } else {
+ error = HCI_PIN_OR_KEY_MISSING;
+ goto not_accepted;
+ }
+ } else if (op == LMP_IN_RAND) {
+ error = HCI_PAIRING_NOT_ALLOWED;
+ goto not_accepted;
+ } else {
+ /* XXX: [Part H] Section 3.2 on page 779 */
+ resp = LMP_UNIT_KEY;
+ resplen = 17;
+ memcpy(respdata + 1, bt->key, 16);
+
+ error = HCI_UNIT_LINK_KEY_USED;
+ goto not_accepted;
+ }
+ break;
+
+ case LMP_UNIT_KEY:
+ /* data[0-15] Key
+ */
+ if (length < 16) {
+ error = HCI_UNSUPPORTED_LMP_PARAMETER_VALUE;
+ goto not_accepted;
+ }
+ memcpy(bt->key, data, 16);
+ bt->key_present = 1;
+ break;
+
+ case LMP_SRES:
+ /* data[0-3] Authentication response
+ */
+ if (length < 4) {
+ error = HCI_UNSUPPORTED_LMP_PARAMETER_VALUE;
+ goto not_accepted;
+ }
+ break;
+
+ case LMP_CLKOFFSET_REQ:
+ resp = LMP_CLKOFFSET_RES;
+ resplen = 3;
+ respdata[1] = 0x33;
+ respdata[2] = 0x33;
+ break;
+
+ case LMP_CLKOFFSET_RES:
+ /* data[0,1] Clock offset
+ * (Slave to master only)
+ */
+ if (length < 2) {
+ error = HCI_UNSUPPORTED_LMP_PARAMETER_VALUE;
+ goto not_accepted;
+ }
+ break;
+
+ case LMP_VERSION_REQ:
+ case LMP_VERSION_RES:
+ /* data[0] VersNr
+ * data[1,2] CompId
+ * data[3,4] SubVersNr
+ */
+ if (length < 5) {
+ error = HCI_UNSUPPORTED_LMP_PARAMETER_VALUE;
+ goto not_accepted;
+ }
+ if (op == LMP_VERSION_REQ) {
+ resp = LMP_VERSION_RES;
+ resplen = 6;
+ respdata[1] = 0x20;
+ respdata[2] = 0xff;
+ respdata[3] = 0xff;
+ respdata[4] = 0xff;
+ respdata[5] = 0xff;
+ } else
+ resp = 0;
+ break;
+
+ case LMP_FEATURES_REQ:
+ case LMP_FEATURES_RES:
+ /* data[0-7] Features
+ */
+ if (length < 8) {
+ error = HCI_UNSUPPORTED_LMP_PARAMETER_VALUE;
+ goto not_accepted;
+ }
+ if (op == LMP_FEATURES_REQ) {
+ resp = LMP_FEATURES_RES;
+ resplen = 9;
+ respdata[1] = (bt->lmp_caps >> 0) & 0xff;
+ respdata[2] = (bt->lmp_caps >> 8) & 0xff;
+ respdata[3] = (bt->lmp_caps >> 16) & 0xff;
+ respdata[4] = (bt->lmp_caps >> 24) & 0xff;
+ respdata[5] = (bt->lmp_caps >> 32) & 0xff;
+ respdata[6] = (bt->lmp_caps >> 40) & 0xff;
+ respdata[7] = (bt->lmp_caps >> 48) & 0xff;
+ respdata[8] = (bt->lmp_caps >> 56) & 0xff;
+ } else
+ resp = 0;
+ break;
+
+ case LMP_NAME_REQ:
+ /* data[0] Name offset
+ */
+ if (length < 1) {
+ error = HCI_UNSUPPORTED_LMP_PARAMETER_VALUE;
+ goto not_accepted;
+ }
+ resp = LMP_NAME_RES;
+ resplen = 17;
+ respdata[1] = data[0];
+ respdata[2] = strlen(bt->lmp_name);
+ memset(respdata + 3, 0x00, 14);
+ if (respdata[2] > respdata[1])
+ memcpy(respdata + 3, bt->lmp_name + respdata[1],
+ respdata[2] - respdata[1]);
+ break;
+
+ case LMP_NAME_RES:
+ /* data[0] Name offset
+ * data[1] Name length
+ * data[2-15] Name fragment
+ */
+ if (length < 16) {
+ error = HCI_UNSUPPORTED_LMP_PARAMETER_VALUE;
+ goto not_accepted;
+ }
+ resp = 0;
+ break;
+
+ default:
+ error = HCI_UNKNOWN_LMP_PDU;
+ /* Fall through */
+ not_accepted:
+ if (op >> 8) {
+ resp = LMP_NOT_ACCEPTED_EXT;
+ resplen = 5;
+ respdata[0] = op >> 8;
+ respdata[1] = op & 0xff;
+ respdata[2] = error;
+ } else {
+ resp = LMP_NOT_ACCEPTED;
+ resplen = 3;
+ respdata[0] = op & 0xff;
+ respdata[1] = error;
+ }
+ }
+
+ if (resp == 0)
+ return;
+
+ if (resp >> 8) {
+ respdata[0] = resp >> 8;
+ respdata[1] = resp & 0xff;
+ } else
+ respdata[0] = resp & 0xff;
+
+ respdata[0] <<= 1;
+ respdata[0] |= tr;
+}
+
+static void bt_submit_raw_acl(struct bt_piconet_s *net, int length, uint8_t *data)
+{
+ struct bt_device_s *slave;
+ if (length < 1)
+ return;
+
+ slave = 0;
+#if 0
+ slave = net->slave;
+#endif
+
+ switch (data[0] & 3) {
+ case LLID_ACLC:
+ bt_submit_lmp(slave, length - 1, data + 1);
+ break;
+ case LLID_ACLU_START:
+#if 0
+ bt_sumbit_l2cap(slave, length - 1, data + 1, (data[0] >> 2) & 1);
+ breka;
+#endif
+ default:
+ case LLID_ACLU_CONT:
+ break;
+ }
+}
+#endif
+
+/* HCI layer emulation */
+
+/* Note: we could ignore endiannes because unswapped handles will still
+ * be valid as connection identifiers for the guest - they don't have to
+ * be continuously allocated. We do it though, to preserve similar
+ * behaviour between hosts. Some things, like the BD_ADDR cannot be
+ * preserved though (for example if a real hci is used). */
+#ifdef HOST_WORDS_BIGENDIAN
+# define HNDL(raw) bswap16(raw)
+#else
+# define HNDL(raw) (raw)
+#endif
+
+static const uint8_t bt_event_reserved_mask[8] = {
+ 0xff, 0x9f, 0xfb, 0xff, 0x07, 0x18, 0x00, 0x00,
+};
+
+static inline uint8_t *bt_hci_event_start(struct bt_hci_s *hci,
+ int evt, int len)
+{
+ uint8_t *packet, mask;
+ int mask_byte;
+
+ if (len > 255) {
+ fprintf(stderr, "%s: HCI event params too long (%ib)\n",
+ __FUNCTION__, len);
+ exit(-1);
+ }
+
+ mask_byte = (evt - 1) >> 3;
+ mask = 1 << ((evt - 1) & 3);
+ if (mask & bt_event_reserved_mask[mask_byte] & ~hci->event_mask[mask_byte])
+ return NULL;
+
+ packet = hci->evt_packet(hci->opaque);
+ packet[0] = evt;
+ packet[1] = len;
+
+ return &packet[2];
+}
+
+static inline void bt_hci_event(struct bt_hci_s *hci, int evt,
+ void *params, int len)
+{
+ uint8_t *packet = bt_hci_event_start(hci, evt, len);
+
+ if (!packet)
+ return;
+
+ if (len)
+ memcpy(packet, params, len);
+
+ hci->evt_submit(hci->opaque, len + 2);
+}
+
+static inline void bt_hci_event_status(struct bt_hci_s *hci, int status)
+{
+ evt_cmd_status params = {
+ .status = status,
+ .ncmd = 1,
+ .opcode = hci->last_cmd,
+ };
+
+ bt_hci_event(hci, EVT_CMD_STATUS, &params, EVT_CMD_STATUS_SIZE);
+}
+
+static inline void bt_hci_event_complete(struct bt_hci_s *hci,
+ void *ret, int len)
+{
+ uint8_t *packet = bt_hci_event_start(hci, EVT_CMD_COMPLETE,
+ len + EVT_CMD_COMPLETE_SIZE);
+ evt_cmd_complete *params = (evt_cmd_complete *) packet;
+
+ if (!packet)
+ return;
+
+ params->ncmd = 1;
+ params->opcode = hci->last_cmd;
+ if (len)
+ memcpy(&packet[EVT_CMD_COMPLETE_SIZE], ret, len);
+
+ hci->evt_submit(hci->opaque, len + EVT_CMD_COMPLETE_SIZE + 2);
+}
+
+static void bt_hci_inquiry_done(void *opaque)
+{
+ struct bt_hci_s *hci = (struct bt_hci_s *) opaque;
+ uint8_t status = HCI_SUCCESS;
+
+ if (!hci->lm.periodic)
+ hci->lm.inquire = 0;
+
+ /* The specification is inconsistent about this one. Page 565 reads
+ * "The event parameters of Inquiry Complete event will have a summary
+ * of the result from the Inquiry process, which reports the number of
+ * nearby Bluetooth devices that responded [so hci->responses].", but
+ * Event Parameters (see page 729) has only Status. */
+ bt_hci_event(hci, EVT_INQUIRY_COMPLETE, &status, 1);
+}
+
+static void bt_hci_inquiry_result_standard(struct bt_hci_s *hci,
+ struct bt_device_s *slave)
+{
+ inquiry_info params = {
+ .num_responses = 1,
+ .bdaddr = BAINIT(&slave->bd_addr),
+ .pscan_rep_mode = 0x00, /* R0 */
+ .pscan_period_mode = 0x00, /* P0 - deprecated */
+ .pscan_mode = 0x00, /* Standard scan - deprecated */
+ .dev_class[0] = slave->class[0],
+ .dev_class[1] = slave->class[1],
+ .dev_class[2] = slave->class[2],
+ /* TODO: return the clkoff *differenece* */
+ .clock_offset = slave->clkoff, /* Note: no swapping */
+ };
+
+ bt_hci_event(hci, EVT_INQUIRY_RESULT, &params, INQUIRY_INFO_SIZE);
+}
+
+static void bt_hci_inquiry_result_with_rssi(struct bt_hci_s *hci,
+ struct bt_device_s *slave)
+{
+ inquiry_info_with_rssi params = {
+ .num_responses = 1,
+ .bdaddr = BAINIT(&slave->bd_addr),
+ .pscan_rep_mode = 0x00, /* R0 */
+ .pscan_period_mode = 0x00, /* P0 - deprecated */
+ .dev_class[0] = slave->class[0],
+ .dev_class[1] = slave->class[1],
+ .dev_class[2] = slave->class[2],
+ /* TODO: return the clkoff *differenece* */
+ .clock_offset = slave->clkoff, /* Note: no swapping */
+ .rssi = DEFAULT_RSSI_DBM,
+ };
+
+ bt_hci_event(hci, EVT_INQUIRY_RESULT_WITH_RSSI,
+ &params, INQUIRY_INFO_WITH_RSSI_SIZE);
+}
+
+static void bt_hci_inquiry_result(struct bt_hci_s *hci,
+ struct bt_device_s *slave)
+{
+ if (!slave->inquiry_scan || !hci->lm.responses_left)
+ return;
+
+ hci->lm.responses_left --;
+ hci->lm.responses ++;
+
+ switch (hci->lm.inquiry_mode) {
+ case 0x00:
+ bt_hci_inquiry_result_standard(hci, slave);
+ return;
+ case 0x01:
+ bt_hci_inquiry_result_with_rssi(hci, slave);
+ return;
+ default:
+ fprintf(stderr, "%s: bad inquiry mode %02x\n", __FUNCTION__,
+ hci->lm.inquiry_mode);
+ exit(-1);
+ }
+}
+
+static void bt_hci_mod_timer_1280ms(QEMUTimer *timer, int period)
+{
+ qemu_mod_timer(timer, qemu_get_clock_ns(vm_clock) +
+ muldiv64(period << 7, get_ticks_per_sec(), 100));
+}
+
+static void bt_hci_inquiry_start(struct bt_hci_s *hci, int length)
+{
+ struct bt_device_s *slave;
+
+ hci->lm.inquiry_length = length;
+ for (slave = hci->device.net->slave; slave; slave = slave->next)
+ /* Don't uncover ourselves. */
+ if (slave != &hci->device)
+ bt_hci_inquiry_result(hci, slave);
+
+ /* TODO: register for a callback on a new device's addition to the
+ * scatternet so that if it's added before inquiry_length expires,
+ * an Inquiry Result is generated immediately. Alternatively re-loop
+ * through the devices on the inquiry_length expiration and report
+ * devices not seen before. */
+ if (hci->lm.responses_left)
+ bt_hci_mod_timer_1280ms(hci->lm.inquiry_done, hci->lm.inquiry_length);
+ else
+ bt_hci_inquiry_done(hci);
+
+ if (hci->lm.periodic)
+ bt_hci_mod_timer_1280ms(hci->lm.inquiry_next, hci->lm.inquiry_period);
+}
+
+static void bt_hci_inquiry_next(void *opaque)
+{
+ struct bt_hci_s *hci = (struct bt_hci_s *) opaque;
+
+ hci->lm.responses_left += hci->lm.responses;
+ hci->lm.responses = 0;
+ bt_hci_inquiry_start(hci, hci->lm.inquiry_length);
+}
+
+static inline int bt_hci_handle_bad(struct bt_hci_s *hci, uint16_t handle)
+{
+ return !(handle & HCI_HANDLE_OFFSET) ||
+ handle >= (HCI_HANDLE_OFFSET | HCI_HANDLES_MAX) ||
+ !hci->lm.handle[handle & ~HCI_HANDLE_OFFSET].link;
+}
+
+static inline int bt_hci_role_master(struct bt_hci_s *hci, uint16_t handle)
+{
+ return !!(hci->lm.role_bmp & (1 << (handle & ~HCI_HANDLE_OFFSET)));
+}
+
+static inline struct bt_device_s *bt_hci_remote_dev(struct bt_hci_s *hci,
+ uint16_t handle)
+{
+ struct bt_link_s *link = hci->lm.handle[handle & ~HCI_HANDLE_OFFSET].link;
+
+ return bt_hci_role_master(hci, handle) ? link->slave : link->host;
+}
+
+static void bt_hci_mode_tick(void *opaque);
+static void bt_hci_lmp_link_establish(struct bt_hci_s *hci,
+ struct bt_link_s *link, int master)
+{
+ hci->lm.handle[hci->lm.last_handle].link = link;
+
+ if (master) {
+ /* We are the master side of an ACL link */
+ hci->lm.role_bmp |= 1 << hci->lm.last_handle;
+
+ hci->lm.handle[hci->lm.last_handle].lmp_acl_data =
+ link->slave->lmp_acl_data;
+ } else {
+ /* We are the slave side of an ACL link */
+ hci->lm.role_bmp &= ~(1 << hci->lm.last_handle);
+
+ hci->lm.handle[hci->lm.last_handle].lmp_acl_data =
+ link->host->lmp_acl_resp;
+ }
+
+ /* Mode */
+ if (master) {
+ link->acl_mode = acl_active;
+ hci->lm.handle[hci->lm.last_handle].acl_mode_timer =
+ qemu_new_timer_ns(vm_clock, bt_hci_mode_tick, link);
+ }
+}
+
+static void bt_hci_lmp_link_teardown(struct bt_hci_s *hci, uint16_t handle)
+{
+ handle &= ~HCI_HANDLE_OFFSET;
+ hci->lm.handle[handle].link = NULL;
+
+ if (bt_hci_role_master(hci, handle)) {
+ qemu_del_timer(hci->lm.handle[handle].acl_mode_timer);
+ qemu_free_timer(hci->lm.handle[handle].acl_mode_timer);
+ }
+}
+
+static int bt_hci_connect(struct bt_hci_s *hci, bdaddr_t *bdaddr)
+{
+ struct bt_device_s *slave;
+ struct bt_link_s link;
+
+ for (slave = hci->device.net->slave; slave; slave = slave->next)
+ if (slave->page_scan && !bacmp(&slave->bd_addr, bdaddr))
+ break;
+ if (!slave || slave == &hci->device)
+ return -ENODEV;
+
+ bacpy(&hci->lm.awaiting_bdaddr[hci->lm.connecting ++], &slave->bd_addr);
+
+ link.slave = slave;
+ link.host = &hci->device;
+ link.slave->lmp_connection_request(&link); /* Always last */
+
+ return 0;
+}
+
+static void bt_hci_connection_reject(struct bt_hci_s *hci,
+ struct bt_device_s *host, uint8_t because)
+{
+ struct bt_link_s link = {
+ .slave = &hci->device,
+ .host = host,
+ /* Rest uninitialised */
+ };
+
+ host->reject_reason = because;
+ host->lmp_connection_complete(&link);
+}
+
+static void bt_hci_connection_reject_event(struct bt_hci_s *hci,
+ bdaddr_t *bdaddr)
+{
+ evt_conn_complete params;
+
+ params.status = HCI_NO_CONNECTION;
+ params.handle = 0;
+ bacpy(&params.bdaddr, bdaddr);
+ params.link_type = ACL_LINK;
+ params.encr_mode = 0x00; /* Encryption not required */
+ bt_hci_event(hci, EVT_CONN_COMPLETE, &params, EVT_CONN_COMPLETE_SIZE);
+}
+
+static void bt_hci_connection_accept(struct bt_hci_s *hci,
+ struct bt_device_s *host)
+{
+ struct bt_hci_link_s *link = g_malloc0(sizeof(struct bt_hci_link_s));
+ evt_conn_complete params;
+ uint16_t handle;
+ uint8_t status = HCI_SUCCESS;
+ int tries = HCI_HANDLES_MAX;
+
+ /* Make a connection handle */
+ do {
+ while (hci->lm.handle[++ hci->lm.last_handle].link && -- tries)
+ hci->lm.last_handle &= HCI_HANDLES_MAX - 1;
+ handle = hci->lm.last_handle | HCI_HANDLE_OFFSET;
+ } while ((handle == hci->asb_handle || handle == hci->psb_handle) &&
+ tries);
+
+ if (!tries) {
+ g_free(link);
+ bt_hci_connection_reject(hci, host, HCI_REJECTED_LIMITED_RESOURCES);
+ status = HCI_NO_CONNECTION;
+ goto complete;
+ }
+
+ link->btlink.slave = &hci->device;
+ link->btlink.host = host;
+ link->handle = handle;
+
+ /* Link established */
+ bt_hci_lmp_link_establish(hci, &link->btlink, 0);
+
+complete:
+ params.status = status;
+ params.handle = HNDL(handle);
+ bacpy(&params.bdaddr, &host->bd_addr);
+ params.link_type = ACL_LINK;
+ params.encr_mode = 0x00; /* Encryption not required */
+ bt_hci_event(hci, EVT_CONN_COMPLETE, &params, EVT_CONN_COMPLETE_SIZE);
+
+ /* Neets to be done at the very end because it can trigger a (nested)
+ * disconnected, in case the other and had cancelled the request
+ * locally. */
+ if (status == HCI_SUCCESS) {
+ host->reject_reason = 0;
+ host->lmp_connection_complete(&link->btlink);
+ }
+}
+
+static void bt_hci_lmp_connection_request(struct bt_link_s *link)
+{
+ struct bt_hci_s *hci = hci_from_device(link->slave);
+ evt_conn_request params;
+
+ if (hci->conn_req_host) {
+ bt_hci_connection_reject(hci, link->host,
+ HCI_REJECTED_LIMITED_RESOURCES);
+ return;
+ }
+ hci->conn_req_host = link->host;
+ /* TODO: if masked and auto-accept, then auto-accept,
+ * if masked and not auto-accept, then auto-reject */
+ /* TODO: kick the hci->conn_accept_timer, timeout after
+ * hci->conn_accept_tout * 0.625 msec */
+
+ bacpy(&params.bdaddr, &link->host->bd_addr);
+ memcpy(&params.dev_class, &link->host->class, sizeof(params.dev_class));
+ params.link_type = ACL_LINK;
+ bt_hci_event(hci, EVT_CONN_REQUEST, &params, EVT_CONN_REQUEST_SIZE);
+}
+
+static void bt_hci_conn_accept_timeout(void *opaque)
+{
+ struct bt_hci_s *hci = (struct bt_hci_s *) opaque;
+
+ if (!hci->conn_req_host)
+ /* Already accepted or rejected. If the other end cancelled the
+ * connection request then we still have to reject or accept it
+ * and then we'll get a disconnect. */
+ return;
+
+ /* TODO */
+}
+
+/* Remove from the list of devices which we wanted to connect to and
+ * are awaiting a response from. If the callback sees a response from
+ * a device which is not on the list it will assume it's a connection
+ * that's been cancelled by the host in the meantime and immediately
+ * try to detach the link and send a Connection Complete. */
+static int bt_hci_lmp_connection_ready(struct bt_hci_s *hci,
+ bdaddr_t *bdaddr)
+{
+ int i;
+
+ for (i = 0; i < hci->lm.connecting; i ++)
+ if (!bacmp(&hci->lm.awaiting_bdaddr[i], bdaddr)) {
+ if (i < -- hci->lm.connecting)
+ bacpy(&hci->lm.awaiting_bdaddr[i],
+ &hci->lm.awaiting_bdaddr[hci->lm.connecting]);
+ return 0;
+ }
+
+ return 1;
+}
+
+static void bt_hci_lmp_connection_complete(struct bt_link_s *link)
+{
+ struct bt_hci_s *hci = hci_from_device(link->host);
+ evt_conn_complete params;
+ uint16_t handle;
+ uint8_t status = HCI_SUCCESS;
+ int tries = HCI_HANDLES_MAX;
+
+ if (bt_hci_lmp_connection_ready(hci, &link->slave->bd_addr)) {
+ if (!hci->device.reject_reason)
+ link->slave->lmp_disconnect_slave(link);
+ handle = 0;
+ status = HCI_NO_CONNECTION;
+ goto complete;
+ }
+
+ if (hci->device.reject_reason) {
+ handle = 0;
+ status = hci->device.reject_reason;
+ goto complete;
+ }
+
+ /* Make a connection handle */
+ do {
+ while (hci->lm.handle[++ hci->lm.last_handle].link && -- tries)
+ hci->lm.last_handle &= HCI_HANDLES_MAX - 1;
+ handle = hci->lm.last_handle | HCI_HANDLE_OFFSET;
+ } while ((handle == hci->asb_handle || handle == hci->psb_handle) &&
+ tries);
+
+ if (!tries) {
+ link->slave->lmp_disconnect_slave(link);
+ status = HCI_NO_CONNECTION;
+ goto complete;
+ }
+
+ /* Link established */
+ link->handle = handle;
+ bt_hci_lmp_link_establish(hci, link, 1);
+
+complete:
+ params.status = status;
+ params.handle = HNDL(handle);
+ params.link_type = ACL_LINK;
+ bacpy(&params.bdaddr, &link->slave->bd_addr);
+ params.encr_mode = 0x00; /* Encryption not required */
+ bt_hci_event(hci, EVT_CONN_COMPLETE, &params, EVT_CONN_COMPLETE_SIZE);
+}
+
+static void bt_hci_disconnect(struct bt_hci_s *hci,
+ uint16_t handle, int reason)
+{
+ struct bt_link_s *btlink =
+ hci->lm.handle[handle & ~HCI_HANDLE_OFFSET].link;
+ struct bt_hci_link_s *link;
+ evt_disconn_complete params;
+
+ if (bt_hci_role_master(hci, handle)) {
+ btlink->slave->reject_reason = reason;
+ btlink->slave->lmp_disconnect_slave(btlink);
+ /* The link pointer is invalid from now on */
+
+ goto complete;
+ }
+
+ btlink->host->reject_reason = reason;
+ btlink->host->lmp_disconnect_master(btlink);
+
+ /* We are the slave, we get to clean this burden */
+ link = (struct bt_hci_link_s *) btlink;
+ g_free(link);
+
+complete:
+ bt_hci_lmp_link_teardown(hci, handle);
+
+ params.status = HCI_SUCCESS;
+ params.handle = HNDL(handle);
+ params.reason = HCI_CONNECTION_TERMINATED;
+ bt_hci_event(hci, EVT_DISCONN_COMPLETE,
+ &params, EVT_DISCONN_COMPLETE_SIZE);
+}
+
+/* TODO: use only one function */
+static void bt_hci_lmp_disconnect_host(struct bt_link_s *link)
+{
+ struct bt_hci_s *hci = hci_from_device(link->host);
+ uint16_t handle = link->handle;
+ evt_disconn_complete params;
+
+ bt_hci_lmp_link_teardown(hci, handle);
+
+ params.status = HCI_SUCCESS;
+ params.handle = HNDL(handle);
+ params.reason = hci->device.reject_reason;
+ bt_hci_event(hci, EVT_DISCONN_COMPLETE,
+ &params, EVT_DISCONN_COMPLETE_SIZE);
+}
+
+static void bt_hci_lmp_disconnect_slave(struct bt_link_s *btlink)
+{
+ struct bt_hci_link_s *link = (struct bt_hci_link_s *) btlink;
+ struct bt_hci_s *hci = hci_from_device(btlink->slave);
+ uint16_t handle = link->handle;
+ evt_disconn_complete params;
+
+ g_free(link);
+
+ bt_hci_lmp_link_teardown(hci, handle);
+
+ params.status = HCI_SUCCESS;
+ params.handle = HNDL(handle);
+ params.reason = hci->device.reject_reason;
+ bt_hci_event(hci, EVT_DISCONN_COMPLETE,
+ &params, EVT_DISCONN_COMPLETE_SIZE);
+}
+
+static int bt_hci_name_req(struct bt_hci_s *hci, bdaddr_t *bdaddr)
+{
+ struct bt_device_s *slave;
+ evt_remote_name_req_complete params;
+
+ for (slave = hci->device.net->slave; slave; slave = slave->next)
+ if (slave->page_scan && !bacmp(&slave->bd_addr, bdaddr))
+ break;
+ if (!slave)
+ return -ENODEV;
+
+ bt_hci_event_status(hci, HCI_SUCCESS);
+
+ params.status = HCI_SUCCESS;
+ bacpy(&params.bdaddr, &slave->bd_addr);
+ pstrcpy(params.name, sizeof(params.name), slave->lmp_name ?: "");
+ bt_hci_event(hci, EVT_REMOTE_NAME_REQ_COMPLETE,
+ &params, EVT_REMOTE_NAME_REQ_COMPLETE_SIZE);
+
+ return 0;
+}
+
+static int bt_hci_features_req(struct bt_hci_s *hci, uint16_t handle)
+{
+ struct bt_device_s *slave;
+ evt_read_remote_features_complete params;
+
+ if (bt_hci_handle_bad(hci, handle))
+ return -ENODEV;
+
+ slave = bt_hci_remote_dev(hci, handle);
+
+ bt_hci_event_status(hci, HCI_SUCCESS);
+
+ params.status = HCI_SUCCESS;
+ params.handle = HNDL(handle);
+ params.features[0] = (slave->lmp_caps >> 0) & 0xff;
+ params.features[1] = (slave->lmp_caps >> 8) & 0xff;
+ params.features[2] = (slave->lmp_caps >> 16) & 0xff;
+ params.features[3] = (slave->lmp_caps >> 24) & 0xff;
+ params.features[4] = (slave->lmp_caps >> 32) & 0xff;
+ params.features[5] = (slave->lmp_caps >> 40) & 0xff;
+ params.features[6] = (slave->lmp_caps >> 48) & 0xff;
+ params.features[7] = (slave->lmp_caps >> 56) & 0xff;
+ bt_hci_event(hci, EVT_READ_REMOTE_FEATURES_COMPLETE,
+ &params, EVT_READ_REMOTE_FEATURES_COMPLETE_SIZE);
+
+ return 0;
+}
+
+static int bt_hci_version_req(struct bt_hci_s *hci, uint16_t handle)
+{
+ evt_read_remote_version_complete params;
+
+ if (bt_hci_handle_bad(hci, handle))
+ return -ENODEV;
+
+ bt_hci_remote_dev(hci, handle);
+
+ bt_hci_event_status(hci, HCI_SUCCESS);
+
+ params.status = HCI_SUCCESS;
+ params.handle = HNDL(handle);
+ params.lmp_ver = 0x03;
+ params.manufacturer = cpu_to_le16(0xa000);
+ params.lmp_subver = cpu_to_le16(0xa607);
+ bt_hci_event(hci, EVT_READ_REMOTE_VERSION_COMPLETE,
+ &params, EVT_READ_REMOTE_VERSION_COMPLETE_SIZE);
+
+ return 0;
+}
+
+static int bt_hci_clkoffset_req(struct bt_hci_s *hci, uint16_t handle)
+{
+ struct bt_device_s *slave;
+ evt_read_clock_offset_complete params;
+
+ if (bt_hci_handle_bad(hci, handle))
+ return -ENODEV;
+
+ slave = bt_hci_remote_dev(hci, handle);
+
+ bt_hci_event_status(hci, HCI_SUCCESS);
+
+ params.status = HCI_SUCCESS;
+ params.handle = HNDL(handle);
+ /* TODO: return the clkoff *differenece* */
+ params.clock_offset = slave->clkoff; /* Note: no swapping */
+ bt_hci_event(hci, EVT_READ_CLOCK_OFFSET_COMPLETE,
+ &params, EVT_READ_CLOCK_OFFSET_COMPLETE_SIZE);
+
+ return 0;
+}
+
+static void bt_hci_event_mode(struct bt_hci_s *hci, struct bt_link_s *link,
+ uint16_t handle)
+{
+ evt_mode_change params = {
+ .status = HCI_SUCCESS,
+ .handle = HNDL(handle),
+ .mode = link->acl_mode,
+ .interval = cpu_to_le16(link->acl_interval),
+ };
+
+ bt_hci_event(hci, EVT_MODE_CHANGE, &params, EVT_MODE_CHANGE_SIZE);
+}
+
+static void bt_hci_lmp_mode_change_master(struct bt_hci_s *hci,
+ struct bt_link_s *link, int mode, uint16_t interval)
+{
+ link->acl_mode = mode;
+ link->acl_interval = interval;
+
+ bt_hci_event_mode(hci, link, link->handle);
+
+ link->slave->lmp_mode_change(link);
+}
+
+static void bt_hci_lmp_mode_change_slave(struct bt_link_s *btlink)
+{
+ struct bt_hci_link_s *link = (struct bt_hci_link_s *) btlink;
+ struct bt_hci_s *hci = hci_from_device(btlink->slave);
+
+ bt_hci_event_mode(hci, btlink, link->handle);
+}
+
+static int bt_hci_mode_change(struct bt_hci_s *hci, uint16_t handle,
+ int interval, int mode)
+{
+ struct bt_hci_master_link_s *link;
+
+ if (bt_hci_handle_bad(hci, handle) || !bt_hci_role_master(hci, handle))
+ return -ENODEV;
+
+ link = &hci->lm.handle[handle & ~HCI_HANDLE_OFFSET];
+ if (link->link->acl_mode != acl_active) {
+ bt_hci_event_status(hci, HCI_COMMAND_DISALLOWED);
+ return 0;
+ }
+
+ bt_hci_event_status(hci, HCI_SUCCESS);
+
+ qemu_mod_timer(link->acl_mode_timer, qemu_get_clock_ns(vm_clock) +
+ muldiv64(interval * 625, get_ticks_per_sec(), 1000000));
+ bt_hci_lmp_mode_change_master(hci, link->link, mode, interval);
+
+ return 0;
+}
+
+static int bt_hci_mode_cancel(struct bt_hci_s *hci, uint16_t handle, int mode)
+{
+ struct bt_hci_master_link_s *link;
+
+ if (bt_hci_handle_bad(hci, handle) || !bt_hci_role_master(hci, handle))
+ return -ENODEV;
+
+ link = &hci->lm.handle[handle & ~HCI_HANDLE_OFFSET];
+ if (link->link->acl_mode != mode) {
+ bt_hci_event_status(hci, HCI_COMMAND_DISALLOWED);
+
+ return 0;
+ }
+
+ bt_hci_event_status(hci, HCI_SUCCESS);
+
+ qemu_del_timer(link->acl_mode_timer);
+ bt_hci_lmp_mode_change_master(hci, link->link, acl_active, 0);
+
+ return 0;
+}
+
+static void bt_hci_mode_tick(void *opaque)
+{
+ struct bt_link_s *link = opaque;
+ struct bt_hci_s *hci = hci_from_device(link->host);
+
+ bt_hci_lmp_mode_change_master(hci, link, acl_active, 0);
+}
+
+static void bt_hci_reset(struct bt_hci_s *hci)
+{
+ hci->acl_len = 0;
+ hci->last_cmd = 0;
+ hci->lm.connecting = 0;
+
+ hci->event_mask[0] = 0xff;
+ hci->event_mask[1] = 0xff;
+ hci->event_mask[2] = 0xff;
+ hci->event_mask[3] = 0xff;
+ hci->event_mask[4] = 0xff;
+ hci->event_mask[5] = 0x1f;
+ hci->event_mask[6] = 0x00;
+ hci->event_mask[7] = 0x00;
+ hci->device.inquiry_scan = 0;
+ hci->device.page_scan = 0;
+ if (hci->device.lmp_name)
+ g_free((void *) hci->device.lmp_name);
+ hci->device.lmp_name = NULL;
+ hci->device.class[0] = 0x00;
+ hci->device.class[1] = 0x00;
+ hci->device.class[2] = 0x00;
+ hci->voice_setting = 0x0000;
+ hci->conn_accept_tout = 0x1f40;
+ hci->lm.inquiry_mode = 0x00;
+
+ hci->psb_handle = 0x000;
+ hci->asb_handle = 0x000;
+
+ /* XXX: qemu_del_timer(sl->acl_mode_timer); for all links */
+ qemu_del_timer(hci->lm.inquiry_done);
+ qemu_del_timer(hci->lm.inquiry_next);
+ qemu_del_timer(hci->conn_accept_timer);
+}
+
+static void bt_hci_read_local_version_rp(struct bt_hci_s *hci)
+{
+ read_local_version_rp lv = {
+ .status = HCI_SUCCESS,
+ .hci_ver = 0x03,
+ .hci_rev = cpu_to_le16(0xa607),
+ .lmp_ver = 0x03,
+ .manufacturer = cpu_to_le16(0xa000),
+ .lmp_subver = cpu_to_le16(0xa607),
+ };
+
+ bt_hci_event_complete(hci, &lv, READ_LOCAL_VERSION_RP_SIZE);
+}
+
+static void bt_hci_read_local_commands_rp(struct bt_hci_s *hci)
+{
+ read_local_commands_rp lc = {
+ .status = HCI_SUCCESS,
+ .commands = {
+ /* Keep updated! */
+ /* Also, keep in sync with hci->device.lmp_caps in bt_new_hci */
+ 0xbf, 0x80, 0xf9, 0x03, 0xb2, 0xc0, 0x03, 0xc3,
+ 0x00, 0x0f, 0x80, 0x00, 0xc0, 0x00, 0xe8, 0x13,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ },
+ };
+
+ bt_hci_event_complete(hci, &lc, READ_LOCAL_COMMANDS_RP_SIZE);
+}
+
+static void bt_hci_read_local_features_rp(struct bt_hci_s *hci)
+{
+ read_local_features_rp lf = {
+ .status = HCI_SUCCESS,
+ .features = {
+ (hci->device.lmp_caps >> 0) & 0xff,
+ (hci->device.lmp_caps >> 8) & 0xff,
+ (hci->device.lmp_caps >> 16) & 0xff,
+ (hci->device.lmp_caps >> 24) & 0xff,
+ (hci->device.lmp_caps >> 32) & 0xff,
+ (hci->device.lmp_caps >> 40) & 0xff,
+ (hci->device.lmp_caps >> 48) & 0xff,
+ (hci->device.lmp_caps >> 56) & 0xff,
+ },
+ };
+
+ bt_hci_event_complete(hci, &lf, READ_LOCAL_FEATURES_RP_SIZE);
+}
+
+static void bt_hci_read_local_ext_features_rp(struct bt_hci_s *hci, int page)
+{
+ read_local_ext_features_rp lef = {
+ .status = HCI_SUCCESS,
+ .page_num = page,
+ .max_page_num = 0x00,
+ .features = {
+ /* Keep updated! */
+ 0x5f, 0x35, 0x85, 0x7e, 0x9b, 0x19, 0x00, 0x80,
+ },
+ };
+ if (page)
+ memset(lef.features, 0, sizeof(lef.features));
+
+ bt_hci_event_complete(hci, &lef, READ_LOCAL_EXT_FEATURES_RP_SIZE);
+}
+
+static void bt_hci_read_buffer_size_rp(struct bt_hci_s *hci)
+{
+ read_buffer_size_rp bs = {
+ /* This can be made configurable, for one standard USB dongle HCI
+ * the four values are cpu_to_le16(0x0180), 0x40,
+ * cpu_to_le16(0x0008), cpu_to_le16(0x0008). */
+ .status = HCI_SUCCESS,
+ .acl_mtu = cpu_to_le16(0x0200),
+ .sco_mtu = 0,
+ .acl_max_pkt = cpu_to_le16(0x0001),
+ .sco_max_pkt = cpu_to_le16(0x0000),
+ };
+
+ bt_hci_event_complete(hci, &bs, READ_BUFFER_SIZE_RP_SIZE);
+}
+
+/* Deprecated in V2.0 (page 661) */
+static void bt_hci_read_country_code_rp(struct bt_hci_s *hci)
+{
+ read_country_code_rp cc ={
+ .status = HCI_SUCCESS,
+ .country_code = 0x00, /* North America & Europe^1 and Japan */
+ };
+
+ bt_hci_event_complete(hci, &cc, READ_COUNTRY_CODE_RP_SIZE);
+
+ /* ^1. Except France, sorry */
+}
+
+static void bt_hci_read_bd_addr_rp(struct bt_hci_s *hci)
+{
+ read_bd_addr_rp ba = {
+ .status = HCI_SUCCESS,
+ .bdaddr = BAINIT(&hci->device.bd_addr),
+ };
+
+ bt_hci_event_complete(hci, &ba, READ_BD_ADDR_RP_SIZE);
+}
+
+static int bt_hci_link_quality_rp(struct bt_hci_s *hci, uint16_t handle)
+{
+ read_link_quality_rp lq = {
+ .status = HCI_SUCCESS,
+ .handle = HNDL(handle),
+ .link_quality = 0xff,
+ };
+
+ if (bt_hci_handle_bad(hci, handle))
+ lq.status = HCI_NO_CONNECTION;
+
+ bt_hci_event_complete(hci, &lq, READ_LINK_QUALITY_RP_SIZE);
+ return 0;
+}
+
+/* Generate a Command Complete event with only the Status parameter */
+static inline void bt_hci_event_complete_status(struct bt_hci_s *hci,
+ uint8_t status)
+{
+ bt_hci_event_complete(hci, &status, 1);
+}
+
+static inline void bt_hci_event_complete_conn_cancel(struct bt_hci_s *hci,
+ uint8_t status, bdaddr_t *bd_addr)
+{
+ create_conn_cancel_rp params = {
+ .status = status,
+ .bdaddr = BAINIT(bd_addr),
+ };
+
+ bt_hci_event_complete(hci, &params, CREATE_CONN_CANCEL_RP_SIZE);
+}
+
+static inline void bt_hci_event_auth_complete(struct bt_hci_s *hci,
+ uint16_t handle)
+{
+ evt_auth_complete params = {
+ .status = HCI_SUCCESS,
+ .handle = HNDL(handle),
+ };
+
+ bt_hci_event(hci, EVT_AUTH_COMPLETE, &params, EVT_AUTH_COMPLETE_SIZE);
+}
+
+static inline void bt_hci_event_encrypt_change(struct bt_hci_s *hci,
+ uint16_t handle, uint8_t mode)
+{
+ evt_encrypt_change params = {
+ .status = HCI_SUCCESS,
+ .handle = HNDL(handle),
+ .encrypt = mode,
+ };
+
+ bt_hci_event(hci, EVT_ENCRYPT_CHANGE, &params, EVT_ENCRYPT_CHANGE_SIZE);
+}
+
+static inline void bt_hci_event_complete_name_cancel(struct bt_hci_s *hci,
+ bdaddr_t *bd_addr)
+{
+ remote_name_req_cancel_rp params = {
+ .status = HCI_INVALID_PARAMETERS,
+ .bdaddr = BAINIT(bd_addr),
+ };
+
+ bt_hci_event_complete(hci, &params, REMOTE_NAME_REQ_CANCEL_RP_SIZE);
+}
+
+static inline void bt_hci_event_read_remote_ext_features(struct bt_hci_s *hci,
+ uint16_t handle)
+{
+ evt_read_remote_ext_features_complete params = {
+ .status = HCI_UNSUPPORTED_FEATURE,
+ .handle = HNDL(handle),
+ /* Rest uninitialised */
+ };
+
+ bt_hci_event(hci, EVT_READ_REMOTE_EXT_FEATURES_COMPLETE,
+ &params, EVT_READ_REMOTE_EXT_FEATURES_COMPLETE_SIZE);
+}
+
+static inline void bt_hci_event_complete_lmp_handle(struct bt_hci_s *hci,
+ uint16_t handle)
+{
+ read_lmp_handle_rp params = {
+ .status = HCI_NO_CONNECTION,
+ .handle = HNDL(handle),
+ .reserved = 0,
+ /* Rest uninitialised */
+ };
+
+ bt_hci_event_complete(hci, &params, READ_LMP_HANDLE_RP_SIZE);
+}
+
+static inline void bt_hci_event_complete_role_discovery(struct bt_hci_s *hci,
+ int status, uint16_t handle, int master)
+{
+ role_discovery_rp params = {
+ .status = status,
+ .handle = HNDL(handle),
+ .role = master ? 0x00 : 0x01,
+ };
+
+ bt_hci_event_complete(hci, &params, ROLE_DISCOVERY_RP_SIZE);
+}
+
+static inline void bt_hci_event_complete_flush(struct bt_hci_s *hci,
+ int status, uint16_t handle)
+{
+ flush_rp params = {
+ .status = status,
+ .handle = HNDL(handle),
+ };
+
+ bt_hci_event_complete(hci, &params, FLUSH_RP_SIZE);
+}
+
+static inline void bt_hci_event_complete_read_local_name(struct bt_hci_s *hci)
+{
+ read_local_name_rp params;
+ params.status = HCI_SUCCESS;
+ memset(params.name, 0, sizeof(params.name));
+ if (hci->device.lmp_name)
+ pstrcpy(params.name, sizeof(params.name), hci->device.lmp_name);
+
+ bt_hci_event_complete(hci, &params, READ_LOCAL_NAME_RP_SIZE);
+}
+
+static inline void bt_hci_event_complete_read_conn_accept_timeout(
+ struct bt_hci_s *hci)
+{
+ read_conn_accept_timeout_rp params = {
+ .status = HCI_SUCCESS,
+ .timeout = cpu_to_le16(hci->conn_accept_tout),
+ };
+
+ bt_hci_event_complete(hci, &params, READ_CONN_ACCEPT_TIMEOUT_RP_SIZE);
+}
+
+static inline void bt_hci_event_complete_read_scan_enable(struct bt_hci_s *hci)
+{
+ read_scan_enable_rp params = {
+ .status = HCI_SUCCESS,
+ .enable =
+ (hci->device.inquiry_scan ? SCAN_INQUIRY : 0) |
+ (hci->device.page_scan ? SCAN_PAGE : 0),
+ };
+
+ bt_hci_event_complete(hci, &params, READ_SCAN_ENABLE_RP_SIZE);
+}
+
+static inline void bt_hci_event_complete_read_local_class(struct bt_hci_s *hci)
+{
+ read_class_of_dev_rp params;
+
+ params.status = HCI_SUCCESS;
+ memcpy(params.dev_class, hci->device.class, sizeof(params.dev_class));
+
+ bt_hci_event_complete(hci, &params, READ_CLASS_OF_DEV_RP_SIZE);
+}
+
+static inline void bt_hci_event_complete_voice_setting(struct bt_hci_s *hci)
+{
+ read_voice_setting_rp params = {
+ .status = HCI_SUCCESS,
+ .voice_setting = hci->voice_setting, /* Note: no swapping */
+ };
+
+ bt_hci_event_complete(hci, &params, READ_VOICE_SETTING_RP_SIZE);
+}
+
+static inline void bt_hci_event_complete_read_inquiry_mode(
+ struct bt_hci_s *hci)
+{
+ read_inquiry_mode_rp params = {
+ .status = HCI_SUCCESS,
+ .mode = hci->lm.inquiry_mode,
+ };
+
+ bt_hci_event_complete(hci, &params, READ_INQUIRY_MODE_RP_SIZE);
+}
+
+static inline void bt_hci_event_num_comp_pkts(struct bt_hci_s *hci,
+ uint16_t handle, int packets)
+{
+ uint16_t buf[EVT_NUM_COMP_PKTS_SIZE(1) / 2 + 1];
+ evt_num_comp_pkts *params = (void *) ((uint8_t *) buf + 1);
+
+ params->num_hndl = 1;
+ params->connection->handle = HNDL(handle);
+ params->connection->num_packets = cpu_to_le16(packets);
+
+ bt_hci_event(hci, EVT_NUM_COMP_PKTS, params, EVT_NUM_COMP_PKTS_SIZE(1));
+}
+
+static void bt_submit_hci(struct HCIInfo *info,
+ const uint8_t *data, int length)
+{
+ struct bt_hci_s *hci = hci_from_info(info);
+ uint16_t cmd;
+ int paramlen, i;
+
+ if (length < HCI_COMMAND_HDR_SIZE)
+ goto short_hci;
+
+ memcpy(&hci->last_cmd, data, 2);
+
+ cmd = (data[1] << 8) | data[0];
+ paramlen = data[2];
+ if (cmd_opcode_ogf(cmd) == 0 || cmd_opcode_ocf(cmd) == 0) /* NOP */
+ return;
+
+ data += HCI_COMMAND_HDR_SIZE;
+ length -= HCI_COMMAND_HDR_SIZE;
+
+ if (paramlen > length)
+ return;
+
+#define PARAM(cmd, param) (((cmd##_cp *) data)->param)
+#define PARAM16(cmd, param) le16_to_cpup(&PARAM(cmd, param))
+#define PARAMHANDLE(cmd) HNDL(PARAM(cmd, handle))
+#define LENGTH_CHECK(cmd) if (length < sizeof(cmd##_cp)) goto short_hci
+ /* Note: the supported commands bitmask in bt_hci_read_local_commands_rp
+ * needs to be updated every time a command is implemented here! */
+ switch (cmd) {
+ case cmd_opcode_pack(OGF_LINK_CTL, OCF_INQUIRY):
+ LENGTH_CHECK(inquiry);
+
+ if (PARAM(inquiry, length) < 1) {
+ bt_hci_event_complete_status(hci, HCI_INVALID_PARAMETERS);
+ break;
+ }
+
+ hci->lm.inquire = 1;
+ hci->lm.periodic = 0;
+ hci->lm.responses_left = PARAM(inquiry, num_rsp) ?: INT_MAX;
+ hci->lm.responses = 0;
+ bt_hci_event_status(hci, HCI_SUCCESS);
+ bt_hci_inquiry_start(hci, PARAM(inquiry, length));
+ break;
+
+ case cmd_opcode_pack(OGF_LINK_CTL, OCF_INQUIRY_CANCEL):
+ if (!hci->lm.inquire || hci->lm.periodic) {
+ fprintf(stderr, "%s: Inquiry Cancel should only be issued after "
+ "the Inquiry command has been issued, a Command "
+ "Status event has been received for the Inquiry "
+ "command, and before the Inquiry Complete event "
+ "occurs", __FUNCTION__);
+ bt_hci_event_complete_status(hci, HCI_COMMAND_DISALLOWED);
+ break;
+ }
+
+ hci->lm.inquire = 0;
+ qemu_del_timer(hci->lm.inquiry_done);
+ bt_hci_event_complete_status(hci, HCI_SUCCESS);
+ break;
+
+ case cmd_opcode_pack(OGF_LINK_CTL, OCF_PERIODIC_INQUIRY):
+ LENGTH_CHECK(periodic_inquiry);
+
+ if (!(PARAM(periodic_inquiry, length) <
+ PARAM16(periodic_inquiry, min_period) &&
+ PARAM16(periodic_inquiry, min_period) <
+ PARAM16(periodic_inquiry, max_period)) ||
+ PARAM(periodic_inquiry, length) < 1 ||
+ PARAM16(periodic_inquiry, min_period) < 2 ||
+ PARAM16(periodic_inquiry, max_period) < 3) {
+ bt_hci_event_complete_status(hci, HCI_INVALID_PARAMETERS);
+ break;
+ }
+
+ hci->lm.inquire = 1;
+ hci->lm.periodic = 1;
+ hci->lm.responses_left = PARAM(periodic_inquiry, num_rsp);
+ hci->lm.responses = 0;
+ hci->lm.inquiry_period = PARAM16(periodic_inquiry, max_period);
+ bt_hci_event_complete_status(hci, HCI_SUCCESS);
+ bt_hci_inquiry_start(hci, PARAM(periodic_inquiry, length));
+ break;
+
+ case cmd_opcode_pack(OGF_LINK_CTL, OCF_EXIT_PERIODIC_INQUIRY):
+ if (!hci->lm.inquire || !hci->lm.periodic) {
+ fprintf(stderr, "%s: Inquiry Cancel should only be issued after "
+ "the Inquiry command has been issued, a Command "
+ "Status event has been received for the Inquiry "
+ "command, and before the Inquiry Complete event "
+ "occurs", __FUNCTION__);
+ bt_hci_event_complete_status(hci, HCI_COMMAND_DISALLOWED);
+ break;
+ }
+ hci->lm.inquire = 0;
+ qemu_del_timer(hci->lm.inquiry_done);
+ qemu_del_timer(hci->lm.inquiry_next);
+ bt_hci_event_complete_status(hci, HCI_SUCCESS);
+ break;
+
+ case cmd_opcode_pack(OGF_LINK_CTL, OCF_CREATE_CONN):
+ LENGTH_CHECK(create_conn);
+
+ if (hci->lm.connecting >= HCI_HANDLES_MAX) {
+ bt_hci_event_status(hci, HCI_REJECTED_LIMITED_RESOURCES);
+ break;
+ }
+ bt_hci_event_status(hci, HCI_SUCCESS);
+
+ if (bt_hci_connect(hci, &PARAM(create_conn, bdaddr)))
+ bt_hci_connection_reject_event(hci, &PARAM(create_conn, bdaddr));
+ break;
+
+ case cmd_opcode_pack(OGF_LINK_CTL, OCF_DISCONNECT):
+ LENGTH_CHECK(disconnect);
+
+ if (bt_hci_handle_bad(hci, PARAMHANDLE(disconnect))) {
+ bt_hci_event_status(hci, HCI_NO_CONNECTION);
+ break;
+ }
+
+ bt_hci_event_status(hci, HCI_SUCCESS);
+ bt_hci_disconnect(hci, PARAMHANDLE(disconnect),
+ PARAM(disconnect, reason));
+ break;
+
+ case cmd_opcode_pack(OGF_LINK_CTL, OCF_CREATE_CONN_CANCEL):
+ LENGTH_CHECK(create_conn_cancel);
+
+ if (bt_hci_lmp_connection_ready(hci,
+ &PARAM(create_conn_cancel, bdaddr))) {
+ for (i = 0; i < HCI_HANDLES_MAX; i ++)
+ if (bt_hci_role_master(hci, i) && hci->lm.handle[i].link &&
+ !bacmp(&hci->lm.handle[i].link->slave->bd_addr,
+ &PARAM(create_conn_cancel, bdaddr)))
+ break;
+
+ bt_hci_event_complete_conn_cancel(hci, i < HCI_HANDLES_MAX ?
+ HCI_ACL_CONNECTION_EXISTS : HCI_NO_CONNECTION,
+ &PARAM(create_conn_cancel, bdaddr));
+ } else
+ bt_hci_event_complete_conn_cancel(hci, HCI_SUCCESS,
+ &PARAM(create_conn_cancel, bdaddr));
+ break;
+
+ case cmd_opcode_pack(OGF_LINK_CTL, OCF_ACCEPT_CONN_REQ):
+ LENGTH_CHECK(accept_conn_req);
+
+ if (!hci->conn_req_host ||
+ bacmp(&PARAM(accept_conn_req, bdaddr),
+ &hci->conn_req_host->bd_addr)) {
+ bt_hci_event_status(hci, HCI_INVALID_PARAMETERS);
+ break;
+ }
+
+ bt_hci_event_status(hci, HCI_SUCCESS);
+ bt_hci_connection_accept(hci, hci->conn_req_host);
+ hci->conn_req_host = NULL;
+ break;
+
+ case cmd_opcode_pack(OGF_LINK_CTL, OCF_REJECT_CONN_REQ):
+ LENGTH_CHECK(reject_conn_req);
+
+ if (!hci->conn_req_host ||
+ bacmp(&PARAM(reject_conn_req, bdaddr),
+ &hci->conn_req_host->bd_addr)) {
+ bt_hci_event_status(hci, HCI_INVALID_PARAMETERS);
+ break;
+ }
+
+ bt_hci_event_status(hci, HCI_SUCCESS);
+ bt_hci_connection_reject(hci, hci->conn_req_host,
+ PARAM(reject_conn_req, reason));
+ bt_hci_connection_reject_event(hci, &hci->conn_req_host->bd_addr);
+ hci->conn_req_host = NULL;
+ break;
+
+ case cmd_opcode_pack(OGF_LINK_CTL, OCF_AUTH_REQUESTED):
+ LENGTH_CHECK(auth_requested);
+
+ if (bt_hci_handle_bad(hci, PARAMHANDLE(auth_requested)))
+ bt_hci_event_status(hci, HCI_NO_CONNECTION);
+ else {
+ bt_hci_event_status(hci, HCI_SUCCESS);
+ bt_hci_event_auth_complete(hci, PARAMHANDLE(auth_requested));
+ }
+ break;
+
+ case cmd_opcode_pack(OGF_LINK_CTL, OCF_SET_CONN_ENCRYPT):
+ LENGTH_CHECK(set_conn_encrypt);
+
+ if (bt_hci_handle_bad(hci, PARAMHANDLE(set_conn_encrypt)))
+ bt_hci_event_status(hci, HCI_NO_CONNECTION);
+ else {
+ bt_hci_event_status(hci, HCI_SUCCESS);
+ bt_hci_event_encrypt_change(hci,
+ PARAMHANDLE(set_conn_encrypt),
+ PARAM(set_conn_encrypt, encrypt));
+ }
+ break;
+
+ case cmd_opcode_pack(OGF_LINK_CTL, OCF_REMOTE_NAME_REQ):
+ LENGTH_CHECK(remote_name_req);
+
+ if (bt_hci_name_req(hci, &PARAM(remote_name_req, bdaddr)))
+ bt_hci_event_status(hci, HCI_NO_CONNECTION);
+ break;
+
+ case cmd_opcode_pack(OGF_LINK_CTL, OCF_REMOTE_NAME_REQ_CANCEL):
+ LENGTH_CHECK(remote_name_req_cancel);
+
+ bt_hci_event_complete_name_cancel(hci,
+ &PARAM(remote_name_req_cancel, bdaddr));
+ break;
+
+ case cmd_opcode_pack(OGF_LINK_CTL, OCF_READ_REMOTE_FEATURES):
+ LENGTH_CHECK(read_remote_features);
+
+ if (bt_hci_features_req(hci, PARAMHANDLE(read_remote_features)))
+ bt_hci_event_status(hci, HCI_NO_CONNECTION);
+ break;
+
+ case cmd_opcode_pack(OGF_LINK_CTL, OCF_READ_REMOTE_EXT_FEATURES):
+ LENGTH_CHECK(read_remote_ext_features);
+
+ if (bt_hci_handle_bad(hci, PARAMHANDLE(read_remote_ext_features)))
+ bt_hci_event_status(hci, HCI_NO_CONNECTION);
+ else {
+ bt_hci_event_status(hci, HCI_SUCCESS);
+ bt_hci_event_read_remote_ext_features(hci,
+ PARAMHANDLE(read_remote_ext_features));
+ }
+ break;
+
+ case cmd_opcode_pack(OGF_LINK_CTL, OCF_READ_REMOTE_VERSION):
+ LENGTH_CHECK(read_remote_version);
+
+ if (bt_hci_version_req(hci, PARAMHANDLE(read_remote_version)))
+ bt_hci_event_status(hci, HCI_NO_CONNECTION);
+ break;
+
+ case cmd_opcode_pack(OGF_LINK_CTL, OCF_READ_CLOCK_OFFSET):
+ LENGTH_CHECK(read_clock_offset);
+
+ if (bt_hci_clkoffset_req(hci, PARAMHANDLE(read_clock_offset)))
+ bt_hci_event_status(hci, HCI_NO_CONNECTION);
+ break;
+
+ case cmd_opcode_pack(OGF_LINK_CTL, OCF_READ_LMP_HANDLE):
+ LENGTH_CHECK(read_lmp_handle);
+
+ /* TODO: */
+ bt_hci_event_complete_lmp_handle(hci, PARAMHANDLE(read_lmp_handle));
+ break;
+
+ case cmd_opcode_pack(OGF_LINK_POLICY, OCF_HOLD_MODE):
+ LENGTH_CHECK(hold_mode);
+
+ if (PARAM16(hold_mode, min_interval) >
+ PARAM16(hold_mode, max_interval) ||
+ PARAM16(hold_mode, min_interval) < 0x0002 ||
+ PARAM16(hold_mode, max_interval) > 0xff00 ||
+ (PARAM16(hold_mode, min_interval) & 1) ||
+ (PARAM16(hold_mode, max_interval) & 1)) {
+ bt_hci_event_status(hci, HCI_INVALID_PARAMETERS);
+ break;
+ }
+
+ if (bt_hci_mode_change(hci, PARAMHANDLE(hold_mode),
+ PARAM16(hold_mode, max_interval),
+ acl_hold))
+ bt_hci_event_status(hci, HCI_NO_CONNECTION);
+ break;
+
+ case cmd_opcode_pack(OGF_LINK_POLICY, OCF_PARK_MODE):
+ LENGTH_CHECK(park_mode);
+
+ if (PARAM16(park_mode, min_interval) >
+ PARAM16(park_mode, max_interval) ||
+ PARAM16(park_mode, min_interval) < 0x000e ||
+ (PARAM16(park_mode, min_interval) & 1) ||
+ (PARAM16(park_mode, max_interval) & 1)) {
+ bt_hci_event_status(hci, HCI_INVALID_PARAMETERS);
+ break;
+ }
+
+ if (bt_hci_mode_change(hci, PARAMHANDLE(park_mode),
+ PARAM16(park_mode, max_interval),
+ acl_parked))
+ bt_hci_event_status(hci, HCI_NO_CONNECTION);
+ break;
+
+ case cmd_opcode_pack(OGF_LINK_POLICY, OCF_EXIT_PARK_MODE):
+ LENGTH_CHECK(exit_park_mode);
+
+ if (bt_hci_mode_cancel(hci, PARAMHANDLE(exit_park_mode),
+ acl_parked))
+ bt_hci_event_status(hci, HCI_NO_CONNECTION);
+ break;
+
+ case cmd_opcode_pack(OGF_LINK_POLICY, OCF_ROLE_DISCOVERY):
+ LENGTH_CHECK(role_discovery);
+
+ if (bt_hci_handle_bad(hci, PARAMHANDLE(role_discovery)))
+ bt_hci_event_complete_role_discovery(hci,
+ HCI_NO_CONNECTION, PARAMHANDLE(role_discovery), 0);
+ else
+ bt_hci_event_complete_role_discovery(hci,
+ HCI_SUCCESS, PARAMHANDLE(role_discovery),
+ bt_hci_role_master(hci,
+ PARAMHANDLE(role_discovery)));
+ break;
+
+ case cmd_opcode_pack(OGF_HOST_CTL, OCF_SET_EVENT_MASK):
+ LENGTH_CHECK(set_event_mask);
+
+ memcpy(hci->event_mask, PARAM(set_event_mask, mask), 8);
+ bt_hci_event_complete_status(hci, HCI_SUCCESS);
+ break;
+
+ case cmd_opcode_pack(OGF_HOST_CTL, OCF_RESET):
+ bt_hci_reset(hci);
+ bt_hci_event_status(hci, HCI_SUCCESS);
+ break;
+
+ case cmd_opcode_pack(OGF_HOST_CTL, OCF_SET_EVENT_FLT):
+ if (length >= 1 && PARAM(set_event_flt, flt_type) == FLT_CLEAR_ALL)
+ /* No length check */;
+ else
+ LENGTH_CHECK(set_event_flt);
+
+ /* Filters are not implemented */
+ bt_hci_event_complete_status(hci, HCI_SUCCESS);
+ break;
+
+ case cmd_opcode_pack(OGF_HOST_CTL, OCF_FLUSH):
+ LENGTH_CHECK(flush);
+
+ if (bt_hci_handle_bad(hci, PARAMHANDLE(flush)))
+ bt_hci_event_complete_flush(hci,
+ HCI_NO_CONNECTION, PARAMHANDLE(flush));
+ else {
+ /* TODO: ordering? */
+ bt_hci_event(hci, EVT_FLUSH_OCCURRED,
+ &PARAM(flush, handle),
+ EVT_FLUSH_OCCURRED_SIZE);
+ bt_hci_event_complete_flush(hci,
+ HCI_SUCCESS, PARAMHANDLE(flush));
+ }
+ break;
+
+ case cmd_opcode_pack(OGF_HOST_CTL, OCF_CHANGE_LOCAL_NAME):
+ LENGTH_CHECK(change_local_name);
+
+ if (hci->device.lmp_name)
+ g_free((void *) hci->device.lmp_name);
+ hci->device.lmp_name = g_strndup(PARAM(change_local_name, name),
+ sizeof(PARAM(change_local_name, name)));
+ bt_hci_event_complete_status(hci, HCI_SUCCESS);
+ break;
+
+ case cmd_opcode_pack(OGF_HOST_CTL, OCF_READ_LOCAL_NAME):
+ bt_hci_event_complete_read_local_name(hci);
+ break;
+
+ case cmd_opcode_pack(OGF_HOST_CTL, OCF_READ_CONN_ACCEPT_TIMEOUT):
+ bt_hci_event_complete_read_conn_accept_timeout(hci);
+ break;
+
+ case cmd_opcode_pack(OGF_HOST_CTL, OCF_WRITE_CONN_ACCEPT_TIMEOUT):
+ /* TODO */
+ LENGTH_CHECK(write_conn_accept_timeout);
+
+ if (PARAM16(write_conn_accept_timeout, timeout) < 0x0001 ||
+ PARAM16(write_conn_accept_timeout, timeout) > 0xb540) {
+ bt_hci_event_complete_status(hci, HCI_INVALID_PARAMETERS);
+ break;
+ }
+
+ hci->conn_accept_tout = PARAM16(write_conn_accept_timeout, timeout);
+ bt_hci_event_complete_status(hci, HCI_SUCCESS);
+ break;
+
+ case cmd_opcode_pack(OGF_HOST_CTL, OCF_READ_SCAN_ENABLE):
+ bt_hci_event_complete_read_scan_enable(hci);
+ break;
+
+ case cmd_opcode_pack(OGF_HOST_CTL, OCF_WRITE_SCAN_ENABLE):
+ LENGTH_CHECK(write_scan_enable);
+
+ /* TODO: check that the remaining bits are all 0 */
+ hci->device.inquiry_scan =
+ !!(PARAM(write_scan_enable, scan_enable) & SCAN_INQUIRY);
+ hci->device.page_scan =
+ !!(PARAM(write_scan_enable, scan_enable) & SCAN_PAGE);
+ bt_hci_event_complete_status(hci, HCI_SUCCESS);
+ break;
+
+ case cmd_opcode_pack(OGF_HOST_CTL, OCF_READ_CLASS_OF_DEV):
+ bt_hci_event_complete_read_local_class(hci);
+ break;
+
+ case cmd_opcode_pack(OGF_HOST_CTL, OCF_WRITE_CLASS_OF_DEV):
+ LENGTH_CHECK(write_class_of_dev);
+
+ memcpy(hci->device.class, PARAM(write_class_of_dev, dev_class),
+ sizeof(PARAM(write_class_of_dev, dev_class)));
+ bt_hci_event_complete_status(hci, HCI_SUCCESS);
+ break;
+
+ case cmd_opcode_pack(OGF_HOST_CTL, OCF_READ_VOICE_SETTING):
+ bt_hci_event_complete_voice_setting(hci);
+ break;
+
+ case cmd_opcode_pack(OGF_HOST_CTL, OCF_WRITE_VOICE_SETTING):
+ LENGTH_CHECK(write_voice_setting);
+
+ hci->voice_setting = PARAM(write_voice_setting, voice_setting);
+ bt_hci_event_complete_status(hci, HCI_SUCCESS);
+ break;
+
+ case cmd_opcode_pack(OGF_HOST_CTL, OCF_HOST_NUMBER_OF_COMPLETED_PACKETS):
+ if (length < data[0] * 2 + 1)
+ goto short_hci;
+
+ for (i = 0; i < data[0]; i ++)
+ if (bt_hci_handle_bad(hci,
+ data[i * 2 + 1] | (data[i * 2 + 2] << 8)))
+ bt_hci_event_complete_status(hci, HCI_INVALID_PARAMETERS);
+ break;
+
+ case cmd_opcode_pack(OGF_HOST_CTL, OCF_READ_INQUIRY_MODE):
+ /* Only if (local_features[3] & 0x40) && (local_commands[12] & 0x40)
+ * else
+ * goto unknown_command */
+ bt_hci_event_complete_read_inquiry_mode(hci);
+ break;
+
+ case cmd_opcode_pack(OGF_HOST_CTL, OCF_WRITE_INQUIRY_MODE):
+ /* Only if (local_features[3] & 0x40) && (local_commands[12] & 0x80)
+ * else
+ * goto unknown_command */
+ LENGTH_CHECK(write_inquiry_mode);
+
+ if (PARAM(write_inquiry_mode, mode) > 0x01) {
+ bt_hci_event_complete_status(hci, HCI_INVALID_PARAMETERS);
+ break;
+ }
+
+ hci->lm.inquiry_mode = PARAM(write_inquiry_mode, mode);
+ bt_hci_event_complete_status(hci, HCI_SUCCESS);
+ break;
+
+ case cmd_opcode_pack(OGF_INFO_PARAM, OCF_READ_LOCAL_VERSION):
+ bt_hci_read_local_version_rp(hci);
+ break;
+
+ case cmd_opcode_pack(OGF_INFO_PARAM, OCF_READ_LOCAL_COMMANDS):
+ bt_hci_read_local_commands_rp(hci);
+ break;
+
+ case cmd_opcode_pack(OGF_INFO_PARAM, OCF_READ_LOCAL_FEATURES):
+ bt_hci_read_local_features_rp(hci);
+ break;
+
+ case cmd_opcode_pack(OGF_INFO_PARAM, OCF_READ_LOCAL_EXT_FEATURES):
+ LENGTH_CHECK(read_local_ext_features);
+
+ bt_hci_read_local_ext_features_rp(hci,
+ PARAM(read_local_ext_features, page_num));
+ break;
+
+ case cmd_opcode_pack(OGF_INFO_PARAM, OCF_READ_BUFFER_SIZE):
+ bt_hci_read_buffer_size_rp(hci);
+ break;
+
+ case cmd_opcode_pack(OGF_INFO_PARAM, OCF_READ_COUNTRY_CODE):
+ bt_hci_read_country_code_rp(hci);
+ break;
+
+ case cmd_opcode_pack(OGF_INFO_PARAM, OCF_READ_BD_ADDR):
+ bt_hci_read_bd_addr_rp(hci);
+ break;
+
+ case cmd_opcode_pack(OGF_STATUS_PARAM, OCF_READ_LINK_QUALITY):
+ LENGTH_CHECK(read_link_quality);
+
+ bt_hci_link_quality_rp(hci, PARAMHANDLE(read_link_quality));
+ break;
+
+ default:
+ bt_hci_event_status(hci, HCI_UNKNOWN_COMMAND);
+ break;
+
+ short_hci:
+ fprintf(stderr, "%s: HCI packet too short (%iB)\n",
+ __FUNCTION__, length);
+ bt_hci_event_status(hci, HCI_INVALID_PARAMETERS);
+ break;
+ }
+}
+
+/* We could perform fragmentation here, we can't do "recombination" because
+ * at this layer the length of the payload is not know ahead, so we only
+ * know that a packet contained the last fragment of the SDU when the next
+ * SDU starts. */
+static inline void bt_hci_lmp_acl_data(struct bt_hci_s *hci, uint16_t handle,
+ const uint8_t *data, int start, int len)
+{
+ struct hci_acl_hdr *pkt = (void *) hci->acl_buf;
+
+ /* TODO: packet flags */
+ /* TODO: avoid memcpy'ing */
+
+ if (len + HCI_ACL_HDR_SIZE > sizeof(hci->acl_buf)) {
+ fprintf(stderr, "%s: can't take ACL packets %i bytes long\n",
+ __FUNCTION__, len);
+ return;
+ }
+ memcpy(hci->acl_buf + HCI_ACL_HDR_SIZE, data, len);
+
+ pkt->handle = cpu_to_le16(
+ acl_handle_pack(handle, start ? ACL_START : ACL_CONT));
+ pkt->dlen = cpu_to_le16(len);
+ hci->info.acl_recv(hci->info.opaque,
+ hci->acl_buf, len + HCI_ACL_HDR_SIZE);
+}
+
+static void bt_hci_lmp_acl_data_slave(struct bt_link_s *btlink,
+ const uint8_t *data, int start, int len)
+{
+ struct bt_hci_link_s *link = (struct bt_hci_link_s *) btlink;
+
+ bt_hci_lmp_acl_data(hci_from_device(btlink->slave),
+ link->handle, data, start, len);
+}
+
+static void bt_hci_lmp_acl_data_host(struct bt_link_s *link,
+ const uint8_t *data, int start, int len)
+{
+ bt_hci_lmp_acl_data(hci_from_device(link->host),
+ link->handle, data, start, len);
+}
+
+static void bt_submit_acl(struct HCIInfo *info,
+ const uint8_t *data, int length)
+{
+ struct bt_hci_s *hci = hci_from_info(info);
+ uint16_t handle;
+ int datalen, flags;
+ struct bt_link_s *link;
+
+ if (length < HCI_ACL_HDR_SIZE) {
+ fprintf(stderr, "%s: ACL packet too short (%iB)\n",
+ __FUNCTION__, length);
+ return;
+ }
+
+ handle = acl_handle((data[1] << 8) | data[0]);
+ flags = acl_flags((data[1] << 8) | data[0]);
+ datalen = (data[3] << 8) | data[2];
+ data += HCI_ACL_HDR_SIZE;
+ length -= HCI_ACL_HDR_SIZE;
+
+ if (bt_hci_handle_bad(hci, handle)) {
+ fprintf(stderr, "%s: invalid ACL handle %03x\n",
+ __FUNCTION__, handle);
+ /* TODO: signal an error */
+ return;
+ }
+ handle &= ~HCI_HANDLE_OFFSET;
+
+ if (datalen > length) {
+ fprintf(stderr, "%s: ACL packet too short (%iB < %iB)\n",
+ __FUNCTION__, length, datalen);
+ return;
+ }
+
+ link = hci->lm.handle[handle].link;
+
+ if ((flags & ~3) == ACL_ACTIVE_BCAST) {
+ if (!hci->asb_handle)
+ hci->asb_handle = handle;
+ else if (handle != hci->asb_handle) {
+ fprintf(stderr, "%s: Bad handle %03x in Active Slave Broadcast\n",
+ __FUNCTION__, handle);
+ /* TODO: signal an error */
+ return;
+ }
+
+ /* TODO */
+ }
+
+ if ((flags & ~3) == ACL_PICO_BCAST) {
+ if (!hci->psb_handle)
+ hci->psb_handle = handle;
+ else if (handle != hci->psb_handle) {
+ fprintf(stderr, "%s: Bad handle %03x in Parked Slave Broadcast\n",
+ __FUNCTION__, handle);
+ /* TODO: signal an error */
+ return;
+ }
+
+ /* TODO */
+ }
+
+ /* TODO: increase counter and send EVT_NUM_COMP_PKTS */
+ bt_hci_event_num_comp_pkts(hci, handle | HCI_HANDLE_OFFSET, 1);
+
+ /* Do this last as it can trigger further events even in this HCI */
+ hci->lm.handle[handle].lmp_acl_data(link, data,
+ (flags & 3) == ACL_START, length);
+}
+
+static void bt_submit_sco(struct HCIInfo *info,
+ const uint8_t *data, int length)
+{
+ struct bt_hci_s *hci = hci_from_info(info);
+ uint16_t handle;
+ int datalen;
+
+ if (length < 3)
+ return;
+
+ handle = acl_handle((data[1] << 8) | data[0]);
+ datalen = data[2];
+ length -= 3;
+
+ if (bt_hci_handle_bad(hci, handle)) {
+ fprintf(stderr, "%s: invalid SCO handle %03x\n",
+ __FUNCTION__, handle);
+ return;
+ }
+
+ if (datalen > length) {
+ fprintf(stderr, "%s: SCO packet too short (%iB < %iB)\n",
+ __FUNCTION__, length, datalen);
+ return;
+ }
+
+ /* TODO */
+
+ /* TODO: increase counter and send EVT_NUM_COMP_PKTS if synchronous
+ * Flow Control is enabled.
+ * (See Read/Write_Synchronous_Flow_Control_Enable on page 513 and
+ * page 514.) */
+}
+
+static uint8_t *bt_hci_evt_packet(void *opaque)
+{
+ /* TODO: allocate a packet from upper layer */
+ struct bt_hci_s *s = opaque;
+
+ return s->evt_buf;
+}
+
+static void bt_hci_evt_submit(void *opaque, int len)
+{
+ /* TODO: notify upper layer */
+ struct bt_hci_s *s = opaque;
+
+ s->info.evt_recv(s->info.opaque, s->evt_buf, len);
+}
+
+static int bt_hci_bdaddr_set(struct HCIInfo *info, const uint8_t *bd_addr)
+{
+ struct bt_hci_s *hci = hci_from_info(info);
+
+ bacpy(&hci->device.bd_addr, (const bdaddr_t *) bd_addr);
+ return 0;
+}
+
+static void bt_hci_done(struct HCIInfo *info);
+static void bt_hci_destroy(struct bt_device_s *dev)
+{
+ struct bt_hci_s *hci = hci_from_device(dev);
+
+ bt_hci_done(&hci->info);
+}
+
+struct HCIInfo *bt_new_hci(struct bt_scatternet_s *net)
+{
+ struct bt_hci_s *s = g_malloc0(sizeof(struct bt_hci_s));
+
+ s->lm.inquiry_done = qemu_new_timer_ns(vm_clock, bt_hci_inquiry_done, s);
+ s->lm.inquiry_next = qemu_new_timer_ns(vm_clock, bt_hci_inquiry_next, s);
+ s->conn_accept_timer =
+ qemu_new_timer_ns(vm_clock, bt_hci_conn_accept_timeout, s);
+
+ s->evt_packet = bt_hci_evt_packet;
+ s->evt_submit = bt_hci_evt_submit;
+ s->opaque = s;
+
+ bt_device_init(&s->device, net);
+ s->device.lmp_connection_request = bt_hci_lmp_connection_request;
+ s->device.lmp_connection_complete = bt_hci_lmp_connection_complete;
+ s->device.lmp_disconnect_master = bt_hci_lmp_disconnect_host;
+ s->device.lmp_disconnect_slave = bt_hci_lmp_disconnect_slave;
+ s->device.lmp_acl_data = bt_hci_lmp_acl_data_slave;
+ s->device.lmp_acl_resp = bt_hci_lmp_acl_data_host;
+ s->device.lmp_mode_change = bt_hci_lmp_mode_change_slave;
+
+ /* Keep updated! */
+ /* Also keep in sync with supported commands bitmask in
+ * bt_hci_read_local_commands_rp */
+ s->device.lmp_caps = 0x8000199b7e85355fll;
+
+ bt_hci_reset(s);
+
+ s->info.cmd_send = bt_submit_hci;
+ s->info.sco_send = bt_submit_sco;
+ s->info.acl_send = bt_submit_acl;
+ s->info.bdaddr_set = bt_hci_bdaddr_set;
+
+ s->device.handle_destroy = bt_hci_destroy;
+
+ return &s->info;
+}
+
+static void bt_hci_done(struct HCIInfo *info)
+{
+ struct bt_hci_s *hci = hci_from_info(info);
+ int handle;
+
+ bt_device_done(&hci->device);
+
+ if (hci->device.lmp_name)
+ g_free((void *) hci->device.lmp_name);
+
+ /* Be gentle and send DISCONNECT to all connected peers and those
+ * currently waiting for us to accept or reject a connection request.
+ * This frees the links. */
+ if (hci->conn_req_host) {
+ bt_hci_connection_reject(hci,
+ hci->conn_req_host, HCI_OE_POWER_OFF);
+ return;
+ }
+
+ for (handle = HCI_HANDLE_OFFSET;
+ handle < (HCI_HANDLE_OFFSET | HCI_HANDLES_MAX); handle ++)
+ if (!bt_hci_handle_bad(hci, handle))
+ bt_hci_disconnect(hci, handle, HCI_OE_POWER_OFF);
+
+ /* TODO: this is not enough actually, there may be slaves from whom
+ * we have requested a connection who will soon (or not) respond with
+ * an accept or a reject, so we should also check if hci->lm.connecting
+ * is non-zero and if so, avoid freeing the hci but otherwise disappear
+ * from all qemu social life (e.g. stop scanning and request to be
+ * removed from s->device.net) and arrange for
+ * s->device.lmp_connection_complete to free the remaining bits once
+ * hci->lm.awaiting_bdaddr[] is empty. */
+
+ qemu_free_timer(hci->lm.inquiry_done);
+ qemu_free_timer(hci->lm.inquiry_next);
+ qemu_free_timer(hci->conn_accept_timer);
+
+ g_free(hci);
+}
diff --git a/hw/bt/hid.c b/hw/bt/hid.c
new file mode 100644
index 000000000..af494e1e0
--- /dev/null
+++ b/hw/bt/hid.c
@@ -0,0 +1,553 @@
+/*
+ * QEMU Bluetooth HID Profile wrapper for USB HID.
+ *
+ * Copyright (C) 2007-2008 OpenMoko, Inc.
+ * Written by Andrzej Zaborowski <andrew@openedhand.com>
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License as
+ * published by the Free Software Foundation; either version 2 or
+ * (at your option) version 3 of the License.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "qemu-common.h"
+#include "qemu/timer.h"
+#include "ui/console.h"
+#include "hw/input/hid.h"
+#include "hw/bt.h"
+
+enum hid_transaction_req {
+ BT_HANDSHAKE = 0x0,
+ BT_HID_CONTROL = 0x1,
+ BT_GET_REPORT = 0x4,
+ BT_SET_REPORT = 0x5,
+ BT_GET_PROTOCOL = 0x6,
+ BT_SET_PROTOCOL = 0x7,
+ BT_GET_IDLE = 0x8,
+ BT_SET_IDLE = 0x9,
+ BT_DATA = 0xa,
+ BT_DATC = 0xb,
+};
+
+enum hid_transaction_handshake {
+ BT_HS_SUCCESSFUL = 0x0,
+ BT_HS_NOT_READY = 0x1,
+ BT_HS_ERR_INVALID_REPORT_ID = 0x2,
+ BT_HS_ERR_UNSUPPORTED_REQUEST = 0x3,
+ BT_HS_ERR_INVALID_PARAMETER = 0x4,
+ BT_HS_ERR_UNKNOWN = 0xe,
+ BT_HS_ERR_FATAL = 0xf,
+};
+
+enum hid_transaction_control {
+ BT_HC_NOP = 0x0,
+ BT_HC_HARD_RESET = 0x1,
+ BT_HC_SOFT_RESET = 0x2,
+ BT_HC_SUSPEND = 0x3,
+ BT_HC_EXIT_SUSPEND = 0x4,
+ BT_HC_VIRTUAL_CABLE_UNPLUG = 0x5,
+};
+
+enum hid_protocol {
+ BT_HID_PROTO_BOOT = 0,
+ BT_HID_PROTO_REPORT = 1,
+};
+
+enum hid_boot_reportid {
+ BT_HID_BOOT_INVALID = 0,
+ BT_HID_BOOT_KEYBOARD,
+ BT_HID_BOOT_MOUSE,
+};
+
+enum hid_data_pkt {
+ BT_DATA_OTHER = 0,
+ BT_DATA_INPUT,
+ BT_DATA_OUTPUT,
+ BT_DATA_FEATURE,
+};
+
+#define BT_HID_MTU 48
+
+/* HID interface requests */
+#define GET_REPORT 0xa101
+#define GET_IDLE 0xa102
+#define GET_PROTOCOL 0xa103
+#define SET_REPORT 0x2109
+#define SET_IDLE 0x210a
+#define SET_PROTOCOL 0x210b
+
+struct bt_hid_device_s {
+ struct bt_l2cap_device_s btdev;
+ struct bt_l2cap_conn_params_s *control;
+ struct bt_l2cap_conn_params_s *interrupt;
+ HIDState hid;
+
+ int proto;
+ int connected;
+ int data_type;
+ int intr_state;
+ struct {
+ int len;
+ uint8_t buffer[1024];
+ } dataother, datain, dataout, feature, intrdataout;
+ enum {
+ bt_state_ready,
+ bt_state_transaction,
+ bt_state_suspend,
+ } state;
+};
+
+static void bt_hid_reset(struct bt_hid_device_s *s)
+{
+ struct bt_scatternet_s *net = s->btdev.device.net;
+
+ /* Go as far as... */
+ bt_l2cap_device_done(&s->btdev);
+ bt_l2cap_device_init(&s->btdev, net);
+
+ hid_reset(&s->hid);
+ s->proto = BT_HID_PROTO_REPORT;
+ s->state = bt_state_ready;
+ s->dataother.len = 0;
+ s->datain.len = 0;
+ s->dataout.len = 0;
+ s->feature.len = 0;
+ s->intrdataout.len = 0;
+ s->intr_state = 0;
+}
+
+static int bt_hid_out(struct bt_hid_device_s *s)
+{
+ if (s->data_type == BT_DATA_OUTPUT) {
+ /* nothing */
+ ;
+ }
+
+ if (s->data_type == BT_DATA_FEATURE) {
+ /* XXX:
+ * does this send a USB_REQ_CLEAR_FEATURE/USB_REQ_SET_FEATURE
+ * or a SET_REPORT? */
+ ;
+ }
+
+ return -1;
+}
+
+static int bt_hid_in(struct bt_hid_device_s *s)
+{
+ s->datain.len = hid_keyboard_poll(&s->hid, s->datain.buffer,
+ sizeof(s->datain.buffer));
+ return s->datain.len;
+}
+
+static void bt_hid_send_handshake(struct bt_hid_device_s *s, int result)
+{
+ *s->control->sdu_out(s->control, 1) =
+ (BT_HANDSHAKE << 4) | result;
+ s->control->sdu_submit(s->control);
+}
+
+static void bt_hid_send_control(struct bt_hid_device_s *s, int operation)
+{
+ *s->control->sdu_out(s->control, 1) =
+ (BT_HID_CONTROL << 4) | operation;
+ s->control->sdu_submit(s->control);
+}
+
+static void bt_hid_disconnect(struct bt_hid_device_s *s)
+{
+ /* Disconnect s->control and s->interrupt */
+}
+
+static void bt_hid_send_data(struct bt_l2cap_conn_params_s *ch, int type,
+ const uint8_t *data, int len)
+{
+ uint8_t *pkt, hdr = (BT_DATA << 4) | type;
+ int plen;
+
+ do {
+ plen = MIN(len, ch->remote_mtu - 1);
+ pkt = ch->sdu_out(ch, plen + 1);
+
+ pkt[0] = hdr;
+ if (plen)
+ memcpy(pkt + 1, data, plen);
+ ch->sdu_submit(ch);
+
+ len -= plen;
+ data += plen;
+ hdr = (BT_DATC << 4) | type;
+ } while (plen == ch->remote_mtu - 1);
+}
+
+static void bt_hid_control_transaction(struct bt_hid_device_s *s,
+ const uint8_t *data, int len)
+{
+ uint8_t type, parameter;
+ int rlen, ret = -1;
+ if (len < 1)
+ return;
+
+ type = data[0] >> 4;
+ parameter = data[0] & 0xf;
+
+ switch (type) {
+ case BT_HANDSHAKE:
+ case BT_DATA:
+ switch (parameter) {
+ default:
+ /* These are not expected to be sent this direction. */
+ ret = BT_HS_ERR_INVALID_PARAMETER;
+ }
+ break;
+
+ case BT_HID_CONTROL:
+ if (len != 1 || (parameter != BT_HC_VIRTUAL_CABLE_UNPLUG &&
+ s->state == bt_state_transaction)) {
+ ret = BT_HS_ERR_INVALID_PARAMETER;
+ break;
+ }
+ switch (parameter) {
+ case BT_HC_NOP:
+ break;
+ case BT_HC_HARD_RESET:
+ case BT_HC_SOFT_RESET:
+ bt_hid_reset(s);
+ break;
+ case BT_HC_SUSPEND:
+ if (s->state == bt_state_ready)
+ s->state = bt_state_suspend;
+ else
+ ret = BT_HS_ERR_INVALID_PARAMETER;
+ break;
+ case BT_HC_EXIT_SUSPEND:
+ if (s->state == bt_state_suspend)
+ s->state = bt_state_ready;
+ else
+ ret = BT_HS_ERR_INVALID_PARAMETER;
+ break;
+ case BT_HC_VIRTUAL_CABLE_UNPLUG:
+ bt_hid_disconnect(s);
+ break;
+ default:
+ ret = BT_HS_ERR_INVALID_PARAMETER;
+ }
+ break;
+
+ case BT_GET_REPORT:
+ /* No ReportIDs declared. */
+ if (((parameter & 8) && len != 3) ||
+ (!(parameter & 8) && len != 1) ||
+ s->state != bt_state_ready) {
+ ret = BT_HS_ERR_INVALID_PARAMETER;
+ break;
+ }
+ if (parameter & 8)
+ rlen = data[2] | (data[3] << 8);
+ else
+ rlen = INT_MAX;
+ switch (parameter & 3) {
+ case BT_DATA_OTHER:
+ ret = BT_HS_ERR_INVALID_PARAMETER;
+ break;
+ case BT_DATA_INPUT:
+ /* Here we can as well poll s->usbdev */
+ bt_hid_send_data(s->control, BT_DATA_INPUT,
+ s->datain.buffer, MIN(rlen, s->datain.len));
+ break;
+ case BT_DATA_OUTPUT:
+ bt_hid_send_data(s->control, BT_DATA_OUTPUT,
+ s->dataout.buffer, MIN(rlen, s->dataout.len));
+ break;
+ case BT_DATA_FEATURE:
+ bt_hid_send_data(s->control, BT_DATA_FEATURE,
+ s->feature.buffer, MIN(rlen, s->feature.len));
+ break;
+ }
+ break;
+
+ case BT_SET_REPORT:
+ if (len < 2 || len > BT_HID_MTU || s->state != bt_state_ready ||
+ (parameter & 3) == BT_DATA_OTHER ||
+ (parameter & 3) == BT_DATA_INPUT) {
+ ret = BT_HS_ERR_INVALID_PARAMETER;
+ break;
+ }
+ s->data_type = parameter & 3;
+ if (s->data_type == BT_DATA_OUTPUT) {
+ s->dataout.len = len - 1;
+ memcpy(s->dataout.buffer, data + 1, s->dataout.len);
+ } else {
+ s->feature.len = len - 1;
+ memcpy(s->feature.buffer, data + 1, s->feature.len);
+ }
+ if (len == BT_HID_MTU)
+ s->state = bt_state_transaction;
+ else
+ bt_hid_out(s);
+ break;
+
+ case BT_GET_PROTOCOL:
+ if (len != 1 || s->state == bt_state_transaction) {
+ ret = BT_HS_ERR_INVALID_PARAMETER;
+ break;
+ }
+ *s->control->sdu_out(s->control, 1) = s->proto;
+ s->control->sdu_submit(s->control);
+ break;
+
+ case BT_SET_PROTOCOL:
+ if (len != 1 || s->state == bt_state_transaction ||
+ (parameter != BT_HID_PROTO_BOOT &&
+ parameter != BT_HID_PROTO_REPORT)) {
+ ret = BT_HS_ERR_INVALID_PARAMETER;
+ break;
+ }
+ s->proto = parameter;
+ s->hid.protocol = parameter;
+ ret = BT_HS_SUCCESSFUL;
+ break;
+
+ case BT_GET_IDLE:
+ if (len != 1 || s->state == bt_state_transaction) {
+ ret = BT_HS_ERR_INVALID_PARAMETER;
+ break;
+ }
+ *s->control->sdu_out(s->control, 1) = s->hid.idle;
+ s->control->sdu_submit(s->control);
+ break;
+
+ case BT_SET_IDLE:
+ if (len != 2 || s->state == bt_state_transaction) {
+ ret = BT_HS_ERR_INVALID_PARAMETER;
+ break;
+ }
+
+ s->hid.idle = data[1];
+ /* XXX: Does this generate a handshake? */
+ break;
+
+ case BT_DATC:
+ if (len > BT_HID_MTU || s->state != bt_state_transaction) {
+ ret = BT_HS_ERR_INVALID_PARAMETER;
+ break;
+ }
+ if (s->data_type == BT_DATA_OUTPUT) {
+ memcpy(s->dataout.buffer + s->dataout.len, data + 1, len - 1);
+ s->dataout.len += len - 1;
+ } else {
+ memcpy(s->feature.buffer + s->feature.len, data + 1, len - 1);
+ s->feature.len += len - 1;
+ }
+ if (len < BT_HID_MTU) {
+ bt_hid_out(s);
+ s->state = bt_state_ready;
+ }
+ break;
+
+ default:
+ ret = BT_HS_ERR_UNSUPPORTED_REQUEST;
+ }
+
+ if (ret != -1)
+ bt_hid_send_handshake(s, ret);
+}
+
+static void bt_hid_control_sdu(void *opaque, const uint8_t *data, int len)
+{
+ struct bt_hid_device_s *hid = opaque;
+
+ bt_hid_control_transaction(hid, data, len);
+}
+
+static void bt_hid_datain(HIDState *hs)
+{
+ struct bt_hid_device_s *hid =
+ container_of(hs, struct bt_hid_device_s, hid);
+
+ /* If suspended, wake-up and send a wake-up event first. We might
+ * want to also inspect the input report and ignore event like
+ * mouse movements until a button event occurs. */
+ if (hid->state == bt_state_suspend) {
+ hid->state = bt_state_ready;
+ }
+
+ if (bt_hid_in(hid) > 0)
+ /* TODO: when in boot-mode precede any Input reports with the ReportID
+ * byte, here and in GetReport/SetReport on the Control channel. */
+ bt_hid_send_data(hid->interrupt, BT_DATA_INPUT,
+ hid->datain.buffer, hid->datain.len);
+}
+
+static void bt_hid_interrupt_sdu(void *opaque, const uint8_t *data, int len)
+{
+ struct bt_hid_device_s *hid = opaque;
+
+ if (len > BT_HID_MTU || len < 1)
+ goto bad;
+ if ((data[0] & 3) != BT_DATA_OUTPUT)
+ goto bad;
+ if ((data[0] >> 4) == BT_DATA) {
+ if (hid->intr_state)
+ goto bad;
+
+ hid->data_type = BT_DATA_OUTPUT;
+ hid->intrdataout.len = 0;
+ } else if ((data[0] >> 4) == BT_DATC) {
+ if (!hid->intr_state)
+ goto bad;
+ } else
+ goto bad;
+
+ memcpy(hid->intrdataout.buffer + hid->intrdataout.len, data + 1, len - 1);
+ hid->intrdataout.len += len - 1;
+ hid->intr_state = (len == BT_HID_MTU);
+ if (!hid->intr_state) {
+ memcpy(hid->dataout.buffer, hid->intrdataout.buffer,
+ hid->dataout.len = hid->intrdataout.len);
+ bt_hid_out(hid);
+ }
+
+ return;
+bad:
+ fprintf(stderr, "%s: bad transaction on Interrupt channel.\n",
+ __FUNCTION__);
+}
+
+/* "Virtual cable" plug/unplug event. */
+static void bt_hid_connected_update(struct bt_hid_device_s *hid)
+{
+ int prev = hid->connected;
+
+ hid->connected = hid->control && hid->interrupt;
+
+ /* Stop page-/inquiry-scanning when a host is connected. */
+ hid->btdev.device.page_scan = !hid->connected;
+ hid->btdev.device.inquiry_scan = !hid->connected;
+
+ if (hid->connected && !prev) {
+ hid_reset(&hid->hid);
+ hid->proto = BT_HID_PROTO_REPORT;
+ }
+
+ /* Should set HIDVirtualCable in SDP (possibly need to check that SDP
+ * isn't destroyed yet, in case we're being called from handle_destroy) */
+}
+
+static void bt_hid_close_control(void *opaque)
+{
+ struct bt_hid_device_s *hid = opaque;
+
+ hid->control = NULL;
+ bt_hid_connected_update(hid);
+}
+
+static void bt_hid_close_interrupt(void *opaque)
+{
+ struct bt_hid_device_s *hid = opaque;
+
+ hid->interrupt = NULL;
+ bt_hid_connected_update(hid);
+}
+
+static int bt_hid_new_control_ch(struct bt_l2cap_device_s *dev,
+ struct bt_l2cap_conn_params_s *params)
+{
+ struct bt_hid_device_s *hid = (struct bt_hid_device_s *) dev;
+
+ if (hid->control)
+ return 1;
+
+ hid->control = params;
+ hid->control->opaque = hid;
+ hid->control->close = bt_hid_close_control;
+ hid->control->sdu_in = bt_hid_control_sdu;
+
+ bt_hid_connected_update(hid);
+
+ return 0;
+}
+
+static int bt_hid_new_interrupt_ch(struct bt_l2cap_device_s *dev,
+ struct bt_l2cap_conn_params_s *params)
+{
+ struct bt_hid_device_s *hid = (struct bt_hid_device_s *) dev;
+
+ if (hid->interrupt)
+ return 1;
+
+ hid->interrupt = params;
+ hid->interrupt->opaque = hid;
+ hid->interrupt->close = bt_hid_close_interrupt;
+ hid->interrupt->sdu_in = bt_hid_interrupt_sdu;
+
+ bt_hid_connected_update(hid);
+
+ return 0;
+}
+
+static void bt_hid_destroy(struct bt_device_s *dev)
+{
+ struct bt_hid_device_s *hid = (struct bt_hid_device_s *) dev;
+
+ if (hid->connected)
+ bt_hid_send_control(hid, BT_HC_VIRTUAL_CABLE_UNPLUG);
+ bt_l2cap_device_done(&hid->btdev);
+
+ hid_free(&hid->hid);
+
+ g_free(hid);
+}
+
+enum peripheral_minor_class {
+ class_other = 0 << 4,
+ class_keyboard = 1 << 4,
+ class_pointing = 2 << 4,
+ class_combo = 3 << 4,
+};
+
+static struct bt_device_s *bt_hid_init(struct bt_scatternet_s *net,
+ enum peripheral_minor_class minor)
+{
+ struct bt_hid_device_s *s = g_malloc0(sizeof(*s));
+ uint32_t class =
+ /* Format type */
+ (0 << 0) |
+ /* Device class */
+ (minor << 2) |
+ (5 << 8) | /* "Peripheral" */
+ /* Service classes */
+ (1 << 13) | /* Limited discoverable mode */
+ (1 << 19); /* Capturing device (?) */
+
+ bt_l2cap_device_init(&s->btdev, net);
+ bt_l2cap_sdp_init(&s->btdev);
+ bt_l2cap_psm_register(&s->btdev, BT_PSM_HID_CTRL,
+ BT_HID_MTU, bt_hid_new_control_ch);
+ bt_l2cap_psm_register(&s->btdev, BT_PSM_HID_INTR,
+ BT_HID_MTU, bt_hid_new_interrupt_ch);
+
+ hid_init(&s->hid, HID_KEYBOARD, bt_hid_datain);
+ s->btdev.device.lmp_name = "BT Keyboard";
+
+ s->btdev.device.handle_destroy = bt_hid_destroy;
+
+ s->btdev.device.class[0] = (class >> 0) & 0xff;
+ s->btdev.device.class[1] = (class >> 8) & 0xff;
+ s->btdev.device.class[2] = (class >> 16) & 0xff;
+
+ return &s->btdev.device;
+}
+
+struct bt_device_s *bt_keyboard_init(struct bt_scatternet_s *net)
+{
+ return bt_hid_init(net, class_keyboard);
+}
diff --git a/hw/bt/l2cap.c b/hw/bt/l2cap.c
new file mode 100644
index 000000000..521587a11
--- /dev/null
+++ b/hw/bt/l2cap.c
@@ -0,0 +1,1365 @@
+/*
+ * QEMU Bluetooth L2CAP logic.
+ *
+ * Copyright (C) 2008 Andrzej Zaborowski <balrog@zabor.org>
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License as
+ * published by the Free Software Foundation; either version 2 of
+ * the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "qemu-common.h"
+#include "qemu/timer.h"
+#include "hw/bt.h"
+
+#define L2CAP_CID_MAX 0x100 /* Between 0x40 and 0x10000 */
+
+struct l2cap_instance_s {
+ struct bt_link_s *link;
+ struct bt_l2cap_device_s *dev;
+ int role;
+
+ uint8_t frame_in[65535 + L2CAP_HDR_SIZE] __attribute__ ((aligned (4)));
+ int frame_in_len;
+
+ uint8_t frame_out[65535 + L2CAP_HDR_SIZE] __attribute__ ((aligned (4)));
+ int frame_out_len;
+
+ /* Signalling channel timers. They exist per-request but we can make
+ * sure we have no more than one outstanding request at any time. */
+ QEMUTimer *rtx;
+ QEMUTimer *ertx;
+
+ int last_id;
+ int next_id;
+
+ struct l2cap_chan_s {
+ struct bt_l2cap_conn_params_s params;
+
+ void (*frame_in)(struct l2cap_chan_s *chan, uint16_t cid,
+ const l2cap_hdr *hdr, int len);
+ int mps;
+ int min_mtu;
+
+ struct l2cap_instance_s *l2cap;
+
+ /* Only allocated channels */
+ uint16_t remote_cid;
+#define L2CAP_CFG_INIT 2
+#define L2CAP_CFG_ACC 1
+ int config_req_id; /* TODO: handle outgoing requests generically */
+ int config;
+
+ /* Only connection-oriented channels. Note: if we allow the tx and
+ * rx traffic to be in different modes at any time, we need two. */
+ int mode;
+
+ /* Only flow-controlled, connection-oriented channels */
+ uint8_t sdu[65536]; /* TODO: dynamically allocate */
+ int len_cur, len_total;
+ int rexmit;
+ int monitor_timeout;
+ QEMUTimer *monitor_timer;
+ QEMUTimer *retransmission_timer;
+ } *cid[L2CAP_CID_MAX];
+ /* The channel state machine states map as following:
+ * CLOSED -> !cid[N]
+ * WAIT_CONNECT -> never occurs
+ * WAIT_CONNECT_RSP -> never occurs
+ * CONFIG -> cid[N] && config < 3
+ * WAIT_CONFIG -> never occurs, cid[N] && config == 0 && !config_r
+ * WAIT_SEND_CONFIG -> never occurs, cid[N] && config == 1 && !config_r
+ * WAIT_CONFIG_REQ_RSP -> cid[N] && config == 0 && config_req_id
+ * WAIT_CONFIG_RSP -> cid[N] && config == 1 && config_req_id
+ * WAIT_CONFIG_REQ -> cid[N] && config == 2
+ * OPEN -> cid[N] && config == 3
+ * WAIT_DISCONNECT -> never occurs
+ */
+
+ struct l2cap_chan_s signalling_ch;
+ struct l2cap_chan_s group_ch;
+};
+
+struct slave_l2cap_instance_s {
+ struct bt_link_s link; /* Underlying logical link (ACL) */
+ struct l2cap_instance_s l2cap;
+};
+
+struct bt_l2cap_psm_s {
+ int psm;
+ int min_mtu;
+ int (*new_channel)(struct bt_l2cap_device_s *device,
+ struct bt_l2cap_conn_params_s *params);
+ struct bt_l2cap_psm_s *next;
+};
+
+static const uint16_t l2cap_fcs16_table[256] = {
+ 0x0000, 0xc0c1, 0xc181, 0x0140, 0xc301, 0x03c0, 0x0280, 0xc241,
+ 0xc601, 0x06c0, 0x0780, 0xc741, 0x0500, 0xc5c1, 0xc481, 0x0440,
+ 0xcc01, 0x0cc0, 0x0d80, 0xcd41, 0x0f00, 0xcfc1, 0xce81, 0x0e40,
+ 0x0a00, 0xcac1, 0xcb81, 0x0b40, 0xc901, 0x09c0, 0x0880, 0xc841,
+ 0xd801, 0x18c0, 0x1980, 0xd941, 0x1b00, 0xdbc1, 0xda81, 0x1a40,
+ 0x1e00, 0xdec1, 0xdf81, 0x1f40, 0xdd01, 0x1dc0, 0x1c80, 0xdc41,
+ 0x1400, 0xd4c1, 0xd581, 0x1540, 0xd701, 0x17c0, 0x1680, 0xd641,
+ 0xd201, 0x12c0, 0x1380, 0xd341, 0x1100, 0xd1c1, 0xd081, 0x1040,
+ 0xf001, 0x30c0, 0x3180, 0xf141, 0x3300, 0xf3c1, 0xf281, 0x3240,
+ 0x3600, 0xf6c1, 0xf781, 0x3740, 0xf501, 0x35c0, 0x3480, 0xf441,
+ 0x3c00, 0xfcc1, 0xfd81, 0x3d40, 0xff01, 0x3fc0, 0x3e80, 0xfe41,
+ 0xfa01, 0x3ac0, 0x3b80, 0xfb41, 0x3900, 0xf9c1, 0xf881, 0x3840,
+ 0x2800, 0xe8c1, 0xe981, 0x2940, 0xeb01, 0x2bc0, 0x2a80, 0xea41,
+ 0xee01, 0x2ec0, 0x2f80, 0xef41, 0x2d00, 0xedc1, 0xec81, 0x2c40,
+ 0xe401, 0x24c0, 0x2580, 0xe541, 0x2700, 0xe7c1, 0xe681, 0x2640,
+ 0x2200, 0xe2c1, 0xe381, 0x2340, 0xe101, 0x21c0, 0x2080, 0xe041,
+ 0xa001, 0x60c0, 0x6180, 0xa141, 0x6300, 0xa3c1, 0xa281, 0x6240,
+ 0x6600, 0xa6c1, 0xa781, 0x6740, 0xa501, 0x65c0, 0x6480, 0xa441,
+ 0x6c00, 0xacc1, 0xad81, 0x6d40, 0xaf01, 0x6fc0, 0x6e80, 0xae41,
+ 0xaa01, 0x6ac0, 0x6b80, 0xab41, 0x6900, 0xa9c1, 0xa881, 0x6840,
+ 0x7800, 0xb8c1, 0xb981, 0x7940, 0xbb01, 0x7bc0, 0x7a80, 0xba41,
+ 0xbe01, 0x7ec0, 0x7f80, 0xbf41, 0x7d00, 0xbdc1, 0xbc81, 0x7c40,
+ 0xb401, 0x74c0, 0x7580, 0xb541, 0x7700, 0xb7c1, 0xb681, 0x7640,
+ 0x7200, 0xb2c1, 0xb381, 0x7340, 0xb101, 0x71c0, 0x7080, 0xb041,
+ 0x5000, 0x90c1, 0x9181, 0x5140, 0x9301, 0x53c0, 0x5280, 0x9241,
+ 0x9601, 0x56c0, 0x5780, 0x9741, 0x5500, 0x95c1, 0x9481, 0x5440,
+ 0x9c01, 0x5cc0, 0x5d80, 0x9d41, 0x5f00, 0x9fc1, 0x9e81, 0x5e40,
+ 0x5a00, 0x9ac1, 0x9b81, 0x5b40, 0x9901, 0x59c0, 0x5880, 0x9841,
+ 0x8801, 0x48c0, 0x4980, 0x8941, 0x4b00, 0x8bc1, 0x8a81, 0x4a40,
+ 0x4e00, 0x8ec1, 0x8f81, 0x4f40, 0x8d01, 0x4dc0, 0x4c80, 0x8c41,
+ 0x4400, 0x84c1, 0x8581, 0x4540, 0x8701, 0x47c0, 0x4680, 0x8641,
+ 0x8201, 0x42c0, 0x4380, 0x8341, 0x4100, 0x81c1, 0x8081, 0x4040,
+};
+
+static uint16_t l2cap_fcs16(const uint8_t *message, int len)
+{
+ uint16_t fcs = 0x0000;
+
+ while (len --)
+#if 0
+ {
+ int i;
+
+ fcs ^= *message ++;
+ for (i = 8; i; -- i)
+ if (fcs & 1)
+ fcs = (fcs >> 1) ^ 0xa001;
+ else
+ fcs = (fcs >> 1);
+ }
+#else
+ fcs = (fcs >> 8) ^ l2cap_fcs16_table[(fcs ^ *message ++) & 0xff];
+#endif
+
+ return fcs;
+}
+
+/* L2CAP layer logic (protocol) */
+
+static void l2cap_retransmission_timer_update(struct l2cap_chan_s *ch)
+{
+#if 0
+ if (ch->mode != L2CAP_MODE_BASIC && ch->rexmit)
+ qemu_mod_timer(ch->retransmission_timer);
+ else
+ qemu_del_timer(ch->retransmission_timer);
+#endif
+}
+
+static void l2cap_monitor_timer_update(struct l2cap_chan_s *ch)
+{
+#if 0
+ if (ch->mode != L2CAP_MODE_BASIC && !ch->rexmit)
+ qemu_mod_timer(ch->monitor_timer);
+ else
+ qemu_del_timer(ch->monitor_timer);
+#endif
+}
+
+static void l2cap_command_reject(struct l2cap_instance_s *l2cap, int id,
+ uint16_t reason, const void *data, int plen)
+{
+ uint8_t *pkt;
+ l2cap_cmd_hdr *hdr;
+ l2cap_cmd_rej *params;
+ uint16_t len;
+
+ reason = cpu_to_le16(reason);
+ len = cpu_to_le16(L2CAP_CMD_REJ_SIZE + plen);
+
+ pkt = l2cap->signalling_ch.params.sdu_out(&l2cap->signalling_ch.params,
+ L2CAP_CMD_HDR_SIZE + L2CAP_CMD_REJ_SIZE + plen);
+ hdr = (void *) (pkt + 0);
+ params = (void *) (pkt + L2CAP_CMD_HDR_SIZE);
+
+ hdr->code = L2CAP_COMMAND_REJ;
+ hdr->ident = id;
+ memcpy(&hdr->len, &len, sizeof(hdr->len));
+ memcpy(&params->reason, &reason, sizeof(reason));
+ if (plen)
+ memcpy(pkt + L2CAP_CMD_HDR_SIZE + L2CAP_CMD_REJ_SIZE, data, plen);
+
+ l2cap->signalling_ch.params.sdu_submit(&l2cap->signalling_ch.params);
+}
+
+static void l2cap_command_reject_cid(struct l2cap_instance_s *l2cap, int id,
+ uint16_t reason, uint16_t dcid, uint16_t scid)
+{
+ l2cap_cmd_rej_cid params = {
+ .dcid = dcid,
+ .scid = scid,
+ };
+
+ l2cap_command_reject(l2cap, id, reason, &params, L2CAP_CMD_REJ_CID_SIZE);
+}
+
+static void l2cap_connection_response(struct l2cap_instance_s *l2cap,
+ int dcid, int scid, int result, int status)
+{
+ uint8_t *pkt;
+ l2cap_cmd_hdr *hdr;
+ l2cap_conn_rsp *params;
+
+ pkt = l2cap->signalling_ch.params.sdu_out(&l2cap->signalling_ch.params,
+ L2CAP_CMD_HDR_SIZE + L2CAP_CONN_RSP_SIZE);
+ hdr = (void *) (pkt + 0);
+ params = (void *) (pkt + L2CAP_CMD_HDR_SIZE);
+
+ hdr->code = L2CAP_CONN_RSP;
+ hdr->ident = l2cap->last_id;
+ hdr->len = cpu_to_le16(L2CAP_CONN_RSP_SIZE);
+
+ params->dcid = cpu_to_le16(dcid);
+ params->scid = cpu_to_le16(scid);
+ params->result = cpu_to_le16(result);
+ params->status = cpu_to_le16(status);
+
+ l2cap->signalling_ch.params.sdu_submit(&l2cap->signalling_ch.params);
+}
+
+static void l2cap_configuration_request(struct l2cap_instance_s *l2cap,
+ int dcid, int flag, const uint8_t *data, int len)
+{
+ uint8_t *pkt;
+ l2cap_cmd_hdr *hdr;
+ l2cap_conf_req *params;
+
+ pkt = l2cap->signalling_ch.params.sdu_out(&l2cap->signalling_ch.params,
+ L2CAP_CMD_HDR_SIZE + L2CAP_CONF_REQ_SIZE(len));
+ hdr = (void *) (pkt + 0);
+ params = (void *) (pkt + L2CAP_CMD_HDR_SIZE);
+
+ /* TODO: unify the id sequencing */
+ l2cap->last_id = l2cap->next_id;
+ l2cap->next_id = l2cap->next_id == 255 ? 1 : l2cap->next_id + 1;
+
+ hdr->code = L2CAP_CONF_REQ;
+ hdr->ident = l2cap->last_id;
+ hdr->len = cpu_to_le16(L2CAP_CONF_REQ_SIZE(len));
+
+ params->dcid = cpu_to_le16(dcid);
+ params->flags = cpu_to_le16(flag);
+ if (len)
+ memcpy(params->data, data, len);
+
+ l2cap->signalling_ch.params.sdu_submit(&l2cap->signalling_ch.params);
+}
+
+static void l2cap_configuration_response(struct l2cap_instance_s *l2cap,
+ int scid, int flag, int result, const uint8_t *data, int len)
+{
+ uint8_t *pkt;
+ l2cap_cmd_hdr *hdr;
+ l2cap_conf_rsp *params;
+
+ pkt = l2cap->signalling_ch.params.sdu_out(&l2cap->signalling_ch.params,
+ L2CAP_CMD_HDR_SIZE + L2CAP_CONF_RSP_SIZE(len));
+ hdr = (void *) (pkt + 0);
+ params = (void *) (pkt + L2CAP_CMD_HDR_SIZE);
+
+ hdr->code = L2CAP_CONF_RSP;
+ hdr->ident = l2cap->last_id;
+ hdr->len = cpu_to_le16(L2CAP_CONF_RSP_SIZE(len));
+
+ params->scid = cpu_to_le16(scid);
+ params->flags = cpu_to_le16(flag);
+ params->result = cpu_to_le16(result);
+ if (len)
+ memcpy(params->data, data, len);
+
+ l2cap->signalling_ch.params.sdu_submit(&l2cap->signalling_ch.params);
+}
+
+static void l2cap_disconnection_response(struct l2cap_instance_s *l2cap,
+ int dcid, int scid)
+{
+ uint8_t *pkt;
+ l2cap_cmd_hdr *hdr;
+ l2cap_disconn_rsp *params;
+
+ pkt = l2cap->signalling_ch.params.sdu_out(&l2cap->signalling_ch.params,
+ L2CAP_CMD_HDR_SIZE + L2CAP_DISCONN_RSP_SIZE);
+ hdr = (void *) (pkt + 0);
+ params = (void *) (pkt + L2CAP_CMD_HDR_SIZE);
+
+ hdr->code = L2CAP_DISCONN_RSP;
+ hdr->ident = l2cap->last_id;
+ hdr->len = cpu_to_le16(L2CAP_DISCONN_RSP_SIZE);
+
+ params->dcid = cpu_to_le16(dcid);
+ params->scid = cpu_to_le16(scid);
+
+ l2cap->signalling_ch.params.sdu_submit(&l2cap->signalling_ch.params);
+}
+
+static void l2cap_echo_response(struct l2cap_instance_s *l2cap,
+ const uint8_t *data, int len)
+{
+ uint8_t *pkt;
+ l2cap_cmd_hdr *hdr;
+ uint8_t *params;
+
+ pkt = l2cap->signalling_ch.params.sdu_out(&l2cap->signalling_ch.params,
+ L2CAP_CMD_HDR_SIZE + len);
+ hdr = (void *) (pkt + 0);
+ params = (void *) (pkt + L2CAP_CMD_HDR_SIZE);
+
+ hdr->code = L2CAP_ECHO_RSP;
+ hdr->ident = l2cap->last_id;
+ hdr->len = cpu_to_le16(len);
+
+ memcpy(params, data, len);
+
+ l2cap->signalling_ch.params.sdu_submit(&l2cap->signalling_ch.params);
+}
+
+static void l2cap_info_response(struct l2cap_instance_s *l2cap, int type,
+ int result, const uint8_t *data, int len)
+{
+ uint8_t *pkt;
+ l2cap_cmd_hdr *hdr;
+ l2cap_info_rsp *params;
+
+ pkt = l2cap->signalling_ch.params.sdu_out(&l2cap->signalling_ch.params,
+ L2CAP_CMD_HDR_SIZE + L2CAP_INFO_RSP_SIZE + len);
+ hdr = (void *) (pkt + 0);
+ params = (void *) (pkt + L2CAP_CMD_HDR_SIZE);
+
+ hdr->code = L2CAP_INFO_RSP;
+ hdr->ident = l2cap->last_id;
+ hdr->len = cpu_to_le16(L2CAP_INFO_RSP_SIZE + len);
+
+ params->type = cpu_to_le16(type);
+ params->result = cpu_to_le16(result);
+ if (len)
+ memcpy(params->data, data, len);
+
+ l2cap->signalling_ch.params.sdu_submit(&l2cap->signalling_ch.params);
+}
+
+static uint8_t *l2cap_bframe_out(struct bt_l2cap_conn_params_s *parm, int len);
+static void l2cap_bframe_submit(struct bt_l2cap_conn_params_s *parms);
+#if 0
+static uint8_t *l2cap_iframe_out(struct bt_l2cap_conn_params_s *parm, int len);
+static void l2cap_iframe_submit(struct bt_l2cap_conn_params_s *parm);
+#endif
+static void l2cap_bframe_in(struct l2cap_chan_s *ch, uint16_t cid,
+ const l2cap_hdr *hdr, int len);
+static void l2cap_iframe_in(struct l2cap_chan_s *ch, uint16_t cid,
+ const l2cap_hdr *hdr, int len);
+
+static int l2cap_cid_new(struct l2cap_instance_s *l2cap)
+{
+ int i;
+
+ for (i = L2CAP_CID_ALLOC; i < L2CAP_CID_MAX; i ++)
+ if (!l2cap->cid[i])
+ return i;
+
+ return L2CAP_CID_INVALID;
+}
+
+static inline struct bt_l2cap_psm_s *l2cap_psm(
+ struct bt_l2cap_device_s *device, int psm)
+{
+ struct bt_l2cap_psm_s *ret = device->first_psm;
+
+ while (ret && ret->psm != psm)
+ ret = ret->next;
+
+ return ret;
+}
+
+static struct l2cap_chan_s *l2cap_channel_open(struct l2cap_instance_s *l2cap,
+ int psm, int source_cid)
+{
+ struct l2cap_chan_s *ch = NULL;
+ struct bt_l2cap_psm_s *psm_info;
+ int result, status;
+ int cid = l2cap_cid_new(l2cap);
+
+ if (cid) {
+ /* See what the channel is to be used for.. */
+ psm_info = l2cap_psm(l2cap->dev, psm);
+
+ if (psm_info) {
+ /* Device supports this use-case. */
+ ch = g_malloc0(sizeof(*ch));
+ ch->params.sdu_out = l2cap_bframe_out;
+ ch->params.sdu_submit = l2cap_bframe_submit;
+ ch->frame_in = l2cap_bframe_in;
+ ch->mps = 65536;
+ ch->min_mtu = MAX(48, psm_info->min_mtu);
+ ch->params.remote_mtu = MAX(672, ch->min_mtu);
+ ch->remote_cid = source_cid;
+ ch->mode = L2CAP_MODE_BASIC;
+ ch->l2cap = l2cap;
+
+ /* Does it feel like opening yet another channel though? */
+ if (!psm_info->new_channel(l2cap->dev, &ch->params)) {
+ l2cap->cid[cid] = ch;
+
+ result = L2CAP_CR_SUCCESS;
+ status = L2CAP_CS_NO_INFO;
+ } else {
+ g_free(ch);
+
+ result = L2CAP_CR_NO_MEM;
+ status = L2CAP_CS_NO_INFO;
+ }
+ } else {
+ result = L2CAP_CR_BAD_PSM;
+ status = L2CAP_CS_NO_INFO;
+ }
+ } else {
+ result = L2CAP_CR_NO_MEM;
+ status = L2CAP_CS_NO_INFO;
+ }
+
+ l2cap_connection_response(l2cap, cid, source_cid, result, status);
+
+ return ch;
+}
+
+static void l2cap_channel_close(struct l2cap_instance_s *l2cap,
+ int cid, int source_cid)
+{
+ struct l2cap_chan_s *ch = NULL;
+
+ /* According to Volume 3, section 6.1.1, pg 1048 of BT Core V2.0, a
+ * connection in CLOSED state still responds with a L2CAP_DisconnectRsp
+ * message on an L2CAP_DisconnectReq event. */
+ if (unlikely(cid < L2CAP_CID_ALLOC)) {
+ l2cap_command_reject_cid(l2cap, l2cap->last_id, L2CAP_REJ_CID_INVAL,
+ cid, source_cid);
+ return;
+ }
+ if (likely(cid >= L2CAP_CID_ALLOC && cid < L2CAP_CID_MAX))
+ ch = l2cap->cid[cid];
+
+ if (likely(ch)) {
+ if (ch->remote_cid != source_cid) {
+ fprintf(stderr, "%s: Ignoring a Disconnection Request with the "
+ "invalid SCID %04x.\n", __FUNCTION__, source_cid);
+ return;
+ }
+
+ l2cap->cid[cid] = NULL;
+
+ ch->params.close(ch->params.opaque);
+ g_free(ch);
+ }
+
+ l2cap_disconnection_response(l2cap, cid, source_cid);
+}
+
+static void l2cap_channel_config_null(struct l2cap_instance_s *l2cap,
+ struct l2cap_chan_s *ch)
+{
+ l2cap_configuration_request(l2cap, ch->remote_cid, 0, NULL, 0);
+ ch->config_req_id = l2cap->last_id;
+ ch->config &= ~L2CAP_CFG_INIT;
+}
+
+static void l2cap_channel_config_req_event(struct l2cap_instance_s *l2cap,
+ struct l2cap_chan_s *ch)
+{
+ /* Use all default channel options and terminate negotiation. */
+ l2cap_channel_config_null(l2cap, ch);
+}
+
+static int l2cap_channel_config(struct l2cap_instance_s *l2cap,
+ struct l2cap_chan_s *ch, int flag,
+ const uint8_t *data, int len)
+{
+ l2cap_conf_opt *opt;
+ l2cap_conf_opt_qos *qos;
+ uint32_t val;
+ uint8_t rsp[len];
+ int result = L2CAP_CONF_SUCCESS;
+
+ data = memcpy(rsp, data, len);
+ while (len) {
+ opt = (void *) data;
+
+ if (len < L2CAP_CONF_OPT_SIZE ||
+ len < L2CAP_CONF_OPT_SIZE + opt->len) {
+ result = L2CAP_CONF_REJECT;
+ break;
+ }
+ data += L2CAP_CONF_OPT_SIZE + opt->len;
+ len -= L2CAP_CONF_OPT_SIZE + opt->len;
+
+ switch (opt->type & 0x7f) {
+ case L2CAP_CONF_MTU:
+ if (opt->len != 2) {
+ result = L2CAP_CONF_REJECT;
+ break;
+ }
+
+ /* MTU */
+ val = le16_to_cpup((void *) opt->val);
+ if (val < ch->min_mtu) {
+ cpu_to_le16w((void *) opt->val, ch->min_mtu);
+ result = L2CAP_CONF_UNACCEPT;
+ break;
+ }
+
+ ch->params.remote_mtu = val;
+ break;
+
+ case L2CAP_CONF_FLUSH_TO:
+ if (opt->len != 2) {
+ result = L2CAP_CONF_REJECT;
+ break;
+ }
+
+ /* Flush Timeout */
+ val = le16_to_cpup((void *) opt->val);
+ if (val < 0x0001) {
+ opt->val[0] = 0xff;
+ opt->val[1] = 0xff;
+ result = L2CAP_CONF_UNACCEPT;
+ break;
+ }
+ break;
+
+ case L2CAP_CONF_QOS:
+ if (opt->len != L2CAP_CONF_OPT_QOS_SIZE) {
+ result = L2CAP_CONF_REJECT;
+ break;
+ }
+ qos = (void *) opt->val;
+
+ /* Flags */
+ val = qos->flags;
+ if (val) {
+ qos->flags = 0;
+ result = L2CAP_CONF_UNACCEPT;
+ }
+
+ /* Service type */
+ val = qos->service_type;
+ if (val != L2CAP_CONF_QOS_BEST_EFFORT &&
+ val != L2CAP_CONF_QOS_NO_TRAFFIC) {
+ qos->service_type = L2CAP_CONF_QOS_BEST_EFFORT;
+ result = L2CAP_CONF_UNACCEPT;
+ }
+
+ if (val != L2CAP_CONF_QOS_NO_TRAFFIC) {
+ /* XXX: These values should possibly be calculated
+ * based on LM / baseband properties also. */
+
+ /* Token rate */
+ val = le32_to_cpu(qos->token_rate);
+ if (val == L2CAP_CONF_QOS_WILDCARD)
+ qos->token_rate = cpu_to_le32(0x100000);
+
+ /* Token bucket size */
+ val = le32_to_cpu(qos->token_bucket_size);
+ if (val == L2CAP_CONF_QOS_WILDCARD)
+ qos->token_bucket_size = cpu_to_le32(65500);
+
+ /* Any Peak bandwidth value is correct to return as-is */
+ /* Any Access latency value is correct to return as-is */
+ /* Any Delay variation value is correct to return as-is */
+ }
+ break;
+
+ case L2CAP_CONF_RFC:
+ if (opt->len != 9) {
+ result = L2CAP_CONF_REJECT;
+ break;
+ }
+
+ /* Mode */
+ val = opt->val[0];
+ switch (val) {
+ case L2CAP_MODE_BASIC:
+ ch->mode = val;
+ ch->frame_in = l2cap_bframe_in;
+
+ /* All other parameters shall be ignored */
+ break;
+
+ case L2CAP_MODE_RETRANS:
+ case L2CAP_MODE_FLOWCTL:
+ ch->mode = val;
+ ch->frame_in = l2cap_iframe_in;
+ /* Note: most of these parameters refer to incoming traffic
+ * so we don't need to save them as long as we can accept
+ * incoming PDUs at any values of the parameters. */
+
+ /* TxWindow size */
+ val = opt->val[1];
+ if (val < 1 || val > 32) {
+ opt->val[1] = 32;
+ result = L2CAP_CONF_UNACCEPT;
+ break;
+ }
+
+ /* MaxTransmit */
+ val = opt->val[2];
+ if (val < 1) {
+ opt->val[2] = 1;
+ result = L2CAP_CONF_UNACCEPT;
+ break;
+ }
+
+ /* Remote Retransmission time-out shouldn't affect local
+ * operation (?) */
+
+ /* The Monitor time-out drives the local Monitor timer (?),
+ * so save the value. */
+ val = (opt->val[6] << 8) | opt->val[5];
+ if (val < 30) {
+ opt->val[5] = 100 & 0xff;
+ opt->val[6] = 100 >> 8;
+ result = L2CAP_CONF_UNACCEPT;
+ break;
+ }
+ ch->monitor_timeout = val;
+ l2cap_monitor_timer_update(ch);
+
+ /* MPS */
+ val = (opt->val[8] << 8) | opt->val[7];
+ if (val < ch->min_mtu) {
+ opt->val[7] = ch->min_mtu & 0xff;
+ opt->val[8] = ch->min_mtu >> 8;
+ result = L2CAP_CONF_UNACCEPT;
+ break;
+ }
+ ch->mps = val;
+ break;
+
+ default:
+ result = L2CAP_CONF_UNACCEPT;
+ break;
+ }
+ break;
+
+ default:
+ if (!(opt->type >> 7))
+ result = L2CAP_CONF_UNKNOWN;
+ break;
+ }
+
+ if (result != L2CAP_CONF_SUCCESS)
+ break; /* XXX: should continue? */
+ }
+
+ l2cap_configuration_response(l2cap, ch->remote_cid,
+ flag, result, rsp, len);
+
+ return result == L2CAP_CONF_SUCCESS && !flag;
+}
+
+static void l2cap_channel_config_req_msg(struct l2cap_instance_s *l2cap,
+ int flag, int cid, const uint8_t *data, int len)
+{
+ struct l2cap_chan_s *ch;
+
+ if (unlikely(cid >= L2CAP_CID_MAX || !l2cap->cid[cid])) {
+ l2cap_command_reject_cid(l2cap, l2cap->last_id, L2CAP_REJ_CID_INVAL,
+ cid, 0x0000);
+ return;
+ }
+ ch = l2cap->cid[cid];
+
+ /* From OPEN go to WAIT_CONFIG_REQ and from WAIT_CONFIG_REQ_RSP to
+ * WAIT_CONFIG_REQ_RSP. This is assuming the transition chart for OPEN
+ * on pg 1053, section 6.1.5, volume 3 of BT Core V2.0 has a mistake
+ * and on options-acceptable we go back to OPEN and otherwise to
+ * WAIT_CONFIG_REQ and not the other way. */
+ ch->config &= ~L2CAP_CFG_ACC;
+
+ if (l2cap_channel_config(l2cap, ch, flag, data, len))
+ /* Go to OPEN or WAIT_CONFIG_RSP */
+ ch->config |= L2CAP_CFG_ACC;
+
+ /* TODO: if the incoming traffic flow control or retransmission mode
+ * changed then we probably need to also generate the
+ * ConfigureChannel_Req event and set the outgoing traffic to the same
+ * mode. */
+ if (!(ch->config & L2CAP_CFG_INIT) && (ch->config & L2CAP_CFG_ACC) &&
+ !ch->config_req_id)
+ l2cap_channel_config_req_event(l2cap, ch);
+}
+
+static int l2cap_channel_config_rsp_msg(struct l2cap_instance_s *l2cap,
+ int result, int flag, int cid, const uint8_t *data, int len)
+{
+ struct l2cap_chan_s *ch;
+
+ if (unlikely(cid >= L2CAP_CID_MAX || !l2cap->cid[cid])) {
+ l2cap_command_reject_cid(l2cap, l2cap->last_id, L2CAP_REJ_CID_INVAL,
+ cid, 0x0000);
+ return 0;
+ }
+ ch = l2cap->cid[cid];
+
+ if (ch->config_req_id != l2cap->last_id)
+ return 1;
+ ch->config_req_id = 0;
+
+ if (result == L2CAP_CONF_SUCCESS) {
+ if (!flag)
+ ch->config |= L2CAP_CFG_INIT;
+ else
+ l2cap_channel_config_null(l2cap, ch);
+ } else
+ /* Retry until we succeed */
+ l2cap_channel_config_req_event(l2cap, ch);
+
+ return 0;
+}
+
+static void l2cap_channel_open_req_msg(struct l2cap_instance_s *l2cap,
+ int psm, int source_cid)
+{
+ struct l2cap_chan_s *ch = l2cap_channel_open(l2cap, psm, source_cid);
+
+ if (!ch)
+ return;
+
+ /* Optional */
+ if (!(ch->config & L2CAP_CFG_INIT) && !ch->config_req_id)
+ l2cap_channel_config_req_event(l2cap, ch);
+}
+
+static void l2cap_info(struct l2cap_instance_s *l2cap, int type)
+{
+ uint8_t data[4];
+ int len = 0;
+ int result = L2CAP_IR_SUCCESS;
+
+ switch (type) {
+ case L2CAP_IT_CL_MTU:
+ data[len ++] = l2cap->group_ch.mps & 0xff;
+ data[len ++] = l2cap->group_ch.mps >> 8;
+ break;
+
+ case L2CAP_IT_FEAT_MASK:
+ /* (Prematurely) report Flow control and Retransmission modes. */
+ data[len ++] = 0x03;
+ data[len ++] = 0x00;
+ data[len ++] = 0x00;
+ data[len ++] = 0x00;
+ break;
+
+ default:
+ result = L2CAP_IR_NOTSUPP;
+ }
+
+ l2cap_info_response(l2cap, type, result, data, len);
+}
+
+static void l2cap_command(struct l2cap_instance_s *l2cap, int code, int id,
+ const uint8_t *params, int len)
+{
+ int err;
+
+#if 0
+ /* TODO: do the IDs really have to be in sequence? */
+ if (!id || (id != l2cap->last_id && id != l2cap->next_id)) {
+ fprintf(stderr, "%s: out of sequence command packet ignored.\n",
+ __FUNCTION__);
+ return;
+ }
+#else
+ l2cap->next_id = id;
+#endif
+ if (id == l2cap->next_id) {
+ l2cap->last_id = l2cap->next_id;
+ l2cap->next_id = l2cap->next_id == 255 ? 1 : l2cap->next_id + 1;
+ } else {
+ /* TODO: Need to re-send the same response, without re-executing
+ * the corresponding command! */
+ }
+
+ switch (code) {
+ case L2CAP_COMMAND_REJ:
+ if (unlikely(len != 2 && len != 4 && len != 6)) {
+ err = L2CAP_REJ_CMD_NOT_UNDERSTOOD;
+ goto reject;
+ }
+
+ /* We never issue commands other than Command Reject currently. */
+ fprintf(stderr, "%s: stray Command Reject (%02x, %04x) "
+ "packet, ignoring.\n", __FUNCTION__, id,
+ le16_to_cpu(((l2cap_cmd_rej *) params)->reason));
+ break;
+
+ case L2CAP_CONN_REQ:
+ if (unlikely(len != L2CAP_CONN_REQ_SIZE)) {
+ err = L2CAP_REJ_CMD_NOT_UNDERSTOOD;
+ goto reject;
+ }
+
+ l2cap_channel_open_req_msg(l2cap,
+ le16_to_cpu(((l2cap_conn_req *) params)->psm),
+ le16_to_cpu(((l2cap_conn_req *) params)->scid));
+ break;
+
+ case L2CAP_CONN_RSP:
+ if (unlikely(len != L2CAP_CONN_RSP_SIZE)) {
+ err = L2CAP_REJ_CMD_NOT_UNDERSTOOD;
+ goto reject;
+ }
+
+ /* We never issue Connection Requests currently. TODO */
+ fprintf(stderr, "%s: unexpected Connection Response (%02x) "
+ "packet, ignoring.\n", __FUNCTION__, id);
+ break;
+
+ case L2CAP_CONF_REQ:
+ if (unlikely(len < L2CAP_CONF_REQ_SIZE(0))) {
+ err = L2CAP_REJ_CMD_NOT_UNDERSTOOD;
+ goto reject;
+ }
+
+ l2cap_channel_config_req_msg(l2cap,
+ le16_to_cpu(((l2cap_conf_req *) params)->flags) & 1,
+ le16_to_cpu(((l2cap_conf_req *) params)->dcid),
+ ((l2cap_conf_req *) params)->data,
+ len - L2CAP_CONF_REQ_SIZE(0));
+ break;
+
+ case L2CAP_CONF_RSP:
+ if (unlikely(len < L2CAP_CONF_RSP_SIZE(0))) {
+ err = L2CAP_REJ_CMD_NOT_UNDERSTOOD;
+ goto reject;
+ }
+
+ if (l2cap_channel_config_rsp_msg(l2cap,
+ le16_to_cpu(((l2cap_conf_rsp *) params)->result),
+ le16_to_cpu(((l2cap_conf_rsp *) params)->flags) & 1,
+ le16_to_cpu(((l2cap_conf_rsp *) params)->scid),
+ ((l2cap_conf_rsp *) params)->data,
+ len - L2CAP_CONF_RSP_SIZE(0)))
+ fprintf(stderr, "%s: unexpected Configure Response (%02x) "
+ "packet, ignoring.\n", __FUNCTION__, id);
+ break;
+
+ case L2CAP_DISCONN_REQ:
+ if (unlikely(len != L2CAP_DISCONN_REQ_SIZE)) {
+ err = L2CAP_REJ_CMD_NOT_UNDERSTOOD;
+ goto reject;
+ }
+
+ l2cap_channel_close(l2cap,
+ le16_to_cpu(((l2cap_disconn_req *) params)->dcid),
+ le16_to_cpu(((l2cap_disconn_req *) params)->scid));
+ break;
+
+ case L2CAP_DISCONN_RSP:
+ if (unlikely(len != L2CAP_DISCONN_RSP_SIZE)) {
+ err = L2CAP_REJ_CMD_NOT_UNDERSTOOD;
+ goto reject;
+ }
+
+ /* We never issue Disconnection Requests currently. TODO */
+ fprintf(stderr, "%s: unexpected Disconnection Response (%02x) "
+ "packet, ignoring.\n", __FUNCTION__, id);
+ break;
+
+ case L2CAP_ECHO_REQ:
+ l2cap_echo_response(l2cap, params, len);
+ break;
+
+ case L2CAP_ECHO_RSP:
+ /* We never issue Echo Requests currently. TODO */
+ fprintf(stderr, "%s: unexpected Echo Response (%02x) "
+ "packet, ignoring.\n", __FUNCTION__, id);
+ break;
+
+ case L2CAP_INFO_REQ:
+ if (unlikely(len != L2CAP_INFO_REQ_SIZE)) {
+ err = L2CAP_REJ_CMD_NOT_UNDERSTOOD;
+ goto reject;
+ }
+
+ l2cap_info(l2cap, le16_to_cpu(((l2cap_info_req *) params)->type));
+ break;
+
+ case L2CAP_INFO_RSP:
+ if (unlikely(len != L2CAP_INFO_RSP_SIZE)) {
+ err = L2CAP_REJ_CMD_NOT_UNDERSTOOD;
+ goto reject;
+ }
+
+ /* We never issue Information Requests currently. TODO */
+ fprintf(stderr, "%s: unexpected Information Response (%02x) "
+ "packet, ignoring.\n", __FUNCTION__, id);
+ break;
+
+ default:
+ err = L2CAP_REJ_CMD_NOT_UNDERSTOOD;
+ reject:
+ l2cap_command_reject(l2cap, id, err, 0, 0);
+ break;
+ }
+}
+
+static void l2cap_rexmit_enable(struct l2cap_chan_s *ch, int enable)
+{
+ ch->rexmit = enable;
+
+ l2cap_retransmission_timer_update(ch);
+ l2cap_monitor_timer_update(ch);
+}
+
+/* Command frame SDU */
+static void l2cap_cframe_in(void *opaque, const uint8_t *data, int len)
+{
+ struct l2cap_instance_s *l2cap = opaque;
+ const l2cap_cmd_hdr *hdr;
+ int clen;
+
+ while (len) {
+ hdr = (void *) data;
+ if (len < L2CAP_CMD_HDR_SIZE)
+ /* TODO: signal an error */
+ return;
+ len -= L2CAP_CMD_HDR_SIZE;
+ data += L2CAP_CMD_HDR_SIZE;
+
+ clen = le16_to_cpu(hdr->len);
+ if (len < clen) {
+ l2cap_command_reject(l2cap, hdr->ident,
+ L2CAP_REJ_CMD_NOT_UNDERSTOOD, 0, 0);
+ break;
+ }
+
+ l2cap_command(l2cap, hdr->code, hdr->ident, data, clen);
+ len -= clen;
+ data += clen;
+ }
+}
+
+/* Group frame SDU */
+static void l2cap_gframe_in(void *opaque, const uint8_t *data, int len)
+{
+}
+
+/* Supervisory frame */
+static void l2cap_sframe_in(struct l2cap_chan_s *ch, uint16_t ctrl)
+{
+}
+
+/* Basic L2CAP mode Information frame */
+static void l2cap_bframe_in(struct l2cap_chan_s *ch, uint16_t cid,
+ const l2cap_hdr *hdr, int len)
+{
+ /* We have a full SDU, no further processing */
+ ch->params.sdu_in(ch->params.opaque, hdr->data, len);
+}
+
+/* Flow Control and Retransmission mode frame */
+static void l2cap_iframe_in(struct l2cap_chan_s *ch, uint16_t cid,
+ const l2cap_hdr *hdr, int len)
+{
+ uint16_t fcs = le16_to_cpup((void *) (hdr->data + len - 2));
+
+ if (len < 4)
+ goto len_error;
+ if (l2cap_fcs16((const uint8_t *) hdr, L2CAP_HDR_SIZE + len - 2) != fcs)
+ goto fcs_error;
+
+ if ((hdr->data[0] >> 7) == ch->rexmit)
+ l2cap_rexmit_enable(ch, !(hdr->data[0] >> 7));
+
+ if (hdr->data[0] & 1) {
+ if (len != 4) {
+ /* TODO: Signal an error? */
+ return;
+ }
+ l2cap_sframe_in(ch, le16_to_cpup((void *) hdr->data));
+ return;
+ }
+
+ switch (hdr->data[1] >> 6) { /* SAR */
+ case L2CAP_SAR_NO_SEG:
+ if (ch->len_total)
+ goto seg_error;
+ if (len - 4 > ch->mps)
+ goto len_error;
+
+ ch->params.sdu_in(ch->params.opaque, hdr->data + 2, len - 4);
+ break;
+
+ case L2CAP_SAR_START:
+ if (ch->len_total || len < 6)
+ goto seg_error;
+ if (len - 6 > ch->mps)
+ goto len_error;
+
+ ch->len_total = le16_to_cpup((void *) (hdr->data + 2));
+ if (len >= 6 + ch->len_total)
+ goto seg_error;
+
+ ch->len_cur = len - 6;
+ memcpy(ch->sdu, hdr->data + 4, ch->len_cur);
+ break;
+
+ case L2CAP_SAR_END:
+ if (!ch->len_total || ch->len_cur + len - 4 < ch->len_total)
+ goto seg_error;
+ if (len - 4 > ch->mps)
+ goto len_error;
+
+ memcpy(ch->sdu + ch->len_cur, hdr->data + 2, len - 4);
+ ch->params.sdu_in(ch->params.opaque, ch->sdu, ch->len_total);
+ break;
+
+ case L2CAP_SAR_CONT:
+ if (!ch->len_total || ch->len_cur + len - 4 >= ch->len_total)
+ goto seg_error;
+ if (len - 4 > ch->mps)
+ goto len_error;
+
+ memcpy(ch->sdu + ch->len_cur, hdr->data + 2, len - 4);
+ ch->len_cur += len - 4;
+ break;
+
+ seg_error:
+ len_error: /* TODO */
+ fcs_error: /* TODO */
+ ch->len_cur = 0;
+ ch->len_total = 0;
+ break;
+ }
+}
+
+static void l2cap_frame_in(struct l2cap_instance_s *l2cap,
+ const l2cap_hdr *frame)
+{
+ uint16_t cid = le16_to_cpu(frame->cid);
+ uint16_t len = le16_to_cpu(frame->len);
+
+ if (unlikely(cid >= L2CAP_CID_MAX || !l2cap->cid[cid])) {
+ fprintf(stderr, "%s: frame addressed to a non-existent L2CAP "
+ "channel %04x received.\n", __FUNCTION__, cid);
+ return;
+ }
+
+ l2cap->cid[cid]->frame_in(l2cap->cid[cid], cid, frame, len);
+}
+
+/* "Recombination" */
+static void l2cap_pdu_in(struct l2cap_instance_s *l2cap,
+ const uint8_t *data, int len)
+{
+ const l2cap_hdr *hdr = (void *) l2cap->frame_in;
+
+ if (unlikely(len + l2cap->frame_in_len > sizeof(l2cap->frame_in))) {
+ if (l2cap->frame_in_len < sizeof(l2cap->frame_in)) {
+ memcpy(l2cap->frame_in + l2cap->frame_in_len, data,
+ sizeof(l2cap->frame_in) - l2cap->frame_in_len);
+ l2cap->frame_in_len = sizeof(l2cap->frame_in);
+ /* TODO: truncate */
+ l2cap_frame_in(l2cap, hdr);
+ }
+
+ return;
+ }
+
+ memcpy(l2cap->frame_in + l2cap->frame_in_len, data, len);
+ l2cap->frame_in_len += len;
+
+ if (len >= L2CAP_HDR_SIZE)
+ if (len >= L2CAP_HDR_SIZE + le16_to_cpu(hdr->len))
+ l2cap_frame_in(l2cap, hdr);
+ /* There is never a start of a new PDU in the same ACL packet, so
+ * no need to memmove the remaining payload and loop. */
+}
+
+static inline uint8_t *l2cap_pdu_out(struct l2cap_instance_s *l2cap,
+ uint16_t cid, uint16_t len)
+{
+ l2cap_hdr *hdr = (void *) l2cap->frame_out;
+
+ l2cap->frame_out_len = len + L2CAP_HDR_SIZE;
+
+ hdr->cid = cpu_to_le16(cid);
+ hdr->len = cpu_to_le16(len);
+
+ return l2cap->frame_out + L2CAP_HDR_SIZE;
+}
+
+static inline void l2cap_pdu_submit(struct l2cap_instance_s *l2cap)
+{
+ /* TODO: Fragmentation */
+ (l2cap->role ?
+ l2cap->link->slave->lmp_acl_data : l2cap->link->host->lmp_acl_resp)
+ (l2cap->link, l2cap->frame_out, 1, l2cap->frame_out_len);
+}
+
+static uint8_t *l2cap_bframe_out(struct bt_l2cap_conn_params_s *parm, int len)
+{
+ struct l2cap_chan_s *chan = (struct l2cap_chan_s *) parm;
+
+ if (len > chan->params.remote_mtu) {
+ fprintf(stderr, "%s: B-Frame for CID %04x longer than %i octets.\n",
+ __FUNCTION__,
+ chan->remote_cid, chan->params.remote_mtu);
+ exit(-1);
+ }
+
+ return l2cap_pdu_out(chan->l2cap, chan->remote_cid, len);
+}
+
+static void l2cap_bframe_submit(struct bt_l2cap_conn_params_s *parms)
+{
+ struct l2cap_chan_s *chan = (struct l2cap_chan_s *) parms;
+
+ l2cap_pdu_submit(chan->l2cap);
+}
+
+#if 0
+/* Stub: Only used if an emulated device requests outgoing flow control */
+static uint8_t *l2cap_iframe_out(struct bt_l2cap_conn_params_s *parm, int len)
+{
+ struct l2cap_chan_s *chan = (struct l2cap_chan_s *) parm;
+
+ if (len > chan->params.remote_mtu) {
+ /* TODO: slice into segments and queue each segment as a separate
+ * I-Frame in a FIFO of I-Frames, local to the CID. */
+ } else {
+ /* TODO: add to the FIFO of I-Frames, local to the CID. */
+ /* Possibly we need to return a pointer to a contiguous buffer
+ * for now and then memcpy from it into FIFOs in l2cap_iframe_submit
+ * while segmenting at the same time. */
+ }
+ return 0;
+}
+
+static void l2cap_iframe_submit(struct bt_l2cap_conn_params_s *parm)
+{
+ /* TODO: If flow control indicates clear to send, start submitting the
+ * invidual I-Frames from the FIFO, but don't remove them from there.
+ * Kick the appropriate timer until we get an S-Frame, and only then
+ * remove from FIFO or resubmit and re-kick the timer if the timer
+ * expired. */
+}
+#endif
+
+static void l2cap_init(struct l2cap_instance_s *l2cap,
+ struct bt_link_s *link, int role)
+{
+ l2cap->link = link;
+ l2cap->role = role;
+ l2cap->dev = (struct bt_l2cap_device_s *)
+ (role ? link->host : link->slave);
+
+ l2cap->next_id = 1;
+
+ /* Establish the signalling channel */
+ l2cap->signalling_ch.params.sdu_in = l2cap_cframe_in;
+ l2cap->signalling_ch.params.sdu_out = l2cap_bframe_out;
+ l2cap->signalling_ch.params.sdu_submit = l2cap_bframe_submit;
+ l2cap->signalling_ch.params.opaque = l2cap;
+ l2cap->signalling_ch.params.remote_mtu = 48;
+ l2cap->signalling_ch.remote_cid = L2CAP_CID_SIGNALLING;
+ l2cap->signalling_ch.frame_in = l2cap_bframe_in;
+ l2cap->signalling_ch.mps = 65536;
+ l2cap->signalling_ch.min_mtu = 48;
+ l2cap->signalling_ch.mode = L2CAP_MODE_BASIC;
+ l2cap->signalling_ch.l2cap = l2cap;
+ l2cap->cid[L2CAP_CID_SIGNALLING] = &l2cap->signalling_ch;
+
+ /* Establish the connection-less data channel */
+ l2cap->group_ch.params.sdu_in = l2cap_gframe_in;
+ l2cap->group_ch.params.opaque = l2cap;
+ l2cap->group_ch.frame_in = l2cap_bframe_in;
+ l2cap->group_ch.mps = 65533;
+ l2cap->group_ch.l2cap = l2cap;
+ l2cap->group_ch.remote_cid = L2CAP_CID_INVALID;
+ l2cap->cid[L2CAP_CID_GROUP] = &l2cap->group_ch;
+}
+
+static void l2cap_teardown(struct l2cap_instance_s *l2cap, int send_disconnect)
+{
+ int cid;
+
+ /* Don't send DISCONNECT if we are currently handling a DISCONNECT
+ * sent from the other side. */
+ if (send_disconnect) {
+ if (l2cap->role)
+ l2cap->dev->device.lmp_disconnect_slave(l2cap->link);
+ /* l2cap->link is invalid from now on. */
+ else
+ l2cap->dev->device.lmp_disconnect_master(l2cap->link);
+ }
+
+ for (cid = L2CAP_CID_ALLOC; cid < L2CAP_CID_MAX; cid ++)
+ if (l2cap->cid[cid]) {
+ l2cap->cid[cid]->params.close(l2cap->cid[cid]->params.opaque);
+ g_free(l2cap->cid[cid]);
+ }
+
+ if (l2cap->role)
+ g_free(l2cap);
+ else
+ g_free(l2cap->link);
+}
+
+/* L2CAP glue to lower layers in bluetooth stack (LMP) */
+
+static void l2cap_lmp_connection_request(struct bt_link_s *link)
+{
+ struct bt_l2cap_device_s *dev = (struct bt_l2cap_device_s *) link->slave;
+ struct slave_l2cap_instance_s *l2cap;
+
+ /* Always accept - we only get called if (dev->device->page_scan). */
+
+ l2cap = g_malloc0(sizeof(struct slave_l2cap_instance_s));
+ l2cap->link.slave = &dev->device;
+ l2cap->link.host = link->host;
+ l2cap_init(&l2cap->l2cap, &l2cap->link, 0);
+
+ /* Always at the end */
+ link->host->reject_reason = 0;
+ link->host->lmp_connection_complete(&l2cap->link);
+}
+
+/* Stub */
+static void l2cap_lmp_connection_complete(struct bt_link_s *link)
+{
+ struct bt_l2cap_device_s *dev = (struct bt_l2cap_device_s *) link->host;
+ struct l2cap_instance_s *l2cap;
+
+ if (dev->device.reject_reason) {
+ /* Signal to upper layer */
+ return;
+ }
+
+ l2cap = g_malloc0(sizeof(struct l2cap_instance_s));
+ l2cap_init(l2cap, link, 1);
+
+ link->acl_mode = acl_active;
+
+ /* Signal to upper layer */
+}
+
+/* Stub */
+static void l2cap_lmp_disconnect_host(struct bt_link_s *link)
+{
+ struct bt_l2cap_device_s *dev = (struct bt_l2cap_device_s *) link->host;
+ struct l2cap_instance_s *l2cap =
+ /* TODO: Retrieve from upper layer */ (void *) dev;
+
+ /* Signal to upper layer */
+
+ l2cap_teardown(l2cap, 0);
+}
+
+static void l2cap_lmp_disconnect_slave(struct bt_link_s *link)
+{
+ struct slave_l2cap_instance_s *l2cap =
+ (struct slave_l2cap_instance_s *) link;
+
+ l2cap_teardown(&l2cap->l2cap, 0);
+}
+
+static void l2cap_lmp_acl_data_slave(struct bt_link_s *link,
+ const uint8_t *data, int start, int len)
+{
+ struct slave_l2cap_instance_s *l2cap =
+ (struct slave_l2cap_instance_s *) link;
+
+ if (start)
+ l2cap->l2cap.frame_in_len = 0;
+
+ l2cap_pdu_in(&l2cap->l2cap, data, len);
+}
+
+/* Stub */
+static void l2cap_lmp_acl_data_host(struct bt_link_s *link,
+ const uint8_t *data, int start, int len)
+{
+ struct bt_l2cap_device_s *dev = (struct bt_l2cap_device_s *) link->host;
+ struct l2cap_instance_s *l2cap =
+ /* TODO: Retrieve from upper layer */ (void *) dev;
+
+ if (start)
+ l2cap->frame_in_len = 0;
+
+ l2cap_pdu_in(l2cap, data, len);
+}
+
+static void l2cap_dummy_destroy(struct bt_device_s *dev)
+{
+ struct bt_l2cap_device_s *l2cap_dev = (struct bt_l2cap_device_s *) dev;
+
+ bt_l2cap_device_done(l2cap_dev);
+}
+
+void bt_l2cap_device_init(struct bt_l2cap_device_s *dev,
+ struct bt_scatternet_s *net)
+{
+ bt_device_init(&dev->device, net);
+
+ dev->device.lmp_connection_request = l2cap_lmp_connection_request;
+ dev->device.lmp_connection_complete = l2cap_lmp_connection_complete;
+ dev->device.lmp_disconnect_master = l2cap_lmp_disconnect_host;
+ dev->device.lmp_disconnect_slave = l2cap_lmp_disconnect_slave;
+ dev->device.lmp_acl_data = l2cap_lmp_acl_data_slave;
+ dev->device.lmp_acl_resp = l2cap_lmp_acl_data_host;
+
+ dev->device.handle_destroy = l2cap_dummy_destroy;
+}
+
+void bt_l2cap_device_done(struct bt_l2cap_device_s *dev)
+{
+ bt_device_done(&dev->device);
+
+ /* Should keep a list of all instances and go through it and
+ * invoke l2cap_teardown() for each. */
+}
+
+void bt_l2cap_psm_register(struct bt_l2cap_device_s *dev, int psm, int min_mtu,
+ int (*new_channel)(struct bt_l2cap_device_s *dev,
+ struct bt_l2cap_conn_params_s *params))
+{
+ struct bt_l2cap_psm_s *new_psm = l2cap_psm(dev, psm);
+
+ if (new_psm) {
+ fprintf(stderr, "%s: PSM %04x already registered for device `%s'.\n",
+ __FUNCTION__, psm, dev->device.lmp_name);
+ exit(-1);
+ }
+
+ new_psm = g_malloc0(sizeof(*new_psm));
+ new_psm->psm = psm;
+ new_psm->min_mtu = min_mtu;
+ new_psm->new_channel = new_channel;
+ new_psm->next = dev->first_psm;
+ dev->first_psm = new_psm;
+}
diff --git a/hw/bt/sdp.c b/hw/bt/sdp.c
new file mode 100644
index 000000000..218e075df
--- /dev/null
+++ b/hw/bt/sdp.c
@@ -0,0 +1,967 @@
+/*
+ * Service Discover Protocol server for QEMU L2CAP devices
+ *
+ * Copyright (C) 2008 Andrzej Zaborowski <balrog@zabor.org>
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License as
+ * published by the Free Software Foundation; either version 2 of
+ * the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "qemu-common.h"
+#include "hw/bt.h"
+
+struct bt_l2cap_sdp_state_s {
+ struct bt_l2cap_conn_params_s *channel;
+
+ struct sdp_service_record_s {
+ int match;
+
+ int *uuid;
+ int uuids;
+ struct sdp_service_attribute_s {
+ int match;
+
+ int attribute_id;
+ int len;
+ void *pair;
+ } *attribute_list;
+ int attributes;
+ } *service_list;
+ int services;
+};
+
+static ssize_t sdp_datalen(const uint8_t **element, ssize_t *left)
+{
+ size_t len = *(*element) ++ & SDP_DSIZE_MASK;
+
+ if (!*left)
+ return -1;
+ (*left) --;
+
+ if (len < SDP_DSIZE_NEXT1)
+ return 1 << len;
+ else if (len == SDP_DSIZE_NEXT1) {
+ if (*left < 1)
+ return -1;
+ (*left) --;
+
+ return *(*element) ++;
+ } else if (len == SDP_DSIZE_NEXT2) {
+ if (*left < 2)
+ return -1;
+ (*left) -= 2;
+
+ len = (*(*element) ++) << 8;
+ return len | (*(*element) ++);
+ } else {
+ if (*left < 4)
+ return -1;
+ (*left) -= 4;
+
+ len = (*(*element) ++) << 24;
+ len |= (*(*element) ++) << 16;
+ len |= (*(*element) ++) << 8;
+ return len | (*(*element) ++);
+ }
+}
+
+static const uint8_t bt_base_uuid[12] = {
+ 0x00, 0x00, 0x10, 0x00, 0x80, 0x00, 0x00, 0x80, 0x5f, 0x9b, 0x34, 0xfb,
+};
+
+static int sdp_uuid_match(struct sdp_service_record_s *record,
+ const uint8_t *uuid, ssize_t datalen)
+{
+ int *lo, hi, val;
+
+ if (datalen == 16 || datalen == 4) {
+ if (datalen == 16 && memcmp(uuid + 4, bt_base_uuid, 12))
+ return 0;
+
+ if (uuid[0] | uuid[1])
+ return 0;
+ uuid += 2;
+ }
+
+ val = (uuid[0] << 8) | uuid[1];
+ lo = record->uuid;
+ hi = record->uuids;
+ while (hi >>= 1)
+ if (lo[hi] <= val)
+ lo += hi;
+
+ return *lo == val;
+}
+
+#define CONTINUATION_PARAM_SIZE (1 + sizeof(int))
+#define MAX_PDU_OUT_SIZE 96 /* Arbitrary */
+#define PDU_HEADER_SIZE 5
+#define MAX_RSP_PARAM_SIZE (MAX_PDU_OUT_SIZE - PDU_HEADER_SIZE - \
+ CONTINUATION_PARAM_SIZE)
+
+static int sdp_svc_match(struct bt_l2cap_sdp_state_s *sdp,
+ const uint8_t **req, ssize_t *len)
+{
+ size_t datalen;
+ int i;
+
+ if ((**req & ~SDP_DSIZE_MASK) != SDP_DTYPE_UUID)
+ return 1;
+
+ datalen = sdp_datalen(req, len);
+ if (datalen != 2 && datalen != 4 && datalen != 16)
+ return 1;
+
+ for (i = 0; i < sdp->services; i ++)
+ if (sdp_uuid_match(&sdp->service_list[i], *req, datalen))
+ sdp->service_list[i].match = 1;
+
+ (*req) += datalen;
+ (*len) -= datalen;
+
+ return 0;
+}
+
+static ssize_t sdp_svc_search(struct bt_l2cap_sdp_state_s *sdp,
+ uint8_t *rsp, const uint8_t *req, ssize_t len)
+{
+ ssize_t seqlen;
+ int i, count, start, end, max;
+ int32_t handle;
+
+ /* Perform the search */
+ for (i = 0; i < sdp->services; i ++)
+ sdp->service_list[i].match = 0;
+
+ if (len < 1)
+ return -SDP_INVALID_SYNTAX;
+ if ((*req & ~SDP_DSIZE_MASK) == SDP_DTYPE_SEQ) {
+ seqlen = sdp_datalen(&req, &len);
+ if (seqlen < 3 || len < seqlen)
+ return -SDP_INVALID_SYNTAX;
+ len -= seqlen;
+
+ while (seqlen)
+ if (sdp_svc_match(sdp, &req, &seqlen))
+ return -SDP_INVALID_SYNTAX;
+ } else if (sdp_svc_match(sdp, &req, &seqlen))
+ return -SDP_INVALID_SYNTAX;
+
+ if (len < 3)
+ return -SDP_INVALID_SYNTAX;
+ max = (req[0] << 8) | req[1];
+ req += 2;
+ len -= 2;
+
+ if (*req) {
+ if (len <= sizeof(int))
+ return -SDP_INVALID_SYNTAX;
+ len -= sizeof(int);
+ memcpy(&start, req + 1, sizeof(int));
+ } else
+ start = 0;
+
+ if (len > 1)
+ return -SDP_INVALID_SYNTAX;
+
+ /* Output the results */
+ len = 4;
+ count = 0;
+ end = start;
+ for (i = 0; i < sdp->services; i ++)
+ if (sdp->service_list[i].match) {
+ if (count >= start && count < max && len + 4 < MAX_RSP_PARAM_SIZE) {
+ handle = i;
+ memcpy(rsp + len, &handle, 4);
+ len += 4;
+ end = count + 1;
+ }
+
+ count ++;
+ }
+
+ rsp[0] = count >> 8;
+ rsp[1] = count & 0xff;
+ rsp[2] = (end - start) >> 8;
+ rsp[3] = (end - start) & 0xff;
+
+ if (end < count) {
+ rsp[len ++] = sizeof(int);
+ memcpy(rsp + len, &end, sizeof(int));
+ len += 4;
+ } else
+ rsp[len ++] = 0;
+
+ return len;
+}
+
+static int sdp_attr_match(struct sdp_service_record_s *record,
+ const uint8_t **req, ssize_t *len)
+{
+ int i, start, end;
+
+ if (**req == (SDP_DTYPE_UINT | SDP_DSIZE_2)) {
+ (*req) ++;
+ if (*len < 3)
+ return 1;
+
+ start = (*(*req) ++) << 8;
+ start |= *(*req) ++;
+ end = start;
+ *len -= 3;
+ } else if (**req == (SDP_DTYPE_UINT | SDP_DSIZE_4)) {
+ (*req) ++;
+ if (*len < 5)
+ return 1;
+
+ start = (*(*req) ++) << 8;
+ start |= *(*req) ++;
+ end = (*(*req) ++) << 8;
+ end |= *(*req) ++;
+ *len -= 5;
+ } else
+ return 1;
+
+ for (i = 0; i < record->attributes; i ++)
+ if (record->attribute_list[i].attribute_id >= start &&
+ record->attribute_list[i].attribute_id <= end)
+ record->attribute_list[i].match = 1;
+
+ return 0;
+}
+
+static ssize_t sdp_attr_get(struct bt_l2cap_sdp_state_s *sdp,
+ uint8_t *rsp, const uint8_t *req, ssize_t len)
+{
+ ssize_t seqlen;
+ int i, start, end, max;
+ int32_t handle;
+ struct sdp_service_record_s *record;
+ uint8_t *lst;
+
+ /* Perform the search */
+ if (len < 7)
+ return -SDP_INVALID_SYNTAX;
+ memcpy(&handle, req, 4);
+ req += 4;
+ len -= 4;
+
+ if (handle < 0 || handle > sdp->services)
+ return -SDP_INVALID_RECORD_HANDLE;
+ record = &sdp->service_list[handle];
+
+ for (i = 0; i < record->attributes; i ++)
+ record->attribute_list[i].match = 0;
+
+ max = (req[0] << 8) | req[1];
+ req += 2;
+ len -= 2;
+ if (max < 0x0007)
+ return -SDP_INVALID_SYNTAX;
+
+ if ((*req & ~SDP_DSIZE_MASK) == SDP_DTYPE_SEQ) {
+ seqlen = sdp_datalen(&req, &len);
+ if (seqlen < 3 || len < seqlen)
+ return -SDP_INVALID_SYNTAX;
+ len -= seqlen;
+
+ while (seqlen)
+ if (sdp_attr_match(record, &req, &seqlen))
+ return -SDP_INVALID_SYNTAX;
+ } else if (sdp_attr_match(record, &req, &seqlen))
+ return -SDP_INVALID_SYNTAX;
+
+ if (len < 1)
+ return -SDP_INVALID_SYNTAX;
+
+ if (*req) {
+ if (len <= sizeof(int))
+ return -SDP_INVALID_SYNTAX;
+ len -= sizeof(int);
+ memcpy(&start, req + 1, sizeof(int));
+ } else
+ start = 0;
+
+ if (len > 1)
+ return -SDP_INVALID_SYNTAX;
+
+ /* Output the results */
+ lst = rsp + 2;
+ max = MIN(max, MAX_RSP_PARAM_SIZE);
+ len = 3 - start;
+ end = 0;
+ for (i = 0; i < record->attributes; i ++)
+ if (record->attribute_list[i].match) {
+ if (len >= 0 && len + record->attribute_list[i].len < max) {
+ memcpy(lst + len, record->attribute_list[i].pair,
+ record->attribute_list[i].len);
+ end = len + record->attribute_list[i].len;
+ }
+ len += record->attribute_list[i].len;
+ }
+ if (0 >= start) {
+ lst[0] = SDP_DTYPE_SEQ | SDP_DSIZE_NEXT2;
+ lst[1] = (len + start - 3) >> 8;
+ lst[2] = (len + start - 3) & 0xff;
+ }
+
+ rsp[0] = end >> 8;
+ rsp[1] = end & 0xff;
+
+ if (end < len) {
+ len = end + start;
+ lst[end ++] = sizeof(int);
+ memcpy(lst + end, &len, sizeof(int));
+ end += sizeof(int);
+ } else
+ lst[end ++] = 0;
+
+ return end + 2;
+}
+
+static int sdp_svc_attr_match(struct bt_l2cap_sdp_state_s *sdp,
+ const uint8_t **req, ssize_t *len)
+{
+ int i, j, start, end;
+ struct sdp_service_record_s *record;
+
+ if (**req == (SDP_DTYPE_UINT | SDP_DSIZE_2)) {
+ (*req) ++;
+ if (*len < 3)
+ return 1;
+
+ start = (*(*req) ++) << 8;
+ start |= *(*req) ++;
+ end = start;
+ *len -= 3;
+ } else if (**req == (SDP_DTYPE_UINT | SDP_DSIZE_4)) {
+ (*req) ++;
+ if (*len < 5)
+ return 1;
+
+ start = (*(*req) ++) << 8;
+ start |= *(*req) ++;
+ end = (*(*req) ++) << 8;
+ end |= *(*req) ++;
+ *len -= 5;
+ } else
+ return 1;
+
+ for (i = 0; i < sdp->services; i ++)
+ if ((record = &sdp->service_list[i])->match)
+ for (j = 0; j < record->attributes; j ++)
+ if (record->attribute_list[j].attribute_id >= start &&
+ record->attribute_list[j].attribute_id <= end)
+ record->attribute_list[j].match = 1;
+
+ return 0;
+}
+
+static ssize_t sdp_svc_search_attr_get(struct bt_l2cap_sdp_state_s *sdp,
+ uint8_t *rsp, const uint8_t *req, ssize_t len)
+{
+ ssize_t seqlen;
+ int i, j, start, end, max;
+ struct sdp_service_record_s *record;
+ uint8_t *lst;
+
+ /* Perform the search */
+ for (i = 0; i < sdp->services; i ++) {
+ sdp->service_list[i].match = 0;
+ for (j = 0; j < sdp->service_list[i].attributes; j ++)
+ sdp->service_list[i].attribute_list[j].match = 0;
+ }
+
+ if (len < 1)
+ return -SDP_INVALID_SYNTAX;
+ if ((*req & ~SDP_DSIZE_MASK) == SDP_DTYPE_SEQ) {
+ seqlen = sdp_datalen(&req, &len);
+ if (seqlen < 3 || len < seqlen)
+ return -SDP_INVALID_SYNTAX;
+ len -= seqlen;
+
+ while (seqlen)
+ if (sdp_svc_match(sdp, &req, &seqlen))
+ return -SDP_INVALID_SYNTAX;
+ } else if (sdp_svc_match(sdp, &req, &seqlen))
+ return -SDP_INVALID_SYNTAX;
+
+ if (len < 3)
+ return -SDP_INVALID_SYNTAX;
+ max = (req[0] << 8) | req[1];
+ req += 2;
+ len -= 2;
+ if (max < 0x0007)
+ return -SDP_INVALID_SYNTAX;
+
+ if ((*req & ~SDP_DSIZE_MASK) == SDP_DTYPE_SEQ) {
+ seqlen = sdp_datalen(&req, &len);
+ if (seqlen < 3 || len < seqlen)
+ return -SDP_INVALID_SYNTAX;
+ len -= seqlen;
+
+ while (seqlen)
+ if (sdp_svc_attr_match(sdp, &req, &seqlen))
+ return -SDP_INVALID_SYNTAX;
+ } else if (sdp_svc_attr_match(sdp, &req, &seqlen))
+ return -SDP_INVALID_SYNTAX;
+
+ if (len < 1)
+ return -SDP_INVALID_SYNTAX;
+
+ if (*req) {
+ if (len <= sizeof(int))
+ return -SDP_INVALID_SYNTAX;
+ len -= sizeof(int);
+ memcpy(&start, req + 1, sizeof(int));
+ } else
+ start = 0;
+
+ if (len > 1)
+ return -SDP_INVALID_SYNTAX;
+
+ /* Output the results */
+ /* This assumes empty attribute lists are never to be returned even
+ * for matching Service Records. In practice this shouldn't happen
+ * as the requestor will usually include the always present
+ * ServiceRecordHandle AttributeID in AttributeIDList. */
+ lst = rsp + 2;
+ max = MIN(max, MAX_RSP_PARAM_SIZE);
+ len = 3 - start;
+ end = 0;
+ for (i = 0; i < sdp->services; i ++)
+ if ((record = &sdp->service_list[i])->match) {
+ len += 3;
+ seqlen = len;
+ for (j = 0; j < record->attributes; j ++)
+ if (record->attribute_list[j].match) {
+ if (len >= 0)
+ if (len + record->attribute_list[j].len < max) {
+ memcpy(lst + len, record->attribute_list[j].pair,
+ record->attribute_list[j].len);
+ end = len + record->attribute_list[j].len;
+ }
+ len += record->attribute_list[j].len;
+ }
+ if (seqlen == len)
+ len -= 3;
+ else if (seqlen >= 3 && seqlen < max) {
+ lst[seqlen - 3] = SDP_DTYPE_SEQ | SDP_DSIZE_NEXT2;
+ lst[seqlen - 2] = (len - seqlen) >> 8;
+ lst[seqlen - 1] = (len - seqlen) & 0xff;
+ }
+ }
+ if (len == 3 - start)
+ len -= 3;
+ else if (0 >= start) {
+ lst[0] = SDP_DTYPE_SEQ | SDP_DSIZE_NEXT2;
+ lst[1] = (len + start - 3) >> 8;
+ lst[2] = (len + start - 3) & 0xff;
+ }
+
+ rsp[0] = end >> 8;
+ rsp[1] = end & 0xff;
+
+ if (end < len) {
+ len = end + start;
+ lst[end ++] = sizeof(int);
+ memcpy(lst + end, &len, sizeof(int));
+ end += sizeof(int);
+ } else
+ lst[end ++] = 0;
+
+ return end + 2;
+}
+
+static void bt_l2cap_sdp_sdu_in(void *opaque, const uint8_t *data, int len)
+{
+ struct bt_l2cap_sdp_state_s *sdp = opaque;
+ enum bt_sdp_cmd pdu_id;
+ uint8_t rsp[MAX_PDU_OUT_SIZE - PDU_HEADER_SIZE], *sdu_out;
+ int transaction_id, plen;
+ int err = 0;
+ int rsp_len = 0;
+
+ if (len < 5) {
+ fprintf(stderr, "%s: short SDP PDU (%iB).\n", __FUNCTION__, len);
+ return;
+ }
+
+ pdu_id = *data ++;
+ transaction_id = (data[0] << 8) | data[1];
+ plen = (data[2] << 8) | data[3];
+ data += 4;
+ len -= 5;
+
+ if (len != plen) {
+ fprintf(stderr, "%s: wrong SDP PDU length (%iB != %iB).\n",
+ __FUNCTION__, plen, len);
+ err = SDP_INVALID_PDU_SIZE;
+ goto respond;
+ }
+
+ switch (pdu_id) {
+ case SDP_SVC_SEARCH_REQ:
+ rsp_len = sdp_svc_search(sdp, rsp, data, len);
+ pdu_id = SDP_SVC_SEARCH_RSP;
+ break;
+
+ case SDP_SVC_ATTR_REQ:
+ rsp_len = sdp_attr_get(sdp, rsp, data, len);
+ pdu_id = SDP_SVC_ATTR_RSP;
+ break;
+
+ case SDP_SVC_SEARCH_ATTR_REQ:
+ rsp_len = sdp_svc_search_attr_get(sdp, rsp, data, len);
+ pdu_id = SDP_SVC_SEARCH_ATTR_RSP;
+ break;
+
+ case SDP_ERROR_RSP:
+ case SDP_SVC_ATTR_RSP:
+ case SDP_SVC_SEARCH_RSP:
+ case SDP_SVC_SEARCH_ATTR_RSP:
+ default:
+ fprintf(stderr, "%s: unexpected SDP PDU ID %02x.\n",
+ __FUNCTION__, pdu_id);
+ err = SDP_INVALID_SYNTAX;
+ break;
+ }
+
+ if (rsp_len < 0) {
+ err = -rsp_len;
+ rsp_len = 0;
+ }
+
+respond:
+ if (err) {
+ pdu_id = SDP_ERROR_RSP;
+ rsp[rsp_len ++] = err >> 8;
+ rsp[rsp_len ++] = err & 0xff;
+ }
+
+ sdu_out = sdp->channel->sdu_out(sdp->channel, rsp_len + PDU_HEADER_SIZE);
+
+ sdu_out[0] = pdu_id;
+ sdu_out[1] = transaction_id >> 8;
+ sdu_out[2] = transaction_id & 0xff;
+ sdu_out[3] = rsp_len >> 8;
+ sdu_out[4] = rsp_len & 0xff;
+ memcpy(sdu_out + PDU_HEADER_SIZE, rsp, rsp_len);
+
+ sdp->channel->sdu_submit(sdp->channel);
+}
+
+static void bt_l2cap_sdp_close_ch(void *opaque)
+{
+ struct bt_l2cap_sdp_state_s *sdp = opaque;
+ int i;
+
+ for (i = 0; i < sdp->services; i ++) {
+ g_free(sdp->service_list[i].attribute_list->pair);
+ g_free(sdp->service_list[i].attribute_list);
+ g_free(sdp->service_list[i].uuid);
+ }
+ g_free(sdp->service_list);
+ g_free(sdp);
+}
+
+struct sdp_def_service_s {
+ uint16_t class_uuid;
+ struct sdp_def_attribute_s {
+ uint16_t id;
+ struct sdp_def_data_element_s {
+ uint8_t type;
+ union {
+ uint32_t uint;
+ const char *str;
+ struct sdp_def_data_element_s *list;
+ } value;
+ } data;
+ } attributes[];
+};
+
+/* Calculate a safe byte count to allocate that will store the given
+ * element, at the same time count elements of a UUID type. */
+static int sdp_attr_max_size(struct sdp_def_data_element_s *element,
+ int *uuids)
+{
+ int type = element->type & ~SDP_DSIZE_MASK;
+ int len;
+
+ if (type == SDP_DTYPE_UINT || type == SDP_DTYPE_UUID ||
+ type == SDP_DTYPE_BOOL) {
+ if (type == SDP_DTYPE_UUID)
+ (*uuids) ++;
+ return 1 + (1 << (element->type & SDP_DSIZE_MASK));
+ }
+
+ if (type == SDP_DTYPE_STRING || type == SDP_DTYPE_URL) {
+ if (element->type & SDP_DSIZE_MASK) {
+ for (len = 0; element->value.str[len] |
+ element->value.str[len + 1]; len ++);
+ return len;
+ } else
+ return 2 + strlen(element->value.str);
+ }
+
+ if (type != SDP_DTYPE_SEQ)
+ exit(-1);
+ len = 2;
+ element = element->value.list;
+ while (element->type)
+ len += sdp_attr_max_size(element ++, uuids);
+ if (len > 255)
+ exit (-1);
+
+ return len;
+}
+
+static int sdp_attr_write(uint8_t *data,
+ struct sdp_def_data_element_s *element, int **uuid)
+{
+ int type = element->type & ~SDP_DSIZE_MASK;
+ int len = 0;
+
+ if (type == SDP_DTYPE_UINT || type == SDP_DTYPE_BOOL) {
+ data[len ++] = element->type;
+ if ((element->type & SDP_DSIZE_MASK) == SDP_DSIZE_1)
+ data[len ++] = (element->value.uint >> 0) & 0xff;
+ else if ((element->type & SDP_DSIZE_MASK) == SDP_DSIZE_2) {
+ data[len ++] = (element->value.uint >> 8) & 0xff;
+ data[len ++] = (element->value.uint >> 0) & 0xff;
+ } else if ((element->type & SDP_DSIZE_MASK) == SDP_DSIZE_4) {
+ data[len ++] = (element->value.uint >> 24) & 0xff;
+ data[len ++] = (element->value.uint >> 16) & 0xff;
+ data[len ++] = (element->value.uint >> 8) & 0xff;
+ data[len ++] = (element->value.uint >> 0) & 0xff;
+ }
+
+ return len;
+ }
+
+ if (type == SDP_DTYPE_UUID) {
+ *(*uuid) ++ = element->value.uint;
+
+ data[len ++] = element->type;
+ data[len ++] = (element->value.uint >> 24) & 0xff;
+ data[len ++] = (element->value.uint >> 16) & 0xff;
+ data[len ++] = (element->value.uint >> 8) & 0xff;
+ data[len ++] = (element->value.uint >> 0) & 0xff;
+ memcpy(data + len, bt_base_uuid, 12);
+
+ return len + 12;
+ }
+
+ data[0] = type | SDP_DSIZE_NEXT1;
+ if (type == SDP_DTYPE_STRING || type == SDP_DTYPE_URL) {
+ if (element->type & SDP_DSIZE_MASK)
+ for (len = 0; element->value.str[len] |
+ element->value.str[len + 1]; len ++);
+ else
+ len = strlen(element->value.str);
+ memcpy(data + 2, element->value.str, data[1] = len);
+
+ return len + 2;
+ }
+
+ len = 2;
+ element = element->value.list;
+ while (element->type)
+ len += sdp_attr_write(data + len, element ++, uuid);
+ data[1] = len - 2;
+
+ return len;
+}
+
+static int sdp_attributeid_compare(const struct sdp_service_attribute_s *a,
+ const struct sdp_service_attribute_s *b)
+{
+ return (int) b->attribute_id - a->attribute_id;
+}
+
+static int sdp_uuid_compare(const int *a, const int *b)
+{
+ return *a - *b;
+}
+
+static void sdp_service_record_build(struct sdp_service_record_s *record,
+ struct sdp_def_service_s *def, int handle)
+{
+ int len = 0;
+ uint8_t *data;
+ int *uuid;
+
+ record->uuids = 0;
+ while (def->attributes[record->attributes].data.type) {
+ len += 3;
+ len += sdp_attr_max_size(&def->attributes[record->attributes ++].data,
+ &record->uuids);
+ }
+ record->uuids = 1 << ffs(record->uuids - 1);
+ record->attribute_list =
+ g_malloc0(record->attributes * sizeof(*record->attribute_list));
+ record->uuid =
+ g_malloc0(record->uuids * sizeof(*record->uuid));
+ data = g_malloc(len);
+
+ record->attributes = 0;
+ uuid = record->uuid;
+ while (def->attributes[record->attributes].data.type) {
+ record->attribute_list[record->attributes].pair = data;
+
+ len = 0;
+ data[len ++] = SDP_DTYPE_UINT | SDP_DSIZE_2;
+ data[len ++] = def->attributes[record->attributes].id >> 8;
+ data[len ++] = def->attributes[record->attributes].id & 0xff;
+ len += sdp_attr_write(data + len,
+ &def->attributes[record->attributes].data, &uuid);
+
+ /* Special case: assign a ServiceRecordHandle in sequence */
+ if (def->attributes[record->attributes].id == SDP_ATTR_RECORD_HANDLE)
+ def->attributes[record->attributes].data.value.uint = handle;
+ /* Note: we could also assign a ServiceDescription based on
+ * sdp->device.device->lmp_name. */
+
+ record->attribute_list[record->attributes ++].len = len;
+ data += len;
+ }
+
+ /* Sort the attribute list by the AttributeID */
+ qsort(record->attribute_list, record->attributes,
+ sizeof(*record->attribute_list),
+ (void *) sdp_attributeid_compare);
+ /* Sort the searchable UUIDs list for bisection */
+ qsort(record->uuid, record->uuids,
+ sizeof(*record->uuid),
+ (void *) sdp_uuid_compare);
+}
+
+static void sdp_service_db_build(struct bt_l2cap_sdp_state_s *sdp,
+ struct sdp_def_service_s **service)
+{
+ sdp->services = 0;
+ while (service[sdp->services])
+ sdp->services ++;
+ sdp->service_list =
+ g_malloc0(sdp->services * sizeof(*sdp->service_list));
+
+ sdp->services = 0;
+ while (*service) {
+ sdp_service_record_build(&sdp->service_list[sdp->services],
+ *service, sdp->services);
+ service ++;
+ sdp->services ++;
+ }
+}
+
+#define LAST { .type = 0 }
+#define SERVICE(name, attrs) \
+ static struct sdp_def_service_s glue(glue(sdp_service_, name), _s) = { \
+ .attributes = { attrs { .data = LAST } }, \
+ };
+#define ATTRIBUTE(attrid, val) { .id = glue(SDP_ATTR_, attrid), .data = val },
+#define UINT8(val) { \
+ .type = SDP_DTYPE_UINT | SDP_DSIZE_1, \
+ .value.uint = val, \
+ },
+#define UINT16(val) { \
+ .type = SDP_DTYPE_UINT | SDP_DSIZE_2, \
+ .value.uint = val, \
+ },
+#define UINT32(val) { \
+ .type = SDP_DTYPE_UINT | SDP_DSIZE_4, \
+ .value.uint = val, \
+ },
+#define UUID128(val) { \
+ .type = SDP_DTYPE_UUID | SDP_DSIZE_16, \
+ .value.uint = val, \
+ },
+#define SDP_TRUE { \
+ .type = SDP_DTYPE_BOOL | SDP_DSIZE_1, \
+ .value.uint = 1, \
+ },
+#define SDP_FALSE { \
+ .type = SDP_DTYPE_BOOL | SDP_DSIZE_1, \
+ .value.uint = 0, \
+ },
+#define STRING(val) { \
+ .type = SDP_DTYPE_STRING, \
+ .value.str = val, \
+ },
+#define ARRAY(...) { \
+ .type = SDP_DTYPE_STRING | SDP_DSIZE_2, \
+ .value.str = (char []) { __VA_ARGS__, 0, 0 }, \
+ },
+#define URL(val) { \
+ .type = SDP_DTYPE_URL, \
+ .value.str = val, \
+ },
+#if 1
+#define LIST(val) { \
+ .type = SDP_DTYPE_SEQ, \
+ .value.list = (struct sdp_def_data_element_s []) { val LAST }, \
+ },
+#endif
+
+/* Try to keep each single attribute below MAX_PDU_OUT_SIZE bytes
+ * in resulting SDP data representation size. */
+
+SERVICE(hid,
+ ATTRIBUTE(RECORD_HANDLE, UINT32(0)) /* Filled in later */
+ ATTRIBUTE(SVCLASS_ID_LIST, LIST(UUID128(HID_SVCLASS_ID)))
+ ATTRIBUTE(RECORD_STATE, UINT32(1))
+ ATTRIBUTE(PROTO_DESC_LIST, LIST(
+ LIST(UUID128(L2CAP_UUID) UINT16(BT_PSM_HID_CTRL))
+ LIST(UUID128(HIDP_UUID))
+ ))
+ ATTRIBUTE(BROWSE_GRP_LIST, LIST(UUID128(0x1002)))
+ ATTRIBUTE(LANG_BASE_ATTR_ID_LIST, LIST(
+ UINT16(0x656e) UINT16(0x006a) UINT16(0x0100)
+ ))
+ ATTRIBUTE(PFILE_DESC_LIST, LIST(
+ LIST(UUID128(HID_PROFILE_ID) UINT16(0x0100))
+ ))
+ ATTRIBUTE(DOC_URL, URL("http://bellard.org/qemu/user-doc.html"))
+ ATTRIBUTE(SVCNAME_PRIMARY, STRING("QEMU Bluetooth HID"))
+ ATTRIBUTE(SVCDESC_PRIMARY, STRING("QEMU Keyboard/Mouse"))
+ ATTRIBUTE(SVCPROV_PRIMARY, STRING("QEMU"))
+
+ /* Profile specific */
+ ATTRIBUTE(DEVICE_RELEASE_NUMBER, UINT16(0x0091)) /* Deprecated, remove */
+ ATTRIBUTE(PARSER_VERSION, UINT16(0x0111))
+ /* TODO: extract from l2cap_device->device.class[0] */
+ ATTRIBUTE(DEVICE_SUBCLASS, UINT8(0x40))
+ ATTRIBUTE(COUNTRY_CODE, UINT8(0x15))
+ ATTRIBUTE(VIRTUAL_CABLE, SDP_TRUE)
+ ATTRIBUTE(RECONNECT_INITIATE, SDP_FALSE)
+ /* TODO: extract from hid->usbdev->report_desc */
+ ATTRIBUTE(DESCRIPTOR_LIST, LIST(
+ LIST(UINT8(0x22) ARRAY(
+ 0x05, 0x01, /* Usage Page (Generic Desktop) */
+ 0x09, 0x06, /* Usage (Keyboard) */
+ 0xa1, 0x01, /* Collection (Application) */
+ 0x75, 0x01, /* Report Size (1) */
+ 0x95, 0x08, /* Report Count (8) */
+ 0x05, 0x07, /* Usage Page (Key Codes) */
+ 0x19, 0xe0, /* Usage Minimum (224) */
+ 0x29, 0xe7, /* Usage Maximum (231) */
+ 0x15, 0x00, /* Logical Minimum (0) */
+ 0x25, 0x01, /* Logical Maximum (1) */
+ 0x81, 0x02, /* Input (Data, Variable, Absolute) */
+ 0x95, 0x01, /* Report Count (1) */
+ 0x75, 0x08, /* Report Size (8) */
+ 0x81, 0x01, /* Input (Constant) */
+ 0x95, 0x05, /* Report Count (5) */
+ 0x75, 0x01, /* Report Size (1) */
+ 0x05, 0x08, /* Usage Page (LEDs) */
+ 0x19, 0x01, /* Usage Minimum (1) */
+ 0x29, 0x05, /* Usage Maximum (5) */
+ 0x91, 0x02, /* Output (Data, Variable, Absolute) */
+ 0x95, 0x01, /* Report Count (1) */
+ 0x75, 0x03, /* Report Size (3) */
+ 0x91, 0x01, /* Output (Constant) */
+ 0x95, 0x06, /* Report Count (6) */
+ 0x75, 0x08, /* Report Size (8) */
+ 0x15, 0x00, /* Logical Minimum (0) */
+ 0x25, 0xff, /* Logical Maximum (255) */
+ 0x05, 0x07, /* Usage Page (Key Codes) */
+ 0x19, 0x00, /* Usage Minimum (0) */
+ 0x29, 0xff, /* Usage Maximum (255) */
+ 0x81, 0x00, /* Input (Data, Array) */
+ 0xc0 /* End Collection */
+ ))))
+ ATTRIBUTE(LANG_ID_BASE_LIST, LIST(
+ LIST(UINT16(0x0409) UINT16(0x0100))
+ ))
+ ATTRIBUTE(SDP_DISABLE, SDP_FALSE)
+ ATTRIBUTE(BATTERY_POWER, SDP_TRUE)
+ ATTRIBUTE(REMOTE_WAKEUP, SDP_TRUE)
+ ATTRIBUTE(BOOT_DEVICE, SDP_TRUE) /* XXX: untested */
+ ATTRIBUTE(SUPERVISION_TIMEOUT, UINT16(0x0c80))
+ ATTRIBUTE(NORMALLY_CONNECTABLE, SDP_TRUE)
+ ATTRIBUTE(PROFILE_VERSION, UINT16(0x0100))
+)
+
+SERVICE(sdp,
+ ATTRIBUTE(RECORD_HANDLE, UINT32(0)) /* Filled in later */
+ ATTRIBUTE(SVCLASS_ID_LIST, LIST(UUID128(SDP_SERVER_SVCLASS_ID)))
+ ATTRIBUTE(RECORD_STATE, UINT32(1))
+ ATTRIBUTE(PROTO_DESC_LIST, LIST(
+ LIST(UUID128(L2CAP_UUID) UINT16(BT_PSM_SDP))
+ LIST(UUID128(SDP_UUID))
+ ))
+ ATTRIBUTE(BROWSE_GRP_LIST, LIST(UUID128(0x1002)))
+ ATTRIBUTE(LANG_BASE_ATTR_ID_LIST, LIST(
+ UINT16(0x656e) UINT16(0x006a) UINT16(0x0100)
+ ))
+ ATTRIBUTE(PFILE_DESC_LIST, LIST(
+ LIST(UUID128(SDP_SERVER_PROFILE_ID) UINT16(0x0100))
+ ))
+ ATTRIBUTE(DOC_URL, URL("http://bellard.org/qemu/user-doc.html"))
+ ATTRIBUTE(SVCPROV_PRIMARY, STRING("QEMU"))
+
+ /* Profile specific */
+ ATTRIBUTE(VERSION_NUM_LIST, LIST(UINT16(0x0100)))
+ ATTRIBUTE(SVCDB_STATE , UINT32(1))
+)
+
+SERVICE(pnp,
+ ATTRIBUTE(RECORD_HANDLE, UINT32(0)) /* Filled in later */
+ ATTRIBUTE(SVCLASS_ID_LIST, LIST(UUID128(PNP_INFO_SVCLASS_ID)))
+ ATTRIBUTE(RECORD_STATE, UINT32(1))
+ ATTRIBUTE(PROTO_DESC_LIST, LIST(
+ LIST(UUID128(L2CAP_UUID) UINT16(BT_PSM_SDP))
+ LIST(UUID128(SDP_UUID))
+ ))
+ ATTRIBUTE(BROWSE_GRP_LIST, LIST(UUID128(0x1002)))
+ ATTRIBUTE(LANG_BASE_ATTR_ID_LIST, LIST(
+ UINT16(0x656e) UINT16(0x006a) UINT16(0x0100)
+ ))
+ ATTRIBUTE(PFILE_DESC_LIST, LIST(
+ LIST(UUID128(PNP_INFO_PROFILE_ID) UINT16(0x0100))
+ ))
+ ATTRIBUTE(DOC_URL, URL("http://bellard.org/qemu/user-doc.html"))
+ ATTRIBUTE(SVCPROV_PRIMARY, STRING("QEMU"))
+
+ /* Profile specific */
+ ATTRIBUTE(SPECIFICATION_ID, UINT16(0x0100))
+ ATTRIBUTE(VERSION, UINT16(0x0100))
+ ATTRIBUTE(PRIMARY_RECORD, SDP_TRUE)
+)
+
+static int bt_l2cap_sdp_new_ch(struct bt_l2cap_device_s *dev,
+ struct bt_l2cap_conn_params_s *params)
+{
+ struct bt_l2cap_sdp_state_s *sdp = g_malloc0(sizeof(*sdp));
+ struct sdp_def_service_s *services[] = {
+ &sdp_service_sdp_s,
+ &sdp_service_hid_s,
+ &sdp_service_pnp_s,
+ NULL,
+ };
+
+ sdp->channel = params;
+ sdp->channel->opaque = sdp;
+ sdp->channel->close = bt_l2cap_sdp_close_ch;
+ sdp->channel->sdu_in = bt_l2cap_sdp_sdu_in;
+
+ sdp_service_db_build(sdp, services);
+
+ return 0;
+}
+
+void bt_l2cap_sdp_init(struct bt_l2cap_device_s *dev)
+{
+ bt_l2cap_psm_register(dev, BT_PSM_SDP,
+ MAX_PDU_OUT_SIZE, bt_l2cap_sdp_new_ch);
+}
diff --git a/hw/cadence_gem.c b/hw/cadence_gem.c
deleted file mode 100644
index 0c037a299..000000000
--- a/hw/cadence_gem.c
+++ /dev/null
@@ -1,1233 +0,0 @@
-/*
- * QEMU Xilinx GEM emulation
- *
- * Copyright (c) 2011 Xilinx, Inc.
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
- * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
- * THE SOFTWARE.
- */
-
-#include <zlib.h> /* For crc32 */
-
-#include "sysbus.h"
-#include "net.h"
-#include "net/checksum.h"
-
-#ifdef CADENCE_GEM_ERR_DEBUG
-#define DB_PRINT(...) do { \
- fprintf(stderr, ": %s: ", __func__); \
- fprintf(stderr, ## __VA_ARGS__); \
- } while (0);
-#else
- #define DB_PRINT(...)
-#endif
-
-#define GEM_NWCTRL (0x00000000/4) /* Network Control reg */
-#define GEM_NWCFG (0x00000004/4) /* Network Config reg */
-#define GEM_NWSTATUS (0x00000008/4) /* Network Status reg */
-#define GEM_USERIO (0x0000000C/4) /* User IO reg */
-#define GEM_DMACFG (0x00000010/4) /* DMA Control reg */
-#define GEM_TXSTATUS (0x00000014/4) /* TX Status reg */
-#define GEM_RXQBASE (0x00000018/4) /* RX Q Base address reg */
-#define GEM_TXQBASE (0x0000001C/4) /* TX Q Base address reg */
-#define GEM_RXSTATUS (0x00000020/4) /* RX Status reg */
-#define GEM_ISR (0x00000024/4) /* Interrupt Status reg */
-#define GEM_IER (0x00000028/4) /* Interrupt Enable reg */
-#define GEM_IDR (0x0000002C/4) /* Interrupt Disable reg */
-#define GEM_IMR (0x00000030/4) /* Interrupt Mask reg */
-#define GEM_PHYMNTNC (0x00000034/4) /* Phy Maintaince reg */
-#define GEM_RXPAUSE (0x00000038/4) /* RX Pause Time reg */
-#define GEM_TXPAUSE (0x0000003C/4) /* TX Pause Time reg */
-#define GEM_TXPARTIALSF (0x00000040/4) /* TX Partial Store and Forward */
-#define GEM_RXPARTIALSF (0x00000044/4) /* RX Partial Store and Forward */
-#define GEM_HASHLO (0x00000080/4) /* Hash Low address reg */
-#define GEM_HASHHI (0x00000084/4) /* Hash High address reg */
-#define GEM_SPADDR1LO (0x00000088/4) /* Specific addr 1 low reg */
-#define GEM_SPADDR1HI (0x0000008C/4) /* Specific addr 1 high reg */
-#define GEM_SPADDR2LO (0x00000090/4) /* Specific addr 2 low reg */
-#define GEM_SPADDR2HI (0x00000094/4) /* Specific addr 2 high reg */
-#define GEM_SPADDR3LO (0x00000098/4) /* Specific addr 3 low reg */
-#define GEM_SPADDR3HI (0x0000009C/4) /* Specific addr 3 high reg */
-#define GEM_SPADDR4LO (0x000000A0/4) /* Specific addr 4 low reg */
-#define GEM_SPADDR4HI (0x000000A4/4) /* Specific addr 4 high reg */
-#define GEM_TIDMATCH1 (0x000000A8/4) /* Type ID1 Match reg */
-#define GEM_TIDMATCH2 (0x000000AC/4) /* Type ID2 Match reg */
-#define GEM_TIDMATCH3 (0x000000B0/4) /* Type ID3 Match reg */
-#define GEM_TIDMATCH4 (0x000000B4/4) /* Type ID4 Match reg */
-#define GEM_WOLAN (0x000000B8/4) /* Wake on LAN reg */
-#define GEM_IPGSTRETCH (0x000000BC/4) /* IPG Stretch reg */
-#define GEM_SVLAN (0x000000C0/4) /* Stacked VLAN reg */
-#define GEM_MODID (0x000000FC/4) /* Module ID reg */
-#define GEM_OCTTXLO (0x00000100/4) /* Octects transmitted Low reg */
-#define GEM_OCTTXHI (0x00000104/4) /* Octects transmitted High reg */
-#define GEM_TXCNT (0x00000108/4) /* Error-free Frames transmitted */
-#define GEM_TXBCNT (0x0000010C/4) /* Error-free Broadcast Frames */
-#define GEM_TXMCNT (0x00000110/4) /* Error-free Multicast Frame */
-#define GEM_TXPAUSECNT (0x00000114/4) /* Pause Frames Transmitted */
-#define GEM_TX64CNT (0x00000118/4) /* Error-free 64 TX */
-#define GEM_TX65CNT (0x0000011C/4) /* Error-free 65-127 TX */
-#define GEM_TX128CNT (0x00000120/4) /* Error-free 128-255 TX */
-#define GEM_TX256CNT (0x00000124/4) /* Error-free 256-511 */
-#define GEM_TX512CNT (0x00000128/4) /* Error-free 512-1023 TX */
-#define GEM_TX1024CNT (0x0000012C/4) /* Error-free 1024-1518 TX */
-#define GEM_TX1519CNT (0x00000130/4) /* Error-free larger than 1519 TX */
-#define GEM_TXURUNCNT (0x00000134/4) /* TX under run error counter */
-#define GEM_SINGLECOLLCNT (0x00000138/4) /* Single Collision Frames */
-#define GEM_MULTCOLLCNT (0x0000013C/4) /* Multiple Collision Frames */
-#define GEM_EXCESSCOLLCNT (0x00000140/4) /* Excessive Collision Frames */
-#define GEM_LATECOLLCNT (0x00000144/4) /* Late Collision Frames */
-#define GEM_DEFERTXCNT (0x00000148/4) /* Deferred Transmission Frames */
-#define GEM_CSENSECNT (0x0000014C/4) /* Carrier Sense Error Counter */
-#define GEM_OCTRXLO (0x00000150/4) /* Octects Received register Low */
-#define GEM_OCTRXHI (0x00000154/4) /* Octects Received register High */
-#define GEM_RXCNT (0x00000158/4) /* Error-free Frames Received */
-#define GEM_RXBROADCNT (0x0000015C/4) /* Error-free Broadcast Frames RX */
-#define GEM_RXMULTICNT (0x00000160/4) /* Error-free Multicast Frames RX */
-#define GEM_RXPAUSECNT (0x00000164/4) /* Pause Frames Received Counter */
-#define GEM_RX64CNT (0x00000168/4) /* Error-free 64 byte Frames RX */
-#define GEM_RX65CNT (0x0000016C/4) /* Error-free 65-127B Frames RX */
-#define GEM_RX128CNT (0x00000170/4) /* Error-free 128-255B Frames RX */
-#define GEM_RX256CNT (0x00000174/4) /* Error-free 256-512B Frames RX */
-#define GEM_RX512CNT (0x00000178/4) /* Error-free 512-1023B Frames RX */
-#define GEM_RX1024CNT (0x0000017C/4) /* Error-free 1024-1518B Frames RX */
-#define GEM_RX1519CNT (0x00000180/4) /* Error-free 1519-max Frames RX */
-#define GEM_RXUNDERCNT (0x00000184/4) /* Undersize Frames Received */
-#define GEM_RXOVERCNT (0x00000188/4) /* Oversize Frames Received */
-#define GEM_RXJABCNT (0x0000018C/4) /* Jabbers Received Counter */
-#define GEM_RXFCSCNT (0x00000190/4) /* Frame Check seq. Error Counter */
-#define GEM_RXLENERRCNT (0x00000194/4) /* Length Field Error Counter */
-#define GEM_RXSYMERRCNT (0x00000198/4) /* Symbol Error Counter */
-#define GEM_RXALIGNERRCNT (0x0000019C/4) /* Alignment Error Counter */
-#define GEM_RXRSCERRCNT (0x000001A0/4) /* Receive Resource Error Counter */
-#define GEM_RXORUNCNT (0x000001A4/4) /* Receive Overrun Counter */
-#define GEM_RXIPCSERRCNT (0x000001A8/4) /* IP header Checksum Error Counter */
-#define GEM_RXTCPCCNT (0x000001AC/4) /* TCP Checksum Error Counter */
-#define GEM_RXUDPCCNT (0x000001B0/4) /* UDP Checksum Error Counter */
-
-#define GEM_1588S (0x000001D0/4) /* 1588 Timer Seconds */
-#define GEM_1588NS (0x000001D4/4) /* 1588 Timer Nanoseconds */
-#define GEM_1588ADJ (0x000001D8/4) /* 1588 Timer Adjust */
-#define GEM_1588INC (0x000001DC/4) /* 1588 Timer Increment */
-#define GEM_PTPETXS (0x000001E0/4) /* PTP Event Frame Transmitted (s) */
-#define GEM_PTPETXNS (0x000001E4/4) /* PTP Event Frame Transmitted (ns) */
-#define GEM_PTPERXS (0x000001E8/4) /* PTP Event Frame Received (s) */
-#define GEM_PTPERXNS (0x000001EC/4) /* PTP Event Frame Received (ns) */
-#define GEM_PTPPTXS (0x000001E0/4) /* PTP Peer Frame Transmitted (s) */
-#define GEM_PTPPTXNS (0x000001E4/4) /* PTP Peer Frame Transmitted (ns) */
-#define GEM_PTPPRXS (0x000001E8/4) /* PTP Peer Frame Received (s) */
-#define GEM_PTPPRXNS (0x000001EC/4) /* PTP Peer Frame Received (ns) */
-
-/* Design Configuration Registers */
-#define GEM_DESCONF (0x00000280/4)
-#define GEM_DESCONF2 (0x00000284/4)
-#define GEM_DESCONF3 (0x00000288/4)
-#define GEM_DESCONF4 (0x0000028C/4)
-#define GEM_DESCONF5 (0x00000290/4)
-#define GEM_DESCONF6 (0x00000294/4)
-#define GEM_DESCONF7 (0x00000298/4)
-
-#define GEM_MAXREG (0x00000640/4) /* Last valid GEM address */
-
-/*****************************************/
-#define GEM_NWCTRL_TXSTART 0x00000200 /* Transmit Enable */
-#define GEM_NWCTRL_TXENA 0x00000008 /* Transmit Enable */
-#define GEM_NWCTRL_RXENA 0x00000004 /* Receive Enable */
-#define GEM_NWCTRL_LOCALLOOP 0x00000002 /* Local Loopback */
-
-#define GEM_NWCFG_STRIP_FCS 0x00020000 /* Strip FCS field */
-#define GEM_NWCFG_LERR_DISC 0x00010000 /* Discard RX frames with lenth err */
-#define GEM_NWCFG_BUFF_OFST_M 0x0000C000 /* Receive buffer offset mask */
-#define GEM_NWCFG_BUFF_OFST_S 14 /* Receive buffer offset shift */
-#define GEM_NWCFG_UCAST_HASH 0x00000080 /* accept unicast if hash match */
-#define GEM_NWCFG_MCAST_HASH 0x00000040 /* accept multicast if hash match */
-#define GEM_NWCFG_BCAST_REJ 0x00000020 /* Reject broadcast packets */
-#define GEM_NWCFG_PROMISC 0x00000010 /* Accept all packets */
-
-#define GEM_DMACFG_RBUFSZ_M 0x007F0000 /* DMA RX Buffer Size mask */
-#define GEM_DMACFG_RBUFSZ_S 16 /* DMA RX Buffer Size shift */
-#define GEM_DMACFG_RBUFSZ_MUL 64 /* DMA RX Buffer Size multiplier */
-#define GEM_DMACFG_TXCSUM_OFFL 0x00000800 /* Transmit checksum offload */
-
-#define GEM_TXSTATUS_TXCMPL 0x00000020 /* Transmit Complete */
-#define GEM_TXSTATUS_USED 0x00000001 /* sw owned descriptor encountered */
-
-#define GEM_RXSTATUS_FRMRCVD 0x00000002 /* Frame received */
-#define GEM_RXSTATUS_NOBUF 0x00000001 /* Buffer unavailable */
-
-/* GEM_ISR GEM_IER GEM_IDR GEM_IMR */
-#define GEM_INT_TXCMPL 0x00000080 /* Transmit Complete */
-#define GEM_INT_TXUSED 0x00000008
-#define GEM_INT_RXUSED 0x00000004
-#define GEM_INT_RXCMPL 0x00000002
-
-#define GEM_PHYMNTNC_OP_R 0x20000000 /* read operation */
-#define GEM_PHYMNTNC_OP_W 0x10000000 /* write operation */
-#define GEM_PHYMNTNC_ADDR 0x0F800000 /* Address bits */
-#define GEM_PHYMNTNC_ADDR_SHFT 23
-#define GEM_PHYMNTNC_REG 0x007C0000 /* register bits */
-#define GEM_PHYMNTNC_REG_SHIFT 18
-
-/* Marvell PHY definitions */
-#define BOARD_PHY_ADDRESS 23 /* PHY address we will emulate a device at */
-
-#define PHY_REG_CONTROL 0
-#define PHY_REG_STATUS 1
-#define PHY_REG_PHYID1 2
-#define PHY_REG_PHYID2 3
-#define PHY_REG_ANEGADV 4
-#define PHY_REG_LINKPABIL 5
-#define PHY_REG_ANEGEXP 6
-#define PHY_REG_NEXTP 7
-#define PHY_REG_LINKPNEXTP 8
-#define PHY_REG_100BTCTRL 9
-#define PHY_REG_1000BTSTAT 10
-#define PHY_REG_EXTSTAT 15
-#define PHY_REG_PHYSPCFC_CTL 16
-#define PHY_REG_PHYSPCFC_ST 17
-#define PHY_REG_INT_EN 18
-#define PHY_REG_INT_ST 19
-#define PHY_REG_EXT_PHYSPCFC_CTL 20
-#define PHY_REG_RXERR 21
-#define PHY_REG_EACD 22
-#define PHY_REG_LED 24
-#define PHY_REG_LED_OVRD 25
-#define PHY_REG_EXT_PHYSPCFC_CTL2 26
-#define PHY_REG_EXT_PHYSPCFC_ST 27
-#define PHY_REG_CABLE_DIAG 28
-
-#define PHY_REG_CONTROL_RST 0x8000
-#define PHY_REG_CONTROL_LOOP 0x4000
-#define PHY_REG_CONTROL_ANEG 0x1000
-
-#define PHY_REG_STATUS_LINK 0x0004
-#define PHY_REG_STATUS_ANEGCMPL 0x0020
-
-#define PHY_REG_INT_ST_ANEGCMPL 0x0800
-#define PHY_REG_INT_ST_LINKC 0x0400
-#define PHY_REG_INT_ST_ENERGY 0x0010
-
-/***********************************************************************/
-#define GEM_RX_REJECT 1
-#define GEM_RX_ACCEPT 0
-
-/***********************************************************************/
-
-#define DESC_1_USED 0x80000000
-#define DESC_1_LENGTH 0x00001FFF
-
-#define DESC_1_TX_WRAP 0x40000000
-#define DESC_1_TX_LAST 0x00008000
-
-#define DESC_0_RX_WRAP 0x00000002
-#define DESC_0_RX_OWNERSHIP 0x00000001
-
-#define DESC_1_RX_SOF 0x00004000
-#define DESC_1_RX_EOF 0x00008000
-
-static inline unsigned tx_desc_get_buffer(unsigned *desc)
-{
- return desc[0];
-}
-
-static inline unsigned tx_desc_get_used(unsigned *desc)
-{
- return (desc[1] & DESC_1_USED) ? 1 : 0;
-}
-
-static inline void tx_desc_set_used(unsigned *desc)
-{
- desc[1] |= DESC_1_USED;
-}
-
-static inline unsigned tx_desc_get_wrap(unsigned *desc)
-{
- return (desc[1] & DESC_1_TX_WRAP) ? 1 : 0;
-}
-
-static inline unsigned tx_desc_get_last(unsigned *desc)
-{
- return (desc[1] & DESC_1_TX_LAST) ? 1 : 0;
-}
-
-static inline unsigned tx_desc_get_length(unsigned *desc)
-{
- return desc[1] & DESC_1_LENGTH;
-}
-
-static inline void print_gem_tx_desc(unsigned *desc)
-{
- DB_PRINT("TXDESC:\n");
- DB_PRINT("bufaddr: 0x%08x\n", *desc);
- DB_PRINT("used_hw: %d\n", tx_desc_get_used(desc));
- DB_PRINT("wrap: %d\n", tx_desc_get_wrap(desc));
- DB_PRINT("last: %d\n", tx_desc_get_last(desc));
- DB_PRINT("length: %d\n", tx_desc_get_length(desc));
-}
-
-static inline unsigned rx_desc_get_buffer(unsigned *desc)
-{
- return desc[0] & ~0x3UL;
-}
-
-static inline unsigned rx_desc_get_wrap(unsigned *desc)
-{
- return desc[0] & DESC_0_RX_WRAP ? 1 : 0;
-}
-
-static inline unsigned rx_desc_get_ownership(unsigned *desc)
-{
- return desc[0] & DESC_0_RX_OWNERSHIP ? 1 : 0;
-}
-
-static inline void rx_desc_set_ownership(unsigned *desc)
-{
- desc[0] |= DESC_0_RX_OWNERSHIP;
-}
-
-static inline void rx_desc_set_sof(unsigned *desc)
-{
- desc[1] |= DESC_1_RX_SOF;
-}
-
-static inline void rx_desc_set_eof(unsigned *desc)
-{
- desc[1] |= DESC_1_RX_EOF;
-}
-
-static inline void rx_desc_set_length(unsigned *desc, unsigned len)
-{
- desc[1] &= ~DESC_1_LENGTH;
- desc[1] |= len;
-}
-
-typedef struct {
- SysBusDevice busdev;
- MemoryRegion iomem;
- NICState *nic;
- NICConf conf;
- qemu_irq irq;
-
- /* GEM registers backing store */
- uint32_t regs[GEM_MAXREG];
- /* Mask of register bits which are write only */
- uint32_t regs_wo[GEM_MAXREG];
- /* Mask of register bits which are read only */
- uint32_t regs_ro[GEM_MAXREG];
- /* Mask of register bits which are clear on read */
- uint32_t regs_rtc[GEM_MAXREG];
- /* Mask of register bits which are write 1 to clear */
- uint32_t regs_w1c[GEM_MAXREG];
-
- /* PHY registers backing store */
- uint16_t phy_regs[32];
-
- uint8_t phy_loop; /* Are we in phy loopback? */
-
- /* The current DMA descriptor pointers */
- uint32_t rx_desc_addr;
- uint32_t tx_desc_addr;
-
-} GemState;
-
-/* The broadcast MAC address: 0xFFFFFFFFFFFF */
-const uint8_t broadcast_addr[] = { 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF };
-
-/*
- * gem_init_register_masks:
- * One time initialization.
- * Set masks to identify which register bits have magical clear properties
- */
-static void gem_init_register_masks(GemState *s)
-{
- /* Mask of register bits which are read only*/
- memset(&s->regs_ro[0], 0, sizeof(s->regs_ro));
- s->regs_ro[GEM_NWCTRL] = 0xFFF80000;
- s->regs_ro[GEM_NWSTATUS] = 0xFFFFFFFF;
- s->regs_ro[GEM_DMACFG] = 0xFE00F000;
- s->regs_ro[GEM_TXSTATUS] = 0xFFFFFE08;
- s->regs_ro[GEM_RXQBASE] = 0x00000003;
- s->regs_ro[GEM_TXQBASE] = 0x00000003;
- s->regs_ro[GEM_RXSTATUS] = 0xFFFFFFF0;
- s->regs_ro[GEM_ISR] = 0xFFFFFFFF;
- s->regs_ro[GEM_IMR] = 0xFFFFFFFF;
- s->regs_ro[GEM_MODID] = 0xFFFFFFFF;
-
- /* Mask of register bits which are clear on read */
- memset(&s->regs_rtc[0], 0, sizeof(s->regs_rtc));
- s->regs_rtc[GEM_ISR] = 0xFFFFFFFF;
-
- /* Mask of register bits which are write 1 to clear */
- memset(&s->regs_w1c[0], 0, sizeof(s->regs_w1c));
- s->regs_w1c[GEM_TXSTATUS] = 0x000001F7;
- s->regs_w1c[GEM_RXSTATUS] = 0x0000000F;
-
- /* Mask of register bits which are write only */
- memset(&s->regs_wo[0], 0, sizeof(s->regs_wo));
- s->regs_wo[GEM_NWCTRL] = 0x00073E60;
- s->regs_wo[GEM_IER] = 0x07FFFFFF;
- s->regs_wo[GEM_IDR] = 0x07FFFFFF;
-}
-
-/*
- * phy_update_link:
- * Make the emulated PHY link state match the QEMU "interface" state.
- */
-static void phy_update_link(GemState *s)
-{
- DB_PRINT("down %d\n", s->nic->nc.link_down);
-
- /* Autonegotiation status mirrors link status. */
- if (s->nic->nc.link_down) {
- s->phy_regs[PHY_REG_STATUS] &= ~(PHY_REG_STATUS_ANEGCMPL |
- PHY_REG_STATUS_LINK);
- s->phy_regs[PHY_REG_INT_ST] |= PHY_REG_INT_ST_LINKC;
- } else {
- s->phy_regs[PHY_REG_STATUS] |= (PHY_REG_STATUS_ANEGCMPL |
- PHY_REG_STATUS_LINK);
- s->phy_regs[PHY_REG_INT_ST] |= (PHY_REG_INT_ST_LINKC |
- PHY_REG_INT_ST_ANEGCMPL |
- PHY_REG_INT_ST_ENERGY);
- }
-}
-
-static int gem_can_receive(NetClientState *nc)
-{
- GemState *s;
-
- s = DO_UPCAST(NICState, nc, nc)->opaque;
-
- DB_PRINT("\n");
-
- /* Do nothing if receive is not enabled. */
- if (!(s->regs[GEM_NWCTRL] & GEM_NWCTRL_RXENA)) {
- return 0;
- }
-
- return 1;
-}
-
-/*
- * gem_update_int_status:
- * Raise or lower interrupt based on current status.
- */
-static void gem_update_int_status(GemState *s)
-{
- uint32_t new_interrupts = 0;
- /* Packet transmitted ? */
- if (s->regs[GEM_TXSTATUS] & GEM_TXSTATUS_TXCMPL) {
- new_interrupts |= GEM_INT_TXCMPL;
- }
- /* End of TX ring ? */
- if (s->regs[GEM_TXSTATUS] & GEM_TXSTATUS_USED) {
- new_interrupts |= GEM_INT_TXUSED;
- }
-
- /* Frame received ? */
- if (s->regs[GEM_RXSTATUS] & GEM_RXSTATUS_FRMRCVD) {
- new_interrupts |= GEM_INT_RXCMPL;
- }
- /* RX ring full ? */
- if (s->regs[GEM_RXSTATUS] & GEM_RXSTATUS_NOBUF) {
- new_interrupts |= GEM_INT_RXUSED;
- }
-
- s->regs[GEM_ISR] |= new_interrupts & ~(s->regs[GEM_IMR]);
-
- if (s->regs[GEM_ISR]) {
- DB_PRINT("asserting int. (0x%08x)\n", s->regs[GEM_ISR]);
- qemu_set_irq(s->irq, 1);
- } else {
- qemu_set_irq(s->irq, 0);
- }
-}
-
-/*
- * gem_receive_updatestats:
- * Increment receive statistics.
- */
-static void gem_receive_updatestats(GemState *s, const uint8_t *packet,
- unsigned bytes)
-{
- uint64_t octets;
-
- /* Total octets (bytes) received */
- octets = ((uint64_t)(s->regs[GEM_OCTRXLO]) << 32) |
- s->regs[GEM_OCTRXHI];
- octets += bytes;
- s->regs[GEM_OCTRXLO] = octets >> 32;
- s->regs[GEM_OCTRXHI] = octets;
-
- /* Error-free Frames received */
- s->regs[GEM_RXCNT]++;
-
- /* Error-free Broadcast Frames counter */
- if (!memcmp(packet, broadcast_addr, 6)) {
- s->regs[GEM_RXBROADCNT]++;
- }
-
- /* Error-free Multicast Frames counter */
- if (packet[0] == 0x01) {
- s->regs[GEM_RXMULTICNT]++;
- }
-
- if (bytes <= 64) {
- s->regs[GEM_RX64CNT]++;
- } else if (bytes <= 127) {
- s->regs[GEM_RX65CNT]++;
- } else if (bytes <= 255) {
- s->regs[GEM_RX128CNT]++;
- } else if (bytes <= 511) {
- s->regs[GEM_RX256CNT]++;
- } else if (bytes <= 1023) {
- s->regs[GEM_RX512CNT]++;
- } else if (bytes <= 1518) {
- s->regs[GEM_RX1024CNT]++;
- } else {
- s->regs[GEM_RX1519CNT]++;
- }
-}
-
-/*
- * Get the MAC Address bit from the specified position
- */
-static unsigned get_bit(const uint8_t *mac, unsigned bit)
-{
- unsigned byte;
-
- byte = mac[bit / 8];
- byte >>= (bit & 0x7);
- byte &= 1;
-
- return byte;
-}
-
-/*
- * Calculate a GEM MAC Address hash index
- */
-static unsigned calc_mac_hash(const uint8_t *mac)
-{
- int index_bit, mac_bit;
- unsigned hash_index;
-
- hash_index = 0;
- mac_bit = 5;
- for (index_bit = 5; index_bit >= 0; index_bit--) {
- hash_index |= (get_bit(mac, mac_bit) ^
- get_bit(mac, mac_bit + 6) ^
- get_bit(mac, mac_bit + 12) ^
- get_bit(mac, mac_bit + 18) ^
- get_bit(mac, mac_bit + 24) ^
- get_bit(mac, mac_bit + 30) ^
- get_bit(mac, mac_bit + 36) ^
- get_bit(mac, mac_bit + 42)) << index_bit;
- mac_bit--;
- }
-
- return hash_index;
-}
-
-/*
- * gem_mac_address_filter:
- * Accept or reject this destination address?
- * Returns:
- * GEM_RX_REJECT: reject
- * GEM_RX_ACCEPT: accept
- */
-static int gem_mac_address_filter(GemState *s, const uint8_t *packet)
-{
- uint8_t *gem_spaddr;
- int i;
-
- /* Promiscuous mode? */
- if (s->regs[GEM_NWCFG] & GEM_NWCFG_PROMISC) {
- return GEM_RX_ACCEPT;
- }
-
- if (!memcmp(packet, broadcast_addr, 6)) {
- /* Reject broadcast packets? */
- if (s->regs[GEM_NWCFG] & GEM_NWCFG_BCAST_REJ) {
- return GEM_RX_REJECT;
- }
- return GEM_RX_ACCEPT;
- }
-
- /* Accept packets -w- hash match? */
- if ((packet[0] == 0x01 && (s->regs[GEM_NWCFG] & GEM_NWCFG_MCAST_HASH)) ||
- (packet[0] != 0x01 && (s->regs[GEM_NWCFG] & GEM_NWCFG_UCAST_HASH))) {
- unsigned hash_index;
-
- hash_index = calc_mac_hash(packet);
- if (hash_index < 32) {
- if (s->regs[GEM_HASHLO] & (1<<hash_index)) {
- return GEM_RX_ACCEPT;
- }
- } else {
- hash_index -= 32;
- if (s->regs[GEM_HASHHI] & (1<<hash_index)) {
- return GEM_RX_ACCEPT;
- }
- }
- }
-
- /* Check all 4 specific addresses */
- gem_spaddr = (uint8_t *)&(s->regs[GEM_SPADDR1LO]);
- for (i = 0; i < 4; i++) {
- if (!memcmp(packet, gem_spaddr, 6)) {
- return GEM_RX_ACCEPT;
- }
-
- gem_spaddr += 8;
- }
-
- /* No address match; reject the packet */
- return GEM_RX_REJECT;
-}
-
-/*
- * gem_receive:
- * Fit a packet handed to us by QEMU into the receive descriptor ring.
- */
-static ssize_t gem_receive(NetClientState *nc, const uint8_t *buf, size_t size)
-{
- unsigned desc[2];
- hwaddr packet_desc_addr, last_desc_addr;
- GemState *s;
- unsigned rxbufsize, bytes_to_copy;
- unsigned rxbuf_offset;
- uint8_t rxbuf[2048];
- uint8_t *rxbuf_ptr;
-
- s = DO_UPCAST(NICState, nc, nc)->opaque;
-
- /* Do nothing if receive is not enabled. */
- if (!(s->regs[GEM_NWCTRL] & GEM_NWCTRL_RXENA)) {
- return -1;
- }
-
- /* Is this destination MAC address "for us" ? */
- if (gem_mac_address_filter(s, buf) == GEM_RX_REJECT) {
- return -1;
- }
-
- /* Discard packets with receive length error enabled ? */
- if (s->regs[GEM_NWCFG] & GEM_NWCFG_LERR_DISC) {
- unsigned type_len;
-
- /* Fish the ethertype / length field out of the RX packet */
- type_len = buf[12] << 8 | buf[13];
- /* It is a length field, not an ethertype */
- if (type_len < 0x600) {
- if (size < type_len) {
- /* discard */
- return -1;
- }
- }
- }
-
- /*
- * Determine configured receive buffer offset (probably 0)
- */
- rxbuf_offset = (s->regs[GEM_NWCFG] & GEM_NWCFG_BUFF_OFST_M) >>
- GEM_NWCFG_BUFF_OFST_S;
-
- /* The configure size of each receive buffer. Determines how many
- * buffers needed to hold this packet.
- */
- rxbufsize = ((s->regs[GEM_DMACFG] & GEM_DMACFG_RBUFSZ_M) >>
- GEM_DMACFG_RBUFSZ_S) * GEM_DMACFG_RBUFSZ_MUL;
- bytes_to_copy = size;
-
- /* Strip of FCS field ? (usually yes) */
- if (s->regs[GEM_NWCFG] & GEM_NWCFG_STRIP_FCS) {
- rxbuf_ptr = (void *)buf;
- } else {
- unsigned crc_val;
- int crc_offset;
-
- /* The application wants the FCS field, which QEMU does not provide.
- * We must try and caclculate one.
- */
-
- memcpy(rxbuf, buf, size);
- memset(rxbuf + size, 0, sizeof(rxbuf) - size);
- rxbuf_ptr = rxbuf;
- crc_val = cpu_to_le32(crc32(0, rxbuf, MAX(size, 60)));
- if (size < 60) {
- crc_offset = 60;
- } else {
- crc_offset = size;
- }
- memcpy(rxbuf + crc_offset, &crc_val, sizeof(crc_val));
-
- bytes_to_copy += 4;
- size += 4;
- }
-
- /* Pad to minimum length */
- if (size < 64) {
- size = 64;
- }
-
- DB_PRINT("config bufsize: %d packet size: %ld\n", rxbufsize, size);
-
- packet_desc_addr = s->rx_desc_addr;
- while (1) {
- DB_PRINT("read descriptor 0x%x\n", packet_desc_addr);
- /* read current descriptor */
- cpu_physical_memory_read(packet_desc_addr,
- (uint8_t *)&desc[0], sizeof(desc));
-
- /* Descriptor owned by software ? */
- if (rx_desc_get_ownership(desc) == 1) {
- DB_PRINT("descriptor 0x%x owned by sw.\n", packet_desc_addr);
- s->regs[GEM_RXSTATUS] |= GEM_RXSTATUS_NOBUF;
- /* Handle interrupt consequences */
- gem_update_int_status(s);
- return -1;
- }
-
- DB_PRINT("copy %d bytes to 0x%x\n", MIN(bytes_to_copy, rxbufsize),
- rx_desc_get_buffer(desc));
-
- /*
- * Let's have QEMU lend a helping hand.
- */
- if (rx_desc_get_buffer(desc) == 0) {
- DB_PRINT("Invalid RX buffer (NULL) for descriptor 0x%x\n",
- packet_desc_addr);
- break;
- }
-
- /* Copy packet data to emulated DMA buffer */
- cpu_physical_memory_write(rx_desc_get_buffer(desc) + rxbuf_offset,
- rxbuf_ptr, MIN(bytes_to_copy, rxbufsize));
- bytes_to_copy -= MIN(bytes_to_copy, rxbufsize);
- rxbuf_ptr += MIN(bytes_to_copy, rxbufsize);
- if (bytes_to_copy == 0) {
- break;
- }
-
- /* Next descriptor */
- if (rx_desc_get_wrap(desc)) {
- packet_desc_addr = s->regs[GEM_RXQBASE];
- } else {
- packet_desc_addr += 8;
- }
- }
-
- DB_PRINT("set length: %ld, EOF on descriptor 0x%x\n", size,
- (unsigned)packet_desc_addr);
-
- /* Update last descriptor with EOF and total length */
- rx_desc_set_eof(desc);
- rx_desc_set_length(desc, size);
- cpu_physical_memory_write(packet_desc_addr,
- (uint8_t *)&desc[0], sizeof(desc));
-
- /* Advance RX packet descriptor Q */
- last_desc_addr = packet_desc_addr;
- packet_desc_addr = s->rx_desc_addr;
- s->rx_desc_addr = last_desc_addr;
- if (rx_desc_get_wrap(desc)) {
- s->rx_desc_addr = s->regs[GEM_RXQBASE];
- } else {
- s->rx_desc_addr += 8;
- }
-
- DB_PRINT("set SOF, OWN on descriptor 0x%08x\n", packet_desc_addr);
-
- /* Count it */
- gem_receive_updatestats(s, buf, size);
-
- /* Update first descriptor (which could also be the last) */
- /* read descriptor */
- cpu_physical_memory_read(packet_desc_addr,
- (uint8_t *)&desc[0], sizeof(desc));
- rx_desc_set_sof(desc);
- rx_desc_set_ownership(desc);
- cpu_physical_memory_write(packet_desc_addr,
- (uint8_t *)&desc[0], sizeof(desc));
-
- s->regs[GEM_RXSTATUS] |= GEM_RXSTATUS_FRMRCVD;
-
- /* Handle interrupt consequences */
- gem_update_int_status(s);
-
- return size;
-}
-
-/*
- * gem_transmit_updatestats:
- * Increment transmit statistics.
- */
-static void gem_transmit_updatestats(GemState *s, const uint8_t *packet,
- unsigned bytes)
-{
- uint64_t octets;
-
- /* Total octets (bytes) transmitted */
- octets = ((uint64_t)(s->regs[GEM_OCTTXLO]) << 32) |
- s->regs[GEM_OCTTXHI];
- octets += bytes;
- s->regs[GEM_OCTTXLO] = octets >> 32;
- s->regs[GEM_OCTTXHI] = octets;
-
- /* Error-free Frames transmitted */
- s->regs[GEM_TXCNT]++;
-
- /* Error-free Broadcast Frames counter */
- if (!memcmp(packet, broadcast_addr, 6)) {
- s->regs[GEM_TXBCNT]++;
- }
-
- /* Error-free Multicast Frames counter */
- if (packet[0] == 0x01) {
- s->regs[GEM_TXMCNT]++;
- }
-
- if (bytes <= 64) {
- s->regs[GEM_TX64CNT]++;
- } else if (bytes <= 127) {
- s->regs[GEM_TX65CNT]++;
- } else if (bytes <= 255) {
- s->regs[GEM_TX128CNT]++;
- } else if (bytes <= 511) {
- s->regs[GEM_TX256CNT]++;
- } else if (bytes <= 1023) {
- s->regs[GEM_TX512CNT]++;
- } else if (bytes <= 1518) {
- s->regs[GEM_TX1024CNT]++;
- } else {
- s->regs[GEM_TX1519CNT]++;
- }
-}
-
-/*
- * gem_transmit:
- * Fish packets out of the descriptor ring and feed them to QEMU
- */
-static void gem_transmit(GemState *s)
-{
- unsigned desc[2];
- hwaddr packet_desc_addr;
- uint8_t tx_packet[2048];
- uint8_t *p;
- unsigned total_bytes;
-
- /* Do nothing if transmit is not enabled. */
- if (!(s->regs[GEM_NWCTRL] & GEM_NWCTRL_TXENA)) {
- return;
- }
-
- DB_PRINT("\n");
-
- /* The packet we will hand off to qemu.
- * Packets scattered across multiple descriptors are gathered to this
- * one contiguous buffer first.
- */
- p = tx_packet;
- total_bytes = 0;
-
- /* read current descriptor */
- packet_desc_addr = s->tx_desc_addr;
- cpu_physical_memory_read(packet_desc_addr,
- (uint8_t *)&desc[0], sizeof(desc));
- /* Handle all descriptors owned by hardware */
- while (tx_desc_get_used(desc) == 0) {
-
- /* Do nothing if transmit is not enabled. */
- if (!(s->regs[GEM_NWCTRL] & GEM_NWCTRL_TXENA)) {
- return;
- }
- print_gem_tx_desc(desc);
-
- /* The real hardware would eat this (and possibly crash).
- * For QEMU let's lend a helping hand.
- */
- if ((tx_desc_get_buffer(desc) == 0) ||
- (tx_desc_get_length(desc) == 0)) {
- DB_PRINT("Invalid TX descriptor @ 0x%x\n", packet_desc_addr);
- break;
- }
-
- /* Gather this fragment of the packet from "dma memory" to our contig.
- * buffer.
- */
- cpu_physical_memory_read(tx_desc_get_buffer(desc), p,
- tx_desc_get_length(desc));
- p += tx_desc_get_length(desc);
- total_bytes += tx_desc_get_length(desc);
-
- /* Last descriptor for this packet; hand the whole thing off */
- if (tx_desc_get_last(desc)) {
- /* Modify the 1st descriptor of this packet to be owned by
- * the processor.
- */
- cpu_physical_memory_read(s->tx_desc_addr,
- (uint8_t *)&desc[0], sizeof(desc));
- tx_desc_set_used(desc);
- cpu_physical_memory_write(s->tx_desc_addr,
- (uint8_t *)&desc[0], sizeof(desc));
- /* Advance the hardare current descriptor past this packet */
- if (tx_desc_get_wrap(desc)) {
- s->tx_desc_addr = s->regs[GEM_TXQBASE];
- } else {
- s->tx_desc_addr = packet_desc_addr + 8;
- }
- DB_PRINT("TX descriptor next: 0x%08x\n", s->tx_desc_addr);
-
- s->regs[GEM_TXSTATUS] |= GEM_TXSTATUS_TXCMPL;
-
- /* Handle interrupt consequences */
- gem_update_int_status(s);
-
- /* Is checksum offload enabled? */
- if (s->regs[GEM_DMACFG] & GEM_DMACFG_TXCSUM_OFFL) {
- net_checksum_calculate(tx_packet, total_bytes);
- }
-
- /* Update MAC statistics */
- gem_transmit_updatestats(s, tx_packet, total_bytes);
-
- /* Send the packet somewhere */
- if (s->phy_loop) {
- gem_receive(&s->nic->nc, tx_packet, total_bytes);
- } else {
- qemu_send_packet(&s->nic->nc, tx_packet, total_bytes);
- }
-
- /* Prepare for next packet */
- p = tx_packet;
- total_bytes = 0;
- }
-
- /* read next descriptor */
- if (tx_desc_get_wrap(desc)) {
- packet_desc_addr = s->regs[GEM_TXQBASE];
- } else {
- packet_desc_addr += 8;
- }
- cpu_physical_memory_read(packet_desc_addr,
- (uint8_t *)&desc[0], sizeof(desc));
- }
-
- if (tx_desc_get_used(desc)) {
- s->regs[GEM_TXSTATUS] |= GEM_TXSTATUS_USED;
- gem_update_int_status(s);
- }
-}
-
-static void gem_phy_reset(GemState *s)
-{
- memset(&s->phy_regs[0], 0, sizeof(s->phy_regs));
- s->phy_regs[PHY_REG_CONTROL] = 0x1140;
- s->phy_regs[PHY_REG_STATUS] = 0x7969;
- s->phy_regs[PHY_REG_PHYID1] = 0x0141;
- s->phy_regs[PHY_REG_PHYID2] = 0x0CC2;
- s->phy_regs[PHY_REG_ANEGADV] = 0x01E1;
- s->phy_regs[PHY_REG_LINKPABIL] = 0xCDE1;
- s->phy_regs[PHY_REG_ANEGEXP] = 0x000F;
- s->phy_regs[PHY_REG_NEXTP] = 0x2001;
- s->phy_regs[PHY_REG_LINKPNEXTP] = 0x40E6;
- s->phy_regs[PHY_REG_100BTCTRL] = 0x0300;
- s->phy_regs[PHY_REG_1000BTSTAT] = 0x7C00;
- s->phy_regs[PHY_REG_EXTSTAT] = 0x3000;
- s->phy_regs[PHY_REG_PHYSPCFC_CTL] = 0x0078;
- s->phy_regs[PHY_REG_PHYSPCFC_ST] = 0xBC00;
- s->phy_regs[PHY_REG_EXT_PHYSPCFC_CTL] = 0x0C60;
- s->phy_regs[PHY_REG_LED] = 0x4100;
- s->phy_regs[PHY_REG_EXT_PHYSPCFC_CTL2] = 0x000A;
- s->phy_regs[PHY_REG_EXT_PHYSPCFC_ST] = 0x848B;
-
- phy_update_link(s);
-}
-
-static void gem_reset(DeviceState *d)
-{
- GemState *s = FROM_SYSBUS(GemState, sysbus_from_qdev(d));
-
- DB_PRINT("\n");
-
- /* Set post reset register values */
- memset(&s->regs[0], 0, sizeof(s->regs));
- s->regs[GEM_NWCFG] = 0x00080000;
- s->regs[GEM_NWSTATUS] = 0x00000006;
- s->regs[GEM_DMACFG] = 0x00020784;
- s->regs[GEM_IMR] = 0x07ffffff;
- s->regs[GEM_TXPAUSE] = 0x0000ffff;
- s->regs[GEM_TXPARTIALSF] = 0x000003ff;
- s->regs[GEM_RXPARTIALSF] = 0x000003ff;
- s->regs[GEM_MODID] = 0x00020118;
- s->regs[GEM_DESCONF] = 0x02500111;
- s->regs[GEM_DESCONF2] = 0x2ab13fff;
- s->regs[GEM_DESCONF5] = 0x002f2145;
- s->regs[GEM_DESCONF6] = 0x00000200;
-
- gem_phy_reset(s);
-
- gem_update_int_status(s);
-}
-
-static uint16_t gem_phy_read(GemState *s, unsigned reg_num)
-{
- DB_PRINT("reg: %d value: 0x%04x\n", reg_num, s->phy_regs[reg_num]);
- return s->phy_regs[reg_num];
-}
-
-static void gem_phy_write(GemState *s, unsigned reg_num, uint16_t val)
-{
- DB_PRINT("reg: %d value: 0x%04x\n", reg_num, val);
-
- switch (reg_num) {
- case PHY_REG_CONTROL:
- if (val & PHY_REG_CONTROL_RST) {
- /* Phy reset */
- gem_phy_reset(s);
- val &= ~(PHY_REG_CONTROL_RST | PHY_REG_CONTROL_LOOP);
- s->phy_loop = 0;
- }
- if (val & PHY_REG_CONTROL_ANEG) {
- /* Complete autonegotiation immediately */
- val &= ~PHY_REG_CONTROL_ANEG;
- s->phy_regs[PHY_REG_STATUS] |= PHY_REG_STATUS_ANEGCMPL;
- }
- if (val & PHY_REG_CONTROL_LOOP) {
- DB_PRINT("PHY placed in loopback\n");
- s->phy_loop = 1;
- } else {
- s->phy_loop = 0;
- }
- break;
- }
- s->phy_regs[reg_num] = val;
-}
-
-/*
- * gem_read32:
- * Read a GEM register.
- */
-static uint64_t gem_read(void *opaque, hwaddr offset, unsigned size)
-{
- GemState *s;
- uint32_t retval;
-
- s = (GemState *)opaque;
-
- offset >>= 2;
- retval = s->regs[offset];
-
- DB_PRINT("offset: 0x%04x read: 0x%08x\n", offset*4, retval);
-
- switch (offset) {
- case GEM_ISR:
- qemu_set_irq(s->irq, 0);
- break;
- case GEM_PHYMNTNC:
- if (retval & GEM_PHYMNTNC_OP_R) {
- uint32_t phy_addr, reg_num;
-
- phy_addr = (retval & GEM_PHYMNTNC_ADDR) >> GEM_PHYMNTNC_ADDR_SHFT;
- if (phy_addr == BOARD_PHY_ADDRESS) {
- reg_num = (retval & GEM_PHYMNTNC_REG) >> GEM_PHYMNTNC_REG_SHIFT;
- retval &= 0xFFFF0000;
- retval |= gem_phy_read(s, reg_num);
- } else {
- retval |= 0xFFFF; /* No device at this address */
- }
- }
- break;
- }
-
- /* Squash read to clear bits */
- s->regs[offset] &= ~(s->regs_rtc[offset]);
-
- /* Do not provide write only bits */
- retval &= ~(s->regs_wo[offset]);
-
- DB_PRINT("0x%08x\n", retval);
- return retval;
-}
-
-/*
- * gem_write32:
- * Write a GEM register.
- */
-static void gem_write(void *opaque, hwaddr offset, uint64_t val,
- unsigned size)
-{
- GemState *s = (GemState *)opaque;
- uint32_t readonly;
-
- DB_PRINT("offset: 0x%04x write: 0x%08x ", offset, (unsigned)val);
- offset >>= 2;
-
- /* Squash bits which are read only in write value */
- val &= ~(s->regs_ro[offset]);
- /* Preserve (only) bits which are read only in register */
- readonly = s->regs[offset];
- readonly &= s->regs_ro[offset];
-
- /* Squash bits which are write 1 to clear */
- val &= ~(s->regs_w1c[offset] & val);
-
- /* Copy register write to backing store */
- s->regs[offset] = val | readonly;
-
- /* Handle register write side effects */
- switch (offset) {
- case GEM_NWCTRL:
- if (val & GEM_NWCTRL_TXSTART) {
- gem_transmit(s);
- }
- if (!(val & GEM_NWCTRL_TXENA)) {
- /* Reset to start of Q when transmit disabled. */
- s->tx_desc_addr = s->regs[GEM_TXQBASE];
- }
- if (!(val & GEM_NWCTRL_RXENA)) {
- /* Reset to start of Q when receive disabled. */
- s->rx_desc_addr = s->regs[GEM_RXQBASE];
- }
- break;
-
- case GEM_TXSTATUS:
- gem_update_int_status(s);
- break;
- case GEM_RXQBASE:
- s->rx_desc_addr = val;
- break;
- case GEM_TXQBASE:
- s->tx_desc_addr = val;
- break;
- case GEM_RXSTATUS:
- gem_update_int_status(s);
- break;
- case GEM_IER:
- s->regs[GEM_IMR] &= ~val;
- gem_update_int_status(s);
- break;
- case GEM_IDR:
- s->regs[GEM_IMR] |= val;
- gem_update_int_status(s);
- break;
- case GEM_PHYMNTNC:
- if (val & GEM_PHYMNTNC_OP_W) {
- uint32_t phy_addr, reg_num;
-
- phy_addr = (val & GEM_PHYMNTNC_ADDR) >> GEM_PHYMNTNC_ADDR_SHFT;
- if (phy_addr == BOARD_PHY_ADDRESS) {
- reg_num = (val & GEM_PHYMNTNC_REG) >> GEM_PHYMNTNC_REG_SHIFT;
- gem_phy_write(s, reg_num, val);
- }
- }
- break;
- }
-
- DB_PRINT("newval: 0x%08x\n", s->regs[offset]);
-}
-
-static const MemoryRegionOps gem_ops = {
- .read = gem_read,
- .write = gem_write,
- .endianness = DEVICE_LITTLE_ENDIAN,
-};
-
-static void gem_cleanup(NetClientState *nc)
-{
- GemState *s = DO_UPCAST(NICState, nc, nc)->opaque;
-
- DB_PRINT("\n");
- s->nic = NULL;
-}
-
-static void gem_set_link(NetClientState *nc)
-{
- DB_PRINT("\n");
- phy_update_link(DO_UPCAST(NICState, nc, nc)->opaque);
-}
-
-static NetClientInfo net_gem_info = {
- .type = NET_CLIENT_OPTIONS_KIND_NIC,
- .size = sizeof(NICState),
- .can_receive = gem_can_receive,
- .receive = gem_receive,
- .cleanup = gem_cleanup,
- .link_status_changed = gem_set_link,
-};
-
-static int gem_init(SysBusDevice *dev)
-{
- GemState *s;
-
- DB_PRINT("\n");
-
- s = FROM_SYSBUS(GemState, dev);
- gem_init_register_masks(s);
- memory_region_init_io(&s->iomem, &gem_ops, s, "enet", sizeof(s->regs));
- sysbus_init_mmio(dev, &s->iomem);
- sysbus_init_irq(dev, &s->irq);
- qemu_macaddr_default_if_unset(&s->conf.macaddr);
-
- s->nic = qemu_new_nic(&net_gem_info, &s->conf,
- object_get_typename(OBJECT(dev)), dev->qdev.id, s);
-
- return 0;
-}
-
-static const VMStateDescription vmstate_cadence_gem = {
- .name = "cadence_gem",
- .version_id = 1,
- .minimum_version_id = 1,
- .minimum_version_id_old = 1,
- .fields = (VMStateField[]) {
- VMSTATE_UINT32_ARRAY(regs, GemState, GEM_MAXREG),
- VMSTATE_UINT16_ARRAY(phy_regs, GemState, 32),
- VMSTATE_UINT8(phy_loop, GemState),
- VMSTATE_UINT32(rx_desc_addr, GemState),
- VMSTATE_UINT32(tx_desc_addr, GemState),
- }
-};
-
-static Property gem_properties[] = {
- DEFINE_NIC_PROPERTIES(GemState, conf),
- DEFINE_PROP_END_OF_LIST(),
-};
-
-static void gem_class_init(ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS(klass);
- SysBusDeviceClass *sdc = SYS_BUS_DEVICE_CLASS(klass);
-
- sdc->init = gem_init;
- dc->props = gem_properties;
- dc->vmsd = &vmstate_cadence_gem;
- dc->reset = gem_reset;
-}
-
-static TypeInfo gem_info = {
- .class_init = gem_class_init,
- .name = "cadence_gem",
- .parent = TYPE_SYS_BUS_DEVICE,
- .instance_size = sizeof(GemState),
-};
-
-static void gem_register_types(void)
-{
- type_register_static(&gem_info);
-}
-
-type_init(gem_register_types)
diff --git a/hw/cadence_ttc.c b/hw/cadence_ttc.c
deleted file mode 100644
index ec78a5218..000000000
--- a/hw/cadence_ttc.c
+++ /dev/null
@@ -1,489 +0,0 @@
-/*
- * Xilinx Zynq cadence TTC model
- *
- * Copyright (c) 2011 Xilinx Inc.
- * Copyright (c) 2012 Peter A.G. Crosthwaite (peter.crosthwaite@petalogix.com)
- * Copyright (c) 2012 PetaLogix Pty Ltd.
- * Written By Haibing Ma
- * M. Habib
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License
- * as published by the Free Software Foundation; either version
- * 2 of the License, or (at your option) any later version.
- *
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, see <http://www.gnu.org/licenses/>.
- */
-
-#include "sysbus.h"
-#include "qemu-timer.h"
-
-#ifdef CADENCE_TTC_ERR_DEBUG
-#define DB_PRINT(...) do { \
- fprintf(stderr, ": %s: ", __func__); \
- fprintf(stderr, ## __VA_ARGS__); \
- } while (0);
-#else
- #define DB_PRINT(...)
-#endif
-
-#define COUNTER_INTR_IV 0x00000001
-#define COUNTER_INTR_M1 0x00000002
-#define COUNTER_INTR_M2 0x00000004
-#define COUNTER_INTR_M3 0x00000008
-#define COUNTER_INTR_OV 0x00000010
-#define COUNTER_INTR_EV 0x00000020
-
-#define COUNTER_CTRL_DIS 0x00000001
-#define COUNTER_CTRL_INT 0x00000002
-#define COUNTER_CTRL_DEC 0x00000004
-#define COUNTER_CTRL_MATCH 0x00000008
-#define COUNTER_CTRL_RST 0x00000010
-
-#define CLOCK_CTRL_PS_EN 0x00000001
-#define CLOCK_CTRL_PS_V 0x0000001e
-
-typedef struct {
- QEMUTimer *timer;
- int freq;
-
- uint32_t reg_clock;
- uint32_t reg_count;
- uint32_t reg_value;
- uint16_t reg_interval;
- uint16_t reg_match[3];
- uint32_t reg_intr;
- uint32_t reg_intr_en;
- uint32_t reg_event_ctrl;
- uint32_t reg_event;
-
- uint64_t cpu_time;
- unsigned int cpu_time_valid;
-
- qemu_irq irq;
-} CadenceTimerState;
-
-typedef struct {
- SysBusDevice busdev;
- MemoryRegion iomem;
- CadenceTimerState timer[3];
-} CadenceTTCState;
-
-static void cadence_timer_update(CadenceTimerState *s)
-{
- qemu_set_irq(s->irq, !!(s->reg_intr & s->reg_intr_en));
-}
-
-static CadenceTimerState *cadence_timer_from_addr(void *opaque,
- hwaddr offset)
-{
- unsigned int index;
- CadenceTTCState *s = (CadenceTTCState *)opaque;
-
- index = (offset >> 2) % 3;
-
- return &s->timer[index];
-}
-
-static uint64_t cadence_timer_get_ns(CadenceTimerState *s, uint64_t timer_steps)
-{
- /* timer_steps has max value of 0x100000000. double check it
- * (or overflow can happen below) */
- assert(timer_steps <= 1ULL << 32);
-
- uint64_t r = timer_steps * 1000000000ULL;
- if (s->reg_clock & CLOCK_CTRL_PS_EN) {
- r >>= 16 - (((s->reg_clock & CLOCK_CTRL_PS_V) >> 1) + 1);
- } else {
- r >>= 16;
- }
- r /= (uint64_t)s->freq;
- return r;
-}
-
-static uint64_t cadence_timer_get_steps(CadenceTimerState *s, uint64_t ns)
-{
- uint64_t to_divide = 1000000000ULL;
-
- uint64_t r = ns;
- /* for very large intervals (> 8s) do some division first to stop
- * overflow (costs some prescision) */
- while (r >= 8ULL << 30 && to_divide > 1) {
- r /= 1000;
- to_divide /= 1000;
- }
- r <<= 16;
- /* keep early-dividing as needed */
- while (r >= 8ULL << 30 && to_divide > 1) {
- r /= 1000;
- to_divide /= 1000;
- }
- r *= (uint64_t)s->freq;
- if (s->reg_clock & CLOCK_CTRL_PS_EN) {
- r /= 1 << (((s->reg_clock & CLOCK_CTRL_PS_V) >> 1) + 1);
- }
-
- r /= to_divide;
- return r;
-}
-
-/* determine if x is in between a and b, exclusive of a, inclusive of b */
-
-static inline int64_t is_between(int64_t x, int64_t a, int64_t b)
-{
- if (a < b) {
- return x > a && x <= b;
- }
- return x < a && x >= b;
-}
-
-static void cadence_timer_run(CadenceTimerState *s)
-{
- int i;
- int64_t event_interval, next_value;
-
- assert(s->cpu_time_valid); /* cadence_timer_sync must be called first */
-
- if (s->reg_count & COUNTER_CTRL_DIS) {
- s->cpu_time_valid = 0;
- return;
- }
-
- { /* figure out what's going to happen next (rollover or match) */
- int64_t interval = (uint64_t)((s->reg_count & COUNTER_CTRL_INT) ?
- (int64_t)s->reg_interval + 1 : 0x10000ULL) << 16;
- next_value = (s->reg_count & COUNTER_CTRL_DEC) ? -1ULL : interval;
- for (i = 0; i < 3; ++i) {
- int64_t cand = (uint64_t)s->reg_match[i] << 16;
- if (is_between(cand, (uint64_t)s->reg_value, next_value)) {
- next_value = cand;
- }
- }
- }
- DB_PRINT("next timer event value: %09llx\n",
- (unsigned long long)next_value);
-
- event_interval = next_value - (int64_t)s->reg_value;
- event_interval = (event_interval < 0) ? -event_interval : event_interval;
-
- qemu_mod_timer(s->timer, s->cpu_time +
- cadence_timer_get_ns(s, event_interval));
-}
-
-static void cadence_timer_sync(CadenceTimerState *s)
-{
- int i;
- int64_t r, x;
- int64_t interval = ((s->reg_count & COUNTER_CTRL_INT) ?
- (int64_t)s->reg_interval + 1 : 0x10000ULL) << 16;
- uint64_t old_time = s->cpu_time;
-
- s->cpu_time = qemu_get_clock_ns(vm_clock);
- DB_PRINT("cpu time: %lld ns\n", (long long)old_time);
-
- if (!s->cpu_time_valid || old_time == s->cpu_time) {
- s->cpu_time_valid = 1;
- return;
- }
-
- r = (int64_t)cadence_timer_get_steps(s, s->cpu_time - old_time);
- x = (int64_t)s->reg_value + ((s->reg_count & COUNTER_CTRL_DEC) ? -r : r);
-
- for (i = 0; i < 3; ++i) {
- int64_t m = (int64_t)s->reg_match[i] << 16;
- if (m > interval) {
- continue;
- }
- /* check to see if match event has occurred. check m +/- interval
- * to account for match events in wrap around cases */
- if (is_between(m, s->reg_value, x) ||
- is_between(m + interval, s->reg_value, x) ||
- is_between(m - interval, s->reg_value, x)) {
- s->reg_intr |= (2 << i);
- }
- }
- while (x < 0) {
- x += interval;
- }
- s->reg_value = (uint32_t)(x % interval);
-
- if (s->reg_value != x) {
- s->reg_intr |= (s->reg_count & COUNTER_CTRL_INT) ?
- COUNTER_INTR_IV : COUNTER_INTR_OV;
- }
- cadence_timer_update(s);
-}
-
-static void cadence_timer_tick(void *opaque)
-{
- CadenceTimerState *s = opaque;
-
- DB_PRINT("\n");
- cadence_timer_sync(s);
- cadence_timer_run(s);
-}
-
-static uint32_t cadence_ttc_read_imp(void *opaque, hwaddr offset)
-{
- CadenceTimerState *s = cadence_timer_from_addr(opaque, offset);
- uint32_t value;
-
- cadence_timer_sync(s);
- cadence_timer_run(s);
-
- switch (offset) {
- case 0x00: /* clock control */
- case 0x04:
- case 0x08:
- return s->reg_clock;
-
- case 0x0c: /* counter control */
- case 0x10:
- case 0x14:
- return s->reg_count;
-
- case 0x18: /* counter value */
- case 0x1c:
- case 0x20:
- return (uint16_t)(s->reg_value >> 16);
-
- case 0x24: /* reg_interval counter */
- case 0x28:
- case 0x2c:
- return s->reg_interval;
-
- case 0x30: /* match 1 counter */
- case 0x34:
- case 0x38:
- return s->reg_match[0];
-
- case 0x3c: /* match 2 counter */
- case 0x40:
- case 0x44:
- return s->reg_match[1];
-
- case 0x48: /* match 3 counter */
- case 0x4c:
- case 0x50:
- return s->reg_match[2];
-
- case 0x54: /* interrupt register */
- case 0x58:
- case 0x5c:
- /* cleared after read */
- value = s->reg_intr;
- s->reg_intr = 0;
- cadence_timer_update(s);
- return value;
-
- case 0x60: /* interrupt enable */
- case 0x64:
- case 0x68:
- return s->reg_intr_en;
-
- case 0x6c:
- case 0x70:
- case 0x74:
- return s->reg_event_ctrl;
-
- case 0x78:
- case 0x7c:
- case 0x80:
- return s->reg_event;
-
- default:
- return 0;
- }
-}
-
-static uint64_t cadence_ttc_read(void *opaque, hwaddr offset,
- unsigned size)
-{
- uint32_t ret = cadence_ttc_read_imp(opaque, offset);
-
- DB_PRINT("addr: %08x data: %08x\n", offset, ret);
- return ret;
-}
-
-static void cadence_ttc_write(void *opaque, hwaddr offset,
- uint64_t value, unsigned size)
-{
- CadenceTimerState *s = cadence_timer_from_addr(opaque, offset);
-
- DB_PRINT("addr: %08x data %08x\n", offset, (unsigned)value);
-
- cadence_timer_sync(s);
-
- switch (offset) {
- case 0x00: /* clock control */
- case 0x04:
- case 0x08:
- s->reg_clock = value & 0x3F;
- break;
-
- case 0x0c: /* counter control */
- case 0x10:
- case 0x14:
- if (value & COUNTER_CTRL_RST) {
- s->reg_value = 0;
- }
- s->reg_count = value & 0x3f & ~COUNTER_CTRL_RST;
- break;
-
- case 0x24: /* interval register */
- case 0x28:
- case 0x2c:
- s->reg_interval = value & 0xffff;
- break;
-
- case 0x30: /* match register */
- case 0x34:
- case 0x38:
- s->reg_match[0] = value & 0xffff;
-
- case 0x3c: /* match register */
- case 0x40:
- case 0x44:
- s->reg_match[1] = value & 0xffff;
-
- case 0x48: /* match register */
- case 0x4c:
- case 0x50:
- s->reg_match[2] = value & 0xffff;
- break;
-
- case 0x54: /* interrupt register */
- case 0x58:
- case 0x5c:
- break;
-
- case 0x60: /* interrupt enable */
- case 0x64:
- case 0x68:
- s->reg_intr_en = value & 0x3f;
- break;
-
- case 0x6c: /* event control */
- case 0x70:
- case 0x74:
- s->reg_event_ctrl = value & 0x07;
- break;
-
- default:
- return;
- }
-
- cadence_timer_run(s);
- cadence_timer_update(s);
-}
-
-static const MemoryRegionOps cadence_ttc_ops = {
- .read = cadence_ttc_read,
- .write = cadence_ttc_write,
- .endianness = DEVICE_NATIVE_ENDIAN,
-};
-
-static void cadence_timer_reset(CadenceTimerState *s)
-{
- s->reg_count = 0x21;
-}
-
-static void cadence_timer_init(uint32_t freq, CadenceTimerState *s)
-{
- memset(s, 0, sizeof(CadenceTimerState));
- s->freq = freq;
-
- cadence_timer_reset(s);
-
- s->timer = qemu_new_timer_ns(vm_clock, cadence_timer_tick, s);
-}
-
-static int cadence_ttc_init(SysBusDevice *dev)
-{
- CadenceTTCState *s = FROM_SYSBUS(CadenceTTCState, dev);
- int i;
-
- for (i = 0; i < 3; ++i) {
- cadence_timer_init(133000000, &s->timer[i]);
- sysbus_init_irq(dev, &s->timer[i].irq);
- }
-
- memory_region_init_io(&s->iomem, &cadence_ttc_ops, s, "timer", 0x1000);
- sysbus_init_mmio(dev, &s->iomem);
-
- return 0;
-}
-
-static void cadence_timer_pre_save(void *opaque)
-{
- cadence_timer_sync((CadenceTimerState *)opaque);
-}
-
-static int cadence_timer_post_load(void *opaque, int version_id)
-{
- CadenceTimerState *s = opaque;
-
- s->cpu_time_valid = 0;
- cadence_timer_sync(s);
- cadence_timer_run(s);
- cadence_timer_update(s);
- return 0;
-}
-
-static const VMStateDescription vmstate_cadence_timer = {
- .name = "cadence_timer",
- .version_id = 1,
- .minimum_version_id = 1,
- .minimum_version_id_old = 1,
- .pre_save = cadence_timer_pre_save,
- .post_load = cadence_timer_post_load,
- .fields = (VMStateField[]) {
- VMSTATE_UINT32(reg_clock, CadenceTimerState),
- VMSTATE_UINT32(reg_count, CadenceTimerState),
- VMSTATE_UINT32(reg_value, CadenceTimerState),
- VMSTATE_UINT16(reg_interval, CadenceTimerState),
- VMSTATE_UINT16_ARRAY(reg_match, CadenceTimerState, 3),
- VMSTATE_UINT32(reg_intr, CadenceTimerState),
- VMSTATE_UINT32(reg_intr_en, CadenceTimerState),
- VMSTATE_UINT32(reg_event_ctrl, CadenceTimerState),
- VMSTATE_UINT32(reg_event, CadenceTimerState),
- VMSTATE_END_OF_LIST()
- }
-};
-
-static const VMStateDescription vmstate_cadence_ttc = {
- .name = "cadence_TTC",
- .version_id = 1,
- .minimum_version_id = 1,
- .minimum_version_id_old = 1,
- .fields = (VMStateField[]) {
- VMSTATE_STRUCT_ARRAY(timer, CadenceTTCState, 3, 0,
- vmstate_cadence_timer,
- CadenceTimerState),
- VMSTATE_END_OF_LIST()
- }
-};
-
-static void cadence_ttc_class_init(ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS(klass);
- SysBusDeviceClass *sdc = SYS_BUS_DEVICE_CLASS(klass);
-
- sdc->init = cadence_ttc_init;
- dc->vmsd = &vmstate_cadence_ttc;
-}
-
-static TypeInfo cadence_ttc_info = {
- .name = "cadence_ttc",
- .parent = TYPE_SYS_BUS_DEVICE,
- .instance_size = sizeof(CadenceTTCState),
- .class_init = cadence_ttc_class_init,
-};
-
-static void cadence_ttc_register_types(void)
-{
- type_register_static(&cadence_ttc_info);
-}
-
-type_init(cadence_ttc_register_types)
diff --git a/hw/cadence_uart.c b/hw/cadence_uart.c
deleted file mode 100644
index 686e6172d..000000000
--- a/hw/cadence_uart.c
+++ /dev/null
@@ -1,516 +0,0 @@
-/*
- * Device model for Cadence UART
- *
- * Copyright (c) 2010 Xilinx Inc.
- * Copyright (c) 2012 Peter A.G. Crosthwaite (peter.crosthwaite@petalogix.com)
- * Copyright (c) 2012 PetaLogix Pty Ltd.
- * Written by Haibing Ma
- * M.Habib
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License
- * as published by the Free Software Foundation; either version
- * 2 of the License, or (at your option) any later version.
- *
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, see <http://www.gnu.org/licenses/>.
- */
-
-#include "sysbus.h"
-#include "qemu-char.h"
-#include "qemu-timer.h"
-
-#ifdef CADENCE_UART_ERR_DEBUG
-#define DB_PRINT(...) do { \
- fprintf(stderr, ": %s: ", __func__); \
- fprintf(stderr, ## __VA_ARGS__); \
- } while (0);
-#else
- #define DB_PRINT(...)
-#endif
-
-#define UART_SR_INTR_RTRIG 0x00000001
-#define UART_SR_INTR_REMPTY 0x00000002
-#define UART_SR_INTR_RFUL 0x00000004
-#define UART_SR_INTR_TEMPTY 0x00000008
-#define UART_SR_INTR_TFUL 0x00000010
-/* bits fields in CSR that correlate to CISR. If any of these bits are set in
- * SR, then the same bit in CISR is set high too */
-#define UART_SR_TO_CISR_MASK 0x0000001F
-
-#define UART_INTR_ROVR 0x00000020
-#define UART_INTR_FRAME 0x00000040
-#define UART_INTR_PARE 0x00000080
-#define UART_INTR_TIMEOUT 0x00000100
-#define UART_INTR_DMSI 0x00000200
-
-#define UART_SR_RACTIVE 0x00000400
-#define UART_SR_TACTIVE 0x00000800
-#define UART_SR_FDELT 0x00001000
-
-#define UART_CR_RXRST 0x00000001
-#define UART_CR_TXRST 0x00000002
-#define UART_CR_RX_EN 0x00000004
-#define UART_CR_RX_DIS 0x00000008
-#define UART_CR_TX_EN 0x00000010
-#define UART_CR_TX_DIS 0x00000020
-#define UART_CR_RST_TO 0x00000040
-#define UART_CR_STARTBRK 0x00000080
-#define UART_CR_STOPBRK 0x00000100
-
-#define UART_MR_CLKS 0x00000001
-#define UART_MR_CHRL 0x00000006
-#define UART_MR_CHRL_SH 1
-#define UART_MR_PAR 0x00000038
-#define UART_MR_PAR_SH 3
-#define UART_MR_NBSTOP 0x000000C0
-#define UART_MR_NBSTOP_SH 6
-#define UART_MR_CHMODE 0x00000300
-#define UART_MR_CHMODE_SH 8
-#define UART_MR_UCLKEN 0x00000400
-#define UART_MR_IRMODE 0x00000800
-
-#define UART_DATA_BITS_6 (0x3 << UART_MR_CHRL_SH)
-#define UART_DATA_BITS_7 (0x2 << UART_MR_CHRL_SH)
-#define UART_PARITY_ODD (0x1 << UART_MR_PAR_SH)
-#define UART_PARITY_EVEN (0x0 << UART_MR_PAR_SH)
-#define UART_STOP_BITS_1 (0x3 << UART_MR_NBSTOP_SH)
-#define UART_STOP_BITS_2 (0x2 << UART_MR_NBSTOP_SH)
-#define NORMAL_MODE (0x0 << UART_MR_CHMODE_SH)
-#define ECHO_MODE (0x1 << UART_MR_CHMODE_SH)
-#define LOCAL_LOOPBACK (0x2 << UART_MR_CHMODE_SH)
-#define REMOTE_LOOPBACK (0x3 << UART_MR_CHMODE_SH)
-
-#define RX_FIFO_SIZE 16
-#define TX_FIFO_SIZE 16
-#define UART_INPUT_CLK 50000000
-
-#define R_CR (0x00/4)
-#define R_MR (0x04/4)
-#define R_IER (0x08/4)
-#define R_IDR (0x0C/4)
-#define R_IMR (0x10/4)
-#define R_CISR (0x14/4)
-#define R_BRGR (0x18/4)
-#define R_RTOR (0x1C/4)
-#define R_RTRIG (0x20/4)
-#define R_MCR (0x24/4)
-#define R_MSR (0x28/4)
-#define R_SR (0x2C/4)
-#define R_TX_RX (0x30/4)
-#define R_BDIV (0x34/4)
-#define R_FDEL (0x38/4)
-#define R_PMIN (0x3C/4)
-#define R_PWID (0x40/4)
-#define R_TTRIG (0x44/4)
-
-#define R_MAX (R_TTRIG + 1)
-
-typedef struct {
- SysBusDevice busdev;
- MemoryRegion iomem;
- uint32_t r[R_MAX];
- uint8_t r_fifo[RX_FIFO_SIZE];
- uint32_t rx_wpos;
- uint32_t rx_count;
- uint64_t char_tx_time;
- CharDriverState *chr;
- qemu_irq irq;
- struct QEMUTimer *fifo_trigger_handle;
- struct QEMUTimer *tx_time_handle;
-} UartState;
-
-static void uart_update_status(UartState *s)
-{
- s->r[R_CISR] |= s->r[R_SR] & UART_SR_TO_CISR_MASK;
- qemu_set_irq(s->irq, !!(s->r[R_IMR] & s->r[R_CISR]));
-}
-
-static void fifo_trigger_update(void *opaque)
-{
- UartState *s = (UartState *)opaque;
-
- s->r[R_CISR] |= UART_INTR_TIMEOUT;
-
- uart_update_status(s);
-}
-
-static void uart_tx_redo(UartState *s)
-{
- uint64_t new_tx_time = qemu_get_clock_ns(vm_clock);
-
- qemu_mod_timer(s->tx_time_handle, new_tx_time + s->char_tx_time);
-
- s->r[R_SR] |= UART_SR_INTR_TEMPTY;
-
- uart_update_status(s);
-}
-
-static void uart_tx_write(void *opaque)
-{
- UartState *s = (UartState *)opaque;
-
- uart_tx_redo(s);
-}
-
-static void uart_rx_reset(UartState *s)
-{
- s->rx_wpos = 0;
- s->rx_count = 0;
-
- s->r[R_SR] |= UART_SR_INTR_REMPTY;
- s->r[R_SR] &= ~UART_SR_INTR_RFUL;
-}
-
-static void uart_tx_reset(UartState *s)
-{
- s->r[R_SR] |= UART_SR_INTR_TEMPTY;
- s->r[R_SR] &= ~UART_SR_INTR_TFUL;
-}
-
-static void uart_send_breaks(UartState *s)
-{
- int break_enabled = 1;
-
- qemu_chr_fe_ioctl(s->chr, CHR_IOCTL_SERIAL_SET_BREAK,
- &break_enabled);
-}
-
-static void uart_parameters_setup(UartState *s)
-{
- QEMUSerialSetParams ssp;
- unsigned int baud_rate, packet_size;
-
- baud_rate = (s->r[R_MR] & UART_MR_CLKS) ?
- UART_INPUT_CLK / 8 : UART_INPUT_CLK;
-
- ssp.speed = baud_rate / (s->r[R_BRGR] * (s->r[R_BDIV] + 1));
- packet_size = 1;
-
- switch (s->r[R_MR] & UART_MR_PAR) {
- case UART_PARITY_EVEN:
- ssp.parity = 'E';
- packet_size++;
- break;
- case UART_PARITY_ODD:
- ssp.parity = 'O';
- packet_size++;
- break;
- default:
- ssp.parity = 'N';
- break;
- }
-
- switch (s->r[R_MR] & UART_MR_CHRL) {
- case UART_DATA_BITS_6:
- ssp.data_bits = 6;
- break;
- case UART_DATA_BITS_7:
- ssp.data_bits = 7;
- break;
- default:
- ssp.data_bits = 8;
- break;
- }
-
- switch (s->r[R_MR] & UART_MR_NBSTOP) {
- case UART_STOP_BITS_1:
- ssp.stop_bits = 1;
- break;
- default:
- ssp.stop_bits = 2;
- break;
- }
-
- packet_size += ssp.data_bits + ssp.stop_bits;
- s->char_tx_time = (get_ticks_per_sec() / ssp.speed) * packet_size;
- qemu_chr_fe_ioctl(s->chr, CHR_IOCTL_SERIAL_SET_PARAMS, &ssp);
-}
-
-static int uart_can_receive(void *opaque)
-{
- UartState *s = (UartState *)opaque;
-
- return RX_FIFO_SIZE - s->rx_count;
-}
-
-static void uart_ctrl_update(UartState *s)
-{
- if (s->r[R_CR] & UART_CR_TXRST) {
- uart_tx_reset(s);
- }
-
- if (s->r[R_CR] & UART_CR_RXRST) {
- uart_rx_reset(s);
- }
-
- s->r[R_CR] &= ~(UART_CR_TXRST | UART_CR_RXRST);
-
- if ((s->r[R_CR] & UART_CR_TX_EN) && !(s->r[R_CR] & UART_CR_TX_DIS)) {
- uart_tx_redo(s);
- }
-
- if (s->r[R_CR] & UART_CR_STARTBRK && !(s->r[R_CR] & UART_CR_STOPBRK)) {
- uart_send_breaks(s);
- }
-}
-
-static void uart_write_rx_fifo(void *opaque, const uint8_t *buf, int size)
-{
- UartState *s = (UartState *)opaque;
- uint64_t new_rx_time = qemu_get_clock_ns(vm_clock);
- int i;
-
- if ((s->r[R_CR] & UART_CR_RX_DIS) || !(s->r[R_CR] & UART_CR_RX_EN)) {
- return;
- }
-
- s->r[R_SR] &= ~UART_SR_INTR_REMPTY;
-
- if (s->rx_count == RX_FIFO_SIZE) {
- s->r[R_CISR] |= UART_INTR_ROVR;
- } else {
- for (i = 0; i < size; i++) {
- s->r_fifo[s->rx_wpos] = buf[i];
- s->rx_wpos = (s->rx_wpos + 1) % RX_FIFO_SIZE;
- s->rx_count++;
-
- if (s->rx_count == RX_FIFO_SIZE) {
- s->r[R_SR] |= UART_SR_INTR_RFUL;
- break;
- }
-
- if (s->rx_count >= s->r[R_RTRIG]) {
- s->r[R_SR] |= UART_SR_INTR_RTRIG;
- }
- }
- qemu_mod_timer(s->fifo_trigger_handle, new_rx_time +
- (s->char_tx_time * 4));
- }
- uart_update_status(s);
-}
-
-static void uart_write_tx_fifo(UartState *s, const uint8_t *buf, int size)
-{
- if ((s->r[R_CR] & UART_CR_TX_DIS) || !(s->r[R_CR] & UART_CR_TX_EN)) {
- return;
- }
-
- while (size) {
- size -= qemu_chr_fe_write(s->chr, buf, size);
- }
-}
-
-static void uart_receive(void *opaque, const uint8_t *buf, int size)
-{
- UartState *s = (UartState *)opaque;
- uint32_t ch_mode = s->r[R_MR] & UART_MR_CHMODE;
-
- if (ch_mode == NORMAL_MODE || ch_mode == ECHO_MODE) {
- uart_write_rx_fifo(opaque, buf, size);
- }
- if (ch_mode == REMOTE_LOOPBACK || ch_mode == ECHO_MODE) {
- uart_write_tx_fifo(s, buf, size);
- }
-}
-
-static void uart_event(void *opaque, int event)
-{
- UartState *s = (UartState *)opaque;
- uint8_t buf = '\0';
-
- if (event == CHR_EVENT_BREAK) {
- uart_write_rx_fifo(opaque, &buf, 1);
- }
-
- uart_update_status(s);
-}
-
-static void uart_read_rx_fifo(UartState *s, uint32_t *c)
-{
- if ((s->r[R_CR] & UART_CR_RX_DIS) || !(s->r[R_CR] & UART_CR_RX_EN)) {
- return;
- }
-
- s->r[R_SR] &= ~UART_SR_INTR_RFUL;
-
- if (s->rx_count) {
- uint32_t rx_rpos =
- (RX_FIFO_SIZE + s->rx_wpos - s->rx_count) % RX_FIFO_SIZE;
- *c = s->r_fifo[rx_rpos];
- s->rx_count--;
-
- if (!s->rx_count) {
- s->r[R_SR] |= UART_SR_INTR_REMPTY;
- }
- } else {
- *c = 0;
- s->r[R_SR] |= UART_SR_INTR_REMPTY;
- }
-
- if (s->rx_count < s->r[R_RTRIG]) {
- s->r[R_SR] &= ~UART_SR_INTR_RTRIG;
- }
- uart_update_status(s);
-}
-
-static void uart_write(void *opaque, hwaddr offset,
- uint64_t value, unsigned size)
-{
- UartState *s = (UartState *)opaque;
-
- DB_PRINT(" offset:%x data:%08x\n", (unsigned)offset, (unsigned)value);
- offset >>= 2;
- switch (offset) {
- case R_IER: /* ier (wts imr) */
- s->r[R_IMR] |= value;
- break;
- case R_IDR: /* idr (wtc imr) */
- s->r[R_IMR] &= ~value;
- break;
- case R_IMR: /* imr (read only) */
- break;
- case R_CISR: /* cisr (wtc) */
- s->r[R_CISR] &= ~value;
- break;
- case R_TX_RX: /* UARTDR */
- switch (s->r[R_MR] & UART_MR_CHMODE) {
- case NORMAL_MODE:
- uart_write_tx_fifo(s, (uint8_t *) &value, 1);
- break;
- case LOCAL_LOOPBACK:
- uart_write_rx_fifo(opaque, (uint8_t *) &value, 1);
- break;
- }
- break;
- default:
- s->r[offset] = value;
- }
-
- switch (offset) {
- case R_CR:
- uart_ctrl_update(s);
- break;
- case R_MR:
- uart_parameters_setup(s);
- break;
- }
-}
-
-static uint64_t uart_read(void *opaque, hwaddr offset,
- unsigned size)
-{
- UartState *s = (UartState *)opaque;
- uint32_t c = 0;
-
- offset >>= 2;
- if (offset >= R_MAX) {
- c = 0;
- } else if (offset == R_TX_RX) {
- uart_read_rx_fifo(s, &c);
- } else {
- c = s->r[offset];
- }
-
- DB_PRINT(" offset:%x data:%08x\n", (unsigned)(offset << 2), (unsigned)c);
- return c;
-}
-
-static const MemoryRegionOps uart_ops = {
- .read = uart_read,
- .write = uart_write,
- .endianness = DEVICE_NATIVE_ENDIAN,
-};
-
-static void cadence_uart_reset(UartState *s)
-{
- s->r[R_CR] = 0x00000128;
- s->r[R_IMR] = 0;
- s->r[R_CISR] = 0;
- s->r[R_RTRIG] = 0x00000020;
- s->r[R_BRGR] = 0x0000000F;
- s->r[R_TTRIG] = 0x00000020;
-
- uart_rx_reset(s);
- uart_tx_reset(s);
-
- s->rx_count = 0;
- s->rx_wpos = 0;
-}
-
-static int cadence_uart_init(SysBusDevice *dev)
-{
- UartState *s = FROM_SYSBUS(UartState, dev);
-
- memory_region_init_io(&s->iomem, &uart_ops, s, "uart", 0x1000);
- sysbus_init_mmio(dev, &s->iomem);
- sysbus_init_irq(dev, &s->irq);
-
- s->fifo_trigger_handle = qemu_new_timer_ns(vm_clock,
- (QEMUTimerCB *)fifo_trigger_update, s);
-
- s->tx_time_handle = qemu_new_timer_ns(vm_clock,
- (QEMUTimerCB *)uart_tx_write, s);
-
- s->char_tx_time = (get_ticks_per_sec() / 9600) * 10;
-
- s->chr = qemu_char_get_next_serial();
-
- cadence_uart_reset(s);
-
- if (s->chr) {
- qemu_chr_add_handlers(s->chr, uart_can_receive, uart_receive,
- uart_event, s);
- }
-
- return 0;
-}
-
-static int cadence_uart_post_load(void *opaque, int version_id)
-{
- UartState *s = opaque;
-
- uart_parameters_setup(s);
- uart_update_status(s);
- return 0;
-}
-
-static const VMStateDescription vmstate_cadence_uart = {
- .name = "cadence_uart",
- .version_id = 1,
- .minimum_version_id = 1,
- .minimum_version_id_old = 1,
- .post_load = cadence_uart_post_load,
- .fields = (VMStateField[]) {
- VMSTATE_UINT32_ARRAY(r, UartState, R_MAX),
- VMSTATE_UINT8_ARRAY(r_fifo, UartState, RX_FIFO_SIZE),
- VMSTATE_UINT32(rx_count, UartState),
- VMSTATE_UINT32(rx_wpos, UartState),
- VMSTATE_TIMER(fifo_trigger_handle, UartState),
- VMSTATE_TIMER(tx_time_handle, UartState),
- VMSTATE_END_OF_LIST()
- }
-};
-
-static void cadence_uart_class_init(ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS(klass);
- SysBusDeviceClass *sdc = SYS_BUS_DEVICE_CLASS(klass);
-
- sdc->init = cadence_uart_init;
- dc->vmsd = &vmstate_cadence_uart;
-}
-
-static TypeInfo cadence_uart_info = {
- .name = "cadence_uart",
- .parent = TYPE_SYS_BUS_DEVICE,
- .instance_size = sizeof(UartState),
- .class_init = cadence_uart_class_init,
-};
-
-static void cadence_uart_register_types(void)
-{
- type_register_static(&cadence_uart_info);
-}
-
-type_init(cadence_uart_register_types)
diff --git a/hw/cbus.c b/hw/cbus.c
deleted file mode 100644
index 7216899a0..000000000
--- a/hw/cbus.c
+++ /dev/null
@@ -1,618 +0,0 @@
-/*
- * CBUS three-pin bus and the Retu / Betty / Tahvo / Vilma / Avilma /
- * Hinku / Vinku / Ahne / Pihi chips used in various Nokia platforms.
- * Based on reverse-engineering of a linux driver.
- *
- * Copyright (C) 2008 Nokia Corporation
- * Written by Andrzej Zaborowski <andrew@openedhand.com>
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License as
- * published by the Free Software Foundation; either version 2 or
- * (at your option) version 3 of the License.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, see <http://www.gnu.org/licenses/>.
- */
-
-#include "qemu-common.h"
-#include "irq.h"
-#include "devices.h"
-#include "sysemu.h"
-
-//#define DEBUG
-
-typedef struct {
- void *opaque;
- void (*io)(void *opaque, int rw, int reg, uint16_t *val);
- int addr;
-} CBusSlave;
-
-typedef struct {
- CBus cbus;
-
- int sel;
- int dat;
- int clk;
- int bit;
- int dir;
- uint16_t val;
- qemu_irq dat_out;
-
- int addr;
- int reg;
- int rw;
- enum {
- cbus_address,
- cbus_value,
- } cycle;
-
- CBusSlave *slave[8];
-} CBusPriv;
-
-static void cbus_io(CBusPriv *s)
-{
- if (s->slave[s->addr])
- s->slave[s->addr]->io(s->slave[s->addr]->opaque,
- s->rw, s->reg, &s->val);
- else
- hw_error("%s: bad slave address %i\n", __FUNCTION__, s->addr);
-}
-
-static void cbus_cycle(CBusPriv *s)
-{
- switch (s->cycle) {
- case cbus_address:
- s->addr = (s->val >> 6) & 7;
- s->rw = (s->val >> 5) & 1;
- s->reg = (s->val >> 0) & 0x1f;
-
- s->cycle = cbus_value;
- s->bit = 15;
- s->dir = !s->rw;
- s->val = 0;
-
- if (s->rw)
- cbus_io(s);
- break;
-
- case cbus_value:
- if (!s->rw)
- cbus_io(s);
-
- s->cycle = cbus_address;
- s->bit = 8;
- s->dir = 1;
- s->val = 0;
- break;
- }
-}
-
-static void cbus_clk(void *opaque, int line, int level)
-{
- CBusPriv *s = (CBusPriv *) opaque;
-
- if (!s->sel && level && !s->clk) {
- if (s->dir)
- s->val |= s->dat << (s->bit --);
- else
- qemu_set_irq(s->dat_out, (s->val >> (s->bit --)) & 1);
-
- if (s->bit < 0)
- cbus_cycle(s);
- }
-
- s->clk = level;
-}
-
-static void cbus_dat(void *opaque, int line, int level)
-{
- CBusPriv *s = (CBusPriv *) opaque;
-
- s->dat = level;
-}
-
-static void cbus_sel(void *opaque, int line, int level)
-{
- CBusPriv *s = (CBusPriv *) opaque;
-
- if (!level) {
- s->dir = 1;
- s->bit = 8;
- s->val = 0;
- }
-
- s->sel = level;
-}
-
-CBus *cbus_init(qemu_irq dat)
-{
- CBusPriv *s = (CBusPriv *) g_malloc0(sizeof(*s));
-
- s->dat_out = dat;
- s->cbus.clk = qemu_allocate_irqs(cbus_clk, s, 1)[0];
- s->cbus.dat = qemu_allocate_irqs(cbus_dat, s, 1)[0];
- s->cbus.sel = qemu_allocate_irqs(cbus_sel, s, 1)[0];
-
- s->sel = 1;
- s->clk = 0;
- s->dat = 0;
-
- return &s->cbus;
-}
-
-void cbus_attach(CBus *bus, void *slave_opaque)
-{
- CBusSlave *slave = (CBusSlave *) slave_opaque;
- CBusPriv *s = (CBusPriv *) bus;
-
- s->slave[slave->addr] = slave;
-}
-
-/* Retu/Vilma */
-typedef struct {
- uint16_t irqst;
- uint16_t irqen;
- uint16_t cc[2];
- int channel;
- uint16_t result[16];
- uint16_t sample;
- uint16_t status;
-
- struct {
- uint16_t cal;
- } rtc;
-
- int is_vilma;
- qemu_irq irq;
- CBusSlave cbus;
-} CBusRetu;
-
-static void retu_interrupt_update(CBusRetu *s)
-{
- qemu_set_irq(s->irq, s->irqst & ~s->irqen);
-}
-
-#define RETU_REG_ASICR 0x00 /* (RO) ASIC ID & revision */
-#define RETU_REG_IDR 0x01 /* (T) Interrupt ID */
-#define RETU_REG_IMR 0x02 /* (RW) Interrupt mask */
-#define RETU_REG_RTCDSR 0x03 /* (RW) RTC seconds register */
-#define RETU_REG_RTCHMR 0x04 /* (RO) RTC hours and minutes reg */
-#define RETU_REG_RTCHMAR 0x05 /* (RW) RTC hours and minutes set reg */
-#define RETU_REG_RTCCALR 0x06 /* (RW) RTC calibration register */
-#define RETU_REG_ADCR 0x08 /* (RW) ADC result register */
-#define RETU_REG_ADCSCR 0x09 /* (RW) ADC sample control register */
-#define RETU_REG_AFCR 0x0a /* (RW) AFC register */
-#define RETU_REG_ANTIFR 0x0b /* (RW) AntiF register */
-#define RETU_REG_CALIBR 0x0c /* (RW) CalibR register*/
-#define RETU_REG_CCR1 0x0d /* (RW) Common control register 1 */
-#define RETU_REG_CCR2 0x0e /* (RW) Common control register 2 */
-#define RETU_REG_RCTRL_CLR 0x0f /* (T) Regulator clear register */
-#define RETU_REG_RCTRL_SET 0x10 /* (T) Regulator set register */
-#define RETU_REG_TXCR 0x11 /* (RW) TxC register */
-#define RETU_REG_STATUS 0x16 /* (RO) Status register */
-#define RETU_REG_WATCHDOG 0x17 /* (RW) Watchdog register */
-#define RETU_REG_AUDTXR 0x18 /* (RW) Audio Codec Tx register */
-#define RETU_REG_AUDPAR 0x19 /* (RW) AudioPA register */
-#define RETU_REG_AUDRXR1 0x1a /* (RW) Audio receive register 1 */
-#define RETU_REG_AUDRXR2 0x1b /* (RW) Audio receive register 2 */
-#define RETU_REG_SGR1 0x1c /* (RW) */
-#define RETU_REG_SCR1 0x1d /* (RW) */
-#define RETU_REG_SGR2 0x1e /* (RW) */
-#define RETU_REG_SCR2 0x1f /* (RW) */
-
-/* Retu Interrupt sources */
-enum {
- retu_int_pwr = 0, /* Power button */
- retu_int_char = 1, /* Charger */
- retu_int_rtcs = 2, /* Seconds */
- retu_int_rtcm = 3, /* Minutes */
- retu_int_rtcd = 4, /* Days */
- retu_int_rtca = 5, /* Alarm */
- retu_int_hook = 6, /* Hook */
- retu_int_head = 7, /* Headset */
- retu_int_adcs = 8, /* ADC sample */
-};
-
-/* Retu ADC channel wiring */
-enum {
- retu_adc_bsi = 1, /* BSI */
- retu_adc_batt_temp = 2, /* Battery temperature */
- retu_adc_chg_volt = 3, /* Charger voltage */
- retu_adc_head_det = 4, /* Headset detection */
- retu_adc_hook_det = 5, /* Hook detection */
- retu_adc_rf_gp = 6, /* RF GP */
- retu_adc_tx_det = 7, /* Wideband Tx detection */
- retu_adc_batt_volt = 8, /* Battery voltage */
- retu_adc_sens = 10, /* Light sensor */
- retu_adc_sens_temp = 11, /* Light sensor temperature */
- retu_adc_bbatt_volt = 12, /* Backup battery voltage */
- retu_adc_self_temp = 13, /* RETU temperature */
-};
-
-static inline uint16_t retu_read(CBusRetu *s, int reg)
-{
-#ifdef DEBUG
- printf("RETU read at %02x\n", reg);
-#endif
-
- switch (reg) {
- case RETU_REG_ASICR:
- return 0x0215 | (s->is_vilma << 7);
-
- case RETU_REG_IDR: /* TODO: Or is this ffs(s->irqst)? */
- return s->irqst;
-
- case RETU_REG_IMR:
- return s->irqen;
-
- case RETU_REG_RTCDSR:
- case RETU_REG_RTCHMR:
- case RETU_REG_RTCHMAR:
- /* TODO */
- return 0x0000;
-
- case RETU_REG_RTCCALR:
- return s->rtc.cal;
-
- case RETU_REG_ADCR:
- return (s->channel << 10) | s->result[s->channel];
- case RETU_REG_ADCSCR:
- return s->sample;
-
- case RETU_REG_AFCR:
- case RETU_REG_ANTIFR:
- case RETU_REG_CALIBR:
- /* TODO */
- return 0x0000;
-
- case RETU_REG_CCR1:
- return s->cc[0];
- case RETU_REG_CCR2:
- return s->cc[1];
-
- case RETU_REG_RCTRL_CLR:
- case RETU_REG_RCTRL_SET:
- case RETU_REG_TXCR:
- /* TODO */
- return 0x0000;
-
- case RETU_REG_STATUS:
- return s->status;
-
- case RETU_REG_WATCHDOG:
- case RETU_REG_AUDTXR:
- case RETU_REG_AUDPAR:
- case RETU_REG_AUDRXR1:
- case RETU_REG_AUDRXR2:
- case RETU_REG_SGR1:
- case RETU_REG_SCR1:
- case RETU_REG_SGR2:
- case RETU_REG_SCR2:
- /* TODO */
- return 0x0000;
-
- default:
- hw_error("%s: bad register %02x\n", __FUNCTION__, reg);
- }
-}
-
-static inline void retu_write(CBusRetu *s, int reg, uint16_t val)
-{
-#ifdef DEBUG
- printf("RETU write of %04x at %02x\n", val, reg);
-#endif
-
- switch (reg) {
- case RETU_REG_IDR:
- s->irqst ^= val;
- retu_interrupt_update(s);
- break;
-
- case RETU_REG_IMR:
- s->irqen = val;
- retu_interrupt_update(s);
- break;
-
- case RETU_REG_RTCDSR:
- case RETU_REG_RTCHMAR:
- /* TODO */
- break;
-
- case RETU_REG_RTCCALR:
- s->rtc.cal = val;
- break;
-
- case RETU_REG_ADCR:
- s->channel = (val >> 10) & 0xf;
- s->irqst |= 1 << retu_int_adcs;
- retu_interrupt_update(s);
- break;
- case RETU_REG_ADCSCR:
- s->sample &= ~val;
- break;
-
- case RETU_REG_AFCR:
- case RETU_REG_ANTIFR:
- case RETU_REG_CALIBR:
-
- case RETU_REG_CCR1:
- s->cc[0] = val;
- break;
- case RETU_REG_CCR2:
- s->cc[1] = val;
- break;
-
- case RETU_REG_RCTRL_CLR:
- case RETU_REG_RCTRL_SET:
- /* TODO */
- break;
-
- case RETU_REG_WATCHDOG:
- if (val == 0 && (s->cc[0] & 2))
- qemu_system_shutdown_request();
- break;
-
- case RETU_REG_TXCR:
- case RETU_REG_AUDTXR:
- case RETU_REG_AUDPAR:
- case RETU_REG_AUDRXR1:
- case RETU_REG_AUDRXR2:
- case RETU_REG_SGR1:
- case RETU_REG_SCR1:
- case RETU_REG_SGR2:
- case RETU_REG_SCR2:
- /* TODO */
- break;
-
- default:
- hw_error("%s: bad register %02x\n", __FUNCTION__, reg);
- }
-}
-
-static void retu_io(void *opaque, int rw, int reg, uint16_t *val)
-{
- CBusRetu *s = (CBusRetu *) opaque;
-
- if (rw)
- *val = retu_read(s, reg);
- else
- retu_write(s, reg, *val);
-}
-
-void *retu_init(qemu_irq irq, int vilma)
-{
- CBusRetu *s = (CBusRetu *) g_malloc0(sizeof(*s));
-
- s->irq = irq;
- s->irqen = 0xffff;
- s->irqst = 0x0000;
- s->status = 0x0020;
- s->is_vilma = !!vilma;
- s->rtc.cal = 0x01;
- s->result[retu_adc_bsi] = 0x3c2;
- s->result[retu_adc_batt_temp] = 0x0fc;
- s->result[retu_adc_chg_volt] = 0x165;
- s->result[retu_adc_head_det] = 123;
- s->result[retu_adc_hook_det] = 1023;
- s->result[retu_adc_rf_gp] = 0x11;
- s->result[retu_adc_tx_det] = 0x11;
- s->result[retu_adc_batt_volt] = 0x250;
- s->result[retu_adc_sens] = 2;
- s->result[retu_adc_sens_temp] = 0x11;
- s->result[retu_adc_bbatt_volt] = 0x3d0;
- s->result[retu_adc_self_temp] = 0x330;
-
- s->cbus.opaque = s;
- s->cbus.io = retu_io;
- s->cbus.addr = 1;
-
- return &s->cbus;
-}
-
-void retu_key_event(void *retu, int state)
-{
- CBusSlave *slave = (CBusSlave *) retu;
- CBusRetu *s = (CBusRetu *) slave->opaque;
-
- s->irqst |= 1 << retu_int_pwr;
- retu_interrupt_update(s);
-
- if (state)
- s->status &= ~(1 << 5);
- else
- s->status |= 1 << 5;
-}
-
-#if 0
-static void retu_head_event(void *retu, int state)
-{
- CBusSlave *slave = (CBusSlave *) retu;
- CBusRetu *s = (CBusRetu *) slave->opaque;
-
- if ((s->cc[0] & 0x500) == 0x500) { /* TODO: Which bits? */
- /* TODO: reissue the interrupt every 100ms or so. */
- s->irqst |= 1 << retu_int_head;
- retu_interrupt_update(s);
- }
-
- if (state)
- s->result[retu_adc_head_det] = 50;
- else
- s->result[retu_adc_head_det] = 123;
-}
-
-static void retu_hook_event(void *retu, int state)
-{
- CBusSlave *slave = (CBusSlave *) retu;
- CBusRetu *s = (CBusRetu *) slave->opaque;
-
- if ((s->cc[0] & 0x500) == 0x500) {
- /* TODO: reissue the interrupt every 100ms or so. */
- s->irqst |= 1 << retu_int_hook;
- retu_interrupt_update(s);
- }
-
- if (state)
- s->result[retu_adc_hook_det] = 50;
- else
- s->result[retu_adc_hook_det] = 123;
-}
-#endif
-
-/* Tahvo/Betty */
-typedef struct {
- uint16_t irqst;
- uint16_t irqen;
- uint8_t charger;
- uint8_t backlight;
- uint16_t usbr;
- uint16_t power;
-
- int is_betty;
- qemu_irq irq;
- CBusSlave cbus;
-} CBusTahvo;
-
-static void tahvo_interrupt_update(CBusTahvo *s)
-{
- qemu_set_irq(s->irq, s->irqst & ~s->irqen);
-}
-
-#define TAHVO_REG_ASICR 0x00 /* (RO) ASIC ID & revision */
-#define TAHVO_REG_IDR 0x01 /* (T) Interrupt ID */
-#define TAHVO_REG_IDSR 0x02 /* (RO) Interrupt status */
-#define TAHVO_REG_IMR 0x03 /* (RW) Interrupt mask */
-#define TAHVO_REG_CHAPWMR 0x04 /* (RW) Charger PWM */
-#define TAHVO_REG_LEDPWMR 0x05 /* (RW) LED PWM */
-#define TAHVO_REG_USBR 0x06 /* (RW) USB control */
-#define TAHVO_REG_RCR 0x07 /* (RW) Some kind of power management */
-#define TAHVO_REG_CCR1 0x08 /* (RW) Common control register 1 */
-#define TAHVO_REG_CCR2 0x09 /* (RW) Common control register 2 */
-#define TAHVO_REG_TESTR1 0x0a /* (RW) Test register 1 */
-#define TAHVO_REG_TESTR2 0x0b /* (RW) Test register 2 */
-#define TAHVO_REG_NOPR 0x0c /* (RW) Number of periods */
-#define TAHVO_REG_FRR 0x0d /* (RO) FR */
-
-static inline uint16_t tahvo_read(CBusTahvo *s, int reg)
-{
-#ifdef DEBUG
- printf("TAHVO read at %02x\n", reg);
-#endif
-
- switch (reg) {
- case TAHVO_REG_ASICR:
- return 0x0021 | (s->is_betty ? 0x0b00 : 0x0300); /* 22 in N810 */
-
- case TAHVO_REG_IDR:
- case TAHVO_REG_IDSR: /* XXX: what does this do? */
- return s->irqst;
-
- case TAHVO_REG_IMR:
- return s->irqen;
-
- case TAHVO_REG_CHAPWMR:
- return s->charger;
-
- case TAHVO_REG_LEDPWMR:
- return s->backlight;
-
- case TAHVO_REG_USBR:
- return s->usbr;
-
- case TAHVO_REG_RCR:
- return s->power;
-
- case TAHVO_REG_CCR1:
- case TAHVO_REG_CCR2:
- case TAHVO_REG_TESTR1:
- case TAHVO_REG_TESTR2:
- case TAHVO_REG_NOPR:
- case TAHVO_REG_FRR:
- return 0x0000;
-
- default:
- hw_error("%s: bad register %02x\n", __FUNCTION__, reg);
- }
-}
-
-static inline void tahvo_write(CBusTahvo *s, int reg, uint16_t val)
-{
-#ifdef DEBUG
- printf("TAHVO write of %04x at %02x\n", val, reg);
-#endif
-
- switch (reg) {
- case TAHVO_REG_IDR:
- s->irqst ^= val;
- tahvo_interrupt_update(s);
- break;
-
- case TAHVO_REG_IMR:
- s->irqen = val;
- tahvo_interrupt_update(s);
- break;
-
- case TAHVO_REG_CHAPWMR:
- s->charger = val;
- break;
-
- case TAHVO_REG_LEDPWMR:
- if (s->backlight != (val & 0x7f)) {
- s->backlight = val & 0x7f;
- printf("%s: LCD backlight now at %i / 127\n",
- __FUNCTION__, s->backlight);
- }
- break;
-
- case TAHVO_REG_USBR:
- s->usbr = val;
- break;
-
- case TAHVO_REG_RCR:
- s->power = val;
- break;
-
- case TAHVO_REG_CCR1:
- case TAHVO_REG_CCR2:
- case TAHVO_REG_TESTR1:
- case TAHVO_REG_TESTR2:
- case TAHVO_REG_NOPR:
- case TAHVO_REG_FRR:
- break;
-
- default:
- hw_error("%s: bad register %02x\n", __FUNCTION__, reg);
- }
-}
-
-static void tahvo_io(void *opaque, int rw, int reg, uint16_t *val)
-{
- CBusTahvo *s = (CBusTahvo *) opaque;
-
- if (rw)
- *val = tahvo_read(s, reg);
- else
- tahvo_write(s, reg, *val);
-}
-
-void *tahvo_init(qemu_irq irq, int betty)
-{
- CBusTahvo *s = (CBusTahvo *) g_malloc0(sizeof(*s));
-
- s->irq = irq;
- s->irqen = 0xffff;
- s->irqst = 0x0000;
- s->is_betty = !!betty;
-
- s->cbus.opaque = s;
- s->cbus.io = tahvo_io;
- s->cbus.addr = 2;
-
- return &s->cbus;
-}
diff --git a/hw/ccid-card-emulated.c b/hw/ccid-card-emulated.c
deleted file mode 100644
index f4a6da428..000000000
--- a/hw/ccid-card-emulated.c
+++ /dev/null
@@ -1,602 +0,0 @@
-/*
- * CCID Card Device. Emulated card.
- *
- * Copyright (c) 2011 Red Hat.
- * Written by Alon Levy.
- *
- * This code is licensed under the GNU LGPL, version 2 or later.
- */
-
-/*
- * It can be used to provide access to the local hardware in a non exclusive
- * way, or it can use certificates. It requires the usb-ccid bus.
- *
- * Usage 1: standard, mirror hardware reader+card:
- * qemu .. -usb -device usb-ccid -device ccid-card-emulated
- *
- * Usage 2: use certificates, no hardware required
- * one time: create the certificates:
- * for i in 1 2 3; do
- * certutil -d /etc/pki/nssdb -x -t "CT,CT,CT" -S -s "CN=user$i" -n user$i
- * done
- * qemu .. -usb -device usb-ccid \
- * -device ccid-card-emulated,cert1=user1,cert2=user2,cert3=user3
- *
- * If you use a non default db for the certificates you can specify it using
- * the db parameter.
- */
-
-#include <eventt.h>
-#include <vevent.h>
-#include <vreader.h>
-#include <vcard_emul.h>
-
-#include "qemu-thread.h"
-#include "qemu-char.h"
-#include "monitor.h"
-#include "hw/ccid.h"
-
-#define DPRINTF(card, lvl, fmt, ...) \
-do {\
- if (lvl <= card->debug) {\
- printf("ccid-card-emul: %s: " fmt , __func__, ## __VA_ARGS__);\
- } \
-} while (0)
-
-#define EMULATED_DEV_NAME "ccid-card-emulated"
-
-#define BACKEND_NSS_EMULATED_NAME "nss-emulated"
-#define BACKEND_CERTIFICATES_NAME "certificates"
-
-enum {
- BACKEND_NSS_EMULATED = 1,
- BACKEND_CERTIFICATES
-};
-
-#define DEFAULT_BACKEND BACKEND_NSS_EMULATED
-
-typedef struct EmulatedState EmulatedState;
-
-enum {
- EMUL_READER_INSERT = 0,
- EMUL_READER_REMOVE,
- EMUL_CARD_INSERT,
- EMUL_CARD_REMOVE,
- EMUL_GUEST_APDU,
- EMUL_RESPONSE_APDU,
- EMUL_ERROR,
-};
-
-static const char *emul_event_to_string(uint32_t emul_event)
-{
- switch (emul_event) {
- case EMUL_READER_INSERT:
- return "EMUL_READER_INSERT";
- case EMUL_READER_REMOVE:
- return "EMUL_READER_REMOVE";
- case EMUL_CARD_INSERT:
- return "EMUL_CARD_INSERT";
- case EMUL_CARD_REMOVE:
- return "EMUL_CARD_REMOVE";
- case EMUL_GUEST_APDU:
- return "EMUL_GUEST_APDU";
- case EMUL_RESPONSE_APDU:
- return "EMUL_RESPONSE_APDU";
- case EMUL_ERROR:
- return "EMUL_ERROR";
- }
- return "UNKNOWN";
-}
-
-typedef struct EmulEvent {
- QSIMPLEQ_ENTRY(EmulEvent) entry;
- union {
- struct {
- uint32_t type;
- } gen;
- struct {
- uint32_t type;
- uint64_t code;
- } error;
- struct {
- uint32_t type;
- uint32_t len;
- uint8_t data[];
- } data;
- } p;
-} EmulEvent;
-
-#define MAX_ATR_SIZE 40
-struct EmulatedState {
- CCIDCardState base;
- uint8_t debug;
- char *backend_str;
- uint32_t backend;
- char *cert1;
- char *cert2;
- char *cert3;
- char *db;
- uint8_t atr[MAX_ATR_SIZE];
- uint8_t atr_length;
- QSIMPLEQ_HEAD(event_list, EmulEvent) event_list;
- QemuMutex event_list_mutex;
- QemuThread event_thread_id;
- VReader *reader;
- QSIMPLEQ_HEAD(guest_apdu_list, EmulEvent) guest_apdu_list;
- QemuMutex vreader_mutex; /* and guest_apdu_list mutex */
- QemuMutex handle_apdu_mutex;
- QemuCond handle_apdu_cond;
- int pipe[2];
- int quit_apdu_thread;
- QemuThread apdu_thread_id;
-};
-
-static void emulated_apdu_from_guest(CCIDCardState *base,
- const uint8_t *apdu, uint32_t len)
-{
- EmulatedState *card = DO_UPCAST(EmulatedState, base, base);
- EmulEvent *event = (EmulEvent *)g_malloc(sizeof(EmulEvent) + len);
-
- assert(event);
- event->p.data.type = EMUL_GUEST_APDU;
- event->p.data.len = len;
- memcpy(event->p.data.data, apdu, len);
- qemu_mutex_lock(&card->vreader_mutex);
- QSIMPLEQ_INSERT_TAIL(&card->guest_apdu_list, event, entry);
- qemu_mutex_unlock(&card->vreader_mutex);
- qemu_mutex_lock(&card->handle_apdu_mutex);
- qemu_cond_signal(&card->handle_apdu_cond);
- qemu_mutex_unlock(&card->handle_apdu_mutex);
-}
-
-static const uint8_t *emulated_get_atr(CCIDCardState *base, uint32_t *len)
-{
- EmulatedState *card = DO_UPCAST(EmulatedState, base, base);
-
- *len = card->atr_length;
- return card->atr;
-}
-
-static void emulated_push_event(EmulatedState *card, EmulEvent *event)
-{
- qemu_mutex_lock(&card->event_list_mutex);
- QSIMPLEQ_INSERT_TAIL(&(card->event_list), event, entry);
- qemu_mutex_unlock(&card->event_list_mutex);
- if (write(card->pipe[1], card, 1) != 1) {
- DPRINTF(card, 1, "write to pipe failed\n");
- }
-}
-
-static void emulated_push_type(EmulatedState *card, uint32_t type)
-{
- EmulEvent *event = (EmulEvent *)g_malloc(sizeof(EmulEvent));
-
- assert(event);
- event->p.gen.type = type;
- emulated_push_event(card, event);
-}
-
-static void emulated_push_error(EmulatedState *card, uint64_t code)
-{
- EmulEvent *event = (EmulEvent *)g_malloc(sizeof(EmulEvent));
-
- assert(event);
- event->p.error.type = EMUL_ERROR;
- event->p.error.code = code;
- emulated_push_event(card, event);
-}
-
-static void emulated_push_data_type(EmulatedState *card, uint32_t type,
- const uint8_t *data, uint32_t len)
-{
- EmulEvent *event = (EmulEvent *)g_malloc(sizeof(EmulEvent) + len);
-
- assert(event);
- event->p.data.type = type;
- event->p.data.len = len;
- memcpy(event->p.data.data, data, len);
- emulated_push_event(card, event);
-}
-
-static void emulated_push_reader_insert(EmulatedState *card)
-{
- emulated_push_type(card, EMUL_READER_INSERT);
-}
-
-static void emulated_push_reader_remove(EmulatedState *card)
-{
- emulated_push_type(card, EMUL_READER_REMOVE);
-}
-
-static void emulated_push_card_insert(EmulatedState *card,
- const uint8_t *atr, uint32_t len)
-{
- emulated_push_data_type(card, EMUL_CARD_INSERT, atr, len);
-}
-
-static void emulated_push_card_remove(EmulatedState *card)
-{
- emulated_push_type(card, EMUL_CARD_REMOVE);
-}
-
-static void emulated_push_response_apdu(EmulatedState *card,
- const uint8_t *apdu, uint32_t len)
-{
- emulated_push_data_type(card, EMUL_RESPONSE_APDU, apdu, len);
-}
-
-#define APDU_BUF_SIZE 270
-static void *handle_apdu_thread(void* arg)
-{
- EmulatedState *card = arg;
- uint8_t recv_data[APDU_BUF_SIZE];
- int recv_len;
- VReaderStatus reader_status;
- EmulEvent *event;
-
- while (1) {
- qemu_mutex_lock(&card->handle_apdu_mutex);
- qemu_cond_wait(&card->handle_apdu_cond, &card->handle_apdu_mutex);
- qemu_mutex_unlock(&card->handle_apdu_mutex);
- if (card->quit_apdu_thread) {
- card->quit_apdu_thread = 0; /* debugging */
- break;
- }
- qemu_mutex_lock(&card->vreader_mutex);
- while (!QSIMPLEQ_EMPTY(&card->guest_apdu_list)) {
- event = QSIMPLEQ_FIRST(&card->guest_apdu_list);
- assert((unsigned long)event > 1000);
- QSIMPLEQ_REMOVE_HEAD(&card->guest_apdu_list, entry);
- if (event->p.data.type != EMUL_GUEST_APDU) {
- DPRINTF(card, 1, "unexpected message in handle_apdu_thread\n");
- g_free(event);
- continue;
- }
- if (card->reader == NULL) {
- DPRINTF(card, 1, "reader is NULL\n");
- g_free(event);
- continue;
- }
- recv_len = sizeof(recv_data);
- reader_status = vreader_xfr_bytes(card->reader,
- event->p.data.data, event->p.data.len,
- recv_data, &recv_len);
- DPRINTF(card, 2, "got back apdu of length %d\n", recv_len);
- if (reader_status == VREADER_OK) {
- emulated_push_response_apdu(card, recv_data, recv_len);
- } else {
- emulated_push_error(card, reader_status);
- }
- g_free(event);
- }
- qemu_mutex_unlock(&card->vreader_mutex);
- }
- return NULL;
-}
-
-static void *event_thread(void *arg)
-{
- int atr_len = MAX_ATR_SIZE;
- uint8_t atr[MAX_ATR_SIZE];
- VEvent *event = NULL;
- EmulatedState *card = arg;
-
- while (1) {
- const char *reader_name;
-
- event = vevent_wait_next_vevent();
- if (event == NULL || event->type == VEVENT_LAST) {
- break;
- }
- if (event->type != VEVENT_READER_INSERT) {
- if (card->reader == NULL && event->reader != NULL) {
- /* Happens after device_add followed by card remove or insert.
- * XXX: create synthetic add_reader events if vcard_emul_init
- * already called, which happens if device_del and device_add
- * are called */
- card->reader = vreader_reference(event->reader);
- } else {
- if (event->reader != card->reader) {
- fprintf(stderr,
- "ERROR: wrong reader: quiting event_thread\n");
- break;
- }
- }
- }
- switch (event->type) {
- case VEVENT_READER_INSERT:
- /* TODO: take a specific reader. i.e. track which reader
- * we are seeing here, check it is the one we want (the first,
- * or by a particular name), and ignore if we don't want it.
- */
- reader_name = vreader_get_name(event->reader);
- if (card->reader != NULL) {
- DPRINTF(card, 2, "READER INSERT - replacing %s with %s\n",
- vreader_get_name(card->reader), reader_name);
- qemu_mutex_lock(&card->vreader_mutex);
- vreader_free(card->reader);
- qemu_mutex_unlock(&card->vreader_mutex);
- emulated_push_reader_remove(card);
- }
- qemu_mutex_lock(&card->vreader_mutex);
- DPRINTF(card, 2, "READER INSERT %s\n", reader_name);
- card->reader = vreader_reference(event->reader);
- qemu_mutex_unlock(&card->vreader_mutex);
- emulated_push_reader_insert(card);
- break;
- case VEVENT_READER_REMOVE:
- DPRINTF(card, 2, " READER REMOVE: %s\n",
- vreader_get_name(event->reader));
- qemu_mutex_lock(&card->vreader_mutex);
- vreader_free(card->reader);
- card->reader = NULL;
- qemu_mutex_unlock(&card->vreader_mutex);
- emulated_push_reader_remove(card);
- break;
- case VEVENT_CARD_INSERT:
- /* get the ATR (intended as a response to a power on from the
- * reader */
- atr_len = MAX_ATR_SIZE;
- vreader_power_on(event->reader, atr, &atr_len);
- card->atr_length = (uint8_t)atr_len;
- DPRINTF(card, 2, " CARD INSERT\n");
- emulated_push_card_insert(card, atr, atr_len);
- break;
- case VEVENT_CARD_REMOVE:
- DPRINTF(card, 2, " CARD REMOVE\n");
- emulated_push_card_remove(card);
- break;
- case VEVENT_LAST: /* quit */
- vevent_delete(event);
- return NULL;
- break;
- default:
- break;
- }
- vevent_delete(event);
- }
- return NULL;
-}
-
-static void pipe_read(void *opaque)
-{
- EmulatedState *card = opaque;
- EmulEvent *event, *next;
- char dummy;
- int len;
-
- do {
- len = read(card->pipe[0], &dummy, sizeof(dummy));
- } while (len == sizeof(dummy));
- qemu_mutex_lock(&card->event_list_mutex);
- QSIMPLEQ_FOREACH_SAFE(event, &card->event_list, entry, next) {
- DPRINTF(card, 2, "event %s\n", emul_event_to_string(event->p.gen.type));
- switch (event->p.gen.type) {
- case EMUL_RESPONSE_APDU:
- ccid_card_send_apdu_to_guest(&card->base, event->p.data.data,
- event->p.data.len);
- break;
- case EMUL_READER_INSERT:
- ccid_card_ccid_attach(&card->base);
- break;
- case EMUL_READER_REMOVE:
- ccid_card_ccid_detach(&card->base);
- break;
- case EMUL_CARD_INSERT:
- assert(event->p.data.len <= MAX_ATR_SIZE);
- card->atr_length = event->p.data.len;
- memcpy(card->atr, event->p.data.data, card->atr_length);
- ccid_card_card_inserted(&card->base);
- break;
- case EMUL_CARD_REMOVE:
- ccid_card_card_removed(&card->base);
- break;
- case EMUL_ERROR:
- ccid_card_card_error(&card->base, event->p.error.code);
- break;
- default:
- DPRINTF(card, 2, "unexpected event\n");
- break;
- }
- g_free(event);
- }
- QSIMPLEQ_INIT(&card->event_list);
- qemu_mutex_unlock(&card->event_list_mutex);
-}
-
-static int init_pipe_signaling(EmulatedState *card)
-{
- if (pipe(card->pipe) < 0) {
- DPRINTF(card, 2, "pipe creation failed\n");
- return -1;
- }
- fcntl(card->pipe[0], F_SETFL, O_NONBLOCK);
- fcntl(card->pipe[1], F_SETFL, O_NONBLOCK);
- fcntl(card->pipe[0], F_SETOWN, getpid());
- qemu_set_fd_handler(card->pipe[0], pipe_read, NULL, card);
- return 0;
-}
-
-#define CERTIFICATES_DEFAULT_DB "/etc/pki/nssdb"
-#define CERTIFICATES_ARGS_TEMPLATE\
- "db=\"%s\" use_hw=no soft=(,Virtual Reader,CAC,,%s,%s,%s)"
-
-static int wrap_vcard_emul_init(VCardEmulOptions *options)
-{
- static int called;
- static int options_was_null;
-
- if (called) {
- if ((options == NULL) != options_was_null) {
- printf("%s: warning: running emulated with certificates"
- " and emulated side by side is not supported\n",
- __func__);
- return VCARD_EMUL_FAIL;
- }
- vcard_emul_replay_insertion_events();
- return VCARD_EMUL_OK;
- }
- options_was_null = (options == NULL);
- called = 1;
- return vcard_emul_init(options);
-}
-
-static int emulated_initialize_vcard_from_certificates(EmulatedState *card)
-{
- char emul_args[200];
- VCardEmulOptions *options = NULL;
-
- snprintf(emul_args, sizeof(emul_args) - 1, CERTIFICATES_ARGS_TEMPLATE,
- card->db ? card->db : CERTIFICATES_DEFAULT_DB,
- card->cert1, card->cert2, card->cert3);
- options = vcard_emul_options(emul_args);
- if (options == NULL) {
- printf("%s: warning: not using certificates due to"
- " initialization error\n", __func__);
- }
- return wrap_vcard_emul_init(options);
-}
-
-typedef struct EnumTable {
- const char *name;
- uint32_t value;
-} EnumTable;
-
-EnumTable backend_enum_table[] = {
- {BACKEND_NSS_EMULATED_NAME, BACKEND_NSS_EMULATED},
- {BACKEND_CERTIFICATES_NAME, BACKEND_CERTIFICATES},
- {NULL, 0},
-};
-
-static uint32_t parse_enumeration(char *str,
- EnumTable *table, uint32_t not_found_value)
-{
- uint32_t ret = not_found_value;
-
- while (table->name != NULL) {
- if (strcmp(table->name, str) == 0) {
- ret = table->value;
- break;
- }
- table++;
- }
- return ret;
-}
-
-static int emulated_initfn(CCIDCardState *base)
-{
- EmulatedState *card = DO_UPCAST(EmulatedState, base, base);
- VCardEmulError ret;
- EnumTable *ptable;
-
- QSIMPLEQ_INIT(&card->event_list);
- QSIMPLEQ_INIT(&card->guest_apdu_list);
- qemu_mutex_init(&card->event_list_mutex);
- qemu_mutex_init(&card->vreader_mutex);
- qemu_mutex_init(&card->handle_apdu_mutex);
- qemu_cond_init(&card->handle_apdu_cond);
- card->reader = NULL;
- card->quit_apdu_thread = 0;
- if (init_pipe_signaling(card) < 0) {
- return -1;
- }
- card->backend = parse_enumeration(card->backend_str, backend_enum_table, 0);
- if (card->backend == 0) {
- printf("unknown backend, must be one of:\n");
- for (ptable = backend_enum_table; ptable->name != NULL; ++ptable) {
- printf("%s\n", ptable->name);
- }
- return -1;
- }
-
- /* TODO: a passthru backened that works on local machine. third card type?*/
- if (card->backend == BACKEND_CERTIFICATES) {
- if (card->cert1 != NULL && card->cert2 != NULL && card->cert3 != NULL) {
- ret = emulated_initialize_vcard_from_certificates(card);
- } else {
- printf("%s: you must provide all three certs for"
- " certificates backend\n", EMULATED_DEV_NAME);
- return -1;
- }
- } else {
- if (card->backend != BACKEND_NSS_EMULATED) {
- printf("%s: bad backend specified. The options are:\n%s (default),"
- " %s.\n", EMULATED_DEV_NAME, BACKEND_NSS_EMULATED_NAME,
- BACKEND_CERTIFICATES_NAME);
- return -1;
- }
- if (card->cert1 != NULL || card->cert2 != NULL || card->cert3 != NULL) {
- printf("%s: unexpected cert parameters to nss emulated backend\n",
- EMULATED_DEV_NAME);
- return -1;
- }
- /* default to mirroring the local hardware readers */
- ret = wrap_vcard_emul_init(NULL);
- }
- if (ret != VCARD_EMUL_OK) {
- printf("%s: failed to initialize vcard\n", EMULATED_DEV_NAME);
- return -1;
- }
- qemu_thread_create(&card->event_thread_id, event_thread, card,
- QEMU_THREAD_JOINABLE);
- qemu_thread_create(&card->apdu_thread_id, handle_apdu_thread, card,
- QEMU_THREAD_JOINABLE);
- return 0;
-}
-
-static int emulated_exitfn(CCIDCardState *base)
-{
- EmulatedState *card = DO_UPCAST(EmulatedState, base, base);
- VEvent *vevent = vevent_new(VEVENT_LAST, NULL, NULL);
-
- vevent_queue_vevent(vevent); /* stop vevent thread */
- qemu_thread_join(&card->event_thread_id);
-
- card->quit_apdu_thread = 1; /* stop handle_apdu thread */
- qemu_cond_signal(&card->handle_apdu_cond);
- qemu_thread_join(&card->apdu_thread_id);
-
- /* threads exited, can destroy all condvars/mutexes */
- qemu_cond_destroy(&card->handle_apdu_cond);
- qemu_mutex_destroy(&card->handle_apdu_mutex);
- qemu_mutex_destroy(&card->vreader_mutex);
- qemu_mutex_destroy(&card->event_list_mutex);
- return 0;
-}
-
-static Property emulated_card_properties[] = {
- DEFINE_PROP_STRING("backend", EmulatedState, backend_str),
- DEFINE_PROP_STRING("cert1", EmulatedState, cert1),
- DEFINE_PROP_STRING("cert2", EmulatedState, cert2),
- DEFINE_PROP_STRING("cert3", EmulatedState, cert3),
- DEFINE_PROP_STRING("db", EmulatedState, db),
- DEFINE_PROP_UINT8("debug", EmulatedState, debug, 0),
- DEFINE_PROP_END_OF_LIST(),
-};
-
-static void emulated_class_initfn(ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS(klass);
- CCIDCardClass *cc = CCID_CARD_CLASS(klass);
-
- cc->initfn = emulated_initfn;
- cc->exitfn = emulated_exitfn;
- cc->get_atr = emulated_get_atr;
- cc->apdu_from_guest = emulated_apdu_from_guest;
- dc->desc = "emulated smartcard";
- dc->props = emulated_card_properties;
-}
-
-static TypeInfo emulated_card_info = {
- .name = EMULATED_DEV_NAME,
- .parent = TYPE_CCID_CARD,
- .instance_size = sizeof(EmulatedState),
- .class_init = emulated_class_initfn,
-};
-
-static void ccid_card_emulated_register_types(void)
-{
- type_register_static(&emulated_card_info);
-}
-
-type_init(ccid_card_emulated_register_types)
diff --git a/hw/ccid-card-passthru.c b/hw/ccid-card-passthru.c
deleted file mode 100644
index bd6c77777..000000000
--- a/hw/ccid-card-passthru.c
+++ /dev/null
@@ -1,351 +0,0 @@
-/*
- * CCID Passthru Card Device emulation
- *
- * Copyright (c) 2011 Red Hat.
- * Written by Alon Levy.
- *
- * This work is licensed under the terms of the GNU GPL, version 2.1 or later.
- * See the COPYING file in the top-level directory.
- */
-
-#include "qemu-char.h"
-#include "qemu_socket.h"
-#include "monitor.h"
-#include "hw/ccid.h"
-#include "libcacard/vscard_common.h"
-
-#define DPRINTF(card, lvl, fmt, ...) \
-do { \
- if (lvl <= card->debug) { \
- printf("ccid-card-passthru: " fmt , ## __VA_ARGS__); \
- } \
-} while (0)
-
-#define D_WARN 1
-#define D_INFO 2
-#define D_MORE_INFO 3
-#define D_VERBOSE 4
-
-/* TODO: do we still need this? */
-uint8_t DEFAULT_ATR[] = {
-/*
- * From some example somewhere
- * 0x3B, 0xB0, 0x18, 0x00, 0xD1, 0x81, 0x05, 0xB1, 0x40, 0x38, 0x1F, 0x03, 0x28
- */
-
-/* From an Athena smart card */
- 0x3B, 0xD5, 0x18, 0xFF, 0x80, 0x91, 0xFE, 0x1F, 0xC3, 0x80, 0x73, 0xC8, 0x21,
- 0x13, 0x08
-};
-
-
-#define PASSTHRU_DEV_NAME "ccid-card-passthru"
-#define VSCARD_IN_SIZE 65536
-
-/* maximum size of ATR - from 7816-3 */
-#define MAX_ATR_SIZE 40
-
-typedef struct PassthruState PassthruState;
-
-struct PassthruState {
- CCIDCardState base;
- CharDriverState *cs;
- uint8_t vscard_in_data[VSCARD_IN_SIZE];
- uint32_t vscard_in_pos;
- uint32_t vscard_in_hdr;
- uint8_t atr[MAX_ATR_SIZE];
- uint8_t atr_length;
- uint8_t debug;
-};
-
-/*
- * VSCard protocol over chardev
- * This code should not depend on the card type.
- */
-
-static void ccid_card_vscard_send_msg(PassthruState *s,
- VSCMsgType type, uint32_t reader_id,
- const uint8_t *payload, uint32_t length)
-{
- VSCMsgHeader scr_msg_header;
-
- scr_msg_header.type = htonl(type);
- scr_msg_header.reader_id = htonl(reader_id);
- scr_msg_header.length = htonl(length);
- qemu_chr_fe_write(s->cs, (uint8_t *)&scr_msg_header, sizeof(VSCMsgHeader));
- qemu_chr_fe_write(s->cs, payload, length);
-}
-
-static void ccid_card_vscard_send_apdu(PassthruState *s,
- const uint8_t *apdu, uint32_t length)
-{
- ccid_card_vscard_send_msg(
- s, VSC_APDU, VSCARD_MINIMAL_READER_ID, apdu, length);
-}
-
-static void ccid_card_vscard_send_error(PassthruState *s,
- uint32_t reader_id, VSCErrorCode code)
-{
- VSCMsgError msg = {.code = htonl(code)};
-
- ccid_card_vscard_send_msg(
- s, VSC_Error, reader_id, (uint8_t *)&msg, sizeof(msg));
-}
-
-static void ccid_card_vscard_send_init(PassthruState *s)
-{
- VSCMsgInit msg = {
- .version = htonl(VSCARD_VERSION),
- .magic = VSCARD_MAGIC,
- .capabilities = {0}
- };
-
- ccid_card_vscard_send_msg(s, VSC_Init, VSCARD_UNDEFINED_READER_ID,
- (uint8_t *)&msg, sizeof(msg));
-}
-
-static int ccid_card_vscard_can_read(void *opaque)
-{
- PassthruState *card = opaque;
-
- return VSCARD_IN_SIZE >= card->vscard_in_pos ?
- VSCARD_IN_SIZE - card->vscard_in_pos : 0;
-}
-
-static void ccid_card_vscard_handle_init(
- PassthruState *card, VSCMsgHeader *hdr, VSCMsgInit *init)
-{
- uint32_t *capabilities;
- int num_capabilities;
- int i;
-
- capabilities = init->capabilities;
- num_capabilities =
- 1 + ((hdr->length - sizeof(VSCMsgInit)) / sizeof(uint32_t));
- init->version = ntohl(init->version);
- for (i = 0 ; i < num_capabilities; ++i) {
- capabilities[i] = ntohl(capabilities[i]);
- }
- if (init->magic != VSCARD_MAGIC) {
- error_report("wrong magic");
- /* we can't disconnect the chardev */
- }
- if (init->version != VSCARD_VERSION) {
- DPRINTF(card, D_WARN,
- "got version %d, have %d", init->version, VSCARD_VERSION);
- }
- /* future handling of capabilities, none exist atm */
- ccid_card_vscard_send_init(card);
-}
-
-static void ccid_card_vscard_handle_message(PassthruState *card,
- VSCMsgHeader *scr_msg_header)
-{
- uint8_t *data = (uint8_t *)&scr_msg_header[1];
-
- switch (scr_msg_header->type) {
- case VSC_ATR:
- DPRINTF(card, D_INFO, "VSC_ATR %d\n", scr_msg_header->length);
- if (scr_msg_header->length > MAX_ATR_SIZE) {
- error_report("ATR size exceeds spec, ignoring");
- ccid_card_vscard_send_error(card, scr_msg_header->reader_id,
- VSC_GENERAL_ERROR);
- break;
- }
- memcpy(card->atr, data, scr_msg_header->length);
- card->atr_length = scr_msg_header->length;
- ccid_card_card_inserted(&card->base);
- ccid_card_vscard_send_error(card, scr_msg_header->reader_id,
- VSC_SUCCESS);
- break;
- case VSC_APDU:
- ccid_card_send_apdu_to_guest(
- &card->base, data, scr_msg_header->length);
- break;
- case VSC_CardRemove:
- DPRINTF(card, D_INFO, "VSC_CardRemove\n");
- ccid_card_card_removed(&card->base);
- ccid_card_vscard_send_error(card,
- scr_msg_header->reader_id, VSC_SUCCESS);
- break;
- case VSC_Init:
- ccid_card_vscard_handle_init(
- card, scr_msg_header, (VSCMsgInit *)data);
- break;
- case VSC_Error:
- ccid_card_card_error(&card->base, *(uint32_t *)data);
- break;
- case VSC_ReaderAdd:
- if (ccid_card_ccid_attach(&card->base) < 0) {
- ccid_card_vscard_send_error(card, VSCARD_UNDEFINED_READER_ID,
- VSC_CANNOT_ADD_MORE_READERS);
- } else {
- ccid_card_vscard_send_error(card, VSCARD_MINIMAL_READER_ID,
- VSC_SUCCESS);
- }
- break;
- case VSC_ReaderRemove:
- ccid_card_ccid_detach(&card->base);
- ccid_card_vscard_send_error(card,
- scr_msg_header->reader_id, VSC_SUCCESS);
- break;
- default:
- printf("usb-ccid: chardev: unexpected message of type %X\n",
- scr_msg_header->type);
- ccid_card_vscard_send_error(card, scr_msg_header->reader_id,
- VSC_GENERAL_ERROR);
- }
-}
-
-static void ccid_card_vscard_drop_connection(PassthruState *card)
-{
- qemu_chr_delete(card->cs);
- card->vscard_in_pos = card->vscard_in_hdr = 0;
-}
-
-static void ccid_card_vscard_read(void *opaque, const uint8_t *buf, int size)
-{
- PassthruState *card = opaque;
- VSCMsgHeader *hdr;
-
- if (card->vscard_in_pos + size > VSCARD_IN_SIZE) {
- error_report(
- "no room for data: pos %d + size %d > %d. dropping connection.",
- card->vscard_in_pos, size, VSCARD_IN_SIZE);
- ccid_card_vscard_drop_connection(card);
- return;
- }
- assert(card->vscard_in_pos < VSCARD_IN_SIZE);
- assert(card->vscard_in_hdr < VSCARD_IN_SIZE);
- memcpy(card->vscard_in_data + card->vscard_in_pos, buf, size);
- card->vscard_in_pos += size;
- hdr = (VSCMsgHeader *)(card->vscard_in_data + card->vscard_in_hdr);
-
- while ((card->vscard_in_pos - card->vscard_in_hdr >= sizeof(VSCMsgHeader))
- &&(card->vscard_in_pos - card->vscard_in_hdr >=
- sizeof(VSCMsgHeader) + ntohl(hdr->length))) {
- hdr->reader_id = ntohl(hdr->reader_id);
- hdr->length = ntohl(hdr->length);
- hdr->type = ntohl(hdr->type);
- ccid_card_vscard_handle_message(card, hdr);
- card->vscard_in_hdr += hdr->length + sizeof(VSCMsgHeader);
- hdr = (VSCMsgHeader *)(card->vscard_in_data + card->vscard_in_hdr);
- }
- if (card->vscard_in_hdr == card->vscard_in_pos) {
- card->vscard_in_pos = card->vscard_in_hdr = 0;
- }
-}
-
-static void ccid_card_vscard_event(void *opaque, int event)
-{
- PassthruState *card = opaque;
-
- switch (event) {
- case CHR_EVENT_BREAK:
- card->vscard_in_pos = card->vscard_in_hdr = 0;
- break;
- case CHR_EVENT_FOCUS:
- break;
- case CHR_EVENT_OPENED:
- DPRINTF(card, D_INFO, "%s: CHR_EVENT_OPENED\n", __func__);
- break;
- }
-}
-
-/* End VSCard handling */
-
-static void passthru_apdu_from_guest(
- CCIDCardState *base, const uint8_t *apdu, uint32_t len)
-{
- PassthruState *card = DO_UPCAST(PassthruState, base, base);
-
- if (!card->cs) {
- printf("ccid-passthru: no chardev, discarding apdu length %d\n", len);
- return;
- }
- ccid_card_vscard_send_apdu(card, apdu, len);
-}
-
-static const uint8_t *passthru_get_atr(CCIDCardState *base, uint32_t *len)
-{
- PassthruState *card = DO_UPCAST(PassthruState, base, base);
-
- *len = card->atr_length;
- return card->atr;
-}
-
-static int passthru_initfn(CCIDCardState *base)
-{
- PassthruState *card = DO_UPCAST(PassthruState, base, base);
-
- card->vscard_in_pos = 0;
- card->vscard_in_hdr = 0;
- if (card->cs) {
- DPRINTF(card, D_INFO, "initing chardev\n");
- qemu_chr_add_handlers(card->cs,
- ccid_card_vscard_can_read,
- ccid_card_vscard_read,
- ccid_card_vscard_event, card);
- ccid_card_vscard_send_init(card);
- } else {
- error_report("missing chardev");
- return -1;
- }
- assert(sizeof(DEFAULT_ATR) <= MAX_ATR_SIZE);
- memcpy(card->atr, DEFAULT_ATR, sizeof(DEFAULT_ATR));
- card->atr_length = sizeof(DEFAULT_ATR);
- return 0;
-}
-
-static int passthru_exitfn(CCIDCardState *base)
-{
- return 0;
-}
-
-static VMStateDescription passthru_vmstate = {
- .name = PASSTHRU_DEV_NAME,
- .version_id = 1,
- .minimum_version_id = 1,
- .fields = (VMStateField[]) {
- VMSTATE_BUFFER(vscard_in_data, PassthruState),
- VMSTATE_UINT32(vscard_in_pos, PassthruState),
- VMSTATE_UINT32(vscard_in_hdr, PassthruState),
- VMSTATE_BUFFER(atr, PassthruState),
- VMSTATE_UINT8(atr_length, PassthruState),
- VMSTATE_END_OF_LIST()
- }
-};
-
-static Property passthru_card_properties[] = {
- DEFINE_PROP_CHR("chardev", PassthruState, cs),
- DEFINE_PROP_UINT8("debug", PassthruState, debug, 0),
- DEFINE_PROP_END_OF_LIST(),
-};
-
-static void passthru_class_initfn(ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS(klass);
- CCIDCardClass *cc = CCID_CARD_CLASS(klass);
-
- cc->initfn = passthru_initfn;
- cc->exitfn = passthru_exitfn;
- cc->get_atr = passthru_get_atr;
- cc->apdu_from_guest = passthru_apdu_from_guest;
- dc->desc = "passthrough smartcard";
- dc->vmsd = &passthru_vmstate;
- dc->props = passthru_card_properties;
-}
-
-static TypeInfo passthru_card_info = {
- .name = PASSTHRU_DEV_NAME,
- .parent = TYPE_CCID_CARD,
- .instance_size = sizeof(PassthruState),
- .class_init = passthru_class_initfn,
-};
-
-static void ccid_card_passthru_register_types(void)
-{
- type_register_static(&passthru_card_info);
-}
-
-type_init(ccid_card_passthru_register_types)
diff --git a/hw/ccid.h b/hw/ccid.h
deleted file mode 100644
index 6adc745a6..000000000
--- a/hw/ccid.h
+++ /dev/null
@@ -1,65 +0,0 @@
-/*
- * CCID Passthru Card Device emulation
- *
- * Copyright (c) 2011 Red Hat.
- * Written by Alon Levy.
- *
- * This code is licensed under the GNU LGPL, version 2 or later.
- */
-
-#ifndef CCID_H
-#define CCID_H
-
-#include "qdev.h"
-
-typedef struct CCIDCardState CCIDCardState;
-typedef struct CCIDCardInfo CCIDCardInfo;
-
-#define TYPE_CCID_CARD "ccid-card"
-#define CCID_CARD(obj) \
- OBJECT_CHECK(CCIDCardState, (obj), TYPE_CCID_CARD)
-#define CCID_CARD_CLASS(klass) \
- OBJECT_CLASS_CHECK(CCIDCardClass, (klass), TYPE_CCID_CARD)
-#define CCID_CARD_GET_CLASS(obj) \
- OBJECT_GET_CLASS(CCIDCardClass, (obj), TYPE_CCID_CARD)
-
-/*
- * callbacks to be used by the CCID device (hw/usb-ccid.c) to call
- * into the smartcard device (hw/ccid-card-*.c)
- */
-typedef struct CCIDCardClass {
- DeviceClass parent_class;
- const uint8_t *(*get_atr)(CCIDCardState *card, uint32_t *len);
- void (*apdu_from_guest)(CCIDCardState *card,
- const uint8_t *apdu,
- uint32_t len);
- int (*exitfn)(CCIDCardState *card);
- int (*initfn)(CCIDCardState *card);
-} CCIDCardClass;
-
-/*
- * state of the CCID Card device (i.e. hw/ccid-card-*.c)
- */
-struct CCIDCardState {
- DeviceState qdev;
- uint32_t slot; /* For future use with multiple slot reader. */
-};
-
-/*
- * API for smartcard calling the CCID device (used by hw/ccid-card-*.c)
- */
-void ccid_card_send_apdu_to_guest(CCIDCardState *card,
- uint8_t *apdu,
- uint32_t len);
-void ccid_card_card_removed(CCIDCardState *card);
-void ccid_card_card_inserted(CCIDCardState *card);
-void ccid_card_card_error(CCIDCardState *card, uint64_t error);
-
-/*
- * support guest visible insertion/removal of ccid devices based on actual
- * devices connected/removed. Called by card implementation (passthru, local)
- */
-int ccid_card_ccid_attach(CCIDCardState *card);
-void ccid_card_ccid_detach(CCIDCardState *card);
-
-#endif /* CCID_H */
diff --git a/hw/cdrom.c b/hw/cdrom.c
deleted file mode 100644
index 3b99535dc..000000000
--- a/hw/cdrom.c
+++ /dev/null
@@ -1,155 +0,0 @@
-/*
- * QEMU ATAPI CD-ROM Emulator
- *
- * Copyright (c) 2006 Fabrice Bellard
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
- * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
- * THE SOFTWARE.
- */
-
-/* ??? Most of the ATAPI emulation is still in ide.c. It should be moved
- here. */
-
-#include "qemu-common.h"
-#include "scsi.h"
-
-static void lba_to_msf(uint8_t *buf, int lba)
-{
- lba += 150;
- buf[0] = (lba / 75) / 60;
- buf[1] = (lba / 75) % 60;
- buf[2] = lba % 75;
-}
-
-/* same toc as bochs. Return -1 if error or the toc length */
-/* XXX: check this */
-int cdrom_read_toc(int nb_sectors, uint8_t *buf, int msf, int start_track)
-{
- uint8_t *q;
- int len;
-
- if (start_track > 1 && start_track != 0xaa)
- return -1;
- q = buf + 2;
- *q++ = 1; /* first session */
- *q++ = 1; /* last session */
- if (start_track <= 1) {
- *q++ = 0; /* reserved */
- *q++ = 0x14; /* ADR, control */
- *q++ = 1; /* track number */
- *q++ = 0; /* reserved */
- if (msf) {
- *q++ = 0; /* reserved */
- lba_to_msf(q, 0);
- q += 3;
- } else {
- /* sector 0 */
- cpu_to_be32wu((uint32_t *)q, 0);
- q += 4;
- }
- }
- /* lead out track */
- *q++ = 0; /* reserved */
- *q++ = 0x16; /* ADR, control */
- *q++ = 0xaa; /* track number */
- *q++ = 0; /* reserved */
- if (msf) {
- *q++ = 0; /* reserved */
- lba_to_msf(q, nb_sectors);
- q += 3;
- } else {
- cpu_to_be32wu((uint32_t *)q, nb_sectors);
- q += 4;
- }
- len = q - buf;
- cpu_to_be16wu((uint16_t *)buf, len - 2);
- return len;
-}
-
-/* mostly same info as PearPc */
-int cdrom_read_toc_raw(int nb_sectors, uint8_t *buf, int msf, int session_num)
-{
- uint8_t *q;
- int len;
-
- q = buf + 2;
- *q++ = 1; /* first session */
- *q++ = 1; /* last session */
-
- *q++ = 1; /* session number */
- *q++ = 0x14; /* data track */
- *q++ = 0; /* track number */
- *q++ = 0xa0; /* lead-in */
- *q++ = 0; /* min */
- *q++ = 0; /* sec */
- *q++ = 0; /* frame */
- *q++ = 0;
- *q++ = 1; /* first track */
- *q++ = 0x00; /* disk type */
- *q++ = 0x00;
-
- *q++ = 1; /* session number */
- *q++ = 0x14; /* data track */
- *q++ = 0; /* track number */
- *q++ = 0xa1;
- *q++ = 0; /* min */
- *q++ = 0; /* sec */
- *q++ = 0; /* frame */
- *q++ = 0;
- *q++ = 1; /* last track */
- *q++ = 0x00;
- *q++ = 0x00;
-
- *q++ = 1; /* session number */
- *q++ = 0x14; /* data track */
- *q++ = 0; /* track number */
- *q++ = 0xa2; /* lead-out */
- *q++ = 0; /* min */
- *q++ = 0; /* sec */
- *q++ = 0; /* frame */
- if (msf) {
- *q++ = 0; /* reserved */
- lba_to_msf(q, nb_sectors);
- q += 3;
- } else {
- cpu_to_be32wu((uint32_t *)q, nb_sectors);
- q += 4;
- }
-
- *q++ = 1; /* session number */
- *q++ = 0x14; /* ADR, control */
- *q++ = 0; /* track number */
- *q++ = 1; /* point */
- *q++ = 0; /* min */
- *q++ = 0; /* sec */
- *q++ = 0; /* frame */
- if (msf) {
- *q++ = 0;
- lba_to_msf(q, 0);
- q += 3;
- } else {
- *q++ = 0;
- *q++ = 0;
- *q++ = 0;
- *q++ = 0;
- }
-
- len = q - buf;
- cpu_to_be16wu((uint16_t *)buf, len - 2);
- return len;
-}
diff --git a/hw/char/Makefile.objs b/hw/char/Makefile.objs
new file mode 100644
index 000000000..f8f3dbca3
--- /dev/null
+++ b/hw/char/Makefile.objs
@@ -0,0 +1,27 @@
+common-obj-$(CONFIG_IPACK) += tpci200.o ipoctal232.o ipack.o
+common-obj-$(CONFIG_ESCC) += escc.o
+common-obj-$(CONFIG_PARALLEL) += parallel.o
+common-obj-$(CONFIG_PL011) += pl011.o
+common-obj-$(CONFIG_SERIAL) += serial.o serial-isa.o
+common-obj-$(CONFIG_SERIAL_PCI) += serial-pci.o
+common-obj-$(CONFIG_VIRTIO) += virtio-console.o
+common-obj-$(CONFIG_XILINX) += xilinx_uartlite.o
+common-obj-$(CONFIG_XEN_BACKEND) += xen_console.o
+common-obj-$(CONFIG_CADENCE) += cadence_uart.o
+
+obj-$(CONFIG_EXYNOS4) += exynos4210_uart.o
+obj-$(CONFIG_COLDFIRE) += mcf_uart.o
+obj-$(CONFIG_OMAP) += omap_uart.o
+obj-$(CONFIG_SH4) += sh_serial.o
+obj-$(CONFIG_PSERIES) += spapr_vty.o
+
+common-obj-$(CONFIG_ETRAXFS) += etraxfs_ser.o
+common-obj-$(CONFIG_ISA_DEBUG) += debugcon.o
+common-obj-$(CONFIG_GRLIB) += grlib_apbuart.o
+common-obj-$(CONFIG_IMX) += imx_serial.o
+common-obj-$(CONFIG_LM32) += lm32_juart.o
+common-obj-$(CONFIG_LM32) += lm32_uart.o
+common-obj-$(CONFIG_MILKYMIST) += milkymist-uart.o
+common-obj-$(CONFIG_SCLPCONSOLE) += sclpconsole.o
+
+obj-$(CONFIG_VIRTIO) += virtio-serial-bus.o
diff --git a/hw/char/cadence_uart.c b/hw/char/cadence_uart.c
new file mode 100644
index 000000000..3c2e96097
--- /dev/null
+++ b/hw/char/cadence_uart.c
@@ -0,0 +1,522 @@
+/*
+ * Device model for Cadence UART
+ *
+ * Copyright (c) 2010 Xilinx Inc.
+ * Copyright (c) 2012 Peter A.G. Crosthwaite (peter.crosthwaite@petalogix.com)
+ * Copyright (c) 2012 PetaLogix Pty Ltd.
+ * Written by Haibing Ma
+ * M.Habib
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version
+ * 2 of the License, or (at your option) any later version.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "hw/sysbus.h"
+#include "sysemu/char.h"
+#include "qemu/timer.h"
+
+#ifdef CADENCE_UART_ERR_DEBUG
+#define DB_PRINT(...) do { \
+ fprintf(stderr, ": %s: ", __func__); \
+ fprintf(stderr, ## __VA_ARGS__); \
+ } while (0);
+#else
+ #define DB_PRINT(...)
+#endif
+
+#define UART_SR_INTR_RTRIG 0x00000001
+#define UART_SR_INTR_REMPTY 0x00000002
+#define UART_SR_INTR_RFUL 0x00000004
+#define UART_SR_INTR_TEMPTY 0x00000008
+#define UART_SR_INTR_TFUL 0x00000010
+/* bits fields in CSR that correlate to CISR. If any of these bits are set in
+ * SR, then the same bit in CISR is set high too */
+#define UART_SR_TO_CISR_MASK 0x0000001F
+
+#define UART_INTR_ROVR 0x00000020
+#define UART_INTR_FRAME 0x00000040
+#define UART_INTR_PARE 0x00000080
+#define UART_INTR_TIMEOUT 0x00000100
+#define UART_INTR_DMSI 0x00000200
+
+#define UART_SR_RACTIVE 0x00000400
+#define UART_SR_TACTIVE 0x00000800
+#define UART_SR_FDELT 0x00001000
+
+#define UART_CR_RXRST 0x00000001
+#define UART_CR_TXRST 0x00000002
+#define UART_CR_RX_EN 0x00000004
+#define UART_CR_RX_DIS 0x00000008
+#define UART_CR_TX_EN 0x00000010
+#define UART_CR_TX_DIS 0x00000020
+#define UART_CR_RST_TO 0x00000040
+#define UART_CR_STARTBRK 0x00000080
+#define UART_CR_STOPBRK 0x00000100
+
+#define UART_MR_CLKS 0x00000001
+#define UART_MR_CHRL 0x00000006
+#define UART_MR_CHRL_SH 1
+#define UART_MR_PAR 0x00000038
+#define UART_MR_PAR_SH 3
+#define UART_MR_NBSTOP 0x000000C0
+#define UART_MR_NBSTOP_SH 6
+#define UART_MR_CHMODE 0x00000300
+#define UART_MR_CHMODE_SH 8
+#define UART_MR_UCLKEN 0x00000400
+#define UART_MR_IRMODE 0x00000800
+
+#define UART_DATA_BITS_6 (0x3 << UART_MR_CHRL_SH)
+#define UART_DATA_BITS_7 (0x2 << UART_MR_CHRL_SH)
+#define UART_PARITY_ODD (0x1 << UART_MR_PAR_SH)
+#define UART_PARITY_EVEN (0x0 << UART_MR_PAR_SH)
+#define UART_STOP_BITS_1 (0x3 << UART_MR_NBSTOP_SH)
+#define UART_STOP_BITS_2 (0x2 << UART_MR_NBSTOP_SH)
+#define NORMAL_MODE (0x0 << UART_MR_CHMODE_SH)
+#define ECHO_MODE (0x1 << UART_MR_CHMODE_SH)
+#define LOCAL_LOOPBACK (0x2 << UART_MR_CHMODE_SH)
+#define REMOTE_LOOPBACK (0x3 << UART_MR_CHMODE_SH)
+
+#define RX_FIFO_SIZE 16
+#define TX_FIFO_SIZE 16
+#define UART_INPUT_CLK 50000000
+
+#define R_CR (0x00/4)
+#define R_MR (0x04/4)
+#define R_IER (0x08/4)
+#define R_IDR (0x0C/4)
+#define R_IMR (0x10/4)
+#define R_CISR (0x14/4)
+#define R_BRGR (0x18/4)
+#define R_RTOR (0x1C/4)
+#define R_RTRIG (0x20/4)
+#define R_MCR (0x24/4)
+#define R_MSR (0x28/4)
+#define R_SR (0x2C/4)
+#define R_TX_RX (0x30/4)
+#define R_BDIV (0x34/4)
+#define R_FDEL (0x38/4)
+#define R_PMIN (0x3C/4)
+#define R_PWID (0x40/4)
+#define R_TTRIG (0x44/4)
+
+#define R_MAX (R_TTRIG + 1)
+
+#define TYPE_CADENCE_UART "cadence_uart"
+#define CADENCE_UART(obj) OBJECT_CHECK(UartState, (obj), TYPE_CADENCE_UART)
+
+typedef struct {
+ SysBusDevice parent_obj;
+
+ MemoryRegion iomem;
+ uint32_t r[R_MAX];
+ uint8_t r_fifo[RX_FIFO_SIZE];
+ uint32_t rx_wpos;
+ uint32_t rx_count;
+ uint64_t char_tx_time;
+ CharDriverState *chr;
+ qemu_irq irq;
+ struct QEMUTimer *fifo_trigger_handle;
+ struct QEMUTimer *tx_time_handle;
+} UartState;
+
+static void uart_update_status(UartState *s)
+{
+ s->r[R_CISR] |= s->r[R_SR] & UART_SR_TO_CISR_MASK;
+ qemu_set_irq(s->irq, !!(s->r[R_IMR] & s->r[R_CISR]));
+}
+
+static void fifo_trigger_update(void *opaque)
+{
+ UartState *s = (UartState *)opaque;
+
+ s->r[R_CISR] |= UART_INTR_TIMEOUT;
+
+ uart_update_status(s);
+}
+
+static void uart_tx_redo(UartState *s)
+{
+ uint64_t new_tx_time = qemu_get_clock_ns(vm_clock);
+
+ qemu_mod_timer(s->tx_time_handle, new_tx_time + s->char_tx_time);
+
+ s->r[R_SR] |= UART_SR_INTR_TEMPTY;
+
+ uart_update_status(s);
+}
+
+static void uart_tx_write(void *opaque)
+{
+ UartState *s = (UartState *)opaque;
+
+ uart_tx_redo(s);
+}
+
+static void uart_rx_reset(UartState *s)
+{
+ s->rx_wpos = 0;
+ s->rx_count = 0;
+ if (s->chr) {
+ qemu_chr_accept_input(s->chr);
+ }
+
+ s->r[R_SR] |= UART_SR_INTR_REMPTY;
+ s->r[R_SR] &= ~UART_SR_INTR_RFUL;
+}
+
+static void uart_tx_reset(UartState *s)
+{
+ s->r[R_SR] |= UART_SR_INTR_TEMPTY;
+ s->r[R_SR] &= ~UART_SR_INTR_TFUL;
+}
+
+static void uart_send_breaks(UartState *s)
+{
+ int break_enabled = 1;
+
+ qemu_chr_fe_ioctl(s->chr, CHR_IOCTL_SERIAL_SET_BREAK,
+ &break_enabled);
+}
+
+static void uart_parameters_setup(UartState *s)
+{
+ QEMUSerialSetParams ssp;
+ unsigned int baud_rate, packet_size;
+
+ baud_rate = (s->r[R_MR] & UART_MR_CLKS) ?
+ UART_INPUT_CLK / 8 : UART_INPUT_CLK;
+
+ ssp.speed = baud_rate / (s->r[R_BRGR] * (s->r[R_BDIV] + 1));
+ packet_size = 1;
+
+ switch (s->r[R_MR] & UART_MR_PAR) {
+ case UART_PARITY_EVEN:
+ ssp.parity = 'E';
+ packet_size++;
+ break;
+ case UART_PARITY_ODD:
+ ssp.parity = 'O';
+ packet_size++;
+ break;
+ default:
+ ssp.parity = 'N';
+ break;
+ }
+
+ switch (s->r[R_MR] & UART_MR_CHRL) {
+ case UART_DATA_BITS_6:
+ ssp.data_bits = 6;
+ break;
+ case UART_DATA_BITS_7:
+ ssp.data_bits = 7;
+ break;
+ default:
+ ssp.data_bits = 8;
+ break;
+ }
+
+ switch (s->r[R_MR] & UART_MR_NBSTOP) {
+ case UART_STOP_BITS_1:
+ ssp.stop_bits = 1;
+ break;
+ default:
+ ssp.stop_bits = 2;
+ break;
+ }
+
+ packet_size += ssp.data_bits + ssp.stop_bits;
+ s->char_tx_time = (get_ticks_per_sec() / ssp.speed) * packet_size;
+ qemu_chr_fe_ioctl(s->chr, CHR_IOCTL_SERIAL_SET_PARAMS, &ssp);
+}
+
+static int uart_can_receive(void *opaque)
+{
+ UartState *s = (UartState *)opaque;
+
+ return RX_FIFO_SIZE - s->rx_count;
+}
+
+static void uart_ctrl_update(UartState *s)
+{
+ if (s->r[R_CR] & UART_CR_TXRST) {
+ uart_tx_reset(s);
+ }
+
+ if (s->r[R_CR] & UART_CR_RXRST) {
+ uart_rx_reset(s);
+ }
+
+ s->r[R_CR] &= ~(UART_CR_TXRST | UART_CR_RXRST);
+
+ if ((s->r[R_CR] & UART_CR_TX_EN) && !(s->r[R_CR] & UART_CR_TX_DIS)) {
+ uart_tx_redo(s);
+ }
+
+ if (s->r[R_CR] & UART_CR_STARTBRK && !(s->r[R_CR] & UART_CR_STOPBRK)) {
+ uart_send_breaks(s);
+ }
+}
+
+static void uart_write_rx_fifo(void *opaque, const uint8_t *buf, int size)
+{
+ UartState *s = (UartState *)opaque;
+ uint64_t new_rx_time = qemu_get_clock_ns(vm_clock);
+ int i;
+
+ if ((s->r[R_CR] & UART_CR_RX_DIS) || !(s->r[R_CR] & UART_CR_RX_EN)) {
+ return;
+ }
+
+ s->r[R_SR] &= ~UART_SR_INTR_REMPTY;
+
+ if (s->rx_count == RX_FIFO_SIZE) {
+ s->r[R_CISR] |= UART_INTR_ROVR;
+ } else {
+ for (i = 0; i < size; i++) {
+ s->r_fifo[s->rx_wpos] = buf[i];
+ s->rx_wpos = (s->rx_wpos + 1) % RX_FIFO_SIZE;
+ s->rx_count++;
+
+ if (s->rx_count == RX_FIFO_SIZE) {
+ s->r[R_SR] |= UART_SR_INTR_RFUL;
+ break;
+ }
+
+ if (s->rx_count >= s->r[R_RTRIG]) {
+ s->r[R_SR] |= UART_SR_INTR_RTRIG;
+ }
+ }
+ qemu_mod_timer(s->fifo_trigger_handle, new_rx_time +
+ (s->char_tx_time * 4));
+ }
+ uart_update_status(s);
+}
+
+static void uart_write_tx_fifo(UartState *s, const uint8_t *buf, int size)
+{
+ if ((s->r[R_CR] & UART_CR_TX_DIS) || !(s->r[R_CR] & UART_CR_TX_EN)) {
+ return;
+ }
+
+ qemu_chr_fe_write_all(s->chr, buf, size);
+}
+
+static void uart_receive(void *opaque, const uint8_t *buf, int size)
+{
+ UartState *s = (UartState *)opaque;
+ uint32_t ch_mode = s->r[R_MR] & UART_MR_CHMODE;
+
+ if (ch_mode == NORMAL_MODE || ch_mode == ECHO_MODE) {
+ uart_write_rx_fifo(opaque, buf, size);
+ }
+ if (ch_mode == REMOTE_LOOPBACK || ch_mode == ECHO_MODE) {
+ uart_write_tx_fifo(s, buf, size);
+ }
+}
+
+static void uart_event(void *opaque, int event)
+{
+ UartState *s = (UartState *)opaque;
+ uint8_t buf = '\0';
+
+ if (event == CHR_EVENT_BREAK) {
+ uart_write_rx_fifo(opaque, &buf, 1);
+ }
+
+ uart_update_status(s);
+}
+
+static void uart_read_rx_fifo(UartState *s, uint32_t *c)
+{
+ if ((s->r[R_CR] & UART_CR_RX_DIS) || !(s->r[R_CR] & UART_CR_RX_EN)) {
+ return;
+ }
+
+ s->r[R_SR] &= ~UART_SR_INTR_RFUL;
+
+ if (s->rx_count) {
+ uint32_t rx_rpos =
+ (RX_FIFO_SIZE + s->rx_wpos - s->rx_count) % RX_FIFO_SIZE;
+ *c = s->r_fifo[rx_rpos];
+ s->rx_count--;
+
+ if (!s->rx_count) {
+ s->r[R_SR] |= UART_SR_INTR_REMPTY;
+ }
+ qemu_chr_accept_input(s->chr);
+ } else {
+ *c = 0;
+ s->r[R_SR] |= UART_SR_INTR_REMPTY;
+ }
+
+ if (s->rx_count < s->r[R_RTRIG]) {
+ s->r[R_SR] &= ~UART_SR_INTR_RTRIG;
+ }
+ uart_update_status(s);
+}
+
+static void uart_write(void *opaque, hwaddr offset,
+ uint64_t value, unsigned size)
+{
+ UartState *s = (UartState *)opaque;
+
+ DB_PRINT(" offset:%x data:%08x\n", (unsigned)offset, (unsigned)value);
+ offset >>= 2;
+ switch (offset) {
+ case R_IER: /* ier (wts imr) */
+ s->r[R_IMR] |= value;
+ break;
+ case R_IDR: /* idr (wtc imr) */
+ s->r[R_IMR] &= ~value;
+ break;
+ case R_IMR: /* imr (read only) */
+ break;
+ case R_CISR: /* cisr (wtc) */
+ s->r[R_CISR] &= ~value;
+ break;
+ case R_TX_RX: /* UARTDR */
+ switch (s->r[R_MR] & UART_MR_CHMODE) {
+ case NORMAL_MODE:
+ uart_write_tx_fifo(s, (uint8_t *) &value, 1);
+ break;
+ case LOCAL_LOOPBACK:
+ uart_write_rx_fifo(opaque, (uint8_t *) &value, 1);
+ break;
+ }
+ break;
+ default:
+ s->r[offset] = value;
+ }
+
+ switch (offset) {
+ case R_CR:
+ uart_ctrl_update(s);
+ break;
+ case R_MR:
+ uart_parameters_setup(s);
+ break;
+ }
+}
+
+static uint64_t uart_read(void *opaque, hwaddr offset,
+ unsigned size)
+{
+ UartState *s = (UartState *)opaque;
+ uint32_t c = 0;
+
+ offset >>= 2;
+ if (offset >= R_MAX) {
+ c = 0;
+ } else if (offset == R_TX_RX) {
+ uart_read_rx_fifo(s, &c);
+ } else {
+ c = s->r[offset];
+ }
+
+ DB_PRINT(" offset:%x data:%08x\n", (unsigned)(offset << 2), (unsigned)c);
+ return c;
+}
+
+static const MemoryRegionOps uart_ops = {
+ .read = uart_read,
+ .write = uart_write,
+ .endianness = DEVICE_NATIVE_ENDIAN,
+};
+
+static void cadence_uart_reset(UartState *s)
+{
+ s->r[R_CR] = 0x00000128;
+ s->r[R_IMR] = 0;
+ s->r[R_CISR] = 0;
+ s->r[R_RTRIG] = 0x00000020;
+ s->r[R_BRGR] = 0x0000000F;
+ s->r[R_TTRIG] = 0x00000020;
+
+ uart_rx_reset(s);
+ uart_tx_reset(s);
+
+ s->rx_count = 0;
+ s->rx_wpos = 0;
+}
+
+static int cadence_uart_init(SysBusDevice *dev)
+{
+ UartState *s = CADENCE_UART(dev);
+
+ memory_region_init_io(&s->iomem, OBJECT(s), &uart_ops, s, "uart", 0x1000);
+ sysbus_init_mmio(dev, &s->iomem);
+ sysbus_init_irq(dev, &s->irq);
+
+ s->fifo_trigger_handle = qemu_new_timer_ns(vm_clock,
+ (QEMUTimerCB *)fifo_trigger_update, s);
+
+ s->tx_time_handle = qemu_new_timer_ns(vm_clock,
+ (QEMUTimerCB *)uart_tx_write, s);
+
+ s->char_tx_time = (get_ticks_per_sec() / 9600) * 10;
+
+ s->chr = qemu_char_get_next_serial();
+
+ cadence_uart_reset(s);
+
+ if (s->chr) {
+ qemu_chr_add_handlers(s->chr, uart_can_receive, uart_receive,
+ uart_event, s);
+ }
+
+ return 0;
+}
+
+static int cadence_uart_post_load(void *opaque, int version_id)
+{
+ UartState *s = opaque;
+
+ uart_parameters_setup(s);
+ uart_update_status(s);
+ return 0;
+}
+
+static const VMStateDescription vmstate_cadence_uart = {
+ .name = "cadence_uart",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .minimum_version_id_old = 1,
+ .post_load = cadence_uart_post_load,
+ .fields = (VMStateField[]) {
+ VMSTATE_UINT32_ARRAY(r, UartState, R_MAX),
+ VMSTATE_UINT8_ARRAY(r_fifo, UartState, RX_FIFO_SIZE),
+ VMSTATE_UINT32(rx_count, UartState),
+ VMSTATE_UINT32(rx_wpos, UartState),
+ VMSTATE_TIMER(fifo_trigger_handle, UartState),
+ VMSTATE_TIMER(tx_time_handle, UartState),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+static void cadence_uart_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ SysBusDeviceClass *sdc = SYS_BUS_DEVICE_CLASS(klass);
+
+ sdc->init = cadence_uart_init;
+ dc->vmsd = &vmstate_cadence_uart;
+}
+
+static const TypeInfo cadence_uart_info = {
+ .name = TYPE_CADENCE_UART,
+ .parent = TYPE_SYS_BUS_DEVICE,
+ .instance_size = sizeof(UartState),
+ .class_init = cadence_uart_class_init,
+};
+
+static void cadence_uart_register_types(void)
+{
+ type_register_static(&cadence_uart_info);
+}
+
+type_init(cadence_uart_register_types)
diff --git a/hw/char/debugcon.c b/hw/char/debugcon.c
new file mode 100644
index 000000000..02d0d57a7
--- /dev/null
+++ b/hw/char/debugcon.c
@@ -0,0 +1,140 @@
+/*
+ * QEMU Bochs-style debug console ("port E9") emulation
+ *
+ * Copyright (c) 2003-2004 Fabrice Bellard
+ * Copyright (c) 2008 Citrix Systems, Inc.
+ * Copyright (c) Intel Corporation; author: H. Peter Anvin
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+#include "hw/hw.h"
+#include "sysemu/char.h"
+#include "hw/isa/isa.h"
+#include "hw/i386/pc.h"
+
+#define TYPE_ISA_DEBUGCON_DEVICE "isa-debugcon"
+#define ISA_DEBUGCON_DEVICE(obj) \
+ OBJECT_CHECK(ISADebugconState, (obj), TYPE_ISA_DEBUGCON_DEVICE)
+
+//#define DEBUG_DEBUGCON
+
+typedef struct DebugconState {
+ MemoryRegion io;
+ CharDriverState *chr;
+ uint32_t readback;
+} DebugconState;
+
+typedef struct ISADebugconState {
+ ISADevice parent_obj;
+
+ uint32_t iobase;
+ DebugconState state;
+} ISADebugconState;
+
+static void debugcon_ioport_write(void *opaque, hwaddr addr, uint64_t val,
+ unsigned width)
+{
+ DebugconState *s = opaque;
+ unsigned char ch = val;
+
+#ifdef DEBUG_DEBUGCON
+ printf(" [debugcon: write addr=0x%04" HWADDR_PRIx " val=0x%02" PRIx64 "]\n", addr, val);
+#endif
+
+ qemu_chr_fe_write(s->chr, &ch, 1);
+}
+
+
+static uint64_t debugcon_ioport_read(void *opaque, hwaddr addr, unsigned width)
+{
+ DebugconState *s = opaque;
+
+#ifdef DEBUG_DEBUGCON
+ printf("debugcon: read addr=0x%04" HWADDR_PRIx "\n", addr);
+#endif
+
+ return s->readback;
+}
+
+static const MemoryRegionOps debugcon_ops = {
+ .read = debugcon_ioport_read,
+ .write = debugcon_ioport_write,
+ .valid.min_access_size = 1,
+ .valid.max_access_size = 1,
+ .endianness = DEVICE_LITTLE_ENDIAN,
+};
+
+static void debugcon_realize_core(DebugconState *s, Error **errp)
+{
+ if (!s->chr) {
+ error_setg(errp, "Can't create debugcon device, empty char device");
+ return;
+ }
+
+ qemu_chr_add_handlers(s->chr, NULL, NULL, NULL, s);
+}
+
+static void debugcon_isa_realizefn(DeviceState *dev, Error **errp)
+{
+ ISADevice *d = ISA_DEVICE(dev);
+ ISADebugconState *isa = ISA_DEBUGCON_DEVICE(dev);
+ DebugconState *s = &isa->state;
+ Error *err = NULL;
+
+ debugcon_realize_core(s, &err);
+ if (err != NULL) {
+ error_propagate(errp, err);
+ return;
+ }
+ memory_region_init_io(&s->io, OBJECT(dev), &debugcon_ops, s,
+ TYPE_ISA_DEBUGCON_DEVICE, 1);
+ memory_region_add_subregion(isa_address_space_io(d),
+ isa->iobase, &s->io);
+}
+
+static Property debugcon_isa_properties[] = {
+ DEFINE_PROP_HEX32("iobase", ISADebugconState, iobase, 0xe9),
+ DEFINE_PROP_CHR("chardev", ISADebugconState, state.chr),
+ DEFINE_PROP_HEX32("readback", ISADebugconState, state.readback, 0xe9),
+ DEFINE_PROP_END_OF_LIST(),
+};
+
+static void debugcon_isa_class_initfn(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+
+ dc->realize = debugcon_isa_realizefn;
+ dc->props = debugcon_isa_properties;
+ set_bit(DEVICE_CATEGORY_MISC, dc->categories);
+}
+
+static const TypeInfo debugcon_isa_info = {
+ .name = TYPE_ISA_DEBUGCON_DEVICE,
+ .parent = TYPE_ISA_DEVICE,
+ .instance_size = sizeof(ISADebugconState),
+ .class_init = debugcon_isa_class_initfn,
+};
+
+static void debugcon_register_types(void)
+{
+ type_register_static(&debugcon_isa_info);
+}
+
+type_init(debugcon_register_types)
diff --git a/hw/char/escc.c b/hw/char/escc.c
new file mode 100644
index 000000000..6397f6f28
--- /dev/null
+++ b/hw/char/escc.c
@@ -0,0 +1,941 @@
+/*
+ * QEMU ESCC (Z8030/Z8530/Z85C30/SCC/ESCC) serial port emulation
+ *
+ * Copyright (c) 2003-2005 Fabrice Bellard
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+#include "hw/hw.h"
+#include "hw/sysbus.h"
+#include "hw/char/escc.h"
+#include "sysemu/char.h"
+#include "ui/console.h"
+#include "trace.h"
+
+/*
+ * Chipset docs:
+ * "Z80C30/Z85C30/Z80230/Z85230/Z85233 SCC/ESCC User Manual",
+ * http://www.zilog.com/docs/serial/scc_escc_um.pdf
+ *
+ * On Sparc32 this is the serial port, mouse and keyboard part of chip STP2001
+ * (Slave I/O), also produced as NCR89C105. See
+ * http://www.ibiblio.org/pub/historic-linux/early-ports/Sparc/NCR/NCR89C105.txt
+ *
+ * The serial ports implement full AMD AM8530 or Zilog Z8530 chips,
+ * mouse and keyboard ports don't implement all functions and they are
+ * only asynchronous. There is no DMA.
+ *
+ * Z85C30 is also used on PowerMacs. There are some small differences
+ * between Sparc version (sunzilog) and PowerMac (pmac):
+ * Offset between control and data registers
+ * There is some kind of lockup bug, but we can ignore it
+ * CTS is inverted
+ * DMA on pmac using DBDMA chip
+ * pmac can do IRDA and faster rates, sunzilog can only do 38400
+ * pmac baud rate generator clock is 3.6864 MHz, sunzilog 4.9152 MHz
+ */
+
+/*
+ * Modifications:
+ * 2006-Aug-10 Igor Kovalenko : Renamed KBDQueue to SERIOQueue, implemented
+ * serial mouse queue.
+ * Implemented serial mouse protocol.
+ *
+ * 2010-May-23 Artyom Tarasenko: Reworked IUS logic
+ */
+
+typedef enum {
+ chn_a, chn_b,
+} ChnID;
+
+#define CHN_C(s) ((s)->chn == chn_b? 'b' : 'a')
+
+typedef enum {
+ ser, kbd, mouse,
+} ChnType;
+
+#define SERIO_QUEUE_SIZE 256
+
+typedef struct {
+ uint8_t data[SERIO_QUEUE_SIZE];
+ int rptr, wptr, count;
+} SERIOQueue;
+
+#define SERIAL_REGS 16
+typedef struct ChannelState {
+ qemu_irq irq;
+ uint32_t rxint, txint, rxint_under_svc, txint_under_svc;
+ struct ChannelState *otherchn;
+ uint32_t reg;
+ uint8_t wregs[SERIAL_REGS], rregs[SERIAL_REGS];
+ SERIOQueue queue;
+ CharDriverState *chr;
+ int e0_mode, led_mode, caps_lock_mode, num_lock_mode;
+ int disabled;
+ int clock;
+ uint32_t vmstate_dummy;
+ ChnID chn; // this channel, A (base+4) or B (base+0)
+ ChnType type;
+ uint8_t rx, tx;
+} ChannelState;
+
+#define ESCC(obj) OBJECT_CHECK(ESCCState, (obj), TYPE_ESCC)
+
+typedef struct ESCCState {
+ SysBusDevice parent_obj;
+
+ struct ChannelState chn[2];
+ uint32_t it_shift;
+ MemoryRegion mmio;
+ uint32_t disabled;
+ uint32_t frequency;
+} ESCCState;
+
+#define SERIAL_CTRL 0
+#define SERIAL_DATA 1
+
+#define W_CMD 0
+#define CMD_PTR_MASK 0x07
+#define CMD_CMD_MASK 0x38
+#define CMD_HI 0x08
+#define CMD_CLR_TXINT 0x28
+#define CMD_CLR_IUS 0x38
+#define W_INTR 1
+#define INTR_INTALL 0x01
+#define INTR_TXINT 0x02
+#define INTR_RXMODEMSK 0x18
+#define INTR_RXINT1ST 0x08
+#define INTR_RXINTALL 0x10
+#define W_IVEC 2
+#define W_RXCTRL 3
+#define RXCTRL_RXEN 0x01
+#define W_TXCTRL1 4
+#define TXCTRL1_PAREN 0x01
+#define TXCTRL1_PAREV 0x02
+#define TXCTRL1_1STOP 0x04
+#define TXCTRL1_1HSTOP 0x08
+#define TXCTRL1_2STOP 0x0c
+#define TXCTRL1_STPMSK 0x0c
+#define TXCTRL1_CLK1X 0x00
+#define TXCTRL1_CLK16X 0x40
+#define TXCTRL1_CLK32X 0x80
+#define TXCTRL1_CLK64X 0xc0
+#define TXCTRL1_CLKMSK 0xc0
+#define W_TXCTRL2 5
+#define TXCTRL2_TXEN 0x08
+#define TXCTRL2_BITMSK 0x60
+#define TXCTRL2_5BITS 0x00
+#define TXCTRL2_7BITS 0x20
+#define TXCTRL2_6BITS 0x40
+#define TXCTRL2_8BITS 0x60
+#define W_SYNC1 6
+#define W_SYNC2 7
+#define W_TXBUF 8
+#define W_MINTR 9
+#define MINTR_STATUSHI 0x10
+#define MINTR_RST_MASK 0xc0
+#define MINTR_RST_B 0x40
+#define MINTR_RST_A 0x80
+#define MINTR_RST_ALL 0xc0
+#define W_MISC1 10
+#define W_CLOCK 11
+#define CLOCK_TRXC 0x08
+#define W_BRGLO 12
+#define W_BRGHI 13
+#define W_MISC2 14
+#define MISC2_PLLDIS 0x30
+#define W_EXTINT 15
+#define EXTINT_DCD 0x08
+#define EXTINT_SYNCINT 0x10
+#define EXTINT_CTSINT 0x20
+#define EXTINT_TXUNDRN 0x40
+#define EXTINT_BRKINT 0x80
+
+#define R_STATUS 0
+#define STATUS_RXAV 0x01
+#define STATUS_ZERO 0x02
+#define STATUS_TXEMPTY 0x04
+#define STATUS_DCD 0x08
+#define STATUS_SYNC 0x10
+#define STATUS_CTS 0x20
+#define STATUS_TXUNDRN 0x40
+#define STATUS_BRK 0x80
+#define R_SPEC 1
+#define SPEC_ALLSENT 0x01
+#define SPEC_BITS8 0x06
+#define R_IVEC 2
+#define IVEC_TXINTB 0x00
+#define IVEC_LONOINT 0x06
+#define IVEC_LORXINTA 0x0c
+#define IVEC_LORXINTB 0x04
+#define IVEC_LOTXINTA 0x08
+#define IVEC_HINOINT 0x60
+#define IVEC_HIRXINTA 0x30
+#define IVEC_HIRXINTB 0x20
+#define IVEC_HITXINTA 0x10
+#define R_INTR 3
+#define INTR_EXTINTB 0x01
+#define INTR_TXINTB 0x02
+#define INTR_RXINTB 0x04
+#define INTR_EXTINTA 0x08
+#define INTR_TXINTA 0x10
+#define INTR_RXINTA 0x20
+#define R_IPEN 4
+#define R_TXCTRL1 5
+#define R_TXCTRL2 6
+#define R_BC 7
+#define R_RXBUF 8
+#define R_RXCTRL 9
+#define R_MISC 10
+#define R_MISC1 11
+#define R_BRGLO 12
+#define R_BRGHI 13
+#define R_MISC1I 14
+#define R_EXTINT 15
+
+static void handle_kbd_command(ChannelState *s, int val);
+static int serial_can_receive(void *opaque);
+static void serial_receive_byte(ChannelState *s, int ch);
+
+static void clear_queue(void *opaque)
+{
+ ChannelState *s = opaque;
+ SERIOQueue *q = &s->queue;
+ q->rptr = q->wptr = q->count = 0;
+}
+
+static void put_queue(void *opaque, int b)
+{
+ ChannelState *s = opaque;
+ SERIOQueue *q = &s->queue;
+
+ trace_escc_put_queue(CHN_C(s), b);
+ if (q->count >= SERIO_QUEUE_SIZE)
+ return;
+ q->data[q->wptr] = b;
+ if (++q->wptr == SERIO_QUEUE_SIZE)
+ q->wptr = 0;
+ q->count++;
+ serial_receive_byte(s, 0);
+}
+
+static uint32_t get_queue(void *opaque)
+{
+ ChannelState *s = opaque;
+ SERIOQueue *q = &s->queue;
+ int val;
+
+ if (q->count == 0) {
+ return 0;
+ } else {
+ val = q->data[q->rptr];
+ if (++q->rptr == SERIO_QUEUE_SIZE)
+ q->rptr = 0;
+ q->count--;
+ }
+ trace_escc_get_queue(CHN_C(s), val);
+ if (q->count > 0)
+ serial_receive_byte(s, 0);
+ return val;
+}
+
+static int escc_update_irq_chn(ChannelState *s)
+{
+ if ((((s->wregs[W_INTR] & INTR_TXINT) && (s->txint == 1)) ||
+ // tx ints enabled, pending
+ ((((s->wregs[W_INTR] & INTR_RXMODEMSK) == INTR_RXINT1ST) ||
+ ((s->wregs[W_INTR] & INTR_RXMODEMSK) == INTR_RXINTALL)) &&
+ s->rxint == 1) || // rx ints enabled, pending
+ ((s->wregs[W_EXTINT] & EXTINT_BRKINT) &&
+ (s->rregs[R_STATUS] & STATUS_BRK)))) { // break int e&p
+ return 1;
+ }
+ return 0;
+}
+
+static void escc_update_irq(ChannelState *s)
+{
+ int irq;
+
+ irq = escc_update_irq_chn(s);
+ irq |= escc_update_irq_chn(s->otherchn);
+
+ trace_escc_update_irq(irq);
+ qemu_set_irq(s->irq, irq);
+}
+
+static void escc_reset_chn(ChannelState *s)
+{
+ int i;
+
+ s->reg = 0;
+ for (i = 0; i < SERIAL_REGS; i++) {
+ s->rregs[i] = 0;
+ s->wregs[i] = 0;
+ }
+ s->wregs[W_TXCTRL1] = TXCTRL1_1STOP; // 1X divisor, 1 stop bit, no parity
+ s->wregs[W_MINTR] = MINTR_RST_ALL;
+ s->wregs[W_CLOCK] = CLOCK_TRXC; // Synch mode tx clock = TRxC
+ s->wregs[W_MISC2] = MISC2_PLLDIS; // PLL disabled
+ s->wregs[W_EXTINT] = EXTINT_DCD | EXTINT_SYNCINT | EXTINT_CTSINT |
+ EXTINT_TXUNDRN | EXTINT_BRKINT; // Enable most interrupts
+ if (s->disabled)
+ s->rregs[R_STATUS] = STATUS_TXEMPTY | STATUS_DCD | STATUS_SYNC |
+ STATUS_CTS | STATUS_TXUNDRN;
+ else
+ s->rregs[R_STATUS] = STATUS_TXEMPTY | STATUS_TXUNDRN;
+ s->rregs[R_SPEC] = SPEC_BITS8 | SPEC_ALLSENT;
+
+ s->rx = s->tx = 0;
+ s->rxint = s->txint = 0;
+ s->rxint_under_svc = s->txint_under_svc = 0;
+ s->e0_mode = s->led_mode = s->caps_lock_mode = s->num_lock_mode = 0;
+ clear_queue(s);
+}
+
+static void escc_reset(DeviceState *d)
+{
+ ESCCState *s = ESCC(d);
+
+ escc_reset_chn(&s->chn[0]);
+ escc_reset_chn(&s->chn[1]);
+}
+
+static inline void set_rxint(ChannelState *s)
+{
+ s->rxint = 1;
+ /* XXX: missing daisy chainnig: chn_b rx should have a lower priority
+ than chn_a rx/tx/special_condition service*/
+ s->rxint_under_svc = 1;
+ if (s->chn == chn_a) {
+ s->rregs[R_INTR] |= INTR_RXINTA;
+ if (s->wregs[W_MINTR] & MINTR_STATUSHI)
+ s->otherchn->rregs[R_IVEC] = IVEC_HIRXINTA;
+ else
+ s->otherchn->rregs[R_IVEC] = IVEC_LORXINTA;
+ } else {
+ s->otherchn->rregs[R_INTR] |= INTR_RXINTB;
+ if (s->wregs[W_MINTR] & MINTR_STATUSHI)
+ s->rregs[R_IVEC] = IVEC_HIRXINTB;
+ else
+ s->rregs[R_IVEC] = IVEC_LORXINTB;
+ }
+ escc_update_irq(s);
+}
+
+static inline void set_txint(ChannelState *s)
+{
+ s->txint = 1;
+ if (!s->rxint_under_svc) {
+ s->txint_under_svc = 1;
+ if (s->chn == chn_a) {
+ if (s->wregs[W_INTR] & INTR_TXINT) {
+ s->rregs[R_INTR] |= INTR_TXINTA;
+ }
+ if (s->wregs[W_MINTR] & MINTR_STATUSHI)
+ s->otherchn->rregs[R_IVEC] = IVEC_HITXINTA;
+ else
+ s->otherchn->rregs[R_IVEC] = IVEC_LOTXINTA;
+ } else {
+ s->rregs[R_IVEC] = IVEC_TXINTB;
+ if (s->wregs[W_INTR] & INTR_TXINT) {
+ s->otherchn->rregs[R_INTR] |= INTR_TXINTB;
+ }
+ }
+ escc_update_irq(s);
+ }
+}
+
+static inline void clr_rxint(ChannelState *s)
+{
+ s->rxint = 0;
+ s->rxint_under_svc = 0;
+ if (s->chn == chn_a) {
+ if (s->wregs[W_MINTR] & MINTR_STATUSHI)
+ s->otherchn->rregs[R_IVEC] = IVEC_HINOINT;
+ else
+ s->otherchn->rregs[R_IVEC] = IVEC_LONOINT;
+ s->rregs[R_INTR] &= ~INTR_RXINTA;
+ } else {
+ if (s->wregs[W_MINTR] & MINTR_STATUSHI)
+ s->rregs[R_IVEC] = IVEC_HINOINT;
+ else
+ s->rregs[R_IVEC] = IVEC_LONOINT;
+ s->otherchn->rregs[R_INTR] &= ~INTR_RXINTB;
+ }
+ if (s->txint)
+ set_txint(s);
+ escc_update_irq(s);
+}
+
+static inline void clr_txint(ChannelState *s)
+{
+ s->txint = 0;
+ s->txint_under_svc = 0;
+ if (s->chn == chn_a) {
+ if (s->wregs[W_MINTR] & MINTR_STATUSHI)
+ s->otherchn->rregs[R_IVEC] = IVEC_HINOINT;
+ else
+ s->otherchn->rregs[R_IVEC] = IVEC_LONOINT;
+ s->rregs[R_INTR] &= ~INTR_TXINTA;
+ } else {
+ s->otherchn->rregs[R_INTR] &= ~INTR_TXINTB;
+ if (s->wregs[W_MINTR] & MINTR_STATUSHI)
+ s->rregs[R_IVEC] = IVEC_HINOINT;
+ else
+ s->rregs[R_IVEC] = IVEC_LONOINT;
+ s->otherchn->rregs[R_INTR] &= ~INTR_TXINTB;
+ }
+ if (s->rxint)
+ set_rxint(s);
+ escc_update_irq(s);
+}
+
+static void escc_update_parameters(ChannelState *s)
+{
+ int speed, parity, data_bits, stop_bits;
+ QEMUSerialSetParams ssp;
+
+ if (!s->chr || s->type != ser)
+ return;
+
+ if (s->wregs[W_TXCTRL1] & TXCTRL1_PAREN) {
+ if (s->wregs[W_TXCTRL1] & TXCTRL1_PAREV)
+ parity = 'E';
+ else
+ parity = 'O';
+ } else {
+ parity = 'N';
+ }
+ if ((s->wregs[W_TXCTRL1] & TXCTRL1_STPMSK) == TXCTRL1_2STOP)
+ stop_bits = 2;
+ else
+ stop_bits = 1;
+ switch (s->wregs[W_TXCTRL2] & TXCTRL2_BITMSK) {
+ case TXCTRL2_5BITS:
+ data_bits = 5;
+ break;
+ case TXCTRL2_7BITS:
+ data_bits = 7;
+ break;
+ case TXCTRL2_6BITS:
+ data_bits = 6;
+ break;
+ default:
+ case TXCTRL2_8BITS:
+ data_bits = 8;
+ break;
+ }
+ speed = s->clock / ((s->wregs[W_BRGLO] | (s->wregs[W_BRGHI] << 8)) + 2);
+ switch (s->wregs[W_TXCTRL1] & TXCTRL1_CLKMSK) {
+ case TXCTRL1_CLK1X:
+ break;
+ case TXCTRL1_CLK16X:
+ speed /= 16;
+ break;
+ case TXCTRL1_CLK32X:
+ speed /= 32;
+ break;
+ default:
+ case TXCTRL1_CLK64X:
+ speed /= 64;
+ break;
+ }
+ ssp.speed = speed;
+ ssp.parity = parity;
+ ssp.data_bits = data_bits;
+ ssp.stop_bits = stop_bits;
+ trace_escc_update_parameters(CHN_C(s), speed, parity, data_bits, stop_bits);
+ qemu_chr_fe_ioctl(s->chr, CHR_IOCTL_SERIAL_SET_PARAMS, &ssp);
+}
+
+static void escc_mem_write(void *opaque, hwaddr addr,
+ uint64_t val, unsigned size)
+{
+ ESCCState *serial = opaque;
+ ChannelState *s;
+ uint32_t saddr;
+ int newreg, channel;
+
+ val &= 0xff;
+ saddr = (addr >> serial->it_shift) & 1;
+ channel = (addr >> (serial->it_shift + 1)) & 1;
+ s = &serial->chn[channel];
+ switch (saddr) {
+ case SERIAL_CTRL:
+ trace_escc_mem_writeb_ctrl(CHN_C(s), s->reg, val & 0xff);
+ newreg = 0;
+ switch (s->reg) {
+ case W_CMD:
+ newreg = val & CMD_PTR_MASK;
+ val &= CMD_CMD_MASK;
+ switch (val) {
+ case CMD_HI:
+ newreg |= CMD_HI;
+ break;
+ case CMD_CLR_TXINT:
+ clr_txint(s);
+ break;
+ case CMD_CLR_IUS:
+ if (s->rxint_under_svc) {
+ s->rxint_under_svc = 0;
+ if (s->txint) {
+ set_txint(s);
+ }
+ } else if (s->txint_under_svc) {
+ s->txint_under_svc = 0;
+ }
+ escc_update_irq(s);
+ break;
+ default:
+ break;
+ }
+ break;
+ case W_INTR ... W_RXCTRL:
+ case W_SYNC1 ... W_TXBUF:
+ case W_MISC1 ... W_CLOCK:
+ case W_MISC2 ... W_EXTINT:
+ s->wregs[s->reg] = val;
+ break;
+ case W_TXCTRL1:
+ case W_TXCTRL2:
+ s->wregs[s->reg] = val;
+ escc_update_parameters(s);
+ break;
+ case W_BRGLO:
+ case W_BRGHI:
+ s->wregs[s->reg] = val;
+ s->rregs[s->reg] = val;
+ escc_update_parameters(s);
+ break;
+ case W_MINTR:
+ switch (val & MINTR_RST_MASK) {
+ case 0:
+ default:
+ break;
+ case MINTR_RST_B:
+ escc_reset_chn(&serial->chn[0]);
+ return;
+ case MINTR_RST_A:
+ escc_reset_chn(&serial->chn[1]);
+ return;
+ case MINTR_RST_ALL:
+ escc_reset(DEVICE(serial));
+ return;
+ }
+ break;
+ default:
+ break;
+ }
+ if (s->reg == 0)
+ s->reg = newreg;
+ else
+ s->reg = 0;
+ break;
+ case SERIAL_DATA:
+ trace_escc_mem_writeb_data(CHN_C(s), val);
+ s->tx = val;
+ if (s->wregs[W_TXCTRL2] & TXCTRL2_TXEN) { // tx enabled
+ if (s->chr)
+ qemu_chr_fe_write(s->chr, &s->tx, 1);
+ else if (s->type == kbd && !s->disabled) {
+ handle_kbd_command(s, val);
+ }
+ }
+ s->rregs[R_STATUS] |= STATUS_TXEMPTY; // Tx buffer empty
+ s->rregs[R_SPEC] |= SPEC_ALLSENT; // All sent
+ set_txint(s);
+ break;
+ default:
+ break;
+ }
+}
+
+static uint64_t escc_mem_read(void *opaque, hwaddr addr,
+ unsigned size)
+{
+ ESCCState *serial = opaque;
+ ChannelState *s;
+ uint32_t saddr;
+ uint32_t ret;
+ int channel;
+
+ saddr = (addr >> serial->it_shift) & 1;
+ channel = (addr >> (serial->it_shift + 1)) & 1;
+ s = &serial->chn[channel];
+ switch (saddr) {
+ case SERIAL_CTRL:
+ trace_escc_mem_readb_ctrl(CHN_C(s), s->reg, s->rregs[s->reg]);
+ ret = s->rregs[s->reg];
+ s->reg = 0;
+ return ret;
+ case SERIAL_DATA:
+ s->rregs[R_STATUS] &= ~STATUS_RXAV;
+ clr_rxint(s);
+ if (s->type == kbd || s->type == mouse)
+ ret = get_queue(s);
+ else
+ ret = s->rx;
+ trace_escc_mem_readb_data(CHN_C(s), ret);
+ if (s->chr)
+ qemu_chr_accept_input(s->chr);
+ return ret;
+ default:
+ break;
+ }
+ return 0;
+}
+
+static const MemoryRegionOps escc_mem_ops = {
+ .read = escc_mem_read,
+ .write = escc_mem_write,
+ .endianness = DEVICE_NATIVE_ENDIAN,
+ .valid = {
+ .min_access_size = 1,
+ .max_access_size = 1,
+ },
+};
+
+static int serial_can_receive(void *opaque)
+{
+ ChannelState *s = opaque;
+ int ret;
+
+ if (((s->wregs[W_RXCTRL] & RXCTRL_RXEN) == 0) // Rx not enabled
+ || ((s->rregs[R_STATUS] & STATUS_RXAV) == STATUS_RXAV))
+ // char already available
+ ret = 0;
+ else
+ ret = 1;
+ return ret;
+}
+
+static void serial_receive_byte(ChannelState *s, int ch)
+{
+ trace_escc_serial_receive_byte(CHN_C(s), ch);
+ s->rregs[R_STATUS] |= STATUS_RXAV;
+ s->rx = ch;
+ set_rxint(s);
+}
+
+static void serial_receive_break(ChannelState *s)
+{
+ s->rregs[R_STATUS] |= STATUS_BRK;
+ escc_update_irq(s);
+}
+
+static void serial_receive1(void *opaque, const uint8_t *buf, int size)
+{
+ ChannelState *s = opaque;
+ serial_receive_byte(s, buf[0]);
+}
+
+static void serial_event(void *opaque, int event)
+{
+ ChannelState *s = opaque;
+ if (event == CHR_EVENT_BREAK)
+ serial_receive_break(s);
+}
+
+static const VMStateDescription vmstate_escc_chn = {
+ .name ="escc_chn",
+ .version_id = 2,
+ .minimum_version_id = 1,
+ .minimum_version_id_old = 1,
+ .fields = (VMStateField []) {
+ VMSTATE_UINT32(vmstate_dummy, ChannelState),
+ VMSTATE_UINT32(reg, ChannelState),
+ VMSTATE_UINT32(rxint, ChannelState),
+ VMSTATE_UINT32(txint, ChannelState),
+ VMSTATE_UINT32(rxint_under_svc, ChannelState),
+ VMSTATE_UINT32(txint_under_svc, ChannelState),
+ VMSTATE_UINT8(rx, ChannelState),
+ VMSTATE_UINT8(tx, ChannelState),
+ VMSTATE_BUFFER(wregs, ChannelState),
+ VMSTATE_BUFFER(rregs, ChannelState),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+static const VMStateDescription vmstate_escc = {
+ .name ="escc",
+ .version_id = 2,
+ .minimum_version_id = 1,
+ .minimum_version_id_old = 1,
+ .fields = (VMStateField []) {
+ VMSTATE_STRUCT_ARRAY(chn, ESCCState, 2, 2, vmstate_escc_chn,
+ ChannelState),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+MemoryRegion *escc_init(hwaddr base, qemu_irq irqA, qemu_irq irqB,
+ CharDriverState *chrA, CharDriverState *chrB,
+ int clock, int it_shift)
+{
+ DeviceState *dev;
+ SysBusDevice *s;
+ ESCCState *d;
+
+ dev = qdev_create(NULL, TYPE_ESCC);
+ qdev_prop_set_uint32(dev, "disabled", 0);
+ qdev_prop_set_uint32(dev, "frequency", clock);
+ qdev_prop_set_uint32(dev, "it_shift", it_shift);
+ qdev_prop_set_chr(dev, "chrB", chrB);
+ qdev_prop_set_chr(dev, "chrA", chrA);
+ qdev_prop_set_uint32(dev, "chnBtype", ser);
+ qdev_prop_set_uint32(dev, "chnAtype", ser);
+ qdev_init_nofail(dev);
+ s = SYS_BUS_DEVICE(dev);
+ sysbus_connect_irq(s, 0, irqB);
+ sysbus_connect_irq(s, 1, irqA);
+ if (base) {
+ sysbus_mmio_map(s, 0, base);
+ }
+
+ d = ESCC(s);
+ return &d->mmio;
+}
+
+static const uint8_t keycodes[128] = {
+ 127, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 43, 53,
+ 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 89, 76, 77, 78,
+ 79, 80, 81, 82, 83, 84, 85, 86, 87, 42, 99, 88, 100, 101, 102, 103,
+ 104, 105, 106, 107, 108, 109, 110, 47, 19, 121, 119, 5, 6, 8, 10, 12,
+ 14, 16, 17, 18, 7, 98, 23, 68, 69, 70, 71, 91, 92, 93, 125, 112,
+ 113, 114, 94, 50, 0, 0, 124, 9, 11, 0, 0, 0, 0, 0, 0, 0,
+ 90, 0, 46, 22, 13, 111, 52, 20, 96, 24, 28, 74, 27, 123, 44, 66,
+ 0, 45, 2, 4, 48, 0, 0, 21, 0, 0, 0, 0, 0, 120, 122, 67,
+};
+
+static const uint8_t e0_keycodes[128] = {
+ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 90, 76, 0, 0,
+ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+ 0, 0, 0, 0, 0, 109, 0, 0, 13, 0, 0, 0, 0, 0, 0, 0,
+ 0, 0, 0, 0, 0, 0, 0, 68, 69, 70, 0, 91, 0, 93, 0, 112,
+ 113, 114, 94, 50, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+ 1, 3, 25, 26, 49, 52, 72, 73, 97, 99, 111, 118, 120, 122, 67, 0,
+};
+
+static void sunkbd_event(void *opaque, int ch)
+{
+ ChannelState *s = opaque;
+ int release = ch & 0x80;
+
+ trace_escc_sunkbd_event_in(ch);
+ switch (ch) {
+ case 58: // Caps lock press
+ s->caps_lock_mode ^= 1;
+ if (s->caps_lock_mode == 2)
+ return; // Drop second press
+ break;
+ case 69: // Num lock press
+ s->num_lock_mode ^= 1;
+ if (s->num_lock_mode == 2)
+ return; // Drop second press
+ break;
+ case 186: // Caps lock release
+ s->caps_lock_mode ^= 2;
+ if (s->caps_lock_mode == 3)
+ return; // Drop first release
+ break;
+ case 197: // Num lock release
+ s->num_lock_mode ^= 2;
+ if (s->num_lock_mode == 3)
+ return; // Drop first release
+ break;
+ case 0xe0:
+ s->e0_mode = 1;
+ return;
+ default:
+ break;
+ }
+ if (s->e0_mode) {
+ s->e0_mode = 0;
+ ch = e0_keycodes[ch & 0x7f];
+ } else {
+ ch = keycodes[ch & 0x7f];
+ }
+ trace_escc_sunkbd_event_out(ch);
+ put_queue(s, ch | release);
+}
+
+static void handle_kbd_command(ChannelState *s, int val)
+{
+ trace_escc_kbd_command(val);
+ if (s->led_mode) { // Ignore led byte
+ s->led_mode = 0;
+ return;
+ }
+ switch (val) {
+ case 1: // Reset, return type code
+ clear_queue(s);
+ put_queue(s, 0xff);
+ put_queue(s, 4); // Type 4
+ put_queue(s, 0x7f);
+ break;
+ case 0xe: // Set leds
+ s->led_mode = 1;
+ break;
+ case 7: // Query layout
+ case 0xf:
+ clear_queue(s);
+ put_queue(s, 0xfe);
+ put_queue(s, 0); // XXX, layout?
+ break;
+ default:
+ break;
+ }
+}
+
+static void sunmouse_event(void *opaque,
+ int dx, int dy, int dz, int buttons_state)
+{
+ ChannelState *s = opaque;
+ int ch;
+
+ trace_escc_sunmouse_event(dx, dy, buttons_state);
+ ch = 0x80 | 0x7; /* protocol start byte, no buttons pressed */
+
+ if (buttons_state & MOUSE_EVENT_LBUTTON)
+ ch ^= 0x4;
+ if (buttons_state & MOUSE_EVENT_MBUTTON)
+ ch ^= 0x2;
+ if (buttons_state & MOUSE_EVENT_RBUTTON)
+ ch ^= 0x1;
+
+ put_queue(s, ch);
+
+ ch = dx;
+
+ if (ch > 127)
+ ch = 127;
+ else if (ch < -127)
+ ch = -127;
+
+ put_queue(s, ch & 0xff);
+
+ ch = -dy;
+
+ if (ch > 127)
+ ch = 127;
+ else if (ch < -127)
+ ch = -127;
+
+ put_queue(s, ch & 0xff);
+
+ // MSC protocol specify two extra motion bytes
+
+ put_queue(s, 0);
+ put_queue(s, 0);
+}
+
+void slavio_serial_ms_kbd_init(hwaddr base, qemu_irq irq,
+ int disabled, int clock, int it_shift)
+{
+ DeviceState *dev;
+ SysBusDevice *s;
+
+ dev = qdev_create(NULL, TYPE_ESCC);
+ qdev_prop_set_uint32(dev, "disabled", disabled);
+ qdev_prop_set_uint32(dev, "frequency", clock);
+ qdev_prop_set_uint32(dev, "it_shift", it_shift);
+ qdev_prop_set_chr(dev, "chrB", NULL);
+ qdev_prop_set_chr(dev, "chrA", NULL);
+ qdev_prop_set_uint32(dev, "chnBtype", mouse);
+ qdev_prop_set_uint32(dev, "chnAtype", kbd);
+ qdev_init_nofail(dev);
+ s = SYS_BUS_DEVICE(dev);
+ sysbus_connect_irq(s, 0, irq);
+ sysbus_connect_irq(s, 1, irq);
+ sysbus_mmio_map(s, 0, base);
+}
+
+static int escc_init1(SysBusDevice *dev)
+{
+ ESCCState *s = ESCC(dev);
+ unsigned int i;
+
+ s->chn[0].disabled = s->disabled;
+ s->chn[1].disabled = s->disabled;
+ for (i = 0; i < 2; i++) {
+ sysbus_init_irq(dev, &s->chn[i].irq);
+ s->chn[i].chn = 1 - i;
+ s->chn[i].clock = s->frequency / 2;
+ if (s->chn[i].chr) {
+ qemu_chr_add_handlers(s->chn[i].chr, serial_can_receive,
+ serial_receive1, serial_event, &s->chn[i]);
+ }
+ }
+ s->chn[0].otherchn = &s->chn[1];
+ s->chn[1].otherchn = &s->chn[0];
+
+ memory_region_init_io(&s->mmio, OBJECT(s), &escc_mem_ops, s, "escc",
+ ESCC_SIZE << s->it_shift);
+ sysbus_init_mmio(dev, &s->mmio);
+
+ if (s->chn[0].type == mouse) {
+ qemu_add_mouse_event_handler(sunmouse_event, &s->chn[0], 0,
+ "QEMU Sun Mouse");
+ }
+ if (s->chn[1].type == kbd) {
+ qemu_add_kbd_event_handler(sunkbd_event, &s->chn[1]);
+ }
+
+ return 0;
+}
+
+static Property escc_properties[] = {
+ DEFINE_PROP_UINT32("frequency", ESCCState, frequency, 0),
+ DEFINE_PROP_UINT32("it_shift", ESCCState, it_shift, 0),
+ DEFINE_PROP_UINT32("disabled", ESCCState, disabled, 0),
+ DEFINE_PROP_UINT32("chnBtype", ESCCState, chn[0].type, 0),
+ DEFINE_PROP_UINT32("chnAtype", ESCCState, chn[1].type, 0),
+ DEFINE_PROP_CHR("chrB", ESCCState, chn[0].chr),
+ DEFINE_PROP_CHR("chrA", ESCCState, chn[1].chr),
+ DEFINE_PROP_END_OF_LIST(),
+};
+
+static void escc_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
+
+ k->init = escc_init1;
+ dc->reset = escc_reset;
+ dc->vmsd = &vmstate_escc;
+ dc->props = escc_properties;
+}
+
+static const TypeInfo escc_info = {
+ .name = TYPE_ESCC,
+ .parent = TYPE_SYS_BUS_DEVICE,
+ .instance_size = sizeof(ESCCState),
+ .class_init = escc_class_init,
+};
+
+static void escc_register_types(void)
+{
+ type_register_static(&escc_info);
+}
+
+type_init(escc_register_types)
diff --git a/hw/char/etraxfs_ser.c b/hw/char/etraxfs_ser.c
new file mode 100644
index 000000000..460094e79
--- /dev/null
+++ b/hw/char/etraxfs_ser.c
@@ -0,0 +1,252 @@
+/*
+ * QEMU ETRAX System Emulator
+ *
+ * Copyright (c) 2007 Edgar E. Iglesias, Axis Communications AB.
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+#include "hw/sysbus.h"
+#include "sysemu/char.h"
+#include "qemu/log.h"
+
+#define D(x)
+
+#define RW_TR_CTRL (0x00 / 4)
+#define RW_TR_DMA_EN (0x04 / 4)
+#define RW_REC_CTRL (0x08 / 4)
+#define RW_DOUT (0x1c / 4)
+#define RS_STAT_DIN (0x20 / 4)
+#define R_STAT_DIN (0x24 / 4)
+#define RW_INTR_MASK (0x2c / 4)
+#define RW_ACK_INTR (0x30 / 4)
+#define R_INTR (0x34 / 4)
+#define R_MASKED_INTR (0x38 / 4)
+#define R_MAX (0x3c / 4)
+
+#define STAT_DAV 16
+#define STAT_TR_IDLE 22
+#define STAT_TR_RDY 24
+
+#define TYPE_ETRAX_FS_SERIAL "etraxfs,serial"
+#define ETRAX_SERIAL(obj) \
+ OBJECT_CHECK(ETRAXSerial, (obj), TYPE_ETRAX_FS_SERIAL)
+
+typedef struct ETRAXSerial {
+ SysBusDevice parent_obj;
+
+ MemoryRegion mmio;
+ CharDriverState *chr;
+ qemu_irq irq;
+
+ int pending_tx;
+
+ uint8_t rx_fifo[16];
+ unsigned int rx_fifo_pos;
+ unsigned int rx_fifo_len;
+
+ /* Control registers. */
+ uint32_t regs[R_MAX];
+} ETRAXSerial;
+
+static void ser_update_irq(ETRAXSerial *s)
+{
+
+ if (s->rx_fifo_len) {
+ s->regs[R_INTR] |= 8;
+ } else {
+ s->regs[R_INTR] &= ~8;
+ }
+
+ s->regs[R_MASKED_INTR] = s->regs[R_INTR] & s->regs[RW_INTR_MASK];
+ qemu_set_irq(s->irq, !!s->regs[R_MASKED_INTR]);
+}
+
+static uint64_t
+ser_read(void *opaque, hwaddr addr, unsigned int size)
+{
+ ETRAXSerial *s = opaque;
+ uint32_t r = 0;
+
+ addr >>= 2;
+ switch (addr)
+ {
+ case R_STAT_DIN:
+ r = s->rx_fifo[(s->rx_fifo_pos - s->rx_fifo_len) & 15];
+ if (s->rx_fifo_len) {
+ r |= 1 << STAT_DAV;
+ }
+ r |= 1 << STAT_TR_RDY;
+ r |= 1 << STAT_TR_IDLE;
+ break;
+ case RS_STAT_DIN:
+ r = s->rx_fifo[(s->rx_fifo_pos - s->rx_fifo_len) & 15];
+ if (s->rx_fifo_len) {
+ r |= 1 << STAT_DAV;
+ s->rx_fifo_len--;
+ }
+ r |= 1 << STAT_TR_RDY;
+ r |= 1 << STAT_TR_IDLE;
+ break;
+ default:
+ r = s->regs[addr];
+ D(qemu_log("%s " TARGET_FMT_plx "=%x\n", __func__, addr, r));
+ break;
+ }
+ return r;
+}
+
+static void
+ser_write(void *opaque, hwaddr addr,
+ uint64_t val64, unsigned int size)
+{
+ ETRAXSerial *s = opaque;
+ uint32_t value = val64;
+ unsigned char ch = val64;
+
+ D(qemu_log("%s " TARGET_FMT_plx "=%x\n", __func__, addr, value));
+ addr >>= 2;
+ switch (addr)
+ {
+ case RW_DOUT:
+ qemu_chr_fe_write(s->chr, &ch, 1);
+ s->regs[R_INTR] |= 3;
+ s->pending_tx = 1;
+ s->regs[addr] = value;
+ break;
+ case RW_ACK_INTR:
+ if (s->pending_tx) {
+ value &= ~1;
+ s->pending_tx = 0;
+ D(qemu_log("fixedup value=%x r_intr=%x\n",
+ value, s->regs[R_INTR]));
+ }
+ s->regs[addr] = value;
+ s->regs[R_INTR] &= ~value;
+ D(printf("r_intr=%x\n", s->regs[R_INTR]));
+ break;
+ default:
+ s->regs[addr] = value;
+ break;
+ }
+ ser_update_irq(s);
+}
+
+static const MemoryRegionOps ser_ops = {
+ .read = ser_read,
+ .write = ser_write,
+ .endianness = DEVICE_NATIVE_ENDIAN,
+ .valid = {
+ .min_access_size = 4,
+ .max_access_size = 4
+ }
+};
+
+static void serial_receive(void *opaque, const uint8_t *buf, int size)
+{
+ ETRAXSerial *s = opaque;
+ int i;
+
+ /* Got a byte. */
+ if (s->rx_fifo_len >= 16) {
+ qemu_log("WARNING: UART dropped char.\n");
+ return;
+ }
+
+ for (i = 0; i < size; i++) {
+ s->rx_fifo[s->rx_fifo_pos] = buf[i];
+ s->rx_fifo_pos++;
+ s->rx_fifo_pos &= 15;
+ s->rx_fifo_len++;
+ }
+
+ ser_update_irq(s);
+}
+
+static int serial_can_receive(void *opaque)
+{
+ ETRAXSerial *s = opaque;
+ int r;
+
+ /* Is the receiver enabled? */
+ if (!(s->regs[RW_REC_CTRL] & (1 << 3))) {
+ return 0;
+ }
+
+ r = sizeof(s->rx_fifo) - s->rx_fifo_len;
+ return r;
+}
+
+static void serial_event(void *opaque, int event)
+{
+
+}
+
+static void etraxfs_ser_reset(DeviceState *d)
+{
+ ETRAXSerial *s = ETRAX_SERIAL(d);
+
+ /* transmitter begins ready and idle. */
+ s->regs[RS_STAT_DIN] |= (1 << STAT_TR_RDY);
+ s->regs[RS_STAT_DIN] |= (1 << STAT_TR_IDLE);
+
+ s->regs[RW_REC_CTRL] = 0x10000;
+
+}
+
+static int etraxfs_ser_init(SysBusDevice *dev)
+{
+ ETRAXSerial *s = ETRAX_SERIAL(dev);
+
+ sysbus_init_irq(dev, &s->irq);
+ memory_region_init_io(&s->mmio, OBJECT(s), &ser_ops, s,
+ "etraxfs-serial", R_MAX * 4);
+ sysbus_init_mmio(dev, &s->mmio);
+
+ s->chr = qemu_char_get_next_serial();
+ if (s->chr) {
+ qemu_chr_add_handlers(s->chr,
+ serial_can_receive, serial_receive,
+ serial_event, s);
+ }
+ return 0;
+}
+
+static void etraxfs_ser_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
+
+ k->init = etraxfs_ser_init;
+ dc->reset = etraxfs_ser_reset;
+}
+
+static const TypeInfo etraxfs_ser_info = {
+ .name = TYPE_ETRAX_FS_SERIAL,
+ .parent = TYPE_SYS_BUS_DEVICE,
+ .instance_size = sizeof(ETRAXSerial),
+ .class_init = etraxfs_ser_class_init,
+};
+
+static void etraxfs_serial_register_types(void)
+{
+ type_register_static(&etraxfs_ser_info);
+}
+
+type_init(etraxfs_serial_register_types)
diff --git a/hw/char/exynos4210_uart.c b/hw/char/exynos4210_uart.c
new file mode 100644
index 000000000..eef23a0cc
--- /dev/null
+++ b/hw/char/exynos4210_uart.c
@@ -0,0 +1,680 @@
+/*
+ * Exynos4210 UART Emulation
+ *
+ * Copyright (C) 2011 Samsung Electronics Co Ltd.
+ * Maksim Kozlov, <m.kozlov@samsung.com>
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+#include "hw/sysbus.h"
+#include "sysemu/sysemu.h"
+#include "sysemu/char.h"
+
+#include "hw/arm/exynos4210.h"
+
+#undef DEBUG_UART
+#undef DEBUG_UART_EXTEND
+#undef DEBUG_IRQ
+#undef DEBUG_Rx_DATA
+#undef DEBUG_Tx_DATA
+
+#define DEBUG_UART 0
+#define DEBUG_UART_EXTEND 0
+#define DEBUG_IRQ 0
+#define DEBUG_Rx_DATA 0
+#define DEBUG_Tx_DATA 0
+
+#if DEBUG_UART
+#define PRINT_DEBUG(fmt, args...) \
+ do { \
+ fprintf(stderr, " [%s:%d] "fmt, __func__, __LINE__, ##args); \
+ } while (0)
+
+#if DEBUG_UART_EXTEND
+#define PRINT_DEBUG_EXTEND(fmt, args...) \
+ do { \
+ fprintf(stderr, " [%s:%d] "fmt, __func__, __LINE__, ##args); \
+ } while (0)
+#else
+#define PRINT_DEBUG_EXTEND(fmt, args...) \
+ do {} while (0)
+#endif /* EXTEND */
+
+#else
+#define PRINT_DEBUG(fmt, args...) \
+ do {} while (0)
+#define PRINT_DEBUG_EXTEND(fmt, args...) \
+ do {} while (0)
+#endif
+
+#define PRINT_ERROR(fmt, args...) \
+ do { \
+ fprintf(stderr, " [%s:%d] "fmt, __func__, __LINE__, ##args); \
+ } while (0)
+
+/*
+ * Offsets for UART registers relative to SFR base address
+ * for UARTn
+ *
+ */
+#define ULCON 0x0000 /* Line Control */
+#define UCON 0x0004 /* Control */
+#define UFCON 0x0008 /* FIFO Control */
+#define UMCON 0x000C /* Modem Control */
+#define UTRSTAT 0x0010 /* Tx/Rx Status */
+#define UERSTAT 0x0014 /* UART Error Status */
+#define UFSTAT 0x0018 /* FIFO Status */
+#define UMSTAT 0x001C /* Modem Status */
+#define UTXH 0x0020 /* Transmit Buffer */
+#define URXH 0x0024 /* Receive Buffer */
+#define UBRDIV 0x0028 /* Baud Rate Divisor */
+#define UFRACVAL 0x002C /* Divisor Fractional Value */
+#define UINTP 0x0030 /* Interrupt Pending */
+#define UINTSP 0x0034 /* Interrupt Source Pending */
+#define UINTM 0x0038 /* Interrupt Mask */
+
+/*
+ * for indexing register in the uint32_t array
+ *
+ * 'reg' - register offset (see offsets definitions above)
+ *
+ */
+#define I_(reg) (reg / sizeof(uint32_t))
+
+typedef struct Exynos4210UartReg {
+ const char *name; /* the only reason is the debug output */
+ hwaddr offset;
+ uint32_t reset_value;
+} Exynos4210UartReg;
+
+static Exynos4210UartReg exynos4210_uart_regs[] = {
+ {"ULCON", ULCON, 0x00000000},
+ {"UCON", UCON, 0x00003000},
+ {"UFCON", UFCON, 0x00000000},
+ {"UMCON", UMCON, 0x00000000},
+ {"UTRSTAT", UTRSTAT, 0x00000006}, /* RO */
+ {"UERSTAT", UERSTAT, 0x00000000}, /* RO */
+ {"UFSTAT", UFSTAT, 0x00000000}, /* RO */
+ {"UMSTAT", UMSTAT, 0x00000000}, /* RO */
+ {"UTXH", UTXH, 0x5c5c5c5c}, /* WO, undefined reset value*/
+ {"URXH", URXH, 0x00000000}, /* RO */
+ {"UBRDIV", UBRDIV, 0x00000000},
+ {"UFRACVAL", UFRACVAL, 0x00000000},
+ {"UINTP", UINTP, 0x00000000},
+ {"UINTSP", UINTSP, 0x00000000},
+ {"UINTM", UINTM, 0x00000000},
+};
+
+#define EXYNOS4210_UART_REGS_MEM_SIZE 0x3C
+
+/* UART FIFO Control */
+#define UFCON_FIFO_ENABLE 0x1
+#define UFCON_Rx_FIFO_RESET 0x2
+#define UFCON_Tx_FIFO_RESET 0x4
+#define UFCON_Tx_FIFO_TRIGGER_LEVEL_SHIFT 8
+#define UFCON_Tx_FIFO_TRIGGER_LEVEL (7 << UFCON_Tx_FIFO_TRIGGER_LEVEL_SHIFT)
+#define UFCON_Rx_FIFO_TRIGGER_LEVEL_SHIFT 4
+#define UFCON_Rx_FIFO_TRIGGER_LEVEL (7 << UFCON_Rx_FIFO_TRIGGER_LEVEL_SHIFT)
+
+/* Uart FIFO Status */
+#define UFSTAT_Rx_FIFO_COUNT 0xff
+#define UFSTAT_Rx_FIFO_FULL 0x100
+#define UFSTAT_Rx_FIFO_ERROR 0x200
+#define UFSTAT_Tx_FIFO_COUNT_SHIFT 16
+#define UFSTAT_Tx_FIFO_COUNT (0xff << UFSTAT_Tx_FIFO_COUNT_SHIFT)
+#define UFSTAT_Tx_FIFO_FULL_SHIFT 24
+#define UFSTAT_Tx_FIFO_FULL (1 << UFSTAT_Tx_FIFO_FULL_SHIFT)
+
+/* UART Interrupt Source Pending */
+#define UINTSP_RXD 0x1 /* Receive interrupt */
+#define UINTSP_ERROR 0x2 /* Error interrupt */
+#define UINTSP_TXD 0x4 /* Transmit interrupt */
+#define UINTSP_MODEM 0x8 /* Modem interrupt */
+
+/* UART Line Control */
+#define ULCON_IR_MODE_SHIFT 6
+#define ULCON_PARITY_SHIFT 3
+#define ULCON_STOP_BIT_SHIFT 1
+
+/* UART Tx/Rx Status */
+#define UTRSTAT_TRANSMITTER_EMPTY 0x4
+#define UTRSTAT_Tx_BUFFER_EMPTY 0x2
+#define UTRSTAT_Rx_BUFFER_DATA_READY 0x1
+
+/* UART Error Status */
+#define UERSTAT_OVERRUN 0x1
+#define UERSTAT_PARITY 0x2
+#define UERSTAT_FRAME 0x4
+#define UERSTAT_BREAK 0x8
+
+typedef struct {
+ uint8_t *data;
+ uint32_t sp, rp; /* store and retrieve pointers */
+ uint32_t size;
+} Exynos4210UartFIFO;
+
+#define TYPE_EXYNOS4210_UART "exynos4210.uart"
+#define EXYNOS4210_UART(obj) \
+ OBJECT_CHECK(Exynos4210UartState, (obj), TYPE_EXYNOS4210_UART)
+
+typedef struct Exynos4210UartState {
+ SysBusDevice parent_obj;
+
+ MemoryRegion iomem;
+
+ uint32_t reg[EXYNOS4210_UART_REGS_MEM_SIZE / sizeof(uint32_t)];
+ Exynos4210UartFIFO rx;
+ Exynos4210UartFIFO tx;
+
+ CharDriverState *chr;
+ qemu_irq irq;
+
+ uint32_t channel;
+
+} Exynos4210UartState;
+
+
+#if DEBUG_UART
+/* Used only for debugging inside PRINT_DEBUG_... macros */
+static const char *exynos4210_uart_regname(hwaddr offset)
+{
+
+ int regs_number = sizeof(exynos4210_uart_regs) / sizeof(Exynos4210UartReg);
+ int i;
+
+ for (i = 0; i < regs_number; i++) {
+ if (offset == exynos4210_uart_regs[i].offset) {
+ return exynos4210_uart_regs[i].name;
+ }
+ }
+
+ return NULL;
+}
+#endif
+
+
+static void fifo_store(Exynos4210UartFIFO *q, uint8_t ch)
+{
+ q->data[q->sp] = ch;
+ q->sp = (q->sp + 1) % q->size;
+}
+
+static uint8_t fifo_retrieve(Exynos4210UartFIFO *q)
+{
+ uint8_t ret = q->data[q->rp];
+ q->rp = (q->rp + 1) % q->size;
+ return ret;
+}
+
+static int fifo_elements_number(Exynos4210UartFIFO *q)
+{
+ if (q->sp < q->rp) {
+ return q->size - q->rp + q->sp;
+ }
+
+ return q->sp - q->rp;
+}
+
+static int fifo_empty_elements_number(Exynos4210UartFIFO *q)
+{
+ return q->size - fifo_elements_number(q);
+}
+
+static void fifo_reset(Exynos4210UartFIFO *q)
+{
+ if (q->data != NULL) {
+ g_free(q->data);
+ q->data = NULL;
+ }
+
+ q->data = (uint8_t *)g_malloc0(q->size);
+
+ q->sp = 0;
+ q->rp = 0;
+}
+
+static uint32_t exynos4210_uart_Tx_FIFO_trigger_level(Exynos4210UartState *s)
+{
+ uint32_t level = 0;
+ uint32_t reg;
+
+ reg = (s->reg[I_(UFCON)] & UFCON_Tx_FIFO_TRIGGER_LEVEL) >>
+ UFCON_Tx_FIFO_TRIGGER_LEVEL_SHIFT;
+
+ switch (s->channel) {
+ case 0:
+ level = reg * 32;
+ break;
+ case 1:
+ case 4:
+ level = reg * 8;
+ break;
+ case 2:
+ case 3:
+ level = reg * 2;
+ break;
+ default:
+ level = 0;
+ PRINT_ERROR("Wrong UART channel number: %d\n", s->channel);
+ }
+
+ return level;
+}
+
+static void exynos4210_uart_update_irq(Exynos4210UartState *s)
+{
+ /*
+ * The Tx interrupt is always requested if the number of data in the
+ * transmit FIFO is smaller than the trigger level.
+ */
+ if (s->reg[I_(UFCON)] & UFCON_FIFO_ENABLE) {
+
+ uint32_t count = (s->reg[I_(UFSTAT)] & UFSTAT_Tx_FIFO_COUNT) >>
+ UFSTAT_Tx_FIFO_COUNT_SHIFT;
+
+ if (count <= exynos4210_uart_Tx_FIFO_trigger_level(s)) {
+ s->reg[I_(UINTSP)] |= UINTSP_TXD;
+ }
+ }
+
+ s->reg[I_(UINTP)] = s->reg[I_(UINTSP)] & ~s->reg[I_(UINTM)];
+
+ if (s->reg[I_(UINTP)]) {
+ qemu_irq_raise(s->irq);
+
+#if DEBUG_IRQ
+ fprintf(stderr, "UART%d: IRQ has been raised: %08x\n",
+ s->channel, s->reg[I_(UINTP)]);
+#endif
+
+ } else {
+ qemu_irq_lower(s->irq);
+ }
+}
+
+static void exynos4210_uart_update_parameters(Exynos4210UartState *s)
+{
+ int speed, parity, data_bits, stop_bits, frame_size;
+ QEMUSerialSetParams ssp;
+ uint64_t uclk_rate;
+
+ if (s->reg[I_(UBRDIV)] == 0) {
+ return;
+ }
+
+ frame_size = 1; /* start bit */
+ if (s->reg[I_(ULCON)] & 0x20) {
+ frame_size++; /* parity bit */
+ if (s->reg[I_(ULCON)] & 0x28) {
+ parity = 'E';
+ } else {
+ parity = 'O';
+ }
+ } else {
+ parity = 'N';
+ }
+
+ if (s->reg[I_(ULCON)] & 0x4) {
+ stop_bits = 2;
+ } else {
+ stop_bits = 1;
+ }
+
+ data_bits = (s->reg[I_(ULCON)] & 0x3) + 5;
+
+ frame_size += data_bits + stop_bits;
+
+ uclk_rate = 24000000;
+
+ speed = uclk_rate / ((16 * (s->reg[I_(UBRDIV)]) & 0xffff) +
+ (s->reg[I_(UFRACVAL)] & 0x7) + 16);
+
+ ssp.speed = speed;
+ ssp.parity = parity;
+ ssp.data_bits = data_bits;
+ ssp.stop_bits = stop_bits;
+
+ qemu_chr_fe_ioctl(s->chr, CHR_IOCTL_SERIAL_SET_PARAMS, &ssp);
+
+ PRINT_DEBUG("UART%d: speed: %d, parity: %c, data: %d, stop: %d\n",
+ s->channel, speed, parity, data_bits, stop_bits);
+}
+
+static void exynos4210_uart_write(void *opaque, hwaddr offset,
+ uint64_t val, unsigned size)
+{
+ Exynos4210UartState *s = (Exynos4210UartState *)opaque;
+ uint8_t ch;
+
+ PRINT_DEBUG_EXTEND("UART%d: <0x%04x> %s <- 0x%08llx\n", s->channel,
+ offset, exynos4210_uart_regname(offset), (long long unsigned int)val);
+
+ switch (offset) {
+ case ULCON:
+ case UBRDIV:
+ case UFRACVAL:
+ s->reg[I_(offset)] = val;
+ exynos4210_uart_update_parameters(s);
+ break;
+ case UFCON:
+ s->reg[I_(UFCON)] = val;
+ if (val & UFCON_Rx_FIFO_RESET) {
+ fifo_reset(&s->rx);
+ s->reg[I_(UFCON)] &= ~UFCON_Rx_FIFO_RESET;
+ PRINT_DEBUG("UART%d: Rx FIFO Reset\n", s->channel);
+ }
+ if (val & UFCON_Tx_FIFO_RESET) {
+ fifo_reset(&s->tx);
+ s->reg[I_(UFCON)] &= ~UFCON_Tx_FIFO_RESET;
+ PRINT_DEBUG("UART%d: Tx FIFO Reset\n", s->channel);
+ }
+ break;
+
+ case UTXH:
+ if (s->chr) {
+ s->reg[I_(UTRSTAT)] &= ~(UTRSTAT_TRANSMITTER_EMPTY |
+ UTRSTAT_Tx_BUFFER_EMPTY);
+ ch = (uint8_t)val;
+ qemu_chr_fe_write(s->chr, &ch, 1);
+#if DEBUG_Tx_DATA
+ fprintf(stderr, "%c", ch);
+#endif
+ s->reg[I_(UTRSTAT)] |= UTRSTAT_TRANSMITTER_EMPTY |
+ UTRSTAT_Tx_BUFFER_EMPTY;
+ s->reg[I_(UINTSP)] |= UINTSP_TXD;
+ exynos4210_uart_update_irq(s);
+ }
+ break;
+
+ case UINTP:
+ s->reg[I_(UINTP)] &= ~val;
+ s->reg[I_(UINTSP)] &= ~val;
+ PRINT_DEBUG("UART%d: UINTP [%04x] have been cleared: %08x\n",
+ s->channel, offset, s->reg[I_(UINTP)]);
+ exynos4210_uart_update_irq(s);
+ break;
+ case UTRSTAT:
+ case UERSTAT:
+ case UFSTAT:
+ case UMSTAT:
+ case URXH:
+ PRINT_DEBUG("UART%d: Trying to write into RO register: %s [%04x]\n",
+ s->channel, exynos4210_uart_regname(offset), offset);
+ break;
+ case UINTSP:
+ s->reg[I_(UINTSP)] &= ~val;
+ break;
+ case UINTM:
+ s->reg[I_(UINTM)] = val;
+ exynos4210_uart_update_irq(s);
+ break;
+ case UCON:
+ case UMCON:
+ default:
+ s->reg[I_(offset)] = val;
+ break;
+ }
+}
+static uint64_t exynos4210_uart_read(void *opaque, hwaddr offset,
+ unsigned size)
+{
+ Exynos4210UartState *s = (Exynos4210UartState *)opaque;
+ uint32_t res;
+
+ switch (offset) {
+ case UERSTAT: /* Read Only */
+ res = s->reg[I_(UERSTAT)];
+ s->reg[I_(UERSTAT)] = 0;
+ return res;
+ case UFSTAT: /* Read Only */
+ s->reg[I_(UFSTAT)] = fifo_elements_number(&s->rx) & 0xff;
+ if (fifo_empty_elements_number(&s->rx) == 0) {
+ s->reg[I_(UFSTAT)] |= UFSTAT_Rx_FIFO_FULL;
+ s->reg[I_(UFSTAT)] &= ~0xff;
+ }
+ return s->reg[I_(UFSTAT)];
+ case URXH:
+ if (s->reg[I_(UFCON)] & UFCON_FIFO_ENABLE) {
+ if (fifo_elements_number(&s->rx)) {
+ res = fifo_retrieve(&s->rx);
+#if DEBUG_Rx_DATA
+ fprintf(stderr, "%c", res);
+#endif
+ if (!fifo_elements_number(&s->rx)) {
+ s->reg[I_(UTRSTAT)] &= ~UTRSTAT_Rx_BUFFER_DATA_READY;
+ } else {
+ s->reg[I_(UTRSTAT)] |= UTRSTAT_Rx_BUFFER_DATA_READY;
+ }
+ } else {
+ s->reg[I_(UINTSP)] |= UINTSP_ERROR;
+ exynos4210_uart_update_irq(s);
+ res = 0;
+ }
+ } else {
+ s->reg[I_(UTRSTAT)] &= ~UTRSTAT_Rx_BUFFER_DATA_READY;
+ res = s->reg[I_(URXH)];
+ }
+ return res;
+ case UTXH:
+ PRINT_DEBUG("UART%d: Trying to read from WO register: %s [%04x]\n",
+ s->channel, exynos4210_uart_regname(offset), offset);
+ break;
+ default:
+ return s->reg[I_(offset)];
+ }
+
+ return 0;
+}
+
+static const MemoryRegionOps exynos4210_uart_ops = {
+ .read = exynos4210_uart_read,
+ .write = exynos4210_uart_write,
+ .endianness = DEVICE_NATIVE_ENDIAN,
+ .valid = {
+ .max_access_size = 4,
+ .unaligned = false
+ },
+};
+
+static int exynos4210_uart_can_receive(void *opaque)
+{
+ Exynos4210UartState *s = (Exynos4210UartState *)opaque;
+
+ return fifo_empty_elements_number(&s->rx);
+}
+
+
+static void exynos4210_uart_receive(void *opaque, const uint8_t *buf, int size)
+{
+ Exynos4210UartState *s = (Exynos4210UartState *)opaque;
+ int i;
+
+ if (s->reg[I_(UFCON)] & UFCON_FIFO_ENABLE) {
+ if (fifo_empty_elements_number(&s->rx) < size) {
+ for (i = 0; i < fifo_empty_elements_number(&s->rx); i++) {
+ fifo_store(&s->rx, buf[i]);
+ }
+ s->reg[I_(UINTSP)] |= UINTSP_ERROR;
+ s->reg[I_(UTRSTAT)] |= UTRSTAT_Rx_BUFFER_DATA_READY;
+ } else {
+ for (i = 0; i < size; i++) {
+ fifo_store(&s->rx, buf[i]);
+ }
+ s->reg[I_(UTRSTAT)] |= UTRSTAT_Rx_BUFFER_DATA_READY;
+ }
+ /* XXX: Around here we maybe should check Rx trigger level */
+ s->reg[I_(UINTSP)] |= UINTSP_RXD;
+ } else {
+ s->reg[I_(URXH)] = buf[0];
+ s->reg[I_(UINTSP)] |= UINTSP_RXD;
+ s->reg[I_(UTRSTAT)] |= UTRSTAT_Rx_BUFFER_DATA_READY;
+ }
+
+ exynos4210_uart_update_irq(s);
+}
+
+
+static void exynos4210_uart_event(void *opaque, int event)
+{
+ Exynos4210UartState *s = (Exynos4210UartState *)opaque;
+
+ if (event == CHR_EVENT_BREAK) {
+ /* When the RxDn is held in logic 0, then a null byte is pushed into the
+ * fifo */
+ fifo_store(&s->rx, '\0');
+ s->reg[I_(UERSTAT)] |= UERSTAT_BREAK;
+ exynos4210_uart_update_irq(s);
+ }
+}
+
+
+static void exynos4210_uart_reset(DeviceState *dev)
+{
+ Exynos4210UartState *s = EXYNOS4210_UART(dev);
+ int regs_number = sizeof(exynos4210_uart_regs)/sizeof(Exynos4210UartReg);
+ int i;
+
+ for (i = 0; i < regs_number; i++) {
+ s->reg[I_(exynos4210_uart_regs[i].offset)] =
+ exynos4210_uart_regs[i].reset_value;
+ }
+
+ fifo_reset(&s->rx);
+ fifo_reset(&s->tx);
+
+ PRINT_DEBUG("UART%d: Rx FIFO size: %d\n", s->channel, s->rx.size);
+}
+
+static const VMStateDescription vmstate_exynos4210_uart_fifo = {
+ .name = "exynos4210.uart.fifo",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .minimum_version_id_old = 1,
+ .fields = (VMStateField[]) {
+ VMSTATE_UINT32(sp, Exynos4210UartFIFO),
+ VMSTATE_UINT32(rp, Exynos4210UartFIFO),
+ VMSTATE_VBUFFER_UINT32(data, Exynos4210UartFIFO, 1, NULL, 0, size),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+static const VMStateDescription vmstate_exynos4210_uart = {
+ .name = "exynos4210.uart",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .minimum_version_id_old = 1,
+ .fields = (VMStateField[]) {
+ VMSTATE_STRUCT(rx, Exynos4210UartState, 1,
+ vmstate_exynos4210_uart_fifo, Exynos4210UartFIFO),
+ VMSTATE_UINT32_ARRAY(reg, Exynos4210UartState,
+ EXYNOS4210_UART_REGS_MEM_SIZE / sizeof(uint32_t)),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+DeviceState *exynos4210_uart_create(hwaddr addr,
+ int fifo_size,
+ int channel,
+ CharDriverState *chr,
+ qemu_irq irq)
+{
+ DeviceState *dev;
+ SysBusDevice *bus;
+
+ const char chr_name[] = "serial";
+ char label[ARRAY_SIZE(chr_name) + 1];
+
+ dev = qdev_create(NULL, TYPE_EXYNOS4210_UART);
+
+ if (!chr) {
+ if (channel >= MAX_SERIAL_PORTS) {
+ hw_error("Only %d serial ports are supported by QEMU.\n",
+ MAX_SERIAL_PORTS);
+ }
+ chr = serial_hds[channel];
+ if (!chr) {
+ snprintf(label, ARRAY_SIZE(label), "%s%d", chr_name, channel);
+ chr = qemu_chr_new(label, "null", NULL);
+ if (!(chr)) {
+ hw_error("Can't assign serial port to UART%d.\n", channel);
+ }
+ }
+ }
+
+ qdev_prop_set_chr(dev, "chardev", chr);
+ qdev_prop_set_uint32(dev, "channel", channel);
+ qdev_prop_set_uint32(dev, "rx-size", fifo_size);
+ qdev_prop_set_uint32(dev, "tx-size", fifo_size);
+
+ bus = SYS_BUS_DEVICE(dev);
+ qdev_init_nofail(dev);
+ if (addr != (hwaddr)-1) {
+ sysbus_mmio_map(bus, 0, addr);
+ }
+ sysbus_connect_irq(bus, 0, irq);
+
+ return dev;
+}
+
+static int exynos4210_uart_init(SysBusDevice *dev)
+{
+ Exynos4210UartState *s = EXYNOS4210_UART(dev);
+
+ /* memory mapping */
+ memory_region_init_io(&s->iomem, OBJECT(s), &exynos4210_uart_ops, s,
+ "exynos4210.uart", EXYNOS4210_UART_REGS_MEM_SIZE);
+ sysbus_init_mmio(dev, &s->iomem);
+
+ sysbus_init_irq(dev, &s->irq);
+
+ qemu_chr_add_handlers(s->chr, exynos4210_uart_can_receive,
+ exynos4210_uart_receive, exynos4210_uart_event, s);
+
+ return 0;
+}
+
+static Property exynos4210_uart_properties[] = {
+ DEFINE_PROP_CHR("chardev", Exynos4210UartState, chr),
+ DEFINE_PROP_UINT32("channel", Exynos4210UartState, channel, 0),
+ DEFINE_PROP_UINT32("rx-size", Exynos4210UartState, rx.size, 16),
+ DEFINE_PROP_UINT32("tx-size", Exynos4210UartState, tx.size, 16),
+ DEFINE_PROP_END_OF_LIST(),
+};
+
+static void exynos4210_uart_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
+
+ k->init = exynos4210_uart_init;
+ dc->reset = exynos4210_uart_reset;
+ dc->props = exynos4210_uart_properties;
+ dc->vmsd = &vmstate_exynos4210_uart;
+}
+
+static const TypeInfo exynos4210_uart_info = {
+ .name = TYPE_EXYNOS4210_UART,
+ .parent = TYPE_SYS_BUS_DEVICE,
+ .instance_size = sizeof(Exynos4210UartState),
+ .class_init = exynos4210_uart_class_init,
+};
+
+static void exynos4210_uart_register(void)
+{
+ type_register_static(&exynos4210_uart_info);
+}
+
+type_init(exynos4210_uart_register)
diff --git a/hw/char/grlib_apbuart.c b/hw/char/grlib_apbuart.c
new file mode 100644
index 000000000..35ef66177
--- /dev/null
+++ b/hw/char/grlib_apbuart.c
@@ -0,0 +1,298 @@
+/*
+ * QEMU GRLIB APB UART Emulator
+ *
+ * Copyright (c) 2010-2011 AdaCore
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+#include "hw/sysbus.h"
+#include "sysemu/char.h"
+
+#include "trace.h"
+
+#define UART_REG_SIZE 20 /* Size of memory mapped registers */
+
+/* UART status register fields */
+#define UART_DATA_READY (1 << 0)
+#define UART_TRANSMIT_SHIFT_EMPTY (1 << 1)
+#define UART_TRANSMIT_FIFO_EMPTY (1 << 2)
+#define UART_BREAK_RECEIVED (1 << 3)
+#define UART_OVERRUN (1 << 4)
+#define UART_PARITY_ERROR (1 << 5)
+#define UART_FRAMING_ERROR (1 << 6)
+#define UART_TRANSMIT_FIFO_HALF (1 << 7)
+#define UART_RECEIVE_FIFO_HALF (1 << 8)
+#define UART_TRANSMIT_FIFO_FULL (1 << 9)
+#define UART_RECEIVE_FIFO_FULL (1 << 10)
+
+/* UART control register fields */
+#define UART_RECEIVE_ENABLE (1 << 0)
+#define UART_TRANSMIT_ENABLE (1 << 1)
+#define UART_RECEIVE_INTERRUPT (1 << 2)
+#define UART_TRANSMIT_INTERRUPT (1 << 3)
+#define UART_PARITY_SELECT (1 << 4)
+#define UART_PARITY_ENABLE (1 << 5)
+#define UART_FLOW_CONTROL (1 << 6)
+#define UART_LOOPBACK (1 << 7)
+#define UART_EXTERNAL_CLOCK (1 << 8)
+#define UART_RECEIVE_FIFO_INTERRUPT (1 << 9)
+#define UART_TRANSMIT_FIFO_INTERRUPT (1 << 10)
+#define UART_FIFO_DEBUG_MODE (1 << 11)
+#define UART_OUTPUT_ENABLE (1 << 12)
+#define UART_FIFO_AVAILABLE (1 << 31)
+
+/* Memory mapped register offsets */
+#define DATA_OFFSET 0x00
+#define STATUS_OFFSET 0x04
+#define CONTROL_OFFSET 0x08
+#define SCALER_OFFSET 0x0C /* not supported */
+#define FIFO_DEBUG_OFFSET 0x10 /* not supported */
+
+#define FIFO_LENGTH 1024
+
+#define TYPE_GRLIB_APB_UART "grlib,apbuart"
+#define GRLIB_APB_UART(obj) \
+ OBJECT_CHECK(UART, (obj), TYPE_GRLIB_APB_UART)
+
+typedef struct UART {
+ SysBusDevice parent_obj;
+
+ MemoryRegion iomem;
+ qemu_irq irq;
+
+ CharDriverState *chr;
+
+ /* registers */
+ uint32_t status;
+ uint32_t control;
+
+ /* FIFO */
+ char buffer[FIFO_LENGTH];
+ int len;
+ int current;
+} UART;
+
+static int uart_data_to_read(UART *uart)
+{
+ return uart->current < uart->len;
+}
+
+static char uart_pop(UART *uart)
+{
+ char ret;
+
+ if (uart->len == 0) {
+ uart->status &= ~UART_DATA_READY;
+ return 0;
+ }
+
+ ret = uart->buffer[uart->current++];
+
+ if (uart->current >= uart->len) {
+ /* Flush */
+ uart->len = 0;
+ uart->current = 0;
+ }
+
+ if (!uart_data_to_read(uart)) {
+ uart->status &= ~UART_DATA_READY;
+ }
+
+ return ret;
+}
+
+static void uart_add_to_fifo(UART *uart,
+ const uint8_t *buffer,
+ int length)
+{
+ if (uart->len + length > FIFO_LENGTH) {
+ abort();
+ }
+ memcpy(uart->buffer + uart->len, buffer, length);
+ uart->len += length;
+}
+
+static int grlib_apbuart_can_receive(void *opaque)
+{
+ UART *uart = opaque;
+
+ return FIFO_LENGTH - uart->len;
+}
+
+static void grlib_apbuart_receive(void *opaque, const uint8_t *buf, int size)
+{
+ UART *uart = opaque;
+
+ if (uart->control & UART_RECEIVE_ENABLE) {
+ uart_add_to_fifo(uart, buf, size);
+
+ uart->status |= UART_DATA_READY;
+
+ if (uart->control & UART_RECEIVE_INTERRUPT) {
+ qemu_irq_pulse(uart->irq);
+ }
+ }
+}
+
+static void grlib_apbuart_event(void *opaque, int event)
+{
+ trace_grlib_apbuart_event(event);
+}
+
+
+static uint64_t grlib_apbuart_read(void *opaque, hwaddr addr,
+ unsigned size)
+{
+ UART *uart = opaque;
+
+ addr &= 0xff;
+
+ /* Unit registers */
+ switch (addr) {
+ case DATA_OFFSET:
+ case DATA_OFFSET + 3: /* when only one byte read */
+ return uart_pop(uart);
+
+ case STATUS_OFFSET:
+ /* Read Only */
+ return uart->status;
+
+ case CONTROL_OFFSET:
+ return uart->control;
+
+ case SCALER_OFFSET:
+ /* Not supported */
+ return 0;
+
+ default:
+ trace_grlib_apbuart_readl_unknown(addr);
+ return 0;
+ }
+}
+
+static void grlib_apbuart_write(void *opaque, hwaddr addr,
+ uint64_t value, unsigned size)
+{
+ UART *uart = opaque;
+ unsigned char c = 0;
+
+ addr &= 0xff;
+
+ /* Unit registers */
+ switch (addr) {
+ case DATA_OFFSET:
+ case DATA_OFFSET + 3: /* When only one byte write */
+ /* Transmit when character device available and transmitter enabled */
+ if ((uart->chr) && (uart->control & UART_TRANSMIT_ENABLE)) {
+ c = value & 0xFF;
+ qemu_chr_fe_write(uart->chr, &c, 1);
+ /* Generate interrupt */
+ if (uart->control & UART_TRANSMIT_INTERRUPT) {
+ qemu_irq_pulse(uart->irq);
+ }
+ }
+ return;
+
+ case STATUS_OFFSET:
+ /* Read Only */
+ return;
+
+ case CONTROL_OFFSET:
+ uart->control = value;
+ return;
+
+ case SCALER_OFFSET:
+ /* Not supported */
+ return;
+
+ default:
+ break;
+ }
+
+ trace_grlib_apbuart_writel_unknown(addr, value);
+}
+
+static const MemoryRegionOps grlib_apbuart_ops = {
+ .write = grlib_apbuart_write,
+ .read = grlib_apbuart_read,
+ .endianness = DEVICE_NATIVE_ENDIAN,
+};
+
+static int grlib_apbuart_init(SysBusDevice *dev)
+{
+ UART *uart = GRLIB_APB_UART(dev);
+
+ qemu_chr_add_handlers(uart->chr,
+ grlib_apbuart_can_receive,
+ grlib_apbuart_receive,
+ grlib_apbuart_event,
+ uart);
+
+ sysbus_init_irq(dev, &uart->irq);
+
+ memory_region_init_io(&uart->iomem, OBJECT(uart), &grlib_apbuart_ops, uart,
+ "uart", UART_REG_SIZE);
+
+ sysbus_init_mmio(dev, &uart->iomem);
+
+ return 0;
+}
+
+static void grlib_apbuart_reset(DeviceState *d)
+{
+ UART *uart = GRLIB_APB_UART(d);
+
+ /* Transmitter FIFO and shift registers are always empty in QEMU */
+ uart->status = UART_TRANSMIT_FIFO_EMPTY | UART_TRANSMIT_SHIFT_EMPTY;
+ /* Everything is off */
+ uart->control = 0;
+ /* Flush receive FIFO */
+ uart->len = 0;
+ uart->current = 0;
+}
+
+static Property grlib_apbuart_properties[] = {
+ DEFINE_PROP_CHR("chrdev", UART, chr),
+ DEFINE_PROP_END_OF_LIST(),
+};
+
+static void grlib_apbuart_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
+
+ k->init = grlib_apbuart_init;
+ dc->reset = grlib_apbuart_reset;
+ dc->props = grlib_apbuart_properties;
+}
+
+static const TypeInfo grlib_apbuart_info = {
+ .name = TYPE_GRLIB_APB_UART,
+ .parent = TYPE_SYS_BUS_DEVICE,
+ .instance_size = sizeof(UART),
+ .class_init = grlib_apbuart_class_init,
+};
+
+static void grlib_apbuart_register_types(void)
+{
+ type_register_static(&grlib_apbuart_info);
+}
+
+type_init(grlib_apbuart_register_types)
diff --git a/hw/char/imx_serial.c b/hw/char/imx_serial.c
new file mode 100644
index 000000000..7f16835ae
--- /dev/null
+++ b/hw/char/imx_serial.c
@@ -0,0 +1,473 @@
+/*
+ * IMX31 UARTS
+ *
+ * Copyright (c) 2008 OKL
+ * Originally Written by Hans Jiang
+ * Copyright (c) 2011 NICTA Pty Ltd.
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or later.
+ * See the COPYING file in the top-level directory.
+ *
+ * This is a `bare-bones' implementation of the IMX series serial ports.
+ * TODO:
+ * -- implement FIFOs. The real hardware has 32 word transmit
+ * and receive FIFOs; we currently use a 1-char buffer
+ * -- implement DMA
+ * -- implement BAUD-rate and modem lines, for when the backend
+ * is a real serial device.
+ */
+
+#include "hw/hw.h"
+#include "hw/sysbus.h"
+#include "sysemu/sysemu.h"
+#include "sysemu/char.h"
+#include "hw/arm/imx.h"
+
+//#define DEBUG_SERIAL 1
+#ifdef DEBUG_SERIAL
+#define DPRINTF(fmt, args...) \
+do { printf("imx_serial: " fmt , ##args); } while (0)
+#else
+#define DPRINTF(fmt, args...) do {} while (0)
+#endif
+
+/*
+ * Define to 1 for messages about attempts to
+ * access unimplemented registers or similar.
+ */
+//#define DEBUG_IMPLEMENTATION 1
+#ifdef DEBUG_IMPLEMENTATION
+# define IPRINTF(fmt, args...) \
+ do { fprintf(stderr, "imx_serial: " fmt, ##args); } while (0)
+#else
+# define IPRINTF(fmt, args...) do {} while (0)
+#endif
+
+#define TYPE_IMX_SERIAL "imx-serial"
+#define IMX_SERIAL(obj) OBJECT_CHECK(IMXSerialState, (obj), TYPE_IMX_SERIAL)
+
+typedef struct IMXSerialState {
+ SysBusDevice parent_obj;
+
+ MemoryRegion iomem;
+ int32_t readbuff;
+
+ uint32_t usr1;
+ uint32_t usr2;
+ uint32_t ucr1;
+ uint32_t ucr2;
+ uint32_t uts1;
+
+ /*
+ * The registers below are implemented just so that the
+ * guest OS sees what it has written
+ */
+ uint32_t onems;
+ uint32_t ufcr;
+ uint32_t ubmr;
+ uint32_t ubrc;
+ uint32_t ucr3;
+
+ qemu_irq irq;
+ CharDriverState *chr;
+} IMXSerialState;
+
+static const VMStateDescription vmstate_imx_serial = {
+ .name = "imx-serial",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .minimum_version_id_old = 1,
+ .fields = (VMStateField[]) {
+ VMSTATE_INT32(readbuff, IMXSerialState),
+ VMSTATE_UINT32(usr1, IMXSerialState),
+ VMSTATE_UINT32(usr2, IMXSerialState),
+ VMSTATE_UINT32(ucr1, IMXSerialState),
+ VMSTATE_UINT32(uts1, IMXSerialState),
+ VMSTATE_UINT32(onems, IMXSerialState),
+ VMSTATE_UINT32(ufcr, IMXSerialState),
+ VMSTATE_UINT32(ubmr, IMXSerialState),
+ VMSTATE_UINT32(ubrc, IMXSerialState),
+ VMSTATE_UINT32(ucr3, IMXSerialState),
+ VMSTATE_END_OF_LIST()
+ },
+};
+
+
+#define URXD_CHARRDY (1<<15) /* character read is valid */
+#define URXD_ERR (1<<14) /* Character has error */
+#define URXD_BRK (1<<11) /* Break received */
+
+#define USR1_PARTYER (1<<15) /* Parity Error */
+#define USR1_RTSS (1<<14) /* RTS pin status */
+#define USR1_TRDY (1<<13) /* Tx ready */
+#define USR1_RTSD (1<<12) /* RTS delta: pin changed state */
+#define USR1_ESCF (1<<11) /* Escape sequence interrupt */
+#define USR1_FRAMERR (1<<10) /* Framing error */
+#define USR1_RRDY (1<<9) /* receiver ready */
+#define USR1_AGTIM (1<<8) /* Aging timer interrupt */
+#define USR1_DTRD (1<<7) /* DTR changed */
+#define USR1_RXDS (1<<6) /* Receiver is idle */
+#define USR1_AIRINT (1<<5) /* Aysnch IR interrupt */
+#define USR1_AWAKE (1<<4) /* Falling edge detected on RXd pin */
+
+#define USR2_ADET (1<<15) /* Autobaud complete */
+#define USR2_TXFE (1<<14) /* Transmit FIFO empty */
+#define USR2_DTRF (1<<13) /* DTR/DSR transition */
+#define USR2_IDLE (1<<12) /* UART has been idle for too long */
+#define USR2_ACST (1<<11) /* Autobaud counter stopped */
+#define USR2_RIDELT (1<<10) /* Ring Indicator delta */
+#define USR2_RIIN (1<<9) /* Ring Indicator Input */
+#define USR2_IRINT (1<<8) /* Serial Infrared Interrupt */
+#define USR2_WAKE (1<<7) /* Start bit detected */
+#define USR2_DCDDELT (1<<6) /* Data Carrier Detect delta */
+#define USR2_DCDIN (1<<5) /* Data Carrier Detect Input */
+#define USR2_RTSF (1<<4) /* RTS transition */
+#define USR2_TXDC (1<<3) /* Transmission complete */
+#define USR2_BRCD (1<<2) /* Break condition detected */
+#define USR2_ORE (1<<1) /* Overrun error */
+#define USR2_RDR (1<<0) /* Receive data ready */
+
+#define UCR1_TRDYEN (1<<13) /* Tx Ready Interrupt Enable */
+#define UCR1_RRDYEN (1<<9) /* Rx Ready Interrupt Enable */
+#define UCR1_TXMPTYEN (1<<6) /* Tx Empty Interrupt Enable */
+#define UCR1_UARTEN (1<<0) /* UART Enable */
+
+#define UCR2_TXEN (1<<2) /* Transmitter enable */
+#define UCR2_RXEN (1<<1) /* Receiver enable */
+#define UCR2_SRST (1<<0) /* Reset complete */
+
+#define UTS1_TXEMPTY (1<<6)
+#define UTS1_RXEMPTY (1<<5)
+#define UTS1_TXFULL (1<<4)
+#define UTS1_RXFULL (1<<3)
+
+static void imx_update(IMXSerialState *s)
+{
+ uint32_t flags;
+
+ flags = (s->usr1 & s->ucr1) & (USR1_TRDY|USR1_RRDY);
+ if (!(s->ucr1 & UCR1_TXMPTYEN)) {
+ flags &= ~USR1_TRDY;
+ }
+
+ qemu_set_irq(s->irq, !!flags);
+}
+
+static void imx_serial_reset(IMXSerialState *s)
+{
+
+ s->usr1 = USR1_TRDY | USR1_RXDS;
+ /*
+ * Fake attachment of a terminal: assert RTS.
+ */
+ s->usr1 |= USR1_RTSS;
+ s->usr2 = USR2_TXFE | USR2_TXDC | USR2_DCDIN;
+ s->uts1 = UTS1_RXEMPTY | UTS1_TXEMPTY;
+ s->ucr1 = 0;
+ s->ucr2 = UCR2_SRST;
+ s->ucr3 = 0x700;
+ s->ubmr = 0;
+ s->ubrc = 4;
+ s->readbuff = URXD_ERR;
+}
+
+static void imx_serial_reset_at_boot(DeviceState *dev)
+{
+ IMXSerialState *s = IMX_SERIAL(dev);
+
+ imx_serial_reset(s);
+
+ /*
+ * enable the uart on boot, so messages from the linux decompresser
+ * are visible. On real hardware this is done by the boot rom
+ * before anything else is loaded.
+ */
+ s->ucr1 = UCR1_UARTEN;
+ s->ucr2 = UCR2_TXEN;
+
+}
+
+static uint64_t imx_serial_read(void *opaque, hwaddr offset,
+ unsigned size)
+{
+ IMXSerialState *s = (IMXSerialState *)opaque;
+ uint32_t c;
+
+ DPRINTF("read(offset=%x)\n", offset >> 2);
+ switch (offset >> 2) {
+ case 0x0: /* URXD */
+ c = s->readbuff;
+ if (!(s->uts1 & UTS1_RXEMPTY)) {
+ /* Character is valid */
+ c |= URXD_CHARRDY;
+ s->usr1 &= ~USR1_RRDY;
+ s->usr2 &= ~USR2_RDR;
+ s->uts1 |= UTS1_RXEMPTY;
+ imx_update(s);
+ qemu_chr_accept_input(s->chr);
+ }
+ return c;
+
+ case 0x20: /* UCR1 */
+ return s->ucr1;
+
+ case 0x21: /* UCR2 */
+ return s->ucr2;
+
+ case 0x25: /* USR1 */
+ return s->usr1;
+
+ case 0x26: /* USR2 */
+ return s->usr2;
+
+ case 0x2A: /* BRM Modulator */
+ return s->ubmr;
+
+ case 0x2B: /* Baud Rate Count */
+ return s->ubrc;
+
+ case 0x2d: /* Test register */
+ return s->uts1;
+
+ case 0x24: /* UFCR */
+ return s->ufcr;
+
+ case 0x2c:
+ return s->onems;
+
+ case 0x22: /* UCR3 */
+ return s->ucr3;
+
+ case 0x23: /* UCR4 */
+ case 0x29: /* BRM Incremental */
+ return 0x0; /* TODO */
+
+ default:
+ IPRINTF("imx_serial_read: bad offset: 0x%x\n", (int)offset);
+ return 0;
+ }
+}
+
+static void imx_serial_write(void *opaque, hwaddr offset,
+ uint64_t value, unsigned size)
+{
+ IMXSerialState *s = (IMXSerialState *)opaque;
+ unsigned char ch;
+
+ DPRINTF("write(offset=%x, value = %x) to %s\n",
+ offset >> 2,
+ (unsigned int)value, s->chr ? s->chr->label : "NODEV");
+
+ switch (offset >> 2) {
+ case 0x10: /* UTXD */
+ ch = value;
+ if (s->ucr2 & UCR2_TXEN) {
+ if (s->chr) {
+ qemu_chr_fe_write(s->chr, &ch, 1);
+ }
+ s->usr1 &= ~USR1_TRDY;
+ imx_update(s);
+ s->usr1 |= USR1_TRDY;
+ imx_update(s);
+ }
+ break;
+
+ case 0x20: /* UCR1 */
+ s->ucr1 = value & 0xffff;
+ DPRINTF("write(ucr1=%x)\n", (unsigned int)value);
+ imx_update(s);
+ break;
+
+ case 0x21: /* UCR2 */
+ /*
+ * Only a few bits in control register 2 are implemented as yet.
+ * If it's intended to use a real serial device as a back-end, this
+ * register will have to be implemented more fully.
+ */
+ if (!(value & UCR2_SRST)) {
+ imx_serial_reset(s);
+ imx_update(s);
+ value |= UCR2_SRST;
+ }
+ if (value & UCR2_RXEN) {
+ if (!(s->ucr2 & UCR2_RXEN)) {
+ qemu_chr_accept_input(s->chr);
+ }
+ }
+ s->ucr2 = value & 0xffff;
+ break;
+
+ case 0x25: /* USR1 */
+ value &= USR1_AWAKE | USR1_AIRINT | USR1_DTRD | USR1_AGTIM |
+ USR1_FRAMERR | USR1_ESCF | USR1_RTSD | USR1_PARTYER;
+ s->usr1 &= ~value;
+ break;
+
+ case 0x26: /* USR2 */
+ /*
+ * Writing 1 to some bits clears them; all other
+ * values are ignored
+ */
+ value &= USR2_ADET | USR2_DTRF | USR2_IDLE | USR2_ACST |
+ USR2_RIDELT | USR2_IRINT | USR2_WAKE |
+ USR2_DCDDELT | USR2_RTSF | USR2_BRCD | USR2_ORE;
+ s->usr2 &= ~value;
+ break;
+
+ /*
+ * Linux expects to see what it writes to these registers
+ * We don't currently alter the baud rate
+ */
+ case 0x29: /* UBIR */
+ s->ubrc = value & 0xffff;
+ break;
+
+ case 0x2a: /* UBMR */
+ s->ubmr = value & 0xffff;
+ break;
+
+ case 0x2c: /* One ms reg */
+ s->onems = value & 0xffff;
+ break;
+
+ case 0x24: /* FIFO control register */
+ s->ufcr = value & 0xffff;
+ break;
+
+ case 0x22: /* UCR3 */
+ s->ucr3 = value & 0xffff;
+ break;
+
+ case 0x2d: /* UTS1 */
+ case 0x23: /* UCR4 */
+ IPRINTF("Unimplemented Register %x written to\n", offset >> 2);
+ /* TODO */
+ break;
+
+ default:
+ IPRINTF("imx_serial_write: Bad offset 0x%x\n", (int)offset);
+ }
+}
+
+static int imx_can_receive(void *opaque)
+{
+ IMXSerialState *s = (IMXSerialState *)opaque;
+ return !(s->usr1 & USR1_RRDY);
+}
+
+static void imx_put_data(void *opaque, uint32_t value)
+{
+ IMXSerialState *s = (IMXSerialState *)opaque;
+ DPRINTF("received char\n");
+ s->usr1 |= USR1_RRDY;
+ s->usr2 |= USR2_RDR;
+ s->uts1 &= ~UTS1_RXEMPTY;
+ s->readbuff = value;
+ imx_update(s);
+}
+
+static void imx_receive(void *opaque, const uint8_t *buf, int size)
+{
+ imx_put_data(opaque, *buf);
+}
+
+static void imx_event(void *opaque, int event)
+{
+ if (event == CHR_EVENT_BREAK) {
+ imx_put_data(opaque, URXD_BRK);
+ }
+}
+
+
+static const struct MemoryRegionOps imx_serial_ops = {
+ .read = imx_serial_read,
+ .write = imx_serial_write,
+ .endianness = DEVICE_NATIVE_ENDIAN,
+};
+
+static int imx_serial_init(SysBusDevice *dev)
+{
+ IMXSerialState *s = IMX_SERIAL(dev);
+
+
+ memory_region_init_io(&s->iomem, OBJECT(s), &imx_serial_ops, s,
+ "imx-serial", 0x1000);
+ sysbus_init_mmio(dev, &s->iomem);
+ sysbus_init_irq(dev, &s->irq);
+
+ if (s->chr) {
+ qemu_chr_add_handlers(s->chr, imx_can_receive, imx_receive,
+ imx_event, s);
+ } else {
+ DPRINTF("No char dev for uart at 0x%lx\n",
+ (unsigned long)s->iomem.ram_addr);
+ }
+
+ return 0;
+}
+
+void imx_serial_create(int uart, const hwaddr addr, qemu_irq irq)
+{
+ DeviceState *dev;
+ SysBusDevice *bus;
+ CharDriverState *chr;
+ const char chr_name[] = "serial";
+ char label[ARRAY_SIZE(chr_name) + 1];
+
+ dev = qdev_create(NULL, TYPE_IMX_SERIAL);
+
+ if (uart >= MAX_SERIAL_PORTS) {
+ hw_error("Cannot assign uart %d: QEMU supports only %d ports\n",
+ uart, MAX_SERIAL_PORTS);
+ }
+ chr = serial_hds[uart];
+ if (!chr) {
+ snprintf(label, ARRAY_SIZE(label), "%s%d", chr_name, uart);
+ chr = qemu_chr_new(label, "null", NULL);
+ if (!(chr)) {
+ hw_error("Can't assign serial port to imx-uart%d.\n", uart);
+ }
+ }
+
+ qdev_prop_set_chr(dev, "chardev", chr);
+ bus = SYS_BUS_DEVICE(dev);
+ qdev_init_nofail(dev);
+ if (addr != (hwaddr)-1) {
+ sysbus_mmio_map(bus, 0, addr);
+ }
+ sysbus_connect_irq(bus, 0, irq);
+
+}
+
+
+static Property imx32_serial_properties[] = {
+ DEFINE_PROP_CHR("chardev", IMXSerialState, chr),
+ DEFINE_PROP_END_OF_LIST(),
+};
+
+static void imx_serial_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
+
+ k->init = imx_serial_init;
+ dc->vmsd = &vmstate_imx_serial;
+ dc->reset = imx_serial_reset_at_boot;
+ set_bit(DEVICE_CATEGORY_INPUT, dc->categories);
+ dc->desc = "i.MX series UART";
+ dc->props = imx32_serial_properties;
+}
+
+static const TypeInfo imx_serial_info = {
+ .name = TYPE_IMX_SERIAL,
+ .parent = TYPE_SYS_BUS_DEVICE,
+ .instance_size = sizeof(IMXSerialState),
+ .class_init = imx_serial_class_init,
+};
+
+static void imx_serial_register_types(void)
+{
+ type_register_static(&imx_serial_info);
+}
+
+type_init(imx_serial_register_types)
diff --git a/hw/char/ipack.c b/hw/char/ipack.c
new file mode 100644
index 000000000..f890471db
--- /dev/null
+++ b/hw/char/ipack.c
@@ -0,0 +1,116 @@
+/*
+ * QEMU IndustryPack emulation
+ *
+ * Copyright (C) 2012 Igalia, S.L.
+ * Author: Alberto Garcia <agarcia@igalia.com>
+ *
+ * This code is licensed under the GNU GPL v2 or (at your option) any
+ * later version.
+ */
+
+#include "ipack.h"
+
+IPackDevice *ipack_device_find(IPackBus *bus, int32_t slot)
+{
+ BusChild *kid;
+
+ QTAILQ_FOREACH(kid, &BUS(bus)->children, sibling) {
+ DeviceState *qdev = kid->child;
+ IPackDevice *ip = IPACK_DEVICE(qdev);
+ if (ip->slot == slot) {
+ return ip;
+ }
+ }
+ return NULL;
+}
+
+void ipack_bus_new_inplace(IPackBus *bus, DeviceState *parent,
+ const char *name, uint8_t n_slots,
+ qemu_irq_handler handler)
+{
+ qbus_create_inplace(&bus->qbus, TYPE_IPACK_BUS, parent, name);
+ bus->n_slots = n_slots;
+ bus->set_irq = handler;
+}
+
+static int ipack_device_dev_init(DeviceState *qdev)
+{
+ IPackBus *bus = IPACK_BUS(qdev_get_parent_bus(qdev));
+ IPackDevice *dev = IPACK_DEVICE(qdev);
+ IPackDeviceClass *k = IPACK_DEVICE_GET_CLASS(dev);
+
+ if (dev->slot < 0) {
+ dev->slot = bus->free_slot;
+ }
+ if (dev->slot >= bus->n_slots) {
+ return -1;
+ }
+ bus->free_slot = dev->slot + 1;
+
+ dev->irq = qemu_allocate_irqs(bus->set_irq, dev, 2);
+
+ return k->init(dev);
+}
+
+static int ipack_device_dev_exit(DeviceState *qdev)
+{
+ IPackDevice *dev = IPACK_DEVICE(qdev);
+ IPackDeviceClass *k = IPACK_DEVICE_GET_CLASS(dev);
+
+ if (k->exit) {
+ k->exit(dev);
+ }
+
+ qemu_free_irqs(dev->irq);
+
+ return 0;
+}
+
+static Property ipack_device_props[] = {
+ DEFINE_PROP_INT32("slot", IPackDevice, slot, -1),
+ DEFINE_PROP_END_OF_LIST()
+};
+
+static void ipack_device_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *k = DEVICE_CLASS(klass);
+ set_bit(DEVICE_CATEGORY_INPUT, k->categories);
+ k->bus_type = TYPE_IPACK_BUS;
+ k->init = ipack_device_dev_init;
+ k->exit = ipack_device_dev_exit;
+ k->props = ipack_device_props;
+}
+
+const VMStateDescription vmstate_ipack_device = {
+ .name = "ipack_device",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .minimum_version_id_old = 1,
+ .fields = (VMStateField[]) {
+ VMSTATE_INT32(slot, IPackDevice),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+static const TypeInfo ipack_device_info = {
+ .name = TYPE_IPACK_DEVICE,
+ .parent = TYPE_DEVICE,
+ .instance_size = sizeof(IPackDevice),
+ .class_size = sizeof(IPackDeviceClass),
+ .class_init = ipack_device_class_init,
+ .abstract = true,
+};
+
+static const TypeInfo ipack_bus_info = {
+ .name = TYPE_IPACK_BUS,
+ .parent = TYPE_BUS,
+ .instance_size = sizeof(IPackBus),
+};
+
+static void ipack_register_types(void)
+{
+ type_register_static(&ipack_device_info);
+ type_register_static(&ipack_bus_info);
+}
+
+type_init(ipack_register_types)
diff --git a/hw/char/ipack.h b/hw/char/ipack.h
new file mode 100644
index 000000000..f2b7a12e0
--- /dev/null
+++ b/hw/char/ipack.h
@@ -0,0 +1,79 @@
+/*
+ * QEMU IndustryPack emulation
+ *
+ * Copyright (C) 2012 Igalia, S.L.
+ * Author: Alberto Garcia <agarcia@igalia.com>
+ *
+ * This code is licensed under the GNU GPL v2 or (at your option) any
+ * later version.
+ */
+
+#ifndef QEMU_IPACK_H
+#define QEMU_IPACK_H
+
+#include "hw/qdev.h"
+
+typedef struct IPackBus IPackBus;
+
+#define TYPE_IPACK_BUS "IndustryPack"
+#define IPACK_BUS(obj) OBJECT_CHECK(IPackBus, (obj), TYPE_IPACK_BUS)
+
+struct IPackBus {
+ BusState qbus;
+ /* All fields are private */
+ uint8_t n_slots;
+ uint8_t free_slot;
+ qemu_irq_handler set_irq;
+};
+
+typedef struct IPackDevice IPackDevice;
+typedef struct IPackDeviceClass IPackDeviceClass;
+
+#define TYPE_IPACK_DEVICE "ipack-device"
+#define IPACK_DEVICE(obj) \
+ OBJECT_CHECK(IPackDevice, (obj), TYPE_IPACK_DEVICE)
+#define IPACK_DEVICE_CLASS(klass) \
+ OBJECT_CLASS_CHECK(IPackDeviceClass, (klass), TYPE_IPACK_DEVICE)
+#define IPACK_DEVICE_GET_CLASS(obj) \
+ OBJECT_GET_CLASS(IPackDeviceClass, (obj), TYPE_IPACK_DEVICE)
+
+struct IPackDeviceClass {
+ DeviceClass parent_class;
+
+ int (*init)(IPackDevice *dev);
+ int (*exit)(IPackDevice *dev);
+
+ uint16_t (*io_read)(IPackDevice *dev, uint8_t addr);
+ void (*io_write)(IPackDevice *dev, uint8_t addr, uint16_t val);
+
+ uint16_t (*id_read)(IPackDevice *dev, uint8_t addr);
+ void (*id_write)(IPackDevice *dev, uint8_t addr, uint16_t val);
+
+ uint16_t (*int_read)(IPackDevice *dev, uint8_t addr);
+ void (*int_write)(IPackDevice *dev, uint8_t addr, uint16_t val);
+
+ uint16_t (*mem_read16)(IPackDevice *dev, uint32_t addr);
+ void (*mem_write16)(IPackDevice *dev, uint32_t addr, uint16_t val);
+
+ uint8_t (*mem_read8)(IPackDevice *dev, uint32_t addr);
+ void (*mem_write8)(IPackDevice *dev, uint32_t addr, uint8_t val);
+};
+
+struct IPackDevice {
+ DeviceState qdev;
+ int32_t slot;
+ /* IRQ objects for the IndustryPack INT0# and INT1# */
+ qemu_irq *irq;
+};
+
+extern const VMStateDescription vmstate_ipack_device;
+
+#define VMSTATE_IPACK_DEVICE(_field, _state) \
+ VMSTATE_STRUCT(_field, _state, 1, vmstate_ipack_device, IPackDevice)
+
+IPackDevice *ipack_device_find(IPackBus *bus, int32_t slot);
+void ipack_bus_new_inplace(IPackBus *bus, DeviceState *parent,
+ const char *name, uint8_t n_slots,
+ qemu_irq_handler handler);
+
+#endif
diff --git a/hw/char/ipoctal232.c b/hw/char/ipoctal232.c
new file mode 100644
index 000000000..88e2ccae7
--- /dev/null
+++ b/hw/char/ipoctal232.c
@@ -0,0 +1,606 @@
+/*
+ * QEMU GE IP-Octal 232 IndustryPack emulation
+ *
+ * Copyright (C) 2012 Igalia, S.L.
+ * Author: Alberto Garcia <agarcia@igalia.com>
+ *
+ * This code is licensed under the GNU GPL v2 or (at your option) any
+ * later version.
+ */
+
+#include "ipack.h"
+#include "qemu/bitops.h"
+#include "sysemu/char.h"
+
+/* #define DEBUG_IPOCTAL */
+
+#ifdef DEBUG_IPOCTAL
+#define DPRINTF2(fmt, ...) \
+ do { fprintf(stderr, fmt, ## __VA_ARGS__); } while (0)
+#else
+#define DPRINTF2(fmt, ...) do { } while (0)
+#endif
+
+#define DPRINTF(fmt, ...) DPRINTF2("IP-Octal: " fmt, ## __VA_ARGS__)
+
+#define RX_FIFO_SIZE 3
+
+/* The IP-Octal has 8 channels (a-h)
+ divided into 4 blocks (A-D) */
+#define N_CHANNELS 8
+#define N_BLOCKS 4
+
+#define REG_MRa 0x01
+#define REG_MRb 0x11
+#define REG_SRa 0x03
+#define REG_SRb 0x13
+#define REG_CSRa 0x03
+#define REG_CSRb 0x13
+#define REG_CRa 0x05
+#define REG_CRb 0x15
+#define REG_RHRa 0x07
+#define REG_RHRb 0x17
+#define REG_THRa 0x07
+#define REG_THRb 0x17
+#define REG_ACR 0x09
+#define REG_ISR 0x0B
+#define REG_IMR 0x0B
+#define REG_OPCR 0x1B
+
+#define CR_ENABLE_RX BIT(0)
+#define CR_DISABLE_RX BIT(1)
+#define CR_ENABLE_TX BIT(2)
+#define CR_DISABLE_TX BIT(3)
+#define CR_CMD(cr) ((cr) >> 4)
+#define CR_NO_OP 0
+#define CR_RESET_MR 1
+#define CR_RESET_RX 2
+#define CR_RESET_TX 3
+#define CR_RESET_ERR 4
+#define CR_RESET_BRKINT 5
+#define CR_START_BRK 6
+#define CR_STOP_BRK 7
+#define CR_ASSERT_RTSN 8
+#define CR_NEGATE_RTSN 9
+#define CR_TIMEOUT_ON 10
+#define CR_TIMEOUT_OFF 12
+
+#define SR_RXRDY BIT(0)
+#define SR_FFULL BIT(1)
+#define SR_TXRDY BIT(2)
+#define SR_TXEMT BIT(3)
+#define SR_OVERRUN BIT(4)
+#define SR_PARITY BIT(5)
+#define SR_FRAMING BIT(6)
+#define SR_BREAK BIT(7)
+
+#define ISR_TXRDYA BIT(0)
+#define ISR_RXRDYA BIT(1)
+#define ISR_BREAKA BIT(2)
+#define ISR_CNTRDY BIT(3)
+#define ISR_TXRDYB BIT(4)
+#define ISR_RXRDYB BIT(5)
+#define ISR_BREAKB BIT(6)
+#define ISR_MPICHG BIT(7)
+#define ISR_TXRDY(CH) (((CH) & 1) ? BIT(4) : BIT(0))
+#define ISR_RXRDY(CH) (((CH) & 1) ? BIT(5) : BIT(1))
+#define ISR_BREAK(CH) (((CH) & 1) ? BIT(6) : BIT(2))
+
+typedef struct IPOctalState IPOctalState;
+typedef struct SCC2698Channel SCC2698Channel;
+typedef struct SCC2698Block SCC2698Block;
+
+struct SCC2698Channel {
+ IPOctalState *ipoctal;
+ CharDriverState *dev;
+ bool rx_enabled;
+ uint8_t mr[2];
+ uint8_t mr_idx;
+ uint8_t sr;
+ uint8_t rhr[RX_FIFO_SIZE];
+ uint8_t rhr_idx;
+ uint8_t rx_pending;
+};
+
+struct SCC2698Block {
+ uint8_t imr;
+ uint8_t isr;
+};
+
+struct IPOctalState {
+ IPackDevice dev;
+ SCC2698Channel ch[N_CHANNELS];
+ SCC2698Block blk[N_BLOCKS];
+ uint8_t irq_vector;
+};
+
+#define TYPE_IPOCTAL "ipoctal232"
+
+#define IPOCTAL(obj) \
+ OBJECT_CHECK(IPOctalState, (obj), TYPE_IPOCTAL)
+
+static const VMStateDescription vmstate_scc2698_channel = {
+ .name = "scc2698_channel",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .minimum_version_id_old = 1,
+ .fields = (VMStateField[]) {
+ VMSTATE_BOOL(rx_enabled, SCC2698Channel),
+ VMSTATE_UINT8_ARRAY(mr, SCC2698Channel, 2),
+ VMSTATE_UINT8(mr_idx, SCC2698Channel),
+ VMSTATE_UINT8(sr, SCC2698Channel),
+ VMSTATE_UINT8_ARRAY(rhr, SCC2698Channel, RX_FIFO_SIZE),
+ VMSTATE_UINT8(rhr_idx, SCC2698Channel),
+ VMSTATE_UINT8(rx_pending, SCC2698Channel),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+static const VMStateDescription vmstate_scc2698_block = {
+ .name = "scc2698_block",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .minimum_version_id_old = 1,
+ .fields = (VMStateField[]) {
+ VMSTATE_UINT8(imr, SCC2698Block),
+ VMSTATE_UINT8(isr, SCC2698Block),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+static const VMStateDescription vmstate_ipoctal = {
+ .name = "ipoctal232",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .minimum_version_id_old = 1,
+ .fields = (VMStateField[]) {
+ VMSTATE_IPACK_DEVICE(dev, IPOctalState),
+ VMSTATE_STRUCT_ARRAY(ch, IPOctalState, N_CHANNELS, 1,
+ vmstate_scc2698_channel, SCC2698Channel),
+ VMSTATE_STRUCT_ARRAY(blk, IPOctalState, N_BLOCKS, 1,
+ vmstate_scc2698_block, SCC2698Block),
+ VMSTATE_UINT8(irq_vector, IPOctalState),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+/* data[10] is 0x0C, not 0x0B as the doc says */
+static const uint8_t id_prom_data[] = {
+ 0x49, 0x50, 0x41, 0x43, 0xF0, 0x22,
+ 0xA1, 0x00, 0x00, 0x00, 0x0C, 0xCC
+};
+
+static void update_irq(IPOctalState *dev, unsigned block)
+{
+ /* Blocks A and B interrupt on INT0#, C and D on INT1#.
+ Thus, to get the status we have to check two blocks. */
+ SCC2698Block *blk0 = &dev->blk[block];
+ SCC2698Block *blk1 = &dev->blk[block^1];
+ unsigned intno = block / 2;
+
+ if ((blk0->isr & blk0->imr) || (blk1->isr & blk1->imr)) {
+ qemu_irq_raise(dev->dev.irq[intno]);
+ } else {
+ qemu_irq_lower(dev->dev.irq[intno]);
+ }
+}
+
+static void write_cr(IPOctalState *dev, unsigned channel, uint8_t val)
+{
+ SCC2698Channel *ch = &dev->ch[channel];
+ SCC2698Block *blk = &dev->blk[channel / 2];
+
+ DPRINTF("Write CR%c %u: ", channel + 'a', val);
+
+ /* The lower 4 bits are used to enable and disable Tx and Rx */
+ if (val & CR_ENABLE_RX) {
+ DPRINTF2("Rx on, ");
+ ch->rx_enabled = true;
+ }
+ if (val & CR_DISABLE_RX) {
+ DPRINTF2("Rx off, ");
+ ch->rx_enabled = false;
+ }
+ if (val & CR_ENABLE_TX) {
+ DPRINTF2("Tx on, ");
+ ch->sr |= SR_TXRDY | SR_TXEMT;
+ blk->isr |= ISR_TXRDY(channel);
+ }
+ if (val & CR_DISABLE_TX) {
+ DPRINTF2("Tx off, ");
+ ch->sr &= ~(SR_TXRDY | SR_TXEMT);
+ blk->isr &= ~ISR_TXRDY(channel);
+ }
+
+ DPRINTF2("cmd: ");
+
+ /* The rest of the bits implement different commands */
+ switch (CR_CMD(val)) {
+ case CR_NO_OP:
+ DPRINTF2("none");
+ break;
+ case CR_RESET_MR:
+ DPRINTF2("reset MR");
+ ch->mr_idx = 0;
+ break;
+ case CR_RESET_RX:
+ DPRINTF2("reset Rx");
+ ch->rx_enabled = false;
+ ch->rx_pending = 0;
+ ch->sr &= ~SR_RXRDY;
+ blk->isr &= ~ISR_RXRDY(channel);
+ break;
+ case CR_RESET_TX:
+ DPRINTF2("reset Tx");
+ ch->sr &= ~(SR_TXRDY | SR_TXEMT);
+ blk->isr &= ~ISR_TXRDY(channel);
+ break;
+ case CR_RESET_ERR:
+ DPRINTF2("reset err");
+ ch->sr &= ~(SR_OVERRUN | SR_PARITY | SR_FRAMING | SR_BREAK);
+ break;
+ case CR_RESET_BRKINT:
+ DPRINTF2("reset brk ch int");
+ blk->isr &= ~(ISR_BREAKA | ISR_BREAKB);
+ break;
+ default:
+ DPRINTF2("unsupported 0x%x", CR_CMD(val));
+ }
+
+ DPRINTF2("\n");
+}
+
+static uint16_t io_read(IPackDevice *ip, uint8_t addr)
+{
+ IPOctalState *dev = IPOCTAL(ip);
+ uint16_t ret = 0;
+ /* addr[7:6]: block (A-D)
+ addr[7:5]: channel (a-h)
+ addr[5:0]: register */
+ unsigned block = addr >> 5;
+ unsigned channel = addr >> 4;
+ /* Big endian, accessed using 8-bit bytes at odd locations */
+ unsigned offset = (addr & 0x1F) ^ 1;
+ SCC2698Channel *ch = &dev->ch[channel];
+ SCC2698Block *blk = &dev->blk[block];
+ uint8_t old_isr = blk->isr;
+
+ switch (offset) {
+
+ case REG_MRa:
+ case REG_MRb:
+ ret = ch->mr[ch->mr_idx];
+ DPRINTF("Read MR%u%c: 0x%x\n", ch->mr_idx + 1, channel + 'a', ret);
+ ch->mr_idx = 1;
+ break;
+
+ case REG_SRa:
+ case REG_SRb:
+ ret = ch->sr;
+ DPRINTF("Read SR%c: 0x%x\n", channel + 'a', ret);
+ break;
+
+ case REG_RHRa:
+ case REG_RHRb:
+ ret = ch->rhr[ch->rhr_idx];
+ if (ch->rx_pending > 0) {
+ ch->rx_pending--;
+ if (ch->rx_pending == 0) {
+ ch->sr &= ~SR_RXRDY;
+ blk->isr &= ~ISR_RXRDY(channel);
+ if (ch->dev) {
+ qemu_chr_accept_input(ch->dev);
+ }
+ } else {
+ ch->rhr_idx = (ch->rhr_idx + 1) % RX_FIFO_SIZE;
+ }
+ if (ch->sr & SR_BREAK) {
+ ch->sr &= ~SR_BREAK;
+ blk->isr |= ISR_BREAK(channel);
+ }
+ }
+ DPRINTF("Read RHR%c (0x%x)\n", channel + 'a', ret);
+ break;
+
+ case REG_ISR:
+ ret = blk->isr;
+ DPRINTF("Read ISR%c: 0x%x\n", block + 'A', ret);
+ break;
+
+ default:
+ DPRINTF("Read unknown/unsupported register 0x%02x\n", offset);
+ }
+
+ if (old_isr != blk->isr) {
+ update_irq(dev, block);
+ }
+
+ return ret;
+}
+
+static void io_write(IPackDevice *ip, uint8_t addr, uint16_t val)
+{
+ IPOctalState *dev = IPOCTAL(ip);
+ unsigned reg = val & 0xFF;
+ /* addr[7:6]: block (A-D)
+ addr[7:5]: channel (a-h)
+ addr[5:0]: register */
+ unsigned block = addr >> 5;
+ unsigned channel = addr >> 4;
+ /* Big endian, accessed using 8-bit bytes at odd locations */
+ unsigned offset = (addr & 0x1F) ^ 1;
+ SCC2698Channel *ch = &dev->ch[channel];
+ SCC2698Block *blk = &dev->blk[block];
+ uint8_t old_isr = blk->isr;
+ uint8_t old_imr = blk->imr;
+
+ switch (offset) {
+
+ case REG_MRa:
+ case REG_MRb:
+ ch->mr[ch->mr_idx] = reg;
+ DPRINTF("Write MR%u%c 0x%x\n", ch->mr_idx + 1, channel + 'a', reg);
+ ch->mr_idx = 1;
+ break;
+
+ /* Not implemented */
+ case REG_CSRa:
+ case REG_CSRb:
+ DPRINTF("Write CSR%c: 0x%x\n", channel + 'a', reg);
+ break;
+
+ case REG_CRa:
+ case REG_CRb:
+ write_cr(dev, channel, reg);
+ break;
+
+ case REG_THRa:
+ case REG_THRb:
+ if (ch->sr & SR_TXRDY) {
+ DPRINTF("Write THR%c (0x%x)\n", channel + 'a', reg);
+ if (ch->dev) {
+ uint8_t thr = reg;
+ qemu_chr_fe_write(ch->dev, &thr, 1);
+ }
+ } else {
+ DPRINTF("Write THR%c (0x%x), Tx disabled\n", channel + 'a', reg);
+ }
+ break;
+
+ /* Not implemented */
+ case REG_ACR:
+ DPRINTF("Write ACR%c 0x%x\n", block + 'A', val);
+ break;
+
+ case REG_IMR:
+ DPRINTF("Write IMR%c 0x%x\n", block + 'A', val);
+ blk->imr = reg;
+ break;
+
+ /* Not implemented */
+ case REG_OPCR:
+ DPRINTF("Write OPCR%c 0x%x\n", block + 'A', val);
+ break;
+
+ default:
+ DPRINTF("Write unknown/unsupported register 0x%02x %u\n", offset, val);
+ }
+
+ if (old_isr != blk->isr || old_imr != blk->imr) {
+ update_irq(dev, block);
+ }
+}
+
+static uint16_t id_read(IPackDevice *ip, uint8_t addr)
+{
+ uint16_t ret = 0;
+ unsigned pos = addr / 2; /* The ID PROM data is stored every other byte */
+
+ if (pos < ARRAY_SIZE(id_prom_data)) {
+ ret = id_prom_data[pos];
+ } else {
+ DPRINTF("Attempt to read unavailable PROM data at 0x%x\n", addr);
+ }
+
+ return ret;
+}
+
+static void id_write(IPackDevice *ip, uint8_t addr, uint16_t val)
+{
+ IPOctalState *dev = IPOCTAL(ip);
+ if (addr == 1) {
+ DPRINTF("Write IRQ vector: %u\n", (unsigned) val);
+ dev->irq_vector = val; /* Undocumented, but the hw works like that */
+ } else {
+ DPRINTF("Attempt to write 0x%x to 0x%x\n", val, addr);
+ }
+}
+
+static uint16_t int_read(IPackDevice *ip, uint8_t addr)
+{
+ IPOctalState *dev = IPOCTAL(ip);
+ /* Read address 0 to ACK INT0# and address 2 to ACK INT1# */
+ if (addr != 0 && addr != 2) {
+ DPRINTF("Attempt to read from 0x%x\n", addr);
+ return 0;
+ } else {
+ /* Update interrupts if necessary */
+ update_irq(dev, addr);
+ return dev->irq_vector;
+ }
+}
+
+static void int_write(IPackDevice *ip, uint8_t addr, uint16_t val)
+{
+ DPRINTF("Attempt to write 0x%x to 0x%x\n", val, addr);
+}
+
+static uint16_t mem_read16(IPackDevice *ip, uint32_t addr)
+{
+ DPRINTF("Attempt to read from 0x%x\n", addr);
+ return 0;
+}
+
+static void mem_write16(IPackDevice *ip, uint32_t addr, uint16_t val)
+{
+ DPRINTF("Attempt to write 0x%x to 0x%x\n", val, addr);
+}
+
+static uint8_t mem_read8(IPackDevice *ip, uint32_t addr)
+{
+ DPRINTF("Attempt to read from 0x%x\n", addr);
+ return 0;
+}
+
+static void mem_write8(IPackDevice *ip, uint32_t addr, uint8_t val)
+{
+ IPOctalState *dev = IPOCTAL(ip);
+ if (addr == 1) {
+ DPRINTF("Write IRQ vector: %u\n", (unsigned) val);
+ dev->irq_vector = val;
+ } else {
+ DPRINTF("Attempt to write 0x%x to 0x%x\n", val, addr);
+ }
+}
+
+static int hostdev_can_receive(void *opaque)
+{
+ SCC2698Channel *ch = opaque;
+ int available_bytes = RX_FIFO_SIZE - ch->rx_pending;
+ return ch->rx_enabled ? available_bytes : 0;
+}
+
+static void hostdev_receive(void *opaque, const uint8_t *buf, int size)
+{
+ SCC2698Channel *ch = opaque;
+ IPOctalState *dev = ch->ipoctal;
+ unsigned pos = ch->rhr_idx + ch->rx_pending;
+ int i;
+
+ assert(size + ch->rx_pending <= RX_FIFO_SIZE);
+
+ /* Copy data to the RxFIFO */
+ for (i = 0; i < size; i++) {
+ pos %= RX_FIFO_SIZE;
+ ch->rhr[pos++] = buf[i];
+ }
+
+ ch->rx_pending += size;
+
+ /* If the RxFIFO was empty raise an interrupt */
+ if (!(ch->sr & SR_RXRDY)) {
+ unsigned block, channel = 0;
+ /* Find channel number to update the ISR register */
+ while (&dev->ch[channel] != ch) {
+ channel++;
+ }
+ block = channel / 2;
+ dev->blk[block].isr |= ISR_RXRDY(channel);
+ ch->sr |= SR_RXRDY;
+ update_irq(dev, block);
+ }
+}
+
+static void hostdev_event(void *opaque, int event)
+{
+ SCC2698Channel *ch = opaque;
+ switch (event) {
+ case CHR_EVENT_OPENED:
+ DPRINTF("Device %s opened\n", ch->dev->label);
+ break;
+ case CHR_EVENT_BREAK: {
+ uint8_t zero = 0;
+ DPRINTF("Device %s received break\n", ch->dev->label);
+
+ if (!(ch->sr & SR_BREAK)) {
+ IPOctalState *dev = ch->ipoctal;
+ unsigned block, channel = 0;
+
+ while (&dev->ch[channel] != ch) {
+ channel++;
+ }
+ block = channel / 2;
+
+ ch->sr |= SR_BREAK;
+ dev->blk[block].isr |= ISR_BREAK(channel);
+ }
+
+ /* Put a zero character in the buffer */
+ hostdev_receive(ch, &zero, 1);
+ }
+ break;
+ default:
+ DPRINTF("Device %s received event %d\n", ch->dev->label, event);
+ }
+}
+
+static int ipoctal_init(IPackDevice *ip)
+{
+ IPOctalState *s = IPOCTAL(ip);
+ unsigned i;
+
+ for (i = 0; i < N_CHANNELS; i++) {
+ SCC2698Channel *ch = &s->ch[i];
+ ch->ipoctal = s;
+
+ /* Redirect IP-Octal channels to host character devices */
+ if (ch->dev) {
+ qemu_chr_add_handlers(ch->dev, hostdev_can_receive,
+ hostdev_receive, hostdev_event, ch);
+ DPRINTF("Redirecting channel %u to %s\n", i, ch->dev->label);
+ } else {
+ DPRINTF("Could not redirect channel %u, no chardev set\n", i);
+ }
+ }
+
+ return 0;
+}
+
+static Property ipoctal_properties[] = {
+ DEFINE_PROP_CHR("chardev0", IPOctalState, ch[0].dev),
+ DEFINE_PROP_CHR("chardev1", IPOctalState, ch[1].dev),
+ DEFINE_PROP_CHR("chardev2", IPOctalState, ch[2].dev),
+ DEFINE_PROP_CHR("chardev3", IPOctalState, ch[3].dev),
+ DEFINE_PROP_CHR("chardev4", IPOctalState, ch[4].dev),
+ DEFINE_PROP_CHR("chardev5", IPOctalState, ch[5].dev),
+ DEFINE_PROP_CHR("chardev6", IPOctalState, ch[6].dev),
+ DEFINE_PROP_CHR("chardev7", IPOctalState, ch[7].dev),
+ DEFINE_PROP_END_OF_LIST(),
+};
+
+static void ipoctal_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ IPackDeviceClass *ic = IPACK_DEVICE_CLASS(klass);
+
+ ic->init = ipoctal_init;
+ ic->io_read = io_read;
+ ic->io_write = io_write;
+ ic->id_read = id_read;
+ ic->id_write = id_write;
+ ic->int_read = int_read;
+ ic->int_write = int_write;
+ ic->mem_read16 = mem_read16;
+ ic->mem_write16 = mem_write16;
+ ic->mem_read8 = mem_read8;
+ ic->mem_write8 = mem_write8;
+
+ set_bit(DEVICE_CATEGORY_INPUT, dc->categories);
+ dc->desc = "GE IP-Octal 232 8-channel RS-232 IndustryPack";
+ dc->props = ipoctal_properties;
+ dc->vmsd = &vmstate_ipoctal;
+}
+
+static const TypeInfo ipoctal_info = {
+ .name = TYPE_IPOCTAL,
+ .parent = TYPE_IPACK_DEVICE,
+ .instance_size = sizeof(IPOctalState),
+ .class_init = ipoctal_class_init,
+};
+
+static void ipoctal_register_types(void)
+{
+ type_register_static(&ipoctal_info);
+}
+
+type_init(ipoctal_register_types)
diff --git a/hw/char/lm32_juart.c b/hw/char/lm32_juart.c
new file mode 100644
index 000000000..252fe46da
--- /dev/null
+++ b/hw/char/lm32_juart.c
@@ -0,0 +1,162 @@
+/*
+ * LatticeMico32 JTAG UART model.
+ *
+ * Copyright (c) 2010 Michael Walle <michael@walle.cc>
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "hw/hw.h"
+#include "hw/sysbus.h"
+#include "trace.h"
+#include "sysemu/char.h"
+
+#include "hw/char/lm32_juart.h"
+
+enum {
+ LM32_JUART_MIN_SAVE_VERSION = 0,
+ LM32_JUART_CURRENT_SAVE_VERSION = 0,
+ LM32_JUART_MAX_SAVE_VERSION = 0,
+};
+
+enum {
+ JTX_FULL = (1<<8),
+};
+
+enum {
+ JRX_FULL = (1<<8),
+};
+
+#define LM32_JUART(obj) OBJECT_CHECK(LM32JuartState, (obj), TYPE_LM32_JUART)
+
+struct LM32JuartState {
+ SysBusDevice parent_obj;
+
+ CharDriverState *chr;
+
+ uint32_t jtx;
+ uint32_t jrx;
+};
+typedef struct LM32JuartState LM32JuartState;
+
+uint32_t lm32_juart_get_jtx(DeviceState *d)
+{
+ LM32JuartState *s = LM32_JUART(d);
+
+ trace_lm32_juart_get_jtx(s->jtx);
+ return s->jtx;
+}
+
+uint32_t lm32_juart_get_jrx(DeviceState *d)
+{
+ LM32JuartState *s = LM32_JUART(d);
+
+ trace_lm32_juart_get_jrx(s->jrx);
+ return s->jrx;
+}
+
+void lm32_juart_set_jtx(DeviceState *d, uint32_t jtx)
+{
+ LM32JuartState *s = LM32_JUART(d);
+ unsigned char ch = jtx & 0xff;
+
+ trace_lm32_juart_set_jtx(s->jtx);
+
+ s->jtx = jtx;
+ if (s->chr) {
+ qemu_chr_fe_write(s->chr, &ch, 1);
+ }
+}
+
+void lm32_juart_set_jrx(DeviceState *d, uint32_t jtx)
+{
+ LM32JuartState *s = LM32_JUART(d);
+
+ trace_lm32_juart_set_jrx(s->jrx);
+ s->jrx &= ~JRX_FULL;
+}
+
+static void juart_rx(void *opaque, const uint8_t *buf, int size)
+{
+ LM32JuartState *s = opaque;
+
+ s->jrx = *buf | JRX_FULL;
+}
+
+static int juart_can_rx(void *opaque)
+{
+ LM32JuartState *s = opaque;
+
+ return !(s->jrx & JRX_FULL);
+}
+
+static void juart_event(void *opaque, int event)
+{
+}
+
+static void juart_reset(DeviceState *d)
+{
+ LM32JuartState *s = LM32_JUART(d);
+
+ s->jtx = 0;
+ s->jrx = 0;
+}
+
+static int lm32_juart_init(SysBusDevice *dev)
+{
+ LM32JuartState *s = LM32_JUART(dev);
+
+ s->chr = qemu_char_get_next_serial();
+ if (s->chr) {
+ qemu_chr_add_handlers(s->chr, juart_can_rx, juart_rx, juart_event, s);
+ }
+
+ return 0;
+}
+
+static const VMStateDescription vmstate_lm32_juart = {
+ .name = "lm32-juart",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .minimum_version_id_old = 1,
+ .fields = (VMStateField[]) {
+ VMSTATE_UINT32(jtx, LM32JuartState),
+ VMSTATE_UINT32(jrx, LM32JuartState),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+static void lm32_juart_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
+
+ k->init = lm32_juart_init;
+ dc->reset = juart_reset;
+ dc->vmsd = &vmstate_lm32_juart;
+}
+
+static const TypeInfo lm32_juart_info = {
+ .name = TYPE_LM32_JUART,
+ .parent = TYPE_SYS_BUS_DEVICE,
+ .instance_size = sizeof(LM32JuartState),
+ .class_init = lm32_juart_class_init,
+};
+
+static void lm32_juart_register_types(void)
+{
+ type_register_static(&lm32_juart_info);
+}
+
+type_init(lm32_juart_register_types)
diff --git a/hw/char/lm32_uart.c b/hw/char/lm32_uart.c
new file mode 100644
index 000000000..85d726508
--- /dev/null
+++ b/hw/char/lm32_uart.c
@@ -0,0 +1,302 @@
+/*
+ * QEMU model of the LatticeMico32 UART block.
+ *
+ * Copyright (c) 2010 Michael Walle <michael@walle.cc>
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, see <http://www.gnu.org/licenses/>.
+ *
+ *
+ * Specification available at:
+ * http://www.latticesemi.com/documents/mico32uart.pdf
+ */
+
+
+#include "hw/hw.h"
+#include "hw/sysbus.h"
+#include "trace.h"
+#include "sysemu/char.h"
+#include "qemu/error-report.h"
+
+enum {
+ R_RXTX = 0,
+ R_IER,
+ R_IIR,
+ R_LCR,
+ R_MCR,
+ R_LSR,
+ R_MSR,
+ R_DIV,
+ R_MAX
+};
+
+enum {
+ IER_RBRI = (1<<0),
+ IER_THRI = (1<<1),
+ IER_RLSI = (1<<2),
+ IER_MSI = (1<<3),
+};
+
+enum {
+ IIR_STAT = (1<<0),
+ IIR_ID0 = (1<<1),
+ IIR_ID1 = (1<<2),
+};
+
+enum {
+ LCR_WLS0 = (1<<0),
+ LCR_WLS1 = (1<<1),
+ LCR_STB = (1<<2),
+ LCR_PEN = (1<<3),
+ LCR_EPS = (1<<4),
+ LCR_SP = (1<<5),
+ LCR_SB = (1<<6),
+};
+
+enum {
+ MCR_DTR = (1<<0),
+ MCR_RTS = (1<<1),
+};
+
+enum {
+ LSR_DR = (1<<0),
+ LSR_OE = (1<<1),
+ LSR_PE = (1<<2),
+ LSR_FE = (1<<3),
+ LSR_BI = (1<<4),
+ LSR_THRE = (1<<5),
+ LSR_TEMT = (1<<6),
+};
+
+enum {
+ MSR_DCTS = (1<<0),
+ MSR_DDSR = (1<<1),
+ MSR_TERI = (1<<2),
+ MSR_DDCD = (1<<3),
+ MSR_CTS = (1<<4),
+ MSR_DSR = (1<<5),
+ MSR_RI = (1<<6),
+ MSR_DCD = (1<<7),
+};
+
+#define TYPE_LM32_UART "lm32-uart"
+#define LM32_UART(obj) OBJECT_CHECK(LM32UartState, (obj), TYPE_LM32_UART)
+
+struct LM32UartState {
+ SysBusDevice parent_obj;
+
+ MemoryRegion iomem;
+ CharDriverState *chr;
+ qemu_irq irq;
+
+ uint32_t regs[R_MAX];
+};
+typedef struct LM32UartState LM32UartState;
+
+static void uart_update_irq(LM32UartState *s)
+{
+ unsigned int irq;
+
+ if ((s->regs[R_LSR] & (LSR_OE | LSR_PE | LSR_FE | LSR_BI))
+ && (s->regs[R_IER] & IER_RLSI)) {
+ irq = 1;
+ s->regs[R_IIR] = IIR_ID1 | IIR_ID0;
+ } else if ((s->regs[R_LSR] & LSR_DR) && (s->regs[R_IER] & IER_RBRI)) {
+ irq = 1;
+ s->regs[R_IIR] = IIR_ID1;
+ } else if ((s->regs[R_LSR] & LSR_THRE) && (s->regs[R_IER] & IER_THRI)) {
+ irq = 1;
+ s->regs[R_IIR] = IIR_ID0;
+ } else if ((s->regs[R_MSR] & 0x0f) && (s->regs[R_IER] & IER_MSI)) {
+ irq = 1;
+ s->regs[R_IIR] = 0;
+ } else {
+ irq = 0;
+ s->regs[R_IIR] = IIR_STAT;
+ }
+
+ trace_lm32_uart_irq_state(irq);
+ qemu_set_irq(s->irq, irq);
+}
+
+static uint64_t uart_read(void *opaque, hwaddr addr,
+ unsigned size)
+{
+ LM32UartState *s = opaque;
+ uint32_t r = 0;
+
+ addr >>= 2;
+ switch (addr) {
+ case R_RXTX:
+ r = s->regs[R_RXTX];
+ s->regs[R_LSR] &= ~LSR_DR;
+ uart_update_irq(s);
+ qemu_chr_accept_input(s->chr);
+ break;
+ case R_IIR:
+ case R_LSR:
+ case R_MSR:
+ r = s->regs[addr];
+ break;
+ case R_IER:
+ case R_LCR:
+ case R_MCR:
+ case R_DIV:
+ error_report("lm32_uart: read access to write only register 0x"
+ TARGET_FMT_plx, addr << 2);
+ break;
+ default:
+ error_report("lm32_uart: read access to unknown register 0x"
+ TARGET_FMT_plx, addr << 2);
+ break;
+ }
+
+ trace_lm32_uart_memory_read(addr << 2, r);
+ return r;
+}
+
+static void uart_write(void *opaque, hwaddr addr,
+ uint64_t value, unsigned size)
+{
+ LM32UartState *s = opaque;
+ unsigned char ch = value;
+
+ trace_lm32_uart_memory_write(addr, value);
+
+ addr >>= 2;
+ switch (addr) {
+ case R_RXTX:
+ if (s->chr) {
+ qemu_chr_fe_write(s->chr, &ch, 1);
+ }
+ break;
+ case R_IER:
+ case R_LCR:
+ case R_MCR:
+ case R_DIV:
+ s->regs[addr] = value;
+ break;
+ case R_IIR:
+ case R_LSR:
+ case R_MSR:
+ error_report("lm32_uart: write access to read only register 0x"
+ TARGET_FMT_plx, addr << 2);
+ break;
+ default:
+ error_report("lm32_uart: write access to unknown register 0x"
+ TARGET_FMT_plx, addr << 2);
+ break;
+ }
+ uart_update_irq(s);
+}
+
+static const MemoryRegionOps uart_ops = {
+ .read = uart_read,
+ .write = uart_write,
+ .endianness = DEVICE_NATIVE_ENDIAN,
+ .valid = {
+ .min_access_size = 4,
+ .max_access_size = 4,
+ },
+};
+
+static void uart_rx(void *opaque, const uint8_t *buf, int size)
+{
+ LM32UartState *s = opaque;
+
+ if (s->regs[R_LSR] & LSR_DR) {
+ s->regs[R_LSR] |= LSR_OE;
+ }
+
+ s->regs[R_LSR] |= LSR_DR;
+ s->regs[R_RXTX] = *buf;
+
+ uart_update_irq(s);
+}
+
+static int uart_can_rx(void *opaque)
+{
+ LM32UartState *s = opaque;
+
+ return !(s->regs[R_LSR] & LSR_DR);
+}
+
+static void uart_event(void *opaque, int event)
+{
+}
+
+static void uart_reset(DeviceState *d)
+{
+ LM32UartState *s = LM32_UART(d);
+ int i;
+
+ for (i = 0; i < R_MAX; i++) {
+ s->regs[i] = 0;
+ }
+
+ /* defaults */
+ s->regs[R_LSR] = LSR_THRE | LSR_TEMT;
+}
+
+static int lm32_uart_init(SysBusDevice *dev)
+{
+ LM32UartState *s = LM32_UART(dev);
+
+ sysbus_init_irq(dev, &s->irq);
+
+ memory_region_init_io(&s->iomem, OBJECT(s), &uart_ops, s,
+ "uart", R_MAX * 4);
+ sysbus_init_mmio(dev, &s->iomem);
+
+ s->chr = qemu_char_get_next_serial();
+ if (s->chr) {
+ qemu_chr_add_handlers(s->chr, uart_can_rx, uart_rx, uart_event, s);
+ }
+
+ return 0;
+}
+
+static const VMStateDescription vmstate_lm32_uart = {
+ .name = "lm32-uart",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .minimum_version_id_old = 1,
+ .fields = (VMStateField[]) {
+ VMSTATE_UINT32_ARRAY(regs, LM32UartState, R_MAX),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+static void lm32_uart_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
+
+ k->init = lm32_uart_init;
+ dc->reset = uart_reset;
+ dc->vmsd = &vmstate_lm32_uart;
+}
+
+static const TypeInfo lm32_uart_info = {
+ .name = TYPE_LM32_UART,
+ .parent = TYPE_SYS_BUS_DEVICE,
+ .instance_size = sizeof(LM32UartState),
+ .class_init = lm32_uart_class_init,
+};
+
+static void lm32_uart_register_types(void)
+{
+ type_register_static(&lm32_uart_info);
+}
+
+type_init(lm32_uart_register_types)
diff --git a/hw/char/mcf_uart.c b/hw/char/mcf_uart.c
new file mode 100644
index 000000000..98fd44e66
--- /dev/null
+++ b/hw/char/mcf_uart.c
@@ -0,0 +1,307 @@
+/*
+ * ColdFire UART emulation.
+ *
+ * Copyright (c) 2007 CodeSourcery.
+ *
+ * This code is licensed under the GPL
+ */
+#include "hw/hw.h"
+#include "hw/m68k/mcf.h"
+#include "sysemu/char.h"
+#include "exec/address-spaces.h"
+
+typedef struct {
+ MemoryRegion iomem;
+ uint8_t mr[2];
+ uint8_t sr;
+ uint8_t isr;
+ uint8_t imr;
+ uint8_t bg1;
+ uint8_t bg2;
+ uint8_t fifo[4];
+ uint8_t tb;
+ int current_mr;
+ int fifo_len;
+ int tx_enabled;
+ int rx_enabled;
+ qemu_irq irq;
+ CharDriverState *chr;
+} mcf_uart_state;
+
+/* UART Status Register bits. */
+#define MCF_UART_RxRDY 0x01
+#define MCF_UART_FFULL 0x02
+#define MCF_UART_TxRDY 0x04
+#define MCF_UART_TxEMP 0x08
+#define MCF_UART_OE 0x10
+#define MCF_UART_PE 0x20
+#define MCF_UART_FE 0x40
+#define MCF_UART_RB 0x80
+
+/* Interrupt flags. */
+#define MCF_UART_TxINT 0x01
+#define MCF_UART_RxINT 0x02
+#define MCF_UART_DBINT 0x04
+#define MCF_UART_COSINT 0x80
+
+/* UMR1 flags. */
+#define MCF_UART_BC0 0x01
+#define MCF_UART_BC1 0x02
+#define MCF_UART_PT 0x04
+#define MCF_UART_PM0 0x08
+#define MCF_UART_PM1 0x10
+#define MCF_UART_ERR 0x20
+#define MCF_UART_RxIRQ 0x40
+#define MCF_UART_RxRTS 0x80
+
+static void mcf_uart_update(mcf_uart_state *s)
+{
+ s->isr &= ~(MCF_UART_TxINT | MCF_UART_RxINT);
+ if (s->sr & MCF_UART_TxRDY)
+ s->isr |= MCF_UART_TxINT;
+ if ((s->sr & ((s->mr[0] & MCF_UART_RxIRQ)
+ ? MCF_UART_FFULL : MCF_UART_RxRDY)) != 0)
+ s->isr |= MCF_UART_RxINT;
+
+ qemu_set_irq(s->irq, (s->isr & s->imr) != 0);
+}
+
+uint64_t mcf_uart_read(void *opaque, hwaddr addr,
+ unsigned size)
+{
+ mcf_uart_state *s = (mcf_uart_state *)opaque;
+ switch (addr & 0x3f) {
+ case 0x00:
+ return s->mr[s->current_mr];
+ case 0x04:
+ return s->sr;
+ case 0x0c:
+ {
+ uint8_t val;
+ int i;
+
+ if (s->fifo_len == 0)
+ return 0;
+
+ val = s->fifo[0];
+ s->fifo_len--;
+ for (i = 0; i < s->fifo_len; i++)
+ s->fifo[i] = s->fifo[i + 1];
+ s->sr &= ~MCF_UART_FFULL;
+ if (s->fifo_len == 0)
+ s->sr &= ~MCF_UART_RxRDY;
+ mcf_uart_update(s);
+ qemu_chr_accept_input(s->chr);
+ return val;
+ }
+ case 0x10:
+ /* TODO: Implement IPCR. */
+ return 0;
+ case 0x14:
+ return s->isr;
+ case 0x18:
+ return s->bg1;
+ case 0x1c:
+ return s->bg2;
+ default:
+ return 0;
+ }
+}
+
+/* Update TxRDY flag and set data if present and enabled. */
+static void mcf_uart_do_tx(mcf_uart_state *s)
+{
+ if (s->tx_enabled && (s->sr & MCF_UART_TxEMP) == 0) {
+ if (s->chr)
+ qemu_chr_fe_write(s->chr, (unsigned char *)&s->tb, 1);
+ s->sr |= MCF_UART_TxEMP;
+ }
+ if (s->tx_enabled) {
+ s->sr |= MCF_UART_TxRDY;
+ } else {
+ s->sr &= ~MCF_UART_TxRDY;
+ }
+}
+
+static void mcf_do_command(mcf_uart_state *s, uint8_t cmd)
+{
+ /* Misc command. */
+ switch ((cmd >> 4) & 3) {
+ case 0: /* No-op. */
+ break;
+ case 1: /* Reset mode register pointer. */
+ s->current_mr = 0;
+ break;
+ case 2: /* Reset receiver. */
+ s->rx_enabled = 0;
+ s->fifo_len = 0;
+ s->sr &= ~(MCF_UART_RxRDY | MCF_UART_FFULL);
+ break;
+ case 3: /* Reset transmitter. */
+ s->tx_enabled = 0;
+ s->sr |= MCF_UART_TxEMP;
+ s->sr &= ~MCF_UART_TxRDY;
+ break;
+ case 4: /* Reset error status. */
+ break;
+ case 5: /* Reset break-change interrupt. */
+ s->isr &= ~MCF_UART_DBINT;
+ break;
+ case 6: /* Start break. */
+ case 7: /* Stop break. */
+ break;
+ }
+
+ /* Transmitter command. */
+ switch ((cmd >> 2) & 3) {
+ case 0: /* No-op. */
+ break;
+ case 1: /* Enable. */
+ s->tx_enabled = 1;
+ mcf_uart_do_tx(s);
+ break;
+ case 2: /* Disable. */
+ s->tx_enabled = 0;
+ mcf_uart_do_tx(s);
+ break;
+ case 3: /* Reserved. */
+ fprintf(stderr, "mcf_uart: Bad TX command\n");
+ break;
+ }
+
+ /* Receiver command. */
+ switch (cmd & 3) {
+ case 0: /* No-op. */
+ break;
+ case 1: /* Enable. */
+ s->rx_enabled = 1;
+ break;
+ case 2:
+ s->rx_enabled = 0;
+ break;
+ case 3: /* Reserved. */
+ fprintf(stderr, "mcf_uart: Bad RX command\n");
+ break;
+ }
+}
+
+void mcf_uart_write(void *opaque, hwaddr addr,
+ uint64_t val, unsigned size)
+{
+ mcf_uart_state *s = (mcf_uart_state *)opaque;
+ switch (addr & 0x3f) {
+ case 0x00:
+ s->mr[s->current_mr] = val;
+ s->current_mr = 1;
+ break;
+ case 0x04:
+ /* CSR is ignored. */
+ break;
+ case 0x08: /* Command Register. */
+ mcf_do_command(s, val);
+ break;
+ case 0x0c: /* Transmit Buffer. */
+ s->sr &= ~MCF_UART_TxEMP;
+ s->tb = val;
+ mcf_uart_do_tx(s);
+ break;
+ case 0x10:
+ /* ACR is ignored. */
+ break;
+ case 0x14:
+ s->imr = val;
+ break;
+ default:
+ break;
+ }
+ mcf_uart_update(s);
+}
+
+static void mcf_uart_reset(mcf_uart_state *s)
+{
+ s->fifo_len = 0;
+ s->mr[0] = 0;
+ s->mr[1] = 0;
+ s->sr = MCF_UART_TxEMP;
+ s->tx_enabled = 0;
+ s->rx_enabled = 0;
+ s->isr = 0;
+ s->imr = 0;
+}
+
+static void mcf_uart_push_byte(mcf_uart_state *s, uint8_t data)
+{
+ /* Break events overwrite the last byte if the fifo is full. */
+ if (s->fifo_len == 4)
+ s->fifo_len--;
+
+ s->fifo[s->fifo_len] = data;
+ s->fifo_len++;
+ s->sr |= MCF_UART_RxRDY;
+ if (s->fifo_len == 4)
+ s->sr |= MCF_UART_FFULL;
+
+ mcf_uart_update(s);
+}
+
+static void mcf_uart_event(void *opaque, int event)
+{
+ mcf_uart_state *s = (mcf_uart_state *)opaque;
+
+ switch (event) {
+ case CHR_EVENT_BREAK:
+ s->isr |= MCF_UART_DBINT;
+ mcf_uart_push_byte(s, 0);
+ break;
+ default:
+ break;
+ }
+}
+
+static int mcf_uart_can_receive(void *opaque)
+{
+ mcf_uart_state *s = (mcf_uart_state *)opaque;
+
+ return s->rx_enabled && (s->sr & MCF_UART_FFULL) == 0;
+}
+
+static void mcf_uart_receive(void *opaque, const uint8_t *buf, int size)
+{
+ mcf_uart_state *s = (mcf_uart_state *)opaque;
+
+ mcf_uart_push_byte(s, buf[0]);
+}
+
+void *mcf_uart_init(qemu_irq irq, CharDriverState *chr)
+{
+ mcf_uart_state *s;
+
+ s = g_malloc0(sizeof(mcf_uart_state));
+ s->chr = chr;
+ s->irq = irq;
+ if (chr) {
+ qemu_chr_fe_claim_no_fail(chr);
+ qemu_chr_add_handlers(chr, mcf_uart_can_receive, mcf_uart_receive,
+ mcf_uart_event, s);
+ }
+ mcf_uart_reset(s);
+ return s;
+}
+
+static const MemoryRegionOps mcf_uart_ops = {
+ .read = mcf_uart_read,
+ .write = mcf_uart_write,
+ .endianness = DEVICE_NATIVE_ENDIAN,
+};
+
+void mcf_uart_mm_init(MemoryRegion *sysmem,
+ hwaddr base,
+ qemu_irq irq,
+ CharDriverState *chr)
+{
+ mcf_uart_state *s;
+
+ s = mcf_uart_init(irq, chr);
+ memory_region_init_io(&s->iomem, NULL, &mcf_uart_ops, s, "uart", 0x40);
+ memory_region_add_subregion(sysmem, base, &s->iomem);
+}
diff --git a/hw/char/milkymist-uart.c b/hw/char/milkymist-uart.c
new file mode 100644
index 000000000..2e4b5c58b
--- /dev/null
+++ b/hw/char/milkymist-uart.c
@@ -0,0 +1,249 @@
+/*
+ * QEMU model of the Milkymist UART block.
+ *
+ * Copyright (c) 2010 Michael Walle <michael@walle.cc>
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, see <http://www.gnu.org/licenses/>.
+ *
+ *
+ * Specification available at:
+ * http://www.milkymist.org/socdoc/uart.pdf
+ */
+
+#include "hw/hw.h"
+#include "hw/sysbus.h"
+#include "trace.h"
+#include "sysemu/char.h"
+#include "qemu/error-report.h"
+
+enum {
+ R_RXTX = 0,
+ R_DIV,
+ R_STAT,
+ R_CTRL,
+ R_DBG,
+ R_MAX
+};
+
+enum {
+ STAT_THRE = (1<<0),
+ STAT_RX_EVT = (1<<1),
+ STAT_TX_EVT = (1<<2),
+};
+
+enum {
+ CTRL_RX_IRQ_EN = (1<<0),
+ CTRL_TX_IRQ_EN = (1<<1),
+ CTRL_THRU_EN = (1<<2),
+};
+
+enum {
+ DBG_BREAK_EN = (1<<0),
+};
+
+#define TYPE_MILKYMIST_UART "milkymist-uart"
+#define MILKYMIST_UART(obj) \
+ OBJECT_CHECK(MilkymistUartState, (obj), TYPE_MILKYMIST_UART)
+
+struct MilkymistUartState {
+ SysBusDevice parent_obj;
+
+ MemoryRegion regs_region;
+ CharDriverState *chr;
+ qemu_irq irq;
+
+ uint32_t regs[R_MAX];
+};
+typedef struct MilkymistUartState MilkymistUartState;
+
+static void uart_update_irq(MilkymistUartState *s)
+{
+ int rx_event = s->regs[R_STAT] & STAT_RX_EVT;
+ int tx_event = s->regs[R_STAT] & STAT_TX_EVT;
+ int rx_irq_en = s->regs[R_CTRL] & CTRL_RX_IRQ_EN;
+ int tx_irq_en = s->regs[R_CTRL] & CTRL_TX_IRQ_EN;
+
+ if ((rx_irq_en && rx_event) || (tx_irq_en && tx_event)) {
+ trace_milkymist_uart_raise_irq();
+ qemu_irq_raise(s->irq);
+ } else {
+ trace_milkymist_uart_lower_irq();
+ qemu_irq_lower(s->irq);
+ }
+}
+
+static uint64_t uart_read(void *opaque, hwaddr addr,
+ unsigned size)
+{
+ MilkymistUartState *s = opaque;
+ uint32_t r = 0;
+
+ addr >>= 2;
+ switch (addr) {
+ case R_RXTX:
+ r = s->regs[addr];
+ break;
+ case R_DIV:
+ case R_STAT:
+ case R_CTRL:
+ case R_DBG:
+ r = s->regs[addr];
+ break;
+
+ default:
+ error_report("milkymist_uart: read access to unknown register 0x"
+ TARGET_FMT_plx, addr << 2);
+ break;
+ }
+
+ trace_milkymist_uart_memory_read(addr << 2, r);
+
+ return r;
+}
+
+static void uart_write(void *opaque, hwaddr addr, uint64_t value,
+ unsigned size)
+{
+ MilkymistUartState *s = opaque;
+ unsigned char ch = value;
+
+ trace_milkymist_uart_memory_write(addr, value);
+
+ addr >>= 2;
+ switch (addr) {
+ case R_RXTX:
+ if (s->chr) {
+ qemu_chr_fe_write(s->chr, &ch, 1);
+ }
+ s->regs[R_STAT] |= STAT_TX_EVT;
+ break;
+ case R_DIV:
+ case R_CTRL:
+ case R_DBG:
+ s->regs[addr] = value;
+ break;
+
+ case R_STAT:
+ /* write one to clear bits */
+ s->regs[addr] &= ~(value & (STAT_RX_EVT | STAT_TX_EVT));
+ qemu_chr_accept_input(s->chr);
+ break;
+
+ default:
+ error_report("milkymist_uart: write access to unknown register 0x"
+ TARGET_FMT_plx, addr << 2);
+ break;
+ }
+
+ uart_update_irq(s);
+}
+
+static const MemoryRegionOps uart_mmio_ops = {
+ .read = uart_read,
+ .write = uart_write,
+ .valid = {
+ .min_access_size = 4,
+ .max_access_size = 4,
+ },
+ .endianness = DEVICE_NATIVE_ENDIAN,
+};
+
+static void uart_rx(void *opaque, const uint8_t *buf, int size)
+{
+ MilkymistUartState *s = opaque;
+
+ assert(!(s->regs[R_STAT] & STAT_RX_EVT));
+
+ s->regs[R_STAT] |= STAT_RX_EVT;
+ s->regs[R_RXTX] = *buf;
+
+ uart_update_irq(s);
+}
+
+static int uart_can_rx(void *opaque)
+{
+ MilkymistUartState *s = opaque;
+
+ return !(s->regs[R_STAT] & STAT_RX_EVT);
+}
+
+static void uart_event(void *opaque, int event)
+{
+}
+
+static void milkymist_uart_reset(DeviceState *d)
+{
+ MilkymistUartState *s = MILKYMIST_UART(d);
+ int i;
+
+ for (i = 0; i < R_MAX; i++) {
+ s->regs[i] = 0;
+ }
+
+ /* THRE is always set */
+ s->regs[R_STAT] = STAT_THRE;
+}
+
+static int milkymist_uart_init(SysBusDevice *dev)
+{
+ MilkymistUartState *s = MILKYMIST_UART(dev);
+
+ sysbus_init_irq(dev, &s->irq);
+
+ memory_region_init_io(&s->regs_region, OBJECT(s), &uart_mmio_ops, s,
+ "milkymist-uart", R_MAX * 4);
+ sysbus_init_mmio(dev, &s->regs_region);
+
+ s->chr = qemu_char_get_next_serial();
+ if (s->chr) {
+ qemu_chr_add_handlers(s->chr, uart_can_rx, uart_rx, uart_event, s);
+ }
+
+ return 0;
+}
+
+static const VMStateDescription vmstate_milkymist_uart = {
+ .name = "milkymist-uart",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .minimum_version_id_old = 1,
+ .fields = (VMStateField[]) {
+ VMSTATE_UINT32_ARRAY(regs, MilkymistUartState, R_MAX),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+static void milkymist_uart_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
+
+ k->init = milkymist_uart_init;
+ dc->reset = milkymist_uart_reset;
+ dc->vmsd = &vmstate_milkymist_uart;
+}
+
+static const TypeInfo milkymist_uart_info = {
+ .name = TYPE_MILKYMIST_UART,
+ .parent = TYPE_SYS_BUS_DEVICE,
+ .instance_size = sizeof(MilkymistUartState),
+ .class_init = milkymist_uart_class_init,
+};
+
+static void milkymist_uart_register_types(void)
+{
+ type_register_static(&milkymist_uart_info);
+}
+
+type_init(milkymist_uart_register_types)
diff --git a/hw/char/omap_uart.c b/hw/char/omap_uart.c
new file mode 100644
index 000000000..0b9169360
--- /dev/null
+++ b/hw/char/omap_uart.c
@@ -0,0 +1,187 @@
+/*
+ * TI OMAP processors UART emulation.
+ *
+ * Copyright (C) 2006-2008 Andrzej Zaborowski <balrog@zabor.org>
+ * Copyright (C) 2007-2009 Nokia Corporation
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License as
+ * published by the Free Software Foundation; either version 2 or
+ * (at your option) version 3 of the License.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+#include "sysemu/char.h"
+#include "hw/hw.h"
+#include "hw/arm/omap.h"
+#include "hw/char/serial.h"
+#include "exec/address-spaces.h"
+
+/* UARTs */
+struct omap_uart_s {
+ MemoryRegion iomem;
+ hwaddr base;
+ SerialState *serial; /* TODO */
+ struct omap_target_agent_s *ta;
+ omap_clk fclk;
+ qemu_irq irq;
+
+ uint8_t eblr;
+ uint8_t syscontrol;
+ uint8_t wkup;
+ uint8_t cfps;
+ uint8_t mdr[2];
+ uint8_t scr;
+ uint8_t clksel;
+};
+
+void omap_uart_reset(struct omap_uart_s *s)
+{
+ s->eblr = 0x00;
+ s->syscontrol = 0;
+ s->wkup = 0x3f;
+ s->cfps = 0x69;
+ s->clksel = 0;
+}
+
+struct omap_uart_s *omap_uart_init(hwaddr base,
+ qemu_irq irq, omap_clk fclk, omap_clk iclk,
+ qemu_irq txdma, qemu_irq rxdma,
+ const char *label, CharDriverState *chr)
+{
+ struct omap_uart_s *s = (struct omap_uart_s *)
+ g_malloc0(sizeof(struct omap_uart_s));
+
+ s->base = base;
+ s->fclk = fclk;
+ s->irq = irq;
+ s->serial = serial_mm_init(get_system_memory(), base, 2, irq,
+ omap_clk_getrate(fclk)/16,
+ chr ?: qemu_chr_new(label, "null", NULL),
+ DEVICE_NATIVE_ENDIAN);
+ return s;
+}
+
+static uint64_t omap_uart_read(void *opaque, hwaddr addr,
+ unsigned size)
+{
+ struct omap_uart_s *s = (struct omap_uart_s *) opaque;
+
+ if (size == 4) {
+ return omap_badwidth_read8(opaque, addr);
+ }
+
+ switch (addr) {
+ case 0x20: /* MDR1 */
+ return s->mdr[0];
+ case 0x24: /* MDR2 */
+ return s->mdr[1];
+ case 0x40: /* SCR */
+ return s->scr;
+ case 0x44: /* SSR */
+ return 0x0;
+ case 0x48: /* EBLR (OMAP2) */
+ return s->eblr;
+ case 0x4C: /* OSC_12M_SEL (OMAP1) */
+ return s->clksel;
+ case 0x50: /* MVR */
+ return 0x30;
+ case 0x54: /* SYSC (OMAP2) */
+ return s->syscontrol;
+ case 0x58: /* SYSS (OMAP2) */
+ return 1;
+ case 0x5c: /* WER (OMAP2) */
+ return s->wkup;
+ case 0x60: /* CFPS (OMAP2) */
+ return s->cfps;
+ }
+
+ OMAP_BAD_REG(addr);
+ return 0;
+}
+
+static void omap_uart_write(void *opaque, hwaddr addr,
+ uint64_t value, unsigned size)
+{
+ struct omap_uart_s *s = (struct omap_uart_s *) opaque;
+
+ if (size == 4) {
+ return omap_badwidth_write8(opaque, addr, value);
+ }
+
+ switch (addr) {
+ case 0x20: /* MDR1 */
+ s->mdr[0] = value & 0x7f;
+ break;
+ case 0x24: /* MDR2 */
+ s->mdr[1] = value & 0xff;
+ break;
+ case 0x40: /* SCR */
+ s->scr = value & 0xff;
+ break;
+ case 0x48: /* EBLR (OMAP2) */
+ s->eblr = value & 0xff;
+ break;
+ case 0x4C: /* OSC_12M_SEL (OMAP1) */
+ s->clksel = value & 1;
+ break;
+ case 0x44: /* SSR */
+ case 0x50: /* MVR */
+ case 0x58: /* SYSS (OMAP2) */
+ OMAP_RO_REG(addr);
+ break;
+ case 0x54: /* SYSC (OMAP2) */
+ s->syscontrol = value & 0x1d;
+ if (value & 2)
+ omap_uart_reset(s);
+ break;
+ case 0x5c: /* WER (OMAP2) */
+ s->wkup = value & 0x7f;
+ break;
+ case 0x60: /* CFPS (OMAP2) */
+ s->cfps = value & 0xff;
+ break;
+ default:
+ OMAP_BAD_REG(addr);
+ }
+}
+
+static const MemoryRegionOps omap_uart_ops = {
+ .read = omap_uart_read,
+ .write = omap_uart_write,
+ .endianness = DEVICE_NATIVE_ENDIAN,
+};
+
+struct omap_uart_s *omap2_uart_init(MemoryRegion *sysmem,
+ struct omap_target_agent_s *ta,
+ qemu_irq irq, omap_clk fclk, omap_clk iclk,
+ qemu_irq txdma, qemu_irq rxdma,
+ const char *label, CharDriverState *chr)
+{
+ hwaddr base = omap_l4_attach(ta, 0, NULL);
+ struct omap_uart_s *s = omap_uart_init(base, irq,
+ fclk, iclk, txdma, rxdma, label, chr);
+
+ memory_region_init_io(&s->iomem, NULL, &omap_uart_ops, s, "omap.uart", 0x100);
+
+ s->ta = ta;
+
+ memory_region_add_subregion(sysmem, base + 0x20, &s->iomem);
+
+ return s;
+}
+
+void omap_uart_attach(struct omap_uart_s *s, CharDriverState *chr)
+{
+ /* TODO: Should reuse or destroy current s->serial */
+ s->serial = serial_mm_init(get_system_memory(), s->base, 2, s->irq,
+ omap_clk_getrate(s->fclk) / 16,
+ chr ?: qemu_chr_new("null", "null", NULL),
+ DEVICE_NATIVE_ENDIAN);
+}
diff --git a/hw/char/parallel.c b/hw/char/parallel.c
new file mode 100644
index 000000000..7a3b2647c
--- /dev/null
+++ b/hw/char/parallel.c
@@ -0,0 +1,625 @@
+/*
+ * QEMU Parallel PORT emulation
+ *
+ * Copyright (c) 2003-2005 Fabrice Bellard
+ * Copyright (c) 2007 Marko Kohtala
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+#include "hw/hw.h"
+#include "sysemu/char.h"
+#include "hw/isa/isa.h"
+#include "hw/i386/pc.h"
+#include "sysemu/sysemu.h"
+
+//#define DEBUG_PARALLEL
+
+#ifdef DEBUG_PARALLEL
+#define pdebug(fmt, ...) printf("pp: " fmt, ## __VA_ARGS__)
+#else
+#define pdebug(fmt, ...) ((void)0)
+#endif
+
+#define PARA_REG_DATA 0
+#define PARA_REG_STS 1
+#define PARA_REG_CTR 2
+#define PARA_REG_EPP_ADDR 3
+#define PARA_REG_EPP_DATA 4
+
+/*
+ * These are the definitions for the Printer Status Register
+ */
+#define PARA_STS_BUSY 0x80 /* Busy complement */
+#define PARA_STS_ACK 0x40 /* Acknowledge */
+#define PARA_STS_PAPER 0x20 /* Out of paper */
+#define PARA_STS_ONLINE 0x10 /* Online */
+#define PARA_STS_ERROR 0x08 /* Error complement */
+#define PARA_STS_TMOUT 0x01 /* EPP timeout */
+
+/*
+ * These are the definitions for the Printer Control Register
+ */
+#define PARA_CTR_DIR 0x20 /* Direction (1=read, 0=write) */
+#define PARA_CTR_INTEN 0x10 /* IRQ Enable */
+#define PARA_CTR_SELECT 0x08 /* Select In complement */
+#define PARA_CTR_INIT 0x04 /* Initialize Printer complement */
+#define PARA_CTR_AUTOLF 0x02 /* Auto linefeed complement */
+#define PARA_CTR_STROBE 0x01 /* Strobe complement */
+
+#define PARA_CTR_SIGNAL (PARA_CTR_SELECT|PARA_CTR_INIT|PARA_CTR_AUTOLF|PARA_CTR_STROBE)
+
+typedef struct ParallelState {
+ MemoryRegion iomem;
+ uint8_t dataw;
+ uint8_t datar;
+ uint8_t status;
+ uint8_t control;
+ qemu_irq irq;
+ int irq_pending;
+ CharDriverState *chr;
+ int hw_driver;
+ int epp_timeout;
+ uint32_t last_read_offset; /* For debugging */
+ /* Memory-mapped interface */
+ int it_shift;
+} ParallelState;
+
+#define TYPE_ISA_PARALLEL "isa-parallel"
+#define ISA_PARALLEL(obj) \
+ OBJECT_CHECK(ISAParallelState, (obj), TYPE_ISA_PARALLEL)
+
+typedef struct ISAParallelState {
+ ISADevice parent_obj;
+
+ uint32_t index;
+ uint32_t iobase;
+ uint32_t isairq;
+ ParallelState state;
+} ISAParallelState;
+
+static void parallel_update_irq(ParallelState *s)
+{
+ if (s->irq_pending)
+ qemu_irq_raise(s->irq);
+ else
+ qemu_irq_lower(s->irq);
+}
+
+static void
+parallel_ioport_write_sw(void *opaque, uint32_t addr, uint32_t val)
+{
+ ParallelState *s = opaque;
+
+ pdebug("write addr=0x%02x val=0x%02x\n", addr, val);
+
+ addr &= 7;
+ switch(addr) {
+ case PARA_REG_DATA:
+ s->dataw = val;
+ parallel_update_irq(s);
+ break;
+ case PARA_REG_CTR:
+ val |= 0xc0;
+ if ((val & PARA_CTR_INIT) == 0 ) {
+ s->status = PARA_STS_BUSY;
+ s->status |= PARA_STS_ACK;
+ s->status |= PARA_STS_ONLINE;
+ s->status |= PARA_STS_ERROR;
+ }
+ else if (val & PARA_CTR_SELECT) {
+ if (val & PARA_CTR_STROBE) {
+ s->status &= ~PARA_STS_BUSY;
+ if ((s->control & PARA_CTR_STROBE) == 0)
+ qemu_chr_fe_write(s->chr, &s->dataw, 1);
+ } else {
+ if (s->control & PARA_CTR_INTEN) {
+ s->irq_pending = 1;
+ }
+ }
+ }
+ parallel_update_irq(s);
+ s->control = val;
+ break;
+ }
+}
+
+static void parallel_ioport_write_hw(void *opaque, uint32_t addr, uint32_t val)
+{
+ ParallelState *s = opaque;
+ uint8_t parm = val;
+ int dir;
+
+ /* Sometimes programs do several writes for timing purposes on old
+ HW. Take care not to waste time on writes that do nothing. */
+
+ s->last_read_offset = ~0U;
+
+ addr &= 7;
+ switch(addr) {
+ case PARA_REG_DATA:
+ if (s->dataw == val)
+ return;
+ pdebug("wd%02x\n", val);
+ qemu_chr_fe_ioctl(s->chr, CHR_IOCTL_PP_WRITE_DATA, &parm);
+ s->dataw = val;
+ break;
+ case PARA_REG_STS:
+ pdebug("ws%02x\n", val);
+ if (val & PARA_STS_TMOUT)
+ s->epp_timeout = 0;
+ break;
+ case PARA_REG_CTR:
+ val |= 0xc0;
+ if (s->control == val)
+ return;
+ pdebug("wc%02x\n", val);
+
+ if ((val & PARA_CTR_DIR) != (s->control & PARA_CTR_DIR)) {
+ if (val & PARA_CTR_DIR) {
+ dir = 1;
+ } else {
+ dir = 0;
+ }
+ qemu_chr_fe_ioctl(s->chr, CHR_IOCTL_PP_DATA_DIR, &dir);
+ parm &= ~PARA_CTR_DIR;
+ }
+
+ qemu_chr_fe_ioctl(s->chr, CHR_IOCTL_PP_WRITE_CONTROL, &parm);
+ s->control = val;
+ break;
+ case PARA_REG_EPP_ADDR:
+ if ((s->control & (PARA_CTR_DIR|PARA_CTR_SIGNAL)) != PARA_CTR_INIT)
+ /* Controls not correct for EPP address cycle, so do nothing */
+ pdebug("wa%02x s\n", val);
+ else {
+ struct ParallelIOArg ioarg = { .buffer = &parm, .count = 1 };
+ if (qemu_chr_fe_ioctl(s->chr, CHR_IOCTL_PP_EPP_WRITE_ADDR, &ioarg)) {
+ s->epp_timeout = 1;
+ pdebug("wa%02x t\n", val);
+ }
+ else
+ pdebug("wa%02x\n", val);
+ }
+ break;
+ case PARA_REG_EPP_DATA:
+ if ((s->control & (PARA_CTR_DIR|PARA_CTR_SIGNAL)) != PARA_CTR_INIT)
+ /* Controls not correct for EPP data cycle, so do nothing */
+ pdebug("we%02x s\n", val);
+ else {
+ struct ParallelIOArg ioarg = { .buffer = &parm, .count = 1 };
+ if (qemu_chr_fe_ioctl(s->chr, CHR_IOCTL_PP_EPP_WRITE, &ioarg)) {
+ s->epp_timeout = 1;
+ pdebug("we%02x t\n", val);
+ }
+ else
+ pdebug("we%02x\n", val);
+ }
+ break;
+ }
+}
+
+static void
+parallel_ioport_eppdata_write_hw2(void *opaque, uint32_t addr, uint32_t val)
+{
+ ParallelState *s = opaque;
+ uint16_t eppdata = cpu_to_le16(val);
+ int err;
+ struct ParallelIOArg ioarg = {
+ .buffer = &eppdata, .count = sizeof(eppdata)
+ };
+ if ((s->control & (PARA_CTR_DIR|PARA_CTR_SIGNAL)) != PARA_CTR_INIT) {
+ /* Controls not correct for EPP data cycle, so do nothing */
+ pdebug("we%04x s\n", val);
+ return;
+ }
+ err = qemu_chr_fe_ioctl(s->chr, CHR_IOCTL_PP_EPP_WRITE, &ioarg);
+ if (err) {
+ s->epp_timeout = 1;
+ pdebug("we%04x t\n", val);
+ }
+ else
+ pdebug("we%04x\n", val);
+}
+
+static void
+parallel_ioport_eppdata_write_hw4(void *opaque, uint32_t addr, uint32_t val)
+{
+ ParallelState *s = opaque;
+ uint32_t eppdata = cpu_to_le32(val);
+ int err;
+ struct ParallelIOArg ioarg = {
+ .buffer = &eppdata, .count = sizeof(eppdata)
+ };
+ if ((s->control & (PARA_CTR_DIR|PARA_CTR_SIGNAL)) != PARA_CTR_INIT) {
+ /* Controls not correct for EPP data cycle, so do nothing */
+ pdebug("we%08x s\n", val);
+ return;
+ }
+ err = qemu_chr_fe_ioctl(s->chr, CHR_IOCTL_PP_EPP_WRITE, &ioarg);
+ if (err) {
+ s->epp_timeout = 1;
+ pdebug("we%08x t\n", val);
+ }
+ else
+ pdebug("we%08x\n", val);
+}
+
+static uint32_t parallel_ioport_read_sw(void *opaque, uint32_t addr)
+{
+ ParallelState *s = opaque;
+ uint32_t ret = 0xff;
+
+ addr &= 7;
+ switch(addr) {
+ case PARA_REG_DATA:
+ if (s->control & PARA_CTR_DIR)
+ ret = s->datar;
+ else
+ ret = s->dataw;
+ break;
+ case PARA_REG_STS:
+ ret = s->status;
+ s->irq_pending = 0;
+ if ((s->status & PARA_STS_BUSY) == 0 && (s->control & PARA_CTR_STROBE) == 0) {
+ /* XXX Fixme: wait 5 microseconds */
+ if (s->status & PARA_STS_ACK)
+ s->status &= ~PARA_STS_ACK;
+ else {
+ /* XXX Fixme: wait 5 microseconds */
+ s->status |= PARA_STS_ACK;
+ s->status |= PARA_STS_BUSY;
+ }
+ }
+ parallel_update_irq(s);
+ break;
+ case PARA_REG_CTR:
+ ret = s->control;
+ break;
+ }
+ pdebug("read addr=0x%02x val=0x%02x\n", addr, ret);
+ return ret;
+}
+
+static uint32_t parallel_ioport_read_hw(void *opaque, uint32_t addr)
+{
+ ParallelState *s = opaque;
+ uint8_t ret = 0xff;
+ addr &= 7;
+ switch(addr) {
+ case PARA_REG_DATA:
+ qemu_chr_fe_ioctl(s->chr, CHR_IOCTL_PP_READ_DATA, &ret);
+ if (s->last_read_offset != addr || s->datar != ret)
+ pdebug("rd%02x\n", ret);
+ s->datar = ret;
+ break;
+ case PARA_REG_STS:
+ qemu_chr_fe_ioctl(s->chr, CHR_IOCTL_PP_READ_STATUS, &ret);
+ ret &= ~PARA_STS_TMOUT;
+ if (s->epp_timeout)
+ ret |= PARA_STS_TMOUT;
+ if (s->last_read_offset != addr || s->status != ret)
+ pdebug("rs%02x\n", ret);
+ s->status = ret;
+ break;
+ case PARA_REG_CTR:
+ /* s->control has some bits fixed to 1. It is zero only when
+ it has not been yet written to. */
+ if (s->control == 0) {
+ qemu_chr_fe_ioctl(s->chr, CHR_IOCTL_PP_READ_CONTROL, &ret);
+ if (s->last_read_offset != addr)
+ pdebug("rc%02x\n", ret);
+ s->control = ret;
+ }
+ else {
+ ret = s->control;
+ if (s->last_read_offset != addr)
+ pdebug("rc%02x\n", ret);
+ }
+ break;
+ case PARA_REG_EPP_ADDR:
+ if ((s->control & (PARA_CTR_DIR|PARA_CTR_SIGNAL)) != (PARA_CTR_DIR|PARA_CTR_INIT))
+ /* Controls not correct for EPP addr cycle, so do nothing */
+ pdebug("ra%02x s\n", ret);
+ else {
+ struct ParallelIOArg ioarg = { .buffer = &ret, .count = 1 };
+ if (qemu_chr_fe_ioctl(s->chr, CHR_IOCTL_PP_EPP_READ_ADDR, &ioarg)) {
+ s->epp_timeout = 1;
+ pdebug("ra%02x t\n", ret);
+ }
+ else
+ pdebug("ra%02x\n", ret);
+ }
+ break;
+ case PARA_REG_EPP_DATA:
+ if ((s->control & (PARA_CTR_DIR|PARA_CTR_SIGNAL)) != (PARA_CTR_DIR|PARA_CTR_INIT))
+ /* Controls not correct for EPP data cycle, so do nothing */
+ pdebug("re%02x s\n", ret);
+ else {
+ struct ParallelIOArg ioarg = { .buffer = &ret, .count = 1 };
+ if (qemu_chr_fe_ioctl(s->chr, CHR_IOCTL_PP_EPP_READ, &ioarg)) {
+ s->epp_timeout = 1;
+ pdebug("re%02x t\n", ret);
+ }
+ else
+ pdebug("re%02x\n", ret);
+ }
+ break;
+ }
+ s->last_read_offset = addr;
+ return ret;
+}
+
+static uint32_t
+parallel_ioport_eppdata_read_hw2(void *opaque, uint32_t addr)
+{
+ ParallelState *s = opaque;
+ uint32_t ret;
+ uint16_t eppdata = ~0;
+ int err;
+ struct ParallelIOArg ioarg = {
+ .buffer = &eppdata, .count = sizeof(eppdata)
+ };
+ if ((s->control & (PARA_CTR_DIR|PARA_CTR_SIGNAL)) != (PARA_CTR_DIR|PARA_CTR_INIT)) {
+ /* Controls not correct for EPP data cycle, so do nothing */
+ pdebug("re%04x s\n", eppdata);
+ return eppdata;
+ }
+ err = qemu_chr_fe_ioctl(s->chr, CHR_IOCTL_PP_EPP_READ, &ioarg);
+ ret = le16_to_cpu(eppdata);
+
+ if (err) {
+ s->epp_timeout = 1;
+ pdebug("re%04x t\n", ret);
+ }
+ else
+ pdebug("re%04x\n", ret);
+ return ret;
+}
+
+static uint32_t
+parallel_ioport_eppdata_read_hw4(void *opaque, uint32_t addr)
+{
+ ParallelState *s = opaque;
+ uint32_t ret;
+ uint32_t eppdata = ~0U;
+ int err;
+ struct ParallelIOArg ioarg = {
+ .buffer = &eppdata, .count = sizeof(eppdata)
+ };
+ if ((s->control & (PARA_CTR_DIR|PARA_CTR_SIGNAL)) != (PARA_CTR_DIR|PARA_CTR_INIT)) {
+ /* Controls not correct for EPP data cycle, so do nothing */
+ pdebug("re%08x s\n", eppdata);
+ return eppdata;
+ }
+ err = qemu_chr_fe_ioctl(s->chr, CHR_IOCTL_PP_EPP_READ, &ioarg);
+ ret = le32_to_cpu(eppdata);
+
+ if (err) {
+ s->epp_timeout = 1;
+ pdebug("re%08x t\n", ret);
+ }
+ else
+ pdebug("re%08x\n", ret);
+ return ret;
+}
+
+static void parallel_ioport_ecp_write(void *opaque, uint32_t addr, uint32_t val)
+{
+ pdebug("wecp%d=%02x\n", addr & 7, val);
+}
+
+static uint32_t parallel_ioport_ecp_read(void *opaque, uint32_t addr)
+{
+ uint8_t ret = 0xff;
+
+ pdebug("recp%d:%02x\n", addr & 7, ret);
+ return ret;
+}
+
+static void parallel_reset(void *opaque)
+{
+ ParallelState *s = opaque;
+
+ s->datar = ~0;
+ s->dataw = ~0;
+ s->status = PARA_STS_BUSY;
+ s->status |= PARA_STS_ACK;
+ s->status |= PARA_STS_ONLINE;
+ s->status |= PARA_STS_ERROR;
+ s->status |= PARA_STS_TMOUT;
+ s->control = PARA_CTR_SELECT;
+ s->control |= PARA_CTR_INIT;
+ s->control |= 0xc0;
+ s->irq_pending = 0;
+ s->hw_driver = 0;
+ s->epp_timeout = 0;
+ s->last_read_offset = ~0U;
+}
+
+static const int isa_parallel_io[MAX_PARALLEL_PORTS] = { 0x378, 0x278, 0x3bc };
+
+static const MemoryRegionPortio isa_parallel_portio_hw_list[] = {
+ { 0, 8, 1,
+ .read = parallel_ioport_read_hw,
+ .write = parallel_ioport_write_hw },
+ { 4, 1, 2,
+ .read = parallel_ioport_eppdata_read_hw2,
+ .write = parallel_ioport_eppdata_write_hw2 },
+ { 4, 1, 4,
+ .read = parallel_ioport_eppdata_read_hw4,
+ .write = parallel_ioport_eppdata_write_hw4 },
+ { 0x400, 8, 1,
+ .read = parallel_ioport_ecp_read,
+ .write = parallel_ioport_ecp_write },
+ PORTIO_END_OF_LIST(),
+};
+
+static const MemoryRegionPortio isa_parallel_portio_sw_list[] = {
+ { 0, 8, 1,
+ .read = parallel_ioport_read_sw,
+ .write = parallel_ioport_write_sw },
+ PORTIO_END_OF_LIST(),
+};
+
+static void parallel_isa_realizefn(DeviceState *dev, Error **errp)
+{
+ static int index;
+ ISADevice *isadev = ISA_DEVICE(dev);
+ ISAParallelState *isa = ISA_PARALLEL(dev);
+ ParallelState *s = &isa->state;
+ int base;
+ uint8_t dummy;
+
+ if (!s->chr) {
+ error_setg(errp, "Can't create parallel device, empty char device");
+ return;
+ }
+
+ if (isa->index == -1) {
+ isa->index = index;
+ }
+ if (isa->index >= MAX_PARALLEL_PORTS) {
+ error_setg(errp, "Max. supported number of parallel ports is %d.",
+ MAX_PARALLEL_PORTS);
+ return;
+ }
+ if (isa->iobase == -1) {
+ isa->iobase = isa_parallel_io[isa->index];
+ }
+ index++;
+
+ base = isa->iobase;
+ isa_init_irq(isadev, &s->irq, isa->isairq);
+ qemu_register_reset(parallel_reset, s);
+
+ if (qemu_chr_fe_ioctl(s->chr, CHR_IOCTL_PP_READ_STATUS, &dummy) == 0) {
+ s->hw_driver = 1;
+ s->status = dummy;
+ }
+
+ isa_register_portio_list(isadev, base,
+ (s->hw_driver
+ ? &isa_parallel_portio_hw_list[0]
+ : &isa_parallel_portio_sw_list[0]),
+ s, "parallel");
+}
+
+/* Memory mapped interface */
+static uint32_t parallel_mm_readb (void *opaque, hwaddr addr)
+{
+ ParallelState *s = opaque;
+
+ return parallel_ioport_read_sw(s, addr >> s->it_shift) & 0xFF;
+}
+
+static void parallel_mm_writeb (void *opaque,
+ hwaddr addr, uint32_t value)
+{
+ ParallelState *s = opaque;
+
+ parallel_ioport_write_sw(s, addr >> s->it_shift, value & 0xFF);
+}
+
+static uint32_t parallel_mm_readw (void *opaque, hwaddr addr)
+{
+ ParallelState *s = opaque;
+
+ return parallel_ioport_read_sw(s, addr >> s->it_shift) & 0xFFFF;
+}
+
+static void parallel_mm_writew (void *opaque,
+ hwaddr addr, uint32_t value)
+{
+ ParallelState *s = opaque;
+
+ parallel_ioport_write_sw(s, addr >> s->it_shift, value & 0xFFFF);
+}
+
+static uint32_t parallel_mm_readl (void *opaque, hwaddr addr)
+{
+ ParallelState *s = opaque;
+
+ return parallel_ioport_read_sw(s, addr >> s->it_shift);
+}
+
+static void parallel_mm_writel (void *opaque,
+ hwaddr addr, uint32_t value)
+{
+ ParallelState *s = opaque;
+
+ parallel_ioport_write_sw(s, addr >> s->it_shift, value);
+}
+
+static const MemoryRegionOps parallel_mm_ops = {
+ .old_mmio = {
+ .read = { parallel_mm_readb, parallel_mm_readw, parallel_mm_readl },
+ .write = { parallel_mm_writeb, parallel_mm_writew, parallel_mm_writel },
+ },
+ .endianness = DEVICE_NATIVE_ENDIAN,
+};
+
+/* If fd is zero, it means that the parallel device uses the console */
+bool parallel_mm_init(MemoryRegion *address_space,
+ hwaddr base, int it_shift, qemu_irq irq,
+ CharDriverState *chr)
+{
+ ParallelState *s;
+
+ s = g_malloc0(sizeof(ParallelState));
+ s->irq = irq;
+ s->chr = chr;
+ s->it_shift = it_shift;
+ qemu_register_reset(parallel_reset, s);
+
+ memory_region_init_io(&s->iomem, NULL, &parallel_mm_ops, s,
+ "parallel", 8 << it_shift);
+ memory_region_add_subregion(address_space, base, &s->iomem);
+ return true;
+}
+
+static Property parallel_isa_properties[] = {
+ DEFINE_PROP_UINT32("index", ISAParallelState, index, -1),
+ DEFINE_PROP_HEX32("iobase", ISAParallelState, iobase, -1),
+ DEFINE_PROP_UINT32("irq", ISAParallelState, isairq, 7),
+ DEFINE_PROP_CHR("chardev", ISAParallelState, state.chr),
+ DEFINE_PROP_END_OF_LIST(),
+};
+
+static void parallel_isa_class_initfn(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+
+ dc->realize = parallel_isa_realizefn;
+ dc->props = parallel_isa_properties;
+ set_bit(DEVICE_CATEGORY_INPUT, dc->categories);
+}
+
+static const TypeInfo parallel_isa_info = {
+ .name = TYPE_ISA_PARALLEL,
+ .parent = TYPE_ISA_DEVICE,
+ .instance_size = sizeof(ISAParallelState),
+ .class_init = parallel_isa_class_initfn,
+};
+
+static void parallel_register_types(void)
+{
+ type_register_static(&parallel_isa_info);
+}
+
+type_init(parallel_register_types)
diff --git a/hw/char/pl011.c b/hw/char/pl011.c
new file mode 100644
index 000000000..a8ae6f470
--- /dev/null
+++ b/hw/char/pl011.c
@@ -0,0 +1,332 @@
+/*
+ * Arm PrimeCell PL011 UART
+ *
+ * Copyright (c) 2006 CodeSourcery.
+ * Written by Paul Brook
+ *
+ * This code is licensed under the GPL.
+ */
+
+#include "hw/sysbus.h"
+#include "sysemu/char.h"
+
+#define TYPE_PL011 "pl011"
+#define PL011(obj) OBJECT_CHECK(PL011State, (obj), TYPE_PL011)
+
+typedef struct PL011State {
+ SysBusDevice parent_obj;
+
+ MemoryRegion iomem;
+ uint32_t readbuff;
+ uint32_t flags;
+ uint32_t lcr;
+ uint32_t cr;
+ uint32_t dmacr;
+ uint32_t int_enabled;
+ uint32_t int_level;
+ uint32_t read_fifo[16];
+ uint32_t ilpr;
+ uint32_t ibrd;
+ uint32_t fbrd;
+ uint32_t ifl;
+ int read_pos;
+ int read_count;
+ int read_trigger;
+ CharDriverState *chr;
+ qemu_irq irq;
+ const unsigned char *id;
+} PL011State;
+
+#define PL011_INT_TX 0x20
+#define PL011_INT_RX 0x10
+
+#define PL011_FLAG_TXFE 0x80
+#define PL011_FLAG_RXFF 0x40
+#define PL011_FLAG_TXFF 0x20
+#define PL011_FLAG_RXFE 0x10
+
+static const unsigned char pl011_id_arm[8] =
+ { 0x11, 0x10, 0x14, 0x00, 0x0d, 0xf0, 0x05, 0xb1 };
+static const unsigned char pl011_id_luminary[8] =
+ { 0x11, 0x00, 0x18, 0x01, 0x0d, 0xf0, 0x05, 0xb1 };
+
+static void pl011_update(PL011State *s)
+{
+ uint32_t flags;
+
+ flags = s->int_level & s->int_enabled;
+ qemu_set_irq(s->irq, flags != 0);
+}
+
+static uint64_t pl011_read(void *opaque, hwaddr offset,
+ unsigned size)
+{
+ PL011State *s = (PL011State *)opaque;
+ uint32_t c;
+
+ if (offset >= 0xfe0 && offset < 0x1000) {
+ return s->id[(offset - 0xfe0) >> 2];
+ }
+ switch (offset >> 2) {
+ case 0: /* UARTDR */
+ s->flags &= ~PL011_FLAG_RXFF;
+ c = s->read_fifo[s->read_pos];
+ if (s->read_count > 0) {
+ s->read_count--;
+ if (++s->read_pos == 16)
+ s->read_pos = 0;
+ }
+ if (s->read_count == 0) {
+ s->flags |= PL011_FLAG_RXFE;
+ }
+ if (s->read_count == s->read_trigger - 1)
+ s->int_level &= ~ PL011_INT_RX;
+ pl011_update(s);
+ if (s->chr) {
+ qemu_chr_accept_input(s->chr);
+ }
+ return c;
+ case 1: /* UARTCR */
+ return 0;
+ case 6: /* UARTFR */
+ return s->flags;
+ case 8: /* UARTILPR */
+ return s->ilpr;
+ case 9: /* UARTIBRD */
+ return s->ibrd;
+ case 10: /* UARTFBRD */
+ return s->fbrd;
+ case 11: /* UARTLCR_H */
+ return s->lcr;
+ case 12: /* UARTCR */
+ return s->cr;
+ case 13: /* UARTIFLS */
+ return s->ifl;
+ case 14: /* UARTIMSC */
+ return s->int_enabled;
+ case 15: /* UARTRIS */
+ return s->int_level;
+ case 16: /* UARTMIS */
+ return s->int_level & s->int_enabled;
+ case 18: /* UARTDMACR */
+ return s->dmacr;
+ default:
+ qemu_log_mask(LOG_GUEST_ERROR,
+ "pl011_read: Bad offset %x\n", (int)offset);
+ return 0;
+ }
+}
+
+static void pl011_set_read_trigger(PL011State *s)
+{
+#if 0
+ /* The docs say the RX interrupt is triggered when the FIFO exceeds
+ the threshold. However linux only reads the FIFO in response to an
+ interrupt. Triggering the interrupt when the FIFO is non-empty seems
+ to make things work. */
+ if (s->lcr & 0x10)
+ s->read_trigger = (s->ifl >> 1) & 0x1c;
+ else
+#endif
+ s->read_trigger = 1;
+}
+
+static void pl011_write(void *opaque, hwaddr offset,
+ uint64_t value, unsigned size)
+{
+ PL011State *s = (PL011State *)opaque;
+ unsigned char ch;
+
+ switch (offset >> 2) {
+ case 0: /* UARTDR */
+ /* ??? Check if transmitter is enabled. */
+ ch = value;
+ if (s->chr)
+ qemu_chr_fe_write(s->chr, &ch, 1);
+ s->int_level |= PL011_INT_TX;
+ pl011_update(s);
+ break;
+ case 1: /* UARTCR */
+ s->cr = value;
+ break;
+ case 6: /* UARTFR */
+ /* Writes to Flag register are ignored. */
+ break;
+ case 8: /* UARTUARTILPR */
+ s->ilpr = value;
+ break;
+ case 9: /* UARTIBRD */
+ s->ibrd = value;
+ break;
+ case 10: /* UARTFBRD */
+ s->fbrd = value;
+ break;
+ case 11: /* UARTLCR_H */
+ s->lcr = value;
+ pl011_set_read_trigger(s);
+ break;
+ case 12: /* UARTCR */
+ /* ??? Need to implement the enable and loopback bits. */
+ s->cr = value;
+ break;
+ case 13: /* UARTIFS */
+ s->ifl = value;
+ pl011_set_read_trigger(s);
+ break;
+ case 14: /* UARTIMSC */
+ s->int_enabled = value;
+ pl011_update(s);
+ break;
+ case 17: /* UARTICR */
+ s->int_level &= ~value;
+ pl011_update(s);
+ break;
+ case 18: /* UARTDMACR */
+ s->dmacr = value;
+ if (value & 3) {
+ qemu_log_mask(LOG_UNIMP, "pl011: DMA not implemented\n");
+ }
+ break;
+ default:
+ qemu_log_mask(LOG_GUEST_ERROR,
+ "pl011_write: Bad offset %x\n", (int)offset);
+ }
+}
+
+static int pl011_can_receive(void *opaque)
+{
+ PL011State *s = (PL011State *)opaque;
+
+ if (s->lcr & 0x10)
+ return s->read_count < 16;
+ else
+ return s->read_count < 1;
+}
+
+static void pl011_put_fifo(void *opaque, uint32_t value)
+{
+ PL011State *s = (PL011State *)opaque;
+ int slot;
+
+ slot = s->read_pos + s->read_count;
+ if (slot >= 16)
+ slot -= 16;
+ s->read_fifo[slot] = value;
+ s->read_count++;
+ s->flags &= ~PL011_FLAG_RXFE;
+ if (s->cr & 0x10 || s->read_count == 16) {
+ s->flags |= PL011_FLAG_RXFF;
+ }
+ if (s->read_count == s->read_trigger) {
+ s->int_level |= PL011_INT_RX;
+ pl011_update(s);
+ }
+}
+
+static void pl011_receive(void *opaque, const uint8_t *buf, int size)
+{
+ pl011_put_fifo(opaque, *buf);
+}
+
+static void pl011_event(void *opaque, int event)
+{
+ if (event == CHR_EVENT_BREAK)
+ pl011_put_fifo(opaque, 0x400);
+}
+
+static const MemoryRegionOps pl011_ops = {
+ .read = pl011_read,
+ .write = pl011_write,
+ .endianness = DEVICE_NATIVE_ENDIAN,
+};
+
+static const VMStateDescription vmstate_pl011 = {
+ .name = "pl011",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .minimum_version_id_old = 1,
+ .fields = (VMStateField[]) {
+ VMSTATE_UINT32(readbuff, PL011State),
+ VMSTATE_UINT32(flags, PL011State),
+ VMSTATE_UINT32(lcr, PL011State),
+ VMSTATE_UINT32(cr, PL011State),
+ VMSTATE_UINT32(dmacr, PL011State),
+ VMSTATE_UINT32(int_enabled, PL011State),
+ VMSTATE_UINT32(int_level, PL011State),
+ VMSTATE_UINT32_ARRAY(read_fifo, PL011State, 16),
+ VMSTATE_UINT32(ilpr, PL011State),
+ VMSTATE_UINT32(ibrd, PL011State),
+ VMSTATE_UINT32(fbrd, PL011State),
+ VMSTATE_UINT32(ifl, PL011State),
+ VMSTATE_INT32(read_pos, PL011State),
+ VMSTATE_INT32(read_count, PL011State),
+ VMSTATE_INT32(read_trigger, PL011State),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+static void pl011_init(Object *obj)
+{
+ SysBusDevice *sbd = SYS_BUS_DEVICE(obj);
+ PL011State *s = PL011(obj);
+
+ memory_region_init_io(&s->iomem, OBJECT(s), &pl011_ops, s, "pl011", 0x1000);
+ sysbus_init_mmio(sbd, &s->iomem);
+ sysbus_init_irq(sbd, &s->irq);
+
+ s->read_trigger = 1;
+ s->ifl = 0x12;
+ s->cr = 0x300;
+ s->flags = 0x90;
+
+ s->id = pl011_id_arm;
+}
+
+static void pl011_realize(DeviceState *dev, Error **errp)
+{
+ PL011State *s = PL011(dev);
+
+ s->chr = qemu_char_get_next_serial();
+
+ if (s->chr) {
+ qemu_chr_add_handlers(s->chr, pl011_can_receive, pl011_receive,
+ pl011_event, s);
+ }
+}
+
+static void pl011_class_init(ObjectClass *oc, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(oc);
+
+ dc->realize = pl011_realize;
+ dc->vmsd = &vmstate_pl011;
+}
+
+static const TypeInfo pl011_arm_info = {
+ .name = TYPE_PL011,
+ .parent = TYPE_SYS_BUS_DEVICE,
+ .instance_size = sizeof(PL011State),
+ .instance_init = pl011_init,
+ .class_init = pl011_class_init,
+};
+
+static void pl011_luminary_init(Object *obj)
+{
+ PL011State *s = PL011(obj);
+
+ s->id = pl011_id_luminary;
+}
+
+static const TypeInfo pl011_luminary_info = {
+ .name = "pl011_luminary",
+ .parent = TYPE_PL011,
+ .instance_init = pl011_luminary_init,
+};
+
+static void pl011_register_types(void)
+{
+ type_register_static(&pl011_arm_info);
+ type_register_static(&pl011_luminary_info);
+}
+
+type_init(pl011_register_types)
diff --git a/hw/char/sclpconsole.c b/hw/char/sclpconsole.c
new file mode 100644
index 000000000..eb3988c2e
--- /dev/null
+++ b/hw/char/sclpconsole.c
@@ -0,0 +1,289 @@
+/*
+ * SCLP event type
+ * Ascii Console Data (VT220 Console)
+ *
+ * Copyright IBM, Corp. 2012
+ *
+ * Authors:
+ * Heinz Graalfs <graalfs@de.ibm.com>
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or (at your
+ * option) any later version. See the COPYING file in the top-level directory.
+ *
+ */
+
+#include <hw/qdev.h>
+#include "qemu/thread.h"
+#include "qemu/error-report.h"
+
+#include "hw/s390x/sclp.h"
+#include "hw/s390x/event-facility.h"
+#include "sysemu/char.h"
+
+typedef struct ASCIIConsoleData {
+ EventBufferHeader ebh;
+ char data[0];
+} QEMU_PACKED ASCIIConsoleData;
+
+/* max size for ASCII data in 4K SCCB page */
+#define SIZE_BUFFER_VT220 4080
+
+typedef struct SCLPConsole {
+ SCLPEvent event;
+ CharDriverState *chr;
+ /* io vector */
+ uint8_t *iov; /* iov buffer pointer */
+ uint8_t *iov_sclp; /* pointer to SCLP read offset */
+ uint8_t *iov_bs; /* pointer byte stream read offset */
+ uint32_t iov_data_len; /* length of byte stream in buffer */
+ uint32_t iov_sclp_rest; /* length of byte stream not read via SCLP */
+ qemu_irq irq_read_vt220;
+} SCLPConsole;
+
+/* character layer call-back functions */
+
+/* Return number of bytes that fit into iov buffer */
+static int chr_can_read(void *opaque)
+{
+ SCLPConsole *scon = opaque;
+
+ return scon->iov ? SIZE_BUFFER_VT220 - scon->iov_data_len : 0;
+}
+
+/* Receive n bytes from character layer, save in iov buffer,
+ * and set event pending */
+static void receive_from_chr_layer(SCLPConsole *scon, const uint8_t *buf,
+ int size)
+{
+ assert(scon->iov);
+
+ /* read data must fit into current buffer */
+ assert(size <= SIZE_BUFFER_VT220 - scon->iov_data_len);
+
+ /* put byte-stream from character layer into buffer */
+ memcpy(scon->iov_bs, buf, size);
+ scon->iov_data_len += size;
+ scon->iov_sclp_rest += size;
+ scon->iov_bs += size;
+ scon->event.event_pending = true;
+}
+
+/* Send data from a char device over to the guest */
+static void chr_read(void *opaque, const uint8_t *buf, int size)
+{
+ SCLPConsole *scon = opaque;
+
+ assert(scon);
+
+ receive_from_chr_layer(scon, buf, size);
+ /* trigger SCLP read operation */
+ qemu_irq_raise(scon->irq_read_vt220);
+}
+
+static void chr_event(void *opaque, int event)
+{
+ SCLPConsole *scon = opaque;
+
+ switch (event) {
+ case CHR_EVENT_OPENED:
+ if (!scon->iov) {
+ scon->iov = g_malloc0(SIZE_BUFFER_VT220);
+ scon->iov_sclp = scon->iov;
+ scon->iov_bs = scon->iov;
+ scon->iov_data_len = 0;
+ scon->iov_sclp_rest = 0;
+ }
+ break;
+ case CHR_EVENT_CLOSED:
+ if (scon->iov) {
+ g_free(scon->iov);
+ scon->iov = NULL;
+ }
+ break;
+ }
+}
+
+/* functions to be called by event facility */
+
+static int event_type(void)
+{
+ return SCLP_EVENT_ASCII_CONSOLE_DATA;
+}
+
+static unsigned int send_mask(void)
+{
+ return SCLP_EVENT_MASK_MSG_ASCII;
+}
+
+static unsigned int receive_mask(void)
+{
+ return SCLP_EVENT_MASK_MSG_ASCII;
+}
+
+/* triggered by SCLP's read_event_data -
+ * copy console data byte-stream into provided (SCLP) buffer
+ */
+static void get_console_data(SCLPEvent *event, uint8_t *buf, size_t *size,
+ int avail)
+{
+ SCLPConsole *cons = DO_UPCAST(SCLPConsole, event, event);
+
+ /* first byte is hex 0 saying an ascii string follows */
+ *buf++ = '\0';
+ avail--;
+ /* if all data fit into provided SCLP buffer */
+ if (avail >= cons->iov_sclp_rest) {
+ /* copy character byte-stream to SCLP buffer */
+ memcpy(buf, cons->iov_sclp, cons->iov_sclp_rest);
+ *size = cons->iov_sclp_rest + 1;
+ cons->iov_sclp = cons->iov;
+ cons->iov_bs = cons->iov;
+ cons->iov_data_len = 0;
+ cons->iov_sclp_rest = 0;
+ event->event_pending = false;
+ /* data provided and no more data pending */
+ } else {
+ /* if provided buffer is too small, just copy part */
+ memcpy(buf, cons->iov_sclp, avail);
+ *size = avail + 1;
+ cons->iov_sclp_rest -= avail;
+ cons->iov_sclp += avail;
+ /* more data pending */
+ }
+}
+
+static int read_event_data(SCLPEvent *event, EventBufferHeader *evt_buf_hdr,
+ int *slen)
+{
+ int avail;
+ size_t src_len;
+ uint8_t *to;
+ ASCIIConsoleData *acd = (ASCIIConsoleData *) evt_buf_hdr;
+
+ if (!event->event_pending) {
+ /* no data pending */
+ return 0;
+ }
+
+ to = (uint8_t *)&acd->data;
+ avail = *slen - sizeof(ASCIIConsoleData);
+ get_console_data(event, to, &src_len, avail);
+
+ acd->ebh.length = cpu_to_be16(sizeof(ASCIIConsoleData) + src_len);
+ acd->ebh.type = SCLP_EVENT_ASCII_CONSOLE_DATA;
+ acd->ebh.flags |= SCLP_EVENT_BUFFER_ACCEPTED;
+ *slen = avail - src_len;
+
+ return 1;
+}
+
+/* triggered by SCLP's write_event_data
+ * - write console data to character layer
+ * returns < 0 if an error occurred
+ */
+static ssize_t write_console_data(SCLPEvent *event, const uint8_t *buf,
+ size_t len)
+{
+ SCLPConsole *scon = DO_UPCAST(SCLPConsole, event, event);
+
+ if (!scon->chr) {
+ /* If there's no backend, we can just say we consumed all data. */
+ return len;
+ }
+
+ return qemu_chr_fe_write_all(scon->chr, buf, len);
+}
+
+static int write_event_data(SCLPEvent *event, EventBufferHeader *evt_buf_hdr)
+{
+ int rc;
+ int length;
+ ssize_t written;
+ ASCIIConsoleData *acd = (ASCIIConsoleData *) evt_buf_hdr;
+
+ length = be16_to_cpu(evt_buf_hdr->length) - sizeof(EventBufferHeader);
+ written = write_console_data(event, (uint8_t *)acd->data, length);
+
+ rc = SCLP_RC_NORMAL_COMPLETION;
+ /* set event buffer accepted flag */
+ evt_buf_hdr->flags |= SCLP_EVENT_BUFFER_ACCEPTED;
+
+ /* written will be zero if a pty is not connected - don't treat as error */
+ if (written < 0) {
+ /* event buffer not accepted due to error in character layer */
+ evt_buf_hdr->flags &= ~(SCLP_EVENT_BUFFER_ACCEPTED);
+ rc = SCLP_RC_CONTAINED_EQUIPMENT_CHECK;
+ }
+
+ return rc;
+}
+
+static void trigger_ascii_console_data(void *opaque, int n, int level)
+{
+ sclp_service_interrupt(0);
+}
+
+/* qemu object creation and initialization functions */
+
+/* tell character layer our call-back functions */
+static int console_init(SCLPEvent *event)
+{
+ static bool console_available;
+
+ SCLPConsole *scon = DO_UPCAST(SCLPConsole, event, event);
+
+ if (console_available) {
+ error_report("Multiple VT220 operator consoles are not supported");
+ return -1;
+ }
+ console_available = true;
+ event->event_type = SCLP_EVENT_ASCII_CONSOLE_DATA;
+ if (scon->chr) {
+ qemu_chr_add_handlers(scon->chr, chr_can_read,
+ chr_read, chr_event, scon);
+ }
+ scon->irq_read_vt220 = *qemu_allocate_irqs(trigger_ascii_console_data,
+ NULL, 1);
+
+ return 0;
+}
+
+static int console_exit(SCLPEvent *event)
+{
+ return 0;
+}
+
+static Property console_properties[] = {
+ DEFINE_PROP_CHR("chardev", SCLPConsole, chr),
+ DEFINE_PROP_END_OF_LIST(),
+};
+
+static void console_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ SCLPEventClass *ec = SCLP_EVENT_CLASS(klass);
+
+ dc->props = console_properties;
+ ec->init = console_init;
+ ec->exit = console_exit;
+ ec->get_send_mask = send_mask;
+ ec->get_receive_mask = receive_mask;
+ ec->event_type = event_type;
+ ec->read_event_data = read_event_data;
+ ec->write_event_data = write_event_data;
+}
+
+static const TypeInfo sclp_console_info = {
+ .name = "sclpconsole",
+ .parent = TYPE_SCLP_EVENT,
+ .instance_size = sizeof(SCLPConsole),
+ .class_init = console_class_init,
+ .class_size = sizeof(SCLPEventClass),
+};
+
+static void register_types(void)
+{
+ type_register_static(&sclp_console_info);
+}
+
+type_init(register_types)
diff --git a/hw/char/serial-isa.c b/hw/char/serial-isa.c
new file mode 100644
index 000000000..5cb77b311
--- /dev/null
+++ b/hw/char/serial-isa.c
@@ -0,0 +1,138 @@
+/*
+ * QEMU 16550A UART emulation
+ *
+ * Copyright (c) 2003-2004 Fabrice Bellard
+ * Copyright (c) 2008 Citrix Systems, Inc.
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+#include "hw/char/serial.h"
+#include "hw/isa/isa.h"
+
+#define ISA_SERIAL(obj) OBJECT_CHECK(ISASerialState, (obj), TYPE_ISA_SERIAL)
+
+typedef struct ISASerialState {
+ ISADevice parent_obj;
+
+ uint32_t index;
+ uint32_t iobase;
+ uint32_t isairq;
+ SerialState state;
+} ISASerialState;
+
+static const int isa_serial_io[MAX_SERIAL_PORTS] = {
+ 0x3f8, 0x2f8, 0x3e8, 0x2e8
+};
+static const int isa_serial_irq[MAX_SERIAL_PORTS] = {
+ 4, 3, 4, 3
+};
+
+static void serial_isa_realizefn(DeviceState *dev, Error **errp)
+{
+ static int index;
+ ISADevice *isadev = ISA_DEVICE(dev);
+ ISASerialState *isa = ISA_SERIAL(dev);
+ SerialState *s = &isa->state;
+
+ if (isa->index == -1) {
+ isa->index = index;
+ }
+ if (isa->index >= MAX_SERIAL_PORTS) {
+ error_setg(errp, "Max. supported number of ISA serial ports is %d.",
+ MAX_SERIAL_PORTS);
+ return;
+ }
+ if (isa->iobase == -1) {
+ isa->iobase = isa_serial_io[isa->index];
+ }
+ if (isa->isairq == -1) {
+ isa->isairq = isa_serial_irq[isa->index];
+ }
+ index++;
+
+ s->baudbase = 115200;
+ isa_init_irq(isadev, &s->irq, isa->isairq);
+ serial_realize_core(s, errp);
+ qdev_set_legacy_instance_id(dev, isa->iobase, 3);
+
+ memory_region_init_io(&s->io, OBJECT(isa), &serial_io_ops, s, "serial", 8);
+ isa_register_ioport(isadev, &s->io, isa->iobase);
+}
+
+static const VMStateDescription vmstate_isa_serial = {
+ .name = "serial",
+ .version_id = 3,
+ .minimum_version_id = 2,
+ .fields = (VMStateField[]) {
+ VMSTATE_STRUCT(state, ISASerialState, 0, vmstate_serial, SerialState),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+static Property serial_isa_properties[] = {
+ DEFINE_PROP_UINT32("index", ISASerialState, index, -1),
+ DEFINE_PROP_HEX32("iobase", ISASerialState, iobase, -1),
+ DEFINE_PROP_UINT32("irq", ISASerialState, isairq, -1),
+ DEFINE_PROP_CHR("chardev", ISASerialState, state.chr),
+ DEFINE_PROP_UINT32("wakeup", ISASerialState, state.wakeup, 0),
+ DEFINE_PROP_END_OF_LIST(),
+};
+
+static void serial_isa_class_initfn(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+
+ dc->realize = serial_isa_realizefn;
+ dc->vmsd = &vmstate_isa_serial;
+ dc->props = serial_isa_properties;
+ set_bit(DEVICE_CATEGORY_INPUT, dc->categories);
+}
+
+static const TypeInfo serial_isa_info = {
+ .name = TYPE_ISA_SERIAL,
+ .parent = TYPE_ISA_DEVICE,
+ .instance_size = sizeof(ISASerialState),
+ .class_init = serial_isa_class_initfn,
+};
+
+static void serial_register_types(void)
+{
+ type_register_static(&serial_isa_info);
+}
+
+type_init(serial_register_types)
+
+bool serial_isa_init(ISABus *bus, int index, CharDriverState *chr)
+{
+ DeviceState *dev;
+ ISADevice *isadev;
+
+ isadev = isa_try_create(bus, TYPE_ISA_SERIAL);
+ if (!isadev) {
+ return false;
+ }
+ dev = DEVICE(isadev);
+ qdev_prop_set_uint32(dev, "index", index);
+ qdev_prop_set_chr(dev, "chardev", chr);
+ if (qdev_init(dev) < 0) {
+ return false;
+ }
+ return true;
+}
diff --git a/hw/char/serial-pci.c b/hw/char/serial-pci.c
new file mode 100644
index 000000000..aec6705a0
--- /dev/null
+++ b/hw/char/serial-pci.c
@@ -0,0 +1,269 @@
+/*
+ * QEMU 16550A UART emulation
+ *
+ * Copyright (c) 2003-2004 Fabrice Bellard
+ * Copyright (c) 2008 Citrix Systems, Inc.
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+/* see docs/specs/pci-serial.txt */
+
+#include "hw/char/serial.h"
+#include "hw/pci/pci.h"
+#include "qapi/qmp/qerror.h"
+
+#define PCI_SERIAL_MAX_PORTS 4
+
+typedef struct PCISerialState {
+ PCIDevice dev;
+ SerialState state;
+} PCISerialState;
+
+typedef struct PCIMultiSerialState {
+ PCIDevice dev;
+ MemoryRegion iobar;
+ uint32_t ports;
+ char *name[PCI_SERIAL_MAX_PORTS];
+ SerialState state[PCI_SERIAL_MAX_PORTS];
+ uint32_t level[PCI_SERIAL_MAX_PORTS];
+ qemu_irq *irqs;
+} PCIMultiSerialState;
+
+static int serial_pci_init(PCIDevice *dev)
+{
+ PCISerialState *pci = DO_UPCAST(PCISerialState, dev, dev);
+ SerialState *s = &pci->state;
+ Error *err = NULL;
+
+ s->baudbase = 115200;
+ serial_realize_core(s, &err);
+ if (err != NULL) {
+ qerror_report_err(err);
+ error_free(err);
+ return -1;
+ }
+
+ pci->dev.config[PCI_INTERRUPT_PIN] = 0x01;
+ s->irq = pci->dev.irq[0];
+
+ memory_region_init_io(&s->io, OBJECT(pci), &serial_io_ops, s, "serial", 8);
+ pci_register_bar(&pci->dev, 0, PCI_BASE_ADDRESS_SPACE_IO, &s->io);
+ return 0;
+}
+
+static void multi_serial_irq_mux(void *opaque, int n, int level)
+{
+ PCIMultiSerialState *pci = opaque;
+ int i, pending = 0;
+
+ pci->level[n] = level;
+ for (i = 0; i < pci->ports; i++) {
+ if (pci->level[i]) {
+ pending = 1;
+ }
+ }
+ qemu_set_irq(pci->dev.irq[0], pending);
+}
+
+static int multi_serial_pci_init(PCIDevice *dev)
+{
+ PCIDeviceClass *pc = PCI_DEVICE_GET_CLASS(dev);
+ PCIMultiSerialState *pci = DO_UPCAST(PCIMultiSerialState, dev, dev);
+ SerialState *s;
+ Error *err = NULL;
+ int i;
+
+ switch (pc->device_id) {
+ case 0x0003:
+ pci->ports = 2;
+ break;
+ case 0x0004:
+ pci->ports = 4;
+ break;
+ }
+ assert(pci->ports > 0);
+ assert(pci->ports <= PCI_SERIAL_MAX_PORTS);
+
+ pci->dev.config[PCI_INTERRUPT_PIN] = 0x01;
+ memory_region_init(&pci->iobar, OBJECT(pci), "multiserial", 8 * pci->ports);
+ pci_register_bar(&pci->dev, 0, PCI_BASE_ADDRESS_SPACE_IO, &pci->iobar);
+ pci->irqs = qemu_allocate_irqs(multi_serial_irq_mux, pci,
+ pci->ports);
+
+ for (i = 0; i < pci->ports; i++) {
+ s = pci->state + i;
+ s->baudbase = 115200;
+ serial_realize_core(s, &err);
+ if (err != NULL) {
+ qerror_report_err(err);
+ error_free(err);
+ return -1;
+ }
+ s->irq = pci->irqs[i];
+ pci->name[i] = g_strdup_printf("uart #%d", i+1);
+ memory_region_init_io(&s->io, OBJECT(pci), &serial_io_ops, s,
+ pci->name[i], 8);
+ memory_region_add_subregion(&pci->iobar, 8 * i, &s->io);
+ }
+ return 0;
+}
+
+static void serial_pci_exit(PCIDevice *dev)
+{
+ PCISerialState *pci = DO_UPCAST(PCISerialState, dev, dev);
+ SerialState *s = &pci->state;
+
+ serial_exit_core(s);
+ memory_region_destroy(&s->io);
+}
+
+static void multi_serial_pci_exit(PCIDevice *dev)
+{
+ PCIMultiSerialState *pci = DO_UPCAST(PCIMultiSerialState, dev, dev);
+ SerialState *s;
+ int i;
+
+ for (i = 0; i < pci->ports; i++) {
+ s = pci->state + i;
+ serial_exit_core(s);
+ memory_region_destroy(&s->io);
+ g_free(pci->name[i]);
+ }
+ memory_region_destroy(&pci->iobar);
+ qemu_free_irqs(pci->irqs);
+}
+
+static const VMStateDescription vmstate_pci_serial = {
+ .name = "pci-serial",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .fields = (VMStateField[]) {
+ VMSTATE_PCI_DEVICE(dev, PCISerialState),
+ VMSTATE_STRUCT(state, PCISerialState, 0, vmstate_serial, SerialState),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+static const VMStateDescription vmstate_pci_multi_serial = {
+ .name = "pci-serial-multi",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .fields = (VMStateField[]) {
+ VMSTATE_PCI_DEVICE(dev, PCIMultiSerialState),
+ VMSTATE_STRUCT_ARRAY(state, PCIMultiSerialState, PCI_SERIAL_MAX_PORTS,
+ 0, vmstate_serial, SerialState),
+ VMSTATE_UINT32_ARRAY(level, PCIMultiSerialState, PCI_SERIAL_MAX_PORTS),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+static Property serial_pci_properties[] = {
+ DEFINE_PROP_CHR("chardev", PCISerialState, state.chr),
+ DEFINE_PROP_END_OF_LIST(),
+};
+
+static Property multi_2x_serial_pci_properties[] = {
+ DEFINE_PROP_CHR("chardev1", PCIMultiSerialState, state[0].chr),
+ DEFINE_PROP_CHR("chardev2", PCIMultiSerialState, state[1].chr),
+ DEFINE_PROP_END_OF_LIST(),
+};
+
+static Property multi_4x_serial_pci_properties[] = {
+ DEFINE_PROP_CHR("chardev1", PCIMultiSerialState, state[0].chr),
+ DEFINE_PROP_CHR("chardev2", PCIMultiSerialState, state[1].chr),
+ DEFINE_PROP_CHR("chardev3", PCIMultiSerialState, state[2].chr),
+ DEFINE_PROP_CHR("chardev4", PCIMultiSerialState, state[3].chr),
+ DEFINE_PROP_END_OF_LIST(),
+};
+
+static void serial_pci_class_initfn(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ PCIDeviceClass *pc = PCI_DEVICE_CLASS(klass);
+ pc->init = serial_pci_init;
+ pc->exit = serial_pci_exit;
+ pc->vendor_id = PCI_VENDOR_ID_REDHAT;
+ pc->device_id = PCI_DEVICE_ID_REDHAT_SERIAL;
+ pc->revision = 1;
+ pc->class_id = PCI_CLASS_COMMUNICATION_SERIAL;
+ dc->vmsd = &vmstate_pci_serial;
+ dc->props = serial_pci_properties;
+ set_bit(DEVICE_CATEGORY_INPUT, dc->categories);
+}
+
+static void multi_2x_serial_pci_class_initfn(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ PCIDeviceClass *pc = PCI_DEVICE_CLASS(klass);
+ pc->init = multi_serial_pci_init;
+ pc->exit = multi_serial_pci_exit;
+ pc->vendor_id = PCI_VENDOR_ID_REDHAT;
+ pc->device_id = PCI_DEVICE_ID_REDHAT_SERIAL2;
+ pc->revision = 1;
+ pc->class_id = PCI_CLASS_COMMUNICATION_SERIAL;
+ dc->vmsd = &vmstate_pci_multi_serial;
+ dc->props = multi_2x_serial_pci_properties;
+ set_bit(DEVICE_CATEGORY_INPUT, dc->categories);
+}
+
+static void multi_4x_serial_pci_class_initfn(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ PCIDeviceClass *pc = PCI_DEVICE_CLASS(klass);
+ pc->init = multi_serial_pci_init;
+ pc->exit = multi_serial_pci_exit;
+ pc->vendor_id = PCI_VENDOR_ID_REDHAT;
+ pc->device_id = PCI_DEVICE_ID_REDHAT_SERIAL4;
+ pc->revision = 1;
+ pc->class_id = PCI_CLASS_COMMUNICATION_SERIAL;
+ dc->vmsd = &vmstate_pci_multi_serial;
+ dc->props = multi_4x_serial_pci_properties;
+ set_bit(DEVICE_CATEGORY_INPUT, dc->categories);
+}
+
+static const TypeInfo serial_pci_info = {
+ .name = "pci-serial",
+ .parent = TYPE_PCI_DEVICE,
+ .instance_size = sizeof(PCISerialState),
+ .class_init = serial_pci_class_initfn,
+};
+
+static const TypeInfo multi_2x_serial_pci_info = {
+ .name = "pci-serial-2x",
+ .parent = TYPE_PCI_DEVICE,
+ .instance_size = sizeof(PCIMultiSerialState),
+ .class_init = multi_2x_serial_pci_class_initfn,
+};
+
+static const TypeInfo multi_4x_serial_pci_info = {
+ .name = "pci-serial-4x",
+ .parent = TYPE_PCI_DEVICE,
+ .instance_size = sizeof(PCIMultiSerialState),
+ .class_init = multi_4x_serial_pci_class_initfn,
+};
+
+static void serial_pci_register_types(void)
+{
+ type_register_static(&serial_pci_info);
+ type_register_static(&multi_2x_serial_pci_info);
+ type_register_static(&multi_4x_serial_pci_info);
+}
+
+type_init(serial_pci_register_types)
diff --git a/hw/char/serial.c b/hw/char/serial.c
new file mode 100644
index 000000000..602559254
--- /dev/null
+++ b/hw/char/serial.c
@@ -0,0 +1,775 @@
+/*
+ * QEMU 16550A UART emulation
+ *
+ * Copyright (c) 2003-2004 Fabrice Bellard
+ * Copyright (c) 2008 Citrix Systems, Inc.
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+#include "hw/char/serial.h"
+#include "sysemu/char.h"
+#include "qemu/timer.h"
+#include "exec/address-spaces.h"
+
+//#define DEBUG_SERIAL
+
+#define UART_LCR_DLAB 0x80 /* Divisor latch access bit */
+
+#define UART_IER_MSI 0x08 /* Enable Modem status interrupt */
+#define UART_IER_RLSI 0x04 /* Enable receiver line status interrupt */
+#define UART_IER_THRI 0x02 /* Enable Transmitter holding register int. */
+#define UART_IER_RDI 0x01 /* Enable receiver data interrupt */
+
+#define UART_IIR_NO_INT 0x01 /* No interrupts pending */
+#define UART_IIR_ID 0x06 /* Mask for the interrupt ID */
+
+#define UART_IIR_MSI 0x00 /* Modem status interrupt */
+#define UART_IIR_THRI 0x02 /* Transmitter holding register empty */
+#define UART_IIR_RDI 0x04 /* Receiver data interrupt */
+#define UART_IIR_RLSI 0x06 /* Receiver line status interrupt */
+#define UART_IIR_CTI 0x0C /* Character Timeout Indication */
+
+#define UART_IIR_FENF 0x80 /* Fifo enabled, but not functionning */
+#define UART_IIR_FE 0xC0 /* Fifo enabled */
+
+/*
+ * These are the definitions for the Modem Control Register
+ */
+#define UART_MCR_LOOP 0x10 /* Enable loopback test mode */
+#define UART_MCR_OUT2 0x08 /* Out2 complement */
+#define UART_MCR_OUT1 0x04 /* Out1 complement */
+#define UART_MCR_RTS 0x02 /* RTS complement */
+#define UART_MCR_DTR 0x01 /* DTR complement */
+
+/*
+ * These are the definitions for the Modem Status Register
+ */
+#define UART_MSR_DCD 0x80 /* Data Carrier Detect */
+#define UART_MSR_RI 0x40 /* Ring Indicator */
+#define UART_MSR_DSR 0x20 /* Data Set Ready */
+#define UART_MSR_CTS 0x10 /* Clear to Send */
+#define UART_MSR_DDCD 0x08 /* Delta DCD */
+#define UART_MSR_TERI 0x04 /* Trailing edge ring indicator */
+#define UART_MSR_DDSR 0x02 /* Delta DSR */
+#define UART_MSR_DCTS 0x01 /* Delta CTS */
+#define UART_MSR_ANY_DELTA 0x0F /* Any of the delta bits! */
+
+#define UART_LSR_TEMT 0x40 /* Transmitter empty */
+#define UART_LSR_THRE 0x20 /* Transmit-hold-register empty */
+#define UART_LSR_BI 0x10 /* Break interrupt indicator */
+#define UART_LSR_FE 0x08 /* Frame error indicator */
+#define UART_LSR_PE 0x04 /* Parity error indicator */
+#define UART_LSR_OE 0x02 /* Overrun error indicator */
+#define UART_LSR_DR 0x01 /* Receiver data ready */
+#define UART_LSR_INT_ANY 0x1E /* Any of the lsr-interrupt-triggering status bits */
+
+/* Interrupt trigger levels. The byte-counts are for 16550A - in newer UARTs the byte-count for each ITL is higher. */
+
+#define UART_FCR_ITL_1 0x00 /* 1 byte ITL */
+#define UART_FCR_ITL_2 0x40 /* 4 bytes ITL */
+#define UART_FCR_ITL_3 0x80 /* 8 bytes ITL */
+#define UART_FCR_ITL_4 0xC0 /* 14 bytes ITL */
+
+#define UART_FCR_DMS 0x08 /* DMA Mode Select */
+#define UART_FCR_XFR 0x04 /* XMIT Fifo Reset */
+#define UART_FCR_RFR 0x02 /* RCVR Fifo Reset */
+#define UART_FCR_FE 0x01 /* FIFO Enable */
+
+#define MAX_XMIT_RETRY 4
+
+#ifdef DEBUG_SERIAL
+#define DPRINTF(fmt, ...) \
+do { fprintf(stderr, "serial: " fmt , ## __VA_ARGS__); } while (0)
+#else
+#define DPRINTF(fmt, ...) \
+do {} while (0)
+#endif
+
+static void serial_receive1(void *opaque, const uint8_t *buf, int size);
+
+static inline void recv_fifo_put(SerialState *s, uint8_t chr)
+{
+ /* Receive overruns do not overwrite FIFO contents. */
+ if (!fifo8_is_full(&s->recv_fifo)) {
+ fifo8_push(&s->recv_fifo, chr);
+ } else {
+ s->lsr |= UART_LSR_OE;
+ }
+}
+
+static void serial_update_irq(SerialState *s)
+{
+ uint8_t tmp_iir = UART_IIR_NO_INT;
+
+ if ((s->ier & UART_IER_RLSI) && (s->lsr & UART_LSR_INT_ANY)) {
+ tmp_iir = UART_IIR_RLSI;
+ } else if ((s->ier & UART_IER_RDI) && s->timeout_ipending) {
+ /* Note that(s->ier & UART_IER_RDI) can mask this interrupt,
+ * this is not in the specification but is observed on existing
+ * hardware. */
+ tmp_iir = UART_IIR_CTI;
+ } else if ((s->ier & UART_IER_RDI) && (s->lsr & UART_LSR_DR) &&
+ (!(s->fcr & UART_FCR_FE) ||
+ s->recv_fifo.num >= s->recv_fifo_itl)) {
+ tmp_iir = UART_IIR_RDI;
+ } else if ((s->ier & UART_IER_THRI) && s->thr_ipending) {
+ tmp_iir = UART_IIR_THRI;
+ } else if ((s->ier & UART_IER_MSI) && (s->msr & UART_MSR_ANY_DELTA)) {
+ tmp_iir = UART_IIR_MSI;
+ }
+
+ s->iir = tmp_iir | (s->iir & 0xF0);
+
+ if (tmp_iir != UART_IIR_NO_INT) {
+ qemu_irq_raise(s->irq);
+ } else {
+ qemu_irq_lower(s->irq);
+ }
+}
+
+static void serial_update_parameters(SerialState *s)
+{
+ int speed, parity, data_bits, stop_bits, frame_size;
+ QEMUSerialSetParams ssp;
+
+ if (s->divider == 0)
+ return;
+
+ /* Start bit. */
+ frame_size = 1;
+ if (s->lcr & 0x08) {
+ /* Parity bit. */
+ frame_size++;
+ if (s->lcr & 0x10)
+ parity = 'E';
+ else
+ parity = 'O';
+ } else {
+ parity = 'N';
+ }
+ if (s->lcr & 0x04)
+ stop_bits = 2;
+ else
+ stop_bits = 1;
+
+ data_bits = (s->lcr & 0x03) + 5;
+ frame_size += data_bits + stop_bits;
+ speed = s->baudbase / s->divider;
+ ssp.speed = speed;
+ ssp.parity = parity;
+ ssp.data_bits = data_bits;
+ ssp.stop_bits = stop_bits;
+ s->char_transmit_time = (get_ticks_per_sec() / speed) * frame_size;
+ qemu_chr_fe_ioctl(s->chr, CHR_IOCTL_SERIAL_SET_PARAMS, &ssp);
+
+ DPRINTF("speed=%d parity=%c data=%d stop=%d\n",
+ speed, parity, data_bits, stop_bits);
+}
+
+static void serial_update_msl(SerialState *s)
+{
+ uint8_t omsr;
+ int flags;
+
+ qemu_del_timer(s->modem_status_poll);
+
+ if (qemu_chr_fe_ioctl(s->chr,CHR_IOCTL_SERIAL_GET_TIOCM, &flags) == -ENOTSUP) {
+ s->poll_msl = -1;
+ return;
+ }
+
+ omsr = s->msr;
+
+ s->msr = (flags & CHR_TIOCM_CTS) ? s->msr | UART_MSR_CTS : s->msr & ~UART_MSR_CTS;
+ s->msr = (flags & CHR_TIOCM_DSR) ? s->msr | UART_MSR_DSR : s->msr & ~UART_MSR_DSR;
+ s->msr = (flags & CHR_TIOCM_CAR) ? s->msr | UART_MSR_DCD : s->msr & ~UART_MSR_DCD;
+ s->msr = (flags & CHR_TIOCM_RI) ? s->msr | UART_MSR_RI : s->msr & ~UART_MSR_RI;
+
+ if (s->msr != omsr) {
+ /* Set delta bits */
+ s->msr = s->msr | ((s->msr >> 4) ^ (omsr >> 4));
+ /* UART_MSR_TERI only if change was from 1 -> 0 */
+ if ((s->msr & UART_MSR_TERI) && !(omsr & UART_MSR_RI))
+ s->msr &= ~UART_MSR_TERI;
+ serial_update_irq(s);
+ }
+
+ /* The real 16550A apparently has a 250ns response latency to line status changes.
+ We'll be lazy and poll only every 10ms, and only poll it at all if MSI interrupts are turned on */
+
+ if (s->poll_msl)
+ qemu_mod_timer(s->modem_status_poll, qemu_get_clock_ns(vm_clock) + get_ticks_per_sec() / 100);
+}
+
+static gboolean serial_xmit(GIOChannel *chan, GIOCondition cond, void *opaque)
+{
+ SerialState *s = opaque;
+
+ if (s->tsr_retry <= 0) {
+ if (s->fcr & UART_FCR_FE) {
+ s->tsr = fifo8_is_full(&s->xmit_fifo) ?
+ 0 : fifo8_pop(&s->xmit_fifo);
+ if (!s->xmit_fifo.num) {
+ s->lsr |= UART_LSR_THRE;
+ }
+ } else if ((s->lsr & UART_LSR_THRE)) {
+ return FALSE;
+ } else {
+ s->tsr = s->thr;
+ s->lsr |= UART_LSR_THRE;
+ s->lsr &= ~UART_LSR_TEMT;
+ }
+ }
+
+ if (s->mcr & UART_MCR_LOOP) {
+ /* in loopback mode, say that we just received a char */
+ serial_receive1(s, &s->tsr, 1);
+ } else if (qemu_chr_fe_write(s->chr, &s->tsr, 1) != 1) {
+ if (s->tsr_retry >= 0 && s->tsr_retry < MAX_XMIT_RETRY &&
+ qemu_chr_fe_add_watch(s->chr, G_IO_OUT, serial_xmit, s) > 0) {
+ s->tsr_retry++;
+ return FALSE;
+ }
+ s->tsr_retry = 0;
+ } else {
+ s->tsr_retry = 0;
+ }
+
+ s->last_xmit_ts = qemu_get_clock_ns(vm_clock);
+
+ if (s->lsr & UART_LSR_THRE) {
+ s->lsr |= UART_LSR_TEMT;
+ s->thr_ipending = 1;
+ serial_update_irq(s);
+ }
+
+ return FALSE;
+}
+
+
+static void serial_ioport_write(void *opaque, hwaddr addr, uint64_t val,
+ unsigned size)
+{
+ SerialState *s = opaque;
+
+ addr &= 7;
+ DPRINTF("write addr=0x%" HWADDR_PRIx " val=0x%" PRIx64 "\n", addr, val);
+ switch(addr) {
+ default:
+ case 0:
+ if (s->lcr & UART_LCR_DLAB) {
+ s->divider = (s->divider & 0xff00) | val;
+ serial_update_parameters(s);
+ } else {
+ s->thr = (uint8_t) val;
+ if(s->fcr & UART_FCR_FE) {
+ /* xmit overruns overwrite data, so make space if needed */
+ if (fifo8_is_full(&s->xmit_fifo)) {
+ fifo8_pop(&s->xmit_fifo);
+ }
+ fifo8_push(&s->xmit_fifo, s->thr);
+ s->lsr &= ~UART_LSR_TEMT;
+ }
+ s->thr_ipending = 0;
+ s->lsr &= ~UART_LSR_THRE;
+ serial_update_irq(s);
+ serial_xmit(NULL, G_IO_OUT, s);
+ }
+ break;
+ case 1:
+ if (s->lcr & UART_LCR_DLAB) {
+ s->divider = (s->divider & 0x00ff) | (val << 8);
+ serial_update_parameters(s);
+ } else {
+ s->ier = val & 0x0f;
+ /* If the backend device is a real serial port, turn polling of the modem
+ status lines on physical port on or off depending on UART_IER_MSI state */
+ if (s->poll_msl >= 0) {
+ if (s->ier & UART_IER_MSI) {
+ s->poll_msl = 1;
+ serial_update_msl(s);
+ } else {
+ qemu_del_timer(s->modem_status_poll);
+ s->poll_msl = 0;
+ }
+ }
+ if (s->lsr & UART_LSR_THRE) {
+ s->thr_ipending = 1;
+ serial_update_irq(s);
+ }
+ }
+ break;
+ case 2:
+ val = val & 0xFF;
+
+ if (s->fcr == val)
+ break;
+
+ /* Did the enable/disable flag change? If so, make sure FIFOs get flushed */
+ if ((val ^ s->fcr) & UART_FCR_FE)
+ val |= UART_FCR_XFR | UART_FCR_RFR;
+
+ /* FIFO clear */
+
+ if (val & UART_FCR_RFR) {
+ qemu_del_timer(s->fifo_timeout_timer);
+ s->timeout_ipending=0;
+ fifo8_reset(&s->recv_fifo);
+ }
+
+ if (val & UART_FCR_XFR) {
+ fifo8_reset(&s->xmit_fifo);
+ }
+
+ if (val & UART_FCR_FE) {
+ s->iir |= UART_IIR_FE;
+ /* Set recv_fifo trigger Level */
+ switch (val & 0xC0) {
+ case UART_FCR_ITL_1:
+ s->recv_fifo_itl = 1;
+ break;
+ case UART_FCR_ITL_2:
+ s->recv_fifo_itl = 4;
+ break;
+ case UART_FCR_ITL_3:
+ s->recv_fifo_itl = 8;
+ break;
+ case UART_FCR_ITL_4:
+ s->recv_fifo_itl = 14;
+ break;
+ }
+ } else
+ s->iir &= ~UART_IIR_FE;
+
+ /* Set fcr - or at least the bits in it that are supposed to "stick" */
+ s->fcr = val & 0xC9;
+ serial_update_irq(s);
+ break;
+ case 3:
+ {
+ int break_enable;
+ s->lcr = val;
+ serial_update_parameters(s);
+ break_enable = (val >> 6) & 1;
+ if (break_enable != s->last_break_enable) {
+ s->last_break_enable = break_enable;
+ qemu_chr_fe_ioctl(s->chr, CHR_IOCTL_SERIAL_SET_BREAK,
+ &break_enable);
+ }
+ }
+ break;
+ case 4:
+ {
+ int flags;
+ int old_mcr = s->mcr;
+ s->mcr = val & 0x1f;
+ if (val & UART_MCR_LOOP)
+ break;
+
+ if (s->poll_msl >= 0 && old_mcr != s->mcr) {
+
+ qemu_chr_fe_ioctl(s->chr,CHR_IOCTL_SERIAL_GET_TIOCM, &flags);
+
+ flags &= ~(CHR_TIOCM_RTS | CHR_TIOCM_DTR);
+
+ if (val & UART_MCR_RTS)
+ flags |= CHR_TIOCM_RTS;
+ if (val & UART_MCR_DTR)
+ flags |= CHR_TIOCM_DTR;
+
+ qemu_chr_fe_ioctl(s->chr,CHR_IOCTL_SERIAL_SET_TIOCM, &flags);
+ /* Update the modem status after a one-character-send wait-time, since there may be a response
+ from the device/computer at the other end of the serial line */
+ qemu_mod_timer(s->modem_status_poll, qemu_get_clock_ns(vm_clock) + s->char_transmit_time);
+ }
+ }
+ break;
+ case 5:
+ break;
+ case 6:
+ break;
+ case 7:
+ s->scr = val;
+ break;
+ }
+}
+
+static uint64_t serial_ioport_read(void *opaque, hwaddr addr, unsigned size)
+{
+ SerialState *s = opaque;
+ uint32_t ret;
+
+ addr &= 7;
+ switch(addr) {
+ default:
+ case 0:
+ if (s->lcr & UART_LCR_DLAB) {
+ ret = s->divider & 0xff;
+ } else {
+ if(s->fcr & UART_FCR_FE) {
+ ret = fifo8_is_empty(&s->recv_fifo) ?
+ 0 : fifo8_pop(&s->recv_fifo);
+ if (s->recv_fifo.num == 0) {
+ s->lsr &= ~(UART_LSR_DR | UART_LSR_BI);
+ } else {
+ qemu_mod_timer(s->fifo_timeout_timer, qemu_get_clock_ns (vm_clock) + s->char_transmit_time * 4);
+ }
+ s->timeout_ipending = 0;
+ } else {
+ ret = s->rbr;
+ s->lsr &= ~(UART_LSR_DR | UART_LSR_BI);
+ }
+ serial_update_irq(s);
+ if (!(s->mcr & UART_MCR_LOOP)) {
+ /* in loopback mode, don't receive any data */
+ qemu_chr_accept_input(s->chr);
+ }
+ }
+ break;
+ case 1:
+ if (s->lcr & UART_LCR_DLAB) {
+ ret = (s->divider >> 8) & 0xff;
+ } else {
+ ret = s->ier;
+ }
+ break;
+ case 2:
+ ret = s->iir;
+ if ((ret & UART_IIR_ID) == UART_IIR_THRI) {
+ s->thr_ipending = 0;
+ serial_update_irq(s);
+ }
+ break;
+ case 3:
+ ret = s->lcr;
+ break;
+ case 4:
+ ret = s->mcr;
+ break;
+ case 5:
+ ret = s->lsr;
+ /* Clear break and overrun interrupts */
+ if (s->lsr & (UART_LSR_BI|UART_LSR_OE)) {
+ s->lsr &= ~(UART_LSR_BI|UART_LSR_OE);
+ serial_update_irq(s);
+ }
+ break;
+ case 6:
+ if (s->mcr & UART_MCR_LOOP) {
+ /* in loopback, the modem output pins are connected to the
+ inputs */
+ ret = (s->mcr & 0x0c) << 4;
+ ret |= (s->mcr & 0x02) << 3;
+ ret |= (s->mcr & 0x01) << 5;
+ } else {
+ if (s->poll_msl >= 0)
+ serial_update_msl(s);
+ ret = s->msr;
+ /* Clear delta bits & msr int after read, if they were set */
+ if (s->msr & UART_MSR_ANY_DELTA) {
+ s->msr &= 0xF0;
+ serial_update_irq(s);
+ }
+ }
+ break;
+ case 7:
+ ret = s->scr;
+ break;
+ }
+ DPRINTF("read addr=0x%" HWADDR_PRIx " val=0x%02x\n", addr, ret);
+ return ret;
+}
+
+static int serial_can_receive(SerialState *s)
+{
+ if(s->fcr & UART_FCR_FE) {
+ if (s->recv_fifo.num < UART_FIFO_LENGTH) {
+ /*
+ * Advertise (fifo.itl - fifo.count) bytes when count < ITL, and 1
+ * if above. If UART_FIFO_LENGTH - fifo.count is advertised the
+ * effect will be to almost always fill the fifo completely before
+ * the guest has a chance to respond, effectively overriding the ITL
+ * that the guest has set.
+ */
+ return (s->recv_fifo.num <= s->recv_fifo_itl) ?
+ s->recv_fifo_itl - s->recv_fifo.num : 1;
+ } else {
+ return 0;
+ }
+ } else {
+ return !(s->lsr & UART_LSR_DR);
+ }
+}
+
+static void serial_receive_break(SerialState *s)
+{
+ s->rbr = 0;
+ /* When the LSR_DR is set a null byte is pushed into the fifo */
+ recv_fifo_put(s, '\0');
+ s->lsr |= UART_LSR_BI | UART_LSR_DR;
+ serial_update_irq(s);
+}
+
+/* There's data in recv_fifo and s->rbr has not been read for 4 char transmit times */
+static void fifo_timeout_int (void *opaque) {
+ SerialState *s = opaque;
+ if (s->recv_fifo.num) {
+ s->timeout_ipending = 1;
+ serial_update_irq(s);
+ }
+}
+
+static int serial_can_receive1(void *opaque)
+{
+ SerialState *s = opaque;
+ return serial_can_receive(s);
+}
+
+static void serial_receive1(void *opaque, const uint8_t *buf, int size)
+{
+ SerialState *s = opaque;
+
+ if (s->wakeup) {
+ qemu_system_wakeup_request(QEMU_WAKEUP_REASON_OTHER);
+ }
+ if(s->fcr & UART_FCR_FE) {
+ int i;
+ for (i = 0; i < size; i++) {
+ recv_fifo_put(s, buf[i]);
+ }
+ s->lsr |= UART_LSR_DR;
+ /* call the timeout receive callback in 4 char transmit time */
+ qemu_mod_timer(s->fifo_timeout_timer, qemu_get_clock_ns (vm_clock) + s->char_transmit_time * 4);
+ } else {
+ if (s->lsr & UART_LSR_DR)
+ s->lsr |= UART_LSR_OE;
+ s->rbr = buf[0];
+ s->lsr |= UART_LSR_DR;
+ }
+ serial_update_irq(s);
+}
+
+static void serial_event(void *opaque, int event)
+{
+ SerialState *s = opaque;
+ DPRINTF("event %x\n", event);
+ if (event == CHR_EVENT_BREAK)
+ serial_receive_break(s);
+}
+
+static void serial_pre_save(void *opaque)
+{
+ SerialState *s = opaque;
+ s->fcr_vmstate = s->fcr;
+}
+
+static int serial_post_load(void *opaque, int version_id)
+{
+ SerialState *s = opaque;
+
+ if (version_id < 3) {
+ s->fcr_vmstate = 0;
+ }
+ /* Initialize fcr via setter to perform essential side-effects */
+ serial_ioport_write(s, 0x02, s->fcr_vmstate, 1);
+ serial_update_parameters(s);
+ return 0;
+}
+
+const VMStateDescription vmstate_serial = {
+ .name = "serial",
+ .version_id = 3,
+ .minimum_version_id = 2,
+ .pre_save = serial_pre_save,
+ .post_load = serial_post_load,
+ .fields = (VMStateField []) {
+ VMSTATE_UINT16_V(divider, SerialState, 2),
+ VMSTATE_UINT8(rbr, SerialState),
+ VMSTATE_UINT8(ier, SerialState),
+ VMSTATE_UINT8(iir, SerialState),
+ VMSTATE_UINT8(lcr, SerialState),
+ VMSTATE_UINT8(mcr, SerialState),
+ VMSTATE_UINT8(lsr, SerialState),
+ VMSTATE_UINT8(msr, SerialState),
+ VMSTATE_UINT8(scr, SerialState),
+ VMSTATE_UINT8_V(fcr_vmstate, SerialState, 3),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+static void serial_reset(void *opaque)
+{
+ SerialState *s = opaque;
+
+ s->rbr = 0;
+ s->ier = 0;
+ s->iir = UART_IIR_NO_INT;
+ s->lcr = 0;
+ s->lsr = UART_LSR_TEMT | UART_LSR_THRE;
+ s->msr = UART_MSR_DCD | UART_MSR_DSR | UART_MSR_CTS;
+ /* Default to 9600 baud, 1 start bit, 8 data bits, 1 stop bit, no parity. */
+ s->divider = 0x0C;
+ s->mcr = UART_MCR_OUT2;
+ s->scr = 0;
+ s->tsr_retry = 0;
+ s->char_transmit_time = (get_ticks_per_sec() / 9600) * 10;
+ s->poll_msl = 0;
+
+ fifo8_reset(&s->recv_fifo);
+ fifo8_reset(&s->xmit_fifo);
+
+ s->last_xmit_ts = qemu_get_clock_ns(vm_clock);
+
+ s->thr_ipending = 0;
+ s->last_break_enable = 0;
+ qemu_irq_lower(s->irq);
+}
+
+void serial_realize_core(SerialState *s, Error **errp)
+{
+ if (!s->chr) {
+ error_setg(errp, "Can't create serial device, empty char device");
+ return;
+ }
+
+ s->modem_status_poll = qemu_new_timer_ns(vm_clock, (QEMUTimerCB *) serial_update_msl, s);
+
+ s->fifo_timeout_timer = qemu_new_timer_ns(vm_clock, (QEMUTimerCB *) fifo_timeout_int, s);
+ qemu_register_reset(serial_reset, s);
+
+ qemu_chr_add_handlers(s->chr, serial_can_receive1, serial_receive1,
+ serial_event, s);
+ fifo8_create(&s->recv_fifo, UART_FIFO_LENGTH);
+ fifo8_create(&s->xmit_fifo, UART_FIFO_LENGTH);
+}
+
+void serial_exit_core(SerialState *s)
+{
+ qemu_chr_add_handlers(s->chr, NULL, NULL, NULL, NULL);
+ qemu_unregister_reset(serial_reset, s);
+}
+
+/* Change the main reference oscillator frequency. */
+void serial_set_frequency(SerialState *s, uint32_t frequency)
+{
+ s->baudbase = frequency;
+ serial_update_parameters(s);
+}
+
+const MemoryRegionOps serial_io_ops = {
+ .read = serial_ioport_read,
+ .write = serial_ioport_write,
+ .impl = {
+ .min_access_size = 1,
+ .max_access_size = 1,
+ },
+ .endianness = DEVICE_LITTLE_ENDIAN,
+};
+
+SerialState *serial_init(int base, qemu_irq irq, int baudbase,
+ CharDriverState *chr, MemoryRegion *system_io)
+{
+ SerialState *s;
+ Error *err = NULL;
+
+ s = g_malloc0(sizeof(SerialState));
+
+ s->irq = irq;
+ s->baudbase = baudbase;
+ s->chr = chr;
+ serial_realize_core(s, &err);
+ if (err != NULL) {
+ fprintf(stderr, "%s\n", error_get_pretty(err));
+ error_free(err);
+ exit(1);
+ }
+
+ vmstate_register(NULL, base, &vmstate_serial, s);
+
+ memory_region_init_io(&s->io, NULL, &serial_io_ops, s, "serial", 8);
+ memory_region_add_subregion(system_io, base, &s->io);
+
+ return s;
+}
+
+/* Memory mapped interface */
+static uint64_t serial_mm_read(void *opaque, hwaddr addr,
+ unsigned size)
+{
+ SerialState *s = opaque;
+ return serial_ioport_read(s, addr >> s->it_shift, 1);
+}
+
+static void serial_mm_write(void *opaque, hwaddr addr,
+ uint64_t value, unsigned size)
+{
+ SerialState *s = opaque;
+ value &= ~0u >> (32 - (size * 8));
+ serial_ioport_write(s, addr >> s->it_shift, value, 1);
+}
+
+static const MemoryRegionOps serial_mm_ops[3] = {
+ [DEVICE_NATIVE_ENDIAN] = {
+ .read = serial_mm_read,
+ .write = serial_mm_write,
+ .endianness = DEVICE_NATIVE_ENDIAN,
+ },
+ [DEVICE_LITTLE_ENDIAN] = {
+ .read = serial_mm_read,
+ .write = serial_mm_write,
+ .endianness = DEVICE_LITTLE_ENDIAN,
+ },
+ [DEVICE_BIG_ENDIAN] = {
+ .read = serial_mm_read,
+ .write = serial_mm_write,
+ .endianness = DEVICE_BIG_ENDIAN,
+ },
+};
+
+SerialState *serial_mm_init(MemoryRegion *address_space,
+ hwaddr base, int it_shift,
+ qemu_irq irq, int baudbase,
+ CharDriverState *chr, enum device_endian end)
+{
+ SerialState *s;
+ Error *err = NULL;
+
+ s = g_malloc0(sizeof(SerialState));
+
+ s->it_shift = it_shift;
+ s->irq = irq;
+ s->baudbase = baudbase;
+ s->chr = chr;
+
+ serial_realize_core(s, &err);
+ if (err != NULL) {
+ fprintf(stderr, "%s\n", error_get_pretty(err));
+ error_free(err);
+ exit(1);
+ }
+ vmstate_register(NULL, base, &vmstate_serial, s);
+
+ memory_region_init_io(&s->io, NULL, &serial_mm_ops[end], s,
+ "serial", 8 << it_shift);
+ memory_region_add_subregion(address_space, base, &s->io);
+
+ serial_update_msl(s);
+ return s;
+}
diff --git a/hw/char/sh_serial.c b/hw/char/sh_serial.c
new file mode 100644
index 000000000..6223a557b
--- /dev/null
+++ b/hw/char/sh_serial.c
@@ -0,0 +1,410 @@
+/*
+ * QEMU SCI/SCIF serial port emulation
+ *
+ * Copyright (c) 2007 Magnus Damm
+ *
+ * Based on serial.c - QEMU 16450 UART emulation
+ * Copyright (c) 2003-2004 Fabrice Bellard
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+#include "hw/hw.h"
+#include "hw/sh4/sh.h"
+#include "sysemu/char.h"
+#include "exec/address-spaces.h"
+
+//#define DEBUG_SERIAL
+
+#define SH_SERIAL_FLAG_TEND (1 << 0)
+#define SH_SERIAL_FLAG_TDE (1 << 1)
+#define SH_SERIAL_FLAG_RDF (1 << 2)
+#define SH_SERIAL_FLAG_BRK (1 << 3)
+#define SH_SERIAL_FLAG_DR (1 << 4)
+
+#define SH_RX_FIFO_LENGTH (16)
+
+typedef struct {
+ MemoryRegion iomem;
+ MemoryRegion iomem_p4;
+ MemoryRegion iomem_a7;
+ uint8_t smr;
+ uint8_t brr;
+ uint8_t scr;
+ uint8_t dr; /* ftdr / tdr */
+ uint8_t sr; /* fsr / ssr */
+ uint16_t fcr;
+ uint8_t sptr;
+
+ uint8_t rx_fifo[SH_RX_FIFO_LENGTH]; /* frdr / rdr */
+ uint8_t rx_cnt;
+ uint8_t rx_tail;
+ uint8_t rx_head;
+
+ int freq;
+ int feat;
+ int flags;
+ int rtrg;
+
+ CharDriverState *chr;
+
+ qemu_irq eri;
+ qemu_irq rxi;
+ qemu_irq txi;
+ qemu_irq tei;
+ qemu_irq bri;
+} sh_serial_state;
+
+static void sh_serial_clear_fifo(sh_serial_state * s)
+{
+ memset(s->rx_fifo, 0, SH_RX_FIFO_LENGTH);
+ s->rx_cnt = 0;
+ s->rx_head = 0;
+ s->rx_tail = 0;
+}
+
+static void sh_serial_write(void *opaque, hwaddr offs,
+ uint64_t val, unsigned size)
+{
+ sh_serial_state *s = opaque;
+ unsigned char ch;
+
+#ifdef DEBUG_SERIAL
+ printf("sh_serial: write offs=0x%02x val=0x%02x\n",
+ offs, val);
+#endif
+ switch(offs) {
+ case 0x00: /* SMR */
+ s->smr = val & ((s->feat & SH_SERIAL_FEAT_SCIF) ? 0x7b : 0xff);
+ return;
+ case 0x04: /* BRR */
+ s->brr = val;
+ return;
+ case 0x08: /* SCR */
+ /* TODO : For SH7751, SCIF mask should be 0xfb. */
+ s->scr = val & ((s->feat & SH_SERIAL_FEAT_SCIF) ? 0xfa : 0xff);
+ if (!(val & (1 << 5)))
+ s->flags |= SH_SERIAL_FLAG_TEND;
+ if ((s->feat & SH_SERIAL_FEAT_SCIF) && s->txi) {
+ qemu_set_irq(s->txi, val & (1 << 7));
+ }
+ if (!(val & (1 << 6))) {
+ qemu_set_irq(s->rxi, 0);
+ }
+ return;
+ case 0x0c: /* FTDR / TDR */
+ if (s->chr) {
+ ch = val;
+ qemu_chr_fe_write(s->chr, &ch, 1);
+ }
+ s->dr = val;
+ s->flags &= ~SH_SERIAL_FLAG_TDE;
+ return;
+#if 0
+ case 0x14: /* FRDR / RDR */
+ ret = 0;
+ break;
+#endif
+ }
+ if (s->feat & SH_SERIAL_FEAT_SCIF) {
+ switch(offs) {
+ case 0x10: /* FSR */
+ if (!(val & (1 << 6)))
+ s->flags &= ~SH_SERIAL_FLAG_TEND;
+ if (!(val & (1 << 5)))
+ s->flags &= ~SH_SERIAL_FLAG_TDE;
+ if (!(val & (1 << 4)))
+ s->flags &= ~SH_SERIAL_FLAG_BRK;
+ if (!(val & (1 << 1)))
+ s->flags &= ~SH_SERIAL_FLAG_RDF;
+ if (!(val & (1 << 0)))
+ s->flags &= ~SH_SERIAL_FLAG_DR;
+
+ if (!(val & (1 << 1)) || !(val & (1 << 0))) {
+ if (s->rxi) {
+ qemu_set_irq(s->rxi, 0);
+ }
+ }
+ return;
+ case 0x18: /* FCR */
+ s->fcr = val;
+ switch ((val >> 6) & 3) {
+ case 0:
+ s->rtrg = 1;
+ break;
+ case 1:
+ s->rtrg = 4;
+ break;
+ case 2:
+ s->rtrg = 8;
+ break;
+ case 3:
+ s->rtrg = 14;
+ break;
+ }
+ if (val & (1 << 1)) {
+ sh_serial_clear_fifo(s);
+ s->sr &= ~(1 << 1);
+ }
+
+ return;
+ case 0x20: /* SPTR */
+ s->sptr = val & 0xf3;
+ return;
+ case 0x24: /* LSR */
+ return;
+ }
+ }
+ else {
+ switch(offs) {
+#if 0
+ case 0x0c:
+ ret = s->dr;
+ break;
+ case 0x10:
+ ret = 0;
+ break;
+#endif
+ case 0x1c:
+ s->sptr = val & 0x8f;
+ return;
+ }
+ }
+
+ fprintf(stderr, "sh_serial: unsupported write to 0x%02"
+ HWADDR_PRIx "\n", offs);
+ abort();
+}
+
+static uint64_t sh_serial_read(void *opaque, hwaddr offs,
+ unsigned size)
+{
+ sh_serial_state *s = opaque;
+ uint32_t ret = ~0;
+
+#if 0
+ switch(offs) {
+ case 0x00:
+ ret = s->smr;
+ break;
+ case 0x04:
+ ret = s->brr;
+ break;
+ case 0x08:
+ ret = s->scr;
+ break;
+ case 0x14:
+ ret = 0;
+ break;
+ }
+#endif
+ if (s->feat & SH_SERIAL_FEAT_SCIF) {
+ switch(offs) {
+ case 0x00: /* SMR */
+ ret = s->smr;
+ break;
+ case 0x08: /* SCR */
+ ret = s->scr;
+ break;
+ case 0x10: /* FSR */
+ ret = 0;
+ if (s->flags & SH_SERIAL_FLAG_TEND)
+ ret |= (1 << 6);
+ if (s->flags & SH_SERIAL_FLAG_TDE)
+ ret |= (1 << 5);
+ if (s->flags & SH_SERIAL_FLAG_BRK)
+ ret |= (1 << 4);
+ if (s->flags & SH_SERIAL_FLAG_RDF)
+ ret |= (1 << 1);
+ if (s->flags & SH_SERIAL_FLAG_DR)
+ ret |= (1 << 0);
+
+ if (s->scr & (1 << 5))
+ s->flags |= SH_SERIAL_FLAG_TDE | SH_SERIAL_FLAG_TEND;
+
+ break;
+ case 0x14:
+ if (s->rx_cnt > 0) {
+ ret = s->rx_fifo[s->rx_tail++];
+ s->rx_cnt--;
+ if (s->rx_tail == SH_RX_FIFO_LENGTH)
+ s->rx_tail = 0;
+ if (s->rx_cnt < s->rtrg)
+ s->flags &= ~SH_SERIAL_FLAG_RDF;
+ }
+ break;
+#if 0
+ case 0x18:
+ ret = s->fcr;
+ break;
+#endif
+ case 0x1c:
+ ret = s->rx_cnt;
+ break;
+ case 0x20:
+ ret = s->sptr;
+ break;
+ case 0x24:
+ ret = 0;
+ break;
+ }
+ }
+ else {
+ switch(offs) {
+#if 0
+ case 0x0c:
+ ret = s->dr;
+ break;
+ case 0x10:
+ ret = 0;
+ break;
+ case 0x14:
+ ret = s->rx_fifo[0];
+ break;
+#endif
+ case 0x1c:
+ ret = s->sptr;
+ break;
+ }
+ }
+#ifdef DEBUG_SERIAL
+ printf("sh_serial: read offs=0x%02x val=0x%x\n",
+ offs, ret);
+#endif
+
+ if (ret & ~((1 << 16) - 1)) {
+ fprintf(stderr, "sh_serial: unsupported read from 0x%02"
+ HWADDR_PRIx "\n", offs);
+ abort();
+ }
+
+ return ret;
+}
+
+static int sh_serial_can_receive(sh_serial_state *s)
+{
+ return s->scr & (1 << 4);
+}
+
+static void sh_serial_receive_break(sh_serial_state *s)
+{
+ if (s->feat & SH_SERIAL_FEAT_SCIF)
+ s->sr |= (1 << 4);
+}
+
+static int sh_serial_can_receive1(void *opaque)
+{
+ sh_serial_state *s = opaque;
+ return sh_serial_can_receive(s);
+}
+
+static void sh_serial_receive1(void *opaque, const uint8_t *buf, int size)
+{
+ sh_serial_state *s = opaque;
+
+ if (s->feat & SH_SERIAL_FEAT_SCIF) {
+ int i;
+ for (i = 0; i < size; i++) {
+ if (s->rx_cnt < SH_RX_FIFO_LENGTH) {
+ s->rx_fifo[s->rx_head++] = buf[i];
+ if (s->rx_head == SH_RX_FIFO_LENGTH) {
+ s->rx_head = 0;
+ }
+ s->rx_cnt++;
+ if (s->rx_cnt >= s->rtrg) {
+ s->flags |= SH_SERIAL_FLAG_RDF;
+ if (s->scr & (1 << 6) && s->rxi) {
+ qemu_set_irq(s->rxi, 1);
+ }
+ }
+ }
+ }
+ } else {
+ s->rx_fifo[0] = buf[0];
+ }
+}
+
+static void sh_serial_event(void *opaque, int event)
+{
+ sh_serial_state *s = opaque;
+ if (event == CHR_EVENT_BREAK)
+ sh_serial_receive_break(s);
+}
+
+static const MemoryRegionOps sh_serial_ops = {
+ .read = sh_serial_read,
+ .write = sh_serial_write,
+ .endianness = DEVICE_NATIVE_ENDIAN,
+};
+
+void sh_serial_init(MemoryRegion *sysmem,
+ hwaddr base, int feat,
+ uint32_t freq, CharDriverState *chr,
+ qemu_irq eri_source,
+ qemu_irq rxi_source,
+ qemu_irq txi_source,
+ qemu_irq tei_source,
+ qemu_irq bri_source)
+{
+ sh_serial_state *s;
+
+ s = g_malloc0(sizeof(sh_serial_state));
+
+ s->feat = feat;
+ s->flags = SH_SERIAL_FLAG_TEND | SH_SERIAL_FLAG_TDE;
+ s->rtrg = 1;
+
+ s->smr = 0;
+ s->brr = 0xff;
+ s->scr = 1 << 5; /* pretend that TX is enabled so early printk works */
+ s->sptr = 0;
+
+ if (feat & SH_SERIAL_FEAT_SCIF) {
+ s->fcr = 0;
+ }
+ else {
+ s->dr = 0xff;
+ }
+
+ sh_serial_clear_fifo(s);
+
+ memory_region_init_io(&s->iomem, NULL, &sh_serial_ops, s,
+ "serial", 0x100000000ULL);
+
+ memory_region_init_alias(&s->iomem_p4, NULL, "serial-p4", &s->iomem,
+ 0, 0x28);
+ memory_region_add_subregion(sysmem, P4ADDR(base), &s->iomem_p4);
+
+ memory_region_init_alias(&s->iomem_a7, NULL, "serial-a7", &s->iomem,
+ 0, 0x28);
+ memory_region_add_subregion(sysmem, A7ADDR(base), &s->iomem_a7);
+
+ s->chr = chr;
+
+ if (chr) {
+ qemu_chr_fe_claim_no_fail(chr);
+ qemu_chr_add_handlers(chr, sh_serial_can_receive1, sh_serial_receive1,
+ sh_serial_event, s);
+ }
+
+ s->eri = eri_source;
+ s->rxi = rxi_source;
+ s->txi = txi_source;
+ s->tei = tei_source;
+ s->bri = bri_source;
+}
diff --git a/hw/char/spapr_vty.c b/hw/char/spapr_vty.c
new file mode 100644
index 000000000..a7997213b
--- /dev/null
+++ b/hw/char/spapr_vty.c
@@ -0,0 +1,241 @@
+#include "hw/qdev.h"
+#include "sysemu/char.h"
+#include "hw/ppc/spapr.h"
+#include "hw/ppc/spapr_vio.h"
+
+#define VTERM_BUFSIZE 16
+
+typedef struct VIOsPAPRVTYDevice {
+ VIOsPAPRDevice sdev;
+ CharDriverState *chardev;
+ uint32_t in, out;
+ uint8_t buf[VTERM_BUFSIZE];
+} VIOsPAPRVTYDevice;
+
+#define TYPE_VIO_SPAPR_VTY_DEVICE "spapr-vty"
+#define VIO_SPAPR_VTY_DEVICE(obj) \
+ OBJECT_CHECK(VIOsPAPRVTYDevice, (obj), TYPE_VIO_SPAPR_VTY_DEVICE)
+
+static int vty_can_receive(void *opaque)
+{
+ VIOsPAPRVTYDevice *dev = VIO_SPAPR_VTY_DEVICE(opaque);
+
+ return (dev->in - dev->out) < VTERM_BUFSIZE;
+}
+
+static void vty_receive(void *opaque, const uint8_t *buf, int size)
+{
+ VIOsPAPRVTYDevice *dev = VIO_SPAPR_VTY_DEVICE(opaque);
+ int i;
+
+ if ((dev->in == dev->out) && size) {
+ /* toggle line to simulate edge interrupt */
+ qemu_irq_pulse(spapr_vio_qirq(&dev->sdev));
+ }
+ for (i = 0; i < size; i++) {
+ assert((dev->in - dev->out) < VTERM_BUFSIZE);
+ dev->buf[dev->in++ % VTERM_BUFSIZE] = buf[i];
+ }
+}
+
+static int vty_getchars(VIOsPAPRDevice *sdev, uint8_t *buf, int max)
+{
+ VIOsPAPRVTYDevice *dev = VIO_SPAPR_VTY_DEVICE(sdev);
+ int n = 0;
+
+ while ((n < max) && (dev->out != dev->in)) {
+ buf[n++] = dev->buf[dev->out++ % VTERM_BUFSIZE];
+ }
+
+ return n;
+}
+
+void vty_putchars(VIOsPAPRDevice *sdev, uint8_t *buf, int len)
+{
+ VIOsPAPRVTYDevice *dev = VIO_SPAPR_VTY_DEVICE(sdev);
+
+ /* FIXME: should check the qemu_chr_fe_write() return value */
+ qemu_chr_fe_write(dev->chardev, buf, len);
+}
+
+static int spapr_vty_init(VIOsPAPRDevice *sdev)
+{
+ VIOsPAPRVTYDevice *dev = VIO_SPAPR_VTY_DEVICE(sdev);
+
+ if (!dev->chardev) {
+ fprintf(stderr, "spapr-vty: Can't create vty without a chardev!\n");
+ exit(1);
+ }
+
+ qemu_chr_add_handlers(dev->chardev, vty_can_receive,
+ vty_receive, NULL, dev);
+
+ return 0;
+}
+
+/* Forward declaration */
+static target_ulong h_put_term_char(PowerPCCPU *cpu, sPAPREnvironment *spapr,
+ target_ulong opcode, target_ulong *args)
+{
+ target_ulong reg = args[0];
+ target_ulong len = args[1];
+ target_ulong char0_7 = args[2];
+ target_ulong char8_15 = args[3];
+ VIOsPAPRDevice *sdev;
+ uint8_t buf[16];
+
+ sdev = vty_lookup(spapr, reg);
+ if (!sdev) {
+ return H_PARAMETER;
+ }
+
+ if (len > 16) {
+ return H_PARAMETER;
+ }
+
+ *((uint64_t *)buf) = cpu_to_be64(char0_7);
+ *((uint64_t *)buf + 1) = cpu_to_be64(char8_15);
+
+ vty_putchars(sdev, buf, len);
+
+ return H_SUCCESS;
+}
+
+static target_ulong h_get_term_char(PowerPCCPU *cpu, sPAPREnvironment *spapr,
+ target_ulong opcode, target_ulong *args)
+{
+ target_ulong reg = args[0];
+ target_ulong *len = args + 0;
+ target_ulong *char0_7 = args + 1;
+ target_ulong *char8_15 = args + 2;
+ VIOsPAPRDevice *sdev;
+ uint8_t buf[16];
+
+ sdev = vty_lookup(spapr, reg);
+ if (!sdev) {
+ return H_PARAMETER;
+ }
+
+ *len = vty_getchars(sdev, buf, sizeof(buf));
+ if (*len < 16) {
+ memset(buf + *len, 0, 16 - *len);
+ }
+
+ *char0_7 = be64_to_cpu(*((uint64_t *)buf));
+ *char8_15 = be64_to_cpu(*((uint64_t *)buf + 1));
+
+ return H_SUCCESS;
+}
+
+void spapr_vty_create(VIOsPAPRBus *bus, CharDriverState *chardev)
+{
+ DeviceState *dev;
+
+ dev = qdev_create(&bus->bus, "spapr-vty");
+ qdev_prop_set_chr(dev, "chardev", chardev);
+ qdev_init_nofail(dev);
+}
+
+static Property spapr_vty_properties[] = {
+ DEFINE_SPAPR_PROPERTIES(VIOsPAPRVTYDevice, sdev),
+ DEFINE_PROP_CHR("chardev", VIOsPAPRVTYDevice, chardev),
+ DEFINE_PROP_END_OF_LIST(),
+};
+
+static const VMStateDescription vmstate_spapr_vty = {
+ .name = "spapr_vty",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .minimum_version_id_old = 1,
+ .fields = (VMStateField []) {
+ VMSTATE_SPAPR_VIO(sdev, VIOsPAPRVTYDevice),
+
+ VMSTATE_UINT32(in, VIOsPAPRVTYDevice),
+ VMSTATE_UINT32(out, VIOsPAPRVTYDevice),
+ VMSTATE_BUFFER(buf, VIOsPAPRVTYDevice),
+ VMSTATE_END_OF_LIST()
+ },
+};
+
+static void spapr_vty_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ VIOsPAPRDeviceClass *k = VIO_SPAPR_DEVICE_CLASS(klass);
+
+ k->init = spapr_vty_init;
+ k->dt_name = "vty";
+ k->dt_type = "serial";
+ k->dt_compatible = "hvterm1";
+ dc->props = spapr_vty_properties;
+ dc->vmsd = &vmstate_spapr_vty;
+}
+
+static const TypeInfo spapr_vty_info = {
+ .name = TYPE_VIO_SPAPR_VTY_DEVICE,
+ .parent = TYPE_VIO_SPAPR_DEVICE,
+ .instance_size = sizeof(VIOsPAPRVTYDevice),
+ .class_init = spapr_vty_class_init,
+};
+
+VIOsPAPRDevice *spapr_vty_get_default(VIOsPAPRBus *bus)
+{
+ VIOsPAPRDevice *sdev, *selected;
+ BusChild *kid;
+
+ /*
+ * To avoid the console bouncing around we want one VTY to be
+ * the "default". We haven't really got anything to go on, so
+ * arbitrarily choose the one with the lowest reg value.
+ */
+
+ selected = NULL;
+ QTAILQ_FOREACH(kid, &bus->bus.children, sibling) {
+ DeviceState *iter = kid->child;
+
+ /* Only look at VTY devices */
+ if (!object_dynamic_cast(OBJECT(iter), "spapr-vty")) {
+ continue;
+ }
+
+ sdev = VIO_SPAPR_DEVICE(iter);
+
+ /* First VTY we've found, so it is selected for now */
+ if (!selected) {
+ selected = sdev;
+ continue;
+ }
+
+ /* Choose VTY with lowest reg value */
+ if (sdev->reg < selected->reg) {
+ selected = sdev;
+ }
+ }
+
+ return selected;
+}
+
+VIOsPAPRDevice *vty_lookup(sPAPREnvironment *spapr, target_ulong reg)
+{
+ VIOsPAPRDevice *sdev;
+
+ sdev = spapr_vio_find_by_reg(spapr->vio_bus, reg);
+ if (!sdev && reg == 0) {
+ /* Hack for kernel early debug, which always specifies reg==0.
+ * We search all VIO devices, and grab the vty with the lowest
+ * reg. This attempts to mimic existing PowerVM behaviour
+ * (early debug does work there, despite having no vty with
+ * reg==0. */
+ return spapr_vty_get_default(spapr->vio_bus);
+ }
+
+ return sdev;
+}
+
+static void spapr_vty_register_types(void)
+{
+ spapr_register_hypercall(H_PUT_TERM_CHAR, h_put_term_char);
+ spapr_register_hypercall(H_GET_TERM_CHAR, h_get_term_char);
+ type_register_static(&spapr_vty_info);
+}
+
+type_init(spapr_vty_register_types)
diff --git a/hw/char/tpci200.c b/hw/char/tpci200.c
new file mode 100644
index 000000000..d9e17b295
--- /dev/null
+++ b/hw/char/tpci200.c
@@ -0,0 +1,672 @@
+/*
+ * QEMU TEWS TPCI200 IndustryPack carrier emulation
+ *
+ * Copyright (C) 2012 Igalia, S.L.
+ * Author: Alberto Garcia <agarcia@igalia.com>
+ *
+ * This code is licensed under the GNU GPL v2 or (at your option) any
+ * later version.
+ */
+
+#include "ipack.h"
+#include "hw/pci/pci.h"
+#include "qemu/bitops.h"
+#include <stdio.h>
+
+/* #define DEBUG_TPCI */
+
+#ifdef DEBUG_TPCI
+#define DPRINTF(fmt, ...) \
+ do { fprintf(stderr, "TPCI200: " fmt, ## __VA_ARGS__); } while (0)
+#else
+#define DPRINTF(fmt, ...) do { } while (0)
+#endif
+
+#define N_MODULES 4
+
+#define IP_ID_SPACE 2
+#define IP_INT_SPACE 3
+#define IP_IO_SPACE_ADDR_MASK 0x7F
+#define IP_ID_SPACE_ADDR_MASK 0x3F
+#define IP_INT_SPACE_ADDR_MASK 0x3F
+
+#define STATUS_INT(IP, INTNO) BIT((IP) * 2 + (INTNO))
+#define STATUS_TIME(IP) BIT((IP) + 12)
+#define STATUS_ERR_ANY 0xF00
+
+#define CTRL_CLKRATE BIT(0)
+#define CTRL_RECOVER BIT(1)
+#define CTRL_TIME_INT BIT(2)
+#define CTRL_ERR_INT BIT(3)
+#define CTRL_INT_EDGE(INTNO) BIT(4 + (INTNO))
+#define CTRL_INT(INTNO) BIT(6 + (INTNO))
+
+#define REG_REV_ID 0x00
+#define REG_IP_A_CTRL 0x02
+#define REG_IP_B_CTRL 0x04
+#define REG_IP_C_CTRL 0x06
+#define REG_IP_D_CTRL 0x08
+#define REG_RESET 0x0A
+#define REG_STATUS 0x0C
+#define IP_N_FROM_REG(REG) ((REG) / 2 - 1)
+
+typedef struct {
+ PCIDevice dev;
+ IPackBus bus;
+ MemoryRegion mmio;
+ MemoryRegion io;
+ MemoryRegion las0;
+ MemoryRegion las1;
+ MemoryRegion las2;
+ MemoryRegion las3;
+ bool big_endian[3];
+ uint8_t ctrl[N_MODULES];
+ uint16_t status;
+ uint8_t int_set;
+} TPCI200State;
+
+#define TYPE_TPCI200 "tpci200"
+
+#define TPCI200(obj) \
+ OBJECT_CHECK(TPCI200State, (obj), TYPE_TPCI200)
+
+static const uint8_t local_config_regs[] = {
+ 0x00, 0xFF, 0xFF, 0x0F, 0x00, 0xFC, 0xFF, 0x0F, 0x00, 0x00, 0x00,
+ 0x0E, 0x00, 0x00, 0x00, 0x0F, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00,
+ 0x00, 0x08, 0x01, 0x00, 0x00, 0x04, 0x01, 0x00, 0x00, 0x00, 0x01,
+ 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0xA0, 0x60, 0x41, 0xD4,
+ 0xA2, 0x20, 0x41, 0x14, 0xA2, 0x20, 0x41, 0x14, 0xA2, 0x20, 0x01,
+ 0x14, 0x00, 0x00, 0x00, 0x00, 0x81, 0x00, 0x00, 0x08, 0x01, 0x02,
+ 0x00, 0x04, 0x01, 0x00, 0x00, 0x01, 0x01, 0x00, 0x80, 0x02, 0x41,
+ 0x00, 0x00, 0x00, 0x00, 0x40, 0x7A, 0x00, 0x52, 0x92, 0x24, 0x02
+};
+
+static void adjust_addr(bool big_endian, hwaddr *addr, unsigned size)
+{
+ /* During 8 bit access in big endian mode,
+ odd and even addresses are swapped */
+ if (big_endian && size == 1) {
+ *addr ^= 1;
+ }
+}
+
+static uint64_t adjust_value(bool big_endian, uint64_t *val, unsigned size)
+{
+ /* Local spaces only support 8/16 bit access,
+ * so there's no need to care for sizes > 2 */
+ if (big_endian && size == 2) {
+ *val = bswap16(*val);
+ }
+ return *val;
+}
+
+static void tpci200_set_irq(void *opaque, int intno, int level)
+{
+ IPackDevice *ip = opaque;
+ IPackBus *bus = IPACK_BUS(qdev_get_parent_bus(DEVICE(ip)));
+ PCIDevice *pcidev = PCI_DEVICE(BUS(bus)->parent);
+ TPCI200State *dev = TPCI200(pcidev);
+ unsigned ip_n = ip->slot;
+ uint16_t prev_status = dev->status;
+
+ assert(ip->slot >= 0 && ip->slot < N_MODULES);
+
+ /* The requested interrupt must be enabled in the IP CONTROL
+ * register */
+ if (!(dev->ctrl[ip_n] & CTRL_INT(intno))) {
+ return;
+ }
+
+ /* Update the interrupt status in the IP STATUS register */
+ if (level) {
+ dev->status |= STATUS_INT(ip_n, intno);
+ } else {
+ dev->status &= ~STATUS_INT(ip_n, intno);
+ }
+
+ /* Return if there are no changes */
+ if (dev->status == prev_status) {
+ return;
+ }
+
+ DPRINTF("IP %u INT%u#: %u\n", ip_n, intno, level);
+
+ /* Check if the interrupt is edge sensitive */
+ if (dev->ctrl[ip_n] & CTRL_INT_EDGE(intno)) {
+ if (level) {
+ qemu_set_irq(dev->dev.irq[0], !dev->int_set);
+ qemu_set_irq(dev->dev.irq[0], dev->int_set);
+ }
+ } else {
+ unsigned i, j;
+ uint16_t level_status = dev->status;
+
+ /* Check if there are any level sensitive interrupts set by
+ removing the ones that are edge sensitive from the status
+ register */
+ for (i = 0; i < N_MODULES; i++) {
+ for (j = 0; j < 2; j++) {
+ if (dev->ctrl[i] & CTRL_INT_EDGE(j)) {
+ level_status &= ~STATUS_INT(i, j);
+ }
+ }
+ }
+
+ if (level_status && !dev->int_set) {
+ qemu_irq_raise(dev->dev.irq[0]);
+ dev->int_set = 1;
+ } else if (!level_status && dev->int_set) {
+ qemu_irq_lower(dev->dev.irq[0]);
+ dev->int_set = 0;
+ }
+ }
+}
+
+static uint64_t tpci200_read_cfg(void *opaque, hwaddr addr, unsigned size)
+{
+ TPCI200State *s = opaque;
+ uint8_t ret = 0;
+ if (addr < ARRAY_SIZE(local_config_regs)) {
+ ret = local_config_regs[addr];
+ }
+ /* Endianness is stored in the first bit of these registers */
+ if ((addr == 0x2b && s->big_endian[0]) ||
+ (addr == 0x2f && s->big_endian[1]) ||
+ (addr == 0x33 && s->big_endian[2])) {
+ ret |= 1;
+ }
+ DPRINTF("Read from LCR 0x%x: 0x%x\n", (unsigned) addr, (unsigned) ret);
+ return ret;
+}
+
+static void tpci200_write_cfg(void *opaque, hwaddr addr, uint64_t val,
+ unsigned size)
+{
+ TPCI200State *s = opaque;
+ /* Endianness is stored in the first bit of these registers */
+ if (addr == 0x2b || addr == 0x2f || addr == 0x33) {
+ unsigned las = (addr - 0x2b) / 4;
+ s->big_endian[las] = val & 1;
+ DPRINTF("LAS%u big endian mode: %u\n", las, (unsigned) val & 1);
+ } else {
+ DPRINTF("Write to LCR 0x%x: 0x%x\n", (unsigned) addr, (unsigned) val);
+ }
+}
+
+static uint64_t tpci200_read_las0(void *opaque, hwaddr addr, unsigned size)
+{
+ TPCI200State *s = opaque;
+ uint64_t ret = 0;
+
+ switch (addr) {
+
+ case REG_REV_ID:
+ DPRINTF("Read REVISION ID\n"); /* Current value is 0x00 */
+ break;
+
+ case REG_IP_A_CTRL:
+ case REG_IP_B_CTRL:
+ case REG_IP_C_CTRL:
+ case REG_IP_D_CTRL:
+ {
+ unsigned ip_n = IP_N_FROM_REG(addr);
+ ret = s->ctrl[ip_n];
+ DPRINTF("Read IP %c CONTROL: 0x%x\n", 'A' + ip_n, (unsigned) ret);
+ }
+ break;
+
+ case REG_RESET:
+ DPRINTF("Read RESET\n"); /* Not implemented */
+ break;
+
+ case REG_STATUS:
+ ret = s->status;
+ DPRINTF("Read STATUS: 0x%x\n", (unsigned) ret);
+ break;
+
+ /* Reserved */
+ default:
+ DPRINTF("Unsupported read from LAS0 0x%x\n", (unsigned) addr);
+ break;
+ }
+
+ return adjust_value(s->big_endian[0], &ret, size);
+}
+
+static void tpci200_write_las0(void *opaque, hwaddr addr, uint64_t val,
+ unsigned size)
+{
+ TPCI200State *s = opaque;
+
+ adjust_value(s->big_endian[0], &val, size);
+
+ switch (addr) {
+
+ case REG_REV_ID:
+ DPRINTF("Write Revision ID: 0x%x\n", (unsigned) val); /* No effect */
+ break;
+
+ case REG_IP_A_CTRL:
+ case REG_IP_B_CTRL:
+ case REG_IP_C_CTRL:
+ case REG_IP_D_CTRL:
+ {
+ unsigned ip_n = IP_N_FROM_REG(addr);
+ s->ctrl[ip_n] = val;
+ DPRINTF("Write IP %c CONTROL: 0x%x\n", 'A' + ip_n, (unsigned) val);
+ }
+ break;
+
+ case REG_RESET:
+ DPRINTF("Write RESET: 0x%x\n", (unsigned) val); /* Not implemented */
+ break;
+
+ case REG_STATUS:
+ {
+ unsigned i;
+
+ for (i = 0; i < N_MODULES; i++) {
+ IPackDevice *ip = ipack_device_find(&s->bus, i);
+
+ if (ip != NULL) {
+ if (val & STATUS_INT(i, 0)) {
+ DPRINTF("Clear IP %c INT0# status\n", 'A' + i);
+ qemu_irq_lower(ip->irq[0]);
+ }
+ if (val & STATUS_INT(i, 1)) {
+ DPRINTF("Clear IP %c INT1# status\n", 'A' + i);
+ qemu_irq_lower(ip->irq[1]);
+ }
+ }
+
+ if (val & STATUS_TIME(i)) {
+ DPRINTF("Clear IP %c timeout\n", 'A' + i);
+ s->status &= ~STATUS_TIME(i);
+ }
+ }
+
+ if (val & STATUS_ERR_ANY) {
+ DPRINTF("Unexpected write to STATUS register: 0x%x\n",
+ (unsigned) val);
+ }
+ }
+ break;
+
+ /* Reserved */
+ default:
+ DPRINTF("Unsupported write to LAS0 0x%x: 0x%x\n",
+ (unsigned) addr, (unsigned) val);
+ break;
+ }
+}
+
+static uint64_t tpci200_read_las1(void *opaque, hwaddr addr, unsigned size)
+{
+ TPCI200State *s = opaque;
+ IPackDevice *ip;
+ uint64_t ret = 0;
+ unsigned ip_n, space;
+ uint8_t offset;
+
+ adjust_addr(s->big_endian[1], &addr, size);
+
+ /*
+ * The address is divided into the IP module number (0-4), the IP
+ * address space (I/O, ID, INT) and the offset within that space.
+ */
+ ip_n = addr >> 8;
+ space = (addr >> 6) & 3;
+ ip = ipack_device_find(&s->bus, ip_n);
+
+ if (ip == NULL) {
+ DPRINTF("Read LAS1: IP module %u not installed\n", ip_n);
+ } else {
+ IPackDeviceClass *k = IPACK_DEVICE_GET_CLASS(ip);
+ switch (space) {
+
+ case IP_ID_SPACE:
+ offset = addr & IP_ID_SPACE_ADDR_MASK;
+ if (k->id_read) {
+ ret = k->id_read(ip, offset);
+ }
+ break;
+
+ case IP_INT_SPACE:
+ offset = addr & IP_INT_SPACE_ADDR_MASK;
+
+ /* Read address 0 to ACK IP INT0# and address 2 to ACK IP INT1# */
+ if (offset == 0 || offset == 2) {
+ unsigned intno = offset / 2;
+ bool int_set = s->status & STATUS_INT(ip_n, intno);
+ bool int_edge_sensitive = s->ctrl[ip_n] & CTRL_INT_EDGE(intno);
+ if (int_set && !int_edge_sensitive) {
+ qemu_irq_lower(ip->irq[intno]);
+ }
+ }
+
+ if (k->int_read) {
+ ret = k->int_read(ip, offset);
+ }
+ break;
+
+ default:
+ offset = addr & IP_IO_SPACE_ADDR_MASK;
+ if (k->io_read) {
+ ret = k->io_read(ip, offset);
+ }
+ break;
+ }
+ }
+
+ return adjust_value(s->big_endian[1], &ret, size);
+}
+
+static void tpci200_write_las1(void *opaque, hwaddr addr, uint64_t val,
+ unsigned size)
+{
+ TPCI200State *s = opaque;
+ IPackDevice *ip;
+ unsigned ip_n, space;
+ uint8_t offset;
+
+ adjust_addr(s->big_endian[1], &addr, size);
+ adjust_value(s->big_endian[1], &val, size);
+
+ /*
+ * The address is divided into the IP module number, the IP
+ * address space (I/O, ID, INT) and the offset within that space.
+ */
+ ip_n = addr >> 8;
+ space = (addr >> 6) & 3;
+ ip = ipack_device_find(&s->bus, ip_n);
+
+ if (ip == NULL) {
+ DPRINTF("Write LAS1: IP module %u not installed\n", ip_n);
+ } else {
+ IPackDeviceClass *k = IPACK_DEVICE_GET_CLASS(ip);
+ switch (space) {
+
+ case IP_ID_SPACE:
+ offset = addr & IP_ID_SPACE_ADDR_MASK;
+ if (k->id_write) {
+ k->id_write(ip, offset, val);
+ }
+ break;
+
+ case IP_INT_SPACE:
+ offset = addr & IP_INT_SPACE_ADDR_MASK;
+ if (k->int_write) {
+ k->int_write(ip, offset, val);
+ }
+ break;
+
+ default:
+ offset = addr & IP_IO_SPACE_ADDR_MASK;
+ if (k->io_write) {
+ k->io_write(ip, offset, val);
+ }
+ break;
+ }
+ }
+}
+
+static uint64_t tpci200_read_las2(void *opaque, hwaddr addr, unsigned size)
+{
+ TPCI200State *s = opaque;
+ IPackDevice *ip;
+ uint64_t ret = 0;
+ unsigned ip_n;
+ uint32_t offset;
+
+ adjust_addr(s->big_endian[2], &addr, size);
+
+ /*
+ * The address is divided into the IP module number and the offset
+ * within the IP module MEM space.
+ */
+ ip_n = addr >> 23;
+ offset = addr & 0x7fffff;
+ ip = ipack_device_find(&s->bus, ip_n);
+
+ if (ip == NULL) {
+ DPRINTF("Read LAS2: IP module %u not installed\n", ip_n);
+ } else {
+ IPackDeviceClass *k = IPACK_DEVICE_GET_CLASS(ip);
+ if (k->mem_read16) {
+ ret = k->mem_read16(ip, offset);
+ }
+ }
+
+ return adjust_value(s->big_endian[2], &ret, size);
+}
+
+static void tpci200_write_las2(void *opaque, hwaddr addr, uint64_t val,
+ unsigned size)
+{
+ TPCI200State *s = opaque;
+ IPackDevice *ip;
+ unsigned ip_n;
+ uint32_t offset;
+
+ adjust_addr(s->big_endian[2], &addr, size);
+ adjust_value(s->big_endian[2], &val, size);
+
+ /*
+ * The address is divided into the IP module number and the offset
+ * within the IP module MEM space.
+ */
+ ip_n = addr >> 23;
+ offset = addr & 0x7fffff;
+ ip = ipack_device_find(&s->bus, ip_n);
+
+ if (ip == NULL) {
+ DPRINTF("Write LAS2: IP module %u not installed\n", ip_n);
+ } else {
+ IPackDeviceClass *k = IPACK_DEVICE_GET_CLASS(ip);
+ if (k->mem_write16) {
+ k->mem_write16(ip, offset, val);
+ }
+ }
+}
+
+static uint64_t tpci200_read_las3(void *opaque, hwaddr addr, unsigned size)
+{
+ TPCI200State *s = opaque;
+ IPackDevice *ip;
+ uint64_t ret = 0;
+ /*
+ * The address is divided into the IP module number and the offset
+ * within the IP module MEM space.
+ */
+ unsigned ip_n = addr >> 22;
+ uint32_t offset = addr & 0x3fffff;
+
+ ip = ipack_device_find(&s->bus, ip_n);
+
+ if (ip == NULL) {
+ DPRINTF("Read LAS3: IP module %u not installed\n", ip_n);
+ } else {
+ IPackDeviceClass *k = IPACK_DEVICE_GET_CLASS(ip);
+ if (k->mem_read8) {
+ ret = k->mem_read8(ip, offset);
+ }
+ }
+
+ return ret;
+}
+
+static void tpci200_write_las3(void *opaque, hwaddr addr, uint64_t val,
+ unsigned size)
+{
+ TPCI200State *s = opaque;
+ IPackDevice *ip;
+ /*
+ * The address is divided into the IP module number and the offset
+ * within the IP module MEM space.
+ */
+ unsigned ip_n = addr >> 22;
+ uint32_t offset = addr & 0x3fffff;
+
+ ip = ipack_device_find(&s->bus, ip_n);
+
+ if (ip == NULL) {
+ DPRINTF("Write LAS3: IP module %u not installed\n", ip_n);
+ } else {
+ IPackDeviceClass *k = IPACK_DEVICE_GET_CLASS(ip);
+ if (k->mem_write8) {
+ k->mem_write8(ip, offset, val);
+ }
+ }
+}
+
+static const MemoryRegionOps tpci200_cfg_ops = {
+ .read = tpci200_read_cfg,
+ .write = tpci200_write_cfg,
+ .endianness = DEVICE_NATIVE_ENDIAN,
+ .valid = {
+ .min_access_size = 1,
+ .max_access_size = 4
+ },
+ .impl = {
+ .min_access_size = 1,
+ .max_access_size = 1
+ }
+};
+
+static const MemoryRegionOps tpci200_las0_ops = {
+ .read = tpci200_read_las0,
+ .write = tpci200_write_las0,
+ .endianness = DEVICE_NATIVE_ENDIAN,
+ .valid = {
+ .min_access_size = 2,
+ .max_access_size = 2
+ }
+};
+
+static const MemoryRegionOps tpci200_las1_ops = {
+ .read = tpci200_read_las1,
+ .write = tpci200_write_las1,
+ .endianness = DEVICE_NATIVE_ENDIAN,
+ .valid = {
+ .min_access_size = 1,
+ .max_access_size = 2
+ }
+};
+
+static const MemoryRegionOps tpci200_las2_ops = {
+ .read = tpci200_read_las2,
+ .write = tpci200_write_las2,
+ .endianness = DEVICE_NATIVE_ENDIAN,
+ .valid = {
+ .min_access_size = 1,
+ .max_access_size = 2
+ }
+};
+
+static const MemoryRegionOps tpci200_las3_ops = {
+ .read = tpci200_read_las3,
+ .write = tpci200_write_las3,
+ .endianness = DEVICE_NATIVE_ENDIAN,
+ .valid = {
+ .min_access_size = 1,
+ .max_access_size = 1
+ }
+};
+
+static int tpci200_initfn(PCIDevice *pci_dev)
+{
+ TPCI200State *s = TPCI200(pci_dev);
+ uint8_t *c = s->dev.config;
+
+ pci_set_word(c + PCI_COMMAND, 0x0003);
+ pci_set_word(c + PCI_STATUS, 0x0280);
+
+ pci_set_byte(c + PCI_INTERRUPT_PIN, 0x01); /* Interrupt pin A */
+
+ pci_set_byte(c + PCI_CAPABILITY_LIST, 0x40);
+ pci_set_long(c + 0x40, 0x48014801);
+ pci_set_long(c + 0x48, 0x00024C06);
+ pci_set_long(c + 0x4C, 0x00000003);
+
+ memory_region_init_io(&s->mmio, OBJECT(s), &tpci200_cfg_ops,
+ s, "tpci200_mmio", 128);
+ memory_region_init_io(&s->io, OBJECT(s), &tpci200_cfg_ops,
+ s, "tpci200_io", 128);
+ memory_region_init_io(&s->las0, OBJECT(s), &tpci200_las0_ops,
+ s, "tpci200_las0", 256);
+ memory_region_init_io(&s->las1, OBJECT(s), &tpci200_las1_ops,
+ s, "tpci200_las1", 1024);
+ memory_region_init_io(&s->las2, OBJECT(s), &tpci200_las2_ops,
+ s, "tpci200_las2", 1024*1024*32);
+ memory_region_init_io(&s->las3, OBJECT(s), &tpci200_las3_ops,
+ s, "tpci200_las3", 1024*1024*16);
+ pci_register_bar(&s->dev, 0, PCI_BASE_ADDRESS_SPACE_MEMORY, &s->mmio);
+ pci_register_bar(&s->dev, 1, PCI_BASE_ADDRESS_SPACE_IO, &s->io);
+ pci_register_bar(&s->dev, 2, PCI_BASE_ADDRESS_SPACE_MEMORY, &s->las0);
+ pci_register_bar(&s->dev, 3, PCI_BASE_ADDRESS_SPACE_MEMORY, &s->las1);
+ pci_register_bar(&s->dev, 4, PCI_BASE_ADDRESS_SPACE_MEMORY, &s->las2);
+ pci_register_bar(&s->dev, 5, PCI_BASE_ADDRESS_SPACE_MEMORY, &s->las3);
+
+ ipack_bus_new_inplace(&s->bus, DEVICE(&s->dev), NULL,
+ N_MODULES, tpci200_set_irq);
+
+ return 0;
+}
+
+static void tpci200_exitfn(PCIDevice *pci_dev)
+{
+ TPCI200State *s = TPCI200(pci_dev);
+
+ memory_region_destroy(&s->mmio);
+ memory_region_destroy(&s->io);
+ memory_region_destroy(&s->las0);
+ memory_region_destroy(&s->las1);
+ memory_region_destroy(&s->las2);
+ memory_region_destroy(&s->las3);
+}
+
+static const VMStateDescription vmstate_tpci200 = {
+ .name = "tpci200",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .minimum_version_id_old = 1,
+ .fields = (VMStateField[]) {
+ VMSTATE_PCI_DEVICE(dev, TPCI200State),
+ VMSTATE_BOOL_ARRAY(big_endian, TPCI200State, 3),
+ VMSTATE_UINT8_ARRAY(ctrl, TPCI200State, N_MODULES),
+ VMSTATE_UINT16(status, TPCI200State),
+ VMSTATE_UINT8(int_set, TPCI200State),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+static void tpci200_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ PCIDeviceClass *k = PCI_DEVICE_CLASS(klass);
+
+ k->init = tpci200_initfn;
+ k->exit = tpci200_exitfn;
+ k->vendor_id = PCI_VENDOR_ID_TEWS;
+ k->device_id = PCI_DEVICE_ID_TEWS_TPCI200;
+ k->class_id = PCI_CLASS_BRIDGE_OTHER;
+ k->subsystem_vendor_id = PCI_VENDOR_ID_TEWS;
+ k->subsystem_id = 0x300A;
+ set_bit(DEVICE_CATEGORY_INPUT, dc->categories);
+ dc->desc = "TEWS TPCI200 IndustryPack carrier";
+ dc->vmsd = &vmstate_tpci200;
+}
+
+static const TypeInfo tpci200_info = {
+ .name = TYPE_TPCI200,
+ .parent = TYPE_PCI_DEVICE,
+ .instance_size = sizeof(TPCI200State),
+ .class_init = tpci200_class_init,
+};
+
+static void tpci200_register_types(void)
+{
+ type_register_static(&tpci200_info);
+}
+
+type_init(tpci200_register_types)
diff --git a/hw/char/virtio-console.c b/hw/char/virtio-console.c
new file mode 100644
index 000000000..2e00ad2a7
--- /dev/null
+++ b/hw/char/virtio-console.c
@@ -0,0 +1,207 @@
+/*
+ * Virtio Console and Generic Serial Port Devices
+ *
+ * Copyright Red Hat, Inc. 2009, 2010
+ *
+ * Authors:
+ * Amit Shah <amit.shah@redhat.com>
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2. See
+ * the COPYING file in the top-level directory.
+ */
+
+#include "sysemu/char.h"
+#include "qemu/error-report.h"
+#include "trace.h"
+#include "hw/virtio/virtio-serial.h"
+
+typedef struct VirtConsole {
+ VirtIOSerialPort port;
+ CharDriverState *chr;
+ guint watch;
+} VirtConsole;
+
+/*
+ * Callback function that's called from chardevs when backend becomes
+ * writable.
+ */
+static gboolean chr_write_unblocked(GIOChannel *chan, GIOCondition cond,
+ void *opaque)
+{
+ VirtConsole *vcon = opaque;
+
+ vcon->watch = 0;
+ virtio_serial_throttle_port(&vcon->port, false);
+ return FALSE;
+}
+
+/* Callback function that's called when the guest sends us data */
+static ssize_t flush_buf(VirtIOSerialPort *port,
+ const uint8_t *buf, ssize_t len)
+{
+ VirtConsole *vcon = DO_UPCAST(VirtConsole, port, port);
+ ssize_t ret;
+
+ if (!vcon->chr) {
+ /* If there's no backend, we can just say we consumed all data. */
+ return len;
+ }
+
+ ret = qemu_chr_fe_write(vcon->chr, buf, len);
+ trace_virtio_console_flush_buf(port->id, len, ret);
+
+ if (ret < len) {
+ VirtIOSerialPortClass *k = VIRTIO_SERIAL_PORT_GET_CLASS(port);
+
+ /*
+ * Ideally we'd get a better error code than just -1, but
+ * that's what the chardev interface gives us right now. If
+ * we had a finer-grained message, like -EPIPE, we could close
+ * this connection.
+ */
+ if (ret < 0)
+ ret = 0;
+ if (!k->is_console) {
+ virtio_serial_throttle_port(port, true);
+ if (!vcon->watch) {
+ vcon->watch = qemu_chr_fe_add_watch(vcon->chr, G_IO_OUT,
+ chr_write_unblocked, vcon);
+ }
+ }
+ }
+ return ret;
+}
+
+/* Callback function that's called when the guest opens/closes the port */
+static void set_guest_connected(VirtIOSerialPort *port, int guest_connected)
+{
+ VirtConsole *vcon = DO_UPCAST(VirtConsole, port, port);
+
+ if (!vcon->chr) {
+ return;
+ }
+ qemu_chr_fe_set_open(vcon->chr, guest_connected);
+}
+
+/* Readiness of the guest to accept data on a port */
+static int chr_can_read(void *opaque)
+{
+ VirtConsole *vcon = opaque;
+
+ return virtio_serial_guest_ready(&vcon->port);
+}
+
+/* Send data from a char device over to the guest */
+static void chr_read(void *opaque, const uint8_t *buf, int size)
+{
+ VirtConsole *vcon = opaque;
+
+ trace_virtio_console_chr_read(vcon->port.id, size);
+ virtio_serial_write(&vcon->port, buf, size);
+}
+
+static void chr_event(void *opaque, int event)
+{
+ VirtConsole *vcon = opaque;
+
+ trace_virtio_console_chr_event(vcon->port.id, event);
+ switch (event) {
+ case CHR_EVENT_OPENED:
+ virtio_serial_open(&vcon->port);
+ break;
+ case CHR_EVENT_CLOSED:
+ if (vcon->watch) {
+ g_source_remove(vcon->watch);
+ vcon->watch = 0;
+ }
+ virtio_serial_close(&vcon->port);
+ break;
+ }
+}
+
+static int virtconsole_initfn(VirtIOSerialPort *port)
+{
+ VirtConsole *vcon = DO_UPCAST(VirtConsole, port, port);
+ VirtIOSerialPortClass *k = VIRTIO_SERIAL_PORT_GET_CLASS(port);
+
+ if (port->id == 0 && !k->is_console) {
+ error_report("Port number 0 on virtio-serial devices reserved for virtconsole devices for backward compatibility.");
+ return -1;
+ }
+
+ if (vcon->chr) {
+ vcon->chr->explicit_fe_open = 1;
+ qemu_chr_add_handlers(vcon->chr, chr_can_read, chr_read, chr_event,
+ vcon);
+ }
+
+ return 0;
+}
+
+static int virtconsole_exitfn(VirtIOSerialPort *port)
+{
+ VirtConsole *vcon = DO_UPCAST(VirtConsole, port, port);
+
+ if (vcon->watch) {
+ g_source_remove(vcon->watch);
+ }
+
+ return 0;
+}
+
+static Property virtconsole_properties[] = {
+ DEFINE_PROP_CHR("chardev", VirtConsole, chr),
+ DEFINE_PROP_END_OF_LIST(),
+};
+
+static void virtconsole_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ VirtIOSerialPortClass *k = VIRTIO_SERIAL_PORT_CLASS(klass);
+
+ k->is_console = true;
+ k->init = virtconsole_initfn;
+ k->exit = virtconsole_exitfn;
+ k->have_data = flush_buf;
+ k->set_guest_connected = set_guest_connected;
+ dc->props = virtconsole_properties;
+}
+
+static const TypeInfo virtconsole_info = {
+ .name = "virtconsole",
+ .parent = TYPE_VIRTIO_SERIAL_PORT,
+ .instance_size = sizeof(VirtConsole),
+ .class_init = virtconsole_class_init,
+};
+
+static Property virtserialport_properties[] = {
+ DEFINE_PROP_CHR("chardev", VirtConsole, chr),
+ DEFINE_PROP_END_OF_LIST(),
+};
+
+static void virtserialport_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ VirtIOSerialPortClass *k = VIRTIO_SERIAL_PORT_CLASS(klass);
+
+ k->init = virtconsole_initfn;
+ k->exit = virtconsole_exitfn;
+ k->have_data = flush_buf;
+ k->set_guest_connected = set_guest_connected;
+ dc->props = virtserialport_properties;
+}
+
+static const TypeInfo virtserialport_info = {
+ .name = "virtserialport",
+ .parent = TYPE_VIRTIO_SERIAL_PORT,
+ .instance_size = sizeof(VirtConsole),
+ .class_init = virtserialport_class_init,
+};
+
+static void virtconsole_register_types(void)
+{
+ type_register_static(&virtconsole_info);
+ type_register_static(&virtserialport_info);
+}
+
+type_init(virtconsole_register_types)
diff --git a/hw/char/virtio-serial-bus.c b/hw/char/virtio-serial-bus.c
new file mode 100644
index 000000000..da417c701
--- /dev/null
+++ b/hw/char/virtio-serial-bus.c
@@ -0,0 +1,1044 @@
+/*
+ * A bus for connecting virtio serial and console ports
+ *
+ * Copyright (C) 2009, 2010 Red Hat, Inc.
+ *
+ * Author(s):
+ * Amit Shah <amit.shah@redhat.com>
+ *
+ * Some earlier parts are:
+ * Copyright IBM, Corp. 2008
+ * authored by
+ * Christian Ehrhardt <ehrhardt@linux.vnet.ibm.com>
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2. See
+ * the COPYING file in the top-level directory.
+ *
+ * Contributions after 2012-01-13 are licensed under the terms of the
+ * GNU GPL, version 2 or (at your option) any later version.
+ */
+
+#include "qemu/iov.h"
+#include "monitor/monitor.h"
+#include "qemu/queue.h"
+#include "hw/sysbus.h"
+#include "trace.h"
+#include "hw/virtio/virtio-serial.h"
+
+static VirtIOSerialPort *find_port_by_id(VirtIOSerial *vser, uint32_t id)
+{
+ VirtIOSerialPort *port;
+
+ if (id == VIRTIO_CONSOLE_BAD_ID) {
+ return NULL;
+ }
+
+ QTAILQ_FOREACH(port, &vser->ports, next) {
+ if (port->id == id)
+ return port;
+ }
+ return NULL;
+}
+
+static VirtIOSerialPort *find_port_by_vq(VirtIOSerial *vser, VirtQueue *vq)
+{
+ VirtIOSerialPort *port;
+
+ QTAILQ_FOREACH(port, &vser->ports, next) {
+ if (port->ivq == vq || port->ovq == vq)
+ return port;
+ }
+ return NULL;
+}
+
+static bool use_multiport(VirtIOSerial *vser)
+{
+ VirtIODevice *vdev = VIRTIO_DEVICE(vser);
+ return vdev->guest_features & (1 << VIRTIO_CONSOLE_F_MULTIPORT);
+}
+
+static size_t write_to_port(VirtIOSerialPort *port,
+ const uint8_t *buf, size_t size)
+{
+ VirtQueueElement elem;
+ VirtQueue *vq;
+ size_t offset;
+
+ vq = port->ivq;
+ if (!virtio_queue_ready(vq)) {
+ return 0;
+ }
+
+ offset = 0;
+ while (offset < size) {
+ size_t len;
+
+ if (!virtqueue_pop(vq, &elem)) {
+ break;
+ }
+
+ len = iov_from_buf(elem.in_sg, elem.in_num, 0,
+ buf + offset, size - offset);
+ offset += len;
+
+ virtqueue_push(vq, &elem, len);
+ }
+
+ virtio_notify(VIRTIO_DEVICE(port->vser), vq);
+ return offset;
+}
+
+static void discard_vq_data(VirtQueue *vq, VirtIODevice *vdev)
+{
+ VirtQueueElement elem;
+
+ if (!virtio_queue_ready(vq)) {
+ return;
+ }
+ while (virtqueue_pop(vq, &elem)) {
+ virtqueue_push(vq, &elem, 0);
+ }
+ virtio_notify(vdev, vq);
+}
+
+static void do_flush_queued_data(VirtIOSerialPort *port, VirtQueue *vq,
+ VirtIODevice *vdev)
+{
+ VirtIOSerialPortClass *vsc;
+
+ assert(port);
+ assert(virtio_queue_ready(vq));
+
+ vsc = VIRTIO_SERIAL_PORT_GET_CLASS(port);
+
+ while (!port->throttled) {
+ unsigned int i;
+
+ /* Pop an elem only if we haven't left off a previous one mid-way */
+ if (!port->elem.out_num) {
+ if (!virtqueue_pop(vq, &port->elem)) {
+ break;
+ }
+ port->iov_idx = 0;
+ port->iov_offset = 0;
+ }
+
+ for (i = port->iov_idx; i < port->elem.out_num; i++) {
+ size_t buf_size;
+ ssize_t ret;
+
+ buf_size = port->elem.out_sg[i].iov_len - port->iov_offset;
+ ret = vsc->have_data(port,
+ port->elem.out_sg[i].iov_base
+ + port->iov_offset,
+ buf_size);
+ if (port->throttled) {
+ port->iov_idx = i;
+ if (ret > 0) {
+ port->iov_offset += ret;
+ }
+ break;
+ }
+ port->iov_offset = 0;
+ }
+ if (port->throttled) {
+ break;
+ }
+ virtqueue_push(vq, &port->elem, 0);
+ port->elem.out_num = 0;
+ }
+ virtio_notify(vdev, vq);
+}
+
+static void flush_queued_data(VirtIOSerialPort *port)
+{
+ assert(port);
+
+ if (!virtio_queue_ready(port->ovq)) {
+ return;
+ }
+ do_flush_queued_data(port, port->ovq, VIRTIO_DEVICE(port->vser));
+}
+
+static size_t send_control_msg(VirtIOSerial *vser, void *buf, size_t len)
+{
+ VirtQueueElement elem;
+ VirtQueue *vq;
+
+ vq = vser->c_ivq;
+ if (!virtio_queue_ready(vq)) {
+ return 0;
+ }
+ if (!virtqueue_pop(vq, &elem)) {
+ return 0;
+ }
+
+ memcpy(elem.in_sg[0].iov_base, buf, len);
+
+ virtqueue_push(vq, &elem, len);
+ virtio_notify(VIRTIO_DEVICE(vser), vq);
+ return len;
+}
+
+static size_t send_control_event(VirtIOSerial *vser, uint32_t port_id,
+ uint16_t event, uint16_t value)
+{
+ struct virtio_console_control cpkt;
+
+ stl_p(&cpkt.id, port_id);
+ stw_p(&cpkt.event, event);
+ stw_p(&cpkt.value, value);
+
+ trace_virtio_serial_send_control_event(port_id, event, value);
+ return send_control_msg(vser, &cpkt, sizeof(cpkt));
+}
+
+/* Functions for use inside qemu to open and read from/write to ports */
+int virtio_serial_open(VirtIOSerialPort *port)
+{
+ /* Don't allow opening an already-open port */
+ if (port->host_connected) {
+ return 0;
+ }
+ /* Send port open notification to the guest */
+ port->host_connected = true;
+ send_control_event(port->vser, port->id, VIRTIO_CONSOLE_PORT_OPEN, 1);
+
+ return 0;
+}
+
+int virtio_serial_close(VirtIOSerialPort *port)
+{
+ port->host_connected = false;
+ /*
+ * If there's any data the guest sent which the app didn't
+ * consume, reset the throttling flag and discard the data.
+ */
+ port->throttled = false;
+ discard_vq_data(port->ovq, VIRTIO_DEVICE(port->vser));
+
+ send_control_event(port->vser, port->id, VIRTIO_CONSOLE_PORT_OPEN, 0);
+
+ return 0;
+}
+
+/* Individual ports/apps call this function to write to the guest. */
+ssize_t virtio_serial_write(VirtIOSerialPort *port, const uint8_t *buf,
+ size_t size)
+{
+ if (!port || !port->host_connected || !port->guest_connected) {
+ return 0;
+ }
+ return write_to_port(port, buf, size);
+}
+
+/*
+ * Readiness of the guest to accept data on a port.
+ * Returns max. data the guest can receive
+ */
+size_t virtio_serial_guest_ready(VirtIOSerialPort *port)
+{
+ VirtIODevice *vdev = VIRTIO_DEVICE(port->vser);
+ VirtQueue *vq = port->ivq;
+ unsigned int bytes;
+
+ if (!virtio_queue_ready(vq) ||
+ !(vdev->status & VIRTIO_CONFIG_S_DRIVER_OK) ||
+ virtio_queue_empty(vq)) {
+ return 0;
+ }
+ if (use_multiport(port->vser) && !port->guest_connected) {
+ return 0;
+ }
+ virtqueue_get_avail_bytes(vq, &bytes, NULL, 4096, 0);
+ return bytes;
+}
+
+static void flush_queued_data_bh(void *opaque)
+{
+ VirtIOSerialPort *port = opaque;
+
+ flush_queued_data(port);
+}
+
+void virtio_serial_throttle_port(VirtIOSerialPort *port, bool throttle)
+{
+ if (!port) {
+ return;
+ }
+
+ trace_virtio_serial_throttle_port(port->id, throttle);
+ port->throttled = throttle;
+ if (throttle) {
+ return;
+ }
+ qemu_bh_schedule(port->bh);
+}
+
+/* Guest wants to notify us of some event */
+static void handle_control_message(VirtIOSerial *vser, void *buf, size_t len)
+{
+ struct VirtIOSerialPort *port;
+ VirtIOSerialPortClass *vsc;
+ struct virtio_console_control cpkt, *gcpkt;
+ uint8_t *buffer;
+ size_t buffer_len;
+
+ gcpkt = buf;
+
+ if (len < sizeof(cpkt)) {
+ /* The guest sent an invalid control packet */
+ return;
+ }
+
+ cpkt.event = lduw_p(&gcpkt->event);
+ cpkt.value = lduw_p(&gcpkt->value);
+
+ trace_virtio_serial_handle_control_message(cpkt.event, cpkt.value);
+
+ if (cpkt.event == VIRTIO_CONSOLE_DEVICE_READY) {
+ if (!cpkt.value) {
+ error_report("virtio-serial-bus: Guest failure in adding device %s",
+ vser->bus.qbus.name);
+ return;
+ }
+ /*
+ * The device is up, we can now tell the device about all the
+ * ports we have here.
+ */
+ QTAILQ_FOREACH(port, &vser->ports, next) {
+ send_control_event(vser, port->id, VIRTIO_CONSOLE_PORT_ADD, 1);
+ }
+ return;
+ }
+
+ port = find_port_by_id(vser, ldl_p(&gcpkt->id));
+ if (!port) {
+ error_report("virtio-serial-bus: Unexpected port id %u for device %s",
+ ldl_p(&gcpkt->id), vser->bus.qbus.name);
+ return;
+ }
+
+ trace_virtio_serial_handle_control_message_port(port->id);
+
+ vsc = VIRTIO_SERIAL_PORT_GET_CLASS(port);
+
+ switch(cpkt.event) {
+ case VIRTIO_CONSOLE_PORT_READY:
+ if (!cpkt.value) {
+ error_report("virtio-serial-bus: Guest failure in adding port %u for device %s",
+ port->id, vser->bus.qbus.name);
+ break;
+ }
+ /*
+ * Now that we know the guest asked for the port name, we're
+ * sure the guest has initialised whatever state is necessary
+ * for this port. Now's a good time to let the guest know if
+ * this port is a console port so that the guest can hook it
+ * up to hvc.
+ */
+ if (vsc->is_console) {
+ send_control_event(vser, port->id, VIRTIO_CONSOLE_CONSOLE_PORT, 1);
+ }
+
+ if (port->name) {
+ stl_p(&cpkt.id, port->id);
+ stw_p(&cpkt.event, VIRTIO_CONSOLE_PORT_NAME);
+ stw_p(&cpkt.value, 1);
+
+ buffer_len = sizeof(cpkt) + strlen(port->name) + 1;
+ buffer = g_malloc(buffer_len);
+
+ memcpy(buffer, &cpkt, sizeof(cpkt));
+ memcpy(buffer + sizeof(cpkt), port->name, strlen(port->name));
+ buffer[buffer_len - 1] = 0;
+
+ send_control_msg(vser, buffer, buffer_len);
+ g_free(buffer);
+ }
+
+ if (port->host_connected) {
+ send_control_event(vser, port->id, VIRTIO_CONSOLE_PORT_OPEN, 1);
+ }
+
+ /*
+ * When the guest has asked us for this information it means
+ * the guest is all setup and has its virtqueues
+ * initialised. If some app is interested in knowing about
+ * this event, let it know.
+ */
+ if (vsc->guest_ready) {
+ vsc->guest_ready(port);
+ }
+ break;
+
+ case VIRTIO_CONSOLE_PORT_OPEN:
+ port->guest_connected = cpkt.value;
+ if (vsc->set_guest_connected) {
+ /* Send the guest opened notification if an app is interested */
+ vsc->set_guest_connected(port, cpkt.value);
+ }
+ break;
+ }
+}
+
+static void control_in(VirtIODevice *vdev, VirtQueue *vq)
+{
+}
+
+static void control_out(VirtIODevice *vdev, VirtQueue *vq)
+{
+ VirtQueueElement elem;
+ VirtIOSerial *vser;
+ uint8_t *buf;
+ size_t len;
+
+ vser = VIRTIO_SERIAL(vdev);
+
+ len = 0;
+ buf = NULL;
+ while (virtqueue_pop(vq, &elem)) {
+ size_t cur_len;
+
+ cur_len = iov_size(elem.out_sg, elem.out_num);
+ /*
+ * Allocate a new buf only if we didn't have one previously or
+ * if the size of the buf differs
+ */
+ if (cur_len > len) {
+ g_free(buf);
+
+ buf = g_malloc(cur_len);
+ len = cur_len;
+ }
+ iov_to_buf(elem.out_sg, elem.out_num, 0, buf, cur_len);
+
+ handle_control_message(vser, buf, cur_len);
+ virtqueue_push(vq, &elem, 0);
+ }
+ g_free(buf);
+ virtio_notify(vdev, vq);
+}
+
+/* Guest wrote something to some port. */
+static void handle_output(VirtIODevice *vdev, VirtQueue *vq)
+{
+ VirtIOSerial *vser;
+ VirtIOSerialPort *port;
+
+ vser = VIRTIO_SERIAL(vdev);
+ port = find_port_by_vq(vser, vq);
+
+ if (!port || !port->host_connected) {
+ discard_vq_data(vq, vdev);
+ return;
+ }
+
+ if (!port->throttled) {
+ do_flush_queued_data(port, vq, vdev);
+ return;
+ }
+}
+
+static void handle_input(VirtIODevice *vdev, VirtQueue *vq)
+{
+}
+
+static uint32_t get_features(VirtIODevice *vdev, uint32_t features)
+{
+ VirtIOSerial *vser;
+
+ vser = VIRTIO_SERIAL(vdev);
+
+ if (vser->bus.max_nr_ports > 1) {
+ features |= (1 << VIRTIO_CONSOLE_F_MULTIPORT);
+ }
+ return features;
+}
+
+/* Guest requested config info */
+static void get_config(VirtIODevice *vdev, uint8_t *config_data)
+{
+ VirtIOSerial *vser;
+
+ vser = VIRTIO_SERIAL(vdev);
+ memcpy(config_data, &vser->config, sizeof(struct virtio_console_config));
+}
+
+static void set_config(VirtIODevice *vdev, const uint8_t *config_data)
+{
+ struct virtio_console_config config;
+
+ memcpy(&config, config_data, sizeof(config));
+}
+
+static void guest_reset(VirtIOSerial *vser)
+{
+ VirtIOSerialPort *port;
+ VirtIOSerialPortClass *vsc;
+
+ QTAILQ_FOREACH(port, &vser->ports, next) {
+ vsc = VIRTIO_SERIAL_PORT_GET_CLASS(port);
+ if (port->guest_connected) {
+ port->guest_connected = false;
+ if (vsc->set_guest_connected) {
+ vsc->set_guest_connected(port, false);
+ }
+ }
+ }
+}
+
+static void set_status(VirtIODevice *vdev, uint8_t status)
+{
+ VirtIOSerial *vser;
+ VirtIOSerialPort *port;
+
+ vser = VIRTIO_SERIAL(vdev);
+ port = find_port_by_id(vser, 0);
+
+ if (port && !use_multiport(port->vser)
+ && (status & VIRTIO_CONFIG_S_DRIVER_OK)) {
+ /*
+ * Non-multiport guests won't be able to tell us guest
+ * open/close status. Such guests can only have a port at id
+ * 0, so set guest_connected for such ports as soon as guest
+ * is up.
+ */
+ port->guest_connected = true;
+ }
+ if (!(status & VIRTIO_CONFIG_S_DRIVER_OK)) {
+ guest_reset(vser);
+ }
+}
+
+static void vser_reset(VirtIODevice *vdev)
+{
+ VirtIOSerial *vser;
+
+ vser = VIRTIO_SERIAL(vdev);
+ guest_reset(vser);
+}
+
+static void virtio_serial_save(QEMUFile *f, void *opaque)
+{
+ VirtIOSerial *s = VIRTIO_SERIAL(opaque);
+ VirtIOSerialPort *port;
+ uint32_t nr_active_ports;
+ unsigned int i, max_nr_ports;
+
+ /* The virtio device */
+ virtio_save(VIRTIO_DEVICE(s), f);
+
+ /* The config space */
+ qemu_put_be16s(f, &s->config.cols);
+ qemu_put_be16s(f, &s->config.rows);
+
+ qemu_put_be32s(f, &s->config.max_nr_ports);
+
+ /* The ports map */
+ max_nr_ports = tswap32(s->config.max_nr_ports);
+ for (i = 0; i < (max_nr_ports + 31) / 32; i++) {
+ qemu_put_be32s(f, &s->ports_map[i]);
+ }
+
+ /* Ports */
+
+ nr_active_ports = 0;
+ QTAILQ_FOREACH(port, &s->ports, next) {
+ nr_active_ports++;
+ }
+
+ qemu_put_be32s(f, &nr_active_ports);
+
+ /*
+ * Items in struct VirtIOSerialPort.
+ */
+ QTAILQ_FOREACH(port, &s->ports, next) {
+ uint32_t elem_popped;
+
+ qemu_put_be32s(f, &port->id);
+ qemu_put_byte(f, port->guest_connected);
+ qemu_put_byte(f, port->host_connected);
+
+ elem_popped = 0;
+ if (port->elem.out_num) {
+ elem_popped = 1;
+ }
+ qemu_put_be32s(f, &elem_popped);
+ if (elem_popped) {
+ qemu_put_be32s(f, &port->iov_idx);
+ qemu_put_be64s(f, &port->iov_offset);
+
+ qemu_put_buffer(f, (unsigned char *)&port->elem,
+ sizeof(port->elem));
+ }
+ }
+}
+
+static void virtio_serial_post_load_timer_cb(void *opaque)
+{
+ uint32_t i;
+ VirtIOSerial *s = VIRTIO_SERIAL(opaque);
+ VirtIOSerialPort *port;
+ uint8_t host_connected;
+ VirtIOSerialPortClass *vsc;
+
+ if (!s->post_load) {
+ return;
+ }
+ for (i = 0 ; i < s->post_load->nr_active_ports; ++i) {
+ port = s->post_load->connected[i].port;
+ host_connected = s->post_load->connected[i].host_connected;
+ if (host_connected != port->host_connected) {
+ /*
+ * We have to let the guest know of the host connection
+ * status change
+ */
+ send_control_event(s, port->id, VIRTIO_CONSOLE_PORT_OPEN,
+ port->host_connected);
+ }
+ vsc = VIRTIO_SERIAL_PORT_GET_CLASS(port);
+ if (vsc->set_guest_connected) {
+ vsc->set_guest_connected(port, port->guest_connected);
+ }
+ }
+ g_free(s->post_load->connected);
+ qemu_free_timer(s->post_load->timer);
+ g_free(s->post_load);
+ s->post_load = NULL;
+}
+
+static int fetch_active_ports_list(QEMUFile *f, int version_id,
+ VirtIOSerial *s, uint32_t nr_active_ports)
+{
+ uint32_t i;
+
+ s->post_load = g_malloc0(sizeof(*s->post_load));
+ s->post_load->nr_active_ports = nr_active_ports;
+ s->post_load->connected =
+ g_malloc0(sizeof(*s->post_load->connected) * nr_active_ports);
+
+ s->post_load->timer = qemu_new_timer_ns(vm_clock,
+ virtio_serial_post_load_timer_cb,
+ s);
+
+ /* Items in struct VirtIOSerialPort */
+ for (i = 0; i < nr_active_ports; i++) {
+ VirtIOSerialPort *port;
+ uint32_t id;
+
+ id = qemu_get_be32(f);
+ port = find_port_by_id(s, id);
+ if (!port) {
+ return -EINVAL;
+ }
+
+ port->guest_connected = qemu_get_byte(f);
+ s->post_load->connected[i].port = port;
+ s->post_load->connected[i].host_connected = qemu_get_byte(f);
+
+ if (version_id > 2) {
+ uint32_t elem_popped;
+
+ qemu_get_be32s(f, &elem_popped);
+ if (elem_popped) {
+ qemu_get_be32s(f, &port->iov_idx);
+ qemu_get_be64s(f, &port->iov_offset);
+
+ qemu_get_buffer(f, (unsigned char *)&port->elem,
+ sizeof(port->elem));
+ virtqueue_map_sg(port->elem.in_sg, port->elem.in_addr,
+ port->elem.in_num, 1);
+ virtqueue_map_sg(port->elem.out_sg, port->elem.out_addr,
+ port->elem.out_num, 1);
+
+ /*
+ * Port was throttled on source machine. Let's
+ * unthrottle it here so data starts flowing again.
+ */
+ virtio_serial_throttle_port(port, false);
+ }
+ }
+ }
+ qemu_mod_timer(s->post_load->timer, 1);
+ return 0;
+}
+
+static int virtio_serial_load(QEMUFile *f, void *opaque, int version_id)
+{
+ VirtIOSerial *s = VIRTIO_SERIAL(opaque);
+ uint32_t max_nr_ports, nr_active_ports, ports_map;
+ unsigned int i;
+ int ret;
+
+ if (version_id > 3) {
+ return -EINVAL;
+ }
+
+ /* The virtio device */
+ ret = virtio_load(VIRTIO_DEVICE(s), f);
+ if (ret) {
+ return ret;
+ }
+
+ if (version_id < 2) {
+ return 0;
+ }
+
+ /* The config space */
+ qemu_get_be16s(f, &s->config.cols);
+ qemu_get_be16s(f, &s->config.rows);
+
+ qemu_get_be32s(f, &max_nr_ports);
+ tswap32s(&max_nr_ports);
+ if (max_nr_ports > tswap32(s->config.max_nr_ports)) {
+ /* Source could have had more ports than us. Fail migration. */
+ return -EINVAL;
+ }
+
+ for (i = 0; i < (max_nr_ports + 31) / 32; i++) {
+ qemu_get_be32s(f, &ports_map);
+
+ if (ports_map != s->ports_map[i]) {
+ /*
+ * Ports active on source and destination don't
+ * match. Fail migration.
+ */
+ return -EINVAL;
+ }
+ }
+
+ qemu_get_be32s(f, &nr_active_ports);
+
+ if (nr_active_ports) {
+ ret = fetch_active_ports_list(f, version_id, s, nr_active_ports);
+ if (ret) {
+ return ret;
+ }
+ }
+ return 0;
+}
+
+static void virtser_bus_dev_print(Monitor *mon, DeviceState *qdev, int indent);
+
+static Property virtser_props[] = {
+ DEFINE_PROP_UINT32("nr", VirtIOSerialPort, id, VIRTIO_CONSOLE_BAD_ID),
+ DEFINE_PROP_STRING("name", VirtIOSerialPort, name),
+ DEFINE_PROP_END_OF_LIST()
+};
+
+#define TYPE_VIRTIO_SERIAL_BUS "virtio-serial-bus"
+#define VIRTIO_SERIAL_BUS(obj) \
+ OBJECT_CHECK(VirtIOSerialBus, (obj), TYPE_VIRTIO_SERIAL_BUS)
+
+static void virtser_bus_class_init(ObjectClass *klass, void *data)
+{
+ BusClass *k = BUS_CLASS(klass);
+ k->print_dev = virtser_bus_dev_print;
+}
+
+static const TypeInfo virtser_bus_info = {
+ .name = TYPE_VIRTIO_SERIAL_BUS,
+ .parent = TYPE_BUS,
+ .instance_size = sizeof(VirtIOSerialBus),
+ .class_init = virtser_bus_class_init,
+};
+
+static void virtser_bus_dev_print(Monitor *mon, DeviceState *qdev, int indent)
+{
+ VirtIOSerialPort *port = DO_UPCAST(VirtIOSerialPort, dev, qdev);
+
+ monitor_printf(mon, "%*sport %d, guest %s, host %s, throttle %s\n",
+ indent, "", port->id,
+ port->guest_connected ? "on" : "off",
+ port->host_connected ? "on" : "off",
+ port->throttled ? "on" : "off");
+}
+
+/* This function is only used if a port id is not provided by the user */
+static uint32_t find_free_port_id(VirtIOSerial *vser)
+{
+ unsigned int i, max_nr_ports;
+
+ max_nr_ports = tswap32(vser->config.max_nr_ports);
+ for (i = 0; i < (max_nr_ports + 31) / 32; i++) {
+ uint32_t map, bit;
+
+ map = vser->ports_map[i];
+ bit = ffs(~map);
+ if (bit) {
+ return (bit - 1) + i * 32;
+ }
+ }
+ return VIRTIO_CONSOLE_BAD_ID;
+}
+
+static void mark_port_added(VirtIOSerial *vser, uint32_t port_id)
+{
+ unsigned int i;
+
+ i = port_id / 32;
+ vser->ports_map[i] |= 1U << (port_id % 32);
+}
+
+static void add_port(VirtIOSerial *vser, uint32_t port_id)
+{
+ mark_port_added(vser, port_id);
+ send_control_event(vser, port_id, VIRTIO_CONSOLE_PORT_ADD, 1);
+}
+
+static void remove_port(VirtIOSerial *vser, uint32_t port_id)
+{
+ VirtIOSerialPort *port;
+ unsigned int i;
+
+ i = port_id / 32;
+ vser->ports_map[i] &= ~(1U << (port_id % 32));
+
+ port = find_port_by_id(vser, port_id);
+ /*
+ * This function is only called from qdev's unplug callback; if we
+ * get a NULL port here, we're in trouble.
+ */
+ assert(port);
+
+ /* Flush out any unconsumed buffers first */
+ discard_vq_data(port->ovq, VIRTIO_DEVICE(port->vser));
+
+ send_control_event(vser, port->id, VIRTIO_CONSOLE_PORT_REMOVE, 1);
+}
+
+static int virtser_port_qdev_init(DeviceState *qdev)
+{
+ VirtIOSerialPort *port = DO_UPCAST(VirtIOSerialPort, dev, qdev);
+ VirtIOSerialPortClass *vsc = VIRTIO_SERIAL_PORT_GET_CLASS(port);
+ VirtIOSerialBus *bus = DO_UPCAST(VirtIOSerialBus, qbus, qdev->parent_bus);
+ int ret, max_nr_ports;
+ bool plugging_port0;
+
+ port->vser = bus->vser;
+ port->bh = qemu_bh_new(flush_queued_data_bh, port);
+
+ assert(vsc->have_data);
+
+ /*
+ * Is the first console port we're seeing? If so, put it up at
+ * location 0. This is done for backward compatibility (old
+ * kernel, new qemu).
+ */
+ plugging_port0 = vsc->is_console && !find_port_by_id(port->vser, 0);
+
+ if (find_port_by_id(port->vser, port->id)) {
+ error_report("virtio-serial-bus: A port already exists at id %u",
+ port->id);
+ return -1;
+ }
+
+ if (port->id == VIRTIO_CONSOLE_BAD_ID) {
+ if (plugging_port0) {
+ port->id = 0;
+ } else {
+ port->id = find_free_port_id(port->vser);
+ if (port->id == VIRTIO_CONSOLE_BAD_ID) {
+ error_report("virtio-serial-bus: Maximum port limit for this device reached");
+ return -1;
+ }
+ }
+ }
+
+ max_nr_ports = tswap32(port->vser->config.max_nr_ports);
+ if (port->id >= max_nr_ports) {
+ error_report("virtio-serial-bus: Out-of-range port id specified, max. allowed: %u",
+ max_nr_ports - 1);
+ return -1;
+ }
+
+ ret = vsc->init(port);
+ if (ret) {
+ return ret;
+ }
+
+ port->elem.out_num = 0;
+
+ QTAILQ_INSERT_TAIL(&port->vser->ports, port, next);
+ port->ivq = port->vser->ivqs[port->id];
+ port->ovq = port->vser->ovqs[port->id];
+
+ add_port(port->vser, port->id);
+
+ /* Send an update to the guest about this new port added */
+ virtio_notify_config(VIRTIO_DEVICE(port->vser));
+
+ return ret;
+}
+
+static int virtser_port_qdev_exit(DeviceState *qdev)
+{
+ VirtIOSerialPort *port = DO_UPCAST(VirtIOSerialPort, dev, qdev);
+ VirtIOSerialPortClass *vsc = VIRTIO_SERIAL_PORT_GET_CLASS(port);
+ VirtIOSerial *vser = port->vser;
+
+ qemu_bh_delete(port->bh);
+ remove_port(port->vser, port->id);
+
+ QTAILQ_REMOVE(&vser->ports, port, next);
+
+ if (vsc->exit) {
+ vsc->exit(port);
+ }
+ return 0;
+}
+
+static int virtio_serial_device_init(VirtIODevice *vdev)
+{
+ DeviceState *qdev = DEVICE(vdev);
+ VirtIOSerial *vser = VIRTIO_SERIAL(vdev);
+ uint32_t i, max_supported_ports;
+
+ if (!vser->serial.max_virtserial_ports) {
+ return -1;
+ }
+
+ /* Each port takes 2 queues, and one pair is for the control queue */
+ max_supported_ports = VIRTIO_PCI_QUEUE_MAX / 2 - 1;
+
+ if (vser->serial.max_virtserial_ports > max_supported_ports) {
+ error_report("maximum ports supported: %u", max_supported_ports);
+ return -1;
+ }
+
+ virtio_init(vdev, "virtio-serial", VIRTIO_ID_CONSOLE,
+ sizeof(struct virtio_console_config));
+
+ /* Spawn a new virtio-serial bus on which the ports will ride as devices */
+ qbus_create_inplace(&vser->bus.qbus, TYPE_VIRTIO_SERIAL_BUS, qdev,
+ vdev->bus_name);
+ vser->bus.qbus.allow_hotplug = 1;
+ vser->bus.vser = vser;
+ QTAILQ_INIT(&vser->ports);
+
+ vser->bus.max_nr_ports = vser->serial.max_virtserial_ports;
+ vser->ivqs = g_malloc(vser->serial.max_virtserial_ports
+ * sizeof(VirtQueue *));
+ vser->ovqs = g_malloc(vser->serial.max_virtserial_ports
+ * sizeof(VirtQueue *));
+
+ /* Add a queue for host to guest transfers for port 0 (backward compat) */
+ vser->ivqs[0] = virtio_add_queue(vdev, 128, handle_input);
+ /* Add a queue for guest to host transfers for port 0 (backward compat) */
+ vser->ovqs[0] = virtio_add_queue(vdev, 128, handle_output);
+
+ /* TODO: host to guest notifications can get dropped
+ * if the queue fills up. Implement queueing in host,
+ * this might also make it possible to reduce the control
+ * queue size: as guest preposts buffers there,
+ * this will save 4Kbyte of guest memory per entry. */
+
+ /* control queue: host to guest */
+ vser->c_ivq = virtio_add_queue(vdev, 32, control_in);
+ /* control queue: guest to host */
+ vser->c_ovq = virtio_add_queue(vdev, 32, control_out);
+
+ for (i = 1; i < vser->bus.max_nr_ports; i++) {
+ /* Add a per-port queue for host to guest transfers */
+ vser->ivqs[i] = virtio_add_queue(vdev, 128, handle_input);
+ /* Add a per-per queue for guest to host transfers */
+ vser->ovqs[i] = virtio_add_queue(vdev, 128, handle_output);
+ }
+
+ vser->config.max_nr_ports = tswap32(vser->serial.max_virtserial_ports);
+ vser->ports_map = g_malloc0(((vser->serial.max_virtserial_ports + 31) / 32)
+ * sizeof(vser->ports_map[0]));
+ /*
+ * Reserve location 0 for a console port for backward compat
+ * (old kernel, new qemu)
+ */
+ mark_port_added(vser, 0);
+
+ vser->post_load = NULL;
+
+ /*
+ * Register for the savevm section with the virtio-console name
+ * to preserve backward compat
+ */
+ register_savevm(qdev, "virtio-console", -1, 3, virtio_serial_save,
+ virtio_serial_load, vser);
+
+ return 0;
+}
+
+static void virtio_serial_port_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *k = DEVICE_CLASS(klass);
+ k->init = virtser_port_qdev_init;
+ set_bit(DEVICE_CATEGORY_INPUT, k->categories);
+ k->bus_type = TYPE_VIRTIO_SERIAL_BUS;
+ k->exit = virtser_port_qdev_exit;
+ k->unplug = qdev_simple_unplug_cb;
+ k->props = virtser_props;
+}
+
+static const TypeInfo virtio_serial_port_type_info = {
+ .name = TYPE_VIRTIO_SERIAL_PORT,
+ .parent = TYPE_DEVICE,
+ .instance_size = sizeof(VirtIOSerialPort),
+ .abstract = true,
+ .class_size = sizeof(VirtIOSerialPortClass),
+ .class_init = virtio_serial_port_class_init,
+};
+
+static int virtio_serial_device_exit(DeviceState *dev)
+{
+ VirtIOSerial *vser = VIRTIO_SERIAL(dev);
+ VirtIODevice *vdev = VIRTIO_DEVICE(dev);
+
+ unregister_savevm(dev, "virtio-console", vser);
+
+ g_free(vser->ivqs);
+ g_free(vser->ovqs);
+ g_free(vser->ports_map);
+ if (vser->post_load) {
+ g_free(vser->post_load->connected);
+ qemu_del_timer(vser->post_load->timer);
+ qemu_free_timer(vser->post_load->timer);
+ g_free(vser->post_load);
+ }
+ virtio_cleanup(vdev);
+ return 0;
+}
+
+static Property virtio_serial_properties[] = {
+ DEFINE_VIRTIO_SERIAL_PROPERTIES(VirtIOSerial, serial),
+ DEFINE_PROP_END_OF_LIST(),
+};
+
+static void virtio_serial_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ VirtioDeviceClass *vdc = VIRTIO_DEVICE_CLASS(klass);
+ dc->exit = virtio_serial_device_exit;
+ dc->props = virtio_serial_properties;
+ set_bit(DEVICE_CATEGORY_INPUT, dc->categories);
+ vdc->init = virtio_serial_device_init;
+ vdc->get_features = get_features;
+ vdc->get_config = get_config;
+ vdc->set_config = set_config;
+ vdc->set_status = set_status;
+ vdc->reset = vser_reset;
+}
+
+static const TypeInfo virtio_device_info = {
+ .name = TYPE_VIRTIO_SERIAL,
+ .parent = TYPE_VIRTIO_DEVICE,
+ .instance_size = sizeof(VirtIOSerial),
+ .class_init = virtio_serial_class_init,
+};
+
+static void virtio_serial_register_types(void)
+{
+ type_register_static(&virtser_bus_info);
+ type_register_static(&virtio_serial_port_type_info);
+ type_register_static(&virtio_device_info);
+}
+
+type_init(virtio_serial_register_types)
diff --git a/hw/char/xen_console.c b/hw/char/xen_console.c
new file mode 100644
index 000000000..eb7f450ab
--- /dev/null
+++ b/hw/char/xen_console.c
@@ -0,0 +1,305 @@
+/*
+ * Copyright (C) International Business Machines Corp., 2005
+ * Author(s): Anthony Liguori <aliguori@us.ibm.com>
+ *
+ * Copyright (C) Red Hat 2007
+ *
+ * Xen Console
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; under version 2 of the License.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <stdlib.h>
+#include <errno.h>
+#include <string.h>
+#include <sys/select.h>
+#include <fcntl.h>
+#include <unistd.h>
+#include <termios.h>
+#include <stdarg.h>
+#include <sys/mman.h>
+
+#include "hw/hw.h"
+#include "sysemu/char.h"
+#include "hw/xen/xen_backend.h"
+
+#include <xen/io/console.h>
+
+struct buffer {
+ uint8_t *data;
+ size_t consumed;
+ size_t size;
+ size_t capacity;
+ size_t max_capacity;
+};
+
+struct XenConsole {
+ struct XenDevice xendev; /* must be first */
+ struct buffer buffer;
+ char console[XEN_BUFSIZE];
+ int ring_ref;
+ void *sring;
+ CharDriverState *chr;
+ int backlog;
+};
+
+static void buffer_append(struct XenConsole *con)
+{
+ struct buffer *buffer = &con->buffer;
+ XENCONS_RING_IDX cons, prod, size;
+ struct xencons_interface *intf = con->sring;
+
+ cons = intf->out_cons;
+ prod = intf->out_prod;
+ xen_mb();
+
+ size = prod - cons;
+ if ((size == 0) || (size > sizeof(intf->out)))
+ return;
+
+ if ((buffer->capacity - buffer->size) < size) {
+ buffer->capacity += (size + 1024);
+ buffer->data = g_realloc(buffer->data, buffer->capacity);
+ }
+
+ while (cons != prod)
+ buffer->data[buffer->size++] = intf->out[
+ MASK_XENCONS_IDX(cons++, intf->out)];
+
+ xen_mb();
+ intf->out_cons = cons;
+ xen_be_send_notify(&con->xendev);
+
+ if (buffer->max_capacity &&
+ buffer->size > buffer->max_capacity) {
+ /* Discard the middle of the data. */
+
+ size_t over = buffer->size - buffer->max_capacity;
+ uint8_t *maxpos = buffer->data + buffer->max_capacity;
+
+ memmove(maxpos - over, maxpos, over);
+ buffer->data = g_realloc(buffer->data, buffer->max_capacity);
+ buffer->size = buffer->capacity = buffer->max_capacity;
+
+ if (buffer->consumed > buffer->max_capacity - over)
+ buffer->consumed = buffer->max_capacity - over;
+ }
+}
+
+static void buffer_advance(struct buffer *buffer, size_t len)
+{
+ buffer->consumed += len;
+ if (buffer->consumed == buffer->size) {
+ buffer->consumed = 0;
+ buffer->size = 0;
+ }
+}
+
+static int ring_free_bytes(struct XenConsole *con)
+{
+ struct xencons_interface *intf = con->sring;
+ XENCONS_RING_IDX cons, prod, space;
+
+ cons = intf->in_cons;
+ prod = intf->in_prod;
+ xen_mb();
+
+ space = prod - cons;
+ if (space > sizeof(intf->in))
+ return 0; /* ring is screwed: ignore it */
+
+ return (sizeof(intf->in) - space);
+}
+
+static int xencons_can_receive(void *opaque)
+{
+ struct XenConsole *con = opaque;
+ return ring_free_bytes(con);
+}
+
+static void xencons_receive(void *opaque, const uint8_t *buf, int len)
+{
+ struct XenConsole *con = opaque;
+ struct xencons_interface *intf = con->sring;
+ XENCONS_RING_IDX prod;
+ int i, max;
+
+ max = ring_free_bytes(con);
+ /* The can_receive() func limits this, but check again anyway */
+ if (max < len)
+ len = max;
+
+ prod = intf->in_prod;
+ for (i = 0; i < len; i++) {
+ intf->in[MASK_XENCONS_IDX(prod++, intf->in)] =
+ buf[i];
+ }
+ xen_wmb();
+ intf->in_prod = prod;
+ xen_be_send_notify(&con->xendev);
+}
+
+static void xencons_send(struct XenConsole *con)
+{
+ ssize_t len, size;
+
+ size = con->buffer.size - con->buffer.consumed;
+ if (con->chr)
+ len = qemu_chr_fe_write(con->chr, con->buffer.data + con->buffer.consumed,
+ size);
+ else
+ len = size;
+ if (len < 1) {
+ if (!con->backlog) {
+ con->backlog = 1;
+ xen_be_printf(&con->xendev, 1, "backlog piling up, nobody listening?\n");
+ }
+ } else {
+ buffer_advance(&con->buffer, len);
+ if (con->backlog && len == size) {
+ con->backlog = 0;
+ xen_be_printf(&con->xendev, 1, "backlog is gone\n");
+ }
+ }
+}
+
+/* -------------------------------------------------------------------- */
+
+static int con_init(struct XenDevice *xendev)
+{
+ struct XenConsole *con = container_of(xendev, struct XenConsole, xendev);
+ char *type, *dom, label[32];
+ int ret = 0;
+ const char *output;
+
+ /* setup */
+ dom = xs_get_domain_path(xenstore, con->xendev.dom);
+ if (!xendev->dev) {
+ snprintf(con->console, sizeof(con->console), "%s/console", dom);
+ } else {
+ snprintf(con->console, sizeof(con->console), "%s/device/console/%d", dom, xendev->dev);
+ }
+ free(dom);
+
+ type = xenstore_read_str(con->console, "type");
+ if (!type || strcmp(type, "ioemu") != 0) {
+ xen_be_printf(xendev, 1, "not for me (type=%s)\n", type);
+ ret = -1;
+ goto out;
+ }
+
+ output = xenstore_read_str(con->console, "output");
+
+ /* no Xen override, use qemu output device */
+ if (output == NULL) {
+ con->chr = serial_hds[con->xendev.dev];
+ } else {
+ snprintf(label, sizeof(label), "xencons%d", con->xendev.dev);
+ con->chr = qemu_chr_new(label, output, NULL);
+ }
+
+ xenstore_store_pv_console_info(con->xendev.dev, con->chr);
+
+out:
+ g_free(type);
+ return ret;
+}
+
+static int con_initialise(struct XenDevice *xendev)
+{
+ struct XenConsole *con = container_of(xendev, struct XenConsole, xendev);
+ int limit;
+
+ if (xenstore_read_int(con->console, "ring-ref", &con->ring_ref) == -1)
+ return -1;
+ if (xenstore_read_int(con->console, "port", &con->xendev.remote_port) == -1)
+ return -1;
+ if (xenstore_read_int(con->console, "limit", &limit) == 0)
+ con->buffer.max_capacity = limit;
+
+ if (!xendev->dev) {
+ con->sring = xc_map_foreign_range(xen_xc, con->xendev.dom,
+ XC_PAGE_SIZE,
+ PROT_READ|PROT_WRITE,
+ con->ring_ref);
+ } else {
+ con->sring = xc_gnttab_map_grant_ref(xendev->gnttabdev, con->xendev.dom,
+ con->ring_ref,
+ PROT_READ|PROT_WRITE);
+ }
+ if (!con->sring)
+ return -1;
+
+ xen_be_bind_evtchn(&con->xendev);
+ if (con->chr) {
+ if (qemu_chr_fe_claim(con->chr) == 0) {
+ qemu_chr_add_handlers(con->chr, xencons_can_receive,
+ xencons_receive, NULL, con);
+ } else {
+ xen_be_printf(xendev, 0,
+ "xen_console_init error chardev %s already used\n",
+ con->chr->label);
+ con->chr = NULL;
+ }
+ }
+
+ xen_be_printf(xendev, 1, "ring mfn %d, remote port %d, local port %d, limit %zd\n",
+ con->ring_ref,
+ con->xendev.remote_port,
+ con->xendev.local_port,
+ con->buffer.max_capacity);
+ return 0;
+}
+
+static void con_disconnect(struct XenDevice *xendev)
+{
+ struct XenConsole *con = container_of(xendev, struct XenConsole, xendev);
+
+ if (!xendev->dev) {
+ return;
+ }
+ if (con->chr) {
+ qemu_chr_add_handlers(con->chr, NULL, NULL, NULL, NULL);
+ qemu_chr_fe_release(con->chr);
+ }
+ xen_be_unbind_evtchn(&con->xendev);
+
+ if (con->sring) {
+ if (!xendev->gnttabdev) {
+ munmap(con->sring, XC_PAGE_SIZE);
+ } else {
+ xc_gnttab_munmap(xendev->gnttabdev, con->sring, 1);
+ }
+ con->sring = NULL;
+ }
+}
+
+static void con_event(struct XenDevice *xendev)
+{
+ struct XenConsole *con = container_of(xendev, struct XenConsole, xendev);
+
+ buffer_append(con);
+ if (con->buffer.size - con->buffer.consumed)
+ xencons_send(con);
+}
+
+/* -------------------------------------------------------------------- */
+
+struct XenDevOps xen_console_ops = {
+ .size = sizeof(struct XenConsole),
+ .flags = DEVOPS_FLAG_IGNORE_STATE|DEVOPS_FLAG_NEED_GNTDEV,
+ .init = con_init,
+ .initialise = con_initialise,
+ .event = con_event,
+ .disconnect = con_disconnect,
+};
diff --git a/hw/char/xilinx_uartlite.c b/hw/char/xilinx_uartlite.c
new file mode 100644
index 000000000..b0d1d04af
--- /dev/null
+++ b/hw/char/xilinx_uartlite.c
@@ -0,0 +1,235 @@
+/*
+ * QEMU model of Xilinx uartlite.
+ *
+ * Copyright (c) 2009 Edgar E. Iglesias.
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+#include "hw/sysbus.h"
+#include "sysemu/char.h"
+
+#define DUART(x)
+
+#define R_RX 0
+#define R_TX 1
+#define R_STATUS 2
+#define R_CTRL 3
+#define R_MAX 4
+
+#define STATUS_RXVALID 0x01
+#define STATUS_RXFULL 0x02
+#define STATUS_TXEMPTY 0x04
+#define STATUS_TXFULL 0x08
+#define STATUS_IE 0x10
+#define STATUS_OVERRUN 0x20
+#define STATUS_FRAME 0x40
+#define STATUS_PARITY 0x80
+
+#define CONTROL_RST_TX 0x01
+#define CONTROL_RST_RX 0x02
+#define CONTROL_IE 0x10
+
+#define TYPE_XILINX_UARTLITE "xlnx.xps-uartlite"
+#define XILINX_UARTLITE(obj) \
+ OBJECT_CHECK(XilinxUARTLite, (obj), TYPE_XILINX_UARTLITE)
+
+typedef struct XilinxUARTLite {
+ SysBusDevice parent_obj;
+
+ MemoryRegion mmio;
+ CharDriverState *chr;
+ qemu_irq irq;
+
+ uint8_t rx_fifo[8];
+ unsigned int rx_fifo_pos;
+ unsigned int rx_fifo_len;
+
+ uint32_t regs[R_MAX];
+} XilinxUARTLite;
+
+static void uart_update_irq(XilinxUARTLite *s)
+{
+ unsigned int irq;
+
+ if (s->rx_fifo_len)
+ s->regs[R_STATUS] |= STATUS_IE;
+
+ irq = (s->regs[R_STATUS] & STATUS_IE) && (s->regs[R_CTRL] & CONTROL_IE);
+ qemu_set_irq(s->irq, irq);
+}
+
+static void uart_update_status(XilinxUARTLite *s)
+{
+ uint32_t r;
+
+ r = s->regs[R_STATUS];
+ r &= ~7;
+ r |= 1 << 2; /* Tx fifo is always empty. We are fast :) */
+ r |= (s->rx_fifo_len == sizeof (s->rx_fifo)) << 1;
+ r |= (!!s->rx_fifo_len);
+ s->regs[R_STATUS] = r;
+}
+
+static uint64_t
+uart_read(void *opaque, hwaddr addr, unsigned int size)
+{
+ XilinxUARTLite *s = opaque;
+ uint32_t r = 0;
+ addr >>= 2;
+ switch (addr)
+ {
+ case R_RX:
+ r = s->rx_fifo[(s->rx_fifo_pos - s->rx_fifo_len) & 7];
+ if (s->rx_fifo_len)
+ s->rx_fifo_len--;
+ uart_update_status(s);
+ uart_update_irq(s);
+ qemu_chr_accept_input(s->chr);
+ break;
+
+ default:
+ if (addr < ARRAY_SIZE(s->regs))
+ r = s->regs[addr];
+ DUART(qemu_log("%s addr=%x v=%x\n", __func__, addr, r));
+ break;
+ }
+ return r;
+}
+
+static void
+uart_write(void *opaque, hwaddr addr,
+ uint64_t val64, unsigned int size)
+{
+ XilinxUARTLite *s = opaque;
+ uint32_t value = val64;
+ unsigned char ch = value;
+
+ addr >>= 2;
+ switch (addr)
+ {
+ case R_STATUS:
+ hw_error("write to UART STATUS?\n");
+ break;
+
+ case R_CTRL:
+ if (value & CONTROL_RST_RX) {
+ s->rx_fifo_pos = 0;
+ s->rx_fifo_len = 0;
+ }
+ s->regs[addr] = value;
+ break;
+
+ case R_TX:
+ if (s->chr)
+ qemu_chr_fe_write(s->chr, &ch, 1);
+
+ s->regs[addr] = value;
+
+ /* hax. */
+ s->regs[R_STATUS] |= STATUS_IE;
+ break;
+
+ default:
+ DUART(printf("%s addr=%x v=%x\n", __func__, addr, value));
+ if (addr < ARRAY_SIZE(s->regs))
+ s->regs[addr] = value;
+ break;
+ }
+ uart_update_status(s);
+ uart_update_irq(s);
+}
+
+static const MemoryRegionOps uart_ops = {
+ .read = uart_read,
+ .write = uart_write,
+ .endianness = DEVICE_NATIVE_ENDIAN,
+ .valid = {
+ .min_access_size = 1,
+ .max_access_size = 4
+ }
+};
+
+static void uart_rx(void *opaque, const uint8_t *buf, int size)
+{
+ XilinxUARTLite *s = opaque;
+
+ /* Got a byte. */
+ if (s->rx_fifo_len >= 8) {
+ printf("WARNING: UART dropped char.\n");
+ return;
+ }
+ s->rx_fifo[s->rx_fifo_pos] = *buf;
+ s->rx_fifo_pos++;
+ s->rx_fifo_pos &= 0x7;
+ s->rx_fifo_len++;
+
+ uart_update_status(s);
+ uart_update_irq(s);
+}
+
+static int uart_can_rx(void *opaque)
+{
+ XilinxUARTLite *s = opaque;
+
+ return s->rx_fifo_len < sizeof(s->rx_fifo);
+}
+
+static void uart_event(void *opaque, int event)
+{
+
+}
+
+static int xilinx_uartlite_init(SysBusDevice *dev)
+{
+ XilinxUARTLite *s = XILINX_UARTLITE(dev);
+
+ sysbus_init_irq(dev, &s->irq);
+
+ uart_update_status(s);
+ memory_region_init_io(&s->mmio, OBJECT(s), &uart_ops, s,
+ "xlnx.xps-uartlite", R_MAX * 4);
+ sysbus_init_mmio(dev, &s->mmio);
+
+ s->chr = qemu_char_get_next_serial();
+ if (s->chr)
+ qemu_chr_add_handlers(s->chr, uart_can_rx, uart_rx, uart_event, s);
+ return 0;
+}
+
+static void xilinx_uartlite_class_init(ObjectClass *klass, void *data)
+{
+ SysBusDeviceClass *sdc = SYS_BUS_DEVICE_CLASS(klass);
+
+ sdc->init = xilinx_uartlite_init;
+}
+
+static const TypeInfo xilinx_uartlite_info = {
+ .name = TYPE_XILINX_UARTLITE,
+ .parent = TYPE_SYS_BUS_DEVICE,
+ .instance_size = sizeof(XilinxUARTLite),
+ .class_init = xilinx_uartlite_class_init,
+};
+
+static void xilinx_uart_register_types(void)
+{
+ type_register_static(&xilinx_uartlite_info);
+}
+
+type_init(xilinx_uart_register_types)
diff --git a/hw/cirrus_vga.c b/hw/cirrus_vga.c
deleted file mode 100644
index 9bef96e6d..000000000
--- a/hw/cirrus_vga.c
+++ /dev/null
@@ -1,3011 +0,0 @@
-/*
- * QEMU Cirrus CLGD 54xx VGA Emulator.
- *
- * Copyright (c) 2004 Fabrice Bellard
- * Copyright (c) 2004 Makoto Suzuki (suzu)
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
- * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
- * THE SOFTWARE.
- */
-/*
- * Reference: Finn Thogersons' VGADOC4b
- * available at http://home.worldonline.dk/~finth/
- */
-#include "hw.h"
-#include "pci.h"
-#include "console.h"
-#include "vga_int.h"
-#include "loader.h"
-
-/*
- * TODO:
- * - destination write mask support not complete (bits 5..7)
- * - optimize linear mappings
- * - optimize bitblt functions
- */
-
-//#define DEBUG_CIRRUS
-//#define DEBUG_BITBLT
-
-/***************************************
- *
- * definitions
- *
- ***************************************/
-
-// ID
-#define CIRRUS_ID_CLGD5422 (0x23<<2)
-#define CIRRUS_ID_CLGD5426 (0x24<<2)
-#define CIRRUS_ID_CLGD5424 (0x25<<2)
-#define CIRRUS_ID_CLGD5428 (0x26<<2)
-#define CIRRUS_ID_CLGD5430 (0x28<<2)
-#define CIRRUS_ID_CLGD5434 (0x2A<<2)
-#define CIRRUS_ID_CLGD5436 (0x2B<<2)
-#define CIRRUS_ID_CLGD5446 (0x2E<<2)
-
-// sequencer 0x07
-#define CIRRUS_SR7_BPP_VGA 0x00
-#define CIRRUS_SR7_BPP_SVGA 0x01
-#define CIRRUS_SR7_BPP_MASK 0x0e
-#define CIRRUS_SR7_BPP_8 0x00
-#define CIRRUS_SR7_BPP_16_DOUBLEVCLK 0x02
-#define CIRRUS_SR7_BPP_24 0x04
-#define CIRRUS_SR7_BPP_16 0x06
-#define CIRRUS_SR7_BPP_32 0x08
-#define CIRRUS_SR7_ISAADDR_MASK 0xe0
-
-// sequencer 0x0f
-#define CIRRUS_MEMSIZE_512k 0x08
-#define CIRRUS_MEMSIZE_1M 0x10
-#define CIRRUS_MEMSIZE_2M 0x18
-#define CIRRUS_MEMFLAGS_BANKSWITCH 0x80 // bank switching is enabled.
-
-// sequencer 0x12
-#define CIRRUS_CURSOR_SHOW 0x01
-#define CIRRUS_CURSOR_HIDDENPEL 0x02
-#define CIRRUS_CURSOR_LARGE 0x04 // 64x64 if set, 32x32 if clear
-
-// sequencer 0x17
-#define CIRRUS_BUSTYPE_VLBFAST 0x10
-#define CIRRUS_BUSTYPE_PCI 0x20
-#define CIRRUS_BUSTYPE_VLBSLOW 0x30
-#define CIRRUS_BUSTYPE_ISA 0x38
-#define CIRRUS_MMIO_ENABLE 0x04
-#define CIRRUS_MMIO_USE_PCIADDR 0x40 // 0xb8000 if cleared.
-#define CIRRUS_MEMSIZEEXT_DOUBLE 0x80
-
-// control 0x0b
-#define CIRRUS_BANKING_DUAL 0x01
-#define CIRRUS_BANKING_GRANULARITY_16K 0x20 // set:16k, clear:4k
-
-// control 0x30
-#define CIRRUS_BLTMODE_BACKWARDS 0x01
-#define CIRRUS_BLTMODE_MEMSYSDEST 0x02
-#define CIRRUS_BLTMODE_MEMSYSSRC 0x04
-#define CIRRUS_BLTMODE_TRANSPARENTCOMP 0x08
-#define CIRRUS_BLTMODE_PATTERNCOPY 0x40
-#define CIRRUS_BLTMODE_COLOREXPAND 0x80
-#define CIRRUS_BLTMODE_PIXELWIDTHMASK 0x30
-#define CIRRUS_BLTMODE_PIXELWIDTH8 0x00
-#define CIRRUS_BLTMODE_PIXELWIDTH16 0x10
-#define CIRRUS_BLTMODE_PIXELWIDTH24 0x20
-#define CIRRUS_BLTMODE_PIXELWIDTH32 0x30
-
-// control 0x31
-#define CIRRUS_BLT_BUSY 0x01
-#define CIRRUS_BLT_START 0x02
-#define CIRRUS_BLT_RESET 0x04
-#define CIRRUS_BLT_FIFOUSED 0x10
-#define CIRRUS_BLT_AUTOSTART 0x80
-
-// control 0x32
-#define CIRRUS_ROP_0 0x00
-#define CIRRUS_ROP_SRC_AND_DST 0x05
-#define CIRRUS_ROP_NOP 0x06
-#define CIRRUS_ROP_SRC_AND_NOTDST 0x09
-#define CIRRUS_ROP_NOTDST 0x0b
-#define CIRRUS_ROP_SRC 0x0d
-#define CIRRUS_ROP_1 0x0e
-#define CIRRUS_ROP_NOTSRC_AND_DST 0x50
-#define CIRRUS_ROP_SRC_XOR_DST 0x59
-#define CIRRUS_ROP_SRC_OR_DST 0x6d
-#define CIRRUS_ROP_NOTSRC_OR_NOTDST 0x90
-#define CIRRUS_ROP_SRC_NOTXOR_DST 0x95
-#define CIRRUS_ROP_SRC_OR_NOTDST 0xad
-#define CIRRUS_ROP_NOTSRC 0xd0
-#define CIRRUS_ROP_NOTSRC_OR_DST 0xd6
-#define CIRRUS_ROP_NOTSRC_AND_NOTDST 0xda
-
-#define CIRRUS_ROP_NOP_INDEX 2
-#define CIRRUS_ROP_SRC_INDEX 5
-
-// control 0x33
-#define CIRRUS_BLTMODEEXT_SOLIDFILL 0x04
-#define CIRRUS_BLTMODEEXT_COLOREXPINV 0x02
-#define CIRRUS_BLTMODEEXT_DWORDGRANULARITY 0x01
-
-// memory-mapped IO
-#define CIRRUS_MMIO_BLTBGCOLOR 0x00 // dword
-#define CIRRUS_MMIO_BLTFGCOLOR 0x04 // dword
-#define CIRRUS_MMIO_BLTWIDTH 0x08 // word
-#define CIRRUS_MMIO_BLTHEIGHT 0x0a // word
-#define CIRRUS_MMIO_BLTDESTPITCH 0x0c // word
-#define CIRRUS_MMIO_BLTSRCPITCH 0x0e // word
-#define CIRRUS_MMIO_BLTDESTADDR 0x10 // dword
-#define CIRRUS_MMIO_BLTSRCADDR 0x14 // dword
-#define CIRRUS_MMIO_BLTWRITEMASK 0x17 // byte
-#define CIRRUS_MMIO_BLTMODE 0x18 // byte
-#define CIRRUS_MMIO_BLTROP 0x1a // byte
-#define CIRRUS_MMIO_BLTMODEEXT 0x1b // byte
-#define CIRRUS_MMIO_BLTTRANSPARENTCOLOR 0x1c // word?
-#define CIRRUS_MMIO_BLTTRANSPARENTCOLORMASK 0x20 // word?
-#define CIRRUS_MMIO_LINEARDRAW_START_X 0x24 // word
-#define CIRRUS_MMIO_LINEARDRAW_START_Y 0x26 // word
-#define CIRRUS_MMIO_LINEARDRAW_END_X 0x28 // word
-#define CIRRUS_MMIO_LINEARDRAW_END_Y 0x2a // word
-#define CIRRUS_MMIO_LINEARDRAW_LINESTYLE_INC 0x2c // byte
-#define CIRRUS_MMIO_LINEARDRAW_LINESTYLE_ROLLOVER 0x2d // byte
-#define CIRRUS_MMIO_LINEARDRAW_LINESTYLE_MASK 0x2e // byte
-#define CIRRUS_MMIO_LINEARDRAW_LINESTYLE_ACCUM 0x2f // byte
-#define CIRRUS_MMIO_BRESENHAM_K1 0x30 // word
-#define CIRRUS_MMIO_BRESENHAM_K3 0x32 // word
-#define CIRRUS_MMIO_BRESENHAM_ERROR 0x34 // word
-#define CIRRUS_MMIO_BRESENHAM_DELTA_MAJOR 0x36 // word
-#define CIRRUS_MMIO_BRESENHAM_DIRECTION 0x38 // byte
-#define CIRRUS_MMIO_LINEDRAW_MODE 0x39 // byte
-#define CIRRUS_MMIO_BLTSTATUS 0x40 // byte
-
-#define CIRRUS_PNPMMIO_SIZE 0x1000
-
-#define BLTUNSAFE(s) \
- ( \
- ( /* check dst is within bounds */ \
- (s)->cirrus_blt_height * ABS((s)->cirrus_blt_dstpitch) \
- + ((s)->cirrus_blt_dstaddr & (s)->cirrus_addr_mask) > \
- (s)->vga.vram_size \
- ) || \
- ( /* check src is within bounds */ \
- (s)->cirrus_blt_height * ABS((s)->cirrus_blt_srcpitch) \
- + ((s)->cirrus_blt_srcaddr & (s)->cirrus_addr_mask) > \
- (s)->vga.vram_size \
- ) \
- )
-
-struct CirrusVGAState;
-typedef void (*cirrus_bitblt_rop_t) (struct CirrusVGAState *s,
- uint8_t * dst, const uint8_t * src,
- int dstpitch, int srcpitch,
- int bltwidth, int bltheight);
-typedef void (*cirrus_fill_t)(struct CirrusVGAState *s,
- uint8_t *dst, int dst_pitch, int width, int height);
-
-typedef struct CirrusVGAState {
- VGACommonState vga;
-
- MemoryRegion cirrus_linear_io;
- MemoryRegion cirrus_linear_bitblt_io;
- MemoryRegion cirrus_mmio_io;
- MemoryRegion pci_bar;
- bool linear_vram; /* vga.vram mapped over cirrus_linear_io */
- MemoryRegion low_mem_container; /* container for 0xa0000-0xc0000 */
- MemoryRegion low_mem; /* always mapped, overridden by: */
- MemoryRegion cirrus_bank[2]; /* aliases at 0xa0000-0xb0000 */
- uint32_t cirrus_addr_mask;
- uint32_t linear_mmio_mask;
- uint8_t cirrus_shadow_gr0;
- uint8_t cirrus_shadow_gr1;
- uint8_t cirrus_hidden_dac_lockindex;
- uint8_t cirrus_hidden_dac_data;
- uint32_t cirrus_bank_base[2];
- uint32_t cirrus_bank_limit[2];
- uint8_t cirrus_hidden_palette[48];
- uint32_t hw_cursor_x;
- uint32_t hw_cursor_y;
- int cirrus_blt_pixelwidth;
- int cirrus_blt_width;
- int cirrus_blt_height;
- int cirrus_blt_dstpitch;
- int cirrus_blt_srcpitch;
- uint32_t cirrus_blt_fgcol;
- uint32_t cirrus_blt_bgcol;
- uint32_t cirrus_blt_dstaddr;
- uint32_t cirrus_blt_srcaddr;
- uint8_t cirrus_blt_mode;
- uint8_t cirrus_blt_modeext;
- cirrus_bitblt_rop_t cirrus_rop;
-#define CIRRUS_BLTBUFSIZE (2048 * 4) /* one line width */
- uint8_t cirrus_bltbuf[CIRRUS_BLTBUFSIZE];
- uint8_t *cirrus_srcptr;
- uint8_t *cirrus_srcptr_end;
- uint32_t cirrus_srccounter;
- /* hwcursor display state */
- int last_hw_cursor_size;
- int last_hw_cursor_x;
- int last_hw_cursor_y;
- int last_hw_cursor_y_start;
- int last_hw_cursor_y_end;
- int real_vram_size; /* XXX: suppress that */
- int device_id;
- int bustype;
-} CirrusVGAState;
-
-typedef struct PCICirrusVGAState {
- PCIDevice dev;
- CirrusVGAState cirrus_vga;
-} PCICirrusVGAState;
-
-typedef struct ISACirrusVGAState {
- ISADevice dev;
- CirrusVGAState cirrus_vga;
-} ISACirrusVGAState;
-
-static uint8_t rop_to_index[256];
-
-/***************************************
- *
- * prototypes.
- *
- ***************************************/
-
-
-static void cirrus_bitblt_reset(CirrusVGAState *s);
-static void cirrus_update_memory_access(CirrusVGAState *s);
-
-/***************************************
- *
- * raster operations
- *
- ***************************************/
-
-static void cirrus_bitblt_rop_nop(CirrusVGAState *s,
- uint8_t *dst,const uint8_t *src,
- int dstpitch,int srcpitch,
- int bltwidth,int bltheight)
-{
-}
-
-static void cirrus_bitblt_fill_nop(CirrusVGAState *s,
- uint8_t *dst,
- int dstpitch, int bltwidth,int bltheight)
-{
-}
-
-#define ROP_NAME 0
-#define ROP_FN(d, s) 0
-#include "cirrus_vga_rop.h"
-
-#define ROP_NAME src_and_dst
-#define ROP_FN(d, s) (s) & (d)
-#include "cirrus_vga_rop.h"
-
-#define ROP_NAME src_and_notdst
-#define ROP_FN(d, s) (s) & (~(d))
-#include "cirrus_vga_rop.h"
-
-#define ROP_NAME notdst
-#define ROP_FN(d, s) ~(d)
-#include "cirrus_vga_rop.h"
-
-#define ROP_NAME src
-#define ROP_FN(d, s) s
-#include "cirrus_vga_rop.h"
-
-#define ROP_NAME 1
-#define ROP_FN(d, s) ~0
-#include "cirrus_vga_rop.h"
-
-#define ROP_NAME notsrc_and_dst
-#define ROP_FN(d, s) (~(s)) & (d)
-#include "cirrus_vga_rop.h"
-
-#define ROP_NAME src_xor_dst
-#define ROP_FN(d, s) (s) ^ (d)
-#include "cirrus_vga_rop.h"
-
-#define ROP_NAME src_or_dst
-#define ROP_FN(d, s) (s) | (d)
-#include "cirrus_vga_rop.h"
-
-#define ROP_NAME notsrc_or_notdst
-#define ROP_FN(d, s) (~(s)) | (~(d))
-#include "cirrus_vga_rop.h"
-
-#define ROP_NAME src_notxor_dst
-#define ROP_FN(d, s) ~((s) ^ (d))
-#include "cirrus_vga_rop.h"
-
-#define ROP_NAME src_or_notdst
-#define ROP_FN(d, s) (s) | (~(d))
-#include "cirrus_vga_rop.h"
-
-#define ROP_NAME notsrc
-#define ROP_FN(d, s) (~(s))
-#include "cirrus_vga_rop.h"
-
-#define ROP_NAME notsrc_or_dst
-#define ROP_FN(d, s) (~(s)) | (d)
-#include "cirrus_vga_rop.h"
-
-#define ROP_NAME notsrc_and_notdst
-#define ROP_FN(d, s) (~(s)) & (~(d))
-#include "cirrus_vga_rop.h"
-
-static const cirrus_bitblt_rop_t cirrus_fwd_rop[16] = {
- cirrus_bitblt_rop_fwd_0,
- cirrus_bitblt_rop_fwd_src_and_dst,
- cirrus_bitblt_rop_nop,
- cirrus_bitblt_rop_fwd_src_and_notdst,
- cirrus_bitblt_rop_fwd_notdst,
- cirrus_bitblt_rop_fwd_src,
- cirrus_bitblt_rop_fwd_1,
- cirrus_bitblt_rop_fwd_notsrc_and_dst,
- cirrus_bitblt_rop_fwd_src_xor_dst,
- cirrus_bitblt_rop_fwd_src_or_dst,
- cirrus_bitblt_rop_fwd_notsrc_or_notdst,
- cirrus_bitblt_rop_fwd_src_notxor_dst,
- cirrus_bitblt_rop_fwd_src_or_notdst,
- cirrus_bitblt_rop_fwd_notsrc,
- cirrus_bitblt_rop_fwd_notsrc_or_dst,
- cirrus_bitblt_rop_fwd_notsrc_and_notdst,
-};
-
-static const cirrus_bitblt_rop_t cirrus_bkwd_rop[16] = {
- cirrus_bitblt_rop_bkwd_0,
- cirrus_bitblt_rop_bkwd_src_and_dst,
- cirrus_bitblt_rop_nop,
- cirrus_bitblt_rop_bkwd_src_and_notdst,
- cirrus_bitblt_rop_bkwd_notdst,
- cirrus_bitblt_rop_bkwd_src,
- cirrus_bitblt_rop_bkwd_1,
- cirrus_bitblt_rop_bkwd_notsrc_and_dst,
- cirrus_bitblt_rop_bkwd_src_xor_dst,
- cirrus_bitblt_rop_bkwd_src_or_dst,
- cirrus_bitblt_rop_bkwd_notsrc_or_notdst,
- cirrus_bitblt_rop_bkwd_src_notxor_dst,
- cirrus_bitblt_rop_bkwd_src_or_notdst,
- cirrus_bitblt_rop_bkwd_notsrc,
- cirrus_bitblt_rop_bkwd_notsrc_or_dst,
- cirrus_bitblt_rop_bkwd_notsrc_and_notdst,
-};
-
-#define TRANSP_ROP(name) {\
- name ## _8,\
- name ## _16,\
- }
-#define TRANSP_NOP(func) {\
- func,\
- func,\
- }
-
-static const cirrus_bitblt_rop_t cirrus_fwd_transp_rop[16][2] = {
- TRANSP_ROP(cirrus_bitblt_rop_fwd_transp_0),
- TRANSP_ROP(cirrus_bitblt_rop_fwd_transp_src_and_dst),
- TRANSP_NOP(cirrus_bitblt_rop_nop),
- TRANSP_ROP(cirrus_bitblt_rop_fwd_transp_src_and_notdst),
- TRANSP_ROP(cirrus_bitblt_rop_fwd_transp_notdst),
- TRANSP_ROP(cirrus_bitblt_rop_fwd_transp_src),
- TRANSP_ROP(cirrus_bitblt_rop_fwd_transp_1),
- TRANSP_ROP(cirrus_bitblt_rop_fwd_transp_notsrc_and_dst),
- TRANSP_ROP(cirrus_bitblt_rop_fwd_transp_src_xor_dst),
- TRANSP_ROP(cirrus_bitblt_rop_fwd_transp_src_or_dst),
- TRANSP_ROP(cirrus_bitblt_rop_fwd_transp_notsrc_or_notdst),
- TRANSP_ROP(cirrus_bitblt_rop_fwd_transp_src_notxor_dst),
- TRANSP_ROP(cirrus_bitblt_rop_fwd_transp_src_or_notdst),
- TRANSP_ROP(cirrus_bitblt_rop_fwd_transp_notsrc),
- TRANSP_ROP(cirrus_bitblt_rop_fwd_transp_notsrc_or_dst),
- TRANSP_ROP(cirrus_bitblt_rop_fwd_transp_notsrc_and_notdst),
-};
-
-static const cirrus_bitblt_rop_t cirrus_bkwd_transp_rop[16][2] = {
- TRANSP_ROP(cirrus_bitblt_rop_bkwd_transp_0),
- TRANSP_ROP(cirrus_bitblt_rop_bkwd_transp_src_and_dst),
- TRANSP_NOP(cirrus_bitblt_rop_nop),
- TRANSP_ROP(cirrus_bitblt_rop_bkwd_transp_src_and_notdst),
- TRANSP_ROP(cirrus_bitblt_rop_bkwd_transp_notdst),
- TRANSP_ROP(cirrus_bitblt_rop_bkwd_transp_src),
- TRANSP_ROP(cirrus_bitblt_rop_bkwd_transp_1),
- TRANSP_ROP(cirrus_bitblt_rop_bkwd_transp_notsrc_and_dst),
- TRANSP_ROP(cirrus_bitblt_rop_bkwd_transp_src_xor_dst),
- TRANSP_ROP(cirrus_bitblt_rop_bkwd_transp_src_or_dst),
- TRANSP_ROP(cirrus_bitblt_rop_bkwd_transp_notsrc_or_notdst),
- TRANSP_ROP(cirrus_bitblt_rop_bkwd_transp_src_notxor_dst),
- TRANSP_ROP(cirrus_bitblt_rop_bkwd_transp_src_or_notdst),
- TRANSP_ROP(cirrus_bitblt_rop_bkwd_transp_notsrc),
- TRANSP_ROP(cirrus_bitblt_rop_bkwd_transp_notsrc_or_dst),
- TRANSP_ROP(cirrus_bitblt_rop_bkwd_transp_notsrc_and_notdst),
-};
-
-#define ROP2(name) {\
- name ## _8,\
- name ## _16,\
- name ## _24,\
- name ## _32,\
- }
-
-#define ROP_NOP2(func) {\
- func,\
- func,\
- func,\
- func,\
- }
-
-static const cirrus_bitblt_rop_t cirrus_patternfill[16][4] = {
- ROP2(cirrus_patternfill_0),
- ROP2(cirrus_patternfill_src_and_dst),
- ROP_NOP2(cirrus_bitblt_rop_nop),
- ROP2(cirrus_patternfill_src_and_notdst),
- ROP2(cirrus_patternfill_notdst),
- ROP2(cirrus_patternfill_src),
- ROP2(cirrus_patternfill_1),
- ROP2(cirrus_patternfill_notsrc_and_dst),
- ROP2(cirrus_patternfill_src_xor_dst),
- ROP2(cirrus_patternfill_src_or_dst),
- ROP2(cirrus_patternfill_notsrc_or_notdst),
- ROP2(cirrus_patternfill_src_notxor_dst),
- ROP2(cirrus_patternfill_src_or_notdst),
- ROP2(cirrus_patternfill_notsrc),
- ROP2(cirrus_patternfill_notsrc_or_dst),
- ROP2(cirrus_patternfill_notsrc_and_notdst),
-};
-
-static const cirrus_bitblt_rop_t cirrus_colorexpand_transp[16][4] = {
- ROP2(cirrus_colorexpand_transp_0),
- ROP2(cirrus_colorexpand_transp_src_and_dst),
- ROP_NOP2(cirrus_bitblt_rop_nop),
- ROP2(cirrus_colorexpand_transp_src_and_notdst),
- ROP2(cirrus_colorexpand_transp_notdst),
- ROP2(cirrus_colorexpand_transp_src),
- ROP2(cirrus_colorexpand_transp_1),
- ROP2(cirrus_colorexpand_transp_notsrc_and_dst),
- ROP2(cirrus_colorexpand_transp_src_xor_dst),
- ROP2(cirrus_colorexpand_transp_src_or_dst),
- ROP2(cirrus_colorexpand_transp_notsrc_or_notdst),
- ROP2(cirrus_colorexpand_transp_src_notxor_dst),
- ROP2(cirrus_colorexpand_transp_src_or_notdst),
- ROP2(cirrus_colorexpand_transp_notsrc),
- ROP2(cirrus_colorexpand_transp_notsrc_or_dst),
- ROP2(cirrus_colorexpand_transp_notsrc_and_notdst),
-};
-
-static const cirrus_bitblt_rop_t cirrus_colorexpand[16][4] = {
- ROP2(cirrus_colorexpand_0),
- ROP2(cirrus_colorexpand_src_and_dst),
- ROP_NOP2(cirrus_bitblt_rop_nop),
- ROP2(cirrus_colorexpand_src_and_notdst),
- ROP2(cirrus_colorexpand_notdst),
- ROP2(cirrus_colorexpand_src),
- ROP2(cirrus_colorexpand_1),
- ROP2(cirrus_colorexpand_notsrc_and_dst),
- ROP2(cirrus_colorexpand_src_xor_dst),
- ROP2(cirrus_colorexpand_src_or_dst),
- ROP2(cirrus_colorexpand_notsrc_or_notdst),
- ROP2(cirrus_colorexpand_src_notxor_dst),
- ROP2(cirrus_colorexpand_src_or_notdst),
- ROP2(cirrus_colorexpand_notsrc),
- ROP2(cirrus_colorexpand_notsrc_or_dst),
- ROP2(cirrus_colorexpand_notsrc_and_notdst),
-};
-
-static const cirrus_bitblt_rop_t cirrus_colorexpand_pattern_transp[16][4] = {
- ROP2(cirrus_colorexpand_pattern_transp_0),
- ROP2(cirrus_colorexpand_pattern_transp_src_and_dst),
- ROP_NOP2(cirrus_bitblt_rop_nop),
- ROP2(cirrus_colorexpand_pattern_transp_src_and_notdst),
- ROP2(cirrus_colorexpand_pattern_transp_notdst),
- ROP2(cirrus_colorexpand_pattern_transp_src),
- ROP2(cirrus_colorexpand_pattern_transp_1),
- ROP2(cirrus_colorexpand_pattern_transp_notsrc_and_dst),
- ROP2(cirrus_colorexpand_pattern_transp_src_xor_dst),
- ROP2(cirrus_colorexpand_pattern_transp_src_or_dst),
- ROP2(cirrus_colorexpand_pattern_transp_notsrc_or_notdst),
- ROP2(cirrus_colorexpand_pattern_transp_src_notxor_dst),
- ROP2(cirrus_colorexpand_pattern_transp_src_or_notdst),
- ROP2(cirrus_colorexpand_pattern_transp_notsrc),
- ROP2(cirrus_colorexpand_pattern_transp_notsrc_or_dst),
- ROP2(cirrus_colorexpand_pattern_transp_notsrc_and_notdst),
-};
-
-static const cirrus_bitblt_rop_t cirrus_colorexpand_pattern[16][4] = {
- ROP2(cirrus_colorexpand_pattern_0),
- ROP2(cirrus_colorexpand_pattern_src_and_dst),
- ROP_NOP2(cirrus_bitblt_rop_nop),
- ROP2(cirrus_colorexpand_pattern_src_and_notdst),
- ROP2(cirrus_colorexpand_pattern_notdst),
- ROP2(cirrus_colorexpand_pattern_src),
- ROP2(cirrus_colorexpand_pattern_1),
- ROP2(cirrus_colorexpand_pattern_notsrc_and_dst),
- ROP2(cirrus_colorexpand_pattern_src_xor_dst),
- ROP2(cirrus_colorexpand_pattern_src_or_dst),
- ROP2(cirrus_colorexpand_pattern_notsrc_or_notdst),
- ROP2(cirrus_colorexpand_pattern_src_notxor_dst),
- ROP2(cirrus_colorexpand_pattern_src_or_notdst),
- ROP2(cirrus_colorexpand_pattern_notsrc),
- ROP2(cirrus_colorexpand_pattern_notsrc_or_dst),
- ROP2(cirrus_colorexpand_pattern_notsrc_and_notdst),
-};
-
-static const cirrus_fill_t cirrus_fill[16][4] = {
- ROP2(cirrus_fill_0),
- ROP2(cirrus_fill_src_and_dst),
- ROP_NOP2(cirrus_bitblt_fill_nop),
- ROP2(cirrus_fill_src_and_notdst),
- ROP2(cirrus_fill_notdst),
- ROP2(cirrus_fill_src),
- ROP2(cirrus_fill_1),
- ROP2(cirrus_fill_notsrc_and_dst),
- ROP2(cirrus_fill_src_xor_dst),
- ROP2(cirrus_fill_src_or_dst),
- ROP2(cirrus_fill_notsrc_or_notdst),
- ROP2(cirrus_fill_src_notxor_dst),
- ROP2(cirrus_fill_src_or_notdst),
- ROP2(cirrus_fill_notsrc),
- ROP2(cirrus_fill_notsrc_or_dst),
- ROP2(cirrus_fill_notsrc_and_notdst),
-};
-
-static inline void cirrus_bitblt_fgcol(CirrusVGAState *s)
-{
- unsigned int color;
- switch (s->cirrus_blt_pixelwidth) {
- case 1:
- s->cirrus_blt_fgcol = s->cirrus_shadow_gr1;
- break;
- case 2:
- color = s->cirrus_shadow_gr1 | (s->vga.gr[0x11] << 8);
- s->cirrus_blt_fgcol = le16_to_cpu(color);
- break;
- case 3:
- s->cirrus_blt_fgcol = s->cirrus_shadow_gr1 |
- (s->vga.gr[0x11] << 8) | (s->vga.gr[0x13] << 16);
- break;
- default:
- case 4:
- color = s->cirrus_shadow_gr1 | (s->vga.gr[0x11] << 8) |
- (s->vga.gr[0x13] << 16) | (s->vga.gr[0x15] << 24);
- s->cirrus_blt_fgcol = le32_to_cpu(color);
- break;
- }
-}
-
-static inline void cirrus_bitblt_bgcol(CirrusVGAState *s)
-{
- unsigned int color;
- switch (s->cirrus_blt_pixelwidth) {
- case 1:
- s->cirrus_blt_bgcol = s->cirrus_shadow_gr0;
- break;
- case 2:
- color = s->cirrus_shadow_gr0 | (s->vga.gr[0x10] << 8);
- s->cirrus_blt_bgcol = le16_to_cpu(color);
- break;
- case 3:
- s->cirrus_blt_bgcol = s->cirrus_shadow_gr0 |
- (s->vga.gr[0x10] << 8) | (s->vga.gr[0x12] << 16);
- break;
- default:
- case 4:
- color = s->cirrus_shadow_gr0 | (s->vga.gr[0x10] << 8) |
- (s->vga.gr[0x12] << 16) | (s->vga.gr[0x14] << 24);
- s->cirrus_blt_bgcol = le32_to_cpu(color);
- break;
- }
-}
-
-static void cirrus_invalidate_region(CirrusVGAState * s, int off_begin,
- int off_pitch, int bytesperline,
- int lines)
-{
- int y;
- int off_cur;
- int off_cur_end;
-
- for (y = 0; y < lines; y++) {
- off_cur = off_begin;
- off_cur_end = (off_cur + bytesperline) & s->cirrus_addr_mask;
- memory_region_set_dirty(&s->vga.vram, off_cur, off_cur_end - off_cur);
- off_begin += off_pitch;
- }
-}
-
-static int cirrus_bitblt_common_patterncopy(CirrusVGAState * s,
- const uint8_t * src)
-{
- uint8_t *dst;
-
- dst = s->vga.vram_ptr + (s->cirrus_blt_dstaddr & s->cirrus_addr_mask);
-
- if (BLTUNSAFE(s))
- return 0;
-
- (*s->cirrus_rop) (s, dst, src,
- s->cirrus_blt_dstpitch, 0,
- s->cirrus_blt_width, s->cirrus_blt_height);
- cirrus_invalidate_region(s, s->cirrus_blt_dstaddr,
- s->cirrus_blt_dstpitch, s->cirrus_blt_width,
- s->cirrus_blt_height);
- return 1;
-}
-
-/* fill */
-
-static int cirrus_bitblt_solidfill(CirrusVGAState *s, int blt_rop)
-{
- cirrus_fill_t rop_func;
-
- if (BLTUNSAFE(s))
- return 0;
- rop_func = cirrus_fill[rop_to_index[blt_rop]][s->cirrus_blt_pixelwidth - 1];
- rop_func(s, s->vga.vram_ptr + (s->cirrus_blt_dstaddr & s->cirrus_addr_mask),
- s->cirrus_blt_dstpitch,
- s->cirrus_blt_width, s->cirrus_blt_height);
- cirrus_invalidate_region(s, s->cirrus_blt_dstaddr,
- s->cirrus_blt_dstpitch, s->cirrus_blt_width,
- s->cirrus_blt_height);
- cirrus_bitblt_reset(s);
- return 1;
-}
-
-/***************************************
- *
- * bitblt (video-to-video)
- *
- ***************************************/
-
-static int cirrus_bitblt_videotovideo_patterncopy(CirrusVGAState * s)
-{
- return cirrus_bitblt_common_patterncopy(s,
- s->vga.vram_ptr + ((s->cirrus_blt_srcaddr & ~7) &
- s->cirrus_addr_mask));
-}
-
-static void cirrus_do_copy(CirrusVGAState *s, int dst, int src, int w, int h)
-{
- int sx = 0, sy = 0;
- int dx = 0, dy = 0;
- int depth = 0;
- int notify = 0;
-
- /* make sure to only copy if it's a plain copy ROP */
- if (*s->cirrus_rop == cirrus_bitblt_rop_fwd_src ||
- *s->cirrus_rop == cirrus_bitblt_rop_bkwd_src) {
-
- int width, height;
-
- depth = s->vga.get_bpp(&s->vga) / 8;
- s->vga.get_resolution(&s->vga, &width, &height);
-
- /* extra x, y */
- sx = (src % ABS(s->cirrus_blt_srcpitch)) / depth;
- sy = (src / ABS(s->cirrus_blt_srcpitch));
- dx = (dst % ABS(s->cirrus_blt_dstpitch)) / depth;
- dy = (dst / ABS(s->cirrus_blt_dstpitch));
-
- /* normalize width */
- w /= depth;
-
- /* if we're doing a backward copy, we have to adjust
- our x/y to be the upper left corner (instead of the lower
- right corner) */
- if (s->cirrus_blt_dstpitch < 0) {
- sx -= (s->cirrus_blt_width / depth) - 1;
- dx -= (s->cirrus_blt_width / depth) - 1;
- sy -= s->cirrus_blt_height - 1;
- dy -= s->cirrus_blt_height - 1;
- }
-
- /* are we in the visible portion of memory? */
- if (sx >= 0 && sy >= 0 && dx >= 0 && dy >= 0 &&
- (sx + w) <= width && (sy + h) <= height &&
- (dx + w) <= width && (dy + h) <= height) {
- notify = 1;
- }
- }
-
- /* we have to flush all pending changes so that the copy
- is generated at the appropriate moment in time */
- if (notify)
- vga_hw_update();
-
- (*s->cirrus_rop) (s, s->vga.vram_ptr +
- (s->cirrus_blt_dstaddr & s->cirrus_addr_mask),
- s->vga.vram_ptr +
- (s->cirrus_blt_srcaddr & s->cirrus_addr_mask),
- s->cirrus_blt_dstpitch, s->cirrus_blt_srcpitch,
- s->cirrus_blt_width, s->cirrus_blt_height);
-
- if (notify)
- qemu_console_copy(s->vga.ds,
- sx, sy, dx, dy,
- s->cirrus_blt_width / depth,
- s->cirrus_blt_height);
-
- /* we don't have to notify the display that this portion has
- changed since qemu_console_copy implies this */
-
- cirrus_invalidate_region(s, s->cirrus_blt_dstaddr,
- s->cirrus_blt_dstpitch, s->cirrus_blt_width,
- s->cirrus_blt_height);
-}
-
-static int cirrus_bitblt_videotovideo_copy(CirrusVGAState * s)
-{
- if (BLTUNSAFE(s))
- return 0;
-
- cirrus_do_copy(s, s->cirrus_blt_dstaddr - s->vga.start_addr,
- s->cirrus_blt_srcaddr - s->vga.start_addr,
- s->cirrus_blt_width, s->cirrus_blt_height);
-
- return 1;
-}
-
-/***************************************
- *
- * bitblt (cpu-to-video)
- *
- ***************************************/
-
-static void cirrus_bitblt_cputovideo_next(CirrusVGAState * s)
-{
- int copy_count;
- uint8_t *end_ptr;
-
- if (s->cirrus_srccounter > 0) {
- if (s->cirrus_blt_mode & CIRRUS_BLTMODE_PATTERNCOPY) {
- cirrus_bitblt_common_patterncopy(s, s->cirrus_bltbuf);
- the_end:
- s->cirrus_srccounter = 0;
- cirrus_bitblt_reset(s);
- } else {
- /* at least one scan line */
- do {
- (*s->cirrus_rop)(s, s->vga.vram_ptr +
- (s->cirrus_blt_dstaddr & s->cirrus_addr_mask),
- s->cirrus_bltbuf, 0, 0, s->cirrus_blt_width, 1);
- cirrus_invalidate_region(s, s->cirrus_blt_dstaddr, 0,
- s->cirrus_blt_width, 1);
- s->cirrus_blt_dstaddr += s->cirrus_blt_dstpitch;
- s->cirrus_srccounter -= s->cirrus_blt_srcpitch;
- if (s->cirrus_srccounter <= 0)
- goto the_end;
- /* more bytes than needed can be transferred because of
- word alignment, so we keep them for the next line */
- /* XXX: keep alignment to speed up transfer */
- end_ptr = s->cirrus_bltbuf + s->cirrus_blt_srcpitch;
- copy_count = s->cirrus_srcptr_end - end_ptr;
- memmove(s->cirrus_bltbuf, end_ptr, copy_count);
- s->cirrus_srcptr = s->cirrus_bltbuf + copy_count;
- s->cirrus_srcptr_end = s->cirrus_bltbuf + s->cirrus_blt_srcpitch;
- } while (s->cirrus_srcptr >= s->cirrus_srcptr_end);
- }
- }
-}
-
-/***************************************
- *
- * bitblt wrapper
- *
- ***************************************/
-
-static void cirrus_bitblt_reset(CirrusVGAState * s)
-{
- int need_update;
-
- s->vga.gr[0x31] &=
- ~(CIRRUS_BLT_START | CIRRUS_BLT_BUSY | CIRRUS_BLT_FIFOUSED);
- need_update = s->cirrus_srcptr != &s->cirrus_bltbuf[0]
- || s->cirrus_srcptr_end != &s->cirrus_bltbuf[0];
- s->cirrus_srcptr = &s->cirrus_bltbuf[0];
- s->cirrus_srcptr_end = &s->cirrus_bltbuf[0];
- s->cirrus_srccounter = 0;
- if (!need_update)
- return;
- cirrus_update_memory_access(s);
-}
-
-static int cirrus_bitblt_cputovideo(CirrusVGAState * s)
-{
- int w;
-
- s->cirrus_blt_mode &= ~CIRRUS_BLTMODE_MEMSYSSRC;
- s->cirrus_srcptr = &s->cirrus_bltbuf[0];
- s->cirrus_srcptr_end = &s->cirrus_bltbuf[0];
-
- if (s->cirrus_blt_mode & CIRRUS_BLTMODE_PATTERNCOPY) {
- if (s->cirrus_blt_mode & CIRRUS_BLTMODE_COLOREXPAND) {
- s->cirrus_blt_srcpitch = 8;
- } else {
- /* XXX: check for 24 bpp */
- s->cirrus_blt_srcpitch = 8 * 8 * s->cirrus_blt_pixelwidth;
- }
- s->cirrus_srccounter = s->cirrus_blt_srcpitch;
- } else {
- if (s->cirrus_blt_mode & CIRRUS_BLTMODE_COLOREXPAND) {
- w = s->cirrus_blt_width / s->cirrus_blt_pixelwidth;
- if (s->cirrus_blt_modeext & CIRRUS_BLTMODEEXT_DWORDGRANULARITY)
- s->cirrus_blt_srcpitch = ((w + 31) >> 5);
- else
- s->cirrus_blt_srcpitch = ((w + 7) >> 3);
- } else {
- /* always align input size to 32 bits */
- s->cirrus_blt_srcpitch = (s->cirrus_blt_width + 3) & ~3;
- }
- s->cirrus_srccounter = s->cirrus_blt_srcpitch * s->cirrus_blt_height;
- }
- s->cirrus_srcptr = s->cirrus_bltbuf;
- s->cirrus_srcptr_end = s->cirrus_bltbuf + s->cirrus_blt_srcpitch;
- cirrus_update_memory_access(s);
- return 1;
-}
-
-static int cirrus_bitblt_videotocpu(CirrusVGAState * s)
-{
- /* XXX */
-#ifdef DEBUG_BITBLT
- printf("cirrus: bitblt (video to cpu) is not implemented yet\n");
-#endif
- return 0;
-}
-
-static int cirrus_bitblt_videotovideo(CirrusVGAState * s)
-{
- int ret;
-
- if (s->cirrus_blt_mode & CIRRUS_BLTMODE_PATTERNCOPY) {
- ret = cirrus_bitblt_videotovideo_patterncopy(s);
- } else {
- ret = cirrus_bitblt_videotovideo_copy(s);
- }
- if (ret)
- cirrus_bitblt_reset(s);
- return ret;
-}
-
-static void cirrus_bitblt_start(CirrusVGAState * s)
-{
- uint8_t blt_rop;
-
- s->vga.gr[0x31] |= CIRRUS_BLT_BUSY;
-
- s->cirrus_blt_width = (s->vga.gr[0x20] | (s->vga.gr[0x21] << 8)) + 1;
- s->cirrus_blt_height = (s->vga.gr[0x22] | (s->vga.gr[0x23] << 8)) + 1;
- s->cirrus_blt_dstpitch = (s->vga.gr[0x24] | (s->vga.gr[0x25] << 8));
- s->cirrus_blt_srcpitch = (s->vga.gr[0x26] | (s->vga.gr[0x27] << 8));
- s->cirrus_blt_dstaddr =
- (s->vga.gr[0x28] | (s->vga.gr[0x29] << 8) | (s->vga.gr[0x2a] << 16));
- s->cirrus_blt_srcaddr =
- (s->vga.gr[0x2c] | (s->vga.gr[0x2d] << 8) | (s->vga.gr[0x2e] << 16));
- s->cirrus_blt_mode = s->vga.gr[0x30];
- s->cirrus_blt_modeext = s->vga.gr[0x33];
- blt_rop = s->vga.gr[0x32];
-
-#ifdef DEBUG_BITBLT
- printf("rop=0x%02x mode=0x%02x modeext=0x%02x w=%d h=%d dpitch=%d spitch=%d daddr=0x%08x saddr=0x%08x writemask=0x%02x\n",
- blt_rop,
- s->cirrus_blt_mode,
- s->cirrus_blt_modeext,
- s->cirrus_blt_width,
- s->cirrus_blt_height,
- s->cirrus_blt_dstpitch,
- s->cirrus_blt_srcpitch,
- s->cirrus_blt_dstaddr,
- s->cirrus_blt_srcaddr,
- s->vga.gr[0x2f]);
-#endif
-
- switch (s->cirrus_blt_mode & CIRRUS_BLTMODE_PIXELWIDTHMASK) {
- case CIRRUS_BLTMODE_PIXELWIDTH8:
- s->cirrus_blt_pixelwidth = 1;
- break;
- case CIRRUS_BLTMODE_PIXELWIDTH16:
- s->cirrus_blt_pixelwidth = 2;
- break;
- case CIRRUS_BLTMODE_PIXELWIDTH24:
- s->cirrus_blt_pixelwidth = 3;
- break;
- case CIRRUS_BLTMODE_PIXELWIDTH32:
- s->cirrus_blt_pixelwidth = 4;
- break;
- default:
-#ifdef DEBUG_BITBLT
- printf("cirrus: bitblt - pixel width is unknown\n");
-#endif
- goto bitblt_ignore;
- }
- s->cirrus_blt_mode &= ~CIRRUS_BLTMODE_PIXELWIDTHMASK;
-
- if ((s->
- cirrus_blt_mode & (CIRRUS_BLTMODE_MEMSYSSRC |
- CIRRUS_BLTMODE_MEMSYSDEST))
- == (CIRRUS_BLTMODE_MEMSYSSRC | CIRRUS_BLTMODE_MEMSYSDEST)) {
-#ifdef DEBUG_BITBLT
- printf("cirrus: bitblt - memory-to-memory copy is requested\n");
-#endif
- goto bitblt_ignore;
- }
-
- if ((s->cirrus_blt_modeext & CIRRUS_BLTMODEEXT_SOLIDFILL) &&
- (s->cirrus_blt_mode & (CIRRUS_BLTMODE_MEMSYSDEST |
- CIRRUS_BLTMODE_TRANSPARENTCOMP |
- CIRRUS_BLTMODE_PATTERNCOPY |
- CIRRUS_BLTMODE_COLOREXPAND)) ==
- (CIRRUS_BLTMODE_PATTERNCOPY | CIRRUS_BLTMODE_COLOREXPAND)) {
- cirrus_bitblt_fgcol(s);
- cirrus_bitblt_solidfill(s, blt_rop);
- } else {
- if ((s->cirrus_blt_mode & (CIRRUS_BLTMODE_COLOREXPAND |
- CIRRUS_BLTMODE_PATTERNCOPY)) ==
- CIRRUS_BLTMODE_COLOREXPAND) {
-
- if (s->cirrus_blt_mode & CIRRUS_BLTMODE_TRANSPARENTCOMP) {
- if (s->cirrus_blt_modeext & CIRRUS_BLTMODEEXT_COLOREXPINV)
- cirrus_bitblt_bgcol(s);
- else
- cirrus_bitblt_fgcol(s);
- s->cirrus_rop = cirrus_colorexpand_transp[rop_to_index[blt_rop]][s->cirrus_blt_pixelwidth - 1];
- } else {
- cirrus_bitblt_fgcol(s);
- cirrus_bitblt_bgcol(s);
- s->cirrus_rop = cirrus_colorexpand[rop_to_index[blt_rop]][s->cirrus_blt_pixelwidth - 1];
- }
- } else if (s->cirrus_blt_mode & CIRRUS_BLTMODE_PATTERNCOPY) {
- if (s->cirrus_blt_mode & CIRRUS_BLTMODE_COLOREXPAND) {
- if (s->cirrus_blt_mode & CIRRUS_BLTMODE_TRANSPARENTCOMP) {
- if (s->cirrus_blt_modeext & CIRRUS_BLTMODEEXT_COLOREXPINV)
- cirrus_bitblt_bgcol(s);
- else
- cirrus_bitblt_fgcol(s);
- s->cirrus_rop = cirrus_colorexpand_pattern_transp[rop_to_index[blt_rop]][s->cirrus_blt_pixelwidth - 1];
- } else {
- cirrus_bitblt_fgcol(s);
- cirrus_bitblt_bgcol(s);
- s->cirrus_rop = cirrus_colorexpand_pattern[rop_to_index[blt_rop]][s->cirrus_blt_pixelwidth - 1];
- }
- } else {
- s->cirrus_rop = cirrus_patternfill[rop_to_index[blt_rop]][s->cirrus_blt_pixelwidth - 1];
- }
- } else {
- if (s->cirrus_blt_mode & CIRRUS_BLTMODE_TRANSPARENTCOMP) {
- if (s->cirrus_blt_pixelwidth > 2) {
- printf("src transparent without colorexpand must be 8bpp or 16bpp\n");
- goto bitblt_ignore;
- }
- if (s->cirrus_blt_mode & CIRRUS_BLTMODE_BACKWARDS) {
- s->cirrus_blt_dstpitch = -s->cirrus_blt_dstpitch;
- s->cirrus_blt_srcpitch = -s->cirrus_blt_srcpitch;
- s->cirrus_rop = cirrus_bkwd_transp_rop[rop_to_index[blt_rop]][s->cirrus_blt_pixelwidth - 1];
- } else {
- s->cirrus_rop = cirrus_fwd_transp_rop[rop_to_index[blt_rop]][s->cirrus_blt_pixelwidth - 1];
- }
- } else {
- if (s->cirrus_blt_mode & CIRRUS_BLTMODE_BACKWARDS) {
- s->cirrus_blt_dstpitch = -s->cirrus_blt_dstpitch;
- s->cirrus_blt_srcpitch = -s->cirrus_blt_srcpitch;
- s->cirrus_rop = cirrus_bkwd_rop[rop_to_index[blt_rop]];
- } else {
- s->cirrus_rop = cirrus_fwd_rop[rop_to_index[blt_rop]];
- }
- }
- }
- // setup bitblt engine.
- if (s->cirrus_blt_mode & CIRRUS_BLTMODE_MEMSYSSRC) {
- if (!cirrus_bitblt_cputovideo(s))
- goto bitblt_ignore;
- } else if (s->cirrus_blt_mode & CIRRUS_BLTMODE_MEMSYSDEST) {
- if (!cirrus_bitblt_videotocpu(s))
- goto bitblt_ignore;
- } else {
- if (!cirrus_bitblt_videotovideo(s))
- goto bitblt_ignore;
- }
- }
- return;
- bitblt_ignore:;
- cirrus_bitblt_reset(s);
-}
-
-static void cirrus_write_bitblt(CirrusVGAState * s, unsigned reg_value)
-{
- unsigned old_value;
-
- old_value = s->vga.gr[0x31];
- s->vga.gr[0x31] = reg_value;
-
- if (((old_value & CIRRUS_BLT_RESET) != 0) &&
- ((reg_value & CIRRUS_BLT_RESET) == 0)) {
- cirrus_bitblt_reset(s);
- } else if (((old_value & CIRRUS_BLT_START) == 0) &&
- ((reg_value & CIRRUS_BLT_START) != 0)) {
- cirrus_bitblt_start(s);
- }
-}
-
-
-/***************************************
- *
- * basic parameters
- *
- ***************************************/
-
-static void cirrus_get_offsets(VGACommonState *s1,
- uint32_t *pline_offset,
- uint32_t *pstart_addr,
- uint32_t *pline_compare)
-{
- CirrusVGAState * s = container_of(s1, CirrusVGAState, vga);
- uint32_t start_addr, line_offset, line_compare;
-
- line_offset = s->vga.cr[0x13]
- | ((s->vga.cr[0x1b] & 0x10) << 4);
- line_offset <<= 3;
- *pline_offset = line_offset;
-
- start_addr = (s->vga.cr[0x0c] << 8)
- | s->vga.cr[0x0d]
- | ((s->vga.cr[0x1b] & 0x01) << 16)
- | ((s->vga.cr[0x1b] & 0x0c) << 15)
- | ((s->vga.cr[0x1d] & 0x80) << 12);
- *pstart_addr = start_addr;
-
- line_compare = s->vga.cr[0x18] |
- ((s->vga.cr[0x07] & 0x10) << 4) |
- ((s->vga.cr[0x09] & 0x40) << 3);
- *pline_compare = line_compare;
-}
-
-static uint32_t cirrus_get_bpp16_depth(CirrusVGAState * s)
-{
- uint32_t ret = 16;
-
- switch (s->cirrus_hidden_dac_data & 0xf) {
- case 0:
- ret = 15;
- break; /* Sierra HiColor */
- case 1:
- ret = 16;
- break; /* XGA HiColor */
- default:
-#ifdef DEBUG_CIRRUS
- printf("cirrus: invalid DAC value %x in 16bpp\n",
- (s->cirrus_hidden_dac_data & 0xf));
-#endif
- ret = 15; /* XXX */
- break;
- }
- return ret;
-}
-
-static int cirrus_get_bpp(VGACommonState *s1)
-{
- CirrusVGAState * s = container_of(s1, CirrusVGAState, vga);
- uint32_t ret = 8;
-
- if ((s->vga.sr[0x07] & 0x01) != 0) {
- /* Cirrus SVGA */
- switch (s->vga.sr[0x07] & CIRRUS_SR7_BPP_MASK) {
- case CIRRUS_SR7_BPP_8:
- ret = 8;
- break;
- case CIRRUS_SR7_BPP_16_DOUBLEVCLK:
- ret = cirrus_get_bpp16_depth(s);
- break;
- case CIRRUS_SR7_BPP_24:
- ret = 24;
- break;
- case CIRRUS_SR7_BPP_16:
- ret = cirrus_get_bpp16_depth(s);
- break;
- case CIRRUS_SR7_BPP_32:
- ret = 32;
- break;
- default:
-#ifdef DEBUG_CIRRUS
- printf("cirrus: unknown bpp - sr7=%x\n", s->vga.sr[0x7]);
-#endif
- ret = 8;
- break;
- }
- } else {
- /* VGA */
- ret = 0;
- }
-
- return ret;
-}
-
-static void cirrus_get_resolution(VGACommonState *s, int *pwidth, int *pheight)
-{
- int width, height;
-
- width = (s->cr[0x01] + 1) * 8;
- height = s->cr[0x12] |
- ((s->cr[0x07] & 0x02) << 7) |
- ((s->cr[0x07] & 0x40) << 3);
- height = (height + 1);
- /* interlace support */
- if (s->cr[0x1a] & 0x01)
- height = height * 2;
- *pwidth = width;
- *pheight = height;
-}
-
-/***************************************
- *
- * bank memory
- *
- ***************************************/
-
-static void cirrus_update_bank_ptr(CirrusVGAState * s, unsigned bank_index)
-{
- unsigned offset;
- unsigned limit;
-
- if ((s->vga.gr[0x0b] & 0x01) != 0) /* dual bank */
- offset = s->vga.gr[0x09 + bank_index];
- else /* single bank */
- offset = s->vga.gr[0x09];
-
- if ((s->vga.gr[0x0b] & 0x20) != 0)
- offset <<= 14;
- else
- offset <<= 12;
-
- if (s->real_vram_size <= offset)
- limit = 0;
- else
- limit = s->real_vram_size - offset;
-
- if (((s->vga.gr[0x0b] & 0x01) == 0) && (bank_index != 0)) {
- if (limit > 0x8000) {
- offset += 0x8000;
- limit -= 0x8000;
- } else {
- limit = 0;
- }
- }
-
- if (limit > 0) {
- s->cirrus_bank_base[bank_index] = offset;
- s->cirrus_bank_limit[bank_index] = limit;
- } else {
- s->cirrus_bank_base[bank_index] = 0;
- s->cirrus_bank_limit[bank_index] = 0;
- }
-}
-
-/***************************************
- *
- * I/O access between 0x3c4-0x3c5
- *
- ***************************************/
-
-static int cirrus_vga_read_sr(CirrusVGAState * s)
-{
- switch (s->vga.sr_index) {
- case 0x00: // Standard VGA
- case 0x01: // Standard VGA
- case 0x02: // Standard VGA
- case 0x03: // Standard VGA
- case 0x04: // Standard VGA
- return s->vga.sr[s->vga.sr_index];
- case 0x06: // Unlock Cirrus extensions
- return s->vga.sr[s->vga.sr_index];
- case 0x10:
- case 0x30:
- case 0x50:
- case 0x70: // Graphics Cursor X
- case 0x90:
- case 0xb0:
- case 0xd0:
- case 0xf0: // Graphics Cursor X
- return s->vga.sr[0x10];
- case 0x11:
- case 0x31:
- case 0x51:
- case 0x71: // Graphics Cursor Y
- case 0x91:
- case 0xb1:
- case 0xd1:
- case 0xf1: // Graphics Cursor Y
- return s->vga.sr[0x11];
- case 0x05: // ???
- case 0x07: // Extended Sequencer Mode
- case 0x08: // EEPROM Control
- case 0x09: // Scratch Register 0
- case 0x0a: // Scratch Register 1
- case 0x0b: // VCLK 0
- case 0x0c: // VCLK 1
- case 0x0d: // VCLK 2
- case 0x0e: // VCLK 3
- case 0x0f: // DRAM Control
- case 0x12: // Graphics Cursor Attribute
- case 0x13: // Graphics Cursor Pattern Address
- case 0x14: // Scratch Register 2
- case 0x15: // Scratch Register 3
- case 0x16: // Performance Tuning Register
- case 0x17: // Configuration Readback and Extended Control
- case 0x18: // Signature Generator Control
- case 0x19: // Signal Generator Result
- case 0x1a: // Signal Generator Result
- case 0x1b: // VCLK 0 Denominator & Post
- case 0x1c: // VCLK 1 Denominator & Post
- case 0x1d: // VCLK 2 Denominator & Post
- case 0x1e: // VCLK 3 Denominator & Post
- case 0x1f: // BIOS Write Enable and MCLK select
-#ifdef DEBUG_CIRRUS
- printf("cirrus: handled inport sr_index %02x\n", s->vga.sr_index);
-#endif
- return s->vga.sr[s->vga.sr_index];
- default:
-#ifdef DEBUG_CIRRUS
- printf("cirrus: inport sr_index %02x\n", s->vga.sr_index);
-#endif
- return 0xff;
- break;
- }
-}
-
-static void cirrus_vga_write_sr(CirrusVGAState * s, uint32_t val)
-{
- switch (s->vga.sr_index) {
- case 0x00: // Standard VGA
- case 0x01: // Standard VGA
- case 0x02: // Standard VGA
- case 0x03: // Standard VGA
- case 0x04: // Standard VGA
- s->vga.sr[s->vga.sr_index] = val & sr_mask[s->vga.sr_index];
- if (s->vga.sr_index == 1)
- s->vga.update_retrace_info(&s->vga);
- break;
- case 0x06: // Unlock Cirrus extensions
- val &= 0x17;
- if (val == 0x12) {
- s->vga.sr[s->vga.sr_index] = 0x12;
- } else {
- s->vga.sr[s->vga.sr_index] = 0x0f;
- }
- break;
- case 0x10:
- case 0x30:
- case 0x50:
- case 0x70: // Graphics Cursor X
- case 0x90:
- case 0xb0:
- case 0xd0:
- case 0xf0: // Graphics Cursor X
- s->vga.sr[0x10] = val;
- s->hw_cursor_x = (val << 3) | (s->vga.sr_index >> 5);
- break;
- case 0x11:
- case 0x31:
- case 0x51:
- case 0x71: // Graphics Cursor Y
- case 0x91:
- case 0xb1:
- case 0xd1:
- case 0xf1: // Graphics Cursor Y
- s->vga.sr[0x11] = val;
- s->hw_cursor_y = (val << 3) | (s->vga.sr_index >> 5);
- break;
- case 0x07: // Extended Sequencer Mode
- cirrus_update_memory_access(s);
- case 0x08: // EEPROM Control
- case 0x09: // Scratch Register 0
- case 0x0a: // Scratch Register 1
- case 0x0b: // VCLK 0
- case 0x0c: // VCLK 1
- case 0x0d: // VCLK 2
- case 0x0e: // VCLK 3
- case 0x0f: // DRAM Control
- case 0x12: // Graphics Cursor Attribute
- case 0x13: // Graphics Cursor Pattern Address
- case 0x14: // Scratch Register 2
- case 0x15: // Scratch Register 3
- case 0x16: // Performance Tuning Register
- case 0x18: // Signature Generator Control
- case 0x19: // Signature Generator Result
- case 0x1a: // Signature Generator Result
- case 0x1b: // VCLK 0 Denominator & Post
- case 0x1c: // VCLK 1 Denominator & Post
- case 0x1d: // VCLK 2 Denominator & Post
- case 0x1e: // VCLK 3 Denominator & Post
- case 0x1f: // BIOS Write Enable and MCLK select
- s->vga.sr[s->vga.sr_index] = val;
-#ifdef DEBUG_CIRRUS
- printf("cirrus: handled outport sr_index %02x, sr_value %02x\n",
- s->vga.sr_index, val);
-#endif
- break;
- case 0x17: // Configuration Readback and Extended Control
- s->vga.sr[s->vga.sr_index] = (s->vga.sr[s->vga.sr_index] & 0x38)
- | (val & 0xc7);
- cirrus_update_memory_access(s);
- break;
- default:
-#ifdef DEBUG_CIRRUS
- printf("cirrus: outport sr_index %02x, sr_value %02x\n",
- s->vga.sr_index, val);
-#endif
- break;
- }
-}
-
-/***************************************
- *
- * I/O access at 0x3c6
- *
- ***************************************/
-
-static int cirrus_read_hidden_dac(CirrusVGAState * s)
-{
- if (++s->cirrus_hidden_dac_lockindex == 5) {
- s->cirrus_hidden_dac_lockindex = 0;
- return s->cirrus_hidden_dac_data;
- }
- return 0xff;
-}
-
-static void cirrus_write_hidden_dac(CirrusVGAState * s, int reg_value)
-{
- if (s->cirrus_hidden_dac_lockindex == 4) {
- s->cirrus_hidden_dac_data = reg_value;
-#if defined(DEBUG_CIRRUS)
- printf("cirrus: outport hidden DAC, value %02x\n", reg_value);
-#endif
- }
- s->cirrus_hidden_dac_lockindex = 0;
-}
-
-/***************************************
- *
- * I/O access at 0x3c9
- *
- ***************************************/
-
-static int cirrus_vga_read_palette(CirrusVGAState * s)
-{
- int val;
-
- if ((s->vga.sr[0x12] & CIRRUS_CURSOR_HIDDENPEL)) {
- val = s->cirrus_hidden_palette[(s->vga.dac_read_index & 0x0f) * 3 +
- s->vga.dac_sub_index];
- } else {
- val = s->vga.palette[s->vga.dac_read_index * 3 + s->vga.dac_sub_index];
- }
- if (++s->vga.dac_sub_index == 3) {
- s->vga.dac_sub_index = 0;
- s->vga.dac_read_index++;
- }
- return val;
-}
-
-static void cirrus_vga_write_palette(CirrusVGAState * s, int reg_value)
-{
- s->vga.dac_cache[s->vga.dac_sub_index] = reg_value;
- if (++s->vga.dac_sub_index == 3) {
- if ((s->vga.sr[0x12] & CIRRUS_CURSOR_HIDDENPEL)) {
- memcpy(&s->cirrus_hidden_palette[(s->vga.dac_write_index & 0x0f) * 3],
- s->vga.dac_cache, 3);
- } else {
- memcpy(&s->vga.palette[s->vga.dac_write_index * 3], s->vga.dac_cache, 3);
- }
- /* XXX update cursor */
- s->vga.dac_sub_index = 0;
- s->vga.dac_write_index++;
- }
-}
-
-/***************************************
- *
- * I/O access between 0x3ce-0x3cf
- *
- ***************************************/
-
-static int cirrus_vga_read_gr(CirrusVGAState * s, unsigned reg_index)
-{
- switch (reg_index) {
- case 0x00: // Standard VGA, BGCOLOR 0x000000ff
- return s->cirrus_shadow_gr0;
- case 0x01: // Standard VGA, FGCOLOR 0x000000ff
- return s->cirrus_shadow_gr1;
- case 0x02: // Standard VGA
- case 0x03: // Standard VGA
- case 0x04: // Standard VGA
- case 0x06: // Standard VGA
- case 0x07: // Standard VGA
- case 0x08: // Standard VGA
- return s->vga.gr[s->vga.gr_index];
- case 0x05: // Standard VGA, Cirrus extended mode
- default:
- break;
- }
-
- if (reg_index < 0x3a) {
- return s->vga.gr[reg_index];
- } else {
-#ifdef DEBUG_CIRRUS
- printf("cirrus: inport gr_index %02x\n", reg_index);
-#endif
- return 0xff;
- }
-}
-
-static void
-cirrus_vga_write_gr(CirrusVGAState * s, unsigned reg_index, int reg_value)
-{
-#if defined(DEBUG_BITBLT) && 0
- printf("gr%02x: %02x\n", reg_index, reg_value);
-#endif
- switch (reg_index) {
- case 0x00: // Standard VGA, BGCOLOR 0x000000ff
- s->vga.gr[reg_index] = reg_value & gr_mask[reg_index];
- s->cirrus_shadow_gr0 = reg_value;
- break;
- case 0x01: // Standard VGA, FGCOLOR 0x000000ff
- s->vga.gr[reg_index] = reg_value & gr_mask[reg_index];
- s->cirrus_shadow_gr1 = reg_value;
- break;
- case 0x02: // Standard VGA
- case 0x03: // Standard VGA
- case 0x04: // Standard VGA
- case 0x06: // Standard VGA
- case 0x07: // Standard VGA
- case 0x08: // Standard VGA
- s->vga.gr[reg_index] = reg_value & gr_mask[reg_index];
- break;
- case 0x05: // Standard VGA, Cirrus extended mode
- s->vga.gr[reg_index] = reg_value & 0x7f;
- cirrus_update_memory_access(s);
- break;
- case 0x09: // bank offset #0
- case 0x0A: // bank offset #1
- s->vga.gr[reg_index] = reg_value;
- cirrus_update_bank_ptr(s, 0);
- cirrus_update_bank_ptr(s, 1);
- cirrus_update_memory_access(s);
- break;
- case 0x0B:
- s->vga.gr[reg_index] = reg_value;
- cirrus_update_bank_ptr(s, 0);
- cirrus_update_bank_ptr(s, 1);
- cirrus_update_memory_access(s);
- break;
- case 0x10: // BGCOLOR 0x0000ff00
- case 0x11: // FGCOLOR 0x0000ff00
- case 0x12: // BGCOLOR 0x00ff0000
- case 0x13: // FGCOLOR 0x00ff0000
- case 0x14: // BGCOLOR 0xff000000
- case 0x15: // FGCOLOR 0xff000000
- case 0x20: // BLT WIDTH 0x0000ff
- case 0x22: // BLT HEIGHT 0x0000ff
- case 0x24: // BLT DEST PITCH 0x0000ff
- case 0x26: // BLT SRC PITCH 0x0000ff
- case 0x28: // BLT DEST ADDR 0x0000ff
- case 0x29: // BLT DEST ADDR 0x00ff00
- case 0x2c: // BLT SRC ADDR 0x0000ff
- case 0x2d: // BLT SRC ADDR 0x00ff00
- case 0x2f: // BLT WRITEMASK
- case 0x30: // BLT MODE
- case 0x32: // RASTER OP
- case 0x33: // BLT MODEEXT
- case 0x34: // BLT TRANSPARENT COLOR 0x00ff
- case 0x35: // BLT TRANSPARENT COLOR 0xff00
- case 0x38: // BLT TRANSPARENT COLOR MASK 0x00ff
- case 0x39: // BLT TRANSPARENT COLOR MASK 0xff00
- s->vga.gr[reg_index] = reg_value;
- break;
- case 0x21: // BLT WIDTH 0x001f00
- case 0x23: // BLT HEIGHT 0x001f00
- case 0x25: // BLT DEST PITCH 0x001f00
- case 0x27: // BLT SRC PITCH 0x001f00
- s->vga.gr[reg_index] = reg_value & 0x1f;
- break;
- case 0x2a: // BLT DEST ADDR 0x3f0000
- s->vga.gr[reg_index] = reg_value & 0x3f;
- /* if auto start mode, starts bit blt now */
- if (s->vga.gr[0x31] & CIRRUS_BLT_AUTOSTART) {
- cirrus_bitblt_start(s);
- }
- break;
- case 0x2e: // BLT SRC ADDR 0x3f0000
- s->vga.gr[reg_index] = reg_value & 0x3f;
- break;
- case 0x31: // BLT STATUS/START
- cirrus_write_bitblt(s, reg_value);
- break;
- default:
-#ifdef DEBUG_CIRRUS
- printf("cirrus: outport gr_index %02x, gr_value %02x\n", reg_index,
- reg_value);
-#endif
- break;
- }
-}
-
-/***************************************
- *
- * I/O access between 0x3d4-0x3d5
- *
- ***************************************/
-
-static int cirrus_vga_read_cr(CirrusVGAState * s, unsigned reg_index)
-{
- switch (reg_index) {
- case 0x00: // Standard VGA
- case 0x01: // Standard VGA
- case 0x02: // Standard VGA
- case 0x03: // Standard VGA
- case 0x04: // Standard VGA
- case 0x05: // Standard VGA
- case 0x06: // Standard VGA
- case 0x07: // Standard VGA
- case 0x08: // Standard VGA
- case 0x09: // Standard VGA
- case 0x0a: // Standard VGA
- case 0x0b: // Standard VGA
- case 0x0c: // Standard VGA
- case 0x0d: // Standard VGA
- case 0x0e: // Standard VGA
- case 0x0f: // Standard VGA
- case 0x10: // Standard VGA
- case 0x11: // Standard VGA
- case 0x12: // Standard VGA
- case 0x13: // Standard VGA
- case 0x14: // Standard VGA
- case 0x15: // Standard VGA
- case 0x16: // Standard VGA
- case 0x17: // Standard VGA
- case 0x18: // Standard VGA
- return s->vga.cr[s->vga.cr_index];
- case 0x24: // Attribute Controller Toggle Readback (R)
- return (s->vga.ar_flip_flop << 7);
- case 0x19: // Interlace End
- case 0x1a: // Miscellaneous Control
- case 0x1b: // Extended Display Control
- case 0x1c: // Sync Adjust and Genlock
- case 0x1d: // Overlay Extended Control
- case 0x22: // Graphics Data Latches Readback (R)
- case 0x25: // Part Status
- case 0x27: // Part ID (R)
- return s->vga.cr[s->vga.cr_index];
- case 0x26: // Attribute Controller Index Readback (R)
- return s->vga.ar_index & 0x3f;
- break;
- default:
-#ifdef DEBUG_CIRRUS
- printf("cirrus: inport cr_index %02x\n", reg_index);
-#endif
- return 0xff;
- }
-}
-
-static void cirrus_vga_write_cr(CirrusVGAState * s, int reg_value)
-{
- switch (s->vga.cr_index) {
- case 0x00: // Standard VGA
- case 0x01: // Standard VGA
- case 0x02: // Standard VGA
- case 0x03: // Standard VGA
- case 0x04: // Standard VGA
- case 0x05: // Standard VGA
- case 0x06: // Standard VGA
- case 0x07: // Standard VGA
- case 0x08: // Standard VGA
- case 0x09: // Standard VGA
- case 0x0a: // Standard VGA
- case 0x0b: // Standard VGA
- case 0x0c: // Standard VGA
- case 0x0d: // Standard VGA
- case 0x0e: // Standard VGA
- case 0x0f: // Standard VGA
- case 0x10: // Standard VGA
- case 0x11: // Standard VGA
- case 0x12: // Standard VGA
- case 0x13: // Standard VGA
- case 0x14: // Standard VGA
- case 0x15: // Standard VGA
- case 0x16: // Standard VGA
- case 0x17: // Standard VGA
- case 0x18: // Standard VGA
- /* handle CR0-7 protection */
- if ((s->vga.cr[0x11] & 0x80) && s->vga.cr_index <= 7) {
- /* can always write bit 4 of CR7 */
- if (s->vga.cr_index == 7)
- s->vga.cr[7] = (s->vga.cr[7] & ~0x10) | (reg_value & 0x10);
- return;
- }
- s->vga.cr[s->vga.cr_index] = reg_value;
- switch(s->vga.cr_index) {
- case 0x00:
- case 0x04:
- case 0x05:
- case 0x06:
- case 0x07:
- case 0x11:
- case 0x17:
- s->vga.update_retrace_info(&s->vga);
- break;
- }
- break;
- case 0x19: // Interlace End
- case 0x1a: // Miscellaneous Control
- case 0x1b: // Extended Display Control
- case 0x1c: // Sync Adjust and Genlock
- case 0x1d: // Overlay Extended Control
- s->vga.cr[s->vga.cr_index] = reg_value;
-#ifdef DEBUG_CIRRUS
- printf("cirrus: handled outport cr_index %02x, cr_value %02x\n",
- s->vga.cr_index, reg_value);
-#endif
- break;
- case 0x22: // Graphics Data Latches Readback (R)
- case 0x24: // Attribute Controller Toggle Readback (R)
- case 0x26: // Attribute Controller Index Readback (R)
- case 0x27: // Part ID (R)
- break;
- case 0x25: // Part Status
- default:
-#ifdef DEBUG_CIRRUS
- printf("cirrus: outport cr_index %02x, cr_value %02x\n",
- s->vga.cr_index, reg_value);
-#endif
- break;
- }
-}
-
-/***************************************
- *
- * memory-mapped I/O (bitblt)
- *
- ***************************************/
-
-static uint8_t cirrus_mmio_blt_read(CirrusVGAState * s, unsigned address)
-{
- int value = 0xff;
-
- switch (address) {
- case (CIRRUS_MMIO_BLTBGCOLOR + 0):
- value = cirrus_vga_read_gr(s, 0x00);
- break;
- case (CIRRUS_MMIO_BLTBGCOLOR + 1):
- value = cirrus_vga_read_gr(s, 0x10);
- break;
- case (CIRRUS_MMIO_BLTBGCOLOR + 2):
- value = cirrus_vga_read_gr(s, 0x12);
- break;
- case (CIRRUS_MMIO_BLTBGCOLOR + 3):
- value = cirrus_vga_read_gr(s, 0x14);
- break;
- case (CIRRUS_MMIO_BLTFGCOLOR + 0):
- value = cirrus_vga_read_gr(s, 0x01);
- break;
- case (CIRRUS_MMIO_BLTFGCOLOR + 1):
- value = cirrus_vga_read_gr(s, 0x11);
- break;
- case (CIRRUS_MMIO_BLTFGCOLOR + 2):
- value = cirrus_vga_read_gr(s, 0x13);
- break;
- case (CIRRUS_MMIO_BLTFGCOLOR + 3):
- value = cirrus_vga_read_gr(s, 0x15);
- break;
- case (CIRRUS_MMIO_BLTWIDTH + 0):
- value = cirrus_vga_read_gr(s, 0x20);
- break;
- case (CIRRUS_MMIO_BLTWIDTH + 1):
- value = cirrus_vga_read_gr(s, 0x21);
- break;
- case (CIRRUS_MMIO_BLTHEIGHT + 0):
- value = cirrus_vga_read_gr(s, 0x22);
- break;
- case (CIRRUS_MMIO_BLTHEIGHT + 1):
- value = cirrus_vga_read_gr(s, 0x23);
- break;
- case (CIRRUS_MMIO_BLTDESTPITCH + 0):
- value = cirrus_vga_read_gr(s, 0x24);
- break;
- case (CIRRUS_MMIO_BLTDESTPITCH + 1):
- value = cirrus_vga_read_gr(s, 0x25);
- break;
- case (CIRRUS_MMIO_BLTSRCPITCH + 0):
- value = cirrus_vga_read_gr(s, 0x26);
- break;
- case (CIRRUS_MMIO_BLTSRCPITCH + 1):
- value = cirrus_vga_read_gr(s, 0x27);
- break;
- case (CIRRUS_MMIO_BLTDESTADDR + 0):
- value = cirrus_vga_read_gr(s, 0x28);
- break;
- case (CIRRUS_MMIO_BLTDESTADDR + 1):
- value = cirrus_vga_read_gr(s, 0x29);
- break;
- case (CIRRUS_MMIO_BLTDESTADDR + 2):
- value = cirrus_vga_read_gr(s, 0x2a);
- break;
- case (CIRRUS_MMIO_BLTSRCADDR + 0):
- value = cirrus_vga_read_gr(s, 0x2c);
- break;
- case (CIRRUS_MMIO_BLTSRCADDR + 1):
- value = cirrus_vga_read_gr(s, 0x2d);
- break;
- case (CIRRUS_MMIO_BLTSRCADDR + 2):
- value = cirrus_vga_read_gr(s, 0x2e);
- break;
- case CIRRUS_MMIO_BLTWRITEMASK:
- value = cirrus_vga_read_gr(s, 0x2f);
- break;
- case CIRRUS_MMIO_BLTMODE:
- value = cirrus_vga_read_gr(s, 0x30);
- break;
- case CIRRUS_MMIO_BLTROP:
- value = cirrus_vga_read_gr(s, 0x32);
- break;
- case CIRRUS_MMIO_BLTMODEEXT:
- value = cirrus_vga_read_gr(s, 0x33);
- break;
- case (CIRRUS_MMIO_BLTTRANSPARENTCOLOR + 0):
- value = cirrus_vga_read_gr(s, 0x34);
- break;
- case (CIRRUS_MMIO_BLTTRANSPARENTCOLOR + 1):
- value = cirrus_vga_read_gr(s, 0x35);
- break;
- case (CIRRUS_MMIO_BLTTRANSPARENTCOLORMASK + 0):
- value = cirrus_vga_read_gr(s, 0x38);
- break;
- case (CIRRUS_MMIO_BLTTRANSPARENTCOLORMASK + 1):
- value = cirrus_vga_read_gr(s, 0x39);
- break;
- case CIRRUS_MMIO_BLTSTATUS:
- value = cirrus_vga_read_gr(s, 0x31);
- break;
- default:
-#ifdef DEBUG_CIRRUS
- printf("cirrus: mmio read - address 0x%04x\n", address);
-#endif
- break;
- }
-
- return (uint8_t) value;
-}
-
-static void cirrus_mmio_blt_write(CirrusVGAState * s, unsigned address,
- uint8_t value)
-{
- switch (address) {
- case (CIRRUS_MMIO_BLTBGCOLOR + 0):
- cirrus_vga_write_gr(s, 0x00, value);
- break;
- case (CIRRUS_MMIO_BLTBGCOLOR + 1):
- cirrus_vga_write_gr(s, 0x10, value);
- break;
- case (CIRRUS_MMIO_BLTBGCOLOR + 2):
- cirrus_vga_write_gr(s, 0x12, value);
- break;
- case (CIRRUS_MMIO_BLTBGCOLOR + 3):
- cirrus_vga_write_gr(s, 0x14, value);
- break;
- case (CIRRUS_MMIO_BLTFGCOLOR + 0):
- cirrus_vga_write_gr(s, 0x01, value);
- break;
- case (CIRRUS_MMIO_BLTFGCOLOR + 1):
- cirrus_vga_write_gr(s, 0x11, value);
- break;
- case (CIRRUS_MMIO_BLTFGCOLOR + 2):
- cirrus_vga_write_gr(s, 0x13, value);
- break;
- case (CIRRUS_MMIO_BLTFGCOLOR + 3):
- cirrus_vga_write_gr(s, 0x15, value);
- break;
- case (CIRRUS_MMIO_BLTWIDTH + 0):
- cirrus_vga_write_gr(s, 0x20, value);
- break;
- case (CIRRUS_MMIO_BLTWIDTH + 1):
- cirrus_vga_write_gr(s, 0x21, value);
- break;
- case (CIRRUS_MMIO_BLTHEIGHT + 0):
- cirrus_vga_write_gr(s, 0x22, value);
- break;
- case (CIRRUS_MMIO_BLTHEIGHT + 1):
- cirrus_vga_write_gr(s, 0x23, value);
- break;
- case (CIRRUS_MMIO_BLTDESTPITCH + 0):
- cirrus_vga_write_gr(s, 0x24, value);
- break;
- case (CIRRUS_MMIO_BLTDESTPITCH + 1):
- cirrus_vga_write_gr(s, 0x25, value);
- break;
- case (CIRRUS_MMIO_BLTSRCPITCH + 0):
- cirrus_vga_write_gr(s, 0x26, value);
- break;
- case (CIRRUS_MMIO_BLTSRCPITCH + 1):
- cirrus_vga_write_gr(s, 0x27, value);
- break;
- case (CIRRUS_MMIO_BLTDESTADDR + 0):
- cirrus_vga_write_gr(s, 0x28, value);
- break;
- case (CIRRUS_MMIO_BLTDESTADDR + 1):
- cirrus_vga_write_gr(s, 0x29, value);
- break;
- case (CIRRUS_MMIO_BLTDESTADDR + 2):
- cirrus_vga_write_gr(s, 0x2a, value);
- break;
- case (CIRRUS_MMIO_BLTDESTADDR + 3):
- /* ignored */
- break;
- case (CIRRUS_MMIO_BLTSRCADDR + 0):
- cirrus_vga_write_gr(s, 0x2c, value);
- break;
- case (CIRRUS_MMIO_BLTSRCADDR + 1):
- cirrus_vga_write_gr(s, 0x2d, value);
- break;
- case (CIRRUS_MMIO_BLTSRCADDR + 2):
- cirrus_vga_write_gr(s, 0x2e, value);
- break;
- case CIRRUS_MMIO_BLTWRITEMASK:
- cirrus_vga_write_gr(s, 0x2f, value);
- break;
- case CIRRUS_MMIO_BLTMODE:
- cirrus_vga_write_gr(s, 0x30, value);
- break;
- case CIRRUS_MMIO_BLTROP:
- cirrus_vga_write_gr(s, 0x32, value);
- break;
- case CIRRUS_MMIO_BLTMODEEXT:
- cirrus_vga_write_gr(s, 0x33, value);
- break;
- case (CIRRUS_MMIO_BLTTRANSPARENTCOLOR + 0):
- cirrus_vga_write_gr(s, 0x34, value);
- break;
- case (CIRRUS_MMIO_BLTTRANSPARENTCOLOR + 1):
- cirrus_vga_write_gr(s, 0x35, value);
- break;
- case (CIRRUS_MMIO_BLTTRANSPARENTCOLORMASK + 0):
- cirrus_vga_write_gr(s, 0x38, value);
- break;
- case (CIRRUS_MMIO_BLTTRANSPARENTCOLORMASK + 1):
- cirrus_vga_write_gr(s, 0x39, value);
- break;
- case CIRRUS_MMIO_BLTSTATUS:
- cirrus_vga_write_gr(s, 0x31, value);
- break;
- default:
-#ifdef DEBUG_CIRRUS
- printf("cirrus: mmio write - addr 0x%04x val 0x%02x (ignored)\n",
- address, value);
-#endif
- break;
- }
-}
-
-/***************************************
- *
- * write mode 4/5
- *
- ***************************************/
-
-static void cirrus_mem_writeb_mode4and5_8bpp(CirrusVGAState * s,
- unsigned mode,
- unsigned offset,
- uint32_t mem_value)
-{
- int x;
- unsigned val = mem_value;
- uint8_t *dst;
-
- dst = s->vga.vram_ptr + (offset &= s->cirrus_addr_mask);
- for (x = 0; x < 8; x++) {
- if (val & 0x80) {
- *dst = s->cirrus_shadow_gr1;
- } else if (mode == 5) {
- *dst = s->cirrus_shadow_gr0;
- }
- val <<= 1;
- dst++;
- }
- memory_region_set_dirty(&s->vga.vram, offset, 8);
-}
-
-static void cirrus_mem_writeb_mode4and5_16bpp(CirrusVGAState * s,
- unsigned mode,
- unsigned offset,
- uint32_t mem_value)
-{
- int x;
- unsigned val = mem_value;
- uint8_t *dst;
-
- dst = s->vga.vram_ptr + (offset &= s->cirrus_addr_mask);
- for (x = 0; x < 8; x++) {
- if (val & 0x80) {
- *dst = s->cirrus_shadow_gr1;
- *(dst + 1) = s->vga.gr[0x11];
- } else if (mode == 5) {
- *dst = s->cirrus_shadow_gr0;
- *(dst + 1) = s->vga.gr[0x10];
- }
- val <<= 1;
- dst += 2;
- }
- memory_region_set_dirty(&s->vga.vram, offset, 16);
-}
-
-/***************************************
- *
- * memory access between 0xa0000-0xbffff
- *
- ***************************************/
-
-static uint64_t cirrus_vga_mem_read(void *opaque,
- hwaddr addr,
- uint32_t size)
-{
- CirrusVGAState *s = opaque;
- unsigned bank_index;
- unsigned bank_offset;
- uint32_t val;
-
- if ((s->vga.sr[0x07] & 0x01) == 0) {
- return vga_mem_readb(&s->vga, addr);
- }
-
- if (addr < 0x10000) {
- /* XXX handle bitblt */
- /* video memory */
- bank_index = addr >> 15;
- bank_offset = addr & 0x7fff;
- if (bank_offset < s->cirrus_bank_limit[bank_index]) {
- bank_offset += s->cirrus_bank_base[bank_index];
- if ((s->vga.gr[0x0B] & 0x14) == 0x14) {
- bank_offset <<= 4;
- } else if (s->vga.gr[0x0B] & 0x02) {
- bank_offset <<= 3;
- }
- bank_offset &= s->cirrus_addr_mask;
- val = *(s->vga.vram_ptr + bank_offset);
- } else
- val = 0xff;
- } else if (addr >= 0x18000 && addr < 0x18100) {
- /* memory-mapped I/O */
- val = 0xff;
- if ((s->vga.sr[0x17] & 0x44) == 0x04) {
- val = cirrus_mmio_blt_read(s, addr & 0xff);
- }
- } else {
- val = 0xff;
-#ifdef DEBUG_CIRRUS
- printf("cirrus: mem_readb " TARGET_FMT_plx "\n", addr);
-#endif
- }
- return val;
-}
-
-static void cirrus_vga_mem_write(void *opaque,
- hwaddr addr,
- uint64_t mem_value,
- uint32_t size)
-{
- CirrusVGAState *s = opaque;
- unsigned bank_index;
- unsigned bank_offset;
- unsigned mode;
-
- if ((s->vga.sr[0x07] & 0x01) == 0) {
- vga_mem_writeb(&s->vga, addr, mem_value);
- return;
- }
-
- if (addr < 0x10000) {
- if (s->cirrus_srcptr != s->cirrus_srcptr_end) {
- /* bitblt */
- *s->cirrus_srcptr++ = (uint8_t) mem_value;
- if (s->cirrus_srcptr >= s->cirrus_srcptr_end) {
- cirrus_bitblt_cputovideo_next(s);
- }
- } else {
- /* video memory */
- bank_index = addr >> 15;
- bank_offset = addr & 0x7fff;
- if (bank_offset < s->cirrus_bank_limit[bank_index]) {
- bank_offset += s->cirrus_bank_base[bank_index];
- if ((s->vga.gr[0x0B] & 0x14) == 0x14) {
- bank_offset <<= 4;
- } else if (s->vga.gr[0x0B] & 0x02) {
- bank_offset <<= 3;
- }
- bank_offset &= s->cirrus_addr_mask;
- mode = s->vga.gr[0x05] & 0x7;
- if (mode < 4 || mode > 5 || ((s->vga.gr[0x0B] & 0x4) == 0)) {
- *(s->vga.vram_ptr + bank_offset) = mem_value;
- memory_region_set_dirty(&s->vga.vram, bank_offset,
- sizeof(mem_value));
- } else {
- if ((s->vga.gr[0x0B] & 0x14) != 0x14) {
- cirrus_mem_writeb_mode4and5_8bpp(s, mode,
- bank_offset,
- mem_value);
- } else {
- cirrus_mem_writeb_mode4and5_16bpp(s, mode,
- bank_offset,
- mem_value);
- }
- }
- }
- }
- } else if (addr >= 0x18000 && addr < 0x18100) {
- /* memory-mapped I/O */
- if ((s->vga.sr[0x17] & 0x44) == 0x04) {
- cirrus_mmio_blt_write(s, addr & 0xff, mem_value);
- }
- } else {
-#ifdef DEBUG_CIRRUS
- printf("cirrus: mem_writeb " TARGET_FMT_plx " value %02x\n", addr,
- mem_value);
-#endif
- }
-}
-
-static const MemoryRegionOps cirrus_vga_mem_ops = {
- .read = cirrus_vga_mem_read,
- .write = cirrus_vga_mem_write,
- .endianness = DEVICE_LITTLE_ENDIAN,
- .impl = {
- .min_access_size = 1,
- .max_access_size = 1,
- },
-};
-
-/***************************************
- *
- * hardware cursor
- *
- ***************************************/
-
-static inline void invalidate_cursor1(CirrusVGAState *s)
-{
- if (s->last_hw_cursor_size) {
- vga_invalidate_scanlines(&s->vga,
- s->last_hw_cursor_y + s->last_hw_cursor_y_start,
- s->last_hw_cursor_y + s->last_hw_cursor_y_end);
- }
-}
-
-static inline void cirrus_cursor_compute_yrange(CirrusVGAState *s)
-{
- const uint8_t *src;
- uint32_t content;
- int y, y_min, y_max;
-
- src = s->vga.vram_ptr + s->real_vram_size - 16 * 1024;
- if (s->vga.sr[0x12] & CIRRUS_CURSOR_LARGE) {
- src += (s->vga.sr[0x13] & 0x3c) * 256;
- y_min = 64;
- y_max = -1;
- for(y = 0; y < 64; y++) {
- content = ((uint32_t *)src)[0] |
- ((uint32_t *)src)[1] |
- ((uint32_t *)src)[2] |
- ((uint32_t *)src)[3];
- if (content) {
- if (y < y_min)
- y_min = y;
- if (y > y_max)
- y_max = y;
- }
- src += 16;
- }
- } else {
- src += (s->vga.sr[0x13] & 0x3f) * 256;
- y_min = 32;
- y_max = -1;
- for(y = 0; y < 32; y++) {
- content = ((uint32_t *)src)[0] |
- ((uint32_t *)(src + 128))[0];
- if (content) {
- if (y < y_min)
- y_min = y;
- if (y > y_max)
- y_max = y;
- }
- src += 4;
- }
- }
- if (y_min > y_max) {
- s->last_hw_cursor_y_start = 0;
- s->last_hw_cursor_y_end = 0;
- } else {
- s->last_hw_cursor_y_start = y_min;
- s->last_hw_cursor_y_end = y_max + 1;
- }
-}
-
-/* NOTE: we do not currently handle the cursor bitmap change, so we
- update the cursor only if it moves. */
-static void cirrus_cursor_invalidate(VGACommonState *s1)
-{
- CirrusVGAState *s = container_of(s1, CirrusVGAState, vga);
- int size;
-
- if (!(s->vga.sr[0x12] & CIRRUS_CURSOR_SHOW)) {
- size = 0;
- } else {
- if (s->vga.sr[0x12] & CIRRUS_CURSOR_LARGE)
- size = 64;
- else
- size = 32;
- }
- /* invalidate last cursor and new cursor if any change */
- if (s->last_hw_cursor_size != size ||
- s->last_hw_cursor_x != s->hw_cursor_x ||
- s->last_hw_cursor_y != s->hw_cursor_y) {
-
- invalidate_cursor1(s);
-
- s->last_hw_cursor_size = size;
- s->last_hw_cursor_x = s->hw_cursor_x;
- s->last_hw_cursor_y = s->hw_cursor_y;
- /* compute the real cursor min and max y */
- cirrus_cursor_compute_yrange(s);
- invalidate_cursor1(s);
- }
-}
-
-#define DEPTH 8
-#include "cirrus_vga_template.h"
-
-#define DEPTH 16
-#include "cirrus_vga_template.h"
-
-#define DEPTH 32
-#include "cirrus_vga_template.h"
-
-static void cirrus_cursor_draw_line(VGACommonState *s1, uint8_t *d1, int scr_y)
-{
- CirrusVGAState *s = container_of(s1, CirrusVGAState, vga);
- int w, h, bpp, x1, x2, poffset;
- unsigned int color0, color1;
- const uint8_t *palette, *src;
- uint32_t content;
-
- if (!(s->vga.sr[0x12] & CIRRUS_CURSOR_SHOW))
- return;
- /* fast test to see if the cursor intersects with the scan line */
- if (s->vga.sr[0x12] & CIRRUS_CURSOR_LARGE) {
- h = 64;
- } else {
- h = 32;
- }
- if (scr_y < s->hw_cursor_y ||
- scr_y >= (s->hw_cursor_y + h))
- return;
-
- src = s->vga.vram_ptr + s->real_vram_size - 16 * 1024;
- if (s->vga.sr[0x12] & CIRRUS_CURSOR_LARGE) {
- src += (s->vga.sr[0x13] & 0x3c) * 256;
- src += (scr_y - s->hw_cursor_y) * 16;
- poffset = 8;
- content = ((uint32_t *)src)[0] |
- ((uint32_t *)src)[1] |
- ((uint32_t *)src)[2] |
- ((uint32_t *)src)[3];
- } else {
- src += (s->vga.sr[0x13] & 0x3f) * 256;
- src += (scr_y - s->hw_cursor_y) * 4;
- poffset = 128;
- content = ((uint32_t *)src)[0] |
- ((uint32_t *)(src + 128))[0];
- }
- /* if nothing to draw, no need to continue */
- if (!content)
- return;
- w = h;
-
- x1 = s->hw_cursor_x;
- if (x1 >= s->vga.last_scr_width)
- return;
- x2 = s->hw_cursor_x + w;
- if (x2 > s->vga.last_scr_width)
- x2 = s->vga.last_scr_width;
- w = x2 - x1;
- palette = s->cirrus_hidden_palette;
- color0 = s->vga.rgb_to_pixel(c6_to_8(palette[0x0 * 3]),
- c6_to_8(palette[0x0 * 3 + 1]),
- c6_to_8(palette[0x0 * 3 + 2]));
- color1 = s->vga.rgb_to_pixel(c6_to_8(palette[0xf * 3]),
- c6_to_8(palette[0xf * 3 + 1]),
- c6_to_8(palette[0xf * 3 + 2]));
- bpp = ((ds_get_bits_per_pixel(s->vga.ds) + 7) >> 3);
- d1 += x1 * bpp;
- switch(ds_get_bits_per_pixel(s->vga.ds)) {
- default:
- break;
- case 8:
- vga_draw_cursor_line_8(d1, src, poffset, w, color0, color1, 0xff);
- break;
- case 15:
- vga_draw_cursor_line_16(d1, src, poffset, w, color0, color1, 0x7fff);
- break;
- case 16:
- vga_draw_cursor_line_16(d1, src, poffset, w, color0, color1, 0xffff);
- break;
- case 32:
- vga_draw_cursor_line_32(d1, src, poffset, w, color0, color1, 0xffffff);
- break;
- }
-}
-
-/***************************************
- *
- * LFB memory access
- *
- ***************************************/
-
-static uint64_t cirrus_linear_read(void *opaque, hwaddr addr,
- unsigned size)
-{
- CirrusVGAState *s = opaque;
- uint32_t ret;
-
- addr &= s->cirrus_addr_mask;
-
- if (((s->vga.sr[0x17] & 0x44) == 0x44) &&
- ((addr & s->linear_mmio_mask) == s->linear_mmio_mask)) {
- /* memory-mapped I/O */
- ret = cirrus_mmio_blt_read(s, addr & 0xff);
- } else if (0) {
- /* XXX handle bitblt */
- ret = 0xff;
- } else {
- /* video memory */
- if ((s->vga.gr[0x0B] & 0x14) == 0x14) {
- addr <<= 4;
- } else if (s->vga.gr[0x0B] & 0x02) {
- addr <<= 3;
- }
- addr &= s->cirrus_addr_mask;
- ret = *(s->vga.vram_ptr + addr);
- }
-
- return ret;
-}
-
-static void cirrus_linear_write(void *opaque, hwaddr addr,
- uint64_t val, unsigned size)
-{
- CirrusVGAState *s = opaque;
- unsigned mode;
-
- addr &= s->cirrus_addr_mask;
-
- if (((s->vga.sr[0x17] & 0x44) == 0x44) &&
- ((addr & s->linear_mmio_mask) == s->linear_mmio_mask)) {
- /* memory-mapped I/O */
- cirrus_mmio_blt_write(s, addr & 0xff, val);
- } else if (s->cirrus_srcptr != s->cirrus_srcptr_end) {
- /* bitblt */
- *s->cirrus_srcptr++ = (uint8_t) val;
- if (s->cirrus_srcptr >= s->cirrus_srcptr_end) {
- cirrus_bitblt_cputovideo_next(s);
- }
- } else {
- /* video memory */
- if ((s->vga.gr[0x0B] & 0x14) == 0x14) {
- addr <<= 4;
- } else if (s->vga.gr[0x0B] & 0x02) {
- addr <<= 3;
- }
- addr &= s->cirrus_addr_mask;
-
- mode = s->vga.gr[0x05] & 0x7;
- if (mode < 4 || mode > 5 || ((s->vga.gr[0x0B] & 0x4) == 0)) {
- *(s->vga.vram_ptr + addr) = (uint8_t) val;
- memory_region_set_dirty(&s->vga.vram, addr, 1);
- } else {
- if ((s->vga.gr[0x0B] & 0x14) != 0x14) {
- cirrus_mem_writeb_mode4and5_8bpp(s, mode, addr, val);
- } else {
- cirrus_mem_writeb_mode4and5_16bpp(s, mode, addr, val);
- }
- }
- }
-}
-
-/***************************************
- *
- * system to screen memory access
- *
- ***************************************/
-
-
-static uint64_t cirrus_linear_bitblt_read(void *opaque,
- hwaddr addr,
- unsigned size)
-{
- CirrusVGAState *s = opaque;
- uint32_t ret;
-
- /* XXX handle bitblt */
- (void)s;
- ret = 0xff;
- return ret;
-}
-
-static void cirrus_linear_bitblt_write(void *opaque,
- hwaddr addr,
- uint64_t val,
- unsigned size)
-{
- CirrusVGAState *s = opaque;
-
- if (s->cirrus_srcptr != s->cirrus_srcptr_end) {
- /* bitblt */
- *s->cirrus_srcptr++ = (uint8_t) val;
- if (s->cirrus_srcptr >= s->cirrus_srcptr_end) {
- cirrus_bitblt_cputovideo_next(s);
- }
- }
-}
-
-static const MemoryRegionOps cirrus_linear_bitblt_io_ops = {
- .read = cirrus_linear_bitblt_read,
- .write = cirrus_linear_bitblt_write,
- .endianness = DEVICE_LITTLE_ENDIAN,
- .impl = {
- .min_access_size = 1,
- .max_access_size = 1,
- },
-};
-
-static void map_linear_vram_bank(CirrusVGAState *s, unsigned bank)
-{
- MemoryRegion *mr = &s->cirrus_bank[bank];
- bool enabled = !(s->cirrus_srcptr != s->cirrus_srcptr_end)
- && !((s->vga.sr[0x07] & 0x01) == 0)
- && !((s->vga.gr[0x0B] & 0x14) == 0x14)
- && !(s->vga.gr[0x0B] & 0x02);
-
- memory_region_set_enabled(mr, enabled);
- memory_region_set_alias_offset(mr, s->cirrus_bank_base[bank]);
-}
-
-static void map_linear_vram(CirrusVGAState *s)
-{
- if (s->bustype == CIRRUS_BUSTYPE_PCI && !s->linear_vram) {
- s->linear_vram = true;
- memory_region_add_subregion_overlap(&s->pci_bar, 0, &s->vga.vram, 1);
- }
- map_linear_vram_bank(s, 0);
- map_linear_vram_bank(s, 1);
-}
-
-static void unmap_linear_vram(CirrusVGAState *s)
-{
- if (s->bustype == CIRRUS_BUSTYPE_PCI && s->linear_vram) {
- s->linear_vram = false;
- memory_region_del_subregion(&s->pci_bar, &s->vga.vram);
- }
- memory_region_set_enabled(&s->cirrus_bank[0], false);
- memory_region_set_enabled(&s->cirrus_bank[1], false);
-}
-
-/* Compute the memory access functions */
-static void cirrus_update_memory_access(CirrusVGAState *s)
-{
- unsigned mode;
-
- memory_region_transaction_begin();
- if ((s->vga.sr[0x17] & 0x44) == 0x44) {
- goto generic_io;
- } else if (s->cirrus_srcptr != s->cirrus_srcptr_end) {
- goto generic_io;
- } else {
- if ((s->vga.gr[0x0B] & 0x14) == 0x14) {
- goto generic_io;
- } else if (s->vga.gr[0x0B] & 0x02) {
- goto generic_io;
- }
-
- mode = s->vga.gr[0x05] & 0x7;
- if (mode < 4 || mode > 5 || ((s->vga.gr[0x0B] & 0x4) == 0)) {
- map_linear_vram(s);
- } else {
- generic_io:
- unmap_linear_vram(s);
- }
- }
- memory_region_transaction_commit();
-}
-
-
-/* I/O ports */
-
-static uint32_t cirrus_vga_ioport_read(void *opaque, uint32_t addr)
-{
- CirrusVGAState *c = opaque;
- VGACommonState *s = &c->vga;
- int val, index;
-
- qemu_flush_coalesced_mmio_buffer();
-
- if (vga_ioport_invalid(s, addr)) {
- val = 0xff;
- } else {
- switch (addr) {
- case 0x3c0:
- if (s->ar_flip_flop == 0) {
- val = s->ar_index;
- } else {
- val = 0;
- }
- break;
- case 0x3c1:
- index = s->ar_index & 0x1f;
- if (index < 21)
- val = s->ar[index];
- else
- val = 0;
- break;
- case 0x3c2:
- val = s->st00;
- break;
- case 0x3c4:
- val = s->sr_index;
- break;
- case 0x3c5:
- val = cirrus_vga_read_sr(c);
- break;
-#ifdef DEBUG_VGA_REG
- printf("vga: read SR%x = 0x%02x\n", s->sr_index, val);
-#endif
- break;
- case 0x3c6:
- val = cirrus_read_hidden_dac(c);
- break;
- case 0x3c7:
- val = s->dac_state;
- break;
- case 0x3c8:
- val = s->dac_write_index;
- c->cirrus_hidden_dac_lockindex = 0;
- break;
- case 0x3c9:
- val = cirrus_vga_read_palette(c);
- break;
- case 0x3ca:
- val = s->fcr;
- break;
- case 0x3cc:
- val = s->msr;
- break;
- case 0x3ce:
- val = s->gr_index;
- break;
- case 0x3cf:
- val = cirrus_vga_read_gr(c, s->gr_index);
-#ifdef DEBUG_VGA_REG
- printf("vga: read GR%x = 0x%02x\n", s->gr_index, val);
-#endif
- break;
- case 0x3b4:
- case 0x3d4:
- val = s->cr_index;
- break;
- case 0x3b5:
- case 0x3d5:
- val = cirrus_vga_read_cr(c, s->cr_index);
-#ifdef DEBUG_VGA_REG
- printf("vga: read CR%x = 0x%02x\n", s->cr_index, val);
-#endif
- break;
- case 0x3ba:
- case 0x3da:
- /* just toggle to fool polling */
- val = s->st01 = s->retrace(s);
- s->ar_flip_flop = 0;
- break;
- default:
- val = 0x00;
- break;
- }
- }
-#if defined(DEBUG_VGA)
- printf("VGA: read addr=0x%04x data=0x%02x\n", addr, val);
-#endif
- return val;
-}
-
-static void cirrus_vga_ioport_write(void *opaque, uint32_t addr, uint32_t val)
-{
- CirrusVGAState *c = opaque;
- VGACommonState *s = &c->vga;
- int index;
-
- qemu_flush_coalesced_mmio_buffer();
-
- /* check port range access depending on color/monochrome mode */
- if (vga_ioport_invalid(s, addr)) {
- return;
- }
-#ifdef DEBUG_VGA
- printf("VGA: write addr=0x%04x data=0x%02x\n", addr, val);
-#endif
-
- switch (addr) {
- case 0x3c0:
- if (s->ar_flip_flop == 0) {
- val &= 0x3f;
- s->ar_index = val;
- } else {
- index = s->ar_index & 0x1f;
- switch (index) {
- case 0x00 ... 0x0f:
- s->ar[index] = val & 0x3f;
- break;
- case 0x10:
- s->ar[index] = val & ~0x10;
- break;
- case 0x11:
- s->ar[index] = val;
- break;
- case 0x12:
- s->ar[index] = val & ~0xc0;
- break;
- case 0x13:
- s->ar[index] = val & ~0xf0;
- break;
- case 0x14:
- s->ar[index] = val & ~0xf0;
- break;
- default:
- break;
- }
- }
- s->ar_flip_flop ^= 1;
- break;
- case 0x3c2:
- s->msr = val & ~0x10;
- s->update_retrace_info(s);
- break;
- case 0x3c4:
- s->sr_index = val;
- break;
- case 0x3c5:
-#ifdef DEBUG_VGA_REG
- printf("vga: write SR%x = 0x%02x\n", s->sr_index, val);
-#endif
- cirrus_vga_write_sr(c, val);
- break;
- break;
- case 0x3c6:
- cirrus_write_hidden_dac(c, val);
- break;
- case 0x3c7:
- s->dac_read_index = val;
- s->dac_sub_index = 0;
- s->dac_state = 3;
- break;
- case 0x3c8:
- s->dac_write_index = val;
- s->dac_sub_index = 0;
- s->dac_state = 0;
- break;
- case 0x3c9:
- cirrus_vga_write_palette(c, val);
- break;
- case 0x3ce:
- s->gr_index = val;
- break;
- case 0x3cf:
-#ifdef DEBUG_VGA_REG
- printf("vga: write GR%x = 0x%02x\n", s->gr_index, val);
-#endif
- cirrus_vga_write_gr(c, s->gr_index, val);
- break;
- case 0x3b4:
- case 0x3d4:
- s->cr_index = val;
- break;
- case 0x3b5:
- case 0x3d5:
-#ifdef DEBUG_VGA_REG
- printf("vga: write CR%x = 0x%02x\n", s->cr_index, val);
-#endif
- cirrus_vga_write_cr(c, val);
- break;
- case 0x3ba:
- case 0x3da:
- s->fcr = val & 0x10;
- break;
- }
-}
-
-/***************************************
- *
- * memory-mapped I/O access
- *
- ***************************************/
-
-static uint64_t cirrus_mmio_read(void *opaque, hwaddr addr,
- unsigned size)
-{
- CirrusVGAState *s = opaque;
-
- if (addr >= 0x100) {
- return cirrus_mmio_blt_read(s, addr - 0x100);
- } else {
- return cirrus_vga_ioport_read(s, addr + 0x3c0);
- }
-}
-
-static void cirrus_mmio_write(void *opaque, hwaddr addr,
- uint64_t val, unsigned size)
-{
- CirrusVGAState *s = opaque;
-
- if (addr >= 0x100) {
- cirrus_mmio_blt_write(s, addr - 0x100, val);
- } else {
- cirrus_vga_ioport_write(s, addr + 0x3c0, val);
- }
-}
-
-static const MemoryRegionOps cirrus_mmio_io_ops = {
- .read = cirrus_mmio_read,
- .write = cirrus_mmio_write,
- .endianness = DEVICE_LITTLE_ENDIAN,
- .impl = {
- .min_access_size = 1,
- .max_access_size = 1,
- },
-};
-
-/* load/save state */
-
-static int cirrus_post_load(void *opaque, int version_id)
-{
- CirrusVGAState *s = opaque;
-
- s->vga.gr[0x00] = s->cirrus_shadow_gr0 & 0x0f;
- s->vga.gr[0x01] = s->cirrus_shadow_gr1 & 0x0f;
-
- cirrus_update_memory_access(s);
- /* force refresh */
- s->vga.graphic_mode = -1;
- cirrus_update_bank_ptr(s, 0);
- cirrus_update_bank_ptr(s, 1);
- return 0;
-}
-
-static const VMStateDescription vmstate_cirrus_vga = {
- .name = "cirrus_vga",
- .version_id = 2,
- .minimum_version_id = 1,
- .minimum_version_id_old = 1,
- .post_load = cirrus_post_load,
- .fields = (VMStateField []) {
- VMSTATE_UINT32(vga.latch, CirrusVGAState),
- VMSTATE_UINT8(vga.sr_index, CirrusVGAState),
- VMSTATE_BUFFER(vga.sr, CirrusVGAState),
- VMSTATE_UINT8(vga.gr_index, CirrusVGAState),
- VMSTATE_UINT8(cirrus_shadow_gr0, CirrusVGAState),
- VMSTATE_UINT8(cirrus_shadow_gr1, CirrusVGAState),
- VMSTATE_BUFFER_START_MIDDLE(vga.gr, CirrusVGAState, 2),
- VMSTATE_UINT8(vga.ar_index, CirrusVGAState),
- VMSTATE_BUFFER(vga.ar, CirrusVGAState),
- VMSTATE_INT32(vga.ar_flip_flop, CirrusVGAState),
- VMSTATE_UINT8(vga.cr_index, CirrusVGAState),
- VMSTATE_BUFFER(vga.cr, CirrusVGAState),
- VMSTATE_UINT8(vga.msr, CirrusVGAState),
- VMSTATE_UINT8(vga.fcr, CirrusVGAState),
- VMSTATE_UINT8(vga.st00, CirrusVGAState),
- VMSTATE_UINT8(vga.st01, CirrusVGAState),
- VMSTATE_UINT8(vga.dac_state, CirrusVGAState),
- VMSTATE_UINT8(vga.dac_sub_index, CirrusVGAState),
- VMSTATE_UINT8(vga.dac_read_index, CirrusVGAState),
- VMSTATE_UINT8(vga.dac_write_index, CirrusVGAState),
- VMSTATE_BUFFER(vga.dac_cache, CirrusVGAState),
- VMSTATE_BUFFER(vga.palette, CirrusVGAState),
- VMSTATE_INT32(vga.bank_offset, CirrusVGAState),
- VMSTATE_UINT8(cirrus_hidden_dac_lockindex, CirrusVGAState),
- VMSTATE_UINT8(cirrus_hidden_dac_data, CirrusVGAState),
- VMSTATE_UINT32(hw_cursor_x, CirrusVGAState),
- VMSTATE_UINT32(hw_cursor_y, CirrusVGAState),
- /* XXX: we do not save the bitblt state - we assume we do not save
- the state when the blitter is active */
- VMSTATE_END_OF_LIST()
- }
-};
-
-static const VMStateDescription vmstate_pci_cirrus_vga = {
- .name = "cirrus_vga",
- .version_id = 2,
- .minimum_version_id = 2,
- .minimum_version_id_old = 2,
- .fields = (VMStateField []) {
- VMSTATE_PCI_DEVICE(dev, PCICirrusVGAState),
- VMSTATE_STRUCT(cirrus_vga, PCICirrusVGAState, 0,
- vmstate_cirrus_vga, CirrusVGAState),
- VMSTATE_END_OF_LIST()
- }
-};
-
-/***************************************
- *
- * initialize
- *
- ***************************************/
-
-static void cirrus_reset(void *opaque)
-{
- CirrusVGAState *s = opaque;
-
- vga_common_reset(&s->vga);
- unmap_linear_vram(s);
- s->vga.sr[0x06] = 0x0f;
- if (s->device_id == CIRRUS_ID_CLGD5446) {
- /* 4MB 64 bit memory config, always PCI */
- s->vga.sr[0x1F] = 0x2d; // MemClock
- s->vga.gr[0x18] = 0x0f; // fastest memory configuration
- s->vga.sr[0x0f] = 0x98;
- s->vga.sr[0x17] = 0x20;
- s->vga.sr[0x15] = 0x04; /* memory size, 3=2MB, 4=4MB */
- } else {
- s->vga.sr[0x1F] = 0x22; // MemClock
- s->vga.sr[0x0F] = CIRRUS_MEMSIZE_2M;
- s->vga.sr[0x17] = s->bustype;
- s->vga.sr[0x15] = 0x03; /* memory size, 3=2MB, 4=4MB */
- }
- s->vga.cr[0x27] = s->device_id;
-
- s->cirrus_hidden_dac_lockindex = 5;
- s->cirrus_hidden_dac_data = 0;
-}
-
-static const MemoryRegionOps cirrus_linear_io_ops = {
- .read = cirrus_linear_read,
- .write = cirrus_linear_write,
- .endianness = DEVICE_LITTLE_ENDIAN,
- .impl = {
- .min_access_size = 1,
- .max_access_size = 1,
- },
-};
-
-static void cirrus_init_common(CirrusVGAState * s, int device_id, int is_pci,
- MemoryRegion *system_memory)
-{
- int i;
- static int inited;
-
- if (!inited) {
- inited = 1;
- for(i = 0;i < 256; i++)
- rop_to_index[i] = CIRRUS_ROP_NOP_INDEX; /* nop rop */
- rop_to_index[CIRRUS_ROP_0] = 0;
- rop_to_index[CIRRUS_ROP_SRC_AND_DST] = 1;
- rop_to_index[CIRRUS_ROP_NOP] = 2;
- rop_to_index[CIRRUS_ROP_SRC_AND_NOTDST] = 3;
- rop_to_index[CIRRUS_ROP_NOTDST] = 4;
- rop_to_index[CIRRUS_ROP_SRC] = 5;
- rop_to_index[CIRRUS_ROP_1] = 6;
- rop_to_index[CIRRUS_ROP_NOTSRC_AND_DST] = 7;
- rop_to_index[CIRRUS_ROP_SRC_XOR_DST] = 8;
- rop_to_index[CIRRUS_ROP_SRC_OR_DST] = 9;
- rop_to_index[CIRRUS_ROP_NOTSRC_OR_NOTDST] = 10;
- rop_to_index[CIRRUS_ROP_SRC_NOTXOR_DST] = 11;
- rop_to_index[CIRRUS_ROP_SRC_OR_NOTDST] = 12;
- rop_to_index[CIRRUS_ROP_NOTSRC] = 13;
- rop_to_index[CIRRUS_ROP_NOTSRC_OR_DST] = 14;
- rop_to_index[CIRRUS_ROP_NOTSRC_AND_NOTDST] = 15;
- s->device_id = device_id;
- if (is_pci)
- s->bustype = CIRRUS_BUSTYPE_PCI;
- else
- s->bustype = CIRRUS_BUSTYPE_ISA;
- }
-
- register_ioport_write(0x3c0, 16, 1, cirrus_vga_ioport_write, s);
-
- register_ioport_write(0x3b4, 2, 1, cirrus_vga_ioport_write, s);
- register_ioport_write(0x3d4, 2, 1, cirrus_vga_ioport_write, s);
- register_ioport_write(0x3ba, 1, 1, cirrus_vga_ioport_write, s);
- register_ioport_write(0x3da, 1, 1, cirrus_vga_ioport_write, s);
-
- register_ioport_read(0x3c0, 16, 1, cirrus_vga_ioport_read, s);
-
- register_ioport_read(0x3b4, 2, 1, cirrus_vga_ioport_read, s);
- register_ioport_read(0x3d4, 2, 1, cirrus_vga_ioport_read, s);
- register_ioport_read(0x3ba, 1, 1, cirrus_vga_ioport_read, s);
- register_ioport_read(0x3da, 1, 1, cirrus_vga_ioport_read, s);
-
- memory_region_init(&s->low_mem_container,
- "cirrus-lowmem-container",
- 0x20000);
-
- memory_region_init_io(&s->low_mem, &cirrus_vga_mem_ops, s,
- "cirrus-low-memory", 0x20000);
- memory_region_add_subregion(&s->low_mem_container, 0, &s->low_mem);
- for (i = 0; i < 2; ++i) {
- static const char *names[] = { "vga.bank0", "vga.bank1" };
- MemoryRegion *bank = &s->cirrus_bank[i];
- memory_region_init_alias(bank, names[i], &s->vga.vram, 0, 0x8000);
- memory_region_set_enabled(bank, false);
- memory_region_add_subregion_overlap(&s->low_mem_container, i * 0x8000,
- bank, 1);
- }
- memory_region_add_subregion_overlap(system_memory,
- isa_mem_base + 0x000a0000,
- &s->low_mem_container,
- 1);
- memory_region_set_coalescing(&s->low_mem);
-
- /* I/O handler for LFB */
- memory_region_init_io(&s->cirrus_linear_io, &cirrus_linear_io_ops, s,
- "cirrus-linear-io", s->vga.vram_size_mb
- * 1024 * 1024);
- memory_region_set_flush_coalesced(&s->cirrus_linear_io);
-
- /* I/O handler for LFB */
- memory_region_init_io(&s->cirrus_linear_bitblt_io,
- &cirrus_linear_bitblt_io_ops,
- s,
- "cirrus-bitblt-mmio",
- 0x400000);
- memory_region_set_flush_coalesced(&s->cirrus_linear_bitblt_io);
-
- /* I/O handler for memory-mapped I/O */
- memory_region_init_io(&s->cirrus_mmio_io, &cirrus_mmio_io_ops, s,
- "cirrus-mmio", CIRRUS_PNPMMIO_SIZE);
- memory_region_set_flush_coalesced(&s->cirrus_mmio_io);
-
- s->real_vram_size =
- (s->device_id == CIRRUS_ID_CLGD5446) ? 4096 * 1024 : 2048 * 1024;
-
- /* XXX: s->vga.vram_size must be a power of two */
- s->cirrus_addr_mask = s->real_vram_size - 1;
- s->linear_mmio_mask = s->real_vram_size - 256;
-
- s->vga.get_bpp = cirrus_get_bpp;
- s->vga.get_offsets = cirrus_get_offsets;
- s->vga.get_resolution = cirrus_get_resolution;
- s->vga.cursor_invalidate = cirrus_cursor_invalidate;
- s->vga.cursor_draw_line = cirrus_cursor_draw_line;
-
- qemu_register_reset(cirrus_reset, s);
-}
-
-/***************************************
- *
- * ISA bus support
- *
- ***************************************/
-
-static int vga_initfn(ISADevice *dev)
-{
- ISACirrusVGAState *d = DO_UPCAST(ISACirrusVGAState, dev, dev);
- VGACommonState *s = &d->cirrus_vga.vga;
-
- vga_common_init(s);
- cirrus_init_common(&d->cirrus_vga, CIRRUS_ID_CLGD5430, 0,
- isa_address_space(dev));
- s->ds = graphic_console_init(s->update, s->invalidate,
- s->screen_dump, s->text_update,
- s);
- rom_add_vga(VGABIOS_CIRRUS_FILENAME);
- /* XXX ISA-LFB support */
- /* FIXME not qdev yet */
- return 0;
-}
-
-static Property isa_vga_cirrus_properties[] = {
- DEFINE_PROP_UINT32("vgamem_mb", struct ISACirrusVGAState,
- cirrus_vga.vga.vram_size_mb, 8),
- DEFINE_PROP_END_OF_LIST(),
-};
-
-static void isa_cirrus_vga_class_init(ObjectClass *klass, void *data)
-{
- ISADeviceClass *k = ISA_DEVICE_CLASS(klass);
- DeviceClass *dc = DEVICE_CLASS(klass);
-
- dc->vmsd = &vmstate_cirrus_vga;
- k->init = vga_initfn;
- dc->props = isa_vga_cirrus_properties;
-}
-
-static TypeInfo isa_cirrus_vga_info = {
- .name = "isa-cirrus-vga",
- .parent = TYPE_ISA_DEVICE,
- .instance_size = sizeof(ISACirrusVGAState),
- .class_init = isa_cirrus_vga_class_init,
-};
-
-/***************************************
- *
- * PCI bus support
- *
- ***************************************/
-
-static int pci_cirrus_vga_initfn(PCIDevice *dev)
-{
- PCICirrusVGAState *d = DO_UPCAST(PCICirrusVGAState, dev, dev);
- CirrusVGAState *s = &d->cirrus_vga;
- PCIDeviceClass *pc = PCI_DEVICE_GET_CLASS(dev);
- int16_t device_id = pc->device_id;
-
- /* setup VGA */
- vga_common_init(&s->vga);
- cirrus_init_common(s, device_id, 1, pci_address_space(dev));
- s->vga.ds = graphic_console_init(s->vga.update, s->vga.invalidate,
- s->vga.screen_dump, s->vga.text_update,
- &s->vga);
-
- /* setup PCI */
-
- memory_region_init(&s->pci_bar, "cirrus-pci-bar0", 0x2000000);
-
- /* XXX: add byte swapping apertures */
- memory_region_add_subregion(&s->pci_bar, 0, &s->cirrus_linear_io);
- memory_region_add_subregion(&s->pci_bar, 0x1000000,
- &s->cirrus_linear_bitblt_io);
-
- /* setup memory space */
- /* memory #0 LFB */
- /* memory #1 memory-mapped I/O */
- /* XXX: s->vga.vram_size must be a power of two */
- pci_register_bar(&d->dev, 0, PCI_BASE_ADDRESS_MEM_PREFETCH, &s->pci_bar);
- if (device_id == CIRRUS_ID_CLGD5446) {
- pci_register_bar(&d->dev, 1, 0, &s->cirrus_mmio_io);
- }
- return 0;
-}
-
-static Property pci_vga_cirrus_properties[] = {
- DEFINE_PROP_UINT32("vgamem_mb", struct PCICirrusVGAState,
- cirrus_vga.vga.vram_size_mb, 8),
- DEFINE_PROP_END_OF_LIST(),
-};
-
-static void cirrus_vga_class_init(ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS(klass);
- PCIDeviceClass *k = PCI_DEVICE_CLASS(klass);
-
- k->no_hotplug = 1;
- k->init = pci_cirrus_vga_initfn;
- k->romfile = VGABIOS_CIRRUS_FILENAME;
- k->vendor_id = PCI_VENDOR_ID_CIRRUS;
- k->device_id = CIRRUS_ID_CLGD5446;
- k->class_id = PCI_CLASS_DISPLAY_VGA;
- dc->desc = "Cirrus CLGD 54xx VGA";
- dc->vmsd = &vmstate_pci_cirrus_vga;
- dc->props = pci_vga_cirrus_properties;
-}
-
-static TypeInfo cirrus_vga_info = {
- .name = "cirrus-vga",
- .parent = TYPE_PCI_DEVICE,
- .instance_size = sizeof(PCICirrusVGAState),
- .class_init = cirrus_vga_class_init,
-};
-
-static void cirrus_vga_register_types(void)
-{
- type_register_static(&isa_cirrus_vga_info);
- type_register_static(&cirrus_vga_info);
-}
-
-type_init(cirrus_vga_register_types)
diff --git a/hw/collie.c b/hw/collie.c
deleted file mode 100644
index 695982a99..000000000
--- a/hw/collie.c
+++ /dev/null
@@ -1,72 +0,0 @@
-/*
- * SA-1110-based Sharp Zaurus SL-5500 platform.
- *
- * Copyright (C) 2011 Dmitry Eremin-Solenikov
- *
- * This code is licensed under GNU GPL v2.
- *
- * Contributions after 2012-01-13 are licensed under the terms of the
- * GNU GPL, version 2 or (at your option) any later version.
- */
-#include "hw.h"
-#include "sysbus.h"
-#include "boards.h"
-#include "devices.h"
-#include "strongarm.h"
-#include "arm-misc.h"
-#include "flash.h"
-#include "blockdev.h"
-#include "exec-memory.h"
-
-static struct arm_boot_info collie_binfo = {
- .loader_start = SA_SDCS0,
- .ram_size = 0x20000000,
-};
-
-static void collie_init(QEMUMachineInitArgs *args)
-{
- const char *cpu_model = args->cpu_model;
- const char *kernel_filename = args->kernel_filename;
- const char *kernel_cmdline = args->kernel_cmdline;
- const char *initrd_filename = args->initrd_filename;
- StrongARMState *s;
- DriveInfo *dinfo;
- MemoryRegion *sysmem = get_system_memory();
-
- if (!cpu_model) {
- cpu_model = "sa1110";
- }
-
- s = sa1110_init(sysmem, collie_binfo.ram_size, cpu_model);
-
- dinfo = drive_get(IF_PFLASH, 0, 0);
- pflash_cfi01_register(SA_CS0, NULL, "collie.fl1", 0x02000000,
- dinfo ? dinfo->bdrv : NULL, (64 * 1024),
- 512, 4, 0x00, 0x00, 0x00, 0x00, 0);
-
- dinfo = drive_get(IF_PFLASH, 0, 1);
- pflash_cfi01_register(SA_CS1, NULL, "collie.fl2", 0x02000000,
- dinfo ? dinfo->bdrv : NULL, (64 * 1024),
- 512, 4, 0x00, 0x00, 0x00, 0x00, 0);
-
- sysbus_create_simple("scoop", 0x40800000, NULL);
-
- collie_binfo.kernel_filename = kernel_filename;
- collie_binfo.kernel_cmdline = kernel_cmdline;
- collie_binfo.initrd_filename = initrd_filename;
- collie_binfo.board_id = 0x208;
- arm_load_kernel(s->cpu, &collie_binfo);
-}
-
-static QEMUMachine collie_machine = {
- .name = "collie",
- .desc = "Collie PDA (SA-1110)",
- .init = collie_init,
-};
-
-static void collie_machine_init(void)
-{
- qemu_register_machine(&collie_machine);
-}
-
-machine_init(collie_machine_init)
diff --git a/hw/core/Makefile.objs b/hw/core/Makefile.objs
new file mode 100644
index 000000000..950146c6f
--- /dev/null
+++ b/hw/core/Makefile.objs
@@ -0,0 +1,13 @@
+# core qdev-related obj files, also used by *-user:
+common-obj-y += qdev.o qdev-properties.o
+# irq.o needed for qdev GPIO handling:
+common-obj-y += irq.o
+
+common-obj-$(CONFIG_EMPTY_SLOT) += empty_slot.o
+common-obj-$(CONFIG_XILINX_AXI) += stream.o
+common-obj-$(CONFIG_PTIMER) += ptimer.o
+common-obj-$(CONFIG_SOFTMMU) += sysbus.o
+common-obj-$(CONFIG_SOFTMMU) += null-machine.o
+common-obj-$(CONFIG_SOFTMMU) += loader.o
+common-obj-$(CONFIG_SOFTMMU) += qdev-properties-system.o
+
diff --git a/hw/core/empty_slot.c b/hw/core/empty_slot.c
new file mode 100644
index 000000000..612b1093a
--- /dev/null
+++ b/hw/core/empty_slot.c
@@ -0,0 +1,102 @@
+/*
+ * QEMU Empty Slot
+ *
+ * The empty_slot device emulates known to a bus but not connected devices.
+ *
+ * Copyright (c) 2010 Artyom Tarasenko
+ *
+ * This code is licensed under the GNU GPL v2 or (at your option) any later
+ * version.
+ */
+
+#include "hw/hw.h"
+#include "hw/sysbus.h"
+#include "hw/empty_slot.h"
+
+//#define DEBUG_EMPTY_SLOT
+
+#ifdef DEBUG_EMPTY_SLOT
+#define DPRINTF(fmt, ...) \
+ do { printf("empty_slot: " fmt , ## __VA_ARGS__); } while (0)
+#else
+#define DPRINTF(fmt, ...) do {} while (0)
+#endif
+
+#define TYPE_EMPTY_SLOT "empty_slot"
+#define EMPTY_SLOT(obj) OBJECT_CHECK(EmptySlot, (obj), TYPE_EMPTY_SLOT)
+
+typedef struct EmptySlot {
+ SysBusDevice parent_obj;
+
+ MemoryRegion iomem;
+ uint64_t size;
+} EmptySlot;
+
+static uint64_t empty_slot_read(void *opaque, hwaddr addr,
+ unsigned size)
+{
+ DPRINTF("read from " TARGET_FMT_plx "\n", addr);
+ return 0;
+}
+
+static void empty_slot_write(void *opaque, hwaddr addr,
+ uint64_t val, unsigned size)
+{
+ DPRINTF("write 0x%x to " TARGET_FMT_plx "\n", (unsigned)val, addr);
+}
+
+static const MemoryRegionOps empty_slot_ops = {
+ .read = empty_slot_read,
+ .write = empty_slot_write,
+ .endianness = DEVICE_NATIVE_ENDIAN,
+};
+
+void empty_slot_init(hwaddr addr, uint64_t slot_size)
+{
+ if (slot_size > 0) {
+ /* Only empty slots larger than 0 byte need handling. */
+ DeviceState *dev;
+ SysBusDevice *s;
+ EmptySlot *e;
+
+ dev = qdev_create(NULL, TYPE_EMPTY_SLOT);
+ s = SYS_BUS_DEVICE(dev);
+ e = EMPTY_SLOT(dev);
+ e->size = slot_size;
+
+ qdev_init_nofail(dev);
+
+ sysbus_mmio_map(s, 0, addr);
+ }
+}
+
+static int empty_slot_init1(SysBusDevice *dev)
+{
+ EmptySlot *s = EMPTY_SLOT(dev);
+
+ memory_region_init_io(&s->iomem, OBJECT(s), &empty_slot_ops, s,
+ "empty-slot", s->size);
+ sysbus_init_mmio(dev, &s->iomem);
+ return 0;
+}
+
+static void empty_slot_class_init(ObjectClass *klass, void *data)
+{
+ SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
+
+ k->init = empty_slot_init1;
+}
+
+static const TypeInfo empty_slot_info = {
+ .name = TYPE_EMPTY_SLOT,
+ .parent = TYPE_SYS_BUS_DEVICE,
+ .instance_size = sizeof(EmptySlot),
+ .class_init = empty_slot_class_init,
+};
+
+static void empty_slot_register_types(void)
+{
+ type_register_static(&empty_slot_info);
+}
+
+type_init(empty_slot_register_types)
diff --git a/hw/core/irq.c b/hw/core/irq.c
new file mode 100644
index 000000000..20785428e
--- /dev/null
+++ b/hw/core/irq.c
@@ -0,0 +1,136 @@
+/*
+ * QEMU IRQ/GPIO common code.
+ *
+ * Copyright (c) 2007 CodeSourcery.
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+#include "qemu-common.h"
+#include "hw/irq.h"
+
+struct IRQState {
+ qemu_irq_handler handler;
+ void *opaque;
+ int n;
+};
+
+void qemu_set_irq(qemu_irq irq, int level)
+{
+ if (!irq)
+ return;
+
+ irq->handler(irq->opaque, irq->n, level);
+}
+
+qemu_irq *qemu_extend_irqs(qemu_irq *old, int n_old, qemu_irq_handler handler,
+ void *opaque, int n)
+{
+ qemu_irq *s;
+ struct IRQState *p;
+ int i;
+
+ if (!old) {
+ n_old = 0;
+ }
+ s = old ? g_renew(qemu_irq, old, n + n_old) : g_new(qemu_irq, n);
+ p = old ? g_renew(struct IRQState, s[0], n + n_old) :
+ g_new(struct IRQState, n);
+ for (i = 0; i < n + n_old; i++) {
+ if (i >= n_old) {
+ p->handler = handler;
+ p->opaque = opaque;
+ p->n = i;
+ }
+ s[i] = p;
+ p++;
+ }
+ return s;
+}
+
+qemu_irq *qemu_allocate_irqs(qemu_irq_handler handler, void *opaque, int n)
+{
+ return qemu_extend_irqs(NULL, 0, handler, opaque, n);
+}
+
+
+void qemu_free_irqs(qemu_irq *s)
+{
+ g_free(s[0]);
+ g_free(s);
+}
+
+static void qemu_notirq(void *opaque, int line, int level)
+{
+ struct IRQState *irq = opaque;
+
+ irq->handler(irq->opaque, irq->n, !level);
+}
+
+qemu_irq qemu_irq_invert(qemu_irq irq)
+{
+ /* The default state for IRQs is low, so raise the output now. */
+ qemu_irq_raise(irq);
+ return qemu_allocate_irqs(qemu_notirq, irq, 1)[0];
+}
+
+static void qemu_splitirq(void *opaque, int line, int level)
+{
+ struct IRQState **irq = opaque;
+ irq[0]->handler(irq[0]->opaque, irq[0]->n, level);
+ irq[1]->handler(irq[1]->opaque, irq[1]->n, level);
+}
+
+qemu_irq qemu_irq_split(qemu_irq irq1, qemu_irq irq2)
+{
+ qemu_irq *s = g_malloc0(2 * sizeof(qemu_irq));
+ s[0] = irq1;
+ s[1] = irq2;
+ return qemu_allocate_irqs(qemu_splitirq, s, 1)[0];
+}
+
+static void proxy_irq_handler(void *opaque, int n, int level)
+{
+ qemu_irq **target = opaque;
+
+ if (*target) {
+ qemu_set_irq((*target)[n], level);
+ }
+}
+
+qemu_irq *qemu_irq_proxy(qemu_irq **target, int n)
+{
+ return qemu_allocate_irqs(proxy_irq_handler, target, n);
+}
+
+void qemu_irq_intercept_in(qemu_irq *gpio_in, qemu_irq_handler handler, int n)
+{
+ int i;
+ qemu_irq *old_irqs = qemu_allocate_irqs(NULL, NULL, n);
+ for (i = 0; i < n; i++) {
+ *old_irqs[i] = *gpio_in[i];
+ gpio_in[i]->handler = handler;
+ gpio_in[i]->opaque = old_irqs;
+ }
+}
+
+void qemu_irq_intercept_out(qemu_irq **gpio_out, qemu_irq_handler handler, int n)
+{
+ qemu_irq *old_irqs = *gpio_out;
+ *gpio_out = qemu_allocate_irqs(handler, old_irqs, n);
+}
diff --git a/hw/core/loader.c b/hw/core/loader.c
new file mode 100644
index 000000000..6875b7ecf
--- /dev/null
+++ b/hw/core/loader.c
@@ -0,0 +1,884 @@
+/*
+ * QEMU Executable loader
+ *
+ * Copyright (c) 2006 Fabrice Bellard
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ *
+ * Gunzip functionality in this file is derived from u-boot:
+ *
+ * (C) Copyright 2008 Semihalf
+ *
+ * (C) Copyright 2000-2005
+ * Wolfgang Denk, DENX Software Engineering, wd@denx.de.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License as
+ * published by the Free Software Foundation; either version 2 of
+ * the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "hw/hw.h"
+#include "disas/disas.h"
+#include "monitor/monitor.h"
+#include "sysemu/sysemu.h"
+#include "uboot_image.h"
+#include "hw/loader.h"
+#include "hw/nvram/fw_cfg.h"
+#include "exec/memory.h"
+#include "exec/address-spaces.h"
+
+#include <zlib.h>
+
+static int roms_loaded;
+
+/* return the size or -1 if error */
+int get_image_size(const char *filename)
+{
+ int fd, size;
+ fd = open(filename, O_RDONLY | O_BINARY);
+ if (fd < 0)
+ return -1;
+ size = lseek(fd, 0, SEEK_END);
+ close(fd);
+ return size;
+}
+
+/* return the size or -1 if error */
+/* deprecated, because caller does not specify buffer size! */
+int load_image(const char *filename, uint8_t *addr)
+{
+ int fd, size;
+ fd = open(filename, O_RDONLY | O_BINARY);
+ if (fd < 0)
+ return -1;
+ size = lseek(fd, 0, SEEK_END);
+ lseek(fd, 0, SEEK_SET);
+ if (read(fd, addr, size) != size) {
+ close(fd);
+ return -1;
+ }
+ close(fd);
+ return size;
+}
+
+/* read()-like version */
+ssize_t read_targphys(const char *name,
+ int fd, hwaddr dst_addr, size_t nbytes)
+{
+ uint8_t *buf;
+ ssize_t did;
+
+ buf = g_malloc(nbytes);
+ did = read(fd, buf, nbytes);
+ if (did > 0)
+ rom_add_blob_fixed("read", buf, did, dst_addr);
+ g_free(buf);
+ return did;
+}
+
+/* return the size or -1 if error */
+int load_image_targphys(const char *filename,
+ hwaddr addr, uint64_t max_sz)
+{
+ int size;
+
+ size = get_image_size(filename);
+ if (size > max_sz) {
+ return -1;
+ }
+ if (size > 0) {
+ rom_add_file_fixed(filename, addr, -1);
+ }
+ return size;
+}
+
+void pstrcpy_targphys(const char *name, hwaddr dest, int buf_size,
+ const char *source)
+{
+ const char *nulp;
+ char *ptr;
+
+ if (buf_size <= 0) return;
+ nulp = memchr(source, 0, buf_size);
+ if (nulp) {
+ rom_add_blob_fixed(name, source, (nulp - source) + 1, dest);
+ } else {
+ rom_add_blob_fixed(name, source, buf_size, dest);
+ ptr = rom_ptr(dest + buf_size - 1);
+ *ptr = 0;
+ }
+}
+
+/* A.OUT loader */
+
+struct exec
+{
+ uint32_t a_info; /* Use macros N_MAGIC, etc for access */
+ uint32_t a_text; /* length of text, in bytes */
+ uint32_t a_data; /* length of data, in bytes */
+ uint32_t a_bss; /* length of uninitialized data area, in bytes */
+ uint32_t a_syms; /* length of symbol table data in file, in bytes */
+ uint32_t a_entry; /* start address */
+ uint32_t a_trsize; /* length of relocation info for text, in bytes */
+ uint32_t a_drsize; /* length of relocation info for data, in bytes */
+};
+
+static void bswap_ahdr(struct exec *e)
+{
+ bswap32s(&e->a_info);
+ bswap32s(&e->a_text);
+ bswap32s(&e->a_data);
+ bswap32s(&e->a_bss);
+ bswap32s(&e->a_syms);
+ bswap32s(&e->a_entry);
+ bswap32s(&e->a_trsize);
+ bswap32s(&e->a_drsize);
+}
+
+#define N_MAGIC(exec) ((exec).a_info & 0xffff)
+#define OMAGIC 0407
+#define NMAGIC 0410
+#define ZMAGIC 0413
+#define QMAGIC 0314
+#define _N_HDROFF(x) (1024 - sizeof (struct exec))
+#define N_TXTOFF(x) \
+ (N_MAGIC(x) == ZMAGIC ? _N_HDROFF((x)) + sizeof (struct exec) : \
+ (N_MAGIC(x) == QMAGIC ? 0 : sizeof (struct exec)))
+#define N_TXTADDR(x, target_page_size) (N_MAGIC(x) == QMAGIC ? target_page_size : 0)
+#define _N_SEGMENT_ROUND(x, target_page_size) (((x) + target_page_size - 1) & ~(target_page_size - 1))
+
+#define _N_TXTENDADDR(x, target_page_size) (N_TXTADDR(x, target_page_size)+(x).a_text)
+
+#define N_DATADDR(x, target_page_size) \
+ (N_MAGIC(x)==OMAGIC? (_N_TXTENDADDR(x, target_page_size)) \
+ : (_N_SEGMENT_ROUND (_N_TXTENDADDR(x, target_page_size), target_page_size)))
+
+
+int load_aout(const char *filename, hwaddr addr, int max_sz,
+ int bswap_needed, hwaddr target_page_size)
+{
+ int fd;
+ ssize_t size, ret;
+ struct exec e;
+ uint32_t magic;
+
+ fd = open(filename, O_RDONLY | O_BINARY);
+ if (fd < 0)
+ return -1;
+
+ size = read(fd, &e, sizeof(e));
+ if (size < 0)
+ goto fail;
+
+ if (bswap_needed) {
+ bswap_ahdr(&e);
+ }
+
+ magic = N_MAGIC(e);
+ switch (magic) {
+ case ZMAGIC:
+ case QMAGIC:
+ case OMAGIC:
+ if (e.a_text + e.a_data > max_sz)
+ goto fail;
+ lseek(fd, N_TXTOFF(e), SEEK_SET);
+ size = read_targphys(filename, fd, addr, e.a_text + e.a_data);
+ if (size < 0)
+ goto fail;
+ break;
+ case NMAGIC:
+ if (N_DATADDR(e, target_page_size) + e.a_data > max_sz)
+ goto fail;
+ lseek(fd, N_TXTOFF(e), SEEK_SET);
+ size = read_targphys(filename, fd, addr, e.a_text);
+ if (size < 0)
+ goto fail;
+ ret = read_targphys(filename, fd, addr + N_DATADDR(e, target_page_size),
+ e.a_data);
+ if (ret < 0)
+ goto fail;
+ size += ret;
+ break;
+ default:
+ goto fail;
+ }
+ close(fd);
+ return size;
+ fail:
+ close(fd);
+ return -1;
+}
+
+/* ELF loader */
+
+static void *load_at(int fd, int offset, int size)
+{
+ void *ptr;
+ if (lseek(fd, offset, SEEK_SET) < 0)
+ return NULL;
+ ptr = g_malloc(size);
+ if (read(fd, ptr, size) != size) {
+ g_free(ptr);
+ return NULL;
+ }
+ return ptr;
+}
+
+#ifdef ELF_CLASS
+#undef ELF_CLASS
+#endif
+
+#define ELF_CLASS ELFCLASS32
+#include "elf.h"
+
+#define SZ 32
+#define elf_word uint32_t
+#define elf_sword int32_t
+#define bswapSZs bswap32s
+#include "hw/elf_ops.h"
+
+#undef elfhdr
+#undef elf_phdr
+#undef elf_shdr
+#undef elf_sym
+#undef elf_note
+#undef elf_word
+#undef elf_sword
+#undef bswapSZs
+#undef SZ
+#define elfhdr elf64_hdr
+#define elf_phdr elf64_phdr
+#define elf_note elf64_note
+#define elf_shdr elf64_shdr
+#define elf_sym elf64_sym
+#define elf_word uint64_t
+#define elf_sword int64_t
+#define bswapSZs bswap64s
+#define SZ 64
+#include "hw/elf_ops.h"
+
+/* return < 0 if error, otherwise the number of bytes loaded in memory */
+int load_elf(const char *filename, uint64_t (*translate_fn)(void *, uint64_t),
+ void *translate_opaque, uint64_t *pentry, uint64_t *lowaddr,
+ uint64_t *highaddr, int big_endian, int elf_machine, int clear_lsb)
+{
+ int fd, data_order, target_data_order, must_swab, ret;
+ uint8_t e_ident[EI_NIDENT];
+
+ fd = open(filename, O_RDONLY | O_BINARY);
+ if (fd < 0) {
+ perror(filename);
+ return -1;
+ }
+ if (read(fd, e_ident, sizeof(e_ident)) != sizeof(e_ident))
+ goto fail;
+ if (e_ident[0] != ELFMAG0 ||
+ e_ident[1] != ELFMAG1 ||
+ e_ident[2] != ELFMAG2 ||
+ e_ident[3] != ELFMAG3)
+ goto fail;
+#ifdef HOST_WORDS_BIGENDIAN
+ data_order = ELFDATA2MSB;
+#else
+ data_order = ELFDATA2LSB;
+#endif
+ must_swab = data_order != e_ident[EI_DATA];
+ if (big_endian) {
+ target_data_order = ELFDATA2MSB;
+ } else {
+ target_data_order = ELFDATA2LSB;
+ }
+
+ if (target_data_order != e_ident[EI_DATA]) {
+ goto fail;
+ }
+
+ lseek(fd, 0, SEEK_SET);
+ if (e_ident[EI_CLASS] == ELFCLASS64) {
+ ret = load_elf64(filename, fd, translate_fn, translate_opaque, must_swab,
+ pentry, lowaddr, highaddr, elf_machine, clear_lsb);
+ } else {
+ ret = load_elf32(filename, fd, translate_fn, translate_opaque, must_swab,
+ pentry, lowaddr, highaddr, elf_machine, clear_lsb);
+ }
+
+ close(fd);
+ return ret;
+
+ fail:
+ close(fd);
+ return -1;
+}
+
+static void bswap_uboot_header(uboot_image_header_t *hdr)
+{
+#ifndef HOST_WORDS_BIGENDIAN
+ bswap32s(&hdr->ih_magic);
+ bswap32s(&hdr->ih_hcrc);
+ bswap32s(&hdr->ih_time);
+ bswap32s(&hdr->ih_size);
+ bswap32s(&hdr->ih_load);
+ bswap32s(&hdr->ih_ep);
+ bswap32s(&hdr->ih_dcrc);
+#endif
+}
+
+
+#define ZALLOC_ALIGNMENT 16
+
+static void *zalloc(void *x, unsigned items, unsigned size)
+{
+ void *p;
+
+ size *= items;
+ size = (size + ZALLOC_ALIGNMENT - 1) & ~(ZALLOC_ALIGNMENT - 1);
+
+ p = g_malloc(size);
+
+ return (p);
+}
+
+static void zfree(void *x, void *addr)
+{
+ g_free(addr);
+}
+
+
+#define HEAD_CRC 2
+#define EXTRA_FIELD 4
+#define ORIG_NAME 8
+#define COMMENT 0x10
+#define RESERVED 0xe0
+
+#define DEFLATED 8
+
+/* This is the usual maximum in uboot, so if a uImage overflows this, it would
+ * overflow on real hardware too. */
+#define UBOOT_MAX_GUNZIP_BYTES (64 << 20)
+
+static ssize_t gunzip(void *dst, size_t dstlen, uint8_t *src,
+ size_t srclen)
+{
+ z_stream s;
+ ssize_t dstbytes;
+ int r, i, flags;
+
+ /* skip header */
+ i = 10;
+ flags = src[3];
+ if (src[2] != DEFLATED || (flags & RESERVED) != 0) {
+ puts ("Error: Bad gzipped data\n");
+ return -1;
+ }
+ if ((flags & EXTRA_FIELD) != 0)
+ i = 12 + src[10] + (src[11] << 8);
+ if ((flags & ORIG_NAME) != 0)
+ while (src[i++] != 0)
+ ;
+ if ((flags & COMMENT) != 0)
+ while (src[i++] != 0)
+ ;
+ if ((flags & HEAD_CRC) != 0)
+ i += 2;
+ if (i >= srclen) {
+ puts ("Error: gunzip out of data in header\n");
+ return -1;
+ }
+
+ s.zalloc = zalloc;
+ s.zfree = zfree;
+
+ r = inflateInit2(&s, -MAX_WBITS);
+ if (r != Z_OK) {
+ printf ("Error: inflateInit2() returned %d\n", r);
+ return (-1);
+ }
+ s.next_in = src + i;
+ s.avail_in = srclen - i;
+ s.next_out = dst;
+ s.avail_out = dstlen;
+ r = inflate(&s, Z_FINISH);
+ if (r != Z_OK && r != Z_STREAM_END) {
+ printf ("Error: inflate() returned %d\n", r);
+ return -1;
+ }
+ dstbytes = s.next_out - (unsigned char *) dst;
+ inflateEnd(&s);
+
+ return dstbytes;
+}
+
+/* Load a U-Boot image. */
+static int load_uboot_image(const char *filename, hwaddr *ep, hwaddr *loadaddr,
+ int *is_linux, uint8_t image_type)
+{
+ int fd;
+ int size;
+ hwaddr address;
+ uboot_image_header_t h;
+ uboot_image_header_t *hdr = &h;
+ uint8_t *data = NULL;
+ int ret = -1;
+ int do_uncompress = 0;
+
+ fd = open(filename, O_RDONLY | O_BINARY);
+ if (fd < 0)
+ return -1;
+
+ size = read(fd, hdr, sizeof(uboot_image_header_t));
+ if (size < 0)
+ goto out;
+
+ bswap_uboot_header(hdr);
+
+ if (hdr->ih_magic != IH_MAGIC)
+ goto out;
+
+ if (hdr->ih_type != image_type) {
+ fprintf(stderr, "Wrong image type %d, expected %d\n", hdr->ih_type,
+ image_type);
+ goto out;
+ }
+
+ /* TODO: Implement other image types. */
+ switch (hdr->ih_type) {
+ case IH_TYPE_KERNEL:
+ address = hdr->ih_load;
+ if (loadaddr) {
+ *loadaddr = hdr->ih_load;
+ }
+
+ switch (hdr->ih_comp) {
+ case IH_COMP_NONE:
+ break;
+ case IH_COMP_GZIP:
+ do_uncompress = 1;
+ break;
+ default:
+ fprintf(stderr,
+ "Unable to load u-boot images with compression type %d\n",
+ hdr->ih_comp);
+ goto out;
+ }
+
+ if (ep) {
+ *ep = hdr->ih_ep;
+ }
+
+ /* TODO: Check CPU type. */
+ if (is_linux) {
+ if (hdr->ih_os == IH_OS_LINUX) {
+ *is_linux = 1;
+ } else {
+ *is_linux = 0;
+ }
+ }
+
+ break;
+ case IH_TYPE_RAMDISK:
+ address = *loadaddr;
+ break;
+ default:
+ fprintf(stderr, "Unsupported u-boot image type %d\n", hdr->ih_type);
+ goto out;
+ }
+
+ data = g_malloc(hdr->ih_size);
+
+ if (read(fd, data, hdr->ih_size) != hdr->ih_size) {
+ fprintf(stderr, "Error reading file\n");
+ goto out;
+ }
+
+ if (do_uncompress) {
+ uint8_t *compressed_data;
+ size_t max_bytes;
+ ssize_t bytes;
+
+ compressed_data = data;
+ max_bytes = UBOOT_MAX_GUNZIP_BYTES;
+ data = g_malloc(max_bytes);
+
+ bytes = gunzip(data, max_bytes, compressed_data, hdr->ih_size);
+ g_free(compressed_data);
+ if (bytes < 0) {
+ fprintf(stderr, "Unable to decompress gzipped image!\n");
+ goto out;
+ }
+ hdr->ih_size = bytes;
+ }
+
+ rom_add_blob_fixed(filename, data, hdr->ih_size, address);
+
+ ret = hdr->ih_size;
+
+out:
+ if (data)
+ g_free(data);
+ close(fd);
+ return ret;
+}
+
+int load_uimage(const char *filename, hwaddr *ep, hwaddr *loadaddr,
+ int *is_linux)
+{
+ return load_uboot_image(filename, ep, loadaddr, is_linux, IH_TYPE_KERNEL);
+}
+
+/* Load a ramdisk. */
+int load_ramdisk(const char *filename, hwaddr addr, uint64_t max_sz)
+{
+ return load_uboot_image(filename, NULL, &addr, NULL, IH_TYPE_RAMDISK);
+}
+
+/*
+ * Functions for reboot-persistent memory regions.
+ * - used for vga bios and option roms.
+ * - also linux kernel (-kernel / -initrd).
+ */
+
+typedef struct Rom Rom;
+
+struct Rom {
+ char *name;
+ char *path;
+
+ /* datasize is the amount of memory allocated in "data". If datasize is less
+ * than romsize, it means that the area from datasize to romsize is filled
+ * with zeros.
+ */
+ size_t romsize;
+ size_t datasize;
+
+ uint8_t *data;
+ int isrom;
+ char *fw_dir;
+ char *fw_file;
+
+ hwaddr addr;
+ QTAILQ_ENTRY(Rom) next;
+};
+
+static FWCfgState *fw_cfg;
+static QTAILQ_HEAD(, Rom) roms = QTAILQ_HEAD_INITIALIZER(roms);
+
+static void rom_insert(Rom *rom)
+{
+ Rom *item;
+
+ if (roms_loaded) {
+ hw_error ("ROM images must be loaded at startup\n");
+ }
+
+ /* list is ordered by load address */
+ QTAILQ_FOREACH(item, &roms, next) {
+ if (rom->addr >= item->addr)
+ continue;
+ QTAILQ_INSERT_BEFORE(item, rom, next);
+ return;
+ }
+ QTAILQ_INSERT_TAIL(&roms, rom, next);
+}
+
+int rom_add_file(const char *file, const char *fw_dir,
+ hwaddr addr, int32_t bootindex)
+{
+ Rom *rom;
+ int rc, fd = -1;
+ char devpath[100];
+
+ rom = g_malloc0(sizeof(*rom));
+ rom->name = g_strdup(file);
+ rom->path = qemu_find_file(QEMU_FILE_TYPE_BIOS, rom->name);
+ if (rom->path == NULL) {
+ rom->path = g_strdup(file);
+ }
+
+ fd = open(rom->path, O_RDONLY | O_BINARY);
+ if (fd == -1) {
+ fprintf(stderr, "Could not open option rom '%s': %s\n",
+ rom->path, strerror(errno));
+ goto err;
+ }
+
+ if (fw_dir) {
+ rom->fw_dir = g_strdup(fw_dir);
+ rom->fw_file = g_strdup(file);
+ }
+ rom->addr = addr;
+ rom->romsize = lseek(fd, 0, SEEK_END);
+ rom->datasize = rom->romsize;
+ rom->data = g_malloc0(rom->datasize);
+ lseek(fd, 0, SEEK_SET);
+ rc = read(fd, rom->data, rom->datasize);
+ if (rc != rom->datasize) {
+ fprintf(stderr, "rom: file %-20s: read error: rc=%d (expected %zd)\n",
+ rom->name, rc, rom->datasize);
+ goto err;
+ }
+ close(fd);
+ rom_insert(rom);
+ if (rom->fw_file && fw_cfg) {
+ const char *basename;
+ char fw_file_name[56];
+
+ basename = strrchr(rom->fw_file, '/');
+ if (basename) {
+ basename++;
+ } else {
+ basename = rom->fw_file;
+ }
+ snprintf(fw_file_name, sizeof(fw_file_name), "%s/%s", rom->fw_dir,
+ basename);
+ fw_cfg_add_file(fw_cfg, fw_file_name, rom->data, rom->romsize);
+ snprintf(devpath, sizeof(devpath), "/rom@%s", fw_file_name);
+ } else {
+ snprintf(devpath, sizeof(devpath), "/rom@" TARGET_FMT_plx, addr);
+ }
+
+ add_boot_device_path(bootindex, NULL, devpath);
+ return 0;
+
+err:
+ if (fd != -1)
+ close(fd);
+ g_free(rom->data);
+ g_free(rom->path);
+ g_free(rom->name);
+ g_free(rom);
+ return -1;
+}
+
+int rom_add_blob(const char *name, const void *blob, size_t len,
+ hwaddr addr)
+{
+ Rom *rom;
+
+ rom = g_malloc0(sizeof(*rom));
+ rom->name = g_strdup(name);
+ rom->addr = addr;
+ rom->romsize = len;
+ rom->datasize = len;
+ rom->data = g_malloc0(rom->datasize);
+ memcpy(rom->data, blob, len);
+ rom_insert(rom);
+ return 0;
+}
+
+/* This function is specific for elf program because we don't need to allocate
+ * all the rom. We just allocate the first part and the rest is just zeros. This
+ * is why romsize and datasize are different. Also, this function seize the
+ * memory ownership of "data", so we don't have to allocate and copy the buffer.
+ */
+int rom_add_elf_program(const char *name, void *data, size_t datasize,
+ size_t romsize, hwaddr addr)
+{
+ Rom *rom;
+
+ rom = g_malloc0(sizeof(*rom));
+ rom->name = g_strdup(name);
+ rom->addr = addr;
+ rom->datasize = datasize;
+ rom->romsize = romsize;
+ rom->data = data;
+ rom_insert(rom);
+ return 0;
+}
+
+int rom_add_vga(const char *file)
+{
+ return rom_add_file(file, "vgaroms", 0, -1);
+}
+
+int rom_add_option(const char *file, int32_t bootindex)
+{
+ return rom_add_file(file, "genroms", 0, bootindex);
+}
+
+static void rom_reset(void *unused)
+{
+ Rom *rom;
+
+ QTAILQ_FOREACH(rom, &roms, next) {
+ if (rom->fw_file) {
+ continue;
+ }
+ if (rom->data == NULL) {
+ continue;
+ }
+ cpu_physical_memory_write_rom(rom->addr, rom->data, rom->datasize);
+ if (rom->isrom) {
+ /* rom needs to be written only once */
+ g_free(rom->data);
+ rom->data = NULL;
+ }
+ }
+}
+
+int rom_load_all(void)
+{
+ hwaddr addr = 0;
+ MemoryRegionSection section;
+ Rom *rom;
+
+ QTAILQ_FOREACH(rom, &roms, next) {
+ if (rom->fw_file) {
+ continue;
+ }
+ if (addr > rom->addr) {
+ fprintf(stderr, "rom: requested regions overlap "
+ "(rom %s. free=0x" TARGET_FMT_plx
+ ", addr=0x" TARGET_FMT_plx ")\n",
+ rom->name, addr, rom->addr);
+ return -1;
+ }
+ addr = rom->addr;
+ addr += rom->romsize;
+ section = memory_region_find(get_system_memory(), rom->addr, 1);
+ rom->isrom = int128_nz(section.size) && memory_region_is_rom(section.mr);
+ memory_region_unref(section.mr);
+ }
+ qemu_register_reset(rom_reset, NULL);
+ roms_loaded = 1;
+ return 0;
+}
+
+void rom_set_fw(FWCfgState *f)
+{
+ fw_cfg = f;
+}
+
+static Rom *find_rom(hwaddr addr)
+{
+ Rom *rom;
+
+ QTAILQ_FOREACH(rom, &roms, next) {
+ if (rom->fw_file) {
+ continue;
+ }
+ if (rom->addr > addr) {
+ continue;
+ }
+ if (rom->addr + rom->romsize < addr) {
+ continue;
+ }
+ return rom;
+ }
+ return NULL;
+}
+
+/*
+ * Copies memory from registered ROMs to dest. Any memory that is contained in
+ * a ROM between addr and addr + size is copied. Note that this can involve
+ * multiple ROMs, which need not start at addr and need not end at addr + size.
+ */
+int rom_copy(uint8_t *dest, hwaddr addr, size_t size)
+{
+ hwaddr end = addr + size;
+ uint8_t *s, *d = dest;
+ size_t l = 0;
+ Rom *rom;
+
+ QTAILQ_FOREACH(rom, &roms, next) {
+ if (rom->fw_file) {
+ continue;
+ }
+ if (rom->addr + rom->romsize < addr) {
+ continue;
+ }
+ if (rom->addr > end) {
+ break;
+ }
+
+ d = dest + (rom->addr - addr);
+ s = rom->data;
+ l = rom->datasize;
+
+ if ((d + l) > (dest + size)) {
+ l = dest - d;
+ }
+
+ if (l > 0) {
+ memcpy(d, s, l);
+ }
+
+ if (rom->romsize > rom->datasize) {
+ /* If datasize is less than romsize, it means that we didn't
+ * allocate all the ROM because the trailing data are only zeros.
+ */
+
+ d += l;
+ l = rom->romsize - rom->datasize;
+
+ if ((d + l) > (dest + size)) {
+ /* Rom size doesn't fit in the destination area. Adjust to avoid
+ * overflow.
+ */
+ l = dest - d;
+ }
+
+ if (l > 0) {
+ memset(d, 0x0, l);
+ }
+ }
+ }
+
+ return (d + l) - dest;
+}
+
+void *rom_ptr(hwaddr addr)
+{
+ Rom *rom;
+
+ rom = find_rom(addr);
+ if (!rom || !rom->data)
+ return NULL;
+ return rom->data + (addr - rom->addr);
+}
+
+void do_info_roms(Monitor *mon, const QDict *qdict)
+{
+ Rom *rom;
+
+ QTAILQ_FOREACH(rom, &roms, next) {
+ if (!rom->fw_file) {
+ monitor_printf(mon, "addr=" TARGET_FMT_plx
+ " size=0x%06zx mem=%s name=\"%s\"\n",
+ rom->addr, rom->romsize,
+ rom->isrom ? "rom" : "ram",
+ rom->name);
+ } else {
+ monitor_printf(mon, "fw=%s/%s"
+ " size=0x%06zx name=\"%s\"\n",
+ rom->fw_dir,
+ rom->fw_file,
+ rom->romsize,
+ rom->name);
+ }
+ }
+}
diff --git a/hw/core/null-machine.c b/hw/core/null-machine.c
new file mode 100644
index 000000000..bdf109fef
--- /dev/null
+++ b/hw/core/null-machine.c
@@ -0,0 +1,36 @@
+/*
+ * Empty machine
+ *
+ * Copyright IBM, Corp. 2012
+ *
+ * Authors:
+ * Anthony Liguori <aliguori@us.ibm.com>
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or later.
+ * See the COPYING file in the top-level directory.
+ *
+ */
+
+#include "qemu-common.h"
+#include "hw/hw.h"
+#include "hw/boards.h"
+
+static void machine_none_init(QEMUMachineInitArgs *args)
+{
+}
+
+static QEMUMachine machine_none = {
+ .name = "none",
+ .desc = "empty machine",
+ .init = machine_none_init,
+ .max_cpus = 0,
+ DEFAULT_MACHINE_OPTIONS,
+};
+
+static void register_machines(void)
+{
+ qemu_register_machine(&machine_none);
+}
+
+machine_init(register_machines);
+
diff --git a/hw/core/ptimer.c b/hw/core/ptimer.c
new file mode 100644
index 000000000..4bc96c9fa
--- /dev/null
+++ b/hw/core/ptimer.c
@@ -0,0 +1,231 @@
+/*
+ * General purpose implementation of a simple periodic countdown timer.
+ *
+ * Copyright (c) 2007 CodeSourcery.
+ *
+ * This code is licensed under the GNU LGPL.
+ */
+#include "hw/hw.h"
+#include "qemu/timer.h"
+#include "hw/ptimer.h"
+#include "qemu/host-utils.h"
+
+struct ptimer_state
+{
+ uint8_t enabled; /* 0 = disabled, 1 = periodic, 2 = oneshot. */
+ uint64_t limit;
+ uint64_t delta;
+ uint32_t period_frac;
+ int64_t period;
+ int64_t last_event;
+ int64_t next_event;
+ QEMUBH *bh;
+ QEMUTimer *timer;
+};
+
+/* Use a bottom-half routine to avoid reentrancy issues. */
+static void ptimer_trigger(ptimer_state *s)
+{
+ if (s->bh) {
+ qemu_bh_schedule(s->bh);
+ }
+}
+
+static void ptimer_reload(ptimer_state *s)
+{
+ if (s->delta == 0) {
+ ptimer_trigger(s);
+ s->delta = s->limit;
+ }
+ if (s->delta == 0 || s->period == 0) {
+ fprintf(stderr, "Timer with period zero, disabling\n");
+ s->enabled = 0;
+ return;
+ }
+
+ s->last_event = s->next_event;
+ s->next_event = s->last_event + s->delta * s->period;
+ if (s->period_frac) {
+ s->next_event += ((int64_t)s->period_frac * s->delta) >> 32;
+ }
+ qemu_mod_timer(s->timer, s->next_event);
+}
+
+static void ptimer_tick(void *opaque)
+{
+ ptimer_state *s = (ptimer_state *)opaque;
+ ptimer_trigger(s);
+ s->delta = 0;
+ if (s->enabled == 2) {
+ s->enabled = 0;
+ } else {
+ ptimer_reload(s);
+ }
+}
+
+uint64_t ptimer_get_count(ptimer_state *s)
+{
+ int64_t now;
+ uint64_t counter;
+
+ if (s->enabled) {
+ now = qemu_get_clock_ns(vm_clock);
+ /* Figure out the current counter value. */
+ if (now - s->next_event > 0
+ || s->period == 0) {
+ /* Prevent timer underflowing if it should already have
+ triggered. */
+ counter = 0;
+ } else {
+ uint64_t rem;
+ uint64_t div;
+ int clz1, clz2;
+ int shift;
+
+ /* We need to divide time by period, where time is stored in
+ rem (64-bit integer) and period is stored in period/period_frac
+ (64.32 fixed point).
+
+ Doing full precision division is hard, so scale values and
+ do a 64-bit division. The result should be rounded down,
+ so that the rounding error never causes the timer to go
+ backwards.
+ */
+
+ rem = s->next_event - now;
+ div = s->period;
+
+ clz1 = clz64(rem);
+ clz2 = clz64(div);
+ shift = clz1 < clz2 ? clz1 : clz2;
+
+ rem <<= shift;
+ div <<= shift;
+ if (shift >= 32) {
+ div |= ((uint64_t)s->period_frac << (shift - 32));
+ } else {
+ if (shift != 0)
+ div |= (s->period_frac >> (32 - shift));
+ /* Look at remaining bits of period_frac and round div up if
+ necessary. */
+ if ((uint32_t)(s->period_frac << shift))
+ div += 1;
+ }
+ counter = rem / div;
+ }
+ } else {
+ counter = s->delta;
+ }
+ return counter;
+}
+
+void ptimer_set_count(ptimer_state *s, uint64_t count)
+{
+ s->delta = count;
+ if (s->enabled) {
+ s->next_event = qemu_get_clock_ns(vm_clock);
+ ptimer_reload(s);
+ }
+}
+
+void ptimer_run(ptimer_state *s, int oneshot)
+{
+ if (s->enabled) {
+ return;
+ }
+ if (s->period == 0) {
+ fprintf(stderr, "Timer with period zero, disabling\n");
+ return;
+ }
+ s->enabled = oneshot ? 2 : 1;
+ s->next_event = qemu_get_clock_ns(vm_clock);
+ ptimer_reload(s);
+}
+
+/* Pause a timer. Note that this may cause it to "lose" time, even if it
+ is immediately restarted. */
+void ptimer_stop(ptimer_state *s)
+{
+ if (!s->enabled)
+ return;
+
+ s->delta = ptimer_get_count(s);
+ qemu_del_timer(s->timer);
+ s->enabled = 0;
+}
+
+/* Set counter increment interval in nanoseconds. */
+void ptimer_set_period(ptimer_state *s, int64_t period)
+{
+ s->period = period;
+ s->period_frac = 0;
+ if (s->enabled) {
+ s->next_event = qemu_get_clock_ns(vm_clock);
+ ptimer_reload(s);
+ }
+}
+
+/* Set counter frequency in Hz. */
+void ptimer_set_freq(ptimer_state *s, uint32_t freq)
+{
+ s->period = 1000000000ll / freq;
+ s->period_frac = (1000000000ll << 32) / freq;
+ if (s->enabled) {
+ s->next_event = qemu_get_clock_ns(vm_clock);
+ ptimer_reload(s);
+ }
+}
+
+/* Set the initial countdown value. If reload is nonzero then also set
+ count = limit. */
+void ptimer_set_limit(ptimer_state *s, uint64_t limit, int reload)
+{
+ /*
+ * Artificially limit timeout rate to something
+ * achievable under QEMU. Otherwise, QEMU spends all
+ * its time generating timer interrupts, and there
+ * is no forward progress.
+ * About ten microseconds is the fastest that really works
+ * on the current generation of host machines.
+ */
+
+ if (limit * s->period < 10000 && s->period) {
+ limit = 10000 / s->period;
+ }
+
+ s->limit = limit;
+ if (reload)
+ s->delta = limit;
+ if (s->enabled && reload) {
+ s->next_event = qemu_get_clock_ns(vm_clock);
+ ptimer_reload(s);
+ }
+}
+
+const VMStateDescription vmstate_ptimer = {
+ .name = "ptimer",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .minimum_version_id_old = 1,
+ .fields = (VMStateField[]) {
+ VMSTATE_UINT8(enabled, ptimer_state),
+ VMSTATE_UINT64(limit, ptimer_state),
+ VMSTATE_UINT64(delta, ptimer_state),
+ VMSTATE_UINT32(period_frac, ptimer_state),
+ VMSTATE_INT64(period, ptimer_state),
+ VMSTATE_INT64(last_event, ptimer_state),
+ VMSTATE_INT64(next_event, ptimer_state),
+ VMSTATE_TIMER(timer, ptimer_state),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+ptimer_state *ptimer_init(QEMUBH *bh)
+{
+ ptimer_state *s;
+
+ s = (ptimer_state *)g_malloc0(sizeof(ptimer_state));
+ s->bh = bh;
+ s->timer = qemu_new_timer_ns(vm_clock, ptimer_tick, s);
+ return s;
+}
diff --git a/hw/core/qdev-properties-system.c b/hw/core/qdev-properties-system.c
new file mode 100644
index 000000000..0eada32dc
--- /dev/null
+++ b/hw/core/qdev-properties-system.c
@@ -0,0 +1,391 @@
+/*
+ * qdev property parsing and global properties
+ * (parts specific for qemu-system-*)
+ *
+ * This file is based on code from hw/qdev-properties.c from
+ * commit 074a86fccd185616469dfcdc0e157f438aebba18,
+ * Copyright (c) Gerd Hoffmann <kraxel@redhat.com> and other contributors.
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or later.
+ * See the COPYING file in the top-level directory.
+ */
+
+#include "net/net.h"
+#include "hw/qdev.h"
+#include "qapi/qmp/qerror.h"
+#include "sysemu/blockdev.h"
+#include "hw/block/block.h"
+#include "net/hub.h"
+#include "qapi/visitor.h"
+#include "sysemu/char.h"
+
+static void get_pointer(Object *obj, Visitor *v, Property *prop,
+ const char *(*print)(void *ptr),
+ const char *name, Error **errp)
+{
+ DeviceState *dev = DEVICE(obj);
+ void **ptr = qdev_get_prop_ptr(dev, prop);
+ char *p;
+
+ p = (char *) (*ptr ? print(*ptr) : "");
+ visit_type_str(v, &p, name, errp);
+}
+
+static void set_pointer(Object *obj, Visitor *v, Property *prop,
+ int (*parse)(DeviceState *dev, const char *str,
+ void **ptr),
+ const char *name, Error **errp)
+{
+ DeviceState *dev = DEVICE(obj);
+ Error *local_err = NULL;
+ void **ptr = qdev_get_prop_ptr(dev, prop);
+ char *str;
+ int ret;
+
+ if (dev->realized) {
+ qdev_prop_set_after_realize(dev, name, errp);
+ return;
+ }
+
+ visit_type_str(v, &str, name, &local_err);
+ if (local_err) {
+ error_propagate(errp, local_err);
+ return;
+ }
+ if (!*str) {
+ g_free(str);
+ *ptr = NULL;
+ return;
+ }
+ ret = parse(dev, str, ptr);
+ error_set_from_qdev_prop_error(errp, ret, dev, prop, str);
+ g_free(str);
+}
+
+/* --- drive --- */
+
+static int parse_drive(DeviceState *dev, const char *str, void **ptr)
+{
+ BlockDriverState *bs;
+
+ bs = bdrv_find(str);
+ if (bs == NULL) {
+ return -ENOENT;
+ }
+ if (bdrv_attach_dev(bs, dev) < 0) {
+ return -EEXIST;
+ }
+ *ptr = bs;
+ return 0;
+}
+
+static void release_drive(Object *obj, const char *name, void *opaque)
+{
+ DeviceState *dev = DEVICE(obj);
+ Property *prop = opaque;
+ BlockDriverState **ptr = qdev_get_prop_ptr(dev, prop);
+
+ if (*ptr) {
+ bdrv_detach_dev(*ptr, dev);
+ blockdev_auto_del(*ptr);
+ }
+}
+
+static const char *print_drive(void *ptr)
+{
+ return bdrv_get_device_name(ptr);
+}
+
+static void get_drive(Object *obj, Visitor *v, void *opaque,
+ const char *name, Error **errp)
+{
+ get_pointer(obj, v, opaque, print_drive, name, errp);
+}
+
+static void set_drive(Object *obj, Visitor *v, void *opaque,
+ const char *name, Error **errp)
+{
+ set_pointer(obj, v, opaque, parse_drive, name, errp);
+}
+
+PropertyInfo qdev_prop_drive = {
+ .name = "drive",
+ .get = get_drive,
+ .set = set_drive,
+ .release = release_drive,
+};
+
+/* --- character device --- */
+
+static int parse_chr(DeviceState *dev, const char *str, void **ptr)
+{
+ CharDriverState *chr = qemu_chr_find(str);
+ if (chr == NULL) {
+ return -ENOENT;
+ }
+ if (qemu_chr_fe_claim(chr) != 0) {
+ return -EEXIST;
+ }
+ *ptr = chr;
+ return 0;
+}
+
+static void release_chr(Object *obj, const char *name, void *opaque)
+{
+ DeviceState *dev = DEVICE(obj);
+ Property *prop = opaque;
+ CharDriverState **ptr = qdev_get_prop_ptr(dev, prop);
+ CharDriverState *chr = *ptr;
+
+ if (chr) {
+ qemu_chr_add_handlers(chr, NULL, NULL, NULL, NULL);
+ qemu_chr_fe_release(chr);
+ }
+}
+
+
+static const char *print_chr(void *ptr)
+{
+ CharDriverState *chr = ptr;
+
+ return chr->label ? chr->label : "";
+}
+
+static void get_chr(Object *obj, Visitor *v, void *opaque,
+ const char *name, Error **errp)
+{
+ get_pointer(obj, v, opaque, print_chr, name, errp);
+}
+
+static void set_chr(Object *obj, Visitor *v, void *opaque,
+ const char *name, Error **errp)
+{
+ set_pointer(obj, v, opaque, parse_chr, name, errp);
+}
+
+PropertyInfo qdev_prop_chr = {
+ .name = "chr",
+ .get = get_chr,
+ .set = set_chr,
+ .release = release_chr,
+};
+
+/* --- netdev device --- */
+
+static int parse_netdev(DeviceState *dev, const char *str, void **ptr)
+{
+ NICPeers *peers_ptr = (NICPeers *)ptr;
+ NICConf *conf = container_of(peers_ptr, NICConf, peers);
+ NetClientState **ncs = peers_ptr->ncs;
+ NetClientState *peers[MAX_QUEUE_NUM];
+ int queues, i = 0;
+ int ret;
+
+ queues = qemu_find_net_clients_except(str, peers,
+ NET_CLIENT_OPTIONS_KIND_NIC,
+ MAX_QUEUE_NUM);
+ if (queues == 0) {
+ ret = -ENOENT;
+ goto err;
+ }
+
+ if (queues > MAX_QUEUE_NUM) {
+ ret = -E2BIG;
+ goto err;
+ }
+
+ for (i = 0; i < queues; i++) {
+ if (peers[i] == NULL) {
+ ret = -ENOENT;
+ goto err;
+ }
+
+ if (peers[i]->peer) {
+ ret = -EEXIST;
+ goto err;
+ }
+
+ ncs[i] = peers[i];
+ ncs[i]->queue_index = i;
+ }
+
+ conf->queues = queues;
+
+ return 0;
+
+err:
+ return ret;
+}
+
+static const char *print_netdev(void *ptr)
+{
+ NetClientState *netdev = ptr;
+
+ return netdev->name ? netdev->name : "";
+}
+
+static void get_netdev(Object *obj, Visitor *v, void *opaque,
+ const char *name, Error **errp)
+{
+ get_pointer(obj, v, opaque, print_netdev, name, errp);
+}
+
+static void set_netdev(Object *obj, Visitor *v, void *opaque,
+ const char *name, Error **errp)
+{
+ set_pointer(obj, v, opaque, parse_netdev, name, errp);
+}
+
+PropertyInfo qdev_prop_netdev = {
+ .name = "netdev",
+ .get = get_netdev,
+ .set = set_netdev,
+};
+
+/* --- vlan --- */
+
+static int print_vlan(DeviceState *dev, Property *prop, char *dest, size_t len)
+{
+ NetClientState **ptr = qdev_get_prop_ptr(dev, prop);
+
+ if (*ptr) {
+ int id;
+ if (!net_hub_id_for_client(*ptr, &id)) {
+ return snprintf(dest, len, "%d", id);
+ }
+ }
+
+ return snprintf(dest, len, "<null>");
+}
+
+static void get_vlan(Object *obj, Visitor *v, void *opaque,
+ const char *name, Error **errp)
+{
+ DeviceState *dev = DEVICE(obj);
+ Property *prop = opaque;
+ NetClientState **ptr = qdev_get_prop_ptr(dev, prop);
+ int32_t id = -1;
+
+ if (*ptr) {
+ int hub_id;
+ if (!net_hub_id_for_client(*ptr, &hub_id)) {
+ id = hub_id;
+ }
+ }
+
+ visit_type_int32(v, &id, name, errp);
+}
+
+static void set_vlan(Object *obj, Visitor *v, void *opaque,
+ const char *name, Error **errp)
+{
+ DeviceState *dev = DEVICE(obj);
+ Property *prop = opaque;
+ NICPeers *peers_ptr = qdev_get_prop_ptr(dev, prop);
+ NetClientState **ptr = &peers_ptr->ncs[0];
+ Error *local_err = NULL;
+ int32_t id;
+ NetClientState *hubport;
+
+ if (dev->realized) {
+ qdev_prop_set_after_realize(dev, name, errp);
+ return;
+ }
+
+ visit_type_int32(v, &id, name, &local_err);
+ if (local_err) {
+ error_propagate(errp, local_err);
+ return;
+ }
+ if (id == -1) {
+ *ptr = NULL;
+ return;
+ }
+
+ hubport = net_hub_port_find(id);
+ if (!hubport) {
+ error_set(errp, QERR_INVALID_PARAMETER_VALUE,
+ name, prop->info->name);
+ return;
+ }
+ *ptr = hubport;
+}
+
+PropertyInfo qdev_prop_vlan = {
+ .name = "vlan",
+ .print = print_vlan,
+ .get = get_vlan,
+ .set = set_vlan,
+};
+
+int qdev_prop_set_drive(DeviceState *dev, const char *name,
+ BlockDriverState *value)
+{
+ Error *errp = NULL;
+ const char *bdrv_name = value ? bdrv_get_device_name(value) : "";
+ object_property_set_str(OBJECT(dev), bdrv_name,
+ name, &errp);
+ if (errp) {
+ qerror_report_err(errp);
+ error_free(errp);
+ return -1;
+ }
+ return 0;
+}
+
+void qdev_prop_set_drive_nofail(DeviceState *dev, const char *name,
+ BlockDriverState *value)
+{
+ if (qdev_prop_set_drive(dev, name, value) < 0) {
+ exit(1);
+ }
+}
+void qdev_prop_set_chr(DeviceState *dev, const char *name,
+ CharDriverState *value)
+{
+ Error *errp = NULL;
+ assert(!value || value->label);
+ object_property_set_str(OBJECT(dev),
+ value ? value->label : "", name, &errp);
+ assert_no_error(errp);
+}
+
+void qdev_prop_set_netdev(DeviceState *dev, const char *name,
+ NetClientState *value)
+{
+ Error *errp = NULL;
+ assert(!value || value->name);
+ object_property_set_str(OBJECT(dev),
+ value ? value->name : "", name, &errp);
+ assert_no_error(errp);
+}
+
+void qdev_set_nic_properties(DeviceState *dev, NICInfo *nd)
+{
+ qdev_prop_set_macaddr(dev, "mac", nd->macaddr.a);
+ if (nd->netdev) {
+ qdev_prop_set_netdev(dev, "netdev", nd->netdev);
+ }
+ if (nd->nvectors != DEV_NVECTORS_UNSPECIFIED &&
+ object_property_find(OBJECT(dev), "vectors", NULL)) {
+ qdev_prop_set_uint32(dev, "vectors", nd->nvectors);
+ }
+ nd->instantiated = 1;
+}
+
+static int qdev_add_one_global(QemuOpts *opts, void *opaque)
+{
+ GlobalProperty *g;
+
+ g = g_malloc0(sizeof(*g));
+ g->driver = qemu_opt_get(opts, "driver");
+ g->property = qemu_opt_get(opts, "property");
+ g->value = qemu_opt_get(opts, "value");
+ qdev_prop_register_global(g);
+ return 0;
+}
+
+void qemu_add_globals(void)
+{
+ qemu_opts_foreach(qemu_find_opts("global"), qdev_add_one_global, NULL, 0);
+}
diff --git a/hw/core/qdev-properties.c b/hw/core/qdev-properties.c
new file mode 100644
index 000000000..dc8ae6958
--- /dev/null
+++ b/hw/core/qdev-properties.c
@@ -0,0 +1,1198 @@
+#include "net/net.h"
+#include "hw/qdev.h"
+#include "qapi/qmp/qerror.h"
+#include "sysemu/blockdev.h"
+#include "hw/block/block.h"
+#include "net/hub.h"
+#include "qapi/visitor.h"
+#include "sysemu/char.h"
+
+void qdev_prop_set_after_realize(DeviceState *dev, const char *name,
+ Error **errp)
+{
+ if (dev->id) {
+ error_setg(errp, "Attempt to set property '%s' on device '%s' "
+ "(type '%s') after it was realized", name, dev->id,
+ object_get_typename(OBJECT(dev)));
+ } else {
+ error_setg(errp, "Attempt to set property '%s' on anonymous device "
+ "(type '%s') after it was realized", name,
+ object_get_typename(OBJECT(dev)));
+ }
+}
+
+void *qdev_get_prop_ptr(DeviceState *dev, Property *prop)
+{
+ void *ptr = dev;
+ ptr += prop->offset;
+ return ptr;
+}
+
+static void get_enum(Object *obj, Visitor *v, void *opaque,
+ const char *name, Error **errp)
+{
+ DeviceState *dev = DEVICE(obj);
+ Property *prop = opaque;
+ int *ptr = qdev_get_prop_ptr(dev, prop);
+
+ visit_type_enum(v, ptr, prop->info->enum_table,
+ prop->info->name, prop->name, errp);
+}
+
+static void set_enum(Object *obj, Visitor *v, void *opaque,
+ const char *name, Error **errp)
+{
+ DeviceState *dev = DEVICE(obj);
+ Property *prop = opaque;
+ int *ptr = qdev_get_prop_ptr(dev, prop);
+
+ if (dev->realized) {
+ qdev_prop_set_after_realize(dev, name, errp);
+ return;
+ }
+
+ visit_type_enum(v, ptr, prop->info->enum_table,
+ prop->info->name, prop->name, errp);
+}
+
+/* Bit */
+
+static uint32_t qdev_get_prop_mask(Property *prop)
+{
+ assert(prop->info == &qdev_prop_bit);
+ return 0x1 << prop->bitnr;
+}
+
+static void bit_prop_set(DeviceState *dev, Property *props, bool val)
+{
+ uint32_t *p = qdev_get_prop_ptr(dev, props);
+ uint32_t mask = qdev_get_prop_mask(props);
+ if (val) {
+ *p |= mask;
+ } else {
+ *p &= ~mask;
+ }
+}
+
+static int prop_print_bit(DeviceState *dev, Property *prop, char *dest,
+ size_t len)
+{
+ uint32_t *p = qdev_get_prop_ptr(dev, prop);
+ return snprintf(dest, len, (*p & qdev_get_prop_mask(prop)) ? "on" : "off");
+}
+
+static void prop_get_bit(Object *obj, Visitor *v, void *opaque,
+ const char *name, Error **errp)
+{
+ DeviceState *dev = DEVICE(obj);
+ Property *prop = opaque;
+ uint32_t *p = qdev_get_prop_ptr(dev, prop);
+ bool value = (*p & qdev_get_prop_mask(prop)) != 0;
+
+ visit_type_bool(v, &value, name, errp);
+}
+
+static void prop_set_bit(Object *obj, Visitor *v, void *opaque,
+ const char *name, Error **errp)
+{
+ DeviceState *dev = DEVICE(obj);
+ Property *prop = opaque;
+ Error *local_err = NULL;
+ bool value;
+
+ if (dev->realized) {
+ qdev_prop_set_after_realize(dev, name, errp);
+ return;
+ }
+
+ visit_type_bool(v, &value, name, &local_err);
+ if (local_err) {
+ error_propagate(errp, local_err);
+ return;
+ }
+ bit_prop_set(dev, prop, value);
+}
+
+PropertyInfo qdev_prop_bit = {
+ .name = "boolean",
+ .legacy_name = "on/off",
+ .print = prop_print_bit,
+ .get = prop_get_bit,
+ .set = prop_set_bit,
+};
+
+/* --- bool --- */
+
+static void get_bool(Object *obj, Visitor *v, void *opaque,
+ const char *name, Error **errp)
+{
+ DeviceState *dev = DEVICE(obj);
+ Property *prop = opaque;
+ bool *ptr = qdev_get_prop_ptr(dev, prop);
+
+ visit_type_bool(v, ptr, name, errp);
+}
+
+static void set_bool(Object *obj, Visitor *v, void *opaque,
+ const char *name, Error **errp)
+{
+ DeviceState *dev = DEVICE(obj);
+ Property *prop = opaque;
+ bool *ptr = qdev_get_prop_ptr(dev, prop);
+
+ if (dev->realized) {
+ qdev_prop_set_after_realize(dev, name, errp);
+ return;
+ }
+
+ visit_type_bool(v, ptr, name, errp);
+}
+
+PropertyInfo qdev_prop_bool = {
+ .name = "boolean",
+ .get = get_bool,
+ .set = set_bool,
+};
+
+/* --- 8bit integer --- */
+
+static void get_uint8(Object *obj, Visitor *v, void *opaque,
+ const char *name, Error **errp)
+{
+ DeviceState *dev = DEVICE(obj);
+ Property *prop = opaque;
+ uint8_t *ptr = qdev_get_prop_ptr(dev, prop);
+
+ visit_type_uint8(v, ptr, name, errp);
+}
+
+static void set_uint8(Object *obj, Visitor *v, void *opaque,
+ const char *name, Error **errp)
+{
+ DeviceState *dev = DEVICE(obj);
+ Property *prop = opaque;
+ uint8_t *ptr = qdev_get_prop_ptr(dev, prop);
+
+ if (dev->realized) {
+ qdev_prop_set_after_realize(dev, name, errp);
+ return;
+ }
+
+ visit_type_uint8(v, ptr, name, errp);
+}
+
+PropertyInfo qdev_prop_uint8 = {
+ .name = "uint8",
+ .get = get_uint8,
+ .set = set_uint8,
+};
+
+/* --- 8bit hex value --- */
+
+static int parse_hex8(DeviceState *dev, Property *prop, const char *str)
+{
+ uint8_t *ptr = qdev_get_prop_ptr(dev, prop);
+ char *end;
+
+ if (str[0] != '0' || str[1] != 'x') {
+ return -EINVAL;
+ }
+
+ *ptr = strtoul(str, &end, 16);
+ if ((*end != '\0') || (end == str)) {
+ return -EINVAL;
+ }
+
+ return 0;
+}
+
+static int print_hex8(DeviceState *dev, Property *prop, char *dest, size_t len)
+{
+ uint8_t *ptr = qdev_get_prop_ptr(dev, prop);
+ return snprintf(dest, len, "0x%" PRIx8, *ptr);
+}
+
+PropertyInfo qdev_prop_hex8 = {
+ .name = "uint8",
+ .legacy_name = "hex8",
+ .parse = parse_hex8,
+ .print = print_hex8,
+ .get = get_uint8,
+ .set = set_uint8,
+};
+
+/* --- 16bit integer --- */
+
+static void get_uint16(Object *obj, Visitor *v, void *opaque,
+ const char *name, Error **errp)
+{
+ DeviceState *dev = DEVICE(obj);
+ Property *prop = opaque;
+ uint16_t *ptr = qdev_get_prop_ptr(dev, prop);
+
+ visit_type_uint16(v, ptr, name, errp);
+}
+
+static void set_uint16(Object *obj, Visitor *v, void *opaque,
+ const char *name, Error **errp)
+{
+ DeviceState *dev = DEVICE(obj);
+ Property *prop = opaque;
+ uint16_t *ptr = qdev_get_prop_ptr(dev, prop);
+
+ if (dev->realized) {
+ qdev_prop_set_after_realize(dev, name, errp);
+ return;
+ }
+
+ visit_type_uint16(v, ptr, name, errp);
+}
+
+PropertyInfo qdev_prop_uint16 = {
+ .name = "uint16",
+ .get = get_uint16,
+ .set = set_uint16,
+};
+
+/* --- 32bit integer --- */
+
+static void get_uint32(Object *obj, Visitor *v, void *opaque,
+ const char *name, Error **errp)
+{
+ DeviceState *dev = DEVICE(obj);
+ Property *prop = opaque;
+ uint32_t *ptr = qdev_get_prop_ptr(dev, prop);
+
+ visit_type_uint32(v, ptr, name, errp);
+}
+
+static void set_uint32(Object *obj, Visitor *v, void *opaque,
+ const char *name, Error **errp)
+{
+ DeviceState *dev = DEVICE(obj);
+ Property *prop = opaque;
+ uint32_t *ptr = qdev_get_prop_ptr(dev, prop);
+
+ if (dev->realized) {
+ qdev_prop_set_after_realize(dev, name, errp);
+ return;
+ }
+
+ visit_type_uint32(v, ptr, name, errp);
+}
+
+static void get_int32(Object *obj, Visitor *v, void *opaque,
+ const char *name, Error **errp)
+{
+ DeviceState *dev = DEVICE(obj);
+ Property *prop = opaque;
+ int32_t *ptr = qdev_get_prop_ptr(dev, prop);
+
+ visit_type_int32(v, ptr, name, errp);
+}
+
+static void set_int32(Object *obj, Visitor *v, void *opaque,
+ const char *name, Error **errp)
+{
+ DeviceState *dev = DEVICE(obj);
+ Property *prop = opaque;
+ int32_t *ptr = qdev_get_prop_ptr(dev, prop);
+
+ if (dev->realized) {
+ qdev_prop_set_after_realize(dev, name, errp);
+ return;
+ }
+
+ visit_type_int32(v, ptr, name, errp);
+}
+
+PropertyInfo qdev_prop_uint32 = {
+ .name = "uint32",
+ .get = get_uint32,
+ .set = set_uint32,
+};
+
+PropertyInfo qdev_prop_int32 = {
+ .name = "int32",
+ .get = get_int32,
+ .set = set_int32,
+};
+
+/* --- 32bit hex value --- */
+
+static int parse_hex32(DeviceState *dev, Property *prop, const char *str)
+{
+ uint32_t *ptr = qdev_get_prop_ptr(dev, prop);
+ char *end;
+
+ if (str[0] != '0' || str[1] != 'x') {
+ return -EINVAL;
+ }
+
+ *ptr = strtoul(str, &end, 16);
+ if ((*end != '\0') || (end == str)) {
+ return -EINVAL;
+ }
+
+ return 0;
+}
+
+static int print_hex32(DeviceState *dev, Property *prop, char *dest, size_t len)
+{
+ uint32_t *ptr = qdev_get_prop_ptr(dev, prop);
+ return snprintf(dest, len, "0x%" PRIx32, *ptr);
+}
+
+PropertyInfo qdev_prop_hex32 = {
+ .name = "uint32",
+ .legacy_name = "hex32",
+ .parse = parse_hex32,
+ .print = print_hex32,
+ .get = get_uint32,
+ .set = set_uint32,
+};
+
+/* --- 64bit integer --- */
+
+static void get_uint64(Object *obj, Visitor *v, void *opaque,
+ const char *name, Error **errp)
+{
+ DeviceState *dev = DEVICE(obj);
+ Property *prop = opaque;
+ uint64_t *ptr = qdev_get_prop_ptr(dev, prop);
+
+ visit_type_uint64(v, ptr, name, errp);
+}
+
+static void set_uint64(Object *obj, Visitor *v, void *opaque,
+ const char *name, Error **errp)
+{
+ DeviceState *dev = DEVICE(obj);
+ Property *prop = opaque;
+ uint64_t *ptr = qdev_get_prop_ptr(dev, prop);
+
+ if (dev->realized) {
+ qdev_prop_set_after_realize(dev, name, errp);
+ return;
+ }
+
+ visit_type_uint64(v, ptr, name, errp);
+}
+
+PropertyInfo qdev_prop_uint64 = {
+ .name = "uint64",
+ .get = get_uint64,
+ .set = set_uint64,
+};
+
+/* --- 64bit hex value --- */
+
+static int parse_hex64(DeviceState *dev, Property *prop, const char *str)
+{
+ uint64_t *ptr = qdev_get_prop_ptr(dev, prop);
+ char *end;
+
+ if (str[0] != '0' || str[1] != 'x') {
+ return -EINVAL;
+ }
+
+ *ptr = strtoull(str, &end, 16);
+ if ((*end != '\0') || (end == str)) {
+ return -EINVAL;
+ }
+
+ return 0;
+}
+
+static int print_hex64(DeviceState *dev, Property *prop, char *dest, size_t len)
+{
+ uint64_t *ptr = qdev_get_prop_ptr(dev, prop);
+ return snprintf(dest, len, "0x%" PRIx64, *ptr);
+}
+
+PropertyInfo qdev_prop_hex64 = {
+ .name = "uint64",
+ .legacy_name = "hex64",
+ .parse = parse_hex64,
+ .print = print_hex64,
+ .get = get_uint64,
+ .set = set_uint64,
+};
+
+/* --- string --- */
+
+static void release_string(Object *obj, const char *name, void *opaque)
+{
+ Property *prop = opaque;
+ g_free(*(char **)qdev_get_prop_ptr(DEVICE(obj), prop));
+}
+
+static int print_string(DeviceState *dev, Property *prop, char *dest,
+ size_t len)
+{
+ char **ptr = qdev_get_prop_ptr(dev, prop);
+ if (!*ptr) {
+ return snprintf(dest, len, "<null>");
+ }
+ return snprintf(dest, len, "\"%s\"", *ptr);
+}
+
+static void get_string(Object *obj, Visitor *v, void *opaque,
+ const char *name, Error **errp)
+{
+ DeviceState *dev = DEVICE(obj);
+ Property *prop = opaque;
+ char **ptr = qdev_get_prop_ptr(dev, prop);
+
+ if (!*ptr) {
+ char *str = (char *)"";
+ visit_type_str(v, &str, name, errp);
+ } else {
+ visit_type_str(v, ptr, name, errp);
+ }
+}
+
+static void set_string(Object *obj, Visitor *v, void *opaque,
+ const char *name, Error **errp)
+{
+ DeviceState *dev = DEVICE(obj);
+ Property *prop = opaque;
+ char **ptr = qdev_get_prop_ptr(dev, prop);
+ Error *local_err = NULL;
+ char *str;
+
+ if (dev->realized) {
+ qdev_prop_set_after_realize(dev, name, errp);
+ return;
+ }
+
+ visit_type_str(v, &str, name, &local_err);
+ if (local_err) {
+ error_propagate(errp, local_err);
+ return;
+ }
+ if (*ptr) {
+ g_free(*ptr);
+ }
+ *ptr = str;
+}
+
+PropertyInfo qdev_prop_string = {
+ .name = "string",
+ .print = print_string,
+ .release = release_string,
+ .get = get_string,
+ .set = set_string,
+};
+
+/* --- pointer --- */
+
+/* Not a proper property, just for dirty hacks. TODO Remove it! */
+PropertyInfo qdev_prop_ptr = {
+ .name = "ptr",
+};
+
+/* --- mac address --- */
+
+/*
+ * accepted syntax versions:
+ * 01:02:03:04:05:06
+ * 01-02-03-04-05-06
+ */
+static void get_mac(Object *obj, Visitor *v, void *opaque,
+ const char *name, Error **errp)
+{
+ DeviceState *dev = DEVICE(obj);
+ Property *prop = opaque;
+ MACAddr *mac = qdev_get_prop_ptr(dev, prop);
+ char buffer[2 * 6 + 5 + 1];
+ char *p = buffer;
+
+ snprintf(buffer, sizeof(buffer), "%02x:%02x:%02x:%02x:%02x:%02x",
+ mac->a[0], mac->a[1], mac->a[2],
+ mac->a[3], mac->a[4], mac->a[5]);
+
+ visit_type_str(v, &p, name, errp);
+}
+
+static void set_mac(Object *obj, Visitor *v, void *opaque,
+ const char *name, Error **errp)
+{
+ DeviceState *dev = DEVICE(obj);
+ Property *prop = opaque;
+ MACAddr *mac = qdev_get_prop_ptr(dev, prop);
+ Error *local_err = NULL;
+ int i, pos;
+ char *str, *p;
+
+ if (dev->realized) {
+ qdev_prop_set_after_realize(dev, name, errp);
+ return;
+ }
+
+ visit_type_str(v, &str, name, &local_err);
+ if (local_err) {
+ error_propagate(errp, local_err);
+ return;
+ }
+
+ for (i = 0, pos = 0; i < 6; i++, pos += 3) {
+ if (!qemu_isxdigit(str[pos])) {
+ goto inval;
+ }
+ if (!qemu_isxdigit(str[pos+1])) {
+ goto inval;
+ }
+ if (i == 5) {
+ if (str[pos+2] != '\0') {
+ goto inval;
+ }
+ } else {
+ if (str[pos+2] != ':' && str[pos+2] != '-') {
+ goto inval;
+ }
+ }
+ mac->a[i] = strtol(str+pos, &p, 16);
+ }
+ g_free(str);
+ return;
+
+inval:
+ error_set_from_qdev_prop_error(errp, EINVAL, dev, prop, str);
+ g_free(str);
+}
+
+PropertyInfo qdev_prop_macaddr = {
+ .name = "macaddr",
+ .get = get_mac,
+ .set = set_mac,
+};
+
+/* --- lost tick policy --- */
+
+static const char *lost_tick_policy_table[LOST_TICK_MAX+1] = {
+ [LOST_TICK_DISCARD] = "discard",
+ [LOST_TICK_DELAY] = "delay",
+ [LOST_TICK_MERGE] = "merge",
+ [LOST_TICK_SLEW] = "slew",
+ [LOST_TICK_MAX] = NULL,
+};
+
+QEMU_BUILD_BUG_ON(sizeof(LostTickPolicy) != sizeof(int));
+
+PropertyInfo qdev_prop_losttickpolicy = {
+ .name = "LostTickPolicy",
+ .enum_table = lost_tick_policy_table,
+ .get = get_enum,
+ .set = set_enum,
+};
+
+/* --- BIOS CHS translation */
+
+static const char *bios_chs_trans_table[] = {
+ [BIOS_ATA_TRANSLATION_AUTO] = "auto",
+ [BIOS_ATA_TRANSLATION_NONE] = "none",
+ [BIOS_ATA_TRANSLATION_LBA] = "lba",
+};
+
+PropertyInfo qdev_prop_bios_chs_trans = {
+ .name = "bios-chs-trans",
+ .enum_table = bios_chs_trans_table,
+ .get = get_enum,
+ .set = set_enum,
+};
+
+/* --- pci address --- */
+
+/*
+ * bus-local address, i.e. "$slot" or "$slot.$fn"
+ */
+static void set_pci_devfn(Object *obj, Visitor *v, void *opaque,
+ const char *name, Error **errp)
+{
+ DeviceState *dev = DEVICE(obj);
+ Property *prop = opaque;
+ int32_t value, *ptr = qdev_get_prop_ptr(dev, prop);
+ unsigned int slot, fn, n;
+ Error *local_err = NULL;
+ char *str;
+
+ if (dev->realized) {
+ qdev_prop_set_after_realize(dev, name, errp);
+ return;
+ }
+
+ visit_type_str(v, &str, name, &local_err);
+ if (local_err) {
+ error_free(local_err);
+ local_err = NULL;
+ visit_type_int32(v, &value, name, &local_err);
+ if (local_err) {
+ error_propagate(errp, local_err);
+ } else if (value < -1 || value > 255) {
+ error_set(errp, QERR_INVALID_PARAMETER_VALUE, name ? name : "null",
+ "pci_devfn");
+ } else {
+ *ptr = value;
+ }
+ return;
+ }
+
+ if (sscanf(str, "%x.%x%n", &slot, &fn, &n) != 2) {
+ fn = 0;
+ if (sscanf(str, "%x%n", &slot, &n) != 1) {
+ goto invalid;
+ }
+ }
+ if (str[n] != '\0' || fn > 7 || slot > 31) {
+ goto invalid;
+ }
+ *ptr = slot << 3 | fn;
+ g_free(str);
+ return;
+
+invalid:
+ error_set_from_qdev_prop_error(errp, EINVAL, dev, prop, str);
+ g_free(str);
+}
+
+static int print_pci_devfn(DeviceState *dev, Property *prop, char *dest,
+ size_t len)
+{
+ int32_t *ptr = qdev_get_prop_ptr(dev, prop);
+
+ if (*ptr == -1) {
+ return snprintf(dest, len, "<unset>");
+ } else {
+ return snprintf(dest, len, "%02x.%x", *ptr >> 3, *ptr & 7);
+ }
+}
+
+PropertyInfo qdev_prop_pci_devfn = {
+ .name = "int32",
+ .legacy_name = "pci-devfn",
+ .print = print_pci_devfn,
+ .get = get_int32,
+ .set = set_pci_devfn,
+};
+
+/* --- blocksize --- */
+
+static void set_blocksize(Object *obj, Visitor *v, void *opaque,
+ const char *name, Error **errp)
+{
+ DeviceState *dev = DEVICE(obj);
+ Property *prop = opaque;
+ uint16_t value, *ptr = qdev_get_prop_ptr(dev, prop);
+ Error *local_err = NULL;
+ const int64_t min = 512;
+ const int64_t max = 32768;
+
+ if (dev->realized) {
+ qdev_prop_set_after_realize(dev, name, errp);
+ return;
+ }
+
+ visit_type_uint16(v, &value, name, &local_err);
+ if (local_err) {
+ error_propagate(errp, local_err);
+ return;
+ }
+ if (value < min || value > max) {
+ error_set(errp, QERR_PROPERTY_VALUE_OUT_OF_RANGE,
+ dev->id?:"", name, (int64_t)value, min, max);
+ return;
+ }
+
+ /* We rely on power-of-2 blocksizes for bitmasks */
+ if ((value & (value - 1)) != 0) {
+ error_set(errp, QERR_PROPERTY_VALUE_NOT_POWER_OF_2,
+ dev->id?:"", name, (int64_t)value);
+ return;
+ }
+
+ *ptr = value;
+}
+
+PropertyInfo qdev_prop_blocksize = {
+ .name = "blocksize",
+ .get = get_uint16,
+ .set = set_blocksize,
+};
+
+/* --- pci host address --- */
+
+static void get_pci_host_devaddr(Object *obj, Visitor *v, void *opaque,
+ const char *name, Error **errp)
+{
+ DeviceState *dev = DEVICE(obj);
+ Property *prop = opaque;
+ PCIHostDeviceAddress *addr = qdev_get_prop_ptr(dev, prop);
+ char buffer[] = "xxxx:xx:xx.x";
+ char *p = buffer;
+ int rc = 0;
+
+ rc = snprintf(buffer, sizeof(buffer), "%04x:%02x:%02x.%d",
+ addr->domain, addr->bus, addr->slot, addr->function);
+ assert(rc == sizeof(buffer) - 1);
+
+ visit_type_str(v, &p, name, errp);
+}
+
+/*
+ * Parse [<domain>:]<bus>:<slot>.<func>
+ * if <domain> is not supplied, it's assumed to be 0.
+ */
+static void set_pci_host_devaddr(Object *obj, Visitor *v, void *opaque,
+ const char *name, Error **errp)
+{
+ DeviceState *dev = DEVICE(obj);
+ Property *prop = opaque;
+ PCIHostDeviceAddress *addr = qdev_get_prop_ptr(dev, prop);
+ Error *local_err = NULL;
+ char *str, *p;
+ char *e;
+ unsigned long val;
+ unsigned long dom = 0, bus = 0;
+ unsigned int slot = 0, func = 0;
+
+ if (dev->realized) {
+ qdev_prop_set_after_realize(dev, name, errp);
+ return;
+ }
+
+ visit_type_str(v, &str, name, &local_err);
+ if (local_err) {
+ error_propagate(errp, local_err);
+ return;
+ }
+
+ p = str;
+ val = strtoul(p, &e, 16);
+ if (e == p || *e != ':') {
+ goto inval;
+ }
+ bus = val;
+
+ p = e + 1;
+ val = strtoul(p, &e, 16);
+ if (e == p) {
+ goto inval;
+ }
+ if (*e == ':') {
+ dom = bus;
+ bus = val;
+ p = e + 1;
+ val = strtoul(p, &e, 16);
+ if (e == p) {
+ goto inval;
+ }
+ }
+ slot = val;
+
+ if (*e != '.') {
+ goto inval;
+ }
+ p = e + 1;
+ val = strtoul(p, &e, 10);
+ if (e == p) {
+ goto inval;
+ }
+ func = val;
+
+ if (dom > 0xffff || bus > 0xff || slot > 0x1f || func > 7) {
+ goto inval;
+ }
+
+ if (*e) {
+ goto inval;
+ }
+
+ addr->domain = dom;
+ addr->bus = bus;
+ addr->slot = slot;
+ addr->function = func;
+
+ g_free(str);
+ return;
+
+inval:
+ error_set_from_qdev_prop_error(errp, EINVAL, dev, prop, str);
+ g_free(str);
+}
+
+PropertyInfo qdev_prop_pci_host_devaddr = {
+ .name = "pci-host-devaddr",
+ .get = get_pci_host_devaddr,
+ .set = set_pci_host_devaddr,
+};
+
+/* --- support for array properties --- */
+
+/* Used as an opaque for the object properties we add for each
+ * array element. Note that the struct Property must be first
+ * in the struct so that a pointer to this works as the opaque
+ * for the underlying element's property hooks as well as for
+ * our own release callback.
+ */
+typedef struct {
+ struct Property prop;
+ char *propname;
+ ObjectPropertyRelease *release;
+} ArrayElementProperty;
+
+/* object property release callback for array element properties:
+ * we call the underlying element's property release hook, and
+ * then free the memory we allocated when we added the property.
+ */
+static void array_element_release(Object *obj, const char *name, void *opaque)
+{
+ ArrayElementProperty *p = opaque;
+ if (p->release) {
+ p->release(obj, name, opaque);
+ }
+ g_free(p->propname);
+ g_free(p);
+}
+
+static void set_prop_arraylen(Object *obj, Visitor *v, void *opaque,
+ const char *name, Error **errp)
+{
+ /* Setter for the property which defines the length of a
+ * variable-sized property array. As well as actually setting the
+ * array-length field in the device struct, we have to create the
+ * array itself and dynamically add the corresponding properties.
+ */
+ DeviceState *dev = DEVICE(obj);
+ Property *prop = opaque;
+ uint32_t *alenptr = qdev_get_prop_ptr(dev, prop);
+ void **arrayptr = (void *)dev + prop->arrayoffset;
+ void *eltptr;
+ const char *arrayname;
+ int i;
+
+ if (dev->realized) {
+ qdev_prop_set_after_realize(dev, name, errp);
+ return;
+ }
+ if (*alenptr) {
+ error_setg(errp, "array size property %s may not be set more than once",
+ name);
+ return;
+ }
+ visit_type_uint32(v, alenptr, name, errp);
+ if (error_is_set(errp)) {
+ return;
+ }
+ if (!*alenptr) {
+ return;
+ }
+
+ /* DEFINE_PROP_ARRAY guarantees that name should start with this prefix;
+ * strip it off so we can get the name of the array itself.
+ */
+ assert(strncmp(name, PROP_ARRAY_LEN_PREFIX,
+ strlen(PROP_ARRAY_LEN_PREFIX)) == 0);
+ arrayname = name + strlen(PROP_ARRAY_LEN_PREFIX);
+
+ /* Note that it is the responsibility of the individual device's deinit
+ * to free the array proper.
+ */
+ *arrayptr = eltptr = g_malloc0(*alenptr * prop->arrayfieldsize);
+ for (i = 0; i < *alenptr; i++, eltptr += prop->arrayfieldsize) {
+ char *propname = g_strdup_printf("%s[%d]", arrayname, i);
+ ArrayElementProperty *arrayprop = g_new0(ArrayElementProperty, 1);
+ arrayprop->release = prop->arrayinfo->release;
+ arrayprop->propname = propname;
+ arrayprop->prop.info = prop->arrayinfo;
+ arrayprop->prop.name = propname;
+ /* This ugly piece of pointer arithmetic sets up the offset so
+ * that when the underlying get/set hooks call qdev_get_prop_ptr
+ * they get the right answer despite the array element not actually
+ * being inside the device struct.
+ */
+ arrayprop->prop.offset = eltptr - (void *)dev;
+ assert(qdev_get_prop_ptr(dev, &arrayprop->prop) == eltptr);
+ object_property_add(obj, propname,
+ arrayprop->prop.info->name,
+ arrayprop->prop.info->get,
+ arrayprop->prop.info->set,
+ array_element_release,
+ arrayprop, errp);
+ if (error_is_set(errp)) {
+ return;
+ }
+ }
+}
+
+PropertyInfo qdev_prop_arraylen = {
+ .name = "uint32",
+ .get = get_uint32,
+ .set = set_prop_arraylen,
+};
+
+/* --- public helpers --- */
+
+static Property *qdev_prop_walk(Property *props, const char *name)
+{
+ if (!props) {
+ return NULL;
+ }
+ while (props->name) {
+ if (strcmp(props->name, name) == 0) {
+ return props;
+ }
+ props++;
+ }
+ return NULL;
+}
+
+static Property *qdev_prop_find(DeviceState *dev, const char *name)
+{
+ ObjectClass *class;
+ Property *prop;
+
+ /* device properties */
+ class = object_get_class(OBJECT(dev));
+ do {
+ prop = qdev_prop_walk(DEVICE_CLASS(class)->props, name);
+ if (prop) {
+ return prop;
+ }
+ class = object_class_get_parent(class);
+ } while (class != object_class_by_name(TYPE_DEVICE));
+
+ return NULL;
+}
+
+void error_set_from_qdev_prop_error(Error **errp, int ret, DeviceState *dev,
+ Property *prop, const char *value)
+{
+ switch (ret) {
+ case -EEXIST:
+ error_set(errp, QERR_PROPERTY_VALUE_IN_USE,
+ object_get_typename(OBJECT(dev)), prop->name, value);
+ break;
+ default:
+ case -EINVAL:
+ error_set(errp, QERR_PROPERTY_VALUE_BAD,
+ object_get_typename(OBJECT(dev)), prop->name, value);
+ break;
+ case -ENOENT:
+ error_set(errp, QERR_PROPERTY_VALUE_NOT_FOUND,
+ object_get_typename(OBJECT(dev)), prop->name, value);
+ break;
+ case 0:
+ break;
+ }
+}
+
+void qdev_prop_parse(DeviceState *dev, const char *name, const char *value,
+ Error **errp)
+{
+ char *legacy_name;
+
+ legacy_name = g_strdup_printf("legacy-%s", name);
+ if (object_property_get_type(OBJECT(dev), legacy_name, NULL)) {
+ object_property_parse(OBJECT(dev), value, legacy_name, errp);
+ } else {
+ object_property_parse(OBJECT(dev), value, name, errp);
+ }
+ g_free(legacy_name);
+}
+
+void qdev_prop_set_bit(DeviceState *dev, const char *name, bool value)
+{
+ Error *errp = NULL;
+ object_property_set_bool(OBJECT(dev), value, name, &errp);
+ assert_no_error(errp);
+}
+
+void qdev_prop_set_uint8(DeviceState *dev, const char *name, uint8_t value)
+{
+ Error *errp = NULL;
+ object_property_set_int(OBJECT(dev), value, name, &errp);
+ assert_no_error(errp);
+}
+
+void qdev_prop_set_uint16(DeviceState *dev, const char *name, uint16_t value)
+{
+ Error *errp = NULL;
+ object_property_set_int(OBJECT(dev), value, name, &errp);
+ assert_no_error(errp);
+}
+
+void qdev_prop_set_uint32(DeviceState *dev, const char *name, uint32_t value)
+{
+ Error *errp = NULL;
+ object_property_set_int(OBJECT(dev), value, name, &errp);
+ assert_no_error(errp);
+}
+
+void qdev_prop_set_int32(DeviceState *dev, const char *name, int32_t value)
+{
+ Error *errp = NULL;
+ object_property_set_int(OBJECT(dev), value, name, &errp);
+ assert_no_error(errp);
+}
+
+void qdev_prop_set_uint64(DeviceState *dev, const char *name, uint64_t value)
+{
+ Error *errp = NULL;
+ object_property_set_int(OBJECT(dev), value, name, &errp);
+ assert_no_error(errp);
+}
+
+void qdev_prop_set_string(DeviceState *dev, const char *name, const char *value)
+{
+ Error *errp = NULL;
+ object_property_set_str(OBJECT(dev), value, name, &errp);
+ assert_no_error(errp);
+}
+
+void qdev_prop_set_macaddr(DeviceState *dev, const char *name, uint8_t *value)
+{
+ Error *errp = NULL;
+ char str[2 * 6 + 5 + 1];
+ snprintf(str, sizeof(str), "%02x:%02x:%02x:%02x:%02x:%02x",
+ value[0], value[1], value[2], value[3], value[4], value[5]);
+
+ object_property_set_str(OBJECT(dev), str, name, &errp);
+ assert_no_error(errp);
+}
+
+void qdev_prop_set_enum(DeviceState *dev, const char *name, int value)
+{
+ Property *prop;
+ Error *errp = NULL;
+
+ prop = qdev_prop_find(dev, name);
+ object_property_set_str(OBJECT(dev), prop->info->enum_table[value],
+ name, &errp);
+ assert_no_error(errp);
+}
+
+void qdev_prop_set_ptr(DeviceState *dev, const char *name, void *value)
+{
+ Property *prop;
+ void **ptr;
+
+ prop = qdev_prop_find(dev, name);
+ assert(prop && prop->info == &qdev_prop_ptr);
+ ptr = qdev_get_prop_ptr(dev, prop);
+ *ptr = value;
+}
+
+static QTAILQ_HEAD(, GlobalProperty) global_props =
+ QTAILQ_HEAD_INITIALIZER(global_props);
+
+void qdev_prop_register_global(GlobalProperty *prop)
+{
+ QTAILQ_INSERT_TAIL(&global_props, prop, next);
+}
+
+void qdev_prop_register_global_list(GlobalProperty *props)
+{
+ int i;
+
+ for (i = 0; props[i].driver != NULL; i++) {
+ qdev_prop_register_global(props+i);
+ }
+}
+
+void qdev_prop_set_globals_for_type(DeviceState *dev, const char *typename,
+ Error **errp)
+{
+ GlobalProperty *prop;
+
+ QTAILQ_FOREACH(prop, &global_props, next) {
+ Error *err = NULL;
+
+ if (strcmp(typename, prop->driver) != 0) {
+ continue;
+ }
+ qdev_prop_parse(dev, prop->property, prop->value, &err);
+ if (err != NULL) {
+ error_propagate(errp, err);
+ return;
+ }
+ }
+}
+
+void qdev_prop_set_globals(DeviceState *dev, Error **errp)
+{
+ ObjectClass *class = object_get_class(OBJECT(dev));
+
+ do {
+ Error *err = NULL;
+
+ qdev_prop_set_globals_for_type(dev, object_class_get_name(class),
+ &err);
+ if (err != NULL) {
+ error_propagate(errp, err);
+ return;
+ }
+ class = object_class_get_parent(class);
+ } while (class);
+}
+
+/* --- 64bit unsigned int 'size' type --- */
+
+static void get_size(Object *obj, Visitor *v, void *opaque,
+ const char *name, Error **errp)
+{
+ DeviceState *dev = DEVICE(obj);
+ Property *prop = opaque;
+ uint64_t *ptr = qdev_get_prop_ptr(dev, prop);
+
+ visit_type_size(v, ptr, name, errp);
+}
+
+static void set_size(Object *obj, Visitor *v, void *opaque,
+ const char *name, Error **errp)
+{
+ DeviceState *dev = DEVICE(obj);
+ Property *prop = opaque;
+ uint64_t *ptr = qdev_get_prop_ptr(dev, prop);
+
+ visit_type_size(v, ptr, name, errp);
+}
+
+static int parse_size(DeviceState *dev, Property *prop, const char *str)
+{
+ uint64_t *ptr = qdev_get_prop_ptr(dev, prop);
+ Error *errp = NULL;
+
+ if (str != NULL) {
+ parse_option_size(prop->name, str, ptr, &errp);
+ }
+ assert_no_error(errp);
+ return 0;
+}
+
+static int print_size(DeviceState *dev, Property *prop, char *dest, size_t len)
+{
+ static const char suffixes[] = { 'B', 'K', 'M', 'G', 'T' };
+ uint64_t div, val = *(uint64_t *)qdev_get_prop_ptr(dev, prop);
+ int i;
+
+ /* Compute floor(log2(val)). */
+ i = 64 - clz64(val);
+
+ /* Find the power of 1024 that we'll display as the units. */
+ i /= 10;
+ if (i >= ARRAY_SIZE(suffixes)) {
+ i = ARRAY_SIZE(suffixes) - 1;
+ }
+ div = 1ULL << (i * 10);
+
+ return snprintf(dest, len, "%0.03f%c", (double)val/div, suffixes[i]);
+}
+
+PropertyInfo qdev_prop_size = {
+ .name = "size",
+ .parse = parse_size,
+ .print = print_size,
+ .get = get_size,
+ .set = set_size,
+};
diff --git a/hw/core/qdev.c b/hw/core/qdev.c
new file mode 100644
index 000000000..9190a7ee7
--- /dev/null
+++ b/hw/core/qdev.c
@@ -0,0 +1,907 @@
+/*
+ * Dynamic device configuration and creation.
+ *
+ * Copyright (c) 2009 CodeSourcery
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+/* The theory here is that it should be possible to create a machine without
+ knowledge of specific devices. Historically board init routines have
+ passed a bunch of arguments to each device, requiring the board know
+ exactly which device it is dealing with. This file provides an abstract
+ API for device configuration and initialization. Devices will generally
+ inherit from a particular bus (e.g. PCI or I2C) rather than
+ this API directly. */
+
+#include "hw/qdev.h"
+#include "sysemu/sysemu.h"
+#include "qapi/error.h"
+#include "qapi/qmp/qerror.h"
+#include "qapi/visitor.h"
+#include "qapi/qmp/qjson.h"
+#include "monitor/monitor.h"
+
+int qdev_hotplug = 0;
+static bool qdev_hot_added = false;
+static bool qdev_hot_removed = false;
+
+const VMStateDescription *qdev_get_vmsd(DeviceState *dev)
+{
+ DeviceClass *dc = DEVICE_GET_CLASS(dev);
+ return dc->vmsd;
+}
+
+const char *qdev_fw_name(DeviceState *dev)
+{
+ DeviceClass *dc = DEVICE_GET_CLASS(dev);
+
+ if (dc->fw_name) {
+ return dc->fw_name;
+ }
+
+ return object_get_typename(OBJECT(dev));
+}
+
+static void qdev_property_add_legacy(DeviceState *dev, Property *prop,
+ Error **errp);
+
+static void bus_remove_child(BusState *bus, DeviceState *child)
+{
+ BusChild *kid;
+
+ QTAILQ_FOREACH(kid, &bus->children, sibling) {
+ if (kid->child == child) {
+ char name[32];
+
+ snprintf(name, sizeof(name), "child[%d]", kid->index);
+ QTAILQ_REMOVE(&bus->children, kid, sibling);
+
+ /* This gives back ownership of kid->child back to us. */
+ object_property_del(OBJECT(bus), name, NULL);
+ object_unref(OBJECT(kid->child));
+ g_free(kid);
+ return;
+ }
+ }
+}
+
+static void bus_add_child(BusState *bus, DeviceState *child)
+{
+ char name[32];
+ BusChild *kid = g_malloc0(sizeof(*kid));
+
+ if (qdev_hotplug) {
+ assert(bus->allow_hotplug);
+ }
+
+ kid->index = bus->max_index++;
+ kid->child = child;
+ object_ref(OBJECT(kid->child));
+
+ QTAILQ_INSERT_HEAD(&bus->children, kid, sibling);
+
+ /* This transfers ownership of kid->child to the property. */
+ snprintf(name, sizeof(name), "child[%d]", kid->index);
+ object_property_add_link(OBJECT(bus), name,
+ object_get_typename(OBJECT(child)),
+ (Object **)&kid->child,
+ NULL);
+}
+
+void qdev_set_parent_bus(DeviceState *dev, BusState *bus)
+{
+ dev->parent_bus = bus;
+ object_ref(OBJECT(bus));
+ bus_add_child(bus, dev);
+}
+
+/* Create a new device. This only initializes the device state structure
+ and allows properties to be set. qdev_init should be called to
+ initialize the actual device emulation. */
+DeviceState *qdev_create(BusState *bus, const char *name)
+{
+ DeviceState *dev;
+
+ dev = qdev_try_create(bus, name);
+ if (!dev) {
+ if (bus) {
+ error_report("Unknown device '%s' for bus '%s'", name,
+ object_get_typename(OBJECT(bus)));
+ } else {
+ error_report("Unknown device '%s' for default sysbus", name);
+ }
+ abort();
+ }
+
+ return dev;
+}
+
+DeviceState *qdev_try_create(BusState *bus, const char *type)
+{
+ DeviceState *dev;
+
+ if (object_class_by_name(type) == NULL) {
+ return NULL;
+ }
+ dev = DEVICE(object_new(type));
+ if (!dev) {
+ return NULL;
+ }
+
+ if (!bus) {
+ bus = sysbus_get_default();
+ }
+
+ qdev_set_parent_bus(dev, bus);
+ object_unref(OBJECT(dev));
+ return dev;
+}
+
+/* Initialize a device. Device properties should be set before calling
+ this function. IRQs and MMIO regions should be connected/mapped after
+ calling this function.
+ On failure, destroy the device and return negative value.
+ Return 0 on success. */
+int qdev_init(DeviceState *dev)
+{
+ Error *local_err = NULL;
+
+ assert(!dev->realized);
+
+ object_property_set_bool(OBJECT(dev), true, "realized", &local_err);
+ if (local_err != NULL) {
+ qerror_report_err(local_err);
+ error_free(local_err);
+ qdev_free(dev);
+ return -1;
+ }
+ return 0;
+}
+
+static void device_realize(DeviceState *dev, Error **err)
+{
+ DeviceClass *dc = DEVICE_GET_CLASS(dev);
+
+ if (dc->init) {
+ int rc = dc->init(dev);
+ if (rc < 0) {
+ error_setg(err, "Device initialization failed.");
+ return;
+ }
+ }
+}
+
+static void device_unrealize(DeviceState *dev, Error **errp)
+{
+ DeviceClass *dc = DEVICE_GET_CLASS(dev);
+
+ if (dc->exit) {
+ int rc = dc->exit(dev);
+ if (rc < 0) {
+ error_setg(errp, "Device exit failed.");
+ return;
+ }
+ }
+}
+
+void qdev_set_legacy_instance_id(DeviceState *dev, int alias_id,
+ int required_for_version)
+{
+ assert(!dev->realized);
+ dev->instance_id_alias = alias_id;
+ dev->alias_required_for_version = required_for_version;
+}
+
+void qdev_unplug(DeviceState *dev, Error **errp)
+{
+ DeviceClass *dc = DEVICE_GET_CLASS(dev);
+
+ if (dev->parent_bus && !dev->parent_bus->allow_hotplug) {
+ error_set(errp, QERR_BUS_NO_HOTPLUG, dev->parent_bus->name);
+ return;
+ }
+ assert(dc->unplug != NULL);
+
+ qdev_hot_removed = true;
+
+ if (dc->unplug(dev) < 0) {
+ error_set(errp, QERR_UNDEFINED_ERROR);
+ return;
+ }
+}
+
+static int qdev_reset_one(DeviceState *dev, void *opaque)
+{
+ device_reset(dev);
+
+ return 0;
+}
+
+static int qbus_reset_one(BusState *bus, void *opaque)
+{
+ BusClass *bc = BUS_GET_CLASS(bus);
+ if (bc->reset) {
+ return bc->reset(bus);
+ }
+ return 0;
+}
+
+void qdev_reset_all(DeviceState *dev)
+{
+ qdev_walk_children(dev, qdev_reset_one, qbus_reset_one, NULL);
+}
+
+void qbus_reset_all(BusState *bus)
+{
+ qbus_walk_children(bus, qdev_reset_one, qbus_reset_one, NULL);
+}
+
+void qbus_reset_all_fn(void *opaque)
+{
+ BusState *bus = opaque;
+ qbus_reset_all(bus);
+}
+
+/* can be used as ->unplug() callback for the simple cases */
+int qdev_simple_unplug_cb(DeviceState *dev)
+{
+ /* just zap it */
+ qdev_free(dev);
+ return 0;
+}
+
+
+/* Like qdev_init(), but terminate program via error_report() instead of
+ returning an error value. This is okay during machine creation.
+ Don't use for hotplug, because there callers need to recover from
+ failure. Exception: if you know the device's init() callback can't
+ fail, then qdev_init_nofail() can't fail either, and is therefore
+ usable even then. But relying on the device implementation that
+ way is somewhat unclean, and best avoided. */
+void qdev_init_nofail(DeviceState *dev)
+{
+ const char *typename = object_get_typename(OBJECT(dev));
+
+ if (qdev_init(dev) < 0) {
+ error_report("Initialization of device %s failed", typename);
+ exit(1);
+ }
+}
+
+/* Unlink device from bus and free the structure. */
+void qdev_free(DeviceState *dev)
+{
+ object_unparent(OBJECT(dev));
+}
+
+void qdev_machine_creation_done(void)
+{
+ /*
+ * ok, initial machine setup is done, starting from now we can
+ * only create hotpluggable devices
+ */
+ qdev_hotplug = 1;
+}
+
+bool qdev_machine_modified(void)
+{
+ return qdev_hot_added || qdev_hot_removed;
+}
+
+BusState *qdev_get_parent_bus(DeviceState *dev)
+{
+ return dev->parent_bus;
+}
+
+void qdev_init_gpio_in(DeviceState *dev, qemu_irq_handler handler, int n)
+{
+ dev->gpio_in = qemu_extend_irqs(dev->gpio_in, dev->num_gpio_in, handler,
+ dev, n);
+ dev->num_gpio_in += n;
+}
+
+void qdev_init_gpio_out(DeviceState *dev, qemu_irq *pins, int n)
+{
+ assert(dev->num_gpio_out == 0);
+ dev->num_gpio_out = n;
+ dev->gpio_out = pins;
+}
+
+qemu_irq qdev_get_gpio_in(DeviceState *dev, int n)
+{
+ assert(n >= 0 && n < dev->num_gpio_in);
+ return dev->gpio_in[n];
+}
+
+void qdev_connect_gpio_out(DeviceState * dev, int n, qemu_irq pin)
+{
+ assert(n >= 0 && n < dev->num_gpio_out);
+ dev->gpio_out[n] = pin;
+}
+
+BusState *qdev_get_child_bus(DeviceState *dev, const char *name)
+{
+ BusState *bus;
+
+ QLIST_FOREACH(bus, &dev->child_bus, sibling) {
+ if (strcmp(name, bus->name) == 0) {
+ return bus;
+ }
+ }
+ return NULL;
+}
+
+int qbus_walk_children(BusState *bus, qdev_walkerfn *devfn,
+ qbus_walkerfn *busfn, void *opaque)
+{
+ BusChild *kid;
+ int err;
+
+ if (busfn) {
+ err = busfn(bus, opaque);
+ if (err) {
+ return err;
+ }
+ }
+
+ QTAILQ_FOREACH(kid, &bus->children, sibling) {
+ err = qdev_walk_children(kid->child, devfn, busfn, opaque);
+ if (err < 0) {
+ return err;
+ }
+ }
+
+ return 0;
+}
+
+int qdev_walk_children(DeviceState *dev, qdev_walkerfn *devfn,
+ qbus_walkerfn *busfn, void *opaque)
+{
+ BusState *bus;
+ int err;
+
+ if (devfn) {
+ err = devfn(dev, opaque);
+ if (err) {
+ return err;
+ }
+ }
+
+ QLIST_FOREACH(bus, &dev->child_bus, sibling) {
+ err = qbus_walk_children(bus, devfn, busfn, opaque);
+ if (err < 0) {
+ return err;
+ }
+ }
+
+ return 0;
+}
+
+DeviceState *qdev_find_recursive(BusState *bus, const char *id)
+{
+ BusChild *kid;
+ DeviceState *ret;
+ BusState *child;
+
+ QTAILQ_FOREACH(kid, &bus->children, sibling) {
+ DeviceState *dev = kid->child;
+
+ if (dev->id && strcmp(dev->id, id) == 0) {
+ return dev;
+ }
+
+ QLIST_FOREACH(child, &dev->child_bus, sibling) {
+ ret = qdev_find_recursive(child, id);
+ if (ret) {
+ return ret;
+ }
+ }
+ }
+ return NULL;
+}
+
+static void qbus_realize(BusState *bus, DeviceState *parent, const char *name)
+{
+ const char *typename = object_get_typename(OBJECT(bus));
+ char *buf;
+ int i,len;
+
+ bus->parent = parent;
+
+ if (name) {
+ bus->name = g_strdup(name);
+ } else if (bus->parent && bus->parent->id) {
+ /* parent device has id -> use it for bus name */
+ len = strlen(bus->parent->id) + 16;
+ buf = g_malloc(len);
+ snprintf(buf, len, "%s.%d", bus->parent->id, bus->parent->num_child_bus);
+ bus->name = buf;
+ } else {
+ /* no id -> use lowercase bus type for bus name */
+ len = strlen(typename) + 16;
+ buf = g_malloc(len);
+ len = snprintf(buf, len, "%s.%d", typename,
+ bus->parent ? bus->parent->num_child_bus : 0);
+ for (i = 0; i < len; i++)
+ buf[i] = qemu_tolower(buf[i]);
+ bus->name = buf;
+ }
+
+ if (bus->parent) {
+ QLIST_INSERT_HEAD(&bus->parent->child_bus, bus, sibling);
+ bus->parent->num_child_bus++;
+ object_property_add_child(OBJECT(bus->parent), bus->name, OBJECT(bus), NULL);
+ object_unref(OBJECT(bus));
+ } else if (bus != sysbus_get_default()) {
+ /* TODO: once all bus devices are qdevified,
+ only reset handler for main_system_bus should be registered here. */
+ qemu_register_reset(qbus_reset_all_fn, bus);
+ }
+}
+
+static void bus_unparent(Object *obj)
+{
+ BusState *bus = BUS(obj);
+ BusChild *kid;
+
+ while ((kid = QTAILQ_FIRST(&bus->children)) != NULL) {
+ DeviceState *dev = kid->child;
+ qdev_free(dev);
+ }
+ if (bus->parent) {
+ QLIST_REMOVE(bus, sibling);
+ bus->parent->num_child_bus--;
+ bus->parent = NULL;
+ } else {
+ assert(bus != sysbus_get_default()); /* main_system_bus is never freed */
+ qemu_unregister_reset(qbus_reset_all_fn, bus);
+ }
+}
+
+void qbus_create_inplace(void *bus, const char *typename,
+ DeviceState *parent, const char *name)
+{
+ object_initialize(bus, typename);
+ qbus_realize(bus, parent, name);
+}
+
+BusState *qbus_create(const char *typename, DeviceState *parent, const char *name)
+{
+ BusState *bus;
+
+ bus = BUS(object_new(typename));
+ qbus_realize(bus, parent, name);
+
+ return bus;
+}
+
+void qbus_free(BusState *bus)
+{
+ object_unparent(OBJECT(bus));
+}
+
+static char *bus_get_fw_dev_path(BusState *bus, DeviceState *dev)
+{
+ BusClass *bc = BUS_GET_CLASS(bus);
+
+ if (bc->get_fw_dev_path) {
+ return bc->get_fw_dev_path(dev);
+ }
+
+ return NULL;
+}
+
+static int qdev_get_fw_dev_path_helper(DeviceState *dev, char *p, int size)
+{
+ int l = 0;
+
+ if (dev && dev->parent_bus) {
+ char *d;
+ l = qdev_get_fw_dev_path_helper(dev->parent_bus->parent, p, size);
+ d = bus_get_fw_dev_path(dev->parent_bus, dev);
+ if (d) {
+ l += snprintf(p + l, size - l, "%s", d);
+ g_free(d);
+ } else {
+ return l;
+ }
+ }
+ l += snprintf(p + l , size - l, "/");
+
+ return l;
+}
+
+char* qdev_get_fw_dev_path(DeviceState *dev)
+{
+ char path[128];
+ int l;
+
+ l = qdev_get_fw_dev_path_helper(dev, path, 128);
+
+ path[l-1] = '\0';
+
+ return g_strdup(path);
+}
+
+char *qdev_get_dev_path(DeviceState *dev)
+{
+ BusClass *bc;
+
+ if (!dev || !dev->parent_bus) {
+ return NULL;
+ }
+
+ bc = BUS_GET_CLASS(dev->parent_bus);
+ if (bc->get_dev_path) {
+ return bc->get_dev_path(dev);
+ }
+
+ return NULL;
+}
+
+/**
+ * Legacy property handling
+ */
+
+static void qdev_get_legacy_property(Object *obj, Visitor *v, void *opaque,
+ const char *name, Error **errp)
+{
+ DeviceState *dev = DEVICE(obj);
+ Property *prop = opaque;
+
+ char buffer[1024];
+ char *ptr = buffer;
+
+ prop->info->print(dev, prop, buffer, sizeof(buffer));
+ visit_type_str(v, &ptr, name, errp);
+}
+
+static void qdev_set_legacy_property(Object *obj, Visitor *v, void *opaque,
+ const char *name, Error **errp)
+{
+ DeviceState *dev = DEVICE(obj);
+ Property *prop = opaque;
+ Error *local_err = NULL;
+ char *ptr = NULL;
+ int ret;
+
+ if (dev->realized) {
+ qdev_prop_set_after_realize(dev, name, errp);
+ return;
+ }
+
+ visit_type_str(v, &ptr, name, &local_err);
+ if (local_err) {
+ error_propagate(errp, local_err);
+ return;
+ }
+
+ ret = prop->info->parse(dev, prop, ptr);
+ error_set_from_qdev_prop_error(errp, ret, dev, prop, ptr);
+ g_free(ptr);
+}
+
+/**
+ * @qdev_add_legacy_property - adds a legacy property
+ *
+ * Do not use this is new code! Properties added through this interface will
+ * be given names and types in the "legacy" namespace.
+ *
+ * Legacy properties are string versions of other OOM properties. The format
+ * of the string depends on the property type.
+ */
+void qdev_property_add_legacy(DeviceState *dev, Property *prop,
+ Error **errp)
+{
+ gchar *name, *type;
+
+ /* Register pointer properties as legacy properties */
+ if (!prop->info->print && !prop->info->parse &&
+ (prop->info->set || prop->info->get)) {
+ return;
+ }
+
+ name = g_strdup_printf("legacy-%s", prop->name);
+ type = g_strdup_printf("legacy<%s>",
+ prop->info->legacy_name ?: prop->info->name);
+
+ object_property_add(OBJECT(dev), name, type,
+ prop->info->print ? qdev_get_legacy_property : prop->info->get,
+ prop->info->parse ? qdev_set_legacy_property : prop->info->set,
+ NULL,
+ prop, errp);
+
+ g_free(type);
+ g_free(name);
+}
+
+/**
+ * @qdev_property_add_static - add a @Property to a device.
+ *
+ * Static properties access data in a struct. The actual type of the
+ * property and the field depends on the property type.
+ */
+void qdev_property_add_static(DeviceState *dev, Property *prop,
+ Error **errp)
+{
+ Error *local_err = NULL;
+ Object *obj = OBJECT(dev);
+
+ /*
+ * TODO qdev_prop_ptr does not have getters or setters. It must
+ * go now that it can be replaced with links. The test should be
+ * removed along with it: all static properties are read/write.
+ */
+ if (!prop->info->get && !prop->info->set) {
+ return;
+ }
+
+ object_property_add(obj, prop->name, prop->info->name,
+ prop->info->get, prop->info->set,
+ prop->info->release,
+ prop, &local_err);
+
+ if (local_err) {
+ error_propagate(errp, local_err);
+ return;
+ }
+ if (prop->qtype == QTYPE_NONE) {
+ return;
+ }
+
+ if (prop->qtype == QTYPE_QBOOL) {
+ object_property_set_bool(obj, prop->defval, prop->name, &local_err);
+ } else if (prop->info->enum_table) {
+ object_property_set_str(obj, prop->info->enum_table[prop->defval],
+ prop->name, &local_err);
+ } else if (prop->qtype == QTYPE_QINT) {
+ object_property_set_int(obj, prop->defval, prop->name, &local_err);
+ }
+ assert_no_error(local_err);
+}
+
+static bool device_get_realized(Object *obj, Error **err)
+{
+ DeviceState *dev = DEVICE(obj);
+ return dev->realized;
+}
+
+static void device_set_realized(Object *obj, bool value, Error **err)
+{
+ DeviceState *dev = DEVICE(obj);
+ DeviceClass *dc = DEVICE_GET_CLASS(dev);
+ Error *local_err = NULL;
+
+ if (value && !dev->realized) {
+ if (!obj->parent && local_err == NULL) {
+ static int unattached_count;
+ gchar *name = g_strdup_printf("device[%d]", unattached_count++);
+
+ object_property_add_child(container_get(qdev_get_machine(),
+ "/unattached"),
+ name, obj, &local_err);
+ g_free(name);
+ }
+
+ if (dc->realize) {
+ dc->realize(dev, &local_err);
+ }
+
+ if (qdev_get_vmsd(dev) && local_err == NULL) {
+ vmstate_register_with_alias_id(dev, -1, qdev_get_vmsd(dev), dev,
+ dev->instance_id_alias,
+ dev->alias_required_for_version);
+ }
+ if (dev->hotplugged && local_err == NULL) {
+ device_reset(dev);
+ }
+ } else if (!value && dev->realized) {
+ if (qdev_get_vmsd(dev)) {
+ vmstate_unregister(dev, qdev_get_vmsd(dev), dev);
+ }
+ if (dc->unrealize) {
+ dc->unrealize(dev, &local_err);
+ }
+ }
+
+ if (local_err != NULL) {
+ error_propagate(err, local_err);
+ return;
+ }
+
+ dev->realized = value;
+}
+
+static void device_initfn(Object *obj)
+{
+ DeviceState *dev = DEVICE(obj);
+ ObjectClass *class;
+ Property *prop;
+ Error *err = NULL;
+
+ if (qdev_hotplug) {
+ dev->hotplugged = 1;
+ qdev_hot_added = true;
+ }
+
+ dev->instance_id_alias = -1;
+ dev->realized = false;
+
+ object_property_add_bool(obj, "realized",
+ device_get_realized, device_set_realized, NULL);
+
+ class = object_get_class(OBJECT(dev));
+ do {
+ for (prop = DEVICE_CLASS(class)->props; prop && prop->name; prop++) {
+ qdev_property_add_legacy(dev, prop, &err);
+ assert_no_error(err);
+ qdev_property_add_static(dev, prop, &err);
+ assert_no_error(err);
+ }
+ class = object_class_get_parent(class);
+ } while (class != object_class_by_name(TYPE_DEVICE));
+ qdev_prop_set_globals(dev, &err);
+ if (err != NULL) {
+ qerror_report_err(err);
+ error_free(err);
+ exit(1);
+ }
+
+ object_property_add_link(OBJECT(dev), "parent_bus", TYPE_BUS,
+ (Object **)&dev->parent_bus, &err);
+ assert_no_error(err);
+}
+
+/* Unlink device from bus and free the structure. */
+static void device_finalize(Object *obj)
+{
+ DeviceState *dev = DEVICE(obj);
+ if (dev->opts) {
+ qemu_opts_del(dev->opts);
+ }
+}
+
+static void device_class_base_init(ObjectClass *class, void *data)
+{
+ DeviceClass *klass = DEVICE_CLASS(class);
+
+ /* We explicitly look up properties in the superclasses,
+ * so do not propagate them to the subclasses.
+ */
+ klass->props = NULL;
+}
+
+static void device_unparent(Object *obj)
+{
+ DeviceState *dev = DEVICE(obj);
+ BusState *bus;
+ QObject *event_data;
+ bool have_realized = dev->realized;
+
+ while (dev->num_child_bus) {
+ bus = QLIST_FIRST(&dev->child_bus);
+ qbus_free(bus);
+ }
+ if (dev->realized) {
+ object_property_set_bool(obj, false, "realized", NULL);
+ }
+ if (dev->parent_bus) {
+ bus_remove_child(dev->parent_bus, dev);
+ object_unref(OBJECT(dev->parent_bus));
+ dev->parent_bus = NULL;
+ }
+
+ /* Only send event if the device had been completely realized */
+ if (have_realized) {
+ gchar *path = object_get_canonical_path(OBJECT(dev));
+
+ if (dev->id) {
+ event_data = qobject_from_jsonf("{ 'device': %s, 'path': %s }",
+ dev->id, path);
+ } else {
+ event_data = qobject_from_jsonf("{ 'path': %s }", path);
+ }
+ monitor_protocol_event(QEVENT_DEVICE_DELETED, event_data);
+ qobject_decref(event_data);
+ g_free(path);
+ }
+}
+
+static void device_class_init(ObjectClass *class, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(class);
+
+ class->unparent = device_unparent;
+ dc->realize = device_realize;
+ dc->unrealize = device_unrealize;
+}
+
+void device_reset(DeviceState *dev)
+{
+ DeviceClass *klass = DEVICE_GET_CLASS(dev);
+
+ if (klass->reset) {
+ klass->reset(dev);
+ }
+}
+
+Object *qdev_get_machine(void)
+{
+ static Object *dev;
+
+ if (dev == NULL) {
+ dev = container_get(object_get_root(), "/machine");
+ }
+
+ return dev;
+}
+
+static const TypeInfo device_type_info = {
+ .name = TYPE_DEVICE,
+ .parent = TYPE_OBJECT,
+ .instance_size = sizeof(DeviceState),
+ .instance_init = device_initfn,
+ .instance_finalize = device_finalize,
+ .class_base_init = device_class_base_init,
+ .class_init = device_class_init,
+ .abstract = true,
+ .class_size = sizeof(DeviceClass),
+};
+
+static void qbus_initfn(Object *obj)
+{
+ BusState *bus = BUS(obj);
+
+ QTAILQ_INIT(&bus->children);
+}
+
+static char *default_bus_get_fw_dev_path(DeviceState *dev)
+{
+ return g_strdup(object_get_typename(OBJECT(dev)));
+}
+
+static void bus_class_init(ObjectClass *class, void *data)
+{
+ BusClass *bc = BUS_CLASS(class);
+
+ class->unparent = bus_unparent;
+ bc->get_fw_dev_path = default_bus_get_fw_dev_path;
+}
+
+static void qbus_finalize(Object *obj)
+{
+ BusState *bus = BUS(obj);
+
+ g_free((char *)bus->name);
+}
+
+static const TypeInfo bus_info = {
+ .name = TYPE_BUS,
+ .parent = TYPE_OBJECT,
+ .instance_size = sizeof(BusState),
+ .abstract = true,
+ .class_size = sizeof(BusClass),
+ .instance_init = qbus_initfn,
+ .instance_finalize = qbus_finalize,
+ .class_init = bus_class_init,
+};
+
+static void qdev_register_types(void)
+{
+ type_register_static(&bus_info);
+ type_register_static(&device_type_info);
+}
+
+type_init(qdev_register_types)
diff --git a/hw/core/stream.c b/hw/core/stream.c
new file mode 100644
index 000000000..e6a05a543
--- /dev/null
+++ b/hw/core/stream.c
@@ -0,0 +1,32 @@
+#include "hw/stream.h"
+
+size_t
+stream_push(StreamSlave *sink, uint8_t *buf, size_t len)
+{
+ StreamSlaveClass *k = STREAM_SLAVE_GET_CLASS(sink);
+
+ return k->push(sink, buf, len);
+}
+
+bool
+stream_can_push(StreamSlave *sink, StreamCanPushNotifyFn notify,
+ void *notify_opaque)
+{
+ StreamSlaveClass *k = STREAM_SLAVE_GET_CLASS(sink);
+
+ return k->can_push ? k->can_push(sink, notify, notify_opaque) : true;
+}
+
+static const TypeInfo stream_slave_info = {
+ .name = TYPE_STREAM_SLAVE,
+ .parent = TYPE_INTERFACE,
+ .class_size = sizeof(StreamSlaveClass),
+};
+
+
+static void stream_slave_register_types(void)
+{
+ type_register_static(&stream_slave_info);
+}
+
+type_init(stream_slave_register_types)
diff --git a/hw/core/sysbus.c b/hw/core/sysbus.c
new file mode 100644
index 000000000..9004d8c54
--- /dev/null
+++ b/hw/core/sysbus.c
@@ -0,0 +1,301 @@
+/*
+ * System (CPU) Bus device support code
+ *
+ * Copyright (c) 2009 CodeSourcery
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "hw/sysbus.h"
+#include "monitor/monitor.h"
+#include "exec/address-spaces.h"
+
+static void sysbus_dev_print(Monitor *mon, DeviceState *dev, int indent);
+static char *sysbus_get_fw_dev_path(DeviceState *dev);
+
+static void system_bus_class_init(ObjectClass *klass, void *data)
+{
+ BusClass *k = BUS_CLASS(klass);
+
+ k->print_dev = sysbus_dev_print;
+ k->get_fw_dev_path = sysbus_get_fw_dev_path;
+}
+
+static const TypeInfo system_bus_info = {
+ .name = TYPE_SYSTEM_BUS,
+ .parent = TYPE_BUS,
+ .instance_size = sizeof(BusState),
+ .class_init = system_bus_class_init,
+};
+
+void sysbus_connect_irq(SysBusDevice *dev, int n, qemu_irq irq)
+{
+ assert(n >= 0 && n < dev->num_irq);
+ dev->irqs[n] = NULL;
+ if (dev->irqp[n]) {
+ *dev->irqp[n] = irq;
+ }
+}
+
+static void sysbus_mmio_map_common(SysBusDevice *dev, int n, hwaddr addr,
+ bool may_overlap, unsigned priority)
+{
+ assert(n >= 0 && n < dev->num_mmio);
+
+ if (dev->mmio[n].addr == addr) {
+ /* ??? region already mapped here. */
+ return;
+ }
+ if (dev->mmio[n].addr != (hwaddr)-1) {
+ /* Unregister previous mapping. */
+ memory_region_del_subregion(get_system_memory(), dev->mmio[n].memory);
+ }
+ dev->mmio[n].addr = addr;
+ if (may_overlap) {
+ memory_region_add_subregion_overlap(get_system_memory(),
+ addr,
+ dev->mmio[n].memory,
+ priority);
+ }
+ else {
+ memory_region_add_subregion(get_system_memory(),
+ addr,
+ dev->mmio[n].memory);
+ }
+}
+
+void sysbus_mmio_map(SysBusDevice *dev, int n, hwaddr addr)
+{
+ sysbus_mmio_map_common(dev, n, addr, false, 0);
+}
+
+void sysbus_mmio_map_overlap(SysBusDevice *dev, int n, hwaddr addr,
+ unsigned priority)
+{
+ sysbus_mmio_map_common(dev, n, addr, true, priority);
+}
+
+/* Request an IRQ source. The actual IRQ object may be populated later. */
+void sysbus_init_irq(SysBusDevice *dev, qemu_irq *p)
+{
+ int n;
+
+ assert(dev->num_irq < QDEV_MAX_IRQ);
+ n = dev->num_irq++;
+ dev->irqp[n] = p;
+}
+
+/* Pass IRQs from a target device. */
+void sysbus_pass_irq(SysBusDevice *dev, SysBusDevice *target)
+{
+ int i;
+ assert(dev->num_irq == 0);
+ dev->num_irq = target->num_irq;
+ for (i = 0; i < dev->num_irq; i++) {
+ dev->irqp[i] = target->irqp[i];
+ }
+}
+
+void sysbus_init_mmio(SysBusDevice *dev, MemoryRegion *memory)
+{
+ int n;
+
+ assert(dev->num_mmio < QDEV_MAX_MMIO);
+ n = dev->num_mmio++;
+ dev->mmio[n].addr = -1;
+ dev->mmio[n].memory = memory;
+}
+
+MemoryRegion *sysbus_mmio_get_region(SysBusDevice *dev, int n)
+{
+ return dev->mmio[n].memory;
+}
+
+void sysbus_init_ioports(SysBusDevice *dev, pio_addr_t ioport, pio_addr_t size)
+{
+ pio_addr_t i;
+
+ for (i = 0; i < size; i++) {
+ assert(dev->num_pio < QDEV_MAX_PIO);
+ dev->pio[dev->num_pio++] = ioport++;
+ }
+}
+
+static int sysbus_device_init(DeviceState *dev)
+{
+ SysBusDevice *sd = SYS_BUS_DEVICE(dev);
+ SysBusDeviceClass *sbc = SYS_BUS_DEVICE_GET_CLASS(sd);
+
+ if (!sbc->init) {
+ return 0;
+ }
+ return sbc->init(sd);
+}
+
+DeviceState *sysbus_create_varargs(const char *name,
+ hwaddr addr, ...)
+{
+ DeviceState *dev;
+ SysBusDevice *s;
+ va_list va;
+ qemu_irq irq;
+ int n;
+
+ dev = qdev_create(NULL, name);
+ s = SYS_BUS_DEVICE(dev);
+ qdev_init_nofail(dev);
+ if (addr != (hwaddr)-1) {
+ sysbus_mmio_map(s, 0, addr);
+ }
+ va_start(va, addr);
+ n = 0;
+ while (1) {
+ irq = va_arg(va, qemu_irq);
+ if (!irq) {
+ break;
+ }
+ sysbus_connect_irq(s, n, irq);
+ n++;
+ }
+ va_end(va);
+ return dev;
+}
+
+DeviceState *sysbus_try_create_varargs(const char *name,
+ hwaddr addr, ...)
+{
+ DeviceState *dev;
+ SysBusDevice *s;
+ va_list va;
+ qemu_irq irq;
+ int n;
+
+ dev = qdev_try_create(NULL, name);
+ if (!dev) {
+ return NULL;
+ }
+ s = SYS_BUS_DEVICE(dev);
+ qdev_init_nofail(dev);
+ if (addr != (hwaddr)-1) {
+ sysbus_mmio_map(s, 0, addr);
+ }
+ va_start(va, addr);
+ n = 0;
+ while (1) {
+ irq = va_arg(va, qemu_irq);
+ if (!irq) {
+ break;
+ }
+ sysbus_connect_irq(s, n, irq);
+ n++;
+ }
+ va_end(va);
+ return dev;
+}
+
+static void sysbus_dev_print(Monitor *mon, DeviceState *dev, int indent)
+{
+ SysBusDevice *s = SYS_BUS_DEVICE(dev);
+ hwaddr size;
+ int i;
+
+ monitor_printf(mon, "%*sirq %d\n", indent, "", s->num_irq);
+ for (i = 0; i < s->num_mmio; i++) {
+ size = memory_region_size(s->mmio[i].memory);
+ monitor_printf(mon, "%*smmio " TARGET_FMT_plx "/" TARGET_FMT_plx "\n",
+ indent, "", s->mmio[i].addr, size);
+ }
+}
+
+static char *sysbus_get_fw_dev_path(DeviceState *dev)
+{
+ SysBusDevice *s = SYS_BUS_DEVICE(dev);
+ char path[40];
+ int off;
+
+ off = snprintf(path, sizeof(path), "%s", qdev_fw_name(dev));
+
+ if (s->num_mmio) {
+ snprintf(path + off, sizeof(path) - off, "@"TARGET_FMT_plx,
+ s->mmio[0].addr);
+ } else if (s->num_pio) {
+ snprintf(path + off, sizeof(path) - off, "@i%04x", s->pio[0]);
+ }
+
+ return g_strdup(path);
+}
+
+void sysbus_add_io(SysBusDevice *dev, hwaddr addr,
+ MemoryRegion *mem)
+{
+ memory_region_add_subregion(get_system_io(), addr, mem);
+}
+
+void sysbus_del_io(SysBusDevice *dev, MemoryRegion *mem)
+{
+ memory_region_del_subregion(get_system_io(), mem);
+}
+
+MemoryRegion *sysbus_address_space(SysBusDevice *dev)
+{
+ return get_system_memory();
+}
+
+static void sysbus_device_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *k = DEVICE_CLASS(klass);
+ k->init = sysbus_device_init;
+ k->bus_type = TYPE_SYSTEM_BUS;
+}
+
+static const TypeInfo sysbus_device_type_info = {
+ .name = TYPE_SYS_BUS_DEVICE,
+ .parent = TYPE_DEVICE,
+ .instance_size = sizeof(SysBusDevice),
+ .abstract = true,
+ .class_size = sizeof(SysBusDeviceClass),
+ .class_init = sysbus_device_class_init,
+};
+
+/* This is a nasty hack to allow passing a NULL bus to qdev_create. */
+static BusState *main_system_bus;
+
+static void main_system_bus_create(void)
+{
+ /* assign main_system_bus before qbus_create_inplace()
+ * in order to make "if (bus != sysbus_get_default())" work */
+ main_system_bus = g_malloc0(system_bus_info.instance_size);
+ qbus_create_inplace(main_system_bus, TYPE_SYSTEM_BUS, NULL,
+ "main-system-bus");
+ OBJECT(main_system_bus)->free = g_free;
+ object_property_add_child(container_get(qdev_get_machine(),
+ "/unattached"),
+ "sysbus", OBJECT(main_system_bus), NULL);
+}
+
+BusState *sysbus_get_default(void)
+{
+ if (!main_system_bus) {
+ main_system_bus_create();
+ }
+ return main_system_bus;
+}
+
+static void sysbus_register_types(void)
+{
+ type_register_static(&system_bus_info);
+ type_register_static(&sysbus_device_type_info);
+}
+
+type_init(sysbus_register_types)
diff --git a/hw/core/uboot_image.h b/hw/core/uboot_image.h
new file mode 100644
index 000000000..9fc2760b5
--- /dev/null
+++ b/hw/core/uboot_image.h
@@ -0,0 +1,158 @@
+/*
+ * (C) Copyright 2000-2005
+ * Wolfgang Denk, DENX Software Engineering, wd@denx.de.
+ *
+ * See file CREDITS for list of people who contributed to this
+ * project.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License as
+ * published by the Free Software Foundation; either version 2 of
+ * the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, see <http://www.gnu.org/licenses/>.
+ *
+ ********************************************************************
+ * NOTE: This header file defines an interface to U-Boot. Including
+ * this (unmodified) header file in another file is considered normal
+ * use of U-Boot, and does *not* fall under the heading of "derived
+ * work".
+ ********************************************************************
+ */
+
+#ifndef __UBOOT_IMAGE_H__
+#define __UBOOT_IMAGE_H__
+
+/*
+ * Operating System Codes
+ */
+#define IH_OS_INVALID 0 /* Invalid OS */
+#define IH_OS_OPENBSD 1 /* OpenBSD */
+#define IH_OS_NETBSD 2 /* NetBSD */
+#define IH_OS_FREEBSD 3 /* FreeBSD */
+#define IH_OS_4_4BSD 4 /* 4.4BSD */
+#define IH_OS_LINUX 5 /* Linux */
+#define IH_OS_SVR4 6 /* SVR4 */
+#define IH_OS_ESIX 7 /* Esix */
+#define IH_OS_SOLARIS 8 /* Solaris */
+#define IH_OS_IRIX 9 /* Irix */
+#define IH_OS_SCO 10 /* SCO */
+#define IH_OS_DELL 11 /* Dell */
+#define IH_OS_NCR 12 /* NCR */
+#define IH_OS_LYNXOS 13 /* LynxOS */
+#define IH_OS_VXWORKS 14 /* VxWorks */
+#define IH_OS_PSOS 15 /* pSOS */
+#define IH_OS_QNX 16 /* QNX */
+#define IH_OS_U_BOOT 17 /* Firmware */
+#define IH_OS_RTEMS 18 /* RTEMS */
+#define IH_OS_ARTOS 19 /* ARTOS */
+#define IH_OS_UNITY 20 /* Unity OS */
+
+/*
+ * CPU Architecture Codes (supported by Linux)
+ */
+#define IH_CPU_INVALID 0 /* Invalid CPU */
+#define IH_CPU_ALPHA 1 /* Alpha */
+#define IH_CPU_ARM 2 /* ARM */
+#define IH_CPU_I386 3 /* Intel x86 */
+#define IH_CPU_IA64 4 /* IA64 */
+#define IH_CPU_MIPS 5 /* MIPS */
+#define IH_CPU_MIPS64 6 /* MIPS 64 Bit */
+#define IH_CPU_PPC 7 /* PowerPC */
+#define IH_CPU_S390 8 /* IBM S390 */
+#define IH_CPU_SH 9 /* SuperH */
+#define IH_CPU_SPARC 10 /* Sparc */
+#define IH_CPU_SPARC64 11 /* Sparc 64 Bit */
+#define IH_CPU_M68K 12 /* M68K */
+#define IH_CPU_NIOS 13 /* Nios-32 */
+#define IH_CPU_MICROBLAZE 14 /* MicroBlaze */
+#define IH_CPU_NIOS2 15 /* Nios-II */
+#define IH_CPU_BLACKFIN 16 /* Blackfin */
+#define IH_CPU_AVR32 17 /* AVR32 */
+
+/*
+ * Image Types
+ *
+ * "Standalone Programs" are directly runnable in the environment
+ * provided by U-Boot; it is expected that (if they behave
+ * well) you can continue to work in U-Boot after return from
+ * the Standalone Program.
+ * "OS Kernel Images" are usually images of some Embedded OS which
+ * will take over control completely. Usually these programs
+ * will install their own set of exception handlers, device
+ * drivers, set up the MMU, etc. - this means, that you cannot
+ * expect to re-enter U-Boot except by resetting the CPU.
+ * "RAMDisk Images" are more or less just data blocks, and their
+ * parameters (address, size) are passed to an OS kernel that is
+ * being started.
+ * "Multi-File Images" contain several images, typically an OS
+ * (Linux) kernel image and one or more data images like
+ * RAMDisks. This construct is useful for instance when you want
+ * to boot over the network using BOOTP etc., where the boot
+ * server provides just a single image file, but you want to get
+ * for instance an OS kernel and a RAMDisk image.
+ *
+ * "Multi-File Images" start with a list of image sizes, each
+ * image size (in bytes) specified by an "uint32_t" in network
+ * byte order. This list is terminated by an "(uint32_t)0".
+ * Immediately after the terminating 0 follow the images, one by
+ * one, all aligned on "uint32_t" boundaries (size rounded up to
+ * a multiple of 4 bytes - except for the last file).
+ *
+ * "Firmware Images" are binary images containing firmware (like
+ * U-Boot or FPGA images) which usually will be programmed to
+ * flash memory.
+ *
+ * "Script files" are command sequences that will be executed by
+ * U-Boot's command interpreter; this feature is especially
+ * useful when you configure U-Boot to use a real shell (hush)
+ * as command interpreter (=> Shell Scripts).
+ */
+
+#define IH_TYPE_INVALID 0 /* Invalid Image */
+#define IH_TYPE_STANDALONE 1 /* Standalone Program */
+#define IH_TYPE_KERNEL 2 /* OS Kernel Image */
+#define IH_TYPE_RAMDISK 3 /* RAMDisk Image */
+#define IH_TYPE_MULTI 4 /* Multi-File Image */
+#define IH_TYPE_FIRMWARE 5 /* Firmware Image */
+#define IH_TYPE_SCRIPT 6 /* Script file */
+#define IH_TYPE_FILESYSTEM 7 /* Filesystem Image (any type) */
+#define IH_TYPE_FLATDT 8 /* Binary Flat Device Tree Blob */
+
+/*
+ * Compression Types
+ */
+#define IH_COMP_NONE 0 /* No Compression Used */
+#define IH_COMP_GZIP 1 /* gzip Compression Used */
+#define IH_COMP_BZIP2 2 /* bzip2 Compression Used */
+
+#define IH_MAGIC 0x27051956 /* Image Magic Number */
+#define IH_NMLEN 32 /* Image Name Length */
+
+/*
+ * all data in network byte order (aka natural aka bigendian)
+ */
+
+typedef struct uboot_image_header {
+ uint32_t ih_magic; /* Image Header Magic Number */
+ uint32_t ih_hcrc; /* Image Header CRC Checksum */
+ uint32_t ih_time; /* Image Creation Timestamp */
+ uint32_t ih_size; /* Image Data Size */
+ uint32_t ih_load; /* Data Load Address */
+ uint32_t ih_ep; /* Entry Point Address */
+ uint32_t ih_dcrc; /* Image Data CRC Checksum */
+ uint8_t ih_os; /* Operating System */
+ uint8_t ih_arch; /* CPU architecture */
+ uint8_t ih_type; /* Image Type */
+ uint8_t ih_comp; /* Compression Type */
+ uint8_t ih_name[IH_NMLEN]; /* Image Name */
+} uboot_image_header_t;
+
+
+#endif /* __IMAGE_H__ */
diff --git a/hw/cpu/Makefile.objs b/hw/cpu/Makefile.objs
new file mode 100644
index 000000000..4461eceee
--- /dev/null
+++ b/hw/cpu/Makefile.objs
@@ -0,0 +1,5 @@
+obj-$(CONFIG_ARM11MPCORE) += arm11mpcore.o
+obj-$(CONFIG_ARM9MPCORE) += a9mpcore.o
+obj-$(CONFIG_ARM15MPCORE) += a15mpcore.o
+obj-$(CONFIG_ICC_BUS) += icc_bus.o
+
diff --git a/hw/cpu/a15mpcore.c b/hw/cpu/a15mpcore.c
new file mode 100644
index 000000000..4f3796443
--- /dev/null
+++ b/hw/cpu/a15mpcore.c
@@ -0,0 +1,122 @@
+/*
+ * Cortex-A15MPCore internal peripheral emulation.
+ *
+ * Copyright (c) 2012 Linaro Limited.
+ * Written by Peter Maydell.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "hw/sysbus.h"
+#include "sysemu/kvm.h"
+
+/* A15MP private memory region. */
+
+#define TYPE_A15MPCORE_PRIV "a15mpcore_priv"
+#define A15MPCORE_PRIV(obj) \
+ OBJECT_CHECK(A15MPPrivState, (obj), TYPE_A15MPCORE_PRIV)
+
+typedef struct A15MPPrivState {
+ /*< private >*/
+ SysBusDevice parent_obj;
+ /*< public >*/
+
+ uint32_t num_cpu;
+ uint32_t num_irq;
+ MemoryRegion container;
+ DeviceState *gic;
+} A15MPPrivState;
+
+static void a15mp_priv_set_irq(void *opaque, int irq, int level)
+{
+ A15MPPrivState *s = (A15MPPrivState *)opaque;
+ qemu_set_irq(qdev_get_gpio_in(s->gic, irq), level);
+}
+
+static int a15mp_priv_init(SysBusDevice *dev)
+{
+ A15MPPrivState *s = A15MPCORE_PRIV(dev);
+ SysBusDevice *busdev;
+ const char *gictype = "arm_gic";
+
+ if (kvm_irqchip_in_kernel()) {
+ gictype = "kvm-arm-gic";
+ }
+
+ s->gic = qdev_create(NULL, gictype);
+ qdev_prop_set_uint32(s->gic, "num-cpu", s->num_cpu);
+ qdev_prop_set_uint32(s->gic, "num-irq", s->num_irq);
+ qdev_prop_set_uint32(s->gic, "revision", 2);
+ qdev_init_nofail(s->gic);
+ busdev = SYS_BUS_DEVICE(s->gic);
+
+ /* Pass through outbound IRQ lines from the GIC */
+ sysbus_pass_irq(dev, busdev);
+
+ /* Pass through inbound GPIO lines to the GIC */
+ qdev_init_gpio_in(DEVICE(dev), a15mp_priv_set_irq, s->num_irq - 32);
+
+ /* Memory map (addresses are offsets from PERIPHBASE):
+ * 0x0000-0x0fff -- reserved
+ * 0x1000-0x1fff -- GIC Distributor
+ * 0x2000-0x2fff -- GIC CPU interface
+ * 0x4000-0x4fff -- GIC virtual interface control (not modelled)
+ * 0x5000-0x5fff -- GIC virtual interface control (not modelled)
+ * 0x6000-0x7fff -- GIC virtual CPU interface (not modelled)
+ */
+ memory_region_init(&s->container, OBJECT(s),
+ "a15mp-priv-container", 0x8000);
+ memory_region_add_subregion(&s->container, 0x1000,
+ sysbus_mmio_get_region(busdev, 0));
+ memory_region_add_subregion(&s->container, 0x2000,
+ sysbus_mmio_get_region(busdev, 1));
+
+ sysbus_init_mmio(dev, &s->container);
+ return 0;
+}
+
+static Property a15mp_priv_properties[] = {
+ DEFINE_PROP_UINT32("num-cpu", A15MPPrivState, num_cpu, 1),
+ /* The Cortex-A15MP may have anything from 0 to 224 external interrupt
+ * IRQ lines (with another 32 internal). We default to 128+32, which
+ * is the number provided by the Cortex-A15MP test chip in the
+ * Versatile Express A15 development board.
+ * Other boards may differ and should set this property appropriately.
+ */
+ DEFINE_PROP_UINT32("num-irq", A15MPPrivState, num_irq, 160),
+ DEFINE_PROP_END_OF_LIST(),
+};
+
+static void a15mp_priv_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
+ k->init = a15mp_priv_init;
+ dc->props = a15mp_priv_properties;
+ /* We currently have no savable state */
+}
+
+static const TypeInfo a15mp_priv_info = {
+ .name = TYPE_A15MPCORE_PRIV,
+ .parent = TYPE_SYS_BUS_DEVICE,
+ .instance_size = sizeof(A15MPPrivState),
+ .class_init = a15mp_priv_class_init,
+};
+
+static void a15mp_register_types(void)
+{
+ type_register_static(&a15mp_priv_info);
+}
+
+type_init(a15mp_register_types)
diff --git a/hw/cpu/a9mpcore.c b/hw/cpu/a9mpcore.c
new file mode 100644
index 000000000..3e675e394
--- /dev/null
+++ b/hw/cpu/a9mpcore.c
@@ -0,0 +1,145 @@
+/*
+ * Cortex-A9MPCore internal peripheral emulation.
+ *
+ * Copyright (c) 2009 CodeSourcery.
+ * Copyright (c) 2011 Linaro Limited.
+ * Written by Paul Brook, Peter Maydell.
+ *
+ * This code is licensed under the GPL.
+ */
+
+#include "hw/sysbus.h"
+
+#define TYPE_A9MPCORE_PRIV "a9mpcore_priv"
+#define A9MPCORE_PRIV(obj) \
+ OBJECT_CHECK(A9MPPrivState, (obj), TYPE_A9MPCORE_PRIV)
+
+typedef struct A9MPPrivState {
+ /*< private >*/
+ SysBusDevice parent_obj;
+ /*< public >*/
+
+ uint32_t num_cpu;
+ MemoryRegion container;
+ DeviceState *mptimer;
+ DeviceState *wdt;
+ DeviceState *gic;
+ DeviceState *scu;
+ uint32_t num_irq;
+} A9MPPrivState;
+
+static void a9mp_priv_set_irq(void *opaque, int irq, int level)
+{
+ A9MPPrivState *s = (A9MPPrivState *)opaque;
+ qemu_set_irq(qdev_get_gpio_in(s->gic, irq), level);
+}
+
+static int a9mp_priv_init(SysBusDevice *dev)
+{
+ A9MPPrivState *s = A9MPCORE_PRIV(dev);
+ SysBusDevice *timerbusdev, *wdtbusdev, *gicbusdev, *scubusdev;
+ int i;
+
+ s->gic = qdev_create(NULL, "arm_gic");
+ qdev_prop_set_uint32(s->gic, "num-cpu", s->num_cpu);
+ qdev_prop_set_uint32(s->gic, "num-irq", s->num_irq);
+ qdev_init_nofail(s->gic);
+ gicbusdev = SYS_BUS_DEVICE(s->gic);
+
+ /* Pass through outbound IRQ lines from the GIC */
+ sysbus_pass_irq(dev, gicbusdev);
+
+ /* Pass through inbound GPIO lines to the GIC */
+ qdev_init_gpio_in(DEVICE(dev), a9mp_priv_set_irq, s->num_irq - 32);
+
+ s->scu = qdev_create(NULL, "a9-scu");
+ qdev_prop_set_uint32(s->scu, "num-cpu", s->num_cpu);
+ qdev_init_nofail(s->scu);
+ scubusdev = SYS_BUS_DEVICE(s->scu);
+
+ s->mptimer = qdev_create(NULL, "arm_mptimer");
+ qdev_prop_set_uint32(s->mptimer, "num-cpu", s->num_cpu);
+ qdev_init_nofail(s->mptimer);
+ timerbusdev = SYS_BUS_DEVICE(s->mptimer);
+
+ s->wdt = qdev_create(NULL, "arm_mptimer");
+ qdev_prop_set_uint32(s->wdt, "num-cpu", s->num_cpu);
+ qdev_init_nofail(s->wdt);
+ wdtbusdev = SYS_BUS_DEVICE(s->wdt);
+
+ /* Memory map (addresses are offsets from PERIPHBASE):
+ * 0x0000-0x00ff -- Snoop Control Unit
+ * 0x0100-0x01ff -- GIC CPU interface
+ * 0x0200-0x02ff -- Global Timer
+ * 0x0300-0x05ff -- nothing
+ * 0x0600-0x06ff -- private timers and watchdogs
+ * 0x0700-0x0fff -- nothing
+ * 0x1000-0x1fff -- GIC Distributor
+ *
+ * We should implement the global timer but don't currently do so.
+ */
+ memory_region_init(&s->container, OBJECT(s), "a9mp-priv-container", 0x2000);
+ memory_region_add_subregion(&s->container, 0,
+ sysbus_mmio_get_region(scubusdev, 0));
+ /* GIC CPU interface */
+ memory_region_add_subregion(&s->container, 0x100,
+ sysbus_mmio_get_region(gicbusdev, 1));
+ /* Note that the A9 exposes only the "timer/watchdog for this core"
+ * memory region, not the "timer/watchdog for core X" ones 11MPcore has.
+ */
+ memory_region_add_subregion(&s->container, 0x600,
+ sysbus_mmio_get_region(timerbusdev, 0));
+ memory_region_add_subregion(&s->container, 0x620,
+ sysbus_mmio_get_region(wdtbusdev, 0));
+ memory_region_add_subregion(&s->container, 0x1000,
+ sysbus_mmio_get_region(gicbusdev, 0));
+
+ sysbus_init_mmio(dev, &s->container);
+
+ /* Wire up the interrupt from each watchdog and timer.
+ * For each core the timer is PPI 29 and the watchdog PPI 30.
+ */
+ for (i = 0; i < s->num_cpu; i++) {
+ int ppibase = (s->num_irq - 32) + i * 32;
+ sysbus_connect_irq(timerbusdev, i,
+ qdev_get_gpio_in(s->gic, ppibase + 29));
+ sysbus_connect_irq(wdtbusdev, i,
+ qdev_get_gpio_in(s->gic, ppibase + 30));
+ }
+ return 0;
+}
+
+static Property a9mp_priv_properties[] = {
+ DEFINE_PROP_UINT32("num-cpu", A9MPPrivState, num_cpu, 1),
+ /* The Cortex-A9MP may have anything from 0 to 224 external interrupt
+ * IRQ lines (with another 32 internal). We default to 64+32, which
+ * is the number provided by the Cortex-A9MP test chip in the
+ * Realview PBX-A9 and Versatile Express A9 development boards.
+ * Other boards may differ and should set this property appropriately.
+ */
+ DEFINE_PROP_UINT32("num-irq", A9MPPrivState, num_irq, 96),
+ DEFINE_PROP_END_OF_LIST(),
+};
+
+static void a9mp_priv_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
+
+ k->init = a9mp_priv_init;
+ dc->props = a9mp_priv_properties;
+}
+
+static const TypeInfo a9mp_priv_info = {
+ .name = TYPE_A9MPCORE_PRIV,
+ .parent = TYPE_SYS_BUS_DEVICE,
+ .instance_size = sizeof(A9MPPrivState),
+ .class_init = a9mp_priv_class_init,
+};
+
+static void a9mp_register_types(void)
+{
+ type_register_static(&a9mp_priv_info);
+}
+
+type_init(a9mp_register_types)
diff --git a/hw/cpu/arm11mpcore.c b/hw/cpu/arm11mpcore.c
new file mode 100644
index 000000000..a786c628d
--- /dev/null
+++ b/hw/cpu/arm11mpcore.c
@@ -0,0 +1,291 @@
+/*
+ * ARM11MPCore internal peripheral emulation.
+ *
+ * Copyright (c) 2006-2007 CodeSourcery.
+ * Written by Paul Brook
+ *
+ * This code is licensed under the GPL.
+ */
+
+#include "hw/sysbus.h"
+#include "qemu/timer.h"
+
+/* MPCore private memory region. */
+
+#define TYPE_ARM11MPCORE_PRIV "arm11mpcore_priv"
+#define ARM11MPCORE_PRIV(obj) \
+ OBJECT_CHECK(ARM11MPCorePriveState, (obj), TYPE_ARM11MPCORE_PRIV)
+
+typedef struct ARM11MPCorePriveState {
+ SysBusDevice parent_obj;
+
+ uint32_t scu_control;
+ int iomemtype;
+ uint32_t old_timer_status[8];
+ uint32_t num_cpu;
+ MemoryRegion iomem;
+ MemoryRegion container;
+ DeviceState *mptimer;
+ DeviceState *wdtimer;
+ DeviceState *gic;
+ uint32_t num_irq;
+} ARM11MPCorePriveState;
+
+/* Per-CPU private memory mapped IO. */
+
+static uint64_t mpcore_scu_read(void *opaque, hwaddr offset,
+ unsigned size)
+{
+ ARM11MPCorePriveState *s = (ARM11MPCorePriveState *)opaque;
+ int id;
+ /* SCU */
+ switch (offset) {
+ case 0x00: /* Control. */
+ return s->scu_control;
+ case 0x04: /* Configuration. */
+ id = ((1 << s->num_cpu) - 1) << 4;
+ return id | (s->num_cpu - 1);
+ case 0x08: /* CPU status. */
+ return 0;
+ case 0x0c: /* Invalidate all. */
+ return 0;
+ default:
+ qemu_log_mask(LOG_GUEST_ERROR,
+ "mpcore_priv_read: Bad offset %x\n", (int)offset);
+ return 0;
+ }
+}
+
+static void mpcore_scu_write(void *opaque, hwaddr offset,
+ uint64_t value, unsigned size)
+{
+ ARM11MPCorePriveState *s = (ARM11MPCorePriveState *)opaque;
+ /* SCU */
+ switch (offset) {
+ case 0: /* Control register. */
+ s->scu_control = value & 1;
+ break;
+ case 0x0c: /* Invalidate all. */
+ /* This is a no-op as cache is not emulated. */
+ break;
+ default:
+ qemu_log_mask(LOG_GUEST_ERROR,
+ "mpcore_priv_read: Bad offset %x\n", (int)offset);
+ }
+}
+
+static const MemoryRegionOps mpcore_scu_ops = {
+ .read = mpcore_scu_read,
+ .write = mpcore_scu_write,
+ .endianness = DEVICE_NATIVE_ENDIAN,
+};
+
+static void mpcore_priv_set_irq(void *opaque, int irq, int level)
+{
+ ARM11MPCorePriveState *s = (ARM11MPCorePriveState *)opaque;
+ qemu_set_irq(qdev_get_gpio_in(s->gic, irq), level);
+}
+
+static void mpcore_priv_map_setup(ARM11MPCorePriveState *s)
+{
+ int i;
+ SysBusDevice *gicbusdev = SYS_BUS_DEVICE(s->gic);
+ SysBusDevice *timerbusdev = SYS_BUS_DEVICE(s->mptimer);
+ SysBusDevice *wdtbusdev = SYS_BUS_DEVICE(s->wdtimer);
+ memory_region_init(&s->container, OBJECT(s),
+ "mpcode-priv-container", 0x2000);
+ memory_region_init_io(&s->iomem, OBJECT(s),
+ &mpcore_scu_ops, s, "mpcore-scu", 0x100);
+ memory_region_add_subregion(&s->container, 0, &s->iomem);
+ /* GIC CPU interfaces: "current CPU" at 0x100, then specific CPUs
+ * at 0x200, 0x300...
+ */
+ for (i = 0; i < (s->num_cpu + 1); i++) {
+ hwaddr offset = 0x100 + (i * 0x100);
+ memory_region_add_subregion(&s->container, offset,
+ sysbus_mmio_get_region(gicbusdev, i + 1));
+ }
+ /* Add the regions for timer and watchdog for "current CPU" and
+ * for each specific CPU.
+ */
+ for (i = 0; i < (s->num_cpu + 1); i++) {
+ /* Timers at 0x600, 0x700, ...; watchdogs at 0x620, 0x720, ... */
+ hwaddr offset = 0x600 + i * 0x100;
+ memory_region_add_subregion(&s->container, offset,
+ sysbus_mmio_get_region(timerbusdev, i));
+ memory_region_add_subregion(&s->container, offset + 0x20,
+ sysbus_mmio_get_region(wdtbusdev, i));
+ }
+ memory_region_add_subregion(&s->container, 0x1000,
+ sysbus_mmio_get_region(gicbusdev, 0));
+ /* Wire up the interrupt from each watchdog and timer.
+ * For each core the timer is PPI 29 and the watchdog PPI 30.
+ */
+ for (i = 0; i < s->num_cpu; i++) {
+ int ppibase = (s->num_irq - 32) + i * 32;
+ sysbus_connect_irq(timerbusdev, i,
+ qdev_get_gpio_in(s->gic, ppibase + 29));
+ sysbus_connect_irq(wdtbusdev, i,
+ qdev_get_gpio_in(s->gic, ppibase + 30));
+ }
+}
+
+static int mpcore_priv_init(SysBusDevice *sbd)
+{
+ DeviceState *dev = DEVICE(sbd);
+ ARM11MPCorePriveState *s = ARM11MPCORE_PRIV(dev);
+
+ s->gic = qdev_create(NULL, "arm_gic");
+ qdev_prop_set_uint32(s->gic, "num-cpu", s->num_cpu);
+ qdev_prop_set_uint32(s->gic, "num-irq", s->num_irq);
+ /* Request the legacy 11MPCore GIC behaviour: */
+ qdev_prop_set_uint32(s->gic, "revision", 0);
+ qdev_init_nofail(s->gic);
+
+ /* Pass through outbound IRQ lines from the GIC */
+ sysbus_pass_irq(sbd, SYS_BUS_DEVICE(s->gic));
+
+ /* Pass through inbound GPIO lines to the GIC */
+ qdev_init_gpio_in(dev, mpcore_priv_set_irq, s->num_irq - 32);
+
+ s->mptimer = qdev_create(NULL, "arm_mptimer");
+ qdev_prop_set_uint32(s->mptimer, "num-cpu", s->num_cpu);
+ qdev_init_nofail(s->mptimer);
+
+ s->wdtimer = qdev_create(NULL, "arm_mptimer");
+ qdev_prop_set_uint32(s->wdtimer, "num-cpu", s->num_cpu);
+ qdev_init_nofail(s->wdtimer);
+
+ mpcore_priv_map_setup(s);
+ sysbus_init_mmio(sbd, &s->container);
+ return 0;
+}
+
+#define TYPE_REALVIEW_MPCORE_RIRQ "realview_mpcore"
+#define REALVIEW_MPCORE_RIRQ(obj) \
+ OBJECT_CHECK(mpcore_rirq_state, (obj), TYPE_REALVIEW_MPCORE_RIRQ)
+
+/* Dummy PIC to route IRQ lines. The baseboard has 4 independent IRQ
+ controllers. The output of these, plus some of the raw input lines
+ are fed into a single SMP-aware interrupt controller on the CPU. */
+typedef struct {
+ SysBusDevice parent_obj;
+
+ SysBusDevice *priv;
+ qemu_irq cpuic[32];
+ qemu_irq rvic[4][64];
+ uint32_t num_cpu;
+} mpcore_rirq_state;
+
+/* Map baseboard IRQs onto CPU IRQ lines. */
+static const int mpcore_irq_map[32] = {
+ -1, -1, -1, -1, 1, 2, -1, -1,
+ -1, -1, 6, -1, 4, 5, -1, -1,
+ -1, 14, 15, 0, 7, 8, -1, -1,
+ -1, -1, -1, -1, 9, 3, -1, -1,
+};
+
+static void mpcore_rirq_set_irq(void *opaque, int irq, int level)
+{
+ mpcore_rirq_state *s = (mpcore_rirq_state *)opaque;
+ int i;
+
+ for (i = 0; i < 4; i++) {
+ qemu_set_irq(s->rvic[i][irq], level);
+ }
+ if (irq < 32) {
+ irq = mpcore_irq_map[irq];
+ if (irq >= 0) {
+ qemu_set_irq(s->cpuic[irq], level);
+ }
+ }
+}
+
+static int realview_mpcore_init(SysBusDevice *sbd)
+{
+ DeviceState *dev = DEVICE(sbd);
+ mpcore_rirq_state *s = REALVIEW_MPCORE_RIRQ(dev);
+ DeviceState *gic;
+ DeviceState *priv;
+ int n;
+ int i;
+
+ priv = qdev_create(NULL, TYPE_ARM11MPCORE_PRIV);
+ qdev_prop_set_uint32(priv, "num-cpu", s->num_cpu);
+ qdev_init_nofail(priv);
+ s->priv = SYS_BUS_DEVICE(priv);
+ sysbus_pass_irq(sbd, s->priv);
+ for (i = 0; i < 32; i++) {
+ s->cpuic[i] = qdev_get_gpio_in(priv, i);
+ }
+ /* ??? IRQ routing is hardcoded to "normal" mode. */
+ for (n = 0; n < 4; n++) {
+ gic = sysbus_create_simple("realview_gic", 0x10040000 + n * 0x10000,
+ s->cpuic[10 + n]);
+ for (i = 0; i < 64; i++) {
+ s->rvic[n][i] = qdev_get_gpio_in(gic, i);
+ }
+ }
+ qdev_init_gpio_in(dev, mpcore_rirq_set_irq, 64);
+ sysbus_init_mmio(sbd, sysbus_mmio_get_region(s->priv, 0));
+ return 0;
+}
+
+static Property mpcore_rirq_properties[] = {
+ DEFINE_PROP_UINT32("num-cpu", mpcore_rirq_state, num_cpu, 1),
+ DEFINE_PROP_END_OF_LIST(),
+};
+
+static void mpcore_rirq_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
+
+ k->init = realview_mpcore_init;
+ dc->props = mpcore_rirq_properties;
+}
+
+static const TypeInfo mpcore_rirq_info = {
+ .name = TYPE_REALVIEW_MPCORE_RIRQ,
+ .parent = TYPE_SYS_BUS_DEVICE,
+ .instance_size = sizeof(mpcore_rirq_state),
+ .class_init = mpcore_rirq_class_init,
+};
+
+static Property mpcore_priv_properties[] = {
+ DEFINE_PROP_UINT32("num-cpu", ARM11MPCorePriveState, num_cpu, 1),
+ /* The ARM11 MPCORE TRM says the on-chip controller may have
+ * anything from 0 to 224 external interrupt IRQ lines (with another
+ * 32 internal). We default to 32+32, which is the number provided by
+ * the ARM11 MPCore test chip in the Realview Versatile Express
+ * coretile. Other boards may differ and should set this property
+ * appropriately. Some Linux kernels may not boot if the hardware
+ * has more IRQ lines than the kernel expects.
+ */
+ DEFINE_PROP_UINT32("num-irq", ARM11MPCorePriveState, num_irq, 64),
+ DEFINE_PROP_END_OF_LIST(),
+};
+
+static void mpcore_priv_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
+
+ k->init = mpcore_priv_init;
+ dc->props = mpcore_priv_properties;
+}
+
+static const TypeInfo mpcore_priv_info = {
+ .name = TYPE_ARM11MPCORE_PRIV,
+ .parent = TYPE_SYS_BUS_DEVICE,
+ .instance_size = sizeof(ARM11MPCorePriveState),
+ .class_init = mpcore_priv_class_init,
+};
+
+static void arm11mpcore_register_types(void)
+{
+ type_register_static(&mpcore_rirq_info);
+ type_register_static(&mpcore_priv_info);
+}
+
+type_init(arm11mpcore_register_types)
diff --git a/hw/cpu/icc_bus.c b/hw/cpu/icc_bus.c
new file mode 100644
index 000000000..8748cc504
--- /dev/null
+++ b/hw/cpu/icc_bus.c
@@ -0,0 +1,127 @@
+/* icc_bus.c
+ * emulate x86 ICC (Interrupt Controller Communications) bus
+ *
+ * Copyright (c) 2013 Red Hat, Inc
+ *
+ * Authors:
+ * Igor Mammedov <imammedo@redhat.com>
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, see <http://www.gnu.org/licenses/>
+ */
+#include "hw/cpu/icc_bus.h"
+#include "hw/sysbus.h"
+
+/* icc-bridge implementation */
+
+static void icc_bus_init(Object *obj)
+{
+ BusState *b = BUS(obj);
+
+ b->allow_hotplug = true;
+}
+
+static const TypeInfo icc_bus_info = {
+ .name = TYPE_ICC_BUS,
+ .parent = TYPE_BUS,
+ .instance_size = sizeof(ICCBus),
+ .instance_init = icc_bus_init,
+};
+
+
+/* icc-device implementation */
+
+static void icc_device_realize(DeviceState *dev, Error **errp)
+{
+ ICCDevice *id = ICC_DEVICE(dev);
+ ICCDeviceClass *idc = ICC_DEVICE_GET_CLASS(id);
+
+ if (idc->init) {
+ if (idc->init(id) < 0) {
+ error_setg(errp, "%s initialization failed.",
+ object_get_typename(OBJECT(dev)));
+ }
+ }
+}
+
+static void icc_device_class_init(ObjectClass *oc, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(oc);
+
+ dc->realize = icc_device_realize;
+ dc->bus_type = TYPE_ICC_BUS;
+}
+
+static const TypeInfo icc_device_info = {
+ .name = TYPE_ICC_DEVICE,
+ .parent = TYPE_DEVICE,
+ .abstract = true,
+ .instance_size = sizeof(ICCDevice),
+ .class_size = sizeof(ICCDeviceClass),
+ .class_init = icc_device_class_init,
+};
+
+
+/* icc-bridge implementation */
+
+typedef struct ICCBridgeState {
+ /*< private >*/
+ SysBusDevice parent_obj;
+ /*< public >*/
+
+ ICCBus icc_bus;
+ MemoryRegion apic_container;
+} ICCBridgeState;
+
+#define ICC_BRIGDE(obj) OBJECT_CHECK(ICCBridgeState, (obj), TYPE_ICC_BRIDGE)
+
+static void icc_bridge_init(Object *obj)
+{
+ ICCBridgeState *s = ICC_BRIGDE(obj);
+ SysBusDevice *sb = SYS_BUS_DEVICE(obj);
+
+ qbus_create_inplace(&s->icc_bus, TYPE_ICC_BUS, DEVICE(s), "icc");
+
+ /* Do not change order of registering regions,
+ * APIC must be first registered region, board maps it by 0 index
+ */
+ memory_region_init(&s->apic_container, obj, "icc-apic-container",
+ APIC_SPACE_SIZE);
+ sysbus_init_mmio(sb, &s->apic_container);
+ s->icc_bus.apic_address_space = &s->apic_container;
+}
+
+static void icc_bridge_class_init(ObjectClass *oc, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(oc);
+
+ set_bit(DEVICE_CATEGORY_BRIDGE, dc->categories);
+}
+
+static const TypeInfo icc_bridge_info = {
+ .name = TYPE_ICC_BRIDGE,
+ .parent = TYPE_SYS_BUS_DEVICE,
+ .instance_init = icc_bridge_init,
+ .instance_size = sizeof(ICCBridgeState),
+ .class_init = icc_bridge_class_init,
+};
+
+
+static void icc_bus_register_types(void)
+{
+ type_register_static(&icc_bus_info);
+ type_register_static(&icc_device_info);
+ type_register_static(&icc_bridge_info);
+}
+
+type_init(icc_bus_register_types)
diff --git a/hw/cris-boot.c b/hw/cris-boot.c
deleted file mode 100644
index b21326fad..000000000
--- a/hw/cris-boot.c
+++ /dev/null
@@ -1,98 +0,0 @@
-/*
- * CRIS image loading.
- *
- * Copyright (c) 2010 Edgar E. Iglesias, Axis Communications AB.
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
- * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
- * THE SOFTWARE.
- */
-
-#include "hw.h"
-#include "loader.h"
-#include "elf.h"
-#include "cris-boot.h"
-
-static void main_cpu_reset(void *opaque)
-{
- CRISCPU *cpu = opaque;
- CPUCRISState *env = &cpu->env;
- struct cris_load_info *li;
-
- li = env->load_info;
-
- cpu_reset(CPU(cpu));
-
- if (!li) {
- /* nothing more to do. */
- return;
- }
-
- env->pc = li->entry;
-
- if (li->image_filename) {
- env->regs[8] = 0x56902387; /* RAM boot magic. */
- env->regs[9] = 0x40004000 + li->image_size;
- }
-
- if (li->cmdline) {
- /* Let the kernel know we are modifying the cmdline. */
- env->regs[10] = 0x87109563;
- env->regs[11] = 0x40000000;
- }
-}
-
-static uint64_t translate_kernel_address(void *opaque, uint64_t addr)
-{
- return addr - 0x80000000LL;
-}
-
-void cris_load_image(CRISCPU *cpu, struct cris_load_info *li)
-{
- CPUCRISState *env = &cpu->env;
- uint64_t entry, high;
- int kcmdline_len;
- int image_size;
-
- env->load_info = li;
- /* Boots a kernel elf binary, os/linux-2.6/vmlinux from the axis
- devboard SDK. */
- image_size = load_elf(li->image_filename, translate_kernel_address, NULL,
- &entry, NULL, &high, 0, ELF_MACHINE, 0);
- li->entry = entry;
- if (image_size < 0) {
- /* Takes a kimage from the axis devboard SDK. */
- image_size = load_image_targphys(li->image_filename, 0x40004000,
- ram_size);
- li->entry = 0x40004000;
- }
-
- if (image_size < 0) {
- fprintf(stderr, "qemu: could not load kernel '%s'\n",
- li->image_filename);
- exit(1);
- }
-
- if (li->cmdline && (kcmdline_len = strlen(li->cmdline))) {
- if (kcmdline_len > 256) {
- fprintf(stderr, "Too long CRIS kernel cmdline (max 256)\n");
- exit(1);
- }
- pstrcpy_targphys("cmdline", 0x40000000, 256, li->cmdline);
- }
- qemu_register_reset(main_cpu_reset, cpu);
-}
diff --git a/hw/cris-boot.h b/hw/cris-boot.h
deleted file mode 100644
index 5b17d83cb..000000000
--- a/hw/cris-boot.h
+++ /dev/null
@@ -1,11 +0,0 @@
-
-struct cris_load_info
-{
- const char *image_filename;
- const char *cmdline;
- int image_size;
-
- hwaddr entry;
-};
-
-void cris_load_image(CRISCPU *cpu, struct cris_load_info *li);
diff --git a/hw/cris/Makefile.objs b/hw/cris/Makefile.objs
index aa9298a0e..776db7c5c 100644
--- a/hw/cris/Makefile.objs
+++ b/hw/cris/Makefile.objs
@@ -1,13 +1,3 @@
-# Boards
-obj-y = cris_pic_cpu.o
-obj-y += cris-boot.o
+obj-y += pic_cpu.o
+obj-y += boot.o
obj-y += axis_dev88.o
-
-# IO blocks
-obj-y += etraxfs_dma.o
-obj-y += etraxfs_pic.o
-obj-y += etraxfs_eth.o
-obj-y += etraxfs_timer.o
-obj-y += etraxfs_ser.o
-
-obj-y := $(addprefix ../,$(obj-y))
diff --git a/hw/cris/axis_dev88.c b/hw/cris/axis_dev88.c
new file mode 100644
index 000000000..9104d6194
--- /dev/null
+++ b/hw/cris/axis_dev88.c
@@ -0,0 +1,366 @@
+/*
+ * QEMU model for the AXIS devboard 88.
+ *
+ * Copyright (c) 2009 Edgar E. Iglesias, Axis Communications AB.
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+#include "hw/sysbus.h"
+#include "net/net.h"
+#include "hw/block/flash.h"
+#include "hw/boards.h"
+#include "hw/cris/etraxfs.h"
+#include "hw/loader.h"
+#include "elf.h"
+#include "boot.h"
+#include "sysemu/blockdev.h"
+#include "exec/address-spaces.h"
+
+#define D(x)
+#define DNAND(x)
+
+struct nand_state_t
+{
+ DeviceState *nand;
+ MemoryRegion iomem;
+ unsigned int rdy:1;
+ unsigned int ale:1;
+ unsigned int cle:1;
+ unsigned int ce:1;
+};
+
+static struct nand_state_t nand_state;
+static uint64_t nand_read(void *opaque, hwaddr addr, unsigned size)
+{
+ struct nand_state_t *s = opaque;
+ uint32_t r;
+ int rdy;
+
+ r = nand_getio(s->nand);
+ nand_getpins(s->nand, &rdy);
+ s->rdy = rdy;
+
+ DNAND(printf("%s addr=%x r=%x\n", __func__, addr, r));
+ return r;
+}
+
+static void
+nand_write(void *opaque, hwaddr addr, uint64_t value,
+ unsigned size)
+{
+ struct nand_state_t *s = opaque;
+ int rdy;
+
+ DNAND(printf("%s addr=%x v=%x\n", __func__, addr, (unsigned)value));
+ nand_setpins(s->nand, s->cle, s->ale, s->ce, 1, 0);
+ nand_setio(s->nand, value);
+ nand_getpins(s->nand, &rdy);
+ s->rdy = rdy;
+}
+
+static const MemoryRegionOps nand_ops = {
+ .read = nand_read,
+ .write = nand_write,
+ .endianness = DEVICE_NATIVE_ENDIAN,
+};
+
+struct tempsensor_t
+{
+ unsigned int shiftreg;
+ unsigned int count;
+ enum {
+ ST_OUT, ST_IN, ST_Z
+ } state;
+
+ uint16_t regs[3];
+};
+
+static void tempsensor_clkedge(struct tempsensor_t *s,
+ unsigned int clk, unsigned int data_in)
+{
+ D(printf("%s clk=%d state=%d sr=%x\n", __func__,
+ clk, s->state, s->shiftreg));
+ if (s->count == 0) {
+ s->count = 16;
+ s->state = ST_OUT;
+ }
+ switch (s->state) {
+ case ST_OUT:
+ /* Output reg is clocked at negedge. */
+ if (!clk) {
+ s->count--;
+ s->shiftreg <<= 1;
+ if (s->count == 0) {
+ s->shiftreg = 0;
+ s->state = ST_IN;
+ s->count = 16;
+ }
+ }
+ break;
+ case ST_Z:
+ if (clk) {
+ s->count--;
+ if (s->count == 0) {
+ s->shiftreg = 0;
+ s->state = ST_OUT;
+ s->count = 16;
+ }
+ }
+ break;
+ case ST_IN:
+ /* Indata is sampled at posedge. */
+ if (clk) {
+ s->count--;
+ s->shiftreg <<= 1;
+ s->shiftreg |= data_in & 1;
+ if (s->count == 0) {
+ D(printf("%s cfgreg=%x\n", __func__, s->shiftreg));
+ s->regs[0] = s->shiftreg;
+ s->state = ST_OUT;
+ s->count = 16;
+
+ if ((s->regs[0] & 0xff) == 0) {
+ /* 25 degrees celcius. */
+ s->shiftreg = 0x0b9f;
+ } else if ((s->regs[0] & 0xff) == 0xff) {
+ /* Sensor ID, 0x8100 LM70. */
+ s->shiftreg = 0x8100;
+ } else
+ printf("Invalid tempsens state %x\n", s->regs[0]);
+ }
+ }
+ break;
+ }
+}
+
+
+#define RW_PA_DOUT 0x00
+#define R_PA_DIN 0x01
+#define RW_PA_OE 0x02
+#define RW_PD_DOUT 0x10
+#define R_PD_DIN 0x11
+#define RW_PD_OE 0x12
+
+static struct gpio_state_t
+{
+ MemoryRegion iomem;
+ struct nand_state_t *nand;
+ struct tempsensor_t tempsensor;
+ uint32_t regs[0x5c / 4];
+} gpio_state;
+
+static uint64_t gpio_read(void *opaque, hwaddr addr, unsigned size)
+{
+ struct gpio_state_t *s = opaque;
+ uint32_t r = 0;
+
+ addr >>= 2;
+ switch (addr)
+ {
+ case R_PA_DIN:
+ r = s->regs[RW_PA_DOUT] & s->regs[RW_PA_OE];
+
+ /* Encode pins from the nand. */
+ r |= s->nand->rdy << 7;
+ break;
+ case R_PD_DIN:
+ r = s->regs[RW_PD_DOUT] & s->regs[RW_PD_OE];
+
+ /* Encode temp sensor pins. */
+ r |= (!!(s->tempsensor.shiftreg & 0x10000)) << 4;
+ break;
+
+ default:
+ r = s->regs[addr];
+ break;
+ }
+ return r;
+ D(printf("%s %x=%x\n", __func__, addr, r));
+}
+
+static void gpio_write(void *opaque, hwaddr addr, uint64_t value,
+ unsigned size)
+{
+ struct gpio_state_t *s = opaque;
+ D(printf("%s %x=%x\n", __func__, addr, (unsigned)value));
+
+ addr >>= 2;
+ switch (addr)
+ {
+ case RW_PA_DOUT:
+ /* Decode nand pins. */
+ s->nand->ale = !!(value & (1 << 6));
+ s->nand->cle = !!(value & (1 << 5));
+ s->nand->ce = !!(value & (1 << 4));
+
+ s->regs[addr] = value;
+ break;
+
+ case RW_PD_DOUT:
+ /* Temp sensor clk. */
+ if ((s->regs[addr] ^ value) & 2)
+ tempsensor_clkedge(&s->tempsensor, !!(value & 2),
+ !!(value & 16));
+ s->regs[addr] = value;
+ break;
+
+ default:
+ s->regs[addr] = value;
+ break;
+ }
+}
+
+static const MemoryRegionOps gpio_ops = {
+ .read = gpio_read,
+ .write = gpio_write,
+ .endianness = DEVICE_NATIVE_ENDIAN,
+ .valid = {
+ .min_access_size = 4,
+ .max_access_size = 4,
+ },
+};
+
+#define INTMEM_SIZE (128 * 1024)
+
+static struct cris_load_info li;
+
+static
+void axisdev88_init(QEMUMachineInitArgs *args)
+{
+ ram_addr_t ram_size = args->ram_size;
+ const char *cpu_model = args->cpu_model;
+ const char *kernel_filename = args->kernel_filename;
+ const char *kernel_cmdline = args->kernel_cmdline;
+ CRISCPU *cpu;
+ CPUCRISState *env;
+ DeviceState *dev;
+ SysBusDevice *s;
+ DriveInfo *nand;
+ qemu_irq irq[30], nmi[2], *cpu_irq;
+ void *etraxfs_dmac;
+ struct etraxfs_dma_client *dma_eth;
+ int i;
+ MemoryRegion *address_space_mem = get_system_memory();
+ MemoryRegion *phys_ram = g_new(MemoryRegion, 1);
+ MemoryRegion *phys_intmem = g_new(MemoryRegion, 1);
+
+ /* init CPUs */
+ if (cpu_model == NULL) {
+ cpu_model = "crisv32";
+ }
+ cpu = cpu_cris_init(cpu_model);
+ env = &cpu->env;
+
+ /* allocate RAM */
+ memory_region_init_ram(phys_ram, NULL, "axisdev88.ram", ram_size);
+ vmstate_register_ram_global(phys_ram);
+ memory_region_add_subregion(address_space_mem, 0x40000000, phys_ram);
+
+ /* The ETRAX-FS has 128Kb on chip ram, the docs refer to it as the
+ internal memory. */
+ memory_region_init_ram(phys_intmem, NULL, "axisdev88.chipram", INTMEM_SIZE);
+ vmstate_register_ram_global(phys_intmem);
+ memory_region_add_subregion(address_space_mem, 0x38000000, phys_intmem);
+
+ /* Attach a NAND flash to CS1. */
+ nand = drive_get(IF_MTD, 0, 0);
+ nand_state.nand = nand_init(nand ? nand->bdrv : NULL,
+ NAND_MFR_STMICRO, 0x39);
+ memory_region_init_io(&nand_state.iomem, NULL, &nand_ops, &nand_state,
+ "nand", 0x05000000);
+ memory_region_add_subregion(address_space_mem, 0x10000000,
+ &nand_state.iomem);
+
+ gpio_state.nand = &nand_state;
+ memory_region_init_io(&gpio_state.iomem, NULL, &gpio_ops, &gpio_state,
+ "gpio", 0x5c);
+ memory_region_add_subregion(address_space_mem, 0x3001a000,
+ &gpio_state.iomem);
+
+
+ cpu_irq = cris_pic_init_cpu(env);
+ dev = qdev_create(NULL, "etraxfs,pic");
+ /* FIXME: Is there a proper way to signal vectors to the CPU core? */
+ qdev_prop_set_ptr(dev, "interrupt_vector", &env->interrupt_vector);
+ qdev_init_nofail(dev);
+ s = SYS_BUS_DEVICE(dev);
+ sysbus_mmio_map(s, 0, 0x3001c000);
+ sysbus_connect_irq(s, 0, cpu_irq[0]);
+ sysbus_connect_irq(s, 1, cpu_irq[1]);
+ for (i = 0; i < 30; i++) {
+ irq[i] = qdev_get_gpio_in(dev, i);
+ }
+ nmi[0] = qdev_get_gpio_in(dev, 30);
+ nmi[1] = qdev_get_gpio_in(dev, 31);
+
+ etraxfs_dmac = etraxfs_dmac_init(0x30000000, 10);
+ for (i = 0; i < 10; i++) {
+ /* On ETRAX, odd numbered channels are inputs. */
+ etraxfs_dmac_connect(etraxfs_dmac, i, irq + 7 + i, i & 1);
+ }
+
+ /* Add the two ethernet blocks. */
+ dma_eth = g_malloc0(sizeof dma_eth[0] * 4); /* Allocate 4 channels. */
+ etraxfs_eth_init(&nd_table[0], 0x30034000, 1, &dma_eth[0], &dma_eth[1]);
+ if (nb_nics > 1) {
+ etraxfs_eth_init(&nd_table[1], 0x30036000, 2, &dma_eth[2], &dma_eth[3]);
+ }
+
+ /* The DMA Connector block is missing, hardwire things for now. */
+ etraxfs_dmac_connect_client(etraxfs_dmac, 0, &dma_eth[0]);
+ etraxfs_dmac_connect_client(etraxfs_dmac, 1, &dma_eth[1]);
+ if (nb_nics > 1) {
+ etraxfs_dmac_connect_client(etraxfs_dmac, 6, &dma_eth[2]);
+ etraxfs_dmac_connect_client(etraxfs_dmac, 7, &dma_eth[3]);
+ }
+
+ /* 2 timers. */
+ sysbus_create_varargs("etraxfs,timer", 0x3001e000, irq[0x1b], nmi[1], NULL);
+ sysbus_create_varargs("etraxfs,timer", 0x3005e000, irq[0x1b], nmi[1], NULL);
+
+ for (i = 0; i < 4; i++) {
+ sysbus_create_simple("etraxfs,serial", 0x30026000 + i * 0x2000,
+ irq[0x14 + i]);
+ }
+
+ if (!kernel_filename) {
+ fprintf(stderr, "Kernel image must be specified\n");
+ exit(1);
+ }
+
+ li.image_filename = kernel_filename;
+ li.cmdline = kernel_cmdline;
+ cris_load_image(cpu, &li);
+}
+
+static QEMUMachine axisdev88_machine = {
+ .name = "axis-dev88",
+ .desc = "AXIS devboard 88",
+ .init = axisdev88_init,
+ .is_default = 1,
+ DEFAULT_MACHINE_OPTIONS,
+};
+
+static void axisdev88_machine_init(void)
+{
+ qemu_register_machine(&axisdev88_machine);
+}
+
+machine_init(axisdev88_machine_init);
diff --git a/hw/cris/boot.c b/hw/cris/boot.c
new file mode 100644
index 000000000..622f353c9
--- /dev/null
+++ b/hw/cris/boot.c
@@ -0,0 +1,98 @@
+/*
+ * CRIS image loading.
+ *
+ * Copyright (c) 2010 Edgar E. Iglesias, Axis Communications AB.
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+#include "hw/hw.h"
+#include "hw/loader.h"
+#include "elf.h"
+#include "boot.h"
+
+static void main_cpu_reset(void *opaque)
+{
+ CRISCPU *cpu = opaque;
+ CPUCRISState *env = &cpu->env;
+ struct cris_load_info *li;
+
+ li = env->load_info;
+
+ cpu_reset(CPU(cpu));
+
+ if (!li) {
+ /* nothing more to do. */
+ return;
+ }
+
+ env->pc = li->entry;
+
+ if (li->image_filename) {
+ env->regs[8] = 0x56902387; /* RAM boot magic. */
+ env->regs[9] = 0x40004000 + li->image_size;
+ }
+
+ if (li->cmdline) {
+ /* Let the kernel know we are modifying the cmdline. */
+ env->regs[10] = 0x87109563;
+ env->regs[11] = 0x40000000;
+ }
+}
+
+static uint64_t translate_kernel_address(void *opaque, uint64_t addr)
+{
+ return addr - 0x80000000LL;
+}
+
+void cris_load_image(CRISCPU *cpu, struct cris_load_info *li)
+{
+ CPUCRISState *env = &cpu->env;
+ uint64_t entry, high;
+ int kcmdline_len;
+ int image_size;
+
+ env->load_info = li;
+ /* Boots a kernel elf binary, os/linux-2.6/vmlinux from the axis
+ devboard SDK. */
+ image_size = load_elf(li->image_filename, translate_kernel_address, NULL,
+ &entry, NULL, &high, 0, ELF_MACHINE, 0);
+ li->entry = entry;
+ if (image_size < 0) {
+ /* Takes a kimage from the axis devboard SDK. */
+ image_size = load_image_targphys(li->image_filename, 0x40004000,
+ ram_size);
+ li->entry = 0x40004000;
+ }
+
+ if (image_size < 0) {
+ fprintf(stderr, "qemu: could not load kernel '%s'\n",
+ li->image_filename);
+ exit(1);
+ }
+
+ if (li->cmdline && (kcmdline_len = strlen(li->cmdline))) {
+ if (kcmdline_len > 256) {
+ fprintf(stderr, "Too long CRIS kernel cmdline (max 256)\n");
+ exit(1);
+ }
+ pstrcpy_targphys("cmdline", 0x40000000, 256, li->cmdline);
+ }
+ qemu_register_reset(main_cpu_reset, cpu);
+}
diff --git a/hw/cris/boot.h b/hw/cris/boot.h
new file mode 100644
index 000000000..c4d3fa6f6
--- /dev/null
+++ b/hw/cris/boot.h
@@ -0,0 +1,15 @@
+#ifndef _CRIS_BOOT_H
+#define HW_CRIS_BOOT_H 1
+
+struct cris_load_info
+{
+ const char *image_filename;
+ const char *cmdline;
+ int image_size;
+
+ hwaddr entry;
+};
+
+void cris_load_image(CRISCPU *cpu, struct cris_load_info *li);
+
+#endif
diff --git a/hw/cris/pic_cpu.c b/hw/cris/pic_cpu.c
new file mode 100644
index 000000000..bd47bf1a5
--- /dev/null
+++ b/hw/cris/pic_cpu.c
@@ -0,0 +1,47 @@
+/*
+ * QEMU CRIS CPU interrupt wrapper logic.
+ *
+ * Copyright (c) 2009 Edgar E. Iglesias, Axis Communications AB.
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+#include "hw/sysbus.h"
+#include "hw/hw.h"
+#include "hw/cris/etraxfs.h"
+
+#define D(x)
+
+static void cris_pic_cpu_handler(void *opaque, int irq, int level)
+{
+ CRISCPU *cpu = opaque;
+ CPUState *cs = CPU(cpu);
+ int type = irq ? CPU_INTERRUPT_NMI : CPU_INTERRUPT_HARD;
+
+ if (level) {
+ cpu_interrupt(cs, type);
+ } else {
+ cpu_reset_interrupt(cs, type);
+ }
+}
+
+qemu_irq *cris_pic_init_cpu(CPUCRISState *env)
+{
+ return qemu_allocate_irqs(cris_pic_cpu_handler, cris_env_get_cpu(env), 2);
+}
diff --git a/hw/cris_pic_cpu.c b/hw/cris_pic_cpu.c
deleted file mode 100644
index 3da0e8653..000000000
--- a/hw/cris_pic_cpu.c
+++ /dev/null
@@ -1,45 +0,0 @@
-/*
- * QEMU CRIS CPU interrupt wrapper logic.
- *
- * Copyright (c) 2009 Edgar E. Iglesias, Axis Communications AB.
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
- * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
- * THE SOFTWARE.
- */
-
-#include "sysbus.h"
-#include "hw.h"
-#include "etraxfs.h"
-
-#define D(x)
-
-static void cris_pic_cpu_handler(void *opaque, int irq, int level)
-{
- CPUCRISState *env = (CPUCRISState *)opaque;
- int type = irq ? CPU_INTERRUPT_NMI : CPU_INTERRUPT_HARD;
-
- if (level)
- cpu_interrupt(env, type);
- else
- cpu_reset_interrupt(env, type);
-}
-
-qemu_irq *cris_pic_init_cpu(CPUCRISState *env)
-{
- return qemu_allocate_irqs(cris_pic_cpu_handler, env, 2);
-}
diff --git a/hw/cs4231.c b/hw/cs4231.c
deleted file mode 100644
index 23570d5b4..000000000
--- a/hw/cs4231.c
+++ /dev/null
@@ -1,181 +0,0 @@
-/*
- * QEMU Crystal CS4231 audio chip emulation
- *
- * Copyright (c) 2006 Fabrice Bellard
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
- * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
- * THE SOFTWARE.
- */
-
-#include "sysbus.h"
-#include "trace.h"
-
-/*
- * In addition to Crystal CS4231 there is a DMA controller on Sparc.
- */
-#define CS_SIZE 0x40
-#define CS_REGS 16
-#define CS_DREGS 32
-#define CS_MAXDREG (CS_DREGS - 1)
-
-typedef struct CSState {
- SysBusDevice busdev;
- MemoryRegion iomem;
- qemu_irq irq;
- uint32_t regs[CS_REGS];
- uint8_t dregs[CS_DREGS];
-} CSState;
-
-#define CS_RAP(s) ((s)->regs[0] & CS_MAXDREG)
-#define CS_VER 0xa0
-#define CS_CDC_VER 0x8a
-
-static void cs_reset(DeviceState *d)
-{
- CSState *s = container_of(d, CSState, busdev.qdev);
-
- memset(s->regs, 0, CS_REGS * 4);
- memset(s->dregs, 0, CS_DREGS);
- s->dregs[12] = CS_CDC_VER;
- s->dregs[25] = CS_VER;
-}
-
-static uint64_t cs_mem_read(void *opaque, hwaddr addr,
- unsigned size)
-{
- CSState *s = opaque;
- uint32_t saddr, ret;
-
- saddr = addr >> 2;
- switch (saddr) {
- case 1:
- switch (CS_RAP(s)) {
- case 3: // Write only
- ret = 0;
- break;
- default:
- ret = s->dregs[CS_RAP(s)];
- break;
- }
- trace_cs4231_mem_readl_dreg(CS_RAP(s), ret);
- break;
- default:
- ret = s->regs[saddr];
- trace_cs4231_mem_readl_reg(saddr, ret);
- break;
- }
- return ret;
-}
-
-static void cs_mem_write(void *opaque, hwaddr addr,
- uint64_t val, unsigned size)
-{
- CSState *s = opaque;
- uint32_t saddr;
-
- saddr = addr >> 2;
- trace_cs4231_mem_writel_reg(saddr, s->regs[saddr], val);
- switch (saddr) {
- case 1:
- trace_cs4231_mem_writel_dreg(CS_RAP(s), s->dregs[CS_RAP(s)], val);
- switch(CS_RAP(s)) {
- case 11:
- case 25: // Read only
- break;
- case 12:
- val &= 0x40;
- val |= CS_CDC_VER; // Codec version
- s->dregs[CS_RAP(s)] = val;
- break;
- default:
- s->dregs[CS_RAP(s)] = val;
- break;
- }
- break;
- case 2: // Read only
- break;
- case 4:
- if (val & 1) {
- cs_reset(&s->busdev.qdev);
- }
- val &= 0x7f;
- s->regs[saddr] = val;
- break;
- default:
- s->regs[saddr] = val;
- break;
- }
-}
-
-static const MemoryRegionOps cs_mem_ops = {
- .read = cs_mem_read,
- .write = cs_mem_write,
- .endianness = DEVICE_NATIVE_ENDIAN,
-};
-
-static const VMStateDescription vmstate_cs4231 = {
- .name ="cs4231",
- .version_id = 1,
- .minimum_version_id = 1,
- .minimum_version_id_old = 1,
- .fields = (VMStateField []) {
- VMSTATE_UINT32_ARRAY(regs, CSState, CS_REGS),
- VMSTATE_UINT8_ARRAY(dregs, CSState, CS_DREGS),
- VMSTATE_END_OF_LIST()
- }
-};
-
-static int cs4231_init1(SysBusDevice *dev)
-{
- CSState *s = FROM_SYSBUS(CSState, dev);
-
- memory_region_init_io(&s->iomem, &cs_mem_ops, s, "cs4321", CS_SIZE);
- sysbus_init_mmio(dev, &s->iomem);
- sysbus_init_irq(dev, &s->irq);
-
- return 0;
-}
-
-static Property cs4231_properties[] = {
- {.name = NULL},
-};
-
-static void cs4231_class_init(ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS(klass);
- SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
-
- k->init = cs4231_init1;
- dc->reset = cs_reset;
- dc->vmsd = &vmstate_cs4231;
- dc->props = cs4231_properties;
-}
-
-static TypeInfo cs4231_info = {
- .name = "SUNW,CS4231",
- .parent = TYPE_SYS_BUS_DEVICE,
- .instance_size = sizeof(CSState),
- .class_init = cs4231_class_init,
-};
-
-static void cs4231_register_types(void)
-{
- type_register_static(&cs4231_info);
-}
-
-type_init(cs4231_register_types)
diff --git a/hw/cs4231a.c b/hw/cs4231a.c
deleted file mode 100644
index 0257fd8d2..000000000
--- a/hw/cs4231a.c
+++ /dev/null
@@ -1,697 +0,0 @@
-/*
- * QEMU Crystal CS4231 audio chip emulation
- *
- * Copyright (c) 2006 Fabrice Bellard
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
- * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
- * THE SOFTWARE.
- */
-#include "hw.h"
-#include "audiodev.h"
-#include "audio/audio.h"
-#include "isa.h"
-#include "qdev.h"
-#include "qemu-timer.h"
-
-/*
- Missing features:
- ADC
- Loopback
- Timer
- ADPCM
- More...
-*/
-
-/* #define DEBUG */
-/* #define DEBUG_XLAW */
-
-static struct {
- int aci_counter;
-} conf = {1};
-
-#ifdef DEBUG
-#define dolog(...) AUD_log ("cs4231a", __VA_ARGS__)
-#else
-#define dolog(...)
-#endif
-
-#define lwarn(...) AUD_log ("cs4231a", "warning: " __VA_ARGS__)
-#define lerr(...) AUD_log ("cs4231a", "error: " __VA_ARGS__)
-
-#define CS_REGS 16
-#define CS_DREGS 32
-
-typedef struct CSState {
- ISADevice dev;
- QEMUSoundCard card;
- MemoryRegion ioports;
- qemu_irq pic;
- uint32_t regs[CS_REGS];
- uint8_t dregs[CS_DREGS];
- uint32_t irq;
- uint32_t dma;
- uint32_t port;
- int shift;
- int dma_running;
- int audio_free;
- int transferred;
- int aci_counter;
- SWVoiceOut *voice;
- int16_t *tab;
-} CSState;
-
-#define MODE2 (1 << 6)
-#define MCE (1 << 6)
-#define PMCE (1 << 4)
-#define CMCE (1 << 5)
-#define TE (1 << 6)
-#define PEN (1 << 0)
-#define INT (1 << 0)
-#define IEN (1 << 1)
-#define PPIO (1 << 6)
-#define PI (1 << 4)
-#define CI (1 << 5)
-#define TI (1 << 6)
-
-enum {
- Index_Address,
- Index_Data,
- Status,
- PIO_Data
-};
-
-enum {
- Left_ADC_Input_Control,
- Right_ADC_Input_Control,
- Left_AUX1_Input_Control,
- Right_AUX1_Input_Control,
- Left_AUX2_Input_Control,
- Right_AUX2_Input_Control,
- Left_DAC_Output_Control,
- Right_DAC_Output_Control,
- FS_And_Playback_Data_Format,
- Interface_Configuration,
- Pin_Control,
- Error_Status_And_Initialization,
- MODE_And_ID,
- Loopback_Control,
- Playback_Upper_Base_Count,
- Playback_Lower_Base_Count,
- Alternate_Feature_Enable_I,
- Alternate_Feature_Enable_II,
- Left_Line_Input_Control,
- Right_Line_Input_Control,
- Timer_Low_Base,
- Timer_High_Base,
- RESERVED,
- Alternate_Feature_Enable_III,
- Alternate_Feature_Status,
- Version_Chip_ID,
- Mono_Input_And_Output_Control,
- RESERVED_2,
- Capture_Data_Format,
- RESERVED_3,
- Capture_Upper_Base_Count,
- Capture_Lower_Base_Count
-};
-
-static int freqs[2][8] = {
- { 8000, 16000, 27420, 32000, -1, -1, 48000, 9000 },
- { 5510, 11025, 18900, 22050, 37800, 44100, 33075, 6620 }
-};
-
-/* Tables courtesy http://hazelware.luggle.com/tutorials/mulawcompression.html */
-static int16_t MuLawDecompressTable[256] =
-{
- -32124,-31100,-30076,-29052,-28028,-27004,-25980,-24956,
- -23932,-22908,-21884,-20860,-19836,-18812,-17788,-16764,
- -15996,-15484,-14972,-14460,-13948,-13436,-12924,-12412,
- -11900,-11388,-10876,-10364, -9852, -9340, -8828, -8316,
- -7932, -7676, -7420, -7164, -6908, -6652, -6396, -6140,
- -5884, -5628, -5372, -5116, -4860, -4604, -4348, -4092,
- -3900, -3772, -3644, -3516, -3388, -3260, -3132, -3004,
- -2876, -2748, -2620, -2492, -2364, -2236, -2108, -1980,
- -1884, -1820, -1756, -1692, -1628, -1564, -1500, -1436,
- -1372, -1308, -1244, -1180, -1116, -1052, -988, -924,
- -876, -844, -812, -780, -748, -716, -684, -652,
- -620, -588, -556, -524, -492, -460, -428, -396,
- -372, -356, -340, -324, -308, -292, -276, -260,
- -244, -228, -212, -196, -180, -164, -148, -132,
- -120, -112, -104, -96, -88, -80, -72, -64,
- -56, -48, -40, -32, -24, -16, -8, 0,
- 32124, 31100, 30076, 29052, 28028, 27004, 25980, 24956,
- 23932, 22908, 21884, 20860, 19836, 18812, 17788, 16764,
- 15996, 15484, 14972, 14460, 13948, 13436, 12924, 12412,
- 11900, 11388, 10876, 10364, 9852, 9340, 8828, 8316,
- 7932, 7676, 7420, 7164, 6908, 6652, 6396, 6140,
- 5884, 5628, 5372, 5116, 4860, 4604, 4348, 4092,
- 3900, 3772, 3644, 3516, 3388, 3260, 3132, 3004,
- 2876, 2748, 2620, 2492, 2364, 2236, 2108, 1980,
- 1884, 1820, 1756, 1692, 1628, 1564, 1500, 1436,
- 1372, 1308, 1244, 1180, 1116, 1052, 988, 924,
- 876, 844, 812, 780, 748, 716, 684, 652,
- 620, 588, 556, 524, 492, 460, 428, 396,
- 372, 356, 340, 324, 308, 292, 276, 260,
- 244, 228, 212, 196, 180, 164, 148, 132,
- 120, 112, 104, 96, 88, 80, 72, 64,
- 56, 48, 40, 32, 24, 16, 8, 0
-};
-
-static int16_t ALawDecompressTable[256] =
-{
- -5504, -5248, -6016, -5760, -4480, -4224, -4992, -4736,
- -7552, -7296, -8064, -7808, -6528, -6272, -7040, -6784,
- -2752, -2624, -3008, -2880, -2240, -2112, -2496, -2368,
- -3776, -3648, -4032, -3904, -3264, -3136, -3520, -3392,
- -22016,-20992,-24064,-23040,-17920,-16896,-19968,-18944,
- -30208,-29184,-32256,-31232,-26112,-25088,-28160,-27136,
- -11008,-10496,-12032,-11520,-8960, -8448, -9984, -9472,
- -15104,-14592,-16128,-15616,-13056,-12544,-14080,-13568,
- -344, -328, -376, -360, -280, -264, -312, -296,
- -472, -456, -504, -488, -408, -392, -440, -424,
- -88, -72, -120, -104, -24, -8, -56, -40,
- -216, -200, -248, -232, -152, -136, -184, -168,
- -1376, -1312, -1504, -1440, -1120, -1056, -1248, -1184,
- -1888, -1824, -2016, -1952, -1632, -1568, -1760, -1696,
- -688, -656, -752, -720, -560, -528, -624, -592,
- -944, -912, -1008, -976, -816, -784, -880, -848,
- 5504, 5248, 6016, 5760, 4480, 4224, 4992, 4736,
- 7552, 7296, 8064, 7808, 6528, 6272, 7040, 6784,
- 2752, 2624, 3008, 2880, 2240, 2112, 2496, 2368,
- 3776, 3648, 4032, 3904, 3264, 3136, 3520, 3392,
- 22016, 20992, 24064, 23040, 17920, 16896, 19968, 18944,
- 30208, 29184, 32256, 31232, 26112, 25088, 28160, 27136,
- 11008, 10496, 12032, 11520, 8960, 8448, 9984, 9472,
- 15104, 14592, 16128, 15616, 13056, 12544, 14080, 13568,
- 344, 328, 376, 360, 280, 264, 312, 296,
- 472, 456, 504, 488, 408, 392, 440, 424,
- 88, 72, 120, 104, 24, 8, 56, 40,
- 216, 200, 248, 232, 152, 136, 184, 168,
- 1376, 1312, 1504, 1440, 1120, 1056, 1248, 1184,
- 1888, 1824, 2016, 1952, 1632, 1568, 1760, 1696,
- 688, 656, 752, 720, 560, 528, 624, 592,
- 944, 912, 1008, 976, 816, 784, 880, 848
-};
-
-static void cs_reset (void *opaque)
-{
- CSState *s = opaque;
-
- s->regs[Index_Address] = 0x40;
- s->regs[Index_Data] = 0x00;
- s->regs[Status] = 0x00;
- s->regs[PIO_Data] = 0x00;
-
- s->dregs[Left_ADC_Input_Control] = 0x00;
- s->dregs[Right_ADC_Input_Control] = 0x00;
- s->dregs[Left_AUX1_Input_Control] = 0x88;
- s->dregs[Right_AUX1_Input_Control] = 0x88;
- s->dregs[Left_AUX2_Input_Control] = 0x88;
- s->dregs[Right_AUX2_Input_Control] = 0x88;
- s->dregs[Left_DAC_Output_Control] = 0x80;
- s->dregs[Right_DAC_Output_Control] = 0x80;
- s->dregs[FS_And_Playback_Data_Format] = 0x00;
- s->dregs[Interface_Configuration] = 0x08;
- s->dregs[Pin_Control] = 0x00;
- s->dregs[Error_Status_And_Initialization] = 0x00;
- s->dregs[MODE_And_ID] = 0x8a;
- s->dregs[Loopback_Control] = 0x00;
- s->dregs[Playback_Upper_Base_Count] = 0x00;
- s->dregs[Playback_Lower_Base_Count] = 0x00;
- s->dregs[Alternate_Feature_Enable_I] = 0x00;
- s->dregs[Alternate_Feature_Enable_II] = 0x00;
- s->dregs[Left_Line_Input_Control] = 0x88;
- s->dregs[Right_Line_Input_Control] = 0x88;
- s->dregs[Timer_Low_Base] = 0x00;
- s->dregs[Timer_High_Base] = 0x00;
- s->dregs[RESERVED] = 0x00;
- s->dregs[Alternate_Feature_Enable_III] = 0x00;
- s->dregs[Alternate_Feature_Status] = 0x00;
- s->dregs[Version_Chip_ID] = 0xa0;
- s->dregs[Mono_Input_And_Output_Control] = 0xa0;
- s->dregs[RESERVED_2] = 0x00;
- s->dregs[Capture_Data_Format] = 0x00;
- s->dregs[RESERVED_3] = 0x00;
- s->dregs[Capture_Upper_Base_Count] = 0x00;
- s->dregs[Capture_Lower_Base_Count] = 0x00;
-}
-
-static void cs_audio_callback (void *opaque, int free)
-{
- CSState *s = opaque;
- s->audio_free = free;
-}
-
-static void cs_reset_voices (CSState *s, uint32_t val)
-{
- int xtal;
- struct audsettings as;
-
-#ifdef DEBUG_XLAW
- if (val == 0 || val == 32)
- val = (1 << 4) | (1 << 5);
-#endif
-
- xtal = val & 1;
- as.freq = freqs[xtal][(val >> 1) & 7];
-
- if (as.freq == -1) {
- lerr ("unsupported frequency (val=%#x)\n", val);
- goto error;
- }
-
- as.nchannels = (val & (1 << 4)) ? 2 : 1;
- as.endianness = 0;
- s->tab = NULL;
-
- switch ((val >> 5) & ((s->dregs[MODE_And_ID] & MODE2) ? 7 : 3)) {
- case 0:
- as.fmt = AUD_FMT_U8;
- s->shift = as.nchannels == 2;
- break;
-
- case 1:
- s->tab = MuLawDecompressTable;
- goto x_law;
- case 3:
- s->tab = ALawDecompressTable;
- x_law:
- as.fmt = AUD_FMT_S16;
- as.endianness = AUDIO_HOST_ENDIANNESS;
- s->shift = as.nchannels == 2;
- break;
-
- case 6:
- as.endianness = 1;
- case 2:
- as.fmt = AUD_FMT_S16;
- s->shift = as.nchannels;
- break;
-
- case 7:
- case 4:
- lerr ("attempt to use reserved format value (%#x)\n", val);
- goto error;
-
- case 5:
- lerr ("ADPCM 4 bit IMA compatible format is not supported\n");
- goto error;
- }
-
- s->voice = AUD_open_out (
- &s->card,
- s->voice,
- "cs4231a",
- s,
- cs_audio_callback,
- &as
- );
-
- if (s->dregs[Interface_Configuration] & PEN) {
- if (!s->dma_running) {
- DMA_hold_DREQ (s->dma);
- AUD_set_active_out (s->voice, 1);
- s->transferred = 0;
- }
- s->dma_running = 1;
- }
- else {
- if (s->dma_running) {
- DMA_release_DREQ (s->dma);
- AUD_set_active_out (s->voice, 0);
- }
- s->dma_running = 0;
- }
- return;
-
- error:
- if (s->dma_running) {
- DMA_release_DREQ (s->dma);
- AUD_set_active_out (s->voice, 0);
- }
-}
-
-static uint64_t cs_read (void *opaque, hwaddr addr, unsigned size)
-{
- CSState *s = opaque;
- uint32_t saddr, iaddr, ret;
-
- saddr = addr;
- iaddr = ~0U;
-
- switch (saddr) {
- case Index_Address:
- ret = s->regs[saddr] & ~0x80;
- break;
-
- case Index_Data:
- if (!(s->dregs[MODE_And_ID] & MODE2))
- iaddr = s->regs[Index_Address] & 0x0f;
- else
- iaddr = s->regs[Index_Address] & 0x1f;
-
- ret = s->dregs[iaddr];
- if (iaddr == Error_Status_And_Initialization) {
- /* keep SEAL happy */
- if (s->aci_counter) {
- ret |= 1 << 5;
- s->aci_counter -= 1;
- }
- }
- break;
-
- default:
- ret = s->regs[saddr];
- break;
- }
- dolog ("read %d:%d -> %d\n", saddr, iaddr, ret);
- return ret;
-}
-
-static void cs_write (void *opaque, hwaddr addr,
- uint64_t val64, unsigned size)
-{
- CSState *s = opaque;
- uint32_t saddr, iaddr, val;
-
- saddr = addr;
- val = val64;
-
- switch (saddr) {
- case Index_Address:
- if (!(s->regs[Index_Address] & MCE) && (val & MCE)
- && (s->dregs[Interface_Configuration] & (3 << 3)))
- s->aci_counter = conf.aci_counter;
-
- s->regs[Index_Address] = val & ~(1 << 7);
- break;
-
- case Index_Data:
- if (!(s->dregs[MODE_And_ID] & MODE2))
- iaddr = s->regs[Index_Address] & 0x0f;
- else
- iaddr = s->regs[Index_Address] & 0x1f;
-
- switch (iaddr) {
- case RESERVED:
- case RESERVED_2:
- case RESERVED_3:
- lwarn ("attempt to write %#x to reserved indirect register %d\n",
- val, iaddr);
- break;
-
- case FS_And_Playback_Data_Format:
- if (s->regs[Index_Address] & MCE) {
- cs_reset_voices (s, val);
- }
- else {
- if (s->dregs[Alternate_Feature_Status] & PMCE) {
- val = (val & ~0x0f) | (s->dregs[iaddr] & 0x0f);
- cs_reset_voices (s, val);
- }
- else {
- lwarn ("[P]MCE(%#x, %#x) is not set, val=%#x\n",
- s->regs[Index_Address],
- s->dregs[Alternate_Feature_Status],
- val);
- break;
- }
- }
- s->dregs[iaddr] = val;
- break;
-
- case Interface_Configuration:
- val &= ~(1 << 5); /* D5 is reserved */
- s->dregs[iaddr] = val;
- if (val & PPIO) {
- lwarn ("PIO is not supported (%#x)\n", val);
- break;
- }
- if (val & PEN) {
- if (!s->dma_running) {
- cs_reset_voices (s, s->dregs[FS_And_Playback_Data_Format]);
- }
- }
- else {
- if (s->dma_running) {
- DMA_release_DREQ (s->dma);
- AUD_set_active_out (s->voice, 0);
- s->dma_running = 0;
- }
- }
- break;
-
- case Error_Status_And_Initialization:
- lwarn ("attempt to write to read only register %d\n", iaddr);
- break;
-
- case MODE_And_ID:
- dolog ("val=%#x\n", val);
- if (val & MODE2)
- s->dregs[iaddr] |= MODE2;
- else
- s->dregs[iaddr] &= ~MODE2;
- break;
-
- case Alternate_Feature_Enable_I:
- if (val & TE)
- lerr ("timer is not yet supported\n");
- s->dregs[iaddr] = val;
- break;
-
- case Alternate_Feature_Status:
- if ((s->dregs[iaddr] & PI) && !(val & PI)) {
- /* XXX: TI CI */
- qemu_irq_lower (s->pic);
- s->regs[Status] &= ~INT;
- }
- s->dregs[iaddr] = val;
- break;
-
- case Version_Chip_ID:
- lwarn ("write to Version_Chip_ID register %#x\n", val);
- s->dregs[iaddr] = val;
- break;
-
- default:
- s->dregs[iaddr] = val;
- break;
- }
- dolog ("written value %#x to indirect register %d\n", val, iaddr);
- break;
-
- case Status:
- if (s->regs[Status] & INT) {
- qemu_irq_lower (s->pic);
- }
- s->regs[Status] &= ~INT;
- s->dregs[Alternate_Feature_Status] &= ~(PI | CI | TI);
- break;
-
- case PIO_Data:
- lwarn ("attempt to write value %#x to PIO register\n", val);
- break;
- }
-}
-
-static int cs_write_audio (CSState *s, int nchan, int dma_pos,
- int dma_len, int len)
-{
- int temp, net;
- uint8_t tmpbuf[4096];
-
- temp = len;
- net = 0;
-
- while (temp) {
- int left = dma_len - dma_pos;
- int copied;
- size_t to_copy;
-
- to_copy = audio_MIN (temp, left);
- if (to_copy > sizeof (tmpbuf)) {
- to_copy = sizeof (tmpbuf);
- }
-
- copied = DMA_read_memory (nchan, tmpbuf, dma_pos, to_copy);
- if (s->tab) {
- int i;
- int16_t linbuf[4096];
-
- for (i = 0; i < copied; ++i)
- linbuf[i] = s->tab[tmpbuf[i]];
- copied = AUD_write (s->voice, linbuf, copied << 1);
- copied >>= 1;
- }
- else {
- copied = AUD_write (s->voice, tmpbuf, copied);
- }
-
- temp -= copied;
- dma_pos = (dma_pos + copied) % dma_len;
- net += copied;
-
- if (!copied) {
- break;
- }
- }
-
- return net;
-}
-
-static int cs_dma_read (void *opaque, int nchan, int dma_pos, int dma_len)
-{
- CSState *s = opaque;
- int copy, written;
- int till = -1;
-
- copy = s->voice ? (s->audio_free >> (s->tab != NULL)) : dma_len;
-
- if (s->dregs[Pin_Control] & IEN) {
- till = (s->dregs[Playback_Lower_Base_Count]
- | (s->dregs[Playback_Upper_Base_Count] << 8)) << s->shift;
- till -= s->transferred;
- copy = audio_MIN (till, copy);
- }
-
- if ((copy <= 0) || (dma_len <= 0)) {
- return dma_pos;
- }
-
- written = cs_write_audio (s, nchan, dma_pos, dma_len, copy);
-
- dma_pos = (dma_pos + written) % dma_len;
- s->audio_free -= (written << (s->tab != NULL));
-
- if (written == till) {
- s->regs[Status] |= INT;
- s->dregs[Alternate_Feature_Status] |= PI;
- s->transferred = 0;
- qemu_irq_raise (s->pic);
- }
- else {
- s->transferred += written;
- }
-
- return dma_pos;
-}
-
-static int cs4231a_pre_load (void *opaque)
-{
- CSState *s = opaque;
-
- if (s->dma_running) {
- DMA_release_DREQ (s->dma);
- AUD_set_active_out (s->voice, 0);
- }
- s->dma_running = 0;
- return 0;
-}
-
-static int cs4231a_post_load (void *opaque, int version_id)
-{
- CSState *s = opaque;
-
- if (s->dma_running && (s->dregs[Interface_Configuration] & PEN)) {
- s->dma_running = 0;
- cs_reset_voices (s, s->dregs[FS_And_Playback_Data_Format]);
- }
- return 0;
-}
-
-static const VMStateDescription vmstate_cs4231a = {
- .name = "cs4231a",
- .version_id = 1,
- .minimum_version_id = 1,
- .minimum_version_id_old = 1,
- .pre_load = cs4231a_pre_load,
- .post_load = cs4231a_post_load,
- .fields = (VMStateField []) {
- VMSTATE_UINT32_ARRAY (regs, CSState, CS_REGS),
- VMSTATE_BUFFER (dregs, CSState),
- VMSTATE_INT32 (dma_running, CSState),
- VMSTATE_INT32 (audio_free, CSState),
- VMSTATE_INT32 (transferred, CSState),
- VMSTATE_INT32 (aci_counter, CSState),
- VMSTATE_END_OF_LIST ()
- }
-};
-
-static const MemoryRegionOps cs_ioport_ops = {
- .read = cs_read,
- .write = cs_write,
- .impl = {
- .min_access_size = 1,
- .max_access_size = 1,
- }
-};
-
-static int cs4231a_initfn (ISADevice *dev)
-{
- CSState *s = DO_UPCAST (CSState, dev, dev);
-
- isa_init_irq (dev, &s->pic, s->irq);
-
- memory_region_init_io (&s->ioports, &cs_ioport_ops, s, "cs4231a", 4);
- isa_register_ioport (dev, &s->ioports, s->port);
-
- DMA_register_channel (s->dma, cs_dma_read, s);
-
- qemu_register_reset (cs_reset, s);
- cs_reset (s);
-
- AUD_register_card ("cs4231a", &s->card);
- return 0;
-}
-
-int cs4231a_init (ISABus *bus)
-{
- isa_create_simple (bus, "cs4231a");
- return 0;
-}
-
-static Property cs4231a_properties[] = {
- DEFINE_PROP_HEX32 ("iobase", CSState, port, 0x534),
- DEFINE_PROP_UINT32 ("irq", CSState, irq, 9),
- DEFINE_PROP_UINT32 ("dma", CSState, dma, 3),
- DEFINE_PROP_END_OF_LIST (),
-};
-
-static void cs4231a_class_initfn (ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS (klass);
- ISADeviceClass *ic = ISA_DEVICE_CLASS (klass);
- ic->init = cs4231a_initfn;
- dc->desc = "Crystal Semiconductor CS4231A";
- dc->vmsd = &vmstate_cs4231a;
- dc->props = cs4231a_properties;
-}
-
-static TypeInfo cs4231a_info = {
- .name = "cs4231a",
- .parent = TYPE_ISA_DEVICE,
- .instance_size = sizeof (CSState),
- .class_init = cs4231a_class_initfn,
-};
-
-static void cs4231a_register_types (void)
-{
- type_register_static (&cs4231a_info);
-}
-
-type_init (cs4231a_register_types)
diff --git a/hw/cuda.c b/hw/cuda.c
deleted file mode 100644
index f1f408b83..000000000
--- a/hw/cuda.c
+++ /dev/null
@@ -1,752 +0,0 @@
-/*
- * QEMU PowerMac CUDA device support
- *
- * Copyright (c) 2004-2007 Fabrice Bellard
- * Copyright (c) 2007 Jocelyn Mayer
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
- * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
- * THE SOFTWARE.
- */
-#include "hw.h"
-#include "ppc_mac.h"
-#include "adb.h"
-#include "qemu-timer.h"
-#include "sysemu.h"
-
-/* XXX: implement all timer modes */
-
-/* debug CUDA */
-//#define DEBUG_CUDA
-
-/* debug CUDA packets */
-//#define DEBUG_CUDA_PACKET
-
-#ifdef DEBUG_CUDA
-#define CUDA_DPRINTF(fmt, ...) \
- do { printf("CUDA: " fmt , ## __VA_ARGS__); } while (0)
-#else
-#define CUDA_DPRINTF(fmt, ...)
-#endif
-
-/* Bits in B data register: all active low */
-#define TREQ 0x08 /* Transfer request (input) */
-#define TACK 0x10 /* Transfer acknowledge (output) */
-#define TIP 0x20 /* Transfer in progress (output) */
-
-/* Bits in ACR */
-#define SR_CTRL 0x1c /* Shift register control bits */
-#define SR_EXT 0x0c /* Shift on external clock */
-#define SR_OUT 0x10 /* Shift out if 1 */
-
-/* Bits in IFR and IER */
-#define IER_SET 0x80 /* set bits in IER */
-#define IER_CLR 0 /* clear bits in IER */
-#define SR_INT 0x04 /* Shift register full/empty */
-#define T1_INT 0x40 /* Timer 1 interrupt */
-#define T2_INT 0x20 /* Timer 2 interrupt */
-
-/* Bits in ACR */
-#define T1MODE 0xc0 /* Timer 1 mode */
-#define T1MODE_CONT 0x40 /* continuous interrupts */
-
-/* commands (1st byte) */
-#define ADB_PACKET 0
-#define CUDA_PACKET 1
-#define ERROR_PACKET 2
-#define TIMER_PACKET 3
-#define POWER_PACKET 4
-#define MACIIC_PACKET 5
-#define PMU_PACKET 6
-
-
-/* CUDA commands (2nd byte) */
-#define CUDA_WARM_START 0x0
-#define CUDA_AUTOPOLL 0x1
-#define CUDA_GET_6805_ADDR 0x2
-#define CUDA_GET_TIME 0x3
-#define CUDA_GET_PRAM 0x7
-#define CUDA_SET_6805_ADDR 0x8
-#define CUDA_SET_TIME 0x9
-#define CUDA_POWERDOWN 0xa
-#define CUDA_POWERUP_TIME 0xb
-#define CUDA_SET_PRAM 0xc
-#define CUDA_MS_RESET 0xd
-#define CUDA_SEND_DFAC 0xe
-#define CUDA_BATTERY_SWAP_SENSE 0x10
-#define CUDA_RESET_SYSTEM 0x11
-#define CUDA_SET_IPL 0x12
-#define CUDA_FILE_SERVER_FLAG 0x13
-#define CUDA_SET_AUTO_RATE 0x14
-#define CUDA_GET_AUTO_RATE 0x16
-#define CUDA_SET_DEVICE_LIST 0x19
-#define CUDA_GET_DEVICE_LIST 0x1a
-#define CUDA_SET_ONE_SECOND_MODE 0x1b
-#define CUDA_SET_POWER_MESSAGES 0x21
-#define CUDA_GET_SET_IIC 0x22
-#define CUDA_WAKEUP 0x23
-#define CUDA_TIMER_TICKLE 0x24
-#define CUDA_COMBINED_FORMAT_IIC 0x25
-
-#define CUDA_TIMER_FREQ (4700000 / 6)
-#define CUDA_ADB_POLL_FREQ 50
-
-/* CUDA returns time_t's offset from Jan 1, 1904, not 1970 */
-#define RTC_OFFSET 2082844800
-
-typedef struct CUDATimer {
- int index;
- uint16_t latch;
- uint16_t counter_value; /* counter value at load time */
- int64_t load_time;
- int64_t next_irq_time;
- QEMUTimer *timer;
-} CUDATimer;
-
-typedef struct CUDAState {
- MemoryRegion mem;
- /* cuda registers */
- uint8_t b; /* B-side data */
- uint8_t a; /* A-side data */
- uint8_t dirb; /* B-side direction (1=output) */
- uint8_t dira; /* A-side direction (1=output) */
- uint8_t sr; /* Shift register */
- uint8_t acr; /* Auxiliary control register */
- uint8_t pcr; /* Peripheral control register */
- uint8_t ifr; /* Interrupt flag register */
- uint8_t ier; /* Interrupt enable register */
- uint8_t anh; /* A-side data, no handshake */
-
- CUDATimer timers[2];
-
- uint32_t tick_offset;
-
- uint8_t last_b; /* last value of B register */
- uint8_t last_acr; /* last value of B register */
-
- int data_in_size;
- int data_in_index;
- int data_out_index;
-
- qemu_irq irq;
- uint8_t autopoll;
- uint8_t data_in[128];
- uint8_t data_out[16];
- QEMUTimer *adb_poll_timer;
-} CUDAState;
-
-static CUDAState cuda_state;
-ADBBusState adb_bus;
-
-static void cuda_update(CUDAState *s);
-static void cuda_receive_packet_from_host(CUDAState *s,
- const uint8_t *data, int len);
-static void cuda_timer_update(CUDAState *s, CUDATimer *ti,
- int64_t current_time);
-
-static void cuda_update_irq(CUDAState *s)
-{
- if (s->ifr & s->ier & (SR_INT | T1_INT)) {
- qemu_irq_raise(s->irq);
- } else {
- qemu_irq_lower(s->irq);
- }
-}
-
-static unsigned int get_counter(CUDATimer *s)
-{
- int64_t d;
- unsigned int counter;
-
- d = muldiv64(qemu_get_clock_ns(vm_clock) - s->load_time,
- CUDA_TIMER_FREQ, get_ticks_per_sec());
- if (s->index == 0) {
- /* the timer goes down from latch to -1 (period of latch + 2) */
- if (d <= (s->counter_value + 1)) {
- counter = (s->counter_value - d) & 0xffff;
- } else {
- counter = (d - (s->counter_value + 1)) % (s->latch + 2);
- counter = (s->latch - counter) & 0xffff;
- }
- } else {
- counter = (s->counter_value - d) & 0xffff;
- }
- return counter;
-}
-
-static void set_counter(CUDAState *s, CUDATimer *ti, unsigned int val)
-{
- CUDA_DPRINTF("T%d.counter=%d\n", 1 + (ti->timer == NULL), val);
- ti->load_time = qemu_get_clock_ns(vm_clock);
- ti->counter_value = val;
- cuda_timer_update(s, ti, ti->load_time);
-}
-
-static int64_t get_next_irq_time(CUDATimer *s, int64_t current_time)
-{
- int64_t d, next_time;
- unsigned int counter;
-
- /* current counter value */
- d = muldiv64(current_time - s->load_time,
- CUDA_TIMER_FREQ, get_ticks_per_sec());
- /* the timer goes down from latch to -1 (period of latch + 2) */
- if (d <= (s->counter_value + 1)) {
- counter = (s->counter_value - d) & 0xffff;
- } else {
- counter = (d - (s->counter_value + 1)) % (s->latch + 2);
- counter = (s->latch - counter) & 0xffff;
- }
-
- /* Note: we consider the irq is raised on 0 */
- if (counter == 0xffff) {
- next_time = d + s->latch + 1;
- } else if (counter == 0) {
- next_time = d + s->latch + 2;
- } else {
- next_time = d + counter;
- }
- CUDA_DPRINTF("latch=%d counter=%" PRId64 " delta_next=%" PRId64 "\n",
- s->latch, d, next_time - d);
- next_time = muldiv64(next_time, get_ticks_per_sec(), CUDA_TIMER_FREQ) +
- s->load_time;
- if (next_time <= current_time)
- next_time = current_time + 1;
- return next_time;
-}
-
-static void cuda_timer_update(CUDAState *s, CUDATimer *ti,
- int64_t current_time)
-{
- if (!ti->timer)
- return;
- if ((s->acr & T1MODE) != T1MODE_CONT) {
- qemu_del_timer(ti->timer);
- } else {
- ti->next_irq_time = get_next_irq_time(ti, current_time);
- qemu_mod_timer(ti->timer, ti->next_irq_time);
- }
-}
-
-static void cuda_timer1(void *opaque)
-{
- CUDAState *s = opaque;
- CUDATimer *ti = &s->timers[0];
-
- cuda_timer_update(s, ti, ti->next_irq_time);
- s->ifr |= T1_INT;
- cuda_update_irq(s);
-}
-
-static uint32_t cuda_readb(void *opaque, hwaddr addr)
-{
- CUDAState *s = opaque;
- uint32_t val;
-
- addr = (addr >> 9) & 0xf;
- switch(addr) {
- case 0:
- val = s->b;
- break;
- case 1:
- val = s->a;
- break;
- case 2:
- val = s->dirb;
- break;
- case 3:
- val = s->dira;
- break;
- case 4:
- val = get_counter(&s->timers[0]) & 0xff;
- s->ifr &= ~T1_INT;
- cuda_update_irq(s);
- break;
- case 5:
- val = get_counter(&s->timers[0]) >> 8;
- cuda_update_irq(s);
- break;
- case 6:
- val = s->timers[0].latch & 0xff;
- break;
- case 7:
- /* XXX: check this */
- val = (s->timers[0].latch >> 8) & 0xff;
- break;
- case 8:
- val = get_counter(&s->timers[1]) & 0xff;
- s->ifr &= ~T2_INT;
- break;
- case 9:
- val = get_counter(&s->timers[1]) >> 8;
- break;
- case 10:
- val = s->sr;
- s->ifr &= ~SR_INT;
- cuda_update_irq(s);
- break;
- case 11:
- val = s->acr;
- break;
- case 12:
- val = s->pcr;
- break;
- case 13:
- val = s->ifr;
- if (s->ifr & s->ier)
- val |= 0x80;
- break;
- case 14:
- val = s->ier | 0x80;
- break;
- default:
- case 15:
- val = s->anh;
- break;
- }
- if (addr != 13 || val != 0) {
- CUDA_DPRINTF("read: reg=0x%x val=%02x\n", (int)addr, val);
- }
-
- return val;
-}
-
-static void cuda_writeb(void *opaque, hwaddr addr, uint32_t val)
-{
- CUDAState *s = opaque;
-
- addr = (addr >> 9) & 0xf;
- CUDA_DPRINTF("write: reg=0x%x val=%02x\n", (int)addr, val);
-
- switch(addr) {
- case 0:
- s->b = val;
- cuda_update(s);
- break;
- case 1:
- s->a = val;
- break;
- case 2:
- s->dirb = val;
- break;
- case 3:
- s->dira = val;
- break;
- case 4:
- s->timers[0].latch = (s->timers[0].latch & 0xff00) | val;
- cuda_timer_update(s, &s->timers[0], qemu_get_clock_ns(vm_clock));
- break;
- case 5:
- s->timers[0].latch = (s->timers[0].latch & 0xff) | (val << 8);
- s->ifr &= ~T1_INT;
- set_counter(s, &s->timers[0], s->timers[0].latch);
- break;
- case 6:
- s->timers[0].latch = (s->timers[0].latch & 0xff00) | val;
- cuda_timer_update(s, &s->timers[0], qemu_get_clock_ns(vm_clock));
- break;
- case 7:
- s->timers[0].latch = (s->timers[0].latch & 0xff) | (val << 8);
- s->ifr &= ~T1_INT;
- cuda_timer_update(s, &s->timers[0], qemu_get_clock_ns(vm_clock));
- break;
- case 8:
- s->timers[1].latch = val;
- set_counter(s, &s->timers[1], val);
- break;
- case 9:
- set_counter(s, &s->timers[1], (val << 8) | s->timers[1].latch);
- break;
- case 10:
- s->sr = val;
- break;
- case 11:
- s->acr = val;
- cuda_timer_update(s, &s->timers[0], qemu_get_clock_ns(vm_clock));
- cuda_update(s);
- break;
- case 12:
- s->pcr = val;
- break;
- case 13:
- /* reset bits */
- s->ifr &= ~val;
- cuda_update_irq(s);
- break;
- case 14:
- if (val & IER_SET) {
- /* set bits */
- s->ier |= val & 0x7f;
- } else {
- /* reset bits */
- s->ier &= ~val;
- }
- cuda_update_irq(s);
- break;
- default:
- case 15:
- s->anh = val;
- break;
- }
-}
-
-/* NOTE: TIP and TREQ are negated */
-static void cuda_update(CUDAState *s)
-{
- int packet_received, len;
-
- packet_received = 0;
- if (!(s->b & TIP)) {
- /* transfer requested from host */
-
- if (s->acr & SR_OUT) {
- /* data output */
- if ((s->b & (TACK | TIP)) != (s->last_b & (TACK | TIP))) {
- if (s->data_out_index < sizeof(s->data_out)) {
- CUDA_DPRINTF("send: %02x\n", s->sr);
- s->data_out[s->data_out_index++] = s->sr;
- s->ifr |= SR_INT;
- cuda_update_irq(s);
- }
- }
- } else {
- if (s->data_in_index < s->data_in_size) {
- /* data input */
- if ((s->b & (TACK | TIP)) != (s->last_b & (TACK | TIP))) {
- s->sr = s->data_in[s->data_in_index++];
- CUDA_DPRINTF("recv: %02x\n", s->sr);
- /* indicate end of transfer */
- if (s->data_in_index >= s->data_in_size) {
- s->b = (s->b | TREQ);
- }
- s->ifr |= SR_INT;
- cuda_update_irq(s);
- }
- }
- }
- } else {
- /* no transfer requested: handle sync case */
- if ((s->last_b & TIP) && (s->b & TACK) != (s->last_b & TACK)) {
- /* update TREQ state each time TACK change state */
- if (s->b & TACK)
- s->b = (s->b | TREQ);
- else
- s->b = (s->b & ~TREQ);
- s->ifr |= SR_INT;
- cuda_update_irq(s);
- } else {
- if (!(s->last_b & TIP)) {
- /* handle end of host to cuda transfer */
- packet_received = (s->data_out_index > 0);
- /* always an IRQ at the end of transfer */
- s->ifr |= SR_INT;
- cuda_update_irq(s);
- }
- /* signal if there is data to read */
- if (s->data_in_index < s->data_in_size) {
- s->b = (s->b & ~TREQ);
- }
- }
- }
-
- s->last_acr = s->acr;
- s->last_b = s->b;
-
- /* NOTE: cuda_receive_packet_from_host() can call cuda_update()
- recursively */
- if (packet_received) {
- len = s->data_out_index;
- s->data_out_index = 0;
- cuda_receive_packet_from_host(s, s->data_out, len);
- }
-}
-
-static void cuda_send_packet_to_host(CUDAState *s,
- const uint8_t *data, int len)
-{
-#ifdef DEBUG_CUDA_PACKET
- {
- int i;
- printf("cuda_send_packet_to_host:\n");
- for(i = 0; i < len; i++)
- printf(" %02x", data[i]);
- printf("\n");
- }
-#endif
- memcpy(s->data_in, data, len);
- s->data_in_size = len;
- s->data_in_index = 0;
- cuda_update(s);
- s->ifr |= SR_INT;
- cuda_update_irq(s);
-}
-
-static void cuda_adb_poll(void *opaque)
-{
- CUDAState *s = opaque;
- uint8_t obuf[ADB_MAX_OUT_LEN + 2];
- int olen;
-
- olen = adb_poll(&adb_bus, obuf + 2);
- if (olen > 0) {
- obuf[0] = ADB_PACKET;
- obuf[1] = 0x40; /* polled data */
- cuda_send_packet_to_host(s, obuf, olen + 2);
- }
- qemu_mod_timer(s->adb_poll_timer,
- qemu_get_clock_ns(vm_clock) +
- (get_ticks_per_sec() / CUDA_ADB_POLL_FREQ));
-}
-
-static void cuda_receive_packet(CUDAState *s,
- const uint8_t *data, int len)
-{
- uint8_t obuf[16];
- int autopoll;
- uint32_t ti;
-
- switch(data[0]) {
- case CUDA_AUTOPOLL:
- autopoll = (data[1] != 0);
- if (autopoll != s->autopoll) {
- s->autopoll = autopoll;
- if (autopoll) {
- qemu_mod_timer(s->adb_poll_timer,
- qemu_get_clock_ns(vm_clock) +
- (get_ticks_per_sec() / CUDA_ADB_POLL_FREQ));
- } else {
- qemu_del_timer(s->adb_poll_timer);
- }
- }
- obuf[0] = CUDA_PACKET;
- obuf[1] = data[1];
- cuda_send_packet_to_host(s, obuf, 2);
- break;
- case CUDA_SET_TIME:
- ti = (((uint32_t)data[1]) << 24) + (((uint32_t)data[2]) << 16) + (((uint32_t)data[3]) << 8) + data[4];
- s->tick_offset = ti - (qemu_get_clock_ns(vm_clock) / get_ticks_per_sec());
- obuf[0] = CUDA_PACKET;
- obuf[1] = 0;
- obuf[2] = 0;
- cuda_send_packet_to_host(s, obuf, 3);
- break;
- case CUDA_GET_TIME:
- ti = s->tick_offset + (qemu_get_clock_ns(vm_clock) / get_ticks_per_sec());
- obuf[0] = CUDA_PACKET;
- obuf[1] = 0;
- obuf[2] = 0;
- obuf[3] = ti >> 24;
- obuf[4] = ti >> 16;
- obuf[5] = ti >> 8;
- obuf[6] = ti;
- cuda_send_packet_to_host(s, obuf, 7);
- break;
- case CUDA_FILE_SERVER_FLAG:
- case CUDA_SET_DEVICE_LIST:
- case CUDA_SET_AUTO_RATE:
- case CUDA_SET_POWER_MESSAGES:
- obuf[0] = CUDA_PACKET;
- obuf[1] = 0;
- cuda_send_packet_to_host(s, obuf, 2);
- break;
- case CUDA_POWERDOWN:
- obuf[0] = CUDA_PACKET;
- obuf[1] = 0;
- cuda_send_packet_to_host(s, obuf, 2);
- qemu_system_shutdown_request();
- break;
- case CUDA_RESET_SYSTEM:
- obuf[0] = CUDA_PACKET;
- obuf[1] = 0;
- cuda_send_packet_to_host(s, obuf, 2);
- qemu_system_reset_request();
- break;
- default:
- break;
- }
-}
-
-static void cuda_receive_packet_from_host(CUDAState *s,
- const uint8_t *data, int len)
-{
-#ifdef DEBUG_CUDA_PACKET
- {
- int i;
- printf("cuda_receive_packet_from_host:\n");
- for(i = 0; i < len; i++)
- printf(" %02x", data[i]);
- printf("\n");
- }
-#endif
- switch(data[0]) {
- case ADB_PACKET:
- {
- uint8_t obuf[ADB_MAX_OUT_LEN + 2];
- int olen;
- olen = adb_request(&adb_bus, obuf + 2, data + 1, len - 1);
- if (olen > 0) {
- obuf[0] = ADB_PACKET;
- obuf[1] = 0x00;
- } else {
- /* error */
- obuf[0] = ADB_PACKET;
- obuf[1] = -olen;
- olen = 0;
- }
- cuda_send_packet_to_host(s, obuf, olen + 2);
- }
- break;
- case CUDA_PACKET:
- cuda_receive_packet(s, data + 1, len - 1);
- break;
- }
-}
-
-static void cuda_writew (void *opaque, hwaddr addr, uint32_t value)
-{
-}
-
-static void cuda_writel (void *opaque, hwaddr addr, uint32_t value)
-{
-}
-
-static uint32_t cuda_readw (void *opaque, hwaddr addr)
-{
- return 0;
-}
-
-static uint32_t cuda_readl (void *opaque, hwaddr addr)
-{
- return 0;
-}
-
-static const MemoryRegionOps cuda_ops = {
- .old_mmio = {
- .write = {
- cuda_writeb,
- cuda_writew,
- cuda_writel,
- },
- .read = {
- cuda_readb,
- cuda_readw,
- cuda_readl,
- },
- },
- .endianness = DEVICE_NATIVE_ENDIAN,
-};
-
-static bool cuda_timer_exist(void *opaque, int version_id)
-{
- CUDATimer *s = opaque;
-
- return s->timer != NULL;
-}
-
-static const VMStateDescription vmstate_cuda_timer = {
- .name = "cuda_timer",
- .version_id = 0,
- .minimum_version_id = 0,
- .minimum_version_id_old = 0,
- .fields = (VMStateField[]) {
- VMSTATE_UINT16(latch, CUDATimer),
- VMSTATE_UINT16(counter_value, CUDATimer),
- VMSTATE_INT64(load_time, CUDATimer),
- VMSTATE_INT64(next_irq_time, CUDATimer),
- VMSTATE_TIMER_TEST(timer, CUDATimer, cuda_timer_exist),
- VMSTATE_END_OF_LIST()
- }
-};
-
-static const VMStateDescription vmstate_cuda = {
- .name = "cuda",
- .version_id = 1,
- .minimum_version_id = 1,
- .minimum_version_id_old = 1,
- .fields = (VMStateField[]) {
- VMSTATE_UINT8(a, CUDAState),
- VMSTATE_UINT8(b, CUDAState),
- VMSTATE_UINT8(dira, CUDAState),
- VMSTATE_UINT8(dirb, CUDAState),
- VMSTATE_UINT8(sr, CUDAState),
- VMSTATE_UINT8(acr, CUDAState),
- VMSTATE_UINT8(pcr, CUDAState),
- VMSTATE_UINT8(ifr, CUDAState),
- VMSTATE_UINT8(ier, CUDAState),
- VMSTATE_UINT8(anh, CUDAState),
- VMSTATE_INT32(data_in_size, CUDAState),
- VMSTATE_INT32(data_in_index, CUDAState),
- VMSTATE_INT32(data_out_index, CUDAState),
- VMSTATE_UINT8(autopoll, CUDAState),
- VMSTATE_BUFFER(data_in, CUDAState),
- VMSTATE_BUFFER(data_out, CUDAState),
- VMSTATE_UINT32(tick_offset, CUDAState),
- VMSTATE_STRUCT_ARRAY(timers, CUDAState, 2, 1,
- vmstate_cuda_timer, CUDATimer),
- VMSTATE_END_OF_LIST()
- }
-};
-
-static void cuda_reset(void *opaque)
-{
- CUDAState *s = opaque;
-
- s->b = 0;
- s->a = 0;
- s->dirb = 0;
- s->dira = 0;
- s->sr = 0;
- s->acr = 0;
- s->pcr = 0;
- s->ifr = 0;
- s->ier = 0;
- // s->ier = T1_INT | SR_INT;
- s->anh = 0;
- s->data_in_size = 0;
- s->data_in_index = 0;
- s->data_out_index = 0;
- s->autopoll = 0;
-
- s->timers[0].latch = 0xffff;
- set_counter(s, &s->timers[0], 0xffff);
-
- s->timers[1].latch = 0;
- set_counter(s, &s->timers[1], 0xffff);
-}
-
-void cuda_init (MemoryRegion **cuda_mem, qemu_irq irq)
-{
- struct tm tm;
- CUDAState *s = &cuda_state;
-
- s->irq = irq;
-
- s->timers[0].index = 0;
- s->timers[0].timer = qemu_new_timer_ns(vm_clock, cuda_timer1, s);
-
- s->timers[1].index = 1;
-
- qemu_get_timedate(&tm, 0);
- s->tick_offset = (uint32_t)mktimegm(&tm) + RTC_OFFSET;
-
- s->adb_poll_timer = qemu_new_timer_ns(vm_clock, cuda_adb_poll, s);
- memory_region_init_io(&s->mem, &cuda_ops, s, "cuda", 0x2000);
-
- *cuda_mem = &s->mem;
- vmstate_register(NULL, -1, &vmstate_cuda, s);
- qemu_register_reset(cuda_reset, s);
-}
diff --git a/hw/debugcon.c b/hw/debugcon.c
deleted file mode 100644
index 14ab326be..000000000
--- a/hw/debugcon.c
+++ /dev/null
@@ -1,117 +0,0 @@
-/*
- * QEMU Bochs-style debug console ("port E9") emulation
- *
- * Copyright (c) 2003-2004 Fabrice Bellard
- * Copyright (c) 2008 Citrix Systems, Inc.
- * Copyright (c) Intel Corporation; author: H. Peter Anvin
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
- * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
- * THE SOFTWARE.
- */
-
-#include "hw.h"
-#include "qemu-char.h"
-#include "isa.h"
-#include "pc.h"
-
-//#define DEBUG_DEBUGCON
-
-typedef struct DebugconState {
- CharDriverState *chr;
- uint32_t readback;
-} DebugconState;
-
-typedef struct ISADebugconState {
- ISADevice dev;
- uint32_t iobase;
- DebugconState state;
-} ISADebugconState;
-
-static void debugcon_ioport_write(void *opaque, uint32_t addr, uint32_t val)
-{
- DebugconState *s = opaque;
- unsigned char ch = val;
-
-#ifdef DEBUG_DEBUGCON
- printf("debugcon: write addr=0x%04x val=0x%02x\n", addr, val);
-#endif
-
- qemu_chr_fe_write(s->chr, &ch, 1);
-}
-
-
-static uint32_t debugcon_ioport_read(void *opaque, uint32_t addr)
-{
- DebugconState *s = opaque;
-
-#ifdef DEBUG_DEBUGCON
- printf("debugcon: read addr=0x%04x\n", addr);
-#endif
-
- return s->readback;
-}
-
-static void debugcon_init_core(DebugconState *s)
-{
- if (!s->chr) {
- fprintf(stderr, "Can't create debugcon device, empty char device\n");
- exit(1);
- }
-
- qemu_chr_add_handlers(s->chr, NULL, NULL, NULL, s);
-}
-
-static int debugcon_isa_initfn(ISADevice *dev)
-{
- ISADebugconState *isa = DO_UPCAST(ISADebugconState, dev, dev);
- DebugconState *s = &isa->state;
-
- debugcon_init_core(s);
- register_ioport_write(isa->iobase, 1, 1, debugcon_ioport_write, s);
- register_ioport_read(isa->iobase, 1, 1, debugcon_ioport_read, s);
- return 0;
-}
-
-static Property debugcon_isa_properties[] = {
- DEFINE_PROP_HEX32("iobase", ISADebugconState, iobase, 0xe9),
- DEFINE_PROP_CHR("chardev", ISADebugconState, state.chr),
- DEFINE_PROP_HEX32("readback", ISADebugconState, state.readback, 0xe9),
- DEFINE_PROP_END_OF_LIST(),
-};
-
-static void debugcon_isa_class_initfn(ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS(klass);
- ISADeviceClass *ic = ISA_DEVICE_CLASS(klass);
- ic->init = debugcon_isa_initfn;
- dc->props = debugcon_isa_properties;
-}
-
-static TypeInfo debugcon_isa_info = {
- .name = "isa-debugcon",
- .parent = TYPE_ISA_DEVICE,
- .instance_size = sizeof(ISADebugconState),
- .class_init = debugcon_isa_class_initfn,
-};
-
-static void debugcon_register_types(void)
-{
- type_register_static(&debugcon_isa_info);
-}
-
-type_init(debugcon_register_types)
diff --git a/hw/dec_pci.c b/hw/dec_pci.c
deleted file mode 100644
index c30ade38b..000000000
--- a/hw/dec_pci.c
+++ /dev/null
@@ -1,151 +0,0 @@
-/*
- * QEMU DEC 21154 PCI bridge
- *
- * Copyright (c) 2006-2007 Fabrice Bellard
- * Copyright (c) 2007 Jocelyn Mayer
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
- * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
- * THE SOFTWARE.
- */
-
-#include "dec_pci.h"
-#include "sysbus.h"
-#include "pci.h"
-#include "pci_host.h"
-#include "pci_bridge.h"
-#include "pci_internals.h"
-
-/* debug DEC */
-//#define DEBUG_DEC
-
-#ifdef DEBUG_DEC
-#define DEC_DPRINTF(fmt, ...) \
- do { printf("DEC: " fmt , ## __VA_ARGS__); } while (0)
-#else
-#define DEC_DPRINTF(fmt, ...)
-#endif
-
-#define DEC_21154(obj) OBJECT_CHECK(DECState, (obj), TYPE_DEC_21154)
-
-typedef struct DECState {
- PCIHostState parent_obj;
-} DECState;
-
-static int dec_map_irq(PCIDevice *pci_dev, int irq_num)
-{
- return irq_num;
-}
-
-static void dec_21154_pci_bridge_class_init(ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS(klass);
- PCIDeviceClass *k = PCI_DEVICE_CLASS(klass);
-
- k->init = pci_bridge_initfn;
- k->exit = pci_bridge_exitfn;
- k->vendor_id = PCI_VENDOR_ID_DEC;
- k->device_id = PCI_DEVICE_ID_DEC_21154;
- k->config_write = pci_bridge_write_config;
- k->is_bridge = 1;
- dc->desc = "DEC 21154 PCI-PCI bridge";
- dc->reset = pci_bridge_reset;
- dc->vmsd = &vmstate_pci_device;
-}
-
-static const TypeInfo dec_21154_pci_bridge_info = {
- .name = "dec-21154-p2p-bridge",
- .parent = TYPE_PCI_DEVICE,
- .instance_size = sizeof(PCIBridge),
- .class_init = dec_21154_pci_bridge_class_init,
-};
-
-PCIBus *pci_dec_21154_init(PCIBus *parent_bus, int devfn)
-{
- PCIDevice *dev;
- PCIBridge *br;
-
- dev = pci_create_multifunction(parent_bus, devfn, false,
- "dec-21154-p2p-bridge");
- br = DO_UPCAST(PCIBridge, dev, dev);
- pci_bridge_map_irq(br, "DEC 21154 PCI-PCI bridge", dec_map_irq);
- qdev_init_nofail(&dev->qdev);
- return pci_bridge_get_sec_bus(br);
-}
-
-static int pci_dec_21154_device_init(SysBusDevice *dev)
-{
- PCIHostState *phb;
-
- phb = PCI_HOST_BRIDGE(dev);
-
- memory_region_init_io(&phb->conf_mem, &pci_host_conf_le_ops,
- dev, "pci-conf-idx", 0x1000);
- memory_region_init_io(&phb->data_mem, &pci_host_data_le_ops,
- dev, "pci-data-idx", 0x1000);
- sysbus_init_mmio(dev, &phb->conf_mem);
- sysbus_init_mmio(dev, &phb->data_mem);
- return 0;
-}
-
-static int dec_21154_pci_host_init(PCIDevice *d)
-{
- /* PCI2PCI bridge same values as PearPC - check this */
- return 0;
-}
-
-static void dec_21154_pci_host_class_init(ObjectClass *klass, void *data)
-{
- PCIDeviceClass *k = PCI_DEVICE_CLASS(klass);
-
- k->init = dec_21154_pci_host_init;
- k->vendor_id = PCI_VENDOR_ID_DEC;
- k->device_id = PCI_DEVICE_ID_DEC_21154;
- k->revision = 0x02;
- k->class_id = PCI_CLASS_BRIDGE_PCI;
- k->is_bridge = 1;
-}
-
-static const TypeInfo dec_21154_pci_host_info = {
- .name = "dec-21154",
- .parent = TYPE_PCI_DEVICE,
- .instance_size = sizeof(PCIDevice),
- .class_init = dec_21154_pci_host_class_init,
-};
-
-static void pci_dec_21154_device_class_init(ObjectClass *klass, void *data)
-{
- SysBusDeviceClass *sdc = SYS_BUS_DEVICE_CLASS(klass);
-
- sdc->init = pci_dec_21154_device_init;
-}
-
-static const TypeInfo pci_dec_21154_device_info = {
- .name = TYPE_DEC_21154,
- .parent = TYPE_PCI_HOST_BRIDGE,
- .instance_size = sizeof(DECState),
- .class_init = pci_dec_21154_device_class_init,
-};
-
-static void dec_register_types(void)
-{
- type_register_static(&pci_dec_21154_device_info);
- type_register_static(&dec_21154_pci_host_info);
- type_register_static(&dec_21154_pci_bridge_info);
-}
-
-type_init(dec_register_types)
diff --git a/hw/device-hotplug.c b/hw/device-hotplug.c
deleted file mode 100644
index eec0fe314..000000000
--- a/hw/device-hotplug.c
+++ /dev/null
@@ -1,92 +0,0 @@
-/*
- * QEMU device hotplug helpers
- *
- * Copyright (c) 2004 Fabrice Bellard
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
- * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
- * THE SOFTWARE.
- */
-
-#include "hw.h"
-#include "boards.h"
-#include "net.h"
-#include "blockdev.h"
-#include "qemu-config.h"
-#include "sysemu.h"
-#include "monitor.h"
-
-DriveInfo *add_init_drive(const char *optstr)
-{
- DriveInfo *dinfo;
- QemuOpts *opts;
-
- opts = drive_def(optstr);
- if (!opts)
- return NULL;
-
- dinfo = drive_init(opts, current_machine->use_scsi);
- if (!dinfo) {
- qemu_opts_del(opts);
- return NULL;
- }
-
- return dinfo;
-}
-
-#if !defined(TARGET_I386)
-int pci_drive_hot_add(Monitor *mon, const QDict *qdict,
- DriveInfo *dinfo, int type)
-{
- /* On non-x86 we don't do PCI hotplug */
- monitor_printf(mon, "Can't hot-add drive to type %d\n", type);
- return -1;
-}
-#endif
-
-void drive_hot_add(Monitor *mon, const QDict *qdict)
-{
- int type;
- DriveInfo *dinfo = NULL;
- const char *opts = qdict_get_str(qdict, "opts");
-
- dinfo = add_init_drive(opts);
- if (!dinfo) {
- goto err;
- }
- if (dinfo->devaddr) {
- monitor_printf(mon, "Parameter addr not supported\n");
- goto err;
- }
- type = dinfo->type;
-
- switch (type) {
- case IF_NONE:
- monitor_printf(mon, "OK\n");
- break;
- default:
- if (pci_drive_hot_add(mon, qdict, dinfo, type)) {
- goto err;
- }
- }
- return;
-
-err:
- if (dinfo) {
- drive_put_ref(dinfo);
- }
-}
diff --git a/hw/devices.h b/hw/devices.h
deleted file mode 100644
index c60bcabae..000000000
--- a/hw/devices.h
+++ /dev/null
@@ -1,70 +0,0 @@
-#ifndef QEMU_DEVICES_H
-#define QEMU_DEVICES_H
-
-#include "hw/irq.h"
-
-/* ??? Not all users of this file can include cpu-common.h. */
-struct MemoryRegion;
-
-/* Devices that have nowhere better to go. */
-
-/* smc91c111.c */
-void smc91c111_init(NICInfo *, uint32_t, qemu_irq);
-
-/* lan9118.c */
-void lan9118_init(NICInfo *, uint32_t, qemu_irq);
-
-/* tsc210x.c */
-uWireSlave *tsc2102_init(qemu_irq pint);
-uWireSlave *tsc2301_init(qemu_irq penirq, qemu_irq kbirq, qemu_irq dav);
-I2SCodec *tsc210x_codec(uWireSlave *chip);
-uint32_t tsc210x_txrx(void *opaque, uint32_t value, int len);
-void tsc210x_set_transform(uWireSlave *chip,
- MouseTransformInfo *info);
-void tsc210x_key_event(uWireSlave *chip, int key, int down);
-
-/* tsc2005.c */
-void *tsc2005_init(qemu_irq pintdav);
-uint32_t tsc2005_txrx(void *opaque, uint32_t value, int len);
-void tsc2005_set_transform(void *opaque, MouseTransformInfo *info);
-
-/* stellaris_input.c */
-void stellaris_gamepad_init(int n, qemu_irq *irq, const int *keycode);
-
-/* blizzard.c */
-void *s1d13745_init(qemu_irq gpio_int);
-void s1d13745_write(void *opaque, int dc, uint16_t value);
-void s1d13745_write_block(void *opaque, int dc,
- void *buf, size_t len, int pitch);
-uint16_t s1d13745_read(void *opaque, int dc);
-
-/* cbus.c */
-typedef struct {
- qemu_irq clk;
- qemu_irq dat;
- qemu_irq sel;
-} CBus;
-CBus *cbus_init(qemu_irq dat_out);
-void cbus_attach(CBus *bus, void *slave_opaque);
-
-void *retu_init(qemu_irq irq, int vilma);
-void *tahvo_init(qemu_irq irq, int betty);
-
-void retu_key_event(void *retu, int state);
-
-/* tc6393xb.c */
-typedef struct TC6393xbState TC6393xbState;
-#define TC6393XB_RAM 0x110000 /* amount of ram for Video and USB */
-TC6393xbState *tc6393xb_init(struct MemoryRegion *sysmem,
- uint32_t base, qemu_irq irq);
-void tc6393xb_gpio_out_set(TC6393xbState *s, int line,
- qemu_irq handler);
-qemu_irq *tc6393xb_gpio_in_get(TC6393xbState *s);
-qemu_irq tc6393xb_l3v_get(TC6393xbState *s);
-
-/* sm501.c */
-void sm501_init(struct MemoryRegion *address_space_mem, uint32_t base,
- uint32_t local_mem_bytes, qemu_irq irq,
- CharDriverState *chr);
-
-#endif
diff --git a/hw/display/Makefile.objs b/hw/display/Makefile.objs
new file mode 100644
index 000000000..6e9fb3b69
--- /dev/null
+++ b/hw/display/Makefile.objs
@@ -0,0 +1,35 @@
+common-obj-$(CONFIG_ADS7846) += ads7846.o
+common-obj-$(CONFIG_VGA_CIRRUS) += cirrus_vga.o
+common-obj-$(CONFIG_G364FB) += g364fb.o
+common-obj-$(CONFIG_JAZZ_LED) += jazz_led.o
+common-obj-$(CONFIG_PL110) += pl110.o
+common-obj-$(CONFIG_SSD0303) += ssd0303.o
+common-obj-$(CONFIG_SSD0323) += ssd0323.o
+common-obj-$(CONFIG_XEN_BACKEND) += xenfb.o
+
+common-obj-$(CONFIG_VGA_PCI) += vga-pci.o
+common-obj-$(CONFIG_VGA_ISA) += vga-isa.o
+common-obj-$(CONFIG_VGA_ISA_MM) += vga-isa-mm.o
+common-obj-$(CONFIG_VMWARE_VGA) += vmware_vga.o
+
+common-obj-$(CONFIG_BLIZZARD) += blizzard.o
+common-obj-$(CONFIG_EXYNOS4) += exynos4210_fimd.o
+common-obj-$(CONFIG_FRAMEBUFFER) += framebuffer.o
+common-obj-$(CONFIG_MILKYMIST) += milkymist-vgafb.o
+common-obj-$(CONFIG_ZAURUS) += tc6393xb.o
+
+ifeq ($(CONFIG_MILKYMIST_TMU2),y)
+common-obj-y += milkymist-tmu2.o
+libs_softmmu += $(GLX_LIBS)
+endif
+
+obj-$(CONFIG_OMAP) += omap_dss.o
+obj-$(CONFIG_OMAP) += omap_lcdc.o
+obj-$(CONFIG_PXA2XX) += pxa2xx_lcd.o
+obj-$(CONFIG_SM501) += sm501.o
+obj-$(CONFIG_TCX) += tcx.o
+
+obj-$(CONFIG_VGA) += vga.o
+
+common-obj-$(CONFIG_QXL) += qxl-logger.o qxl-render.o
+obj-$(CONFIG_QXL) += qxl.o
diff --git a/hw/display/ads7846.c b/hw/display/ads7846.c
new file mode 100644
index 000000000..5da3dc5b2
--- /dev/null
+++ b/hw/display/ads7846.c
@@ -0,0 +1,177 @@
+/*
+ * TI ADS7846 / TSC2046 chip emulation.
+ *
+ * Copyright (c) 2006 Openedhand Ltd.
+ * Written by Andrzej Zaborowski <balrog@zabor.org>
+ *
+ * This code is licensed under the GNU GPL v2.
+ *
+ * Contributions after 2012-01-13 are licensed under the terms of the
+ * GNU GPL, version 2 or (at your option) any later version.
+ */
+
+#include "hw/ssi.h"
+#include "ui/console.h"
+
+typedef struct {
+ SSISlave ssidev;
+ qemu_irq interrupt;
+
+ int input[8];
+ int pressure;
+ int noise;
+
+ int cycle;
+ int output;
+} ADS7846State;
+
+/* Control-byte bitfields */
+#define CB_PD0 (1 << 0)
+#define CB_PD1 (1 << 1)
+#define CB_SER (1 << 2)
+#define CB_MODE (1 << 3)
+#define CB_A0 (1 << 4)
+#define CB_A1 (1 << 5)
+#define CB_A2 (1 << 6)
+#define CB_START (1 << 7)
+
+#define X_AXIS_DMAX 3470
+#define X_AXIS_MIN 290
+#define Y_AXIS_DMAX 3450
+#define Y_AXIS_MIN 200
+
+#define ADS_VBAT 2000
+#define ADS_VAUX 2000
+#define ADS_TEMP0 2000
+#define ADS_TEMP1 3000
+#define ADS_XPOS(x, y) (X_AXIS_MIN + ((X_AXIS_DMAX * (x)) >> 15))
+#define ADS_YPOS(x, y) (Y_AXIS_MIN + ((Y_AXIS_DMAX * (y)) >> 15))
+#define ADS_Z1POS(x, y) 600
+#define ADS_Z2POS(x, y) (600 + 6000 / ADS_XPOS(x, y))
+
+static void ads7846_int_update(ADS7846State *s)
+{
+ if (s->interrupt)
+ qemu_set_irq(s->interrupt, s->pressure == 0);
+}
+
+static uint32_t ads7846_transfer(SSISlave *dev, uint32_t value)
+{
+ ADS7846State *s = FROM_SSI_SLAVE(ADS7846State, dev);
+
+ switch (s->cycle ++) {
+ case 0:
+ if (!(value & CB_START)) {
+ s->cycle = 0;
+ break;
+ }
+
+ s->output = s->input[(value >> 4) & 7];
+
+ /* Imitate the ADC noise, some drivers expect this. */
+ s->noise = (s->noise + 3) & 7;
+ switch ((value >> 4) & 7) {
+ case 1: s->output += s->noise ^ 2; break;
+ case 3: s->output += s->noise ^ 0; break;
+ case 4: s->output += s->noise ^ 7; break;
+ case 5: s->output += s->noise ^ 5; break;
+ }
+
+ if (value & CB_MODE)
+ s->output >>= 4; /* 8 bits instead of 12 */
+
+ break;
+ case 1:
+ s->cycle = 0;
+ break;
+ }
+ return s->output;
+}
+
+static void ads7846_ts_event(void *opaque,
+ int x, int y, int z, int buttons_state)
+{
+ ADS7846State *s = opaque;
+
+ if (buttons_state) {
+ x = 0x7fff - x;
+ s->input[1] = ADS_XPOS(x, y);
+ s->input[3] = ADS_Z1POS(x, y);
+ s->input[4] = ADS_Z2POS(x, y);
+ s->input[5] = ADS_YPOS(x, y);
+ }
+
+ if (s->pressure == !buttons_state) {
+ s->pressure = !!buttons_state;
+
+ ads7846_int_update(s);
+ }
+}
+
+static int ads7856_post_load(void *opaque, int version_id)
+{
+ ADS7846State *s = opaque;
+
+ s->pressure = 0;
+ ads7846_int_update(s);
+ return 0;
+}
+
+static const VMStateDescription vmstate_ads7846 = {
+ .name = "ads7846",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .minimum_version_id_old = 1,
+ .post_load = ads7856_post_load,
+ .fields = (VMStateField[]) {
+ VMSTATE_SSI_SLAVE(ssidev, ADS7846State),
+ VMSTATE_INT32_ARRAY(input, ADS7846State, 8),
+ VMSTATE_INT32(noise, ADS7846State),
+ VMSTATE_INT32(cycle, ADS7846State),
+ VMSTATE_INT32(output, ADS7846State),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+static int ads7846_init(SSISlave *dev)
+{
+ ADS7846State *s = FROM_SSI_SLAVE(ADS7846State, dev);
+
+ qdev_init_gpio_out(&dev->qdev, &s->interrupt, 1);
+
+ s->input[0] = ADS_TEMP0; /* TEMP0 */
+ s->input[2] = ADS_VBAT; /* VBAT */
+ s->input[6] = ADS_VAUX; /* VAUX */
+ s->input[7] = ADS_TEMP1; /* TEMP1 */
+
+ /* We want absolute coordinates */
+ qemu_add_mouse_event_handler(ads7846_ts_event, s, 1,
+ "QEMU ADS7846-driven Touchscreen");
+
+ ads7846_int_update(s);
+
+ vmstate_register(NULL, -1, &vmstate_ads7846, s);
+ return 0;
+}
+
+static void ads7846_class_init(ObjectClass *klass, void *data)
+{
+ SSISlaveClass *k = SSI_SLAVE_CLASS(klass);
+
+ k->init = ads7846_init;
+ k->transfer = ads7846_transfer;
+}
+
+static const TypeInfo ads7846_info = {
+ .name = "ads7846",
+ .parent = TYPE_SSI_SLAVE,
+ .instance_size = sizeof(ADS7846State),
+ .class_init = ads7846_class_init,
+};
+
+static void ads7846_register_types(void)
+{
+ type_register_static(&ads7846_info);
+}
+
+type_init(ads7846_register_types)
diff --git a/hw/display/blizzard.c b/hw/display/blizzard.c
new file mode 100644
index 000000000..4a466c832
--- /dev/null
+++ b/hw/display/blizzard.c
@@ -0,0 +1,995 @@
+/*
+ * Epson S1D13744/S1D13745 (Blizzard/Hailstorm/Tornado) LCD/TV controller.
+ *
+ * Copyright (C) 2008 Nokia Corporation
+ * Written by Andrzej Zaborowski <andrew@openedhand.com>
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License as
+ * published by the Free Software Foundation; either version 2 or
+ * (at your option) version 3 of the License.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "qemu-common.h"
+#include "ui/console.h"
+#include "hw/devices.h"
+#include "vga_int.h"
+#include "ui/pixel_ops.h"
+
+typedef void (*blizzard_fn_t)(uint8_t *, const uint8_t *, unsigned int);
+
+typedef struct {
+ uint8_t reg;
+ uint32_t addr;
+ int swallow;
+
+ int pll;
+ int pll_range;
+ int pll_ctrl;
+ uint8_t pll_mode;
+ uint8_t clksel;
+ int memenable;
+ int memrefresh;
+ uint8_t timing[3];
+ int priority;
+
+ uint8_t lcd_config;
+ int x;
+ int y;
+ int skipx;
+ int skipy;
+ uint8_t hndp;
+ uint8_t vndp;
+ uint8_t hsync;
+ uint8_t vsync;
+ uint8_t pclk;
+ uint8_t u;
+ uint8_t v;
+ uint8_t yrc[2];
+ int ix[2];
+ int iy[2];
+ int ox[2];
+ int oy[2];
+
+ int enable;
+ int blank;
+ int bpp;
+ int invalidate;
+ int mx[2];
+ int my[2];
+ uint8_t mode;
+ uint8_t effect;
+ uint8_t iformat;
+ uint8_t source;
+ QemuConsole *con;
+ blizzard_fn_t *line_fn_tab[2];
+ void *fb;
+
+ uint8_t hssi_config[3];
+ uint8_t tv_config;
+ uint8_t tv_timing[4];
+ uint8_t vbi;
+ uint8_t tv_x;
+ uint8_t tv_y;
+ uint8_t tv_test;
+ uint8_t tv_filter_config;
+ uint8_t tv_filter_idx;
+ uint8_t tv_filter_coeff[0x20];
+ uint8_t border_r;
+ uint8_t border_g;
+ uint8_t border_b;
+ uint8_t gamma_config;
+ uint8_t gamma_idx;
+ uint8_t gamma_lut[0x100];
+ uint8_t matrix_ena;
+ uint8_t matrix_coeff[0x12];
+ uint8_t matrix_r;
+ uint8_t matrix_g;
+ uint8_t matrix_b;
+ uint8_t pm;
+ uint8_t status;
+ uint8_t rgbgpio_dir;
+ uint8_t rgbgpio;
+ uint8_t gpio_dir;
+ uint8_t gpio;
+ uint8_t gpio_edge[2];
+ uint8_t gpio_irq;
+ uint8_t gpio_pdown;
+
+ struct {
+ int x;
+ int y;
+ int dx;
+ int dy;
+ int len;
+ int buflen;
+ void *buf;
+ void *data;
+ uint16_t *ptr;
+ int angle;
+ int pitch;
+ blizzard_fn_t line_fn;
+ } data;
+} BlizzardState;
+
+/* Bytes(!) per pixel */
+static const int blizzard_iformat_bpp[0x10] = {
+ 0,
+ 2, /* RGB 5:6:5*/
+ 3, /* RGB 6:6:6 mode 1 */
+ 3, /* RGB 8:8:8 mode 1 */
+ 0, 0,
+ 4, /* RGB 6:6:6 mode 2 */
+ 4, /* RGB 8:8:8 mode 2 */
+ 0, /* YUV 4:2:2 */
+ 0, /* YUV 4:2:0 */
+ 0, 0, 0, 0, 0, 0,
+};
+
+static inline void blizzard_rgb2yuv(int r, int g, int b,
+ int *y, int *u, int *v)
+{
+ *y = 0x10 + ((0x838 * r + 0x1022 * g + 0x322 * b) >> 13);
+ *u = 0x80 + ((0xe0e * b - 0x04c1 * r - 0x94e * g) >> 13);
+ *v = 0x80 + ((0xe0e * r - 0x0bc7 * g - 0x247 * b) >> 13);
+}
+
+static void blizzard_window(BlizzardState *s)
+{
+ DisplaySurface *surface = qemu_console_surface(s->con);
+ uint8_t *src, *dst;
+ int bypp[2];
+ int bypl[3];
+ int y;
+ blizzard_fn_t fn = s->data.line_fn;
+
+ if (!fn)
+ return;
+ if (s->mx[0] > s->data.x)
+ s->mx[0] = s->data.x;
+ if (s->my[0] > s->data.y)
+ s->my[0] = s->data.y;
+ if (s->mx[1] < s->data.x + s->data.dx)
+ s->mx[1] = s->data.x + s->data.dx;
+ if (s->my[1] < s->data.y + s->data.dy)
+ s->my[1] = s->data.y + s->data.dy;
+
+ bypp[0] = s->bpp;
+ bypp[1] = surface_bytes_per_pixel(surface);
+ bypl[0] = bypp[0] * s->data.pitch;
+ bypl[1] = bypp[1] * s->x;
+ bypl[2] = bypp[0] * s->data.dx;
+
+ src = s->data.data;
+ dst = s->fb + bypl[1] * s->data.y + bypp[1] * s->data.x;
+ for (y = s->data.dy; y > 0; y --, src += bypl[0], dst += bypl[1])
+ fn(dst, src, bypl[2]);
+}
+
+static int blizzard_transfer_setup(BlizzardState *s)
+{
+ if (s->source > 3 || !s->bpp ||
+ s->ix[1] < s->ix[0] || s->iy[1] < s->iy[0])
+ return 0;
+
+ s->data.angle = s->effect & 3;
+ s->data.line_fn = s->line_fn_tab[!!s->data.angle][s->iformat];
+ s->data.x = s->ix[0];
+ s->data.y = s->iy[0];
+ s->data.dx = s->ix[1] - s->ix[0] + 1;
+ s->data.dy = s->iy[1] - s->iy[0] + 1;
+ s->data.len = s->bpp * s->data.dx * s->data.dy;
+ s->data.pitch = s->data.dx;
+ if (s->data.len > s->data.buflen) {
+ s->data.buf = g_realloc(s->data.buf, s->data.len);
+ s->data.buflen = s->data.len;
+ }
+ s->data.ptr = s->data.buf;
+ s->data.data = s->data.buf;
+ s->data.len /= 2;
+ return 1;
+}
+
+static void blizzard_reset(BlizzardState *s)
+{
+ s->reg = 0;
+ s->swallow = 0;
+
+ s->pll = 9;
+ s->pll_range = 1;
+ s->pll_ctrl = 0x14;
+ s->pll_mode = 0x32;
+ s->clksel = 0x00;
+ s->memenable = 0;
+ s->memrefresh = 0x25c;
+ s->timing[0] = 0x3f;
+ s->timing[1] = 0x13;
+ s->timing[2] = 0x21;
+ s->priority = 0;
+
+ s->lcd_config = 0x74;
+ s->x = 8;
+ s->y = 1;
+ s->skipx = 0;
+ s->skipy = 0;
+ s->hndp = 3;
+ s->vndp = 2;
+ s->hsync = 1;
+ s->vsync = 1;
+ s->pclk = 0x80;
+
+ s->ix[0] = 0;
+ s->ix[1] = 0;
+ s->iy[0] = 0;
+ s->iy[1] = 0;
+ s->ox[0] = 0;
+ s->ox[1] = 0;
+ s->oy[0] = 0;
+ s->oy[1] = 0;
+
+ s->yrc[0] = 0x00;
+ s->yrc[1] = 0x30;
+ s->u = 0;
+ s->v = 0;
+
+ s->iformat = 3;
+ s->source = 0;
+ s->bpp = blizzard_iformat_bpp[s->iformat];
+
+ s->hssi_config[0] = 0x00;
+ s->hssi_config[1] = 0x00;
+ s->hssi_config[2] = 0x01;
+ s->tv_config = 0x00;
+ s->tv_timing[0] = 0x00;
+ s->tv_timing[1] = 0x00;
+ s->tv_timing[2] = 0x00;
+ s->tv_timing[3] = 0x00;
+ s->vbi = 0x10;
+ s->tv_x = 0x14;
+ s->tv_y = 0x03;
+ s->tv_test = 0x00;
+ s->tv_filter_config = 0x80;
+ s->tv_filter_idx = 0x00;
+ s->border_r = 0x10;
+ s->border_g = 0x80;
+ s->border_b = 0x80;
+ s->gamma_config = 0x00;
+ s->gamma_idx = 0x00;
+ s->matrix_ena = 0x00;
+ memset(&s->matrix_coeff, 0, sizeof(s->matrix_coeff));
+ s->matrix_r = 0x00;
+ s->matrix_g = 0x00;
+ s->matrix_b = 0x00;
+ s->pm = 0x02;
+ s->status = 0x00;
+ s->rgbgpio_dir = 0x00;
+ s->gpio_dir = 0x00;
+ s->gpio_edge[0] = 0x00;
+ s->gpio_edge[1] = 0x00;
+ s->gpio_irq = 0x00;
+ s->gpio_pdown = 0xff;
+}
+
+static inline void blizzard_invalidate_display(void *opaque) {
+ BlizzardState *s = (BlizzardState *) opaque;
+
+ s->invalidate = 1;
+}
+
+static uint16_t blizzard_reg_read(void *opaque, uint8_t reg)
+{
+ BlizzardState *s = (BlizzardState *) opaque;
+
+ switch (reg) {
+ case 0x00: /* Revision Code */
+ return 0xa5;
+
+ case 0x02: /* Configuration Readback */
+ return 0x83; /* Macrovision OK, CNF[2:0] = 3 */
+
+ case 0x04: /* PLL M-Divider */
+ return (s->pll - 1) | (1 << 7);
+ case 0x06: /* PLL Lock Range Control */
+ return s->pll_range;
+ case 0x08: /* PLL Lock Synthesis Control 0 */
+ return s->pll_ctrl & 0xff;
+ case 0x0a: /* PLL Lock Synthesis Control 1 */
+ return s->pll_ctrl >> 8;
+ case 0x0c: /* PLL Mode Control 0 */
+ return s->pll_mode;
+
+ case 0x0e: /* Clock-Source Select */
+ return s->clksel;
+
+ case 0x10: /* Memory Controller Activate */
+ case 0x14: /* Memory Controller Bank 0 Status Flag */
+ return s->memenable;
+
+ case 0x18: /* Auto-Refresh Interval Setting 0 */
+ return s->memrefresh & 0xff;
+ case 0x1a: /* Auto-Refresh Interval Setting 1 */
+ return s->memrefresh >> 8;
+
+ case 0x1c: /* Power-On Sequence Timing Control */
+ return s->timing[0];
+ case 0x1e: /* Timing Control 0 */
+ return s->timing[1];
+ case 0x20: /* Timing Control 1 */
+ return s->timing[2];
+
+ case 0x24: /* Arbitration Priority Control */
+ return s->priority;
+
+ case 0x28: /* LCD Panel Configuration */
+ return s->lcd_config;
+
+ case 0x2a: /* LCD Horizontal Display Width */
+ return s->x >> 3;
+ case 0x2c: /* LCD Horizontal Non-display Period */
+ return s->hndp;
+ case 0x2e: /* LCD Vertical Display Height 0 */
+ return s->y & 0xff;
+ case 0x30: /* LCD Vertical Display Height 1 */
+ return s->y >> 8;
+ case 0x32: /* LCD Vertical Non-display Period */
+ return s->vndp;
+ case 0x34: /* LCD HS Pulse-width */
+ return s->hsync;
+ case 0x36: /* LCd HS Pulse Start Position */
+ return s->skipx >> 3;
+ case 0x38: /* LCD VS Pulse-width */
+ return s->vsync;
+ case 0x3a: /* LCD VS Pulse Start Position */
+ return s->skipy;
+
+ case 0x3c: /* PCLK Polarity */
+ return s->pclk;
+
+ case 0x3e: /* High-speed Serial Interface Tx Configuration Port 0 */
+ return s->hssi_config[0];
+ case 0x40: /* High-speed Serial Interface Tx Configuration Port 1 */
+ return s->hssi_config[1];
+ case 0x42: /* High-speed Serial Interface Tx Mode */
+ return s->hssi_config[2];
+ case 0x44: /* TV Display Configuration */
+ return s->tv_config;
+ case 0x46 ... 0x4c: /* TV Vertical Blanking Interval Data bits */
+ return s->tv_timing[(reg - 0x46) >> 1];
+ case 0x4e: /* VBI: Closed Caption / XDS Control / Status */
+ return s->vbi;
+ case 0x50: /* TV Horizontal Start Position */
+ return s->tv_x;
+ case 0x52: /* TV Vertical Start Position */
+ return s->tv_y;
+ case 0x54: /* TV Test Pattern Setting */
+ return s->tv_test;
+ case 0x56: /* TV Filter Setting */
+ return s->tv_filter_config;
+ case 0x58: /* TV Filter Coefficient Index */
+ return s->tv_filter_idx;
+ case 0x5a: /* TV Filter Coefficient Data */
+ if (s->tv_filter_idx < 0x20)
+ return s->tv_filter_coeff[s->tv_filter_idx ++];
+ return 0;
+
+ case 0x60: /* Input YUV/RGB Translate Mode 0 */
+ return s->yrc[0];
+ case 0x62: /* Input YUV/RGB Translate Mode 1 */
+ return s->yrc[1];
+ case 0x64: /* U Data Fix */
+ return s->u;
+ case 0x66: /* V Data Fix */
+ return s->v;
+
+ case 0x68: /* Display Mode */
+ return s->mode;
+
+ case 0x6a: /* Special Effects */
+ return s->effect;
+
+ case 0x6c: /* Input Window X Start Position 0 */
+ return s->ix[0] & 0xff;
+ case 0x6e: /* Input Window X Start Position 1 */
+ return s->ix[0] >> 3;
+ case 0x70: /* Input Window Y Start Position 0 */
+ return s->ix[0] & 0xff;
+ case 0x72: /* Input Window Y Start Position 1 */
+ return s->ix[0] >> 3;
+ case 0x74: /* Input Window X End Position 0 */
+ return s->ix[1] & 0xff;
+ case 0x76: /* Input Window X End Position 1 */
+ return s->ix[1] >> 3;
+ case 0x78: /* Input Window Y End Position 0 */
+ return s->ix[1] & 0xff;
+ case 0x7a: /* Input Window Y End Position 1 */
+ return s->ix[1] >> 3;
+ case 0x7c: /* Output Window X Start Position 0 */
+ return s->ox[0] & 0xff;
+ case 0x7e: /* Output Window X Start Position 1 */
+ return s->ox[0] >> 3;
+ case 0x80: /* Output Window Y Start Position 0 */
+ return s->oy[0] & 0xff;
+ case 0x82: /* Output Window Y Start Position 1 */
+ return s->oy[0] >> 3;
+ case 0x84: /* Output Window X End Position 0 */
+ return s->ox[1] & 0xff;
+ case 0x86: /* Output Window X End Position 1 */
+ return s->ox[1] >> 3;
+ case 0x88: /* Output Window Y End Position 0 */
+ return s->oy[1] & 0xff;
+ case 0x8a: /* Output Window Y End Position 1 */
+ return s->oy[1] >> 3;
+
+ case 0x8c: /* Input Data Format */
+ return s->iformat;
+ case 0x8e: /* Data Source Select */
+ return s->source;
+ case 0x90: /* Display Memory Data Port */
+ return 0;
+
+ case 0xa8: /* Border Color 0 */
+ return s->border_r;
+ case 0xaa: /* Border Color 1 */
+ return s->border_g;
+ case 0xac: /* Border Color 2 */
+ return s->border_b;
+
+ case 0xb4: /* Gamma Correction Enable */
+ return s->gamma_config;
+ case 0xb6: /* Gamma Correction Table Index */
+ return s->gamma_idx;
+ case 0xb8: /* Gamma Correction Table Data */
+ return s->gamma_lut[s->gamma_idx ++];
+
+ case 0xba: /* 3x3 Matrix Enable */
+ return s->matrix_ena;
+ case 0xbc ... 0xde: /* Coefficient Registers */
+ return s->matrix_coeff[(reg - 0xbc) >> 1];
+ case 0xe0: /* 3x3 Matrix Red Offset */
+ return s->matrix_r;
+ case 0xe2: /* 3x3 Matrix Green Offset */
+ return s->matrix_g;
+ case 0xe4: /* 3x3 Matrix Blue Offset */
+ return s->matrix_b;
+
+ case 0xe6: /* Power-save */
+ return s->pm;
+ case 0xe8: /* Non-display Period Control / Status */
+ return s->status | (1 << 5);
+ case 0xea: /* RGB Interface Control */
+ return s->rgbgpio_dir;
+ case 0xec: /* RGB Interface Status */
+ return s->rgbgpio;
+ case 0xee: /* General-purpose IO Pins Configuration */
+ return s->gpio_dir;
+ case 0xf0: /* General-purpose IO Pins Status / Control */
+ return s->gpio;
+ case 0xf2: /* GPIO Positive Edge Interrupt Trigger */
+ return s->gpio_edge[0];
+ case 0xf4: /* GPIO Negative Edge Interrupt Trigger */
+ return s->gpio_edge[1];
+ case 0xf6: /* GPIO Interrupt Status */
+ return s->gpio_irq;
+ case 0xf8: /* GPIO Pull-down Control */
+ return s->gpio_pdown;
+
+ default:
+ fprintf(stderr, "%s: unknown register %02x\n", __FUNCTION__, reg);
+ return 0;
+ }
+}
+
+static void blizzard_reg_write(void *opaque, uint8_t reg, uint16_t value)
+{
+ BlizzardState *s = (BlizzardState *) opaque;
+
+ switch (reg) {
+ case 0x04: /* PLL M-Divider */
+ s->pll = (value & 0x3f) + 1;
+ break;
+ case 0x06: /* PLL Lock Range Control */
+ s->pll_range = value & 3;
+ break;
+ case 0x08: /* PLL Lock Synthesis Control 0 */
+ s->pll_ctrl &= 0xf00;
+ s->pll_ctrl |= (value << 0) & 0x0ff;
+ break;
+ case 0x0a: /* PLL Lock Synthesis Control 1 */
+ s->pll_ctrl &= 0x0ff;
+ s->pll_ctrl |= (value << 8) & 0xf00;
+ break;
+ case 0x0c: /* PLL Mode Control 0 */
+ s->pll_mode = value & 0x77;
+ if ((value & 3) == 0 || (value & 3) == 3)
+ fprintf(stderr, "%s: wrong PLL Control bits (%i)\n",
+ __FUNCTION__, value & 3);
+ break;
+
+ case 0x0e: /* Clock-Source Select */
+ s->clksel = value & 0xff;
+ break;
+
+ case 0x10: /* Memory Controller Activate */
+ s->memenable = value & 1;
+ break;
+ case 0x14: /* Memory Controller Bank 0 Status Flag */
+ break;
+
+ case 0x18: /* Auto-Refresh Interval Setting 0 */
+ s->memrefresh &= 0xf00;
+ s->memrefresh |= (value << 0) & 0x0ff;
+ break;
+ case 0x1a: /* Auto-Refresh Interval Setting 1 */
+ s->memrefresh &= 0x0ff;
+ s->memrefresh |= (value << 8) & 0xf00;
+ break;
+
+ case 0x1c: /* Power-On Sequence Timing Control */
+ s->timing[0] = value & 0x7f;
+ break;
+ case 0x1e: /* Timing Control 0 */
+ s->timing[1] = value & 0x17;
+ break;
+ case 0x20: /* Timing Control 1 */
+ s->timing[2] = value & 0x35;
+ break;
+
+ case 0x24: /* Arbitration Priority Control */
+ s->priority = value & 1;
+ break;
+
+ case 0x28: /* LCD Panel Configuration */
+ s->lcd_config = value & 0xff;
+ if (value & (1 << 7))
+ fprintf(stderr, "%s: data swap not supported!\n", __FUNCTION__);
+ break;
+
+ case 0x2a: /* LCD Horizontal Display Width */
+ s->x = value << 3;
+ break;
+ case 0x2c: /* LCD Horizontal Non-display Period */
+ s->hndp = value & 0xff;
+ break;
+ case 0x2e: /* LCD Vertical Display Height 0 */
+ s->y &= 0x300;
+ s->y |= (value << 0) & 0x0ff;
+ break;
+ case 0x30: /* LCD Vertical Display Height 1 */
+ s->y &= 0x0ff;
+ s->y |= (value << 8) & 0x300;
+ break;
+ case 0x32: /* LCD Vertical Non-display Period */
+ s->vndp = value & 0xff;
+ break;
+ case 0x34: /* LCD HS Pulse-width */
+ s->hsync = value & 0xff;
+ break;
+ case 0x36: /* LCD HS Pulse Start Position */
+ s->skipx = value & 0xff;
+ break;
+ case 0x38: /* LCD VS Pulse-width */
+ s->vsync = value & 0xbf;
+ break;
+ case 0x3a: /* LCD VS Pulse Start Position */
+ s->skipy = value & 0xff;
+ break;
+
+ case 0x3c: /* PCLK Polarity */
+ s->pclk = value & 0x82;
+ /* Affects calculation of s->hndp, s->hsync and s->skipx. */
+ break;
+
+ case 0x3e: /* High-speed Serial Interface Tx Configuration Port 0 */
+ s->hssi_config[0] = value;
+ break;
+ case 0x40: /* High-speed Serial Interface Tx Configuration Port 1 */
+ s->hssi_config[1] = value;
+ if (((value >> 4) & 3) == 3)
+ fprintf(stderr, "%s: Illegal active-data-links value\n",
+ __FUNCTION__);
+ break;
+ case 0x42: /* High-speed Serial Interface Tx Mode */
+ s->hssi_config[2] = value & 0xbd;
+ break;
+
+ case 0x44: /* TV Display Configuration */
+ s->tv_config = value & 0xfe;
+ break;
+ case 0x46 ... 0x4c: /* TV Vertical Blanking Interval Data bits 0 */
+ s->tv_timing[(reg - 0x46) >> 1] = value;
+ break;
+ case 0x4e: /* VBI: Closed Caption / XDS Control / Status */
+ s->vbi = value;
+ break;
+ case 0x50: /* TV Horizontal Start Position */
+ s->tv_x = value;
+ break;
+ case 0x52: /* TV Vertical Start Position */
+ s->tv_y = value & 0x7f;
+ break;
+ case 0x54: /* TV Test Pattern Setting */
+ s->tv_test = value;
+ break;
+ case 0x56: /* TV Filter Setting */
+ s->tv_filter_config = value & 0xbf;
+ break;
+ case 0x58: /* TV Filter Coefficient Index */
+ s->tv_filter_idx = value & 0x1f;
+ break;
+ case 0x5a: /* TV Filter Coefficient Data */
+ if (s->tv_filter_idx < 0x20)
+ s->tv_filter_coeff[s->tv_filter_idx ++] = value;
+ break;
+
+ case 0x60: /* Input YUV/RGB Translate Mode 0 */
+ s->yrc[0] = value & 0xb0;
+ break;
+ case 0x62: /* Input YUV/RGB Translate Mode 1 */
+ s->yrc[1] = value & 0x30;
+ break;
+ case 0x64: /* U Data Fix */
+ s->u = value & 0xff;
+ break;
+ case 0x66: /* V Data Fix */
+ s->v = value & 0xff;
+ break;
+
+ case 0x68: /* Display Mode */
+ if ((s->mode ^ value) & 3)
+ s->invalidate = 1;
+ s->mode = value & 0xb7;
+ s->enable = value & 1;
+ s->blank = (value >> 1) & 1;
+ if (value & (1 << 4))
+ fprintf(stderr, "%s: Macrovision enable attempt!\n", __FUNCTION__);
+ break;
+
+ case 0x6a: /* Special Effects */
+ s->effect = value & 0xfb;
+ break;
+
+ case 0x6c: /* Input Window X Start Position 0 */
+ s->ix[0] &= 0x300;
+ s->ix[0] |= (value << 0) & 0x0ff;
+ break;
+ case 0x6e: /* Input Window X Start Position 1 */
+ s->ix[0] &= 0x0ff;
+ s->ix[0] |= (value << 8) & 0x300;
+ break;
+ case 0x70: /* Input Window Y Start Position 0 */
+ s->iy[0] &= 0x300;
+ s->iy[0] |= (value << 0) & 0x0ff;
+ break;
+ case 0x72: /* Input Window Y Start Position 1 */
+ s->iy[0] &= 0x0ff;
+ s->iy[0] |= (value << 8) & 0x300;
+ break;
+ case 0x74: /* Input Window X End Position 0 */
+ s->ix[1] &= 0x300;
+ s->ix[1] |= (value << 0) & 0x0ff;
+ break;
+ case 0x76: /* Input Window X End Position 1 */
+ s->ix[1] &= 0x0ff;
+ s->ix[1] |= (value << 8) & 0x300;
+ break;
+ case 0x78: /* Input Window Y End Position 0 */
+ s->iy[1] &= 0x300;
+ s->iy[1] |= (value << 0) & 0x0ff;
+ break;
+ case 0x7a: /* Input Window Y End Position 1 */
+ s->iy[1] &= 0x0ff;
+ s->iy[1] |= (value << 8) & 0x300;
+ break;
+ case 0x7c: /* Output Window X Start Position 0 */
+ s->ox[0] &= 0x300;
+ s->ox[0] |= (value << 0) & 0x0ff;
+ break;
+ case 0x7e: /* Output Window X Start Position 1 */
+ s->ox[0] &= 0x0ff;
+ s->ox[0] |= (value << 8) & 0x300;
+ break;
+ case 0x80: /* Output Window Y Start Position 0 */
+ s->oy[0] &= 0x300;
+ s->oy[0] |= (value << 0) & 0x0ff;
+ break;
+ case 0x82: /* Output Window Y Start Position 1 */
+ s->oy[0] &= 0x0ff;
+ s->oy[0] |= (value << 8) & 0x300;
+ break;
+ case 0x84: /* Output Window X End Position 0 */
+ s->ox[1] &= 0x300;
+ s->ox[1] |= (value << 0) & 0x0ff;
+ break;
+ case 0x86: /* Output Window X End Position 1 */
+ s->ox[1] &= 0x0ff;
+ s->ox[1] |= (value << 8) & 0x300;
+ break;
+ case 0x88: /* Output Window Y End Position 0 */
+ s->oy[1] &= 0x300;
+ s->oy[1] |= (value << 0) & 0x0ff;
+ break;
+ case 0x8a: /* Output Window Y End Position 1 */
+ s->oy[1] &= 0x0ff;
+ s->oy[1] |= (value << 8) & 0x300;
+ break;
+
+ case 0x8c: /* Input Data Format */
+ s->iformat = value & 0xf;
+ s->bpp = blizzard_iformat_bpp[s->iformat];
+ if (!s->bpp)
+ fprintf(stderr, "%s: Illegal or unsupported input format %x\n",
+ __FUNCTION__, s->iformat);
+ break;
+ case 0x8e: /* Data Source Select */
+ s->source = value & 7;
+ /* Currently all windows will be "destructive overlays". */
+ if ((!(s->effect & (1 << 3)) && (s->ix[0] != s->ox[0] ||
+ s->iy[0] != s->oy[0] ||
+ s->ix[1] != s->ox[1] ||
+ s->iy[1] != s->oy[1])) ||
+ !((s->ix[1] - s->ix[0]) & (s->iy[1] - s->iy[0]) &
+ (s->ox[1] - s->ox[0]) & (s->oy[1] - s->oy[0]) & 1))
+ fprintf(stderr, "%s: Illegal input/output window positions\n",
+ __FUNCTION__);
+
+ blizzard_transfer_setup(s);
+ break;
+
+ case 0x90: /* Display Memory Data Port */
+ if (!s->data.len && !blizzard_transfer_setup(s))
+ break;
+
+ *s->data.ptr ++ = value;
+ if (-- s->data.len == 0)
+ blizzard_window(s);
+ break;
+
+ case 0xa8: /* Border Color 0 */
+ s->border_r = value;
+ break;
+ case 0xaa: /* Border Color 1 */
+ s->border_g = value;
+ break;
+ case 0xac: /* Border Color 2 */
+ s->border_b = value;
+ break;
+
+ case 0xb4: /* Gamma Correction Enable */
+ s->gamma_config = value & 0x87;
+ break;
+ case 0xb6: /* Gamma Correction Table Index */
+ s->gamma_idx = value;
+ break;
+ case 0xb8: /* Gamma Correction Table Data */
+ s->gamma_lut[s->gamma_idx ++] = value;
+ break;
+
+ case 0xba: /* 3x3 Matrix Enable */
+ s->matrix_ena = value & 1;
+ break;
+ case 0xbc ... 0xde: /* Coefficient Registers */
+ s->matrix_coeff[(reg - 0xbc) >> 1] = value & ((reg & 2) ? 0x80 : 0xff);
+ break;
+ case 0xe0: /* 3x3 Matrix Red Offset */
+ s->matrix_r = value;
+ break;
+ case 0xe2: /* 3x3 Matrix Green Offset */
+ s->matrix_g = value;
+ break;
+ case 0xe4: /* 3x3 Matrix Blue Offset */
+ s->matrix_b = value;
+ break;
+
+ case 0xe6: /* Power-save */
+ s->pm = value & 0x83;
+ if (value & s->mode & 1)
+ fprintf(stderr, "%s: The display must be disabled before entering "
+ "Standby Mode\n", __FUNCTION__);
+ break;
+ case 0xe8: /* Non-display Period Control / Status */
+ s->status = value & 0x1b;
+ break;
+ case 0xea: /* RGB Interface Control */
+ s->rgbgpio_dir = value & 0x8f;
+ break;
+ case 0xec: /* RGB Interface Status */
+ s->rgbgpio = value & 0xcf;
+ break;
+ case 0xee: /* General-purpose IO Pins Configuration */
+ s->gpio_dir = value;
+ break;
+ case 0xf0: /* General-purpose IO Pins Status / Control */
+ s->gpio = value;
+ break;
+ case 0xf2: /* GPIO Positive Edge Interrupt Trigger */
+ s->gpio_edge[0] = value;
+ break;
+ case 0xf4: /* GPIO Negative Edge Interrupt Trigger */
+ s->gpio_edge[1] = value;
+ break;
+ case 0xf6: /* GPIO Interrupt Status */
+ s->gpio_irq &= value;
+ break;
+ case 0xf8: /* GPIO Pull-down Control */
+ s->gpio_pdown = value;
+ break;
+
+ default:
+ fprintf(stderr, "%s: unknown register %02x\n", __FUNCTION__, reg);
+ break;
+ }
+}
+
+uint16_t s1d13745_read(void *opaque, int dc)
+{
+ BlizzardState *s = (BlizzardState *) opaque;
+ uint16_t value = blizzard_reg_read(s, s->reg);
+
+ if (s->swallow -- > 0)
+ return 0;
+ if (dc)
+ s->reg ++;
+
+ return value;
+}
+
+void s1d13745_write(void *opaque, int dc, uint16_t value)
+{
+ BlizzardState *s = (BlizzardState *) opaque;
+
+ if (s->swallow -- > 0)
+ return;
+ if (dc) {
+ blizzard_reg_write(s, s->reg, value);
+
+ if (s->reg != 0x90 && s->reg != 0x5a && s->reg != 0xb8)
+ s->reg += 2;
+ } else
+ s->reg = value & 0xff;
+}
+
+void s1d13745_write_block(void *opaque, int dc,
+ void *buf, size_t len, int pitch)
+{
+ BlizzardState *s = (BlizzardState *) opaque;
+
+ while (len > 0) {
+ if (s->reg == 0x90 && dc &&
+ (s->data.len || blizzard_transfer_setup(s)) &&
+ len >= (s->data.len << 1)) {
+ len -= s->data.len << 1;
+ s->data.len = 0;
+ s->data.data = buf;
+ if (pitch)
+ s->data.pitch = pitch;
+ blizzard_window(s);
+ s->data.data = s->data.buf;
+ continue;
+ }
+
+ s1d13745_write(opaque, dc, *(uint16_t *) buf);
+ len -= 2;
+ buf += 2;
+ }
+}
+
+static void blizzard_update_display(void *opaque)
+{
+ BlizzardState *s = (BlizzardState *) opaque;
+ DisplaySurface *surface = qemu_console_surface(s->con);
+ int y, bypp, bypl, bwidth;
+ uint8_t *src, *dst;
+
+ if (!s->enable)
+ return;
+
+ if (s->x != surface_width(surface) || s->y != surface_height(surface)) {
+ s->invalidate = 1;
+ qemu_console_resize(s->con, s->x, s->y);
+ surface = qemu_console_surface(s->con);
+ }
+
+ if (s->invalidate) {
+ s->invalidate = 0;
+
+ if (s->blank) {
+ bypp = surface_bytes_per_pixel(surface);
+ memset(surface_data(surface), 0, bypp * s->x * s->y);
+ return;
+ }
+
+ s->mx[0] = 0;
+ s->mx[1] = s->x;
+ s->my[0] = 0;
+ s->my[1] = s->y;
+ }
+
+ if (s->mx[1] <= s->mx[0])
+ return;
+
+ bypp = surface_bytes_per_pixel(surface);
+ bypl = bypp * s->x;
+ bwidth = bypp * (s->mx[1] - s->mx[0]);
+ y = s->my[0];
+ src = s->fb + bypl * y + bypp * s->mx[0];
+ dst = surface_data(surface) + bypl * y + bypp * s->mx[0];
+ for (; y < s->my[1]; y ++, src += bypl, dst += bypl)
+ memcpy(dst, src, bwidth);
+
+ dpy_gfx_update(s->con, s->mx[0], s->my[0],
+ s->mx[1] - s->mx[0], y - s->my[0]);
+
+ s->mx[0] = s->x;
+ s->mx[1] = 0;
+ s->my[0] = s->y;
+ s->my[1] = 0;
+}
+
+#define DEPTH 8
+#include "blizzard_template.h"
+#define DEPTH 15
+#include "blizzard_template.h"
+#define DEPTH 16
+#include "blizzard_template.h"
+#define DEPTH 24
+#include "blizzard_template.h"
+#define DEPTH 32
+#include "blizzard_template.h"
+
+static const GraphicHwOps blizzard_ops = {
+ .invalidate = blizzard_invalidate_display,
+ .gfx_update = blizzard_update_display,
+};
+
+void *s1d13745_init(qemu_irq gpio_int)
+{
+ BlizzardState *s = (BlizzardState *) g_malloc0(sizeof(*s));
+ DisplaySurface *surface;
+
+ s->fb = g_malloc(0x180000);
+
+ s->con = graphic_console_init(NULL, &blizzard_ops, s);
+ surface = qemu_console_surface(s->con);
+
+ switch (surface_bits_per_pixel(surface)) {
+ case 0:
+ s->line_fn_tab[0] = s->line_fn_tab[1] =
+ g_malloc0(sizeof(blizzard_fn_t) * 0x10);
+ break;
+ case 8:
+ s->line_fn_tab[0] = blizzard_draw_fn_8;
+ s->line_fn_tab[1] = blizzard_draw_fn_r_8;
+ break;
+ case 15:
+ s->line_fn_tab[0] = blizzard_draw_fn_15;
+ s->line_fn_tab[1] = blizzard_draw_fn_r_15;
+ break;
+ case 16:
+ s->line_fn_tab[0] = blizzard_draw_fn_16;
+ s->line_fn_tab[1] = blizzard_draw_fn_r_16;
+ break;
+ case 24:
+ s->line_fn_tab[0] = blizzard_draw_fn_24;
+ s->line_fn_tab[1] = blizzard_draw_fn_r_24;
+ break;
+ case 32:
+ s->line_fn_tab[0] = blizzard_draw_fn_32;
+ s->line_fn_tab[1] = blizzard_draw_fn_r_32;
+ break;
+ default:
+ fprintf(stderr, "%s: Bad color depth\n", __FUNCTION__);
+ exit(1);
+ }
+
+ blizzard_reset(s);
+
+ return s;
+}
diff --git a/hw/display/blizzard_template.h b/hw/display/blizzard_template.h
new file mode 100644
index 000000000..a8a889947
--- /dev/null
+++ b/hw/display/blizzard_template.h
@@ -0,0 +1,136 @@
+/*
+ * QEMU Epson S1D13744/S1D13745 templates
+ *
+ * Copyright (C) 2008 Nokia Corporation
+ * Written by Andrzej Zaborowski <andrew@openedhand.com>
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License as
+ * published by the Free Software Foundation; either version 2 or
+ * (at your option) version 3 of the License.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#define SKIP_PIXEL(to) to += deststep
+#if DEPTH == 8
+# define PIXEL_TYPE uint8_t
+# define COPY_PIXEL(to, from) *to = from; SKIP_PIXEL(to)
+# define COPY_PIXEL1(to, from) *to ++ = from
+#elif DEPTH == 15 || DEPTH == 16
+# define PIXEL_TYPE uint16_t
+# define COPY_PIXEL(to, from) *to = from; SKIP_PIXEL(to)
+# define COPY_PIXEL1(to, from) *to ++ = from
+#elif DEPTH == 24
+# define PIXEL_TYPE uint8_t
+# define COPY_PIXEL(to, from) \
+ to[0] = from; to[1] = (from) >> 8; to[2] = (from) >> 16; SKIP_PIXEL(to)
+# define COPY_PIXEL1(to, from) \
+ *to ++ = from; *to ++ = (from) >> 8; *to ++ = (from) >> 16
+#elif DEPTH == 32
+# define PIXEL_TYPE uint32_t
+# define COPY_PIXEL(to, from) *to = from; SKIP_PIXEL(to)
+# define COPY_PIXEL1(to, from) *to ++ = from
+#else
+# error unknown bit depth
+#endif
+
+#ifdef HOST_WORDS_BIGENDIAN
+# define SWAP_WORDS 1
+#endif
+
+static void glue(blizzard_draw_line16_, DEPTH)(PIXEL_TYPE *dest,
+ const uint16_t *src, unsigned int width)
+{
+#if !defined(SWAP_WORDS) && DEPTH == 16
+ memcpy(dest, src, width);
+#else
+ uint16_t data;
+ unsigned int r, g, b;
+ const uint16_t *end = (const void *) src + width;
+ while (src < end) {
+ data = *src ++;
+ b = (data & 0x1f) << 3;
+ data >>= 5;
+ g = (data & 0x3f) << 2;
+ data >>= 6;
+ r = (data & 0x1f) << 3;
+ data >>= 5;
+ COPY_PIXEL1(dest, glue(rgb_to_pixel, DEPTH)(r, g, b));
+ }
+#endif
+}
+
+static void glue(blizzard_draw_line24mode1_, DEPTH)(PIXEL_TYPE *dest,
+ const uint8_t *src, unsigned int width)
+{
+ /* TODO: check if SDL 24-bit planes are not in the same format and
+ * if so, use memcpy */
+ unsigned int r[2], g[2], b[2];
+ const uint8_t *end = src + width;
+ while (src < end) {
+ g[0] = *src ++;
+ r[0] = *src ++;
+ r[1] = *src ++;
+ b[0] = *src ++;
+ COPY_PIXEL1(dest, glue(rgb_to_pixel, DEPTH)(r[0], g[0], b[0]));
+ b[1] = *src ++;
+ g[1] = *src ++;
+ COPY_PIXEL1(dest, glue(rgb_to_pixel, DEPTH)(r[1], g[1], b[1]));
+ }
+}
+
+static void glue(blizzard_draw_line24mode2_, DEPTH)(PIXEL_TYPE *dest,
+ const uint8_t *src, unsigned int width)
+{
+ unsigned int r, g, b;
+ const uint8_t *end = src + width;
+ while (src < end) {
+ r = *src ++;
+ src ++;
+ b = *src ++;
+ g = *src ++;
+ COPY_PIXEL1(dest, glue(rgb_to_pixel, DEPTH)(r, g, b));
+ }
+}
+
+/* No rotation */
+static blizzard_fn_t glue(blizzard_draw_fn_, DEPTH)[0x10] = {
+ NULL,
+ /* RGB 5:6:5*/
+ (blizzard_fn_t) glue(blizzard_draw_line16_, DEPTH),
+ /* RGB 6:6:6 mode 1 */
+ (blizzard_fn_t) glue(blizzard_draw_line24mode1_, DEPTH),
+ /* RGB 8:8:8 mode 1 */
+ (blizzard_fn_t) glue(blizzard_draw_line24mode1_, DEPTH),
+ NULL, NULL,
+ /* RGB 6:6:6 mode 2 */
+ (blizzard_fn_t) glue(blizzard_draw_line24mode2_, DEPTH),
+ /* RGB 8:8:8 mode 2 */
+ (blizzard_fn_t) glue(blizzard_draw_line24mode2_, DEPTH),
+ /* YUV 4:2:2 */
+ NULL,
+ /* YUV 4:2:0 */
+ NULL,
+ NULL, NULL, NULL, NULL, NULL, NULL,
+};
+
+/* 90deg, 180deg and 270deg rotation */
+static blizzard_fn_t glue(blizzard_draw_fn_r_, DEPTH)[0x10] = {
+ /* TODO */
+ [0 ... 0xf] = NULL,
+};
+
+#undef DEPTH
+#undef SKIP_PIXEL
+#undef COPY_PIXEL
+#undef COPY_PIXEL1
+#undef PIXEL_TYPE
+
+#undef SWAP_WORDS
diff --git a/hw/display/cirrus_vga.c b/hw/display/cirrus_vga.c
new file mode 100644
index 000000000..dbd1f4a47
--- /dev/null
+++ b/hw/display/cirrus_vga.c
@@ -0,0 +1,3025 @@
+/*
+ * QEMU Cirrus CLGD 54xx VGA Emulator.
+ *
+ * Copyright (c) 2004 Fabrice Bellard
+ * Copyright (c) 2004 Makoto Suzuki (suzu)
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+/*
+ * Reference: Finn Thogersons' VGADOC4b
+ * available at http://home.worldonline.dk/~finth/
+ */
+#include "hw/hw.h"
+#include "hw/pci/pci.h"
+#include "ui/console.h"
+#include "vga_int.h"
+#include "hw/loader.h"
+
+/*
+ * TODO:
+ * - destination write mask support not complete (bits 5..7)
+ * - optimize linear mappings
+ * - optimize bitblt functions
+ */
+
+//#define DEBUG_CIRRUS
+//#define DEBUG_BITBLT
+
+/***************************************
+ *
+ * definitions
+ *
+ ***************************************/
+
+// ID
+#define CIRRUS_ID_CLGD5422 (0x23<<2)
+#define CIRRUS_ID_CLGD5426 (0x24<<2)
+#define CIRRUS_ID_CLGD5424 (0x25<<2)
+#define CIRRUS_ID_CLGD5428 (0x26<<2)
+#define CIRRUS_ID_CLGD5430 (0x28<<2)
+#define CIRRUS_ID_CLGD5434 (0x2A<<2)
+#define CIRRUS_ID_CLGD5436 (0x2B<<2)
+#define CIRRUS_ID_CLGD5446 (0x2E<<2)
+
+// sequencer 0x07
+#define CIRRUS_SR7_BPP_VGA 0x00
+#define CIRRUS_SR7_BPP_SVGA 0x01
+#define CIRRUS_SR7_BPP_MASK 0x0e
+#define CIRRUS_SR7_BPP_8 0x00
+#define CIRRUS_SR7_BPP_16_DOUBLEVCLK 0x02
+#define CIRRUS_SR7_BPP_24 0x04
+#define CIRRUS_SR7_BPP_16 0x06
+#define CIRRUS_SR7_BPP_32 0x08
+#define CIRRUS_SR7_ISAADDR_MASK 0xe0
+
+// sequencer 0x0f
+#define CIRRUS_MEMSIZE_512k 0x08
+#define CIRRUS_MEMSIZE_1M 0x10
+#define CIRRUS_MEMSIZE_2M 0x18
+#define CIRRUS_MEMFLAGS_BANKSWITCH 0x80 // bank switching is enabled.
+
+// sequencer 0x12
+#define CIRRUS_CURSOR_SHOW 0x01
+#define CIRRUS_CURSOR_HIDDENPEL 0x02
+#define CIRRUS_CURSOR_LARGE 0x04 // 64x64 if set, 32x32 if clear
+
+// sequencer 0x17
+#define CIRRUS_BUSTYPE_VLBFAST 0x10
+#define CIRRUS_BUSTYPE_PCI 0x20
+#define CIRRUS_BUSTYPE_VLBSLOW 0x30
+#define CIRRUS_BUSTYPE_ISA 0x38
+#define CIRRUS_MMIO_ENABLE 0x04
+#define CIRRUS_MMIO_USE_PCIADDR 0x40 // 0xb8000 if cleared.
+#define CIRRUS_MEMSIZEEXT_DOUBLE 0x80
+
+// control 0x0b
+#define CIRRUS_BANKING_DUAL 0x01
+#define CIRRUS_BANKING_GRANULARITY_16K 0x20 // set:16k, clear:4k
+
+// control 0x30
+#define CIRRUS_BLTMODE_BACKWARDS 0x01
+#define CIRRUS_BLTMODE_MEMSYSDEST 0x02
+#define CIRRUS_BLTMODE_MEMSYSSRC 0x04
+#define CIRRUS_BLTMODE_TRANSPARENTCOMP 0x08
+#define CIRRUS_BLTMODE_PATTERNCOPY 0x40
+#define CIRRUS_BLTMODE_COLOREXPAND 0x80
+#define CIRRUS_BLTMODE_PIXELWIDTHMASK 0x30
+#define CIRRUS_BLTMODE_PIXELWIDTH8 0x00
+#define CIRRUS_BLTMODE_PIXELWIDTH16 0x10
+#define CIRRUS_BLTMODE_PIXELWIDTH24 0x20
+#define CIRRUS_BLTMODE_PIXELWIDTH32 0x30
+
+// control 0x31
+#define CIRRUS_BLT_BUSY 0x01
+#define CIRRUS_BLT_START 0x02
+#define CIRRUS_BLT_RESET 0x04
+#define CIRRUS_BLT_FIFOUSED 0x10
+#define CIRRUS_BLT_AUTOSTART 0x80
+
+// control 0x32
+#define CIRRUS_ROP_0 0x00
+#define CIRRUS_ROP_SRC_AND_DST 0x05
+#define CIRRUS_ROP_NOP 0x06
+#define CIRRUS_ROP_SRC_AND_NOTDST 0x09
+#define CIRRUS_ROP_NOTDST 0x0b
+#define CIRRUS_ROP_SRC 0x0d
+#define CIRRUS_ROP_1 0x0e
+#define CIRRUS_ROP_NOTSRC_AND_DST 0x50
+#define CIRRUS_ROP_SRC_XOR_DST 0x59
+#define CIRRUS_ROP_SRC_OR_DST 0x6d
+#define CIRRUS_ROP_NOTSRC_OR_NOTDST 0x90
+#define CIRRUS_ROP_SRC_NOTXOR_DST 0x95
+#define CIRRUS_ROP_SRC_OR_NOTDST 0xad
+#define CIRRUS_ROP_NOTSRC 0xd0
+#define CIRRUS_ROP_NOTSRC_OR_DST 0xd6
+#define CIRRUS_ROP_NOTSRC_AND_NOTDST 0xda
+
+#define CIRRUS_ROP_NOP_INDEX 2
+#define CIRRUS_ROP_SRC_INDEX 5
+
+// control 0x33
+#define CIRRUS_BLTMODEEXT_SOLIDFILL 0x04
+#define CIRRUS_BLTMODEEXT_COLOREXPINV 0x02
+#define CIRRUS_BLTMODEEXT_DWORDGRANULARITY 0x01
+
+// memory-mapped IO
+#define CIRRUS_MMIO_BLTBGCOLOR 0x00 // dword
+#define CIRRUS_MMIO_BLTFGCOLOR 0x04 // dword
+#define CIRRUS_MMIO_BLTWIDTH 0x08 // word
+#define CIRRUS_MMIO_BLTHEIGHT 0x0a // word
+#define CIRRUS_MMIO_BLTDESTPITCH 0x0c // word
+#define CIRRUS_MMIO_BLTSRCPITCH 0x0e // word
+#define CIRRUS_MMIO_BLTDESTADDR 0x10 // dword
+#define CIRRUS_MMIO_BLTSRCADDR 0x14 // dword
+#define CIRRUS_MMIO_BLTWRITEMASK 0x17 // byte
+#define CIRRUS_MMIO_BLTMODE 0x18 // byte
+#define CIRRUS_MMIO_BLTROP 0x1a // byte
+#define CIRRUS_MMIO_BLTMODEEXT 0x1b // byte
+#define CIRRUS_MMIO_BLTTRANSPARENTCOLOR 0x1c // word?
+#define CIRRUS_MMIO_BLTTRANSPARENTCOLORMASK 0x20 // word?
+#define CIRRUS_MMIO_LINEARDRAW_START_X 0x24 // word
+#define CIRRUS_MMIO_LINEARDRAW_START_Y 0x26 // word
+#define CIRRUS_MMIO_LINEARDRAW_END_X 0x28 // word
+#define CIRRUS_MMIO_LINEARDRAW_END_Y 0x2a // word
+#define CIRRUS_MMIO_LINEARDRAW_LINESTYLE_INC 0x2c // byte
+#define CIRRUS_MMIO_LINEARDRAW_LINESTYLE_ROLLOVER 0x2d // byte
+#define CIRRUS_MMIO_LINEARDRAW_LINESTYLE_MASK 0x2e // byte
+#define CIRRUS_MMIO_LINEARDRAW_LINESTYLE_ACCUM 0x2f // byte
+#define CIRRUS_MMIO_BRESENHAM_K1 0x30 // word
+#define CIRRUS_MMIO_BRESENHAM_K3 0x32 // word
+#define CIRRUS_MMIO_BRESENHAM_ERROR 0x34 // word
+#define CIRRUS_MMIO_BRESENHAM_DELTA_MAJOR 0x36 // word
+#define CIRRUS_MMIO_BRESENHAM_DIRECTION 0x38 // byte
+#define CIRRUS_MMIO_LINEDRAW_MODE 0x39 // byte
+#define CIRRUS_MMIO_BLTSTATUS 0x40 // byte
+
+#define CIRRUS_PNPMMIO_SIZE 0x1000
+
+#define BLTUNSAFE(s) \
+ ( \
+ ( /* check dst is within bounds */ \
+ (s)->cirrus_blt_height * ABS((s)->cirrus_blt_dstpitch) \
+ + ((s)->cirrus_blt_dstaddr & (s)->cirrus_addr_mask) > \
+ (s)->vga.vram_size \
+ ) || \
+ ( /* check src is within bounds */ \
+ (s)->cirrus_blt_height * ABS((s)->cirrus_blt_srcpitch) \
+ + ((s)->cirrus_blt_srcaddr & (s)->cirrus_addr_mask) > \
+ (s)->vga.vram_size \
+ ) \
+ )
+
+struct CirrusVGAState;
+typedef void (*cirrus_bitblt_rop_t) (struct CirrusVGAState *s,
+ uint8_t * dst, const uint8_t * src,
+ int dstpitch, int srcpitch,
+ int bltwidth, int bltheight);
+typedef void (*cirrus_fill_t)(struct CirrusVGAState *s,
+ uint8_t *dst, int dst_pitch, int width, int height);
+
+typedef struct CirrusVGAState {
+ VGACommonState vga;
+
+ MemoryRegion cirrus_vga_io;
+ MemoryRegion cirrus_linear_io;
+ MemoryRegion cirrus_linear_bitblt_io;
+ MemoryRegion cirrus_mmio_io;
+ MemoryRegion pci_bar;
+ bool linear_vram; /* vga.vram mapped over cirrus_linear_io */
+ MemoryRegion low_mem_container; /* container for 0xa0000-0xc0000 */
+ MemoryRegion low_mem; /* always mapped, overridden by: */
+ MemoryRegion cirrus_bank[2]; /* aliases at 0xa0000-0xb0000 */
+ uint32_t cirrus_addr_mask;
+ uint32_t linear_mmio_mask;
+ uint8_t cirrus_shadow_gr0;
+ uint8_t cirrus_shadow_gr1;
+ uint8_t cirrus_hidden_dac_lockindex;
+ uint8_t cirrus_hidden_dac_data;
+ uint32_t cirrus_bank_base[2];
+ uint32_t cirrus_bank_limit[2];
+ uint8_t cirrus_hidden_palette[48];
+ uint32_t hw_cursor_x;
+ uint32_t hw_cursor_y;
+ int cirrus_blt_pixelwidth;
+ int cirrus_blt_width;
+ int cirrus_blt_height;
+ int cirrus_blt_dstpitch;
+ int cirrus_blt_srcpitch;
+ uint32_t cirrus_blt_fgcol;
+ uint32_t cirrus_blt_bgcol;
+ uint32_t cirrus_blt_dstaddr;
+ uint32_t cirrus_blt_srcaddr;
+ uint8_t cirrus_blt_mode;
+ uint8_t cirrus_blt_modeext;
+ cirrus_bitblt_rop_t cirrus_rop;
+#define CIRRUS_BLTBUFSIZE (2048 * 4) /* one line width */
+ uint8_t cirrus_bltbuf[CIRRUS_BLTBUFSIZE];
+ uint8_t *cirrus_srcptr;
+ uint8_t *cirrus_srcptr_end;
+ uint32_t cirrus_srccounter;
+ /* hwcursor display state */
+ int last_hw_cursor_size;
+ int last_hw_cursor_x;
+ int last_hw_cursor_y;
+ int last_hw_cursor_y_start;
+ int last_hw_cursor_y_end;
+ int real_vram_size; /* XXX: suppress that */
+ int device_id;
+ int bustype;
+} CirrusVGAState;
+
+typedef struct PCICirrusVGAState {
+ PCIDevice dev;
+ CirrusVGAState cirrus_vga;
+} PCICirrusVGAState;
+
+#define TYPE_ISA_CIRRUS_VGA "isa-cirrus-vga"
+#define ISA_CIRRUS_VGA(obj) \
+ OBJECT_CHECK(ISACirrusVGAState, (obj), TYPE_ISA_CIRRUS_VGA)
+
+typedef struct ISACirrusVGAState {
+ ISADevice parent_obj;
+
+ CirrusVGAState cirrus_vga;
+} ISACirrusVGAState;
+
+static uint8_t rop_to_index[256];
+
+/***************************************
+ *
+ * prototypes.
+ *
+ ***************************************/
+
+
+static void cirrus_bitblt_reset(CirrusVGAState *s);
+static void cirrus_update_memory_access(CirrusVGAState *s);
+
+/***************************************
+ *
+ * raster operations
+ *
+ ***************************************/
+
+static void cirrus_bitblt_rop_nop(CirrusVGAState *s,
+ uint8_t *dst,const uint8_t *src,
+ int dstpitch,int srcpitch,
+ int bltwidth,int bltheight)
+{
+}
+
+static void cirrus_bitblt_fill_nop(CirrusVGAState *s,
+ uint8_t *dst,
+ int dstpitch, int bltwidth,int bltheight)
+{
+}
+
+#define ROP_NAME 0
+#define ROP_FN(d, s) 0
+#include "cirrus_vga_rop.h"
+
+#define ROP_NAME src_and_dst
+#define ROP_FN(d, s) (s) & (d)
+#include "cirrus_vga_rop.h"
+
+#define ROP_NAME src_and_notdst
+#define ROP_FN(d, s) (s) & (~(d))
+#include "cirrus_vga_rop.h"
+
+#define ROP_NAME notdst
+#define ROP_FN(d, s) ~(d)
+#include "cirrus_vga_rop.h"
+
+#define ROP_NAME src
+#define ROP_FN(d, s) s
+#include "cirrus_vga_rop.h"
+
+#define ROP_NAME 1
+#define ROP_FN(d, s) ~0
+#include "cirrus_vga_rop.h"
+
+#define ROP_NAME notsrc_and_dst
+#define ROP_FN(d, s) (~(s)) & (d)
+#include "cirrus_vga_rop.h"
+
+#define ROP_NAME src_xor_dst
+#define ROP_FN(d, s) (s) ^ (d)
+#include "cirrus_vga_rop.h"
+
+#define ROP_NAME src_or_dst
+#define ROP_FN(d, s) (s) | (d)
+#include "cirrus_vga_rop.h"
+
+#define ROP_NAME notsrc_or_notdst
+#define ROP_FN(d, s) (~(s)) | (~(d))
+#include "cirrus_vga_rop.h"
+
+#define ROP_NAME src_notxor_dst
+#define ROP_FN(d, s) ~((s) ^ (d))
+#include "cirrus_vga_rop.h"
+
+#define ROP_NAME src_or_notdst
+#define ROP_FN(d, s) (s) | (~(d))
+#include "cirrus_vga_rop.h"
+
+#define ROP_NAME notsrc
+#define ROP_FN(d, s) (~(s))
+#include "cirrus_vga_rop.h"
+
+#define ROP_NAME notsrc_or_dst
+#define ROP_FN(d, s) (~(s)) | (d)
+#include "cirrus_vga_rop.h"
+
+#define ROP_NAME notsrc_and_notdst
+#define ROP_FN(d, s) (~(s)) & (~(d))
+#include "cirrus_vga_rop.h"
+
+static const cirrus_bitblt_rop_t cirrus_fwd_rop[16] = {
+ cirrus_bitblt_rop_fwd_0,
+ cirrus_bitblt_rop_fwd_src_and_dst,
+ cirrus_bitblt_rop_nop,
+ cirrus_bitblt_rop_fwd_src_and_notdst,
+ cirrus_bitblt_rop_fwd_notdst,
+ cirrus_bitblt_rop_fwd_src,
+ cirrus_bitblt_rop_fwd_1,
+ cirrus_bitblt_rop_fwd_notsrc_and_dst,
+ cirrus_bitblt_rop_fwd_src_xor_dst,
+ cirrus_bitblt_rop_fwd_src_or_dst,
+ cirrus_bitblt_rop_fwd_notsrc_or_notdst,
+ cirrus_bitblt_rop_fwd_src_notxor_dst,
+ cirrus_bitblt_rop_fwd_src_or_notdst,
+ cirrus_bitblt_rop_fwd_notsrc,
+ cirrus_bitblt_rop_fwd_notsrc_or_dst,
+ cirrus_bitblt_rop_fwd_notsrc_and_notdst,
+};
+
+static const cirrus_bitblt_rop_t cirrus_bkwd_rop[16] = {
+ cirrus_bitblt_rop_bkwd_0,
+ cirrus_bitblt_rop_bkwd_src_and_dst,
+ cirrus_bitblt_rop_nop,
+ cirrus_bitblt_rop_bkwd_src_and_notdst,
+ cirrus_bitblt_rop_bkwd_notdst,
+ cirrus_bitblt_rop_bkwd_src,
+ cirrus_bitblt_rop_bkwd_1,
+ cirrus_bitblt_rop_bkwd_notsrc_and_dst,
+ cirrus_bitblt_rop_bkwd_src_xor_dst,
+ cirrus_bitblt_rop_bkwd_src_or_dst,
+ cirrus_bitblt_rop_bkwd_notsrc_or_notdst,
+ cirrus_bitblt_rop_bkwd_src_notxor_dst,
+ cirrus_bitblt_rop_bkwd_src_or_notdst,
+ cirrus_bitblt_rop_bkwd_notsrc,
+ cirrus_bitblt_rop_bkwd_notsrc_or_dst,
+ cirrus_bitblt_rop_bkwd_notsrc_and_notdst,
+};
+
+#define TRANSP_ROP(name) {\
+ name ## _8,\
+ name ## _16,\
+ }
+#define TRANSP_NOP(func) {\
+ func,\
+ func,\
+ }
+
+static const cirrus_bitblt_rop_t cirrus_fwd_transp_rop[16][2] = {
+ TRANSP_ROP(cirrus_bitblt_rop_fwd_transp_0),
+ TRANSP_ROP(cirrus_bitblt_rop_fwd_transp_src_and_dst),
+ TRANSP_NOP(cirrus_bitblt_rop_nop),
+ TRANSP_ROP(cirrus_bitblt_rop_fwd_transp_src_and_notdst),
+ TRANSP_ROP(cirrus_bitblt_rop_fwd_transp_notdst),
+ TRANSP_ROP(cirrus_bitblt_rop_fwd_transp_src),
+ TRANSP_ROP(cirrus_bitblt_rop_fwd_transp_1),
+ TRANSP_ROP(cirrus_bitblt_rop_fwd_transp_notsrc_and_dst),
+ TRANSP_ROP(cirrus_bitblt_rop_fwd_transp_src_xor_dst),
+ TRANSP_ROP(cirrus_bitblt_rop_fwd_transp_src_or_dst),
+ TRANSP_ROP(cirrus_bitblt_rop_fwd_transp_notsrc_or_notdst),
+ TRANSP_ROP(cirrus_bitblt_rop_fwd_transp_src_notxor_dst),
+ TRANSP_ROP(cirrus_bitblt_rop_fwd_transp_src_or_notdst),
+ TRANSP_ROP(cirrus_bitblt_rop_fwd_transp_notsrc),
+ TRANSP_ROP(cirrus_bitblt_rop_fwd_transp_notsrc_or_dst),
+ TRANSP_ROP(cirrus_bitblt_rop_fwd_transp_notsrc_and_notdst),
+};
+
+static const cirrus_bitblt_rop_t cirrus_bkwd_transp_rop[16][2] = {
+ TRANSP_ROP(cirrus_bitblt_rop_bkwd_transp_0),
+ TRANSP_ROP(cirrus_bitblt_rop_bkwd_transp_src_and_dst),
+ TRANSP_NOP(cirrus_bitblt_rop_nop),
+ TRANSP_ROP(cirrus_bitblt_rop_bkwd_transp_src_and_notdst),
+ TRANSP_ROP(cirrus_bitblt_rop_bkwd_transp_notdst),
+ TRANSP_ROP(cirrus_bitblt_rop_bkwd_transp_src),
+ TRANSP_ROP(cirrus_bitblt_rop_bkwd_transp_1),
+ TRANSP_ROP(cirrus_bitblt_rop_bkwd_transp_notsrc_and_dst),
+ TRANSP_ROP(cirrus_bitblt_rop_bkwd_transp_src_xor_dst),
+ TRANSP_ROP(cirrus_bitblt_rop_bkwd_transp_src_or_dst),
+ TRANSP_ROP(cirrus_bitblt_rop_bkwd_transp_notsrc_or_notdst),
+ TRANSP_ROP(cirrus_bitblt_rop_bkwd_transp_src_notxor_dst),
+ TRANSP_ROP(cirrus_bitblt_rop_bkwd_transp_src_or_notdst),
+ TRANSP_ROP(cirrus_bitblt_rop_bkwd_transp_notsrc),
+ TRANSP_ROP(cirrus_bitblt_rop_bkwd_transp_notsrc_or_dst),
+ TRANSP_ROP(cirrus_bitblt_rop_bkwd_transp_notsrc_and_notdst),
+};
+
+#define ROP2(name) {\
+ name ## _8,\
+ name ## _16,\
+ name ## _24,\
+ name ## _32,\
+ }
+
+#define ROP_NOP2(func) {\
+ func,\
+ func,\
+ func,\
+ func,\
+ }
+
+static const cirrus_bitblt_rop_t cirrus_patternfill[16][4] = {
+ ROP2(cirrus_patternfill_0),
+ ROP2(cirrus_patternfill_src_and_dst),
+ ROP_NOP2(cirrus_bitblt_rop_nop),
+ ROP2(cirrus_patternfill_src_and_notdst),
+ ROP2(cirrus_patternfill_notdst),
+ ROP2(cirrus_patternfill_src),
+ ROP2(cirrus_patternfill_1),
+ ROP2(cirrus_patternfill_notsrc_and_dst),
+ ROP2(cirrus_patternfill_src_xor_dst),
+ ROP2(cirrus_patternfill_src_or_dst),
+ ROP2(cirrus_patternfill_notsrc_or_notdst),
+ ROP2(cirrus_patternfill_src_notxor_dst),
+ ROP2(cirrus_patternfill_src_or_notdst),
+ ROP2(cirrus_patternfill_notsrc),
+ ROP2(cirrus_patternfill_notsrc_or_dst),
+ ROP2(cirrus_patternfill_notsrc_and_notdst),
+};
+
+static const cirrus_bitblt_rop_t cirrus_colorexpand_transp[16][4] = {
+ ROP2(cirrus_colorexpand_transp_0),
+ ROP2(cirrus_colorexpand_transp_src_and_dst),
+ ROP_NOP2(cirrus_bitblt_rop_nop),
+ ROP2(cirrus_colorexpand_transp_src_and_notdst),
+ ROP2(cirrus_colorexpand_transp_notdst),
+ ROP2(cirrus_colorexpand_transp_src),
+ ROP2(cirrus_colorexpand_transp_1),
+ ROP2(cirrus_colorexpand_transp_notsrc_and_dst),
+ ROP2(cirrus_colorexpand_transp_src_xor_dst),
+ ROP2(cirrus_colorexpand_transp_src_or_dst),
+ ROP2(cirrus_colorexpand_transp_notsrc_or_notdst),
+ ROP2(cirrus_colorexpand_transp_src_notxor_dst),
+ ROP2(cirrus_colorexpand_transp_src_or_notdst),
+ ROP2(cirrus_colorexpand_transp_notsrc),
+ ROP2(cirrus_colorexpand_transp_notsrc_or_dst),
+ ROP2(cirrus_colorexpand_transp_notsrc_and_notdst),
+};
+
+static const cirrus_bitblt_rop_t cirrus_colorexpand[16][4] = {
+ ROP2(cirrus_colorexpand_0),
+ ROP2(cirrus_colorexpand_src_and_dst),
+ ROP_NOP2(cirrus_bitblt_rop_nop),
+ ROP2(cirrus_colorexpand_src_and_notdst),
+ ROP2(cirrus_colorexpand_notdst),
+ ROP2(cirrus_colorexpand_src),
+ ROP2(cirrus_colorexpand_1),
+ ROP2(cirrus_colorexpand_notsrc_and_dst),
+ ROP2(cirrus_colorexpand_src_xor_dst),
+ ROP2(cirrus_colorexpand_src_or_dst),
+ ROP2(cirrus_colorexpand_notsrc_or_notdst),
+ ROP2(cirrus_colorexpand_src_notxor_dst),
+ ROP2(cirrus_colorexpand_src_or_notdst),
+ ROP2(cirrus_colorexpand_notsrc),
+ ROP2(cirrus_colorexpand_notsrc_or_dst),
+ ROP2(cirrus_colorexpand_notsrc_and_notdst),
+};
+
+static const cirrus_bitblt_rop_t cirrus_colorexpand_pattern_transp[16][4] = {
+ ROP2(cirrus_colorexpand_pattern_transp_0),
+ ROP2(cirrus_colorexpand_pattern_transp_src_and_dst),
+ ROP_NOP2(cirrus_bitblt_rop_nop),
+ ROP2(cirrus_colorexpand_pattern_transp_src_and_notdst),
+ ROP2(cirrus_colorexpand_pattern_transp_notdst),
+ ROP2(cirrus_colorexpand_pattern_transp_src),
+ ROP2(cirrus_colorexpand_pattern_transp_1),
+ ROP2(cirrus_colorexpand_pattern_transp_notsrc_and_dst),
+ ROP2(cirrus_colorexpand_pattern_transp_src_xor_dst),
+ ROP2(cirrus_colorexpand_pattern_transp_src_or_dst),
+ ROP2(cirrus_colorexpand_pattern_transp_notsrc_or_notdst),
+ ROP2(cirrus_colorexpand_pattern_transp_src_notxor_dst),
+ ROP2(cirrus_colorexpand_pattern_transp_src_or_notdst),
+ ROP2(cirrus_colorexpand_pattern_transp_notsrc),
+ ROP2(cirrus_colorexpand_pattern_transp_notsrc_or_dst),
+ ROP2(cirrus_colorexpand_pattern_transp_notsrc_and_notdst),
+};
+
+static const cirrus_bitblt_rop_t cirrus_colorexpand_pattern[16][4] = {
+ ROP2(cirrus_colorexpand_pattern_0),
+ ROP2(cirrus_colorexpand_pattern_src_and_dst),
+ ROP_NOP2(cirrus_bitblt_rop_nop),
+ ROP2(cirrus_colorexpand_pattern_src_and_notdst),
+ ROP2(cirrus_colorexpand_pattern_notdst),
+ ROP2(cirrus_colorexpand_pattern_src),
+ ROP2(cirrus_colorexpand_pattern_1),
+ ROP2(cirrus_colorexpand_pattern_notsrc_and_dst),
+ ROP2(cirrus_colorexpand_pattern_src_xor_dst),
+ ROP2(cirrus_colorexpand_pattern_src_or_dst),
+ ROP2(cirrus_colorexpand_pattern_notsrc_or_notdst),
+ ROP2(cirrus_colorexpand_pattern_src_notxor_dst),
+ ROP2(cirrus_colorexpand_pattern_src_or_notdst),
+ ROP2(cirrus_colorexpand_pattern_notsrc),
+ ROP2(cirrus_colorexpand_pattern_notsrc_or_dst),
+ ROP2(cirrus_colorexpand_pattern_notsrc_and_notdst),
+};
+
+static const cirrus_fill_t cirrus_fill[16][4] = {
+ ROP2(cirrus_fill_0),
+ ROP2(cirrus_fill_src_and_dst),
+ ROP_NOP2(cirrus_bitblt_fill_nop),
+ ROP2(cirrus_fill_src_and_notdst),
+ ROP2(cirrus_fill_notdst),
+ ROP2(cirrus_fill_src),
+ ROP2(cirrus_fill_1),
+ ROP2(cirrus_fill_notsrc_and_dst),
+ ROP2(cirrus_fill_src_xor_dst),
+ ROP2(cirrus_fill_src_or_dst),
+ ROP2(cirrus_fill_notsrc_or_notdst),
+ ROP2(cirrus_fill_src_notxor_dst),
+ ROP2(cirrus_fill_src_or_notdst),
+ ROP2(cirrus_fill_notsrc),
+ ROP2(cirrus_fill_notsrc_or_dst),
+ ROP2(cirrus_fill_notsrc_and_notdst),
+};
+
+static inline void cirrus_bitblt_fgcol(CirrusVGAState *s)
+{
+ unsigned int color;
+ switch (s->cirrus_blt_pixelwidth) {
+ case 1:
+ s->cirrus_blt_fgcol = s->cirrus_shadow_gr1;
+ break;
+ case 2:
+ color = s->cirrus_shadow_gr1 | (s->vga.gr[0x11] << 8);
+ s->cirrus_blt_fgcol = le16_to_cpu(color);
+ break;
+ case 3:
+ s->cirrus_blt_fgcol = s->cirrus_shadow_gr1 |
+ (s->vga.gr[0x11] << 8) | (s->vga.gr[0x13] << 16);
+ break;
+ default:
+ case 4:
+ color = s->cirrus_shadow_gr1 | (s->vga.gr[0x11] << 8) |
+ (s->vga.gr[0x13] << 16) | (s->vga.gr[0x15] << 24);
+ s->cirrus_blt_fgcol = le32_to_cpu(color);
+ break;
+ }
+}
+
+static inline void cirrus_bitblt_bgcol(CirrusVGAState *s)
+{
+ unsigned int color;
+ switch (s->cirrus_blt_pixelwidth) {
+ case 1:
+ s->cirrus_blt_bgcol = s->cirrus_shadow_gr0;
+ break;
+ case 2:
+ color = s->cirrus_shadow_gr0 | (s->vga.gr[0x10] << 8);
+ s->cirrus_blt_bgcol = le16_to_cpu(color);
+ break;
+ case 3:
+ s->cirrus_blt_bgcol = s->cirrus_shadow_gr0 |
+ (s->vga.gr[0x10] << 8) | (s->vga.gr[0x12] << 16);
+ break;
+ default:
+ case 4:
+ color = s->cirrus_shadow_gr0 | (s->vga.gr[0x10] << 8) |
+ (s->vga.gr[0x12] << 16) | (s->vga.gr[0x14] << 24);
+ s->cirrus_blt_bgcol = le32_to_cpu(color);
+ break;
+ }
+}
+
+static void cirrus_invalidate_region(CirrusVGAState * s, int off_begin,
+ int off_pitch, int bytesperline,
+ int lines)
+{
+ int y;
+ int off_cur;
+ int off_cur_end;
+
+ for (y = 0; y < lines; y++) {
+ off_cur = off_begin;
+ off_cur_end = (off_cur + bytesperline) & s->cirrus_addr_mask;
+ memory_region_set_dirty(&s->vga.vram, off_cur, off_cur_end - off_cur);
+ off_begin += off_pitch;
+ }
+}
+
+static int cirrus_bitblt_common_patterncopy(CirrusVGAState * s,
+ const uint8_t * src)
+{
+ uint8_t *dst;
+
+ dst = s->vga.vram_ptr + (s->cirrus_blt_dstaddr & s->cirrus_addr_mask);
+
+ if (BLTUNSAFE(s))
+ return 0;
+
+ (*s->cirrus_rop) (s, dst, src,
+ s->cirrus_blt_dstpitch, 0,
+ s->cirrus_blt_width, s->cirrus_blt_height);
+ cirrus_invalidate_region(s, s->cirrus_blt_dstaddr,
+ s->cirrus_blt_dstpitch, s->cirrus_blt_width,
+ s->cirrus_blt_height);
+ return 1;
+}
+
+/* fill */
+
+static int cirrus_bitblt_solidfill(CirrusVGAState *s, int blt_rop)
+{
+ cirrus_fill_t rop_func;
+
+ if (BLTUNSAFE(s))
+ return 0;
+ rop_func = cirrus_fill[rop_to_index[blt_rop]][s->cirrus_blt_pixelwidth - 1];
+ rop_func(s, s->vga.vram_ptr + (s->cirrus_blt_dstaddr & s->cirrus_addr_mask),
+ s->cirrus_blt_dstpitch,
+ s->cirrus_blt_width, s->cirrus_blt_height);
+ cirrus_invalidate_region(s, s->cirrus_blt_dstaddr,
+ s->cirrus_blt_dstpitch, s->cirrus_blt_width,
+ s->cirrus_blt_height);
+ cirrus_bitblt_reset(s);
+ return 1;
+}
+
+/***************************************
+ *
+ * bitblt (video-to-video)
+ *
+ ***************************************/
+
+static int cirrus_bitblt_videotovideo_patterncopy(CirrusVGAState * s)
+{
+ return cirrus_bitblt_common_patterncopy(s,
+ s->vga.vram_ptr + ((s->cirrus_blt_srcaddr & ~7) &
+ s->cirrus_addr_mask));
+}
+
+static void cirrus_do_copy(CirrusVGAState *s, int dst, int src, int w, int h)
+{
+ int sx = 0, sy = 0;
+ int dx = 0, dy = 0;
+ int depth = 0;
+ int notify = 0;
+
+ /* make sure to only copy if it's a plain copy ROP */
+ if (*s->cirrus_rop == cirrus_bitblt_rop_fwd_src ||
+ *s->cirrus_rop == cirrus_bitblt_rop_bkwd_src) {
+
+ int width, height;
+
+ depth = s->vga.get_bpp(&s->vga) / 8;
+ s->vga.get_resolution(&s->vga, &width, &height);
+
+ /* extra x, y */
+ sx = (src % ABS(s->cirrus_blt_srcpitch)) / depth;
+ sy = (src / ABS(s->cirrus_blt_srcpitch));
+ dx = (dst % ABS(s->cirrus_blt_dstpitch)) / depth;
+ dy = (dst / ABS(s->cirrus_blt_dstpitch));
+
+ /* normalize width */
+ w /= depth;
+
+ /* if we're doing a backward copy, we have to adjust
+ our x/y to be the upper left corner (instead of the lower
+ right corner) */
+ if (s->cirrus_blt_dstpitch < 0) {
+ sx -= (s->cirrus_blt_width / depth) - 1;
+ dx -= (s->cirrus_blt_width / depth) - 1;
+ sy -= s->cirrus_blt_height - 1;
+ dy -= s->cirrus_blt_height - 1;
+ }
+
+ /* are we in the visible portion of memory? */
+ if (sx >= 0 && sy >= 0 && dx >= 0 && dy >= 0 &&
+ (sx + w) <= width && (sy + h) <= height &&
+ (dx + w) <= width && (dy + h) <= height) {
+ notify = 1;
+ }
+ }
+
+ /* we have to flush all pending changes so that the copy
+ is generated at the appropriate moment in time */
+ if (notify)
+ graphic_hw_update(s->vga.con);
+
+ (*s->cirrus_rop) (s, s->vga.vram_ptr +
+ (s->cirrus_blt_dstaddr & s->cirrus_addr_mask),
+ s->vga.vram_ptr +
+ (s->cirrus_blt_srcaddr & s->cirrus_addr_mask),
+ s->cirrus_blt_dstpitch, s->cirrus_blt_srcpitch,
+ s->cirrus_blt_width, s->cirrus_blt_height);
+
+ if (notify) {
+ qemu_console_copy(s->vga.con,
+ sx, sy, dx, dy,
+ s->cirrus_blt_width / depth,
+ s->cirrus_blt_height);
+ }
+
+ /* we don't have to notify the display that this portion has
+ changed since qemu_console_copy implies this */
+
+ cirrus_invalidate_region(s, s->cirrus_blt_dstaddr,
+ s->cirrus_blt_dstpitch, s->cirrus_blt_width,
+ s->cirrus_blt_height);
+}
+
+static int cirrus_bitblt_videotovideo_copy(CirrusVGAState * s)
+{
+ if (BLTUNSAFE(s))
+ return 0;
+
+ cirrus_do_copy(s, s->cirrus_blt_dstaddr - s->vga.start_addr,
+ s->cirrus_blt_srcaddr - s->vga.start_addr,
+ s->cirrus_blt_width, s->cirrus_blt_height);
+
+ return 1;
+}
+
+/***************************************
+ *
+ * bitblt (cpu-to-video)
+ *
+ ***************************************/
+
+static void cirrus_bitblt_cputovideo_next(CirrusVGAState * s)
+{
+ int copy_count;
+ uint8_t *end_ptr;
+
+ if (s->cirrus_srccounter > 0) {
+ if (s->cirrus_blt_mode & CIRRUS_BLTMODE_PATTERNCOPY) {
+ cirrus_bitblt_common_patterncopy(s, s->cirrus_bltbuf);
+ the_end:
+ s->cirrus_srccounter = 0;
+ cirrus_bitblt_reset(s);
+ } else {
+ /* at least one scan line */
+ do {
+ (*s->cirrus_rop)(s, s->vga.vram_ptr +
+ (s->cirrus_blt_dstaddr & s->cirrus_addr_mask),
+ s->cirrus_bltbuf, 0, 0, s->cirrus_blt_width, 1);
+ cirrus_invalidate_region(s, s->cirrus_blt_dstaddr, 0,
+ s->cirrus_blt_width, 1);
+ s->cirrus_blt_dstaddr += s->cirrus_blt_dstpitch;
+ s->cirrus_srccounter -= s->cirrus_blt_srcpitch;
+ if (s->cirrus_srccounter <= 0)
+ goto the_end;
+ /* more bytes than needed can be transferred because of
+ word alignment, so we keep them for the next line */
+ /* XXX: keep alignment to speed up transfer */
+ end_ptr = s->cirrus_bltbuf + s->cirrus_blt_srcpitch;
+ copy_count = s->cirrus_srcptr_end - end_ptr;
+ memmove(s->cirrus_bltbuf, end_ptr, copy_count);
+ s->cirrus_srcptr = s->cirrus_bltbuf + copy_count;
+ s->cirrus_srcptr_end = s->cirrus_bltbuf + s->cirrus_blt_srcpitch;
+ } while (s->cirrus_srcptr >= s->cirrus_srcptr_end);
+ }
+ }
+}
+
+/***************************************
+ *
+ * bitblt wrapper
+ *
+ ***************************************/
+
+static void cirrus_bitblt_reset(CirrusVGAState * s)
+{
+ int need_update;
+
+ s->vga.gr[0x31] &=
+ ~(CIRRUS_BLT_START | CIRRUS_BLT_BUSY | CIRRUS_BLT_FIFOUSED);
+ need_update = s->cirrus_srcptr != &s->cirrus_bltbuf[0]
+ || s->cirrus_srcptr_end != &s->cirrus_bltbuf[0];
+ s->cirrus_srcptr = &s->cirrus_bltbuf[0];
+ s->cirrus_srcptr_end = &s->cirrus_bltbuf[0];
+ s->cirrus_srccounter = 0;
+ if (!need_update)
+ return;
+ cirrus_update_memory_access(s);
+}
+
+static int cirrus_bitblt_cputovideo(CirrusVGAState * s)
+{
+ int w;
+
+ s->cirrus_blt_mode &= ~CIRRUS_BLTMODE_MEMSYSSRC;
+ s->cirrus_srcptr = &s->cirrus_bltbuf[0];
+ s->cirrus_srcptr_end = &s->cirrus_bltbuf[0];
+
+ if (s->cirrus_blt_mode & CIRRUS_BLTMODE_PATTERNCOPY) {
+ if (s->cirrus_blt_mode & CIRRUS_BLTMODE_COLOREXPAND) {
+ s->cirrus_blt_srcpitch = 8;
+ } else {
+ /* XXX: check for 24 bpp */
+ s->cirrus_blt_srcpitch = 8 * 8 * s->cirrus_blt_pixelwidth;
+ }
+ s->cirrus_srccounter = s->cirrus_blt_srcpitch;
+ } else {
+ if (s->cirrus_blt_mode & CIRRUS_BLTMODE_COLOREXPAND) {
+ w = s->cirrus_blt_width / s->cirrus_blt_pixelwidth;
+ if (s->cirrus_blt_modeext & CIRRUS_BLTMODEEXT_DWORDGRANULARITY)
+ s->cirrus_blt_srcpitch = ((w + 31) >> 5);
+ else
+ s->cirrus_blt_srcpitch = ((w + 7) >> 3);
+ } else {
+ /* always align input size to 32 bits */
+ s->cirrus_blt_srcpitch = (s->cirrus_blt_width + 3) & ~3;
+ }
+ s->cirrus_srccounter = s->cirrus_blt_srcpitch * s->cirrus_blt_height;
+ }
+ s->cirrus_srcptr = s->cirrus_bltbuf;
+ s->cirrus_srcptr_end = s->cirrus_bltbuf + s->cirrus_blt_srcpitch;
+ cirrus_update_memory_access(s);
+ return 1;
+}
+
+static int cirrus_bitblt_videotocpu(CirrusVGAState * s)
+{
+ /* XXX */
+#ifdef DEBUG_BITBLT
+ printf("cirrus: bitblt (video to cpu) is not implemented yet\n");
+#endif
+ return 0;
+}
+
+static int cirrus_bitblt_videotovideo(CirrusVGAState * s)
+{
+ int ret;
+
+ if (s->cirrus_blt_mode & CIRRUS_BLTMODE_PATTERNCOPY) {
+ ret = cirrus_bitblt_videotovideo_patterncopy(s);
+ } else {
+ ret = cirrus_bitblt_videotovideo_copy(s);
+ }
+ if (ret)
+ cirrus_bitblt_reset(s);
+ return ret;
+}
+
+static void cirrus_bitblt_start(CirrusVGAState * s)
+{
+ uint8_t blt_rop;
+
+ s->vga.gr[0x31] |= CIRRUS_BLT_BUSY;
+
+ s->cirrus_blt_width = (s->vga.gr[0x20] | (s->vga.gr[0x21] << 8)) + 1;
+ s->cirrus_blt_height = (s->vga.gr[0x22] | (s->vga.gr[0x23] << 8)) + 1;
+ s->cirrus_blt_dstpitch = (s->vga.gr[0x24] | (s->vga.gr[0x25] << 8));
+ s->cirrus_blt_srcpitch = (s->vga.gr[0x26] | (s->vga.gr[0x27] << 8));
+ s->cirrus_blt_dstaddr =
+ (s->vga.gr[0x28] | (s->vga.gr[0x29] << 8) | (s->vga.gr[0x2a] << 16));
+ s->cirrus_blt_srcaddr =
+ (s->vga.gr[0x2c] | (s->vga.gr[0x2d] << 8) | (s->vga.gr[0x2e] << 16));
+ s->cirrus_blt_mode = s->vga.gr[0x30];
+ s->cirrus_blt_modeext = s->vga.gr[0x33];
+ blt_rop = s->vga.gr[0x32];
+
+#ifdef DEBUG_BITBLT
+ printf("rop=0x%02x mode=0x%02x modeext=0x%02x w=%d h=%d dpitch=%d spitch=%d daddr=0x%08x saddr=0x%08x writemask=0x%02x\n",
+ blt_rop,
+ s->cirrus_blt_mode,
+ s->cirrus_blt_modeext,
+ s->cirrus_blt_width,
+ s->cirrus_blt_height,
+ s->cirrus_blt_dstpitch,
+ s->cirrus_blt_srcpitch,
+ s->cirrus_blt_dstaddr,
+ s->cirrus_blt_srcaddr,
+ s->vga.gr[0x2f]);
+#endif
+
+ switch (s->cirrus_blt_mode & CIRRUS_BLTMODE_PIXELWIDTHMASK) {
+ case CIRRUS_BLTMODE_PIXELWIDTH8:
+ s->cirrus_blt_pixelwidth = 1;
+ break;
+ case CIRRUS_BLTMODE_PIXELWIDTH16:
+ s->cirrus_blt_pixelwidth = 2;
+ break;
+ case CIRRUS_BLTMODE_PIXELWIDTH24:
+ s->cirrus_blt_pixelwidth = 3;
+ break;
+ case CIRRUS_BLTMODE_PIXELWIDTH32:
+ s->cirrus_blt_pixelwidth = 4;
+ break;
+ default:
+#ifdef DEBUG_BITBLT
+ printf("cirrus: bitblt - pixel width is unknown\n");
+#endif
+ goto bitblt_ignore;
+ }
+ s->cirrus_blt_mode &= ~CIRRUS_BLTMODE_PIXELWIDTHMASK;
+
+ if ((s->
+ cirrus_blt_mode & (CIRRUS_BLTMODE_MEMSYSSRC |
+ CIRRUS_BLTMODE_MEMSYSDEST))
+ == (CIRRUS_BLTMODE_MEMSYSSRC | CIRRUS_BLTMODE_MEMSYSDEST)) {
+#ifdef DEBUG_BITBLT
+ printf("cirrus: bitblt - memory-to-memory copy is requested\n");
+#endif
+ goto bitblt_ignore;
+ }
+
+ if ((s->cirrus_blt_modeext & CIRRUS_BLTMODEEXT_SOLIDFILL) &&
+ (s->cirrus_blt_mode & (CIRRUS_BLTMODE_MEMSYSDEST |
+ CIRRUS_BLTMODE_TRANSPARENTCOMP |
+ CIRRUS_BLTMODE_PATTERNCOPY |
+ CIRRUS_BLTMODE_COLOREXPAND)) ==
+ (CIRRUS_BLTMODE_PATTERNCOPY | CIRRUS_BLTMODE_COLOREXPAND)) {
+ cirrus_bitblt_fgcol(s);
+ cirrus_bitblt_solidfill(s, blt_rop);
+ } else {
+ if ((s->cirrus_blt_mode & (CIRRUS_BLTMODE_COLOREXPAND |
+ CIRRUS_BLTMODE_PATTERNCOPY)) ==
+ CIRRUS_BLTMODE_COLOREXPAND) {
+
+ if (s->cirrus_blt_mode & CIRRUS_BLTMODE_TRANSPARENTCOMP) {
+ if (s->cirrus_blt_modeext & CIRRUS_BLTMODEEXT_COLOREXPINV)
+ cirrus_bitblt_bgcol(s);
+ else
+ cirrus_bitblt_fgcol(s);
+ s->cirrus_rop = cirrus_colorexpand_transp[rop_to_index[blt_rop]][s->cirrus_blt_pixelwidth - 1];
+ } else {
+ cirrus_bitblt_fgcol(s);
+ cirrus_bitblt_bgcol(s);
+ s->cirrus_rop = cirrus_colorexpand[rop_to_index[blt_rop]][s->cirrus_blt_pixelwidth - 1];
+ }
+ } else if (s->cirrus_blt_mode & CIRRUS_BLTMODE_PATTERNCOPY) {
+ if (s->cirrus_blt_mode & CIRRUS_BLTMODE_COLOREXPAND) {
+ if (s->cirrus_blt_mode & CIRRUS_BLTMODE_TRANSPARENTCOMP) {
+ if (s->cirrus_blt_modeext & CIRRUS_BLTMODEEXT_COLOREXPINV)
+ cirrus_bitblt_bgcol(s);
+ else
+ cirrus_bitblt_fgcol(s);
+ s->cirrus_rop = cirrus_colorexpand_pattern_transp[rop_to_index[blt_rop]][s->cirrus_blt_pixelwidth - 1];
+ } else {
+ cirrus_bitblt_fgcol(s);
+ cirrus_bitblt_bgcol(s);
+ s->cirrus_rop = cirrus_colorexpand_pattern[rop_to_index[blt_rop]][s->cirrus_blt_pixelwidth - 1];
+ }
+ } else {
+ s->cirrus_rop = cirrus_patternfill[rop_to_index[blt_rop]][s->cirrus_blt_pixelwidth - 1];
+ }
+ } else {
+ if (s->cirrus_blt_mode & CIRRUS_BLTMODE_TRANSPARENTCOMP) {
+ if (s->cirrus_blt_pixelwidth > 2) {
+ printf("src transparent without colorexpand must be 8bpp or 16bpp\n");
+ goto bitblt_ignore;
+ }
+ if (s->cirrus_blt_mode & CIRRUS_BLTMODE_BACKWARDS) {
+ s->cirrus_blt_dstpitch = -s->cirrus_blt_dstpitch;
+ s->cirrus_blt_srcpitch = -s->cirrus_blt_srcpitch;
+ s->cirrus_rop = cirrus_bkwd_transp_rop[rop_to_index[blt_rop]][s->cirrus_blt_pixelwidth - 1];
+ } else {
+ s->cirrus_rop = cirrus_fwd_transp_rop[rop_to_index[blt_rop]][s->cirrus_blt_pixelwidth - 1];
+ }
+ } else {
+ if (s->cirrus_blt_mode & CIRRUS_BLTMODE_BACKWARDS) {
+ s->cirrus_blt_dstpitch = -s->cirrus_blt_dstpitch;
+ s->cirrus_blt_srcpitch = -s->cirrus_blt_srcpitch;
+ s->cirrus_rop = cirrus_bkwd_rop[rop_to_index[blt_rop]];
+ } else {
+ s->cirrus_rop = cirrus_fwd_rop[rop_to_index[blt_rop]];
+ }
+ }
+ }
+ // setup bitblt engine.
+ if (s->cirrus_blt_mode & CIRRUS_BLTMODE_MEMSYSSRC) {
+ if (!cirrus_bitblt_cputovideo(s))
+ goto bitblt_ignore;
+ } else if (s->cirrus_blt_mode & CIRRUS_BLTMODE_MEMSYSDEST) {
+ if (!cirrus_bitblt_videotocpu(s))
+ goto bitblt_ignore;
+ } else {
+ if (!cirrus_bitblt_videotovideo(s))
+ goto bitblt_ignore;
+ }
+ }
+ return;
+ bitblt_ignore:;
+ cirrus_bitblt_reset(s);
+}
+
+static void cirrus_write_bitblt(CirrusVGAState * s, unsigned reg_value)
+{
+ unsigned old_value;
+
+ old_value = s->vga.gr[0x31];
+ s->vga.gr[0x31] = reg_value;
+
+ if (((old_value & CIRRUS_BLT_RESET) != 0) &&
+ ((reg_value & CIRRUS_BLT_RESET) == 0)) {
+ cirrus_bitblt_reset(s);
+ } else if (((old_value & CIRRUS_BLT_START) == 0) &&
+ ((reg_value & CIRRUS_BLT_START) != 0)) {
+ cirrus_bitblt_start(s);
+ }
+}
+
+
+/***************************************
+ *
+ * basic parameters
+ *
+ ***************************************/
+
+static void cirrus_get_offsets(VGACommonState *s1,
+ uint32_t *pline_offset,
+ uint32_t *pstart_addr,
+ uint32_t *pline_compare)
+{
+ CirrusVGAState * s = container_of(s1, CirrusVGAState, vga);
+ uint32_t start_addr, line_offset, line_compare;
+
+ line_offset = s->vga.cr[0x13]
+ | ((s->vga.cr[0x1b] & 0x10) << 4);
+ line_offset <<= 3;
+ *pline_offset = line_offset;
+
+ start_addr = (s->vga.cr[0x0c] << 8)
+ | s->vga.cr[0x0d]
+ | ((s->vga.cr[0x1b] & 0x01) << 16)
+ | ((s->vga.cr[0x1b] & 0x0c) << 15)
+ | ((s->vga.cr[0x1d] & 0x80) << 12);
+ *pstart_addr = start_addr;
+
+ line_compare = s->vga.cr[0x18] |
+ ((s->vga.cr[0x07] & 0x10) << 4) |
+ ((s->vga.cr[0x09] & 0x40) << 3);
+ *pline_compare = line_compare;
+}
+
+static uint32_t cirrus_get_bpp16_depth(CirrusVGAState * s)
+{
+ uint32_t ret = 16;
+
+ switch (s->cirrus_hidden_dac_data & 0xf) {
+ case 0:
+ ret = 15;
+ break; /* Sierra HiColor */
+ case 1:
+ ret = 16;
+ break; /* XGA HiColor */
+ default:
+#ifdef DEBUG_CIRRUS
+ printf("cirrus: invalid DAC value %x in 16bpp\n",
+ (s->cirrus_hidden_dac_data & 0xf));
+#endif
+ ret = 15; /* XXX */
+ break;
+ }
+ return ret;
+}
+
+static int cirrus_get_bpp(VGACommonState *s1)
+{
+ CirrusVGAState * s = container_of(s1, CirrusVGAState, vga);
+ uint32_t ret = 8;
+
+ if ((s->vga.sr[0x07] & 0x01) != 0) {
+ /* Cirrus SVGA */
+ switch (s->vga.sr[0x07] & CIRRUS_SR7_BPP_MASK) {
+ case CIRRUS_SR7_BPP_8:
+ ret = 8;
+ break;
+ case CIRRUS_SR7_BPP_16_DOUBLEVCLK:
+ ret = cirrus_get_bpp16_depth(s);
+ break;
+ case CIRRUS_SR7_BPP_24:
+ ret = 24;
+ break;
+ case CIRRUS_SR7_BPP_16:
+ ret = cirrus_get_bpp16_depth(s);
+ break;
+ case CIRRUS_SR7_BPP_32:
+ ret = 32;
+ break;
+ default:
+#ifdef DEBUG_CIRRUS
+ printf("cirrus: unknown bpp - sr7=%x\n", s->vga.sr[0x7]);
+#endif
+ ret = 8;
+ break;
+ }
+ } else {
+ /* VGA */
+ ret = 0;
+ }
+
+ return ret;
+}
+
+static void cirrus_get_resolution(VGACommonState *s, int *pwidth, int *pheight)
+{
+ int width, height;
+
+ width = (s->cr[0x01] + 1) * 8;
+ height = s->cr[0x12] |
+ ((s->cr[0x07] & 0x02) << 7) |
+ ((s->cr[0x07] & 0x40) << 3);
+ height = (height + 1);
+ /* interlace support */
+ if (s->cr[0x1a] & 0x01)
+ height = height * 2;
+ *pwidth = width;
+ *pheight = height;
+}
+
+/***************************************
+ *
+ * bank memory
+ *
+ ***************************************/
+
+static void cirrus_update_bank_ptr(CirrusVGAState * s, unsigned bank_index)
+{
+ unsigned offset;
+ unsigned limit;
+
+ if ((s->vga.gr[0x0b] & 0x01) != 0) /* dual bank */
+ offset = s->vga.gr[0x09 + bank_index];
+ else /* single bank */
+ offset = s->vga.gr[0x09];
+
+ if ((s->vga.gr[0x0b] & 0x20) != 0)
+ offset <<= 14;
+ else
+ offset <<= 12;
+
+ if (s->real_vram_size <= offset)
+ limit = 0;
+ else
+ limit = s->real_vram_size - offset;
+
+ if (((s->vga.gr[0x0b] & 0x01) == 0) && (bank_index != 0)) {
+ if (limit > 0x8000) {
+ offset += 0x8000;
+ limit -= 0x8000;
+ } else {
+ limit = 0;
+ }
+ }
+
+ if (limit > 0) {
+ s->cirrus_bank_base[bank_index] = offset;
+ s->cirrus_bank_limit[bank_index] = limit;
+ } else {
+ s->cirrus_bank_base[bank_index] = 0;
+ s->cirrus_bank_limit[bank_index] = 0;
+ }
+}
+
+/***************************************
+ *
+ * I/O access between 0x3c4-0x3c5
+ *
+ ***************************************/
+
+static int cirrus_vga_read_sr(CirrusVGAState * s)
+{
+ switch (s->vga.sr_index) {
+ case 0x00: // Standard VGA
+ case 0x01: // Standard VGA
+ case 0x02: // Standard VGA
+ case 0x03: // Standard VGA
+ case 0x04: // Standard VGA
+ return s->vga.sr[s->vga.sr_index];
+ case 0x06: // Unlock Cirrus extensions
+ return s->vga.sr[s->vga.sr_index];
+ case 0x10:
+ case 0x30:
+ case 0x50:
+ case 0x70: // Graphics Cursor X
+ case 0x90:
+ case 0xb0:
+ case 0xd0:
+ case 0xf0: // Graphics Cursor X
+ return s->vga.sr[0x10];
+ case 0x11:
+ case 0x31:
+ case 0x51:
+ case 0x71: // Graphics Cursor Y
+ case 0x91:
+ case 0xb1:
+ case 0xd1:
+ case 0xf1: // Graphics Cursor Y
+ return s->vga.sr[0x11];
+ case 0x05: // ???
+ case 0x07: // Extended Sequencer Mode
+ case 0x08: // EEPROM Control
+ case 0x09: // Scratch Register 0
+ case 0x0a: // Scratch Register 1
+ case 0x0b: // VCLK 0
+ case 0x0c: // VCLK 1
+ case 0x0d: // VCLK 2
+ case 0x0e: // VCLK 3
+ case 0x0f: // DRAM Control
+ case 0x12: // Graphics Cursor Attribute
+ case 0x13: // Graphics Cursor Pattern Address
+ case 0x14: // Scratch Register 2
+ case 0x15: // Scratch Register 3
+ case 0x16: // Performance Tuning Register
+ case 0x17: // Configuration Readback and Extended Control
+ case 0x18: // Signature Generator Control
+ case 0x19: // Signal Generator Result
+ case 0x1a: // Signal Generator Result
+ case 0x1b: // VCLK 0 Denominator & Post
+ case 0x1c: // VCLK 1 Denominator & Post
+ case 0x1d: // VCLK 2 Denominator & Post
+ case 0x1e: // VCLK 3 Denominator & Post
+ case 0x1f: // BIOS Write Enable and MCLK select
+#ifdef DEBUG_CIRRUS
+ printf("cirrus: handled inport sr_index %02x\n", s->vga.sr_index);
+#endif
+ return s->vga.sr[s->vga.sr_index];
+ default:
+#ifdef DEBUG_CIRRUS
+ printf("cirrus: inport sr_index %02x\n", s->vga.sr_index);
+#endif
+ return 0xff;
+ break;
+ }
+}
+
+static void cirrus_vga_write_sr(CirrusVGAState * s, uint32_t val)
+{
+ switch (s->vga.sr_index) {
+ case 0x00: // Standard VGA
+ case 0x01: // Standard VGA
+ case 0x02: // Standard VGA
+ case 0x03: // Standard VGA
+ case 0x04: // Standard VGA
+ s->vga.sr[s->vga.sr_index] = val & sr_mask[s->vga.sr_index];
+ if (s->vga.sr_index == 1)
+ s->vga.update_retrace_info(&s->vga);
+ break;
+ case 0x06: // Unlock Cirrus extensions
+ val &= 0x17;
+ if (val == 0x12) {
+ s->vga.sr[s->vga.sr_index] = 0x12;
+ } else {
+ s->vga.sr[s->vga.sr_index] = 0x0f;
+ }
+ break;
+ case 0x10:
+ case 0x30:
+ case 0x50:
+ case 0x70: // Graphics Cursor X
+ case 0x90:
+ case 0xb0:
+ case 0xd0:
+ case 0xf0: // Graphics Cursor X
+ s->vga.sr[0x10] = val;
+ s->hw_cursor_x = (val << 3) | (s->vga.sr_index >> 5);
+ break;
+ case 0x11:
+ case 0x31:
+ case 0x51:
+ case 0x71: // Graphics Cursor Y
+ case 0x91:
+ case 0xb1:
+ case 0xd1:
+ case 0xf1: // Graphics Cursor Y
+ s->vga.sr[0x11] = val;
+ s->hw_cursor_y = (val << 3) | (s->vga.sr_index >> 5);
+ break;
+ case 0x07: // Extended Sequencer Mode
+ cirrus_update_memory_access(s);
+ case 0x08: // EEPROM Control
+ case 0x09: // Scratch Register 0
+ case 0x0a: // Scratch Register 1
+ case 0x0b: // VCLK 0
+ case 0x0c: // VCLK 1
+ case 0x0d: // VCLK 2
+ case 0x0e: // VCLK 3
+ case 0x0f: // DRAM Control
+ case 0x12: // Graphics Cursor Attribute
+ case 0x13: // Graphics Cursor Pattern Address
+ case 0x14: // Scratch Register 2
+ case 0x15: // Scratch Register 3
+ case 0x16: // Performance Tuning Register
+ case 0x18: // Signature Generator Control
+ case 0x19: // Signature Generator Result
+ case 0x1a: // Signature Generator Result
+ case 0x1b: // VCLK 0 Denominator & Post
+ case 0x1c: // VCLK 1 Denominator & Post
+ case 0x1d: // VCLK 2 Denominator & Post
+ case 0x1e: // VCLK 3 Denominator & Post
+ case 0x1f: // BIOS Write Enable and MCLK select
+ s->vga.sr[s->vga.sr_index] = val;
+#ifdef DEBUG_CIRRUS
+ printf("cirrus: handled outport sr_index %02x, sr_value %02x\n",
+ s->vga.sr_index, val);
+#endif
+ break;
+ case 0x17: // Configuration Readback and Extended Control
+ s->vga.sr[s->vga.sr_index] = (s->vga.sr[s->vga.sr_index] & 0x38)
+ | (val & 0xc7);
+ cirrus_update_memory_access(s);
+ break;
+ default:
+#ifdef DEBUG_CIRRUS
+ printf("cirrus: outport sr_index %02x, sr_value %02x\n",
+ s->vga.sr_index, val);
+#endif
+ break;
+ }
+}
+
+/***************************************
+ *
+ * I/O access at 0x3c6
+ *
+ ***************************************/
+
+static int cirrus_read_hidden_dac(CirrusVGAState * s)
+{
+ if (++s->cirrus_hidden_dac_lockindex == 5) {
+ s->cirrus_hidden_dac_lockindex = 0;
+ return s->cirrus_hidden_dac_data;
+ }
+ return 0xff;
+}
+
+static void cirrus_write_hidden_dac(CirrusVGAState * s, int reg_value)
+{
+ if (s->cirrus_hidden_dac_lockindex == 4) {
+ s->cirrus_hidden_dac_data = reg_value;
+#if defined(DEBUG_CIRRUS)
+ printf("cirrus: outport hidden DAC, value %02x\n", reg_value);
+#endif
+ }
+ s->cirrus_hidden_dac_lockindex = 0;
+}
+
+/***************************************
+ *
+ * I/O access at 0x3c9
+ *
+ ***************************************/
+
+static int cirrus_vga_read_palette(CirrusVGAState * s)
+{
+ int val;
+
+ if ((s->vga.sr[0x12] & CIRRUS_CURSOR_HIDDENPEL)) {
+ val = s->cirrus_hidden_palette[(s->vga.dac_read_index & 0x0f) * 3 +
+ s->vga.dac_sub_index];
+ } else {
+ val = s->vga.palette[s->vga.dac_read_index * 3 + s->vga.dac_sub_index];
+ }
+ if (++s->vga.dac_sub_index == 3) {
+ s->vga.dac_sub_index = 0;
+ s->vga.dac_read_index++;
+ }
+ return val;
+}
+
+static void cirrus_vga_write_palette(CirrusVGAState * s, int reg_value)
+{
+ s->vga.dac_cache[s->vga.dac_sub_index] = reg_value;
+ if (++s->vga.dac_sub_index == 3) {
+ if ((s->vga.sr[0x12] & CIRRUS_CURSOR_HIDDENPEL)) {
+ memcpy(&s->cirrus_hidden_palette[(s->vga.dac_write_index & 0x0f) * 3],
+ s->vga.dac_cache, 3);
+ } else {
+ memcpy(&s->vga.palette[s->vga.dac_write_index * 3], s->vga.dac_cache, 3);
+ }
+ /* XXX update cursor */
+ s->vga.dac_sub_index = 0;
+ s->vga.dac_write_index++;
+ }
+}
+
+/***************************************
+ *
+ * I/O access between 0x3ce-0x3cf
+ *
+ ***************************************/
+
+static int cirrus_vga_read_gr(CirrusVGAState * s, unsigned reg_index)
+{
+ switch (reg_index) {
+ case 0x00: // Standard VGA, BGCOLOR 0x000000ff
+ return s->cirrus_shadow_gr0;
+ case 0x01: // Standard VGA, FGCOLOR 0x000000ff
+ return s->cirrus_shadow_gr1;
+ case 0x02: // Standard VGA
+ case 0x03: // Standard VGA
+ case 0x04: // Standard VGA
+ case 0x06: // Standard VGA
+ case 0x07: // Standard VGA
+ case 0x08: // Standard VGA
+ return s->vga.gr[s->vga.gr_index];
+ case 0x05: // Standard VGA, Cirrus extended mode
+ default:
+ break;
+ }
+
+ if (reg_index < 0x3a) {
+ return s->vga.gr[reg_index];
+ } else {
+#ifdef DEBUG_CIRRUS
+ printf("cirrus: inport gr_index %02x\n", reg_index);
+#endif
+ return 0xff;
+ }
+}
+
+static void
+cirrus_vga_write_gr(CirrusVGAState * s, unsigned reg_index, int reg_value)
+{
+#if defined(DEBUG_BITBLT) && 0
+ printf("gr%02x: %02x\n", reg_index, reg_value);
+#endif
+ switch (reg_index) {
+ case 0x00: // Standard VGA, BGCOLOR 0x000000ff
+ s->vga.gr[reg_index] = reg_value & gr_mask[reg_index];
+ s->cirrus_shadow_gr0 = reg_value;
+ break;
+ case 0x01: // Standard VGA, FGCOLOR 0x000000ff
+ s->vga.gr[reg_index] = reg_value & gr_mask[reg_index];
+ s->cirrus_shadow_gr1 = reg_value;
+ break;
+ case 0x02: // Standard VGA
+ case 0x03: // Standard VGA
+ case 0x04: // Standard VGA
+ case 0x06: // Standard VGA
+ case 0x07: // Standard VGA
+ case 0x08: // Standard VGA
+ s->vga.gr[reg_index] = reg_value & gr_mask[reg_index];
+ break;
+ case 0x05: // Standard VGA, Cirrus extended mode
+ s->vga.gr[reg_index] = reg_value & 0x7f;
+ cirrus_update_memory_access(s);
+ break;
+ case 0x09: // bank offset #0
+ case 0x0A: // bank offset #1
+ s->vga.gr[reg_index] = reg_value;
+ cirrus_update_bank_ptr(s, 0);
+ cirrus_update_bank_ptr(s, 1);
+ cirrus_update_memory_access(s);
+ break;
+ case 0x0B:
+ s->vga.gr[reg_index] = reg_value;
+ cirrus_update_bank_ptr(s, 0);
+ cirrus_update_bank_ptr(s, 1);
+ cirrus_update_memory_access(s);
+ break;
+ case 0x10: // BGCOLOR 0x0000ff00
+ case 0x11: // FGCOLOR 0x0000ff00
+ case 0x12: // BGCOLOR 0x00ff0000
+ case 0x13: // FGCOLOR 0x00ff0000
+ case 0x14: // BGCOLOR 0xff000000
+ case 0x15: // FGCOLOR 0xff000000
+ case 0x20: // BLT WIDTH 0x0000ff
+ case 0x22: // BLT HEIGHT 0x0000ff
+ case 0x24: // BLT DEST PITCH 0x0000ff
+ case 0x26: // BLT SRC PITCH 0x0000ff
+ case 0x28: // BLT DEST ADDR 0x0000ff
+ case 0x29: // BLT DEST ADDR 0x00ff00
+ case 0x2c: // BLT SRC ADDR 0x0000ff
+ case 0x2d: // BLT SRC ADDR 0x00ff00
+ case 0x2f: // BLT WRITEMASK
+ case 0x30: // BLT MODE
+ case 0x32: // RASTER OP
+ case 0x33: // BLT MODEEXT
+ case 0x34: // BLT TRANSPARENT COLOR 0x00ff
+ case 0x35: // BLT TRANSPARENT COLOR 0xff00
+ case 0x38: // BLT TRANSPARENT COLOR MASK 0x00ff
+ case 0x39: // BLT TRANSPARENT COLOR MASK 0xff00
+ s->vga.gr[reg_index] = reg_value;
+ break;
+ case 0x21: // BLT WIDTH 0x001f00
+ case 0x23: // BLT HEIGHT 0x001f00
+ case 0x25: // BLT DEST PITCH 0x001f00
+ case 0x27: // BLT SRC PITCH 0x001f00
+ s->vga.gr[reg_index] = reg_value & 0x1f;
+ break;
+ case 0x2a: // BLT DEST ADDR 0x3f0000
+ s->vga.gr[reg_index] = reg_value & 0x3f;
+ /* if auto start mode, starts bit blt now */
+ if (s->vga.gr[0x31] & CIRRUS_BLT_AUTOSTART) {
+ cirrus_bitblt_start(s);
+ }
+ break;
+ case 0x2e: // BLT SRC ADDR 0x3f0000
+ s->vga.gr[reg_index] = reg_value & 0x3f;
+ break;
+ case 0x31: // BLT STATUS/START
+ cirrus_write_bitblt(s, reg_value);
+ break;
+ default:
+#ifdef DEBUG_CIRRUS
+ printf("cirrus: outport gr_index %02x, gr_value %02x\n", reg_index,
+ reg_value);
+#endif
+ break;
+ }
+}
+
+/***************************************
+ *
+ * I/O access between 0x3d4-0x3d5
+ *
+ ***************************************/
+
+static int cirrus_vga_read_cr(CirrusVGAState * s, unsigned reg_index)
+{
+ switch (reg_index) {
+ case 0x00: // Standard VGA
+ case 0x01: // Standard VGA
+ case 0x02: // Standard VGA
+ case 0x03: // Standard VGA
+ case 0x04: // Standard VGA
+ case 0x05: // Standard VGA
+ case 0x06: // Standard VGA
+ case 0x07: // Standard VGA
+ case 0x08: // Standard VGA
+ case 0x09: // Standard VGA
+ case 0x0a: // Standard VGA
+ case 0x0b: // Standard VGA
+ case 0x0c: // Standard VGA
+ case 0x0d: // Standard VGA
+ case 0x0e: // Standard VGA
+ case 0x0f: // Standard VGA
+ case 0x10: // Standard VGA
+ case 0x11: // Standard VGA
+ case 0x12: // Standard VGA
+ case 0x13: // Standard VGA
+ case 0x14: // Standard VGA
+ case 0x15: // Standard VGA
+ case 0x16: // Standard VGA
+ case 0x17: // Standard VGA
+ case 0x18: // Standard VGA
+ return s->vga.cr[s->vga.cr_index];
+ case 0x24: // Attribute Controller Toggle Readback (R)
+ return (s->vga.ar_flip_flop << 7);
+ case 0x19: // Interlace End
+ case 0x1a: // Miscellaneous Control
+ case 0x1b: // Extended Display Control
+ case 0x1c: // Sync Adjust and Genlock
+ case 0x1d: // Overlay Extended Control
+ case 0x22: // Graphics Data Latches Readback (R)
+ case 0x25: // Part Status
+ case 0x27: // Part ID (R)
+ return s->vga.cr[s->vga.cr_index];
+ case 0x26: // Attribute Controller Index Readback (R)
+ return s->vga.ar_index & 0x3f;
+ break;
+ default:
+#ifdef DEBUG_CIRRUS
+ printf("cirrus: inport cr_index %02x\n", reg_index);
+#endif
+ return 0xff;
+ }
+}
+
+static void cirrus_vga_write_cr(CirrusVGAState * s, int reg_value)
+{
+ switch (s->vga.cr_index) {
+ case 0x00: // Standard VGA
+ case 0x01: // Standard VGA
+ case 0x02: // Standard VGA
+ case 0x03: // Standard VGA
+ case 0x04: // Standard VGA
+ case 0x05: // Standard VGA
+ case 0x06: // Standard VGA
+ case 0x07: // Standard VGA
+ case 0x08: // Standard VGA
+ case 0x09: // Standard VGA
+ case 0x0a: // Standard VGA
+ case 0x0b: // Standard VGA
+ case 0x0c: // Standard VGA
+ case 0x0d: // Standard VGA
+ case 0x0e: // Standard VGA
+ case 0x0f: // Standard VGA
+ case 0x10: // Standard VGA
+ case 0x11: // Standard VGA
+ case 0x12: // Standard VGA
+ case 0x13: // Standard VGA
+ case 0x14: // Standard VGA
+ case 0x15: // Standard VGA
+ case 0x16: // Standard VGA
+ case 0x17: // Standard VGA
+ case 0x18: // Standard VGA
+ /* handle CR0-7 protection */
+ if ((s->vga.cr[0x11] & 0x80) && s->vga.cr_index <= 7) {
+ /* can always write bit 4 of CR7 */
+ if (s->vga.cr_index == 7)
+ s->vga.cr[7] = (s->vga.cr[7] & ~0x10) | (reg_value & 0x10);
+ return;
+ }
+ s->vga.cr[s->vga.cr_index] = reg_value;
+ switch(s->vga.cr_index) {
+ case 0x00:
+ case 0x04:
+ case 0x05:
+ case 0x06:
+ case 0x07:
+ case 0x11:
+ case 0x17:
+ s->vga.update_retrace_info(&s->vga);
+ break;
+ }
+ break;
+ case 0x19: // Interlace End
+ case 0x1a: // Miscellaneous Control
+ case 0x1b: // Extended Display Control
+ case 0x1c: // Sync Adjust and Genlock
+ case 0x1d: // Overlay Extended Control
+ s->vga.cr[s->vga.cr_index] = reg_value;
+#ifdef DEBUG_CIRRUS
+ printf("cirrus: handled outport cr_index %02x, cr_value %02x\n",
+ s->vga.cr_index, reg_value);
+#endif
+ break;
+ case 0x22: // Graphics Data Latches Readback (R)
+ case 0x24: // Attribute Controller Toggle Readback (R)
+ case 0x26: // Attribute Controller Index Readback (R)
+ case 0x27: // Part ID (R)
+ break;
+ case 0x25: // Part Status
+ default:
+#ifdef DEBUG_CIRRUS
+ printf("cirrus: outport cr_index %02x, cr_value %02x\n",
+ s->vga.cr_index, reg_value);
+#endif
+ break;
+ }
+}
+
+/***************************************
+ *
+ * memory-mapped I/O (bitblt)
+ *
+ ***************************************/
+
+static uint8_t cirrus_mmio_blt_read(CirrusVGAState * s, unsigned address)
+{
+ int value = 0xff;
+
+ switch (address) {
+ case (CIRRUS_MMIO_BLTBGCOLOR + 0):
+ value = cirrus_vga_read_gr(s, 0x00);
+ break;
+ case (CIRRUS_MMIO_BLTBGCOLOR + 1):
+ value = cirrus_vga_read_gr(s, 0x10);
+ break;
+ case (CIRRUS_MMIO_BLTBGCOLOR + 2):
+ value = cirrus_vga_read_gr(s, 0x12);
+ break;
+ case (CIRRUS_MMIO_BLTBGCOLOR + 3):
+ value = cirrus_vga_read_gr(s, 0x14);
+ break;
+ case (CIRRUS_MMIO_BLTFGCOLOR + 0):
+ value = cirrus_vga_read_gr(s, 0x01);
+ break;
+ case (CIRRUS_MMIO_BLTFGCOLOR + 1):
+ value = cirrus_vga_read_gr(s, 0x11);
+ break;
+ case (CIRRUS_MMIO_BLTFGCOLOR + 2):
+ value = cirrus_vga_read_gr(s, 0x13);
+ break;
+ case (CIRRUS_MMIO_BLTFGCOLOR + 3):
+ value = cirrus_vga_read_gr(s, 0x15);
+ break;
+ case (CIRRUS_MMIO_BLTWIDTH + 0):
+ value = cirrus_vga_read_gr(s, 0x20);
+ break;
+ case (CIRRUS_MMIO_BLTWIDTH + 1):
+ value = cirrus_vga_read_gr(s, 0x21);
+ break;
+ case (CIRRUS_MMIO_BLTHEIGHT + 0):
+ value = cirrus_vga_read_gr(s, 0x22);
+ break;
+ case (CIRRUS_MMIO_BLTHEIGHT + 1):
+ value = cirrus_vga_read_gr(s, 0x23);
+ break;
+ case (CIRRUS_MMIO_BLTDESTPITCH + 0):
+ value = cirrus_vga_read_gr(s, 0x24);
+ break;
+ case (CIRRUS_MMIO_BLTDESTPITCH + 1):
+ value = cirrus_vga_read_gr(s, 0x25);
+ break;
+ case (CIRRUS_MMIO_BLTSRCPITCH + 0):
+ value = cirrus_vga_read_gr(s, 0x26);
+ break;
+ case (CIRRUS_MMIO_BLTSRCPITCH + 1):
+ value = cirrus_vga_read_gr(s, 0x27);
+ break;
+ case (CIRRUS_MMIO_BLTDESTADDR + 0):
+ value = cirrus_vga_read_gr(s, 0x28);
+ break;
+ case (CIRRUS_MMIO_BLTDESTADDR + 1):
+ value = cirrus_vga_read_gr(s, 0x29);
+ break;
+ case (CIRRUS_MMIO_BLTDESTADDR + 2):
+ value = cirrus_vga_read_gr(s, 0x2a);
+ break;
+ case (CIRRUS_MMIO_BLTSRCADDR + 0):
+ value = cirrus_vga_read_gr(s, 0x2c);
+ break;
+ case (CIRRUS_MMIO_BLTSRCADDR + 1):
+ value = cirrus_vga_read_gr(s, 0x2d);
+ break;
+ case (CIRRUS_MMIO_BLTSRCADDR + 2):
+ value = cirrus_vga_read_gr(s, 0x2e);
+ break;
+ case CIRRUS_MMIO_BLTWRITEMASK:
+ value = cirrus_vga_read_gr(s, 0x2f);
+ break;
+ case CIRRUS_MMIO_BLTMODE:
+ value = cirrus_vga_read_gr(s, 0x30);
+ break;
+ case CIRRUS_MMIO_BLTROP:
+ value = cirrus_vga_read_gr(s, 0x32);
+ break;
+ case CIRRUS_MMIO_BLTMODEEXT:
+ value = cirrus_vga_read_gr(s, 0x33);
+ break;
+ case (CIRRUS_MMIO_BLTTRANSPARENTCOLOR + 0):
+ value = cirrus_vga_read_gr(s, 0x34);
+ break;
+ case (CIRRUS_MMIO_BLTTRANSPARENTCOLOR + 1):
+ value = cirrus_vga_read_gr(s, 0x35);
+ break;
+ case (CIRRUS_MMIO_BLTTRANSPARENTCOLORMASK + 0):
+ value = cirrus_vga_read_gr(s, 0x38);
+ break;
+ case (CIRRUS_MMIO_BLTTRANSPARENTCOLORMASK + 1):
+ value = cirrus_vga_read_gr(s, 0x39);
+ break;
+ case CIRRUS_MMIO_BLTSTATUS:
+ value = cirrus_vga_read_gr(s, 0x31);
+ break;
+ default:
+#ifdef DEBUG_CIRRUS
+ printf("cirrus: mmio read - address 0x%04x\n", address);
+#endif
+ break;
+ }
+
+ return (uint8_t) value;
+}
+
+static void cirrus_mmio_blt_write(CirrusVGAState * s, unsigned address,
+ uint8_t value)
+{
+ switch (address) {
+ case (CIRRUS_MMIO_BLTBGCOLOR + 0):
+ cirrus_vga_write_gr(s, 0x00, value);
+ break;
+ case (CIRRUS_MMIO_BLTBGCOLOR + 1):
+ cirrus_vga_write_gr(s, 0x10, value);
+ break;
+ case (CIRRUS_MMIO_BLTBGCOLOR + 2):
+ cirrus_vga_write_gr(s, 0x12, value);
+ break;
+ case (CIRRUS_MMIO_BLTBGCOLOR + 3):
+ cirrus_vga_write_gr(s, 0x14, value);
+ break;
+ case (CIRRUS_MMIO_BLTFGCOLOR + 0):
+ cirrus_vga_write_gr(s, 0x01, value);
+ break;
+ case (CIRRUS_MMIO_BLTFGCOLOR + 1):
+ cirrus_vga_write_gr(s, 0x11, value);
+ break;
+ case (CIRRUS_MMIO_BLTFGCOLOR + 2):
+ cirrus_vga_write_gr(s, 0x13, value);
+ break;
+ case (CIRRUS_MMIO_BLTFGCOLOR + 3):
+ cirrus_vga_write_gr(s, 0x15, value);
+ break;
+ case (CIRRUS_MMIO_BLTWIDTH + 0):
+ cirrus_vga_write_gr(s, 0x20, value);
+ break;
+ case (CIRRUS_MMIO_BLTWIDTH + 1):
+ cirrus_vga_write_gr(s, 0x21, value);
+ break;
+ case (CIRRUS_MMIO_BLTHEIGHT + 0):
+ cirrus_vga_write_gr(s, 0x22, value);
+ break;
+ case (CIRRUS_MMIO_BLTHEIGHT + 1):
+ cirrus_vga_write_gr(s, 0x23, value);
+ break;
+ case (CIRRUS_MMIO_BLTDESTPITCH + 0):
+ cirrus_vga_write_gr(s, 0x24, value);
+ break;
+ case (CIRRUS_MMIO_BLTDESTPITCH + 1):
+ cirrus_vga_write_gr(s, 0x25, value);
+ break;
+ case (CIRRUS_MMIO_BLTSRCPITCH + 0):
+ cirrus_vga_write_gr(s, 0x26, value);
+ break;
+ case (CIRRUS_MMIO_BLTSRCPITCH + 1):
+ cirrus_vga_write_gr(s, 0x27, value);
+ break;
+ case (CIRRUS_MMIO_BLTDESTADDR + 0):
+ cirrus_vga_write_gr(s, 0x28, value);
+ break;
+ case (CIRRUS_MMIO_BLTDESTADDR + 1):
+ cirrus_vga_write_gr(s, 0x29, value);
+ break;
+ case (CIRRUS_MMIO_BLTDESTADDR + 2):
+ cirrus_vga_write_gr(s, 0x2a, value);
+ break;
+ case (CIRRUS_MMIO_BLTDESTADDR + 3):
+ /* ignored */
+ break;
+ case (CIRRUS_MMIO_BLTSRCADDR + 0):
+ cirrus_vga_write_gr(s, 0x2c, value);
+ break;
+ case (CIRRUS_MMIO_BLTSRCADDR + 1):
+ cirrus_vga_write_gr(s, 0x2d, value);
+ break;
+ case (CIRRUS_MMIO_BLTSRCADDR + 2):
+ cirrus_vga_write_gr(s, 0x2e, value);
+ break;
+ case CIRRUS_MMIO_BLTWRITEMASK:
+ cirrus_vga_write_gr(s, 0x2f, value);
+ break;
+ case CIRRUS_MMIO_BLTMODE:
+ cirrus_vga_write_gr(s, 0x30, value);
+ break;
+ case CIRRUS_MMIO_BLTROP:
+ cirrus_vga_write_gr(s, 0x32, value);
+ break;
+ case CIRRUS_MMIO_BLTMODEEXT:
+ cirrus_vga_write_gr(s, 0x33, value);
+ break;
+ case (CIRRUS_MMIO_BLTTRANSPARENTCOLOR + 0):
+ cirrus_vga_write_gr(s, 0x34, value);
+ break;
+ case (CIRRUS_MMIO_BLTTRANSPARENTCOLOR + 1):
+ cirrus_vga_write_gr(s, 0x35, value);
+ break;
+ case (CIRRUS_MMIO_BLTTRANSPARENTCOLORMASK + 0):
+ cirrus_vga_write_gr(s, 0x38, value);
+ break;
+ case (CIRRUS_MMIO_BLTTRANSPARENTCOLORMASK + 1):
+ cirrus_vga_write_gr(s, 0x39, value);
+ break;
+ case CIRRUS_MMIO_BLTSTATUS:
+ cirrus_vga_write_gr(s, 0x31, value);
+ break;
+ default:
+#ifdef DEBUG_CIRRUS
+ printf("cirrus: mmio write - addr 0x%04x val 0x%02x (ignored)\n",
+ address, value);
+#endif
+ break;
+ }
+}
+
+/***************************************
+ *
+ * write mode 4/5
+ *
+ ***************************************/
+
+static void cirrus_mem_writeb_mode4and5_8bpp(CirrusVGAState * s,
+ unsigned mode,
+ unsigned offset,
+ uint32_t mem_value)
+{
+ int x;
+ unsigned val = mem_value;
+ uint8_t *dst;
+
+ dst = s->vga.vram_ptr + (offset &= s->cirrus_addr_mask);
+ for (x = 0; x < 8; x++) {
+ if (val & 0x80) {
+ *dst = s->cirrus_shadow_gr1;
+ } else if (mode == 5) {
+ *dst = s->cirrus_shadow_gr0;
+ }
+ val <<= 1;
+ dst++;
+ }
+ memory_region_set_dirty(&s->vga.vram, offset, 8);
+}
+
+static void cirrus_mem_writeb_mode4and5_16bpp(CirrusVGAState * s,
+ unsigned mode,
+ unsigned offset,
+ uint32_t mem_value)
+{
+ int x;
+ unsigned val = mem_value;
+ uint8_t *dst;
+
+ dst = s->vga.vram_ptr + (offset &= s->cirrus_addr_mask);
+ for (x = 0; x < 8; x++) {
+ if (val & 0x80) {
+ *dst = s->cirrus_shadow_gr1;
+ *(dst + 1) = s->vga.gr[0x11];
+ } else if (mode == 5) {
+ *dst = s->cirrus_shadow_gr0;
+ *(dst + 1) = s->vga.gr[0x10];
+ }
+ val <<= 1;
+ dst += 2;
+ }
+ memory_region_set_dirty(&s->vga.vram, offset, 16);
+}
+
+/***************************************
+ *
+ * memory access between 0xa0000-0xbffff
+ *
+ ***************************************/
+
+static uint64_t cirrus_vga_mem_read(void *opaque,
+ hwaddr addr,
+ uint32_t size)
+{
+ CirrusVGAState *s = opaque;
+ unsigned bank_index;
+ unsigned bank_offset;
+ uint32_t val;
+
+ if ((s->vga.sr[0x07] & 0x01) == 0) {
+ return vga_mem_readb(&s->vga, addr);
+ }
+
+ if (addr < 0x10000) {
+ /* XXX handle bitblt */
+ /* video memory */
+ bank_index = addr >> 15;
+ bank_offset = addr & 0x7fff;
+ if (bank_offset < s->cirrus_bank_limit[bank_index]) {
+ bank_offset += s->cirrus_bank_base[bank_index];
+ if ((s->vga.gr[0x0B] & 0x14) == 0x14) {
+ bank_offset <<= 4;
+ } else if (s->vga.gr[0x0B] & 0x02) {
+ bank_offset <<= 3;
+ }
+ bank_offset &= s->cirrus_addr_mask;
+ val = *(s->vga.vram_ptr + bank_offset);
+ } else
+ val = 0xff;
+ } else if (addr >= 0x18000 && addr < 0x18100) {
+ /* memory-mapped I/O */
+ val = 0xff;
+ if ((s->vga.sr[0x17] & 0x44) == 0x04) {
+ val = cirrus_mmio_blt_read(s, addr & 0xff);
+ }
+ } else {
+ val = 0xff;
+#ifdef DEBUG_CIRRUS
+ printf("cirrus: mem_readb " TARGET_FMT_plx "\n", addr);
+#endif
+ }
+ return val;
+}
+
+static void cirrus_vga_mem_write(void *opaque,
+ hwaddr addr,
+ uint64_t mem_value,
+ uint32_t size)
+{
+ CirrusVGAState *s = opaque;
+ unsigned bank_index;
+ unsigned bank_offset;
+ unsigned mode;
+
+ if ((s->vga.sr[0x07] & 0x01) == 0) {
+ vga_mem_writeb(&s->vga, addr, mem_value);
+ return;
+ }
+
+ if (addr < 0x10000) {
+ if (s->cirrus_srcptr != s->cirrus_srcptr_end) {
+ /* bitblt */
+ *s->cirrus_srcptr++ = (uint8_t) mem_value;
+ if (s->cirrus_srcptr >= s->cirrus_srcptr_end) {
+ cirrus_bitblt_cputovideo_next(s);
+ }
+ } else {
+ /* video memory */
+ bank_index = addr >> 15;
+ bank_offset = addr & 0x7fff;
+ if (bank_offset < s->cirrus_bank_limit[bank_index]) {
+ bank_offset += s->cirrus_bank_base[bank_index];
+ if ((s->vga.gr[0x0B] & 0x14) == 0x14) {
+ bank_offset <<= 4;
+ } else if (s->vga.gr[0x0B] & 0x02) {
+ bank_offset <<= 3;
+ }
+ bank_offset &= s->cirrus_addr_mask;
+ mode = s->vga.gr[0x05] & 0x7;
+ if (mode < 4 || mode > 5 || ((s->vga.gr[0x0B] & 0x4) == 0)) {
+ *(s->vga.vram_ptr + bank_offset) = mem_value;
+ memory_region_set_dirty(&s->vga.vram, bank_offset,
+ sizeof(mem_value));
+ } else {
+ if ((s->vga.gr[0x0B] & 0x14) != 0x14) {
+ cirrus_mem_writeb_mode4and5_8bpp(s, mode,
+ bank_offset,
+ mem_value);
+ } else {
+ cirrus_mem_writeb_mode4and5_16bpp(s, mode,
+ bank_offset,
+ mem_value);
+ }
+ }
+ }
+ }
+ } else if (addr >= 0x18000 && addr < 0x18100) {
+ /* memory-mapped I/O */
+ if ((s->vga.sr[0x17] & 0x44) == 0x04) {
+ cirrus_mmio_blt_write(s, addr & 0xff, mem_value);
+ }
+ } else {
+#ifdef DEBUG_CIRRUS
+ printf("cirrus: mem_writeb " TARGET_FMT_plx " value %02x\n", addr,
+ mem_value);
+#endif
+ }
+}
+
+static const MemoryRegionOps cirrus_vga_mem_ops = {
+ .read = cirrus_vga_mem_read,
+ .write = cirrus_vga_mem_write,
+ .endianness = DEVICE_LITTLE_ENDIAN,
+ .impl = {
+ .min_access_size = 1,
+ .max_access_size = 1,
+ },
+};
+
+/***************************************
+ *
+ * hardware cursor
+ *
+ ***************************************/
+
+static inline void invalidate_cursor1(CirrusVGAState *s)
+{
+ if (s->last_hw_cursor_size) {
+ vga_invalidate_scanlines(&s->vga,
+ s->last_hw_cursor_y + s->last_hw_cursor_y_start,
+ s->last_hw_cursor_y + s->last_hw_cursor_y_end);
+ }
+}
+
+static inline void cirrus_cursor_compute_yrange(CirrusVGAState *s)
+{
+ const uint8_t *src;
+ uint32_t content;
+ int y, y_min, y_max;
+
+ src = s->vga.vram_ptr + s->real_vram_size - 16 * 1024;
+ if (s->vga.sr[0x12] & CIRRUS_CURSOR_LARGE) {
+ src += (s->vga.sr[0x13] & 0x3c) * 256;
+ y_min = 64;
+ y_max = -1;
+ for(y = 0; y < 64; y++) {
+ content = ((uint32_t *)src)[0] |
+ ((uint32_t *)src)[1] |
+ ((uint32_t *)src)[2] |
+ ((uint32_t *)src)[3];
+ if (content) {
+ if (y < y_min)
+ y_min = y;
+ if (y > y_max)
+ y_max = y;
+ }
+ src += 16;
+ }
+ } else {
+ src += (s->vga.sr[0x13] & 0x3f) * 256;
+ y_min = 32;
+ y_max = -1;
+ for(y = 0; y < 32; y++) {
+ content = ((uint32_t *)src)[0] |
+ ((uint32_t *)(src + 128))[0];
+ if (content) {
+ if (y < y_min)
+ y_min = y;
+ if (y > y_max)
+ y_max = y;
+ }
+ src += 4;
+ }
+ }
+ if (y_min > y_max) {
+ s->last_hw_cursor_y_start = 0;
+ s->last_hw_cursor_y_end = 0;
+ } else {
+ s->last_hw_cursor_y_start = y_min;
+ s->last_hw_cursor_y_end = y_max + 1;
+ }
+}
+
+/* NOTE: we do not currently handle the cursor bitmap change, so we
+ update the cursor only if it moves. */
+static void cirrus_cursor_invalidate(VGACommonState *s1)
+{
+ CirrusVGAState *s = container_of(s1, CirrusVGAState, vga);
+ int size;
+
+ if (!(s->vga.sr[0x12] & CIRRUS_CURSOR_SHOW)) {
+ size = 0;
+ } else {
+ if (s->vga.sr[0x12] & CIRRUS_CURSOR_LARGE)
+ size = 64;
+ else
+ size = 32;
+ }
+ /* invalidate last cursor and new cursor if any change */
+ if (s->last_hw_cursor_size != size ||
+ s->last_hw_cursor_x != s->hw_cursor_x ||
+ s->last_hw_cursor_y != s->hw_cursor_y) {
+
+ invalidate_cursor1(s);
+
+ s->last_hw_cursor_size = size;
+ s->last_hw_cursor_x = s->hw_cursor_x;
+ s->last_hw_cursor_y = s->hw_cursor_y;
+ /* compute the real cursor min and max y */
+ cirrus_cursor_compute_yrange(s);
+ invalidate_cursor1(s);
+ }
+}
+
+#define DEPTH 8
+#include "cirrus_vga_template.h"
+
+#define DEPTH 16
+#include "cirrus_vga_template.h"
+
+#define DEPTH 32
+#include "cirrus_vga_template.h"
+
+static void cirrus_cursor_draw_line(VGACommonState *s1, uint8_t *d1, int scr_y)
+{
+ CirrusVGAState *s = container_of(s1, CirrusVGAState, vga);
+ DisplaySurface *surface = qemu_console_surface(s->vga.con);
+ int w, h, bpp, x1, x2, poffset;
+ unsigned int color0, color1;
+ const uint8_t *palette, *src;
+ uint32_t content;
+
+ if (!(s->vga.sr[0x12] & CIRRUS_CURSOR_SHOW))
+ return;
+ /* fast test to see if the cursor intersects with the scan line */
+ if (s->vga.sr[0x12] & CIRRUS_CURSOR_LARGE) {
+ h = 64;
+ } else {
+ h = 32;
+ }
+ if (scr_y < s->hw_cursor_y ||
+ scr_y >= (s->hw_cursor_y + h))
+ return;
+
+ src = s->vga.vram_ptr + s->real_vram_size - 16 * 1024;
+ if (s->vga.sr[0x12] & CIRRUS_CURSOR_LARGE) {
+ src += (s->vga.sr[0x13] & 0x3c) * 256;
+ src += (scr_y - s->hw_cursor_y) * 16;
+ poffset = 8;
+ content = ((uint32_t *)src)[0] |
+ ((uint32_t *)src)[1] |
+ ((uint32_t *)src)[2] |
+ ((uint32_t *)src)[3];
+ } else {
+ src += (s->vga.sr[0x13] & 0x3f) * 256;
+ src += (scr_y - s->hw_cursor_y) * 4;
+ poffset = 128;
+ content = ((uint32_t *)src)[0] |
+ ((uint32_t *)(src + 128))[0];
+ }
+ /* if nothing to draw, no need to continue */
+ if (!content)
+ return;
+ w = h;
+
+ x1 = s->hw_cursor_x;
+ if (x1 >= s->vga.last_scr_width)
+ return;
+ x2 = s->hw_cursor_x + w;
+ if (x2 > s->vga.last_scr_width)
+ x2 = s->vga.last_scr_width;
+ w = x2 - x1;
+ palette = s->cirrus_hidden_palette;
+ color0 = s->vga.rgb_to_pixel(c6_to_8(palette[0x0 * 3]),
+ c6_to_8(palette[0x0 * 3 + 1]),
+ c6_to_8(palette[0x0 * 3 + 2]));
+ color1 = s->vga.rgb_to_pixel(c6_to_8(palette[0xf * 3]),
+ c6_to_8(palette[0xf * 3 + 1]),
+ c6_to_8(palette[0xf * 3 + 2]));
+ bpp = surface_bytes_per_pixel(surface);
+ d1 += x1 * bpp;
+ switch (surface_bits_per_pixel(surface)) {
+ default:
+ break;
+ case 8:
+ vga_draw_cursor_line_8(d1, src, poffset, w, color0, color1, 0xff);
+ break;
+ case 15:
+ vga_draw_cursor_line_16(d1, src, poffset, w, color0, color1, 0x7fff);
+ break;
+ case 16:
+ vga_draw_cursor_line_16(d1, src, poffset, w, color0, color1, 0xffff);
+ break;
+ case 32:
+ vga_draw_cursor_line_32(d1, src, poffset, w, color0, color1, 0xffffff);
+ break;
+ }
+}
+
+/***************************************
+ *
+ * LFB memory access
+ *
+ ***************************************/
+
+static uint64_t cirrus_linear_read(void *opaque, hwaddr addr,
+ unsigned size)
+{
+ CirrusVGAState *s = opaque;
+ uint32_t ret;
+
+ addr &= s->cirrus_addr_mask;
+
+ if (((s->vga.sr[0x17] & 0x44) == 0x44) &&
+ ((addr & s->linear_mmio_mask) == s->linear_mmio_mask)) {
+ /* memory-mapped I/O */
+ ret = cirrus_mmio_blt_read(s, addr & 0xff);
+ } else if (0) {
+ /* XXX handle bitblt */
+ ret = 0xff;
+ } else {
+ /* video memory */
+ if ((s->vga.gr[0x0B] & 0x14) == 0x14) {
+ addr <<= 4;
+ } else if (s->vga.gr[0x0B] & 0x02) {
+ addr <<= 3;
+ }
+ addr &= s->cirrus_addr_mask;
+ ret = *(s->vga.vram_ptr + addr);
+ }
+
+ return ret;
+}
+
+static void cirrus_linear_write(void *opaque, hwaddr addr,
+ uint64_t val, unsigned size)
+{
+ CirrusVGAState *s = opaque;
+ unsigned mode;
+
+ addr &= s->cirrus_addr_mask;
+
+ if (((s->vga.sr[0x17] & 0x44) == 0x44) &&
+ ((addr & s->linear_mmio_mask) == s->linear_mmio_mask)) {
+ /* memory-mapped I/O */
+ cirrus_mmio_blt_write(s, addr & 0xff, val);
+ } else if (s->cirrus_srcptr != s->cirrus_srcptr_end) {
+ /* bitblt */
+ *s->cirrus_srcptr++ = (uint8_t) val;
+ if (s->cirrus_srcptr >= s->cirrus_srcptr_end) {
+ cirrus_bitblt_cputovideo_next(s);
+ }
+ } else {
+ /* video memory */
+ if ((s->vga.gr[0x0B] & 0x14) == 0x14) {
+ addr <<= 4;
+ } else if (s->vga.gr[0x0B] & 0x02) {
+ addr <<= 3;
+ }
+ addr &= s->cirrus_addr_mask;
+
+ mode = s->vga.gr[0x05] & 0x7;
+ if (mode < 4 || mode > 5 || ((s->vga.gr[0x0B] & 0x4) == 0)) {
+ *(s->vga.vram_ptr + addr) = (uint8_t) val;
+ memory_region_set_dirty(&s->vga.vram, addr, 1);
+ } else {
+ if ((s->vga.gr[0x0B] & 0x14) != 0x14) {
+ cirrus_mem_writeb_mode4and5_8bpp(s, mode, addr, val);
+ } else {
+ cirrus_mem_writeb_mode4and5_16bpp(s, mode, addr, val);
+ }
+ }
+ }
+}
+
+/***************************************
+ *
+ * system to screen memory access
+ *
+ ***************************************/
+
+
+static uint64_t cirrus_linear_bitblt_read(void *opaque,
+ hwaddr addr,
+ unsigned size)
+{
+ CirrusVGAState *s = opaque;
+ uint32_t ret;
+
+ /* XXX handle bitblt */
+ (void)s;
+ ret = 0xff;
+ return ret;
+}
+
+static void cirrus_linear_bitblt_write(void *opaque,
+ hwaddr addr,
+ uint64_t val,
+ unsigned size)
+{
+ CirrusVGAState *s = opaque;
+
+ if (s->cirrus_srcptr != s->cirrus_srcptr_end) {
+ /* bitblt */
+ *s->cirrus_srcptr++ = (uint8_t) val;
+ if (s->cirrus_srcptr >= s->cirrus_srcptr_end) {
+ cirrus_bitblt_cputovideo_next(s);
+ }
+ }
+}
+
+static const MemoryRegionOps cirrus_linear_bitblt_io_ops = {
+ .read = cirrus_linear_bitblt_read,
+ .write = cirrus_linear_bitblt_write,
+ .endianness = DEVICE_LITTLE_ENDIAN,
+ .impl = {
+ .min_access_size = 1,
+ .max_access_size = 1,
+ },
+};
+
+static void map_linear_vram_bank(CirrusVGAState *s, unsigned bank)
+{
+ MemoryRegion *mr = &s->cirrus_bank[bank];
+ bool enabled = !(s->cirrus_srcptr != s->cirrus_srcptr_end)
+ && !((s->vga.sr[0x07] & 0x01) == 0)
+ && !((s->vga.gr[0x0B] & 0x14) == 0x14)
+ && !(s->vga.gr[0x0B] & 0x02);
+
+ memory_region_set_enabled(mr, enabled);
+ memory_region_set_alias_offset(mr, s->cirrus_bank_base[bank]);
+}
+
+static void map_linear_vram(CirrusVGAState *s)
+{
+ if (s->bustype == CIRRUS_BUSTYPE_PCI && !s->linear_vram) {
+ s->linear_vram = true;
+ memory_region_add_subregion_overlap(&s->pci_bar, 0, &s->vga.vram, 1);
+ }
+ map_linear_vram_bank(s, 0);
+ map_linear_vram_bank(s, 1);
+}
+
+static void unmap_linear_vram(CirrusVGAState *s)
+{
+ if (s->bustype == CIRRUS_BUSTYPE_PCI && s->linear_vram) {
+ s->linear_vram = false;
+ memory_region_del_subregion(&s->pci_bar, &s->vga.vram);
+ }
+ memory_region_set_enabled(&s->cirrus_bank[0], false);
+ memory_region_set_enabled(&s->cirrus_bank[1], false);
+}
+
+/* Compute the memory access functions */
+static void cirrus_update_memory_access(CirrusVGAState *s)
+{
+ unsigned mode;
+
+ memory_region_transaction_begin();
+ if ((s->vga.sr[0x17] & 0x44) == 0x44) {
+ goto generic_io;
+ } else if (s->cirrus_srcptr != s->cirrus_srcptr_end) {
+ goto generic_io;
+ } else {
+ if ((s->vga.gr[0x0B] & 0x14) == 0x14) {
+ goto generic_io;
+ } else if (s->vga.gr[0x0B] & 0x02) {
+ goto generic_io;
+ }
+
+ mode = s->vga.gr[0x05] & 0x7;
+ if (mode < 4 || mode > 5 || ((s->vga.gr[0x0B] & 0x4) == 0)) {
+ map_linear_vram(s);
+ } else {
+ generic_io:
+ unmap_linear_vram(s);
+ }
+ }
+ memory_region_transaction_commit();
+}
+
+
+/* I/O ports */
+
+static uint64_t cirrus_vga_ioport_read(void *opaque, hwaddr addr,
+ unsigned size)
+{
+ CirrusVGAState *c = opaque;
+ VGACommonState *s = &c->vga;
+ int val, index;
+
+ qemu_flush_coalesced_mmio_buffer();
+ addr += 0x3b0;
+
+ if (vga_ioport_invalid(s, addr)) {
+ val = 0xff;
+ } else {
+ switch (addr) {
+ case 0x3c0:
+ if (s->ar_flip_flop == 0) {
+ val = s->ar_index;
+ } else {
+ val = 0;
+ }
+ break;
+ case 0x3c1:
+ index = s->ar_index & 0x1f;
+ if (index < 21)
+ val = s->ar[index];
+ else
+ val = 0;
+ break;
+ case 0x3c2:
+ val = s->st00;
+ break;
+ case 0x3c4:
+ val = s->sr_index;
+ break;
+ case 0x3c5:
+ val = cirrus_vga_read_sr(c);
+ break;
+#ifdef DEBUG_VGA_REG
+ printf("vga: read SR%x = 0x%02x\n", s->sr_index, val);
+#endif
+ break;
+ case 0x3c6:
+ val = cirrus_read_hidden_dac(c);
+ break;
+ case 0x3c7:
+ val = s->dac_state;
+ break;
+ case 0x3c8:
+ val = s->dac_write_index;
+ c->cirrus_hidden_dac_lockindex = 0;
+ break;
+ case 0x3c9:
+ val = cirrus_vga_read_palette(c);
+ break;
+ case 0x3ca:
+ val = s->fcr;
+ break;
+ case 0x3cc:
+ val = s->msr;
+ break;
+ case 0x3ce:
+ val = s->gr_index;
+ break;
+ case 0x3cf:
+ val = cirrus_vga_read_gr(c, s->gr_index);
+#ifdef DEBUG_VGA_REG
+ printf("vga: read GR%x = 0x%02x\n", s->gr_index, val);
+#endif
+ break;
+ case 0x3b4:
+ case 0x3d4:
+ val = s->cr_index;
+ break;
+ case 0x3b5:
+ case 0x3d5:
+ val = cirrus_vga_read_cr(c, s->cr_index);
+#ifdef DEBUG_VGA_REG
+ printf("vga: read CR%x = 0x%02x\n", s->cr_index, val);
+#endif
+ break;
+ case 0x3ba:
+ case 0x3da:
+ /* just toggle to fool polling */
+ val = s->st01 = s->retrace(s);
+ s->ar_flip_flop = 0;
+ break;
+ default:
+ val = 0x00;
+ break;
+ }
+ }
+#if defined(DEBUG_VGA)
+ printf("VGA: read addr=0x%04x data=0x%02x\n", addr, val);
+#endif
+ return val;
+}
+
+static void cirrus_vga_ioport_write(void *opaque, hwaddr addr, uint64_t val,
+ unsigned size)
+{
+ CirrusVGAState *c = opaque;
+ VGACommonState *s = &c->vga;
+ int index;
+
+ qemu_flush_coalesced_mmio_buffer();
+ addr += 0x3b0;
+
+ /* check port range access depending on color/monochrome mode */
+ if (vga_ioport_invalid(s, addr)) {
+ return;
+ }
+#ifdef DEBUG_VGA
+ printf("VGA: write addr=0x%04x data=0x%02x\n", addr, val);
+#endif
+
+ switch (addr) {
+ case 0x3c0:
+ if (s->ar_flip_flop == 0) {
+ val &= 0x3f;
+ s->ar_index = val;
+ } else {
+ index = s->ar_index & 0x1f;
+ switch (index) {
+ case 0x00 ... 0x0f:
+ s->ar[index] = val & 0x3f;
+ break;
+ case 0x10:
+ s->ar[index] = val & ~0x10;
+ break;
+ case 0x11:
+ s->ar[index] = val;
+ break;
+ case 0x12:
+ s->ar[index] = val & ~0xc0;
+ break;
+ case 0x13:
+ s->ar[index] = val & ~0xf0;
+ break;
+ case 0x14:
+ s->ar[index] = val & ~0xf0;
+ break;
+ default:
+ break;
+ }
+ }
+ s->ar_flip_flop ^= 1;
+ break;
+ case 0x3c2:
+ s->msr = val & ~0x10;
+ s->update_retrace_info(s);
+ break;
+ case 0x3c4:
+ s->sr_index = val;
+ break;
+ case 0x3c5:
+#ifdef DEBUG_VGA_REG
+ printf("vga: write SR%x = 0x%02x\n", s->sr_index, val);
+#endif
+ cirrus_vga_write_sr(c, val);
+ break;
+ case 0x3c6:
+ cirrus_write_hidden_dac(c, val);
+ break;
+ case 0x3c7:
+ s->dac_read_index = val;
+ s->dac_sub_index = 0;
+ s->dac_state = 3;
+ break;
+ case 0x3c8:
+ s->dac_write_index = val;
+ s->dac_sub_index = 0;
+ s->dac_state = 0;
+ break;
+ case 0x3c9:
+ cirrus_vga_write_palette(c, val);
+ break;
+ case 0x3ce:
+ s->gr_index = val;
+ break;
+ case 0x3cf:
+#ifdef DEBUG_VGA_REG
+ printf("vga: write GR%x = 0x%02x\n", s->gr_index, val);
+#endif
+ cirrus_vga_write_gr(c, s->gr_index, val);
+ break;
+ case 0x3b4:
+ case 0x3d4:
+ s->cr_index = val;
+ break;
+ case 0x3b5:
+ case 0x3d5:
+#ifdef DEBUG_VGA_REG
+ printf("vga: write CR%x = 0x%02x\n", s->cr_index, val);
+#endif
+ cirrus_vga_write_cr(c, val);
+ break;
+ case 0x3ba:
+ case 0x3da:
+ s->fcr = val & 0x10;
+ break;
+ }
+}
+
+/***************************************
+ *
+ * memory-mapped I/O access
+ *
+ ***************************************/
+
+static uint64_t cirrus_mmio_read(void *opaque, hwaddr addr,
+ unsigned size)
+{
+ CirrusVGAState *s = opaque;
+
+ if (addr >= 0x100) {
+ return cirrus_mmio_blt_read(s, addr - 0x100);
+ } else {
+ return cirrus_vga_ioport_read(s, addr + 0x10, size);
+ }
+}
+
+static void cirrus_mmio_write(void *opaque, hwaddr addr,
+ uint64_t val, unsigned size)
+{
+ CirrusVGAState *s = opaque;
+
+ if (addr >= 0x100) {
+ cirrus_mmio_blt_write(s, addr - 0x100, val);
+ } else {
+ cirrus_vga_ioport_write(s, addr + 0x10, val, size);
+ }
+}
+
+static const MemoryRegionOps cirrus_mmio_io_ops = {
+ .read = cirrus_mmio_read,
+ .write = cirrus_mmio_write,
+ .endianness = DEVICE_LITTLE_ENDIAN,
+ .impl = {
+ .min_access_size = 1,
+ .max_access_size = 1,
+ },
+};
+
+/* load/save state */
+
+static int cirrus_post_load(void *opaque, int version_id)
+{
+ CirrusVGAState *s = opaque;
+
+ s->vga.gr[0x00] = s->cirrus_shadow_gr0 & 0x0f;
+ s->vga.gr[0x01] = s->cirrus_shadow_gr1 & 0x0f;
+
+ cirrus_update_memory_access(s);
+ /* force refresh */
+ s->vga.graphic_mode = -1;
+ cirrus_update_bank_ptr(s, 0);
+ cirrus_update_bank_ptr(s, 1);
+ return 0;
+}
+
+static const VMStateDescription vmstate_cirrus_vga = {
+ .name = "cirrus_vga",
+ .version_id = 2,
+ .minimum_version_id = 1,
+ .minimum_version_id_old = 1,
+ .post_load = cirrus_post_load,
+ .fields = (VMStateField []) {
+ VMSTATE_UINT32(vga.latch, CirrusVGAState),
+ VMSTATE_UINT8(vga.sr_index, CirrusVGAState),
+ VMSTATE_BUFFER(vga.sr, CirrusVGAState),
+ VMSTATE_UINT8(vga.gr_index, CirrusVGAState),
+ VMSTATE_UINT8(cirrus_shadow_gr0, CirrusVGAState),
+ VMSTATE_UINT8(cirrus_shadow_gr1, CirrusVGAState),
+ VMSTATE_BUFFER_START_MIDDLE(vga.gr, CirrusVGAState, 2),
+ VMSTATE_UINT8(vga.ar_index, CirrusVGAState),
+ VMSTATE_BUFFER(vga.ar, CirrusVGAState),
+ VMSTATE_INT32(vga.ar_flip_flop, CirrusVGAState),
+ VMSTATE_UINT8(vga.cr_index, CirrusVGAState),
+ VMSTATE_BUFFER(vga.cr, CirrusVGAState),
+ VMSTATE_UINT8(vga.msr, CirrusVGAState),
+ VMSTATE_UINT8(vga.fcr, CirrusVGAState),
+ VMSTATE_UINT8(vga.st00, CirrusVGAState),
+ VMSTATE_UINT8(vga.st01, CirrusVGAState),
+ VMSTATE_UINT8(vga.dac_state, CirrusVGAState),
+ VMSTATE_UINT8(vga.dac_sub_index, CirrusVGAState),
+ VMSTATE_UINT8(vga.dac_read_index, CirrusVGAState),
+ VMSTATE_UINT8(vga.dac_write_index, CirrusVGAState),
+ VMSTATE_BUFFER(vga.dac_cache, CirrusVGAState),
+ VMSTATE_BUFFER(vga.palette, CirrusVGAState),
+ VMSTATE_INT32(vga.bank_offset, CirrusVGAState),
+ VMSTATE_UINT8(cirrus_hidden_dac_lockindex, CirrusVGAState),
+ VMSTATE_UINT8(cirrus_hidden_dac_data, CirrusVGAState),
+ VMSTATE_UINT32(hw_cursor_x, CirrusVGAState),
+ VMSTATE_UINT32(hw_cursor_y, CirrusVGAState),
+ /* XXX: we do not save the bitblt state - we assume we do not save
+ the state when the blitter is active */
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+static const VMStateDescription vmstate_pci_cirrus_vga = {
+ .name = "cirrus_vga",
+ .version_id = 2,
+ .minimum_version_id = 2,
+ .minimum_version_id_old = 2,
+ .fields = (VMStateField []) {
+ VMSTATE_PCI_DEVICE(dev, PCICirrusVGAState),
+ VMSTATE_STRUCT(cirrus_vga, PCICirrusVGAState, 0,
+ vmstate_cirrus_vga, CirrusVGAState),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+/***************************************
+ *
+ * initialize
+ *
+ ***************************************/
+
+static void cirrus_reset(void *opaque)
+{
+ CirrusVGAState *s = opaque;
+
+ vga_common_reset(&s->vga);
+ unmap_linear_vram(s);
+ s->vga.sr[0x06] = 0x0f;
+ if (s->device_id == CIRRUS_ID_CLGD5446) {
+ /* 4MB 64 bit memory config, always PCI */
+ s->vga.sr[0x1F] = 0x2d; // MemClock
+ s->vga.gr[0x18] = 0x0f; // fastest memory configuration
+ s->vga.sr[0x0f] = 0x98;
+ s->vga.sr[0x17] = 0x20;
+ s->vga.sr[0x15] = 0x04; /* memory size, 3=2MB, 4=4MB */
+ } else {
+ s->vga.sr[0x1F] = 0x22; // MemClock
+ s->vga.sr[0x0F] = CIRRUS_MEMSIZE_2M;
+ s->vga.sr[0x17] = s->bustype;
+ s->vga.sr[0x15] = 0x03; /* memory size, 3=2MB, 4=4MB */
+ }
+ s->vga.cr[0x27] = s->device_id;
+
+ s->cirrus_hidden_dac_lockindex = 5;
+ s->cirrus_hidden_dac_data = 0;
+}
+
+static const MemoryRegionOps cirrus_linear_io_ops = {
+ .read = cirrus_linear_read,
+ .write = cirrus_linear_write,
+ .endianness = DEVICE_LITTLE_ENDIAN,
+ .impl = {
+ .min_access_size = 1,
+ .max_access_size = 1,
+ },
+};
+
+static const MemoryRegionOps cirrus_vga_io_ops = {
+ .read = cirrus_vga_ioport_read,
+ .write = cirrus_vga_ioport_write,
+ .endianness = DEVICE_LITTLE_ENDIAN,
+ .impl = {
+ .min_access_size = 1,
+ .max_access_size = 1,
+ },
+};
+
+static void cirrus_init_common(CirrusVGAState *s, Object *owner,
+ int device_id, int is_pci,
+ MemoryRegion *system_memory,
+ MemoryRegion *system_io)
+{
+ int i;
+ static int inited;
+
+ if (!inited) {
+ inited = 1;
+ for(i = 0;i < 256; i++)
+ rop_to_index[i] = CIRRUS_ROP_NOP_INDEX; /* nop rop */
+ rop_to_index[CIRRUS_ROP_0] = 0;
+ rop_to_index[CIRRUS_ROP_SRC_AND_DST] = 1;
+ rop_to_index[CIRRUS_ROP_NOP] = 2;
+ rop_to_index[CIRRUS_ROP_SRC_AND_NOTDST] = 3;
+ rop_to_index[CIRRUS_ROP_NOTDST] = 4;
+ rop_to_index[CIRRUS_ROP_SRC] = 5;
+ rop_to_index[CIRRUS_ROP_1] = 6;
+ rop_to_index[CIRRUS_ROP_NOTSRC_AND_DST] = 7;
+ rop_to_index[CIRRUS_ROP_SRC_XOR_DST] = 8;
+ rop_to_index[CIRRUS_ROP_SRC_OR_DST] = 9;
+ rop_to_index[CIRRUS_ROP_NOTSRC_OR_NOTDST] = 10;
+ rop_to_index[CIRRUS_ROP_SRC_NOTXOR_DST] = 11;
+ rop_to_index[CIRRUS_ROP_SRC_OR_NOTDST] = 12;
+ rop_to_index[CIRRUS_ROP_NOTSRC] = 13;
+ rop_to_index[CIRRUS_ROP_NOTSRC_OR_DST] = 14;
+ rop_to_index[CIRRUS_ROP_NOTSRC_AND_NOTDST] = 15;
+ s->device_id = device_id;
+ if (is_pci)
+ s->bustype = CIRRUS_BUSTYPE_PCI;
+ else
+ s->bustype = CIRRUS_BUSTYPE_ISA;
+ }
+
+ /* Register ioport 0x3b0 - 0x3df */
+ memory_region_init_io(&s->cirrus_vga_io, owner, &cirrus_vga_io_ops, s,
+ "cirrus-io", 0x30);
+ memory_region_add_subregion(system_io, 0x3b0, &s->cirrus_vga_io);
+
+ memory_region_init(&s->low_mem_container, owner,
+ "cirrus-lowmem-container",
+ 0x20000);
+
+ memory_region_init_io(&s->low_mem, owner, &cirrus_vga_mem_ops, s,
+ "cirrus-low-memory", 0x20000);
+ memory_region_add_subregion(&s->low_mem_container, 0, &s->low_mem);
+ for (i = 0; i < 2; ++i) {
+ static const char *names[] = { "vga.bank0", "vga.bank1" };
+ MemoryRegion *bank = &s->cirrus_bank[i];
+ memory_region_init_alias(bank, owner, names[i], &s->vga.vram,
+ 0, 0x8000);
+ memory_region_set_enabled(bank, false);
+ memory_region_add_subregion_overlap(&s->low_mem_container, i * 0x8000,
+ bank, 1);
+ }
+ memory_region_add_subregion_overlap(system_memory,
+ isa_mem_base + 0x000a0000,
+ &s->low_mem_container,
+ 1);
+ memory_region_set_coalescing(&s->low_mem);
+
+ /* I/O handler for LFB */
+ memory_region_init_io(&s->cirrus_linear_io, owner, &cirrus_linear_io_ops, s,
+ "cirrus-linear-io", s->vga.vram_size_mb
+ * 1024 * 1024);
+ memory_region_set_flush_coalesced(&s->cirrus_linear_io);
+
+ /* I/O handler for LFB */
+ memory_region_init_io(&s->cirrus_linear_bitblt_io, owner,
+ &cirrus_linear_bitblt_io_ops,
+ s,
+ "cirrus-bitblt-mmio",
+ 0x400000);
+ memory_region_set_flush_coalesced(&s->cirrus_linear_bitblt_io);
+
+ /* I/O handler for memory-mapped I/O */
+ memory_region_init_io(&s->cirrus_mmio_io, owner, &cirrus_mmio_io_ops, s,
+ "cirrus-mmio", CIRRUS_PNPMMIO_SIZE);
+ memory_region_set_flush_coalesced(&s->cirrus_mmio_io);
+
+ s->real_vram_size =
+ (s->device_id == CIRRUS_ID_CLGD5446) ? 4096 * 1024 : 2048 * 1024;
+
+ /* XXX: s->vga.vram_size must be a power of two */
+ s->cirrus_addr_mask = s->real_vram_size - 1;
+ s->linear_mmio_mask = s->real_vram_size - 256;
+
+ s->vga.get_bpp = cirrus_get_bpp;
+ s->vga.get_offsets = cirrus_get_offsets;
+ s->vga.get_resolution = cirrus_get_resolution;
+ s->vga.cursor_invalidate = cirrus_cursor_invalidate;
+ s->vga.cursor_draw_line = cirrus_cursor_draw_line;
+
+ qemu_register_reset(cirrus_reset, s);
+}
+
+/***************************************
+ *
+ * ISA bus support
+ *
+ ***************************************/
+
+static void isa_cirrus_vga_realizefn(DeviceState *dev, Error **errp)
+{
+ ISADevice *isadev = ISA_DEVICE(dev);
+ ISACirrusVGAState *d = ISA_CIRRUS_VGA(dev);
+ VGACommonState *s = &d->cirrus_vga.vga;
+
+ vga_common_init(s, OBJECT(dev));
+ cirrus_init_common(&d->cirrus_vga, OBJECT(dev), CIRRUS_ID_CLGD5430, 0,
+ isa_address_space(isadev),
+ isa_address_space_io(isadev));
+ s->con = graphic_console_init(dev, s->hw_ops, s);
+ rom_add_vga(VGABIOS_CIRRUS_FILENAME);
+ /* XXX ISA-LFB support */
+ /* FIXME not qdev yet */
+}
+
+static Property isa_cirrus_vga_properties[] = {
+ DEFINE_PROP_UINT32("vgamem_mb", struct ISACirrusVGAState,
+ cirrus_vga.vga.vram_size_mb, 8),
+ DEFINE_PROP_END_OF_LIST(),
+};
+
+static void isa_cirrus_vga_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+
+ dc->vmsd = &vmstate_cirrus_vga;
+ dc->realize = isa_cirrus_vga_realizefn;
+ dc->props = isa_cirrus_vga_properties;
+ set_bit(DEVICE_CATEGORY_DISPLAY, dc->categories);
+}
+
+static const TypeInfo isa_cirrus_vga_info = {
+ .name = TYPE_ISA_CIRRUS_VGA,
+ .parent = TYPE_ISA_DEVICE,
+ .instance_size = sizeof(ISACirrusVGAState),
+ .class_init = isa_cirrus_vga_class_init,
+};
+
+/***************************************
+ *
+ * PCI bus support
+ *
+ ***************************************/
+
+static int pci_cirrus_vga_initfn(PCIDevice *dev)
+{
+ PCICirrusVGAState *d = DO_UPCAST(PCICirrusVGAState, dev, dev);
+ CirrusVGAState *s = &d->cirrus_vga;
+ PCIDeviceClass *pc = PCI_DEVICE_GET_CLASS(dev);
+ int16_t device_id = pc->device_id;
+
+ /* setup VGA */
+ vga_common_init(&s->vga, OBJECT(dev));
+ cirrus_init_common(s, OBJECT(dev), device_id, 1, pci_address_space(dev),
+ pci_address_space_io(dev));
+ s->vga.con = graphic_console_init(DEVICE(dev), s->vga.hw_ops, &s->vga);
+
+ /* setup PCI */
+
+ memory_region_init(&s->pci_bar, OBJECT(dev), "cirrus-pci-bar0", 0x2000000);
+
+ /* XXX: add byte swapping apertures */
+ memory_region_add_subregion(&s->pci_bar, 0, &s->cirrus_linear_io);
+ memory_region_add_subregion(&s->pci_bar, 0x1000000,
+ &s->cirrus_linear_bitblt_io);
+
+ /* setup memory space */
+ /* memory #0 LFB */
+ /* memory #1 memory-mapped I/O */
+ /* XXX: s->vga.vram_size must be a power of two */
+ pci_register_bar(&d->dev, 0, PCI_BASE_ADDRESS_MEM_PREFETCH, &s->pci_bar);
+ if (device_id == CIRRUS_ID_CLGD5446) {
+ pci_register_bar(&d->dev, 1, 0, &s->cirrus_mmio_io);
+ }
+ return 0;
+}
+
+static Property pci_vga_cirrus_properties[] = {
+ DEFINE_PROP_UINT32("vgamem_mb", struct PCICirrusVGAState,
+ cirrus_vga.vga.vram_size_mb, 8),
+ DEFINE_PROP_END_OF_LIST(),
+};
+
+static void cirrus_vga_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ PCIDeviceClass *k = PCI_DEVICE_CLASS(klass);
+
+ k->no_hotplug = 1;
+ k->init = pci_cirrus_vga_initfn;
+ k->romfile = VGABIOS_CIRRUS_FILENAME;
+ k->vendor_id = PCI_VENDOR_ID_CIRRUS;
+ k->device_id = CIRRUS_ID_CLGD5446;
+ k->class_id = PCI_CLASS_DISPLAY_VGA;
+ set_bit(DEVICE_CATEGORY_DISPLAY, dc->categories);
+ dc->desc = "Cirrus CLGD 54xx VGA";
+ dc->vmsd = &vmstate_pci_cirrus_vga;
+ dc->props = pci_vga_cirrus_properties;
+}
+
+static const TypeInfo cirrus_vga_info = {
+ .name = "cirrus-vga",
+ .parent = TYPE_PCI_DEVICE,
+ .instance_size = sizeof(PCICirrusVGAState),
+ .class_init = cirrus_vga_class_init,
+};
+
+static void cirrus_vga_register_types(void)
+{
+ type_register_static(&isa_cirrus_vga_info);
+ type_register_static(&cirrus_vga_info);
+}
+
+type_init(cirrus_vga_register_types)
diff --git a/hw/cirrus_vga_rop.h b/hw/display/cirrus_vga_rop.h
index 9c7bb0928..9c7bb0928 100644
--- a/hw/cirrus_vga_rop.h
+++ b/hw/display/cirrus_vga_rop.h
diff --git a/hw/cirrus_vga_rop2.h b/hw/display/cirrus_vga_rop2.h
index d28bcc6f2..d28bcc6f2 100644
--- a/hw/cirrus_vga_rop2.h
+++ b/hw/display/cirrus_vga_rop2.h
diff --git a/hw/cirrus_vga_template.h b/hw/display/cirrus_vga_template.h
index 3b2828058..3b2828058 100644
--- a/hw/cirrus_vga_template.h
+++ b/hw/display/cirrus_vga_template.h
diff --git a/hw/display/exynos4210_fimd.c b/hw/display/exynos4210_fimd.c
new file mode 100644
index 000000000..65cca1d70
--- /dev/null
+++ b/hw/display/exynos4210_fimd.c
@@ -0,0 +1,1947 @@
+/*
+ * Samsung exynos4210 Display Controller (FIMD)
+ *
+ * Copyright (c) 2000 - 2011 Samsung Electronics Co., Ltd.
+ * All rights reserved.
+ * Based on LCD controller for Samsung S5PC1xx-based board emulation
+ * by Kirill Batuzov <batuzovk@ispras.ru>
+ *
+ * Contributed by Mitsyanko Igor <i.mitsyanko@samsung.com>
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+ * See the GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "qemu-common.h"
+#include "hw/sysbus.h"
+#include "ui/console.h"
+#include "ui/pixel_ops.h"
+#include "qemu/bswap.h"
+
+/* Debug messages configuration */
+#define EXYNOS4210_FIMD_DEBUG 0
+#define EXYNOS4210_FIMD_MODE_TRACE 0
+
+#if EXYNOS4210_FIMD_DEBUG == 0
+ #define DPRINT_L1(fmt, args...) do { } while (0)
+ #define DPRINT_L2(fmt, args...) do { } while (0)
+ #define DPRINT_ERROR(fmt, args...) do { } while (0)
+#elif EXYNOS4210_FIMD_DEBUG == 1
+ #define DPRINT_L1(fmt, args...) \
+ do {fprintf(stderr, "QEMU FIMD: "fmt, ## args); } while (0)
+ #define DPRINT_L2(fmt, args...) do { } while (0)
+ #define DPRINT_ERROR(fmt, args...) \
+ do {fprintf(stderr, "QEMU FIMD ERROR: "fmt, ## args); } while (0)
+#else
+ #define DPRINT_L1(fmt, args...) \
+ do {fprintf(stderr, "QEMU FIMD: "fmt, ## args); } while (0)
+ #define DPRINT_L2(fmt, args...) \
+ do {fprintf(stderr, "QEMU FIMD: "fmt, ## args); } while (0)
+ #define DPRINT_ERROR(fmt, args...) \
+ do {fprintf(stderr, "QEMU FIMD ERROR: "fmt, ## args); } while (0)
+#endif
+
+#if EXYNOS4210_FIMD_MODE_TRACE == 0
+ #define DPRINT_TRACE(fmt, args...) do { } while (0)
+#else
+ #define DPRINT_TRACE(fmt, args...) \
+ do {fprintf(stderr, "QEMU FIMD: "fmt, ## args); } while (0)
+#endif
+
+#define NUM_OF_WINDOWS 5
+#define FIMD_REGS_SIZE 0x4114
+
+/* Video main control registers */
+#define FIMD_VIDCON0 0x0000
+#define FIMD_VIDCON1 0x0004
+#define FIMD_VIDCON2 0x0008
+#define FIMD_VIDCON3 0x000C
+#define FIMD_VIDCON0_ENVID_F (1 << 0)
+#define FIMD_VIDCON0_ENVID (1 << 1)
+#define FIMD_VIDCON0_ENVID_MASK ((1 << 0) | (1 << 1))
+#define FIMD_VIDCON1_ROMASK 0x07FFE000
+
+/* Video time control registers */
+#define FIMD_VIDTCON_START 0x10
+#define FIMD_VIDTCON_END 0x1C
+#define FIMD_VIDTCON2_SIZE_MASK 0x07FF
+#define FIMD_VIDTCON2_HOR_SHIFT 0
+#define FIMD_VIDTCON2_VER_SHIFT 11
+
+/* Window control registers */
+#define FIMD_WINCON_START 0x0020
+#define FIMD_WINCON_END 0x0030
+#define FIMD_WINCON_ROMASK 0x82200000
+#define FIMD_WINCON_ENWIN (1 << 0)
+#define FIMD_WINCON_BLD_PIX (1 << 6)
+#define FIMD_WINCON_ALPHA_MUL (1 << 7)
+#define FIMD_WINCON_ALPHA_SEL (1 << 1)
+#define FIMD_WINCON_SWAP 0x078000
+#define FIMD_WINCON_SWAP_SHIFT 15
+#define FIMD_WINCON_SWAP_WORD 0x1
+#define FIMD_WINCON_SWAP_HWORD 0x2
+#define FIMD_WINCON_SWAP_BYTE 0x4
+#define FIMD_WINCON_SWAP_BITS 0x8
+#define FIMD_WINCON_BUFSTAT_L (1 << 21)
+#define FIMD_WINCON_BUFSTAT_H (1 << 31)
+#define FIMD_WINCON_BUFSTATUS ((1 << 21) | (1 << 31))
+#define FIMD_WINCON_BUF0_STAT ((0 << 21) | (0 << 31))
+#define FIMD_WINCON_BUF1_STAT ((1 << 21) | (0 << 31))
+#define FIMD_WINCON_BUF2_STAT ((0 << 21) | (1 << 31))
+#define FIMD_WINCON_BUFSELECT ((1 << 20) | (1 << 30))
+#define FIMD_WINCON_BUF0_SEL ((0 << 20) | (0 << 30))
+#define FIMD_WINCON_BUF1_SEL ((1 << 20) | (0 << 30))
+#define FIMD_WINCON_BUF2_SEL ((0 << 20) | (1 << 30))
+#define FIMD_WINCON_BUFMODE (1 << 14)
+#define IS_PALETTIZED_MODE(w) (w->wincon & 0xC)
+#define PAL_MODE_WITH_ALPHA(x) ((x) == 7)
+#define WIN_BPP_MODE(w) ((w->wincon >> 2) & 0xF)
+#define WIN_BPP_MODE_WITH_ALPHA(w) \
+ (WIN_BPP_MODE(w) == 0xD || WIN_BPP_MODE(w) == 0xE)
+
+/* Shadow control register */
+#define FIMD_SHADOWCON 0x0034
+#define FIMD_WINDOW_PROTECTED(s, w) ((s) & (1 << (10 + (w))))
+/* Channel mapping control register */
+#define FIMD_WINCHMAP 0x003C
+
+/* Window position control registers */
+#define FIMD_VIDOSD_START 0x0040
+#define FIMD_VIDOSD_END 0x0088
+#define FIMD_VIDOSD_COORD_MASK 0x07FF
+#define FIMD_VIDOSD_HOR_SHIFT 11
+#define FIMD_VIDOSD_VER_SHIFT 0
+#define FIMD_VIDOSD_ALPHA_AEN0 0xFFF000
+#define FIMD_VIDOSD_AEN0_SHIFT 12
+#define FIMD_VIDOSD_ALPHA_AEN1 0x000FFF
+
+/* Frame buffer address registers */
+#define FIMD_VIDWADD0_START 0x00A0
+#define FIMD_VIDWADD0_END 0x00C4
+#define FIMD_VIDWADD0_END 0x00C4
+#define FIMD_VIDWADD1_START 0x00D0
+#define FIMD_VIDWADD1_END 0x00F4
+#define FIMD_VIDWADD2_START 0x0100
+#define FIMD_VIDWADD2_END 0x0110
+#define FIMD_VIDWADD2_PAGEWIDTH 0x1FFF
+#define FIMD_VIDWADD2_OFFSIZE 0x1FFF
+#define FIMD_VIDWADD2_OFFSIZE_SHIFT 13
+#define FIMD_VIDW0ADD0_B2 0x20A0
+#define FIMD_VIDW4ADD0_B2 0x20C0
+
+/* Video interrupt control registers */
+#define FIMD_VIDINTCON0 0x130
+#define FIMD_VIDINTCON1 0x134
+
+/* Window color key registers */
+#define FIMD_WKEYCON_START 0x140
+#define FIMD_WKEYCON_END 0x15C
+#define FIMD_WKEYCON0_COMPKEY 0x00FFFFFF
+#define FIMD_WKEYCON0_CTL_SHIFT 24
+#define FIMD_WKEYCON0_DIRCON (1 << 24)
+#define FIMD_WKEYCON0_KEYEN (1 << 25)
+#define FIMD_WKEYCON0_KEYBLEN (1 << 26)
+/* Window color key alpha control register */
+#define FIMD_WKEYALPHA_START 0x160
+#define FIMD_WKEYALPHA_END 0x16C
+
+/* Dithering control register */
+#define FIMD_DITHMODE 0x170
+
+/* Window alpha control registers */
+#define FIMD_VIDALPHA_ALPHA_LOWER 0x000F0F0F
+#define FIMD_VIDALPHA_ALPHA_UPPER 0x00F0F0F0
+#define FIMD_VIDWALPHA_START 0x21C
+#define FIMD_VIDWALPHA_END 0x240
+
+/* Window color map registers */
+#define FIMD_WINMAP_START 0x180
+#define FIMD_WINMAP_END 0x190
+#define FIMD_WINMAP_EN (1 << 24)
+#define FIMD_WINMAP_COLOR_MASK 0x00FFFFFF
+
+/* Window palette control registers */
+#define FIMD_WPALCON_HIGH 0x019C
+#define FIMD_WPALCON_LOW 0x01A0
+#define FIMD_WPALCON_UPDATEEN (1 << 9)
+#define FIMD_WPAL_W0PAL_L 0x07
+#define FIMD_WPAL_W0PAL_L_SHT 0
+#define FIMD_WPAL_W1PAL_L 0x07
+#define FIMD_WPAL_W1PAL_L_SHT 3
+#define FIMD_WPAL_W2PAL_L 0x01
+#define FIMD_WPAL_W2PAL_L_SHT 6
+#define FIMD_WPAL_W2PAL_H 0x06
+#define FIMD_WPAL_W2PAL_H_SHT 8
+#define FIMD_WPAL_W3PAL_L 0x01
+#define FIMD_WPAL_W3PAL_L_SHT 7
+#define FIMD_WPAL_W3PAL_H 0x06
+#define FIMD_WPAL_W3PAL_H_SHT 12
+#define FIMD_WPAL_W4PAL_L 0x01
+#define FIMD_WPAL_W4PAL_L_SHT 8
+#define FIMD_WPAL_W4PAL_H 0x06
+#define FIMD_WPAL_W4PAL_H_SHT 16
+
+/* Trigger control registers */
+#define FIMD_TRIGCON 0x01A4
+#define FIMD_TRIGCON_ROMASK 0x00000004
+
+/* LCD I80 Interface Control */
+#define FIMD_I80IFCON_START 0x01B0
+#define FIMD_I80IFCON_END 0x01BC
+/* Color gain control register */
+#define FIMD_COLORGAINCON 0x01C0
+/* LCD i80 Interface Command Control */
+#define FIMD_LDI_CMDCON0 0x01D0
+#define FIMD_LDI_CMDCON1 0x01D4
+/* I80 System Interface Manual Command Control */
+#define FIMD_SIFCCON0 0x01E0
+#define FIMD_SIFCCON2 0x01E8
+
+/* Hue Control Registers */
+#define FIMD_HUECOEFCR_START 0x01EC
+#define FIMD_HUECOEFCR_END 0x01F4
+#define FIMD_HUECOEFCB_START 0x01FC
+#define FIMD_HUECOEFCB_END 0x0208
+#define FIMD_HUEOFFSET 0x020C
+
+/* Video interrupt control registers */
+#define FIMD_VIDINT_INTFIFOPEND (1 << 0)
+#define FIMD_VIDINT_INTFRMPEND (1 << 1)
+#define FIMD_VIDINT_INTI80PEND (1 << 2)
+#define FIMD_VIDINT_INTEN (1 << 0)
+#define FIMD_VIDINT_INTFIFOEN (1 << 1)
+#define FIMD_VIDINT_INTFRMEN (1 << 12)
+#define FIMD_VIDINT_I80IFDONE (1 << 17)
+
+/* Window blend equation control registers */
+#define FIMD_BLENDEQ_START 0x0244
+#define FIMD_BLENDEQ_END 0x0250
+#define FIMD_BLENDCON 0x0260
+#define FIMD_ALPHA_8BIT (1 << 0)
+#define FIMD_BLENDEQ_COEF_MASK 0xF
+
+/* Window RTQOS Control Registers */
+#define FIMD_WRTQOSCON_START 0x0264
+#define FIMD_WRTQOSCON_END 0x0274
+
+/* LCD I80 Interface Command */
+#define FIMD_I80IFCMD_START 0x0280
+#define FIMD_I80IFCMD_END 0x02AC
+
+/* Shadow windows control registers */
+#define FIMD_SHD_ADD0_START 0x40A0
+#define FIMD_SHD_ADD0_END 0x40C0
+#define FIMD_SHD_ADD1_START 0x40D0
+#define FIMD_SHD_ADD1_END 0x40F0
+#define FIMD_SHD_ADD2_START 0x4100
+#define FIMD_SHD_ADD2_END 0x4110
+
+/* Palette memory */
+#define FIMD_PAL_MEM_START 0x2400
+#define FIMD_PAL_MEM_END 0x37FC
+/* Palette memory aliases for windows 0 and 1 */
+#define FIMD_PALMEM_AL_START 0x0400
+#define FIMD_PALMEM_AL_END 0x0BFC
+
+typedef struct {
+ uint8_t r, g, b;
+ /* D[31..24]dummy, D[23..16]rAlpha, D[15..8]gAlpha, D[7..0]bAlpha */
+ uint32_t a;
+} rgba;
+#define RGBA_SIZE 7
+
+typedef void pixel_to_rgb_func(uint32_t pixel, rgba *p);
+typedef struct Exynos4210fimdWindow Exynos4210fimdWindow;
+
+struct Exynos4210fimdWindow {
+ uint32_t wincon; /* Window control register */
+ uint32_t buf_start[3]; /* Start address for video frame buffer */
+ uint32_t buf_end[3]; /* End address for video frame buffer */
+ uint32_t keycon[2]; /* Window color key registers */
+ uint32_t keyalpha; /* Color key alpha control register */
+ uint32_t winmap; /* Window color map register */
+ uint32_t blendeq; /* Window blending equation control register */
+ uint32_t rtqoscon; /* Window RTQOS Control Registers */
+ uint32_t palette[256]; /* Palette RAM */
+ uint32_t shadow_buf_start; /* Start address of shadow frame buffer */
+ uint32_t shadow_buf_end; /* End address of shadow frame buffer */
+ uint32_t shadow_buf_size; /* Virtual shadow screen width */
+
+ pixel_to_rgb_func *pixel_to_rgb;
+ void (*draw_line)(Exynos4210fimdWindow *w, uint8_t *src, uint8_t *dst,
+ bool blend);
+ uint32_t (*get_alpha)(Exynos4210fimdWindow *w, uint32_t pix_a);
+ uint16_t lefttop_x, lefttop_y; /* VIDOSD0 register */
+ uint16_t rightbot_x, rightbot_y; /* VIDOSD1 register */
+ uint32_t osdsize; /* VIDOSD2&3 register */
+ uint32_t alpha_val[2]; /* VIDOSD2&3, VIDWALPHA registers */
+ uint16_t virtpage_width; /* VIDWADD2 register */
+ uint16_t virtpage_offsize; /* VIDWADD2 register */
+ MemoryRegionSection mem_section; /* RAM fragment containing framebuffer */
+ uint8_t *host_fb_addr; /* Host pointer to window's framebuffer */
+ hwaddr fb_len; /* Framebuffer length */
+};
+
+#define TYPE_EXYNOS4210_FIMD "exynos4210.fimd"
+#define EXYNOS4210_FIMD(obj) \
+ OBJECT_CHECK(Exynos4210fimdState, (obj), TYPE_EXYNOS4210_FIMD)
+
+typedef struct {
+ SysBusDevice parent_obj;
+
+ MemoryRegion iomem;
+ QemuConsole *console;
+ qemu_irq irq[3];
+
+ uint32_t vidcon[4]; /* Video main control registers 0-3 */
+ uint32_t vidtcon[4]; /* Video time control registers 0-3 */
+ uint32_t shadowcon; /* Window shadow control register */
+ uint32_t winchmap; /* Channel mapping control register */
+ uint32_t vidintcon[2]; /* Video interrupt control registers */
+ uint32_t dithmode; /* Dithering control register */
+ uint32_t wpalcon[2]; /* Window palette control registers */
+ uint32_t trigcon; /* Trigger control register */
+ uint32_t i80ifcon[4]; /* I80 interface control registers */
+ uint32_t colorgaincon; /* Color gain control register */
+ uint32_t ldi_cmdcon[2]; /* LCD I80 interface command control */
+ uint32_t sifccon[3]; /* I80 System Interface Manual Command Control */
+ uint32_t huecoef_cr[4]; /* Hue control registers */
+ uint32_t huecoef_cb[4]; /* Hue control registers */
+ uint32_t hueoffset; /* Hue offset control register */
+ uint32_t blendcon; /* Blending control register */
+ uint32_t i80ifcmd[12]; /* LCD I80 Interface Command */
+
+ Exynos4210fimdWindow window[5]; /* Window-specific registers */
+ uint8_t *ifb; /* Internal frame buffer */
+ bool invalidate; /* Image needs to be redrawn */
+ bool enabled; /* Display controller is enabled */
+} Exynos4210fimdState;
+
+/* Perform byte/halfword/word swap of data according to WINCON */
+static inline void fimd_swap_data(unsigned int swap_ctl, uint64_t *data)
+{
+ int i;
+ uint64_t res;
+ uint64_t x = *data;
+
+ if (swap_ctl & FIMD_WINCON_SWAP_BITS) {
+ res = 0;
+ for (i = 0; i < 64; i++) {
+ if (x & (1ULL << (64 - i))) {
+ res |= (1ULL << i);
+ }
+ }
+ x = res;
+ }
+
+ if (swap_ctl & FIMD_WINCON_SWAP_BYTE) {
+ x = bswap64(x);
+ }
+
+ if (swap_ctl & FIMD_WINCON_SWAP_HWORD) {
+ x = ((x & 0x000000000000FFFFULL) << 48) |
+ ((x & 0x00000000FFFF0000ULL) << 16) |
+ ((x & 0x0000FFFF00000000ULL) >> 16) |
+ ((x & 0xFFFF000000000000ULL) >> 48);
+ }
+
+ if (swap_ctl & FIMD_WINCON_SWAP_WORD) {
+ x = ((x & 0x00000000FFFFFFFFULL) << 32) |
+ ((x & 0xFFFFFFFF00000000ULL) >> 32);
+ }
+
+ *data = x;
+}
+
+/* Conversion routines of Pixel data from frame buffer area to internal RGBA
+ * pixel representation.
+ * Every color component internally represented as 8-bit value. If original
+ * data has less than 8 bit for component, data is extended to 8 bit. For
+ * example, if blue component has only two possible values 0 and 1 it will be
+ * extended to 0 and 0xFF */
+
+/* One bit for alpha representation */
+#define DEF_PIXEL_TO_RGB_A1(N, R, G, B) \
+static void N(uint32_t pixel, rgba *p) \
+{ \
+ p->b = ((pixel & ((1 << (B)) - 1)) << (8 - (B))) | \
+ ((pixel >> (2 * (B) - 8)) & ((1 << (8 - (B))) - 1)); \
+ pixel >>= (B); \
+ p->g = (pixel & ((1 << (G)) - 1)) << (8 - (G)) | \
+ ((pixel >> (2 * (G) - 8)) & ((1 << (8 - (G))) - 1)); \
+ pixel >>= (G); \
+ p->r = (pixel & ((1 << (R)) - 1)) << (8 - (R)) | \
+ ((pixel >> (2 * (R) - 8)) & ((1 << (8 - (R))) - 1)); \
+ pixel >>= (R); \
+ p->a = (pixel & 0x1); \
+}
+
+DEF_PIXEL_TO_RGB_A1(pixel_a444_to_rgb, 4, 4, 4)
+DEF_PIXEL_TO_RGB_A1(pixel_a555_to_rgb, 5, 5, 5)
+DEF_PIXEL_TO_RGB_A1(pixel_a666_to_rgb, 6, 6, 6)
+DEF_PIXEL_TO_RGB_A1(pixel_a665_to_rgb, 6, 6, 5)
+DEF_PIXEL_TO_RGB_A1(pixel_a888_to_rgb, 8, 8, 8)
+DEF_PIXEL_TO_RGB_A1(pixel_a887_to_rgb, 8, 8, 7)
+
+/* Alpha component is always zero */
+#define DEF_PIXEL_TO_RGB_A0(N, R, G, B) \
+static void N(uint32_t pixel, rgba *p) \
+{ \
+ p->b = ((pixel & ((1 << (B)) - 1)) << (8 - (B))) | \
+ ((pixel >> (2 * (B) - 8)) & ((1 << (8 - (B))) - 1)); \
+ pixel >>= (B); \
+ p->g = (pixel & ((1 << (G)) - 1)) << (8 - (G)) | \
+ ((pixel >> (2 * (G) - 8)) & ((1 << (8 - (G))) - 1)); \
+ pixel >>= (G); \
+ p->r = (pixel & ((1 << (R)) - 1)) << (8 - (R)) | \
+ ((pixel >> (2 * (R) - 8)) & ((1 << (8 - (R))) - 1)); \
+ p->a = 0x0; \
+}
+
+DEF_PIXEL_TO_RGB_A0(pixel_565_to_rgb, 5, 6, 5)
+DEF_PIXEL_TO_RGB_A0(pixel_555_to_rgb, 5, 5, 5)
+DEF_PIXEL_TO_RGB_A0(pixel_666_to_rgb, 6, 6, 6)
+DEF_PIXEL_TO_RGB_A0(pixel_888_to_rgb, 8, 8, 8)
+
+/* Alpha component has some meaningful value */
+#define DEF_PIXEL_TO_RGB_A(N, R, G, B, A) \
+static void N(uint32_t pixel, rgba *p) \
+{ \
+ p->b = ((pixel & ((1 << (B)) - 1)) << (8 - (B))) | \
+ ((pixel >> (2 * (B) - 8)) & ((1 << (8 - (B))) - 1)); \
+ pixel >>= (B); \
+ p->g = (pixel & ((1 << (G)) - 1)) << (8 - (G)) | \
+ ((pixel >> (2 * (G) - 8)) & ((1 << (8 - (G))) - 1)); \
+ pixel >>= (G); \
+ p->r = (pixel & ((1 << (R)) - 1)) << (8 - (R)) | \
+ ((pixel >> (2 * (R) - 8)) & ((1 << (8 - (R))) - 1)); \
+ pixel >>= (R); \
+ p->a = (pixel & ((1 << (A)) - 1)) << (8 - (A)) | \
+ ((pixel >> (2 * (A) - 8)) & ((1 << (8 - (A))) - 1)); \
+ p->a = p->a | (p->a << 8) | (p->a << 16); \
+}
+
+DEF_PIXEL_TO_RGB_A(pixel_4444_to_rgb, 4, 4, 4, 4)
+DEF_PIXEL_TO_RGB_A(pixel_8888_to_rgb, 8, 8, 8, 8)
+
+/* Lookup table to extent 2-bit color component to 8 bit */
+static const uint8_t pixel_lutable_2b[4] = {
+ 0x0, 0x55, 0xAA, 0xFF
+};
+/* Lookup table to extent 3-bit color component to 8 bit */
+static const uint8_t pixel_lutable_3b[8] = {
+ 0x0, 0x24, 0x49, 0x6D, 0x92, 0xB6, 0xDB, 0xFF
+};
+/* Special case for a232 bpp mode */
+static void pixel_a232_to_rgb(uint32_t pixel, rgba *p)
+{
+ p->b = pixel_lutable_2b[(pixel & 0x3)];
+ pixel >>= 2;
+ p->g = pixel_lutable_3b[(pixel & 0x7)];
+ pixel >>= 3;
+ p->r = pixel_lutable_2b[(pixel & 0x3)];
+ pixel >>= 2;
+ p->a = (pixel & 0x1);
+}
+
+/* Special case for (5+1, 5+1, 5+1) mode. Data bit 15 is common LSB
+ * for all three color components */
+static void pixel_1555_to_rgb(uint32_t pixel, rgba *p)
+{
+ uint8_t comm = (pixel >> 15) & 1;
+ p->b = ((((pixel & 0x1F) << 1) | comm) << 2) | ((pixel >> 3) & 0x3);
+ pixel >>= 5;
+ p->g = ((((pixel & 0x1F) << 1) | comm) << 2) | ((pixel >> 3) & 0x3);
+ pixel >>= 5;
+ p->r = ((((pixel & 0x1F) << 1) | comm) << 2) | ((pixel >> 3) & 0x3);
+ p->a = 0x0;
+}
+
+/* Put/get pixel to/from internal LCD Controller framebuffer */
+
+static int put_pixel_ifb(const rgba p, uint8_t *d)
+{
+ *(uint8_t *)d++ = p.r;
+ *(uint8_t *)d++ = p.g;
+ *(uint8_t *)d++ = p.b;
+ *(uint32_t *)d = p.a;
+ return RGBA_SIZE;
+}
+
+static int get_pixel_ifb(const uint8_t *s, rgba *p)
+{
+ p->r = *(uint8_t *)s++;
+ p->g = *(uint8_t *)s++;
+ p->b = *(uint8_t *)s++;
+ p->a = (*(uint32_t *)s) & 0x00FFFFFF;
+ return RGBA_SIZE;
+}
+
+static pixel_to_rgb_func *palette_data_format[8] = {
+ [0] = pixel_565_to_rgb,
+ [1] = pixel_a555_to_rgb,
+ [2] = pixel_666_to_rgb,
+ [3] = pixel_a665_to_rgb,
+ [4] = pixel_a666_to_rgb,
+ [5] = pixel_888_to_rgb,
+ [6] = pixel_a888_to_rgb,
+ [7] = pixel_8888_to_rgb
+};
+
+/* Returns Index in palette data formats table for given window number WINDOW */
+static uint32_t
+exynos4210_fimd_palette_format(Exynos4210fimdState *s, int window)
+{
+ uint32_t ret;
+
+ switch (window) {
+ case 0:
+ ret = (s->wpalcon[1] >> FIMD_WPAL_W0PAL_L_SHT) & FIMD_WPAL_W0PAL_L;
+ if (ret != 7) {
+ ret = 6 - ret;
+ }
+ break;
+ case 1:
+ ret = (s->wpalcon[1] >> FIMD_WPAL_W1PAL_L_SHT) & FIMD_WPAL_W1PAL_L;
+ if (ret != 7) {
+ ret = 6 - ret;
+ }
+ break;
+ case 2:
+ ret = ((s->wpalcon[0] >> FIMD_WPAL_W2PAL_H_SHT) & FIMD_WPAL_W2PAL_H) |
+ ((s->wpalcon[1] >> FIMD_WPAL_W2PAL_L_SHT) & FIMD_WPAL_W2PAL_L);
+ break;
+ case 3:
+ ret = ((s->wpalcon[0] >> FIMD_WPAL_W3PAL_H_SHT) & FIMD_WPAL_W3PAL_H) |
+ ((s->wpalcon[1] >> FIMD_WPAL_W3PAL_L_SHT) & FIMD_WPAL_W3PAL_L);
+ break;
+ case 4:
+ ret = ((s->wpalcon[0] >> FIMD_WPAL_W4PAL_H_SHT) & FIMD_WPAL_W4PAL_H) |
+ ((s->wpalcon[1] >> FIMD_WPAL_W4PAL_L_SHT) & FIMD_WPAL_W4PAL_L);
+ break;
+ default:
+ hw_error("exynos4210.fimd: incorrect window number %d\n", window);
+ ret = 0;
+ break;
+ }
+ return ret;
+}
+
+#define FIMD_1_MINUS_COLOR(x) \
+ ((0xFF - ((x) & 0xFF)) | (0xFF00 - ((x) & 0xFF00)) | \
+ (0xFF0000 - ((x) & 0xFF0000)))
+#define EXTEND_LOWER_HALFBYTE(x) (((x) & 0xF0F0F) | (((x) << 4) & 0xF0F0F0))
+#define EXTEND_UPPER_HALFBYTE(x) (((x) & 0xF0F0F0) | (((x) >> 4) & 0xF0F0F))
+
+/* Multiply three lower bytes of two 32-bit words with each other.
+ * Each byte with values 0-255 is considered as a number with possible values
+ * in a range [0 - 1] */
+static inline uint32_t fimd_mult_each_byte(uint32_t a, uint32_t b)
+{
+ uint32_t tmp;
+ uint32_t ret;
+
+ ret = ((tmp = (((a & 0xFF) * (b & 0xFF)) / 0xFF)) > 0xFF) ? 0xFF : tmp;
+ ret |= ((tmp = ((((a >> 8) & 0xFF) * ((b >> 8) & 0xFF)) / 0xFF)) > 0xFF) ?
+ 0xFF00 : tmp << 8;
+ ret |= ((tmp = ((((a >> 16) & 0xFF) * ((b >> 16) & 0xFF)) / 0xFF)) > 0xFF) ?
+ 0xFF0000 : tmp << 16;
+ return ret;
+}
+
+/* For each corresponding bytes of two 32-bit words: (a*b + c*d)
+ * Byte values 0-255 are mapped to a range [0 .. 1] */
+static inline uint32_t
+fimd_mult_and_sum_each_byte(uint32_t a, uint32_t b, uint32_t c, uint32_t d)
+{
+ uint32_t tmp;
+ uint32_t ret;
+
+ ret = ((tmp = (((a & 0xFF) * (b & 0xFF) + (c & 0xFF) * (d & 0xFF)) / 0xFF))
+ > 0xFF) ? 0xFF : tmp;
+ ret |= ((tmp = ((((a >> 8) & 0xFF) * ((b >> 8) & 0xFF) + ((c >> 8) & 0xFF) *
+ ((d >> 8) & 0xFF)) / 0xFF)) > 0xFF) ? 0xFF00 : tmp << 8;
+ ret |= ((tmp = ((((a >> 16) & 0xFF) * ((b >> 16) & 0xFF) +
+ ((c >> 16) & 0xFF) * ((d >> 16) & 0xFF)) / 0xFF)) > 0xFF) ?
+ 0xFF0000 : tmp << 16;
+ return ret;
+}
+
+/* These routines cover all possible sources of window's transparent factor
+ * used in blending equation. Choice of routine is affected by WPALCON
+ * registers, BLENDCON register and window's WINCON register */
+
+static uint32_t fimd_get_alpha_pix(Exynos4210fimdWindow *w, uint32_t pix_a)
+{
+ return pix_a;
+}
+
+static uint32_t
+fimd_get_alpha_pix_extlow(Exynos4210fimdWindow *w, uint32_t pix_a)
+{
+ return EXTEND_LOWER_HALFBYTE(pix_a);
+}
+
+static uint32_t
+fimd_get_alpha_pix_exthigh(Exynos4210fimdWindow *w, uint32_t pix_a)
+{
+ return EXTEND_UPPER_HALFBYTE(pix_a);
+}
+
+static uint32_t fimd_get_alpha_mult(Exynos4210fimdWindow *w, uint32_t pix_a)
+{
+ return fimd_mult_each_byte(pix_a, w->alpha_val[0]);
+}
+
+static uint32_t fimd_get_alpha_mult_ext(Exynos4210fimdWindow *w, uint32_t pix_a)
+{
+ return fimd_mult_each_byte(EXTEND_LOWER_HALFBYTE(pix_a),
+ EXTEND_UPPER_HALFBYTE(w->alpha_val[0]));
+}
+
+static uint32_t fimd_get_alpha_aen(Exynos4210fimdWindow *w, uint32_t pix_a)
+{
+ return w->alpha_val[pix_a];
+}
+
+static uint32_t fimd_get_alpha_aen_ext(Exynos4210fimdWindow *w, uint32_t pix_a)
+{
+ return EXTEND_UPPER_HALFBYTE(w->alpha_val[pix_a]);
+}
+
+static uint32_t fimd_get_alpha_sel(Exynos4210fimdWindow *w, uint32_t pix_a)
+{
+ return w->alpha_val[(w->wincon & FIMD_WINCON_ALPHA_SEL) ? 1 : 0];
+}
+
+static uint32_t fimd_get_alpha_sel_ext(Exynos4210fimdWindow *w, uint32_t pix_a)
+{
+ return EXTEND_UPPER_HALFBYTE(w->alpha_val[(w->wincon &
+ FIMD_WINCON_ALPHA_SEL) ? 1 : 0]);
+}
+
+/* Updates currently active alpha value get function for specified window */
+static void fimd_update_get_alpha(Exynos4210fimdState *s, int win)
+{
+ Exynos4210fimdWindow *w = &s->window[win];
+ const bool alpha_is_8bit = s->blendcon & FIMD_ALPHA_8BIT;
+
+ if (w->wincon & FIMD_WINCON_BLD_PIX) {
+ if ((w->wincon & FIMD_WINCON_ALPHA_SEL) && WIN_BPP_MODE_WITH_ALPHA(w)) {
+ /* In this case, alpha component contains meaningful value */
+ if (w->wincon & FIMD_WINCON_ALPHA_MUL) {
+ w->get_alpha = alpha_is_8bit ?
+ fimd_get_alpha_mult : fimd_get_alpha_mult_ext;
+ } else {
+ w->get_alpha = alpha_is_8bit ?
+ fimd_get_alpha_pix : fimd_get_alpha_pix_extlow;
+ }
+ } else {
+ if (IS_PALETTIZED_MODE(w) &&
+ PAL_MODE_WITH_ALPHA(exynos4210_fimd_palette_format(s, win))) {
+ /* Alpha component has 8-bit numeric value */
+ w->get_alpha = alpha_is_8bit ?
+ fimd_get_alpha_pix : fimd_get_alpha_pix_exthigh;
+ } else {
+ /* Alpha has only two possible values (AEN) */
+ w->get_alpha = alpha_is_8bit ?
+ fimd_get_alpha_aen : fimd_get_alpha_aen_ext;
+ }
+ }
+ } else {
+ w->get_alpha = alpha_is_8bit ? fimd_get_alpha_sel :
+ fimd_get_alpha_sel_ext;
+ }
+}
+
+/* Blends current window's (w) pixel (foreground pixel *ret) with background
+ * window (w_blend) pixel p_bg according to formula:
+ * NEW_COLOR = a_coef x FG_PIXEL_COLOR + b_coef x BG_PIXEL_COLOR
+ * NEW_ALPHA = p_coef x FG_ALPHA + q_coef x BG_ALPHA
+ */
+static void
+exynos4210_fimd_blend_pixel(Exynos4210fimdWindow *w, rgba p_bg, rgba *ret)
+{
+ rgba p_fg = *ret;
+ uint32_t bg_color = ((p_bg.r & 0xFF) << 16) | ((p_bg.g & 0xFF) << 8) |
+ (p_bg.b & 0xFF);
+ uint32_t fg_color = ((p_fg.r & 0xFF) << 16) | ((p_fg.g & 0xFF) << 8) |
+ (p_fg.b & 0xFF);
+ uint32_t alpha_fg = p_fg.a;
+ int i;
+ /* It is possible that blending equation parameters a and b do not
+ * depend on window BLENEQ register. Account for this with first_coef */
+ enum { A_COEF = 0, B_COEF = 1, P_COEF = 2, Q_COEF = 3, COEF_NUM = 4};
+ uint32_t first_coef = A_COEF;
+ uint32_t blend_param[COEF_NUM];
+
+ if (w->keycon[0] & FIMD_WKEYCON0_KEYEN) {
+ uint32_t colorkey = (w->keycon[1] &
+ ~(w->keycon[0] & FIMD_WKEYCON0_COMPKEY)) & FIMD_WKEYCON0_COMPKEY;
+
+ if ((w->keycon[0] & FIMD_WKEYCON0_DIRCON) &&
+ (bg_color & ~(w->keycon[0] & FIMD_WKEYCON0_COMPKEY)) == colorkey) {
+ /* Foreground pixel is displayed */
+ if (w->keycon[0] & FIMD_WKEYCON0_KEYBLEN) {
+ alpha_fg = w->keyalpha;
+ blend_param[A_COEF] = alpha_fg;
+ blend_param[B_COEF] = FIMD_1_MINUS_COLOR(alpha_fg);
+ } else {
+ alpha_fg = 0;
+ blend_param[A_COEF] = 0xFFFFFF;
+ blend_param[B_COEF] = 0x0;
+ }
+ first_coef = P_COEF;
+ } else if ((w->keycon[0] & FIMD_WKEYCON0_DIRCON) == 0 &&
+ (fg_color & ~(w->keycon[0] & FIMD_WKEYCON0_COMPKEY)) == colorkey) {
+ /* Background pixel is displayed */
+ if (w->keycon[0] & FIMD_WKEYCON0_KEYBLEN) {
+ alpha_fg = w->keyalpha;
+ blend_param[A_COEF] = alpha_fg;
+ blend_param[B_COEF] = FIMD_1_MINUS_COLOR(alpha_fg);
+ } else {
+ alpha_fg = 0;
+ blend_param[A_COEF] = 0x0;
+ blend_param[B_COEF] = 0xFFFFFF;
+ }
+ first_coef = P_COEF;
+ }
+ }
+
+ for (i = first_coef; i < COEF_NUM; i++) {
+ switch ((w->blendeq >> i * 6) & FIMD_BLENDEQ_COEF_MASK) {
+ case 0:
+ blend_param[i] = 0;
+ break;
+ case 1:
+ blend_param[i] = 0xFFFFFF;
+ break;
+ case 2:
+ blend_param[i] = alpha_fg;
+ break;
+ case 3:
+ blend_param[i] = FIMD_1_MINUS_COLOR(alpha_fg);
+ break;
+ case 4:
+ blend_param[i] = p_bg.a;
+ break;
+ case 5:
+ blend_param[i] = FIMD_1_MINUS_COLOR(p_bg.a);
+ break;
+ case 6:
+ blend_param[i] = w->alpha_val[0];
+ break;
+ case 10:
+ blend_param[i] = fg_color;
+ break;
+ case 11:
+ blend_param[i] = FIMD_1_MINUS_COLOR(fg_color);
+ break;
+ case 12:
+ blend_param[i] = bg_color;
+ break;
+ case 13:
+ blend_param[i] = FIMD_1_MINUS_COLOR(bg_color);
+ break;
+ default:
+ hw_error("exynos4210.fimd: blend equation coef illegal value\n");
+ break;
+ }
+ }
+
+ fg_color = fimd_mult_and_sum_each_byte(bg_color, blend_param[B_COEF],
+ fg_color, blend_param[A_COEF]);
+ ret->b = fg_color & 0xFF;
+ fg_color >>= 8;
+ ret->g = fg_color & 0xFF;
+ fg_color >>= 8;
+ ret->r = fg_color & 0xFF;
+ ret->a = fimd_mult_and_sum_each_byte(alpha_fg, blend_param[P_COEF],
+ p_bg.a, blend_param[Q_COEF]);
+}
+
+/* These routines read data from video frame buffer in system RAM, convert
+ * this data to display controller internal representation, if necessary,
+ * perform pixel blending with data, currently presented in internal buffer.
+ * Result is stored in display controller internal frame buffer. */
+
+/* Draw line with index in palette table in RAM frame buffer data */
+#define DEF_DRAW_LINE_PALETTE(N) \
+static void glue(draw_line_palette_, N)(Exynos4210fimdWindow *w, uint8_t *src, \
+ uint8_t *dst, bool blend) \
+{ \
+ int width = w->rightbot_x - w->lefttop_x + 1; \
+ uint8_t *ifb = dst; \
+ uint8_t swap = (w->wincon & FIMD_WINCON_SWAP) >> FIMD_WINCON_SWAP_SHIFT; \
+ uint64_t data; \
+ rgba p, p_old; \
+ int i; \
+ do { \
+ memcpy(&data, src, sizeof(data)); \
+ src += 8; \
+ fimd_swap_data(swap, &data); \
+ for (i = (64 / (N) - 1); i >= 0; i--) { \
+ w->pixel_to_rgb(w->palette[(data >> ((N) * i)) & \
+ ((1ULL << (N)) - 1)], &p); \
+ p.a = w->get_alpha(w, p.a); \
+ if (blend) { \
+ ifb += get_pixel_ifb(ifb, &p_old); \
+ exynos4210_fimd_blend_pixel(w, p_old, &p); \
+ } \
+ dst += put_pixel_ifb(p, dst); \
+ } \
+ width -= (64 / (N)); \
+ } while (width > 0); \
+}
+
+/* Draw line with direct color value in RAM frame buffer data */
+#define DEF_DRAW_LINE_NOPALETTE(N) \
+static void glue(draw_line_, N)(Exynos4210fimdWindow *w, uint8_t *src, \
+ uint8_t *dst, bool blend) \
+{ \
+ int width = w->rightbot_x - w->lefttop_x + 1; \
+ uint8_t *ifb = dst; \
+ uint8_t swap = (w->wincon & FIMD_WINCON_SWAP) >> FIMD_WINCON_SWAP_SHIFT; \
+ uint64_t data; \
+ rgba p, p_old; \
+ int i; \
+ do { \
+ memcpy(&data, src, sizeof(data)); \
+ src += 8; \
+ fimd_swap_data(swap, &data); \
+ for (i = (64 / (N) - 1); i >= 0; i--) { \
+ w->pixel_to_rgb((data >> ((N) * i)) & ((1ULL << (N)) - 1), &p); \
+ p.a = w->get_alpha(w, p.a); \
+ if (blend) { \
+ ifb += get_pixel_ifb(ifb, &p_old); \
+ exynos4210_fimd_blend_pixel(w, p_old, &p); \
+ } \
+ dst += put_pixel_ifb(p, dst); \
+ } \
+ width -= (64 / (N)); \
+ } while (width > 0); \
+}
+
+DEF_DRAW_LINE_PALETTE(1)
+DEF_DRAW_LINE_PALETTE(2)
+DEF_DRAW_LINE_PALETTE(4)
+DEF_DRAW_LINE_PALETTE(8)
+DEF_DRAW_LINE_NOPALETTE(8) /* 8bpp mode has palette and non-palette versions */
+DEF_DRAW_LINE_NOPALETTE(16)
+DEF_DRAW_LINE_NOPALETTE(32)
+
+/* Special draw line routine for window color map case */
+static void draw_line_mapcolor(Exynos4210fimdWindow *w, uint8_t *src,
+ uint8_t *dst, bool blend)
+{
+ rgba p, p_old;
+ uint8_t *ifb = dst;
+ int width = w->rightbot_x - w->lefttop_x + 1;
+ uint32_t map_color = w->winmap & FIMD_WINMAP_COLOR_MASK;
+
+ do {
+ pixel_888_to_rgb(map_color, &p);
+ p.a = w->get_alpha(w, p.a);
+ if (blend) {
+ ifb += get_pixel_ifb(ifb, &p_old);
+ exynos4210_fimd_blend_pixel(w, p_old, &p);
+ }
+ dst += put_pixel_ifb(p, dst);
+ } while (--width);
+}
+
+/* Write RGB to QEMU's GraphicConsole framebuffer */
+
+static int put_to_qemufb_pixel8(const rgba p, uint8_t *d)
+{
+ uint32_t pixel = rgb_to_pixel8(p.r, p.g, p.b);
+ *(uint8_t *)d = pixel;
+ return 1;
+}
+
+static int put_to_qemufb_pixel15(const rgba p, uint8_t *d)
+{
+ uint32_t pixel = rgb_to_pixel15(p.r, p.g, p.b);
+ *(uint16_t *)d = pixel;
+ return 2;
+}
+
+static int put_to_qemufb_pixel16(const rgba p, uint8_t *d)
+{
+ uint32_t pixel = rgb_to_pixel16(p.r, p.g, p.b);
+ *(uint16_t *)d = pixel;
+ return 2;
+}
+
+static int put_to_qemufb_pixel24(const rgba p, uint8_t *d)
+{
+ uint32_t pixel = rgb_to_pixel24(p.r, p.g, p.b);
+ *(uint8_t *)d++ = (pixel >> 0) & 0xFF;
+ *(uint8_t *)d++ = (pixel >> 8) & 0xFF;
+ *(uint8_t *)d++ = (pixel >> 16) & 0xFF;
+ return 3;
+}
+
+static int put_to_qemufb_pixel32(const rgba p, uint8_t *d)
+{
+ uint32_t pixel = rgb_to_pixel24(p.r, p.g, p.b);
+ *(uint32_t *)d = pixel;
+ return 4;
+}
+
+/* Routine to copy pixel from internal buffer to QEMU buffer */
+static int (*put_pixel_toqemu)(const rgba p, uint8_t *pixel);
+static inline void fimd_update_putpix_qemu(int bpp)
+{
+ switch (bpp) {
+ case 8:
+ put_pixel_toqemu = put_to_qemufb_pixel8;
+ break;
+ case 15:
+ put_pixel_toqemu = put_to_qemufb_pixel15;
+ break;
+ case 16:
+ put_pixel_toqemu = put_to_qemufb_pixel16;
+ break;
+ case 24:
+ put_pixel_toqemu = put_to_qemufb_pixel24;
+ break;
+ case 32:
+ put_pixel_toqemu = put_to_qemufb_pixel32;
+ break;
+ default:
+ hw_error("exynos4210.fimd: unsupported BPP (%d)", bpp);
+ break;
+ }
+}
+
+/* Routine to copy a line from internal frame buffer to QEMU display */
+static void fimd_copy_line_toqemu(int width, uint8_t *src, uint8_t *dst)
+{
+ rgba p;
+
+ do {
+ src += get_pixel_ifb(src, &p);
+ dst += put_pixel_toqemu(p, dst);
+ } while (--width);
+}
+
+/* Parse BPPMODE_F = WINCON1[5:2] bits */
+static void exynos4210_fimd_update_win_bppmode(Exynos4210fimdState *s, int win)
+{
+ Exynos4210fimdWindow *w = &s->window[win];
+
+ if (w->winmap & FIMD_WINMAP_EN) {
+ w->draw_line = draw_line_mapcolor;
+ return;
+ }
+
+ switch (WIN_BPP_MODE(w)) {
+ case 0:
+ w->draw_line = draw_line_palette_1;
+ w->pixel_to_rgb =
+ palette_data_format[exynos4210_fimd_palette_format(s, win)];
+ break;
+ case 1:
+ w->draw_line = draw_line_palette_2;
+ w->pixel_to_rgb =
+ palette_data_format[exynos4210_fimd_palette_format(s, win)];
+ break;
+ case 2:
+ w->draw_line = draw_line_palette_4;
+ w->pixel_to_rgb =
+ palette_data_format[exynos4210_fimd_palette_format(s, win)];
+ break;
+ case 3:
+ w->draw_line = draw_line_palette_8;
+ w->pixel_to_rgb =
+ palette_data_format[exynos4210_fimd_palette_format(s, win)];
+ break;
+ case 4:
+ w->draw_line = draw_line_8;
+ w->pixel_to_rgb = pixel_a232_to_rgb;
+ break;
+ case 5:
+ w->draw_line = draw_line_16;
+ w->pixel_to_rgb = pixel_565_to_rgb;
+ break;
+ case 6:
+ w->draw_line = draw_line_16;
+ w->pixel_to_rgb = pixel_a555_to_rgb;
+ break;
+ case 7:
+ w->draw_line = draw_line_16;
+ w->pixel_to_rgb = pixel_1555_to_rgb;
+ break;
+ case 8:
+ w->draw_line = draw_line_32;
+ w->pixel_to_rgb = pixel_666_to_rgb;
+ break;
+ case 9:
+ w->draw_line = draw_line_32;
+ w->pixel_to_rgb = pixel_a665_to_rgb;
+ break;
+ case 10:
+ w->draw_line = draw_line_32;
+ w->pixel_to_rgb = pixel_a666_to_rgb;
+ break;
+ case 11:
+ w->draw_line = draw_line_32;
+ w->pixel_to_rgb = pixel_888_to_rgb;
+ break;
+ case 12:
+ w->draw_line = draw_line_32;
+ w->pixel_to_rgb = pixel_a887_to_rgb;
+ break;
+ case 13:
+ w->draw_line = draw_line_32;
+ if ((w->wincon & FIMD_WINCON_BLD_PIX) && (w->wincon &
+ FIMD_WINCON_ALPHA_SEL)) {
+ w->pixel_to_rgb = pixel_8888_to_rgb;
+ } else {
+ w->pixel_to_rgb = pixel_a888_to_rgb;
+ }
+ break;
+ case 14:
+ w->draw_line = draw_line_16;
+ if ((w->wincon & FIMD_WINCON_BLD_PIX) && (w->wincon &
+ FIMD_WINCON_ALPHA_SEL)) {
+ w->pixel_to_rgb = pixel_4444_to_rgb;
+ } else {
+ w->pixel_to_rgb = pixel_a444_to_rgb;
+ }
+ break;
+ case 15:
+ w->draw_line = draw_line_16;
+ w->pixel_to_rgb = pixel_555_to_rgb;
+ break;
+ }
+}
+
+#if EXYNOS4210_FIMD_MODE_TRACE > 0
+static const char *exynos4210_fimd_get_bppmode(int mode_code)
+{
+ switch (mode_code) {
+ case 0:
+ return "1 bpp";
+ case 1:
+ return "2 bpp";
+ case 2:
+ return "4 bpp";
+ case 3:
+ return "8 bpp (palettized)";
+ case 4:
+ return "8 bpp (non-palettized, A: 1-R:2-G:3-B:2)";
+ case 5:
+ return "16 bpp (non-palettized, R:5-G:6-B:5)";
+ case 6:
+ return "16 bpp (non-palettized, A:1-R:5-G:5-B:5)";
+ case 7:
+ return "16 bpp (non-palettized, I :1-R:5-G:5-B:5)";
+ case 8:
+ return "Unpacked 18 bpp (non-palettized, R:6-G:6-B:6)";
+ case 9:
+ return "Unpacked 18bpp (non-palettized,A:1-R:6-G:6-B:5)";
+ case 10:
+ return "Unpacked 19bpp (non-palettized,A:1-R:6-G:6-B:6)";
+ case 11:
+ return "Unpacked 24 bpp (non-palettized R:8-G:8-B:8)";
+ case 12:
+ return "Unpacked 24 bpp (non-palettized A:1-R:8-G:8-B:7)";
+ case 13:
+ return "Unpacked 25 bpp (non-palettized A:1-R:8-G:8-B:8)";
+ case 14:
+ return "Unpacked 13 bpp (non-palettized A:1-R:4-G:4-B:4)";
+ case 15:
+ return "Unpacked 15 bpp (non-palettized R:5-G:5-B:5)";
+ default:
+ return "Non-existing bpp mode";
+ }
+}
+
+static inline void exynos4210_fimd_trace_bppmode(Exynos4210fimdState *s,
+ int win_num, uint32_t val)
+{
+ Exynos4210fimdWindow *w = &s->window[win_num];
+
+ if (w->winmap & FIMD_WINMAP_EN) {
+ printf("QEMU FIMD: Window %d is mapped with MAPCOLOR=0x%x\n",
+ win_num, w->winmap & 0xFFFFFF);
+ return;
+ }
+
+ if ((val != 0xFFFFFFFF) && ((w->wincon >> 2) & 0xF) == ((val >> 2) & 0xF)) {
+ return;
+ }
+ printf("QEMU FIMD: Window %d BPP mode set to %s\n", win_num,
+ exynos4210_fimd_get_bppmode((val >> 2) & 0xF));
+}
+#else
+static inline void exynos4210_fimd_trace_bppmode(Exynos4210fimdState *s,
+ int win_num, uint32_t val)
+{
+
+}
+#endif
+
+static inline int fimd_get_buffer_id(Exynos4210fimdWindow *w)
+{
+ switch (w->wincon & FIMD_WINCON_BUFSTATUS) {
+ case FIMD_WINCON_BUF0_STAT:
+ return 0;
+ case FIMD_WINCON_BUF1_STAT:
+ return 1;
+ case FIMD_WINCON_BUF2_STAT:
+ return 2;
+ default:
+ DPRINT_ERROR("Non-existent buffer index\n");
+ return 0;
+ }
+}
+
+/* Updates specified window's MemorySection based on values of WINCON,
+ * VIDOSDA, VIDOSDB, VIDWADDx and SHADOWCON registers */
+static void fimd_update_memory_section(Exynos4210fimdState *s, unsigned win)
+{
+ SysBusDevice *sbd = SYS_BUS_DEVICE(s);
+ Exynos4210fimdWindow *w = &s->window[win];
+ hwaddr fb_start_addr, fb_mapped_len;
+
+ if (!s->enabled || !(w->wincon & FIMD_WINCON_ENWIN) ||
+ FIMD_WINDOW_PROTECTED(s->shadowcon, win)) {
+ return;
+ }
+
+ if (w->host_fb_addr) {
+ cpu_physical_memory_unmap(w->host_fb_addr, w->fb_len, 0, 0);
+ w->host_fb_addr = NULL;
+ w->fb_len = 0;
+ }
+
+ fb_start_addr = w->buf_start[fimd_get_buffer_id(w)];
+ /* Total number of bytes of virtual screen used by current window */
+ w->fb_len = fb_mapped_len = (w->virtpage_width + w->virtpage_offsize) *
+ (w->rightbot_y - w->lefttop_y + 1);
+
+ /* TODO: add .exit and unref the region there. Not needed yet since sysbus
+ * does not support hot-unplug.
+ */
+ memory_region_unref(w->mem_section.mr);
+ w->mem_section = memory_region_find(sysbus_address_space(sbd),
+ fb_start_addr, w->fb_len);
+ assert(w->mem_section.mr);
+ assert(w->mem_section.offset_within_address_space == fb_start_addr);
+ DPRINT_TRACE("Window %u framebuffer changed: address=0x%08x, len=0x%x\n",
+ win, fb_start_addr, w->fb_len);
+
+ if (int128_get64(w->mem_section.size) != w->fb_len ||
+ !memory_region_is_ram(w->mem_section.mr)) {
+ DPRINT_ERROR("Failed to find window %u framebuffer region\n", win);
+ goto error_return;
+ }
+
+ w->host_fb_addr = cpu_physical_memory_map(fb_start_addr, &fb_mapped_len, 0);
+ if (!w->host_fb_addr) {
+ DPRINT_ERROR("Failed to map window %u framebuffer\n", win);
+ goto error_return;
+ }
+
+ if (fb_mapped_len != w->fb_len) {
+ DPRINT_ERROR("Window %u mapped framebuffer length is less then "
+ "expected\n", win);
+ cpu_physical_memory_unmap(w->host_fb_addr, fb_mapped_len, 0, 0);
+ goto error_return;
+ }
+ return;
+
+error_return:
+ memory_region_unref(w->mem_section.mr);
+ w->mem_section.mr = NULL;
+ w->mem_section.size = int128_zero();
+ w->host_fb_addr = NULL;
+ w->fb_len = 0;
+}
+
+static void exynos4210_fimd_enable(Exynos4210fimdState *s, bool enabled)
+{
+ if (enabled && !s->enabled) {
+ unsigned w;
+ s->enabled = true;
+ for (w = 0; w < NUM_OF_WINDOWS; w++) {
+ fimd_update_memory_section(s, w);
+ }
+ }
+ s->enabled = enabled;
+ DPRINT_TRACE("display controller %s\n", enabled ? "enabled" : "disabled");
+}
+
+static inline uint32_t unpack_upper_4(uint32_t x)
+{
+ return ((x & 0xF00) << 12) | ((x & 0xF0) << 8) | ((x & 0xF) << 4);
+}
+
+static inline uint32_t pack_upper_4(uint32_t x)
+{
+ return (((x & 0xF00000) >> 12) | ((x & 0xF000) >> 8) |
+ ((x & 0xF0) >> 4)) & 0xFFF;
+}
+
+static void exynos4210_fimd_update_irq(Exynos4210fimdState *s)
+{
+ if (!(s->vidintcon[0] & FIMD_VIDINT_INTEN)) {
+ qemu_irq_lower(s->irq[0]);
+ qemu_irq_lower(s->irq[1]);
+ qemu_irq_lower(s->irq[2]);
+ return;
+ }
+ if ((s->vidintcon[0] & FIMD_VIDINT_INTFIFOEN) &&
+ (s->vidintcon[1] & FIMD_VIDINT_INTFIFOPEND)) {
+ qemu_irq_raise(s->irq[0]);
+ } else {
+ qemu_irq_lower(s->irq[0]);
+ }
+ if ((s->vidintcon[0] & FIMD_VIDINT_INTFRMEN) &&
+ (s->vidintcon[1] & FIMD_VIDINT_INTFRMPEND)) {
+ qemu_irq_raise(s->irq[1]);
+ } else {
+ qemu_irq_lower(s->irq[1]);
+ }
+ if ((s->vidintcon[0] & FIMD_VIDINT_I80IFDONE) &&
+ (s->vidintcon[1] & FIMD_VIDINT_INTI80PEND)) {
+ qemu_irq_raise(s->irq[2]);
+ } else {
+ qemu_irq_lower(s->irq[2]);
+ }
+}
+
+static void exynos4210_fimd_invalidate(void *opaque)
+{
+ Exynos4210fimdState *s = (Exynos4210fimdState *)opaque;
+ s->invalidate = true;
+}
+
+static void exynos4210_update_resolution(Exynos4210fimdState *s)
+{
+ DisplaySurface *surface = qemu_console_surface(s->console);
+
+ /* LCD resolution is stored in VIDEO TIME CONTROL REGISTER 2 */
+ uint32_t width = ((s->vidtcon[2] >> FIMD_VIDTCON2_HOR_SHIFT) &
+ FIMD_VIDTCON2_SIZE_MASK) + 1;
+ uint32_t height = ((s->vidtcon[2] >> FIMD_VIDTCON2_VER_SHIFT) &
+ FIMD_VIDTCON2_SIZE_MASK) + 1;
+
+ if (s->ifb == NULL || surface_width(surface) != width ||
+ surface_height(surface) != height) {
+ DPRINT_L1("Resolution changed from %ux%u to %ux%u\n",
+ surface_width(surface), surface_height(surface), width, height);
+ qemu_console_resize(s->console, width, height);
+ s->ifb = g_realloc(s->ifb, width * height * RGBA_SIZE + 1);
+ memset(s->ifb, 0, width * height * RGBA_SIZE + 1);
+ exynos4210_fimd_invalidate(s);
+ }
+}
+
+static void exynos4210_fimd_update(void *opaque)
+{
+ Exynos4210fimdState *s = (Exynos4210fimdState *)opaque;
+ DisplaySurface *surface;
+ Exynos4210fimdWindow *w;
+ int i, line;
+ hwaddr fb_line_addr, inc_size;
+ int scrn_height;
+ int first_line = -1, last_line = -1, scrn_width;
+ bool blend = false;
+ uint8_t *host_fb_addr;
+ bool is_dirty = false;
+ const int global_width = (s->vidtcon[2] & FIMD_VIDTCON2_SIZE_MASK) + 1;
+ const int global_height = ((s->vidtcon[2] >> FIMD_VIDTCON2_VER_SHIFT) &
+ FIMD_VIDTCON2_SIZE_MASK) + 1;
+
+ if (!s || !s->console || !s->enabled ||
+ surface_bits_per_pixel(qemu_console_surface(s->console)) == 0) {
+ return;
+ }
+ exynos4210_update_resolution(s);
+ surface = qemu_console_surface(s->console);
+
+ for (i = 0; i < NUM_OF_WINDOWS; i++) {
+ w = &s->window[i];
+ if ((w->wincon & FIMD_WINCON_ENWIN) && w->host_fb_addr) {
+ scrn_height = w->rightbot_y - w->lefttop_y + 1;
+ scrn_width = w->virtpage_width;
+ /* Total width of virtual screen page in bytes */
+ inc_size = scrn_width + w->virtpage_offsize;
+ memory_region_sync_dirty_bitmap(w->mem_section.mr);
+ host_fb_addr = w->host_fb_addr;
+ fb_line_addr = w->mem_section.offset_within_region;
+
+ for (line = 0; line < scrn_height; line++) {
+ is_dirty = memory_region_get_dirty(w->mem_section.mr,
+ fb_line_addr, scrn_width, DIRTY_MEMORY_VGA);
+
+ if (s->invalidate || is_dirty) {
+ if (first_line == -1) {
+ first_line = line;
+ }
+ last_line = line;
+ w->draw_line(w, host_fb_addr, s->ifb +
+ w->lefttop_x * RGBA_SIZE + (w->lefttop_y + line) *
+ global_width * RGBA_SIZE, blend);
+ }
+ host_fb_addr += inc_size;
+ fb_line_addr += inc_size;
+ is_dirty = false;
+ }
+ memory_region_reset_dirty(w->mem_section.mr,
+ w->mem_section.offset_within_region,
+ w->fb_len, DIRTY_MEMORY_VGA);
+ blend = true;
+ }
+ }
+
+ /* Copy resulting image to QEMU_CONSOLE. */
+ if (first_line >= 0) {
+ uint8_t *d;
+ int bpp;
+
+ bpp = surface_bits_per_pixel(surface);
+ fimd_update_putpix_qemu(bpp);
+ bpp = (bpp + 1) >> 3;
+ d = surface_data(surface);
+ for (line = first_line; line <= last_line; line++) {
+ fimd_copy_line_toqemu(global_width, s->ifb + global_width * line *
+ RGBA_SIZE, d + global_width * line * bpp);
+ }
+ dpy_gfx_update(s->console, 0, 0, global_width, global_height);
+ }
+ s->invalidate = false;
+ s->vidintcon[1] |= FIMD_VIDINT_INTFRMPEND;
+ if ((s->vidcon[0] & FIMD_VIDCON0_ENVID_F) == 0) {
+ exynos4210_fimd_enable(s, false);
+ }
+ exynos4210_fimd_update_irq(s);
+}
+
+static void exynos4210_fimd_reset(DeviceState *d)
+{
+ Exynos4210fimdState *s = EXYNOS4210_FIMD(d);
+ unsigned w;
+
+ DPRINT_TRACE("Display controller reset\n");
+ /* Set all display controller registers to 0 */
+ memset(&s->vidcon, 0, (uint8_t *)&s->window - (uint8_t *)&s->vidcon);
+ for (w = 0; w < NUM_OF_WINDOWS; w++) {
+ memset(&s->window[w], 0, sizeof(Exynos4210fimdWindow));
+ s->window[w].blendeq = 0xC2;
+ exynos4210_fimd_update_win_bppmode(s, w);
+ exynos4210_fimd_trace_bppmode(s, w, 0xFFFFFFFF);
+ fimd_update_get_alpha(s, w);
+ }
+
+ if (s->ifb != NULL) {
+ g_free(s->ifb);
+ }
+ s->ifb = NULL;
+
+ exynos4210_fimd_invalidate(s);
+ exynos4210_fimd_enable(s, false);
+ /* Some registers have non-zero initial values */
+ s->winchmap = 0x7D517D51;
+ s->colorgaincon = 0x10040100;
+ s->huecoef_cr[0] = s->huecoef_cr[3] = 0x01000100;
+ s->huecoef_cb[0] = s->huecoef_cb[3] = 0x01000100;
+ s->hueoffset = 0x01800080;
+}
+
+static void exynos4210_fimd_write(void *opaque, hwaddr offset,
+ uint64_t val, unsigned size)
+{
+ Exynos4210fimdState *s = (Exynos4210fimdState *)opaque;
+ unsigned w, i;
+ uint32_t old_value;
+
+ DPRINT_L2("write offset 0x%08x, value=%llu(0x%08llx)\n", offset,
+ (long long unsigned int)val, (long long unsigned int)val);
+
+ switch (offset) {
+ case FIMD_VIDCON0:
+ if ((val & FIMD_VIDCON0_ENVID_MASK) == FIMD_VIDCON0_ENVID_MASK) {
+ exynos4210_fimd_enable(s, true);
+ } else {
+ if ((val & FIMD_VIDCON0_ENVID) == 0) {
+ exynos4210_fimd_enable(s, false);
+ }
+ }
+ s->vidcon[0] = val;
+ break;
+ case FIMD_VIDCON1:
+ /* Leave read-only bits as is */
+ val = (val & (~FIMD_VIDCON1_ROMASK)) |
+ (s->vidcon[1] & FIMD_VIDCON1_ROMASK);
+ s->vidcon[1] = val;
+ break;
+ case FIMD_VIDCON2 ... FIMD_VIDCON3:
+ s->vidcon[(offset) >> 2] = val;
+ break;
+ case FIMD_VIDTCON_START ... FIMD_VIDTCON_END:
+ s->vidtcon[(offset - FIMD_VIDTCON_START) >> 2] = val;
+ break;
+ case FIMD_WINCON_START ... FIMD_WINCON_END:
+ w = (offset - FIMD_WINCON_START) >> 2;
+ /* Window's current buffer ID */
+ i = fimd_get_buffer_id(&s->window[w]);
+ old_value = s->window[w].wincon;
+ val = (val & ~FIMD_WINCON_ROMASK) |
+ (s->window[w].wincon & FIMD_WINCON_ROMASK);
+ if (w == 0) {
+ /* Window 0 wincon ALPHA_MUL bit must always be 0 */
+ val &= ~FIMD_WINCON_ALPHA_MUL;
+ }
+ exynos4210_fimd_trace_bppmode(s, w, val);
+ switch (val & FIMD_WINCON_BUFSELECT) {
+ case FIMD_WINCON_BUF0_SEL:
+ val &= ~FIMD_WINCON_BUFSTATUS;
+ break;
+ case FIMD_WINCON_BUF1_SEL:
+ val = (val & ~FIMD_WINCON_BUFSTAT_H) | FIMD_WINCON_BUFSTAT_L;
+ break;
+ case FIMD_WINCON_BUF2_SEL:
+ if (val & FIMD_WINCON_BUFMODE) {
+ val = (val & ~FIMD_WINCON_BUFSTAT_L) | FIMD_WINCON_BUFSTAT_H;
+ }
+ break;
+ default:
+ break;
+ }
+ s->window[w].wincon = val;
+ exynos4210_fimd_update_win_bppmode(s, w);
+ fimd_update_get_alpha(s, w);
+ if ((i != fimd_get_buffer_id(&s->window[w])) ||
+ (!(old_value & FIMD_WINCON_ENWIN) && (s->window[w].wincon &
+ FIMD_WINCON_ENWIN))) {
+ fimd_update_memory_section(s, w);
+ }
+ break;
+ case FIMD_SHADOWCON:
+ old_value = s->shadowcon;
+ s->shadowcon = val;
+ for (w = 0; w < NUM_OF_WINDOWS; w++) {
+ if (FIMD_WINDOW_PROTECTED(old_value, w) &&
+ !FIMD_WINDOW_PROTECTED(s->shadowcon, w)) {
+ fimd_update_memory_section(s, w);
+ }
+ }
+ break;
+ case FIMD_WINCHMAP:
+ s->winchmap = val;
+ break;
+ case FIMD_VIDOSD_START ... FIMD_VIDOSD_END:
+ w = (offset - FIMD_VIDOSD_START) >> 4;
+ i = ((offset - FIMD_VIDOSD_START) & 0xF) >> 2;
+ switch (i) {
+ case 0:
+ old_value = s->window[w].lefttop_y;
+ s->window[w].lefttop_x = (val >> FIMD_VIDOSD_HOR_SHIFT) &
+ FIMD_VIDOSD_COORD_MASK;
+ s->window[w].lefttop_y = (val >> FIMD_VIDOSD_VER_SHIFT) &
+ FIMD_VIDOSD_COORD_MASK;
+ if (s->window[w].lefttop_y != old_value) {
+ fimd_update_memory_section(s, w);
+ }
+ break;
+ case 1:
+ old_value = s->window[w].rightbot_y;
+ s->window[w].rightbot_x = (val >> FIMD_VIDOSD_HOR_SHIFT) &
+ FIMD_VIDOSD_COORD_MASK;
+ s->window[w].rightbot_y = (val >> FIMD_VIDOSD_VER_SHIFT) &
+ FIMD_VIDOSD_COORD_MASK;
+ if (s->window[w].rightbot_y != old_value) {
+ fimd_update_memory_section(s, w);
+ }
+ break;
+ case 2:
+ if (w == 0) {
+ s->window[w].osdsize = val;
+ } else {
+ s->window[w].alpha_val[0] =
+ unpack_upper_4((val & FIMD_VIDOSD_ALPHA_AEN0) >>
+ FIMD_VIDOSD_AEN0_SHIFT) |
+ (s->window[w].alpha_val[0] & FIMD_VIDALPHA_ALPHA_LOWER);
+ s->window[w].alpha_val[1] =
+ unpack_upper_4(val & FIMD_VIDOSD_ALPHA_AEN1) |
+ (s->window[w].alpha_val[1] & FIMD_VIDALPHA_ALPHA_LOWER);
+ }
+ break;
+ case 3:
+ if (w != 1 && w != 2) {
+ DPRINT_ERROR("Bad write offset 0x%08x\n", offset);
+ return;
+ }
+ s->window[w].osdsize = val;
+ break;
+ }
+ break;
+ case FIMD_VIDWADD0_START ... FIMD_VIDWADD0_END:
+ w = (offset - FIMD_VIDWADD0_START) >> 3;
+ i = ((offset - FIMD_VIDWADD0_START) >> 2) & 1;
+ if (i == fimd_get_buffer_id(&s->window[w]) &&
+ s->window[w].buf_start[i] != val) {
+ s->window[w].buf_start[i] = val;
+ fimd_update_memory_section(s, w);
+ break;
+ }
+ s->window[w].buf_start[i] = val;
+ break;
+ case FIMD_VIDWADD1_START ... FIMD_VIDWADD1_END:
+ w = (offset - FIMD_VIDWADD1_START) >> 3;
+ i = ((offset - FIMD_VIDWADD1_START) >> 2) & 1;
+ s->window[w].buf_end[i] = val;
+ break;
+ case FIMD_VIDWADD2_START ... FIMD_VIDWADD2_END:
+ w = (offset - FIMD_VIDWADD2_START) >> 2;
+ if (((val & FIMD_VIDWADD2_PAGEWIDTH) != s->window[w].virtpage_width) ||
+ (((val >> FIMD_VIDWADD2_OFFSIZE_SHIFT) & FIMD_VIDWADD2_OFFSIZE) !=
+ s->window[w].virtpage_offsize)) {
+ s->window[w].virtpage_width = val & FIMD_VIDWADD2_PAGEWIDTH;
+ s->window[w].virtpage_offsize =
+ (val >> FIMD_VIDWADD2_OFFSIZE_SHIFT) & FIMD_VIDWADD2_OFFSIZE;
+ fimd_update_memory_section(s, w);
+ }
+ break;
+ case FIMD_VIDINTCON0:
+ s->vidintcon[0] = val;
+ break;
+ case FIMD_VIDINTCON1:
+ s->vidintcon[1] &= ~(val & 7);
+ exynos4210_fimd_update_irq(s);
+ break;
+ case FIMD_WKEYCON_START ... FIMD_WKEYCON_END:
+ w = ((offset - FIMD_WKEYCON_START) >> 3) + 1;
+ i = ((offset - FIMD_WKEYCON_START) >> 2) & 1;
+ s->window[w].keycon[i] = val;
+ break;
+ case FIMD_WKEYALPHA_START ... FIMD_WKEYALPHA_END:
+ w = ((offset - FIMD_WKEYALPHA_START) >> 2) + 1;
+ s->window[w].keyalpha = val;
+ break;
+ case FIMD_DITHMODE:
+ s->dithmode = val;
+ break;
+ case FIMD_WINMAP_START ... FIMD_WINMAP_END:
+ w = (offset - FIMD_WINMAP_START) >> 2;
+ old_value = s->window[w].winmap;
+ s->window[w].winmap = val;
+ if ((val & FIMD_WINMAP_EN) ^ (old_value & FIMD_WINMAP_EN)) {
+ exynos4210_fimd_invalidate(s);
+ exynos4210_fimd_update_win_bppmode(s, w);
+ exynos4210_fimd_trace_bppmode(s, w, 0xFFFFFFFF);
+ exynos4210_fimd_update(s);
+ }
+ break;
+ case FIMD_WPALCON_HIGH ... FIMD_WPALCON_LOW:
+ i = (offset - FIMD_WPALCON_HIGH) >> 2;
+ s->wpalcon[i] = val;
+ if (s->wpalcon[1] & FIMD_WPALCON_UPDATEEN) {
+ for (w = 0; w < NUM_OF_WINDOWS; w++) {
+ exynos4210_fimd_update_win_bppmode(s, w);
+ fimd_update_get_alpha(s, w);
+ }
+ }
+ break;
+ case FIMD_TRIGCON:
+ val = (val & ~FIMD_TRIGCON_ROMASK) | (s->trigcon & FIMD_TRIGCON_ROMASK);
+ s->trigcon = val;
+ break;
+ case FIMD_I80IFCON_START ... FIMD_I80IFCON_END:
+ s->i80ifcon[(offset - FIMD_I80IFCON_START) >> 2] = val;
+ break;
+ case FIMD_COLORGAINCON:
+ s->colorgaincon = val;
+ break;
+ case FIMD_LDI_CMDCON0 ... FIMD_LDI_CMDCON1:
+ s->ldi_cmdcon[(offset - FIMD_LDI_CMDCON0) >> 2] = val;
+ break;
+ case FIMD_SIFCCON0 ... FIMD_SIFCCON2:
+ i = (offset - FIMD_SIFCCON0) >> 2;
+ if (i != 2) {
+ s->sifccon[i] = val;
+ }
+ break;
+ case FIMD_HUECOEFCR_START ... FIMD_HUECOEFCR_END:
+ i = (offset - FIMD_HUECOEFCR_START) >> 2;
+ s->huecoef_cr[i] = val;
+ break;
+ case FIMD_HUECOEFCB_START ... FIMD_HUECOEFCB_END:
+ i = (offset - FIMD_HUECOEFCB_START) >> 2;
+ s->huecoef_cb[i] = val;
+ break;
+ case FIMD_HUEOFFSET:
+ s->hueoffset = val;
+ break;
+ case FIMD_VIDWALPHA_START ... FIMD_VIDWALPHA_END:
+ w = ((offset - FIMD_VIDWALPHA_START) >> 3);
+ i = ((offset - FIMD_VIDWALPHA_START) >> 2) & 1;
+ if (w == 0) {
+ s->window[w].alpha_val[i] = val;
+ } else {
+ s->window[w].alpha_val[i] = (val & FIMD_VIDALPHA_ALPHA_LOWER) |
+ (s->window[w].alpha_val[i] & FIMD_VIDALPHA_ALPHA_UPPER);
+ }
+ break;
+ case FIMD_BLENDEQ_START ... FIMD_BLENDEQ_END:
+ s->window[(offset - FIMD_BLENDEQ_START) >> 2].blendeq = val;
+ break;
+ case FIMD_BLENDCON:
+ old_value = s->blendcon;
+ s->blendcon = val;
+ if ((s->blendcon & FIMD_ALPHA_8BIT) != (old_value & FIMD_ALPHA_8BIT)) {
+ for (w = 0; w < NUM_OF_WINDOWS; w++) {
+ fimd_update_get_alpha(s, w);
+ }
+ }
+ break;
+ case FIMD_WRTQOSCON_START ... FIMD_WRTQOSCON_END:
+ s->window[(offset - FIMD_WRTQOSCON_START) >> 2].rtqoscon = val;
+ break;
+ case FIMD_I80IFCMD_START ... FIMD_I80IFCMD_END:
+ s->i80ifcmd[(offset - FIMD_I80IFCMD_START) >> 2] = val;
+ break;
+ case FIMD_VIDW0ADD0_B2 ... FIMD_VIDW4ADD0_B2:
+ if (offset & 0x0004) {
+ DPRINT_ERROR("bad write offset 0x%08x\n", offset);
+ break;
+ }
+ w = (offset - FIMD_VIDW0ADD0_B2) >> 3;
+ if (fimd_get_buffer_id(&s->window[w]) == 2 &&
+ s->window[w].buf_start[2] != val) {
+ s->window[w].buf_start[2] = val;
+ fimd_update_memory_section(s, w);
+ break;
+ }
+ s->window[w].buf_start[2] = val;
+ break;
+ case FIMD_SHD_ADD0_START ... FIMD_SHD_ADD0_END:
+ if (offset & 0x0004) {
+ DPRINT_ERROR("bad write offset 0x%08x\n", offset);
+ break;
+ }
+ s->window[(offset - FIMD_SHD_ADD0_START) >> 3].shadow_buf_start = val;
+ break;
+ case FIMD_SHD_ADD1_START ... FIMD_SHD_ADD1_END:
+ if (offset & 0x0004) {
+ DPRINT_ERROR("bad write offset 0x%08x\n", offset);
+ break;
+ }
+ s->window[(offset - FIMD_SHD_ADD1_START) >> 3].shadow_buf_end = val;
+ break;
+ case FIMD_SHD_ADD2_START ... FIMD_SHD_ADD2_END:
+ s->window[(offset - FIMD_SHD_ADD2_START) >> 2].shadow_buf_size = val;
+ break;
+ case FIMD_PAL_MEM_START ... FIMD_PAL_MEM_END:
+ w = (offset - FIMD_PAL_MEM_START) >> 10;
+ i = ((offset - FIMD_PAL_MEM_START) >> 2) & 0xFF;
+ s->window[w].palette[i] = val;
+ break;
+ case FIMD_PALMEM_AL_START ... FIMD_PALMEM_AL_END:
+ /* Palette memory aliases for windows 0 and 1 */
+ w = (offset - FIMD_PALMEM_AL_START) >> 10;
+ i = ((offset - FIMD_PALMEM_AL_START) >> 2) & 0xFF;
+ s->window[w].palette[i] = val;
+ break;
+ default:
+ DPRINT_ERROR("bad write offset 0x%08x\n", offset);
+ break;
+ }
+}
+
+static uint64_t exynos4210_fimd_read(void *opaque, hwaddr offset,
+ unsigned size)
+{
+ Exynos4210fimdState *s = (Exynos4210fimdState *)opaque;
+ int w, i;
+ uint32_t ret = 0;
+
+ DPRINT_L2("read offset 0x%08x\n", offset);
+
+ switch (offset) {
+ case FIMD_VIDCON0 ... FIMD_VIDCON3:
+ return s->vidcon[(offset - FIMD_VIDCON0) >> 2];
+ case FIMD_VIDTCON_START ... FIMD_VIDTCON_END:
+ return s->vidtcon[(offset - FIMD_VIDTCON_START) >> 2];
+ case FIMD_WINCON_START ... FIMD_WINCON_END:
+ return s->window[(offset - FIMD_WINCON_START) >> 2].wincon;
+ case FIMD_SHADOWCON:
+ return s->shadowcon;
+ case FIMD_WINCHMAP:
+ return s->winchmap;
+ case FIMD_VIDOSD_START ... FIMD_VIDOSD_END:
+ w = (offset - FIMD_VIDOSD_START) >> 4;
+ i = ((offset - FIMD_VIDOSD_START) & 0xF) >> 2;
+ switch (i) {
+ case 0:
+ ret = ((s->window[w].lefttop_x & FIMD_VIDOSD_COORD_MASK) <<
+ FIMD_VIDOSD_HOR_SHIFT) |
+ (s->window[w].lefttop_y & FIMD_VIDOSD_COORD_MASK);
+ break;
+ case 1:
+ ret = ((s->window[w].rightbot_x & FIMD_VIDOSD_COORD_MASK) <<
+ FIMD_VIDOSD_HOR_SHIFT) |
+ (s->window[w].rightbot_y & FIMD_VIDOSD_COORD_MASK);
+ break;
+ case 2:
+ if (w == 0) {
+ ret = s->window[w].osdsize;
+ } else {
+ ret = (pack_upper_4(s->window[w].alpha_val[0]) <<
+ FIMD_VIDOSD_AEN0_SHIFT) |
+ pack_upper_4(s->window[w].alpha_val[1]);
+ }
+ break;
+ case 3:
+ if (w != 1 && w != 2) {
+ DPRINT_ERROR("bad read offset 0x%08x\n", offset);
+ return 0xBAADBAAD;
+ }
+ ret = s->window[w].osdsize;
+ break;
+ }
+ return ret;
+ case FIMD_VIDWADD0_START ... FIMD_VIDWADD0_END:
+ w = (offset - FIMD_VIDWADD0_START) >> 3;
+ i = ((offset - FIMD_VIDWADD0_START) >> 2) & 1;
+ return s->window[w].buf_start[i];
+ case FIMD_VIDWADD1_START ... FIMD_VIDWADD1_END:
+ w = (offset - FIMD_VIDWADD1_START) >> 3;
+ i = ((offset - FIMD_VIDWADD1_START) >> 2) & 1;
+ return s->window[w].buf_end[i];
+ case FIMD_VIDWADD2_START ... FIMD_VIDWADD2_END:
+ w = (offset - FIMD_VIDWADD2_START) >> 2;
+ return s->window[w].virtpage_width | (s->window[w].virtpage_offsize <<
+ FIMD_VIDWADD2_OFFSIZE_SHIFT);
+ case FIMD_VIDINTCON0 ... FIMD_VIDINTCON1:
+ return s->vidintcon[(offset - FIMD_VIDINTCON0) >> 2];
+ case FIMD_WKEYCON_START ... FIMD_WKEYCON_END:
+ w = ((offset - FIMD_WKEYCON_START) >> 3) + 1;
+ i = ((offset - FIMD_WKEYCON_START) >> 2) & 1;
+ return s->window[w].keycon[i];
+ case FIMD_WKEYALPHA_START ... FIMD_WKEYALPHA_END:
+ w = ((offset - FIMD_WKEYALPHA_START) >> 2) + 1;
+ return s->window[w].keyalpha;
+ case FIMD_DITHMODE:
+ return s->dithmode;
+ case FIMD_WINMAP_START ... FIMD_WINMAP_END:
+ return s->window[(offset - FIMD_WINMAP_START) >> 2].winmap;
+ case FIMD_WPALCON_HIGH ... FIMD_WPALCON_LOW:
+ return s->wpalcon[(offset - FIMD_WPALCON_HIGH) >> 2];
+ case FIMD_TRIGCON:
+ return s->trigcon;
+ case FIMD_I80IFCON_START ... FIMD_I80IFCON_END:
+ return s->i80ifcon[(offset - FIMD_I80IFCON_START) >> 2];
+ case FIMD_COLORGAINCON:
+ return s->colorgaincon;
+ case FIMD_LDI_CMDCON0 ... FIMD_LDI_CMDCON1:
+ return s->ldi_cmdcon[(offset - FIMD_LDI_CMDCON0) >> 2];
+ case FIMD_SIFCCON0 ... FIMD_SIFCCON2:
+ i = (offset - FIMD_SIFCCON0) >> 2;
+ return s->sifccon[i];
+ case FIMD_HUECOEFCR_START ... FIMD_HUECOEFCR_END:
+ i = (offset - FIMD_HUECOEFCR_START) >> 2;
+ return s->huecoef_cr[i];
+ case FIMD_HUECOEFCB_START ... FIMD_HUECOEFCB_END:
+ i = (offset - FIMD_HUECOEFCB_START) >> 2;
+ return s->huecoef_cb[i];
+ case FIMD_HUEOFFSET:
+ return s->hueoffset;
+ case FIMD_VIDWALPHA_START ... FIMD_VIDWALPHA_END:
+ w = ((offset - FIMD_VIDWALPHA_START) >> 3);
+ i = ((offset - FIMD_VIDWALPHA_START) >> 2) & 1;
+ return s->window[w].alpha_val[i] &
+ (w == 0 ? 0xFFFFFF : FIMD_VIDALPHA_ALPHA_LOWER);
+ case FIMD_BLENDEQ_START ... FIMD_BLENDEQ_END:
+ return s->window[(offset - FIMD_BLENDEQ_START) >> 2].blendeq;
+ case FIMD_BLENDCON:
+ return s->blendcon;
+ case FIMD_WRTQOSCON_START ... FIMD_WRTQOSCON_END:
+ return s->window[(offset - FIMD_WRTQOSCON_START) >> 2].rtqoscon;
+ case FIMD_I80IFCMD_START ... FIMD_I80IFCMD_END:
+ return s->i80ifcmd[(offset - FIMD_I80IFCMD_START) >> 2];
+ case FIMD_VIDW0ADD0_B2 ... FIMD_VIDW4ADD0_B2:
+ if (offset & 0x0004) {
+ break;
+ }
+ return s->window[(offset - FIMD_VIDW0ADD0_B2) >> 3].buf_start[2];
+ case FIMD_SHD_ADD0_START ... FIMD_SHD_ADD0_END:
+ if (offset & 0x0004) {
+ break;
+ }
+ return s->window[(offset - FIMD_SHD_ADD0_START) >> 3].shadow_buf_start;
+ case FIMD_SHD_ADD1_START ... FIMD_SHD_ADD1_END:
+ if (offset & 0x0004) {
+ break;
+ }
+ return s->window[(offset - FIMD_SHD_ADD1_START) >> 3].shadow_buf_end;
+ case FIMD_SHD_ADD2_START ... FIMD_SHD_ADD2_END:
+ return s->window[(offset - FIMD_SHD_ADD2_START) >> 2].shadow_buf_size;
+ case FIMD_PAL_MEM_START ... FIMD_PAL_MEM_END:
+ w = (offset - FIMD_PAL_MEM_START) >> 10;
+ i = ((offset - FIMD_PAL_MEM_START) >> 2) & 0xFF;
+ return s->window[w].palette[i];
+ case FIMD_PALMEM_AL_START ... FIMD_PALMEM_AL_END:
+ /* Palette aliases for win 0,1 */
+ w = (offset - FIMD_PALMEM_AL_START) >> 10;
+ i = ((offset - FIMD_PALMEM_AL_START) >> 2) & 0xFF;
+ return s->window[w].palette[i];
+ }
+
+ DPRINT_ERROR("bad read offset 0x%08x\n", offset);
+ return 0xBAADBAAD;
+}
+
+static const MemoryRegionOps exynos4210_fimd_mmio_ops = {
+ .read = exynos4210_fimd_read,
+ .write = exynos4210_fimd_write,
+ .valid = {
+ .min_access_size = 4,
+ .max_access_size = 4,
+ .unaligned = false
+ },
+ .endianness = DEVICE_NATIVE_ENDIAN,
+};
+
+static int exynos4210_fimd_load(void *opaque, int version_id)
+{
+ Exynos4210fimdState *s = (Exynos4210fimdState *)opaque;
+ int w;
+
+ if (version_id != 1) {
+ return -EINVAL;
+ }
+
+ for (w = 0; w < NUM_OF_WINDOWS; w++) {
+ exynos4210_fimd_update_win_bppmode(s, w);
+ fimd_update_get_alpha(s, w);
+ fimd_update_memory_section(s, w);
+ }
+
+ /* Redraw the whole screen */
+ exynos4210_update_resolution(s);
+ exynos4210_fimd_invalidate(s);
+ exynos4210_fimd_enable(s, (s->vidcon[0] & FIMD_VIDCON0_ENVID_MASK) ==
+ FIMD_VIDCON0_ENVID_MASK);
+ return 0;
+}
+
+static const VMStateDescription exynos4210_fimd_window_vmstate = {
+ .name = "exynos4210.fimd_window",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .fields = (VMStateField[]) {
+ VMSTATE_UINT32(wincon, Exynos4210fimdWindow),
+ VMSTATE_UINT32_ARRAY(buf_start, Exynos4210fimdWindow, 3),
+ VMSTATE_UINT32_ARRAY(buf_end, Exynos4210fimdWindow, 3),
+ VMSTATE_UINT32_ARRAY(keycon, Exynos4210fimdWindow, 2),
+ VMSTATE_UINT32(keyalpha, Exynos4210fimdWindow),
+ VMSTATE_UINT32(winmap, Exynos4210fimdWindow),
+ VMSTATE_UINT32(blendeq, Exynos4210fimdWindow),
+ VMSTATE_UINT32(rtqoscon, Exynos4210fimdWindow),
+ VMSTATE_UINT32_ARRAY(palette, Exynos4210fimdWindow, 256),
+ VMSTATE_UINT32(shadow_buf_start, Exynos4210fimdWindow),
+ VMSTATE_UINT32(shadow_buf_end, Exynos4210fimdWindow),
+ VMSTATE_UINT32(shadow_buf_size, Exynos4210fimdWindow),
+ VMSTATE_UINT16(lefttop_x, Exynos4210fimdWindow),
+ VMSTATE_UINT16(lefttop_y, Exynos4210fimdWindow),
+ VMSTATE_UINT16(rightbot_x, Exynos4210fimdWindow),
+ VMSTATE_UINT16(rightbot_y, Exynos4210fimdWindow),
+ VMSTATE_UINT32(osdsize, Exynos4210fimdWindow),
+ VMSTATE_UINT32_ARRAY(alpha_val, Exynos4210fimdWindow, 2),
+ VMSTATE_UINT16(virtpage_width, Exynos4210fimdWindow),
+ VMSTATE_UINT16(virtpage_offsize, Exynos4210fimdWindow),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+static const VMStateDescription exynos4210_fimd_vmstate = {
+ .name = "exynos4210.fimd",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .post_load = exynos4210_fimd_load,
+ .fields = (VMStateField[]) {
+ VMSTATE_UINT32_ARRAY(vidcon, Exynos4210fimdState, 4),
+ VMSTATE_UINT32_ARRAY(vidtcon, Exynos4210fimdState, 4),
+ VMSTATE_UINT32(shadowcon, Exynos4210fimdState),
+ VMSTATE_UINT32(winchmap, Exynos4210fimdState),
+ VMSTATE_UINT32_ARRAY(vidintcon, Exynos4210fimdState, 2),
+ VMSTATE_UINT32(dithmode, Exynos4210fimdState),
+ VMSTATE_UINT32_ARRAY(wpalcon, Exynos4210fimdState, 2),
+ VMSTATE_UINT32(trigcon, Exynos4210fimdState),
+ VMSTATE_UINT32_ARRAY(i80ifcon, Exynos4210fimdState, 4),
+ VMSTATE_UINT32(colorgaincon, Exynos4210fimdState),
+ VMSTATE_UINT32_ARRAY(ldi_cmdcon, Exynos4210fimdState, 2),
+ VMSTATE_UINT32_ARRAY(sifccon, Exynos4210fimdState, 3),
+ VMSTATE_UINT32_ARRAY(huecoef_cr, Exynos4210fimdState, 4),
+ VMSTATE_UINT32_ARRAY(huecoef_cb, Exynos4210fimdState, 4),
+ VMSTATE_UINT32(hueoffset, Exynos4210fimdState),
+ VMSTATE_UINT32_ARRAY(i80ifcmd, Exynos4210fimdState, 12),
+ VMSTATE_UINT32(blendcon, Exynos4210fimdState),
+ VMSTATE_STRUCT_ARRAY(window, Exynos4210fimdState, 5, 1,
+ exynos4210_fimd_window_vmstate, Exynos4210fimdWindow),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+static const GraphicHwOps exynos4210_fimd_ops = {
+ .invalidate = exynos4210_fimd_invalidate,
+ .gfx_update = exynos4210_fimd_update,
+};
+
+static int exynos4210_fimd_init(SysBusDevice *dev)
+{
+ Exynos4210fimdState *s = EXYNOS4210_FIMD(dev);
+
+ s->ifb = NULL;
+
+ sysbus_init_irq(dev, &s->irq[0]);
+ sysbus_init_irq(dev, &s->irq[1]);
+ sysbus_init_irq(dev, &s->irq[2]);
+
+ memory_region_init_io(&s->iomem, OBJECT(s), &exynos4210_fimd_mmio_ops, s,
+ "exynos4210.fimd", FIMD_REGS_SIZE);
+ sysbus_init_mmio(dev, &s->iomem);
+ s->console = graphic_console_init(DEVICE(dev), &exynos4210_fimd_ops, s);
+
+ return 0;
+}
+
+static void exynos4210_fimd_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
+
+ dc->vmsd = &exynos4210_fimd_vmstate;
+ dc->reset = exynos4210_fimd_reset;
+ k->init = exynos4210_fimd_init;
+}
+
+static const TypeInfo exynos4210_fimd_info = {
+ .name = TYPE_EXYNOS4210_FIMD,
+ .parent = TYPE_SYS_BUS_DEVICE,
+ .instance_size = sizeof(Exynos4210fimdState),
+ .class_init = exynos4210_fimd_class_init,
+};
+
+static void exynos4210_fimd_register_types(void)
+{
+ type_register_static(&exynos4210_fimd_info);
+}
+
+type_init(exynos4210_fimd_register_types)
diff --git a/hw/display/framebuffer.c b/hw/display/framebuffer.c
new file mode 100644
index 000000000..4546e4265
--- /dev/null
+++ b/hw/display/framebuffer.c
@@ -0,0 +1,113 @@
+/*
+ * Framebuffer device helper routines
+ *
+ * Copyright (c) 2009 CodeSourcery
+ * Written by Paul Brook <paul@codesourcery.com>
+ *
+ * This code is licensed under the GNU GPLv2.
+ *
+ * Contributions after 2012-01-13 are licensed under the terms of the
+ * GNU GPL, version 2 or (at your option) any later version.
+ */
+
+/* TODO:
+ - Do something similar for framebuffers with local ram
+ - Handle rotation here instead of hacking dest_pitch
+ - Use common pixel conversion routines instead of per-device drawfn
+ - Remove all DisplayState knowledge from devices.
+ */
+
+#include "hw/hw.h"
+#include "ui/console.h"
+#include "framebuffer.h"
+
+/* Render an image from a shared memory framebuffer. */
+
+void framebuffer_update_display(
+ DisplaySurface *ds,
+ MemoryRegion *address_space,
+ hwaddr base,
+ int cols, /* Width in pixels. */
+ int rows, /* Height in pixels. */
+ int src_width, /* Length of source line, in bytes. */
+ int dest_row_pitch, /* Bytes between adjacent horizontal output pixels. */
+ int dest_col_pitch, /* Bytes between adjacent vertical output pixels. */
+ int invalidate, /* nonzero to redraw the whole image. */
+ drawfn fn,
+ void *opaque,
+ int *first_row, /* Input and output. */
+ int *last_row /* Output only */)
+{
+ hwaddr src_len;
+ uint8_t *dest;
+ uint8_t *src;
+ uint8_t *src_base;
+ int first, last = 0;
+ int dirty;
+ int i;
+ ram_addr_t addr;
+ MemoryRegionSection mem_section;
+ MemoryRegion *mem;
+
+ i = *first_row;
+ *first_row = -1;
+ src_len = src_width * rows;
+
+ mem_section = memory_region_find(address_space, base, src_len);
+ mem = mem_section.mr;
+ if (int128_get64(mem_section.size) != src_len ||
+ !memory_region_is_ram(mem_section.mr)) {
+ goto out;
+ }
+ assert(mem);
+ assert(mem_section.offset_within_address_space == base);
+
+ memory_region_sync_dirty_bitmap(mem);
+ src_base = cpu_physical_memory_map(base, &src_len, 0);
+ /* If we can't map the framebuffer then bail. We could try harder,
+ but it's not really worth it as dirty flag tracking will probably
+ already have failed above. */
+ if (!src_base)
+ goto out;
+ if (src_len != src_width * rows) {
+ cpu_physical_memory_unmap(src_base, src_len, 0, 0);
+ goto out;
+ }
+ src = src_base;
+ dest = surface_data(ds);
+ if (dest_col_pitch < 0)
+ dest -= dest_col_pitch * (cols - 1);
+ if (dest_row_pitch < 0) {
+ dest -= dest_row_pitch * (rows - 1);
+ }
+ first = -1;
+ addr = mem_section.offset_within_region;
+
+ addr += i * src_width;
+ src += i * src_width;
+ dest += i * dest_row_pitch;
+
+ for (; i < rows; i++) {
+ dirty = memory_region_get_dirty(mem, addr, src_width,
+ DIRTY_MEMORY_VGA);
+ if (dirty || invalidate) {
+ fn(opaque, dest, src, cols, dest_col_pitch);
+ if (first == -1)
+ first = i;
+ last = i;
+ }
+ addr += src_width;
+ src += src_width;
+ dest += dest_row_pitch;
+ }
+ cpu_physical_memory_unmap(src_base, src_len, 0, 0);
+ if (first < 0) {
+ goto out;
+ }
+ memory_region_reset_dirty(mem, mem_section.offset_within_region, src_len,
+ DIRTY_MEMORY_VGA);
+ *first_row = first;
+ *last_row = last;
+out:
+ memory_region_unref(mem);
+}
diff --git a/hw/display/framebuffer.h b/hw/display/framebuffer.h
new file mode 100644
index 000000000..6eae035b7
--- /dev/null
+++ b/hw/display/framebuffer.h
@@ -0,0 +1,25 @@
+#ifndef QEMU_FRAMEBUFFER_H
+#define QEMU_FRAMEBUFFER_H
+
+#include "exec/memory.h"
+
+/* Framebuffer device helper routines. */
+
+typedef void (*drawfn)(void *, uint8_t *, const uint8_t *, int, int);
+
+void framebuffer_update_display(
+ DisplaySurface *ds,
+ MemoryRegion *address_space,
+ hwaddr base,
+ int cols,
+ int rows,
+ int src_width,
+ int dest_row_pitch,
+ int dest_col_pitch,
+ int invalidate,
+ drawfn fn,
+ void *opaque,
+ int *first_row,
+ int *last_row);
+
+#endif
diff --git a/hw/display/g364fb.c b/hw/display/g364fb.c
new file mode 100644
index 000000000..7082171b8
--- /dev/null
+++ b/hw/display/g364fb.c
@@ -0,0 +1,557 @@
+/*
+ * QEMU G364 framebuffer Emulator.
+ *
+ * Copyright (c) 2007-2011 Herve Poussineau
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License as
+ * published by the Free Software Foundation; either version 2 of
+ * the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "hw/hw.h"
+#include "ui/console.h"
+#include "ui/pixel_ops.h"
+#include "trace.h"
+#include "hw/sysbus.h"
+
+typedef struct G364State {
+ /* hardware */
+ uint8_t *vram;
+ uint32_t vram_size;
+ qemu_irq irq;
+ MemoryRegion mem_vram;
+ MemoryRegion mem_ctrl;
+ /* registers */
+ uint8_t color_palette[256][3];
+ uint8_t cursor_palette[3][3];
+ uint16_t cursor[512];
+ uint32_t cursor_position;
+ uint32_t ctla;
+ uint32_t top_of_screen;
+ uint32_t width, height; /* in pixels */
+ /* display refresh support */
+ QemuConsole *con;
+ int depth;
+ int blanked;
+} G364State;
+
+#define REG_BOOT 0x000000
+#define REG_DISPLAY 0x000118
+#define REG_VDISPLAY 0x000150
+#define REG_CTLA 0x000300
+#define REG_TOP 0x000400
+#define REG_CURS_PAL 0x000508
+#define REG_CURS_POS 0x000638
+#define REG_CLR_PAL 0x000800
+#define REG_CURS_PAT 0x001000
+#define REG_RESET 0x100000
+
+#define CTLA_FORCE_BLANK 0x00000400
+#define CTLA_NO_CURSOR 0x00800000
+
+#define G364_PAGE_SIZE 4096
+
+static inline int check_dirty(G364State *s, ram_addr_t page)
+{
+ return memory_region_get_dirty(&s->mem_vram, page, G364_PAGE_SIZE,
+ DIRTY_MEMORY_VGA);
+}
+
+static inline void reset_dirty(G364State *s,
+ ram_addr_t page_min, ram_addr_t page_max)
+{
+ memory_region_reset_dirty(&s->mem_vram,
+ page_min,
+ page_max + G364_PAGE_SIZE - page_min - 1,
+ DIRTY_MEMORY_VGA);
+}
+
+static void g364fb_draw_graphic8(G364State *s)
+{
+ DisplaySurface *surface = qemu_console_surface(s->con);
+ int i, w;
+ uint8_t *vram;
+ uint8_t *data_display, *dd;
+ ram_addr_t page, page_min, page_max;
+ int x, y;
+ int xmin, xmax;
+ int ymin, ymax;
+ int xcursor, ycursor;
+ unsigned int (*rgb_to_pixel)(unsigned int r, unsigned int g, unsigned int b);
+
+ switch (surface_bits_per_pixel(surface)) {
+ case 8:
+ rgb_to_pixel = rgb_to_pixel8;
+ w = 1;
+ break;
+ case 15:
+ rgb_to_pixel = rgb_to_pixel15;
+ w = 2;
+ break;
+ case 16:
+ rgb_to_pixel = rgb_to_pixel16;
+ w = 2;
+ break;
+ case 32:
+ rgb_to_pixel = rgb_to_pixel32;
+ w = 4;
+ break;
+ default:
+ hw_error("g364: unknown host depth %d",
+ surface_bits_per_pixel(surface));
+ return;
+ }
+
+ page = 0;
+ page_min = (ram_addr_t)-1;
+ page_max = 0;
+
+ x = y = 0;
+ xmin = s->width;
+ xmax = 0;
+ ymin = s->height;
+ ymax = 0;
+
+ if (!(s->ctla & CTLA_NO_CURSOR)) {
+ xcursor = s->cursor_position >> 12;
+ ycursor = s->cursor_position & 0xfff;
+ } else {
+ xcursor = ycursor = -65;
+ }
+
+ vram = s->vram + s->top_of_screen;
+ /* XXX: out of range in vram? */
+ data_display = dd = surface_data(surface);
+ while (y < s->height) {
+ if (check_dirty(s, page)) {
+ if (y < ymin)
+ ymin = ymax = y;
+ if (page_min == (ram_addr_t)-1)
+ page_min = page;
+ page_max = page;
+ if (x < xmin)
+ xmin = x;
+ for (i = 0; i < G364_PAGE_SIZE; i++) {
+ uint8_t index;
+ unsigned int color;
+ if (unlikely((y >= ycursor && y < ycursor + 64) &&
+ (x >= xcursor && x < xcursor + 64))) {
+ /* pointer area */
+ int xdiff = x - xcursor;
+ uint16_t curs = s->cursor[(y - ycursor) * 8 + xdiff / 8];
+ int op = (curs >> ((xdiff & 7) * 2)) & 3;
+ if (likely(op == 0)) {
+ /* transparent */
+ index = *vram;
+ color = (*rgb_to_pixel)(
+ s->color_palette[index][0],
+ s->color_palette[index][1],
+ s->color_palette[index][2]);
+ } else {
+ /* get cursor color */
+ index = op - 1;
+ color = (*rgb_to_pixel)(
+ s->cursor_palette[index][0],
+ s->cursor_palette[index][1],
+ s->cursor_palette[index][2]);
+ }
+ } else {
+ /* normal area */
+ index = *vram;
+ color = (*rgb_to_pixel)(
+ s->color_palette[index][0],
+ s->color_palette[index][1],
+ s->color_palette[index][2]);
+ }
+ memcpy(dd, &color, w);
+ dd += w;
+ x++;
+ vram++;
+ if (x == s->width) {
+ xmax = s->width - 1;
+ y++;
+ if (y == s->height) {
+ ymax = s->height - 1;
+ goto done;
+ }
+ data_display = dd = data_display + surface_stride(surface);
+ xmin = 0;
+ x = 0;
+ }
+ }
+ if (x > xmax)
+ xmax = x;
+ if (y > ymax)
+ ymax = y;
+ } else {
+ int dy;
+ if (page_min != (ram_addr_t)-1) {
+ reset_dirty(s, page_min, page_max);
+ page_min = (ram_addr_t)-1;
+ page_max = 0;
+ dpy_gfx_update(s->con, xmin, ymin,
+ xmax - xmin + 1, ymax - ymin + 1);
+ xmin = s->width;
+ xmax = 0;
+ ymin = s->height;
+ ymax = 0;
+ }
+ x += G364_PAGE_SIZE;
+ dy = x / s->width;
+ x = x % s->width;
+ y += dy;
+ vram += G364_PAGE_SIZE;
+ data_display += dy * surface_stride(surface);
+ dd = data_display + x * w;
+ }
+ page += G364_PAGE_SIZE;
+ }
+
+done:
+ if (page_min != (ram_addr_t)-1) {
+ dpy_gfx_update(s->con, xmin, ymin, xmax - xmin + 1, ymax - ymin + 1);
+ reset_dirty(s, page_min, page_max);
+ }
+}
+
+static void g364fb_draw_blank(G364State *s)
+{
+ DisplaySurface *surface = qemu_console_surface(s->con);
+ int i, w;
+ uint8_t *d;
+
+ if (s->blanked) {
+ /* Screen is already blank. No need to redraw it */
+ return;
+ }
+
+ w = s->width * surface_bytes_per_pixel(surface);
+ d = surface_data(surface);
+ for (i = 0; i < s->height; i++) {
+ memset(d, 0, w);
+ d += surface_stride(surface);
+ }
+
+ dpy_gfx_update(s->con, 0, 0, s->width, s->height);
+ s->blanked = 1;
+}
+
+static void g364fb_update_display(void *opaque)
+{
+ G364State *s = opaque;
+ DisplaySurface *surface = qemu_console_surface(s->con);
+
+ qemu_flush_coalesced_mmio_buffer();
+
+ if (s->width == 0 || s->height == 0)
+ return;
+
+ if (s->width != surface_width(surface) ||
+ s->height != surface_height(surface)) {
+ qemu_console_resize(s->con, s->width, s->height);
+ }
+
+ if (s->ctla & CTLA_FORCE_BLANK) {
+ g364fb_draw_blank(s);
+ } else if (s->depth == 8) {
+ g364fb_draw_graphic8(s);
+ } else {
+ error_report("g364: unknown guest depth %d", s->depth);
+ }
+
+ qemu_irq_raise(s->irq);
+}
+
+static inline void g364fb_invalidate_display(void *opaque)
+{
+ G364State *s = opaque;
+
+ s->blanked = 0;
+ memory_region_set_dirty(&s->mem_vram, 0, s->vram_size);
+}
+
+static void g364fb_reset(G364State *s)
+{
+ qemu_irq_lower(s->irq);
+
+ memset(s->color_palette, 0, sizeof(s->color_palette));
+ memset(s->cursor_palette, 0, sizeof(s->cursor_palette));
+ memset(s->cursor, 0, sizeof(s->cursor));
+ s->cursor_position = 0;
+ s->ctla = 0;
+ s->top_of_screen = 0;
+ s->width = s->height = 0;
+ memset(s->vram, 0, s->vram_size);
+ g364fb_invalidate_display(s);
+}
+
+/* called for accesses to io ports */
+static uint64_t g364fb_ctrl_read(void *opaque,
+ hwaddr addr,
+ unsigned int size)
+{
+ G364State *s = opaque;
+ uint32_t val;
+
+ if (addr >= REG_CURS_PAT && addr < REG_CURS_PAT + 0x1000) {
+ /* cursor pattern */
+ int idx = (addr - REG_CURS_PAT) >> 3;
+ val = s->cursor[idx];
+ } else if (addr >= REG_CURS_PAL && addr < REG_CURS_PAL + 0x18) {
+ /* cursor palette */
+ int idx = (addr - REG_CURS_PAL) >> 3;
+ val = ((uint32_t)s->cursor_palette[idx][0] << 16);
+ val |= ((uint32_t)s->cursor_palette[idx][1] << 8);
+ val |= ((uint32_t)s->cursor_palette[idx][2] << 0);
+ } else {
+ switch (addr) {
+ case REG_DISPLAY:
+ val = s->width / 4;
+ break;
+ case REG_VDISPLAY:
+ val = s->height * 2;
+ break;
+ case REG_CTLA:
+ val = s->ctla;
+ break;
+ default:
+ {
+ error_report("g364: invalid read at [" TARGET_FMT_plx "]",
+ addr);
+ val = 0;
+ break;
+ }
+ }
+ }
+
+ trace_g364fb_read(addr, val);
+
+ return val;
+}
+
+static void g364fb_update_depth(G364State *s)
+{
+ static const int depths[8] = { 1, 2, 4, 8, 15, 16, 0 };
+ s->depth = depths[(s->ctla & 0x00700000) >> 20];
+}
+
+static void g364_invalidate_cursor_position(G364State *s)
+{
+ DisplaySurface *surface = qemu_console_surface(s->con);
+ int ymin, ymax, start, end;
+
+ /* invalidate only near the cursor */
+ ymin = s->cursor_position & 0xfff;
+ ymax = MIN(s->height, ymin + 64);
+ start = ymin * surface_stride(surface);
+ end = (ymax + 1) * surface_stride(surface);
+
+ memory_region_set_dirty(&s->mem_vram, start, end - start);
+}
+
+static void g364fb_ctrl_write(void *opaque,
+ hwaddr addr,
+ uint64_t val,
+ unsigned int size)
+{
+ G364State *s = opaque;
+
+ trace_g364fb_write(addr, val);
+
+ if (addr >= REG_CLR_PAL && addr < REG_CLR_PAL + 0x800) {
+ /* color palette */
+ int idx = (addr - REG_CLR_PAL) >> 3;
+ s->color_palette[idx][0] = (val >> 16) & 0xff;
+ s->color_palette[idx][1] = (val >> 8) & 0xff;
+ s->color_palette[idx][2] = val & 0xff;
+ g364fb_invalidate_display(s);
+ } else if (addr >= REG_CURS_PAT && addr < REG_CURS_PAT + 0x1000) {
+ /* cursor pattern */
+ int idx = (addr - REG_CURS_PAT) >> 3;
+ s->cursor[idx] = val;
+ g364fb_invalidate_display(s);
+ } else if (addr >= REG_CURS_PAL && addr < REG_CURS_PAL + 0x18) {
+ /* cursor palette */
+ int idx = (addr - REG_CURS_PAL) >> 3;
+ s->cursor_palette[idx][0] = (val >> 16) & 0xff;
+ s->cursor_palette[idx][1] = (val >> 8) & 0xff;
+ s->cursor_palette[idx][2] = val & 0xff;
+ g364fb_invalidate_display(s);
+ } else {
+ switch (addr) {
+ case REG_BOOT: /* Boot timing */
+ case 0x00108: /* Line timing: half sync */
+ case 0x00110: /* Line timing: back porch */
+ case 0x00120: /* Line timing: short display */
+ case 0x00128: /* Frame timing: broad pulse */
+ case 0x00130: /* Frame timing: v sync */
+ case 0x00138: /* Frame timing: v preequalise */
+ case 0x00140: /* Frame timing: v postequalise */
+ case 0x00148: /* Frame timing: v blank */
+ case 0x00158: /* Line timing: line time */
+ case 0x00160: /* Frame store: line start */
+ case 0x00168: /* vram cycle: mem init */
+ case 0x00170: /* vram cycle: transfer delay */
+ case 0x00200: /* vram cycle: mask register */
+ /* ignore */
+ break;
+ case REG_TOP:
+ s->top_of_screen = val;
+ g364fb_invalidate_display(s);
+ break;
+ case REG_DISPLAY:
+ s->width = val * 4;
+ break;
+ case REG_VDISPLAY:
+ s->height = val / 2;
+ break;
+ case REG_CTLA:
+ s->ctla = val;
+ g364fb_update_depth(s);
+ g364fb_invalidate_display(s);
+ break;
+ case REG_CURS_POS:
+ g364_invalidate_cursor_position(s);
+ s->cursor_position = val;
+ g364_invalidate_cursor_position(s);
+ break;
+ case REG_RESET:
+ g364fb_reset(s);
+ break;
+ default:
+ error_report("g364: invalid write of 0x%" PRIx64
+ " at [" TARGET_FMT_plx "]", val, addr);
+ break;
+ }
+ }
+ qemu_irq_lower(s->irq);
+}
+
+static const MemoryRegionOps g364fb_ctrl_ops = {
+ .read = g364fb_ctrl_read,
+ .write = g364fb_ctrl_write,
+ .endianness = DEVICE_LITTLE_ENDIAN,
+ .impl.min_access_size = 4,
+ .impl.max_access_size = 4,
+};
+
+static int g364fb_post_load(void *opaque, int version_id)
+{
+ G364State *s = opaque;
+
+ /* force refresh */
+ g364fb_update_depth(s);
+ g364fb_invalidate_display(s);
+
+ return 0;
+}
+
+static const VMStateDescription vmstate_g364fb = {
+ .name = "g364fb",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .minimum_version_id_old = 1,
+ .post_load = g364fb_post_load,
+ .fields = (VMStateField[]) {
+ VMSTATE_VBUFFER_UINT32(vram, G364State, 1, NULL, 0, vram_size),
+ VMSTATE_BUFFER_UNSAFE(color_palette, G364State, 0, 256 * 3),
+ VMSTATE_BUFFER_UNSAFE(cursor_palette, G364State, 0, 9),
+ VMSTATE_UINT16_ARRAY(cursor, G364State, 512),
+ VMSTATE_UINT32(cursor_position, G364State),
+ VMSTATE_UINT32(ctla, G364State),
+ VMSTATE_UINT32(top_of_screen, G364State),
+ VMSTATE_UINT32(width, G364State),
+ VMSTATE_UINT32(height, G364State),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+static const GraphicHwOps g364fb_ops = {
+ .invalidate = g364fb_invalidate_display,
+ .gfx_update = g364fb_update_display,
+};
+
+static void g364fb_init(DeviceState *dev, G364State *s)
+{
+ s->vram = g_malloc0(s->vram_size);
+
+ s->con = graphic_console_init(dev, &g364fb_ops, s);
+
+ memory_region_init_io(&s->mem_ctrl, NULL, &g364fb_ctrl_ops, s, "ctrl", 0x180000);
+ memory_region_init_ram_ptr(&s->mem_vram, NULL, "vram",
+ s->vram_size, s->vram);
+ vmstate_register_ram(&s->mem_vram, dev);
+ memory_region_set_coalescing(&s->mem_vram);
+}
+
+#define TYPE_G364 "sysbus-g364"
+#define G364(obj) OBJECT_CHECK(G364SysBusState, (obj), TYPE_G364)
+
+typedef struct {
+ SysBusDevice parent_obj;
+
+ G364State g364;
+} G364SysBusState;
+
+static int g364fb_sysbus_init(SysBusDevice *sbd)
+{
+ DeviceState *dev = DEVICE(sbd);
+ G364SysBusState *sbs = G364(dev);
+ G364State *s = &sbs->g364;
+
+ g364fb_init(dev, s);
+ sysbus_init_irq(sbd, &s->irq);
+ sysbus_init_mmio(sbd, &s->mem_ctrl);
+ sysbus_init_mmio(sbd, &s->mem_vram);
+
+ return 0;
+}
+
+static void g364fb_sysbus_reset(DeviceState *d)
+{
+ G364SysBusState *s = G364(d);
+
+ g364fb_reset(&s->g364);
+}
+
+static Property g364fb_sysbus_properties[] = {
+ DEFINE_PROP_HEX32("vram_size", G364SysBusState, g364.vram_size,
+ 8 * 1024 * 1024),
+ DEFINE_PROP_END_OF_LIST(),
+};
+
+static void g364fb_sysbus_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
+
+ k->init = g364fb_sysbus_init;
+ set_bit(DEVICE_CATEGORY_DISPLAY, dc->categories);
+ dc->desc = "G364 framebuffer";
+ dc->reset = g364fb_sysbus_reset;
+ dc->vmsd = &vmstate_g364fb;
+ dc->props = g364fb_sysbus_properties;
+}
+
+static const TypeInfo g364fb_sysbus_info = {
+ .name = TYPE_G364,
+ .parent = TYPE_SYS_BUS_DEVICE,
+ .instance_size = sizeof(G364SysBusState),
+ .class_init = g364fb_sysbus_class_init,
+};
+
+static void g364fb_register_types(void)
+{
+ type_register_static(&g364fb_sysbus_info);
+}
+
+type_init(g364fb_register_types)
diff --git a/hw/display/jazz_led.c b/hw/display/jazz_led.c
new file mode 100644
index 000000000..8407e6c2e
--- /dev/null
+++ b/hw/display/jazz_led.c
@@ -0,0 +1,311 @@
+/*
+ * QEMU JAZZ LED emulator.
+ *
+ * Copyright (c) 2007-2012 Herve Poussineau
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+#include "qemu-common.h"
+#include "ui/console.h"
+#include "ui/pixel_ops.h"
+#include "trace.h"
+#include "hw/sysbus.h"
+
+typedef enum {
+ REDRAW_NONE = 0, REDRAW_SEGMENTS = 1, REDRAW_BACKGROUND = 2,
+} screen_state_t;
+
+#define TYPE_JAZZ_LED "jazz-led"
+#define JAZZ_LED(obj) OBJECT_CHECK(LedState, (obj), TYPE_JAZZ_LED)
+
+typedef struct LedState {
+ SysBusDevice parent_obj;
+
+ MemoryRegion iomem;
+ uint8_t segments;
+ QemuConsole *con;
+ screen_state_t state;
+} LedState;
+
+static uint64_t jazz_led_read(void *opaque, hwaddr addr,
+ unsigned int size)
+{
+ LedState *s = opaque;
+ uint8_t val;
+
+ val = s->segments;
+ trace_jazz_led_read(addr, val);
+
+ return val;
+}
+
+static void jazz_led_write(void *opaque, hwaddr addr,
+ uint64_t val, unsigned int size)
+{
+ LedState *s = opaque;
+ uint8_t new_val = val & 0xff;
+
+ trace_jazz_led_write(addr, new_val);
+
+ s->segments = new_val;
+ s->state |= REDRAW_SEGMENTS;
+}
+
+static const MemoryRegionOps led_ops = {
+ .read = jazz_led_read,
+ .write = jazz_led_write,
+ .endianness = DEVICE_NATIVE_ENDIAN,
+ .impl.min_access_size = 1,
+ .impl.max_access_size = 1,
+};
+
+/***********************************************************/
+/* jazz_led display */
+
+static void draw_horizontal_line(DisplaySurface *ds,
+ int posy, int posx1, int posx2,
+ uint32_t color)
+{
+ uint8_t *d;
+ int x, bpp;
+
+ bpp = (surface_bits_per_pixel(ds) + 7) >> 3;
+ d = surface_data(ds) + surface_stride(ds) * posy + bpp * posx1;
+ switch(bpp) {
+ case 1:
+ for (x = posx1; x <= posx2; x++) {
+ *((uint8_t *)d) = color;
+ d++;
+ }
+ break;
+ case 2:
+ for (x = posx1; x <= posx2; x++) {
+ *((uint16_t *)d) = color;
+ d += 2;
+ }
+ break;
+ case 4:
+ for (x = posx1; x <= posx2; x++) {
+ *((uint32_t *)d) = color;
+ d += 4;
+ }
+ break;
+ }
+}
+
+static void draw_vertical_line(DisplaySurface *ds,
+ int posx, int posy1, int posy2,
+ uint32_t color)
+{
+ uint8_t *d;
+ int y, bpp;
+
+ bpp = (surface_bits_per_pixel(ds) + 7) >> 3;
+ d = surface_data(ds) + surface_stride(ds) * posy1 + bpp * posx;
+ switch(bpp) {
+ case 1:
+ for (y = posy1; y <= posy2; y++) {
+ *((uint8_t *)d) = color;
+ d += surface_stride(ds);
+ }
+ break;
+ case 2:
+ for (y = posy1; y <= posy2; y++) {
+ *((uint16_t *)d) = color;
+ d += surface_stride(ds);
+ }
+ break;
+ case 4:
+ for (y = posy1; y <= posy2; y++) {
+ *((uint32_t *)d) = color;
+ d += surface_stride(ds);
+ }
+ break;
+ }
+}
+
+static void jazz_led_update_display(void *opaque)
+{
+ LedState *s = opaque;
+ DisplaySurface *surface = qemu_console_surface(s->con);
+ uint8_t *d1;
+ uint32_t color_segment, color_led;
+ int y, bpp;
+
+ if (s->state & REDRAW_BACKGROUND) {
+ /* clear screen */
+ bpp = (surface_bits_per_pixel(surface) + 7) >> 3;
+ d1 = surface_data(surface);
+ for (y = 0; y < surface_height(surface); y++) {
+ memset(d1, 0x00, surface_width(surface) * bpp);
+ d1 += surface_stride(surface);
+ }
+ }
+
+ if (s->state & REDRAW_SEGMENTS) {
+ /* set colors according to bpp */
+ switch (surface_bits_per_pixel(surface)) {
+ case 8:
+ color_segment = rgb_to_pixel8(0xaa, 0xaa, 0xaa);
+ color_led = rgb_to_pixel8(0x00, 0xff, 0x00);
+ break;
+ case 15:
+ color_segment = rgb_to_pixel15(0xaa, 0xaa, 0xaa);
+ color_led = rgb_to_pixel15(0x00, 0xff, 0x00);
+ break;
+ case 16:
+ color_segment = rgb_to_pixel16(0xaa, 0xaa, 0xaa);
+ color_led = rgb_to_pixel16(0x00, 0xff, 0x00);
+ case 24:
+ color_segment = rgb_to_pixel24(0xaa, 0xaa, 0xaa);
+ color_led = rgb_to_pixel24(0x00, 0xff, 0x00);
+ break;
+ case 32:
+ color_segment = rgb_to_pixel32(0xaa, 0xaa, 0xaa);
+ color_led = rgb_to_pixel32(0x00, 0xff, 0x00);
+ break;
+ default:
+ return;
+ }
+
+ /* display segments */
+ draw_horizontal_line(surface, 40, 10, 40,
+ (s->segments & 0x02) ? color_segment : 0);
+ draw_vertical_line(surface, 10, 10, 40,
+ (s->segments & 0x04) ? color_segment : 0);
+ draw_vertical_line(surface, 10, 40, 70,
+ (s->segments & 0x08) ? color_segment : 0);
+ draw_horizontal_line(surface, 70, 10, 40,
+ (s->segments & 0x10) ? color_segment : 0);
+ draw_vertical_line(surface, 40, 40, 70,
+ (s->segments & 0x20) ? color_segment : 0);
+ draw_vertical_line(surface, 40, 10, 40,
+ (s->segments & 0x40) ? color_segment : 0);
+ draw_horizontal_line(surface, 10, 10, 40,
+ (s->segments & 0x80) ? color_segment : 0);
+
+ /* display led */
+ if (!(s->segments & 0x01))
+ color_led = 0; /* black */
+ draw_horizontal_line(surface, 68, 50, 50, color_led);
+ draw_horizontal_line(surface, 69, 49, 51, color_led);
+ draw_horizontal_line(surface, 70, 48, 52, color_led);
+ draw_horizontal_line(surface, 71, 49, 51, color_led);
+ draw_horizontal_line(surface, 72, 50, 50, color_led);
+ }
+
+ s->state = REDRAW_NONE;
+ dpy_gfx_update(s->con, 0, 0,
+ surface_width(surface), surface_height(surface));
+}
+
+static void jazz_led_invalidate_display(void *opaque)
+{
+ LedState *s = opaque;
+ s->state |= REDRAW_SEGMENTS | REDRAW_BACKGROUND;
+}
+
+static void jazz_led_text_update(void *opaque, console_ch_t *chardata)
+{
+ LedState *s = opaque;
+ char buf[2];
+
+ dpy_text_cursor(s->con, -1, -1);
+ qemu_console_resize(s->con, 2, 1);
+
+ /* TODO: draw the segments */
+ snprintf(buf, 2, "%02hhx\n", s->segments);
+ console_write_ch(chardata++, 0x00200100 | buf[0]);
+ console_write_ch(chardata++, 0x00200100 | buf[1]);
+
+ dpy_text_update(s->con, 0, 0, 2, 1);
+}
+
+static int jazz_led_post_load(void *opaque, int version_id)
+{
+ /* force refresh */
+ jazz_led_invalidate_display(opaque);
+
+ return 0;
+}
+
+static const VMStateDescription vmstate_jazz_led = {
+ .name = "jazz-led",
+ .version_id = 0,
+ .minimum_version_id = 0,
+ .minimum_version_id_old = 0,
+ .post_load = jazz_led_post_load,
+ .fields = (VMStateField[]) {
+ VMSTATE_UINT8(segments, LedState),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+static const GraphicHwOps jazz_led_ops = {
+ .invalidate = jazz_led_invalidate_display,
+ .gfx_update = jazz_led_update_display,
+ .text_update = jazz_led_text_update,
+};
+
+static int jazz_led_init(SysBusDevice *dev)
+{
+ LedState *s = JAZZ_LED(dev);
+
+ memory_region_init_io(&s->iomem, OBJECT(s), &led_ops, s, "led", 1);
+ sysbus_init_mmio(dev, &s->iomem);
+
+ s->con = graphic_console_init(DEVICE(dev), &jazz_led_ops, s);
+
+ return 0;
+}
+
+static void jazz_led_reset(DeviceState *d)
+{
+ LedState *s = JAZZ_LED(d);
+
+ s->segments = 0;
+ s->state = REDRAW_SEGMENTS | REDRAW_BACKGROUND;
+ qemu_console_resize(s->con, 60, 80);
+}
+
+static void jazz_led_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
+
+ k->init = jazz_led_init;
+ dc->desc = "Jazz LED display",
+ dc->vmsd = &vmstate_jazz_led;
+ dc->reset = jazz_led_reset;
+}
+
+static const TypeInfo jazz_led_info = {
+ .name = TYPE_JAZZ_LED,
+ .parent = TYPE_SYS_BUS_DEVICE,
+ .instance_size = sizeof(LedState),
+ .class_init = jazz_led_class_init,
+};
+
+static void jazz_led_register(void)
+{
+ type_register_static(&jazz_led_info);
+}
+
+type_init(jazz_led_register);
diff --git a/hw/display/milkymist-tmu2.c b/hw/display/milkymist-tmu2.c
new file mode 100644
index 000000000..b2a5fba0f
--- /dev/null
+++ b/hw/display/milkymist-tmu2.c
@@ -0,0 +1,495 @@
+/*
+ * QEMU model of the Milkymist texture mapping unit.
+ *
+ * Copyright (c) 2010 Michael Walle <michael@walle.cc>
+ * Copyright (c) 2010 Sebastien Bourdeauducq
+ * <sebastien.bourdeauducq@lekernel.net>
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, see <http://www.gnu.org/licenses/>.
+ *
+ *
+ * Specification available at:
+ * http://www.milkymist.org/socdoc/tmu2.pdf
+ *
+ */
+
+#include "hw/hw.h"
+#include "hw/sysbus.h"
+#include "trace.h"
+#include "qemu/error-report.h"
+
+#include <X11/Xlib.h>
+#include <GL/gl.h>
+#include <GL/glx.h>
+
+enum {
+ R_CTL = 0,
+ R_HMESHLAST,
+ R_VMESHLAST,
+ R_BRIGHTNESS,
+ R_CHROMAKEY,
+ R_VERTICESADDR,
+ R_TEXFBUF,
+ R_TEXHRES,
+ R_TEXVRES,
+ R_TEXHMASK,
+ R_TEXVMASK,
+ R_DSTFBUF,
+ R_DSTHRES,
+ R_DSTVRES,
+ R_DSTHOFFSET,
+ R_DSTVOFFSET,
+ R_DSTSQUAREW,
+ R_DSTSQUAREH,
+ R_ALPHA,
+ R_MAX
+};
+
+enum {
+ CTL_START_BUSY = (1<<0),
+ CTL_CHROMAKEY = (1<<1),
+};
+
+enum {
+ MAX_BRIGHTNESS = 63,
+ MAX_ALPHA = 63,
+};
+
+enum {
+ MESH_MAXSIZE = 128,
+};
+
+struct vertex {
+ int x;
+ int y;
+} QEMU_PACKED;
+
+#define TYPE_MILKYMIST_TMU2 "milkymist-tmu2"
+#define MILKYMIST_TMU2(obj) \
+ OBJECT_CHECK(MilkymistTMU2State, (obj), TYPE_MILKYMIST_TMU2)
+
+struct MilkymistTMU2State {
+ SysBusDevice parent_obj;
+
+ MemoryRegion regs_region;
+ CharDriverState *chr;
+ qemu_irq irq;
+
+ uint32_t regs[R_MAX];
+
+ Display *dpy;
+ GLXFBConfig glx_fb_config;
+ GLXContext glx_context;
+};
+typedef struct MilkymistTMU2State MilkymistTMU2State;
+
+static const int glx_fbconfig_attr[] = {
+ GLX_GREEN_SIZE, 5,
+ GLX_GREEN_SIZE, 6,
+ GLX_BLUE_SIZE, 5,
+ None
+};
+
+static int tmu2_glx_init(MilkymistTMU2State *s)
+{
+ GLXFBConfig *configs;
+ int nelements;
+
+ s->dpy = XOpenDisplay(NULL); /* FIXME: call XCloseDisplay() */
+ if (s->dpy == NULL) {
+ return 1;
+ }
+
+ configs = glXChooseFBConfig(s->dpy, 0, glx_fbconfig_attr, &nelements);
+ if (configs == NULL) {
+ return 1;
+ }
+
+ s->glx_fb_config = *configs;
+ XFree(configs);
+
+ /* FIXME: call glXDestroyContext() */
+ s->glx_context = glXCreateNewContext(s->dpy, s->glx_fb_config,
+ GLX_RGBA_TYPE, NULL, 1);
+ if (s->glx_context == NULL) {
+ return 1;
+ }
+
+ return 0;
+}
+
+static void tmu2_gl_map(struct vertex *mesh, int texhres, int texvres,
+ int hmeshlast, int vmeshlast, int ho, int vo, int sw, int sh)
+{
+ int x, y;
+ int x0, y0, x1, y1;
+ int u0, v0, u1, v1, u2, v2, u3, v3;
+ double xscale = 1.0 / ((double)(64 * texhres));
+ double yscale = 1.0 / ((double)(64 * texvres));
+
+ glLoadIdentity();
+ glTranslatef(ho, vo, 0);
+ glEnable(GL_TEXTURE_2D);
+ glBegin(GL_QUADS);
+
+ for (y = 0; y < vmeshlast; y++) {
+ y0 = y * sh;
+ y1 = y0 + sh;
+ for (x = 0; x < hmeshlast; x++) {
+ x0 = x * sw;
+ x1 = x0 + sw;
+
+ u0 = be32_to_cpu(mesh[MESH_MAXSIZE * y + x].x);
+ v0 = be32_to_cpu(mesh[MESH_MAXSIZE * y + x].y);
+ u1 = be32_to_cpu(mesh[MESH_MAXSIZE * y + x + 1].x);
+ v1 = be32_to_cpu(mesh[MESH_MAXSIZE * y + x + 1].y);
+ u2 = be32_to_cpu(mesh[MESH_MAXSIZE * (y + 1) + x + 1].x);
+ v2 = be32_to_cpu(mesh[MESH_MAXSIZE * (y + 1) + x + 1].y);
+ u3 = be32_to_cpu(mesh[MESH_MAXSIZE * (y + 1) + x].x);
+ v3 = be32_to_cpu(mesh[MESH_MAXSIZE * (y + 1) + x].y);
+
+ glTexCoord2d(((double)u0) * xscale, ((double)v0) * yscale);
+ glVertex3i(x0, y0, 0);
+ glTexCoord2d(((double)u1) * xscale, ((double)v1) * yscale);
+ glVertex3i(x1, y0, 0);
+ glTexCoord2d(((double)u2) * xscale, ((double)v2) * yscale);
+ glVertex3i(x1, y1, 0);
+ glTexCoord2d(((double)u3) * xscale, ((double)v3) * yscale);
+ glVertex3i(x0, y1, 0);
+ }
+ }
+
+ glEnd();
+}
+
+static void tmu2_start(MilkymistTMU2State *s)
+{
+ int pbuffer_attrib[6] = {
+ GLX_PBUFFER_WIDTH,
+ 0,
+ GLX_PBUFFER_HEIGHT,
+ 0,
+ GLX_PRESERVED_CONTENTS,
+ True
+ };
+
+ GLXPbuffer pbuffer;
+ GLuint texture;
+ void *fb;
+ hwaddr fb_len;
+ void *mesh;
+ hwaddr mesh_len;
+ float m;
+
+ trace_milkymist_tmu2_start();
+
+ /* Create and set up a suitable OpenGL context */
+ pbuffer_attrib[1] = s->regs[R_DSTHRES];
+ pbuffer_attrib[3] = s->regs[R_DSTVRES];
+ pbuffer = glXCreatePbuffer(s->dpy, s->glx_fb_config, pbuffer_attrib);
+ glXMakeContextCurrent(s->dpy, pbuffer, pbuffer, s->glx_context);
+
+ /* Fixup endianness. TODO: would it work on BE hosts? */
+ glPixelStorei(GL_UNPACK_SWAP_BYTES, 1);
+ glPixelStorei(GL_PACK_SWAP_BYTES, 1);
+
+ /* Row alignment */
+ glPixelStorei(GL_UNPACK_ALIGNMENT, 2);
+ glPixelStorei(GL_PACK_ALIGNMENT, 2);
+
+ /* Read the QEMU source framebuffer into an OpenGL texture */
+ glGenTextures(1, &texture);
+ glBindTexture(GL_TEXTURE_2D, texture);
+ fb_len = 2*s->regs[R_TEXHRES]*s->regs[R_TEXVRES];
+ fb = cpu_physical_memory_map(s->regs[R_TEXFBUF], &fb_len, 0);
+ if (fb == NULL) {
+ glDeleteTextures(1, &texture);
+ glXMakeContextCurrent(s->dpy, None, None, NULL);
+ glXDestroyPbuffer(s->dpy, pbuffer);
+ return;
+ }
+ glTexImage2D(GL_TEXTURE_2D, 0, 3, s->regs[R_TEXHRES], s->regs[R_TEXVRES],
+ 0, GL_RGB, GL_UNSIGNED_SHORT_5_6_5, fb);
+ cpu_physical_memory_unmap(fb, fb_len, 0, fb_len);
+
+ /* Set up texturing options */
+ /* WARNING:
+ * Many cases of TMU2 masking are not supported by OpenGL.
+ * We only implement the most common ones:
+ * - full bilinear filtering vs. nearest texel
+ * - texture clamping vs. texture wrapping
+ */
+ if ((s->regs[R_TEXHMASK] & 0x3f) > 0x20) {
+ glTexParameteri(GL_TEXTURE_2D, GL_TEXTURE_MIN_FILTER, GL_LINEAR);
+ glTexParameteri(GL_TEXTURE_2D, GL_TEXTURE_MAG_FILTER, GL_LINEAR);
+ } else {
+ glTexParameteri(GL_TEXTURE_2D, GL_TEXTURE_MIN_FILTER, GL_NEAREST);
+ glTexParameteri(GL_TEXTURE_2D, GL_TEXTURE_MAG_FILTER, GL_NEAREST);
+ }
+ if ((s->regs[R_TEXHMASK] >> 6) & s->regs[R_TEXHRES]) {
+ glTexParameteri(GL_TEXTURE_2D, GL_TEXTURE_WRAP_S, GL_CLAMP);
+ } else {
+ glTexParameteri(GL_TEXTURE_2D, GL_TEXTURE_WRAP_S, GL_REPEAT);
+ }
+ if ((s->regs[R_TEXVMASK] >> 6) & s->regs[R_TEXVRES]) {
+ glTexParameteri(GL_TEXTURE_2D, GL_TEXTURE_WRAP_T, GL_CLAMP);
+ } else {
+ glTexParameteri(GL_TEXTURE_2D, GL_TEXTURE_WRAP_T, GL_REPEAT);
+ }
+
+ /* Translucency and decay */
+ glEnable(GL_BLEND);
+ glBlendFunc(GL_SRC_ALPHA, GL_ONE_MINUS_SRC_ALPHA);
+ m = (float)(s->regs[R_BRIGHTNESS] + 1) / 64.0f;
+ glColor4f(m, m, m, (float)(s->regs[R_ALPHA] + 1) / 64.0f);
+
+ /* Read the QEMU dest. framebuffer into the OpenGL framebuffer */
+ fb_len = 2 * s->regs[R_DSTHRES] * s->regs[R_DSTVRES];
+ fb = cpu_physical_memory_map(s->regs[R_DSTFBUF], &fb_len, 0);
+ if (fb == NULL) {
+ glDeleteTextures(1, &texture);
+ glXMakeContextCurrent(s->dpy, None, None, NULL);
+ glXDestroyPbuffer(s->dpy, pbuffer);
+ return;
+ }
+
+ glDrawPixels(s->regs[R_DSTHRES], s->regs[R_DSTVRES], GL_RGB,
+ GL_UNSIGNED_SHORT_5_6_5, fb);
+ cpu_physical_memory_unmap(fb, fb_len, 0, fb_len);
+ glViewport(0, 0, s->regs[R_DSTHRES], s->regs[R_DSTVRES]);
+ glMatrixMode(GL_PROJECTION);
+ glLoadIdentity();
+ glOrtho(0.0, s->regs[R_DSTHRES], 0.0, s->regs[R_DSTVRES], -1.0, 1.0);
+ glMatrixMode(GL_MODELVIEW);
+
+ /* Map the texture */
+ mesh_len = MESH_MAXSIZE*MESH_MAXSIZE*sizeof(struct vertex);
+ mesh = cpu_physical_memory_map(s->regs[R_VERTICESADDR], &mesh_len, 0);
+ if (mesh == NULL) {
+ glDeleteTextures(1, &texture);
+ glXMakeContextCurrent(s->dpy, None, None, NULL);
+ glXDestroyPbuffer(s->dpy, pbuffer);
+ return;
+ }
+
+ tmu2_gl_map((struct vertex *)mesh,
+ s->regs[R_TEXHRES], s->regs[R_TEXVRES],
+ s->regs[R_HMESHLAST], s->regs[R_VMESHLAST],
+ s->regs[R_DSTHOFFSET], s->regs[R_DSTVOFFSET],
+ s->regs[R_DSTSQUAREW], s->regs[R_DSTSQUAREH]);
+ cpu_physical_memory_unmap(mesh, mesh_len, 0, mesh_len);
+
+ /* Write back the OpenGL framebuffer to the QEMU framebuffer */
+ fb_len = 2 * s->regs[R_DSTHRES] * s->regs[R_DSTVRES];
+ fb = cpu_physical_memory_map(s->regs[R_DSTFBUF], &fb_len, 1);
+ if (fb == NULL) {
+ glDeleteTextures(1, &texture);
+ glXMakeContextCurrent(s->dpy, None, None, NULL);
+ glXDestroyPbuffer(s->dpy, pbuffer);
+ return;
+ }
+
+ glReadPixels(0, 0, s->regs[R_DSTHRES], s->regs[R_DSTVRES], GL_RGB,
+ GL_UNSIGNED_SHORT_5_6_5, fb);
+ cpu_physical_memory_unmap(fb, fb_len, 1, fb_len);
+
+ /* Free OpenGL allocs */
+ glDeleteTextures(1, &texture);
+ glXMakeContextCurrent(s->dpy, None, None, NULL);
+ glXDestroyPbuffer(s->dpy, pbuffer);
+
+ s->regs[R_CTL] &= ~CTL_START_BUSY;
+
+ trace_milkymist_tmu2_pulse_irq();
+ qemu_irq_pulse(s->irq);
+}
+
+static uint64_t tmu2_read(void *opaque, hwaddr addr,
+ unsigned size)
+{
+ MilkymistTMU2State *s = opaque;
+ uint32_t r = 0;
+
+ addr >>= 2;
+ switch (addr) {
+ case R_CTL:
+ case R_HMESHLAST:
+ case R_VMESHLAST:
+ case R_BRIGHTNESS:
+ case R_CHROMAKEY:
+ case R_VERTICESADDR:
+ case R_TEXFBUF:
+ case R_TEXHRES:
+ case R_TEXVRES:
+ case R_TEXHMASK:
+ case R_TEXVMASK:
+ case R_DSTFBUF:
+ case R_DSTHRES:
+ case R_DSTVRES:
+ case R_DSTHOFFSET:
+ case R_DSTVOFFSET:
+ case R_DSTSQUAREW:
+ case R_DSTSQUAREH:
+ case R_ALPHA:
+ r = s->regs[addr];
+ break;
+
+ default:
+ error_report("milkymist_tmu2: read access to unknown register 0x"
+ TARGET_FMT_plx, addr << 2);
+ break;
+ }
+
+ trace_milkymist_tmu2_memory_read(addr << 2, r);
+
+ return r;
+}
+
+static void tmu2_check_registers(MilkymistTMU2State *s)
+{
+ if (s->regs[R_BRIGHTNESS] > MAX_BRIGHTNESS) {
+ error_report("milkymist_tmu2: max brightness is %d", MAX_BRIGHTNESS);
+ }
+
+ if (s->regs[R_ALPHA] > MAX_ALPHA) {
+ error_report("milkymist_tmu2: max alpha is %d", MAX_ALPHA);
+ }
+
+ if (s->regs[R_VERTICESADDR] & 0x07) {
+ error_report("milkymist_tmu2: vertex mesh address has to be 64-bit "
+ "aligned");
+ }
+
+ if (s->regs[R_TEXFBUF] & 0x01) {
+ error_report("milkymist_tmu2: texture buffer address has to be "
+ "16-bit aligned");
+ }
+}
+
+static void tmu2_write(void *opaque, hwaddr addr, uint64_t value,
+ unsigned size)
+{
+ MilkymistTMU2State *s = opaque;
+
+ trace_milkymist_tmu2_memory_write(addr, value);
+
+ addr >>= 2;
+ switch (addr) {
+ case R_CTL:
+ s->regs[addr] = value;
+ if (value & CTL_START_BUSY) {
+ tmu2_start(s);
+ }
+ break;
+ case R_BRIGHTNESS:
+ case R_HMESHLAST:
+ case R_VMESHLAST:
+ case R_CHROMAKEY:
+ case R_VERTICESADDR:
+ case R_TEXFBUF:
+ case R_TEXHRES:
+ case R_TEXVRES:
+ case R_TEXHMASK:
+ case R_TEXVMASK:
+ case R_DSTFBUF:
+ case R_DSTHRES:
+ case R_DSTVRES:
+ case R_DSTHOFFSET:
+ case R_DSTVOFFSET:
+ case R_DSTSQUAREW:
+ case R_DSTSQUAREH:
+ case R_ALPHA:
+ s->regs[addr] = value;
+ break;
+
+ default:
+ error_report("milkymist_tmu2: write access to unknown register 0x"
+ TARGET_FMT_plx, addr << 2);
+ break;
+ }
+
+ tmu2_check_registers(s);
+}
+
+static const MemoryRegionOps tmu2_mmio_ops = {
+ .read = tmu2_read,
+ .write = tmu2_write,
+ .valid = {
+ .min_access_size = 4,
+ .max_access_size = 4,
+ },
+ .endianness = DEVICE_NATIVE_ENDIAN,
+};
+
+static void milkymist_tmu2_reset(DeviceState *d)
+{
+ MilkymistTMU2State *s = MILKYMIST_TMU2(d);
+ int i;
+
+ for (i = 0; i < R_MAX; i++) {
+ s->regs[i] = 0;
+ }
+}
+
+static int milkymist_tmu2_init(SysBusDevice *dev)
+{
+ MilkymistTMU2State *s = MILKYMIST_TMU2(dev);
+
+ if (tmu2_glx_init(s)) {
+ return 1;
+ }
+
+ sysbus_init_irq(dev, &s->irq);
+
+ memory_region_init_io(&s->regs_region, OBJECT(s), &tmu2_mmio_ops, s,
+ "milkymist-tmu2", R_MAX * 4);
+ sysbus_init_mmio(dev, &s->regs_region);
+
+ return 0;
+}
+
+static const VMStateDescription vmstate_milkymist_tmu2 = {
+ .name = "milkymist-tmu2",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .minimum_version_id_old = 1,
+ .fields = (VMStateField[]) {
+ VMSTATE_UINT32_ARRAY(regs, MilkymistTMU2State, R_MAX),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+static void milkymist_tmu2_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
+
+ k->init = milkymist_tmu2_init;
+ dc->reset = milkymist_tmu2_reset;
+ dc->vmsd = &vmstate_milkymist_tmu2;
+}
+
+static const TypeInfo milkymist_tmu2_info = {
+ .name = TYPE_MILKYMIST_TMU2,
+ .parent = TYPE_SYS_BUS_DEVICE,
+ .instance_size = sizeof(MilkymistTMU2State),
+ .class_init = milkymist_tmu2_class_init,
+};
+
+static void milkymist_tmu2_register_types(void)
+{
+ type_register_static(&milkymist_tmu2_info);
+}
+
+type_init(milkymist_tmu2_register_types)
diff --git a/hw/display/milkymist-vgafb.c b/hw/display/milkymist-vgafb.c
new file mode 100644
index 000000000..5150cb48b
--- /dev/null
+++ b/hw/display/milkymist-vgafb.c
@@ -0,0 +1,345 @@
+
+/*
+ * QEMU model of the Milkymist VGA framebuffer.
+ *
+ * Copyright (c) 2010-2012 Michael Walle <michael@walle.cc>
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, see <http://www.gnu.org/licenses/>.
+ *
+ *
+ * Specification available at:
+ * http://www.milkymist.org/socdoc/vgafb.pdf
+ */
+
+#include "hw/hw.h"
+#include "hw/sysbus.h"
+#include "trace.h"
+#include "ui/console.h"
+#include "framebuffer.h"
+#include "ui/pixel_ops.h"
+#include "qemu/error-report.h"
+
+#define BITS 8
+#include "milkymist-vgafb_template.h"
+#define BITS 15
+#include "milkymist-vgafb_template.h"
+#define BITS 16
+#include "milkymist-vgafb_template.h"
+#define BITS 24
+#include "milkymist-vgafb_template.h"
+#define BITS 32
+#include "milkymist-vgafb_template.h"
+
+enum {
+ R_CTRL = 0,
+ R_HRES,
+ R_HSYNC_START,
+ R_HSYNC_END,
+ R_HSCAN,
+ R_VRES,
+ R_VSYNC_START,
+ R_VSYNC_END,
+ R_VSCAN,
+ R_BASEADDRESS,
+ R_BASEADDRESS_ACT,
+ R_BURST_COUNT,
+ R_DDC,
+ R_SOURCE_CLOCK,
+ R_MAX
+};
+
+enum {
+ CTRL_RESET = (1<<0),
+};
+
+#define TYPE_MILKYMIST_VGAFB "milkymist-vgafb"
+#define MILKYMIST_VGAFB(obj) \
+ OBJECT_CHECK(MilkymistVgafbState, (obj), TYPE_MILKYMIST_VGAFB)
+
+struct MilkymistVgafbState {
+ SysBusDevice parent_obj;
+
+ MemoryRegion regs_region;
+ QemuConsole *con;
+
+ int invalidate;
+ uint32_t fb_offset;
+ uint32_t fb_mask;
+
+ uint32_t regs[R_MAX];
+};
+typedef struct MilkymistVgafbState MilkymistVgafbState;
+
+static int vgafb_enabled(MilkymistVgafbState *s)
+{
+ return !(s->regs[R_CTRL] & CTRL_RESET);
+}
+
+static void vgafb_update_display(void *opaque)
+{
+ MilkymistVgafbState *s = opaque;
+ SysBusDevice *sbd;
+ DisplaySurface *surface = qemu_console_surface(s->con);
+ int first = 0;
+ int last = 0;
+ drawfn fn;
+
+ if (!vgafb_enabled(s)) {
+ return;
+ }
+
+ sbd = SYS_BUS_DEVICE(s);
+ int dest_width = s->regs[R_HRES];
+
+ switch (surface_bits_per_pixel(surface)) {
+ case 0:
+ return;
+ case 8:
+ fn = draw_line_8;
+ break;
+ case 15:
+ fn = draw_line_15;
+ dest_width *= 2;
+ break;
+ case 16:
+ fn = draw_line_16;
+ dest_width *= 2;
+ break;
+ case 24:
+ fn = draw_line_24;
+ dest_width *= 3;
+ break;
+ case 32:
+ fn = draw_line_32;
+ dest_width *= 4;
+ break;
+ default:
+ hw_error("milkymist_vgafb: bad color depth\n");
+ break;
+ }
+
+ framebuffer_update_display(surface, sysbus_address_space(sbd),
+ s->regs[R_BASEADDRESS] + s->fb_offset,
+ s->regs[R_HRES],
+ s->regs[R_VRES],
+ s->regs[R_HRES] * 2,
+ dest_width,
+ 0,
+ s->invalidate,
+ fn,
+ NULL,
+ &first, &last);
+
+ if (first >= 0) {
+ dpy_gfx_update(s->con, 0, first, s->regs[R_HRES], last - first + 1);
+ }
+ s->invalidate = 0;
+}
+
+static void vgafb_invalidate_display(void *opaque)
+{
+ MilkymistVgafbState *s = opaque;
+ s->invalidate = 1;
+}
+
+static void vgafb_resize(MilkymistVgafbState *s)
+{
+ if (!vgafb_enabled(s)) {
+ return;
+ }
+
+ qemu_console_resize(s->con, s->regs[R_HRES], s->regs[R_VRES]);
+ s->invalidate = 1;
+}
+
+static uint64_t vgafb_read(void *opaque, hwaddr addr,
+ unsigned size)
+{
+ MilkymistVgafbState *s = opaque;
+ uint32_t r = 0;
+
+ addr >>= 2;
+ switch (addr) {
+ case R_CTRL:
+ case R_HRES:
+ case R_HSYNC_START:
+ case R_HSYNC_END:
+ case R_HSCAN:
+ case R_VRES:
+ case R_VSYNC_START:
+ case R_VSYNC_END:
+ case R_VSCAN:
+ case R_BASEADDRESS:
+ case R_BURST_COUNT:
+ case R_DDC:
+ case R_SOURCE_CLOCK:
+ r = s->regs[addr];
+ break;
+ case R_BASEADDRESS_ACT:
+ r = s->regs[R_BASEADDRESS];
+ break;
+
+ default:
+ error_report("milkymist_vgafb: read access to unknown register 0x"
+ TARGET_FMT_plx, addr << 2);
+ break;
+ }
+
+ trace_milkymist_vgafb_memory_read(addr << 2, r);
+
+ return r;
+}
+
+static void vgafb_write(void *opaque, hwaddr addr, uint64_t value,
+ unsigned size)
+{
+ MilkymistVgafbState *s = opaque;
+
+ trace_milkymist_vgafb_memory_write(addr, value);
+
+ addr >>= 2;
+ switch (addr) {
+ case R_CTRL:
+ s->regs[addr] = value;
+ vgafb_resize(s);
+ break;
+ case R_HSYNC_START:
+ case R_HSYNC_END:
+ case R_HSCAN:
+ case R_VSYNC_START:
+ case R_VSYNC_END:
+ case R_VSCAN:
+ case R_BURST_COUNT:
+ case R_DDC:
+ case R_SOURCE_CLOCK:
+ s->regs[addr] = value;
+ break;
+ case R_BASEADDRESS:
+ if (value & 0x1f) {
+ error_report("milkymist_vgafb: framebuffer base address have to "
+ "be 32 byte aligned");
+ break;
+ }
+ s->regs[addr] = value & s->fb_mask;
+ s->invalidate = 1;
+ break;
+ case R_HRES:
+ case R_VRES:
+ s->regs[addr] = value;
+ vgafb_resize(s);
+ break;
+ case R_BASEADDRESS_ACT:
+ error_report("milkymist_vgafb: write to read-only register 0x"
+ TARGET_FMT_plx, addr << 2);
+ break;
+
+ default:
+ error_report("milkymist_vgafb: write access to unknown register 0x"
+ TARGET_FMT_plx, addr << 2);
+ break;
+ }
+}
+
+static const MemoryRegionOps vgafb_mmio_ops = {
+ .read = vgafb_read,
+ .write = vgafb_write,
+ .valid = {
+ .min_access_size = 4,
+ .max_access_size = 4,
+ },
+ .endianness = DEVICE_NATIVE_ENDIAN,
+};
+
+static void milkymist_vgafb_reset(DeviceState *d)
+{
+ MilkymistVgafbState *s = MILKYMIST_VGAFB(d);
+ int i;
+
+ for (i = 0; i < R_MAX; i++) {
+ s->regs[i] = 0;
+ }
+
+ /* defaults */
+ s->regs[R_CTRL] = CTRL_RESET;
+ s->regs[R_HRES] = 640;
+ s->regs[R_VRES] = 480;
+ s->regs[R_BASEADDRESS] = 0;
+}
+
+static const GraphicHwOps vgafb_ops = {
+ .invalidate = vgafb_invalidate_display,
+ .gfx_update = vgafb_update_display,
+};
+
+static int milkymist_vgafb_init(SysBusDevice *dev)
+{
+ MilkymistVgafbState *s = MILKYMIST_VGAFB(dev);
+
+ memory_region_init_io(&s->regs_region, OBJECT(s), &vgafb_mmio_ops, s,
+ "milkymist-vgafb", R_MAX * 4);
+ sysbus_init_mmio(dev, &s->regs_region);
+
+ s->con = graphic_console_init(DEVICE(dev), &vgafb_ops, s);
+
+ return 0;
+}
+
+static int vgafb_post_load(void *opaque, int version_id)
+{
+ vgafb_invalidate_display(opaque);
+ return 0;
+}
+
+static const VMStateDescription vmstate_milkymist_vgafb = {
+ .name = "milkymist-vgafb",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .minimum_version_id_old = 1,
+ .post_load = vgafb_post_load,
+ .fields = (VMStateField[]) {
+ VMSTATE_UINT32_ARRAY(regs, MilkymistVgafbState, R_MAX),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+static Property milkymist_vgafb_properties[] = {
+ DEFINE_PROP_UINT32("fb_offset", MilkymistVgafbState, fb_offset, 0x0),
+ DEFINE_PROP_UINT32("fb_mask", MilkymistVgafbState, fb_mask, 0xffffffff),
+ DEFINE_PROP_END_OF_LIST(),
+};
+
+static void milkymist_vgafb_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
+
+ k->init = milkymist_vgafb_init;
+ dc->reset = milkymist_vgafb_reset;
+ dc->vmsd = &vmstate_milkymist_vgafb;
+ dc->props = milkymist_vgafb_properties;
+}
+
+static const TypeInfo milkymist_vgafb_info = {
+ .name = TYPE_MILKYMIST_VGAFB,
+ .parent = TYPE_SYS_BUS_DEVICE,
+ .instance_size = sizeof(MilkymistVgafbState),
+ .class_init = milkymist_vgafb_class_init,
+};
+
+static void milkymist_vgafb_register_types(void)
+{
+ type_register_static(&milkymist_vgafb_info);
+}
+
+type_init(milkymist_vgafb_register_types)
diff --git a/hw/display/milkymist-vgafb_template.h b/hw/display/milkymist-vgafb_template.h
new file mode 100644
index 000000000..e0036e16c
--- /dev/null
+++ b/hw/display/milkymist-vgafb_template.h
@@ -0,0 +1,74 @@
+/*
+ * QEMU model of the Milkymist VGA framebuffer.
+ *
+ * Copyright (c) 2010 Michael Walle <michael@walle.cc>
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+#if BITS == 8
+#define COPY_PIXEL(to, r, g, b) \
+ do { \
+ *to = rgb_to_pixel8(r, g, b); \
+ to += 1; \
+ } while (0)
+#elif BITS == 15
+#define COPY_PIXEL(to, r, g, b) \
+ do { \
+ *(uint16_t *)to = rgb_to_pixel15(r, g, b); \
+ to += 2; \
+ } while (0)
+#elif BITS == 16
+#define COPY_PIXEL(to, r, g, b) \
+ do { \
+ *(uint16_t *)to = rgb_to_pixel16(r, g, b); \
+ to += 2; \
+ } while (0)
+#elif BITS == 24
+#define COPY_PIXEL(to, r, g, b) \
+ do { \
+ uint32_t tmp = rgb_to_pixel24(r, g, b); \
+ *(to++) = tmp & 0xff; \
+ *(to++) = (tmp >> 8) & 0xff; \
+ *(to++) = (tmp >> 16) & 0xff; \
+ } while (0)
+#elif BITS == 32
+#define COPY_PIXEL(to, r, g, b) \
+ do { \
+ *(uint32_t *)to = rgb_to_pixel32(r, g, b); \
+ to += 4; \
+ } while (0)
+#else
+#error unknown bit depth
+#endif
+
+static void glue(draw_line_, BITS)(void *opaque, uint8_t *d, const uint8_t *s,
+ int width, int deststep)
+{
+ uint16_t rgb565;
+ uint8_t r, g, b;
+
+ while (width--) {
+ memcpy(&rgb565, s, sizeof(rgb565));
+ r = ((rgb565 >> 11) & 0x1f) << 3;
+ g = ((rgb565 >> 5) & 0x3f) << 2;
+ b = ((rgb565 >> 0) & 0x1f) << 3;
+ COPY_PIXEL(d, r, g, b);
+ s += 2;
+ }
+}
+
+#undef BITS
+#undef COPY_PIXEL
diff --git a/hw/display/omap_dss.c b/hw/display/omap_dss.c
new file mode 100644
index 000000000..24ccbcc7a
--- /dev/null
+++ b/hw/display/omap_dss.c
@@ -0,0 +1,1086 @@
+/*
+ * OMAP2 Display Subsystem.
+ *
+ * Copyright (C) 2008 Nokia Corporation
+ * Written by Andrzej Zaborowski <andrew@openedhand.com>
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License as
+ * published by the Free Software Foundation; either version 2 or
+ * (at your option) version 3 of the License.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+#include "hw/hw.h"
+#include "ui/console.h"
+#include "hw/arm/omap.h"
+
+struct omap_dss_s {
+ qemu_irq irq;
+ qemu_irq drq;
+ DisplayState *state;
+ MemoryRegion iomem_diss1, iomem_disc1, iomem_rfbi1, iomem_venc1, iomem_im3;
+
+ int autoidle;
+ int control;
+ int enable;
+
+ struct omap_dss_panel_s {
+ int enable;
+ int nx;
+ int ny;
+
+ int x;
+ int y;
+ } dig, lcd;
+
+ struct {
+ uint32_t idlemode;
+ uint32_t irqst;
+ uint32_t irqen;
+ uint32_t control;
+ uint32_t config;
+ uint32_t capable;
+ uint32_t timing[4];
+ int line;
+ uint32_t bg[2];
+ uint32_t trans[2];
+
+ struct omap_dss_plane_s {
+ int enable;
+ int bpp;
+ int posx;
+ int posy;
+ int nx;
+ int ny;
+
+ hwaddr addr[3];
+
+ uint32_t attr;
+ uint32_t tresh;
+ int rowinc;
+ int colinc;
+ int wininc;
+ } l[3];
+
+ int invalidate;
+ uint16_t palette[256];
+ } dispc;
+
+ struct {
+ int idlemode;
+ uint32_t control;
+ int enable;
+ int pixels;
+ int busy;
+ int skiplines;
+ uint16_t rxbuf;
+ uint32_t config[2];
+ uint32_t time[4];
+ uint32_t data[6];
+ uint16_t vsync;
+ uint16_t hsync;
+ struct rfbi_chip_s *chip[2];
+ } rfbi;
+};
+
+static void omap_dispc_interrupt_update(struct omap_dss_s *s)
+{
+ qemu_set_irq(s->irq, s->dispc.irqst & s->dispc.irqen);
+}
+
+static void omap_rfbi_reset(struct omap_dss_s *s)
+{
+ s->rfbi.idlemode = 0;
+ s->rfbi.control = 2;
+ s->rfbi.enable = 0;
+ s->rfbi.pixels = 0;
+ s->rfbi.skiplines = 0;
+ s->rfbi.busy = 0;
+ s->rfbi.config[0] = 0x00310000;
+ s->rfbi.config[1] = 0x00310000;
+ s->rfbi.time[0] = 0;
+ s->rfbi.time[1] = 0;
+ s->rfbi.time[2] = 0;
+ s->rfbi.time[3] = 0;
+ s->rfbi.data[0] = 0;
+ s->rfbi.data[1] = 0;
+ s->rfbi.data[2] = 0;
+ s->rfbi.data[3] = 0;
+ s->rfbi.data[4] = 0;
+ s->rfbi.data[5] = 0;
+ s->rfbi.vsync = 0;
+ s->rfbi.hsync = 0;
+}
+
+void omap_dss_reset(struct omap_dss_s *s)
+{
+ s->autoidle = 0;
+ s->control = 0;
+ s->enable = 0;
+
+ s->dig.enable = 0;
+ s->dig.nx = 1;
+ s->dig.ny = 1;
+
+ s->lcd.enable = 0;
+ s->lcd.nx = 1;
+ s->lcd.ny = 1;
+
+ s->dispc.idlemode = 0;
+ s->dispc.irqst = 0;
+ s->dispc.irqen = 0;
+ s->dispc.control = 0;
+ s->dispc.config = 0;
+ s->dispc.capable = 0x161;
+ s->dispc.timing[0] = 0;
+ s->dispc.timing[1] = 0;
+ s->dispc.timing[2] = 0;
+ s->dispc.timing[3] = 0;
+ s->dispc.line = 0;
+ s->dispc.bg[0] = 0;
+ s->dispc.bg[1] = 0;
+ s->dispc.trans[0] = 0;
+ s->dispc.trans[1] = 0;
+
+ s->dispc.l[0].enable = 0;
+ s->dispc.l[0].bpp = 0;
+ s->dispc.l[0].addr[0] = 0;
+ s->dispc.l[0].addr[1] = 0;
+ s->dispc.l[0].addr[2] = 0;
+ s->dispc.l[0].posx = 0;
+ s->dispc.l[0].posy = 0;
+ s->dispc.l[0].nx = 1;
+ s->dispc.l[0].ny = 1;
+ s->dispc.l[0].attr = 0;
+ s->dispc.l[0].tresh = 0;
+ s->dispc.l[0].rowinc = 1;
+ s->dispc.l[0].colinc = 1;
+ s->dispc.l[0].wininc = 0;
+
+ omap_rfbi_reset(s);
+ omap_dispc_interrupt_update(s);
+}
+
+static uint64_t omap_diss_read(void *opaque, hwaddr addr,
+ unsigned size)
+{
+ struct omap_dss_s *s = (struct omap_dss_s *) opaque;
+
+ if (size != 4) {
+ return omap_badwidth_read32(opaque, addr);
+ }
+
+ switch (addr) {
+ case 0x00: /* DSS_REVISIONNUMBER */
+ return 0x20;
+
+ case 0x10: /* DSS_SYSCONFIG */
+ return s->autoidle;
+
+ case 0x14: /* DSS_SYSSTATUS */
+ return 1; /* RESETDONE */
+
+ case 0x40: /* DSS_CONTROL */
+ return s->control;
+
+ case 0x50: /* DSS_PSA_LCD_REG_1 */
+ case 0x54: /* DSS_PSA_LCD_REG_2 */
+ case 0x58: /* DSS_PSA_VIDEO_REG */
+ /* TODO: fake some values when appropriate s->control bits are set */
+ return 0;
+
+ case 0x5c: /* DSS_STATUS */
+ return 1 + (s->control & 1);
+
+ default:
+ break;
+ }
+ OMAP_BAD_REG(addr);
+ return 0;
+}
+
+static void omap_diss_write(void *opaque, hwaddr addr,
+ uint64_t value, unsigned size)
+{
+ struct omap_dss_s *s = (struct omap_dss_s *) opaque;
+
+ if (size != 4) {
+ return omap_badwidth_write32(opaque, addr, value);
+ }
+
+ switch (addr) {
+ case 0x00: /* DSS_REVISIONNUMBER */
+ case 0x14: /* DSS_SYSSTATUS */
+ case 0x50: /* DSS_PSA_LCD_REG_1 */
+ case 0x54: /* DSS_PSA_LCD_REG_2 */
+ case 0x58: /* DSS_PSA_VIDEO_REG */
+ case 0x5c: /* DSS_STATUS */
+ OMAP_RO_REG(addr);
+ break;
+
+ case 0x10: /* DSS_SYSCONFIG */
+ if (value & 2) /* SOFTRESET */
+ omap_dss_reset(s);
+ s->autoidle = value & 1;
+ break;
+
+ case 0x40: /* DSS_CONTROL */
+ s->control = value & 0x3dd;
+ break;
+
+ default:
+ OMAP_BAD_REG(addr);
+ }
+}
+
+static const MemoryRegionOps omap_diss_ops = {
+ .read = omap_diss_read,
+ .write = omap_diss_write,
+ .endianness = DEVICE_NATIVE_ENDIAN,
+};
+
+static uint64_t omap_disc_read(void *opaque, hwaddr addr,
+ unsigned size)
+{
+ struct omap_dss_s *s = (struct omap_dss_s *) opaque;
+
+ if (size != 4) {
+ return omap_badwidth_read32(opaque, addr);
+ }
+
+ switch (addr) {
+ case 0x000: /* DISPC_REVISION */
+ return 0x20;
+
+ case 0x010: /* DISPC_SYSCONFIG */
+ return s->dispc.idlemode;
+
+ case 0x014: /* DISPC_SYSSTATUS */
+ return 1; /* RESETDONE */
+
+ case 0x018: /* DISPC_IRQSTATUS */
+ return s->dispc.irqst;
+
+ case 0x01c: /* DISPC_IRQENABLE */
+ return s->dispc.irqen;
+
+ case 0x040: /* DISPC_CONTROL */
+ return s->dispc.control;
+
+ case 0x044: /* DISPC_CONFIG */
+ return s->dispc.config;
+
+ case 0x048: /* DISPC_CAPABLE */
+ return s->dispc.capable;
+
+ case 0x04c: /* DISPC_DEFAULT_COLOR0 */
+ return s->dispc.bg[0];
+ case 0x050: /* DISPC_DEFAULT_COLOR1 */
+ return s->dispc.bg[1];
+ case 0x054: /* DISPC_TRANS_COLOR0 */
+ return s->dispc.trans[0];
+ case 0x058: /* DISPC_TRANS_COLOR1 */
+ return s->dispc.trans[1];
+
+ case 0x05c: /* DISPC_LINE_STATUS */
+ return 0x7ff;
+ case 0x060: /* DISPC_LINE_NUMBER */
+ return s->dispc.line;
+
+ case 0x064: /* DISPC_TIMING_H */
+ return s->dispc.timing[0];
+ case 0x068: /* DISPC_TIMING_V */
+ return s->dispc.timing[1];
+ case 0x06c: /* DISPC_POL_FREQ */
+ return s->dispc.timing[2];
+ case 0x070: /* DISPC_DIVISOR */
+ return s->dispc.timing[3];
+
+ case 0x078: /* DISPC_SIZE_DIG */
+ return ((s->dig.ny - 1) << 16) | (s->dig.nx - 1);
+ case 0x07c: /* DISPC_SIZE_LCD */
+ return ((s->lcd.ny - 1) << 16) | (s->lcd.nx - 1);
+
+ case 0x080: /* DISPC_GFX_BA0 */
+ return s->dispc.l[0].addr[0];
+ case 0x084: /* DISPC_GFX_BA1 */
+ return s->dispc.l[0].addr[1];
+ case 0x088: /* DISPC_GFX_POSITION */
+ return (s->dispc.l[0].posy << 16) | s->dispc.l[0].posx;
+ case 0x08c: /* DISPC_GFX_SIZE */
+ return ((s->dispc.l[0].ny - 1) << 16) | (s->dispc.l[0].nx - 1);
+ case 0x0a0: /* DISPC_GFX_ATTRIBUTES */
+ return s->dispc.l[0].attr;
+ case 0x0a4: /* DISPC_GFX_FIFO_TRESHOLD */
+ return s->dispc.l[0].tresh;
+ case 0x0a8: /* DISPC_GFX_FIFO_SIZE_STATUS */
+ return 256;
+ case 0x0ac: /* DISPC_GFX_ROW_INC */
+ return s->dispc.l[0].rowinc;
+ case 0x0b0: /* DISPC_GFX_PIXEL_INC */
+ return s->dispc.l[0].colinc;
+ case 0x0b4: /* DISPC_GFX_WINDOW_SKIP */
+ return s->dispc.l[0].wininc;
+ case 0x0b8: /* DISPC_GFX_TABLE_BA */
+ return s->dispc.l[0].addr[2];
+
+ case 0x0bc: /* DISPC_VID1_BA0 */
+ case 0x0c0: /* DISPC_VID1_BA1 */
+ case 0x0c4: /* DISPC_VID1_POSITION */
+ case 0x0c8: /* DISPC_VID1_SIZE */
+ case 0x0cc: /* DISPC_VID1_ATTRIBUTES */
+ case 0x0d0: /* DISPC_VID1_FIFO_TRESHOLD */
+ case 0x0d4: /* DISPC_VID1_FIFO_SIZE_STATUS */
+ case 0x0d8: /* DISPC_VID1_ROW_INC */
+ case 0x0dc: /* DISPC_VID1_PIXEL_INC */
+ case 0x0e0: /* DISPC_VID1_FIR */
+ case 0x0e4: /* DISPC_VID1_PICTURE_SIZE */
+ case 0x0e8: /* DISPC_VID1_ACCU0 */
+ case 0x0ec: /* DISPC_VID1_ACCU1 */
+ case 0x0f0 ... 0x140: /* DISPC_VID1_FIR_COEF, DISPC_VID1_CONV_COEF */
+ case 0x14c: /* DISPC_VID2_BA0 */
+ case 0x150: /* DISPC_VID2_BA1 */
+ case 0x154: /* DISPC_VID2_POSITION */
+ case 0x158: /* DISPC_VID2_SIZE */
+ case 0x15c: /* DISPC_VID2_ATTRIBUTES */
+ case 0x160: /* DISPC_VID2_FIFO_TRESHOLD */
+ case 0x164: /* DISPC_VID2_FIFO_SIZE_STATUS */
+ case 0x168: /* DISPC_VID2_ROW_INC */
+ case 0x16c: /* DISPC_VID2_PIXEL_INC */
+ case 0x170: /* DISPC_VID2_FIR */
+ case 0x174: /* DISPC_VID2_PICTURE_SIZE */
+ case 0x178: /* DISPC_VID2_ACCU0 */
+ case 0x17c: /* DISPC_VID2_ACCU1 */
+ case 0x180 ... 0x1d0: /* DISPC_VID2_FIR_COEF, DISPC_VID2_CONV_COEF */
+ case 0x1d4: /* DISPC_DATA_CYCLE1 */
+ case 0x1d8: /* DISPC_DATA_CYCLE2 */
+ case 0x1dc: /* DISPC_DATA_CYCLE3 */
+ return 0;
+
+ default:
+ break;
+ }
+ OMAP_BAD_REG(addr);
+ return 0;
+}
+
+static void omap_disc_write(void *opaque, hwaddr addr,
+ uint64_t value, unsigned size)
+{
+ struct omap_dss_s *s = (struct omap_dss_s *) opaque;
+
+ if (size != 4) {
+ return omap_badwidth_write32(opaque, addr, value);
+ }
+
+ switch (addr) {
+ case 0x010: /* DISPC_SYSCONFIG */
+ if (value & 2) /* SOFTRESET */
+ omap_dss_reset(s);
+ s->dispc.idlemode = value & 0x301b;
+ break;
+
+ case 0x018: /* DISPC_IRQSTATUS */
+ s->dispc.irqst &= ~value;
+ omap_dispc_interrupt_update(s);
+ break;
+
+ case 0x01c: /* DISPC_IRQENABLE */
+ s->dispc.irqen = value & 0xffff;
+ omap_dispc_interrupt_update(s);
+ break;
+
+ case 0x040: /* DISPC_CONTROL */
+ s->dispc.control = value & 0x07ff9fff;
+ s->dig.enable = (value >> 1) & 1;
+ s->lcd.enable = (value >> 0) & 1;
+ if (value & (1 << 12)) /* OVERLAY_OPTIMIZATION */
+ if (!((s->dispc.l[1].attr | s->dispc.l[2].attr) & 1)) {
+ fprintf(stderr, "%s: Overlay Optimization when no overlay "
+ "region effectively exists leads to "
+ "unpredictable behaviour!\n", __func__);
+ }
+ if (value & (1 << 6)) { /* GODIGITAL */
+ /* XXX: Shadowed fields are:
+ * s->dispc.config
+ * s->dispc.capable
+ * s->dispc.bg[0]
+ * s->dispc.bg[1]
+ * s->dispc.trans[0]
+ * s->dispc.trans[1]
+ * s->dispc.line
+ * s->dispc.timing[0]
+ * s->dispc.timing[1]
+ * s->dispc.timing[2]
+ * s->dispc.timing[3]
+ * s->lcd.nx
+ * s->lcd.ny
+ * s->dig.nx
+ * s->dig.ny
+ * s->dispc.l[0].addr[0]
+ * s->dispc.l[0].addr[1]
+ * s->dispc.l[0].addr[2]
+ * s->dispc.l[0].posx
+ * s->dispc.l[0].posy
+ * s->dispc.l[0].nx
+ * s->dispc.l[0].ny
+ * s->dispc.l[0].tresh
+ * s->dispc.l[0].rowinc
+ * s->dispc.l[0].colinc
+ * s->dispc.l[0].wininc
+ * All they need to be loaded here from their shadow registers.
+ */
+ }
+ if (value & (1 << 5)) { /* GOLCD */
+ /* XXX: Likewise for LCD here. */
+ }
+ s->dispc.invalidate = 1;
+ break;
+
+ case 0x044: /* DISPC_CONFIG */
+ s->dispc.config = value & 0x3fff;
+ /* XXX:
+ * bits 2:1 (LOADMODE) reset to 0 after set to 1 and palette loaded
+ * bits 2:1 (LOADMODE) reset to 2 after set to 3 and palette loaded
+ */
+ s->dispc.invalidate = 1;
+ break;
+
+ case 0x048: /* DISPC_CAPABLE */
+ s->dispc.capable = value & 0x3ff;
+ break;
+
+ case 0x04c: /* DISPC_DEFAULT_COLOR0 */
+ s->dispc.bg[0] = value & 0xffffff;
+ s->dispc.invalidate = 1;
+ break;
+ case 0x050: /* DISPC_DEFAULT_COLOR1 */
+ s->dispc.bg[1] = value & 0xffffff;
+ s->dispc.invalidate = 1;
+ break;
+ case 0x054: /* DISPC_TRANS_COLOR0 */
+ s->dispc.trans[0] = value & 0xffffff;
+ s->dispc.invalidate = 1;
+ break;
+ case 0x058: /* DISPC_TRANS_COLOR1 */
+ s->dispc.trans[1] = value & 0xffffff;
+ s->dispc.invalidate = 1;
+ break;
+
+ case 0x060: /* DISPC_LINE_NUMBER */
+ s->dispc.line = value & 0x7ff;
+ break;
+
+ case 0x064: /* DISPC_TIMING_H */
+ s->dispc.timing[0] = value & 0x0ff0ff3f;
+ break;
+ case 0x068: /* DISPC_TIMING_V */
+ s->dispc.timing[1] = value & 0x0ff0ff3f;
+ break;
+ case 0x06c: /* DISPC_POL_FREQ */
+ s->dispc.timing[2] = value & 0x0003ffff;
+ break;
+ case 0x070: /* DISPC_DIVISOR */
+ s->dispc.timing[3] = value & 0x00ff00ff;
+ break;
+
+ case 0x078: /* DISPC_SIZE_DIG */
+ s->dig.nx = ((value >> 0) & 0x7ff) + 1; /* PPL */
+ s->dig.ny = ((value >> 16) & 0x7ff) + 1; /* LPP */
+ s->dispc.invalidate = 1;
+ break;
+ case 0x07c: /* DISPC_SIZE_LCD */
+ s->lcd.nx = ((value >> 0) & 0x7ff) + 1; /* PPL */
+ s->lcd.ny = ((value >> 16) & 0x7ff) + 1; /* LPP */
+ s->dispc.invalidate = 1;
+ break;
+ case 0x080: /* DISPC_GFX_BA0 */
+ s->dispc.l[0].addr[0] = (hwaddr) value;
+ s->dispc.invalidate = 1;
+ break;
+ case 0x084: /* DISPC_GFX_BA1 */
+ s->dispc.l[0].addr[1] = (hwaddr) value;
+ s->dispc.invalidate = 1;
+ break;
+ case 0x088: /* DISPC_GFX_POSITION */
+ s->dispc.l[0].posx = ((value >> 0) & 0x7ff); /* GFXPOSX */
+ s->dispc.l[0].posy = ((value >> 16) & 0x7ff); /* GFXPOSY */
+ s->dispc.invalidate = 1;
+ break;
+ case 0x08c: /* DISPC_GFX_SIZE */
+ s->dispc.l[0].nx = ((value >> 0) & 0x7ff) + 1; /* GFXSIZEX */
+ s->dispc.l[0].ny = ((value >> 16) & 0x7ff) + 1; /* GFXSIZEY */
+ s->dispc.invalidate = 1;
+ break;
+ case 0x0a0: /* DISPC_GFX_ATTRIBUTES */
+ s->dispc.l[0].attr = value & 0x7ff;
+ if (value & (3 << 9))
+ fprintf(stderr, "%s: Big-endian pixel format not supported\n",
+ __FUNCTION__);
+ s->dispc.l[0].enable = value & 1;
+ s->dispc.l[0].bpp = (value >> 1) & 0xf;
+ s->dispc.invalidate = 1;
+ break;
+ case 0x0a4: /* DISPC_GFX_FIFO_TRESHOLD */
+ s->dispc.l[0].tresh = value & 0x01ff01ff;
+ break;
+ case 0x0ac: /* DISPC_GFX_ROW_INC */
+ s->dispc.l[0].rowinc = value;
+ s->dispc.invalidate = 1;
+ break;
+ case 0x0b0: /* DISPC_GFX_PIXEL_INC */
+ s->dispc.l[0].colinc = value;
+ s->dispc.invalidate = 1;
+ break;
+ case 0x0b4: /* DISPC_GFX_WINDOW_SKIP */
+ s->dispc.l[0].wininc = value;
+ break;
+ case 0x0b8: /* DISPC_GFX_TABLE_BA */
+ s->dispc.l[0].addr[2] = (hwaddr) value;
+ s->dispc.invalidate = 1;
+ break;
+
+ case 0x0bc: /* DISPC_VID1_BA0 */
+ case 0x0c0: /* DISPC_VID1_BA1 */
+ case 0x0c4: /* DISPC_VID1_POSITION */
+ case 0x0c8: /* DISPC_VID1_SIZE */
+ case 0x0cc: /* DISPC_VID1_ATTRIBUTES */
+ case 0x0d0: /* DISPC_VID1_FIFO_TRESHOLD */
+ case 0x0d8: /* DISPC_VID1_ROW_INC */
+ case 0x0dc: /* DISPC_VID1_PIXEL_INC */
+ case 0x0e0: /* DISPC_VID1_FIR */
+ case 0x0e4: /* DISPC_VID1_PICTURE_SIZE */
+ case 0x0e8: /* DISPC_VID1_ACCU0 */
+ case 0x0ec: /* DISPC_VID1_ACCU1 */
+ case 0x0f0 ... 0x140: /* DISPC_VID1_FIR_COEF, DISPC_VID1_CONV_COEF */
+ case 0x14c: /* DISPC_VID2_BA0 */
+ case 0x150: /* DISPC_VID2_BA1 */
+ case 0x154: /* DISPC_VID2_POSITION */
+ case 0x158: /* DISPC_VID2_SIZE */
+ case 0x15c: /* DISPC_VID2_ATTRIBUTES */
+ case 0x160: /* DISPC_VID2_FIFO_TRESHOLD */
+ case 0x168: /* DISPC_VID2_ROW_INC */
+ case 0x16c: /* DISPC_VID2_PIXEL_INC */
+ case 0x170: /* DISPC_VID2_FIR */
+ case 0x174: /* DISPC_VID2_PICTURE_SIZE */
+ case 0x178: /* DISPC_VID2_ACCU0 */
+ case 0x17c: /* DISPC_VID2_ACCU1 */
+ case 0x180 ... 0x1d0: /* DISPC_VID2_FIR_COEF, DISPC_VID2_CONV_COEF */
+ case 0x1d4: /* DISPC_DATA_CYCLE1 */
+ case 0x1d8: /* DISPC_DATA_CYCLE2 */
+ case 0x1dc: /* DISPC_DATA_CYCLE3 */
+ break;
+
+ default:
+ OMAP_BAD_REG(addr);
+ }
+}
+
+static const MemoryRegionOps omap_disc_ops = {
+ .read = omap_disc_read,
+ .write = omap_disc_write,
+ .endianness = DEVICE_NATIVE_ENDIAN,
+};
+
+static void omap_rfbi_transfer_stop(struct omap_dss_s *s)
+{
+ if (!s->rfbi.busy)
+ return;
+
+ /* TODO: in non-Bypass mode we probably need to just deassert the DRQ. */
+
+ s->rfbi.busy = 0;
+}
+
+static void omap_rfbi_transfer_start(struct omap_dss_s *s)
+{
+ void *data;
+ hwaddr len;
+ hwaddr data_addr;
+ int pitch;
+ static void *bounce_buffer;
+ static hwaddr bounce_len;
+
+ if (!s->rfbi.enable || s->rfbi.busy)
+ return;
+
+ if (s->rfbi.control & (1 << 1)) { /* BYPASS */
+ /* TODO: in non-Bypass mode we probably need to just assert the
+ * DRQ and wait for DMA to write the pixels. */
+ fprintf(stderr, "%s: Bypass mode unimplemented\n", __FUNCTION__);
+ return;
+ }
+
+ if (!(s->dispc.control & (1 << 11))) /* RFBIMODE */
+ return;
+ /* TODO: check that LCD output is enabled in DISPC. */
+
+ s->rfbi.busy = 1;
+
+ len = s->rfbi.pixels * 2;
+
+ data_addr = s->dispc.l[0].addr[0];
+ data = cpu_physical_memory_map(data_addr, &len, 0);
+ if (data && len != s->rfbi.pixels * 2) {
+ cpu_physical_memory_unmap(data, len, 0, 0);
+ data = NULL;
+ len = s->rfbi.pixels * 2;
+ }
+ if (!data) {
+ if (len > bounce_len) {
+ bounce_buffer = g_realloc(bounce_buffer, len);
+ }
+ data = bounce_buffer;
+ cpu_physical_memory_read(data_addr, data, len);
+ }
+
+ /* TODO bpp */
+ s->rfbi.pixels = 0;
+
+ /* TODO: negative values */
+ pitch = s->dispc.l[0].nx + (s->dispc.l[0].rowinc - 1) / 2;
+
+ if ((s->rfbi.control & (1 << 2)) && s->rfbi.chip[0])
+ s->rfbi.chip[0]->block(s->rfbi.chip[0]->opaque, 1, data, len, pitch);
+ if ((s->rfbi.control & (1 << 3)) && s->rfbi.chip[1])
+ s->rfbi.chip[1]->block(s->rfbi.chip[1]->opaque, 1, data, len, pitch);
+
+ if (data != bounce_buffer) {
+ cpu_physical_memory_unmap(data, len, 0, len);
+ }
+
+ omap_rfbi_transfer_stop(s);
+
+ /* TODO */
+ s->dispc.irqst |= 1; /* FRAMEDONE */
+ omap_dispc_interrupt_update(s);
+}
+
+static uint64_t omap_rfbi_read(void *opaque, hwaddr addr,
+ unsigned size)
+{
+ struct omap_dss_s *s = (struct omap_dss_s *) opaque;
+
+ if (size != 4) {
+ return omap_badwidth_read32(opaque, addr);
+ }
+
+ switch (addr) {
+ case 0x00: /* RFBI_REVISION */
+ return 0x10;
+
+ case 0x10: /* RFBI_SYSCONFIG */
+ return s->rfbi.idlemode;
+
+ case 0x14: /* RFBI_SYSSTATUS */
+ return 1 | (s->rfbi.busy << 8); /* RESETDONE */
+
+ case 0x40: /* RFBI_CONTROL */
+ return s->rfbi.control;
+
+ case 0x44: /* RFBI_PIXELCNT */
+ return s->rfbi.pixels;
+
+ case 0x48: /* RFBI_LINE_NUMBER */
+ return s->rfbi.skiplines;
+
+ case 0x58: /* RFBI_READ */
+ case 0x5c: /* RFBI_STATUS */
+ return s->rfbi.rxbuf;
+
+ case 0x60: /* RFBI_CONFIG0 */
+ return s->rfbi.config[0];
+ case 0x64: /* RFBI_ONOFF_TIME0 */
+ return s->rfbi.time[0];
+ case 0x68: /* RFBI_CYCLE_TIME0 */
+ return s->rfbi.time[1];
+ case 0x6c: /* RFBI_DATA_CYCLE1_0 */
+ return s->rfbi.data[0];
+ case 0x70: /* RFBI_DATA_CYCLE2_0 */
+ return s->rfbi.data[1];
+ case 0x74: /* RFBI_DATA_CYCLE3_0 */
+ return s->rfbi.data[2];
+
+ case 0x78: /* RFBI_CONFIG1 */
+ return s->rfbi.config[1];
+ case 0x7c: /* RFBI_ONOFF_TIME1 */
+ return s->rfbi.time[2];
+ case 0x80: /* RFBI_CYCLE_TIME1 */
+ return s->rfbi.time[3];
+ case 0x84: /* RFBI_DATA_CYCLE1_1 */
+ return s->rfbi.data[3];
+ case 0x88: /* RFBI_DATA_CYCLE2_1 */
+ return s->rfbi.data[4];
+ case 0x8c: /* RFBI_DATA_CYCLE3_1 */
+ return s->rfbi.data[5];
+
+ case 0x90: /* RFBI_VSYNC_WIDTH */
+ return s->rfbi.vsync;
+ case 0x94: /* RFBI_HSYNC_WIDTH */
+ return s->rfbi.hsync;
+ }
+ OMAP_BAD_REG(addr);
+ return 0;
+}
+
+static void omap_rfbi_write(void *opaque, hwaddr addr,
+ uint64_t value, unsigned size)
+{
+ struct omap_dss_s *s = (struct omap_dss_s *) opaque;
+
+ if (size != 4) {
+ return omap_badwidth_write32(opaque, addr, value);
+ }
+
+ switch (addr) {
+ case 0x10: /* RFBI_SYSCONFIG */
+ if (value & 2) /* SOFTRESET */
+ omap_rfbi_reset(s);
+ s->rfbi.idlemode = value & 0x19;
+ break;
+
+ case 0x40: /* RFBI_CONTROL */
+ s->rfbi.control = value & 0xf;
+ s->rfbi.enable = value & 1;
+ if (value & (1 << 4) && /* ITE */
+ !(s->rfbi.config[0] & s->rfbi.config[1] & 0xc))
+ omap_rfbi_transfer_start(s);
+ break;
+
+ case 0x44: /* RFBI_PIXELCNT */
+ s->rfbi.pixels = value;
+ break;
+
+ case 0x48: /* RFBI_LINE_NUMBER */
+ s->rfbi.skiplines = value & 0x7ff;
+ break;
+
+ case 0x4c: /* RFBI_CMD */
+ if ((s->rfbi.control & (1 << 2)) && s->rfbi.chip[0])
+ s->rfbi.chip[0]->write(s->rfbi.chip[0]->opaque, 0, value & 0xffff);
+ if ((s->rfbi.control & (1 << 3)) && s->rfbi.chip[1])
+ s->rfbi.chip[1]->write(s->rfbi.chip[1]->opaque, 0, value & 0xffff);
+ break;
+ case 0x50: /* RFBI_PARAM */
+ if ((s->rfbi.control & (1 << 2)) && s->rfbi.chip[0])
+ s->rfbi.chip[0]->write(s->rfbi.chip[0]->opaque, 1, value & 0xffff);
+ if ((s->rfbi.control & (1 << 3)) && s->rfbi.chip[1])
+ s->rfbi.chip[1]->write(s->rfbi.chip[1]->opaque, 1, value & 0xffff);
+ break;
+ case 0x54: /* RFBI_DATA */
+ /* TODO: take into account the format set up in s->rfbi.config[?] and
+ * s->rfbi.data[?], but special-case the most usual scenario so that
+ * speed doesn't suffer. */
+ if ((s->rfbi.control & (1 << 2)) && s->rfbi.chip[0]) {
+ s->rfbi.chip[0]->write(s->rfbi.chip[0]->opaque, 1, value & 0xffff);
+ s->rfbi.chip[0]->write(s->rfbi.chip[0]->opaque, 1, value >> 16);
+ }
+ if ((s->rfbi.control & (1 << 3)) && s->rfbi.chip[1]) {
+ s->rfbi.chip[1]->write(s->rfbi.chip[1]->opaque, 1, value & 0xffff);
+ s->rfbi.chip[1]->write(s->rfbi.chip[1]->opaque, 1, value >> 16);
+ }
+ if (!-- s->rfbi.pixels)
+ omap_rfbi_transfer_stop(s);
+ break;
+ case 0x58: /* RFBI_READ */
+ if ((s->rfbi.control & (1 << 2)) && s->rfbi.chip[0])
+ s->rfbi.rxbuf = s->rfbi.chip[0]->read(s->rfbi.chip[0]->opaque, 1);
+ else if ((s->rfbi.control & (1 << 3)) && s->rfbi.chip[1])
+ s->rfbi.rxbuf = s->rfbi.chip[1]->read(s->rfbi.chip[1]->opaque, 1);
+ if (!-- s->rfbi.pixels)
+ omap_rfbi_transfer_stop(s);
+ break;
+
+ case 0x5c: /* RFBI_STATUS */
+ if ((s->rfbi.control & (1 << 2)) && s->rfbi.chip[0])
+ s->rfbi.rxbuf = s->rfbi.chip[0]->read(s->rfbi.chip[0]->opaque, 0);
+ else if ((s->rfbi.control & (1 << 3)) && s->rfbi.chip[1])
+ s->rfbi.rxbuf = s->rfbi.chip[1]->read(s->rfbi.chip[1]->opaque, 0);
+ if (!-- s->rfbi.pixels)
+ omap_rfbi_transfer_stop(s);
+ break;
+
+ case 0x60: /* RFBI_CONFIG0 */
+ s->rfbi.config[0] = value & 0x003f1fff;
+ break;
+
+ case 0x64: /* RFBI_ONOFF_TIME0 */
+ s->rfbi.time[0] = value & 0x3fffffff;
+ break;
+ case 0x68: /* RFBI_CYCLE_TIME0 */
+ s->rfbi.time[1] = value & 0x0fffffff;
+ break;
+ case 0x6c: /* RFBI_DATA_CYCLE1_0 */
+ s->rfbi.data[0] = value & 0x0f1f0f1f;
+ break;
+ case 0x70: /* RFBI_DATA_CYCLE2_0 */
+ s->rfbi.data[1] = value & 0x0f1f0f1f;
+ break;
+ case 0x74: /* RFBI_DATA_CYCLE3_0 */
+ s->rfbi.data[2] = value & 0x0f1f0f1f;
+ break;
+ case 0x78: /* RFBI_CONFIG1 */
+ s->rfbi.config[1] = value & 0x003f1fff;
+ break;
+
+ case 0x7c: /* RFBI_ONOFF_TIME1 */
+ s->rfbi.time[2] = value & 0x3fffffff;
+ break;
+ case 0x80: /* RFBI_CYCLE_TIME1 */
+ s->rfbi.time[3] = value & 0x0fffffff;
+ break;
+ case 0x84: /* RFBI_DATA_CYCLE1_1 */
+ s->rfbi.data[3] = value & 0x0f1f0f1f;
+ break;
+ case 0x88: /* RFBI_DATA_CYCLE2_1 */
+ s->rfbi.data[4] = value & 0x0f1f0f1f;
+ break;
+ case 0x8c: /* RFBI_DATA_CYCLE3_1 */
+ s->rfbi.data[5] = value & 0x0f1f0f1f;
+ break;
+
+ case 0x90: /* RFBI_VSYNC_WIDTH */
+ s->rfbi.vsync = value & 0xffff;
+ break;
+ case 0x94: /* RFBI_HSYNC_WIDTH */
+ s->rfbi.hsync = value & 0xffff;
+ break;
+
+ default:
+ OMAP_BAD_REG(addr);
+ }
+}
+
+static const MemoryRegionOps omap_rfbi_ops = {
+ .read = omap_rfbi_read,
+ .write = omap_rfbi_write,
+ .endianness = DEVICE_NATIVE_ENDIAN,
+};
+
+static uint64_t omap_venc_read(void *opaque, hwaddr addr,
+ unsigned size)
+{
+ if (size != 4) {
+ return omap_badwidth_read32(opaque, addr);
+ }
+
+ switch (addr) {
+ case 0x00: /* REV_ID */
+ case 0x04: /* STATUS */
+ case 0x08: /* F_CONTROL */
+ case 0x10: /* VIDOUT_CTRL */
+ case 0x14: /* SYNC_CTRL */
+ case 0x1c: /* LLEN */
+ case 0x20: /* FLENS */
+ case 0x24: /* HFLTR_CTRL */
+ case 0x28: /* CC_CARR_WSS_CARR */
+ case 0x2c: /* C_PHASE */
+ case 0x30: /* GAIN_U */
+ case 0x34: /* GAIN_V */
+ case 0x38: /* GAIN_Y */
+ case 0x3c: /* BLACK_LEVEL */
+ case 0x40: /* BLANK_LEVEL */
+ case 0x44: /* X_COLOR */
+ case 0x48: /* M_CONTROL */
+ case 0x4c: /* BSTAMP_WSS_DATA */
+ case 0x50: /* S_CARR */
+ case 0x54: /* LINE21 */
+ case 0x58: /* LN_SEL */
+ case 0x5c: /* L21__WC_CTL */
+ case 0x60: /* HTRIGGER_VTRIGGER */
+ case 0x64: /* SAVID__EAVID */
+ case 0x68: /* FLEN__FAL */
+ case 0x6c: /* LAL__PHASE_RESET */
+ case 0x70: /* HS_INT_START_STOP_X */
+ case 0x74: /* HS_EXT_START_STOP_X */
+ case 0x78: /* VS_INT_START_X */
+ case 0x7c: /* VS_INT_STOP_X__VS_INT_START_Y */
+ case 0x80: /* VS_INT_STOP_Y__VS_INT_START_X */
+ case 0x84: /* VS_EXT_STOP_X__VS_EXT_START_Y */
+ case 0x88: /* VS_EXT_STOP_Y */
+ case 0x90: /* AVID_START_STOP_X */
+ case 0x94: /* AVID_START_STOP_Y */
+ case 0xa0: /* FID_INT_START_X__FID_INT_START_Y */
+ case 0xa4: /* FID_INT_OFFSET_Y__FID_EXT_START_X */
+ case 0xa8: /* FID_EXT_START_Y__FID_EXT_OFFSET_Y */
+ case 0xb0: /* TVDETGP_INT_START_STOP_X */
+ case 0xb4: /* TVDETGP_INT_START_STOP_Y */
+ case 0xb8: /* GEN_CTRL */
+ case 0xc4: /* DAC_TST__DAC_A */
+ case 0xc8: /* DAC_B__DAC_C */
+ return 0;
+
+ default:
+ break;
+ }
+ OMAP_BAD_REG(addr);
+ return 0;
+}
+
+static void omap_venc_write(void *opaque, hwaddr addr,
+ uint64_t value, unsigned size)
+{
+ if (size != 4) {
+ return omap_badwidth_write32(opaque, addr, size);
+ }
+
+ switch (addr) {
+ case 0x08: /* F_CONTROL */
+ case 0x10: /* VIDOUT_CTRL */
+ case 0x14: /* SYNC_CTRL */
+ case 0x1c: /* LLEN */
+ case 0x20: /* FLENS */
+ case 0x24: /* HFLTR_CTRL */
+ case 0x28: /* CC_CARR_WSS_CARR */
+ case 0x2c: /* C_PHASE */
+ case 0x30: /* GAIN_U */
+ case 0x34: /* GAIN_V */
+ case 0x38: /* GAIN_Y */
+ case 0x3c: /* BLACK_LEVEL */
+ case 0x40: /* BLANK_LEVEL */
+ case 0x44: /* X_COLOR */
+ case 0x48: /* M_CONTROL */
+ case 0x4c: /* BSTAMP_WSS_DATA */
+ case 0x50: /* S_CARR */
+ case 0x54: /* LINE21 */
+ case 0x58: /* LN_SEL */
+ case 0x5c: /* L21__WC_CTL */
+ case 0x60: /* HTRIGGER_VTRIGGER */
+ case 0x64: /* SAVID__EAVID */
+ case 0x68: /* FLEN__FAL */
+ case 0x6c: /* LAL__PHASE_RESET */
+ case 0x70: /* HS_INT_START_STOP_X */
+ case 0x74: /* HS_EXT_START_STOP_X */
+ case 0x78: /* VS_INT_START_X */
+ case 0x7c: /* VS_INT_STOP_X__VS_INT_START_Y */
+ case 0x80: /* VS_INT_STOP_Y__VS_INT_START_X */
+ case 0x84: /* VS_EXT_STOP_X__VS_EXT_START_Y */
+ case 0x88: /* VS_EXT_STOP_Y */
+ case 0x90: /* AVID_START_STOP_X */
+ case 0x94: /* AVID_START_STOP_Y */
+ case 0xa0: /* FID_INT_START_X__FID_INT_START_Y */
+ case 0xa4: /* FID_INT_OFFSET_Y__FID_EXT_START_X */
+ case 0xa8: /* FID_EXT_START_Y__FID_EXT_OFFSET_Y */
+ case 0xb0: /* TVDETGP_INT_START_STOP_X */
+ case 0xb4: /* TVDETGP_INT_START_STOP_Y */
+ case 0xb8: /* GEN_CTRL */
+ case 0xc4: /* DAC_TST__DAC_A */
+ case 0xc8: /* DAC_B__DAC_C */
+ break;
+
+ default:
+ OMAP_BAD_REG(addr);
+ }
+}
+
+static const MemoryRegionOps omap_venc_ops = {
+ .read = omap_venc_read,
+ .write = omap_venc_write,
+ .endianness = DEVICE_NATIVE_ENDIAN,
+};
+
+static uint64_t omap_im3_read(void *opaque, hwaddr addr,
+ unsigned size)
+{
+ if (size != 4) {
+ return omap_badwidth_read32(opaque, addr);
+ }
+
+ switch (addr) {
+ case 0x0a8: /* SBIMERRLOGA */
+ case 0x0b0: /* SBIMERRLOG */
+ case 0x190: /* SBIMSTATE */
+ case 0x198: /* SBTMSTATE_L */
+ case 0x19c: /* SBTMSTATE_H */
+ case 0x1a8: /* SBIMCONFIG_L */
+ case 0x1ac: /* SBIMCONFIG_H */
+ case 0x1f8: /* SBID_L */
+ case 0x1fc: /* SBID_H */
+ return 0;
+
+ default:
+ break;
+ }
+ OMAP_BAD_REG(addr);
+ return 0;
+}
+
+static void omap_im3_write(void *opaque, hwaddr addr,
+ uint64_t value, unsigned size)
+{
+ if (size != 4) {
+ return omap_badwidth_write32(opaque, addr, value);
+ }
+
+ switch (addr) {
+ case 0x0b0: /* SBIMERRLOG */
+ case 0x190: /* SBIMSTATE */
+ case 0x198: /* SBTMSTATE_L */
+ case 0x19c: /* SBTMSTATE_H */
+ case 0x1a8: /* SBIMCONFIG_L */
+ case 0x1ac: /* SBIMCONFIG_H */
+ break;
+
+ default:
+ OMAP_BAD_REG(addr);
+ }
+}
+
+static const MemoryRegionOps omap_im3_ops = {
+ .read = omap_im3_read,
+ .write = omap_im3_write,
+ .endianness = DEVICE_NATIVE_ENDIAN,
+};
+
+struct omap_dss_s *omap_dss_init(struct omap_target_agent_s *ta,
+ MemoryRegion *sysmem,
+ hwaddr l3_base,
+ qemu_irq irq, qemu_irq drq,
+ omap_clk fck1, omap_clk fck2, omap_clk ck54m,
+ omap_clk ick1, omap_clk ick2)
+{
+ struct omap_dss_s *s = (struct omap_dss_s *)
+ g_malloc0(sizeof(struct omap_dss_s));
+
+ s->irq = irq;
+ s->drq = drq;
+ omap_dss_reset(s);
+
+ memory_region_init_io(&s->iomem_diss1, NULL, &omap_diss_ops, s, "omap.diss1",
+ omap_l4_region_size(ta, 0));
+ memory_region_init_io(&s->iomem_disc1, NULL, &omap_disc_ops, s, "omap.disc1",
+ omap_l4_region_size(ta, 1));
+ memory_region_init_io(&s->iomem_rfbi1, NULL, &omap_rfbi_ops, s, "omap.rfbi1",
+ omap_l4_region_size(ta, 2));
+ memory_region_init_io(&s->iomem_venc1, NULL, &omap_venc_ops, s, "omap.venc1",
+ omap_l4_region_size(ta, 3));
+ memory_region_init_io(&s->iomem_im3, NULL, &omap_im3_ops, s,
+ "omap.im3", 0x1000);
+
+ omap_l4_attach(ta, 0, &s->iomem_diss1);
+ omap_l4_attach(ta, 1, &s->iomem_disc1);
+ omap_l4_attach(ta, 2, &s->iomem_rfbi1);
+ omap_l4_attach(ta, 3, &s->iomem_venc1);
+ memory_region_add_subregion(sysmem, l3_base, &s->iomem_im3);
+
+#if 0
+ s->state = graphic_console_init(omap_update_display,
+ omap_invalidate_display, omap_screen_dump, s);
+#endif
+
+ return s;
+}
+
+void omap_rfbi_attach(struct omap_dss_s *s, int cs, struct rfbi_chip_s *chip)
+{
+ if (cs < 0 || cs > 1)
+ hw_error("%s: wrong CS %i\n", __FUNCTION__, cs);
+ s->rfbi.chip[cs] = chip;
+}
diff --git a/hw/omap_lcd_template.h b/hw/display/omap_lcd_template.h
index 2fb96f83a..2fb96f83a 100644
--- a/hw/omap_lcd_template.h
+++ b/hw/display/omap_lcd_template.h
diff --git a/hw/display/omap_lcdc.c b/hw/display/omap_lcdc.c
new file mode 100644
index 000000000..c3b9b6897
--- /dev/null
+++ b/hw/display/omap_lcdc.c
@@ -0,0 +1,412 @@
+/*
+ * OMAP LCD controller.
+ *
+ * Copyright (C) 2006-2007 Andrzej Zaborowski <balrog@zabor.org>
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License as
+ * published by the Free Software Foundation; either version 2 of
+ * the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+#include "hw/hw.h"
+#include "ui/console.h"
+#include "hw/arm/omap.h"
+#include "framebuffer.h"
+#include "ui/pixel_ops.h"
+
+struct omap_lcd_panel_s {
+ MemoryRegion *sysmem;
+ MemoryRegion iomem;
+ qemu_irq irq;
+ QemuConsole *con;
+
+ int plm;
+ int tft;
+ int mono;
+ int enable;
+ int width;
+ int height;
+ int interrupts;
+ uint32_t timing[3];
+ uint32_t subpanel;
+ uint32_t ctrl;
+
+ struct omap_dma_lcd_channel_s *dma;
+ uint16_t palette[256];
+ int palette_done;
+ int frame_done;
+ int invalidate;
+ int sync_error;
+};
+
+static void omap_lcd_interrupts(struct omap_lcd_panel_s *s)
+{
+ if (s->frame_done && (s->interrupts & 1)) {
+ qemu_irq_raise(s->irq);
+ return;
+ }
+
+ if (s->palette_done && (s->interrupts & 2)) {
+ qemu_irq_raise(s->irq);
+ return;
+ }
+
+ if (s->sync_error) {
+ qemu_irq_raise(s->irq);
+ return;
+ }
+
+ qemu_irq_lower(s->irq);
+}
+
+#define draw_line_func drawfn
+
+#define DEPTH 8
+#include "omap_lcd_template.h"
+#define DEPTH 15
+#include "omap_lcd_template.h"
+#define DEPTH 16
+#include "omap_lcd_template.h"
+#define DEPTH 32
+#include "omap_lcd_template.h"
+
+static draw_line_func draw_line_table2[33] = {
+ [0 ... 32] = NULL,
+ [8] = draw_line2_8,
+ [15] = draw_line2_15,
+ [16] = draw_line2_16,
+ [32] = draw_line2_32,
+}, draw_line_table4[33] = {
+ [0 ... 32] = NULL,
+ [8] = draw_line4_8,
+ [15] = draw_line4_15,
+ [16] = draw_line4_16,
+ [32] = draw_line4_32,
+}, draw_line_table8[33] = {
+ [0 ... 32] = NULL,
+ [8] = draw_line8_8,
+ [15] = draw_line8_15,
+ [16] = draw_line8_16,
+ [32] = draw_line8_32,
+}, draw_line_table12[33] = {
+ [0 ... 32] = NULL,
+ [8] = draw_line12_8,
+ [15] = draw_line12_15,
+ [16] = draw_line12_16,
+ [32] = draw_line12_32,
+}, draw_line_table16[33] = {
+ [0 ... 32] = NULL,
+ [8] = draw_line16_8,
+ [15] = draw_line16_15,
+ [16] = draw_line16_16,
+ [32] = draw_line16_32,
+};
+
+static void omap_update_display(void *opaque)
+{
+ struct omap_lcd_panel_s *omap_lcd = (struct omap_lcd_panel_s *) opaque;
+ DisplaySurface *surface = qemu_console_surface(omap_lcd->con);
+ draw_line_func draw_line;
+ int size, height, first, last;
+ int width, linesize, step, bpp, frame_offset;
+ hwaddr frame_base;
+
+ if (!omap_lcd || omap_lcd->plm == 1 || !omap_lcd->enable ||
+ !surface_bits_per_pixel(surface)) {
+ return;
+ }
+
+ frame_offset = 0;
+ if (omap_lcd->plm != 2) {
+ cpu_physical_memory_read(omap_lcd->dma->phys_framebuffer[
+ omap_lcd->dma->current_frame],
+ (void *)omap_lcd->palette, 0x200);
+ switch (omap_lcd->palette[0] >> 12 & 7) {
+ case 3 ... 7:
+ frame_offset += 0x200;
+ break;
+ default:
+ frame_offset += 0x20;
+ }
+ }
+
+ /* Colour depth */
+ switch ((omap_lcd->palette[0] >> 12) & 7) {
+ case 1:
+ draw_line = draw_line_table2[surface_bits_per_pixel(surface)];
+ bpp = 2;
+ break;
+
+ case 2:
+ draw_line = draw_line_table4[surface_bits_per_pixel(surface)];
+ bpp = 4;
+ break;
+
+ case 3:
+ draw_line = draw_line_table8[surface_bits_per_pixel(surface)];
+ bpp = 8;
+ break;
+
+ case 4 ... 7:
+ if (!omap_lcd->tft)
+ draw_line = draw_line_table12[surface_bits_per_pixel(surface)];
+ else
+ draw_line = draw_line_table16[surface_bits_per_pixel(surface)];
+ bpp = 16;
+ break;
+
+ default:
+ /* Unsupported at the moment. */
+ return;
+ }
+
+ /* Resolution */
+ width = omap_lcd->width;
+ if (width != surface_width(surface) ||
+ omap_lcd->height != surface_height(surface)) {
+ qemu_console_resize(omap_lcd->con,
+ omap_lcd->width, omap_lcd->height);
+ surface = qemu_console_surface(omap_lcd->con);
+ omap_lcd->invalidate = 1;
+ }
+
+ if (omap_lcd->dma->current_frame == 0)
+ size = omap_lcd->dma->src_f1_bottom - omap_lcd->dma->src_f1_top;
+ else
+ size = omap_lcd->dma->src_f2_bottom - omap_lcd->dma->src_f2_top;
+
+ if (frame_offset + ((width * omap_lcd->height * bpp) >> 3) > size + 2) {
+ omap_lcd->sync_error = 1;
+ omap_lcd_interrupts(omap_lcd);
+ omap_lcd->enable = 0;
+ return;
+ }
+
+ /* Content */
+ frame_base = omap_lcd->dma->phys_framebuffer[
+ omap_lcd->dma->current_frame] + frame_offset;
+ omap_lcd->dma->condition |= 1 << omap_lcd->dma->current_frame;
+ if (omap_lcd->dma->interrupts & 1)
+ qemu_irq_raise(omap_lcd->dma->irq);
+ if (omap_lcd->dma->dual)
+ omap_lcd->dma->current_frame ^= 1;
+
+ if (!surface_bits_per_pixel(surface)) {
+ return;
+ }
+
+ first = 0;
+ height = omap_lcd->height;
+ if (omap_lcd->subpanel & (1 << 31)) {
+ if (omap_lcd->subpanel & (1 << 29))
+ first = (omap_lcd->subpanel >> 16) & 0x3ff;
+ else
+ height = (omap_lcd->subpanel >> 16) & 0x3ff;
+ /* TODO: fill the rest of the panel with DPD */
+ }
+
+ step = width * bpp >> 3;
+ linesize = surface_stride(surface);
+ framebuffer_update_display(surface, omap_lcd->sysmem,
+ frame_base, width, height,
+ step, linesize, 0,
+ omap_lcd->invalidate,
+ draw_line, omap_lcd->palette,
+ &first, &last);
+ if (first >= 0) {
+ dpy_gfx_update(omap_lcd->con, 0, first, width, last - first + 1);
+ }
+ omap_lcd->invalidate = 0;
+}
+
+static void omap_invalidate_display(void *opaque) {
+ struct omap_lcd_panel_s *omap_lcd = opaque;
+ omap_lcd->invalidate = 1;
+}
+
+static void omap_lcd_update(struct omap_lcd_panel_s *s) {
+ if (!s->enable) {
+ s->dma->current_frame = -1;
+ s->sync_error = 0;
+ if (s->plm != 1)
+ s->frame_done = 1;
+ omap_lcd_interrupts(s);
+ return;
+ }
+
+ if (s->dma->current_frame == -1) {
+ s->frame_done = 0;
+ s->palette_done = 0;
+ s->dma->current_frame = 0;
+ }
+
+ if (!s->dma->mpu->port[s->dma->src].addr_valid(s->dma->mpu,
+ s->dma->src_f1_top) ||
+ !s->dma->mpu->port[
+ s->dma->src].addr_valid(s->dma->mpu,
+ s->dma->src_f1_bottom) ||
+ (s->dma->dual &&
+ (!s->dma->mpu->port[
+ s->dma->src].addr_valid(s->dma->mpu,
+ s->dma->src_f2_top) ||
+ !s->dma->mpu->port[
+ s->dma->src].addr_valid(s->dma->mpu,
+ s->dma->src_f2_bottom)))) {
+ s->dma->condition |= 1 << 2;
+ if (s->dma->interrupts & (1 << 1))
+ qemu_irq_raise(s->dma->irq);
+ s->enable = 0;
+ return;
+ }
+
+ s->dma->phys_framebuffer[0] = s->dma->src_f1_top;
+ s->dma->phys_framebuffer[1] = s->dma->src_f2_top;
+
+ if (s->plm != 2 && !s->palette_done) {
+ cpu_physical_memory_read(
+ s->dma->phys_framebuffer[s->dma->current_frame],
+ (void *)s->palette, 0x200);
+ s->palette_done = 1;
+ omap_lcd_interrupts(s);
+ }
+}
+
+static uint64_t omap_lcdc_read(void *opaque, hwaddr addr,
+ unsigned size)
+{
+ struct omap_lcd_panel_s *s = (struct omap_lcd_panel_s *) opaque;
+
+ switch (addr) {
+ case 0x00: /* LCD_CONTROL */
+ return (s->tft << 23) | (s->plm << 20) |
+ (s->tft << 7) | (s->interrupts << 3) |
+ (s->mono << 1) | s->enable | s->ctrl | 0xfe000c34;
+
+ case 0x04: /* LCD_TIMING0 */
+ return (s->timing[0] << 10) | (s->width - 1) | 0x0000000f;
+
+ case 0x08: /* LCD_TIMING1 */
+ return (s->timing[1] << 10) | (s->height - 1);
+
+ case 0x0c: /* LCD_TIMING2 */
+ return s->timing[2] | 0xfc000000;
+
+ case 0x10: /* LCD_STATUS */
+ return (s->palette_done << 6) | (s->sync_error << 2) | s->frame_done;
+
+ case 0x14: /* LCD_SUBPANEL */
+ return s->subpanel;
+
+ default:
+ break;
+ }
+ OMAP_BAD_REG(addr);
+ return 0;
+}
+
+static void omap_lcdc_write(void *opaque, hwaddr addr,
+ uint64_t value, unsigned size)
+{
+ struct omap_lcd_panel_s *s = (struct omap_lcd_panel_s *) opaque;
+
+ switch (addr) {
+ case 0x00: /* LCD_CONTROL */
+ s->plm = (value >> 20) & 3;
+ s->tft = (value >> 7) & 1;
+ s->interrupts = (value >> 3) & 3;
+ s->mono = (value >> 1) & 1;
+ s->ctrl = value & 0x01cff300;
+ if (s->enable != (value & 1)) {
+ s->enable = value & 1;
+ omap_lcd_update(s);
+ }
+ break;
+
+ case 0x04: /* LCD_TIMING0 */
+ s->timing[0] = value >> 10;
+ s->width = (value & 0x3ff) + 1;
+ break;
+
+ case 0x08: /* LCD_TIMING1 */
+ s->timing[1] = value >> 10;
+ s->height = (value & 0x3ff) + 1;
+ break;
+
+ case 0x0c: /* LCD_TIMING2 */
+ s->timing[2] = value;
+ break;
+
+ case 0x10: /* LCD_STATUS */
+ break;
+
+ case 0x14: /* LCD_SUBPANEL */
+ s->subpanel = value & 0xa1ffffff;
+ break;
+
+ default:
+ OMAP_BAD_REG(addr);
+ }
+}
+
+static const MemoryRegionOps omap_lcdc_ops = {
+ .read = omap_lcdc_read,
+ .write = omap_lcdc_write,
+ .endianness = DEVICE_NATIVE_ENDIAN,
+};
+
+void omap_lcdc_reset(struct omap_lcd_panel_s *s)
+{
+ s->dma->current_frame = -1;
+ s->plm = 0;
+ s->tft = 0;
+ s->mono = 0;
+ s->enable = 0;
+ s->width = 0;
+ s->height = 0;
+ s->interrupts = 0;
+ s->timing[0] = 0;
+ s->timing[1] = 0;
+ s->timing[2] = 0;
+ s->subpanel = 0;
+ s->palette_done = 0;
+ s->frame_done = 0;
+ s->sync_error = 0;
+ s->invalidate = 1;
+ s->subpanel = 0;
+ s->ctrl = 0;
+}
+
+static const GraphicHwOps omap_ops = {
+ .invalidate = omap_invalidate_display,
+ .gfx_update = omap_update_display,
+};
+
+struct omap_lcd_panel_s *omap_lcdc_init(MemoryRegion *sysmem,
+ hwaddr base,
+ qemu_irq irq,
+ struct omap_dma_lcd_channel_s *dma,
+ omap_clk clk)
+{
+ struct omap_lcd_panel_s *s = (struct omap_lcd_panel_s *)
+ g_malloc0(sizeof(struct omap_lcd_panel_s));
+
+ s->irq = irq;
+ s->dma = dma;
+ s->sysmem = sysmem;
+ omap_lcdc_reset(s);
+
+ memory_region_init_io(&s->iomem, NULL, &omap_lcdc_ops, s, "omap.lcdc", 0x100);
+ memory_region_add_subregion(sysmem, base, &s->iomem);
+
+ s->con = graphic_console_init(NULL, &omap_ops, s);
+
+ return s;
+}
diff --git a/hw/display/pl110.c b/hw/display/pl110.c
new file mode 100644
index 000000000..e79ab4bbd
--- /dev/null
+++ b/hw/display/pl110.c
@@ -0,0 +1,532 @@
+/*
+ * Arm PrimeCell PL110 Color LCD Controller
+ *
+ * Copyright (c) 2005-2009 CodeSourcery.
+ * Written by Paul Brook
+ *
+ * This code is licensed under the GNU LGPL
+ */
+
+#include "hw/sysbus.h"
+#include "ui/console.h"
+#include "framebuffer.h"
+#include "ui/pixel_ops.h"
+
+#define PL110_CR_EN 0x001
+#define PL110_CR_BGR 0x100
+#define PL110_CR_BEBO 0x200
+#define PL110_CR_BEPO 0x400
+#define PL110_CR_PWR 0x800
+
+enum pl110_bppmode
+{
+ BPP_1,
+ BPP_2,
+ BPP_4,
+ BPP_8,
+ BPP_16,
+ BPP_32,
+ BPP_16_565, /* PL111 only */
+ BPP_12 /* PL111 only */
+};
+
+
+/* The Versatile/PB uses a slightly modified PL110 controller. */
+enum pl110_version
+{
+ PL110,
+ PL110_VERSATILE,
+ PL111
+};
+
+#define TYPE_PL110 "pl110"
+#define PL110(obj) OBJECT_CHECK(PL110State, (obj), TYPE_PL110)
+
+typedef struct PL110State {
+ SysBusDevice parent_obj;
+
+ MemoryRegion iomem;
+ QemuConsole *con;
+
+ int version;
+ uint32_t timing[4];
+ uint32_t cr;
+ uint32_t upbase;
+ uint32_t lpbase;
+ uint32_t int_status;
+ uint32_t int_mask;
+ int cols;
+ int rows;
+ enum pl110_bppmode bpp;
+ int invalidate;
+ uint32_t mux_ctrl;
+ uint32_t palette[256];
+ uint32_t raw_palette[128];
+ qemu_irq irq;
+} PL110State;
+
+static int vmstate_pl110_post_load(void *opaque, int version_id);
+
+static const VMStateDescription vmstate_pl110 = {
+ .name = "pl110",
+ .version_id = 2,
+ .minimum_version_id = 1,
+ .post_load = vmstate_pl110_post_load,
+ .fields = (VMStateField[]) {
+ VMSTATE_INT32(version, PL110State),
+ VMSTATE_UINT32_ARRAY(timing, PL110State, 4),
+ VMSTATE_UINT32(cr, PL110State),
+ VMSTATE_UINT32(upbase, PL110State),
+ VMSTATE_UINT32(lpbase, PL110State),
+ VMSTATE_UINT32(int_status, PL110State),
+ VMSTATE_UINT32(int_mask, PL110State),
+ VMSTATE_INT32(cols, PL110State),
+ VMSTATE_INT32(rows, PL110State),
+ VMSTATE_UINT32(bpp, PL110State),
+ VMSTATE_INT32(invalidate, PL110State),
+ VMSTATE_UINT32_ARRAY(palette, PL110State, 256),
+ VMSTATE_UINT32_ARRAY(raw_palette, PL110State, 128),
+ VMSTATE_UINT32_V(mux_ctrl, PL110State, 2),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+static const unsigned char pl110_id[] =
+{ 0x10, 0x11, 0x04, 0x00, 0x0d, 0xf0, 0x05, 0xb1 };
+
+/* The Arm documentation (DDI0224C) says the CLDC on the Versatile board
+ has a different ID. However Linux only looks for the normal ID. */
+#if 0
+static const unsigned char pl110_versatile_id[] =
+{ 0x93, 0x10, 0x04, 0x00, 0x0d, 0xf0, 0x05, 0xb1 };
+#else
+#define pl110_versatile_id pl110_id
+#endif
+
+static const unsigned char pl111_id[] = {
+ 0x11, 0x11, 0x24, 0x00, 0x0d, 0xf0, 0x05, 0xb1
+};
+
+/* Indexed by pl110_version */
+static const unsigned char *idregs[] = {
+ pl110_id,
+ pl110_versatile_id,
+ pl111_id
+};
+
+#define BITS 8
+#include "pl110_template.h"
+#define BITS 15
+#include "pl110_template.h"
+#define BITS 16
+#include "pl110_template.h"
+#define BITS 24
+#include "pl110_template.h"
+#define BITS 32
+#include "pl110_template.h"
+
+static int pl110_enabled(PL110State *s)
+{
+ return (s->cr & PL110_CR_EN) && (s->cr & PL110_CR_PWR);
+}
+
+static void pl110_update_display(void *opaque)
+{
+ PL110State *s = (PL110State *)opaque;
+ SysBusDevice *sbd;
+ DisplaySurface *surface = qemu_console_surface(s->con);
+ drawfn* fntable;
+ drawfn fn;
+ int dest_width;
+ int src_width;
+ int bpp_offset;
+ int first;
+ int last;
+
+ if (!pl110_enabled(s)) {
+ return;
+ }
+
+ sbd = SYS_BUS_DEVICE(s);
+
+ switch (surface_bits_per_pixel(surface)) {
+ case 0:
+ return;
+ case 8:
+ fntable = pl110_draw_fn_8;
+ dest_width = 1;
+ break;
+ case 15:
+ fntable = pl110_draw_fn_15;
+ dest_width = 2;
+ break;
+ case 16:
+ fntable = pl110_draw_fn_16;
+ dest_width = 2;
+ break;
+ case 24:
+ fntable = pl110_draw_fn_24;
+ dest_width = 3;
+ break;
+ case 32:
+ fntable = pl110_draw_fn_32;
+ dest_width = 4;
+ break;
+ default:
+ fprintf(stderr, "pl110: Bad color depth\n");
+ exit(1);
+ }
+ if (s->cr & PL110_CR_BGR)
+ bpp_offset = 0;
+ else
+ bpp_offset = 24;
+
+ if ((s->version != PL111) && (s->bpp == BPP_16)) {
+ /* The PL110's native 16 bit mode is 5551; however
+ * most boards with a PL110 implement an external
+ * mux which allows bits to be reshuffled to give
+ * 565 format. The mux is typically controlled by
+ * an external system register.
+ * This is controlled by a GPIO input pin
+ * so boards can wire it up to their register.
+ *
+ * The PL111 straightforwardly implements both
+ * 5551 and 565 under control of the bpp field
+ * in the LCDControl register.
+ */
+ switch (s->mux_ctrl) {
+ case 3: /* 565 BGR */
+ bpp_offset = (BPP_16_565 - BPP_16);
+ break;
+ case 1: /* 5551 */
+ break;
+ case 0: /* 888; also if we have loaded vmstate from an old version */
+ case 2: /* 565 RGB */
+ default:
+ /* treat as 565 but honour BGR bit */
+ bpp_offset += (BPP_16_565 - BPP_16);
+ break;
+ }
+ }
+
+ if (s->cr & PL110_CR_BEBO)
+ fn = fntable[s->bpp + 8 + bpp_offset];
+ else if (s->cr & PL110_CR_BEPO)
+ fn = fntable[s->bpp + 16 + bpp_offset];
+ else
+ fn = fntable[s->bpp + bpp_offset];
+
+ src_width = s->cols;
+ switch (s->bpp) {
+ case BPP_1:
+ src_width >>= 3;
+ break;
+ case BPP_2:
+ src_width >>= 2;
+ break;
+ case BPP_4:
+ src_width >>= 1;
+ break;
+ case BPP_8:
+ break;
+ case BPP_16:
+ case BPP_16_565:
+ case BPP_12:
+ src_width <<= 1;
+ break;
+ case BPP_32:
+ src_width <<= 2;
+ break;
+ }
+ dest_width *= s->cols;
+ first = 0;
+ framebuffer_update_display(surface, sysbus_address_space(sbd),
+ s->upbase, s->cols, s->rows,
+ src_width, dest_width, 0,
+ s->invalidate,
+ fn, s->palette,
+ &first, &last);
+ if (first >= 0) {
+ dpy_gfx_update(s->con, 0, first, s->cols, last - first + 1);
+ }
+ s->invalidate = 0;
+}
+
+static void pl110_invalidate_display(void * opaque)
+{
+ PL110State *s = (PL110State *)opaque;
+ s->invalidate = 1;
+ if (pl110_enabled(s)) {
+ qemu_console_resize(s->con, s->cols, s->rows);
+ }
+}
+
+static void pl110_update_palette(PL110State *s, int n)
+{
+ DisplaySurface *surface = qemu_console_surface(s->con);
+ int i;
+ uint32_t raw;
+ unsigned int r, g, b;
+
+ raw = s->raw_palette[n];
+ n <<= 1;
+ for (i = 0; i < 2; i++) {
+ r = (raw & 0x1f) << 3;
+ raw >>= 5;
+ g = (raw & 0x1f) << 3;
+ raw >>= 5;
+ b = (raw & 0x1f) << 3;
+ /* The I bit is ignored. */
+ raw >>= 6;
+ switch (surface_bits_per_pixel(surface)) {
+ case 8:
+ s->palette[n] = rgb_to_pixel8(r, g, b);
+ break;
+ case 15:
+ s->palette[n] = rgb_to_pixel15(r, g, b);
+ break;
+ case 16:
+ s->palette[n] = rgb_to_pixel16(r, g, b);
+ break;
+ case 24:
+ case 32:
+ s->palette[n] = rgb_to_pixel32(r, g, b);
+ break;
+ }
+ n++;
+ }
+}
+
+static void pl110_resize(PL110State *s, int width, int height)
+{
+ if (width != s->cols || height != s->rows) {
+ if (pl110_enabled(s)) {
+ qemu_console_resize(s->con, width, height);
+ }
+ }
+ s->cols = width;
+ s->rows = height;
+}
+
+/* Update interrupts. */
+static void pl110_update(PL110State *s)
+{
+ /* TODO: Implement interrupts. */
+}
+
+static uint64_t pl110_read(void *opaque, hwaddr offset,
+ unsigned size)
+{
+ PL110State *s = (PL110State *)opaque;
+
+ if (offset >= 0xfe0 && offset < 0x1000) {
+ return idregs[s->version][(offset - 0xfe0) >> 2];
+ }
+ if (offset >= 0x200 && offset < 0x400) {
+ return s->raw_palette[(offset - 0x200) >> 2];
+ }
+ switch (offset >> 2) {
+ case 0: /* LCDTiming0 */
+ return s->timing[0];
+ case 1: /* LCDTiming1 */
+ return s->timing[1];
+ case 2: /* LCDTiming2 */
+ return s->timing[2];
+ case 3: /* LCDTiming3 */
+ return s->timing[3];
+ case 4: /* LCDUPBASE */
+ return s->upbase;
+ case 5: /* LCDLPBASE */
+ return s->lpbase;
+ case 6: /* LCDIMSC */
+ if (s->version != PL110) {
+ return s->cr;
+ }
+ return s->int_mask;
+ case 7: /* LCDControl */
+ if (s->version != PL110) {
+ return s->int_mask;
+ }
+ return s->cr;
+ case 8: /* LCDRIS */
+ return s->int_status;
+ case 9: /* LCDMIS */
+ return s->int_status & s->int_mask;
+ case 11: /* LCDUPCURR */
+ /* TODO: Implement vertical refresh. */
+ return s->upbase;
+ case 12: /* LCDLPCURR */
+ return s->lpbase;
+ default:
+ qemu_log_mask(LOG_GUEST_ERROR,
+ "pl110_read: Bad offset %x\n", (int)offset);
+ return 0;
+ }
+}
+
+static void pl110_write(void *opaque, hwaddr offset,
+ uint64_t val, unsigned size)
+{
+ PL110State *s = (PL110State *)opaque;
+ int n;
+
+ /* For simplicity invalidate the display whenever a control register
+ is written to. */
+ s->invalidate = 1;
+ if (offset >= 0x200 && offset < 0x400) {
+ /* Palette. */
+ n = (offset - 0x200) >> 2;
+ s->raw_palette[(offset - 0x200) >> 2] = val;
+ pl110_update_palette(s, n);
+ return;
+ }
+ switch (offset >> 2) {
+ case 0: /* LCDTiming0 */
+ s->timing[0] = val;
+ n = ((val & 0xfc) + 4) * 4;
+ pl110_resize(s, n, s->rows);
+ break;
+ case 1: /* LCDTiming1 */
+ s->timing[1] = val;
+ n = (val & 0x3ff) + 1;
+ pl110_resize(s, s->cols, n);
+ break;
+ case 2: /* LCDTiming2 */
+ s->timing[2] = val;
+ break;
+ case 3: /* LCDTiming3 */
+ s->timing[3] = val;
+ break;
+ case 4: /* LCDUPBASE */
+ s->upbase = val;
+ break;
+ case 5: /* LCDLPBASE */
+ s->lpbase = val;
+ break;
+ case 6: /* LCDIMSC */
+ if (s->version != PL110) {
+ goto control;
+ }
+ imsc:
+ s->int_mask = val;
+ pl110_update(s);
+ break;
+ case 7: /* LCDControl */
+ if (s->version != PL110) {
+ goto imsc;
+ }
+ control:
+ s->cr = val;
+ s->bpp = (val >> 1) & 7;
+ if (pl110_enabled(s)) {
+ qemu_console_resize(s->con, s->cols, s->rows);
+ }
+ break;
+ case 10: /* LCDICR */
+ s->int_status &= ~val;
+ pl110_update(s);
+ break;
+ default:
+ qemu_log_mask(LOG_GUEST_ERROR,
+ "pl110_write: Bad offset %x\n", (int)offset);
+ }
+}
+
+static const MemoryRegionOps pl110_ops = {
+ .read = pl110_read,
+ .write = pl110_write,
+ .endianness = DEVICE_NATIVE_ENDIAN,
+};
+
+static void pl110_mux_ctrl_set(void *opaque, int line, int level)
+{
+ PL110State *s = (PL110State *)opaque;
+ s->mux_ctrl = level;
+}
+
+static int vmstate_pl110_post_load(void *opaque, int version_id)
+{
+ PL110State *s = opaque;
+ /* Make sure we redraw, and at the right size */
+ pl110_invalidate_display(s);
+ return 0;
+}
+
+static const GraphicHwOps pl110_gfx_ops = {
+ .invalidate = pl110_invalidate_display,
+ .gfx_update = pl110_update_display,
+};
+
+static int pl110_initfn(SysBusDevice *sbd)
+{
+ DeviceState *dev = DEVICE(sbd);
+ PL110State *s = PL110(dev);
+
+ memory_region_init_io(&s->iomem, OBJECT(s), &pl110_ops, s, "pl110", 0x1000);
+ sysbus_init_mmio(sbd, &s->iomem);
+ sysbus_init_irq(sbd, &s->irq);
+ qdev_init_gpio_in(dev, pl110_mux_ctrl_set, 1);
+ s->con = graphic_console_init(dev, &pl110_gfx_ops, s);
+ return 0;
+}
+
+static void pl110_init(Object *obj)
+{
+ PL110State *s = PL110(obj);
+
+ s->version = PL110;
+}
+
+static void pl110_versatile_init(Object *obj)
+{
+ PL110State *s = PL110(obj);
+
+ s->version = PL110_VERSATILE;
+}
+
+static void pl111_init(Object *obj)
+{
+ PL110State *s = PL110(obj);
+
+ s->version = PL111;
+}
+
+static void pl110_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
+
+ k->init = pl110_initfn;
+ set_bit(DEVICE_CATEGORY_DISPLAY, dc->categories);
+ dc->no_user = 1;
+ dc->vmsd = &vmstate_pl110;
+}
+
+static const TypeInfo pl110_info = {
+ .name = TYPE_PL110,
+ .parent = TYPE_SYS_BUS_DEVICE,
+ .instance_size = sizeof(PL110State),
+ .instance_init = pl110_init,
+ .class_init = pl110_class_init,
+};
+
+static const TypeInfo pl110_versatile_info = {
+ .name = "pl110_versatile",
+ .parent = TYPE_PL110,
+ .instance_init = pl110_versatile_init,
+};
+
+static const TypeInfo pl111_info = {
+ .name = "pl111",
+ .parent = TYPE_PL110,
+ .instance_init = pl111_init,
+};
+
+static void pl110_register_types(void)
+{
+ type_register_static(&pl110_info);
+ type_register_static(&pl110_versatile_info);
+ type_register_static(&pl111_info);
+}
+
+type_init(pl110_register_types)
diff --git a/hw/pl110_template.h b/hw/display/pl110_template.h
index e738e4a24..e738e4a24 100644
--- a/hw/pl110_template.h
+++ b/hw/display/pl110_template.h
diff --git a/hw/display/pxa2xx_lcd.c b/hw/display/pxa2xx_lcd.c
new file mode 100644
index 000000000..990931ae4
--- /dev/null
+++ b/hw/display/pxa2xx_lcd.c
@@ -0,0 +1,1061 @@
+/*
+ * Intel XScale PXA255/270 LCDC emulation.
+ *
+ * Copyright (c) 2006 Openedhand Ltd.
+ * Written by Andrzej Zaborowski <balrog@zabor.org>
+ *
+ * This code is licensed under the GPLv2.
+ *
+ * Contributions after 2012-01-13 are licensed under the terms of the
+ * GNU GPL, version 2 or (at your option) any later version.
+ */
+
+#include "hw/hw.h"
+#include "ui/console.h"
+#include "hw/arm/pxa.h"
+#include "ui/pixel_ops.h"
+/* FIXME: For graphic_rotate. Should probably be done in common code. */
+#include "sysemu/sysemu.h"
+#include "framebuffer.h"
+
+struct DMAChannel {
+ uint32_t branch;
+ uint8_t up;
+ uint8_t palette[1024];
+ uint8_t pbuffer[1024];
+ void (*redraw)(PXA2xxLCDState *s, hwaddr addr,
+ int *miny, int *maxy);
+
+ uint32_t descriptor;
+ uint32_t source;
+ uint32_t id;
+ uint32_t command;
+};
+
+struct PXA2xxLCDState {
+ MemoryRegion *sysmem;
+ MemoryRegion iomem;
+ qemu_irq irq;
+ int irqlevel;
+
+ int invalidated;
+ QemuConsole *con;
+ drawfn *line_fn[2];
+ int dest_width;
+ int xres, yres;
+ int pal_for;
+ int transp;
+ enum {
+ pxa_lcdc_2bpp = 1,
+ pxa_lcdc_4bpp = 2,
+ pxa_lcdc_8bpp = 3,
+ pxa_lcdc_16bpp = 4,
+ pxa_lcdc_18bpp = 5,
+ pxa_lcdc_18pbpp = 6,
+ pxa_lcdc_19bpp = 7,
+ pxa_lcdc_19pbpp = 8,
+ pxa_lcdc_24bpp = 9,
+ pxa_lcdc_25bpp = 10,
+ } bpp;
+
+ uint32_t control[6];
+ uint32_t status[2];
+ uint32_t ovl1c[2];
+ uint32_t ovl2c[2];
+ uint32_t ccr;
+ uint32_t cmdcr;
+ uint32_t trgbr;
+ uint32_t tcr;
+ uint32_t liidr;
+ uint8_t bscntr;
+
+ struct DMAChannel dma_ch[7];
+
+ qemu_irq vsync_cb;
+ int orientation;
+};
+
+typedef struct QEMU_PACKED {
+ uint32_t fdaddr;
+ uint32_t fsaddr;
+ uint32_t fidr;
+ uint32_t ldcmd;
+} PXAFrameDescriptor;
+
+#define LCCR0 0x000 /* LCD Controller Control register 0 */
+#define LCCR1 0x004 /* LCD Controller Control register 1 */
+#define LCCR2 0x008 /* LCD Controller Control register 2 */
+#define LCCR3 0x00c /* LCD Controller Control register 3 */
+#define LCCR4 0x010 /* LCD Controller Control register 4 */
+#define LCCR5 0x014 /* LCD Controller Control register 5 */
+
+#define FBR0 0x020 /* DMA Channel 0 Frame Branch register */
+#define FBR1 0x024 /* DMA Channel 1 Frame Branch register */
+#define FBR2 0x028 /* DMA Channel 2 Frame Branch register */
+#define FBR3 0x02c /* DMA Channel 3 Frame Branch register */
+#define FBR4 0x030 /* DMA Channel 4 Frame Branch register */
+#define FBR5 0x110 /* DMA Channel 5 Frame Branch register */
+#define FBR6 0x114 /* DMA Channel 6 Frame Branch register */
+
+#define LCSR1 0x034 /* LCD Controller Status register 1 */
+#define LCSR0 0x038 /* LCD Controller Status register 0 */
+#define LIIDR 0x03c /* LCD Controller Interrupt ID register */
+
+#define TRGBR 0x040 /* TMED RGB Seed register */
+#define TCR 0x044 /* TMED Control register */
+
+#define OVL1C1 0x050 /* Overlay 1 Control register 1 */
+#define OVL1C2 0x060 /* Overlay 1 Control register 2 */
+#define OVL2C1 0x070 /* Overlay 2 Control register 1 */
+#define OVL2C2 0x080 /* Overlay 2 Control register 2 */
+#define CCR 0x090 /* Cursor Control register */
+
+#define CMDCR 0x100 /* Command Control register */
+#define PRSR 0x104 /* Panel Read Status register */
+
+#define PXA_LCDDMA_CHANS 7
+#define DMA_FDADR 0x00 /* Frame Descriptor Address register */
+#define DMA_FSADR 0x04 /* Frame Source Address register */
+#define DMA_FIDR 0x08 /* Frame ID register */
+#define DMA_LDCMD 0x0c /* Command register */
+
+/* LCD Buffer Strength Control register */
+#define BSCNTR 0x04000054
+
+/* Bitfield masks */
+#define LCCR0_ENB (1 << 0)
+#define LCCR0_CMS (1 << 1)
+#define LCCR0_SDS (1 << 2)
+#define LCCR0_LDM (1 << 3)
+#define LCCR0_SOFM0 (1 << 4)
+#define LCCR0_IUM (1 << 5)
+#define LCCR0_EOFM0 (1 << 6)
+#define LCCR0_PAS (1 << 7)
+#define LCCR0_DPD (1 << 9)
+#define LCCR0_DIS (1 << 10)
+#define LCCR0_QDM (1 << 11)
+#define LCCR0_PDD (0xff << 12)
+#define LCCR0_BSM0 (1 << 20)
+#define LCCR0_OUM (1 << 21)
+#define LCCR0_LCDT (1 << 22)
+#define LCCR0_RDSTM (1 << 23)
+#define LCCR0_CMDIM (1 << 24)
+#define LCCR0_OUC (1 << 25)
+#define LCCR0_LDDALT (1 << 26)
+#define LCCR1_PPL(x) ((x) & 0x3ff)
+#define LCCR2_LPP(x) ((x) & 0x3ff)
+#define LCCR3_API (15 << 16)
+#define LCCR3_BPP(x) ((((x) >> 24) & 7) | (((x) >> 26) & 8))
+#define LCCR3_PDFOR(x) (((x) >> 30) & 3)
+#define LCCR4_K1(x) (((x) >> 0) & 7)
+#define LCCR4_K2(x) (((x) >> 3) & 7)
+#define LCCR4_K3(x) (((x) >> 6) & 7)
+#define LCCR4_PALFOR(x) (((x) >> 15) & 3)
+#define LCCR5_SOFM(ch) (1 << (ch - 1))
+#define LCCR5_EOFM(ch) (1 << (ch + 7))
+#define LCCR5_BSM(ch) (1 << (ch + 15))
+#define LCCR5_IUM(ch) (1 << (ch + 23))
+#define OVLC1_EN (1 << 31)
+#define CCR_CEN (1 << 31)
+#define FBR_BRA (1 << 0)
+#define FBR_BINT (1 << 1)
+#define FBR_SRCADDR (0xfffffff << 4)
+#define LCSR0_LDD (1 << 0)
+#define LCSR0_SOF0 (1 << 1)
+#define LCSR0_BER (1 << 2)
+#define LCSR0_ABC (1 << 3)
+#define LCSR0_IU0 (1 << 4)
+#define LCSR0_IU1 (1 << 5)
+#define LCSR0_OU (1 << 6)
+#define LCSR0_QD (1 << 7)
+#define LCSR0_EOF0 (1 << 8)
+#define LCSR0_BS0 (1 << 9)
+#define LCSR0_SINT (1 << 10)
+#define LCSR0_RDST (1 << 11)
+#define LCSR0_CMDINT (1 << 12)
+#define LCSR0_BERCH(x) (((x) & 7) << 28)
+#define LCSR1_SOF(ch) (1 << (ch - 1))
+#define LCSR1_EOF(ch) (1 << (ch + 7))
+#define LCSR1_BS(ch) (1 << (ch + 15))
+#define LCSR1_IU(ch) (1 << (ch + 23))
+#define LDCMD_LENGTH(x) ((x) & 0x001ffffc)
+#define LDCMD_EOFINT (1 << 21)
+#define LDCMD_SOFINT (1 << 22)
+#define LDCMD_PAL (1 << 26)
+
+/* Route internal interrupt lines to the global IC */
+static void pxa2xx_lcdc_int_update(PXA2xxLCDState *s)
+{
+ int level = 0;
+ level |= (s->status[0] & LCSR0_LDD) && !(s->control[0] & LCCR0_LDM);
+ level |= (s->status[0] & LCSR0_SOF0) && !(s->control[0] & LCCR0_SOFM0);
+ level |= (s->status[0] & LCSR0_IU0) && !(s->control[0] & LCCR0_IUM);
+ level |= (s->status[0] & LCSR0_IU1) && !(s->control[5] & LCCR5_IUM(1));
+ level |= (s->status[0] & LCSR0_OU) && !(s->control[0] & LCCR0_OUM);
+ level |= (s->status[0] & LCSR0_QD) && !(s->control[0] & LCCR0_QDM);
+ level |= (s->status[0] & LCSR0_EOF0) && !(s->control[0] & LCCR0_EOFM0);
+ level |= (s->status[0] & LCSR0_BS0) && !(s->control[0] & LCCR0_BSM0);
+ level |= (s->status[0] & LCSR0_RDST) && !(s->control[0] & LCCR0_RDSTM);
+ level |= (s->status[0] & LCSR0_CMDINT) && !(s->control[0] & LCCR0_CMDIM);
+ level |= (s->status[1] & ~s->control[5]);
+
+ qemu_set_irq(s->irq, !!level);
+ s->irqlevel = level;
+}
+
+/* Set Branch Status interrupt high and poke associated registers */
+static inline void pxa2xx_dma_bs_set(PXA2xxLCDState *s, int ch)
+{
+ int unmasked;
+ if (ch == 0) {
+ s->status[0] |= LCSR0_BS0;
+ unmasked = !(s->control[0] & LCCR0_BSM0);
+ } else {
+ s->status[1] |= LCSR1_BS(ch);
+ unmasked = !(s->control[5] & LCCR5_BSM(ch));
+ }
+
+ if (unmasked) {
+ if (s->irqlevel)
+ s->status[0] |= LCSR0_SINT;
+ else
+ s->liidr = s->dma_ch[ch].id;
+ }
+}
+
+/* Set Start Of Frame Status interrupt high and poke associated registers */
+static inline void pxa2xx_dma_sof_set(PXA2xxLCDState *s, int ch)
+{
+ int unmasked;
+ if (!(s->dma_ch[ch].command & LDCMD_SOFINT))
+ return;
+
+ if (ch == 0) {
+ s->status[0] |= LCSR0_SOF0;
+ unmasked = !(s->control[0] & LCCR0_SOFM0);
+ } else {
+ s->status[1] |= LCSR1_SOF(ch);
+ unmasked = !(s->control[5] & LCCR5_SOFM(ch));
+ }
+
+ if (unmasked) {
+ if (s->irqlevel)
+ s->status[0] |= LCSR0_SINT;
+ else
+ s->liidr = s->dma_ch[ch].id;
+ }
+}
+
+/* Set End Of Frame Status interrupt high and poke associated registers */
+static inline void pxa2xx_dma_eof_set(PXA2xxLCDState *s, int ch)
+{
+ int unmasked;
+ if (!(s->dma_ch[ch].command & LDCMD_EOFINT))
+ return;
+
+ if (ch == 0) {
+ s->status[0] |= LCSR0_EOF0;
+ unmasked = !(s->control[0] & LCCR0_EOFM0);
+ } else {
+ s->status[1] |= LCSR1_EOF(ch);
+ unmasked = !(s->control[5] & LCCR5_EOFM(ch));
+ }
+
+ if (unmasked) {
+ if (s->irqlevel)
+ s->status[0] |= LCSR0_SINT;
+ else
+ s->liidr = s->dma_ch[ch].id;
+ }
+}
+
+/* Set Bus Error Status interrupt high and poke associated registers */
+static inline void pxa2xx_dma_ber_set(PXA2xxLCDState *s, int ch)
+{
+ s->status[0] |= LCSR0_BERCH(ch) | LCSR0_BER;
+ if (s->irqlevel)
+ s->status[0] |= LCSR0_SINT;
+ else
+ s->liidr = s->dma_ch[ch].id;
+}
+
+/* Set Read Status interrupt high and poke associated registers */
+static inline void pxa2xx_dma_rdst_set(PXA2xxLCDState *s)
+{
+ s->status[0] |= LCSR0_RDST;
+ if (s->irqlevel && !(s->control[0] & LCCR0_RDSTM))
+ s->status[0] |= LCSR0_SINT;
+}
+
+/* Load new Frame Descriptors from DMA */
+static void pxa2xx_descriptor_load(PXA2xxLCDState *s)
+{
+ PXAFrameDescriptor desc;
+ hwaddr descptr;
+ int i;
+
+ for (i = 0; i < PXA_LCDDMA_CHANS; i ++) {
+ s->dma_ch[i].source = 0;
+
+ if (!s->dma_ch[i].up)
+ continue;
+
+ if (s->dma_ch[i].branch & FBR_BRA) {
+ descptr = s->dma_ch[i].branch & FBR_SRCADDR;
+ if (s->dma_ch[i].branch & FBR_BINT)
+ pxa2xx_dma_bs_set(s, i);
+ s->dma_ch[i].branch &= ~FBR_BRA;
+ } else
+ descptr = s->dma_ch[i].descriptor;
+
+ if (!((descptr >= PXA2XX_SDRAM_BASE && descptr +
+ sizeof(desc) <= PXA2XX_SDRAM_BASE + ram_size) ||
+ (descptr >= PXA2XX_INTERNAL_BASE && descptr + sizeof(desc) <=
+ PXA2XX_INTERNAL_BASE + PXA2XX_INTERNAL_SIZE))) {
+ continue;
+ }
+
+ cpu_physical_memory_read(descptr, &desc, sizeof(desc));
+ s->dma_ch[i].descriptor = tswap32(desc.fdaddr);
+ s->dma_ch[i].source = tswap32(desc.fsaddr);
+ s->dma_ch[i].id = tswap32(desc.fidr);
+ s->dma_ch[i].command = tswap32(desc.ldcmd);
+ }
+}
+
+static uint64_t pxa2xx_lcdc_read(void *opaque, hwaddr offset,
+ unsigned size)
+{
+ PXA2xxLCDState *s = (PXA2xxLCDState *) opaque;
+ int ch;
+
+ switch (offset) {
+ case LCCR0:
+ return s->control[0];
+ case LCCR1:
+ return s->control[1];
+ case LCCR2:
+ return s->control[2];
+ case LCCR3:
+ return s->control[3];
+ case LCCR4:
+ return s->control[4];
+ case LCCR5:
+ return s->control[5];
+
+ case OVL1C1:
+ return s->ovl1c[0];
+ case OVL1C2:
+ return s->ovl1c[1];
+ case OVL2C1:
+ return s->ovl2c[0];
+ case OVL2C2:
+ return s->ovl2c[1];
+
+ case CCR:
+ return s->ccr;
+
+ case CMDCR:
+ return s->cmdcr;
+
+ case TRGBR:
+ return s->trgbr;
+ case TCR:
+ return s->tcr;
+
+ case 0x200 ... 0x1000: /* DMA per-channel registers */
+ ch = (offset - 0x200) >> 4;
+ if (!(ch >= 0 && ch < PXA_LCDDMA_CHANS))
+ goto fail;
+
+ switch (offset & 0xf) {
+ case DMA_FDADR:
+ return s->dma_ch[ch].descriptor;
+ case DMA_FSADR:
+ return s->dma_ch[ch].source;
+ case DMA_FIDR:
+ return s->dma_ch[ch].id;
+ case DMA_LDCMD:
+ return s->dma_ch[ch].command;
+ default:
+ goto fail;
+ }
+
+ case FBR0:
+ return s->dma_ch[0].branch;
+ case FBR1:
+ return s->dma_ch[1].branch;
+ case FBR2:
+ return s->dma_ch[2].branch;
+ case FBR3:
+ return s->dma_ch[3].branch;
+ case FBR4:
+ return s->dma_ch[4].branch;
+ case FBR5:
+ return s->dma_ch[5].branch;
+ case FBR6:
+ return s->dma_ch[6].branch;
+
+ case BSCNTR:
+ return s->bscntr;
+
+ case PRSR:
+ return 0;
+
+ case LCSR0:
+ return s->status[0];
+ case LCSR1:
+ return s->status[1];
+ case LIIDR:
+ return s->liidr;
+
+ default:
+ fail:
+ hw_error("%s: Bad offset " REG_FMT "\n", __FUNCTION__, offset);
+ }
+
+ return 0;
+}
+
+static void pxa2xx_lcdc_write(void *opaque, hwaddr offset,
+ uint64_t value, unsigned size)
+{
+ PXA2xxLCDState *s = (PXA2xxLCDState *) opaque;
+ int ch;
+
+ switch (offset) {
+ case LCCR0:
+ /* ACK Quick Disable done */
+ if ((s->control[0] & LCCR0_ENB) && !(value & LCCR0_ENB))
+ s->status[0] |= LCSR0_QD;
+
+ if (!(s->control[0] & LCCR0_LCDT) && (value & LCCR0_LCDT))
+ printf("%s: internal frame buffer unsupported\n", __FUNCTION__);
+
+ if ((s->control[3] & LCCR3_API) &&
+ (value & LCCR0_ENB) && !(value & LCCR0_LCDT))
+ s->status[0] |= LCSR0_ABC;
+
+ s->control[0] = value & 0x07ffffff;
+ pxa2xx_lcdc_int_update(s);
+
+ s->dma_ch[0].up = !!(value & LCCR0_ENB);
+ s->dma_ch[1].up = (s->ovl1c[0] & OVLC1_EN) || (value & LCCR0_SDS);
+ break;
+
+ case LCCR1:
+ s->control[1] = value;
+ break;
+
+ case LCCR2:
+ s->control[2] = value;
+ break;
+
+ case LCCR3:
+ s->control[3] = value & 0xefffffff;
+ s->bpp = LCCR3_BPP(value);
+ break;
+
+ case LCCR4:
+ s->control[4] = value & 0x83ff81ff;
+ break;
+
+ case LCCR5:
+ s->control[5] = value & 0x3f3f3f3f;
+ break;
+
+ case OVL1C1:
+ if (!(s->ovl1c[0] & OVLC1_EN) && (value & OVLC1_EN))
+ printf("%s: Overlay 1 not supported\n", __FUNCTION__);
+
+ s->ovl1c[0] = value & 0x80ffffff;
+ s->dma_ch[1].up = (value & OVLC1_EN) || (s->control[0] & LCCR0_SDS);
+ break;
+
+ case OVL1C2:
+ s->ovl1c[1] = value & 0x000fffff;
+ break;
+
+ case OVL2C1:
+ if (!(s->ovl2c[0] & OVLC1_EN) && (value & OVLC1_EN))
+ printf("%s: Overlay 2 not supported\n", __FUNCTION__);
+
+ s->ovl2c[0] = value & 0x80ffffff;
+ s->dma_ch[2].up = !!(value & OVLC1_EN);
+ s->dma_ch[3].up = !!(value & OVLC1_EN);
+ s->dma_ch[4].up = !!(value & OVLC1_EN);
+ break;
+
+ case OVL2C2:
+ s->ovl2c[1] = value & 0x007fffff;
+ break;
+
+ case CCR:
+ if (!(s->ccr & CCR_CEN) && (value & CCR_CEN))
+ printf("%s: Hardware cursor unimplemented\n", __FUNCTION__);
+
+ s->ccr = value & 0x81ffffe7;
+ s->dma_ch[5].up = !!(value & CCR_CEN);
+ break;
+
+ case CMDCR:
+ s->cmdcr = value & 0xff;
+ break;
+
+ case TRGBR:
+ s->trgbr = value & 0x00ffffff;
+ break;
+
+ case TCR:
+ s->tcr = value & 0x7fff;
+ break;
+
+ case 0x200 ... 0x1000: /* DMA per-channel registers */
+ ch = (offset - 0x200) >> 4;
+ if (!(ch >= 0 && ch < PXA_LCDDMA_CHANS))
+ goto fail;
+
+ switch (offset & 0xf) {
+ case DMA_FDADR:
+ s->dma_ch[ch].descriptor = value & 0xfffffff0;
+ break;
+
+ default:
+ goto fail;
+ }
+ break;
+
+ case FBR0:
+ s->dma_ch[0].branch = value & 0xfffffff3;
+ break;
+ case FBR1:
+ s->dma_ch[1].branch = value & 0xfffffff3;
+ break;
+ case FBR2:
+ s->dma_ch[2].branch = value & 0xfffffff3;
+ break;
+ case FBR3:
+ s->dma_ch[3].branch = value & 0xfffffff3;
+ break;
+ case FBR4:
+ s->dma_ch[4].branch = value & 0xfffffff3;
+ break;
+ case FBR5:
+ s->dma_ch[5].branch = value & 0xfffffff3;
+ break;
+ case FBR6:
+ s->dma_ch[6].branch = value & 0xfffffff3;
+ break;
+
+ case BSCNTR:
+ s->bscntr = value & 0xf;
+ break;
+
+ case PRSR:
+ break;
+
+ case LCSR0:
+ s->status[0] &= ~(value & 0xfff);
+ if (value & LCSR0_BER)
+ s->status[0] &= ~LCSR0_BERCH(7);
+ break;
+
+ case LCSR1:
+ s->status[1] &= ~(value & 0x3e3f3f);
+ break;
+
+ default:
+ fail:
+ hw_error("%s: Bad offset " REG_FMT "\n", __FUNCTION__, offset);
+ }
+}
+
+static const MemoryRegionOps pxa2xx_lcdc_ops = {
+ .read = pxa2xx_lcdc_read,
+ .write = pxa2xx_lcdc_write,
+ .endianness = DEVICE_NATIVE_ENDIAN,
+};
+
+/* Load new palette for a given DMA channel, convert to internal format */
+static void pxa2xx_palette_parse(PXA2xxLCDState *s, int ch, int bpp)
+{
+ DisplaySurface *surface = qemu_console_surface(s->con);
+ int i, n, format, r, g, b, alpha;
+ uint32_t *dest;
+ uint8_t *src;
+ s->pal_for = LCCR4_PALFOR(s->control[4]);
+ format = s->pal_for;
+
+ switch (bpp) {
+ case pxa_lcdc_2bpp:
+ n = 4;
+ break;
+ case pxa_lcdc_4bpp:
+ n = 16;
+ break;
+ case pxa_lcdc_8bpp:
+ n = 256;
+ break;
+ default:
+ format = 0;
+ return;
+ }
+
+ src = (uint8_t *) s->dma_ch[ch].pbuffer;
+ dest = (uint32_t *) s->dma_ch[ch].palette;
+ alpha = r = g = b = 0;
+
+ for (i = 0; i < n; i ++) {
+ switch (format) {
+ case 0: /* 16 bpp, no transparency */
+ alpha = 0;
+ if (s->control[0] & LCCR0_CMS) {
+ r = g = b = *(uint16_t *) src & 0xff;
+ }
+ else {
+ r = (*(uint16_t *) src & 0xf800) >> 8;
+ g = (*(uint16_t *) src & 0x07e0) >> 3;
+ b = (*(uint16_t *) src & 0x001f) << 3;
+ }
+ src += 2;
+ break;
+ case 1: /* 16 bpp plus transparency */
+ alpha = *(uint16_t *) src & (1 << 24);
+ if (s->control[0] & LCCR0_CMS)
+ r = g = b = *(uint16_t *) src & 0xff;
+ else {
+ r = (*(uint16_t *) src & 0xf800) >> 8;
+ g = (*(uint16_t *) src & 0x07e0) >> 3;
+ b = (*(uint16_t *) src & 0x001f) << 3;
+ }
+ src += 2;
+ break;
+ case 2: /* 18 bpp plus transparency */
+ alpha = *(uint32_t *) src & (1 << 24);
+ if (s->control[0] & LCCR0_CMS)
+ r = g = b = *(uint32_t *) src & 0xff;
+ else {
+ r = (*(uint32_t *) src & 0xf80000) >> 16;
+ g = (*(uint32_t *) src & 0x00fc00) >> 8;
+ b = (*(uint32_t *) src & 0x0000f8);
+ }
+ src += 4;
+ break;
+ case 3: /* 24 bpp plus transparency */
+ alpha = *(uint32_t *) src & (1 << 24);
+ if (s->control[0] & LCCR0_CMS)
+ r = g = b = *(uint32_t *) src & 0xff;
+ else {
+ r = (*(uint32_t *) src & 0xff0000) >> 16;
+ g = (*(uint32_t *) src & 0x00ff00) >> 8;
+ b = (*(uint32_t *) src & 0x0000ff);
+ }
+ src += 4;
+ break;
+ }
+ switch (surface_bits_per_pixel(surface)) {
+ case 8:
+ *dest = rgb_to_pixel8(r, g, b) | alpha;
+ break;
+ case 15:
+ *dest = rgb_to_pixel15(r, g, b) | alpha;
+ break;
+ case 16:
+ *dest = rgb_to_pixel16(r, g, b) | alpha;
+ break;
+ case 24:
+ *dest = rgb_to_pixel24(r, g, b) | alpha;
+ break;
+ case 32:
+ *dest = rgb_to_pixel32(r, g, b) | alpha;
+ break;
+ }
+ dest ++;
+ }
+}
+
+static void pxa2xx_lcdc_dma0_redraw_rot0(PXA2xxLCDState *s,
+ hwaddr addr, int *miny, int *maxy)
+{
+ DisplaySurface *surface = qemu_console_surface(s->con);
+ int src_width, dest_width;
+ drawfn fn = NULL;
+ if (s->dest_width)
+ fn = s->line_fn[s->transp][s->bpp];
+ if (!fn)
+ return;
+
+ src_width = (s->xres + 3) & ~3; /* Pad to a 4 pixels multiple */
+ if (s->bpp == pxa_lcdc_19pbpp || s->bpp == pxa_lcdc_18pbpp)
+ src_width *= 3;
+ else if (s->bpp > pxa_lcdc_16bpp)
+ src_width *= 4;
+ else if (s->bpp > pxa_lcdc_8bpp)
+ src_width *= 2;
+
+ dest_width = s->xres * s->dest_width;
+ *miny = 0;
+ framebuffer_update_display(surface, s->sysmem,
+ addr, s->xres, s->yres,
+ src_width, dest_width, s->dest_width,
+ s->invalidated,
+ fn, s->dma_ch[0].palette, miny, maxy);
+}
+
+static void pxa2xx_lcdc_dma0_redraw_rot90(PXA2xxLCDState *s,
+ hwaddr addr, int *miny, int *maxy)
+{
+ DisplaySurface *surface = qemu_console_surface(s->con);
+ int src_width, dest_width;
+ drawfn fn = NULL;
+ if (s->dest_width)
+ fn = s->line_fn[s->transp][s->bpp];
+ if (!fn)
+ return;
+
+ src_width = (s->xres + 3) & ~3; /* Pad to a 4 pixels multiple */
+ if (s->bpp == pxa_lcdc_19pbpp || s->bpp == pxa_lcdc_18pbpp)
+ src_width *= 3;
+ else if (s->bpp > pxa_lcdc_16bpp)
+ src_width *= 4;
+ else if (s->bpp > pxa_lcdc_8bpp)
+ src_width *= 2;
+
+ dest_width = s->yres * s->dest_width;
+ *miny = 0;
+ framebuffer_update_display(surface, s->sysmem,
+ addr, s->xres, s->yres,
+ src_width, s->dest_width, -dest_width,
+ s->invalidated,
+ fn, s->dma_ch[0].palette,
+ miny, maxy);
+}
+
+static void pxa2xx_lcdc_dma0_redraw_rot180(PXA2xxLCDState *s,
+ hwaddr addr, int *miny, int *maxy)
+{
+ DisplaySurface *surface = qemu_console_surface(s->con);
+ int src_width, dest_width;
+ drawfn fn = NULL;
+ if (s->dest_width) {
+ fn = s->line_fn[s->transp][s->bpp];
+ }
+ if (!fn) {
+ return;
+ }
+
+ src_width = (s->xres + 3) & ~3; /* Pad to a 4 pixels multiple */
+ if (s->bpp == pxa_lcdc_19pbpp || s->bpp == pxa_lcdc_18pbpp) {
+ src_width *= 3;
+ } else if (s->bpp > pxa_lcdc_16bpp) {
+ src_width *= 4;
+ } else if (s->bpp > pxa_lcdc_8bpp) {
+ src_width *= 2;
+ }
+
+ dest_width = s->xres * s->dest_width;
+ *miny = 0;
+ framebuffer_update_display(surface, s->sysmem,
+ addr, s->xres, s->yres,
+ src_width, -dest_width, -s->dest_width,
+ s->invalidated,
+ fn, s->dma_ch[0].palette, miny, maxy);
+}
+
+static void pxa2xx_lcdc_dma0_redraw_rot270(PXA2xxLCDState *s,
+ hwaddr addr, int *miny, int *maxy)
+{
+ DisplaySurface *surface = qemu_console_surface(s->con);
+ int src_width, dest_width;
+ drawfn fn = NULL;
+ if (s->dest_width) {
+ fn = s->line_fn[s->transp][s->bpp];
+ }
+ if (!fn) {
+ return;
+ }
+
+ src_width = (s->xres + 3) & ~3; /* Pad to a 4 pixels multiple */
+ if (s->bpp == pxa_lcdc_19pbpp || s->bpp == pxa_lcdc_18pbpp) {
+ src_width *= 3;
+ } else if (s->bpp > pxa_lcdc_16bpp) {
+ src_width *= 4;
+ } else if (s->bpp > pxa_lcdc_8bpp) {
+ src_width *= 2;
+ }
+
+ dest_width = s->yres * s->dest_width;
+ *miny = 0;
+ framebuffer_update_display(surface, s->sysmem,
+ addr, s->xres, s->yres,
+ src_width, -s->dest_width, dest_width,
+ s->invalidated,
+ fn, s->dma_ch[0].palette,
+ miny, maxy);
+}
+
+static void pxa2xx_lcdc_resize(PXA2xxLCDState *s)
+{
+ int width, height;
+ if (!(s->control[0] & LCCR0_ENB))
+ return;
+
+ width = LCCR1_PPL(s->control[1]) + 1;
+ height = LCCR2_LPP(s->control[2]) + 1;
+
+ if (width != s->xres || height != s->yres) {
+ if (s->orientation == 90 || s->orientation == 270) {
+ qemu_console_resize(s->con, height, width);
+ } else {
+ qemu_console_resize(s->con, width, height);
+ }
+ s->invalidated = 1;
+ s->xres = width;
+ s->yres = height;
+ }
+}
+
+static void pxa2xx_update_display(void *opaque)
+{
+ PXA2xxLCDState *s = (PXA2xxLCDState *) opaque;
+ hwaddr fbptr;
+ int miny, maxy;
+ int ch;
+ if (!(s->control[0] & LCCR0_ENB))
+ return;
+
+ pxa2xx_descriptor_load(s);
+
+ pxa2xx_lcdc_resize(s);
+ miny = s->yres;
+ maxy = 0;
+ s->transp = s->dma_ch[2].up || s->dma_ch[3].up;
+ /* Note: With overlay planes the order depends on LCCR0 bit 25. */
+ for (ch = 0; ch < PXA_LCDDMA_CHANS; ch ++)
+ if (s->dma_ch[ch].up) {
+ if (!s->dma_ch[ch].source) {
+ pxa2xx_dma_ber_set(s, ch);
+ continue;
+ }
+ fbptr = s->dma_ch[ch].source;
+ if (!((fbptr >= PXA2XX_SDRAM_BASE &&
+ fbptr <= PXA2XX_SDRAM_BASE + ram_size) ||
+ (fbptr >= PXA2XX_INTERNAL_BASE &&
+ fbptr <= PXA2XX_INTERNAL_BASE + PXA2XX_INTERNAL_SIZE))) {
+ pxa2xx_dma_ber_set(s, ch);
+ continue;
+ }
+
+ if (s->dma_ch[ch].command & LDCMD_PAL) {
+ cpu_physical_memory_read(fbptr, s->dma_ch[ch].pbuffer,
+ MAX(LDCMD_LENGTH(s->dma_ch[ch].command),
+ sizeof(s->dma_ch[ch].pbuffer)));
+ pxa2xx_palette_parse(s, ch, s->bpp);
+ } else {
+ /* Do we need to reparse palette */
+ if (LCCR4_PALFOR(s->control[4]) != s->pal_for)
+ pxa2xx_palette_parse(s, ch, s->bpp);
+
+ /* ACK frame start */
+ pxa2xx_dma_sof_set(s, ch);
+
+ s->dma_ch[ch].redraw(s, fbptr, &miny, &maxy);
+ s->invalidated = 0;
+
+ /* ACK frame completed */
+ pxa2xx_dma_eof_set(s, ch);
+ }
+ }
+
+ if (s->control[0] & LCCR0_DIS) {
+ /* ACK last frame completed */
+ s->control[0] &= ~LCCR0_ENB;
+ s->status[0] |= LCSR0_LDD;
+ }
+
+ if (miny >= 0) {
+ switch (s->orientation) {
+ case 0:
+ dpy_gfx_update(s->con, 0, miny, s->xres, maxy - miny + 1);
+ break;
+ case 90:
+ dpy_gfx_update(s->con, miny, 0, maxy - miny + 1, s->xres);
+ break;
+ case 180:
+ maxy = s->yres - maxy - 1;
+ miny = s->yres - miny - 1;
+ dpy_gfx_update(s->con, 0, maxy, s->xres, miny - maxy + 1);
+ break;
+ case 270:
+ maxy = s->yres - maxy - 1;
+ miny = s->yres - miny - 1;
+ dpy_gfx_update(s->con, maxy, 0, miny - maxy + 1, s->xres);
+ break;
+ }
+ }
+ pxa2xx_lcdc_int_update(s);
+
+ qemu_irq_raise(s->vsync_cb);
+}
+
+static void pxa2xx_invalidate_display(void *opaque)
+{
+ PXA2xxLCDState *s = (PXA2xxLCDState *) opaque;
+ s->invalidated = 1;
+}
+
+static void pxa2xx_lcdc_orientation(void *opaque, int angle)
+{
+ PXA2xxLCDState *s = (PXA2xxLCDState *) opaque;
+
+ switch (angle) {
+ case 0:
+ s->dma_ch[0].redraw = pxa2xx_lcdc_dma0_redraw_rot0;
+ break;
+ case 90:
+ s->dma_ch[0].redraw = pxa2xx_lcdc_dma0_redraw_rot90;
+ break;
+ case 180:
+ s->dma_ch[0].redraw = pxa2xx_lcdc_dma0_redraw_rot180;
+ break;
+ case 270:
+ s->dma_ch[0].redraw = pxa2xx_lcdc_dma0_redraw_rot270;
+ break;
+ }
+
+ s->orientation = angle;
+ s->xres = s->yres = -1;
+ pxa2xx_lcdc_resize(s);
+}
+
+static const VMStateDescription vmstate_dma_channel = {
+ .name = "dma_channel",
+ .version_id = 0,
+ .minimum_version_id = 0,
+ .minimum_version_id_old = 0,
+ .fields = (VMStateField[]) {
+ VMSTATE_UINT32(branch, struct DMAChannel),
+ VMSTATE_UINT8(up, struct DMAChannel),
+ VMSTATE_BUFFER(pbuffer, struct DMAChannel),
+ VMSTATE_UINT32(descriptor, struct DMAChannel),
+ VMSTATE_UINT32(source, struct DMAChannel),
+ VMSTATE_UINT32(id, struct DMAChannel),
+ VMSTATE_UINT32(command, struct DMAChannel),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+static int pxa2xx_lcdc_post_load(void *opaque, int version_id)
+{
+ PXA2xxLCDState *s = opaque;
+
+ s->bpp = LCCR3_BPP(s->control[3]);
+ s->xres = s->yres = s->pal_for = -1;
+
+ return 0;
+}
+
+static const VMStateDescription vmstate_pxa2xx_lcdc = {
+ .name = "pxa2xx_lcdc",
+ .version_id = 0,
+ .minimum_version_id = 0,
+ .minimum_version_id_old = 0,
+ .post_load = pxa2xx_lcdc_post_load,
+ .fields = (VMStateField[]) {
+ VMSTATE_INT32(irqlevel, PXA2xxLCDState),
+ VMSTATE_INT32(transp, PXA2xxLCDState),
+ VMSTATE_UINT32_ARRAY(control, PXA2xxLCDState, 6),
+ VMSTATE_UINT32_ARRAY(status, PXA2xxLCDState, 2),
+ VMSTATE_UINT32_ARRAY(ovl1c, PXA2xxLCDState, 2),
+ VMSTATE_UINT32_ARRAY(ovl2c, PXA2xxLCDState, 2),
+ VMSTATE_UINT32(ccr, PXA2xxLCDState),
+ VMSTATE_UINT32(cmdcr, PXA2xxLCDState),
+ VMSTATE_UINT32(trgbr, PXA2xxLCDState),
+ VMSTATE_UINT32(tcr, PXA2xxLCDState),
+ VMSTATE_UINT32(liidr, PXA2xxLCDState),
+ VMSTATE_UINT8(bscntr, PXA2xxLCDState),
+ VMSTATE_STRUCT_ARRAY(dma_ch, PXA2xxLCDState, 7, 0,
+ vmstate_dma_channel, struct DMAChannel),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+#define BITS 8
+#include "pxa2xx_template.h"
+#define BITS 15
+#include "pxa2xx_template.h"
+#define BITS 16
+#include "pxa2xx_template.h"
+#define BITS 24
+#include "pxa2xx_template.h"
+#define BITS 32
+#include "pxa2xx_template.h"
+
+static const GraphicHwOps pxa2xx_ops = {
+ .invalidate = pxa2xx_invalidate_display,
+ .gfx_update = pxa2xx_update_display,
+};
+
+PXA2xxLCDState *pxa2xx_lcdc_init(MemoryRegion *sysmem,
+ hwaddr base, qemu_irq irq)
+{
+ PXA2xxLCDState *s;
+ DisplaySurface *surface;
+
+ s = (PXA2xxLCDState *) g_malloc0(sizeof(PXA2xxLCDState));
+ s->invalidated = 1;
+ s->irq = irq;
+ s->sysmem = sysmem;
+
+ pxa2xx_lcdc_orientation(s, graphic_rotate);
+
+ memory_region_init_io(&s->iomem, NULL, &pxa2xx_lcdc_ops, s,
+ "pxa2xx-lcd-controller", 0x00100000);
+ memory_region_add_subregion(sysmem, base, &s->iomem);
+
+ s->con = graphic_console_init(NULL, &pxa2xx_ops, s);
+ surface = qemu_console_surface(s->con);
+
+ switch (surface_bits_per_pixel(surface)) {
+ case 0:
+ s->dest_width = 0;
+ break;
+ case 8:
+ s->line_fn[0] = pxa2xx_draw_fn_8;
+ s->line_fn[1] = pxa2xx_draw_fn_8t;
+ s->dest_width = 1;
+ break;
+ case 15:
+ s->line_fn[0] = pxa2xx_draw_fn_15;
+ s->line_fn[1] = pxa2xx_draw_fn_15t;
+ s->dest_width = 2;
+ break;
+ case 16:
+ s->line_fn[0] = pxa2xx_draw_fn_16;
+ s->line_fn[1] = pxa2xx_draw_fn_16t;
+ s->dest_width = 2;
+ break;
+ case 24:
+ s->line_fn[0] = pxa2xx_draw_fn_24;
+ s->line_fn[1] = pxa2xx_draw_fn_24t;
+ s->dest_width = 3;
+ break;
+ case 32:
+ s->line_fn[0] = pxa2xx_draw_fn_32;
+ s->line_fn[1] = pxa2xx_draw_fn_32t;
+ s->dest_width = 4;
+ break;
+ default:
+ fprintf(stderr, "%s: Bad color depth\n", __FUNCTION__);
+ exit(1);
+ }
+
+ vmstate_register(NULL, 0, &vmstate_pxa2xx_lcdc, s);
+
+ return s;
+}
+
+void pxa2xx_lcd_vsync_notifier(PXA2xxLCDState *s, qemu_irq handler)
+{
+ s->vsync_cb = handler;
+}
diff --git a/hw/pxa2xx_template.h b/hw/display/pxa2xx_template.h
index 1cbe36cb8..1cbe36cb8 100644
--- a/hw/pxa2xx_template.h
+++ b/hw/display/pxa2xx_template.h
diff --git a/hw/display/qxl-logger.c b/hw/display/qxl-logger.c
new file mode 100644
index 000000000..3cd85d9b9
--- /dev/null
+++ b/hw/display/qxl-logger.c
@@ -0,0 +1,275 @@
+/*
+ * qxl command logging -- for debug purposes
+ *
+ * Copyright (C) 2010 Red Hat, Inc.
+ *
+ * maintained by Gerd Hoffmann <kraxel@redhat.com>
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License as
+ * published by the Free Software Foundation; either version 2 or
+ * (at your option) version 3 of the License.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "qemu/timer.h"
+#include "qxl.h"
+
+static const char *qxl_type[] = {
+ [ QXL_CMD_NOP ] = "nop",
+ [ QXL_CMD_DRAW ] = "draw",
+ [ QXL_CMD_UPDATE ] = "update",
+ [ QXL_CMD_CURSOR ] = "cursor",
+ [ QXL_CMD_MESSAGE ] = "message",
+ [ QXL_CMD_SURFACE ] = "surface",
+};
+
+static const char *qxl_draw_type[] = {
+ [ QXL_DRAW_NOP ] = "nop",
+ [ QXL_DRAW_FILL ] = "fill",
+ [ QXL_DRAW_OPAQUE ] = "opaque",
+ [ QXL_DRAW_COPY ] = "copy",
+ [ QXL_COPY_BITS ] = "copy-bits",
+ [ QXL_DRAW_BLEND ] = "blend",
+ [ QXL_DRAW_BLACKNESS ] = "blackness",
+ [ QXL_DRAW_WHITENESS ] = "whitemess",
+ [ QXL_DRAW_INVERS ] = "invers",
+ [ QXL_DRAW_ROP3 ] = "rop3",
+ [ QXL_DRAW_STROKE ] = "stroke",
+ [ QXL_DRAW_TEXT ] = "text",
+ [ QXL_DRAW_TRANSPARENT ] = "transparent",
+ [ QXL_DRAW_ALPHA_BLEND ] = "alpha-blend",
+};
+
+static const char *qxl_draw_effect[] = {
+ [ QXL_EFFECT_BLEND ] = "blend",
+ [ QXL_EFFECT_OPAQUE ] = "opaque",
+ [ QXL_EFFECT_REVERT_ON_DUP ] = "revert-on-dup",
+ [ QXL_EFFECT_BLACKNESS_ON_DUP ] = "blackness-on-dup",
+ [ QXL_EFFECT_WHITENESS_ON_DUP ] = "whiteness-on-dup",
+ [ QXL_EFFECT_NOP_ON_DUP ] = "nop-on-dup",
+ [ QXL_EFFECT_NOP ] = "nop",
+ [ QXL_EFFECT_OPAQUE_BRUSH ] = "opaque-brush",
+};
+
+static const char *qxl_surface_cmd[] = {
+ [ QXL_SURFACE_CMD_CREATE ] = "create",
+ [ QXL_SURFACE_CMD_DESTROY ] = "destroy",
+};
+
+static const char *spice_surface_fmt[] = {
+ [ SPICE_SURFACE_FMT_INVALID ] = "invalid",
+ [ SPICE_SURFACE_FMT_1_A ] = "alpha/1",
+ [ SPICE_SURFACE_FMT_8_A ] = "alpha/8",
+ [ SPICE_SURFACE_FMT_16_555 ] = "555/16",
+ [ SPICE_SURFACE_FMT_16_565 ] = "565/16",
+ [ SPICE_SURFACE_FMT_32_xRGB ] = "xRGB/32",
+ [ SPICE_SURFACE_FMT_32_ARGB ] = "ARGB/32",
+};
+
+static const char *qxl_cursor_cmd[] = {
+ [ QXL_CURSOR_SET ] = "set",
+ [ QXL_CURSOR_MOVE ] = "move",
+ [ QXL_CURSOR_HIDE ] = "hide",
+ [ QXL_CURSOR_TRAIL ] = "trail",
+};
+
+static const char *spice_cursor_type[] = {
+ [ SPICE_CURSOR_TYPE_ALPHA ] = "alpha",
+ [ SPICE_CURSOR_TYPE_MONO ] = "mono",
+ [ SPICE_CURSOR_TYPE_COLOR4 ] = "color4",
+ [ SPICE_CURSOR_TYPE_COLOR8 ] = "color8",
+ [ SPICE_CURSOR_TYPE_COLOR16 ] = "color16",
+ [ SPICE_CURSOR_TYPE_COLOR24 ] = "color24",
+ [ SPICE_CURSOR_TYPE_COLOR32 ] = "color32",
+};
+
+static const char *qxl_v2n(const char *n[], size_t l, int v)
+{
+ if (v >= l || !n[v]) {
+ return "???";
+ }
+ return n[v];
+}
+#define qxl_name(_list, _value) qxl_v2n(_list, ARRAY_SIZE(_list), _value)
+
+static int qxl_log_image(PCIQXLDevice *qxl, QXLPHYSICAL addr, int group_id)
+{
+ QXLImage *image;
+ QXLImageDescriptor *desc;
+
+ image = qxl_phys2virt(qxl, addr, group_id);
+ if (!image) {
+ return 1;
+ }
+ desc = &image->descriptor;
+ fprintf(stderr, " (id %" PRIx64 " type %d flags %d width %d height %d",
+ desc->id, desc->type, desc->flags, desc->width, desc->height);
+ switch (desc->type) {
+ case SPICE_IMAGE_TYPE_BITMAP:
+ fprintf(stderr, ", fmt %d flags %d x %d y %d stride %d"
+ " palette %" PRIx64 " data %" PRIx64,
+ image->bitmap.format, image->bitmap.flags,
+ image->bitmap.x, image->bitmap.y,
+ image->bitmap.stride,
+ image->bitmap.palette, image->bitmap.data);
+ break;
+ }
+ fprintf(stderr, ")");
+ return 0;
+}
+
+static void qxl_log_rect(QXLRect *rect)
+{
+ fprintf(stderr, " %dx%d+%d+%d",
+ rect->right - rect->left,
+ rect->bottom - rect->top,
+ rect->left, rect->top);
+}
+
+static int qxl_log_cmd_draw_copy(PCIQXLDevice *qxl, QXLCopy *copy,
+ int group_id)
+{
+ int ret;
+
+ fprintf(stderr, " src %" PRIx64,
+ copy->src_bitmap);
+ ret = qxl_log_image(qxl, copy->src_bitmap, group_id);
+ if (ret != 0) {
+ return ret;
+ }
+ fprintf(stderr, " area");
+ qxl_log_rect(&copy->src_area);
+ fprintf(stderr, " rop %d", copy->rop_descriptor);
+ return 0;
+}
+
+static int qxl_log_cmd_draw(PCIQXLDevice *qxl, QXLDrawable *draw, int group_id)
+{
+ fprintf(stderr, ": surface_id %d type %s effect %s",
+ draw->surface_id,
+ qxl_name(qxl_draw_type, draw->type),
+ qxl_name(qxl_draw_effect, draw->effect));
+ switch (draw->type) {
+ case QXL_DRAW_COPY:
+ return qxl_log_cmd_draw_copy(qxl, &draw->u.copy, group_id);
+ break;
+ }
+ return 0;
+}
+
+static int qxl_log_cmd_draw_compat(PCIQXLDevice *qxl, QXLCompatDrawable *draw,
+ int group_id)
+{
+ fprintf(stderr, ": type %s effect %s",
+ qxl_name(qxl_draw_type, draw->type),
+ qxl_name(qxl_draw_effect, draw->effect));
+ if (draw->bitmap_offset) {
+ fprintf(stderr, ": bitmap %d",
+ draw->bitmap_offset);
+ qxl_log_rect(&draw->bitmap_area);
+ }
+ switch (draw->type) {
+ case QXL_DRAW_COPY:
+ return qxl_log_cmd_draw_copy(qxl, &draw->u.copy, group_id);
+ break;
+ }
+ return 0;
+}
+
+static void qxl_log_cmd_surface(PCIQXLDevice *qxl, QXLSurfaceCmd *cmd)
+{
+ fprintf(stderr, ": %s id %d",
+ qxl_name(qxl_surface_cmd, cmd->type),
+ cmd->surface_id);
+ if (cmd->type == QXL_SURFACE_CMD_CREATE) {
+ fprintf(stderr, " size %dx%d stride %d format %s (count %d, max %d)",
+ cmd->u.surface_create.width,
+ cmd->u.surface_create.height,
+ cmd->u.surface_create.stride,
+ qxl_name(spice_surface_fmt, cmd->u.surface_create.format),
+ qxl->guest_surfaces.count, qxl->guest_surfaces.max);
+ }
+ if (cmd->type == QXL_SURFACE_CMD_DESTROY) {
+ fprintf(stderr, " (count %d)", qxl->guest_surfaces.count);
+ }
+}
+
+int qxl_log_cmd_cursor(PCIQXLDevice *qxl, QXLCursorCmd *cmd, int group_id)
+{
+ QXLCursor *cursor;
+
+ fprintf(stderr, ": %s",
+ qxl_name(qxl_cursor_cmd, cmd->type));
+ switch (cmd->type) {
+ case QXL_CURSOR_SET:
+ fprintf(stderr, " +%d+%d visible %s, shape @ 0x%" PRIx64,
+ cmd->u.set.position.x,
+ cmd->u.set.position.y,
+ cmd->u.set.visible ? "yes" : "no",
+ cmd->u.set.shape);
+ cursor = qxl_phys2virt(qxl, cmd->u.set.shape, group_id);
+ if (!cursor) {
+ return 1;
+ }
+ fprintf(stderr, " type %s size %dx%d hot-spot +%d+%d"
+ " unique 0x%" PRIx64 " data-size %d",
+ qxl_name(spice_cursor_type, cursor->header.type),
+ cursor->header.width, cursor->header.height,
+ cursor->header.hot_spot_x, cursor->header.hot_spot_y,
+ cursor->header.unique, cursor->data_size);
+ break;
+ case QXL_CURSOR_MOVE:
+ fprintf(stderr, " +%d+%d", cmd->u.position.x, cmd->u.position.y);
+ break;
+ }
+ return 0;
+}
+
+int qxl_log_command(PCIQXLDevice *qxl, const char *ring, QXLCommandExt *ext)
+{
+ bool compat = ext->flags & QXL_COMMAND_FLAG_COMPAT;
+ void *data;
+ int ret;
+
+ if (!qxl->cmdlog) {
+ return 0;
+ }
+ fprintf(stderr, "%" PRId64 " qxl-%d/%s:", qemu_get_clock_ns(vm_clock),
+ qxl->id, ring);
+ fprintf(stderr, " cmd @ 0x%" PRIx64 " %s%s", ext->cmd.data,
+ qxl_name(qxl_type, ext->cmd.type),
+ compat ? "(compat)" : "");
+
+ data = qxl_phys2virt(qxl, ext->cmd.data, ext->group_id);
+ if (!data) {
+ return 1;
+ }
+ switch (ext->cmd.type) {
+ case QXL_CMD_DRAW:
+ if (!compat) {
+ ret = qxl_log_cmd_draw(qxl, data, ext->group_id);
+ } else {
+ ret = qxl_log_cmd_draw_compat(qxl, data, ext->group_id);
+ }
+ if (ret) {
+ return ret;
+ }
+ break;
+ case QXL_CMD_SURFACE:
+ qxl_log_cmd_surface(qxl, data);
+ break;
+ case QXL_CMD_CURSOR:
+ qxl_log_cmd_cursor(qxl, data, ext->group_id);
+ break;
+ }
+ fprintf(stderr, "\n");
+ return 0;
+}
diff --git a/hw/display/qxl-render.c b/hw/display/qxl-render.c
new file mode 100644
index 000000000..269b1a756
--- /dev/null
+++ b/hw/display/qxl-render.c
@@ -0,0 +1,280 @@
+/*
+ * qxl local rendering (aka display on sdl/vnc)
+ *
+ * Copyright (C) 2010 Red Hat, Inc.
+ *
+ * maintained by Gerd Hoffmann <kraxel@redhat.com>
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License as
+ * published by the Free Software Foundation; either version 2 or
+ * (at your option) version 3 of the License.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "qxl.h"
+
+static void qxl_blit(PCIQXLDevice *qxl, QXLRect *rect)
+{
+ DisplaySurface *surface = qemu_console_surface(qxl->vga.con);
+ uint8_t *dst = surface_data(surface);
+ uint8_t *src;
+ int len, i;
+
+ if (is_buffer_shared(surface)) {
+ return;
+ }
+ if (!qxl->guest_primary.data) {
+ trace_qxl_render_blit_guest_primary_initialized();
+ qxl->guest_primary.data = memory_region_get_ram_ptr(&qxl->vga.vram);
+ }
+ trace_qxl_render_blit(qxl->guest_primary.qxl_stride,
+ rect->left, rect->right, rect->top, rect->bottom);
+ src = qxl->guest_primary.data;
+ if (qxl->guest_primary.qxl_stride < 0) {
+ /* qxl surface is upside down, walk src scanlines
+ * in reverse order to flip it */
+ src += (qxl->guest_primary.surface.height - rect->top - 1) *
+ qxl->guest_primary.abs_stride;
+ } else {
+ src += rect->top * qxl->guest_primary.abs_stride;
+ }
+ dst += rect->top * qxl->guest_primary.abs_stride;
+ src += rect->left * qxl->guest_primary.bytes_pp;
+ dst += rect->left * qxl->guest_primary.bytes_pp;
+ len = (rect->right - rect->left) * qxl->guest_primary.bytes_pp;
+
+ for (i = rect->top; i < rect->bottom; i++) {
+ memcpy(dst, src, len);
+ dst += qxl->guest_primary.abs_stride;
+ src += qxl->guest_primary.qxl_stride;
+ }
+}
+
+void qxl_render_resize(PCIQXLDevice *qxl)
+{
+ QXLSurfaceCreate *sc = &qxl->guest_primary.surface;
+
+ qxl->guest_primary.qxl_stride = sc->stride;
+ qxl->guest_primary.abs_stride = abs(sc->stride);
+ qxl->guest_primary.resized++;
+ switch (sc->format) {
+ case SPICE_SURFACE_FMT_16_555:
+ qxl->guest_primary.bytes_pp = 2;
+ qxl->guest_primary.bits_pp = 15;
+ break;
+ case SPICE_SURFACE_FMT_16_565:
+ qxl->guest_primary.bytes_pp = 2;
+ qxl->guest_primary.bits_pp = 16;
+ break;
+ case SPICE_SURFACE_FMT_32_xRGB:
+ case SPICE_SURFACE_FMT_32_ARGB:
+ qxl->guest_primary.bytes_pp = 4;
+ qxl->guest_primary.bits_pp = 32;
+ break;
+ default:
+ fprintf(stderr, "%s: unhandled format: %x\n", __FUNCTION__,
+ qxl->guest_primary.surface.format);
+ qxl->guest_primary.bytes_pp = 4;
+ qxl->guest_primary.bits_pp = 32;
+ break;
+ }
+}
+
+static void qxl_set_rect_to_surface(PCIQXLDevice *qxl, QXLRect *area)
+{
+ area->left = 0;
+ area->right = qxl->guest_primary.surface.width;
+ area->top = 0;
+ area->bottom = qxl->guest_primary.surface.height;
+}
+
+static void qxl_render_update_area_unlocked(PCIQXLDevice *qxl)
+{
+ VGACommonState *vga = &qxl->vga;
+ DisplaySurface *surface;
+ int i;
+
+ if (qxl->guest_primary.resized) {
+ qxl->guest_primary.resized = 0;
+ qxl->guest_primary.data = memory_region_get_ram_ptr(&qxl->vga.vram);
+ qxl_set_rect_to_surface(qxl, &qxl->dirty[0]);
+ qxl->num_dirty_rects = 1;
+ trace_qxl_render_guest_primary_resized(
+ qxl->guest_primary.surface.width,
+ qxl->guest_primary.surface.height,
+ qxl->guest_primary.qxl_stride,
+ qxl->guest_primary.bytes_pp,
+ qxl->guest_primary.bits_pp);
+ if (qxl->guest_primary.qxl_stride > 0) {
+ surface = qemu_create_displaysurface_from
+ (qxl->guest_primary.surface.width,
+ qxl->guest_primary.surface.height,
+ qxl->guest_primary.bits_pp,
+ qxl->guest_primary.abs_stride,
+ qxl->guest_primary.data,
+ false);
+ } else {
+ surface = qemu_create_displaysurface
+ (qxl->guest_primary.surface.width,
+ qxl->guest_primary.surface.height);
+ }
+ dpy_gfx_replace_surface(vga->con, surface);
+ }
+ for (i = 0; i < qxl->num_dirty_rects; i++) {
+ if (qemu_spice_rect_is_empty(qxl->dirty+i)) {
+ break;
+ }
+ qxl_blit(qxl, qxl->dirty+i);
+ dpy_gfx_update(vga->con,
+ qxl->dirty[i].left, qxl->dirty[i].top,
+ qxl->dirty[i].right - qxl->dirty[i].left,
+ qxl->dirty[i].bottom - qxl->dirty[i].top);
+ }
+ qxl->num_dirty_rects = 0;
+}
+
+/*
+ * use ssd.lock to protect render_update_cookie_num.
+ * qxl_render_update is called by io thread or vcpu thread, and the completion
+ * callbacks are called by spice_server thread, defering to bh called from the
+ * io thread.
+ */
+void qxl_render_update(PCIQXLDevice *qxl)
+{
+ QXLCookie *cookie;
+
+ qemu_mutex_lock(&qxl->ssd.lock);
+
+ if (!runstate_is_running() || !qxl->guest_primary.commands) {
+ qxl_render_update_area_unlocked(qxl);
+ qemu_mutex_unlock(&qxl->ssd.lock);
+ return;
+ }
+
+ qxl->guest_primary.commands = 0;
+ qxl->render_update_cookie_num++;
+ qemu_mutex_unlock(&qxl->ssd.lock);
+ cookie = qxl_cookie_new(QXL_COOKIE_TYPE_RENDER_UPDATE_AREA,
+ 0);
+ qxl_set_rect_to_surface(qxl, &cookie->u.render.area);
+ qxl_spice_update_area(qxl, 0, &cookie->u.render.area, NULL,
+ 0, 1 /* clear_dirty_region */, QXL_ASYNC, cookie);
+}
+
+void qxl_render_update_area_bh(void *opaque)
+{
+ PCIQXLDevice *qxl = opaque;
+
+ qemu_mutex_lock(&qxl->ssd.lock);
+ qxl_render_update_area_unlocked(qxl);
+ qemu_mutex_unlock(&qxl->ssd.lock);
+}
+
+void qxl_render_update_area_done(PCIQXLDevice *qxl, QXLCookie *cookie)
+{
+ qemu_mutex_lock(&qxl->ssd.lock);
+ trace_qxl_render_update_area_done(cookie);
+ qemu_bh_schedule(qxl->update_area_bh);
+ qxl->render_update_cookie_num--;
+ qemu_mutex_unlock(&qxl->ssd.lock);
+ g_free(cookie);
+}
+
+static QEMUCursor *qxl_cursor(PCIQXLDevice *qxl, QXLCursor *cursor)
+{
+ QEMUCursor *c;
+ uint8_t *image, *mask;
+ size_t size;
+
+ c = cursor_alloc(cursor->header.width, cursor->header.height);
+ c->hot_x = cursor->header.hot_spot_x;
+ c->hot_y = cursor->header.hot_spot_y;
+ switch (cursor->header.type) {
+ case SPICE_CURSOR_TYPE_ALPHA:
+ size = sizeof(uint32_t) * cursor->header.width * cursor->header.height;
+ memcpy(c->data, cursor->chunk.data, size);
+ if (qxl->debug > 2) {
+ cursor_print_ascii_art(c, "qxl/alpha");
+ }
+ break;
+ case SPICE_CURSOR_TYPE_MONO:
+ mask = cursor->chunk.data;
+ image = mask + cursor_get_mono_bpl(c) * c->width;
+ cursor_set_mono(c, 0xffffff, 0x000000, image, 1, mask);
+ if (qxl->debug > 2) {
+ cursor_print_ascii_art(c, "qxl/mono");
+ }
+ break;
+ default:
+ fprintf(stderr, "%s: not implemented: type %d\n",
+ __FUNCTION__, cursor->header.type);
+ goto fail;
+ }
+ return c;
+
+fail:
+ cursor_put(c);
+ return NULL;
+}
+
+
+/* called from spice server thread context only */
+int qxl_render_cursor(PCIQXLDevice *qxl, QXLCommandExt *ext)
+{
+ QXLCursorCmd *cmd = qxl_phys2virt(qxl, ext->cmd.data, ext->group_id);
+ QXLCursor *cursor;
+ QEMUCursor *c;
+
+ if (!cmd) {
+ return 1;
+ }
+
+ if (!dpy_cursor_define_supported(qxl->vga.con)) {
+ return 0;
+ }
+
+ if (qxl->debug > 1 && cmd->type != QXL_CURSOR_MOVE) {
+ fprintf(stderr, "%s", __FUNCTION__);
+ qxl_log_cmd_cursor(qxl, cmd, ext->group_id);
+ fprintf(stderr, "\n");
+ }
+ switch (cmd->type) {
+ case QXL_CURSOR_SET:
+ cursor = qxl_phys2virt(qxl, cmd->u.set.shape, ext->group_id);
+ if (!cursor) {
+ return 1;
+ }
+ if (cursor->chunk.data_size != cursor->data_size) {
+ fprintf(stderr, "%s: multiple chunks\n", __FUNCTION__);
+ return 1;
+ }
+ c = qxl_cursor(qxl, cursor);
+ if (c == NULL) {
+ c = cursor_builtin_left_ptr();
+ }
+ qemu_mutex_lock(&qxl->ssd.lock);
+ if (qxl->ssd.cursor) {
+ cursor_put(qxl->ssd.cursor);
+ }
+ qxl->ssd.cursor = c;
+ qxl->ssd.mouse_x = cmd->u.set.position.x;
+ qxl->ssd.mouse_y = cmd->u.set.position.y;
+ qemu_mutex_unlock(&qxl->ssd.lock);
+ break;
+ case QXL_CURSOR_MOVE:
+ qemu_mutex_lock(&qxl->ssd.lock);
+ qxl->ssd.mouse_x = cmd->u.position.x;
+ qxl->ssd.mouse_y = cmd->u.position.y;
+ qemu_mutex_unlock(&qxl->ssd.lock);
+ break;
+ }
+ return 0;
+}
diff --git a/hw/display/qxl.c b/hw/display/qxl.c
new file mode 100644
index 000000000..c5370575e
--- /dev/null
+++ b/hw/display/qxl.c
@@ -0,0 +1,2369 @@
+/*
+ * Copyright (C) 2010 Red Hat, Inc.
+ *
+ * written by Yaniv Kamay, Izik Eidus, Gerd Hoffmann
+ * maintained by Gerd Hoffmann <kraxel@redhat.com>
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License as
+ * published by the Free Software Foundation; either version 2 or
+ * (at your option) version 3 of the License.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <zlib.h>
+
+#include "qemu-common.h"
+#include "qemu/timer.h"
+#include "qemu/queue.h"
+#include "qemu/atomic.h"
+#include "monitor/monitor.h"
+#include "sysemu/sysemu.h"
+#include "trace.h"
+
+#include "qxl.h"
+
+/*
+ * NOTE: SPICE_RING_PROD_ITEM accesses memory on the pci bar and as
+ * such can be changed by the guest, so to avoid a guest trigerrable
+ * abort we just qxl_set_guest_bug and set the return to NULL. Still
+ * it may happen as a result of emulator bug as well.
+ */
+#undef SPICE_RING_PROD_ITEM
+#define SPICE_RING_PROD_ITEM(qxl, r, ret) { \
+ uint32_t prod = (r)->prod & SPICE_RING_INDEX_MASK(r); \
+ if (prod >= ARRAY_SIZE((r)->items)) { \
+ qxl_set_guest_bug(qxl, "SPICE_RING_PROD_ITEM indices mismatch " \
+ "%u >= %zu", prod, ARRAY_SIZE((r)->items)); \
+ ret = NULL; \
+ } else { \
+ ret = &(r)->items[prod].el; \
+ } \
+ }
+
+#undef SPICE_RING_CONS_ITEM
+#define SPICE_RING_CONS_ITEM(qxl, r, ret) { \
+ uint32_t cons = (r)->cons & SPICE_RING_INDEX_MASK(r); \
+ if (cons >= ARRAY_SIZE((r)->items)) { \
+ qxl_set_guest_bug(qxl, "SPICE_RING_CONS_ITEM indices mismatch " \
+ "%u >= %zu", cons, ARRAY_SIZE((r)->items)); \
+ ret = NULL; \
+ } else { \
+ ret = &(r)->items[cons].el; \
+ } \
+ }
+
+#undef ALIGN
+#define ALIGN(a, b) (((a) + ((b) - 1)) & ~((b) - 1))
+
+#define PIXEL_SIZE 0.2936875 //1280x1024 is 14.8" x 11.9"
+
+#define QXL_MODE(_x, _y, _b, _o) \
+ { .x_res = _x, \
+ .y_res = _y, \
+ .bits = _b, \
+ .stride = (_x) * (_b) / 8, \
+ .x_mili = PIXEL_SIZE * (_x), \
+ .y_mili = PIXEL_SIZE * (_y), \
+ .orientation = _o, \
+ }
+
+#define QXL_MODE_16_32(x_res, y_res, orientation) \
+ QXL_MODE(x_res, y_res, 16, orientation), \
+ QXL_MODE(x_res, y_res, 32, orientation)
+
+#define QXL_MODE_EX(x_res, y_res) \
+ QXL_MODE_16_32(x_res, y_res, 0), \
+ QXL_MODE_16_32(x_res, y_res, 1)
+
+static QXLMode qxl_modes[] = {
+ QXL_MODE_EX(640, 480),
+ QXL_MODE_EX(800, 480),
+ QXL_MODE_EX(800, 600),
+ QXL_MODE_EX(832, 624),
+ QXL_MODE_EX(960, 640),
+ QXL_MODE_EX(1024, 600),
+ QXL_MODE_EX(1024, 768),
+ QXL_MODE_EX(1152, 864),
+ QXL_MODE_EX(1152, 870),
+ QXL_MODE_EX(1280, 720),
+ QXL_MODE_EX(1280, 760),
+ QXL_MODE_EX(1280, 768),
+ QXL_MODE_EX(1280, 800),
+ QXL_MODE_EX(1280, 960),
+ QXL_MODE_EX(1280, 1024),
+ QXL_MODE_EX(1360, 768),
+ QXL_MODE_EX(1366, 768),
+ QXL_MODE_EX(1400, 1050),
+ QXL_MODE_EX(1440, 900),
+ QXL_MODE_EX(1600, 900),
+ QXL_MODE_EX(1600, 1200),
+ QXL_MODE_EX(1680, 1050),
+ QXL_MODE_EX(1920, 1080),
+ /* these modes need more than 8 MB video memory */
+ QXL_MODE_EX(1920, 1200),
+ QXL_MODE_EX(1920, 1440),
+ QXL_MODE_EX(2000, 2000),
+ QXL_MODE_EX(2048, 1536),
+ QXL_MODE_EX(2048, 2048),
+ QXL_MODE_EX(2560, 1440),
+ QXL_MODE_EX(2560, 1600),
+ /* these modes need more than 16 MB video memory */
+ QXL_MODE_EX(2560, 2048),
+ QXL_MODE_EX(2800, 2100),
+ QXL_MODE_EX(3200, 2400),
+ QXL_MODE_EX(3840, 2160), /* 4k mainstream */
+ QXL_MODE_EX(4096, 2160), /* 4k */
+ QXL_MODE_EX(7680, 4320), /* 8k mainstream */
+ QXL_MODE_EX(8192, 4320), /* 8k */
+};
+
+static void qxl_send_events(PCIQXLDevice *d, uint32_t events);
+static int qxl_destroy_primary(PCIQXLDevice *d, qxl_async_io async);
+static void qxl_reset_memslots(PCIQXLDevice *d);
+static void qxl_reset_surfaces(PCIQXLDevice *d);
+static void qxl_ring_set_dirty(PCIQXLDevice *qxl);
+
+void qxl_set_guest_bug(PCIQXLDevice *qxl, const char *msg, ...)
+{
+ trace_qxl_set_guest_bug(qxl->id);
+ qxl_send_events(qxl, QXL_INTERRUPT_ERROR);
+ qxl->guest_bug = 1;
+ if (qxl->guestdebug) {
+ va_list ap;
+ va_start(ap, msg);
+ fprintf(stderr, "qxl-%d: guest bug: ", qxl->id);
+ vfprintf(stderr, msg, ap);
+ fprintf(stderr, "\n");
+ va_end(ap);
+ }
+}
+
+static void qxl_clear_guest_bug(PCIQXLDevice *qxl)
+{
+ qxl->guest_bug = 0;
+}
+
+void qxl_spice_update_area(PCIQXLDevice *qxl, uint32_t surface_id,
+ struct QXLRect *area, struct QXLRect *dirty_rects,
+ uint32_t num_dirty_rects,
+ uint32_t clear_dirty_region,
+ qxl_async_io async, struct QXLCookie *cookie)
+{
+ trace_qxl_spice_update_area(qxl->id, surface_id, area->left, area->right,
+ area->top, area->bottom);
+ trace_qxl_spice_update_area_rest(qxl->id, num_dirty_rects,
+ clear_dirty_region);
+ if (async == QXL_SYNC) {
+ qxl->ssd.worker->update_area(qxl->ssd.worker, surface_id, area,
+ dirty_rects, num_dirty_rects, clear_dirty_region);
+ } else {
+ assert(cookie != NULL);
+ spice_qxl_update_area_async(&qxl->ssd.qxl, surface_id, area,
+ clear_dirty_region, (uintptr_t)cookie);
+ }
+}
+
+static void qxl_spice_destroy_surface_wait_complete(PCIQXLDevice *qxl,
+ uint32_t id)
+{
+ trace_qxl_spice_destroy_surface_wait_complete(qxl->id, id);
+ qemu_mutex_lock(&qxl->track_lock);
+ qxl->guest_surfaces.cmds[id] = 0;
+ qxl->guest_surfaces.count--;
+ qemu_mutex_unlock(&qxl->track_lock);
+}
+
+static void qxl_spice_destroy_surface_wait(PCIQXLDevice *qxl, uint32_t id,
+ qxl_async_io async)
+{
+ QXLCookie *cookie;
+
+ trace_qxl_spice_destroy_surface_wait(qxl->id, id, async);
+ if (async) {
+ cookie = qxl_cookie_new(QXL_COOKIE_TYPE_IO,
+ QXL_IO_DESTROY_SURFACE_ASYNC);
+ cookie->u.surface_id = id;
+ spice_qxl_destroy_surface_async(&qxl->ssd.qxl, id, (uintptr_t)cookie);
+ } else {
+ qxl->ssd.worker->destroy_surface_wait(qxl->ssd.worker, id);
+ qxl_spice_destroy_surface_wait_complete(qxl, id);
+ }
+}
+
+static void qxl_spice_flush_surfaces_async(PCIQXLDevice *qxl)
+{
+ trace_qxl_spice_flush_surfaces_async(qxl->id, qxl->guest_surfaces.count,
+ qxl->num_free_res);
+ spice_qxl_flush_surfaces_async(&qxl->ssd.qxl,
+ (uintptr_t)qxl_cookie_new(QXL_COOKIE_TYPE_IO,
+ QXL_IO_FLUSH_SURFACES_ASYNC));
+}
+
+void qxl_spice_loadvm_commands(PCIQXLDevice *qxl, struct QXLCommandExt *ext,
+ uint32_t count)
+{
+ trace_qxl_spice_loadvm_commands(qxl->id, ext, count);
+ qxl->ssd.worker->loadvm_commands(qxl->ssd.worker, ext, count);
+}
+
+void qxl_spice_oom(PCIQXLDevice *qxl)
+{
+ trace_qxl_spice_oom(qxl->id);
+ qxl->ssd.worker->oom(qxl->ssd.worker);
+}
+
+void qxl_spice_reset_memslots(PCIQXLDevice *qxl)
+{
+ trace_qxl_spice_reset_memslots(qxl->id);
+ qxl->ssd.worker->reset_memslots(qxl->ssd.worker);
+}
+
+static void qxl_spice_destroy_surfaces_complete(PCIQXLDevice *qxl)
+{
+ trace_qxl_spice_destroy_surfaces_complete(qxl->id);
+ qemu_mutex_lock(&qxl->track_lock);
+ memset(qxl->guest_surfaces.cmds, 0,
+ sizeof(qxl->guest_surfaces.cmds[0]) * qxl->ssd.num_surfaces);
+ qxl->guest_surfaces.count = 0;
+ qemu_mutex_unlock(&qxl->track_lock);
+}
+
+static void qxl_spice_destroy_surfaces(PCIQXLDevice *qxl, qxl_async_io async)
+{
+ trace_qxl_spice_destroy_surfaces(qxl->id, async);
+ if (async) {
+ spice_qxl_destroy_surfaces_async(&qxl->ssd.qxl,
+ (uintptr_t)qxl_cookie_new(QXL_COOKIE_TYPE_IO,
+ QXL_IO_DESTROY_ALL_SURFACES_ASYNC));
+ } else {
+ qxl->ssd.worker->destroy_surfaces(qxl->ssd.worker);
+ qxl_spice_destroy_surfaces_complete(qxl);
+ }
+}
+
+static void qxl_spice_monitors_config_async(PCIQXLDevice *qxl, int replay)
+{
+ trace_qxl_spice_monitors_config(qxl->id);
+ if (replay) {
+ /*
+ * don't use QXL_COOKIE_TYPE_IO:
+ * - we are not running yet (post_load), we will assert
+ * in send_events
+ * - this is not a guest io, but a reply, so async_io isn't set.
+ */
+ spice_qxl_monitors_config_async(&qxl->ssd.qxl,
+ qxl->guest_monitors_config,
+ MEMSLOT_GROUP_GUEST,
+ (uintptr_t)qxl_cookie_new(
+ QXL_COOKIE_TYPE_POST_LOAD_MONITORS_CONFIG,
+ 0));
+ } else {
+ qxl->guest_monitors_config = qxl->ram->monitors_config;
+ spice_qxl_monitors_config_async(&qxl->ssd.qxl,
+ qxl->ram->monitors_config,
+ MEMSLOT_GROUP_GUEST,
+ (uintptr_t)qxl_cookie_new(QXL_COOKIE_TYPE_IO,
+ QXL_IO_MONITORS_CONFIG_ASYNC));
+ }
+}
+
+void qxl_spice_reset_image_cache(PCIQXLDevice *qxl)
+{
+ trace_qxl_spice_reset_image_cache(qxl->id);
+ qxl->ssd.worker->reset_image_cache(qxl->ssd.worker);
+}
+
+void qxl_spice_reset_cursor(PCIQXLDevice *qxl)
+{
+ trace_qxl_spice_reset_cursor(qxl->id);
+ qxl->ssd.worker->reset_cursor(qxl->ssd.worker);
+ qemu_mutex_lock(&qxl->track_lock);
+ qxl->guest_cursor = 0;
+ qemu_mutex_unlock(&qxl->track_lock);
+ if (qxl->ssd.cursor) {
+ cursor_put(qxl->ssd.cursor);
+ }
+ qxl->ssd.cursor = cursor_builtin_hidden();
+}
+
+
+static inline uint32_t msb_mask(uint32_t val)
+{
+ uint32_t mask;
+
+ do {
+ mask = ~(val - 1) & val;
+ val &= ~mask;
+ } while (mask < val);
+
+ return mask;
+}
+
+static ram_addr_t qxl_rom_size(void)
+{
+ uint32_t required_rom_size = sizeof(QXLRom) + sizeof(QXLModes) +
+ sizeof(qxl_modes);
+ uint32_t rom_size = 8192; /* two pages */
+
+ required_rom_size = MAX(required_rom_size, TARGET_PAGE_SIZE);
+ required_rom_size = msb_mask(required_rom_size * 2 - 1);
+ assert(required_rom_size <= rom_size);
+ return rom_size;
+}
+
+static void init_qxl_rom(PCIQXLDevice *d)
+{
+ QXLRom *rom = memory_region_get_ram_ptr(&d->rom_bar);
+ QXLModes *modes = (QXLModes *)(rom + 1);
+ uint32_t ram_header_size;
+ uint32_t surface0_area_size;
+ uint32_t num_pages;
+ uint32_t fb;
+ int i, n;
+
+ memset(rom, 0, d->rom_size);
+
+ rom->magic = cpu_to_le32(QXL_ROM_MAGIC);
+ rom->id = cpu_to_le32(d->id);
+ rom->log_level = cpu_to_le32(d->guestdebug);
+ rom->modes_offset = cpu_to_le32(sizeof(QXLRom));
+
+ rom->slot_gen_bits = MEMSLOT_GENERATION_BITS;
+ rom->slot_id_bits = MEMSLOT_SLOT_BITS;
+ rom->slots_start = 1;
+ rom->slots_end = NUM_MEMSLOTS - 1;
+ rom->n_surfaces = cpu_to_le32(d->ssd.num_surfaces);
+
+ for (i = 0, n = 0; i < ARRAY_SIZE(qxl_modes); i++) {
+ fb = qxl_modes[i].y_res * qxl_modes[i].stride;
+ if (fb > d->vgamem_size) {
+ continue;
+ }
+ modes->modes[n].id = cpu_to_le32(i);
+ modes->modes[n].x_res = cpu_to_le32(qxl_modes[i].x_res);
+ modes->modes[n].y_res = cpu_to_le32(qxl_modes[i].y_res);
+ modes->modes[n].bits = cpu_to_le32(qxl_modes[i].bits);
+ modes->modes[n].stride = cpu_to_le32(qxl_modes[i].stride);
+ modes->modes[n].x_mili = cpu_to_le32(qxl_modes[i].x_mili);
+ modes->modes[n].y_mili = cpu_to_le32(qxl_modes[i].y_mili);
+ modes->modes[n].orientation = cpu_to_le32(qxl_modes[i].orientation);
+ n++;
+ }
+ modes->n_modes = cpu_to_le32(n);
+
+ ram_header_size = ALIGN(sizeof(QXLRam), 4096);
+ surface0_area_size = ALIGN(d->vgamem_size, 4096);
+ num_pages = d->vga.vram_size;
+ num_pages -= ram_header_size;
+ num_pages -= surface0_area_size;
+ num_pages = num_pages / TARGET_PAGE_SIZE;
+
+ rom->draw_area_offset = cpu_to_le32(0);
+ rom->surface0_area_size = cpu_to_le32(surface0_area_size);
+ rom->pages_offset = cpu_to_le32(surface0_area_size);
+ rom->num_pages = cpu_to_le32(num_pages);
+ rom->ram_header_offset = cpu_to_le32(d->vga.vram_size - ram_header_size);
+
+ d->shadow_rom = *rom;
+ d->rom = rom;
+ d->modes = modes;
+}
+
+static void init_qxl_ram(PCIQXLDevice *d)
+{
+ uint8_t *buf;
+ uint64_t *item;
+
+ buf = d->vga.vram_ptr;
+ d->ram = (QXLRam *)(buf + le32_to_cpu(d->shadow_rom.ram_header_offset));
+ d->ram->magic = cpu_to_le32(QXL_RAM_MAGIC);
+ d->ram->int_pending = cpu_to_le32(0);
+ d->ram->int_mask = cpu_to_le32(0);
+ d->ram->update_surface = 0;
+ d->ram->monitors_config = 0;
+ SPICE_RING_INIT(&d->ram->cmd_ring);
+ SPICE_RING_INIT(&d->ram->cursor_ring);
+ SPICE_RING_INIT(&d->ram->release_ring);
+ SPICE_RING_PROD_ITEM(d, &d->ram->release_ring, item);
+ assert(item);
+ *item = 0;
+ qxl_ring_set_dirty(d);
+}
+
+/* can be called from spice server thread context */
+static void qxl_set_dirty(MemoryRegion *mr, ram_addr_t addr, ram_addr_t end)
+{
+ memory_region_set_dirty(mr, addr, end - addr);
+}
+
+static void qxl_rom_set_dirty(PCIQXLDevice *qxl)
+{
+ qxl_set_dirty(&qxl->rom_bar, 0, qxl->rom_size);
+}
+
+/* called from spice server thread context only */
+static void qxl_ram_set_dirty(PCIQXLDevice *qxl, void *ptr)
+{
+ void *base = qxl->vga.vram_ptr;
+ intptr_t offset;
+
+ offset = ptr - base;
+ offset &= ~(TARGET_PAGE_SIZE-1);
+ assert(offset < qxl->vga.vram_size);
+ qxl_set_dirty(&qxl->vga.vram, offset, offset + TARGET_PAGE_SIZE);
+}
+
+/* can be called from spice server thread context */
+static void qxl_ring_set_dirty(PCIQXLDevice *qxl)
+{
+ ram_addr_t addr = qxl->shadow_rom.ram_header_offset;
+ ram_addr_t end = qxl->vga.vram_size;
+ qxl_set_dirty(&qxl->vga.vram, addr, end);
+}
+
+/*
+ * keep track of some command state, for savevm/loadvm.
+ * called from spice server thread context only
+ */
+static int qxl_track_command(PCIQXLDevice *qxl, struct QXLCommandExt *ext)
+{
+ switch (le32_to_cpu(ext->cmd.type)) {
+ case QXL_CMD_SURFACE:
+ {
+ QXLSurfaceCmd *cmd = qxl_phys2virt(qxl, ext->cmd.data, ext->group_id);
+
+ if (!cmd) {
+ return 1;
+ }
+ uint32_t id = le32_to_cpu(cmd->surface_id);
+
+ if (id >= qxl->ssd.num_surfaces) {
+ qxl_set_guest_bug(qxl, "QXL_CMD_SURFACE id %d >= %d", id,
+ qxl->ssd.num_surfaces);
+ return 1;
+ }
+ if (cmd->type == QXL_SURFACE_CMD_CREATE &&
+ (cmd->u.surface_create.stride & 0x03) != 0) {
+ qxl_set_guest_bug(qxl, "QXL_CMD_SURFACE stride = %d %% 4 != 0\n",
+ cmd->u.surface_create.stride);
+ return 1;
+ }
+ qemu_mutex_lock(&qxl->track_lock);
+ if (cmd->type == QXL_SURFACE_CMD_CREATE) {
+ qxl->guest_surfaces.cmds[id] = ext->cmd.data;
+ qxl->guest_surfaces.count++;
+ if (qxl->guest_surfaces.max < qxl->guest_surfaces.count)
+ qxl->guest_surfaces.max = qxl->guest_surfaces.count;
+ }
+ if (cmd->type == QXL_SURFACE_CMD_DESTROY) {
+ qxl->guest_surfaces.cmds[id] = 0;
+ qxl->guest_surfaces.count--;
+ }
+ qemu_mutex_unlock(&qxl->track_lock);
+ break;
+ }
+ case QXL_CMD_CURSOR:
+ {
+ QXLCursorCmd *cmd = qxl_phys2virt(qxl, ext->cmd.data, ext->group_id);
+
+ if (!cmd) {
+ return 1;
+ }
+ if (cmd->type == QXL_CURSOR_SET) {
+ qemu_mutex_lock(&qxl->track_lock);
+ qxl->guest_cursor = ext->cmd.data;
+ qemu_mutex_unlock(&qxl->track_lock);
+ }
+ break;
+ }
+ }
+ return 0;
+}
+
+/* spice display interface callbacks */
+
+static void interface_attach_worker(QXLInstance *sin, QXLWorker *qxl_worker)
+{
+ PCIQXLDevice *qxl = container_of(sin, PCIQXLDevice, ssd.qxl);
+
+ trace_qxl_interface_attach_worker(qxl->id);
+ qxl->ssd.worker = qxl_worker;
+}
+
+static void interface_set_compression_level(QXLInstance *sin, int level)
+{
+ PCIQXLDevice *qxl = container_of(sin, PCIQXLDevice, ssd.qxl);
+
+ trace_qxl_interface_set_compression_level(qxl->id, level);
+ qxl->shadow_rom.compression_level = cpu_to_le32(level);
+ qxl->rom->compression_level = cpu_to_le32(level);
+ qxl_rom_set_dirty(qxl);
+}
+
+static void interface_set_mm_time(QXLInstance *sin, uint32_t mm_time)
+{
+ PCIQXLDevice *qxl = container_of(sin, PCIQXLDevice, ssd.qxl);
+
+ trace_qxl_interface_set_mm_time(qxl->id, mm_time);
+ qxl->shadow_rom.mm_clock = cpu_to_le32(mm_time);
+ qxl->rom->mm_clock = cpu_to_le32(mm_time);
+ qxl_rom_set_dirty(qxl);
+}
+
+static void interface_get_init_info(QXLInstance *sin, QXLDevInitInfo *info)
+{
+ PCIQXLDevice *qxl = container_of(sin, PCIQXLDevice, ssd.qxl);
+
+ trace_qxl_interface_get_init_info(qxl->id);
+ info->memslot_gen_bits = MEMSLOT_GENERATION_BITS;
+ info->memslot_id_bits = MEMSLOT_SLOT_BITS;
+ info->num_memslots = NUM_MEMSLOTS;
+ info->num_memslots_groups = NUM_MEMSLOTS_GROUPS;
+ info->internal_groupslot_id = 0;
+ info->qxl_ram_size = le32_to_cpu(qxl->shadow_rom.num_pages) << TARGET_PAGE_BITS;
+ info->n_surfaces = qxl->ssd.num_surfaces;
+}
+
+static const char *qxl_mode_to_string(int mode)
+{
+ switch (mode) {
+ case QXL_MODE_COMPAT:
+ return "compat";
+ case QXL_MODE_NATIVE:
+ return "native";
+ case QXL_MODE_UNDEFINED:
+ return "undefined";
+ case QXL_MODE_VGA:
+ return "vga";
+ }
+ return "INVALID";
+}
+
+static const char *io_port_to_string(uint32_t io_port)
+{
+ if (io_port >= QXL_IO_RANGE_SIZE) {
+ return "out of range";
+ }
+ static const char *io_port_to_string[QXL_IO_RANGE_SIZE + 1] = {
+ [QXL_IO_NOTIFY_CMD] = "QXL_IO_NOTIFY_CMD",
+ [QXL_IO_NOTIFY_CURSOR] = "QXL_IO_NOTIFY_CURSOR",
+ [QXL_IO_UPDATE_AREA] = "QXL_IO_UPDATE_AREA",
+ [QXL_IO_UPDATE_IRQ] = "QXL_IO_UPDATE_IRQ",
+ [QXL_IO_NOTIFY_OOM] = "QXL_IO_NOTIFY_OOM",
+ [QXL_IO_RESET] = "QXL_IO_RESET",
+ [QXL_IO_SET_MODE] = "QXL_IO_SET_MODE",
+ [QXL_IO_LOG] = "QXL_IO_LOG",
+ [QXL_IO_MEMSLOT_ADD] = "QXL_IO_MEMSLOT_ADD",
+ [QXL_IO_MEMSLOT_DEL] = "QXL_IO_MEMSLOT_DEL",
+ [QXL_IO_DETACH_PRIMARY] = "QXL_IO_DETACH_PRIMARY",
+ [QXL_IO_ATTACH_PRIMARY] = "QXL_IO_ATTACH_PRIMARY",
+ [QXL_IO_CREATE_PRIMARY] = "QXL_IO_CREATE_PRIMARY",
+ [QXL_IO_DESTROY_PRIMARY] = "QXL_IO_DESTROY_PRIMARY",
+ [QXL_IO_DESTROY_SURFACE_WAIT] = "QXL_IO_DESTROY_SURFACE_WAIT",
+ [QXL_IO_DESTROY_ALL_SURFACES] = "QXL_IO_DESTROY_ALL_SURFACES",
+ [QXL_IO_UPDATE_AREA_ASYNC] = "QXL_IO_UPDATE_AREA_ASYNC",
+ [QXL_IO_MEMSLOT_ADD_ASYNC] = "QXL_IO_MEMSLOT_ADD_ASYNC",
+ [QXL_IO_CREATE_PRIMARY_ASYNC] = "QXL_IO_CREATE_PRIMARY_ASYNC",
+ [QXL_IO_DESTROY_PRIMARY_ASYNC] = "QXL_IO_DESTROY_PRIMARY_ASYNC",
+ [QXL_IO_DESTROY_SURFACE_ASYNC] = "QXL_IO_DESTROY_SURFACE_ASYNC",
+ [QXL_IO_DESTROY_ALL_SURFACES_ASYNC]
+ = "QXL_IO_DESTROY_ALL_SURFACES_ASYNC",
+ [QXL_IO_FLUSH_SURFACES_ASYNC] = "QXL_IO_FLUSH_SURFACES_ASYNC",
+ [QXL_IO_FLUSH_RELEASE] = "QXL_IO_FLUSH_RELEASE",
+ [QXL_IO_MONITORS_CONFIG_ASYNC] = "QXL_IO_MONITORS_CONFIG_ASYNC",
+ };
+ return io_port_to_string[io_port];
+}
+
+/* called from spice server thread context only */
+static int interface_get_command(QXLInstance *sin, struct QXLCommandExt *ext)
+{
+ PCIQXLDevice *qxl = container_of(sin, PCIQXLDevice, ssd.qxl);
+ SimpleSpiceUpdate *update;
+ QXLCommandRing *ring;
+ QXLCommand *cmd;
+ int notify, ret;
+
+ trace_qxl_ring_command_check(qxl->id, qxl_mode_to_string(qxl->mode));
+
+ switch (qxl->mode) {
+ case QXL_MODE_VGA:
+ ret = false;
+ qemu_mutex_lock(&qxl->ssd.lock);
+ update = QTAILQ_FIRST(&qxl->ssd.updates);
+ if (update != NULL) {
+ QTAILQ_REMOVE(&qxl->ssd.updates, update, next);
+ *ext = update->ext;
+ ret = true;
+ }
+ qemu_mutex_unlock(&qxl->ssd.lock);
+ if (ret) {
+ trace_qxl_ring_command_get(qxl->id, qxl_mode_to_string(qxl->mode));
+ qxl_log_command(qxl, "vga", ext);
+ }
+ return ret;
+ case QXL_MODE_COMPAT:
+ case QXL_MODE_NATIVE:
+ case QXL_MODE_UNDEFINED:
+ ring = &qxl->ram->cmd_ring;
+ if (qxl->guest_bug || SPICE_RING_IS_EMPTY(ring)) {
+ return false;
+ }
+ SPICE_RING_CONS_ITEM(qxl, ring, cmd);
+ if (!cmd) {
+ return false;
+ }
+ ext->cmd = *cmd;
+ ext->group_id = MEMSLOT_GROUP_GUEST;
+ ext->flags = qxl->cmdflags;
+ SPICE_RING_POP(ring, notify);
+ qxl_ring_set_dirty(qxl);
+ if (notify) {
+ qxl_send_events(qxl, QXL_INTERRUPT_DISPLAY);
+ }
+ qxl->guest_primary.commands++;
+ qxl_track_command(qxl, ext);
+ qxl_log_command(qxl, "cmd", ext);
+ trace_qxl_ring_command_get(qxl->id, qxl_mode_to_string(qxl->mode));
+ return true;
+ default:
+ return false;
+ }
+}
+
+/* called from spice server thread context only */
+static int interface_req_cmd_notification(QXLInstance *sin)
+{
+ PCIQXLDevice *qxl = container_of(sin, PCIQXLDevice, ssd.qxl);
+ int wait = 1;
+
+ trace_qxl_ring_command_req_notification(qxl->id);
+ switch (qxl->mode) {
+ case QXL_MODE_COMPAT:
+ case QXL_MODE_NATIVE:
+ case QXL_MODE_UNDEFINED:
+ SPICE_RING_CONS_WAIT(&qxl->ram->cmd_ring, wait);
+ qxl_ring_set_dirty(qxl);
+ break;
+ default:
+ /* nothing */
+ break;
+ }
+ return wait;
+}
+
+/* called from spice server thread context only */
+static inline void qxl_push_free_res(PCIQXLDevice *d, int flush)
+{
+ QXLReleaseRing *ring = &d->ram->release_ring;
+ uint64_t *item;
+ int notify;
+
+#define QXL_FREE_BUNCH_SIZE 32
+
+ if (ring->prod - ring->cons + 1 == ring->num_items) {
+ /* ring full -- can't push */
+ return;
+ }
+ if (!flush && d->oom_running) {
+ /* collect everything from oom handler before pushing */
+ return;
+ }
+ if (!flush && d->num_free_res < QXL_FREE_BUNCH_SIZE) {
+ /* collect a bit more before pushing */
+ return;
+ }
+
+ SPICE_RING_PUSH(ring, notify);
+ trace_qxl_ring_res_push(d->id, qxl_mode_to_string(d->mode),
+ d->guest_surfaces.count, d->num_free_res,
+ d->last_release, notify ? "yes" : "no");
+ trace_qxl_ring_res_push_rest(d->id, ring->prod - ring->cons,
+ ring->num_items, ring->prod, ring->cons);
+ if (notify) {
+ qxl_send_events(d, QXL_INTERRUPT_DISPLAY);
+ }
+ SPICE_RING_PROD_ITEM(d, ring, item);
+ if (!item) {
+ return;
+ }
+ *item = 0;
+ d->num_free_res = 0;
+ d->last_release = NULL;
+ qxl_ring_set_dirty(d);
+}
+
+/* called from spice server thread context only */
+static void interface_release_resource(QXLInstance *sin,
+ struct QXLReleaseInfoExt ext)
+{
+ PCIQXLDevice *qxl = container_of(sin, PCIQXLDevice, ssd.qxl);
+ QXLReleaseRing *ring;
+ uint64_t *item, id;
+
+ if (ext.group_id == MEMSLOT_GROUP_HOST) {
+ /* host group -> vga mode update request */
+ qemu_spice_destroy_update(&qxl->ssd, (void *)(intptr_t)ext.info->id);
+ return;
+ }
+
+ /*
+ * ext->info points into guest-visible memory
+ * pci bar 0, $command.release_info
+ */
+ ring = &qxl->ram->release_ring;
+ SPICE_RING_PROD_ITEM(qxl, ring, item);
+ if (!item) {
+ return;
+ }
+ if (*item == 0) {
+ /* stick head into the ring */
+ id = ext.info->id;
+ ext.info->next = 0;
+ qxl_ram_set_dirty(qxl, &ext.info->next);
+ *item = id;
+ qxl_ring_set_dirty(qxl);
+ } else {
+ /* append item to the list */
+ qxl->last_release->next = ext.info->id;
+ qxl_ram_set_dirty(qxl, &qxl->last_release->next);
+ ext.info->next = 0;
+ qxl_ram_set_dirty(qxl, &ext.info->next);
+ }
+ qxl->last_release = ext.info;
+ qxl->num_free_res++;
+ trace_qxl_ring_res_put(qxl->id, qxl->num_free_res);
+ qxl_push_free_res(qxl, 0);
+}
+
+/* called from spice server thread context only */
+static int interface_get_cursor_command(QXLInstance *sin, struct QXLCommandExt *ext)
+{
+ PCIQXLDevice *qxl = container_of(sin, PCIQXLDevice, ssd.qxl);
+ QXLCursorRing *ring;
+ QXLCommand *cmd;
+ int notify;
+
+ trace_qxl_ring_cursor_check(qxl->id, qxl_mode_to_string(qxl->mode));
+
+ switch (qxl->mode) {
+ case QXL_MODE_COMPAT:
+ case QXL_MODE_NATIVE:
+ case QXL_MODE_UNDEFINED:
+ ring = &qxl->ram->cursor_ring;
+ if (SPICE_RING_IS_EMPTY(ring)) {
+ return false;
+ }
+ SPICE_RING_CONS_ITEM(qxl, ring, cmd);
+ if (!cmd) {
+ return false;
+ }
+ ext->cmd = *cmd;
+ ext->group_id = MEMSLOT_GROUP_GUEST;
+ ext->flags = qxl->cmdflags;
+ SPICE_RING_POP(ring, notify);
+ qxl_ring_set_dirty(qxl);
+ if (notify) {
+ qxl_send_events(qxl, QXL_INTERRUPT_CURSOR);
+ }
+ qxl->guest_primary.commands++;
+ qxl_track_command(qxl, ext);
+ qxl_log_command(qxl, "csr", ext);
+ if (qxl->id == 0) {
+ qxl_render_cursor(qxl, ext);
+ }
+ trace_qxl_ring_cursor_get(qxl->id, qxl_mode_to_string(qxl->mode));
+ return true;
+ default:
+ return false;
+ }
+}
+
+/* called from spice server thread context only */
+static int interface_req_cursor_notification(QXLInstance *sin)
+{
+ PCIQXLDevice *qxl = container_of(sin, PCIQXLDevice, ssd.qxl);
+ int wait = 1;
+
+ trace_qxl_ring_cursor_req_notification(qxl->id);
+ switch (qxl->mode) {
+ case QXL_MODE_COMPAT:
+ case QXL_MODE_NATIVE:
+ case QXL_MODE_UNDEFINED:
+ SPICE_RING_CONS_WAIT(&qxl->ram->cursor_ring, wait);
+ qxl_ring_set_dirty(qxl);
+ break;
+ default:
+ /* nothing */
+ break;
+ }
+ return wait;
+}
+
+/* called from spice server thread context */
+static void interface_notify_update(QXLInstance *sin, uint32_t update_id)
+{
+ /*
+ * Called by spice-server as a result of a QXL_CMD_UPDATE which is not in
+ * use by xf86-video-qxl and is defined out in the qxl windows driver.
+ * Probably was at some earlier version that is prior to git start (2009),
+ * and is still guest trigerrable.
+ */
+ fprintf(stderr, "%s: deprecated\n", __func__);
+}
+
+/* called from spice server thread context only */
+static int interface_flush_resources(QXLInstance *sin)
+{
+ PCIQXLDevice *qxl = container_of(sin, PCIQXLDevice, ssd.qxl);
+ int ret;
+
+ ret = qxl->num_free_res;
+ if (ret) {
+ qxl_push_free_res(qxl, 1);
+ }
+ return ret;
+}
+
+static void qxl_create_guest_primary_complete(PCIQXLDevice *d);
+
+/* called from spice server thread context only */
+static void interface_async_complete_io(PCIQXLDevice *qxl, QXLCookie *cookie)
+{
+ uint32_t current_async;
+
+ qemu_mutex_lock(&qxl->async_lock);
+ current_async = qxl->current_async;
+ qxl->current_async = QXL_UNDEFINED_IO;
+ qemu_mutex_unlock(&qxl->async_lock);
+
+ trace_qxl_interface_async_complete_io(qxl->id, current_async, cookie);
+ if (!cookie) {
+ fprintf(stderr, "qxl: %s: error, cookie is NULL\n", __func__);
+ return;
+ }
+ if (cookie && current_async != cookie->io) {
+ fprintf(stderr,
+ "qxl: %s: error: current_async = %d != %"
+ PRId64 " = cookie->io\n", __func__, current_async, cookie->io);
+ }
+ switch (current_async) {
+ case QXL_IO_MEMSLOT_ADD_ASYNC:
+ case QXL_IO_DESTROY_PRIMARY_ASYNC:
+ case QXL_IO_UPDATE_AREA_ASYNC:
+ case QXL_IO_FLUSH_SURFACES_ASYNC:
+ case QXL_IO_MONITORS_CONFIG_ASYNC:
+ break;
+ case QXL_IO_CREATE_PRIMARY_ASYNC:
+ qxl_create_guest_primary_complete(qxl);
+ break;
+ case QXL_IO_DESTROY_ALL_SURFACES_ASYNC:
+ qxl_spice_destroy_surfaces_complete(qxl);
+ break;
+ case QXL_IO_DESTROY_SURFACE_ASYNC:
+ qxl_spice_destroy_surface_wait_complete(qxl, cookie->u.surface_id);
+ break;
+ default:
+ fprintf(stderr, "qxl: %s: unexpected current_async %d\n", __func__,
+ current_async);
+ }
+ qxl_send_events(qxl, QXL_INTERRUPT_IO_CMD);
+}
+
+/* called from spice server thread context only */
+static void interface_update_area_complete(QXLInstance *sin,
+ uint32_t surface_id,
+ QXLRect *dirty, uint32_t num_updated_rects)
+{
+ PCIQXLDevice *qxl = container_of(sin, PCIQXLDevice, ssd.qxl);
+ int i;
+ int qxl_i;
+
+ qemu_mutex_lock(&qxl->ssd.lock);
+ if (surface_id != 0 || !qxl->render_update_cookie_num) {
+ qemu_mutex_unlock(&qxl->ssd.lock);
+ return;
+ }
+ trace_qxl_interface_update_area_complete(qxl->id, surface_id, dirty->left,
+ dirty->right, dirty->top, dirty->bottom);
+ trace_qxl_interface_update_area_complete_rest(qxl->id, num_updated_rects);
+ if (qxl->num_dirty_rects + num_updated_rects > QXL_NUM_DIRTY_RECTS) {
+ /*
+ * overflow - treat this as a full update. Not expected to be common.
+ */
+ trace_qxl_interface_update_area_complete_overflow(qxl->id,
+ QXL_NUM_DIRTY_RECTS);
+ qxl->guest_primary.resized = 1;
+ }
+ if (qxl->guest_primary.resized) {
+ /*
+ * Don't bother copying or scheduling the bh since we will flip
+ * the whole area anyway on completion of the update_area async call
+ */
+ qemu_mutex_unlock(&qxl->ssd.lock);
+ return;
+ }
+ qxl_i = qxl->num_dirty_rects;
+ for (i = 0; i < num_updated_rects; i++) {
+ qxl->dirty[qxl_i++] = dirty[i];
+ }
+ qxl->num_dirty_rects += num_updated_rects;
+ trace_qxl_interface_update_area_complete_schedule_bh(qxl->id,
+ qxl->num_dirty_rects);
+ qemu_bh_schedule(qxl->update_area_bh);
+ qemu_mutex_unlock(&qxl->ssd.lock);
+}
+
+/* called from spice server thread context only */
+static void interface_async_complete(QXLInstance *sin, uint64_t cookie_token)
+{
+ PCIQXLDevice *qxl = container_of(sin, PCIQXLDevice, ssd.qxl);
+ QXLCookie *cookie = (QXLCookie *)(uintptr_t)cookie_token;
+
+ switch (cookie->type) {
+ case QXL_COOKIE_TYPE_IO:
+ interface_async_complete_io(qxl, cookie);
+ g_free(cookie);
+ break;
+ case QXL_COOKIE_TYPE_RENDER_UPDATE_AREA:
+ qxl_render_update_area_done(qxl, cookie);
+ break;
+ case QXL_COOKIE_TYPE_POST_LOAD_MONITORS_CONFIG:
+ break;
+ default:
+ fprintf(stderr, "qxl: %s: unexpected cookie type %d\n",
+ __func__, cookie->type);
+ g_free(cookie);
+ }
+}
+
+/* called from spice server thread context only */
+static void interface_set_client_capabilities(QXLInstance *sin,
+ uint8_t client_present,
+ uint8_t caps[58])
+{
+ PCIQXLDevice *qxl = container_of(sin, PCIQXLDevice, ssd.qxl);
+
+ if (qxl->revision < 4) {
+ trace_qxl_set_client_capabilities_unsupported_by_revision(qxl->id,
+ qxl->revision);
+ return;
+ }
+
+ if (runstate_check(RUN_STATE_INMIGRATE) ||
+ runstate_check(RUN_STATE_POSTMIGRATE)) {
+ return;
+ }
+
+ qxl->shadow_rom.client_present = client_present;
+ memcpy(qxl->shadow_rom.client_capabilities, caps,
+ sizeof(qxl->shadow_rom.client_capabilities));
+ qxl->rom->client_present = client_present;
+ memcpy(qxl->rom->client_capabilities, caps,
+ sizeof(qxl->rom->client_capabilities));
+ qxl_rom_set_dirty(qxl);
+
+ qxl_send_events(qxl, QXL_INTERRUPT_CLIENT);
+}
+
+static uint32_t qxl_crc32(const uint8_t *p, unsigned len)
+{
+ /*
+ * zlib xors the seed with 0xffffffff, and xors the result
+ * again with 0xffffffff; Both are not done with linux's crc32,
+ * which we want to be compatible with, so undo that.
+ */
+ return crc32(0xffffffff, p, len) ^ 0xffffffff;
+}
+
+/* called from main context only */
+static int interface_client_monitors_config(QXLInstance *sin,
+ VDAgentMonitorsConfig *monitors_config)
+{
+ PCIQXLDevice *qxl = container_of(sin, PCIQXLDevice, ssd.qxl);
+ QXLRom *rom = memory_region_get_ram_ptr(&qxl->rom_bar);
+ int i;
+
+ if (qxl->revision < 4) {
+ trace_qxl_client_monitors_config_unsupported_by_device(qxl->id,
+ qxl->revision);
+ return 0;
+ }
+ /*
+ * Older windows drivers set int_mask to 0 when their ISR is called,
+ * then later set it to ~0. So it doesn't relate to the actual interrupts
+ * handled. However, they are old, so clearly they don't support this
+ * interrupt
+ */
+ if (qxl->ram->int_mask == 0 || qxl->ram->int_mask == ~0 ||
+ !(qxl->ram->int_mask & QXL_INTERRUPT_CLIENT_MONITORS_CONFIG)) {
+ trace_qxl_client_monitors_config_unsupported_by_guest(qxl->id,
+ qxl->ram->int_mask,
+ monitors_config);
+ return 0;
+ }
+ if (!monitors_config) {
+ return 1;
+ }
+ memset(&rom->client_monitors_config, 0,
+ sizeof(rom->client_monitors_config));
+ rom->client_monitors_config.count = monitors_config->num_of_monitors;
+ /* monitors_config->flags ignored */
+ if (rom->client_monitors_config.count >=
+ ARRAY_SIZE(rom->client_monitors_config.heads)) {
+ trace_qxl_client_monitors_config_capped(qxl->id,
+ monitors_config->num_of_monitors,
+ ARRAY_SIZE(rom->client_monitors_config.heads));
+ rom->client_monitors_config.count =
+ ARRAY_SIZE(rom->client_monitors_config.heads);
+ }
+ for (i = 0 ; i < rom->client_monitors_config.count ; ++i) {
+ VDAgentMonConfig *monitor = &monitors_config->monitors[i];
+ QXLURect *rect = &rom->client_monitors_config.heads[i];
+ /* monitor->depth ignored */
+ rect->left = monitor->x;
+ rect->top = monitor->y;
+ rect->right = monitor->x + monitor->width;
+ rect->bottom = monitor->y + monitor->height;
+ }
+ rom->client_monitors_config_crc = qxl_crc32(
+ (const uint8_t *)&rom->client_monitors_config,
+ sizeof(rom->client_monitors_config));
+ trace_qxl_client_monitors_config_crc(qxl->id,
+ sizeof(rom->client_monitors_config),
+ rom->client_monitors_config_crc);
+
+ trace_qxl_interrupt_client_monitors_config(qxl->id,
+ rom->client_monitors_config.count,
+ rom->client_monitors_config.heads);
+ qxl_send_events(qxl, QXL_INTERRUPT_CLIENT_MONITORS_CONFIG);
+ return 1;
+}
+
+static const QXLInterface qxl_interface = {
+ .base.type = SPICE_INTERFACE_QXL,
+ .base.description = "qxl gpu",
+ .base.major_version = SPICE_INTERFACE_QXL_MAJOR,
+ .base.minor_version = SPICE_INTERFACE_QXL_MINOR,
+
+ .attache_worker = interface_attach_worker,
+ .set_compression_level = interface_set_compression_level,
+ .set_mm_time = interface_set_mm_time,
+ .get_init_info = interface_get_init_info,
+
+ /* the callbacks below are called from spice server thread context */
+ .get_command = interface_get_command,
+ .req_cmd_notification = interface_req_cmd_notification,
+ .release_resource = interface_release_resource,
+ .get_cursor_command = interface_get_cursor_command,
+ .req_cursor_notification = interface_req_cursor_notification,
+ .notify_update = interface_notify_update,
+ .flush_resources = interface_flush_resources,
+ .async_complete = interface_async_complete,
+ .update_area_complete = interface_update_area_complete,
+ .set_client_capabilities = interface_set_client_capabilities,
+ .client_monitors_config = interface_client_monitors_config,
+};
+
+static void qxl_enter_vga_mode(PCIQXLDevice *d)
+{
+ if (d->mode == QXL_MODE_VGA) {
+ return;
+ }
+ trace_qxl_enter_vga_mode(d->id);
+#if SPICE_SERVER_VERSION >= 0x000c03 /* release 0.12.3 */
+ spice_qxl_driver_unload(&d->ssd.qxl);
+#endif
+ qemu_spice_create_host_primary(&d->ssd);
+ d->mode = QXL_MODE_VGA;
+ vga_dirty_log_start(&d->vga);
+ graphic_hw_update(d->vga.con);
+}
+
+static void qxl_exit_vga_mode(PCIQXLDevice *d)
+{
+ if (d->mode != QXL_MODE_VGA) {
+ return;
+ }
+ trace_qxl_exit_vga_mode(d->id);
+ vga_dirty_log_stop(&d->vga);
+ qxl_destroy_primary(d, QXL_SYNC);
+}
+
+static void qxl_update_irq(PCIQXLDevice *d)
+{
+ uint32_t pending = le32_to_cpu(d->ram->int_pending);
+ uint32_t mask = le32_to_cpu(d->ram->int_mask);
+ int level = !!(pending & mask);
+ qemu_set_irq(d->pci.irq[0], level);
+ qxl_ring_set_dirty(d);
+}
+
+static void qxl_check_state(PCIQXLDevice *d)
+{
+ QXLRam *ram = d->ram;
+ int spice_display_running = qemu_spice_display_is_running(&d->ssd);
+
+ assert(!spice_display_running || SPICE_RING_IS_EMPTY(&ram->cmd_ring));
+ assert(!spice_display_running || SPICE_RING_IS_EMPTY(&ram->cursor_ring));
+}
+
+static void qxl_reset_state(PCIQXLDevice *d)
+{
+ QXLRom *rom = d->rom;
+
+ qxl_check_state(d);
+ d->shadow_rom.update_id = cpu_to_le32(0);
+ *rom = d->shadow_rom;
+ qxl_rom_set_dirty(d);
+ init_qxl_ram(d);
+ d->num_free_res = 0;
+ d->last_release = NULL;
+ memset(&d->ssd.dirty, 0, sizeof(d->ssd.dirty));
+}
+
+static void qxl_soft_reset(PCIQXLDevice *d)
+{
+ trace_qxl_soft_reset(d->id);
+ qxl_check_state(d);
+ qxl_clear_guest_bug(d);
+ d->current_async = QXL_UNDEFINED_IO;
+
+ if (d->id == 0) {
+ qxl_enter_vga_mode(d);
+ } else {
+ d->mode = QXL_MODE_UNDEFINED;
+ }
+}
+
+static void qxl_hard_reset(PCIQXLDevice *d, int loadvm)
+{
+ trace_qxl_hard_reset(d->id, loadvm);
+
+ qxl_spice_reset_cursor(d);
+ qxl_spice_reset_image_cache(d);
+ qxl_reset_surfaces(d);
+ qxl_reset_memslots(d);
+
+ /* pre loadvm reset must not touch QXLRam. This lives in
+ * device memory, is migrated together with RAM and thus
+ * already loaded at this point */
+ if (!loadvm) {
+ qxl_reset_state(d);
+ }
+ qemu_spice_create_host_memslot(&d->ssd);
+ qxl_soft_reset(d);
+}
+
+static void qxl_reset_handler(DeviceState *dev)
+{
+ PCIQXLDevice *d = DO_UPCAST(PCIQXLDevice, pci.qdev, dev);
+
+ qxl_hard_reset(d, 0);
+}
+
+static void qxl_vga_ioport_write(void *opaque, uint32_t addr, uint32_t val)
+{
+ VGACommonState *vga = opaque;
+ PCIQXLDevice *qxl = container_of(vga, PCIQXLDevice, vga);
+
+ trace_qxl_io_write_vga(qxl->id, qxl_mode_to_string(qxl->mode), addr, val);
+ if (qxl->mode != QXL_MODE_VGA) {
+ qxl_destroy_primary(qxl, QXL_SYNC);
+ qxl_soft_reset(qxl);
+ }
+ vga_ioport_write(opaque, addr, val);
+}
+
+static const MemoryRegionPortio qxl_vga_portio_list[] = {
+ { 0x04, 2, 1, .read = vga_ioport_read,
+ .write = qxl_vga_ioport_write }, /* 3b4 */
+ { 0x0a, 1, 1, .read = vga_ioport_read,
+ .write = qxl_vga_ioport_write }, /* 3ba */
+ { 0x10, 16, 1, .read = vga_ioport_read,
+ .write = qxl_vga_ioport_write }, /* 3c0 */
+ { 0x24, 2, 1, .read = vga_ioport_read,
+ .write = qxl_vga_ioport_write }, /* 3d4 */
+ { 0x2a, 1, 1, .read = vga_ioport_read,
+ .write = qxl_vga_ioport_write }, /* 3da */
+ PORTIO_END_OF_LIST(),
+};
+
+static int qxl_add_memslot(PCIQXLDevice *d, uint32_t slot_id, uint64_t delta,
+ qxl_async_io async)
+{
+ static const int regions[] = {
+ QXL_RAM_RANGE_INDEX,
+ QXL_VRAM_RANGE_INDEX,
+ QXL_VRAM64_RANGE_INDEX,
+ };
+ uint64_t guest_start;
+ uint64_t guest_end;
+ int pci_region;
+ pcibus_t pci_start;
+ pcibus_t pci_end;
+ intptr_t virt_start;
+ QXLDevMemSlot memslot;
+ int i;
+
+ guest_start = le64_to_cpu(d->guest_slots[slot_id].slot.mem_start);
+ guest_end = le64_to_cpu(d->guest_slots[slot_id].slot.mem_end);
+
+ trace_qxl_memslot_add_guest(d->id, slot_id, guest_start, guest_end);
+
+ if (slot_id >= NUM_MEMSLOTS) {
+ qxl_set_guest_bug(d, "%s: slot_id >= NUM_MEMSLOTS %d >= %d", __func__,
+ slot_id, NUM_MEMSLOTS);
+ return 1;
+ }
+ if (guest_start > guest_end) {
+ qxl_set_guest_bug(d, "%s: guest_start > guest_end 0x%" PRIx64
+ " > 0x%" PRIx64, __func__, guest_start, guest_end);
+ return 1;
+ }
+
+ for (i = 0; i < ARRAY_SIZE(regions); i++) {
+ pci_region = regions[i];
+ pci_start = d->pci.io_regions[pci_region].addr;
+ pci_end = pci_start + d->pci.io_regions[pci_region].size;
+ /* mapped? */
+ if (pci_start == -1) {
+ continue;
+ }
+ /* start address in range ? */
+ if (guest_start < pci_start || guest_start > pci_end) {
+ continue;
+ }
+ /* end address in range ? */
+ if (guest_end > pci_end) {
+ continue;
+ }
+ /* passed */
+ break;
+ }
+ if (i == ARRAY_SIZE(regions)) {
+ qxl_set_guest_bug(d, "%s: finished loop without match", __func__);
+ return 1;
+ }
+
+ switch (pci_region) {
+ case QXL_RAM_RANGE_INDEX:
+ virt_start = (intptr_t)memory_region_get_ram_ptr(&d->vga.vram);
+ break;
+ case QXL_VRAM_RANGE_INDEX:
+ case 4 /* vram 64bit */:
+ virt_start = (intptr_t)memory_region_get_ram_ptr(&d->vram_bar);
+ break;
+ default:
+ /* should not happen */
+ qxl_set_guest_bug(d, "%s: pci_region = %d", __func__, pci_region);
+ return 1;
+ }
+
+ memslot.slot_id = slot_id;
+ memslot.slot_group_id = MEMSLOT_GROUP_GUEST; /* guest group */
+ memslot.virt_start = virt_start + (guest_start - pci_start);
+ memslot.virt_end = virt_start + (guest_end - pci_start);
+ memslot.addr_delta = memslot.virt_start - delta;
+ memslot.generation = d->rom->slot_generation = 0;
+ qxl_rom_set_dirty(d);
+
+ qemu_spice_add_memslot(&d->ssd, &memslot, async);
+ d->guest_slots[slot_id].ptr = (void*)memslot.virt_start;
+ d->guest_slots[slot_id].size = memslot.virt_end - memslot.virt_start;
+ d->guest_slots[slot_id].delta = delta;
+ d->guest_slots[slot_id].active = 1;
+ return 0;
+}
+
+static void qxl_del_memslot(PCIQXLDevice *d, uint32_t slot_id)
+{
+ qemu_spice_del_memslot(&d->ssd, MEMSLOT_GROUP_HOST, slot_id);
+ d->guest_slots[slot_id].active = 0;
+}
+
+static void qxl_reset_memslots(PCIQXLDevice *d)
+{
+ qxl_spice_reset_memslots(d);
+ memset(&d->guest_slots, 0, sizeof(d->guest_slots));
+}
+
+static void qxl_reset_surfaces(PCIQXLDevice *d)
+{
+ trace_qxl_reset_surfaces(d->id);
+ d->mode = QXL_MODE_UNDEFINED;
+ qxl_spice_destroy_surfaces(d, QXL_SYNC);
+}
+
+/* can be also called from spice server thread context */
+void *qxl_phys2virt(PCIQXLDevice *qxl, QXLPHYSICAL pqxl, int group_id)
+{
+ uint64_t phys = le64_to_cpu(pqxl);
+ uint32_t slot = (phys >> (64 - 8)) & 0xff;
+ uint64_t offset = phys & 0xffffffffffff;
+
+ switch (group_id) {
+ case MEMSLOT_GROUP_HOST:
+ return (void *)(intptr_t)offset;
+ case MEMSLOT_GROUP_GUEST:
+ if (slot >= NUM_MEMSLOTS) {
+ qxl_set_guest_bug(qxl, "slot too large %d >= %d", slot,
+ NUM_MEMSLOTS);
+ return NULL;
+ }
+ if (!qxl->guest_slots[slot].active) {
+ qxl_set_guest_bug(qxl, "inactive slot %d\n", slot);
+ return NULL;
+ }
+ if (offset < qxl->guest_slots[slot].delta) {
+ qxl_set_guest_bug(qxl,
+ "slot %d offset %"PRIu64" < delta %"PRIu64"\n",
+ slot, offset, qxl->guest_slots[slot].delta);
+ return NULL;
+ }
+ offset -= qxl->guest_slots[slot].delta;
+ if (offset > qxl->guest_slots[slot].size) {
+ qxl_set_guest_bug(qxl,
+ "slot %d offset %"PRIu64" > size %"PRIu64"\n",
+ slot, offset, qxl->guest_slots[slot].size);
+ return NULL;
+ }
+ return qxl->guest_slots[slot].ptr + offset;
+ }
+ return NULL;
+}
+
+static void qxl_create_guest_primary_complete(PCIQXLDevice *qxl)
+{
+ /* for local rendering */
+ qxl_render_resize(qxl);
+}
+
+static void qxl_create_guest_primary(PCIQXLDevice *qxl, int loadvm,
+ qxl_async_io async)
+{
+ QXLDevSurfaceCreate surface;
+ QXLSurfaceCreate *sc = &qxl->guest_primary.surface;
+ int size;
+ int requested_height = le32_to_cpu(sc->height);
+ int requested_stride = le32_to_cpu(sc->stride);
+
+ size = abs(requested_stride) * requested_height;
+ if (size > qxl->vgamem_size) {
+ qxl_set_guest_bug(qxl, "%s: requested primary larger then framebuffer"
+ " size", __func__);
+ return;
+ }
+
+ if (qxl->mode == QXL_MODE_NATIVE) {
+ qxl_set_guest_bug(qxl, "%s: nop since already in QXL_MODE_NATIVE",
+ __func__);
+ }
+ qxl_exit_vga_mode(qxl);
+
+ surface.format = le32_to_cpu(sc->format);
+ surface.height = le32_to_cpu(sc->height);
+ surface.mem = le64_to_cpu(sc->mem);
+ surface.position = le32_to_cpu(sc->position);
+ surface.stride = le32_to_cpu(sc->stride);
+ surface.width = le32_to_cpu(sc->width);
+ surface.type = le32_to_cpu(sc->type);
+ surface.flags = le32_to_cpu(sc->flags);
+ trace_qxl_create_guest_primary(qxl->id, sc->width, sc->height, sc->mem,
+ sc->format, sc->position);
+ trace_qxl_create_guest_primary_rest(qxl->id, sc->stride, sc->type,
+ sc->flags);
+
+ if ((surface.stride & 0x3) != 0) {
+ qxl_set_guest_bug(qxl, "primary surface stride = %d %% 4 != 0",
+ surface.stride);
+ return;
+ }
+
+ surface.mouse_mode = true;
+ surface.group_id = MEMSLOT_GROUP_GUEST;
+ if (loadvm) {
+ surface.flags |= QXL_SURF_FLAG_KEEP_DATA;
+ }
+
+ qxl->mode = QXL_MODE_NATIVE;
+ qxl->cmdflags = 0;
+ qemu_spice_create_primary_surface(&qxl->ssd, 0, &surface, async);
+
+ if (async == QXL_SYNC) {
+ qxl_create_guest_primary_complete(qxl);
+ }
+}
+
+/* return 1 if surface destoy was initiated (in QXL_ASYNC case) or
+ * done (in QXL_SYNC case), 0 otherwise. */
+static int qxl_destroy_primary(PCIQXLDevice *d, qxl_async_io async)
+{
+ if (d->mode == QXL_MODE_UNDEFINED) {
+ return 0;
+ }
+ trace_qxl_destroy_primary(d->id);
+ d->mode = QXL_MODE_UNDEFINED;
+ qemu_spice_destroy_primary_surface(&d->ssd, 0, async);
+ qxl_spice_reset_cursor(d);
+ return 1;
+}
+
+static void qxl_set_mode(PCIQXLDevice *d, int modenr, int loadvm)
+{
+ pcibus_t start = d->pci.io_regions[QXL_RAM_RANGE_INDEX].addr;
+ pcibus_t end = d->pci.io_regions[QXL_RAM_RANGE_INDEX].size + start;
+ QXLMode *mode = d->modes->modes + modenr;
+ uint64_t devmem = d->pci.io_regions[QXL_RAM_RANGE_INDEX].addr;
+ QXLMemSlot slot = {
+ .mem_start = start,
+ .mem_end = end
+ };
+ QXLSurfaceCreate surface = {
+ .width = mode->x_res,
+ .height = mode->y_res,
+ .stride = -mode->x_res * 4,
+ .format = SPICE_SURFACE_FMT_32_xRGB,
+ .flags = loadvm ? QXL_SURF_FLAG_KEEP_DATA : 0,
+ .mouse_mode = true,
+ .mem = devmem + d->shadow_rom.draw_area_offset,
+ };
+
+ trace_qxl_set_mode(d->id, modenr, mode->x_res, mode->y_res, mode->bits,
+ devmem);
+ if (!loadvm) {
+ qxl_hard_reset(d, 0);
+ }
+
+ d->guest_slots[0].slot = slot;
+ assert(qxl_add_memslot(d, 0, devmem, QXL_SYNC) == 0);
+
+ d->guest_primary.surface = surface;
+ qxl_create_guest_primary(d, 0, QXL_SYNC);
+
+ d->mode = QXL_MODE_COMPAT;
+ d->cmdflags = QXL_COMMAND_FLAG_COMPAT;
+ if (mode->bits == 16) {
+ d->cmdflags |= QXL_COMMAND_FLAG_COMPAT_16BPP;
+ }
+ d->shadow_rom.mode = cpu_to_le32(modenr);
+ d->rom->mode = cpu_to_le32(modenr);
+ qxl_rom_set_dirty(d);
+}
+
+static void ioport_write(void *opaque, hwaddr addr,
+ uint64_t val, unsigned size)
+{
+ PCIQXLDevice *d = opaque;
+ uint32_t io_port = addr;
+ qxl_async_io async = QXL_SYNC;
+ uint32_t orig_io_port = io_port;
+
+ if (d->guest_bug && io_port != QXL_IO_RESET) {
+ return;
+ }
+
+ if (d->revision <= QXL_REVISION_STABLE_V10 &&
+ io_port > QXL_IO_FLUSH_RELEASE) {
+ qxl_set_guest_bug(d, "unsupported io %d for revision %d\n",
+ io_port, d->revision);
+ return;
+ }
+
+ switch (io_port) {
+ case QXL_IO_RESET:
+ case QXL_IO_SET_MODE:
+ case QXL_IO_MEMSLOT_ADD:
+ case QXL_IO_MEMSLOT_DEL:
+ case QXL_IO_CREATE_PRIMARY:
+ case QXL_IO_UPDATE_IRQ:
+ case QXL_IO_LOG:
+ case QXL_IO_MEMSLOT_ADD_ASYNC:
+ case QXL_IO_CREATE_PRIMARY_ASYNC:
+ break;
+ default:
+ if (d->mode != QXL_MODE_VGA) {
+ break;
+ }
+ trace_qxl_io_unexpected_vga_mode(d->id,
+ addr, val, io_port_to_string(io_port));
+ /* be nice to buggy guest drivers */
+ if (io_port >= QXL_IO_UPDATE_AREA_ASYNC &&
+ io_port < QXL_IO_RANGE_SIZE) {
+ qxl_send_events(d, QXL_INTERRUPT_IO_CMD);
+ }
+ return;
+ }
+
+ /* we change the io_port to avoid ifdeffery in the main switch */
+ orig_io_port = io_port;
+ switch (io_port) {
+ case QXL_IO_UPDATE_AREA_ASYNC:
+ io_port = QXL_IO_UPDATE_AREA;
+ goto async_common;
+ case QXL_IO_MEMSLOT_ADD_ASYNC:
+ io_port = QXL_IO_MEMSLOT_ADD;
+ goto async_common;
+ case QXL_IO_CREATE_PRIMARY_ASYNC:
+ io_port = QXL_IO_CREATE_PRIMARY;
+ goto async_common;
+ case QXL_IO_DESTROY_PRIMARY_ASYNC:
+ io_port = QXL_IO_DESTROY_PRIMARY;
+ goto async_common;
+ case QXL_IO_DESTROY_SURFACE_ASYNC:
+ io_port = QXL_IO_DESTROY_SURFACE_WAIT;
+ goto async_common;
+ case QXL_IO_DESTROY_ALL_SURFACES_ASYNC:
+ io_port = QXL_IO_DESTROY_ALL_SURFACES;
+ goto async_common;
+ case QXL_IO_FLUSH_SURFACES_ASYNC:
+ case QXL_IO_MONITORS_CONFIG_ASYNC:
+async_common:
+ async = QXL_ASYNC;
+ qemu_mutex_lock(&d->async_lock);
+ if (d->current_async != QXL_UNDEFINED_IO) {
+ qxl_set_guest_bug(d, "%d async started before last (%d) complete",
+ io_port, d->current_async);
+ qemu_mutex_unlock(&d->async_lock);
+ return;
+ }
+ d->current_async = orig_io_port;
+ qemu_mutex_unlock(&d->async_lock);
+ break;
+ default:
+ break;
+ }
+ trace_qxl_io_write(d->id, qxl_mode_to_string(d->mode), addr, val, size,
+ async);
+
+ switch (io_port) {
+ case QXL_IO_UPDATE_AREA:
+ {
+ QXLCookie *cookie = NULL;
+ QXLRect update = d->ram->update_area;
+
+ if (d->ram->update_surface > d->ssd.num_surfaces) {
+ qxl_set_guest_bug(d, "QXL_IO_UPDATE_AREA: invalid surface id %d\n",
+ d->ram->update_surface);
+ break;
+ }
+ if (update.left >= update.right || update.top >= update.bottom ||
+ update.left < 0 || update.top < 0) {
+ qxl_set_guest_bug(d,
+ "QXL_IO_UPDATE_AREA: invalid area (%ux%u)x(%ux%u)\n",
+ update.left, update.top, update.right, update.bottom);
+ break;
+ }
+ if (async == QXL_ASYNC) {
+ cookie = qxl_cookie_new(QXL_COOKIE_TYPE_IO,
+ QXL_IO_UPDATE_AREA_ASYNC);
+ cookie->u.area = update;
+ }
+ qxl_spice_update_area(d, d->ram->update_surface,
+ cookie ? &cookie->u.area : &update,
+ NULL, 0, 0, async, cookie);
+ break;
+ }
+ case QXL_IO_NOTIFY_CMD:
+ qemu_spice_wakeup(&d->ssd);
+ break;
+ case QXL_IO_NOTIFY_CURSOR:
+ qemu_spice_wakeup(&d->ssd);
+ break;
+ case QXL_IO_UPDATE_IRQ:
+ qxl_update_irq(d);
+ break;
+ case QXL_IO_NOTIFY_OOM:
+ if (!SPICE_RING_IS_EMPTY(&d->ram->release_ring)) {
+ break;
+ }
+ d->oom_running = 1;
+ qxl_spice_oom(d);
+ d->oom_running = 0;
+ break;
+ case QXL_IO_SET_MODE:
+ qxl_set_mode(d, val, 0);
+ break;
+ case QXL_IO_LOG:
+ trace_qxl_io_log(d->id, d->ram->log_buf);
+ if (d->guestdebug) {
+ fprintf(stderr, "qxl/guest-%d: %" PRId64 ": %s", d->id,
+ qemu_get_clock_ns(vm_clock), d->ram->log_buf);
+ }
+ break;
+ case QXL_IO_RESET:
+ qxl_hard_reset(d, 0);
+ break;
+ case QXL_IO_MEMSLOT_ADD:
+ if (val >= NUM_MEMSLOTS) {
+ qxl_set_guest_bug(d, "QXL_IO_MEMSLOT_ADD: val out of range");
+ break;
+ }
+ if (d->guest_slots[val].active) {
+ qxl_set_guest_bug(d,
+ "QXL_IO_MEMSLOT_ADD: memory slot already active");
+ break;
+ }
+ d->guest_slots[val].slot = d->ram->mem_slot;
+ qxl_add_memslot(d, val, 0, async);
+ break;
+ case QXL_IO_MEMSLOT_DEL:
+ if (val >= NUM_MEMSLOTS) {
+ qxl_set_guest_bug(d, "QXL_IO_MEMSLOT_DEL: val out of range");
+ break;
+ }
+ qxl_del_memslot(d, val);
+ break;
+ case QXL_IO_CREATE_PRIMARY:
+ if (val != 0) {
+ qxl_set_guest_bug(d, "QXL_IO_CREATE_PRIMARY (async=%d): val != 0",
+ async);
+ goto cancel_async;
+ }
+ d->guest_primary.surface = d->ram->create_surface;
+ qxl_create_guest_primary(d, 0, async);
+ break;
+ case QXL_IO_DESTROY_PRIMARY:
+ if (val != 0) {
+ qxl_set_guest_bug(d, "QXL_IO_DESTROY_PRIMARY (async=%d): val != 0",
+ async);
+ goto cancel_async;
+ }
+ if (!qxl_destroy_primary(d, async)) {
+ trace_qxl_io_destroy_primary_ignored(d->id,
+ qxl_mode_to_string(d->mode));
+ goto cancel_async;
+ }
+ break;
+ case QXL_IO_DESTROY_SURFACE_WAIT:
+ if (val >= d->ssd.num_surfaces) {
+ qxl_set_guest_bug(d, "QXL_IO_DESTROY_SURFACE (async=%d):"
+ "%" PRIu64 " >= NUM_SURFACES", async, val);
+ goto cancel_async;
+ }
+ qxl_spice_destroy_surface_wait(d, val, async);
+ break;
+ case QXL_IO_FLUSH_RELEASE: {
+ QXLReleaseRing *ring = &d->ram->release_ring;
+ if (ring->prod - ring->cons + 1 == ring->num_items) {
+ fprintf(stderr,
+ "ERROR: no flush, full release ring [p%d,%dc]\n",
+ ring->prod, ring->cons);
+ }
+ qxl_push_free_res(d, 1 /* flush */);
+ break;
+ }
+ case QXL_IO_FLUSH_SURFACES_ASYNC:
+ qxl_spice_flush_surfaces_async(d);
+ break;
+ case QXL_IO_DESTROY_ALL_SURFACES:
+ d->mode = QXL_MODE_UNDEFINED;
+ qxl_spice_destroy_surfaces(d, async);
+ break;
+ case QXL_IO_MONITORS_CONFIG_ASYNC:
+ qxl_spice_monitors_config_async(d, 0);
+ break;
+ default:
+ qxl_set_guest_bug(d, "%s: unexpected ioport=0x%x\n", __func__, io_port);
+ }
+ return;
+cancel_async:
+ if (async) {
+ qxl_send_events(d, QXL_INTERRUPT_IO_CMD);
+ qemu_mutex_lock(&d->async_lock);
+ d->current_async = QXL_UNDEFINED_IO;
+ qemu_mutex_unlock(&d->async_lock);
+ }
+}
+
+static uint64_t ioport_read(void *opaque, hwaddr addr,
+ unsigned size)
+{
+ PCIQXLDevice *qxl = opaque;
+
+ trace_qxl_io_read_unexpected(qxl->id);
+ return 0xff;
+}
+
+static const MemoryRegionOps qxl_io_ops = {
+ .read = ioport_read,
+ .write = ioport_write,
+ .valid = {
+ .min_access_size = 1,
+ .max_access_size = 1,
+ },
+};
+
+static void pipe_read(void *opaque)
+{
+ PCIQXLDevice *d = opaque;
+ char dummy;
+ int len;
+
+ do {
+ len = read(d->pipe[0], &dummy, sizeof(dummy));
+ } while (len == sizeof(dummy));
+ qxl_update_irq(d);
+}
+
+static void qxl_send_events(PCIQXLDevice *d, uint32_t events)
+{
+ uint32_t old_pending;
+ uint32_t le_events = cpu_to_le32(events);
+
+ trace_qxl_send_events(d->id, events);
+ if (!qemu_spice_display_is_running(&d->ssd)) {
+ /* spice-server tracks guest running state and should not do this */
+ fprintf(stderr, "%s: spice-server bug: guest stopped, ignoring\n",
+ __func__);
+ trace_qxl_send_events_vm_stopped(d->id, events);
+ return;
+ }
+ old_pending = atomic_fetch_or(&d->ram->int_pending, le_events);
+ if ((old_pending & le_events) == le_events) {
+ return;
+ }
+ if (qemu_thread_is_self(&d->main)) {
+ qxl_update_irq(d);
+ } else {
+ if (write(d->pipe[1], d, 1) != 1) {
+ dprint(d, 1, "%s: write to pipe failed\n", __func__);
+ }
+ }
+}
+
+static void init_pipe_signaling(PCIQXLDevice *d)
+{
+ if (pipe(d->pipe) < 0) {
+ fprintf(stderr, "%s:%s: qxl pipe creation failed\n",
+ __FILE__, __func__);
+ exit(1);
+ }
+ fcntl(d->pipe[0], F_SETFL, O_NONBLOCK);
+ fcntl(d->pipe[1], F_SETFL, O_NONBLOCK);
+ fcntl(d->pipe[0], F_SETOWN, getpid());
+
+ qemu_thread_get_self(&d->main);
+ qemu_set_fd_handler(d->pipe[0], pipe_read, NULL, d);
+}
+
+/* graphics console */
+
+static void qxl_hw_update(void *opaque)
+{
+ PCIQXLDevice *qxl = opaque;
+ VGACommonState *vga = &qxl->vga;
+
+ switch (qxl->mode) {
+ case QXL_MODE_VGA:
+ vga->hw_ops->gfx_update(vga);
+ break;
+ case QXL_MODE_COMPAT:
+ case QXL_MODE_NATIVE:
+ qxl_render_update(qxl);
+ break;
+ default:
+ break;
+ }
+}
+
+static void qxl_hw_invalidate(void *opaque)
+{
+ PCIQXLDevice *qxl = opaque;
+ VGACommonState *vga = &qxl->vga;
+
+ if (qxl->mode == QXL_MODE_VGA) {
+ vga->hw_ops->invalidate(vga);
+ return;
+ }
+}
+
+static void qxl_hw_text_update(void *opaque, console_ch_t *chardata)
+{
+ PCIQXLDevice *qxl = opaque;
+ VGACommonState *vga = &qxl->vga;
+
+ if (qxl->mode == QXL_MODE_VGA) {
+ vga->hw_ops->text_update(vga, chardata);
+ return;
+ }
+}
+
+static void qxl_dirty_surfaces(PCIQXLDevice *qxl)
+{
+ uintptr_t vram_start;
+ int i;
+
+ if (qxl->mode != QXL_MODE_NATIVE && qxl->mode != QXL_MODE_COMPAT) {
+ return;
+ }
+
+ /* dirty the primary surface */
+ qxl_set_dirty(&qxl->vga.vram, qxl->shadow_rom.draw_area_offset,
+ qxl->shadow_rom.surface0_area_size);
+
+ vram_start = (uintptr_t)memory_region_get_ram_ptr(&qxl->vram_bar);
+
+ /* dirty the off-screen surfaces */
+ for (i = 0; i < qxl->ssd.num_surfaces; i++) {
+ QXLSurfaceCmd *cmd;
+ intptr_t surface_offset;
+ int surface_size;
+
+ if (qxl->guest_surfaces.cmds[i] == 0) {
+ continue;
+ }
+
+ cmd = qxl_phys2virt(qxl, qxl->guest_surfaces.cmds[i],
+ MEMSLOT_GROUP_GUEST);
+ assert(cmd);
+ assert(cmd->type == QXL_SURFACE_CMD_CREATE);
+ surface_offset = (intptr_t)qxl_phys2virt(qxl,
+ cmd->u.surface_create.data,
+ MEMSLOT_GROUP_GUEST);
+ assert(surface_offset);
+ surface_offset -= vram_start;
+ surface_size = cmd->u.surface_create.height *
+ abs(cmd->u.surface_create.stride);
+ trace_qxl_surfaces_dirty(qxl->id, i, (int)surface_offset, surface_size);
+ qxl_set_dirty(&qxl->vram_bar, surface_offset, surface_size);
+ }
+}
+
+static void qxl_vm_change_state_handler(void *opaque, int running,
+ RunState state)
+{
+ PCIQXLDevice *qxl = opaque;
+
+ if (running) {
+ /*
+ * if qxl_send_events was called from spice server context before
+ * migration ended, qxl_update_irq for these events might not have been
+ * called
+ */
+ qxl_update_irq(qxl);
+ } else {
+ /* make sure surfaces are saved before migration */
+ qxl_dirty_surfaces(qxl);
+ }
+}
+
+/* display change listener */
+
+static void display_update(DisplayChangeListener *dcl,
+ int x, int y, int w, int h)
+{
+ PCIQXLDevice *qxl = container_of(dcl, PCIQXLDevice, ssd.dcl);
+
+ if (qxl->mode == QXL_MODE_VGA) {
+ qemu_spice_display_update(&qxl->ssd, x, y, w, h);
+ }
+}
+
+static void display_switch(DisplayChangeListener *dcl,
+ struct DisplaySurface *surface)
+{
+ PCIQXLDevice *qxl = container_of(dcl, PCIQXLDevice, ssd.dcl);
+
+ qxl->ssd.ds = surface;
+ if (qxl->mode == QXL_MODE_VGA) {
+ qemu_spice_display_switch(&qxl->ssd, surface);
+ }
+}
+
+static void display_refresh(DisplayChangeListener *dcl)
+{
+ PCIQXLDevice *qxl = container_of(dcl, PCIQXLDevice, ssd.dcl);
+
+ if (qxl->mode == QXL_MODE_VGA) {
+ qemu_spice_display_refresh(&qxl->ssd);
+ } else {
+ qemu_mutex_lock(&qxl->ssd.lock);
+ qemu_spice_cursor_refresh_unlocked(&qxl->ssd);
+ qemu_mutex_unlock(&qxl->ssd.lock);
+ }
+}
+
+static DisplayChangeListenerOps display_listener_ops = {
+ .dpy_name = "spice/qxl",
+ .dpy_gfx_update = display_update,
+ .dpy_gfx_switch = display_switch,
+ .dpy_refresh = display_refresh,
+};
+
+static void qxl_init_ramsize(PCIQXLDevice *qxl)
+{
+ /* vga mode framebuffer / primary surface (bar 0, first part) */
+ if (qxl->vgamem_size_mb < 8) {
+ qxl->vgamem_size_mb = 8;
+ }
+ qxl->vgamem_size = qxl->vgamem_size_mb * 1024 * 1024;
+
+ /* vga ram (bar 0, total) */
+ if (qxl->ram_size_mb != -1) {
+ qxl->vga.vram_size = qxl->ram_size_mb * 1024 * 1024;
+ }
+ if (qxl->vga.vram_size < qxl->vgamem_size * 2) {
+ qxl->vga.vram_size = qxl->vgamem_size * 2;
+ }
+
+ /* vram32 (surfaces, 32bit, bar 1) */
+ if (qxl->vram32_size_mb != -1) {
+ qxl->vram32_size = qxl->vram32_size_mb * 1024 * 1024;
+ }
+ if (qxl->vram32_size < 4096) {
+ qxl->vram32_size = 4096;
+ }
+
+ /* vram (surfaces, 64bit, bar 4+5) */
+ if (qxl->vram_size_mb != -1) {
+ qxl->vram_size = qxl->vram_size_mb * 1024 * 1024;
+ }
+ if (qxl->vram_size < qxl->vram32_size) {
+ qxl->vram_size = qxl->vram32_size;
+ }
+
+ if (qxl->revision == 1) {
+ qxl->vram32_size = 4096;
+ qxl->vram_size = 4096;
+ }
+ qxl->vgamem_size = msb_mask(qxl->vgamem_size * 2 - 1);
+ qxl->vga.vram_size = msb_mask(qxl->vga.vram_size * 2 - 1);
+ qxl->vram32_size = msb_mask(qxl->vram32_size * 2 - 1);
+ qxl->vram_size = msb_mask(qxl->vram_size * 2 - 1);
+}
+
+static int qxl_init_common(PCIQXLDevice *qxl)
+{
+ uint8_t* config = qxl->pci.config;
+ uint32_t pci_device_rev;
+ uint32_t io_size;
+
+ qxl->mode = QXL_MODE_UNDEFINED;
+ qxl->generation = 1;
+ qxl->num_memslots = NUM_MEMSLOTS;
+ qemu_mutex_init(&qxl->track_lock);
+ qemu_mutex_init(&qxl->async_lock);
+ qxl->current_async = QXL_UNDEFINED_IO;
+ qxl->guest_bug = 0;
+
+ switch (qxl->revision) {
+ case 1: /* spice 0.4 -- qxl-1 */
+ pci_device_rev = QXL_REVISION_STABLE_V04;
+ io_size = 8;
+ break;
+ case 2: /* spice 0.6 -- qxl-2 */
+ pci_device_rev = QXL_REVISION_STABLE_V06;
+ io_size = 16;
+ break;
+ case 3: /* qxl-3 */
+ pci_device_rev = QXL_REVISION_STABLE_V10;
+ io_size = 32; /* PCI region size must be pow2 */
+ break;
+ case 4: /* qxl-4 */
+ pci_device_rev = QXL_REVISION_STABLE_V12;
+ io_size = msb_mask(QXL_IO_RANGE_SIZE * 2 - 1);
+ break;
+ default:
+ error_report("Invalid revision %d for qxl device (max %d)",
+ qxl->revision, QXL_DEFAULT_REVISION);
+ return -1;
+ }
+
+ pci_set_byte(&config[PCI_REVISION_ID], pci_device_rev);
+ pci_set_byte(&config[PCI_INTERRUPT_PIN], 1);
+
+ qxl->rom_size = qxl_rom_size();
+ memory_region_init_ram(&qxl->rom_bar, OBJECT(qxl), "qxl.vrom",
+ qxl->rom_size);
+ vmstate_register_ram(&qxl->rom_bar, &qxl->pci.qdev);
+ init_qxl_rom(qxl);
+ init_qxl_ram(qxl);
+
+ qxl->guest_surfaces.cmds = g_new0(QXLPHYSICAL, qxl->ssd.num_surfaces);
+ memory_region_init_ram(&qxl->vram_bar, OBJECT(qxl), "qxl.vram",
+ qxl->vram_size);
+ vmstate_register_ram(&qxl->vram_bar, &qxl->pci.qdev);
+ memory_region_init_alias(&qxl->vram32_bar, OBJECT(qxl), "qxl.vram32",
+ &qxl->vram_bar, 0, qxl->vram32_size);
+
+ memory_region_init_io(&qxl->io_bar, OBJECT(qxl), &qxl_io_ops, qxl,
+ "qxl-ioports", io_size);
+ if (qxl->id == 0) {
+ vga_dirty_log_start(&qxl->vga);
+ }
+ memory_region_set_flush_coalesced(&qxl->io_bar);
+
+
+ pci_register_bar(&qxl->pci, QXL_IO_RANGE_INDEX,
+ PCI_BASE_ADDRESS_SPACE_IO, &qxl->io_bar);
+
+ pci_register_bar(&qxl->pci, QXL_ROM_RANGE_INDEX,
+ PCI_BASE_ADDRESS_SPACE_MEMORY, &qxl->rom_bar);
+
+ pci_register_bar(&qxl->pci, QXL_RAM_RANGE_INDEX,
+ PCI_BASE_ADDRESS_SPACE_MEMORY, &qxl->vga.vram);
+
+ pci_register_bar(&qxl->pci, QXL_VRAM_RANGE_INDEX,
+ PCI_BASE_ADDRESS_SPACE_MEMORY, &qxl->vram32_bar);
+
+ if (qxl->vram32_size < qxl->vram_size) {
+ /*
+ * Make the 64bit vram bar show up only in case it is
+ * configured to be larger than the 32bit vram bar.
+ */
+ pci_register_bar(&qxl->pci, QXL_VRAM64_RANGE_INDEX,
+ PCI_BASE_ADDRESS_SPACE_MEMORY |
+ PCI_BASE_ADDRESS_MEM_TYPE_64 |
+ PCI_BASE_ADDRESS_MEM_PREFETCH,
+ &qxl->vram_bar);
+ }
+
+ /* print pci bar details */
+ dprint(qxl, 1, "ram/%s: %d MB [region 0]\n",
+ qxl->id == 0 ? "pri" : "sec",
+ qxl->vga.vram_size / (1024*1024));
+ dprint(qxl, 1, "vram/32: %d MB [region 1]\n",
+ qxl->vram32_size / (1024*1024));
+ dprint(qxl, 1, "vram/64: %d MB %s\n",
+ qxl->vram_size / (1024*1024),
+ qxl->vram32_size < qxl->vram_size ? "[region 4]" : "[unmapped]");
+
+ qxl->ssd.qxl.base.sif = &qxl_interface.base;
+ qxl->ssd.qxl.id = qxl->id;
+ if (qemu_spice_add_interface(&qxl->ssd.qxl.base) != 0) {
+ error_report("qxl interface %d.%d not supported by spice-server",
+ SPICE_INTERFACE_QXL_MAJOR, SPICE_INTERFACE_QXL_MINOR);
+ return -1;
+ }
+ qemu_add_vm_change_state_handler(qxl_vm_change_state_handler, qxl);
+
+ init_pipe_signaling(qxl);
+ qxl_reset_state(qxl);
+
+ qxl->update_area_bh = qemu_bh_new(qxl_render_update_area_bh, qxl);
+
+ return 0;
+}
+
+static const GraphicHwOps qxl_ops = {
+ .invalidate = qxl_hw_invalidate,
+ .gfx_update = qxl_hw_update,
+ .text_update = qxl_hw_text_update,
+};
+
+static int qxl_init_primary(PCIDevice *dev)
+{
+ PCIQXLDevice *qxl = DO_UPCAST(PCIQXLDevice, pci, dev);
+ VGACommonState *vga = &qxl->vga;
+ PortioList *qxl_vga_port_list = g_new(PortioList, 1);
+ int rc;
+
+ qxl->id = 0;
+ qxl_init_ramsize(qxl);
+ vga->vram_size_mb = qxl->vga.vram_size >> 20;
+ vga_common_init(vga, OBJECT(dev));
+ vga_init(vga, OBJECT(dev),
+ pci_address_space(dev), pci_address_space_io(dev), false);
+ portio_list_init(qxl_vga_port_list, OBJECT(dev), qxl_vga_portio_list,
+ vga, "vga");
+ portio_list_add(qxl_vga_port_list, pci_address_space_io(dev), 0x3b0);
+
+ vga->con = graphic_console_init(DEVICE(dev), &qxl_ops, qxl);
+ qemu_spice_display_init_common(&qxl->ssd);
+
+ rc = qxl_init_common(qxl);
+ if (rc != 0) {
+ return rc;
+ }
+
+ qxl->ssd.dcl.ops = &display_listener_ops;
+ qxl->ssd.dcl.con = vga->con;
+ register_displaychangelistener(&qxl->ssd.dcl);
+ return rc;
+}
+
+static int qxl_init_secondary(PCIDevice *dev)
+{
+ static int device_id = 1;
+ PCIQXLDevice *qxl = DO_UPCAST(PCIQXLDevice, pci, dev);
+
+ qxl->id = device_id++;
+ qxl_init_ramsize(qxl);
+ memory_region_init_ram(&qxl->vga.vram, OBJECT(dev), "qxl.vgavram",
+ qxl->vga.vram_size);
+ vmstate_register_ram(&qxl->vga.vram, &qxl->pci.qdev);
+ qxl->vga.vram_ptr = memory_region_get_ram_ptr(&qxl->vga.vram);
+ qxl->vga.con = graphic_console_init(DEVICE(dev), &qxl_ops, qxl);
+
+ return qxl_init_common(qxl);
+}
+
+static void qxl_pre_save(void *opaque)
+{
+ PCIQXLDevice* d = opaque;
+ uint8_t *ram_start = d->vga.vram_ptr;
+
+ trace_qxl_pre_save(d->id);
+ if (d->last_release == NULL) {
+ d->last_release_offset = 0;
+ } else {
+ d->last_release_offset = (uint8_t *)d->last_release - ram_start;
+ }
+ assert(d->last_release_offset < d->vga.vram_size);
+}
+
+static int qxl_pre_load(void *opaque)
+{
+ PCIQXLDevice* d = opaque;
+
+ trace_qxl_pre_load(d->id);
+ qxl_hard_reset(d, 1);
+ qxl_exit_vga_mode(d);
+ return 0;
+}
+
+static void qxl_create_memslots(PCIQXLDevice *d)
+{
+ int i;
+
+ for (i = 0; i < NUM_MEMSLOTS; i++) {
+ if (!d->guest_slots[i].active) {
+ continue;
+ }
+ qxl_add_memslot(d, i, 0, QXL_SYNC);
+ }
+}
+
+static int qxl_post_load(void *opaque, int version)
+{
+ PCIQXLDevice* d = opaque;
+ uint8_t *ram_start = d->vga.vram_ptr;
+ QXLCommandExt *cmds;
+ int in, out, newmode;
+
+ assert(d->last_release_offset < d->vga.vram_size);
+ if (d->last_release_offset == 0) {
+ d->last_release = NULL;
+ } else {
+ d->last_release = (QXLReleaseInfo *)(ram_start + d->last_release_offset);
+ }
+
+ d->modes = (QXLModes*)((uint8_t*)d->rom + d->rom->modes_offset);
+
+ trace_qxl_post_load(d->id, qxl_mode_to_string(d->mode));
+ newmode = d->mode;
+ d->mode = QXL_MODE_UNDEFINED;
+
+ switch (newmode) {
+ case QXL_MODE_UNDEFINED:
+ qxl_create_memslots(d);
+ break;
+ case QXL_MODE_VGA:
+ qxl_create_memslots(d);
+ qxl_enter_vga_mode(d);
+ break;
+ case QXL_MODE_NATIVE:
+ qxl_create_memslots(d);
+ qxl_create_guest_primary(d, 1, QXL_SYNC);
+
+ /* replay surface-create and cursor-set commands */
+ cmds = g_malloc0(sizeof(QXLCommandExt) * (d->ssd.num_surfaces + 1));
+ for (in = 0, out = 0; in < d->ssd.num_surfaces; in++) {
+ if (d->guest_surfaces.cmds[in] == 0) {
+ continue;
+ }
+ cmds[out].cmd.data = d->guest_surfaces.cmds[in];
+ cmds[out].cmd.type = QXL_CMD_SURFACE;
+ cmds[out].group_id = MEMSLOT_GROUP_GUEST;
+ out++;
+ }
+ if (d->guest_cursor) {
+ cmds[out].cmd.data = d->guest_cursor;
+ cmds[out].cmd.type = QXL_CMD_CURSOR;
+ cmds[out].group_id = MEMSLOT_GROUP_GUEST;
+ out++;
+ }
+ qxl_spice_loadvm_commands(d, cmds, out);
+ g_free(cmds);
+ if (d->guest_monitors_config) {
+ qxl_spice_monitors_config_async(d, 1);
+ }
+ break;
+ case QXL_MODE_COMPAT:
+ /* note: no need to call qxl_create_memslots, qxl_set_mode
+ * creates the mem slot. */
+ qxl_set_mode(d, d->shadow_rom.mode, 1);
+ break;
+ }
+ return 0;
+}
+
+#define QXL_SAVE_VERSION 21
+
+static bool qxl_monitors_config_needed(void *opaque)
+{
+ PCIQXLDevice *qxl = opaque;
+
+ return qxl->guest_monitors_config != 0;
+}
+
+
+static VMStateDescription qxl_memslot = {
+ .name = "qxl-memslot",
+ .version_id = QXL_SAVE_VERSION,
+ .minimum_version_id = QXL_SAVE_VERSION,
+ .fields = (VMStateField[]) {
+ VMSTATE_UINT64(slot.mem_start, struct guest_slots),
+ VMSTATE_UINT64(slot.mem_end, struct guest_slots),
+ VMSTATE_UINT32(active, struct guest_slots),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+static VMStateDescription qxl_surface = {
+ .name = "qxl-surface",
+ .version_id = QXL_SAVE_VERSION,
+ .minimum_version_id = QXL_SAVE_VERSION,
+ .fields = (VMStateField[]) {
+ VMSTATE_UINT32(width, QXLSurfaceCreate),
+ VMSTATE_UINT32(height, QXLSurfaceCreate),
+ VMSTATE_INT32(stride, QXLSurfaceCreate),
+ VMSTATE_UINT32(format, QXLSurfaceCreate),
+ VMSTATE_UINT32(position, QXLSurfaceCreate),
+ VMSTATE_UINT32(mouse_mode, QXLSurfaceCreate),
+ VMSTATE_UINT32(flags, QXLSurfaceCreate),
+ VMSTATE_UINT32(type, QXLSurfaceCreate),
+ VMSTATE_UINT64(mem, QXLSurfaceCreate),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+static VMStateDescription qxl_vmstate_monitors_config = {
+ .name = "qxl/monitors-config",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .fields = (VMStateField[]) {
+ VMSTATE_UINT64(guest_monitors_config, PCIQXLDevice),
+ VMSTATE_END_OF_LIST()
+ },
+};
+
+static VMStateDescription qxl_vmstate = {
+ .name = "qxl",
+ .version_id = QXL_SAVE_VERSION,
+ .minimum_version_id = QXL_SAVE_VERSION,
+ .pre_save = qxl_pre_save,
+ .pre_load = qxl_pre_load,
+ .post_load = qxl_post_load,
+ .fields = (VMStateField[]) {
+ VMSTATE_PCI_DEVICE(pci, PCIQXLDevice),
+ VMSTATE_STRUCT(vga, PCIQXLDevice, 0, vmstate_vga_common, VGACommonState),
+ VMSTATE_UINT32(shadow_rom.mode, PCIQXLDevice),
+ VMSTATE_UINT32(num_free_res, PCIQXLDevice),
+ VMSTATE_UINT32(last_release_offset, PCIQXLDevice),
+ VMSTATE_UINT32(mode, PCIQXLDevice),
+ VMSTATE_UINT32(ssd.unique, PCIQXLDevice),
+ VMSTATE_INT32_EQUAL(num_memslots, PCIQXLDevice),
+ VMSTATE_STRUCT_ARRAY(guest_slots, PCIQXLDevice, NUM_MEMSLOTS, 0,
+ qxl_memslot, struct guest_slots),
+ VMSTATE_STRUCT(guest_primary.surface, PCIQXLDevice, 0,
+ qxl_surface, QXLSurfaceCreate),
+ VMSTATE_INT32_EQUAL(ssd.num_surfaces, PCIQXLDevice),
+ VMSTATE_VARRAY_INT32(guest_surfaces.cmds, PCIQXLDevice,
+ ssd.num_surfaces, 0,
+ vmstate_info_uint64, uint64_t),
+ VMSTATE_UINT64(guest_cursor, PCIQXLDevice),
+ VMSTATE_END_OF_LIST()
+ },
+ .subsections = (VMStateSubsection[]) {
+ {
+ .vmsd = &qxl_vmstate_monitors_config,
+ .needed = qxl_monitors_config_needed,
+ }, {
+ /* empty */
+ }
+ }
+};
+
+static Property qxl_properties[] = {
+ DEFINE_PROP_UINT32("ram_size", PCIQXLDevice, vga.vram_size,
+ 64 * 1024 * 1024),
+ DEFINE_PROP_UINT32("vram_size", PCIQXLDevice, vram32_size,
+ 64 * 1024 * 1024),
+ DEFINE_PROP_UINT32("revision", PCIQXLDevice, revision,
+ QXL_DEFAULT_REVISION),
+ DEFINE_PROP_UINT32("debug", PCIQXLDevice, debug, 0),
+ DEFINE_PROP_UINT32("guestdebug", PCIQXLDevice, guestdebug, 0),
+ DEFINE_PROP_UINT32("cmdlog", PCIQXLDevice, cmdlog, 0),
+ DEFINE_PROP_UINT32("ram_size_mb", PCIQXLDevice, ram_size_mb, -1),
+ DEFINE_PROP_UINT32("vram_size_mb", PCIQXLDevice, vram32_size_mb, -1),
+ DEFINE_PROP_UINT32("vram64_size_mb", PCIQXLDevice, vram_size_mb, -1),
+ DEFINE_PROP_UINT32("vgamem_mb", PCIQXLDevice, vgamem_size_mb, 16),
+ DEFINE_PROP_INT32("surfaces", PCIQXLDevice, ssd.num_surfaces, 1024),
+ DEFINE_PROP_END_OF_LIST(),
+};
+
+static void qxl_primary_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ PCIDeviceClass *k = PCI_DEVICE_CLASS(klass);
+
+ k->no_hotplug = 1;
+ k->init = qxl_init_primary;
+ k->romfile = "vgabios-qxl.bin";
+ k->vendor_id = REDHAT_PCI_VENDOR_ID;
+ k->device_id = QXL_DEVICE_ID_STABLE;
+ k->class_id = PCI_CLASS_DISPLAY_VGA;
+ set_bit(DEVICE_CATEGORY_DISPLAY, dc->categories);
+ dc->desc = "Spice QXL GPU (primary, vga compatible)";
+ dc->reset = qxl_reset_handler;
+ dc->vmsd = &qxl_vmstate;
+ dc->props = qxl_properties;
+}
+
+static const TypeInfo qxl_primary_info = {
+ .name = "qxl-vga",
+ .parent = TYPE_PCI_DEVICE,
+ .instance_size = sizeof(PCIQXLDevice),
+ .class_init = qxl_primary_class_init,
+};
+
+static void qxl_secondary_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ PCIDeviceClass *k = PCI_DEVICE_CLASS(klass);
+
+ k->init = qxl_init_secondary;
+ k->vendor_id = REDHAT_PCI_VENDOR_ID;
+ k->device_id = QXL_DEVICE_ID_STABLE;
+ k->class_id = PCI_CLASS_DISPLAY_OTHER;
+ set_bit(DEVICE_CATEGORY_DISPLAY, dc->categories);
+ dc->desc = "Spice QXL GPU (secondary)";
+ dc->reset = qxl_reset_handler;
+ dc->vmsd = &qxl_vmstate;
+ dc->props = qxl_properties;
+}
+
+static const TypeInfo qxl_secondary_info = {
+ .name = "qxl",
+ .parent = TYPE_PCI_DEVICE,
+ .instance_size = sizeof(PCIQXLDevice),
+ .class_init = qxl_secondary_class_init,
+};
+
+static void qxl_register_types(void)
+{
+ type_register_static(&qxl_primary_info);
+ type_register_static(&qxl_secondary_info);
+}
+
+type_init(qxl_register_types)
diff --git a/hw/display/qxl.h b/hw/display/qxl.h
new file mode 100644
index 000000000..8e9b0c299
--- /dev/null
+++ b/hw/display/qxl.h
@@ -0,0 +1,165 @@
+#ifndef HW_QXL_H
+#define HW_QXL_H 1
+
+#include "qemu-common.h"
+
+#include "ui/console.h"
+#include "hw/hw.h"
+#include "hw/pci/pci.h"
+#include "vga_int.h"
+#include "qemu/thread.h"
+
+#include "ui/qemu-spice.h"
+#include "ui/spice-display.h"
+
+enum qxl_mode {
+ QXL_MODE_UNDEFINED,
+ QXL_MODE_VGA,
+ QXL_MODE_COMPAT, /* spice 0.4.x */
+ QXL_MODE_NATIVE,
+};
+
+#ifndef QXL_VRAM64_RANGE_INDEX
+#define QXL_VRAM64_RANGE_INDEX 4
+#endif
+
+#define QXL_UNDEFINED_IO UINT32_MAX
+
+#define QXL_NUM_DIRTY_RECTS 64
+
+typedef struct PCIQXLDevice {
+ PCIDevice pci;
+ SimpleSpiceDisplay ssd;
+ int id;
+ uint32_t debug;
+ uint32_t guestdebug;
+ uint32_t cmdlog;
+
+ uint32_t guest_bug;
+
+ enum qxl_mode mode;
+ uint32_t cmdflags;
+ int generation;
+ uint32_t revision;
+
+ int32_t num_memslots;
+
+ uint32_t current_async;
+ QemuMutex async_lock;
+
+ struct guest_slots {
+ QXLMemSlot slot;
+ void *ptr;
+ uint64_t size;
+ uint64_t delta;
+ uint32_t active;
+ } guest_slots[NUM_MEMSLOTS];
+
+ struct guest_primary {
+ QXLSurfaceCreate surface;
+ uint32_t commands;
+ uint32_t resized;
+ int32_t qxl_stride;
+ uint32_t abs_stride;
+ uint32_t bits_pp;
+ uint32_t bytes_pp;
+ uint8_t *data;
+ } guest_primary;
+
+ struct surfaces {
+ QXLPHYSICAL *cmds;
+ uint32_t count;
+ uint32_t max;
+ } guest_surfaces;
+ QXLPHYSICAL guest_cursor;
+
+ QXLPHYSICAL guest_monitors_config;
+
+ QemuMutex track_lock;
+
+ /* thread signaling */
+ QemuThread main;
+ int pipe[2];
+
+ /* ram pci bar */
+ QXLRam *ram;
+ VGACommonState vga;
+ uint32_t num_free_res;
+ QXLReleaseInfo *last_release;
+ uint32_t last_release_offset;
+ uint32_t oom_running;
+ uint32_t vgamem_size;
+
+ /* rom pci bar */
+ QXLRom shadow_rom;
+ QXLRom *rom;
+ QXLModes *modes;
+ uint32_t rom_size;
+ MemoryRegion rom_bar;
+
+ /* vram pci bar */
+ uint32_t vram_size;
+ MemoryRegion vram_bar;
+ uint32_t vram32_size;
+ MemoryRegion vram32_bar;
+
+ /* io bar */
+ MemoryRegion io_bar;
+
+ /* user-friendly properties (in megabytes) */
+ uint32_t ram_size_mb;
+ uint32_t vram_size_mb;
+ uint32_t vram32_size_mb;
+ uint32_t vgamem_size_mb;
+
+ /* qxl_render_update state */
+ int render_update_cookie_num;
+ int num_dirty_rects;
+ QXLRect dirty[QXL_NUM_DIRTY_RECTS];
+ QEMUBH *update_area_bh;
+} PCIQXLDevice;
+
+#define PANIC_ON(x) if ((x)) { \
+ printf("%s: PANIC %s failed\n", __FUNCTION__, #x); \
+ abort(); \
+}
+
+#define dprint(_qxl, _level, _fmt, ...) \
+ do { \
+ if (_qxl->debug >= _level) { \
+ fprintf(stderr, "qxl-%d: ", _qxl->id); \
+ fprintf(stderr, _fmt, ## __VA_ARGS__); \
+ } \
+ } while (0)
+
+#define QXL_DEFAULT_REVISION QXL_REVISION_STABLE_V12
+
+/* qxl.c */
+void *qxl_phys2virt(PCIQXLDevice *qxl, QXLPHYSICAL phys, int group_id);
+void qxl_set_guest_bug(PCIQXLDevice *qxl, const char *msg, ...)
+ GCC_FMT_ATTR(2, 3);
+
+void qxl_spice_update_area(PCIQXLDevice *qxl, uint32_t surface_id,
+ struct QXLRect *area, struct QXLRect *dirty_rects,
+ uint32_t num_dirty_rects,
+ uint32_t clear_dirty_region,
+ qxl_async_io async, QXLCookie *cookie);
+void qxl_spice_loadvm_commands(PCIQXLDevice *qxl, struct QXLCommandExt *ext,
+ uint32_t count);
+void qxl_spice_oom(PCIQXLDevice *qxl);
+void qxl_spice_reset_memslots(PCIQXLDevice *qxl);
+void qxl_spice_reset_image_cache(PCIQXLDevice *qxl);
+void qxl_spice_reset_cursor(PCIQXLDevice *qxl);
+
+/* qxl-logger.c */
+int qxl_log_cmd_cursor(PCIQXLDevice *qxl, QXLCursorCmd *cmd, int group_id);
+int qxl_log_command(PCIQXLDevice *qxl, const char *ring, QXLCommandExt *ext);
+
+/* qxl-render.c */
+void qxl_render_resize(PCIQXLDevice *qxl);
+void qxl_render_update(PCIQXLDevice *qxl);
+int qxl_render_cursor(PCIQXLDevice *qxl, QXLCommandExt *ext);
+void qxl_render_update_area_done(PCIQXLDevice *qxl, QXLCookie *cookie);
+void qxl_render_update_area_bh(void *opaque);
+
+#endif
diff --git a/hw/display/sm501.c b/hw/display/sm501.c
new file mode 100644
index 000000000..c75d6ac63
--- /dev/null
+++ b/hw/display/sm501.c
@@ -0,0 +1,1452 @@
+/*
+ * QEMU SM501 Device
+ *
+ * Copyright (c) 2008 Shin-ichiro KAWASAKI
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+#include <stdio.h>
+#include "hw/hw.h"
+#include "hw/char/serial.h"
+#include "ui/console.h"
+#include "hw/devices.h"
+#include "hw/sysbus.h"
+#include "qemu/range.h"
+#include "ui/pixel_ops.h"
+
+/*
+ * Status: 2010/05/07
+ * - Minimum implementation for Linux console : mmio regs and CRT layer.
+ * - 2D grapihcs acceleration partially supported : only fill rectangle.
+ *
+ * TODO:
+ * - Panel support
+ * - Touch panel support
+ * - USB support
+ * - UART support
+ * - More 2D graphics engine support
+ * - Performance tuning
+ */
+
+//#define DEBUG_SM501
+//#define DEBUG_BITBLT
+
+#ifdef DEBUG_SM501
+#define SM501_DPRINTF(fmt, ...) printf(fmt, ## __VA_ARGS__)
+#else
+#define SM501_DPRINTF(fmt, ...) do {} while(0)
+#endif
+
+
+#define MMIO_BASE_OFFSET 0x3e00000
+
+/* SM501 register definitions taken from "linux/include/linux/sm501-regs.h" */
+
+/* System Configuration area */
+/* System config base */
+#define SM501_SYS_CONFIG (0x000000)
+
+/* config 1 */
+#define SM501_SYSTEM_CONTROL (0x000000)
+
+#define SM501_SYSCTRL_PANEL_TRISTATE (1<<0)
+#define SM501_SYSCTRL_MEM_TRISTATE (1<<1)
+#define SM501_SYSCTRL_CRT_TRISTATE (1<<2)
+
+#define SM501_SYSCTRL_PCI_SLAVE_BURST_MASK (3<<4)
+#define SM501_SYSCTRL_PCI_SLAVE_BURST_1 (0<<4)
+#define SM501_SYSCTRL_PCI_SLAVE_BURST_2 (1<<4)
+#define SM501_SYSCTRL_PCI_SLAVE_BURST_4 (2<<4)
+#define SM501_SYSCTRL_PCI_SLAVE_BURST_8 (3<<4)
+
+#define SM501_SYSCTRL_PCI_CLOCK_RUN_EN (1<<6)
+#define SM501_SYSCTRL_PCI_RETRY_DISABLE (1<<7)
+#define SM501_SYSCTRL_PCI_SUBSYS_LOCK (1<<11)
+#define SM501_SYSCTRL_PCI_BURST_READ_EN (1<<15)
+
+/* miscellaneous control */
+
+#define SM501_MISC_CONTROL (0x000004)
+
+#define SM501_MISC_BUS_SH (0x0)
+#define SM501_MISC_BUS_PCI (0x1)
+#define SM501_MISC_BUS_XSCALE (0x2)
+#define SM501_MISC_BUS_NEC (0x6)
+#define SM501_MISC_BUS_MASK (0x7)
+
+#define SM501_MISC_VR_62MB (1<<3)
+#define SM501_MISC_CDR_RESET (1<<7)
+#define SM501_MISC_USB_LB (1<<8)
+#define SM501_MISC_USB_SLAVE (1<<9)
+#define SM501_MISC_BL_1 (1<<10)
+#define SM501_MISC_MC (1<<11)
+#define SM501_MISC_DAC_POWER (1<<12)
+#define SM501_MISC_IRQ_INVERT (1<<16)
+#define SM501_MISC_SH (1<<17)
+
+#define SM501_MISC_HOLD_EMPTY (0<<18)
+#define SM501_MISC_HOLD_8 (1<<18)
+#define SM501_MISC_HOLD_16 (2<<18)
+#define SM501_MISC_HOLD_24 (3<<18)
+#define SM501_MISC_HOLD_32 (4<<18)
+#define SM501_MISC_HOLD_MASK (7<<18)
+
+#define SM501_MISC_FREQ_12 (1<<24)
+#define SM501_MISC_PNL_24BIT (1<<25)
+#define SM501_MISC_8051_LE (1<<26)
+
+
+
+#define SM501_GPIO31_0_CONTROL (0x000008)
+#define SM501_GPIO63_32_CONTROL (0x00000C)
+#define SM501_DRAM_CONTROL (0x000010)
+
+/* command list */
+#define SM501_ARBTRTN_CONTROL (0x000014)
+
+/* command list */
+#define SM501_COMMAND_LIST_STATUS (0x000024)
+
+/* interrupt debug */
+#define SM501_RAW_IRQ_STATUS (0x000028)
+#define SM501_RAW_IRQ_CLEAR (0x000028)
+#define SM501_IRQ_STATUS (0x00002C)
+#define SM501_IRQ_MASK (0x000030)
+#define SM501_DEBUG_CONTROL (0x000034)
+
+/* power management */
+#define SM501_POWERMODE_P2X_SRC (1<<29)
+#define SM501_POWERMODE_V2X_SRC (1<<20)
+#define SM501_POWERMODE_M_SRC (1<<12)
+#define SM501_POWERMODE_M1_SRC (1<<4)
+
+#define SM501_CURRENT_GATE (0x000038)
+#define SM501_CURRENT_CLOCK (0x00003C)
+#define SM501_POWER_MODE_0_GATE (0x000040)
+#define SM501_POWER_MODE_0_CLOCK (0x000044)
+#define SM501_POWER_MODE_1_GATE (0x000048)
+#define SM501_POWER_MODE_1_CLOCK (0x00004C)
+#define SM501_SLEEP_MODE_GATE (0x000050)
+#define SM501_POWER_MODE_CONTROL (0x000054)
+
+/* power gates for units within the 501 */
+#define SM501_GATE_HOST (0)
+#define SM501_GATE_MEMORY (1)
+#define SM501_GATE_DISPLAY (2)
+#define SM501_GATE_2D_ENGINE (3)
+#define SM501_GATE_CSC (4)
+#define SM501_GATE_ZVPORT (5)
+#define SM501_GATE_GPIO (6)
+#define SM501_GATE_UART0 (7)
+#define SM501_GATE_UART1 (8)
+#define SM501_GATE_SSP (10)
+#define SM501_GATE_USB_HOST (11)
+#define SM501_GATE_USB_GADGET (12)
+#define SM501_GATE_UCONTROLLER (17)
+#define SM501_GATE_AC97 (18)
+
+/* panel clock */
+#define SM501_CLOCK_P2XCLK (24)
+/* crt clock */
+#define SM501_CLOCK_V2XCLK (16)
+/* main clock */
+#define SM501_CLOCK_MCLK (8)
+/* SDRAM controller clock */
+#define SM501_CLOCK_M1XCLK (0)
+
+/* config 2 */
+#define SM501_PCI_MASTER_BASE (0x000058)
+#define SM501_ENDIAN_CONTROL (0x00005C)
+#define SM501_DEVICEID (0x000060)
+/* 0x050100A0 */
+
+#define SM501_DEVICEID_SM501 (0x05010000)
+#define SM501_DEVICEID_IDMASK (0xffff0000)
+#define SM501_DEVICEID_REVMASK (0x000000ff)
+
+#define SM501_PLLCLOCK_COUNT (0x000064)
+#define SM501_MISC_TIMING (0x000068)
+#define SM501_CURRENT_SDRAM_CLOCK (0x00006C)
+
+#define SM501_PROGRAMMABLE_PLL_CONTROL (0x000074)
+
+/* GPIO base */
+#define SM501_GPIO (0x010000)
+#define SM501_GPIO_DATA_LOW (0x00)
+#define SM501_GPIO_DATA_HIGH (0x04)
+#define SM501_GPIO_DDR_LOW (0x08)
+#define SM501_GPIO_DDR_HIGH (0x0C)
+#define SM501_GPIO_IRQ_SETUP (0x10)
+#define SM501_GPIO_IRQ_STATUS (0x14)
+#define SM501_GPIO_IRQ_RESET (0x14)
+
+/* I2C controller base */
+#define SM501_I2C (0x010040)
+#define SM501_I2C_BYTE_COUNT (0x00)
+#define SM501_I2C_CONTROL (0x01)
+#define SM501_I2C_STATUS (0x02)
+#define SM501_I2C_RESET (0x02)
+#define SM501_I2C_SLAVE_ADDRESS (0x03)
+#define SM501_I2C_DATA (0x04)
+
+/* SSP base */
+#define SM501_SSP (0x020000)
+
+/* Uart 0 base */
+#define SM501_UART0 (0x030000)
+
+/* Uart 1 base */
+#define SM501_UART1 (0x030020)
+
+/* USB host port base */
+#define SM501_USB_HOST (0x040000)
+
+/* USB slave/gadget base */
+#define SM501_USB_GADGET (0x060000)
+
+/* USB slave/gadget data port base */
+#define SM501_USB_GADGET_DATA (0x070000)
+
+/* Display controller/video engine base */
+#define SM501_DC (0x080000)
+
+/* common defines for the SM501 address registers */
+#define SM501_ADDR_FLIP (1<<31)
+#define SM501_ADDR_EXT (1<<27)
+#define SM501_ADDR_CS1 (1<<26)
+#define SM501_ADDR_MASK (0x3f << 26)
+
+#define SM501_FIFO_MASK (0x3 << 16)
+#define SM501_FIFO_1 (0x0 << 16)
+#define SM501_FIFO_3 (0x1 << 16)
+#define SM501_FIFO_7 (0x2 << 16)
+#define SM501_FIFO_11 (0x3 << 16)
+
+/* common registers for panel and the crt */
+#define SM501_OFF_DC_H_TOT (0x000)
+#define SM501_OFF_DC_V_TOT (0x008)
+#define SM501_OFF_DC_H_SYNC (0x004)
+#define SM501_OFF_DC_V_SYNC (0x00C)
+
+#define SM501_DC_PANEL_CONTROL (0x000)
+
+#define SM501_DC_PANEL_CONTROL_FPEN (1<<27)
+#define SM501_DC_PANEL_CONTROL_BIAS (1<<26)
+#define SM501_DC_PANEL_CONTROL_DATA (1<<25)
+#define SM501_DC_PANEL_CONTROL_VDD (1<<24)
+#define SM501_DC_PANEL_CONTROL_DP (1<<23)
+
+#define SM501_DC_PANEL_CONTROL_TFT_888 (0<<21)
+#define SM501_DC_PANEL_CONTROL_TFT_333 (1<<21)
+#define SM501_DC_PANEL_CONTROL_TFT_444 (2<<21)
+
+#define SM501_DC_PANEL_CONTROL_DE (1<<20)
+
+#define SM501_DC_PANEL_CONTROL_LCD_TFT (0<<18)
+#define SM501_DC_PANEL_CONTROL_LCD_STN8 (1<<18)
+#define SM501_DC_PANEL_CONTROL_LCD_STN12 (2<<18)
+
+#define SM501_DC_PANEL_CONTROL_CP (1<<14)
+#define SM501_DC_PANEL_CONTROL_VSP (1<<13)
+#define SM501_DC_PANEL_CONTROL_HSP (1<<12)
+#define SM501_DC_PANEL_CONTROL_CK (1<<9)
+#define SM501_DC_PANEL_CONTROL_TE (1<<8)
+#define SM501_DC_PANEL_CONTROL_VPD (1<<7)
+#define SM501_DC_PANEL_CONTROL_VP (1<<6)
+#define SM501_DC_PANEL_CONTROL_HPD (1<<5)
+#define SM501_DC_PANEL_CONTROL_HP (1<<4)
+#define SM501_DC_PANEL_CONTROL_GAMMA (1<<3)
+#define SM501_DC_PANEL_CONTROL_EN (1<<2)
+
+#define SM501_DC_PANEL_CONTROL_8BPP (0<<0)
+#define SM501_DC_PANEL_CONTROL_16BPP (1<<0)
+#define SM501_DC_PANEL_CONTROL_32BPP (2<<0)
+
+
+#define SM501_DC_PANEL_PANNING_CONTROL (0x004)
+#define SM501_DC_PANEL_COLOR_KEY (0x008)
+#define SM501_DC_PANEL_FB_ADDR (0x00C)
+#define SM501_DC_PANEL_FB_OFFSET (0x010)
+#define SM501_DC_PANEL_FB_WIDTH (0x014)
+#define SM501_DC_PANEL_FB_HEIGHT (0x018)
+#define SM501_DC_PANEL_TL_LOC (0x01C)
+#define SM501_DC_PANEL_BR_LOC (0x020)
+#define SM501_DC_PANEL_H_TOT (0x024)
+#define SM501_DC_PANEL_H_SYNC (0x028)
+#define SM501_DC_PANEL_V_TOT (0x02C)
+#define SM501_DC_PANEL_V_SYNC (0x030)
+#define SM501_DC_PANEL_CUR_LINE (0x034)
+
+#define SM501_DC_VIDEO_CONTROL (0x040)
+#define SM501_DC_VIDEO_FB0_ADDR (0x044)
+#define SM501_DC_VIDEO_FB_WIDTH (0x048)
+#define SM501_DC_VIDEO_FB0_LAST_ADDR (0x04C)
+#define SM501_DC_VIDEO_TL_LOC (0x050)
+#define SM501_DC_VIDEO_BR_LOC (0x054)
+#define SM501_DC_VIDEO_SCALE (0x058)
+#define SM501_DC_VIDEO_INIT_SCALE (0x05C)
+#define SM501_DC_VIDEO_YUV_CONSTANTS (0x060)
+#define SM501_DC_VIDEO_FB1_ADDR (0x064)
+#define SM501_DC_VIDEO_FB1_LAST_ADDR (0x068)
+
+#define SM501_DC_VIDEO_ALPHA_CONTROL (0x080)
+#define SM501_DC_VIDEO_ALPHA_FB_ADDR (0x084)
+#define SM501_DC_VIDEO_ALPHA_FB_OFFSET (0x088)
+#define SM501_DC_VIDEO_ALPHA_FB_LAST_ADDR (0x08C)
+#define SM501_DC_VIDEO_ALPHA_TL_LOC (0x090)
+#define SM501_DC_VIDEO_ALPHA_BR_LOC (0x094)
+#define SM501_DC_VIDEO_ALPHA_SCALE (0x098)
+#define SM501_DC_VIDEO_ALPHA_INIT_SCALE (0x09C)
+#define SM501_DC_VIDEO_ALPHA_CHROMA_KEY (0x0A0)
+#define SM501_DC_VIDEO_ALPHA_COLOR_LOOKUP (0x0A4)
+
+#define SM501_DC_PANEL_HWC_BASE (0x0F0)
+#define SM501_DC_PANEL_HWC_ADDR (0x0F0)
+#define SM501_DC_PANEL_HWC_LOC (0x0F4)
+#define SM501_DC_PANEL_HWC_COLOR_1_2 (0x0F8)
+#define SM501_DC_PANEL_HWC_COLOR_3 (0x0FC)
+
+#define SM501_HWC_EN (1<<31)
+
+#define SM501_OFF_HWC_ADDR (0x00)
+#define SM501_OFF_HWC_LOC (0x04)
+#define SM501_OFF_HWC_COLOR_1_2 (0x08)
+#define SM501_OFF_HWC_COLOR_3 (0x0C)
+
+#define SM501_DC_ALPHA_CONTROL (0x100)
+#define SM501_DC_ALPHA_FB_ADDR (0x104)
+#define SM501_DC_ALPHA_FB_OFFSET (0x108)
+#define SM501_DC_ALPHA_TL_LOC (0x10C)
+#define SM501_DC_ALPHA_BR_LOC (0x110)
+#define SM501_DC_ALPHA_CHROMA_KEY (0x114)
+#define SM501_DC_ALPHA_COLOR_LOOKUP (0x118)
+
+#define SM501_DC_CRT_CONTROL (0x200)
+
+#define SM501_DC_CRT_CONTROL_TVP (1<<15)
+#define SM501_DC_CRT_CONTROL_CP (1<<14)
+#define SM501_DC_CRT_CONTROL_VSP (1<<13)
+#define SM501_DC_CRT_CONTROL_HSP (1<<12)
+#define SM501_DC_CRT_CONTROL_VS (1<<11)
+#define SM501_DC_CRT_CONTROL_BLANK (1<<10)
+#define SM501_DC_CRT_CONTROL_SEL (1<<9)
+#define SM501_DC_CRT_CONTROL_TE (1<<8)
+#define SM501_DC_CRT_CONTROL_PIXEL_MASK (0xF << 4)
+#define SM501_DC_CRT_CONTROL_GAMMA (1<<3)
+#define SM501_DC_CRT_CONTROL_ENABLE (1<<2)
+
+#define SM501_DC_CRT_CONTROL_8BPP (0<<0)
+#define SM501_DC_CRT_CONTROL_16BPP (1<<0)
+#define SM501_DC_CRT_CONTROL_32BPP (2<<0)
+
+#define SM501_DC_CRT_FB_ADDR (0x204)
+#define SM501_DC_CRT_FB_OFFSET (0x208)
+#define SM501_DC_CRT_H_TOT (0x20C)
+#define SM501_DC_CRT_H_SYNC (0x210)
+#define SM501_DC_CRT_V_TOT (0x214)
+#define SM501_DC_CRT_V_SYNC (0x218)
+#define SM501_DC_CRT_SIGNATURE_ANALYZER (0x21C)
+#define SM501_DC_CRT_CUR_LINE (0x220)
+#define SM501_DC_CRT_MONITOR_DETECT (0x224)
+
+#define SM501_DC_CRT_HWC_BASE (0x230)
+#define SM501_DC_CRT_HWC_ADDR (0x230)
+#define SM501_DC_CRT_HWC_LOC (0x234)
+#define SM501_DC_CRT_HWC_COLOR_1_2 (0x238)
+#define SM501_DC_CRT_HWC_COLOR_3 (0x23C)
+
+#define SM501_DC_PANEL_PALETTE (0x400)
+
+#define SM501_DC_VIDEO_PALETTE (0x800)
+
+#define SM501_DC_CRT_PALETTE (0xC00)
+
+/* Zoom Video port base */
+#define SM501_ZVPORT (0x090000)
+
+/* AC97/I2S base */
+#define SM501_AC97 (0x0A0000)
+
+/* 8051 micro controller base */
+#define SM501_UCONTROLLER (0x0B0000)
+
+/* 8051 micro controller SRAM base */
+#define SM501_UCONTROLLER_SRAM (0x0C0000)
+
+/* DMA base */
+#define SM501_DMA (0x0D0000)
+
+/* 2d engine base */
+#define SM501_2D_ENGINE (0x100000)
+#define SM501_2D_SOURCE (0x00)
+#define SM501_2D_DESTINATION (0x04)
+#define SM501_2D_DIMENSION (0x08)
+#define SM501_2D_CONTROL (0x0C)
+#define SM501_2D_PITCH (0x10)
+#define SM501_2D_FOREGROUND (0x14)
+#define SM501_2D_BACKGROUND (0x18)
+#define SM501_2D_STRETCH (0x1C)
+#define SM501_2D_COLOR_COMPARE (0x20)
+#define SM501_2D_COLOR_COMPARE_MASK (0x24)
+#define SM501_2D_MASK (0x28)
+#define SM501_2D_CLIP_TL (0x2C)
+#define SM501_2D_CLIP_BR (0x30)
+#define SM501_2D_MONO_PATTERN_LOW (0x34)
+#define SM501_2D_MONO_PATTERN_HIGH (0x38)
+#define SM501_2D_WINDOW_WIDTH (0x3C)
+#define SM501_2D_SOURCE_BASE (0x40)
+#define SM501_2D_DESTINATION_BASE (0x44)
+#define SM501_2D_ALPHA (0x48)
+#define SM501_2D_WRAP (0x4C)
+#define SM501_2D_STATUS (0x50)
+
+#define SM501_CSC_Y_SOURCE_BASE (0xC8)
+#define SM501_CSC_CONSTANTS (0xCC)
+#define SM501_CSC_Y_SOURCE_X (0xD0)
+#define SM501_CSC_Y_SOURCE_Y (0xD4)
+#define SM501_CSC_U_SOURCE_BASE (0xD8)
+#define SM501_CSC_V_SOURCE_BASE (0xDC)
+#define SM501_CSC_SOURCE_DIMENSION (0xE0)
+#define SM501_CSC_SOURCE_PITCH (0xE4)
+#define SM501_CSC_DESTINATION (0xE8)
+#define SM501_CSC_DESTINATION_DIMENSION (0xEC)
+#define SM501_CSC_DESTINATION_PITCH (0xF0)
+#define SM501_CSC_SCALE_FACTOR (0xF4)
+#define SM501_CSC_DESTINATION_BASE (0xF8)
+#define SM501_CSC_CONTROL (0xFC)
+
+/* 2d engine data port base */
+#define SM501_2D_ENGINE_DATA (0x110000)
+
+/* end of register definitions */
+
+#define SM501_HWC_WIDTH (64)
+#define SM501_HWC_HEIGHT (64)
+
+/* SM501 local memory size taken from "linux/drivers/mfd/sm501.c" */
+static const uint32_t sm501_mem_local_size[] = {
+ [0] = 4*1024*1024,
+ [1] = 8*1024*1024,
+ [2] = 16*1024*1024,
+ [3] = 32*1024*1024,
+ [4] = 64*1024*1024,
+ [5] = 2*1024*1024,
+};
+#define get_local_mem_size(s) sm501_mem_local_size[(s)->local_mem_size_index]
+
+typedef struct SM501State {
+ /* graphic console status */
+ QemuConsole *con;
+
+ /* status & internal resources */
+ hwaddr base;
+ uint32_t local_mem_size_index;
+ uint8_t * local_mem;
+ MemoryRegion local_mem_region;
+ uint32_t last_width;
+ uint32_t last_height;
+
+ /* mmio registers */
+ uint32_t system_control;
+ uint32_t misc_control;
+ uint32_t gpio_31_0_control;
+ uint32_t gpio_63_32_control;
+ uint32_t dram_control;
+ uint32_t irq_mask;
+ uint32_t misc_timing;
+ uint32_t power_mode_control;
+
+ uint32_t uart0_ier;
+ uint32_t uart0_lcr;
+ uint32_t uart0_mcr;
+ uint32_t uart0_scr;
+
+ uint8_t dc_palette[0x400 * 3];
+
+ uint32_t dc_panel_control;
+ uint32_t dc_panel_panning_control;
+ uint32_t dc_panel_fb_addr;
+ uint32_t dc_panel_fb_offset;
+ uint32_t dc_panel_fb_width;
+ uint32_t dc_panel_fb_height;
+ uint32_t dc_panel_tl_location;
+ uint32_t dc_panel_br_location;
+ uint32_t dc_panel_h_total;
+ uint32_t dc_panel_h_sync;
+ uint32_t dc_panel_v_total;
+ uint32_t dc_panel_v_sync;
+
+ uint32_t dc_panel_hwc_addr;
+ uint32_t dc_panel_hwc_location;
+ uint32_t dc_panel_hwc_color_1_2;
+ uint32_t dc_panel_hwc_color_3;
+
+ uint32_t dc_crt_control;
+ uint32_t dc_crt_fb_addr;
+ uint32_t dc_crt_fb_offset;
+ uint32_t dc_crt_h_total;
+ uint32_t dc_crt_h_sync;
+ uint32_t dc_crt_v_total;
+ uint32_t dc_crt_v_sync;
+
+ uint32_t dc_crt_hwc_addr;
+ uint32_t dc_crt_hwc_location;
+ uint32_t dc_crt_hwc_color_1_2;
+ uint32_t dc_crt_hwc_color_3;
+
+ uint32_t twoD_source;
+ uint32_t twoD_destination;
+ uint32_t twoD_dimension;
+ uint32_t twoD_control;
+ uint32_t twoD_pitch;
+ uint32_t twoD_foreground;
+ uint32_t twoD_stretch;
+ uint32_t twoD_color_compare_mask;
+ uint32_t twoD_mask;
+ uint32_t twoD_window_width;
+ uint32_t twoD_source_base;
+ uint32_t twoD_destination_base;
+
+} SM501State;
+
+static uint32_t get_local_mem_size_index(uint32_t size)
+{
+ uint32_t norm_size = 0;
+ int i, index = 0;
+
+ for (i = 0; i < ARRAY_SIZE(sm501_mem_local_size); i++) {
+ uint32_t new_size = sm501_mem_local_size[i];
+ if (new_size >= size) {
+ if (norm_size == 0 || norm_size > new_size) {
+ norm_size = new_size;
+ index = i;
+ }
+ }
+ }
+
+ return index;
+}
+
+/**
+ * Check the availability of hardware cursor.
+ * @param crt 0 for PANEL, 1 for CRT.
+ */
+static inline int is_hwc_enabled(SM501State *state, int crt)
+{
+ uint32_t addr = crt ? state->dc_crt_hwc_addr : state->dc_panel_hwc_addr;
+ return addr & 0x80000000;
+}
+
+/**
+ * Get the address which holds cursor pattern data.
+ * @param crt 0 for PANEL, 1 for CRT.
+ */
+static inline uint32_t get_hwc_address(SM501State *state, int crt)
+{
+ uint32_t addr = crt ? state->dc_crt_hwc_addr : state->dc_panel_hwc_addr;
+ return (addr & 0x03FFFFF0)/* >> 4*/;
+}
+
+/**
+ * Get the cursor position in y coordinate.
+ * @param crt 0 for PANEL, 1 for CRT.
+ */
+static inline uint32_t get_hwc_y(SM501State *state, int crt)
+{
+ uint32_t location = crt ? state->dc_crt_hwc_location
+ : state->dc_panel_hwc_location;
+ return (location & 0x07FF0000) >> 16;
+}
+
+/**
+ * Get the cursor position in x coordinate.
+ * @param crt 0 for PANEL, 1 for CRT.
+ */
+static inline uint32_t get_hwc_x(SM501State *state, int crt)
+{
+ uint32_t location = crt ? state->dc_crt_hwc_location
+ : state->dc_panel_hwc_location;
+ return location & 0x000007FF;
+}
+
+/**
+ * Get the cursor position in x coordinate.
+ * @param crt 0 for PANEL, 1 for CRT.
+ * @param index 0, 1, 2 or 3 which specifies color of corsor dot.
+ */
+static inline uint16_t get_hwc_color(SM501State *state, int crt, int index)
+{
+ uint32_t color_reg = 0;
+ uint16_t color_565 = 0;
+
+ if (index == 0) {
+ return 0;
+ }
+
+ switch (index) {
+ case 1:
+ case 2:
+ color_reg = crt ? state->dc_crt_hwc_color_1_2
+ : state->dc_panel_hwc_color_1_2;
+ break;
+ case 3:
+ color_reg = crt ? state->dc_crt_hwc_color_3
+ : state->dc_panel_hwc_color_3;
+ break;
+ default:
+ printf("invalid hw cursor color.\n");
+ abort();
+ }
+
+ switch (index) {
+ case 1:
+ case 3:
+ color_565 = (uint16_t)(color_reg & 0xFFFF);
+ break;
+ case 2:
+ color_565 = (uint16_t)((color_reg >> 16) & 0xFFFF);
+ break;
+ }
+ return color_565;
+}
+
+static int within_hwc_y_range(SM501State *state, int y, int crt)
+{
+ int hwc_y = get_hwc_y(state, crt);
+ return (hwc_y <= y && y < hwc_y + SM501_HWC_HEIGHT);
+}
+
+static void sm501_2d_operation(SM501State * s)
+{
+ /* obtain operation parameters */
+ int operation = (s->twoD_control >> 16) & 0x1f;
+ int rtl = s->twoD_control & 0x8000000;
+ int src_x = (s->twoD_source >> 16) & 0x01FFF;
+ int src_y = s->twoD_source & 0xFFFF;
+ int dst_x = (s->twoD_destination >> 16) & 0x01FFF;
+ int dst_y = s->twoD_destination & 0xFFFF;
+ int operation_width = (s->twoD_dimension >> 16) & 0x1FFF;
+ int operation_height = s->twoD_dimension & 0xFFFF;
+ uint32_t color = s->twoD_foreground;
+ int format_flags = (s->twoD_stretch >> 20) & 0x3;
+ int addressing = (s->twoD_stretch >> 16) & 0xF;
+
+ /* get frame buffer info */
+ uint8_t * src = s->local_mem + (s->twoD_source_base & 0x03FFFFFF);
+ uint8_t * dst = s->local_mem + (s->twoD_destination_base & 0x03FFFFFF);
+ int src_width = (s->dc_crt_h_total & 0x00000FFF) + 1;
+ int dst_width = (s->dc_crt_h_total & 0x00000FFF) + 1;
+
+ if (addressing != 0x0) {
+ printf("%s: only XY addressing is supported.\n", __func__);
+ abort();
+ }
+
+ if ((s->twoD_source_base & 0x08000000) ||
+ (s->twoD_destination_base & 0x08000000)) {
+ printf("%s: only local memory is supported.\n", __func__);
+ abort();
+ }
+
+ switch (operation) {
+ case 0x00: /* copy area */
+#define COPY_AREA(_bpp, _pixel_type, rtl) { \
+ int y, x, index_d, index_s; \
+ for (y = 0; y < operation_height; y++) { \
+ for (x = 0; x < operation_width; x++) { \
+ if (rtl) { \
+ index_s = ((src_y - y) * src_width + src_x - x) * _bpp; \
+ index_d = ((dst_y - y) * dst_width + dst_x - x) * _bpp; \
+ } else { \
+ index_s = ((src_y + y) * src_width + src_x + x) * _bpp; \
+ index_d = ((dst_y + y) * dst_width + dst_x + x) * _bpp; \
+ } \
+ *(_pixel_type*)&dst[index_d] = *(_pixel_type*)&src[index_s];\
+ } \
+ } \
+ }
+ switch (format_flags) {
+ case 0:
+ COPY_AREA(1, uint8_t, rtl);
+ break;
+ case 1:
+ COPY_AREA(2, uint16_t, rtl);
+ break;
+ case 2:
+ COPY_AREA(4, uint32_t, rtl);
+ break;
+ }
+ break;
+
+ case 0x01: /* fill rectangle */
+#define FILL_RECT(_bpp, _pixel_type) { \
+ int y, x; \
+ for (y = 0; y < operation_height; y++) { \
+ for (x = 0; x < operation_width; x++) { \
+ int index = ((dst_y + y) * dst_width + dst_x + x) * _bpp; \
+ *(_pixel_type*)&dst[index] = (_pixel_type)color; \
+ } \
+ } \
+ }
+
+ switch (format_flags) {
+ case 0:
+ FILL_RECT(1, uint8_t);
+ break;
+ case 1:
+ FILL_RECT(2, uint16_t);
+ break;
+ case 2:
+ FILL_RECT(4, uint32_t);
+ break;
+ }
+ break;
+
+ default:
+ printf("non-implemented SM501 2D operation. %d\n", operation);
+ abort();
+ break;
+ }
+}
+
+static uint64_t sm501_system_config_read(void *opaque, hwaddr addr,
+ unsigned size)
+{
+ SM501State * s = (SM501State *)opaque;
+ uint32_t ret = 0;
+ SM501_DPRINTF("sm501 system config regs : read addr=%x\n", (int)addr);
+
+ switch(addr) {
+ case SM501_SYSTEM_CONTROL:
+ ret = s->system_control;
+ break;
+ case SM501_MISC_CONTROL:
+ ret = s->misc_control;
+ break;
+ case SM501_GPIO31_0_CONTROL:
+ ret = s->gpio_31_0_control;
+ break;
+ case SM501_GPIO63_32_CONTROL:
+ ret = s->gpio_63_32_control;
+ break;
+ case SM501_DEVICEID:
+ ret = 0x050100A0;
+ break;
+ case SM501_DRAM_CONTROL:
+ ret = (s->dram_control & 0x07F107C0) | s->local_mem_size_index << 13;
+ break;
+ case SM501_IRQ_MASK:
+ ret = s->irq_mask;
+ break;
+ case SM501_MISC_TIMING:
+ /* TODO : simulate gate control */
+ ret = s->misc_timing;
+ break;
+ case SM501_CURRENT_GATE:
+ /* TODO : simulate gate control */
+ ret = 0x00021807;
+ break;
+ case SM501_CURRENT_CLOCK:
+ ret = 0x2A1A0A09;
+ break;
+ case SM501_POWER_MODE_CONTROL:
+ ret = s->power_mode_control;
+ break;
+
+ default:
+ printf("sm501 system config : not implemented register read."
+ " addr=%x\n", (int)addr);
+ abort();
+ }
+
+ return ret;
+}
+
+static void sm501_system_config_write(void *opaque, hwaddr addr,
+ uint64_t value, unsigned size)
+{
+ SM501State * s = (SM501State *)opaque;
+ SM501_DPRINTF("sm501 system config regs : write addr=%x, val=%x\n",
+ (uint32_t)addr, (uint32_t)value);
+
+ switch(addr) {
+ case SM501_SYSTEM_CONTROL:
+ s->system_control = value & 0xE300B8F7;
+ break;
+ case SM501_MISC_CONTROL:
+ s->misc_control = value & 0xFF7FFF20;
+ break;
+ case SM501_GPIO31_0_CONTROL:
+ s->gpio_31_0_control = value;
+ break;
+ case SM501_GPIO63_32_CONTROL:
+ s->gpio_63_32_control = value;
+ break;
+ case SM501_DRAM_CONTROL:
+ s->local_mem_size_index = (value >> 13) & 0x7;
+ /* rODO : check validity of size change */
+ s->dram_control |= value & 0x7FFFFFC3;
+ break;
+ case SM501_IRQ_MASK:
+ s->irq_mask = value;
+ break;
+ case SM501_MISC_TIMING:
+ s->misc_timing = value & 0xF31F1FFF;
+ break;
+ case SM501_POWER_MODE_0_GATE:
+ case SM501_POWER_MODE_1_GATE:
+ case SM501_POWER_MODE_0_CLOCK:
+ case SM501_POWER_MODE_1_CLOCK:
+ /* TODO : simulate gate & clock control */
+ break;
+ case SM501_POWER_MODE_CONTROL:
+ s->power_mode_control = value & 0x00000003;
+ break;
+
+ default:
+ printf("sm501 system config : not implemented register write."
+ " addr=%x, val=%x\n", (int)addr, (uint32_t)value);
+ abort();
+ }
+}
+
+static const MemoryRegionOps sm501_system_config_ops = {
+ .read = sm501_system_config_read,
+ .write = sm501_system_config_write,
+ .valid = {
+ .min_access_size = 4,
+ .max_access_size = 4,
+ },
+ .endianness = DEVICE_NATIVE_ENDIAN,
+};
+
+static uint32_t sm501_palette_read(void *opaque, hwaddr addr)
+{
+ SM501State * s = (SM501State *)opaque;
+ SM501_DPRINTF("sm501 palette read addr=%x\n", (int)addr);
+
+ /* TODO : consider BYTE/WORD access */
+ /* TODO : consider endian */
+
+ assert(range_covers_byte(0, 0x400 * 3, addr));
+ return *(uint32_t*)&s->dc_palette[addr];
+}
+
+static void sm501_palette_write(void *opaque,
+ hwaddr addr, uint32_t value)
+{
+ SM501State * s = (SM501State *)opaque;
+ SM501_DPRINTF("sm501 palette write addr=%x, val=%x\n",
+ (int)addr, value);
+
+ /* TODO : consider BYTE/WORD access */
+ /* TODO : consider endian */
+
+ assert(range_covers_byte(0, 0x400 * 3, addr));
+ *(uint32_t*)&s->dc_palette[addr] = value;
+}
+
+static uint64_t sm501_disp_ctrl_read(void *opaque, hwaddr addr,
+ unsigned size)
+{
+ SM501State * s = (SM501State *)opaque;
+ uint32_t ret = 0;
+ SM501_DPRINTF("sm501 disp ctrl regs : read addr=%x\n", (int)addr);
+
+ switch(addr) {
+
+ case SM501_DC_PANEL_CONTROL:
+ ret = s->dc_panel_control;
+ break;
+ case SM501_DC_PANEL_PANNING_CONTROL:
+ ret = s->dc_panel_panning_control;
+ break;
+ case SM501_DC_PANEL_FB_ADDR:
+ ret = s->dc_panel_fb_addr;
+ break;
+ case SM501_DC_PANEL_FB_OFFSET:
+ ret = s->dc_panel_fb_offset;
+ break;
+ case SM501_DC_PANEL_FB_WIDTH:
+ ret = s->dc_panel_fb_width;
+ break;
+ case SM501_DC_PANEL_FB_HEIGHT:
+ ret = s->dc_panel_fb_height;
+ break;
+ case SM501_DC_PANEL_TL_LOC:
+ ret = s->dc_panel_tl_location;
+ break;
+ case SM501_DC_PANEL_BR_LOC:
+ ret = s->dc_panel_br_location;
+ break;
+
+ case SM501_DC_PANEL_H_TOT:
+ ret = s->dc_panel_h_total;
+ break;
+ case SM501_DC_PANEL_H_SYNC:
+ ret = s->dc_panel_h_sync;
+ break;
+ case SM501_DC_PANEL_V_TOT:
+ ret = s->dc_panel_v_total;
+ break;
+ case SM501_DC_PANEL_V_SYNC:
+ ret = s->dc_panel_v_sync;
+ break;
+
+ case SM501_DC_CRT_CONTROL:
+ ret = s->dc_crt_control;
+ break;
+ case SM501_DC_CRT_FB_ADDR:
+ ret = s->dc_crt_fb_addr;
+ break;
+ case SM501_DC_CRT_FB_OFFSET:
+ ret = s->dc_crt_fb_offset;
+ break;
+ case SM501_DC_CRT_H_TOT:
+ ret = s->dc_crt_h_total;
+ break;
+ case SM501_DC_CRT_H_SYNC:
+ ret = s->dc_crt_h_sync;
+ break;
+ case SM501_DC_CRT_V_TOT:
+ ret = s->dc_crt_v_total;
+ break;
+ case SM501_DC_CRT_V_SYNC:
+ ret = s->dc_crt_v_sync;
+ break;
+
+ case SM501_DC_CRT_HWC_ADDR:
+ ret = s->dc_crt_hwc_addr;
+ break;
+ case SM501_DC_CRT_HWC_LOC:
+ ret = s->dc_crt_hwc_location;
+ break;
+ case SM501_DC_CRT_HWC_COLOR_1_2:
+ ret = s->dc_crt_hwc_color_1_2;
+ break;
+ case SM501_DC_CRT_HWC_COLOR_3:
+ ret = s->dc_crt_hwc_color_3;
+ break;
+
+ case SM501_DC_PANEL_PALETTE ... SM501_DC_PANEL_PALETTE + 0x400*3 - 4:
+ ret = sm501_palette_read(opaque, addr - SM501_DC_PANEL_PALETTE);
+ break;
+
+ default:
+ printf("sm501 disp ctrl : not implemented register read."
+ " addr=%x\n", (int)addr);
+ abort();
+ }
+
+ return ret;
+}
+
+static void sm501_disp_ctrl_write(void *opaque, hwaddr addr,
+ uint64_t value, unsigned size)
+{
+ SM501State * s = (SM501State *)opaque;
+ SM501_DPRINTF("sm501 disp ctrl regs : write addr=%x, val=%x\n",
+ (unsigned)addr, (unsigned)value);
+
+ switch(addr) {
+ case SM501_DC_PANEL_CONTROL:
+ s->dc_panel_control = value & 0x0FFF73FF;
+ break;
+ case SM501_DC_PANEL_PANNING_CONTROL:
+ s->dc_panel_panning_control = value & 0xFF3FFF3F;
+ break;
+ case SM501_DC_PANEL_FB_ADDR:
+ s->dc_panel_fb_addr = value & 0x8FFFFFF0;
+ break;
+ case SM501_DC_PANEL_FB_OFFSET:
+ s->dc_panel_fb_offset = value & 0x3FF03FF0;
+ break;
+ case SM501_DC_PANEL_FB_WIDTH:
+ s->dc_panel_fb_width = value & 0x0FFF0FFF;
+ break;
+ case SM501_DC_PANEL_FB_HEIGHT:
+ s->dc_panel_fb_height = value & 0x0FFF0FFF;
+ break;
+ case SM501_DC_PANEL_TL_LOC:
+ s->dc_panel_tl_location = value & 0x07FF07FF;
+ break;
+ case SM501_DC_PANEL_BR_LOC:
+ s->dc_panel_br_location = value & 0x07FF07FF;
+ break;
+
+ case SM501_DC_PANEL_H_TOT:
+ s->dc_panel_h_total = value & 0x0FFF0FFF;
+ break;
+ case SM501_DC_PANEL_H_SYNC:
+ s->dc_panel_h_sync = value & 0x00FF0FFF;
+ break;
+ case SM501_DC_PANEL_V_TOT:
+ s->dc_panel_v_total = value & 0x0FFF0FFF;
+ break;
+ case SM501_DC_PANEL_V_SYNC:
+ s->dc_panel_v_sync = value & 0x003F0FFF;
+ break;
+
+ case SM501_DC_PANEL_HWC_ADDR:
+ s->dc_panel_hwc_addr = value & 0x8FFFFFF0;
+ break;
+ case SM501_DC_PANEL_HWC_LOC:
+ s->dc_panel_hwc_location = value & 0x0FFF0FFF;
+ break;
+ case SM501_DC_PANEL_HWC_COLOR_1_2:
+ s->dc_panel_hwc_color_1_2 = value;
+ break;
+ case SM501_DC_PANEL_HWC_COLOR_3:
+ s->dc_panel_hwc_color_3 = value & 0x0000FFFF;
+ break;
+
+ case SM501_DC_CRT_CONTROL:
+ s->dc_crt_control = value & 0x0003FFFF;
+ break;
+ case SM501_DC_CRT_FB_ADDR:
+ s->dc_crt_fb_addr = value & 0x8FFFFFF0;
+ break;
+ case SM501_DC_CRT_FB_OFFSET:
+ s->dc_crt_fb_offset = value & 0x3FF03FF0;
+ break;
+ case SM501_DC_CRT_H_TOT:
+ s->dc_crt_h_total = value & 0x0FFF0FFF;
+ break;
+ case SM501_DC_CRT_H_SYNC:
+ s->dc_crt_h_sync = value & 0x00FF0FFF;
+ break;
+ case SM501_DC_CRT_V_TOT:
+ s->dc_crt_v_total = value & 0x0FFF0FFF;
+ break;
+ case SM501_DC_CRT_V_SYNC:
+ s->dc_crt_v_sync = value & 0x003F0FFF;
+ break;
+
+ case SM501_DC_CRT_HWC_ADDR:
+ s->dc_crt_hwc_addr = value & 0x8FFFFFF0;
+ break;
+ case SM501_DC_CRT_HWC_LOC:
+ s->dc_crt_hwc_location = value & 0x0FFF0FFF;
+ break;
+ case SM501_DC_CRT_HWC_COLOR_1_2:
+ s->dc_crt_hwc_color_1_2 = value;
+ break;
+ case SM501_DC_CRT_HWC_COLOR_3:
+ s->dc_crt_hwc_color_3 = value & 0x0000FFFF;
+ break;
+
+ case SM501_DC_PANEL_PALETTE ... SM501_DC_PANEL_PALETTE + 0x400*3 - 4:
+ sm501_palette_write(opaque, addr - SM501_DC_PANEL_PALETTE, value);
+ break;
+
+ default:
+ printf("sm501 disp ctrl : not implemented register write."
+ " addr=%x, val=%x\n", (int)addr, (unsigned)value);
+ abort();
+ }
+}
+
+static const MemoryRegionOps sm501_disp_ctrl_ops = {
+ .read = sm501_disp_ctrl_read,
+ .write = sm501_disp_ctrl_write,
+ .valid = {
+ .min_access_size = 4,
+ .max_access_size = 4,
+ },
+ .endianness = DEVICE_NATIVE_ENDIAN,
+};
+
+static uint64_t sm501_2d_engine_read(void *opaque, hwaddr addr,
+ unsigned size)
+{
+ SM501State * s = (SM501State *)opaque;
+ uint32_t ret = 0;
+ SM501_DPRINTF("sm501 2d engine regs : read addr=%x\n", (int)addr);
+
+ switch(addr) {
+ case SM501_2D_SOURCE_BASE:
+ ret = s->twoD_source_base;
+ break;
+ default:
+ printf("sm501 disp ctrl : not implemented register read."
+ " addr=%x\n", (int)addr);
+ abort();
+ }
+
+ return ret;
+}
+
+static void sm501_2d_engine_write(void *opaque, hwaddr addr,
+ uint64_t value, unsigned size)
+{
+ SM501State * s = (SM501State *)opaque;
+ SM501_DPRINTF("sm501 2d engine regs : write addr=%x, val=%x\n",
+ (unsigned)addr, (unsigned)value);
+
+ switch(addr) {
+ case SM501_2D_SOURCE:
+ s->twoD_source = value;
+ break;
+ case SM501_2D_DESTINATION:
+ s->twoD_destination = value;
+ break;
+ case SM501_2D_DIMENSION:
+ s->twoD_dimension = value;
+ break;
+ case SM501_2D_CONTROL:
+ s->twoD_control = value;
+
+ /* do 2d operation if start flag is set. */
+ if (value & 0x80000000) {
+ sm501_2d_operation(s);
+ s->twoD_control &= ~0x80000000; /* start flag down */
+ }
+
+ break;
+ case SM501_2D_PITCH:
+ s->twoD_pitch = value;
+ break;
+ case SM501_2D_FOREGROUND:
+ s->twoD_foreground = value;
+ break;
+ case SM501_2D_STRETCH:
+ s->twoD_stretch = value;
+ break;
+ case SM501_2D_COLOR_COMPARE_MASK:
+ s->twoD_color_compare_mask = value;
+ break;
+ case SM501_2D_MASK:
+ s->twoD_mask = value;
+ break;
+ case SM501_2D_WINDOW_WIDTH:
+ s->twoD_window_width = value;
+ break;
+ case SM501_2D_SOURCE_BASE:
+ s->twoD_source_base = value;
+ break;
+ case SM501_2D_DESTINATION_BASE:
+ s->twoD_destination_base = value;
+ break;
+ default:
+ printf("sm501 2d engine : not implemented register write."
+ " addr=%x, val=%x\n", (int)addr, (unsigned)value);
+ abort();
+ }
+}
+
+static const MemoryRegionOps sm501_2d_engine_ops = {
+ .read = sm501_2d_engine_read,
+ .write = sm501_2d_engine_write,
+ .valid = {
+ .min_access_size = 4,
+ .max_access_size = 4,
+ },
+ .endianness = DEVICE_NATIVE_ENDIAN,
+};
+
+/* draw line functions for all console modes */
+
+typedef void draw_line_func(uint8_t *d, const uint8_t *s,
+ int width, const uint32_t *pal);
+
+typedef void draw_hwc_line_func(SM501State * s, int crt, uint8_t * palette,
+ int c_y, uint8_t *d, int width);
+
+#define DEPTH 8
+#include "sm501_template.h"
+
+#define DEPTH 15
+#include "sm501_template.h"
+
+#define BGR_FORMAT
+#define DEPTH 15
+#include "sm501_template.h"
+
+#define DEPTH 16
+#include "sm501_template.h"
+
+#define BGR_FORMAT
+#define DEPTH 16
+#include "sm501_template.h"
+
+#define DEPTH 32
+#include "sm501_template.h"
+
+#define BGR_FORMAT
+#define DEPTH 32
+#include "sm501_template.h"
+
+static draw_line_func * draw_line8_funcs[] = {
+ draw_line8_8,
+ draw_line8_15,
+ draw_line8_16,
+ draw_line8_32,
+ draw_line8_32bgr,
+ draw_line8_15bgr,
+ draw_line8_16bgr,
+};
+
+static draw_line_func * draw_line16_funcs[] = {
+ draw_line16_8,
+ draw_line16_15,
+ draw_line16_16,
+ draw_line16_32,
+ draw_line16_32bgr,
+ draw_line16_15bgr,
+ draw_line16_16bgr,
+};
+
+static draw_line_func * draw_line32_funcs[] = {
+ draw_line32_8,
+ draw_line32_15,
+ draw_line32_16,
+ draw_line32_32,
+ draw_line32_32bgr,
+ draw_line32_15bgr,
+ draw_line32_16bgr,
+};
+
+static draw_hwc_line_func * draw_hwc_line_funcs[] = {
+ draw_hwc_line_8,
+ draw_hwc_line_15,
+ draw_hwc_line_16,
+ draw_hwc_line_32,
+ draw_hwc_line_32bgr,
+ draw_hwc_line_15bgr,
+ draw_hwc_line_16bgr,
+};
+
+static inline int get_depth_index(DisplaySurface *surface)
+{
+ switch (surface_bits_per_pixel(surface)) {
+ default:
+ case 8:
+ return 0;
+ case 15:
+ return 1;
+ case 16:
+ return 2;
+ case 32:
+ if (is_surface_bgr(surface)) {
+ return 4;
+ } else {
+ return 3;
+ }
+ }
+}
+
+static void sm501_draw_crt(SM501State * s)
+{
+ DisplaySurface *surface = qemu_console_surface(s->con);
+ int y;
+ int width = (s->dc_crt_h_total & 0x00000FFF) + 1;
+ int height = (s->dc_crt_v_total & 0x00000FFF) + 1;
+
+ uint8_t * src = s->local_mem;
+ int src_bpp = 0;
+ int dst_bpp = surface_bytes_per_pixel(surface);
+ uint32_t * palette = (uint32_t *)&s->dc_palette[SM501_DC_CRT_PALETTE
+ - SM501_DC_PANEL_PALETTE];
+ uint8_t hwc_palette[3 * 3];
+ int ds_depth_index = get_depth_index(surface);
+ draw_line_func * draw_line = NULL;
+ draw_hwc_line_func * draw_hwc_line = NULL;
+ int full_update = 0;
+ int y_start = -1;
+ ram_addr_t page_min = ~0l;
+ ram_addr_t page_max = 0l;
+ ram_addr_t offset = 0;
+
+ /* choose draw_line function */
+ switch (s->dc_crt_control & 3) {
+ case SM501_DC_CRT_CONTROL_8BPP:
+ src_bpp = 1;
+ draw_line = draw_line8_funcs[ds_depth_index];
+ break;
+ case SM501_DC_CRT_CONTROL_16BPP:
+ src_bpp = 2;
+ draw_line = draw_line16_funcs[ds_depth_index];
+ break;
+ case SM501_DC_CRT_CONTROL_32BPP:
+ src_bpp = 4;
+ draw_line = draw_line32_funcs[ds_depth_index];
+ break;
+ default:
+ printf("sm501 draw crt : invalid DC_CRT_CONTROL=%x.\n",
+ s->dc_crt_control);
+ abort();
+ break;
+ }
+
+ /* set up to draw hardware cursor */
+ if (is_hwc_enabled(s, 1)) {
+ int i;
+
+ /* get cursor palette */
+ for (i = 0; i < 3; i++) {
+ uint16_t rgb565 = get_hwc_color(s, 1, i + 1);
+ hwc_palette[i * 3 + 0] = (rgb565 & 0xf800) >> 8; /* red */
+ hwc_palette[i * 3 + 1] = (rgb565 & 0x07e0) >> 3; /* green */
+ hwc_palette[i * 3 + 2] = (rgb565 & 0x001f) << 3; /* blue */
+ }
+
+ /* choose cursor draw line function */
+ draw_hwc_line = draw_hwc_line_funcs[ds_depth_index];
+ }
+
+ /* adjust console size */
+ if (s->last_width != width || s->last_height != height) {
+ qemu_console_resize(s->con, width, height);
+ surface = qemu_console_surface(s->con);
+ s->last_width = width;
+ s->last_height = height;
+ full_update = 1;
+ }
+
+ /* draw each line according to conditions */
+ for (y = 0; y < height; y++) {
+ int update_hwc = draw_hwc_line ? within_hwc_y_range(s, y, 1) : 0;
+ int update = full_update || update_hwc;
+ ram_addr_t page0 = offset;
+ ram_addr_t page1 = offset + width * src_bpp - 1;
+
+ /* check dirty flags for each line */
+ update = memory_region_get_dirty(&s->local_mem_region, page0,
+ page1 - page0, DIRTY_MEMORY_VGA);
+
+ /* draw line and change status */
+ if (update) {
+ uint8_t *d = surface_data(surface);
+ d += y * width * dst_bpp;
+
+ /* draw graphics layer */
+ draw_line(d, src, width, palette);
+
+ /* draw haredware cursor */
+ if (update_hwc) {
+ draw_hwc_line(s, 1, hwc_palette, y - get_hwc_y(s, 1), d, width);
+ }
+
+ if (y_start < 0)
+ y_start = y;
+ if (page0 < page_min)
+ page_min = page0;
+ if (page1 > page_max)
+ page_max = page1;
+ } else {
+ if (y_start >= 0) {
+ /* flush to display */
+ dpy_gfx_update(s->con, 0, y_start, width, y - y_start);
+ y_start = -1;
+ }
+ }
+
+ src += width * src_bpp;
+ offset += width * src_bpp;
+ }
+
+ /* complete flush to display */
+ if (y_start >= 0)
+ dpy_gfx_update(s->con, 0, y_start, width, y - y_start);
+
+ /* clear dirty flags */
+ if (page_min != ~0l) {
+ memory_region_reset_dirty(&s->local_mem_region,
+ page_min, page_max + TARGET_PAGE_SIZE,
+ DIRTY_MEMORY_VGA);
+ }
+}
+
+static void sm501_update_display(void *opaque)
+{
+ SM501State * s = (SM501State *)opaque;
+
+ if (s->dc_crt_control & SM501_DC_CRT_CONTROL_ENABLE)
+ sm501_draw_crt(s);
+}
+
+static const GraphicHwOps sm501_ops = {
+ .gfx_update = sm501_update_display,
+};
+
+void sm501_init(MemoryRegion *address_space_mem, uint32_t base,
+ uint32_t local_mem_bytes, qemu_irq irq, CharDriverState *chr)
+{
+ SM501State * s;
+ DeviceState *dev;
+ MemoryRegion *sm501_system_config = g_new(MemoryRegion, 1);
+ MemoryRegion *sm501_disp_ctrl = g_new(MemoryRegion, 1);
+ MemoryRegion *sm501_2d_engine = g_new(MemoryRegion, 1);
+
+ /* allocate management data region */
+ s = (SM501State *)g_malloc0(sizeof(SM501State));
+ s->base = base;
+ s->local_mem_size_index
+ = get_local_mem_size_index(local_mem_bytes);
+ SM501_DPRINTF("local mem size=%x. index=%d\n", get_local_mem_size(s),
+ s->local_mem_size_index);
+ s->system_control = 0x00100000;
+ s->misc_control = 0x00001000; /* assumes SH, active=low */
+ s->dc_panel_control = 0x00010000;
+ s->dc_crt_control = 0x00010000;
+
+ /* allocate local memory */
+ memory_region_init_ram(&s->local_mem_region, NULL, "sm501.local",
+ local_mem_bytes);
+ vmstate_register_ram_global(&s->local_mem_region);
+ s->local_mem = memory_region_get_ram_ptr(&s->local_mem_region);
+ memory_region_add_subregion(address_space_mem, base, &s->local_mem_region);
+
+ /* map mmio */
+ memory_region_init_io(sm501_system_config, NULL, &sm501_system_config_ops, s,
+ "sm501-system-config", 0x6c);
+ memory_region_add_subregion(address_space_mem, base + MMIO_BASE_OFFSET,
+ sm501_system_config);
+ memory_region_init_io(sm501_disp_ctrl, NULL, &sm501_disp_ctrl_ops, s,
+ "sm501-disp-ctrl", 0x1000);
+ memory_region_add_subregion(address_space_mem,
+ base + MMIO_BASE_OFFSET + SM501_DC,
+ sm501_disp_ctrl);
+ memory_region_init_io(sm501_2d_engine, NULL, &sm501_2d_engine_ops, s,
+ "sm501-2d-engine", 0x54);
+ memory_region_add_subregion(address_space_mem,
+ base + MMIO_BASE_OFFSET + SM501_2D_ENGINE,
+ sm501_2d_engine);
+
+ /* bridge to usb host emulation module */
+ dev = qdev_create(NULL, "sysbus-ohci");
+ qdev_prop_set_uint32(dev, "num-ports", 2);
+ qdev_prop_set_uint64(dev, "dma-offset", base);
+ qdev_init_nofail(dev);
+ sysbus_mmio_map(SYS_BUS_DEVICE(dev), 0,
+ base + MMIO_BASE_OFFSET + SM501_USB_HOST);
+ sysbus_connect_irq(SYS_BUS_DEVICE(dev), 0, irq);
+
+ /* bridge to serial emulation module */
+ if (chr) {
+ serial_mm_init(address_space_mem,
+ base + MMIO_BASE_OFFSET + SM501_UART0, 2,
+ NULL, /* TODO : chain irq to IRL */
+ 115200, chr, DEVICE_NATIVE_ENDIAN);
+ }
+
+ /* create qemu graphic console */
+ s->con = graphic_console_init(DEVICE(dev), &sm501_ops, s);
+}
diff --git a/hw/sm501_template.h b/hw/display/sm501_template.h
index 2d4a3d8b4..2d4a3d8b4 100644
--- a/hw/sm501_template.h
+++ b/hw/display/sm501_template.h
diff --git a/hw/display/ssd0303.c b/hw/display/ssd0303.c
new file mode 100644
index 000000000..beea5bf22
--- /dev/null
+++ b/hw/display/ssd0303.c
@@ -0,0 +1,325 @@
+/*
+ * SSD0303 OLED controller with OSRAM Pictiva 96x16 display.
+ *
+ * Copyright (c) 2006-2007 CodeSourcery.
+ * Written by Paul Brook
+ *
+ * This code is licensed under the GPL.
+ */
+
+/* The controller can support a variety of different displays, but we only
+ implement one. Most of the commends relating to brightness and geometry
+ setup are ignored. */
+#include "hw/i2c/i2c.h"
+#include "ui/console.h"
+
+//#define DEBUG_SSD0303 1
+
+#ifdef DEBUG_SSD0303
+#define DPRINTF(fmt, ...) \
+do { printf("ssd0303: " fmt , ## __VA_ARGS__); } while (0)
+#define BADF(fmt, ...) \
+do { fprintf(stderr, "ssd0303: error: " fmt , ## __VA_ARGS__); exit(1);} while (0)
+#else
+#define DPRINTF(fmt, ...) do {} while(0)
+#define BADF(fmt, ...) \
+do { fprintf(stderr, "ssd0303: error: " fmt , ## __VA_ARGS__);} while (0)
+#endif
+
+/* Scaling factor for pixels. */
+#define MAGNIFY 4
+
+enum ssd0303_mode
+{
+ SSD0303_IDLE,
+ SSD0303_DATA,
+ SSD0303_CMD
+};
+
+enum ssd0303_cmd {
+ SSD0303_CMD_NONE,
+ SSD0303_CMD_SKIP1
+};
+
+typedef struct {
+ I2CSlave i2c;
+ QemuConsole *con;
+ int row;
+ int col;
+ int start_line;
+ int mirror;
+ int flash;
+ int enabled;
+ int inverse;
+ int redraw;
+ enum ssd0303_mode mode;
+ enum ssd0303_cmd cmd_state;
+ uint8_t framebuffer[132*8];
+} ssd0303_state;
+
+static int ssd0303_recv(I2CSlave *i2c)
+{
+ BADF("Reads not implemented\n");
+ return -1;
+}
+
+static int ssd0303_send(I2CSlave *i2c, uint8_t data)
+{
+ ssd0303_state *s = (ssd0303_state *)i2c;
+ enum ssd0303_cmd old_cmd_state;
+ switch (s->mode) {
+ case SSD0303_IDLE:
+ DPRINTF("byte 0x%02x\n", data);
+ if (data == 0x80)
+ s->mode = SSD0303_CMD;
+ else if (data == 0x40)
+ s->mode = SSD0303_DATA;
+ else
+ BADF("Unexpected byte 0x%x\n", data);
+ break;
+ case SSD0303_DATA:
+ DPRINTF("data 0x%02x\n", data);
+ if (s->col < 132) {
+ s->framebuffer[s->col + s->row * 132] = data;
+ s->col++;
+ s->redraw = 1;
+ }
+ break;
+ case SSD0303_CMD:
+ old_cmd_state = s->cmd_state;
+ s->cmd_state = SSD0303_CMD_NONE;
+ switch (old_cmd_state) {
+ case SSD0303_CMD_NONE:
+ DPRINTF("cmd 0x%02x\n", data);
+ s->mode = SSD0303_IDLE;
+ switch (data) {
+ case 0x00 ... 0x0f: /* Set lower column address. */
+ s->col = (s->col & 0xf0) | (data & 0xf);
+ break;
+ case 0x10 ... 0x20: /* Set higher column address. */
+ s->col = (s->col & 0x0f) | ((data & 0xf) << 4);
+ break;
+ case 0x40 ... 0x7f: /* Set start line. */
+ s->start_line = 0;
+ break;
+ case 0x81: /* Set contrast (Ignored). */
+ s->cmd_state = SSD0303_CMD_SKIP1;
+ break;
+ case 0xa0: /* Mirror off. */
+ s->mirror = 0;
+ break;
+ case 0xa1: /* Mirror off. */
+ s->mirror = 1;
+ break;
+ case 0xa4: /* Entire display off. */
+ s->flash = 0;
+ break;
+ case 0xa5: /* Entire display on. */
+ s->flash = 1;
+ break;
+ case 0xa6: /* Inverse off. */
+ s->inverse = 0;
+ break;
+ case 0xa7: /* Inverse on. */
+ s->inverse = 1;
+ break;
+ case 0xa8: /* Set multiplied ratio (Ignored). */
+ s->cmd_state = SSD0303_CMD_SKIP1;
+ break;
+ case 0xad: /* DC-DC power control. */
+ s->cmd_state = SSD0303_CMD_SKIP1;
+ break;
+ case 0xae: /* Display off. */
+ s->enabled = 0;
+ break;
+ case 0xaf: /* Display on. */
+ s->enabled = 1;
+ break;
+ case 0xb0 ... 0xbf: /* Set Page address. */
+ s->row = data & 7;
+ break;
+ case 0xc0 ... 0xc8: /* Set COM output direction (Ignored). */
+ break;
+ case 0xd3: /* Set display offset (Ignored). */
+ s->cmd_state = SSD0303_CMD_SKIP1;
+ break;
+ case 0xd5: /* Set display clock (Ignored). */
+ s->cmd_state = SSD0303_CMD_SKIP1;
+ break;
+ case 0xd8: /* Set color and power mode (Ignored). */
+ s->cmd_state = SSD0303_CMD_SKIP1;
+ break;
+ case 0xd9: /* Set pre-charge period (Ignored). */
+ s->cmd_state = SSD0303_CMD_SKIP1;
+ break;
+ case 0xda: /* Set COM pin configuration (Ignored). */
+ s->cmd_state = SSD0303_CMD_SKIP1;
+ break;
+ case 0xdb: /* Set VCOM dselect level (Ignored). */
+ s->cmd_state = SSD0303_CMD_SKIP1;
+ break;
+ case 0xe3: /* no-op. */
+ break;
+ default:
+ BADF("Unknown command: 0x%x\n", data);
+ }
+ break;
+ case SSD0303_CMD_SKIP1:
+ DPRINTF("skip 0x%02x\n", data);
+ break;
+ }
+ break;
+ }
+ return 0;
+}
+
+static void ssd0303_event(I2CSlave *i2c, enum i2c_event event)
+{
+ ssd0303_state *s = (ssd0303_state *)i2c;
+ switch (event) {
+ case I2C_FINISH:
+ s->mode = SSD0303_IDLE;
+ break;
+ case I2C_START_RECV:
+ case I2C_START_SEND:
+ case I2C_NACK:
+ /* Nothing to do. */
+ break;
+ }
+}
+
+static void ssd0303_update_display(void *opaque)
+{
+ ssd0303_state *s = (ssd0303_state *)opaque;
+ DisplaySurface *surface = qemu_console_surface(s->con);
+ uint8_t *dest;
+ uint8_t *src;
+ int x;
+ int y;
+ int line;
+ char *colors[2];
+ char colortab[MAGNIFY * 8];
+ int dest_width;
+ uint8_t mask;
+
+ if (!s->redraw)
+ return;
+
+ switch (surface_bits_per_pixel(surface)) {
+ case 0:
+ return;
+ case 15:
+ dest_width = 2;
+ break;
+ case 16:
+ dest_width = 2;
+ break;
+ case 24:
+ dest_width = 3;
+ break;
+ case 32:
+ dest_width = 4;
+ break;
+ default:
+ BADF("Bad color depth\n");
+ return;
+ }
+ dest_width *= MAGNIFY;
+ memset(colortab, 0xff, dest_width);
+ memset(colortab + dest_width, 0, dest_width);
+ if (s->flash) {
+ colors[0] = colortab;
+ colors[1] = colortab;
+ } else if (s->inverse) {
+ colors[0] = colortab;
+ colors[1] = colortab + dest_width;
+ } else {
+ colors[0] = colortab + dest_width;
+ colors[1] = colortab;
+ }
+ dest = surface_data(surface);
+ for (y = 0; y < 16; y++) {
+ line = (y + s->start_line) & 63;
+ src = s->framebuffer + 132 * (line >> 3) + 36;
+ mask = 1 << (line & 7);
+ for (x = 0; x < 96; x++) {
+ memcpy(dest, colors[(*src & mask) != 0], dest_width);
+ dest += dest_width;
+ src++;
+ }
+ for (x = 1; x < MAGNIFY; x++) {
+ memcpy(dest, dest - dest_width * 96, dest_width * 96);
+ dest += dest_width * 96;
+ }
+ }
+ s->redraw = 0;
+ dpy_gfx_update(s->con, 0, 0, 96 * MAGNIFY, 16 * MAGNIFY);
+}
+
+static void ssd0303_invalidate_display(void * opaque)
+{
+ ssd0303_state *s = (ssd0303_state *)opaque;
+ s->redraw = 1;
+}
+
+static const VMStateDescription vmstate_ssd0303 = {
+ .name = "ssd0303_oled",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .minimum_version_id_old = 1,
+ .fields = (VMStateField []) {
+ VMSTATE_INT32(row, ssd0303_state),
+ VMSTATE_INT32(col, ssd0303_state),
+ VMSTATE_INT32(start_line, ssd0303_state),
+ VMSTATE_INT32(mirror, ssd0303_state),
+ VMSTATE_INT32(flash, ssd0303_state),
+ VMSTATE_INT32(enabled, ssd0303_state),
+ VMSTATE_INT32(inverse, ssd0303_state),
+ VMSTATE_INT32(redraw, ssd0303_state),
+ VMSTATE_UINT32(mode, ssd0303_state),
+ VMSTATE_UINT32(cmd_state, ssd0303_state),
+ VMSTATE_BUFFER(framebuffer, ssd0303_state),
+ VMSTATE_I2C_SLAVE(i2c, ssd0303_state),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+static const GraphicHwOps ssd0303_ops = {
+ .invalidate = ssd0303_invalidate_display,
+ .gfx_update = ssd0303_update_display,
+};
+
+static int ssd0303_init(I2CSlave *i2c)
+{
+ ssd0303_state *s = FROM_I2C_SLAVE(ssd0303_state, i2c);
+
+ s->con = graphic_console_init(DEVICE(i2c), &ssd0303_ops, s);
+ qemu_console_resize(s->con, 96 * MAGNIFY, 16 * MAGNIFY);
+ return 0;
+}
+
+static void ssd0303_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ I2CSlaveClass *k = I2C_SLAVE_CLASS(klass);
+
+ k->init = ssd0303_init;
+ k->event = ssd0303_event;
+ k->recv = ssd0303_recv;
+ k->send = ssd0303_send;
+ dc->vmsd = &vmstate_ssd0303;
+}
+
+static const TypeInfo ssd0303_info = {
+ .name = "ssd0303",
+ .parent = TYPE_I2C_SLAVE,
+ .instance_size = sizeof(ssd0303_state),
+ .class_init = ssd0303_class_init,
+};
+
+static void ssd0303_register_types(void)
+{
+ type_register_static(&ssd0303_info);
+}
+
+type_init(ssd0303_register_types)
diff --git a/hw/display/ssd0323.c b/hw/display/ssd0323.c
new file mode 100644
index 000000000..c3231c611
--- /dev/null
+++ b/hw/display/ssd0323.c
@@ -0,0 +1,376 @@
+/*
+ * SSD0323 OLED controller with OSRAM Pictiva 128x64 display.
+ *
+ * Copyright (c) 2006-2007 CodeSourcery.
+ * Written by Paul Brook
+ *
+ * This code is licensed under the GPL.
+ */
+
+/* The controller can support a variety of different displays, but we only
+ implement one. Most of the commends relating to brightness and geometry
+ setup are ignored. */
+#include "hw/ssi.h"
+#include "ui/console.h"
+
+//#define DEBUG_SSD0323 1
+
+#ifdef DEBUG_SSD0323
+#define DPRINTF(fmt, ...) \
+do { printf("ssd0323: " fmt , ## __VA_ARGS__); } while (0)
+#define BADF(fmt, ...) \
+do { \
+ fprintf(stderr, "ssd0323: error: " fmt , ## __VA_ARGS__); abort(); \
+} while (0)
+#else
+#define DPRINTF(fmt, ...) do {} while(0)
+#define BADF(fmt, ...) \
+do { fprintf(stderr, "ssd0323: error: " fmt , ## __VA_ARGS__);} while (0)
+#endif
+
+/* Scaling factor for pixels. */
+#define MAGNIFY 4
+
+#define REMAP_SWAP_COLUMN 0x01
+#define REMAP_SWAP_NYBBLE 0x02
+#define REMAP_VERTICAL 0x04
+#define REMAP_SWAP_COM 0x10
+#define REMAP_SPLIT_COM 0x40
+
+enum ssd0323_mode
+{
+ SSD0323_CMD,
+ SSD0323_DATA
+};
+
+typedef struct {
+ SSISlave ssidev;
+ QemuConsole *con;
+
+ int cmd_len;
+ int cmd;
+ int cmd_data[8];
+ int row;
+ int row_start;
+ int row_end;
+ int col;
+ int col_start;
+ int col_end;
+ int redraw;
+ int remap;
+ enum ssd0323_mode mode;
+ uint8_t framebuffer[128 * 80 / 2];
+} ssd0323_state;
+
+static uint32_t ssd0323_transfer(SSISlave *dev, uint32_t data)
+{
+ ssd0323_state *s = FROM_SSI_SLAVE(ssd0323_state, dev);
+
+ switch (s->mode) {
+ case SSD0323_DATA:
+ DPRINTF("data 0x%02x\n", data);
+ s->framebuffer[s->col + s->row * 64] = data;
+ if (s->remap & REMAP_VERTICAL) {
+ s->row++;
+ if (s->row > s->row_end) {
+ s->row = s->row_start;
+ s->col++;
+ }
+ if (s->col > s->col_end) {
+ s->col = s->col_start;
+ }
+ } else {
+ s->col++;
+ if (s->col > s->col_end) {
+ s->row++;
+ s->col = s->col_start;
+ }
+ if (s->row > s->row_end) {
+ s->row = s->row_start;
+ }
+ }
+ s->redraw = 1;
+ break;
+ case SSD0323_CMD:
+ DPRINTF("cmd 0x%02x\n", data);
+ if (s->cmd_len == 0) {
+ s->cmd = data;
+ } else {
+ s->cmd_data[s->cmd_len - 1] = data;
+ }
+ s->cmd_len++;
+ switch (s->cmd) {
+#define DATA(x) if (s->cmd_len <= (x)) return 0
+ case 0x15: /* Set column. */
+ DATA(2);
+ s->col = s->col_start = s->cmd_data[0] % 64;
+ s->col_end = s->cmd_data[1] % 64;
+ break;
+ case 0x75: /* Set row. */
+ DATA(2);
+ s->row = s->row_start = s->cmd_data[0] % 80;
+ s->row_end = s->cmd_data[1] % 80;
+ break;
+ case 0x81: /* Set contrast */
+ DATA(1);
+ break;
+ case 0x84: case 0x85: case 0x86: /* Max current. */
+ DATA(0);
+ break;
+ case 0xa0: /* Set remapping. */
+ /* FIXME: Implement this. */
+ DATA(1);
+ s->remap = s->cmd_data[0];
+ break;
+ case 0xa1: /* Set display start line. */
+ case 0xa2: /* Set display offset. */
+ /* FIXME: Implement these. */
+ DATA(1);
+ break;
+ case 0xa4: /* Normal mode. */
+ case 0xa5: /* All on. */
+ case 0xa6: /* All off. */
+ case 0xa7: /* Inverse. */
+ /* FIXME: Implement these. */
+ DATA(0);
+ break;
+ case 0xa8: /* Set multiplex ratio. */
+ case 0xad: /* Set DC-DC converter. */
+ DATA(1);
+ /* Ignored. Don't care. */
+ break;
+ case 0xae: /* Display off. */
+ case 0xaf: /* Display on. */
+ DATA(0);
+ /* TODO: Implement power control. */
+ break;
+ case 0xb1: /* Set phase length. */
+ case 0xb2: /* Set row period. */
+ case 0xb3: /* Set clock rate. */
+ case 0xbc: /* Set precharge. */
+ case 0xbe: /* Set VCOMH. */
+ case 0xbf: /* Set segment low. */
+ DATA(1);
+ /* Ignored. Don't care. */
+ break;
+ case 0xb8: /* Set grey scale table. */
+ /* FIXME: Implement this. */
+ DATA(8);
+ break;
+ case 0xe3: /* NOP. */
+ DATA(0);
+ break;
+ case 0xff: /* Nasty hack because we don't handle chip selects
+ properly. */
+ break;
+ default:
+ BADF("Unknown command: 0x%x\n", data);
+ }
+ s->cmd_len = 0;
+ return 0;
+ }
+ return 0;
+}
+
+static void ssd0323_update_display(void *opaque)
+{
+ ssd0323_state *s = (ssd0323_state *)opaque;
+ DisplaySurface *surface = qemu_console_surface(s->con);
+ uint8_t *dest;
+ uint8_t *src;
+ int x;
+ int y;
+ int i;
+ int line;
+ char *colors[16];
+ char colortab[MAGNIFY * 64];
+ char *p;
+ int dest_width;
+
+ if (!s->redraw)
+ return;
+
+ switch (surface_bits_per_pixel(surface)) {
+ case 0:
+ return;
+ case 15:
+ dest_width = 2;
+ break;
+ case 16:
+ dest_width = 2;
+ break;
+ case 24:
+ dest_width = 3;
+ break;
+ case 32:
+ dest_width = 4;
+ break;
+ default:
+ BADF("Bad color depth\n");
+ return;
+ }
+ p = colortab;
+ for (i = 0; i < 16; i++) {
+ int n;
+ colors[i] = p;
+ switch (surface_bits_per_pixel(surface)) {
+ case 15:
+ n = i * 2 + (i >> 3);
+ p[0] = n | (n << 5);
+ p[1] = (n << 2) | (n >> 3);
+ break;
+ case 16:
+ n = i * 2 + (i >> 3);
+ p[0] = n | (n << 6) | ((n << 1) & 0x20);
+ p[1] = (n << 3) | (n >> 2);
+ break;
+ case 24:
+ case 32:
+ n = (i << 4) | i;
+ p[0] = p[1] = p[2] = n;
+ break;
+ default:
+ BADF("Bad color depth\n");
+ return;
+ }
+ p += dest_width;
+ }
+ /* TODO: Implement row/column remapping. */
+ dest = surface_data(surface);
+ for (y = 0; y < 64; y++) {
+ line = y;
+ src = s->framebuffer + 64 * line;
+ for (x = 0; x < 64; x++) {
+ int val;
+ val = *src >> 4;
+ for (i = 0; i < MAGNIFY; i++) {
+ memcpy(dest, colors[val], dest_width);
+ dest += dest_width;
+ }
+ val = *src & 0xf;
+ for (i = 0; i < MAGNIFY; i++) {
+ memcpy(dest, colors[val], dest_width);
+ dest += dest_width;
+ }
+ src++;
+ }
+ for (i = 1; i < MAGNIFY; i++) {
+ memcpy(dest, dest - dest_width * MAGNIFY * 128,
+ dest_width * 128 * MAGNIFY);
+ dest += dest_width * 128 * MAGNIFY;
+ }
+ }
+ s->redraw = 0;
+ dpy_gfx_update(s->con, 0, 0, 128 * MAGNIFY, 64 * MAGNIFY);
+}
+
+static void ssd0323_invalidate_display(void * opaque)
+{
+ ssd0323_state *s = (ssd0323_state *)opaque;
+ s->redraw = 1;
+}
+
+/* Command/data input. */
+static void ssd0323_cd(void *opaque, int n, int level)
+{
+ ssd0323_state *s = (ssd0323_state *)opaque;
+ DPRINTF("%s mode\n", level ? "Data" : "Command");
+ s->mode = level ? SSD0323_DATA : SSD0323_CMD;
+}
+
+static void ssd0323_save(QEMUFile *f, void *opaque)
+{
+ SSISlave *ss = SSI_SLAVE(opaque);
+ ssd0323_state *s = (ssd0323_state *)opaque;
+ int i;
+
+ qemu_put_be32(f, s->cmd_len);
+ qemu_put_be32(f, s->cmd);
+ for (i = 0; i < 8; i++)
+ qemu_put_be32(f, s->cmd_data[i]);
+ qemu_put_be32(f, s->row);
+ qemu_put_be32(f, s->row_start);
+ qemu_put_be32(f, s->row_end);
+ qemu_put_be32(f, s->col);
+ qemu_put_be32(f, s->col_start);
+ qemu_put_be32(f, s->col_end);
+ qemu_put_be32(f, s->redraw);
+ qemu_put_be32(f, s->remap);
+ qemu_put_be32(f, s->mode);
+ qemu_put_buffer(f, s->framebuffer, sizeof(s->framebuffer));
+
+ qemu_put_be32(f, ss->cs);
+}
+
+static int ssd0323_load(QEMUFile *f, void *opaque, int version_id)
+{
+ SSISlave *ss = SSI_SLAVE(opaque);
+ ssd0323_state *s = (ssd0323_state *)opaque;
+ int i;
+
+ if (version_id != 1)
+ return -EINVAL;
+
+ s->cmd_len = qemu_get_be32(f);
+ s->cmd = qemu_get_be32(f);
+ for (i = 0; i < 8; i++)
+ s->cmd_data[i] = qemu_get_be32(f);
+ s->row = qemu_get_be32(f);
+ s->row_start = qemu_get_be32(f);
+ s->row_end = qemu_get_be32(f);
+ s->col = qemu_get_be32(f);
+ s->col_start = qemu_get_be32(f);
+ s->col_end = qemu_get_be32(f);
+ s->redraw = qemu_get_be32(f);
+ s->remap = qemu_get_be32(f);
+ s->mode = qemu_get_be32(f);
+ qemu_get_buffer(f, s->framebuffer, sizeof(s->framebuffer));
+
+ ss->cs = qemu_get_be32(f);
+
+ return 0;
+}
+
+static const GraphicHwOps ssd0323_ops = {
+ .invalidate = ssd0323_invalidate_display,
+ .gfx_update = ssd0323_update_display,
+};
+
+static int ssd0323_init(SSISlave *dev)
+{
+ ssd0323_state *s = FROM_SSI_SLAVE(ssd0323_state, dev);
+
+ s->col_end = 63;
+ s->row_end = 79;
+ s->con = graphic_console_init(DEVICE(dev), &ssd0323_ops, s);
+ qemu_console_resize(s->con, 128 * MAGNIFY, 64 * MAGNIFY);
+
+ qdev_init_gpio_in(&dev->qdev, ssd0323_cd, 1);
+
+ register_savevm(&dev->qdev, "ssd0323_oled", -1, 1,
+ ssd0323_save, ssd0323_load, s);
+ return 0;
+}
+
+static void ssd0323_class_init(ObjectClass *klass, void *data)
+{
+ SSISlaveClass *k = SSI_SLAVE_CLASS(klass);
+
+ k->init = ssd0323_init;
+ k->transfer = ssd0323_transfer;
+ k->cs_polarity = SSI_CS_HIGH;
+}
+
+static const TypeInfo ssd0323_info = {
+ .name = "ssd0323",
+ .parent = TYPE_SSI_SLAVE,
+ .instance_size = sizeof(ssd0323_state),
+ .class_init = ssd0323_class_init,
+};
+
+static void ssd03232_register_types(void)
+{
+ type_register_static(&ssd0323_info);
+}
+
+type_init(ssd03232_register_types)
diff --git a/hw/display/tc6393xb.c b/hw/display/tc6393xb.c
new file mode 100644
index 000000000..3dd9b98ec
--- /dev/null
+++ b/hw/display/tc6393xb.c
@@ -0,0 +1,593 @@
+/*
+ * Toshiba TC6393XB I/O Controller.
+ * Found in Sharp Zaurus SL-6000 (tosa) or some
+ * Toshiba e-Series PDAs.
+ *
+ * Most features are currently unsupported!!!
+ *
+ * This code is licensed under the GNU GPL v2.
+ *
+ * Contributions after 2012-01-13 are licensed under the terms of the
+ * GNU GPL, version 2 or (at your option) any later version.
+ */
+#include "hw/hw.h"
+#include "hw/devices.h"
+#include "hw/block/flash.h"
+#include "ui/console.h"
+#include "ui/pixel_ops.h"
+#include "sysemu/blockdev.h"
+
+#define IRQ_TC6393_NAND 0
+#define IRQ_TC6393_MMC 1
+#define IRQ_TC6393_OHCI 2
+#define IRQ_TC6393_SERIAL 3
+#define IRQ_TC6393_FB 4
+
+#define TC6393XB_NR_IRQS 8
+
+#define TC6393XB_GPIOS 16
+
+#define SCR_REVID 0x08 /* b Revision ID */
+#define SCR_ISR 0x50 /* b Interrupt Status */
+#define SCR_IMR 0x52 /* b Interrupt Mask */
+#define SCR_IRR 0x54 /* b Interrupt Routing */
+#define SCR_GPER 0x60 /* w GP Enable */
+#define SCR_GPI_SR(i) (0x64 + (i)) /* b3 GPI Status */
+#define SCR_GPI_IMR(i) (0x68 + (i)) /* b3 GPI INT Mask */
+#define SCR_GPI_EDER(i) (0x6c + (i)) /* b3 GPI Edge Detect Enable */
+#define SCR_GPI_LIR(i) (0x70 + (i)) /* b3 GPI Level Invert */
+#define SCR_GPO_DSR(i) (0x78 + (i)) /* b3 GPO Data Set */
+#define SCR_GPO_DOECR(i) (0x7c + (i)) /* b3 GPO Data OE Control */
+#define SCR_GP_IARCR(i) (0x80 + (i)) /* b3 GP Internal Active Register Control */
+#define SCR_GP_IARLCR(i) (0x84 + (i)) /* b3 GP INTERNAL Active Register Level Control */
+#define SCR_GPI_BCR(i) (0x88 + (i)) /* b3 GPI Buffer Control */
+#define SCR_GPA_IARCR 0x8c /* w GPa Internal Active Register Control */
+#define SCR_GPA_IARLCR 0x90 /* w GPa Internal Active Register Level Control */
+#define SCR_GPA_BCR 0x94 /* w GPa Buffer Control */
+#define SCR_CCR 0x98 /* w Clock Control */
+#define SCR_PLL2CR 0x9a /* w PLL2 Control */
+#define SCR_PLL1CR 0x9c /* l PLL1 Control */
+#define SCR_DIARCR 0xa0 /* b Device Internal Active Register Control */
+#define SCR_DBOCR 0xa1 /* b Device Buffer Off Control */
+#define SCR_FER 0xe0 /* b Function Enable */
+#define SCR_MCR 0xe4 /* w Mode Control */
+#define SCR_CONFIG 0xfc /* b Configuration Control */
+#define SCR_DEBUG 0xff /* b Debug */
+
+#define NAND_CFG_COMMAND 0x04 /* w Command */
+#define NAND_CFG_BASE 0x10 /* l Control Base Address */
+#define NAND_CFG_INTP 0x3d /* b Interrupt Pin */
+#define NAND_CFG_INTE 0x48 /* b Int Enable */
+#define NAND_CFG_EC 0x4a /* b Event Control */
+#define NAND_CFG_ICC 0x4c /* b Internal Clock Control */
+#define NAND_CFG_ECCC 0x5b /* b ECC Control */
+#define NAND_CFG_NFTC 0x60 /* b NAND Flash Transaction Control */
+#define NAND_CFG_NFM 0x61 /* b NAND Flash Monitor */
+#define NAND_CFG_NFPSC 0x62 /* b NAND Flash Power Supply Control */
+#define NAND_CFG_NFDC 0x63 /* b NAND Flash Detect Control */
+
+#define NAND_DATA 0x00 /* l Data */
+#define NAND_MODE 0x04 /* b Mode */
+#define NAND_STATUS 0x05 /* b Status */
+#define NAND_ISR 0x06 /* b Interrupt Status */
+#define NAND_IMR 0x07 /* b Interrupt Mask */
+
+#define NAND_MODE_WP 0x80
+#define NAND_MODE_CE 0x10
+#define NAND_MODE_ALE 0x02
+#define NAND_MODE_CLE 0x01
+#define NAND_MODE_ECC_MASK 0x60
+#define NAND_MODE_ECC_EN 0x20
+#define NAND_MODE_ECC_READ 0x40
+#define NAND_MODE_ECC_RST 0x60
+
+struct TC6393xbState {
+ MemoryRegion iomem;
+ qemu_irq irq;
+ qemu_irq *sub_irqs;
+ struct {
+ uint8_t ISR;
+ uint8_t IMR;
+ uint8_t IRR;
+ uint16_t GPER;
+ uint8_t GPI_SR[3];
+ uint8_t GPI_IMR[3];
+ uint8_t GPI_EDER[3];
+ uint8_t GPI_LIR[3];
+ uint8_t GP_IARCR[3];
+ uint8_t GP_IARLCR[3];
+ uint8_t GPI_BCR[3];
+ uint16_t GPA_IARCR;
+ uint16_t GPA_IARLCR;
+ uint16_t CCR;
+ uint16_t PLL2CR;
+ uint32_t PLL1CR;
+ uint8_t DIARCR;
+ uint8_t DBOCR;
+ uint8_t FER;
+ uint16_t MCR;
+ uint8_t CONFIG;
+ uint8_t DEBUG;
+ } scr;
+ uint32_t gpio_dir;
+ uint32_t gpio_level;
+ uint32_t prev_level;
+ qemu_irq handler[TC6393XB_GPIOS];
+ qemu_irq *gpio_in;
+
+ struct {
+ uint8_t mode;
+ uint8_t isr;
+ uint8_t imr;
+ } nand;
+ int nand_enable;
+ uint32_t nand_phys;
+ DeviceState *flash;
+ ECCState ecc;
+
+ QemuConsole *con;
+ MemoryRegion vram;
+ uint16_t *vram_ptr;
+ uint32_t scr_width, scr_height; /* in pixels */
+ qemu_irq l3v;
+ unsigned blank : 1,
+ blanked : 1;
+};
+
+qemu_irq *tc6393xb_gpio_in_get(TC6393xbState *s)
+{
+ return s->gpio_in;
+}
+
+static void tc6393xb_gpio_set(void *opaque, int line, int level)
+{
+// TC6393xbState *s = opaque;
+
+ if (line > TC6393XB_GPIOS) {
+ printf("%s: No GPIO pin %i\n", __FUNCTION__, line);
+ return;
+ }
+
+ // FIXME: how does the chip reflect the GPIO input level change?
+}
+
+void tc6393xb_gpio_out_set(TC6393xbState *s, int line,
+ qemu_irq handler)
+{
+ if (line >= TC6393XB_GPIOS) {
+ fprintf(stderr, "TC6393xb: no GPIO pin %d\n", line);
+ return;
+ }
+
+ s->handler[line] = handler;
+}
+
+static void tc6393xb_gpio_handler_update(TC6393xbState *s)
+{
+ uint32_t level, diff;
+ int bit;
+
+ level = s->gpio_level & s->gpio_dir;
+
+ for (diff = s->prev_level ^ level; diff; diff ^= 1 << bit) {
+ bit = ffs(diff) - 1;
+ qemu_set_irq(s->handler[bit], (level >> bit) & 1);
+ }
+
+ s->prev_level = level;
+}
+
+qemu_irq tc6393xb_l3v_get(TC6393xbState *s)
+{
+ return s->l3v;
+}
+
+static void tc6393xb_l3v(void *opaque, int line, int level)
+{
+ TC6393xbState *s = opaque;
+ s->blank = !level;
+ fprintf(stderr, "L3V: %d\n", level);
+}
+
+static void tc6393xb_sub_irq(void *opaque, int line, int level) {
+ TC6393xbState *s = opaque;
+ uint8_t isr = s->scr.ISR;
+ if (level)
+ isr |= 1 << line;
+ else
+ isr &= ~(1 << line);
+ s->scr.ISR = isr;
+ qemu_set_irq(s->irq, isr & s->scr.IMR);
+}
+
+#define SCR_REG_B(N) \
+ case SCR_ ##N: return s->scr.N
+#define SCR_REG_W(N) \
+ case SCR_ ##N: return s->scr.N; \
+ case SCR_ ##N + 1: return s->scr.N >> 8;
+#define SCR_REG_L(N) \
+ case SCR_ ##N: return s->scr.N; \
+ case SCR_ ##N + 1: return s->scr.N >> 8; \
+ case SCR_ ##N + 2: return s->scr.N >> 16; \
+ case SCR_ ##N + 3: return s->scr.N >> 24;
+#define SCR_REG_A(N) \
+ case SCR_ ##N(0): return s->scr.N[0]; \
+ case SCR_ ##N(1): return s->scr.N[1]; \
+ case SCR_ ##N(2): return s->scr.N[2]
+
+static uint32_t tc6393xb_scr_readb(TC6393xbState *s, hwaddr addr)
+{
+ switch (addr) {
+ case SCR_REVID:
+ return 3;
+ case SCR_REVID+1:
+ return 0;
+ SCR_REG_B(ISR);
+ SCR_REG_B(IMR);
+ SCR_REG_B(IRR);
+ SCR_REG_W(GPER);
+ SCR_REG_A(GPI_SR);
+ SCR_REG_A(GPI_IMR);
+ SCR_REG_A(GPI_EDER);
+ SCR_REG_A(GPI_LIR);
+ case SCR_GPO_DSR(0):
+ case SCR_GPO_DSR(1):
+ case SCR_GPO_DSR(2):
+ return (s->gpio_level >> ((addr - SCR_GPO_DSR(0)) * 8)) & 0xff;
+ case SCR_GPO_DOECR(0):
+ case SCR_GPO_DOECR(1):
+ case SCR_GPO_DOECR(2):
+ return (s->gpio_dir >> ((addr - SCR_GPO_DOECR(0)) * 8)) & 0xff;
+ SCR_REG_A(GP_IARCR);
+ SCR_REG_A(GP_IARLCR);
+ SCR_REG_A(GPI_BCR);
+ SCR_REG_W(GPA_IARCR);
+ SCR_REG_W(GPA_IARLCR);
+ SCR_REG_W(CCR);
+ SCR_REG_W(PLL2CR);
+ SCR_REG_L(PLL1CR);
+ SCR_REG_B(DIARCR);
+ SCR_REG_B(DBOCR);
+ SCR_REG_B(FER);
+ SCR_REG_W(MCR);
+ SCR_REG_B(CONFIG);
+ SCR_REG_B(DEBUG);
+ }
+ fprintf(stderr, "tc6393xb_scr: unhandled read at %08x\n", (uint32_t) addr);
+ return 0;
+}
+#undef SCR_REG_B
+#undef SCR_REG_W
+#undef SCR_REG_L
+#undef SCR_REG_A
+
+#define SCR_REG_B(N) \
+ case SCR_ ##N: s->scr.N = value; return;
+#define SCR_REG_W(N) \
+ case SCR_ ##N: s->scr.N = (s->scr.N & ~0xff) | (value & 0xff); return; \
+ case SCR_ ##N + 1: s->scr.N = (s->scr.N & 0xff) | (value << 8); return
+#define SCR_REG_L(N) \
+ case SCR_ ##N: s->scr.N = (s->scr.N & ~0xff) | (value & 0xff); return; \
+ case SCR_ ##N + 1: s->scr.N = (s->scr.N & ~(0xff << 8)) | (value & (0xff << 8)); return; \
+ case SCR_ ##N + 2: s->scr.N = (s->scr.N & ~(0xff << 16)) | (value & (0xff << 16)); return; \
+ case SCR_ ##N + 3: s->scr.N = (s->scr.N & ~(0xff << 24)) | (value & (0xff << 24)); return;
+#define SCR_REG_A(N) \
+ case SCR_ ##N(0): s->scr.N[0] = value; return; \
+ case SCR_ ##N(1): s->scr.N[1] = value; return; \
+ case SCR_ ##N(2): s->scr.N[2] = value; return
+
+static void tc6393xb_scr_writeb(TC6393xbState *s, hwaddr addr, uint32_t value)
+{
+ switch (addr) {
+ SCR_REG_B(ISR);
+ SCR_REG_B(IMR);
+ SCR_REG_B(IRR);
+ SCR_REG_W(GPER);
+ SCR_REG_A(GPI_SR);
+ SCR_REG_A(GPI_IMR);
+ SCR_REG_A(GPI_EDER);
+ SCR_REG_A(GPI_LIR);
+ case SCR_GPO_DSR(0):
+ case SCR_GPO_DSR(1):
+ case SCR_GPO_DSR(2):
+ s->gpio_level = (s->gpio_level & ~(0xff << ((addr - SCR_GPO_DSR(0))*8))) | ((value & 0xff) << ((addr - SCR_GPO_DSR(0))*8));
+ tc6393xb_gpio_handler_update(s);
+ return;
+ case SCR_GPO_DOECR(0):
+ case SCR_GPO_DOECR(1):
+ case SCR_GPO_DOECR(2):
+ s->gpio_dir = (s->gpio_dir & ~(0xff << ((addr - SCR_GPO_DOECR(0))*8))) | ((value & 0xff) << ((addr - SCR_GPO_DOECR(0))*8));
+ tc6393xb_gpio_handler_update(s);
+ return;
+ SCR_REG_A(GP_IARCR);
+ SCR_REG_A(GP_IARLCR);
+ SCR_REG_A(GPI_BCR);
+ SCR_REG_W(GPA_IARCR);
+ SCR_REG_W(GPA_IARLCR);
+ SCR_REG_W(CCR);
+ SCR_REG_W(PLL2CR);
+ SCR_REG_L(PLL1CR);
+ SCR_REG_B(DIARCR);
+ SCR_REG_B(DBOCR);
+ SCR_REG_B(FER);
+ SCR_REG_W(MCR);
+ SCR_REG_B(CONFIG);
+ SCR_REG_B(DEBUG);
+ }
+ fprintf(stderr, "tc6393xb_scr: unhandled write at %08x: %02x\n",
+ (uint32_t) addr, value & 0xff);
+}
+#undef SCR_REG_B
+#undef SCR_REG_W
+#undef SCR_REG_L
+#undef SCR_REG_A
+
+static void tc6393xb_nand_irq(TC6393xbState *s) {
+ qemu_set_irq(s->sub_irqs[IRQ_TC6393_NAND],
+ (s->nand.imr & 0x80) && (s->nand.imr & s->nand.isr));
+}
+
+static uint32_t tc6393xb_nand_cfg_readb(TC6393xbState *s, hwaddr addr) {
+ switch (addr) {
+ case NAND_CFG_COMMAND:
+ return s->nand_enable ? 2 : 0;
+ case NAND_CFG_BASE:
+ case NAND_CFG_BASE + 1:
+ case NAND_CFG_BASE + 2:
+ case NAND_CFG_BASE + 3:
+ return s->nand_phys >> (addr - NAND_CFG_BASE);
+ }
+ fprintf(stderr, "tc6393xb_nand_cfg: unhandled read at %08x\n", (uint32_t) addr);
+ return 0;
+}
+static void tc6393xb_nand_cfg_writeb(TC6393xbState *s, hwaddr addr, uint32_t value) {
+ switch (addr) {
+ case NAND_CFG_COMMAND:
+ s->nand_enable = (value & 0x2);
+ return;
+ case NAND_CFG_BASE:
+ case NAND_CFG_BASE + 1:
+ case NAND_CFG_BASE + 2:
+ case NAND_CFG_BASE + 3:
+ s->nand_phys &= ~(0xff << ((addr - NAND_CFG_BASE) * 8));
+ s->nand_phys |= (value & 0xff) << ((addr - NAND_CFG_BASE) * 8);
+ return;
+ }
+ fprintf(stderr, "tc6393xb_nand_cfg: unhandled write at %08x: %02x\n",
+ (uint32_t) addr, value & 0xff);
+}
+
+static uint32_t tc6393xb_nand_readb(TC6393xbState *s, hwaddr addr) {
+ switch (addr) {
+ case NAND_DATA + 0:
+ case NAND_DATA + 1:
+ case NAND_DATA + 2:
+ case NAND_DATA + 3:
+ return nand_getio(s->flash);
+ case NAND_MODE:
+ return s->nand.mode;
+ case NAND_STATUS:
+ return 0x14;
+ case NAND_ISR:
+ return s->nand.isr;
+ case NAND_IMR:
+ return s->nand.imr;
+ }
+ fprintf(stderr, "tc6393xb_nand: unhandled read at %08x\n", (uint32_t) addr);
+ return 0;
+}
+static void tc6393xb_nand_writeb(TC6393xbState *s, hwaddr addr, uint32_t value) {
+// fprintf(stderr, "tc6393xb_nand: write at %08x: %02x\n",
+// (uint32_t) addr, value & 0xff);
+ switch (addr) {
+ case NAND_DATA + 0:
+ case NAND_DATA + 1:
+ case NAND_DATA + 2:
+ case NAND_DATA + 3:
+ nand_setio(s->flash, value);
+ s->nand.isr |= 1;
+ tc6393xb_nand_irq(s);
+ return;
+ case NAND_MODE:
+ s->nand.mode = value;
+ nand_setpins(s->flash,
+ value & NAND_MODE_CLE,
+ value & NAND_MODE_ALE,
+ !(value & NAND_MODE_CE),
+ value & NAND_MODE_WP,
+ 0); // FIXME: gnd
+ switch (value & NAND_MODE_ECC_MASK) {
+ case NAND_MODE_ECC_RST:
+ ecc_reset(&s->ecc);
+ break;
+ case NAND_MODE_ECC_READ:
+ // FIXME
+ break;
+ case NAND_MODE_ECC_EN:
+ ecc_reset(&s->ecc);
+ }
+ return;
+ case NAND_ISR:
+ s->nand.isr = value;
+ tc6393xb_nand_irq(s);
+ return;
+ case NAND_IMR:
+ s->nand.imr = value;
+ tc6393xb_nand_irq(s);
+ return;
+ }
+ fprintf(stderr, "tc6393xb_nand: unhandled write at %08x: %02x\n",
+ (uint32_t) addr, value & 0xff);
+}
+
+#define BITS 8
+#include "tc6393xb_template.h"
+#define BITS 15
+#include "tc6393xb_template.h"
+#define BITS 16
+#include "tc6393xb_template.h"
+#define BITS 24
+#include "tc6393xb_template.h"
+#define BITS 32
+#include "tc6393xb_template.h"
+
+static void tc6393xb_draw_graphic(TC6393xbState *s, int full_update)
+{
+ DisplaySurface *surface = qemu_console_surface(s->con);
+
+ switch (surface_bits_per_pixel(surface)) {
+ case 8:
+ tc6393xb_draw_graphic8(s);
+ break;
+ case 15:
+ tc6393xb_draw_graphic15(s);
+ break;
+ case 16:
+ tc6393xb_draw_graphic16(s);
+ break;
+ case 24:
+ tc6393xb_draw_graphic24(s);
+ break;
+ case 32:
+ tc6393xb_draw_graphic32(s);
+ break;
+ default:
+ printf("tc6393xb: unknown depth %d\n",
+ surface_bits_per_pixel(surface));
+ return;
+ }
+
+ dpy_gfx_update(s->con, 0, 0, s->scr_width, s->scr_height);
+}
+
+static void tc6393xb_draw_blank(TC6393xbState *s, int full_update)
+{
+ DisplaySurface *surface = qemu_console_surface(s->con);
+ int i, w;
+ uint8_t *d;
+
+ if (!full_update)
+ return;
+
+ w = s->scr_width * surface_bytes_per_pixel(surface);
+ d = surface_data(surface);
+ for(i = 0; i < s->scr_height; i++) {
+ memset(d, 0, w);
+ d += surface_stride(surface);
+ }
+
+ dpy_gfx_update(s->con, 0, 0, s->scr_width, s->scr_height);
+}
+
+static void tc6393xb_update_display(void *opaque)
+{
+ TC6393xbState *s = opaque;
+ DisplaySurface *surface = qemu_console_surface(s->con);
+ int full_update;
+
+ if (s->scr_width == 0 || s->scr_height == 0)
+ return;
+
+ full_update = 0;
+ if (s->blanked != s->blank) {
+ s->blanked = s->blank;
+ full_update = 1;
+ }
+ if (s->scr_width != surface_width(surface) ||
+ s->scr_height != surface_height(surface)) {
+ qemu_console_resize(s->con, s->scr_width, s->scr_height);
+ full_update = 1;
+ }
+ if (s->blanked)
+ tc6393xb_draw_blank(s, full_update);
+ else
+ tc6393xb_draw_graphic(s, full_update);
+}
+
+
+static uint64_t tc6393xb_readb(void *opaque, hwaddr addr,
+ unsigned size)
+{
+ TC6393xbState *s = opaque;
+
+ switch (addr >> 8) {
+ case 0:
+ return tc6393xb_scr_readb(s, addr & 0xff);
+ case 1:
+ return tc6393xb_nand_cfg_readb(s, addr & 0xff);
+ };
+
+ if ((addr &~0xff) == s->nand_phys && s->nand_enable) {
+// return tc6393xb_nand_readb(s, addr & 0xff);
+ uint8_t d = tc6393xb_nand_readb(s, addr & 0xff);
+// fprintf(stderr, "tc6393xb_nand: read at %08x: %02hhx\n", (uint32_t) addr, d);
+ return d;
+ }
+
+// fprintf(stderr, "tc6393xb: unhandled read at %08x\n", (uint32_t) addr);
+ return 0;
+}
+
+static void tc6393xb_writeb(void *opaque, hwaddr addr,
+ uint64_t value, unsigned size) {
+ TC6393xbState *s = opaque;
+
+ switch (addr >> 8) {
+ case 0:
+ tc6393xb_scr_writeb(s, addr & 0xff, value);
+ return;
+ case 1:
+ tc6393xb_nand_cfg_writeb(s, addr & 0xff, value);
+ return;
+ };
+
+ if ((addr &~0xff) == s->nand_phys && s->nand_enable)
+ tc6393xb_nand_writeb(s, addr & 0xff, value);
+ else
+ fprintf(stderr, "tc6393xb: unhandled write at %08x: %02x\n",
+ (uint32_t) addr, (int)value & 0xff);
+}
+
+static const GraphicHwOps tc6393xb_gfx_ops = {
+ .gfx_update = tc6393xb_update_display,
+};
+
+TC6393xbState *tc6393xb_init(MemoryRegion *sysmem, uint32_t base, qemu_irq irq)
+{
+ TC6393xbState *s;
+ DriveInfo *nand;
+ static const MemoryRegionOps tc6393xb_ops = {
+ .read = tc6393xb_readb,
+ .write = tc6393xb_writeb,
+ .endianness = DEVICE_NATIVE_ENDIAN,
+ .impl = {
+ .min_access_size = 1,
+ .max_access_size = 1,
+ },
+ };
+
+ s = (TC6393xbState *) g_malloc0(sizeof(TC6393xbState));
+ s->irq = irq;
+ s->gpio_in = qemu_allocate_irqs(tc6393xb_gpio_set, s, TC6393XB_GPIOS);
+
+ s->l3v = *qemu_allocate_irqs(tc6393xb_l3v, s, 1);
+ s->blanked = 1;
+
+ s->sub_irqs = qemu_allocate_irqs(tc6393xb_sub_irq, s, TC6393XB_NR_IRQS);
+
+ nand = drive_get(IF_MTD, 0, 0);
+ s->flash = nand_init(nand ? nand->bdrv : NULL, NAND_MFR_TOSHIBA, 0x76);
+
+ memory_region_init_io(&s->iomem, NULL, &tc6393xb_ops, s, "tc6393xb", 0x10000);
+ memory_region_add_subregion(sysmem, base, &s->iomem);
+
+ memory_region_init_ram(&s->vram, NULL, "tc6393xb.vram", 0x100000);
+ vmstate_register_ram_global(&s->vram);
+ s->vram_ptr = memory_region_get_ram_ptr(&s->vram);
+ memory_region_add_subregion(sysmem, base + 0x100000, &s->vram);
+ s->scr_width = 480;
+ s->scr_height = 640;
+ s->con = graphic_console_init(NULL, &tc6393xb_gfx_ops, s);
+
+ return s;
+}
diff --git a/hw/display/tc6393xb_template.h b/hw/display/tc6393xb_template.h
new file mode 100644
index 000000000..154aafd40
--- /dev/null
+++ b/hw/display/tc6393xb_template.h
@@ -0,0 +1,68 @@
+/*
+ * Toshiba TC6393XB I/O Controller.
+ * Found in Sharp Zaurus SL-6000 (tosa) or some
+ * Toshiba e-Series PDAs.
+ *
+ * FB support code. Based on G364 fb emulator
+ *
+ * Copyright (c) 2007 Hervé Poussineau
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License as
+ * published by the Free Software Foundation; either version 2 of
+ * the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#if BITS == 8
+# define SET_PIXEL(addr, color) *(uint8_t*)addr = color;
+#elif BITS == 15 || BITS == 16
+# define SET_PIXEL(addr, color) *(uint16_t*)addr = color;
+#elif BITS == 24
+# define SET_PIXEL(addr, color) \
+ addr[0] = color; addr[1] = (color) >> 8; addr[2] = (color) >> 16;
+#elif BITS == 32
+# define SET_PIXEL(addr, color) *(uint32_t*)addr = color;
+#else
+# error unknown bit depth
+#endif
+
+
+static void glue(tc6393xb_draw_graphic, BITS)(TC6393xbState *s)
+{
+ DisplaySurface *surface = qemu_console_surface(s->con);
+ int i;
+ uint16_t *data_buffer;
+ uint8_t *data_display;
+
+ data_buffer = s->vram_ptr;
+ data_display = surface_data(surface);
+ for(i = 0; i < s->scr_height; i++) {
+#if (BITS == 16)
+ memcpy(data_display, data_buffer, s->scr_width * 2);
+ data_buffer += s->scr_width;
+ data_display += surface_stride(surface);
+#else
+ int j;
+ for (j = 0; j < s->scr_width; j++, data_display += BITS / 8, data_buffer++) {
+ uint16_t color = *data_buffer;
+ uint32_t dest_color = glue(rgb_to_pixel, BITS)(
+ ((color & 0xf800) * 0x108) >> 11,
+ ((color & 0x7e0) * 0x41) >> 9,
+ ((color & 0x1f) * 0x21) >> 2
+ );
+ SET_PIXEL(data_display, dest_color);
+ }
+#endif
+ }
+}
+
+#undef BITS
+#undef SET_PIXEL
diff --git a/hw/display/tcx.c b/hw/display/tcx.c
new file mode 100644
index 000000000..24876d33e
--- /dev/null
+++ b/hw/display/tcx.c
@@ -0,0 +1,627 @@
+/*
+ * QEMU TCX Frame buffer
+ *
+ * Copyright (c) 2003-2005 Fabrice Bellard
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+#include "qemu-common.h"
+#include "ui/console.h"
+#include "ui/pixel_ops.h"
+#include "hw/sysbus.h"
+
+#define MAXX 1024
+#define MAXY 768
+#define TCX_DAC_NREGS 16
+#define TCX_THC_NREGS_8 0x081c
+#define TCX_THC_NREGS_24 0x1000
+#define TCX_TEC_NREGS 0x1000
+
+#define TYPE_TCX "SUNW,tcx"
+#define TCX(obj) OBJECT_CHECK(TCXState, (obj), TYPE_TCX)
+
+typedef struct TCXState {
+ SysBusDevice parent_obj;
+
+ QemuConsole *con;
+ uint8_t *vram;
+ uint32_t *vram24, *cplane;
+ MemoryRegion vram_mem;
+ MemoryRegion vram_8bit;
+ MemoryRegion vram_24bit;
+ MemoryRegion vram_cplane;
+ MemoryRegion dac;
+ MemoryRegion tec;
+ MemoryRegion thc24;
+ MemoryRegion thc8;
+ ram_addr_t vram24_offset, cplane_offset;
+ uint32_t vram_size;
+ uint32_t palette[256];
+ uint8_t r[256], g[256], b[256];
+ uint16_t width, height, depth;
+ uint8_t dac_index, dac_state;
+} TCXState;
+
+static void tcx_set_dirty(TCXState *s)
+{
+ memory_region_set_dirty(&s->vram_mem, 0, MAXX * MAXY);
+}
+
+static void tcx24_set_dirty(TCXState *s)
+{
+ memory_region_set_dirty(&s->vram_mem, s->vram24_offset, MAXX * MAXY * 4);
+ memory_region_set_dirty(&s->vram_mem, s->cplane_offset, MAXX * MAXY * 4);
+}
+
+static void update_palette_entries(TCXState *s, int start, int end)
+{
+ DisplaySurface *surface = qemu_console_surface(s->con);
+ int i;
+
+ for (i = start; i < end; i++) {
+ switch (surface_bits_per_pixel(surface)) {
+ default:
+ case 8:
+ s->palette[i] = rgb_to_pixel8(s->r[i], s->g[i], s->b[i]);
+ break;
+ case 15:
+ s->palette[i] = rgb_to_pixel15(s->r[i], s->g[i], s->b[i]);
+ break;
+ case 16:
+ s->palette[i] = rgb_to_pixel16(s->r[i], s->g[i], s->b[i]);
+ break;
+ case 32:
+ if (is_surface_bgr(surface)) {
+ s->palette[i] = rgb_to_pixel32bgr(s->r[i], s->g[i], s->b[i]);
+ } else {
+ s->palette[i] = rgb_to_pixel32(s->r[i], s->g[i], s->b[i]);
+ }
+ break;
+ }
+ }
+ if (s->depth == 24) {
+ tcx24_set_dirty(s);
+ } else {
+ tcx_set_dirty(s);
+ }
+}
+
+static void tcx_draw_line32(TCXState *s1, uint8_t *d,
+ const uint8_t *s, int width)
+{
+ int x;
+ uint8_t val;
+ uint32_t *p = (uint32_t *)d;
+
+ for(x = 0; x < width; x++) {
+ val = *s++;
+ *p++ = s1->palette[val];
+ }
+}
+
+static void tcx_draw_line16(TCXState *s1, uint8_t *d,
+ const uint8_t *s, int width)
+{
+ int x;
+ uint8_t val;
+ uint16_t *p = (uint16_t *)d;
+
+ for(x = 0; x < width; x++) {
+ val = *s++;
+ *p++ = s1->palette[val];
+ }
+}
+
+static void tcx_draw_line8(TCXState *s1, uint8_t *d,
+ const uint8_t *s, int width)
+{
+ int x;
+ uint8_t val;
+
+ for(x = 0; x < width; x++) {
+ val = *s++;
+ *d++ = s1->palette[val];
+ }
+}
+
+/*
+ XXX Could be much more optimal:
+ * detect if line/page/whole screen is in 24 bit mode
+ * if destination is also BGR, use memcpy
+ */
+static inline void tcx24_draw_line32(TCXState *s1, uint8_t *d,
+ const uint8_t *s, int width,
+ const uint32_t *cplane,
+ const uint32_t *s24)
+{
+ DisplaySurface *surface = qemu_console_surface(s1->con);
+ int x, bgr, r, g, b;
+ uint8_t val, *p8;
+ uint32_t *p = (uint32_t *)d;
+ uint32_t dval;
+
+ bgr = is_surface_bgr(surface);
+ for(x = 0; x < width; x++, s++, s24++) {
+ if ((be32_to_cpu(*cplane++) & 0xff000000) == 0x03000000) {
+ // 24-bit direct, BGR order
+ p8 = (uint8_t *)s24;
+ p8++;
+ b = *p8++;
+ g = *p8++;
+ r = *p8;
+ if (bgr)
+ dval = rgb_to_pixel32bgr(r, g, b);
+ else
+ dval = rgb_to_pixel32(r, g, b);
+ } else {
+ val = *s;
+ dval = s1->palette[val];
+ }
+ *p++ = dval;
+ }
+}
+
+static inline int check_dirty(TCXState *s, ram_addr_t page, ram_addr_t page24,
+ ram_addr_t cpage)
+{
+ int ret;
+
+ ret = memory_region_get_dirty(&s->vram_mem, page, TARGET_PAGE_SIZE,
+ DIRTY_MEMORY_VGA);
+ ret |= memory_region_get_dirty(&s->vram_mem, page24, TARGET_PAGE_SIZE * 4,
+ DIRTY_MEMORY_VGA);
+ ret |= memory_region_get_dirty(&s->vram_mem, cpage, TARGET_PAGE_SIZE * 4,
+ DIRTY_MEMORY_VGA);
+ return ret;
+}
+
+static inline void reset_dirty(TCXState *ts, ram_addr_t page_min,
+ ram_addr_t page_max, ram_addr_t page24,
+ ram_addr_t cpage)
+{
+ memory_region_reset_dirty(&ts->vram_mem,
+ page_min,
+ (page_max - page_min) + TARGET_PAGE_SIZE,
+ DIRTY_MEMORY_VGA);
+ memory_region_reset_dirty(&ts->vram_mem,
+ page24 + page_min * 4,
+ (page_max - page_min) * 4 + TARGET_PAGE_SIZE,
+ DIRTY_MEMORY_VGA);
+ memory_region_reset_dirty(&ts->vram_mem,
+ cpage + page_min * 4,
+ (page_max - page_min) * 4 + TARGET_PAGE_SIZE,
+ DIRTY_MEMORY_VGA);
+}
+
+/* Fixed line length 1024 allows us to do nice tricks not possible on
+ VGA... */
+static void tcx_update_display(void *opaque)
+{
+ TCXState *ts = opaque;
+ DisplaySurface *surface = qemu_console_surface(ts->con);
+ ram_addr_t page, page_min, page_max;
+ int y, y_start, dd, ds;
+ uint8_t *d, *s;
+ void (*f)(TCXState *s1, uint8_t *dst, const uint8_t *src, int width);
+
+ if (surface_bits_per_pixel(surface) == 0) {
+ return;
+ }
+
+ page = 0;
+ y_start = -1;
+ page_min = -1;
+ page_max = 0;
+ d = surface_data(surface);
+ s = ts->vram;
+ dd = surface_stride(surface);
+ ds = 1024;
+
+ switch (surface_bits_per_pixel(surface)) {
+ case 32:
+ f = tcx_draw_line32;
+ break;
+ case 15:
+ case 16:
+ f = tcx_draw_line16;
+ break;
+ default:
+ case 8:
+ f = tcx_draw_line8;
+ break;
+ case 0:
+ return;
+ }
+
+ for(y = 0; y < ts->height; y += 4, page += TARGET_PAGE_SIZE) {
+ if (memory_region_get_dirty(&ts->vram_mem, page, TARGET_PAGE_SIZE,
+ DIRTY_MEMORY_VGA)) {
+ if (y_start < 0)
+ y_start = y;
+ if (page < page_min)
+ page_min = page;
+ if (page > page_max)
+ page_max = page;
+ f(ts, d, s, ts->width);
+ d += dd;
+ s += ds;
+ f(ts, d, s, ts->width);
+ d += dd;
+ s += ds;
+ f(ts, d, s, ts->width);
+ d += dd;
+ s += ds;
+ f(ts, d, s, ts->width);
+ d += dd;
+ s += ds;
+ } else {
+ if (y_start >= 0) {
+ /* flush to display */
+ dpy_gfx_update(ts->con, 0, y_start,
+ ts->width, y - y_start);
+ y_start = -1;
+ }
+ d += dd * 4;
+ s += ds * 4;
+ }
+ }
+ if (y_start >= 0) {
+ /* flush to display */
+ dpy_gfx_update(ts->con, 0, y_start,
+ ts->width, y - y_start);
+ }
+ /* reset modified pages */
+ if (page_max >= page_min) {
+ memory_region_reset_dirty(&ts->vram_mem,
+ page_min,
+ (page_max - page_min) + TARGET_PAGE_SIZE,
+ DIRTY_MEMORY_VGA);
+ }
+}
+
+static void tcx24_update_display(void *opaque)
+{
+ TCXState *ts = opaque;
+ DisplaySurface *surface = qemu_console_surface(ts->con);
+ ram_addr_t page, page_min, page_max, cpage, page24;
+ int y, y_start, dd, ds;
+ uint8_t *d, *s;
+ uint32_t *cptr, *s24;
+
+ if (surface_bits_per_pixel(surface) != 32) {
+ return;
+ }
+
+ page = 0;
+ page24 = ts->vram24_offset;
+ cpage = ts->cplane_offset;
+ y_start = -1;
+ page_min = -1;
+ page_max = 0;
+ d = surface_data(surface);
+ s = ts->vram;
+ s24 = ts->vram24;
+ cptr = ts->cplane;
+ dd = surface_stride(surface);
+ ds = 1024;
+
+ for(y = 0; y < ts->height; y += 4, page += TARGET_PAGE_SIZE,
+ page24 += TARGET_PAGE_SIZE, cpage += TARGET_PAGE_SIZE) {
+ if (check_dirty(ts, page, page24, cpage)) {
+ if (y_start < 0)
+ y_start = y;
+ if (page < page_min)
+ page_min = page;
+ if (page > page_max)
+ page_max = page;
+ tcx24_draw_line32(ts, d, s, ts->width, cptr, s24);
+ d += dd;
+ s += ds;
+ cptr += ds;
+ s24 += ds;
+ tcx24_draw_line32(ts, d, s, ts->width, cptr, s24);
+ d += dd;
+ s += ds;
+ cptr += ds;
+ s24 += ds;
+ tcx24_draw_line32(ts, d, s, ts->width, cptr, s24);
+ d += dd;
+ s += ds;
+ cptr += ds;
+ s24 += ds;
+ tcx24_draw_line32(ts, d, s, ts->width, cptr, s24);
+ d += dd;
+ s += ds;
+ cptr += ds;
+ s24 += ds;
+ } else {
+ if (y_start >= 0) {
+ /* flush to display */
+ dpy_gfx_update(ts->con, 0, y_start,
+ ts->width, y - y_start);
+ y_start = -1;
+ }
+ d += dd * 4;
+ s += ds * 4;
+ cptr += ds * 4;
+ s24 += ds * 4;
+ }
+ }
+ if (y_start >= 0) {
+ /* flush to display */
+ dpy_gfx_update(ts->con, 0, y_start,
+ ts->width, y - y_start);
+ }
+ /* reset modified pages */
+ if (page_max >= page_min) {
+ reset_dirty(ts, page_min, page_max, page24, cpage);
+ }
+}
+
+static void tcx_invalidate_display(void *opaque)
+{
+ TCXState *s = opaque;
+
+ tcx_set_dirty(s);
+ qemu_console_resize(s->con, s->width, s->height);
+}
+
+static void tcx24_invalidate_display(void *opaque)
+{
+ TCXState *s = opaque;
+
+ tcx_set_dirty(s);
+ tcx24_set_dirty(s);
+ qemu_console_resize(s->con, s->width, s->height);
+}
+
+static int vmstate_tcx_post_load(void *opaque, int version_id)
+{
+ TCXState *s = opaque;
+
+ update_palette_entries(s, 0, 256);
+ if (s->depth == 24) {
+ tcx24_set_dirty(s);
+ } else {
+ tcx_set_dirty(s);
+ }
+
+ return 0;
+}
+
+static const VMStateDescription vmstate_tcx = {
+ .name ="tcx",
+ .version_id = 4,
+ .minimum_version_id = 4,
+ .minimum_version_id_old = 4,
+ .post_load = vmstate_tcx_post_load,
+ .fields = (VMStateField []) {
+ VMSTATE_UINT16(height, TCXState),
+ VMSTATE_UINT16(width, TCXState),
+ VMSTATE_UINT16(depth, TCXState),
+ VMSTATE_BUFFER(r, TCXState),
+ VMSTATE_BUFFER(g, TCXState),
+ VMSTATE_BUFFER(b, TCXState),
+ VMSTATE_UINT8(dac_index, TCXState),
+ VMSTATE_UINT8(dac_state, TCXState),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+static void tcx_reset(DeviceState *d)
+{
+ TCXState *s = TCX(d);
+
+ /* Initialize palette */
+ memset(s->r, 0, 256);
+ memset(s->g, 0, 256);
+ memset(s->b, 0, 256);
+ s->r[255] = s->g[255] = s->b[255] = 255;
+ update_palette_entries(s, 0, 256);
+ memset(s->vram, 0, MAXX*MAXY);
+ memory_region_reset_dirty(&s->vram_mem, 0, MAXX * MAXY * (1 + 4 + 4),
+ DIRTY_MEMORY_VGA);
+ s->dac_index = 0;
+ s->dac_state = 0;
+}
+
+static uint64_t tcx_dac_readl(void *opaque, hwaddr addr,
+ unsigned size)
+{
+ return 0;
+}
+
+static void tcx_dac_writel(void *opaque, hwaddr addr, uint64_t val,
+ unsigned size)
+{
+ TCXState *s = opaque;
+
+ switch (addr) {
+ case 0:
+ s->dac_index = val >> 24;
+ s->dac_state = 0;
+ break;
+ case 4:
+ switch (s->dac_state) {
+ case 0:
+ s->r[s->dac_index] = val >> 24;
+ update_palette_entries(s, s->dac_index, s->dac_index + 1);
+ s->dac_state++;
+ break;
+ case 1:
+ s->g[s->dac_index] = val >> 24;
+ update_palette_entries(s, s->dac_index, s->dac_index + 1);
+ s->dac_state++;
+ break;
+ case 2:
+ s->b[s->dac_index] = val >> 24;
+ update_palette_entries(s, s->dac_index, s->dac_index + 1);
+ s->dac_index = (s->dac_index + 1) & 255; // Index autoincrement
+ default:
+ s->dac_state = 0;
+ break;
+ }
+ break;
+ default:
+ break;
+ }
+}
+
+static const MemoryRegionOps tcx_dac_ops = {
+ .read = tcx_dac_readl,
+ .write = tcx_dac_writel,
+ .endianness = DEVICE_NATIVE_ENDIAN,
+ .valid = {
+ .min_access_size = 4,
+ .max_access_size = 4,
+ },
+};
+
+static uint64_t dummy_readl(void *opaque, hwaddr addr,
+ unsigned size)
+{
+ return 0;
+}
+
+static void dummy_writel(void *opaque, hwaddr addr,
+ uint64_t val, unsigned size)
+{
+}
+
+static const MemoryRegionOps dummy_ops = {
+ .read = dummy_readl,
+ .write = dummy_writel,
+ .endianness = DEVICE_NATIVE_ENDIAN,
+ .valid = {
+ .min_access_size = 4,
+ .max_access_size = 4,
+ },
+};
+
+static const GraphicHwOps tcx_ops = {
+ .invalidate = tcx_invalidate_display,
+ .gfx_update = tcx_update_display,
+};
+
+static const GraphicHwOps tcx24_ops = {
+ .invalidate = tcx24_invalidate_display,
+ .gfx_update = tcx24_update_display,
+};
+
+static int tcx_init1(SysBusDevice *dev)
+{
+ TCXState *s = TCX(dev);
+ ram_addr_t vram_offset = 0;
+ int size;
+ uint8_t *vram_base;
+
+ memory_region_init_ram(&s->vram_mem, OBJECT(s), "tcx.vram",
+ s->vram_size * (1 + 4 + 4));
+ vmstate_register_ram_global(&s->vram_mem);
+ vram_base = memory_region_get_ram_ptr(&s->vram_mem);
+
+ /* 8-bit plane */
+ s->vram = vram_base;
+ size = s->vram_size;
+ memory_region_init_alias(&s->vram_8bit, OBJECT(s), "tcx.vram.8bit",
+ &s->vram_mem, vram_offset, size);
+ sysbus_init_mmio(dev, &s->vram_8bit);
+ vram_offset += size;
+ vram_base += size;
+
+ /* DAC */
+ memory_region_init_io(&s->dac, OBJECT(s), &tcx_dac_ops, s,
+ "tcx.dac", TCX_DAC_NREGS);
+ sysbus_init_mmio(dev, &s->dac);
+
+ /* TEC (dummy) */
+ memory_region_init_io(&s->tec, OBJECT(s), &dummy_ops, s,
+ "tcx.tec", TCX_TEC_NREGS);
+ sysbus_init_mmio(dev, &s->tec);
+ /* THC: NetBSD writes here even with 8-bit display: dummy */
+ memory_region_init_io(&s->thc24, OBJECT(s), &dummy_ops, s, "tcx.thc24",
+ TCX_THC_NREGS_24);
+ sysbus_init_mmio(dev, &s->thc24);
+
+ if (s->depth == 24) {
+ /* 24-bit plane */
+ size = s->vram_size * 4;
+ s->vram24 = (uint32_t *)vram_base;
+ s->vram24_offset = vram_offset;
+ memory_region_init_alias(&s->vram_24bit, OBJECT(s), "tcx.vram.24bit",
+ &s->vram_mem, vram_offset, size);
+ sysbus_init_mmio(dev, &s->vram_24bit);
+ vram_offset += size;
+ vram_base += size;
+
+ /* Control plane */
+ size = s->vram_size * 4;
+ s->cplane = (uint32_t *)vram_base;
+ s->cplane_offset = vram_offset;
+ memory_region_init_alias(&s->vram_cplane, OBJECT(s), "tcx.vram.cplane",
+ &s->vram_mem, vram_offset, size);
+ sysbus_init_mmio(dev, &s->vram_cplane);
+
+ s->con = graphic_console_init(DEVICE(dev), &tcx24_ops, s);
+ } else {
+ /* THC 8 bit (dummy) */
+ memory_region_init_io(&s->thc8, OBJECT(s), &dummy_ops, s, "tcx.thc8",
+ TCX_THC_NREGS_8);
+ sysbus_init_mmio(dev, &s->thc8);
+
+ s->con = graphic_console_init(DEVICE(dev), &tcx_ops, s);
+ }
+
+ qemu_console_resize(s->con, s->width, s->height);
+ return 0;
+}
+
+static Property tcx_properties[] = {
+ DEFINE_PROP_HEX32("vram_size", TCXState, vram_size, -1),
+ DEFINE_PROP_UINT16("width", TCXState, width, -1),
+ DEFINE_PROP_UINT16("height", TCXState, height, -1),
+ DEFINE_PROP_UINT16("depth", TCXState, depth, -1),
+ DEFINE_PROP_END_OF_LIST(),
+};
+
+static void tcx_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
+
+ k->init = tcx_init1;
+ dc->reset = tcx_reset;
+ dc->vmsd = &vmstate_tcx;
+ dc->props = tcx_properties;
+}
+
+static const TypeInfo tcx_info = {
+ .name = TYPE_TCX,
+ .parent = TYPE_SYS_BUS_DEVICE,
+ .instance_size = sizeof(TCXState),
+ .class_init = tcx_class_init,
+};
+
+static void tcx_register_types(void)
+{
+ type_register_static(&tcx_info);
+}
+
+type_init(tcx_register_types)
diff --git a/hw/display/vga-isa-mm.c b/hw/display/vga-isa-mm.c
new file mode 100644
index 000000000..8b514cc39
--- /dev/null
+++ b/hw/display/vga-isa-mm.c
@@ -0,0 +1,142 @@
+/*
+ * QEMU ISA MM VGA Emulator.
+ *
+ * Copyright (c) 2003 Fabrice Bellard
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+#include "hw/hw.h"
+#include "ui/console.h"
+#include "hw/i386/pc.h"
+#include "vga_int.h"
+#include "ui/pixel_ops.h"
+#include "qemu/timer.h"
+
+#define VGA_RAM_SIZE (8192 * 1024)
+
+typedef struct ISAVGAMMState {
+ VGACommonState vga;
+ int it_shift;
+} ISAVGAMMState;
+
+/* Memory mapped interface */
+static uint32_t vga_mm_readb (void *opaque, hwaddr addr)
+{
+ ISAVGAMMState *s = opaque;
+
+ return vga_ioport_read(&s->vga, addr >> s->it_shift) & 0xff;
+}
+
+static void vga_mm_writeb (void *opaque,
+ hwaddr addr, uint32_t value)
+{
+ ISAVGAMMState *s = opaque;
+
+ vga_ioport_write(&s->vga, addr >> s->it_shift, value & 0xff);
+}
+
+static uint32_t vga_mm_readw (void *opaque, hwaddr addr)
+{
+ ISAVGAMMState *s = opaque;
+
+ return vga_ioport_read(&s->vga, addr >> s->it_shift) & 0xffff;
+}
+
+static void vga_mm_writew (void *opaque,
+ hwaddr addr, uint32_t value)
+{
+ ISAVGAMMState *s = opaque;
+
+ vga_ioport_write(&s->vga, addr >> s->it_shift, value & 0xffff);
+}
+
+static uint32_t vga_mm_readl (void *opaque, hwaddr addr)
+{
+ ISAVGAMMState *s = opaque;
+
+ return vga_ioport_read(&s->vga, addr >> s->it_shift);
+}
+
+static void vga_mm_writel (void *opaque,
+ hwaddr addr, uint32_t value)
+{
+ ISAVGAMMState *s = opaque;
+
+ vga_ioport_write(&s->vga, addr >> s->it_shift, value);
+}
+
+static const MemoryRegionOps vga_mm_ctrl_ops = {
+ .old_mmio = {
+ .read = {
+ vga_mm_readb,
+ vga_mm_readw,
+ vga_mm_readl,
+ },
+ .write = {
+ vga_mm_writeb,
+ vga_mm_writew,
+ vga_mm_writel,
+ },
+ },
+ .endianness = DEVICE_NATIVE_ENDIAN,
+};
+
+static void vga_mm_init(ISAVGAMMState *s, hwaddr vram_base,
+ hwaddr ctrl_base, int it_shift,
+ MemoryRegion *address_space)
+{
+ MemoryRegion *s_ioport_ctrl, *vga_io_memory;
+
+ s->it_shift = it_shift;
+ s_ioport_ctrl = g_malloc(sizeof(*s_ioport_ctrl));
+ memory_region_init_io(s_ioport_ctrl, NULL, &vga_mm_ctrl_ops, s,
+ "vga-mm-ctrl", 0x100000);
+ memory_region_set_flush_coalesced(s_ioport_ctrl);
+
+ vga_io_memory = g_malloc(sizeof(*vga_io_memory));
+ /* XXX: endianness? */
+ memory_region_init_io(vga_io_memory, NULL, &vga_mem_ops, &s->vga,
+ "vga-mem", 0x20000);
+
+ vmstate_register(NULL, 0, &vmstate_vga_common, s);
+
+ memory_region_add_subregion(address_space, ctrl_base, s_ioport_ctrl);
+ s->vga.bank_offset = 0;
+ memory_region_add_subregion(address_space,
+ vram_base + 0x000a0000, vga_io_memory);
+ memory_region_set_coalescing(vga_io_memory);
+}
+
+int isa_vga_mm_init(hwaddr vram_base,
+ hwaddr ctrl_base, int it_shift,
+ MemoryRegion *address_space)
+{
+ ISAVGAMMState *s;
+
+ s = g_malloc0(sizeof(*s));
+
+ s->vga.vram_size_mb = VGA_RAM_SIZE >> 20;
+ vga_common_init(&s->vga, NULL);
+ vga_mm_init(s, vram_base, ctrl_base, it_shift, address_space);
+
+ s->vga.con = graphic_console_init(NULL, s->vga.hw_ops, s);
+
+ vga_init_vbe(&s->vga, NULL, address_space);
+ return 0;
+}
diff --git a/hw/display/vga-isa.c b/hw/display/vga-isa.c
new file mode 100644
index 000000000..c2a19ad6b
--- /dev/null
+++ b/hw/display/vga-isa.c
@@ -0,0 +1,105 @@
+/*
+ * QEMU ISA VGA Emulator.
+ *
+ * see docs/specs/standard-vga.txt for virtual hardware specs.
+ *
+ * Copyright (c) 2003 Fabrice Bellard
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+#include "hw/hw.h"
+#include "ui/console.h"
+#include "hw/i386/pc.h"
+#include "vga_int.h"
+#include "ui/pixel_ops.h"
+#include "qemu/timer.h"
+#include "hw/loader.h"
+
+#define TYPE_ISA_VGA "isa-vga"
+#define ISA_VGA(obj) OBJECT_CHECK(ISAVGAState, (obj), TYPE_ISA_VGA)
+
+typedef struct ISAVGAState {
+ ISADevice parent_obj;
+
+ struct VGACommonState state;
+} ISAVGAState;
+
+static void vga_isa_reset(DeviceState *dev)
+{
+ ISAVGAState *d = ISA_VGA(dev);
+ VGACommonState *s = &d->state;
+
+ vga_common_reset(s);
+}
+
+static void vga_isa_realizefn(DeviceState *dev, Error **errp)
+{
+ ISADevice *isadev = ISA_DEVICE(dev);
+ ISAVGAState *d = ISA_VGA(dev);
+ VGACommonState *s = &d->state;
+ MemoryRegion *vga_io_memory;
+ const MemoryRegionPortio *vga_ports, *vbe_ports;
+
+ vga_common_init(s, OBJECT(dev));
+ s->legacy_address_space = isa_address_space(isadev);
+ vga_io_memory = vga_init_io(s, OBJECT(dev), &vga_ports, &vbe_ports);
+ isa_register_portio_list(isadev, 0x3b0, vga_ports, s, "vga");
+ if (vbe_ports) {
+ isa_register_portio_list(isadev, 0x1ce, vbe_ports, s, "vbe");
+ }
+ memory_region_add_subregion_overlap(isa_address_space(isadev),
+ isa_mem_base + 0x000a0000,
+ vga_io_memory, 1);
+ memory_region_set_coalescing(vga_io_memory);
+ s->con = graphic_console_init(DEVICE(dev), s->hw_ops, s);
+
+ vga_init_vbe(s, OBJECT(dev), isa_address_space(isadev));
+ /* ROM BIOS */
+ rom_add_vga(VGABIOS_FILENAME);
+}
+
+static Property vga_isa_properties[] = {
+ DEFINE_PROP_UINT32("vgamem_mb", ISAVGAState, state.vram_size_mb, 8),
+ DEFINE_PROP_END_OF_LIST(),
+};
+
+static void vga_isa_class_initfn(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+
+ dc->realize = vga_isa_realizefn;
+ dc->reset = vga_isa_reset;
+ dc->vmsd = &vmstate_vga_common;
+ dc->props = vga_isa_properties;
+ set_bit(DEVICE_CATEGORY_DISPLAY, dc->categories);
+}
+
+static const TypeInfo vga_isa_info = {
+ .name = TYPE_ISA_VGA,
+ .parent = TYPE_ISA_DEVICE,
+ .instance_size = sizeof(ISAVGAState),
+ .class_init = vga_isa_class_initfn,
+};
+
+static void vga_isa_register_types(void)
+{
+ type_register_static(&vga_isa_info);
+}
+
+type_init(vga_isa_register_types)
diff --git a/hw/display/vga-pci.c b/hw/display/vga-pci.c
new file mode 100644
index 000000000..b3a45c81d
--- /dev/null
+++ b/hw/display/vga-pci.c
@@ -0,0 +1,216 @@
+/*
+ * QEMU PCI VGA Emulator.
+ *
+ * see docs/specs/standard-vga.txt for virtual hardware specs.
+ *
+ * Copyright (c) 2003 Fabrice Bellard
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+#include "hw/hw.h"
+#include "ui/console.h"
+#include "hw/pci/pci.h"
+#include "vga_int.h"
+#include "ui/pixel_ops.h"
+#include "qemu/timer.h"
+#include "hw/loader.h"
+
+#define PCI_VGA_IOPORT_OFFSET 0x400
+#define PCI_VGA_IOPORT_SIZE (0x3e0 - 0x3c0)
+#define PCI_VGA_BOCHS_OFFSET 0x500
+#define PCI_VGA_BOCHS_SIZE (0x0b * 2)
+#define PCI_VGA_MMIO_SIZE 0x1000
+
+enum vga_pci_flags {
+ PCI_VGA_FLAG_ENABLE_MMIO = 1,
+};
+
+typedef struct PCIVGAState {
+ PCIDevice dev;
+ VGACommonState vga;
+ uint32_t flags;
+ MemoryRegion mmio;
+ MemoryRegion ioport;
+ MemoryRegion bochs;
+} PCIVGAState;
+
+static const VMStateDescription vmstate_vga_pci = {
+ .name = "vga",
+ .version_id = 2,
+ .minimum_version_id = 2,
+ .minimum_version_id_old = 2,
+ .fields = (VMStateField []) {
+ VMSTATE_PCI_DEVICE(dev, PCIVGAState),
+ VMSTATE_STRUCT(vga, PCIVGAState, 0, vmstate_vga_common, VGACommonState),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+static uint64_t pci_vga_ioport_read(void *ptr, hwaddr addr,
+ unsigned size)
+{
+ PCIVGAState *d = ptr;
+ uint64_t ret = 0;
+
+ switch (size) {
+ case 1:
+ ret = vga_ioport_read(&d->vga, addr);
+ break;
+ case 2:
+ ret = vga_ioport_read(&d->vga, addr);
+ ret |= vga_ioport_read(&d->vga, addr+1) << 8;
+ break;
+ }
+ return ret;
+}
+
+static void pci_vga_ioport_write(void *ptr, hwaddr addr,
+ uint64_t val, unsigned size)
+{
+ PCIVGAState *d = ptr;
+
+ switch (size) {
+ case 1:
+ vga_ioport_write(&d->vga, addr + 0x3c0, val);
+ break;
+ case 2:
+ /*
+ * Update bytes in little endian order. Allows to update
+ * indexed registers with a single word write because the
+ * index byte is updated first.
+ */
+ vga_ioport_write(&d->vga, addr + 0x3c0, val & 0xff);
+ vga_ioport_write(&d->vga, addr + 0x3c1, (val >> 8) & 0xff);
+ break;
+ }
+}
+
+static const MemoryRegionOps pci_vga_ioport_ops = {
+ .read = pci_vga_ioport_read,
+ .write = pci_vga_ioport_write,
+ .valid.min_access_size = 1,
+ .valid.max_access_size = 4,
+ .impl.min_access_size = 1,
+ .impl.max_access_size = 2,
+ .endianness = DEVICE_LITTLE_ENDIAN,
+};
+
+static uint64_t pci_vga_bochs_read(void *ptr, hwaddr addr,
+ unsigned size)
+{
+ PCIVGAState *d = ptr;
+ int index = addr >> 1;
+
+ vbe_ioport_write_index(&d->vga, 0, index);
+ return vbe_ioport_read_data(&d->vga, 0);
+}
+
+static void pci_vga_bochs_write(void *ptr, hwaddr addr,
+ uint64_t val, unsigned size)
+{
+ PCIVGAState *d = ptr;
+ int index = addr >> 1;
+
+ vbe_ioport_write_index(&d->vga, 0, index);
+ vbe_ioport_write_data(&d->vga, 0, val);
+}
+
+static const MemoryRegionOps pci_vga_bochs_ops = {
+ .read = pci_vga_bochs_read,
+ .write = pci_vga_bochs_write,
+ .valid.min_access_size = 1,
+ .valid.max_access_size = 4,
+ .impl.min_access_size = 2,
+ .impl.max_access_size = 2,
+ .endianness = DEVICE_LITTLE_ENDIAN,
+};
+
+static int pci_std_vga_initfn(PCIDevice *dev)
+{
+ PCIVGAState *d = DO_UPCAST(PCIVGAState, dev, dev);
+ VGACommonState *s = &d->vga;
+
+ /* vga + console init */
+ vga_common_init(s, OBJECT(dev));
+ vga_init(s, OBJECT(dev), pci_address_space(dev), pci_address_space_io(dev),
+ true);
+
+ s->con = graphic_console_init(DEVICE(dev), s->hw_ops, s);
+
+ /* XXX: VGA_RAM_SIZE must be a power of two */
+ pci_register_bar(&d->dev, 0, PCI_BASE_ADDRESS_MEM_PREFETCH, &s->vram);
+
+ /* mmio bar for vga register access */
+ if (d->flags & (1 << PCI_VGA_FLAG_ENABLE_MMIO)) {
+ memory_region_init(&d->mmio, NULL, "vga.mmio", 4096);
+ memory_region_init_io(&d->ioport, NULL, &pci_vga_ioport_ops, d,
+ "vga ioports remapped", PCI_VGA_IOPORT_SIZE);
+ memory_region_init_io(&d->bochs, NULL, &pci_vga_bochs_ops, d,
+ "bochs dispi interface", PCI_VGA_BOCHS_SIZE);
+
+ memory_region_add_subregion(&d->mmio, PCI_VGA_IOPORT_OFFSET,
+ &d->ioport);
+ memory_region_add_subregion(&d->mmio, PCI_VGA_BOCHS_OFFSET,
+ &d->bochs);
+ pci_register_bar(&d->dev, 2, PCI_BASE_ADDRESS_SPACE_MEMORY, &d->mmio);
+ }
+
+ if (!dev->rom_bar) {
+ /* compatibility with pc-0.13 and older */
+ vga_init_vbe(s, OBJECT(dev), pci_address_space(dev));
+ }
+
+ return 0;
+}
+
+static Property vga_pci_properties[] = {
+ DEFINE_PROP_UINT32("vgamem_mb", PCIVGAState, vga.vram_size_mb, 16),
+ DEFINE_PROP_BIT("mmio", PCIVGAState, flags, PCI_VGA_FLAG_ENABLE_MMIO, true),
+ DEFINE_PROP_END_OF_LIST(),
+};
+
+static void vga_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ PCIDeviceClass *k = PCI_DEVICE_CLASS(klass);
+
+ k->no_hotplug = 1;
+ k->init = pci_std_vga_initfn;
+ k->romfile = "vgabios-stdvga.bin";
+ k->vendor_id = PCI_VENDOR_ID_QEMU;
+ k->device_id = PCI_DEVICE_ID_QEMU_VGA;
+ k->class_id = PCI_CLASS_DISPLAY_VGA;
+ dc->vmsd = &vmstate_vga_pci;
+ dc->props = vga_pci_properties;
+ set_bit(DEVICE_CATEGORY_DISPLAY, dc->categories);
+}
+
+static const TypeInfo vga_info = {
+ .name = "VGA",
+ .parent = TYPE_PCI_DEVICE,
+ .instance_size = sizeof(PCIVGAState),
+ .class_init = vga_class_init,
+};
+
+static void vga_register_types(void)
+{
+ type_register_static(&vga_info);
+}
+
+type_init(vga_register_types)
diff --git a/hw/display/vga.c b/hw/display/vga.c
new file mode 100644
index 000000000..06f44a808
--- /dev/null
+++ b/hw/display/vga.c
@@ -0,0 +1,2396 @@
+/*
+ * QEMU VGA Emulator.
+ *
+ * Copyright (c) 2003 Fabrice Bellard
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+#include "hw/hw.h"
+#include "vga.h"
+#include "ui/console.h"
+#include "hw/i386/pc.h"
+#include "hw/pci/pci.h"
+#include "vga_int.h"
+#include "ui/pixel_ops.h"
+#include "qemu/timer.h"
+#include "hw/xen/xen.h"
+#include "trace.h"
+
+//#define DEBUG_VGA
+//#define DEBUG_VGA_MEM
+//#define DEBUG_VGA_REG
+
+//#define DEBUG_BOCHS_VBE
+
+/* 16 state changes per vertical frame @60 Hz */
+#define VGA_TEXT_CURSOR_PERIOD_MS (1000 * 2 * 16 / 60)
+
+/*
+ * Video Graphics Array (VGA)
+ *
+ * Chipset docs for original IBM VGA:
+ * http://www.mcamafia.de/pdf/ibm_vgaxga_trm2.pdf
+ *
+ * FreeVGA site:
+ * http://www.osdever.net/FreeVGA/home.htm
+ *
+ * Standard VGA features and Bochs VBE extensions are implemented.
+ */
+
+/* force some bits to zero */
+const uint8_t sr_mask[8] = {
+ 0x03,
+ 0x3d,
+ 0x0f,
+ 0x3f,
+ 0x0e,
+ 0x00,
+ 0x00,
+ 0xff,
+};
+
+const uint8_t gr_mask[16] = {
+ 0x0f, /* 0x00 */
+ 0x0f, /* 0x01 */
+ 0x0f, /* 0x02 */
+ 0x1f, /* 0x03 */
+ 0x03, /* 0x04 */
+ 0x7b, /* 0x05 */
+ 0x0f, /* 0x06 */
+ 0x0f, /* 0x07 */
+ 0xff, /* 0x08 */
+ 0x00, /* 0x09 */
+ 0x00, /* 0x0a */
+ 0x00, /* 0x0b */
+ 0x00, /* 0x0c */
+ 0x00, /* 0x0d */
+ 0x00, /* 0x0e */
+ 0x00, /* 0x0f */
+};
+
+#define cbswap_32(__x) \
+((uint32_t)( \
+ (((uint32_t)(__x) & (uint32_t)0x000000ffUL) << 24) | \
+ (((uint32_t)(__x) & (uint32_t)0x0000ff00UL) << 8) | \
+ (((uint32_t)(__x) & (uint32_t)0x00ff0000UL) >> 8) | \
+ (((uint32_t)(__x) & (uint32_t)0xff000000UL) >> 24) ))
+
+#ifdef HOST_WORDS_BIGENDIAN
+#define PAT(x) cbswap_32(x)
+#else
+#define PAT(x) (x)
+#endif
+
+#ifdef HOST_WORDS_BIGENDIAN
+#define BIG 1
+#else
+#define BIG 0
+#endif
+
+#ifdef HOST_WORDS_BIGENDIAN
+#define GET_PLANE(data, p) (((data) >> (24 - (p) * 8)) & 0xff)
+#else
+#define GET_PLANE(data, p) (((data) >> ((p) * 8)) & 0xff)
+#endif
+
+static const uint32_t mask16[16] = {
+ PAT(0x00000000),
+ PAT(0x000000ff),
+ PAT(0x0000ff00),
+ PAT(0x0000ffff),
+ PAT(0x00ff0000),
+ PAT(0x00ff00ff),
+ PAT(0x00ffff00),
+ PAT(0x00ffffff),
+ PAT(0xff000000),
+ PAT(0xff0000ff),
+ PAT(0xff00ff00),
+ PAT(0xff00ffff),
+ PAT(0xffff0000),
+ PAT(0xffff00ff),
+ PAT(0xffffff00),
+ PAT(0xffffffff),
+};
+
+#undef PAT
+
+#ifdef HOST_WORDS_BIGENDIAN
+#define PAT(x) (x)
+#else
+#define PAT(x) cbswap_32(x)
+#endif
+
+static const uint32_t dmask16[16] = {
+ PAT(0x00000000),
+ PAT(0x000000ff),
+ PAT(0x0000ff00),
+ PAT(0x0000ffff),
+ PAT(0x00ff0000),
+ PAT(0x00ff00ff),
+ PAT(0x00ffff00),
+ PAT(0x00ffffff),
+ PAT(0xff000000),
+ PAT(0xff0000ff),
+ PAT(0xff00ff00),
+ PAT(0xff00ffff),
+ PAT(0xffff0000),
+ PAT(0xffff00ff),
+ PAT(0xffffff00),
+ PAT(0xffffffff),
+};
+
+static const uint32_t dmask4[4] = {
+ PAT(0x00000000),
+ PAT(0x0000ffff),
+ PAT(0xffff0000),
+ PAT(0xffffffff),
+};
+
+static uint32_t expand4[256];
+static uint16_t expand2[256];
+static uint8_t expand4to8[16];
+
+static void vga_update_memory_access(VGACommonState *s)
+{
+ MemoryRegion *region, *old_region = s->chain4_alias;
+ hwaddr base, offset, size;
+
+ s->chain4_alias = NULL;
+
+ if ((s->sr[VGA_SEQ_PLANE_WRITE] & VGA_SR02_ALL_PLANES) ==
+ VGA_SR02_ALL_PLANES && s->sr[VGA_SEQ_MEMORY_MODE] & VGA_SR04_CHN_4M) {
+ offset = 0;
+ switch ((s->gr[VGA_GFX_MISC] >> 2) & 3) {
+ case 0:
+ base = 0xa0000;
+ size = 0x20000;
+ break;
+ case 1:
+ base = 0xa0000;
+ size = 0x10000;
+ offset = s->bank_offset;
+ break;
+ case 2:
+ base = 0xb0000;
+ size = 0x8000;
+ break;
+ case 3:
+ default:
+ base = 0xb8000;
+ size = 0x8000;
+ break;
+ }
+ base += isa_mem_base;
+ region = g_malloc(sizeof(*region));
+ memory_region_init_alias(region, memory_region_owner(&s->vram),
+ "vga.chain4", &s->vram, offset, size);
+ memory_region_add_subregion_overlap(s->legacy_address_space, base,
+ region, 2);
+ s->chain4_alias = region;
+ }
+ if (old_region) {
+ memory_region_del_subregion(s->legacy_address_space, old_region);
+ memory_region_destroy(old_region);
+ g_free(old_region);
+ s->plane_updated = 0xf;
+ }
+}
+
+static void vga_dumb_update_retrace_info(VGACommonState *s)
+{
+ (void) s;
+}
+
+static void vga_precise_update_retrace_info(VGACommonState *s)
+{
+ int htotal_chars;
+ int hretr_start_char;
+ int hretr_skew_chars;
+ int hretr_end_char;
+
+ int vtotal_lines;
+ int vretr_start_line;
+ int vretr_end_line;
+
+ int dots;
+#if 0
+ int div2, sldiv2;
+#endif
+ int clocking_mode;
+ int clock_sel;
+ const int clk_hz[] = {25175000, 28322000, 25175000, 25175000};
+ int64_t chars_per_sec;
+ struct vga_precise_retrace *r = &s->retrace_info.precise;
+
+ htotal_chars = s->cr[VGA_CRTC_H_TOTAL] + 5;
+ hretr_start_char = s->cr[VGA_CRTC_H_SYNC_START];
+ hretr_skew_chars = (s->cr[VGA_CRTC_H_SYNC_END] >> 5) & 3;
+ hretr_end_char = s->cr[VGA_CRTC_H_SYNC_END] & 0x1f;
+
+ vtotal_lines = (s->cr[VGA_CRTC_V_TOTAL] |
+ (((s->cr[VGA_CRTC_OVERFLOW] & 1) |
+ ((s->cr[VGA_CRTC_OVERFLOW] >> 4) & 2)) << 8)) + 2;
+ vretr_start_line = s->cr[VGA_CRTC_V_SYNC_START] |
+ ((((s->cr[VGA_CRTC_OVERFLOW] >> 2) & 1) |
+ ((s->cr[VGA_CRTC_OVERFLOW] >> 6) & 2)) << 8);
+ vretr_end_line = s->cr[VGA_CRTC_V_SYNC_END] & 0xf;
+
+ clocking_mode = (s->sr[VGA_SEQ_CLOCK_MODE] >> 3) & 1;
+ clock_sel = (s->msr >> 2) & 3;
+ dots = (s->msr & 1) ? 8 : 9;
+
+ chars_per_sec = clk_hz[clock_sel] / dots;
+
+ htotal_chars <<= clocking_mode;
+
+ r->total_chars = vtotal_lines * htotal_chars;
+ if (r->freq) {
+ r->ticks_per_char = get_ticks_per_sec() / (r->total_chars * r->freq);
+ } else {
+ r->ticks_per_char = get_ticks_per_sec() / chars_per_sec;
+ }
+
+ r->vstart = vretr_start_line;
+ r->vend = r->vstart + vretr_end_line + 1;
+
+ r->hstart = hretr_start_char + hretr_skew_chars;
+ r->hend = r->hstart + hretr_end_char + 1;
+ r->htotal = htotal_chars;
+
+#if 0
+ div2 = (s->cr[VGA_CRTC_MODE] >> 2) & 1;
+ sldiv2 = (s->cr[VGA_CRTC_MODE] >> 3) & 1;
+ printf (
+ "hz=%f\n"
+ "htotal = %d\n"
+ "hretr_start = %d\n"
+ "hretr_skew = %d\n"
+ "hretr_end = %d\n"
+ "vtotal = %d\n"
+ "vretr_start = %d\n"
+ "vretr_end = %d\n"
+ "div2 = %d sldiv2 = %d\n"
+ "clocking_mode = %d\n"
+ "clock_sel = %d %d\n"
+ "dots = %d\n"
+ "ticks/char = %" PRId64 "\n"
+ "\n",
+ (double) get_ticks_per_sec() / (r->ticks_per_char * r->total_chars),
+ htotal_chars,
+ hretr_start_char,
+ hretr_skew_chars,
+ hretr_end_char,
+ vtotal_lines,
+ vretr_start_line,
+ vretr_end_line,
+ div2, sldiv2,
+ clocking_mode,
+ clock_sel,
+ clk_hz[clock_sel],
+ dots,
+ r->ticks_per_char
+ );
+#endif
+}
+
+static uint8_t vga_precise_retrace(VGACommonState *s)
+{
+ struct vga_precise_retrace *r = &s->retrace_info.precise;
+ uint8_t val = s->st01 & ~(ST01_V_RETRACE | ST01_DISP_ENABLE);
+
+ if (r->total_chars) {
+ int cur_line, cur_line_char, cur_char;
+ int64_t cur_tick;
+
+ cur_tick = qemu_get_clock_ns(vm_clock);
+
+ cur_char = (cur_tick / r->ticks_per_char) % r->total_chars;
+ cur_line = cur_char / r->htotal;
+
+ if (cur_line >= r->vstart && cur_line <= r->vend) {
+ val |= ST01_V_RETRACE | ST01_DISP_ENABLE;
+ } else {
+ cur_line_char = cur_char % r->htotal;
+ if (cur_line_char >= r->hstart && cur_line_char <= r->hend) {
+ val |= ST01_DISP_ENABLE;
+ }
+ }
+
+ return val;
+ } else {
+ return s->st01 ^ (ST01_V_RETRACE | ST01_DISP_ENABLE);
+ }
+}
+
+static uint8_t vga_dumb_retrace(VGACommonState *s)
+{
+ return s->st01 ^ (ST01_V_RETRACE | ST01_DISP_ENABLE);
+}
+
+int vga_ioport_invalid(VGACommonState *s, uint32_t addr)
+{
+ if (s->msr & VGA_MIS_COLOR) {
+ /* Color */
+ return (addr >= 0x3b0 && addr <= 0x3bf);
+ } else {
+ /* Monochrome */
+ return (addr >= 0x3d0 && addr <= 0x3df);
+ }
+}
+
+uint32_t vga_ioport_read(void *opaque, uint32_t addr)
+{
+ VGACommonState *s = opaque;
+ int val, index;
+
+ qemu_flush_coalesced_mmio_buffer();
+
+ if (vga_ioport_invalid(s, addr)) {
+ val = 0xff;
+ } else {
+ switch(addr) {
+ case VGA_ATT_W:
+ if (s->ar_flip_flop == 0) {
+ val = s->ar_index;
+ } else {
+ val = 0;
+ }
+ break;
+ case VGA_ATT_R:
+ index = s->ar_index & 0x1f;
+ if (index < VGA_ATT_C) {
+ val = s->ar[index];
+ } else {
+ val = 0;
+ }
+ break;
+ case VGA_MIS_W:
+ val = s->st00;
+ break;
+ case VGA_SEQ_I:
+ val = s->sr_index;
+ break;
+ case VGA_SEQ_D:
+ val = s->sr[s->sr_index];
+#ifdef DEBUG_VGA_REG
+ printf("vga: read SR%x = 0x%02x\n", s->sr_index, val);
+#endif
+ break;
+ case VGA_PEL_IR:
+ val = s->dac_state;
+ break;
+ case VGA_PEL_IW:
+ val = s->dac_write_index;
+ break;
+ case VGA_PEL_D:
+ val = s->palette[s->dac_read_index * 3 + s->dac_sub_index];
+ if (++s->dac_sub_index == 3) {
+ s->dac_sub_index = 0;
+ s->dac_read_index++;
+ }
+ break;
+ case VGA_FTC_R:
+ val = s->fcr;
+ break;
+ case VGA_MIS_R:
+ val = s->msr;
+ break;
+ case VGA_GFX_I:
+ val = s->gr_index;
+ break;
+ case VGA_GFX_D:
+ val = s->gr[s->gr_index];
+#ifdef DEBUG_VGA_REG
+ printf("vga: read GR%x = 0x%02x\n", s->gr_index, val);
+#endif
+ break;
+ case VGA_CRT_IM:
+ case VGA_CRT_IC:
+ val = s->cr_index;
+ break;
+ case VGA_CRT_DM:
+ case VGA_CRT_DC:
+ val = s->cr[s->cr_index];
+#ifdef DEBUG_VGA_REG
+ printf("vga: read CR%x = 0x%02x\n", s->cr_index, val);
+#endif
+ break;
+ case VGA_IS1_RM:
+ case VGA_IS1_RC:
+ /* just toggle to fool polling */
+ val = s->st01 = s->retrace(s);
+ s->ar_flip_flop = 0;
+ break;
+ default:
+ val = 0x00;
+ break;
+ }
+ }
+#if defined(DEBUG_VGA)
+ printf("VGA: read addr=0x%04x data=0x%02x\n", addr, val);
+#endif
+ return val;
+}
+
+void vga_ioport_write(void *opaque, uint32_t addr, uint32_t val)
+{
+ VGACommonState *s = opaque;
+ int index;
+
+ qemu_flush_coalesced_mmio_buffer();
+
+ /* check port range access depending on color/monochrome mode */
+ if (vga_ioport_invalid(s, addr)) {
+ return;
+ }
+#ifdef DEBUG_VGA
+ printf("VGA: write addr=0x%04x data=0x%02x\n", addr, val);
+#endif
+
+ switch(addr) {
+ case VGA_ATT_W:
+ if (s->ar_flip_flop == 0) {
+ val &= 0x3f;
+ s->ar_index = val;
+ } else {
+ index = s->ar_index & 0x1f;
+ switch(index) {
+ case VGA_ATC_PALETTE0 ... VGA_ATC_PALETTEF:
+ s->ar[index] = val & 0x3f;
+ break;
+ case VGA_ATC_MODE:
+ s->ar[index] = val & ~0x10;
+ break;
+ case VGA_ATC_OVERSCAN:
+ s->ar[index] = val;
+ break;
+ case VGA_ATC_PLANE_ENABLE:
+ s->ar[index] = val & ~0xc0;
+ break;
+ case VGA_ATC_PEL:
+ s->ar[index] = val & ~0xf0;
+ break;
+ case VGA_ATC_COLOR_PAGE:
+ s->ar[index] = val & ~0xf0;
+ break;
+ default:
+ break;
+ }
+ }
+ s->ar_flip_flop ^= 1;
+ break;
+ case VGA_MIS_W:
+ s->msr = val & ~0x10;
+ s->update_retrace_info(s);
+ break;
+ case VGA_SEQ_I:
+ s->sr_index = val & 7;
+ break;
+ case VGA_SEQ_D:
+#ifdef DEBUG_VGA_REG
+ printf("vga: write SR%x = 0x%02x\n", s->sr_index, val);
+#endif
+ s->sr[s->sr_index] = val & sr_mask[s->sr_index];
+ if (s->sr_index == VGA_SEQ_CLOCK_MODE) {
+ s->update_retrace_info(s);
+ }
+ vga_update_memory_access(s);
+ break;
+ case VGA_PEL_IR:
+ s->dac_read_index = val;
+ s->dac_sub_index = 0;
+ s->dac_state = 3;
+ break;
+ case VGA_PEL_IW:
+ s->dac_write_index = val;
+ s->dac_sub_index = 0;
+ s->dac_state = 0;
+ break;
+ case VGA_PEL_D:
+ s->dac_cache[s->dac_sub_index] = val;
+ if (++s->dac_sub_index == 3) {
+ memcpy(&s->palette[s->dac_write_index * 3], s->dac_cache, 3);
+ s->dac_sub_index = 0;
+ s->dac_write_index++;
+ }
+ break;
+ case VGA_GFX_I:
+ s->gr_index = val & 0x0f;
+ break;
+ case VGA_GFX_D:
+#ifdef DEBUG_VGA_REG
+ printf("vga: write GR%x = 0x%02x\n", s->gr_index, val);
+#endif
+ s->gr[s->gr_index] = val & gr_mask[s->gr_index];
+ vga_update_memory_access(s);
+ break;
+ case VGA_CRT_IM:
+ case VGA_CRT_IC:
+ s->cr_index = val;
+ break;
+ case VGA_CRT_DM:
+ case VGA_CRT_DC:
+#ifdef DEBUG_VGA_REG
+ printf("vga: write CR%x = 0x%02x\n", s->cr_index, val);
+#endif
+ /* handle CR0-7 protection */
+ if ((s->cr[VGA_CRTC_V_SYNC_END] & VGA_CR11_LOCK_CR0_CR7) &&
+ s->cr_index <= VGA_CRTC_OVERFLOW) {
+ /* can always write bit 4 of CR7 */
+ if (s->cr_index == VGA_CRTC_OVERFLOW) {
+ s->cr[VGA_CRTC_OVERFLOW] = (s->cr[VGA_CRTC_OVERFLOW] & ~0x10) |
+ (val & 0x10);
+ }
+ return;
+ }
+ s->cr[s->cr_index] = val;
+
+ switch(s->cr_index) {
+ case VGA_CRTC_H_TOTAL:
+ case VGA_CRTC_H_SYNC_START:
+ case VGA_CRTC_H_SYNC_END:
+ case VGA_CRTC_V_TOTAL:
+ case VGA_CRTC_OVERFLOW:
+ case VGA_CRTC_V_SYNC_END:
+ case VGA_CRTC_MODE:
+ s->update_retrace_info(s);
+ break;
+ }
+ break;
+ case VGA_IS1_RM:
+ case VGA_IS1_RC:
+ s->fcr = val & 0x10;
+ break;
+ }
+}
+
+static uint32_t vbe_ioport_read_index(void *opaque, uint32_t addr)
+{
+ VGACommonState *s = opaque;
+ uint32_t val;
+ val = s->vbe_index;
+ return val;
+}
+
+uint32_t vbe_ioport_read_data(void *opaque, uint32_t addr)
+{
+ VGACommonState *s = opaque;
+ uint32_t val;
+
+ if (s->vbe_index < VBE_DISPI_INDEX_NB) {
+ if (s->vbe_regs[VBE_DISPI_INDEX_ENABLE] & VBE_DISPI_GETCAPS) {
+ switch(s->vbe_index) {
+ /* XXX: do not hardcode ? */
+ case VBE_DISPI_INDEX_XRES:
+ val = VBE_DISPI_MAX_XRES;
+ break;
+ case VBE_DISPI_INDEX_YRES:
+ val = VBE_DISPI_MAX_YRES;
+ break;
+ case VBE_DISPI_INDEX_BPP:
+ val = VBE_DISPI_MAX_BPP;
+ break;
+ default:
+ val = s->vbe_regs[s->vbe_index];
+ break;
+ }
+ } else {
+ val = s->vbe_regs[s->vbe_index];
+ }
+ } else if (s->vbe_index == VBE_DISPI_INDEX_VIDEO_MEMORY_64K) {
+ val = s->vram_size / (64 * 1024);
+ } else {
+ val = 0;
+ }
+#ifdef DEBUG_BOCHS_VBE
+ printf("VBE: read index=0x%x val=0x%x\n", s->vbe_index, val);
+#endif
+ return val;
+}
+
+void vbe_ioport_write_index(void *opaque, uint32_t addr, uint32_t val)
+{
+ VGACommonState *s = opaque;
+ s->vbe_index = val;
+}
+
+void vbe_ioport_write_data(void *opaque, uint32_t addr, uint32_t val)
+{
+ VGACommonState *s = opaque;
+
+ if (s->vbe_index <= VBE_DISPI_INDEX_NB) {
+#ifdef DEBUG_BOCHS_VBE
+ printf("VBE: write index=0x%x val=0x%x\n", s->vbe_index, val);
+#endif
+ switch(s->vbe_index) {
+ case VBE_DISPI_INDEX_ID:
+ if (val == VBE_DISPI_ID0 ||
+ val == VBE_DISPI_ID1 ||
+ val == VBE_DISPI_ID2 ||
+ val == VBE_DISPI_ID3 ||
+ val == VBE_DISPI_ID4) {
+ s->vbe_regs[s->vbe_index] = val;
+ }
+ break;
+ case VBE_DISPI_INDEX_XRES:
+ if ((val <= VBE_DISPI_MAX_XRES) && ((val & 7) == 0)) {
+ s->vbe_regs[s->vbe_index] = val;
+ }
+ break;
+ case VBE_DISPI_INDEX_YRES:
+ if (val <= VBE_DISPI_MAX_YRES) {
+ s->vbe_regs[s->vbe_index] = val;
+ }
+ break;
+ case VBE_DISPI_INDEX_BPP:
+ if (val == 0)
+ val = 8;
+ if (val == 4 || val == 8 || val == 15 ||
+ val == 16 || val == 24 || val == 32) {
+ s->vbe_regs[s->vbe_index] = val;
+ }
+ break;
+ case VBE_DISPI_INDEX_BANK:
+ if (s->vbe_regs[VBE_DISPI_INDEX_BPP] == 4) {
+ val &= (s->vbe_bank_mask >> 2);
+ } else {
+ val &= s->vbe_bank_mask;
+ }
+ s->vbe_regs[s->vbe_index] = val;
+ s->bank_offset = (val << 16);
+ vga_update_memory_access(s);
+ break;
+ case VBE_DISPI_INDEX_ENABLE:
+ if ((val & VBE_DISPI_ENABLED) &&
+ !(s->vbe_regs[VBE_DISPI_INDEX_ENABLE] & VBE_DISPI_ENABLED)) {
+ int h, shift_control;
+
+ s->vbe_regs[VBE_DISPI_INDEX_VIRT_WIDTH] =
+ s->vbe_regs[VBE_DISPI_INDEX_XRES];
+ s->vbe_regs[VBE_DISPI_INDEX_VIRT_HEIGHT] =
+ s->vbe_regs[VBE_DISPI_INDEX_YRES];
+ s->vbe_regs[VBE_DISPI_INDEX_X_OFFSET] = 0;
+ s->vbe_regs[VBE_DISPI_INDEX_Y_OFFSET] = 0;
+
+ if (s->vbe_regs[VBE_DISPI_INDEX_BPP] == 4)
+ s->vbe_line_offset = s->vbe_regs[VBE_DISPI_INDEX_XRES] >> 1;
+ else
+ s->vbe_line_offset = s->vbe_regs[VBE_DISPI_INDEX_XRES] *
+ ((s->vbe_regs[VBE_DISPI_INDEX_BPP] + 7) >> 3);
+ s->vbe_start_addr = 0;
+
+ /* clear the screen (should be done in BIOS) */
+ if (!(val & VBE_DISPI_NOCLEARMEM)) {
+ memset(s->vram_ptr, 0,
+ s->vbe_regs[VBE_DISPI_INDEX_YRES] * s->vbe_line_offset);
+ }
+
+ /* we initialize the VGA graphic mode (should be done
+ in BIOS) */
+ /* graphic mode + memory map 1 */
+ s->gr[VGA_GFX_MISC] = (s->gr[VGA_GFX_MISC] & ~0x0c) | 0x04 |
+ VGA_GR06_GRAPHICS_MODE;
+ s->cr[VGA_CRTC_MODE] |= 3; /* no CGA modes */
+ s->cr[VGA_CRTC_OFFSET] = s->vbe_line_offset >> 3;
+ /* width */
+ s->cr[VGA_CRTC_H_DISP] =
+ (s->vbe_regs[VBE_DISPI_INDEX_XRES] >> 3) - 1;
+ /* height (only meaningful if < 1024) */
+ h = s->vbe_regs[VBE_DISPI_INDEX_YRES] - 1;
+ s->cr[VGA_CRTC_V_DISP_END] = h;
+ s->cr[VGA_CRTC_OVERFLOW] = (s->cr[VGA_CRTC_OVERFLOW] & ~0x42) |
+ ((h >> 7) & 0x02) | ((h >> 3) & 0x40);
+ /* line compare to 1023 */
+ s->cr[VGA_CRTC_LINE_COMPARE] = 0xff;
+ s->cr[VGA_CRTC_OVERFLOW] |= 0x10;
+ s->cr[VGA_CRTC_MAX_SCAN] |= 0x40;
+
+ if (s->vbe_regs[VBE_DISPI_INDEX_BPP] == 4) {
+ shift_control = 0;
+ s->sr[VGA_SEQ_CLOCK_MODE] &= ~8; /* no double line */
+ } else {
+ shift_control = 2;
+ /* set chain 4 mode */
+ s->sr[VGA_SEQ_MEMORY_MODE] |= VGA_SR04_CHN_4M;
+ /* activate all planes */
+ s->sr[VGA_SEQ_PLANE_WRITE] |= VGA_SR02_ALL_PLANES;
+ }
+ s->gr[VGA_GFX_MODE] = (s->gr[VGA_GFX_MODE] & ~0x60) |
+ (shift_control << 5);
+ s->cr[VGA_CRTC_MAX_SCAN] &= ~0x9f; /* no double scan */
+ } else {
+ /* XXX: the bios should do that */
+ s->bank_offset = 0;
+ }
+ s->dac_8bit = (val & VBE_DISPI_8BIT_DAC) > 0;
+ s->vbe_regs[s->vbe_index] = val;
+ vga_update_memory_access(s);
+ break;
+ case VBE_DISPI_INDEX_VIRT_WIDTH:
+ {
+ int w, h, line_offset;
+
+ if (val < s->vbe_regs[VBE_DISPI_INDEX_XRES])
+ return;
+ w = val;
+ if (s->vbe_regs[VBE_DISPI_INDEX_BPP] == 4)
+ line_offset = w >> 1;
+ else
+ line_offset = w * ((s->vbe_regs[VBE_DISPI_INDEX_BPP] + 7) >> 3);
+ h = s->vram_size / line_offset;
+ /* XXX: support weird bochs semantics ? */
+ if (h < s->vbe_regs[VBE_DISPI_INDEX_YRES])
+ return;
+ s->vbe_regs[VBE_DISPI_INDEX_VIRT_WIDTH] = w;
+ s->vbe_regs[VBE_DISPI_INDEX_VIRT_HEIGHT] = h;
+ s->vbe_line_offset = line_offset;
+ }
+ break;
+ case VBE_DISPI_INDEX_X_OFFSET:
+ case VBE_DISPI_INDEX_Y_OFFSET:
+ {
+ int x;
+ s->vbe_regs[s->vbe_index] = val;
+ s->vbe_start_addr = s->vbe_line_offset * s->vbe_regs[VBE_DISPI_INDEX_Y_OFFSET];
+ x = s->vbe_regs[VBE_DISPI_INDEX_X_OFFSET];
+ if (s->vbe_regs[VBE_DISPI_INDEX_BPP] == 4)
+ s->vbe_start_addr += x >> 1;
+ else
+ s->vbe_start_addr += x * ((s->vbe_regs[VBE_DISPI_INDEX_BPP] + 7) >> 3);
+ s->vbe_start_addr >>= 2;
+ }
+ break;
+ default:
+ break;
+ }
+ }
+}
+
+/* called for accesses between 0xa0000 and 0xc0000 */
+uint32_t vga_mem_readb(VGACommonState *s, hwaddr addr)
+{
+ int memory_map_mode, plane;
+ uint32_t ret;
+
+ /* convert to VGA memory offset */
+ memory_map_mode = (s->gr[VGA_GFX_MISC] >> 2) & 3;
+ addr &= 0x1ffff;
+ switch(memory_map_mode) {
+ case 0:
+ break;
+ case 1:
+ if (addr >= 0x10000)
+ return 0xff;
+ addr += s->bank_offset;
+ break;
+ case 2:
+ addr -= 0x10000;
+ if (addr >= 0x8000)
+ return 0xff;
+ break;
+ default:
+ case 3:
+ addr -= 0x18000;
+ if (addr >= 0x8000)
+ return 0xff;
+ break;
+ }
+
+ if (s->sr[VGA_SEQ_MEMORY_MODE] & VGA_SR04_CHN_4M) {
+ /* chain 4 mode : simplest access */
+ ret = s->vram_ptr[addr];
+ } else if (s->gr[VGA_GFX_MODE] & 0x10) {
+ /* odd/even mode (aka text mode mapping) */
+ plane = (s->gr[VGA_GFX_PLANE_READ] & 2) | (addr & 1);
+ ret = s->vram_ptr[((addr & ~1) << 1) | plane];
+ } else {
+ /* standard VGA latched access */
+ s->latch = ((uint32_t *)s->vram_ptr)[addr];
+
+ if (!(s->gr[VGA_GFX_MODE] & 0x08)) {
+ /* read mode 0 */
+ plane = s->gr[VGA_GFX_PLANE_READ];
+ ret = GET_PLANE(s->latch, plane);
+ } else {
+ /* read mode 1 */
+ ret = (s->latch ^ mask16[s->gr[VGA_GFX_COMPARE_VALUE]]) &
+ mask16[s->gr[VGA_GFX_COMPARE_MASK]];
+ ret |= ret >> 16;
+ ret |= ret >> 8;
+ ret = (~ret) & 0xff;
+ }
+ }
+ return ret;
+}
+
+/* called for accesses between 0xa0000 and 0xc0000 */
+void vga_mem_writeb(VGACommonState *s, hwaddr addr, uint32_t val)
+{
+ int memory_map_mode, plane, write_mode, b, func_select, mask;
+ uint32_t write_mask, bit_mask, set_mask;
+
+#ifdef DEBUG_VGA_MEM
+ printf("vga: [0x" TARGET_FMT_plx "] = 0x%02x\n", addr, val);
+#endif
+ /* convert to VGA memory offset */
+ memory_map_mode = (s->gr[VGA_GFX_MISC] >> 2) & 3;
+ addr &= 0x1ffff;
+ switch(memory_map_mode) {
+ case 0:
+ break;
+ case 1:
+ if (addr >= 0x10000)
+ return;
+ addr += s->bank_offset;
+ break;
+ case 2:
+ addr -= 0x10000;
+ if (addr >= 0x8000)
+ return;
+ break;
+ default:
+ case 3:
+ addr -= 0x18000;
+ if (addr >= 0x8000)
+ return;
+ break;
+ }
+
+ if (s->sr[VGA_SEQ_MEMORY_MODE] & VGA_SR04_CHN_4M) {
+ /* chain 4 mode : simplest access */
+ plane = addr & 3;
+ mask = (1 << plane);
+ if (s->sr[VGA_SEQ_PLANE_WRITE] & mask) {
+ s->vram_ptr[addr] = val;
+#ifdef DEBUG_VGA_MEM
+ printf("vga: chain4: [0x" TARGET_FMT_plx "]\n", addr);
+#endif
+ s->plane_updated |= mask; /* only used to detect font change */
+ memory_region_set_dirty(&s->vram, addr, 1);
+ }
+ } else if (s->gr[VGA_GFX_MODE] & 0x10) {
+ /* odd/even mode (aka text mode mapping) */
+ plane = (s->gr[VGA_GFX_PLANE_READ] & 2) | (addr & 1);
+ mask = (1 << plane);
+ if (s->sr[VGA_SEQ_PLANE_WRITE] & mask) {
+ addr = ((addr & ~1) << 1) | plane;
+ s->vram_ptr[addr] = val;
+#ifdef DEBUG_VGA_MEM
+ printf("vga: odd/even: [0x" TARGET_FMT_plx "]\n", addr);
+#endif
+ s->plane_updated |= mask; /* only used to detect font change */
+ memory_region_set_dirty(&s->vram, addr, 1);
+ }
+ } else {
+ /* standard VGA latched access */
+ write_mode = s->gr[VGA_GFX_MODE] & 3;
+ switch(write_mode) {
+ default:
+ case 0:
+ /* rotate */
+ b = s->gr[VGA_GFX_DATA_ROTATE] & 7;
+ val = ((val >> b) | (val << (8 - b))) & 0xff;
+ val |= val << 8;
+ val |= val << 16;
+
+ /* apply set/reset mask */
+ set_mask = mask16[s->gr[VGA_GFX_SR_ENABLE]];
+ val = (val & ~set_mask) |
+ (mask16[s->gr[VGA_GFX_SR_VALUE]] & set_mask);
+ bit_mask = s->gr[VGA_GFX_BIT_MASK];
+ break;
+ case 1:
+ val = s->latch;
+ goto do_write;
+ case 2:
+ val = mask16[val & 0x0f];
+ bit_mask = s->gr[VGA_GFX_BIT_MASK];
+ break;
+ case 3:
+ /* rotate */
+ b = s->gr[VGA_GFX_DATA_ROTATE] & 7;
+ val = (val >> b) | (val << (8 - b));
+
+ bit_mask = s->gr[VGA_GFX_BIT_MASK] & val;
+ val = mask16[s->gr[VGA_GFX_SR_VALUE]];
+ break;
+ }
+
+ /* apply logical operation */
+ func_select = s->gr[VGA_GFX_DATA_ROTATE] >> 3;
+ switch(func_select) {
+ case 0:
+ default:
+ /* nothing to do */
+ break;
+ case 1:
+ /* and */
+ val &= s->latch;
+ break;
+ case 2:
+ /* or */
+ val |= s->latch;
+ break;
+ case 3:
+ /* xor */
+ val ^= s->latch;
+ break;
+ }
+
+ /* apply bit mask */
+ bit_mask |= bit_mask << 8;
+ bit_mask |= bit_mask << 16;
+ val = (val & bit_mask) | (s->latch & ~bit_mask);
+
+ do_write:
+ /* mask data according to sr[2] */
+ mask = s->sr[VGA_SEQ_PLANE_WRITE];
+ s->plane_updated |= mask; /* only used to detect font change */
+ write_mask = mask16[mask];
+ ((uint32_t *)s->vram_ptr)[addr] =
+ (((uint32_t *)s->vram_ptr)[addr] & ~write_mask) |
+ (val & write_mask);
+#ifdef DEBUG_VGA_MEM
+ printf("vga: latch: [0x" TARGET_FMT_plx "] mask=0x%08x val=0x%08x\n",
+ addr * 4, write_mask, val);
+#endif
+ memory_region_set_dirty(&s->vram, addr << 2, sizeof(uint32_t));
+ }
+}
+
+typedef void vga_draw_glyph8_func(uint8_t *d, int linesize,
+ const uint8_t *font_ptr, int h,
+ uint32_t fgcol, uint32_t bgcol);
+typedef void vga_draw_glyph9_func(uint8_t *d, int linesize,
+ const uint8_t *font_ptr, int h,
+ uint32_t fgcol, uint32_t bgcol, int dup9);
+typedef void vga_draw_line_func(VGACommonState *s1, uint8_t *d,
+ const uint8_t *s, int width);
+
+#define DEPTH 8
+#include "vga_template.h"
+
+#define DEPTH 15
+#include "vga_template.h"
+
+#define BGR_FORMAT
+#define DEPTH 15
+#include "vga_template.h"
+
+#define DEPTH 16
+#include "vga_template.h"
+
+#define BGR_FORMAT
+#define DEPTH 16
+#include "vga_template.h"
+
+#define DEPTH 32
+#include "vga_template.h"
+
+#define BGR_FORMAT
+#define DEPTH 32
+#include "vga_template.h"
+
+static unsigned int rgb_to_pixel8_dup(unsigned int r, unsigned int g, unsigned b)
+{
+ unsigned int col;
+ col = rgb_to_pixel8(r, g, b);
+ col |= col << 8;
+ col |= col << 16;
+ return col;
+}
+
+static unsigned int rgb_to_pixel15_dup(unsigned int r, unsigned int g, unsigned b)
+{
+ unsigned int col;
+ col = rgb_to_pixel15(r, g, b);
+ col |= col << 16;
+ return col;
+}
+
+static unsigned int rgb_to_pixel15bgr_dup(unsigned int r, unsigned int g,
+ unsigned int b)
+{
+ unsigned int col;
+ col = rgb_to_pixel15bgr(r, g, b);
+ col |= col << 16;
+ return col;
+}
+
+static unsigned int rgb_to_pixel16_dup(unsigned int r, unsigned int g, unsigned b)
+{
+ unsigned int col;
+ col = rgb_to_pixel16(r, g, b);
+ col |= col << 16;
+ return col;
+}
+
+static unsigned int rgb_to_pixel16bgr_dup(unsigned int r, unsigned int g,
+ unsigned int b)
+{
+ unsigned int col;
+ col = rgb_to_pixel16bgr(r, g, b);
+ col |= col << 16;
+ return col;
+}
+
+static unsigned int rgb_to_pixel32_dup(unsigned int r, unsigned int g, unsigned b)
+{
+ unsigned int col;
+ col = rgb_to_pixel32(r, g, b);
+ return col;
+}
+
+static unsigned int rgb_to_pixel32bgr_dup(unsigned int r, unsigned int g, unsigned b)
+{
+ unsigned int col;
+ col = rgb_to_pixel32bgr(r, g, b);
+ return col;
+}
+
+/* return true if the palette was modified */
+static int update_palette16(VGACommonState *s)
+{
+ int full_update, i;
+ uint32_t v, col, *palette;
+
+ full_update = 0;
+ palette = s->last_palette;
+ for(i = 0; i < 16; i++) {
+ v = s->ar[i];
+ if (s->ar[VGA_ATC_MODE] & 0x80) {
+ v = ((s->ar[VGA_ATC_COLOR_PAGE] & 0xf) << 4) | (v & 0xf);
+ } else {
+ v = ((s->ar[VGA_ATC_COLOR_PAGE] & 0xc) << 4) | (v & 0x3f);
+ }
+ v = v * 3;
+ col = s->rgb_to_pixel(c6_to_8(s->palette[v]),
+ c6_to_8(s->palette[v + 1]),
+ c6_to_8(s->palette[v + 2]));
+ if (col != palette[i]) {
+ full_update = 1;
+ palette[i] = col;
+ }
+ }
+ return full_update;
+}
+
+/* return true if the palette was modified */
+static int update_palette256(VGACommonState *s)
+{
+ int full_update, i;
+ uint32_t v, col, *palette;
+
+ full_update = 0;
+ palette = s->last_palette;
+ v = 0;
+ for(i = 0; i < 256; i++) {
+ if (s->dac_8bit) {
+ col = s->rgb_to_pixel(s->palette[v],
+ s->palette[v + 1],
+ s->palette[v + 2]);
+ } else {
+ col = s->rgb_to_pixel(c6_to_8(s->palette[v]),
+ c6_to_8(s->palette[v + 1]),
+ c6_to_8(s->palette[v + 2]));
+ }
+ if (col != palette[i]) {
+ full_update = 1;
+ palette[i] = col;
+ }
+ v += 3;
+ }
+ return full_update;
+}
+
+static void vga_get_offsets(VGACommonState *s,
+ uint32_t *pline_offset,
+ uint32_t *pstart_addr,
+ uint32_t *pline_compare)
+{
+ uint32_t start_addr, line_offset, line_compare;
+
+ if (s->vbe_regs[VBE_DISPI_INDEX_ENABLE] & VBE_DISPI_ENABLED) {
+ line_offset = s->vbe_line_offset;
+ start_addr = s->vbe_start_addr;
+ line_compare = 65535;
+ } else {
+ /* compute line_offset in bytes */
+ line_offset = s->cr[VGA_CRTC_OFFSET];
+ line_offset <<= 3;
+
+ /* starting address */
+ start_addr = s->cr[VGA_CRTC_START_LO] |
+ (s->cr[VGA_CRTC_START_HI] << 8);
+
+ /* line compare */
+ line_compare = s->cr[VGA_CRTC_LINE_COMPARE] |
+ ((s->cr[VGA_CRTC_OVERFLOW] & 0x10) << 4) |
+ ((s->cr[VGA_CRTC_MAX_SCAN] & 0x40) << 3);
+ }
+ *pline_offset = line_offset;
+ *pstart_addr = start_addr;
+ *pline_compare = line_compare;
+}
+
+/* update start_addr and line_offset. Return TRUE if modified */
+static int update_basic_params(VGACommonState *s)
+{
+ int full_update;
+ uint32_t start_addr, line_offset, line_compare;
+
+ full_update = 0;
+
+ s->get_offsets(s, &line_offset, &start_addr, &line_compare);
+
+ if (line_offset != s->line_offset ||
+ start_addr != s->start_addr ||
+ line_compare != s->line_compare) {
+ s->line_offset = line_offset;
+ s->start_addr = start_addr;
+ s->line_compare = line_compare;
+ full_update = 1;
+ }
+ return full_update;
+}
+
+#define NB_DEPTHS 7
+
+static inline int get_depth_index(DisplaySurface *s)
+{
+ switch (surface_bits_per_pixel(s)) {
+ default:
+ case 8:
+ return 0;
+ case 15:
+ return 1;
+ case 16:
+ return 2;
+ case 32:
+ if (is_surface_bgr(s)) {
+ return 4;
+ } else {
+ return 3;
+ }
+ }
+}
+
+static vga_draw_glyph8_func * const vga_draw_glyph8_table[NB_DEPTHS] = {
+ vga_draw_glyph8_8,
+ vga_draw_glyph8_16,
+ vga_draw_glyph8_16,
+ vga_draw_glyph8_32,
+ vga_draw_glyph8_32,
+ vga_draw_glyph8_16,
+ vga_draw_glyph8_16,
+};
+
+static vga_draw_glyph8_func * const vga_draw_glyph16_table[NB_DEPTHS] = {
+ vga_draw_glyph16_8,
+ vga_draw_glyph16_16,
+ vga_draw_glyph16_16,
+ vga_draw_glyph16_32,
+ vga_draw_glyph16_32,
+ vga_draw_glyph16_16,
+ vga_draw_glyph16_16,
+};
+
+static vga_draw_glyph9_func * const vga_draw_glyph9_table[NB_DEPTHS] = {
+ vga_draw_glyph9_8,
+ vga_draw_glyph9_16,
+ vga_draw_glyph9_16,
+ vga_draw_glyph9_32,
+ vga_draw_glyph9_32,
+ vga_draw_glyph9_16,
+ vga_draw_glyph9_16,
+};
+
+static const uint8_t cursor_glyph[32 * 4] = {
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+};
+
+static void vga_get_text_resolution(VGACommonState *s, int *pwidth, int *pheight,
+ int *pcwidth, int *pcheight)
+{
+ int width, cwidth, height, cheight;
+
+ /* total width & height */
+ cheight = (s->cr[VGA_CRTC_MAX_SCAN] & 0x1f) + 1;
+ cwidth = 8;
+ if (!(s->sr[VGA_SEQ_CLOCK_MODE] & VGA_SR01_CHAR_CLK_8DOTS)) {
+ cwidth = 9;
+ }
+ if (s->sr[VGA_SEQ_CLOCK_MODE] & 0x08) {
+ cwidth = 16; /* NOTE: no 18 pixel wide */
+ }
+ width = (s->cr[VGA_CRTC_H_DISP] + 1);
+ if (s->cr[VGA_CRTC_V_TOTAL] == 100) {
+ /* ugly hack for CGA 160x100x16 - explain me the logic */
+ height = 100;
+ } else {
+ height = s->cr[VGA_CRTC_V_DISP_END] |
+ ((s->cr[VGA_CRTC_OVERFLOW] & 0x02) << 7) |
+ ((s->cr[VGA_CRTC_OVERFLOW] & 0x40) << 3);
+ height = (height + 1) / cheight;
+ }
+
+ *pwidth = width;
+ *pheight = height;
+ *pcwidth = cwidth;
+ *pcheight = cheight;
+}
+
+typedef unsigned int rgb_to_pixel_dup_func(unsigned int r, unsigned int g, unsigned b);
+
+static rgb_to_pixel_dup_func * const rgb_to_pixel_dup_table[NB_DEPTHS] = {
+ rgb_to_pixel8_dup,
+ rgb_to_pixel15_dup,
+ rgb_to_pixel16_dup,
+ rgb_to_pixel32_dup,
+ rgb_to_pixel32bgr_dup,
+ rgb_to_pixel15bgr_dup,
+ rgb_to_pixel16bgr_dup,
+};
+
+/*
+ * Text mode update
+ * Missing:
+ * - double scan
+ * - double width
+ * - underline
+ * - flashing
+ */
+static void vga_draw_text(VGACommonState *s, int full_update)
+{
+ DisplaySurface *surface = qemu_console_surface(s->con);
+ int cx, cy, cheight, cw, ch, cattr, height, width, ch_attr;
+ int cx_min, cx_max, linesize, x_incr, line, line1;
+ uint32_t offset, fgcol, bgcol, v, cursor_offset;
+ uint8_t *d1, *d, *src, *dest, *cursor_ptr;
+ const uint8_t *font_ptr, *font_base[2];
+ int dup9, line_offset, depth_index;
+ uint32_t *palette;
+ uint32_t *ch_attr_ptr;
+ vga_draw_glyph8_func *vga_draw_glyph8;
+ vga_draw_glyph9_func *vga_draw_glyph9;
+ int64_t now = qemu_get_clock_ms(vm_clock);
+
+ /* compute font data address (in plane 2) */
+ v = s->sr[VGA_SEQ_CHARACTER_MAP];
+ offset = (((v >> 4) & 1) | ((v << 1) & 6)) * 8192 * 4 + 2;
+ if (offset != s->font_offsets[0]) {
+ s->font_offsets[0] = offset;
+ full_update = 1;
+ }
+ font_base[0] = s->vram_ptr + offset;
+
+ offset = (((v >> 5) & 1) | ((v >> 1) & 6)) * 8192 * 4 + 2;
+ font_base[1] = s->vram_ptr + offset;
+ if (offset != s->font_offsets[1]) {
+ s->font_offsets[1] = offset;
+ full_update = 1;
+ }
+ if (s->plane_updated & (1 << 2) || s->chain4_alias) {
+ /* if the plane 2 was modified since the last display, it
+ indicates the font may have been modified */
+ s->plane_updated = 0;
+ full_update = 1;
+ }
+ full_update |= update_basic_params(s);
+
+ line_offset = s->line_offset;
+
+ vga_get_text_resolution(s, &width, &height, &cw, &cheight);
+ if ((height * width) <= 1) {
+ /* better than nothing: exit if transient size is too small */
+ return;
+ }
+ if ((height * width) > CH_ATTR_SIZE) {
+ /* better than nothing: exit if transient size is too big */
+ return;
+ }
+
+ if (width != s->last_width || height != s->last_height ||
+ cw != s->last_cw || cheight != s->last_ch || s->last_depth) {
+ s->last_scr_width = width * cw;
+ s->last_scr_height = height * cheight;
+ qemu_console_resize(s->con, s->last_scr_width, s->last_scr_height);
+ surface = qemu_console_surface(s->con);
+ dpy_text_resize(s->con, width, height);
+ s->last_depth = 0;
+ s->last_width = width;
+ s->last_height = height;
+ s->last_ch = cheight;
+ s->last_cw = cw;
+ full_update = 1;
+ }
+ s->rgb_to_pixel =
+ rgb_to_pixel_dup_table[get_depth_index(surface)];
+ full_update |= update_palette16(s);
+ palette = s->last_palette;
+ x_incr = cw * surface_bytes_per_pixel(surface);
+
+ if (full_update) {
+ s->full_update_text = 1;
+ }
+ if (s->full_update_gfx) {
+ s->full_update_gfx = 0;
+ full_update |= 1;
+ }
+
+ cursor_offset = ((s->cr[VGA_CRTC_CURSOR_HI] << 8) |
+ s->cr[VGA_CRTC_CURSOR_LO]) - s->start_addr;
+ if (cursor_offset != s->cursor_offset ||
+ s->cr[VGA_CRTC_CURSOR_START] != s->cursor_start ||
+ s->cr[VGA_CRTC_CURSOR_END] != s->cursor_end) {
+ /* if the cursor position changed, we update the old and new
+ chars */
+ if (s->cursor_offset < CH_ATTR_SIZE)
+ s->last_ch_attr[s->cursor_offset] = -1;
+ if (cursor_offset < CH_ATTR_SIZE)
+ s->last_ch_attr[cursor_offset] = -1;
+ s->cursor_offset = cursor_offset;
+ s->cursor_start = s->cr[VGA_CRTC_CURSOR_START];
+ s->cursor_end = s->cr[VGA_CRTC_CURSOR_END];
+ }
+ cursor_ptr = s->vram_ptr + (s->start_addr + cursor_offset) * 4;
+ if (now >= s->cursor_blink_time) {
+ s->cursor_blink_time = now + VGA_TEXT_CURSOR_PERIOD_MS / 2;
+ s->cursor_visible_phase = !s->cursor_visible_phase;
+ }
+
+ depth_index = get_depth_index(surface);
+ if (cw == 16)
+ vga_draw_glyph8 = vga_draw_glyph16_table[depth_index];
+ else
+ vga_draw_glyph8 = vga_draw_glyph8_table[depth_index];
+ vga_draw_glyph9 = vga_draw_glyph9_table[depth_index];
+
+ dest = surface_data(surface);
+ linesize = surface_stride(surface);
+ ch_attr_ptr = s->last_ch_attr;
+ line = 0;
+ offset = s->start_addr * 4;
+ for(cy = 0; cy < height; cy++) {
+ d1 = dest;
+ src = s->vram_ptr + offset;
+ cx_min = width;
+ cx_max = -1;
+ for(cx = 0; cx < width; cx++) {
+ ch_attr = *(uint16_t *)src;
+ if (full_update || ch_attr != *ch_attr_ptr || src == cursor_ptr) {
+ if (cx < cx_min)
+ cx_min = cx;
+ if (cx > cx_max)
+ cx_max = cx;
+ *ch_attr_ptr = ch_attr;
+#ifdef HOST_WORDS_BIGENDIAN
+ ch = ch_attr >> 8;
+ cattr = ch_attr & 0xff;
+#else
+ ch = ch_attr & 0xff;
+ cattr = ch_attr >> 8;
+#endif
+ font_ptr = font_base[(cattr >> 3) & 1];
+ font_ptr += 32 * 4 * ch;
+ bgcol = palette[cattr >> 4];
+ fgcol = palette[cattr & 0x0f];
+ if (cw != 9) {
+ vga_draw_glyph8(d1, linesize,
+ font_ptr, cheight, fgcol, bgcol);
+ } else {
+ dup9 = 0;
+ if (ch >= 0xb0 && ch <= 0xdf &&
+ (s->ar[VGA_ATC_MODE] & 0x04)) {
+ dup9 = 1;
+ }
+ vga_draw_glyph9(d1, linesize,
+ font_ptr, cheight, fgcol, bgcol, dup9);
+ }
+ if (src == cursor_ptr &&
+ !(s->cr[VGA_CRTC_CURSOR_START] & 0x20) &&
+ s->cursor_visible_phase) {
+ int line_start, line_last, h;
+ /* draw the cursor */
+ line_start = s->cr[VGA_CRTC_CURSOR_START] & 0x1f;
+ line_last = s->cr[VGA_CRTC_CURSOR_END] & 0x1f;
+ /* XXX: check that */
+ if (line_last > cheight - 1)
+ line_last = cheight - 1;
+ if (line_last >= line_start && line_start < cheight) {
+ h = line_last - line_start + 1;
+ d = d1 + linesize * line_start;
+ if (cw != 9) {
+ vga_draw_glyph8(d, linesize,
+ cursor_glyph, h, fgcol, bgcol);
+ } else {
+ vga_draw_glyph9(d, linesize,
+ cursor_glyph, h, fgcol, bgcol, 1);
+ }
+ }
+ }
+ }
+ d1 += x_incr;
+ src += 4;
+ ch_attr_ptr++;
+ }
+ if (cx_max != -1) {
+ dpy_gfx_update(s->con, cx_min * cw, cy * cheight,
+ (cx_max - cx_min + 1) * cw, cheight);
+ }
+ dest += linesize * cheight;
+ line1 = line + cheight;
+ offset += line_offset;
+ if (line < s->line_compare && line1 >= s->line_compare) {
+ offset = 0;
+ }
+ line = line1;
+ }
+}
+
+enum {
+ VGA_DRAW_LINE2,
+ VGA_DRAW_LINE2D2,
+ VGA_DRAW_LINE4,
+ VGA_DRAW_LINE4D2,
+ VGA_DRAW_LINE8D2,
+ VGA_DRAW_LINE8,
+ VGA_DRAW_LINE15,
+ VGA_DRAW_LINE16,
+ VGA_DRAW_LINE24,
+ VGA_DRAW_LINE32,
+ VGA_DRAW_LINE_NB,
+};
+
+static vga_draw_line_func * const vga_draw_line_table[NB_DEPTHS * VGA_DRAW_LINE_NB] = {
+ vga_draw_line2_8,
+ vga_draw_line2_16,
+ vga_draw_line2_16,
+ vga_draw_line2_32,
+ vga_draw_line2_32,
+ vga_draw_line2_16,
+ vga_draw_line2_16,
+
+ vga_draw_line2d2_8,
+ vga_draw_line2d2_16,
+ vga_draw_line2d2_16,
+ vga_draw_line2d2_32,
+ vga_draw_line2d2_32,
+ vga_draw_line2d2_16,
+ vga_draw_line2d2_16,
+
+ vga_draw_line4_8,
+ vga_draw_line4_16,
+ vga_draw_line4_16,
+ vga_draw_line4_32,
+ vga_draw_line4_32,
+ vga_draw_line4_16,
+ vga_draw_line4_16,
+
+ vga_draw_line4d2_8,
+ vga_draw_line4d2_16,
+ vga_draw_line4d2_16,
+ vga_draw_line4d2_32,
+ vga_draw_line4d2_32,
+ vga_draw_line4d2_16,
+ vga_draw_line4d2_16,
+
+ vga_draw_line8d2_8,
+ vga_draw_line8d2_16,
+ vga_draw_line8d2_16,
+ vga_draw_line8d2_32,
+ vga_draw_line8d2_32,
+ vga_draw_line8d2_16,
+ vga_draw_line8d2_16,
+
+ vga_draw_line8_8,
+ vga_draw_line8_16,
+ vga_draw_line8_16,
+ vga_draw_line8_32,
+ vga_draw_line8_32,
+ vga_draw_line8_16,
+ vga_draw_line8_16,
+
+ vga_draw_line15_8,
+ vga_draw_line15_15,
+ vga_draw_line15_16,
+ vga_draw_line15_32,
+ vga_draw_line15_32bgr,
+ vga_draw_line15_15bgr,
+ vga_draw_line15_16bgr,
+
+ vga_draw_line16_8,
+ vga_draw_line16_15,
+ vga_draw_line16_16,
+ vga_draw_line16_32,
+ vga_draw_line16_32bgr,
+ vga_draw_line16_15bgr,
+ vga_draw_line16_16bgr,
+
+ vga_draw_line24_8,
+ vga_draw_line24_15,
+ vga_draw_line24_16,
+ vga_draw_line24_32,
+ vga_draw_line24_32bgr,
+ vga_draw_line24_15bgr,
+ vga_draw_line24_16bgr,
+
+ vga_draw_line32_8,
+ vga_draw_line32_15,
+ vga_draw_line32_16,
+ vga_draw_line32_32,
+ vga_draw_line32_32bgr,
+ vga_draw_line32_15bgr,
+ vga_draw_line32_16bgr,
+};
+
+static int vga_get_bpp(VGACommonState *s)
+{
+ int ret;
+
+ if (s->vbe_regs[VBE_DISPI_INDEX_ENABLE] & VBE_DISPI_ENABLED) {
+ ret = s->vbe_regs[VBE_DISPI_INDEX_BPP];
+ } else {
+ ret = 0;
+ }
+ return ret;
+}
+
+static void vga_get_resolution(VGACommonState *s, int *pwidth, int *pheight)
+{
+ int width, height;
+
+ if (s->vbe_regs[VBE_DISPI_INDEX_ENABLE] & VBE_DISPI_ENABLED) {
+ width = s->vbe_regs[VBE_DISPI_INDEX_XRES];
+ height = s->vbe_regs[VBE_DISPI_INDEX_YRES];
+ } else {
+ width = (s->cr[VGA_CRTC_H_DISP] + 1) * 8;
+ height = s->cr[VGA_CRTC_V_DISP_END] |
+ ((s->cr[VGA_CRTC_OVERFLOW] & 0x02) << 7) |
+ ((s->cr[VGA_CRTC_OVERFLOW] & 0x40) << 3);
+ height = (height + 1);
+ }
+ *pwidth = width;
+ *pheight = height;
+}
+
+void vga_invalidate_scanlines(VGACommonState *s, int y1, int y2)
+{
+ int y;
+ if (y1 >= VGA_MAX_HEIGHT)
+ return;
+ if (y2 >= VGA_MAX_HEIGHT)
+ y2 = VGA_MAX_HEIGHT;
+ for(y = y1; y < y2; y++) {
+ s->invalidated_y_table[y >> 5] |= 1 << (y & 0x1f);
+ }
+}
+
+void vga_sync_dirty_bitmap(VGACommonState *s)
+{
+ memory_region_sync_dirty_bitmap(&s->vram);
+}
+
+void vga_dirty_log_start(VGACommonState *s)
+{
+ memory_region_set_log(&s->vram, true, DIRTY_MEMORY_VGA);
+}
+
+void vga_dirty_log_stop(VGACommonState *s)
+{
+ memory_region_set_log(&s->vram, false, DIRTY_MEMORY_VGA);
+}
+
+/*
+ * graphic modes
+ */
+static void vga_draw_graphic(VGACommonState *s, int full_update)
+{
+ DisplaySurface *surface = qemu_console_surface(s->con);
+ int y1, y, update, linesize, y_start, double_scan, mask, depth;
+ int width, height, shift_control, line_offset, bwidth, bits;
+ ram_addr_t page0, page1, page_min, page_max;
+ int disp_width, multi_scan, multi_run;
+ uint8_t *d;
+ uint32_t v, addr1, addr;
+ vga_draw_line_func *vga_draw_line;
+#if defined(HOST_WORDS_BIGENDIAN) == defined(TARGET_WORDS_BIGENDIAN)
+ static const bool byteswap = false;
+#else
+ static const bool byteswap = true;
+#endif
+
+ full_update |= update_basic_params(s);
+
+ if (!full_update)
+ vga_sync_dirty_bitmap(s);
+
+ s->get_resolution(s, &width, &height);
+ disp_width = width;
+
+ shift_control = (s->gr[VGA_GFX_MODE] >> 5) & 3;
+ double_scan = (s->cr[VGA_CRTC_MAX_SCAN] >> 7);
+ if (shift_control != 1) {
+ multi_scan = (((s->cr[VGA_CRTC_MAX_SCAN] & 0x1f) + 1) << double_scan)
+ - 1;
+ } else {
+ /* in CGA modes, multi_scan is ignored */
+ /* XXX: is it correct ? */
+ multi_scan = double_scan;
+ }
+ multi_run = multi_scan;
+ if (shift_control != s->shift_control ||
+ double_scan != s->double_scan) {
+ full_update = 1;
+ s->shift_control = shift_control;
+ s->double_scan = double_scan;
+ }
+
+ if (shift_control == 0) {
+ if (s->sr[VGA_SEQ_CLOCK_MODE] & 8) {
+ disp_width <<= 1;
+ }
+ } else if (shift_control == 1) {
+ if (s->sr[VGA_SEQ_CLOCK_MODE] & 8) {
+ disp_width <<= 1;
+ }
+ }
+
+ depth = s->get_bpp(s);
+ if (s->line_offset != s->last_line_offset ||
+ disp_width != s->last_width ||
+ height != s->last_height ||
+ s->last_depth != depth) {
+ if (depth == 32 || (depth == 16 && !byteswap)) {
+ surface = qemu_create_displaysurface_from(disp_width,
+ height, depth, s->line_offset,
+ s->vram_ptr + (s->start_addr * 4), byteswap);
+ dpy_gfx_replace_surface(s->con, surface);
+ } else {
+ qemu_console_resize(s->con, disp_width, height);
+ surface = qemu_console_surface(s->con);
+ }
+ s->last_scr_width = disp_width;
+ s->last_scr_height = height;
+ s->last_width = disp_width;
+ s->last_height = height;
+ s->last_line_offset = s->line_offset;
+ s->last_depth = depth;
+ full_update = 1;
+ } else if (is_buffer_shared(surface) &&
+ (full_update || surface_data(surface) != s->vram_ptr
+ + (s->start_addr * 4))) {
+ DisplaySurface *surface;
+ surface = qemu_create_displaysurface_from(disp_width,
+ height, depth, s->line_offset,
+ s->vram_ptr + (s->start_addr * 4), byteswap);
+ dpy_gfx_replace_surface(s->con, surface);
+ }
+
+ s->rgb_to_pixel =
+ rgb_to_pixel_dup_table[get_depth_index(surface)];
+
+ if (shift_control == 0) {
+ full_update |= update_palette16(s);
+ if (s->sr[VGA_SEQ_CLOCK_MODE] & 8) {
+ v = VGA_DRAW_LINE4D2;
+ } else {
+ v = VGA_DRAW_LINE4;
+ }
+ bits = 4;
+ } else if (shift_control == 1) {
+ full_update |= update_palette16(s);
+ if (s->sr[VGA_SEQ_CLOCK_MODE] & 8) {
+ v = VGA_DRAW_LINE2D2;
+ } else {
+ v = VGA_DRAW_LINE2;
+ }
+ bits = 4;
+ } else {
+ switch(s->get_bpp(s)) {
+ default:
+ case 0:
+ full_update |= update_palette256(s);
+ v = VGA_DRAW_LINE8D2;
+ bits = 4;
+ break;
+ case 8:
+ full_update |= update_palette256(s);
+ v = VGA_DRAW_LINE8;
+ bits = 8;
+ break;
+ case 15:
+ v = VGA_DRAW_LINE15;
+ bits = 16;
+ break;
+ case 16:
+ v = VGA_DRAW_LINE16;
+ bits = 16;
+ break;
+ case 24:
+ v = VGA_DRAW_LINE24;
+ bits = 24;
+ break;
+ case 32:
+ v = VGA_DRAW_LINE32;
+ bits = 32;
+ break;
+ }
+ }
+ vga_draw_line = vga_draw_line_table[v * NB_DEPTHS +
+ get_depth_index(surface)];
+
+ if (!is_buffer_shared(surface) && s->cursor_invalidate) {
+ s->cursor_invalidate(s);
+ }
+
+ line_offset = s->line_offset;
+#if 0
+ printf("w=%d h=%d v=%d line_offset=%d cr[0x09]=0x%02x cr[0x17]=0x%02x linecmp=%d sr[0x01]=0x%02x\n",
+ width, height, v, line_offset, s->cr[9], s->cr[VGA_CRTC_MODE],
+ s->line_compare, s->sr[VGA_SEQ_CLOCK_MODE]);
+#endif
+ addr1 = (s->start_addr * 4);
+ bwidth = (width * bits + 7) / 8;
+ y_start = -1;
+ page_min = -1;
+ page_max = 0;
+ d = surface_data(surface);
+ linesize = surface_stride(surface);
+ y1 = 0;
+ for(y = 0; y < height; y++) {
+ addr = addr1;
+ if (!(s->cr[VGA_CRTC_MODE] & 1)) {
+ int shift;
+ /* CGA compatibility handling */
+ shift = 14 + ((s->cr[VGA_CRTC_MODE] >> 6) & 1);
+ addr = (addr & ~(1 << shift)) | ((y1 & 1) << shift);
+ }
+ if (!(s->cr[VGA_CRTC_MODE] & 2)) {
+ addr = (addr & ~0x8000) | ((y1 & 2) << 14);
+ }
+ update = full_update;
+ page0 = addr;
+ page1 = addr + bwidth - 1;
+ update |= memory_region_get_dirty(&s->vram, page0, page1 - page0,
+ DIRTY_MEMORY_VGA);
+ /* explicit invalidation for the hardware cursor */
+ update |= (s->invalidated_y_table[y >> 5] >> (y & 0x1f)) & 1;
+ if (update) {
+ if (y_start < 0)
+ y_start = y;
+ if (page0 < page_min)
+ page_min = page0;
+ if (page1 > page_max)
+ page_max = page1;
+ if (!(is_buffer_shared(surface))) {
+ vga_draw_line(s, d, s->vram_ptr + addr, width);
+ if (s->cursor_draw_line)
+ s->cursor_draw_line(s, d, y);
+ }
+ } else {
+ if (y_start >= 0) {
+ /* flush to display */
+ dpy_gfx_update(s->con, 0, y_start,
+ disp_width, y - y_start);
+ y_start = -1;
+ }
+ }
+ if (!multi_run) {
+ mask = (s->cr[VGA_CRTC_MODE] & 3) ^ 3;
+ if ((y1 & mask) == mask)
+ addr1 += line_offset;
+ y1++;
+ multi_run = multi_scan;
+ } else {
+ multi_run--;
+ }
+ /* line compare acts on the displayed lines */
+ if (y == s->line_compare)
+ addr1 = 0;
+ d += linesize;
+ }
+ if (y_start >= 0) {
+ /* flush to display */
+ dpy_gfx_update(s->con, 0, y_start,
+ disp_width, y - y_start);
+ }
+ /* reset modified pages */
+ if (page_max >= page_min) {
+ memory_region_reset_dirty(&s->vram,
+ page_min,
+ page_max - page_min,
+ DIRTY_MEMORY_VGA);
+ }
+ memset(s->invalidated_y_table, 0, ((height + 31) >> 5) * 4);
+}
+
+static void vga_draw_blank(VGACommonState *s, int full_update)
+{
+ DisplaySurface *surface = qemu_console_surface(s->con);
+ int i, w, val;
+ uint8_t *d;
+
+ if (!full_update)
+ return;
+ if (s->last_scr_width <= 0 || s->last_scr_height <= 0)
+ return;
+
+ s->rgb_to_pixel =
+ rgb_to_pixel_dup_table[get_depth_index(surface)];
+ if (surface_bits_per_pixel(surface) == 8) {
+ val = s->rgb_to_pixel(0, 0, 0);
+ } else {
+ val = 0;
+ }
+ w = s->last_scr_width * surface_bytes_per_pixel(surface);
+ d = surface_data(surface);
+ for(i = 0; i < s->last_scr_height; i++) {
+ memset(d, val, w);
+ d += surface_stride(surface);
+ }
+ dpy_gfx_update(s->con, 0, 0,
+ s->last_scr_width, s->last_scr_height);
+}
+
+#define GMODE_TEXT 0
+#define GMODE_GRAPH 1
+#define GMODE_BLANK 2
+
+static void vga_update_display(void *opaque)
+{
+ VGACommonState *s = opaque;
+ DisplaySurface *surface = qemu_console_surface(s->con);
+ int full_update, graphic_mode;
+
+ qemu_flush_coalesced_mmio_buffer();
+
+ if (surface_bits_per_pixel(surface) == 0) {
+ /* nothing to do */
+ } else {
+ full_update = 0;
+ if (!(s->ar_index & 0x20)) {
+ graphic_mode = GMODE_BLANK;
+ } else {
+ graphic_mode = s->gr[VGA_GFX_MISC] & VGA_GR06_GRAPHICS_MODE;
+ }
+ if (graphic_mode != s->graphic_mode) {
+ s->graphic_mode = graphic_mode;
+ s->cursor_blink_time = qemu_get_clock_ms(vm_clock);
+ full_update = 1;
+ }
+ switch(graphic_mode) {
+ case GMODE_TEXT:
+ vga_draw_text(s, full_update);
+ break;
+ case GMODE_GRAPH:
+ vga_draw_graphic(s, full_update);
+ break;
+ case GMODE_BLANK:
+ default:
+ vga_draw_blank(s, full_update);
+ break;
+ }
+ }
+}
+
+/* force a full display refresh */
+static void vga_invalidate_display(void *opaque)
+{
+ VGACommonState *s = opaque;
+
+ s->last_width = -1;
+ s->last_height = -1;
+}
+
+void vga_common_reset(VGACommonState *s)
+{
+ s->sr_index = 0;
+ memset(s->sr, '\0', sizeof(s->sr));
+ s->gr_index = 0;
+ memset(s->gr, '\0', sizeof(s->gr));
+ s->ar_index = 0;
+ memset(s->ar, '\0', sizeof(s->ar));
+ s->ar_flip_flop = 0;
+ s->cr_index = 0;
+ memset(s->cr, '\0', sizeof(s->cr));
+ s->msr = 0;
+ s->fcr = 0;
+ s->st00 = 0;
+ s->st01 = 0;
+ s->dac_state = 0;
+ s->dac_sub_index = 0;
+ s->dac_read_index = 0;
+ s->dac_write_index = 0;
+ memset(s->dac_cache, '\0', sizeof(s->dac_cache));
+ s->dac_8bit = 0;
+ memset(s->palette, '\0', sizeof(s->palette));
+ s->bank_offset = 0;
+ s->vbe_index = 0;
+ memset(s->vbe_regs, '\0', sizeof(s->vbe_regs));
+ s->vbe_regs[VBE_DISPI_INDEX_ID] = VBE_DISPI_ID5;
+ s->vbe_start_addr = 0;
+ s->vbe_line_offset = 0;
+ s->vbe_bank_mask = (s->vram_size >> 16) - 1;
+ memset(s->font_offsets, '\0', sizeof(s->font_offsets));
+ s->graphic_mode = -1; /* force full update */
+ s->shift_control = 0;
+ s->double_scan = 0;
+ s->line_offset = 0;
+ s->line_compare = 0;
+ s->start_addr = 0;
+ s->plane_updated = 0;
+ s->last_cw = 0;
+ s->last_ch = 0;
+ s->last_width = 0;
+ s->last_height = 0;
+ s->last_scr_width = 0;
+ s->last_scr_height = 0;
+ s->cursor_start = 0;
+ s->cursor_end = 0;
+ s->cursor_offset = 0;
+ memset(s->invalidated_y_table, '\0', sizeof(s->invalidated_y_table));
+ memset(s->last_palette, '\0', sizeof(s->last_palette));
+ memset(s->last_ch_attr, '\0', sizeof(s->last_ch_attr));
+ switch (vga_retrace_method) {
+ case VGA_RETRACE_DUMB:
+ break;
+ case VGA_RETRACE_PRECISE:
+ memset(&s->retrace_info, 0, sizeof (s->retrace_info));
+ break;
+ }
+ vga_update_memory_access(s);
+}
+
+static void vga_reset(void *opaque)
+{
+ VGACommonState *s = opaque;
+ vga_common_reset(s);
+}
+
+#define TEXTMODE_X(x) ((x) % width)
+#define TEXTMODE_Y(x) ((x) / width)
+#define VMEM2CHTYPE(v) ((v & 0xff0007ff) | \
+ ((v & 0x00000800) << 10) | ((v & 0x00007000) >> 1))
+/* relay text rendering to the display driver
+ * instead of doing a full vga_update_display() */
+static void vga_update_text(void *opaque, console_ch_t *chardata)
+{
+ VGACommonState *s = opaque;
+ int graphic_mode, i, cursor_offset, cursor_visible;
+ int cw, cheight, width, height, size, c_min, c_max;
+ uint32_t *src;
+ console_ch_t *dst, val;
+ char msg_buffer[80];
+ int full_update = 0;
+
+ qemu_flush_coalesced_mmio_buffer();
+
+ if (!(s->ar_index & 0x20)) {
+ graphic_mode = GMODE_BLANK;
+ } else {
+ graphic_mode = s->gr[VGA_GFX_MISC] & VGA_GR06_GRAPHICS_MODE;
+ }
+ if (graphic_mode != s->graphic_mode) {
+ s->graphic_mode = graphic_mode;
+ full_update = 1;
+ }
+ if (s->last_width == -1) {
+ s->last_width = 0;
+ full_update = 1;
+ }
+
+ switch (graphic_mode) {
+ case GMODE_TEXT:
+ /* TODO: update palette */
+ full_update |= update_basic_params(s);
+
+ /* total width & height */
+ cheight = (s->cr[VGA_CRTC_MAX_SCAN] & 0x1f) + 1;
+ cw = 8;
+ if (!(s->sr[VGA_SEQ_CLOCK_MODE] & VGA_SR01_CHAR_CLK_8DOTS)) {
+ cw = 9;
+ }
+ if (s->sr[VGA_SEQ_CLOCK_MODE] & 0x08) {
+ cw = 16; /* NOTE: no 18 pixel wide */
+ }
+ width = (s->cr[VGA_CRTC_H_DISP] + 1);
+ if (s->cr[VGA_CRTC_V_TOTAL] == 100) {
+ /* ugly hack for CGA 160x100x16 - explain me the logic */
+ height = 100;
+ } else {
+ height = s->cr[VGA_CRTC_V_DISP_END] |
+ ((s->cr[VGA_CRTC_OVERFLOW] & 0x02) << 7) |
+ ((s->cr[VGA_CRTC_OVERFLOW] & 0x40) << 3);
+ height = (height + 1) / cheight;
+ }
+
+ size = (height * width);
+ if (size > CH_ATTR_SIZE) {
+ if (!full_update)
+ return;
+
+ snprintf(msg_buffer, sizeof(msg_buffer), "%i x %i Text mode",
+ width, height);
+ break;
+ }
+
+ if (width != s->last_width || height != s->last_height ||
+ cw != s->last_cw || cheight != s->last_ch) {
+ s->last_scr_width = width * cw;
+ s->last_scr_height = height * cheight;
+ qemu_console_resize(s->con, s->last_scr_width, s->last_scr_height);
+ dpy_text_resize(s->con, width, height);
+ s->last_depth = 0;
+ s->last_width = width;
+ s->last_height = height;
+ s->last_ch = cheight;
+ s->last_cw = cw;
+ full_update = 1;
+ }
+
+ if (full_update) {
+ s->full_update_gfx = 1;
+ }
+ if (s->full_update_text) {
+ s->full_update_text = 0;
+ full_update |= 1;
+ }
+
+ /* Update "hardware" cursor */
+ cursor_offset = ((s->cr[VGA_CRTC_CURSOR_HI] << 8) |
+ s->cr[VGA_CRTC_CURSOR_LO]) - s->start_addr;
+ if (cursor_offset != s->cursor_offset ||
+ s->cr[VGA_CRTC_CURSOR_START] != s->cursor_start ||
+ s->cr[VGA_CRTC_CURSOR_END] != s->cursor_end || full_update) {
+ cursor_visible = !(s->cr[VGA_CRTC_CURSOR_START] & 0x20);
+ if (cursor_visible && cursor_offset < size && cursor_offset >= 0)
+ dpy_text_cursor(s->con,
+ TEXTMODE_X(cursor_offset),
+ TEXTMODE_Y(cursor_offset));
+ else
+ dpy_text_cursor(s->con, -1, -1);
+ s->cursor_offset = cursor_offset;
+ s->cursor_start = s->cr[VGA_CRTC_CURSOR_START];
+ s->cursor_end = s->cr[VGA_CRTC_CURSOR_END];
+ }
+
+ src = (uint32_t *) s->vram_ptr + s->start_addr;
+ dst = chardata;
+
+ if (full_update) {
+ for (i = 0; i < size; src ++, dst ++, i ++)
+ console_write_ch(dst, VMEM2CHTYPE(le32_to_cpu(*src)));
+
+ dpy_text_update(s->con, 0, 0, width, height);
+ } else {
+ c_max = 0;
+
+ for (i = 0; i < size; src ++, dst ++, i ++) {
+ console_write_ch(&val, VMEM2CHTYPE(le32_to_cpu(*src)));
+ if (*dst != val) {
+ *dst = val;
+ c_max = i;
+ break;
+ }
+ }
+ c_min = i;
+ for (; i < size; src ++, dst ++, i ++) {
+ console_write_ch(&val, VMEM2CHTYPE(le32_to_cpu(*src)));
+ if (*dst != val) {
+ *dst = val;
+ c_max = i;
+ }
+ }
+
+ if (c_min <= c_max) {
+ i = TEXTMODE_Y(c_min);
+ dpy_text_update(s->con, 0, i, width, TEXTMODE_Y(c_max) - i + 1);
+ }
+ }
+
+ return;
+ case GMODE_GRAPH:
+ if (!full_update)
+ return;
+
+ s->get_resolution(s, &width, &height);
+ snprintf(msg_buffer, sizeof(msg_buffer), "%i x %i Graphic mode",
+ width, height);
+ break;
+ case GMODE_BLANK:
+ default:
+ if (!full_update)
+ return;
+
+ snprintf(msg_buffer, sizeof(msg_buffer), "VGA Blank mode");
+ break;
+ }
+
+ /* Display a message */
+ s->last_width = 60;
+ s->last_height = height = 3;
+ dpy_text_cursor(s->con, -1, -1);
+ dpy_text_resize(s->con, s->last_width, height);
+
+ for (dst = chardata, i = 0; i < s->last_width * height; i ++)
+ console_write_ch(dst ++, ' ');
+
+ size = strlen(msg_buffer);
+ width = (s->last_width - size) / 2;
+ dst = chardata + s->last_width + width;
+ for (i = 0; i < size; i ++)
+ console_write_ch(dst ++, 0x00200100 | msg_buffer[i]);
+
+ dpy_text_update(s->con, 0, 0, s->last_width, height);
+}
+
+static uint64_t vga_mem_read(void *opaque, hwaddr addr,
+ unsigned size)
+{
+ VGACommonState *s = opaque;
+
+ return vga_mem_readb(s, addr);
+}
+
+static void vga_mem_write(void *opaque, hwaddr addr,
+ uint64_t data, unsigned size)
+{
+ VGACommonState *s = opaque;
+
+ return vga_mem_writeb(s, addr, data);
+}
+
+const MemoryRegionOps vga_mem_ops = {
+ .read = vga_mem_read,
+ .write = vga_mem_write,
+ .endianness = DEVICE_LITTLE_ENDIAN,
+ .impl = {
+ .min_access_size = 1,
+ .max_access_size = 1,
+ },
+};
+
+static int vga_common_post_load(void *opaque, int version_id)
+{
+ VGACommonState *s = opaque;
+
+ /* force refresh */
+ s->graphic_mode = -1;
+ return 0;
+}
+
+const VMStateDescription vmstate_vga_common = {
+ .name = "vga",
+ .version_id = 2,
+ .minimum_version_id = 2,
+ .minimum_version_id_old = 2,
+ .post_load = vga_common_post_load,
+ .fields = (VMStateField []) {
+ VMSTATE_UINT32(latch, VGACommonState),
+ VMSTATE_UINT8(sr_index, VGACommonState),
+ VMSTATE_PARTIAL_BUFFER(sr, VGACommonState, 8),
+ VMSTATE_UINT8(gr_index, VGACommonState),
+ VMSTATE_PARTIAL_BUFFER(gr, VGACommonState, 16),
+ VMSTATE_UINT8(ar_index, VGACommonState),
+ VMSTATE_BUFFER(ar, VGACommonState),
+ VMSTATE_INT32(ar_flip_flop, VGACommonState),
+ VMSTATE_UINT8(cr_index, VGACommonState),
+ VMSTATE_BUFFER(cr, VGACommonState),
+ VMSTATE_UINT8(msr, VGACommonState),
+ VMSTATE_UINT8(fcr, VGACommonState),
+ VMSTATE_UINT8(st00, VGACommonState),
+ VMSTATE_UINT8(st01, VGACommonState),
+
+ VMSTATE_UINT8(dac_state, VGACommonState),
+ VMSTATE_UINT8(dac_sub_index, VGACommonState),
+ VMSTATE_UINT8(dac_read_index, VGACommonState),
+ VMSTATE_UINT8(dac_write_index, VGACommonState),
+ VMSTATE_BUFFER(dac_cache, VGACommonState),
+ VMSTATE_BUFFER(palette, VGACommonState),
+
+ VMSTATE_INT32(bank_offset, VGACommonState),
+ VMSTATE_UINT8_EQUAL(is_vbe_vmstate, VGACommonState),
+ VMSTATE_UINT16(vbe_index, VGACommonState),
+ VMSTATE_UINT16_ARRAY(vbe_regs, VGACommonState, VBE_DISPI_INDEX_NB),
+ VMSTATE_UINT32(vbe_start_addr, VGACommonState),
+ VMSTATE_UINT32(vbe_line_offset, VGACommonState),
+ VMSTATE_UINT32(vbe_bank_mask, VGACommonState),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+static const GraphicHwOps vga_ops = {
+ .invalidate = vga_invalidate_display,
+ .gfx_update = vga_update_display,
+ .text_update = vga_update_text,
+};
+
+void vga_common_init(VGACommonState *s, Object *obj)
+{
+ int i, j, v, b;
+
+ for(i = 0;i < 256; i++) {
+ v = 0;
+ for(j = 0; j < 8; j++) {
+ v |= ((i >> j) & 1) << (j * 4);
+ }
+ expand4[i] = v;
+
+ v = 0;
+ for(j = 0; j < 4; j++) {
+ v |= ((i >> (2 * j)) & 3) << (j * 4);
+ }
+ expand2[i] = v;
+ }
+ for(i = 0; i < 16; i++) {
+ v = 0;
+ for(j = 0; j < 4; j++) {
+ b = ((i >> j) & 1);
+ v |= b << (2 * j);
+ v |= b << (2 * j + 1);
+ }
+ expand4to8[i] = v;
+ }
+
+ /* valid range: 1 MB -> 256 MB */
+ s->vram_size = 1024 * 1024;
+ while (s->vram_size < (s->vram_size_mb << 20) &&
+ s->vram_size < (256 << 20)) {
+ s->vram_size <<= 1;
+ }
+ s->vram_size_mb = s->vram_size >> 20;
+
+ s->is_vbe_vmstate = 1;
+ memory_region_init_ram(&s->vram, obj, "vga.vram", s->vram_size);
+ vmstate_register_ram_global(&s->vram);
+ xen_register_framebuffer(&s->vram);
+ s->vram_ptr = memory_region_get_ram_ptr(&s->vram);
+ s->get_bpp = vga_get_bpp;
+ s->get_offsets = vga_get_offsets;
+ s->get_resolution = vga_get_resolution;
+ s->hw_ops = &vga_ops;
+ switch (vga_retrace_method) {
+ case VGA_RETRACE_DUMB:
+ s->retrace = vga_dumb_retrace;
+ s->update_retrace_info = vga_dumb_update_retrace_info;
+ break;
+
+ case VGA_RETRACE_PRECISE:
+ s->retrace = vga_precise_retrace;
+ s->update_retrace_info = vga_precise_update_retrace_info;
+ break;
+ }
+ vga_dirty_log_start(s);
+}
+
+static const MemoryRegionPortio vga_portio_list[] = {
+ { 0x04, 2, 1, .read = vga_ioport_read, .write = vga_ioport_write }, /* 3b4 */
+ { 0x0a, 1, 1, .read = vga_ioport_read, .write = vga_ioport_write }, /* 3ba */
+ { 0x10, 16, 1, .read = vga_ioport_read, .write = vga_ioport_write }, /* 3c0 */
+ { 0x24, 2, 1, .read = vga_ioport_read, .write = vga_ioport_write }, /* 3d4 */
+ { 0x2a, 1, 1, .read = vga_ioport_read, .write = vga_ioport_write }, /* 3da */
+ PORTIO_END_OF_LIST(),
+};
+
+static const MemoryRegionPortio vbe_portio_list[] = {
+ { 0, 1, 2, .read = vbe_ioport_read_index, .write = vbe_ioport_write_index },
+# ifdef TARGET_I386
+ { 1, 1, 2, .read = vbe_ioport_read_data, .write = vbe_ioport_write_data },
+# endif
+ { 2, 1, 2, .read = vbe_ioport_read_data, .write = vbe_ioport_write_data },
+ PORTIO_END_OF_LIST(),
+};
+
+/* Used by both ISA and PCI */
+MemoryRegion *vga_init_io(VGACommonState *s, Object *obj,
+ const MemoryRegionPortio **vga_ports,
+ const MemoryRegionPortio **vbe_ports)
+{
+ MemoryRegion *vga_mem;
+
+ *vga_ports = vga_portio_list;
+ *vbe_ports = vbe_portio_list;
+
+ vga_mem = g_malloc(sizeof(*vga_mem));
+ memory_region_init_io(vga_mem, obj, &vga_mem_ops, s,
+ "vga-lowmem", 0x20000);
+ memory_region_set_flush_coalesced(vga_mem);
+
+ return vga_mem;
+}
+
+void vga_init(VGACommonState *s, Object *obj, MemoryRegion *address_space,
+ MemoryRegion *address_space_io, bool init_vga_ports)
+{
+ MemoryRegion *vga_io_memory;
+ const MemoryRegionPortio *vga_ports, *vbe_ports;
+ PortioList *vga_port_list = g_new(PortioList, 1);
+ PortioList *vbe_port_list = g_new(PortioList, 1);
+
+ qemu_register_reset(vga_reset, s);
+
+ s->bank_offset = 0;
+
+ s->legacy_address_space = address_space;
+
+ vga_io_memory = vga_init_io(s, obj, &vga_ports, &vbe_ports);
+ memory_region_add_subregion_overlap(address_space,
+ isa_mem_base + 0x000a0000,
+ vga_io_memory,
+ 1);
+ memory_region_set_coalescing(vga_io_memory);
+ if (init_vga_ports) {
+ portio_list_init(vga_port_list, obj, vga_ports, s, "vga");
+ portio_list_add(vga_port_list, address_space_io, 0x3b0);
+ }
+ if (vbe_ports) {
+ portio_list_init(vbe_port_list, obj, vbe_ports, s, "vbe");
+ portio_list_add(vbe_port_list, address_space_io, 0x1ce);
+ }
+}
+
+void vga_init_vbe(VGACommonState *s, Object *obj, MemoryRegion *system_memory)
+{
+ /* With pc-0.12 and below we map both the PCI BAR and the fixed VBE region,
+ * so use an alias to avoid double-mapping the same region.
+ */
+ memory_region_init_alias(&s->vram_vbe, obj, "vram.vbe",
+ &s->vram, 0, memory_region_size(&s->vram));
+ /* XXX: use optimized standard vga accesses */
+ memory_region_add_subregion(system_memory,
+ VBE_DISPI_LFB_PHYSICAL_ADDRESS,
+ &s->vram_vbe);
+ s->vbe_mapped = 1;
+}
diff --git a/hw/vga.h b/hw/display/vga.h
index d917046da..d917046da 100644
--- a/hw/vga.h
+++ b/hw/display/vga.h
diff --git a/hw/display/vga_int.h b/hw/display/vga_int.h
new file mode 100644
index 000000000..e6418906a
--- /dev/null
+++ b/hw/display/vga_int.h
@@ -0,0 +1,214 @@
+/*
+ * QEMU internal VGA defines.
+ *
+ * Copyright (c) 2003-2004 Fabrice Bellard
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+#ifndef HW_VGA_INT_H
+#define HW_VGA_INT_H 1
+
+#include <hw/hw.h>
+#include "qapi/error.h"
+#include "exec/memory.h"
+
+#define ST01_V_RETRACE 0x08
+#define ST01_DISP_ENABLE 0x01
+
+#define VBE_DISPI_MAX_XRES 16000
+#define VBE_DISPI_MAX_YRES 12000
+#define VBE_DISPI_MAX_BPP 32
+
+#define VBE_DISPI_INDEX_ID 0x0
+#define VBE_DISPI_INDEX_XRES 0x1
+#define VBE_DISPI_INDEX_YRES 0x2
+#define VBE_DISPI_INDEX_BPP 0x3
+#define VBE_DISPI_INDEX_ENABLE 0x4
+#define VBE_DISPI_INDEX_BANK 0x5
+#define VBE_DISPI_INDEX_VIRT_WIDTH 0x6
+#define VBE_DISPI_INDEX_VIRT_HEIGHT 0x7
+#define VBE_DISPI_INDEX_X_OFFSET 0x8
+#define VBE_DISPI_INDEX_Y_OFFSET 0x9
+#define VBE_DISPI_INDEX_NB 0xa /* size of vbe_regs[] */
+#define VBE_DISPI_INDEX_VIDEO_MEMORY_64K 0xa /* read-only, not in vbe_regs */
+
+#define VBE_DISPI_ID0 0xB0C0
+#define VBE_DISPI_ID1 0xB0C1
+#define VBE_DISPI_ID2 0xB0C2
+#define VBE_DISPI_ID3 0xB0C3
+#define VBE_DISPI_ID4 0xB0C4
+#define VBE_DISPI_ID5 0xB0C5
+
+#define VBE_DISPI_DISABLED 0x00
+#define VBE_DISPI_ENABLED 0x01
+#define VBE_DISPI_GETCAPS 0x02
+#define VBE_DISPI_8BIT_DAC 0x20
+#define VBE_DISPI_LFB_ENABLED 0x40
+#define VBE_DISPI_NOCLEARMEM 0x80
+
+#define VBE_DISPI_LFB_PHYSICAL_ADDRESS 0xE0000000
+
+#define CH_ATTR_SIZE (160 * 100)
+#define VGA_MAX_HEIGHT 2048
+
+struct vga_precise_retrace {
+ int64_t ticks_per_char;
+ int64_t total_chars;
+ int htotal;
+ int hstart;
+ int hend;
+ int vstart;
+ int vend;
+ int freq;
+};
+
+union vga_retrace {
+ struct vga_precise_retrace precise;
+};
+
+struct VGACommonState;
+typedef uint8_t (* vga_retrace_fn)(struct VGACommonState *s);
+typedef void (* vga_update_retrace_info_fn)(struct VGACommonState *s);
+
+typedef struct VGACommonState {
+ MemoryRegion *legacy_address_space;
+ uint8_t *vram_ptr;
+ MemoryRegion vram;
+ MemoryRegion vram_vbe;
+ uint32_t vram_size;
+ uint32_t vram_size_mb; /* property */
+ uint32_t latch;
+ MemoryRegion *chain4_alias;
+ uint8_t sr_index;
+ uint8_t sr[256];
+ uint8_t gr_index;
+ uint8_t gr[256];
+ uint8_t ar_index;
+ uint8_t ar[21];
+ int ar_flip_flop;
+ uint8_t cr_index;
+ uint8_t cr[256]; /* CRT registers */
+ uint8_t msr; /* Misc Output Register */
+ uint8_t fcr; /* Feature Control Register */
+ uint8_t st00; /* status 0 */
+ uint8_t st01; /* status 1 */
+ uint8_t dac_state;
+ uint8_t dac_sub_index;
+ uint8_t dac_read_index;
+ uint8_t dac_write_index;
+ uint8_t dac_cache[3]; /* used when writing */
+ int dac_8bit;
+ uint8_t palette[768];
+ int32_t bank_offset;
+ int (*get_bpp)(struct VGACommonState *s);
+ void (*get_offsets)(struct VGACommonState *s,
+ uint32_t *pline_offset,
+ uint32_t *pstart_addr,
+ uint32_t *pline_compare);
+ void (*get_resolution)(struct VGACommonState *s,
+ int *pwidth,
+ int *pheight);
+ /* bochs vbe state */
+ uint16_t vbe_index;
+ uint16_t vbe_regs[VBE_DISPI_INDEX_NB];
+ uint32_t vbe_start_addr;
+ uint32_t vbe_line_offset;
+ uint32_t vbe_bank_mask;
+ int vbe_mapped;
+ /* display refresh support */
+ QemuConsole *con;
+ uint32_t font_offsets[2];
+ int graphic_mode;
+ uint8_t shift_control;
+ uint8_t double_scan;
+ uint32_t line_offset;
+ uint32_t line_compare;
+ uint32_t start_addr;
+ uint32_t plane_updated;
+ uint32_t last_line_offset;
+ uint8_t last_cw, last_ch;
+ uint32_t last_width, last_height; /* in chars or pixels */
+ uint32_t last_scr_width, last_scr_height; /* in pixels */
+ uint32_t last_depth; /* in bits */
+ uint8_t cursor_start, cursor_end;
+ bool cursor_visible_phase;
+ int64_t cursor_blink_time;
+ uint32_t cursor_offset;
+ unsigned int (*rgb_to_pixel)(unsigned int r,
+ unsigned int g, unsigned b);
+ const GraphicHwOps *hw_ops;
+ bool full_update_text;
+ bool full_update_gfx;
+ /* hardware mouse cursor support */
+ uint32_t invalidated_y_table[VGA_MAX_HEIGHT / 32];
+ void (*cursor_invalidate)(struct VGACommonState *s);
+ void (*cursor_draw_line)(struct VGACommonState *s, uint8_t *d, int y);
+ /* tell for each page if it has been updated since the last time */
+ uint32_t last_palette[256];
+ uint32_t last_ch_attr[CH_ATTR_SIZE]; /* XXX: make it dynamic */
+ /* retrace */
+ vga_retrace_fn retrace;
+ vga_update_retrace_info_fn update_retrace_info;
+ union vga_retrace retrace_info;
+ uint8_t is_vbe_vmstate;
+} VGACommonState;
+
+static inline int c6_to_8(int v)
+{
+ int b;
+ v &= 0x3f;
+ b = v & 1;
+ return (v << 2) | (b << 1) | b;
+}
+
+void vga_common_init(VGACommonState *s, Object *obj);
+void vga_init(VGACommonState *s, Object *obj, MemoryRegion *address_space,
+ MemoryRegion *address_space_io, bool init_vga_ports);
+MemoryRegion *vga_init_io(VGACommonState *s, Object *obj,
+ const MemoryRegionPortio **vga_ports,
+ const MemoryRegionPortio **vbe_ports);
+void vga_common_reset(VGACommonState *s);
+
+void vga_sync_dirty_bitmap(VGACommonState *s);
+void vga_dirty_log_start(VGACommonState *s);
+void vga_dirty_log_stop(VGACommonState *s);
+
+extern const VMStateDescription vmstate_vga_common;
+uint32_t vga_ioport_read(void *opaque, uint32_t addr);
+void vga_ioport_write(void *opaque, uint32_t addr, uint32_t val);
+uint32_t vga_mem_readb(VGACommonState *s, hwaddr addr);
+void vga_mem_writeb(VGACommonState *s, hwaddr addr, uint32_t val);
+void vga_invalidate_scanlines(VGACommonState *s, int y1, int y2);
+
+int vga_ioport_invalid(VGACommonState *s, uint32_t addr);
+
+void vga_init_vbe(VGACommonState *s, Object *obj, MemoryRegion *address_space);
+uint32_t vbe_ioport_read_data(void *opaque, uint32_t addr);
+void vbe_ioport_write_index(void *opaque, uint32_t addr, uint32_t val);
+void vbe_ioport_write_data(void *opaque, uint32_t addr, uint32_t val);
+
+extern const uint8_t sr_mask[8];
+extern const uint8_t gr_mask[16];
+
+#define VGABIOS_FILENAME "vgabios.bin"
+#define VGABIOS_CIRRUS_FILENAME "vgabios-cirrus.bin"
+
+extern const MemoryRegionOps vga_mem_ops;
+
+#endif
diff --git a/hw/vga_template.h b/hw/display/vga_template.h
index f6f6a01d8..f6f6a01d8 100644
--- a/hw/vga_template.h
+++ b/hw/display/vga_template.h
diff --git a/hw/display/vmware_vga.c b/hw/display/vmware_vga.c
new file mode 100644
index 000000000..a6a8cdc2e
--- /dev/null
+++ b/hw/display/vmware_vga.c
@@ -0,0 +1,1324 @@
+/*
+ * QEMU VMware-SVGA "chipset".
+ *
+ * Copyright (c) 2007 Andrzej Zaborowski <balrog@zabor.org>
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+#include "hw/hw.h"
+#include "hw/loader.h"
+#include "ui/console.h"
+#include "hw/pci/pci.h"
+
+#undef VERBOSE
+#define HW_RECT_ACCEL
+#define HW_FILL_ACCEL
+#define HW_MOUSE_ACCEL
+
+#include "vga_int.h"
+
+/* See http://vmware-svga.sf.net/ for some documentation on VMWare SVGA */
+
+struct vmsvga_state_s {
+ VGACommonState vga;
+
+ int invalidated;
+ int enable;
+ int config;
+ struct {
+ int id;
+ int x;
+ int y;
+ int on;
+ } cursor;
+
+ int index;
+ int scratch_size;
+ uint32_t *scratch;
+ int new_width;
+ int new_height;
+ int new_depth;
+ uint32_t guest;
+ uint32_t svgaid;
+ int syncing;
+
+ MemoryRegion fifo_ram;
+ uint8_t *fifo_ptr;
+ unsigned int fifo_size;
+
+ union {
+ uint32_t *fifo;
+ struct QEMU_PACKED {
+ uint32_t min;
+ uint32_t max;
+ uint32_t next_cmd;
+ uint32_t stop;
+ /* Add registers here when adding capabilities. */
+ uint32_t fifo[0];
+ } *cmd;
+ };
+
+#define REDRAW_FIFO_LEN 512
+ struct vmsvga_rect_s {
+ int x, y, w, h;
+ } redraw_fifo[REDRAW_FIFO_LEN];
+ int redraw_fifo_first, redraw_fifo_last;
+};
+
+#define TYPE_VMWARE_SVGA "vmware-svga"
+
+#define VMWARE_SVGA(obj) \
+ OBJECT_CHECK(struct pci_vmsvga_state_s, (obj), TYPE_VMWARE_SVGA)
+
+struct pci_vmsvga_state_s {
+ /*< private >*/
+ PCIDevice parent_obj;
+ /*< public >*/
+
+ struct vmsvga_state_s chip;
+ MemoryRegion io_bar;
+};
+
+#define SVGA_MAGIC 0x900000UL
+#define SVGA_MAKE_ID(ver) (SVGA_MAGIC << 8 | (ver))
+#define SVGA_ID_0 SVGA_MAKE_ID(0)
+#define SVGA_ID_1 SVGA_MAKE_ID(1)
+#define SVGA_ID_2 SVGA_MAKE_ID(2)
+
+#define SVGA_LEGACY_BASE_PORT 0x4560
+#define SVGA_INDEX_PORT 0x0
+#define SVGA_VALUE_PORT 0x1
+#define SVGA_BIOS_PORT 0x2
+
+#define SVGA_VERSION_2
+
+#ifdef SVGA_VERSION_2
+# define SVGA_ID SVGA_ID_2
+# define SVGA_IO_BASE SVGA_LEGACY_BASE_PORT
+# define SVGA_IO_MUL 1
+# define SVGA_FIFO_SIZE 0x10000
+# define SVGA_PCI_DEVICE_ID PCI_DEVICE_ID_VMWARE_SVGA2
+#else
+# define SVGA_ID SVGA_ID_1
+# define SVGA_IO_BASE SVGA_LEGACY_BASE_PORT
+# define SVGA_IO_MUL 4
+# define SVGA_FIFO_SIZE 0x10000
+# define SVGA_PCI_DEVICE_ID PCI_DEVICE_ID_VMWARE_SVGA
+#endif
+
+enum {
+ /* ID 0, 1 and 2 registers */
+ SVGA_REG_ID = 0,
+ SVGA_REG_ENABLE = 1,
+ SVGA_REG_WIDTH = 2,
+ SVGA_REG_HEIGHT = 3,
+ SVGA_REG_MAX_WIDTH = 4,
+ SVGA_REG_MAX_HEIGHT = 5,
+ SVGA_REG_DEPTH = 6,
+ SVGA_REG_BITS_PER_PIXEL = 7, /* Current bpp in the guest */
+ SVGA_REG_PSEUDOCOLOR = 8,
+ SVGA_REG_RED_MASK = 9,
+ SVGA_REG_GREEN_MASK = 10,
+ SVGA_REG_BLUE_MASK = 11,
+ SVGA_REG_BYTES_PER_LINE = 12,
+ SVGA_REG_FB_START = 13,
+ SVGA_REG_FB_OFFSET = 14,
+ SVGA_REG_VRAM_SIZE = 15,
+ SVGA_REG_FB_SIZE = 16,
+
+ /* ID 1 and 2 registers */
+ SVGA_REG_CAPABILITIES = 17,
+ SVGA_REG_MEM_START = 18, /* Memory for command FIFO */
+ SVGA_REG_MEM_SIZE = 19,
+ SVGA_REG_CONFIG_DONE = 20, /* Set when memory area configured */
+ SVGA_REG_SYNC = 21, /* Write to force synchronization */
+ SVGA_REG_BUSY = 22, /* Read to check if sync is done */
+ SVGA_REG_GUEST_ID = 23, /* Set guest OS identifier */
+ SVGA_REG_CURSOR_ID = 24, /* ID of cursor */
+ SVGA_REG_CURSOR_X = 25, /* Set cursor X position */
+ SVGA_REG_CURSOR_Y = 26, /* Set cursor Y position */
+ SVGA_REG_CURSOR_ON = 27, /* Turn cursor on/off */
+ SVGA_REG_HOST_BITS_PER_PIXEL = 28, /* Current bpp in the host */
+ SVGA_REG_SCRATCH_SIZE = 29, /* Number of scratch registers */
+ SVGA_REG_MEM_REGS = 30, /* Number of FIFO registers */
+ SVGA_REG_NUM_DISPLAYS = 31, /* Number of guest displays */
+ SVGA_REG_PITCHLOCK = 32, /* Fixed pitch for all modes */
+
+ SVGA_PALETTE_BASE = 1024, /* Base of SVGA color map */
+ SVGA_PALETTE_END = SVGA_PALETTE_BASE + 767,
+ SVGA_SCRATCH_BASE = SVGA_PALETTE_BASE + 768,
+};
+
+#define SVGA_CAP_NONE 0
+#define SVGA_CAP_RECT_FILL (1 << 0)
+#define SVGA_CAP_RECT_COPY (1 << 1)
+#define SVGA_CAP_RECT_PAT_FILL (1 << 2)
+#define SVGA_CAP_LEGACY_OFFSCREEN (1 << 3)
+#define SVGA_CAP_RASTER_OP (1 << 4)
+#define SVGA_CAP_CURSOR (1 << 5)
+#define SVGA_CAP_CURSOR_BYPASS (1 << 6)
+#define SVGA_CAP_CURSOR_BYPASS_2 (1 << 7)
+#define SVGA_CAP_8BIT_EMULATION (1 << 8)
+#define SVGA_CAP_ALPHA_CURSOR (1 << 9)
+#define SVGA_CAP_GLYPH (1 << 10)
+#define SVGA_CAP_GLYPH_CLIPPING (1 << 11)
+#define SVGA_CAP_OFFSCREEN_1 (1 << 12)
+#define SVGA_CAP_ALPHA_BLEND (1 << 13)
+#define SVGA_CAP_3D (1 << 14)
+#define SVGA_CAP_EXTENDED_FIFO (1 << 15)
+#define SVGA_CAP_MULTIMON (1 << 16)
+#define SVGA_CAP_PITCHLOCK (1 << 17)
+
+/*
+ * FIFO offsets (seen as an array of 32-bit words)
+ */
+enum {
+ /*
+ * The original defined FIFO offsets
+ */
+ SVGA_FIFO_MIN = 0,
+ SVGA_FIFO_MAX, /* The distance from MIN to MAX must be at least 10K */
+ SVGA_FIFO_NEXT_CMD,
+ SVGA_FIFO_STOP,
+
+ /*
+ * Additional offsets added as of SVGA_CAP_EXTENDED_FIFO
+ */
+ SVGA_FIFO_CAPABILITIES = 4,
+ SVGA_FIFO_FLAGS,
+ SVGA_FIFO_FENCE,
+ SVGA_FIFO_3D_HWVERSION,
+ SVGA_FIFO_PITCHLOCK,
+};
+
+#define SVGA_FIFO_CAP_NONE 0
+#define SVGA_FIFO_CAP_FENCE (1 << 0)
+#define SVGA_FIFO_CAP_ACCELFRONT (1 << 1)
+#define SVGA_FIFO_CAP_PITCHLOCK (1 << 2)
+
+#define SVGA_FIFO_FLAG_NONE 0
+#define SVGA_FIFO_FLAG_ACCELFRONT (1 << 0)
+
+/* These values can probably be changed arbitrarily. */
+#define SVGA_SCRATCH_SIZE 0x8000
+#define SVGA_MAX_WIDTH 2360
+#define SVGA_MAX_HEIGHT 1770
+
+#ifdef VERBOSE
+# define GUEST_OS_BASE 0x5001
+static const char *vmsvga_guest_id[] = {
+ [0x00] = "Dos",
+ [0x01] = "Windows 3.1",
+ [0x02] = "Windows 95",
+ [0x03] = "Windows 98",
+ [0x04] = "Windows ME",
+ [0x05] = "Windows NT",
+ [0x06] = "Windows 2000",
+ [0x07] = "Linux",
+ [0x08] = "OS/2",
+ [0x09] = "an unknown OS",
+ [0x0a] = "BSD",
+ [0x0b] = "Whistler",
+ [0x0c] = "an unknown OS",
+ [0x0d] = "an unknown OS",
+ [0x0e] = "an unknown OS",
+ [0x0f] = "an unknown OS",
+ [0x10] = "an unknown OS",
+ [0x11] = "an unknown OS",
+ [0x12] = "an unknown OS",
+ [0x13] = "an unknown OS",
+ [0x14] = "an unknown OS",
+ [0x15] = "Windows 2003",
+};
+#endif
+
+enum {
+ SVGA_CMD_INVALID_CMD = 0,
+ SVGA_CMD_UPDATE = 1,
+ SVGA_CMD_RECT_FILL = 2,
+ SVGA_CMD_RECT_COPY = 3,
+ SVGA_CMD_DEFINE_BITMAP = 4,
+ SVGA_CMD_DEFINE_BITMAP_SCANLINE = 5,
+ SVGA_CMD_DEFINE_PIXMAP = 6,
+ SVGA_CMD_DEFINE_PIXMAP_SCANLINE = 7,
+ SVGA_CMD_RECT_BITMAP_FILL = 8,
+ SVGA_CMD_RECT_PIXMAP_FILL = 9,
+ SVGA_CMD_RECT_BITMAP_COPY = 10,
+ SVGA_CMD_RECT_PIXMAP_COPY = 11,
+ SVGA_CMD_FREE_OBJECT = 12,
+ SVGA_CMD_RECT_ROP_FILL = 13,
+ SVGA_CMD_RECT_ROP_COPY = 14,
+ SVGA_CMD_RECT_ROP_BITMAP_FILL = 15,
+ SVGA_CMD_RECT_ROP_PIXMAP_FILL = 16,
+ SVGA_CMD_RECT_ROP_BITMAP_COPY = 17,
+ SVGA_CMD_RECT_ROP_PIXMAP_COPY = 18,
+ SVGA_CMD_DEFINE_CURSOR = 19,
+ SVGA_CMD_DISPLAY_CURSOR = 20,
+ SVGA_CMD_MOVE_CURSOR = 21,
+ SVGA_CMD_DEFINE_ALPHA_CURSOR = 22,
+ SVGA_CMD_DRAW_GLYPH = 23,
+ SVGA_CMD_DRAW_GLYPH_CLIPPED = 24,
+ SVGA_CMD_UPDATE_VERBOSE = 25,
+ SVGA_CMD_SURFACE_FILL = 26,
+ SVGA_CMD_SURFACE_COPY = 27,
+ SVGA_CMD_SURFACE_ALPHA_BLEND = 28,
+ SVGA_CMD_FRONT_ROP_FILL = 29,
+ SVGA_CMD_FENCE = 30,
+};
+
+/* Legal values for the SVGA_REG_CURSOR_ON register in cursor bypass mode */
+enum {
+ SVGA_CURSOR_ON_HIDE = 0,
+ SVGA_CURSOR_ON_SHOW = 1,
+ SVGA_CURSOR_ON_REMOVE_FROM_FB = 2,
+ SVGA_CURSOR_ON_RESTORE_TO_FB = 3,
+};
+
+static inline void vmsvga_update_rect(struct vmsvga_state_s *s,
+ int x, int y, int w, int h)
+{
+ DisplaySurface *surface = qemu_console_surface(s->vga.con);
+ int line;
+ int bypl;
+ int width;
+ int start;
+ uint8_t *src;
+ uint8_t *dst;
+
+ if (x < 0) {
+ fprintf(stderr, "%s: update x was < 0 (%d)\n", __func__, x);
+ w += x;
+ x = 0;
+ }
+ if (w < 0) {
+ fprintf(stderr, "%s: update w was < 0 (%d)\n", __func__, w);
+ w = 0;
+ }
+ if (x + w > surface_width(surface)) {
+ fprintf(stderr, "%s: update width too large x: %d, w: %d\n",
+ __func__, x, w);
+ x = MIN(x, surface_width(surface));
+ w = surface_width(surface) - x;
+ }
+
+ if (y < 0) {
+ fprintf(stderr, "%s: update y was < 0 (%d)\n", __func__, y);
+ h += y;
+ y = 0;
+ }
+ if (h < 0) {
+ fprintf(stderr, "%s: update h was < 0 (%d)\n", __func__, h);
+ h = 0;
+ }
+ if (y + h > surface_height(surface)) {
+ fprintf(stderr, "%s: update height too large y: %d, h: %d\n",
+ __func__, y, h);
+ y = MIN(y, surface_height(surface));
+ h = surface_height(surface) - y;
+ }
+
+ bypl = surface_stride(surface);
+ width = surface_bytes_per_pixel(surface) * w;
+ start = surface_bytes_per_pixel(surface) * x + bypl * y;
+ src = s->vga.vram_ptr + start;
+ dst = surface_data(surface) + start;
+
+ for (line = h; line > 0; line--, src += bypl, dst += bypl) {
+ memcpy(dst, src, width);
+ }
+ dpy_gfx_update(s->vga.con, x, y, w, h);
+}
+
+static inline void vmsvga_update_rect_delayed(struct vmsvga_state_s *s,
+ int x, int y, int w, int h)
+{
+ struct vmsvga_rect_s *rect = &s->redraw_fifo[s->redraw_fifo_last++];
+
+ s->redraw_fifo_last &= REDRAW_FIFO_LEN - 1;
+ rect->x = x;
+ rect->y = y;
+ rect->w = w;
+ rect->h = h;
+}
+
+static inline void vmsvga_update_rect_flush(struct vmsvga_state_s *s)
+{
+ struct vmsvga_rect_s *rect;
+
+ if (s->invalidated) {
+ s->redraw_fifo_first = s->redraw_fifo_last;
+ return;
+ }
+ /* Overlapping region updates can be optimised out here - if someone
+ * knows a smart algorithm to do that, please share. */
+ while (s->redraw_fifo_first != s->redraw_fifo_last) {
+ rect = &s->redraw_fifo[s->redraw_fifo_first++];
+ s->redraw_fifo_first &= REDRAW_FIFO_LEN - 1;
+ vmsvga_update_rect(s, rect->x, rect->y, rect->w, rect->h);
+ }
+}
+
+#ifdef HW_RECT_ACCEL
+static inline void vmsvga_copy_rect(struct vmsvga_state_s *s,
+ int x0, int y0, int x1, int y1, int w, int h)
+{
+ DisplaySurface *surface = qemu_console_surface(s->vga.con);
+ uint8_t *vram = s->vga.vram_ptr;
+ int bypl = surface_stride(surface);
+ int bypp = surface_bytes_per_pixel(surface);
+ int width = bypp * w;
+ int line = h;
+ uint8_t *ptr[2];
+
+ if (y1 > y0) {
+ ptr[0] = vram + bypp * x0 + bypl * (y0 + h - 1);
+ ptr[1] = vram + bypp * x1 + bypl * (y1 + h - 1);
+ for (; line > 0; line --, ptr[0] -= bypl, ptr[1] -= bypl) {
+ memmove(ptr[1], ptr[0], width);
+ }
+ } else {
+ ptr[0] = vram + bypp * x0 + bypl * y0;
+ ptr[1] = vram + bypp * x1 + bypl * y1;
+ for (; line > 0; line --, ptr[0] += bypl, ptr[1] += bypl) {
+ memmove(ptr[1], ptr[0], width);
+ }
+ }
+
+ vmsvga_update_rect_delayed(s, x1, y1, w, h);
+}
+#endif
+
+#ifdef HW_FILL_ACCEL
+static inline void vmsvga_fill_rect(struct vmsvga_state_s *s,
+ uint32_t c, int x, int y, int w, int h)
+{
+ DisplaySurface *surface = qemu_console_surface(s->vga.con);
+ int bypl = surface_stride(surface);
+ int width = surface_bytes_per_pixel(surface) * w;
+ int line = h;
+ int column;
+ uint8_t *fst;
+ uint8_t *dst;
+ uint8_t *src;
+ uint8_t col[4];
+
+ col[0] = c;
+ col[1] = c >> 8;
+ col[2] = c >> 16;
+ col[3] = c >> 24;
+
+ fst = s->vga.vram_ptr + surface_bytes_per_pixel(surface) * x + bypl * y;
+
+ if (line--) {
+ dst = fst;
+ src = col;
+ for (column = width; column > 0; column--) {
+ *(dst++) = *(src++);
+ if (src - col == surface_bytes_per_pixel(surface)) {
+ src = col;
+ }
+ }
+ dst = fst;
+ for (; line > 0; line--) {
+ dst += bypl;
+ memcpy(dst, fst, width);
+ }
+ }
+
+ vmsvga_update_rect_delayed(s, x, y, w, h);
+}
+#endif
+
+struct vmsvga_cursor_definition_s {
+ int width;
+ int height;
+ int id;
+ int bpp;
+ int hot_x;
+ int hot_y;
+ uint32_t mask[1024];
+ uint32_t image[4096];
+};
+
+#define SVGA_BITMAP_SIZE(w, h) ((((w) + 31) >> 5) * (h))
+#define SVGA_PIXMAP_SIZE(w, h, bpp) (((((w) * (bpp)) + 31) >> 5) * (h))
+
+#ifdef HW_MOUSE_ACCEL
+static inline void vmsvga_cursor_define(struct vmsvga_state_s *s,
+ struct vmsvga_cursor_definition_s *c)
+{
+ QEMUCursor *qc;
+ int i, pixels;
+
+ qc = cursor_alloc(c->width, c->height);
+ qc->hot_x = c->hot_x;
+ qc->hot_y = c->hot_y;
+ switch (c->bpp) {
+ case 1:
+ cursor_set_mono(qc, 0xffffff, 0x000000, (void *)c->image,
+ 1, (void *)c->mask);
+#ifdef DEBUG
+ cursor_print_ascii_art(qc, "vmware/mono");
+#endif
+ break;
+ case 32:
+ /* fill alpha channel from mask, set color to zero */
+ cursor_set_mono(qc, 0x000000, 0x000000, (void *)c->mask,
+ 1, (void *)c->mask);
+ /* add in rgb values */
+ pixels = c->width * c->height;
+ for (i = 0; i < pixels; i++) {
+ qc->data[i] |= c->image[i] & 0xffffff;
+ }
+#ifdef DEBUG
+ cursor_print_ascii_art(qc, "vmware/32bit");
+#endif
+ break;
+ default:
+ fprintf(stderr, "%s: unhandled bpp %d, using fallback cursor\n",
+ __func__, c->bpp);
+ cursor_put(qc);
+ qc = cursor_builtin_left_ptr();
+ }
+
+ dpy_cursor_define(s->vga.con, qc);
+ cursor_put(qc);
+}
+#endif
+
+#define CMD(f) le32_to_cpu(s->cmd->f)
+
+static inline int vmsvga_fifo_length(struct vmsvga_state_s *s)
+{
+ int num;
+
+ if (!s->config || !s->enable) {
+ return 0;
+ }
+ num = CMD(next_cmd) - CMD(stop);
+ if (num < 0) {
+ num += CMD(max) - CMD(min);
+ }
+ return num >> 2;
+}
+
+static inline uint32_t vmsvga_fifo_read_raw(struct vmsvga_state_s *s)
+{
+ uint32_t cmd = s->fifo[CMD(stop) >> 2];
+
+ s->cmd->stop = cpu_to_le32(CMD(stop) + 4);
+ if (CMD(stop) >= CMD(max)) {
+ s->cmd->stop = s->cmd->min;
+ }
+ return cmd;
+}
+
+static inline uint32_t vmsvga_fifo_read(struct vmsvga_state_s *s)
+{
+ return le32_to_cpu(vmsvga_fifo_read_raw(s));
+}
+
+static void vmsvga_fifo_run(struct vmsvga_state_s *s)
+{
+ uint32_t cmd, colour;
+ int args, len;
+ int x, y, dx, dy, width, height;
+ struct vmsvga_cursor_definition_s cursor;
+ uint32_t cmd_start;
+
+ len = vmsvga_fifo_length(s);
+ while (len > 0) {
+ /* May need to go back to the start of the command if incomplete */
+ cmd_start = s->cmd->stop;
+
+ switch (cmd = vmsvga_fifo_read(s)) {
+ case SVGA_CMD_UPDATE:
+ case SVGA_CMD_UPDATE_VERBOSE:
+ len -= 5;
+ if (len < 0) {
+ goto rewind;
+ }
+
+ x = vmsvga_fifo_read(s);
+ y = vmsvga_fifo_read(s);
+ width = vmsvga_fifo_read(s);
+ height = vmsvga_fifo_read(s);
+ vmsvga_update_rect_delayed(s, x, y, width, height);
+ break;
+
+ case SVGA_CMD_RECT_FILL:
+ len -= 6;
+ if (len < 0) {
+ goto rewind;
+ }
+
+ colour = vmsvga_fifo_read(s);
+ x = vmsvga_fifo_read(s);
+ y = vmsvga_fifo_read(s);
+ width = vmsvga_fifo_read(s);
+ height = vmsvga_fifo_read(s);
+#ifdef HW_FILL_ACCEL
+ vmsvga_fill_rect(s, colour, x, y, width, height);
+ break;
+#else
+ args = 0;
+ goto badcmd;
+#endif
+
+ case SVGA_CMD_RECT_COPY:
+ len -= 7;
+ if (len < 0) {
+ goto rewind;
+ }
+
+ x = vmsvga_fifo_read(s);
+ y = vmsvga_fifo_read(s);
+ dx = vmsvga_fifo_read(s);
+ dy = vmsvga_fifo_read(s);
+ width = vmsvga_fifo_read(s);
+ height = vmsvga_fifo_read(s);
+#ifdef HW_RECT_ACCEL
+ vmsvga_copy_rect(s, x, y, dx, dy, width, height);
+ break;
+#else
+ args = 0;
+ goto badcmd;
+#endif
+
+ case SVGA_CMD_DEFINE_CURSOR:
+ len -= 8;
+ if (len < 0) {
+ goto rewind;
+ }
+
+ cursor.id = vmsvga_fifo_read(s);
+ cursor.hot_x = vmsvga_fifo_read(s);
+ cursor.hot_y = vmsvga_fifo_read(s);
+ cursor.width = x = vmsvga_fifo_read(s);
+ cursor.height = y = vmsvga_fifo_read(s);
+ vmsvga_fifo_read(s);
+ cursor.bpp = vmsvga_fifo_read(s);
+
+ args = SVGA_BITMAP_SIZE(x, y) + SVGA_PIXMAP_SIZE(x, y, cursor.bpp);
+ if (SVGA_BITMAP_SIZE(x, y) > sizeof cursor.mask ||
+ SVGA_PIXMAP_SIZE(x, y, cursor.bpp) > sizeof cursor.image) {
+ goto badcmd;
+ }
+
+ len -= args;
+ if (len < 0) {
+ goto rewind;
+ }
+
+ for (args = 0; args < SVGA_BITMAP_SIZE(x, y); args++) {
+ cursor.mask[args] = vmsvga_fifo_read_raw(s);
+ }
+ for (args = 0; args < SVGA_PIXMAP_SIZE(x, y, cursor.bpp); args++) {
+ cursor.image[args] = vmsvga_fifo_read_raw(s);
+ }
+#ifdef HW_MOUSE_ACCEL
+ vmsvga_cursor_define(s, &cursor);
+ break;
+#else
+ args = 0;
+ goto badcmd;
+#endif
+
+ /*
+ * Other commands that we at least know the number of arguments
+ * for so we can avoid FIFO desync if driver uses them illegally.
+ */
+ case SVGA_CMD_DEFINE_ALPHA_CURSOR:
+ len -= 6;
+ if (len < 0) {
+ goto rewind;
+ }
+ vmsvga_fifo_read(s);
+ vmsvga_fifo_read(s);
+ vmsvga_fifo_read(s);
+ x = vmsvga_fifo_read(s);
+ y = vmsvga_fifo_read(s);
+ args = x * y;
+ goto badcmd;
+ case SVGA_CMD_RECT_ROP_FILL:
+ args = 6;
+ goto badcmd;
+ case SVGA_CMD_RECT_ROP_COPY:
+ args = 7;
+ goto badcmd;
+ case SVGA_CMD_DRAW_GLYPH_CLIPPED:
+ len -= 4;
+ if (len < 0) {
+ goto rewind;
+ }
+ vmsvga_fifo_read(s);
+ vmsvga_fifo_read(s);
+ args = 7 + (vmsvga_fifo_read(s) >> 2);
+ goto badcmd;
+ case SVGA_CMD_SURFACE_ALPHA_BLEND:
+ args = 12;
+ goto badcmd;
+
+ /*
+ * Other commands that are not listed as depending on any
+ * CAPABILITIES bits, but are not described in the README either.
+ */
+ case SVGA_CMD_SURFACE_FILL:
+ case SVGA_CMD_SURFACE_COPY:
+ case SVGA_CMD_FRONT_ROP_FILL:
+ case SVGA_CMD_FENCE:
+ case SVGA_CMD_INVALID_CMD:
+ break; /* Nop */
+
+ default:
+ args = 0;
+ badcmd:
+ len -= args;
+ if (len < 0) {
+ goto rewind;
+ }
+ while (args--) {
+ vmsvga_fifo_read(s);
+ }
+ printf("%s: Unknown command 0x%02x in SVGA command FIFO\n",
+ __func__, cmd);
+ break;
+
+ rewind:
+ s->cmd->stop = cmd_start;
+ break;
+ }
+ }
+
+ s->syncing = 0;
+}
+
+static uint32_t vmsvga_index_read(void *opaque, uint32_t address)
+{
+ struct vmsvga_state_s *s = opaque;
+
+ return s->index;
+}
+
+static void vmsvga_index_write(void *opaque, uint32_t address, uint32_t index)
+{
+ struct vmsvga_state_s *s = opaque;
+
+ s->index = index;
+}
+
+static uint32_t vmsvga_value_read(void *opaque, uint32_t address)
+{
+ uint32_t caps;
+ struct vmsvga_state_s *s = opaque;
+ DisplaySurface *surface = qemu_console_surface(s->vga.con);
+ PixelFormat pf;
+ uint32_t ret;
+
+ switch (s->index) {
+ case SVGA_REG_ID:
+ ret = s->svgaid;
+ break;
+
+ case SVGA_REG_ENABLE:
+ ret = s->enable;
+ break;
+
+ case SVGA_REG_WIDTH:
+ ret = s->new_width ? s->new_width : surface_width(surface);
+ break;
+
+ case SVGA_REG_HEIGHT:
+ ret = s->new_height ? s->new_height : surface_height(surface);
+ break;
+
+ case SVGA_REG_MAX_WIDTH:
+ ret = SVGA_MAX_WIDTH;
+ break;
+
+ case SVGA_REG_MAX_HEIGHT:
+ ret = SVGA_MAX_HEIGHT;
+ break;
+
+ case SVGA_REG_DEPTH:
+ ret = (s->new_depth == 32) ? 24 : s->new_depth;
+ break;
+
+ case SVGA_REG_BITS_PER_PIXEL:
+ case SVGA_REG_HOST_BITS_PER_PIXEL:
+ ret = s->new_depth;
+ break;
+
+ case SVGA_REG_PSEUDOCOLOR:
+ ret = 0x0;
+ break;
+
+ case SVGA_REG_RED_MASK:
+ pf = qemu_default_pixelformat(s->new_depth);
+ ret = pf.rmask;
+ break;
+
+ case SVGA_REG_GREEN_MASK:
+ pf = qemu_default_pixelformat(s->new_depth);
+ ret = pf.gmask;
+ break;
+
+ case SVGA_REG_BLUE_MASK:
+ pf = qemu_default_pixelformat(s->new_depth);
+ ret = pf.bmask;
+ break;
+
+ case SVGA_REG_BYTES_PER_LINE:
+ if (s->new_width) {
+ ret = (s->new_depth * s->new_width) / 8;
+ } else {
+ ret = surface_stride(surface);
+ }
+ break;
+
+ case SVGA_REG_FB_START: {
+ struct pci_vmsvga_state_s *pci_vmsvga
+ = container_of(s, struct pci_vmsvga_state_s, chip);
+ ret = pci_get_bar_addr(PCI_DEVICE(pci_vmsvga), 1);
+ break;
+ }
+
+ case SVGA_REG_FB_OFFSET:
+ ret = 0x0;
+ break;
+
+ case SVGA_REG_VRAM_SIZE:
+ ret = s->vga.vram_size; /* No physical VRAM besides the framebuffer */
+ break;
+
+ case SVGA_REG_FB_SIZE:
+ ret = s->vga.vram_size;
+ break;
+
+ case SVGA_REG_CAPABILITIES:
+ caps = SVGA_CAP_NONE;
+#ifdef HW_RECT_ACCEL
+ caps |= SVGA_CAP_RECT_COPY;
+#endif
+#ifdef HW_FILL_ACCEL
+ caps |= SVGA_CAP_RECT_FILL;
+#endif
+#ifdef HW_MOUSE_ACCEL
+ if (dpy_cursor_define_supported(s->vga.con)) {
+ caps |= SVGA_CAP_CURSOR | SVGA_CAP_CURSOR_BYPASS_2 |
+ SVGA_CAP_CURSOR_BYPASS;
+ }
+#endif
+ ret = caps;
+ break;
+
+ case SVGA_REG_MEM_START: {
+ struct pci_vmsvga_state_s *pci_vmsvga
+ = container_of(s, struct pci_vmsvga_state_s, chip);
+ ret = pci_get_bar_addr(PCI_DEVICE(pci_vmsvga), 2);
+ break;
+ }
+
+ case SVGA_REG_MEM_SIZE:
+ ret = s->fifo_size;
+ break;
+
+ case SVGA_REG_CONFIG_DONE:
+ ret = s->config;
+ break;
+
+ case SVGA_REG_SYNC:
+ case SVGA_REG_BUSY:
+ ret = s->syncing;
+ break;
+
+ case SVGA_REG_GUEST_ID:
+ ret = s->guest;
+ break;
+
+ case SVGA_REG_CURSOR_ID:
+ ret = s->cursor.id;
+ break;
+
+ case SVGA_REG_CURSOR_X:
+ ret = s->cursor.x;
+ break;
+
+ case SVGA_REG_CURSOR_Y:
+ ret = s->cursor.x;
+ break;
+
+ case SVGA_REG_CURSOR_ON:
+ ret = s->cursor.on;
+ break;
+
+ case SVGA_REG_SCRATCH_SIZE:
+ ret = s->scratch_size;
+ break;
+
+ case SVGA_REG_MEM_REGS:
+ case SVGA_REG_NUM_DISPLAYS:
+ case SVGA_REG_PITCHLOCK:
+ case SVGA_PALETTE_BASE ... SVGA_PALETTE_END:
+ ret = 0;
+ break;
+
+ default:
+ if (s->index >= SVGA_SCRATCH_BASE &&
+ s->index < SVGA_SCRATCH_BASE + s->scratch_size) {
+ ret = s->scratch[s->index - SVGA_SCRATCH_BASE];
+ break;
+ }
+ printf("%s: Bad register %02x\n", __func__, s->index);
+ ret = 0;
+ break;
+ }
+
+ if (s->index >= SVGA_SCRATCH_BASE) {
+ trace_vmware_scratch_read(s->index, ret);
+ } else if (s->index >= SVGA_PALETTE_BASE) {
+ trace_vmware_palette_read(s->index, ret);
+ } else {
+ trace_vmware_value_read(s->index, ret);
+ }
+ return ret;
+}
+
+static void vmsvga_value_write(void *opaque, uint32_t address, uint32_t value)
+{
+ struct vmsvga_state_s *s = opaque;
+
+ if (s->index >= SVGA_SCRATCH_BASE) {
+ trace_vmware_scratch_write(s->index, value);
+ } else if (s->index >= SVGA_PALETTE_BASE) {
+ trace_vmware_palette_write(s->index, value);
+ } else {
+ trace_vmware_value_write(s->index, value);
+ }
+ switch (s->index) {
+ case SVGA_REG_ID:
+ if (value == SVGA_ID_2 || value == SVGA_ID_1 || value == SVGA_ID_0) {
+ s->svgaid = value;
+ }
+ break;
+
+ case SVGA_REG_ENABLE:
+ s->enable = !!value;
+ s->invalidated = 1;
+ s->vga.hw_ops->invalidate(&s->vga);
+ if (s->enable && s->config) {
+ vga_dirty_log_stop(&s->vga);
+ } else {
+ vga_dirty_log_start(&s->vga);
+ }
+ break;
+
+ case SVGA_REG_WIDTH:
+ if (value <= SVGA_MAX_WIDTH) {
+ s->new_width = value;
+ s->invalidated = 1;
+ } else {
+ printf("%s: Bad width: %i\n", __func__, value);
+ }
+ break;
+
+ case SVGA_REG_HEIGHT:
+ if (value <= SVGA_MAX_HEIGHT) {
+ s->new_height = value;
+ s->invalidated = 1;
+ } else {
+ printf("%s: Bad height: %i\n", __func__, value);
+ }
+ break;
+
+ case SVGA_REG_BITS_PER_PIXEL:
+ if (value != 32) {
+ printf("%s: Bad bits per pixel: %i bits\n", __func__, value);
+ s->config = 0;
+ s->invalidated = 1;
+ }
+ break;
+
+ case SVGA_REG_CONFIG_DONE:
+ if (value) {
+ s->fifo = (uint32_t *) s->fifo_ptr;
+ /* Check range and alignment. */
+ if ((CMD(min) | CMD(max) | CMD(next_cmd) | CMD(stop)) & 3) {
+ break;
+ }
+ if (CMD(min) < (uint8_t *) s->cmd->fifo - (uint8_t *) s->fifo) {
+ break;
+ }
+ if (CMD(max) > SVGA_FIFO_SIZE) {
+ break;
+ }
+ if (CMD(max) < CMD(min) + 10 * 1024) {
+ break;
+ }
+ vga_dirty_log_stop(&s->vga);
+ }
+ s->config = !!value;
+ break;
+
+ case SVGA_REG_SYNC:
+ s->syncing = 1;
+ vmsvga_fifo_run(s); /* Or should we just wait for update_display? */
+ break;
+
+ case SVGA_REG_GUEST_ID:
+ s->guest = value;
+#ifdef VERBOSE
+ if (value >= GUEST_OS_BASE && value < GUEST_OS_BASE +
+ ARRAY_SIZE(vmsvga_guest_id)) {
+ printf("%s: guest runs %s.\n", __func__,
+ vmsvga_guest_id[value - GUEST_OS_BASE]);
+ }
+#endif
+ break;
+
+ case SVGA_REG_CURSOR_ID:
+ s->cursor.id = value;
+ break;
+
+ case SVGA_REG_CURSOR_X:
+ s->cursor.x = value;
+ break;
+
+ case SVGA_REG_CURSOR_Y:
+ s->cursor.y = value;
+ break;
+
+ case SVGA_REG_CURSOR_ON:
+ s->cursor.on |= (value == SVGA_CURSOR_ON_SHOW);
+ s->cursor.on &= (value != SVGA_CURSOR_ON_HIDE);
+#ifdef HW_MOUSE_ACCEL
+ if (value <= SVGA_CURSOR_ON_SHOW) {
+ dpy_mouse_set(s->vga.con, s->cursor.x, s->cursor.y, s->cursor.on);
+ }
+#endif
+ break;
+
+ case SVGA_REG_DEPTH:
+ case SVGA_REG_MEM_REGS:
+ case SVGA_REG_NUM_DISPLAYS:
+ case SVGA_REG_PITCHLOCK:
+ case SVGA_PALETTE_BASE ... SVGA_PALETTE_END:
+ break;
+
+ default:
+ if (s->index >= SVGA_SCRATCH_BASE &&
+ s->index < SVGA_SCRATCH_BASE + s->scratch_size) {
+ s->scratch[s->index - SVGA_SCRATCH_BASE] = value;
+ break;
+ }
+ printf("%s: Bad register %02x\n", __func__, s->index);
+ }
+}
+
+static uint32_t vmsvga_bios_read(void *opaque, uint32_t address)
+{
+ printf("%s: what are we supposed to return?\n", __func__);
+ return 0xcafe;
+}
+
+static void vmsvga_bios_write(void *opaque, uint32_t address, uint32_t data)
+{
+ printf("%s: what are we supposed to do with (%08x)?\n", __func__, data);
+}
+
+static inline void vmsvga_check_size(struct vmsvga_state_s *s)
+{
+ DisplaySurface *surface = qemu_console_surface(s->vga.con);
+
+ if (s->new_width != surface_width(surface) ||
+ s->new_height != surface_height(surface) ||
+ s->new_depth != surface_bits_per_pixel(surface)) {
+ int stride = (s->new_depth * s->new_width) / 8;
+ trace_vmware_setmode(s->new_width, s->new_height, s->new_depth);
+ surface = qemu_create_displaysurface_from(s->new_width, s->new_height,
+ s->new_depth, stride,
+ s->vga.vram_ptr, false);
+ dpy_gfx_replace_surface(s->vga.con, surface);
+ s->invalidated = 1;
+ }
+}
+
+static void vmsvga_update_display(void *opaque)
+{
+ struct vmsvga_state_s *s = opaque;
+ DisplaySurface *surface;
+ bool dirty = false;
+
+ if (!s->enable) {
+ s->vga.hw_ops->gfx_update(&s->vga);
+ return;
+ }
+
+ vmsvga_check_size(s);
+ surface = qemu_console_surface(s->vga.con);
+
+ vmsvga_fifo_run(s);
+ vmsvga_update_rect_flush(s);
+
+ /*
+ * Is it more efficient to look at vram VGA-dirty bits or wait
+ * for the driver to issue SVGA_CMD_UPDATE?
+ */
+ if (memory_region_is_logging(&s->vga.vram)) {
+ vga_sync_dirty_bitmap(&s->vga);
+ dirty = memory_region_get_dirty(&s->vga.vram, 0,
+ surface_stride(surface) * surface_height(surface),
+ DIRTY_MEMORY_VGA);
+ }
+ if (s->invalidated || dirty) {
+ s->invalidated = 0;
+ dpy_gfx_update(s->vga.con, 0, 0,
+ surface_width(surface), surface_height(surface));
+ }
+ if (dirty) {
+ memory_region_reset_dirty(&s->vga.vram, 0,
+ surface_stride(surface) * surface_height(surface),
+ DIRTY_MEMORY_VGA);
+ }
+}
+
+static void vmsvga_reset(DeviceState *dev)
+{
+ struct pci_vmsvga_state_s *pci = VMWARE_SVGA(dev);
+ struct vmsvga_state_s *s = &pci->chip;
+
+ s->index = 0;
+ s->enable = 0;
+ s->config = 0;
+ s->svgaid = SVGA_ID;
+ s->cursor.on = 0;
+ s->redraw_fifo_first = 0;
+ s->redraw_fifo_last = 0;
+ s->syncing = 0;
+
+ vga_dirty_log_start(&s->vga);
+}
+
+static void vmsvga_invalidate_display(void *opaque)
+{
+ struct vmsvga_state_s *s = opaque;
+ if (!s->enable) {
+ s->vga.hw_ops->invalidate(&s->vga);
+ return;
+ }
+
+ s->invalidated = 1;
+}
+
+static void vmsvga_text_update(void *opaque, console_ch_t *chardata)
+{
+ struct vmsvga_state_s *s = opaque;
+
+ if (s->vga.hw_ops->text_update) {
+ s->vga.hw_ops->text_update(&s->vga, chardata);
+ }
+}
+
+static int vmsvga_post_load(void *opaque, int version_id)
+{
+ struct vmsvga_state_s *s = opaque;
+
+ s->invalidated = 1;
+ if (s->config) {
+ s->fifo = (uint32_t *) s->fifo_ptr;
+ }
+ return 0;
+}
+
+static const VMStateDescription vmstate_vmware_vga_internal = {
+ .name = "vmware_vga_internal",
+ .version_id = 0,
+ .minimum_version_id = 0,
+ .minimum_version_id_old = 0,
+ .post_load = vmsvga_post_load,
+ .fields = (VMStateField[]) {
+ VMSTATE_INT32_EQUAL(new_depth, struct vmsvga_state_s),
+ VMSTATE_INT32(enable, struct vmsvga_state_s),
+ VMSTATE_INT32(config, struct vmsvga_state_s),
+ VMSTATE_INT32(cursor.id, struct vmsvga_state_s),
+ VMSTATE_INT32(cursor.x, struct vmsvga_state_s),
+ VMSTATE_INT32(cursor.y, struct vmsvga_state_s),
+ VMSTATE_INT32(cursor.on, struct vmsvga_state_s),
+ VMSTATE_INT32(index, struct vmsvga_state_s),
+ VMSTATE_VARRAY_INT32(scratch, struct vmsvga_state_s,
+ scratch_size, 0, vmstate_info_uint32, uint32_t),
+ VMSTATE_INT32(new_width, struct vmsvga_state_s),
+ VMSTATE_INT32(new_height, struct vmsvga_state_s),
+ VMSTATE_UINT32(guest, struct vmsvga_state_s),
+ VMSTATE_UINT32(svgaid, struct vmsvga_state_s),
+ VMSTATE_INT32(syncing, struct vmsvga_state_s),
+ VMSTATE_UNUSED(4), /* was fb_size */
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+static const VMStateDescription vmstate_vmware_vga = {
+ .name = "vmware_vga",
+ .version_id = 0,
+ .minimum_version_id = 0,
+ .minimum_version_id_old = 0,
+ .fields = (VMStateField[]) {
+ VMSTATE_PCI_DEVICE(parent_obj, struct pci_vmsvga_state_s),
+ VMSTATE_STRUCT(chip, struct pci_vmsvga_state_s, 0,
+ vmstate_vmware_vga_internal, struct vmsvga_state_s),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+static const GraphicHwOps vmsvga_ops = {
+ .invalidate = vmsvga_invalidate_display,
+ .gfx_update = vmsvga_update_display,
+ .text_update = vmsvga_text_update,
+};
+
+static void vmsvga_init(DeviceState *dev, struct vmsvga_state_s *s,
+ MemoryRegion *address_space, MemoryRegion *io)
+{
+ s->scratch_size = SVGA_SCRATCH_SIZE;
+ s->scratch = g_malloc(s->scratch_size * 4);
+
+ s->vga.con = graphic_console_init(dev, &vmsvga_ops, s);
+
+ s->fifo_size = SVGA_FIFO_SIZE;
+ memory_region_init_ram(&s->fifo_ram, NULL, "vmsvga.fifo", s->fifo_size);
+ vmstate_register_ram_global(&s->fifo_ram);
+ s->fifo_ptr = memory_region_get_ram_ptr(&s->fifo_ram);
+
+ vga_common_init(&s->vga, OBJECT(dev));
+ vga_init(&s->vga, OBJECT(dev), address_space, io, true);
+ vmstate_register(NULL, 0, &vmstate_vga_common, &s->vga);
+ s->new_depth = 32;
+}
+
+static uint64_t vmsvga_io_read(void *opaque, hwaddr addr, unsigned size)
+{
+ struct vmsvga_state_s *s = opaque;
+
+ switch (addr) {
+ case SVGA_IO_MUL * SVGA_INDEX_PORT: return vmsvga_index_read(s, addr);
+ case SVGA_IO_MUL * SVGA_VALUE_PORT: return vmsvga_value_read(s, addr);
+ case SVGA_IO_MUL * SVGA_BIOS_PORT: return vmsvga_bios_read(s, addr);
+ default: return -1u;
+ }
+}
+
+static void vmsvga_io_write(void *opaque, hwaddr addr,
+ uint64_t data, unsigned size)
+{
+ struct vmsvga_state_s *s = opaque;
+
+ switch (addr) {
+ case SVGA_IO_MUL * SVGA_INDEX_PORT:
+ vmsvga_index_write(s, addr, data);
+ break;
+ case SVGA_IO_MUL * SVGA_VALUE_PORT:
+ vmsvga_value_write(s, addr, data);
+ break;
+ case SVGA_IO_MUL * SVGA_BIOS_PORT:
+ vmsvga_bios_write(s, addr, data);
+ break;
+ }
+}
+
+static const MemoryRegionOps vmsvga_io_ops = {
+ .read = vmsvga_io_read,
+ .write = vmsvga_io_write,
+ .endianness = DEVICE_LITTLE_ENDIAN,
+ .valid = {
+ .min_access_size = 4,
+ .max_access_size = 4,
+ .unaligned = true,
+ },
+ .impl = {
+ .unaligned = true,
+ },
+};
+
+static int pci_vmsvga_initfn(PCIDevice *dev)
+{
+ struct pci_vmsvga_state_s *s = VMWARE_SVGA(dev);
+
+ dev->config[PCI_CACHE_LINE_SIZE] = 0x08;
+ dev->config[PCI_LATENCY_TIMER] = 0x40;
+ dev->config[PCI_INTERRUPT_LINE] = 0xff; /* End */
+
+ memory_region_init_io(&s->io_bar, NULL, &vmsvga_io_ops, &s->chip,
+ "vmsvga-io", 0x10);
+ memory_region_set_flush_coalesced(&s->io_bar);
+ pci_register_bar(dev, 0, PCI_BASE_ADDRESS_SPACE_IO, &s->io_bar);
+
+ vmsvga_init(DEVICE(dev), &s->chip,
+ pci_address_space(dev), pci_address_space_io(dev));
+
+ pci_register_bar(dev, 1, PCI_BASE_ADDRESS_MEM_PREFETCH,
+ &s->chip.vga.vram);
+ pci_register_bar(dev, 2, PCI_BASE_ADDRESS_MEM_PREFETCH,
+ &s->chip.fifo_ram);
+
+ if (!dev->rom_bar) {
+ /* compatibility with pc-0.13 and older */
+ vga_init_vbe(&s->chip.vga, OBJECT(dev), pci_address_space(dev));
+ }
+
+ return 0;
+}
+
+static Property vga_vmware_properties[] = {
+ DEFINE_PROP_UINT32("vgamem_mb", struct pci_vmsvga_state_s,
+ chip.vga.vram_size_mb, 16),
+ DEFINE_PROP_END_OF_LIST(),
+};
+
+static void vmsvga_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ PCIDeviceClass *k = PCI_DEVICE_CLASS(klass);
+
+ k->no_hotplug = 1;
+ k->init = pci_vmsvga_initfn;
+ k->romfile = "vgabios-vmware.bin";
+ k->vendor_id = PCI_VENDOR_ID_VMWARE;
+ k->device_id = SVGA_PCI_DEVICE_ID;
+ k->class_id = PCI_CLASS_DISPLAY_VGA;
+ k->subsystem_vendor_id = PCI_VENDOR_ID_VMWARE;
+ k->subsystem_id = SVGA_PCI_DEVICE_ID;
+ dc->reset = vmsvga_reset;
+ dc->vmsd = &vmstate_vmware_vga;
+ dc->props = vga_vmware_properties;
+ set_bit(DEVICE_CATEGORY_DISPLAY, dc->categories);
+}
+
+static const TypeInfo vmsvga_info = {
+ .name = TYPE_VMWARE_SVGA,
+ .parent = TYPE_PCI_DEVICE,
+ .instance_size = sizeof(struct pci_vmsvga_state_s),
+ .class_init = vmsvga_class_init,
+};
+
+static void vmsvga_register_types(void)
+{
+ type_register_static(&vmsvga_info);
+}
+
+type_init(vmsvga_register_types)
diff --git a/hw/display/xenfb.c b/hw/display/xenfb.c
new file mode 100644
index 000000000..f0333a0ca
--- /dev/null
+++ b/hw/display/xenfb.c
@@ -0,0 +1,1000 @@
+/*
+ * xen paravirt framebuffer backend
+ *
+ * Copyright IBM, Corp. 2005-2006
+ * Copyright Red Hat, Inc. 2006-2008
+ *
+ * Authors:
+ * Anthony Liguori <aliguori@us.ibm.com>,
+ * Markus Armbruster <armbru@redhat.com>,
+ * Daniel P. Berrange <berrange@redhat.com>,
+ * Pat Campbell <plc@novell.com>,
+ * Gerd Hoffmann <kraxel@redhat.com>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; under version 2 of the License.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <stdarg.h>
+#include <stdlib.h>
+#include <sys/types.h>
+#include <fcntl.h>
+#include <unistd.h>
+#include <sys/mman.h>
+#include <errno.h>
+#include <stdio.h>
+#include <string.h>
+#include <time.h>
+
+#include "hw/hw.h"
+#include "ui/console.h"
+#include "sysemu/char.h"
+#include "hw/xen/xen_backend.h"
+
+#include <xen/event_channel.h>
+#include <xen/io/fbif.h>
+#include <xen/io/kbdif.h>
+#include <xen/io/protocols.h>
+
+#ifndef BTN_LEFT
+#define BTN_LEFT 0x110 /* from <linux/input.h> */
+#endif
+
+/* -------------------------------------------------------------------- */
+
+struct common {
+ struct XenDevice xendev; /* must be first */
+ void *page;
+ QemuConsole *con;
+};
+
+struct XenInput {
+ struct common c;
+ int abs_pointer_wanted; /* Whether guest supports absolute pointer */
+ int button_state; /* Last seen pointer button state */
+ int extended;
+ QEMUPutMouseEntry *qmouse;
+};
+
+#define UP_QUEUE 8
+
+struct XenFB {
+ struct common c;
+ size_t fb_len;
+ int row_stride;
+ int depth;
+ int width;
+ int height;
+ int offset;
+ void *pixels;
+ int fbpages;
+ int feature_update;
+ int bug_trigger;
+ int have_console;
+ int do_resize;
+
+ struct {
+ int x,y,w,h;
+ } up_rects[UP_QUEUE];
+ int up_count;
+ int up_fullscreen;
+};
+
+/* -------------------------------------------------------------------- */
+
+static int common_bind(struct common *c)
+{
+ int mfn;
+
+ if (xenstore_read_fe_int(&c->xendev, "page-ref", &mfn) == -1)
+ return -1;
+ if (xenstore_read_fe_int(&c->xendev, "event-channel", &c->xendev.remote_port) == -1)
+ return -1;
+
+ c->page = xc_map_foreign_range(xen_xc, c->xendev.dom,
+ XC_PAGE_SIZE,
+ PROT_READ | PROT_WRITE, mfn);
+ if (c->page == NULL)
+ return -1;
+
+ xen_be_bind_evtchn(&c->xendev);
+ xen_be_printf(&c->xendev, 1, "ring mfn %d, remote-port %d, local-port %d\n",
+ mfn, c->xendev.remote_port, c->xendev.local_port);
+
+ return 0;
+}
+
+static void common_unbind(struct common *c)
+{
+ xen_be_unbind_evtchn(&c->xendev);
+ if (c->page) {
+ munmap(c->page, XC_PAGE_SIZE);
+ c->page = NULL;
+ }
+}
+
+/* -------------------------------------------------------------------- */
+
+#if 0
+/*
+ * These two tables are not needed any more, but left in here
+ * intentionally as documentation, to show how scancode2linux[]
+ * was generated.
+ *
+ * Tables to map from scancode to Linux input layer keycode.
+ * Scancodes are hardware-specific. These maps assumes a
+ * standard AT or PS/2 keyboard which is what QEMU feeds us.
+ */
+const unsigned char atkbd_set2_keycode[512] = {
+
+ 0, 67, 65, 63, 61, 59, 60, 88, 0, 68, 66, 64, 62, 15, 41,117,
+ 0, 56, 42, 93, 29, 16, 2, 0, 0, 0, 44, 31, 30, 17, 3, 0,
+ 0, 46, 45, 32, 18, 5, 4, 95, 0, 57, 47, 33, 20, 19, 6,183,
+ 0, 49, 48, 35, 34, 21, 7,184, 0, 0, 50, 36, 22, 8, 9,185,
+ 0, 51, 37, 23, 24, 11, 10, 0, 0, 52, 53, 38, 39, 25, 12, 0,
+ 0, 89, 40, 0, 26, 13, 0, 0, 58, 54, 28, 27, 0, 43, 0, 85,
+ 0, 86, 91, 90, 92, 0, 14, 94, 0, 79,124, 75, 71,121, 0, 0,
+ 82, 83, 80, 76, 77, 72, 1, 69, 87, 78, 81, 74, 55, 73, 70, 99,
+
+ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+ 217,100,255, 0, 97,165, 0, 0,156, 0, 0, 0, 0, 0, 0,125,
+ 173,114, 0,113, 0, 0, 0,126,128, 0, 0,140, 0, 0, 0,127,
+ 159, 0,115, 0,164, 0, 0,116,158, 0,150,166, 0, 0, 0,142,
+ 157, 0, 0, 0, 0, 0, 0, 0,155, 0, 98, 0, 0,163, 0, 0,
+ 226, 0, 0, 0, 0, 0, 0, 0, 0,255, 96, 0, 0, 0,143, 0,
+ 0, 0, 0, 0, 0, 0, 0, 0, 0,107, 0,105,102, 0, 0,112,
+ 110,111,108,112,106,103, 0,119, 0,118,109, 0, 99,104,119, 0,
+
+};
+
+const unsigned char atkbd_unxlate_table[128] = {
+
+ 0,118, 22, 30, 38, 37, 46, 54, 61, 62, 70, 69, 78, 85,102, 13,
+ 21, 29, 36, 45, 44, 53, 60, 67, 68, 77, 84, 91, 90, 20, 28, 27,
+ 35, 43, 52, 51, 59, 66, 75, 76, 82, 14, 18, 93, 26, 34, 33, 42,
+ 50, 49, 58, 65, 73, 74, 89,124, 17, 41, 88, 5, 6, 4, 12, 3,
+ 11, 2, 10, 1, 9,119,126,108,117,125,123,107,115,116,121,105,
+ 114,122,112,113,127, 96, 97,120, 7, 15, 23, 31, 39, 47, 55, 63,
+ 71, 79, 86, 94, 8, 16, 24, 32, 40, 48, 56, 64, 72, 80, 87,111,
+ 19, 25, 57, 81, 83, 92, 95, 98, 99,100,101,103,104,106,109,110
+
+};
+#endif
+
+/*
+ * for (i = 0; i < 128; i++) {
+ * scancode2linux[i] = atkbd_set2_keycode[atkbd_unxlate_table[i]];
+ * scancode2linux[i | 0x80] = atkbd_set2_keycode[atkbd_unxlate_table[i] | 0x80];
+ * }
+ */
+static const unsigned char scancode2linux[512] = {
+ 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15,
+ 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31,
+ 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47,
+ 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63,
+ 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79,
+ 80, 81, 82, 83, 99, 0, 86, 87, 88,117, 0, 0, 95,183,184,185,
+ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+ 93, 0, 0, 89, 0, 0, 85, 91, 90, 92, 0, 94, 0,124,121, 0,
+
+ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+ 165, 0, 0, 0, 0, 0, 0, 0, 0,163, 0, 0, 96, 97, 0, 0,
+ 113,140,164, 0,166, 0, 0, 0, 0, 0,255, 0, 0, 0,114, 0,
+ 115, 0,150, 0, 0, 98,255, 99,100, 0, 0, 0, 0, 0, 0, 0,
+ 0, 0, 0, 0, 0,119,119,102,103,104, 0,105,112,106,118,107,
+ 108,109,110,111, 0, 0, 0, 0, 0, 0, 0,125,126,127,116,142,
+ 0, 0, 0,143, 0,217,156,173,128,159,158,157,155,226, 0,112,
+ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+};
+
+/* Send an event to the keyboard frontend driver */
+static int xenfb_kbd_event(struct XenInput *xenfb,
+ union xenkbd_in_event *event)
+{
+ struct xenkbd_page *page = xenfb->c.page;
+ uint32_t prod;
+
+ if (xenfb->c.xendev.be_state != XenbusStateConnected)
+ return 0;
+ if (!page)
+ return 0;
+
+ prod = page->in_prod;
+ if (prod - page->in_cons == XENKBD_IN_RING_LEN) {
+ errno = EAGAIN;
+ return -1;
+ }
+
+ xen_mb(); /* ensure ring space available */
+ XENKBD_IN_RING_REF(page, prod) = *event;
+ xen_wmb(); /* ensure ring contents visible */
+ page->in_prod = prod + 1;
+ return xen_be_send_notify(&xenfb->c.xendev);
+}
+
+/* Send a keyboard (or mouse button) event */
+static int xenfb_send_key(struct XenInput *xenfb, bool down, int keycode)
+{
+ union xenkbd_in_event event;
+
+ memset(&event, 0, XENKBD_IN_EVENT_SIZE);
+ event.type = XENKBD_TYPE_KEY;
+ event.key.pressed = down ? 1 : 0;
+ event.key.keycode = keycode;
+
+ return xenfb_kbd_event(xenfb, &event);
+}
+
+/* Send a relative mouse movement event */
+static int xenfb_send_motion(struct XenInput *xenfb,
+ int rel_x, int rel_y, int rel_z)
+{
+ union xenkbd_in_event event;
+
+ memset(&event, 0, XENKBD_IN_EVENT_SIZE);
+ event.type = XENKBD_TYPE_MOTION;
+ event.motion.rel_x = rel_x;
+ event.motion.rel_y = rel_y;
+#if __XEN_LATEST_INTERFACE_VERSION__ >= 0x00030207
+ event.motion.rel_z = rel_z;
+#endif
+
+ return xenfb_kbd_event(xenfb, &event);
+}
+
+/* Send an absolute mouse movement event */
+static int xenfb_send_position(struct XenInput *xenfb,
+ int abs_x, int abs_y, int z)
+{
+ union xenkbd_in_event event;
+
+ memset(&event, 0, XENKBD_IN_EVENT_SIZE);
+ event.type = XENKBD_TYPE_POS;
+ event.pos.abs_x = abs_x;
+ event.pos.abs_y = abs_y;
+#if __XEN_LATEST_INTERFACE_VERSION__ == 0x00030207
+ event.pos.abs_z = z;
+#endif
+#if __XEN_LATEST_INTERFACE_VERSION__ >= 0x00030208
+ event.pos.rel_z = z;
+#endif
+
+ return xenfb_kbd_event(xenfb, &event);
+}
+
+/*
+ * Send a key event from the client to the guest OS
+ * QEMU gives us a raw scancode from an AT / PS/2 style keyboard.
+ * We have to turn this into a Linux Input layer keycode.
+ *
+ * Extra complexity from the fact that with extended scancodes
+ * (like those produced by arrow keys) this method gets called
+ * twice, but we only want to send a single event. So we have to
+ * track the '0xe0' scancode state & collapse the extended keys
+ * as needed.
+ *
+ * Wish we could just send scancodes straight to the guest which
+ * already has code for dealing with this...
+ */
+static void xenfb_key_event(void *opaque, int scancode)
+{
+ struct XenInput *xenfb = opaque;
+ int down = 1;
+
+ if (scancode == 0xe0) {
+ xenfb->extended = 1;
+ return;
+ } else if (scancode & 0x80) {
+ scancode &= 0x7f;
+ down = 0;
+ }
+ if (xenfb->extended) {
+ scancode |= 0x80;
+ xenfb->extended = 0;
+ }
+ xenfb_send_key(xenfb, down, scancode2linux[scancode]);
+}
+
+/*
+ * Send a mouse event from the client to the guest OS
+ *
+ * The QEMU mouse can be in either relative, or absolute mode.
+ * Movement is sent separately from button state, which has to
+ * be encoded as virtual key events. We also don't actually get
+ * given any button up/down events, so have to track changes in
+ * the button state.
+ */
+static void xenfb_mouse_event(void *opaque,
+ int dx, int dy, int dz, int button_state)
+{
+ struct XenInput *xenfb = opaque;
+ DisplaySurface *surface = qemu_console_surface(xenfb->c.con);
+ int dw = surface_width(surface);
+ int dh = surface_height(surface);
+ int i;
+
+ if (xenfb->abs_pointer_wanted)
+ xenfb_send_position(xenfb,
+ dx * (dw - 1) / 0x7fff,
+ dy * (dh - 1) / 0x7fff,
+ dz);
+ else
+ xenfb_send_motion(xenfb, dx, dy, dz);
+
+ for (i = 0 ; i < 8 ; i++) {
+ int lastDown = xenfb->button_state & (1 << i);
+ int down = button_state & (1 << i);
+ if (down == lastDown)
+ continue;
+
+ if (xenfb_send_key(xenfb, down, BTN_LEFT+i) < 0)
+ return;
+ }
+ xenfb->button_state = button_state;
+}
+
+static int input_init(struct XenDevice *xendev)
+{
+ xenstore_write_be_int(xendev, "feature-abs-pointer", 1);
+ return 0;
+}
+
+static int input_initialise(struct XenDevice *xendev)
+{
+ struct XenInput *in = container_of(xendev, struct XenInput, c.xendev);
+ int rc;
+
+ if (!in->c.con) {
+ xen_be_printf(xendev, 1, "ds not set (yet)\n");
+ return -1;
+ }
+
+ rc = common_bind(&in->c);
+ if (rc != 0)
+ return rc;
+
+ qemu_add_kbd_event_handler(xenfb_key_event, in);
+ return 0;
+}
+
+static void input_connected(struct XenDevice *xendev)
+{
+ struct XenInput *in = container_of(xendev, struct XenInput, c.xendev);
+
+ if (xenstore_read_fe_int(xendev, "request-abs-pointer",
+ &in->abs_pointer_wanted) == -1) {
+ in->abs_pointer_wanted = 0;
+ }
+
+ if (in->qmouse) {
+ qemu_remove_mouse_event_handler(in->qmouse);
+ }
+ in->qmouse = qemu_add_mouse_event_handler(xenfb_mouse_event, in,
+ in->abs_pointer_wanted,
+ "Xen PVFB Mouse");
+}
+
+static void input_disconnect(struct XenDevice *xendev)
+{
+ struct XenInput *in = container_of(xendev, struct XenInput, c.xendev);
+
+ if (in->qmouse) {
+ qemu_remove_mouse_event_handler(in->qmouse);
+ in->qmouse = NULL;
+ }
+ qemu_add_kbd_event_handler(NULL, NULL);
+ common_unbind(&in->c);
+}
+
+static void input_event(struct XenDevice *xendev)
+{
+ struct XenInput *xenfb = container_of(xendev, struct XenInput, c.xendev);
+ struct xenkbd_page *page = xenfb->c.page;
+
+ /* We don't understand any keyboard events, so just ignore them. */
+ if (page->out_prod == page->out_cons)
+ return;
+ page->out_cons = page->out_prod;
+ xen_be_send_notify(&xenfb->c.xendev);
+}
+
+/* -------------------------------------------------------------------- */
+
+static void xenfb_copy_mfns(int mode, int count, unsigned long *dst, void *src)
+{
+ uint32_t *src32 = src;
+ uint64_t *src64 = src;
+ int i;
+
+ for (i = 0; i < count; i++)
+ dst[i] = (mode == 32) ? src32[i] : src64[i];
+}
+
+static int xenfb_map_fb(struct XenFB *xenfb)
+{
+ struct xenfb_page *page = xenfb->c.page;
+ char *protocol = xenfb->c.xendev.protocol;
+ int n_fbdirs;
+ unsigned long *pgmfns = NULL;
+ unsigned long *fbmfns = NULL;
+ void *map, *pd;
+ int mode, ret = -1;
+
+ /* default to native */
+ pd = page->pd;
+ mode = sizeof(unsigned long) * 8;
+
+ if (!protocol) {
+ /*
+ * Undefined protocol, some guesswork needed.
+ *
+ * Old frontends which don't set the protocol use
+ * one page directory only, thus pd[1] must be zero.
+ * pd[1] of the 32bit struct layout and the lower
+ * 32 bits of pd[0] of the 64bit struct layout have
+ * the same location, so we can check that ...
+ */
+ uint32_t *ptr32 = NULL;
+ uint32_t *ptr64 = NULL;
+#if defined(__i386__)
+ ptr32 = (void*)page->pd;
+ ptr64 = ((void*)page->pd) + 4;
+#elif defined(__x86_64__)
+ ptr32 = ((void*)page->pd) - 4;
+ ptr64 = (void*)page->pd;
+#endif
+ if (ptr32) {
+ if (ptr32[1] == 0) {
+ mode = 32;
+ pd = ptr32;
+ } else {
+ mode = 64;
+ pd = ptr64;
+ }
+ }
+#if defined(__x86_64__)
+ } else if (strcmp(protocol, XEN_IO_PROTO_ABI_X86_32) == 0) {
+ /* 64bit dom0, 32bit domU */
+ mode = 32;
+ pd = ((void*)page->pd) - 4;
+#elif defined(__i386__)
+ } else if (strcmp(protocol, XEN_IO_PROTO_ABI_X86_64) == 0) {
+ /* 32bit dom0, 64bit domU */
+ mode = 64;
+ pd = ((void*)page->pd) + 4;
+#endif
+ }
+
+ if (xenfb->pixels) {
+ munmap(xenfb->pixels, xenfb->fbpages * XC_PAGE_SIZE);
+ xenfb->pixels = NULL;
+ }
+
+ xenfb->fbpages = (xenfb->fb_len + (XC_PAGE_SIZE - 1)) / XC_PAGE_SIZE;
+ n_fbdirs = xenfb->fbpages * mode / 8;
+ n_fbdirs = (n_fbdirs + (XC_PAGE_SIZE - 1)) / XC_PAGE_SIZE;
+
+ pgmfns = g_malloc0(sizeof(unsigned long) * n_fbdirs);
+ fbmfns = g_malloc0(sizeof(unsigned long) * xenfb->fbpages);
+
+ xenfb_copy_mfns(mode, n_fbdirs, pgmfns, pd);
+ map = xc_map_foreign_pages(xen_xc, xenfb->c.xendev.dom,
+ PROT_READ, pgmfns, n_fbdirs);
+ if (map == NULL)
+ goto out;
+ xenfb_copy_mfns(mode, xenfb->fbpages, fbmfns, map);
+ munmap(map, n_fbdirs * XC_PAGE_SIZE);
+
+ xenfb->pixels = xc_map_foreign_pages(xen_xc, xenfb->c.xendev.dom,
+ PROT_READ | PROT_WRITE, fbmfns, xenfb->fbpages);
+ if (xenfb->pixels == NULL)
+ goto out;
+
+ ret = 0; /* all is fine */
+
+out:
+ g_free(pgmfns);
+ g_free(fbmfns);
+ return ret;
+}
+
+static int xenfb_configure_fb(struct XenFB *xenfb, size_t fb_len_lim,
+ int width, int height, int depth,
+ size_t fb_len, int offset, int row_stride)
+{
+ size_t mfn_sz = sizeof(*((struct xenfb_page *)0)->pd);
+ size_t pd_len = sizeof(((struct xenfb_page *)0)->pd) / mfn_sz;
+ size_t fb_pages = pd_len * XC_PAGE_SIZE / mfn_sz;
+ size_t fb_len_max = fb_pages * XC_PAGE_SIZE;
+ int max_width, max_height;
+
+ if (fb_len_lim > fb_len_max) {
+ xen_be_printf(&xenfb->c.xendev, 0, "fb size limit %zu exceeds %zu, corrected\n",
+ fb_len_lim, fb_len_max);
+ fb_len_lim = fb_len_max;
+ }
+ if (fb_len_lim && fb_len > fb_len_lim) {
+ xen_be_printf(&xenfb->c.xendev, 0, "frontend fb size %zu limited to %zu\n",
+ fb_len, fb_len_lim);
+ fb_len = fb_len_lim;
+ }
+ if (depth != 8 && depth != 16 && depth != 24 && depth != 32) {
+ xen_be_printf(&xenfb->c.xendev, 0, "can't handle frontend fb depth %d\n",
+ depth);
+ return -1;
+ }
+ if (row_stride <= 0 || row_stride > fb_len) {
+ xen_be_printf(&xenfb->c.xendev, 0, "invalid frontend stride %d\n", row_stride);
+ return -1;
+ }
+ max_width = row_stride / (depth / 8);
+ if (width < 0 || width > max_width) {
+ xen_be_printf(&xenfb->c.xendev, 0, "invalid frontend width %d limited to %d\n",
+ width, max_width);
+ width = max_width;
+ }
+ if (offset < 0 || offset >= fb_len) {
+ xen_be_printf(&xenfb->c.xendev, 0, "invalid frontend offset %d (max %zu)\n",
+ offset, fb_len - 1);
+ return -1;
+ }
+ max_height = (fb_len - offset) / row_stride;
+ if (height < 0 || height > max_height) {
+ xen_be_printf(&xenfb->c.xendev, 0, "invalid frontend height %d limited to %d\n",
+ height, max_height);
+ height = max_height;
+ }
+ xenfb->fb_len = fb_len;
+ xenfb->row_stride = row_stride;
+ xenfb->depth = depth;
+ xenfb->width = width;
+ xenfb->height = height;
+ xenfb->offset = offset;
+ xenfb->up_fullscreen = 1;
+ xenfb->do_resize = 1;
+ xen_be_printf(&xenfb->c.xendev, 1, "framebuffer %dx%dx%d offset %d stride %d\n",
+ width, height, depth, offset, row_stride);
+ return 0;
+}
+
+/* A convenient function for munging pixels between different depths */
+#define BLT(SRC_T,DST_T,RSB,GSB,BSB,RDB,GDB,BDB) \
+ for (line = y ; line < (y+h) ; line++) { \
+ SRC_T *src = (SRC_T *)(xenfb->pixels \
+ + xenfb->offset \
+ + (line * xenfb->row_stride) \
+ + (x * xenfb->depth / 8)); \
+ DST_T *dst = (DST_T *)(data \
+ + (line * linesize) \
+ + (x * bpp / 8)); \
+ int col; \
+ const int RSS = 32 - (RSB + GSB + BSB); \
+ const int GSS = 32 - (GSB + BSB); \
+ const int BSS = 32 - (BSB); \
+ const uint32_t RSM = (~0U) << (32 - RSB); \
+ const uint32_t GSM = (~0U) << (32 - GSB); \
+ const uint32_t BSM = (~0U) << (32 - BSB); \
+ const int RDS = 32 - (RDB + GDB + BDB); \
+ const int GDS = 32 - (GDB + BDB); \
+ const int BDS = 32 - (BDB); \
+ const uint32_t RDM = (~0U) << (32 - RDB); \
+ const uint32_t GDM = (~0U) << (32 - GDB); \
+ const uint32_t BDM = (~0U) << (32 - BDB); \
+ for (col = x ; col < (x+w) ; col++) { \
+ uint32_t spix = *src; \
+ *dst = (((spix << RSS) & RSM & RDM) >> RDS) | \
+ (((spix << GSS) & GSM & GDM) >> GDS) | \
+ (((spix << BSS) & BSM & BDM) >> BDS); \
+ src = (SRC_T *) ((unsigned long) src + xenfb->depth / 8); \
+ dst = (DST_T *) ((unsigned long) dst + bpp / 8); \
+ } \
+ }
+
+
+/*
+ * This copies data from the guest framebuffer region, into QEMU's
+ * displaysurface. qemu uses 16 or 32 bpp. In case the pv framebuffer
+ * uses something else we must convert and copy, otherwise we can
+ * supply the buffer directly and no thing here.
+ */
+static void xenfb_guest_copy(struct XenFB *xenfb, int x, int y, int w, int h)
+{
+ DisplaySurface *surface = qemu_console_surface(xenfb->c.con);
+ int line, oops = 0;
+ int bpp = surface_bits_per_pixel(surface);
+ int linesize = surface_stride(surface);
+ uint8_t *data = surface_data(surface);
+
+ if (!is_buffer_shared(surface)) {
+ switch (xenfb->depth) {
+ case 8:
+ if (bpp == 16) {
+ BLT(uint8_t, uint16_t, 3, 3, 2, 5, 6, 5);
+ } else if (bpp == 32) {
+ BLT(uint8_t, uint32_t, 3, 3, 2, 8, 8, 8);
+ } else {
+ oops = 1;
+ }
+ break;
+ case 24:
+ if (bpp == 16) {
+ BLT(uint32_t, uint16_t, 8, 8, 8, 5, 6, 5);
+ } else if (bpp == 32) {
+ BLT(uint32_t, uint32_t, 8, 8, 8, 8, 8, 8);
+ } else {
+ oops = 1;
+ }
+ break;
+ default:
+ oops = 1;
+ }
+ }
+ if (oops) /* should not happen */
+ xen_be_printf(&xenfb->c.xendev, 0, "%s: oops: convert %d -> %d bpp?\n",
+ __FUNCTION__, xenfb->depth, bpp);
+
+ dpy_gfx_update(xenfb->c.con, x, y, w, h);
+}
+
+#ifdef XENFB_TYPE_REFRESH_PERIOD
+static int xenfb_queue_full(struct XenFB *xenfb)
+{
+ struct xenfb_page *page = xenfb->c.page;
+ uint32_t cons, prod;
+
+ if (!page)
+ return 1;
+
+ prod = page->in_prod;
+ cons = page->in_cons;
+ return prod - cons == XENFB_IN_RING_LEN;
+}
+
+static void xenfb_send_event(struct XenFB *xenfb, union xenfb_in_event *event)
+{
+ uint32_t prod;
+ struct xenfb_page *page = xenfb->c.page;
+
+ prod = page->in_prod;
+ /* caller ensures !xenfb_queue_full() */
+ xen_mb(); /* ensure ring space available */
+ XENFB_IN_RING_REF(page, prod) = *event;
+ xen_wmb(); /* ensure ring contents visible */
+ page->in_prod = prod + 1;
+
+ xen_be_send_notify(&xenfb->c.xendev);
+}
+
+static void xenfb_send_refresh_period(struct XenFB *xenfb, int period)
+{
+ union xenfb_in_event event;
+
+ memset(&event, 0, sizeof(event));
+ event.type = XENFB_TYPE_REFRESH_PERIOD;
+ event.refresh_period.period = period;
+ xenfb_send_event(xenfb, &event);
+}
+#endif
+
+/*
+ * Periodic update of display.
+ * Also transmit the refresh interval to the frontend.
+ *
+ * Never ever do any qemu display operations
+ * (resize, screen update) outside this function.
+ * Our screen might be inactive. When asked for
+ * an update we know it is active.
+ */
+static void xenfb_update(void *opaque)
+{
+ struct XenFB *xenfb = opaque;
+ DisplaySurface *surface;
+ int i;
+
+ if (xenfb->c.xendev.be_state != XenbusStateConnected)
+ return;
+
+ if (!xenfb->feature_update) {
+ /* we don't get update notifications, thus use the
+ * sledge hammer approach ... */
+ xenfb->up_fullscreen = 1;
+ }
+
+ /* resize if needed */
+ if (xenfb->do_resize) {
+ xenfb->do_resize = 0;
+ switch (xenfb->depth) {
+ case 16:
+ case 32:
+ /* console.c supported depth -> buffer can be used directly */
+ surface = qemu_create_displaysurface_from
+ (xenfb->width, xenfb->height, xenfb->depth,
+ xenfb->row_stride, xenfb->pixels + xenfb->offset,
+ false);
+ break;
+ default:
+ /* we must convert stuff */
+ surface = qemu_create_displaysurface(xenfb->width, xenfb->height);
+ break;
+ }
+ dpy_gfx_replace_surface(xenfb->c.con, surface);
+ xen_be_printf(&xenfb->c.xendev, 1, "update: resizing: %dx%d @ %d bpp%s\n",
+ xenfb->width, xenfb->height, xenfb->depth,
+ is_buffer_shared(surface) ? " (shared)" : "");
+ xenfb->up_fullscreen = 1;
+ }
+
+ /* run queued updates */
+ if (xenfb->up_fullscreen) {
+ xen_be_printf(&xenfb->c.xendev, 3, "update: fullscreen\n");
+ xenfb_guest_copy(xenfb, 0, 0, xenfb->width, xenfb->height);
+ } else if (xenfb->up_count) {
+ xen_be_printf(&xenfb->c.xendev, 3, "update: %d rects\n", xenfb->up_count);
+ for (i = 0; i < xenfb->up_count; i++)
+ xenfb_guest_copy(xenfb,
+ xenfb->up_rects[i].x,
+ xenfb->up_rects[i].y,
+ xenfb->up_rects[i].w,
+ xenfb->up_rects[i].h);
+ } else {
+ xen_be_printf(&xenfb->c.xendev, 3, "update: nothing\n");
+ }
+ xenfb->up_count = 0;
+ xenfb->up_fullscreen = 0;
+}
+
+static void xenfb_update_interval(void *opaque, uint64_t interval)
+{
+ struct XenFB *xenfb = opaque;
+
+ if (xenfb->feature_update) {
+#ifdef XENFB_TYPE_REFRESH_PERIOD
+ if (xenfb_queue_full(xenfb)) {
+ return;
+ }
+ xenfb_send_refresh_period(xenfb, interval);
+#endif
+ }
+}
+
+/* QEMU display state changed, so refresh the framebuffer copy */
+static void xenfb_invalidate(void *opaque)
+{
+ struct XenFB *xenfb = opaque;
+ xenfb->up_fullscreen = 1;
+}
+
+static void xenfb_handle_events(struct XenFB *xenfb)
+{
+ uint32_t prod, cons;
+ struct xenfb_page *page = xenfb->c.page;
+
+ prod = page->out_prod;
+ if (prod == page->out_cons)
+ return;
+ xen_rmb(); /* ensure we see ring contents up to prod */
+ for (cons = page->out_cons; cons != prod; cons++) {
+ union xenfb_out_event *event = &XENFB_OUT_RING_REF(page, cons);
+ int x, y, w, h;
+
+ switch (event->type) {
+ case XENFB_TYPE_UPDATE:
+ if (xenfb->up_count == UP_QUEUE)
+ xenfb->up_fullscreen = 1;
+ if (xenfb->up_fullscreen)
+ break;
+ x = MAX(event->update.x, 0);
+ y = MAX(event->update.y, 0);
+ w = MIN(event->update.width, xenfb->width - x);
+ h = MIN(event->update.height, xenfb->height - y);
+ if (w < 0 || h < 0) {
+ xen_be_printf(&xenfb->c.xendev, 1, "bogus update ignored\n");
+ break;
+ }
+ if (x != event->update.x ||
+ y != event->update.y ||
+ w != event->update.width ||
+ h != event->update.height) {
+ xen_be_printf(&xenfb->c.xendev, 1, "bogus update clipped\n");
+ }
+ if (w == xenfb->width && h > xenfb->height / 2) {
+ /* scroll detector: updated more than 50% of the lines,
+ * don't bother keeping track of the rectangles then */
+ xenfb->up_fullscreen = 1;
+ } else {
+ xenfb->up_rects[xenfb->up_count].x = x;
+ xenfb->up_rects[xenfb->up_count].y = y;
+ xenfb->up_rects[xenfb->up_count].w = w;
+ xenfb->up_rects[xenfb->up_count].h = h;
+ xenfb->up_count++;
+ }
+ break;
+#ifdef XENFB_TYPE_RESIZE
+ case XENFB_TYPE_RESIZE:
+ if (xenfb_configure_fb(xenfb, xenfb->fb_len,
+ event->resize.width,
+ event->resize.height,
+ event->resize.depth,
+ xenfb->fb_len,
+ event->resize.offset,
+ event->resize.stride) < 0)
+ break;
+ xenfb_invalidate(xenfb);
+ break;
+#endif
+ }
+ }
+ xen_mb(); /* ensure we're done with ring contents */
+ page->out_cons = cons;
+}
+
+static int fb_init(struct XenDevice *xendev)
+{
+#ifdef XENFB_TYPE_RESIZE
+ xenstore_write_be_int(xendev, "feature-resize", 1);
+#endif
+ return 0;
+}
+
+static int fb_initialise(struct XenDevice *xendev)
+{
+ struct XenFB *fb = container_of(xendev, struct XenFB, c.xendev);
+ struct xenfb_page *fb_page;
+ int videoram;
+ int rc;
+
+ if (xenstore_read_fe_int(xendev, "videoram", &videoram) == -1)
+ videoram = 0;
+
+ rc = common_bind(&fb->c);
+ if (rc != 0)
+ return rc;
+
+ fb_page = fb->c.page;
+ rc = xenfb_configure_fb(fb, videoram * 1024 * 1024U,
+ fb_page->width, fb_page->height, fb_page->depth,
+ fb_page->mem_length, 0, fb_page->line_length);
+ if (rc != 0)
+ return rc;
+
+ rc = xenfb_map_fb(fb);
+ if (rc != 0)
+ return rc;
+
+#if 0 /* handled in xen_init_display() for now */
+ if (!fb->have_console) {
+ fb->c.ds = graphic_console_init(xenfb_update,
+ xenfb_invalidate,
+ NULL,
+ NULL,
+ fb);
+ fb->have_console = 1;
+ }
+#endif
+
+ if (xenstore_read_fe_int(xendev, "feature-update", &fb->feature_update) == -1)
+ fb->feature_update = 0;
+ if (fb->feature_update)
+ xenstore_write_be_int(xendev, "request-update", 1);
+
+ xen_be_printf(xendev, 1, "feature-update=%d, videoram=%d\n",
+ fb->feature_update, videoram);
+ return 0;
+}
+
+static void fb_disconnect(struct XenDevice *xendev)
+{
+ struct XenFB *fb = container_of(xendev, struct XenFB, c.xendev);
+
+ /*
+ * FIXME: qemu can't un-init gfx display (yet?).
+ * Replacing the framebuffer with anonymous shared memory
+ * instead. This releases the guest pages and keeps qemu happy.
+ */
+ fb->pixels = mmap(fb->pixels, fb->fbpages * XC_PAGE_SIZE,
+ PROT_READ | PROT_WRITE, MAP_SHARED | MAP_ANON,
+ -1, 0);
+ common_unbind(&fb->c);
+ fb->feature_update = 0;
+ fb->bug_trigger = 0;
+}
+
+static void fb_frontend_changed(struct XenDevice *xendev, const char *node)
+{
+ struct XenFB *fb = container_of(xendev, struct XenFB, c.xendev);
+
+ /*
+ * Set state to Connected *again* once the frontend switched
+ * to connected. We must trigger the watch a second time to
+ * workaround a frontend bug.
+ */
+ if (fb->bug_trigger == 0 && strcmp(node, "state") == 0 &&
+ xendev->fe_state == XenbusStateConnected &&
+ xendev->be_state == XenbusStateConnected) {
+ xen_be_printf(xendev, 2, "re-trigger connected (frontend bug)\n");
+ xen_be_set_state(xendev, XenbusStateConnected);
+ fb->bug_trigger = 1; /* only once */
+ }
+}
+
+static void fb_event(struct XenDevice *xendev)
+{
+ struct XenFB *xenfb = container_of(xendev, struct XenFB, c.xendev);
+
+ xenfb_handle_events(xenfb);
+ xen_be_send_notify(&xenfb->c.xendev);
+}
+
+/* -------------------------------------------------------------------- */
+
+struct XenDevOps xen_kbdmouse_ops = {
+ .size = sizeof(struct XenInput),
+ .init = input_init,
+ .initialise = input_initialise,
+ .connected = input_connected,
+ .disconnect = input_disconnect,
+ .event = input_event,
+};
+
+struct XenDevOps xen_framebuffer_ops = {
+ .size = sizeof(struct XenFB),
+ .init = fb_init,
+ .initialise = fb_initialise,
+ .disconnect = fb_disconnect,
+ .event = fb_event,
+ .frontend_changed = fb_frontend_changed,
+};
+
+static const GraphicHwOps xenfb_ops = {
+ .invalidate = xenfb_invalidate,
+ .gfx_update = xenfb_update,
+ .update_interval = xenfb_update_interval,
+};
+
+/*
+ * FIXME/TODO: Kill this.
+ * Temporary needed while DisplayState reorganization is in flight.
+ */
+void xen_init_display(int domid)
+{
+ struct XenDevice *xfb, *xin;
+ struct XenFB *fb;
+ struct XenInput *in;
+ int i = 0;
+
+wait_more:
+ i++;
+ main_loop_wait(true);
+ xfb = xen_be_find_xendev("vfb", domid, 0);
+ xin = xen_be_find_xendev("vkbd", domid, 0);
+ if (!xfb || !xin) {
+ if (i < 256) {
+ usleep(10000);
+ goto wait_more;
+ }
+ xen_be_printf(NULL, 1, "displaystate setup failed\n");
+ return;
+ }
+
+ /* vfb */
+ fb = container_of(xfb, struct XenFB, c.xendev);
+ fb->c.con = graphic_console_init(NULL, &xenfb_ops, fb);
+ fb->have_console = 1;
+
+ /* vkbd */
+ in = container_of(xin, struct XenInput, c.xendev);
+ in->c.con = fb->c.con;
+
+ /* retry ->init() */
+ xen_be_check_state(xin);
+ xen_be_check_state(xfb);
+}
diff --git a/hw/dma.c b/hw/dma.c
deleted file mode 100644
index d6aeac283..000000000
--- a/hw/dma.c
+++ /dev/null
@@ -1,565 +0,0 @@
-/*
- * QEMU DMA emulation
- *
- * Copyright (c) 2003-2004 Vassili Karpov (malc)
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
- * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
- * THE SOFTWARE.
- */
-#include "hw.h"
-#include "isa.h"
-
-/* #define DEBUG_DMA */
-
-#define dolog(...) fprintf (stderr, "dma: " __VA_ARGS__)
-#ifdef DEBUG_DMA
-#define linfo(...) fprintf (stderr, "dma: " __VA_ARGS__)
-#define ldebug(...) fprintf (stderr, "dma: " __VA_ARGS__)
-#else
-#define linfo(...)
-#define ldebug(...)
-#endif
-
-struct dma_regs {
- int now[2];
- uint16_t base[2];
- uint8_t mode;
- uint8_t page;
- uint8_t pageh;
- uint8_t dack;
- uint8_t eop;
- DMA_transfer_handler transfer_handler;
- void *opaque;
-};
-
-#define ADDR 0
-#define COUNT 1
-
-static struct dma_cont {
- uint8_t status;
- uint8_t command;
- uint8_t mask;
- uint8_t flip_flop;
- int dshift;
- struct dma_regs regs[4];
- qemu_irq *cpu_request_exit;
-} dma_controllers[2];
-
-enum {
- CMD_MEMORY_TO_MEMORY = 0x01,
- CMD_FIXED_ADDRESS = 0x02,
- CMD_BLOCK_CONTROLLER = 0x04,
- CMD_COMPRESSED_TIME = 0x08,
- CMD_CYCLIC_PRIORITY = 0x10,
- CMD_EXTENDED_WRITE = 0x20,
- CMD_LOW_DREQ = 0x40,
- CMD_LOW_DACK = 0x80,
- CMD_NOT_SUPPORTED = CMD_MEMORY_TO_MEMORY | CMD_FIXED_ADDRESS
- | CMD_COMPRESSED_TIME | CMD_CYCLIC_PRIORITY | CMD_EXTENDED_WRITE
- | CMD_LOW_DREQ | CMD_LOW_DACK
-
-};
-
-static void DMA_run (void);
-
-static int channels[8] = {-1, 2, 3, 1, -1, -1, -1, 0};
-
-static void write_page (void *opaque, uint32_t nport, uint32_t data)
-{
- struct dma_cont *d = opaque;
- int ichan;
-
- ichan = channels[nport & 7];
- if (-1 == ichan) {
- dolog ("invalid channel %#x %#x\n", nport, data);
- return;
- }
- d->regs[ichan].page = data;
-}
-
-static void write_pageh (void *opaque, uint32_t nport, uint32_t data)
-{
- struct dma_cont *d = opaque;
- int ichan;
-
- ichan = channels[nport & 7];
- if (-1 == ichan) {
- dolog ("invalid channel %#x %#x\n", nport, data);
- return;
- }
- d->regs[ichan].pageh = data;
-}
-
-static uint32_t read_page (void *opaque, uint32_t nport)
-{
- struct dma_cont *d = opaque;
- int ichan;
-
- ichan = channels[nport & 7];
- if (-1 == ichan) {
- dolog ("invalid channel read %#x\n", nport);
- return 0;
- }
- return d->regs[ichan].page;
-}
-
-static uint32_t read_pageh (void *opaque, uint32_t nport)
-{
- struct dma_cont *d = opaque;
- int ichan;
-
- ichan = channels[nport & 7];
- if (-1 == ichan) {
- dolog ("invalid channel read %#x\n", nport);
- return 0;
- }
- return d->regs[ichan].pageh;
-}
-
-static inline void init_chan (struct dma_cont *d, int ichan)
-{
- struct dma_regs *r;
-
- r = d->regs + ichan;
- r->now[ADDR] = r->base[ADDR] << d->dshift;
- r->now[COUNT] = 0;
-}
-
-static inline int getff (struct dma_cont *d)
-{
- int ff;
-
- ff = d->flip_flop;
- d->flip_flop = !ff;
- return ff;
-}
-
-static uint32_t read_chan (void *opaque, uint32_t nport)
-{
- struct dma_cont *d = opaque;
- int ichan, nreg, iport, ff, val, dir;
- struct dma_regs *r;
-
- iport = (nport >> d->dshift) & 0x0f;
- ichan = iport >> 1;
- nreg = iport & 1;
- r = d->regs + ichan;
-
- dir = ((r->mode >> 5) & 1) ? -1 : 1;
- ff = getff (d);
- if (nreg)
- val = (r->base[COUNT] << d->dshift) - r->now[COUNT];
- else
- val = r->now[ADDR] + r->now[COUNT] * dir;
-
- ldebug ("read_chan %#x -> %d\n", iport, val);
- return (val >> (d->dshift + (ff << 3))) & 0xff;
-}
-
-static void write_chan (void *opaque, uint32_t nport, uint32_t data)
-{
- struct dma_cont *d = opaque;
- int iport, ichan, nreg;
- struct dma_regs *r;
-
- iport = (nport >> d->dshift) & 0x0f;
- ichan = iport >> 1;
- nreg = iport & 1;
- r = d->regs + ichan;
- if (getff (d)) {
- r->base[nreg] = (r->base[nreg] & 0xff) | ((data << 8) & 0xff00);
- init_chan (d, ichan);
- } else {
- r->base[nreg] = (r->base[nreg] & 0xff00) | (data & 0xff);
- }
-}
-
-static void write_cont (void *opaque, uint32_t nport, uint32_t data)
-{
- struct dma_cont *d = opaque;
- int iport, ichan = 0;
-
- iport = (nport >> d->dshift) & 0x0f;
- switch (iport) {
- case 0x08: /* command */
- if ((data != 0) && (data & CMD_NOT_SUPPORTED)) {
- dolog ("command %#x not supported\n", data);
- return;
- }
- d->command = data;
- break;
-
- case 0x09:
- ichan = data & 3;
- if (data & 4) {
- d->status |= 1 << (ichan + 4);
- }
- else {
- d->status &= ~(1 << (ichan + 4));
- }
- d->status &= ~(1 << ichan);
- DMA_run();
- break;
-
- case 0x0a: /* single mask */
- if (data & 4)
- d->mask |= 1 << (data & 3);
- else
- d->mask &= ~(1 << (data & 3));
- DMA_run();
- break;
-
- case 0x0b: /* mode */
- {
- ichan = data & 3;
-#ifdef DEBUG_DMA
- {
- int op, ai, dir, opmode;
- op = (data >> 2) & 3;
- ai = (data >> 4) & 1;
- dir = (data >> 5) & 1;
- opmode = (data >> 6) & 3;
-
- linfo ("ichan %d, op %d, ai %d, dir %d, opmode %d\n",
- ichan, op, ai, dir, opmode);
- }
-#endif
- d->regs[ichan].mode = data;
- break;
- }
-
- case 0x0c: /* clear flip flop */
- d->flip_flop = 0;
- break;
-
- case 0x0d: /* reset */
- d->flip_flop = 0;
- d->mask = ~0;
- d->status = 0;
- d->command = 0;
- break;
-
- case 0x0e: /* clear mask for all channels */
- d->mask = 0;
- DMA_run();
- break;
-
- case 0x0f: /* write mask for all channels */
- d->mask = data;
- DMA_run();
- break;
-
- default:
- dolog ("unknown iport %#x\n", iport);
- break;
- }
-
-#ifdef DEBUG_DMA
- if (0xc != iport) {
- linfo ("write_cont: nport %#06x, ichan % 2d, val %#06x\n",
- nport, ichan, data);
- }
-#endif
-}
-
-static uint32_t read_cont (void *opaque, uint32_t nport)
-{
- struct dma_cont *d = opaque;
- int iport, val;
-
- iport = (nport >> d->dshift) & 0x0f;
- switch (iport) {
- case 0x08: /* status */
- val = d->status;
- d->status &= 0xf0;
- break;
- case 0x0f: /* mask */
- val = d->mask;
- break;
- default:
- val = 0;
- break;
- }
-
- ldebug ("read_cont: nport %#06x, iport %#04x val %#x\n", nport, iport, val);
- return val;
-}
-
-int DMA_get_channel_mode (int nchan)
-{
- return dma_controllers[nchan > 3].regs[nchan & 3].mode;
-}
-
-void DMA_hold_DREQ (int nchan)
-{
- int ncont, ichan;
-
- ncont = nchan > 3;
- ichan = nchan & 3;
- linfo ("held cont=%d chan=%d\n", ncont, ichan);
- dma_controllers[ncont].status |= 1 << (ichan + 4);
- DMA_run();
-}
-
-void DMA_release_DREQ (int nchan)
-{
- int ncont, ichan;
-
- ncont = nchan > 3;
- ichan = nchan & 3;
- linfo ("released cont=%d chan=%d\n", ncont, ichan);
- dma_controllers[ncont].status &= ~(1 << (ichan + 4));
- DMA_run();
-}
-
-static void channel_run (int ncont, int ichan)
-{
- int n;
- struct dma_regs *r = &dma_controllers[ncont].regs[ichan];
-#ifdef DEBUG_DMA
- int dir, opmode;
-
- dir = (r->mode >> 5) & 1;
- opmode = (r->mode >> 6) & 3;
-
- if (dir) {
- dolog ("DMA in address decrement mode\n");
- }
- if (opmode != 1) {
- dolog ("DMA not in single mode select %#x\n", opmode);
- }
-#endif
-
- n = r->transfer_handler (r->opaque, ichan + (ncont << 2),
- r->now[COUNT], (r->base[COUNT] + 1) << ncont);
- r->now[COUNT] = n;
- ldebug ("dma_pos %d size %d\n", n, (r->base[COUNT] + 1) << ncont);
-}
-
-static QEMUBH *dma_bh;
-
-static void DMA_run (void)
-{
- struct dma_cont *d;
- int icont, ichan;
- int rearm = 0;
- static int running = 0;
-
- if (running) {
- rearm = 1;
- goto out;
- } else {
- running = 1;
- }
-
- d = dma_controllers;
-
- for (icont = 0; icont < 2; icont++, d++) {
- for (ichan = 0; ichan < 4; ichan++) {
- int mask;
-
- mask = 1 << ichan;
-
- if ((0 == (d->mask & mask)) && (0 != (d->status & (mask << 4)))) {
- channel_run (icont, ichan);
- rearm = 1;
- }
- }
- }
-
- running = 0;
-out:
- if (rearm)
- qemu_bh_schedule_idle(dma_bh);
-}
-
-static void DMA_run_bh(void *unused)
-{
- DMA_run();
-}
-
-void DMA_register_channel (int nchan,
- DMA_transfer_handler transfer_handler,
- void *opaque)
-{
- struct dma_regs *r;
- int ichan, ncont;
-
- ncont = nchan > 3;
- ichan = nchan & 3;
-
- r = dma_controllers[ncont].regs + ichan;
- r->transfer_handler = transfer_handler;
- r->opaque = opaque;
-}
-
-int DMA_read_memory (int nchan, void *buf, int pos, int len)
-{
- struct dma_regs *r = &dma_controllers[nchan > 3].regs[nchan & 3];
- hwaddr addr = ((r->pageh & 0x7f) << 24) | (r->page << 16) | r->now[ADDR];
-
- if (r->mode & 0x20) {
- int i;
- uint8_t *p = buf;
-
- cpu_physical_memory_read (addr - pos - len, buf, len);
- /* What about 16bit transfers? */
- for (i = 0; i < len >> 1; i++) {
- uint8_t b = p[len - i - 1];
- p[i] = b;
- }
- }
- else
- cpu_physical_memory_read (addr + pos, buf, len);
-
- return len;
-}
-
-int DMA_write_memory (int nchan, void *buf, int pos, int len)
-{
- struct dma_regs *r = &dma_controllers[nchan > 3].regs[nchan & 3];
- hwaddr addr = ((r->pageh & 0x7f) << 24) | (r->page << 16) | r->now[ADDR];
-
- if (r->mode & 0x20) {
- int i;
- uint8_t *p = buf;
-
- cpu_physical_memory_write (addr - pos - len, buf, len);
- /* What about 16bit transfers? */
- for (i = 0; i < len; i++) {
- uint8_t b = p[len - i - 1];
- p[i] = b;
- }
- }
- else
- cpu_physical_memory_write (addr + pos, buf, len);
-
- return len;
-}
-
-/* request the emulator to transfer a new DMA memory block ASAP */
-void DMA_schedule(int nchan)
-{
- struct dma_cont *d = &dma_controllers[nchan > 3];
-
- qemu_irq_pulse(*d->cpu_request_exit);
-}
-
-static void dma_reset(void *opaque)
-{
- struct dma_cont *d = opaque;
- write_cont (d, (0x0d << d->dshift), 0);
-}
-
-static int dma_phony_handler (void *opaque, int nchan, int dma_pos, int dma_len)
-{
- dolog ("unregistered DMA channel used nchan=%d dma_pos=%d dma_len=%d\n",
- nchan, dma_pos, dma_len);
- return dma_pos;
-}
-
-/* dshift = 0: 8 bit DMA, 1 = 16 bit DMA */
-static void dma_init2(struct dma_cont *d, int base, int dshift,
- int page_base, int pageh_base,
- qemu_irq *cpu_request_exit)
-{
- static const int page_port_list[] = { 0x1, 0x2, 0x3, 0x7 };
- int i;
-
- d->dshift = dshift;
- d->cpu_request_exit = cpu_request_exit;
- for (i = 0; i < 8; i++) {
- register_ioport_write (base + (i << dshift), 1, 1, write_chan, d);
- register_ioport_read (base + (i << dshift), 1, 1, read_chan, d);
- }
- for (i = 0; i < ARRAY_SIZE (page_port_list); i++) {
- register_ioport_write (page_base + page_port_list[i], 1, 1,
- write_page, d);
- register_ioport_read (page_base + page_port_list[i], 1, 1,
- read_page, d);
- if (pageh_base >= 0) {
- register_ioport_write (pageh_base + page_port_list[i], 1, 1,
- write_pageh, d);
- register_ioport_read (pageh_base + page_port_list[i], 1, 1,
- read_pageh, d);
- }
- }
- for (i = 0; i < 8; i++) {
- register_ioport_write (base + ((i + 8) << dshift), 1, 1,
- write_cont, d);
- register_ioport_read (base + ((i + 8) << dshift), 1, 1,
- read_cont, d);
- }
- qemu_register_reset(dma_reset, d);
- dma_reset(d);
- for (i = 0; i < ARRAY_SIZE (d->regs); ++i) {
- d->regs[i].transfer_handler = dma_phony_handler;
- }
-}
-
-static const VMStateDescription vmstate_dma_regs = {
- .name = "dma_regs",
- .version_id = 1,
- .minimum_version_id = 1,
- .minimum_version_id_old = 1,
- .fields = (VMStateField []) {
- VMSTATE_INT32_ARRAY(now, struct dma_regs, 2),
- VMSTATE_UINT16_ARRAY(base, struct dma_regs, 2),
- VMSTATE_UINT8(mode, struct dma_regs),
- VMSTATE_UINT8(page, struct dma_regs),
- VMSTATE_UINT8(pageh, struct dma_regs),
- VMSTATE_UINT8(dack, struct dma_regs),
- VMSTATE_UINT8(eop, struct dma_regs),
- VMSTATE_END_OF_LIST()
- }
-};
-
-static int dma_post_load(void *opaque, int version_id)
-{
- DMA_run();
-
- return 0;
-}
-
-static const VMStateDescription vmstate_dma = {
- .name = "dma",
- .version_id = 1,
- .minimum_version_id = 1,
- .minimum_version_id_old = 1,
- .post_load = dma_post_load,
- .fields = (VMStateField []) {
- VMSTATE_UINT8(command, struct dma_cont),
- VMSTATE_UINT8(mask, struct dma_cont),
- VMSTATE_UINT8(flip_flop, struct dma_cont),
- VMSTATE_INT32(dshift, struct dma_cont),
- VMSTATE_STRUCT_ARRAY(regs, struct dma_cont, 4, 1, vmstate_dma_regs, struct dma_regs),
- VMSTATE_END_OF_LIST()
- }
-};
-
-void DMA_init(int high_page_enable, qemu_irq *cpu_request_exit)
-{
- dma_init2(&dma_controllers[0], 0x00, 0, 0x80,
- high_page_enable ? 0x480 : -1, cpu_request_exit);
- dma_init2(&dma_controllers[1], 0xc0, 1, 0x88,
- high_page_enable ? 0x488 : -1, cpu_request_exit);
- vmstate_register (NULL, 0, &vmstate_dma, &dma_controllers[0]);
- vmstate_register (NULL, 1, &vmstate_dma, &dma_controllers[1]);
-
- dma_bh = qemu_bh_new(DMA_run_bh, NULL);
-}
diff --git a/hw/dma/Makefile.objs b/hw/dma/Makefile.objs
new file mode 100644
index 000000000..0e65ed0d7
--- /dev/null
+++ b/hw/dma/Makefile.objs
@@ -0,0 +1,13 @@
+common-obj-$(CONFIG_PUV3) += puv3_dma.o
+common-obj-$(CONFIG_RC4030) += rc4030.o
+common-obj-$(CONFIG_PL080) += pl080.o
+common-obj-$(CONFIG_PL330) += pl330.o
+common-obj-$(CONFIG_I82374) += i82374.o
+common-obj-$(CONFIG_I8257) += i8257.o
+common-obj-$(CONFIG_XILINX_AXI) += xilinx_axidma.o
+common-obj-$(CONFIG_ETRAXFS) += etraxfs_dma.o
+common-obj-$(CONFIG_STP2000) += sparc32_dma.o
+common-obj-$(CONFIG_SUN4M) += sun4m_iommu.o
+
+obj-$(CONFIG_OMAP) += omap_dma.o soc_dma.o
+obj-$(CONFIG_PXA2XX) += pxa2xx_dma.o
diff --git a/hw/dma/etraxfs_dma.c b/hw/dma/etraxfs_dma.c
new file mode 100644
index 000000000..359951341
--- /dev/null
+++ b/hw/dma/etraxfs_dma.c
@@ -0,0 +1,781 @@
+/*
+ * QEMU ETRAX DMA Controller.
+ *
+ * Copyright (c) 2008 Edgar E. Iglesias, Axis Communications AB.
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+#include <stdio.h>
+#include <sys/time.h>
+#include "hw/hw.h"
+#include "exec/address-spaces.h"
+#include "qemu-common.h"
+#include "sysemu/sysemu.h"
+
+#include "hw/cris/etraxfs_dma.h"
+
+#define D(x)
+
+#define RW_DATA (0x0 / 4)
+#define RW_SAVED_DATA (0x58 / 4)
+#define RW_SAVED_DATA_BUF (0x5c / 4)
+#define RW_GROUP (0x60 / 4)
+#define RW_GROUP_DOWN (0x7c / 4)
+#define RW_CMD (0x80 / 4)
+#define RW_CFG (0x84 / 4)
+#define RW_STAT (0x88 / 4)
+#define RW_INTR_MASK (0x8c / 4)
+#define RW_ACK_INTR (0x90 / 4)
+#define R_INTR (0x94 / 4)
+#define R_MASKED_INTR (0x98 / 4)
+#define RW_STREAM_CMD (0x9c / 4)
+
+#define DMA_REG_MAX (0x100 / 4)
+
+/* descriptors */
+
+// ------------------------------------------------------------ dma_descr_group
+typedef struct dma_descr_group {
+ uint32_t next;
+ unsigned eol : 1;
+ unsigned tol : 1;
+ unsigned bol : 1;
+ unsigned : 1;
+ unsigned intr : 1;
+ unsigned : 2;
+ unsigned en : 1;
+ unsigned : 7;
+ unsigned dis : 1;
+ unsigned md : 16;
+ struct dma_descr_group *up;
+ union {
+ struct dma_descr_context *context;
+ struct dma_descr_group *group;
+ } down;
+} dma_descr_group;
+
+// ---------------------------------------------------------- dma_descr_context
+typedef struct dma_descr_context {
+ uint32_t next;
+ unsigned eol : 1;
+ unsigned : 3;
+ unsigned intr : 1;
+ unsigned : 1;
+ unsigned store_mode : 1;
+ unsigned en : 1;
+ unsigned : 7;
+ unsigned dis : 1;
+ unsigned md0 : 16;
+ unsigned md1;
+ unsigned md2;
+ unsigned md3;
+ unsigned md4;
+ uint32_t saved_data;
+ uint32_t saved_data_buf;
+} dma_descr_context;
+
+// ------------------------------------------------------------- dma_descr_data
+typedef struct dma_descr_data {
+ uint32_t next;
+ uint32_t buf;
+ unsigned eol : 1;
+ unsigned : 2;
+ unsigned out_eop : 1;
+ unsigned intr : 1;
+ unsigned wait : 1;
+ unsigned : 2;
+ unsigned : 3;
+ unsigned in_eop : 1;
+ unsigned : 4;
+ unsigned md : 16;
+ uint32_t after;
+} dma_descr_data;
+
+/* Constants */
+enum {
+ regk_dma_ack_pkt = 0x00000100,
+ regk_dma_anytime = 0x00000001,
+ regk_dma_array = 0x00000008,
+ regk_dma_burst = 0x00000020,
+ regk_dma_client = 0x00000002,
+ regk_dma_copy_next = 0x00000010,
+ regk_dma_copy_up = 0x00000020,
+ regk_dma_data_at_eol = 0x00000001,
+ regk_dma_dis_c = 0x00000010,
+ regk_dma_dis_g = 0x00000020,
+ regk_dma_idle = 0x00000001,
+ regk_dma_intern = 0x00000004,
+ regk_dma_load_c = 0x00000200,
+ regk_dma_load_c_n = 0x00000280,
+ regk_dma_load_c_next = 0x00000240,
+ regk_dma_load_d = 0x00000140,
+ regk_dma_load_g = 0x00000300,
+ regk_dma_load_g_down = 0x000003c0,
+ regk_dma_load_g_next = 0x00000340,
+ regk_dma_load_g_up = 0x00000380,
+ regk_dma_next_en = 0x00000010,
+ regk_dma_next_pkt = 0x00000010,
+ regk_dma_no = 0x00000000,
+ regk_dma_only_at_wait = 0x00000000,
+ regk_dma_restore = 0x00000020,
+ regk_dma_rst = 0x00000001,
+ regk_dma_running = 0x00000004,
+ regk_dma_rw_cfg_default = 0x00000000,
+ regk_dma_rw_cmd_default = 0x00000000,
+ regk_dma_rw_intr_mask_default = 0x00000000,
+ regk_dma_rw_stat_default = 0x00000101,
+ regk_dma_rw_stream_cmd_default = 0x00000000,
+ regk_dma_save_down = 0x00000020,
+ regk_dma_save_up = 0x00000020,
+ regk_dma_set_reg = 0x00000050,
+ regk_dma_set_w_size1 = 0x00000190,
+ regk_dma_set_w_size2 = 0x000001a0,
+ regk_dma_set_w_size4 = 0x000001c0,
+ regk_dma_stopped = 0x00000002,
+ regk_dma_store_c = 0x00000002,
+ regk_dma_store_descr = 0x00000000,
+ regk_dma_store_g = 0x00000004,
+ regk_dma_store_md = 0x00000001,
+ regk_dma_sw = 0x00000008,
+ regk_dma_update_down = 0x00000020,
+ regk_dma_yes = 0x00000001
+};
+
+enum dma_ch_state
+{
+ RST = 1,
+ STOPPED = 2,
+ RUNNING = 4
+};
+
+struct fs_dma_channel
+{
+ qemu_irq irq;
+ struct etraxfs_dma_client *client;
+
+ /* Internal status. */
+ int stream_cmd_src;
+ enum dma_ch_state state;
+
+ unsigned int input : 1;
+ unsigned int eol : 1;
+
+ struct dma_descr_group current_g;
+ struct dma_descr_context current_c;
+ struct dma_descr_data current_d;
+
+ /* Control registers. */
+ uint32_t regs[DMA_REG_MAX];
+};
+
+struct fs_dma_ctrl
+{
+ MemoryRegion mmio;
+ int nr_channels;
+ struct fs_dma_channel *channels;
+
+ QEMUBH *bh;
+};
+
+static void DMA_run(void *opaque);
+static int channel_out_run(struct fs_dma_ctrl *ctrl, int c);
+
+static inline uint32_t channel_reg(struct fs_dma_ctrl *ctrl, int c, int reg)
+{
+ return ctrl->channels[c].regs[reg];
+}
+
+static inline int channel_stopped(struct fs_dma_ctrl *ctrl, int c)
+{
+ return channel_reg(ctrl, c, RW_CFG) & 2;
+}
+
+static inline int channel_en(struct fs_dma_ctrl *ctrl, int c)
+{
+ return (channel_reg(ctrl, c, RW_CFG) & 1)
+ && ctrl->channels[c].client;
+}
+
+static inline int fs_channel(hwaddr addr)
+{
+ /* Every channel has a 0x2000 ctrl register map. */
+ return addr >> 13;
+}
+
+#ifdef USE_THIS_DEAD_CODE
+static void channel_load_g(struct fs_dma_ctrl *ctrl, int c)
+{
+ hwaddr addr = channel_reg(ctrl, c, RW_GROUP);
+
+ /* Load and decode. FIXME: handle endianness. */
+ cpu_physical_memory_read (addr,
+ (void *) &ctrl->channels[c].current_g,
+ sizeof ctrl->channels[c].current_g);
+}
+
+static void dump_c(int ch, struct dma_descr_context *c)
+{
+ printf("%s ch=%d\n", __func__, ch);
+ printf("next=%x\n", c->next);
+ printf("saved_data=%x\n", c->saved_data);
+ printf("saved_data_buf=%x\n", c->saved_data_buf);
+ printf("eol=%x\n", (uint32_t) c->eol);
+}
+
+static void dump_d(int ch, struct dma_descr_data *d)
+{
+ printf("%s ch=%d\n", __func__, ch);
+ printf("next=%x\n", d->next);
+ printf("buf=%x\n", d->buf);
+ printf("after=%x\n", d->after);
+ printf("intr=%x\n", (uint32_t) d->intr);
+ printf("out_eop=%x\n", (uint32_t) d->out_eop);
+ printf("in_eop=%x\n", (uint32_t) d->in_eop);
+ printf("eol=%x\n", (uint32_t) d->eol);
+}
+#endif
+
+static void channel_load_c(struct fs_dma_ctrl *ctrl, int c)
+{
+ hwaddr addr = channel_reg(ctrl, c, RW_GROUP_DOWN);
+
+ /* Load and decode. FIXME: handle endianness. */
+ cpu_physical_memory_read (addr,
+ (void *) &ctrl->channels[c].current_c,
+ sizeof ctrl->channels[c].current_c);
+
+ D(dump_c(c, &ctrl->channels[c].current_c));
+ /* I guess this should update the current pos. */
+ ctrl->channels[c].regs[RW_SAVED_DATA] =
+ (uint32_t)(unsigned long)ctrl->channels[c].current_c.saved_data;
+ ctrl->channels[c].regs[RW_SAVED_DATA_BUF] =
+ (uint32_t)(unsigned long)ctrl->channels[c].current_c.saved_data_buf;
+}
+
+static void channel_load_d(struct fs_dma_ctrl *ctrl, int c)
+{
+ hwaddr addr = channel_reg(ctrl, c, RW_SAVED_DATA);
+
+ /* Load and decode. FIXME: handle endianness. */
+ D(printf("%s ch=%d addr=" TARGET_FMT_plx "\n", __func__, c, addr));
+ cpu_physical_memory_read (addr,
+ (void *) &ctrl->channels[c].current_d,
+ sizeof ctrl->channels[c].current_d);
+
+ D(dump_d(c, &ctrl->channels[c].current_d));
+ ctrl->channels[c].regs[RW_DATA] = addr;
+}
+
+static void channel_store_c(struct fs_dma_ctrl *ctrl, int c)
+{
+ hwaddr addr = channel_reg(ctrl, c, RW_GROUP_DOWN);
+
+ /* Encode and store. FIXME: handle endianness. */
+ D(printf("%s ch=%d addr=" TARGET_FMT_plx "\n", __func__, c, addr));
+ D(dump_d(c, &ctrl->channels[c].current_d));
+ cpu_physical_memory_write (addr,
+ (void *) &ctrl->channels[c].current_c,
+ sizeof ctrl->channels[c].current_c);
+}
+
+static void channel_store_d(struct fs_dma_ctrl *ctrl, int c)
+{
+ hwaddr addr = channel_reg(ctrl, c, RW_SAVED_DATA);
+
+ /* Encode and store. FIXME: handle endianness. */
+ D(printf("%s ch=%d addr=" TARGET_FMT_plx "\n", __func__, c, addr));
+ cpu_physical_memory_write (addr,
+ (void *) &ctrl->channels[c].current_d,
+ sizeof ctrl->channels[c].current_d);
+}
+
+static inline void channel_stop(struct fs_dma_ctrl *ctrl, int c)
+{
+ /* FIXME: */
+}
+
+static inline void channel_start(struct fs_dma_ctrl *ctrl, int c)
+{
+ if (ctrl->channels[c].client)
+ {
+ ctrl->channels[c].eol = 0;
+ ctrl->channels[c].state = RUNNING;
+ if (!ctrl->channels[c].input)
+ channel_out_run(ctrl, c);
+ } else
+ printf("WARNING: starting DMA ch %d with no client\n", c);
+
+ qemu_bh_schedule_idle(ctrl->bh);
+}
+
+static void channel_continue(struct fs_dma_ctrl *ctrl, int c)
+{
+ if (!channel_en(ctrl, c)
+ || channel_stopped(ctrl, c)
+ || ctrl->channels[c].state != RUNNING
+ /* Only reload the current data descriptor if it has eol set. */
+ || !ctrl->channels[c].current_d.eol) {
+ D(printf("continue failed ch=%d state=%d stopped=%d en=%d eol=%d\n",
+ c, ctrl->channels[c].state,
+ channel_stopped(ctrl, c),
+ channel_en(ctrl,c),
+ ctrl->channels[c].eol));
+ D(dump_d(c, &ctrl->channels[c].current_d));
+ return;
+ }
+
+ /* Reload the current descriptor. */
+ channel_load_d(ctrl, c);
+
+ /* If the current descriptor cleared the eol flag and we had already
+ reached eol state, do the continue. */
+ if (!ctrl->channels[c].current_d.eol && ctrl->channels[c].eol) {
+ D(printf("continue %d ok %x\n", c,
+ ctrl->channels[c].current_d.next));
+ ctrl->channels[c].regs[RW_SAVED_DATA] =
+ (uint32_t)(unsigned long)ctrl->channels[c].current_d.next;
+ channel_load_d(ctrl, c);
+ ctrl->channels[c].regs[RW_SAVED_DATA_BUF] =
+ (uint32_t)(unsigned long)ctrl->channels[c].current_d.buf;
+
+ channel_start(ctrl, c);
+ }
+ ctrl->channels[c].regs[RW_SAVED_DATA_BUF] =
+ (uint32_t)(unsigned long)ctrl->channels[c].current_d.buf;
+}
+
+static void channel_stream_cmd(struct fs_dma_ctrl *ctrl, int c, uint32_t v)
+{
+ unsigned int cmd = v & ((1 << 10) - 1);
+
+ D(printf("%s ch=%d cmd=%x\n",
+ __func__, c, cmd));
+ if (cmd & regk_dma_load_d) {
+ channel_load_d(ctrl, c);
+ if (cmd & regk_dma_burst)
+ channel_start(ctrl, c);
+ }
+
+ if (cmd & regk_dma_load_c) {
+ channel_load_c(ctrl, c);
+ }
+}
+
+static void channel_update_irq(struct fs_dma_ctrl *ctrl, int c)
+{
+ D(printf("%s %d\n", __func__, c));
+ ctrl->channels[c].regs[R_INTR] &=
+ ~(ctrl->channels[c].regs[RW_ACK_INTR]);
+
+ ctrl->channels[c].regs[R_MASKED_INTR] =
+ ctrl->channels[c].regs[R_INTR]
+ & ctrl->channels[c].regs[RW_INTR_MASK];
+
+ D(printf("%s: chan=%d masked_intr=%x\n", __func__,
+ c,
+ ctrl->channels[c].regs[R_MASKED_INTR]));
+
+ qemu_set_irq(ctrl->channels[c].irq,
+ !!ctrl->channels[c].regs[R_MASKED_INTR]);
+}
+
+static int channel_out_run(struct fs_dma_ctrl *ctrl, int c)
+{
+ uint32_t len;
+ uint32_t saved_data_buf;
+ unsigned char buf[2 * 1024];
+
+ struct dma_context_metadata meta;
+ bool send_context = true;
+
+ if (ctrl->channels[c].eol)
+ return 0;
+
+ do {
+ bool out_eop;
+ D(printf("ch=%d buf=%x after=%x\n",
+ c,
+ (uint32_t)ctrl->channels[c].current_d.buf,
+ (uint32_t)ctrl->channels[c].current_d.after));
+
+ if (send_context) {
+ if (ctrl->channels[c].client->client.metadata_push) {
+ meta.metadata = ctrl->channels[c].current_d.md;
+ ctrl->channels[c].client->client.metadata_push(
+ ctrl->channels[c].client->client.opaque,
+ &meta);
+ }
+ send_context = false;
+ }
+
+ channel_load_d(ctrl, c);
+ saved_data_buf = channel_reg(ctrl, c, RW_SAVED_DATA_BUF);
+ len = (uint32_t)(unsigned long)
+ ctrl->channels[c].current_d.after;
+ len -= saved_data_buf;
+
+ if (len > sizeof buf)
+ len = sizeof buf;
+ cpu_physical_memory_read (saved_data_buf, buf, len);
+
+ out_eop = ((saved_data_buf + len) ==
+ ctrl->channels[c].current_d.after) &&
+ ctrl->channels[c].current_d.out_eop;
+
+ D(printf("channel %d pushes %x %u bytes eop=%u\n", c,
+ saved_data_buf, len, out_eop));
+
+ if (ctrl->channels[c].client->client.push)
+ ctrl->channels[c].client->client.push(
+ ctrl->channels[c].client->client.opaque,
+ buf, len, out_eop);
+ else
+ printf("WARNING: DMA ch%d dataloss,"
+ " no attached client.\n", c);
+
+ saved_data_buf += len;
+
+ if (saved_data_buf == (uint32_t)(unsigned long)
+ ctrl->channels[c].current_d.after) {
+ /* Done. Step to next. */
+ if (ctrl->channels[c].current_d.out_eop) {
+ send_context = true;
+ }
+ if (ctrl->channels[c].current_d.intr) {
+ /* data intr. */
+ D(printf("signal intr %d eol=%d\n",
+ len, ctrl->channels[c].current_d.eol));
+ ctrl->channels[c].regs[R_INTR] |= (1 << 2);
+ channel_update_irq(ctrl, c);
+ }
+ channel_store_d(ctrl, c);
+ if (ctrl->channels[c].current_d.eol) {
+ D(printf("channel %d EOL\n", c));
+ ctrl->channels[c].eol = 1;
+
+ /* Mark the context as disabled. */
+ ctrl->channels[c].current_c.dis = 1;
+ channel_store_c(ctrl, c);
+
+ channel_stop(ctrl, c);
+ } else {
+ ctrl->channels[c].regs[RW_SAVED_DATA] =
+ (uint32_t)(unsigned long)ctrl->
+ channels[c].current_d.next;
+ /* Load new descriptor. */
+ channel_load_d(ctrl, c);
+ saved_data_buf = (uint32_t)(unsigned long)
+ ctrl->channels[c].current_d.buf;
+ }
+
+ ctrl->channels[c].regs[RW_SAVED_DATA_BUF] =
+ saved_data_buf;
+ D(dump_d(c, &ctrl->channels[c].current_d));
+ }
+ ctrl->channels[c].regs[RW_SAVED_DATA_BUF] = saved_data_buf;
+ } while (!ctrl->channels[c].eol);
+ return 1;
+}
+
+static int channel_in_process(struct fs_dma_ctrl *ctrl, int c,
+ unsigned char *buf, int buflen, int eop)
+{
+ uint32_t len;
+ uint32_t saved_data_buf;
+
+ if (ctrl->channels[c].eol == 1)
+ return 0;
+
+ channel_load_d(ctrl, c);
+ saved_data_buf = channel_reg(ctrl, c, RW_SAVED_DATA_BUF);
+ len = (uint32_t)(unsigned long)ctrl->channels[c].current_d.after;
+ len -= saved_data_buf;
+
+ if (len > buflen)
+ len = buflen;
+
+ cpu_physical_memory_write (saved_data_buf, buf, len);
+ saved_data_buf += len;
+
+ if (saved_data_buf ==
+ (uint32_t)(unsigned long)ctrl->channels[c].current_d.after
+ || eop) {
+ uint32_t r_intr = ctrl->channels[c].regs[R_INTR];
+
+ D(printf("in dscr end len=%d\n",
+ ctrl->channels[c].current_d.after
+ - ctrl->channels[c].current_d.buf));
+ ctrl->channels[c].current_d.after = saved_data_buf;
+
+ /* Done. Step to next. */
+ if (ctrl->channels[c].current_d.intr) {
+ /* TODO: signal eop to the client. */
+ /* data intr. */
+ ctrl->channels[c].regs[R_INTR] |= 3;
+ }
+ if (eop) {
+ ctrl->channels[c].current_d.in_eop = 1;
+ ctrl->channels[c].regs[R_INTR] |= 8;
+ }
+ if (r_intr != ctrl->channels[c].regs[R_INTR])
+ channel_update_irq(ctrl, c);
+
+ channel_store_d(ctrl, c);
+ D(dump_d(c, &ctrl->channels[c].current_d));
+
+ if (ctrl->channels[c].current_d.eol) {
+ D(printf("channel %d EOL\n", c));
+ ctrl->channels[c].eol = 1;
+
+ /* Mark the context as disabled. */
+ ctrl->channels[c].current_c.dis = 1;
+ channel_store_c(ctrl, c);
+
+ channel_stop(ctrl, c);
+ } else {
+ ctrl->channels[c].regs[RW_SAVED_DATA] =
+ (uint32_t)(unsigned long)ctrl->
+ channels[c].current_d.next;
+ /* Load new descriptor. */
+ channel_load_d(ctrl, c);
+ saved_data_buf = (uint32_t)(unsigned long)
+ ctrl->channels[c].current_d.buf;
+ }
+ }
+
+ ctrl->channels[c].regs[RW_SAVED_DATA_BUF] = saved_data_buf;
+ return len;
+}
+
+static inline int channel_in_run(struct fs_dma_ctrl *ctrl, int c)
+{
+ if (ctrl->channels[c].client->client.pull) {
+ ctrl->channels[c].client->client.pull(
+ ctrl->channels[c].client->client.opaque);
+ return 1;
+ } else
+ return 0;
+}
+
+static uint32_t dma_rinvalid (void *opaque, hwaddr addr)
+{
+ hw_error("Unsupported short raccess. reg=" TARGET_FMT_plx "\n", addr);
+ return 0;
+}
+
+static uint64_t
+dma_read(void *opaque, hwaddr addr, unsigned int size)
+{
+ struct fs_dma_ctrl *ctrl = opaque;
+ int c;
+ uint32_t r = 0;
+
+ if (size != 4) {
+ dma_rinvalid(opaque, addr);
+ }
+
+ /* Make addr relative to this channel and bounded to nr regs. */
+ c = fs_channel(addr);
+ addr &= 0xff;
+ addr >>= 2;
+ switch (addr)
+ {
+ case RW_STAT:
+ r = ctrl->channels[c].state & 7;
+ r |= ctrl->channels[c].eol << 5;
+ r |= ctrl->channels[c].stream_cmd_src << 8;
+ break;
+
+ default:
+ r = ctrl->channels[c].regs[addr];
+ D(printf ("%s c=%d addr=" TARGET_FMT_plx "\n",
+ __func__, c, addr));
+ break;
+ }
+ return r;
+}
+
+static void
+dma_winvalid (void *opaque, hwaddr addr, uint32_t value)
+{
+ hw_error("Unsupported short waccess. reg=" TARGET_FMT_plx "\n", addr);
+}
+
+static void
+dma_update_state(struct fs_dma_ctrl *ctrl, int c)
+{
+ if (ctrl->channels[c].regs[RW_CFG] & 2)
+ ctrl->channels[c].state = STOPPED;
+ if (!(ctrl->channels[c].regs[RW_CFG] & 1))
+ ctrl->channels[c].state = RST;
+}
+
+static void
+dma_write(void *opaque, hwaddr addr,
+ uint64_t val64, unsigned int size)
+{
+ struct fs_dma_ctrl *ctrl = opaque;
+ uint32_t value = val64;
+ int c;
+
+ if (size != 4) {
+ dma_winvalid(opaque, addr, value);
+ }
+
+ /* Make addr relative to this channel and bounded to nr regs. */
+ c = fs_channel(addr);
+ addr &= 0xff;
+ addr >>= 2;
+ switch (addr)
+ {
+ case RW_DATA:
+ ctrl->channels[c].regs[addr] = value;
+ break;
+
+ case RW_CFG:
+ ctrl->channels[c].regs[addr] = value;
+ dma_update_state(ctrl, c);
+ break;
+ case RW_CMD:
+ /* continue. */
+ if (value & ~1)
+ printf("Invalid store to ch=%d RW_CMD %x\n",
+ c, value);
+ ctrl->channels[c].regs[addr] = value;
+ channel_continue(ctrl, c);
+ break;
+
+ case RW_SAVED_DATA:
+ case RW_SAVED_DATA_BUF:
+ case RW_GROUP:
+ case RW_GROUP_DOWN:
+ ctrl->channels[c].regs[addr] = value;
+ break;
+
+ case RW_ACK_INTR:
+ case RW_INTR_MASK:
+ ctrl->channels[c].regs[addr] = value;
+ channel_update_irq(ctrl, c);
+ if (addr == RW_ACK_INTR)
+ ctrl->channels[c].regs[RW_ACK_INTR] = 0;
+ break;
+
+ case RW_STREAM_CMD:
+ if (value & ~1023)
+ printf("Invalid store to ch=%d "
+ "RW_STREAMCMD %x\n",
+ c, value);
+ ctrl->channels[c].regs[addr] = value;
+ D(printf("stream_cmd ch=%d\n", c));
+ channel_stream_cmd(ctrl, c, value);
+ break;
+
+ default:
+ D(printf ("%s c=%d " TARGET_FMT_plx "\n",
+ __func__, c, addr));
+ break;
+ }
+}
+
+static const MemoryRegionOps dma_ops = {
+ .read = dma_read,
+ .write = dma_write,
+ .endianness = DEVICE_NATIVE_ENDIAN,
+ .valid = {
+ .min_access_size = 1,
+ .max_access_size = 4
+ }
+};
+
+static int etraxfs_dmac_run(void *opaque)
+{
+ struct fs_dma_ctrl *ctrl = opaque;
+ int i;
+ int p = 0;
+
+ for (i = 0;
+ i < ctrl->nr_channels;
+ i++)
+ {
+ if (ctrl->channels[i].state == RUNNING)
+ {
+ if (ctrl->channels[i].input) {
+ p += channel_in_run(ctrl, i);
+ } else {
+ p += channel_out_run(ctrl, i);
+ }
+ }
+ }
+ return p;
+}
+
+int etraxfs_dmac_input(struct etraxfs_dma_client *client,
+ void *buf, int len, int eop)
+{
+ return channel_in_process(client->ctrl, client->channel,
+ buf, len, eop);
+}
+
+/* Connect an IRQ line with a channel. */
+void etraxfs_dmac_connect(void *opaque, int c, qemu_irq *line, int input)
+{
+ struct fs_dma_ctrl *ctrl = opaque;
+ ctrl->channels[c].irq = *line;
+ ctrl->channels[c].input = input;
+}
+
+void etraxfs_dmac_connect_client(void *opaque, int c,
+ struct etraxfs_dma_client *cl)
+{
+ struct fs_dma_ctrl *ctrl = opaque;
+ cl->ctrl = ctrl;
+ cl->channel = c;
+ ctrl->channels[c].client = cl;
+}
+
+
+static void DMA_run(void *opaque)
+{
+ struct fs_dma_ctrl *etraxfs_dmac = opaque;
+ int p = 1;
+
+ if (runstate_is_running())
+ p = etraxfs_dmac_run(etraxfs_dmac);
+
+ if (p)
+ qemu_bh_schedule_idle(etraxfs_dmac->bh);
+}
+
+void *etraxfs_dmac_init(hwaddr base, int nr_channels)
+{
+ struct fs_dma_ctrl *ctrl = NULL;
+
+ ctrl = g_malloc0(sizeof *ctrl);
+
+ ctrl->bh = qemu_bh_new(DMA_run, ctrl);
+
+ ctrl->nr_channels = nr_channels;
+ ctrl->channels = g_malloc0(sizeof ctrl->channels[0] * nr_channels);
+
+ memory_region_init_io(&ctrl->mmio, NULL, &dma_ops, ctrl, "etraxfs-dma",
+ nr_channels * 0x2000);
+ memory_region_add_subregion(get_system_memory(), base, &ctrl->mmio);
+
+ return ctrl;
+}
diff --git a/hw/dma/i82374.c b/hw/dma/i82374.c
new file mode 100644
index 000000000..a5b891f96
--- /dev/null
+++ b/hw/dma/i82374.c
@@ -0,0 +1,177 @@
+/*
+ * QEMU Intel 82374 emulation (Enhanced DMA controller)
+ *
+ * Copyright (c) 2010 Hervé Poussineau
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+#include "hw/isa/isa.h"
+
+//#define DEBUG_I82374
+
+#ifdef DEBUG_I82374
+#define DPRINTF(fmt, ...) \
+do { fprintf(stderr, "i82374: " fmt , ## __VA_ARGS__); } while (0)
+#else
+#define DPRINTF(fmt, ...) \
+do {} while (0)
+#endif
+#define BADF(fmt, ...) \
+do { fprintf(stderr, "i82374 ERROR: " fmt , ## __VA_ARGS__); } while (0)
+
+typedef struct I82374State {
+ uint8_t commands[8];
+ qemu_irq out;
+} I82374State;
+
+static const VMStateDescription vmstate_i82374 = {
+ .name = "i82374",
+ .version_id = 0,
+ .minimum_version_id = 0,
+ .fields = (VMStateField[]) {
+ VMSTATE_UINT8_ARRAY(commands, I82374State, 8),
+ VMSTATE_END_OF_LIST()
+ },
+};
+
+static uint32_t i82374_read_isr(void *opaque, uint32_t nport)
+{
+ uint32_t val = 0;
+
+ BADF("%s: %08x\n", __func__, nport);
+
+ DPRINTF("%s: %08x=%08x\n", __func__, nport, val);
+ return val;
+}
+
+static void i82374_write_command(void *opaque, uint32_t nport, uint32_t data)
+{
+ DPRINTF("%s: %08x=%08x\n", __func__, nport, data);
+
+ if (data != 0x42) {
+ /* Not Stop S/G command */
+ BADF("%s: %08x=%08x\n", __func__, nport, data);
+ }
+}
+
+static uint32_t i82374_read_status(void *opaque, uint32_t nport)
+{
+ uint32_t val = 0;
+
+ BADF("%s: %08x\n", __func__, nport);
+
+ DPRINTF("%s: %08x=%08x\n", __func__, nport, val);
+ return val;
+}
+
+static void i82374_write_descriptor(void *opaque, uint32_t nport, uint32_t data)
+{
+ DPRINTF("%s: %08x=%08x\n", __func__, nport, data);
+
+ BADF("%s: %08x=%08x\n", __func__, nport, data);
+}
+
+static uint32_t i82374_read_descriptor(void *opaque, uint32_t nport)
+{
+ uint32_t val = 0;
+
+ BADF("%s: %08x\n", __func__, nport);
+
+ DPRINTF("%s: %08x=%08x\n", __func__, nport, val);
+ return val;
+}
+
+static void i82374_realize(I82374State *s, Error **errp)
+{
+ DMA_init(1, &s->out);
+ memset(s->commands, 0, sizeof(s->commands));
+}
+
+#define TYPE_I82374 "i82374"
+#define I82374(obj) OBJECT_CHECK(ISAi82374State, (obj), TYPE_I82374)
+
+typedef struct ISAi82374State {
+ ISADevice parent_obj;
+
+ uint32_t iobase;
+ I82374State state;
+} ISAi82374State;
+
+static const VMStateDescription vmstate_isa_i82374 = {
+ .name = "isa-i82374",
+ .version_id = 0,
+ .minimum_version_id = 0,
+ .fields = (VMStateField[]) {
+ VMSTATE_STRUCT(state, ISAi82374State, 0, vmstate_i82374, I82374State),
+ VMSTATE_END_OF_LIST()
+ },
+};
+
+static const MemoryRegionPortio i82374_portio_list[] = {
+ { 0x0A, 1, 1, .read = i82374_read_isr, },
+ { 0x10, 8, 1, .write = i82374_write_command, },
+ { 0x18, 8, 1, .read = i82374_read_status, },
+ { 0x20, 0x20, 1,
+ .write = i82374_write_descriptor, .read = i82374_read_descriptor, },
+ PORTIO_END_OF_LIST(),
+};
+
+static void i82374_isa_realize(DeviceState *dev, Error **errp)
+{
+ ISAi82374State *isa = I82374(dev);
+ I82374State *s = &isa->state;
+ PortioList *port_list = g_new(PortioList, 1);
+
+ portio_list_init(port_list, OBJECT(isa), i82374_portio_list, s, "i82374");
+ portio_list_add(port_list, isa_address_space_io(&isa->parent_obj),
+ isa->iobase);
+
+ i82374_realize(s, errp);
+
+ qdev_init_gpio_out(dev, &s->out, 1);
+}
+
+static Property i82374_properties[] = {
+ DEFINE_PROP_HEX32("iobase", ISAi82374State, iobase, 0x400),
+ DEFINE_PROP_END_OF_LIST()
+};
+
+static void i82374_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+
+ dc->realize = i82374_isa_realize;
+ dc->vmsd = &vmstate_isa_i82374;
+ dc->props = i82374_properties;
+}
+
+static const TypeInfo i82374_isa_info = {
+ .name = TYPE_I82374,
+ .parent = TYPE_ISA_DEVICE,
+ .instance_size = sizeof(ISAi82374State),
+ .class_init = i82374_class_init,
+};
+
+static void i82374_register_types(void)
+{
+ type_register_static(&i82374_isa_info);
+}
+
+type_init(i82374_register_types)
diff --git a/hw/dma/i8257.c b/hw/dma/i8257.c
new file mode 100644
index 000000000..44903723d
--- /dev/null
+++ b/hw/dma/i8257.c
@@ -0,0 +1,600 @@
+/*
+ * QEMU DMA emulation
+ *
+ * Copyright (c) 2003-2004 Vassili Karpov (malc)
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+#include "hw/hw.h"
+#include "hw/isa/isa.h"
+#include "qemu/main-loop.h"
+
+/* #define DEBUG_DMA */
+
+#define dolog(...) fprintf (stderr, "dma: " __VA_ARGS__)
+#ifdef DEBUG_DMA
+#define linfo(...) fprintf (stderr, "dma: " __VA_ARGS__)
+#define ldebug(...) fprintf (stderr, "dma: " __VA_ARGS__)
+#else
+#define linfo(...)
+#define ldebug(...)
+#endif
+
+struct dma_regs {
+ int now[2];
+ uint16_t base[2];
+ uint8_t mode;
+ uint8_t page;
+ uint8_t pageh;
+ uint8_t dack;
+ uint8_t eop;
+ DMA_transfer_handler transfer_handler;
+ void *opaque;
+};
+
+#define ADDR 0
+#define COUNT 1
+
+static struct dma_cont {
+ uint8_t status;
+ uint8_t command;
+ uint8_t mask;
+ uint8_t flip_flop;
+ int dshift;
+ struct dma_regs regs[4];
+ qemu_irq *cpu_request_exit;
+ MemoryRegion channel_io;
+ MemoryRegion cont_io;
+} dma_controllers[2];
+
+enum {
+ CMD_MEMORY_TO_MEMORY = 0x01,
+ CMD_FIXED_ADDRESS = 0x02,
+ CMD_BLOCK_CONTROLLER = 0x04,
+ CMD_COMPRESSED_TIME = 0x08,
+ CMD_CYCLIC_PRIORITY = 0x10,
+ CMD_EXTENDED_WRITE = 0x20,
+ CMD_LOW_DREQ = 0x40,
+ CMD_LOW_DACK = 0x80,
+ CMD_NOT_SUPPORTED = CMD_MEMORY_TO_MEMORY | CMD_FIXED_ADDRESS
+ | CMD_COMPRESSED_TIME | CMD_CYCLIC_PRIORITY | CMD_EXTENDED_WRITE
+ | CMD_LOW_DREQ | CMD_LOW_DACK
+
+};
+
+static void DMA_run (void);
+
+static int channels[8] = {-1, 2, 3, 1, -1, -1, -1, 0};
+
+static void write_page (void *opaque, uint32_t nport, uint32_t data)
+{
+ struct dma_cont *d = opaque;
+ int ichan;
+
+ ichan = channels[nport & 7];
+ if (-1 == ichan) {
+ dolog ("invalid channel %#x %#x\n", nport, data);
+ return;
+ }
+ d->regs[ichan].page = data;
+}
+
+static void write_pageh (void *opaque, uint32_t nport, uint32_t data)
+{
+ struct dma_cont *d = opaque;
+ int ichan;
+
+ ichan = channels[nport & 7];
+ if (-1 == ichan) {
+ dolog ("invalid channel %#x %#x\n", nport, data);
+ return;
+ }
+ d->regs[ichan].pageh = data;
+}
+
+static uint32_t read_page (void *opaque, uint32_t nport)
+{
+ struct dma_cont *d = opaque;
+ int ichan;
+
+ ichan = channels[nport & 7];
+ if (-1 == ichan) {
+ dolog ("invalid channel read %#x\n", nport);
+ return 0;
+ }
+ return d->regs[ichan].page;
+}
+
+static uint32_t read_pageh (void *opaque, uint32_t nport)
+{
+ struct dma_cont *d = opaque;
+ int ichan;
+
+ ichan = channels[nport & 7];
+ if (-1 == ichan) {
+ dolog ("invalid channel read %#x\n", nport);
+ return 0;
+ }
+ return d->regs[ichan].pageh;
+}
+
+static inline void init_chan (struct dma_cont *d, int ichan)
+{
+ struct dma_regs *r;
+
+ r = d->regs + ichan;
+ r->now[ADDR] = r->base[ADDR] << d->dshift;
+ r->now[COUNT] = 0;
+}
+
+static inline int getff (struct dma_cont *d)
+{
+ int ff;
+
+ ff = d->flip_flop;
+ d->flip_flop = !ff;
+ return ff;
+}
+
+static uint64_t read_chan(void *opaque, hwaddr nport, unsigned size)
+{
+ struct dma_cont *d = opaque;
+ int ichan, nreg, iport, ff, val, dir;
+ struct dma_regs *r;
+
+ iport = (nport >> d->dshift) & 0x0f;
+ ichan = iport >> 1;
+ nreg = iport & 1;
+ r = d->regs + ichan;
+
+ dir = ((r->mode >> 5) & 1) ? -1 : 1;
+ ff = getff (d);
+ if (nreg)
+ val = (r->base[COUNT] << d->dshift) - r->now[COUNT];
+ else
+ val = r->now[ADDR] + r->now[COUNT] * dir;
+
+ ldebug ("read_chan %#x -> %d\n", iport, val);
+ return (val >> (d->dshift + (ff << 3))) & 0xff;
+}
+
+static void write_chan(void *opaque, hwaddr nport, uint64_t data,
+ unsigned size)
+{
+ struct dma_cont *d = opaque;
+ int iport, ichan, nreg;
+ struct dma_regs *r;
+
+ iport = (nport >> d->dshift) & 0x0f;
+ ichan = iport >> 1;
+ nreg = iport & 1;
+ r = d->regs + ichan;
+ if (getff (d)) {
+ r->base[nreg] = (r->base[nreg] & 0xff) | ((data << 8) & 0xff00);
+ init_chan (d, ichan);
+ } else {
+ r->base[nreg] = (r->base[nreg] & 0xff00) | (data & 0xff);
+ }
+}
+
+static void write_cont(void *opaque, hwaddr nport, uint64_t data,
+ unsigned size)
+{
+ struct dma_cont *d = opaque;
+ int iport, ichan = 0;
+
+ iport = (nport >> d->dshift) & 0x0f;
+ switch (iport) {
+ case 0x00: /* command */
+ if ((data != 0) && (data & CMD_NOT_SUPPORTED)) {
+ dolog("command %"PRIx64" not supported\n", data);
+ return;
+ }
+ d->command = data;
+ break;
+
+ case 0x01:
+ ichan = data & 3;
+ if (data & 4) {
+ d->status |= 1 << (ichan + 4);
+ }
+ else {
+ d->status &= ~(1 << (ichan + 4));
+ }
+ d->status &= ~(1 << ichan);
+ DMA_run();
+ break;
+
+ case 0x02: /* single mask */
+ if (data & 4)
+ d->mask |= 1 << (data & 3);
+ else
+ d->mask &= ~(1 << (data & 3));
+ DMA_run();
+ break;
+
+ case 0x03: /* mode */
+ {
+ ichan = data & 3;
+#ifdef DEBUG_DMA
+ {
+ int op, ai, dir, opmode;
+ op = (data >> 2) & 3;
+ ai = (data >> 4) & 1;
+ dir = (data >> 5) & 1;
+ opmode = (data >> 6) & 3;
+
+ linfo ("ichan %d, op %d, ai %d, dir %d, opmode %d\n",
+ ichan, op, ai, dir, opmode);
+ }
+#endif
+ d->regs[ichan].mode = data;
+ break;
+ }
+
+ case 0x04: /* clear flip flop */
+ d->flip_flop = 0;
+ break;
+
+ case 0x05: /* reset */
+ d->flip_flop = 0;
+ d->mask = ~0;
+ d->status = 0;
+ d->command = 0;
+ break;
+
+ case 0x06: /* clear mask for all channels */
+ d->mask = 0;
+ DMA_run();
+ break;
+
+ case 0x07: /* write mask for all channels */
+ d->mask = data;
+ DMA_run();
+ break;
+
+ default:
+ dolog ("unknown iport %#x\n", iport);
+ break;
+ }
+
+#ifdef DEBUG_DMA
+ if (0xc != iport) {
+ linfo ("write_cont: nport %#06x, ichan % 2d, val %#06x\n",
+ nport, ichan, data);
+ }
+#endif
+}
+
+static uint64_t read_cont(void *opaque, hwaddr nport, unsigned size)
+{
+ struct dma_cont *d = opaque;
+ int iport, val;
+
+ iport = (nport >> d->dshift) & 0x0f;
+ switch (iport) {
+ case 0x00: /* status */
+ val = d->status;
+ d->status &= 0xf0;
+ break;
+ case 0x01: /* mask */
+ val = d->mask;
+ break;
+ default:
+ val = 0;
+ break;
+ }
+
+ ldebug ("read_cont: nport %#06x, iport %#04x val %#x\n", nport, iport, val);
+ return val;
+}
+
+int DMA_get_channel_mode (int nchan)
+{
+ return dma_controllers[nchan > 3].regs[nchan & 3].mode;
+}
+
+void DMA_hold_DREQ (int nchan)
+{
+ int ncont, ichan;
+
+ ncont = nchan > 3;
+ ichan = nchan & 3;
+ linfo ("held cont=%d chan=%d\n", ncont, ichan);
+ dma_controllers[ncont].status |= 1 << (ichan + 4);
+ DMA_run();
+}
+
+void DMA_release_DREQ (int nchan)
+{
+ int ncont, ichan;
+
+ ncont = nchan > 3;
+ ichan = nchan & 3;
+ linfo ("released cont=%d chan=%d\n", ncont, ichan);
+ dma_controllers[ncont].status &= ~(1 << (ichan + 4));
+ DMA_run();
+}
+
+static void channel_run (int ncont, int ichan)
+{
+ int n;
+ struct dma_regs *r = &dma_controllers[ncont].regs[ichan];
+#ifdef DEBUG_DMA
+ int dir, opmode;
+
+ dir = (r->mode >> 5) & 1;
+ opmode = (r->mode >> 6) & 3;
+
+ if (dir) {
+ dolog ("DMA in address decrement mode\n");
+ }
+ if (opmode != 1) {
+ dolog ("DMA not in single mode select %#x\n", opmode);
+ }
+#endif
+
+ n = r->transfer_handler (r->opaque, ichan + (ncont << 2),
+ r->now[COUNT], (r->base[COUNT] + 1) << ncont);
+ r->now[COUNT] = n;
+ ldebug ("dma_pos %d size %d\n", n, (r->base[COUNT] + 1) << ncont);
+}
+
+static QEMUBH *dma_bh;
+
+static void DMA_run (void)
+{
+ struct dma_cont *d;
+ int icont, ichan;
+ int rearm = 0;
+ static int running = 0;
+
+ if (running) {
+ rearm = 1;
+ goto out;
+ } else {
+ running = 1;
+ }
+
+ d = dma_controllers;
+
+ for (icont = 0; icont < 2; icont++, d++) {
+ for (ichan = 0; ichan < 4; ichan++) {
+ int mask;
+
+ mask = 1 << ichan;
+
+ if ((0 == (d->mask & mask)) && (0 != (d->status & (mask << 4)))) {
+ channel_run (icont, ichan);
+ rearm = 1;
+ }
+ }
+ }
+
+ running = 0;
+out:
+ if (rearm)
+ qemu_bh_schedule_idle(dma_bh);
+}
+
+static void DMA_run_bh(void *unused)
+{
+ DMA_run();
+}
+
+void DMA_register_channel (int nchan,
+ DMA_transfer_handler transfer_handler,
+ void *opaque)
+{
+ struct dma_regs *r;
+ int ichan, ncont;
+
+ ncont = nchan > 3;
+ ichan = nchan & 3;
+
+ r = dma_controllers[ncont].regs + ichan;
+ r->transfer_handler = transfer_handler;
+ r->opaque = opaque;
+}
+
+int DMA_read_memory (int nchan, void *buf, int pos, int len)
+{
+ struct dma_regs *r = &dma_controllers[nchan > 3].regs[nchan & 3];
+ hwaddr addr = ((r->pageh & 0x7f) << 24) | (r->page << 16) | r->now[ADDR];
+
+ if (r->mode & 0x20) {
+ int i;
+ uint8_t *p = buf;
+
+ cpu_physical_memory_read (addr - pos - len, buf, len);
+ /* What about 16bit transfers? */
+ for (i = 0; i < len >> 1; i++) {
+ uint8_t b = p[len - i - 1];
+ p[i] = b;
+ }
+ }
+ else
+ cpu_physical_memory_read (addr + pos, buf, len);
+
+ return len;
+}
+
+int DMA_write_memory (int nchan, void *buf, int pos, int len)
+{
+ struct dma_regs *r = &dma_controllers[nchan > 3].regs[nchan & 3];
+ hwaddr addr = ((r->pageh & 0x7f) << 24) | (r->page << 16) | r->now[ADDR];
+
+ if (r->mode & 0x20) {
+ int i;
+ uint8_t *p = buf;
+
+ cpu_physical_memory_write (addr - pos - len, buf, len);
+ /* What about 16bit transfers? */
+ for (i = 0; i < len; i++) {
+ uint8_t b = p[len - i - 1];
+ p[i] = b;
+ }
+ }
+ else
+ cpu_physical_memory_write (addr + pos, buf, len);
+
+ return len;
+}
+
+/* request the emulator to transfer a new DMA memory block ASAP */
+void DMA_schedule(int nchan)
+{
+ struct dma_cont *d = &dma_controllers[nchan > 3];
+
+ qemu_irq_pulse(*d->cpu_request_exit);
+}
+
+static void dma_reset(void *opaque)
+{
+ struct dma_cont *d = opaque;
+ write_cont(d, (0x05 << d->dshift), 0, 1);
+}
+
+static int dma_phony_handler (void *opaque, int nchan, int dma_pos, int dma_len)
+{
+ dolog ("unregistered DMA channel used nchan=%d dma_pos=%d dma_len=%d\n",
+ nchan, dma_pos, dma_len);
+ return dma_pos;
+}
+
+
+static const MemoryRegionOps channel_io_ops = {
+ .read = read_chan,
+ .write = write_chan,
+ .endianness = DEVICE_NATIVE_ENDIAN,
+ .impl = {
+ .min_access_size = 1,
+ .max_access_size = 1,
+ },
+};
+
+/* IOport from page_base */
+static const MemoryRegionPortio page_portio_list[] = {
+ { 0x01, 3, 1, .write = write_page, .read = read_page, },
+ { 0x07, 1, 1, .write = write_page, .read = read_page, },
+ PORTIO_END_OF_LIST(),
+};
+
+/* IOport from pageh_base */
+static const MemoryRegionPortio pageh_portio_list[] = {
+ { 0x01, 3, 1, .write = write_pageh, .read = read_pageh, },
+ { 0x07, 3, 1, .write = write_pageh, .read = read_pageh, },
+ PORTIO_END_OF_LIST(),
+};
+
+static const MemoryRegionOps cont_io_ops = {
+ .read = read_cont,
+ .write = write_cont,
+ .endianness = DEVICE_NATIVE_ENDIAN,
+ .impl = {
+ .min_access_size = 1,
+ .max_access_size = 1,
+ },
+};
+
+/* dshift = 0: 8 bit DMA, 1 = 16 bit DMA */
+static void dma_init2(struct dma_cont *d, int base, int dshift,
+ int page_base, int pageh_base,
+ qemu_irq *cpu_request_exit)
+{
+ int i;
+
+ d->dshift = dshift;
+ d->cpu_request_exit = cpu_request_exit;
+
+ memory_region_init_io(&d->channel_io, NULL, &channel_io_ops, d,
+ "dma-chan", 8 << d->dshift);
+ memory_region_add_subregion(isa_address_space_io(NULL),
+ base, &d->channel_io);
+
+ isa_register_portio_list(NULL, page_base, page_portio_list, d,
+ "dma-page");
+ if (pageh_base >= 0) {
+ isa_register_portio_list(NULL, pageh_base, pageh_portio_list, d,
+ "dma-pageh");
+ }
+
+ memory_region_init_io(&d->cont_io, NULL, &cont_io_ops, d, "dma-cont",
+ 8 << d->dshift);
+ memory_region_add_subregion(isa_address_space_io(NULL),
+ base + (8 << d->dshift), &d->cont_io);
+
+ qemu_register_reset(dma_reset, d);
+ dma_reset(d);
+ for (i = 0; i < ARRAY_SIZE (d->regs); ++i) {
+ d->regs[i].transfer_handler = dma_phony_handler;
+ }
+}
+
+static const VMStateDescription vmstate_dma_regs = {
+ .name = "dma_regs",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .minimum_version_id_old = 1,
+ .fields = (VMStateField []) {
+ VMSTATE_INT32_ARRAY(now, struct dma_regs, 2),
+ VMSTATE_UINT16_ARRAY(base, struct dma_regs, 2),
+ VMSTATE_UINT8(mode, struct dma_regs),
+ VMSTATE_UINT8(page, struct dma_regs),
+ VMSTATE_UINT8(pageh, struct dma_regs),
+ VMSTATE_UINT8(dack, struct dma_regs),
+ VMSTATE_UINT8(eop, struct dma_regs),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+static int dma_post_load(void *opaque, int version_id)
+{
+ DMA_run();
+
+ return 0;
+}
+
+static const VMStateDescription vmstate_dma = {
+ .name = "dma",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .minimum_version_id_old = 1,
+ .post_load = dma_post_load,
+ .fields = (VMStateField []) {
+ VMSTATE_UINT8(command, struct dma_cont),
+ VMSTATE_UINT8(mask, struct dma_cont),
+ VMSTATE_UINT8(flip_flop, struct dma_cont),
+ VMSTATE_INT32(dshift, struct dma_cont),
+ VMSTATE_STRUCT_ARRAY(regs, struct dma_cont, 4, 1, vmstate_dma_regs, struct dma_regs),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+void DMA_init(int high_page_enable, qemu_irq *cpu_request_exit)
+{
+ dma_init2(&dma_controllers[0], 0x00, 0, 0x80,
+ high_page_enable ? 0x480 : -1, cpu_request_exit);
+ dma_init2(&dma_controllers[1], 0xc0, 1, 0x88,
+ high_page_enable ? 0x488 : -1, cpu_request_exit);
+ vmstate_register (NULL, 0, &vmstate_dma, &dma_controllers[0]);
+ vmstate_register (NULL, 1, &vmstate_dma, &dma_controllers[1]);
+
+ dma_bh = qemu_bh_new(DMA_run_bh, NULL);
+}
diff --git a/hw/dma/omap_dma.c b/hw/dma/omap_dma.c
new file mode 100644
index 000000000..0e8cccd27
--- /dev/null
+++ b/hw/dma/omap_dma.c
@@ -0,0 +1,2102 @@
+/*
+ * TI OMAP DMA gigacell.
+ *
+ * Copyright (C) 2006-2008 Andrzej Zaborowski <balrog@zabor.org>
+ * Copyright (C) 2007-2008 Lauro Ramos Venancio <lauro.venancio@indt.org.br>
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License as
+ * published by the Free Software Foundation; either version 2 of
+ * the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+#include "qemu-common.h"
+#include "qemu/timer.h"
+#include "hw/arm/omap.h"
+#include "hw/irq.h"
+#include "hw/arm/soc_dma.h"
+
+struct omap_dma_channel_s {
+ /* transfer data */
+ int burst[2];
+ int pack[2];
+ int endian[2];
+ int endian_lock[2];
+ int translate[2];
+ enum omap_dma_port port[2];
+ hwaddr addr[2];
+ omap_dma_addressing_t mode[2];
+ uint32_t elements;
+ uint16_t frames;
+ int32_t frame_index[2];
+ int16_t element_index[2];
+ int data_type;
+
+ /* transfer type */
+ int transparent_copy;
+ int constant_fill;
+ uint32_t color;
+ int prefetch;
+
+ /* auto init and linked channel data */
+ int end_prog;
+ int repeat;
+ int auto_init;
+ int link_enabled;
+ int link_next_ch;
+
+ /* interruption data */
+ int interrupts;
+ int status;
+ int cstatus;
+
+ /* state data */
+ int active;
+ int enable;
+ int sync;
+ int src_sync;
+ int pending_request;
+ int waiting_end_prog;
+ uint16_t cpc;
+ int set_update;
+
+ /* sync type */
+ int fs;
+ int bs;
+
+ /* compatibility */
+ int omap_3_1_compatible_disable;
+
+ qemu_irq irq;
+ struct omap_dma_channel_s *sibling;
+
+ struct omap_dma_reg_set_s {
+ hwaddr src, dest;
+ int frame;
+ int element;
+ int pck_element;
+ int frame_delta[2];
+ int elem_delta[2];
+ int frames;
+ int elements;
+ int pck_elements;
+ } active_set;
+
+ struct soc_dma_ch_s *dma;
+
+ /* unused parameters */
+ int write_mode;
+ int priority;
+ int interleave_disabled;
+ int type;
+ int suspend;
+ int buf_disable;
+};
+
+struct omap_dma_s {
+ struct soc_dma_s *dma;
+ MemoryRegion iomem;
+
+ struct omap_mpu_state_s *mpu;
+ omap_clk clk;
+ qemu_irq irq[4];
+ void (*intr_update)(struct omap_dma_s *s);
+ enum omap_dma_model model;
+ int omap_3_1_mapping_disabled;
+
+ uint32_t gcr;
+ uint32_t ocp;
+ uint32_t caps[5];
+ uint32_t irqen[4];
+ uint32_t irqstat[4];
+
+ int chans;
+ struct omap_dma_channel_s ch[32];
+ struct omap_dma_lcd_channel_s lcd_ch;
+};
+
+/* Interrupts */
+#define TIMEOUT_INTR (1 << 0)
+#define EVENT_DROP_INTR (1 << 1)
+#define HALF_FRAME_INTR (1 << 2)
+#define END_FRAME_INTR (1 << 3)
+#define LAST_FRAME_INTR (1 << 4)
+#define END_BLOCK_INTR (1 << 5)
+#define SYNC (1 << 6)
+#define END_PKT_INTR (1 << 7)
+#define TRANS_ERR_INTR (1 << 8)
+#define MISALIGN_INTR (1 << 11)
+
+static inline void omap_dma_interrupts_update(struct omap_dma_s *s)
+{
+ return s->intr_update(s);
+}
+
+static void omap_dma_channel_load(struct omap_dma_channel_s *ch)
+{
+ struct omap_dma_reg_set_s *a = &ch->active_set;
+ int i, normal;
+ int omap_3_1 = !ch->omap_3_1_compatible_disable;
+
+ /*
+ * TODO: verify address ranges and alignment
+ * TODO: port endianness
+ */
+
+ a->src = ch->addr[0];
+ a->dest = ch->addr[1];
+ a->frames = ch->frames;
+ a->elements = ch->elements;
+ a->pck_elements = ch->frame_index[!ch->src_sync];
+ a->frame = 0;
+ a->element = 0;
+ a->pck_element = 0;
+
+ if (unlikely(!ch->elements || !ch->frames)) {
+ printf("%s: bad DMA request\n", __FUNCTION__);
+ return;
+ }
+
+ for (i = 0; i < 2; i ++)
+ switch (ch->mode[i]) {
+ case constant:
+ a->elem_delta[i] = 0;
+ a->frame_delta[i] = 0;
+ break;
+ case post_incremented:
+ a->elem_delta[i] = ch->data_type;
+ a->frame_delta[i] = 0;
+ break;
+ case single_index:
+ a->elem_delta[i] = ch->data_type +
+ ch->element_index[omap_3_1 ? 0 : i] - 1;
+ a->frame_delta[i] = 0;
+ break;
+ case double_index:
+ a->elem_delta[i] = ch->data_type +
+ ch->element_index[omap_3_1 ? 0 : i] - 1;
+ a->frame_delta[i] = ch->frame_index[omap_3_1 ? 0 : i] -
+ ch->element_index[omap_3_1 ? 0 : i];
+ break;
+ default:
+ break;
+ }
+
+ normal = !ch->transparent_copy && !ch->constant_fill &&
+ /* FIFO is big-endian so either (ch->endian[n] == 1) OR
+ * (ch->endian_lock[n] == 1) mean no endianism conversion. */
+ (ch->endian[0] | ch->endian_lock[0]) ==
+ (ch->endian[1] | ch->endian_lock[1]);
+ for (i = 0; i < 2; i ++) {
+ /* TODO: for a->frame_delta[i] > 0 still use the fast path, just
+ * limit min_elems in omap_dma_transfer_setup to the nearest frame
+ * end. */
+ if (!a->elem_delta[i] && normal &&
+ (a->frames == 1 || !a->frame_delta[i]))
+ ch->dma->type[i] = soc_dma_access_const;
+ else if (a->elem_delta[i] == ch->data_type && normal &&
+ (a->frames == 1 || !a->frame_delta[i]))
+ ch->dma->type[i] = soc_dma_access_linear;
+ else
+ ch->dma->type[i] = soc_dma_access_other;
+
+ ch->dma->vaddr[i] = ch->addr[i];
+ }
+ soc_dma_ch_update(ch->dma);
+}
+
+static void omap_dma_activate_channel(struct omap_dma_s *s,
+ struct omap_dma_channel_s *ch)
+{
+ if (!ch->active) {
+ if (ch->set_update) {
+ /* It's not clear when the active set is supposed to be
+ * loaded from registers. We're already loading it when the
+ * channel is enabled, and for some guests this is not enough
+ * but that may be also because of a race condition (no
+ * delays in qemu) in the guest code, which we're just
+ * working around here. */
+ omap_dma_channel_load(ch);
+ ch->set_update = 0;
+ }
+
+ ch->active = 1;
+ soc_dma_set_request(ch->dma, 1);
+ if (ch->sync)
+ ch->status |= SYNC;
+ }
+}
+
+static void omap_dma_deactivate_channel(struct omap_dma_s *s,
+ struct omap_dma_channel_s *ch)
+{
+ /* Update cpc */
+ ch->cpc = ch->active_set.dest & 0xffff;
+
+ if (ch->pending_request && !ch->waiting_end_prog && ch->enable) {
+ /* Don't deactivate the channel */
+ ch->pending_request = 0;
+ return;
+ }
+
+ /* Don't deactive the channel if it is synchronized and the DMA request is
+ active */
+ if (ch->sync && ch->enable && (s->dma->drqbmp & (1ULL << ch->sync)))
+ return;
+
+ if (ch->active) {
+ ch->active = 0;
+ ch->status &= ~SYNC;
+ soc_dma_set_request(ch->dma, 0);
+ }
+}
+
+static void omap_dma_enable_channel(struct omap_dma_s *s,
+ struct omap_dma_channel_s *ch)
+{
+ if (!ch->enable) {
+ ch->enable = 1;
+ ch->waiting_end_prog = 0;
+ omap_dma_channel_load(ch);
+ /* TODO: theoretically if ch->sync && ch->prefetch &&
+ * !s->dma->drqbmp[ch->sync], we should also activate and fetch
+ * from source and then stall until signalled. */
+ if ((!ch->sync) || (s->dma->drqbmp & (1ULL << ch->sync))) {
+ omap_dma_activate_channel(s, ch);
+ }
+ }
+}
+
+static void omap_dma_disable_channel(struct omap_dma_s *s,
+ struct omap_dma_channel_s *ch)
+{
+ if (ch->enable) {
+ ch->enable = 0;
+ /* Discard any pending request */
+ ch->pending_request = 0;
+ omap_dma_deactivate_channel(s, ch);
+ }
+}
+
+static void omap_dma_channel_end_prog(struct omap_dma_s *s,
+ struct omap_dma_channel_s *ch)
+{
+ if (ch->waiting_end_prog) {
+ ch->waiting_end_prog = 0;
+ if (!ch->sync || ch->pending_request) {
+ ch->pending_request = 0;
+ omap_dma_activate_channel(s, ch);
+ }
+ }
+}
+
+static void omap_dma_interrupts_3_1_update(struct omap_dma_s *s)
+{
+ struct omap_dma_channel_s *ch = s->ch;
+
+ /* First three interrupts are shared between two channels each. */
+ if (ch[0].status | ch[6].status)
+ qemu_irq_raise(ch[0].irq);
+ if (ch[1].status | ch[7].status)
+ qemu_irq_raise(ch[1].irq);
+ if (ch[2].status | ch[8].status)
+ qemu_irq_raise(ch[2].irq);
+ if (ch[3].status)
+ qemu_irq_raise(ch[3].irq);
+ if (ch[4].status)
+ qemu_irq_raise(ch[4].irq);
+ if (ch[5].status)
+ qemu_irq_raise(ch[5].irq);
+}
+
+static void omap_dma_interrupts_3_2_update(struct omap_dma_s *s)
+{
+ struct omap_dma_channel_s *ch = s->ch;
+ int i;
+
+ for (i = s->chans; i; ch ++, i --)
+ if (ch->status)
+ qemu_irq_raise(ch->irq);
+}
+
+static void omap_dma_enable_3_1_mapping(struct omap_dma_s *s)
+{
+ s->omap_3_1_mapping_disabled = 0;
+ s->chans = 9;
+ s->intr_update = omap_dma_interrupts_3_1_update;
+}
+
+static void omap_dma_disable_3_1_mapping(struct omap_dma_s *s)
+{
+ s->omap_3_1_mapping_disabled = 1;
+ s->chans = 16;
+ s->intr_update = omap_dma_interrupts_3_2_update;
+}
+
+static void omap_dma_process_request(struct omap_dma_s *s, int request)
+{
+ int channel;
+ int drop_event = 0;
+ struct omap_dma_channel_s *ch = s->ch;
+
+ for (channel = 0; channel < s->chans; channel ++, ch ++) {
+ if (ch->enable && ch->sync == request) {
+ if (!ch->active)
+ omap_dma_activate_channel(s, ch);
+ else if (!ch->pending_request)
+ ch->pending_request = 1;
+ else {
+ /* Request collision */
+ /* Second request received while processing other request */
+ ch->status |= EVENT_DROP_INTR;
+ drop_event = 1;
+ }
+ }
+ }
+
+ if (drop_event)
+ omap_dma_interrupts_update(s);
+}
+
+static void omap_dma_transfer_generic(struct soc_dma_ch_s *dma)
+{
+ uint8_t value[4];
+ struct omap_dma_channel_s *ch = dma->opaque;
+ struct omap_dma_reg_set_s *a = &ch->active_set;
+ int bytes = dma->bytes;
+#ifdef MULTI_REQ
+ uint16_t status = ch->status;
+#endif
+
+ do {
+ /* Transfer a single element */
+ /* FIXME: check the endianness */
+ if (!ch->constant_fill)
+ cpu_physical_memory_read(a->src, value, ch->data_type);
+ else
+ *(uint32_t *) value = ch->color;
+
+ if (!ch->transparent_copy || *(uint32_t *) value != ch->color)
+ cpu_physical_memory_write(a->dest, value, ch->data_type);
+
+ a->src += a->elem_delta[0];
+ a->dest += a->elem_delta[1];
+ a->element ++;
+
+#ifndef MULTI_REQ
+ if (a->element == a->elements) {
+ /* End of Frame */
+ a->element = 0;
+ a->src += a->frame_delta[0];
+ a->dest += a->frame_delta[1];
+ a->frame ++;
+
+ /* If the channel is async, update cpc */
+ if (!ch->sync)
+ ch->cpc = a->dest & 0xffff;
+ }
+ } while ((bytes -= ch->data_type));
+#else
+ /* If the channel is element synchronized, deactivate it */
+ if (ch->sync && !ch->fs && !ch->bs)
+ omap_dma_deactivate_channel(s, ch);
+
+ /* If it is the last frame, set the LAST_FRAME interrupt */
+ if (a->element == 1 && a->frame == a->frames - 1)
+ if (ch->interrupts & LAST_FRAME_INTR)
+ ch->status |= LAST_FRAME_INTR;
+
+ /* If the half of the frame was reached, set the HALF_FRAME
+ interrupt */
+ if (a->element == (a->elements >> 1))
+ if (ch->interrupts & HALF_FRAME_INTR)
+ ch->status |= HALF_FRAME_INTR;
+
+ if (ch->fs && ch->bs) {
+ a->pck_element ++;
+ /* Check if a full packet has beed transferred. */
+ if (a->pck_element == a->pck_elements) {
+ a->pck_element = 0;
+
+ /* Set the END_PKT interrupt */
+ if ((ch->interrupts & END_PKT_INTR) && !ch->src_sync)
+ ch->status |= END_PKT_INTR;
+
+ /* If the channel is packet-synchronized, deactivate it */
+ if (ch->sync)
+ omap_dma_deactivate_channel(s, ch);
+ }
+ }
+
+ if (a->element == a->elements) {
+ /* End of Frame */
+ a->element = 0;
+ a->src += a->frame_delta[0];
+ a->dest += a->frame_delta[1];
+ a->frame ++;
+
+ /* If the channel is frame synchronized, deactivate it */
+ if (ch->sync && ch->fs && !ch->bs)
+ omap_dma_deactivate_channel(s, ch);
+
+ /* If the channel is async, update cpc */
+ if (!ch->sync)
+ ch->cpc = a->dest & 0xffff;
+
+ /* Set the END_FRAME interrupt */
+ if (ch->interrupts & END_FRAME_INTR)
+ ch->status |= END_FRAME_INTR;
+
+ if (a->frame == a->frames) {
+ /* End of Block */
+ /* Disable the channel */
+
+ if (ch->omap_3_1_compatible_disable) {
+ omap_dma_disable_channel(s, ch);
+ if (ch->link_enabled)
+ omap_dma_enable_channel(s,
+ &s->ch[ch->link_next_ch]);
+ } else {
+ if (!ch->auto_init)
+ omap_dma_disable_channel(s, ch);
+ else if (ch->repeat || ch->end_prog)
+ omap_dma_channel_load(ch);
+ else {
+ ch->waiting_end_prog = 1;
+ omap_dma_deactivate_channel(s, ch);
+ }
+ }
+
+ if (ch->interrupts & END_BLOCK_INTR)
+ ch->status |= END_BLOCK_INTR;
+ }
+ }
+ } while (status == ch->status && ch->active);
+
+ omap_dma_interrupts_update(s);
+#endif
+}
+
+enum {
+ omap_dma_intr_element_sync,
+ omap_dma_intr_last_frame,
+ omap_dma_intr_half_frame,
+ omap_dma_intr_frame,
+ omap_dma_intr_frame_sync,
+ omap_dma_intr_packet,
+ omap_dma_intr_packet_sync,
+ omap_dma_intr_block,
+ __omap_dma_intr_last,
+};
+
+static void omap_dma_transfer_setup(struct soc_dma_ch_s *dma)
+{
+ struct omap_dma_port_if_s *src_p, *dest_p;
+ struct omap_dma_reg_set_s *a;
+ struct omap_dma_channel_s *ch = dma->opaque;
+ struct omap_dma_s *s = dma->dma->opaque;
+ int frames, min_elems, elements[__omap_dma_intr_last];
+
+ a = &ch->active_set;
+
+ src_p = &s->mpu->port[ch->port[0]];
+ dest_p = &s->mpu->port[ch->port[1]];
+ if ((!ch->constant_fill && !src_p->addr_valid(s->mpu, a->src)) ||
+ (!dest_p->addr_valid(s->mpu, a->dest))) {
+#if 0
+ /* Bus time-out */
+ if (ch->interrupts & TIMEOUT_INTR)
+ ch->status |= TIMEOUT_INTR;
+ omap_dma_deactivate_channel(s, ch);
+ continue;
+#endif
+ printf("%s: Bus time-out in DMA%i operation\n",
+ __FUNCTION__, dma->num);
+ }
+
+ min_elems = INT_MAX;
+
+ /* Check all the conditions that terminate the transfer starting
+ * with those that can occur the soonest. */
+#define INTR_CHECK(cond, id, nelements) \
+ if (cond) { \
+ elements[id] = nelements; \
+ if (elements[id] < min_elems) \
+ min_elems = elements[id]; \
+ } else \
+ elements[id] = INT_MAX;
+
+ /* Elements */
+ INTR_CHECK(
+ ch->sync && !ch->fs && !ch->bs,
+ omap_dma_intr_element_sync,
+ 1)
+
+ /* Frames */
+ /* TODO: for transfers where entire frames can be read and written
+ * using memcpy() but a->frame_delta is non-zero, try to still do
+ * transfers using soc_dma but limit min_elems to a->elements - ...
+ * See also the TODO in omap_dma_channel_load. */
+ INTR_CHECK(
+ (ch->interrupts & LAST_FRAME_INTR) &&
+ ((a->frame < a->frames - 1) || !a->element),
+ omap_dma_intr_last_frame,
+ (a->frames - a->frame - 2) * a->elements +
+ (a->elements - a->element + 1))
+ INTR_CHECK(
+ ch->interrupts & HALF_FRAME_INTR,
+ omap_dma_intr_half_frame,
+ (a->elements >> 1) +
+ (a->element >= (a->elements >> 1) ? a->elements : 0) -
+ a->element)
+ INTR_CHECK(
+ ch->sync && ch->fs && (ch->interrupts & END_FRAME_INTR),
+ omap_dma_intr_frame,
+ a->elements - a->element)
+ INTR_CHECK(
+ ch->sync && ch->fs && !ch->bs,
+ omap_dma_intr_frame_sync,
+ a->elements - a->element)
+
+ /* Packets */
+ INTR_CHECK(
+ ch->fs && ch->bs &&
+ (ch->interrupts & END_PKT_INTR) && !ch->src_sync,
+ omap_dma_intr_packet,
+ a->pck_elements - a->pck_element)
+ INTR_CHECK(
+ ch->fs && ch->bs && ch->sync,
+ omap_dma_intr_packet_sync,
+ a->pck_elements - a->pck_element)
+
+ /* Blocks */
+ INTR_CHECK(
+ 1,
+ omap_dma_intr_block,
+ (a->frames - a->frame - 1) * a->elements +
+ (a->elements - a->element))
+
+ dma->bytes = min_elems * ch->data_type;
+
+ /* Set appropriate interrupts and/or deactivate channels */
+
+#ifdef MULTI_REQ
+ /* TODO: should all of this only be done if dma->update, and otherwise
+ * inside omap_dma_transfer_generic below - check what's faster. */
+ if (dma->update) {
+#endif
+
+ /* If the channel is element synchronized, deactivate it */
+ if (min_elems == elements[omap_dma_intr_element_sync])
+ omap_dma_deactivate_channel(s, ch);
+
+ /* If it is the last frame, set the LAST_FRAME interrupt */
+ if (min_elems == elements[omap_dma_intr_last_frame])
+ ch->status |= LAST_FRAME_INTR;
+
+ /* If exactly half of the frame was reached, set the HALF_FRAME
+ interrupt */
+ if (min_elems == elements[omap_dma_intr_half_frame])
+ ch->status |= HALF_FRAME_INTR;
+
+ /* If a full packet has been transferred, set the END_PKT interrupt */
+ if (min_elems == elements[omap_dma_intr_packet])
+ ch->status |= END_PKT_INTR;
+
+ /* If the channel is packet-synchronized, deactivate it */
+ if (min_elems == elements[omap_dma_intr_packet_sync])
+ omap_dma_deactivate_channel(s, ch);
+
+ /* If the channel is frame synchronized, deactivate it */
+ if (min_elems == elements[omap_dma_intr_frame_sync])
+ omap_dma_deactivate_channel(s, ch);
+
+ /* Set the END_FRAME interrupt */
+ if (min_elems == elements[omap_dma_intr_frame])
+ ch->status |= END_FRAME_INTR;
+
+ if (min_elems == elements[omap_dma_intr_block]) {
+ /* End of Block */
+ /* Disable the channel */
+
+ if (ch->omap_3_1_compatible_disable) {
+ omap_dma_disable_channel(s, ch);
+ if (ch->link_enabled)
+ omap_dma_enable_channel(s, &s->ch[ch->link_next_ch]);
+ } else {
+ if (!ch->auto_init)
+ omap_dma_disable_channel(s, ch);
+ else if (ch->repeat || ch->end_prog)
+ omap_dma_channel_load(ch);
+ else {
+ ch->waiting_end_prog = 1;
+ omap_dma_deactivate_channel(s, ch);
+ }
+ }
+
+ if (ch->interrupts & END_BLOCK_INTR)
+ ch->status |= END_BLOCK_INTR;
+ }
+
+ /* Update packet number */
+ if (ch->fs && ch->bs) {
+ a->pck_element += min_elems;
+ a->pck_element %= a->pck_elements;
+ }
+
+ /* TODO: check if we really need to update anything here or perhaps we
+ * can skip part of this. */
+#ifndef MULTI_REQ
+ if (dma->update) {
+#endif
+ a->element += min_elems;
+
+ frames = a->element / a->elements;
+ a->element = a->element % a->elements;
+ a->frame += frames;
+ a->src += min_elems * a->elem_delta[0] + frames * a->frame_delta[0];
+ a->dest += min_elems * a->elem_delta[1] + frames * a->frame_delta[1];
+
+ /* If the channel is async, update cpc */
+ if (!ch->sync && frames)
+ ch->cpc = a->dest & 0xffff;
+
+ /* TODO: if the destination port is IMIF or EMIFF, set the dirty
+ * bits on it. */
+#ifndef MULTI_REQ
+ }
+#else
+ }
+#endif
+
+ omap_dma_interrupts_update(s);
+}
+
+void omap_dma_reset(struct soc_dma_s *dma)
+{
+ int i;
+ struct omap_dma_s *s = dma->opaque;
+
+ soc_dma_reset(s->dma);
+ if (s->model < omap_dma_4)
+ s->gcr = 0x0004;
+ else
+ s->gcr = 0x00010010;
+ s->ocp = 0x00000000;
+ memset(&s->irqstat, 0, sizeof(s->irqstat));
+ memset(&s->irqen, 0, sizeof(s->irqen));
+ s->lcd_ch.src = emiff;
+ s->lcd_ch.condition = 0;
+ s->lcd_ch.interrupts = 0;
+ s->lcd_ch.dual = 0;
+ if (s->model < omap_dma_4)
+ omap_dma_enable_3_1_mapping(s);
+ for (i = 0; i < s->chans; i ++) {
+ s->ch[i].suspend = 0;
+ s->ch[i].prefetch = 0;
+ s->ch[i].buf_disable = 0;
+ s->ch[i].src_sync = 0;
+ memset(&s->ch[i].burst, 0, sizeof(s->ch[i].burst));
+ memset(&s->ch[i].port, 0, sizeof(s->ch[i].port));
+ memset(&s->ch[i].mode, 0, sizeof(s->ch[i].mode));
+ memset(&s->ch[i].frame_index, 0, sizeof(s->ch[i].frame_index));
+ memset(&s->ch[i].element_index, 0, sizeof(s->ch[i].element_index));
+ memset(&s->ch[i].endian, 0, sizeof(s->ch[i].endian));
+ memset(&s->ch[i].endian_lock, 0, sizeof(s->ch[i].endian_lock));
+ memset(&s->ch[i].translate, 0, sizeof(s->ch[i].translate));
+ s->ch[i].write_mode = 0;
+ s->ch[i].data_type = 0;
+ s->ch[i].transparent_copy = 0;
+ s->ch[i].constant_fill = 0;
+ s->ch[i].color = 0x00000000;
+ s->ch[i].end_prog = 0;
+ s->ch[i].repeat = 0;
+ s->ch[i].auto_init = 0;
+ s->ch[i].link_enabled = 0;
+ if (s->model < omap_dma_4)
+ s->ch[i].interrupts = 0x0003;
+ else
+ s->ch[i].interrupts = 0x0000;
+ s->ch[i].status = 0;
+ s->ch[i].cstatus = 0;
+ s->ch[i].active = 0;
+ s->ch[i].enable = 0;
+ s->ch[i].sync = 0;
+ s->ch[i].pending_request = 0;
+ s->ch[i].waiting_end_prog = 0;
+ s->ch[i].cpc = 0x0000;
+ s->ch[i].fs = 0;
+ s->ch[i].bs = 0;
+ s->ch[i].omap_3_1_compatible_disable = 0;
+ memset(&s->ch[i].active_set, 0, sizeof(s->ch[i].active_set));
+ s->ch[i].priority = 0;
+ s->ch[i].interleave_disabled = 0;
+ s->ch[i].type = 0;
+ }
+}
+
+static int omap_dma_ch_reg_read(struct omap_dma_s *s,
+ struct omap_dma_channel_s *ch, int reg, uint16_t *value)
+{
+ switch (reg) {
+ case 0x00: /* SYS_DMA_CSDP_CH0 */
+ *value = (ch->burst[1] << 14) |
+ (ch->pack[1] << 13) |
+ (ch->port[1] << 9) |
+ (ch->burst[0] << 7) |
+ (ch->pack[0] << 6) |
+ (ch->port[0] << 2) |
+ (ch->data_type >> 1);
+ break;
+
+ case 0x02: /* SYS_DMA_CCR_CH0 */
+ if (s->model <= omap_dma_3_1)
+ *value = 0 << 10; /* FIFO_FLUSH reads as 0 */
+ else
+ *value = ch->omap_3_1_compatible_disable << 10;
+ *value |= (ch->mode[1] << 14) |
+ (ch->mode[0] << 12) |
+ (ch->end_prog << 11) |
+ (ch->repeat << 9) |
+ (ch->auto_init << 8) |
+ (ch->enable << 7) |
+ (ch->priority << 6) |
+ (ch->fs << 5) | ch->sync;
+ break;
+
+ case 0x04: /* SYS_DMA_CICR_CH0 */
+ *value = ch->interrupts;
+ break;
+
+ case 0x06: /* SYS_DMA_CSR_CH0 */
+ *value = ch->status;
+ ch->status &= SYNC;
+ if (!ch->omap_3_1_compatible_disable && ch->sibling) {
+ *value |= (ch->sibling->status & 0x3f) << 6;
+ ch->sibling->status &= SYNC;
+ }
+ qemu_irq_lower(ch->irq);
+ break;
+
+ case 0x08: /* SYS_DMA_CSSA_L_CH0 */
+ *value = ch->addr[0] & 0x0000ffff;
+ break;
+
+ case 0x0a: /* SYS_DMA_CSSA_U_CH0 */
+ *value = ch->addr[0] >> 16;
+ break;
+
+ case 0x0c: /* SYS_DMA_CDSA_L_CH0 */
+ *value = ch->addr[1] & 0x0000ffff;
+ break;
+
+ case 0x0e: /* SYS_DMA_CDSA_U_CH0 */
+ *value = ch->addr[1] >> 16;
+ break;
+
+ case 0x10: /* SYS_DMA_CEN_CH0 */
+ *value = ch->elements;
+ break;
+
+ case 0x12: /* SYS_DMA_CFN_CH0 */
+ *value = ch->frames;
+ break;
+
+ case 0x14: /* SYS_DMA_CFI_CH0 */
+ *value = ch->frame_index[0];
+ break;
+
+ case 0x16: /* SYS_DMA_CEI_CH0 */
+ *value = ch->element_index[0];
+ break;
+
+ case 0x18: /* SYS_DMA_CPC_CH0 or DMA_CSAC */
+ if (ch->omap_3_1_compatible_disable)
+ *value = ch->active_set.src & 0xffff; /* CSAC */
+ else
+ *value = ch->cpc;
+ break;
+
+ case 0x1a: /* DMA_CDAC */
+ *value = ch->active_set.dest & 0xffff; /* CDAC */
+ break;
+
+ case 0x1c: /* DMA_CDEI */
+ *value = ch->element_index[1];
+ break;
+
+ case 0x1e: /* DMA_CDFI */
+ *value = ch->frame_index[1];
+ break;
+
+ case 0x20: /* DMA_COLOR_L */
+ *value = ch->color & 0xffff;
+ break;
+
+ case 0x22: /* DMA_COLOR_U */
+ *value = ch->color >> 16;
+ break;
+
+ case 0x24: /* DMA_CCR2 */
+ *value = (ch->bs << 2) |
+ (ch->transparent_copy << 1) |
+ ch->constant_fill;
+ break;
+
+ case 0x28: /* DMA_CLNK_CTRL */
+ *value = (ch->link_enabled << 15) |
+ (ch->link_next_ch & 0xf);
+ break;
+
+ case 0x2a: /* DMA_LCH_CTRL */
+ *value = (ch->interleave_disabled << 15) |
+ ch->type;
+ break;
+
+ default:
+ return 1;
+ }
+ return 0;
+}
+
+static int omap_dma_ch_reg_write(struct omap_dma_s *s,
+ struct omap_dma_channel_s *ch, int reg, uint16_t value)
+{
+ switch (reg) {
+ case 0x00: /* SYS_DMA_CSDP_CH0 */
+ ch->burst[1] = (value & 0xc000) >> 14;
+ ch->pack[1] = (value & 0x2000) >> 13;
+ ch->port[1] = (enum omap_dma_port) ((value & 0x1e00) >> 9);
+ ch->burst[0] = (value & 0x0180) >> 7;
+ ch->pack[0] = (value & 0x0040) >> 6;
+ ch->port[0] = (enum omap_dma_port) ((value & 0x003c) >> 2);
+ ch->data_type = 1 << (value & 3);
+ if (ch->port[0] >= __omap_dma_port_last)
+ printf("%s: invalid DMA port %i\n", __FUNCTION__,
+ ch->port[0]);
+ if (ch->port[1] >= __omap_dma_port_last)
+ printf("%s: invalid DMA port %i\n", __FUNCTION__,
+ ch->port[1]);
+ if ((value & 3) == 3)
+ printf("%s: bad data_type for DMA channel\n", __FUNCTION__);
+ break;
+
+ case 0x02: /* SYS_DMA_CCR_CH0 */
+ ch->mode[1] = (omap_dma_addressing_t) ((value & 0xc000) >> 14);
+ ch->mode[0] = (omap_dma_addressing_t) ((value & 0x3000) >> 12);
+ ch->end_prog = (value & 0x0800) >> 11;
+ if (s->model >= omap_dma_3_2)
+ ch->omap_3_1_compatible_disable = (value >> 10) & 0x1;
+ ch->repeat = (value & 0x0200) >> 9;
+ ch->auto_init = (value & 0x0100) >> 8;
+ ch->priority = (value & 0x0040) >> 6;
+ ch->fs = (value & 0x0020) >> 5;
+ ch->sync = value & 0x001f;
+
+ if (value & 0x0080)
+ omap_dma_enable_channel(s, ch);
+ else
+ omap_dma_disable_channel(s, ch);
+
+ if (ch->end_prog)
+ omap_dma_channel_end_prog(s, ch);
+
+ break;
+
+ case 0x04: /* SYS_DMA_CICR_CH0 */
+ ch->interrupts = value & 0x3f;
+ break;
+
+ case 0x06: /* SYS_DMA_CSR_CH0 */
+ OMAP_RO_REG((hwaddr) reg);
+ break;
+
+ case 0x08: /* SYS_DMA_CSSA_L_CH0 */
+ ch->addr[0] &= 0xffff0000;
+ ch->addr[0] |= value;
+ break;
+
+ case 0x0a: /* SYS_DMA_CSSA_U_CH0 */
+ ch->addr[0] &= 0x0000ffff;
+ ch->addr[0] |= (uint32_t) value << 16;
+ break;
+
+ case 0x0c: /* SYS_DMA_CDSA_L_CH0 */
+ ch->addr[1] &= 0xffff0000;
+ ch->addr[1] |= value;
+ break;
+
+ case 0x0e: /* SYS_DMA_CDSA_U_CH0 */
+ ch->addr[1] &= 0x0000ffff;
+ ch->addr[1] |= (uint32_t) value << 16;
+ break;
+
+ case 0x10: /* SYS_DMA_CEN_CH0 */
+ ch->elements = value;
+ break;
+
+ case 0x12: /* SYS_DMA_CFN_CH0 */
+ ch->frames = value;
+ break;
+
+ case 0x14: /* SYS_DMA_CFI_CH0 */
+ ch->frame_index[0] = (int16_t) value;
+ break;
+
+ case 0x16: /* SYS_DMA_CEI_CH0 */
+ ch->element_index[0] = (int16_t) value;
+ break;
+
+ case 0x18: /* SYS_DMA_CPC_CH0 or DMA_CSAC */
+ OMAP_RO_REG((hwaddr) reg);
+ break;
+
+ case 0x1c: /* DMA_CDEI */
+ ch->element_index[1] = (int16_t) value;
+ break;
+
+ case 0x1e: /* DMA_CDFI */
+ ch->frame_index[1] = (int16_t) value;
+ break;
+
+ case 0x20: /* DMA_COLOR_L */
+ ch->color &= 0xffff0000;
+ ch->color |= value;
+ break;
+
+ case 0x22: /* DMA_COLOR_U */
+ ch->color &= 0xffff;
+ ch->color |= value << 16;
+ break;
+
+ case 0x24: /* DMA_CCR2 */
+ ch->bs = (value >> 2) & 0x1;
+ ch->transparent_copy = (value >> 1) & 0x1;
+ ch->constant_fill = value & 0x1;
+ break;
+
+ case 0x28: /* DMA_CLNK_CTRL */
+ ch->link_enabled = (value >> 15) & 0x1;
+ if (value & (1 << 14)) { /* Stop_Lnk */
+ ch->link_enabled = 0;
+ omap_dma_disable_channel(s, ch);
+ }
+ ch->link_next_ch = value & 0x1f;
+ break;
+
+ case 0x2a: /* DMA_LCH_CTRL */
+ ch->interleave_disabled = (value >> 15) & 0x1;
+ ch->type = value & 0xf;
+ break;
+
+ default:
+ return 1;
+ }
+ return 0;
+}
+
+static int omap_dma_3_2_lcd_write(struct omap_dma_lcd_channel_s *s, int offset,
+ uint16_t value)
+{
+ switch (offset) {
+ case 0xbc0: /* DMA_LCD_CSDP */
+ s->brust_f2 = (value >> 14) & 0x3;
+ s->pack_f2 = (value >> 13) & 0x1;
+ s->data_type_f2 = (1 << ((value >> 11) & 0x3));
+ s->brust_f1 = (value >> 7) & 0x3;
+ s->pack_f1 = (value >> 6) & 0x1;
+ s->data_type_f1 = (1 << ((value >> 0) & 0x3));
+ break;
+
+ case 0xbc2: /* DMA_LCD_CCR */
+ s->mode_f2 = (value >> 14) & 0x3;
+ s->mode_f1 = (value >> 12) & 0x3;
+ s->end_prog = (value >> 11) & 0x1;
+ s->omap_3_1_compatible_disable = (value >> 10) & 0x1;
+ s->repeat = (value >> 9) & 0x1;
+ s->auto_init = (value >> 8) & 0x1;
+ s->running = (value >> 7) & 0x1;
+ s->priority = (value >> 6) & 0x1;
+ s->bs = (value >> 4) & 0x1;
+ break;
+
+ case 0xbc4: /* DMA_LCD_CTRL */
+ s->dst = (value >> 8) & 0x1;
+ s->src = ((value >> 6) & 0x3) << 1;
+ s->condition = 0;
+ /* Assume no bus errors and thus no BUS_ERROR irq bits. */
+ s->interrupts = (value >> 1) & 1;
+ s->dual = value & 1;
+ break;
+
+ case 0xbc8: /* TOP_B1_L */
+ s->src_f1_top &= 0xffff0000;
+ s->src_f1_top |= 0x0000ffff & value;
+ break;
+
+ case 0xbca: /* TOP_B1_U */
+ s->src_f1_top &= 0x0000ffff;
+ s->src_f1_top |= value << 16;
+ break;
+
+ case 0xbcc: /* BOT_B1_L */
+ s->src_f1_bottom &= 0xffff0000;
+ s->src_f1_bottom |= 0x0000ffff & value;
+ break;
+
+ case 0xbce: /* BOT_B1_U */
+ s->src_f1_bottom &= 0x0000ffff;
+ s->src_f1_bottom |= (uint32_t) value << 16;
+ break;
+
+ case 0xbd0: /* TOP_B2_L */
+ s->src_f2_top &= 0xffff0000;
+ s->src_f2_top |= 0x0000ffff & value;
+ break;
+
+ case 0xbd2: /* TOP_B2_U */
+ s->src_f2_top &= 0x0000ffff;
+ s->src_f2_top |= (uint32_t) value << 16;
+ break;
+
+ case 0xbd4: /* BOT_B2_L */
+ s->src_f2_bottom &= 0xffff0000;
+ s->src_f2_bottom |= 0x0000ffff & value;
+ break;
+
+ case 0xbd6: /* BOT_B2_U */
+ s->src_f2_bottom &= 0x0000ffff;
+ s->src_f2_bottom |= (uint32_t) value << 16;
+ break;
+
+ case 0xbd8: /* DMA_LCD_SRC_EI_B1 */
+ s->element_index_f1 = value;
+ break;
+
+ case 0xbda: /* DMA_LCD_SRC_FI_B1_L */
+ s->frame_index_f1 &= 0xffff0000;
+ s->frame_index_f1 |= 0x0000ffff & value;
+ break;
+
+ case 0xbf4: /* DMA_LCD_SRC_FI_B1_U */
+ s->frame_index_f1 &= 0x0000ffff;
+ s->frame_index_f1 |= (uint32_t) value << 16;
+ break;
+
+ case 0xbdc: /* DMA_LCD_SRC_EI_B2 */
+ s->element_index_f2 = value;
+ break;
+
+ case 0xbde: /* DMA_LCD_SRC_FI_B2_L */
+ s->frame_index_f2 &= 0xffff0000;
+ s->frame_index_f2 |= 0x0000ffff & value;
+ break;
+
+ case 0xbf6: /* DMA_LCD_SRC_FI_B2_U */
+ s->frame_index_f2 &= 0x0000ffff;
+ s->frame_index_f2 |= (uint32_t) value << 16;
+ break;
+
+ case 0xbe0: /* DMA_LCD_SRC_EN_B1 */
+ s->elements_f1 = value;
+ break;
+
+ case 0xbe4: /* DMA_LCD_SRC_FN_B1 */
+ s->frames_f1 = value;
+ break;
+
+ case 0xbe2: /* DMA_LCD_SRC_EN_B2 */
+ s->elements_f2 = value;
+ break;
+
+ case 0xbe6: /* DMA_LCD_SRC_FN_B2 */
+ s->frames_f2 = value;
+ break;
+
+ case 0xbea: /* DMA_LCD_LCH_CTRL */
+ s->lch_type = value & 0xf;
+ break;
+
+ default:
+ return 1;
+ }
+ return 0;
+}
+
+static int omap_dma_3_2_lcd_read(struct omap_dma_lcd_channel_s *s, int offset,
+ uint16_t *ret)
+{
+ switch (offset) {
+ case 0xbc0: /* DMA_LCD_CSDP */
+ *ret = (s->brust_f2 << 14) |
+ (s->pack_f2 << 13) |
+ ((s->data_type_f2 >> 1) << 11) |
+ (s->brust_f1 << 7) |
+ (s->pack_f1 << 6) |
+ ((s->data_type_f1 >> 1) << 0);
+ break;
+
+ case 0xbc2: /* DMA_LCD_CCR */
+ *ret = (s->mode_f2 << 14) |
+ (s->mode_f1 << 12) |
+ (s->end_prog << 11) |
+ (s->omap_3_1_compatible_disable << 10) |
+ (s->repeat << 9) |
+ (s->auto_init << 8) |
+ (s->running << 7) |
+ (s->priority << 6) |
+ (s->bs << 4);
+ break;
+
+ case 0xbc4: /* DMA_LCD_CTRL */
+ qemu_irq_lower(s->irq);
+ *ret = (s->dst << 8) |
+ ((s->src & 0x6) << 5) |
+ (s->condition << 3) |
+ (s->interrupts << 1) |
+ s->dual;
+ break;
+
+ case 0xbc8: /* TOP_B1_L */
+ *ret = s->src_f1_top & 0xffff;
+ break;
+
+ case 0xbca: /* TOP_B1_U */
+ *ret = s->src_f1_top >> 16;
+ break;
+
+ case 0xbcc: /* BOT_B1_L */
+ *ret = s->src_f1_bottom & 0xffff;
+ break;
+
+ case 0xbce: /* BOT_B1_U */
+ *ret = s->src_f1_bottom >> 16;
+ break;
+
+ case 0xbd0: /* TOP_B2_L */
+ *ret = s->src_f2_top & 0xffff;
+ break;
+
+ case 0xbd2: /* TOP_B2_U */
+ *ret = s->src_f2_top >> 16;
+ break;
+
+ case 0xbd4: /* BOT_B2_L */
+ *ret = s->src_f2_bottom & 0xffff;
+ break;
+
+ case 0xbd6: /* BOT_B2_U */
+ *ret = s->src_f2_bottom >> 16;
+ break;
+
+ case 0xbd8: /* DMA_LCD_SRC_EI_B1 */
+ *ret = s->element_index_f1;
+ break;
+
+ case 0xbda: /* DMA_LCD_SRC_FI_B1_L */
+ *ret = s->frame_index_f1 & 0xffff;
+ break;
+
+ case 0xbf4: /* DMA_LCD_SRC_FI_B1_U */
+ *ret = s->frame_index_f1 >> 16;
+ break;
+
+ case 0xbdc: /* DMA_LCD_SRC_EI_B2 */
+ *ret = s->element_index_f2;
+ break;
+
+ case 0xbde: /* DMA_LCD_SRC_FI_B2_L */
+ *ret = s->frame_index_f2 & 0xffff;
+ break;
+
+ case 0xbf6: /* DMA_LCD_SRC_FI_B2_U */
+ *ret = s->frame_index_f2 >> 16;
+ break;
+
+ case 0xbe0: /* DMA_LCD_SRC_EN_B1 */
+ *ret = s->elements_f1;
+ break;
+
+ case 0xbe4: /* DMA_LCD_SRC_FN_B1 */
+ *ret = s->frames_f1;
+ break;
+
+ case 0xbe2: /* DMA_LCD_SRC_EN_B2 */
+ *ret = s->elements_f2;
+ break;
+
+ case 0xbe6: /* DMA_LCD_SRC_FN_B2 */
+ *ret = s->frames_f2;
+ break;
+
+ case 0xbea: /* DMA_LCD_LCH_CTRL */
+ *ret = s->lch_type;
+ break;
+
+ default:
+ return 1;
+ }
+ return 0;
+}
+
+static int omap_dma_3_1_lcd_write(struct omap_dma_lcd_channel_s *s, int offset,
+ uint16_t value)
+{
+ switch (offset) {
+ case 0x300: /* SYS_DMA_LCD_CTRL */
+ s->src = (value & 0x40) ? imif : emiff;
+ s->condition = 0;
+ /* Assume no bus errors and thus no BUS_ERROR irq bits. */
+ s->interrupts = (value >> 1) & 1;
+ s->dual = value & 1;
+ break;
+
+ case 0x302: /* SYS_DMA_LCD_TOP_F1_L */
+ s->src_f1_top &= 0xffff0000;
+ s->src_f1_top |= 0x0000ffff & value;
+ break;
+
+ case 0x304: /* SYS_DMA_LCD_TOP_F1_U */
+ s->src_f1_top &= 0x0000ffff;
+ s->src_f1_top |= value << 16;
+ break;
+
+ case 0x306: /* SYS_DMA_LCD_BOT_F1_L */
+ s->src_f1_bottom &= 0xffff0000;
+ s->src_f1_bottom |= 0x0000ffff & value;
+ break;
+
+ case 0x308: /* SYS_DMA_LCD_BOT_F1_U */
+ s->src_f1_bottom &= 0x0000ffff;
+ s->src_f1_bottom |= value << 16;
+ break;
+
+ case 0x30a: /* SYS_DMA_LCD_TOP_F2_L */
+ s->src_f2_top &= 0xffff0000;
+ s->src_f2_top |= 0x0000ffff & value;
+ break;
+
+ case 0x30c: /* SYS_DMA_LCD_TOP_F2_U */
+ s->src_f2_top &= 0x0000ffff;
+ s->src_f2_top |= value << 16;
+ break;
+
+ case 0x30e: /* SYS_DMA_LCD_BOT_F2_L */
+ s->src_f2_bottom &= 0xffff0000;
+ s->src_f2_bottom |= 0x0000ffff & value;
+ break;
+
+ case 0x310: /* SYS_DMA_LCD_BOT_F2_U */
+ s->src_f2_bottom &= 0x0000ffff;
+ s->src_f2_bottom |= value << 16;
+ break;
+
+ default:
+ return 1;
+ }
+ return 0;
+}
+
+static int omap_dma_3_1_lcd_read(struct omap_dma_lcd_channel_s *s, int offset,
+ uint16_t *ret)
+{
+ int i;
+
+ switch (offset) {
+ case 0x300: /* SYS_DMA_LCD_CTRL */
+ i = s->condition;
+ s->condition = 0;
+ qemu_irq_lower(s->irq);
+ *ret = ((s->src == imif) << 6) | (i << 3) |
+ (s->interrupts << 1) | s->dual;
+ break;
+
+ case 0x302: /* SYS_DMA_LCD_TOP_F1_L */
+ *ret = s->src_f1_top & 0xffff;
+ break;
+
+ case 0x304: /* SYS_DMA_LCD_TOP_F1_U */
+ *ret = s->src_f1_top >> 16;
+ break;
+
+ case 0x306: /* SYS_DMA_LCD_BOT_F1_L */
+ *ret = s->src_f1_bottom & 0xffff;
+ break;
+
+ case 0x308: /* SYS_DMA_LCD_BOT_F1_U */
+ *ret = s->src_f1_bottom >> 16;
+ break;
+
+ case 0x30a: /* SYS_DMA_LCD_TOP_F2_L */
+ *ret = s->src_f2_top & 0xffff;
+ break;
+
+ case 0x30c: /* SYS_DMA_LCD_TOP_F2_U */
+ *ret = s->src_f2_top >> 16;
+ break;
+
+ case 0x30e: /* SYS_DMA_LCD_BOT_F2_L */
+ *ret = s->src_f2_bottom & 0xffff;
+ break;
+
+ case 0x310: /* SYS_DMA_LCD_BOT_F2_U */
+ *ret = s->src_f2_bottom >> 16;
+ break;
+
+ default:
+ return 1;
+ }
+ return 0;
+}
+
+static int omap_dma_sys_write(struct omap_dma_s *s, int offset, uint16_t value)
+{
+ switch (offset) {
+ case 0x400: /* SYS_DMA_GCR */
+ s->gcr = value;
+ break;
+
+ case 0x404: /* DMA_GSCR */
+ if (value & 0x8)
+ omap_dma_disable_3_1_mapping(s);
+ else
+ omap_dma_enable_3_1_mapping(s);
+ break;
+
+ case 0x408: /* DMA_GRST */
+ if (value & 0x1)
+ omap_dma_reset(s->dma);
+ break;
+
+ default:
+ return 1;
+ }
+ return 0;
+}
+
+static int omap_dma_sys_read(struct omap_dma_s *s, int offset,
+ uint16_t *ret)
+{
+ switch (offset) {
+ case 0x400: /* SYS_DMA_GCR */
+ *ret = s->gcr;
+ break;
+
+ case 0x404: /* DMA_GSCR */
+ *ret = s->omap_3_1_mapping_disabled << 3;
+ break;
+
+ case 0x408: /* DMA_GRST */
+ *ret = 0;
+ break;
+
+ case 0x442: /* DMA_HW_ID */
+ case 0x444: /* DMA_PCh2_ID */
+ case 0x446: /* DMA_PCh0_ID */
+ case 0x448: /* DMA_PCh1_ID */
+ case 0x44a: /* DMA_PChG_ID */
+ case 0x44c: /* DMA_PChD_ID */
+ *ret = 1;
+ break;
+
+ case 0x44e: /* DMA_CAPS_0_U */
+ *ret = (s->caps[0] >> 16) & 0xffff;
+ break;
+ case 0x450: /* DMA_CAPS_0_L */
+ *ret = (s->caps[0] >> 0) & 0xffff;
+ break;
+
+ case 0x452: /* DMA_CAPS_1_U */
+ *ret = (s->caps[1] >> 16) & 0xffff;
+ break;
+ case 0x454: /* DMA_CAPS_1_L */
+ *ret = (s->caps[1] >> 0) & 0xffff;
+ break;
+
+ case 0x456: /* DMA_CAPS_2 */
+ *ret = s->caps[2];
+ break;
+
+ case 0x458: /* DMA_CAPS_3 */
+ *ret = s->caps[3];
+ break;
+
+ case 0x45a: /* DMA_CAPS_4 */
+ *ret = s->caps[4];
+ break;
+
+ case 0x460: /* DMA_PCh2_SR */
+ case 0x480: /* DMA_PCh0_SR */
+ case 0x482: /* DMA_PCh1_SR */
+ case 0x4c0: /* DMA_PChD_SR_0 */
+ printf("%s: Physical Channel Status Registers not implemented.\n",
+ __FUNCTION__);
+ *ret = 0xff;
+ break;
+
+ default:
+ return 1;
+ }
+ return 0;
+}
+
+static uint64_t omap_dma_read(void *opaque, hwaddr addr,
+ unsigned size)
+{
+ struct omap_dma_s *s = (struct omap_dma_s *) opaque;
+ int reg, ch;
+ uint16_t ret;
+
+ if (size != 2) {
+ return omap_badwidth_read16(opaque, addr);
+ }
+
+ switch (addr) {
+ case 0x300 ... 0x3fe:
+ if (s->model <= omap_dma_3_1 || !s->omap_3_1_mapping_disabled) {
+ if (omap_dma_3_1_lcd_read(&s->lcd_ch, addr, &ret))
+ break;
+ return ret;
+ }
+ /* Fall through. */
+ case 0x000 ... 0x2fe:
+ reg = addr & 0x3f;
+ ch = (addr >> 6) & 0x0f;
+ if (omap_dma_ch_reg_read(s, &s->ch[ch], reg, &ret))
+ break;
+ return ret;
+
+ case 0x404 ... 0x4fe:
+ if (s->model <= omap_dma_3_1)
+ break;
+ /* Fall through. */
+ case 0x400:
+ if (omap_dma_sys_read(s, addr, &ret))
+ break;
+ return ret;
+
+ case 0xb00 ... 0xbfe:
+ if (s->model == omap_dma_3_2 && s->omap_3_1_mapping_disabled) {
+ if (omap_dma_3_2_lcd_read(&s->lcd_ch, addr, &ret))
+ break;
+ return ret;
+ }
+ break;
+ }
+
+ OMAP_BAD_REG(addr);
+ return 0;
+}
+
+static void omap_dma_write(void *opaque, hwaddr addr,
+ uint64_t value, unsigned size)
+{
+ struct omap_dma_s *s = (struct omap_dma_s *) opaque;
+ int reg, ch;
+
+ if (size != 2) {
+ return omap_badwidth_write16(opaque, addr, value);
+ }
+
+ switch (addr) {
+ case 0x300 ... 0x3fe:
+ if (s->model <= omap_dma_3_1 || !s->omap_3_1_mapping_disabled) {
+ if (omap_dma_3_1_lcd_write(&s->lcd_ch, addr, value))
+ break;
+ return;
+ }
+ /* Fall through. */
+ case 0x000 ... 0x2fe:
+ reg = addr & 0x3f;
+ ch = (addr >> 6) & 0x0f;
+ if (omap_dma_ch_reg_write(s, &s->ch[ch], reg, value))
+ break;
+ return;
+
+ case 0x404 ... 0x4fe:
+ if (s->model <= omap_dma_3_1)
+ break;
+ case 0x400:
+ /* Fall through. */
+ if (omap_dma_sys_write(s, addr, value))
+ break;
+ return;
+
+ case 0xb00 ... 0xbfe:
+ if (s->model == omap_dma_3_2 && s->omap_3_1_mapping_disabled) {
+ if (omap_dma_3_2_lcd_write(&s->lcd_ch, addr, value))
+ break;
+ return;
+ }
+ break;
+ }
+
+ OMAP_BAD_REG(addr);
+}
+
+static const MemoryRegionOps omap_dma_ops = {
+ .read = omap_dma_read,
+ .write = omap_dma_write,
+ .endianness = DEVICE_NATIVE_ENDIAN,
+};
+
+static void omap_dma_request(void *opaque, int drq, int req)
+{
+ struct omap_dma_s *s = (struct omap_dma_s *) opaque;
+ /* The request pins are level triggered in QEMU. */
+ if (req) {
+ if (~s->dma->drqbmp & (1ULL << drq)) {
+ s->dma->drqbmp |= 1ULL << drq;
+ omap_dma_process_request(s, drq);
+ }
+ } else
+ s->dma->drqbmp &= ~(1ULL << drq);
+}
+
+/* XXX: this won't be needed once soc_dma knows about clocks. */
+static void omap_dma_clk_update(void *opaque, int line, int on)
+{
+ struct omap_dma_s *s = (struct omap_dma_s *) opaque;
+ int i;
+
+ s->dma->freq = omap_clk_getrate(s->clk);
+
+ for (i = 0; i < s->chans; i ++)
+ if (s->ch[i].active)
+ soc_dma_set_request(s->ch[i].dma, on);
+}
+
+static void omap_dma_setcaps(struct omap_dma_s *s)
+{
+ switch (s->model) {
+ default:
+ case omap_dma_3_1:
+ break;
+ case omap_dma_3_2:
+ case omap_dma_4:
+ /* XXX Only available for sDMA */
+ s->caps[0] =
+ (1 << 19) | /* Constant Fill Capability */
+ (1 << 18); /* Transparent BLT Capability */
+ s->caps[1] =
+ (1 << 1); /* 1-bit palettized capability (DMA 3.2 only) */
+ s->caps[2] =
+ (1 << 8) | /* SEPARATE_SRC_AND_DST_INDEX_CPBLTY */
+ (1 << 7) | /* DST_DOUBLE_INDEX_ADRS_CPBLTY */
+ (1 << 6) | /* DST_SINGLE_INDEX_ADRS_CPBLTY */
+ (1 << 5) | /* DST_POST_INCRMNT_ADRS_CPBLTY */
+ (1 << 4) | /* DST_CONST_ADRS_CPBLTY */
+ (1 << 3) | /* SRC_DOUBLE_INDEX_ADRS_CPBLTY */
+ (1 << 2) | /* SRC_SINGLE_INDEX_ADRS_CPBLTY */
+ (1 << 1) | /* SRC_POST_INCRMNT_ADRS_CPBLTY */
+ (1 << 0); /* SRC_CONST_ADRS_CPBLTY */
+ s->caps[3] =
+ (1 << 6) | /* BLOCK_SYNCHR_CPBLTY (DMA 4 only) */
+ (1 << 7) | /* PKT_SYNCHR_CPBLTY (DMA 4 only) */
+ (1 << 5) | /* CHANNEL_CHAINING_CPBLTY */
+ (1 << 4) | /* LCh_INTERLEAVE_CPBLTY */
+ (1 << 3) | /* AUTOINIT_REPEAT_CPBLTY (DMA 3.2 only) */
+ (1 << 2) | /* AUTOINIT_ENDPROG_CPBLTY (DMA 3.2 only) */
+ (1 << 1) | /* FRAME_SYNCHR_CPBLTY */
+ (1 << 0); /* ELMNT_SYNCHR_CPBLTY */
+ s->caps[4] =
+ (1 << 7) | /* PKT_INTERRUPT_CPBLTY (DMA 4 only) */
+ (1 << 6) | /* SYNC_STATUS_CPBLTY */
+ (1 << 5) | /* BLOCK_INTERRUPT_CPBLTY */
+ (1 << 4) | /* LAST_FRAME_INTERRUPT_CPBLTY */
+ (1 << 3) | /* FRAME_INTERRUPT_CPBLTY */
+ (1 << 2) | /* HALF_FRAME_INTERRUPT_CPBLTY */
+ (1 << 1) | /* EVENT_DROP_INTERRUPT_CPBLTY */
+ (1 << 0); /* TIMEOUT_INTERRUPT_CPBLTY (DMA 3.2 only) */
+ break;
+ }
+}
+
+struct soc_dma_s *omap_dma_init(hwaddr base, qemu_irq *irqs,
+ MemoryRegion *sysmem,
+ qemu_irq lcd_irq, struct omap_mpu_state_s *mpu, omap_clk clk,
+ enum omap_dma_model model)
+{
+ int num_irqs, memsize, i;
+ struct omap_dma_s *s = (struct omap_dma_s *)
+ g_malloc0(sizeof(struct omap_dma_s));
+
+ if (model <= omap_dma_3_1) {
+ num_irqs = 6;
+ memsize = 0x800;
+ } else {
+ num_irqs = 16;
+ memsize = 0xc00;
+ }
+ s->model = model;
+ s->mpu = mpu;
+ s->clk = clk;
+ s->lcd_ch.irq = lcd_irq;
+ s->lcd_ch.mpu = mpu;
+
+ s->dma = soc_dma_init((model <= omap_dma_3_1) ? 9 : 16);
+ s->dma->freq = omap_clk_getrate(clk);
+ s->dma->transfer_fn = omap_dma_transfer_generic;
+ s->dma->setup_fn = omap_dma_transfer_setup;
+ s->dma->drq = qemu_allocate_irqs(omap_dma_request, s, 32);
+ s->dma->opaque = s;
+
+ while (num_irqs --)
+ s->ch[num_irqs].irq = irqs[num_irqs];
+ for (i = 0; i < 3; i ++) {
+ s->ch[i].sibling = &s->ch[i + 6];
+ s->ch[i + 6].sibling = &s->ch[i];
+ }
+ for (i = (model <= omap_dma_3_1) ? 8 : 15; i >= 0; i --) {
+ s->ch[i].dma = &s->dma->ch[i];
+ s->dma->ch[i].opaque = &s->ch[i];
+ }
+
+ omap_dma_setcaps(s);
+ omap_clk_adduser(s->clk, qemu_allocate_irqs(omap_dma_clk_update, s, 1)[0]);
+ omap_dma_reset(s->dma);
+ omap_dma_clk_update(s, 0, 1);
+
+ memory_region_init_io(&s->iomem, NULL, &omap_dma_ops, s, "omap.dma", memsize);
+ memory_region_add_subregion(sysmem, base, &s->iomem);
+
+ mpu->drq = s->dma->drq;
+
+ return s->dma;
+}
+
+static void omap_dma_interrupts_4_update(struct omap_dma_s *s)
+{
+ struct omap_dma_channel_s *ch = s->ch;
+ uint32_t bmp, bit;
+
+ for (bmp = 0, bit = 1; bit; ch ++, bit <<= 1)
+ if (ch->status) {
+ bmp |= bit;
+ ch->cstatus |= ch->status;
+ ch->status = 0;
+ }
+ if ((s->irqstat[0] |= s->irqen[0] & bmp))
+ qemu_irq_raise(s->irq[0]);
+ if ((s->irqstat[1] |= s->irqen[1] & bmp))
+ qemu_irq_raise(s->irq[1]);
+ if ((s->irqstat[2] |= s->irqen[2] & bmp))
+ qemu_irq_raise(s->irq[2]);
+ if ((s->irqstat[3] |= s->irqen[3] & bmp))
+ qemu_irq_raise(s->irq[3]);
+}
+
+static uint64_t omap_dma4_read(void *opaque, hwaddr addr,
+ unsigned size)
+{
+ struct omap_dma_s *s = (struct omap_dma_s *) opaque;
+ int irqn = 0, chnum;
+ struct omap_dma_channel_s *ch;
+
+ if (size == 1) {
+ return omap_badwidth_read16(opaque, addr);
+ }
+
+ switch (addr) {
+ case 0x00: /* DMA4_REVISION */
+ return 0x40;
+
+ case 0x14: /* DMA4_IRQSTATUS_L3 */
+ irqn ++;
+ /* fall through */
+ case 0x10: /* DMA4_IRQSTATUS_L2 */
+ irqn ++;
+ /* fall through */
+ case 0x0c: /* DMA4_IRQSTATUS_L1 */
+ irqn ++;
+ /* fall through */
+ case 0x08: /* DMA4_IRQSTATUS_L0 */
+ return s->irqstat[irqn];
+
+ case 0x24: /* DMA4_IRQENABLE_L3 */
+ irqn ++;
+ /* fall through */
+ case 0x20: /* DMA4_IRQENABLE_L2 */
+ irqn ++;
+ /* fall through */
+ case 0x1c: /* DMA4_IRQENABLE_L1 */
+ irqn ++;
+ /* fall through */
+ case 0x18: /* DMA4_IRQENABLE_L0 */
+ return s->irqen[irqn];
+
+ case 0x28: /* DMA4_SYSSTATUS */
+ return 1; /* RESETDONE */
+
+ case 0x2c: /* DMA4_OCP_SYSCONFIG */
+ return s->ocp;
+
+ case 0x64: /* DMA4_CAPS_0 */
+ return s->caps[0];
+ case 0x6c: /* DMA4_CAPS_2 */
+ return s->caps[2];
+ case 0x70: /* DMA4_CAPS_3 */
+ return s->caps[3];
+ case 0x74: /* DMA4_CAPS_4 */
+ return s->caps[4];
+
+ case 0x78: /* DMA4_GCR */
+ return s->gcr;
+
+ case 0x80 ... 0xfff:
+ addr -= 0x80;
+ chnum = addr / 0x60;
+ ch = s->ch + chnum;
+ addr -= chnum * 0x60;
+ break;
+
+ default:
+ OMAP_BAD_REG(addr);
+ return 0;
+ }
+
+ /* Per-channel registers */
+ switch (addr) {
+ case 0x00: /* DMA4_CCR */
+ return (ch->buf_disable << 25) |
+ (ch->src_sync << 24) |
+ (ch->prefetch << 23) |
+ ((ch->sync & 0x60) << 14) |
+ (ch->bs << 18) |
+ (ch->transparent_copy << 17) |
+ (ch->constant_fill << 16) |
+ (ch->mode[1] << 14) |
+ (ch->mode[0] << 12) |
+ (0 << 10) | (0 << 9) |
+ (ch->suspend << 8) |
+ (ch->enable << 7) |
+ (ch->priority << 6) |
+ (ch->fs << 5) | (ch->sync & 0x1f);
+
+ case 0x04: /* DMA4_CLNK_CTRL */
+ return (ch->link_enabled << 15) | ch->link_next_ch;
+
+ case 0x08: /* DMA4_CICR */
+ return ch->interrupts;
+
+ case 0x0c: /* DMA4_CSR */
+ return ch->cstatus;
+
+ case 0x10: /* DMA4_CSDP */
+ return (ch->endian[0] << 21) |
+ (ch->endian_lock[0] << 20) |
+ (ch->endian[1] << 19) |
+ (ch->endian_lock[1] << 18) |
+ (ch->write_mode << 16) |
+ (ch->burst[1] << 14) |
+ (ch->pack[1] << 13) |
+ (ch->translate[1] << 9) |
+ (ch->burst[0] << 7) |
+ (ch->pack[0] << 6) |
+ (ch->translate[0] << 2) |
+ (ch->data_type >> 1);
+
+ case 0x14: /* DMA4_CEN */
+ return ch->elements;
+
+ case 0x18: /* DMA4_CFN */
+ return ch->frames;
+
+ case 0x1c: /* DMA4_CSSA */
+ return ch->addr[0];
+
+ case 0x20: /* DMA4_CDSA */
+ return ch->addr[1];
+
+ case 0x24: /* DMA4_CSEI */
+ return ch->element_index[0];
+
+ case 0x28: /* DMA4_CSFI */
+ return ch->frame_index[0];
+
+ case 0x2c: /* DMA4_CDEI */
+ return ch->element_index[1];
+
+ case 0x30: /* DMA4_CDFI */
+ return ch->frame_index[1];
+
+ case 0x34: /* DMA4_CSAC */
+ return ch->active_set.src & 0xffff;
+
+ case 0x38: /* DMA4_CDAC */
+ return ch->active_set.dest & 0xffff;
+
+ case 0x3c: /* DMA4_CCEN */
+ return ch->active_set.element;
+
+ case 0x40: /* DMA4_CCFN */
+ return ch->active_set.frame;
+
+ case 0x44: /* DMA4_COLOR */
+ /* XXX only in sDMA */
+ return ch->color;
+
+ default:
+ OMAP_BAD_REG(addr);
+ return 0;
+ }
+}
+
+static void omap_dma4_write(void *opaque, hwaddr addr,
+ uint64_t value, unsigned size)
+{
+ struct omap_dma_s *s = (struct omap_dma_s *) opaque;
+ int chnum, irqn = 0;
+ struct omap_dma_channel_s *ch;
+
+ if (size == 1) {
+ return omap_badwidth_write16(opaque, addr, value);
+ }
+
+ switch (addr) {
+ case 0x14: /* DMA4_IRQSTATUS_L3 */
+ irqn ++;
+ /* fall through */
+ case 0x10: /* DMA4_IRQSTATUS_L2 */
+ irqn ++;
+ /* fall through */
+ case 0x0c: /* DMA4_IRQSTATUS_L1 */
+ irqn ++;
+ /* fall through */
+ case 0x08: /* DMA4_IRQSTATUS_L0 */
+ s->irqstat[irqn] &= ~value;
+ if (!s->irqstat[irqn])
+ qemu_irq_lower(s->irq[irqn]);
+ return;
+
+ case 0x24: /* DMA4_IRQENABLE_L3 */
+ irqn ++;
+ /* fall through */
+ case 0x20: /* DMA4_IRQENABLE_L2 */
+ irqn ++;
+ /* fall through */
+ case 0x1c: /* DMA4_IRQENABLE_L1 */
+ irqn ++;
+ /* fall through */
+ case 0x18: /* DMA4_IRQENABLE_L0 */
+ s->irqen[irqn] = value;
+ return;
+
+ case 0x2c: /* DMA4_OCP_SYSCONFIG */
+ if (value & 2) /* SOFTRESET */
+ omap_dma_reset(s->dma);
+ s->ocp = value & 0x3321;
+ if (((s->ocp >> 12) & 3) == 3) /* MIDLEMODE */
+ fprintf(stderr, "%s: invalid DMA power mode\n", __FUNCTION__);
+ return;
+
+ case 0x78: /* DMA4_GCR */
+ s->gcr = value & 0x00ff00ff;
+ if ((value & 0xff) == 0x00) /* MAX_CHANNEL_FIFO_DEPTH */
+ fprintf(stderr, "%s: wrong FIFO depth in GCR\n", __FUNCTION__);
+ return;
+
+ case 0x80 ... 0xfff:
+ addr -= 0x80;
+ chnum = addr / 0x60;
+ ch = s->ch + chnum;
+ addr -= chnum * 0x60;
+ break;
+
+ case 0x00: /* DMA4_REVISION */
+ case 0x28: /* DMA4_SYSSTATUS */
+ case 0x64: /* DMA4_CAPS_0 */
+ case 0x6c: /* DMA4_CAPS_2 */
+ case 0x70: /* DMA4_CAPS_3 */
+ case 0x74: /* DMA4_CAPS_4 */
+ OMAP_RO_REG(addr);
+ return;
+
+ default:
+ OMAP_BAD_REG(addr);
+ return;
+ }
+
+ /* Per-channel registers */
+ switch (addr) {
+ case 0x00: /* DMA4_CCR */
+ ch->buf_disable = (value >> 25) & 1;
+ ch->src_sync = (value >> 24) & 1; /* XXX For CamDMA must be 1 */
+ if (ch->buf_disable && !ch->src_sync)
+ fprintf(stderr, "%s: Buffering disable is not allowed in "
+ "destination synchronised mode\n", __FUNCTION__);
+ ch->prefetch = (value >> 23) & 1;
+ ch->bs = (value >> 18) & 1;
+ ch->transparent_copy = (value >> 17) & 1;
+ ch->constant_fill = (value >> 16) & 1;
+ ch->mode[1] = (omap_dma_addressing_t) ((value & 0xc000) >> 14);
+ ch->mode[0] = (omap_dma_addressing_t) ((value & 0x3000) >> 12);
+ ch->suspend = (value & 0x0100) >> 8;
+ ch->priority = (value & 0x0040) >> 6;
+ ch->fs = (value & 0x0020) >> 5;
+ if (ch->fs && ch->bs && ch->mode[0] && ch->mode[1])
+ fprintf(stderr, "%s: For a packet transfer at least one port "
+ "must be constant-addressed\n", __FUNCTION__);
+ ch->sync = (value & 0x001f) | ((value >> 14) & 0x0060);
+ /* XXX must be 0x01 for CamDMA */
+
+ if (value & 0x0080)
+ omap_dma_enable_channel(s, ch);
+ else
+ omap_dma_disable_channel(s, ch);
+
+ break;
+
+ case 0x04: /* DMA4_CLNK_CTRL */
+ ch->link_enabled = (value >> 15) & 0x1;
+ ch->link_next_ch = value & 0x1f;
+ break;
+
+ case 0x08: /* DMA4_CICR */
+ ch->interrupts = value & 0x09be;
+ break;
+
+ case 0x0c: /* DMA4_CSR */
+ ch->cstatus &= ~value;
+ break;
+
+ case 0x10: /* DMA4_CSDP */
+ ch->endian[0] =(value >> 21) & 1;
+ ch->endian_lock[0] =(value >> 20) & 1;
+ ch->endian[1] =(value >> 19) & 1;
+ ch->endian_lock[1] =(value >> 18) & 1;
+ if (ch->endian[0] != ch->endian[1])
+ fprintf(stderr, "%s: DMA endiannes conversion enable attempt\n",
+ __FUNCTION__);
+ ch->write_mode = (value >> 16) & 3;
+ ch->burst[1] = (value & 0xc000) >> 14;
+ ch->pack[1] = (value & 0x2000) >> 13;
+ ch->translate[1] = (value & 0x1e00) >> 9;
+ ch->burst[0] = (value & 0x0180) >> 7;
+ ch->pack[0] = (value & 0x0040) >> 6;
+ ch->translate[0] = (value & 0x003c) >> 2;
+ if (ch->translate[0] | ch->translate[1])
+ fprintf(stderr, "%s: bad MReqAddressTranslate sideband signal\n",
+ __FUNCTION__);
+ ch->data_type = 1 << (value & 3);
+ if ((value & 3) == 3)
+ printf("%s: bad data_type for DMA channel\n", __FUNCTION__);
+ break;
+
+ case 0x14: /* DMA4_CEN */
+ ch->set_update = 1;
+ ch->elements = value & 0xffffff;
+ break;
+
+ case 0x18: /* DMA4_CFN */
+ ch->frames = value & 0xffff;
+ ch->set_update = 1;
+ break;
+
+ case 0x1c: /* DMA4_CSSA */
+ ch->addr[0] = (hwaddr) (uint32_t) value;
+ ch->set_update = 1;
+ break;
+
+ case 0x20: /* DMA4_CDSA */
+ ch->addr[1] = (hwaddr) (uint32_t) value;
+ ch->set_update = 1;
+ break;
+
+ case 0x24: /* DMA4_CSEI */
+ ch->element_index[0] = (int16_t) value;
+ ch->set_update = 1;
+ break;
+
+ case 0x28: /* DMA4_CSFI */
+ ch->frame_index[0] = (int32_t) value;
+ ch->set_update = 1;
+ break;
+
+ case 0x2c: /* DMA4_CDEI */
+ ch->element_index[1] = (int16_t) value;
+ ch->set_update = 1;
+ break;
+
+ case 0x30: /* DMA4_CDFI */
+ ch->frame_index[1] = (int32_t) value;
+ ch->set_update = 1;
+ break;
+
+ case 0x44: /* DMA4_COLOR */
+ /* XXX only in sDMA */
+ ch->color = value;
+ break;
+
+ case 0x34: /* DMA4_CSAC */
+ case 0x38: /* DMA4_CDAC */
+ case 0x3c: /* DMA4_CCEN */
+ case 0x40: /* DMA4_CCFN */
+ OMAP_RO_REG(addr);
+ break;
+
+ default:
+ OMAP_BAD_REG(addr);
+ }
+}
+
+static const MemoryRegionOps omap_dma4_ops = {
+ .read = omap_dma4_read,
+ .write = omap_dma4_write,
+ .endianness = DEVICE_NATIVE_ENDIAN,
+};
+
+struct soc_dma_s *omap_dma4_init(hwaddr base, qemu_irq *irqs,
+ MemoryRegion *sysmem,
+ struct omap_mpu_state_s *mpu, int fifo,
+ int chans, omap_clk iclk, omap_clk fclk)
+{
+ int i;
+ struct omap_dma_s *s = (struct omap_dma_s *)
+ g_malloc0(sizeof(struct omap_dma_s));
+
+ s->model = omap_dma_4;
+ s->chans = chans;
+ s->mpu = mpu;
+ s->clk = fclk;
+
+ s->dma = soc_dma_init(s->chans);
+ s->dma->freq = omap_clk_getrate(fclk);
+ s->dma->transfer_fn = omap_dma_transfer_generic;
+ s->dma->setup_fn = omap_dma_transfer_setup;
+ s->dma->drq = qemu_allocate_irqs(omap_dma_request, s, 64);
+ s->dma->opaque = s;
+ for (i = 0; i < s->chans; i ++) {
+ s->ch[i].dma = &s->dma->ch[i];
+ s->dma->ch[i].opaque = &s->ch[i];
+ }
+
+ memcpy(&s->irq, irqs, sizeof(s->irq));
+ s->intr_update = omap_dma_interrupts_4_update;
+
+ omap_dma_setcaps(s);
+ omap_clk_adduser(s->clk, qemu_allocate_irqs(omap_dma_clk_update, s, 1)[0]);
+ omap_dma_reset(s->dma);
+ omap_dma_clk_update(s, 0, !!s->dma->freq);
+
+ memory_region_init_io(&s->iomem, NULL, &omap_dma4_ops, s, "omap.dma4", 0x1000);
+ memory_region_add_subregion(sysmem, base, &s->iomem);
+
+ mpu->drq = s->dma->drq;
+
+ return s->dma;
+}
+
+struct omap_dma_lcd_channel_s *omap_dma_get_lcdch(struct soc_dma_s *dma)
+{
+ struct omap_dma_s *s = dma->opaque;
+
+ return &s->lcd_ch;
+}
diff --git a/hw/dma/pl080.c b/hw/dma/pl080.c
new file mode 100644
index 000000000..35b90155a
--- /dev/null
+++ b/hw/dma/pl080.c
@@ -0,0 +1,410 @@
+/*
+ * Arm PrimeCell PL080/PL081 DMA controller
+ *
+ * Copyright (c) 2006 CodeSourcery.
+ * Written by Paul Brook
+ *
+ * This code is licensed under the GPL.
+ */
+
+#include "hw/sysbus.h"
+
+#define PL080_MAX_CHANNELS 8
+#define PL080_CONF_E 0x1
+#define PL080_CONF_M1 0x2
+#define PL080_CONF_M2 0x4
+
+#define PL080_CCONF_H 0x40000
+#define PL080_CCONF_A 0x20000
+#define PL080_CCONF_L 0x10000
+#define PL080_CCONF_ITC 0x08000
+#define PL080_CCONF_IE 0x04000
+#define PL080_CCONF_E 0x00001
+
+#define PL080_CCTRL_I 0x80000000
+#define PL080_CCTRL_DI 0x08000000
+#define PL080_CCTRL_SI 0x04000000
+#define PL080_CCTRL_D 0x02000000
+#define PL080_CCTRL_S 0x01000000
+
+typedef struct {
+ uint32_t src;
+ uint32_t dest;
+ uint32_t lli;
+ uint32_t ctrl;
+ uint32_t conf;
+} pl080_channel;
+
+#define TYPE_PL080 "pl080"
+#define PL080(obj) OBJECT_CHECK(PL080State, (obj), TYPE_PL080)
+
+typedef struct PL080State {
+ SysBusDevice parent_obj;
+
+ MemoryRegion iomem;
+ uint8_t tc_int;
+ uint8_t tc_mask;
+ uint8_t err_int;
+ uint8_t err_mask;
+ uint32_t conf;
+ uint32_t sync;
+ uint32_t req_single;
+ uint32_t req_burst;
+ pl080_channel chan[PL080_MAX_CHANNELS];
+ int nchannels;
+ /* Flag to avoid recursive DMA invocations. */
+ int running;
+ qemu_irq irq;
+} PL080State;
+
+static const VMStateDescription vmstate_pl080_channel = {
+ .name = "pl080_channel",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .fields = (VMStateField[]) {
+ VMSTATE_UINT32(src, pl080_channel),
+ VMSTATE_UINT32(dest, pl080_channel),
+ VMSTATE_UINT32(lli, pl080_channel),
+ VMSTATE_UINT32(ctrl, pl080_channel),
+ VMSTATE_UINT32(conf, pl080_channel),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+static const VMStateDescription vmstate_pl080 = {
+ .name = "pl080",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .fields = (VMStateField[]) {
+ VMSTATE_UINT8(tc_int, PL080State),
+ VMSTATE_UINT8(tc_mask, PL080State),
+ VMSTATE_UINT8(err_int, PL080State),
+ VMSTATE_UINT8(err_mask, PL080State),
+ VMSTATE_UINT32(conf, PL080State),
+ VMSTATE_UINT32(sync, PL080State),
+ VMSTATE_UINT32(req_single, PL080State),
+ VMSTATE_UINT32(req_burst, PL080State),
+ VMSTATE_UINT8(tc_int, PL080State),
+ VMSTATE_UINT8(tc_int, PL080State),
+ VMSTATE_UINT8(tc_int, PL080State),
+ VMSTATE_STRUCT_ARRAY(chan, PL080State, PL080_MAX_CHANNELS,
+ 1, vmstate_pl080_channel, pl080_channel),
+ VMSTATE_INT32(running, PL080State),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+static const unsigned char pl080_id[] =
+{ 0x80, 0x10, 0x04, 0x0a, 0x0d, 0xf0, 0x05, 0xb1 };
+
+static const unsigned char pl081_id[] =
+{ 0x81, 0x10, 0x04, 0x0a, 0x0d, 0xf0, 0x05, 0xb1 };
+
+static void pl080_update(PL080State *s)
+{
+ if ((s->tc_int & s->tc_mask)
+ || (s->err_int & s->err_mask))
+ qemu_irq_raise(s->irq);
+ else
+ qemu_irq_lower(s->irq);
+}
+
+static void pl080_run(PL080State *s)
+{
+ int c;
+ int flow;
+ pl080_channel *ch;
+ int swidth;
+ int dwidth;
+ int xsize;
+ int n;
+ int src_id;
+ int dest_id;
+ int size;
+ uint8_t buff[4];
+ uint32_t req;
+
+ s->tc_mask = 0;
+ for (c = 0; c < s->nchannels; c++) {
+ if (s->chan[c].conf & PL080_CCONF_ITC)
+ s->tc_mask |= 1 << c;
+ if (s->chan[c].conf & PL080_CCONF_IE)
+ s->err_mask |= 1 << c;
+ }
+
+ if ((s->conf & PL080_CONF_E) == 0)
+ return;
+
+hw_error("DMA active\n");
+ /* If we are already in the middle of a DMA operation then indicate that
+ there may be new DMA requests and return immediately. */
+ if (s->running) {
+ s->running++;
+ return;
+ }
+ s->running = 1;
+ while (s->running) {
+ for (c = 0; c < s->nchannels; c++) {
+ ch = &s->chan[c];
+again:
+ /* Test if thiws channel has any pending DMA requests. */
+ if ((ch->conf & (PL080_CCONF_H | PL080_CCONF_E))
+ != PL080_CCONF_E)
+ continue;
+ flow = (ch->conf >> 11) & 7;
+ if (flow >= 4) {
+ hw_error(
+ "pl080_run: Peripheral flow control not implemented\n");
+ }
+ src_id = (ch->conf >> 1) & 0x1f;
+ dest_id = (ch->conf >> 6) & 0x1f;
+ size = ch->ctrl & 0xfff;
+ req = s->req_single | s->req_burst;
+ switch (flow) {
+ case 0:
+ break;
+ case 1:
+ if ((req & (1u << dest_id)) == 0)
+ size = 0;
+ break;
+ case 2:
+ if ((req & (1u << src_id)) == 0)
+ size = 0;
+ break;
+ case 3:
+ if ((req & (1u << src_id)) == 0
+ || (req & (1u << dest_id)) == 0)
+ size = 0;
+ break;
+ }
+ if (!size)
+ continue;
+
+ /* Transfer one element. */
+ /* ??? Should transfer multiple elements for a burst request. */
+ /* ??? Unclear what the proper behavior is when source and
+ destination widths are different. */
+ swidth = 1 << ((ch->ctrl >> 18) & 7);
+ dwidth = 1 << ((ch->ctrl >> 21) & 7);
+ for (n = 0; n < dwidth; n+= swidth) {
+ cpu_physical_memory_read(ch->src, buff + n, swidth);
+ if (ch->ctrl & PL080_CCTRL_SI)
+ ch->src += swidth;
+ }
+ xsize = (dwidth < swidth) ? swidth : dwidth;
+ /* ??? This may pad the value incorrectly for dwidth < 32. */
+ for (n = 0; n < xsize; n += dwidth) {
+ cpu_physical_memory_write(ch->dest + n, buff + n, dwidth);
+ if (ch->ctrl & PL080_CCTRL_DI)
+ ch->dest += swidth;
+ }
+
+ size--;
+ ch->ctrl = (ch->ctrl & 0xfffff000) | size;
+ if (size == 0) {
+ /* Transfer complete. */
+ if (ch->lli) {
+ ch->src = ldl_le_phys(ch->lli);
+ ch->dest = ldl_le_phys(ch->lli + 4);
+ ch->ctrl = ldl_le_phys(ch->lli + 12);
+ ch->lli = ldl_le_phys(ch->lli + 8);
+ } else {
+ ch->conf &= ~PL080_CCONF_E;
+ }
+ if (ch->ctrl & PL080_CCTRL_I) {
+ s->tc_int |= 1 << c;
+ }
+ }
+ goto again;
+ }
+ if (--s->running)
+ s->running = 1;
+ }
+}
+
+static uint64_t pl080_read(void *opaque, hwaddr offset,
+ unsigned size)
+{
+ PL080State *s = (PL080State *)opaque;
+ uint32_t i;
+ uint32_t mask;
+
+ if (offset >= 0xfe0 && offset < 0x1000) {
+ if (s->nchannels == 8) {
+ return pl080_id[(offset - 0xfe0) >> 2];
+ } else {
+ return pl081_id[(offset - 0xfe0) >> 2];
+ }
+ }
+ if (offset >= 0x100 && offset < 0x200) {
+ i = (offset & 0xe0) >> 5;
+ if (i >= s->nchannels)
+ goto bad_offset;
+ switch (offset >> 2) {
+ case 0: /* SrcAddr */
+ return s->chan[i].src;
+ case 1: /* DestAddr */
+ return s->chan[i].dest;
+ case 2: /* LLI */
+ return s->chan[i].lli;
+ case 3: /* Control */
+ return s->chan[i].ctrl;
+ case 4: /* Configuration */
+ return s->chan[i].conf;
+ default:
+ goto bad_offset;
+ }
+ }
+ switch (offset >> 2) {
+ case 0: /* IntStatus */
+ return (s->tc_int & s->tc_mask) | (s->err_int & s->err_mask);
+ case 1: /* IntTCStatus */
+ return (s->tc_int & s->tc_mask);
+ case 3: /* IntErrorStatus */
+ return (s->err_int & s->err_mask);
+ case 5: /* RawIntTCStatus */
+ return s->tc_int;
+ case 6: /* RawIntErrorStatus */
+ return s->err_int;
+ case 7: /* EnbldChns */
+ mask = 0;
+ for (i = 0; i < s->nchannels; i++) {
+ if (s->chan[i].conf & PL080_CCONF_E)
+ mask |= 1 << i;
+ }
+ return mask;
+ case 8: /* SoftBReq */
+ case 9: /* SoftSReq */
+ case 10: /* SoftLBReq */
+ case 11: /* SoftLSReq */
+ /* ??? Implement these. */
+ return 0;
+ case 12: /* Configuration */
+ return s->conf;
+ case 13: /* Sync */
+ return s->sync;
+ default:
+ bad_offset:
+ qemu_log_mask(LOG_GUEST_ERROR,
+ "pl080_read: Bad offset %x\n", (int)offset);
+ return 0;
+ }
+}
+
+static void pl080_write(void *opaque, hwaddr offset,
+ uint64_t value, unsigned size)
+{
+ PL080State *s = (PL080State *)opaque;
+ int i;
+
+ if (offset >= 0x100 && offset < 0x200) {
+ i = (offset & 0xe0) >> 5;
+ if (i >= s->nchannels)
+ goto bad_offset;
+ switch (offset >> 2) {
+ case 0: /* SrcAddr */
+ s->chan[i].src = value;
+ break;
+ case 1: /* DestAddr */
+ s->chan[i].dest = value;
+ break;
+ case 2: /* LLI */
+ s->chan[i].lli = value;
+ break;
+ case 3: /* Control */
+ s->chan[i].ctrl = value;
+ break;
+ case 4: /* Configuration */
+ s->chan[i].conf = value;
+ pl080_run(s);
+ break;
+ }
+ }
+ switch (offset >> 2) {
+ case 2: /* IntTCClear */
+ s->tc_int &= ~value;
+ break;
+ case 4: /* IntErrorClear */
+ s->err_int &= ~value;
+ break;
+ case 8: /* SoftBReq */
+ case 9: /* SoftSReq */
+ case 10: /* SoftLBReq */
+ case 11: /* SoftLSReq */
+ /* ??? Implement these. */
+ qemu_log_mask(LOG_UNIMP, "pl080_write: Soft DMA not implemented\n");
+ break;
+ case 12: /* Configuration */
+ s->conf = value;
+ if (s->conf & (PL080_CONF_M1 | PL080_CONF_M1)) {
+ qemu_log_mask(LOG_UNIMP,
+ "pl080_write: Big-endian DMA not implemented\n");
+ }
+ pl080_run(s);
+ break;
+ case 13: /* Sync */
+ s->sync = value;
+ break;
+ default:
+ bad_offset:
+ qemu_log_mask(LOG_GUEST_ERROR,
+ "pl080_write: Bad offset %x\n", (int)offset);
+ }
+ pl080_update(s);
+}
+
+static const MemoryRegionOps pl080_ops = {
+ .read = pl080_read,
+ .write = pl080_write,
+ .endianness = DEVICE_NATIVE_ENDIAN,
+};
+
+static void pl080_init(Object *obj)
+{
+ SysBusDevice *sbd = SYS_BUS_DEVICE(obj);
+ PL080State *s = PL080(obj);
+
+ memory_region_init_io(&s->iomem, OBJECT(s), &pl080_ops, s, "pl080", 0x1000);
+ sysbus_init_mmio(sbd, &s->iomem);
+ sysbus_init_irq(sbd, &s->irq);
+ s->nchannels = 8;
+}
+
+static void pl081_init(Object *obj)
+{
+ PL080State *s = PL080(obj);
+
+ s->nchannels = 2;
+}
+
+static void pl080_class_init(ObjectClass *oc, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(oc);
+
+ dc->no_user = 1;
+ dc->vmsd = &vmstate_pl080;
+}
+
+static const TypeInfo pl080_info = {
+ .name = TYPE_PL080,
+ .parent = TYPE_SYS_BUS_DEVICE,
+ .instance_size = sizeof(PL080State),
+ .instance_init = pl080_init,
+ .class_init = pl080_class_init,
+};
+
+static const TypeInfo pl081_info = {
+ .name = "pl081",
+ .parent = TYPE_PL080,
+ .instance_init = pl081_init,
+};
+
+/* The PL080 and PL081 are the same except for the number of channels
+ they implement (8 and 2 respectively). */
+static void pl080_register_types(void)
+{
+ type_register_static(&pl080_info);
+ type_register_static(&pl081_info);
+}
+
+type_init(pl080_register_types)
diff --git a/hw/dma/pl330.c b/hw/dma/pl330.c
new file mode 100644
index 000000000..ddcc4135d
--- /dev/null
+++ b/hw/dma/pl330.c
@@ -0,0 +1,1654 @@
+/*
+ * ARM PrimeCell PL330 DMA Controller
+ *
+ * Copyright (c) 2009 Samsung Electronics.
+ * Contributed by Kirill Batuzov <batuzovk@ispras.ru>
+ * Copyright (c) 2012 Peter A.G. Crosthwaite (peter.crosthwaite@petalogix.com)
+ * Copyright (c) 2012 PetaLogix Pty Ltd.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; version 2 or later.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "hw/sysbus.h"
+#include "qemu/timer.h"
+#include "sysemu/dma.h"
+
+#ifndef PL330_ERR_DEBUG
+#define PL330_ERR_DEBUG 0
+#endif
+
+#define DB_PRINT_L(lvl, fmt, args...) do {\
+ if (PL330_ERR_DEBUG >= lvl) {\
+ fprintf(stderr, "PL330: %s:" fmt, __func__, ## args);\
+ } \
+} while (0);
+
+#define DB_PRINT(fmt, args...) DB_PRINT_L(1, fmt, ## args)
+
+#define PL330_PERIPH_NUM 32
+#define PL330_MAX_BURST_LEN 128
+#define PL330_INSN_MAXSIZE 6
+
+#define PL330_FIFO_OK 0
+#define PL330_FIFO_STALL 1
+#define PL330_FIFO_ERR (-1)
+
+#define PL330_FAULT_UNDEF_INSTR (1 << 0)
+#define PL330_FAULT_OPERAND_INVALID (1 << 1)
+#define PL330_FAULT_DMAGO_ERR (1 << 4)
+#define PL330_FAULT_EVENT_ERR (1 << 5)
+#define PL330_FAULT_CH_PERIPH_ERR (1 << 6)
+#define PL330_FAULT_CH_RDWR_ERR (1 << 7)
+#define PL330_FAULT_ST_DATA_UNAVAILABLE (1 << 12)
+#define PL330_FAULT_FIFOEMPTY_ERR (1 << 13)
+#define PL330_FAULT_INSTR_FETCH_ERR (1 << 16)
+#define PL330_FAULT_DATA_WRITE_ERR (1 << 17)
+#define PL330_FAULT_DATA_READ_ERR (1 << 18)
+#define PL330_FAULT_DBG_INSTR (1 << 30)
+#define PL330_FAULT_LOCKUP_ERR (1 << 31)
+
+#define PL330_UNTAGGED 0xff
+
+#define PL330_SINGLE 0x0
+#define PL330_BURST 0x1
+
+#define PL330_WATCHDOG_LIMIT 1024
+
+/* IOMEM mapped registers */
+#define PL330_REG_DSR 0x000
+#define PL330_REG_DPC 0x004
+#define PL330_REG_INTEN 0x020
+#define PL330_REG_INT_EVENT_RIS 0x024
+#define PL330_REG_INTMIS 0x028
+#define PL330_REG_INTCLR 0x02C
+#define PL330_REG_FSRD 0x030
+#define PL330_REG_FSRC 0x034
+#define PL330_REG_FTRD 0x038
+#define PL330_REG_FTR_BASE 0x040
+#define PL330_REG_CSR_BASE 0x100
+#define PL330_REG_CPC_BASE 0x104
+#define PL330_REG_CHANCTRL 0x400
+#define PL330_REG_DBGSTATUS 0xD00
+#define PL330_REG_DBGCMD 0xD04
+#define PL330_REG_DBGINST0 0xD08
+#define PL330_REG_DBGINST1 0xD0C
+#define PL330_REG_CR0_BASE 0xE00
+#define PL330_REG_PERIPH_ID 0xFE0
+
+#define PL330_IOMEM_SIZE 0x1000
+
+#define CFG_BOOT_ADDR 2
+#define CFG_INS 3
+#define CFG_PNS 4
+#define CFG_CRD 5
+
+static const uint32_t pl330_id[] = {
+ 0x30, 0x13, 0x24, 0x00, 0x0D, 0xF0, 0x05, 0xB1
+};
+
+/* DMA channel states as they are described in PL330 Technical Reference Manual
+ * Most of them will not be used in emulation.
+ */
+typedef enum {
+ pl330_chan_stopped = 0,
+ pl330_chan_executing = 1,
+ pl330_chan_cache_miss = 2,
+ pl330_chan_updating_pc = 3,
+ pl330_chan_waiting_event = 4,
+ pl330_chan_at_barrier = 5,
+ pl330_chan_queue_busy = 6,
+ pl330_chan_waiting_periph = 7,
+ pl330_chan_killing = 8,
+ pl330_chan_completing = 9,
+ pl330_chan_fault_completing = 14,
+ pl330_chan_fault = 15,
+} PL330ChanState;
+
+typedef struct PL330State PL330State;
+
+typedef struct PL330Chan {
+ uint32_t src;
+ uint32_t dst;
+ uint32_t pc;
+ uint32_t control;
+ uint32_t status;
+ uint32_t lc[2];
+ uint32_t fault_type;
+ uint32_t watchdog_timer;
+
+ bool ns;
+ uint8_t request_flag;
+ uint8_t wakeup;
+ uint8_t wfp_sbp;
+
+ uint8_t state;
+ uint8_t stall;
+
+ bool is_manager;
+ PL330State *parent;
+ uint8_t tag;
+} PL330Chan;
+
+static const VMStateDescription vmstate_pl330_chan = {
+ .name = "pl330_chan",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .minimum_version_id_old = 1,
+ .fields = (VMStateField[]) {
+ VMSTATE_UINT32(src, PL330Chan),
+ VMSTATE_UINT32(dst, PL330Chan),
+ VMSTATE_UINT32(pc, PL330Chan),
+ VMSTATE_UINT32(control, PL330Chan),
+ VMSTATE_UINT32(status, PL330Chan),
+ VMSTATE_UINT32_ARRAY(lc, PL330Chan, 2),
+ VMSTATE_UINT32(fault_type, PL330Chan),
+ VMSTATE_UINT32(watchdog_timer, PL330Chan),
+ VMSTATE_BOOL(ns, PL330Chan),
+ VMSTATE_UINT8(request_flag, PL330Chan),
+ VMSTATE_UINT8(wakeup, PL330Chan),
+ VMSTATE_UINT8(wfp_sbp, PL330Chan),
+ VMSTATE_UINT8(state, PL330Chan),
+ VMSTATE_UINT8(stall, PL330Chan),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+typedef struct PL330Fifo {
+ uint8_t *buf;
+ uint8_t *tag;
+ uint32_t head;
+ uint32_t num;
+ uint32_t buf_size;
+} PL330Fifo;
+
+static const VMStateDescription vmstate_pl330_fifo = {
+ .name = "pl330_chan",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .minimum_version_id_old = 1,
+ .fields = (VMStateField[]) {
+ VMSTATE_VBUFFER_UINT32(buf, PL330Fifo, 1, NULL, 0, buf_size),
+ VMSTATE_VBUFFER_UINT32(tag, PL330Fifo, 1, NULL, 0, buf_size),
+ VMSTATE_UINT32(head, PL330Fifo),
+ VMSTATE_UINT32(num, PL330Fifo),
+ VMSTATE_UINT32(buf_size, PL330Fifo),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+typedef struct PL330QueueEntry {
+ uint32_t addr;
+ uint32_t len;
+ uint8_t n;
+ bool inc;
+ bool z;
+ uint8_t tag;
+ uint8_t seqn;
+} PL330QueueEntry;
+
+static const VMStateDescription vmstate_pl330_queue_entry = {
+ .name = "pl330_queue_entry",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .minimum_version_id_old = 1,
+ .fields = (VMStateField[]) {
+ VMSTATE_UINT32(addr, PL330QueueEntry),
+ VMSTATE_UINT32(len, PL330QueueEntry),
+ VMSTATE_UINT8(n, PL330QueueEntry),
+ VMSTATE_BOOL(inc, PL330QueueEntry),
+ VMSTATE_BOOL(z, PL330QueueEntry),
+ VMSTATE_UINT8(tag, PL330QueueEntry),
+ VMSTATE_UINT8(seqn, PL330QueueEntry),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+typedef struct PL330Queue {
+ PL330State *parent;
+ PL330QueueEntry *queue;
+ uint32_t queue_size;
+} PL330Queue;
+
+static const VMStateDescription vmstate_pl330_queue = {
+ .name = "pl330_queue",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .minimum_version_id_old = 1,
+ .fields = (VMStateField[]) {
+ VMSTATE_STRUCT_VARRAY_UINT32(queue, PL330Queue, queue_size, 1,
+ vmstate_pl330_queue_entry, PL330QueueEntry),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+struct PL330State {
+ SysBusDevice busdev;
+ MemoryRegion iomem;
+ qemu_irq irq_abort;
+ qemu_irq *irq;
+
+ /* Config registers. cfg[5] = CfgDn. */
+ uint32_t cfg[6];
+#define EVENT_SEC_STATE 3
+#define PERIPH_SEC_STATE 4
+ /* cfg 0 bits and pieces */
+ uint32_t num_chnls;
+ uint8_t num_periph_req;
+ uint8_t num_events;
+ uint8_t mgr_ns_at_rst;
+ /* cfg 1 bits and pieces */
+ uint8_t i_cache_len;
+ uint8_t num_i_cache_lines;
+ /* CRD bits and pieces */
+ uint8_t data_width;
+ uint8_t wr_cap;
+ uint8_t wr_q_dep;
+ uint8_t rd_cap;
+ uint8_t rd_q_dep;
+ uint16_t data_buffer_dep;
+
+ PL330Chan manager;
+ PL330Chan *chan;
+ PL330Fifo fifo;
+ PL330Queue read_queue;
+ PL330Queue write_queue;
+ uint8_t *lo_seqn;
+ uint8_t *hi_seqn;
+ QEMUTimer *timer; /* is used for restore dma. */
+
+ uint32_t inten;
+ uint32_t int_status;
+ uint32_t ev_status;
+ uint32_t dbg[2];
+ uint8_t debug_status;
+ uint8_t num_faulting;
+ uint8_t periph_busy[PL330_PERIPH_NUM];
+
+};
+
+#define TYPE_PL330 "pl330"
+#define PL330(obj) OBJECT_CHECK(PL330State, (obj), TYPE_PL330)
+
+static const VMStateDescription vmstate_pl330 = {
+ .name = "pl330",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .minimum_version_id_old = 1,
+ .fields = (VMStateField[]) {
+ VMSTATE_STRUCT(manager, PL330State, 0, vmstate_pl330_chan, PL330Chan),
+ VMSTATE_STRUCT_VARRAY_UINT32(chan, PL330State, num_chnls, 0,
+ vmstate_pl330_chan, PL330Chan),
+ VMSTATE_VBUFFER_UINT32(lo_seqn, PL330State, 1, NULL, 0, num_chnls),
+ VMSTATE_VBUFFER_UINT32(hi_seqn, PL330State, 1, NULL, 0, num_chnls),
+ VMSTATE_STRUCT(fifo, PL330State, 0, vmstate_pl330_fifo, PL330Fifo),
+ VMSTATE_STRUCT(read_queue, PL330State, 0, vmstate_pl330_queue,
+ PL330Queue),
+ VMSTATE_STRUCT(write_queue, PL330State, 0, vmstate_pl330_queue,
+ PL330Queue),
+ VMSTATE_TIMER(timer, PL330State),
+ VMSTATE_UINT32(inten, PL330State),
+ VMSTATE_UINT32(int_status, PL330State),
+ VMSTATE_UINT32(ev_status, PL330State),
+ VMSTATE_UINT32_ARRAY(dbg, PL330State, 2),
+ VMSTATE_UINT8(debug_status, PL330State),
+ VMSTATE_UINT8(num_faulting, PL330State),
+ VMSTATE_UINT8_ARRAY(periph_busy, PL330State, PL330_PERIPH_NUM),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+typedef struct PL330InsnDesc {
+ /* OPCODE of the instruction */
+ uint8_t opcode;
+ /* Mask so we can select several sibling instructions, such as
+ DMALD, DMALDS and DMALDB */
+ uint8_t opmask;
+ /* Size of instruction in bytes */
+ uint8_t size;
+ /* Interpreter */
+ void (*exec)(PL330Chan *, uint8_t opcode, uint8_t *args, int len);
+} PL330InsnDesc;
+
+
+/* MFIFO Implementation
+ *
+ * MFIFO is implemented as a cyclic buffer of BUF_SIZE size. Tagged bytes are
+ * stored in this buffer. Data is stored in BUF field, tags - in the
+ * corresponding array elements of TAG field.
+ */
+
+/* Initialize queue. */
+
+static void pl330_fifo_init(PL330Fifo *s, uint32_t size)
+{
+ s->buf = g_malloc0(size);
+ s->tag = g_malloc0(size);
+ s->buf_size = size;
+}
+
+/* Cyclic increment */
+
+static inline int pl330_fifo_inc(PL330Fifo *s, int x)
+{
+ return (x + 1) % s->buf_size;
+}
+
+/* Number of empty bytes in MFIFO */
+
+static inline int pl330_fifo_num_free(PL330Fifo *s)
+{
+ return s->buf_size - s->num;
+}
+
+/* Push LEN bytes of data stored in BUF to MFIFO and tag it with TAG.
+ * Zero returned on success, PL330_FIFO_STALL if there is no enough free
+ * space in MFIFO to store requested amount of data. If push was unsuccessful
+ * no data is stored to MFIFO.
+ */
+
+static int pl330_fifo_push(PL330Fifo *s, uint8_t *buf, int len, uint8_t tag)
+{
+ int i;
+
+ if (s->buf_size - s->num < len) {
+ return PL330_FIFO_STALL;
+ }
+ for (i = 0; i < len; i++) {
+ int push_idx = (s->head + s->num + i) % s->buf_size;
+ s->buf[push_idx] = buf[i];
+ s->tag[push_idx] = tag;
+ }
+ s->num += len;
+ return PL330_FIFO_OK;
+}
+
+/* Get LEN bytes of data from MFIFO and store it to BUF. Tag value of each
+ * byte is verified. Zero returned on success, PL330_FIFO_ERR on tag mismatch
+ * and PL330_FIFO_STALL if there is no enough data in MFIFO. If get was
+ * unsuccessful no data is removed from MFIFO.
+ */
+
+static int pl330_fifo_get(PL330Fifo *s, uint8_t *buf, int len, uint8_t tag)
+{
+ int i;
+
+ if (s->num < len) {
+ return PL330_FIFO_STALL;
+ }
+ for (i = 0; i < len; i++) {
+ if (s->tag[s->head] == tag) {
+ int get_idx = (s->head + i) % s->buf_size;
+ buf[i] = s->buf[get_idx];
+ } else { /* Tag mismatch - Rollback transaction */
+ return PL330_FIFO_ERR;
+ }
+ }
+ s->head = (s->head + len) % s->buf_size;
+ s->num -= len;
+ return PL330_FIFO_OK;
+}
+
+/* Reset MFIFO. This completely erases all data in it. */
+
+static inline void pl330_fifo_reset(PL330Fifo *s)
+{
+ s->head = 0;
+ s->num = 0;
+}
+
+/* Return tag of the first byte stored in MFIFO. If MFIFO is empty
+ * PL330_UNTAGGED is returned.
+ */
+
+static inline uint8_t pl330_fifo_tag(PL330Fifo *s)
+{
+ return (!s->num) ? PL330_UNTAGGED : s->tag[s->head];
+}
+
+/* Returns non-zero if tag TAG is present in fifo or zero otherwise */
+
+static int pl330_fifo_has_tag(PL330Fifo *s, uint8_t tag)
+{
+ int i, n;
+
+ i = s->head;
+ for (n = 0; n < s->num; n++) {
+ if (s->tag[i] == tag) {
+ return 1;
+ }
+ i = pl330_fifo_inc(s, i);
+ }
+ return 0;
+}
+
+/* Remove all entry tagged with TAG from MFIFO */
+
+static void pl330_fifo_tagged_remove(PL330Fifo *s, uint8_t tag)
+{
+ int i, t, n;
+
+ t = i = s->head;
+ for (n = 0; n < s->num; n++) {
+ if (s->tag[i] != tag) {
+ s->buf[t] = s->buf[i];
+ s->tag[t] = s->tag[i];
+ t = pl330_fifo_inc(s, t);
+ } else {
+ s->num = s->num - 1;
+ }
+ i = pl330_fifo_inc(s, i);
+ }
+}
+
+/* Read-Write Queue implementation
+ *
+ * A Read-Write Queue stores up to QUEUE_SIZE instructions (loads or stores).
+ * Each instruction is described by source (for loads) or destination (for
+ * stores) address ADDR, width of data to be loaded/stored LEN, number of
+ * stores/loads to be performed N, INC bit, Z bit and TAG to identify channel
+ * this instruction belongs to. Queue does not store any information about
+ * nature of the instruction: is it load or store. PL330 has different queues
+ * for loads and stores so this is already known at the top level where it
+ * matters.
+ *
+ * Queue works as FIFO for instructions with equivalent tags, but can issue
+ * instructions with different tags in arbitrary order. SEQN field attached to
+ * each instruction helps to achieve this. For each TAG queue contains
+ * instructions with consecutive SEQN values ranging from LO_SEQN[TAG] to
+ * HI_SEQN[TAG]-1 inclusive. SEQN is 8-bit unsigned integer, so SEQN=255 is
+ * followed by SEQN=0.
+ *
+ * Z bit indicates that zeroes should be stored. No MFIFO fetches are performed
+ * in this case.
+ */
+
+static void pl330_queue_reset(PL330Queue *s)
+{
+ int i;
+
+ for (i = 0; i < s->queue_size; i++) {
+ s->queue[i].tag = PL330_UNTAGGED;
+ }
+}
+
+/* Initialize queue */
+static void pl330_queue_init(PL330Queue *s, int size, PL330State *parent)
+{
+ s->parent = parent;
+ s->queue = g_new0(PL330QueueEntry, size);
+ s->queue_size = size;
+}
+
+/* Returns pointer to an empty slot or NULL if queue is full */
+static PL330QueueEntry *pl330_queue_find_empty(PL330Queue *s)
+{
+ int i;
+
+ for (i = 0; i < s->queue_size; i++) {
+ if (s->queue[i].tag == PL330_UNTAGGED) {
+ return &s->queue[i];
+ }
+ }
+ return NULL;
+}
+
+/* Put instruction in queue.
+ * Return value:
+ * - zero - OK
+ * - non-zero - queue is full
+ */
+
+static int pl330_queue_put_insn(PL330Queue *s, uint32_t addr,
+ int len, int n, bool inc, bool z, uint8_t tag)
+{
+ PL330QueueEntry *entry = pl330_queue_find_empty(s);
+
+ if (!entry) {
+ return 1;
+ }
+ entry->tag = tag;
+ entry->addr = addr;
+ entry->len = len;
+ entry->n = n;
+ entry->z = z;
+ entry->inc = inc;
+ entry->seqn = s->parent->hi_seqn[tag];
+ s->parent->hi_seqn[tag]++;
+ return 0;
+}
+
+/* Returns a pointer to queue slot containing instruction which satisfies
+ * following conditions:
+ * - it has valid tag value (not PL330_UNTAGGED)
+ * - if enforce_seq is set it has to be issuable without violating queue
+ * logic (see above)
+ * - if TAG argument is not PL330_UNTAGGED this instruction has tag value
+ * equivalent to the argument TAG value.
+ * If such instruction cannot be found NULL is returned.
+ */
+
+static PL330QueueEntry *pl330_queue_find_insn(PL330Queue *s, uint8_t tag,
+ bool enforce_seq)
+{
+ int i;
+
+ for (i = 0; i < s->queue_size; i++) {
+ if (s->queue[i].tag != PL330_UNTAGGED) {
+ if ((!enforce_seq ||
+ s->queue[i].seqn == s->parent->lo_seqn[s->queue[i].tag]) &&
+ (s->queue[i].tag == tag || tag == PL330_UNTAGGED ||
+ s->queue[i].z)) {
+ return &s->queue[i];
+ }
+ }
+ }
+ return NULL;
+}
+
+/* Removes instruction from queue. */
+
+static inline void pl330_queue_remove_insn(PL330Queue *s, PL330QueueEntry *e)
+{
+ s->parent->lo_seqn[e->tag]++;
+ e->tag = PL330_UNTAGGED;
+}
+
+/* Removes all instructions tagged with TAG from queue. */
+
+static inline void pl330_queue_remove_tagged(PL330Queue *s, uint8_t tag)
+{
+ int i;
+
+ for (i = 0; i < s->queue_size; i++) {
+ if (s->queue[i].tag == tag) {
+ s->queue[i].tag = PL330_UNTAGGED;
+ }
+ }
+}
+
+/* DMA instruction execution engine */
+
+/* Moves DMA channel to the FAULT state and updates it's status. */
+
+static inline void pl330_fault(PL330Chan *ch, uint32_t flags)
+{
+ DB_PRINT("ch: %p, flags: %x\n", ch, flags);
+ ch->fault_type |= flags;
+ if (ch->state == pl330_chan_fault) {
+ return;
+ }
+ ch->state = pl330_chan_fault;
+ ch->parent->num_faulting++;
+ if (ch->parent->num_faulting == 1) {
+ DB_PRINT("abort interrupt raised\n");
+ qemu_irq_raise(ch->parent->irq_abort);
+ }
+}
+
+/*
+ * For information about instructions see PL330 Technical Reference Manual.
+ *
+ * Arguments:
+ * CH - channel executing the instruction
+ * OPCODE - opcode
+ * ARGS - array of 8-bit arguments
+ * LEN - number of elements in ARGS array
+ */
+
+static void pl330_dmaaddh(PL330Chan *ch, uint8_t opcode, uint8_t *args, int len)
+{
+ uint16_t im = (((uint16_t)args[1]) << 8) | ((uint16_t)args[0]);
+ uint8_t ra = (opcode >> 1) & 1;
+
+ if (ch->is_manager) {
+ pl330_fault(ch, PL330_FAULT_UNDEF_INSTR);
+ return;
+ }
+ if (ra) {
+ ch->dst += im;
+ } else {
+ ch->src += im;
+ }
+}
+
+static void pl330_dmaend(PL330Chan *ch, uint8_t opcode,
+ uint8_t *args, int len)
+{
+ PL330State *s = ch->parent;
+
+ if (ch->state == pl330_chan_executing && !ch->is_manager) {
+ /* Wait for all transfers to complete */
+ if (pl330_fifo_has_tag(&s->fifo, ch->tag) ||
+ pl330_queue_find_insn(&s->read_queue, ch->tag, false) != NULL ||
+ pl330_queue_find_insn(&s->write_queue, ch->tag, false) != NULL) {
+
+ ch->stall = 1;
+ return;
+ }
+ }
+ DB_PRINT("DMA ending!\n");
+ pl330_fifo_tagged_remove(&s->fifo, ch->tag);
+ pl330_queue_remove_tagged(&s->read_queue, ch->tag);
+ pl330_queue_remove_tagged(&s->write_queue, ch->tag);
+ ch->state = pl330_chan_stopped;
+}
+
+static void pl330_dmaflushp(PL330Chan *ch, uint8_t opcode,
+ uint8_t *args, int len)
+{
+ uint8_t periph_id;
+
+ if (args[0] & 7) {
+ pl330_fault(ch, PL330_FAULT_OPERAND_INVALID);
+ return;
+ }
+ periph_id = (args[0] >> 3) & 0x1f;
+ if (periph_id >= ch->parent->num_periph_req) {
+ pl330_fault(ch, PL330_FAULT_OPERAND_INVALID);
+ return;
+ }
+ if (ch->ns && !(ch->parent->cfg[CFG_PNS] & (1 << periph_id))) {
+ pl330_fault(ch, PL330_FAULT_CH_PERIPH_ERR);
+ return;
+ }
+ /* Do nothing */
+}
+
+static void pl330_dmago(PL330Chan *ch, uint8_t opcode, uint8_t *args, int len)
+{
+ uint8_t chan_id;
+ uint8_t ns;
+ uint32_t pc;
+ PL330Chan *s;
+
+ DB_PRINT("\n");
+
+ if (!ch->is_manager) {
+ pl330_fault(ch, PL330_FAULT_UNDEF_INSTR);
+ return;
+ }
+ ns = !!(opcode & 2);
+ chan_id = args[0] & 7;
+ if ((args[0] >> 3)) {
+ pl330_fault(ch, PL330_FAULT_OPERAND_INVALID);
+ return;
+ }
+ if (chan_id >= ch->parent->num_chnls) {
+ pl330_fault(ch, PL330_FAULT_OPERAND_INVALID);
+ return;
+ }
+ pc = (((uint32_t)args[4]) << 24) | (((uint32_t)args[3]) << 16) |
+ (((uint32_t)args[2]) << 8) | (((uint32_t)args[1]));
+ if (ch->parent->chan[chan_id].state != pl330_chan_stopped) {
+ pl330_fault(ch, PL330_FAULT_OPERAND_INVALID);
+ return;
+ }
+ if (ch->ns && !ns) {
+ pl330_fault(ch, PL330_FAULT_DMAGO_ERR);
+ return;
+ }
+ s = &ch->parent->chan[chan_id];
+ s->ns = ns;
+ s->pc = pc;
+ s->state = pl330_chan_executing;
+}
+
+static void pl330_dmald(PL330Chan *ch, uint8_t opcode, uint8_t *args, int len)
+{
+ uint8_t bs = opcode & 3;
+ uint32_t size, num;
+ bool inc;
+
+ if (bs == 2) {
+ pl330_fault(ch, PL330_FAULT_OPERAND_INVALID);
+ return;
+ }
+ if ((bs == 1 && ch->request_flag == PL330_BURST) ||
+ (bs == 3 && ch->request_flag == PL330_SINGLE)) {
+ /* Perform NOP */
+ return;
+ }
+ if (bs == 1 && ch->request_flag == PL330_SINGLE) {
+ num = 1;
+ } else {
+ num = ((ch->control >> 4) & 0xf) + 1;
+ }
+ size = (uint32_t)1 << ((ch->control >> 1) & 0x7);
+ inc = !!(ch->control & 1);
+ ch->stall = pl330_queue_put_insn(&ch->parent->read_queue, ch->src,
+ size, num, inc, 0, ch->tag);
+ if (!ch->stall) {
+ DB_PRINT("channel:%d address:%08x size:%d num:%d %c\n",
+ ch->tag, ch->src, size, num, inc ? 'Y' : 'N');
+ ch->src += inc ? size * num - (ch->src & (size - 1)) : 0;
+ }
+}
+
+static void pl330_dmaldp(PL330Chan *ch, uint8_t opcode, uint8_t *args, int len)
+{
+ uint8_t periph_id;
+
+ if (args[0] & 7) {
+ pl330_fault(ch, PL330_FAULT_OPERAND_INVALID);
+ return;
+ }
+ periph_id = (args[0] >> 3) & 0x1f;
+ if (periph_id >= ch->parent->num_periph_req) {
+ pl330_fault(ch, PL330_FAULT_OPERAND_INVALID);
+ return;
+ }
+ if (ch->ns && !(ch->parent->cfg[CFG_PNS] & (1 << periph_id))) {
+ pl330_fault(ch, PL330_FAULT_CH_PERIPH_ERR);
+ return;
+ }
+ pl330_dmald(ch, opcode, args, len);
+}
+
+static void pl330_dmalp(PL330Chan *ch, uint8_t opcode, uint8_t *args, int len)
+{
+ uint8_t lc = (opcode & 2) >> 1;
+
+ ch->lc[lc] = args[0];
+}
+
+static void pl330_dmakill(PL330Chan *ch, uint8_t opcode, uint8_t *args, int len)
+{
+ if (ch->state == pl330_chan_fault ||
+ ch->state == pl330_chan_fault_completing) {
+ /* This is the only way for a channel to leave the faulting state */
+ ch->fault_type = 0;
+ ch->parent->num_faulting--;
+ if (ch->parent->num_faulting == 0) {
+ DB_PRINT("abort interrupt lowered\n");
+ qemu_irq_lower(ch->parent->irq_abort);
+ }
+ }
+ ch->state = pl330_chan_killing;
+ pl330_fifo_tagged_remove(&ch->parent->fifo, ch->tag);
+ pl330_queue_remove_tagged(&ch->parent->read_queue, ch->tag);
+ pl330_queue_remove_tagged(&ch->parent->write_queue, ch->tag);
+ ch->state = pl330_chan_stopped;
+}
+
+static void pl330_dmalpend(PL330Chan *ch, uint8_t opcode,
+ uint8_t *args, int len)
+{
+ uint8_t nf = (opcode & 0x10) >> 4;
+ uint8_t bs = opcode & 3;
+ uint8_t lc = (opcode & 4) >> 2;
+
+ if (bs == 2) {
+ pl330_fault(ch, PL330_FAULT_OPERAND_INVALID);
+ return;
+ }
+ if ((bs == 1 && ch->request_flag == PL330_BURST) ||
+ (bs == 3 && ch->request_flag == PL330_SINGLE)) {
+ /* Perform NOP */
+ return;
+ }
+ if (!nf || ch->lc[lc]) {
+ if (nf) {
+ ch->lc[lc]--;
+ }
+ DB_PRINT("loop reiteration\n");
+ ch->pc -= args[0];
+ ch->pc -= len + 1;
+ /* "ch->pc -= args[0] + len + 1" is incorrect when args[0] == 256 */
+ } else {
+ DB_PRINT("loop fallthrough\n");
+ }
+}
+
+
+static void pl330_dmamov(PL330Chan *ch, uint8_t opcode, uint8_t *args, int len)
+{
+ uint8_t rd = args[0] & 7;
+ uint32_t im;
+
+ if ((args[0] >> 3)) {
+ pl330_fault(ch, PL330_FAULT_OPERAND_INVALID);
+ return;
+ }
+ im = (((uint32_t)args[4]) << 24) | (((uint32_t)args[3]) << 16) |
+ (((uint32_t)args[2]) << 8) | (((uint32_t)args[1]));
+ switch (rd) {
+ case 0:
+ ch->src = im;
+ break;
+ case 1:
+ ch->control = im;
+ break;
+ case 2:
+ ch->dst = im;
+ break;
+ default:
+ pl330_fault(ch, PL330_FAULT_OPERAND_INVALID);
+ return;
+ }
+}
+
+static void pl330_dmanop(PL330Chan *ch, uint8_t opcode,
+ uint8_t *args, int len)
+{
+ /* NOP is NOP. */
+}
+
+static void pl330_dmarmb(PL330Chan *ch, uint8_t opcode, uint8_t *args, int len)
+{
+ if (pl330_queue_find_insn(&ch->parent->read_queue, ch->tag, false)) {
+ ch->state = pl330_chan_at_barrier;
+ ch->stall = 1;
+ return;
+ } else {
+ ch->state = pl330_chan_executing;
+ }
+}
+
+static void pl330_dmasev(PL330Chan *ch, uint8_t opcode, uint8_t *args, int len)
+{
+ uint8_t ev_id;
+
+ if (args[0] & 7) {
+ pl330_fault(ch, PL330_FAULT_OPERAND_INVALID);
+ return;
+ }
+ ev_id = (args[0] >> 3) & 0x1f;
+ if (ev_id >= ch->parent->num_events) {
+ pl330_fault(ch, PL330_FAULT_OPERAND_INVALID);
+ return;
+ }
+ if (ch->ns && !(ch->parent->cfg[CFG_INS] & (1 << ev_id))) {
+ pl330_fault(ch, PL330_FAULT_EVENT_ERR);
+ return;
+ }
+ if (ch->parent->inten & (1 << ev_id)) {
+ ch->parent->int_status |= (1 << ev_id);
+ DB_PRINT("event interrupt raised %d\n", ev_id);
+ qemu_irq_raise(ch->parent->irq[ev_id]);
+ }
+ ch->parent->ev_status |= (1 << ev_id);
+}
+
+static void pl330_dmast(PL330Chan *ch, uint8_t opcode, uint8_t *args, int len)
+{
+ uint8_t bs = opcode & 3;
+ uint32_t size, num;
+ bool inc;
+
+ if (bs == 2) {
+ pl330_fault(ch, PL330_FAULT_OPERAND_INVALID);
+ return;
+ }
+ if ((bs == 1 && ch->request_flag == PL330_BURST) ||
+ (bs == 3 && ch->request_flag == PL330_SINGLE)) {
+ /* Perform NOP */
+ return;
+ }
+ num = ((ch->control >> 18) & 0xf) + 1;
+ size = (uint32_t)1 << ((ch->control >> 15) & 0x7);
+ inc = !!((ch->control >> 14) & 1);
+ ch->stall = pl330_queue_put_insn(&ch->parent->write_queue, ch->dst,
+ size, num, inc, 0, ch->tag);
+ if (!ch->stall) {
+ DB_PRINT("channel:%d address:%08x size:%d num:%d %c\n",
+ ch->tag, ch->dst, size, num, inc ? 'Y' : 'N');
+ ch->dst += inc ? size * num - (ch->dst & (size - 1)) : 0;
+ }
+}
+
+static void pl330_dmastp(PL330Chan *ch, uint8_t opcode,
+ uint8_t *args, int len)
+{
+ uint8_t periph_id;
+
+ if (args[0] & 7) {
+ pl330_fault(ch, PL330_FAULT_OPERAND_INVALID);
+ return;
+ }
+ periph_id = (args[0] >> 3) & 0x1f;
+ if (periph_id >= ch->parent->num_periph_req) {
+ pl330_fault(ch, PL330_FAULT_OPERAND_INVALID);
+ return;
+ }
+ if (ch->ns && !(ch->parent->cfg[CFG_PNS] & (1 << periph_id))) {
+ pl330_fault(ch, PL330_FAULT_CH_PERIPH_ERR);
+ return;
+ }
+ pl330_dmast(ch, opcode, args, len);
+}
+
+static void pl330_dmastz(PL330Chan *ch, uint8_t opcode,
+ uint8_t *args, int len)
+{
+ uint32_t size, num;
+ bool inc;
+
+ num = ((ch->control >> 18) & 0xf) + 1;
+ size = (uint32_t)1 << ((ch->control >> 15) & 0x7);
+ inc = !!((ch->control >> 14) & 1);
+ ch->stall = pl330_queue_put_insn(&ch->parent->write_queue, ch->dst,
+ size, num, inc, 1, ch->tag);
+ if (inc) {
+ ch->dst += size * num;
+ }
+}
+
+static void pl330_dmawfe(PL330Chan *ch, uint8_t opcode,
+ uint8_t *args, int len)
+{
+ uint8_t ev_id;
+ int i;
+
+ if (args[0] & 5) {
+ pl330_fault(ch, PL330_FAULT_OPERAND_INVALID);
+ return;
+ }
+ ev_id = (args[0] >> 3) & 0x1f;
+ if (ev_id >= ch->parent->num_events) {
+ pl330_fault(ch, PL330_FAULT_OPERAND_INVALID);
+ return;
+ }
+ if (ch->ns && !(ch->parent->cfg[CFG_INS] & (1 << ev_id))) {
+ pl330_fault(ch, PL330_FAULT_EVENT_ERR);
+ return;
+ }
+ ch->wakeup = ev_id;
+ ch->state = pl330_chan_waiting_event;
+ if (~ch->parent->inten & ch->parent->ev_status & 1 << ev_id) {
+ ch->state = pl330_chan_executing;
+ /* If anyone else is currently waiting on the same event, let them
+ * clear the ev_status so they pick up event as well
+ */
+ for (i = 0; i < ch->parent->num_chnls; ++i) {
+ PL330Chan *peer = &ch->parent->chan[i];
+ if (peer->state == pl330_chan_waiting_event &&
+ peer->wakeup == ev_id) {
+ return;
+ }
+ }
+ ch->parent->ev_status &= ~(1 << ev_id);
+ } else {
+ ch->stall = 1;
+ }
+}
+
+static void pl330_dmawfp(PL330Chan *ch, uint8_t opcode,
+ uint8_t *args, int len)
+{
+ uint8_t bs = opcode & 3;
+ uint8_t periph_id;
+
+ if (args[0] & 7) {
+ pl330_fault(ch, PL330_FAULT_OPERAND_INVALID);
+ return;
+ }
+ periph_id = (args[0] >> 3) & 0x1f;
+ if (periph_id >= ch->parent->num_periph_req) {
+ pl330_fault(ch, PL330_FAULT_OPERAND_INVALID);
+ return;
+ }
+ if (ch->ns && !(ch->parent->cfg[CFG_PNS] & (1 << periph_id))) {
+ pl330_fault(ch, PL330_FAULT_CH_PERIPH_ERR);
+ return;
+ }
+ switch (bs) {
+ case 0: /* S */
+ ch->request_flag = PL330_SINGLE;
+ ch->wfp_sbp = 0;
+ break;
+ case 1: /* P */
+ ch->request_flag = PL330_BURST;
+ ch->wfp_sbp = 2;
+ break;
+ case 2: /* B */
+ ch->request_flag = PL330_BURST;
+ ch->wfp_sbp = 1;
+ break;
+ default:
+ pl330_fault(ch, PL330_FAULT_OPERAND_INVALID);
+ return;
+ }
+
+ if (ch->parent->periph_busy[periph_id]) {
+ ch->state = pl330_chan_waiting_periph;
+ ch->stall = 1;
+ } else if (ch->state == pl330_chan_waiting_periph) {
+ ch->state = pl330_chan_executing;
+ }
+}
+
+static void pl330_dmawmb(PL330Chan *ch, uint8_t opcode,
+ uint8_t *args, int len)
+{
+ if (pl330_queue_find_insn(&ch->parent->write_queue, ch->tag, false)) {
+ ch->state = pl330_chan_at_barrier;
+ ch->stall = 1;
+ return;
+ } else {
+ ch->state = pl330_chan_executing;
+ }
+}
+
+/* NULL terminated array of the instruction descriptions. */
+static const PL330InsnDesc insn_desc[] = {
+ { .opcode = 0x54, .opmask = 0xFD, .size = 3, .exec = pl330_dmaaddh, },
+ { .opcode = 0x00, .opmask = 0xFF, .size = 1, .exec = pl330_dmaend, },
+ { .opcode = 0x35, .opmask = 0xFF, .size = 2, .exec = pl330_dmaflushp, },
+ { .opcode = 0xA0, .opmask = 0xFD, .size = 6, .exec = pl330_dmago, },
+ { .opcode = 0x04, .opmask = 0xFC, .size = 1, .exec = pl330_dmald, },
+ { .opcode = 0x25, .opmask = 0xFD, .size = 2, .exec = pl330_dmaldp, },
+ { .opcode = 0x20, .opmask = 0xFD, .size = 2, .exec = pl330_dmalp, },
+ /* dmastp must be before dmalpend in this list, because their maps
+ * are overlapping
+ */
+ { .opcode = 0x29, .opmask = 0xFD, .size = 2, .exec = pl330_dmastp, },
+ { .opcode = 0x28, .opmask = 0xE8, .size = 2, .exec = pl330_dmalpend, },
+ { .opcode = 0x01, .opmask = 0xFF, .size = 1, .exec = pl330_dmakill, },
+ { .opcode = 0xBC, .opmask = 0xFF, .size = 6, .exec = pl330_dmamov, },
+ { .opcode = 0x18, .opmask = 0xFF, .size = 1, .exec = pl330_dmanop, },
+ { .opcode = 0x12, .opmask = 0xFF, .size = 1, .exec = pl330_dmarmb, },
+ { .opcode = 0x34, .opmask = 0xFF, .size = 2, .exec = pl330_dmasev, },
+ { .opcode = 0x08, .opmask = 0xFC, .size = 1, .exec = pl330_dmast, },
+ { .opcode = 0x0C, .opmask = 0xFF, .size = 1, .exec = pl330_dmastz, },
+ { .opcode = 0x36, .opmask = 0xFF, .size = 2, .exec = pl330_dmawfe, },
+ { .opcode = 0x30, .opmask = 0xFC, .size = 2, .exec = pl330_dmawfp, },
+ { .opcode = 0x13, .opmask = 0xFF, .size = 1, .exec = pl330_dmawmb, },
+ { .opcode = 0x00, .opmask = 0x00, .size = 0, .exec = NULL, }
+};
+
+/* Instructions which can be issued via debug registers. */
+static const PL330InsnDesc debug_insn_desc[] = {
+ { .opcode = 0xA0, .opmask = 0xFD, .size = 6, .exec = pl330_dmago, },
+ { .opcode = 0x01, .opmask = 0xFF, .size = 1, .exec = pl330_dmakill, },
+ { .opcode = 0x34, .opmask = 0xFF, .size = 2, .exec = pl330_dmasev, },
+ { .opcode = 0x00, .opmask = 0x00, .size = 0, .exec = NULL, }
+};
+
+static inline const PL330InsnDesc *pl330_fetch_insn(PL330Chan *ch)
+{
+ uint8_t opcode;
+ int i;
+
+ dma_memory_read(&address_space_memory, ch->pc, &opcode, 1);
+ for (i = 0; insn_desc[i].size; i++) {
+ if ((opcode & insn_desc[i].opmask) == insn_desc[i].opcode) {
+ return &insn_desc[i];
+ }
+ }
+ return NULL;
+}
+
+static inline void pl330_exec_insn(PL330Chan *ch, const PL330InsnDesc *insn)
+{
+ uint8_t buf[PL330_INSN_MAXSIZE];
+
+ assert(insn->size <= PL330_INSN_MAXSIZE);
+ dma_memory_read(&address_space_memory, ch->pc, buf, insn->size);
+ insn->exec(ch, buf[0], &buf[1], insn->size - 1);
+}
+
+static inline void pl330_update_pc(PL330Chan *ch,
+ const PL330InsnDesc *insn)
+{
+ ch->pc += insn->size;
+}
+
+/* Try to execute current instruction in channel CH. Number of executed
+ instructions is returned (0 or 1). */
+static int pl330_chan_exec(PL330Chan *ch)
+{
+ const PL330InsnDesc *insn;
+
+ if (ch->state != pl330_chan_executing &&
+ ch->state != pl330_chan_waiting_periph &&
+ ch->state != pl330_chan_at_barrier &&
+ ch->state != pl330_chan_waiting_event) {
+ DB_PRINT("%d\n", ch->state);
+ return 0;
+ }
+ ch->stall = 0;
+ insn = pl330_fetch_insn(ch);
+ if (!insn) {
+ DB_PRINT("pl330 undefined instruction\n");
+ pl330_fault(ch, PL330_FAULT_UNDEF_INSTR);
+ return 0;
+ }
+ pl330_exec_insn(ch, insn);
+ if (!ch->stall) {
+ pl330_update_pc(ch, insn);
+ ch->watchdog_timer = 0;
+ return 1;
+ /* WDT only active in exec state */
+ } else if (ch->state == pl330_chan_executing) {
+ ch->watchdog_timer++;
+ if (ch->watchdog_timer >= PL330_WATCHDOG_LIMIT) {
+ pl330_fault(ch, PL330_FAULT_LOCKUP_ERR);
+ }
+ }
+ return 0;
+}
+
+/* Try to execute 1 instruction in each channel, one instruction from read
+ queue and one instruction from write queue. Number of successfully executed
+ instructions is returned. */
+static int pl330_exec_cycle(PL330Chan *channel)
+{
+ PL330State *s = channel->parent;
+ PL330QueueEntry *q;
+ int i;
+ int num_exec = 0;
+ int fifo_res = 0;
+ uint8_t buf[PL330_MAX_BURST_LEN];
+
+ /* Execute one instruction in each channel */
+ num_exec += pl330_chan_exec(channel);
+
+ /* Execute one instruction from read queue */
+ q = pl330_queue_find_insn(&s->read_queue, PL330_UNTAGGED, true);
+ if (q != NULL && q->len <= pl330_fifo_num_free(&s->fifo)) {
+ int len = q->len - (q->addr & (q->len - 1));
+
+ dma_memory_read(&address_space_memory, q->addr, buf, len);
+ if (PL330_ERR_DEBUG > 1) {
+ DB_PRINT("PL330 read from memory @%08x (size = %08x):\n",
+ q->addr, len);
+ qemu_hexdump((char *)buf, stderr, "", len);
+ }
+ fifo_res = pl330_fifo_push(&s->fifo, buf, len, q->tag);
+ if (fifo_res == PL330_FIFO_OK) {
+ if (q->inc) {
+ q->addr += len;
+ }
+ q->n--;
+ if (!q->n) {
+ pl330_queue_remove_insn(&s->read_queue, q);
+ }
+ num_exec++;
+ }
+ }
+
+ /* Execute one instruction from write queue. */
+ q = pl330_queue_find_insn(&s->write_queue, pl330_fifo_tag(&s->fifo), true);
+ if (q != NULL) {
+ int len = q->len - (q->addr & (q->len - 1));
+
+ if (q->z) {
+ for (i = 0; i < len; i++) {
+ buf[i] = 0;
+ }
+ } else {
+ fifo_res = pl330_fifo_get(&s->fifo, buf, len, q->tag);
+ }
+ if (fifo_res == PL330_FIFO_OK || q->z) {
+ dma_memory_write(&address_space_memory, q->addr, buf, len);
+ if (PL330_ERR_DEBUG > 1) {
+ DB_PRINT("PL330 read from memory @%08x (size = %08x):\n",
+ q->addr, len);
+ qemu_hexdump((char *)buf, stderr, "", len);
+ }
+ if (q->inc) {
+ q->addr += len;
+ }
+ num_exec++;
+ } else if (fifo_res == PL330_FIFO_STALL) {
+ pl330_fault(&channel->parent->chan[q->tag],
+ PL330_FAULT_FIFOEMPTY_ERR);
+ }
+ q->n--;
+ if (!q->n) {
+ pl330_queue_remove_insn(&s->write_queue, q);
+ }
+ }
+
+ return num_exec;
+}
+
+static int pl330_exec_channel(PL330Chan *channel)
+{
+ int insr_exec = 0;
+
+ /* TODO: Is it all right to execute everything or should we do per-cycle
+ simulation? */
+ while (pl330_exec_cycle(channel)) {
+ insr_exec++;
+ }
+
+ /* Detect deadlock */
+ if (channel->state == pl330_chan_executing) {
+ pl330_fault(channel, PL330_FAULT_LOCKUP_ERR);
+ }
+ /* Situation when one of the queues has deadlocked but all channels
+ * have finished their programs should be impossible.
+ */
+
+ return insr_exec;
+}
+
+static inline void pl330_exec(PL330State *s)
+{
+ DB_PRINT("\n");
+ int i, insr_exec;
+ do {
+ insr_exec = pl330_exec_channel(&s->manager);
+
+ for (i = 0; i < s->num_chnls; i++) {
+ insr_exec += pl330_exec_channel(&s->chan[i]);
+ }
+ } while (insr_exec);
+}
+
+static void pl330_exec_cycle_timer(void *opaque)
+{
+ PL330State *s = (PL330State *)opaque;
+ pl330_exec(s);
+}
+
+/* Stop or restore dma operations */
+
+static void pl330_dma_stop_irq(void *opaque, int irq, int level)
+{
+ PL330State *s = (PL330State *)opaque;
+
+ if (s->periph_busy[irq] != level) {
+ s->periph_busy[irq] = level;
+ qemu_mod_timer(s->timer, qemu_get_clock_ns(vm_clock));
+ }
+}
+
+static void pl330_debug_exec(PL330State *s)
+{
+ uint8_t args[5];
+ uint8_t opcode;
+ uint8_t chan_id;
+ int i;
+ PL330Chan *ch;
+ const PL330InsnDesc *insn;
+
+ s->debug_status = 1;
+ chan_id = (s->dbg[0] >> 8) & 0x07;
+ opcode = (s->dbg[0] >> 16) & 0xff;
+ args[0] = (s->dbg[0] >> 24) & 0xff;
+ args[1] = (s->dbg[1] >> 0) & 0xff;
+ args[2] = (s->dbg[1] >> 8) & 0xff;
+ args[3] = (s->dbg[1] >> 16) & 0xff;
+ args[4] = (s->dbg[1] >> 24) & 0xff;
+ DB_PRINT("chan id: %d\n", chan_id);
+ if (s->dbg[0] & 1) {
+ ch = &s->chan[chan_id];
+ } else {
+ ch = &s->manager;
+ }
+ insn = NULL;
+ for (i = 0; debug_insn_desc[i].size; i++) {
+ if ((opcode & debug_insn_desc[i].opmask) == debug_insn_desc[i].opcode) {
+ insn = &debug_insn_desc[i];
+ }
+ }
+ if (!insn) {
+ pl330_fault(ch, PL330_FAULT_UNDEF_INSTR | PL330_FAULT_DBG_INSTR);
+ return ;
+ }
+ ch->stall = 0;
+ insn->exec(ch, opcode, args, insn->size - 1);
+ if (ch->fault_type) {
+ ch->fault_type |= PL330_FAULT_DBG_INSTR;
+ }
+ if (ch->stall) {
+ qemu_log_mask(LOG_UNIMP, "pl330: stall of debug instruction not "
+ "implemented\n");
+ }
+ s->debug_status = 0;
+}
+
+/* IOMEM mapped registers */
+
+static void pl330_iomem_write(void *opaque, hwaddr offset,
+ uint64_t value, unsigned size)
+{
+ PL330State *s = (PL330State *) opaque;
+ uint32_t i;
+
+ DB_PRINT("addr: %08x data: %08x\n", (unsigned)offset, (unsigned)value);
+
+ switch (offset) {
+ case PL330_REG_INTEN:
+ s->inten = value;
+ break;
+ case PL330_REG_INTCLR:
+ for (i = 0; i < s->num_events; i++) {
+ if (s->int_status & s->inten & value & (1 << i)) {
+ DB_PRINT("event interrupt lowered %d\n", i);
+ qemu_irq_lower(s->irq[i]);
+ }
+ }
+ s->ev_status &= ~(value & s->inten);
+ s->int_status &= ~(value & s->inten);
+ break;
+ case PL330_REG_DBGCMD:
+ if ((value & 3) == 0) {
+ pl330_debug_exec(s);
+ pl330_exec(s);
+ } else {
+ qemu_log_mask(LOG_GUEST_ERROR, "pl330: write of illegal value %u "
+ "for offset " TARGET_FMT_plx "\n", (unsigned)value,
+ offset);
+ }
+ break;
+ case PL330_REG_DBGINST0:
+ DB_PRINT("s->dbg[0] = %08x\n", (unsigned)value);
+ s->dbg[0] = value;
+ break;
+ case PL330_REG_DBGINST1:
+ DB_PRINT("s->dbg[1] = %08x\n", (unsigned)value);
+ s->dbg[1] = value;
+ break;
+ default:
+ qemu_log_mask(LOG_GUEST_ERROR, "pl330: bad write offset " TARGET_FMT_plx
+ "\n", offset);
+ break;
+ }
+}
+
+static inline uint32_t pl330_iomem_read_imp(void *opaque,
+ hwaddr offset)
+{
+ PL330State *s = (PL330State *)opaque;
+ int chan_id;
+ int i;
+ uint32_t res;
+
+ if (offset >= PL330_REG_PERIPH_ID && offset < PL330_REG_PERIPH_ID + 32) {
+ return pl330_id[(offset - PL330_REG_PERIPH_ID) >> 2];
+ }
+ if (offset >= PL330_REG_CR0_BASE && offset < PL330_REG_CR0_BASE + 24) {
+ return s->cfg[(offset - PL330_REG_CR0_BASE) >> 2];
+ }
+ if (offset >= PL330_REG_CHANCTRL && offset < PL330_REG_DBGSTATUS) {
+ offset -= PL330_REG_CHANCTRL;
+ chan_id = offset >> 5;
+ if (chan_id >= s->num_chnls) {
+ qemu_log_mask(LOG_GUEST_ERROR, "pl330: bad read offset "
+ TARGET_FMT_plx "\n", offset);
+ return 0;
+ }
+ switch (offset & 0x1f) {
+ case 0x00:
+ return s->chan[chan_id].src;
+ case 0x04:
+ return s->chan[chan_id].dst;
+ case 0x08:
+ return s->chan[chan_id].control;
+ case 0x0C:
+ return s->chan[chan_id].lc[0];
+ case 0x10:
+ return s->chan[chan_id].lc[1];
+ default:
+ qemu_log_mask(LOG_GUEST_ERROR, "pl330: bad read offset "
+ TARGET_FMT_plx "\n", offset);
+ return 0;
+ }
+ }
+ if (offset >= PL330_REG_CSR_BASE && offset < 0x400) {
+ offset -= PL330_REG_CSR_BASE;
+ chan_id = offset >> 3;
+ if (chan_id >= s->num_chnls) {
+ qemu_log_mask(LOG_GUEST_ERROR, "pl330: bad read offset "
+ TARGET_FMT_plx "\n", offset);
+ return 0;
+ }
+ switch ((offset >> 2) & 1) {
+ case 0x0:
+ res = (s->chan[chan_id].ns << 21) |
+ (s->chan[chan_id].wakeup << 4) |
+ (s->chan[chan_id].state) |
+ (s->chan[chan_id].wfp_sbp << 14);
+ return res;
+ case 0x1:
+ return s->chan[chan_id].pc;
+ default:
+ qemu_log_mask(LOG_GUEST_ERROR, "pl330: read error\n");
+ return 0;
+ }
+ }
+ if (offset >= PL330_REG_FTR_BASE && offset < 0x100) {
+ offset -= PL330_REG_FTR_BASE;
+ chan_id = offset >> 2;
+ if (chan_id >= s->num_chnls) {
+ qemu_log_mask(LOG_GUEST_ERROR, "pl330: bad read offset "
+ TARGET_FMT_plx "\n", offset);
+ return 0;
+ }
+ return s->chan[chan_id].fault_type;
+ }
+ switch (offset) {
+ case PL330_REG_DSR:
+ return (s->manager.ns << 9) | (s->manager.wakeup << 4) |
+ (s->manager.state & 0xf);
+ case PL330_REG_DPC:
+ return s->manager.pc;
+ case PL330_REG_INTEN:
+ return s->inten;
+ case PL330_REG_INT_EVENT_RIS:
+ return s->ev_status;
+ case PL330_REG_INTMIS:
+ return s->int_status;
+ case PL330_REG_INTCLR:
+ /* Documentation says that we can't read this register
+ * but linux kernel does it
+ */
+ return 0;
+ case PL330_REG_FSRD:
+ return s->manager.state ? 1 : 0;
+ case PL330_REG_FSRC:
+ res = 0;
+ for (i = 0; i < s->num_chnls; i++) {
+ if (s->chan[i].state == pl330_chan_fault ||
+ s->chan[i].state == pl330_chan_fault_completing) {
+ res |= 1 << i;
+ }
+ }
+ return res;
+ case PL330_REG_FTRD:
+ return s->manager.fault_type;
+ case PL330_REG_DBGSTATUS:
+ return s->debug_status;
+ default:
+ qemu_log_mask(LOG_GUEST_ERROR, "pl330: bad read offset "
+ TARGET_FMT_plx "\n", offset);
+ }
+ return 0;
+}
+
+static uint64_t pl330_iomem_read(void *opaque, hwaddr offset,
+ unsigned size)
+{
+ int ret = pl330_iomem_read_imp(opaque, offset);
+ DB_PRINT("addr: %08x data: %08x\n", (unsigned)offset, ret);
+ return ret;
+}
+
+static const MemoryRegionOps pl330_ops = {
+ .read = pl330_iomem_read,
+ .write = pl330_iomem_write,
+ .endianness = DEVICE_NATIVE_ENDIAN,
+ .impl = {
+ .min_access_size = 4,
+ .max_access_size = 4,
+ }
+};
+
+/* Controller logic and initialization */
+
+static void pl330_chan_reset(PL330Chan *ch)
+{
+ ch->src = 0;
+ ch->dst = 0;
+ ch->pc = 0;
+ ch->state = pl330_chan_stopped;
+ ch->watchdog_timer = 0;
+ ch->stall = 0;
+ ch->control = 0;
+ ch->status = 0;
+ ch->fault_type = 0;
+}
+
+static void pl330_reset(DeviceState *d)
+{
+ int i;
+ PL330State *s = PL330(d);
+
+ s->inten = 0;
+ s->int_status = 0;
+ s->ev_status = 0;
+ s->debug_status = 0;
+ s->num_faulting = 0;
+ s->manager.ns = s->mgr_ns_at_rst;
+ pl330_fifo_reset(&s->fifo);
+ pl330_queue_reset(&s->read_queue);
+ pl330_queue_reset(&s->write_queue);
+
+ for (i = 0; i < s->num_chnls; i++) {
+ pl330_chan_reset(&s->chan[i]);
+ }
+ for (i = 0; i < s->num_periph_req; i++) {
+ s->periph_busy[i] = 0;
+ }
+
+ qemu_del_timer(s->timer);
+}
+
+static void pl330_realize(DeviceState *dev, Error **errp)
+{
+ int i;
+ PL330State *s = PL330(dev);
+
+ sysbus_init_irq(SYS_BUS_DEVICE(dev), &s->irq_abort);
+ memory_region_init_io(&s->iomem, OBJECT(s), &pl330_ops, s,
+ "dma", PL330_IOMEM_SIZE);
+ sysbus_init_mmio(SYS_BUS_DEVICE(dev), &s->iomem);
+
+ s->timer = qemu_new_timer_ns(vm_clock, pl330_exec_cycle_timer, s);
+
+ s->cfg[0] = (s->mgr_ns_at_rst ? 0x4 : 0) |
+ (s->num_periph_req > 0 ? 1 : 0) |
+ ((s->num_chnls - 1) & 0x7) << 4 |
+ ((s->num_periph_req - 1) & 0x1f) << 12 |
+ ((s->num_events - 1) & 0x1f) << 17;
+
+ switch (s->i_cache_len) {
+ case (4):
+ s->cfg[1] |= 2;
+ break;
+ case (8):
+ s->cfg[1] |= 3;
+ break;
+ case (16):
+ s->cfg[1] |= 4;
+ break;
+ case (32):
+ s->cfg[1] |= 5;
+ break;
+ default:
+ error_setg(errp, "Bad value for i-cache_len property: %d\n",
+ s->i_cache_len);
+ return;
+ }
+ s->cfg[1] |= ((s->num_i_cache_lines - 1) & 0xf) << 4;
+
+ s->chan = g_new0(PL330Chan, s->num_chnls);
+ s->hi_seqn = g_new0(uint8_t, s->num_chnls);
+ s->lo_seqn = g_new0(uint8_t, s->num_chnls);
+ for (i = 0; i < s->num_chnls; i++) {
+ s->chan[i].parent = s;
+ s->chan[i].tag = (uint8_t)i;
+ }
+ s->manager.parent = s;
+ s->manager.tag = s->num_chnls;
+ s->manager.is_manager = true;
+
+ s->irq = g_new0(qemu_irq, s->num_events);
+ for (i = 0; i < s->num_events; i++) {
+ sysbus_init_irq(SYS_BUS_DEVICE(dev), &s->irq[i]);
+ }
+
+ qdev_init_gpio_in(dev, pl330_dma_stop_irq, PL330_PERIPH_NUM);
+
+ switch (s->data_width) {
+ case (32):
+ s->cfg[CFG_CRD] |= 0x2;
+ break;
+ case (64):
+ s->cfg[CFG_CRD] |= 0x3;
+ break;
+ case (128):
+ s->cfg[CFG_CRD] |= 0x4;
+ break;
+ default:
+ error_setg(errp, "Bad value for data_width property: %d\n",
+ s->data_width);
+ return;
+ }
+
+ s->cfg[CFG_CRD] |= ((s->wr_cap - 1) & 0x7) << 4 |
+ ((s->wr_q_dep - 1) & 0xf) << 8 |
+ ((s->rd_cap - 1) & 0x7) << 12 |
+ ((s->rd_q_dep - 1) & 0xf) << 16 |
+ ((s->data_buffer_dep - 1) & 0x1ff) << 20;
+
+ pl330_queue_init(&s->read_queue, s->rd_q_dep, s);
+ pl330_queue_init(&s->write_queue, s->wr_q_dep, s);
+ pl330_fifo_init(&s->fifo, s->data_buffer_dep);
+}
+
+static Property pl330_properties[] = {
+ /* CR0 */
+ DEFINE_PROP_UINT32("num_chnls", PL330State, num_chnls, 8),
+ DEFINE_PROP_UINT8("num_periph_req", PL330State, num_periph_req, 4),
+ DEFINE_PROP_UINT8("num_events", PL330State, num_events, 16),
+ DEFINE_PROP_UINT8("mgr_ns_at_rst", PL330State, mgr_ns_at_rst, 0),
+ /* CR1 */
+ DEFINE_PROP_UINT8("i-cache_len", PL330State, i_cache_len, 4),
+ DEFINE_PROP_UINT8("num_i-cache_lines", PL330State, num_i_cache_lines, 8),
+ /* CR2-4 */
+ DEFINE_PROP_UINT32("boot_addr", PL330State, cfg[CFG_BOOT_ADDR], 0),
+ DEFINE_PROP_UINT32("INS", PL330State, cfg[CFG_INS], 0),
+ DEFINE_PROP_UINT32("PNS", PL330State, cfg[CFG_PNS], 0),
+ /* CRD */
+ DEFINE_PROP_UINT8("data_width", PL330State, data_width, 64),
+ DEFINE_PROP_UINT8("wr_cap", PL330State, wr_cap, 8),
+ DEFINE_PROP_UINT8("wr_q_dep", PL330State, wr_q_dep, 16),
+ DEFINE_PROP_UINT8("rd_cap", PL330State, rd_cap, 8),
+ DEFINE_PROP_UINT8("rd_q_dep", PL330State, rd_q_dep, 16),
+ DEFINE_PROP_UINT16("data_buffer_dep", PL330State, data_buffer_dep, 256),
+
+ DEFINE_PROP_END_OF_LIST(),
+};
+
+static void pl330_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+
+ dc->realize = pl330_realize;
+ dc->reset = pl330_reset;
+ dc->props = pl330_properties;
+ dc->vmsd = &vmstate_pl330;
+}
+
+static const TypeInfo pl330_type_info = {
+ .name = TYPE_PL330,
+ .parent = TYPE_SYS_BUS_DEVICE,
+ .instance_size = sizeof(PL330State),
+ .class_init = pl330_class_init,
+};
+
+static void pl330_register_types(void)
+{
+ type_register_static(&pl330_type_info);
+}
+
+type_init(pl330_register_types)
diff --git a/hw/dma/puv3_dma.c b/hw/dma/puv3_dma.c
new file mode 100644
index 000000000..101bd7f8a
--- /dev/null
+++ b/hw/dma/puv3_dma.c
@@ -0,0 +1,113 @@
+/*
+ * DMA device simulation in PKUnity SoC
+ *
+ * Copyright (C) 2010-2012 Guan Xuetao
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation, or any later version.
+ * See the COPYING file in the top-level directory.
+ */
+#include "hw/hw.h"
+#include "hw/sysbus.h"
+
+#undef DEBUG_PUV3
+#include "hw/unicore32/puv3.h"
+
+#define PUV3_DMA_CH_NR (6)
+#define PUV3_DMA_CH_MASK (0xff)
+#define PUV3_DMA_CH(offset) ((offset) >> 8)
+
+#define TYPE_PUV3_DMA "puv3_dma"
+#define PUV3_DMA(obj) OBJECT_CHECK(PUV3DMAState, (obj), TYPE_PUV3_DMA)
+
+typedef struct PUV3DMAState {
+ SysBusDevice parent_obj;
+
+ MemoryRegion iomem;
+ uint32_t reg_CFG[PUV3_DMA_CH_NR];
+} PUV3DMAState;
+
+static uint64_t puv3_dma_read(void *opaque, hwaddr offset,
+ unsigned size)
+{
+ PUV3DMAState *s = opaque;
+ uint32_t ret = 0;
+
+ assert(PUV3_DMA_CH(offset) < PUV3_DMA_CH_NR);
+
+ switch (offset & PUV3_DMA_CH_MASK) {
+ case 0x10:
+ ret = s->reg_CFG[PUV3_DMA_CH(offset)];
+ break;
+ default:
+ DPRINTF("Bad offset 0x%x\n", offset);
+ }
+ DPRINTF("offset 0x%x, value 0x%x\n", offset, ret);
+
+ return ret;
+}
+
+static void puv3_dma_write(void *opaque, hwaddr offset,
+ uint64_t value, unsigned size)
+{
+ PUV3DMAState *s = opaque;
+
+ assert(PUV3_DMA_CH(offset) < PUV3_DMA_CH_NR);
+
+ switch (offset & PUV3_DMA_CH_MASK) {
+ case 0x10:
+ s->reg_CFG[PUV3_DMA_CH(offset)] = value;
+ break;
+ default:
+ DPRINTF("Bad offset 0x%x\n", offset);
+ }
+ DPRINTF("offset 0x%x, value 0x%x\n", offset, value);
+}
+
+static const MemoryRegionOps puv3_dma_ops = {
+ .read = puv3_dma_read,
+ .write = puv3_dma_write,
+ .impl = {
+ .min_access_size = 4,
+ .max_access_size = 4,
+ },
+ .endianness = DEVICE_NATIVE_ENDIAN,
+};
+
+static int puv3_dma_init(SysBusDevice *dev)
+{
+ PUV3DMAState *s = PUV3_DMA(dev);
+ int i;
+
+ for (i = 0; i < PUV3_DMA_CH_NR; i++) {
+ s->reg_CFG[i] = 0x0;
+ }
+
+ memory_region_init_io(&s->iomem, OBJECT(s), &puv3_dma_ops, s, "puv3_dma",
+ PUV3_REGS_OFFSET);
+ sysbus_init_mmio(dev, &s->iomem);
+
+ return 0;
+}
+
+static void puv3_dma_class_init(ObjectClass *klass, void *data)
+{
+ SysBusDeviceClass *sdc = SYS_BUS_DEVICE_CLASS(klass);
+
+ sdc->init = puv3_dma_init;
+}
+
+static const TypeInfo puv3_dma_info = {
+ .name = TYPE_PUV3_DMA,
+ .parent = TYPE_SYS_BUS_DEVICE,
+ .instance_size = sizeof(PUV3DMAState),
+ .class_init = puv3_dma_class_init,
+};
+
+static void puv3_dma_register_type(void)
+{
+ type_register_static(&puv3_dma_info);
+}
+
+type_init(puv3_dma_register_type)
diff --git a/hw/dma/pxa2xx_dma.c b/hw/dma/pxa2xx_dma.c
new file mode 100644
index 000000000..c013abb31
--- /dev/null
+++ b/hw/dma/pxa2xx_dma.c
@@ -0,0 +1,578 @@
+/*
+ * Intel XScale PXA255/270 DMA controller.
+ *
+ * Copyright (c) 2006 Openedhand Ltd.
+ * Copyright (c) 2006 Thorsten Zitterell
+ * Written by Andrzej Zaborowski <balrog@zabor.org>
+ *
+ * This code is licensed under the GPL.
+ */
+
+#include "hw/hw.h"
+#include "hw/arm/pxa.h"
+#include "hw/sysbus.h"
+
+#define PXA255_DMA_NUM_CHANNELS 16
+#define PXA27X_DMA_NUM_CHANNELS 32
+
+#define PXA2XX_DMA_NUM_REQUESTS 75
+
+typedef struct {
+ uint32_t descr;
+ uint32_t src;
+ uint32_t dest;
+ uint32_t cmd;
+ uint32_t state;
+ int request;
+} PXA2xxDMAChannel;
+
+#define TYPE_PXA2XX_DMA "pxa2xx-dma"
+#define PXA2XX_DMA(obj) OBJECT_CHECK(PXA2xxDMAState, (obj), TYPE_PXA2XX_DMA)
+
+typedef struct PXA2xxDMAState {
+ SysBusDevice parent_obj;
+
+ MemoryRegion iomem;
+ qemu_irq irq;
+
+ uint32_t stopintr;
+ uint32_t eorintr;
+ uint32_t rasintr;
+ uint32_t startintr;
+ uint32_t endintr;
+
+ uint32_t align;
+ uint32_t pio;
+
+ int channels;
+ PXA2xxDMAChannel *chan;
+
+ uint8_t req[PXA2XX_DMA_NUM_REQUESTS];
+
+ /* Flag to avoid recursive DMA invocations. */
+ int running;
+} PXA2xxDMAState;
+
+#define DCSR0 0x0000 /* DMA Control / Status register for Channel 0 */
+#define DCSR31 0x007c /* DMA Control / Status register for Channel 31 */
+#define DALGN 0x00a0 /* DMA Alignment register */
+#define DPCSR 0x00a4 /* DMA Programmed I/O Control Status register */
+#define DRQSR0 0x00e0 /* DMA DREQ<0> Status register */
+#define DRQSR1 0x00e4 /* DMA DREQ<1> Status register */
+#define DRQSR2 0x00e8 /* DMA DREQ<2> Status register */
+#define DINT 0x00f0 /* DMA Interrupt register */
+#define DRCMR0 0x0100 /* Request to Channel Map register 0 */
+#define DRCMR63 0x01fc /* Request to Channel Map register 63 */
+#define D_CH0 0x0200 /* Channel 0 Descriptor start */
+#define DRCMR64 0x1100 /* Request to Channel Map register 64 */
+#define DRCMR74 0x1128 /* Request to Channel Map register 74 */
+
+/* Per-channel register */
+#define DDADR 0x00
+#define DSADR 0x01
+#define DTADR 0x02
+#define DCMD 0x03
+
+/* Bit-field masks */
+#define DRCMR_CHLNUM 0x1f
+#define DRCMR_MAPVLD (1 << 7)
+#define DDADR_STOP (1 << 0)
+#define DDADR_BREN (1 << 1)
+#define DCMD_LEN 0x1fff
+#define DCMD_WIDTH(x) (1 << ((((x) >> 14) & 3) - 1))
+#define DCMD_SIZE(x) (4 << (((x) >> 16) & 3))
+#define DCMD_FLYBYT (1 << 19)
+#define DCMD_FLYBYS (1 << 20)
+#define DCMD_ENDIRQEN (1 << 21)
+#define DCMD_STARTIRQEN (1 << 22)
+#define DCMD_CMPEN (1 << 25)
+#define DCMD_FLOWTRG (1 << 28)
+#define DCMD_FLOWSRC (1 << 29)
+#define DCMD_INCTRGADDR (1 << 30)
+#define DCMD_INCSRCADDR (1 << 31)
+#define DCSR_BUSERRINTR (1 << 0)
+#define DCSR_STARTINTR (1 << 1)
+#define DCSR_ENDINTR (1 << 2)
+#define DCSR_STOPINTR (1 << 3)
+#define DCSR_RASINTR (1 << 4)
+#define DCSR_REQPEND (1 << 8)
+#define DCSR_EORINT (1 << 9)
+#define DCSR_CMPST (1 << 10)
+#define DCSR_MASKRUN (1 << 22)
+#define DCSR_RASIRQEN (1 << 23)
+#define DCSR_CLRCMPST (1 << 24)
+#define DCSR_SETCMPST (1 << 25)
+#define DCSR_EORSTOPEN (1 << 26)
+#define DCSR_EORJMPEN (1 << 27)
+#define DCSR_EORIRQEN (1 << 28)
+#define DCSR_STOPIRQEN (1 << 29)
+#define DCSR_NODESCFETCH (1 << 30)
+#define DCSR_RUN (1 << 31)
+
+static inline void pxa2xx_dma_update(PXA2xxDMAState *s, int ch)
+{
+ if (ch >= 0) {
+ if ((s->chan[ch].state & DCSR_STOPIRQEN) &&
+ (s->chan[ch].state & DCSR_STOPINTR))
+ s->stopintr |= 1 << ch;
+ else
+ s->stopintr &= ~(1 << ch);
+
+ if ((s->chan[ch].state & DCSR_EORIRQEN) &&
+ (s->chan[ch].state & DCSR_EORINT))
+ s->eorintr |= 1 << ch;
+ else
+ s->eorintr &= ~(1 << ch);
+
+ if ((s->chan[ch].state & DCSR_RASIRQEN) &&
+ (s->chan[ch].state & DCSR_RASINTR))
+ s->rasintr |= 1 << ch;
+ else
+ s->rasintr &= ~(1 << ch);
+
+ if (s->chan[ch].state & DCSR_STARTINTR)
+ s->startintr |= 1 << ch;
+ else
+ s->startintr &= ~(1 << ch);
+
+ if (s->chan[ch].state & DCSR_ENDINTR)
+ s->endintr |= 1 << ch;
+ else
+ s->endintr &= ~(1 << ch);
+ }
+
+ if (s->stopintr | s->eorintr | s->rasintr | s->startintr | s->endintr)
+ qemu_irq_raise(s->irq);
+ else
+ qemu_irq_lower(s->irq);
+}
+
+static inline void pxa2xx_dma_descriptor_fetch(
+ PXA2xxDMAState *s, int ch)
+{
+ uint32_t desc[4];
+ hwaddr daddr = s->chan[ch].descr & ~0xf;
+ if ((s->chan[ch].descr & DDADR_BREN) && (s->chan[ch].state & DCSR_CMPST))
+ daddr += 32;
+
+ cpu_physical_memory_read(daddr, desc, 16);
+ s->chan[ch].descr = desc[DDADR];
+ s->chan[ch].src = desc[DSADR];
+ s->chan[ch].dest = desc[DTADR];
+ s->chan[ch].cmd = desc[DCMD];
+
+ if (s->chan[ch].cmd & DCMD_FLOWSRC)
+ s->chan[ch].src &= ~3;
+ if (s->chan[ch].cmd & DCMD_FLOWTRG)
+ s->chan[ch].dest &= ~3;
+
+ if (s->chan[ch].cmd & (DCMD_CMPEN | DCMD_FLYBYS | DCMD_FLYBYT))
+ printf("%s: unsupported mode in channel %i\n", __FUNCTION__, ch);
+
+ if (s->chan[ch].cmd & DCMD_STARTIRQEN)
+ s->chan[ch].state |= DCSR_STARTINTR;
+}
+
+static void pxa2xx_dma_run(PXA2xxDMAState *s)
+{
+ int c, srcinc, destinc;
+ uint32_t n, size;
+ uint32_t width;
+ uint32_t length;
+ uint8_t buffer[32];
+ PXA2xxDMAChannel *ch;
+
+ if (s->running ++)
+ return;
+
+ while (s->running) {
+ s->running = 1;
+ for (c = 0; c < s->channels; c ++) {
+ ch = &s->chan[c];
+
+ while ((ch->state & DCSR_RUN) && !(ch->state & DCSR_STOPINTR)) {
+ /* Test for pending requests */
+ if ((ch->cmd & (DCMD_FLOWSRC | DCMD_FLOWTRG)) && !ch->request)
+ break;
+
+ length = ch->cmd & DCMD_LEN;
+ size = DCMD_SIZE(ch->cmd);
+ width = DCMD_WIDTH(ch->cmd);
+
+ srcinc = (ch->cmd & DCMD_INCSRCADDR) ? width : 0;
+ destinc = (ch->cmd & DCMD_INCTRGADDR) ? width : 0;
+
+ while (length) {
+ size = MIN(length, size);
+
+ for (n = 0; n < size; n += width) {
+ cpu_physical_memory_read(ch->src, buffer + n, width);
+ ch->src += srcinc;
+ }
+
+ for (n = 0; n < size; n += width) {
+ cpu_physical_memory_write(ch->dest, buffer + n, width);
+ ch->dest += destinc;
+ }
+
+ length -= size;
+
+ if ((ch->cmd & (DCMD_FLOWSRC | DCMD_FLOWTRG)) &&
+ !ch->request) {
+ ch->state |= DCSR_EORINT;
+ if (ch->state & DCSR_EORSTOPEN)
+ ch->state |= DCSR_STOPINTR;
+ if ((ch->state & DCSR_EORJMPEN) &&
+ !(ch->state & DCSR_NODESCFETCH))
+ pxa2xx_dma_descriptor_fetch(s, c);
+ break;
+ }
+ }
+
+ ch->cmd = (ch->cmd & ~DCMD_LEN) | length;
+
+ /* Is the transfer complete now? */
+ if (!length) {
+ if (ch->cmd & DCMD_ENDIRQEN)
+ ch->state |= DCSR_ENDINTR;
+
+ if ((ch->state & DCSR_NODESCFETCH) ||
+ (ch->descr & DDADR_STOP) ||
+ (ch->state & DCSR_EORSTOPEN)) {
+ ch->state |= DCSR_STOPINTR;
+ ch->state &= ~DCSR_RUN;
+
+ break;
+ }
+
+ ch->state |= DCSR_STOPINTR;
+ break;
+ }
+ }
+ }
+
+ s->running --;
+ }
+}
+
+static uint64_t pxa2xx_dma_read(void *opaque, hwaddr offset,
+ unsigned size)
+{
+ PXA2xxDMAState *s = (PXA2xxDMAState *) opaque;
+ unsigned int channel;
+
+ if (size != 4) {
+ hw_error("%s: Bad access width\n", __FUNCTION__);
+ return 5;
+ }
+
+ switch (offset) {
+ case DRCMR64 ... DRCMR74:
+ offset -= DRCMR64 - DRCMR0 - (64 << 2);
+ /* Fall through */
+ case DRCMR0 ... DRCMR63:
+ channel = (offset - DRCMR0) >> 2;
+ return s->req[channel];
+
+ case DRQSR0:
+ case DRQSR1:
+ case DRQSR2:
+ return 0;
+
+ case DCSR0 ... DCSR31:
+ channel = offset >> 2;
+ if (s->chan[channel].request)
+ return s->chan[channel].state | DCSR_REQPEND;
+ return s->chan[channel].state;
+
+ case DINT:
+ return s->stopintr | s->eorintr | s->rasintr |
+ s->startintr | s->endintr;
+
+ case DALGN:
+ return s->align;
+
+ case DPCSR:
+ return s->pio;
+ }
+
+ if (offset >= D_CH0 && offset < D_CH0 + (s->channels << 4)) {
+ channel = (offset - D_CH0) >> 4;
+ switch ((offset & 0x0f) >> 2) {
+ case DDADR:
+ return s->chan[channel].descr;
+ case DSADR:
+ return s->chan[channel].src;
+ case DTADR:
+ return s->chan[channel].dest;
+ case DCMD:
+ return s->chan[channel].cmd;
+ }
+ }
+
+ hw_error("%s: Bad offset 0x" TARGET_FMT_plx "\n", __FUNCTION__, offset);
+ return 7;
+}
+
+static void pxa2xx_dma_write(void *opaque, hwaddr offset,
+ uint64_t value, unsigned size)
+{
+ PXA2xxDMAState *s = (PXA2xxDMAState *) opaque;
+ unsigned int channel;
+
+ if (size != 4) {
+ hw_error("%s: Bad access width\n", __FUNCTION__);
+ return;
+ }
+
+ switch (offset) {
+ case DRCMR64 ... DRCMR74:
+ offset -= DRCMR64 - DRCMR0 - (64 << 2);
+ /* Fall through */
+ case DRCMR0 ... DRCMR63:
+ channel = (offset - DRCMR0) >> 2;
+
+ if (value & DRCMR_MAPVLD)
+ if ((value & DRCMR_CHLNUM) > s->channels)
+ hw_error("%s: Bad DMA channel %i\n",
+ __FUNCTION__, (unsigned)value & DRCMR_CHLNUM);
+
+ s->req[channel] = value;
+ break;
+
+ case DRQSR0:
+ case DRQSR1:
+ case DRQSR2:
+ /* Nothing to do */
+ break;
+
+ case DCSR0 ... DCSR31:
+ channel = offset >> 2;
+ s->chan[channel].state &= 0x0000071f & ~(value &
+ (DCSR_EORINT | DCSR_ENDINTR |
+ DCSR_STARTINTR | DCSR_BUSERRINTR));
+ s->chan[channel].state |= value & 0xfc800000;
+
+ if (s->chan[channel].state & DCSR_STOPIRQEN)
+ s->chan[channel].state &= ~DCSR_STOPINTR;
+
+ if (value & DCSR_NODESCFETCH) {
+ /* No-descriptor-fetch mode */
+ if (value & DCSR_RUN) {
+ s->chan[channel].state &= ~DCSR_STOPINTR;
+ pxa2xx_dma_run(s);
+ }
+ } else {
+ /* Descriptor-fetch mode */
+ if (value & DCSR_RUN) {
+ s->chan[channel].state &= ~DCSR_STOPINTR;
+ pxa2xx_dma_descriptor_fetch(s, channel);
+ pxa2xx_dma_run(s);
+ }
+ }
+
+ /* Shouldn't matter as our DMA is synchronous. */
+ if (!(value & (DCSR_RUN | DCSR_MASKRUN)))
+ s->chan[channel].state |= DCSR_STOPINTR;
+
+ if (value & DCSR_CLRCMPST)
+ s->chan[channel].state &= ~DCSR_CMPST;
+ if (value & DCSR_SETCMPST)
+ s->chan[channel].state |= DCSR_CMPST;
+
+ pxa2xx_dma_update(s, channel);
+ break;
+
+ case DALGN:
+ s->align = value;
+ break;
+
+ case DPCSR:
+ s->pio = value & 0x80000001;
+ break;
+
+ default:
+ if (offset >= D_CH0 && offset < D_CH0 + (s->channels << 4)) {
+ channel = (offset - D_CH0) >> 4;
+ switch ((offset & 0x0f) >> 2) {
+ case DDADR:
+ s->chan[channel].descr = value;
+ break;
+ case DSADR:
+ s->chan[channel].src = value;
+ break;
+ case DTADR:
+ s->chan[channel].dest = value;
+ break;
+ case DCMD:
+ s->chan[channel].cmd = value;
+ break;
+ default:
+ goto fail;
+ }
+
+ break;
+ }
+ fail:
+ hw_error("%s: Bad offset " TARGET_FMT_plx "\n", __FUNCTION__, offset);
+ }
+}
+
+static const MemoryRegionOps pxa2xx_dma_ops = {
+ .read = pxa2xx_dma_read,
+ .write = pxa2xx_dma_write,
+ .endianness = DEVICE_NATIVE_ENDIAN,
+};
+
+static void pxa2xx_dma_request(void *opaque, int req_num, int on)
+{
+ PXA2xxDMAState *s = opaque;
+ int ch;
+ if (req_num < 0 || req_num >= PXA2XX_DMA_NUM_REQUESTS)
+ hw_error("%s: Bad DMA request %i\n", __FUNCTION__, req_num);
+
+ if (!(s->req[req_num] & DRCMR_MAPVLD))
+ return;
+ ch = s->req[req_num] & DRCMR_CHLNUM;
+
+ if (!s->chan[ch].request && on)
+ s->chan[ch].state |= DCSR_RASINTR;
+ else
+ s->chan[ch].state &= ~DCSR_RASINTR;
+ if (s->chan[ch].request && !on)
+ s->chan[ch].state |= DCSR_EORINT;
+
+ s->chan[ch].request = on;
+ if (on) {
+ pxa2xx_dma_run(s);
+ pxa2xx_dma_update(s, ch);
+ }
+}
+
+static int pxa2xx_dma_init(SysBusDevice *sbd)
+{
+ DeviceState *dev = DEVICE(sbd);
+ PXA2xxDMAState *s = PXA2XX_DMA(dev);
+ int i;
+
+ if (s->channels <= 0) {
+ return -1;
+ }
+
+ s->chan = g_malloc0(sizeof(PXA2xxDMAChannel) * s->channels);
+
+ memset(s->chan, 0, sizeof(PXA2xxDMAChannel) * s->channels);
+ for (i = 0; i < s->channels; i ++)
+ s->chan[i].state = DCSR_STOPINTR;
+
+ memset(s->req, 0, sizeof(uint8_t) * PXA2XX_DMA_NUM_REQUESTS);
+
+ qdev_init_gpio_in(dev, pxa2xx_dma_request, PXA2XX_DMA_NUM_REQUESTS);
+
+ memory_region_init_io(&s->iomem, OBJECT(s), &pxa2xx_dma_ops, s,
+ "pxa2xx.dma", 0x00010000);
+ sysbus_init_mmio(sbd, &s->iomem);
+ sysbus_init_irq(sbd, &s->irq);
+
+ return 0;
+}
+
+DeviceState *pxa27x_dma_init(hwaddr base, qemu_irq irq)
+{
+ DeviceState *dev;
+
+ dev = qdev_create(NULL, "pxa2xx-dma");
+ qdev_prop_set_int32(dev, "channels", PXA27X_DMA_NUM_CHANNELS);
+ qdev_init_nofail(dev);
+
+ sysbus_mmio_map(SYS_BUS_DEVICE(dev), 0, base);
+ sysbus_connect_irq(SYS_BUS_DEVICE(dev), 0, irq);
+
+ return dev;
+}
+
+DeviceState *pxa255_dma_init(hwaddr base, qemu_irq irq)
+{
+ DeviceState *dev;
+
+ dev = qdev_create(NULL, "pxa2xx-dma");
+ qdev_prop_set_int32(dev, "channels", PXA27X_DMA_NUM_CHANNELS);
+ qdev_init_nofail(dev);
+
+ sysbus_mmio_map(SYS_BUS_DEVICE(dev), 0, base);
+ sysbus_connect_irq(SYS_BUS_DEVICE(dev), 0, irq);
+
+ return dev;
+}
+
+static bool is_version_0(void *opaque, int version_id)
+{
+ return version_id == 0;
+}
+
+static VMStateDescription vmstate_pxa2xx_dma_chan = {
+ .name = "pxa2xx_dma_chan",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .minimum_version_id_old = 1,
+ .fields = (VMStateField[]) {
+ VMSTATE_UINT32(descr, PXA2xxDMAChannel),
+ VMSTATE_UINT32(src, PXA2xxDMAChannel),
+ VMSTATE_UINT32(dest, PXA2xxDMAChannel),
+ VMSTATE_UINT32(cmd, PXA2xxDMAChannel),
+ VMSTATE_UINT32(state, PXA2xxDMAChannel),
+ VMSTATE_INT32(request, PXA2xxDMAChannel),
+ VMSTATE_END_OF_LIST(),
+ },
+};
+
+static VMStateDescription vmstate_pxa2xx_dma = {
+ .name = "pxa2xx_dma",
+ .version_id = 1,
+ .minimum_version_id = 0,
+ .minimum_version_id_old = 0,
+ .fields = (VMStateField[]) {
+ VMSTATE_UNUSED_TEST(is_version_0, 4),
+ VMSTATE_UINT32(stopintr, PXA2xxDMAState),
+ VMSTATE_UINT32(eorintr, PXA2xxDMAState),
+ VMSTATE_UINT32(rasintr, PXA2xxDMAState),
+ VMSTATE_UINT32(startintr, PXA2xxDMAState),
+ VMSTATE_UINT32(endintr, PXA2xxDMAState),
+ VMSTATE_UINT32(align, PXA2xxDMAState),
+ VMSTATE_UINT32(pio, PXA2xxDMAState),
+ VMSTATE_BUFFER(req, PXA2xxDMAState),
+ VMSTATE_STRUCT_VARRAY_POINTER_INT32(chan, PXA2xxDMAState, channels,
+ vmstate_pxa2xx_dma_chan, PXA2xxDMAChannel),
+ VMSTATE_END_OF_LIST(),
+ },
+};
+
+static Property pxa2xx_dma_properties[] = {
+ DEFINE_PROP_INT32("channels", PXA2xxDMAState, channels, -1),
+ DEFINE_PROP_END_OF_LIST(),
+};
+
+static void pxa2xx_dma_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
+
+ k->init = pxa2xx_dma_init;
+ dc->desc = "PXA2xx DMA controller";
+ dc->vmsd = &vmstate_pxa2xx_dma;
+ dc->props = pxa2xx_dma_properties;
+}
+
+static const TypeInfo pxa2xx_dma_info = {
+ .name = TYPE_PXA2XX_DMA,
+ .parent = TYPE_SYS_BUS_DEVICE,
+ .instance_size = sizeof(PXA2xxDMAState),
+ .class_init = pxa2xx_dma_class_init,
+};
+
+static void pxa2xx_dma_register_types(void)
+{
+ type_register_static(&pxa2xx_dma_info);
+}
+
+type_init(pxa2xx_dma_register_types)
diff --git a/hw/dma/rc4030.c b/hw/dma/rc4030.c
new file mode 100644
index 000000000..4ec433f95
--- /dev/null
+++ b/hw/dma/rc4030.c
@@ -0,0 +1,825 @@
+/*
+ * QEMU JAZZ RC4030 chipset
+ *
+ * Copyright (c) 2007-2009 Herve Poussineau
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+#include "hw/hw.h"
+#include "hw/mips/mips.h"
+#include "qemu/timer.h"
+
+/********************************************************/
+/* debug rc4030 */
+
+//#define DEBUG_RC4030
+//#define DEBUG_RC4030_DMA
+
+#ifdef DEBUG_RC4030
+#define DPRINTF(fmt, ...) \
+do { printf("rc4030: " fmt , ## __VA_ARGS__); } while (0)
+static const char* irq_names[] = { "parallel", "floppy", "sound", "video",
+ "network", "scsi", "keyboard", "mouse", "serial0", "serial1" };
+#else
+#define DPRINTF(fmt, ...)
+#endif
+
+#define RC4030_ERROR(fmt, ...) \
+do { fprintf(stderr, "rc4030 ERROR: %s: " fmt, __func__ , ## __VA_ARGS__); } while (0)
+
+/********************************************************/
+/* rc4030 emulation */
+
+typedef struct dma_pagetable_entry {
+ int32_t frame;
+ int32_t owner;
+} QEMU_PACKED dma_pagetable_entry;
+
+#define DMA_PAGESIZE 4096
+#define DMA_REG_ENABLE 1
+#define DMA_REG_COUNT 2
+#define DMA_REG_ADDRESS 3
+
+#define DMA_FLAG_ENABLE 0x0001
+#define DMA_FLAG_MEM_TO_DEV 0x0002
+#define DMA_FLAG_TC_INTR 0x0100
+#define DMA_FLAG_MEM_INTR 0x0200
+#define DMA_FLAG_ADDR_INTR 0x0400
+
+typedef struct rc4030State
+{
+ uint32_t config; /* 0x0000: RC4030 config register */
+ uint32_t revision; /* 0x0008: RC4030 Revision register */
+ uint32_t invalid_address_register; /* 0x0010: Invalid Address register */
+
+ /* DMA */
+ uint32_t dma_regs[8][4];
+ uint32_t dma_tl_base; /* 0x0018: DMA transl. table base */
+ uint32_t dma_tl_limit; /* 0x0020: DMA transl. table limit */
+
+ /* cache */
+ uint32_t cache_maint; /* 0x0030: Cache Maintenance */
+ uint32_t remote_failed_address; /* 0x0038: Remote Failed Address */
+ uint32_t memory_failed_address; /* 0x0040: Memory Failed Address */
+ uint32_t cache_ptag; /* 0x0048: I/O Cache Physical Tag */
+ uint32_t cache_ltag; /* 0x0050: I/O Cache Logical Tag */
+ uint32_t cache_bmask; /* 0x0058: I/O Cache Byte Mask */
+
+ uint32_t nmi_interrupt; /* 0x0200: interrupt source */
+ uint32_t offset210;
+ uint32_t nvram_protect; /* 0x0220: NV ram protect register */
+ uint32_t rem_speed[16];
+ uint32_t imr_jazz; /* Local bus int enable mask */
+ uint32_t isr_jazz; /* Local bus int source */
+
+ /* timer */
+ QEMUTimer *periodic_timer;
+ uint32_t itr; /* Interval timer reload */
+
+ qemu_irq timer_irq;
+ qemu_irq jazz_bus_irq;
+
+ MemoryRegion iomem_chipset;
+ MemoryRegion iomem_jazzio;
+} rc4030State;
+
+static void set_next_tick(rc4030State *s)
+{
+ qemu_irq_lower(s->timer_irq);
+ uint32_t tm_hz;
+
+ tm_hz = 1000 / (s->itr + 1);
+
+ qemu_mod_timer(s->periodic_timer, qemu_get_clock_ns(vm_clock) +
+ get_ticks_per_sec() / tm_hz);
+}
+
+/* called for accesses to rc4030 */
+static uint32_t rc4030_readl(void *opaque, hwaddr addr)
+{
+ rc4030State *s = opaque;
+ uint32_t val;
+
+ addr &= 0x3fff;
+ switch (addr & ~0x3) {
+ /* Global config register */
+ case 0x0000:
+ val = s->config;
+ break;
+ /* Revision register */
+ case 0x0008:
+ val = s->revision;
+ break;
+ /* Invalid Address register */
+ case 0x0010:
+ val = s->invalid_address_register;
+ break;
+ /* DMA transl. table base */
+ case 0x0018:
+ val = s->dma_tl_base;
+ break;
+ /* DMA transl. table limit */
+ case 0x0020:
+ val = s->dma_tl_limit;
+ break;
+ /* Remote Failed Address */
+ case 0x0038:
+ val = s->remote_failed_address;
+ break;
+ /* Memory Failed Address */
+ case 0x0040:
+ val = s->memory_failed_address;
+ break;
+ /* I/O Cache Byte Mask */
+ case 0x0058:
+ val = s->cache_bmask;
+ /* HACK */
+ if (s->cache_bmask == (uint32_t)-1)
+ s->cache_bmask = 0;
+ break;
+ /* Remote Speed Registers */
+ case 0x0070:
+ case 0x0078:
+ case 0x0080:
+ case 0x0088:
+ case 0x0090:
+ case 0x0098:
+ case 0x00a0:
+ case 0x00a8:
+ case 0x00b0:
+ case 0x00b8:
+ case 0x00c0:
+ case 0x00c8:
+ case 0x00d0:
+ case 0x00d8:
+ case 0x00e0:
+ case 0x00e8:
+ val = s->rem_speed[(addr - 0x0070) >> 3];
+ break;
+ /* DMA channel base address */
+ case 0x0100:
+ case 0x0108:
+ case 0x0110:
+ case 0x0118:
+ case 0x0120:
+ case 0x0128:
+ case 0x0130:
+ case 0x0138:
+ case 0x0140:
+ case 0x0148:
+ case 0x0150:
+ case 0x0158:
+ case 0x0160:
+ case 0x0168:
+ case 0x0170:
+ case 0x0178:
+ case 0x0180:
+ case 0x0188:
+ case 0x0190:
+ case 0x0198:
+ case 0x01a0:
+ case 0x01a8:
+ case 0x01b0:
+ case 0x01b8:
+ case 0x01c0:
+ case 0x01c8:
+ case 0x01d0:
+ case 0x01d8:
+ case 0x01e0:
+ case 0x01e8:
+ case 0x01f0:
+ case 0x01f8:
+ {
+ int entry = (addr - 0x0100) >> 5;
+ int idx = (addr & 0x1f) >> 3;
+ val = s->dma_regs[entry][idx];
+ }
+ break;
+ /* Interrupt source */
+ case 0x0200:
+ val = s->nmi_interrupt;
+ break;
+ /* Error type */
+ case 0x0208:
+ val = 0;
+ break;
+ /* Offset 0x0210 */
+ case 0x0210:
+ val = s->offset210;
+ break;
+ /* NV ram protect register */
+ case 0x0220:
+ val = s->nvram_protect;
+ break;
+ /* Interval timer count */
+ case 0x0230:
+ val = 0;
+ qemu_irq_lower(s->timer_irq);
+ break;
+ /* EISA interrupt */
+ case 0x0238:
+ val = 7; /* FIXME: should be read from EISA controller */
+ break;
+ default:
+ RC4030_ERROR("invalid read [" TARGET_FMT_plx "]\n", addr);
+ val = 0;
+ break;
+ }
+
+ if ((addr & ~3) != 0x230) {
+ DPRINTF("read 0x%02x at " TARGET_FMT_plx "\n", val, addr);
+ }
+
+ return val;
+}
+
+static uint32_t rc4030_readw(void *opaque, hwaddr addr)
+{
+ uint32_t v = rc4030_readl(opaque, addr & ~0x3);
+ if (addr & 0x2)
+ return v >> 16;
+ else
+ return v & 0xffff;
+}
+
+static uint32_t rc4030_readb(void *opaque, hwaddr addr)
+{
+ uint32_t v = rc4030_readl(opaque, addr & ~0x3);
+ return (v >> (8 * (addr & 0x3))) & 0xff;
+}
+
+static void rc4030_writel(void *opaque, hwaddr addr, uint32_t val)
+{
+ rc4030State *s = opaque;
+ addr &= 0x3fff;
+
+ DPRINTF("write 0x%02x at " TARGET_FMT_plx "\n", val, addr);
+
+ switch (addr & ~0x3) {
+ /* Global config register */
+ case 0x0000:
+ s->config = val;
+ break;
+ /* DMA transl. table base */
+ case 0x0018:
+ s->dma_tl_base = val;
+ break;
+ /* DMA transl. table limit */
+ case 0x0020:
+ s->dma_tl_limit = val;
+ break;
+ /* DMA transl. table invalidated */
+ case 0x0028:
+ break;
+ /* Cache Maintenance */
+ case 0x0030:
+ s->cache_maint = val;
+ break;
+ /* I/O Cache Physical Tag */
+ case 0x0048:
+ s->cache_ptag = val;
+ break;
+ /* I/O Cache Logical Tag */
+ case 0x0050:
+ s->cache_ltag = val;
+ break;
+ /* I/O Cache Byte Mask */
+ case 0x0058:
+ s->cache_bmask |= val; /* HACK */
+ break;
+ /* I/O Cache Buffer Window */
+ case 0x0060:
+ /* HACK */
+ if (s->cache_ltag == 0x80000001 && s->cache_bmask == 0xf0f0f0f) {
+ hwaddr dest = s->cache_ptag & ~0x1;
+ dest += (s->cache_maint & 0x3) << 3;
+ cpu_physical_memory_write(dest, &val, 4);
+ }
+ break;
+ /* Remote Speed Registers */
+ case 0x0070:
+ case 0x0078:
+ case 0x0080:
+ case 0x0088:
+ case 0x0090:
+ case 0x0098:
+ case 0x00a0:
+ case 0x00a8:
+ case 0x00b0:
+ case 0x00b8:
+ case 0x00c0:
+ case 0x00c8:
+ case 0x00d0:
+ case 0x00d8:
+ case 0x00e0:
+ case 0x00e8:
+ s->rem_speed[(addr - 0x0070) >> 3] = val;
+ break;
+ /* DMA channel base address */
+ case 0x0100:
+ case 0x0108:
+ case 0x0110:
+ case 0x0118:
+ case 0x0120:
+ case 0x0128:
+ case 0x0130:
+ case 0x0138:
+ case 0x0140:
+ case 0x0148:
+ case 0x0150:
+ case 0x0158:
+ case 0x0160:
+ case 0x0168:
+ case 0x0170:
+ case 0x0178:
+ case 0x0180:
+ case 0x0188:
+ case 0x0190:
+ case 0x0198:
+ case 0x01a0:
+ case 0x01a8:
+ case 0x01b0:
+ case 0x01b8:
+ case 0x01c0:
+ case 0x01c8:
+ case 0x01d0:
+ case 0x01d8:
+ case 0x01e0:
+ case 0x01e8:
+ case 0x01f0:
+ case 0x01f8:
+ {
+ int entry = (addr - 0x0100) >> 5;
+ int idx = (addr & 0x1f) >> 3;
+ s->dma_regs[entry][idx] = val;
+ }
+ break;
+ /* Offset 0x0210 */
+ case 0x0210:
+ s->offset210 = val;
+ break;
+ /* Interval timer reload */
+ case 0x0228:
+ s->itr = val;
+ qemu_irq_lower(s->timer_irq);
+ set_next_tick(s);
+ break;
+ /* EISA interrupt */
+ case 0x0238:
+ break;
+ default:
+ RC4030_ERROR("invalid write of 0x%02x at [" TARGET_FMT_plx "]\n", val, addr);
+ break;
+ }
+}
+
+static void rc4030_writew(void *opaque, hwaddr addr, uint32_t val)
+{
+ uint32_t old_val = rc4030_readl(opaque, addr & ~0x3);
+
+ if (addr & 0x2)
+ val = (val << 16) | (old_val & 0x0000ffff);
+ else
+ val = val | (old_val & 0xffff0000);
+ rc4030_writel(opaque, addr & ~0x3, val);
+}
+
+static void rc4030_writeb(void *opaque, hwaddr addr, uint32_t val)
+{
+ uint32_t old_val = rc4030_readl(opaque, addr & ~0x3);
+
+ switch (addr & 3) {
+ case 0:
+ val = val | (old_val & 0xffffff00);
+ break;
+ case 1:
+ val = (val << 8) | (old_val & 0xffff00ff);
+ break;
+ case 2:
+ val = (val << 16) | (old_val & 0xff00ffff);
+ break;
+ case 3:
+ val = (val << 24) | (old_val & 0x00ffffff);
+ break;
+ }
+ rc4030_writel(opaque, addr & ~0x3, val);
+}
+
+static const MemoryRegionOps rc4030_ops = {
+ .old_mmio = {
+ .read = { rc4030_readb, rc4030_readw, rc4030_readl, },
+ .write = { rc4030_writeb, rc4030_writew, rc4030_writel, },
+ },
+ .endianness = DEVICE_NATIVE_ENDIAN,
+};
+
+static void update_jazz_irq(rc4030State *s)
+{
+ uint16_t pending;
+
+ pending = s->isr_jazz & s->imr_jazz;
+
+#ifdef DEBUG_RC4030
+ if (s->isr_jazz != 0) {
+ uint32_t irq = 0;
+ DPRINTF("pending irqs:");
+ for (irq = 0; irq < ARRAY_SIZE(irq_names); irq++) {
+ if (s->isr_jazz & (1 << irq)) {
+ printf(" %s", irq_names[irq]);
+ if (!(s->imr_jazz & (1 << irq))) {
+ printf("(ignored)");
+ }
+ }
+ }
+ printf("\n");
+ }
+#endif
+
+ if (pending != 0)
+ qemu_irq_raise(s->jazz_bus_irq);
+ else
+ qemu_irq_lower(s->jazz_bus_irq);
+}
+
+static void rc4030_irq_jazz_request(void *opaque, int irq, int level)
+{
+ rc4030State *s = opaque;
+
+ if (level) {
+ s->isr_jazz |= 1 << irq;
+ } else {
+ s->isr_jazz &= ~(1 << irq);
+ }
+
+ update_jazz_irq(s);
+}
+
+static void rc4030_periodic_timer(void *opaque)
+{
+ rc4030State *s = opaque;
+
+ set_next_tick(s);
+ qemu_irq_raise(s->timer_irq);
+}
+
+static uint32_t jazzio_readw(void *opaque, hwaddr addr)
+{
+ rc4030State *s = opaque;
+ uint32_t val;
+ uint32_t irq;
+ addr &= 0xfff;
+
+ switch (addr) {
+ /* Local bus int source */
+ case 0x00: {
+ uint32_t pending = s->isr_jazz & s->imr_jazz;
+ val = 0;
+ irq = 0;
+ while (pending) {
+ if (pending & 1) {
+ DPRINTF("returning irq %s\n", irq_names[irq]);
+ val = (irq + 1) << 2;
+ break;
+ }
+ irq++;
+ pending >>= 1;
+ }
+ break;
+ }
+ /* Local bus int enable mask */
+ case 0x02:
+ val = s->imr_jazz;
+ break;
+ default:
+ RC4030_ERROR("(jazz io controller) invalid read [" TARGET_FMT_plx "]\n", addr);
+ val = 0;
+ }
+
+ DPRINTF("(jazz io controller) read 0x%04x at " TARGET_FMT_plx "\n", val, addr);
+
+ return val;
+}
+
+static uint32_t jazzio_readb(void *opaque, hwaddr addr)
+{
+ uint32_t v;
+ v = jazzio_readw(opaque, addr & ~0x1);
+ return (v >> (8 * (addr & 0x1))) & 0xff;
+}
+
+static uint32_t jazzio_readl(void *opaque, hwaddr addr)
+{
+ uint32_t v;
+ v = jazzio_readw(opaque, addr);
+ v |= jazzio_readw(opaque, addr + 2) << 16;
+ return v;
+}
+
+static void jazzio_writew(void *opaque, hwaddr addr, uint32_t val)
+{
+ rc4030State *s = opaque;
+ addr &= 0xfff;
+
+ DPRINTF("(jazz io controller) write 0x%04x at " TARGET_FMT_plx "\n", val, addr);
+
+ switch (addr) {
+ /* Local bus int enable mask */
+ case 0x02:
+ s->imr_jazz = val;
+ update_jazz_irq(s);
+ break;
+ default:
+ RC4030_ERROR("(jazz io controller) invalid write of 0x%04x at [" TARGET_FMT_plx "]\n", val, addr);
+ break;
+ }
+}
+
+static void jazzio_writeb(void *opaque, hwaddr addr, uint32_t val)
+{
+ uint32_t old_val = jazzio_readw(opaque, addr & ~0x1);
+
+ switch (addr & 1) {
+ case 0:
+ val = val | (old_val & 0xff00);
+ break;
+ case 1:
+ val = (val << 8) | (old_val & 0x00ff);
+ break;
+ }
+ jazzio_writew(opaque, addr & ~0x1, val);
+}
+
+static void jazzio_writel(void *opaque, hwaddr addr, uint32_t val)
+{
+ jazzio_writew(opaque, addr, val & 0xffff);
+ jazzio_writew(opaque, addr + 2, (val >> 16) & 0xffff);
+}
+
+static const MemoryRegionOps jazzio_ops = {
+ .old_mmio = {
+ .read = { jazzio_readb, jazzio_readw, jazzio_readl, },
+ .write = { jazzio_writeb, jazzio_writew, jazzio_writel, },
+ },
+ .endianness = DEVICE_NATIVE_ENDIAN,
+};
+
+static void rc4030_reset(void *opaque)
+{
+ rc4030State *s = opaque;
+ int i;
+
+ s->config = 0x410; /* some boards seem to accept 0x104 too */
+ s->revision = 1;
+ s->invalid_address_register = 0;
+
+ memset(s->dma_regs, 0, sizeof(s->dma_regs));
+ s->dma_tl_base = s->dma_tl_limit = 0;
+
+ s->remote_failed_address = s->memory_failed_address = 0;
+ s->cache_maint = 0;
+ s->cache_ptag = s->cache_ltag = 0;
+ s->cache_bmask = 0;
+
+ s->offset210 = 0x18186;
+ s->nvram_protect = 7;
+ for (i = 0; i < 15; i++)
+ s->rem_speed[i] = 7;
+ s->imr_jazz = 0x10; /* XXX: required by firmware, but why? */
+ s->isr_jazz = 0;
+
+ s->itr = 0;
+
+ qemu_irq_lower(s->timer_irq);
+ qemu_irq_lower(s->jazz_bus_irq);
+}
+
+static int rc4030_load(QEMUFile *f, void *opaque, int version_id)
+{
+ rc4030State* s = opaque;
+ int i, j;
+
+ if (version_id != 2)
+ return -EINVAL;
+
+ s->config = qemu_get_be32(f);
+ s->invalid_address_register = qemu_get_be32(f);
+ for (i = 0; i < 8; i++)
+ for (j = 0; j < 4; j++)
+ s->dma_regs[i][j] = qemu_get_be32(f);
+ s->dma_tl_base = qemu_get_be32(f);
+ s->dma_tl_limit = qemu_get_be32(f);
+ s->cache_maint = qemu_get_be32(f);
+ s->remote_failed_address = qemu_get_be32(f);
+ s->memory_failed_address = qemu_get_be32(f);
+ s->cache_ptag = qemu_get_be32(f);
+ s->cache_ltag = qemu_get_be32(f);
+ s->cache_bmask = qemu_get_be32(f);
+ s->offset210 = qemu_get_be32(f);
+ s->nvram_protect = qemu_get_be32(f);
+ for (i = 0; i < 15; i++)
+ s->rem_speed[i] = qemu_get_be32(f);
+ s->imr_jazz = qemu_get_be32(f);
+ s->isr_jazz = qemu_get_be32(f);
+ s->itr = qemu_get_be32(f);
+
+ set_next_tick(s);
+ update_jazz_irq(s);
+
+ return 0;
+}
+
+static void rc4030_save(QEMUFile *f, void *opaque)
+{
+ rc4030State* s = opaque;
+ int i, j;
+
+ qemu_put_be32(f, s->config);
+ qemu_put_be32(f, s->invalid_address_register);
+ for (i = 0; i < 8; i++)
+ for (j = 0; j < 4; j++)
+ qemu_put_be32(f, s->dma_regs[i][j]);
+ qemu_put_be32(f, s->dma_tl_base);
+ qemu_put_be32(f, s->dma_tl_limit);
+ qemu_put_be32(f, s->cache_maint);
+ qemu_put_be32(f, s->remote_failed_address);
+ qemu_put_be32(f, s->memory_failed_address);
+ qemu_put_be32(f, s->cache_ptag);
+ qemu_put_be32(f, s->cache_ltag);
+ qemu_put_be32(f, s->cache_bmask);
+ qemu_put_be32(f, s->offset210);
+ qemu_put_be32(f, s->nvram_protect);
+ for (i = 0; i < 15; i++)
+ qemu_put_be32(f, s->rem_speed[i]);
+ qemu_put_be32(f, s->imr_jazz);
+ qemu_put_be32(f, s->isr_jazz);
+ qemu_put_be32(f, s->itr);
+}
+
+void rc4030_dma_memory_rw(void *opaque, hwaddr addr, uint8_t *buf, int len, int is_write)
+{
+ rc4030State *s = opaque;
+ hwaddr entry_addr;
+ hwaddr phys_addr;
+ dma_pagetable_entry entry;
+ int index;
+ int ncpy, i;
+
+ i = 0;
+ for (;;) {
+ if (i == len) {
+ break;
+ }
+
+ ncpy = DMA_PAGESIZE - (addr & (DMA_PAGESIZE - 1));
+ if (ncpy > len - i)
+ ncpy = len - i;
+
+ /* Get DMA translation table entry */
+ index = addr / DMA_PAGESIZE;
+ if (index >= s->dma_tl_limit / sizeof(dma_pagetable_entry)) {
+ break;
+ }
+ entry_addr = s->dma_tl_base + index * sizeof(dma_pagetable_entry);
+ /* XXX: not sure. should we really use only lowest bits? */
+ entry_addr &= 0x7fffffff;
+ cpu_physical_memory_read(entry_addr, &entry, sizeof(entry));
+
+ /* Read/write data at right place */
+ phys_addr = entry.frame + (addr & (DMA_PAGESIZE - 1));
+ cpu_physical_memory_rw(phys_addr, &buf[i], ncpy, is_write);
+
+ i += ncpy;
+ addr += ncpy;
+ }
+}
+
+static void rc4030_do_dma(void *opaque, int n, uint8_t *buf, int len, int is_write)
+{
+ rc4030State *s = opaque;
+ hwaddr dma_addr;
+ int dev_to_mem;
+
+ s->dma_regs[n][DMA_REG_ENABLE] &= ~(DMA_FLAG_TC_INTR | DMA_FLAG_MEM_INTR | DMA_FLAG_ADDR_INTR);
+
+ /* Check DMA channel consistency */
+ dev_to_mem = (s->dma_regs[n][DMA_REG_ENABLE] & DMA_FLAG_MEM_TO_DEV) ? 0 : 1;
+ if (!(s->dma_regs[n][DMA_REG_ENABLE] & DMA_FLAG_ENABLE) ||
+ (is_write != dev_to_mem)) {
+ s->dma_regs[n][DMA_REG_ENABLE] |= DMA_FLAG_MEM_INTR;
+ s->nmi_interrupt |= 1 << n;
+ return;
+ }
+
+ /* Get start address and len */
+ if (len > s->dma_regs[n][DMA_REG_COUNT])
+ len = s->dma_regs[n][DMA_REG_COUNT];
+ dma_addr = s->dma_regs[n][DMA_REG_ADDRESS];
+
+ /* Read/write data at right place */
+ rc4030_dma_memory_rw(opaque, dma_addr, buf, len, is_write);
+
+ s->dma_regs[n][DMA_REG_ENABLE] |= DMA_FLAG_TC_INTR;
+ s->dma_regs[n][DMA_REG_COUNT] -= len;
+
+#ifdef DEBUG_RC4030_DMA
+ {
+ int i, j;
+ printf("rc4030 dma: Copying %d bytes %s host %p\n",
+ len, is_write ? "from" : "to", buf);
+ for (i = 0; i < len; i += 16) {
+ int n = 16;
+ if (n > len - i) {
+ n = len - i;
+ }
+ for (j = 0; j < n; j++)
+ printf("%02x ", buf[i + j]);
+ while (j++ < 16)
+ printf(" ");
+ printf("| ");
+ for (j = 0; j < n; j++)
+ printf("%c", isprint(buf[i + j]) ? buf[i + j] : '.');
+ printf("\n");
+ }
+ }
+#endif
+}
+
+struct rc4030DMAState {
+ void *opaque;
+ int n;
+};
+
+void rc4030_dma_read(void *dma, uint8_t *buf, int len)
+{
+ rc4030_dma s = dma;
+ rc4030_do_dma(s->opaque, s->n, buf, len, 0);
+}
+
+void rc4030_dma_write(void *dma, uint8_t *buf, int len)
+{
+ rc4030_dma s = dma;
+ rc4030_do_dma(s->opaque, s->n, buf, len, 1);
+}
+
+static rc4030_dma *rc4030_allocate_dmas(void *opaque, int n)
+{
+ rc4030_dma *s;
+ struct rc4030DMAState *p;
+ int i;
+
+ s = (rc4030_dma *)g_malloc0(sizeof(rc4030_dma) * n);
+ p = (struct rc4030DMAState *)g_malloc0(sizeof(struct rc4030DMAState) * n);
+ for (i = 0; i < n; i++) {
+ p->opaque = opaque;
+ p->n = i;
+ s[i] = p;
+ p++;
+ }
+ return s;
+}
+
+void *rc4030_init(qemu_irq timer, qemu_irq jazz_bus,
+ qemu_irq **irqs, rc4030_dma **dmas,
+ MemoryRegion *sysmem)
+{
+ rc4030State *s;
+
+ s = g_malloc0(sizeof(rc4030State));
+
+ *irqs = qemu_allocate_irqs(rc4030_irq_jazz_request, s, 16);
+ *dmas = rc4030_allocate_dmas(s, 4);
+
+ s->periodic_timer = qemu_new_timer_ns(vm_clock, rc4030_periodic_timer, s);
+ s->timer_irq = timer;
+ s->jazz_bus_irq = jazz_bus;
+
+ qemu_register_reset(rc4030_reset, s);
+ register_savevm(NULL, "rc4030", 0, 2, rc4030_save, rc4030_load, s);
+ rc4030_reset(s);
+
+ memory_region_init_io(&s->iomem_chipset, NULL, &rc4030_ops, s,
+ "rc4030.chipset", 0x300);
+ memory_region_add_subregion(sysmem, 0x80000000, &s->iomem_chipset);
+ memory_region_init_io(&s->iomem_jazzio, NULL, &jazzio_ops, s,
+ "rc4030.jazzio", 0x00001000);
+ memory_region_add_subregion(sysmem, 0xf0000000, &s->iomem_jazzio);
+
+ return s;
+}
diff --git a/hw/dma/soc_dma.c b/hw/dma/soc_dma.c
new file mode 100644
index 000000000..5e3491d37
--- /dev/null
+++ b/hw/dma/soc_dma.c
@@ -0,0 +1,366 @@
+/*
+ * On-chip DMA controller framework.
+ *
+ * Copyright (C) 2008 Nokia Corporation
+ * Written by Andrzej Zaborowski <andrew@openedhand.com>
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License as
+ * published by the Free Software Foundation; either version 2 or
+ * (at your option) version 3 of the License.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+#include "qemu-common.h"
+#include "qemu/timer.h"
+#include "hw/arm/soc_dma.h"
+
+static void transfer_mem2mem(struct soc_dma_ch_s *ch)
+{
+ memcpy(ch->paddr[0], ch->paddr[1], ch->bytes);
+ ch->paddr[0] += ch->bytes;
+ ch->paddr[1] += ch->bytes;
+}
+
+static void transfer_mem2fifo(struct soc_dma_ch_s *ch)
+{
+ ch->io_fn[1](ch->io_opaque[1], ch->paddr[0], ch->bytes);
+ ch->paddr[0] += ch->bytes;
+}
+
+static void transfer_fifo2mem(struct soc_dma_ch_s *ch)
+{
+ ch->io_fn[0](ch->io_opaque[0], ch->paddr[1], ch->bytes);
+ ch->paddr[1] += ch->bytes;
+}
+
+/* This is further optimisable but isn't very important because often
+ * DMA peripherals forbid this kind of transfers and even when they don't,
+ * oprating systems may not need to use them. */
+static void *fifo_buf;
+static int fifo_size;
+static void transfer_fifo2fifo(struct soc_dma_ch_s *ch)
+{
+ if (ch->bytes > fifo_size)
+ fifo_buf = g_realloc(fifo_buf, fifo_size = ch->bytes);
+
+ /* Implement as transfer_fifo2linear + transfer_linear2fifo. */
+ ch->io_fn[0](ch->io_opaque[0], fifo_buf, ch->bytes);
+ ch->io_fn[1](ch->io_opaque[1], fifo_buf, ch->bytes);
+}
+
+struct dma_s {
+ struct soc_dma_s soc;
+ int chnum;
+ uint64_t ch_enable_mask;
+ int64_t channel_freq;
+ int enabled_count;
+
+ struct memmap_entry_s {
+ enum soc_dma_port_type type;
+ hwaddr addr;
+ union {
+ struct {
+ void *opaque;
+ soc_dma_io_t fn;
+ int out;
+ } fifo;
+ struct {
+ void *base;
+ size_t size;
+ } mem;
+ } u;
+ } *memmap;
+ int memmap_size;
+
+ struct soc_dma_ch_s ch[0];
+};
+
+static void soc_dma_ch_schedule(struct soc_dma_ch_s *ch, int delay_bytes)
+{
+ int64_t now = qemu_get_clock_ns(vm_clock);
+ struct dma_s *dma = (struct dma_s *) ch->dma;
+
+ qemu_mod_timer(ch->timer, now + delay_bytes / dma->channel_freq);
+}
+
+static void soc_dma_ch_run(void *opaque)
+{
+ struct soc_dma_ch_s *ch = (struct soc_dma_ch_s *) opaque;
+
+ ch->running = 1;
+ ch->dma->setup_fn(ch);
+ ch->transfer_fn(ch);
+ ch->running = 0;
+
+ if (ch->enable)
+ soc_dma_ch_schedule(ch, ch->bytes);
+ ch->bytes = 0;
+}
+
+static inline struct memmap_entry_s *soc_dma_lookup(struct dma_s *dma,
+ hwaddr addr)
+{
+ struct memmap_entry_s *lo;
+ int hi;
+
+ lo = dma->memmap;
+ hi = dma->memmap_size;
+
+ while (hi > 1) {
+ hi /= 2;
+ if (lo[hi].addr <= addr)
+ lo += hi;
+ }
+
+ return lo;
+}
+
+static inline enum soc_dma_port_type soc_dma_ch_update_type(
+ struct soc_dma_ch_s *ch, int port)
+{
+ struct dma_s *dma = (struct dma_s *) ch->dma;
+ struct memmap_entry_s *entry = soc_dma_lookup(dma, ch->vaddr[port]);
+
+ if (entry->type == soc_dma_port_fifo) {
+ while (entry < dma->memmap + dma->memmap_size &&
+ entry->u.fifo.out != port)
+ entry ++;
+ if (entry->addr != ch->vaddr[port] || entry->u.fifo.out != port)
+ return soc_dma_port_other;
+
+ if (ch->type[port] != soc_dma_access_const)
+ return soc_dma_port_other;
+
+ ch->io_fn[port] = entry->u.fifo.fn;
+ ch->io_opaque[port] = entry->u.fifo.opaque;
+ return soc_dma_port_fifo;
+ } else if (entry->type == soc_dma_port_mem) {
+ if (entry->addr > ch->vaddr[port] ||
+ entry->addr + entry->u.mem.size <= ch->vaddr[port])
+ return soc_dma_port_other;
+
+ /* TODO: support constant memory address for source port as used for
+ * drawing solid rectangles by PalmOS(R). */
+ if (ch->type[port] != soc_dma_access_const)
+ return soc_dma_port_other;
+
+ ch->paddr[port] = (uint8_t *) entry->u.mem.base +
+ (ch->vaddr[port] - entry->addr);
+ /* TODO: save bytes left to the end of the mapping somewhere so we
+ * can check we're not reading beyond it. */
+ return soc_dma_port_mem;
+ } else
+ return soc_dma_port_other;
+}
+
+void soc_dma_ch_update(struct soc_dma_ch_s *ch)
+{
+ enum soc_dma_port_type src, dst;
+
+ src = soc_dma_ch_update_type(ch, 0);
+ if (src == soc_dma_port_other) {
+ ch->update = 0;
+ ch->transfer_fn = ch->dma->transfer_fn;
+ return;
+ }
+ dst = soc_dma_ch_update_type(ch, 1);
+
+ /* TODO: use src and dst as array indices. */
+ if (src == soc_dma_port_mem && dst == soc_dma_port_mem)
+ ch->transfer_fn = transfer_mem2mem;
+ else if (src == soc_dma_port_mem && dst == soc_dma_port_fifo)
+ ch->transfer_fn = transfer_mem2fifo;
+ else if (src == soc_dma_port_fifo && dst == soc_dma_port_mem)
+ ch->transfer_fn = transfer_fifo2mem;
+ else if (src == soc_dma_port_fifo && dst == soc_dma_port_fifo)
+ ch->transfer_fn = transfer_fifo2fifo;
+ else
+ ch->transfer_fn = ch->dma->transfer_fn;
+
+ ch->update = (dst != soc_dma_port_other);
+}
+
+static void soc_dma_ch_freq_update(struct dma_s *s)
+{
+ if (s->enabled_count)
+ /* We completely ignore channel priorities and stuff */
+ s->channel_freq = s->soc.freq / s->enabled_count;
+ else {
+ /* TODO: Signal that we want to disable the functional clock and let
+ * the platform code decide what to do with it, i.e. check that
+ * auto-idle is enabled in the clock controller and if we are stopping
+ * the clock, do the same with any parent clocks that had only one
+ * user keeping them on and auto-idle enabled. */
+ }
+}
+
+void soc_dma_set_request(struct soc_dma_ch_s *ch, int level)
+{
+ struct dma_s *dma = (struct dma_s *) ch->dma;
+
+ dma->enabled_count += level - ch->enable;
+
+ if (level)
+ dma->ch_enable_mask |= 1 << ch->num;
+ else
+ dma->ch_enable_mask &= ~(1 << ch->num);
+
+ if (level != ch->enable) {
+ soc_dma_ch_freq_update(dma);
+ ch->enable = level;
+
+ if (!ch->enable)
+ qemu_del_timer(ch->timer);
+ else if (!ch->running)
+ soc_dma_ch_run(ch);
+ else
+ soc_dma_ch_schedule(ch, 1);
+ }
+}
+
+void soc_dma_reset(struct soc_dma_s *soc)
+{
+ struct dma_s *s = (struct dma_s *) soc;
+
+ s->soc.drqbmp = 0;
+ s->ch_enable_mask = 0;
+ s->enabled_count = 0;
+ soc_dma_ch_freq_update(s);
+}
+
+/* TODO: take a functional-clock argument */
+struct soc_dma_s *soc_dma_init(int n)
+{
+ int i;
+ struct dma_s *s = g_malloc0(sizeof(*s) + n * sizeof(*s->ch));
+
+ s->chnum = n;
+ s->soc.ch = s->ch;
+ for (i = 0; i < n; i ++) {
+ s->ch[i].dma = &s->soc;
+ s->ch[i].num = i;
+ s->ch[i].timer = qemu_new_timer_ns(vm_clock, soc_dma_ch_run, &s->ch[i]);
+ }
+
+ soc_dma_reset(&s->soc);
+ fifo_size = 0;
+
+ return &s->soc;
+}
+
+void soc_dma_port_add_fifo(struct soc_dma_s *soc, hwaddr virt_base,
+ soc_dma_io_t fn, void *opaque, int out)
+{
+ struct memmap_entry_s *entry;
+ struct dma_s *dma = (struct dma_s *) soc;
+
+ dma->memmap = g_realloc(dma->memmap, sizeof(*entry) *
+ (dma->memmap_size + 1));
+ entry = soc_dma_lookup(dma, virt_base);
+
+ if (dma->memmap_size) {
+ if (entry->type == soc_dma_port_mem) {
+ if (entry->addr <= virt_base &&
+ entry->addr + entry->u.mem.size > virt_base) {
+ fprintf(stderr, "%s: FIFO at " TARGET_FMT_lx
+ " collides with RAM region at " TARGET_FMT_lx
+ "-" TARGET_FMT_lx "\n", __FUNCTION__,
+ (target_ulong) virt_base,
+ (target_ulong) entry->addr, (target_ulong)
+ (entry->addr + entry->u.mem.size));
+ exit(-1);
+ }
+
+ if (entry->addr <= virt_base)
+ entry ++;
+ } else
+ while (entry < dma->memmap + dma->memmap_size &&
+ entry->addr <= virt_base) {
+ if (entry->addr == virt_base && entry->u.fifo.out == out) {
+ fprintf(stderr, "%s: FIFO at " TARGET_FMT_lx
+ " collides FIFO at " TARGET_FMT_lx "\n",
+ __FUNCTION__, (target_ulong) virt_base,
+ (target_ulong) entry->addr);
+ exit(-1);
+ }
+
+ entry ++;
+ }
+
+ memmove(entry + 1, entry,
+ (uint8_t *) (dma->memmap + dma->memmap_size ++) -
+ (uint8_t *) entry);
+ } else
+ dma->memmap_size ++;
+
+ entry->addr = virt_base;
+ entry->type = soc_dma_port_fifo;
+ entry->u.fifo.fn = fn;
+ entry->u.fifo.opaque = opaque;
+ entry->u.fifo.out = out;
+}
+
+void soc_dma_port_add_mem(struct soc_dma_s *soc, uint8_t *phys_base,
+ hwaddr virt_base, size_t size)
+{
+ struct memmap_entry_s *entry;
+ struct dma_s *dma = (struct dma_s *) soc;
+
+ dma->memmap = g_realloc(dma->memmap, sizeof(*entry) *
+ (dma->memmap_size + 1));
+ entry = soc_dma_lookup(dma, virt_base);
+
+ if (dma->memmap_size) {
+ if (entry->type == soc_dma_port_mem) {
+ if ((entry->addr >= virt_base && entry->addr < virt_base + size) ||
+ (entry->addr <= virt_base &&
+ entry->addr + entry->u.mem.size > virt_base)) {
+ fprintf(stderr, "%s: RAM at " TARGET_FMT_lx "-" TARGET_FMT_lx
+ " collides with RAM region at " TARGET_FMT_lx
+ "-" TARGET_FMT_lx "\n", __FUNCTION__,
+ (target_ulong) virt_base,
+ (target_ulong) (virt_base + size),
+ (target_ulong) entry->addr, (target_ulong)
+ (entry->addr + entry->u.mem.size));
+ exit(-1);
+ }
+
+ if (entry->addr <= virt_base)
+ entry ++;
+ } else {
+ if (entry->addr >= virt_base &&
+ entry->addr < virt_base + size) {
+ fprintf(stderr, "%s: RAM at " TARGET_FMT_lx "-" TARGET_FMT_lx
+ " collides with FIFO at " TARGET_FMT_lx
+ "\n", __FUNCTION__,
+ (target_ulong) virt_base,
+ (target_ulong) (virt_base + size),
+ (target_ulong) entry->addr);
+ exit(-1);
+ }
+
+ while (entry < dma->memmap + dma->memmap_size &&
+ entry->addr <= virt_base)
+ entry ++;
+ }
+
+ memmove(entry + 1, entry,
+ (uint8_t *) (dma->memmap + dma->memmap_size ++) -
+ (uint8_t *) entry);
+ } else
+ dma->memmap_size ++;
+
+ entry->addr = virt_base;
+ entry->type = soc_dma_port_mem;
+ entry->u.mem.base = phys_base;
+ entry->u.mem.size = size;
+}
+
+/* TODO: port removal for ports like PCMCIA memory */
diff --git a/hw/dma/sparc32_dma.c b/hw/dma/sparc32_dma.c
new file mode 100644
index 000000000..2a92ffb82
--- /dev/null
+++ b/hw/dma/sparc32_dma.c
@@ -0,0 +1,321 @@
+/*
+ * QEMU Sparc32 DMA controller emulation
+ *
+ * Copyright (c) 2006 Fabrice Bellard
+ *
+ * Modifications:
+ * 2010-Feb-14 Artyom Tarasenko : reworked irq generation
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+#include "hw/hw.h"
+#include "hw/sparc/sparc32_dma.h"
+#include "hw/sparc/sun4m.h"
+#include "hw/sysbus.h"
+#include "trace.h"
+
+/*
+ * This is the DMA controller part of chip STP2000 (Master I/O), also
+ * produced as NCR89C100. See
+ * http://www.ibiblio.org/pub/historic-linux/early-ports/Sparc/NCR/NCR89C100.txt
+ * and
+ * http://www.ibiblio.org/pub/historic-linux/early-ports/Sparc/NCR/DMA2.txt
+ */
+
+#define DMA_REGS 4
+#define DMA_SIZE (4 * sizeof(uint32_t))
+/* We need the mask, because one instance of the device is not page
+ aligned (ledma, start address 0x0010) */
+#define DMA_MASK (DMA_SIZE - 1)
+/* OBP says 0x20 bytes for ledma, the extras are aliased to espdma */
+#define DMA_ETH_SIZE (8 * sizeof(uint32_t))
+#define DMA_MAX_REG_OFFSET (2 * DMA_SIZE - 1)
+
+#define DMA_VER 0xa0000000
+#define DMA_INTR 1
+#define DMA_INTREN 0x10
+#define DMA_WRITE_MEM 0x100
+#define DMA_EN 0x200
+#define DMA_LOADED 0x04000000
+#define DMA_DRAIN_FIFO 0x40
+#define DMA_RESET 0x80
+
+/* XXX SCSI and ethernet should have different read-only bit masks */
+#define DMA_CSR_RO_MASK 0xfe000007
+
+#define TYPE_SPARC32_DMA "sparc32_dma"
+#define SPARC32_DMA(obj) OBJECT_CHECK(DMAState, (obj), TYPE_SPARC32_DMA)
+
+typedef struct DMAState DMAState;
+
+struct DMAState {
+ SysBusDevice parent_obj;
+
+ MemoryRegion iomem;
+ uint32_t dmaregs[DMA_REGS];
+ qemu_irq irq;
+ void *iommu;
+ qemu_irq gpio[2];
+ uint32_t is_ledma;
+};
+
+enum {
+ GPIO_RESET = 0,
+ GPIO_DMA,
+};
+
+/* Note: on sparc, the lance 16 bit bus is swapped */
+void ledma_memory_read(void *opaque, hwaddr addr,
+ uint8_t *buf, int len, int do_bswap)
+{
+ DMAState *s = opaque;
+ int i;
+
+ addr |= s->dmaregs[3];
+ trace_ledma_memory_read(addr);
+ if (do_bswap) {
+ sparc_iommu_memory_read(s->iommu, addr, buf, len);
+ } else {
+ addr &= ~1;
+ len &= ~1;
+ sparc_iommu_memory_read(s->iommu, addr, buf, len);
+ for(i = 0; i < len; i += 2) {
+ bswap16s((uint16_t *)(buf + i));
+ }
+ }
+}
+
+void ledma_memory_write(void *opaque, hwaddr addr,
+ uint8_t *buf, int len, int do_bswap)
+{
+ DMAState *s = opaque;
+ int l, i;
+ uint16_t tmp_buf[32];
+
+ addr |= s->dmaregs[3];
+ trace_ledma_memory_write(addr);
+ if (do_bswap) {
+ sparc_iommu_memory_write(s->iommu, addr, buf, len);
+ } else {
+ addr &= ~1;
+ len &= ~1;
+ while (len > 0) {
+ l = len;
+ if (l > sizeof(tmp_buf))
+ l = sizeof(tmp_buf);
+ for(i = 0; i < l; i += 2) {
+ tmp_buf[i >> 1] = bswap16(*(uint16_t *)(buf + i));
+ }
+ sparc_iommu_memory_write(s->iommu, addr, (uint8_t *)tmp_buf, l);
+ len -= l;
+ buf += l;
+ addr += l;
+ }
+ }
+}
+
+static void dma_set_irq(void *opaque, int irq, int level)
+{
+ DMAState *s = opaque;
+ if (level) {
+ s->dmaregs[0] |= DMA_INTR;
+ if (s->dmaregs[0] & DMA_INTREN) {
+ trace_sparc32_dma_set_irq_raise();
+ qemu_irq_raise(s->irq);
+ }
+ } else {
+ if (s->dmaregs[0] & DMA_INTR) {
+ s->dmaregs[0] &= ~DMA_INTR;
+ if (s->dmaregs[0] & DMA_INTREN) {
+ trace_sparc32_dma_set_irq_lower();
+ qemu_irq_lower(s->irq);
+ }
+ }
+ }
+}
+
+void espdma_memory_read(void *opaque, uint8_t *buf, int len)
+{
+ DMAState *s = opaque;
+
+ trace_espdma_memory_read(s->dmaregs[1]);
+ sparc_iommu_memory_read(s->iommu, s->dmaregs[1], buf, len);
+ s->dmaregs[1] += len;
+}
+
+void espdma_memory_write(void *opaque, uint8_t *buf, int len)
+{
+ DMAState *s = opaque;
+
+ trace_espdma_memory_write(s->dmaregs[1]);
+ sparc_iommu_memory_write(s->iommu, s->dmaregs[1], buf, len);
+ s->dmaregs[1] += len;
+}
+
+static uint64_t dma_mem_read(void *opaque, hwaddr addr,
+ unsigned size)
+{
+ DMAState *s = opaque;
+ uint32_t saddr;
+
+ if (s->is_ledma && (addr > DMA_MAX_REG_OFFSET)) {
+ /* aliased to espdma, but we can't get there from here */
+ /* buggy driver if using undocumented behavior, just return 0 */
+ trace_sparc32_dma_mem_readl(addr, 0);
+ return 0;
+ }
+ saddr = (addr & DMA_MASK) >> 2;
+ trace_sparc32_dma_mem_readl(addr, s->dmaregs[saddr]);
+ return s->dmaregs[saddr];
+}
+
+static void dma_mem_write(void *opaque, hwaddr addr,
+ uint64_t val, unsigned size)
+{
+ DMAState *s = opaque;
+ uint32_t saddr;
+
+ if (s->is_ledma && (addr > DMA_MAX_REG_OFFSET)) {
+ /* aliased to espdma, but we can't get there from here */
+ trace_sparc32_dma_mem_writel(addr, 0, val);
+ return;
+ }
+ saddr = (addr & DMA_MASK) >> 2;
+ trace_sparc32_dma_mem_writel(addr, s->dmaregs[saddr], val);
+ switch (saddr) {
+ case 0:
+ if (val & DMA_INTREN) {
+ if (s->dmaregs[0] & DMA_INTR) {
+ trace_sparc32_dma_set_irq_raise();
+ qemu_irq_raise(s->irq);
+ }
+ } else {
+ if (s->dmaregs[0] & (DMA_INTR | DMA_INTREN)) {
+ trace_sparc32_dma_set_irq_lower();
+ qemu_irq_lower(s->irq);
+ }
+ }
+ if (val & DMA_RESET) {
+ qemu_irq_raise(s->gpio[GPIO_RESET]);
+ qemu_irq_lower(s->gpio[GPIO_RESET]);
+ } else if (val & DMA_DRAIN_FIFO) {
+ val &= ~DMA_DRAIN_FIFO;
+ } else if (val == 0)
+ val = DMA_DRAIN_FIFO;
+
+ if (val & DMA_EN && !(s->dmaregs[0] & DMA_EN)) {
+ trace_sparc32_dma_enable_raise();
+ qemu_irq_raise(s->gpio[GPIO_DMA]);
+ } else if (!(val & DMA_EN) && !!(s->dmaregs[0] & DMA_EN)) {
+ trace_sparc32_dma_enable_lower();
+ qemu_irq_lower(s->gpio[GPIO_DMA]);
+ }
+
+ val &= ~DMA_CSR_RO_MASK;
+ val |= DMA_VER;
+ s->dmaregs[0] = (s->dmaregs[0] & DMA_CSR_RO_MASK) | val;
+ break;
+ case 1:
+ s->dmaregs[0] |= DMA_LOADED;
+ /* fall through */
+ default:
+ s->dmaregs[saddr] = val;
+ break;
+ }
+}
+
+static const MemoryRegionOps dma_mem_ops = {
+ .read = dma_mem_read,
+ .write = dma_mem_write,
+ .endianness = DEVICE_NATIVE_ENDIAN,
+ .valid = {
+ .min_access_size = 4,
+ .max_access_size = 4,
+ },
+};
+
+static void dma_reset(DeviceState *d)
+{
+ DMAState *s = SPARC32_DMA(d);
+
+ memset(s->dmaregs, 0, DMA_SIZE);
+ s->dmaregs[0] = DMA_VER;
+}
+
+static const VMStateDescription vmstate_dma = {
+ .name ="sparc32_dma",
+ .version_id = 2,
+ .minimum_version_id = 2,
+ .minimum_version_id_old = 2,
+ .fields = (VMStateField []) {
+ VMSTATE_UINT32_ARRAY(dmaregs, DMAState, DMA_REGS),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+static int sparc32_dma_init1(SysBusDevice *sbd)
+{
+ DeviceState *dev = DEVICE(sbd);
+ DMAState *s = SPARC32_DMA(dev);
+ int reg_size;
+
+ sysbus_init_irq(sbd, &s->irq);
+
+ reg_size = s->is_ledma ? DMA_ETH_SIZE : DMA_SIZE;
+ memory_region_init_io(&s->iomem, OBJECT(s), &dma_mem_ops, s,
+ "dma", reg_size);
+ sysbus_init_mmio(sbd, &s->iomem);
+
+ qdev_init_gpio_in(dev, dma_set_irq, 1);
+ qdev_init_gpio_out(dev, s->gpio, 2);
+
+ return 0;
+}
+
+static Property sparc32_dma_properties[] = {
+ DEFINE_PROP_PTR("iommu_opaque", DMAState, iommu),
+ DEFINE_PROP_UINT32("is_ledma", DMAState, is_ledma, 0),
+ DEFINE_PROP_END_OF_LIST(),
+};
+
+static void sparc32_dma_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
+
+ k->init = sparc32_dma_init1;
+ dc->reset = dma_reset;
+ dc->vmsd = &vmstate_dma;
+ dc->props = sparc32_dma_properties;
+}
+
+static const TypeInfo sparc32_dma_info = {
+ .name = TYPE_SPARC32_DMA,
+ .parent = TYPE_SYS_BUS_DEVICE,
+ .instance_size = sizeof(DMAState),
+ .class_init = sparc32_dma_class_init,
+};
+
+static void sparc32_dma_register_types(void)
+{
+ type_register_static(&sparc32_dma_info);
+}
+
+type_init(sparc32_dma_register_types)
diff --git a/hw/dma/sun4m_iommu.c b/hw/dma/sun4m_iommu.c
new file mode 100644
index 000000000..a04409a27
--- /dev/null
+++ b/hw/dma/sun4m_iommu.c
@@ -0,0 +1,391 @@
+/*
+ * QEMU Sun4m iommu emulation
+ *
+ * Copyright (c) 2003-2005 Fabrice Bellard
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+#include "hw/sparc/sun4m.h"
+#include "hw/sysbus.h"
+#include "trace.h"
+
+/*
+ * I/O MMU used by Sun4m systems
+ *
+ * Chipset docs:
+ * "Sun-4M System Architecture (revision 2.0) by Chuck Narad", 950-1373-01,
+ * http://mediacast.sun.com/users/Barton808/media/Sun4M_SystemArchitecture_edited2.pdf
+ */
+
+#define IOMMU_NREGS (4*4096/4)
+#define IOMMU_CTRL (0x0000 >> 2)
+#define IOMMU_CTRL_IMPL 0xf0000000 /* Implementation */
+#define IOMMU_CTRL_VERS 0x0f000000 /* Version */
+#define IOMMU_CTRL_RNGE 0x0000001c /* Mapping RANGE */
+#define IOMMU_RNGE_16MB 0x00000000 /* 0xff000000 -> 0xffffffff */
+#define IOMMU_RNGE_32MB 0x00000004 /* 0xfe000000 -> 0xffffffff */
+#define IOMMU_RNGE_64MB 0x00000008 /* 0xfc000000 -> 0xffffffff */
+#define IOMMU_RNGE_128MB 0x0000000c /* 0xf8000000 -> 0xffffffff */
+#define IOMMU_RNGE_256MB 0x00000010 /* 0xf0000000 -> 0xffffffff */
+#define IOMMU_RNGE_512MB 0x00000014 /* 0xe0000000 -> 0xffffffff */
+#define IOMMU_RNGE_1GB 0x00000018 /* 0xc0000000 -> 0xffffffff */
+#define IOMMU_RNGE_2GB 0x0000001c /* 0x80000000 -> 0xffffffff */
+#define IOMMU_CTRL_ENAB 0x00000001 /* IOMMU Enable */
+#define IOMMU_CTRL_MASK 0x0000001d
+
+#define IOMMU_BASE (0x0004 >> 2)
+#define IOMMU_BASE_MASK 0x07fffc00
+
+#define IOMMU_TLBFLUSH (0x0014 >> 2)
+#define IOMMU_TLBFLUSH_MASK 0xffffffff
+
+#define IOMMU_PGFLUSH (0x0018 >> 2)
+#define IOMMU_PGFLUSH_MASK 0xffffffff
+
+#define IOMMU_AFSR (0x1000 >> 2)
+#define IOMMU_AFSR_ERR 0x80000000 /* LE, TO, or BE asserted */
+#define IOMMU_AFSR_LE 0x40000000 /* SBUS reports error after
+ transaction */
+#define IOMMU_AFSR_TO 0x20000000 /* Write access took more than
+ 12.8 us. */
+#define IOMMU_AFSR_BE 0x10000000 /* Write access received error
+ acknowledge */
+#define IOMMU_AFSR_SIZE 0x0e000000 /* Size of transaction causing error */
+#define IOMMU_AFSR_S 0x01000000 /* Sparc was in supervisor mode */
+#define IOMMU_AFSR_RESV 0x00800000 /* Reserved, forced to 0x8 by
+ hardware */
+#define IOMMU_AFSR_ME 0x00080000 /* Multiple errors occurred */
+#define IOMMU_AFSR_RD 0x00040000 /* A read operation was in progress */
+#define IOMMU_AFSR_FAV 0x00020000 /* IOMMU afar has valid contents */
+#define IOMMU_AFSR_MASK 0xff0fffff
+
+#define IOMMU_AFAR (0x1004 >> 2)
+
+#define IOMMU_AER (0x1008 >> 2) /* Arbiter Enable Register */
+#define IOMMU_AER_EN_P0_ARB 0x00000001 /* MBus master 0x8 (Always 1) */
+#define IOMMU_AER_EN_P1_ARB 0x00000002 /* MBus master 0x9 */
+#define IOMMU_AER_EN_P2_ARB 0x00000004 /* MBus master 0xa */
+#define IOMMU_AER_EN_P3_ARB 0x00000008 /* MBus master 0xb */
+#define IOMMU_AER_EN_0 0x00010000 /* SBus slot 0 */
+#define IOMMU_AER_EN_1 0x00020000 /* SBus slot 1 */
+#define IOMMU_AER_EN_2 0x00040000 /* SBus slot 2 */
+#define IOMMU_AER_EN_3 0x00080000 /* SBus slot 3 */
+#define IOMMU_AER_EN_F 0x00100000 /* SBus on-board */
+#define IOMMU_AER_SBW 0x80000000 /* S-to-M asynchronous writes */
+#define IOMMU_AER_MASK 0x801f000f
+
+#define IOMMU_SBCFG0 (0x1010 >> 2) /* SBUS configration per-slot */
+#define IOMMU_SBCFG1 (0x1014 >> 2) /* SBUS configration per-slot */
+#define IOMMU_SBCFG2 (0x1018 >> 2) /* SBUS configration per-slot */
+#define IOMMU_SBCFG3 (0x101c >> 2) /* SBUS configration per-slot */
+#define IOMMU_SBCFG_SAB30 0x00010000 /* Phys-address bit 30 when
+ bypass enabled */
+#define IOMMU_SBCFG_BA16 0x00000004 /* Slave supports 16 byte bursts */
+#define IOMMU_SBCFG_BA8 0x00000002 /* Slave supports 8 byte bursts */
+#define IOMMU_SBCFG_BYPASS 0x00000001 /* Bypass IOMMU, treat all addresses
+ produced by this device as pure
+ physical. */
+#define IOMMU_SBCFG_MASK 0x00010003
+
+#define IOMMU_ARBEN (0x2000 >> 2) /* SBUS arbitration enable */
+#define IOMMU_ARBEN_MASK 0x001f0000
+#define IOMMU_MID 0x00000008
+
+#define IOMMU_MASK_ID (0x3018 >> 2) /* Mask ID */
+#define IOMMU_MASK_ID_MASK 0x00ffffff
+
+#define IOMMU_MSII_MASK 0x26000000 /* microSPARC II mask number */
+#define IOMMU_TS_MASK 0x23000000 /* turboSPARC mask number */
+
+/* The format of an iopte in the page tables */
+#define IOPTE_PAGE 0xffffff00 /* Physical page number (PA[35:12]) */
+#define IOPTE_CACHE 0x00000080 /* Cached (in vme IOCACHE or
+ Viking/MXCC) */
+#define IOPTE_WRITE 0x00000004 /* Writable */
+#define IOPTE_VALID 0x00000002 /* IOPTE is valid */
+#define IOPTE_WAZ 0x00000001 /* Write as zeros */
+
+#define IOMMU_PAGE_SHIFT 12
+#define IOMMU_PAGE_SIZE (1 << IOMMU_PAGE_SHIFT)
+#define IOMMU_PAGE_MASK ~(IOMMU_PAGE_SIZE - 1)
+
+#define TYPE_SUN4M_IOMMU "iommu"
+#define SUN4M_IOMMU(obj) OBJECT_CHECK(IOMMUState, (obj), TYPE_SUN4M_IOMMU)
+
+typedef struct IOMMUState {
+ SysBusDevice parent_obj;
+
+ MemoryRegion iomem;
+ uint32_t regs[IOMMU_NREGS];
+ hwaddr iostart;
+ qemu_irq irq;
+ uint32_t version;
+} IOMMUState;
+
+static uint64_t iommu_mem_read(void *opaque, hwaddr addr,
+ unsigned size)
+{
+ IOMMUState *s = opaque;
+ hwaddr saddr;
+ uint32_t ret;
+
+ saddr = addr >> 2;
+ switch (saddr) {
+ default:
+ ret = s->regs[saddr];
+ break;
+ case IOMMU_AFAR:
+ case IOMMU_AFSR:
+ ret = s->regs[saddr];
+ qemu_irq_lower(s->irq);
+ break;
+ }
+ trace_sun4m_iommu_mem_readl(saddr, ret);
+ return ret;
+}
+
+static void iommu_mem_write(void *opaque, hwaddr addr,
+ uint64_t val, unsigned size)
+{
+ IOMMUState *s = opaque;
+ hwaddr saddr;
+
+ saddr = addr >> 2;
+ trace_sun4m_iommu_mem_writel(saddr, val);
+ switch (saddr) {
+ case IOMMU_CTRL:
+ switch (val & IOMMU_CTRL_RNGE) {
+ case IOMMU_RNGE_16MB:
+ s->iostart = 0xffffffffff000000ULL;
+ break;
+ case IOMMU_RNGE_32MB:
+ s->iostart = 0xfffffffffe000000ULL;
+ break;
+ case IOMMU_RNGE_64MB:
+ s->iostart = 0xfffffffffc000000ULL;
+ break;
+ case IOMMU_RNGE_128MB:
+ s->iostart = 0xfffffffff8000000ULL;
+ break;
+ case IOMMU_RNGE_256MB:
+ s->iostart = 0xfffffffff0000000ULL;
+ break;
+ case IOMMU_RNGE_512MB:
+ s->iostart = 0xffffffffe0000000ULL;
+ break;
+ case IOMMU_RNGE_1GB:
+ s->iostart = 0xffffffffc0000000ULL;
+ break;
+ default:
+ case IOMMU_RNGE_2GB:
+ s->iostart = 0xffffffff80000000ULL;
+ break;
+ }
+ trace_sun4m_iommu_mem_writel_ctrl(s->iostart);
+ s->regs[saddr] = ((val & IOMMU_CTRL_MASK) | s->version);
+ break;
+ case IOMMU_BASE:
+ s->regs[saddr] = val & IOMMU_BASE_MASK;
+ break;
+ case IOMMU_TLBFLUSH:
+ trace_sun4m_iommu_mem_writel_tlbflush(val);
+ s->regs[saddr] = val & IOMMU_TLBFLUSH_MASK;
+ break;
+ case IOMMU_PGFLUSH:
+ trace_sun4m_iommu_mem_writel_pgflush(val);
+ s->regs[saddr] = val & IOMMU_PGFLUSH_MASK;
+ break;
+ case IOMMU_AFAR:
+ s->regs[saddr] = val;
+ qemu_irq_lower(s->irq);
+ break;
+ case IOMMU_AER:
+ s->regs[saddr] = (val & IOMMU_AER_MASK) | IOMMU_AER_EN_P0_ARB;
+ break;
+ case IOMMU_AFSR:
+ s->regs[saddr] = (val & IOMMU_AFSR_MASK) | IOMMU_AFSR_RESV;
+ qemu_irq_lower(s->irq);
+ break;
+ case IOMMU_SBCFG0:
+ case IOMMU_SBCFG1:
+ case IOMMU_SBCFG2:
+ case IOMMU_SBCFG3:
+ s->regs[saddr] = val & IOMMU_SBCFG_MASK;
+ break;
+ case IOMMU_ARBEN:
+ // XXX implement SBus probing: fault when reading unmapped
+ // addresses, fault cause and address stored to MMU/IOMMU
+ s->regs[saddr] = (val & IOMMU_ARBEN_MASK) | IOMMU_MID;
+ break;
+ case IOMMU_MASK_ID:
+ s->regs[saddr] |= val & IOMMU_MASK_ID_MASK;
+ break;
+ default:
+ s->regs[saddr] = val;
+ break;
+ }
+}
+
+static const MemoryRegionOps iommu_mem_ops = {
+ .read = iommu_mem_read,
+ .write = iommu_mem_write,
+ .endianness = DEVICE_NATIVE_ENDIAN,
+ .valid = {
+ .min_access_size = 4,
+ .max_access_size = 4,
+ },
+};
+
+static uint32_t iommu_page_get_flags(IOMMUState *s, hwaddr addr)
+{
+ uint32_t ret;
+ hwaddr iopte;
+ hwaddr pa = addr;
+
+ iopte = s->regs[IOMMU_BASE] << 4;
+ addr &= ~s->iostart;
+ iopte += (addr >> (IOMMU_PAGE_SHIFT - 2)) & ~3;
+ ret = ldl_be_phys(iopte);
+ trace_sun4m_iommu_page_get_flags(pa, iopte, ret);
+ return ret;
+}
+
+static hwaddr iommu_translate_pa(hwaddr addr,
+ uint32_t pte)
+{
+ hwaddr pa;
+
+ pa = ((pte & IOPTE_PAGE) << 4) + (addr & ~IOMMU_PAGE_MASK);
+ trace_sun4m_iommu_translate_pa(addr, pa, pte);
+ return pa;
+}
+
+static void iommu_bad_addr(IOMMUState *s, hwaddr addr,
+ int is_write)
+{
+ trace_sun4m_iommu_bad_addr(addr);
+ s->regs[IOMMU_AFSR] = IOMMU_AFSR_ERR | IOMMU_AFSR_LE | IOMMU_AFSR_RESV |
+ IOMMU_AFSR_FAV;
+ if (!is_write)
+ s->regs[IOMMU_AFSR] |= IOMMU_AFSR_RD;
+ s->regs[IOMMU_AFAR] = addr;
+ qemu_irq_raise(s->irq);
+}
+
+void sparc_iommu_memory_rw(void *opaque, hwaddr addr,
+ uint8_t *buf, int len, int is_write)
+{
+ int l;
+ uint32_t flags;
+ hwaddr page, phys_addr;
+
+ while (len > 0) {
+ page = addr & IOMMU_PAGE_MASK;
+ l = (page + IOMMU_PAGE_SIZE) - addr;
+ if (l > len)
+ l = len;
+ flags = iommu_page_get_flags(opaque, page);
+ if (!(flags & IOPTE_VALID)) {
+ iommu_bad_addr(opaque, page, is_write);
+ return;
+ }
+ phys_addr = iommu_translate_pa(addr, flags);
+ if (is_write) {
+ if (!(flags & IOPTE_WRITE)) {
+ iommu_bad_addr(opaque, page, is_write);
+ return;
+ }
+ cpu_physical_memory_write(phys_addr, buf, l);
+ } else {
+ cpu_physical_memory_read(phys_addr, buf, l);
+ }
+ len -= l;
+ buf += l;
+ addr += l;
+ }
+}
+
+static const VMStateDescription vmstate_iommu = {
+ .name ="iommu",
+ .version_id = 2,
+ .minimum_version_id = 2,
+ .minimum_version_id_old = 2,
+ .fields = (VMStateField []) {
+ VMSTATE_UINT32_ARRAY(regs, IOMMUState, IOMMU_NREGS),
+ VMSTATE_UINT64(iostart, IOMMUState),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+static void iommu_reset(DeviceState *d)
+{
+ IOMMUState *s = SUN4M_IOMMU(d);
+
+ memset(s->regs, 0, IOMMU_NREGS * 4);
+ s->iostart = 0;
+ s->regs[IOMMU_CTRL] = s->version;
+ s->regs[IOMMU_ARBEN] = IOMMU_MID;
+ s->regs[IOMMU_AFSR] = IOMMU_AFSR_RESV;
+ s->regs[IOMMU_AER] = IOMMU_AER_EN_P0_ARB | IOMMU_AER_EN_P1_ARB;
+ s->regs[IOMMU_MASK_ID] = IOMMU_TS_MASK;
+}
+
+static int iommu_init1(SysBusDevice *dev)
+{
+ IOMMUState *s = SUN4M_IOMMU(dev);
+
+ sysbus_init_irq(dev, &s->irq);
+
+ memory_region_init_io(&s->iomem, OBJECT(s), &iommu_mem_ops, s, "iommu",
+ IOMMU_NREGS * sizeof(uint32_t));
+ sysbus_init_mmio(dev, &s->iomem);
+
+ return 0;
+}
+
+static Property iommu_properties[] = {
+ DEFINE_PROP_HEX32("version", IOMMUState, version, 0),
+ DEFINE_PROP_END_OF_LIST(),
+};
+
+static void iommu_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
+
+ k->init = iommu_init1;
+ dc->reset = iommu_reset;
+ dc->vmsd = &vmstate_iommu;
+ dc->props = iommu_properties;
+}
+
+static const TypeInfo iommu_info = {
+ .name = TYPE_SUN4M_IOMMU,
+ .parent = TYPE_SYS_BUS_DEVICE,
+ .instance_size = sizeof(IOMMUState),
+ .class_init = iommu_class_init,
+};
+
+static void iommu_register_types(void)
+{
+ type_register_static(&iommu_info);
+}
+
+type_init(iommu_register_types)
diff --git a/hw/dma/xilinx_axidma.c b/hw/dma/xilinx_axidma.c
new file mode 100644
index 000000000..a48e3baa9
--- /dev/null
+++ b/hw/dma/xilinx_axidma.c
@@ -0,0 +1,668 @@
+/*
+ * QEMU model of Xilinx AXI-DMA block.
+ *
+ * Copyright (c) 2011 Edgar E. Iglesias.
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+#include "hw/sysbus.h"
+#include "qemu/timer.h"
+#include "hw/ptimer.h"
+#include "qemu/log.h"
+#include "qapi/qmp/qerror.h"
+
+#include "hw/stream.h"
+
+#define D(x)
+
+#define TYPE_XILINX_AXI_DMA "xlnx.axi-dma"
+#define TYPE_XILINX_AXI_DMA_DATA_STREAM "xilinx-axi-dma-data-stream"
+#define TYPE_XILINX_AXI_DMA_CONTROL_STREAM "xilinx-axi-dma-control-stream"
+
+#define XILINX_AXI_DMA(obj) \
+ OBJECT_CHECK(XilinxAXIDMA, (obj), TYPE_XILINX_AXI_DMA)
+
+#define XILINX_AXI_DMA_DATA_STREAM(obj) \
+ OBJECT_CHECK(XilinxAXIDMAStreamSlave, (obj),\
+ TYPE_XILINX_AXI_DMA_DATA_STREAM)
+
+#define XILINX_AXI_DMA_CONTROL_STREAM(obj) \
+ OBJECT_CHECK(XilinxAXIDMAStreamSlave, (obj),\
+ TYPE_XILINX_AXI_DMA_CONTROL_STREAM)
+
+#define R_DMACR (0x00 / 4)
+#define R_DMASR (0x04 / 4)
+#define R_CURDESC (0x08 / 4)
+#define R_TAILDESC (0x10 / 4)
+#define R_MAX (0x30 / 4)
+
+#define CONTROL_PAYLOAD_WORDS 5
+#define CONTROL_PAYLOAD_SIZE (CONTROL_PAYLOAD_WORDS * (sizeof(uint32_t)))
+
+typedef struct XilinxAXIDMA XilinxAXIDMA;
+typedef struct XilinxAXIDMAStreamSlave XilinxAXIDMAStreamSlave;
+
+enum {
+ DMACR_RUNSTOP = 1,
+ DMACR_TAILPTR_MODE = 2,
+ DMACR_RESET = 4
+};
+
+enum {
+ DMASR_HALTED = 1,
+ DMASR_IDLE = 2,
+ DMASR_IOC_IRQ = 1 << 12,
+ DMASR_DLY_IRQ = 1 << 13,
+
+ DMASR_IRQ_MASK = 7 << 12
+};
+
+struct SDesc {
+ uint64_t nxtdesc;
+ uint64_t buffer_address;
+ uint64_t reserved;
+ uint32_t control;
+ uint32_t status;
+ uint8_t app[CONTROL_PAYLOAD_SIZE];
+};
+
+enum {
+ SDESC_CTRL_EOF = (1 << 26),
+ SDESC_CTRL_SOF = (1 << 27),
+
+ SDESC_CTRL_LEN_MASK = (1 << 23) - 1
+};
+
+enum {
+ SDESC_STATUS_EOF = (1 << 26),
+ SDESC_STATUS_SOF_BIT = 27,
+ SDESC_STATUS_SOF = (1 << SDESC_STATUS_SOF_BIT),
+ SDESC_STATUS_COMPLETE = (1 << 31)
+};
+
+struct Stream {
+ QEMUBH *bh;
+ ptimer_state *ptimer;
+ qemu_irq irq;
+
+ int nr;
+
+ struct SDesc desc;
+ int pos;
+ unsigned int complete_cnt;
+ uint32_t regs[R_MAX];
+ uint8_t app[20];
+};
+
+struct XilinxAXIDMAStreamSlave {
+ Object parent;
+
+ struct XilinxAXIDMA *dma;
+};
+
+struct XilinxAXIDMA {
+ SysBusDevice busdev;
+ MemoryRegion iomem;
+ uint32_t freqhz;
+ StreamSlave *tx_data_dev;
+ StreamSlave *tx_control_dev;
+ XilinxAXIDMAStreamSlave rx_data_dev;
+ XilinxAXIDMAStreamSlave rx_control_dev;
+
+ struct Stream streams[2];
+
+ StreamCanPushNotifyFn notify;
+ void *notify_opaque;
+};
+
+/*
+ * Helper calls to extract info from desriptors and other trivial
+ * state from regs.
+ */
+static inline int stream_desc_sof(struct SDesc *d)
+{
+ return d->control & SDESC_CTRL_SOF;
+}
+
+static inline int stream_desc_eof(struct SDesc *d)
+{
+ return d->control & SDESC_CTRL_EOF;
+}
+
+static inline int stream_resetting(struct Stream *s)
+{
+ return !!(s->regs[R_DMACR] & DMACR_RESET);
+}
+
+static inline int stream_running(struct Stream *s)
+{
+ return s->regs[R_DMACR] & DMACR_RUNSTOP;
+}
+
+static inline int stream_halted(struct Stream *s)
+{
+ return s->regs[R_DMASR] & DMASR_HALTED;
+}
+
+static inline int stream_idle(struct Stream *s)
+{
+ return !!(s->regs[R_DMASR] & DMASR_IDLE);
+}
+
+static void stream_reset(struct Stream *s)
+{
+ s->regs[R_DMASR] = DMASR_HALTED; /* starts up halted. */
+ s->regs[R_DMACR] = 1 << 16; /* Starts with one in compl threshold. */
+}
+
+/* Map an offset addr into a channel index. */
+static inline int streamid_from_addr(hwaddr addr)
+{
+ int sid;
+
+ sid = addr / (0x30);
+ sid &= 1;
+ return sid;
+}
+
+#ifdef DEBUG_ENET
+static void stream_desc_show(struct SDesc *d)
+{
+ qemu_log("buffer_addr = " PRIx64 "\n", d->buffer_address);
+ qemu_log("nxtdesc = " PRIx64 "\n", d->nxtdesc);
+ qemu_log("control = %x\n", d->control);
+ qemu_log("status = %x\n", d->status);
+}
+#endif
+
+static void stream_desc_load(struct Stream *s, hwaddr addr)
+{
+ struct SDesc *d = &s->desc;
+
+ cpu_physical_memory_read(addr, d, sizeof *d);
+
+ /* Convert from LE into host endianness. */
+ d->buffer_address = le64_to_cpu(d->buffer_address);
+ d->nxtdesc = le64_to_cpu(d->nxtdesc);
+ d->control = le32_to_cpu(d->control);
+ d->status = le32_to_cpu(d->status);
+}
+
+static void stream_desc_store(struct Stream *s, hwaddr addr)
+{
+ struct SDesc *d = &s->desc;
+
+ /* Convert from host endianness into LE. */
+ d->buffer_address = cpu_to_le64(d->buffer_address);
+ d->nxtdesc = cpu_to_le64(d->nxtdesc);
+ d->control = cpu_to_le32(d->control);
+ d->status = cpu_to_le32(d->status);
+ cpu_physical_memory_write(addr, d, sizeof *d);
+}
+
+static void stream_update_irq(struct Stream *s)
+{
+ unsigned int pending, mask, irq;
+
+ pending = s->regs[R_DMASR] & DMASR_IRQ_MASK;
+ mask = s->regs[R_DMACR] & DMASR_IRQ_MASK;
+
+ irq = pending & mask;
+
+ qemu_set_irq(s->irq, !!irq);
+}
+
+static void stream_reload_complete_cnt(struct Stream *s)
+{
+ unsigned int comp_th;
+ comp_th = (s->regs[R_DMACR] >> 16) & 0xff;
+ s->complete_cnt = comp_th;
+}
+
+static void timer_hit(void *opaque)
+{
+ struct Stream *s = opaque;
+
+ stream_reload_complete_cnt(s);
+ s->regs[R_DMASR] |= DMASR_DLY_IRQ;
+ stream_update_irq(s);
+}
+
+static void stream_complete(struct Stream *s)
+{
+ unsigned int comp_delay;
+
+ /* Start the delayed timer. */
+ comp_delay = s->regs[R_DMACR] >> 24;
+ if (comp_delay) {
+ ptimer_stop(s->ptimer);
+ ptimer_set_count(s->ptimer, comp_delay);
+ ptimer_run(s->ptimer, 1);
+ }
+
+ s->complete_cnt--;
+ if (s->complete_cnt == 0) {
+ /* Raise the IOC irq. */
+ s->regs[R_DMASR] |= DMASR_IOC_IRQ;
+ stream_reload_complete_cnt(s);
+ }
+}
+
+static void stream_process_mem2s(struct Stream *s, StreamSlave *tx_data_dev,
+ StreamSlave *tx_control_dev)
+{
+ uint32_t prev_d;
+ unsigned char txbuf[16 * 1024];
+ unsigned int txlen;
+
+ if (!stream_running(s) || stream_idle(s)) {
+ return;
+ }
+
+ while (1) {
+ stream_desc_load(s, s->regs[R_CURDESC]);
+
+ if (s->desc.status & SDESC_STATUS_COMPLETE) {
+ s->regs[R_DMASR] |= DMASR_HALTED;
+ break;
+ }
+
+ if (stream_desc_sof(&s->desc)) {
+ s->pos = 0;
+ stream_push(tx_control_dev, s->desc.app, sizeof(s->desc.app));
+ }
+
+ txlen = s->desc.control & SDESC_CTRL_LEN_MASK;
+ if ((txlen + s->pos) > sizeof txbuf) {
+ hw_error("%s: too small internal txbuf! %d\n", __func__,
+ txlen + s->pos);
+ }
+
+ cpu_physical_memory_read(s->desc.buffer_address,
+ txbuf + s->pos, txlen);
+ s->pos += txlen;
+
+ if (stream_desc_eof(&s->desc)) {
+ stream_push(tx_data_dev, txbuf, s->pos);
+ s->pos = 0;
+ stream_complete(s);
+ }
+
+ /* Update the descriptor. */
+ s->desc.status = txlen | SDESC_STATUS_COMPLETE;
+ stream_desc_store(s, s->regs[R_CURDESC]);
+
+ /* Advance. */
+ prev_d = s->regs[R_CURDESC];
+ s->regs[R_CURDESC] = s->desc.nxtdesc;
+ if (prev_d == s->regs[R_TAILDESC]) {
+ s->regs[R_DMASR] |= DMASR_IDLE;
+ break;
+ }
+ }
+}
+
+static size_t stream_process_s2mem(struct Stream *s, unsigned char *buf,
+ size_t len)
+{
+ uint32_t prev_d;
+ unsigned int rxlen;
+ size_t pos = 0;
+ int sof = 1;
+
+ if (!stream_running(s) || stream_idle(s)) {
+ return 0;
+ }
+
+ while (len) {
+ stream_desc_load(s, s->regs[R_CURDESC]);
+
+ if (s->desc.status & SDESC_STATUS_COMPLETE) {
+ s->regs[R_DMASR] |= DMASR_HALTED;
+ break;
+ }
+
+ rxlen = s->desc.control & SDESC_CTRL_LEN_MASK;
+ if (rxlen > len) {
+ /* It fits. */
+ rxlen = len;
+ }
+
+ cpu_physical_memory_write(s->desc.buffer_address, buf + pos, rxlen);
+ len -= rxlen;
+ pos += rxlen;
+
+ /* Update the descriptor. */
+ if (!len) {
+ stream_complete(s);
+ memcpy(s->desc.app, s->app, sizeof(s->desc.app));
+ s->desc.status |= SDESC_STATUS_EOF;
+ }
+
+ s->desc.status |= sof << SDESC_STATUS_SOF_BIT;
+ s->desc.status |= SDESC_STATUS_COMPLETE;
+ stream_desc_store(s, s->regs[R_CURDESC]);
+ sof = 0;
+
+ /* Advance. */
+ prev_d = s->regs[R_CURDESC];
+ s->regs[R_CURDESC] = s->desc.nxtdesc;
+ if (prev_d == s->regs[R_TAILDESC]) {
+ s->regs[R_DMASR] |= DMASR_IDLE;
+ break;
+ }
+ }
+
+ return pos;
+}
+
+static void xilinx_axidma_reset(DeviceState *dev)
+{
+ int i;
+ XilinxAXIDMA *s = XILINX_AXI_DMA(dev);
+
+ for (i = 0; i < 2; i++) {
+ stream_reset(&s->streams[i]);
+ }
+}
+
+static size_t
+xilinx_axidma_control_stream_push(StreamSlave *obj, unsigned char *buf,
+ size_t len)
+{
+ XilinxAXIDMAStreamSlave *cs = XILINX_AXI_DMA_CONTROL_STREAM(obj);
+ struct Stream *s = &cs->dma->streams[1];
+
+ if (len != CONTROL_PAYLOAD_SIZE) {
+ hw_error("AXI DMA requires %d byte control stream payload\n",
+ (int)CONTROL_PAYLOAD_SIZE);
+ }
+
+ memcpy(s->app, buf, len);
+ return len;
+}
+
+static bool
+xilinx_axidma_data_stream_can_push(StreamSlave *obj,
+ StreamCanPushNotifyFn notify,
+ void *notify_opaque)
+{
+ XilinxAXIDMAStreamSlave *ds = XILINX_AXI_DMA_DATA_STREAM(obj);
+ struct Stream *s = &ds->dma->streams[1];
+
+ if (!stream_running(s) || stream_idle(s)) {
+ ds->dma->notify = notify;
+ ds->dma->notify_opaque = notify_opaque;
+ return false;
+ }
+
+ return true;
+}
+
+static size_t
+xilinx_axidma_data_stream_push(StreamSlave *obj, unsigned char *buf, size_t len)
+{
+ XilinxAXIDMAStreamSlave *ds = XILINX_AXI_DMA_DATA_STREAM(obj);
+ struct Stream *s = &ds->dma->streams[1];
+ size_t ret;
+
+ ret = stream_process_s2mem(s, buf, len);
+ stream_update_irq(s);
+ return ret;
+}
+
+static uint64_t axidma_read(void *opaque, hwaddr addr,
+ unsigned size)
+{
+ XilinxAXIDMA *d = opaque;
+ struct Stream *s;
+ uint32_t r = 0;
+ int sid;
+
+ sid = streamid_from_addr(addr);
+ s = &d->streams[sid];
+
+ addr = addr % 0x30;
+ addr >>= 2;
+ switch (addr) {
+ case R_DMACR:
+ /* Simulate one cycles reset delay. */
+ s->regs[addr] &= ~DMACR_RESET;
+ r = s->regs[addr];
+ break;
+ case R_DMASR:
+ s->regs[addr] &= 0xffff;
+ s->regs[addr] |= (s->complete_cnt & 0xff) << 16;
+ s->regs[addr] |= (ptimer_get_count(s->ptimer) & 0xff) << 24;
+ r = s->regs[addr];
+ break;
+ default:
+ r = s->regs[addr];
+ D(qemu_log("%s ch=%d addr=" TARGET_FMT_plx " v=%x\n",
+ __func__, sid, addr * 4, r));
+ break;
+ }
+ return r;
+
+}
+
+static void axidma_write(void *opaque, hwaddr addr,
+ uint64_t value, unsigned size)
+{
+ XilinxAXIDMA *d = opaque;
+ struct Stream *s;
+ int sid;
+
+ sid = streamid_from_addr(addr);
+ s = &d->streams[sid];
+
+ addr = addr % 0x30;
+ addr >>= 2;
+ switch (addr) {
+ case R_DMACR:
+ /* Tailptr mode is always on. */
+ value |= DMACR_TAILPTR_MODE;
+ /* Remember our previous reset state. */
+ value |= (s->regs[addr] & DMACR_RESET);
+ s->regs[addr] = value;
+
+ if (value & DMACR_RESET) {
+ stream_reset(s);
+ }
+
+ if ((value & 1) && !stream_resetting(s)) {
+ /* Start processing. */
+ s->regs[R_DMASR] &= ~(DMASR_HALTED | DMASR_IDLE);
+ }
+ stream_reload_complete_cnt(s);
+ break;
+
+ case R_DMASR:
+ /* Mask away write to clear irq lines. */
+ value &= ~(value & DMASR_IRQ_MASK);
+ s->regs[addr] = value;
+ break;
+
+ case R_TAILDESC:
+ s->regs[addr] = value;
+ s->regs[R_DMASR] &= ~DMASR_IDLE; /* Not idle. */
+ if (!sid) {
+ stream_process_mem2s(s, d->tx_data_dev, d->tx_control_dev);
+ }
+ break;
+ default:
+ D(qemu_log("%s: ch=%d addr=" TARGET_FMT_plx " v=%x\n",
+ __func__, sid, addr * 4, (unsigned)value));
+ s->regs[addr] = value;
+ break;
+ }
+ if (sid == 1 && d->notify) {
+ StreamCanPushNotifyFn notifytmp = d->notify;
+ d->notify = NULL;
+ notifytmp(d->notify_opaque);
+ }
+ stream_update_irq(s);
+}
+
+static const MemoryRegionOps axidma_ops = {
+ .read = axidma_read,
+ .write = axidma_write,
+ .endianness = DEVICE_NATIVE_ENDIAN,
+};
+
+static void xilinx_axidma_realize(DeviceState *dev, Error **errp)
+{
+ XilinxAXIDMA *s = XILINX_AXI_DMA(dev);
+ XilinxAXIDMAStreamSlave *ds = XILINX_AXI_DMA_DATA_STREAM(&s->rx_data_dev);
+ XilinxAXIDMAStreamSlave *cs = XILINX_AXI_DMA_CONTROL_STREAM(
+ &s->rx_control_dev);
+ Error *local_errp = NULL;
+
+ object_property_add_link(OBJECT(ds), "dma", TYPE_XILINX_AXI_DMA,
+ (Object **)&ds->dma, &local_errp);
+ object_property_add_link(OBJECT(cs), "dma", TYPE_XILINX_AXI_DMA,
+ (Object **)&cs->dma, &local_errp);
+ if (local_errp) {
+ goto xilinx_axidma_realize_fail;
+ }
+ object_property_set_link(OBJECT(ds), OBJECT(s), "dma", &local_errp);
+ object_property_set_link(OBJECT(cs), OBJECT(s), "dma", &local_errp);
+ if (local_errp) {
+ goto xilinx_axidma_realize_fail;
+ }
+
+ int i;
+
+ for (i = 0; i < 2; i++) {
+ s->streams[i].nr = i;
+ s->streams[i].bh = qemu_bh_new(timer_hit, &s->streams[i]);
+ s->streams[i].ptimer = ptimer_init(s->streams[i].bh);
+ ptimer_set_freq(s->streams[i].ptimer, s->freqhz);
+ }
+ return;
+
+xilinx_axidma_realize_fail:
+ if (!*errp) {
+ *errp = local_errp;
+ }
+}
+
+static void xilinx_axidma_init(Object *obj)
+{
+ XilinxAXIDMA *s = XILINX_AXI_DMA(obj);
+ SysBusDevice *sbd = SYS_BUS_DEVICE(obj);
+ Error *errp = NULL;
+
+ object_property_add_link(obj, "axistream-connected", TYPE_STREAM_SLAVE,
+ (Object **) &s->tx_data_dev, &errp);
+ assert_no_error(errp);
+ object_property_add_link(obj, "axistream-control-connected",
+ TYPE_STREAM_SLAVE,
+ (Object **) &s->tx_control_dev, &errp);
+ assert_no_error(errp);
+
+ object_initialize(&s->rx_data_dev, TYPE_XILINX_AXI_DMA_DATA_STREAM);
+ object_initialize(&s->rx_control_dev, TYPE_XILINX_AXI_DMA_CONTROL_STREAM);
+ object_property_add_child(OBJECT(s), "axistream-connected-target",
+ (Object *)&s->rx_data_dev, &errp);
+ assert_no_error(errp);
+ object_property_add_child(OBJECT(s), "axistream-control-connected-target",
+ (Object *)&s->rx_control_dev, &errp);
+ assert_no_error(errp);
+
+ sysbus_init_irq(sbd, &s->streams[0].irq);
+ sysbus_init_irq(sbd, &s->streams[1].irq);
+
+ memory_region_init_io(&s->iomem, obj, &axidma_ops, s,
+ "xlnx.axi-dma", R_MAX * 4 * 2);
+ sysbus_init_mmio(sbd, &s->iomem);
+}
+
+static Property axidma_properties[] = {
+ DEFINE_PROP_UINT32("freqhz", XilinxAXIDMA, freqhz, 50000000),
+ DEFINE_PROP_END_OF_LIST(),
+};
+
+static void axidma_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+
+ dc->realize = xilinx_axidma_realize,
+ dc->reset = xilinx_axidma_reset;
+ dc->props = axidma_properties;
+}
+
+static StreamSlaveClass xilinx_axidma_data_stream_class = {
+ .push = xilinx_axidma_data_stream_push,
+ .can_push = xilinx_axidma_data_stream_can_push,
+};
+
+static StreamSlaveClass xilinx_axidma_control_stream_class = {
+ .push = xilinx_axidma_control_stream_push,
+};
+
+static void xilinx_axidma_stream_class_init(ObjectClass *klass, void *data)
+{
+ StreamSlaveClass *ssc = STREAM_SLAVE_CLASS(klass);
+
+ ssc->push = ((StreamSlaveClass *)data)->push;
+ ssc->can_push = ((StreamSlaveClass *)data)->can_push;
+}
+
+static const TypeInfo axidma_info = {
+ .name = TYPE_XILINX_AXI_DMA,
+ .parent = TYPE_SYS_BUS_DEVICE,
+ .instance_size = sizeof(XilinxAXIDMA),
+ .class_init = axidma_class_init,
+ .instance_init = xilinx_axidma_init,
+};
+
+static const TypeInfo xilinx_axidma_data_stream_info = {
+ .name = TYPE_XILINX_AXI_DMA_DATA_STREAM,
+ .parent = TYPE_OBJECT,
+ .instance_size = sizeof(struct XilinxAXIDMAStreamSlave),
+ .class_init = xilinx_axidma_stream_class_init,
+ .class_data = &xilinx_axidma_data_stream_class,
+ .interfaces = (InterfaceInfo[]) {
+ { TYPE_STREAM_SLAVE },
+ { }
+ }
+};
+
+static const TypeInfo xilinx_axidma_control_stream_info = {
+ .name = TYPE_XILINX_AXI_DMA_CONTROL_STREAM,
+ .parent = TYPE_OBJECT,
+ .instance_size = sizeof(struct XilinxAXIDMAStreamSlave),
+ .class_init = xilinx_axidma_stream_class_init,
+ .class_data = &xilinx_axidma_control_stream_class,
+ .interfaces = (InterfaceInfo[]) {
+ { TYPE_STREAM_SLAVE },
+ { }
+ }
+};
+
+static void xilinx_axidma_register_types(void)
+{
+ type_register_static(&axidma_info);
+ type_register_static(&xilinx_axidma_data_stream_info);
+ type_register_static(&xilinx_axidma_control_stream_info);
+}
+
+type_init(xilinx_axidma_register_types)
diff --git a/hw/dp8393x.c b/hw/dp8393x.c
deleted file mode 100644
index 3f6386eee..000000000
--- a/hw/dp8393x.c
+++ /dev/null
@@ -1,913 +0,0 @@
-/*
- * QEMU NS SONIC DP8393x netcard
- *
- * Copyright (c) 2008-2009 Herve Poussineau
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License as
- * published by the Free Software Foundation; either version 2 of
- * the License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, see <http://www.gnu.org/licenses/>.
- */
-
-#include "hw.h"
-#include "qemu-timer.h"
-#include "net.h"
-#include "mips.h"
-
-//#define DEBUG_SONIC
-
-/* Calculate CRCs properly on Rx packets */
-#define SONIC_CALCULATE_RXCRC
-
-#if defined(SONIC_CALCULATE_RXCRC)
-/* For crc32 */
-#include <zlib.h>
-#endif
-
-#ifdef DEBUG_SONIC
-#define DPRINTF(fmt, ...) \
-do { printf("sonic: " fmt , ## __VA_ARGS__); } while (0)
-static const char* reg_names[] = {
- "CR", "DCR", "RCR", "TCR", "IMR", "ISR", "UTDA", "CTDA",
- "TPS", "TFC", "TSA0", "TSA1", "TFS", "URDA", "CRDA", "CRBA0",
- "CRBA1", "RBWC0", "RBWC1", "EOBC", "URRA", "RSA", "REA", "RRP",
- "RWP", "TRBA0", "TRBA1", "0x1b", "0x1c", "0x1d", "0x1e", "LLFA",
- "TTDA", "CEP", "CAP2", "CAP1", "CAP0", "CE", "CDP", "CDC",
- "SR", "WT0", "WT1", "RSC", "CRCT", "FAET", "MPT", "MDT",
- "0x30", "0x31", "0x32", "0x33", "0x34", "0x35", "0x36", "0x37",
- "0x38", "0x39", "0x3a", "0x3b", "0x3c", "0x3d", "0x3e", "DCR2" };
-#else
-#define DPRINTF(fmt, ...) do {} while (0)
-#endif
-
-#define SONIC_ERROR(fmt, ...) \
-do { printf("sonic ERROR: %s: " fmt, __func__ , ## __VA_ARGS__); } while (0)
-
-#define SONIC_CR 0x00
-#define SONIC_DCR 0x01
-#define SONIC_RCR 0x02
-#define SONIC_TCR 0x03
-#define SONIC_IMR 0x04
-#define SONIC_ISR 0x05
-#define SONIC_UTDA 0x06
-#define SONIC_CTDA 0x07
-#define SONIC_TPS 0x08
-#define SONIC_TFC 0x09
-#define SONIC_TSA0 0x0a
-#define SONIC_TSA1 0x0b
-#define SONIC_TFS 0x0c
-#define SONIC_URDA 0x0d
-#define SONIC_CRDA 0x0e
-#define SONIC_CRBA0 0x0f
-#define SONIC_CRBA1 0x10
-#define SONIC_RBWC0 0x11
-#define SONIC_RBWC1 0x12
-#define SONIC_EOBC 0x13
-#define SONIC_URRA 0x14
-#define SONIC_RSA 0x15
-#define SONIC_REA 0x16
-#define SONIC_RRP 0x17
-#define SONIC_RWP 0x18
-#define SONIC_TRBA0 0x19
-#define SONIC_TRBA1 0x1a
-#define SONIC_LLFA 0x1f
-#define SONIC_TTDA 0x20
-#define SONIC_CEP 0x21
-#define SONIC_CAP2 0x22
-#define SONIC_CAP1 0x23
-#define SONIC_CAP0 0x24
-#define SONIC_CE 0x25
-#define SONIC_CDP 0x26
-#define SONIC_CDC 0x27
-#define SONIC_SR 0x28
-#define SONIC_WT0 0x29
-#define SONIC_WT1 0x2a
-#define SONIC_RSC 0x2b
-#define SONIC_CRCT 0x2c
-#define SONIC_FAET 0x2d
-#define SONIC_MPT 0x2e
-#define SONIC_MDT 0x2f
-#define SONIC_DCR2 0x3f
-
-#define SONIC_CR_HTX 0x0001
-#define SONIC_CR_TXP 0x0002
-#define SONIC_CR_RXDIS 0x0004
-#define SONIC_CR_RXEN 0x0008
-#define SONIC_CR_STP 0x0010
-#define SONIC_CR_ST 0x0020
-#define SONIC_CR_RST 0x0080
-#define SONIC_CR_RRRA 0x0100
-#define SONIC_CR_LCAM 0x0200
-#define SONIC_CR_MASK 0x03bf
-
-#define SONIC_DCR_DW 0x0020
-#define SONIC_DCR_LBR 0x2000
-#define SONIC_DCR_EXBUS 0x8000
-
-#define SONIC_RCR_PRX 0x0001
-#define SONIC_RCR_LBK 0x0002
-#define SONIC_RCR_FAER 0x0004
-#define SONIC_RCR_CRCR 0x0008
-#define SONIC_RCR_CRS 0x0020
-#define SONIC_RCR_LPKT 0x0040
-#define SONIC_RCR_BC 0x0080
-#define SONIC_RCR_MC 0x0100
-#define SONIC_RCR_LB0 0x0200
-#define SONIC_RCR_LB1 0x0400
-#define SONIC_RCR_AMC 0x0800
-#define SONIC_RCR_PRO 0x1000
-#define SONIC_RCR_BRD 0x2000
-#define SONIC_RCR_RNT 0x4000
-
-#define SONIC_TCR_PTX 0x0001
-#define SONIC_TCR_BCM 0x0002
-#define SONIC_TCR_FU 0x0004
-#define SONIC_TCR_EXC 0x0040
-#define SONIC_TCR_CRSL 0x0080
-#define SONIC_TCR_NCRS 0x0100
-#define SONIC_TCR_EXD 0x0400
-#define SONIC_TCR_CRCI 0x2000
-#define SONIC_TCR_PINT 0x8000
-
-#define SONIC_ISR_RBE 0x0020
-#define SONIC_ISR_RDE 0x0040
-#define SONIC_ISR_TC 0x0080
-#define SONIC_ISR_TXDN 0x0200
-#define SONIC_ISR_PKTRX 0x0400
-#define SONIC_ISR_PINT 0x0800
-#define SONIC_ISR_LCD 0x1000
-
-typedef struct dp8393xState {
- /* Hardware */
- int it_shift;
- qemu_irq irq;
-#ifdef DEBUG_SONIC
- int irq_level;
-#endif
- QEMUTimer *watchdog;
- int64_t wt_last_update;
- NICConf conf;
- NICState *nic;
- MemoryRegion *address_space;
- MemoryRegion mmio;
-
- /* Registers */
- uint8_t cam[16][6];
- uint16_t regs[0x40];
-
- /* Temporaries */
- uint8_t tx_buffer[0x10000];
- int loopback_packet;
-
- /* Memory access */
- void (*memory_rw)(void *opaque, hwaddr addr, uint8_t *buf, int len, int is_write);
- void* mem_opaque;
-} dp8393xState;
-
-static void dp8393x_update_irq(dp8393xState *s)
-{
- int level = (s->regs[SONIC_IMR] & s->regs[SONIC_ISR]) ? 1 : 0;
-
-#ifdef DEBUG_SONIC
- if (level != s->irq_level) {
- s->irq_level = level;
- if (level) {
- DPRINTF("raise irq, isr is 0x%04x\n", s->regs[SONIC_ISR]);
- } else {
- DPRINTF("lower irq\n");
- }
- }
-#endif
-
- qemu_set_irq(s->irq, level);
-}
-
-static void do_load_cam(dp8393xState *s)
-{
- uint16_t data[8];
- int width, size;
- uint16_t index = 0;
-
- width = (s->regs[SONIC_DCR] & SONIC_DCR_DW) ? 2 : 1;
- size = sizeof(uint16_t) * 4 * width;
-
- while (s->regs[SONIC_CDC] & 0x1f) {
- /* Fill current entry */
- s->memory_rw(s->mem_opaque,
- (s->regs[SONIC_URRA] << 16) | s->regs[SONIC_CDP],
- (uint8_t *)data, size, 0);
- s->cam[index][0] = data[1 * width] & 0xff;
- s->cam[index][1] = data[1 * width] >> 8;
- s->cam[index][2] = data[2 * width] & 0xff;
- s->cam[index][3] = data[2 * width] >> 8;
- s->cam[index][4] = data[3 * width] & 0xff;
- s->cam[index][5] = data[3 * width] >> 8;
- DPRINTF("load cam[%d] with %02x%02x%02x%02x%02x%02x\n", index,
- s->cam[index][0], s->cam[index][1], s->cam[index][2],
- s->cam[index][3], s->cam[index][4], s->cam[index][5]);
- /* Move to next entry */
- s->regs[SONIC_CDC]--;
- s->regs[SONIC_CDP] += size;
- index++;
- }
-
- /* Read CAM enable */
- s->memory_rw(s->mem_opaque,
- (s->regs[SONIC_URRA] << 16) | s->regs[SONIC_CDP],
- (uint8_t *)data, size, 0);
- s->regs[SONIC_CE] = data[0 * width];
- DPRINTF("load cam done. cam enable mask 0x%04x\n", s->regs[SONIC_CE]);
-
- /* Done */
- s->regs[SONIC_CR] &= ~SONIC_CR_LCAM;
- s->regs[SONIC_ISR] |= SONIC_ISR_LCD;
- dp8393x_update_irq(s);
-}
-
-static void do_read_rra(dp8393xState *s)
-{
- uint16_t data[8];
- int width, size;
-
- /* Read memory */
- width = (s->regs[SONIC_DCR] & SONIC_DCR_DW) ? 2 : 1;
- size = sizeof(uint16_t) * 4 * width;
- s->memory_rw(s->mem_opaque,
- (s->regs[SONIC_URRA] << 16) | s->regs[SONIC_RRP],
- (uint8_t *)data, size, 0);
-
- /* Update SONIC registers */
- s->regs[SONIC_CRBA0] = data[0 * width];
- s->regs[SONIC_CRBA1] = data[1 * width];
- s->regs[SONIC_RBWC0] = data[2 * width];
- s->regs[SONIC_RBWC1] = data[3 * width];
- DPRINTF("CRBA0/1: 0x%04x/0x%04x, RBWC0/1: 0x%04x/0x%04x\n",
- s->regs[SONIC_CRBA0], s->regs[SONIC_CRBA1],
- s->regs[SONIC_RBWC0], s->regs[SONIC_RBWC1]);
-
- /* Go to next entry */
- s->regs[SONIC_RRP] += size;
-
- /* Handle wrap */
- if (s->regs[SONIC_RRP] == s->regs[SONIC_REA]) {
- s->regs[SONIC_RRP] = s->regs[SONIC_RSA];
- }
-
- /* Check resource exhaustion */
- if (s->regs[SONIC_RRP] == s->regs[SONIC_RWP])
- {
- s->regs[SONIC_ISR] |= SONIC_ISR_RBE;
- dp8393x_update_irq(s);
- }
-
- /* Done */
- s->regs[SONIC_CR] &= ~SONIC_CR_RRRA;
-}
-
-static void do_software_reset(dp8393xState *s)
-{
- qemu_del_timer(s->watchdog);
-
- s->regs[SONIC_CR] &= ~(SONIC_CR_LCAM | SONIC_CR_RRRA | SONIC_CR_TXP | SONIC_CR_HTX);
- s->regs[SONIC_CR] |= SONIC_CR_RST | SONIC_CR_RXDIS;
-}
-
-static void set_next_tick(dp8393xState *s)
-{
- uint32_t ticks;
- int64_t delay;
-
- if (s->regs[SONIC_CR] & SONIC_CR_STP) {
- qemu_del_timer(s->watchdog);
- return;
- }
-
- ticks = s->regs[SONIC_WT1] << 16 | s->regs[SONIC_WT0];
- s->wt_last_update = qemu_get_clock_ns(vm_clock);
- delay = get_ticks_per_sec() * ticks / 5000000;
- qemu_mod_timer(s->watchdog, s->wt_last_update + delay);
-}
-
-static void update_wt_regs(dp8393xState *s)
-{
- int64_t elapsed;
- uint32_t val;
-
- if (s->regs[SONIC_CR] & SONIC_CR_STP) {
- qemu_del_timer(s->watchdog);
- return;
- }
-
- elapsed = s->wt_last_update - qemu_get_clock_ns(vm_clock);
- val = s->regs[SONIC_WT1] << 16 | s->regs[SONIC_WT0];
- val -= elapsed / 5000000;
- s->regs[SONIC_WT1] = (val >> 16) & 0xffff;
- s->regs[SONIC_WT0] = (val >> 0) & 0xffff;
- set_next_tick(s);
-
-}
-
-static void do_start_timer(dp8393xState *s)
-{
- s->regs[SONIC_CR] &= ~SONIC_CR_STP;
- set_next_tick(s);
-}
-
-static void do_stop_timer(dp8393xState *s)
-{
- s->regs[SONIC_CR] &= ~SONIC_CR_ST;
- update_wt_regs(s);
-}
-
-static void do_receiver_enable(dp8393xState *s)
-{
- s->regs[SONIC_CR] &= ~SONIC_CR_RXDIS;
-}
-
-static void do_receiver_disable(dp8393xState *s)
-{
- s->regs[SONIC_CR] &= ~SONIC_CR_RXEN;
-}
-
-static void do_transmit_packets(dp8393xState *s)
-{
- uint16_t data[12];
- int width, size;
- int tx_len, len;
- uint16_t i;
-
- width = (s->regs[SONIC_DCR] & SONIC_DCR_DW) ? 2 : 1;
-
- while (1) {
- /* Read memory */
- DPRINTF("Transmit packet at %08x\n",
- (s->regs[SONIC_UTDA] << 16) | s->regs[SONIC_CTDA]);
- size = sizeof(uint16_t) * 6 * width;
- s->regs[SONIC_TTDA] = s->regs[SONIC_CTDA];
- s->memory_rw(s->mem_opaque,
- ((s->regs[SONIC_UTDA] << 16) | s->regs[SONIC_TTDA]) + sizeof(uint16_t) * width,
- (uint8_t *)data, size, 0);
- tx_len = 0;
-
- /* Update registers */
- s->regs[SONIC_TCR] = data[0 * width] & 0xf000;
- s->regs[SONIC_TPS] = data[1 * width];
- s->regs[SONIC_TFC] = data[2 * width];
- s->regs[SONIC_TSA0] = data[3 * width];
- s->regs[SONIC_TSA1] = data[4 * width];
- s->regs[SONIC_TFS] = data[5 * width];
-
- /* Handle programmable interrupt */
- if (s->regs[SONIC_TCR] & SONIC_TCR_PINT) {
- s->regs[SONIC_ISR] |= SONIC_ISR_PINT;
- } else {
- s->regs[SONIC_ISR] &= ~SONIC_ISR_PINT;
- }
-
- for (i = 0; i < s->regs[SONIC_TFC]; ) {
- /* Append fragment */
- len = s->regs[SONIC_TFS];
- if (tx_len + len > sizeof(s->tx_buffer)) {
- len = sizeof(s->tx_buffer) - tx_len;
- }
- s->memory_rw(s->mem_opaque,
- (s->regs[SONIC_TSA1] << 16) | s->regs[SONIC_TSA0],
- &s->tx_buffer[tx_len], len, 0);
- tx_len += len;
-
- i++;
- if (i != s->regs[SONIC_TFC]) {
- /* Read next fragment details */
- size = sizeof(uint16_t) * 3 * width;
- s->memory_rw(s->mem_opaque,
- ((s->regs[SONIC_UTDA] << 16) | s->regs[SONIC_TTDA]) + sizeof(uint16_t) * (4 + 3 * i) * width,
- (uint8_t *)data, size, 0);
- s->regs[SONIC_TSA0] = data[0 * width];
- s->regs[SONIC_TSA1] = data[1 * width];
- s->regs[SONIC_TFS] = data[2 * width];
- }
- }
-
- /* Handle Ethernet checksum */
- if (!(s->regs[SONIC_TCR] & SONIC_TCR_CRCI)) {
- /* Don't append FCS there, to look like slirp packets
- * which don't have one */
- } else {
- /* Remove existing FCS */
- tx_len -= 4;
- }
-
- if (s->regs[SONIC_RCR] & (SONIC_RCR_LB1 | SONIC_RCR_LB0)) {
- /* Loopback */
- s->regs[SONIC_TCR] |= SONIC_TCR_CRSL;
- if (s->nic->nc.info->can_receive(&s->nic->nc)) {
- s->loopback_packet = 1;
- s->nic->nc.info->receive(&s->nic->nc, s->tx_buffer, tx_len);
- }
- } else {
- /* Transmit packet */
- qemu_send_packet(&s->nic->nc, s->tx_buffer, tx_len);
- }
- s->regs[SONIC_TCR] |= SONIC_TCR_PTX;
-
- /* Write status */
- data[0 * width] = s->regs[SONIC_TCR] & 0x0fff; /* status */
- size = sizeof(uint16_t) * width;
- s->memory_rw(s->mem_opaque,
- (s->regs[SONIC_UTDA] << 16) | s->regs[SONIC_TTDA],
- (uint8_t *)data, size, 1);
-
- if (!(s->regs[SONIC_CR] & SONIC_CR_HTX)) {
- /* Read footer of packet */
- size = sizeof(uint16_t) * width;
- s->memory_rw(s->mem_opaque,
- ((s->regs[SONIC_UTDA] << 16) | s->regs[SONIC_TTDA]) + sizeof(uint16_t) * (4 + 3 * s->regs[SONIC_TFC]) * width,
- (uint8_t *)data, size, 0);
- s->regs[SONIC_CTDA] = data[0 * width] & ~0x1;
- if (data[0 * width] & 0x1) {
- /* EOL detected */
- break;
- }
- }
- }
-
- /* Done */
- s->regs[SONIC_CR] &= ~SONIC_CR_TXP;
- s->regs[SONIC_ISR] |= SONIC_ISR_TXDN;
- dp8393x_update_irq(s);
-}
-
-static void do_halt_transmission(dp8393xState *s)
-{
- /* Nothing to do */
-}
-
-static void do_command(dp8393xState *s, uint16_t command)
-{
- if ((s->regs[SONIC_CR] & SONIC_CR_RST) && !(command & SONIC_CR_RST)) {
- s->regs[SONIC_CR] &= ~SONIC_CR_RST;
- return;
- }
-
- s->regs[SONIC_CR] |= (command & SONIC_CR_MASK);
-
- if (command & SONIC_CR_HTX)
- do_halt_transmission(s);
- if (command & SONIC_CR_TXP)
- do_transmit_packets(s);
- if (command & SONIC_CR_RXDIS)
- do_receiver_disable(s);
- if (command & SONIC_CR_RXEN)
- do_receiver_enable(s);
- if (command & SONIC_CR_STP)
- do_stop_timer(s);
- if (command & SONIC_CR_ST)
- do_start_timer(s);
- if (command & SONIC_CR_RST)
- do_software_reset(s);
- if (command & SONIC_CR_RRRA)
- do_read_rra(s);
- if (command & SONIC_CR_LCAM)
- do_load_cam(s);
-}
-
-static uint16_t read_register(dp8393xState *s, int reg)
-{
- uint16_t val = 0;
-
- switch (reg) {
- /* Update data before reading it */
- case SONIC_WT0:
- case SONIC_WT1:
- update_wt_regs(s);
- val = s->regs[reg];
- break;
- /* Accept read to some registers only when in reset mode */
- case SONIC_CAP2:
- case SONIC_CAP1:
- case SONIC_CAP0:
- if (s->regs[SONIC_CR] & SONIC_CR_RST) {
- val = s->cam[s->regs[SONIC_CEP] & 0xf][2* (SONIC_CAP0 - reg) + 1] << 8;
- val |= s->cam[s->regs[SONIC_CEP] & 0xf][2* (SONIC_CAP0 - reg)];
- }
- break;
- /* All other registers have no special contrainst */
- default:
- val = s->regs[reg];
- }
-
- DPRINTF("read 0x%04x from reg %s\n", val, reg_names[reg]);
-
- return val;
-}
-
-static void write_register(dp8393xState *s, int reg, uint16_t val)
-{
- DPRINTF("write 0x%04x to reg %s\n", val, reg_names[reg]);
-
- switch (reg) {
- /* Command register */
- case SONIC_CR:
- do_command(s, val);
- break;
- /* Prevent write to read-only registers */
- case SONIC_CAP2:
- case SONIC_CAP1:
- case SONIC_CAP0:
- case SONIC_SR:
- case SONIC_MDT:
- DPRINTF("writing to reg %d invalid\n", reg);
- break;
- /* Accept write to some registers only when in reset mode */
- case SONIC_DCR:
- if (s->regs[SONIC_CR] & SONIC_CR_RST) {
- s->regs[reg] = val & 0xbfff;
- } else {
- DPRINTF("writing to DCR invalid\n");
- }
- break;
- case SONIC_DCR2:
- if (s->regs[SONIC_CR] & SONIC_CR_RST) {
- s->regs[reg] = val & 0xf017;
- } else {
- DPRINTF("writing to DCR2 invalid\n");
- }
- break;
- /* 12 lower bytes are Read Only */
- case SONIC_TCR:
- s->regs[reg] = val & 0xf000;
- break;
- /* 9 lower bytes are Read Only */
- case SONIC_RCR:
- s->regs[reg] = val & 0xffe0;
- break;
- /* Ignore most significant bit */
- case SONIC_IMR:
- s->regs[reg] = val & 0x7fff;
- dp8393x_update_irq(s);
- break;
- /* Clear bits by writing 1 to them */
- case SONIC_ISR:
- val &= s->regs[reg];
- s->regs[reg] &= ~val;
- if (val & SONIC_ISR_RBE) {
- do_read_rra(s);
- }
- dp8393x_update_irq(s);
- break;
- /* Ignore least significant bit */
- case SONIC_RSA:
- case SONIC_REA:
- case SONIC_RRP:
- case SONIC_RWP:
- s->regs[reg] = val & 0xfffe;
- break;
- /* Invert written value for some registers */
- case SONIC_CRCT:
- case SONIC_FAET:
- case SONIC_MPT:
- s->regs[reg] = val ^ 0xffff;
- break;
- /* All other registers have no special contrainst */
- default:
- s->regs[reg] = val;
- }
-
- if (reg == SONIC_WT0 || reg == SONIC_WT1) {
- set_next_tick(s);
- }
-}
-
-static void dp8393x_watchdog(void *opaque)
-{
- dp8393xState *s = opaque;
-
- if (s->regs[SONIC_CR] & SONIC_CR_STP) {
- return;
- }
-
- s->regs[SONIC_WT1] = 0xffff;
- s->regs[SONIC_WT0] = 0xffff;
- set_next_tick(s);
-
- /* Signal underflow */
- s->regs[SONIC_ISR] |= SONIC_ISR_TC;
- dp8393x_update_irq(s);
-}
-
-static uint32_t dp8393x_readw(void *opaque, hwaddr addr)
-{
- dp8393xState *s = opaque;
- int reg;
-
- if ((addr & ((1 << s->it_shift) - 1)) != 0) {
- return 0;
- }
-
- reg = addr >> s->it_shift;
- return read_register(s, reg);
-}
-
-static uint32_t dp8393x_readb(void *opaque, hwaddr addr)
-{
- uint16_t v = dp8393x_readw(opaque, addr & ~0x1);
- return (v >> (8 * (addr & 0x1))) & 0xff;
-}
-
-static uint32_t dp8393x_readl(void *opaque, hwaddr addr)
-{
- uint32_t v;
- v = dp8393x_readw(opaque, addr);
- v |= dp8393x_readw(opaque, addr + 2) << 16;
- return v;
-}
-
-static void dp8393x_writew(void *opaque, hwaddr addr, uint32_t val)
-{
- dp8393xState *s = opaque;
- int reg;
-
- if ((addr & ((1 << s->it_shift) - 1)) != 0) {
- return;
- }
-
- reg = addr >> s->it_shift;
-
- write_register(s, reg, (uint16_t)val);
-}
-
-static void dp8393x_writeb(void *opaque, hwaddr addr, uint32_t val)
-{
- uint16_t old_val = dp8393x_readw(opaque, addr & ~0x1);
-
- switch (addr & 3) {
- case 0:
- val = val | (old_val & 0xff00);
- break;
- case 1:
- val = (val << 8) | (old_val & 0x00ff);
- break;
- }
- dp8393x_writew(opaque, addr & ~0x1, val);
-}
-
-static void dp8393x_writel(void *opaque, hwaddr addr, uint32_t val)
-{
- dp8393x_writew(opaque, addr, val & 0xffff);
- dp8393x_writew(opaque, addr + 2, (val >> 16) & 0xffff);
-}
-
-static const MemoryRegionOps dp8393x_ops = {
- .old_mmio = {
- .read = { dp8393x_readb, dp8393x_readw, dp8393x_readl, },
- .write = { dp8393x_writeb, dp8393x_writew, dp8393x_writel, },
- },
- .endianness = DEVICE_NATIVE_ENDIAN,
-};
-
-static int nic_can_receive(NetClientState *nc)
-{
- dp8393xState *s = DO_UPCAST(NICState, nc, nc)->opaque;
-
- if (!(s->regs[SONIC_CR] & SONIC_CR_RXEN))
- return 0;
- if (s->regs[SONIC_ISR] & SONIC_ISR_RBE)
- return 0;
- return 1;
-}
-
-static int receive_filter(dp8393xState *s, const uint8_t * buf, int size)
-{
- static const uint8_t bcast[] = {0xff, 0xff, 0xff, 0xff, 0xff, 0xff};
- int i;
-
- /* Check for runt packet (remember that checksum is not there) */
- if (size < 64 - 4) {
- return (s->regs[SONIC_RCR] & SONIC_RCR_RNT) ? 0 : -1;
- }
-
- /* Check promiscuous mode */
- if ((s->regs[SONIC_RCR] & SONIC_RCR_PRO) && (buf[0] & 1) == 0) {
- return 0;
- }
-
- /* Check multicast packets */
- if ((s->regs[SONIC_RCR] & SONIC_RCR_AMC) && (buf[0] & 1) == 1) {
- return SONIC_RCR_MC;
- }
-
- /* Check broadcast */
- if ((s->regs[SONIC_RCR] & SONIC_RCR_BRD) && !memcmp(buf, bcast, sizeof(bcast))) {
- return SONIC_RCR_BC;
- }
-
- /* Check CAM */
- for (i = 0; i < 16; i++) {
- if (s->regs[SONIC_CE] & (1 << i)) {
- /* Entry enabled */
- if (!memcmp(buf, s->cam[i], sizeof(s->cam[i]))) {
- return 0;
- }
- }
- }
-
- return -1;
-}
-
-static ssize_t nic_receive(NetClientState *nc, const uint8_t * buf, size_t size)
-{
- dp8393xState *s = DO_UPCAST(NICState, nc, nc)->opaque;
- uint16_t data[10];
- int packet_type;
- uint32_t available, address;
- int width, rx_len = size;
- uint32_t checksum;
-
- width = (s->regs[SONIC_DCR] & SONIC_DCR_DW) ? 2 : 1;
-
- s->regs[SONIC_RCR] &= ~(SONIC_RCR_PRX | SONIC_RCR_LBK | SONIC_RCR_FAER |
- SONIC_RCR_CRCR | SONIC_RCR_LPKT | SONIC_RCR_BC | SONIC_RCR_MC);
-
- packet_type = receive_filter(s, buf, size);
- if (packet_type < 0) {
- DPRINTF("packet not for netcard\n");
- return -1;
- }
-
- /* XXX: Check byte ordering */
-
- /* Check for EOL */
- if (s->regs[SONIC_LLFA] & 0x1) {
- /* Are we still in resource exhaustion? */
- size = sizeof(uint16_t) * 1 * width;
- address = ((s->regs[SONIC_URDA] << 16) | s->regs[SONIC_CRDA]) + sizeof(uint16_t) * 5 * width;
- s->memory_rw(s->mem_opaque, address, (uint8_t*)data, size, 0);
- if (data[0 * width] & 0x1) {
- /* Still EOL ; stop reception */
- return -1;
- } else {
- s->regs[SONIC_CRDA] = s->regs[SONIC_LLFA];
- }
- }
-
- /* Save current position */
- s->regs[SONIC_TRBA1] = s->regs[SONIC_CRBA1];
- s->regs[SONIC_TRBA0] = s->regs[SONIC_CRBA0];
-
- /* Calculate the ethernet checksum */
-#ifdef SONIC_CALCULATE_RXCRC
- checksum = cpu_to_le32(crc32(0, buf, rx_len));
-#else
- checksum = 0;
-#endif
-
- /* Put packet into RBA */
- DPRINTF("Receive packet at %08x\n", (s->regs[SONIC_CRBA1] << 16) | s->regs[SONIC_CRBA0]);
- address = (s->regs[SONIC_CRBA1] << 16) | s->regs[SONIC_CRBA0];
- s->memory_rw(s->mem_opaque, address, (uint8_t*)buf, rx_len, 1);
- address += rx_len;
- s->memory_rw(s->mem_opaque, address, (uint8_t*)&checksum, 4, 1);
- rx_len += 4;
- s->regs[SONIC_CRBA1] = address >> 16;
- s->regs[SONIC_CRBA0] = address & 0xffff;
- available = (s->regs[SONIC_RBWC1] << 16) | s->regs[SONIC_RBWC0];
- available -= rx_len / 2;
- s->regs[SONIC_RBWC1] = available >> 16;
- s->regs[SONIC_RBWC0] = available & 0xffff;
-
- /* Update status */
- if (((s->regs[SONIC_RBWC1] << 16) | s->regs[SONIC_RBWC0]) < s->regs[SONIC_EOBC]) {
- s->regs[SONIC_RCR] |= SONIC_RCR_LPKT;
- }
- s->regs[SONIC_RCR] |= packet_type;
- s->regs[SONIC_RCR] |= SONIC_RCR_PRX;
- if (s->loopback_packet) {
- s->regs[SONIC_RCR] |= SONIC_RCR_LBK;
- s->loopback_packet = 0;
- }
-
- /* Write status to memory */
- DPRINTF("Write status at %08x\n", (s->regs[SONIC_URDA] << 16) | s->regs[SONIC_CRDA]);
- data[0 * width] = s->regs[SONIC_RCR]; /* status */
- data[1 * width] = rx_len; /* byte count */
- data[2 * width] = s->regs[SONIC_TRBA0]; /* pkt_ptr0 */
- data[3 * width] = s->regs[SONIC_TRBA1]; /* pkt_ptr1 */
- data[4 * width] = s->regs[SONIC_RSC]; /* seq_no */
- size = sizeof(uint16_t) * 5 * width;
- s->memory_rw(s->mem_opaque, (s->regs[SONIC_URDA] << 16) | s->regs[SONIC_CRDA], (uint8_t *)data, size, 1);
-
- /* Move to next descriptor */
- size = sizeof(uint16_t) * width;
- s->memory_rw(s->mem_opaque,
- ((s->regs[SONIC_URDA] << 16) | s->regs[SONIC_CRDA]) + sizeof(uint16_t) * 5 * width,
- (uint8_t *)data, size, 0);
- s->regs[SONIC_LLFA] = data[0 * width];
- if (s->regs[SONIC_LLFA] & 0x1) {
- /* EOL detected */
- s->regs[SONIC_ISR] |= SONIC_ISR_RDE;
- } else {
- data[0 * width] = 0; /* in_use */
- s->memory_rw(s->mem_opaque,
- ((s->regs[SONIC_URDA] << 16) | s->regs[SONIC_CRDA]) + sizeof(uint16_t) * 6 * width,
- (uint8_t *)data, size, 1);
- s->regs[SONIC_CRDA] = s->regs[SONIC_LLFA];
- s->regs[SONIC_ISR] |= SONIC_ISR_PKTRX;
- s->regs[SONIC_RSC] = (s->regs[SONIC_RSC] & 0xff00) | (((s->regs[SONIC_RSC] & 0x00ff) + 1) & 0x00ff);
-
- if (s->regs[SONIC_RCR] & SONIC_RCR_LPKT) {
- /* Read next RRA */
- do_read_rra(s);
- }
- }
-
- /* Done */
- dp8393x_update_irq(s);
-
- return size;
-}
-
-static void nic_reset(void *opaque)
-{
- dp8393xState *s = opaque;
- qemu_del_timer(s->watchdog);
-
- s->regs[SONIC_CR] = SONIC_CR_RST | SONIC_CR_STP | SONIC_CR_RXDIS;
- s->regs[SONIC_DCR] &= ~(SONIC_DCR_EXBUS | SONIC_DCR_LBR);
- s->regs[SONIC_RCR] &= ~(SONIC_RCR_LB0 | SONIC_RCR_LB1 | SONIC_RCR_BRD | SONIC_RCR_RNT);
- s->regs[SONIC_TCR] |= SONIC_TCR_NCRS | SONIC_TCR_PTX;
- s->regs[SONIC_TCR] &= ~SONIC_TCR_BCM;
- s->regs[SONIC_IMR] = 0;
- s->regs[SONIC_ISR] = 0;
- s->regs[SONIC_DCR2] = 0;
- s->regs[SONIC_EOBC] = 0x02F8;
- s->regs[SONIC_RSC] = 0;
- s->regs[SONIC_CE] = 0;
- s->regs[SONIC_RSC] = 0;
-
- /* Network cable is connected */
- s->regs[SONIC_RCR] |= SONIC_RCR_CRS;
-
- dp8393x_update_irq(s);
-}
-
-static void nic_cleanup(NetClientState *nc)
-{
- dp8393xState *s = DO_UPCAST(NICState, nc, nc)->opaque;
-
- memory_region_del_subregion(s->address_space, &s->mmio);
- memory_region_destroy(&s->mmio);
-
- qemu_del_timer(s->watchdog);
- qemu_free_timer(s->watchdog);
-
- g_free(s);
-}
-
-static NetClientInfo net_dp83932_info = {
- .type = NET_CLIENT_OPTIONS_KIND_NIC,
- .size = sizeof(NICState),
- .can_receive = nic_can_receive,
- .receive = nic_receive,
- .cleanup = nic_cleanup,
-};
-
-void dp83932_init(NICInfo *nd, hwaddr base, int it_shift,
- MemoryRegion *address_space,
- qemu_irq irq, void* mem_opaque,
- void (*memory_rw)(void *opaque, hwaddr addr, uint8_t *buf, int len, int is_write))
-{
- dp8393xState *s;
-
- qemu_check_nic_model(nd, "dp83932");
-
- s = g_malloc0(sizeof(dp8393xState));
-
- s->address_space = address_space;
- s->mem_opaque = mem_opaque;
- s->memory_rw = memory_rw;
- s->it_shift = it_shift;
- s->irq = irq;
- s->watchdog = qemu_new_timer_ns(vm_clock, dp8393x_watchdog, s);
- s->regs[SONIC_SR] = 0x0004; /* only revision recognized by Linux */
-
- s->conf.macaddr = nd->macaddr;
- s->conf.peer = nd->netdev;
-
- s->nic = qemu_new_nic(&net_dp83932_info, &s->conf, nd->model, nd->name, s);
-
- qemu_format_nic_info_str(&s->nic->nc, s->conf.macaddr.a);
- qemu_register_reset(nic_reset, s);
- nic_reset(s);
-
- memory_region_init_io(&s->mmio, &dp8393x_ops, s,
- "dp8393x", 0x40 << it_shift);
- memory_region_add_subregion(address_space, base, &s->mmio);
-}
diff --git a/hw/ds1225y.c b/hw/ds1225y.c
deleted file mode 100644
index 4b3f69bc6..000000000
--- a/hw/ds1225y.c
+++ /dev/null
@@ -1,165 +0,0 @@
-/*
- * QEMU NVRAM emulation for DS1225Y chip
- *
- * Copyright (c) 2007-2008 Hervé Poussineau
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
- * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
- * THE SOFTWARE.
- */
-
-#include "sysbus.h"
-#include "trace.h"
-
-typedef struct {
- DeviceState qdev;
- MemoryRegion iomem;
- uint32_t chip_size;
- char *filename;
- FILE *file;
- uint8_t *contents;
-} NvRamState;
-
-static uint64_t nvram_read(void *opaque, hwaddr addr, unsigned size)
-{
- NvRamState *s = opaque;
- uint32_t val;
-
- val = s->contents[addr];
- trace_nvram_read(addr, val);
- return val;
-}
-
-static void nvram_write(void *opaque, hwaddr addr, uint64_t val,
- unsigned size)
-{
- NvRamState *s = opaque;
-
- val &= 0xff;
- trace_nvram_write(addr, s->contents[addr], val);
-
- s->contents[addr] = val;
- if (s->file) {
- fseek(s->file, addr, SEEK_SET);
- fputc(val, s->file);
- fflush(s->file);
- }
-}
-
-static const MemoryRegionOps nvram_ops = {
- .read = nvram_read,
- .write = nvram_write,
- .impl = {
- .min_access_size = 1,
- .max_access_size = 1,
- },
- .endianness = DEVICE_LITTLE_ENDIAN,
-};
-
-static int nvram_post_load(void *opaque, int version_id)
-{
- NvRamState *s = opaque;
-
- /* Close file, as filename may has changed in load/store process */
- if (s->file) {
- fclose(s->file);
- }
-
- /* Write back nvram contents */
- s->file = fopen(s->filename, "wb");
- if (s->file) {
- /* Write back contents, as 'wb' mode cleaned the file */
- if (fwrite(s->contents, s->chip_size, 1, s->file) != 1) {
- printf("nvram_post_load: short write\n");
- }
- fflush(s->file);
- }
-
- return 0;
-}
-
-static const VMStateDescription vmstate_nvram = {
- .name = "nvram",
- .version_id = 0,
- .minimum_version_id = 0,
- .minimum_version_id_old = 0,
- .post_load = nvram_post_load,
- .fields = (VMStateField[]) {
- VMSTATE_VARRAY_UINT32(contents, NvRamState, chip_size, 0,
- vmstate_info_uint8, uint8_t),
- VMSTATE_END_OF_LIST()
- }
-};
-
-typedef struct {
- SysBusDevice busdev;
- NvRamState nvram;
-} SysBusNvRamState;
-
-static int nvram_sysbus_initfn(SysBusDevice *dev)
-{
- NvRamState *s = &FROM_SYSBUS(SysBusNvRamState, dev)->nvram;
- FILE *file;
-
- s->contents = g_malloc0(s->chip_size);
-
- memory_region_init_io(&s->iomem, &nvram_ops, s, "nvram", s->chip_size);
- sysbus_init_mmio(dev, &s->iomem);
-
- /* Read current file */
- file = fopen(s->filename, "rb");
- if (file) {
- /* Read nvram contents */
- if (fread(s->contents, s->chip_size, 1, file) != 1) {
- printf("nvram_sysbus_initfn: short read\n");
- }
- fclose(file);
- }
- nvram_post_load(s, 0);
-
- return 0;
-}
-
-static Property nvram_sysbus_properties[] = {
- DEFINE_PROP_UINT32("size", SysBusNvRamState, nvram.chip_size, 0x2000),
- DEFINE_PROP_STRING("filename", SysBusNvRamState, nvram.filename),
- DEFINE_PROP_END_OF_LIST(),
-};
-
-static void nvram_sysbus_class_init(ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS(klass);
- SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
-
- k->init = nvram_sysbus_initfn;
- dc->vmsd = &vmstate_nvram;
- dc->props = nvram_sysbus_properties;
-}
-
-static TypeInfo nvram_sysbus_info = {
- .name = "ds1225y",
- .parent = TYPE_SYS_BUS_DEVICE,
- .instance_size = sizeof(SysBusNvRamState),
- .class_init = nvram_sysbus_class_init,
-};
-
-static void nvram_register_types(void)
-{
- type_register_static(&nvram_sysbus_info);
-}
-
-type_init(nvram_register_types)
diff --git a/hw/ds1338.c b/hw/ds1338.c
deleted file mode 100644
index b576d5643..000000000
--- a/hw/ds1338.c
+++ /dev/null
@@ -1,193 +0,0 @@
-/*
- * MAXIM DS1338 I2C RTC+NVRAM
- *
- * Copyright (c) 2009 CodeSourcery.
- * Written by Paul Brook
- *
- * This code is licensed under the GNU GPL v2.
- *
- * Contributions after 2012-01-13 are licensed under the terms of the
- * GNU GPL, version 2 or (at your option) any later version.
- */
-
-#include "i2c.h"
-
-/* Size of NVRAM including both the user-accessible area and the
- * secondary register area.
- */
-#define NVRAM_SIZE 64
-
-typedef struct {
- I2CSlave i2c;
- int64_t offset;
- uint8_t nvram[NVRAM_SIZE];
- int32_t ptr;
- bool addr_byte;
-} DS1338State;
-
-static const VMStateDescription vmstate_ds1338 = {
- .name = "ds1338",
- .version_id = 1,
- .minimum_version_id = 1,
- .minimum_version_id_old = 1,
- .fields = (VMStateField[]) {
- VMSTATE_I2C_SLAVE(i2c, DS1338State),
- VMSTATE_INT64(offset, DS1338State),
- VMSTATE_UINT8_ARRAY(nvram, DS1338State, NVRAM_SIZE),
- VMSTATE_INT32(ptr, DS1338State),
- VMSTATE_BOOL(addr_byte, DS1338State),
- VMSTATE_END_OF_LIST()
- }
-};
-
-static void capture_current_time(DS1338State *s)
-{
- /* Capture the current time into the secondary registers
- * which will be actually read by the data transfer operation.
- */
- struct tm now;
- qemu_get_timedate(&now, s->offset);
- s->nvram[0] = to_bcd(now.tm_sec);
- s->nvram[1] = to_bcd(now.tm_min);
- if (s->nvram[2] & 0x40) {
- s->nvram[2] = (to_bcd((now.tm_hour % 12)) + 1) | 0x40;
- if (now.tm_hour >= 12) {
- s->nvram[2] |= 0x20;
- }
- } else {
- s->nvram[2] = to_bcd(now.tm_hour);
- }
- s->nvram[3] = to_bcd(now.tm_wday) + 1;
- s->nvram[4] = to_bcd(now.tm_mday);
- s->nvram[5] = to_bcd(now.tm_mon) + 1;
- s->nvram[6] = to_bcd(now.tm_year - 100);
-}
-
-static void inc_regptr(DS1338State *s)
-{
- /* The register pointer wraps around after 0x3F; wraparound
- * causes the current time/date to be retransferred into
- * the secondary registers.
- */
- s->ptr = (s->ptr + 1) & (NVRAM_SIZE - 1);
- if (!s->ptr) {
- capture_current_time(s);
- }
-}
-
-static void ds1338_event(I2CSlave *i2c, enum i2c_event event)
-{
- DS1338State *s = FROM_I2C_SLAVE(DS1338State, i2c);
-
- switch (event) {
- case I2C_START_RECV:
- /* In h/w, capture happens on any START condition, not just a
- * START_RECV, but there is no need to actually capture on
- * START_SEND, because the guest can't get at that data
- * without going through a START_RECV which would overwrite it.
- */
- capture_current_time(s);
- break;
- case I2C_START_SEND:
- s->addr_byte = true;
- break;
- default:
- break;
- }
-}
-
-static int ds1338_recv(I2CSlave *i2c)
-{
- DS1338State *s = FROM_I2C_SLAVE(DS1338State, i2c);
- uint8_t res;
-
- res = s->nvram[s->ptr];
- inc_regptr(s);
- return res;
-}
-
-static int ds1338_send(I2CSlave *i2c, uint8_t data)
-{
- DS1338State *s = FROM_I2C_SLAVE(DS1338State, i2c);
- if (s->addr_byte) {
- s->ptr = data & (NVRAM_SIZE - 1);
- s->addr_byte = false;
- return 0;
- }
- if (s->ptr < 8) {
- struct tm now;
- qemu_get_timedate(&now, s->offset);
- switch(s->ptr) {
- case 0:
- /* TODO: Implement CH (stop) bit. */
- now.tm_sec = from_bcd(data & 0x7f);
- break;
- case 1:
- now.tm_min = from_bcd(data & 0x7f);
- break;
- case 2:
- if (data & 0x40) {
- if (data & 0x20) {
- data = from_bcd(data & 0x4f) + 11;
- } else {
- data = from_bcd(data & 0x1f) - 1;
- }
- } else {
- data = from_bcd(data);
- }
- now.tm_hour = data;
- break;
- case 3:
- now.tm_wday = from_bcd(data & 7) - 1;
- break;
- case 4:
- now.tm_mday = from_bcd(data & 0x3f);
- break;
- case 5:
- now.tm_mon = from_bcd(data & 0x1f) - 1;
- break;
- case 6:
- now.tm_year = from_bcd(data) + 100;
- break;
- case 7:
- /* Control register. Currently ignored. */
- break;
- }
- s->offset = qemu_timedate_diff(&now);
- } else {
- s->nvram[s->ptr] = data;
- }
- inc_regptr(s);
- return 0;
-}
-
-static int ds1338_init(I2CSlave *i2c)
-{
- return 0;
-}
-
-static void ds1338_class_init(ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS(klass);
- I2CSlaveClass *k = I2C_SLAVE_CLASS(klass);
-
- k->init = ds1338_init;
- k->event = ds1338_event;
- k->recv = ds1338_recv;
- k->send = ds1338_send;
- dc->vmsd = &vmstate_ds1338;
-}
-
-static TypeInfo ds1338_info = {
- .name = "ds1338",
- .parent = TYPE_I2C_SLAVE,
- .instance_size = sizeof(DS1338State),
- .class_init = ds1338_class_init,
-};
-
-static void ds1338_register_types(void)
-{
- type_register_static(&ds1338_info);
-}
-
-type_init(ds1338_register_types)
diff --git a/hw/dummy_m68k.c b/hw/dummy_m68k.c
deleted file mode 100644
index 20f790b1a..000000000
--- a/hw/dummy_m68k.c
+++ /dev/null
@@ -1,83 +0,0 @@
-/*
- * Dummy board with just RAM and CPU for use as an ISS.
- *
- * Copyright (c) 2007 CodeSourcery.
- *
- * This code is licensed under the GPL
- */
-
-#include "hw.h"
-#include "boards.h"
-#include "loader.h"
-#include "elf.h"
-#include "exec-memory.h"
-
-#define KERNEL_LOAD_ADDR 0x10000
-
-/* Board init. */
-
-static void dummy_m68k_init(QEMUMachineInitArgs *args)
-{
- ram_addr_t ram_size = args->ram_size;
- const char *cpu_model = args->cpu_model;
- const char *kernel_filename = args->kernel_filename;
- CPUM68KState *env;
- MemoryRegion *address_space_mem = get_system_memory();
- MemoryRegion *ram = g_new(MemoryRegion, 1);
- int kernel_size;
- uint64_t elf_entry;
- hwaddr entry;
-
- if (!cpu_model)
- cpu_model = "cfv4e";
- env = cpu_init(cpu_model);
- if (!env) {
- fprintf(stderr, "Unable to find m68k CPU definition\n");
- exit(1);
- }
-
- /* Initialize CPU registers. */
- env->vbr = 0;
-
- /* RAM at address zero */
- memory_region_init_ram(ram, "dummy_m68k.ram", ram_size);
- vmstate_register_ram_global(ram);
- memory_region_add_subregion(address_space_mem, 0, ram);
-
- /* Load kernel. */
- if (kernel_filename) {
- kernel_size = load_elf(kernel_filename, NULL, NULL, &elf_entry,
- NULL, NULL, 1, ELF_MACHINE, 0);
- entry = elf_entry;
- if (kernel_size < 0) {
- kernel_size = load_uimage(kernel_filename, &entry, NULL, NULL);
- }
- if (kernel_size < 0) {
- kernel_size = load_image_targphys(kernel_filename,
- KERNEL_LOAD_ADDR,
- ram_size - KERNEL_LOAD_ADDR);
- entry = KERNEL_LOAD_ADDR;
- }
- if (kernel_size < 0) {
- fprintf(stderr, "qemu: could not load kernel '%s'\n",
- kernel_filename);
- exit(1);
- }
- } else {
- entry = 0;
- }
- env->pc = entry;
-}
-
-static QEMUMachine dummy_m68k_machine = {
- .name = "dummy",
- .desc = "Dummy board",
- .init = dummy_m68k_init,
-};
-
-static void dummy_m68k_machine_init(void)
-{
- qemu_register_machine(&dummy_m68k_machine);
-}
-
-machine_init(dummy_m68k_machine_init);
diff --git a/hw/e1000.c b/hw/e1000.c
deleted file mode 100644
index 5537ad2fc..000000000
--- a/hw/e1000.c
+++ /dev/null
@@ -1,1334 +0,0 @@
-/*
- * QEMU e1000 emulation
- *
- * Software developer's manual:
- * http://download.intel.com/design/network/manuals/8254x_GBe_SDM.pdf
- *
- * Nir Peleg, Tutis Systems Ltd. for Qumranet Inc.
- * Copyright (c) 2008 Qumranet
- * Based on work done by:
- * Copyright (c) 2007 Dan Aloni
- * Copyright (c) 2004 Antony T Curtis
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, see <http://www.gnu.org/licenses/>.
- */
-
-
-#include "hw.h"
-#include "pci.h"
-#include "net.h"
-#include "net/checksum.h"
-#include "loader.h"
-#include "sysemu.h"
-#include "dma.h"
-
-#include "e1000_hw.h"
-
-#define E1000_DEBUG
-
-#ifdef E1000_DEBUG
-enum {
- DEBUG_GENERAL, DEBUG_IO, DEBUG_MMIO, DEBUG_INTERRUPT,
- DEBUG_RX, DEBUG_TX, DEBUG_MDIC, DEBUG_EEPROM,
- DEBUG_UNKNOWN, DEBUG_TXSUM, DEBUG_TXERR, DEBUG_RXERR,
- DEBUG_RXFILTER, DEBUG_PHY, DEBUG_NOTYET,
-};
-#define DBGBIT(x) (1<<DEBUG_##x)
-static int debugflags = DBGBIT(TXERR) | DBGBIT(GENERAL);
-
-#define DBGOUT(what, fmt, ...) do { \
- if (debugflags & DBGBIT(what)) \
- fprintf(stderr, "e1000: " fmt, ## __VA_ARGS__); \
- } while (0)
-#else
-#define DBGOUT(what, fmt, ...) do {} while (0)
-#endif
-
-#define IOPORT_SIZE 0x40
-#define PNPMMIO_SIZE 0x20000
-#define MIN_BUF_SIZE 60 /* Min. octets in an ethernet frame sans FCS */
-
-/* this is the size past which hardware will drop packets when setting LPE=0 */
-#define MAXIMUM_ETHERNET_VLAN_SIZE 1522
-
-/*
- * HW models:
- * E1000_DEV_ID_82540EM works with Windows and Linux
- * E1000_DEV_ID_82573L OK with windoze and Linux 2.6.22,
- * appears to perform better than 82540EM, but breaks with Linux 2.6.18
- * E1000_DEV_ID_82544GC_COPPER appears to work; not well tested
- * Others never tested
- */
-enum { E1000_DEVID = E1000_DEV_ID_82540EM };
-
-/*
- * May need to specify additional MAC-to-PHY entries --
- * Intel's Windows driver refuses to initialize unless they match
- */
-enum {
- PHY_ID2_INIT = E1000_DEVID == E1000_DEV_ID_82573L ? 0xcc2 :
- E1000_DEVID == E1000_DEV_ID_82544GC_COPPER ? 0xc30 :
- /* default to E1000_DEV_ID_82540EM */ 0xc20
-};
-
-typedef struct E1000State_st {
- PCIDevice dev;
- NICState *nic;
- NICConf conf;
- MemoryRegion mmio;
- MemoryRegion io;
-
- uint32_t mac_reg[0x8000];
- uint16_t phy_reg[0x20];
- uint16_t eeprom_data[64];
-
- uint32_t rxbuf_size;
- uint32_t rxbuf_min_shift;
- struct e1000_tx {
- unsigned char header[256];
- unsigned char vlan_header[4];
- /* Fields vlan and data must not be reordered or separated. */
- unsigned char vlan[4];
- unsigned char data[0x10000];
- uint16_t size;
- unsigned char sum_needed;
- unsigned char vlan_needed;
- uint8_t ipcss;
- uint8_t ipcso;
- uint16_t ipcse;
- uint8_t tucss;
- uint8_t tucso;
- uint16_t tucse;
- uint8_t hdr_len;
- uint16_t mss;
- uint32_t paylen;
- uint16_t tso_frames;
- char tse;
- int8_t ip;
- int8_t tcp;
- char cptse; // current packet tse bit
- } tx;
-
- struct {
- uint32_t val_in; // shifted in from guest driver
- uint16_t bitnum_in;
- uint16_t bitnum_out;
- uint16_t reading;
- uint32_t old_eecd;
- } eecd_state;
-
- QEMUTimer *autoneg_timer;
-} E1000State;
-
-#define defreg(x) x = (E1000_##x>>2)
-enum {
- defreg(CTRL), defreg(EECD), defreg(EERD), defreg(GPRC),
- defreg(GPTC), defreg(ICR), defreg(ICS), defreg(IMC),
- defreg(IMS), defreg(LEDCTL), defreg(MANC), defreg(MDIC),
- defreg(MPC), defreg(PBA), defreg(RCTL), defreg(RDBAH),
- defreg(RDBAL), defreg(RDH), defreg(RDLEN), defreg(RDT),
- defreg(STATUS), defreg(SWSM), defreg(TCTL), defreg(TDBAH),
- defreg(TDBAL), defreg(TDH), defreg(TDLEN), defreg(TDT),
- defreg(TORH), defreg(TORL), defreg(TOTH), defreg(TOTL),
- defreg(TPR), defreg(TPT), defreg(TXDCTL), defreg(WUFC),
- defreg(RA), defreg(MTA), defreg(CRCERRS),defreg(VFTA),
- defreg(VET),
-};
-
-static void
-e1000_link_down(E1000State *s)
-{
- s->mac_reg[STATUS] &= ~E1000_STATUS_LU;
- s->phy_reg[PHY_STATUS] &= ~MII_SR_LINK_STATUS;
-}
-
-static void
-e1000_link_up(E1000State *s)
-{
- s->mac_reg[STATUS] |= E1000_STATUS_LU;
- s->phy_reg[PHY_STATUS] |= MII_SR_LINK_STATUS;
-}
-
-static void
-set_phy_ctrl(E1000State *s, int index, uint16_t val)
-{
- if ((val & MII_CR_AUTO_NEG_EN) && (val & MII_CR_RESTART_AUTO_NEG)) {
- s->nic->nc.link_down = true;
- e1000_link_down(s);
- s->phy_reg[PHY_STATUS] &= ~MII_SR_AUTONEG_COMPLETE;
- DBGOUT(PHY, "Start link auto negotiation\n");
- qemu_mod_timer(s->autoneg_timer, qemu_get_clock_ms(vm_clock) + 500);
- }
-}
-
-static void
-e1000_autoneg_timer(void *opaque)
-{
- E1000State *s = opaque;
- s->nic->nc.link_down = false;
- e1000_link_up(s);
- s->phy_reg[PHY_STATUS] |= MII_SR_AUTONEG_COMPLETE;
- DBGOUT(PHY, "Auto negotiation is completed\n");
-}
-
-static void (*phyreg_writeops[])(E1000State *, int, uint16_t) = {
- [PHY_CTRL] = set_phy_ctrl,
-};
-
-enum { NPHYWRITEOPS = ARRAY_SIZE(phyreg_writeops) };
-
-enum { PHY_R = 1, PHY_W = 2, PHY_RW = PHY_R | PHY_W };
-static const char phy_regcap[0x20] = {
- [PHY_STATUS] = PHY_R, [M88E1000_EXT_PHY_SPEC_CTRL] = PHY_RW,
- [PHY_ID1] = PHY_R, [M88E1000_PHY_SPEC_CTRL] = PHY_RW,
- [PHY_CTRL] = PHY_RW, [PHY_1000T_CTRL] = PHY_RW,
- [PHY_LP_ABILITY] = PHY_R, [PHY_1000T_STATUS] = PHY_R,
- [PHY_AUTONEG_ADV] = PHY_RW, [M88E1000_RX_ERR_CNTR] = PHY_R,
- [PHY_ID2] = PHY_R, [M88E1000_PHY_SPEC_STATUS] = PHY_R
-};
-
-static const uint16_t phy_reg_init[] = {
- [PHY_CTRL] = 0x1140,
- [PHY_STATUS] = 0x794d, /* link initially up with not completed autoneg */
- [PHY_ID1] = 0x141, [PHY_ID2] = PHY_ID2_INIT,
- [PHY_1000T_CTRL] = 0x0e00, [M88E1000_PHY_SPEC_CTRL] = 0x360,
- [M88E1000_EXT_PHY_SPEC_CTRL] = 0x0d60, [PHY_AUTONEG_ADV] = 0xde1,
- [PHY_LP_ABILITY] = 0x1e0, [PHY_1000T_STATUS] = 0x3c00,
- [M88E1000_PHY_SPEC_STATUS] = 0xac00,
-};
-
-static const uint32_t mac_reg_init[] = {
- [PBA] = 0x00100030,
- [LEDCTL] = 0x602,
- [CTRL] = E1000_CTRL_SWDPIN2 | E1000_CTRL_SWDPIN0 |
- E1000_CTRL_SPD_1000 | E1000_CTRL_SLU,
- [STATUS] = 0x80000000 | E1000_STATUS_GIO_MASTER_ENABLE |
- E1000_STATUS_ASDV | E1000_STATUS_MTXCKOK |
- E1000_STATUS_SPEED_1000 | E1000_STATUS_FD |
- E1000_STATUS_LU,
- [MANC] = E1000_MANC_EN_MNG2HOST | E1000_MANC_RCV_TCO_EN |
- E1000_MANC_ARP_EN | E1000_MANC_0298_EN |
- E1000_MANC_RMCP_EN,
-};
-
-static void
-set_interrupt_cause(E1000State *s, int index, uint32_t val)
-{
- if (val && (E1000_DEVID >= E1000_DEV_ID_82547EI_MOBILE)) {
- /* Only for 8257x */
- val |= E1000_ICR_INT_ASSERTED;
- }
- s->mac_reg[ICR] = val;
- s->mac_reg[ICS] = val;
- qemu_set_irq(s->dev.irq[0], (s->mac_reg[IMS] & s->mac_reg[ICR]) != 0);
-}
-
-static void
-set_ics(E1000State *s, int index, uint32_t val)
-{
- DBGOUT(INTERRUPT, "set_ics %x, ICR %x, IMR %x\n", val, s->mac_reg[ICR],
- s->mac_reg[IMS]);
- set_interrupt_cause(s, 0, val | s->mac_reg[ICR]);
-}
-
-static int
-rxbufsize(uint32_t v)
-{
- v &= E1000_RCTL_BSEX | E1000_RCTL_SZ_16384 | E1000_RCTL_SZ_8192 |
- E1000_RCTL_SZ_4096 | E1000_RCTL_SZ_2048 | E1000_RCTL_SZ_1024 |
- E1000_RCTL_SZ_512 | E1000_RCTL_SZ_256;
- switch (v) {
- case E1000_RCTL_BSEX | E1000_RCTL_SZ_16384:
- return 16384;
- case E1000_RCTL_BSEX | E1000_RCTL_SZ_8192:
- return 8192;
- case E1000_RCTL_BSEX | E1000_RCTL_SZ_4096:
- return 4096;
- case E1000_RCTL_SZ_1024:
- return 1024;
- case E1000_RCTL_SZ_512:
- return 512;
- case E1000_RCTL_SZ_256:
- return 256;
- }
- return 2048;
-}
-
-static void e1000_reset(void *opaque)
-{
- E1000State *d = opaque;
- uint8_t *macaddr = d->conf.macaddr.a;
- int i;
-
- qemu_del_timer(d->autoneg_timer);
- memset(d->phy_reg, 0, sizeof d->phy_reg);
- memmove(d->phy_reg, phy_reg_init, sizeof phy_reg_init);
- memset(d->mac_reg, 0, sizeof d->mac_reg);
- memmove(d->mac_reg, mac_reg_init, sizeof mac_reg_init);
- d->rxbuf_min_shift = 1;
- memset(&d->tx, 0, sizeof d->tx);
-
- if (d->nic->nc.link_down) {
- e1000_link_down(d);
- }
-
- /* Some guests expect pre-initialized RAH/RAL (AddrValid flag + MACaddr) */
- d->mac_reg[RA] = 0;
- d->mac_reg[RA + 1] = E1000_RAH_AV;
- for (i = 0; i < 4; i++) {
- d->mac_reg[RA] |= macaddr[i] << (8 * i);
- d->mac_reg[RA + 1] |= (i < 2) ? macaddr[i + 4] << (8 * i) : 0;
- }
-}
-
-static void
-set_ctrl(E1000State *s, int index, uint32_t val)
-{
- /* RST is self clearing */
- s->mac_reg[CTRL] = val & ~E1000_CTRL_RST;
-}
-
-static void
-set_rx_control(E1000State *s, int index, uint32_t val)
-{
- s->mac_reg[RCTL] = val;
- s->rxbuf_size = rxbufsize(val);
- s->rxbuf_min_shift = ((val / E1000_RCTL_RDMTS_QUAT) & 3) + 1;
- DBGOUT(RX, "RCTL: %d, mac_reg[RCTL] = 0x%x\n", s->mac_reg[RDT],
- s->mac_reg[RCTL]);
- qemu_flush_queued_packets(&s->nic->nc);
-}
-
-static void
-set_mdic(E1000State *s, int index, uint32_t val)
-{
- uint32_t data = val & E1000_MDIC_DATA_MASK;
- uint32_t addr = ((val & E1000_MDIC_REG_MASK) >> E1000_MDIC_REG_SHIFT);
-
- if ((val & E1000_MDIC_PHY_MASK) >> E1000_MDIC_PHY_SHIFT != 1) // phy #
- val = s->mac_reg[MDIC] | E1000_MDIC_ERROR;
- else if (val & E1000_MDIC_OP_READ) {
- DBGOUT(MDIC, "MDIC read reg 0x%x\n", addr);
- if (!(phy_regcap[addr] & PHY_R)) {
- DBGOUT(MDIC, "MDIC read reg %x unhandled\n", addr);
- val |= E1000_MDIC_ERROR;
- } else
- val = (val ^ data) | s->phy_reg[addr];
- } else if (val & E1000_MDIC_OP_WRITE) {
- DBGOUT(MDIC, "MDIC write reg 0x%x, value 0x%x\n", addr, data);
- if (!(phy_regcap[addr] & PHY_W)) {
- DBGOUT(MDIC, "MDIC write reg %x unhandled\n", addr);
- val |= E1000_MDIC_ERROR;
- } else {
- if (addr < NPHYWRITEOPS && phyreg_writeops[addr]) {
- phyreg_writeops[addr](s, index, data);
- }
- s->phy_reg[addr] = data;
- }
- }
- s->mac_reg[MDIC] = val | E1000_MDIC_READY;
-
- if (val & E1000_MDIC_INT_EN) {
- set_ics(s, 0, E1000_ICR_MDAC);
- }
-}
-
-static uint32_t
-get_eecd(E1000State *s, int index)
-{
- uint32_t ret = E1000_EECD_PRES|E1000_EECD_GNT | s->eecd_state.old_eecd;
-
- DBGOUT(EEPROM, "reading eeprom bit %d (reading %d)\n",
- s->eecd_state.bitnum_out, s->eecd_state.reading);
- if (!s->eecd_state.reading ||
- ((s->eeprom_data[(s->eecd_state.bitnum_out >> 4) & 0x3f] >>
- ((s->eecd_state.bitnum_out & 0xf) ^ 0xf))) & 1)
- ret |= E1000_EECD_DO;
- return ret;
-}
-
-static void
-set_eecd(E1000State *s, int index, uint32_t val)
-{
- uint32_t oldval = s->eecd_state.old_eecd;
-
- s->eecd_state.old_eecd = val & (E1000_EECD_SK | E1000_EECD_CS |
- E1000_EECD_DI|E1000_EECD_FWE_MASK|E1000_EECD_REQ);
- if (!(E1000_EECD_CS & val)) // CS inactive; nothing to do
- return;
- if (E1000_EECD_CS & (val ^ oldval)) { // CS rise edge; reset state
- s->eecd_state.val_in = 0;
- s->eecd_state.bitnum_in = 0;
- s->eecd_state.bitnum_out = 0;
- s->eecd_state.reading = 0;
- }
- if (!(E1000_EECD_SK & (val ^ oldval))) // no clock edge
- return;
- if (!(E1000_EECD_SK & val)) { // falling edge
- s->eecd_state.bitnum_out++;
- return;
- }
- s->eecd_state.val_in <<= 1;
- if (val & E1000_EECD_DI)
- s->eecd_state.val_in |= 1;
- if (++s->eecd_state.bitnum_in == 9 && !s->eecd_state.reading) {
- s->eecd_state.bitnum_out = ((s->eecd_state.val_in & 0x3f)<<4)-1;
- s->eecd_state.reading = (((s->eecd_state.val_in >> 6) & 7) ==
- EEPROM_READ_OPCODE_MICROWIRE);
- }
- DBGOUT(EEPROM, "eeprom bitnum in %d out %d, reading %d\n",
- s->eecd_state.bitnum_in, s->eecd_state.bitnum_out,
- s->eecd_state.reading);
-}
-
-static uint32_t
-flash_eerd_read(E1000State *s, int x)
-{
- unsigned int index, r = s->mac_reg[EERD] & ~E1000_EEPROM_RW_REG_START;
-
- if ((s->mac_reg[EERD] & E1000_EEPROM_RW_REG_START) == 0)
- return (s->mac_reg[EERD]);
-
- if ((index = r >> E1000_EEPROM_RW_ADDR_SHIFT) > EEPROM_CHECKSUM_REG)
- return (E1000_EEPROM_RW_REG_DONE | r);
-
- return ((s->eeprom_data[index] << E1000_EEPROM_RW_REG_DATA) |
- E1000_EEPROM_RW_REG_DONE | r);
-}
-
-static void
-putsum(uint8_t *data, uint32_t n, uint32_t sloc, uint32_t css, uint32_t cse)
-{
- uint32_t sum;
-
- if (cse && cse < n)
- n = cse + 1;
- if (sloc < n-1) {
- sum = net_checksum_add(n-css, data+css);
- cpu_to_be16wu((uint16_t *)(data + sloc),
- net_checksum_finish(sum));
- }
-}
-
-static inline int
-vlan_enabled(E1000State *s)
-{
- return ((s->mac_reg[CTRL] & E1000_CTRL_VME) != 0);
-}
-
-static inline int
-vlan_rx_filter_enabled(E1000State *s)
-{
- return ((s->mac_reg[RCTL] & E1000_RCTL_VFE) != 0);
-}
-
-static inline int
-is_vlan_packet(E1000State *s, const uint8_t *buf)
-{
- return (be16_to_cpup((uint16_t *)(buf + 12)) ==
- le16_to_cpup((uint16_t *)(s->mac_reg + VET)));
-}
-
-static inline int
-is_vlan_txd(uint32_t txd_lower)
-{
- return ((txd_lower & E1000_TXD_CMD_VLE) != 0);
-}
-
-/* FCS aka Ethernet CRC-32. We don't get it from backends and can't
- * fill it in, just pad descriptor length by 4 bytes unless guest
- * told us to strip it off the packet. */
-static inline int
-fcs_len(E1000State *s)
-{
- return (s->mac_reg[RCTL] & E1000_RCTL_SECRC) ? 0 : 4;
-}
-
-static void
-e1000_send_packet(E1000State *s, const uint8_t *buf, int size)
-{
- if (s->phy_reg[PHY_CTRL] & MII_CR_LOOPBACK) {
- s->nic->nc.info->receive(&s->nic->nc, buf, size);
- } else {
- qemu_send_packet(&s->nic->nc, buf, size);
- }
-}
-
-static void
-xmit_seg(E1000State *s)
-{
- uint16_t len, *sp;
- unsigned int frames = s->tx.tso_frames, css, sofar, n;
- struct e1000_tx *tp = &s->tx;
-
- if (tp->tse && tp->cptse) {
- css = tp->ipcss;
- DBGOUT(TXSUM, "frames %d size %d ipcss %d\n",
- frames, tp->size, css);
- if (tp->ip) { // IPv4
- cpu_to_be16wu((uint16_t *)(tp->data+css+2),
- tp->size - css);
- cpu_to_be16wu((uint16_t *)(tp->data+css+4),
- be16_to_cpup((uint16_t *)(tp->data+css+4))+frames);
- } else // IPv6
- cpu_to_be16wu((uint16_t *)(tp->data+css+4),
- tp->size - css);
- css = tp->tucss;
- len = tp->size - css;
- DBGOUT(TXSUM, "tcp %d tucss %d len %d\n", tp->tcp, css, len);
- if (tp->tcp) {
- sofar = frames * tp->mss;
- cpu_to_be32wu((uint32_t *)(tp->data+css+4), // seq
- be32_to_cpupu((uint32_t *)(tp->data+css+4))+sofar);
- if (tp->paylen - sofar > tp->mss)
- tp->data[css + 13] &= ~9; // PSH, FIN
- } else // UDP
- cpu_to_be16wu((uint16_t *)(tp->data+css+4), len);
- if (tp->sum_needed & E1000_TXD_POPTS_TXSM) {
- unsigned int phsum;
- // add pseudo-header length before checksum calculation
- sp = (uint16_t *)(tp->data + tp->tucso);
- phsum = be16_to_cpup(sp) + len;
- phsum = (phsum >> 16) + (phsum & 0xffff);
- cpu_to_be16wu(sp, phsum);
- }
- tp->tso_frames++;
- }
-
- if (tp->sum_needed & E1000_TXD_POPTS_TXSM)
- putsum(tp->data, tp->size, tp->tucso, tp->tucss, tp->tucse);
- if (tp->sum_needed & E1000_TXD_POPTS_IXSM)
- putsum(tp->data, tp->size, tp->ipcso, tp->ipcss, tp->ipcse);
- if (tp->vlan_needed) {
- memmove(tp->vlan, tp->data, 4);
- memmove(tp->data, tp->data + 4, 8);
- memcpy(tp->data + 8, tp->vlan_header, 4);
- e1000_send_packet(s, tp->vlan, tp->size + 4);
- } else
- e1000_send_packet(s, tp->data, tp->size);
- s->mac_reg[TPT]++;
- s->mac_reg[GPTC]++;
- n = s->mac_reg[TOTL];
- if ((s->mac_reg[TOTL] += s->tx.size) < n)
- s->mac_reg[TOTH]++;
-}
-
-static void
-process_tx_desc(E1000State *s, struct e1000_tx_desc *dp)
-{
- uint32_t txd_lower = le32_to_cpu(dp->lower.data);
- uint32_t dtype = txd_lower & (E1000_TXD_CMD_DEXT | E1000_TXD_DTYP_D);
- unsigned int split_size = txd_lower & 0xffff, bytes, sz, op;
- unsigned int msh = 0xfffff, hdr = 0;
- uint64_t addr;
- struct e1000_context_desc *xp = (struct e1000_context_desc *)dp;
- struct e1000_tx *tp = &s->tx;
-
- if (dtype == E1000_TXD_CMD_DEXT) { // context descriptor
- op = le32_to_cpu(xp->cmd_and_length);
- tp->ipcss = xp->lower_setup.ip_fields.ipcss;
- tp->ipcso = xp->lower_setup.ip_fields.ipcso;
- tp->ipcse = le16_to_cpu(xp->lower_setup.ip_fields.ipcse);
- tp->tucss = xp->upper_setup.tcp_fields.tucss;
- tp->tucso = xp->upper_setup.tcp_fields.tucso;
- tp->tucse = le16_to_cpu(xp->upper_setup.tcp_fields.tucse);
- tp->paylen = op & 0xfffff;
- tp->hdr_len = xp->tcp_seg_setup.fields.hdr_len;
- tp->mss = le16_to_cpu(xp->tcp_seg_setup.fields.mss);
- tp->ip = (op & E1000_TXD_CMD_IP) ? 1 : 0;
- tp->tcp = (op & E1000_TXD_CMD_TCP) ? 1 : 0;
- tp->tse = (op & E1000_TXD_CMD_TSE) ? 1 : 0;
- tp->tso_frames = 0;
- if (tp->tucso == 0) { // this is probably wrong
- DBGOUT(TXSUM, "TCP/UDP: cso 0!\n");
- tp->tucso = tp->tucss + (tp->tcp ? 16 : 6);
- }
- return;
- } else if (dtype == (E1000_TXD_CMD_DEXT | E1000_TXD_DTYP_D)) {
- // data descriptor
- if (tp->size == 0) {
- tp->sum_needed = le32_to_cpu(dp->upper.data) >> 8;
- }
- tp->cptse = ( txd_lower & E1000_TXD_CMD_TSE ) ? 1 : 0;
- } else {
- // legacy descriptor
- tp->cptse = 0;
- }
-
- if (vlan_enabled(s) && is_vlan_txd(txd_lower) &&
- (tp->cptse || txd_lower & E1000_TXD_CMD_EOP)) {
- tp->vlan_needed = 1;
- cpu_to_be16wu((uint16_t *)(tp->vlan_header),
- le16_to_cpup((uint16_t *)(s->mac_reg + VET)));
- cpu_to_be16wu((uint16_t *)(tp->vlan_header + 2),
- le16_to_cpu(dp->upper.fields.special));
- }
-
- addr = le64_to_cpu(dp->buffer_addr);
- if (tp->tse && tp->cptse) {
- hdr = tp->hdr_len;
- msh = hdr + tp->mss;
- do {
- bytes = split_size;
- if (tp->size + bytes > msh)
- bytes = msh - tp->size;
-
- bytes = MIN(sizeof(tp->data) - tp->size, bytes);
- pci_dma_read(&s->dev, addr, tp->data + tp->size, bytes);
- if ((sz = tp->size + bytes) >= hdr && tp->size < hdr)
- memmove(tp->header, tp->data, hdr);
- tp->size = sz;
- addr += bytes;
- if (sz == msh) {
- xmit_seg(s);
- memmove(tp->data, tp->header, hdr);
- tp->size = hdr;
- }
- } while (split_size -= bytes);
- } else if (!tp->tse && tp->cptse) {
- // context descriptor TSE is not set, while data descriptor TSE is set
- DBGOUT(TXERR, "TCP segmentation error\n");
- } else {
- split_size = MIN(sizeof(tp->data) - tp->size, split_size);
- pci_dma_read(&s->dev, addr, tp->data + tp->size, split_size);
- tp->size += split_size;
- }
-
- if (!(txd_lower & E1000_TXD_CMD_EOP))
- return;
- if (!(tp->tse && tp->cptse && tp->size < hdr))
- xmit_seg(s);
- tp->tso_frames = 0;
- tp->sum_needed = 0;
- tp->vlan_needed = 0;
- tp->size = 0;
- tp->cptse = 0;
-}
-
-static uint32_t
-txdesc_writeback(E1000State *s, dma_addr_t base, struct e1000_tx_desc *dp)
-{
- uint32_t txd_upper, txd_lower = le32_to_cpu(dp->lower.data);
-
- if (!(txd_lower & (E1000_TXD_CMD_RS|E1000_TXD_CMD_RPS)))
- return 0;
- txd_upper = (le32_to_cpu(dp->upper.data) | E1000_TXD_STAT_DD) &
- ~(E1000_TXD_STAT_EC | E1000_TXD_STAT_LC | E1000_TXD_STAT_TU);
- dp->upper.data = cpu_to_le32(txd_upper);
- pci_dma_write(&s->dev, base + ((char *)&dp->upper - (char *)dp),
- &dp->upper, sizeof(dp->upper));
- return E1000_ICR_TXDW;
-}
-
-static uint64_t tx_desc_base(E1000State *s)
-{
- uint64_t bah = s->mac_reg[TDBAH];
- uint64_t bal = s->mac_reg[TDBAL] & ~0xf;
-
- return (bah << 32) + bal;
-}
-
-static void
-start_xmit(E1000State *s)
-{
- dma_addr_t base;
- struct e1000_tx_desc desc;
- uint32_t tdh_start = s->mac_reg[TDH], cause = E1000_ICS_TXQE;
-
- if (!(s->mac_reg[TCTL] & E1000_TCTL_EN)) {
- DBGOUT(TX, "tx disabled\n");
- return;
- }
-
- while (s->mac_reg[TDH] != s->mac_reg[TDT]) {
- base = tx_desc_base(s) +
- sizeof(struct e1000_tx_desc) * s->mac_reg[TDH];
- pci_dma_read(&s->dev, base, &desc, sizeof(desc));
-
- DBGOUT(TX, "index %d: %p : %x %x\n", s->mac_reg[TDH],
- (void *)(intptr_t)desc.buffer_addr, desc.lower.data,
- desc.upper.data);
-
- process_tx_desc(s, &desc);
- cause |= txdesc_writeback(s, base, &desc);
-
- if (++s->mac_reg[TDH] * sizeof(desc) >= s->mac_reg[TDLEN])
- s->mac_reg[TDH] = 0;
- /*
- * the following could happen only if guest sw assigns
- * bogus values to TDT/TDLEN.
- * there's nothing too intelligent we could do about this.
- */
- if (s->mac_reg[TDH] == tdh_start) {
- DBGOUT(TXERR, "TDH wraparound @%x, TDT %x, TDLEN %x\n",
- tdh_start, s->mac_reg[TDT], s->mac_reg[TDLEN]);
- break;
- }
- }
- set_ics(s, 0, cause);
-}
-
-static int
-receive_filter(E1000State *s, const uint8_t *buf, int size)
-{
- static const uint8_t bcast[] = {0xff, 0xff, 0xff, 0xff, 0xff, 0xff};
- static const int mta_shift[] = {4, 3, 2, 0};
- uint32_t f, rctl = s->mac_reg[RCTL], ra[2], *rp;
-
- if (is_vlan_packet(s, buf) && vlan_rx_filter_enabled(s)) {
- uint16_t vid = be16_to_cpup((uint16_t *)(buf + 14));
- uint32_t vfta = le32_to_cpup((uint32_t *)(s->mac_reg + VFTA) +
- ((vid >> 5) & 0x7f));
- if ((vfta & (1 << (vid & 0x1f))) == 0)
- return 0;
- }
-
- if (rctl & E1000_RCTL_UPE) // promiscuous
- return 1;
-
- if ((buf[0] & 1) && (rctl & E1000_RCTL_MPE)) // promiscuous mcast
- return 1;
-
- if ((rctl & E1000_RCTL_BAM) && !memcmp(buf, bcast, sizeof bcast))
- return 1;
-
- for (rp = s->mac_reg + RA; rp < s->mac_reg + RA + 32; rp += 2) {
- if (!(rp[1] & E1000_RAH_AV))
- continue;
- ra[0] = cpu_to_le32(rp[0]);
- ra[1] = cpu_to_le32(rp[1]);
- if (!memcmp(buf, (uint8_t *)ra, 6)) {
- DBGOUT(RXFILTER,
- "unicast match[%d]: %02x:%02x:%02x:%02x:%02x:%02x\n",
- (int)(rp - s->mac_reg - RA)/2,
- buf[0], buf[1], buf[2], buf[3], buf[4], buf[5]);
- return 1;
- }
- }
- DBGOUT(RXFILTER, "unicast mismatch: %02x:%02x:%02x:%02x:%02x:%02x\n",
- buf[0], buf[1], buf[2], buf[3], buf[4], buf[5]);
-
- f = mta_shift[(rctl >> E1000_RCTL_MO_SHIFT) & 3];
- f = (((buf[5] << 8) | buf[4]) >> f) & 0xfff;
- if (s->mac_reg[MTA + (f >> 5)] & (1 << (f & 0x1f)))
- return 1;
- DBGOUT(RXFILTER,
- "dropping, inexact filter mismatch: %02x:%02x:%02x:%02x:%02x:%02x MO %d MTA[%d] %x\n",
- buf[0], buf[1], buf[2], buf[3], buf[4], buf[5],
- (rctl >> E1000_RCTL_MO_SHIFT) & 3, f >> 5,
- s->mac_reg[MTA + (f >> 5)]);
-
- return 0;
-}
-
-static void
-e1000_set_link_status(NetClientState *nc)
-{
- E1000State *s = DO_UPCAST(NICState, nc, nc)->opaque;
- uint32_t old_status = s->mac_reg[STATUS];
-
- if (nc->link_down) {
- e1000_link_down(s);
- } else {
- e1000_link_up(s);
- }
-
- if (s->mac_reg[STATUS] != old_status)
- set_ics(s, 0, E1000_ICR_LSC);
-}
-
-static bool e1000_has_rxbufs(E1000State *s, size_t total_size)
-{
- int bufs;
- /* Fast-path short packets */
- if (total_size <= s->rxbuf_size) {
- return s->mac_reg[RDH] != s->mac_reg[RDT];
- }
- if (s->mac_reg[RDH] < s->mac_reg[RDT]) {
- bufs = s->mac_reg[RDT] - s->mac_reg[RDH];
- } else if (s->mac_reg[RDH] > s->mac_reg[RDT]) {
- bufs = s->mac_reg[RDLEN] / sizeof(struct e1000_rx_desc) +
- s->mac_reg[RDT] - s->mac_reg[RDH];
- } else {
- return false;
- }
- return total_size <= bufs * s->rxbuf_size;
-}
-
-static int
-e1000_can_receive(NetClientState *nc)
-{
- E1000State *s = DO_UPCAST(NICState, nc, nc)->opaque;
-
- return (s->mac_reg[RCTL] & E1000_RCTL_EN) && e1000_has_rxbufs(s, 1);
-}
-
-static uint64_t rx_desc_base(E1000State *s)
-{
- uint64_t bah = s->mac_reg[RDBAH];
- uint64_t bal = s->mac_reg[RDBAL] & ~0xf;
-
- return (bah << 32) + bal;
-}
-
-static ssize_t
-e1000_receive(NetClientState *nc, const uint8_t *buf, size_t size)
-{
- E1000State *s = DO_UPCAST(NICState, nc, nc)->opaque;
- struct e1000_rx_desc desc;
- dma_addr_t base;
- unsigned int n, rdt;
- uint32_t rdh_start;
- uint16_t vlan_special = 0;
- uint8_t vlan_status = 0, vlan_offset = 0;
- uint8_t min_buf[MIN_BUF_SIZE];
- size_t desc_offset;
- size_t desc_size;
- size_t total_size;
-
- if (!(s->mac_reg[RCTL] & E1000_RCTL_EN))
- return -1;
-
- /* Pad to minimum Ethernet frame length */
- if (size < sizeof(min_buf)) {
- memcpy(min_buf, buf, size);
- memset(&min_buf[size], 0, sizeof(min_buf) - size);
- buf = min_buf;
- size = sizeof(min_buf);
- }
-
- /* Discard oversized packets if !LPE and !SBP. */
- if (size > MAXIMUM_ETHERNET_VLAN_SIZE
- && !(s->mac_reg[RCTL] & E1000_RCTL_LPE)
- && !(s->mac_reg[RCTL] & E1000_RCTL_SBP)) {
- return size;
- }
-
- if (!receive_filter(s, buf, size))
- return size;
-
- if (vlan_enabled(s) && is_vlan_packet(s, buf)) {
- vlan_special = cpu_to_le16(be16_to_cpup((uint16_t *)(buf + 14)));
- memmove((uint8_t *)buf + 4, buf, 12);
- vlan_status = E1000_RXD_STAT_VP;
- vlan_offset = 4;
- size -= 4;
- }
-
- rdh_start = s->mac_reg[RDH];
- desc_offset = 0;
- total_size = size + fcs_len(s);
- if (!e1000_has_rxbufs(s, total_size)) {
- set_ics(s, 0, E1000_ICS_RXO);
- return -1;
- }
- do {
- desc_size = total_size - desc_offset;
- if (desc_size > s->rxbuf_size) {
- desc_size = s->rxbuf_size;
- }
- base = rx_desc_base(s) + sizeof(desc) * s->mac_reg[RDH];
- pci_dma_read(&s->dev, base, &desc, sizeof(desc));
- desc.special = vlan_special;
- desc.status |= (vlan_status | E1000_RXD_STAT_DD);
- if (desc.buffer_addr) {
- if (desc_offset < size) {
- size_t copy_size = size - desc_offset;
- if (copy_size > s->rxbuf_size) {
- copy_size = s->rxbuf_size;
- }
- pci_dma_write(&s->dev, le64_to_cpu(desc.buffer_addr),
- buf + desc_offset + vlan_offset, copy_size);
- }
- desc_offset += desc_size;
- desc.length = cpu_to_le16(desc_size);
- if (desc_offset >= total_size) {
- desc.status |= E1000_RXD_STAT_EOP | E1000_RXD_STAT_IXSM;
- } else {
- /* Guest zeroing out status is not a hardware requirement.
- Clear EOP in case guest didn't do it. */
- desc.status &= ~E1000_RXD_STAT_EOP;
- }
- } else { // as per intel docs; skip descriptors with null buf addr
- DBGOUT(RX, "Null RX descriptor!!\n");
- }
- pci_dma_write(&s->dev, base, &desc, sizeof(desc));
-
- if (++s->mac_reg[RDH] * sizeof(desc) >= s->mac_reg[RDLEN])
- s->mac_reg[RDH] = 0;
- /* see comment in start_xmit; same here */
- if (s->mac_reg[RDH] == rdh_start) {
- DBGOUT(RXERR, "RDH wraparound @%x, RDT %x, RDLEN %x\n",
- rdh_start, s->mac_reg[RDT], s->mac_reg[RDLEN]);
- set_ics(s, 0, E1000_ICS_RXO);
- return -1;
- }
- } while (desc_offset < total_size);
-
- s->mac_reg[GPRC]++;
- s->mac_reg[TPR]++;
- /* TOR - Total Octets Received:
- * This register includes bytes received in a packet from the <Destination
- * Address> field through the <CRC> field, inclusively.
- */
- n = s->mac_reg[TORL] + size + /* Always include FCS length. */ 4;
- if (n < s->mac_reg[TORL])
- s->mac_reg[TORH]++;
- s->mac_reg[TORL] = n;
-
- n = E1000_ICS_RXT0;
- if ((rdt = s->mac_reg[RDT]) < s->mac_reg[RDH])
- rdt += s->mac_reg[RDLEN] / sizeof(desc);
- if (((rdt - s->mac_reg[RDH]) * sizeof(desc)) <= s->mac_reg[RDLEN] >>
- s->rxbuf_min_shift)
- n |= E1000_ICS_RXDMT0;
-
- set_ics(s, 0, n);
-
- return size;
-}
-
-static uint32_t
-mac_readreg(E1000State *s, int index)
-{
- return s->mac_reg[index];
-}
-
-static uint32_t
-mac_icr_read(E1000State *s, int index)
-{
- uint32_t ret = s->mac_reg[ICR];
-
- DBGOUT(INTERRUPT, "ICR read: %x\n", ret);
- set_interrupt_cause(s, 0, 0);
- return ret;
-}
-
-static uint32_t
-mac_read_clr4(E1000State *s, int index)
-{
- uint32_t ret = s->mac_reg[index];
-
- s->mac_reg[index] = 0;
- return ret;
-}
-
-static uint32_t
-mac_read_clr8(E1000State *s, int index)
-{
- uint32_t ret = s->mac_reg[index];
-
- s->mac_reg[index] = 0;
- s->mac_reg[index-1] = 0;
- return ret;
-}
-
-static void
-mac_writereg(E1000State *s, int index, uint32_t val)
-{
- s->mac_reg[index] = val;
-}
-
-static void
-set_rdt(E1000State *s, int index, uint32_t val)
-{
- s->mac_reg[index] = val & 0xffff;
- if (e1000_has_rxbufs(s, 1)) {
- qemu_flush_queued_packets(&s->nic->nc);
- }
-}
-
-static void
-set_16bit(E1000State *s, int index, uint32_t val)
-{
- s->mac_reg[index] = val & 0xffff;
-}
-
-static void
-set_dlen(E1000State *s, int index, uint32_t val)
-{
- s->mac_reg[index] = val & 0xfff80;
-}
-
-static void
-set_tctl(E1000State *s, int index, uint32_t val)
-{
- s->mac_reg[index] = val;
- s->mac_reg[TDT] &= 0xffff;
- start_xmit(s);
-}
-
-static void
-set_icr(E1000State *s, int index, uint32_t val)
-{
- DBGOUT(INTERRUPT, "set_icr %x\n", val);
- set_interrupt_cause(s, 0, s->mac_reg[ICR] & ~val);
-}
-
-static void
-set_imc(E1000State *s, int index, uint32_t val)
-{
- s->mac_reg[IMS] &= ~val;
- set_ics(s, 0, 0);
-}
-
-static void
-set_ims(E1000State *s, int index, uint32_t val)
-{
- s->mac_reg[IMS] |= val;
- set_ics(s, 0, 0);
-}
-
-#define getreg(x) [x] = mac_readreg
-static uint32_t (*macreg_readops[])(E1000State *, int) = {
- getreg(PBA), getreg(RCTL), getreg(TDH), getreg(TXDCTL),
- getreg(WUFC), getreg(TDT), getreg(CTRL), getreg(LEDCTL),
- getreg(MANC), getreg(MDIC), getreg(SWSM), getreg(STATUS),
- getreg(TORL), getreg(TOTL), getreg(IMS), getreg(TCTL),
- getreg(RDH), getreg(RDT), getreg(VET), getreg(ICS),
- getreg(TDBAL), getreg(TDBAH), getreg(RDBAH), getreg(RDBAL),
- getreg(TDLEN), getreg(RDLEN),
-
- [TOTH] = mac_read_clr8, [TORH] = mac_read_clr8, [GPRC] = mac_read_clr4,
- [GPTC] = mac_read_clr4, [TPR] = mac_read_clr4, [TPT] = mac_read_clr4,
- [ICR] = mac_icr_read, [EECD] = get_eecd, [EERD] = flash_eerd_read,
- [CRCERRS ... MPC] = &mac_readreg,
- [RA ... RA+31] = &mac_readreg,
- [MTA ... MTA+127] = &mac_readreg,
- [VFTA ... VFTA+127] = &mac_readreg,
-};
-enum { NREADOPS = ARRAY_SIZE(macreg_readops) };
-
-#define putreg(x) [x] = mac_writereg
-static void (*macreg_writeops[])(E1000State *, int, uint32_t) = {
- putreg(PBA), putreg(EERD), putreg(SWSM), putreg(WUFC),
- putreg(TDBAL), putreg(TDBAH), putreg(TXDCTL), putreg(RDBAH),
- putreg(RDBAL), putreg(LEDCTL), putreg(VET),
- [TDLEN] = set_dlen, [RDLEN] = set_dlen, [TCTL] = set_tctl,
- [TDT] = set_tctl, [MDIC] = set_mdic, [ICS] = set_ics,
- [TDH] = set_16bit, [RDH] = set_16bit, [RDT] = set_rdt,
- [IMC] = set_imc, [IMS] = set_ims, [ICR] = set_icr,
- [EECD] = set_eecd, [RCTL] = set_rx_control, [CTRL] = set_ctrl,
- [RA ... RA+31] = &mac_writereg,
- [MTA ... MTA+127] = &mac_writereg,
- [VFTA ... VFTA+127] = &mac_writereg,
-};
-
-enum { NWRITEOPS = ARRAY_SIZE(macreg_writeops) };
-
-static void
-e1000_mmio_write(void *opaque, hwaddr addr, uint64_t val,
- unsigned size)
-{
- E1000State *s = opaque;
- unsigned int index = (addr & 0x1ffff) >> 2;
-
- if (index < NWRITEOPS && macreg_writeops[index]) {
- macreg_writeops[index](s, index, val);
- } else if (index < NREADOPS && macreg_readops[index]) {
- DBGOUT(MMIO, "e1000_mmio_writel RO %x: 0x%04"PRIx64"\n", index<<2, val);
- } else {
- DBGOUT(UNKNOWN, "MMIO unknown write addr=0x%08x,val=0x%08"PRIx64"\n",
- index<<2, val);
- }
-}
-
-static uint64_t
-e1000_mmio_read(void *opaque, hwaddr addr, unsigned size)
-{
- E1000State *s = opaque;
- unsigned int index = (addr & 0x1ffff) >> 2;
-
- if (index < NREADOPS && macreg_readops[index])
- {
- return macreg_readops[index](s, index);
- }
- DBGOUT(UNKNOWN, "MMIO unknown read addr=0x%08x\n", index<<2);
- return 0;
-}
-
-static const MemoryRegionOps e1000_mmio_ops = {
- .read = e1000_mmio_read,
- .write = e1000_mmio_write,
- .endianness = DEVICE_LITTLE_ENDIAN,
- .impl = {
- .min_access_size = 4,
- .max_access_size = 4,
- },
-};
-
-static uint64_t e1000_io_read(void *opaque, hwaddr addr,
- unsigned size)
-{
- E1000State *s = opaque;
-
- (void)s;
- return 0;
-}
-
-static void e1000_io_write(void *opaque, hwaddr addr,
- uint64_t val, unsigned size)
-{
- E1000State *s = opaque;
-
- (void)s;
-}
-
-static const MemoryRegionOps e1000_io_ops = {
- .read = e1000_io_read,
- .write = e1000_io_write,
- .endianness = DEVICE_LITTLE_ENDIAN,
-};
-
-static bool is_version_1(void *opaque, int version_id)
-{
- return version_id == 1;
-}
-
-static int e1000_post_load(void *opaque, int version_id)
-{
- E1000State *s = opaque;
-
- /* nc.link_down can't be migrated, so infer link_down according
- * to link status bit in mac_reg[STATUS] */
- s->nic->nc.link_down = (s->mac_reg[STATUS] & E1000_STATUS_LU) == 0;
-
- return 0;
-}
-
-static const VMStateDescription vmstate_e1000 = {
- .name = "e1000",
- .version_id = 2,
- .minimum_version_id = 1,
- .minimum_version_id_old = 1,
- .post_load = e1000_post_load,
- .fields = (VMStateField []) {
- VMSTATE_PCI_DEVICE(dev, E1000State),
- VMSTATE_UNUSED_TEST(is_version_1, 4), /* was instance id */
- VMSTATE_UNUSED(4), /* Was mmio_base. */
- VMSTATE_UINT32(rxbuf_size, E1000State),
- VMSTATE_UINT32(rxbuf_min_shift, E1000State),
- VMSTATE_UINT32(eecd_state.val_in, E1000State),
- VMSTATE_UINT16(eecd_state.bitnum_in, E1000State),
- VMSTATE_UINT16(eecd_state.bitnum_out, E1000State),
- VMSTATE_UINT16(eecd_state.reading, E1000State),
- VMSTATE_UINT32(eecd_state.old_eecd, E1000State),
- VMSTATE_UINT8(tx.ipcss, E1000State),
- VMSTATE_UINT8(tx.ipcso, E1000State),
- VMSTATE_UINT16(tx.ipcse, E1000State),
- VMSTATE_UINT8(tx.tucss, E1000State),
- VMSTATE_UINT8(tx.tucso, E1000State),
- VMSTATE_UINT16(tx.tucse, E1000State),
- VMSTATE_UINT32(tx.paylen, E1000State),
- VMSTATE_UINT8(tx.hdr_len, E1000State),
- VMSTATE_UINT16(tx.mss, E1000State),
- VMSTATE_UINT16(tx.size, E1000State),
- VMSTATE_UINT16(tx.tso_frames, E1000State),
- VMSTATE_UINT8(tx.sum_needed, E1000State),
- VMSTATE_INT8(tx.ip, E1000State),
- VMSTATE_INT8(tx.tcp, E1000State),
- VMSTATE_BUFFER(tx.header, E1000State),
- VMSTATE_BUFFER(tx.data, E1000State),
- VMSTATE_UINT16_ARRAY(eeprom_data, E1000State, 64),
- VMSTATE_UINT16_ARRAY(phy_reg, E1000State, 0x20),
- VMSTATE_UINT32(mac_reg[CTRL], E1000State),
- VMSTATE_UINT32(mac_reg[EECD], E1000State),
- VMSTATE_UINT32(mac_reg[EERD], E1000State),
- VMSTATE_UINT32(mac_reg[GPRC], E1000State),
- VMSTATE_UINT32(mac_reg[GPTC], E1000State),
- VMSTATE_UINT32(mac_reg[ICR], E1000State),
- VMSTATE_UINT32(mac_reg[ICS], E1000State),
- VMSTATE_UINT32(mac_reg[IMC], E1000State),
- VMSTATE_UINT32(mac_reg[IMS], E1000State),
- VMSTATE_UINT32(mac_reg[LEDCTL], E1000State),
- VMSTATE_UINT32(mac_reg[MANC], E1000State),
- VMSTATE_UINT32(mac_reg[MDIC], E1000State),
- VMSTATE_UINT32(mac_reg[MPC], E1000State),
- VMSTATE_UINT32(mac_reg[PBA], E1000State),
- VMSTATE_UINT32(mac_reg[RCTL], E1000State),
- VMSTATE_UINT32(mac_reg[RDBAH], E1000State),
- VMSTATE_UINT32(mac_reg[RDBAL], E1000State),
- VMSTATE_UINT32(mac_reg[RDH], E1000State),
- VMSTATE_UINT32(mac_reg[RDLEN], E1000State),
- VMSTATE_UINT32(mac_reg[RDT], E1000State),
- VMSTATE_UINT32(mac_reg[STATUS], E1000State),
- VMSTATE_UINT32(mac_reg[SWSM], E1000State),
- VMSTATE_UINT32(mac_reg[TCTL], E1000State),
- VMSTATE_UINT32(mac_reg[TDBAH], E1000State),
- VMSTATE_UINT32(mac_reg[TDBAL], E1000State),
- VMSTATE_UINT32(mac_reg[TDH], E1000State),
- VMSTATE_UINT32(mac_reg[TDLEN], E1000State),
- VMSTATE_UINT32(mac_reg[TDT], E1000State),
- VMSTATE_UINT32(mac_reg[TORH], E1000State),
- VMSTATE_UINT32(mac_reg[TORL], E1000State),
- VMSTATE_UINT32(mac_reg[TOTH], E1000State),
- VMSTATE_UINT32(mac_reg[TOTL], E1000State),
- VMSTATE_UINT32(mac_reg[TPR], E1000State),
- VMSTATE_UINT32(mac_reg[TPT], E1000State),
- VMSTATE_UINT32(mac_reg[TXDCTL], E1000State),
- VMSTATE_UINT32(mac_reg[WUFC], E1000State),
- VMSTATE_UINT32(mac_reg[VET], E1000State),
- VMSTATE_UINT32_SUB_ARRAY(mac_reg, E1000State, RA, 32),
- VMSTATE_UINT32_SUB_ARRAY(mac_reg, E1000State, MTA, 128),
- VMSTATE_UINT32_SUB_ARRAY(mac_reg, E1000State, VFTA, 128),
- VMSTATE_END_OF_LIST()
- }
-};
-
-static const uint16_t e1000_eeprom_template[64] = {
- 0x0000, 0x0000, 0x0000, 0x0000, 0xffff, 0x0000, 0x0000, 0x0000,
- 0x3000, 0x1000, 0x6403, E1000_DEVID, 0x8086, E1000_DEVID, 0x8086, 0x3040,
- 0x0008, 0x2000, 0x7e14, 0x0048, 0x1000, 0x00d8, 0x0000, 0x2700,
- 0x6cc9, 0x3150, 0x0722, 0x040b, 0x0984, 0x0000, 0xc000, 0x0706,
- 0x1008, 0x0000, 0x0f04, 0x7fff, 0x4d01, 0xffff, 0xffff, 0xffff,
- 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff,
- 0x0100, 0x4000, 0x121c, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff,
- 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0x0000,
-};
-
-/* PCI interface */
-
-static void
-e1000_mmio_setup(E1000State *d)
-{
- int i;
- const uint32_t excluded_regs[] = {
- E1000_MDIC, E1000_ICR, E1000_ICS, E1000_IMS,
- E1000_IMC, E1000_TCTL, E1000_TDT, PNPMMIO_SIZE
- };
-
- memory_region_init_io(&d->mmio, &e1000_mmio_ops, d, "e1000-mmio",
- PNPMMIO_SIZE);
- memory_region_add_coalescing(&d->mmio, 0, excluded_regs[0]);
- for (i = 0; excluded_regs[i] != PNPMMIO_SIZE; i++)
- memory_region_add_coalescing(&d->mmio, excluded_regs[i] + 4,
- excluded_regs[i+1] - excluded_regs[i] - 4);
- memory_region_init_io(&d->io, &e1000_io_ops, d, "e1000-io", IOPORT_SIZE);
-}
-
-static void
-e1000_cleanup(NetClientState *nc)
-{
- E1000State *s = DO_UPCAST(NICState, nc, nc)->opaque;
-
- s->nic = NULL;
-}
-
-static void
-pci_e1000_uninit(PCIDevice *dev)
-{
- E1000State *d = DO_UPCAST(E1000State, dev, dev);
-
- qemu_del_timer(d->autoneg_timer);
- qemu_free_timer(d->autoneg_timer);
- memory_region_destroy(&d->mmio);
- memory_region_destroy(&d->io);
- qemu_del_net_client(&d->nic->nc);
-}
-
-static NetClientInfo net_e1000_info = {
- .type = NET_CLIENT_OPTIONS_KIND_NIC,
- .size = sizeof(NICState),
- .can_receive = e1000_can_receive,
- .receive = e1000_receive,
- .cleanup = e1000_cleanup,
- .link_status_changed = e1000_set_link_status,
-};
-
-static int pci_e1000_init(PCIDevice *pci_dev)
-{
- E1000State *d = DO_UPCAST(E1000State, dev, pci_dev);
- uint8_t *pci_conf;
- uint16_t checksum = 0;
- int i;
- uint8_t *macaddr;
-
- pci_conf = d->dev.config;
-
- /* TODO: RST# value should be 0, PCI spec 6.2.4 */
- pci_conf[PCI_CACHE_LINE_SIZE] = 0x10;
-
- pci_conf[PCI_INTERRUPT_PIN] = 1; /* interrupt pin A */
-
- e1000_mmio_setup(d);
-
- pci_register_bar(&d->dev, 0, PCI_BASE_ADDRESS_SPACE_MEMORY, &d->mmio);
-
- pci_register_bar(&d->dev, 1, PCI_BASE_ADDRESS_SPACE_IO, &d->io);
-
- memmove(d->eeprom_data, e1000_eeprom_template,
- sizeof e1000_eeprom_template);
- qemu_macaddr_default_if_unset(&d->conf.macaddr);
- macaddr = d->conf.macaddr.a;
- for (i = 0; i < 3; i++)
- d->eeprom_data[i] = (macaddr[2*i+1]<<8) | macaddr[2*i];
- for (i = 0; i < EEPROM_CHECKSUM_REG; i++)
- checksum += d->eeprom_data[i];
- checksum = (uint16_t) EEPROM_SUM - checksum;
- d->eeprom_data[EEPROM_CHECKSUM_REG] = checksum;
-
- d->nic = qemu_new_nic(&net_e1000_info, &d->conf,
- object_get_typename(OBJECT(d)), d->dev.qdev.id, d);
-
- qemu_format_nic_info_str(&d->nic->nc, macaddr);
-
- add_boot_device_path(d->conf.bootindex, &pci_dev->qdev, "/ethernet-phy@0");
-
- d->autoneg_timer = qemu_new_timer_ms(vm_clock, e1000_autoneg_timer, d);
-
- return 0;
-}
-
-static void qdev_e1000_reset(DeviceState *dev)
-{
- E1000State *d = DO_UPCAST(E1000State, dev.qdev, dev);
- e1000_reset(d);
-}
-
-static Property e1000_properties[] = {
- DEFINE_NIC_PROPERTIES(E1000State, conf),
- DEFINE_PROP_END_OF_LIST(),
-};
-
-static void e1000_class_init(ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS(klass);
- PCIDeviceClass *k = PCI_DEVICE_CLASS(klass);
-
- k->init = pci_e1000_init;
- k->exit = pci_e1000_uninit;
- k->romfile = "pxe-e1000.rom";
- k->vendor_id = PCI_VENDOR_ID_INTEL;
- k->device_id = E1000_DEVID;
- k->revision = 0x03;
- k->class_id = PCI_CLASS_NETWORK_ETHERNET;
- dc->desc = "Intel Gigabit Ethernet";
- dc->reset = qdev_e1000_reset;
- dc->vmsd = &vmstate_e1000;
- dc->props = e1000_properties;
-}
-
-static TypeInfo e1000_info = {
- .name = "e1000",
- .parent = TYPE_PCI_DEVICE,
- .instance_size = sizeof(E1000State),
- .class_init = e1000_class_init,
-};
-
-static void e1000_register_types(void)
-{
- type_register_static(&e1000_info);
-}
-
-type_init(e1000_register_types)
diff --git a/hw/ecc.c b/hw/ecc.c
deleted file mode 100644
index 60d1f1d4f..000000000
--- a/hw/ecc.c
+++ /dev/null
@@ -1,91 +0,0 @@
-/*
- * Calculate Error-correcting Codes. Used by NAND Flash controllers
- * (not by NAND chips).
- *
- * Copyright (c) 2006 Openedhand Ltd.
- * Written by Andrzej Zaborowski <balrog@zabor.org>
- *
- * This code is licensed under the GNU GPL v2.
- *
- * Contributions after 2012-01-13 are licensed under the terms of the
- * GNU GPL, version 2 or (at your option) any later version.
- */
-
-#include "hw.h"
-#include "flash.h"
-
-/*
- * Pre-calculated 256-way 1 byte column parity. Table borrowed from Linux.
- */
-static const uint8_t nand_ecc_precalc_table[] = {
- 0x00, 0x55, 0x56, 0x03, 0x59, 0x0c, 0x0f, 0x5a,
- 0x5a, 0x0f, 0x0c, 0x59, 0x03, 0x56, 0x55, 0x00,
- 0x65, 0x30, 0x33, 0x66, 0x3c, 0x69, 0x6a, 0x3f,
- 0x3f, 0x6a, 0x69, 0x3c, 0x66, 0x33, 0x30, 0x65,
- 0x66, 0x33, 0x30, 0x65, 0x3f, 0x6a, 0x69, 0x3c,
- 0x3c, 0x69, 0x6a, 0x3f, 0x65, 0x30, 0x33, 0x66,
- 0x03, 0x56, 0x55, 0x00, 0x5a, 0x0f, 0x0c, 0x59,
- 0x59, 0x0c, 0x0f, 0x5a, 0x00, 0x55, 0x56, 0x03,
- 0x69, 0x3c, 0x3f, 0x6a, 0x30, 0x65, 0x66, 0x33,
- 0x33, 0x66, 0x65, 0x30, 0x6a, 0x3f, 0x3c, 0x69,
- 0x0c, 0x59, 0x5a, 0x0f, 0x55, 0x00, 0x03, 0x56,
- 0x56, 0x03, 0x00, 0x55, 0x0f, 0x5a, 0x59, 0x0c,
- 0x0f, 0x5a, 0x59, 0x0c, 0x56, 0x03, 0x00, 0x55,
- 0x55, 0x00, 0x03, 0x56, 0x0c, 0x59, 0x5a, 0x0f,
- 0x6a, 0x3f, 0x3c, 0x69, 0x33, 0x66, 0x65, 0x30,
- 0x30, 0x65, 0x66, 0x33, 0x69, 0x3c, 0x3f, 0x6a,
- 0x6a, 0x3f, 0x3c, 0x69, 0x33, 0x66, 0x65, 0x30,
- 0x30, 0x65, 0x66, 0x33, 0x69, 0x3c, 0x3f, 0x6a,
- 0x0f, 0x5a, 0x59, 0x0c, 0x56, 0x03, 0x00, 0x55,
- 0x55, 0x00, 0x03, 0x56, 0x0c, 0x59, 0x5a, 0x0f,
- 0x0c, 0x59, 0x5a, 0x0f, 0x55, 0x00, 0x03, 0x56,
- 0x56, 0x03, 0x00, 0x55, 0x0f, 0x5a, 0x59, 0x0c,
- 0x69, 0x3c, 0x3f, 0x6a, 0x30, 0x65, 0x66, 0x33,
- 0x33, 0x66, 0x65, 0x30, 0x6a, 0x3f, 0x3c, 0x69,
- 0x03, 0x56, 0x55, 0x00, 0x5a, 0x0f, 0x0c, 0x59,
- 0x59, 0x0c, 0x0f, 0x5a, 0x00, 0x55, 0x56, 0x03,
- 0x66, 0x33, 0x30, 0x65, 0x3f, 0x6a, 0x69, 0x3c,
- 0x3c, 0x69, 0x6a, 0x3f, 0x65, 0x30, 0x33, 0x66,
- 0x65, 0x30, 0x33, 0x66, 0x3c, 0x69, 0x6a, 0x3f,
- 0x3f, 0x6a, 0x69, 0x3c, 0x66, 0x33, 0x30, 0x65,
- 0x00, 0x55, 0x56, 0x03, 0x59, 0x0c, 0x0f, 0x5a,
- 0x5a, 0x0f, 0x0c, 0x59, 0x03, 0x56, 0x55, 0x00,
-};
-
-/* Update ECC parity count. */
-uint8_t ecc_digest(ECCState *s, uint8_t sample)
-{
- uint8_t idx = nand_ecc_precalc_table[sample];
-
- s->cp ^= idx & 0x3f;
- if (idx & 0x40) {
- s->lp[0] ^= ~s->count;
- s->lp[1] ^= s->count;
- }
- s->count ++;
-
- return sample;
-}
-
-/* Reinitialise the counters. */
-void ecc_reset(ECCState *s)
-{
- s->lp[0] = 0x0000;
- s->lp[1] = 0x0000;
- s->cp = 0x00;
- s->count = 0;
-}
-
-/* Save/restore */
-VMStateDescription vmstate_ecc_state = {
- .name = "ecc-state",
- .version_id = 0,
- .minimum_version_id = 0,
- .minimum_version_id_old = 0,
- .fields = (VMStateField []) {
- VMSTATE_UINT8(cp, ECCState),
- VMSTATE_UINT16_ARRAY(lp, ECCState, 2),
- VMSTATE_UINT16(count, ECCState),
- VMSTATE_END_OF_LIST(),
- },
-};
diff --git a/hw/eccmemctl.c b/hw/eccmemctl.c
deleted file mode 100644
index 000bd08de..000000000
--- a/hw/eccmemctl.c
+++ /dev/null
@@ -1,340 +0,0 @@
-/*
- * QEMU Sparc Sun4m ECC memory controller emulation
- *
- * Copyright (c) 2007 Robert Reif
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
- * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
- * THE SOFTWARE.
- */
-
-#include "sysbus.h"
-#include "trace.h"
-
-/* There are 3 versions of this chip used in SMP sun4m systems:
- * MCC (version 0, implementation 0) SS-600MP
- * EMC (version 0, implementation 1) SS-10
- * SMC (version 0, implementation 2) SS-10SX and SS-20
- *
- * Chipset docs:
- * "Sun-4M System Architecture (revision 2.0) by Chuck Narad", 950-1373-01,
- * http://mediacast.sun.com/users/Barton808/media/Sun4M_SystemArchitecture_edited2.pdf
- */
-
-#define ECC_MCC 0x00000000
-#define ECC_EMC 0x10000000
-#define ECC_SMC 0x20000000
-
-/* Register indexes */
-#define ECC_MER 0 /* Memory Enable Register */
-#define ECC_MDR 1 /* Memory Delay Register */
-#define ECC_MFSR 2 /* Memory Fault Status Register */
-#define ECC_VCR 3 /* Video Configuration Register */
-#define ECC_MFAR0 4 /* Memory Fault Address Register 0 */
-#define ECC_MFAR1 5 /* Memory Fault Address Register 1 */
-#define ECC_DR 6 /* Diagnostic Register */
-#define ECC_ECR0 7 /* Event Count Register 0 */
-#define ECC_ECR1 8 /* Event Count Register 1 */
-
-/* ECC fault control register */
-#define ECC_MER_EE 0x00000001 /* Enable ECC checking */
-#define ECC_MER_EI 0x00000002 /* Enable Interrupts on
- correctable errors */
-#define ECC_MER_MRR0 0x00000004 /* SIMM 0 */
-#define ECC_MER_MRR1 0x00000008 /* SIMM 1 */
-#define ECC_MER_MRR2 0x00000010 /* SIMM 2 */
-#define ECC_MER_MRR3 0x00000020 /* SIMM 3 */
-#define ECC_MER_MRR4 0x00000040 /* SIMM 4 */
-#define ECC_MER_MRR5 0x00000080 /* SIMM 5 */
-#define ECC_MER_MRR6 0x00000100 /* SIMM 6 */
-#define ECC_MER_MRR7 0x00000200 /* SIMM 7 */
-#define ECC_MER_REU 0x00000100 /* Memory Refresh Enable (600MP) */
-#define ECC_MER_MRR 0x000003fc /* MRR mask */
-#define ECC_MER_A 0x00000400 /* Memory controller addr map select */
-#define ECC_MER_DCI 0x00000800 /* Disables Coherent Invalidate ACK */
-#define ECC_MER_VER 0x0f000000 /* Version */
-#define ECC_MER_IMPL 0xf0000000 /* Implementation */
-#define ECC_MER_MASK_0 0x00000103 /* Version 0 (MCC) mask */
-#define ECC_MER_MASK_1 0x00000bff /* Version 1 (EMC) mask */
-#define ECC_MER_MASK_2 0x00000bff /* Version 2 (SMC) mask */
-
-/* ECC memory delay register */
-#define ECC_MDR_RRI 0x000003ff /* Refresh Request Interval */
-#define ECC_MDR_MI 0x00001c00 /* MIH Delay */
-#define ECC_MDR_CI 0x0000e000 /* Coherent Invalidate Delay */
-#define ECC_MDR_MDL 0x001f0000 /* MBus Master arbitration delay */
-#define ECC_MDR_MDH 0x03e00000 /* MBus Master arbitration delay */
-#define ECC_MDR_GAD 0x7c000000 /* Graphics Arbitration Delay */
-#define ECC_MDR_RSC 0x80000000 /* Refresh load control */
-#define ECC_MDR_MASK 0x7fffffff
-
-/* ECC fault status register */
-#define ECC_MFSR_CE 0x00000001 /* Correctable error */
-#define ECC_MFSR_BS 0x00000002 /* C2 graphics bad slot access */
-#define ECC_MFSR_TO 0x00000004 /* Timeout on write */
-#define ECC_MFSR_UE 0x00000008 /* Uncorrectable error */
-#define ECC_MFSR_DW 0x000000f0 /* Index of double word in block */
-#define ECC_MFSR_SYND 0x0000ff00 /* Syndrome for correctable error */
-#define ECC_MFSR_ME 0x00010000 /* Multiple errors */
-#define ECC_MFSR_C2ERR 0x00020000 /* C2 graphics error */
-
-/* ECC fault address register 0 */
-#define ECC_MFAR0_PADDR 0x0000000f /* PA[32-35] */
-#define ECC_MFAR0_TYPE 0x000000f0 /* Transaction type */
-#define ECC_MFAR0_SIZE 0x00000700 /* Transaction size */
-#define ECC_MFAR0_CACHE 0x00000800 /* Mapped cacheable */
-#define ECC_MFAR0_LOCK 0x00001000 /* Error occurred in atomic cycle */
-#define ECC_MFAR0_BMODE 0x00002000 /* Boot mode */
-#define ECC_MFAR0_VADDR 0x003fc000 /* VA[12-19] (superset bits) */
-#define ECC_MFAR0_S 0x08000000 /* Supervisor mode */
-#define ECC_MFARO_MID 0xf0000000 /* Module ID */
-
-/* ECC diagnostic register */
-#define ECC_DR_CBX 0x00000001
-#define ECC_DR_CB0 0x00000002
-#define ECC_DR_CB1 0x00000004
-#define ECC_DR_CB2 0x00000008
-#define ECC_DR_CB4 0x00000010
-#define ECC_DR_CB8 0x00000020
-#define ECC_DR_CB16 0x00000040
-#define ECC_DR_CB32 0x00000080
-#define ECC_DR_DMODE 0x00000c00
-
-#define ECC_NREGS 9
-#define ECC_SIZE (ECC_NREGS * sizeof(uint32_t))
-
-#define ECC_DIAG_SIZE 4
-#define ECC_DIAG_MASK (ECC_DIAG_SIZE - 1)
-
-typedef struct ECCState {
- SysBusDevice busdev;
- MemoryRegion iomem, iomem_diag;
- qemu_irq irq;
- uint32_t regs[ECC_NREGS];
- uint8_t diag[ECC_DIAG_SIZE];
- uint32_t version;
-} ECCState;
-
-static void ecc_mem_write(void *opaque, hwaddr addr, uint64_t val,
- unsigned size)
-{
- ECCState *s = opaque;
-
- switch (addr >> 2) {
- case ECC_MER:
- if (s->version == ECC_MCC)
- s->regs[ECC_MER] = (val & ECC_MER_MASK_0);
- else if (s->version == ECC_EMC)
- s->regs[ECC_MER] = s->version | (val & ECC_MER_MASK_1);
- else if (s->version == ECC_SMC)
- s->regs[ECC_MER] = s->version | (val & ECC_MER_MASK_2);
- trace_ecc_mem_writel_mer(val);
- break;
- case ECC_MDR:
- s->regs[ECC_MDR] = val & ECC_MDR_MASK;
- trace_ecc_mem_writel_mdr(val);
- break;
- case ECC_MFSR:
- s->regs[ECC_MFSR] = val;
- qemu_irq_lower(s->irq);
- trace_ecc_mem_writel_mfsr(val);
- break;
- case ECC_VCR:
- s->regs[ECC_VCR] = val;
- trace_ecc_mem_writel_vcr(val);
- break;
- case ECC_DR:
- s->regs[ECC_DR] = val;
- trace_ecc_mem_writel_dr(val);
- break;
- case ECC_ECR0:
- s->regs[ECC_ECR0] = val;
- trace_ecc_mem_writel_ecr0(val);
- break;
- case ECC_ECR1:
- s->regs[ECC_ECR0] = val;
- trace_ecc_mem_writel_ecr1(val);
- break;
- }
-}
-
-static uint64_t ecc_mem_read(void *opaque, hwaddr addr,
- unsigned size)
-{
- ECCState *s = opaque;
- uint32_t ret = 0;
-
- switch (addr >> 2) {
- case ECC_MER:
- ret = s->regs[ECC_MER];
- trace_ecc_mem_readl_mer(ret);
- break;
- case ECC_MDR:
- ret = s->regs[ECC_MDR];
- trace_ecc_mem_readl_mdr(ret);
- break;
- case ECC_MFSR:
- ret = s->regs[ECC_MFSR];
- trace_ecc_mem_readl_mfsr(ret);
- break;
- case ECC_VCR:
- ret = s->regs[ECC_VCR];
- trace_ecc_mem_readl_vcr(ret);
- break;
- case ECC_MFAR0:
- ret = s->regs[ECC_MFAR0];
- trace_ecc_mem_readl_mfar0(ret);
- break;
- case ECC_MFAR1:
- ret = s->regs[ECC_MFAR1];
- trace_ecc_mem_readl_mfar1(ret);
- break;
- case ECC_DR:
- ret = s->regs[ECC_DR];
- trace_ecc_mem_readl_dr(ret);
- break;
- case ECC_ECR0:
- ret = s->regs[ECC_ECR0];
- trace_ecc_mem_readl_ecr0(ret);
- break;
- case ECC_ECR1:
- ret = s->regs[ECC_ECR0];
- trace_ecc_mem_readl_ecr1(ret);
- break;
- }
- return ret;
-}
-
-static const MemoryRegionOps ecc_mem_ops = {
- .read = ecc_mem_read,
- .write = ecc_mem_write,
- .endianness = DEVICE_NATIVE_ENDIAN,
- .valid = {
- .min_access_size = 4,
- .max_access_size = 4,
- },
-};
-
-static void ecc_diag_mem_write(void *opaque, hwaddr addr,
- uint64_t val, unsigned size)
-{
- ECCState *s = opaque;
-
- trace_ecc_diag_mem_writeb(addr, val);
- s->diag[addr & ECC_DIAG_MASK] = val;
-}
-
-static uint64_t ecc_diag_mem_read(void *opaque, hwaddr addr,
- unsigned size)
-{
- ECCState *s = opaque;
- uint32_t ret = s->diag[(int)addr];
-
- trace_ecc_diag_mem_readb(addr, ret);
- return ret;
-}
-
-static const MemoryRegionOps ecc_diag_mem_ops = {
- .read = ecc_diag_mem_read,
- .write = ecc_diag_mem_write,
- .endianness = DEVICE_NATIVE_ENDIAN,
- .valid = {
- .min_access_size = 1,
- .max_access_size = 1,
- },
-};
-
-static const VMStateDescription vmstate_ecc = {
- .name ="ECC",
- .version_id = 3,
- .minimum_version_id = 3,
- .minimum_version_id_old = 3,
- .fields = (VMStateField []) {
- VMSTATE_UINT32_ARRAY(regs, ECCState, ECC_NREGS),
- VMSTATE_BUFFER(diag, ECCState),
- VMSTATE_UINT32(version, ECCState),
- VMSTATE_END_OF_LIST()
- }
-};
-
-static void ecc_reset(DeviceState *d)
-{
- ECCState *s = container_of(d, ECCState, busdev.qdev);
-
- if (s->version == ECC_MCC)
- s->regs[ECC_MER] &= ECC_MER_REU;
- else
- s->regs[ECC_MER] &= (ECC_MER_VER | ECC_MER_IMPL | ECC_MER_MRR |
- ECC_MER_DCI);
- s->regs[ECC_MDR] = 0x20;
- s->regs[ECC_MFSR] = 0;
- s->regs[ECC_VCR] = 0;
- s->regs[ECC_MFAR0] = 0x07c00000;
- s->regs[ECC_MFAR1] = 0;
- s->regs[ECC_DR] = 0;
- s->regs[ECC_ECR0] = 0;
- s->regs[ECC_ECR1] = 0;
-}
-
-static int ecc_init1(SysBusDevice *dev)
-{
- ECCState *s = FROM_SYSBUS(ECCState, dev);
-
- sysbus_init_irq(dev, &s->irq);
- s->regs[0] = s->version;
- memory_region_init_io(&s->iomem, &ecc_mem_ops, s, "ecc", ECC_SIZE);
- sysbus_init_mmio(dev, &s->iomem);
-
- if (s->version == ECC_MCC) { // SS-600MP only
- memory_region_init_io(&s->iomem_diag, &ecc_diag_mem_ops, s,
- "ecc.diag", ECC_DIAG_SIZE);
- sysbus_init_mmio(dev, &s->iomem_diag);
- }
-
- return 0;
-}
-
-static Property ecc_properties[] = {
- DEFINE_PROP_HEX32("version", ECCState, version, -1),
- DEFINE_PROP_END_OF_LIST(),
-};
-
-static void ecc_class_init(ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS(klass);
- SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
-
- k->init = ecc_init1;
- dc->reset = ecc_reset;
- dc->vmsd = &vmstate_ecc;
- dc->props = ecc_properties;
-}
-
-static TypeInfo ecc_info = {
- .name = "eccmemctl",
- .parent = TYPE_SYS_BUS_DEVICE,
- .instance_size = sizeof(ECCState),
- .class_init = ecc_class_init,
-};
-
-
-static void ecc_register_types(void)
-{
- type_register_static(&ecc_info);
-}
-
-type_init(ecc_register_types)
diff --git a/hw/eepro100.c b/hw/eepro100.c
deleted file mode 100644
index a189474d3..000000000
--- a/hw/eepro100.c
+++ /dev/null
@@ -1,2115 +0,0 @@
-/*
- * QEMU i8255x (PRO100) emulation
- *
- * Copyright (C) 2006-2011 Stefan Weil
- *
- * Portions of the code are copies from grub / etherboot eepro100.c
- * and linux e100.c.
- *
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation, either version 2 of the License, or
- * (at your option) version 3 or any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program. If not, see <http://www.gnu.org/licenses/>.
- *
- * Tested features (i82559):
- * PXE boot (i386 guest, i386 / mips / mipsel / ppc host) ok
- * Linux networking (i386) ok
- *
- * Untested:
- * Windows networking
- *
- * References:
- *
- * Intel 8255x 10/100 Mbps Ethernet Controller Family
- * Open Source Software Developer Manual
- *
- * TODO:
- * * PHY emulation should be separated from nic emulation.
- * Most nic emulations could share the same phy code.
- * * i82550 is untested. It is programmed like the i82559.
- * * i82562 is untested. It is programmed like the i82559.
- * * Power management (i82558 and later) is not implemented.
- * * Wake-on-LAN is not implemented.
- */
-
-#include <stddef.h> /* offsetof */
-#include "hw.h"
-#include "pci.h"
-#include "net.h"
-#include "eeprom93xx.h"
-#include "sysemu.h"
-#include "dma.h"
-
-/* QEMU sends frames smaller than 60 bytes to ethernet nics.
- * Such frames are rejected by real nics and their emulations.
- * To avoid this behaviour, other nic emulations pad received
- * frames. The following definition enables this padding for
- * eepro100, too. We keep the define around in case it might
- * become useful the future if the core networking is ever
- * changed to pad short packets itself. */
-#define CONFIG_PAD_RECEIVED_FRAMES
-
-#define KiB 1024
-
-/* Debug EEPRO100 card. */
-#if 0
-# define DEBUG_EEPRO100
-#endif
-
-#ifdef DEBUG_EEPRO100
-#define logout(fmt, ...) fprintf(stderr, "EE100\t%-24s" fmt, __func__, ## __VA_ARGS__)
-#else
-#define logout(fmt, ...) ((void)0)
-#endif
-
-/* Set flags to 0 to disable debug output. */
-#define INT 1 /* interrupt related actions */
-#define MDI 1 /* mdi related actions */
-#define OTHER 1
-#define RXTX 1
-#define EEPROM 1 /* eeprom related actions */
-
-#define TRACE(flag, command) ((flag) ? (command) : (void)0)
-
-#define missing(text) fprintf(stderr, "eepro100: feature is missing in this emulation: " text "\n")
-
-#define MAX_ETH_FRAME_SIZE 1514
-
-/* This driver supports several different devices which are declared here. */
-#define i82550 0x82550
-#define i82551 0x82551
-#define i82557A 0x82557a
-#define i82557B 0x82557b
-#define i82557C 0x82557c
-#define i82558A 0x82558a
-#define i82558B 0x82558b
-#define i82559A 0x82559a
-#define i82559B 0x82559b
-#define i82559C 0x82559c
-#define i82559ER 0x82559e
-#define i82562 0x82562
-#define i82801 0x82801
-
-/* Use 64 word EEPROM. TODO: could be a runtime option. */
-#define EEPROM_SIZE 64
-
-#define PCI_MEM_SIZE (4 * KiB)
-#define PCI_IO_SIZE 64
-#define PCI_FLASH_SIZE (128 * KiB)
-
-#define BIT(n) (1 << (n))
-#define BITS(n, m) (((0xffffffffU << (31 - n)) >> (31 - n + m)) << m)
-
-/* The SCB accepts the following controls for the Tx and Rx units: */
-#define CU_NOP 0x0000 /* No operation. */
-#define CU_START 0x0010 /* CU start. */
-#define CU_RESUME 0x0020 /* CU resume. */
-#define CU_STATSADDR 0x0040 /* Load dump counters address. */
-#define CU_SHOWSTATS 0x0050 /* Dump statistical counters. */
-#define CU_CMD_BASE 0x0060 /* Load CU base address. */
-#define CU_DUMPSTATS 0x0070 /* Dump and reset statistical counters. */
-#define CU_SRESUME 0x00a0 /* CU static resume. */
-
-#define RU_NOP 0x0000
-#define RX_START 0x0001
-#define RX_RESUME 0x0002
-#define RU_ABORT 0x0004
-#define RX_ADDR_LOAD 0x0006
-#define RX_RESUMENR 0x0007
-#define INT_MASK 0x0100
-#define DRVR_INT 0x0200 /* Driver generated interrupt. */
-
-typedef struct {
- const char *name;
- const char *desc;
- uint16_t device_id;
- uint8_t revision;
- uint16_t subsystem_vendor_id;
- uint16_t subsystem_id;
-
- uint32_t device;
- uint8_t stats_size;
- bool has_extended_tcb_support;
- bool power_management;
-} E100PCIDeviceInfo;
-
-/* Offsets to the various registers.
- All accesses need not be longword aligned. */
-typedef enum {
- SCBStatus = 0, /* Status Word. */
- SCBAck = 1,
- SCBCmd = 2, /* Rx/Command Unit command and status. */
- SCBIntmask = 3,
- SCBPointer = 4, /* General purpose pointer. */
- SCBPort = 8, /* Misc. commands and operands. */
- SCBflash = 12, /* Flash memory control. */
- SCBeeprom = 14, /* EEPROM control. */
- SCBCtrlMDI = 16, /* MDI interface control. */
- SCBEarlyRx = 20, /* Early receive byte count. */
- SCBFlow = 24, /* Flow Control. */
- SCBpmdr = 27, /* Power Management Driver. */
- SCBgctrl = 28, /* General Control. */
- SCBgstat = 29, /* General Status. */
-} E100RegisterOffset;
-
-/* A speedo3 transmit buffer descriptor with two buffers... */
-typedef struct {
- uint16_t status;
- uint16_t command;
- uint32_t link; /* void * */
- uint32_t tbd_array_addr; /* transmit buffer descriptor array address. */
- uint16_t tcb_bytes; /* transmit command block byte count (in lower 14 bits */
- uint8_t tx_threshold; /* transmit threshold */
- uint8_t tbd_count; /* TBD number */
-#if 0
- /* This constitutes two "TBD" entries: hdr and data */
- uint32_t tx_buf_addr0; /* void *, header of frame to be transmitted. */
- int32_t tx_buf_size0; /* Length of Tx hdr. */
- uint32_t tx_buf_addr1; /* void *, data to be transmitted. */
- int32_t tx_buf_size1; /* Length of Tx data. */
-#endif
-} eepro100_tx_t;
-
-/* Receive frame descriptor. */
-typedef struct {
- int16_t status;
- uint16_t command;
- uint32_t link; /* struct RxFD * */
- uint32_t rx_buf_addr; /* void * */
- uint16_t count;
- uint16_t size;
- /* Ethernet frame data follows. */
-} eepro100_rx_t;
-
-typedef enum {
- COMMAND_EL = BIT(15),
- COMMAND_S = BIT(14),
- COMMAND_I = BIT(13),
- COMMAND_NC = BIT(4),
- COMMAND_SF = BIT(3),
- COMMAND_CMD = BITS(2, 0),
-} scb_command_bit;
-
-typedef enum {
- STATUS_C = BIT(15),
- STATUS_OK = BIT(13),
-} scb_status_bit;
-
-typedef struct {
- uint32_t tx_good_frames, tx_max_collisions, tx_late_collisions,
- tx_underruns, tx_lost_crs, tx_deferred, tx_single_collisions,
- tx_multiple_collisions, tx_total_collisions;
- uint32_t rx_good_frames, rx_crc_errors, rx_alignment_errors,
- rx_resource_errors, rx_overrun_errors, rx_cdt_errors,
- rx_short_frame_errors;
- uint32_t fc_xmt_pause, fc_rcv_pause, fc_rcv_unsupported;
- uint16_t xmt_tco_frames, rcv_tco_frames;
- /* TODO: i82559 has six reserved statistics but a total of 24 dwords. */
- uint32_t reserved[4];
-} eepro100_stats_t;
-
-typedef enum {
- cu_idle = 0,
- cu_suspended = 1,
- cu_active = 2,
- cu_lpq_active = 2,
- cu_hqp_active = 3
-} cu_state_t;
-
-typedef enum {
- ru_idle = 0,
- ru_suspended = 1,
- ru_no_resources = 2,
- ru_ready = 4
-} ru_state_t;
-
-typedef struct {
- PCIDevice dev;
- /* Hash register (multicast mask array, multiple individual addresses). */
- uint8_t mult[8];
- MemoryRegion mmio_bar;
- MemoryRegion io_bar;
- MemoryRegion flash_bar;
- NICState *nic;
- NICConf conf;
- uint8_t scb_stat; /* SCB stat/ack byte */
- uint8_t int_stat; /* PCI interrupt status */
- /* region must not be saved by nic_save. */
- uint16_t mdimem[32];
- eeprom_t *eeprom;
- uint32_t device; /* device variant */
- /* (cu_base + cu_offset) address the next command block in the command block list. */
- uint32_t cu_base; /* CU base address */
- uint32_t cu_offset; /* CU address offset */
- /* (ru_base + ru_offset) address the RFD in the Receive Frame Area. */
- uint32_t ru_base; /* RU base address */
- uint32_t ru_offset; /* RU address offset */
- uint32_t statsaddr; /* pointer to eepro100_stats_t */
-
- /* Temporary status information (no need to save these values),
- * used while processing CU commands. */
- eepro100_tx_t tx; /* transmit buffer descriptor */
- uint32_t cb_address; /* = cu_base + cu_offset */
-
- /* Statistical counters. Also used for wake-up packet (i82559). */
- eepro100_stats_t statistics;
-
- /* Data in mem is always in the byte order of the controller (le).
- * It must be dword aligned to allow direct access to 32 bit values. */
- uint8_t mem[PCI_MEM_SIZE] __attribute__((aligned(8)));
-
- /* Configuration bytes. */
- uint8_t configuration[22];
-
- /* vmstate for each particular nic */
- VMStateDescription *vmstate;
-
- /* Quasi static device properties (no need to save them). */
- uint16_t stats_size;
- bool has_extended_tcb_support;
-} EEPRO100State;
-
-/* Word indices in EEPROM. */
-typedef enum {
- EEPROM_CNFG_MDIX = 0x03,
- EEPROM_ID = 0x05,
- EEPROM_PHY_ID = 0x06,
- EEPROM_VENDOR_ID = 0x0c,
- EEPROM_CONFIG_ASF = 0x0d,
- EEPROM_DEVICE_ID = 0x23,
- EEPROM_SMBUS_ADDR = 0x90,
-} EEPROMOffset;
-
-/* Bit values for EEPROM ID word. */
-typedef enum {
- EEPROM_ID_MDM = BIT(0), /* Modem */
- EEPROM_ID_STB = BIT(1), /* Standby Enable */
- EEPROM_ID_WMR = BIT(2), /* ??? */
- EEPROM_ID_WOL = BIT(5), /* Wake on LAN */
- EEPROM_ID_DPD = BIT(6), /* Deep Power Down */
- EEPROM_ID_ALT = BIT(7), /* */
- /* BITS(10, 8) device revision */
- EEPROM_ID_BD = BIT(11), /* boot disable */
- EEPROM_ID_ID = BIT(13), /* id bit */
- /* BITS(15, 14) signature */
- EEPROM_ID_VALID = BIT(14), /* signature for valid eeprom */
-} eeprom_id_bit;
-
-/* Default values for MDI (PHY) registers */
-static const uint16_t eepro100_mdi_default[] = {
- /* MDI Registers 0 - 6, 7 */
- 0x3000, 0x780d, 0x02a8, 0x0154, 0x05e1, 0x0000, 0x0000, 0x0000,
- /* MDI Registers 8 - 15 */
- 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000,
- /* MDI Registers 16 - 31 */
- 0x0003, 0x0000, 0x0001, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000,
- 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000,
-};
-
-/* Readonly mask for MDI (PHY) registers */
-static const uint16_t eepro100_mdi_mask[] = {
- 0x0000, 0xffff, 0xffff, 0xffff, 0xc01f, 0xffff, 0xffff, 0x0000,
- 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000,
- 0x0fff, 0x0000, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff,
- 0xffff, 0xffff, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000,
-};
-
-#define POLYNOMIAL 0x04c11db6
-
-static E100PCIDeviceInfo *eepro100_get_class(EEPRO100State *s);
-
-/* From FreeBSD (locally modified). */
-static unsigned e100_compute_mcast_idx(const uint8_t *ep)
-{
- uint32_t crc;
- int carry, i, j;
- uint8_t b;
-
- crc = 0xffffffff;
- for (i = 0; i < 6; i++) {
- b = *ep++;
- for (j = 0; j < 8; j++) {
- carry = ((crc & 0x80000000L) ? 1 : 0) ^ (b & 0x01);
- crc <<= 1;
- b >>= 1;
- if (carry) {
- crc = ((crc ^ POLYNOMIAL) | carry);
- }
- }
- }
- return (crc & BITS(7, 2)) >> 2;
-}
-
-/* Read a 16 bit control/status (CSR) register. */
-static uint16_t e100_read_reg2(EEPRO100State *s, E100RegisterOffset addr)
-{
- assert(!((uintptr_t)&s->mem[addr] & 1));
- return le16_to_cpup((uint16_t *)&s->mem[addr]);
-}
-
-/* Read a 32 bit control/status (CSR) register. */
-static uint32_t e100_read_reg4(EEPRO100State *s, E100RegisterOffset addr)
-{
- assert(!((uintptr_t)&s->mem[addr] & 3));
- return le32_to_cpup((uint32_t *)&s->mem[addr]);
-}
-
-/* Write a 16 bit control/status (CSR) register. */
-static void e100_write_reg2(EEPRO100State *s, E100RegisterOffset addr,
- uint16_t val)
-{
- assert(!((uintptr_t)&s->mem[addr] & 1));
- cpu_to_le16w((uint16_t *)&s->mem[addr], val);
-}
-
-/* Read a 32 bit control/status (CSR) register. */
-static void e100_write_reg4(EEPRO100State *s, E100RegisterOffset addr,
- uint32_t val)
-{
- assert(!((uintptr_t)&s->mem[addr] & 3));
- cpu_to_le32w((uint32_t *)&s->mem[addr], val);
-}
-
-#if defined(DEBUG_EEPRO100)
-static const char *nic_dump(const uint8_t * buf, unsigned size)
-{
- static char dump[3 * 16 + 1];
- char *p = &dump[0];
- if (size > 16) {
- size = 16;
- }
- while (size-- > 0) {
- p += sprintf(p, " %02x", *buf++);
- }
- return dump;
-}
-#endif /* DEBUG_EEPRO100 */
-
-enum scb_stat_ack {
- stat_ack_not_ours = 0x00,
- stat_ack_sw_gen = 0x04,
- stat_ack_rnr = 0x10,
- stat_ack_cu_idle = 0x20,
- stat_ack_frame_rx = 0x40,
- stat_ack_cu_cmd_done = 0x80,
- stat_ack_not_present = 0xFF,
- stat_ack_rx = (stat_ack_sw_gen | stat_ack_rnr | stat_ack_frame_rx),
- stat_ack_tx = (stat_ack_cu_idle | stat_ack_cu_cmd_done),
-};
-
-static void disable_interrupt(EEPRO100State * s)
-{
- if (s->int_stat) {
- TRACE(INT, logout("interrupt disabled\n"));
- qemu_irq_lower(s->dev.irq[0]);
- s->int_stat = 0;
- }
-}
-
-static void enable_interrupt(EEPRO100State * s)
-{
- if (!s->int_stat) {
- TRACE(INT, logout("interrupt enabled\n"));
- qemu_irq_raise(s->dev.irq[0]);
- s->int_stat = 1;
- }
-}
-
-static void eepro100_acknowledge(EEPRO100State * s)
-{
- s->scb_stat &= ~s->mem[SCBAck];
- s->mem[SCBAck] = s->scb_stat;
- if (s->scb_stat == 0) {
- disable_interrupt(s);
- }
-}
-
-static void eepro100_interrupt(EEPRO100State * s, uint8_t status)
-{
- uint8_t mask = ~s->mem[SCBIntmask];
- s->mem[SCBAck] |= status;
- status = s->scb_stat = s->mem[SCBAck];
- status &= (mask | 0x0f);
-#if 0
- status &= (~s->mem[SCBIntmask] | 0x0xf);
-#endif
- if (status && (mask & 0x01)) {
- /* SCB mask and SCB Bit M do not disable interrupt. */
- enable_interrupt(s);
- } else if (s->int_stat) {
- disable_interrupt(s);
- }
-}
-
-static void eepro100_cx_interrupt(EEPRO100State * s)
-{
- /* CU completed action command. */
- /* Transmit not ok (82557 only, not in emulation). */
- eepro100_interrupt(s, 0x80);
-}
-
-static void eepro100_cna_interrupt(EEPRO100State * s)
-{
- /* CU left the active state. */
- eepro100_interrupt(s, 0x20);
-}
-
-static void eepro100_fr_interrupt(EEPRO100State * s)
-{
- /* RU received a complete frame. */
- eepro100_interrupt(s, 0x40);
-}
-
-static void eepro100_rnr_interrupt(EEPRO100State * s)
-{
- /* RU is not ready. */
- eepro100_interrupt(s, 0x10);
-}
-
-static void eepro100_mdi_interrupt(EEPRO100State * s)
-{
- /* MDI completed read or write cycle. */
- eepro100_interrupt(s, 0x08);
-}
-
-static void eepro100_swi_interrupt(EEPRO100State * s)
-{
- /* Software has requested an interrupt. */
- eepro100_interrupt(s, 0x04);
-}
-
-#if 0
-static void eepro100_fcp_interrupt(EEPRO100State * s)
-{
- /* Flow control pause interrupt (82558 and later). */
- eepro100_interrupt(s, 0x01);
-}
-#endif
-
-static void e100_pci_reset(EEPRO100State * s)
-{
- E100PCIDeviceInfo *info = eepro100_get_class(s);
- uint32_t device = s->device;
- uint8_t *pci_conf = s->dev.config;
-
- TRACE(OTHER, logout("%p\n", s));
-
- /* PCI Status */
- pci_set_word(pci_conf + PCI_STATUS, PCI_STATUS_DEVSEL_MEDIUM |
- PCI_STATUS_FAST_BACK);
- /* PCI Latency Timer */
- pci_set_byte(pci_conf + PCI_LATENCY_TIMER, 0x20); /* latency timer = 32 clocks */
- /* Capability Pointer is set by PCI framework. */
- /* Interrupt Line */
- /* Interrupt Pin */
- pci_set_byte(pci_conf + PCI_INTERRUPT_PIN, 1); /* interrupt pin A */
- /* Minimum Grant */
- pci_set_byte(pci_conf + PCI_MIN_GNT, 0x08);
- /* Maximum Latency */
- pci_set_byte(pci_conf + PCI_MAX_LAT, 0x18);
-
- s->stats_size = info->stats_size;
- s->has_extended_tcb_support = info->has_extended_tcb_support;
-
- switch (device) {
- case i82550:
- case i82551:
- case i82557A:
- case i82557B:
- case i82557C:
- case i82558A:
- case i82558B:
- case i82559A:
- case i82559B:
- case i82559ER:
- case i82562:
- case i82801:
- case i82559C:
- break;
- default:
- logout("Device %X is undefined!\n", device);
- }
-
- /* Standard TxCB. */
- s->configuration[6] |= BIT(4);
-
- /* Standard statistical counters. */
- s->configuration[6] |= BIT(5);
-
- if (s->stats_size == 80) {
- /* TODO: check TCO Statistical Counters bit. Documentation not clear. */
- if (s->configuration[6] & BIT(2)) {
- /* TCO statistical counters. */
- assert(s->configuration[6] & BIT(5));
- } else {
- if (s->configuration[6] & BIT(5)) {
- /* No extended statistical counters, i82557 compatible. */
- s->stats_size = 64;
- } else {
- /* i82558 compatible. */
- s->stats_size = 76;
- }
- }
- } else {
- if (s->configuration[6] & BIT(5)) {
- /* No extended statistical counters. */
- s->stats_size = 64;
- }
- }
- assert(s->stats_size > 0 && s->stats_size <= sizeof(s->statistics));
-
- if (info->power_management) {
- /* Power Management Capabilities */
- int cfg_offset = 0xdc;
- int r = pci_add_capability(&s->dev, PCI_CAP_ID_PM,
- cfg_offset, PCI_PM_SIZEOF);
- assert(r >= 0);
- pci_set_word(pci_conf + cfg_offset + PCI_PM_PMC, 0x7e21);
-#if 0 /* TODO: replace dummy code for power management emulation. */
- /* TODO: Power Management Control / Status. */
- pci_set_word(pci_conf + cfg_offset + PCI_PM_CTRL, 0x0000);
- /* TODO: Ethernet Power Consumption Registers (i82559 and later). */
- pci_set_byte(pci_conf + cfg_offset + PCI_PM_PPB_EXTENSIONS, 0x0000);
-#endif
- }
-
-#if EEPROM_SIZE > 0
- if (device == i82557C || device == i82558B || device == i82559C) {
- /*
- TODO: get vendor id from EEPROM for i82557C or later.
- TODO: get device id from EEPROM for i82557C or later.
- TODO: status bit 4 can be disabled by EEPROM for i82558, i82559.
- TODO: header type is determined by EEPROM for i82559.
- TODO: get subsystem id from EEPROM for i82557C or later.
- TODO: get subsystem vendor id from EEPROM for i82557C or later.
- TODO: exp. rom baddr depends on a bit in EEPROM for i82558 or later.
- TODO: capability pointer depends on EEPROM for i82558.
- */
- logout("Get device id and revision from EEPROM!!!\n");
- }
-#endif /* EEPROM_SIZE > 0 */
-}
-
-static void nic_selective_reset(EEPRO100State * s)
-{
- size_t i;
- uint16_t *eeprom_contents = eeprom93xx_data(s->eeprom);
-#if 0
- eeprom93xx_reset(s->eeprom);
-#endif
- memcpy(eeprom_contents, s->conf.macaddr.a, 6);
- eeprom_contents[EEPROM_ID] = EEPROM_ID_VALID;
- if (s->device == i82557B || s->device == i82557C)
- eeprom_contents[5] = 0x0100;
- eeprom_contents[EEPROM_PHY_ID] = 1;
- uint16_t sum = 0;
- for (i = 0; i < EEPROM_SIZE - 1; i++) {
- sum += eeprom_contents[i];
- }
- eeprom_contents[EEPROM_SIZE - 1] = 0xbaba - sum;
- TRACE(EEPROM, logout("checksum=0x%04x\n", eeprom_contents[EEPROM_SIZE - 1]));
-
- memset(s->mem, 0, sizeof(s->mem));
- e100_write_reg4(s, SCBCtrlMDI, BIT(21));
-
- assert(sizeof(s->mdimem) == sizeof(eepro100_mdi_default));
- memcpy(&s->mdimem[0], &eepro100_mdi_default[0], sizeof(s->mdimem));
-}
-
-static void nic_reset(void *opaque)
-{
- EEPRO100State *s = opaque;
- TRACE(OTHER, logout("%p\n", s));
- /* TODO: Clearing of hash register for selective reset, too? */
- memset(&s->mult[0], 0, sizeof(s->mult));
- nic_selective_reset(s);
-}
-
-#if defined(DEBUG_EEPRO100)
-static const char * const e100_reg[PCI_IO_SIZE / 4] = {
- "Command/Status",
- "General Pointer",
- "Port",
- "EEPROM/Flash Control",
- "MDI Control",
- "Receive DMA Byte Count",
- "Flow Control",
- "General Status/Control"
-};
-
-static char *regname(uint32_t addr)
-{
- static char buf[32];
- if (addr < PCI_IO_SIZE) {
- const char *r = e100_reg[addr / 4];
- if (r != 0) {
- snprintf(buf, sizeof(buf), "%s+%u", r, addr % 4);
- } else {
- snprintf(buf, sizeof(buf), "0x%02x", addr);
- }
- } else {
- snprintf(buf, sizeof(buf), "??? 0x%08x", addr);
- }
- return buf;
-}
-#endif /* DEBUG_EEPRO100 */
-
-/*****************************************************************************
- *
- * Command emulation.
- *
- ****************************************************************************/
-
-#if 0
-static uint16_t eepro100_read_command(EEPRO100State * s)
-{
- uint16_t val = 0xffff;
- TRACE(OTHER, logout("val=0x%04x\n", val));
- return val;
-}
-#endif
-
-/* Commands that can be put in a command list entry. */
-enum commands {
- CmdNOp = 0,
- CmdIASetup = 1,
- CmdConfigure = 2,
- CmdMulticastList = 3,
- CmdTx = 4,
- CmdTDR = 5, /* load microcode */
- CmdDump = 6,
- CmdDiagnose = 7,
-
- /* And some extra flags: */
- CmdSuspend = 0x4000, /* Suspend after completion. */
- CmdIntr = 0x2000, /* Interrupt after completion. */
- CmdTxFlex = 0x0008, /* Use "Flexible mode" for CmdTx command. */
-};
-
-static cu_state_t get_cu_state(EEPRO100State * s)
-{
- return ((s->mem[SCBStatus] & BITS(7, 6)) >> 6);
-}
-
-static void set_cu_state(EEPRO100State * s, cu_state_t state)
-{
- s->mem[SCBStatus] = (s->mem[SCBStatus] & ~BITS(7, 6)) + (state << 6);
-}
-
-static ru_state_t get_ru_state(EEPRO100State * s)
-{
- return ((s->mem[SCBStatus] & BITS(5, 2)) >> 2);
-}
-
-static void set_ru_state(EEPRO100State * s, ru_state_t state)
-{
- s->mem[SCBStatus] = (s->mem[SCBStatus] & ~BITS(5, 2)) + (state << 2);
-}
-
-static void dump_statistics(EEPRO100State * s)
-{
- /* Dump statistical data. Most data is never changed by the emulation
- * and always 0, so we first just copy the whole block and then those
- * values which really matter.
- * Number of data should check configuration!!!
- */
- pci_dma_write(&s->dev, s->statsaddr, &s->statistics, s->stats_size);
- stl_le_pci_dma(&s->dev, s->statsaddr + 0,
- s->statistics.tx_good_frames);
- stl_le_pci_dma(&s->dev, s->statsaddr + 36,
- s->statistics.rx_good_frames);
- stl_le_pci_dma(&s->dev, s->statsaddr + 48,
- s->statistics.rx_resource_errors);
- stl_le_pci_dma(&s->dev, s->statsaddr + 60,
- s->statistics.rx_short_frame_errors);
-#if 0
- stw_le_pci_dma(&s->dev, s->statsaddr + 76, s->statistics.xmt_tco_frames);
- stw_le_pci_dma(&s->dev, s->statsaddr + 78, s->statistics.rcv_tco_frames);
- missing("CU dump statistical counters");
-#endif
-}
-
-static void read_cb(EEPRO100State *s)
-{
- pci_dma_read(&s->dev, s->cb_address, &s->tx, sizeof(s->tx));
- s->tx.status = le16_to_cpu(s->tx.status);
- s->tx.command = le16_to_cpu(s->tx.command);
- s->tx.link = le32_to_cpu(s->tx.link);
- s->tx.tbd_array_addr = le32_to_cpu(s->tx.tbd_array_addr);
- s->tx.tcb_bytes = le16_to_cpu(s->tx.tcb_bytes);
-}
-
-static void tx_command(EEPRO100State *s)
-{
- uint32_t tbd_array = le32_to_cpu(s->tx.tbd_array_addr);
- uint16_t tcb_bytes = (le16_to_cpu(s->tx.tcb_bytes) & 0x3fff);
- /* Sends larger than MAX_ETH_FRAME_SIZE are allowed, up to 2600 bytes. */
- uint8_t buf[2600];
- uint16_t size = 0;
- uint32_t tbd_address = s->cb_address + 0x10;
- TRACE(RXTX, logout
- ("transmit, TBD array address 0x%08x, TCB byte count 0x%04x, TBD count %u\n",
- tbd_array, tcb_bytes, s->tx.tbd_count));
-
- if (tcb_bytes > 2600) {
- logout("TCB byte count too large, using 2600\n");
- tcb_bytes = 2600;
- }
- if (!((tcb_bytes > 0) || (tbd_array != 0xffffffff))) {
- logout
- ("illegal values of TBD array address and TCB byte count!\n");
- }
- assert(tcb_bytes <= sizeof(buf));
- while (size < tcb_bytes) {
- uint32_t tx_buffer_address = ldl_le_pci_dma(&s->dev, tbd_address);
- uint16_t tx_buffer_size = lduw_le_pci_dma(&s->dev, tbd_address + 4);
-#if 0
- uint16_t tx_buffer_el = lduw_le_pci_dma(&s->dev, tbd_address + 6);
-#endif
- tbd_address += 8;
- TRACE(RXTX, logout
- ("TBD (simplified mode): buffer address 0x%08x, size 0x%04x\n",
- tx_buffer_address, tx_buffer_size));
- tx_buffer_size = MIN(tx_buffer_size, sizeof(buf) - size);
- pci_dma_read(&s->dev, tx_buffer_address, &buf[size], tx_buffer_size);
- size += tx_buffer_size;
- }
- if (tbd_array == 0xffffffff) {
- /* Simplified mode. Was already handled by code above. */
- } else {
- /* Flexible mode. */
- uint8_t tbd_count = 0;
- if (s->has_extended_tcb_support && !(s->configuration[6] & BIT(4))) {
- /* Extended Flexible TCB. */
- for (; tbd_count < 2; tbd_count++) {
- uint32_t tx_buffer_address = ldl_le_pci_dma(&s->dev,
- tbd_address);
- uint16_t tx_buffer_size = lduw_le_pci_dma(&s->dev,
- tbd_address + 4);
- uint16_t tx_buffer_el = lduw_le_pci_dma(&s->dev,
- tbd_address + 6);
- tbd_address += 8;
- TRACE(RXTX, logout
- ("TBD (extended flexible mode): buffer address 0x%08x, size 0x%04x\n",
- tx_buffer_address, tx_buffer_size));
- tx_buffer_size = MIN(tx_buffer_size, sizeof(buf) - size);
- pci_dma_read(&s->dev, tx_buffer_address,
- &buf[size], tx_buffer_size);
- size += tx_buffer_size;
- if (tx_buffer_el & 1) {
- break;
- }
- }
- }
- tbd_address = tbd_array;
- for (; tbd_count < s->tx.tbd_count; tbd_count++) {
- uint32_t tx_buffer_address = ldl_le_pci_dma(&s->dev, tbd_address);
- uint16_t tx_buffer_size = lduw_le_pci_dma(&s->dev, tbd_address + 4);
- uint16_t tx_buffer_el = lduw_le_pci_dma(&s->dev, tbd_address + 6);
- tbd_address += 8;
- TRACE(RXTX, logout
- ("TBD (flexible mode): buffer address 0x%08x, size 0x%04x\n",
- tx_buffer_address, tx_buffer_size));
- tx_buffer_size = MIN(tx_buffer_size, sizeof(buf) - size);
- pci_dma_read(&s->dev, tx_buffer_address,
- &buf[size], tx_buffer_size);
- size += tx_buffer_size;
- if (tx_buffer_el & 1) {
- break;
- }
- }
- }
- TRACE(RXTX, logout("%p sending frame, len=%d,%s\n", s, size, nic_dump(buf, size)));
- qemu_send_packet(&s->nic->nc, buf, size);
- s->statistics.tx_good_frames++;
- /* Transmit with bad status would raise an CX/TNO interrupt.
- * (82557 only). Emulation never has bad status. */
-#if 0
- eepro100_cx_interrupt(s);
-#endif
-}
-
-static void set_multicast_list(EEPRO100State *s)
-{
- uint16_t multicast_count = s->tx.tbd_array_addr & BITS(13, 0);
- uint16_t i;
- memset(&s->mult[0], 0, sizeof(s->mult));
- TRACE(OTHER, logout("multicast list, multicast count = %u\n", multicast_count));
- for (i = 0; i < multicast_count; i += 6) {
- uint8_t multicast_addr[6];
- pci_dma_read(&s->dev, s->cb_address + 10 + i, multicast_addr, 6);
- TRACE(OTHER, logout("multicast entry %s\n", nic_dump(multicast_addr, 6)));
- unsigned mcast_idx = e100_compute_mcast_idx(multicast_addr);
- assert(mcast_idx < 64);
- s->mult[mcast_idx >> 3] |= (1 << (mcast_idx & 7));
- }
-}
-
-static void action_command(EEPRO100State *s)
-{
- for (;;) {
- bool bit_el;
- bool bit_s;
- bool bit_i;
- bool bit_nc;
- uint16_t ok_status = STATUS_OK;
- s->cb_address = s->cu_base + s->cu_offset;
- read_cb(s);
- bit_el = ((s->tx.command & COMMAND_EL) != 0);
- bit_s = ((s->tx.command & COMMAND_S) != 0);
- bit_i = ((s->tx.command & COMMAND_I) != 0);
- bit_nc = ((s->tx.command & COMMAND_NC) != 0);
-#if 0
- bool bit_sf = ((s->tx.command & COMMAND_SF) != 0);
-#endif
- s->cu_offset = s->tx.link;
- TRACE(OTHER,
- logout("val=(cu start), status=0x%04x, command=0x%04x, link=0x%08x\n",
- s->tx.status, s->tx.command, s->tx.link));
- switch (s->tx.command & COMMAND_CMD) {
- case CmdNOp:
- /* Do nothing. */
- break;
- case CmdIASetup:
- pci_dma_read(&s->dev, s->cb_address + 8, &s->conf.macaddr.a[0], 6);
- TRACE(OTHER, logout("macaddr: %s\n", nic_dump(&s->conf.macaddr.a[0], 6)));
- break;
- case CmdConfigure:
- pci_dma_read(&s->dev, s->cb_address + 8,
- &s->configuration[0], sizeof(s->configuration));
- TRACE(OTHER, logout("configuration: %s\n",
- nic_dump(&s->configuration[0], 16)));
- TRACE(OTHER, logout("configuration: %s\n",
- nic_dump(&s->configuration[16],
- ARRAY_SIZE(s->configuration) - 16)));
- if (s->configuration[20] & BIT(6)) {
- TRACE(OTHER, logout("Multiple IA bit\n"));
- }
- break;
- case CmdMulticastList:
- set_multicast_list(s);
- break;
- case CmdTx:
- if (bit_nc) {
- missing("CmdTx: NC = 0");
- ok_status = 0;
- break;
- }
- tx_command(s);
- break;
- case CmdTDR:
- TRACE(OTHER, logout("load microcode\n"));
- /* Starting with offset 8, the command contains
- * 64 dwords microcode which we just ignore here. */
- break;
- case CmdDiagnose:
- TRACE(OTHER, logout("diagnose\n"));
- /* Make sure error flag is not set. */
- s->tx.status = 0;
- break;
- default:
- missing("undefined command");
- ok_status = 0;
- break;
- }
- /* Write new status. */
- stw_le_pci_dma(&s->dev, s->cb_address,
- s->tx.status | ok_status | STATUS_C);
- if (bit_i) {
- /* CU completed action. */
- eepro100_cx_interrupt(s);
- }
- if (bit_el) {
- /* CU becomes idle. Terminate command loop. */
- set_cu_state(s, cu_idle);
- eepro100_cna_interrupt(s);
- break;
- } else if (bit_s) {
- /* CU becomes suspended. Terminate command loop. */
- set_cu_state(s, cu_suspended);
- eepro100_cna_interrupt(s);
- break;
- } else {
- /* More entries in list. */
- TRACE(OTHER, logout("CU list with at least one more entry\n"));
- }
- }
- TRACE(OTHER, logout("CU list empty\n"));
- /* List is empty. Now CU is idle or suspended. */
-}
-
-static void eepro100_cu_command(EEPRO100State * s, uint8_t val)
-{
- cu_state_t cu_state;
- switch (val) {
- case CU_NOP:
- /* No operation. */
- break;
- case CU_START:
- cu_state = get_cu_state(s);
- if (cu_state != cu_idle && cu_state != cu_suspended) {
- /* Intel documentation says that CU must be idle or suspended
- * for the CU start command. */
- logout("unexpected CU state is %u\n", cu_state);
- }
- set_cu_state(s, cu_active);
- s->cu_offset = e100_read_reg4(s, SCBPointer);
- action_command(s);
- break;
- case CU_RESUME:
- if (get_cu_state(s) != cu_suspended) {
- logout("bad CU resume from CU state %u\n", get_cu_state(s));
- /* Workaround for bad Linux eepro100 driver which resumes
- * from idle state. */
-#if 0
- missing("cu resume");
-#endif
- set_cu_state(s, cu_suspended);
- }
- if (get_cu_state(s) == cu_suspended) {
- TRACE(OTHER, logout("CU resuming\n"));
- set_cu_state(s, cu_active);
- action_command(s);
- }
- break;
- case CU_STATSADDR:
- /* Load dump counters address. */
- s->statsaddr = e100_read_reg4(s, SCBPointer);
- TRACE(OTHER, logout("val=0x%02x (dump counters address)\n", val));
- if (s->statsaddr & 3) {
- /* Memory must be Dword aligned. */
- logout("unaligned dump counters address\n");
- /* Handling of misaligned addresses is undefined.
- * Here we align the address by ignoring the lower bits. */
- /* TODO: Test unaligned dump counter address on real hardware. */
- s->statsaddr &= ~3;
- }
- break;
- case CU_SHOWSTATS:
- /* Dump statistical counters. */
- TRACE(OTHER, logout("val=0x%02x (dump stats)\n", val));
- dump_statistics(s);
- stl_le_pci_dma(&s->dev, s->statsaddr + s->stats_size, 0xa005);
- break;
- case CU_CMD_BASE:
- /* Load CU base. */
- TRACE(OTHER, logout("val=0x%02x (CU base address)\n", val));
- s->cu_base = e100_read_reg4(s, SCBPointer);
- break;
- case CU_DUMPSTATS:
- /* Dump and reset statistical counters. */
- TRACE(OTHER, logout("val=0x%02x (dump stats and reset)\n", val));
- dump_statistics(s);
- stl_le_pci_dma(&s->dev, s->statsaddr + s->stats_size, 0xa007);
- memset(&s->statistics, 0, sizeof(s->statistics));
- break;
- case CU_SRESUME:
- /* CU static resume. */
- missing("CU static resume");
- break;
- default:
- missing("Undefined CU command");
- }
-}
-
-static void eepro100_ru_command(EEPRO100State * s, uint8_t val)
-{
- switch (val) {
- case RU_NOP:
- /* No operation. */
- break;
- case RX_START:
- /* RU start. */
- if (get_ru_state(s) != ru_idle) {
- logout("RU state is %u, should be %u\n", get_ru_state(s), ru_idle);
-#if 0
- assert(!"wrong RU state");
-#endif
- }
- set_ru_state(s, ru_ready);
- s->ru_offset = e100_read_reg4(s, SCBPointer);
- qemu_flush_queued_packets(&s->nic->nc);
- TRACE(OTHER, logout("val=0x%02x (rx start)\n", val));
- break;
- case RX_RESUME:
- /* Restart RU. */
- if (get_ru_state(s) != ru_suspended) {
- logout("RU state is %u, should be %u\n", get_ru_state(s),
- ru_suspended);
-#if 0
- assert(!"wrong RU state");
-#endif
- }
- set_ru_state(s, ru_ready);
- break;
- case RU_ABORT:
- /* RU abort. */
- if (get_ru_state(s) == ru_ready) {
- eepro100_rnr_interrupt(s);
- }
- set_ru_state(s, ru_idle);
- break;
- case RX_ADDR_LOAD:
- /* Load RU base. */
- TRACE(OTHER, logout("val=0x%02x (RU base address)\n", val));
- s->ru_base = e100_read_reg4(s, SCBPointer);
- break;
- default:
- logout("val=0x%02x (undefined RU command)\n", val);
- missing("Undefined SU command");
- }
-}
-
-static void eepro100_write_command(EEPRO100State * s, uint8_t val)
-{
- eepro100_ru_command(s, val & 0x0f);
- eepro100_cu_command(s, val & 0xf0);
- if ((val) == 0) {
- TRACE(OTHER, logout("val=0x%02x\n", val));
- }
- /* Clear command byte after command was accepted. */
- s->mem[SCBCmd] = 0;
-}
-
-/*****************************************************************************
- *
- * EEPROM emulation.
- *
- ****************************************************************************/
-
-#define EEPROM_CS 0x02
-#define EEPROM_SK 0x01
-#define EEPROM_DI 0x04
-#define EEPROM_DO 0x08
-
-static uint16_t eepro100_read_eeprom(EEPRO100State * s)
-{
- uint16_t val = e100_read_reg2(s, SCBeeprom);
- if (eeprom93xx_read(s->eeprom)) {
- val |= EEPROM_DO;
- } else {
- val &= ~EEPROM_DO;
- }
- TRACE(EEPROM, logout("val=0x%04x\n", val));
- return val;
-}
-
-static void eepro100_write_eeprom(eeprom_t * eeprom, uint8_t val)
-{
- TRACE(EEPROM, logout("val=0x%02x\n", val));
-
- /* mask unwritable bits */
-#if 0
- val = SET_MASKED(val, 0x31, eeprom->value);
-#endif
-
- int eecs = ((val & EEPROM_CS) != 0);
- int eesk = ((val & EEPROM_SK) != 0);
- int eedi = ((val & EEPROM_DI) != 0);
- eeprom93xx_write(eeprom, eecs, eesk, eedi);
-}
-
-/*****************************************************************************
- *
- * MDI emulation.
- *
- ****************************************************************************/
-
-#if defined(DEBUG_EEPRO100)
-static const char * const mdi_op_name[] = {
- "opcode 0",
- "write",
- "read",
- "opcode 3"
-};
-
-static const char * const mdi_reg_name[] = {
- "Control",
- "Status",
- "PHY Identification (Word 1)",
- "PHY Identification (Word 2)",
- "Auto-Negotiation Advertisement",
- "Auto-Negotiation Link Partner Ability",
- "Auto-Negotiation Expansion"
-};
-
-static const char *reg2name(uint8_t reg)
-{
- static char buffer[10];
- const char *p = buffer;
- if (reg < ARRAY_SIZE(mdi_reg_name)) {
- p = mdi_reg_name[reg];
- } else {
- snprintf(buffer, sizeof(buffer), "reg=0x%02x", reg);
- }
- return p;
-}
-#endif /* DEBUG_EEPRO100 */
-
-static uint32_t eepro100_read_mdi(EEPRO100State * s)
-{
- uint32_t val = e100_read_reg4(s, SCBCtrlMDI);
-
-#ifdef DEBUG_EEPRO100
- uint8_t raiseint = (val & BIT(29)) >> 29;
- uint8_t opcode = (val & BITS(27, 26)) >> 26;
- uint8_t phy = (val & BITS(25, 21)) >> 21;
- uint8_t reg = (val & BITS(20, 16)) >> 16;
- uint16_t data = (val & BITS(15, 0));
-#endif
- /* Emulation takes no time to finish MDI transaction. */
- val |= BIT(28);
- TRACE(MDI, logout("val=0x%08x (int=%u, %s, phy=%u, %s, data=0x%04x\n",
- val, raiseint, mdi_op_name[opcode], phy,
- reg2name(reg), data));
- return val;
-}
-
-static void eepro100_write_mdi(EEPRO100State *s)
-{
- uint32_t val = e100_read_reg4(s, SCBCtrlMDI);
- uint8_t raiseint = (val & BIT(29)) >> 29;
- uint8_t opcode = (val & BITS(27, 26)) >> 26;
- uint8_t phy = (val & BITS(25, 21)) >> 21;
- uint8_t reg = (val & BITS(20, 16)) >> 16;
- uint16_t data = (val & BITS(15, 0));
- TRACE(MDI, logout("val=0x%08x (int=%u, %s, phy=%u, %s, data=0x%04x\n",
- val, raiseint, mdi_op_name[opcode], phy, reg2name(reg), data));
- if (phy != 1) {
- /* Unsupported PHY address. */
-#if 0
- logout("phy must be 1 but is %u\n", phy);
-#endif
- data = 0;
- } else if (opcode != 1 && opcode != 2) {
- /* Unsupported opcode. */
- logout("opcode must be 1 or 2 but is %u\n", opcode);
- data = 0;
- } else if (reg > 6) {
- /* Unsupported register. */
- logout("register must be 0...6 but is %u\n", reg);
- data = 0;
- } else {
- TRACE(MDI, logout("val=0x%08x (int=%u, %s, phy=%u, %s, data=0x%04x\n",
- val, raiseint, mdi_op_name[opcode], phy,
- reg2name(reg), data));
- if (opcode == 1) {
- /* MDI write */
- switch (reg) {
- case 0: /* Control Register */
- if (data & 0x8000) {
- /* Reset status and control registers to default. */
- s->mdimem[0] = eepro100_mdi_default[0];
- s->mdimem[1] = eepro100_mdi_default[1];
- data = s->mdimem[reg];
- } else {
- /* Restart Auto Configuration = Normal Operation */
- data &= ~0x0200;
- }
- break;
- case 1: /* Status Register */
- missing("not writable");
- data = s->mdimem[reg];
- break;
- case 2: /* PHY Identification Register (Word 1) */
- case 3: /* PHY Identification Register (Word 2) */
- missing("not implemented");
- break;
- case 4: /* Auto-Negotiation Advertisement Register */
- case 5: /* Auto-Negotiation Link Partner Ability Register */
- break;
- case 6: /* Auto-Negotiation Expansion Register */
- default:
- missing("not implemented");
- }
- s->mdimem[reg] = data;
- } else if (opcode == 2) {
- /* MDI read */
- switch (reg) {
- case 0: /* Control Register */
- if (data & 0x8000) {
- /* Reset status and control registers to default. */
- s->mdimem[0] = eepro100_mdi_default[0];
- s->mdimem[1] = eepro100_mdi_default[1];
- }
- break;
- case 1: /* Status Register */
- s->mdimem[reg] |= 0x0020;
- break;
- case 2: /* PHY Identification Register (Word 1) */
- case 3: /* PHY Identification Register (Word 2) */
- case 4: /* Auto-Negotiation Advertisement Register */
- break;
- case 5: /* Auto-Negotiation Link Partner Ability Register */
- s->mdimem[reg] = 0x41fe;
- break;
- case 6: /* Auto-Negotiation Expansion Register */
- s->mdimem[reg] = 0x0001;
- break;
- }
- data = s->mdimem[reg];
- }
- /* Emulation takes no time to finish MDI transaction.
- * Set MDI bit in SCB status register. */
- s->mem[SCBAck] |= 0x08;
- val |= BIT(28);
- if (raiseint) {
- eepro100_mdi_interrupt(s);
- }
- }
- val = (val & 0xffff0000) + data;
- e100_write_reg4(s, SCBCtrlMDI, val);
-}
-
-/*****************************************************************************
- *
- * Port emulation.
- *
- ****************************************************************************/
-
-#define PORT_SOFTWARE_RESET 0
-#define PORT_SELFTEST 1
-#define PORT_SELECTIVE_RESET 2
-#define PORT_DUMP 3
-#define PORT_SELECTION_MASK 3
-
-typedef struct {
- uint32_t st_sign; /* Self Test Signature */
- uint32_t st_result; /* Self Test Results */
-} eepro100_selftest_t;
-
-static uint32_t eepro100_read_port(EEPRO100State * s)
-{
- return 0;
-}
-
-static void eepro100_write_port(EEPRO100State *s)
-{
- uint32_t val = e100_read_reg4(s, SCBPort);
- uint32_t address = (val & ~PORT_SELECTION_MASK);
- uint8_t selection = (val & PORT_SELECTION_MASK);
- switch (selection) {
- case PORT_SOFTWARE_RESET:
- nic_reset(s);
- break;
- case PORT_SELFTEST:
- TRACE(OTHER, logout("selftest address=0x%08x\n", address));
- eepro100_selftest_t data;
- pci_dma_read(&s->dev, address, (uint8_t *) &data, sizeof(data));
- data.st_sign = 0xffffffff;
- data.st_result = 0;
- pci_dma_write(&s->dev, address, (uint8_t *) &data, sizeof(data));
- break;
- case PORT_SELECTIVE_RESET:
- TRACE(OTHER, logout("selective reset, selftest address=0x%08x\n", address));
- nic_selective_reset(s);
- break;
- default:
- logout("val=0x%08x\n", val);
- missing("unknown port selection");
- }
-}
-
-/*****************************************************************************
- *
- * General hardware emulation.
- *
- ****************************************************************************/
-
-static uint8_t eepro100_read1(EEPRO100State * s, uint32_t addr)
-{
- uint8_t val = 0;
- if (addr <= sizeof(s->mem) - sizeof(val)) {
- val = s->mem[addr];
- }
-
- switch (addr) {
- case SCBStatus:
- case SCBAck:
- TRACE(OTHER, logout("addr=%s val=0x%02x\n", regname(addr), val));
- break;
- case SCBCmd:
- TRACE(OTHER, logout("addr=%s val=0x%02x\n", regname(addr), val));
-#if 0
- val = eepro100_read_command(s);
-#endif
- break;
- case SCBIntmask:
- TRACE(OTHER, logout("addr=%s val=0x%02x\n", regname(addr), val));
- break;
- case SCBPort + 3:
- TRACE(OTHER, logout("addr=%s val=0x%02x\n", regname(addr), val));
- break;
- case SCBeeprom:
- val = eepro100_read_eeprom(s);
- break;
- case SCBCtrlMDI:
- case SCBCtrlMDI + 1:
- case SCBCtrlMDI + 2:
- case SCBCtrlMDI + 3:
- val = (uint8_t)(eepro100_read_mdi(s) >> (8 * (addr & 3)));
- TRACE(OTHER, logout("addr=%s val=0x%02x\n", regname(addr), val));
- break;
- case SCBpmdr: /* Power Management Driver Register */
- val = 0;
- TRACE(OTHER, logout("addr=%s val=0x%02x\n", regname(addr), val));
- break;
- case SCBgctrl: /* General Control Register */
- TRACE(OTHER, logout("addr=%s val=0x%02x\n", regname(addr), val));
- break;
- case SCBgstat: /* General Status Register */
- /* 100 Mbps full duplex, valid link */
- val = 0x07;
- TRACE(OTHER, logout("addr=General Status val=%02x\n", val));
- break;
- default:
- logout("addr=%s val=0x%02x\n", regname(addr), val);
- missing("unknown byte read");
- }
- return val;
-}
-
-static uint16_t eepro100_read2(EEPRO100State * s, uint32_t addr)
-{
- uint16_t val = 0;
- if (addr <= sizeof(s->mem) - sizeof(val)) {
- val = e100_read_reg2(s, addr);
- }
-
- switch (addr) {
- case SCBStatus:
- case SCBCmd:
- TRACE(OTHER, logout("addr=%s val=0x%04x\n", regname(addr), val));
- break;
- case SCBeeprom:
- val = eepro100_read_eeprom(s);
- TRACE(OTHER, logout("addr=%s val=0x%04x\n", regname(addr), val));
- break;
- case SCBCtrlMDI:
- case SCBCtrlMDI + 2:
- val = (uint16_t)(eepro100_read_mdi(s) >> (8 * (addr & 3)));
- TRACE(OTHER, logout("addr=%s val=0x%04x\n", regname(addr), val));
- break;
- default:
- logout("addr=%s val=0x%04x\n", regname(addr), val);
- missing("unknown word read");
- }
- return val;
-}
-
-static uint32_t eepro100_read4(EEPRO100State * s, uint32_t addr)
-{
- uint32_t val = 0;
- if (addr <= sizeof(s->mem) - sizeof(val)) {
- val = e100_read_reg4(s, addr);
- }
-
- switch (addr) {
- case SCBStatus:
- TRACE(OTHER, logout("addr=%s val=0x%08x\n", regname(addr), val));
- break;
- case SCBPointer:
- TRACE(OTHER, logout("addr=%s val=0x%08x\n", regname(addr), val));
- break;
- case SCBPort:
- val = eepro100_read_port(s);
- TRACE(OTHER, logout("addr=%s val=0x%08x\n", regname(addr), val));
- break;
- case SCBflash:
- val = eepro100_read_eeprom(s);
- TRACE(OTHER, logout("addr=%s val=0x%08x\n", regname(addr), val));
- break;
- case SCBCtrlMDI:
- val = eepro100_read_mdi(s);
- break;
- default:
- logout("addr=%s val=0x%08x\n", regname(addr), val);
- missing("unknown longword read");
- }
- return val;
-}
-
-static void eepro100_write1(EEPRO100State * s, uint32_t addr, uint8_t val)
-{
- /* SCBStatus is readonly. */
- if (addr > SCBStatus && addr <= sizeof(s->mem) - sizeof(val)) {
- s->mem[addr] = val;
- }
-
- switch (addr) {
- case SCBStatus:
- TRACE(OTHER, logout("addr=%s val=0x%02x\n", regname(addr), val));
- break;
- case SCBAck:
- TRACE(OTHER, logout("addr=%s val=0x%02x\n", regname(addr), val));
- eepro100_acknowledge(s);
- break;
- case SCBCmd:
- TRACE(OTHER, logout("addr=%s val=0x%02x\n", regname(addr), val));
- eepro100_write_command(s, val);
- break;
- case SCBIntmask:
- TRACE(OTHER, logout("addr=%s val=0x%02x\n", regname(addr), val));
- if (val & BIT(1)) {
- eepro100_swi_interrupt(s);
- }
- eepro100_interrupt(s, 0);
- break;
- case SCBPointer:
- case SCBPointer + 1:
- case SCBPointer + 2:
- case SCBPointer + 3:
- TRACE(OTHER, logout("addr=%s val=0x%02x\n", regname(addr), val));
- break;
- case SCBPort:
- case SCBPort + 1:
- case SCBPort + 2:
- TRACE(OTHER, logout("addr=%s val=0x%02x\n", regname(addr), val));
- break;
- case SCBPort + 3:
- TRACE(OTHER, logout("addr=%s val=0x%02x\n", regname(addr), val));
- eepro100_write_port(s);
- break;
- case SCBFlow: /* does not exist on 82557 */
- case SCBFlow + 1:
- case SCBFlow + 2:
- case SCBpmdr: /* does not exist on 82557 */
- TRACE(OTHER, logout("addr=%s val=0x%02x\n", regname(addr), val));
- break;
- case SCBeeprom:
- TRACE(OTHER, logout("addr=%s val=0x%02x\n", regname(addr), val));
- eepro100_write_eeprom(s->eeprom, val);
- break;
- case SCBCtrlMDI:
- case SCBCtrlMDI + 1:
- case SCBCtrlMDI + 2:
- TRACE(OTHER, logout("addr=%s val=0x%02x\n", regname(addr), val));
- break;
- case SCBCtrlMDI + 3:
- TRACE(OTHER, logout("addr=%s val=0x%02x\n", regname(addr), val));
- eepro100_write_mdi(s);
- break;
- default:
- logout("addr=%s val=0x%02x\n", regname(addr), val);
- missing("unknown byte write");
- }
-}
-
-static void eepro100_write2(EEPRO100State * s, uint32_t addr, uint16_t val)
-{
- /* SCBStatus is readonly. */
- if (addr > SCBStatus && addr <= sizeof(s->mem) - sizeof(val)) {
- e100_write_reg2(s, addr, val);
- }
-
- switch (addr) {
- case SCBStatus:
- TRACE(OTHER, logout("addr=%s val=0x%04x\n", regname(addr), val));
- s->mem[SCBAck] = (val >> 8);
- eepro100_acknowledge(s);
- break;
- case SCBCmd:
- TRACE(OTHER, logout("addr=%s val=0x%04x\n", regname(addr), val));
- eepro100_write_command(s, val);
- eepro100_write1(s, SCBIntmask, val >> 8);
- break;
- case SCBPointer:
- case SCBPointer + 2:
- TRACE(OTHER, logout("addr=%s val=0x%04x\n", regname(addr), val));
- break;
- case SCBPort:
- TRACE(OTHER, logout("addr=%s val=0x%04x\n", regname(addr), val));
- break;
- case SCBPort + 2:
- TRACE(OTHER, logout("addr=%s val=0x%04x\n", regname(addr), val));
- eepro100_write_port(s);
- break;
- case SCBeeprom:
- TRACE(OTHER, logout("addr=%s val=0x%04x\n", regname(addr), val));
- eepro100_write_eeprom(s->eeprom, val);
- break;
- case SCBCtrlMDI:
- TRACE(OTHER, logout("addr=%s val=0x%04x\n", regname(addr), val));
- break;
- case SCBCtrlMDI + 2:
- TRACE(OTHER, logout("addr=%s val=0x%04x\n", regname(addr), val));
- eepro100_write_mdi(s);
- break;
- default:
- logout("addr=%s val=0x%04x\n", regname(addr), val);
- missing("unknown word write");
- }
-}
-
-static void eepro100_write4(EEPRO100State * s, uint32_t addr, uint32_t val)
-{
- if (addr <= sizeof(s->mem) - sizeof(val)) {
- e100_write_reg4(s, addr, val);
- }
-
- switch (addr) {
- case SCBPointer:
- TRACE(OTHER, logout("addr=%s val=0x%08x\n", regname(addr), val));
- break;
- case SCBPort:
- TRACE(OTHER, logout("addr=%s val=0x%08x\n", regname(addr), val));
- eepro100_write_port(s);
- break;
- case SCBflash:
- TRACE(OTHER, logout("addr=%s val=0x%08x\n", regname(addr), val));
- val = val >> 16;
- eepro100_write_eeprom(s->eeprom, val);
- break;
- case SCBCtrlMDI:
- TRACE(OTHER, logout("addr=%s val=0x%08x\n", regname(addr), val));
- eepro100_write_mdi(s);
- break;
- default:
- logout("addr=%s val=0x%08x\n", regname(addr), val);
- missing("unknown longword write");
- }
-}
-
-static uint64_t eepro100_read(void *opaque, hwaddr addr,
- unsigned size)
-{
- EEPRO100State *s = opaque;
-
- switch (size) {
- case 1: return eepro100_read1(s, addr);
- case 2: return eepro100_read2(s, addr);
- case 4: return eepro100_read4(s, addr);
- default: abort();
- }
-}
-
-static void eepro100_write(void *opaque, hwaddr addr,
- uint64_t data, unsigned size)
-{
- EEPRO100State *s = opaque;
-
- switch (size) {
- case 1:
- eepro100_write1(s, addr, data);
- break;
- case 2:
- eepro100_write2(s, addr, data);
- break;
- case 4:
- eepro100_write4(s, addr, data);
- break;
- default:
- abort();
- }
-}
-
-static const MemoryRegionOps eepro100_ops = {
- .read = eepro100_read,
- .write = eepro100_write,
- .endianness = DEVICE_LITTLE_ENDIAN,
-};
-
-static int nic_can_receive(NetClientState *nc)
-{
- EEPRO100State *s = DO_UPCAST(NICState, nc, nc)->opaque;
- TRACE(RXTX, logout("%p\n", s));
- return get_ru_state(s) == ru_ready;
-#if 0
- return !eepro100_buffer_full(s);
-#endif
-}
-
-static ssize_t nic_receive(NetClientState *nc, const uint8_t * buf, size_t size)
-{
- /* TODO:
- * - Magic packets should set bit 30 in power management driver register.
- * - Interesting packets should set bit 29 in power management driver register.
- */
- EEPRO100State *s = DO_UPCAST(NICState, nc, nc)->opaque;
- uint16_t rfd_status = 0xa000;
-#if defined(CONFIG_PAD_RECEIVED_FRAMES)
- uint8_t min_buf[60];
-#endif
- static const uint8_t broadcast_macaddr[6] =
- { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
-
-#if defined(CONFIG_PAD_RECEIVED_FRAMES)
- /* Pad to minimum Ethernet frame length */
- if (size < sizeof(min_buf)) {
- memcpy(min_buf, buf, size);
- memset(&min_buf[size], 0, sizeof(min_buf) - size);
- buf = min_buf;
- size = sizeof(min_buf);
- }
-#endif
-
- if (s->configuration[8] & 0x80) {
- /* CSMA is disabled. */
- logout("%p received while CSMA is disabled\n", s);
- return -1;
-#if !defined(CONFIG_PAD_RECEIVED_FRAMES)
- } else if (size < 64 && (s->configuration[7] & BIT(0))) {
- /* Short frame and configuration byte 7/0 (discard short receive) set:
- * Short frame is discarded */
- logout("%p received short frame (%zu byte)\n", s, size);
- s->statistics.rx_short_frame_errors++;
- return -1;
-#endif
- } else if ((size > MAX_ETH_FRAME_SIZE + 4) && !(s->configuration[18] & BIT(3))) {
- /* Long frame and configuration byte 18/3 (long receive ok) not set:
- * Long frames are discarded. */
- logout("%p received long frame (%zu byte), ignored\n", s, size);
- return -1;
- } else if (memcmp(buf, s->conf.macaddr.a, 6) == 0) { /* !!! */
- /* Frame matches individual address. */
- /* TODO: check configuration byte 15/4 (ignore U/L). */
- TRACE(RXTX, logout("%p received frame for me, len=%zu\n", s, size));
- } else if (memcmp(buf, broadcast_macaddr, 6) == 0) {
- /* Broadcast frame. */
- TRACE(RXTX, logout("%p received broadcast, len=%zu\n", s, size));
- rfd_status |= 0x0002;
- } else if (buf[0] & 0x01) {
- /* Multicast frame. */
- TRACE(RXTX, logout("%p received multicast, len=%zu,%s\n", s, size, nic_dump(buf, size)));
- if (s->configuration[21] & BIT(3)) {
- /* Multicast all bit is set, receive all multicast frames. */
- } else {
- unsigned mcast_idx = e100_compute_mcast_idx(buf);
- assert(mcast_idx < 64);
- if (s->mult[mcast_idx >> 3] & (1 << (mcast_idx & 7))) {
- /* Multicast frame is allowed in hash table. */
- } else if (s->configuration[15] & BIT(0)) {
- /* Promiscuous: receive all. */
- rfd_status |= 0x0004;
- } else {
- TRACE(RXTX, logout("%p multicast ignored\n", s));
- return -1;
- }
- }
- /* TODO: Next not for promiscuous mode? */
- rfd_status |= 0x0002;
- } else if (s->configuration[15] & BIT(0)) {
- /* Promiscuous: receive all. */
- TRACE(RXTX, logout("%p received frame in promiscuous mode, len=%zu\n", s, size));
- rfd_status |= 0x0004;
- } else if (s->configuration[20] & BIT(6)) {
- /* Multiple IA bit set. */
- unsigned mcast_idx = compute_mcast_idx(buf);
- assert(mcast_idx < 64);
- if (s->mult[mcast_idx >> 3] & (1 << (mcast_idx & 7))) {
- TRACE(RXTX, logout("%p accepted, multiple IA bit set\n", s));
- } else {
- TRACE(RXTX, logout("%p frame ignored, multiple IA bit set\n", s));
- return -1;
- }
- } else {
- TRACE(RXTX, logout("%p received frame, ignored, len=%zu,%s\n", s, size,
- nic_dump(buf, size)));
- return size;
- }
-
- if (get_ru_state(s) != ru_ready) {
- /* No resources available. */
- logout("no resources, state=%u\n", get_ru_state(s));
- /* TODO: RNR interrupt only at first failed frame? */
- eepro100_rnr_interrupt(s);
- s->statistics.rx_resource_errors++;
-#if 0
- assert(!"no resources");
-#endif
- return -1;
- }
- /* !!! */
- eepro100_rx_t rx;
- pci_dma_read(&s->dev, s->ru_base + s->ru_offset,
- &rx, sizeof(eepro100_rx_t));
- uint16_t rfd_command = le16_to_cpu(rx.command);
- uint16_t rfd_size = le16_to_cpu(rx.size);
-
- if (size > rfd_size) {
- logout("Receive buffer (%" PRId16 " bytes) too small for data "
- "(%zu bytes); data truncated\n", rfd_size, size);
- size = rfd_size;
- }
-#if !defined(CONFIG_PAD_RECEIVED_FRAMES)
- if (size < 64) {
- rfd_status |= 0x0080;
- }
-#endif
- TRACE(OTHER, logout("command 0x%04x, link 0x%08x, addr 0x%08x, size %u\n",
- rfd_command, rx.link, rx.rx_buf_addr, rfd_size));
- stw_le_pci_dma(&s->dev, s->ru_base + s->ru_offset +
- offsetof(eepro100_rx_t, status), rfd_status);
- stw_le_pci_dma(&s->dev, s->ru_base + s->ru_offset +
- offsetof(eepro100_rx_t, count), size);
- /* Early receive interrupt not supported. */
-#if 0
- eepro100_er_interrupt(s);
-#endif
- /* Receive CRC Transfer not supported. */
- if (s->configuration[18] & BIT(2)) {
- missing("Receive CRC Transfer");
- return -1;
- }
- /* TODO: check stripping enable bit. */
-#if 0
- assert(!(s->configuration[17] & BIT(0)));
-#endif
- pci_dma_write(&s->dev, s->ru_base + s->ru_offset +
- sizeof(eepro100_rx_t), buf, size);
- s->statistics.rx_good_frames++;
- eepro100_fr_interrupt(s);
- s->ru_offset = le32_to_cpu(rx.link);
- if (rfd_command & COMMAND_EL) {
- /* EL bit is set, so this was the last frame. */
- logout("receive: Running out of frames\n");
- set_ru_state(s, ru_no_resources);
- eepro100_rnr_interrupt(s);
- }
- if (rfd_command & COMMAND_S) {
- /* S bit is set. */
- set_ru_state(s, ru_suspended);
- }
- return size;
-}
-
-static const VMStateDescription vmstate_eepro100 = {
- .version_id = 3,
- .minimum_version_id = 2,
- .minimum_version_id_old = 2,
- .fields = (VMStateField []) {
- VMSTATE_PCI_DEVICE(dev, EEPRO100State),
- VMSTATE_UNUSED(32),
- VMSTATE_BUFFER(mult, EEPRO100State),
- VMSTATE_BUFFER(mem, EEPRO100State),
- /* Save all members of struct between scb_stat and mem. */
- VMSTATE_UINT8(scb_stat, EEPRO100State),
- VMSTATE_UINT8(int_stat, EEPRO100State),
- VMSTATE_UNUSED(3*4),
- VMSTATE_MACADDR(conf.macaddr, EEPRO100State),
- VMSTATE_UNUSED(19*4),
- VMSTATE_UINT16_ARRAY(mdimem, EEPRO100State, 32),
- /* The eeprom should be saved and restored by its own routines. */
- VMSTATE_UINT32(device, EEPRO100State),
- /* TODO check device. */
- VMSTATE_UINT32(cu_base, EEPRO100State),
- VMSTATE_UINT32(cu_offset, EEPRO100State),
- VMSTATE_UINT32(ru_base, EEPRO100State),
- VMSTATE_UINT32(ru_offset, EEPRO100State),
- VMSTATE_UINT32(statsaddr, EEPRO100State),
- /* Save eepro100_stats_t statistics. */
- VMSTATE_UINT32(statistics.tx_good_frames, EEPRO100State),
- VMSTATE_UINT32(statistics.tx_max_collisions, EEPRO100State),
- VMSTATE_UINT32(statistics.tx_late_collisions, EEPRO100State),
- VMSTATE_UINT32(statistics.tx_underruns, EEPRO100State),
- VMSTATE_UINT32(statistics.tx_lost_crs, EEPRO100State),
- VMSTATE_UINT32(statistics.tx_deferred, EEPRO100State),
- VMSTATE_UINT32(statistics.tx_single_collisions, EEPRO100State),
- VMSTATE_UINT32(statistics.tx_multiple_collisions, EEPRO100State),
- VMSTATE_UINT32(statistics.tx_total_collisions, EEPRO100State),
- VMSTATE_UINT32(statistics.rx_good_frames, EEPRO100State),
- VMSTATE_UINT32(statistics.rx_crc_errors, EEPRO100State),
- VMSTATE_UINT32(statistics.rx_alignment_errors, EEPRO100State),
- VMSTATE_UINT32(statistics.rx_resource_errors, EEPRO100State),
- VMSTATE_UINT32(statistics.rx_overrun_errors, EEPRO100State),
- VMSTATE_UINT32(statistics.rx_cdt_errors, EEPRO100State),
- VMSTATE_UINT32(statistics.rx_short_frame_errors, EEPRO100State),
- VMSTATE_UINT32(statistics.fc_xmt_pause, EEPRO100State),
- VMSTATE_UINT32(statistics.fc_rcv_pause, EEPRO100State),
- VMSTATE_UINT32(statistics.fc_rcv_unsupported, EEPRO100State),
- VMSTATE_UINT16(statistics.xmt_tco_frames, EEPRO100State),
- VMSTATE_UINT16(statistics.rcv_tco_frames, EEPRO100State),
- /* Configuration bytes. */
- VMSTATE_BUFFER(configuration, EEPRO100State),
- VMSTATE_END_OF_LIST()
- }
-};
-
-static void nic_cleanup(NetClientState *nc)
-{
- EEPRO100State *s = DO_UPCAST(NICState, nc, nc)->opaque;
-
- s->nic = NULL;
-}
-
-static void pci_nic_uninit(PCIDevice *pci_dev)
-{
- EEPRO100State *s = DO_UPCAST(EEPRO100State, dev, pci_dev);
-
- memory_region_destroy(&s->mmio_bar);
- memory_region_destroy(&s->io_bar);
- memory_region_destroy(&s->flash_bar);
- vmstate_unregister(&pci_dev->qdev, s->vmstate, s);
- eeprom93xx_free(&pci_dev->qdev, s->eeprom);
- qemu_del_net_client(&s->nic->nc);
-}
-
-static NetClientInfo net_eepro100_info = {
- .type = NET_CLIENT_OPTIONS_KIND_NIC,
- .size = sizeof(NICState),
- .can_receive = nic_can_receive,
- .receive = nic_receive,
- .cleanup = nic_cleanup,
-};
-
-static int e100_nic_init(PCIDevice *pci_dev)
-{
- EEPRO100State *s = DO_UPCAST(EEPRO100State, dev, pci_dev);
- E100PCIDeviceInfo *info = eepro100_get_class(s);
-
- TRACE(OTHER, logout("\n"));
-
- s->device = info->device;
-
- e100_pci_reset(s);
-
- /* Add 64 * 2 EEPROM. i82557 and i82558 support a 64 word EEPROM,
- * i82559 and later support 64 or 256 word EEPROM. */
- s->eeprom = eeprom93xx_new(&pci_dev->qdev, EEPROM_SIZE);
-
- /* Handler for memory-mapped I/O */
- memory_region_init_io(&s->mmio_bar, &eepro100_ops, s, "eepro100-mmio",
- PCI_MEM_SIZE);
- pci_register_bar(&s->dev, 0, PCI_BASE_ADDRESS_MEM_PREFETCH, &s->mmio_bar);
- memory_region_init_io(&s->io_bar, &eepro100_ops, s, "eepro100-io",
- PCI_IO_SIZE);
- pci_register_bar(&s->dev, 1, PCI_BASE_ADDRESS_SPACE_IO, &s->io_bar);
- /* FIXME: flash aliases to mmio?! */
- memory_region_init_io(&s->flash_bar, &eepro100_ops, s, "eepro100-flash",
- PCI_FLASH_SIZE);
- pci_register_bar(&s->dev, 2, 0, &s->flash_bar);
-
- qemu_macaddr_default_if_unset(&s->conf.macaddr);
- logout("macaddr: %s\n", nic_dump(&s->conf.macaddr.a[0], 6));
-
- nic_reset(s);
-
- s->nic = qemu_new_nic(&net_eepro100_info, &s->conf,
- object_get_typename(OBJECT(pci_dev)), pci_dev->qdev.id, s);
-
- qemu_format_nic_info_str(&s->nic->nc, s->conf.macaddr.a);
- TRACE(OTHER, logout("%s\n", s->nic->nc.info_str));
-
- qemu_register_reset(nic_reset, s);
-
- s->vmstate = g_malloc(sizeof(vmstate_eepro100));
- memcpy(s->vmstate, &vmstate_eepro100, sizeof(vmstate_eepro100));
- s->vmstate->name = s->nic->nc.model;
- vmstate_register(&pci_dev->qdev, -1, s->vmstate, s);
-
- add_boot_device_path(s->conf.bootindex, &pci_dev->qdev, "/ethernet-phy@0");
-
- return 0;
-}
-
-static E100PCIDeviceInfo e100_devices[] = {
- {
- .name = "i82550",
- .desc = "Intel i82550 Ethernet",
- .device = i82550,
- /* TODO: check device id. */
- .device_id = PCI_DEVICE_ID_INTEL_82551IT,
- /* Revision ID: 0x0c, 0x0d, 0x0e. */
- .revision = 0x0e,
- /* TODO: check size of statistical counters. */
- .stats_size = 80,
- /* TODO: check extended tcb support. */
- .has_extended_tcb_support = true,
- .power_management = true,
- },{
- .name = "i82551",
- .desc = "Intel i82551 Ethernet",
- .device = i82551,
- .device_id = PCI_DEVICE_ID_INTEL_82551IT,
- /* Revision ID: 0x0f, 0x10. */
- .revision = 0x0f,
- /* TODO: check size of statistical counters. */
- .stats_size = 80,
- .has_extended_tcb_support = true,
- .power_management = true,
- },{
- .name = "i82557a",
- .desc = "Intel i82557A Ethernet",
- .device = i82557A,
- .device_id = PCI_DEVICE_ID_INTEL_82557,
- .revision = 0x01,
- .power_management = false,
- },{
- .name = "i82557b",
- .desc = "Intel i82557B Ethernet",
- .device = i82557B,
- .device_id = PCI_DEVICE_ID_INTEL_82557,
- .revision = 0x02,
- .power_management = false,
- },{
- .name = "i82557c",
- .desc = "Intel i82557C Ethernet",
- .device = i82557C,
- .device_id = PCI_DEVICE_ID_INTEL_82557,
- .revision = 0x03,
- .power_management = false,
- },{
- .name = "i82558a",
- .desc = "Intel i82558A Ethernet",
- .device = i82558A,
- .device_id = PCI_DEVICE_ID_INTEL_82557,
- .revision = 0x04,
- .stats_size = 76,
- .has_extended_tcb_support = true,
- .power_management = true,
- },{
- .name = "i82558b",
- .desc = "Intel i82558B Ethernet",
- .device = i82558B,
- .device_id = PCI_DEVICE_ID_INTEL_82557,
- .revision = 0x05,
- .stats_size = 76,
- .has_extended_tcb_support = true,
- .power_management = true,
- },{
- .name = "i82559a",
- .desc = "Intel i82559A Ethernet",
- .device = i82559A,
- .device_id = PCI_DEVICE_ID_INTEL_82557,
- .revision = 0x06,
- .stats_size = 80,
- .has_extended_tcb_support = true,
- .power_management = true,
- },{
- .name = "i82559b",
- .desc = "Intel i82559B Ethernet",
- .device = i82559B,
- .device_id = PCI_DEVICE_ID_INTEL_82557,
- .revision = 0x07,
- .stats_size = 80,
- .has_extended_tcb_support = true,
- .power_management = true,
- },{
- .name = "i82559c",
- .desc = "Intel i82559C Ethernet",
- .device = i82559C,
- .device_id = PCI_DEVICE_ID_INTEL_82557,
-#if 0
- .revision = 0x08,
-#endif
- /* TODO: Windows wants revision id 0x0c. */
- .revision = 0x0c,
-#if EEPROM_SIZE > 0
- .subsystem_vendor_id = PCI_VENDOR_ID_INTEL,
- .subsystem_id = 0x0040,
-#endif
- .stats_size = 80,
- .has_extended_tcb_support = true,
- .power_management = true,
- },{
- .name = "i82559er",
- .desc = "Intel i82559ER Ethernet",
- .device = i82559ER,
- .device_id = PCI_DEVICE_ID_INTEL_82551IT,
- .revision = 0x09,
- .stats_size = 80,
- .has_extended_tcb_support = true,
- .power_management = true,
- },{
- .name = "i82562",
- .desc = "Intel i82562 Ethernet",
- .device = i82562,
- /* TODO: check device id. */
- .device_id = PCI_DEVICE_ID_INTEL_82551IT,
- /* TODO: wrong revision id. */
- .revision = 0x0e,
- .stats_size = 80,
- .has_extended_tcb_support = true,
- .power_management = true,
- },{
- /* Toshiba Tecra 8200. */
- .name = "i82801",
- .desc = "Intel i82801 Ethernet",
- .device = i82801,
- .device_id = 0x2449,
- .revision = 0x03,
- .stats_size = 80,
- .has_extended_tcb_support = true,
- .power_management = true,
- }
-};
-
-static E100PCIDeviceInfo *eepro100_get_class_by_name(const char *typename)
-{
- E100PCIDeviceInfo *info = NULL;
- int i;
-
- /* This is admittedly awkward but also temporary. QOM allows for
- * parameterized typing and for subclassing both of which would suitable
- * handle what's going on here. But class_data is already being used as
- * a stop-gap hack to allow incremental qdev conversion so we cannot use it
- * right now. Once we merge the final QOM series, we can come back here and
- * do this in a much more elegant fashion.
- */
- for (i = 0; i < ARRAY_SIZE(e100_devices); i++) {
- if (strcmp(e100_devices[i].name, typename) == 0) {
- info = &e100_devices[i];
- break;
- }
- }
- assert(info != NULL);
-
- return info;
-}
-
-static E100PCIDeviceInfo *eepro100_get_class(EEPRO100State *s)
-{
- return eepro100_get_class_by_name(object_get_typename(OBJECT(s)));
-}
-
-static Property e100_properties[] = {
- DEFINE_NIC_PROPERTIES(EEPRO100State, conf),
- DEFINE_PROP_END_OF_LIST(),
-};
-
-static void eepro100_class_init(ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS(klass);
- PCIDeviceClass *k = PCI_DEVICE_CLASS(klass);
- E100PCIDeviceInfo *info;
-
- info = eepro100_get_class_by_name(object_class_get_name(klass));
-
- dc->props = e100_properties;
- dc->desc = info->desc;
- k->vendor_id = PCI_VENDOR_ID_INTEL;
- k->class_id = PCI_CLASS_NETWORK_ETHERNET;
- k->romfile = "pxe-eepro100.rom";
- k->init = e100_nic_init;
- k->exit = pci_nic_uninit;
- k->device_id = info->device_id;
- k->revision = info->revision;
- k->subsystem_vendor_id = info->subsystem_vendor_id;
- k->subsystem_id = info->subsystem_id;
-}
-
-static void eepro100_register_types(void)
-{
- size_t i;
- for (i = 0; i < ARRAY_SIZE(e100_devices); i++) {
- TypeInfo type_info = {};
- E100PCIDeviceInfo *info = &e100_devices[i];
-
- type_info.name = info->name;
- type_info.parent = TYPE_PCI_DEVICE;
- type_info.class_init = eepro100_class_init;
- type_info.instance_size = sizeof(EEPRO100State);
-
- type_register(&type_info);
- }
-}
-
-type_init(eepro100_register_types)
diff --git a/hw/eeprom93xx.c b/hw/eeprom93xx.c
deleted file mode 100644
index 4c7158d1a..000000000
--- a/hw/eeprom93xx.c
+++ /dev/null
@@ -1,337 +0,0 @@
-/*
- * QEMU EEPROM 93xx emulation
- *
- * Copyright (c) 2006-2007 Stefan Weil
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, see <http://www.gnu.org/licenses/>.
- */
-
-/* Emulation for serial EEPROMs:
- * NMC93C06 256-Bit (16 x 16)
- * NMC93C46 1024-Bit (64 x 16)
- * NMC93C56 2028 Bit (128 x 16)
- * NMC93C66 4096 Bit (256 x 16)
- * Compatible devices include FM93C46 and others.
- *
- * Other drivers use these interface functions:
- * eeprom93xx_new - add a new EEPROM (with 16, 64 or 256 words)
- * eeprom93xx_free - destroy EEPROM
- * eeprom93xx_read - read data from the EEPROM
- * eeprom93xx_write - write data to the EEPROM
- * eeprom93xx_data - get EEPROM data array for external manipulation
- *
- * Todo list:
- * - No emulation of EEPROM timings.
- */
-
-#include "hw.h"
-#include "eeprom93xx.h"
-
-/* Debug EEPROM emulation. */
-//~ #define DEBUG_EEPROM
-
-#ifdef DEBUG_EEPROM
-#define logout(fmt, ...) fprintf(stderr, "EEPROM\t%-24s" fmt, __func__, ## __VA_ARGS__)
-#else
-#define logout(fmt, ...) ((void)0)
-#endif
-
-#define EEPROM_INSTANCE 0
-#define OLD_EEPROM_VERSION 20061112
-#define EEPROM_VERSION (OLD_EEPROM_VERSION + 1)
-
-#if 0
-typedef enum {
- eeprom_read = 0x80, /* read register xx */
- eeprom_write = 0x40, /* write register xx */
- eeprom_erase = 0xc0, /* erase register xx */
- eeprom_ewen = 0x30, /* erase / write enable */
- eeprom_ewds = 0x00, /* erase / write disable */
- eeprom_eral = 0x20, /* erase all registers */
- eeprom_wral = 0x10, /* write all registers */
- eeprom_amask = 0x0f,
- eeprom_imask = 0xf0
-} eeprom_instruction_t;
-#endif
-
-#ifdef DEBUG_EEPROM
-static const char *opstring[] = {
- "extended", "write", "read", "erase"
-};
-#endif
-
-struct _eeprom_t {
- uint8_t tick;
- uint8_t address;
- uint8_t command;
- uint8_t writable;
-
- uint8_t eecs;
- uint8_t eesk;
- uint8_t eedo;
-
- uint8_t addrbits;
- uint16_t size;
- uint16_t data;
- uint16_t contents[0];
-};
-
-/* Code for saving and restoring of EEPROM state. */
-
-/* Restore an uint16_t from an uint8_t
- This is a Big hack, but it is how the old state did it.
- */
-
-static int get_uint16_from_uint8(QEMUFile *f, void *pv, size_t size)
-{
- uint16_t *v = pv;
- *v = qemu_get_ubyte(f);
- return 0;
-}
-
-static void put_unused(QEMUFile *f, void *pv, size_t size)
-{
- fprintf(stderr, "uint16_from_uint8 is used only for backwards compatibility.\n");
- fprintf(stderr, "Never should be used to write a new state.\n");
- exit(0);
-}
-
-static const VMStateInfo vmstate_hack_uint16_from_uint8 = {
- .name = "uint16_from_uint8",
- .get = get_uint16_from_uint8,
- .put = put_unused,
-};
-
-#define VMSTATE_UINT16_HACK_TEST(_f, _s, _t) \
- VMSTATE_SINGLE_TEST(_f, _s, _t, 0, vmstate_hack_uint16_from_uint8, uint16_t)
-
-static bool is_old_eeprom_version(void *opaque, int version_id)
-{
- return version_id == OLD_EEPROM_VERSION;
-}
-
-static const VMStateDescription vmstate_eeprom = {
- .name = "eeprom",
- .version_id = EEPROM_VERSION,
- .minimum_version_id = OLD_EEPROM_VERSION,
- .minimum_version_id_old = OLD_EEPROM_VERSION,
- .fields = (VMStateField []) {
- VMSTATE_UINT8(tick, eeprom_t),
- VMSTATE_UINT8(address, eeprom_t),
- VMSTATE_UINT8(command, eeprom_t),
- VMSTATE_UINT8(writable, eeprom_t),
-
- VMSTATE_UINT8(eecs, eeprom_t),
- VMSTATE_UINT8(eesk, eeprom_t),
- VMSTATE_UINT8(eedo, eeprom_t),
-
- VMSTATE_UINT8(addrbits, eeprom_t),
- VMSTATE_UINT16_HACK_TEST(size, eeprom_t, is_old_eeprom_version),
- VMSTATE_UNUSED_TEST(is_old_eeprom_version, 1),
- VMSTATE_UINT16_EQUAL_V(size, eeprom_t, EEPROM_VERSION),
- VMSTATE_UINT16(data, eeprom_t),
- VMSTATE_VARRAY_UINT16_UNSAFE(contents, eeprom_t, size, 0,
- vmstate_info_uint16, uint16_t),
- VMSTATE_END_OF_LIST()
- }
-};
-
-void eeprom93xx_write(eeprom_t *eeprom, int eecs, int eesk, int eedi)
-{
- uint8_t tick = eeprom->tick;
- uint8_t eedo = eeprom->eedo;
- uint16_t address = eeprom->address;
- uint8_t command = eeprom->command;
-
- logout("CS=%u SK=%u DI=%u DO=%u, tick = %u\n",
- eecs, eesk, eedi, eedo, tick);
-
- if (! eeprom->eecs && eecs) {
- /* Start chip select cycle. */
- logout("Cycle start, waiting for 1st start bit (0)\n");
- tick = 0;
- command = 0x0;
- address = 0x0;
- } else if (eeprom->eecs && ! eecs) {
- /* End chip select cycle. This triggers write / erase. */
- if (eeprom->writable) {
- uint8_t subcommand = address >> (eeprom->addrbits - 2);
- if (command == 0 && subcommand == 2) {
- /* Erase all. */
- for (address = 0; address < eeprom->size; address++) {
- eeprom->contents[address] = 0xffff;
- }
- } else if (command == 3) {
- /* Erase word. */
- eeprom->contents[address] = 0xffff;
- } else if (tick >= 2 + 2 + eeprom->addrbits + 16) {
- if (command == 1) {
- /* Write word. */
- eeprom->contents[address] &= eeprom->data;
- } else if (command == 0 && subcommand == 1) {
- /* Write all. */
- for (address = 0; address < eeprom->size; address++) {
- eeprom->contents[address] &= eeprom->data;
- }
- }
- }
- }
- /* Output DO is tristate, read results in 1. */
- eedo = 1;
- } else if (eecs && ! eeprom->eesk && eesk) {
- /* Raising edge of clock shifts data in. */
- if (tick == 0) {
- /* Wait for 1st start bit. */
- if (eedi == 0) {
- logout("Got correct 1st start bit, waiting for 2nd start bit (1)\n");
- tick++;
- } else {
- logout("wrong 1st start bit (is 1, should be 0)\n");
- tick = 2;
- //~ assert(!"wrong start bit");
- }
- } else if (tick == 1) {
- /* Wait for 2nd start bit. */
- if (eedi != 0) {
- logout("Got correct 2nd start bit, getting command + address\n");
- tick++;
- } else {
- logout("1st start bit is longer than needed\n");
- }
- } else if (tick < 2 + 2) {
- /* Got 2 start bits, transfer 2 opcode bits. */
- tick++;
- command <<= 1;
- if (eedi) {
- command += 1;
- }
- } else if (tick < 2 + 2 + eeprom->addrbits) {
- /* Got 2 start bits and 2 opcode bits, transfer all address bits. */
- tick++;
- address = ((address << 1) | eedi);
- if (tick == 2 + 2 + eeprom->addrbits) {
- logout("%s command, address = 0x%02x (value 0x%04x)\n",
- opstring[command], address, eeprom->contents[address]);
- if (command == 2) {
- eedo = 0;
- }
- address = address % eeprom->size;
- if (command == 0) {
- /* Command code in upper 2 bits of address. */
- switch (address >> (eeprom->addrbits - 2)) {
- case 0:
- logout("write disable command\n");
- eeprom->writable = 0;
- break;
- case 1:
- logout("write all command\n");
- break;
- case 2:
- logout("erase all command\n");
- break;
- case 3:
- logout("write enable command\n");
- eeprom->writable = 1;
- break;
- }
- } else {
- /* Read, write or erase word. */
- eeprom->data = eeprom->contents[address];
- }
- }
- } else if (tick < 2 + 2 + eeprom->addrbits + 16) {
- /* Transfer 16 data bits. */
- tick++;
- if (command == 2) {
- /* Read word. */
- eedo = ((eeprom->data & 0x8000) != 0);
- }
- eeprom->data <<= 1;
- eeprom->data += eedi;
- } else {
- logout("additional unneeded tick, not processed\n");
- }
- }
- /* Save status of EEPROM. */
- eeprom->tick = tick;
- eeprom->eecs = eecs;
- eeprom->eesk = eesk;
- eeprom->eedo = eedo;
- eeprom->address = address;
- eeprom->command = command;
-}
-
-uint16_t eeprom93xx_read(eeprom_t *eeprom)
-{
- /* Return status of pin DO (0 or 1). */
- logout("CS=%u DO=%u\n", eeprom->eecs, eeprom->eedo);
- return (eeprom->eedo);
-}
-
-#if 0
-void eeprom93xx_reset(eeprom_t *eeprom)
-{
- /* prepare eeprom */
- logout("eeprom = 0x%p\n", eeprom);
- eeprom->tick = 0;
- eeprom->command = 0;
-}
-#endif
-
-eeprom_t *eeprom93xx_new(DeviceState *dev, uint16_t nwords)
-{
- /* Add a new EEPROM (with 16, 64 or 256 words). */
- eeprom_t *eeprom;
- uint8_t addrbits;
-
- switch (nwords) {
- case 16:
- case 64:
- addrbits = 6;
- break;
- case 128:
- case 256:
- addrbits = 8;
- break;
- default:
- assert(!"Unsupported EEPROM size, fallback to 64 words!");
- nwords = 64;
- addrbits = 6;
- }
-
- eeprom = (eeprom_t *)g_malloc0(sizeof(*eeprom) + nwords * 2);
- eeprom->size = nwords;
- eeprom->addrbits = addrbits;
- /* Output DO is tristate, read results in 1. */
- eeprom->eedo = 1;
- logout("eeprom = 0x%p, nwords = %u\n", eeprom, nwords);
- vmstate_register(dev, 0, &vmstate_eeprom, eeprom);
- return eeprom;
-}
-
-void eeprom93xx_free(DeviceState *dev, eeprom_t *eeprom)
-{
- /* Destroy EEPROM. */
- logout("eeprom = 0x%p\n", eeprom);
- vmstate_unregister(dev, &vmstate_eeprom, eeprom);
- g_free(eeprom);
-}
-
-uint16_t *eeprom93xx_data(eeprom_t *eeprom)
-{
- /* Get EEPROM data array. */
- return &eeprom->contents[0];
-}
-
-/* eof */
diff --git a/hw/eeprom93xx.h b/hw/eeprom93xx.h
deleted file mode 100644
index 8ba0e287f..000000000
--- a/hw/eeprom93xx.h
+++ /dev/null
@@ -1,40 +0,0 @@
-/*
- * QEMU EEPROM 93xx emulation
- *
- * Copyright (c) 2006-2007 Stefan Weil
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, see <http://www.gnu.org/licenses/>.
- */
-
-#ifndef EEPROM93XX_H
-#define EEPROM93XX_H
-
-typedef struct _eeprom_t eeprom_t;
-
-/* Create a new EEPROM with (nwords * 2) bytes. */
-eeprom_t *eeprom93xx_new(DeviceState *dev, uint16_t nwords);
-
-/* Destroy an existing EEPROM. */
-void eeprom93xx_free(DeviceState *dev, eeprom_t *eeprom);
-
-/* Read from the EEPROM. */
-uint16_t eeprom93xx_read(eeprom_t *eeprom);
-
-/* Write to the EEPROM. */
-void eeprom93xx_write(eeprom_t *eeprom, int eecs, int eesk, int eedi);
-
-/* Get EEPROM data array. */
-uint16_t *eeprom93xx_data(eeprom_t *eeprom);
-
-#endif /* EEPROM93XX_H */
diff --git a/hw/elf_ops.h b/hw/elf_ops.h
deleted file mode 100644
index 531a42553..000000000
--- a/hw/elf_ops.h
+++ /dev/null
@@ -1,306 +0,0 @@
-static void glue(bswap_ehdr, SZ)(struct elfhdr *ehdr)
-{
- bswap16s(&ehdr->e_type); /* Object file type */
- bswap16s(&ehdr->e_machine); /* Architecture */
- bswap32s(&ehdr->e_version); /* Object file version */
- bswapSZs(&ehdr->e_entry); /* Entry point virtual address */
- bswapSZs(&ehdr->e_phoff); /* Program header table file offset */
- bswapSZs(&ehdr->e_shoff); /* Section header table file offset */
- bswap32s(&ehdr->e_flags); /* Processor-specific flags */
- bswap16s(&ehdr->e_ehsize); /* ELF header size in bytes */
- bswap16s(&ehdr->e_phentsize); /* Program header table entry size */
- bswap16s(&ehdr->e_phnum); /* Program header table entry count */
- bswap16s(&ehdr->e_shentsize); /* Section header table entry size */
- bswap16s(&ehdr->e_shnum); /* Section header table entry count */
- bswap16s(&ehdr->e_shstrndx); /* Section header string table index */
-}
-
-static void glue(bswap_phdr, SZ)(struct elf_phdr *phdr)
-{
- bswap32s(&phdr->p_type); /* Segment type */
- bswapSZs(&phdr->p_offset); /* Segment file offset */
- bswapSZs(&phdr->p_vaddr); /* Segment virtual address */
- bswapSZs(&phdr->p_paddr); /* Segment physical address */
- bswapSZs(&phdr->p_filesz); /* Segment size in file */
- bswapSZs(&phdr->p_memsz); /* Segment size in memory */
- bswap32s(&phdr->p_flags); /* Segment flags */
- bswapSZs(&phdr->p_align); /* Segment alignment */
-}
-
-static void glue(bswap_shdr, SZ)(struct elf_shdr *shdr)
-{
- bswap32s(&shdr->sh_name);
- bswap32s(&shdr->sh_type);
- bswapSZs(&shdr->sh_flags);
- bswapSZs(&shdr->sh_addr);
- bswapSZs(&shdr->sh_offset);
- bswapSZs(&shdr->sh_size);
- bswap32s(&shdr->sh_link);
- bswap32s(&shdr->sh_info);
- bswapSZs(&shdr->sh_addralign);
- bswapSZs(&shdr->sh_entsize);
-}
-
-static void glue(bswap_sym, SZ)(struct elf_sym *sym)
-{
- bswap32s(&sym->st_name);
- bswapSZs(&sym->st_value);
- bswapSZs(&sym->st_size);
- bswap16s(&sym->st_shndx);
-}
-
-static struct elf_shdr *glue(find_section, SZ)(struct elf_shdr *shdr_table,
- int n, int type)
-{
- int i;
- for(i=0;i<n;i++) {
- if (shdr_table[i].sh_type == type)
- return shdr_table + i;
- }
- return NULL;
-}
-
-static int glue(symfind, SZ)(const void *s0, const void *s1)
-{
- hwaddr addr = *(hwaddr *)s0;
- struct elf_sym *sym = (struct elf_sym *)s1;
- int result = 0;
- if (addr < sym->st_value) {
- result = -1;
- } else if (addr >= sym->st_value + sym->st_size) {
- result = 1;
- }
- return result;
-}
-
-static const char *glue(lookup_symbol, SZ)(struct syminfo *s,
- hwaddr orig_addr)
-{
- struct elf_sym *syms = glue(s->disas_symtab.elf, SZ);
- struct elf_sym *sym;
-
- sym = bsearch(&orig_addr, syms, s->disas_num_syms, sizeof(*syms),
- glue(symfind, SZ));
- if (sym != NULL) {
- return s->disas_strtab + sym->st_name;
- }
-
- return "";
-}
-
-static int glue(symcmp, SZ)(const void *s0, const void *s1)
-{
- struct elf_sym *sym0 = (struct elf_sym *)s0;
- struct elf_sym *sym1 = (struct elf_sym *)s1;
- return (sym0->st_value < sym1->st_value)
- ? -1
- : ((sym0->st_value > sym1->st_value) ? 1 : 0);
-}
-
-static int glue(load_symbols, SZ)(struct elfhdr *ehdr, int fd, int must_swab,
- int clear_lsb)
-{
- struct elf_shdr *symtab, *strtab, *shdr_table = NULL;
- struct elf_sym *syms = NULL;
- struct syminfo *s;
- int nsyms, i;
- char *str = NULL;
-
- shdr_table = load_at(fd, ehdr->e_shoff,
- sizeof(struct elf_shdr) * ehdr->e_shnum);
- if (!shdr_table)
- return -1;
-
- if (must_swab) {
- for (i = 0; i < ehdr->e_shnum; i++) {
- glue(bswap_shdr, SZ)(shdr_table + i);
- }
- }
-
- symtab = glue(find_section, SZ)(shdr_table, ehdr->e_shnum, SHT_SYMTAB);
- if (!symtab)
- goto fail;
- syms = load_at(fd, symtab->sh_offset, symtab->sh_size);
- if (!syms)
- goto fail;
-
- nsyms = symtab->sh_size / sizeof(struct elf_sym);
-
- i = 0;
- while (i < nsyms) {
- if (must_swab)
- glue(bswap_sym, SZ)(&syms[i]);
- /* We are only interested in function symbols.
- Throw everything else away. */
- if (syms[i].st_shndx == SHN_UNDEF ||
- syms[i].st_shndx >= SHN_LORESERVE ||
- ELF_ST_TYPE(syms[i].st_info) != STT_FUNC) {
- nsyms--;
- if (i < nsyms) {
- syms[i] = syms[nsyms];
- }
- continue;
- }
- if (clear_lsb) {
- /* The bottom address bit marks a Thumb or MIPS16 symbol. */
- syms[i].st_value &= ~(glue(glue(Elf, SZ), _Addr))1;
- }
- i++;
- }
- if (nsyms) {
- syms = g_realloc(syms, nsyms * sizeof(*syms));
-
- qsort(syms, nsyms, sizeof(*syms), glue(symcmp, SZ));
- for (i = 0; i < nsyms - 1; i++) {
- if (syms[i].st_size == 0) {
- syms[i].st_size = syms[i + 1].st_value - syms[i].st_value;
- }
- }
- } else {
- g_free(syms);
- syms = NULL;
- }
-
- /* String table */
- if (symtab->sh_link >= ehdr->e_shnum)
- goto fail;
- strtab = &shdr_table[symtab->sh_link];
-
- str = load_at(fd, strtab->sh_offset, strtab->sh_size);
- if (!str)
- goto fail;
-
- /* Commit */
- s = g_malloc0(sizeof(*s));
- s->lookup_symbol = glue(lookup_symbol, SZ);
- glue(s->disas_symtab.elf, SZ) = syms;
- s->disas_num_syms = nsyms;
- s->disas_strtab = str;
- s->next = syminfos;
- syminfos = s;
- g_free(shdr_table);
- return 0;
- fail:
- g_free(syms);
- g_free(str);
- g_free(shdr_table);
- return -1;
-}
-
-static int glue(load_elf, SZ)(const char *name, int fd,
- uint64_t (*translate_fn)(void *, uint64_t),
- void *translate_opaque,
- int must_swab, uint64_t *pentry,
- uint64_t *lowaddr, uint64_t *highaddr,
- int elf_machine, int clear_lsb)
-{
- struct elfhdr ehdr;
- struct elf_phdr *phdr = NULL, *ph;
- int size, i, total_size;
- elf_word mem_size;
- uint64_t addr, low = (uint64_t)-1, high = 0;
- uint8_t *data = NULL;
- char label[128];
-
- if (read(fd, &ehdr, sizeof(ehdr)) != sizeof(ehdr))
- goto fail;
- if (must_swab) {
- glue(bswap_ehdr, SZ)(&ehdr);
- }
-
- switch (elf_machine) {
- case EM_PPC64:
- if (EM_PPC64 != ehdr.e_machine)
- if (EM_PPC != ehdr.e_machine)
- goto fail;
- break;
- case EM_X86_64:
- if (EM_X86_64 != ehdr.e_machine)
- if (EM_386 != ehdr.e_machine)
- goto fail;
- break;
- case EM_MICROBLAZE:
- if (EM_MICROBLAZE != ehdr.e_machine)
- if (EM_MICROBLAZE_OLD != ehdr.e_machine)
- goto fail;
- break;
- default:
- if (elf_machine != ehdr.e_machine)
- goto fail;
- }
-
- if (pentry)
- *pentry = (uint64_t)(elf_sword)ehdr.e_entry;
-
- glue(load_symbols, SZ)(&ehdr, fd, must_swab, clear_lsb);
-
- size = ehdr.e_phnum * sizeof(phdr[0]);
- lseek(fd, ehdr.e_phoff, SEEK_SET);
- phdr = g_malloc0(size);
- if (!phdr)
- goto fail;
- if (read(fd, phdr, size) != size)
- goto fail;
- if (must_swab) {
- for(i = 0; i < ehdr.e_phnum; i++) {
- ph = &phdr[i];
- glue(bswap_phdr, SZ)(ph);
- }
- }
-
- total_size = 0;
- for(i = 0; i < ehdr.e_phnum; i++) {
- ph = &phdr[i];
- if (ph->p_type == PT_LOAD) {
- mem_size = ph->p_memsz;
- /* XXX: avoid allocating */
- data = g_malloc0(mem_size);
- if (ph->p_filesz > 0) {
- if (lseek(fd, ph->p_offset, SEEK_SET) < 0)
- goto fail;
- if (read(fd, data, ph->p_filesz) != ph->p_filesz)
- goto fail;
- }
- /* address_offset is hack for kernel images that are
- linked at the wrong physical address. */
- if (translate_fn) {
- addr = translate_fn(translate_opaque, ph->p_paddr);
- } else {
- addr = ph->p_paddr;
- }
-
- /* the entry pointer in the ELF header is a virtual
- * address, if the text segments paddr and vaddr differ
- * we need to adjust the entry */
- if (pentry && !translate_fn &&
- ph->p_vaddr != ph->p_paddr &&
- ehdr.e_entry >= ph->p_vaddr &&
- ehdr.e_entry < ph->p_vaddr + ph->p_filesz &&
- ph->p_flags & PF_X) {
- *pentry = ehdr.e_entry - ph->p_vaddr + ph->p_paddr;
- }
-
- snprintf(label, sizeof(label), "phdr #%d: %s", i, name);
- rom_add_blob_fixed(label, data, mem_size, addr);
-
- total_size += mem_size;
- if (addr < low)
- low = addr;
- if ((addr + mem_size) > high)
- high = addr + mem_size;
-
- g_free(data);
- data = NULL;
- }
- }
- g_free(phdr);
- if (lowaddr)
- *lowaddr = (uint64_t)(elf_sword)low;
- if (highaddr)
- *highaddr = (uint64_t)(elf_sword)high;
- return total_size;
- fail:
- g_free(data);
- g_free(phdr);
- return -1;
-}
diff --git a/hw/empty_slot.c b/hw/empty_slot.c
deleted file mode 100644
index 23978eb14..000000000
--- a/hw/empty_slot.c
+++ /dev/null
@@ -1,98 +0,0 @@
-/*
- * QEMU Empty Slot
- *
- * The empty_slot device emulates known to a bus but not connected devices.
- *
- * Copyright (c) 2010 Artyom Tarasenko
- *
- * This code is licensed under the GNU GPL v2 or (at your option) any later
- * version.
- */
-
-#include "hw.h"
-#include "sysbus.h"
-#include "empty_slot.h"
-
-//#define DEBUG_EMPTY_SLOT
-
-#ifdef DEBUG_EMPTY_SLOT
-#define DPRINTF(fmt, ...) \
- do { printf("empty_slot: " fmt , ## __VA_ARGS__); } while (0)
-#else
-#define DPRINTF(fmt, ...) do {} while (0)
-#endif
-
-typedef struct EmptySlot {
- SysBusDevice busdev;
- MemoryRegion iomem;
- uint64_t size;
-} EmptySlot;
-
-static uint64_t empty_slot_read(void *opaque, hwaddr addr,
- unsigned size)
-{
- DPRINTF("read from " TARGET_FMT_plx "\n", addr);
- return 0;
-}
-
-static void empty_slot_write(void *opaque, hwaddr addr,
- uint64_t val, unsigned size)
-{
- DPRINTF("write 0x%x to " TARGET_FMT_plx "\n", (unsigned)val, addr);
-}
-
-static const MemoryRegionOps empty_slot_ops = {
- .read = empty_slot_read,
- .write = empty_slot_write,
- .endianness = DEVICE_NATIVE_ENDIAN,
-};
-
-void empty_slot_init(hwaddr addr, uint64_t slot_size)
-{
- if (slot_size > 0) {
- /* Only empty slots larger than 0 byte need handling. */
- DeviceState *dev;
- SysBusDevice *s;
- EmptySlot *e;
-
- dev = qdev_create(NULL, "empty_slot");
- s = sysbus_from_qdev(dev);
- e = FROM_SYSBUS(EmptySlot, s);
- e->size = slot_size;
-
- qdev_init_nofail(dev);
-
- sysbus_mmio_map(s, 0, addr);
- }
-}
-
-static int empty_slot_init1(SysBusDevice *dev)
-{
- EmptySlot *s = FROM_SYSBUS(EmptySlot, dev);
-
- memory_region_init_io(&s->iomem, &empty_slot_ops, s,
- "empty-slot", s->size);
- sysbus_init_mmio(dev, &s->iomem);
- return 0;
-}
-
-static void empty_slot_class_init(ObjectClass *klass, void *data)
-{
- SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
-
- k->init = empty_slot_init1;
-}
-
-static TypeInfo empty_slot_info = {
- .name = "empty_slot",
- .parent = TYPE_SYS_BUS_DEVICE,
- .instance_size = sizeof(EmptySlot),
- .class_init = empty_slot_class_init,
-};
-
-static void empty_slot_register_types(void)
-{
- type_register_static(&empty_slot_info);
-}
-
-type_init(empty_slot_register_types)
diff --git a/hw/empty_slot.h b/hw/empty_slot.h
deleted file mode 100644
index 4e9e46048..000000000
--- a/hw/empty_slot.h
+++ /dev/null
@@ -1,2 +0,0 @@
-/* empty_slot.c */
-void empty_slot_init(hwaddr addr, uint64_t slot_size);
diff --git a/hw/es1370.c b/hw/es1370.c
deleted file mode 100644
index e0c9729dc..000000000
--- a/hw/es1370.c
+++ /dev/null
@@ -1,1089 +0,0 @@
-/*
- * QEMU ES1370 emulation
- *
- * Copyright (c) 2005 Vassili Karpov (malc)
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
- * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
- * THE SOFTWARE.
- */
-
-/* #define DEBUG_ES1370 */
-/* #define VERBOSE_ES1370 */
-#define SILENT_ES1370
-
-#include "hw.h"
-#include "audiodev.h"
-#include "audio/audio.h"
-#include "pci.h"
-#include "dma.h"
-
-/* Missing stuff:
- SCTRL_P[12](END|ST)INC
- SCTRL_P1SCTRLD
- SCTRL_P2DACSEN
- CTRL_DAC_SYNC
- MIDI
- non looped mode
- surely more
-*/
-
-/*
- Following macros and samplerate array were copied verbatim from
- Linux kernel 2.4.30: drivers/sound/es1370.c
-
- Copyright (C) 1998-2001, 2003 Thomas Sailer (t.sailer@alumni.ethz.ch)
-*/
-
-/* Start blatant GPL violation */
-
-#define ES1370_REG_CONTROL 0x00
-#define ES1370_REG_STATUS 0x04
-#define ES1370_REG_UART_DATA 0x08
-#define ES1370_REG_UART_STATUS 0x09
-#define ES1370_REG_UART_CONTROL 0x09
-#define ES1370_REG_UART_TEST 0x0a
-#define ES1370_REG_MEMPAGE 0x0c
-#define ES1370_REG_CODEC 0x10
-#define ES1370_REG_SERIAL_CONTROL 0x20
-#define ES1370_REG_DAC1_SCOUNT 0x24
-#define ES1370_REG_DAC2_SCOUNT 0x28
-#define ES1370_REG_ADC_SCOUNT 0x2c
-
-#define ES1370_REG_DAC1_FRAMEADR 0xc30
-#define ES1370_REG_DAC1_FRAMECNT 0xc34
-#define ES1370_REG_DAC2_FRAMEADR 0xc38
-#define ES1370_REG_DAC2_FRAMECNT 0xc3c
-#define ES1370_REG_ADC_FRAMEADR 0xd30
-#define ES1370_REG_ADC_FRAMECNT 0xd34
-#define ES1370_REG_PHANTOM_FRAMEADR 0xd38
-#define ES1370_REG_PHANTOM_FRAMECNT 0xd3c
-
-static const unsigned dac1_samplerate[] = { 5512, 11025, 22050, 44100 };
-
-#define DAC2_SRTODIV(x) (((1411200+(x)/2)/(x))-2)
-#define DAC2_DIVTOSR(x) (1411200/((x)+2))
-
-#define CTRL_ADC_STOP 0x80000000 /* 1 = ADC stopped */
-#define CTRL_XCTL1 0x40000000 /* electret mic bias */
-#define CTRL_OPEN 0x20000000 /* no function, can be read and written */
-#define CTRL_PCLKDIV 0x1fff0000 /* ADC/DAC2 clock divider */
-#define CTRL_SH_PCLKDIV 16
-#define CTRL_MSFMTSEL 0x00008000 /* MPEG serial data fmt: 0 = Sony, 1 = I2S */
-#define CTRL_M_SBB 0x00004000 /* DAC2 clock: 0 = PCLKDIV, 1 = MPEG */
-#define CTRL_WTSRSEL 0x00003000 /* DAC1 clock freq: 0=5512, 1=11025, 2=22050, 3=44100 */
-#define CTRL_SH_WTSRSEL 12
-#define CTRL_DAC_SYNC 0x00000800 /* 1 = DAC2 runs off DAC1 clock */
-#define CTRL_CCB_INTRM 0x00000400 /* 1 = CCB "voice" ints enabled */
-#define CTRL_M_CB 0x00000200 /* recording source: 0 = ADC, 1 = MPEG */
-#define CTRL_XCTL0 0x00000100 /* 0 = Line in, 1 = Line out */
-#define CTRL_BREQ 0x00000080 /* 1 = test mode (internal mem test) */
-#define CTRL_DAC1_EN 0x00000040 /* enable DAC1 */
-#define CTRL_DAC2_EN 0x00000020 /* enable DAC2 */
-#define CTRL_ADC_EN 0x00000010 /* enable ADC */
-#define CTRL_UART_EN 0x00000008 /* enable MIDI uart */
-#define CTRL_JYSTK_EN 0x00000004 /* enable Joystick port (presumably at address 0x200) */
-#define CTRL_CDC_EN 0x00000002 /* enable serial (CODEC) interface */
-#define CTRL_SERR_DIS 0x00000001 /* 1 = disable PCI SERR signal */
-
-#define STAT_INTR 0x80000000 /* wired or of all interrupt bits */
-#define STAT_CSTAT 0x00000400 /* 1 = codec busy or codec write in progress */
-#define STAT_CBUSY 0x00000200 /* 1 = codec busy */
-#define STAT_CWRIP 0x00000100 /* 1 = codec write in progress */
-#define STAT_VC 0x00000060 /* CCB int source, 0=DAC1, 1=DAC2, 2=ADC, 3=undef */
-#define STAT_SH_VC 5
-#define STAT_MCCB 0x00000010 /* CCB int pending */
-#define STAT_UART 0x00000008 /* UART int pending */
-#define STAT_DAC1 0x00000004 /* DAC1 int pending */
-#define STAT_DAC2 0x00000002 /* DAC2 int pending */
-#define STAT_ADC 0x00000001 /* ADC int pending */
-
-#define USTAT_RXINT 0x80 /* UART rx int pending */
-#define USTAT_TXINT 0x04 /* UART tx int pending */
-#define USTAT_TXRDY 0x02 /* UART tx ready */
-#define USTAT_RXRDY 0x01 /* UART rx ready */
-
-#define UCTRL_RXINTEN 0x80 /* 1 = enable RX ints */
-#define UCTRL_TXINTEN 0x60 /* TX int enable field mask */
-#define UCTRL_ENA_TXINT 0x20 /* enable TX int */
-#define UCTRL_CNTRL 0x03 /* control field */
-#define UCTRL_CNTRL_SWR 0x03 /* software reset command */
-
-#define SCTRL_P2ENDINC 0x00380000 /* */
-#define SCTRL_SH_P2ENDINC 19
-#define SCTRL_P2STINC 0x00070000 /* */
-#define SCTRL_SH_P2STINC 16
-#define SCTRL_R1LOOPSEL 0x00008000 /* 0 = loop mode */
-#define SCTRL_P2LOOPSEL 0x00004000 /* 0 = loop mode */
-#define SCTRL_P1LOOPSEL 0x00002000 /* 0 = loop mode */
-#define SCTRL_P2PAUSE 0x00001000 /* 1 = pause mode */
-#define SCTRL_P1PAUSE 0x00000800 /* 1 = pause mode */
-#define SCTRL_R1INTEN 0x00000400 /* enable interrupt */
-#define SCTRL_P2INTEN 0x00000200 /* enable interrupt */
-#define SCTRL_P1INTEN 0x00000100 /* enable interrupt */
-#define SCTRL_P1SCTRLD 0x00000080 /* reload sample count register for DAC1 */
-#define SCTRL_P2DACSEN 0x00000040 /* 1 = DAC2 play back last sample when disabled */
-#define SCTRL_R1SEB 0x00000020 /* 1 = 16bit */
-#define SCTRL_R1SMB 0x00000010 /* 1 = stereo */
-#define SCTRL_R1FMT 0x00000030 /* format mask */
-#define SCTRL_SH_R1FMT 4
-#define SCTRL_P2SEB 0x00000008 /* 1 = 16bit */
-#define SCTRL_P2SMB 0x00000004 /* 1 = stereo */
-#define SCTRL_P2FMT 0x0000000c /* format mask */
-#define SCTRL_SH_P2FMT 2
-#define SCTRL_P1SEB 0x00000002 /* 1 = 16bit */
-#define SCTRL_P1SMB 0x00000001 /* 1 = stereo */
-#define SCTRL_P1FMT 0x00000003 /* format mask */
-#define SCTRL_SH_P1FMT 0
-
-/* End blatant GPL violation */
-
-#define NB_CHANNELS 3
-#define DAC1_CHANNEL 0
-#define DAC2_CHANNEL 1
-#define ADC_CHANNEL 2
-
-#define IO_READ_PROTO(n) \
-static uint32_t n (void *opaque, uint32_t addr)
-#define IO_WRITE_PROTO(n) \
-static void n (void *opaque, uint32_t addr, uint32_t val)
-
-static void es1370_dac1_callback (void *opaque, int free);
-static void es1370_dac2_callback (void *opaque, int free);
-static void es1370_adc_callback (void *opaque, int avail);
-
-#ifdef DEBUG_ES1370
-
-#define ldebug(...) AUD_log ("es1370", __VA_ARGS__)
-
-static void print_ctl (uint32_t val)
-{
- char buf[1024];
-
- buf[0] = '\0';
-#define a(n) if (val & CTRL_##n) strcat (buf, " "#n)
- a (ADC_STOP);
- a (XCTL1);
- a (OPEN);
- a (MSFMTSEL);
- a (M_SBB);
- a (DAC_SYNC);
- a (CCB_INTRM);
- a (M_CB);
- a (XCTL0);
- a (BREQ);
- a (DAC1_EN);
- a (DAC2_EN);
- a (ADC_EN);
- a (UART_EN);
- a (JYSTK_EN);
- a (CDC_EN);
- a (SERR_DIS);
-#undef a
- AUD_log ("es1370", "ctl - PCLKDIV %d(DAC2 freq %d), freq %d,%s\n",
- (val & CTRL_PCLKDIV) >> CTRL_SH_PCLKDIV,
- DAC2_DIVTOSR ((val & CTRL_PCLKDIV) >> CTRL_SH_PCLKDIV),
- dac1_samplerate[(val & CTRL_WTSRSEL) >> CTRL_SH_WTSRSEL],
- buf);
-}
-
-static void print_sctl (uint32_t val)
-{
- static const char *fmt_names[] = {"8M", "8S", "16M", "16S"};
- char buf[1024];
-
- buf[0] = '\0';
-
-#define a(n) if (val & SCTRL_##n) strcat (buf, " "#n)
-#define b(n) if (!(val & SCTRL_##n)) strcat (buf, " "#n)
- b (R1LOOPSEL);
- b (P2LOOPSEL);
- b (P1LOOPSEL);
- a (P2PAUSE);
- a (P1PAUSE);
- a (R1INTEN);
- a (P2INTEN);
- a (P1INTEN);
- a (P1SCTRLD);
- a (P2DACSEN);
- if (buf[0]) {
- strcat (buf, "\n ");
- }
- else {
- buf[0] = ' ';
- buf[1] = '\0';
- }
-#undef b
-#undef a
- AUD_log ("es1370",
- "%s"
- "p2_end_inc %d, p2_st_inc %d, r1_fmt %s, p2_fmt %s, p1_fmt %s\n",
- buf,
- (val & SCTRL_P2ENDINC) >> SCTRL_SH_P2ENDINC,
- (val & SCTRL_P2STINC) >> SCTRL_SH_P2STINC,
- fmt_names [(val >> SCTRL_SH_R1FMT) & 3],
- fmt_names [(val >> SCTRL_SH_P2FMT) & 3],
- fmt_names [(val >> SCTRL_SH_P1FMT) & 3]
- );
-}
-#else
-#define ldebug(...)
-#define print_ctl(...)
-#define print_sctl(...)
-#endif
-
-#ifdef VERBOSE_ES1370
-#define dolog(...) AUD_log ("es1370", __VA_ARGS__)
-#else
-#define dolog(...)
-#endif
-
-#ifndef SILENT_ES1370
-#define lwarn(...) AUD_log ("es1370: warning", __VA_ARGS__)
-#else
-#define lwarn(...)
-#endif
-
-struct chan {
- uint32_t shift;
- uint32_t leftover;
- uint32_t scount;
- uint32_t frame_addr;
- uint32_t frame_cnt;
-};
-
-typedef struct ES1370State {
- PCIDevice dev;
- QEMUSoundCard card;
- MemoryRegion io;
- struct chan chan[NB_CHANNELS];
- SWVoiceOut *dac_voice[2];
- SWVoiceIn *adc_voice;
-
- uint32_t ctl;
- uint32_t status;
- uint32_t mempage;
- uint32_t codec;
- uint32_t sctl;
-} ES1370State;
-
-struct chan_bits {
- uint32_t ctl_en;
- uint32_t stat_int;
- uint32_t sctl_pause;
- uint32_t sctl_inten;
- uint32_t sctl_fmt;
- uint32_t sctl_sh_fmt;
- uint32_t sctl_loopsel;
- void (*calc_freq) (ES1370State *s, uint32_t ctl,
- uint32_t *old_freq, uint32_t *new_freq);
-};
-
-static void es1370_dac1_calc_freq (ES1370State *s, uint32_t ctl,
- uint32_t *old_freq, uint32_t *new_freq);
-static void es1370_dac2_and_adc_calc_freq (ES1370State *s, uint32_t ctl,
- uint32_t *old_freq,
- uint32_t *new_freq);
-
-static const struct chan_bits es1370_chan_bits[] = {
- {CTRL_DAC1_EN, STAT_DAC1, SCTRL_P1PAUSE, SCTRL_P1INTEN,
- SCTRL_P1FMT, SCTRL_SH_P1FMT, SCTRL_P1LOOPSEL,
- es1370_dac1_calc_freq},
-
- {CTRL_DAC2_EN, STAT_DAC2, SCTRL_P2PAUSE, SCTRL_P2INTEN,
- SCTRL_P2FMT, SCTRL_SH_P2FMT, SCTRL_P2LOOPSEL,
- es1370_dac2_and_adc_calc_freq},
-
- {CTRL_ADC_EN, STAT_ADC, 0, SCTRL_R1INTEN,
- SCTRL_R1FMT, SCTRL_SH_R1FMT, SCTRL_R1LOOPSEL,
- es1370_dac2_and_adc_calc_freq}
-};
-
-static void es1370_update_status (ES1370State *s, uint32_t new_status)
-{
- uint32_t level = new_status & (STAT_DAC1 | STAT_DAC2 | STAT_ADC);
-
- if (level) {
- s->status = new_status | STAT_INTR;
- }
- else {
- s->status = new_status & ~STAT_INTR;
- }
- qemu_set_irq (s->dev.irq[0], !!level);
-}
-
-static void es1370_reset (ES1370State *s)
-{
- size_t i;
-
- s->ctl = 1;
- s->status = 0x60;
- s->mempage = 0;
- s->codec = 0;
- s->sctl = 0;
-
- for (i = 0; i < NB_CHANNELS; ++i) {
- struct chan *d = &s->chan[i];
- d->scount = 0;
- d->leftover = 0;
- if (i == ADC_CHANNEL) {
- AUD_close_in (&s->card, s->adc_voice);
- s->adc_voice = NULL;
- }
- else {
- AUD_close_out (&s->card, s->dac_voice[i]);
- s->dac_voice[i] = NULL;
- }
- }
- qemu_irq_lower (s->dev.irq[0]);
-}
-
-static void es1370_maybe_lower_irq (ES1370State *s, uint32_t sctl)
-{
- uint32_t new_status = s->status;
-
- if (!(sctl & SCTRL_P1INTEN) && (s->sctl & SCTRL_P1INTEN)) {
- new_status &= ~STAT_DAC1;
- }
-
- if (!(sctl & SCTRL_P2INTEN) && (s->sctl & SCTRL_P2INTEN)) {
- new_status &= ~STAT_DAC2;
- }
-
- if (!(sctl & SCTRL_R1INTEN) && (s->sctl & SCTRL_R1INTEN)) {
- new_status &= ~STAT_ADC;
- }
-
- if (new_status != s->status) {
- es1370_update_status (s, new_status);
- }
-}
-
-static void es1370_dac1_calc_freq (ES1370State *s, uint32_t ctl,
- uint32_t *old_freq, uint32_t *new_freq)
-
-{
- *old_freq = dac1_samplerate[(s->ctl & CTRL_WTSRSEL) >> CTRL_SH_WTSRSEL];
- *new_freq = dac1_samplerate[(ctl & CTRL_WTSRSEL) >> CTRL_SH_WTSRSEL];
-}
-
-static void es1370_dac2_and_adc_calc_freq (ES1370State *s, uint32_t ctl,
- uint32_t *old_freq,
- uint32_t *new_freq)
-
-{
- uint32_t old_pclkdiv, new_pclkdiv;
-
- new_pclkdiv = (ctl & CTRL_PCLKDIV) >> CTRL_SH_PCLKDIV;
- old_pclkdiv = (s->ctl & CTRL_PCLKDIV) >> CTRL_SH_PCLKDIV;
- *new_freq = DAC2_DIVTOSR (new_pclkdiv);
- *old_freq = DAC2_DIVTOSR (old_pclkdiv);
-}
-
-static void es1370_update_voices (ES1370State *s, uint32_t ctl, uint32_t sctl)
-{
- size_t i;
- uint32_t old_freq, new_freq, old_fmt, new_fmt;
-
- for (i = 0; i < NB_CHANNELS; ++i) {
- struct chan *d = &s->chan[i];
- const struct chan_bits *b = &es1370_chan_bits[i];
-
- new_fmt = (sctl & b->sctl_fmt) >> b->sctl_sh_fmt;
- old_fmt = (s->sctl & b->sctl_fmt) >> b->sctl_sh_fmt;
-
- b->calc_freq (s, ctl, &old_freq, &new_freq);
-
- if ((old_fmt != new_fmt) || (old_freq != new_freq)) {
- d->shift = (new_fmt & 1) + (new_fmt >> 1);
- ldebug ("channel %zu, freq = %d, nchannels %d, fmt %d, shift %d\n",
- i,
- new_freq,
- 1 << (new_fmt & 1),
- (new_fmt & 2) ? AUD_FMT_S16 : AUD_FMT_U8,
- d->shift);
- if (new_freq) {
- struct audsettings as;
-
- as.freq = new_freq;
- as.nchannels = 1 << (new_fmt & 1);
- as.fmt = (new_fmt & 2) ? AUD_FMT_S16 : AUD_FMT_U8;
- as.endianness = 0;
-
- if (i == ADC_CHANNEL) {
- s->adc_voice =
- AUD_open_in (
- &s->card,
- s->adc_voice,
- "es1370.adc",
- s,
- es1370_adc_callback,
- &as
- );
- }
- else {
- s->dac_voice[i] =
- AUD_open_out (
- &s->card,
- s->dac_voice[i],
- i ? "es1370.dac2" : "es1370.dac1",
- s,
- i ? es1370_dac2_callback : es1370_dac1_callback,
- &as
- );
- }
- }
- }
-
- if (((ctl ^ s->ctl) & b->ctl_en)
- || ((sctl ^ s->sctl) & b->sctl_pause)) {
- int on = (ctl & b->ctl_en) && !(sctl & b->sctl_pause);
-
- if (i == ADC_CHANNEL) {
- AUD_set_active_in (s->adc_voice, on);
- }
- else {
- AUD_set_active_out (s->dac_voice[i], on);
- }
- }
- }
-
- s->ctl = ctl;
- s->sctl = sctl;
-}
-
-static inline uint32_t es1370_fixup (ES1370State *s, uint32_t addr)
-{
- addr &= 0xff;
- if (addr >= 0x30 && addr <= 0x3f)
- addr |= s->mempage << 8;
- return addr;
-}
-
-IO_WRITE_PROTO (es1370_writeb)
-{
- ES1370State *s = opaque;
- uint32_t shift, mask;
-
- addr = es1370_fixup (s, addr);
-
- switch (addr) {
- case ES1370_REG_CONTROL:
- case ES1370_REG_CONTROL + 1:
- case ES1370_REG_CONTROL + 2:
- case ES1370_REG_CONTROL + 3:
- shift = (addr - ES1370_REG_CONTROL) << 3;
- mask = 0xff << shift;
- val = (s->ctl & ~mask) | ((val & 0xff) << shift);
- es1370_update_voices (s, val, s->sctl);
- print_ctl (val);
- break;
- case ES1370_REG_MEMPAGE:
- s->mempage = val;
- break;
- case ES1370_REG_SERIAL_CONTROL:
- case ES1370_REG_SERIAL_CONTROL + 1:
- case ES1370_REG_SERIAL_CONTROL + 2:
- case ES1370_REG_SERIAL_CONTROL + 3:
- shift = (addr - ES1370_REG_SERIAL_CONTROL) << 3;
- mask = 0xff << shift;
- val = (s->sctl & ~mask) | ((val & 0xff) << shift);
- es1370_maybe_lower_irq (s, val);
- es1370_update_voices (s, s->ctl, val);
- print_sctl (val);
- break;
- default:
- lwarn ("writeb %#x <- %#x\n", addr, val);
- break;
- }
-}
-
-IO_WRITE_PROTO (es1370_writew)
-{
- ES1370State *s = opaque;
- addr = es1370_fixup (s, addr);
- uint32_t shift, mask;
- struct chan *d = &s->chan[0];
-
- switch (addr) {
- case ES1370_REG_CODEC:
- dolog ("ignored codec write address %#x, data %#x\n",
- (val >> 8) & 0xff, val & 0xff);
- s->codec = val;
- break;
-
- case ES1370_REG_CONTROL:
- case ES1370_REG_CONTROL + 2:
- shift = (addr != ES1370_REG_CONTROL) << 4;
- mask = 0xffff << shift;
- val = (s->ctl & ~mask) | ((val & 0xffff) << shift);
- es1370_update_voices (s, val, s->sctl);
- print_ctl (val);
- break;
-
- case ES1370_REG_ADC_SCOUNT:
- d++;
- case ES1370_REG_DAC2_SCOUNT:
- d++;
- case ES1370_REG_DAC1_SCOUNT:
- d->scount = (d->scount & ~0xffff) | (val & 0xffff);
- break;
-
- default:
- lwarn ("writew %#x <- %#x\n", addr, val);
- break;
- }
-}
-
-IO_WRITE_PROTO (es1370_writel)
-{
- ES1370State *s = opaque;
- struct chan *d = &s->chan[0];
-
- addr = es1370_fixup (s, addr);
-
- switch (addr) {
- case ES1370_REG_CONTROL:
- es1370_update_voices (s, val, s->sctl);
- print_ctl (val);
- break;
-
- case ES1370_REG_MEMPAGE:
- s->mempage = val & 0xf;
- break;
-
- case ES1370_REG_SERIAL_CONTROL:
- es1370_maybe_lower_irq (s, val);
- es1370_update_voices (s, s->ctl, val);
- print_sctl (val);
- break;
-
- case ES1370_REG_ADC_SCOUNT:
- d++;
- case ES1370_REG_DAC2_SCOUNT:
- d++;
- case ES1370_REG_DAC1_SCOUNT:
- d->scount = (val & 0xffff) | (d->scount & ~0xffff);
- ldebug ("chan %td CURR_SAMP_CT %d, SAMP_CT %d\n",
- d - &s->chan[0], val >> 16, (val & 0xffff));
- break;
-
- case ES1370_REG_ADC_FRAMEADR:
- d++;
- case ES1370_REG_DAC2_FRAMEADR:
- d++;
- case ES1370_REG_DAC1_FRAMEADR:
- d->frame_addr = val;
- ldebug ("chan %td frame address %#x\n", d - &s->chan[0], val);
- break;
-
- case ES1370_REG_PHANTOM_FRAMECNT:
- lwarn ("writing to phantom frame count %#x\n", val);
- break;
- case ES1370_REG_PHANTOM_FRAMEADR:
- lwarn ("writing to phantom frame address %#x\n", val);
- break;
-
- case ES1370_REG_ADC_FRAMECNT:
- d++;
- case ES1370_REG_DAC2_FRAMECNT:
- d++;
- case ES1370_REG_DAC1_FRAMECNT:
- d->frame_cnt = val;
- d->leftover = 0;
- ldebug ("chan %td frame count %d, buffer size %d\n",
- d - &s->chan[0], val >> 16, val & 0xffff);
- break;
-
- default:
- lwarn ("writel %#x <- %#x\n", addr, val);
- break;
- }
-}
-
-IO_READ_PROTO (es1370_readb)
-{
- ES1370State *s = opaque;
- uint32_t val;
-
- addr = es1370_fixup (s, addr);
-
- switch (addr) {
- case 0x1b: /* Legacy */
- lwarn ("Attempt to read from legacy register\n");
- val = 5;
- break;
- case ES1370_REG_MEMPAGE:
- val = s->mempage;
- break;
- case ES1370_REG_CONTROL + 0:
- case ES1370_REG_CONTROL + 1:
- case ES1370_REG_CONTROL + 2:
- case ES1370_REG_CONTROL + 3:
- val = s->ctl >> ((addr - ES1370_REG_CONTROL) << 3);
- break;
- case ES1370_REG_STATUS + 0:
- case ES1370_REG_STATUS + 1:
- case ES1370_REG_STATUS + 2:
- case ES1370_REG_STATUS + 3:
- val = s->status >> ((addr - ES1370_REG_STATUS) << 3);
- break;
- default:
- val = ~0;
- lwarn ("readb %#x -> %#x\n", addr, val);
- break;
- }
- return val;
-}
-
-IO_READ_PROTO (es1370_readw)
-{
- ES1370State *s = opaque;
- struct chan *d = &s->chan[0];
- uint32_t val;
-
- addr = es1370_fixup (s, addr);
-
- switch (addr) {
- case ES1370_REG_ADC_SCOUNT + 2:
- d++;
- case ES1370_REG_DAC2_SCOUNT + 2:
- d++;
- case ES1370_REG_DAC1_SCOUNT + 2:
- val = d->scount >> 16;
- break;
-
- case ES1370_REG_ADC_FRAMECNT:
- d++;
- case ES1370_REG_DAC2_FRAMECNT:
- d++;
- case ES1370_REG_DAC1_FRAMECNT:
- val = d->frame_cnt & 0xffff;
- break;
-
- case ES1370_REG_ADC_FRAMECNT + 2:
- d++;
- case ES1370_REG_DAC2_FRAMECNT + 2:
- d++;
- case ES1370_REG_DAC1_FRAMECNT + 2:
- val = d->frame_cnt >> 16;
- break;
-
- default:
- val = ~0;
- lwarn ("readw %#x -> %#x\n", addr, val);
- break;
- }
-
- return val;
-}
-
-IO_READ_PROTO (es1370_readl)
-{
- ES1370State *s = opaque;
- uint32_t val;
- struct chan *d = &s->chan[0];
-
- addr = es1370_fixup (s, addr);
-
- switch (addr) {
- case ES1370_REG_CONTROL:
- val = s->ctl;
- break;
- case ES1370_REG_STATUS:
- val = s->status;
- break;
- case ES1370_REG_MEMPAGE:
- val = s->mempage;
- break;
- case ES1370_REG_CODEC:
- val = s->codec;
- break;
- case ES1370_REG_SERIAL_CONTROL:
- val = s->sctl;
- break;
-
- case ES1370_REG_ADC_SCOUNT:
- d++;
- case ES1370_REG_DAC2_SCOUNT:
- d++;
- case ES1370_REG_DAC1_SCOUNT:
- val = d->scount;
-#ifdef DEBUG_ES1370
- {
- uint32_t curr_count = d->scount >> 16;
- uint32_t count = d->scount & 0xffff;
-
- curr_count <<= d->shift;
- count <<= d->shift;
- dolog ("read scount curr %d, total %d\n", curr_count, count);
- }
-#endif
- break;
-
- case ES1370_REG_ADC_FRAMECNT:
- d++;
- case ES1370_REG_DAC2_FRAMECNT:
- d++;
- case ES1370_REG_DAC1_FRAMECNT:
- val = d->frame_cnt;
-#ifdef DEBUG_ES1370
- {
- uint32_t size = ((d->frame_cnt & 0xffff) + 1) << 2;
- uint32_t curr = ((d->frame_cnt >> 16) + 1) << 2;
- if (curr > size) {
- dolog ("read framecnt curr %d, size %d %d\n", curr, size,
- curr > size);
- }
- }
-#endif
- break;
-
- case ES1370_REG_ADC_FRAMEADR:
- d++;
- case ES1370_REG_DAC2_FRAMEADR:
- d++;
- case ES1370_REG_DAC1_FRAMEADR:
- val = d->frame_addr;
- break;
-
- case ES1370_REG_PHANTOM_FRAMECNT:
- val = ~0U;
- lwarn ("reading from phantom frame count\n");
- break;
- case ES1370_REG_PHANTOM_FRAMEADR:
- val = ~0U;
- lwarn ("reading from phantom frame address\n");
- break;
-
- default:
- val = ~0U;
- lwarn ("readl %#x -> %#x\n", addr, val);
- break;
- }
- return val;
-}
-
-static void es1370_transfer_audio (ES1370State *s, struct chan *d, int loop_sel,
- int max, int *irq)
-{
- uint8_t tmpbuf[4096];
- uint32_t addr = d->frame_addr;
- int sc = d->scount & 0xffff;
- int csc = d->scount >> 16;
- int csc_bytes = (csc + 1) << d->shift;
- int cnt = d->frame_cnt >> 16;
- int size = d->frame_cnt & 0xffff;
- int left = ((size - cnt + 1) << 2) + d->leftover;
- int transferred = 0;
- int temp = audio_MIN (max, audio_MIN (left, csc_bytes));
- int index = d - &s->chan[0];
-
- addr += (cnt << 2) + d->leftover;
-
- if (index == ADC_CHANNEL) {
- while (temp) {
- int acquired, to_copy;
-
- to_copy = audio_MIN ((size_t) temp, sizeof (tmpbuf));
- acquired = AUD_read (s->adc_voice, tmpbuf, to_copy);
- if (!acquired)
- break;
-
- pci_dma_write (&s->dev, addr, tmpbuf, acquired);
-
- temp -= acquired;
- addr += acquired;
- transferred += acquired;
- }
- }
- else {
- SWVoiceOut *voice = s->dac_voice[index];
-
- while (temp) {
- int copied, to_copy;
-
- to_copy = audio_MIN ((size_t) temp, sizeof (tmpbuf));
- pci_dma_read (&s->dev, addr, tmpbuf, to_copy);
- copied = AUD_write (voice, tmpbuf, to_copy);
- if (!copied)
- break;
- temp -= copied;
- addr += copied;
- transferred += copied;
- }
- }
-
- if (csc_bytes == transferred) {
- *irq = 1;
- d->scount = sc | (sc << 16);
- ldebug ("sc = %d, rate = %f\n",
- (sc + 1) << d->shift,
- (sc + 1) / (double) 44100);
- }
- else {
- *irq = 0;
- d->scount = sc | (((csc_bytes - transferred - 1) >> d->shift) << 16);
- }
-
- cnt += (transferred + d->leftover) >> 2;
-
- if (s->sctl & loop_sel) {
- /* Bah, how stupid is that having a 0 represent true value?
- i just spent few hours on this shit */
- AUD_log ("es1370: warning", "non looping mode\n");
- }
- else {
- d->frame_cnt = size;
-
- if ((uint32_t) cnt <= d->frame_cnt)
- d->frame_cnt |= cnt << 16;
- }
-
- d->leftover = (transferred + d->leftover) & 3;
-}
-
-static void es1370_run_channel (ES1370State *s, size_t chan, int free_or_avail)
-{
- uint32_t new_status = s->status;
- int max_bytes, irq;
- struct chan *d = &s->chan[chan];
- const struct chan_bits *b = &es1370_chan_bits[chan];
-
- if (!(s->ctl & b->ctl_en) || (s->sctl & b->sctl_pause)) {
- return;
- }
-
- max_bytes = free_or_avail;
- max_bytes &= ~((1 << d->shift) - 1);
- if (!max_bytes) {
- return;
- }
-
- es1370_transfer_audio (s, d, b->sctl_loopsel, max_bytes, &irq);
-
- if (irq) {
- if (s->sctl & b->sctl_inten) {
- new_status |= b->stat_int;
- }
- }
-
- if (new_status != s->status) {
- es1370_update_status (s, new_status);
- }
-}
-
-static void es1370_dac1_callback (void *opaque, int free)
-{
- ES1370State *s = opaque;
-
- es1370_run_channel (s, DAC1_CHANNEL, free);
-}
-
-static void es1370_dac2_callback (void *opaque, int free)
-{
- ES1370State *s = opaque;
-
- es1370_run_channel (s, DAC2_CHANNEL, free);
-}
-
-static void es1370_adc_callback (void *opaque, int avail)
-{
- ES1370State *s = opaque;
-
- es1370_run_channel (s, ADC_CHANNEL, avail);
-}
-
-static uint64_t es1370_read(void *opaque, hwaddr addr,
- unsigned size)
-{
- switch (size) {
- case 1:
- return es1370_readb(opaque, addr);
- case 2:
- return es1370_readw(opaque, addr);
- case 4:
- return es1370_readl(opaque, addr);
- default:
- return -1;
- }
-}
-
-static void es1370_write(void *opaque, hwaddr addr, uint64_t val,
- unsigned size)
-{
- switch (size) {
- case 1:
- es1370_writeb(opaque, addr, val);
- break;
- case 2:
- es1370_writew(opaque, addr, val);
- break;
- case 4:
- es1370_writel(opaque, addr, val);
- break;
- }
-}
-
-static const MemoryRegionOps es1370_io_ops = {
- .read = es1370_read,
- .write = es1370_write,
- .impl = {
- .min_access_size = 1,
- .max_access_size = 4,
- },
- .endianness = DEVICE_LITTLE_ENDIAN,
-};
-
-static const VMStateDescription vmstate_es1370_channel = {
- .name = "es1370_channel",
- .version_id = 2,
- .minimum_version_id = 2,
- .minimum_version_id_old = 2,
- .fields = (VMStateField []) {
- VMSTATE_UINT32 (shift, struct chan),
- VMSTATE_UINT32 (leftover, struct chan),
- VMSTATE_UINT32 (scount, struct chan),
- VMSTATE_UINT32 (frame_addr, struct chan),
- VMSTATE_UINT32 (frame_cnt, struct chan),
- VMSTATE_END_OF_LIST ()
- }
-};
-
-static int es1370_post_load (void *opaque, int version_id)
-{
- uint32_t ctl, sctl;
- ES1370State *s = opaque;
- size_t i;
-
- for (i = 0; i < NB_CHANNELS; ++i) {
- if (i == ADC_CHANNEL) {
- if (s->adc_voice) {
- AUD_close_in (&s->card, s->adc_voice);
- s->adc_voice = NULL;
- }
- }
- else {
- if (s->dac_voice[i]) {
- AUD_close_out (&s->card, s->dac_voice[i]);
- s->dac_voice[i] = NULL;
- }
- }
- }
-
- ctl = s->ctl;
- sctl = s->sctl;
- s->ctl = 0;
- s->sctl = 0;
- es1370_update_voices (s, ctl, sctl);
- return 0;
-}
-
-static const VMStateDescription vmstate_es1370 = {
- .name = "es1370",
- .version_id = 2,
- .minimum_version_id = 2,
- .minimum_version_id_old = 2,
- .post_load = es1370_post_load,
- .fields = (VMStateField []) {
- VMSTATE_PCI_DEVICE (dev, ES1370State),
- VMSTATE_STRUCT_ARRAY (chan, ES1370State, NB_CHANNELS, 2,
- vmstate_es1370_channel, struct chan),
- VMSTATE_UINT32 (ctl, ES1370State),
- VMSTATE_UINT32 (status, ES1370State),
- VMSTATE_UINT32 (mempage, ES1370State),
- VMSTATE_UINT32 (codec, ES1370State),
- VMSTATE_UINT32 (sctl, ES1370State),
- VMSTATE_END_OF_LIST ()
- }
-};
-
-static void es1370_on_reset (void *opaque)
-{
- ES1370State *s = opaque;
- es1370_reset (s);
-}
-
-static int es1370_initfn (PCIDevice *dev)
-{
- ES1370State *s = DO_UPCAST (ES1370State, dev, dev);
- uint8_t *c = s->dev.config;
-
- c[PCI_STATUS + 1] = PCI_STATUS_DEVSEL_SLOW >> 8;
-
-#if 0
- c[PCI_CAPABILITY_LIST] = 0xdc;
- c[PCI_INTERRUPT_LINE] = 10;
- c[0xdc] = 0x00;
-#endif
-
- c[PCI_INTERRUPT_PIN] = 1;
- c[PCI_MIN_GNT] = 0x0c;
- c[PCI_MAX_LAT] = 0x80;
-
- memory_region_init_io (&s->io, &es1370_io_ops, s, "es1370", 256);
- pci_register_bar (&s->dev, 0, PCI_BASE_ADDRESS_SPACE_IO, &s->io);
- qemu_register_reset (es1370_on_reset, s);
-
- AUD_register_card ("es1370", &s->card);
- es1370_reset (s);
- return 0;
-}
-
-static void es1370_exitfn (PCIDevice *dev)
-{
- ES1370State *s = DO_UPCAST (ES1370State, dev, dev);
-
- memory_region_destroy (&s->io);
-}
-
-int es1370_init (PCIBus *bus)
-{
- pci_create_simple (bus, -1, "ES1370");
- return 0;
-}
-
-static void es1370_class_init (ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS (klass);
- PCIDeviceClass *k = PCI_DEVICE_CLASS (klass);
-
- k->init = es1370_initfn;
- k->exit = es1370_exitfn;
- k->vendor_id = PCI_VENDOR_ID_ENSONIQ;
- k->device_id = PCI_DEVICE_ID_ENSONIQ_ES1370;
- k->class_id = PCI_CLASS_MULTIMEDIA_AUDIO;
- k->subsystem_vendor_id = 0x4942;
- k->subsystem_id = 0x4c4c;
- dc->desc = "ENSONIQ AudioPCI ES1370";
- dc->vmsd = &vmstate_es1370;
-}
-
-static TypeInfo es1370_info = {
- .name = "ES1370",
- .parent = TYPE_PCI_DEVICE,
- .instance_size = sizeof (ES1370State),
- .class_init = es1370_class_init,
-};
-
-static void es1370_register_types (void)
-{
- type_register_static (&es1370_info);
-}
-
-type_init (es1370_register_types)
-
diff --git a/hw/escc.c b/hw/escc.c
deleted file mode 100644
index a356613b0..000000000
--- a/hw/escc.c
+++ /dev/null
@@ -1,938 +0,0 @@
-/*
- * QEMU ESCC (Z8030/Z8530/Z85C30/SCC/ESCC) serial port emulation
- *
- * Copyright (c) 2003-2005 Fabrice Bellard
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
- * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
- * THE SOFTWARE.
- */
-
-#include "hw.h"
-#include "sysbus.h"
-#include "escc.h"
-#include "qemu-char.h"
-#include "console.h"
-#include "trace.h"
-
-/*
- * Chipset docs:
- * "Z80C30/Z85C30/Z80230/Z85230/Z85233 SCC/ESCC User Manual",
- * http://www.zilog.com/docs/serial/scc_escc_um.pdf
- *
- * On Sparc32 this is the serial port, mouse and keyboard part of chip STP2001
- * (Slave I/O), also produced as NCR89C105. See
- * http://www.ibiblio.org/pub/historic-linux/early-ports/Sparc/NCR/NCR89C105.txt
- *
- * The serial ports implement full AMD AM8530 or Zilog Z8530 chips,
- * mouse and keyboard ports don't implement all functions and they are
- * only asynchronous. There is no DMA.
- *
- * Z85C30 is also used on PowerMacs. There are some small differences
- * between Sparc version (sunzilog) and PowerMac (pmac):
- * Offset between control and data registers
- * There is some kind of lockup bug, but we can ignore it
- * CTS is inverted
- * DMA on pmac using DBDMA chip
- * pmac can do IRDA and faster rates, sunzilog can only do 38400
- * pmac baud rate generator clock is 3.6864 MHz, sunzilog 4.9152 MHz
- */
-
-/*
- * Modifications:
- * 2006-Aug-10 Igor Kovalenko : Renamed KBDQueue to SERIOQueue, implemented
- * serial mouse queue.
- * Implemented serial mouse protocol.
- *
- * 2010-May-23 Artyom Tarasenko: Reworked IUS logic
- */
-
-typedef enum {
- chn_a, chn_b,
-} ChnID;
-
-#define CHN_C(s) ((s)->chn == chn_b? 'b' : 'a')
-
-typedef enum {
- ser, kbd, mouse,
-} ChnType;
-
-#define SERIO_QUEUE_SIZE 256
-
-typedef struct {
- uint8_t data[SERIO_QUEUE_SIZE];
- int rptr, wptr, count;
-} SERIOQueue;
-
-#define SERIAL_REGS 16
-typedef struct ChannelState {
- qemu_irq irq;
- uint32_t rxint, txint, rxint_under_svc, txint_under_svc;
- struct ChannelState *otherchn;
- uint32_t reg;
- uint8_t wregs[SERIAL_REGS], rregs[SERIAL_REGS];
- SERIOQueue queue;
- CharDriverState *chr;
- int e0_mode, led_mode, caps_lock_mode, num_lock_mode;
- int disabled;
- int clock;
- uint32_t vmstate_dummy;
- ChnID chn; // this channel, A (base+4) or B (base+0)
- ChnType type;
- uint8_t rx, tx;
-} ChannelState;
-
-struct SerialState {
- SysBusDevice busdev;
- struct ChannelState chn[2];
- uint32_t it_shift;
- MemoryRegion mmio;
- uint32_t disabled;
- uint32_t frequency;
-};
-
-#define SERIAL_CTRL 0
-#define SERIAL_DATA 1
-
-#define W_CMD 0
-#define CMD_PTR_MASK 0x07
-#define CMD_CMD_MASK 0x38
-#define CMD_HI 0x08
-#define CMD_CLR_TXINT 0x28
-#define CMD_CLR_IUS 0x38
-#define W_INTR 1
-#define INTR_INTALL 0x01
-#define INTR_TXINT 0x02
-#define INTR_RXMODEMSK 0x18
-#define INTR_RXINT1ST 0x08
-#define INTR_RXINTALL 0x10
-#define W_IVEC 2
-#define W_RXCTRL 3
-#define RXCTRL_RXEN 0x01
-#define W_TXCTRL1 4
-#define TXCTRL1_PAREN 0x01
-#define TXCTRL1_PAREV 0x02
-#define TXCTRL1_1STOP 0x04
-#define TXCTRL1_1HSTOP 0x08
-#define TXCTRL1_2STOP 0x0c
-#define TXCTRL1_STPMSK 0x0c
-#define TXCTRL1_CLK1X 0x00
-#define TXCTRL1_CLK16X 0x40
-#define TXCTRL1_CLK32X 0x80
-#define TXCTRL1_CLK64X 0xc0
-#define TXCTRL1_CLKMSK 0xc0
-#define W_TXCTRL2 5
-#define TXCTRL2_TXEN 0x08
-#define TXCTRL2_BITMSK 0x60
-#define TXCTRL2_5BITS 0x00
-#define TXCTRL2_7BITS 0x20
-#define TXCTRL2_6BITS 0x40
-#define TXCTRL2_8BITS 0x60
-#define W_SYNC1 6
-#define W_SYNC2 7
-#define W_TXBUF 8
-#define W_MINTR 9
-#define MINTR_STATUSHI 0x10
-#define MINTR_RST_MASK 0xc0
-#define MINTR_RST_B 0x40
-#define MINTR_RST_A 0x80
-#define MINTR_RST_ALL 0xc0
-#define W_MISC1 10
-#define W_CLOCK 11
-#define CLOCK_TRXC 0x08
-#define W_BRGLO 12
-#define W_BRGHI 13
-#define W_MISC2 14
-#define MISC2_PLLDIS 0x30
-#define W_EXTINT 15
-#define EXTINT_DCD 0x08
-#define EXTINT_SYNCINT 0x10
-#define EXTINT_CTSINT 0x20
-#define EXTINT_TXUNDRN 0x40
-#define EXTINT_BRKINT 0x80
-
-#define R_STATUS 0
-#define STATUS_RXAV 0x01
-#define STATUS_ZERO 0x02
-#define STATUS_TXEMPTY 0x04
-#define STATUS_DCD 0x08
-#define STATUS_SYNC 0x10
-#define STATUS_CTS 0x20
-#define STATUS_TXUNDRN 0x40
-#define STATUS_BRK 0x80
-#define R_SPEC 1
-#define SPEC_ALLSENT 0x01
-#define SPEC_BITS8 0x06
-#define R_IVEC 2
-#define IVEC_TXINTB 0x00
-#define IVEC_LONOINT 0x06
-#define IVEC_LORXINTA 0x0c
-#define IVEC_LORXINTB 0x04
-#define IVEC_LOTXINTA 0x08
-#define IVEC_HINOINT 0x60
-#define IVEC_HIRXINTA 0x30
-#define IVEC_HIRXINTB 0x20
-#define IVEC_HITXINTA 0x10
-#define R_INTR 3
-#define INTR_EXTINTB 0x01
-#define INTR_TXINTB 0x02
-#define INTR_RXINTB 0x04
-#define INTR_EXTINTA 0x08
-#define INTR_TXINTA 0x10
-#define INTR_RXINTA 0x20
-#define R_IPEN 4
-#define R_TXCTRL1 5
-#define R_TXCTRL2 6
-#define R_BC 7
-#define R_RXBUF 8
-#define R_RXCTRL 9
-#define R_MISC 10
-#define R_MISC1 11
-#define R_BRGLO 12
-#define R_BRGHI 13
-#define R_MISC1I 14
-#define R_EXTINT 15
-
-static void handle_kbd_command(ChannelState *s, int val);
-static int serial_can_receive(void *opaque);
-static void serial_receive_byte(ChannelState *s, int ch);
-
-static void clear_queue(void *opaque)
-{
- ChannelState *s = opaque;
- SERIOQueue *q = &s->queue;
- q->rptr = q->wptr = q->count = 0;
-}
-
-static void put_queue(void *opaque, int b)
-{
- ChannelState *s = opaque;
- SERIOQueue *q = &s->queue;
-
- trace_escc_put_queue(CHN_C(s), b);
- if (q->count >= SERIO_QUEUE_SIZE)
- return;
- q->data[q->wptr] = b;
- if (++q->wptr == SERIO_QUEUE_SIZE)
- q->wptr = 0;
- q->count++;
- serial_receive_byte(s, 0);
-}
-
-static uint32_t get_queue(void *opaque)
-{
- ChannelState *s = opaque;
- SERIOQueue *q = &s->queue;
- int val;
-
- if (q->count == 0) {
- return 0;
- } else {
- val = q->data[q->rptr];
- if (++q->rptr == SERIO_QUEUE_SIZE)
- q->rptr = 0;
- q->count--;
- }
- trace_escc_get_queue(CHN_C(s), val);
- if (q->count > 0)
- serial_receive_byte(s, 0);
- return val;
-}
-
-static int escc_update_irq_chn(ChannelState *s)
-{
- if ((((s->wregs[W_INTR] & INTR_TXINT) && (s->txint == 1)) ||
- // tx ints enabled, pending
- ((((s->wregs[W_INTR] & INTR_RXMODEMSK) == INTR_RXINT1ST) ||
- ((s->wregs[W_INTR] & INTR_RXMODEMSK) == INTR_RXINTALL)) &&
- s->rxint == 1) || // rx ints enabled, pending
- ((s->wregs[W_EXTINT] & EXTINT_BRKINT) &&
- (s->rregs[R_STATUS] & STATUS_BRK)))) { // break int e&p
- return 1;
- }
- return 0;
-}
-
-static void escc_update_irq(ChannelState *s)
-{
- int irq;
-
- irq = escc_update_irq_chn(s);
- irq |= escc_update_irq_chn(s->otherchn);
-
- trace_escc_update_irq(irq);
- qemu_set_irq(s->irq, irq);
-}
-
-static void escc_reset_chn(ChannelState *s)
-{
- int i;
-
- s->reg = 0;
- for (i = 0; i < SERIAL_REGS; i++) {
- s->rregs[i] = 0;
- s->wregs[i] = 0;
- }
- s->wregs[W_TXCTRL1] = TXCTRL1_1STOP; // 1X divisor, 1 stop bit, no parity
- s->wregs[W_MINTR] = MINTR_RST_ALL;
- s->wregs[W_CLOCK] = CLOCK_TRXC; // Synch mode tx clock = TRxC
- s->wregs[W_MISC2] = MISC2_PLLDIS; // PLL disabled
- s->wregs[W_EXTINT] = EXTINT_DCD | EXTINT_SYNCINT | EXTINT_CTSINT |
- EXTINT_TXUNDRN | EXTINT_BRKINT; // Enable most interrupts
- if (s->disabled)
- s->rregs[R_STATUS] = STATUS_TXEMPTY | STATUS_DCD | STATUS_SYNC |
- STATUS_CTS | STATUS_TXUNDRN;
- else
- s->rregs[R_STATUS] = STATUS_TXEMPTY | STATUS_TXUNDRN;
- s->rregs[R_SPEC] = SPEC_BITS8 | SPEC_ALLSENT;
-
- s->rx = s->tx = 0;
- s->rxint = s->txint = 0;
- s->rxint_under_svc = s->txint_under_svc = 0;
- s->e0_mode = s->led_mode = s->caps_lock_mode = s->num_lock_mode = 0;
- clear_queue(s);
-}
-
-static void escc_reset(DeviceState *d)
-{
- SerialState *s = container_of(d, SerialState, busdev.qdev);
-
- escc_reset_chn(&s->chn[0]);
- escc_reset_chn(&s->chn[1]);
-}
-
-static inline void set_rxint(ChannelState *s)
-{
- s->rxint = 1;
- /* XXX: missing daisy chainnig: chn_b rx should have a lower priority
- than chn_a rx/tx/special_condition service*/
- s->rxint_under_svc = 1;
- if (s->chn == chn_a) {
- s->rregs[R_INTR] |= INTR_RXINTA;
- if (s->wregs[W_MINTR] & MINTR_STATUSHI)
- s->otherchn->rregs[R_IVEC] = IVEC_HIRXINTA;
- else
- s->otherchn->rregs[R_IVEC] = IVEC_LORXINTA;
- } else {
- s->otherchn->rregs[R_INTR] |= INTR_RXINTB;
- if (s->wregs[W_MINTR] & MINTR_STATUSHI)
- s->rregs[R_IVEC] = IVEC_HIRXINTB;
- else
- s->rregs[R_IVEC] = IVEC_LORXINTB;
- }
- escc_update_irq(s);
-}
-
-static inline void set_txint(ChannelState *s)
-{
- s->txint = 1;
- if (!s->rxint_under_svc) {
- s->txint_under_svc = 1;
- if (s->chn == chn_a) {
- if (s->wregs[W_INTR] & INTR_TXINT) {
- s->rregs[R_INTR] |= INTR_TXINTA;
- }
- if (s->wregs[W_MINTR] & MINTR_STATUSHI)
- s->otherchn->rregs[R_IVEC] = IVEC_HITXINTA;
- else
- s->otherchn->rregs[R_IVEC] = IVEC_LOTXINTA;
- } else {
- s->rregs[R_IVEC] = IVEC_TXINTB;
- if (s->wregs[W_INTR] & INTR_TXINT) {
- s->otherchn->rregs[R_INTR] |= INTR_TXINTB;
- }
- }
- escc_update_irq(s);
- }
-}
-
-static inline void clr_rxint(ChannelState *s)
-{
- s->rxint = 0;
- s->rxint_under_svc = 0;
- if (s->chn == chn_a) {
- if (s->wregs[W_MINTR] & MINTR_STATUSHI)
- s->otherchn->rregs[R_IVEC] = IVEC_HINOINT;
- else
- s->otherchn->rregs[R_IVEC] = IVEC_LONOINT;
- s->rregs[R_INTR] &= ~INTR_RXINTA;
- } else {
- if (s->wregs[W_MINTR] & MINTR_STATUSHI)
- s->rregs[R_IVEC] = IVEC_HINOINT;
- else
- s->rregs[R_IVEC] = IVEC_LONOINT;
- s->otherchn->rregs[R_INTR] &= ~INTR_RXINTB;
- }
- if (s->txint)
- set_txint(s);
- escc_update_irq(s);
-}
-
-static inline void clr_txint(ChannelState *s)
-{
- s->txint = 0;
- s->txint_under_svc = 0;
- if (s->chn == chn_a) {
- if (s->wregs[W_MINTR] & MINTR_STATUSHI)
- s->otherchn->rregs[R_IVEC] = IVEC_HINOINT;
- else
- s->otherchn->rregs[R_IVEC] = IVEC_LONOINT;
- s->rregs[R_INTR] &= ~INTR_TXINTA;
- } else {
- s->otherchn->rregs[R_INTR] &= ~INTR_TXINTB;
- if (s->wregs[W_MINTR] & MINTR_STATUSHI)
- s->rregs[R_IVEC] = IVEC_HINOINT;
- else
- s->rregs[R_IVEC] = IVEC_LONOINT;
- s->otherchn->rregs[R_INTR] &= ~INTR_TXINTB;
- }
- if (s->rxint)
- set_rxint(s);
- escc_update_irq(s);
-}
-
-static void escc_update_parameters(ChannelState *s)
-{
- int speed, parity, data_bits, stop_bits;
- QEMUSerialSetParams ssp;
-
- if (!s->chr || s->type != ser)
- return;
-
- if (s->wregs[W_TXCTRL1] & TXCTRL1_PAREN) {
- if (s->wregs[W_TXCTRL1] & TXCTRL1_PAREV)
- parity = 'E';
- else
- parity = 'O';
- } else {
- parity = 'N';
- }
- if ((s->wregs[W_TXCTRL1] & TXCTRL1_STPMSK) == TXCTRL1_2STOP)
- stop_bits = 2;
- else
- stop_bits = 1;
- switch (s->wregs[W_TXCTRL2] & TXCTRL2_BITMSK) {
- case TXCTRL2_5BITS:
- data_bits = 5;
- break;
- case TXCTRL2_7BITS:
- data_bits = 7;
- break;
- case TXCTRL2_6BITS:
- data_bits = 6;
- break;
- default:
- case TXCTRL2_8BITS:
- data_bits = 8;
- break;
- }
- speed = s->clock / ((s->wregs[W_BRGLO] | (s->wregs[W_BRGHI] << 8)) + 2);
- switch (s->wregs[W_TXCTRL1] & TXCTRL1_CLKMSK) {
- case TXCTRL1_CLK1X:
- break;
- case TXCTRL1_CLK16X:
- speed /= 16;
- break;
- case TXCTRL1_CLK32X:
- speed /= 32;
- break;
- default:
- case TXCTRL1_CLK64X:
- speed /= 64;
- break;
- }
- ssp.speed = speed;
- ssp.parity = parity;
- ssp.data_bits = data_bits;
- ssp.stop_bits = stop_bits;
- trace_escc_update_parameters(CHN_C(s), speed, parity, data_bits, stop_bits);
- qemu_chr_fe_ioctl(s->chr, CHR_IOCTL_SERIAL_SET_PARAMS, &ssp);
-}
-
-static void escc_mem_write(void *opaque, hwaddr addr,
- uint64_t val, unsigned size)
-{
- SerialState *serial = opaque;
- ChannelState *s;
- uint32_t saddr;
- int newreg, channel;
-
- val &= 0xff;
- saddr = (addr >> serial->it_shift) & 1;
- channel = (addr >> (serial->it_shift + 1)) & 1;
- s = &serial->chn[channel];
- switch (saddr) {
- case SERIAL_CTRL:
- trace_escc_mem_writeb_ctrl(CHN_C(s), s->reg, val & 0xff);
- newreg = 0;
- switch (s->reg) {
- case W_CMD:
- newreg = val & CMD_PTR_MASK;
- val &= CMD_CMD_MASK;
- switch (val) {
- case CMD_HI:
- newreg |= CMD_HI;
- break;
- case CMD_CLR_TXINT:
- clr_txint(s);
- break;
- case CMD_CLR_IUS:
- if (s->rxint_under_svc) {
- s->rxint_under_svc = 0;
- if (s->txint) {
- set_txint(s);
- }
- } else if (s->txint_under_svc) {
- s->txint_under_svc = 0;
- }
- escc_update_irq(s);
- break;
- default:
- break;
- }
- break;
- case W_INTR ... W_RXCTRL:
- case W_SYNC1 ... W_TXBUF:
- case W_MISC1 ... W_CLOCK:
- case W_MISC2 ... W_EXTINT:
- s->wregs[s->reg] = val;
- break;
- case W_TXCTRL1:
- case W_TXCTRL2:
- s->wregs[s->reg] = val;
- escc_update_parameters(s);
- break;
- case W_BRGLO:
- case W_BRGHI:
- s->wregs[s->reg] = val;
- s->rregs[s->reg] = val;
- escc_update_parameters(s);
- break;
- case W_MINTR:
- switch (val & MINTR_RST_MASK) {
- case 0:
- default:
- break;
- case MINTR_RST_B:
- escc_reset_chn(&serial->chn[0]);
- return;
- case MINTR_RST_A:
- escc_reset_chn(&serial->chn[1]);
- return;
- case MINTR_RST_ALL:
- escc_reset(&serial->busdev.qdev);
- return;
- }
- break;
- default:
- break;
- }
- if (s->reg == 0)
- s->reg = newreg;
- else
- s->reg = 0;
- break;
- case SERIAL_DATA:
- trace_escc_mem_writeb_data(CHN_C(s), val);
- s->tx = val;
- if (s->wregs[W_TXCTRL2] & TXCTRL2_TXEN) { // tx enabled
- if (s->chr)
- qemu_chr_fe_write(s->chr, &s->tx, 1);
- else if (s->type == kbd && !s->disabled) {
- handle_kbd_command(s, val);
- }
- }
- s->rregs[R_STATUS] |= STATUS_TXEMPTY; // Tx buffer empty
- s->rregs[R_SPEC] |= SPEC_ALLSENT; // All sent
- set_txint(s);
- break;
- default:
- break;
- }
-}
-
-static uint64_t escc_mem_read(void *opaque, hwaddr addr,
- unsigned size)
-{
- SerialState *serial = opaque;
- ChannelState *s;
- uint32_t saddr;
- uint32_t ret;
- int channel;
-
- saddr = (addr >> serial->it_shift) & 1;
- channel = (addr >> (serial->it_shift + 1)) & 1;
- s = &serial->chn[channel];
- switch (saddr) {
- case SERIAL_CTRL:
- trace_escc_mem_readb_ctrl(CHN_C(s), s->reg, s->rregs[s->reg]);
- ret = s->rregs[s->reg];
- s->reg = 0;
- return ret;
- case SERIAL_DATA:
- s->rregs[R_STATUS] &= ~STATUS_RXAV;
- clr_rxint(s);
- if (s->type == kbd || s->type == mouse)
- ret = get_queue(s);
- else
- ret = s->rx;
- trace_escc_mem_readb_data(CHN_C(s), ret);
- if (s->chr)
- qemu_chr_accept_input(s->chr);
- return ret;
- default:
- break;
- }
- return 0;
-}
-
-static const MemoryRegionOps escc_mem_ops = {
- .read = escc_mem_read,
- .write = escc_mem_write,
- .endianness = DEVICE_NATIVE_ENDIAN,
- .valid = {
- .min_access_size = 1,
- .max_access_size = 1,
- },
-};
-
-static int serial_can_receive(void *opaque)
-{
- ChannelState *s = opaque;
- int ret;
-
- if (((s->wregs[W_RXCTRL] & RXCTRL_RXEN) == 0) // Rx not enabled
- || ((s->rregs[R_STATUS] & STATUS_RXAV) == STATUS_RXAV))
- // char already available
- ret = 0;
- else
- ret = 1;
- return ret;
-}
-
-static void serial_receive_byte(ChannelState *s, int ch)
-{
- trace_escc_serial_receive_byte(CHN_C(s), ch);
- s->rregs[R_STATUS] |= STATUS_RXAV;
- s->rx = ch;
- set_rxint(s);
-}
-
-static void serial_receive_break(ChannelState *s)
-{
- s->rregs[R_STATUS] |= STATUS_BRK;
- escc_update_irq(s);
-}
-
-static void serial_receive1(void *opaque, const uint8_t *buf, int size)
-{
- ChannelState *s = opaque;
- serial_receive_byte(s, buf[0]);
-}
-
-static void serial_event(void *opaque, int event)
-{
- ChannelState *s = opaque;
- if (event == CHR_EVENT_BREAK)
- serial_receive_break(s);
-}
-
-static const VMStateDescription vmstate_escc_chn = {
- .name ="escc_chn",
- .version_id = 2,
- .minimum_version_id = 1,
- .minimum_version_id_old = 1,
- .fields = (VMStateField []) {
- VMSTATE_UINT32(vmstate_dummy, ChannelState),
- VMSTATE_UINT32(reg, ChannelState),
- VMSTATE_UINT32(rxint, ChannelState),
- VMSTATE_UINT32(txint, ChannelState),
- VMSTATE_UINT32(rxint_under_svc, ChannelState),
- VMSTATE_UINT32(txint_under_svc, ChannelState),
- VMSTATE_UINT8(rx, ChannelState),
- VMSTATE_UINT8(tx, ChannelState),
- VMSTATE_BUFFER(wregs, ChannelState),
- VMSTATE_BUFFER(rregs, ChannelState),
- VMSTATE_END_OF_LIST()
- }
-};
-
-static const VMStateDescription vmstate_escc = {
- .name ="escc",
- .version_id = 2,
- .minimum_version_id = 1,
- .minimum_version_id_old = 1,
- .fields = (VMStateField []) {
- VMSTATE_STRUCT_ARRAY(chn, SerialState, 2, 2, vmstate_escc_chn,
- ChannelState),
- VMSTATE_END_OF_LIST()
- }
-};
-
-MemoryRegion *escc_init(hwaddr base, qemu_irq irqA, qemu_irq irqB,
- CharDriverState *chrA, CharDriverState *chrB,
- int clock, int it_shift)
-{
- DeviceState *dev;
- SysBusDevice *s;
- SerialState *d;
-
- dev = qdev_create(NULL, "escc");
- qdev_prop_set_uint32(dev, "disabled", 0);
- qdev_prop_set_uint32(dev, "frequency", clock);
- qdev_prop_set_uint32(dev, "it_shift", it_shift);
- qdev_prop_set_chr(dev, "chrB", chrB);
- qdev_prop_set_chr(dev, "chrA", chrA);
- qdev_prop_set_uint32(dev, "chnBtype", ser);
- qdev_prop_set_uint32(dev, "chnAtype", ser);
- qdev_init_nofail(dev);
- s = sysbus_from_qdev(dev);
- sysbus_connect_irq(s, 0, irqB);
- sysbus_connect_irq(s, 1, irqA);
- if (base) {
- sysbus_mmio_map(s, 0, base);
- }
-
- d = FROM_SYSBUS(SerialState, s);
- return &d->mmio;
-}
-
-static const uint8_t keycodes[128] = {
- 127, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 43, 53,
- 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 89, 76, 77, 78,
- 79, 80, 81, 82, 83, 84, 85, 86, 87, 42, 99, 88, 100, 101, 102, 103,
- 104, 105, 106, 107, 108, 109, 110, 47, 19, 121, 119, 5, 6, 8, 10, 12,
- 14, 16, 17, 18, 7, 98, 23, 68, 69, 70, 71, 91, 92, 93, 125, 112,
- 113, 114, 94, 50, 0, 0, 124, 9, 11, 0, 0, 0, 0, 0, 0, 0,
- 90, 0, 46, 22, 13, 111, 52, 20, 96, 24, 28, 74, 27, 123, 44, 66,
- 0, 45, 2, 4, 48, 0, 0, 21, 0, 0, 0, 0, 0, 120, 122, 67,
-};
-
-static const uint8_t e0_keycodes[128] = {
- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 90, 76, 0, 0,
- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
- 0, 0, 0, 0, 0, 109, 0, 0, 13, 0, 0, 0, 0, 0, 0, 0,
- 0, 0, 0, 0, 0, 0, 0, 68, 69, 70, 0, 91, 0, 93, 0, 112,
- 113, 114, 94, 50, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
- 1, 3, 25, 26, 49, 52, 72, 73, 97, 99, 111, 118, 120, 122, 67, 0,
-};
-
-static void sunkbd_event(void *opaque, int ch)
-{
- ChannelState *s = opaque;
- int release = ch & 0x80;
-
- trace_escc_sunkbd_event_in(ch);
- switch (ch) {
- case 58: // Caps lock press
- s->caps_lock_mode ^= 1;
- if (s->caps_lock_mode == 2)
- return; // Drop second press
- break;
- case 69: // Num lock press
- s->num_lock_mode ^= 1;
- if (s->num_lock_mode == 2)
- return; // Drop second press
- break;
- case 186: // Caps lock release
- s->caps_lock_mode ^= 2;
- if (s->caps_lock_mode == 3)
- return; // Drop first release
- break;
- case 197: // Num lock release
- s->num_lock_mode ^= 2;
- if (s->num_lock_mode == 3)
- return; // Drop first release
- break;
- case 0xe0:
- s->e0_mode = 1;
- return;
- default:
- break;
- }
- if (s->e0_mode) {
- s->e0_mode = 0;
- ch = e0_keycodes[ch & 0x7f];
- } else {
- ch = keycodes[ch & 0x7f];
- }
- trace_escc_sunkbd_event_out(ch);
- put_queue(s, ch | release);
-}
-
-static void handle_kbd_command(ChannelState *s, int val)
-{
- trace_escc_kbd_command(val);
- if (s->led_mode) { // Ignore led byte
- s->led_mode = 0;
- return;
- }
- switch (val) {
- case 1: // Reset, return type code
- clear_queue(s);
- put_queue(s, 0xff);
- put_queue(s, 4); // Type 4
- put_queue(s, 0x7f);
- break;
- case 0xe: // Set leds
- s->led_mode = 1;
- break;
- case 7: // Query layout
- case 0xf:
- clear_queue(s);
- put_queue(s, 0xfe);
- put_queue(s, 0); // XXX, layout?
- break;
- default:
- break;
- }
-}
-
-static void sunmouse_event(void *opaque,
- int dx, int dy, int dz, int buttons_state)
-{
- ChannelState *s = opaque;
- int ch;
-
- trace_escc_sunmouse_event(dx, dy, buttons_state);
- ch = 0x80 | 0x7; /* protocol start byte, no buttons pressed */
-
- if (buttons_state & MOUSE_EVENT_LBUTTON)
- ch ^= 0x4;
- if (buttons_state & MOUSE_EVENT_MBUTTON)
- ch ^= 0x2;
- if (buttons_state & MOUSE_EVENT_RBUTTON)
- ch ^= 0x1;
-
- put_queue(s, ch);
-
- ch = dx;
-
- if (ch > 127)
- ch = 127;
- else if (ch < -127)
- ch = -127;
-
- put_queue(s, ch & 0xff);
-
- ch = -dy;
-
- if (ch > 127)
- ch = 127;
- else if (ch < -127)
- ch = -127;
-
- put_queue(s, ch & 0xff);
-
- // MSC protocol specify two extra motion bytes
-
- put_queue(s, 0);
- put_queue(s, 0);
-}
-
-void slavio_serial_ms_kbd_init(hwaddr base, qemu_irq irq,
- int disabled, int clock, int it_shift)
-{
- DeviceState *dev;
- SysBusDevice *s;
-
- dev = qdev_create(NULL, "escc");
- qdev_prop_set_uint32(dev, "disabled", disabled);
- qdev_prop_set_uint32(dev, "frequency", clock);
- qdev_prop_set_uint32(dev, "it_shift", it_shift);
- qdev_prop_set_chr(dev, "chrB", NULL);
- qdev_prop_set_chr(dev, "chrA", NULL);
- qdev_prop_set_uint32(dev, "chnBtype", mouse);
- qdev_prop_set_uint32(dev, "chnAtype", kbd);
- qdev_init_nofail(dev);
- s = sysbus_from_qdev(dev);
- sysbus_connect_irq(s, 0, irq);
- sysbus_connect_irq(s, 1, irq);
- sysbus_mmio_map(s, 0, base);
-}
-
-static int escc_init1(SysBusDevice *dev)
-{
- SerialState *s = FROM_SYSBUS(SerialState, dev);
- unsigned int i;
-
- s->chn[0].disabled = s->disabled;
- s->chn[1].disabled = s->disabled;
- for (i = 0; i < 2; i++) {
- sysbus_init_irq(dev, &s->chn[i].irq);
- s->chn[i].chn = 1 - i;
- s->chn[i].clock = s->frequency / 2;
- if (s->chn[i].chr) {
- qemu_chr_add_handlers(s->chn[i].chr, serial_can_receive,
- serial_receive1, serial_event, &s->chn[i]);
- }
- }
- s->chn[0].otherchn = &s->chn[1];
- s->chn[1].otherchn = &s->chn[0];
-
- memory_region_init_io(&s->mmio, &escc_mem_ops, s, "escc",
- ESCC_SIZE << s->it_shift);
- sysbus_init_mmio(dev, &s->mmio);
-
- if (s->chn[0].type == mouse) {
- qemu_add_mouse_event_handler(sunmouse_event, &s->chn[0], 0,
- "QEMU Sun Mouse");
- }
- if (s->chn[1].type == kbd) {
- qemu_add_kbd_event_handler(sunkbd_event, &s->chn[1]);
- }
-
- return 0;
-}
-
-static Property escc_properties[] = {
- DEFINE_PROP_UINT32("frequency", SerialState, frequency, 0),
- DEFINE_PROP_UINT32("it_shift", SerialState, it_shift, 0),
- DEFINE_PROP_UINT32("disabled", SerialState, disabled, 0),
- DEFINE_PROP_UINT32("chnBtype", SerialState, chn[0].type, 0),
- DEFINE_PROP_UINT32("chnAtype", SerialState, chn[1].type, 0),
- DEFINE_PROP_CHR("chrB", SerialState, chn[0].chr),
- DEFINE_PROP_CHR("chrA", SerialState, chn[1].chr),
- DEFINE_PROP_END_OF_LIST(),
-};
-
-static void escc_class_init(ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS(klass);
- SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
-
- k->init = escc_init1;
- dc->reset = escc_reset;
- dc->vmsd = &vmstate_escc;
- dc->props = escc_properties;
-}
-
-static TypeInfo escc_info = {
- .name = "escc",
- .parent = TYPE_SYS_BUS_DEVICE,
- .instance_size = sizeof(SerialState),
- .class_init = escc_class_init,
-};
-
-static void escc_register_types(void)
-{
- type_register_static(&escc_info);
-}
-
-type_init(escc_register_types)
diff --git a/hw/escc.h b/hw/escc.h
deleted file mode 100644
index def28947a..000000000
--- a/hw/escc.h
+++ /dev/null
@@ -1,8 +0,0 @@
-/* escc.c */
-#define ESCC_SIZE 4
-MemoryRegion *escc_init(hwaddr base, qemu_irq irqA, qemu_irq irqB,
- CharDriverState *chrA, CharDriverState *chrB,
- int clock, int it_shift);
-
-void slavio_serial_ms_kbd_init(hwaddr base, qemu_irq irq,
- int disabled, int clock, int it_shift);
diff --git a/hw/esp-pci.c b/hw/esp-pci.c
deleted file mode 100644
index d9a8e59c9..000000000
--- a/hw/esp-pci.c
+++ /dev/null
@@ -1,518 +0,0 @@
-/*
- * QEMU ESP/NCR53C9x emulation
- *
- * Copyright (c) 2005-2006 Fabrice Bellard
- * Copyright (c) 2012 Herve Poussineau
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
- * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
- * THE SOFTWARE.
- */
-
-#include "pci.h"
-#include "eeprom93xx.h"
-#include "esp.h"
-#include "trace.h"
-#include "qemu-log.h"
-
-#define TYPE_AM53C974_DEVICE "am53c974"
-
-#define DMA_CMD 0x0
-#define DMA_STC 0x1
-#define DMA_SPA 0x2
-#define DMA_WBC 0x3
-#define DMA_WAC 0x4
-#define DMA_STAT 0x5
-#define DMA_SMDLA 0x6
-#define DMA_WMAC 0x7
-
-#define DMA_CMD_MASK 0x03
-#define DMA_CMD_DIAG 0x04
-#define DMA_CMD_MDL 0x10
-#define DMA_CMD_INTE_P 0x20
-#define DMA_CMD_INTE_D 0x40
-#define DMA_CMD_DIR 0x80
-
-#define DMA_STAT_PWDN 0x01
-#define DMA_STAT_ERROR 0x02
-#define DMA_STAT_ABORT 0x04
-#define DMA_STAT_DONE 0x08
-#define DMA_STAT_SCSIINT 0x10
-#define DMA_STAT_BCMBLT 0x20
-
-#define SBAC_STATUS 0x1000
-
-typedef struct PCIESPState {
- PCIDevice dev;
- MemoryRegion io;
- uint32_t dma_regs[8];
- uint32_t sbac;
- ESPState esp;
-} PCIESPState;
-
-static void esp_pci_handle_idle(PCIESPState *pci, uint32_t val)
-{
- trace_esp_pci_dma_idle(val);
- esp_dma_enable(&pci->esp, 0, 0);
-}
-
-static void esp_pci_handle_blast(PCIESPState *pci, uint32_t val)
-{
- trace_esp_pci_dma_blast(val);
- qemu_log_mask(LOG_UNIMP, "am53c974: cmd BLAST not implemented\n");
-}
-
-static void esp_pci_handle_abort(PCIESPState *pci, uint32_t val)
-{
- trace_esp_pci_dma_abort(val);
- if (pci->esp.current_req) {
- scsi_req_cancel(pci->esp.current_req);
- }
-}
-
-static void esp_pci_handle_start(PCIESPState *pci, uint32_t val)
-{
- trace_esp_pci_dma_start(val);
-
- pci->dma_regs[DMA_WBC] = pci->dma_regs[DMA_STC];
- pci->dma_regs[DMA_WAC] = pci->dma_regs[DMA_SPA];
- pci->dma_regs[DMA_WMAC] = pci->dma_regs[DMA_SMDLA];
-
- pci->dma_regs[DMA_STAT] &= ~(DMA_STAT_BCMBLT | DMA_STAT_SCSIINT
- | DMA_STAT_DONE | DMA_STAT_ABORT
- | DMA_STAT_ERROR | DMA_STAT_PWDN);
-
- esp_dma_enable(&pci->esp, 0, 1);
-}
-
-static void esp_pci_dma_write(PCIESPState *pci, uint32_t saddr, uint32_t val)
-{
- trace_esp_pci_dma_write(saddr, pci->dma_regs[saddr], val);
- switch (saddr) {
- case DMA_CMD:
- pci->dma_regs[saddr] = val;
- switch (val & DMA_CMD_MASK) {
- case 0x0: /* IDLE */
- esp_pci_handle_idle(pci, val);
- break;
- case 0x1: /* BLAST */
- esp_pci_handle_blast(pci, val);
- break;
- case 0x2: /* ABORT */
- esp_pci_handle_abort(pci, val);
- break;
- case 0x3: /* START */
- esp_pci_handle_start(pci, val);
- break;
- default: /* can't happen */
- abort();
- }
- break;
- case DMA_STC:
- case DMA_SPA:
- case DMA_SMDLA:
- pci->dma_regs[saddr] = val;
- break;
- case DMA_STAT:
- if (!(pci->sbac & SBAC_STATUS)) {
- /* clear some bits on write */
- uint32_t mask = DMA_STAT_ERROR | DMA_STAT_ABORT | DMA_STAT_DONE;
- pci->dma_regs[DMA_STAT] &= ~(val & mask);
- }
- break;
- default:
- trace_esp_pci_error_invalid_write_dma(val, saddr);
- return;
- }
-}
-
-static uint32_t esp_pci_dma_read(PCIESPState *pci, uint32_t saddr)
-{
- uint32_t val;
-
- val = pci->dma_regs[saddr];
- if (saddr == DMA_STAT) {
- if (pci->esp.rregs[ESP_RSTAT] & STAT_INT) {
- val |= DMA_STAT_SCSIINT;
- }
- if (pci->sbac & SBAC_STATUS) {
- pci->dma_regs[DMA_STAT] &= ~(DMA_STAT_ERROR | DMA_STAT_ABORT |
- DMA_STAT_DONE);
- }
- }
-
- trace_esp_pci_dma_read(saddr, val);
- return val;
-}
-
-static void esp_pci_io_write(void *opaque, hwaddr addr,
- uint64_t val, unsigned int size)
-{
- PCIESPState *pci = opaque;
-
- if (size < 4 || addr & 3) {
- /* need to upgrade request: we only support 4-bytes accesses */
- uint32_t current = 0, mask;
- int shift;
-
- if (addr < 0x40) {
- current = pci->esp.wregs[addr >> 2];
- } else if (addr < 0x60) {
- current = pci->dma_regs[(addr - 0x40) >> 2];
- } else if (addr < 0x74) {
- current = pci->sbac;
- }
-
- shift = (4 - size) * 8;
- mask = (~(uint32_t)0 << shift) >> shift;
-
- shift = ((4 - (addr & 3)) & 3) * 8;
- val <<= shift;
- val |= current & ~(mask << shift);
- addr &= ~3;
- size = 4;
- }
-
- if (addr < 0x40) {
- /* SCSI core reg */
- esp_reg_write(&pci->esp, addr >> 2, val);
- } else if (addr < 0x60) {
- /* PCI DMA CCB */
- esp_pci_dma_write(pci, (addr - 0x40) >> 2, val);
- } else if (addr == 0x70) {
- /* DMA SCSI Bus and control */
- trace_esp_pci_sbac_write(pci->sbac, val);
- pci->sbac = val;
- } else {
- trace_esp_pci_error_invalid_write((int)addr);
- }
-}
-
-static uint64_t esp_pci_io_read(void *opaque, hwaddr addr,
- unsigned int size)
-{
- PCIESPState *pci = opaque;
- uint32_t ret;
-
- if (addr < 0x40) {
- /* SCSI core reg */
- ret = esp_reg_read(&pci->esp, addr >> 2);
- } else if (addr < 0x60) {
- /* PCI DMA CCB */
- ret = esp_pci_dma_read(pci, (addr - 0x40) >> 2);
- } else if (addr == 0x70) {
- /* DMA SCSI Bus and control */
- trace_esp_pci_sbac_read(pci->sbac);
- ret = pci->sbac;
- } else {
- /* Invalid region */
- trace_esp_pci_error_invalid_read((int)addr);
- ret = 0;
- }
-
- /* give only requested data */
- ret >>= (addr & 3) * 8;
- ret &= ~(~(uint64_t)0 << (8 * size));
-
- return ret;
-}
-
-static void esp_pci_dma_memory_rw(PCIESPState *pci, uint8_t *buf, int len,
- DMADirection dir)
-{
- dma_addr_t addr;
- DMADirection expected_dir;
-
- if (pci->dma_regs[DMA_CMD] & DMA_CMD_DIR) {
- expected_dir = DMA_DIRECTION_FROM_DEVICE;
- } else {
- expected_dir = DMA_DIRECTION_TO_DEVICE;
- }
-
- if (dir != expected_dir) {
- trace_esp_pci_error_invalid_dma_direction();
- return;
- }
-
- if (pci->dma_regs[DMA_STAT] & DMA_CMD_MDL) {
- qemu_log_mask(LOG_UNIMP, "am53c974: MDL transfer not implemented\n");
- }
-
- addr = pci->dma_regs[DMA_SPA];
- if (pci->dma_regs[DMA_WBC] < len) {
- len = pci->dma_regs[DMA_WBC];
- }
-
- pci_dma_rw(&pci->dev, addr, buf, len, dir);
-
- /* update status registers */
- pci->dma_regs[DMA_WBC] -= len;
- pci->dma_regs[DMA_WAC] += len;
-}
-
-static void esp_pci_dma_memory_read(void *opaque, uint8_t *buf, int len)
-{
- PCIESPState *pci = opaque;
- esp_pci_dma_memory_rw(pci, buf, len, DMA_DIRECTION_TO_DEVICE);
-}
-
-static void esp_pci_dma_memory_write(void *opaque, uint8_t *buf, int len)
-{
- PCIESPState *pci = opaque;
- esp_pci_dma_memory_rw(pci, buf, len, DMA_DIRECTION_FROM_DEVICE);
-}
-
-static const MemoryRegionOps esp_pci_io_ops = {
- .read = esp_pci_io_read,
- .write = esp_pci_io_write,
- .endianness = DEVICE_LITTLE_ENDIAN,
- .impl = {
- .min_access_size = 1,
- .max_access_size = 4,
- },
-};
-
-static void esp_pci_hard_reset(DeviceState *dev)
-{
- PCIESPState *pci = DO_UPCAST(PCIESPState, dev.qdev, dev);
- esp_hard_reset(&pci->esp);
- pci->dma_regs[DMA_CMD] &= ~(DMA_CMD_DIR | DMA_CMD_INTE_D | DMA_CMD_INTE_P
- | DMA_CMD_MDL | DMA_CMD_DIAG | DMA_CMD_MASK);
- pci->dma_regs[DMA_WBC] &= ~0xffff;
- pci->dma_regs[DMA_WAC] = 0xffffffff;
- pci->dma_regs[DMA_STAT] &= ~(DMA_STAT_BCMBLT | DMA_STAT_SCSIINT
- | DMA_STAT_DONE | DMA_STAT_ABORT
- | DMA_STAT_ERROR);
- pci->dma_regs[DMA_WMAC] = 0xfffffffd;
-}
-
-static const VMStateDescription vmstate_esp_pci_scsi = {
- .name = "pciespscsi",
- .version_id = 0,
- .minimum_version_id = 0,
- .minimum_version_id_old = 0,
- .fields = (VMStateField[]) {
- VMSTATE_PCI_DEVICE(dev, PCIESPState),
- VMSTATE_BUFFER_UNSAFE(dma_regs, PCIESPState, 0, 8 * sizeof(uint32_t)),
- VMSTATE_STRUCT(esp, PCIESPState, 0, vmstate_esp, ESPState),
- VMSTATE_END_OF_LIST()
- }
-};
-
-static void esp_pci_command_complete(SCSIRequest *req, uint32_t status,
- size_t resid)
-{
- ESPState *s = req->hba_private;
- PCIESPState *pci = container_of(s, PCIESPState, esp);
-
- esp_command_complete(req, status, resid);
- pci->dma_regs[DMA_WBC] = 0;
- pci->dma_regs[DMA_STAT] |= DMA_STAT_DONE;
-}
-
-static const struct SCSIBusInfo esp_pci_scsi_info = {
- .tcq = false,
- .max_target = ESP_MAX_DEVS,
- .max_lun = 7,
-
- .transfer_data = esp_transfer_data,
- .complete = esp_pci_command_complete,
- .cancel = esp_request_cancelled,
-};
-
-static int esp_pci_scsi_init(PCIDevice *dev)
-{
- PCIESPState *pci = DO_UPCAST(PCIESPState, dev, dev);
- ESPState *s = &pci->esp;
- uint8_t *pci_conf;
-
- pci_conf = pci->dev.config;
-
- /* Interrupt pin A */
- pci_conf[PCI_INTERRUPT_PIN] = 0x01;
-
- s->dma_memory_read = esp_pci_dma_memory_read;
- s->dma_memory_write = esp_pci_dma_memory_write;
- s->dma_opaque = pci;
- s->chip_id = TCHI_AM53C974;
- memory_region_init_io(&pci->io, &esp_pci_io_ops, pci, "esp-io", 0x80);
-
- pci_register_bar(&pci->dev, 0, PCI_BASE_ADDRESS_SPACE_IO, &pci->io);
- s->irq = pci->dev.irq[0];
-
- scsi_bus_new(&s->bus, &dev->qdev, &esp_pci_scsi_info);
- if (!dev->qdev.hotplugged) {
- return scsi_bus_legacy_handle_cmdline(&s->bus);
- }
- return 0;
-}
-
-static void esp_pci_scsi_uninit(PCIDevice *d)
-{
- PCIESPState *pci = DO_UPCAST(PCIESPState, dev, d);
-
- memory_region_destroy(&pci->io);
-}
-
-static void esp_pci_class_init(ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS(klass);
- PCIDeviceClass *k = PCI_DEVICE_CLASS(klass);
-
- k->init = esp_pci_scsi_init;
- k->exit = esp_pci_scsi_uninit;
- k->vendor_id = PCI_VENDOR_ID_AMD;
- k->device_id = PCI_DEVICE_ID_AMD_SCSI;
- k->revision = 0x10;
- k->class_id = PCI_CLASS_STORAGE_SCSI;
- dc->desc = "AMD Am53c974 PCscsi-PCI SCSI adapter";
- dc->reset = esp_pci_hard_reset;
- dc->vmsd = &vmstate_esp_pci_scsi;
-}
-
-static const TypeInfo esp_pci_info = {
- .name = TYPE_AM53C974_DEVICE,
- .parent = TYPE_PCI_DEVICE,
- .instance_size = sizeof(PCIESPState),
- .class_init = esp_pci_class_init,
-};
-
-typedef struct {
- PCIESPState pci;
- eeprom_t *eeprom;
-} DC390State;
-
-#define TYPE_DC390_DEVICE "dc390"
-#define DC390(obj) \
- OBJECT_CHECK(DC390State, obj, TYPE_DC390_DEVICE)
-
-#define EE_ADAPT_SCSI_ID 64
-#define EE_MODE2 65
-#define EE_DELAY 66
-#define EE_TAG_CMD_NUM 67
-#define EE_ADAPT_OPTIONS 68
-#define EE_BOOT_SCSI_ID 69
-#define EE_BOOT_SCSI_LUN 70
-#define EE_CHKSUM1 126
-#define EE_CHKSUM2 127
-
-#define EE_ADAPT_OPTION_F6_F8_AT_BOOT 0x01
-#define EE_ADAPT_OPTION_BOOT_FROM_CDROM 0x02
-#define EE_ADAPT_OPTION_INT13 0x04
-#define EE_ADAPT_OPTION_SCAM_SUPPORT 0x08
-
-
-static uint32_t dc390_read_config(PCIDevice *dev, uint32_t addr, int l)
-{
- DC390State *pci = DC390(dev);
- uint32_t val;
-
- val = pci_default_read_config(dev, addr, l);
-
- if (addr == 0x00 && l == 1) {
- /* First byte of address space is AND-ed with EEPROM DO line */
- if (!eeprom93xx_read(pci->eeprom)) {
- val &= ~0xff;
- }
- }
-
- return val;
-}
-
-static void dc390_write_config(PCIDevice *dev,
- uint32_t addr, uint32_t val, int l)
-{
- DC390State *pci = DC390(dev);
- if (addr == 0x80) {
- /* EEPROM write */
- int eesk = val & 0x80 ? 1 : 0;
- int eedi = val & 0x40 ? 1 : 0;
- eeprom93xx_write(pci->eeprom, 1, eesk, eedi);
- } else if (addr == 0xc0) {
- /* EEPROM CS low */
- eeprom93xx_write(pci->eeprom, 0, 0, 0);
- } else {
- pci_default_write_config(dev, addr, val, l);
- }
-}
-
-static int dc390_scsi_init(PCIDevice *dev)
-{
- DC390State *pci = DC390(dev);
- uint8_t *contents;
- uint16_t chksum = 0;
- int i, ret;
-
- /* init base class */
- ret = esp_pci_scsi_init(dev);
- if (ret < 0) {
- return ret;
- }
-
- /* EEPROM */
- pci->eeprom = eeprom93xx_new(DEVICE(dev), 64);
-
- /* set default eeprom values */
- contents = (uint8_t *)eeprom93xx_data(pci->eeprom);
-
- for (i = 0; i < 16; i++) {
- contents[i * 2] = 0x57;
- contents[i * 2 + 1] = 0x00;
- }
- contents[EE_ADAPT_SCSI_ID] = 7;
- contents[EE_MODE2] = 0x0f;
- contents[EE_TAG_CMD_NUM] = 0x04;
- contents[EE_ADAPT_OPTIONS] = EE_ADAPT_OPTION_F6_F8_AT_BOOT
- | EE_ADAPT_OPTION_BOOT_FROM_CDROM
- | EE_ADAPT_OPTION_INT13;
-
- /* update eeprom checksum */
- for (i = 0; i < EE_CHKSUM1; i += 2) {
- chksum += contents[i] + (((uint16_t)contents[i + 1]) << 8);
- }
- chksum = 0x1234 - chksum;
- contents[EE_CHKSUM1] = chksum & 0xff;
- contents[EE_CHKSUM2] = chksum >> 8;
-
- return 0;
-}
-
-static void dc390_class_init(ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS(klass);
- PCIDeviceClass *k = PCI_DEVICE_CLASS(klass);
-
- k->init = dc390_scsi_init;
- k->config_read = dc390_read_config;
- k->config_write = dc390_write_config;
- dc->desc = "Tekram DC-390 SCSI adapter";
-}
-
-static const TypeInfo dc390_info = {
- .name = "dc390",
- .parent = TYPE_AM53C974_DEVICE,
- .instance_size = sizeof(DC390State),
- .class_init = dc390_class_init,
-};
-
-static void esp_pci_register_types(void)
-{
- type_register_static(&esp_pci_info);
- type_register_static(&dc390_info);
-}
-
-type_init(esp_pci_register_types)
diff --git a/hw/esp.c b/hw/esp.c
deleted file mode 100644
index 6d01624a4..000000000
--- a/hw/esp.c
+++ /dev/null
@@ -1,727 +0,0 @@
-/*
- * QEMU ESP/NCR53C9x emulation
- *
- * Copyright (c) 2005-2006 Fabrice Bellard
- * Copyright (c) 2012 Herve Poussineau
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
- * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
- * THE SOFTWARE.
- */
-
-#include "sysbus.h"
-#include "esp.h"
-#include "trace.h"
-#include "qemu-log.h"
-
-/*
- * On Sparc32, this is the ESP (NCR53C90) part of chip STP2000 (Master I/O),
- * also produced as NCR89C100. See
- * http://www.ibiblio.org/pub/historic-linux/early-ports/Sparc/NCR/NCR89C100.txt
- * and
- * http://www.ibiblio.org/pub/historic-linux/early-ports/Sparc/NCR/NCR53C9X.txt
- */
-
-static void esp_raise_irq(ESPState *s)
-{
- if (!(s->rregs[ESP_RSTAT] & STAT_INT)) {
- s->rregs[ESP_RSTAT] |= STAT_INT;
- qemu_irq_raise(s->irq);
- trace_esp_raise_irq();
- }
-}
-
-static void esp_lower_irq(ESPState *s)
-{
- if (s->rregs[ESP_RSTAT] & STAT_INT) {
- s->rregs[ESP_RSTAT] &= ~STAT_INT;
- qemu_irq_lower(s->irq);
- trace_esp_lower_irq();
- }
-}
-
-void esp_dma_enable(ESPState *s, int irq, int level)
-{
- if (level) {
- s->dma_enabled = 1;
- trace_esp_dma_enable();
- if (s->dma_cb) {
- s->dma_cb(s);
- s->dma_cb = NULL;
- }
- } else {
- trace_esp_dma_disable();
- s->dma_enabled = 0;
- }
-}
-
-void esp_request_cancelled(SCSIRequest *req)
-{
- ESPState *s = req->hba_private;
-
- if (req == s->current_req) {
- scsi_req_unref(s->current_req);
- s->current_req = NULL;
- s->current_dev = NULL;
- }
-}
-
-static uint32_t get_cmd(ESPState *s, uint8_t *buf)
-{
- uint32_t dmalen;
- int target;
-
- target = s->wregs[ESP_WBUSID] & BUSID_DID;
- if (s->dma) {
- dmalen = s->rregs[ESP_TCLO];
- dmalen |= s->rregs[ESP_TCMID] << 8;
- dmalen |= s->rregs[ESP_TCHI] << 16;
- s->dma_memory_read(s->dma_opaque, buf, dmalen);
- } else {
- dmalen = s->ti_size;
- memcpy(buf, s->ti_buf, dmalen);
- buf[0] = buf[2] >> 5;
- }
- trace_esp_get_cmd(dmalen, target);
-
- s->ti_size = 0;
- s->ti_rptr = 0;
- s->ti_wptr = 0;
-
- if (s->current_req) {
- /* Started a new command before the old one finished. Cancel it. */
- scsi_req_cancel(s->current_req);
- s->async_len = 0;
- }
-
- s->current_dev = scsi_device_find(&s->bus, 0, target, 0);
- if (!s->current_dev) {
- // No such drive
- s->rregs[ESP_RSTAT] = 0;
- s->rregs[ESP_RINTR] = INTR_DC;
- s->rregs[ESP_RSEQ] = SEQ_0;
- esp_raise_irq(s);
- return 0;
- }
- return dmalen;
-}
-
-static void do_busid_cmd(ESPState *s, uint8_t *buf, uint8_t busid)
-{
- int32_t datalen;
- int lun;
- SCSIDevice *current_lun;
-
- trace_esp_do_busid_cmd(busid);
- lun = busid & 7;
- current_lun = scsi_device_find(&s->bus, 0, s->current_dev->id, lun);
- s->current_req = scsi_req_new(current_lun, 0, lun, buf, s);
- datalen = scsi_req_enqueue(s->current_req);
- s->ti_size = datalen;
- if (datalen != 0) {
- s->rregs[ESP_RSTAT] = STAT_TC;
- s->dma_left = 0;
- s->dma_counter = 0;
- if (datalen > 0) {
- s->rregs[ESP_RSTAT] |= STAT_DI;
- } else {
- s->rregs[ESP_RSTAT] |= STAT_DO;
- }
- scsi_req_continue(s->current_req);
- }
- s->rregs[ESP_RINTR] = INTR_BS | INTR_FC;
- s->rregs[ESP_RSEQ] = SEQ_CD;
- esp_raise_irq(s);
-}
-
-static void do_cmd(ESPState *s, uint8_t *buf)
-{
- uint8_t busid = buf[0];
-
- do_busid_cmd(s, &buf[1], busid);
-}
-
-static void handle_satn(ESPState *s)
-{
- uint8_t buf[32];
- int len;
-
- if (s->dma && !s->dma_enabled) {
- s->dma_cb = handle_satn;
- return;
- }
- len = get_cmd(s, buf);
- if (len)
- do_cmd(s, buf);
-}
-
-static void handle_s_without_atn(ESPState *s)
-{
- uint8_t buf[32];
- int len;
-
- if (s->dma && !s->dma_enabled) {
- s->dma_cb = handle_s_without_atn;
- return;
- }
- len = get_cmd(s, buf);
- if (len) {
- do_busid_cmd(s, buf, 0);
- }
-}
-
-static void handle_satn_stop(ESPState *s)
-{
- if (s->dma && !s->dma_enabled) {
- s->dma_cb = handle_satn_stop;
- return;
- }
- s->cmdlen = get_cmd(s, s->cmdbuf);
- if (s->cmdlen) {
- trace_esp_handle_satn_stop(s->cmdlen);
- s->do_cmd = 1;
- s->rregs[ESP_RSTAT] = STAT_TC | STAT_CD;
- s->rregs[ESP_RINTR] = INTR_BS | INTR_FC;
- s->rregs[ESP_RSEQ] = SEQ_CD;
- esp_raise_irq(s);
- }
-}
-
-static void write_response(ESPState *s)
-{
- trace_esp_write_response(s->status);
- s->ti_buf[0] = s->status;
- s->ti_buf[1] = 0;
- if (s->dma) {
- s->dma_memory_write(s->dma_opaque, s->ti_buf, 2);
- s->rregs[ESP_RSTAT] = STAT_TC | STAT_ST;
- s->rregs[ESP_RINTR] = INTR_BS | INTR_FC;
- s->rregs[ESP_RSEQ] = SEQ_CD;
- } else {
- s->ti_size = 2;
- s->ti_rptr = 0;
- s->ti_wptr = 0;
- s->rregs[ESP_RFLAGS] = 2;
- }
- esp_raise_irq(s);
-}
-
-static void esp_dma_done(ESPState *s)
-{
- s->rregs[ESP_RSTAT] |= STAT_TC;
- s->rregs[ESP_RINTR] = INTR_BS;
- s->rregs[ESP_RSEQ] = 0;
- s->rregs[ESP_RFLAGS] = 0;
- s->rregs[ESP_TCLO] = 0;
- s->rregs[ESP_TCMID] = 0;
- s->rregs[ESP_TCHI] = 0;
- esp_raise_irq(s);
-}
-
-static void esp_do_dma(ESPState *s)
-{
- uint32_t len;
- int to_device;
-
- to_device = (s->ti_size < 0);
- len = s->dma_left;
- if (s->do_cmd) {
- trace_esp_do_dma(s->cmdlen, len);
- s->dma_memory_read(s->dma_opaque, &s->cmdbuf[s->cmdlen], len);
- s->ti_size = 0;
- s->cmdlen = 0;
- s->do_cmd = 0;
- do_cmd(s, s->cmdbuf);
- return;
- }
- if (s->async_len == 0) {
- /* Defer until data is available. */
- return;
- }
- if (len > s->async_len) {
- len = s->async_len;
- }
- if (to_device) {
- s->dma_memory_read(s->dma_opaque, s->async_buf, len);
- } else {
- s->dma_memory_write(s->dma_opaque, s->async_buf, len);
- }
- s->dma_left -= len;
- s->async_buf += len;
- s->async_len -= len;
- if (to_device)
- s->ti_size += len;
- else
- s->ti_size -= len;
- if (s->async_len == 0) {
- scsi_req_continue(s->current_req);
- /* If there is still data to be read from the device then
- complete the DMA operation immediately. Otherwise defer
- until the scsi layer has completed. */
- if (to_device || s->dma_left != 0 || s->ti_size == 0) {
- return;
- }
- }
-
- /* Partially filled a scsi buffer. Complete immediately. */
- esp_dma_done(s);
-}
-
-void esp_command_complete(SCSIRequest *req, uint32_t status,
- size_t resid)
-{
- ESPState *s = req->hba_private;
-
- trace_esp_command_complete();
- if (s->ti_size != 0) {
- trace_esp_command_complete_unexpected();
- }
- s->ti_size = 0;
- s->dma_left = 0;
- s->async_len = 0;
- if (status) {
- trace_esp_command_complete_fail();
- }
- s->status = status;
- s->rregs[ESP_RSTAT] = STAT_ST;
- esp_dma_done(s);
- if (s->current_req) {
- scsi_req_unref(s->current_req);
- s->current_req = NULL;
- s->current_dev = NULL;
- }
-}
-
-void esp_transfer_data(SCSIRequest *req, uint32_t len)
-{
- ESPState *s = req->hba_private;
-
- trace_esp_transfer_data(s->dma_left, s->ti_size);
- s->async_len = len;
- s->async_buf = scsi_req_get_buf(req);
- if (s->dma_left) {
- esp_do_dma(s);
- } else if (s->dma_counter != 0 && s->ti_size <= 0) {
- /* If this was the last part of a DMA transfer then the
- completion interrupt is deferred to here. */
- esp_dma_done(s);
- }
-}
-
-static void handle_ti(ESPState *s)
-{
- uint32_t dmalen, minlen;
-
- if (s->dma && !s->dma_enabled) {
- s->dma_cb = handle_ti;
- return;
- }
-
- dmalen = s->rregs[ESP_TCLO];
- dmalen |= s->rregs[ESP_TCMID] << 8;
- dmalen |= s->rregs[ESP_TCHI] << 16;
- if (dmalen==0) {
- dmalen=0x10000;
- }
- s->dma_counter = dmalen;
-
- if (s->do_cmd)
- minlen = (dmalen < 32) ? dmalen : 32;
- else if (s->ti_size < 0)
- minlen = (dmalen < -s->ti_size) ? dmalen : -s->ti_size;
- else
- minlen = (dmalen < s->ti_size) ? dmalen : s->ti_size;
- trace_esp_handle_ti(minlen);
- if (s->dma) {
- s->dma_left = minlen;
- s->rregs[ESP_RSTAT] &= ~STAT_TC;
- esp_do_dma(s);
- } else if (s->do_cmd) {
- trace_esp_handle_ti_cmd(s->cmdlen);
- s->ti_size = 0;
- s->cmdlen = 0;
- s->do_cmd = 0;
- do_cmd(s, s->cmdbuf);
- return;
- }
-}
-
-void esp_hard_reset(ESPState *s)
-{
- memset(s->rregs, 0, ESP_REGS);
- memset(s->wregs, 0, ESP_REGS);
- s->rregs[ESP_TCHI] = s->chip_id;
- s->ti_size = 0;
- s->ti_rptr = 0;
- s->ti_wptr = 0;
- s->dma = 0;
- s->do_cmd = 0;
- s->dma_cb = NULL;
-
- s->rregs[ESP_CFG1] = 7;
-}
-
-static void esp_soft_reset(ESPState *s)
-{
- qemu_irq_lower(s->irq);
- esp_hard_reset(s);
-}
-
-static void parent_esp_reset(ESPState *s, int irq, int level)
-{
- if (level) {
- esp_soft_reset(s);
- }
-}
-
-uint64_t esp_reg_read(ESPState *s, uint32_t saddr)
-{
- uint32_t old_val;
-
- trace_esp_mem_readb(saddr, s->rregs[saddr]);
- switch (saddr) {
- case ESP_FIFO:
- if (s->ti_size > 0) {
- s->ti_size--;
- if ((s->rregs[ESP_RSTAT] & STAT_PIO_MASK) == 0) {
- /* Data out. */
- qemu_log_mask(LOG_UNIMP,
- "esp: PIO data read not implemented\n");
- s->rregs[ESP_FIFO] = 0;
- } else {
- s->rregs[ESP_FIFO] = s->ti_buf[s->ti_rptr++];
- }
- esp_raise_irq(s);
- }
- if (s->ti_size == 0) {
- s->ti_rptr = 0;
- s->ti_wptr = 0;
- }
- break;
- case ESP_RINTR:
- /* Clear sequence step, interrupt register and all status bits
- except TC */
- old_val = s->rregs[ESP_RINTR];
- s->rregs[ESP_RINTR] = 0;
- s->rregs[ESP_RSTAT] &= ~STAT_TC;
- s->rregs[ESP_RSEQ] = SEQ_CD;
- esp_lower_irq(s);
-
- return old_val;
- default:
- break;
- }
- return s->rregs[saddr];
-}
-
-void esp_reg_write(ESPState *s, uint32_t saddr, uint64_t val)
-{
- trace_esp_mem_writeb(saddr, s->wregs[saddr], val);
- switch (saddr) {
- case ESP_TCLO:
- case ESP_TCMID:
- case ESP_TCHI:
- s->rregs[ESP_RSTAT] &= ~STAT_TC;
- break;
- case ESP_FIFO:
- if (s->do_cmd) {
- s->cmdbuf[s->cmdlen++] = val & 0xff;
- } else if (s->ti_size == TI_BUFSZ - 1) {
- trace_esp_error_fifo_overrun();
- } else {
- s->ti_size++;
- s->ti_buf[s->ti_wptr++] = val & 0xff;
- }
- break;
- case ESP_CMD:
- s->rregs[saddr] = val;
- if (val & CMD_DMA) {
- s->dma = 1;
- /* Reload DMA counter. */
- s->rregs[ESP_TCLO] = s->wregs[ESP_TCLO];
- s->rregs[ESP_TCMID] = s->wregs[ESP_TCMID];
- s->rregs[ESP_TCHI] = s->wregs[ESP_TCHI];
- } else {
- s->dma = 0;
- }
- switch(val & CMD_CMD) {
- case CMD_NOP:
- trace_esp_mem_writeb_cmd_nop(val);
- break;
- case CMD_FLUSH:
- trace_esp_mem_writeb_cmd_flush(val);
- //s->ti_size = 0;
- s->rregs[ESP_RINTR] = INTR_FC;
- s->rregs[ESP_RSEQ] = 0;
- s->rregs[ESP_RFLAGS] = 0;
- break;
- case CMD_RESET:
- trace_esp_mem_writeb_cmd_reset(val);
- esp_soft_reset(s);
- break;
- case CMD_BUSRESET:
- trace_esp_mem_writeb_cmd_bus_reset(val);
- s->rregs[ESP_RINTR] = INTR_RST;
- if (!(s->wregs[ESP_CFG1] & CFG1_RESREPT)) {
- esp_raise_irq(s);
- }
- break;
- case CMD_TI:
- handle_ti(s);
- break;
- case CMD_ICCS:
- trace_esp_mem_writeb_cmd_iccs(val);
- write_response(s);
- s->rregs[ESP_RINTR] = INTR_FC;
- s->rregs[ESP_RSTAT] |= STAT_MI;
- break;
- case CMD_MSGACC:
- trace_esp_mem_writeb_cmd_msgacc(val);
- s->rregs[ESP_RINTR] = INTR_DC;
- s->rregs[ESP_RSEQ] = 0;
- s->rregs[ESP_RFLAGS] = 0;
- esp_raise_irq(s);
- break;
- case CMD_PAD:
- trace_esp_mem_writeb_cmd_pad(val);
- s->rregs[ESP_RSTAT] = STAT_TC;
- s->rregs[ESP_RINTR] = INTR_FC;
- s->rregs[ESP_RSEQ] = 0;
- break;
- case CMD_SATN:
- trace_esp_mem_writeb_cmd_satn(val);
- break;
- case CMD_RSTATN:
- trace_esp_mem_writeb_cmd_rstatn(val);
- break;
- case CMD_SEL:
- trace_esp_mem_writeb_cmd_sel(val);
- handle_s_without_atn(s);
- break;
- case CMD_SELATN:
- trace_esp_mem_writeb_cmd_selatn(val);
- handle_satn(s);
- break;
- case CMD_SELATNS:
- trace_esp_mem_writeb_cmd_selatns(val);
- handle_satn_stop(s);
- break;
- case CMD_ENSEL:
- trace_esp_mem_writeb_cmd_ensel(val);
- s->rregs[ESP_RINTR] = 0;
- break;
- case CMD_DISSEL:
- trace_esp_mem_writeb_cmd_dissel(val);
- s->rregs[ESP_RINTR] = 0;
- esp_raise_irq(s);
- break;
- default:
- trace_esp_error_unhandled_command(val);
- break;
- }
- break;
- case ESP_WBUSID ... ESP_WSYNO:
- break;
- case ESP_CFG1:
- case ESP_CFG2: case ESP_CFG3:
- case ESP_RES3: case ESP_RES4:
- s->rregs[saddr] = val;
- break;
- case ESP_WCCF ... ESP_WTEST:
- break;
- default:
- trace_esp_error_invalid_write(val, saddr);
- return;
- }
- s->wregs[saddr] = val;
-}
-
-static bool esp_mem_accepts(void *opaque, hwaddr addr,
- unsigned size, bool is_write)
-{
- return (size == 1) || (is_write && size == 4);
-}
-
-const VMStateDescription vmstate_esp = {
- .name ="esp",
- .version_id = 3,
- .minimum_version_id = 3,
- .minimum_version_id_old = 3,
- .fields = (VMStateField []) {
- VMSTATE_BUFFER(rregs, ESPState),
- VMSTATE_BUFFER(wregs, ESPState),
- VMSTATE_INT32(ti_size, ESPState),
- VMSTATE_UINT32(ti_rptr, ESPState),
- VMSTATE_UINT32(ti_wptr, ESPState),
- VMSTATE_BUFFER(ti_buf, ESPState),
- VMSTATE_UINT32(status, ESPState),
- VMSTATE_UINT32(dma, ESPState),
- VMSTATE_BUFFER(cmdbuf, ESPState),
- VMSTATE_UINT32(cmdlen, ESPState),
- VMSTATE_UINT32(do_cmd, ESPState),
- VMSTATE_UINT32(dma_left, ESPState),
- VMSTATE_END_OF_LIST()
- }
-};
-
-typedef struct {
- SysBusDevice busdev;
- MemoryRegion iomem;
- uint32_t it_shift;
- ESPState esp;
-} SysBusESPState;
-
-static void sysbus_esp_mem_write(void *opaque, hwaddr addr,
- uint64_t val, unsigned int size)
-{
- SysBusESPState *sysbus = opaque;
- uint32_t saddr;
-
- saddr = addr >> sysbus->it_shift;
- esp_reg_write(&sysbus->esp, saddr, val);
-}
-
-static uint64_t sysbus_esp_mem_read(void *opaque, hwaddr addr,
- unsigned int size)
-{
- SysBusESPState *sysbus = opaque;
- uint32_t saddr;
-
- saddr = addr >> sysbus->it_shift;
- return esp_reg_read(&sysbus->esp, saddr);
-}
-
-static const MemoryRegionOps sysbus_esp_mem_ops = {
- .read = sysbus_esp_mem_read,
- .write = sysbus_esp_mem_write,
- .endianness = DEVICE_NATIVE_ENDIAN,
- .valid.accepts = esp_mem_accepts,
-};
-
-void esp_init(hwaddr espaddr, int it_shift,
- ESPDMAMemoryReadWriteFunc dma_memory_read,
- ESPDMAMemoryReadWriteFunc dma_memory_write,
- void *dma_opaque, qemu_irq irq, qemu_irq *reset,
- qemu_irq *dma_enable)
-{
- DeviceState *dev;
- SysBusDevice *s;
- SysBusESPState *sysbus;
- ESPState *esp;
-
- dev = qdev_create(NULL, "esp");
- sysbus = DO_UPCAST(SysBusESPState, busdev.qdev, dev);
- esp = &sysbus->esp;
- esp->dma_memory_read = dma_memory_read;
- esp->dma_memory_write = dma_memory_write;
- esp->dma_opaque = dma_opaque;
- sysbus->it_shift = it_shift;
- /* XXX for now until rc4030 has been changed to use DMA enable signal */
- esp->dma_enabled = 1;
- qdev_init_nofail(dev);
- s = sysbus_from_qdev(dev);
- sysbus_connect_irq(s, 0, irq);
- sysbus_mmio_map(s, 0, espaddr);
- *reset = qdev_get_gpio_in(dev, 0);
- *dma_enable = qdev_get_gpio_in(dev, 1);
-}
-
-static const struct SCSIBusInfo esp_scsi_info = {
- .tcq = false,
- .max_target = ESP_MAX_DEVS,
- .max_lun = 7,
-
- .transfer_data = esp_transfer_data,
- .complete = esp_command_complete,
- .cancel = esp_request_cancelled
-};
-
-static void sysbus_esp_gpio_demux(void *opaque, int irq, int level)
-{
- DeviceState *d = opaque;
- SysBusESPState *sysbus = container_of(d, SysBusESPState, busdev.qdev);
- ESPState *s = &sysbus->esp;
-
- switch (irq) {
- case 0:
- parent_esp_reset(s, irq, level);
- break;
- case 1:
- esp_dma_enable(opaque, irq, level);
- break;
- }
-}
-
-static int sysbus_esp_init(SysBusDevice *dev)
-{
- SysBusESPState *sysbus = FROM_SYSBUS(SysBusESPState, dev);
- ESPState *s = &sysbus->esp;
-
- sysbus_init_irq(dev, &s->irq);
- assert(sysbus->it_shift != -1);
-
- s->chip_id = TCHI_FAS100A;
- memory_region_init_io(&sysbus->iomem, &sysbus_esp_mem_ops, sysbus,
- "esp", ESP_REGS << sysbus->it_shift);
- sysbus_init_mmio(dev, &sysbus->iomem);
-
- qdev_init_gpio_in(&dev->qdev, sysbus_esp_gpio_demux, 2);
-
- scsi_bus_new(&s->bus, &dev->qdev, &esp_scsi_info);
- return scsi_bus_legacy_handle_cmdline(&s->bus);
-}
-
-static void sysbus_esp_hard_reset(DeviceState *dev)
-{
- SysBusESPState *sysbus = DO_UPCAST(SysBusESPState, busdev.qdev, dev);
- esp_hard_reset(&sysbus->esp);
-}
-
-static const VMStateDescription vmstate_sysbus_esp_scsi = {
- .name = "sysbusespscsi",
- .version_id = 0,
- .minimum_version_id = 0,
- .minimum_version_id_old = 0,
- .fields = (VMStateField[]) {
- VMSTATE_STRUCT(esp, SysBusESPState, 0, vmstate_esp, ESPState),
- VMSTATE_END_OF_LIST()
- }
-};
-
-static void sysbus_esp_class_init(ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS(klass);
- SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
-
- k->init = sysbus_esp_init;
- dc->reset = sysbus_esp_hard_reset;
- dc->vmsd = &vmstate_sysbus_esp_scsi;
-}
-
-static const TypeInfo sysbus_esp_info = {
- .name = "esp",
- .parent = TYPE_SYS_BUS_DEVICE,
- .instance_size = sizeof(SysBusESPState),
- .class_init = sysbus_esp_class_init,
-};
-
-static void esp_register_types(void)
-{
- type_register_static(&sysbus_esp_info);
-}
-
-type_init(esp_register_types)
diff --git a/hw/esp.h b/hw/esp.h
deleted file mode 100644
index f15cc7b5b..000000000
--- a/hw/esp.h
+++ /dev/null
@@ -1,132 +0,0 @@
-#ifndef QEMU_HW_ESP_H
-#define QEMU_HW_ESP_H
-
-#include "scsi.h"
-
-/* esp.c */
-#define ESP_MAX_DEVS 7
-typedef void (*ESPDMAMemoryReadWriteFunc)(void *opaque, uint8_t *buf, int len);
-void esp_init(hwaddr espaddr, int it_shift,
- ESPDMAMemoryReadWriteFunc dma_memory_read,
- ESPDMAMemoryReadWriteFunc dma_memory_write,
- void *dma_opaque, qemu_irq irq, qemu_irq *reset,
- qemu_irq *dma_enable);
-
-#define ESP_REGS 16
-#define TI_BUFSZ 16
-
-typedef struct ESPState ESPState;
-
-struct ESPState {
- uint8_t rregs[ESP_REGS];
- uint8_t wregs[ESP_REGS];
- qemu_irq irq;
- uint8_t chip_id;
- int32_t ti_size;
- uint32_t ti_rptr, ti_wptr;
- uint32_t status;
- uint32_t dma;
- uint8_t ti_buf[TI_BUFSZ];
- SCSIBus bus;
- SCSIDevice *current_dev;
- SCSIRequest *current_req;
- uint8_t cmdbuf[TI_BUFSZ];
- uint32_t cmdlen;
- uint32_t do_cmd;
-
- /* The amount of data left in the current DMA transfer. */
- uint32_t dma_left;
- /* The size of the current DMA transfer. Zero if no transfer is in
- progress. */
- uint32_t dma_counter;
- int dma_enabled;
-
- uint32_t async_len;
- uint8_t *async_buf;
-
- ESPDMAMemoryReadWriteFunc dma_memory_read;
- ESPDMAMemoryReadWriteFunc dma_memory_write;
- void *dma_opaque;
- void (*dma_cb)(ESPState *s);
-};
-
-#define ESP_TCLO 0x0
-#define ESP_TCMID 0x1
-#define ESP_FIFO 0x2
-#define ESP_CMD 0x3
-#define ESP_RSTAT 0x4
-#define ESP_WBUSID 0x4
-#define ESP_RINTR 0x5
-#define ESP_WSEL 0x5
-#define ESP_RSEQ 0x6
-#define ESP_WSYNTP 0x6
-#define ESP_RFLAGS 0x7
-#define ESP_WSYNO 0x7
-#define ESP_CFG1 0x8
-#define ESP_RRES1 0x9
-#define ESP_WCCF 0x9
-#define ESP_RRES2 0xa
-#define ESP_WTEST 0xa
-#define ESP_CFG2 0xb
-#define ESP_CFG3 0xc
-#define ESP_RES3 0xd
-#define ESP_TCHI 0xe
-#define ESP_RES4 0xf
-
-#define CMD_DMA 0x80
-#define CMD_CMD 0x7f
-
-#define CMD_NOP 0x00
-#define CMD_FLUSH 0x01
-#define CMD_RESET 0x02
-#define CMD_BUSRESET 0x03
-#define CMD_TI 0x10
-#define CMD_ICCS 0x11
-#define CMD_MSGACC 0x12
-#define CMD_PAD 0x18
-#define CMD_SATN 0x1a
-#define CMD_RSTATN 0x1b
-#define CMD_SEL 0x41
-#define CMD_SELATN 0x42
-#define CMD_SELATNS 0x43
-#define CMD_ENSEL 0x44
-#define CMD_DISSEL 0x45
-
-#define STAT_DO 0x00
-#define STAT_DI 0x01
-#define STAT_CD 0x02
-#define STAT_ST 0x03
-#define STAT_MO 0x06
-#define STAT_MI 0x07
-#define STAT_PIO_MASK 0x06
-
-#define STAT_TC 0x10
-#define STAT_PE 0x20
-#define STAT_GE 0x40
-#define STAT_INT 0x80
-
-#define BUSID_DID 0x07
-
-#define INTR_FC 0x08
-#define INTR_BS 0x10
-#define INTR_DC 0x20
-#define INTR_RST 0x80
-
-#define SEQ_0 0x0
-#define SEQ_CD 0x4
-
-#define CFG1_RESREPT 0x40
-
-#define TCHI_FAS100A 0x4
-#define TCHI_AM53C974 0x12
-
-void esp_dma_enable(ESPState *s, int irq, int level);
-void esp_request_cancelled(SCSIRequest *req);
-void esp_command_complete(SCSIRequest *req, uint32_t status, size_t resid);
-void esp_transfer_data(SCSIRequest *req, uint32_t len);
-void esp_hard_reset(ESPState *s);
-uint64_t esp_reg_read(ESPState *s, uint32_t saddr);
-void esp_reg_write(ESPState *s, uint32_t saddr, uint64_t val);
-extern const VMStateDescription vmstate_esp;
-
-#endif
diff --git a/hw/etraxfs.h b/hw/etraxfs.h
deleted file mode 100644
index 725bb9e14..000000000
--- a/hw/etraxfs.h
+++ /dev/null
@@ -1,46 +0,0 @@
-/*
- * QEMU ETRAX System Emulator
- *
- * Copyright (c) 2008 Edgar E. Iglesias, Axis Communications AB.
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
- * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
- * THE SOFTWARE.
- */
-
-#include "net.h"
-#include "etraxfs_dma.h"
-
-qemu_irq *cris_pic_init_cpu(CPUCRISState *env);
-
-/* Instantiate an ETRAXFS Ethernet MAC. */
-static inline DeviceState *
-etraxfs_eth_init(NICInfo *nd, hwaddr base, int phyaddr,
- void *dma_out, void *dma_in)
-{
- DeviceState *dev;
- qemu_check_nic_model(nd, "fseth");
-
- dev = qdev_create(NULL, "etraxfs-eth");
- qdev_set_nic_properties(dev, nd);
- qdev_prop_set_uint32(dev, "phyaddr", phyaddr);
- qdev_prop_set_ptr(dev, "dma_out", dma_out);
- qdev_prop_set_ptr(dev, "dma_in", dma_in);
- qdev_init_nofail(dev);
- sysbus_mmio_map(sysbus_from_qdev(dev), 0, base);
- return dev;
-}
diff --git a/hw/etraxfs_dma.c b/hw/etraxfs_dma.c
deleted file mode 100644
index 49221abc1..000000000
--- a/hw/etraxfs_dma.c
+++ /dev/null
@@ -1,781 +0,0 @@
-/*
- * QEMU ETRAX DMA Controller.
- *
- * Copyright (c) 2008 Edgar E. Iglesias, Axis Communications AB.
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
- * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
- * THE SOFTWARE.
- */
-#include <stdio.h>
-#include <sys/time.h>
-#include "hw.h"
-#include "exec-memory.h"
-#include "qemu-common.h"
-#include "sysemu.h"
-
-#include "etraxfs_dma.h"
-
-#define D(x)
-
-#define RW_DATA (0x0 / 4)
-#define RW_SAVED_DATA (0x58 / 4)
-#define RW_SAVED_DATA_BUF (0x5c / 4)
-#define RW_GROUP (0x60 / 4)
-#define RW_GROUP_DOWN (0x7c / 4)
-#define RW_CMD (0x80 / 4)
-#define RW_CFG (0x84 / 4)
-#define RW_STAT (0x88 / 4)
-#define RW_INTR_MASK (0x8c / 4)
-#define RW_ACK_INTR (0x90 / 4)
-#define R_INTR (0x94 / 4)
-#define R_MASKED_INTR (0x98 / 4)
-#define RW_STREAM_CMD (0x9c / 4)
-
-#define DMA_REG_MAX (0x100 / 4)
-
-/* descriptors */
-
-// ------------------------------------------------------------ dma_descr_group
-typedef struct dma_descr_group {
- uint32_t next;
- unsigned eol : 1;
- unsigned tol : 1;
- unsigned bol : 1;
- unsigned : 1;
- unsigned intr : 1;
- unsigned : 2;
- unsigned en : 1;
- unsigned : 7;
- unsigned dis : 1;
- unsigned md : 16;
- struct dma_descr_group *up;
- union {
- struct dma_descr_context *context;
- struct dma_descr_group *group;
- } down;
-} dma_descr_group;
-
-// ---------------------------------------------------------- dma_descr_context
-typedef struct dma_descr_context {
- uint32_t next;
- unsigned eol : 1;
- unsigned : 3;
- unsigned intr : 1;
- unsigned : 1;
- unsigned store_mode : 1;
- unsigned en : 1;
- unsigned : 7;
- unsigned dis : 1;
- unsigned md0 : 16;
- unsigned md1;
- unsigned md2;
- unsigned md3;
- unsigned md4;
- uint32_t saved_data;
- uint32_t saved_data_buf;
-} dma_descr_context;
-
-// ------------------------------------------------------------- dma_descr_data
-typedef struct dma_descr_data {
- uint32_t next;
- uint32_t buf;
- unsigned eol : 1;
- unsigned : 2;
- unsigned out_eop : 1;
- unsigned intr : 1;
- unsigned wait : 1;
- unsigned : 2;
- unsigned : 3;
- unsigned in_eop : 1;
- unsigned : 4;
- unsigned md : 16;
- uint32_t after;
-} dma_descr_data;
-
-/* Constants */
-enum {
- regk_dma_ack_pkt = 0x00000100,
- regk_dma_anytime = 0x00000001,
- regk_dma_array = 0x00000008,
- regk_dma_burst = 0x00000020,
- regk_dma_client = 0x00000002,
- regk_dma_copy_next = 0x00000010,
- regk_dma_copy_up = 0x00000020,
- regk_dma_data_at_eol = 0x00000001,
- regk_dma_dis_c = 0x00000010,
- regk_dma_dis_g = 0x00000020,
- regk_dma_idle = 0x00000001,
- regk_dma_intern = 0x00000004,
- regk_dma_load_c = 0x00000200,
- regk_dma_load_c_n = 0x00000280,
- regk_dma_load_c_next = 0x00000240,
- regk_dma_load_d = 0x00000140,
- regk_dma_load_g = 0x00000300,
- regk_dma_load_g_down = 0x000003c0,
- regk_dma_load_g_next = 0x00000340,
- regk_dma_load_g_up = 0x00000380,
- regk_dma_next_en = 0x00000010,
- regk_dma_next_pkt = 0x00000010,
- regk_dma_no = 0x00000000,
- regk_dma_only_at_wait = 0x00000000,
- regk_dma_restore = 0x00000020,
- regk_dma_rst = 0x00000001,
- regk_dma_running = 0x00000004,
- regk_dma_rw_cfg_default = 0x00000000,
- regk_dma_rw_cmd_default = 0x00000000,
- regk_dma_rw_intr_mask_default = 0x00000000,
- regk_dma_rw_stat_default = 0x00000101,
- regk_dma_rw_stream_cmd_default = 0x00000000,
- regk_dma_save_down = 0x00000020,
- regk_dma_save_up = 0x00000020,
- regk_dma_set_reg = 0x00000050,
- regk_dma_set_w_size1 = 0x00000190,
- regk_dma_set_w_size2 = 0x000001a0,
- regk_dma_set_w_size4 = 0x000001c0,
- regk_dma_stopped = 0x00000002,
- regk_dma_store_c = 0x00000002,
- regk_dma_store_descr = 0x00000000,
- regk_dma_store_g = 0x00000004,
- regk_dma_store_md = 0x00000001,
- regk_dma_sw = 0x00000008,
- regk_dma_update_down = 0x00000020,
- regk_dma_yes = 0x00000001
-};
-
-enum dma_ch_state
-{
- RST = 1,
- STOPPED = 2,
- RUNNING = 4
-};
-
-struct fs_dma_channel
-{
- qemu_irq irq;
- struct etraxfs_dma_client *client;
-
- /* Internal status. */
- int stream_cmd_src;
- enum dma_ch_state state;
-
- unsigned int input : 1;
- unsigned int eol : 1;
-
- struct dma_descr_group current_g;
- struct dma_descr_context current_c;
- struct dma_descr_data current_d;
-
- /* Control registers. */
- uint32_t regs[DMA_REG_MAX];
-};
-
-struct fs_dma_ctrl
-{
- MemoryRegion mmio;
- int nr_channels;
- struct fs_dma_channel *channels;
-
- QEMUBH *bh;
-};
-
-static void DMA_run(void *opaque);
-static int channel_out_run(struct fs_dma_ctrl *ctrl, int c);
-
-static inline uint32_t channel_reg(struct fs_dma_ctrl *ctrl, int c, int reg)
-{
- return ctrl->channels[c].regs[reg];
-}
-
-static inline int channel_stopped(struct fs_dma_ctrl *ctrl, int c)
-{
- return channel_reg(ctrl, c, RW_CFG) & 2;
-}
-
-static inline int channel_en(struct fs_dma_ctrl *ctrl, int c)
-{
- return (channel_reg(ctrl, c, RW_CFG) & 1)
- && ctrl->channels[c].client;
-}
-
-static inline int fs_channel(hwaddr addr)
-{
- /* Every channel has a 0x2000 ctrl register map. */
- return addr >> 13;
-}
-
-#ifdef USE_THIS_DEAD_CODE
-static void channel_load_g(struct fs_dma_ctrl *ctrl, int c)
-{
- hwaddr addr = channel_reg(ctrl, c, RW_GROUP);
-
- /* Load and decode. FIXME: handle endianness. */
- cpu_physical_memory_read (addr,
- (void *) &ctrl->channels[c].current_g,
- sizeof ctrl->channels[c].current_g);
-}
-
-static void dump_c(int ch, struct dma_descr_context *c)
-{
- printf("%s ch=%d\n", __func__, ch);
- printf("next=%x\n", c->next);
- printf("saved_data=%x\n", c->saved_data);
- printf("saved_data_buf=%x\n", c->saved_data_buf);
- printf("eol=%x\n", (uint32_t) c->eol);
-}
-
-static void dump_d(int ch, struct dma_descr_data *d)
-{
- printf("%s ch=%d\n", __func__, ch);
- printf("next=%x\n", d->next);
- printf("buf=%x\n", d->buf);
- printf("after=%x\n", d->after);
- printf("intr=%x\n", (uint32_t) d->intr);
- printf("out_eop=%x\n", (uint32_t) d->out_eop);
- printf("in_eop=%x\n", (uint32_t) d->in_eop);
- printf("eol=%x\n", (uint32_t) d->eol);
-}
-#endif
-
-static void channel_load_c(struct fs_dma_ctrl *ctrl, int c)
-{
- hwaddr addr = channel_reg(ctrl, c, RW_GROUP_DOWN);
-
- /* Load and decode. FIXME: handle endianness. */
- cpu_physical_memory_read (addr,
- (void *) &ctrl->channels[c].current_c,
- sizeof ctrl->channels[c].current_c);
-
- D(dump_c(c, &ctrl->channels[c].current_c));
- /* I guess this should update the current pos. */
- ctrl->channels[c].regs[RW_SAVED_DATA] =
- (uint32_t)(unsigned long)ctrl->channels[c].current_c.saved_data;
- ctrl->channels[c].regs[RW_SAVED_DATA_BUF] =
- (uint32_t)(unsigned long)ctrl->channels[c].current_c.saved_data_buf;
-}
-
-static void channel_load_d(struct fs_dma_ctrl *ctrl, int c)
-{
- hwaddr addr = channel_reg(ctrl, c, RW_SAVED_DATA);
-
- /* Load and decode. FIXME: handle endianness. */
- D(printf("%s ch=%d addr=" TARGET_FMT_plx "\n", __func__, c, addr));
- cpu_physical_memory_read (addr,
- (void *) &ctrl->channels[c].current_d,
- sizeof ctrl->channels[c].current_d);
-
- D(dump_d(c, &ctrl->channels[c].current_d));
- ctrl->channels[c].regs[RW_DATA] = addr;
-}
-
-static void channel_store_c(struct fs_dma_ctrl *ctrl, int c)
-{
- hwaddr addr = channel_reg(ctrl, c, RW_GROUP_DOWN);
-
- /* Encode and store. FIXME: handle endianness. */
- D(printf("%s ch=%d addr=" TARGET_FMT_plx "\n", __func__, c, addr));
- D(dump_d(c, &ctrl->channels[c].current_d));
- cpu_physical_memory_write (addr,
- (void *) &ctrl->channels[c].current_c,
- sizeof ctrl->channels[c].current_c);
-}
-
-static void channel_store_d(struct fs_dma_ctrl *ctrl, int c)
-{
- hwaddr addr = channel_reg(ctrl, c, RW_SAVED_DATA);
-
- /* Encode and store. FIXME: handle endianness. */
- D(printf("%s ch=%d addr=" TARGET_FMT_plx "\n", __func__, c, addr));
- cpu_physical_memory_write (addr,
- (void *) &ctrl->channels[c].current_d,
- sizeof ctrl->channels[c].current_d);
-}
-
-static inline void channel_stop(struct fs_dma_ctrl *ctrl, int c)
-{
- /* FIXME: */
-}
-
-static inline void channel_start(struct fs_dma_ctrl *ctrl, int c)
-{
- if (ctrl->channels[c].client)
- {
- ctrl->channels[c].eol = 0;
- ctrl->channels[c].state = RUNNING;
- if (!ctrl->channels[c].input)
- channel_out_run(ctrl, c);
- } else
- printf("WARNING: starting DMA ch %d with no client\n", c);
-
- qemu_bh_schedule_idle(ctrl->bh);
-}
-
-static void channel_continue(struct fs_dma_ctrl *ctrl, int c)
-{
- if (!channel_en(ctrl, c)
- || channel_stopped(ctrl, c)
- || ctrl->channels[c].state != RUNNING
- /* Only reload the current data descriptor if it has eol set. */
- || !ctrl->channels[c].current_d.eol) {
- D(printf("continue failed ch=%d state=%d stopped=%d en=%d eol=%d\n",
- c, ctrl->channels[c].state,
- channel_stopped(ctrl, c),
- channel_en(ctrl,c),
- ctrl->channels[c].eol));
- D(dump_d(c, &ctrl->channels[c].current_d));
- return;
- }
-
- /* Reload the current descriptor. */
- channel_load_d(ctrl, c);
-
- /* If the current descriptor cleared the eol flag and we had already
- reached eol state, do the continue. */
- if (!ctrl->channels[c].current_d.eol && ctrl->channels[c].eol) {
- D(printf("continue %d ok %x\n", c,
- ctrl->channels[c].current_d.next));
- ctrl->channels[c].regs[RW_SAVED_DATA] =
- (uint32_t)(unsigned long)ctrl->channels[c].current_d.next;
- channel_load_d(ctrl, c);
- ctrl->channels[c].regs[RW_SAVED_DATA_BUF] =
- (uint32_t)(unsigned long)ctrl->channels[c].current_d.buf;
-
- channel_start(ctrl, c);
- }
- ctrl->channels[c].regs[RW_SAVED_DATA_BUF] =
- (uint32_t)(unsigned long)ctrl->channels[c].current_d.buf;
-}
-
-static void channel_stream_cmd(struct fs_dma_ctrl *ctrl, int c, uint32_t v)
-{
- unsigned int cmd = v & ((1 << 10) - 1);
-
- D(printf("%s ch=%d cmd=%x\n",
- __func__, c, cmd));
- if (cmd & regk_dma_load_d) {
- channel_load_d(ctrl, c);
- if (cmd & regk_dma_burst)
- channel_start(ctrl, c);
- }
-
- if (cmd & regk_dma_load_c) {
- channel_load_c(ctrl, c);
- }
-}
-
-static void channel_update_irq(struct fs_dma_ctrl *ctrl, int c)
-{
- D(printf("%s %d\n", __func__, c));
- ctrl->channels[c].regs[R_INTR] &=
- ~(ctrl->channels[c].regs[RW_ACK_INTR]);
-
- ctrl->channels[c].regs[R_MASKED_INTR] =
- ctrl->channels[c].regs[R_INTR]
- & ctrl->channels[c].regs[RW_INTR_MASK];
-
- D(printf("%s: chan=%d masked_intr=%x\n", __func__,
- c,
- ctrl->channels[c].regs[R_MASKED_INTR]));
-
- qemu_set_irq(ctrl->channels[c].irq,
- !!ctrl->channels[c].regs[R_MASKED_INTR]);
-}
-
-static int channel_out_run(struct fs_dma_ctrl *ctrl, int c)
-{
- uint32_t len;
- uint32_t saved_data_buf;
- unsigned char buf[2 * 1024];
-
- struct dma_context_metadata meta;
- bool send_context = true;
-
- if (ctrl->channels[c].eol)
- return 0;
-
- do {
- bool out_eop;
- D(printf("ch=%d buf=%x after=%x\n",
- c,
- (uint32_t)ctrl->channels[c].current_d.buf,
- (uint32_t)ctrl->channels[c].current_d.after));
-
- if (send_context) {
- if (ctrl->channels[c].client->client.metadata_push) {
- meta.metadata = ctrl->channels[c].current_d.md;
- ctrl->channels[c].client->client.metadata_push(
- ctrl->channels[c].client->client.opaque,
- &meta);
- }
- send_context = false;
- }
-
- channel_load_d(ctrl, c);
- saved_data_buf = channel_reg(ctrl, c, RW_SAVED_DATA_BUF);
- len = (uint32_t)(unsigned long)
- ctrl->channels[c].current_d.after;
- len -= saved_data_buf;
-
- if (len > sizeof buf)
- len = sizeof buf;
- cpu_physical_memory_read (saved_data_buf, buf, len);
-
- out_eop = ((saved_data_buf + len) ==
- ctrl->channels[c].current_d.after) &&
- ctrl->channels[c].current_d.out_eop;
-
- D(printf("channel %d pushes %x %u bytes eop=%u\n", c,
- saved_data_buf, len, out_eop));
-
- if (ctrl->channels[c].client->client.push)
- ctrl->channels[c].client->client.push(
- ctrl->channels[c].client->client.opaque,
- buf, len, out_eop);
- else
- printf("WARNING: DMA ch%d dataloss,"
- " no attached client.\n", c);
-
- saved_data_buf += len;
-
- if (saved_data_buf == (uint32_t)(unsigned long)
- ctrl->channels[c].current_d.after) {
- /* Done. Step to next. */
- if (ctrl->channels[c].current_d.out_eop) {
- send_context = true;
- }
- if (ctrl->channels[c].current_d.intr) {
- /* data intr. */
- D(printf("signal intr %d eol=%d\n",
- len, ctrl->channels[c].current_d.eol));
- ctrl->channels[c].regs[R_INTR] |= (1 << 2);
- channel_update_irq(ctrl, c);
- }
- channel_store_d(ctrl, c);
- if (ctrl->channels[c].current_d.eol) {
- D(printf("channel %d EOL\n", c));
- ctrl->channels[c].eol = 1;
-
- /* Mark the context as disabled. */
- ctrl->channels[c].current_c.dis = 1;
- channel_store_c(ctrl, c);
-
- channel_stop(ctrl, c);
- } else {
- ctrl->channels[c].regs[RW_SAVED_DATA] =
- (uint32_t)(unsigned long)ctrl->
- channels[c].current_d.next;
- /* Load new descriptor. */
- channel_load_d(ctrl, c);
- saved_data_buf = (uint32_t)(unsigned long)
- ctrl->channels[c].current_d.buf;
- }
-
- ctrl->channels[c].regs[RW_SAVED_DATA_BUF] =
- saved_data_buf;
- D(dump_d(c, &ctrl->channels[c].current_d));
- }
- ctrl->channels[c].regs[RW_SAVED_DATA_BUF] = saved_data_buf;
- } while (!ctrl->channels[c].eol);
- return 1;
-}
-
-static int channel_in_process(struct fs_dma_ctrl *ctrl, int c,
- unsigned char *buf, int buflen, int eop)
-{
- uint32_t len;
- uint32_t saved_data_buf;
-
- if (ctrl->channels[c].eol == 1)
- return 0;
-
- channel_load_d(ctrl, c);
- saved_data_buf = channel_reg(ctrl, c, RW_SAVED_DATA_BUF);
- len = (uint32_t)(unsigned long)ctrl->channels[c].current_d.after;
- len -= saved_data_buf;
-
- if (len > buflen)
- len = buflen;
-
- cpu_physical_memory_write (saved_data_buf, buf, len);
- saved_data_buf += len;
-
- if (saved_data_buf ==
- (uint32_t)(unsigned long)ctrl->channels[c].current_d.after
- || eop) {
- uint32_t r_intr = ctrl->channels[c].regs[R_INTR];
-
- D(printf("in dscr end len=%d\n",
- ctrl->channels[c].current_d.after
- - ctrl->channels[c].current_d.buf));
- ctrl->channels[c].current_d.after = saved_data_buf;
-
- /* Done. Step to next. */
- if (ctrl->channels[c].current_d.intr) {
- /* TODO: signal eop to the client. */
- /* data intr. */
- ctrl->channels[c].regs[R_INTR] |= 3;
- }
- if (eop) {
- ctrl->channels[c].current_d.in_eop = 1;
- ctrl->channels[c].regs[R_INTR] |= 8;
- }
- if (r_intr != ctrl->channels[c].regs[R_INTR])
- channel_update_irq(ctrl, c);
-
- channel_store_d(ctrl, c);
- D(dump_d(c, &ctrl->channels[c].current_d));
-
- if (ctrl->channels[c].current_d.eol) {
- D(printf("channel %d EOL\n", c));
- ctrl->channels[c].eol = 1;
-
- /* Mark the context as disabled. */
- ctrl->channels[c].current_c.dis = 1;
- channel_store_c(ctrl, c);
-
- channel_stop(ctrl, c);
- } else {
- ctrl->channels[c].regs[RW_SAVED_DATA] =
- (uint32_t)(unsigned long)ctrl->
- channels[c].current_d.next;
- /* Load new descriptor. */
- channel_load_d(ctrl, c);
- saved_data_buf = (uint32_t)(unsigned long)
- ctrl->channels[c].current_d.buf;
- }
- }
-
- ctrl->channels[c].regs[RW_SAVED_DATA_BUF] = saved_data_buf;
- return len;
-}
-
-static inline int channel_in_run(struct fs_dma_ctrl *ctrl, int c)
-{
- if (ctrl->channels[c].client->client.pull) {
- ctrl->channels[c].client->client.pull(
- ctrl->channels[c].client->client.opaque);
- return 1;
- } else
- return 0;
-}
-
-static uint32_t dma_rinvalid (void *opaque, hwaddr addr)
-{
- hw_error("Unsupported short raccess. reg=" TARGET_FMT_plx "\n", addr);
- return 0;
-}
-
-static uint64_t
-dma_read(void *opaque, hwaddr addr, unsigned int size)
-{
- struct fs_dma_ctrl *ctrl = opaque;
- int c;
- uint32_t r = 0;
-
- if (size != 4) {
- dma_rinvalid(opaque, addr);
- }
-
- /* Make addr relative to this channel and bounded to nr regs. */
- c = fs_channel(addr);
- addr &= 0xff;
- addr >>= 2;
- switch (addr)
- {
- case RW_STAT:
- r = ctrl->channels[c].state & 7;
- r |= ctrl->channels[c].eol << 5;
- r |= ctrl->channels[c].stream_cmd_src << 8;
- break;
-
- default:
- r = ctrl->channels[c].regs[addr];
- D(printf ("%s c=%d addr=" TARGET_FMT_plx "\n",
- __func__, c, addr));
- break;
- }
- return r;
-}
-
-static void
-dma_winvalid (void *opaque, hwaddr addr, uint32_t value)
-{
- hw_error("Unsupported short waccess. reg=" TARGET_FMT_plx "\n", addr);
-}
-
-static void
-dma_update_state(struct fs_dma_ctrl *ctrl, int c)
-{
- if (ctrl->channels[c].regs[RW_CFG] & 2)
- ctrl->channels[c].state = STOPPED;
- if (!(ctrl->channels[c].regs[RW_CFG] & 1))
- ctrl->channels[c].state = RST;
-}
-
-static void
-dma_write(void *opaque, hwaddr addr,
- uint64_t val64, unsigned int size)
-{
- struct fs_dma_ctrl *ctrl = opaque;
- uint32_t value = val64;
- int c;
-
- if (size != 4) {
- dma_winvalid(opaque, addr, value);
- }
-
- /* Make addr relative to this channel and bounded to nr regs. */
- c = fs_channel(addr);
- addr &= 0xff;
- addr >>= 2;
- switch (addr)
- {
- case RW_DATA:
- ctrl->channels[c].regs[addr] = value;
- break;
-
- case RW_CFG:
- ctrl->channels[c].regs[addr] = value;
- dma_update_state(ctrl, c);
- break;
- case RW_CMD:
- /* continue. */
- if (value & ~1)
- printf("Invalid store to ch=%d RW_CMD %x\n",
- c, value);
- ctrl->channels[c].regs[addr] = value;
- channel_continue(ctrl, c);
- break;
-
- case RW_SAVED_DATA:
- case RW_SAVED_DATA_BUF:
- case RW_GROUP:
- case RW_GROUP_DOWN:
- ctrl->channels[c].regs[addr] = value;
- break;
-
- case RW_ACK_INTR:
- case RW_INTR_MASK:
- ctrl->channels[c].regs[addr] = value;
- channel_update_irq(ctrl, c);
- if (addr == RW_ACK_INTR)
- ctrl->channels[c].regs[RW_ACK_INTR] = 0;
- break;
-
- case RW_STREAM_CMD:
- if (value & ~1023)
- printf("Invalid store to ch=%d "
- "RW_STREAMCMD %x\n",
- c, value);
- ctrl->channels[c].regs[addr] = value;
- D(printf("stream_cmd ch=%d\n", c));
- channel_stream_cmd(ctrl, c, value);
- break;
-
- default:
- D(printf ("%s c=%d " TARGET_FMT_plx "\n",
- __func__, c, addr));
- break;
- }
-}
-
-static const MemoryRegionOps dma_ops = {
- .read = dma_read,
- .write = dma_write,
- .endianness = DEVICE_NATIVE_ENDIAN,
- .valid = {
- .min_access_size = 1,
- .max_access_size = 4
- }
-};
-
-static int etraxfs_dmac_run(void *opaque)
-{
- struct fs_dma_ctrl *ctrl = opaque;
- int i;
- int p = 0;
-
- for (i = 0;
- i < ctrl->nr_channels;
- i++)
- {
- if (ctrl->channels[i].state == RUNNING)
- {
- if (ctrl->channels[i].input) {
- p += channel_in_run(ctrl, i);
- } else {
- p += channel_out_run(ctrl, i);
- }
- }
- }
- return p;
-}
-
-int etraxfs_dmac_input(struct etraxfs_dma_client *client,
- void *buf, int len, int eop)
-{
- return channel_in_process(client->ctrl, client->channel,
- buf, len, eop);
-}
-
-/* Connect an IRQ line with a channel. */
-void etraxfs_dmac_connect(void *opaque, int c, qemu_irq *line, int input)
-{
- struct fs_dma_ctrl *ctrl = opaque;
- ctrl->channels[c].irq = *line;
- ctrl->channels[c].input = input;
-}
-
-void etraxfs_dmac_connect_client(void *opaque, int c,
- struct etraxfs_dma_client *cl)
-{
- struct fs_dma_ctrl *ctrl = opaque;
- cl->ctrl = ctrl;
- cl->channel = c;
- ctrl->channels[c].client = cl;
-}
-
-
-static void DMA_run(void *opaque)
-{
- struct fs_dma_ctrl *etraxfs_dmac = opaque;
- int p = 1;
-
- if (runstate_is_running())
- p = etraxfs_dmac_run(etraxfs_dmac);
-
- if (p)
- qemu_bh_schedule_idle(etraxfs_dmac->bh);
-}
-
-void *etraxfs_dmac_init(hwaddr base, int nr_channels)
-{
- struct fs_dma_ctrl *ctrl = NULL;
-
- ctrl = g_malloc0(sizeof *ctrl);
-
- ctrl->bh = qemu_bh_new(DMA_run, ctrl);
-
- ctrl->nr_channels = nr_channels;
- ctrl->channels = g_malloc0(sizeof ctrl->channels[0] * nr_channels);
-
- memory_region_init_io(&ctrl->mmio, &dma_ops, ctrl, "etraxfs-dma",
- nr_channels * 0x2000);
- memory_region_add_subregion(get_system_memory(), base, &ctrl->mmio);
-
- return ctrl;
-}
diff --git a/hw/etraxfs_dma.h b/hw/etraxfs_dma.h
deleted file mode 100644
index 3fef80fae..000000000
--- a/hw/etraxfs_dma.h
+++ /dev/null
@@ -1,29 +0,0 @@
-struct dma_context_metadata {
- /* data descriptor md */
- uint16_t metadata;
-};
-
-struct etraxfs_dma_client
-{
- /* DMA controller. */
- int channel;
- void *ctrl;
-
- /* client. */
- struct {
- int (*push)(void *opaque, unsigned char *buf,
- int len, bool eop);
- void (*pull)(void *opaque);
- void (*metadata_push)(void *opaque,
- const struct dma_context_metadata *md);
- void *opaque;
- } client;
-};
-
-void *etraxfs_dmac_init(hwaddr base, int nr_channels);
-void etraxfs_dmac_connect(void *opaque, int channel, qemu_irq *line,
- int input);
-void etraxfs_dmac_connect_client(void *opaque, int c,
- struct etraxfs_dma_client *cl);
-int etraxfs_dmac_input(struct etraxfs_dma_client *client,
- void *buf, int len, int eop);
diff --git a/hw/etraxfs_eth.c b/hw/etraxfs_eth.c
deleted file mode 100644
index 3d4242682..000000000
--- a/hw/etraxfs_eth.c
+++ /dev/null
@@ -1,645 +0,0 @@
-/*
- * QEMU ETRAX Ethernet Controller.
- *
- * Copyright (c) 2008 Edgar E. Iglesias, Axis Communications AB.
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
- * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
- * THE SOFTWARE.
- */
-
-#include <stdio.h>
-#include "sysbus.h"
-#include "net.h"
-#include "etraxfs.h"
-
-#define D(x)
-
-/* Advertisement control register. */
-#define ADVERTISE_10HALF 0x0020 /* Try for 10mbps half-duplex */
-#define ADVERTISE_10FULL 0x0040 /* Try for 10mbps full-duplex */
-#define ADVERTISE_100HALF 0x0080 /* Try for 100mbps half-duplex */
-#define ADVERTISE_100FULL 0x0100 /* Try for 100mbps full-duplex */
-
-/*
- * The MDIO extensions in the TDK PHY model were reversed engineered from the
- * linux driver (PHYID and Diagnostics reg).
- * TODO: Add friendly names for the register nums.
- */
-struct qemu_phy
-{
- uint32_t regs[32];
-
- int link;
-
- unsigned int (*read)(struct qemu_phy *phy, unsigned int req);
- void (*write)(struct qemu_phy *phy, unsigned int req,
- unsigned int data);
-};
-
-static unsigned int tdk_read(struct qemu_phy *phy, unsigned int req)
-{
- int regnum;
- unsigned r = 0;
-
- regnum = req & 0x1f;
-
- switch (regnum) {
- case 1:
- if (!phy->link)
- break;
- /* MR1. */
- /* Speeds and modes. */
- r |= (1 << 13) | (1 << 14);
- r |= (1 << 11) | (1 << 12);
- r |= (1 << 5); /* Autoneg complete. */
- r |= (1 << 3); /* Autoneg able. */
- r |= (1 << 2); /* link. */
- break;
- case 5:
- /* Link partner ability.
- We are kind; always agree with whatever best mode
- the guest advertises. */
- r = 1 << 14; /* Success. */
- /* Copy advertised modes. */
- r |= phy->regs[4] & (15 << 5);
- /* Autoneg support. */
- r |= 1;
- break;
- case 18:
- {
- /* Diagnostics reg. */
- int duplex = 0;
- int speed_100 = 0;
-
- if (!phy->link)
- break;
-
- /* Are we advertising 100 half or 100 duplex ? */
- speed_100 = !!(phy->regs[4] & ADVERTISE_100HALF);
- speed_100 |= !!(phy->regs[4] & ADVERTISE_100FULL);
-
- /* Are we advertising 10 duplex or 100 duplex ? */
- duplex = !!(phy->regs[4] & ADVERTISE_100FULL);
- duplex |= !!(phy->regs[4] & ADVERTISE_10FULL);
- r = (speed_100 << 10) | (duplex << 11);
- }
- break;
-
- default:
- r = phy->regs[regnum];
- break;
- }
- D(printf("\n%s %x = reg[%d]\n", __func__, r, regnum));
- return r;
-}
-
-static void
-tdk_write(struct qemu_phy *phy, unsigned int req, unsigned int data)
-{
- int regnum;
-
- regnum = req & 0x1f;
- D(printf("%s reg[%d] = %x\n", __func__, regnum, data));
- switch (regnum) {
- default:
- phy->regs[regnum] = data;
- break;
- }
-}
-
-static void
-tdk_init(struct qemu_phy *phy)
-{
- phy->regs[0] = 0x3100;
- /* PHY Id. */
- phy->regs[2] = 0x0300;
- phy->regs[3] = 0xe400;
- /* Autonegotiation advertisement reg. */
- phy->regs[4] = 0x01E1;
- phy->link = 1;
-
- phy->read = tdk_read;
- phy->write = tdk_write;
-}
-
-struct qemu_mdio
-{
- /* bus. */
- int mdc;
- int mdio;
-
- /* decoder. */
- enum {
- PREAMBLE,
- SOF,
- OPC,
- ADDR,
- REQ,
- TURNAROUND,
- DATA
- } state;
- unsigned int drive;
-
- unsigned int cnt;
- unsigned int addr;
- unsigned int opc;
- unsigned int req;
- unsigned int data;
-
- struct qemu_phy *devs[32];
-};
-
-static void
-mdio_attach(struct qemu_mdio *bus, struct qemu_phy *phy, unsigned int addr)
-{
- bus->devs[addr & 0x1f] = phy;
-}
-
-#ifdef USE_THIS_DEAD_CODE
-static void
-mdio_detach(struct qemu_mdio *bus, struct qemu_phy *phy, unsigned int addr)
-{
- bus->devs[addr & 0x1f] = NULL;
-}
-#endif
-
-static void mdio_read_req(struct qemu_mdio *bus)
-{
- struct qemu_phy *phy;
-
- phy = bus->devs[bus->addr];
- if (phy && phy->read)
- bus->data = phy->read(phy, bus->req);
- else
- bus->data = 0xffff;
-}
-
-static void mdio_write_req(struct qemu_mdio *bus)
-{
- struct qemu_phy *phy;
-
- phy = bus->devs[bus->addr];
- if (phy && phy->write)
- phy->write(phy, bus->req, bus->data);
-}
-
-static void mdio_cycle(struct qemu_mdio *bus)
-{
- bus->cnt++;
-
- D(printf("mdc=%d mdio=%d state=%d cnt=%d drv=%d\n",
- bus->mdc, bus->mdio, bus->state, bus->cnt, bus->drive));
-#if 0
- if (bus->mdc)
- printf("%d", bus->mdio);
-#endif
- switch (bus->state)
- {
- case PREAMBLE:
- if (bus->mdc) {
- if (bus->cnt >= (32 * 2) && !bus->mdio) {
- bus->cnt = 0;
- bus->state = SOF;
- bus->data = 0;
- }
- }
- break;
- case SOF:
- if (bus->mdc) {
- if (bus->mdio != 1)
- printf("WARNING: no SOF\n");
- if (bus->cnt == 1*2) {
- bus->cnt = 0;
- bus->opc = 0;
- bus->state = OPC;
- }
- }
- break;
- case OPC:
- if (bus->mdc) {
- bus->opc <<= 1;
- bus->opc |= bus->mdio & 1;
- if (bus->cnt == 2*2) {
- bus->cnt = 0;
- bus->addr = 0;
- bus->state = ADDR;
- }
- }
- break;
- case ADDR:
- if (bus->mdc) {
- bus->addr <<= 1;
- bus->addr |= bus->mdio & 1;
-
- if (bus->cnt == 5*2) {
- bus->cnt = 0;
- bus->req = 0;
- bus->state = REQ;
- }
- }
- break;
- case REQ:
- if (bus->mdc) {
- bus->req <<= 1;
- bus->req |= bus->mdio & 1;
- if (bus->cnt == 5*2) {
- bus->cnt = 0;
- bus->state = TURNAROUND;
- }
- }
- break;
- case TURNAROUND:
- if (bus->mdc && bus->cnt == 2*2) {
- bus->mdio = 0;
- bus->cnt = 0;
-
- if (bus->opc == 2) {
- bus->drive = 1;
- mdio_read_req(bus);
- bus->mdio = bus->data & 1;
- }
- bus->state = DATA;
- }
- break;
- case DATA:
- if (!bus->mdc) {
- if (bus->drive) {
- bus->mdio = !!(bus->data & (1 << 15));
- bus->data <<= 1;
- }
- } else {
- if (!bus->drive) {
- bus->data <<= 1;
- bus->data |= bus->mdio;
- }
- if (bus->cnt == 16 * 2) {
- bus->cnt = 0;
- bus->state = PREAMBLE;
- if (!bus->drive)
- mdio_write_req(bus);
- bus->drive = 0;
- }
- }
- break;
- default:
- break;
- }
-}
-
-/* ETRAX-FS Ethernet MAC block starts here. */
-
-#define RW_MA0_LO 0x00
-#define RW_MA0_HI 0x01
-#define RW_MA1_LO 0x02
-#define RW_MA1_HI 0x03
-#define RW_GA_LO 0x04
-#define RW_GA_HI 0x05
-#define RW_GEN_CTRL 0x06
-#define RW_REC_CTRL 0x07
-#define RW_TR_CTRL 0x08
-#define RW_CLR_ERR 0x09
-#define RW_MGM_CTRL 0x0a
-#define R_STAT 0x0b
-#define FS_ETH_MAX_REGS 0x17
-
-struct fs_eth
-{
- SysBusDevice busdev;
- MemoryRegion mmio;
- NICState *nic;
- NICConf conf;
-
- /* Two addrs in the filter. */
- uint8_t macaddr[2][6];
- uint32_t regs[FS_ETH_MAX_REGS];
-
- union {
- void *vdma_out;
- struct etraxfs_dma_client *dma_out;
- };
- union {
- void *vdma_in;
- struct etraxfs_dma_client *dma_in;
- };
-
- /* MDIO bus. */
- struct qemu_mdio mdio_bus;
- unsigned int phyaddr;
- int duplex_mismatch;
-
- /* PHY. */
- struct qemu_phy phy;
-};
-
-static void eth_validate_duplex(struct fs_eth *eth)
-{
- struct qemu_phy *phy;
- unsigned int phy_duplex;
- unsigned int mac_duplex;
- int new_mm = 0;
-
- phy = eth->mdio_bus.devs[eth->phyaddr];
- phy_duplex = !!(phy->read(phy, 18) & (1 << 11));
- mac_duplex = !!(eth->regs[RW_REC_CTRL] & 128);
-
- if (mac_duplex != phy_duplex)
- new_mm = 1;
-
- if (eth->regs[RW_GEN_CTRL] & 1) {
- if (new_mm != eth->duplex_mismatch) {
- if (new_mm)
- printf("HW: WARNING "
- "ETH duplex mismatch MAC=%d PHY=%d\n",
- mac_duplex, phy_duplex);
- else
- printf("HW: ETH duplex ok.\n");
- }
- eth->duplex_mismatch = new_mm;
- }
-}
-
-static uint64_t
-eth_read(void *opaque, hwaddr addr, unsigned int size)
-{
- struct fs_eth *eth = opaque;
- uint32_t r = 0;
-
- addr >>= 2;
-
- switch (addr) {
- case R_STAT:
- r = eth->mdio_bus.mdio & 1;
- break;
- default:
- r = eth->regs[addr];
- D(printf ("%s %x\n", __func__, addr * 4));
- break;
- }
- return r;
-}
-
-static void eth_update_ma(struct fs_eth *eth, int ma)
-{
- int reg;
- int i = 0;
-
- ma &= 1;
-
- reg = RW_MA0_LO;
- if (ma)
- reg = RW_MA1_LO;
-
- eth->macaddr[ma][i++] = eth->regs[reg];
- eth->macaddr[ma][i++] = eth->regs[reg] >> 8;
- eth->macaddr[ma][i++] = eth->regs[reg] >> 16;
- eth->macaddr[ma][i++] = eth->regs[reg] >> 24;
- eth->macaddr[ma][i++] = eth->regs[reg + 1];
- eth->macaddr[ma][i] = eth->regs[reg + 1] >> 8;
-
- D(printf("set mac%d=%x.%x.%x.%x.%x.%x\n", ma,
- eth->macaddr[ma][0], eth->macaddr[ma][1],
- eth->macaddr[ma][2], eth->macaddr[ma][3],
- eth->macaddr[ma][4], eth->macaddr[ma][5]));
-}
-
-static void
-eth_write(void *opaque, hwaddr addr,
- uint64_t val64, unsigned int size)
-{
- struct fs_eth *eth = opaque;
- uint32_t value = val64;
-
- addr >>= 2;
- switch (addr)
- {
- case RW_MA0_LO:
- case RW_MA0_HI:
- eth->regs[addr] = value;
- eth_update_ma(eth, 0);
- break;
- case RW_MA1_LO:
- case RW_MA1_HI:
- eth->regs[addr] = value;
- eth_update_ma(eth, 1);
- break;
-
- case RW_MGM_CTRL:
- /* Attach an MDIO/PHY abstraction. */
- if (value & 2)
- eth->mdio_bus.mdio = value & 1;
- if (eth->mdio_bus.mdc != (value & 4)) {
- mdio_cycle(&eth->mdio_bus);
- eth_validate_duplex(eth);
- }
- eth->mdio_bus.mdc = !!(value & 4);
- eth->regs[addr] = value;
- break;
-
- case RW_REC_CTRL:
- eth->regs[addr] = value;
- eth_validate_duplex(eth);
- break;
-
- default:
- eth->regs[addr] = value;
- D(printf ("%s %x %x\n",
- __func__, addr, value));
- break;
- }
-}
-
-/* The ETRAX FS has a groupt address table (GAT) which works like a k=1 bloom
- filter dropping group addresses we have not joined. The filter has 64
- bits (m). The has function is a simple nible xor of the group addr. */
-static int eth_match_groupaddr(struct fs_eth *eth, const unsigned char *sa)
-{
- unsigned int hsh;
- int m_individual = eth->regs[RW_REC_CTRL] & 4;
- int match;
-
- /* First bit on the wire of a MAC address signals multicast or
- physical address. */
- if (!m_individual && !(sa[0] & 1))
- return 0;
-
- /* Calculate the hash index for the GA registers. */
- hsh = 0;
- hsh ^= (*sa) & 0x3f;
- hsh ^= ((*sa) >> 6) & 0x03;
- ++sa;
- hsh ^= ((*sa) << 2) & 0x03c;
- hsh ^= ((*sa) >> 4) & 0xf;
- ++sa;
- hsh ^= ((*sa) << 4) & 0x30;
- hsh ^= ((*sa) >> 2) & 0x3f;
- ++sa;
- hsh ^= (*sa) & 0x3f;
- hsh ^= ((*sa) >> 6) & 0x03;
- ++sa;
- hsh ^= ((*sa) << 2) & 0x03c;
- hsh ^= ((*sa) >> 4) & 0xf;
- ++sa;
- hsh ^= ((*sa) << 4) & 0x30;
- hsh ^= ((*sa) >> 2) & 0x3f;
-
- hsh &= 63;
- if (hsh > 31)
- match = eth->regs[RW_GA_HI] & (1 << (hsh - 32));
- else
- match = eth->regs[RW_GA_LO] & (1 << hsh);
- D(printf("hsh=%x ga=%x.%x mtch=%d\n", hsh,
- eth->regs[RW_GA_HI], eth->regs[RW_GA_LO], match));
- return match;
-}
-
-static int eth_can_receive(NetClientState *nc)
-{
- return 1;
-}
-
-static ssize_t eth_receive(NetClientState *nc, const uint8_t *buf, size_t size)
-{
- unsigned char sa_bcast[6] = {0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
- struct fs_eth *eth = DO_UPCAST(NICState, nc, nc)->opaque;
- int use_ma0 = eth->regs[RW_REC_CTRL] & 1;
- int use_ma1 = eth->regs[RW_REC_CTRL] & 2;
- int r_bcast = eth->regs[RW_REC_CTRL] & 8;
-
- if (size < 12)
- return -1;
-
- D(printf("%x.%x.%x.%x.%x.%x ma=%d %d bc=%d\n",
- buf[0], buf[1], buf[2], buf[3], buf[4], buf[5],
- use_ma0, use_ma1, r_bcast));
-
- /* Does the frame get through the address filters? */
- if ((!use_ma0 || memcmp(buf, eth->macaddr[0], 6))
- && (!use_ma1 || memcmp(buf, eth->macaddr[1], 6))
- && (!r_bcast || memcmp(buf, sa_bcast, 6))
- && !eth_match_groupaddr(eth, buf))
- return size;
-
- /* FIXME: Find another way to pass on the fake csum. */
- etraxfs_dmac_input(eth->dma_in, (void *)buf, size + 4, 1);
-
- return size;
-}
-
-static int eth_tx_push(void *opaque, unsigned char *buf, int len, bool eop)
-{
- struct fs_eth *eth = opaque;
-
- D(printf("%s buf=%p len=%d\n", __func__, buf, len));
- qemu_send_packet(&eth->nic->nc, buf, len);
- return len;
-}
-
-static void eth_set_link(NetClientState *nc)
-{
- struct fs_eth *eth = DO_UPCAST(NICState, nc, nc)->opaque;
- D(printf("%s %d\n", __func__, nc->link_down));
- eth->phy.link = !nc->link_down;
-}
-
-static const MemoryRegionOps eth_ops = {
- .read = eth_read,
- .write = eth_write,
- .endianness = DEVICE_LITTLE_ENDIAN,
- .valid = {
- .min_access_size = 4,
- .max_access_size = 4
- }
-};
-
-static void eth_cleanup(NetClientState *nc)
-{
- struct fs_eth *eth = DO_UPCAST(NICState, nc, nc)->opaque;
-
- /* Disconnect the client. */
- eth->dma_out->client.push = NULL;
- eth->dma_out->client.opaque = NULL;
- eth->dma_in->client.opaque = NULL;
- eth->dma_in->client.pull = NULL;
- g_free(eth);
-}
-
-static NetClientInfo net_etraxfs_info = {
- .type = NET_CLIENT_OPTIONS_KIND_NIC,
- .size = sizeof(NICState),
- .can_receive = eth_can_receive,
- .receive = eth_receive,
- .cleanup = eth_cleanup,
- .link_status_changed = eth_set_link,
-};
-
-static int fs_eth_init(SysBusDevice *dev)
-{
- struct fs_eth *s = FROM_SYSBUS(typeof(*s), dev);
-
- if (!s->dma_out || !s->dma_in) {
- hw_error("Unconnected ETRAX-FS Ethernet MAC.\n");
- }
-
- s->dma_out->client.push = eth_tx_push;
- s->dma_out->client.opaque = s;
- s->dma_in->client.opaque = s;
- s->dma_in->client.pull = NULL;
-
- memory_region_init_io(&s->mmio, &eth_ops, s, "etraxfs-eth", 0x5c);
- sysbus_init_mmio(dev, &s->mmio);
-
- qemu_macaddr_default_if_unset(&s->conf.macaddr);
- s->nic = qemu_new_nic(&net_etraxfs_info, &s->conf,
- object_get_typename(OBJECT(s)), dev->qdev.id, s);
- qemu_format_nic_info_str(&s->nic->nc, s->conf.macaddr.a);
-
- tdk_init(&s->phy);
- mdio_attach(&s->mdio_bus, &s->phy, s->phyaddr);
- return 0;
-}
-
-static Property etraxfs_eth_properties[] = {
- DEFINE_PROP_UINT32("phyaddr", struct fs_eth, phyaddr, 1),
- DEFINE_PROP_PTR("dma_out", struct fs_eth, vdma_out),
- DEFINE_PROP_PTR("dma_in", struct fs_eth, vdma_in),
- DEFINE_NIC_PROPERTIES(struct fs_eth, conf),
- DEFINE_PROP_END_OF_LIST(),
-};
-
-static void etraxfs_eth_class_init(ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS(klass);
- SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
-
- k->init = fs_eth_init;
- dc->props = etraxfs_eth_properties;
-}
-
-static TypeInfo etraxfs_eth_info = {
- .name = "etraxfs-eth",
- .parent = TYPE_SYS_BUS_DEVICE,
- .instance_size = sizeof(struct fs_eth),
- .class_init = etraxfs_eth_class_init,
-};
-
-static void etraxfs_eth_register_types(void)
-{
- type_register_static(&etraxfs_eth_info);
-}
-
-type_init(etraxfs_eth_register_types)
diff --git a/hw/etraxfs_pic.c b/hw/etraxfs_pic.c
deleted file mode 100644
index 62a62a36a..000000000
--- a/hw/etraxfs_pic.c
+++ /dev/null
@@ -1,180 +0,0 @@
-/*
- * QEMU ETRAX Interrupt Controller.
- *
- * Copyright (c) 2008 Edgar E. Iglesias, Axis Communications AB.
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
- * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
- * THE SOFTWARE.
- */
-
-#include "sysbus.h"
-#include "hw.h"
-//#include "pc.h"
-//#include "etraxfs.h"
-
-#define D(x)
-
-#define R_RW_MASK 0
-#define R_R_VECT 1
-#define R_R_MASKED_VECT 2
-#define R_R_NMI 3
-#define R_R_GURU 4
-#define R_MAX 5
-
-struct etrax_pic
-{
- SysBusDevice busdev;
- MemoryRegion mmio;
- void *interrupt_vector;
- qemu_irq parent_irq;
- qemu_irq parent_nmi;
- uint32_t regs[R_MAX];
-};
-
-static void pic_update(struct etrax_pic *fs)
-{
- uint32_t vector = 0;
- int i;
-
- fs->regs[R_R_MASKED_VECT] = fs->regs[R_R_VECT] & fs->regs[R_RW_MASK];
-
- /* The ETRAX interrupt controller signals interrupts to the core
- through an interrupt request wire and an irq vector bus. If
- multiple interrupts are simultaneously active it chooses vector
- 0x30 and lets the sw choose the priorities. */
- if (fs->regs[R_R_MASKED_VECT]) {
- uint32_t mv = fs->regs[R_R_MASKED_VECT];
- for (i = 0; i < 31; i++) {
- if (mv & 1) {
- vector = 0x31 + i;
- /* Check for multiple interrupts. */
- if (mv > 1)
- vector = 0x30;
- break;
- }
- mv >>= 1;
- }
- }
-
- if (fs->interrupt_vector) {
- /* hack alert: ptr property */
- *(uint32_t*)(fs->interrupt_vector) = vector;
- }
- qemu_set_irq(fs->parent_irq, !!vector);
-}
-
-static uint64_t
-pic_read(void *opaque, hwaddr addr, unsigned int size)
-{
- struct etrax_pic *fs = opaque;
- uint32_t rval;
-
- rval = fs->regs[addr >> 2];
- D(printf("%s %x=%x\n", __func__, addr, rval));
- return rval;
-}
-
-static void pic_write(void *opaque, hwaddr addr,
- uint64_t value, unsigned int size)
-{
- struct etrax_pic *fs = opaque;
- D(printf("%s addr=%x val=%x\n", __func__, addr, value));
-
- if (addr == R_RW_MASK) {
- fs->regs[R_RW_MASK] = value;
- pic_update(fs);
- }
-}
-
-static const MemoryRegionOps pic_ops = {
- .read = pic_read,
- .write = pic_write,
- .endianness = DEVICE_NATIVE_ENDIAN,
- .valid = {
- .min_access_size = 4,
- .max_access_size = 4
- }
-};
-
-static void nmi_handler(void *opaque, int irq, int level)
-{
- struct etrax_pic *fs = (void *)opaque;
- uint32_t mask;
-
- mask = 1 << irq;
- if (level)
- fs->regs[R_R_NMI] |= mask;
- else
- fs->regs[R_R_NMI] &= ~mask;
-
- qemu_set_irq(fs->parent_nmi, !!fs->regs[R_R_NMI]);
-}
-
-static void irq_handler(void *opaque, int irq, int level)
-{
- struct etrax_pic *fs = (void *)opaque;
-
- if (irq >= 30)
- return nmi_handler(opaque, irq, level);
-
- irq -= 1;
- fs->regs[R_R_VECT] &= ~(1 << irq);
- fs->regs[R_R_VECT] |= (!!level << irq);
- pic_update(fs);
-}
-
-static int etraxfs_pic_init(SysBusDevice *dev)
-{
- struct etrax_pic *s = FROM_SYSBUS(typeof (*s), dev);
-
- qdev_init_gpio_in(&dev->qdev, irq_handler, 32);
- sysbus_init_irq(dev, &s->parent_irq);
- sysbus_init_irq(dev, &s->parent_nmi);
-
- memory_region_init_io(&s->mmio, &pic_ops, s, "etraxfs-pic", R_MAX * 4);
- sysbus_init_mmio(dev, &s->mmio);
- return 0;
-}
-
-static Property etraxfs_pic_properties[] = {
- DEFINE_PROP_PTR("interrupt_vector", struct etrax_pic, interrupt_vector),
- DEFINE_PROP_END_OF_LIST(),
-};
-
-static void etraxfs_pic_class_init(ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS(klass);
- SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
-
- k->init = etraxfs_pic_init;
- dc->props = etraxfs_pic_properties;
-}
-
-static TypeInfo etraxfs_pic_info = {
- .name = "etraxfs,pic",
- .parent = TYPE_SYS_BUS_DEVICE,
- .instance_size = sizeof(struct etrax_pic),
- .class_init = etraxfs_pic_class_init,
-};
-
-static void etraxfs_pic_register_types(void)
-{
- type_register_static(&etraxfs_pic_info);
-}
-
-type_init(etraxfs_pic_register_types)
diff --git a/hw/etraxfs_ser.c b/hw/etraxfs_ser.c
deleted file mode 100644
index ee0d72bf8..000000000
--- a/hw/etraxfs_ser.c
+++ /dev/null
@@ -1,248 +0,0 @@
-/*
- * QEMU ETRAX System Emulator
- *
- * Copyright (c) 2007 Edgar E. Iglesias, Axis Communications AB.
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
- * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
- * THE SOFTWARE.
- */
-
-#include "sysbus.h"
-#include "qemu-char.h"
-#include "qemu-log.h"
-
-#define D(x)
-
-#define RW_TR_CTRL (0x00 / 4)
-#define RW_TR_DMA_EN (0x04 / 4)
-#define RW_REC_CTRL (0x08 / 4)
-#define RW_DOUT (0x1c / 4)
-#define RS_STAT_DIN (0x20 / 4)
-#define R_STAT_DIN (0x24 / 4)
-#define RW_INTR_MASK (0x2c / 4)
-#define RW_ACK_INTR (0x30 / 4)
-#define R_INTR (0x34 / 4)
-#define R_MASKED_INTR (0x38 / 4)
-#define R_MAX (0x3c / 4)
-
-#define STAT_DAV 16
-#define STAT_TR_IDLE 22
-#define STAT_TR_RDY 24
-
-struct etrax_serial
-{
- SysBusDevice busdev;
- MemoryRegion mmio;
- CharDriverState *chr;
- qemu_irq irq;
-
- int pending_tx;
-
- uint8_t rx_fifo[16];
- unsigned int rx_fifo_pos;
- unsigned int rx_fifo_len;
-
- /* Control registers. */
- uint32_t regs[R_MAX];
-};
-
-static void ser_update_irq(struct etrax_serial *s)
-{
-
- if (s->rx_fifo_len) {
- s->regs[R_INTR] |= 8;
- } else {
- s->regs[R_INTR] &= ~8;
- }
-
- s->regs[R_MASKED_INTR] = s->regs[R_INTR] & s->regs[RW_INTR_MASK];
- qemu_set_irq(s->irq, !!s->regs[R_MASKED_INTR]);
-}
-
-static uint64_t
-ser_read(void *opaque, hwaddr addr, unsigned int size)
-{
- struct etrax_serial *s = opaque;
- D(CPUCRISState *env = s->env);
- uint32_t r = 0;
-
- addr >>= 2;
- switch (addr)
- {
- case R_STAT_DIN:
- r = s->rx_fifo[(s->rx_fifo_pos - s->rx_fifo_len) & 15];
- if (s->rx_fifo_len) {
- r |= 1 << STAT_DAV;
- }
- r |= 1 << STAT_TR_RDY;
- r |= 1 << STAT_TR_IDLE;
- break;
- case RS_STAT_DIN:
- r = s->rx_fifo[(s->rx_fifo_pos - s->rx_fifo_len) & 15];
- if (s->rx_fifo_len) {
- r |= 1 << STAT_DAV;
- s->rx_fifo_len--;
- }
- r |= 1 << STAT_TR_RDY;
- r |= 1 << STAT_TR_IDLE;
- break;
- default:
- r = s->regs[addr];
- D(qemu_log("%s " TARGET_FMT_plx "=%x\n", __func__, addr, r));
- break;
- }
- return r;
-}
-
-static void
-ser_write(void *opaque, hwaddr addr,
- uint64_t val64, unsigned int size)
-{
- struct etrax_serial *s = opaque;
- uint32_t value = val64;
- unsigned char ch = val64;
- D(CPUCRISState *env = s->env);
-
- D(qemu_log("%s " TARGET_FMT_plx "=%x\n", __func__, addr, value));
- addr >>= 2;
- switch (addr)
- {
- case RW_DOUT:
- qemu_chr_fe_write(s->chr, &ch, 1);
- s->regs[R_INTR] |= 3;
- s->pending_tx = 1;
- s->regs[addr] = value;
- break;
- case RW_ACK_INTR:
- if (s->pending_tx) {
- value &= ~1;
- s->pending_tx = 0;
- D(qemu_log("fixedup value=%x r_intr=%x\n",
- value, s->regs[R_INTR]));
- }
- s->regs[addr] = value;
- s->regs[R_INTR] &= ~value;
- D(printf("r_intr=%x\n", s->regs[R_INTR]));
- break;
- default:
- s->regs[addr] = value;
- break;
- }
- ser_update_irq(s);
-}
-
-static const MemoryRegionOps ser_ops = {
- .read = ser_read,
- .write = ser_write,
- .endianness = DEVICE_NATIVE_ENDIAN,
- .valid = {
- .min_access_size = 4,
- .max_access_size = 4
- }
-};
-
-static void serial_receive(void *opaque, const uint8_t *buf, int size)
-{
- struct etrax_serial *s = opaque;
- int i;
-
- /* Got a byte. */
- if (s->rx_fifo_len >= 16) {
- qemu_log("WARNING: UART dropped char.\n");
- return;
- }
-
- for (i = 0; i < size; i++) {
- s->rx_fifo[s->rx_fifo_pos] = buf[i];
- s->rx_fifo_pos++;
- s->rx_fifo_pos &= 15;
- s->rx_fifo_len++;
- }
-
- ser_update_irq(s);
-}
-
-static int serial_can_receive(void *opaque)
-{
- struct etrax_serial *s = opaque;
- int r;
-
- /* Is the receiver enabled? */
- if (!(s->regs[RW_REC_CTRL] & (1 << 3))) {
- return 0;
- }
-
- r = sizeof(s->rx_fifo) - s->rx_fifo_len;
- return r;
-}
-
-static void serial_event(void *opaque, int event)
-{
-
-}
-
-static void etraxfs_ser_reset(DeviceState *d)
-{
- struct etrax_serial *s = container_of(d, typeof(*s), busdev.qdev);
-
- /* transmitter begins ready and idle. */
- s->regs[RS_STAT_DIN] |= (1 << STAT_TR_RDY);
- s->regs[RS_STAT_DIN] |= (1 << STAT_TR_IDLE);
-
- s->regs[RW_REC_CTRL] = 0x10000;
-
-}
-
-static int etraxfs_ser_init(SysBusDevice *dev)
-{
- struct etrax_serial *s = FROM_SYSBUS(typeof (*s), dev);
-
- sysbus_init_irq(dev, &s->irq);
- memory_region_init_io(&s->mmio, &ser_ops, s, "etraxfs-serial", R_MAX * 4);
- sysbus_init_mmio(dev, &s->mmio);
-
- s->chr = qemu_char_get_next_serial();
- if (s->chr)
- qemu_chr_add_handlers(s->chr,
- serial_can_receive, serial_receive,
- serial_event, s);
- return 0;
-}
-
-static void etraxfs_ser_class_init(ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS(klass);
- SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
-
- k->init = etraxfs_ser_init;
- dc->reset = etraxfs_ser_reset;
-}
-
-static TypeInfo etraxfs_ser_info = {
- .name = "etraxfs,serial",
- .parent = TYPE_SYS_BUS_DEVICE,
- .instance_size = sizeof(struct etrax_serial),
- .class_init = etraxfs_ser_class_init,
-};
-
-static void etraxfs_serial_register_types(void)
-{
- type_register_static(&etraxfs_ser_info);
-}
-
-type_init(etraxfs_serial_register_types)
diff --git a/hw/etraxfs_timer.c b/hw/etraxfs_timer.c
deleted file mode 100644
index f5601dc7a..000000000
--- a/hw/etraxfs_timer.c
+++ /dev/null
@@ -1,351 +0,0 @@
-/*
- * QEMU ETRAX Timers
- *
- * Copyright (c) 2007 Edgar E. Iglesias, Axis Communications AB.
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
- * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
- * THE SOFTWARE.
- */
-#include "sysbus.h"
-#include "sysemu.h"
-#include "qemu-timer.h"
-#include "ptimer.h"
-
-#define D(x)
-
-#define RW_TMR0_DIV 0x00
-#define R_TMR0_DATA 0x04
-#define RW_TMR0_CTRL 0x08
-#define RW_TMR1_DIV 0x10
-#define R_TMR1_DATA 0x14
-#define RW_TMR1_CTRL 0x18
-#define R_TIME 0x38
-#define RW_WD_CTRL 0x40
-#define R_WD_STAT 0x44
-#define RW_INTR_MASK 0x48
-#define RW_ACK_INTR 0x4c
-#define R_INTR 0x50
-#define R_MASKED_INTR 0x54
-
-struct etrax_timer {
- SysBusDevice busdev;
- MemoryRegion mmio;
- qemu_irq irq;
- qemu_irq nmi;
-
- QEMUBH *bh_t0;
- QEMUBH *bh_t1;
- QEMUBH *bh_wd;
- ptimer_state *ptimer_t0;
- ptimer_state *ptimer_t1;
- ptimer_state *ptimer_wd;
-
- int wd_hits;
-
- /* Control registers. */
- uint32_t rw_tmr0_div;
- uint32_t r_tmr0_data;
- uint32_t rw_tmr0_ctrl;
-
- uint32_t rw_tmr1_div;
- uint32_t r_tmr1_data;
- uint32_t rw_tmr1_ctrl;
-
- uint32_t rw_wd_ctrl;
-
- uint32_t rw_intr_mask;
- uint32_t rw_ack_intr;
- uint32_t r_intr;
- uint32_t r_masked_intr;
-};
-
-static uint64_t
-timer_read(void *opaque, hwaddr addr, unsigned int size)
-{
- struct etrax_timer *t = opaque;
- uint32_t r = 0;
-
- switch (addr) {
- case R_TMR0_DATA:
- r = ptimer_get_count(t->ptimer_t0);
- break;
- case R_TMR1_DATA:
- r = ptimer_get_count(t->ptimer_t1);
- break;
- case R_TIME:
- r = qemu_get_clock_ns(vm_clock) / 10;
- break;
- case RW_INTR_MASK:
- r = t->rw_intr_mask;
- break;
- case R_MASKED_INTR:
- r = t->r_intr & t->rw_intr_mask;
- break;
- default:
- D(printf ("%s %x\n", __func__, addr));
- break;
- }
- return r;
-}
-
-static void update_ctrl(struct etrax_timer *t, int tnum)
-{
- unsigned int op;
- unsigned int freq;
- unsigned int freq_hz;
- unsigned int div;
- uint32_t ctrl;
-
- ptimer_state *timer;
-
- if (tnum == 0) {
- ctrl = t->rw_tmr0_ctrl;
- div = t->rw_tmr0_div;
- timer = t->ptimer_t0;
- } else {
- ctrl = t->rw_tmr1_ctrl;
- div = t->rw_tmr1_div;
- timer = t->ptimer_t1;
- }
-
-
- op = ctrl & 3;
- freq = ctrl >> 2;
- freq_hz = 32000000;
-
- switch (freq)
- {
- case 0:
- case 1:
- D(printf ("extern or disabled timer clock?\n"));
- break;
- case 4: freq_hz = 29493000; break;
- case 5: freq_hz = 32000000; break;
- case 6: freq_hz = 32768000; break;
- case 7: freq_hz = 100000000; break;
- default:
- abort();
- break;
- }
-
- D(printf ("freq_hz=%d div=%d\n", freq_hz, div));
- ptimer_set_freq(timer, freq_hz);
- ptimer_set_limit(timer, div, 0);
-
- switch (op)
- {
- case 0:
- /* Load. */
- ptimer_set_limit(timer, div, 1);
- break;
- case 1:
- /* Hold. */
- ptimer_stop(timer);
- break;
- case 2:
- /* Run. */
- ptimer_run(timer, 0);
- break;
- default:
- abort();
- break;
- }
-}
-
-static void timer_update_irq(struct etrax_timer *t)
-{
- t->r_intr &= ~(t->rw_ack_intr);
- t->r_masked_intr = t->r_intr & t->rw_intr_mask;
-
- D(printf("%s: masked_intr=%x\n", __func__, t->r_masked_intr));
- qemu_set_irq(t->irq, !!t->r_masked_intr);
-}
-
-static void timer0_hit(void *opaque)
-{
- struct etrax_timer *t = opaque;
- t->r_intr |= 1;
- timer_update_irq(t);
-}
-
-static void timer1_hit(void *opaque)
-{
- struct etrax_timer *t = opaque;
- t->r_intr |= 2;
- timer_update_irq(t);
-}
-
-static void watchdog_hit(void *opaque)
-{
- struct etrax_timer *t = opaque;
- if (t->wd_hits == 0) {
- /* real hw gives a single tick before reseting but we are
- a bit friendlier to compensate for our slower execution. */
- ptimer_set_count(t->ptimer_wd, 10);
- ptimer_run(t->ptimer_wd, 1);
- qemu_irq_raise(t->nmi);
- }
- else
- qemu_system_reset_request();
-
- t->wd_hits++;
-}
-
-static inline void timer_watchdog_update(struct etrax_timer *t, uint32_t value)
-{
- unsigned int wd_en = t->rw_wd_ctrl & (1 << 8);
- unsigned int wd_key = t->rw_wd_ctrl >> 9;
- unsigned int wd_cnt = t->rw_wd_ctrl & 511;
- unsigned int new_key = value >> 9 & ((1 << 7) - 1);
- unsigned int new_cmd = (value >> 8) & 1;
-
- /* If the watchdog is enabled, they written key must match the
- complement of the previous. */
- wd_key = ~wd_key & ((1 << 7) - 1);
-
- if (wd_en && wd_key != new_key)
- return;
-
- D(printf("en=%d new_key=%x oldkey=%x cmd=%d cnt=%d\n",
- wd_en, new_key, wd_key, new_cmd, wd_cnt));
-
- if (t->wd_hits)
- qemu_irq_lower(t->nmi);
-
- t->wd_hits = 0;
-
- ptimer_set_freq(t->ptimer_wd, 760);
- if (wd_cnt == 0)
- wd_cnt = 256;
- ptimer_set_count(t->ptimer_wd, wd_cnt);
- if (new_cmd)
- ptimer_run(t->ptimer_wd, 1);
- else
- ptimer_stop(t->ptimer_wd);
-
- t->rw_wd_ctrl = value;
-}
-
-static void
-timer_write(void *opaque, hwaddr addr,
- uint64_t val64, unsigned int size)
-{
- struct etrax_timer *t = opaque;
- uint32_t value = val64;
-
- switch (addr)
- {
- case RW_TMR0_DIV:
- t->rw_tmr0_div = value;
- break;
- case RW_TMR0_CTRL:
- D(printf ("RW_TMR0_CTRL=%x\n", value));
- t->rw_tmr0_ctrl = value;
- update_ctrl(t, 0);
- break;
- case RW_TMR1_DIV:
- t->rw_tmr1_div = value;
- break;
- case RW_TMR1_CTRL:
- D(printf ("RW_TMR1_CTRL=%x\n", value));
- t->rw_tmr1_ctrl = value;
- update_ctrl(t, 1);
- break;
- case RW_INTR_MASK:
- D(printf ("RW_INTR_MASK=%x\n", value));
- t->rw_intr_mask = value;
- timer_update_irq(t);
- break;
- case RW_WD_CTRL:
- timer_watchdog_update(t, value);
- break;
- case RW_ACK_INTR:
- t->rw_ack_intr = value;
- timer_update_irq(t);
- t->rw_ack_intr = 0;
- break;
- default:
- printf ("%s " TARGET_FMT_plx " %x\n",
- __func__, addr, value);
- break;
- }
-}
-
-static const MemoryRegionOps timer_ops = {
- .read = timer_read,
- .write = timer_write,
- .endianness = DEVICE_LITTLE_ENDIAN,
- .valid = {
- .min_access_size = 4,
- .max_access_size = 4
- }
-};
-
-static void etraxfs_timer_reset(void *opaque)
-{
- struct etrax_timer *t = opaque;
-
- ptimer_stop(t->ptimer_t0);
- ptimer_stop(t->ptimer_t1);
- ptimer_stop(t->ptimer_wd);
- t->rw_wd_ctrl = 0;
- t->r_intr = 0;
- t->rw_intr_mask = 0;
- qemu_irq_lower(t->irq);
-}
-
-static int etraxfs_timer_init(SysBusDevice *dev)
-{
- struct etrax_timer *t = FROM_SYSBUS(typeof (*t), dev);
-
- t->bh_t0 = qemu_bh_new(timer0_hit, t);
- t->bh_t1 = qemu_bh_new(timer1_hit, t);
- t->bh_wd = qemu_bh_new(watchdog_hit, t);
- t->ptimer_t0 = ptimer_init(t->bh_t0);
- t->ptimer_t1 = ptimer_init(t->bh_t1);
- t->ptimer_wd = ptimer_init(t->bh_wd);
-
- sysbus_init_irq(dev, &t->irq);
- sysbus_init_irq(dev, &t->nmi);
-
- memory_region_init_io(&t->mmio, &timer_ops, t, "etraxfs-timer", 0x5c);
- sysbus_init_mmio(dev, &t->mmio);
- qemu_register_reset(etraxfs_timer_reset, t);
- return 0;
-}
-
-static void etraxfs_timer_class_init(ObjectClass *klass, void *data)
-{
- SysBusDeviceClass *sdc = SYS_BUS_DEVICE_CLASS(klass);
-
- sdc->init = etraxfs_timer_init;
-}
-
-static TypeInfo etraxfs_timer_info = {
- .name = "etraxfs,timer",
- .parent = TYPE_SYS_BUS_DEVICE,
- .instance_size = sizeof (struct etrax_timer),
- .class_init = etraxfs_timer_class_init,
-};
-
-static void etraxfs_timer_register_types(void)
-{
- type_register_static(&etraxfs_timer_info);
-}
-
-type_init(etraxfs_timer_register_types)
diff --git a/hw/exynos4210.c b/hw/exynos4210.c
deleted file mode 100644
index 00d4db887..000000000
--- a/hw/exynos4210.c
+++ /dev/null
@@ -1,338 +0,0 @@
-/*
- * Samsung exynos4210 SoC emulation
- *
- * Copyright (c) 2011 Samsung Electronics Co., Ltd. All rights reserved.
- * Maksim Kozlov <m.kozlov@samsung.com>
- * Evgeny Voevodin <e.voevodin@samsung.com>
- * Igor Mitsyanko <i.mitsyanko@samsung.com>
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- *
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, see <http://www.gnu.org/licenses/>.
- *
- */
-
-#include "boards.h"
-#include "sysemu.h"
-#include "sysbus.h"
-#include "arm-misc.h"
-#include "loader.h"
-#include "exynos4210.h"
-
-#define EXYNOS4210_CHIPID_ADDR 0x10000000
-
-/* PWM */
-#define EXYNOS4210_PWM_BASE_ADDR 0x139D0000
-
-/* RTC */
-#define EXYNOS4210_RTC_BASE_ADDR 0x10070000
-
-/* MCT */
-#define EXYNOS4210_MCT_BASE_ADDR 0x10050000
-
-/* I2C */
-#define EXYNOS4210_I2C_SHIFT 0x00010000
-#define EXYNOS4210_I2C_BASE_ADDR 0x13860000
-/* Interrupt Group of External Interrupt Combiner for I2C */
-#define EXYNOS4210_I2C_INTG 27
-#define EXYNOS4210_HDMI_INTG 16
-
-/* UART's definitions */
-#define EXYNOS4210_UART0_BASE_ADDR 0x13800000
-#define EXYNOS4210_UART1_BASE_ADDR 0x13810000
-#define EXYNOS4210_UART2_BASE_ADDR 0x13820000
-#define EXYNOS4210_UART3_BASE_ADDR 0x13830000
-#define EXYNOS4210_UART0_FIFO_SIZE 256
-#define EXYNOS4210_UART1_FIFO_SIZE 64
-#define EXYNOS4210_UART2_FIFO_SIZE 16
-#define EXYNOS4210_UART3_FIFO_SIZE 16
-/* Interrupt Group of External Interrupt Combiner for UART */
-#define EXYNOS4210_UART_INT_GRP 26
-
-/* External GIC */
-#define EXYNOS4210_EXT_GIC_CPU_BASE_ADDR 0x10480000
-#define EXYNOS4210_EXT_GIC_DIST_BASE_ADDR 0x10490000
-
-/* Combiner */
-#define EXYNOS4210_EXT_COMBINER_BASE_ADDR 0x10440000
-#define EXYNOS4210_INT_COMBINER_BASE_ADDR 0x10448000
-
-/* PMU SFR base address */
-#define EXYNOS4210_PMU_BASE_ADDR 0x10020000
-
-/* Display controllers (FIMD) */
-#define EXYNOS4210_FIMD0_BASE_ADDR 0x11C00000
-
-static uint8_t chipid_and_omr[] = { 0x11, 0x02, 0x21, 0x43,
- 0x09, 0x00, 0x00, 0x00 };
-
-void exynos4210_write_secondary(ARMCPU *cpu,
- const struct arm_boot_info *info)
-{
- int n;
- uint32_t smpboot[] = {
- 0xe59f3024, /* ldr r3, External gic_cpu_if */
- 0xe59f2024, /* ldr r2, Internal gic_cpu_if */
- 0xe59f0024, /* ldr r0, startaddr */
- 0xe3a01001, /* mov r1, #1 */
- 0xe5821000, /* str r1, [r2] */
- 0xe5831000, /* str r1, [r3] */
- 0xe320f003, /* wfi */
- 0xe5901000, /* ldr r1, [r0] */
- 0xe1110001, /* tst r1, r1 */
- 0x0afffffb, /* beq <wfi> */
- 0xe12fff11, /* bx r1 */
- EXYNOS4210_EXT_GIC_CPU_BASE_ADDR,
- 0, /* gic_cpu_if: base address of Internal GIC CPU interface */
- 0 /* bootreg: Boot register address is held here */
- };
- smpboot[ARRAY_SIZE(smpboot) - 1] = info->smp_bootreg_addr;
- smpboot[ARRAY_SIZE(smpboot) - 2] = info->gic_cpu_if_addr;
- for (n = 0; n < ARRAY_SIZE(smpboot); n++) {
- smpboot[n] = tswap32(smpboot[n]);
- }
- rom_add_blob_fixed("smpboot", smpboot, sizeof(smpboot),
- info->smp_loader_start);
-}
-
-Exynos4210State *exynos4210_init(MemoryRegion *system_mem,
- unsigned long ram_size)
-{
- qemu_irq cpu_irq[EXYNOS4210_NCPUS];
- int i, n;
- Exynos4210State *s = g_new(Exynos4210State, 1);
- qemu_irq *irqp;
- qemu_irq gate_irq[EXYNOS4210_NCPUS][EXYNOS4210_IRQ_GATE_NINPUTS];
- unsigned long mem_size;
- DeviceState *dev;
- SysBusDevice *busdev;
-
- for (n = 0; n < EXYNOS4210_NCPUS; n++) {
- s->cpu[n] = cpu_arm_init("cortex-a9");
- if (!s->cpu[n]) {
- fprintf(stderr, "Unable to find CPU %d definition\n", n);
- exit(1);
- }
-
- /* Create PIC controller for each processor instance */
- irqp = arm_pic_init_cpu(s->cpu[n]);
-
- /*
- * Get GICs gpio_in cpu_irq to connect a combiner to them later.
- * Use only IRQ for a while.
- */
- cpu_irq[n] = irqp[ARM_PIC_CPU_IRQ];
- }
-
- /*** IRQs ***/
-
- s->irq_table = exynos4210_init_irq(&s->irqs);
-
- /* IRQ Gate */
- for (i = 0; i < EXYNOS4210_NCPUS; i++) {
- dev = qdev_create(NULL, "exynos4210.irq_gate");
- qdev_prop_set_uint32(dev, "n_in", EXYNOS4210_IRQ_GATE_NINPUTS);
- qdev_init_nofail(dev);
- /* Get IRQ Gate input in gate_irq */
- for (n = 0; n < EXYNOS4210_IRQ_GATE_NINPUTS; n++) {
- gate_irq[i][n] = qdev_get_gpio_in(dev, n);
- }
- busdev = sysbus_from_qdev(dev);
-
- /* Connect IRQ Gate output to cpu_irq */
- sysbus_connect_irq(busdev, 0, cpu_irq[i]);
- }
-
- /* Private memory region and Internal GIC */
- dev = qdev_create(NULL, "a9mpcore_priv");
- qdev_prop_set_uint32(dev, "num-cpu", EXYNOS4210_NCPUS);
- qdev_init_nofail(dev);
- busdev = sysbus_from_qdev(dev);
- sysbus_mmio_map(busdev, 0, EXYNOS4210_SMP_PRIVATE_BASE_ADDR);
- for (n = 0; n < EXYNOS4210_NCPUS; n++) {
- sysbus_connect_irq(busdev, n, gate_irq[n][0]);
- }
- for (n = 0; n < EXYNOS4210_INT_GIC_NIRQ; n++) {
- s->irqs.int_gic_irq[n] = qdev_get_gpio_in(dev, n);
- }
-
- /* Cache controller */
- sysbus_create_simple("l2x0", EXYNOS4210_L2X0_BASE_ADDR, NULL);
-
- /* External GIC */
- dev = qdev_create(NULL, "exynos4210.gic");
- qdev_prop_set_uint32(dev, "num-cpu", EXYNOS4210_NCPUS);
- qdev_init_nofail(dev);
- busdev = sysbus_from_qdev(dev);
- /* Map CPU interface */
- sysbus_mmio_map(busdev, 0, EXYNOS4210_EXT_GIC_CPU_BASE_ADDR);
- /* Map Distributer interface */
- sysbus_mmio_map(busdev, 1, EXYNOS4210_EXT_GIC_DIST_BASE_ADDR);
- for (n = 0; n < EXYNOS4210_NCPUS; n++) {
- sysbus_connect_irq(busdev, n, gate_irq[n][1]);
- }
- for (n = 0; n < EXYNOS4210_EXT_GIC_NIRQ; n++) {
- s->irqs.ext_gic_irq[n] = qdev_get_gpio_in(dev, n);
- }
-
- /* Internal Interrupt Combiner */
- dev = qdev_create(NULL, "exynos4210.combiner");
- qdev_init_nofail(dev);
- busdev = sysbus_from_qdev(dev);
- for (n = 0; n < EXYNOS4210_MAX_INT_COMBINER_OUT_IRQ; n++) {
- sysbus_connect_irq(busdev, n, s->irqs.int_gic_irq[n]);
- }
- exynos4210_combiner_get_gpioin(&s->irqs, dev, 0);
- sysbus_mmio_map(busdev, 0, EXYNOS4210_INT_COMBINER_BASE_ADDR);
-
- /* External Interrupt Combiner */
- dev = qdev_create(NULL, "exynos4210.combiner");
- qdev_prop_set_uint32(dev, "external", 1);
- qdev_init_nofail(dev);
- busdev = sysbus_from_qdev(dev);
- for (n = 0; n < EXYNOS4210_MAX_INT_COMBINER_OUT_IRQ; n++) {
- sysbus_connect_irq(busdev, n, s->irqs.ext_gic_irq[n]);
- }
- exynos4210_combiner_get_gpioin(&s->irqs, dev, 1);
- sysbus_mmio_map(busdev, 0, EXYNOS4210_EXT_COMBINER_BASE_ADDR);
-
- /* Initialize board IRQs. */
- exynos4210_init_board_irqs(&s->irqs);
-
- /*** Memory ***/
-
- /* Chip-ID and OMR */
- memory_region_init_ram_ptr(&s->chipid_mem, "exynos4210.chipid",
- sizeof(chipid_and_omr), chipid_and_omr);
- memory_region_set_readonly(&s->chipid_mem, true);
- memory_region_add_subregion(system_mem, EXYNOS4210_CHIPID_ADDR,
- &s->chipid_mem);
-
- /* Internal ROM */
- memory_region_init_ram(&s->irom_mem, "exynos4210.irom",
- EXYNOS4210_IROM_SIZE);
- memory_region_set_readonly(&s->irom_mem, true);
- memory_region_add_subregion(system_mem, EXYNOS4210_IROM_BASE_ADDR,
- &s->irom_mem);
- /* mirror of iROM */
- memory_region_init_alias(&s->irom_alias_mem, "exynos4210.irom_alias",
- &s->irom_mem,
- 0,
- EXYNOS4210_IROM_SIZE);
- memory_region_set_readonly(&s->irom_alias_mem, true);
- memory_region_add_subregion(system_mem, EXYNOS4210_IROM_MIRROR_BASE_ADDR,
- &s->irom_alias_mem);
-
- /* Internal RAM */
- memory_region_init_ram(&s->iram_mem, "exynos4210.iram",
- EXYNOS4210_IRAM_SIZE);
- vmstate_register_ram_global(&s->iram_mem);
- memory_region_add_subregion(system_mem, EXYNOS4210_IRAM_BASE_ADDR,
- &s->iram_mem);
-
- /* DRAM */
- mem_size = ram_size;
- if (mem_size > EXYNOS4210_DRAM_MAX_SIZE) {
- memory_region_init_ram(&s->dram1_mem, "exynos4210.dram1",
- mem_size - EXYNOS4210_DRAM_MAX_SIZE);
- vmstate_register_ram_global(&s->dram1_mem);
- memory_region_add_subregion(system_mem, EXYNOS4210_DRAM1_BASE_ADDR,
- &s->dram1_mem);
- mem_size = EXYNOS4210_DRAM_MAX_SIZE;
- }
- memory_region_init_ram(&s->dram0_mem, "exynos4210.dram0", mem_size);
- vmstate_register_ram_global(&s->dram0_mem);
- memory_region_add_subregion(system_mem, EXYNOS4210_DRAM0_BASE_ADDR,
- &s->dram0_mem);
-
- /* PMU.
- * The only reason of existence at the moment is that secondary CPU boot
- * loader uses PMU INFORM5 register as a holding pen.
- */
- sysbus_create_simple("exynos4210.pmu", EXYNOS4210_PMU_BASE_ADDR, NULL);
-
- /* PWM */
- sysbus_create_varargs("exynos4210.pwm", EXYNOS4210_PWM_BASE_ADDR,
- s->irq_table[exynos4210_get_irq(22, 0)],
- s->irq_table[exynos4210_get_irq(22, 1)],
- s->irq_table[exynos4210_get_irq(22, 2)],
- s->irq_table[exynos4210_get_irq(22, 3)],
- s->irq_table[exynos4210_get_irq(22, 4)],
- NULL);
- /* RTC */
- sysbus_create_varargs("exynos4210.rtc", EXYNOS4210_RTC_BASE_ADDR,
- s->irq_table[exynos4210_get_irq(23, 0)],
- s->irq_table[exynos4210_get_irq(23, 1)],
- NULL);
-
- /* Multi Core Timer */
- dev = qdev_create(NULL, "exynos4210.mct");
- qdev_init_nofail(dev);
- busdev = sysbus_from_qdev(dev);
- for (n = 0; n < 4; n++) {
- /* Connect global timer interrupts to Combiner gpio_in */
- sysbus_connect_irq(busdev, n,
- s->irq_table[exynos4210_get_irq(1, 4 + n)]);
- }
- /* Connect local timer interrupts to Combiner gpio_in */
- sysbus_connect_irq(busdev, 4,
- s->irq_table[exynos4210_get_irq(51, 0)]);
- sysbus_connect_irq(busdev, 5,
- s->irq_table[exynos4210_get_irq(35, 3)]);
- sysbus_mmio_map(busdev, 0, EXYNOS4210_MCT_BASE_ADDR);
-
- /*** I2C ***/
- for (n = 0; n < EXYNOS4210_I2C_NUMBER; n++) {
- uint32_t addr = EXYNOS4210_I2C_BASE_ADDR + EXYNOS4210_I2C_SHIFT * n;
- qemu_irq i2c_irq;
-
- if (n < 8) {
- i2c_irq = s->irq_table[exynos4210_get_irq(EXYNOS4210_I2C_INTG, n)];
- } else {
- i2c_irq = s->irq_table[exynos4210_get_irq(EXYNOS4210_HDMI_INTG, 1)];
- }
-
- dev = qdev_create(NULL, "exynos4210.i2c");
- qdev_init_nofail(dev);
- busdev = sysbus_from_qdev(dev);
- sysbus_connect_irq(busdev, 0, i2c_irq);
- sysbus_mmio_map(busdev, 0, addr);
- s->i2c_if[n] = (i2c_bus *)qdev_get_child_bus(dev, "i2c");
- }
-
-
- /*** UARTs ***/
- exynos4210_uart_create(EXYNOS4210_UART0_BASE_ADDR,
- EXYNOS4210_UART0_FIFO_SIZE, 0, NULL,
- s->irq_table[exynos4210_get_irq(EXYNOS4210_UART_INT_GRP, 0)]);
-
- exynos4210_uart_create(EXYNOS4210_UART1_BASE_ADDR,
- EXYNOS4210_UART1_FIFO_SIZE, 1, NULL,
- s->irq_table[exynos4210_get_irq(EXYNOS4210_UART_INT_GRP, 1)]);
-
- exynos4210_uart_create(EXYNOS4210_UART2_BASE_ADDR,
- EXYNOS4210_UART2_FIFO_SIZE, 2, NULL,
- s->irq_table[exynos4210_get_irq(EXYNOS4210_UART_INT_GRP, 2)]);
-
- exynos4210_uart_create(EXYNOS4210_UART3_BASE_ADDR,
- EXYNOS4210_UART3_FIFO_SIZE, 3, NULL,
- s->irq_table[exynos4210_get_irq(EXYNOS4210_UART_INT_GRP, 3)]);
-
- /*** Display controller (FIMD) ***/
- sysbus_create_varargs("exynos4210.fimd", EXYNOS4210_FIMD0_BASE_ADDR,
- s->irq_table[exynos4210_get_irq(11, 0)],
- s->irq_table[exynos4210_get_irq(11, 1)],
- s->irq_table[exynos4210_get_irq(11, 2)],
- NULL);
-
- return s;
-}
diff --git a/hw/exynos4210.h b/hw/exynos4210.h
deleted file mode 100644
index 777f0f5b2..000000000
--- a/hw/exynos4210.h
+++ /dev/null
@@ -1,137 +0,0 @@
-/*
- * Samsung exynos4210 SoC emulation
- *
- * Copyright (c) 2011 Samsung Electronics Co., Ltd. All rights reserved.
- * Maksim Kozlov <m.kozlov@samsung.com>
- * Evgeny Voevodin <e.voevodin@samsung.com>
- * Igor Mitsyanko <i.mitsyanko@samsung.com>
- *
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- *
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, see <http://www.gnu.org/licenses/>.
- *
- */
-
-
-#ifndef EXYNOS4210_H_
-#define EXYNOS4210_H_
-
-#include "qemu-common.h"
-#include "memory.h"
-
-#define EXYNOS4210_NCPUS 2
-
-#define EXYNOS4210_DRAM0_BASE_ADDR 0x40000000
-#define EXYNOS4210_DRAM1_BASE_ADDR 0xa0000000
-#define EXYNOS4210_DRAM_MAX_SIZE 0x60000000 /* 1.5 GB */
-
-#define EXYNOS4210_IROM_BASE_ADDR 0x00000000
-#define EXYNOS4210_IROM_SIZE 0x00010000 /* 64 KB */
-#define EXYNOS4210_IROM_MIRROR_BASE_ADDR 0x02000000
-#define EXYNOS4210_IROM_MIRROR_SIZE 0x00010000 /* 64 KB */
-
-#define EXYNOS4210_IRAM_BASE_ADDR 0x02020000
-#define EXYNOS4210_IRAM_SIZE 0x00020000 /* 128 KB */
-
-/* Secondary CPU startup code is in IROM memory */
-#define EXYNOS4210_SMP_BOOT_ADDR EXYNOS4210_IROM_BASE_ADDR
-#define EXYNOS4210_SMP_BOOT_SIZE 0x1000
-#define EXYNOS4210_BASE_BOOT_ADDR EXYNOS4210_DRAM0_BASE_ADDR
-/* Secondary CPU polling address to get loader start from */
-#define EXYNOS4210_SECOND_CPU_BOOTREG 0x10020814
-
-#define EXYNOS4210_SMP_PRIVATE_BASE_ADDR 0x10500000
-#define EXYNOS4210_L2X0_BASE_ADDR 0x10502000
-
-/*
- * exynos4210 IRQ subsystem stub definitions.
- */
-#define EXYNOS4210_IRQ_GATE_NINPUTS 2 /* Internal and External GIC */
-
-#define EXYNOS4210_MAX_INT_COMBINER_OUT_IRQ 64
-#define EXYNOS4210_MAX_EXT_COMBINER_OUT_IRQ 16
-#define EXYNOS4210_MAX_INT_COMBINER_IN_IRQ \
- (EXYNOS4210_MAX_INT_COMBINER_OUT_IRQ * 8)
-#define EXYNOS4210_MAX_EXT_COMBINER_IN_IRQ \
- (EXYNOS4210_MAX_EXT_COMBINER_OUT_IRQ * 8)
-
-#define EXYNOS4210_COMBINER_GET_IRQ_NUM(grp, bit) ((grp)*8 + (bit))
-#define EXYNOS4210_COMBINER_GET_GRP_NUM(irq) ((irq) / 8)
-#define EXYNOS4210_COMBINER_GET_BIT_NUM(irq) \
- ((irq) - 8 * EXYNOS4210_COMBINER_GET_GRP_NUM(irq))
-
-/* IRQs number for external and internal GIC */
-#define EXYNOS4210_EXT_GIC_NIRQ (160-32)
-#define EXYNOS4210_INT_GIC_NIRQ 64
-
-#define EXYNOS4210_I2C_NUMBER 9
-
-typedef struct Exynos4210Irq {
- qemu_irq int_combiner_irq[EXYNOS4210_MAX_INT_COMBINER_IN_IRQ];
- qemu_irq ext_combiner_irq[EXYNOS4210_MAX_EXT_COMBINER_IN_IRQ];
- qemu_irq int_gic_irq[EXYNOS4210_INT_GIC_NIRQ];
- qemu_irq ext_gic_irq[EXYNOS4210_EXT_GIC_NIRQ];
- qemu_irq board_irqs[EXYNOS4210_MAX_INT_COMBINER_IN_IRQ];
-} Exynos4210Irq;
-
-typedef struct Exynos4210State {
- ARMCPU *cpu[EXYNOS4210_NCPUS];
- Exynos4210Irq irqs;
- qemu_irq *irq_table;
-
- MemoryRegion chipid_mem;
- MemoryRegion iram_mem;
- MemoryRegion irom_mem;
- MemoryRegion irom_alias_mem;
- MemoryRegion dram0_mem;
- MemoryRegion dram1_mem;
- MemoryRegion boot_secondary;
- MemoryRegion bootreg_mem;
- i2c_bus *i2c_if[EXYNOS4210_I2C_NUMBER];
-} Exynos4210State;
-
-void exynos4210_write_secondary(ARMCPU *cpu,
- const struct arm_boot_info *info);
-
-Exynos4210State *exynos4210_init(MemoryRegion *system_mem,
- unsigned long ram_size);
-
-/* Initialize exynos4210 IRQ subsystem stub */
-qemu_irq *exynos4210_init_irq(Exynos4210Irq *env);
-
-/* Initialize board IRQs.
- * These IRQs contain splitted Int/External Combiner and External Gic IRQs */
-void exynos4210_init_board_irqs(Exynos4210Irq *s);
-
-/* Get IRQ number from exynos4210 IRQ subsystem stub.
- * To identify IRQ source use internal combiner group and bit number
- * grp - group number
- * bit - bit number inside group */
-uint32_t exynos4210_get_irq(uint32_t grp, uint32_t bit);
-
-/*
- * Get Combiner input GPIO into irqs structure
- */
-void exynos4210_combiner_get_gpioin(Exynos4210Irq *irqs, DeviceState *dev,
- int ext);
-
-/*
- * exynos4210 UART
- */
-DeviceState *exynos4210_uart_create(hwaddr addr,
- int fifo_size,
- int channel,
- CharDriverState *chr,
- qemu_irq irq);
-
-#endif /* EXYNOS4210_H_ */
diff --git a/hw/exynos4210_combiner.c b/hw/exynos4210_combiner.c
deleted file mode 100644
index 84d36ed11..000000000
--- a/hw/exynos4210_combiner.c
+++ /dev/null
@@ -1,455 +0,0 @@
-/*
- * Samsung exynos4210 Interrupt Combiner
- *
- * Copyright (c) 2000 - 2011 Samsung Electronics Co., Ltd.
- * All rights reserved.
- *
- * Evgeny Voevodin <e.voevodin@samsung.com>
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
- * See the GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, see <http://www.gnu.org/licenses/>.
- */
-
-/*
- * Exynos4210 Combiner represents an OR gate for SOC's IRQ lines. It combines
- * IRQ sources into groups and provides signal output to GIC from each group. It
- * is driven by common mask and enable/disable logic. Take a note that not all
- * IRQs are passed to GIC through Combiner.
- */
-
-#include "sysbus.h"
-
-#include "exynos4210.h"
-
-//#define DEBUG_COMBINER
-
-#ifdef DEBUG_COMBINER
-#define DPRINTF(fmt, ...) \
- do { fprintf(stdout, "COMBINER: [%s:%d] " fmt, __func__ , __LINE__, \
- ## __VA_ARGS__); } while (0)
-#else
-#define DPRINTF(fmt, ...) do {} while (0)
-#endif
-
-#define IIC_NGRP 64 /* Internal Interrupt Combiner
- Groups number */
-#define IIC_NIRQ (IIC_NGRP * 8)/* Internal Interrupt Combiner
- Interrupts number */
-#define IIC_REGION_SIZE 0x108 /* Size of memory mapped region */
-#define IIC_REGSET_SIZE 0x41
-
-/*
- * State for each output signal of internal combiner
- */
-typedef struct CombinerGroupState {
- uint8_t src_mask; /* 1 - source enabled, 0 - disabled */
- uint8_t src_pending; /* Pending source interrupts before masking */
-} CombinerGroupState;
-
-typedef struct Exynos4210CombinerState {
- SysBusDevice busdev;
- MemoryRegion iomem;
-
- struct CombinerGroupState group[IIC_NGRP];
- uint32_t reg_set[IIC_REGSET_SIZE];
- uint32_t icipsr[2];
- uint32_t external; /* 1 means that this combiner is external */
-
- qemu_irq output_irq[IIC_NGRP];
-} Exynos4210CombinerState;
-
-static const VMStateDescription vmstate_exynos4210_combiner_group_state = {
- .name = "exynos4210.combiner.groupstate",
- .version_id = 1,
- .minimum_version_id = 1,
- .minimum_version_id_old = 1,
- .fields = (VMStateField[]) {
- VMSTATE_UINT8(src_mask, CombinerGroupState),
- VMSTATE_UINT8(src_pending, CombinerGroupState),
- VMSTATE_END_OF_LIST()
- }
-};
-
-static const VMStateDescription vmstate_exynos4210_combiner = {
- .name = "exynos4210.combiner",
- .version_id = 1,
- .minimum_version_id = 1,
- .minimum_version_id_old = 1,
- .fields = (VMStateField[]) {
- VMSTATE_STRUCT_ARRAY(group, Exynos4210CombinerState, IIC_NGRP, 0,
- vmstate_exynos4210_combiner_group_state, CombinerGroupState),
- VMSTATE_UINT32_ARRAY(reg_set, Exynos4210CombinerState,
- IIC_REGSET_SIZE),
- VMSTATE_UINT32_ARRAY(icipsr, Exynos4210CombinerState, 2),
- VMSTATE_UINT32(external, Exynos4210CombinerState),
- VMSTATE_END_OF_LIST()
- }
-};
-
-/*
- * Get Combiner input GPIO into irqs structure
- */
-void exynos4210_combiner_get_gpioin(Exynos4210Irq *irqs, DeviceState *dev,
- int ext)
-{
- int n;
- int bit;
- int max;
- qemu_irq *irq;
-
- max = ext ? EXYNOS4210_MAX_EXT_COMBINER_IN_IRQ :
- EXYNOS4210_MAX_INT_COMBINER_IN_IRQ;
- irq = ext ? irqs->ext_combiner_irq : irqs->int_combiner_irq;
-
- /*
- * Some IRQs of Int/External Combiner are going to two Combiners groups,
- * so let split them.
- */
- for (n = 0; n < max; n++) {
-
- bit = EXYNOS4210_COMBINER_GET_BIT_NUM(n);
-
- switch (n) {
- /* MDNIE_LCD1 INTG1 */
- case EXYNOS4210_COMBINER_GET_IRQ_NUM(1, 0) ...
- EXYNOS4210_COMBINER_GET_IRQ_NUM(1, 3):
- irq[n] = qemu_irq_split(qdev_get_gpio_in(dev, n),
- irq[EXYNOS4210_COMBINER_GET_IRQ_NUM(0, bit + 4)]);
- continue;
-
- /* TMU INTG3 */
- case EXYNOS4210_COMBINER_GET_IRQ_NUM(3, 4):
- irq[n] = qemu_irq_split(qdev_get_gpio_in(dev, n),
- irq[EXYNOS4210_COMBINER_GET_IRQ_NUM(2, bit)]);
- continue;
-
- /* LCD1 INTG12 */
- case EXYNOS4210_COMBINER_GET_IRQ_NUM(12, 0) ...
- EXYNOS4210_COMBINER_GET_IRQ_NUM(12, 3):
- irq[n] = qemu_irq_split(qdev_get_gpio_in(dev, n),
- irq[EXYNOS4210_COMBINER_GET_IRQ_NUM(11, bit + 4)]);
- continue;
-
- /* Multi-Core Timer INTG12 */
- case EXYNOS4210_COMBINER_GET_IRQ_NUM(12, 4) ...
- EXYNOS4210_COMBINER_GET_IRQ_NUM(12, 8):
- irq[n] = qemu_irq_split(qdev_get_gpio_in(dev, n),
- irq[EXYNOS4210_COMBINER_GET_IRQ_NUM(1, bit + 4)]);
- continue;
-
- /* Multi-Core Timer INTG35 */
- case EXYNOS4210_COMBINER_GET_IRQ_NUM(35, 4) ...
- EXYNOS4210_COMBINER_GET_IRQ_NUM(35, 8):
- irq[n] = qemu_irq_split(qdev_get_gpio_in(dev, n),
- irq[EXYNOS4210_COMBINER_GET_IRQ_NUM(1, bit + 4)]);
- continue;
-
- /* Multi-Core Timer INTG51 */
- case EXYNOS4210_COMBINER_GET_IRQ_NUM(51, 4) ...
- EXYNOS4210_COMBINER_GET_IRQ_NUM(51, 8):
- irq[n] = qemu_irq_split(qdev_get_gpio_in(dev, n),
- irq[EXYNOS4210_COMBINER_GET_IRQ_NUM(1, bit + 4)]);
- continue;
-
- /* Multi-Core Timer INTG53 */
- case EXYNOS4210_COMBINER_GET_IRQ_NUM(53, 4) ...
- EXYNOS4210_COMBINER_GET_IRQ_NUM(53, 8):
- irq[n] = qemu_irq_split(qdev_get_gpio_in(dev, n),
- irq[EXYNOS4210_COMBINER_GET_IRQ_NUM(1, bit + 4)]);
- continue;
- }
-
- irq[n] = qdev_get_gpio_in(dev, n);
- }
-}
-
-static uint64_t
-exynos4210_combiner_read(void *opaque, hwaddr offset, unsigned size)
-{
- struct Exynos4210CombinerState *s =
- (struct Exynos4210CombinerState *)opaque;
- uint32_t req_quad_base_n; /* Base of registers quad. Multiply it by 4 and
- get a start of corresponding group quad */
- uint32_t grp_quad_base_n; /* Base of group quad */
- uint32_t reg_n; /* Register number inside the quad */
- uint32_t val;
-
- req_quad_base_n = offset >> 4;
- grp_quad_base_n = req_quad_base_n << 2;
- reg_n = (offset - (req_quad_base_n << 4)) >> 2;
-
- if (req_quad_base_n >= IIC_NGRP) {
- /* Read of ICIPSR register */
- return s->icipsr[reg_n];
- }
-
- val = 0;
-
- switch (reg_n) {
- /* IISTR */
- case 2:
- val |= s->group[grp_quad_base_n].src_pending;
- val |= s->group[grp_quad_base_n + 1].src_pending << 8;
- val |= s->group[grp_quad_base_n + 2].src_pending << 16;
- val |= s->group[grp_quad_base_n + 3].src_pending << 24;
- break;
- /* IIMSR */
- case 3:
- val |= s->group[grp_quad_base_n].src_mask &
- s->group[grp_quad_base_n].src_pending;
- val |= (s->group[grp_quad_base_n + 1].src_mask &
- s->group[grp_quad_base_n + 1].src_pending) << 8;
- val |= (s->group[grp_quad_base_n + 2].src_mask &
- s->group[grp_quad_base_n + 2].src_pending) << 16;
- val |= (s->group[grp_quad_base_n + 3].src_mask &
- s->group[grp_quad_base_n + 3].src_pending) << 24;
- break;
- default:
- if (offset >> 2 >= IIC_REGSET_SIZE) {
- hw_error("exynos4210.combiner: overflow of reg_set by 0x"
- TARGET_FMT_plx "offset\n", offset);
- }
- val = s->reg_set[offset >> 2];
- return 0;
- }
- return val;
-}
-
-static void exynos4210_combiner_update(void *opaque, uint8_t group_n)
-{
- struct Exynos4210CombinerState *s =
- (struct Exynos4210CombinerState *)opaque;
-
- /* Send interrupt if needed */
- if (s->group[group_n].src_mask & s->group[group_n].src_pending) {
-#ifdef DEBUG_COMBINER
- if (group_n != 26) {
- /* skip uart */
- DPRINTF("%s raise IRQ[%d]\n", s->external ? "EXT" : "INT", group_n);
- }
-#endif
-
- /* Set Combiner interrupt pending status after masking */
- if (group_n >= 32) {
- s->icipsr[1] |= 1 << (group_n - 32);
- } else {
- s->icipsr[0] |= 1 << group_n;
- }
-
- qemu_irq_raise(s->output_irq[group_n]);
- } else {
-#ifdef DEBUG_COMBINER
- if (group_n != 26) {
- /* skip uart */
- DPRINTF("%s lower IRQ[%d]\n", s->external ? "EXT" : "INT", group_n);
- }
-#endif
-
- /* Set Combiner interrupt pending status after masking */
- if (group_n >= 32) {
- s->icipsr[1] &= ~(1 << (group_n - 32));
- } else {
- s->icipsr[0] &= ~(1 << group_n);
- }
-
- qemu_irq_lower(s->output_irq[group_n]);
- }
-}
-
-static void exynos4210_combiner_write(void *opaque, hwaddr offset,
- uint64_t val, unsigned size)
-{
- struct Exynos4210CombinerState *s =
- (struct Exynos4210CombinerState *)opaque;
- uint32_t req_quad_base_n; /* Base of registers quad. Multiply it by 4 and
- get a start of corresponding group quad */
- uint32_t grp_quad_base_n; /* Base of group quad */
- uint32_t reg_n; /* Register number inside the quad */
-
- req_quad_base_n = offset >> 4;
- grp_quad_base_n = req_quad_base_n << 2;
- reg_n = (offset - (req_quad_base_n << 4)) >> 2;
-
- if (req_quad_base_n >= IIC_NGRP) {
- hw_error("exynos4210.combiner: unallowed write access at offset 0x"
- TARGET_FMT_plx "\n", offset);
- return;
- }
-
- if (reg_n > 1) {
- hw_error("exynos4210.combiner: unallowed write access at offset 0x"
- TARGET_FMT_plx "\n", offset);
- return;
- }
-
- if (offset >> 2 >= IIC_REGSET_SIZE) {
- hw_error("exynos4210.combiner: overflow of reg_set by 0x"
- TARGET_FMT_plx "offset\n", offset);
- }
- s->reg_set[offset >> 2] = val;
-
- switch (reg_n) {
- /* IIESR */
- case 0:
- /* FIXME: what if irq is pending, allowed by mask, and we allow it
- * again. Interrupt will rise again! */
-
- DPRINTF("%s enable IRQ for groups %d, %d, %d, %d\n",
- s->external ? "EXT" : "INT",
- grp_quad_base_n,
- grp_quad_base_n + 1,
- grp_quad_base_n + 2,
- grp_quad_base_n + 3);
-
- /* Enable interrupt sources */
- s->group[grp_quad_base_n].src_mask |= val & 0xFF;
- s->group[grp_quad_base_n + 1].src_mask |= (val & 0xFF00) >> 8;
- s->group[grp_quad_base_n + 2].src_mask |= (val & 0xFF0000) >> 16;
- s->group[grp_quad_base_n + 3].src_mask |= (val & 0xFF000000) >> 24;
-
- exynos4210_combiner_update(s, grp_quad_base_n);
- exynos4210_combiner_update(s, grp_quad_base_n + 1);
- exynos4210_combiner_update(s, grp_quad_base_n + 2);
- exynos4210_combiner_update(s, grp_quad_base_n + 3);
- break;
- /* IIECR */
- case 1:
- DPRINTF("%s disable IRQ for groups %d, %d, %d, %d\n",
- s->external ? "EXT" : "INT",
- grp_quad_base_n,
- grp_quad_base_n + 1,
- grp_quad_base_n + 2,
- grp_quad_base_n + 3);
-
- /* Disable interrupt sources */
- s->group[grp_quad_base_n].src_mask &= ~(val & 0xFF);
- s->group[grp_quad_base_n + 1].src_mask &= ~((val & 0xFF00) >> 8);
- s->group[grp_quad_base_n + 2].src_mask &= ~((val & 0xFF0000) >> 16);
- s->group[grp_quad_base_n + 3].src_mask &= ~((val & 0xFF000000) >> 24);
-
- exynos4210_combiner_update(s, grp_quad_base_n);
- exynos4210_combiner_update(s, grp_quad_base_n + 1);
- exynos4210_combiner_update(s, grp_quad_base_n + 2);
- exynos4210_combiner_update(s, grp_quad_base_n + 3);
- break;
- default:
- hw_error("exynos4210.combiner: unallowed write access at offset 0x"
- TARGET_FMT_plx "\n", offset);
- break;
- }
-}
-
-/* Get combiner group and bit from irq number */
-static uint8_t get_combiner_group_and_bit(int irq, uint8_t *bit)
-{
- *bit = irq - ((irq >> 3) << 3);
- return irq >> 3;
-}
-
-/* Process a change in an external IRQ input. */
-static void exynos4210_combiner_handler(void *opaque, int irq, int level)
-{
- struct Exynos4210CombinerState *s =
- (struct Exynos4210CombinerState *)opaque;
- uint8_t bit_n, group_n;
-
- group_n = get_combiner_group_and_bit(irq, &bit_n);
-
- if (s->external && group_n >= EXYNOS4210_MAX_EXT_COMBINER_OUT_IRQ) {
- DPRINTF("%s unallowed IRQ group 0x%x\n", s->external ? "EXT" : "INT"
- , group_n);
- return;
- }
-
- if (level) {
- s->group[group_n].src_pending |= 1 << bit_n;
- } else {
- s->group[group_n].src_pending &= ~(1 << bit_n);
- }
-
- exynos4210_combiner_update(s, group_n);
-}
-
-static void exynos4210_combiner_reset(DeviceState *d)
-{
- struct Exynos4210CombinerState *s = (struct Exynos4210CombinerState *)d;
-
- memset(&s->group, 0, sizeof(s->group));
- memset(&s->reg_set, 0, sizeof(s->reg_set));
-
- s->reg_set[0xC0 >> 2] = 0x01010101;
- s->reg_set[0xC4 >> 2] = 0x01010101;
- s->reg_set[0xD0 >> 2] = 0x01010101;
- s->reg_set[0xD4 >> 2] = 0x01010101;
-}
-
-static const MemoryRegionOps exynos4210_combiner_ops = {
- .read = exynos4210_combiner_read,
- .write = exynos4210_combiner_write,
- .endianness = DEVICE_NATIVE_ENDIAN,
-};
-
-/*
- * Internal Combiner initialization.
- */
-static int exynos4210_combiner_init(SysBusDevice *dev)
-{
- unsigned int i;
- struct Exynos4210CombinerState *s =
- FROM_SYSBUS(struct Exynos4210CombinerState, dev);
-
- /* Allocate general purpose input signals and connect a handler to each of
- * them */
- qdev_init_gpio_in(&s->busdev.qdev, exynos4210_combiner_handler, IIC_NIRQ);
-
- /* Connect SysBusDev irqs to device specific irqs */
- for (i = 0; i < IIC_NIRQ; i++) {
- sysbus_init_irq(dev, &s->output_irq[i]);
- }
-
- memory_region_init_io(&s->iomem, &exynos4210_combiner_ops, s,
- "exynos4210-combiner", IIC_REGION_SIZE);
- sysbus_init_mmio(dev, &s->iomem);
-
- return 0;
-}
-
-static Property exynos4210_combiner_properties[] = {
- DEFINE_PROP_UINT32("external", Exynos4210CombinerState, external, 0),
- DEFINE_PROP_END_OF_LIST(),
-};
-
-static void exynos4210_combiner_class_init(ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS(klass);
- SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
-
- k->init = exynos4210_combiner_init;
- dc->reset = exynos4210_combiner_reset;
- dc->props = exynos4210_combiner_properties;
- dc->vmsd = &vmstate_exynos4210_combiner;
-}
-
-static TypeInfo exynos4210_combiner_info = {
- .name = "exynos4210.combiner",
- .parent = TYPE_SYS_BUS_DEVICE,
- .instance_size = sizeof(Exynos4210CombinerState),
- .class_init = exynos4210_combiner_class_init,
-};
-
-static void exynos4210_combiner_register_types(void)
-{
- type_register_static(&exynos4210_combiner_info);
-}
-
-type_init(exynos4210_combiner_register_types)
diff --git a/hw/exynos4210_fimd.c b/hw/exynos4210_fimd.c
deleted file mode 100644
index f2443ca4a..000000000
--- a/hw/exynos4210_fimd.c
+++ /dev/null
@@ -1,1928 +0,0 @@
-/*
- * Samsung exynos4210 Display Controller (FIMD)
- *
- * Copyright (c) 2000 - 2011 Samsung Electronics Co., Ltd.
- * All rights reserved.
- * Based on LCD controller for Samsung S5PC1xx-based board emulation
- * by Kirill Batuzov <batuzovk@ispras.ru>
- *
- * Contributed by Mitsyanko Igor <i.mitsyanko@samsung.com>
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
- * See the GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, see <http://www.gnu.org/licenses/>.
- */
-
-#include "qemu-common.h"
-#include "cpu-all.h"
-#include "sysbus.h"
-#include "console.h"
-#include "pixel_ops.h"
-#include "bswap.h"
-
-/* Debug messages configuration */
-#define EXYNOS4210_FIMD_DEBUG 0
-#define EXYNOS4210_FIMD_MODE_TRACE 0
-
-#if EXYNOS4210_FIMD_DEBUG == 0
- #define DPRINT_L1(fmt, args...) do { } while (0)
- #define DPRINT_L2(fmt, args...) do { } while (0)
- #define DPRINT_ERROR(fmt, args...) do { } while (0)
-#elif EXYNOS4210_FIMD_DEBUG == 1
- #define DPRINT_L1(fmt, args...) \
- do {fprintf(stderr, "QEMU FIMD: "fmt, ## args); } while (0)
- #define DPRINT_L2(fmt, args...) do { } while (0)
- #define DPRINT_ERROR(fmt, args...) \
- do {fprintf(stderr, "QEMU FIMD ERROR: "fmt, ## args); } while (0)
-#else
- #define DPRINT_L1(fmt, args...) \
- do {fprintf(stderr, "QEMU FIMD: "fmt, ## args); } while (0)
- #define DPRINT_L2(fmt, args...) \
- do {fprintf(stderr, "QEMU FIMD: "fmt, ## args); } while (0)
- #define DPRINT_ERROR(fmt, args...) \
- do {fprintf(stderr, "QEMU FIMD ERROR: "fmt, ## args); } while (0)
-#endif
-
-#if EXYNOS4210_FIMD_MODE_TRACE == 0
- #define DPRINT_TRACE(fmt, args...) do { } while (0)
-#else
- #define DPRINT_TRACE(fmt, args...) \
- do {fprintf(stderr, "QEMU FIMD: "fmt, ## args); } while (0)
-#endif
-
-#define NUM_OF_WINDOWS 5
-#define FIMD_REGS_SIZE 0x4114
-
-/* Video main control registers */
-#define FIMD_VIDCON0 0x0000
-#define FIMD_VIDCON1 0x0004
-#define FIMD_VIDCON2 0x0008
-#define FIMD_VIDCON3 0x000C
-#define FIMD_VIDCON0_ENVID_F (1 << 0)
-#define FIMD_VIDCON0_ENVID (1 << 1)
-#define FIMD_VIDCON0_ENVID_MASK ((1 << 0) | (1 << 1))
-#define FIMD_VIDCON1_ROMASK 0x07FFE000
-
-/* Video time control registers */
-#define FIMD_VIDTCON_START 0x10
-#define FIMD_VIDTCON_END 0x1C
-#define FIMD_VIDTCON2_SIZE_MASK 0x07FF
-#define FIMD_VIDTCON2_HOR_SHIFT 0
-#define FIMD_VIDTCON2_VER_SHIFT 11
-
-/* Window control registers */
-#define FIMD_WINCON_START 0x0020
-#define FIMD_WINCON_END 0x0030
-#define FIMD_WINCON_ROMASK 0x82200000
-#define FIMD_WINCON_ENWIN (1 << 0)
-#define FIMD_WINCON_BLD_PIX (1 << 6)
-#define FIMD_WINCON_ALPHA_MUL (1 << 7)
-#define FIMD_WINCON_ALPHA_SEL (1 << 1)
-#define FIMD_WINCON_SWAP 0x078000
-#define FIMD_WINCON_SWAP_SHIFT 15
-#define FIMD_WINCON_SWAP_WORD 0x1
-#define FIMD_WINCON_SWAP_HWORD 0x2
-#define FIMD_WINCON_SWAP_BYTE 0x4
-#define FIMD_WINCON_SWAP_BITS 0x8
-#define FIMD_WINCON_BUFSTAT_L (1 << 21)
-#define FIMD_WINCON_BUFSTAT_H (1 << 31)
-#define FIMD_WINCON_BUFSTATUS ((1 << 21) | (1 << 31))
-#define FIMD_WINCON_BUF0_STAT ((0 << 21) | (0 << 31))
-#define FIMD_WINCON_BUF1_STAT ((1 << 21) | (0 << 31))
-#define FIMD_WINCON_BUF2_STAT ((0 << 21) | (1 << 31))
-#define FIMD_WINCON_BUFSELECT ((1 << 20) | (1 << 30))
-#define FIMD_WINCON_BUF0_SEL ((0 << 20) | (0 << 30))
-#define FIMD_WINCON_BUF1_SEL ((1 << 20) | (0 << 30))
-#define FIMD_WINCON_BUF2_SEL ((0 << 20) | (1 << 30))
-#define FIMD_WINCON_BUFMODE (1 << 14)
-#define IS_PALETTIZED_MODE(w) (w->wincon & 0xC)
-#define PAL_MODE_WITH_ALPHA(x) ((x) == 7)
-#define WIN_BPP_MODE(w) ((w->wincon >> 2) & 0xF)
-#define WIN_BPP_MODE_WITH_ALPHA(w) \
- (WIN_BPP_MODE(w) == 0xD || WIN_BPP_MODE(w) == 0xE)
-
-/* Shadow control register */
-#define FIMD_SHADOWCON 0x0034
-#define FIMD_WINDOW_PROTECTED(s, w) ((s) & (1 << (10 + (w))))
-/* Channel mapping control register */
-#define FIMD_WINCHMAP 0x003C
-
-/* Window position control registers */
-#define FIMD_VIDOSD_START 0x0040
-#define FIMD_VIDOSD_END 0x0088
-#define FIMD_VIDOSD_COORD_MASK 0x07FF
-#define FIMD_VIDOSD_HOR_SHIFT 11
-#define FIMD_VIDOSD_VER_SHIFT 0
-#define FIMD_VIDOSD_ALPHA_AEN0 0xFFF000
-#define FIMD_VIDOSD_AEN0_SHIFT 12
-#define FIMD_VIDOSD_ALPHA_AEN1 0x000FFF
-
-/* Frame buffer address registers */
-#define FIMD_VIDWADD0_START 0x00A0
-#define FIMD_VIDWADD0_END 0x00C4
-#define FIMD_VIDWADD0_END 0x00C4
-#define FIMD_VIDWADD1_START 0x00D0
-#define FIMD_VIDWADD1_END 0x00F4
-#define FIMD_VIDWADD2_START 0x0100
-#define FIMD_VIDWADD2_END 0x0110
-#define FIMD_VIDWADD2_PAGEWIDTH 0x1FFF
-#define FIMD_VIDWADD2_OFFSIZE 0x1FFF
-#define FIMD_VIDWADD2_OFFSIZE_SHIFT 13
-#define FIMD_VIDW0ADD0_B2 0x20A0
-#define FIMD_VIDW4ADD0_B2 0x20C0
-
-/* Video interrupt control registers */
-#define FIMD_VIDINTCON0 0x130
-#define FIMD_VIDINTCON1 0x134
-
-/* Window color key registers */
-#define FIMD_WKEYCON_START 0x140
-#define FIMD_WKEYCON_END 0x15C
-#define FIMD_WKEYCON0_COMPKEY 0x00FFFFFF
-#define FIMD_WKEYCON0_CTL_SHIFT 24
-#define FIMD_WKEYCON0_DIRCON (1 << 24)
-#define FIMD_WKEYCON0_KEYEN (1 << 25)
-#define FIMD_WKEYCON0_KEYBLEN (1 << 26)
-/* Window color key alpha control register */
-#define FIMD_WKEYALPHA_START 0x160
-#define FIMD_WKEYALPHA_END 0x16C
-
-/* Dithering control register */
-#define FIMD_DITHMODE 0x170
-
-/* Window alpha control registers */
-#define FIMD_VIDALPHA_ALPHA_LOWER 0x000F0F0F
-#define FIMD_VIDALPHA_ALPHA_UPPER 0x00F0F0F0
-#define FIMD_VIDWALPHA_START 0x21C
-#define FIMD_VIDWALPHA_END 0x240
-
-/* Window color map registers */
-#define FIMD_WINMAP_START 0x180
-#define FIMD_WINMAP_END 0x190
-#define FIMD_WINMAP_EN (1 << 24)
-#define FIMD_WINMAP_COLOR_MASK 0x00FFFFFF
-
-/* Window palette control registers */
-#define FIMD_WPALCON_HIGH 0x019C
-#define FIMD_WPALCON_LOW 0x01A0
-#define FIMD_WPALCON_UPDATEEN (1 << 9)
-#define FIMD_WPAL_W0PAL_L 0x07
-#define FIMD_WPAL_W0PAL_L_SHT 0
-#define FIMD_WPAL_W1PAL_L 0x07
-#define FIMD_WPAL_W1PAL_L_SHT 3
-#define FIMD_WPAL_W2PAL_L 0x01
-#define FIMD_WPAL_W2PAL_L_SHT 6
-#define FIMD_WPAL_W2PAL_H 0x06
-#define FIMD_WPAL_W2PAL_H_SHT 8
-#define FIMD_WPAL_W3PAL_L 0x01
-#define FIMD_WPAL_W3PAL_L_SHT 7
-#define FIMD_WPAL_W3PAL_H 0x06
-#define FIMD_WPAL_W3PAL_H_SHT 12
-#define FIMD_WPAL_W4PAL_L 0x01
-#define FIMD_WPAL_W4PAL_L_SHT 8
-#define FIMD_WPAL_W4PAL_H 0x06
-#define FIMD_WPAL_W4PAL_H_SHT 16
-
-/* Trigger control registers */
-#define FIMD_TRIGCON 0x01A4
-#define FIMD_TRIGCON_ROMASK 0x00000004
-
-/* LCD I80 Interface Control */
-#define FIMD_I80IFCON_START 0x01B0
-#define FIMD_I80IFCON_END 0x01BC
-/* Color gain control register */
-#define FIMD_COLORGAINCON 0x01C0
-/* LCD i80 Interface Command Control */
-#define FIMD_LDI_CMDCON0 0x01D0
-#define FIMD_LDI_CMDCON1 0x01D4
-/* I80 System Interface Manual Command Control */
-#define FIMD_SIFCCON0 0x01E0
-#define FIMD_SIFCCON2 0x01E8
-
-/* Hue Control Registers */
-#define FIMD_HUECOEFCR_START 0x01EC
-#define FIMD_HUECOEFCR_END 0x01F4
-#define FIMD_HUECOEFCB_START 0x01FC
-#define FIMD_HUECOEFCB_END 0x0208
-#define FIMD_HUEOFFSET 0x020C
-
-/* Video interrupt control registers */
-#define FIMD_VIDINT_INTFIFOPEND (1 << 0)
-#define FIMD_VIDINT_INTFRMPEND (1 << 1)
-#define FIMD_VIDINT_INTI80PEND (1 << 2)
-#define FIMD_VIDINT_INTEN (1 << 0)
-#define FIMD_VIDINT_INTFIFOEN (1 << 1)
-#define FIMD_VIDINT_INTFRMEN (1 << 12)
-#define FIMD_VIDINT_I80IFDONE (1 << 17)
-
-/* Window blend equation control registers */
-#define FIMD_BLENDEQ_START 0x0244
-#define FIMD_BLENDEQ_END 0x0250
-#define FIMD_BLENDCON 0x0260
-#define FIMD_ALPHA_8BIT (1 << 0)
-#define FIMD_BLENDEQ_COEF_MASK 0xF
-
-/* Window RTQOS Control Registers */
-#define FIMD_WRTQOSCON_START 0x0264
-#define FIMD_WRTQOSCON_END 0x0274
-
-/* LCD I80 Interface Command */
-#define FIMD_I80IFCMD_START 0x0280
-#define FIMD_I80IFCMD_END 0x02AC
-
-/* Shadow windows control registers */
-#define FIMD_SHD_ADD0_START 0x40A0
-#define FIMD_SHD_ADD0_END 0x40C0
-#define FIMD_SHD_ADD1_START 0x40D0
-#define FIMD_SHD_ADD1_END 0x40F0
-#define FIMD_SHD_ADD2_START 0x4100
-#define FIMD_SHD_ADD2_END 0x4110
-
-/* Palette memory */
-#define FIMD_PAL_MEM_START 0x2400
-#define FIMD_PAL_MEM_END 0x37FC
-/* Palette memory aliases for windows 0 and 1 */
-#define FIMD_PALMEM_AL_START 0x0400
-#define FIMD_PALMEM_AL_END 0x0BFC
-
-typedef struct {
- uint8_t r, g, b;
- /* D[31..24]dummy, D[23..16]rAlpha, D[15..8]gAlpha, D[7..0]bAlpha */
- uint32_t a;
-} rgba;
-#define RGBA_SIZE 7
-
-typedef void pixel_to_rgb_func(uint32_t pixel, rgba *p);
-typedef struct Exynos4210fimdWindow Exynos4210fimdWindow;
-
-struct Exynos4210fimdWindow {
- uint32_t wincon; /* Window control register */
- uint32_t buf_start[3]; /* Start address for video frame buffer */
- uint32_t buf_end[3]; /* End address for video frame buffer */
- uint32_t keycon[2]; /* Window color key registers */
- uint32_t keyalpha; /* Color key alpha control register */
- uint32_t winmap; /* Window color map register */
- uint32_t blendeq; /* Window blending equation control register */
- uint32_t rtqoscon; /* Window RTQOS Control Registers */
- uint32_t palette[256]; /* Palette RAM */
- uint32_t shadow_buf_start; /* Start address of shadow frame buffer */
- uint32_t shadow_buf_end; /* End address of shadow frame buffer */
- uint32_t shadow_buf_size; /* Virtual shadow screen width */
-
- pixel_to_rgb_func *pixel_to_rgb;
- void (*draw_line)(Exynos4210fimdWindow *w, uint8_t *src, uint8_t *dst,
- bool blend);
- uint32_t (*get_alpha)(Exynos4210fimdWindow *w, uint32_t pix_a);
- uint16_t lefttop_x, lefttop_y; /* VIDOSD0 register */
- uint16_t rightbot_x, rightbot_y; /* VIDOSD1 register */
- uint32_t osdsize; /* VIDOSD2&3 register */
- uint32_t alpha_val[2]; /* VIDOSD2&3, VIDWALPHA registers */
- uint16_t virtpage_width; /* VIDWADD2 register */
- uint16_t virtpage_offsize; /* VIDWADD2 register */
- MemoryRegionSection mem_section; /* RAM fragment containing framebuffer */
- uint8_t *host_fb_addr; /* Host pointer to window's framebuffer */
- hwaddr fb_len; /* Framebuffer length */
-};
-
-typedef struct {
- SysBusDevice busdev;
- MemoryRegion iomem;
- DisplayState *console;
- qemu_irq irq[3];
-
- uint32_t vidcon[4]; /* Video main control registers 0-3 */
- uint32_t vidtcon[4]; /* Video time control registers 0-3 */
- uint32_t shadowcon; /* Window shadow control register */
- uint32_t winchmap; /* Channel mapping control register */
- uint32_t vidintcon[2]; /* Video interrupt control registers */
- uint32_t dithmode; /* Dithering control register */
- uint32_t wpalcon[2]; /* Window palette control registers */
- uint32_t trigcon; /* Trigger control register */
- uint32_t i80ifcon[4]; /* I80 interface control registers */
- uint32_t colorgaincon; /* Color gain control register */
- uint32_t ldi_cmdcon[2]; /* LCD I80 interface command control */
- uint32_t sifccon[3]; /* I80 System Interface Manual Command Control */
- uint32_t huecoef_cr[4]; /* Hue control registers */
- uint32_t huecoef_cb[4]; /* Hue control registers */
- uint32_t hueoffset; /* Hue offset control register */
- uint32_t blendcon; /* Blending control register */
- uint32_t i80ifcmd[12]; /* LCD I80 Interface Command */
-
- Exynos4210fimdWindow window[5]; /* Window-specific registers */
- uint8_t *ifb; /* Internal frame buffer */
- bool invalidate; /* Image needs to be redrawn */
- bool enabled; /* Display controller is enabled */
-} Exynos4210fimdState;
-
-/* Perform byte/halfword/word swap of data according to WINCON */
-static inline void fimd_swap_data(unsigned int swap_ctl, uint64_t *data)
-{
- int i;
- uint64_t res;
- uint64_t x = *data;
-
- if (swap_ctl & FIMD_WINCON_SWAP_BITS) {
- res = 0;
- for (i = 0; i < 64; i++) {
- if (x & (1ULL << (64 - i))) {
- res |= (1ULL << i);
- }
- }
- x = res;
- }
-
- if (swap_ctl & FIMD_WINCON_SWAP_BYTE) {
- x = bswap64(x);
- }
-
- if (swap_ctl & FIMD_WINCON_SWAP_HWORD) {
- x = ((x & 0x000000000000FFFFULL) << 48) |
- ((x & 0x00000000FFFF0000ULL) << 16) |
- ((x & 0x0000FFFF00000000ULL) >> 16) |
- ((x & 0xFFFF000000000000ULL) >> 48);
- }
-
- if (swap_ctl & FIMD_WINCON_SWAP_WORD) {
- x = ((x & 0x00000000FFFFFFFFULL) << 32) |
- ((x & 0xFFFFFFFF00000000ULL) >> 32);
- }
-
- *data = x;
-}
-
-/* Conversion routines of Pixel data from frame buffer area to internal RGBA
- * pixel representation.
- * Every color component internally represented as 8-bit value. If original
- * data has less than 8 bit for component, data is extended to 8 bit. For
- * example, if blue component has only two possible values 0 and 1 it will be
- * extended to 0 and 0xFF */
-
-/* One bit for alpha representation */
-#define DEF_PIXEL_TO_RGB_A1(N, R, G, B) \
-static void N(uint32_t pixel, rgba *p) \
-{ \
- p->b = ((pixel & ((1 << (B)) - 1)) << (8 - (B))) | \
- ((pixel >> (2 * (B) - 8)) & ((1 << (8 - (B))) - 1)); \
- pixel >>= (B); \
- p->g = (pixel & ((1 << (G)) - 1)) << (8 - (G)) | \
- ((pixel >> (2 * (G) - 8)) & ((1 << (8 - (G))) - 1)); \
- pixel >>= (G); \
- p->r = (pixel & ((1 << (R)) - 1)) << (8 - (R)) | \
- ((pixel >> (2 * (R) - 8)) & ((1 << (8 - (R))) - 1)); \
- pixel >>= (R); \
- p->a = (pixel & 0x1); \
-}
-
-DEF_PIXEL_TO_RGB_A1(pixel_a444_to_rgb, 4, 4, 4)
-DEF_PIXEL_TO_RGB_A1(pixel_a555_to_rgb, 5, 5, 5)
-DEF_PIXEL_TO_RGB_A1(pixel_a666_to_rgb, 6, 6, 6)
-DEF_PIXEL_TO_RGB_A1(pixel_a665_to_rgb, 6, 6, 5)
-DEF_PIXEL_TO_RGB_A1(pixel_a888_to_rgb, 8, 8, 8)
-DEF_PIXEL_TO_RGB_A1(pixel_a887_to_rgb, 8, 8, 7)
-
-/* Alpha component is always zero */
-#define DEF_PIXEL_TO_RGB_A0(N, R, G, B) \
-static void N(uint32_t pixel, rgba *p) \
-{ \
- p->b = ((pixel & ((1 << (B)) - 1)) << (8 - (B))) | \
- ((pixel >> (2 * (B) - 8)) & ((1 << (8 - (B))) - 1)); \
- pixel >>= (B); \
- p->g = (pixel & ((1 << (G)) - 1)) << (8 - (G)) | \
- ((pixel >> (2 * (G) - 8)) & ((1 << (8 - (G))) - 1)); \
- pixel >>= (G); \
- p->r = (pixel & ((1 << (R)) - 1)) << (8 - (R)) | \
- ((pixel >> (2 * (R) - 8)) & ((1 << (8 - (R))) - 1)); \
- p->a = 0x0; \
-}
-
-DEF_PIXEL_TO_RGB_A0(pixel_565_to_rgb, 5, 6, 5)
-DEF_PIXEL_TO_RGB_A0(pixel_555_to_rgb, 5, 5, 5)
-DEF_PIXEL_TO_RGB_A0(pixel_666_to_rgb, 6, 6, 6)
-DEF_PIXEL_TO_RGB_A0(pixel_888_to_rgb, 8, 8, 8)
-
-/* Alpha component has some meaningful value */
-#define DEF_PIXEL_TO_RGB_A(N, R, G, B, A) \
-static void N(uint32_t pixel, rgba *p) \
-{ \
- p->b = ((pixel & ((1 << (B)) - 1)) << (8 - (B))) | \
- ((pixel >> (2 * (B) - 8)) & ((1 << (8 - (B))) - 1)); \
- pixel >>= (B); \
- p->g = (pixel & ((1 << (G)) - 1)) << (8 - (G)) | \
- ((pixel >> (2 * (G) - 8)) & ((1 << (8 - (G))) - 1)); \
- pixel >>= (G); \
- p->r = (pixel & ((1 << (R)) - 1)) << (8 - (R)) | \
- ((pixel >> (2 * (R) - 8)) & ((1 << (8 - (R))) - 1)); \
- pixel >>= (R); \
- p->a = (pixel & ((1 << (A)) - 1)) << (8 - (A)) | \
- ((pixel >> (2 * (A) - 8)) & ((1 << (8 - (A))) - 1)); \
- p->a = p->a | (p->a << 8) | (p->a << 16); \
-}
-
-DEF_PIXEL_TO_RGB_A(pixel_4444_to_rgb, 4, 4, 4, 4)
-DEF_PIXEL_TO_RGB_A(pixel_8888_to_rgb, 8, 8, 8, 8)
-
-/* Lookup table to extent 2-bit color component to 8 bit */
-static const uint8_t pixel_lutable_2b[4] = {
- 0x0, 0x55, 0xAA, 0xFF
-};
-/* Lookup table to extent 3-bit color component to 8 bit */
-static const uint8_t pixel_lutable_3b[8] = {
- 0x0, 0x24, 0x49, 0x6D, 0x92, 0xB6, 0xDB, 0xFF
-};
-/* Special case for a232 bpp mode */
-static void pixel_a232_to_rgb(uint32_t pixel, rgba *p)
-{
- p->b = pixel_lutable_2b[(pixel & 0x3)];
- pixel >>= 2;
- p->g = pixel_lutable_3b[(pixel & 0x7)];
- pixel >>= 3;
- p->r = pixel_lutable_2b[(pixel & 0x3)];
- pixel >>= 2;
- p->a = (pixel & 0x1);
-}
-
-/* Special case for (5+1, 5+1, 5+1) mode. Data bit 15 is common LSB
- * for all three color components */
-static void pixel_1555_to_rgb(uint32_t pixel, rgba *p)
-{
- uint8_t comm = (pixel >> 15) & 1;
- p->b = ((((pixel & 0x1F) << 1) | comm) << 2) | ((pixel >> 3) & 0x3);
- pixel >>= 5;
- p->g = ((((pixel & 0x1F) << 1) | comm) << 2) | ((pixel >> 3) & 0x3);
- pixel >>= 5;
- p->r = ((((pixel & 0x1F) << 1) | comm) << 2) | ((pixel >> 3) & 0x3);
- p->a = 0x0;
-}
-
-/* Put/get pixel to/from internal LCD Controller framebuffer */
-
-static int put_pixel_ifb(const rgba p, uint8_t *d)
-{
- *(uint8_t *)d++ = p.r;
- *(uint8_t *)d++ = p.g;
- *(uint8_t *)d++ = p.b;
- *(uint32_t *)d = p.a;
- return RGBA_SIZE;
-}
-
-static int get_pixel_ifb(const uint8_t *s, rgba *p)
-{
- p->r = *(uint8_t *)s++;
- p->g = *(uint8_t *)s++;
- p->b = *(uint8_t *)s++;
- p->a = (*(uint32_t *)s) & 0x00FFFFFF;
- return RGBA_SIZE;
-}
-
-static pixel_to_rgb_func *palette_data_format[8] = {
- [0] = pixel_565_to_rgb,
- [1] = pixel_a555_to_rgb,
- [2] = pixel_666_to_rgb,
- [3] = pixel_a665_to_rgb,
- [4] = pixel_a666_to_rgb,
- [5] = pixel_888_to_rgb,
- [6] = pixel_a888_to_rgb,
- [7] = pixel_8888_to_rgb
-};
-
-/* Returns Index in palette data formats table for given window number WINDOW */
-static uint32_t
-exynos4210_fimd_palette_format(Exynos4210fimdState *s, int window)
-{
- uint32_t ret;
-
- switch (window) {
- case 0:
- ret = (s->wpalcon[1] >> FIMD_WPAL_W0PAL_L_SHT) & FIMD_WPAL_W0PAL_L;
- if (ret != 7) {
- ret = 6 - ret;
- }
- break;
- case 1:
- ret = (s->wpalcon[1] >> FIMD_WPAL_W1PAL_L_SHT) & FIMD_WPAL_W1PAL_L;
- if (ret != 7) {
- ret = 6 - ret;
- }
- break;
- case 2:
- ret = ((s->wpalcon[0] >> FIMD_WPAL_W2PAL_H_SHT) & FIMD_WPAL_W2PAL_H) |
- ((s->wpalcon[1] >> FIMD_WPAL_W2PAL_L_SHT) & FIMD_WPAL_W2PAL_L);
- break;
- case 3:
- ret = ((s->wpalcon[0] >> FIMD_WPAL_W3PAL_H_SHT) & FIMD_WPAL_W3PAL_H) |
- ((s->wpalcon[1] >> FIMD_WPAL_W3PAL_L_SHT) & FIMD_WPAL_W3PAL_L);
- break;
- case 4:
- ret = ((s->wpalcon[0] >> FIMD_WPAL_W4PAL_H_SHT) & FIMD_WPAL_W4PAL_H) |
- ((s->wpalcon[1] >> FIMD_WPAL_W4PAL_L_SHT) & FIMD_WPAL_W4PAL_L);
- break;
- default:
- hw_error("exynos4210.fimd: incorrect window number %d\n", window);
- ret = 0;
- break;
- }
- return ret;
-}
-
-#define FIMD_1_MINUS_COLOR(x) \
- ((0xFF - ((x) & 0xFF)) | (0xFF00 - ((x) & 0xFF00)) | \
- (0xFF0000 - ((x) & 0xFF0000)))
-#define EXTEND_LOWER_HALFBYTE(x) (((x) & 0xF0F0F) | (((x) << 4) & 0xF0F0F0))
-#define EXTEND_UPPER_HALFBYTE(x) (((x) & 0xF0F0F0) | (((x) >> 4) & 0xF0F0F))
-
-/* Multiply three lower bytes of two 32-bit words with each other.
- * Each byte with values 0-255 is considered as a number with possible values
- * in a range [0 - 1] */
-static inline uint32_t fimd_mult_each_byte(uint32_t a, uint32_t b)
-{
- uint32_t tmp;
- uint32_t ret;
-
- ret = ((tmp = (((a & 0xFF) * (b & 0xFF)) / 0xFF)) > 0xFF) ? 0xFF : tmp;
- ret |= ((tmp = ((((a >> 8) & 0xFF) * ((b >> 8) & 0xFF)) / 0xFF)) > 0xFF) ?
- 0xFF00 : tmp << 8;
- ret |= ((tmp = ((((a >> 16) & 0xFF) * ((b >> 16) & 0xFF)) / 0xFF)) > 0xFF) ?
- 0xFF0000 : tmp << 16;
- return ret;
-}
-
-/* For each corresponding bytes of two 32-bit words: (a*b + c*d)
- * Byte values 0-255 are mapped to a range [0 .. 1] */
-static inline uint32_t
-fimd_mult_and_sum_each_byte(uint32_t a, uint32_t b, uint32_t c, uint32_t d)
-{
- uint32_t tmp;
- uint32_t ret;
-
- ret = ((tmp = (((a & 0xFF) * (b & 0xFF) + (c & 0xFF) * (d & 0xFF)) / 0xFF))
- > 0xFF) ? 0xFF : tmp;
- ret |= ((tmp = ((((a >> 8) & 0xFF) * ((b >> 8) & 0xFF) + ((c >> 8) & 0xFF) *
- ((d >> 8) & 0xFF)) / 0xFF)) > 0xFF) ? 0xFF00 : tmp << 8;
- ret |= ((tmp = ((((a >> 16) & 0xFF) * ((b >> 16) & 0xFF) +
- ((c >> 16) & 0xFF) * ((d >> 16) & 0xFF)) / 0xFF)) > 0xFF) ?
- 0xFF0000 : tmp << 16;
- return ret;
-}
-
-/* These routines cover all possible sources of window's transparent factor
- * used in blending equation. Choice of routine is affected by WPALCON
- * registers, BLENDCON register and window's WINCON register */
-
-static uint32_t fimd_get_alpha_pix(Exynos4210fimdWindow *w, uint32_t pix_a)
-{
- return pix_a;
-}
-
-static uint32_t
-fimd_get_alpha_pix_extlow(Exynos4210fimdWindow *w, uint32_t pix_a)
-{
- return EXTEND_LOWER_HALFBYTE(pix_a);
-}
-
-static uint32_t
-fimd_get_alpha_pix_exthigh(Exynos4210fimdWindow *w, uint32_t pix_a)
-{
- return EXTEND_UPPER_HALFBYTE(pix_a);
-}
-
-static uint32_t fimd_get_alpha_mult(Exynos4210fimdWindow *w, uint32_t pix_a)
-{
- return fimd_mult_each_byte(pix_a, w->alpha_val[0]);
-}
-
-static uint32_t fimd_get_alpha_mult_ext(Exynos4210fimdWindow *w, uint32_t pix_a)
-{
- return fimd_mult_each_byte(EXTEND_LOWER_HALFBYTE(pix_a),
- EXTEND_UPPER_HALFBYTE(w->alpha_val[0]));
-}
-
-static uint32_t fimd_get_alpha_aen(Exynos4210fimdWindow *w, uint32_t pix_a)
-{
- return w->alpha_val[pix_a];
-}
-
-static uint32_t fimd_get_alpha_aen_ext(Exynos4210fimdWindow *w, uint32_t pix_a)
-{
- return EXTEND_UPPER_HALFBYTE(w->alpha_val[pix_a]);
-}
-
-static uint32_t fimd_get_alpha_sel(Exynos4210fimdWindow *w, uint32_t pix_a)
-{
- return w->alpha_val[(w->wincon & FIMD_WINCON_ALPHA_SEL) ? 1 : 0];
-}
-
-static uint32_t fimd_get_alpha_sel_ext(Exynos4210fimdWindow *w, uint32_t pix_a)
-{
- return EXTEND_UPPER_HALFBYTE(w->alpha_val[(w->wincon &
- FIMD_WINCON_ALPHA_SEL) ? 1 : 0]);
-}
-
-/* Updates currently active alpha value get function for specified window */
-static void fimd_update_get_alpha(Exynos4210fimdState *s, int win)
-{
- Exynos4210fimdWindow *w = &s->window[win];
- const bool alpha_is_8bit = s->blendcon & FIMD_ALPHA_8BIT;
-
- if (w->wincon & FIMD_WINCON_BLD_PIX) {
- if ((w->wincon & FIMD_WINCON_ALPHA_SEL) && WIN_BPP_MODE_WITH_ALPHA(w)) {
- /* In this case, alpha component contains meaningful value */
- if (w->wincon & FIMD_WINCON_ALPHA_MUL) {
- w->get_alpha = alpha_is_8bit ?
- fimd_get_alpha_mult : fimd_get_alpha_mult_ext;
- } else {
- w->get_alpha = alpha_is_8bit ?
- fimd_get_alpha_pix : fimd_get_alpha_pix_extlow;
- }
- } else {
- if (IS_PALETTIZED_MODE(w) &&
- PAL_MODE_WITH_ALPHA(exynos4210_fimd_palette_format(s, win))) {
- /* Alpha component has 8-bit numeric value */
- w->get_alpha = alpha_is_8bit ?
- fimd_get_alpha_pix : fimd_get_alpha_pix_exthigh;
- } else {
- /* Alpha has only two possible values (AEN) */
- w->get_alpha = alpha_is_8bit ?
- fimd_get_alpha_aen : fimd_get_alpha_aen_ext;
- }
- }
- } else {
- w->get_alpha = alpha_is_8bit ? fimd_get_alpha_sel :
- fimd_get_alpha_sel_ext;
- }
-}
-
-/* Blends current window's (w) pixel (foreground pixel *ret) with background
- * window (w_blend) pixel p_bg according to formula:
- * NEW_COLOR = a_coef x FG_PIXEL_COLOR + b_coef x BG_PIXEL_COLOR
- * NEW_ALPHA = p_coef x FG_ALPHA + q_coef x BG_ALPHA
- */
-static void
-exynos4210_fimd_blend_pixel(Exynos4210fimdWindow *w, rgba p_bg, rgba *ret)
-{
- rgba p_fg = *ret;
- uint32_t bg_color = ((p_bg.r & 0xFF) << 16) | ((p_bg.g & 0xFF) << 8) |
- (p_bg.b & 0xFF);
- uint32_t fg_color = ((p_fg.r & 0xFF) << 16) | ((p_fg.g & 0xFF) << 8) |
- (p_fg.b & 0xFF);
- uint32_t alpha_fg = p_fg.a;
- int i;
- /* It is possible that blending equation parameters a and b do not
- * depend on window BLENEQ register. Account for this with first_coef */
- enum { A_COEF = 0, B_COEF = 1, P_COEF = 2, Q_COEF = 3, COEF_NUM = 4};
- uint32_t first_coef = A_COEF;
- uint32_t blend_param[COEF_NUM];
-
- if (w->keycon[0] & FIMD_WKEYCON0_KEYEN) {
- uint32_t colorkey = (w->keycon[1] &
- ~(w->keycon[0] & FIMD_WKEYCON0_COMPKEY)) & FIMD_WKEYCON0_COMPKEY;
-
- if ((w->keycon[0] & FIMD_WKEYCON0_DIRCON) &&
- (bg_color & ~(w->keycon[0] & FIMD_WKEYCON0_COMPKEY)) == colorkey) {
- /* Foreground pixel is displayed */
- if (w->keycon[0] & FIMD_WKEYCON0_KEYBLEN) {
- alpha_fg = w->keyalpha;
- blend_param[A_COEF] = alpha_fg;
- blend_param[B_COEF] = FIMD_1_MINUS_COLOR(alpha_fg);
- } else {
- alpha_fg = 0;
- blend_param[A_COEF] = 0xFFFFFF;
- blend_param[B_COEF] = 0x0;
- }
- first_coef = P_COEF;
- } else if ((w->keycon[0] & FIMD_WKEYCON0_DIRCON) == 0 &&
- (fg_color & ~(w->keycon[0] & FIMD_WKEYCON0_COMPKEY)) == colorkey) {
- /* Background pixel is displayed */
- if (w->keycon[0] & FIMD_WKEYCON0_KEYBLEN) {
- alpha_fg = w->keyalpha;
- blend_param[A_COEF] = alpha_fg;
- blend_param[B_COEF] = FIMD_1_MINUS_COLOR(alpha_fg);
- } else {
- alpha_fg = 0;
- blend_param[A_COEF] = 0x0;
- blend_param[B_COEF] = 0xFFFFFF;
- }
- first_coef = P_COEF;
- }
- }
-
- for (i = first_coef; i < COEF_NUM; i++) {
- switch ((w->blendeq >> i * 6) & FIMD_BLENDEQ_COEF_MASK) {
- case 0:
- blend_param[i] = 0;
- break;
- case 1:
- blend_param[i] = 0xFFFFFF;
- break;
- case 2:
- blend_param[i] = alpha_fg;
- break;
- case 3:
- blend_param[i] = FIMD_1_MINUS_COLOR(alpha_fg);
- break;
- case 4:
- blend_param[i] = p_bg.a;
- break;
- case 5:
- blend_param[i] = FIMD_1_MINUS_COLOR(p_bg.a);
- break;
- case 6:
- blend_param[i] = w->alpha_val[0];
- break;
- case 10:
- blend_param[i] = fg_color;
- break;
- case 11:
- blend_param[i] = FIMD_1_MINUS_COLOR(fg_color);
- break;
- case 12:
- blend_param[i] = bg_color;
- break;
- case 13:
- blend_param[i] = FIMD_1_MINUS_COLOR(bg_color);
- break;
- default:
- hw_error("exynos4210.fimd: blend equation coef illegal value\n");
- break;
- }
- }
-
- fg_color = fimd_mult_and_sum_each_byte(bg_color, blend_param[B_COEF],
- fg_color, blend_param[A_COEF]);
- ret->b = fg_color & 0xFF;
- fg_color >>= 8;
- ret->g = fg_color & 0xFF;
- fg_color >>= 8;
- ret->r = fg_color & 0xFF;
- ret->a = fimd_mult_and_sum_each_byte(alpha_fg, blend_param[P_COEF],
- p_bg.a, blend_param[Q_COEF]);
-}
-
-/* These routines read data from video frame buffer in system RAM, convert
- * this data to display controller internal representation, if necessary,
- * perform pixel blending with data, currently presented in internal buffer.
- * Result is stored in display controller internal frame buffer. */
-
-/* Draw line with index in palette table in RAM frame buffer data */
-#define DEF_DRAW_LINE_PALETTE(N) \
-static void glue(draw_line_palette_, N)(Exynos4210fimdWindow *w, uint8_t *src, \
- uint8_t *dst, bool blend) \
-{ \
- int width = w->rightbot_x - w->lefttop_x + 1; \
- uint8_t *ifb = dst; \
- uint8_t swap = (w->wincon & FIMD_WINCON_SWAP) >> FIMD_WINCON_SWAP_SHIFT; \
- uint64_t data; \
- rgba p, p_old; \
- int i; \
- do { \
- data = ldq_raw((void *)src); \
- src += 8; \
- fimd_swap_data(swap, &data); \
- for (i = (64 / (N) - 1); i >= 0; i--) { \
- w->pixel_to_rgb(w->palette[(data >> ((N) * i)) & \
- ((1ULL << (N)) - 1)], &p); \
- p.a = w->get_alpha(w, p.a); \
- if (blend) { \
- ifb += get_pixel_ifb(ifb, &p_old); \
- exynos4210_fimd_blend_pixel(w, p_old, &p); \
- } \
- dst += put_pixel_ifb(p, dst); \
- } \
- width -= (64 / (N)); \
- } while (width > 0); \
-}
-
-/* Draw line with direct color value in RAM frame buffer data */
-#define DEF_DRAW_LINE_NOPALETTE(N) \
-static void glue(draw_line_, N)(Exynos4210fimdWindow *w, uint8_t *src, \
- uint8_t *dst, bool blend) \
-{ \
- int width = w->rightbot_x - w->lefttop_x + 1; \
- uint8_t *ifb = dst; \
- uint8_t swap = (w->wincon & FIMD_WINCON_SWAP) >> FIMD_WINCON_SWAP_SHIFT; \
- uint64_t data; \
- rgba p, p_old; \
- int i; \
- do { \
- data = ldq_raw((void *)src); \
- src += 8; \
- fimd_swap_data(swap, &data); \
- for (i = (64 / (N) - 1); i >= 0; i--) { \
- w->pixel_to_rgb((data >> ((N) * i)) & ((1ULL << (N)) - 1), &p); \
- p.a = w->get_alpha(w, p.a); \
- if (blend) { \
- ifb += get_pixel_ifb(ifb, &p_old); \
- exynos4210_fimd_blend_pixel(w, p_old, &p); \
- } \
- dst += put_pixel_ifb(p, dst); \
- } \
- width -= (64 / (N)); \
- } while (width > 0); \
-}
-
-DEF_DRAW_LINE_PALETTE(1)
-DEF_DRAW_LINE_PALETTE(2)
-DEF_DRAW_LINE_PALETTE(4)
-DEF_DRAW_LINE_PALETTE(8)
-DEF_DRAW_LINE_NOPALETTE(8) /* 8bpp mode has palette and non-palette versions */
-DEF_DRAW_LINE_NOPALETTE(16)
-DEF_DRAW_LINE_NOPALETTE(32)
-
-/* Special draw line routine for window color map case */
-static void draw_line_mapcolor(Exynos4210fimdWindow *w, uint8_t *src,
- uint8_t *dst, bool blend)
-{
- rgba p, p_old;
- uint8_t *ifb = dst;
- int width = w->rightbot_x - w->lefttop_x + 1;
- uint32_t map_color = w->winmap & FIMD_WINMAP_COLOR_MASK;
-
- do {
- pixel_888_to_rgb(map_color, &p);
- p.a = w->get_alpha(w, p.a);
- if (blend) {
- ifb += get_pixel_ifb(ifb, &p_old);
- exynos4210_fimd_blend_pixel(w, p_old, &p);
- }
- dst += put_pixel_ifb(p, dst);
- } while (--width);
-}
-
-/* Write RGB to QEMU's GraphicConsole framebuffer */
-
-static int put_to_qemufb_pixel8(const rgba p, uint8_t *d)
-{
- uint32_t pixel = rgb_to_pixel8(p.r, p.g, p.b);
- *(uint8_t *)d = pixel;
- return 1;
-}
-
-static int put_to_qemufb_pixel15(const rgba p, uint8_t *d)
-{
- uint32_t pixel = rgb_to_pixel15(p.r, p.g, p.b);
- *(uint16_t *)d = pixel;
- return 2;
-}
-
-static int put_to_qemufb_pixel16(const rgba p, uint8_t *d)
-{
- uint32_t pixel = rgb_to_pixel16(p.r, p.g, p.b);
- *(uint16_t *)d = pixel;
- return 2;
-}
-
-static int put_to_qemufb_pixel24(const rgba p, uint8_t *d)
-{
- uint32_t pixel = rgb_to_pixel24(p.r, p.g, p.b);
- *(uint8_t *)d++ = (pixel >> 0) & 0xFF;
- *(uint8_t *)d++ = (pixel >> 8) & 0xFF;
- *(uint8_t *)d++ = (pixel >> 16) & 0xFF;
- return 3;
-}
-
-static int put_to_qemufb_pixel32(const rgba p, uint8_t *d)
-{
- uint32_t pixel = rgb_to_pixel24(p.r, p.g, p.b);
- *(uint32_t *)d = pixel;
- return 4;
-}
-
-/* Routine to copy pixel from internal buffer to QEMU buffer */
-static int (*put_pixel_toqemu)(const rgba p, uint8_t *pixel);
-static inline void fimd_update_putpix_qemu(int bpp)
-{
- switch (bpp) {
- case 8:
- put_pixel_toqemu = put_to_qemufb_pixel8;
- break;
- case 15:
- put_pixel_toqemu = put_to_qemufb_pixel15;
- break;
- case 16:
- put_pixel_toqemu = put_to_qemufb_pixel16;
- break;
- case 24:
- put_pixel_toqemu = put_to_qemufb_pixel24;
- break;
- case 32:
- put_pixel_toqemu = put_to_qemufb_pixel32;
- break;
- default:
- hw_error("exynos4210.fimd: unsupported BPP (%d)", bpp);
- break;
- }
-}
-
-/* Routine to copy a line from internal frame buffer to QEMU display */
-static void fimd_copy_line_toqemu(int width, uint8_t *src, uint8_t *dst)
-{
- rgba p;
-
- do {
- src += get_pixel_ifb(src, &p);
- dst += put_pixel_toqemu(p, dst);
- } while (--width);
-}
-
-/* Parse BPPMODE_F = WINCON1[5:2] bits */
-static void exynos4210_fimd_update_win_bppmode(Exynos4210fimdState *s, int win)
-{
- Exynos4210fimdWindow *w = &s->window[win];
-
- if (w->winmap & FIMD_WINMAP_EN) {
- w->draw_line = draw_line_mapcolor;
- return;
- }
-
- switch (WIN_BPP_MODE(w)) {
- case 0:
- w->draw_line = draw_line_palette_1;
- w->pixel_to_rgb =
- palette_data_format[exynos4210_fimd_palette_format(s, win)];
- break;
- case 1:
- w->draw_line = draw_line_palette_2;
- w->pixel_to_rgb =
- palette_data_format[exynos4210_fimd_palette_format(s, win)];
- break;
- case 2:
- w->draw_line = draw_line_palette_4;
- w->pixel_to_rgb =
- palette_data_format[exynos4210_fimd_palette_format(s, win)];
- break;
- case 3:
- w->draw_line = draw_line_palette_8;
- w->pixel_to_rgb =
- palette_data_format[exynos4210_fimd_palette_format(s, win)];
- break;
- case 4:
- w->draw_line = draw_line_8;
- w->pixel_to_rgb = pixel_a232_to_rgb;
- break;
- case 5:
- w->draw_line = draw_line_16;
- w->pixel_to_rgb = pixel_565_to_rgb;
- break;
- case 6:
- w->draw_line = draw_line_16;
- w->pixel_to_rgb = pixel_a555_to_rgb;
- break;
- case 7:
- w->draw_line = draw_line_16;
- w->pixel_to_rgb = pixel_1555_to_rgb;
- break;
- case 8:
- w->draw_line = draw_line_32;
- w->pixel_to_rgb = pixel_666_to_rgb;
- break;
- case 9:
- w->draw_line = draw_line_32;
- w->pixel_to_rgb = pixel_a665_to_rgb;
- break;
- case 10:
- w->draw_line = draw_line_32;
- w->pixel_to_rgb = pixel_a666_to_rgb;
- break;
- case 11:
- w->draw_line = draw_line_32;
- w->pixel_to_rgb = pixel_888_to_rgb;
- break;
- case 12:
- w->draw_line = draw_line_32;
- w->pixel_to_rgb = pixel_a887_to_rgb;
- break;
- case 13:
- w->draw_line = draw_line_32;
- if ((w->wincon & FIMD_WINCON_BLD_PIX) && (w->wincon &
- FIMD_WINCON_ALPHA_SEL)) {
- w->pixel_to_rgb = pixel_8888_to_rgb;
- } else {
- w->pixel_to_rgb = pixel_a888_to_rgb;
- }
- break;
- case 14:
- w->draw_line = draw_line_16;
- if ((w->wincon & FIMD_WINCON_BLD_PIX) && (w->wincon &
- FIMD_WINCON_ALPHA_SEL)) {
- w->pixel_to_rgb = pixel_4444_to_rgb;
- } else {
- w->pixel_to_rgb = pixel_a444_to_rgb;
- }
- break;
- case 15:
- w->draw_line = draw_line_16;
- w->pixel_to_rgb = pixel_555_to_rgb;
- break;
- }
-}
-
-#if EXYNOS4210_FIMD_MODE_TRACE > 0
-static const char *exynos4210_fimd_get_bppmode(int mode_code)
-{
- switch (mode_code) {
- case 0:
- return "1 bpp";
- case 1:
- return "2 bpp";
- case 2:
- return "4 bpp";
- case 3:
- return "8 bpp (palettized)";
- case 4:
- return "8 bpp (non-palettized, A: 1-R:2-G:3-B:2)";
- case 5:
- return "16 bpp (non-palettized, R:5-G:6-B:5)";
- case 6:
- return "16 bpp (non-palettized, A:1-R:5-G:5-B:5)";
- case 7:
- return "16 bpp (non-palettized, I :1-R:5-G:5-B:5)";
- case 8:
- return "Unpacked 18 bpp (non-palettized, R:6-G:6-B:6)";
- case 9:
- return "Unpacked 18bpp (non-palettized,A:1-R:6-G:6-B:5)";
- case 10:
- return "Unpacked 19bpp (non-palettized,A:1-R:6-G:6-B:6)";
- case 11:
- return "Unpacked 24 bpp (non-palettized R:8-G:8-B:8)";
- case 12:
- return "Unpacked 24 bpp (non-palettized A:1-R:8-G:8-B:7)";
- case 13:
- return "Unpacked 25 bpp (non-palettized A:1-R:8-G:8-B:8)";
- case 14:
- return "Unpacked 13 bpp (non-palettized A:1-R:4-G:4-B:4)";
- case 15:
- return "Unpacked 15 bpp (non-palettized R:5-G:5-B:5)";
- default:
- return "Non-existing bpp mode";
- }
-}
-
-static inline void exynos4210_fimd_trace_bppmode(Exynos4210fimdState *s,
- int win_num, uint32_t val)
-{
- Exynos4210fimdWindow *w = &s->window[win_num];
-
- if (w->winmap & FIMD_WINMAP_EN) {
- printf("QEMU FIMD: Window %d is mapped with MAPCOLOR=0x%x\n",
- win_num, w->winmap & 0xFFFFFF);
- return;
- }
-
- if ((val != 0xFFFFFFFF) && ((w->wincon >> 2) & 0xF) == ((val >> 2) & 0xF)) {
- return;
- }
- printf("QEMU FIMD: Window %d BPP mode set to %s\n", win_num,
- exynos4210_fimd_get_bppmode((val >> 2) & 0xF));
-}
-#else
-static inline void exynos4210_fimd_trace_bppmode(Exynos4210fimdState *s,
- int win_num, uint32_t val)
-{
-
-}
-#endif
-
-static inline int fimd_get_buffer_id(Exynos4210fimdWindow *w)
-{
- switch (w->wincon & FIMD_WINCON_BUFSTATUS) {
- case FIMD_WINCON_BUF0_STAT:
- return 0;
- case FIMD_WINCON_BUF1_STAT:
- return 1;
- case FIMD_WINCON_BUF2_STAT:
- return 2;
- default:
- DPRINT_ERROR("Non-existent buffer index\n");
- return 0;
- }
-}
-
-/* Updates specified window's MemorySection based on values of WINCON,
- * VIDOSDA, VIDOSDB, VIDWADDx and SHADOWCON registers */
-static void fimd_update_memory_section(Exynos4210fimdState *s, unsigned win)
-{
- Exynos4210fimdWindow *w = &s->window[win];
- hwaddr fb_start_addr, fb_mapped_len;
-
- if (!s->enabled || !(w->wincon & FIMD_WINCON_ENWIN) ||
- FIMD_WINDOW_PROTECTED(s->shadowcon, win)) {
- return;
- }
-
- if (w->host_fb_addr) {
- cpu_physical_memory_unmap(w->host_fb_addr, w->fb_len, 0, 0);
- w->host_fb_addr = NULL;
- w->fb_len = 0;
- }
-
- fb_start_addr = w->buf_start[fimd_get_buffer_id(w)];
- /* Total number of bytes of virtual screen used by current window */
- w->fb_len = fb_mapped_len = (w->virtpage_width + w->virtpage_offsize) *
- (w->rightbot_y - w->lefttop_y + 1);
- w->mem_section = memory_region_find(sysbus_address_space(&s->busdev),
- fb_start_addr, w->fb_len);
- assert(w->mem_section.mr);
- assert(w->mem_section.offset_within_address_space == fb_start_addr);
- DPRINT_TRACE("Window %u framebuffer changed: address=0x%08x, len=0x%x\n",
- win, fb_start_addr, w->fb_len);
-
- if (w->mem_section.size != w->fb_len ||
- !memory_region_is_ram(w->mem_section.mr)) {
- DPRINT_ERROR("Failed to find window %u framebuffer region\n", win);
- goto error_return;
- }
-
- w->host_fb_addr = cpu_physical_memory_map(fb_start_addr, &fb_mapped_len, 0);
- if (!w->host_fb_addr) {
- DPRINT_ERROR("Failed to map window %u framebuffer\n", win);
- goto error_return;
- }
-
- if (fb_mapped_len != w->fb_len) {
- DPRINT_ERROR("Window %u mapped framebuffer length is less then "
- "expected\n", win);
- cpu_physical_memory_unmap(w->host_fb_addr, fb_mapped_len, 0, 0);
- goto error_return;
- }
- return;
-
-error_return:
- w->mem_section.mr = NULL;
- w->mem_section.size = 0;
- w->host_fb_addr = NULL;
- w->fb_len = 0;
-}
-
-static void exynos4210_fimd_enable(Exynos4210fimdState *s, bool enabled)
-{
- if (enabled && !s->enabled) {
- unsigned w;
- s->enabled = true;
- for (w = 0; w < NUM_OF_WINDOWS; w++) {
- fimd_update_memory_section(s, w);
- }
- }
- s->enabled = enabled;
- DPRINT_TRACE("display controller %s\n", enabled ? "enabled" : "disabled");
-}
-
-static inline uint32_t unpack_upper_4(uint32_t x)
-{
- return ((x & 0xF00) << 12) | ((x & 0xF0) << 8) | ((x & 0xF) << 4);
-}
-
-static inline uint32_t pack_upper_4(uint32_t x)
-{
- return (((x & 0xF00000) >> 12) | ((x & 0xF000) >> 8) |
- ((x & 0xF0) >> 4)) & 0xFFF;
-}
-
-static void exynos4210_fimd_update_irq(Exynos4210fimdState *s)
-{
- if (!(s->vidintcon[0] & FIMD_VIDINT_INTEN)) {
- qemu_irq_lower(s->irq[0]);
- qemu_irq_lower(s->irq[1]);
- qemu_irq_lower(s->irq[2]);
- return;
- }
- if ((s->vidintcon[0] & FIMD_VIDINT_INTFIFOEN) &&
- (s->vidintcon[1] & FIMD_VIDINT_INTFIFOPEND)) {
- qemu_irq_raise(s->irq[0]);
- } else {
- qemu_irq_lower(s->irq[0]);
- }
- if ((s->vidintcon[0] & FIMD_VIDINT_INTFRMEN) &&
- (s->vidintcon[1] & FIMD_VIDINT_INTFRMPEND)) {
- qemu_irq_raise(s->irq[1]);
- } else {
- qemu_irq_lower(s->irq[1]);
- }
- if ((s->vidintcon[0] & FIMD_VIDINT_I80IFDONE) &&
- (s->vidintcon[1] & FIMD_VIDINT_INTI80PEND)) {
- qemu_irq_raise(s->irq[2]);
- } else {
- qemu_irq_lower(s->irq[2]);
- }
-}
-
-static void exynos4210_fimd_invalidate(void *opaque)
-{
- Exynos4210fimdState *s = (Exynos4210fimdState *)opaque;
- s->invalidate = true;
-}
-
-static void exynos4210_update_resolution(Exynos4210fimdState *s)
-{
- /* LCD resolution is stored in VIDEO TIME CONTROL REGISTER 2 */
- uint32_t width = ((s->vidtcon[2] >> FIMD_VIDTCON2_HOR_SHIFT) &
- FIMD_VIDTCON2_SIZE_MASK) + 1;
- uint32_t height = ((s->vidtcon[2] >> FIMD_VIDTCON2_VER_SHIFT) &
- FIMD_VIDTCON2_SIZE_MASK) + 1;
-
- if (s->ifb == NULL || ds_get_width(s->console) != width ||
- ds_get_height(s->console) != height) {
- DPRINT_L1("Resolution changed from %ux%u to %ux%u\n",
- ds_get_width(s->console), ds_get_height(s->console), width, height);
- qemu_console_resize(s->console, width, height);
- s->ifb = g_realloc(s->ifb, width * height * RGBA_SIZE + 1);
- memset(s->ifb, 0, width * height * RGBA_SIZE + 1);
- exynos4210_fimd_invalidate(s);
- }
-}
-
-static void exynos4210_fimd_update(void *opaque)
-{
- Exynos4210fimdState *s = (Exynos4210fimdState *)opaque;
- Exynos4210fimdWindow *w;
- int i, line;
- hwaddr fb_line_addr, inc_size;
- int scrn_height;
- int first_line = -1, last_line = -1, scrn_width;
- bool blend = false;
- uint8_t *host_fb_addr;
- bool is_dirty = false;
- const int global_width = (s->vidtcon[2] & FIMD_VIDTCON2_SIZE_MASK) + 1;
- const int global_height = ((s->vidtcon[2] >> FIMD_VIDTCON2_VER_SHIFT) &
- FIMD_VIDTCON2_SIZE_MASK) + 1;
-
- if (!s || !s->console || !ds_get_bits_per_pixel(s->console) ||
- !s->enabled) {
- return;
- }
- exynos4210_update_resolution(s);
-
- for (i = 0; i < NUM_OF_WINDOWS; i++) {
- w = &s->window[i];
- if ((w->wincon & FIMD_WINCON_ENWIN) && w->host_fb_addr) {
- scrn_height = w->rightbot_y - w->lefttop_y + 1;
- scrn_width = w->virtpage_width;
- /* Total width of virtual screen page in bytes */
- inc_size = scrn_width + w->virtpage_offsize;
- memory_region_sync_dirty_bitmap(w->mem_section.mr);
- host_fb_addr = w->host_fb_addr;
- fb_line_addr = w->mem_section.offset_within_region;
-
- for (line = 0; line < scrn_height; line++) {
- is_dirty = memory_region_get_dirty(w->mem_section.mr,
- fb_line_addr, scrn_width, DIRTY_MEMORY_VGA);
-
- if (s->invalidate || is_dirty) {
- if (first_line == -1) {
- first_line = line;
- }
- last_line = line;
- w->draw_line(w, host_fb_addr, s->ifb +
- w->lefttop_x * RGBA_SIZE + (w->lefttop_y + line) *
- global_width * RGBA_SIZE, blend);
- }
- host_fb_addr += inc_size;
- fb_line_addr += inc_size;
- is_dirty = false;
- }
- memory_region_reset_dirty(w->mem_section.mr,
- w->mem_section.offset_within_region,
- w->fb_len, DIRTY_MEMORY_VGA);
- blend = true;
- }
- }
-
- /* Copy resulting image to QEMU_CONSOLE. */
- if (first_line >= 0) {
- uint8_t *d;
- int bpp;
-
- bpp = ds_get_bits_per_pixel(s->console);
- fimd_update_putpix_qemu(bpp);
- bpp = (bpp + 1) >> 3;
- d = ds_get_data(s->console);
- for (line = first_line; line <= last_line; line++) {
- fimd_copy_line_toqemu(global_width, s->ifb + global_width * line *
- RGBA_SIZE, d + global_width * line * bpp);
- }
- dpy_gfx_update(s->console, 0, 0, global_width, global_height);
- }
- s->invalidate = false;
- s->vidintcon[1] |= FIMD_VIDINT_INTFRMPEND;
- if ((s->vidcon[0] & FIMD_VIDCON0_ENVID_F) == 0) {
- exynos4210_fimd_enable(s, false);
- }
- exynos4210_fimd_update_irq(s);
-}
-
-static void exynos4210_fimd_reset(DeviceState *d)
-{
- Exynos4210fimdState *s = DO_UPCAST(Exynos4210fimdState, busdev.qdev, d);
- unsigned w;
-
- DPRINT_TRACE("Display controller reset\n");
- /* Set all display controller registers to 0 */
- memset(&s->vidcon, 0, (uint8_t *)&s->window - (uint8_t *)&s->vidcon);
- for (w = 0; w < NUM_OF_WINDOWS; w++) {
- memset(&s->window[w], 0, sizeof(Exynos4210fimdWindow));
- s->window[w].blendeq = 0xC2;
- exynos4210_fimd_update_win_bppmode(s, w);
- exynos4210_fimd_trace_bppmode(s, w, 0xFFFFFFFF);
- fimd_update_get_alpha(s, w);
- }
-
- if (s->ifb != NULL) {
- g_free(s->ifb);
- }
- s->ifb = NULL;
-
- exynos4210_fimd_invalidate(s);
- exynos4210_fimd_enable(s, false);
- /* Some registers have non-zero initial values */
- s->winchmap = 0x7D517D51;
- s->colorgaincon = 0x10040100;
- s->huecoef_cr[0] = s->huecoef_cr[3] = 0x01000100;
- s->huecoef_cb[0] = s->huecoef_cb[3] = 0x01000100;
- s->hueoffset = 0x01800080;
-}
-
-static void exynos4210_fimd_write(void *opaque, hwaddr offset,
- uint64_t val, unsigned size)
-{
- Exynos4210fimdState *s = (Exynos4210fimdState *)opaque;
- unsigned w, i;
- uint32_t old_value;
-
- DPRINT_L2("write offset 0x%08x, value=%llu(0x%08llx)\n", offset,
- (long long unsigned int)val, (long long unsigned int)val);
-
- switch (offset) {
- case FIMD_VIDCON0:
- if ((val & FIMD_VIDCON0_ENVID_MASK) == FIMD_VIDCON0_ENVID_MASK) {
- exynos4210_fimd_enable(s, true);
- } else {
- if ((val & FIMD_VIDCON0_ENVID) == 0) {
- exynos4210_fimd_enable(s, false);
- }
- }
- s->vidcon[0] = val;
- break;
- case FIMD_VIDCON1:
- /* Leave read-only bits as is */
- val = (val & (~FIMD_VIDCON1_ROMASK)) |
- (s->vidcon[1] & FIMD_VIDCON1_ROMASK);
- s->vidcon[1] = val;
- break;
- case FIMD_VIDCON2 ... FIMD_VIDCON3:
- s->vidcon[(offset) >> 2] = val;
- break;
- case FIMD_VIDTCON_START ... FIMD_VIDTCON_END:
- s->vidtcon[(offset - FIMD_VIDTCON_START) >> 2] = val;
- break;
- case FIMD_WINCON_START ... FIMD_WINCON_END:
- w = (offset - FIMD_WINCON_START) >> 2;
- /* Window's current buffer ID */
- i = fimd_get_buffer_id(&s->window[w]);
- old_value = s->window[w].wincon;
- val = (val & ~FIMD_WINCON_ROMASK) |
- (s->window[w].wincon & FIMD_WINCON_ROMASK);
- if (w == 0) {
- /* Window 0 wincon ALPHA_MUL bit must always be 0 */
- val &= ~FIMD_WINCON_ALPHA_MUL;
- }
- exynos4210_fimd_trace_bppmode(s, w, val);
- switch (val & FIMD_WINCON_BUFSELECT) {
- case FIMD_WINCON_BUF0_SEL:
- val &= ~FIMD_WINCON_BUFSTATUS;
- break;
- case FIMD_WINCON_BUF1_SEL:
- val = (val & ~FIMD_WINCON_BUFSTAT_H) | FIMD_WINCON_BUFSTAT_L;
- break;
- case FIMD_WINCON_BUF2_SEL:
- if (val & FIMD_WINCON_BUFMODE) {
- val = (val & ~FIMD_WINCON_BUFSTAT_L) | FIMD_WINCON_BUFSTAT_H;
- }
- break;
- default:
- break;
- }
- s->window[w].wincon = val;
- exynos4210_fimd_update_win_bppmode(s, w);
- fimd_update_get_alpha(s, w);
- if ((i != fimd_get_buffer_id(&s->window[w])) ||
- (!(old_value & FIMD_WINCON_ENWIN) && (s->window[w].wincon &
- FIMD_WINCON_ENWIN))) {
- fimd_update_memory_section(s, w);
- }
- break;
- case FIMD_SHADOWCON:
- old_value = s->shadowcon;
- s->shadowcon = val;
- for (w = 0; w < NUM_OF_WINDOWS; w++) {
- if (FIMD_WINDOW_PROTECTED(old_value, w) &&
- !FIMD_WINDOW_PROTECTED(s->shadowcon, w)) {
- fimd_update_memory_section(s, w);
- }
- }
- break;
- case FIMD_WINCHMAP:
- s->winchmap = val;
- break;
- case FIMD_VIDOSD_START ... FIMD_VIDOSD_END:
- w = (offset - FIMD_VIDOSD_START) >> 4;
- i = ((offset - FIMD_VIDOSD_START) & 0xF) >> 2;
- switch (i) {
- case 0:
- old_value = s->window[w].lefttop_y;
- s->window[w].lefttop_x = (val >> FIMD_VIDOSD_HOR_SHIFT) &
- FIMD_VIDOSD_COORD_MASK;
- s->window[w].lefttop_y = (val >> FIMD_VIDOSD_VER_SHIFT) &
- FIMD_VIDOSD_COORD_MASK;
- if (s->window[w].lefttop_y != old_value) {
- fimd_update_memory_section(s, w);
- }
- break;
- case 1:
- old_value = s->window[w].rightbot_y;
- s->window[w].rightbot_x = (val >> FIMD_VIDOSD_HOR_SHIFT) &
- FIMD_VIDOSD_COORD_MASK;
- s->window[w].rightbot_y = (val >> FIMD_VIDOSD_VER_SHIFT) &
- FIMD_VIDOSD_COORD_MASK;
- if (s->window[w].rightbot_y != old_value) {
- fimd_update_memory_section(s, w);
- }
- break;
- case 2:
- if (w == 0) {
- s->window[w].osdsize = val;
- } else {
- s->window[w].alpha_val[0] =
- unpack_upper_4((val & FIMD_VIDOSD_ALPHA_AEN0) >>
- FIMD_VIDOSD_AEN0_SHIFT) |
- (s->window[w].alpha_val[0] & FIMD_VIDALPHA_ALPHA_LOWER);
- s->window[w].alpha_val[1] =
- unpack_upper_4(val & FIMD_VIDOSD_ALPHA_AEN1) |
- (s->window[w].alpha_val[1] & FIMD_VIDALPHA_ALPHA_LOWER);
- }
- break;
- case 3:
- if (w != 1 && w != 2) {
- DPRINT_ERROR("Bad write offset 0x%08x\n", offset);
- return;
- }
- s->window[w].osdsize = val;
- break;
- }
- break;
- case FIMD_VIDWADD0_START ... FIMD_VIDWADD0_END:
- w = (offset - FIMD_VIDWADD0_START) >> 3;
- i = ((offset - FIMD_VIDWADD0_START) >> 2) & 1;
- if (i == fimd_get_buffer_id(&s->window[w]) &&
- s->window[w].buf_start[i] != val) {
- s->window[w].buf_start[i] = val;
- fimd_update_memory_section(s, w);
- break;
- }
- s->window[w].buf_start[i] = val;
- break;
- case FIMD_VIDWADD1_START ... FIMD_VIDWADD1_END:
- w = (offset - FIMD_VIDWADD1_START) >> 3;
- i = ((offset - FIMD_VIDWADD1_START) >> 2) & 1;
- s->window[w].buf_end[i] = val;
- break;
- case FIMD_VIDWADD2_START ... FIMD_VIDWADD2_END:
- w = (offset - FIMD_VIDWADD2_START) >> 2;
- if (((val & FIMD_VIDWADD2_PAGEWIDTH) != s->window[w].virtpage_width) ||
- (((val >> FIMD_VIDWADD2_OFFSIZE_SHIFT) & FIMD_VIDWADD2_OFFSIZE) !=
- s->window[w].virtpage_offsize)) {
- s->window[w].virtpage_width = val & FIMD_VIDWADD2_PAGEWIDTH;
- s->window[w].virtpage_offsize =
- (val >> FIMD_VIDWADD2_OFFSIZE_SHIFT) & FIMD_VIDWADD2_OFFSIZE;
- fimd_update_memory_section(s, w);
- }
- break;
- case FIMD_VIDINTCON0:
- s->vidintcon[0] = val;
- break;
- case FIMD_VIDINTCON1:
- s->vidintcon[1] &= ~(val & 7);
- exynos4210_fimd_update_irq(s);
- break;
- case FIMD_WKEYCON_START ... FIMD_WKEYCON_END:
- w = ((offset - FIMD_WKEYCON_START) >> 3) + 1;
- i = ((offset - FIMD_WKEYCON_START) >> 2) & 1;
- s->window[w].keycon[i] = val;
- break;
- case FIMD_WKEYALPHA_START ... FIMD_WKEYALPHA_END:
- w = ((offset - FIMD_WKEYALPHA_START) >> 2) + 1;
- s->window[w].keyalpha = val;
- break;
- case FIMD_DITHMODE:
- s->dithmode = val;
- break;
- case FIMD_WINMAP_START ... FIMD_WINMAP_END:
- w = (offset - FIMD_WINMAP_START) >> 2;
- old_value = s->window[w].winmap;
- s->window[w].winmap = val;
- if ((val & FIMD_WINMAP_EN) ^ (old_value & FIMD_WINMAP_EN)) {
- exynos4210_fimd_invalidate(s);
- exynos4210_fimd_update_win_bppmode(s, w);
- exynos4210_fimd_trace_bppmode(s, w, 0xFFFFFFFF);
- exynos4210_fimd_update(s);
- }
- break;
- case FIMD_WPALCON_HIGH ... FIMD_WPALCON_LOW:
- i = (offset - FIMD_WPALCON_HIGH) >> 2;
- s->wpalcon[i] = val;
- if (s->wpalcon[1] & FIMD_WPALCON_UPDATEEN) {
- for (w = 0; w < NUM_OF_WINDOWS; w++) {
- exynos4210_fimd_update_win_bppmode(s, w);
- fimd_update_get_alpha(s, w);
- }
- }
- break;
- case FIMD_TRIGCON:
- val = (val & ~FIMD_TRIGCON_ROMASK) | (s->trigcon & FIMD_TRIGCON_ROMASK);
- s->trigcon = val;
- break;
- case FIMD_I80IFCON_START ... FIMD_I80IFCON_END:
- s->i80ifcon[(offset - FIMD_I80IFCON_START) >> 2] = val;
- break;
- case FIMD_COLORGAINCON:
- s->colorgaincon = val;
- break;
- case FIMD_LDI_CMDCON0 ... FIMD_LDI_CMDCON1:
- s->ldi_cmdcon[(offset - FIMD_LDI_CMDCON0) >> 2] = val;
- break;
- case FIMD_SIFCCON0 ... FIMD_SIFCCON2:
- i = (offset - FIMD_SIFCCON0) >> 2;
- if (i != 2) {
- s->sifccon[i] = val;
- }
- break;
- case FIMD_HUECOEFCR_START ... FIMD_HUECOEFCR_END:
- i = (offset - FIMD_HUECOEFCR_START) >> 2;
- s->huecoef_cr[i] = val;
- break;
- case FIMD_HUECOEFCB_START ... FIMD_HUECOEFCB_END:
- i = (offset - FIMD_HUECOEFCB_START) >> 2;
- s->huecoef_cb[i] = val;
- break;
- case FIMD_HUEOFFSET:
- s->hueoffset = val;
- break;
- case FIMD_VIDWALPHA_START ... FIMD_VIDWALPHA_END:
- w = ((offset - FIMD_VIDWALPHA_START) >> 3);
- i = ((offset - FIMD_VIDWALPHA_START) >> 2) & 1;
- if (w == 0) {
- s->window[w].alpha_val[i] = val;
- } else {
- s->window[w].alpha_val[i] = (val & FIMD_VIDALPHA_ALPHA_LOWER) |
- (s->window[w].alpha_val[i] & FIMD_VIDALPHA_ALPHA_UPPER);
- }
- break;
- case FIMD_BLENDEQ_START ... FIMD_BLENDEQ_END:
- s->window[(offset - FIMD_BLENDEQ_START) >> 2].blendeq = val;
- break;
- case FIMD_BLENDCON:
- old_value = s->blendcon;
- s->blendcon = val;
- if ((s->blendcon & FIMD_ALPHA_8BIT) != (old_value & FIMD_ALPHA_8BIT)) {
- for (w = 0; w < NUM_OF_WINDOWS; w++) {
- fimd_update_get_alpha(s, w);
- }
- }
- break;
- case FIMD_WRTQOSCON_START ... FIMD_WRTQOSCON_END:
- s->window[(offset - FIMD_WRTQOSCON_START) >> 2].rtqoscon = val;
- break;
- case FIMD_I80IFCMD_START ... FIMD_I80IFCMD_END:
- s->i80ifcmd[(offset - FIMD_I80IFCMD_START) >> 2] = val;
- break;
- case FIMD_VIDW0ADD0_B2 ... FIMD_VIDW4ADD0_B2:
- if (offset & 0x0004) {
- DPRINT_ERROR("bad write offset 0x%08x\n", offset);
- break;
- }
- w = (offset - FIMD_VIDW0ADD0_B2) >> 3;
- if (fimd_get_buffer_id(&s->window[w]) == 2 &&
- s->window[w].buf_start[2] != val) {
- s->window[w].buf_start[2] = val;
- fimd_update_memory_section(s, w);
- break;
- }
- s->window[w].buf_start[2] = val;
- break;
- case FIMD_SHD_ADD0_START ... FIMD_SHD_ADD0_END:
- if (offset & 0x0004) {
- DPRINT_ERROR("bad write offset 0x%08x\n", offset);
- break;
- }
- s->window[(offset - FIMD_SHD_ADD0_START) >> 3].shadow_buf_start = val;
- break;
- case FIMD_SHD_ADD1_START ... FIMD_SHD_ADD1_END:
- if (offset & 0x0004) {
- DPRINT_ERROR("bad write offset 0x%08x\n", offset);
- break;
- }
- s->window[(offset - FIMD_SHD_ADD1_START) >> 3].shadow_buf_end = val;
- break;
- case FIMD_SHD_ADD2_START ... FIMD_SHD_ADD2_END:
- s->window[(offset - FIMD_SHD_ADD2_START) >> 2].shadow_buf_size = val;
- break;
- case FIMD_PAL_MEM_START ... FIMD_PAL_MEM_END:
- w = (offset - FIMD_PAL_MEM_START) >> 10;
- i = ((offset - FIMD_PAL_MEM_START) >> 2) & 0xFF;
- s->window[w].palette[i] = val;
- break;
- case FIMD_PALMEM_AL_START ... FIMD_PALMEM_AL_END:
- /* Palette memory aliases for windows 0 and 1 */
- w = (offset - FIMD_PALMEM_AL_START) >> 10;
- i = ((offset - FIMD_PALMEM_AL_START) >> 2) & 0xFF;
- s->window[w].palette[i] = val;
- break;
- default:
- DPRINT_ERROR("bad write offset 0x%08x\n", offset);
- break;
- }
-}
-
-static uint64_t exynos4210_fimd_read(void *opaque, hwaddr offset,
- unsigned size)
-{
- Exynos4210fimdState *s = (Exynos4210fimdState *)opaque;
- int w, i;
- uint32_t ret = 0;
-
- DPRINT_L2("read offset 0x%08x\n", offset);
-
- switch (offset) {
- case FIMD_VIDCON0 ... FIMD_VIDCON3:
- return s->vidcon[(offset - FIMD_VIDCON0) >> 2];
- case FIMD_VIDTCON_START ... FIMD_VIDTCON_END:
- return s->vidtcon[(offset - FIMD_VIDTCON_START) >> 2];
- case FIMD_WINCON_START ... FIMD_WINCON_END:
- return s->window[(offset - FIMD_WINCON_START) >> 2].wincon;
- case FIMD_SHADOWCON:
- return s->shadowcon;
- case FIMD_WINCHMAP:
- return s->winchmap;
- case FIMD_VIDOSD_START ... FIMD_VIDOSD_END:
- w = (offset - FIMD_VIDOSD_START) >> 4;
- i = ((offset - FIMD_VIDOSD_START) & 0xF) >> 2;
- switch (i) {
- case 0:
- ret = ((s->window[w].lefttop_x & FIMD_VIDOSD_COORD_MASK) <<
- FIMD_VIDOSD_HOR_SHIFT) |
- (s->window[w].lefttop_y & FIMD_VIDOSD_COORD_MASK);
- break;
- case 1:
- ret = ((s->window[w].rightbot_x & FIMD_VIDOSD_COORD_MASK) <<
- FIMD_VIDOSD_HOR_SHIFT) |
- (s->window[w].rightbot_y & FIMD_VIDOSD_COORD_MASK);
- break;
- case 2:
- if (w == 0) {
- ret = s->window[w].osdsize;
- } else {
- ret = (pack_upper_4(s->window[w].alpha_val[0]) <<
- FIMD_VIDOSD_AEN0_SHIFT) |
- pack_upper_4(s->window[w].alpha_val[1]);
- }
- break;
- case 3:
- if (w != 1 && w != 2) {
- DPRINT_ERROR("bad read offset 0x%08x\n", offset);
- return 0xBAADBAAD;
- }
- ret = s->window[w].osdsize;
- break;
- }
- return ret;
- case FIMD_VIDWADD0_START ... FIMD_VIDWADD0_END:
- w = (offset - FIMD_VIDWADD0_START) >> 3;
- i = ((offset - FIMD_VIDWADD0_START) >> 2) & 1;
- return s->window[w].buf_start[i];
- case FIMD_VIDWADD1_START ... FIMD_VIDWADD1_END:
- w = (offset - FIMD_VIDWADD1_START) >> 3;
- i = ((offset - FIMD_VIDWADD1_START) >> 2) & 1;
- return s->window[w].buf_end[i];
- case FIMD_VIDWADD2_START ... FIMD_VIDWADD2_END:
- w = (offset - FIMD_VIDWADD2_START) >> 2;
- return s->window[w].virtpage_width | (s->window[w].virtpage_offsize <<
- FIMD_VIDWADD2_OFFSIZE_SHIFT);
- case FIMD_VIDINTCON0 ... FIMD_VIDINTCON1:
- return s->vidintcon[(offset - FIMD_VIDINTCON0) >> 2];
- case FIMD_WKEYCON_START ... FIMD_WKEYCON_END:
- w = ((offset - FIMD_WKEYCON_START) >> 3) + 1;
- i = ((offset - FIMD_WKEYCON_START) >> 2) & 1;
- return s->window[w].keycon[i];
- case FIMD_WKEYALPHA_START ... FIMD_WKEYALPHA_END:
- w = ((offset - FIMD_WKEYALPHA_START) >> 2) + 1;
- return s->window[w].keyalpha;
- case FIMD_DITHMODE:
- return s->dithmode;
- case FIMD_WINMAP_START ... FIMD_WINMAP_END:
- return s->window[(offset - FIMD_WINMAP_START) >> 2].winmap;
- case FIMD_WPALCON_HIGH ... FIMD_WPALCON_LOW:
- return s->wpalcon[(offset - FIMD_WPALCON_HIGH) >> 2];
- case FIMD_TRIGCON:
- return s->trigcon;
- case FIMD_I80IFCON_START ... FIMD_I80IFCON_END:
- return s->i80ifcon[(offset - FIMD_I80IFCON_START) >> 2];
- case FIMD_COLORGAINCON:
- return s->colorgaincon;
- case FIMD_LDI_CMDCON0 ... FIMD_LDI_CMDCON1:
- return s->ldi_cmdcon[(offset - FIMD_LDI_CMDCON0) >> 2];
- case FIMD_SIFCCON0 ... FIMD_SIFCCON2:
- i = (offset - FIMD_SIFCCON0) >> 2;
- return s->sifccon[i];
- case FIMD_HUECOEFCR_START ... FIMD_HUECOEFCR_END:
- i = (offset - FIMD_HUECOEFCR_START) >> 2;
- return s->huecoef_cr[i];
- case FIMD_HUECOEFCB_START ... FIMD_HUECOEFCB_END:
- i = (offset - FIMD_HUECOEFCB_START) >> 2;
- return s->huecoef_cb[i];
- case FIMD_HUEOFFSET:
- return s->hueoffset;
- case FIMD_VIDWALPHA_START ... FIMD_VIDWALPHA_END:
- w = ((offset - FIMD_VIDWALPHA_START) >> 3);
- i = ((offset - FIMD_VIDWALPHA_START) >> 2) & 1;
- return s->window[w].alpha_val[i] &
- (w == 0 ? 0xFFFFFF : FIMD_VIDALPHA_ALPHA_LOWER);
- case FIMD_BLENDEQ_START ... FIMD_BLENDEQ_END:
- return s->window[(offset - FIMD_BLENDEQ_START) >> 2].blendeq;
- case FIMD_BLENDCON:
- return s->blendcon;
- case FIMD_WRTQOSCON_START ... FIMD_WRTQOSCON_END:
- return s->window[(offset - FIMD_WRTQOSCON_START) >> 2].rtqoscon;
- case FIMD_I80IFCMD_START ... FIMD_I80IFCMD_END:
- return s->i80ifcmd[(offset - FIMD_I80IFCMD_START) >> 2];
- case FIMD_VIDW0ADD0_B2 ... FIMD_VIDW4ADD0_B2:
- if (offset & 0x0004) {
- break;
- }
- return s->window[(offset - FIMD_VIDW0ADD0_B2) >> 3].buf_start[2];
- case FIMD_SHD_ADD0_START ... FIMD_SHD_ADD0_END:
- if (offset & 0x0004) {
- break;
- }
- return s->window[(offset - FIMD_SHD_ADD0_START) >> 3].shadow_buf_start;
- case FIMD_SHD_ADD1_START ... FIMD_SHD_ADD1_END:
- if (offset & 0x0004) {
- break;
- }
- return s->window[(offset - FIMD_SHD_ADD1_START) >> 3].shadow_buf_end;
- case FIMD_SHD_ADD2_START ... FIMD_SHD_ADD2_END:
- return s->window[(offset - FIMD_SHD_ADD2_START) >> 2].shadow_buf_size;
- case FIMD_PAL_MEM_START ... FIMD_PAL_MEM_END:
- w = (offset - FIMD_PAL_MEM_START) >> 10;
- i = ((offset - FIMD_PAL_MEM_START) >> 2) & 0xFF;
- return s->window[w].palette[i];
- case FIMD_PALMEM_AL_START ... FIMD_PALMEM_AL_END:
- /* Palette aliases for win 0,1 */
- w = (offset - FIMD_PALMEM_AL_START) >> 10;
- i = ((offset - FIMD_PALMEM_AL_START) >> 2) & 0xFF;
- return s->window[w].palette[i];
- }
-
- DPRINT_ERROR("bad read offset 0x%08x\n", offset);
- return 0xBAADBAAD;
-}
-
-static const MemoryRegionOps exynos4210_fimd_mmio_ops = {
- .read = exynos4210_fimd_read,
- .write = exynos4210_fimd_write,
- .valid = {
- .min_access_size = 4,
- .max_access_size = 4,
- .unaligned = false
- },
- .endianness = DEVICE_NATIVE_ENDIAN,
-};
-
-static int exynos4210_fimd_load(void *opaque, int version_id)
-{
- Exynos4210fimdState *s = (Exynos4210fimdState *)opaque;
- int w;
-
- if (version_id != 1) {
- return -EINVAL;
- }
-
- for (w = 0; w < NUM_OF_WINDOWS; w++) {
- exynos4210_fimd_update_win_bppmode(s, w);
- fimd_update_get_alpha(s, w);
- fimd_update_memory_section(s, w);
- }
-
- /* Redraw the whole screen */
- exynos4210_update_resolution(s);
- exynos4210_fimd_invalidate(s);
- exynos4210_fimd_enable(s, (s->vidcon[0] & FIMD_VIDCON0_ENVID_MASK) ==
- FIMD_VIDCON0_ENVID_MASK);
- return 0;
-}
-
-static const VMStateDescription exynos4210_fimd_window_vmstate = {
- .name = "exynos4210.fimd_window",
- .version_id = 1,
- .minimum_version_id = 1,
- .fields = (VMStateField[]) {
- VMSTATE_UINT32(wincon, Exynos4210fimdWindow),
- VMSTATE_UINT32_ARRAY(buf_start, Exynos4210fimdWindow, 3),
- VMSTATE_UINT32_ARRAY(buf_end, Exynos4210fimdWindow, 3),
- VMSTATE_UINT32_ARRAY(keycon, Exynos4210fimdWindow, 2),
- VMSTATE_UINT32(keyalpha, Exynos4210fimdWindow),
- VMSTATE_UINT32(winmap, Exynos4210fimdWindow),
- VMSTATE_UINT32(blendeq, Exynos4210fimdWindow),
- VMSTATE_UINT32(rtqoscon, Exynos4210fimdWindow),
- VMSTATE_UINT32_ARRAY(palette, Exynos4210fimdWindow, 256),
- VMSTATE_UINT32(shadow_buf_start, Exynos4210fimdWindow),
- VMSTATE_UINT32(shadow_buf_end, Exynos4210fimdWindow),
- VMSTATE_UINT32(shadow_buf_size, Exynos4210fimdWindow),
- VMSTATE_UINT16(lefttop_x, Exynos4210fimdWindow),
- VMSTATE_UINT16(lefttop_y, Exynos4210fimdWindow),
- VMSTATE_UINT16(rightbot_x, Exynos4210fimdWindow),
- VMSTATE_UINT16(rightbot_y, Exynos4210fimdWindow),
- VMSTATE_UINT32(osdsize, Exynos4210fimdWindow),
- VMSTATE_UINT32_ARRAY(alpha_val, Exynos4210fimdWindow, 2),
- VMSTATE_UINT16(virtpage_width, Exynos4210fimdWindow),
- VMSTATE_UINT16(virtpage_offsize, Exynos4210fimdWindow),
- VMSTATE_END_OF_LIST()
- }
-};
-
-static const VMStateDescription exynos4210_fimd_vmstate = {
- .name = "exynos4210.fimd",
- .version_id = 1,
- .minimum_version_id = 1,
- .post_load = exynos4210_fimd_load,
- .fields = (VMStateField[]) {
- VMSTATE_UINT32_ARRAY(vidcon, Exynos4210fimdState, 4),
- VMSTATE_UINT32_ARRAY(vidtcon, Exynos4210fimdState, 4),
- VMSTATE_UINT32(shadowcon, Exynos4210fimdState),
- VMSTATE_UINT32(winchmap, Exynos4210fimdState),
- VMSTATE_UINT32_ARRAY(vidintcon, Exynos4210fimdState, 2),
- VMSTATE_UINT32(dithmode, Exynos4210fimdState),
- VMSTATE_UINT32_ARRAY(wpalcon, Exynos4210fimdState, 2),
- VMSTATE_UINT32(trigcon, Exynos4210fimdState),
- VMSTATE_UINT32_ARRAY(i80ifcon, Exynos4210fimdState, 4),
- VMSTATE_UINT32(colorgaincon, Exynos4210fimdState),
- VMSTATE_UINT32_ARRAY(ldi_cmdcon, Exynos4210fimdState, 2),
- VMSTATE_UINT32_ARRAY(sifccon, Exynos4210fimdState, 3),
- VMSTATE_UINT32_ARRAY(huecoef_cr, Exynos4210fimdState, 4),
- VMSTATE_UINT32_ARRAY(huecoef_cb, Exynos4210fimdState, 4),
- VMSTATE_UINT32(hueoffset, Exynos4210fimdState),
- VMSTATE_UINT32_ARRAY(i80ifcmd, Exynos4210fimdState, 12),
- VMSTATE_UINT32(blendcon, Exynos4210fimdState),
- VMSTATE_STRUCT_ARRAY(window, Exynos4210fimdState, 5, 1,
- exynos4210_fimd_window_vmstate, Exynos4210fimdWindow),
- VMSTATE_END_OF_LIST()
- }
-};
-
-static int exynos4210_fimd_init(SysBusDevice *dev)
-{
- Exynos4210fimdState *s = FROM_SYSBUS(Exynos4210fimdState, dev);
-
- s->ifb = NULL;
-
- sysbus_init_irq(dev, &s->irq[0]);
- sysbus_init_irq(dev, &s->irq[1]);
- sysbus_init_irq(dev, &s->irq[2]);
-
- memory_region_init_io(&s->iomem, &exynos4210_fimd_mmio_ops, s,
- "exynos4210.fimd", FIMD_REGS_SIZE);
- sysbus_init_mmio(dev, &s->iomem);
- s->console = graphic_console_init(exynos4210_fimd_update,
- exynos4210_fimd_invalidate, NULL, NULL, s);
-
- return 0;
-}
-
-static void exynos4210_fimd_class_init(ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS(klass);
- SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
-
- dc->vmsd = &exynos4210_fimd_vmstate;
- dc->reset = exynos4210_fimd_reset;
- k->init = exynos4210_fimd_init;
-}
-
-static TypeInfo exynos4210_fimd_info = {
- .name = "exynos4210.fimd",
- .parent = TYPE_SYS_BUS_DEVICE,
- .instance_size = sizeof(Exynos4210fimdState),
- .class_init = exynos4210_fimd_class_init,
-};
-
-static void exynos4210_fimd_register_types(void)
-{
- type_register_static(&exynos4210_fimd_info);
-}
-
-type_init(exynos4210_fimd_register_types)
diff --git a/hw/exynos4210_gic.c b/hw/exynos4210_gic.c
deleted file mode 100644
index 4fea09873..000000000
--- a/hw/exynos4210_gic.c
+++ /dev/null
@@ -1,462 +0,0 @@
-/*
- * Samsung exynos4210 GIC implementation. Based on hw/arm_gic.c
- *
- * Copyright (c) 2000 - 2011 Samsung Electronics Co., Ltd.
- * All rights reserved.
- *
- * Evgeny Voevodin <e.voevodin@samsung.com>
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
- * See the GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, see <http://www.gnu.org/licenses/>.
- */
-
-#include "sysbus.h"
-#include "qemu-common.h"
-#include "irq.h"
-#include "exynos4210.h"
-
-enum ExtGicId {
- EXT_GIC_ID_MDMA_LCD0 = 66,
- EXT_GIC_ID_PDMA0,
- EXT_GIC_ID_PDMA1,
- EXT_GIC_ID_TIMER0,
- EXT_GIC_ID_TIMER1,
- EXT_GIC_ID_TIMER2,
- EXT_GIC_ID_TIMER3,
- EXT_GIC_ID_TIMER4,
- EXT_GIC_ID_MCT_L0,
- EXT_GIC_ID_WDT,
- EXT_GIC_ID_RTC_ALARM,
- EXT_GIC_ID_RTC_TIC,
- EXT_GIC_ID_GPIO_XB,
- EXT_GIC_ID_GPIO_XA,
- EXT_GIC_ID_MCT_L1,
- EXT_GIC_ID_IEM_APC,
- EXT_GIC_ID_IEM_IEC,
- EXT_GIC_ID_NFC,
- EXT_GIC_ID_UART0,
- EXT_GIC_ID_UART1,
- EXT_GIC_ID_UART2,
- EXT_GIC_ID_UART3,
- EXT_GIC_ID_UART4,
- EXT_GIC_ID_MCT_G0,
- EXT_GIC_ID_I2C0,
- EXT_GIC_ID_I2C1,
- EXT_GIC_ID_I2C2,
- EXT_GIC_ID_I2C3,
- EXT_GIC_ID_I2C4,
- EXT_GIC_ID_I2C5,
- EXT_GIC_ID_I2C6,
- EXT_GIC_ID_I2C7,
- EXT_GIC_ID_SPI0,
- EXT_GIC_ID_SPI1,
- EXT_GIC_ID_SPI2,
- EXT_GIC_ID_MCT_G1,
- EXT_GIC_ID_USB_HOST,
- EXT_GIC_ID_USB_DEVICE,
- EXT_GIC_ID_MODEMIF,
- EXT_GIC_ID_HSMMC0,
- EXT_GIC_ID_HSMMC1,
- EXT_GIC_ID_HSMMC2,
- EXT_GIC_ID_HSMMC3,
- EXT_GIC_ID_SDMMC,
- EXT_GIC_ID_MIPI_CSI_4LANE,
- EXT_GIC_ID_MIPI_DSI_4LANE,
- EXT_GIC_ID_MIPI_CSI_2LANE,
- EXT_GIC_ID_MIPI_DSI_2LANE,
- EXT_GIC_ID_ONENAND_AUDI,
- EXT_GIC_ID_ROTATOR,
- EXT_GIC_ID_FIMC0,
- EXT_GIC_ID_FIMC1,
- EXT_GIC_ID_FIMC2,
- EXT_GIC_ID_FIMC3,
- EXT_GIC_ID_JPEG,
- EXT_GIC_ID_2D,
- EXT_GIC_ID_PCIe,
- EXT_GIC_ID_MIXER,
- EXT_GIC_ID_HDMI,
- EXT_GIC_ID_HDMI_I2C,
- EXT_GIC_ID_MFC,
- EXT_GIC_ID_TVENC,
-};
-
-enum ExtInt {
- EXT_GIC_ID_EXTINT0 = 48,
- EXT_GIC_ID_EXTINT1,
- EXT_GIC_ID_EXTINT2,
- EXT_GIC_ID_EXTINT3,
- EXT_GIC_ID_EXTINT4,
- EXT_GIC_ID_EXTINT5,
- EXT_GIC_ID_EXTINT6,
- EXT_GIC_ID_EXTINT7,
- EXT_GIC_ID_EXTINT8,
- EXT_GIC_ID_EXTINT9,
- EXT_GIC_ID_EXTINT10,
- EXT_GIC_ID_EXTINT11,
- EXT_GIC_ID_EXTINT12,
- EXT_GIC_ID_EXTINT13,
- EXT_GIC_ID_EXTINT14,
- EXT_GIC_ID_EXTINT15
-};
-
-/*
- * External GIC sources which are not from External Interrupt Combiner or
- * External Interrupts are starting from EXYNOS4210_MAX_EXT_COMBINER_OUT_IRQ,
- * which is INTG16 in Internal Interrupt Combiner.
- */
-
-static uint32_t
-combiner_grp_to_gic_id[64-EXYNOS4210_MAX_EXT_COMBINER_OUT_IRQ][8] = {
- /* int combiner groups 16-19 */
- { }, { }, { }, { },
- /* int combiner group 20 */
- { 0, EXT_GIC_ID_MDMA_LCD0 },
- /* int combiner group 21 */
- { EXT_GIC_ID_PDMA0, EXT_GIC_ID_PDMA1 },
- /* int combiner group 22 */
- { EXT_GIC_ID_TIMER0, EXT_GIC_ID_TIMER1, EXT_GIC_ID_TIMER2,
- EXT_GIC_ID_TIMER3, EXT_GIC_ID_TIMER4 },
- /* int combiner group 23 */
- { EXT_GIC_ID_RTC_ALARM, EXT_GIC_ID_RTC_TIC },
- /* int combiner group 24 */
- { EXT_GIC_ID_GPIO_XB, EXT_GIC_ID_GPIO_XA },
- /* int combiner group 25 */
- { EXT_GIC_ID_IEM_APC, EXT_GIC_ID_IEM_IEC },
- /* int combiner group 26 */
- { EXT_GIC_ID_UART0, EXT_GIC_ID_UART1, EXT_GIC_ID_UART2, EXT_GIC_ID_UART3,
- EXT_GIC_ID_UART4 },
- /* int combiner group 27 */
- { EXT_GIC_ID_I2C0, EXT_GIC_ID_I2C1, EXT_GIC_ID_I2C2, EXT_GIC_ID_I2C3,
- EXT_GIC_ID_I2C4, EXT_GIC_ID_I2C5, EXT_GIC_ID_I2C6,
- EXT_GIC_ID_I2C7 },
- /* int combiner group 28 */
- { EXT_GIC_ID_SPI0, EXT_GIC_ID_SPI1, EXT_GIC_ID_SPI2 },
- /* int combiner group 29 */
- { EXT_GIC_ID_HSMMC0, EXT_GIC_ID_HSMMC1, EXT_GIC_ID_HSMMC2,
- EXT_GIC_ID_HSMMC3, EXT_GIC_ID_SDMMC },
- /* int combiner group 30 */
- { EXT_GIC_ID_MIPI_CSI_4LANE, EXT_GIC_ID_MIPI_CSI_2LANE },
- /* int combiner group 31 */
- { EXT_GIC_ID_MIPI_DSI_4LANE, EXT_GIC_ID_MIPI_DSI_2LANE },
- /* int combiner group 32 */
- { EXT_GIC_ID_FIMC0, EXT_GIC_ID_FIMC1 },
- /* int combiner group 33 */
- { EXT_GIC_ID_FIMC2, EXT_GIC_ID_FIMC3 },
- /* int combiner group 34 */
- { EXT_GIC_ID_ONENAND_AUDI, EXT_GIC_ID_NFC },
- /* int combiner group 35 */
- { 0, 0, 0, EXT_GIC_ID_MCT_L1, EXT_GIC_ID_MCT_G0, EXT_GIC_ID_MCT_G1 },
- /* int combiner group 36 */
- { EXT_GIC_ID_MIXER },
- /* int combiner group 37 */
- { EXT_GIC_ID_EXTINT4, EXT_GIC_ID_EXTINT5, EXT_GIC_ID_EXTINT6,
- EXT_GIC_ID_EXTINT7 },
- /* groups 38-50 */
- { }, { }, { }, { }, { }, { }, { }, { }, { }, { }, { }, { }, { },
- /* int combiner group 51 */
- { EXT_GIC_ID_MCT_L0, 0, 0, 0, EXT_GIC_ID_MCT_G0, EXT_GIC_ID_MCT_G1 },
- /* group 52 */
- { },
- /* int combiner group 53 */
- { EXT_GIC_ID_WDT, 0, 0, 0, EXT_GIC_ID_MCT_G0, EXT_GIC_ID_MCT_G1 },
- /* groups 54-63 */
- { }, { }, { }, { }, { }, { }, { }, { }, { }, { }
-};
-
-#define EXYNOS4210_GIC_NIRQ 160
-
-#define EXYNOS4210_EXT_GIC_CPU_REGION_SIZE 0x10000
-#define EXYNOS4210_EXT_GIC_DIST_REGION_SIZE 0x10000
-
-#define EXYNOS4210_EXT_GIC_PER_CPU_OFFSET 0x8000
-#define EXYNOS4210_EXT_GIC_CPU_GET_OFFSET(n) \
- ((n) * EXYNOS4210_EXT_GIC_PER_CPU_OFFSET)
-#define EXYNOS4210_EXT_GIC_DIST_GET_OFFSET(n) \
- ((n) * EXYNOS4210_EXT_GIC_PER_CPU_OFFSET)
-
-#define EXYNOS4210_GIC_CPU_REGION_SIZE 0x100
-#define EXYNOS4210_GIC_DIST_REGION_SIZE 0x1000
-
-static void exynos4210_irq_handler(void *opaque, int irq, int level)
-{
- Exynos4210Irq *s = (Exynos4210Irq *)opaque;
-
- /* Bypass */
- qemu_set_irq(s->board_irqs[irq], level);
-}
-
-/*
- * Initialize exynos4210 IRQ subsystem stub.
- */
-qemu_irq *exynos4210_init_irq(Exynos4210Irq *s)
-{
- return qemu_allocate_irqs(exynos4210_irq_handler, s,
- EXYNOS4210_MAX_INT_COMBINER_IN_IRQ);
-}
-
-/*
- * Initialize board IRQs.
- * These IRQs contain splitted Int/External Combiner and External Gic IRQs.
- */
-void exynos4210_init_board_irqs(Exynos4210Irq *s)
-{
- uint32_t grp, bit, irq_id, n;
-
- for (n = 0; n < EXYNOS4210_MAX_EXT_COMBINER_IN_IRQ; n++) {
- s->board_irqs[n] = qemu_irq_split(s->int_combiner_irq[n],
- s->ext_combiner_irq[n]);
-
- irq_id = 0;
- if (n == EXYNOS4210_COMBINER_GET_IRQ_NUM(1, 4) ||
- n == EXYNOS4210_COMBINER_GET_IRQ_NUM(12, 4)) {
- /* MCT_G0 is passed to External GIC */
- irq_id = EXT_GIC_ID_MCT_G0;
- }
- if (n == EXYNOS4210_COMBINER_GET_IRQ_NUM(1, 5) ||
- n == EXYNOS4210_COMBINER_GET_IRQ_NUM(12, 5)) {
- /* MCT_G1 is passed to External and GIC */
- irq_id = EXT_GIC_ID_MCT_G1;
- }
- if (irq_id) {
- s->board_irqs[n] = qemu_irq_split(s->int_combiner_irq[n],
- s->ext_gic_irq[irq_id-32]);
- }
-
- }
- for (; n < EXYNOS4210_MAX_INT_COMBINER_IN_IRQ; n++) {
- /* these IDs are passed to Internal Combiner and External GIC */
- grp = EXYNOS4210_COMBINER_GET_GRP_NUM(n);
- bit = EXYNOS4210_COMBINER_GET_BIT_NUM(n);
- irq_id = combiner_grp_to_gic_id[grp -
- EXYNOS4210_MAX_EXT_COMBINER_OUT_IRQ][bit];
-
- if (irq_id) {
- s->board_irqs[n] = qemu_irq_split(s->int_combiner_irq[n],
- s->ext_gic_irq[irq_id-32]);
- }
- }
-}
-
-/*
- * Get IRQ number from exynos4210 IRQ subsystem stub.
- * To identify IRQ source use internal combiner group and bit number
- * grp - group number
- * bit - bit number inside group
- */
-uint32_t exynos4210_get_irq(uint32_t grp, uint32_t bit)
-{
- return EXYNOS4210_COMBINER_GET_IRQ_NUM(grp, bit);
-}
-
-/********* GIC part *********/
-
-typedef struct {
- SysBusDevice busdev;
- MemoryRegion cpu_container;
- MemoryRegion dist_container;
- MemoryRegion cpu_alias[EXYNOS4210_NCPUS];
- MemoryRegion dist_alias[EXYNOS4210_NCPUS];
- uint32_t num_cpu;
- DeviceState *gic;
-} Exynos4210GicState;
-
-static void exynos4210_gic_set_irq(void *opaque, int irq, int level)
-{
- Exynos4210GicState *s = (Exynos4210GicState *)opaque;
- qemu_set_irq(qdev_get_gpio_in(s->gic, irq), level);
-}
-
-static int exynos4210_gic_init(SysBusDevice *dev)
-{
- Exynos4210GicState *s = FROM_SYSBUS(Exynos4210GicState, dev);
- uint32_t i;
- const char cpu_prefix[] = "exynos4210-gic-alias_cpu";
- const char dist_prefix[] = "exynos4210-gic-alias_dist";
- char cpu_alias_name[sizeof(cpu_prefix) + 3];
- char dist_alias_name[sizeof(cpu_prefix) + 3];
- SysBusDevice *busdev;
-
- s->gic = qdev_create(NULL, "arm_gic");
- qdev_prop_set_uint32(s->gic, "num-cpu", s->num_cpu);
- qdev_prop_set_uint32(s->gic, "num-irq", EXYNOS4210_GIC_NIRQ);
- qdev_init_nofail(s->gic);
- busdev = sysbus_from_qdev(s->gic);
-
- /* Pass through outbound IRQ lines from the GIC */
- sysbus_pass_irq(dev, busdev);
-
- /* Pass through inbound GPIO lines to the GIC */
- qdev_init_gpio_in(&s->busdev.qdev, exynos4210_gic_set_irq,
- EXYNOS4210_GIC_NIRQ - 32);
-
- memory_region_init(&s->cpu_container, "exynos4210-cpu-container",
- EXYNOS4210_EXT_GIC_CPU_REGION_SIZE);
- memory_region_init(&s->dist_container, "exynos4210-dist-container",
- EXYNOS4210_EXT_GIC_DIST_REGION_SIZE);
-
- for (i = 0; i < s->num_cpu; i++) {
- /* Map CPU interface per SMP Core */
- sprintf(cpu_alias_name, "%s%x", cpu_prefix, i);
- memory_region_init_alias(&s->cpu_alias[i],
- cpu_alias_name,
- sysbus_mmio_get_region(busdev, 1),
- 0,
- EXYNOS4210_GIC_CPU_REGION_SIZE);
- memory_region_add_subregion(&s->cpu_container,
- EXYNOS4210_EXT_GIC_CPU_GET_OFFSET(i), &s->cpu_alias[i]);
-
- /* Map Distributor per SMP Core */
- sprintf(dist_alias_name, "%s%x", dist_prefix, i);
- memory_region_init_alias(&s->dist_alias[i],
- dist_alias_name,
- sysbus_mmio_get_region(busdev, 0),
- 0,
- EXYNOS4210_GIC_DIST_REGION_SIZE);
- memory_region_add_subregion(&s->dist_container,
- EXYNOS4210_EXT_GIC_DIST_GET_OFFSET(i), &s->dist_alias[i]);
- }
-
- sysbus_init_mmio(dev, &s->cpu_container);
- sysbus_init_mmio(dev, &s->dist_container);
-
- return 0;
-}
-
-static Property exynos4210_gic_properties[] = {
- DEFINE_PROP_UINT32("num-cpu", Exynos4210GicState, num_cpu, 1),
- DEFINE_PROP_END_OF_LIST(),
-};
-
-static void exynos4210_gic_class_init(ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS(klass);
- SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
-
- k->init = exynos4210_gic_init;
- dc->props = exynos4210_gic_properties;
-}
-
-static TypeInfo exynos4210_gic_info = {
- .name = "exynos4210.gic",
- .parent = TYPE_SYS_BUS_DEVICE,
- .instance_size = sizeof(Exynos4210GicState),
- .class_init = exynos4210_gic_class_init,
-};
-
-static void exynos4210_gic_register_types(void)
-{
- type_register_static(&exynos4210_gic_info);
-}
-
-type_init(exynos4210_gic_register_types)
-
-/* IRQ OR Gate struct.
- *
- * This device models an OR gate. There are n_in input qdev gpio lines and one
- * output sysbus IRQ line. The output IRQ level is formed as OR between all
- * gpio inputs.
- */
-typedef struct {
- SysBusDevice busdev;
-
- uint32_t n_in; /* inputs amount */
- uint32_t *level; /* input levels */
- qemu_irq out; /* output IRQ */
-} Exynos4210IRQGateState;
-
-static Property exynos4210_irq_gate_properties[] = {
- DEFINE_PROP_UINT32("n_in", Exynos4210IRQGateState, n_in, 1),
- DEFINE_PROP_END_OF_LIST(),
-};
-
-static const VMStateDescription vmstate_exynos4210_irq_gate = {
- .name = "exynos4210.irq_gate",
- .version_id = 2,
- .minimum_version_id = 2,
- .minimum_version_id_old = 2,
- .fields = (VMStateField[]) {
- VMSTATE_VBUFFER_UINT32(level, Exynos4210IRQGateState, 1, NULL, 0, n_in),
- VMSTATE_END_OF_LIST()
- }
-};
-
-/* Process a change in IRQ input. */
-static void exynos4210_irq_gate_handler(void *opaque, int irq, int level)
-{
- Exynos4210IRQGateState *s = (Exynos4210IRQGateState *)opaque;
- uint32_t i;
-
- assert(irq < s->n_in);
-
- s->level[irq] = level;
-
- for (i = 0; i < s->n_in; i++) {
- if (s->level[i] >= 1) {
- qemu_irq_raise(s->out);
- return;
- }
- }
-
- qemu_irq_lower(s->out);
-}
-
-static void exynos4210_irq_gate_reset(DeviceState *d)
-{
- Exynos4210IRQGateState *s =
- DO_UPCAST(Exynos4210IRQGateState, busdev.qdev, d);
-
- memset(s->level, 0, s->n_in * sizeof(*s->level));
-}
-
-/*
- * IRQ Gate initialization.
- */
-static int exynos4210_irq_gate_init(SysBusDevice *dev)
-{
- Exynos4210IRQGateState *s = FROM_SYSBUS(Exynos4210IRQGateState, dev);
-
- /* Allocate general purpose input signals and connect a handler to each of
- * them */
- qdev_init_gpio_in(&s->busdev.qdev, exynos4210_irq_gate_handler, s->n_in);
-
- s->level = g_malloc0(s->n_in * sizeof(*s->level));
-
- sysbus_init_irq(dev, &s->out);
-
- return 0;
-}
-
-static void exynos4210_irq_gate_class_init(ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS(klass);
- SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
-
- k->init = exynos4210_irq_gate_init;
- dc->reset = exynos4210_irq_gate_reset;
- dc->vmsd = &vmstate_exynos4210_irq_gate;
- dc->props = exynos4210_irq_gate_properties;
-}
-
-static TypeInfo exynos4210_irq_gate_info = {
- .name = "exynos4210.irq_gate",
- .parent = TYPE_SYS_BUS_DEVICE,
- .instance_size = sizeof(Exynos4210IRQGateState),
- .class_init = exynos4210_irq_gate_class_init,
-};
-
-static void exynos4210_irq_gate_register_types(void)
-{
- type_register_static(&exynos4210_irq_gate_info);
-}
-
-type_init(exynos4210_irq_gate_register_types)
diff --git a/hw/exynos4210_i2c.c b/hw/exynos4210_i2c.c
deleted file mode 100644
index 1e11d9b48..000000000
--- a/hw/exynos4210_i2c.c
+++ /dev/null
@@ -1,334 +0,0 @@
-/*
- * Exynos4210 I2C Bus Serial Interface Emulation
- *
- * Copyright (C) 2012 Samsung Electronics Co Ltd.
- * Maksim Kozlov, <m.kozlov@samsung.com>
- * Igor Mitsyanko, <i.mitsyanko@samsung.com>
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- *
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, see <http://www.gnu.org/licenses/>.
- *
- */
-
-#include "qemu-timer.h"
-#include "sysbus.h"
-#include "i2c.h"
-
-#ifndef EXYNOS4_I2C_DEBUG
-#define EXYNOS4_I2C_DEBUG 0
-#endif
-
-#define TYPE_EXYNOS4_I2C "exynos4210.i2c"
-#define EXYNOS4_I2C(obj) \
- OBJECT_CHECK(Exynos4210I2CState, (obj), TYPE_EXYNOS4_I2C)
-
-/* Exynos4210 I2C memory map */
-#define EXYNOS4_I2C_MEM_SIZE 0x14
-#define I2CCON_ADDR 0x00 /* control register */
-#define I2CSTAT_ADDR 0x04 /* control/status register */
-#define I2CADD_ADDR 0x08 /* address register */
-#define I2CDS_ADDR 0x0c /* data shift register */
-#define I2CLC_ADDR 0x10 /* line control register */
-
-#define I2CCON_ACK_GEN (1 << 7)
-#define I2CCON_INTRS_EN (1 << 5)
-#define I2CCON_INT_PEND (1 << 4)
-
-#define EXYNOS4_I2C_MODE(reg) (((reg) >> 6) & 3)
-#define I2C_IN_MASTER_MODE(reg) (((reg) >> 6) & 2)
-#define I2CMODE_MASTER_Rx 0x2
-#define I2CMODE_MASTER_Tx 0x3
-#define I2CSTAT_LAST_BIT (1 << 0)
-#define I2CSTAT_OUTPUT_EN (1 << 4)
-#define I2CSTAT_START_BUSY (1 << 5)
-
-
-#if EXYNOS4_I2C_DEBUG
-#define DPRINT(fmt, args...) \
- do { fprintf(stderr, "QEMU I2C: "fmt, ## args); } while (0)
-
-static const char *exynos4_i2c_get_regname(unsigned offset)
-{
- switch (offset) {
- case I2CCON_ADDR:
- return "I2CCON";
- case I2CSTAT_ADDR:
- return "I2CSTAT";
- case I2CADD_ADDR:
- return "I2CADD";
- case I2CDS_ADDR:
- return "I2CDS";
- case I2CLC_ADDR:
- return "I2CLC";
- default:
- return "[?]";
- }
-}
-
-#else
-#define DPRINT(fmt, args...) do { } while (0)
-#endif
-
-typedef struct Exynos4210I2CState {
- SysBusDevice busdev;
- MemoryRegion iomem;
- i2c_bus *bus;
- qemu_irq irq;
-
- uint8_t i2ccon;
- uint8_t i2cstat;
- uint8_t i2cadd;
- uint8_t i2cds;
- uint8_t i2clc;
- bool scl_free;
-} Exynos4210I2CState;
-
-static inline void exynos4210_i2c_raise_interrupt(Exynos4210I2CState *s)
-{
- if (s->i2ccon & I2CCON_INTRS_EN) {
- s->i2ccon |= I2CCON_INT_PEND;
- qemu_irq_raise(s->irq);
- }
-}
-
-static void exynos4210_i2c_data_receive(void *opaque)
-{
- Exynos4210I2CState *s = (Exynos4210I2CState *)opaque;
- int ret;
-
- s->i2cstat &= ~I2CSTAT_LAST_BIT;
- s->scl_free = false;
- ret = i2c_recv(s->bus);
- if (ret < 0 && (s->i2ccon & I2CCON_ACK_GEN)) {
- s->i2cstat |= I2CSTAT_LAST_BIT; /* Data is not acknowledged */
- } else {
- s->i2cds = ret;
- }
- exynos4210_i2c_raise_interrupt(s);
-}
-
-static void exynos4210_i2c_data_send(void *opaque)
-{
- Exynos4210I2CState *s = (Exynos4210I2CState *)opaque;
-
- s->i2cstat &= ~I2CSTAT_LAST_BIT;
- s->scl_free = false;
- if (i2c_send(s->bus, s->i2cds) < 0 && (s->i2ccon & I2CCON_ACK_GEN)) {
- s->i2cstat |= I2CSTAT_LAST_BIT;
- }
- exynos4210_i2c_raise_interrupt(s);
-}
-
-static uint64_t exynos4210_i2c_read(void *opaque, hwaddr offset,
- unsigned size)
-{
- Exynos4210I2CState *s = (Exynos4210I2CState *)opaque;
- uint8_t value;
-
- switch (offset) {
- case I2CCON_ADDR:
- value = s->i2ccon;
- break;
- case I2CSTAT_ADDR:
- value = s->i2cstat;
- break;
- case I2CADD_ADDR:
- value = s->i2cadd;
- break;
- case I2CDS_ADDR:
- value = s->i2cds;
- s->scl_free = true;
- if (EXYNOS4_I2C_MODE(s->i2cstat) == I2CMODE_MASTER_Rx &&
- (s->i2cstat & I2CSTAT_START_BUSY) &&
- !(s->i2ccon & I2CCON_INT_PEND)) {
- exynos4210_i2c_data_receive(s);
- }
- break;
- case I2CLC_ADDR:
- value = s->i2clc;
- break;
- default:
- value = 0;
- DPRINT("ERROR: Bad read offset 0x%x\n", (unsigned int)offset);
- break;
- }
-
- DPRINT("read %s [0x%02x] -> 0x%02x\n", exynos4_i2c_get_regname(offset),
- (unsigned int)offset, value);
- return value;
-}
-
-static void exynos4210_i2c_write(void *opaque, hwaddr offset,
- uint64_t value, unsigned size)
-{
- Exynos4210I2CState *s = (Exynos4210I2CState *)opaque;
- uint8_t v = value & 0xff;
-
- DPRINT("write %s [0x%02x] <- 0x%02x\n", exynos4_i2c_get_regname(offset),
- (unsigned int)offset, v);
-
- switch (offset) {
- case I2CCON_ADDR:
- s->i2ccon = (v & ~I2CCON_INT_PEND) | (s->i2ccon & I2CCON_INT_PEND);
- if ((s->i2ccon & I2CCON_INT_PEND) && !(v & I2CCON_INT_PEND)) {
- s->i2ccon &= ~I2CCON_INT_PEND;
- qemu_irq_lower(s->irq);
- if (!(s->i2ccon & I2CCON_INTRS_EN)) {
- s->i2cstat &= ~I2CSTAT_START_BUSY;
- }
-
- if (s->i2cstat & I2CSTAT_START_BUSY) {
- if (s->scl_free) {
- if (EXYNOS4_I2C_MODE(s->i2cstat) == I2CMODE_MASTER_Tx) {
- exynos4210_i2c_data_send(s);
- } else if (EXYNOS4_I2C_MODE(s->i2cstat) ==
- I2CMODE_MASTER_Rx) {
- exynos4210_i2c_data_receive(s);
- }
- } else {
- s->i2ccon |= I2CCON_INT_PEND;
- qemu_irq_raise(s->irq);
- }
- }
- }
- break;
- case I2CSTAT_ADDR:
- s->i2cstat =
- (s->i2cstat & I2CSTAT_START_BUSY) | (v & ~I2CSTAT_START_BUSY);
-
- if (!(s->i2cstat & I2CSTAT_OUTPUT_EN)) {
- s->i2cstat &= ~I2CSTAT_START_BUSY;
- s->scl_free = true;
- qemu_irq_lower(s->irq);
- break;
- }
-
- /* Nothing to do if in i2c slave mode */
- if (!I2C_IN_MASTER_MODE(s->i2cstat)) {
- break;
- }
-
- if (v & I2CSTAT_START_BUSY) {
- s->i2cstat &= ~I2CSTAT_LAST_BIT;
- s->i2cstat |= I2CSTAT_START_BUSY; /* Line is busy */
- s->scl_free = false;
-
- /* Generate start bit and send slave address */
- if (i2c_start_transfer(s->bus, s->i2cds >> 1, s->i2cds & 0x1) &&
- (s->i2ccon & I2CCON_ACK_GEN)) {
- s->i2cstat |= I2CSTAT_LAST_BIT;
- } else if (EXYNOS4_I2C_MODE(s->i2cstat) == I2CMODE_MASTER_Rx) {
- exynos4210_i2c_data_receive(s);
- }
- exynos4210_i2c_raise_interrupt(s);
- } else {
- i2c_end_transfer(s->bus);
- if (!(s->i2ccon & I2CCON_INT_PEND)) {
- s->i2cstat &= ~I2CSTAT_START_BUSY;
- }
- s->scl_free = true;
- }
- break;
- case I2CADD_ADDR:
- if ((s->i2cstat & I2CSTAT_OUTPUT_EN) == 0) {
- s->i2cadd = v;
- }
- break;
- case I2CDS_ADDR:
- if (s->i2cstat & I2CSTAT_OUTPUT_EN) {
- s->i2cds = v;
- s->scl_free = true;
- if (EXYNOS4_I2C_MODE(s->i2cstat) == I2CMODE_MASTER_Tx &&
- (s->i2cstat & I2CSTAT_START_BUSY) &&
- !(s->i2ccon & I2CCON_INT_PEND)) {
- exynos4210_i2c_data_send(s);
- }
- }
- break;
- case I2CLC_ADDR:
- s->i2clc = v;
- break;
- default:
- DPRINT("ERROR: Bad write offset 0x%x\n", (unsigned int)offset);
- break;
- }
-}
-
-static const MemoryRegionOps exynos4210_i2c_ops = {
- .read = exynos4210_i2c_read,
- .write = exynos4210_i2c_write,
- .endianness = DEVICE_NATIVE_ENDIAN,
-};
-
-static const VMStateDescription exynos4210_i2c_vmstate = {
- .name = TYPE_EXYNOS4_I2C,
- .version_id = 1,
- .minimum_version_id = 1,
- .fields = (VMStateField[]) {
- VMSTATE_UINT8(i2ccon, Exynos4210I2CState),
- VMSTATE_UINT8(i2cstat, Exynos4210I2CState),
- VMSTATE_UINT8(i2cds, Exynos4210I2CState),
- VMSTATE_UINT8(i2cadd, Exynos4210I2CState),
- VMSTATE_UINT8(i2clc, Exynos4210I2CState),
- VMSTATE_BOOL(scl_free, Exynos4210I2CState),
- VMSTATE_END_OF_LIST()
- }
-};
-
-static void exynos4210_i2c_reset(DeviceState *d)
-{
- Exynos4210I2CState *s = EXYNOS4_I2C(d);
-
- s->i2ccon = 0x00;
- s->i2cstat = 0x00;
- s->i2cds = 0xFF;
- s->i2clc = 0x00;
- s->i2cadd = 0xFF;
- s->scl_free = true;
-}
-
-static int exynos4210_i2c_realize(SysBusDevice *dev)
-{
- Exynos4210I2CState *s = EXYNOS4_I2C(dev);
-
- memory_region_init_io(&s->iomem, &exynos4210_i2c_ops, s, TYPE_EXYNOS4_I2C,
- EXYNOS4_I2C_MEM_SIZE);
- sysbus_init_mmio(dev, &s->iomem);
- sysbus_init_irq(dev, &s->irq);
- s->bus = i2c_init_bus(&dev->qdev, "i2c");
- return 0;
-}
-
-static void exynos4210_i2c_class_init(ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS(klass);
- SysBusDeviceClass *sbdc = SYS_BUS_DEVICE_CLASS(klass);
-
- dc->vmsd = &exynos4210_i2c_vmstate;
- dc->reset = exynos4210_i2c_reset;
- sbdc->init = exynos4210_i2c_realize;
-}
-
-static const TypeInfo exynos4210_i2c_type_info = {
- .name = TYPE_EXYNOS4_I2C,
- .parent = TYPE_SYS_BUS_DEVICE,
- .instance_size = sizeof(Exynos4210I2CState),
- .class_init = exynos4210_i2c_class_init,
-};
-
-static void exynos4210_i2c_register_types(void)
-{
- type_register_static(&exynos4210_i2c_type_info);
-}
-
-type_init(exynos4210_i2c_register_types)
diff --git a/hw/exynos4210_mct.c b/hw/exynos4210_mct.c
deleted file mode 100644
index e79cd6ac0..000000000
--- a/hw/exynos4210_mct.c
+++ /dev/null
@@ -1,1482 +0,0 @@
-/*
- * Samsung exynos4210 Multi Core timer
- *
- * Copyright (c) 2000 - 2011 Samsung Electronics Co., Ltd.
- * All rights reserved.
- *
- * Evgeny Voevodin <e.voevodin@samsung.com>
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
- * See the GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, see <http://www.gnu.org/licenses/>.
- */
-
-/*
- * Global Timer:
- *
- * Consists of two timers. First represents Free Running Counter and second
- * is used to measure interval from FRC to nearest comparator.
- *
- * 0 UINT64_MAX
- * | timer0 |
- * | <-------------------------------------------------------------- |
- * | --------------------------------------------frc---------------> |
- * |______________________________________________|__________________|
- * CMP0 CMP1 CMP2 | CMP3
- * __| |_
- * | timer1 |
- * | -------------> |
- * frc CMPx
- *
- * Problem: when implementing global timer as is, overflow arises.
- * next_time = cur_time + period * count;
- * period and count are 64 bits width.
- * Lets arm timer for MCT_GT_COUNTER_STEP count and update internal G_CNT
- * register during each event.
- *
- * Problem: both timers need to be implemented using MCT_XT_COUNTER_STEP because
- * local timer contains two counters: TCNT and ICNT. TCNT == 0 -> ICNT--.
- * IRQ is generated when ICNT riches zero. Implementation where TCNT == 0
- * generates IRQs suffers from too frequently events. Better to have one
- * uint64_t counter equal to TCNT*ICNT and arm ptimer.c for a minimum(TCNT*ICNT,
- * MCT_GT_COUNTER_STEP); (yes, if target tunes ICNT * TCNT to be too low values,
- * there is no way to avoid frequently events).
- */
-
-#include "sysbus.h"
-#include "qemu-timer.h"
-#include "qemu-common.h"
-#include "ptimer.h"
-
-#include "exynos4210.h"
-
-//#define DEBUG_MCT
-
-#ifdef DEBUG_MCT
-#define DPRINTF(fmt, ...) \
- do { fprintf(stdout, "MCT: [%24s:%5d] " fmt, __func__, __LINE__, \
- ## __VA_ARGS__); } while (0)
-#else
-#define DPRINTF(fmt, ...) do {} while (0)
-#endif
-
-#define MCT_CFG 0x000
-#define G_CNT_L 0x100
-#define G_CNT_U 0x104
-#define G_CNT_WSTAT 0x110
-#define G_COMP0_L 0x200
-#define G_COMP0_U 0x204
-#define G_COMP0_ADD_INCR 0x208
-#define G_COMP1_L 0x210
-#define G_COMP1_U 0x214
-#define G_COMP1_ADD_INCR 0x218
-#define G_COMP2_L 0x220
-#define G_COMP2_U 0x224
-#define G_COMP2_ADD_INCR 0x228
-#define G_COMP3_L 0x230
-#define G_COMP3_U 0x234
-#define G_COMP3_ADD_INCR 0x238
-#define G_TCON 0x240
-#define G_INT_CSTAT 0x244
-#define G_INT_ENB 0x248
-#define G_WSTAT 0x24C
-#define L0_TCNTB 0x300
-#define L0_TCNTO 0x304
-#define L0_ICNTB 0x308
-#define L0_ICNTO 0x30C
-#define L0_FRCNTB 0x310
-#define L0_FRCNTO 0x314
-#define L0_TCON 0x320
-#define L0_INT_CSTAT 0x330
-#define L0_INT_ENB 0x334
-#define L0_WSTAT 0x340
-#define L1_TCNTB 0x400
-#define L1_TCNTO 0x404
-#define L1_ICNTB 0x408
-#define L1_ICNTO 0x40C
-#define L1_FRCNTB 0x410
-#define L1_FRCNTO 0x414
-#define L1_TCON 0x420
-#define L1_INT_CSTAT 0x430
-#define L1_INT_ENB 0x434
-#define L1_WSTAT 0x440
-
-#define MCT_CFG_GET_PRESCALER(x) ((x) & 0xFF)
-#define MCT_CFG_GET_DIVIDER(x) (1 << ((x) >> 8 & 7))
-
-#define GET_G_COMP_IDX(offset) (((offset) - G_COMP0_L) / 0x10)
-#define GET_G_COMP_ADD_INCR_IDX(offset) (((offset) - G_COMP0_ADD_INCR) / 0x10)
-
-#define G_COMP_L(x) (G_COMP0_L + (x) * 0x10)
-#define G_COMP_U(x) (G_COMP0_U + (x) * 0x10)
-
-#define G_COMP_ADD_INCR(x) (G_COMP0_ADD_INCR + (x) * 0x10)
-
-/* MCT bits */
-#define G_TCON_COMP_ENABLE(x) (1 << 2 * (x))
-#define G_TCON_AUTO_ICREMENT(x) (1 << (2 * (x) + 1))
-#define G_TCON_TIMER_ENABLE (1 << 8)
-
-#define G_INT_ENABLE(x) (1 << (x))
-#define G_INT_CSTAT_COMP(x) (1 << (x))
-
-#define G_CNT_WSTAT_L 1
-#define G_CNT_WSTAT_U 2
-
-#define G_WSTAT_COMP_L(x) (1 << 4 * (x))
-#define G_WSTAT_COMP_U(x) (1 << ((4 * (x)) + 1))
-#define G_WSTAT_COMP_ADDINCR(x) (1 << ((4 * (x)) + 2))
-#define G_WSTAT_TCON_WRITE (1 << 16)
-
-#define GET_L_TIMER_IDX(offset) ((((offset) & 0xF00) - L0_TCNTB) / 0x100)
-#define GET_L_TIMER_CNT_REG_IDX(offset, lt_i) \
- (((offset) - (L0_TCNTB + 0x100 * (lt_i))) >> 2)
-
-#define L_ICNTB_MANUAL_UPDATE (1 << 31)
-
-#define L_TCON_TICK_START (1)
-#define L_TCON_INT_START (1 << 1)
-#define L_TCON_INTERVAL_MODE (1 << 2)
-#define L_TCON_FRC_START (1 << 3)
-
-#define L_INT_CSTAT_INTCNT (1 << 0)
-#define L_INT_CSTAT_FRCCNT (1 << 1)
-
-#define L_INT_INTENB_ICNTEIE (1 << 0)
-#define L_INT_INTENB_FRCEIE (1 << 1)
-
-#define L_WSTAT_TCNTB_WRITE (1 << 0)
-#define L_WSTAT_ICNTB_WRITE (1 << 1)
-#define L_WSTAT_FRCCNTB_WRITE (1 << 2)
-#define L_WSTAT_TCON_WRITE (1 << 3)
-
-enum LocalTimerRegCntIndexes {
- L_REG_CNT_TCNTB,
- L_REG_CNT_TCNTO,
- L_REG_CNT_ICNTB,
- L_REG_CNT_ICNTO,
- L_REG_CNT_FRCCNTB,
- L_REG_CNT_FRCCNTO,
-
- L_REG_CNT_AMOUNT
-};
-
-#define MCT_NIRQ 6
-#define MCT_SFR_SIZE 0x444
-
-#define MCT_GT_CMP_NUM 4
-
-#define MCT_GT_MAX_VAL UINT64_MAX
-
-#define MCT_GT_COUNTER_STEP 0x100000000ULL
-#define MCT_LT_COUNTER_STEP 0x100000000ULL
-#define MCT_LT_CNT_LOW_LIMIT 0x100
-
-/* global timer */
-typedef struct {
- qemu_irq irq[MCT_GT_CMP_NUM];
-
- struct gregs {
- uint64_t cnt;
- uint32_t cnt_wstat;
- uint32_t tcon;
- uint32_t int_cstat;
- uint32_t int_enb;
- uint32_t wstat;
- uint64_t comp[MCT_GT_CMP_NUM];
- uint32_t comp_add_incr[MCT_GT_CMP_NUM];
- } reg;
-
- uint64_t count; /* Value FRC was armed with */
- int32_t curr_comp; /* Current comparator FRC is running to */
-
- ptimer_state *ptimer_frc; /* FRC timer */
-
-} Exynos4210MCTGT;
-
-/* local timer */
-typedef struct {
- int id; /* timer id */
- qemu_irq irq; /* local timer irq */
-
- struct tick_timer {
- uint32_t cnt_run; /* cnt timer is running */
- uint32_t int_run; /* int timer is running */
-
- uint32_t last_icnto;
- uint32_t last_tcnto;
- uint32_t tcntb; /* initial value for TCNTB */
- uint32_t icntb; /* initial value for ICNTB */
-
- /* for step mode */
- uint64_t distance; /* distance to count to the next event */
- uint64_t progress; /* progress when counting by steps */
- uint64_t count; /* count to arm timer with */
-
- ptimer_state *ptimer_tick; /* timer for tick counter */
- } tick_timer;
-
- /* use ptimer.c to represent count down timer */
-
- ptimer_state *ptimer_frc; /* timer for free running counter */
-
- /* registers */
- struct lregs {
- uint32_t cnt[L_REG_CNT_AMOUNT];
- uint32_t tcon;
- uint32_t int_cstat;
- uint32_t int_enb;
- uint32_t wstat;
- } reg;
-
-} Exynos4210MCTLT;
-
-typedef struct Exynos4210MCTState {
- SysBusDevice busdev;
- MemoryRegion iomem;
-
- /* Registers */
- uint32_t reg_mct_cfg;
-
- Exynos4210MCTLT l_timer[2];
- Exynos4210MCTGT g_timer;
-
- uint32_t freq; /* all timers tick frequency, TCLK */
-} Exynos4210MCTState;
-
-/*** VMState ***/
-static const VMStateDescription vmstate_tick_timer = {
- .name = "exynos4210.mct.tick_timer",
- .version_id = 1,
- .minimum_version_id = 1,
- .minimum_version_id_old = 1,
- .fields = (VMStateField[]) {
- VMSTATE_UINT32(cnt_run, struct tick_timer),
- VMSTATE_UINT32(int_run, struct tick_timer),
- VMSTATE_UINT32(last_icnto, struct tick_timer),
- VMSTATE_UINT32(last_tcnto, struct tick_timer),
- VMSTATE_UINT32(tcntb, struct tick_timer),
- VMSTATE_UINT32(icntb, struct tick_timer),
- VMSTATE_UINT64(distance, struct tick_timer),
- VMSTATE_UINT64(progress, struct tick_timer),
- VMSTATE_UINT64(count, struct tick_timer),
- VMSTATE_PTIMER(ptimer_tick, struct tick_timer),
- VMSTATE_END_OF_LIST()
- }
-};
-
-static const VMStateDescription vmstate_lregs = {
- .name = "exynos4210.mct.lregs",
- .version_id = 1,
- .minimum_version_id = 1,
- .minimum_version_id_old = 1,
- .fields = (VMStateField[]) {
- VMSTATE_UINT32_ARRAY(cnt, struct lregs, L_REG_CNT_AMOUNT),
- VMSTATE_UINT32(tcon, struct lregs),
- VMSTATE_UINT32(int_cstat, struct lregs),
- VMSTATE_UINT32(int_enb, struct lregs),
- VMSTATE_UINT32(wstat, struct lregs),
- VMSTATE_END_OF_LIST()
- }
-};
-
-static const VMStateDescription vmstate_exynos4210_mct_lt = {
- .name = "exynos4210.mct.lt",
- .version_id = 1,
- .minimum_version_id = 1,
- .minimum_version_id_old = 1,
- .fields = (VMStateField[]) {
- VMSTATE_INT32(id, Exynos4210MCTLT),
- VMSTATE_STRUCT(tick_timer, Exynos4210MCTLT, 0,
- vmstate_tick_timer,
- struct tick_timer),
- VMSTATE_PTIMER(ptimer_frc, Exynos4210MCTLT),
- VMSTATE_STRUCT(reg, Exynos4210MCTLT, 0,
- vmstate_lregs,
- struct lregs),
- VMSTATE_END_OF_LIST()
- }
-};
-
-static const VMStateDescription vmstate_gregs = {
- .name = "exynos4210.mct.lregs",
- .version_id = 1,
- .minimum_version_id = 1,
- .minimum_version_id_old = 1,
- .fields = (VMStateField[]) {
- VMSTATE_UINT64(cnt, struct gregs),
- VMSTATE_UINT32(cnt_wstat, struct gregs),
- VMSTATE_UINT32(tcon, struct gregs),
- VMSTATE_UINT32(int_cstat, struct gregs),
- VMSTATE_UINT32(int_enb, struct gregs),
- VMSTATE_UINT32(wstat, struct gregs),
- VMSTATE_UINT64_ARRAY(comp, struct gregs, MCT_GT_CMP_NUM),
- VMSTATE_UINT32_ARRAY(comp_add_incr, struct gregs,
- MCT_GT_CMP_NUM),
- VMSTATE_END_OF_LIST()
- }
-};
-
-static const VMStateDescription vmstate_exynos4210_mct_gt = {
- .name = "exynos4210.mct.lt",
- .version_id = 1,
- .minimum_version_id = 1,
- .minimum_version_id_old = 1,
- .fields = (VMStateField[]) {
- VMSTATE_STRUCT(reg, Exynos4210MCTGT, 0, vmstate_gregs,
- struct gregs),
- VMSTATE_UINT64(count, Exynos4210MCTGT),
- VMSTATE_INT32(curr_comp, Exynos4210MCTGT),
- VMSTATE_PTIMER(ptimer_frc, Exynos4210MCTGT),
- VMSTATE_END_OF_LIST()
- }
-};
-
-static const VMStateDescription vmstate_exynos4210_mct_state = {
- .name = "exynos4210.mct",
- .version_id = 1,
- .minimum_version_id = 1,
- .minimum_version_id_old = 1,
- .fields = (VMStateField[]) {
- VMSTATE_UINT32(reg_mct_cfg, Exynos4210MCTState),
- VMSTATE_STRUCT_ARRAY(l_timer, Exynos4210MCTState, 2, 0,
- vmstate_exynos4210_mct_lt, Exynos4210MCTLT),
- VMSTATE_STRUCT(g_timer, Exynos4210MCTState, 0,
- vmstate_exynos4210_mct_gt, Exynos4210MCTGT),
- VMSTATE_UINT32(freq, Exynos4210MCTState),
- VMSTATE_END_OF_LIST()
- }
-};
-
-static void exynos4210_mct_update_freq(Exynos4210MCTState *s);
-
-/*
- * Set counter of FRC global timer.
- */
-static void exynos4210_gfrc_set_count(Exynos4210MCTGT *s, uint64_t count)
-{
- s->count = count;
- DPRINTF("global timer frc set count 0x%llx\n", count);
- ptimer_set_count(s->ptimer_frc, count);
-}
-
-/*
- * Get counter of FRC global timer.
- */
-static uint64_t exynos4210_gfrc_get_count(Exynos4210MCTGT *s)
-{
- uint64_t count = 0;
- count = ptimer_get_count(s->ptimer_frc);
- count = s->count - count;
- return s->reg.cnt + count;
-}
-
-/*
- * Stop global FRC timer
- */
-static void exynos4210_gfrc_stop(Exynos4210MCTGT *s)
-{
- DPRINTF("global timer frc stop\n");
-
- ptimer_stop(s->ptimer_frc);
-}
-
-/*
- * Start global FRC timer
- */
-static void exynos4210_gfrc_start(Exynos4210MCTGT *s)
-{
- DPRINTF("global timer frc start\n");
-
- ptimer_run(s->ptimer_frc, 1);
-}
-
-/*
- * Find next nearest Comparator. If current Comparator value equals to other
- * Comparator value, skip them both
- */
-static int32_t exynos4210_gcomp_find(Exynos4210MCTState *s)
-{
- int res;
- int i;
- int enabled;
- uint64_t min;
- int min_comp_i;
- uint64_t gfrc;
- uint64_t distance;
- uint64_t distance_min;
- int comp_i;
-
- /* get gfrc count */
- gfrc = exynos4210_gfrc_get_count(&s->g_timer);
-
- min = UINT64_MAX;
- distance_min = UINT64_MAX;
- comp_i = MCT_GT_CMP_NUM;
- min_comp_i = MCT_GT_CMP_NUM;
- enabled = 0;
-
- /* lookup for nearest comparator */
- for (i = 0; i < MCT_GT_CMP_NUM; i++) {
-
- if (s->g_timer.reg.tcon & G_TCON_COMP_ENABLE(i)) {
-
- enabled = 1;
-
- if (s->g_timer.reg.comp[i] > gfrc) {
- /* Comparator is upper then FRC */
- distance = s->g_timer.reg.comp[i] - gfrc;
-
- if (distance <= distance_min) {
- distance_min = distance;
- comp_i = i;
- }
- } else {
- /* Comparator is below FRC, find the smallest */
-
- if (s->g_timer.reg.comp[i] <= min) {
- min = s->g_timer.reg.comp[i];
- min_comp_i = i;
- }
- }
- }
- }
-
- if (!enabled) {
- /* All Comparators disabled */
- res = -1;
- } else if (comp_i < MCT_GT_CMP_NUM) {
- /* Found upper Comparator */
- res = comp_i;
- } else {
- /* All Comparators are below or equal to FRC */
- res = min_comp_i;
- }
-
- DPRINTF("found comparator %d: comp 0x%llx distance 0x%llx, gfrc 0x%llx\n",
- res,
- s->g_timer.reg.comp[res],
- distance_min,
- gfrc);
-
- return res;
-}
-
-/*
- * Get distance to nearest Comparator
- */
-static uint64_t exynos4210_gcomp_get_distance(Exynos4210MCTState *s, int32_t id)
-{
- if (id == -1) {
- /* no enabled Comparators, choose max distance */
- return MCT_GT_COUNTER_STEP;
- }
- if (s->g_timer.reg.comp[id] - s->g_timer.reg.cnt < MCT_GT_COUNTER_STEP) {
- return s->g_timer.reg.comp[id] - s->g_timer.reg.cnt;
- } else {
- return MCT_GT_COUNTER_STEP;
- }
-}
-
-/*
- * Restart global FRC timer
- */
-static void exynos4210_gfrc_restart(Exynos4210MCTState *s)
-{
- uint64_t distance;
-
- exynos4210_gfrc_stop(&s->g_timer);
-
- s->g_timer.curr_comp = exynos4210_gcomp_find(s);
-
- distance = exynos4210_gcomp_get_distance(s, s->g_timer.curr_comp);
-
- if (distance > MCT_GT_COUNTER_STEP || !distance) {
- distance = MCT_GT_COUNTER_STEP;
- }
-
- exynos4210_gfrc_set_count(&s->g_timer, distance);
- exynos4210_gfrc_start(&s->g_timer);
-}
-
-/*
- * Raise global timer CMP IRQ
- */
-static void exynos4210_gcomp_raise_irq(void *opaque, uint32_t id)
-{
- Exynos4210MCTGT *s = opaque;
-
- /* If CSTAT is pending and IRQ is enabled */
- if ((s->reg.int_cstat & G_INT_CSTAT_COMP(id)) &&
- (s->reg.int_enb & G_INT_ENABLE(id))) {
- DPRINTF("gcmp timer[%d] IRQ\n", id);
- qemu_irq_raise(s->irq[id]);
- }
-}
-
-/*
- * Lower global timer CMP IRQ
- */
-static void exynos4210_gcomp_lower_irq(void *opaque, uint32_t id)
-{
- Exynos4210MCTGT *s = opaque;
- qemu_irq_lower(s->irq[id]);
-}
-
-/*
- * Global timer FRC event handler.
- * Each event occurs when internal counter reaches counter + MCT_GT_COUNTER_STEP
- * Every time we arm global FRC timer to count for MCT_GT_COUNTER_STEP value
- */
-static void exynos4210_gfrc_event(void *opaque)
-{
- Exynos4210MCTState *s = (Exynos4210MCTState *)opaque;
- int i;
- uint64_t distance;
-
- DPRINTF("\n");
-
- s->g_timer.reg.cnt += s->g_timer.count;
-
- /* Process all comparators */
- for (i = 0; i < MCT_GT_CMP_NUM; i++) {
-
- if (s->g_timer.reg.cnt == s->g_timer.reg.comp[i]) {
- /* reached nearest comparator */
-
- s->g_timer.reg.int_cstat |= G_INT_CSTAT_COMP(i);
-
- /* Auto increment */
- if (s->g_timer.reg.tcon & G_TCON_AUTO_ICREMENT(i)) {
- s->g_timer.reg.comp[i] += s->g_timer.reg.comp_add_incr[i];
- }
-
- /* IRQ */
- exynos4210_gcomp_raise_irq(&s->g_timer, i);
- }
- }
-
- /* Reload FRC to reach nearest comparator */
- s->g_timer.curr_comp = exynos4210_gcomp_find(s);
- distance = exynos4210_gcomp_get_distance(s, s->g_timer.curr_comp);
- if (distance > MCT_GT_COUNTER_STEP) {
- distance = MCT_GT_COUNTER_STEP;
- }
- exynos4210_gfrc_set_count(&s->g_timer, distance);
-
- exynos4210_gfrc_start(&s->g_timer);
-}
-
-/*
- * Get counter of FRC local timer.
- */
-static uint64_t exynos4210_lfrc_get_count(Exynos4210MCTLT *s)
-{
- return ptimer_get_count(s->ptimer_frc);
-}
-
-/*
- * Set counter of FRC local timer.
- */
-static void exynos4210_lfrc_update_count(Exynos4210MCTLT *s)
-{
- if (!s->reg.cnt[L_REG_CNT_FRCCNTB]) {
- ptimer_set_count(s->ptimer_frc, MCT_LT_COUNTER_STEP);
- } else {
- ptimer_set_count(s->ptimer_frc, s->reg.cnt[L_REG_CNT_FRCCNTB]);
- }
-}
-
-/*
- * Start local FRC timer
- */
-static void exynos4210_lfrc_start(Exynos4210MCTLT *s)
-{
- ptimer_run(s->ptimer_frc, 1);
-}
-
-/*
- * Stop local FRC timer
- */
-static void exynos4210_lfrc_stop(Exynos4210MCTLT *s)
-{
- ptimer_stop(s->ptimer_frc);
-}
-
-/*
- * Local timer free running counter tick handler
- */
-static void exynos4210_lfrc_event(void *opaque)
-{
- Exynos4210MCTLT * s = (Exynos4210MCTLT *)opaque;
-
- /* local frc expired */
-
- DPRINTF("\n");
-
- s->reg.int_cstat |= L_INT_CSTAT_FRCCNT;
-
- /* update frc counter */
- exynos4210_lfrc_update_count(s);
-
- /* raise irq */
- if (s->reg.int_enb & L_INT_INTENB_FRCEIE) {
- qemu_irq_raise(s->irq);
- }
-
- /* we reached here, this means that timer is enabled */
- exynos4210_lfrc_start(s);
-}
-
-static uint32_t exynos4210_ltick_int_get_cnto(struct tick_timer *s);
-static uint32_t exynos4210_ltick_cnt_get_cnto(struct tick_timer *s);
-static void exynos4210_ltick_recalc_count(struct tick_timer *s);
-
-/*
- * Action on enabling local tick int timer
- */
-static void exynos4210_ltick_int_start(struct tick_timer *s)
-{
- if (!s->int_run) {
- s->int_run = 1;
- }
-}
-
-/*
- * Action on disabling local tick int timer
- */
-static void exynos4210_ltick_int_stop(struct tick_timer *s)
-{
- if (s->int_run) {
- s->last_icnto = exynos4210_ltick_int_get_cnto(s);
- s->int_run = 0;
- }
-}
-
-/*
- * Get count for INT timer
- */
-static uint32_t exynos4210_ltick_int_get_cnto(struct tick_timer *s)
-{
- uint32_t icnto;
- uint64_t remain;
- uint64_t count;
- uint64_t counted;
- uint64_t cur_progress;
-
- count = ptimer_get_count(s->ptimer_tick);
- if (count) {
- /* timer is still counting, called not from event */
- counted = s->count - ptimer_get_count(s->ptimer_tick);
- cur_progress = s->progress + counted;
- } else {
- /* timer expired earlier */
- cur_progress = s->progress;
- }
-
- remain = s->distance - cur_progress;
-
- if (!s->int_run) {
- /* INT is stopped. */
- icnto = s->last_icnto;
- } else {
- /* Both are counting */
- icnto = remain / s->tcntb;
- }
-
- return icnto;
-}
-
-/*
- * Start local tick cnt timer.
- */
-static void exynos4210_ltick_cnt_start(struct tick_timer *s)
-{
- if (!s->cnt_run) {
-
- exynos4210_ltick_recalc_count(s);
- ptimer_set_count(s->ptimer_tick, s->count);
- ptimer_run(s->ptimer_tick, 1);
-
- s->cnt_run = 1;
- }
-}
-
-/*
- * Stop local tick cnt timer.
- */
-static void exynos4210_ltick_cnt_stop(struct tick_timer *s)
-{
- if (s->cnt_run) {
-
- s->last_tcnto = exynos4210_ltick_cnt_get_cnto(s);
-
- if (s->int_run) {
- exynos4210_ltick_int_stop(s);
- }
-
- ptimer_stop(s->ptimer_tick);
-
- s->cnt_run = 0;
- }
-}
-
-/*
- * Get counter for CNT timer
- */
-static uint32_t exynos4210_ltick_cnt_get_cnto(struct tick_timer *s)
-{
- uint32_t tcnto;
- uint32_t icnto;
- uint64_t remain;
- uint64_t counted;
- uint64_t count;
- uint64_t cur_progress;
-
- count = ptimer_get_count(s->ptimer_tick);
- if (count) {
- /* timer is still counting, called not from event */
- counted = s->count - ptimer_get_count(s->ptimer_tick);
- cur_progress = s->progress + counted;
- } else {
- /* timer expired earlier */
- cur_progress = s->progress;
- }
-
- remain = s->distance - cur_progress;
-
- if (!s->cnt_run) {
- /* Both are stopped. */
- tcnto = s->last_tcnto;
- } else if (!s->int_run) {
- /* INT counter is stopped, progress is by CNT timer */
- tcnto = remain % s->tcntb;
- } else {
- /* Both are counting */
- icnto = remain / s->tcntb;
- if (icnto) {
- tcnto = remain % (icnto * s->tcntb);
- } else {
- tcnto = remain % s->tcntb;
- }
- }
-
- return tcnto;
-}
-
-/*
- * Set new values of counters for CNT and INT timers
- */
-static void exynos4210_ltick_set_cntb(struct tick_timer *s, uint32_t new_cnt,
- uint32_t new_int)
-{
- uint32_t cnt_stopped = 0;
- uint32_t int_stopped = 0;
-
- if (s->cnt_run) {
- exynos4210_ltick_cnt_stop(s);
- cnt_stopped = 1;
- }
-
- if (s->int_run) {
- exynos4210_ltick_int_stop(s);
- int_stopped = 1;
- }
-
- s->tcntb = new_cnt + 1;
- s->icntb = new_int + 1;
-
- if (cnt_stopped) {
- exynos4210_ltick_cnt_start(s);
- }
- if (int_stopped) {
- exynos4210_ltick_int_start(s);
- }
-
-}
-
-/*
- * Calculate new counter value for tick timer
- */
-static void exynos4210_ltick_recalc_count(struct tick_timer *s)
-{
- uint64_t to_count;
-
- if ((s->cnt_run && s->last_tcnto) || (s->int_run && s->last_icnto)) {
- /*
- * one or both timers run and not counted to the end;
- * distance is not passed, recalculate with last_tcnto * last_icnto
- */
-
- if (s->last_tcnto) {
- to_count = s->last_tcnto * s->last_icnto;
- } else {
- to_count = s->last_icnto;
- }
- } else {
- /* distance is passed, recalculate with tcnto * icnto */
- if (s->icntb) {
- s->distance = s->tcntb * s->icntb;
- } else {
- s->distance = s->tcntb;
- }
-
- to_count = s->distance;
- s->progress = 0;
- }
-
- if (to_count > MCT_LT_COUNTER_STEP) {
- /* count by step */
- s->count = MCT_LT_COUNTER_STEP;
- } else {
- s->count = to_count;
- }
-}
-
-/*
- * Initialize tick_timer
- */
-static void exynos4210_ltick_timer_init(struct tick_timer *s)
-{
- exynos4210_ltick_int_stop(s);
- exynos4210_ltick_cnt_stop(s);
-
- s->count = 0;
- s->distance = 0;
- s->progress = 0;
- s->icntb = 0;
- s->tcntb = 0;
-}
-
-/*
- * tick_timer event.
- * Raises when abstract tick_timer expires.
- */
-static void exynos4210_ltick_timer_event(struct tick_timer *s)
-{
- s->progress += s->count;
-}
-
-/*
- * Local timer tick counter handler.
- * Don't use reloaded timers. If timer counter = zero
- * then handler called but after handler finished no
- * timer reload occurs.
- */
-static void exynos4210_ltick_event(void *opaque)
-{
- Exynos4210MCTLT * s = (Exynos4210MCTLT *)opaque;
- uint32_t tcnto;
- uint32_t icnto;
-#ifdef DEBUG_MCT
- static uint64_t time1[2] = {0};
- static uint64_t time2[2] = {0};
-#endif
-
- /* Call tick_timer event handler, it will update its tcntb and icntb. */
- exynos4210_ltick_timer_event(&s->tick_timer);
-
- /* get tick_timer cnt */
- tcnto = exynos4210_ltick_cnt_get_cnto(&s->tick_timer);
-
- /* get tick_timer int */
- icnto = exynos4210_ltick_int_get_cnto(&s->tick_timer);
-
- /* raise IRQ if needed */
- if (!icnto && s->reg.tcon & L_TCON_INT_START) {
- /* INT counter enabled and expired */
-
- s->reg.int_cstat |= L_INT_CSTAT_INTCNT;
-
- /* raise interrupt if enabled */
- if (s->reg.int_enb & L_INT_INTENB_ICNTEIE) {
-#ifdef DEBUG_MCT
- time2[s->id] = qemu_get_clock_ns(vm_clock);
- DPRINTF("local timer[%d] IRQ: %llx\n", s->id,
- time2[s->id] - time1[s->id]);
- time1[s->id] = time2[s->id];
-#endif
- qemu_irq_raise(s->irq);
- }
-
- /* reload ICNTB */
- if (s->reg.tcon & L_TCON_INTERVAL_MODE) {
- exynos4210_ltick_set_cntb(&s->tick_timer,
- s->reg.cnt[L_REG_CNT_TCNTB],
- s->reg.cnt[L_REG_CNT_ICNTB]);
- }
- } else {
- /* reload TCNTB */
- if (!tcnto) {
- exynos4210_ltick_set_cntb(&s->tick_timer,
- s->reg.cnt[L_REG_CNT_TCNTB],
- icnto);
- }
- }
-
- /* start tick_timer cnt */
- exynos4210_ltick_cnt_start(&s->tick_timer);
-
- /* start tick_timer int */
- exynos4210_ltick_int_start(&s->tick_timer);
-}
-
-/* update timer frequency */
-static void exynos4210_mct_update_freq(Exynos4210MCTState *s)
-{
- uint32_t freq = s->freq;
- s->freq = 24000000 /
- ((MCT_CFG_GET_PRESCALER(s->reg_mct_cfg)+1) *
- MCT_CFG_GET_DIVIDER(s->reg_mct_cfg));
-
- if (freq != s->freq) {
- DPRINTF("freq=%dHz\n", s->freq);
-
- /* global timer */
- ptimer_set_freq(s->g_timer.ptimer_frc, s->freq);
-
- /* local timer */
- ptimer_set_freq(s->l_timer[0].tick_timer.ptimer_tick, s->freq);
- ptimer_set_freq(s->l_timer[0].ptimer_frc, s->freq);
- ptimer_set_freq(s->l_timer[1].tick_timer.ptimer_tick, s->freq);
- ptimer_set_freq(s->l_timer[1].ptimer_frc, s->freq);
- }
-}
-
-/* set defaul_timer values for all fields */
-static void exynos4210_mct_reset(DeviceState *d)
-{
- Exynos4210MCTState *s = (Exynos4210MCTState *)d;
- uint32_t i;
-
- s->reg_mct_cfg = 0;
-
- /* global timer */
- memset(&s->g_timer.reg, 0, sizeof(s->g_timer.reg));
- exynos4210_gfrc_stop(&s->g_timer);
-
- /* local timer */
- memset(s->l_timer[0].reg.cnt, 0, sizeof(s->l_timer[0].reg.cnt));
- memset(s->l_timer[1].reg.cnt, 0, sizeof(s->l_timer[1].reg.cnt));
- for (i = 0; i < 2; i++) {
- s->l_timer[i].reg.int_cstat = 0;
- s->l_timer[i].reg.int_enb = 0;
- s->l_timer[i].reg.tcon = 0;
- s->l_timer[i].reg.wstat = 0;
- s->l_timer[i].tick_timer.count = 0;
- s->l_timer[i].tick_timer.distance = 0;
- s->l_timer[i].tick_timer.progress = 0;
- ptimer_stop(s->l_timer[i].ptimer_frc);
-
- exynos4210_ltick_timer_init(&s->l_timer[i].tick_timer);
- }
-
- exynos4210_mct_update_freq(s);
-
-}
-
-/* Multi Core Timer read */
-static uint64_t exynos4210_mct_read(void *opaque, hwaddr offset,
- unsigned size)
-{
- Exynos4210MCTState *s = (Exynos4210MCTState *)opaque;
- int index;
- int shift;
- uint64_t count;
- uint32_t value;
- int lt_i;
-
- switch (offset) {
-
- case MCT_CFG:
- value = s->reg_mct_cfg;
- break;
-
- case G_CNT_L: case G_CNT_U:
- shift = 8 * (offset & 0x4);
- count = exynos4210_gfrc_get_count(&s->g_timer);
- value = UINT32_MAX & (count >> shift);
- DPRINTF("read FRC=0x%llx\n", count);
- break;
-
- case G_CNT_WSTAT:
- value = s->g_timer.reg.cnt_wstat;
- break;
-
- case G_COMP_L(0): case G_COMP_L(1): case G_COMP_L(2): case G_COMP_L(3):
- case G_COMP_U(0): case G_COMP_U(1): case G_COMP_U(2): case G_COMP_U(3):
- index = GET_G_COMP_IDX(offset);
- shift = 8 * (offset & 0x4);
- value = UINT32_MAX & (s->g_timer.reg.comp[index] >> shift);
- break;
-
- case G_TCON:
- value = s->g_timer.reg.tcon;
- break;
-
- case G_INT_CSTAT:
- value = s->g_timer.reg.int_cstat;
- break;
-
- case G_INT_ENB:
- value = s->g_timer.reg.int_enb;
- break;
- break;
- case G_WSTAT:
- value = s->g_timer.reg.wstat;
- break;
-
- case G_COMP0_ADD_INCR: case G_COMP1_ADD_INCR:
- case G_COMP2_ADD_INCR: case G_COMP3_ADD_INCR:
- value = s->g_timer.reg.comp_add_incr[GET_G_COMP_ADD_INCR_IDX(offset)];
- break;
-
- /* Local timers */
- case L0_TCNTB: case L0_ICNTB: case L0_FRCNTB:
- case L1_TCNTB: case L1_ICNTB: case L1_FRCNTB:
- lt_i = GET_L_TIMER_IDX(offset);
- index = GET_L_TIMER_CNT_REG_IDX(offset, lt_i);
- value = s->l_timer[lt_i].reg.cnt[index];
- break;
-
- case L0_TCNTO: case L1_TCNTO:
- lt_i = GET_L_TIMER_IDX(offset);
-
- value = exynos4210_ltick_cnt_get_cnto(&s->l_timer[lt_i].tick_timer);
- DPRINTF("local timer[%d] read TCNTO %x\n", lt_i, value);
- break;
-
- case L0_ICNTO: case L1_ICNTO:
- lt_i = GET_L_TIMER_IDX(offset);
-
- value = exynos4210_ltick_int_get_cnto(&s->l_timer[lt_i].tick_timer);
- DPRINTF("local timer[%d] read ICNTO %x\n", lt_i, value);
- break;
-
- case L0_FRCNTO: case L1_FRCNTO:
- lt_i = GET_L_TIMER_IDX(offset);
-
- value = exynos4210_lfrc_get_count(&s->l_timer[lt_i]);
-
- break;
-
- case L0_TCON: case L1_TCON:
- lt_i = ((offset & 0xF00) - L0_TCNTB) / 0x100;
- value = s->l_timer[lt_i].reg.tcon;
- break;
-
- case L0_INT_CSTAT: case L1_INT_CSTAT:
- lt_i = ((offset & 0xF00) - L0_TCNTB) / 0x100;
- value = s->l_timer[lt_i].reg.int_cstat;
- break;
-
- case L0_INT_ENB: case L1_INT_ENB:
- lt_i = ((offset & 0xF00) - L0_TCNTB) / 0x100;
- value = s->l_timer[lt_i].reg.int_enb;
- break;
-
- case L0_WSTAT: case L1_WSTAT:
- lt_i = ((offset & 0xF00) - L0_TCNTB) / 0x100;
- value = s->l_timer[lt_i].reg.wstat;
- break;
-
- default:
- hw_error("exynos4210.mct: bad read offset "
- TARGET_FMT_plx "\n", offset);
- break;
- }
- return value;
-}
-
-/* MCT write */
-static void exynos4210_mct_write(void *opaque, hwaddr offset,
- uint64_t value, unsigned size)
-{
- Exynos4210MCTState *s = (Exynos4210MCTState *)opaque;
- int index; /* index in buffer which represents register set */
- int shift;
- int lt_i;
- uint64_t new_frc;
- uint32_t i;
- uint32_t old_val;
-#ifdef DEBUG_MCT
- static uint32_t icntb_max[2] = {0};
- static uint32_t icntb_min[2] = {UINT32_MAX, UINT32_MAX};
- static uint32_t tcntb_max[2] = {0};
- static uint32_t tcntb_min[2] = {UINT32_MAX, UINT32_MAX};
-#endif
-
- new_frc = s->g_timer.reg.cnt;
-
- switch (offset) {
-
- case MCT_CFG:
- s->reg_mct_cfg = value;
- exynos4210_mct_update_freq(s);
- break;
-
- case G_CNT_L:
- case G_CNT_U:
- if (offset == G_CNT_L) {
-
- DPRINTF("global timer write to reg.cntl %llx\n", value);
-
- new_frc = (s->g_timer.reg.cnt & (uint64_t)UINT32_MAX << 32) + value;
- s->g_timer.reg.cnt_wstat |= G_CNT_WSTAT_L;
- }
- if (offset == G_CNT_U) {
-
- DPRINTF("global timer write to reg.cntu %llx\n", value);
-
- new_frc = (s->g_timer.reg.cnt & UINT32_MAX) +
- ((uint64_t)value << 32);
- s->g_timer.reg.cnt_wstat |= G_CNT_WSTAT_U;
- }
-
- s->g_timer.reg.cnt = new_frc;
- exynos4210_gfrc_restart(s);
- break;
-
- case G_CNT_WSTAT:
- s->g_timer.reg.cnt_wstat &= ~(value);
- break;
-
- case G_COMP_L(0): case G_COMP_L(1): case G_COMP_L(2): case G_COMP_L(3):
- case G_COMP_U(0): case G_COMP_U(1): case G_COMP_U(2): case G_COMP_U(3):
- index = GET_G_COMP_IDX(offset);
- shift = 8 * (offset & 0x4);
- s->g_timer.reg.comp[index] =
- (s->g_timer.reg.comp[index] &
- (((uint64_t)UINT32_MAX << 32) >> shift)) +
- (value << shift);
-
- DPRINTF("comparator %d write 0x%llx val << %d\n", index, value, shift);
-
- if (offset&0x4) {
- s->g_timer.reg.wstat |= G_WSTAT_COMP_U(index);
- } else {
- s->g_timer.reg.wstat |= G_WSTAT_COMP_L(index);
- }
-
- exynos4210_gfrc_restart(s);
- break;
-
- case G_TCON:
- old_val = s->g_timer.reg.tcon;
- s->g_timer.reg.tcon = value;
- s->g_timer.reg.wstat |= G_WSTAT_TCON_WRITE;
-
- DPRINTF("global timer write to reg.g_tcon %llx\n", value);
-
- /* Start FRC if transition from disabled to enabled */
- if ((value & G_TCON_TIMER_ENABLE) > (old_val &
- G_TCON_TIMER_ENABLE)) {
- exynos4210_gfrc_start(&s->g_timer);
- }
- if ((value & G_TCON_TIMER_ENABLE) < (old_val &
- G_TCON_TIMER_ENABLE)) {
- exynos4210_gfrc_stop(&s->g_timer);
- }
-
- /* Start CMP if transition from disabled to enabled */
- for (i = 0; i < MCT_GT_CMP_NUM; i++) {
- if ((value & G_TCON_COMP_ENABLE(i)) != (old_val &
- G_TCON_COMP_ENABLE(i))) {
- exynos4210_gfrc_restart(s);
- }
- }
- break;
-
- case G_INT_CSTAT:
- s->g_timer.reg.int_cstat &= ~(value);
- for (i = 0; i < MCT_GT_CMP_NUM; i++) {
- if (value & G_INT_CSTAT_COMP(i)) {
- exynos4210_gcomp_lower_irq(&s->g_timer, i);
- }
- }
- break;
-
- case G_INT_ENB:
-
- /* Raise IRQ if transition from disabled to enabled and CSTAT pending */
- for (i = 0; i < MCT_GT_CMP_NUM; i++) {
- if ((value & G_INT_ENABLE(i)) > (s->g_timer.reg.tcon &
- G_INT_ENABLE(i))) {
- if (s->g_timer.reg.int_cstat & G_INT_CSTAT_COMP(i)) {
- exynos4210_gcomp_raise_irq(&s->g_timer, i);
- }
- }
-
- if ((value & G_INT_ENABLE(i)) < (s->g_timer.reg.tcon &
- G_INT_ENABLE(i))) {
- exynos4210_gcomp_lower_irq(&s->g_timer, i);
- }
- }
-
- DPRINTF("global timer INT enable %llx\n", value);
- s->g_timer.reg.int_enb = value;
- break;
-
- case G_WSTAT:
- s->g_timer.reg.wstat &= ~(value);
- break;
-
- case G_COMP0_ADD_INCR: case G_COMP1_ADD_INCR:
- case G_COMP2_ADD_INCR: case G_COMP3_ADD_INCR:
- index = GET_G_COMP_ADD_INCR_IDX(offset);
- s->g_timer.reg.comp_add_incr[index] = value;
- s->g_timer.reg.wstat |= G_WSTAT_COMP_ADDINCR(index);
- break;
-
- /* Local timers */
- case L0_TCON: case L1_TCON:
- lt_i = GET_L_TIMER_IDX(offset);
- old_val = s->l_timer[lt_i].reg.tcon;
-
- s->l_timer[lt_i].reg.wstat |= L_WSTAT_TCON_WRITE;
- s->l_timer[lt_i].reg.tcon = value;
-
- /* Stop local CNT */
- if ((value & L_TCON_TICK_START) <
- (old_val & L_TCON_TICK_START)) {
- DPRINTF("local timer[%d] stop cnt\n", lt_i);
- exynos4210_ltick_cnt_stop(&s->l_timer[lt_i].tick_timer);
- }
-
- /* Stop local INT */
- if ((value & L_TCON_INT_START) <
- (old_val & L_TCON_INT_START)) {
- DPRINTF("local timer[%d] stop int\n", lt_i);
- exynos4210_ltick_int_stop(&s->l_timer[lt_i].tick_timer);
- }
-
- /* Start local CNT */
- if ((value & L_TCON_TICK_START) >
- (old_val & L_TCON_TICK_START)) {
- DPRINTF("local timer[%d] start cnt\n", lt_i);
- exynos4210_ltick_cnt_start(&s->l_timer[lt_i].tick_timer);
- }
-
- /* Start local INT */
- if ((value & L_TCON_INT_START) >
- (old_val & L_TCON_INT_START)) {
- DPRINTF("local timer[%d] start int\n", lt_i);
- exynos4210_ltick_int_start(&s->l_timer[lt_i].tick_timer);
- }
-
- /* Start or Stop local FRC if TCON changed */
- if ((value & L_TCON_FRC_START) >
- (s->l_timer[lt_i].reg.tcon & L_TCON_FRC_START)) {
- DPRINTF("local timer[%d] start frc\n", lt_i);
- exynos4210_lfrc_start(&s->l_timer[lt_i]);
- }
- if ((value & L_TCON_FRC_START) <
- (s->l_timer[lt_i].reg.tcon & L_TCON_FRC_START)) {
- DPRINTF("local timer[%d] stop frc\n", lt_i);
- exynos4210_lfrc_stop(&s->l_timer[lt_i]);
- }
- break;
-
- case L0_TCNTB: case L1_TCNTB:
-
- lt_i = GET_L_TIMER_IDX(offset);
- index = GET_L_TIMER_CNT_REG_IDX(offset, lt_i);
-
- /*
- * TCNTB is updated to internal register only after CNT expired.
- * Due to this we should reload timer to nearest moment when CNT is
- * expired and then in event handler update tcntb to new TCNTB value.
- */
- exynos4210_ltick_set_cntb(&s->l_timer[lt_i].tick_timer, value,
- s->l_timer[lt_i].tick_timer.icntb);
-
- s->l_timer[lt_i].reg.wstat |= L_WSTAT_TCNTB_WRITE;
- s->l_timer[lt_i].reg.cnt[L_REG_CNT_TCNTB] = value;
-
-#ifdef DEBUG_MCT
- if (tcntb_min[lt_i] > value) {
- tcntb_min[lt_i] = value;
- }
- if (tcntb_max[lt_i] < value) {
- tcntb_max[lt_i] = value;
- }
- DPRINTF("local timer[%d] TCNTB write %llx; max=%x, min=%x\n",
- lt_i, value, tcntb_max[lt_i], tcntb_min[lt_i]);
-#endif
- break;
-
- case L0_ICNTB: case L1_ICNTB:
-
- lt_i = GET_L_TIMER_IDX(offset);
- index = GET_L_TIMER_CNT_REG_IDX(offset, lt_i);
-
- s->l_timer[lt_i].reg.wstat |= L_WSTAT_ICNTB_WRITE;
- s->l_timer[lt_i].reg.cnt[L_REG_CNT_ICNTB] = value &
- ~L_ICNTB_MANUAL_UPDATE;
-
- /*
- * We need to avoid too small values for TCNTB*ICNTB. If not, IRQ event
- * could raise too fast disallowing QEMU to execute target code.
- */
- if (s->l_timer[lt_i].reg.cnt[L_REG_CNT_ICNTB] *
- s->l_timer[lt_i].reg.cnt[L_REG_CNT_TCNTB] < MCT_LT_CNT_LOW_LIMIT) {
- if (!s->l_timer[lt_i].reg.cnt[L_REG_CNT_TCNTB]) {
- s->l_timer[lt_i].reg.cnt[L_REG_CNT_ICNTB] =
- MCT_LT_CNT_LOW_LIMIT;
- } else {
- s->l_timer[lt_i].reg.cnt[L_REG_CNT_ICNTB] =
- MCT_LT_CNT_LOW_LIMIT /
- s->l_timer[lt_i].reg.cnt[L_REG_CNT_TCNTB];
- }
- }
-
- if (value & L_ICNTB_MANUAL_UPDATE) {
- exynos4210_ltick_set_cntb(&s->l_timer[lt_i].tick_timer,
- s->l_timer[lt_i].tick_timer.tcntb,
- s->l_timer[lt_i].reg.cnt[L_REG_CNT_ICNTB]);
- }
-
-#ifdef DEBUG_MCT
- if (icntb_min[lt_i] > value) {
- icntb_min[lt_i] = value;
- }
- if (icntb_max[lt_i] < value) {
- icntb_max[lt_i] = value;
- }
-DPRINTF("local timer[%d] ICNTB write %llx; max=%x, min=%x\n\n",
- lt_i, value, icntb_max[lt_i], icntb_min[lt_i]);
-#endif
-break;
-
- case L0_FRCNTB: case L1_FRCNTB:
-
- lt_i = GET_L_TIMER_IDX(offset);
- index = GET_L_TIMER_CNT_REG_IDX(offset, lt_i);
-
- DPRINTF("local timer[%d] FRCNTB write %llx\n", lt_i, value);
-
- s->l_timer[lt_i].reg.wstat |= L_WSTAT_FRCCNTB_WRITE;
- s->l_timer[lt_i].reg.cnt[L_REG_CNT_FRCCNTB] = value;
-
- break;
-
- case L0_TCNTO: case L1_TCNTO:
- case L0_ICNTO: case L1_ICNTO:
- case L0_FRCNTO: case L1_FRCNTO:
- fprintf(stderr, "\n[exynos4210.mct: write to RO register "
- TARGET_FMT_plx "]\n\n", offset);
- break;
-
- case L0_INT_CSTAT: case L1_INT_CSTAT:
- lt_i = GET_L_TIMER_IDX(offset);
-
- DPRINTF("local timer[%d] CSTAT write %llx\n", lt_i, value);
-
- s->l_timer[lt_i].reg.int_cstat &= ~value;
- if (!s->l_timer[lt_i].reg.int_cstat) {
- qemu_irq_lower(s->l_timer[lt_i].irq);
- }
- break;
-
- case L0_INT_ENB: case L1_INT_ENB:
- lt_i = GET_L_TIMER_IDX(offset);
- old_val = s->l_timer[lt_i].reg.int_enb;
-
- /* Raise Local timer IRQ if cstat is pending */
- if ((value & L_INT_INTENB_ICNTEIE) > (old_val & L_INT_INTENB_ICNTEIE)) {
- if (s->l_timer[lt_i].reg.int_cstat & L_INT_CSTAT_INTCNT) {
- qemu_irq_raise(s->l_timer[lt_i].irq);
- }
- }
-
- s->l_timer[lt_i].reg.int_enb = value;
-
- break;
-
- case L0_WSTAT: case L1_WSTAT:
- lt_i = GET_L_TIMER_IDX(offset);
-
- s->l_timer[lt_i].reg.wstat &= ~value;
- break;
-
- default:
- hw_error("exynos4210.mct: bad write offset "
- TARGET_FMT_plx "\n", offset);
- break;
- }
-}
-
-static const MemoryRegionOps exynos4210_mct_ops = {
- .read = exynos4210_mct_read,
- .write = exynos4210_mct_write,
- .endianness = DEVICE_NATIVE_ENDIAN,
-};
-
-/* MCT init */
-static int exynos4210_mct_init(SysBusDevice *dev)
-{
- int i;
- Exynos4210MCTState *s = FROM_SYSBUS(Exynos4210MCTState, dev);
- QEMUBH *bh[2];
-
- /* Global timer */
- bh[0] = qemu_bh_new(exynos4210_gfrc_event, s);
- s->g_timer.ptimer_frc = ptimer_init(bh[0]);
- memset(&s->g_timer.reg, 0, sizeof(struct gregs));
-
- /* Local timers */
- for (i = 0; i < 2; i++) {
- bh[0] = qemu_bh_new(exynos4210_ltick_event, &s->l_timer[i]);
- bh[1] = qemu_bh_new(exynos4210_lfrc_event, &s->l_timer[i]);
- s->l_timer[i].tick_timer.ptimer_tick = ptimer_init(bh[0]);
- s->l_timer[i].ptimer_frc = ptimer_init(bh[1]);
- s->l_timer[i].id = i;
- }
-
- /* IRQs */
- for (i = 0; i < MCT_GT_CMP_NUM; i++) {
- sysbus_init_irq(dev, &s->g_timer.irq[i]);
- }
- for (i = 0; i < 2; i++) {
- sysbus_init_irq(dev, &s->l_timer[i].irq);
- }
-
- memory_region_init_io(&s->iomem, &exynos4210_mct_ops, s, "exynos4210-mct",
- MCT_SFR_SIZE);
- sysbus_init_mmio(dev, &s->iomem);
-
- return 0;
-}
-
-static void exynos4210_mct_class_init(ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS(klass);
- SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
-
- k->init = exynos4210_mct_init;
- dc->reset = exynos4210_mct_reset;
- dc->vmsd = &vmstate_exynos4210_mct_state;
-}
-
-static TypeInfo exynos4210_mct_info = {
- .name = "exynos4210.mct",
- .parent = TYPE_SYS_BUS_DEVICE,
- .instance_size = sizeof(Exynos4210MCTState),
- .class_init = exynos4210_mct_class_init,
-};
-
-static void exynos4210_mct_register_types(void)
-{
- type_register_static(&exynos4210_mct_info);
-}
-
-type_init(exynos4210_mct_register_types)
diff --git a/hw/exynos4210_pmu.c b/hw/exynos4210_pmu.c
deleted file mode 100644
index a22b8f181..000000000
--- a/hw/exynos4210_pmu.c
+++ /dev/null
@@ -1,499 +0,0 @@
-/*
- * Exynos4210 Power Management Unit (PMU) Emulation
- *
- * Copyright (C) 2011 Samsung Electronics Co Ltd.
- * Maksim Kozlov <m.kozlov@samsung.com>
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- *
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, see <http://www.gnu.org/licenses/>.
- */
-
-/*
- * This model implements PMU registers just as a bulk of memory. Currently,
- * the only reason this device exists is that secondary CPU boot loader
- * uses PMU INFORM5 register as a holding pen.
- */
-
-#include "sysbus.h"
-
-#ifndef DEBUG_PMU
-#define DEBUG_PMU 0
-#endif
-
-#ifndef DEBUG_PMU_EXTEND
-#define DEBUG_PMU_EXTEND 0
-#endif
-
-#if DEBUG_PMU
-#define PRINT_DEBUG(fmt, args...) \
- do { \
- fprintf(stderr, " [%s:%d] "fmt, __func__, __LINE__, ##args); \
- } while (0)
-
-#if DEBUG_PMU_EXTEND
-#define PRINT_DEBUG_EXTEND(fmt, args...) \
- do { \
- fprintf(stderr, " [%s:%d] "fmt, __func__, __LINE__, ##args); \
- } while (0)
-#else
-#define PRINT_DEBUG_EXTEND(fmt, args...) do {} while (0)
-#endif /* EXTEND */
-
-#else
-#define PRINT_DEBUG(fmt, args...) do {} while (0)
-#define PRINT_DEBUG_EXTEND(fmt, args...) do {} while (0)
-#endif
-
-/*
- * Offsets for PMU registers
- */
-#define OM_STAT 0x0000 /* OM status register */
-#define RTC_CLKO_SEL 0x000C /* Controls RTCCLKOUT */
-#define GNSS_RTC_OUT_CTRL 0x0010 /* Controls GNSS_RTC_OUT */
-/* Decides whether system-level low-power mode is used. */
-#define SYSTEM_POWER_DOWN_CTRL 0x0200
-/* Sets control options for CENTRAL_SEQ */
-#define SYSTEM_POWER_DOWN_OPTION 0x0208
-#define SWRESET 0x0400 /* Generate software reset */
-#define RST_STAT 0x0404 /* Reset status register */
-#define WAKEUP_STAT 0x0600 /* Wakeup status register */
-#define EINT_WAKEUP_MASK 0x0604 /* Configure External INTerrupt mask */
-#define WAKEUP_MASK 0x0608 /* Configure wakeup source mask */
-#define HDMI_PHY_CONTROL 0x0700 /* HDMI PHY control register */
-#define USBDEVICE_PHY_CONTROL 0x0704 /* USB Device PHY control register */
-#define USBHOST_PHY_CONTROL 0x0708 /* USB HOST PHY control register */
-#define DAC_PHY_CONTROL 0x070C /* DAC control register */
-#define MIPI_PHY0_CONTROL 0x0710 /* MIPI PHY control register */
-#define MIPI_PHY1_CONTROL 0x0714 /* MIPI PHY control register */
-#define ADC_PHY_CONTROL 0x0718 /* TS-ADC control register */
-#define PCIe_PHY_CONTROL 0x071C /* TS-PCIe control register */
-#define SATA_PHY_CONTROL 0x0720 /* TS-SATA control register */
-#define INFORM0 0x0800 /* Information register 0 */
-#define INFORM1 0x0804 /* Information register 1 */
-#define INFORM2 0x0808 /* Information register 2 */
-#define INFORM3 0x080C /* Information register 3 */
-#define INFORM4 0x0810 /* Information register 4 */
-#define INFORM5 0x0814 /* Information register 5 */
-#define INFORM6 0x0818 /* Information register 6 */
-#define INFORM7 0x081C /* Information register 7 */
-#define PMU_DEBUG 0x0A00 /* PMU debug register */
-/* Registers to set system-level low-power option */
-#define ARM_CORE0_SYS_PWR_REG 0x1000
-#define ARM_CORE1_SYS_PWR_REG 0x1010
-#define ARM_COMMON_SYS_PWR_REG 0x1080
-#define ARM_CPU_L2_0_SYS_PWR_REG 0x10C0
-#define ARM_CPU_L2_1_SYS_PWR_REG 0x10C4
-#define CMU_ACLKSTOP_SYS_PWR_REG 0x1100
-#define CMU_SCLKSTOP_SYS_PWR_REG 0x1104
-#define CMU_RESET_SYS_PWR_REG 0x110C
-#define APLL_SYSCLK_SYS_PWR_REG 0x1120
-#define MPLL_SYSCLK_SYS_PWR_REG 0x1124
-#define VPLL_SYSCLK_SYS_PWR_REG 0x1128
-#define EPLL_SYSCLK_SYS_PWR_REG 0x112C
-#define CMU_CLKSTOP_GPS_ALIVE_SYS_PWR_REG 0x1138
-#define CMU_RESET_GPS_ALIVE_SYS_PWR_REG 0x113C
-#define CMU_CLKSTOP_CAM_SYS_PWR_REG 0x1140
-#define CMU_CLKSTOP_TV_SYS_PWR_REG 0x1144
-#define CMU_CLKSTOP_MFC_SYS_PWR_REG 0x1148
-#define CMU_CLKSTOP_G3D_SYS_PWR_REG 0x114C
-#define CMU_CLKSTOP_LCD0_SYS_PWR_REG 0x1150
-#define CMU_CLKSTOP_LCD1_SYS_PWR_REG 0x1154
-#define CMU_CLKSTOP_MAUDIO_SYS_PWR_REG 0x1158
-#define CMU_CLKSTOP_GPS_SYS_PWR_REG 0x115C
-#define CMU_RESET_CAM_SYS_PWR_REG 0x1160
-#define CMU_RESET_TV_SYS_PWR_REG 0x1164
-#define CMU_RESET_MFC_SYS_PWR_REG 0x1168
-#define CMU_RESET_G3D_SYS_PWR_REG 0x116C
-#define CMU_RESET_LCD0_SYS_PWR_REG 0x1170
-#define CMU_RESET_LCD1_SYS_PWR_REG 0x1174
-#define CMU_RESET_MAUDIO_SYS_PWR_REG 0x1178
-#define CMU_RESET_GPS_SYS_PWR_REG 0x117C
-#define TOP_BUS_SYS_PWR_REG 0x1180
-#define TOP_RETENTION_SYS_PWR_REG 0x1184
-#define TOP_PWR_SYS_PWR_REG 0x1188
-#define LOGIC_RESET_SYS_PWR_REG 0x11A0
-#define OneNANDXL_MEM_SYS_PWR_REG 0x11C0
-#define MODEMIF_MEM_SYS_PWR_REG 0x11C4
-#define USBDEVICE_MEM_SYS_PWR_REG 0x11CC
-#define SDMMC_MEM_SYS_PWR_REG 0x11D0
-#define CSSYS_MEM_SYS_PWR_REG 0x11D4
-#define SECSS_MEM_SYS_PWR_REG 0x11D8
-#define PCIe_MEM_SYS_PWR_REG 0x11E0
-#define SATA_MEM_SYS_PWR_REG 0x11E4
-#define PAD_RETENTION_DRAM_SYS_PWR_REG 0x1200
-#define PAD_RETENTION_MAUDIO_SYS_PWR_REG 0x1204
-#define PAD_RETENTION_GPIO_SYS_PWR_REG 0x1220
-#define PAD_RETENTION_UART_SYS_PWR_REG 0x1224
-#define PAD_RETENTION_MMCA_SYS_PWR_REG 0x1228
-#define PAD_RETENTION_MMCB_SYS_PWR_REG 0x122C
-#define PAD_RETENTION_EBIA_SYS_PWR_REG 0x1230
-#define PAD_RETENTION_EBIB_SYS_PWR_REG 0x1234
-#define PAD_ISOLATION_SYS_PWR_REG 0x1240
-#define PAD_ALV_SEL_SYS_PWR_REG 0x1260
-#define XUSBXTI_SYS_PWR_REG 0x1280
-#define XXTI_SYS_PWR_REG 0x1284
-#define EXT_REGULATOR_SYS_PWR_REG 0x12C0
-#define GPIO_MODE_SYS_PWR_REG 0x1300
-#define GPIO_MODE_MAUDIO_SYS_PWR_REG 0x1340
-#define CAM_SYS_PWR_REG 0x1380
-#define TV_SYS_PWR_REG 0x1384
-#define MFC_SYS_PWR_REG 0x1388
-#define G3D_SYS_PWR_REG 0x138C
-#define LCD0_SYS_PWR_REG 0x1390
-#define LCD1_SYS_PWR_REG 0x1394
-#define MAUDIO_SYS_PWR_REG 0x1398
-#define GPS_SYS_PWR_REG 0x139C
-#define GPS_ALIVE_SYS_PWR_REG 0x13A0
-#define ARM_CORE0_CONFIGURATION 0x2000 /* Configure power mode of ARM_CORE0 */
-#define ARM_CORE0_STATUS 0x2004 /* Check power mode of ARM_CORE0 */
-#define ARM_CORE0_OPTION 0x2008 /* Sets control options for ARM_CORE0 */
-#define ARM_CORE1_CONFIGURATION 0x2080 /* Configure power mode of ARM_CORE1 */
-#define ARM_CORE1_STATUS 0x2084 /* Check power mode of ARM_CORE1 */
-#define ARM_CORE1_OPTION 0x2088 /* Sets control options for ARM_CORE0 */
-#define ARM_COMMON_OPTION 0x2408 /* Sets control options for ARM_COMMON */
-/* Configure power mode of ARM_CPU_L2_0 */
-#define ARM_CPU_L2_0_CONFIGURATION 0x2600
-#define ARM_CPU_L2_0_STATUS 0x2604 /* Check power mode of ARM_CPU_L2_0 */
-/* Configure power mode of ARM_CPU_L2_1 */
-#define ARM_CPU_L2_1_CONFIGURATION 0x2620
-#define ARM_CPU_L2_1_STATUS 0x2624 /* Check power mode of ARM_CPU_L2_1 */
-/* Sets control options for PAD_RETENTION_MAUDIO */
-#define PAD_RETENTION_MAUDIO_OPTION 0x3028
-/* Sets control options for PAD_RETENTION_GPIO */
-#define PAD_RETENTION_GPIO_OPTION 0x3108
-/* Sets control options for PAD_RETENTION_UART */
-#define PAD_RETENTION_UART_OPTION 0x3128
-/* Sets control options for PAD_RETENTION_MMCA */
-#define PAD_RETENTION_MMCA_OPTION 0x3148
-/* Sets control options for PAD_RETENTION_MMCB */
-#define PAD_RETENTION_MMCB_OPTION 0x3168
-/* Sets control options for PAD_RETENTION_EBIA */
-#define PAD_RETENTION_EBIA_OPTION 0x3188
-/* Sets control options for PAD_RETENTION_EBIB */
-#define PAD_RETENTION_EBIB_OPTION 0x31A8
-#define PS_HOLD_CONTROL 0x330C /* PS_HOLD control register */
-#define XUSBXTI_CONFIGURATION 0x3400 /* Configure the pad of XUSBXTI */
-#define XUSBXTI_STATUS 0x3404 /* Check the pad of XUSBXTI */
-/* Sets time required for XUSBXTI to be stabilized */
-#define XUSBXTI_DURATION 0x341C
-#define XXTI_CONFIGURATION 0x3420 /* Configure the pad of XXTI */
-#define XXTI_STATUS 0x3424 /* Check the pad of XXTI */
-/* Sets time required for XXTI to be stabilized */
-#define XXTI_DURATION 0x343C
-/* Sets time required for EXT_REGULATOR to be stabilized */
-#define EXT_REGULATOR_DURATION 0x361C
-#define CAM_CONFIGURATION 0x3C00 /* Configure power mode of CAM */
-#define CAM_STATUS 0x3C04 /* Check power mode of CAM */
-#define CAM_OPTION 0x3C08 /* Sets control options for CAM */
-#define TV_CONFIGURATION 0x3C20 /* Configure power mode of TV */
-#define TV_STATUS 0x3C24 /* Check power mode of TV */
-#define TV_OPTION 0x3C28 /* Sets control options for TV */
-#define MFC_CONFIGURATION 0x3C40 /* Configure power mode of MFC */
-#define MFC_STATUS 0x3C44 /* Check power mode of MFC */
-#define MFC_OPTION 0x3C48 /* Sets control options for MFC */
-#define G3D_CONFIGURATION 0x3C60 /* Configure power mode of G3D */
-#define G3D_STATUS 0x3C64 /* Check power mode of G3D */
-#define G3D_OPTION 0x3C68 /* Sets control options for G3D */
-#define LCD0_CONFIGURATION 0x3C80 /* Configure power mode of LCD0 */
-#define LCD0_STATUS 0x3C84 /* Check power mode of LCD0 */
-#define LCD0_OPTION 0x3C88 /* Sets control options for LCD0 */
-#define LCD1_CONFIGURATION 0x3CA0 /* Configure power mode of LCD1 */
-#define LCD1_STATUS 0x3CA4 /* Check power mode of LCD1 */
-#define LCD1_OPTION 0x3CA8 /* Sets control options for LCD1 */
-#define GPS_CONFIGURATION 0x3CE0 /* Configure power mode of GPS */
-#define GPS_STATUS 0x3CE4 /* Check power mode of GPS */
-#define GPS_OPTION 0x3CE8 /* Sets control options for GPS */
-#define GPS_ALIVE_CONFIGURATION 0x3D00 /* Configure power mode of GPS */
-#define GPS_ALIVE_STATUS 0x3D04 /* Check power mode of GPS */
-#define GPS_ALIVE_OPTION 0x3D08 /* Sets control options for GPS */
-
-#define EXYNOS4210_PMU_REGS_MEM_SIZE 0x3d0c
-
-typedef struct Exynos4210PmuReg {
- const char *name; /* for debug only */
- uint32_t offset;
- uint32_t reset_value;
-} Exynos4210PmuReg;
-
-static const Exynos4210PmuReg exynos4210_pmu_regs[] = {
- {"OM_STAT", OM_STAT, 0x00000000},
- {"RTC_CLKO_SEL", RTC_CLKO_SEL, 0x00000000},
- {"GNSS_RTC_OUT_CTRL", GNSS_RTC_OUT_CTRL, 0x00000001},
- {"SYSTEM_POWER_DOWN_CTRL", SYSTEM_POWER_DOWN_CTRL, 0x00010000},
- {"SYSTEM_POWER_DOWN_OPTION", SYSTEM_POWER_DOWN_OPTION, 0x03030000},
- {"SWRESET", SWRESET, 0x00000000},
- {"RST_STAT", RST_STAT, 0x00000000},
- {"WAKEUP_STAT", WAKEUP_STAT, 0x00000000},
- {"EINT_WAKEUP_MASK", EINT_WAKEUP_MASK, 0x00000000},
- {"WAKEUP_MASK", WAKEUP_MASK, 0x00000000},
- {"HDMI_PHY_CONTROL", HDMI_PHY_CONTROL, 0x00960000},
- {"USBDEVICE_PHY_CONTROL", USBDEVICE_PHY_CONTROL, 0x00000000},
- {"USBHOST_PHY_CONTROL", USBHOST_PHY_CONTROL, 0x00000000},
- {"DAC_PHY_CONTROL", DAC_PHY_CONTROL, 0x00000000},
- {"MIPI_PHY0_CONTROL", MIPI_PHY0_CONTROL, 0x00000000},
- {"MIPI_PHY1_CONTROL", MIPI_PHY1_CONTROL, 0x00000000},
- {"ADC_PHY_CONTROL", ADC_PHY_CONTROL, 0x00000001},
- {"PCIe_PHY_CONTROL", PCIe_PHY_CONTROL, 0x00000000},
- {"SATA_PHY_CONTROL", SATA_PHY_CONTROL, 0x00000000},
- {"INFORM0", INFORM0, 0x00000000},
- {"INFORM1", INFORM1, 0x00000000},
- {"INFORM2", INFORM2, 0x00000000},
- {"INFORM3", INFORM3, 0x00000000},
- {"INFORM4", INFORM4, 0x00000000},
- {"INFORM5", INFORM5, 0x00000000},
- {"INFORM6", INFORM6, 0x00000000},
- {"INFORM7", INFORM7, 0x00000000},
- {"PMU_DEBUG", PMU_DEBUG, 0x00000000},
- {"ARM_CORE0_SYS_PWR_REG", ARM_CORE0_SYS_PWR_REG, 0xFFFFFFFF},
- {"ARM_CORE1_SYS_PWR_REG", ARM_CORE1_SYS_PWR_REG, 0xFFFFFFFF},
- {"ARM_COMMON_SYS_PWR_REG", ARM_COMMON_SYS_PWR_REG, 0xFFFFFFFF},
- {"ARM_CPU_L2_0_SYS_PWR_REG", ARM_CPU_L2_0_SYS_PWR_REG, 0xFFFFFFFF},
- {"ARM_CPU_L2_1_SYS_PWR_REG", ARM_CPU_L2_1_SYS_PWR_REG, 0xFFFFFFFF},
- {"CMU_ACLKSTOP_SYS_PWR_REG", CMU_ACLKSTOP_SYS_PWR_REG, 0xFFFFFFFF},
- {"CMU_SCLKSTOP_SYS_PWR_REG", CMU_SCLKSTOP_SYS_PWR_REG, 0xFFFFFFFF},
- {"CMU_RESET_SYS_PWR_REG", CMU_RESET_SYS_PWR_REG, 0xFFFFFFFF},
- {"APLL_SYSCLK_SYS_PWR_REG", APLL_SYSCLK_SYS_PWR_REG, 0xFFFFFFFF},
- {"MPLL_SYSCLK_SYS_PWR_REG", MPLL_SYSCLK_SYS_PWR_REG, 0xFFFFFFFF},
- {"VPLL_SYSCLK_SYS_PWR_REG", VPLL_SYSCLK_SYS_PWR_REG, 0xFFFFFFFF},
- {"EPLL_SYSCLK_SYS_PWR_REG", EPLL_SYSCLK_SYS_PWR_REG, 0xFFFFFFFF},
- {"CMU_CLKSTOP_GPS_ALIVE_SYS_PWR_REG", CMU_CLKSTOP_GPS_ALIVE_SYS_PWR_REG,
- 0xFFFFFFFF},
- {"CMU_RESET_GPS_ALIVE_SYS_PWR_REG", CMU_RESET_GPS_ALIVE_SYS_PWR_REG,
- 0xFFFFFFFF},
- {"CMU_CLKSTOP_CAM_SYS_PWR_REG", CMU_CLKSTOP_CAM_SYS_PWR_REG, 0xFFFFFFFF},
- {"CMU_CLKSTOP_TV_SYS_PWR_REG", CMU_CLKSTOP_TV_SYS_PWR_REG, 0xFFFFFFFF},
- {"CMU_CLKSTOP_MFC_SYS_PWR_REG", CMU_CLKSTOP_MFC_SYS_PWR_REG, 0xFFFFFFFF},
- {"CMU_CLKSTOP_G3D_SYS_PWR_REG", CMU_CLKSTOP_G3D_SYS_PWR_REG, 0xFFFFFFFF},
- {"CMU_CLKSTOP_LCD0_SYS_PWR_REG", CMU_CLKSTOP_LCD0_SYS_PWR_REG, 0xFFFFFFFF},
- {"CMU_CLKSTOP_LCD1_SYS_PWR_REG", CMU_CLKSTOP_LCD1_SYS_PWR_REG, 0xFFFFFFFF},
- {"CMU_CLKSTOP_MAUDIO_SYS_PWR_REG", CMU_CLKSTOP_MAUDIO_SYS_PWR_REG,
- 0xFFFFFFFF},
- {"CMU_CLKSTOP_GPS_SYS_PWR_REG", CMU_CLKSTOP_GPS_SYS_PWR_REG, 0xFFFFFFFF},
- {"CMU_RESET_CAM_SYS_PWR_REG", CMU_RESET_CAM_SYS_PWR_REG, 0xFFFFFFFF},
- {"CMU_RESET_TV_SYS_PWR_REG", CMU_RESET_TV_SYS_PWR_REG, 0xFFFFFFFF},
- {"CMU_RESET_MFC_SYS_PWR_REG", CMU_RESET_MFC_SYS_PWR_REG, 0xFFFFFFFF},
- {"CMU_RESET_G3D_SYS_PWR_REG", CMU_RESET_G3D_SYS_PWR_REG, 0xFFFFFFFF},
- {"CMU_RESET_LCD0_SYS_PWR_REG", CMU_RESET_LCD0_SYS_PWR_REG, 0xFFFFFFFF},
- {"CMU_RESET_LCD1_SYS_PWR_REG", CMU_RESET_LCD1_SYS_PWR_REG, 0xFFFFFFFF},
- {"CMU_RESET_MAUDIO_SYS_PWR_REG", CMU_RESET_MAUDIO_SYS_PWR_REG, 0xFFFFFFFF},
- {"CMU_RESET_GPS_SYS_PWR_REG", CMU_RESET_GPS_SYS_PWR_REG, 0xFFFFFFFF},
- {"TOP_BUS_SYS_PWR_REG", TOP_BUS_SYS_PWR_REG, 0xFFFFFFFF},
- {"TOP_RETENTION_SYS_PWR_REG", TOP_RETENTION_SYS_PWR_REG, 0xFFFFFFFF},
- {"TOP_PWR_SYS_PWR_REG", TOP_PWR_SYS_PWR_REG, 0xFFFFFFFF},
- {"LOGIC_RESET_SYS_PWR_REG", LOGIC_RESET_SYS_PWR_REG, 0xFFFFFFFF},
- {"OneNANDXL_MEM_SYS_PWR_REG", OneNANDXL_MEM_SYS_PWR_REG, 0xFFFFFFFF},
- {"MODEMIF_MEM_SYS_PWR_REG", MODEMIF_MEM_SYS_PWR_REG, 0xFFFFFFFF},
- {"USBDEVICE_MEM_SYS_PWR_REG", USBDEVICE_MEM_SYS_PWR_REG, 0xFFFFFFFF},
- {"SDMMC_MEM_SYS_PWR_REG", SDMMC_MEM_SYS_PWR_REG, 0xFFFFFFFF},
- {"CSSYS_MEM_SYS_PWR_REG", CSSYS_MEM_SYS_PWR_REG, 0xFFFFFFFF},
- {"SECSS_MEM_SYS_PWR_REG", SECSS_MEM_SYS_PWR_REG, 0xFFFFFFFF},
- {"PCIe_MEM_SYS_PWR_REG", PCIe_MEM_SYS_PWR_REG, 0xFFFFFFFF},
- {"SATA_MEM_SYS_PWR_REG", SATA_MEM_SYS_PWR_REG, 0xFFFFFFFF},
- {"PAD_RETENTION_DRAM_SYS_PWR_REG", PAD_RETENTION_DRAM_SYS_PWR_REG,
- 0xFFFFFFFF},
- {"PAD_RETENTION_MAUDIO_SYS_PWR_REG", PAD_RETENTION_MAUDIO_SYS_PWR_REG,
- 0xFFFFFFFF},
- {"PAD_RETENTION_GPIO_SYS_PWR_REG", PAD_RETENTION_GPIO_SYS_PWR_REG,
- 0xFFFFFFFF},
- {"PAD_RETENTION_UART_SYS_PWR_REG", PAD_RETENTION_UART_SYS_PWR_REG,
- 0xFFFFFFFF},
- {"PAD_RETENTION_MMCA_SYS_PWR_REG", PAD_RETENTION_MMCA_SYS_PWR_REG,
- 0xFFFFFFFF},
- {"PAD_RETENTION_MMCB_SYS_PWR_REG", PAD_RETENTION_MMCB_SYS_PWR_REG,
- 0xFFFFFFFF},
- {"PAD_RETENTION_EBIA_SYS_PWR_REG", PAD_RETENTION_EBIA_SYS_PWR_REG,
- 0xFFFFFFFF},
- {"PAD_RETENTION_EBIB_SYS_PWR_REG", PAD_RETENTION_EBIB_SYS_PWR_REG,
- 0xFFFFFFFF},
- {"PAD_ISOLATION_SYS_PWR_REG", PAD_ISOLATION_SYS_PWR_REG, 0xFFFFFFFF},
- {"PAD_ALV_SEL_SYS_PWR_REG", PAD_ALV_SEL_SYS_PWR_REG, 0xFFFFFFFF},
- {"XUSBXTI_SYS_PWR_REG", XUSBXTI_SYS_PWR_REG, 0xFFFFFFFF},
- {"XXTI_SYS_PWR_REG", XXTI_SYS_PWR_REG, 0xFFFFFFFF},
- {"EXT_REGULATOR_SYS_PWR_REG", EXT_REGULATOR_SYS_PWR_REG, 0xFFFFFFFF},
- {"GPIO_MODE_SYS_PWR_REG", GPIO_MODE_SYS_PWR_REG, 0xFFFFFFFF},
- {"GPIO_MODE_MAUDIO_SYS_PWR_REG", GPIO_MODE_MAUDIO_SYS_PWR_REG, 0xFFFFFFFF},
- {"CAM_SYS_PWR_REG", CAM_SYS_PWR_REG, 0xFFFFFFFF},
- {"TV_SYS_PWR_REG", TV_SYS_PWR_REG, 0xFFFFFFFF},
- {"MFC_SYS_PWR_REG", MFC_SYS_PWR_REG, 0xFFFFFFFF},
- {"G3D_SYS_PWR_REG", G3D_SYS_PWR_REG, 0xFFFFFFFF},
- {"LCD0_SYS_PWR_REG", LCD0_SYS_PWR_REG, 0xFFFFFFFF},
- {"LCD1_SYS_PWR_REG", LCD1_SYS_PWR_REG, 0xFFFFFFFF},
- {"MAUDIO_SYS_PWR_REG", MAUDIO_SYS_PWR_REG, 0xFFFFFFFF},
- {"GPS_SYS_PWR_REG", GPS_SYS_PWR_REG, 0xFFFFFFFF},
- {"GPS_ALIVE_SYS_PWR_REG", GPS_ALIVE_SYS_PWR_REG, 0xFFFFFFFF},
- {"ARM_CORE0_CONFIGURATION", ARM_CORE0_CONFIGURATION, 0x00000003},
- {"ARM_CORE0_STATUS", ARM_CORE0_STATUS, 0x00030003},
- {"ARM_CORE0_OPTION", ARM_CORE0_OPTION, 0x01010001},
- {"ARM_CORE1_CONFIGURATION", ARM_CORE1_CONFIGURATION, 0x00000003},
- {"ARM_CORE1_STATUS", ARM_CORE1_STATUS, 0x00030003},
- {"ARM_CORE1_OPTION", ARM_CORE1_OPTION, 0x01010001},
- {"ARM_COMMON_OPTION", ARM_COMMON_OPTION, 0x00000001},
- {"ARM_CPU_L2_0_CONFIGURATION", ARM_CPU_L2_0_CONFIGURATION, 0x00000003},
- {"ARM_CPU_L2_0_STATUS", ARM_CPU_L2_0_STATUS, 0x00000003},
- {"ARM_CPU_L2_1_CONFIGURATION", ARM_CPU_L2_1_CONFIGURATION, 0x00000003},
- {"ARM_CPU_L2_1_STATUS", ARM_CPU_L2_1_STATUS, 0x00000003},
- {"PAD_RETENTION_MAUDIO_OPTION", PAD_RETENTION_MAUDIO_OPTION, 0x00000000},
- {"PAD_RETENTION_GPIO_OPTION", PAD_RETENTION_GPIO_OPTION, 0x00000000},
- {"PAD_RETENTION_UART_OPTION", PAD_RETENTION_UART_OPTION, 0x00000000},
- {"PAD_RETENTION_MMCA_OPTION", PAD_RETENTION_MMCA_OPTION, 0x00000000},
- {"PAD_RETENTION_MMCB_OPTION", PAD_RETENTION_MMCB_OPTION, 0x00000000},
- {"PAD_RETENTION_EBIA_OPTION", PAD_RETENTION_EBIA_OPTION, 0x00000000},
- {"PAD_RETENTION_EBIB_OPTION", PAD_RETENTION_EBIB_OPTION, 0x00000000},
- {"PS_HOLD_CONTROL", PS_HOLD_CONTROL, 0x00005200},
- {"XUSBXTI_CONFIGURATION", XUSBXTI_CONFIGURATION, 0x00000001},
- {"XUSBXTI_STATUS", XUSBXTI_STATUS, 0x00000001},
- {"XUSBXTI_DURATION", XUSBXTI_DURATION, 0xFFF00000},
- {"XXTI_CONFIGURATION", XXTI_CONFIGURATION, 0x00000001},
- {"XXTI_STATUS", XXTI_STATUS, 0x00000001},
- {"XXTI_DURATION", XXTI_DURATION, 0xFFF00000},
- {"EXT_REGULATOR_DURATION", EXT_REGULATOR_DURATION, 0xFFF03FFF},
- {"CAM_CONFIGURATION", CAM_CONFIGURATION, 0x00000007},
- {"CAM_STATUS", CAM_STATUS, 0x00060007},
- {"CAM_OPTION", CAM_OPTION, 0x00000001},
- {"TV_CONFIGURATION", TV_CONFIGURATION, 0x00000007},
- {"TV_STATUS", TV_STATUS, 0x00060007},
- {"TV_OPTION", TV_OPTION, 0x00000001},
- {"MFC_CONFIGURATION", MFC_CONFIGURATION, 0x00000007},
- {"MFC_STATUS", MFC_STATUS, 0x00060007},
- {"MFC_OPTION", MFC_OPTION, 0x00000001},
- {"G3D_CONFIGURATION", G3D_CONFIGURATION, 0x00000007},
- {"G3D_STATUS", G3D_STATUS, 0x00060007},
- {"G3D_OPTION", G3D_OPTION, 0x00000001},
- {"LCD0_CONFIGURATION", LCD0_CONFIGURATION, 0x00000007},
- {"LCD0_STATUS", LCD0_STATUS, 0x00060007},
- {"LCD0_OPTION", LCD0_OPTION, 0x00000001},
- {"LCD1_CONFIGURATION", LCD1_CONFIGURATION, 0x00000007},
- {"LCD1_STATUS", LCD1_STATUS, 0x00060007},
- {"LCD1_OPTION", LCD1_OPTION, 0x00000001},
- {"GPS_CONFIGURATION", GPS_CONFIGURATION, 0x00000007},
- {"GPS_STATUS", GPS_STATUS, 0x00060007},
- {"GPS_OPTION", GPS_OPTION, 0x00000001},
- {"GPS_ALIVE_CONFIGURATION", GPS_ALIVE_CONFIGURATION, 0x00000007},
- {"GPS_ALIVE_STATUS", GPS_ALIVE_STATUS, 0x00060007},
- {"GPS_ALIVE_OPTION", GPS_ALIVE_OPTION, 0x00000001},
-};
-
-#define PMU_NUM_OF_REGISTERS \
- (sizeof(exynos4210_pmu_regs) / sizeof(Exynos4210PmuReg))
-
-typedef struct Exynos4210PmuState {
- SysBusDevice busdev;
- MemoryRegion iomem;
- uint32_t reg[PMU_NUM_OF_REGISTERS];
-} Exynos4210PmuState;
-
-static uint64_t exynos4210_pmu_read(void *opaque, hwaddr offset,
- unsigned size)
-{
- Exynos4210PmuState *s = (Exynos4210PmuState *)opaque;
- unsigned i;
- const Exynos4210PmuReg *reg_p = exynos4210_pmu_regs;
-
- for (i = 0; i < PMU_NUM_OF_REGISTERS; i++) {
- if (reg_p->offset == offset) {
- PRINT_DEBUG_EXTEND("%s [0x%04x] -> 0x%04x\n", reg_p->name,
- (uint32_t)offset, s->reg[i]);
- return s->reg[i];
- }
- reg_p++;
- }
- PRINT_DEBUG("QEMU PMU ERROR: bad read offset 0x%04x\n", (uint32_t)offset);
- return 0;
-}
-
-static void exynos4210_pmu_write(void *opaque, hwaddr offset,
- uint64_t val, unsigned size)
-{
- Exynos4210PmuState *s = (Exynos4210PmuState *)opaque;
- unsigned i;
- const Exynos4210PmuReg *reg_p = exynos4210_pmu_regs;
-
- for (i = 0; i < PMU_NUM_OF_REGISTERS; i++) {
- if (reg_p->offset == offset) {
- PRINT_DEBUG_EXTEND("%s <0x%04x> <- 0x%04x\n", reg_p->name,
- (uint32_t)offset, (uint32_t)val);
- s->reg[i] = val;
- return;
- }
- reg_p++;
- }
- PRINT_DEBUG("QEMU PMU ERROR: bad write offset 0x%04x\n", (uint32_t)offset);
-}
-
-static const MemoryRegionOps exynos4210_pmu_ops = {
- .read = exynos4210_pmu_read,
- .write = exynos4210_pmu_write,
- .endianness = DEVICE_NATIVE_ENDIAN,
- .valid = {
- .min_access_size = 4,
- .max_access_size = 4,
- .unaligned = false
- }
-};
-
-static void exynos4210_pmu_reset(DeviceState *dev)
-{
- Exynos4210PmuState *s =
- container_of(dev, Exynos4210PmuState, busdev.qdev);
- unsigned i;
-
- /* Set default values for registers */
- for (i = 0; i < PMU_NUM_OF_REGISTERS; i++) {
- s->reg[i] = exynos4210_pmu_regs[i].reset_value;
- }
-}
-
-static int exynos4210_pmu_init(SysBusDevice *dev)
-{
- Exynos4210PmuState *s = FROM_SYSBUS(Exynos4210PmuState, dev);
-
- /* memory mapping */
- memory_region_init_io(&s->iomem, &exynos4210_pmu_ops, s, "exynos4210.pmu",
- EXYNOS4210_PMU_REGS_MEM_SIZE);
- sysbus_init_mmio(dev, &s->iomem);
- return 0;
-}
-
-static const VMStateDescription exynos4210_pmu_vmstate = {
- .name = "exynos4210.pmu",
- .version_id = 1,
- .minimum_version_id = 1,
- .fields = (VMStateField[]) {
- VMSTATE_UINT32_ARRAY(reg, Exynos4210PmuState, PMU_NUM_OF_REGISTERS),
- VMSTATE_END_OF_LIST()
- }
-};
-
-static void exynos4210_pmu_class_init(ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS(klass);
- SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
-
- k->init = exynos4210_pmu_init;
- dc->reset = exynos4210_pmu_reset;
- dc->vmsd = &exynos4210_pmu_vmstate;
-}
-
-static TypeInfo exynos4210_pmu_info = {
- .name = "exynos4210.pmu",
- .parent = TYPE_SYS_BUS_DEVICE,
- .instance_size = sizeof(Exynos4210PmuState),
- .class_init = exynos4210_pmu_class_init,
-};
-
-static void exynos4210_pmu_register(void)
-{
- type_register_static(&exynos4210_pmu_info);
-}
-
-type_init(exynos4210_pmu_register)
diff --git a/hw/exynos4210_pwm.c b/hw/exynos4210_pwm.c
deleted file mode 100644
index 5e2872f8f..000000000
--- a/hw/exynos4210_pwm.c
+++ /dev/null
@@ -1,422 +0,0 @@
-/*
- * Samsung exynos4210 Pulse Width Modulation Timer
- *
- * Copyright (c) 2000 - 2011 Samsung Electronics Co., Ltd.
- * All rights reserved.
- *
- * Evgeny Voevodin <e.voevodin@samsung.com>
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
- * See the GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, see <http://www.gnu.org/licenses/>.
- */
-
-#include "sysbus.h"
-#include "qemu-timer.h"
-#include "qemu-common.h"
-#include "ptimer.h"
-
-#include "exynos4210.h"
-
-//#define DEBUG_PWM
-
-#ifdef DEBUG_PWM
-#define DPRINTF(fmt, ...) \
- do { fprintf(stdout, "PWM: [%24s:%5d] " fmt, __func__, __LINE__, \
- ## __VA_ARGS__); } while (0)
-#else
-#define DPRINTF(fmt, ...) do {} while (0)
-#endif
-
-#define EXYNOS4210_PWM_TIMERS_NUM 5
-#define EXYNOS4210_PWM_REG_MEM_SIZE 0x50
-
-#define TCFG0 0x0000
-#define TCFG1 0x0004
-#define TCON 0x0008
-#define TCNTB0 0x000C
-#define TCMPB0 0x0010
-#define TCNTO0 0x0014
-#define TCNTB1 0x0018
-#define TCMPB1 0x001C
-#define TCNTO1 0x0020
-#define TCNTB2 0x0024
-#define TCMPB2 0x0028
-#define TCNTO2 0x002C
-#define TCNTB3 0x0030
-#define TCMPB3 0x0034
-#define TCNTO3 0x0038
-#define TCNTB4 0x003C
-#define TCNTO4 0x0040
-#define TINT_CSTAT 0x0044
-
-#define TCNTB(x) (0xC * (x))
-#define TCMPB(x) (0xC * (x) + 1)
-#define TCNTO(x) (0xC * (x) + 2)
-
-#define GET_PRESCALER(reg, x) (((reg) & (0xFF << (8 * (x)))) >> 8 * (x))
-#define GET_DIVIDER(reg, x) (1 << (((reg) & (0xF << (4 * (x)))) >> (4 * (x))))
-
-/*
- * Attention! Timer4 doesn't have OUTPUT_INVERTER,
- * so Auto Reload bit is not accessible by macros!
- */
-#define TCON_TIMER_BASE(x) (((x) ? 1 : 0) * 4 + 4 * (x))
-#define TCON_TIMER_START(x) (1 << (TCON_TIMER_BASE(x) + 0))
-#define TCON_TIMER_MANUAL_UPD(x) (1 << (TCON_TIMER_BASE(x) + 1))
-#define TCON_TIMER_OUTPUT_INV(x) (1 << (TCON_TIMER_BASE(x) + 2))
-#define TCON_TIMER_AUTO_RELOAD(x) (1 << (TCON_TIMER_BASE(x) + 3))
-#define TCON_TIMER4_AUTO_RELOAD (1 << 22)
-
-#define TINT_CSTAT_STATUS(x) (1 << (5 + (x)))
-#define TINT_CSTAT_ENABLE(x) (1 << (x))
-
-/* timer struct */
-typedef struct {
- uint32_t id; /* timer id */
- qemu_irq irq; /* local timer irq */
- uint32_t freq; /* timer frequency */
-
- /* use ptimer.c to represent count down timer */
- ptimer_state *ptimer; /* timer */
-
- /* registers */
- uint32_t reg_tcntb; /* counter register buffer */
- uint32_t reg_tcmpb; /* compare register buffer */
-
- struct Exynos4210PWMState *parent;
-
-} Exynos4210PWM;
-
-
-typedef struct Exynos4210PWMState {
- SysBusDevice busdev;
- MemoryRegion iomem;
-
- uint32_t reg_tcfg[2];
- uint32_t reg_tcon;
- uint32_t reg_tint_cstat;
-
- Exynos4210PWM timer[EXYNOS4210_PWM_TIMERS_NUM];
-
-} Exynos4210PWMState;
-
-/*** VMState ***/
-static const VMStateDescription vmstate_exynos4210_pwm = {
- .name = "exynos4210.pwm.pwm",
- .version_id = 1,
- .minimum_version_id = 1,
- .minimum_version_id_old = 1,
- .fields = (VMStateField[]) {
- VMSTATE_UINT32(id, Exynos4210PWM),
- VMSTATE_UINT32(freq, Exynos4210PWM),
- VMSTATE_PTIMER(ptimer, Exynos4210PWM),
- VMSTATE_UINT32(reg_tcntb, Exynos4210PWM),
- VMSTATE_UINT32(reg_tcmpb, Exynos4210PWM),
- VMSTATE_END_OF_LIST()
- }
-};
-
-static const VMStateDescription vmstate_exynos4210_pwm_state = {
- .name = "exynos4210.pwm",
- .version_id = 1,
- .minimum_version_id = 1,
- .minimum_version_id_old = 1,
- .fields = (VMStateField[]) {
- VMSTATE_UINT32_ARRAY(reg_tcfg, Exynos4210PWMState, 2),
- VMSTATE_UINT32(reg_tcon, Exynos4210PWMState),
- VMSTATE_UINT32(reg_tint_cstat, Exynos4210PWMState),
- VMSTATE_STRUCT_ARRAY(timer, Exynos4210PWMState,
- EXYNOS4210_PWM_TIMERS_NUM, 0,
- vmstate_exynos4210_pwm, Exynos4210PWM),
- VMSTATE_END_OF_LIST()
- }
-};
-
-/*
- * PWM update frequency
- */
-static void exynos4210_pwm_update_freq(Exynos4210PWMState *s, uint32_t id)
-{
- uint32_t freq;
- freq = s->timer[id].freq;
- if (id > 1) {
- s->timer[id].freq = 24000000 /
- ((GET_PRESCALER(s->reg_tcfg[0], 1) + 1) *
- (GET_DIVIDER(s->reg_tcfg[1], id)));
- } else {
- s->timer[id].freq = 24000000 /
- ((GET_PRESCALER(s->reg_tcfg[0], 0) + 1) *
- (GET_DIVIDER(s->reg_tcfg[1], id)));
- }
-
- if (freq != s->timer[id].freq) {
- ptimer_set_freq(s->timer[id].ptimer, s->timer[id].freq);
- DPRINTF("freq=%dHz\n", s->timer[id].freq);
- }
-}
-
-/*
- * Counter tick handler
- */
-static void exynos4210_pwm_tick(void *opaque)
-{
- Exynos4210PWM *s = (Exynos4210PWM *)opaque;
- Exynos4210PWMState *p = (Exynos4210PWMState *)s->parent;
- uint32_t id = s->id;
- bool cmp;
-
- DPRINTF("timer %d tick\n", id);
-
- /* set irq status */
- p->reg_tint_cstat |= TINT_CSTAT_STATUS(id);
-
- /* raise IRQ */
- if (p->reg_tint_cstat & TINT_CSTAT_ENABLE(id)) {
- DPRINTF("timer %d IRQ\n", id);
- qemu_irq_raise(p->timer[id].irq);
- }
-
- /* reload timer */
- if (id != 4) {
- cmp = p->reg_tcon & TCON_TIMER_AUTO_RELOAD(id);
- } else {
- cmp = p->reg_tcon & TCON_TIMER4_AUTO_RELOAD;
- }
-
- if (cmp) {
- DPRINTF("auto reload timer %d count to %x\n", id,
- p->timer[id].reg_tcntb);
- ptimer_set_count(p->timer[id].ptimer, p->timer[id].reg_tcntb);
- ptimer_run(p->timer[id].ptimer, 1);
- } else {
- /* stop timer, set status to STOP, see Basic Timer Operation */
- p->reg_tcon &= ~TCON_TIMER_START(id);
- ptimer_stop(p->timer[id].ptimer);
- }
-}
-
-/*
- * PWM Read
- */
-static uint64_t exynos4210_pwm_read(void *opaque, hwaddr offset,
- unsigned size)
-{
- Exynos4210PWMState *s = (Exynos4210PWMState *)opaque;
- uint32_t value = 0;
- int index;
-
- switch (offset) {
- case TCFG0: case TCFG1:
- index = (offset - TCFG0) >> 2;
- value = s->reg_tcfg[index];
- break;
-
- case TCON:
- value = s->reg_tcon;
- break;
-
- case TCNTB0: case TCNTB1:
- case TCNTB2: case TCNTB3: case TCNTB4:
- index = (offset - TCNTB0) / 0xC;
- value = s->timer[index].reg_tcntb;
- break;
-
- case TCMPB0: case TCMPB1:
- case TCMPB2: case TCMPB3:
- index = (offset - TCMPB0) / 0xC;
- value = s->timer[index].reg_tcmpb;
- break;
-
- case TCNTO0: case TCNTO1:
- case TCNTO2: case TCNTO3: case TCNTO4:
- index = (offset == TCNTO4) ? 4 : (offset - TCNTO0) / 0xC;
- value = ptimer_get_count(s->timer[index].ptimer);
- break;
-
- case TINT_CSTAT:
- value = s->reg_tint_cstat;
- break;
-
- default:
- fprintf(stderr,
- "[exynos4210.pwm: bad read offset " TARGET_FMT_plx "]\n",
- offset);
- break;
- }
- return value;
-}
-
-/*
- * PWM Write
- */
-static void exynos4210_pwm_write(void *opaque, hwaddr offset,
- uint64_t value, unsigned size)
-{
- Exynos4210PWMState *s = (Exynos4210PWMState *)opaque;
- int index;
- uint32_t new_val;
- int i;
-
- switch (offset) {
- case TCFG0: case TCFG1:
- index = (offset - TCFG0) >> 2;
- s->reg_tcfg[index] = value;
-
- /* update timers frequencies */
- for (i = 0; i < EXYNOS4210_PWM_TIMERS_NUM; i++) {
- exynos4210_pwm_update_freq(s, s->timer[i].id);
- }
- break;
-
- case TCON:
- for (i = 0; i < EXYNOS4210_PWM_TIMERS_NUM; i++) {
- if ((value & TCON_TIMER_MANUAL_UPD(i)) >
- (s->reg_tcon & TCON_TIMER_MANUAL_UPD(i))) {
- /*
- * TCNTB and TCMPB are loaded into TCNT and TCMP.
- * Update timers.
- */
-
- /* this will start timer to run, this ok, because
- * during processing start bit timer will be stopped
- * if needed */
- ptimer_set_count(s->timer[i].ptimer, s->timer[i].reg_tcntb);
- DPRINTF("set timer %d count to %x\n", i,
- s->timer[i].reg_tcntb);
- }
-
- if ((value & TCON_TIMER_START(i)) >
- (s->reg_tcon & TCON_TIMER_START(i))) {
- /* changed to start */
- ptimer_run(s->timer[i].ptimer, 1);
- DPRINTF("run timer %d\n", i);
- }
-
- if ((value & TCON_TIMER_START(i)) <
- (s->reg_tcon & TCON_TIMER_START(i))) {
- /* changed to stop */
- ptimer_stop(s->timer[i].ptimer);
- DPRINTF("stop timer %d\n", i);
- }
- }
- s->reg_tcon = value;
- break;
-
- case TCNTB0: case TCNTB1:
- case TCNTB2: case TCNTB3: case TCNTB4:
- index = (offset - TCNTB0) / 0xC;
- s->timer[index].reg_tcntb = value;
- break;
-
- case TCMPB0: case TCMPB1:
- case TCMPB2: case TCMPB3:
- index = (offset - TCMPB0) / 0xC;
- s->timer[index].reg_tcmpb = value;
- break;
-
- case TINT_CSTAT:
- new_val = (s->reg_tint_cstat & 0x3E0) + (0x1F & value);
- new_val &= ~(0x3E0 & value);
-
- for (i = 0; i < EXYNOS4210_PWM_TIMERS_NUM; i++) {
- if ((new_val & TINT_CSTAT_STATUS(i)) <
- (s->reg_tint_cstat & TINT_CSTAT_STATUS(i))) {
- qemu_irq_lower(s->timer[i].irq);
- }
- }
-
- s->reg_tint_cstat = new_val;
- break;
-
- default:
- fprintf(stderr,
- "[exynos4210.pwm: bad write offset " TARGET_FMT_plx "]\n",
- offset);
- break;
-
- }
-}
-
-/*
- * Set default values to timer fields and registers
- */
-static void exynos4210_pwm_reset(DeviceState *d)
-{
- Exynos4210PWMState *s = (Exynos4210PWMState *)d;
- int i;
- s->reg_tcfg[0] = 0x0101;
- s->reg_tcfg[1] = 0x0;
- s->reg_tcon = 0;
- s->reg_tint_cstat = 0;
- for (i = 0; i < EXYNOS4210_PWM_TIMERS_NUM; i++) {
- s->timer[i].reg_tcmpb = 0;
- s->timer[i].reg_tcntb = 0;
-
- exynos4210_pwm_update_freq(s, s->timer[i].id);
- ptimer_stop(s->timer[i].ptimer);
- }
-}
-
-static const MemoryRegionOps exynos4210_pwm_ops = {
- .read = exynos4210_pwm_read,
- .write = exynos4210_pwm_write,
- .endianness = DEVICE_NATIVE_ENDIAN,
-};
-
-/*
- * PWM timer initialization
- */
-static int exynos4210_pwm_init(SysBusDevice *dev)
-{
- Exynos4210PWMState *s = FROM_SYSBUS(Exynos4210PWMState, dev);
- int i;
- QEMUBH *bh;
-
- for (i = 0; i < EXYNOS4210_PWM_TIMERS_NUM; i++) {
- bh = qemu_bh_new(exynos4210_pwm_tick, &s->timer[i]);
- sysbus_init_irq(dev, &s->timer[i].irq);
- s->timer[i].ptimer = ptimer_init(bh);
- s->timer[i].id = i;
- s->timer[i].parent = s;
- }
-
- memory_region_init_io(&s->iomem, &exynos4210_pwm_ops, s, "exynos4210-pwm",
- EXYNOS4210_PWM_REG_MEM_SIZE);
- sysbus_init_mmio(dev, &s->iomem);
-
- return 0;
-}
-
-static void exynos4210_pwm_class_init(ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS(klass);
- SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
-
- k->init = exynos4210_pwm_init;
- dc->reset = exynos4210_pwm_reset;
- dc->vmsd = &vmstate_exynos4210_pwm_state;
-}
-
-static TypeInfo exynos4210_pwm_info = {
- .name = "exynos4210.pwm",
- .parent = TYPE_SYS_BUS_DEVICE,
- .instance_size = sizeof(Exynos4210PWMState),
- .class_init = exynos4210_pwm_class_init,
-};
-
-static void exynos4210_pwm_register_types(void)
-{
- type_register_static(&exynos4210_pwm_info);
-}
-
-type_init(exynos4210_pwm_register_types)
diff --git a/hw/exynos4210_rtc.c b/hw/exynos4210_rtc.c
deleted file mode 100644
index c4fbd4946..000000000
--- a/hw/exynos4210_rtc.c
+++ /dev/null
@@ -1,592 +0,0 @@
-/*
- * Samsung exynos4210 Real Time Clock
- *
- * Copyright (c) 2012 Samsung Electronics Co., Ltd.
- * Ogurtsov Oleg <o.ogurtsov@samsung.com>
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- *
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, see <http://www.gnu.org/licenses/>.
- *
- */
-
-/* Description:
- * Register RTCCON:
- * CLKSEL Bit[1] not used
- * CLKOUTEN Bit[9] not used
- */
-
-#include "sysbus.h"
-#include "qemu-timer.h"
-#include "qemu-common.h"
-#include "ptimer.h"
-
-#include "hw.h"
-#include "qemu-timer.h"
-#include "sysemu.h"
-
-#include "exynos4210.h"
-
-#define DEBUG_RTC 0
-
-#if DEBUG_RTC
-#define DPRINTF(fmt, ...) \
- do { fprintf(stdout, "RTC: [%24s:%5d] " fmt, __func__, __LINE__, \
- ## __VA_ARGS__); } while (0)
-#else
-#define DPRINTF(fmt, ...) do {} while (0)
-#endif
-
-#define EXYNOS4210_RTC_REG_MEM_SIZE 0x0100
-
-#define INTP 0x0030
-#define RTCCON 0x0040
-#define TICCNT 0x0044
-#define RTCALM 0x0050
-#define ALMSEC 0x0054
-#define ALMMIN 0x0058
-#define ALMHOUR 0x005C
-#define ALMDAY 0x0060
-#define ALMMON 0x0064
-#define ALMYEAR 0x0068
-#define BCDSEC 0x0070
-#define BCDMIN 0x0074
-#define BCDHOUR 0x0078
-#define BCDDAY 0x007C
-#define BCDDAYWEEK 0x0080
-#define BCDMON 0x0084
-#define BCDYEAR 0x0088
-#define CURTICNT 0x0090
-
-#define TICK_TIMER_ENABLE 0x0100
-#define TICNT_THRESHHOLD 2
-
-
-#define RTC_ENABLE 0x0001
-
-#define INTP_TICK_ENABLE 0x0001
-#define INTP_ALM_ENABLE 0x0002
-
-#define ALARM_INT_ENABLE 0x0040
-
-#define RTC_BASE_FREQ 32768
-
-typedef struct Exynos4210RTCState {
- SysBusDevice busdev;
- MemoryRegion iomem;
-
- /* registers */
- uint32_t reg_intp;
- uint32_t reg_rtccon;
- uint32_t reg_ticcnt;
- uint32_t reg_rtcalm;
- uint32_t reg_almsec;
- uint32_t reg_almmin;
- uint32_t reg_almhour;
- uint32_t reg_almday;
- uint32_t reg_almmon;
- uint32_t reg_almyear;
- uint32_t reg_curticcnt;
-
- ptimer_state *ptimer; /* tick timer */
- ptimer_state *ptimer_1Hz; /* clock timer */
- uint32_t freq;
-
- qemu_irq tick_irq; /* Time Tick Generator irq */
- qemu_irq alm_irq; /* alarm irq */
-
- struct tm current_tm; /* current time */
-} Exynos4210RTCState;
-
-#define TICCKSEL(value) ((value & (0x0F << 4)) >> 4)
-
-/*** VMState ***/
-static const VMStateDescription vmstate_exynos4210_rtc_state = {
- .name = "exynos4210.rtc",
- .version_id = 1,
- .minimum_version_id = 1,
- .minimum_version_id_old = 1,
- .fields = (VMStateField[]) {
- VMSTATE_UINT32(reg_intp, Exynos4210RTCState),
- VMSTATE_UINT32(reg_rtccon, Exynos4210RTCState),
- VMSTATE_UINT32(reg_ticcnt, Exynos4210RTCState),
- VMSTATE_UINT32(reg_rtcalm, Exynos4210RTCState),
- VMSTATE_UINT32(reg_almsec, Exynos4210RTCState),
- VMSTATE_UINT32(reg_almmin, Exynos4210RTCState),
- VMSTATE_UINT32(reg_almhour, Exynos4210RTCState),
- VMSTATE_UINT32(reg_almday, Exynos4210RTCState),
- VMSTATE_UINT32(reg_almmon, Exynos4210RTCState),
- VMSTATE_UINT32(reg_almyear, Exynos4210RTCState),
- VMSTATE_UINT32(reg_curticcnt, Exynos4210RTCState),
- VMSTATE_PTIMER(ptimer, Exynos4210RTCState),
- VMSTATE_PTIMER(ptimer_1Hz, Exynos4210RTCState),
- VMSTATE_UINT32(freq, Exynos4210RTCState),
- VMSTATE_INT32(current_tm.tm_sec, Exynos4210RTCState),
- VMSTATE_INT32(current_tm.tm_min, Exynos4210RTCState),
- VMSTATE_INT32(current_tm.tm_hour, Exynos4210RTCState),
- VMSTATE_INT32(current_tm.tm_wday, Exynos4210RTCState),
- VMSTATE_INT32(current_tm.tm_mday, Exynos4210RTCState),
- VMSTATE_INT32(current_tm.tm_mon, Exynos4210RTCState),
- VMSTATE_INT32(current_tm.tm_year, Exynos4210RTCState),
- VMSTATE_END_OF_LIST()
- }
-};
-
-#define BCD3DIGITS(x) \
- ((uint32_t)to_bcd((uint8_t)(x % 100)) + \
- ((uint32_t)to_bcd((uint8_t)((x % 1000) / 100)) << 8))
-
-static void check_alarm_raise(Exynos4210RTCState *s)
-{
- unsigned int alarm_raise = 0;
- struct tm stm = s->current_tm;
-
- if ((s->reg_rtcalm & 0x01) &&
- (to_bcd((uint8_t)stm.tm_sec) == (uint8_t)s->reg_almsec)) {
- alarm_raise = 1;
- }
- if ((s->reg_rtcalm & 0x02) &&
- (to_bcd((uint8_t)stm.tm_min) == (uint8_t)s->reg_almmin)) {
- alarm_raise = 1;
- }
- if ((s->reg_rtcalm & 0x04) &&
- (to_bcd((uint8_t)stm.tm_hour) == (uint8_t)s->reg_almhour)) {
- alarm_raise = 1;
- }
- if ((s->reg_rtcalm & 0x08) &&
- (to_bcd((uint8_t)stm.tm_mday) == (uint8_t)s->reg_almday)) {
- alarm_raise = 1;
- }
- if ((s->reg_rtcalm & 0x10) &&
- (to_bcd((uint8_t)stm.tm_mon) == (uint8_t)s->reg_almmon)) {
- alarm_raise = 1;
- }
- if ((s->reg_rtcalm & 0x20) &&
- (BCD3DIGITS(stm.tm_year) == s->reg_almyear)) {
- alarm_raise = 1;
- }
-
- if (alarm_raise) {
- DPRINTF("ALARM IRQ\n");
- /* set irq status */
- s->reg_intp |= INTP_ALM_ENABLE;
- qemu_irq_raise(s->alm_irq);
- }
-}
-
-/*
- * RTC update frequency
- * Parameters:
- * reg_value - current RTCCON register or his new value
- */
-static void exynos4210_rtc_update_freq(Exynos4210RTCState *s,
- uint32_t reg_value)
-{
- uint32_t freq;
-
- freq = s->freq;
- /* set frequncy for time generator */
- s->freq = RTC_BASE_FREQ / (1 << TICCKSEL(reg_value));
-
- if (freq != s->freq) {
- ptimer_set_freq(s->ptimer, s->freq);
- DPRINTF("freq=%dHz\n", s->freq);
- }
-}
-
-/* month is between 0 and 11. */
-static int get_days_in_month(int month, int year)
-{
- static const int days_tab[12] = {
- 31, 28, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31
- };
- int d;
- if ((unsigned)month >= 12) {
- return 31;
- }
- d = days_tab[month];
- if (month == 1) {
- if ((year % 4) == 0 && ((year % 100) != 0 || (year % 400) == 0)) {
- d++;
- }
- }
- return d;
-}
-
-/* update 'tm' to the next second */
-static void rtc_next_second(struct tm *tm)
-{
- int days_in_month;
-
- tm->tm_sec++;
- if ((unsigned)tm->tm_sec >= 60) {
- tm->tm_sec = 0;
- tm->tm_min++;
- if ((unsigned)tm->tm_min >= 60) {
- tm->tm_min = 0;
- tm->tm_hour++;
- if ((unsigned)tm->tm_hour >= 24) {
- tm->tm_hour = 0;
- /* next day */
- tm->tm_wday++;
- if ((unsigned)tm->tm_wday >= 7) {
- tm->tm_wday = 0;
- }
- days_in_month = get_days_in_month(tm->tm_mon,
- tm->tm_year + 1900);
- tm->tm_mday++;
- if (tm->tm_mday < 1) {
- tm->tm_mday = 1;
- } else if (tm->tm_mday > days_in_month) {
- tm->tm_mday = 1;
- tm->tm_mon++;
- if (tm->tm_mon >= 12) {
- tm->tm_mon = 0;
- tm->tm_year++;
- }
- }
- }
- }
- }
-}
-
-/*
- * tick handler
- */
-static void exynos4210_rtc_tick(void *opaque)
-{
- Exynos4210RTCState *s = (Exynos4210RTCState *)opaque;
-
- DPRINTF("TICK IRQ\n");
- /* set irq status */
- s->reg_intp |= INTP_TICK_ENABLE;
- /* raise IRQ */
- qemu_irq_raise(s->tick_irq);
-
- /* restart timer */
- ptimer_set_count(s->ptimer, s->reg_ticcnt);
- ptimer_run(s->ptimer, 1);
-}
-
-/*
- * 1Hz clock handler
- */
-static void exynos4210_rtc_1Hz_tick(void *opaque)
-{
- Exynos4210RTCState *s = (Exynos4210RTCState *)opaque;
-
- rtc_next_second(&s->current_tm);
- /* DPRINTF("1Hz tick\n"); */
-
- /* raise IRQ */
- if (s->reg_rtcalm & ALARM_INT_ENABLE) {
- check_alarm_raise(s);
- }
-
- ptimer_set_count(s->ptimer_1Hz, RTC_BASE_FREQ);
- ptimer_run(s->ptimer_1Hz, 1);
-}
-
-/*
- * RTC Read
- */
-static uint64_t exynos4210_rtc_read(void *opaque, hwaddr offset,
- unsigned size)
-{
- uint32_t value = 0;
- Exynos4210RTCState *s = (Exynos4210RTCState *)opaque;
-
- switch (offset) {
- case INTP:
- value = s->reg_intp;
- break;
- case RTCCON:
- value = s->reg_rtccon;
- break;
- case TICCNT:
- value = s->reg_ticcnt;
- break;
- case RTCALM:
- value = s->reg_rtcalm;
- break;
- case ALMSEC:
- value = s->reg_almsec;
- break;
- case ALMMIN:
- value = s->reg_almmin;
- break;
- case ALMHOUR:
- value = s->reg_almhour;
- break;
- case ALMDAY:
- value = s->reg_almday;
- break;
- case ALMMON:
- value = s->reg_almmon;
- break;
- case ALMYEAR:
- value = s->reg_almyear;
- break;
-
- case BCDSEC:
- value = (uint32_t)to_bcd((uint8_t)s->current_tm.tm_sec);
- break;
- case BCDMIN:
- value = (uint32_t)to_bcd((uint8_t)s->current_tm.tm_min);
- break;
- case BCDHOUR:
- value = (uint32_t)to_bcd((uint8_t)s->current_tm.tm_hour);
- break;
- case BCDDAYWEEK:
- value = (uint32_t)to_bcd((uint8_t)s->current_tm.tm_wday);
- break;
- case BCDDAY:
- value = (uint32_t)to_bcd((uint8_t)s->current_tm.tm_mday);
- break;
- case BCDMON:
- value = (uint32_t)to_bcd((uint8_t)s->current_tm.tm_mon + 1);
- break;
- case BCDYEAR:
- value = BCD3DIGITS(s->current_tm.tm_year);
- break;
-
- case CURTICNT:
- s->reg_curticcnt = ptimer_get_count(s->ptimer);
- value = s->reg_curticcnt;
- break;
-
- default:
- fprintf(stderr,
- "[exynos4210.rtc: bad read offset " TARGET_FMT_plx "]\n",
- offset);
- break;
- }
- return value;
-}
-
-/*
- * RTC Write
- */
-static void exynos4210_rtc_write(void *opaque, hwaddr offset,
- uint64_t value, unsigned size)
-{
- Exynos4210RTCState *s = (Exynos4210RTCState *)opaque;
-
- switch (offset) {
- case INTP:
- if (value & INTP_ALM_ENABLE) {
- qemu_irq_lower(s->alm_irq);
- s->reg_intp &= (~INTP_ALM_ENABLE);
- }
- if (value & INTP_TICK_ENABLE) {
- qemu_irq_lower(s->tick_irq);
- s->reg_intp &= (~INTP_TICK_ENABLE);
- }
- break;
- case RTCCON:
- if (value & RTC_ENABLE) {
- exynos4210_rtc_update_freq(s, value);
- }
- if ((value & RTC_ENABLE) > (s->reg_rtccon & RTC_ENABLE)) {
- /* clock timer */
- ptimer_set_count(s->ptimer_1Hz, RTC_BASE_FREQ);
- ptimer_run(s->ptimer_1Hz, 1);
- DPRINTF("run clock timer\n");
- }
- if ((value & RTC_ENABLE) < (s->reg_rtccon & RTC_ENABLE)) {
- /* tick timer */
- ptimer_stop(s->ptimer);
- /* clock timer */
- ptimer_stop(s->ptimer_1Hz);
- DPRINTF("stop all timers\n");
- }
- if (value & RTC_ENABLE) {
- if ((value & TICK_TIMER_ENABLE) >
- (s->reg_rtccon & TICK_TIMER_ENABLE) &&
- (s->reg_ticcnt)) {
- ptimer_set_count(s->ptimer, s->reg_ticcnt);
- ptimer_run(s->ptimer, 1);
- DPRINTF("run tick timer\n");
- }
- if ((value & TICK_TIMER_ENABLE) <
- (s->reg_rtccon & TICK_TIMER_ENABLE)) {
- ptimer_stop(s->ptimer);
- }
- }
- s->reg_rtccon = value;
- break;
- case TICCNT:
- if (value > TICNT_THRESHHOLD) {
- s->reg_ticcnt = value;
- } else {
- fprintf(stderr,
- "[exynos4210.rtc: bad TICNT value %u ]\n",
- (uint32_t)value);
- }
- break;
-
- case RTCALM:
- s->reg_rtcalm = value;
- break;
- case ALMSEC:
- s->reg_almsec = (value & 0x7f);
- break;
- case ALMMIN:
- s->reg_almmin = (value & 0x7f);
- break;
- case ALMHOUR:
- s->reg_almhour = (value & 0x3f);
- break;
- case ALMDAY:
- s->reg_almday = (value & 0x3f);
- break;
- case ALMMON:
- s->reg_almmon = (value & 0x1f);
- break;
- case ALMYEAR:
- s->reg_almyear = (value & 0x0fff);
- break;
-
- case BCDSEC:
- if (s->reg_rtccon & RTC_ENABLE) {
- s->current_tm.tm_sec = (int)from_bcd((uint8_t)value);
- }
- break;
- case BCDMIN:
- if (s->reg_rtccon & RTC_ENABLE) {
- s->current_tm.tm_min = (int)from_bcd((uint8_t)value);
- }
- break;
- case BCDHOUR:
- if (s->reg_rtccon & RTC_ENABLE) {
- s->current_tm.tm_hour = (int)from_bcd((uint8_t)value);
- }
- break;
- case BCDDAYWEEK:
- if (s->reg_rtccon & RTC_ENABLE) {
- s->current_tm.tm_wday = (int)from_bcd((uint8_t)value);
- }
- break;
- case BCDDAY:
- if (s->reg_rtccon & RTC_ENABLE) {
- s->current_tm.tm_mday = (int)from_bcd((uint8_t)value);
- }
- break;
- case BCDMON:
- if (s->reg_rtccon & RTC_ENABLE) {
- s->current_tm.tm_mon = (int)from_bcd((uint8_t)value) - 1;
- }
- break;
- case BCDYEAR:
- if (s->reg_rtccon & RTC_ENABLE) {
- /* 3 digits */
- s->current_tm.tm_year = (int)from_bcd((uint8_t)value) +
- (int)from_bcd((uint8_t)((value >> 8) & 0x0f)) * 100;
- }
- break;
-
- default:
- fprintf(stderr,
- "[exynos4210.rtc: bad write offset " TARGET_FMT_plx "]\n",
- offset);
- break;
-
- }
-}
-
-/*
- * Set default values to timer fields and registers
- */
-static void exynos4210_rtc_reset(DeviceState *d)
-{
- Exynos4210RTCState *s = (Exynos4210RTCState *)d;
-
- qemu_get_timedate(&s->current_tm, 0);
-
- DPRINTF("Get time from host: %d-%d-%d %2d:%02d:%02d\n",
- s->current_tm.tm_year, s->current_tm.tm_mon, s->current_tm.tm_mday,
- s->current_tm.tm_hour, s->current_tm.tm_min, s->current_tm.tm_sec);
-
- s->reg_intp = 0;
- s->reg_rtccon = 0;
- s->reg_ticcnt = 0;
- s->reg_rtcalm = 0;
- s->reg_almsec = 0;
- s->reg_almmin = 0;
- s->reg_almhour = 0;
- s->reg_almday = 0;
- s->reg_almmon = 0;
- s->reg_almyear = 0;
-
- s->reg_curticcnt = 0;
-
- exynos4210_rtc_update_freq(s, s->reg_rtccon);
- ptimer_stop(s->ptimer);
- ptimer_stop(s->ptimer_1Hz);
-}
-
-static const MemoryRegionOps exynos4210_rtc_ops = {
- .read = exynos4210_rtc_read,
- .write = exynos4210_rtc_write,
- .endianness = DEVICE_NATIVE_ENDIAN,
-};
-
-/*
- * RTC timer initialization
- */
-static int exynos4210_rtc_init(SysBusDevice *dev)
-{
- Exynos4210RTCState *s = FROM_SYSBUS(Exynos4210RTCState, dev);
- QEMUBH *bh;
-
- bh = qemu_bh_new(exynos4210_rtc_tick, s);
- s->ptimer = ptimer_init(bh);
- ptimer_set_freq(s->ptimer, RTC_BASE_FREQ);
- exynos4210_rtc_update_freq(s, 0);
-
- bh = qemu_bh_new(exynos4210_rtc_1Hz_tick, s);
- s->ptimer_1Hz = ptimer_init(bh);
- ptimer_set_freq(s->ptimer_1Hz, RTC_BASE_FREQ);
-
- sysbus_init_irq(dev, &s->alm_irq);
- sysbus_init_irq(dev, &s->tick_irq);
-
- memory_region_init_io(&s->iomem, &exynos4210_rtc_ops, s, "exynos4210-rtc",
- EXYNOS4210_RTC_REG_MEM_SIZE);
- sysbus_init_mmio(dev, &s->iomem);
-
- return 0;
-}
-
-static void exynos4210_rtc_class_init(ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS(klass);
- SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
-
- k->init = exynos4210_rtc_init;
- dc->reset = exynos4210_rtc_reset;
- dc->vmsd = &vmstate_exynos4210_rtc_state;
-}
-
-static const TypeInfo exynos4210_rtc_info = {
- .name = "exynos4210.rtc",
- .parent = TYPE_SYS_BUS_DEVICE,
- .instance_size = sizeof(Exynos4210RTCState),
- .class_init = exynos4210_rtc_class_init,
-};
-
-static void exynos4210_rtc_register_types(void)
-{
- type_register_static(&exynos4210_rtc_info);
-}
-
-type_init(exynos4210_rtc_register_types)
diff --git a/hw/exynos4210_uart.c b/hw/exynos4210_uart.c
deleted file mode 100644
index 20dcd9fb5..000000000
--- a/hw/exynos4210_uart.c
+++ /dev/null
@@ -1,676 +0,0 @@
-/*
- * Exynos4210 UART Emulation
- *
- * Copyright (C) 2011 Samsung Electronics Co Ltd.
- * Maksim Kozlov, <m.kozlov@samsung.com>
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- *
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, see <http://www.gnu.org/licenses/>.
- *
- */
-
-#include "sysbus.h"
-#include "sysemu.h"
-#include "qemu-char.h"
-
-#include "exynos4210.h"
-
-#undef DEBUG_UART
-#undef DEBUG_UART_EXTEND
-#undef DEBUG_IRQ
-#undef DEBUG_Rx_DATA
-#undef DEBUG_Tx_DATA
-
-#define DEBUG_UART 0
-#define DEBUG_UART_EXTEND 0
-#define DEBUG_IRQ 0
-#define DEBUG_Rx_DATA 0
-#define DEBUG_Tx_DATA 0
-
-#if DEBUG_UART
-#define PRINT_DEBUG(fmt, args...) \
- do { \
- fprintf(stderr, " [%s:%d] "fmt, __func__, __LINE__, ##args); \
- } while (0)
-
-#if DEBUG_UART_EXTEND
-#define PRINT_DEBUG_EXTEND(fmt, args...) \
- do { \
- fprintf(stderr, " [%s:%d] "fmt, __func__, __LINE__, ##args); \
- } while (0)
-#else
-#define PRINT_DEBUG_EXTEND(fmt, args...) \
- do {} while (0)
-#endif /* EXTEND */
-
-#else
-#define PRINT_DEBUG(fmt, args...) \
- do {} while (0)
-#define PRINT_DEBUG_EXTEND(fmt, args...) \
- do {} while (0)
-#endif
-
-#define PRINT_ERROR(fmt, args...) \
- do { \
- fprintf(stderr, " [%s:%d] "fmt, __func__, __LINE__, ##args); \
- } while (0)
-
-/*
- * Offsets for UART registers relative to SFR base address
- * for UARTn
- *
- */
-#define ULCON 0x0000 /* Line Control */
-#define UCON 0x0004 /* Control */
-#define UFCON 0x0008 /* FIFO Control */
-#define UMCON 0x000C /* Modem Control */
-#define UTRSTAT 0x0010 /* Tx/Rx Status */
-#define UERSTAT 0x0014 /* UART Error Status */
-#define UFSTAT 0x0018 /* FIFO Status */
-#define UMSTAT 0x001C /* Modem Status */
-#define UTXH 0x0020 /* Transmit Buffer */
-#define URXH 0x0024 /* Receive Buffer */
-#define UBRDIV 0x0028 /* Baud Rate Divisor */
-#define UFRACVAL 0x002C /* Divisor Fractional Value */
-#define UINTP 0x0030 /* Interrupt Pending */
-#define UINTSP 0x0034 /* Interrupt Source Pending */
-#define UINTM 0x0038 /* Interrupt Mask */
-
-/*
- * for indexing register in the uint32_t array
- *
- * 'reg' - register offset (see offsets definitions above)
- *
- */
-#define I_(reg) (reg / sizeof(uint32_t))
-
-typedef struct Exynos4210UartReg {
- const char *name; /* the only reason is the debug output */
- hwaddr offset;
- uint32_t reset_value;
-} Exynos4210UartReg;
-
-static Exynos4210UartReg exynos4210_uart_regs[] = {
- {"ULCON", ULCON, 0x00000000},
- {"UCON", UCON, 0x00003000},
- {"UFCON", UFCON, 0x00000000},
- {"UMCON", UMCON, 0x00000000},
- {"UTRSTAT", UTRSTAT, 0x00000006}, /* RO */
- {"UERSTAT", UERSTAT, 0x00000000}, /* RO */
- {"UFSTAT", UFSTAT, 0x00000000}, /* RO */
- {"UMSTAT", UMSTAT, 0x00000000}, /* RO */
- {"UTXH", UTXH, 0x5c5c5c5c}, /* WO, undefined reset value*/
- {"URXH", URXH, 0x00000000}, /* RO */
- {"UBRDIV", UBRDIV, 0x00000000},
- {"UFRACVAL", UFRACVAL, 0x00000000},
- {"UINTP", UINTP, 0x00000000},
- {"UINTSP", UINTSP, 0x00000000},
- {"UINTM", UINTM, 0x00000000},
-};
-
-#define EXYNOS4210_UART_REGS_MEM_SIZE 0x3C
-
-/* UART FIFO Control */
-#define UFCON_FIFO_ENABLE 0x1
-#define UFCON_Rx_FIFO_RESET 0x2
-#define UFCON_Tx_FIFO_RESET 0x4
-#define UFCON_Tx_FIFO_TRIGGER_LEVEL_SHIFT 8
-#define UFCON_Tx_FIFO_TRIGGER_LEVEL (7 << UFCON_Tx_FIFO_TRIGGER_LEVEL_SHIFT)
-#define UFCON_Rx_FIFO_TRIGGER_LEVEL_SHIFT 4
-#define UFCON_Rx_FIFO_TRIGGER_LEVEL (7 << UFCON_Rx_FIFO_TRIGGER_LEVEL_SHIFT)
-
-/* Uart FIFO Status */
-#define UFSTAT_Rx_FIFO_COUNT 0xff
-#define UFSTAT_Rx_FIFO_FULL 0x100
-#define UFSTAT_Rx_FIFO_ERROR 0x200
-#define UFSTAT_Tx_FIFO_COUNT_SHIFT 16
-#define UFSTAT_Tx_FIFO_COUNT (0xff << UFSTAT_Tx_FIFO_COUNT_SHIFT)
-#define UFSTAT_Tx_FIFO_FULL_SHIFT 24
-#define UFSTAT_Tx_FIFO_FULL (1 << UFSTAT_Tx_FIFO_FULL_SHIFT)
-
-/* UART Interrupt Source Pending */
-#define UINTSP_RXD 0x1 /* Receive interrupt */
-#define UINTSP_ERROR 0x2 /* Error interrupt */
-#define UINTSP_TXD 0x4 /* Transmit interrupt */
-#define UINTSP_MODEM 0x8 /* Modem interrupt */
-
-/* UART Line Control */
-#define ULCON_IR_MODE_SHIFT 6
-#define ULCON_PARITY_SHIFT 3
-#define ULCON_STOP_BIT_SHIFT 1
-
-/* UART Tx/Rx Status */
-#define UTRSTAT_TRANSMITTER_EMPTY 0x4
-#define UTRSTAT_Tx_BUFFER_EMPTY 0x2
-#define UTRSTAT_Rx_BUFFER_DATA_READY 0x1
-
-/* UART Error Status */
-#define UERSTAT_OVERRUN 0x1
-#define UERSTAT_PARITY 0x2
-#define UERSTAT_FRAME 0x4
-#define UERSTAT_BREAK 0x8
-
-typedef struct {
- uint8_t *data;
- uint32_t sp, rp; /* store and retrieve pointers */
- uint32_t size;
-} Exynos4210UartFIFO;
-
-typedef struct {
- SysBusDevice busdev;
- MemoryRegion iomem;
-
- uint32_t reg[EXYNOS4210_UART_REGS_MEM_SIZE / sizeof(uint32_t)];
- Exynos4210UartFIFO rx;
- Exynos4210UartFIFO tx;
-
- CharDriverState *chr;
- qemu_irq irq;
-
- uint32_t channel;
-
-} Exynos4210UartState;
-
-
-#if DEBUG_UART
-/* Used only for debugging inside PRINT_DEBUG_... macros */
-static const char *exynos4210_uart_regname(hwaddr offset)
-{
-
- int regs_number = sizeof(exynos4210_uart_regs) / sizeof(Exynos4210UartReg);
- int i;
-
- for (i = 0; i < regs_number; i++) {
- if (offset == exynos4210_uart_regs[i].offset) {
- return exynos4210_uart_regs[i].name;
- }
- }
-
- return NULL;
-}
-#endif
-
-
-static void fifo_store(Exynos4210UartFIFO *q, uint8_t ch)
-{
- q->data[q->sp] = ch;
- q->sp = (q->sp + 1) % q->size;
-}
-
-static uint8_t fifo_retrieve(Exynos4210UartFIFO *q)
-{
- uint8_t ret = q->data[q->rp];
- q->rp = (q->rp + 1) % q->size;
- return ret;
-}
-
-static int fifo_elements_number(Exynos4210UartFIFO *q)
-{
- if (q->sp < q->rp) {
- return q->size - q->rp + q->sp;
- }
-
- return q->sp - q->rp;
-}
-
-static int fifo_empty_elements_number(Exynos4210UartFIFO *q)
-{
- return q->size - fifo_elements_number(q);
-}
-
-static void fifo_reset(Exynos4210UartFIFO *q)
-{
- if (q->data != NULL) {
- g_free(q->data);
- q->data = NULL;
- }
-
- q->data = (uint8_t *)g_malloc0(q->size);
-
- q->sp = 0;
- q->rp = 0;
-}
-
-static uint32_t exynos4210_uart_Tx_FIFO_trigger_level(Exynos4210UartState *s)
-{
- uint32_t level = 0;
- uint32_t reg;
-
- reg = (s->reg[I_(UFCON)] & UFCON_Tx_FIFO_TRIGGER_LEVEL) >>
- UFCON_Tx_FIFO_TRIGGER_LEVEL_SHIFT;
-
- switch (s->channel) {
- case 0:
- level = reg * 32;
- break;
- case 1:
- case 4:
- level = reg * 8;
- break;
- case 2:
- case 3:
- level = reg * 2;
- break;
- default:
- level = 0;
- PRINT_ERROR("Wrong UART channel number: %d\n", s->channel);
- }
-
- return level;
-}
-
-static void exynos4210_uart_update_irq(Exynos4210UartState *s)
-{
- /*
- * The Tx interrupt is always requested if the number of data in the
- * transmit FIFO is smaller than the trigger level.
- */
- if (s->reg[I_(UFCON)] & UFCON_FIFO_ENABLE) {
-
- uint32_t count = (s->reg[I_(UFSTAT)] & UFSTAT_Tx_FIFO_COUNT) >>
- UFSTAT_Tx_FIFO_COUNT_SHIFT;
-
- if (count <= exynos4210_uart_Tx_FIFO_trigger_level(s)) {
- s->reg[I_(UINTSP)] |= UINTSP_TXD;
- }
- }
-
- s->reg[I_(UINTP)] = s->reg[I_(UINTSP)] & ~s->reg[I_(UINTM)];
-
- if (s->reg[I_(UINTP)]) {
- qemu_irq_raise(s->irq);
-
-#if DEBUG_IRQ
- fprintf(stderr, "UART%d: IRQ has been raised: %08x\n",
- s->channel, s->reg[I_(UINTP)]);
-#endif
-
- } else {
- qemu_irq_lower(s->irq);
- }
-}
-
-static void exynos4210_uart_update_parameters(Exynos4210UartState *s)
-{
- int speed, parity, data_bits, stop_bits, frame_size;
- QEMUSerialSetParams ssp;
- uint64_t uclk_rate;
-
- if (s->reg[I_(UBRDIV)] == 0) {
- return;
- }
-
- frame_size = 1; /* start bit */
- if (s->reg[I_(ULCON)] & 0x20) {
- frame_size++; /* parity bit */
- if (s->reg[I_(ULCON)] & 0x28) {
- parity = 'E';
- } else {
- parity = 'O';
- }
- } else {
- parity = 'N';
- }
-
- if (s->reg[I_(ULCON)] & 0x4) {
- stop_bits = 2;
- } else {
- stop_bits = 1;
- }
-
- data_bits = (s->reg[I_(ULCON)] & 0x3) + 5;
-
- frame_size += data_bits + stop_bits;
-
- uclk_rate = 24000000;
-
- speed = uclk_rate / ((16 * (s->reg[I_(UBRDIV)]) & 0xffff) +
- (s->reg[I_(UFRACVAL)] & 0x7) + 16);
-
- ssp.speed = speed;
- ssp.parity = parity;
- ssp.data_bits = data_bits;
- ssp.stop_bits = stop_bits;
-
- qemu_chr_fe_ioctl(s->chr, CHR_IOCTL_SERIAL_SET_PARAMS, &ssp);
-
- PRINT_DEBUG("UART%d: speed: %d, parity: %c, data: %d, stop: %d\n",
- s->channel, speed, parity, data_bits, stop_bits);
-}
-
-static void exynos4210_uart_write(void *opaque, hwaddr offset,
- uint64_t val, unsigned size)
-{
- Exynos4210UartState *s = (Exynos4210UartState *)opaque;
- uint8_t ch;
-
- PRINT_DEBUG_EXTEND("UART%d: <0x%04x> %s <- 0x%08llx\n", s->channel,
- offset, exynos4210_uart_regname(offset), (long long unsigned int)val);
-
- switch (offset) {
- case ULCON:
- case UBRDIV:
- case UFRACVAL:
- s->reg[I_(offset)] = val;
- exynos4210_uart_update_parameters(s);
- break;
- case UFCON:
- s->reg[I_(UFCON)] = val;
- if (val & UFCON_Rx_FIFO_RESET) {
- fifo_reset(&s->rx);
- s->reg[I_(UFCON)] &= ~UFCON_Rx_FIFO_RESET;
- PRINT_DEBUG("UART%d: Rx FIFO Reset\n", s->channel);
- }
- if (val & UFCON_Tx_FIFO_RESET) {
- fifo_reset(&s->tx);
- s->reg[I_(UFCON)] &= ~UFCON_Tx_FIFO_RESET;
- PRINT_DEBUG("UART%d: Tx FIFO Reset\n", s->channel);
- }
- break;
-
- case UTXH:
- if (s->chr) {
- s->reg[I_(UTRSTAT)] &= ~(UTRSTAT_TRANSMITTER_EMPTY |
- UTRSTAT_Tx_BUFFER_EMPTY);
- ch = (uint8_t)val;
- qemu_chr_fe_write(s->chr, &ch, 1);
-#if DEBUG_Tx_DATA
- fprintf(stderr, "%c", ch);
-#endif
- s->reg[I_(UTRSTAT)] |= UTRSTAT_TRANSMITTER_EMPTY |
- UTRSTAT_Tx_BUFFER_EMPTY;
- s->reg[I_(UINTSP)] |= UINTSP_TXD;
- exynos4210_uart_update_irq(s);
- }
- break;
-
- case UINTP:
- s->reg[I_(UINTP)] &= ~val;
- s->reg[I_(UINTSP)] &= ~val;
- PRINT_DEBUG("UART%d: UINTP [%04x] have been cleared: %08x\n",
- s->channel, offset, s->reg[I_(UINTP)]);
- exynos4210_uart_update_irq(s);
- break;
- case UTRSTAT:
- case UERSTAT:
- case UFSTAT:
- case UMSTAT:
- case URXH:
- PRINT_DEBUG("UART%d: Trying to write into RO register: %s [%04x]\n",
- s->channel, exynos4210_uart_regname(offset), offset);
- break;
- case UINTSP:
- s->reg[I_(UINTSP)] &= ~val;
- break;
- case UINTM:
- s->reg[I_(UINTM)] = val;
- exynos4210_uart_update_irq(s);
- break;
- case UCON:
- case UMCON:
- default:
- s->reg[I_(offset)] = val;
- break;
- }
-}
-static uint64_t exynos4210_uart_read(void *opaque, hwaddr offset,
- unsigned size)
-{
- Exynos4210UartState *s = (Exynos4210UartState *)opaque;
- uint32_t res;
-
- switch (offset) {
- case UERSTAT: /* Read Only */
- res = s->reg[I_(UERSTAT)];
- s->reg[I_(UERSTAT)] = 0;
- return res;
- case UFSTAT: /* Read Only */
- s->reg[I_(UFSTAT)] = fifo_elements_number(&s->rx) & 0xff;
- if (fifo_empty_elements_number(&s->rx) == 0) {
- s->reg[I_(UFSTAT)] |= UFSTAT_Rx_FIFO_FULL;
- s->reg[I_(UFSTAT)] &= ~0xff;
- }
- return s->reg[I_(UFSTAT)];
- case URXH:
- if (s->reg[I_(UFCON)] & UFCON_FIFO_ENABLE) {
- if (fifo_elements_number(&s->rx)) {
- res = fifo_retrieve(&s->rx);
-#if DEBUG_Rx_DATA
- fprintf(stderr, "%c", res);
-#endif
- if (!fifo_elements_number(&s->rx)) {
- s->reg[I_(UTRSTAT)] &= ~UTRSTAT_Rx_BUFFER_DATA_READY;
- } else {
- s->reg[I_(UTRSTAT)] |= UTRSTAT_Rx_BUFFER_DATA_READY;
- }
- } else {
- s->reg[I_(UINTSP)] |= UINTSP_ERROR;
- exynos4210_uart_update_irq(s);
- res = 0;
- }
- } else {
- s->reg[I_(UTRSTAT)] &= ~UTRSTAT_Rx_BUFFER_DATA_READY;
- res = s->reg[I_(URXH)];
- }
- return res;
- case UTXH:
- PRINT_DEBUG("UART%d: Trying to read from WO register: %s [%04x]\n",
- s->channel, exynos4210_uart_regname(offset), offset);
- break;
- default:
- return s->reg[I_(offset)];
- }
-
- return 0;
-}
-
-static const MemoryRegionOps exynos4210_uart_ops = {
- .read = exynos4210_uart_read,
- .write = exynos4210_uart_write,
- .endianness = DEVICE_NATIVE_ENDIAN,
- .valid = {
- .max_access_size = 4,
- .unaligned = false
- },
-};
-
-static int exynos4210_uart_can_receive(void *opaque)
-{
- Exynos4210UartState *s = (Exynos4210UartState *)opaque;
-
- return fifo_empty_elements_number(&s->rx);
-}
-
-
-static void exynos4210_uart_receive(void *opaque, const uint8_t *buf, int size)
-{
- Exynos4210UartState *s = (Exynos4210UartState *)opaque;
- int i;
-
- if (s->reg[I_(UFCON)] & UFCON_FIFO_ENABLE) {
- if (fifo_empty_elements_number(&s->rx) < size) {
- for (i = 0; i < fifo_empty_elements_number(&s->rx); i++) {
- fifo_store(&s->rx, buf[i]);
- }
- s->reg[I_(UINTSP)] |= UINTSP_ERROR;
- s->reg[I_(UTRSTAT)] |= UTRSTAT_Rx_BUFFER_DATA_READY;
- } else {
- for (i = 0; i < size; i++) {
- fifo_store(&s->rx, buf[i]);
- }
- s->reg[I_(UTRSTAT)] |= UTRSTAT_Rx_BUFFER_DATA_READY;
- }
- /* XXX: Around here we maybe should check Rx trigger level */
- s->reg[I_(UINTSP)] |= UINTSP_RXD;
- } else {
- s->reg[I_(URXH)] = buf[0];
- s->reg[I_(UINTSP)] |= UINTSP_RXD;
- s->reg[I_(UTRSTAT)] |= UTRSTAT_Rx_BUFFER_DATA_READY;
- }
-
- exynos4210_uart_update_irq(s);
-}
-
-
-static void exynos4210_uart_event(void *opaque, int event)
-{
- Exynos4210UartState *s = (Exynos4210UartState *)opaque;
-
- if (event == CHR_EVENT_BREAK) {
- /* When the RxDn is held in logic 0, then a null byte is pushed into the
- * fifo */
- fifo_store(&s->rx, '\0');
- s->reg[I_(UERSTAT)] |= UERSTAT_BREAK;
- exynos4210_uart_update_irq(s);
- }
-}
-
-
-static void exynos4210_uart_reset(DeviceState *dev)
-{
- Exynos4210UartState *s =
- container_of(dev, Exynos4210UartState, busdev.qdev);
- int regs_number = sizeof(exynos4210_uart_regs)/sizeof(Exynos4210UartReg);
- int i;
-
- for (i = 0; i < regs_number; i++) {
- s->reg[I_(exynos4210_uart_regs[i].offset)] =
- exynos4210_uart_regs[i].reset_value;
- }
-
- fifo_reset(&s->rx);
- fifo_reset(&s->tx);
-
- PRINT_DEBUG("UART%d: Rx FIFO size: %d\n", s->channel, s->rx.size);
-}
-
-static const VMStateDescription vmstate_exynos4210_uart_fifo = {
- .name = "exynos4210.uart.fifo",
- .version_id = 1,
- .minimum_version_id = 1,
- .minimum_version_id_old = 1,
- .fields = (VMStateField[]) {
- VMSTATE_UINT32(sp, Exynos4210UartFIFO),
- VMSTATE_UINT32(rp, Exynos4210UartFIFO),
- VMSTATE_VBUFFER_UINT32(data, Exynos4210UartFIFO, 1, NULL, 0, size),
- VMSTATE_END_OF_LIST()
- }
-};
-
-static const VMStateDescription vmstate_exynos4210_uart = {
- .name = "exynos4210.uart",
- .version_id = 1,
- .minimum_version_id = 1,
- .minimum_version_id_old = 1,
- .fields = (VMStateField[]) {
- VMSTATE_STRUCT(rx, Exynos4210UartState, 1,
- vmstate_exynos4210_uart_fifo, Exynos4210UartFIFO),
- VMSTATE_UINT32_ARRAY(reg, Exynos4210UartState,
- EXYNOS4210_UART_REGS_MEM_SIZE / sizeof(uint32_t)),
- VMSTATE_END_OF_LIST()
- }
-};
-
-DeviceState *exynos4210_uart_create(hwaddr addr,
- int fifo_size,
- int channel,
- CharDriverState *chr,
- qemu_irq irq)
-{
- DeviceState *dev;
- SysBusDevice *bus;
-
- const char chr_name[] = "serial";
- char label[ARRAY_SIZE(chr_name) + 1];
-
- dev = qdev_create(NULL, "exynos4210.uart");
-
- if (!chr) {
- if (channel >= MAX_SERIAL_PORTS) {
- hw_error("Only %d serial ports are supported by QEMU.\n",
- MAX_SERIAL_PORTS);
- }
- chr = serial_hds[channel];
- if (!chr) {
- snprintf(label, ARRAY_SIZE(label), "%s%d", chr_name, channel);
- chr = qemu_chr_new(label, "null", NULL);
- if (!(chr)) {
- hw_error("Can't assign serial port to UART%d.\n", channel);
- }
- }
- }
-
- qdev_prop_set_chr(dev, "chardev", chr);
- qdev_prop_set_uint32(dev, "channel", channel);
- qdev_prop_set_uint32(dev, "rx-size", fifo_size);
- qdev_prop_set_uint32(dev, "tx-size", fifo_size);
-
- bus = sysbus_from_qdev(dev);
- qdev_init_nofail(dev);
- if (addr != (hwaddr)-1) {
- sysbus_mmio_map(bus, 0, addr);
- }
- sysbus_connect_irq(bus, 0, irq);
-
- return dev;
-}
-
-static int exynos4210_uart_init(SysBusDevice *dev)
-{
- Exynos4210UartState *s = FROM_SYSBUS(Exynos4210UartState, dev);
-
- /* memory mapping */
- memory_region_init_io(&s->iomem, &exynos4210_uart_ops, s, "exynos4210.uart",
- EXYNOS4210_UART_REGS_MEM_SIZE);
- sysbus_init_mmio(dev, &s->iomem);
-
- sysbus_init_irq(dev, &s->irq);
-
- qemu_chr_add_handlers(s->chr, exynos4210_uart_can_receive,
- exynos4210_uart_receive, exynos4210_uart_event, s);
-
- return 0;
-}
-
-static Property exynos4210_uart_properties[] = {
- DEFINE_PROP_CHR("chardev", Exynos4210UartState, chr),
- DEFINE_PROP_UINT32("channel", Exynos4210UartState, channel, 0),
- DEFINE_PROP_UINT32("rx-size", Exynos4210UartState, rx.size, 16),
- DEFINE_PROP_UINT32("tx-size", Exynos4210UartState, tx.size, 16),
- DEFINE_PROP_END_OF_LIST(),
-};
-
-static void exynos4210_uart_class_init(ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS(klass);
- SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
-
- k->init = exynos4210_uart_init;
- dc->reset = exynos4210_uart_reset;
- dc->props = exynos4210_uart_properties;
- dc->vmsd = &vmstate_exynos4210_uart;
-}
-
-static TypeInfo exynos4210_uart_info = {
- .name = "exynos4210.uart",
- .parent = TYPE_SYS_BUS_DEVICE,
- .instance_size = sizeof(Exynos4210UartState),
- .class_init = exynos4210_uart_class_init,
-};
-
-static void exynos4210_uart_register(void)
-{
- type_register_static(&exynos4210_uart_info);
-}
-
-type_init(exynos4210_uart_register)
diff --git a/hw/exynos4_boards.c b/hw/exynos4_boards.c
deleted file mode 100644
index bc815bbae..000000000
--- a/hw/exynos4_boards.c
+++ /dev/null
@@ -1,168 +0,0 @@
-/*
- * Samsung exynos4 SoC based boards emulation
- *
- * Copyright (c) 2011 Samsung Electronics Co., Ltd. All rights reserved.
- * Maksim Kozlov <m.kozlov@samsung.com>
- * Evgeny Voevodin <e.voevodin@samsung.com>
- * Igor Mitsyanko <i.mitsyanko@samsung.com>
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- *
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, see <http://www.gnu.org/licenses/>.
- *
- */
-
-#include "sysemu.h"
-#include "sysbus.h"
-#include "net.h"
-#include "arm-misc.h"
-#include "exec-memory.h"
-#include "exynos4210.h"
-#include "boards.h"
-
-#undef DEBUG
-
-//#define DEBUG
-
-#ifdef DEBUG
- #undef PRINT_DEBUG
- #define PRINT_DEBUG(fmt, args...) \
- do { \
- fprintf(stderr, " [%s:%d] "fmt, __func__, __LINE__, ##args); \
- } while (0)
-#else
- #define PRINT_DEBUG(fmt, args...) do {} while (0)
-#endif
-
-#define SMDK_LAN9118_BASE_ADDR 0x05000000
-
-typedef enum Exynos4BoardType {
- EXYNOS4_BOARD_NURI,
- EXYNOS4_BOARD_SMDKC210,
- EXYNOS4_NUM_OF_BOARDS
-} Exynos4BoardType;
-
-static int exynos4_board_id[EXYNOS4_NUM_OF_BOARDS] = {
- [EXYNOS4_BOARD_NURI] = 0xD33,
- [EXYNOS4_BOARD_SMDKC210] = 0xB16,
-};
-
-static int exynos4_board_smp_bootreg_addr[EXYNOS4_NUM_OF_BOARDS] = {
- [EXYNOS4_BOARD_NURI] = EXYNOS4210_SECOND_CPU_BOOTREG,
- [EXYNOS4_BOARD_SMDKC210] = EXYNOS4210_SECOND_CPU_BOOTREG,
-};
-
-static unsigned long exynos4_board_ram_size[EXYNOS4_NUM_OF_BOARDS] = {
- [EXYNOS4_BOARD_NURI] = 0x40000000,
- [EXYNOS4_BOARD_SMDKC210] = 0x40000000,
-};
-
-static struct arm_boot_info exynos4_board_binfo = {
- .loader_start = EXYNOS4210_BASE_BOOT_ADDR,
- .smp_loader_start = EXYNOS4210_SMP_BOOT_ADDR,
- .nb_cpus = EXYNOS4210_NCPUS,
- .write_secondary_boot = exynos4210_write_secondary,
-};
-
-static QEMUMachine exynos4_machines[EXYNOS4_NUM_OF_BOARDS];
-
-static void lan9215_init(uint32_t base, qemu_irq irq)
-{
- DeviceState *dev;
- SysBusDevice *s;
-
- /* This should be a 9215 but the 9118 is close enough */
- if (nd_table[0].used) {
- qemu_check_nic_model(&nd_table[0], "lan9118");
- dev = qdev_create(NULL, "lan9118");
- qdev_set_nic_properties(dev, &nd_table[0]);
- qdev_prop_set_uint32(dev, "mode_16bit", 1);
- qdev_init_nofail(dev);
- s = sysbus_from_qdev(dev);
- sysbus_mmio_map(s, 0, base);
- sysbus_connect_irq(s, 0, irq);
- }
-}
-
-static Exynos4210State *exynos4_boards_init_common(QEMUMachineInitArgs *args,
- Exynos4BoardType board_type)
-{
- if (smp_cpus != EXYNOS4210_NCPUS) {
- fprintf(stderr, "%s board supports only %d CPU cores. Ignoring smp_cpus"
- " value.\n",
- exynos4_machines[board_type].name,
- exynos4_machines[board_type].max_cpus);
- }
-
- exynos4_board_binfo.ram_size = exynos4_board_ram_size[board_type];
- exynos4_board_binfo.board_id = exynos4_board_id[board_type];
- exynos4_board_binfo.smp_bootreg_addr =
- exynos4_board_smp_bootreg_addr[board_type];
- exynos4_board_binfo.kernel_filename = args->kernel_filename;
- exynos4_board_binfo.initrd_filename = args->initrd_filename;
- exynos4_board_binfo.kernel_cmdline = args->kernel_cmdline;
- exynos4_board_binfo.gic_cpu_if_addr =
- EXYNOS4210_SMP_PRIVATE_BASE_ADDR + 0x100;
-
- PRINT_DEBUG("\n ram_size: %luMiB [0x%08lx]\n"
- " kernel_filename: %s\n"
- " kernel_cmdline: %s\n"
- " initrd_filename: %s\n",
- exynos4_board_ram_size[board_type] / 1048576,
- exynos4_board_ram_size[board_type],
- args->kernel_filename,
- args->kernel_cmdline,
- args->initrd_filename);
-
- return exynos4210_init(get_system_memory(),
- exynos4_board_ram_size[board_type]);
-}
-
-static void nuri_init(QEMUMachineInitArgs *args)
-{
- exynos4_boards_init_common(args, EXYNOS4_BOARD_NURI);
-
- arm_load_kernel(arm_env_get_cpu(first_cpu), &exynos4_board_binfo);
-}
-
-static void smdkc210_init(QEMUMachineInitArgs *args)
-{
- Exynos4210State *s = exynos4_boards_init_common(args,
- EXYNOS4_BOARD_SMDKC210);
-
- lan9215_init(SMDK_LAN9118_BASE_ADDR,
- qemu_irq_invert(s->irq_table[exynos4210_get_irq(37, 1)]));
- arm_load_kernel(arm_env_get_cpu(first_cpu), &exynos4_board_binfo);
-}
-
-static QEMUMachine exynos4_machines[EXYNOS4_NUM_OF_BOARDS] = {
- [EXYNOS4_BOARD_NURI] = {
- .name = "nuri",
- .desc = "Samsung NURI board (Exynos4210)",
- .init = nuri_init,
- .max_cpus = EXYNOS4210_NCPUS,
- },
- [EXYNOS4_BOARD_SMDKC210] = {
- .name = "smdkc210",
- .desc = "Samsung SMDKC210 board (Exynos4210)",
- .init = smdkc210_init,
- .max_cpus = EXYNOS4210_NCPUS,
- },
-};
-
-static void exynos4_machine_init(void)
-{
- qemu_register_machine(&exynos4_machines[EXYNOS4_BOARD_NURI]);
- qemu_register_machine(&exynos4_machines[EXYNOS4_BOARD_SMDKC210]);
-}
-
-machine_init(exynos4_machine_init);
diff --git a/hw/fdc.c b/hw/fdc.c
deleted file mode 100644
index 29b5449ff..000000000
--- a/hw/fdc.c
+++ /dev/null
@@ -1,2284 +0,0 @@
-/*
- * QEMU Floppy disk emulator (Intel 82078)
- *
- * Copyright (c) 2003, 2007 Jocelyn Mayer
- * Copyright (c) 2008 Hervé Poussineau
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
- * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
- * THE SOFTWARE.
- */
-/*
- * The controller is used in Sun4m systems in a slightly different
- * way. There are changes in DOR register and DMA is not available.
- */
-
-#include "hw.h"
-#include "fdc.h"
-#include "qemu-error.h"
-#include "qemu-timer.h"
-#include "isa.h"
-#include "sysbus.h"
-#include "qdev-addr.h"
-#include "blockdev.h"
-#include "sysemu.h"
-#include "qemu-log.h"
-
-/********************************************************/
-/* debug Floppy devices */
-//#define DEBUG_FLOPPY
-
-#ifdef DEBUG_FLOPPY
-#define FLOPPY_DPRINTF(fmt, ...) \
- do { printf("FLOPPY: " fmt , ## __VA_ARGS__); } while (0)
-#else
-#define FLOPPY_DPRINTF(fmt, ...)
-#endif
-
-/********************************************************/
-/* Floppy drive emulation */
-
-typedef enum FDriveRate {
- FDRIVE_RATE_500K = 0x00, /* 500 Kbps */
- FDRIVE_RATE_300K = 0x01, /* 300 Kbps */
- FDRIVE_RATE_250K = 0x02, /* 250 Kbps */
- FDRIVE_RATE_1M = 0x03, /* 1 Mbps */
-} FDriveRate;
-
-typedef struct FDFormat {
- FDriveType drive;
- uint8_t last_sect;
- uint8_t max_track;
- uint8_t max_head;
- FDriveRate rate;
-} FDFormat;
-
-static const FDFormat fd_formats[] = {
- /* First entry is default format */
- /* 1.44 MB 3"1/2 floppy disks */
- { FDRIVE_DRV_144, 18, 80, 1, FDRIVE_RATE_500K, },
- { FDRIVE_DRV_144, 20, 80, 1, FDRIVE_RATE_500K, },
- { FDRIVE_DRV_144, 21, 80, 1, FDRIVE_RATE_500K, },
- { FDRIVE_DRV_144, 21, 82, 1, FDRIVE_RATE_500K, },
- { FDRIVE_DRV_144, 21, 83, 1, FDRIVE_RATE_500K, },
- { FDRIVE_DRV_144, 22, 80, 1, FDRIVE_RATE_500K, },
- { FDRIVE_DRV_144, 23, 80, 1, FDRIVE_RATE_500K, },
- { FDRIVE_DRV_144, 24, 80, 1, FDRIVE_RATE_500K, },
- /* 2.88 MB 3"1/2 floppy disks */
- { FDRIVE_DRV_288, 36, 80, 1, FDRIVE_RATE_1M, },
- { FDRIVE_DRV_288, 39, 80, 1, FDRIVE_RATE_1M, },
- { FDRIVE_DRV_288, 40, 80, 1, FDRIVE_RATE_1M, },
- { FDRIVE_DRV_288, 44, 80, 1, FDRIVE_RATE_1M, },
- { FDRIVE_DRV_288, 48, 80, 1, FDRIVE_RATE_1M, },
- /* 720 kB 3"1/2 floppy disks */
- { FDRIVE_DRV_144, 9, 80, 1, FDRIVE_RATE_250K, },
- { FDRIVE_DRV_144, 10, 80, 1, FDRIVE_RATE_250K, },
- { FDRIVE_DRV_144, 10, 82, 1, FDRIVE_RATE_250K, },
- { FDRIVE_DRV_144, 10, 83, 1, FDRIVE_RATE_250K, },
- { FDRIVE_DRV_144, 13, 80, 1, FDRIVE_RATE_250K, },
- { FDRIVE_DRV_144, 14, 80, 1, FDRIVE_RATE_250K, },
- /* 1.2 MB 5"1/4 floppy disks */
- { FDRIVE_DRV_120, 15, 80, 1, FDRIVE_RATE_500K, },
- { FDRIVE_DRV_120, 18, 80, 1, FDRIVE_RATE_500K, },
- { FDRIVE_DRV_120, 18, 82, 1, FDRIVE_RATE_500K, },
- { FDRIVE_DRV_120, 18, 83, 1, FDRIVE_RATE_500K, },
- { FDRIVE_DRV_120, 20, 80, 1, FDRIVE_RATE_500K, },
- /* 720 kB 5"1/4 floppy disks */
- { FDRIVE_DRV_120, 9, 80, 1, FDRIVE_RATE_250K, },
- { FDRIVE_DRV_120, 11, 80, 1, FDRIVE_RATE_250K, },
- /* 360 kB 5"1/4 floppy disks */
- { FDRIVE_DRV_120, 9, 40, 1, FDRIVE_RATE_300K, },
- { FDRIVE_DRV_120, 9, 40, 0, FDRIVE_RATE_300K, },
- { FDRIVE_DRV_120, 10, 41, 1, FDRIVE_RATE_300K, },
- { FDRIVE_DRV_120, 10, 42, 1, FDRIVE_RATE_300K, },
- /* 320 kB 5"1/4 floppy disks */
- { FDRIVE_DRV_120, 8, 40, 1, FDRIVE_RATE_250K, },
- { FDRIVE_DRV_120, 8, 40, 0, FDRIVE_RATE_250K, },
- /* 360 kB must match 5"1/4 better than 3"1/2... */
- { FDRIVE_DRV_144, 9, 80, 0, FDRIVE_RATE_250K, },
- /* end */
- { FDRIVE_DRV_NONE, -1, -1, 0, 0, },
-};
-
-static void pick_geometry(BlockDriverState *bs, int *nb_heads,
- int *max_track, int *last_sect,
- FDriveType drive_in, FDriveType *drive,
- FDriveRate *rate)
-{
- const FDFormat *parse;
- uint64_t nb_sectors, size;
- int i, first_match, match;
-
- bdrv_get_geometry(bs, &nb_sectors);
- match = -1;
- first_match = -1;
- for (i = 0; ; i++) {
- parse = &fd_formats[i];
- if (parse->drive == FDRIVE_DRV_NONE) {
- break;
- }
- if (drive_in == parse->drive ||
- drive_in == FDRIVE_DRV_NONE) {
- size = (parse->max_head + 1) * parse->max_track *
- parse->last_sect;
- if (nb_sectors == size) {
- match = i;
- break;
- }
- if (first_match == -1) {
- first_match = i;
- }
- }
- }
- if (match == -1) {
- if (first_match == -1) {
- match = 1;
- } else {
- match = first_match;
- }
- parse = &fd_formats[match];
- }
- *nb_heads = parse->max_head + 1;
- *max_track = parse->max_track;
- *last_sect = parse->last_sect;
- *drive = parse->drive;
- *rate = parse->rate;
-}
-
-#define GET_CUR_DRV(fdctrl) ((fdctrl)->cur_drv)
-#define SET_CUR_DRV(fdctrl, drive) ((fdctrl)->cur_drv = (drive))
-
-/* Will always be a fixed parameter for us */
-#define FD_SECTOR_LEN 512
-#define FD_SECTOR_SC 2 /* Sector size code */
-#define FD_RESET_SENSEI_COUNT 4 /* Number of sense interrupts on RESET */
-
-typedef struct FDCtrl FDCtrl;
-
-/* Floppy disk drive emulation */
-typedef enum FDiskFlags {
- FDISK_DBL_SIDES = 0x01,
-} FDiskFlags;
-
-typedef struct FDrive {
- FDCtrl *fdctrl;
- BlockDriverState *bs;
- /* Drive status */
- FDriveType drive;
- uint8_t perpendicular; /* 2.88 MB access mode */
- /* Position */
- uint8_t head;
- uint8_t track;
- uint8_t sect;
- /* Media */
- FDiskFlags flags;
- uint8_t last_sect; /* Nb sector per track */
- uint8_t max_track; /* Nb of tracks */
- uint16_t bps; /* Bytes per sector */
- uint8_t ro; /* Is read-only */
- uint8_t media_changed; /* Is media changed */
- uint8_t media_rate; /* Data rate of medium */
-} FDrive;
-
-static void fd_init(FDrive *drv)
-{
- /* Drive */
- drv->drive = FDRIVE_DRV_NONE;
- drv->perpendicular = 0;
- /* Disk */
- drv->last_sect = 0;
- drv->max_track = 0;
-}
-
-#define NUM_SIDES(drv) ((drv)->flags & FDISK_DBL_SIDES ? 2 : 1)
-
-static int fd_sector_calc(uint8_t head, uint8_t track, uint8_t sect,
- uint8_t last_sect, uint8_t num_sides)
-{
- return (((track * num_sides) + head) * last_sect) + sect - 1;
-}
-
-/* Returns current position, in sectors, for given drive */
-static int fd_sector(FDrive *drv)
-{
- return fd_sector_calc(drv->head, drv->track, drv->sect, drv->last_sect,
- NUM_SIDES(drv));
-}
-
-/* Seek to a new position:
- * returns 0 if already on right track
- * returns 1 if track changed
- * returns 2 if track is invalid
- * returns 3 if sector is invalid
- * returns 4 if seek is disabled
- */
-static int fd_seek(FDrive *drv, uint8_t head, uint8_t track, uint8_t sect,
- int enable_seek)
-{
- uint32_t sector;
- int ret;
-
- if (track > drv->max_track ||
- (head != 0 && (drv->flags & FDISK_DBL_SIDES) == 0)) {
- FLOPPY_DPRINTF("try to read %d %02x %02x (max=%d %d %02x %02x)\n",
- head, track, sect, 1,
- (drv->flags & FDISK_DBL_SIDES) == 0 ? 0 : 1,
- drv->max_track, drv->last_sect);
- return 2;
- }
- if (sect > drv->last_sect) {
- FLOPPY_DPRINTF("try to read %d %02x %02x (max=%d %d %02x %02x)\n",
- head, track, sect, 1,
- (drv->flags & FDISK_DBL_SIDES) == 0 ? 0 : 1,
- drv->max_track, drv->last_sect);
- return 3;
- }
- sector = fd_sector_calc(head, track, sect, drv->last_sect, NUM_SIDES(drv));
- ret = 0;
- if (sector != fd_sector(drv)) {
-#if 0
- if (!enable_seek) {
- FLOPPY_DPRINTF("error: no implicit seek %d %02x %02x"
- " (max=%d %02x %02x)\n",
- head, track, sect, 1, drv->max_track,
- drv->last_sect);
- return 4;
- }
-#endif
- drv->head = head;
- if (drv->track != track) {
- if (drv->bs != NULL && bdrv_is_inserted(drv->bs)) {
- drv->media_changed = 0;
- }
- ret = 1;
- }
- drv->track = track;
- drv->sect = sect;
- }
-
- if (drv->bs == NULL || !bdrv_is_inserted(drv->bs)) {
- ret = 2;
- }
-
- return ret;
-}
-
-/* Set drive back to track 0 */
-static void fd_recalibrate(FDrive *drv)
-{
- FLOPPY_DPRINTF("recalibrate\n");
- fd_seek(drv, 0, 0, 1, 1);
-}
-
-/* Revalidate a disk drive after a disk change */
-static void fd_revalidate(FDrive *drv)
-{
- int nb_heads, max_track, last_sect, ro;
- FDriveType drive;
- FDriveRate rate;
-
- FLOPPY_DPRINTF("revalidate\n");
- if (drv->bs != NULL) {
- ro = bdrv_is_read_only(drv->bs);
- pick_geometry(drv->bs, &nb_heads, &max_track,
- &last_sect, drv->drive, &drive, &rate);
- if (!bdrv_is_inserted(drv->bs)) {
- FLOPPY_DPRINTF("No disk in drive\n");
- } else {
- FLOPPY_DPRINTF("Floppy disk (%d h %d t %d s) %s\n", nb_heads,
- max_track, last_sect, ro ? "ro" : "rw");
- }
- if (nb_heads == 1) {
- drv->flags &= ~FDISK_DBL_SIDES;
- } else {
- drv->flags |= FDISK_DBL_SIDES;
- }
- drv->max_track = max_track;
- drv->last_sect = last_sect;
- drv->ro = ro;
- drv->drive = drive;
- drv->media_rate = rate;
- } else {
- FLOPPY_DPRINTF("No drive connected\n");
- drv->last_sect = 0;
- drv->max_track = 0;
- drv->flags &= ~FDISK_DBL_SIDES;
- }
-}
-
-/********************************************************/
-/* Intel 82078 floppy disk controller emulation */
-
-static void fdctrl_reset(FDCtrl *fdctrl, int do_irq);
-static void fdctrl_reset_fifo(FDCtrl *fdctrl);
-static int fdctrl_transfer_handler (void *opaque, int nchan,
- int dma_pos, int dma_len);
-static void fdctrl_raise_irq(FDCtrl *fdctrl);
-static FDrive *get_cur_drv(FDCtrl *fdctrl);
-
-static uint32_t fdctrl_read_statusA(FDCtrl *fdctrl);
-static uint32_t fdctrl_read_statusB(FDCtrl *fdctrl);
-static uint32_t fdctrl_read_dor(FDCtrl *fdctrl);
-static void fdctrl_write_dor(FDCtrl *fdctrl, uint32_t value);
-static uint32_t fdctrl_read_tape(FDCtrl *fdctrl);
-static void fdctrl_write_tape(FDCtrl *fdctrl, uint32_t value);
-static uint32_t fdctrl_read_main_status(FDCtrl *fdctrl);
-static void fdctrl_write_rate(FDCtrl *fdctrl, uint32_t value);
-static uint32_t fdctrl_read_data(FDCtrl *fdctrl);
-static void fdctrl_write_data(FDCtrl *fdctrl, uint32_t value);
-static uint32_t fdctrl_read_dir(FDCtrl *fdctrl);
-static void fdctrl_write_ccr(FDCtrl *fdctrl, uint32_t value);
-
-enum {
- FD_DIR_WRITE = 0,
- FD_DIR_READ = 1,
- FD_DIR_SCANE = 2,
- FD_DIR_SCANL = 3,
- FD_DIR_SCANH = 4,
- FD_DIR_VERIFY = 5,
-};
-
-enum {
- FD_STATE_MULTI = 0x01, /* multi track flag */
- FD_STATE_FORMAT = 0x02, /* format flag */
-};
-
-enum {
- FD_REG_SRA = 0x00,
- FD_REG_SRB = 0x01,
- FD_REG_DOR = 0x02,
- FD_REG_TDR = 0x03,
- FD_REG_MSR = 0x04,
- FD_REG_DSR = 0x04,
- FD_REG_FIFO = 0x05,
- FD_REG_DIR = 0x07,
- FD_REG_CCR = 0x07,
-};
-
-enum {
- FD_CMD_READ_TRACK = 0x02,
- FD_CMD_SPECIFY = 0x03,
- FD_CMD_SENSE_DRIVE_STATUS = 0x04,
- FD_CMD_WRITE = 0x05,
- FD_CMD_READ = 0x06,
- FD_CMD_RECALIBRATE = 0x07,
- FD_CMD_SENSE_INTERRUPT_STATUS = 0x08,
- FD_CMD_WRITE_DELETED = 0x09,
- FD_CMD_READ_ID = 0x0a,
- FD_CMD_READ_DELETED = 0x0c,
- FD_CMD_FORMAT_TRACK = 0x0d,
- FD_CMD_DUMPREG = 0x0e,
- FD_CMD_SEEK = 0x0f,
- FD_CMD_VERSION = 0x10,
- FD_CMD_SCAN_EQUAL = 0x11,
- FD_CMD_PERPENDICULAR_MODE = 0x12,
- FD_CMD_CONFIGURE = 0x13,
- FD_CMD_LOCK = 0x14,
- FD_CMD_VERIFY = 0x16,
- FD_CMD_POWERDOWN_MODE = 0x17,
- FD_CMD_PART_ID = 0x18,
- FD_CMD_SCAN_LOW_OR_EQUAL = 0x19,
- FD_CMD_SCAN_HIGH_OR_EQUAL = 0x1d,
- FD_CMD_SAVE = 0x2e,
- FD_CMD_OPTION = 0x33,
- FD_CMD_RESTORE = 0x4e,
- FD_CMD_DRIVE_SPECIFICATION_COMMAND = 0x8e,
- FD_CMD_RELATIVE_SEEK_OUT = 0x8f,
- FD_CMD_FORMAT_AND_WRITE = 0xcd,
- FD_CMD_RELATIVE_SEEK_IN = 0xcf,
-};
-
-enum {
- FD_CONFIG_PRETRK = 0xff, /* Pre-compensation set to track 0 */
- FD_CONFIG_FIFOTHR = 0x0f, /* FIFO threshold set to 1 byte */
- FD_CONFIG_POLL = 0x10, /* Poll enabled */
- FD_CONFIG_EFIFO = 0x20, /* FIFO disabled */
- FD_CONFIG_EIS = 0x40, /* No implied seeks */
-};
-
-enum {
- FD_SR0_DS0 = 0x01,
- FD_SR0_DS1 = 0x02,
- FD_SR0_HEAD = 0x04,
- FD_SR0_EQPMT = 0x10,
- FD_SR0_SEEK = 0x20,
- FD_SR0_ABNTERM = 0x40,
- FD_SR0_INVCMD = 0x80,
- FD_SR0_RDYCHG = 0xc0,
-};
-
-enum {
- FD_SR1_MA = 0x01, /* Missing address mark */
- FD_SR1_NW = 0x02, /* Not writable */
- FD_SR1_EC = 0x80, /* End of cylinder */
-};
-
-enum {
- FD_SR2_SNS = 0x04, /* Scan not satisfied */
- FD_SR2_SEH = 0x08, /* Scan equal hit */
-};
-
-enum {
- FD_SRA_DIR = 0x01,
- FD_SRA_nWP = 0x02,
- FD_SRA_nINDX = 0x04,
- FD_SRA_HDSEL = 0x08,
- FD_SRA_nTRK0 = 0x10,
- FD_SRA_STEP = 0x20,
- FD_SRA_nDRV2 = 0x40,
- FD_SRA_INTPEND = 0x80,
-};
-
-enum {
- FD_SRB_MTR0 = 0x01,
- FD_SRB_MTR1 = 0x02,
- FD_SRB_WGATE = 0x04,
- FD_SRB_RDATA = 0x08,
- FD_SRB_WDATA = 0x10,
- FD_SRB_DR0 = 0x20,
-};
-
-enum {
-#if MAX_FD == 4
- FD_DOR_SELMASK = 0x03,
-#else
- FD_DOR_SELMASK = 0x01,
-#endif
- FD_DOR_nRESET = 0x04,
- FD_DOR_DMAEN = 0x08,
- FD_DOR_MOTEN0 = 0x10,
- FD_DOR_MOTEN1 = 0x20,
- FD_DOR_MOTEN2 = 0x40,
- FD_DOR_MOTEN3 = 0x80,
-};
-
-enum {
-#if MAX_FD == 4
- FD_TDR_BOOTSEL = 0x0c,
-#else
- FD_TDR_BOOTSEL = 0x04,
-#endif
-};
-
-enum {
- FD_DSR_DRATEMASK= 0x03,
- FD_DSR_PWRDOWN = 0x40,
- FD_DSR_SWRESET = 0x80,
-};
-
-enum {
- FD_MSR_DRV0BUSY = 0x01,
- FD_MSR_DRV1BUSY = 0x02,
- FD_MSR_DRV2BUSY = 0x04,
- FD_MSR_DRV3BUSY = 0x08,
- FD_MSR_CMDBUSY = 0x10,
- FD_MSR_NONDMA = 0x20,
- FD_MSR_DIO = 0x40,
- FD_MSR_RQM = 0x80,
-};
-
-enum {
- FD_DIR_DSKCHG = 0x80,
-};
-
-#define FD_MULTI_TRACK(state) ((state) & FD_STATE_MULTI)
-#define FD_FORMAT_CMD(state) ((state) & FD_STATE_FORMAT)
-
-struct FDCtrl {
- MemoryRegion iomem;
- qemu_irq irq;
- /* Controller state */
- QEMUTimer *result_timer;
- int dma_chann;
- /* Controller's identification */
- uint8_t version;
- /* HW */
- uint8_t sra;
- uint8_t srb;
- uint8_t dor;
- uint8_t dor_vmstate; /* only used as temp during vmstate */
- uint8_t tdr;
- uint8_t dsr;
- uint8_t msr;
- uint8_t cur_drv;
- uint8_t status0;
- uint8_t status1;
- uint8_t status2;
- /* Command FIFO */
- uint8_t *fifo;
- int32_t fifo_size;
- uint32_t data_pos;
- uint32_t data_len;
- uint8_t data_state;
- uint8_t data_dir;
- uint8_t eot; /* last wanted sector */
- /* States kept only to be returned back */
- /* precompensation */
- uint8_t precomp_trk;
- uint8_t config;
- uint8_t lock;
- /* Power down config (also with status regB access mode */
- uint8_t pwrd;
- /* Floppy drives */
- uint8_t num_floppies;
- /* Sun4m quirks? */
- int sun4m;
- FDrive drives[MAX_FD];
- int reset_sensei;
- uint32_t check_media_rate;
- /* Timers state */
- uint8_t timer0;
- uint8_t timer1;
-};
-
-typedef struct FDCtrlSysBus {
- SysBusDevice busdev;
- struct FDCtrl state;
-} FDCtrlSysBus;
-
-typedef struct FDCtrlISABus {
- ISADevice busdev;
- uint32_t iobase;
- uint32_t irq;
- uint32_t dma;
- struct FDCtrl state;
- int32_t bootindexA;
- int32_t bootindexB;
-} FDCtrlISABus;
-
-static uint32_t fdctrl_read (void *opaque, uint32_t reg)
-{
- FDCtrl *fdctrl = opaque;
- uint32_t retval;
-
- reg &= 7;
- switch (reg) {
- case FD_REG_SRA:
- retval = fdctrl_read_statusA(fdctrl);
- break;
- case FD_REG_SRB:
- retval = fdctrl_read_statusB(fdctrl);
- break;
- case FD_REG_DOR:
- retval = fdctrl_read_dor(fdctrl);
- break;
- case FD_REG_TDR:
- retval = fdctrl_read_tape(fdctrl);
- break;
- case FD_REG_MSR:
- retval = fdctrl_read_main_status(fdctrl);
- break;
- case FD_REG_FIFO:
- retval = fdctrl_read_data(fdctrl);
- break;
- case FD_REG_DIR:
- retval = fdctrl_read_dir(fdctrl);
- break;
- default:
- retval = (uint32_t)(-1);
- break;
- }
- FLOPPY_DPRINTF("read reg%d: 0x%02x\n", reg & 7, retval);
-
- return retval;
-}
-
-static void fdctrl_write (void *opaque, uint32_t reg, uint32_t value)
-{
- FDCtrl *fdctrl = opaque;
-
- FLOPPY_DPRINTF("write reg%d: 0x%02x\n", reg & 7, value);
-
- reg &= 7;
- switch (reg) {
- case FD_REG_DOR:
- fdctrl_write_dor(fdctrl, value);
- break;
- case FD_REG_TDR:
- fdctrl_write_tape(fdctrl, value);
- break;
- case FD_REG_DSR:
- fdctrl_write_rate(fdctrl, value);
- break;
- case FD_REG_FIFO:
- fdctrl_write_data(fdctrl, value);
- break;
- case FD_REG_CCR:
- fdctrl_write_ccr(fdctrl, value);
- break;
- default:
- break;
- }
-}
-
-static uint64_t fdctrl_read_mem (void *opaque, hwaddr reg,
- unsigned ize)
-{
- return fdctrl_read(opaque, (uint32_t)reg);
-}
-
-static void fdctrl_write_mem (void *opaque, hwaddr reg,
- uint64_t value, unsigned size)
-{
- fdctrl_write(opaque, (uint32_t)reg, value);
-}
-
-static const MemoryRegionOps fdctrl_mem_ops = {
- .read = fdctrl_read_mem,
- .write = fdctrl_write_mem,
- .endianness = DEVICE_NATIVE_ENDIAN,
-};
-
-static const MemoryRegionOps fdctrl_mem_strict_ops = {
- .read = fdctrl_read_mem,
- .write = fdctrl_write_mem,
- .endianness = DEVICE_NATIVE_ENDIAN,
- .valid = {
- .min_access_size = 1,
- .max_access_size = 1,
- },
-};
-
-static bool fdrive_media_changed_needed(void *opaque)
-{
- FDrive *drive = opaque;
-
- return (drive->bs != NULL && drive->media_changed != 1);
-}
-
-static const VMStateDescription vmstate_fdrive_media_changed = {
- .name = "fdrive/media_changed",
- .version_id = 1,
- .minimum_version_id = 1,
- .minimum_version_id_old = 1,
- .fields = (VMStateField[]) {
- VMSTATE_UINT8(media_changed, FDrive),
- VMSTATE_END_OF_LIST()
- }
-};
-
-static bool fdrive_media_rate_needed(void *opaque)
-{
- FDrive *drive = opaque;
-
- return drive->fdctrl->check_media_rate;
-}
-
-static const VMStateDescription vmstate_fdrive_media_rate = {
- .name = "fdrive/media_rate",
- .version_id = 1,
- .minimum_version_id = 1,
- .minimum_version_id_old = 1,
- .fields = (VMStateField[]) {
- VMSTATE_UINT8(media_rate, FDrive),
- VMSTATE_END_OF_LIST()
- }
-};
-
-static const VMStateDescription vmstate_fdrive = {
- .name = "fdrive",
- .version_id = 1,
- .minimum_version_id = 1,
- .minimum_version_id_old = 1,
- .fields = (VMStateField[]) {
- VMSTATE_UINT8(head, FDrive),
- VMSTATE_UINT8(track, FDrive),
- VMSTATE_UINT8(sect, FDrive),
- VMSTATE_END_OF_LIST()
- },
- .subsections = (VMStateSubsection[]) {
- {
- .vmsd = &vmstate_fdrive_media_changed,
- .needed = &fdrive_media_changed_needed,
- } , {
- .vmsd = &vmstate_fdrive_media_rate,
- .needed = &fdrive_media_rate_needed,
- } , {
- /* empty */
- }
- }
-};
-
-static void fdc_pre_save(void *opaque)
-{
- FDCtrl *s = opaque;
-
- s->dor_vmstate = s->dor | GET_CUR_DRV(s);
-}
-
-static int fdc_post_load(void *opaque, int version_id)
-{
- FDCtrl *s = opaque;
-
- SET_CUR_DRV(s, s->dor_vmstate & FD_DOR_SELMASK);
- s->dor = s->dor_vmstate & ~FD_DOR_SELMASK;
- return 0;
-}
-
-static const VMStateDescription vmstate_fdc = {
- .name = "fdc",
- .version_id = 2,
- .minimum_version_id = 2,
- .minimum_version_id_old = 2,
- .pre_save = fdc_pre_save,
- .post_load = fdc_post_load,
- .fields = (VMStateField []) {
- /* Controller State */
- VMSTATE_UINT8(sra, FDCtrl),
- VMSTATE_UINT8(srb, FDCtrl),
- VMSTATE_UINT8(dor_vmstate, FDCtrl),
- VMSTATE_UINT8(tdr, FDCtrl),
- VMSTATE_UINT8(dsr, FDCtrl),
- VMSTATE_UINT8(msr, FDCtrl),
- VMSTATE_UINT8(status0, FDCtrl),
- VMSTATE_UINT8(status1, FDCtrl),
- VMSTATE_UINT8(status2, FDCtrl),
- /* Command FIFO */
- VMSTATE_VARRAY_INT32(fifo, FDCtrl, fifo_size, 0, vmstate_info_uint8,
- uint8_t),
- VMSTATE_UINT32(data_pos, FDCtrl),
- VMSTATE_UINT32(data_len, FDCtrl),
- VMSTATE_UINT8(data_state, FDCtrl),
- VMSTATE_UINT8(data_dir, FDCtrl),
- VMSTATE_UINT8(eot, FDCtrl),
- /* States kept only to be returned back */
- VMSTATE_UINT8(timer0, FDCtrl),
- VMSTATE_UINT8(timer1, FDCtrl),
- VMSTATE_UINT8(precomp_trk, FDCtrl),
- VMSTATE_UINT8(config, FDCtrl),
- VMSTATE_UINT8(lock, FDCtrl),
- VMSTATE_UINT8(pwrd, FDCtrl),
- VMSTATE_UINT8_EQUAL(num_floppies, FDCtrl),
- VMSTATE_STRUCT_ARRAY(drives, FDCtrl, MAX_FD, 1,
- vmstate_fdrive, FDrive),
- VMSTATE_END_OF_LIST()
- }
-};
-
-static void fdctrl_external_reset_sysbus(DeviceState *d)
-{
- FDCtrlSysBus *sys = container_of(d, FDCtrlSysBus, busdev.qdev);
- FDCtrl *s = &sys->state;
-
- fdctrl_reset(s, 0);
-}
-
-static void fdctrl_external_reset_isa(DeviceState *d)
-{
- FDCtrlISABus *isa = container_of(d, FDCtrlISABus, busdev.qdev);
- FDCtrl *s = &isa->state;
-
- fdctrl_reset(s, 0);
-}
-
-static void fdctrl_handle_tc(void *opaque, int irq, int level)
-{
- //FDCtrl *s = opaque;
-
- if (level) {
- // XXX
- FLOPPY_DPRINTF("TC pulsed\n");
- }
-}
-
-/* Change IRQ state */
-static void fdctrl_reset_irq(FDCtrl *fdctrl)
-{
- fdctrl->status0 = 0;
- if (!(fdctrl->sra & FD_SRA_INTPEND))
- return;
- FLOPPY_DPRINTF("Reset interrupt\n");
- qemu_set_irq(fdctrl->irq, 0);
- fdctrl->sra &= ~FD_SRA_INTPEND;
-}
-
-static void fdctrl_raise_irq(FDCtrl *fdctrl)
-{
- /* Sparc mutation */
- if (fdctrl->sun4m && (fdctrl->msr & FD_MSR_CMDBUSY)) {
- /* XXX: not sure */
- fdctrl->msr &= ~FD_MSR_CMDBUSY;
- fdctrl->msr |= FD_MSR_RQM | FD_MSR_DIO;
- return;
- }
- if (!(fdctrl->sra & FD_SRA_INTPEND)) {
- qemu_set_irq(fdctrl->irq, 1);
- fdctrl->sra |= FD_SRA_INTPEND;
- }
-
- fdctrl->reset_sensei = 0;
- FLOPPY_DPRINTF("Set interrupt status to 0x%02x\n", fdctrl->status0);
-}
-
-/* Reset controller */
-static void fdctrl_reset(FDCtrl *fdctrl, int do_irq)
-{
- int i;
-
- FLOPPY_DPRINTF("reset controller\n");
- fdctrl_reset_irq(fdctrl);
- /* Initialise controller */
- fdctrl->sra = 0;
- fdctrl->srb = 0xc0;
- if (!fdctrl->drives[1].bs)
- fdctrl->sra |= FD_SRA_nDRV2;
- fdctrl->cur_drv = 0;
- fdctrl->dor = FD_DOR_nRESET;
- fdctrl->dor |= (fdctrl->dma_chann != -1) ? FD_DOR_DMAEN : 0;
- fdctrl->msr = FD_MSR_RQM;
- /* FIFO state */
- fdctrl->data_pos = 0;
- fdctrl->data_len = 0;
- fdctrl->data_state = 0;
- fdctrl->data_dir = FD_DIR_WRITE;
- for (i = 0; i < MAX_FD; i++)
- fd_recalibrate(&fdctrl->drives[i]);
- fdctrl_reset_fifo(fdctrl);
- if (do_irq) {
- fdctrl->status0 |= FD_SR0_RDYCHG;
- fdctrl_raise_irq(fdctrl);
- fdctrl->reset_sensei = FD_RESET_SENSEI_COUNT;
- }
-}
-
-static inline FDrive *drv0(FDCtrl *fdctrl)
-{
- return &fdctrl->drives[(fdctrl->tdr & FD_TDR_BOOTSEL) >> 2];
-}
-
-static inline FDrive *drv1(FDCtrl *fdctrl)
-{
- if ((fdctrl->tdr & FD_TDR_BOOTSEL) < (1 << 2))
- return &fdctrl->drives[1];
- else
- return &fdctrl->drives[0];
-}
-
-#if MAX_FD == 4
-static inline FDrive *drv2(FDCtrl *fdctrl)
-{
- if ((fdctrl->tdr & FD_TDR_BOOTSEL) < (2 << 2))
- return &fdctrl->drives[2];
- else
- return &fdctrl->drives[1];
-}
-
-static inline FDrive *drv3(FDCtrl *fdctrl)
-{
- if ((fdctrl->tdr & FD_TDR_BOOTSEL) < (3 << 2))
- return &fdctrl->drives[3];
- else
- return &fdctrl->drives[2];
-}
-#endif
-
-static FDrive *get_cur_drv(FDCtrl *fdctrl)
-{
- switch (fdctrl->cur_drv) {
- case 0: return drv0(fdctrl);
- case 1: return drv1(fdctrl);
-#if MAX_FD == 4
- case 2: return drv2(fdctrl);
- case 3: return drv3(fdctrl);
-#endif
- default: return NULL;
- }
-}
-
-/* Status A register : 0x00 (read-only) */
-static uint32_t fdctrl_read_statusA(FDCtrl *fdctrl)
-{
- uint32_t retval = fdctrl->sra;
-
- FLOPPY_DPRINTF("status register A: 0x%02x\n", retval);
-
- return retval;
-}
-
-/* Status B register : 0x01 (read-only) */
-static uint32_t fdctrl_read_statusB(FDCtrl *fdctrl)
-{
- uint32_t retval = fdctrl->srb;
-
- FLOPPY_DPRINTF("status register B: 0x%02x\n", retval);
-
- return retval;
-}
-
-/* Digital output register : 0x02 */
-static uint32_t fdctrl_read_dor(FDCtrl *fdctrl)
-{
- uint32_t retval = fdctrl->dor;
-
- /* Selected drive */
- retval |= fdctrl->cur_drv;
- FLOPPY_DPRINTF("digital output register: 0x%02x\n", retval);
-
- return retval;
-}
-
-static void fdctrl_write_dor(FDCtrl *fdctrl, uint32_t value)
-{
- FLOPPY_DPRINTF("digital output register set to 0x%02x\n", value);
-
- /* Motors */
- if (value & FD_DOR_MOTEN0)
- fdctrl->srb |= FD_SRB_MTR0;
- else
- fdctrl->srb &= ~FD_SRB_MTR0;
- if (value & FD_DOR_MOTEN1)
- fdctrl->srb |= FD_SRB_MTR1;
- else
- fdctrl->srb &= ~FD_SRB_MTR1;
-
- /* Drive */
- if (value & 1)
- fdctrl->srb |= FD_SRB_DR0;
- else
- fdctrl->srb &= ~FD_SRB_DR0;
-
- /* Reset */
- if (!(value & FD_DOR_nRESET)) {
- if (fdctrl->dor & FD_DOR_nRESET) {
- FLOPPY_DPRINTF("controller enter RESET state\n");
- }
- } else {
- if (!(fdctrl->dor & FD_DOR_nRESET)) {
- FLOPPY_DPRINTF("controller out of RESET state\n");
- fdctrl_reset(fdctrl, 1);
- fdctrl->dsr &= ~FD_DSR_PWRDOWN;
- }
- }
- /* Selected drive */
- fdctrl->cur_drv = value & FD_DOR_SELMASK;
-
- fdctrl->dor = value;
-}
-
-/* Tape drive register : 0x03 */
-static uint32_t fdctrl_read_tape(FDCtrl *fdctrl)
-{
- uint32_t retval = fdctrl->tdr;
-
- FLOPPY_DPRINTF("tape drive register: 0x%02x\n", retval);
-
- return retval;
-}
-
-static void fdctrl_write_tape(FDCtrl *fdctrl, uint32_t value)
-{
- /* Reset mode */
- if (!(fdctrl->dor & FD_DOR_nRESET)) {
- FLOPPY_DPRINTF("Floppy controller in RESET state !\n");
- return;
- }
- FLOPPY_DPRINTF("tape drive register set to 0x%02x\n", value);
- /* Disk boot selection indicator */
- fdctrl->tdr = value & FD_TDR_BOOTSEL;
- /* Tape indicators: never allow */
-}
-
-/* Main status register : 0x04 (read) */
-static uint32_t fdctrl_read_main_status(FDCtrl *fdctrl)
-{
- uint32_t retval = fdctrl->msr;
-
- fdctrl->dsr &= ~FD_DSR_PWRDOWN;
- fdctrl->dor |= FD_DOR_nRESET;
-
- /* Sparc mutation */
- if (fdctrl->sun4m) {
- retval |= FD_MSR_DIO;
- fdctrl_reset_irq(fdctrl);
- };
-
- FLOPPY_DPRINTF("main status register: 0x%02x\n", retval);
-
- return retval;
-}
-
-/* Data select rate register : 0x04 (write) */
-static void fdctrl_write_rate(FDCtrl *fdctrl, uint32_t value)
-{
- /* Reset mode */
- if (!(fdctrl->dor & FD_DOR_nRESET)) {
- FLOPPY_DPRINTF("Floppy controller in RESET state !\n");
- return;
- }
- FLOPPY_DPRINTF("select rate register set to 0x%02x\n", value);
- /* Reset: autoclear */
- if (value & FD_DSR_SWRESET) {
- fdctrl->dor &= ~FD_DOR_nRESET;
- fdctrl_reset(fdctrl, 1);
- fdctrl->dor |= FD_DOR_nRESET;
- }
- if (value & FD_DSR_PWRDOWN) {
- fdctrl_reset(fdctrl, 1);
- }
- fdctrl->dsr = value;
-}
-
-/* Configuration control register: 0x07 (write) */
-static void fdctrl_write_ccr(FDCtrl *fdctrl, uint32_t value)
-{
- /* Reset mode */
- if (!(fdctrl->dor & FD_DOR_nRESET)) {
- FLOPPY_DPRINTF("Floppy controller in RESET state !\n");
- return;
- }
- FLOPPY_DPRINTF("configuration control register set to 0x%02x\n", value);
-
- /* Only the rate selection bits used in AT mode, and we
- * store those in the DSR.
- */
- fdctrl->dsr = (fdctrl->dsr & ~FD_DSR_DRATEMASK) |
- (value & FD_DSR_DRATEMASK);
-}
-
-static int fdctrl_media_changed(FDrive *drv)
-{
- return drv->media_changed;
-}
-
-/* Digital input register : 0x07 (read-only) */
-static uint32_t fdctrl_read_dir(FDCtrl *fdctrl)
-{
- uint32_t retval = 0;
-
- if (fdctrl_media_changed(get_cur_drv(fdctrl))) {
- retval |= FD_DIR_DSKCHG;
- }
- if (retval != 0) {
- FLOPPY_DPRINTF("Floppy digital input register: 0x%02x\n", retval);
- }
-
- return retval;
-}
-
-/* FIFO state control */
-static void fdctrl_reset_fifo(FDCtrl *fdctrl)
-{
- fdctrl->data_dir = FD_DIR_WRITE;
- fdctrl->data_pos = 0;
- fdctrl->msr &= ~(FD_MSR_CMDBUSY | FD_MSR_DIO);
-}
-
-/* Set FIFO status for the host to read */
-static void fdctrl_set_fifo(FDCtrl *fdctrl, int fifo_len)
-{
- fdctrl->data_dir = FD_DIR_READ;
- fdctrl->data_len = fifo_len;
- fdctrl->data_pos = 0;
- fdctrl->msr |= FD_MSR_CMDBUSY | FD_MSR_RQM | FD_MSR_DIO;
-}
-
-/* Set an error: unimplemented/unknown command */
-static void fdctrl_unimplemented(FDCtrl *fdctrl, int direction)
-{
- qemu_log_mask(LOG_UNIMP, "fdc: unimplemented command 0x%02x\n",
- fdctrl->fifo[0]);
- fdctrl->fifo[0] = FD_SR0_INVCMD;
- fdctrl_set_fifo(fdctrl, 1);
-}
-
-/* Seek to next sector
- * returns 0 when end of track reached (for DBL_SIDES on head 1)
- * otherwise returns 1
- */
-static int fdctrl_seek_to_next_sect(FDCtrl *fdctrl, FDrive *cur_drv)
-{
- FLOPPY_DPRINTF("seek to next sector (%d %02x %02x => %d)\n",
- cur_drv->head, cur_drv->track, cur_drv->sect,
- fd_sector(cur_drv));
- /* XXX: cur_drv->sect >= cur_drv->last_sect should be an
- error in fact */
- uint8_t new_head = cur_drv->head;
- uint8_t new_track = cur_drv->track;
- uint8_t new_sect = cur_drv->sect;
-
- int ret = 1;
-
- if (new_sect >= cur_drv->last_sect ||
- new_sect == fdctrl->eot) {
- new_sect = 1;
- if (FD_MULTI_TRACK(fdctrl->data_state)) {
- if (new_head == 0 &&
- (cur_drv->flags & FDISK_DBL_SIDES) != 0) {
- new_head = 1;
- } else {
- new_head = 0;
- new_track++;
- fdctrl->status0 |= FD_SR0_SEEK;
- if ((cur_drv->flags & FDISK_DBL_SIDES) == 0) {
- ret = 0;
- }
- }
- } else {
- fdctrl->status0 |= FD_SR0_SEEK;
- new_track++;
- ret = 0;
- }
- if (ret == 1) {
- FLOPPY_DPRINTF("seek to next track (%d %02x %02x => %d)\n",
- new_head, new_track, new_sect, fd_sector(cur_drv));
- }
- } else {
- new_sect++;
- }
- fd_seek(cur_drv, new_head, new_track, new_sect, 1);
- return ret;
-}
-
-/* Callback for transfer end (stop or abort) */
-static void fdctrl_stop_transfer(FDCtrl *fdctrl, uint8_t status0,
- uint8_t status1, uint8_t status2)
-{
- FDrive *cur_drv;
- cur_drv = get_cur_drv(fdctrl);
-
- fdctrl->status0 &= ~(FD_SR0_DS0 | FD_SR0_DS1 | FD_SR0_HEAD);
- fdctrl->status0 |= GET_CUR_DRV(fdctrl);
- if (cur_drv->head) {
- fdctrl->status0 |= FD_SR0_HEAD;
- }
- fdctrl->status0 |= status0;
-
- FLOPPY_DPRINTF("transfer status: %02x %02x %02x (%02x)\n",
- status0, status1, status2, fdctrl->status0);
- fdctrl->fifo[0] = fdctrl->status0;
- fdctrl->fifo[1] = status1;
- fdctrl->fifo[2] = status2;
- fdctrl->fifo[3] = cur_drv->track;
- fdctrl->fifo[4] = cur_drv->head;
- fdctrl->fifo[5] = cur_drv->sect;
- fdctrl->fifo[6] = FD_SECTOR_SC;
- fdctrl->data_dir = FD_DIR_READ;
- if (!(fdctrl->msr & FD_MSR_NONDMA)) {
- DMA_release_DREQ(fdctrl->dma_chann);
- }
- fdctrl->msr |= FD_MSR_RQM | FD_MSR_DIO;
- fdctrl->msr &= ~FD_MSR_NONDMA;
-
- fdctrl_set_fifo(fdctrl, 7);
- fdctrl_raise_irq(fdctrl);
-}
-
-/* Prepare a data transfer (either DMA or FIFO) */
-static void fdctrl_start_transfer(FDCtrl *fdctrl, int direction)
-{
- FDrive *cur_drv;
- uint8_t kh, kt, ks;
-
- SET_CUR_DRV(fdctrl, fdctrl->fifo[1] & FD_DOR_SELMASK);
- cur_drv = get_cur_drv(fdctrl);
- kt = fdctrl->fifo[2];
- kh = fdctrl->fifo[3];
- ks = fdctrl->fifo[4];
- FLOPPY_DPRINTF("Start transfer at %d %d %02x %02x (%d)\n",
- GET_CUR_DRV(fdctrl), kh, kt, ks,
- fd_sector_calc(kh, kt, ks, cur_drv->last_sect,
- NUM_SIDES(cur_drv)));
- switch (fd_seek(cur_drv, kh, kt, ks, fdctrl->config & FD_CONFIG_EIS)) {
- case 2:
- /* sect too big */
- fdctrl_stop_transfer(fdctrl, FD_SR0_ABNTERM, 0x00, 0x00);
- fdctrl->fifo[3] = kt;
- fdctrl->fifo[4] = kh;
- fdctrl->fifo[5] = ks;
- return;
- case 3:
- /* track too big */
- fdctrl_stop_transfer(fdctrl, FD_SR0_ABNTERM, FD_SR1_EC, 0x00);
- fdctrl->fifo[3] = kt;
- fdctrl->fifo[4] = kh;
- fdctrl->fifo[5] = ks;
- return;
- case 4:
- /* No seek enabled */
- fdctrl_stop_transfer(fdctrl, FD_SR0_ABNTERM, 0x00, 0x00);
- fdctrl->fifo[3] = kt;
- fdctrl->fifo[4] = kh;
- fdctrl->fifo[5] = ks;
- return;
- case 1:
- fdctrl->status0 |= FD_SR0_SEEK;
- break;
- default:
- break;
- }
-
- /* Check the data rate. If the programmed data rate does not match
- * the currently inserted medium, the operation has to fail. */
- if (fdctrl->check_media_rate &&
- (fdctrl->dsr & FD_DSR_DRATEMASK) != cur_drv->media_rate) {
- FLOPPY_DPRINTF("data rate mismatch (fdc=%d, media=%d)\n",
- fdctrl->dsr & FD_DSR_DRATEMASK, cur_drv->media_rate);
- fdctrl_stop_transfer(fdctrl, FD_SR0_ABNTERM, FD_SR1_MA, 0x00);
- fdctrl->fifo[3] = kt;
- fdctrl->fifo[4] = kh;
- fdctrl->fifo[5] = ks;
- return;
- }
-
- /* Set the FIFO state */
- fdctrl->data_dir = direction;
- fdctrl->data_pos = 0;
- assert(fdctrl->msr & FD_MSR_CMDBUSY);
- if (fdctrl->fifo[0] & 0x80)
- fdctrl->data_state |= FD_STATE_MULTI;
- else
- fdctrl->data_state &= ~FD_STATE_MULTI;
- if (fdctrl->fifo[5] == 0) {
- fdctrl->data_len = fdctrl->fifo[8];
- } else {
- int tmp;
- fdctrl->data_len = 128 << (fdctrl->fifo[5] > 7 ? 7 : fdctrl->fifo[5]);
- tmp = (fdctrl->fifo[6] - ks + 1);
- if (fdctrl->fifo[0] & 0x80)
- tmp += fdctrl->fifo[6];
- fdctrl->data_len *= tmp;
- }
- fdctrl->eot = fdctrl->fifo[6];
- if (fdctrl->dor & FD_DOR_DMAEN) {
- int dma_mode;
- /* DMA transfer are enabled. Check if DMA channel is well programmed */
- dma_mode = DMA_get_channel_mode(fdctrl->dma_chann);
- dma_mode = (dma_mode >> 2) & 3;
- FLOPPY_DPRINTF("dma_mode=%d direction=%d (%d - %d)\n",
- dma_mode, direction,
- (128 << fdctrl->fifo[5]) *
- (cur_drv->last_sect - ks + 1), fdctrl->data_len);
- if (((direction == FD_DIR_SCANE || direction == FD_DIR_SCANL ||
- direction == FD_DIR_SCANH) && dma_mode == 0) ||
- (direction == FD_DIR_WRITE && dma_mode == 2) ||
- (direction == FD_DIR_READ && dma_mode == 1) ||
- (direction == FD_DIR_VERIFY)) {
- /* No access is allowed until DMA transfer has completed */
- fdctrl->msr &= ~FD_MSR_RQM;
- if (direction != FD_DIR_VERIFY) {
- /* Now, we just have to wait for the DMA controller to
- * recall us...
- */
- DMA_hold_DREQ(fdctrl->dma_chann);
- DMA_schedule(fdctrl->dma_chann);
- } else {
- /* Start transfer */
- fdctrl_transfer_handler(fdctrl, fdctrl->dma_chann, 0,
- fdctrl->data_len);
- }
- return;
- } else {
- FLOPPY_DPRINTF("bad dma_mode=%d direction=%d\n", dma_mode,
- direction);
- }
- }
- FLOPPY_DPRINTF("start non-DMA transfer\n");
- fdctrl->msr |= FD_MSR_NONDMA;
- if (direction != FD_DIR_WRITE)
- fdctrl->msr |= FD_MSR_DIO;
- /* IO based transfer: calculate len */
- fdctrl_raise_irq(fdctrl);
-}
-
-/* Prepare a transfer of deleted data */
-static void fdctrl_start_transfer_del(FDCtrl *fdctrl, int direction)
-{
- qemu_log_mask(LOG_UNIMP, "fdctrl_start_transfer_del() unimplemented\n");
-
- /* We don't handle deleted data,
- * so we don't return *ANYTHING*
- */
- fdctrl_stop_transfer(fdctrl, FD_SR0_ABNTERM | FD_SR0_SEEK, 0x00, 0x00);
-}
-
-/* handlers for DMA transfers */
-static int fdctrl_transfer_handler (void *opaque, int nchan,
- int dma_pos, int dma_len)
-{
- FDCtrl *fdctrl;
- FDrive *cur_drv;
- int len, start_pos, rel_pos;
- uint8_t status0 = 0x00, status1 = 0x00, status2 = 0x00;
-
- fdctrl = opaque;
- if (fdctrl->msr & FD_MSR_RQM) {
- FLOPPY_DPRINTF("Not in DMA transfer mode !\n");
- return 0;
- }
- cur_drv = get_cur_drv(fdctrl);
- if (fdctrl->data_dir == FD_DIR_SCANE || fdctrl->data_dir == FD_DIR_SCANL ||
- fdctrl->data_dir == FD_DIR_SCANH)
- status2 = FD_SR2_SNS;
- if (dma_len > fdctrl->data_len)
- dma_len = fdctrl->data_len;
- if (cur_drv->bs == NULL) {
- if (fdctrl->data_dir == FD_DIR_WRITE)
- fdctrl_stop_transfer(fdctrl, FD_SR0_ABNTERM | FD_SR0_SEEK, 0x00, 0x00);
- else
- fdctrl_stop_transfer(fdctrl, FD_SR0_ABNTERM, 0x00, 0x00);
- len = 0;
- goto transfer_error;
- }
- rel_pos = fdctrl->data_pos % FD_SECTOR_LEN;
- for (start_pos = fdctrl->data_pos; fdctrl->data_pos < dma_len;) {
- len = dma_len - fdctrl->data_pos;
- if (len + rel_pos > FD_SECTOR_LEN)
- len = FD_SECTOR_LEN - rel_pos;
- FLOPPY_DPRINTF("copy %d bytes (%d %d %d) %d pos %d %02x "
- "(%d-0x%08x 0x%08x)\n", len, dma_len, fdctrl->data_pos,
- fdctrl->data_len, GET_CUR_DRV(fdctrl), cur_drv->head,
- cur_drv->track, cur_drv->sect, fd_sector(cur_drv),
- fd_sector(cur_drv) * FD_SECTOR_LEN);
- if (fdctrl->data_dir != FD_DIR_WRITE ||
- len < FD_SECTOR_LEN || rel_pos != 0) {
- /* READ & SCAN commands and realign to a sector for WRITE */
- if (bdrv_read(cur_drv->bs, fd_sector(cur_drv),
- fdctrl->fifo, 1) < 0) {
- FLOPPY_DPRINTF("Floppy: error getting sector %d\n",
- fd_sector(cur_drv));
- /* Sure, image size is too small... */
- memset(fdctrl->fifo, 0, FD_SECTOR_LEN);
- }
- }
- switch (fdctrl->data_dir) {
- case FD_DIR_READ:
- /* READ commands */
- DMA_write_memory (nchan, fdctrl->fifo + rel_pos,
- fdctrl->data_pos, len);
- break;
- case FD_DIR_WRITE:
- /* WRITE commands */
- if (cur_drv->ro) {
- /* Handle readonly medium early, no need to do DMA, touch the
- * LED or attempt any writes. A real floppy doesn't attempt
- * to write to readonly media either. */
- fdctrl_stop_transfer(fdctrl,
- FD_SR0_ABNTERM | FD_SR0_SEEK, FD_SR1_NW,
- 0x00);
- goto transfer_error;
- }
-
- DMA_read_memory (nchan, fdctrl->fifo + rel_pos,
- fdctrl->data_pos, len);
- if (bdrv_write(cur_drv->bs, fd_sector(cur_drv),
- fdctrl->fifo, 1) < 0) {
- FLOPPY_DPRINTF("error writing sector %d\n",
- fd_sector(cur_drv));
- fdctrl_stop_transfer(fdctrl, FD_SR0_ABNTERM | FD_SR0_SEEK, 0x00, 0x00);
- goto transfer_error;
- }
- break;
- case FD_DIR_VERIFY:
- /* VERIFY commands */
- break;
- default:
- /* SCAN commands */
- {
- uint8_t tmpbuf[FD_SECTOR_LEN];
- int ret;
- DMA_read_memory (nchan, tmpbuf, fdctrl->data_pos, len);
- ret = memcmp(tmpbuf, fdctrl->fifo + rel_pos, len);
- if (ret == 0) {
- status2 = FD_SR2_SEH;
- goto end_transfer;
- }
- if ((ret < 0 && fdctrl->data_dir == FD_DIR_SCANL) ||
- (ret > 0 && fdctrl->data_dir == FD_DIR_SCANH)) {
- status2 = 0x00;
- goto end_transfer;
- }
- }
- break;
- }
- fdctrl->data_pos += len;
- rel_pos = fdctrl->data_pos % FD_SECTOR_LEN;
- if (rel_pos == 0) {
- /* Seek to next sector */
- if (!fdctrl_seek_to_next_sect(fdctrl, cur_drv))
- break;
- }
- }
- end_transfer:
- len = fdctrl->data_pos - start_pos;
- FLOPPY_DPRINTF("end transfer %d %d %d\n",
- fdctrl->data_pos, len, fdctrl->data_len);
- if (fdctrl->data_dir == FD_DIR_SCANE ||
- fdctrl->data_dir == FD_DIR_SCANL ||
- fdctrl->data_dir == FD_DIR_SCANH)
- status2 = FD_SR2_SEH;
- fdctrl->data_len -= len;
- fdctrl_stop_transfer(fdctrl, status0, status1, status2);
- transfer_error:
-
- return len;
-}
-
-/* Data register : 0x05 */
-static uint32_t fdctrl_read_data(FDCtrl *fdctrl)
-{
- FDrive *cur_drv;
- uint32_t retval = 0;
- int pos;
-
- cur_drv = get_cur_drv(fdctrl);
- fdctrl->dsr &= ~FD_DSR_PWRDOWN;
- if (!(fdctrl->msr & FD_MSR_RQM) || !(fdctrl->msr & FD_MSR_DIO)) {
- FLOPPY_DPRINTF("error: controller not ready for reading\n");
- return 0;
- }
- pos = fdctrl->data_pos;
- if (fdctrl->msr & FD_MSR_NONDMA) {
- pos %= FD_SECTOR_LEN;
- if (pos == 0) {
- if (fdctrl->data_pos != 0)
- if (!fdctrl_seek_to_next_sect(fdctrl, cur_drv)) {
- FLOPPY_DPRINTF("error seeking to next sector %d\n",
- fd_sector(cur_drv));
- return 0;
- }
- if (bdrv_read(cur_drv->bs, fd_sector(cur_drv), fdctrl->fifo, 1) < 0) {
- FLOPPY_DPRINTF("error getting sector %d\n",
- fd_sector(cur_drv));
- /* Sure, image size is too small... */
- memset(fdctrl->fifo, 0, FD_SECTOR_LEN);
- }
- }
- }
- retval = fdctrl->fifo[pos];
- if (++fdctrl->data_pos == fdctrl->data_len) {
- fdctrl->data_pos = 0;
- /* Switch from transfer mode to status mode
- * then from status mode to command mode
- */
- if (fdctrl->msr & FD_MSR_NONDMA) {
- fdctrl_stop_transfer(fdctrl, 0x00, 0x00, 0x00);
- } else {
- fdctrl_reset_fifo(fdctrl);
- fdctrl_reset_irq(fdctrl);
- }
- }
- FLOPPY_DPRINTF("data register: 0x%02x\n", retval);
-
- return retval;
-}
-
-static void fdctrl_format_sector(FDCtrl *fdctrl)
-{
- FDrive *cur_drv;
- uint8_t kh, kt, ks;
-
- SET_CUR_DRV(fdctrl, fdctrl->fifo[1] & FD_DOR_SELMASK);
- cur_drv = get_cur_drv(fdctrl);
- kt = fdctrl->fifo[6];
- kh = fdctrl->fifo[7];
- ks = fdctrl->fifo[8];
- FLOPPY_DPRINTF("format sector at %d %d %02x %02x (%d)\n",
- GET_CUR_DRV(fdctrl), kh, kt, ks,
- fd_sector_calc(kh, kt, ks, cur_drv->last_sect,
- NUM_SIDES(cur_drv)));
- switch (fd_seek(cur_drv, kh, kt, ks, fdctrl->config & FD_CONFIG_EIS)) {
- case 2:
- /* sect too big */
- fdctrl_stop_transfer(fdctrl, FD_SR0_ABNTERM, 0x00, 0x00);
- fdctrl->fifo[3] = kt;
- fdctrl->fifo[4] = kh;
- fdctrl->fifo[5] = ks;
- return;
- case 3:
- /* track too big */
- fdctrl_stop_transfer(fdctrl, FD_SR0_ABNTERM, FD_SR1_EC, 0x00);
- fdctrl->fifo[3] = kt;
- fdctrl->fifo[4] = kh;
- fdctrl->fifo[5] = ks;
- return;
- case 4:
- /* No seek enabled */
- fdctrl_stop_transfer(fdctrl, FD_SR0_ABNTERM, 0x00, 0x00);
- fdctrl->fifo[3] = kt;
- fdctrl->fifo[4] = kh;
- fdctrl->fifo[5] = ks;
- return;
- case 1:
- fdctrl->status0 |= FD_SR0_SEEK;
- break;
- default:
- break;
- }
- memset(fdctrl->fifo, 0, FD_SECTOR_LEN);
- if (cur_drv->bs == NULL ||
- bdrv_write(cur_drv->bs, fd_sector(cur_drv), fdctrl->fifo, 1) < 0) {
- FLOPPY_DPRINTF("error formatting sector %d\n", fd_sector(cur_drv));
- fdctrl_stop_transfer(fdctrl, FD_SR0_ABNTERM | FD_SR0_SEEK, 0x00, 0x00);
- } else {
- if (cur_drv->sect == cur_drv->last_sect) {
- fdctrl->data_state &= ~FD_STATE_FORMAT;
- /* Last sector done */
- fdctrl_stop_transfer(fdctrl, 0x00, 0x00, 0x00);
- } else {
- /* More to do */
- fdctrl->data_pos = 0;
- fdctrl->data_len = 4;
- }
- }
-}
-
-static void fdctrl_handle_lock(FDCtrl *fdctrl, int direction)
-{
- fdctrl->lock = (fdctrl->fifo[0] & 0x80) ? 1 : 0;
- fdctrl->fifo[0] = fdctrl->lock << 4;
- fdctrl_set_fifo(fdctrl, 1);
-}
-
-static void fdctrl_handle_dumpreg(FDCtrl *fdctrl, int direction)
-{
- FDrive *cur_drv = get_cur_drv(fdctrl);
-
- /* Drives position */
- fdctrl->fifo[0] = drv0(fdctrl)->track;
- fdctrl->fifo[1] = drv1(fdctrl)->track;
-#if MAX_FD == 4
- fdctrl->fifo[2] = drv2(fdctrl)->track;
- fdctrl->fifo[3] = drv3(fdctrl)->track;
-#else
- fdctrl->fifo[2] = 0;
- fdctrl->fifo[3] = 0;
-#endif
- /* timers */
- fdctrl->fifo[4] = fdctrl->timer0;
- fdctrl->fifo[5] = (fdctrl->timer1 << 1) | (fdctrl->dor & FD_DOR_DMAEN ? 1 : 0);
- fdctrl->fifo[6] = cur_drv->last_sect;
- fdctrl->fifo[7] = (fdctrl->lock << 7) |
- (cur_drv->perpendicular << 2);
- fdctrl->fifo[8] = fdctrl->config;
- fdctrl->fifo[9] = fdctrl->precomp_trk;
- fdctrl_set_fifo(fdctrl, 10);
-}
-
-static void fdctrl_handle_version(FDCtrl *fdctrl, int direction)
-{
- /* Controller's version */
- fdctrl->fifo[0] = fdctrl->version;
- fdctrl_set_fifo(fdctrl, 1);
-}
-
-static void fdctrl_handle_partid(FDCtrl *fdctrl, int direction)
-{
- fdctrl->fifo[0] = 0x41; /* Stepping 1 */
- fdctrl_set_fifo(fdctrl, 1);
-}
-
-static void fdctrl_handle_restore(FDCtrl *fdctrl, int direction)
-{
- FDrive *cur_drv = get_cur_drv(fdctrl);
-
- /* Drives position */
- drv0(fdctrl)->track = fdctrl->fifo[3];
- drv1(fdctrl)->track = fdctrl->fifo[4];
-#if MAX_FD == 4
- drv2(fdctrl)->track = fdctrl->fifo[5];
- drv3(fdctrl)->track = fdctrl->fifo[6];
-#endif
- /* timers */
- fdctrl->timer0 = fdctrl->fifo[7];
- fdctrl->timer1 = fdctrl->fifo[8];
- cur_drv->last_sect = fdctrl->fifo[9];
- fdctrl->lock = fdctrl->fifo[10] >> 7;
- cur_drv->perpendicular = (fdctrl->fifo[10] >> 2) & 0xF;
- fdctrl->config = fdctrl->fifo[11];
- fdctrl->precomp_trk = fdctrl->fifo[12];
- fdctrl->pwrd = fdctrl->fifo[13];
- fdctrl_reset_fifo(fdctrl);
-}
-
-static void fdctrl_handle_save(FDCtrl *fdctrl, int direction)
-{
- FDrive *cur_drv = get_cur_drv(fdctrl);
-
- fdctrl->fifo[0] = 0;
- fdctrl->fifo[1] = 0;
- /* Drives position */
- fdctrl->fifo[2] = drv0(fdctrl)->track;
- fdctrl->fifo[3] = drv1(fdctrl)->track;
-#if MAX_FD == 4
- fdctrl->fifo[4] = drv2(fdctrl)->track;
- fdctrl->fifo[5] = drv3(fdctrl)->track;
-#else
- fdctrl->fifo[4] = 0;
- fdctrl->fifo[5] = 0;
-#endif
- /* timers */
- fdctrl->fifo[6] = fdctrl->timer0;
- fdctrl->fifo[7] = fdctrl->timer1;
- fdctrl->fifo[8] = cur_drv->last_sect;
- fdctrl->fifo[9] = (fdctrl->lock << 7) |
- (cur_drv->perpendicular << 2);
- fdctrl->fifo[10] = fdctrl->config;
- fdctrl->fifo[11] = fdctrl->precomp_trk;
- fdctrl->fifo[12] = fdctrl->pwrd;
- fdctrl->fifo[13] = 0;
- fdctrl->fifo[14] = 0;
- fdctrl_set_fifo(fdctrl, 15);
-}
-
-static void fdctrl_handle_readid(FDCtrl *fdctrl, int direction)
-{
- FDrive *cur_drv = get_cur_drv(fdctrl);
-
- cur_drv->head = (fdctrl->fifo[1] >> 2) & 1;
- qemu_mod_timer(fdctrl->result_timer,
- qemu_get_clock_ns(vm_clock) + (get_ticks_per_sec() / 50));
-}
-
-static void fdctrl_handle_format_track(FDCtrl *fdctrl, int direction)
-{
- FDrive *cur_drv;
-
- SET_CUR_DRV(fdctrl, fdctrl->fifo[1] & FD_DOR_SELMASK);
- cur_drv = get_cur_drv(fdctrl);
- fdctrl->data_state |= FD_STATE_FORMAT;
- if (fdctrl->fifo[0] & 0x80)
- fdctrl->data_state |= FD_STATE_MULTI;
- else
- fdctrl->data_state &= ~FD_STATE_MULTI;
- cur_drv->bps =
- fdctrl->fifo[2] > 7 ? 16384 : 128 << fdctrl->fifo[2];
-#if 0
- cur_drv->last_sect =
- cur_drv->flags & FDISK_DBL_SIDES ? fdctrl->fifo[3] :
- fdctrl->fifo[3] / 2;
-#else
- cur_drv->last_sect = fdctrl->fifo[3];
-#endif
- /* TODO: implement format using DMA expected by the Bochs BIOS
- * and Linux fdformat (read 3 bytes per sector via DMA and fill
- * the sector with the specified fill byte
- */
- fdctrl->data_state &= ~FD_STATE_FORMAT;
- fdctrl_stop_transfer(fdctrl, 0x00, 0x00, 0x00);
-}
-
-static void fdctrl_handle_specify(FDCtrl *fdctrl, int direction)
-{
- fdctrl->timer0 = (fdctrl->fifo[1] >> 4) & 0xF;
- fdctrl->timer1 = fdctrl->fifo[2] >> 1;
- if (fdctrl->fifo[2] & 1)
- fdctrl->dor &= ~FD_DOR_DMAEN;
- else
- fdctrl->dor |= FD_DOR_DMAEN;
- /* No result back */
- fdctrl_reset_fifo(fdctrl);
-}
-
-static void fdctrl_handle_sense_drive_status(FDCtrl *fdctrl, int direction)
-{
- FDrive *cur_drv;
-
- SET_CUR_DRV(fdctrl, fdctrl->fifo[1] & FD_DOR_SELMASK);
- cur_drv = get_cur_drv(fdctrl);
- cur_drv->head = (fdctrl->fifo[1] >> 2) & 1;
- /* 1 Byte status back */
- fdctrl->fifo[0] = (cur_drv->ro << 6) |
- (cur_drv->track == 0 ? 0x10 : 0x00) |
- (cur_drv->head << 2) |
- GET_CUR_DRV(fdctrl) |
- 0x28;
- fdctrl_set_fifo(fdctrl, 1);
-}
-
-static void fdctrl_handle_recalibrate(FDCtrl *fdctrl, int direction)
-{
- FDrive *cur_drv;
-
- SET_CUR_DRV(fdctrl, fdctrl->fifo[1] & FD_DOR_SELMASK);
- cur_drv = get_cur_drv(fdctrl);
- fd_recalibrate(cur_drv);
- fdctrl_reset_fifo(fdctrl);
- /* Raise Interrupt */
- fdctrl->status0 |= FD_SR0_SEEK;
- fdctrl_raise_irq(fdctrl);
-}
-
-static void fdctrl_handle_sense_interrupt_status(FDCtrl *fdctrl, int direction)
-{
- FDrive *cur_drv = get_cur_drv(fdctrl);
-
- if (fdctrl->reset_sensei > 0) {
- fdctrl->fifo[0] =
- FD_SR0_RDYCHG + FD_RESET_SENSEI_COUNT - fdctrl->reset_sensei;
- fdctrl->reset_sensei--;
- } else if (!(fdctrl->sra & FD_SRA_INTPEND)) {
- fdctrl->fifo[0] = FD_SR0_INVCMD;
- fdctrl_set_fifo(fdctrl, 1);
- return;
- } else {
- fdctrl->fifo[0] =
- (fdctrl->status0 & ~(FD_SR0_HEAD | FD_SR0_DS1 | FD_SR0_DS0))
- | GET_CUR_DRV(fdctrl);
- }
-
- fdctrl->fifo[1] = cur_drv->track;
- fdctrl_set_fifo(fdctrl, 2);
- fdctrl_reset_irq(fdctrl);
- fdctrl->status0 = FD_SR0_RDYCHG;
-}
-
-static void fdctrl_handle_seek(FDCtrl *fdctrl, int direction)
-{
- FDrive *cur_drv;
-
- SET_CUR_DRV(fdctrl, fdctrl->fifo[1] & FD_DOR_SELMASK);
- cur_drv = get_cur_drv(fdctrl);
- fdctrl_reset_fifo(fdctrl);
- /* The seek command just sends step pulses to the drive and doesn't care if
- * there is a medium inserted of if it's banging the head against the drive.
- */
- fd_seek(cur_drv, cur_drv->head, fdctrl->fifo[2], cur_drv->sect, 1);
- /* Raise Interrupt */
- fdctrl->status0 |= FD_SR0_SEEK;
- fdctrl_raise_irq(fdctrl);
-}
-
-static void fdctrl_handle_perpendicular_mode(FDCtrl *fdctrl, int direction)
-{
- FDrive *cur_drv = get_cur_drv(fdctrl);
-
- if (fdctrl->fifo[1] & 0x80)
- cur_drv->perpendicular = fdctrl->fifo[1] & 0x7;
- /* No result back */
- fdctrl_reset_fifo(fdctrl);
-}
-
-static void fdctrl_handle_configure(FDCtrl *fdctrl, int direction)
-{
- fdctrl->config = fdctrl->fifo[2];
- fdctrl->precomp_trk = fdctrl->fifo[3];
- /* No result back */
- fdctrl_reset_fifo(fdctrl);
-}
-
-static void fdctrl_handle_powerdown_mode(FDCtrl *fdctrl, int direction)
-{
- fdctrl->pwrd = fdctrl->fifo[1];
- fdctrl->fifo[0] = fdctrl->fifo[1];
- fdctrl_set_fifo(fdctrl, 1);
-}
-
-static void fdctrl_handle_option(FDCtrl *fdctrl, int direction)
-{
- /* No result back */
- fdctrl_reset_fifo(fdctrl);
-}
-
-static void fdctrl_handle_drive_specification_command(FDCtrl *fdctrl, int direction)
-{
- FDrive *cur_drv = get_cur_drv(fdctrl);
-
- if (fdctrl->fifo[fdctrl->data_pos - 1] & 0x80) {
- /* Command parameters done */
- if (fdctrl->fifo[fdctrl->data_pos - 1] & 0x40) {
- fdctrl->fifo[0] = fdctrl->fifo[1];
- fdctrl->fifo[2] = 0;
- fdctrl->fifo[3] = 0;
- fdctrl_set_fifo(fdctrl, 4);
- } else {
- fdctrl_reset_fifo(fdctrl);
- }
- } else if (fdctrl->data_len > 7) {
- /* ERROR */
- fdctrl->fifo[0] = 0x80 |
- (cur_drv->head << 2) | GET_CUR_DRV(fdctrl);
- fdctrl_set_fifo(fdctrl, 1);
- }
-}
-
-static void fdctrl_handle_relative_seek_in(FDCtrl *fdctrl, int direction)
-{
- FDrive *cur_drv;
-
- SET_CUR_DRV(fdctrl, fdctrl->fifo[1] & FD_DOR_SELMASK);
- cur_drv = get_cur_drv(fdctrl);
- if (fdctrl->fifo[2] + cur_drv->track >= cur_drv->max_track) {
- fd_seek(cur_drv, cur_drv->head, cur_drv->max_track - 1,
- cur_drv->sect, 1);
- } else {
- fd_seek(cur_drv, cur_drv->head,
- cur_drv->track + fdctrl->fifo[2], cur_drv->sect, 1);
- }
- fdctrl_reset_fifo(fdctrl);
- /* Raise Interrupt */
- fdctrl->status0 |= FD_SR0_SEEK;
- fdctrl_raise_irq(fdctrl);
-}
-
-static void fdctrl_handle_relative_seek_out(FDCtrl *fdctrl, int direction)
-{
- FDrive *cur_drv;
-
- SET_CUR_DRV(fdctrl, fdctrl->fifo[1] & FD_DOR_SELMASK);
- cur_drv = get_cur_drv(fdctrl);
- if (fdctrl->fifo[2] > cur_drv->track) {
- fd_seek(cur_drv, cur_drv->head, 0, cur_drv->sect, 1);
- } else {
- fd_seek(cur_drv, cur_drv->head,
- cur_drv->track - fdctrl->fifo[2], cur_drv->sect, 1);
- }
- fdctrl_reset_fifo(fdctrl);
- /* Raise Interrupt */
- fdctrl->status0 |= FD_SR0_SEEK;
- fdctrl_raise_irq(fdctrl);
-}
-
-static const struct {
- uint8_t value;
- uint8_t mask;
- const char* name;
- int parameters;
- void (*handler)(FDCtrl *fdctrl, int direction);
- int direction;
-} handlers[] = {
- { FD_CMD_READ, 0x1f, "READ", 8, fdctrl_start_transfer, FD_DIR_READ },
- { FD_CMD_WRITE, 0x3f, "WRITE", 8, fdctrl_start_transfer, FD_DIR_WRITE },
- { FD_CMD_SEEK, 0xff, "SEEK", 2, fdctrl_handle_seek },
- { FD_CMD_SENSE_INTERRUPT_STATUS, 0xff, "SENSE INTERRUPT STATUS", 0, fdctrl_handle_sense_interrupt_status },
- { FD_CMD_RECALIBRATE, 0xff, "RECALIBRATE", 1, fdctrl_handle_recalibrate },
- { FD_CMD_FORMAT_TRACK, 0xbf, "FORMAT TRACK", 5, fdctrl_handle_format_track },
- { FD_CMD_READ_TRACK, 0xbf, "READ TRACK", 8, fdctrl_start_transfer, FD_DIR_READ },
- { FD_CMD_RESTORE, 0xff, "RESTORE", 17, fdctrl_handle_restore }, /* part of READ DELETED DATA */
- { FD_CMD_SAVE, 0xff, "SAVE", 0, fdctrl_handle_save }, /* part of READ DELETED DATA */
- { FD_CMD_READ_DELETED, 0x1f, "READ DELETED DATA", 8, fdctrl_start_transfer_del, FD_DIR_READ },
- { FD_CMD_SCAN_EQUAL, 0x1f, "SCAN EQUAL", 8, fdctrl_start_transfer, FD_DIR_SCANE },
- { FD_CMD_VERIFY, 0x1f, "VERIFY", 8, fdctrl_start_transfer, FD_DIR_VERIFY },
- { FD_CMD_SCAN_LOW_OR_EQUAL, 0x1f, "SCAN LOW OR EQUAL", 8, fdctrl_start_transfer, FD_DIR_SCANL },
- { FD_CMD_SCAN_HIGH_OR_EQUAL, 0x1f, "SCAN HIGH OR EQUAL", 8, fdctrl_start_transfer, FD_DIR_SCANH },
- { FD_CMD_WRITE_DELETED, 0x3f, "WRITE DELETED DATA", 8, fdctrl_start_transfer_del, FD_DIR_WRITE },
- { FD_CMD_READ_ID, 0xbf, "READ ID", 1, fdctrl_handle_readid },
- { FD_CMD_SPECIFY, 0xff, "SPECIFY", 2, fdctrl_handle_specify },
- { FD_CMD_SENSE_DRIVE_STATUS, 0xff, "SENSE DRIVE STATUS", 1, fdctrl_handle_sense_drive_status },
- { FD_CMD_PERPENDICULAR_MODE, 0xff, "PERPENDICULAR MODE", 1, fdctrl_handle_perpendicular_mode },
- { FD_CMD_CONFIGURE, 0xff, "CONFIGURE", 3, fdctrl_handle_configure },
- { FD_CMD_POWERDOWN_MODE, 0xff, "POWERDOWN MODE", 2, fdctrl_handle_powerdown_mode },
- { FD_CMD_OPTION, 0xff, "OPTION", 1, fdctrl_handle_option },
- { FD_CMD_DRIVE_SPECIFICATION_COMMAND, 0xff, "DRIVE SPECIFICATION COMMAND", 5, fdctrl_handle_drive_specification_command },
- { FD_CMD_RELATIVE_SEEK_OUT, 0xff, "RELATIVE SEEK OUT", 2, fdctrl_handle_relative_seek_out },
- { FD_CMD_FORMAT_AND_WRITE, 0xff, "FORMAT AND WRITE", 10, fdctrl_unimplemented },
- { FD_CMD_RELATIVE_SEEK_IN, 0xff, "RELATIVE SEEK IN", 2, fdctrl_handle_relative_seek_in },
- { FD_CMD_LOCK, 0x7f, "LOCK", 0, fdctrl_handle_lock },
- { FD_CMD_DUMPREG, 0xff, "DUMPREG", 0, fdctrl_handle_dumpreg },
- { FD_CMD_VERSION, 0xff, "VERSION", 0, fdctrl_handle_version },
- { FD_CMD_PART_ID, 0xff, "PART ID", 0, fdctrl_handle_partid },
- { FD_CMD_WRITE, 0x1f, "WRITE (BeOS)", 8, fdctrl_start_transfer, FD_DIR_WRITE }, /* not in specification ; BeOS 4.5 bug */
- { 0, 0, "unknown", 0, fdctrl_unimplemented }, /* default handler */
-};
-/* Associate command to an index in the 'handlers' array */
-static uint8_t command_to_handler[256];
-
-static void fdctrl_write_data(FDCtrl *fdctrl, uint32_t value)
-{
- FDrive *cur_drv;
- int pos;
-
- /* Reset mode */
- if (!(fdctrl->dor & FD_DOR_nRESET)) {
- FLOPPY_DPRINTF("Floppy controller in RESET state !\n");
- return;
- }
- if (!(fdctrl->msr & FD_MSR_RQM) || (fdctrl->msr & FD_MSR_DIO)) {
- FLOPPY_DPRINTF("error: controller not ready for writing\n");
- return;
- }
- fdctrl->dsr &= ~FD_DSR_PWRDOWN;
- /* Is it write command time ? */
- if (fdctrl->msr & FD_MSR_NONDMA) {
- /* FIFO data write */
- pos = fdctrl->data_pos++;
- pos %= FD_SECTOR_LEN;
- fdctrl->fifo[pos] = value;
- if (pos == FD_SECTOR_LEN - 1 ||
- fdctrl->data_pos == fdctrl->data_len) {
- cur_drv = get_cur_drv(fdctrl);
- if (bdrv_write(cur_drv->bs, fd_sector(cur_drv), fdctrl->fifo, 1) < 0) {
- FLOPPY_DPRINTF("error writing sector %d\n",
- fd_sector(cur_drv));
- return;
- }
- if (!fdctrl_seek_to_next_sect(fdctrl, cur_drv)) {
- FLOPPY_DPRINTF("error seeking to next sector %d\n",
- fd_sector(cur_drv));
- return;
- }
- }
- /* Switch from transfer mode to status mode
- * then from status mode to command mode
- */
- if (fdctrl->data_pos == fdctrl->data_len)
- fdctrl_stop_transfer(fdctrl, 0x00, 0x00, 0x00);
- return;
- }
- if (fdctrl->data_pos == 0) {
- /* Command */
- pos = command_to_handler[value & 0xff];
- FLOPPY_DPRINTF("%s command\n", handlers[pos].name);
- fdctrl->data_len = handlers[pos].parameters + 1;
- fdctrl->msr |= FD_MSR_CMDBUSY;
- }
-
- FLOPPY_DPRINTF("%s: %02x\n", __func__, value);
- fdctrl->fifo[fdctrl->data_pos++] = value;
- if (fdctrl->data_pos == fdctrl->data_len) {
- /* We now have all parameters
- * and will be able to treat the command
- */
- if (fdctrl->data_state & FD_STATE_FORMAT) {
- fdctrl_format_sector(fdctrl);
- return;
- }
-
- pos = command_to_handler[fdctrl->fifo[0] & 0xff];
- FLOPPY_DPRINTF("treat %s command\n", handlers[pos].name);
- (*handlers[pos].handler)(fdctrl, handlers[pos].direction);
- }
-}
-
-static void fdctrl_result_timer(void *opaque)
-{
- FDCtrl *fdctrl = opaque;
- FDrive *cur_drv = get_cur_drv(fdctrl);
-
- /* Pretend we are spinning.
- * This is needed for Coherent, which uses READ ID to check for
- * sector interleaving.
- */
- if (cur_drv->last_sect != 0) {
- cur_drv->sect = (cur_drv->sect % cur_drv->last_sect) + 1;
- }
- /* READ_ID can't automatically succeed! */
- if (fdctrl->check_media_rate &&
- (fdctrl->dsr & FD_DSR_DRATEMASK) != cur_drv->media_rate) {
- FLOPPY_DPRINTF("read id rate mismatch (fdc=%d, media=%d)\n",
- fdctrl->dsr & FD_DSR_DRATEMASK, cur_drv->media_rate);
- fdctrl_stop_transfer(fdctrl, FD_SR0_ABNTERM, FD_SR1_MA, 0x00);
- } else {
- fdctrl_stop_transfer(fdctrl, 0x00, 0x00, 0x00);
- }
-}
-
-static void fdctrl_change_cb(void *opaque, bool load)
-{
- FDrive *drive = opaque;
-
- drive->media_changed = 1;
- fd_revalidate(drive);
-}
-
-static const BlockDevOps fdctrl_block_ops = {
- .change_media_cb = fdctrl_change_cb,
-};
-
-/* Init functions */
-static int fdctrl_connect_drives(FDCtrl *fdctrl)
-{
- unsigned int i;
- FDrive *drive;
-
- for (i = 0; i < MAX_FD; i++) {
- drive = &fdctrl->drives[i];
- drive->fdctrl = fdctrl;
-
- if (drive->bs) {
- if (bdrv_get_on_error(drive->bs, 0) != BLOCKDEV_ON_ERROR_ENOSPC) {
- error_report("fdc doesn't support drive option werror");
- return -1;
- }
- if (bdrv_get_on_error(drive->bs, 1) != BLOCKDEV_ON_ERROR_REPORT) {
- error_report("fdc doesn't support drive option rerror");
- return -1;
- }
- }
-
- fd_init(drive);
- fdctrl_change_cb(drive, 0);
- if (drive->bs) {
- bdrv_set_dev_ops(drive->bs, &fdctrl_block_ops, drive);
- }
- }
- return 0;
-}
-
-ISADevice *fdctrl_init_isa(ISABus *bus, DriveInfo **fds)
-{
- ISADevice *dev;
-
- dev = isa_try_create(bus, "isa-fdc");
- if (!dev) {
- return NULL;
- }
-
- if (fds[0]) {
- qdev_prop_set_drive_nofail(&dev->qdev, "driveA", fds[0]->bdrv);
- }
- if (fds[1]) {
- qdev_prop_set_drive_nofail(&dev->qdev, "driveB", fds[1]->bdrv);
- }
- qdev_init_nofail(&dev->qdev);
-
- return dev;
-}
-
-void fdctrl_init_sysbus(qemu_irq irq, int dma_chann,
- hwaddr mmio_base, DriveInfo **fds)
-{
- FDCtrl *fdctrl;
- DeviceState *dev;
- FDCtrlSysBus *sys;
-
- dev = qdev_create(NULL, "sysbus-fdc");
- sys = DO_UPCAST(FDCtrlSysBus, busdev.qdev, dev);
- fdctrl = &sys->state;
- fdctrl->dma_chann = dma_chann; /* FIXME */
- if (fds[0]) {
- qdev_prop_set_drive_nofail(dev, "driveA", fds[0]->bdrv);
- }
- if (fds[1]) {
- qdev_prop_set_drive_nofail(dev, "driveB", fds[1]->bdrv);
- }
- qdev_init_nofail(dev);
- sysbus_connect_irq(&sys->busdev, 0, irq);
- sysbus_mmio_map(&sys->busdev, 0, mmio_base);
-}
-
-void sun4m_fdctrl_init(qemu_irq irq, hwaddr io_base,
- DriveInfo **fds, qemu_irq *fdc_tc)
-{
- DeviceState *dev;
- FDCtrlSysBus *sys;
-
- dev = qdev_create(NULL, "SUNW,fdtwo");
- if (fds[0]) {
- qdev_prop_set_drive_nofail(dev, "drive", fds[0]->bdrv);
- }
- qdev_init_nofail(dev);
- sys = DO_UPCAST(FDCtrlSysBus, busdev.qdev, dev);
- sysbus_connect_irq(&sys->busdev, 0, irq);
- sysbus_mmio_map(&sys->busdev, 0, io_base);
- *fdc_tc = qdev_get_gpio_in(dev, 0);
-}
-
-static int fdctrl_init_common(FDCtrl *fdctrl)
-{
- int i, j;
- static int command_tables_inited = 0;
-
- /* Fill 'command_to_handler' lookup table */
- if (!command_tables_inited) {
- command_tables_inited = 1;
- for (i = ARRAY_SIZE(handlers) - 1; i >= 0; i--) {
- for (j = 0; j < sizeof(command_to_handler); j++) {
- if ((j & handlers[i].mask) == handlers[i].value) {
- command_to_handler[j] = i;
- }
- }
- }
- }
-
- FLOPPY_DPRINTF("init controller\n");
- fdctrl->fifo = qemu_memalign(512, FD_SECTOR_LEN);
- fdctrl->fifo_size = 512;
- fdctrl->result_timer = qemu_new_timer_ns(vm_clock,
- fdctrl_result_timer, fdctrl);
-
- fdctrl->version = 0x90; /* Intel 82078 controller */
- fdctrl->config = FD_CONFIG_EIS | FD_CONFIG_EFIFO; /* Implicit seek, polling & FIFO enabled */
- fdctrl->num_floppies = MAX_FD;
-
- if (fdctrl->dma_chann != -1)
- DMA_register_channel(fdctrl->dma_chann, &fdctrl_transfer_handler, fdctrl);
- return fdctrl_connect_drives(fdctrl);
-}
-
-static const MemoryRegionPortio fdc_portio_list[] = {
- { 1, 5, 1, .read = fdctrl_read, .write = fdctrl_write },
- { 7, 1, 1, .read = fdctrl_read, .write = fdctrl_write },
- PORTIO_END_OF_LIST(),
-};
-
-static int isabus_fdc_init1(ISADevice *dev)
-{
- FDCtrlISABus *isa = DO_UPCAST(FDCtrlISABus, busdev, dev);
- FDCtrl *fdctrl = &isa->state;
- int ret;
-
- isa_register_portio_list(dev, isa->iobase, fdc_portio_list, fdctrl, "fdc");
-
- isa_init_irq(&isa->busdev, &fdctrl->irq, isa->irq);
- fdctrl->dma_chann = isa->dma;
-
- qdev_set_legacy_instance_id(&dev->qdev, isa->iobase, 2);
- ret = fdctrl_init_common(fdctrl);
-
- add_boot_device_path(isa->bootindexA, &dev->qdev, "/floppy@0");
- add_boot_device_path(isa->bootindexB, &dev->qdev, "/floppy@1");
-
- return ret;
-}
-
-static int sysbus_fdc_init1(SysBusDevice *dev)
-{
- FDCtrlSysBus *sys = DO_UPCAST(FDCtrlSysBus, busdev, dev);
- FDCtrl *fdctrl = &sys->state;
- int ret;
-
- memory_region_init_io(&fdctrl->iomem, &fdctrl_mem_ops, fdctrl, "fdc", 0x08);
- sysbus_init_mmio(dev, &fdctrl->iomem);
- sysbus_init_irq(dev, &fdctrl->irq);
- qdev_init_gpio_in(&dev->qdev, fdctrl_handle_tc, 1);
- fdctrl->dma_chann = -1;
-
- qdev_set_legacy_instance_id(&dev->qdev, 0 /* io */, 2); /* FIXME */
- ret = fdctrl_init_common(fdctrl);
-
- return ret;
-}
-
-static int sun4m_fdc_init1(SysBusDevice *dev)
-{
- FDCtrl *fdctrl = &(FROM_SYSBUS(FDCtrlSysBus, dev)->state);
-
- memory_region_init_io(&fdctrl->iomem, &fdctrl_mem_strict_ops, fdctrl,
- "fdctrl", 0x08);
- sysbus_init_mmio(dev, &fdctrl->iomem);
- sysbus_init_irq(dev, &fdctrl->irq);
- qdev_init_gpio_in(&dev->qdev, fdctrl_handle_tc, 1);
-
- fdctrl->sun4m = 1;
- qdev_set_legacy_instance_id(&dev->qdev, 0 /* io */, 2); /* FIXME */
- return fdctrl_init_common(fdctrl);
-}
-
-FDriveType isa_fdc_get_drive_type(ISADevice *fdc, int i)
-{
- FDCtrlISABus *isa = DO_UPCAST(FDCtrlISABus, busdev, fdc);
-
- return isa->state.drives[i].drive;
-}
-
-static const VMStateDescription vmstate_isa_fdc ={
- .name = "fdc",
- .version_id = 2,
- .minimum_version_id = 2,
- .fields = (VMStateField []) {
- VMSTATE_STRUCT(state, FDCtrlISABus, 0, vmstate_fdc, FDCtrl),
- VMSTATE_END_OF_LIST()
- }
-};
-
-static Property isa_fdc_properties[] = {
- DEFINE_PROP_HEX32("iobase", FDCtrlISABus, iobase, 0x3f0),
- DEFINE_PROP_UINT32("irq", FDCtrlISABus, irq, 6),
- DEFINE_PROP_UINT32("dma", FDCtrlISABus, dma, 2),
- DEFINE_PROP_DRIVE("driveA", FDCtrlISABus, state.drives[0].bs),
- DEFINE_PROP_DRIVE("driveB", FDCtrlISABus, state.drives[1].bs),
- DEFINE_PROP_INT32("bootindexA", FDCtrlISABus, bootindexA, -1),
- DEFINE_PROP_INT32("bootindexB", FDCtrlISABus, bootindexB, -1),
- DEFINE_PROP_BIT("check_media_rate", FDCtrlISABus, state.check_media_rate,
- 0, true),
- DEFINE_PROP_END_OF_LIST(),
-};
-
-static void isabus_fdc_class_init1(ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS(klass);
- ISADeviceClass *ic = ISA_DEVICE_CLASS(klass);
- ic->init = isabus_fdc_init1;
- dc->fw_name = "fdc";
- dc->no_user = 1;
- dc->reset = fdctrl_external_reset_isa;
- dc->vmsd = &vmstate_isa_fdc;
- dc->props = isa_fdc_properties;
-}
-
-static TypeInfo isa_fdc_info = {
- .name = "isa-fdc",
- .parent = TYPE_ISA_DEVICE,
- .instance_size = sizeof(FDCtrlISABus),
- .class_init = isabus_fdc_class_init1,
-};
-
-static const VMStateDescription vmstate_sysbus_fdc ={
- .name = "fdc",
- .version_id = 2,
- .minimum_version_id = 2,
- .fields = (VMStateField []) {
- VMSTATE_STRUCT(state, FDCtrlSysBus, 0, vmstate_fdc, FDCtrl),
- VMSTATE_END_OF_LIST()
- }
-};
-
-static Property sysbus_fdc_properties[] = {
- DEFINE_PROP_DRIVE("driveA", FDCtrlSysBus, state.drives[0].bs),
- DEFINE_PROP_DRIVE("driveB", FDCtrlSysBus, state.drives[1].bs),
- DEFINE_PROP_END_OF_LIST(),
-};
-
-static void sysbus_fdc_class_init(ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS(klass);
- SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
-
- k->init = sysbus_fdc_init1;
- dc->reset = fdctrl_external_reset_sysbus;
- dc->vmsd = &vmstate_sysbus_fdc;
- dc->props = sysbus_fdc_properties;
-}
-
-static TypeInfo sysbus_fdc_info = {
- .name = "sysbus-fdc",
- .parent = TYPE_SYS_BUS_DEVICE,
- .instance_size = sizeof(FDCtrlSysBus),
- .class_init = sysbus_fdc_class_init,
-};
-
-static Property sun4m_fdc_properties[] = {
- DEFINE_PROP_DRIVE("drive", FDCtrlSysBus, state.drives[0].bs),
- DEFINE_PROP_END_OF_LIST(),
-};
-
-static void sun4m_fdc_class_init(ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS(klass);
- SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
-
- k->init = sun4m_fdc_init1;
- dc->reset = fdctrl_external_reset_sysbus;
- dc->vmsd = &vmstate_sysbus_fdc;
- dc->props = sun4m_fdc_properties;
-}
-
-static TypeInfo sun4m_fdc_info = {
- .name = "SUNW,fdtwo",
- .parent = TYPE_SYS_BUS_DEVICE,
- .instance_size = sizeof(FDCtrlSysBus),
- .class_init = sun4m_fdc_class_init,
-};
-
-static void fdc_register_types(void)
-{
- type_register_static(&isa_fdc_info);
- type_register_static(&sysbus_fdc_info);
- type_register_static(&sun4m_fdc_info);
-}
-
-type_init(fdc_register_types)
diff --git a/hw/fdc.h b/hw/fdc.h
deleted file mode 100644
index a8f6f7c85..000000000
--- a/hw/fdc.h
+++ /dev/null
@@ -1,24 +0,0 @@
-#ifndef HW_FDC_H
-#define HW_FDC_H
-
-#include "qemu-common.h"
-
-/* fdc.c */
-#define MAX_FD 2
-
-typedef enum FDriveType {
- FDRIVE_DRV_144 = 0x00, /* 1.44 MB 3"5 drive */
- FDRIVE_DRV_288 = 0x01, /* 2.88 MB 3"5 drive */
- FDRIVE_DRV_120 = 0x02, /* 1.2 MB 5"25 drive */
- FDRIVE_DRV_NONE = 0x03, /* No drive connected */
-} FDriveType;
-
-ISADevice *fdctrl_init_isa(ISABus *bus, DriveInfo **fds);
-void fdctrl_init_sysbus(qemu_irq irq, int dma_chann,
- hwaddr mmio_base, DriveInfo **fds);
-void sun4m_fdctrl_init(qemu_irq irq, hwaddr io_base,
- DriveInfo **fds, qemu_irq *fdc_tc);
-
-FDriveType isa_fdc_get_drive_type(ISADevice *fdc, int i);
-
-#endif
diff --git a/hw/fifo.c b/hw/fifo.c
deleted file mode 100644
index 68a955a77..000000000
--- a/hw/fifo.c
+++ /dev/null
@@ -1,78 +0,0 @@
-/*
- * Generic FIFO component, implemented as a circular buffer.
- *
- * Copyright (c) 2012 Peter A. G. Crosthwaite
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License
- * as published by the Free Software Foundation; either version
- * 2 of the License, or (at your option) any later version.
- *
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, see <http://www.gnu.org/licenses/>.
- */
-
-#include "fifo.h"
-
-void fifo8_create(Fifo8 *fifo, uint32_t capacity)
-{
- fifo->data = g_new(uint8_t, capacity);
- fifo->capacity = capacity;
- fifo->head = 0;
- fifo->num = 0;
-}
-
-void fifo8_destroy(Fifo8 *fifo)
-{
- g_free(fifo->data);
-}
-
-void fifo8_push(Fifo8 *fifo, uint8_t data)
-{
- if (fifo->num == fifo->capacity) {
- abort();
- }
- fifo->data[(fifo->head + fifo->num) % fifo->capacity] = data;
- fifo->num++;
-}
-
-uint8_t fifo8_pop(Fifo8 *fifo)
-{
- uint8_t ret;
-
- if (fifo->num == 0) {
- abort();
- }
- ret = fifo->data[fifo->head++];
- fifo->head %= fifo->capacity;
- fifo->num--;
- return ret;
-}
-
-void fifo8_reset(Fifo8 *fifo)
-{
- fifo->num = 0;
-}
-
-bool fifo8_is_empty(Fifo8 *fifo)
-{
- return (fifo->num == 0);
-}
-
-bool fifo8_is_full(Fifo8 *fifo)
-{
- return (fifo->num == fifo->capacity);
-}
-
-const VMStateDescription vmstate_fifo8 = {
- .name = "Fifo8",
- .version_id = 1,
- .minimum_version_id = 1,
- .minimum_version_id_old = 1,
- .fields = (VMStateField[]) {
- VMSTATE_VBUFFER_UINT32(data, Fifo8, 1, NULL, 0, capacity),
- VMSTATE_UINT32(head, Fifo8),
- VMSTATE_UINT32(num, Fifo8),
- VMSTATE_END_OF_LIST()
- }
-};
diff --git a/hw/fifo.h b/hw/fifo.h
deleted file mode 100644
index f23890abf..000000000
--- a/hw/fifo.h
+++ /dev/null
@@ -1,99 +0,0 @@
-#ifndef FIFO_H
-#define FIFO_H
-
-#include "hw.h"
-
-typedef struct {
- /* All fields are private */
- uint8_t *data;
- uint32_t capacity;
- uint32_t head;
- uint32_t num;
-} Fifo8;
-
-/**
- * fifo8_create:
- * @fifo: struct Fifo8 to initialise with new FIFO
- * @capacity: capacity of the newly created FIFO
- *
- * Create a FIFO of the specified size. Clients should call fifo8_destroy()
- * when finished using the fifo. The FIFO is initially empty.
- */
-
-void fifo8_create(Fifo8 *fifo, uint32_t capacity);
-
-/**
- * fifo8_destroy:
- * @fifo: FIFO to cleanup
- *
- * Cleanup a FIFO created with fifo8_create(). Frees memory created for FIFO
- *storage. The FIFO is no longer usable after this has been called.
- */
-
-void fifo8_destroy(Fifo8 *fifo);
-
-/**
- * fifo8_push:
- * @fifo: FIFO to push to
- * @data: data byte to push
- *
- * Push a data byte to the FIFO. Behaviour is undefined if the FIFO is full.
- * Clients are responsible for checking for fullness using fifo8_is_full().
- */
-
-void fifo8_push(Fifo8 *fifo, uint8_t data);
-
-/**
- * fifo8_pop:
- * @fifo: fifo to pop from
- *
- * Pop a data byte from the FIFO. Behaviour is undefined if the FIFO is empty.
- * Clients are responsible for checking for emptyness using fifo8_is_empty().
- *
- * Returns: The popped data byte.
- */
-
-uint8_t fifo8_pop(Fifo8 *fifo);
-
-/**
- * fifo8_reset:
- * @fifo: FIFO to reset
- *
- * Reset a FIFO. All data is discarded and the FIFO is emptied.
- */
-
-void fifo8_reset(Fifo8 *fifo);
-
-/**
- * fifo8_is_empty:
- * @fifo: FIFO to check
- *
- * Check if a FIFO is empty.
- *
- * Returns: True if the fifo is empty, false otherwise.
- */
-
-bool fifo8_is_empty(Fifo8 *fifo);
-
-/**
- * fifo8_is_full:
- * @fifo: FIFO to check
- *
- * Check if a FIFO is full.
- *
- * Returns: True if the fifo is full, false otherwise.
- */
-
-bool fifo8_is_full(Fifo8 *fifo);
-
-extern const VMStateDescription vmstate_fifo8;
-
-#define VMSTATE_FIFO8(_field, _state) { \
- .name = (stringify(_field)), \
- .size = sizeof(Fifo8), \
- .vmsd = &vmstate_fifo8, \
- .flags = VMS_STRUCT, \
- .offset = vmstate_offset_value(_state, _field, Fifo8), \
-}
-
-#endif /* FIFO_H */
diff --git a/hw/firmware_abi.h b/hw/firmware_abi.h
deleted file mode 100644
index 5e6e5d4d3..000000000
--- a/hw/firmware_abi.h
+++ /dev/null
@@ -1,73 +0,0 @@
-#ifndef FIRMWARE_ABI_H
-#define FIRMWARE_ABI_H
-
-/* OpenBIOS NVRAM partition */
-struct OpenBIOS_nvpart_v1 {
- uint8_t signature;
- uint8_t checksum;
- uint16_t len; // BE, length divided by 16
- char name[12];
-};
-
-#define OPENBIOS_PART_SYSTEM 0x70
-#define OPENBIOS_PART_FREE 0x7f
-
-static inline void
-OpenBIOS_finish_partition(struct OpenBIOS_nvpart_v1 *header, uint32_t size)
-{
- unsigned int i, sum;
- uint8_t *tmpptr;
-
- // Length divided by 16
- header->len = cpu_to_be16(size >> 4);
-
- // Checksum
- tmpptr = (uint8_t *)header;
- sum = *tmpptr;
- for (i = 0; i < 14; i++) {
- sum += tmpptr[2 + i];
- sum = (sum + ((sum & 0xff00) >> 8)) & 0xff;
- }
- header->checksum = sum & 0xff;
-}
-
-static inline uint32_t
-OpenBIOS_set_var(uint8_t *nvram, uint32_t addr, const char *str)
-{
- uint32_t len;
-
- len = strlen(str) + 1;
- memcpy(&nvram[addr], str, len);
-
- return addr + len;
-}
-
-/* Sun IDPROM structure at the end of NVRAM */
-/* from http://www.squirrel.com/squirrel/sun-nvram-hostid.faq.html */
-struct Sun_nvram {
- uint8_t type; /* always 01 */
- uint8_t machine_id; /* first byte of host id (machine type) */
- uint8_t macaddr[6]; /* 6 byte ethernet address (first 3 bytes 08, 00, 20) */
- uint8_t date[4]; /* date of manufacture */
- uint8_t hostid[3]; /* remaining 3 bytes of host id (serial number) */
- uint8_t checksum; /* bitwise xor of previous bytes */
-};
-
-static inline void
-Sun_init_header(struct Sun_nvram *header, const uint8_t *macaddr, int machine_id)
-{
- uint8_t tmp, *tmpptr;
- unsigned int i;
-
- header->type = 1;
- header->machine_id = machine_id & 0xff;
- memcpy(&header->macaddr, macaddr, 6);
- /* Calculate checksum */
- tmp = 0;
- tmpptr = (uint8_t *)header;
- for (i = 0; i < 15; i++)
- tmp ^= tmpptr[i];
-
- header->checksum = tmp;
-}
-#endif /* FIRMWARE_ABI_H */
diff --git a/hw/flash.h b/hw/flash.h
deleted file mode 100644
index d790f3c92..000000000
--- a/hw/flash.h
+++ /dev/null
@@ -1,59 +0,0 @@
-/* NOR flash devices */
-
-#include "memory.h"
-
-typedef struct pflash_t pflash_t;
-
-/* pflash_cfi01.c */
-pflash_t *pflash_cfi01_register(hwaddr base,
- DeviceState *qdev, const char *name,
- hwaddr size,
- BlockDriverState *bs,
- uint32_t sector_len, int nb_blocs, int width,
- uint16_t id0, uint16_t id1,
- uint16_t id2, uint16_t id3, int be);
-
-/* pflash_cfi02.c */
-pflash_t *pflash_cfi02_register(hwaddr base,
- DeviceState *qdev, const char *name,
- hwaddr size,
- BlockDriverState *bs, uint32_t sector_len,
- int nb_blocs, int nb_mappings, int width,
- uint16_t id0, uint16_t id1,
- uint16_t id2, uint16_t id3,
- uint16_t unlock_addr0, uint16_t unlock_addr1,
- int be);
-
-MemoryRegion *pflash_cfi01_get_memory(pflash_t *fl);
-
-/* nand.c */
-DeviceState *nand_init(BlockDriverState *bdrv, int manf_id, int chip_id);
-void nand_setpins(DeviceState *dev, uint8_t cle, uint8_t ale,
- uint8_t ce, uint8_t wp, uint8_t gnd);
-void nand_getpins(DeviceState *dev, int *rb);
-void nand_setio(DeviceState *dev, uint32_t value);
-uint32_t nand_getio(DeviceState *dev);
-uint32_t nand_getbuswidth(DeviceState *dev);
-
-#define NAND_MFR_TOSHIBA 0x98
-#define NAND_MFR_SAMSUNG 0xec
-#define NAND_MFR_FUJITSU 0x04
-#define NAND_MFR_NATIONAL 0x8f
-#define NAND_MFR_RENESAS 0x07
-#define NAND_MFR_STMICRO 0x20
-#define NAND_MFR_HYNIX 0xad
-#define NAND_MFR_MICRON 0x2c
-
-/* onenand.c */
-void *onenand_raw_otp(DeviceState *onenand_device);
-
-/* ecc.c */
-typedef struct {
- uint8_t cp; /* Column parity */
- uint16_t lp[2]; /* Line parity */
- uint16_t count;
-} ECCState;
-
-uint8_t ecc_digest(ECCState *s, uint8_t sample);
-void ecc_reset(ECCState *s);
-extern VMStateDescription vmstate_ecc_state;
diff --git a/hw/framebuffer.c b/hw/framebuffer.c
deleted file mode 100644
index fa0f7863c..000000000
--- a/hw/framebuffer.c
+++ /dev/null
@@ -1,110 +0,0 @@
-/*
- * Framebuffer device helper routines
- *
- * Copyright (c) 2009 CodeSourcery
- * Written by Paul Brook <paul@codesourcery.com>
- *
- * This code is licensed under the GNU GPLv2.
- *
- * Contributions after 2012-01-13 are licensed under the terms of the
- * GNU GPL, version 2 or (at your option) any later version.
- */
-
-/* TODO:
- - Do something similar for framebuffers with local ram
- - Handle rotation here instead of hacking dest_pitch
- - Use common pixel conversion routines instead of per-device drawfn
- - Remove all DisplayState knowledge from devices.
- */
-
-#include "hw.h"
-#include "console.h"
-#include "framebuffer.h"
-
-/* Render an image from a shared memory framebuffer. */
-
-void framebuffer_update_display(
- DisplayState *ds,
- MemoryRegion *address_space,
- hwaddr base,
- int cols, /* Width in pixels. */
- int rows, /* Height in pixels. */
- int src_width, /* Length of source line, in bytes. */
- int dest_row_pitch, /* Bytes between adjacent horizontal output pixels. */
- int dest_col_pitch, /* Bytes between adjacent vertical output pixels. */
- int invalidate, /* nonzero to redraw the whole image. */
- drawfn fn,
- void *opaque,
- int *first_row, /* Input and output. */
- int *last_row /* Output only */)
-{
- hwaddr src_len;
- uint8_t *dest;
- uint8_t *src;
- uint8_t *src_base;
- int first, last = 0;
- int dirty;
- int i;
- ram_addr_t addr;
- MemoryRegionSection mem_section;
- MemoryRegion *mem;
-
- i = *first_row;
- *first_row = -1;
- src_len = src_width * rows;
-
- mem_section = memory_region_find(address_space, base, src_len);
- if (mem_section.size != src_len || !memory_region_is_ram(mem_section.mr)) {
- return;
- }
- mem = mem_section.mr;
- assert(mem);
- assert(mem_section.offset_within_address_space == base);
-
- memory_region_sync_dirty_bitmap(mem);
- src_base = cpu_physical_memory_map(base, &src_len, 0);
- /* If we can't map the framebuffer then bail. We could try harder,
- but it's not really worth it as dirty flag tracking will probably
- already have failed above. */
- if (!src_base)
- return;
- if (src_len != src_width * rows) {
- cpu_physical_memory_unmap(src_base, src_len, 0, 0);
- return;
- }
- src = src_base;
- dest = ds_get_data(ds);
- if (dest_col_pitch < 0)
- dest -= dest_col_pitch * (cols - 1);
- if (dest_row_pitch < 0) {
- dest -= dest_row_pitch * (rows - 1);
- }
- first = -1;
- addr = mem_section.offset_within_region;
-
- addr += i * src_width;
- src += i * src_width;
- dest += i * dest_row_pitch;
-
- for (; i < rows; i++) {
- dirty = memory_region_get_dirty(mem, addr, src_width,
- DIRTY_MEMORY_VGA);
- if (dirty || invalidate) {
- fn(opaque, dest, src, cols, dest_col_pitch);
- if (first == -1)
- first = i;
- last = i;
- }
- addr += src_width;
- src += src_width;
- dest += dest_row_pitch;
- }
- cpu_physical_memory_unmap(src_base, src_len, 0, 0);
- if (first < 0) {
- return;
- }
- memory_region_reset_dirty(mem, mem_section.offset_within_region, src_len,
- DIRTY_MEMORY_VGA);
- *first_row = first;
- *last_row = last;
-}
diff --git a/hw/framebuffer.h b/hw/framebuffer.h
deleted file mode 100644
index 46e375b5e..000000000
--- a/hw/framebuffer.h
+++ /dev/null
@@ -1,25 +0,0 @@
-#ifndef QEMU_FRAMEBUFFER_H
-#define QEMU_FRAMEBUFFER_H
-
-#include "memory.h"
-
-/* Framebuffer device helper routines. */
-
-typedef void (*drawfn)(void *, uint8_t *, const uint8_t *, int, int);
-
-void framebuffer_update_display(
- DisplayState *ds,
- MemoryRegion *address_space,
- hwaddr base,
- int cols,
- int rows,
- int src_width,
- int dest_row_pitch,
- int dest_col_pitch,
- int invalidate,
- drawfn fn,
- void *opaque,
- int *first_row,
- int *last_row);
-
-#endif
diff --git a/hw/fw_cfg.c b/hw/fw_cfg.c
deleted file mode 100644
index 2b92cda98..000000000
--- a/hw/fw_cfg.c
+++ /dev/null
@@ -1,589 +0,0 @@
-/*
- * QEMU Firmware configuration device emulation
- *
- * Copyright (c) 2008 Gleb Natapov
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
- * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
- * THE SOFTWARE.
- */
-#include "hw.h"
-#include "sysemu.h"
-#include "isa.h"
-#include "fw_cfg.h"
-#include "sysbus.h"
-#include "qemu-error.h"
-
-/* debug firmware config */
-//#define DEBUG_FW_CFG
-
-#ifdef DEBUG_FW_CFG
-#define FW_CFG_DPRINTF(fmt, ...) \
- do { printf("FW_CFG: " fmt , ## __VA_ARGS__); } while (0)
-#else
-#define FW_CFG_DPRINTF(fmt, ...)
-#endif
-
-#define FW_CFG_SIZE 2
-#define FW_CFG_DATA_SIZE 1
-
-typedef struct FWCfgEntry {
- uint32_t len;
- uint8_t *data;
- void *callback_opaque;
- FWCfgCallback callback;
-} FWCfgEntry;
-
-struct FWCfgState {
- SysBusDevice busdev;
- MemoryRegion ctl_iomem, data_iomem, comb_iomem;
- uint32_t ctl_iobase, data_iobase;
- FWCfgEntry entries[2][FW_CFG_MAX_ENTRY];
- FWCfgFiles *files;
- uint16_t cur_entry;
- uint32_t cur_offset;
- Notifier machine_ready;
-};
-
-#define JPG_FILE 0
-#define BMP_FILE 1
-
-static char *read_splashfile(char *filename, int *file_sizep, int *file_typep)
-{
- GError *err = NULL;
- gboolean res;
- gchar *content;
- int file_type = -1;
- unsigned int filehead = 0;
- int bmp_bpp;
-
- res = g_file_get_contents(filename, &content, (gsize *)file_sizep, &err);
- if (res == FALSE) {
- error_report("failed to read splash file '%s'", filename);
- g_error_free(err);
- return NULL;
- }
-
- /* check file size */
- if (*file_sizep < 30) {
- goto error;
- }
-
- /* check magic ID */
- filehead = ((content[0] & 0xff) + (content[1] << 8)) & 0xffff;
- if (filehead == 0xd8ff) {
- file_type = JPG_FILE;
- } else if (filehead == 0x4d42) {
- file_type = BMP_FILE;
- } else {
- goto error;
- }
-
- /* check BMP bpp */
- if (file_type == BMP_FILE) {
- bmp_bpp = (content[28] + (content[29] << 8)) & 0xffff;
- if (bmp_bpp != 24) {
- goto error;
- }
- }
-
- /* return values */
- *file_typep = file_type;
-
- return content;
-
-error:
- error_report("splash file '%s' format not recognized; must be JPEG "
- "or 24 bit BMP", filename);
- g_free(content);
- return NULL;
-}
-
-static void fw_cfg_bootsplash(FWCfgState *s)
-{
- int boot_splash_time = -1;
- const char *boot_splash_filename = NULL;
- char *p;
- char *filename, *file_data;
- int file_size;
- int file_type = -1;
- const char *temp;
-
- /* get user configuration */
- QemuOptsList *plist = qemu_find_opts("boot-opts");
- QemuOpts *opts = QTAILQ_FIRST(&plist->head);
- if (opts != NULL) {
- temp = qemu_opt_get(opts, "splash");
- if (temp != NULL) {
- boot_splash_filename = temp;
- }
- temp = qemu_opt_get(opts, "splash-time");
- if (temp != NULL) {
- p = (char *)temp;
- boot_splash_time = strtol(p, (char **)&p, 10);
- }
- }
-
- /* insert splash time if user configurated */
- if (boot_splash_time >= 0) {
- /* validate the input */
- if (boot_splash_time > 0xffff) {
- error_report("splash time is big than 65535, force it to 65535.");
- boot_splash_time = 0xffff;
- }
- /* use little endian format */
- qemu_extra_params_fw[0] = (uint8_t)(boot_splash_time & 0xff);
- qemu_extra_params_fw[1] = (uint8_t)((boot_splash_time >> 8) & 0xff);
- fw_cfg_add_file(s, "etc/boot-menu-wait", qemu_extra_params_fw, 2);
- }
-
- /* insert splash file if user configurated */
- if (boot_splash_filename != NULL) {
- filename = qemu_find_file(QEMU_FILE_TYPE_BIOS, boot_splash_filename);
- if (filename == NULL) {
- error_report("failed to find file '%s'.", boot_splash_filename);
- return;
- }
-
- /* loading file data */
- file_data = read_splashfile(filename, &file_size, &file_type);
- if (file_data == NULL) {
- g_free(filename);
- return;
- }
- if (boot_splash_filedata != NULL) {
- g_free(boot_splash_filedata);
- }
- boot_splash_filedata = (uint8_t *)file_data;
- boot_splash_filedata_size = file_size;
-
- /* insert data */
- if (file_type == JPG_FILE) {
- fw_cfg_add_file(s, "bootsplash.jpg",
- boot_splash_filedata, boot_splash_filedata_size);
- } else {
- fw_cfg_add_file(s, "bootsplash.bmp",
- boot_splash_filedata, boot_splash_filedata_size);
- }
- g_free(filename);
- }
-}
-
-static void fw_cfg_reboot(FWCfgState *s)
-{
- int reboot_timeout = -1;
- char *p;
- const char *temp;
-
- /* get user configuration */
- QemuOptsList *plist = qemu_find_opts("boot-opts");
- QemuOpts *opts = QTAILQ_FIRST(&plist->head);
- if (opts != NULL) {
- temp = qemu_opt_get(opts, "reboot-timeout");
- if (temp != NULL) {
- p = (char *)temp;
- reboot_timeout = strtol(p, (char **)&p, 10);
- }
- }
- /* validate the input */
- if (reboot_timeout > 0xffff) {
- error_report("reboot timeout is larger than 65535, force it to 65535.");
- reboot_timeout = 0xffff;
- }
- fw_cfg_add_file(s, "etc/boot-fail-wait", g_memdup(&reboot_timeout, 4), 4);
-}
-
-static void fw_cfg_write(FWCfgState *s, uint8_t value)
-{
- int arch = !!(s->cur_entry & FW_CFG_ARCH_LOCAL);
- FWCfgEntry *e = &s->entries[arch][s->cur_entry & FW_CFG_ENTRY_MASK];
-
- FW_CFG_DPRINTF("write %d\n", value);
-
- if (s->cur_entry & FW_CFG_WRITE_CHANNEL && e->callback &&
- s->cur_offset < e->len) {
- e->data[s->cur_offset++] = value;
- if (s->cur_offset == e->len) {
- e->callback(e->callback_opaque, e->data);
- s->cur_offset = 0;
- }
- }
-}
-
-static int fw_cfg_select(FWCfgState *s, uint16_t key)
-{
- int ret;
-
- s->cur_offset = 0;
- if ((key & FW_CFG_ENTRY_MASK) >= FW_CFG_MAX_ENTRY) {
- s->cur_entry = FW_CFG_INVALID;
- ret = 0;
- } else {
- s->cur_entry = key;
- ret = 1;
- }
-
- FW_CFG_DPRINTF("select key %d (%sfound)\n", key, ret ? "" : "not ");
-
- return ret;
-}
-
-static uint8_t fw_cfg_read(FWCfgState *s)
-{
- int arch = !!(s->cur_entry & FW_CFG_ARCH_LOCAL);
- FWCfgEntry *e = &s->entries[arch][s->cur_entry & FW_CFG_ENTRY_MASK];
- uint8_t ret;
-
- if (s->cur_entry == FW_CFG_INVALID || !e->data || s->cur_offset >= e->len)
- ret = 0;
- else
- ret = e->data[s->cur_offset++];
-
- FW_CFG_DPRINTF("read %d\n", ret);
-
- return ret;
-}
-
-static uint64_t fw_cfg_data_mem_read(void *opaque, hwaddr addr,
- unsigned size)
-{
- return fw_cfg_read(opaque);
-}
-
-static void fw_cfg_data_mem_write(void *opaque, hwaddr addr,
- uint64_t value, unsigned size)
-{
- fw_cfg_write(opaque, (uint8_t)value);
-}
-
-static void fw_cfg_ctl_mem_write(void *opaque, hwaddr addr,
- uint64_t value, unsigned size)
-{
- fw_cfg_select(opaque, (uint16_t)value);
-}
-
-static bool fw_cfg_ctl_mem_valid(void *opaque, hwaddr addr,
- unsigned size, bool is_write)
-{
- return is_write && size == 2;
-}
-
-static uint64_t fw_cfg_comb_read(void *opaque, hwaddr addr,
- unsigned size)
-{
- return fw_cfg_read(opaque);
-}
-
-static void fw_cfg_comb_write(void *opaque, hwaddr addr,
- uint64_t value, unsigned size)
-{
- switch (size) {
- case 1:
- fw_cfg_write(opaque, (uint8_t)value);
- break;
- case 2:
- fw_cfg_select(opaque, (uint16_t)value);
- break;
- }
-}
-
-static bool fw_cfg_comb_valid(void *opaque, hwaddr addr,
- unsigned size, bool is_write)
-{
- return (size == 1) || (is_write && size == 2);
-}
-
-static const MemoryRegionOps fw_cfg_ctl_mem_ops = {
- .write = fw_cfg_ctl_mem_write,
- .endianness = DEVICE_NATIVE_ENDIAN,
- .valid.accepts = fw_cfg_ctl_mem_valid,
-};
-
-static const MemoryRegionOps fw_cfg_data_mem_ops = {
- .read = fw_cfg_data_mem_read,
- .write = fw_cfg_data_mem_write,
- .endianness = DEVICE_NATIVE_ENDIAN,
- .valid = {
- .min_access_size = 1,
- .max_access_size = 1,
- },
-};
-
-static const MemoryRegionOps fw_cfg_comb_mem_ops = {
- .read = fw_cfg_comb_read,
- .write = fw_cfg_comb_write,
- .endianness = DEVICE_NATIVE_ENDIAN,
- .valid.accepts = fw_cfg_comb_valid,
-};
-
-static void fw_cfg_reset(DeviceState *d)
-{
- FWCfgState *s = DO_UPCAST(FWCfgState, busdev.qdev, d);
-
- fw_cfg_select(s, 0);
-}
-
-/* Save restore 32 bit int as uint16_t
- This is a Big hack, but it is how the old state did it.
- Or we broke compatibility in the state, or we can't use struct tm
- */
-
-static int get_uint32_as_uint16(QEMUFile *f, void *pv, size_t size)
-{
- uint32_t *v = pv;
- *v = qemu_get_be16(f);
- return 0;
-}
-
-static void put_unused(QEMUFile *f, void *pv, size_t size)
-{
- fprintf(stderr, "uint32_as_uint16 is only used for backward compatibility.\n");
- fprintf(stderr, "This functions shouldn't be called.\n");
-}
-
-static const VMStateInfo vmstate_hack_uint32_as_uint16 = {
- .name = "int32_as_uint16",
- .get = get_uint32_as_uint16,
- .put = put_unused,
-};
-
-#define VMSTATE_UINT16_HACK(_f, _s, _t) \
- VMSTATE_SINGLE_TEST(_f, _s, _t, 0, vmstate_hack_uint32_as_uint16, uint32_t)
-
-
-static bool is_version_1(void *opaque, int version_id)
-{
- return version_id == 1;
-}
-
-static const VMStateDescription vmstate_fw_cfg = {
- .name = "fw_cfg",
- .version_id = 2,
- .minimum_version_id = 1,
- .minimum_version_id_old = 1,
- .fields = (VMStateField []) {
- VMSTATE_UINT16(cur_entry, FWCfgState),
- VMSTATE_UINT16_HACK(cur_offset, FWCfgState, is_version_1),
- VMSTATE_UINT32_V(cur_offset, FWCfgState, 2),
- VMSTATE_END_OF_LIST()
- }
-};
-
-int fw_cfg_add_bytes(FWCfgState *s, uint16_t key, uint8_t *data, uint32_t len)
-{
- int arch = !!(key & FW_CFG_ARCH_LOCAL);
-
- key &= FW_CFG_ENTRY_MASK;
-
- if (key >= FW_CFG_MAX_ENTRY)
- return 0;
-
- s->entries[arch][key].data = data;
- s->entries[arch][key].len = len;
-
- return 1;
-}
-
-int fw_cfg_add_i16(FWCfgState *s, uint16_t key, uint16_t value)
-{
- uint16_t *copy;
-
- copy = g_malloc(sizeof(value));
- *copy = cpu_to_le16(value);
- return fw_cfg_add_bytes(s, key, (uint8_t *)copy, sizeof(value));
-}
-
-int fw_cfg_add_i32(FWCfgState *s, uint16_t key, uint32_t value)
-{
- uint32_t *copy;
-
- copy = g_malloc(sizeof(value));
- *copy = cpu_to_le32(value);
- return fw_cfg_add_bytes(s, key, (uint8_t *)copy, sizeof(value));
-}
-
-int fw_cfg_add_i64(FWCfgState *s, uint16_t key, uint64_t value)
-{
- uint64_t *copy;
-
- copy = g_malloc(sizeof(value));
- *copy = cpu_to_le64(value);
- return fw_cfg_add_bytes(s, key, (uint8_t *)copy, sizeof(value));
-}
-
-int fw_cfg_add_callback(FWCfgState *s, uint16_t key, FWCfgCallback callback,
- void *callback_opaque, uint8_t *data, size_t len)
-{
- int arch = !!(key & FW_CFG_ARCH_LOCAL);
-
- if (!(key & FW_CFG_WRITE_CHANNEL))
- return 0;
-
- key &= FW_CFG_ENTRY_MASK;
-
- if (key >= FW_CFG_MAX_ENTRY || len > 65535)
- return 0;
-
- s->entries[arch][key].data = data;
- s->entries[arch][key].len = len;
- s->entries[arch][key].callback_opaque = callback_opaque;
- s->entries[arch][key].callback = callback;
-
- return 1;
-}
-
-int fw_cfg_add_file(FWCfgState *s, const char *filename, uint8_t *data,
- uint32_t len)
-{
- int i, index;
-
- if (!s->files) {
- int dsize = sizeof(uint32_t) + sizeof(FWCfgFile) * FW_CFG_FILE_SLOTS;
- s->files = g_malloc0(dsize);
- fw_cfg_add_bytes(s, FW_CFG_FILE_DIR, (uint8_t*)s->files, dsize);
- }
-
- index = be32_to_cpu(s->files->count);
- if (index == FW_CFG_FILE_SLOTS) {
- fprintf(stderr, "fw_cfg: out of file slots\n");
- return 0;
- }
-
- fw_cfg_add_bytes(s, FW_CFG_FILE_FIRST + index, data, len);
-
- pstrcpy(s->files->f[index].name, sizeof(s->files->f[index].name),
- filename);
- for (i = 0; i < index; i++) {
- if (strcmp(s->files->f[index].name, s->files->f[i].name) == 0) {
- FW_CFG_DPRINTF("%s: skip duplicate: %s\n", __FUNCTION__,
- s->files->f[index].name);
- return 1;
- }
- }
-
- s->files->f[index].size = cpu_to_be32(len);
- s->files->f[index].select = cpu_to_be16(FW_CFG_FILE_FIRST + index);
- FW_CFG_DPRINTF("%s: #%d: %s (%d bytes)\n", __FUNCTION__,
- index, s->files->f[index].name, len);
-
- s->files->count = cpu_to_be32(index+1);
- return 1;
-}
-
-static void fw_cfg_machine_ready(struct Notifier *n, void *data)
-{
- uint32_t len;
- FWCfgState *s = container_of(n, FWCfgState, machine_ready);
- char *bootindex = get_boot_devices_list(&len);
-
- fw_cfg_add_file(s, "bootorder", (uint8_t*)bootindex, len);
-}
-
-FWCfgState *fw_cfg_init(uint32_t ctl_port, uint32_t data_port,
- hwaddr ctl_addr, hwaddr data_addr)
-{
- DeviceState *dev;
- SysBusDevice *d;
- FWCfgState *s;
-
- dev = qdev_create(NULL, "fw_cfg");
- qdev_prop_set_uint32(dev, "ctl_iobase", ctl_port);
- qdev_prop_set_uint32(dev, "data_iobase", data_port);
- qdev_init_nofail(dev);
- d = sysbus_from_qdev(dev);
-
- s = DO_UPCAST(FWCfgState, busdev.qdev, dev);
-
- if (ctl_addr) {
- sysbus_mmio_map(d, 0, ctl_addr);
- }
- if (data_addr) {
- sysbus_mmio_map(d, 1, data_addr);
- }
- fw_cfg_add_bytes(s, FW_CFG_SIGNATURE, (uint8_t *)"QEMU", 4);
- fw_cfg_add_bytes(s, FW_CFG_UUID, qemu_uuid, 16);
- fw_cfg_add_i16(s, FW_CFG_NOGRAPHIC, (uint16_t)(display_type == DT_NOGRAPHIC));
- fw_cfg_add_i16(s, FW_CFG_NB_CPUS, (uint16_t)smp_cpus);
- fw_cfg_add_i16(s, FW_CFG_MAX_CPUS, (uint16_t)max_cpus);
- fw_cfg_add_i16(s, FW_CFG_BOOT_MENU, (uint16_t)boot_menu);
- fw_cfg_bootsplash(s);
- fw_cfg_reboot(s);
-
- s->machine_ready.notify = fw_cfg_machine_ready;
- qemu_add_machine_init_done_notifier(&s->machine_ready);
-
- return s;
-}
-
-static int fw_cfg_init1(SysBusDevice *dev)
-{
- FWCfgState *s = FROM_SYSBUS(FWCfgState, dev);
-
- memory_region_init_io(&s->ctl_iomem, &fw_cfg_ctl_mem_ops, s,
- "fwcfg.ctl", FW_CFG_SIZE);
- sysbus_init_mmio(dev, &s->ctl_iomem);
- memory_region_init_io(&s->data_iomem, &fw_cfg_data_mem_ops, s,
- "fwcfg.data", FW_CFG_DATA_SIZE);
- sysbus_init_mmio(dev, &s->data_iomem);
- /* In case ctl and data overlap: */
- memory_region_init_io(&s->comb_iomem, &fw_cfg_comb_mem_ops, s,
- "fwcfg", FW_CFG_SIZE);
-
- if (s->ctl_iobase + 1 == s->data_iobase) {
- sysbus_add_io(dev, s->ctl_iobase, &s->comb_iomem);
- } else {
- if (s->ctl_iobase) {
- sysbus_add_io(dev, s->ctl_iobase, &s->ctl_iomem);
- }
- if (s->data_iobase) {
- sysbus_add_io(dev, s->data_iobase, &s->data_iomem);
- }
- }
- return 0;
-}
-
-static Property fw_cfg_properties[] = {
- DEFINE_PROP_HEX32("ctl_iobase", FWCfgState, ctl_iobase, -1),
- DEFINE_PROP_HEX32("data_iobase", FWCfgState, data_iobase, -1),
- DEFINE_PROP_END_OF_LIST(),
-};
-
-static void fw_cfg_class_init(ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS(klass);
- SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
-
- k->init = fw_cfg_init1;
- dc->no_user = 1;
- dc->reset = fw_cfg_reset;
- dc->vmsd = &vmstate_fw_cfg;
- dc->props = fw_cfg_properties;
-}
-
-static TypeInfo fw_cfg_info = {
- .name = "fw_cfg",
- .parent = TYPE_SYS_BUS_DEVICE,
- .instance_size = sizeof(FWCfgState),
- .class_init = fw_cfg_class_init,
-};
-
-static void fw_cfg_register_types(void)
-{
- type_register_static(&fw_cfg_info);
-}
-
-type_init(fw_cfg_register_types)
diff --git a/hw/fw_cfg.h b/hw/fw_cfg.h
deleted file mode 100644
index 619a39432..000000000
--- a/hw/fw_cfg.h
+++ /dev/null
@@ -1,70 +0,0 @@
-#ifndef FW_CFG_H
-#define FW_CFG_H
-
-#define FW_CFG_SIGNATURE 0x00
-#define FW_CFG_ID 0x01
-#define FW_CFG_UUID 0x02
-#define FW_CFG_RAM_SIZE 0x03
-#define FW_CFG_NOGRAPHIC 0x04
-#define FW_CFG_NB_CPUS 0x05
-#define FW_CFG_MACHINE_ID 0x06
-#define FW_CFG_KERNEL_ADDR 0x07
-#define FW_CFG_KERNEL_SIZE 0x08
-#define FW_CFG_KERNEL_CMDLINE 0x09
-#define FW_CFG_INITRD_ADDR 0x0a
-#define FW_CFG_INITRD_SIZE 0x0b
-#define FW_CFG_BOOT_DEVICE 0x0c
-#define FW_CFG_NUMA 0x0d
-#define FW_CFG_BOOT_MENU 0x0e
-#define FW_CFG_MAX_CPUS 0x0f
-#define FW_CFG_KERNEL_ENTRY 0x10
-#define FW_CFG_KERNEL_DATA 0x11
-#define FW_CFG_INITRD_DATA 0x12
-#define FW_CFG_CMDLINE_ADDR 0x13
-#define FW_CFG_CMDLINE_SIZE 0x14
-#define FW_CFG_CMDLINE_DATA 0x15
-#define FW_CFG_SETUP_ADDR 0x16
-#define FW_CFG_SETUP_SIZE 0x17
-#define FW_CFG_SETUP_DATA 0x18
-#define FW_CFG_FILE_DIR 0x19
-
-#define FW_CFG_FILE_FIRST 0x20
-#define FW_CFG_FILE_SLOTS 0x10
-#define FW_CFG_MAX_ENTRY (FW_CFG_FILE_FIRST+FW_CFG_FILE_SLOTS)
-
-#define FW_CFG_WRITE_CHANNEL 0x4000
-#define FW_CFG_ARCH_LOCAL 0x8000
-#define FW_CFG_ENTRY_MASK ~(FW_CFG_WRITE_CHANNEL | FW_CFG_ARCH_LOCAL)
-
-#define FW_CFG_INVALID 0xffff
-
-#ifndef NO_QEMU_PROTOS
-typedef struct FWCfgFile {
- uint32_t size; /* file size */
- uint16_t select; /* write this to 0x510 to read it */
- uint16_t reserved;
- char name[56];
-} FWCfgFile;
-
-typedef struct FWCfgFiles {
- uint32_t count;
- FWCfgFile f[];
-} FWCfgFiles;
-
-typedef void (*FWCfgCallback)(void *opaque, uint8_t *data);
-
-typedef struct FWCfgState FWCfgState;
-int fw_cfg_add_bytes(FWCfgState *s, uint16_t key, uint8_t *data, uint32_t len);
-int fw_cfg_add_i16(FWCfgState *s, uint16_t key, uint16_t value);
-int fw_cfg_add_i32(FWCfgState *s, uint16_t key, uint32_t value);
-int fw_cfg_add_i64(FWCfgState *s, uint16_t key, uint64_t value);
-int fw_cfg_add_callback(FWCfgState *s, uint16_t key, FWCfgCallback callback,
- void *callback_opaque, uint8_t *data, size_t len);
-int fw_cfg_add_file(FWCfgState *s, const char *filename, uint8_t *data,
- uint32_t len);
-FWCfgState *fw_cfg_init(uint32_t ctl_port, uint32_t data_port,
- hwaddr crl_addr, hwaddr data_addr);
-
-#endif /* NO_QEMU_PROTOS */
-
-#endif
diff --git a/hw/g364fb.c b/hw/g364fb.c
deleted file mode 100644
index 8192baf1c..000000000
--- a/hw/g364fb.c
+++ /dev/null
@@ -1,612 +0,0 @@
-/*
- * QEMU G364 framebuffer Emulator.
- *
- * Copyright (c) 2007-2011 Herve Poussineau
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License as
- * published by the Free Software Foundation; either version 2 of
- * the License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, see <http://www.gnu.org/licenses/>.
- */
-
-#include "hw.h"
-#include "console.h"
-#include "pixel_ops.h"
-#include "trace.h"
-#include "sysbus.h"
-
-typedef struct G364State {
- /* hardware */
- uint8_t *vram;
- uint32_t vram_size;
- qemu_irq irq;
- MemoryRegion mem_vram;
- MemoryRegion mem_ctrl;
- /* registers */
- uint8_t color_palette[256][3];
- uint8_t cursor_palette[3][3];
- uint16_t cursor[512];
- uint32_t cursor_position;
- uint32_t ctla;
- uint32_t top_of_screen;
- uint32_t width, height; /* in pixels */
- /* display refresh support */
- DisplayState *ds;
- int depth;
- int blanked;
-} G364State;
-
-#define REG_BOOT 0x000000
-#define REG_DISPLAY 0x000118
-#define REG_VDISPLAY 0x000150
-#define REG_CTLA 0x000300
-#define REG_TOP 0x000400
-#define REG_CURS_PAL 0x000508
-#define REG_CURS_POS 0x000638
-#define REG_CLR_PAL 0x000800
-#define REG_CURS_PAT 0x001000
-#define REG_RESET 0x100000
-
-#define CTLA_FORCE_BLANK 0x00000400
-#define CTLA_NO_CURSOR 0x00800000
-
-#define G364_PAGE_SIZE 4096
-
-static inline int check_dirty(G364State *s, ram_addr_t page)
-{
- return memory_region_get_dirty(&s->mem_vram, page, G364_PAGE_SIZE,
- DIRTY_MEMORY_VGA);
-}
-
-static inline void reset_dirty(G364State *s,
- ram_addr_t page_min, ram_addr_t page_max)
-{
- memory_region_reset_dirty(&s->mem_vram,
- page_min,
- page_max + G364_PAGE_SIZE - page_min - 1,
- DIRTY_MEMORY_VGA);
-}
-
-static void g364fb_draw_graphic8(G364State *s)
-{
- int i, w;
- uint8_t *vram;
- uint8_t *data_display, *dd;
- ram_addr_t page, page_min, page_max;
- int x, y;
- int xmin, xmax;
- int ymin, ymax;
- int xcursor, ycursor;
- unsigned int (*rgb_to_pixel)(unsigned int r, unsigned int g, unsigned int b);
-
- switch (ds_get_bits_per_pixel(s->ds)) {
- case 8:
- rgb_to_pixel = rgb_to_pixel8;
- w = 1;
- break;
- case 15:
- rgb_to_pixel = rgb_to_pixel15;
- w = 2;
- break;
- case 16:
- rgb_to_pixel = rgb_to_pixel16;
- w = 2;
- break;
- case 32:
- rgb_to_pixel = rgb_to_pixel32;
- w = 4;
- break;
- default:
- hw_error("g364: unknown host depth %d",
- ds_get_bits_per_pixel(s->ds));
- return;
- }
-
- page = 0;
- page_min = (ram_addr_t)-1;
- page_max = 0;
-
- x = y = 0;
- xmin = s->width;
- xmax = 0;
- ymin = s->height;
- ymax = 0;
-
- if (!(s->ctla & CTLA_NO_CURSOR)) {
- xcursor = s->cursor_position >> 12;
- ycursor = s->cursor_position & 0xfff;
- } else {
- xcursor = ycursor = -65;
- }
-
- vram = s->vram + s->top_of_screen;
- /* XXX: out of range in vram? */
- data_display = dd = ds_get_data(s->ds);
- while (y < s->height) {
- if (check_dirty(s, page)) {
- if (y < ymin)
- ymin = ymax = y;
- if (page_min == (ram_addr_t)-1)
- page_min = page;
- page_max = page;
- if (x < xmin)
- xmin = x;
- for (i = 0; i < G364_PAGE_SIZE; i++) {
- uint8_t index;
- unsigned int color;
- if (unlikely((y >= ycursor && y < ycursor + 64) &&
- (x >= xcursor && x < xcursor + 64))) {
- /* pointer area */
- int xdiff = x - xcursor;
- uint16_t curs = s->cursor[(y - ycursor) * 8 + xdiff / 8];
- int op = (curs >> ((xdiff & 7) * 2)) & 3;
- if (likely(op == 0)) {
- /* transparent */
- index = *vram;
- color = (*rgb_to_pixel)(
- s->color_palette[index][0],
- s->color_palette[index][1],
- s->color_palette[index][2]);
- } else {
- /* get cursor color */
- index = op - 1;
- color = (*rgb_to_pixel)(
- s->cursor_palette[index][0],
- s->cursor_palette[index][1],
- s->cursor_palette[index][2]);
- }
- } else {
- /* normal area */
- index = *vram;
- color = (*rgb_to_pixel)(
- s->color_palette[index][0],
- s->color_palette[index][1],
- s->color_palette[index][2]);
- }
- memcpy(dd, &color, w);
- dd += w;
- x++;
- vram++;
- if (x == s->width) {
- xmax = s->width - 1;
- y++;
- if (y == s->height) {
- ymax = s->height - 1;
- goto done;
- }
- data_display = dd = data_display + ds_get_linesize(s->ds);
- xmin = 0;
- x = 0;
- }
- }
- if (x > xmax)
- xmax = x;
- if (y > ymax)
- ymax = y;
- } else {
- int dy;
- if (page_min != (ram_addr_t)-1) {
- reset_dirty(s, page_min, page_max);
- page_min = (ram_addr_t)-1;
- page_max = 0;
- dpy_gfx_update(s->ds, xmin, ymin,
- xmax - xmin + 1, ymax - ymin + 1);
- xmin = s->width;
- xmax = 0;
- ymin = s->height;
- ymax = 0;
- }
- x += G364_PAGE_SIZE;
- dy = x / s->width;
- x = x % s->width;
- y += dy;
- vram += G364_PAGE_SIZE;
- data_display += dy * ds_get_linesize(s->ds);
- dd = data_display + x * w;
- }
- page += G364_PAGE_SIZE;
- }
-
-done:
- if (page_min != (ram_addr_t)-1) {
- dpy_gfx_update(s->ds, xmin, ymin, xmax - xmin + 1, ymax - ymin + 1);
- reset_dirty(s, page_min, page_max);
- }
-}
-
-static void g364fb_draw_blank(G364State *s)
-{
- int i, w;
- uint8_t *d;
-
- if (s->blanked) {
- /* Screen is already blank. No need to redraw it */
- return;
- }
-
- w = s->width * ((ds_get_bits_per_pixel(s->ds) + 7) >> 3);
- d = ds_get_data(s->ds);
- for (i = 0; i < s->height; i++) {
- memset(d, 0, w);
- d += ds_get_linesize(s->ds);
- }
-
- dpy_gfx_update(s->ds, 0, 0, s->width, s->height);
- s->blanked = 1;
-}
-
-static void g364fb_update_display(void *opaque)
-{
- G364State *s = opaque;
-
- qemu_flush_coalesced_mmio_buffer();
-
- if (s->width == 0 || s->height == 0)
- return;
-
- if (s->width != ds_get_width(s->ds) || s->height != ds_get_height(s->ds)) {
- qemu_console_resize(s->ds, s->width, s->height);
- }
-
- if (s->ctla & CTLA_FORCE_BLANK) {
- g364fb_draw_blank(s);
- } else if (s->depth == 8) {
- g364fb_draw_graphic8(s);
- } else {
- error_report("g364: unknown guest depth %d", s->depth);
- }
-
- qemu_irq_raise(s->irq);
-}
-
-static inline void g364fb_invalidate_display(void *opaque)
-{
- G364State *s = opaque;
-
- s->blanked = 0;
- memory_region_set_dirty(&s->mem_vram, 0, s->vram_size);
-}
-
-static void g364fb_reset(G364State *s)
-{
- qemu_irq_lower(s->irq);
-
- memset(s->color_palette, 0, sizeof(s->color_palette));
- memset(s->cursor_palette, 0, sizeof(s->cursor_palette));
- memset(s->cursor, 0, sizeof(s->cursor));
- s->cursor_position = 0;
- s->ctla = 0;
- s->top_of_screen = 0;
- s->width = s->height = 0;
- memset(s->vram, 0, s->vram_size);
- g364fb_invalidate_display(s);
-}
-
-static void g364fb_screen_dump(void *opaque, const char *filename, bool cswitch,
- Error **errp)
-{
- G364State *s = opaque;
- int ret, y, x;
- uint8_t index;
- uint8_t *data_buffer;
- FILE *f;
-
- qemu_flush_coalesced_mmio_buffer();
-
- if (s->depth != 8) {
- error_setg(errp, "g364: unknown guest depth %d", s->depth);
- return;
- }
-
- f = fopen(filename, "wb");
- if (!f) {
- error_setg(errp, "failed to open file '%s': %s", filename,
- strerror(errno));
- return;
- }
-
- if (s->ctla & CTLA_FORCE_BLANK) {
- /* blank screen */
- ret = fprintf(f, "P4\n%d %d\n", s->width, s->height);
- if (ret < 0) {
- goto write_err;
- }
- for (y = 0; y < s->height; y++)
- for (x = 0; x < s->width; x++) {
- ret = fputc(0, f);
- if (ret == EOF) {
- goto write_err;
- }
- }
- } else {
- data_buffer = s->vram + s->top_of_screen;
- ret = fprintf(f, "P6\n%d %d\n%d\n", s->width, s->height, 255);
- if (ret < 0) {
- goto write_err;
- }
- for (y = 0; y < s->height; y++)
- for (x = 0; x < s->width; x++, data_buffer++) {
- index = *data_buffer;
- ret = fputc(s->color_palette[index][0], f);
- if (ret == EOF) {
- goto write_err;
- }
- ret = fputc(s->color_palette[index][1], f);
- if (ret == EOF) {
- goto write_err;
- }
- ret = fputc(s->color_palette[index][2], f);
- if (ret == EOF) {
- goto write_err;
- }
- }
- }
-
-out:
- fclose(f);
- return;
-
-write_err:
- error_setg(errp, "failed to write to file '%s': %s", filename,
- strerror(errno));
- unlink(filename);
- goto out;
-}
-
-/* called for accesses to io ports */
-static uint64_t g364fb_ctrl_read(void *opaque,
- hwaddr addr,
- unsigned int size)
-{
- G364State *s = opaque;
- uint32_t val;
-
- if (addr >= REG_CURS_PAT && addr < REG_CURS_PAT + 0x1000) {
- /* cursor pattern */
- int idx = (addr - REG_CURS_PAT) >> 3;
- val = s->cursor[idx];
- } else if (addr >= REG_CURS_PAL && addr < REG_CURS_PAL + 0x18) {
- /* cursor palette */
- int idx = (addr - REG_CURS_PAL) >> 3;
- val = ((uint32_t)s->cursor_palette[idx][0] << 16);
- val |= ((uint32_t)s->cursor_palette[idx][1] << 8);
- val |= ((uint32_t)s->cursor_palette[idx][2] << 0);
- } else {
- switch (addr) {
- case REG_DISPLAY:
- val = s->width / 4;
- break;
- case REG_VDISPLAY:
- val = s->height * 2;
- break;
- case REG_CTLA:
- val = s->ctla;
- break;
- default:
- {
- error_report("g364: invalid read at [" TARGET_FMT_plx "]",
- addr);
- val = 0;
- break;
- }
- }
- }
-
- trace_g364fb_read(addr, val);
-
- return val;
-}
-
-static void g364fb_update_depth(G364State *s)
-{
- static const int depths[8] = { 1, 2, 4, 8, 15, 16, 0 };
- s->depth = depths[(s->ctla & 0x00700000) >> 20];
-}
-
-static void g364_invalidate_cursor_position(G364State *s)
-{
- int ymin, ymax, start, end;
-
- /* invalidate only near the cursor */
- ymin = s->cursor_position & 0xfff;
- ymax = MIN(s->height, ymin + 64);
- start = ymin * ds_get_linesize(s->ds);
- end = (ymax + 1) * ds_get_linesize(s->ds);
-
- memory_region_set_dirty(&s->mem_vram, start, end - start);
-}
-
-static void g364fb_ctrl_write(void *opaque,
- hwaddr addr,
- uint64_t val,
- unsigned int size)
-{
- G364State *s = opaque;
-
- trace_g364fb_write(addr, val);
-
- if (addr >= REG_CLR_PAL && addr < REG_CLR_PAL + 0x800) {
- /* color palette */
- int idx = (addr - REG_CLR_PAL) >> 3;
- s->color_palette[idx][0] = (val >> 16) & 0xff;
- s->color_palette[idx][1] = (val >> 8) & 0xff;
- s->color_palette[idx][2] = val & 0xff;
- g364fb_invalidate_display(s);
- } else if (addr >= REG_CURS_PAT && addr < REG_CURS_PAT + 0x1000) {
- /* cursor pattern */
- int idx = (addr - REG_CURS_PAT) >> 3;
- s->cursor[idx] = val;
- g364fb_invalidate_display(s);
- } else if (addr >= REG_CURS_PAL && addr < REG_CURS_PAL + 0x18) {
- /* cursor palette */
- int idx = (addr - REG_CURS_PAL) >> 3;
- s->cursor_palette[idx][0] = (val >> 16) & 0xff;
- s->cursor_palette[idx][1] = (val >> 8) & 0xff;
- s->cursor_palette[idx][2] = val & 0xff;
- g364fb_invalidate_display(s);
- } else {
- switch (addr) {
- case REG_BOOT: /* Boot timing */
- case 0x00108: /* Line timing: half sync */
- case 0x00110: /* Line timing: back porch */
- case 0x00120: /* Line timing: short display */
- case 0x00128: /* Frame timing: broad pulse */
- case 0x00130: /* Frame timing: v sync */
- case 0x00138: /* Frame timing: v preequalise */
- case 0x00140: /* Frame timing: v postequalise */
- case 0x00148: /* Frame timing: v blank */
- case 0x00158: /* Line timing: line time */
- case 0x00160: /* Frame store: line start */
- case 0x00168: /* vram cycle: mem init */
- case 0x00170: /* vram cycle: transfer delay */
- case 0x00200: /* vram cycle: mask register */
- /* ignore */
- break;
- case REG_TOP:
- s->top_of_screen = val;
- g364fb_invalidate_display(s);
- break;
- case REG_DISPLAY:
- s->width = val * 4;
- break;
- case REG_VDISPLAY:
- s->height = val / 2;
- break;
- case REG_CTLA:
- s->ctla = val;
- g364fb_update_depth(s);
- g364fb_invalidate_display(s);
- break;
- case REG_CURS_POS:
- g364_invalidate_cursor_position(s);
- s->cursor_position = val;
- g364_invalidate_cursor_position(s);
- break;
- case REG_RESET:
- g364fb_reset(s);
- break;
- default:
- error_report("g364: invalid write of 0x%" PRIx64
- " at [" TARGET_FMT_plx "]", val, addr);
- break;
- }
- }
- qemu_irq_lower(s->irq);
-}
-
-static const MemoryRegionOps g364fb_ctrl_ops = {
- .read = g364fb_ctrl_read,
- .write = g364fb_ctrl_write,
- .endianness = DEVICE_LITTLE_ENDIAN,
- .impl.min_access_size = 4,
- .impl.max_access_size = 4,
-};
-
-static int g364fb_post_load(void *opaque, int version_id)
-{
- G364State *s = opaque;
-
- /* force refresh */
- g364fb_update_depth(s);
- g364fb_invalidate_display(s);
-
- return 0;
-}
-
-static const VMStateDescription vmstate_g364fb = {
- .name = "g364fb",
- .version_id = 1,
- .minimum_version_id = 1,
- .minimum_version_id_old = 1,
- .post_load = g364fb_post_load,
- .fields = (VMStateField[]) {
- VMSTATE_VBUFFER_UINT32(vram, G364State, 1, NULL, 0, vram_size),
- VMSTATE_BUFFER_UNSAFE(color_palette, G364State, 0, 256 * 3),
- VMSTATE_BUFFER_UNSAFE(cursor_palette, G364State, 0, 9),
- VMSTATE_UINT16_ARRAY(cursor, G364State, 512),
- VMSTATE_UINT32(cursor_position, G364State),
- VMSTATE_UINT32(ctla, G364State),
- VMSTATE_UINT32(top_of_screen, G364State),
- VMSTATE_UINT32(width, G364State),
- VMSTATE_UINT32(height, G364State),
- VMSTATE_END_OF_LIST()
- }
-};
-
-static void g364fb_init(DeviceState *dev, G364State *s)
-{
- s->vram = g_malloc0(s->vram_size);
-
- s->ds = graphic_console_init(g364fb_update_display,
- g364fb_invalidate_display,
- g364fb_screen_dump, NULL, s);
-
- memory_region_init_io(&s->mem_ctrl, &g364fb_ctrl_ops, s, "ctrl", 0x180000);
- memory_region_init_ram_ptr(&s->mem_vram, "vram",
- s->vram_size, s->vram);
- vmstate_register_ram(&s->mem_vram, dev);
- memory_region_set_coalescing(&s->mem_vram);
-}
-
-typedef struct {
- SysBusDevice busdev;
- G364State g364;
-} G364SysBusState;
-
-static int g364fb_sysbus_init(SysBusDevice *dev)
-{
- G364State *s = &FROM_SYSBUS(G364SysBusState, dev)->g364;
-
- g364fb_init(&dev->qdev, s);
- sysbus_init_irq(dev, &s->irq);
- sysbus_init_mmio(dev, &s->mem_ctrl);
- sysbus_init_mmio(dev, &s->mem_vram);
-
- return 0;
-}
-
-static void g364fb_sysbus_reset(DeviceState *d)
-{
- G364SysBusState *s = DO_UPCAST(G364SysBusState, busdev.qdev, d);
- g364fb_reset(&s->g364);
-}
-
-static Property g364fb_sysbus_properties[] = {
- DEFINE_PROP_HEX32("vram_size", G364SysBusState, g364.vram_size,
- 8 * 1024 * 1024),
- DEFINE_PROP_END_OF_LIST(),
-};
-
-static void g364fb_sysbus_class_init(ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS(klass);
- SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
-
- k->init = g364fb_sysbus_init;
- dc->desc = "G364 framebuffer";
- dc->reset = g364fb_sysbus_reset;
- dc->vmsd = &vmstate_g364fb;
- dc->props = g364fb_sysbus_properties;
-}
-
-static TypeInfo g364fb_sysbus_info = {
- .name = "sysbus-g364",
- .parent = TYPE_SYS_BUS_DEVICE,
- .instance_size = sizeof(G364SysBusState),
- .class_init = g364fb_sysbus_class_init,
-};
-
-static void g364fb_register_types(void)
-{
- type_register_static(&g364fb_sysbus_info);
-}
-
-type_init(g364fb_register_types)
diff --git a/hw/gpio/Makefile.objs b/hw/gpio/Makefile.objs
new file mode 100644
index 000000000..2c8b51f09
--- /dev/null
+++ b/hw/gpio/Makefile.objs
@@ -0,0 +1,6 @@
+common-obj-$(CONFIG_MAX7310) += max7310.o
+common-obj-$(CONFIG_PL061) += pl061.o
+common-obj-$(CONFIG_PUV3) += puv3_gpio.o
+common-obj-$(CONFIG_ZAURUS) += zaurus.o
+
+obj-$(CONFIG_OMAP) += omap_gpio.o
diff --git a/hw/gpio/max7310.c b/hw/gpio/max7310.c
new file mode 100644
index 000000000..59b287703
--- /dev/null
+++ b/hw/gpio/max7310.c
@@ -0,0 +1,213 @@
+/*
+ * MAX7310 8-port GPIO expansion chip.
+ *
+ * Copyright (c) 2006 Openedhand Ltd.
+ * Written by Andrzej Zaborowski <balrog@zabor.org>
+ *
+ * This file is licensed under GNU GPL.
+ */
+
+#include "hw/i2c/i2c.h"
+
+typedef struct {
+ I2CSlave i2c;
+ int i2c_command_byte;
+ int len;
+
+ uint8_t level;
+ uint8_t direction;
+ uint8_t polarity;
+ uint8_t status;
+ uint8_t command;
+ qemu_irq handler[8];
+ qemu_irq *gpio_in;
+} MAX7310State;
+
+static void max7310_reset(DeviceState *dev)
+{
+ MAX7310State *s = FROM_I2C_SLAVE(MAX7310State, I2C_SLAVE(dev));
+ s->level &= s->direction;
+ s->direction = 0xff;
+ s->polarity = 0xf0;
+ s->status = 0x01;
+ s->command = 0x00;
+}
+
+static int max7310_rx(I2CSlave *i2c)
+{
+ MAX7310State *s = (MAX7310State *) i2c;
+
+ switch (s->command) {
+ case 0x00: /* Input port */
+ return s->level ^ s->polarity;
+ break;
+
+ case 0x01: /* Output port */
+ return s->level & ~s->direction;
+ break;
+
+ case 0x02: /* Polarity inversion */
+ return s->polarity;
+
+ case 0x03: /* Configuration */
+ return s->direction;
+
+ case 0x04: /* Timeout */
+ return s->status;
+ break;
+
+ case 0xff: /* Reserved */
+ return 0xff;
+
+ default:
+#ifdef VERBOSE
+ printf("%s: unknown register %02x\n", __FUNCTION__, s->command);
+#endif
+ break;
+ }
+ return 0xff;
+}
+
+static int max7310_tx(I2CSlave *i2c, uint8_t data)
+{
+ MAX7310State *s = (MAX7310State *) i2c;
+ uint8_t diff;
+ int line;
+
+ if (s->len ++ > 1) {
+#ifdef VERBOSE
+ printf("%s: message too long (%i bytes)\n", __FUNCTION__, s->len);
+#endif
+ return 1;
+ }
+
+ if (s->i2c_command_byte) {
+ s->command = data;
+ s->i2c_command_byte = 0;
+ return 0;
+ }
+
+ switch (s->command) {
+ case 0x01: /* Output port */
+ for (diff = (data ^ s->level) & ~s->direction; diff;
+ diff &= ~(1 << line)) {
+ line = ffs(diff) - 1;
+ if (s->handler[line])
+ qemu_set_irq(s->handler[line], (data >> line) & 1);
+ }
+ s->level = (s->level & s->direction) | (data & ~s->direction);
+ break;
+
+ case 0x02: /* Polarity inversion */
+ s->polarity = data;
+ break;
+
+ case 0x03: /* Configuration */
+ s->level &= ~(s->direction ^ data);
+ s->direction = data;
+ break;
+
+ case 0x04: /* Timeout */
+ s->status = data;
+ break;
+
+ case 0x00: /* Input port - ignore writes */
+ break;
+ default:
+#ifdef VERBOSE
+ printf("%s: unknown register %02x\n", __FUNCTION__, s->command);
+#endif
+ return 1;
+ }
+
+ return 0;
+}
+
+static void max7310_event(I2CSlave *i2c, enum i2c_event event)
+{
+ MAX7310State *s = (MAX7310State *) i2c;
+ s->len = 0;
+
+ switch (event) {
+ case I2C_START_SEND:
+ s->i2c_command_byte = 1;
+ break;
+ case I2C_FINISH:
+#ifdef VERBOSE
+ if (s->len == 1)
+ printf("%s: message too short (%i bytes)\n", __FUNCTION__, s->len);
+#endif
+ break;
+ default:
+ break;
+ }
+}
+
+static const VMStateDescription vmstate_max7310 = {
+ .name = "max7310",
+ .version_id = 0,
+ .minimum_version_id = 0,
+ .minimum_version_id_old = 0,
+ .fields = (VMStateField []) {
+ VMSTATE_INT32(i2c_command_byte, MAX7310State),
+ VMSTATE_INT32(len, MAX7310State),
+ VMSTATE_UINT8(level, MAX7310State),
+ VMSTATE_UINT8(direction, MAX7310State),
+ VMSTATE_UINT8(polarity, MAX7310State),
+ VMSTATE_UINT8(status, MAX7310State),
+ VMSTATE_UINT8(command, MAX7310State),
+ VMSTATE_I2C_SLAVE(i2c, MAX7310State),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+static void max7310_gpio_set(void *opaque, int line, int level)
+{
+ MAX7310State *s = (MAX7310State *) opaque;
+ if (line >= ARRAY_SIZE(s->handler) || line < 0)
+ hw_error("bad GPIO line");
+
+ if (level)
+ s->level |= s->direction & (1 << line);
+ else
+ s->level &= ~(s->direction & (1 << line));
+}
+
+/* MAX7310 is SMBus-compatible (can be used with only SMBus protocols),
+ * but also accepts sequences that are not SMBus so return an I2C device. */
+static int max7310_init(I2CSlave *i2c)
+{
+ MAX7310State *s = FROM_I2C_SLAVE(MAX7310State, i2c);
+
+ qdev_init_gpio_in(&i2c->qdev, max7310_gpio_set, 8);
+ qdev_init_gpio_out(&i2c->qdev, s->handler, 8);
+
+ return 0;
+}
+
+static void max7310_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ I2CSlaveClass *k = I2C_SLAVE_CLASS(klass);
+
+ k->init = max7310_init;
+ k->event = max7310_event;
+ k->recv = max7310_rx;
+ k->send = max7310_tx;
+ dc->reset = max7310_reset;
+ dc->vmsd = &vmstate_max7310;
+}
+
+static const TypeInfo max7310_info = {
+ .name = "max7310",
+ .parent = TYPE_I2C_SLAVE,
+ .instance_size = sizeof(MAX7310State),
+ .class_init = max7310_class_init,
+};
+
+static void max7310_register_types(void)
+{
+ type_register_static(&max7310_info);
+}
+
+type_init(max7310_register_types)
diff --git a/hw/gpio/omap_gpio.c b/hw/gpio/omap_gpio.c
new file mode 100644
index 000000000..b8f572bb7
--- /dev/null
+++ b/hw/gpio/omap_gpio.c
@@ -0,0 +1,806 @@
+/*
+ * TI OMAP processors GPIO emulation.
+ *
+ * Copyright (C) 2006-2008 Andrzej Zaborowski <balrog@zabor.org>
+ * Copyright (C) 2007-2009 Nokia Corporation
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License as
+ * published by the Free Software Foundation; either version 2 or
+ * (at your option) version 3 of the License.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "hw/hw.h"
+#include "hw/arm/omap.h"
+#include "hw/sysbus.h"
+
+struct omap_gpio_s {
+ qemu_irq irq;
+ qemu_irq handler[16];
+
+ uint16_t inputs;
+ uint16_t outputs;
+ uint16_t dir;
+ uint16_t edge;
+ uint16_t mask;
+ uint16_t ints;
+ uint16_t pins;
+};
+
+#define TYPE_OMAP1_GPIO "omap-gpio"
+#define OMAP1_GPIO(obj) \
+ OBJECT_CHECK(struct omap_gpif_s, (obj), TYPE_OMAP1_GPIO)
+
+struct omap_gpif_s {
+ SysBusDevice parent_obj;
+
+ MemoryRegion iomem;
+ int mpu_model;
+ void *clk;
+ struct omap_gpio_s omap1;
+};
+
+/* General-Purpose I/O of OMAP1 */
+static void omap_gpio_set(void *opaque, int line, int level)
+{
+ struct omap_gpio_s *s = &((struct omap_gpif_s *) opaque)->omap1;
+ uint16_t prev = s->inputs;
+
+ if (level)
+ s->inputs |= 1 << line;
+ else
+ s->inputs &= ~(1 << line);
+
+ if (((s->edge & s->inputs & ~prev) | (~s->edge & ~s->inputs & prev)) &
+ (1 << line) & s->dir & ~s->mask) {
+ s->ints |= 1 << line;
+ qemu_irq_raise(s->irq);
+ }
+}
+
+static uint64_t omap_gpio_read(void *opaque, hwaddr addr,
+ unsigned size)
+{
+ struct omap_gpio_s *s = (struct omap_gpio_s *) opaque;
+ int offset = addr & OMAP_MPUI_REG_MASK;
+
+ if (size != 2) {
+ return omap_badwidth_read16(opaque, addr);
+ }
+
+ switch (offset) {
+ case 0x00: /* DATA_INPUT */
+ return s->inputs & s->pins;
+
+ case 0x04: /* DATA_OUTPUT */
+ return s->outputs;
+
+ case 0x08: /* DIRECTION_CONTROL */
+ return s->dir;
+
+ case 0x0c: /* INTERRUPT_CONTROL */
+ return s->edge;
+
+ case 0x10: /* INTERRUPT_MASK */
+ return s->mask;
+
+ case 0x14: /* INTERRUPT_STATUS */
+ return s->ints;
+
+ case 0x18: /* PIN_CONTROL (not in OMAP310) */
+ OMAP_BAD_REG(addr);
+ return s->pins;
+ }
+
+ OMAP_BAD_REG(addr);
+ return 0;
+}
+
+static void omap_gpio_write(void *opaque, hwaddr addr,
+ uint64_t value, unsigned size)
+{
+ struct omap_gpio_s *s = (struct omap_gpio_s *) opaque;
+ int offset = addr & OMAP_MPUI_REG_MASK;
+ uint16_t diff;
+ int ln;
+
+ if (size != 2) {
+ return omap_badwidth_write16(opaque, addr, value);
+ }
+
+ switch (offset) {
+ case 0x00: /* DATA_INPUT */
+ OMAP_RO_REG(addr);
+ return;
+
+ case 0x04: /* DATA_OUTPUT */
+ diff = (s->outputs ^ value) & ~s->dir;
+ s->outputs = value;
+ while ((ln = ffs(diff))) {
+ ln --;
+ if (s->handler[ln])
+ qemu_set_irq(s->handler[ln], (value >> ln) & 1);
+ diff &= ~(1 << ln);
+ }
+ break;
+
+ case 0x08: /* DIRECTION_CONTROL */
+ diff = s->outputs & (s->dir ^ value);
+ s->dir = value;
+
+ value = s->outputs & ~s->dir;
+ while ((ln = ffs(diff))) {
+ ln --;
+ if (s->handler[ln])
+ qemu_set_irq(s->handler[ln], (value >> ln) & 1);
+ diff &= ~(1 << ln);
+ }
+ break;
+
+ case 0x0c: /* INTERRUPT_CONTROL */
+ s->edge = value;
+ break;
+
+ case 0x10: /* INTERRUPT_MASK */
+ s->mask = value;
+ break;
+
+ case 0x14: /* INTERRUPT_STATUS */
+ s->ints &= ~value;
+ if (!s->ints)
+ qemu_irq_lower(s->irq);
+ break;
+
+ case 0x18: /* PIN_CONTROL (not in OMAP310 TRM) */
+ OMAP_BAD_REG(addr);
+ s->pins = value;
+ break;
+
+ default:
+ OMAP_BAD_REG(addr);
+ return;
+ }
+}
+
+/* *Some* sources say the memory region is 32-bit. */
+static const MemoryRegionOps omap_gpio_ops = {
+ .read = omap_gpio_read,
+ .write = omap_gpio_write,
+ .endianness = DEVICE_NATIVE_ENDIAN,
+};
+
+static void omap_gpio_reset(struct omap_gpio_s *s)
+{
+ s->inputs = 0;
+ s->outputs = ~0;
+ s->dir = ~0;
+ s->edge = ~0;
+ s->mask = ~0;
+ s->ints = 0;
+ s->pins = ~0;
+}
+
+struct omap2_gpio_s {
+ qemu_irq irq[2];
+ qemu_irq wkup;
+ qemu_irq *handler;
+ MemoryRegion iomem;
+
+ uint8_t revision;
+ uint8_t config[2];
+ uint32_t inputs;
+ uint32_t outputs;
+ uint32_t dir;
+ uint32_t level[2];
+ uint32_t edge[2];
+ uint32_t mask[2];
+ uint32_t wumask;
+ uint32_t ints[2];
+ uint32_t debounce;
+ uint8_t delay;
+};
+
+#define TYPE_OMAP2_GPIO "omap2-gpio"
+#define OMAP2_GPIO(obj) \
+ OBJECT_CHECK(struct omap2_gpif_s, (obj), TYPE_OMAP2_GPIO)
+
+struct omap2_gpif_s {
+ SysBusDevice parent_obj;
+
+ MemoryRegion iomem;
+ int mpu_model;
+ void *iclk;
+ void *fclk[6];
+ int modulecount;
+ struct omap2_gpio_s *modules;
+ qemu_irq *handler;
+ int autoidle;
+ int gpo;
+};
+
+/* General-Purpose Interface of OMAP2/3 */
+static inline void omap2_gpio_module_int_update(struct omap2_gpio_s *s,
+ int line)
+{
+ qemu_set_irq(s->irq[line], s->ints[line] & s->mask[line]);
+}
+
+static void omap2_gpio_module_wake(struct omap2_gpio_s *s, int line)
+{
+ if (!(s->config[0] & (1 << 2))) /* ENAWAKEUP */
+ return;
+ if (!(s->config[0] & (3 << 3))) /* Force Idle */
+ return;
+ if (!(s->wumask & (1 << line)))
+ return;
+
+ qemu_irq_raise(s->wkup);
+}
+
+static inline void omap2_gpio_module_out_update(struct omap2_gpio_s *s,
+ uint32_t diff)
+{
+ int ln;
+
+ s->outputs ^= diff;
+ diff &= ~s->dir;
+ while ((ln = ffs(diff))) {
+ ln --;
+ qemu_set_irq(s->handler[ln], (s->outputs >> ln) & 1);
+ diff &= ~(1 << ln);
+ }
+}
+
+static void omap2_gpio_module_level_update(struct omap2_gpio_s *s, int line)
+{
+ s->ints[line] |= s->dir &
+ ((s->inputs & s->level[1]) | (~s->inputs & s->level[0]));
+ omap2_gpio_module_int_update(s, line);
+}
+
+static inline void omap2_gpio_module_int(struct omap2_gpio_s *s, int line)
+{
+ s->ints[0] |= 1 << line;
+ omap2_gpio_module_int_update(s, 0);
+ s->ints[1] |= 1 << line;
+ omap2_gpio_module_int_update(s, 1);
+ omap2_gpio_module_wake(s, line);
+}
+
+static void omap2_gpio_set(void *opaque, int line, int level)
+{
+ struct omap2_gpif_s *p = opaque;
+ struct omap2_gpio_s *s = &p->modules[line >> 5];
+
+ line &= 31;
+ if (level) {
+ if (s->dir & (1 << line) & ((~s->inputs & s->edge[0]) | s->level[1]))
+ omap2_gpio_module_int(s, line);
+ s->inputs |= 1 << line;
+ } else {
+ if (s->dir & (1 << line) & ((s->inputs & s->edge[1]) | s->level[0]))
+ omap2_gpio_module_int(s, line);
+ s->inputs &= ~(1 << line);
+ }
+}
+
+static void omap2_gpio_module_reset(struct omap2_gpio_s *s)
+{
+ s->config[0] = 0;
+ s->config[1] = 2;
+ s->ints[0] = 0;
+ s->ints[1] = 0;
+ s->mask[0] = 0;
+ s->mask[1] = 0;
+ s->wumask = 0;
+ s->dir = ~0;
+ s->level[0] = 0;
+ s->level[1] = 0;
+ s->edge[0] = 0;
+ s->edge[1] = 0;
+ s->debounce = 0;
+ s->delay = 0;
+}
+
+static uint32_t omap2_gpio_module_read(void *opaque, hwaddr addr)
+{
+ struct omap2_gpio_s *s = (struct omap2_gpio_s *) opaque;
+
+ switch (addr) {
+ case 0x00: /* GPIO_REVISION */
+ return s->revision;
+
+ case 0x10: /* GPIO_SYSCONFIG */
+ return s->config[0];
+
+ case 0x14: /* GPIO_SYSSTATUS */
+ return 0x01;
+
+ case 0x18: /* GPIO_IRQSTATUS1 */
+ return s->ints[0];
+
+ case 0x1c: /* GPIO_IRQENABLE1 */
+ case 0x60: /* GPIO_CLEARIRQENABLE1 */
+ case 0x64: /* GPIO_SETIRQENABLE1 */
+ return s->mask[0];
+
+ case 0x20: /* GPIO_WAKEUPENABLE */
+ case 0x80: /* GPIO_CLEARWKUENA */
+ case 0x84: /* GPIO_SETWKUENA */
+ return s->wumask;
+
+ case 0x28: /* GPIO_IRQSTATUS2 */
+ return s->ints[1];
+
+ case 0x2c: /* GPIO_IRQENABLE2 */
+ case 0x70: /* GPIO_CLEARIRQENABLE2 */
+ case 0x74: /* GPIO_SETIREQNEABLE2 */
+ return s->mask[1];
+
+ case 0x30: /* GPIO_CTRL */
+ return s->config[1];
+
+ case 0x34: /* GPIO_OE */
+ return s->dir;
+
+ case 0x38: /* GPIO_DATAIN */
+ return s->inputs;
+
+ case 0x3c: /* GPIO_DATAOUT */
+ case 0x90: /* GPIO_CLEARDATAOUT */
+ case 0x94: /* GPIO_SETDATAOUT */
+ return s->outputs;
+
+ case 0x40: /* GPIO_LEVELDETECT0 */
+ return s->level[0];
+
+ case 0x44: /* GPIO_LEVELDETECT1 */
+ return s->level[1];
+
+ case 0x48: /* GPIO_RISINGDETECT */
+ return s->edge[0];
+
+ case 0x4c: /* GPIO_FALLINGDETECT */
+ return s->edge[1];
+
+ case 0x50: /* GPIO_DEBOUNCENABLE */
+ return s->debounce;
+
+ case 0x54: /* GPIO_DEBOUNCINGTIME */
+ return s->delay;
+ }
+
+ OMAP_BAD_REG(addr);
+ return 0;
+}
+
+static void omap2_gpio_module_write(void *opaque, hwaddr addr,
+ uint32_t value)
+{
+ struct omap2_gpio_s *s = (struct omap2_gpio_s *) opaque;
+ uint32_t diff;
+ int ln;
+
+ switch (addr) {
+ case 0x00: /* GPIO_REVISION */
+ case 0x14: /* GPIO_SYSSTATUS */
+ case 0x38: /* GPIO_DATAIN */
+ OMAP_RO_REG(addr);
+ break;
+
+ case 0x10: /* GPIO_SYSCONFIG */
+ if (((value >> 3) & 3) == 3)
+ fprintf(stderr, "%s: bad IDLEMODE value\n", __FUNCTION__);
+ if (value & 2)
+ omap2_gpio_module_reset(s);
+ s->config[0] = value & 0x1d;
+ break;
+
+ case 0x18: /* GPIO_IRQSTATUS1 */
+ if (s->ints[0] & value) {
+ s->ints[0] &= ~value;
+ omap2_gpio_module_level_update(s, 0);
+ }
+ break;
+
+ case 0x1c: /* GPIO_IRQENABLE1 */
+ s->mask[0] = value;
+ omap2_gpio_module_int_update(s, 0);
+ break;
+
+ case 0x20: /* GPIO_WAKEUPENABLE */
+ s->wumask = value;
+ break;
+
+ case 0x28: /* GPIO_IRQSTATUS2 */
+ if (s->ints[1] & value) {
+ s->ints[1] &= ~value;
+ omap2_gpio_module_level_update(s, 1);
+ }
+ break;
+
+ case 0x2c: /* GPIO_IRQENABLE2 */
+ s->mask[1] = value;
+ omap2_gpio_module_int_update(s, 1);
+ break;
+
+ case 0x30: /* GPIO_CTRL */
+ s->config[1] = value & 7;
+ break;
+
+ case 0x34: /* GPIO_OE */
+ diff = s->outputs & (s->dir ^ value);
+ s->dir = value;
+
+ value = s->outputs & ~s->dir;
+ while ((ln = ffs(diff))) {
+ diff &= ~(1 <<-- ln);
+ qemu_set_irq(s->handler[ln], (value >> ln) & 1);
+ }
+
+ omap2_gpio_module_level_update(s, 0);
+ omap2_gpio_module_level_update(s, 1);
+ break;
+
+ case 0x3c: /* GPIO_DATAOUT */
+ omap2_gpio_module_out_update(s, s->outputs ^ value);
+ break;
+
+ case 0x40: /* GPIO_LEVELDETECT0 */
+ s->level[0] = value;
+ omap2_gpio_module_level_update(s, 0);
+ omap2_gpio_module_level_update(s, 1);
+ break;
+
+ case 0x44: /* GPIO_LEVELDETECT1 */
+ s->level[1] = value;
+ omap2_gpio_module_level_update(s, 0);
+ omap2_gpio_module_level_update(s, 1);
+ break;
+
+ case 0x48: /* GPIO_RISINGDETECT */
+ s->edge[0] = value;
+ break;
+
+ case 0x4c: /* GPIO_FALLINGDETECT */
+ s->edge[1] = value;
+ break;
+
+ case 0x50: /* GPIO_DEBOUNCENABLE */
+ s->debounce = value;
+ break;
+
+ case 0x54: /* GPIO_DEBOUNCINGTIME */
+ s->delay = value;
+ break;
+
+ case 0x60: /* GPIO_CLEARIRQENABLE1 */
+ s->mask[0] &= ~value;
+ omap2_gpio_module_int_update(s, 0);
+ break;
+
+ case 0x64: /* GPIO_SETIRQENABLE1 */
+ s->mask[0] |= value;
+ omap2_gpio_module_int_update(s, 0);
+ break;
+
+ case 0x70: /* GPIO_CLEARIRQENABLE2 */
+ s->mask[1] &= ~value;
+ omap2_gpio_module_int_update(s, 1);
+ break;
+
+ case 0x74: /* GPIO_SETIREQNEABLE2 */
+ s->mask[1] |= value;
+ omap2_gpio_module_int_update(s, 1);
+ break;
+
+ case 0x80: /* GPIO_CLEARWKUENA */
+ s->wumask &= ~value;
+ break;
+
+ case 0x84: /* GPIO_SETWKUENA */
+ s->wumask |= value;
+ break;
+
+ case 0x90: /* GPIO_CLEARDATAOUT */
+ omap2_gpio_module_out_update(s, s->outputs & value);
+ break;
+
+ case 0x94: /* GPIO_SETDATAOUT */
+ omap2_gpio_module_out_update(s, ~s->outputs & value);
+ break;
+
+ default:
+ OMAP_BAD_REG(addr);
+ return;
+ }
+}
+
+static uint32_t omap2_gpio_module_readp(void *opaque, hwaddr addr)
+{
+ return omap2_gpio_module_read(opaque, addr & ~3) >> ((addr & 3) << 3);
+}
+
+static void omap2_gpio_module_writep(void *opaque, hwaddr addr,
+ uint32_t value)
+{
+ uint32_t cur = 0;
+ uint32_t mask = 0xffff;
+
+ switch (addr & ~3) {
+ case 0x00: /* GPIO_REVISION */
+ case 0x14: /* GPIO_SYSSTATUS */
+ case 0x38: /* GPIO_DATAIN */
+ OMAP_RO_REG(addr);
+ break;
+
+ case 0x10: /* GPIO_SYSCONFIG */
+ case 0x1c: /* GPIO_IRQENABLE1 */
+ case 0x20: /* GPIO_WAKEUPENABLE */
+ case 0x2c: /* GPIO_IRQENABLE2 */
+ case 0x30: /* GPIO_CTRL */
+ case 0x34: /* GPIO_OE */
+ case 0x3c: /* GPIO_DATAOUT */
+ case 0x40: /* GPIO_LEVELDETECT0 */
+ case 0x44: /* GPIO_LEVELDETECT1 */
+ case 0x48: /* GPIO_RISINGDETECT */
+ case 0x4c: /* GPIO_FALLINGDETECT */
+ case 0x50: /* GPIO_DEBOUNCENABLE */
+ case 0x54: /* GPIO_DEBOUNCINGTIME */
+ cur = omap2_gpio_module_read(opaque, addr & ~3) &
+ ~(mask << ((addr & 3) << 3));
+
+ /* Fall through. */
+ case 0x18: /* GPIO_IRQSTATUS1 */
+ case 0x28: /* GPIO_IRQSTATUS2 */
+ case 0x60: /* GPIO_CLEARIRQENABLE1 */
+ case 0x64: /* GPIO_SETIRQENABLE1 */
+ case 0x70: /* GPIO_CLEARIRQENABLE2 */
+ case 0x74: /* GPIO_SETIREQNEABLE2 */
+ case 0x80: /* GPIO_CLEARWKUENA */
+ case 0x84: /* GPIO_SETWKUENA */
+ case 0x90: /* GPIO_CLEARDATAOUT */
+ case 0x94: /* GPIO_SETDATAOUT */
+ value <<= (addr & 3) << 3;
+ omap2_gpio_module_write(opaque, addr, cur | value);
+ break;
+
+ default:
+ OMAP_BAD_REG(addr);
+ return;
+ }
+}
+
+static const MemoryRegionOps omap2_gpio_module_ops = {
+ .old_mmio = {
+ .read = {
+ omap2_gpio_module_readp,
+ omap2_gpio_module_readp,
+ omap2_gpio_module_read,
+ },
+ .write = {
+ omap2_gpio_module_writep,
+ omap2_gpio_module_writep,
+ omap2_gpio_module_write,
+ },
+ },
+ .endianness = DEVICE_NATIVE_ENDIAN,
+};
+
+static void omap_gpif_reset(DeviceState *dev)
+{
+ struct omap_gpif_s *s = OMAP1_GPIO(dev);
+
+ omap_gpio_reset(&s->omap1);
+}
+
+static void omap2_gpif_reset(DeviceState *dev)
+{
+ struct omap2_gpif_s *s = OMAP2_GPIO(dev);
+ int i;
+
+ for (i = 0; i < s->modulecount; i++) {
+ omap2_gpio_module_reset(&s->modules[i]);
+ }
+ s->autoidle = 0;
+ s->gpo = 0;
+}
+
+static uint64_t omap2_gpif_top_read(void *opaque, hwaddr addr,
+ unsigned size)
+{
+ struct omap2_gpif_s *s = (struct omap2_gpif_s *) opaque;
+
+ switch (addr) {
+ case 0x00: /* IPGENERICOCPSPL_REVISION */
+ return 0x18;
+
+ case 0x10: /* IPGENERICOCPSPL_SYSCONFIG */
+ return s->autoidle;
+
+ case 0x14: /* IPGENERICOCPSPL_SYSSTATUS */
+ return 0x01;
+
+ case 0x18: /* IPGENERICOCPSPL_IRQSTATUS */
+ return 0x00;
+
+ case 0x40: /* IPGENERICOCPSPL_GPO */
+ return s->gpo;
+
+ case 0x50: /* IPGENERICOCPSPL_GPI */
+ return 0x00;
+ }
+
+ OMAP_BAD_REG(addr);
+ return 0;
+}
+
+static void omap2_gpif_top_write(void *opaque, hwaddr addr,
+ uint64_t value, unsigned size)
+{
+ struct omap2_gpif_s *s = (struct omap2_gpif_s *) opaque;
+
+ switch (addr) {
+ case 0x00: /* IPGENERICOCPSPL_REVISION */
+ case 0x14: /* IPGENERICOCPSPL_SYSSTATUS */
+ case 0x18: /* IPGENERICOCPSPL_IRQSTATUS */
+ case 0x50: /* IPGENERICOCPSPL_GPI */
+ OMAP_RO_REG(addr);
+ break;
+
+ case 0x10: /* IPGENERICOCPSPL_SYSCONFIG */
+ if (value & (1 << 1)) /* SOFTRESET */
+ omap2_gpif_reset(DEVICE(s));
+ s->autoidle = value & 1;
+ break;
+
+ case 0x40: /* IPGENERICOCPSPL_GPO */
+ s->gpo = value & 1;
+ break;
+
+ default:
+ OMAP_BAD_REG(addr);
+ return;
+ }
+}
+
+static const MemoryRegionOps omap2_gpif_top_ops = {
+ .read = omap2_gpif_top_read,
+ .write = omap2_gpif_top_write,
+ .endianness = DEVICE_NATIVE_ENDIAN,
+};
+
+static int omap_gpio_init(SysBusDevice *sbd)
+{
+ DeviceState *dev = DEVICE(sbd);
+ struct omap_gpif_s *s = OMAP1_GPIO(dev);
+
+ if (!s->clk) {
+ hw_error("omap-gpio: clk not connected\n");
+ }
+ qdev_init_gpio_in(dev, omap_gpio_set, 16);
+ qdev_init_gpio_out(dev, s->omap1.handler, 16);
+ sysbus_init_irq(sbd, &s->omap1.irq);
+ memory_region_init_io(&s->iomem, OBJECT(s), &omap_gpio_ops, &s->omap1,
+ "omap.gpio", 0x1000);
+ sysbus_init_mmio(sbd, &s->iomem);
+ return 0;
+}
+
+static int omap2_gpio_init(SysBusDevice *sbd)
+{
+ DeviceState *dev = DEVICE(sbd);
+ struct omap2_gpif_s *s = OMAP2_GPIO(dev);
+ int i;
+
+ if (!s->iclk) {
+ hw_error("omap2-gpio: iclk not connected\n");
+ }
+ if (s->mpu_model < omap3430) {
+ s->modulecount = (s->mpu_model < omap2430) ? 4 : 5;
+ memory_region_init_io(&s->iomem, OBJECT(s), &omap2_gpif_top_ops, s,
+ "omap2.gpio", 0x1000);
+ sysbus_init_mmio(sbd, &s->iomem);
+ } else {
+ s->modulecount = 6;
+ }
+ s->modules = g_malloc0(s->modulecount * sizeof(struct omap2_gpio_s));
+ s->handler = g_malloc0(s->modulecount * 32 * sizeof(qemu_irq));
+ qdev_init_gpio_in(dev, omap2_gpio_set, s->modulecount * 32);
+ qdev_init_gpio_out(dev, s->handler, s->modulecount * 32);
+ for (i = 0; i < s->modulecount; i++) {
+ struct omap2_gpio_s *m = &s->modules[i];
+ if (!s->fclk[i]) {
+ hw_error("omap2-gpio: fclk%d not connected\n", i);
+ }
+ m->revision = (s->mpu_model < omap3430) ? 0x18 : 0x25;
+ m->handler = &s->handler[i * 32];
+ sysbus_init_irq(sbd, &m->irq[0]); /* mpu irq */
+ sysbus_init_irq(sbd, &m->irq[1]); /* dsp irq */
+ sysbus_init_irq(sbd, &m->wkup);
+ memory_region_init_io(&m->iomem, OBJECT(s), &omap2_gpio_module_ops, m,
+ "omap.gpio-module", 0x1000);
+ sysbus_init_mmio(sbd, &m->iomem);
+ }
+ return 0;
+}
+
+/* Using qdev pointer properties for the clocks is not ideal.
+ * qdev should support a generic means of defining a 'port' with
+ * an arbitrary interface for connecting two devices. Then we
+ * could reframe the omap clock API in terms of clock ports,
+ * and get some type safety. For now the best qdev provides is
+ * passing an arbitrary pointer.
+ * (It's not possible to pass in the string which is the clock
+ * name, because this device does not have the necessary information
+ * (ie the struct omap_mpu_state_s*) to do the clockname to pointer
+ * translation.)
+ */
+
+static Property omap_gpio_properties[] = {
+ DEFINE_PROP_INT32("mpu_model", struct omap_gpif_s, mpu_model, 0),
+ DEFINE_PROP_PTR("clk", struct omap_gpif_s, clk),
+ DEFINE_PROP_END_OF_LIST(),
+};
+
+static void omap_gpio_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
+
+ k->init = omap_gpio_init;
+ dc->reset = omap_gpif_reset;
+ dc->props = omap_gpio_properties;
+}
+
+static const TypeInfo omap_gpio_info = {
+ .name = TYPE_OMAP1_GPIO,
+ .parent = TYPE_SYS_BUS_DEVICE,
+ .instance_size = sizeof(struct omap_gpif_s),
+ .class_init = omap_gpio_class_init,
+};
+
+static Property omap2_gpio_properties[] = {
+ DEFINE_PROP_INT32("mpu_model", struct omap2_gpif_s, mpu_model, 0),
+ DEFINE_PROP_PTR("iclk", struct omap2_gpif_s, iclk),
+ DEFINE_PROP_PTR("fclk0", struct omap2_gpif_s, fclk[0]),
+ DEFINE_PROP_PTR("fclk1", struct omap2_gpif_s, fclk[1]),
+ DEFINE_PROP_PTR("fclk2", struct omap2_gpif_s, fclk[2]),
+ DEFINE_PROP_PTR("fclk3", struct omap2_gpif_s, fclk[3]),
+ DEFINE_PROP_PTR("fclk4", struct omap2_gpif_s, fclk[4]),
+ DEFINE_PROP_PTR("fclk5", struct omap2_gpif_s, fclk[5]),
+ DEFINE_PROP_END_OF_LIST(),
+};
+
+static void omap2_gpio_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
+
+ k->init = omap2_gpio_init;
+ dc->reset = omap2_gpif_reset;
+ dc->props = omap2_gpio_properties;
+}
+
+static const TypeInfo omap2_gpio_info = {
+ .name = TYPE_OMAP2_GPIO,
+ .parent = TYPE_SYS_BUS_DEVICE,
+ .instance_size = sizeof(struct omap2_gpif_s),
+ .class_init = omap2_gpio_class_init,
+};
+
+static void omap_gpio_register_types(void)
+{
+ type_register_static(&omap_gpio_info);
+ type_register_static(&omap2_gpio_info);
+}
+
+type_init(omap_gpio_register_types)
diff --git a/hw/gpio/pl061.c b/hw/gpio/pl061.c
new file mode 100644
index 000000000..dd4ea293e
--- /dev/null
+++ b/hw/gpio/pl061.c
@@ -0,0 +1,336 @@
+/*
+ * Arm PrimeCell PL061 General Purpose IO with additional
+ * Luminary Micro Stellaris bits.
+ *
+ * Copyright (c) 2007 CodeSourcery.
+ * Written by Paul Brook
+ *
+ * This code is licensed under the GPL.
+ */
+
+#include "hw/sysbus.h"
+
+//#define DEBUG_PL061 1
+
+#ifdef DEBUG_PL061
+#define DPRINTF(fmt, ...) \
+do { printf("pl061: " fmt , ## __VA_ARGS__); } while (0)
+#define BADF(fmt, ...) \
+do { fprintf(stderr, "pl061: error: " fmt , ## __VA_ARGS__); exit(1);} while (0)
+#else
+#define DPRINTF(fmt, ...) do {} while(0)
+#define BADF(fmt, ...) \
+do { fprintf(stderr, "pl061: error: " fmt , ## __VA_ARGS__);} while (0)
+#endif
+
+static const uint8_t pl061_id[12] =
+ { 0x00, 0x00, 0x00, 0x00, 0x61, 0x10, 0x04, 0x00, 0x0d, 0xf0, 0x05, 0xb1 };
+static const uint8_t pl061_id_luminary[12] =
+ { 0x00, 0x00, 0x00, 0x00, 0x61, 0x00, 0x18, 0x01, 0x0d, 0xf0, 0x05, 0xb1 };
+
+#define TYPE_PL061 "pl061"
+#define PL061(obj) OBJECT_CHECK(PL061State, (obj), TYPE_PL061)
+
+typedef struct PL061State {
+ SysBusDevice parent_obj;
+
+ MemoryRegion iomem;
+ uint32_t locked;
+ uint32_t data;
+ uint32_t old_data;
+ uint32_t dir;
+ uint32_t isense;
+ uint32_t ibe;
+ uint32_t iev;
+ uint32_t im;
+ uint32_t istate;
+ uint32_t afsel;
+ uint32_t dr2r;
+ uint32_t dr4r;
+ uint32_t dr8r;
+ uint32_t odr;
+ uint32_t pur;
+ uint32_t pdr;
+ uint32_t slr;
+ uint32_t den;
+ uint32_t cr;
+ uint32_t float_high;
+ uint32_t amsel;
+ qemu_irq irq;
+ qemu_irq out[8];
+ const unsigned char *id;
+} PL061State;
+
+static const VMStateDescription vmstate_pl061 = {
+ .name = "pl061",
+ .version_id = 2,
+ .minimum_version_id = 1,
+ .fields = (VMStateField[]) {
+ VMSTATE_UINT32(locked, PL061State),
+ VMSTATE_UINT32(data, PL061State),
+ VMSTATE_UINT32(old_data, PL061State),
+ VMSTATE_UINT32(dir, PL061State),
+ VMSTATE_UINT32(isense, PL061State),
+ VMSTATE_UINT32(ibe, PL061State),
+ VMSTATE_UINT32(iev, PL061State),
+ VMSTATE_UINT32(im, PL061State),
+ VMSTATE_UINT32(istate, PL061State),
+ VMSTATE_UINT32(afsel, PL061State),
+ VMSTATE_UINT32(dr2r, PL061State),
+ VMSTATE_UINT32(dr4r, PL061State),
+ VMSTATE_UINT32(dr8r, PL061State),
+ VMSTATE_UINT32(odr, PL061State),
+ VMSTATE_UINT32(pur, PL061State),
+ VMSTATE_UINT32(pdr, PL061State),
+ VMSTATE_UINT32(slr, PL061State),
+ VMSTATE_UINT32(den, PL061State),
+ VMSTATE_UINT32(cr, PL061State),
+ VMSTATE_UINT32(float_high, PL061State),
+ VMSTATE_UINT32_V(amsel, PL061State, 2),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+static void pl061_update(PL061State *s)
+{
+ uint8_t changed;
+ uint8_t mask;
+ uint8_t out;
+ int i;
+
+ /* Outputs float high. */
+ /* FIXME: This is board dependent. */
+ out = (s->data & s->dir) | ~s->dir;
+ changed = s->old_data ^ out;
+ if (!changed)
+ return;
+
+ s->old_data = out;
+ for (i = 0; i < 8; i++) {
+ mask = 1 << i;
+ if (changed & mask) {
+ DPRINTF("Set output %d = %d\n", i, (out & mask) != 0);
+ qemu_set_irq(s->out[i], (out & mask) != 0);
+ }
+ }
+
+ /* FIXME: Implement input interrupts. */
+}
+
+static uint64_t pl061_read(void *opaque, hwaddr offset,
+ unsigned size)
+{
+ PL061State *s = (PL061State *)opaque;
+
+ if (offset >= 0xfd0 && offset < 0x1000) {
+ return s->id[(offset - 0xfd0) >> 2];
+ }
+ if (offset < 0x400) {
+ return s->data & (offset >> 2);
+ }
+ switch (offset) {
+ case 0x400: /* Direction */
+ return s->dir;
+ case 0x404: /* Interrupt sense */
+ return s->isense;
+ case 0x408: /* Interrupt both edges */
+ return s->ibe;
+ case 0x40c: /* Interrupt event */
+ return s->iev;
+ case 0x410: /* Interrupt mask */
+ return s->im;
+ case 0x414: /* Raw interrupt status */
+ return s->istate;
+ case 0x418: /* Masked interrupt status */
+ return s->istate | s->im;
+ case 0x420: /* Alternate function select */
+ return s->afsel;
+ case 0x500: /* 2mA drive */
+ return s->dr2r;
+ case 0x504: /* 4mA drive */
+ return s->dr4r;
+ case 0x508: /* 8mA drive */
+ return s->dr8r;
+ case 0x50c: /* Open drain */
+ return s->odr;
+ case 0x510: /* Pull-up */
+ return s->pur;
+ case 0x514: /* Pull-down */
+ return s->pdr;
+ case 0x518: /* Slew rate control */
+ return s->slr;
+ case 0x51c: /* Digital enable */
+ return s->den;
+ case 0x520: /* Lock */
+ return s->locked;
+ case 0x524: /* Commit */
+ return s->cr;
+ case 0x528: /* Analog mode select */
+ return s->amsel;
+ default:
+ qemu_log_mask(LOG_GUEST_ERROR,
+ "pl061_read: Bad offset %x\n", (int)offset);
+ return 0;
+ }
+}
+
+static void pl061_write(void *opaque, hwaddr offset,
+ uint64_t value, unsigned size)
+{
+ PL061State *s = (PL061State *)opaque;
+ uint8_t mask;
+
+ if (offset < 0x400) {
+ mask = (offset >> 2) & s->dir;
+ s->data = (s->data & ~mask) | (value & mask);
+ pl061_update(s);
+ return;
+ }
+ switch (offset) {
+ case 0x400: /* Direction */
+ s->dir = value & 0xff;
+ break;
+ case 0x404: /* Interrupt sense */
+ s->isense = value & 0xff;
+ break;
+ case 0x408: /* Interrupt both edges */
+ s->ibe = value & 0xff;
+ break;
+ case 0x40c: /* Interrupt event */
+ s->iev = value & 0xff;
+ break;
+ case 0x410: /* Interrupt mask */
+ s->im = value & 0xff;
+ break;
+ case 0x41c: /* Interrupt clear */
+ s->istate &= ~value;
+ break;
+ case 0x420: /* Alternate function select */
+ mask = s->cr;
+ s->afsel = (s->afsel & ~mask) | (value & mask);
+ break;
+ case 0x500: /* 2mA drive */
+ s->dr2r = value & 0xff;
+ break;
+ case 0x504: /* 4mA drive */
+ s->dr4r = value & 0xff;
+ break;
+ case 0x508: /* 8mA drive */
+ s->dr8r = value & 0xff;
+ break;
+ case 0x50c: /* Open drain */
+ s->odr = value & 0xff;
+ break;
+ case 0x510: /* Pull-up */
+ s->pur = value & 0xff;
+ break;
+ case 0x514: /* Pull-down */
+ s->pdr = value & 0xff;
+ break;
+ case 0x518: /* Slew rate control */
+ s->slr = value & 0xff;
+ break;
+ case 0x51c: /* Digital enable */
+ s->den = value & 0xff;
+ break;
+ case 0x520: /* Lock */
+ s->locked = (value != 0xacce551);
+ break;
+ case 0x524: /* Commit */
+ if (!s->locked)
+ s->cr = value & 0xff;
+ break;
+ case 0x528:
+ s->amsel = value & 0xff;
+ break;
+ default:
+ qemu_log_mask(LOG_GUEST_ERROR,
+ "pl061_write: Bad offset %x\n", (int)offset);
+ }
+ pl061_update(s);
+}
+
+static void pl061_reset(PL061State *s)
+{
+ s->locked = 1;
+ s->cr = 0xff;
+}
+
+static void pl061_set_irq(void * opaque, int irq, int level)
+{
+ PL061State *s = (PL061State *)opaque;
+ uint8_t mask;
+
+ mask = 1 << irq;
+ if ((s->dir & mask) == 0) {
+ s->data &= ~mask;
+ if (level)
+ s->data |= mask;
+ pl061_update(s);
+ }
+}
+
+static const MemoryRegionOps pl061_ops = {
+ .read = pl061_read,
+ .write = pl061_write,
+ .endianness = DEVICE_NATIVE_ENDIAN,
+};
+
+static int pl061_initfn(SysBusDevice *sbd)
+{
+ DeviceState *dev = DEVICE(sbd);
+ PL061State *s = PL061(dev);
+
+ memory_region_init_io(&s->iomem, OBJECT(s), &pl061_ops, s, "pl061", 0x1000);
+ sysbus_init_mmio(sbd, &s->iomem);
+ sysbus_init_irq(sbd, &s->irq);
+ qdev_init_gpio_in(dev, pl061_set_irq, 8);
+ qdev_init_gpio_out(dev, s->out, 8);
+ pl061_reset(s);
+ return 0;
+}
+
+static void pl061_luminary_init(Object *obj)
+{
+ PL061State *s = PL061(obj);
+
+ s->id = pl061_id_luminary;
+}
+
+static void pl061_init(Object *obj)
+{
+ PL061State *s = PL061(obj);
+
+ s->id = pl061_id;
+}
+
+static void pl061_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
+
+ k->init = pl061_initfn;
+ dc->vmsd = &vmstate_pl061;
+}
+
+static const TypeInfo pl061_info = {
+ .name = TYPE_PL061,
+ .parent = TYPE_SYS_BUS_DEVICE,
+ .instance_size = sizeof(PL061State),
+ .instance_init = pl061_init,
+ .class_init = pl061_class_init,
+};
+
+static const TypeInfo pl061_luminary_info = {
+ .name = "pl061_luminary",
+ .parent = TYPE_PL061,
+ .instance_init = pl061_luminary_init,
+};
+
+static void pl061_register_types(void)
+{
+ type_register_static(&pl061_info);
+ type_register_static(&pl061_luminary_info);
+}
+
+type_init(pl061_register_types)
diff --git a/hw/gpio/puv3_gpio.c b/hw/gpio/puv3_gpio.c
new file mode 100644
index 000000000..39840aa73
--- /dev/null
+++ b/hw/gpio/puv3_gpio.c
@@ -0,0 +1,145 @@
+/*
+ * GPIO device simulation in PKUnity SoC
+ *
+ * Copyright (C) 2010-2012 Guan Xuetao
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation, or any later version.
+ * See the COPYING file in the top-level directory.
+ */
+#include "hw/hw.h"
+#include "hw/sysbus.h"
+
+#undef DEBUG_PUV3
+#include "hw/unicore32/puv3.h"
+
+#define TYPE_PUV3_GPIO "puv3_gpio"
+#define PUV3_GPIO(obj) OBJECT_CHECK(PUV3GPIOState, (obj), TYPE_PUV3_GPIO)
+
+typedef struct PUV3GPIOState {
+ SysBusDevice parent_obj;
+
+ MemoryRegion iomem;
+ qemu_irq irq[9];
+
+ uint32_t reg_GPLR;
+ uint32_t reg_GPDR;
+ uint32_t reg_GPIR;
+} PUV3GPIOState;
+
+static uint64_t puv3_gpio_read(void *opaque, hwaddr offset,
+ unsigned size)
+{
+ PUV3GPIOState *s = opaque;
+ uint32_t ret = 0;
+
+ switch (offset) {
+ case 0x00:
+ ret = s->reg_GPLR;
+ break;
+ case 0x04:
+ ret = s->reg_GPDR;
+ break;
+ case 0x20:
+ ret = s->reg_GPIR;
+ break;
+ default:
+ DPRINTF("Bad offset 0x%x\n", offset);
+ }
+ DPRINTF("offset 0x%x, value 0x%x\n", offset, ret);
+
+ return ret;
+}
+
+static void puv3_gpio_write(void *opaque, hwaddr offset,
+ uint64_t value, unsigned size)
+{
+ PUV3GPIOState *s = opaque;
+
+ DPRINTF("offset 0x%x, value 0x%x\n", offset, value);
+ switch (offset) {
+ case 0x04:
+ s->reg_GPDR = value;
+ break;
+ case 0x08:
+ if (s->reg_GPDR & value) {
+ s->reg_GPLR |= value;
+ } else {
+ DPRINTF("Write gpio input port error!");
+ }
+ break;
+ case 0x0c:
+ if (s->reg_GPDR & value) {
+ s->reg_GPLR &= ~value;
+ } else {
+ DPRINTF("Write gpio input port error!");
+ }
+ break;
+ case 0x10: /* GRER */
+ case 0x14: /* GFER */
+ case 0x18: /* GEDR */
+ break;
+ case 0x20: /* GPIR */
+ s->reg_GPIR = value;
+ break;
+ default:
+ DPRINTF("Bad offset 0x%x\n", offset);
+ }
+}
+
+static const MemoryRegionOps puv3_gpio_ops = {
+ .read = puv3_gpio_read,
+ .write = puv3_gpio_write,
+ .impl = {
+ .min_access_size = 4,
+ .max_access_size = 4,
+ },
+ .endianness = DEVICE_NATIVE_ENDIAN,
+};
+
+static int puv3_gpio_init(SysBusDevice *dev)
+{
+ PUV3GPIOState *s = PUV3_GPIO(dev);
+
+ s->reg_GPLR = 0;
+ s->reg_GPDR = 0;
+
+ /* FIXME: these irqs not handled yet */
+ sysbus_init_irq(dev, &s->irq[PUV3_IRQS_GPIOLOW0]);
+ sysbus_init_irq(dev, &s->irq[PUV3_IRQS_GPIOLOW1]);
+ sysbus_init_irq(dev, &s->irq[PUV3_IRQS_GPIOLOW2]);
+ sysbus_init_irq(dev, &s->irq[PUV3_IRQS_GPIOLOW3]);
+ sysbus_init_irq(dev, &s->irq[PUV3_IRQS_GPIOLOW4]);
+ sysbus_init_irq(dev, &s->irq[PUV3_IRQS_GPIOLOW5]);
+ sysbus_init_irq(dev, &s->irq[PUV3_IRQS_GPIOLOW6]);
+ sysbus_init_irq(dev, &s->irq[PUV3_IRQS_GPIOLOW7]);
+ sysbus_init_irq(dev, &s->irq[PUV3_IRQS_GPIOHIGH]);
+
+ memory_region_init_io(&s->iomem, OBJECT(s), &puv3_gpio_ops, s, "puv3_gpio",
+ PUV3_REGS_OFFSET);
+ sysbus_init_mmio(dev, &s->iomem);
+
+ return 0;
+}
+
+static void puv3_gpio_class_init(ObjectClass *klass, void *data)
+{
+ SysBusDeviceClass *sdc = SYS_BUS_DEVICE_CLASS(klass);
+
+ sdc->init = puv3_gpio_init;
+}
+
+static const TypeInfo puv3_gpio_info = {
+ .name = TYPE_PUV3_GPIO,
+ .parent = TYPE_SYS_BUS_DEVICE,
+ .instance_size = sizeof(PUV3GPIOState),
+ .class_init = puv3_gpio_class_init,
+};
+
+static void puv3_gpio_register_type(void)
+{
+ type_register_static(&puv3_gpio_info);
+}
+
+type_init(puv3_gpio_register_type)
diff --git a/hw/gpio/zaurus.c b/hw/gpio/zaurus.c
new file mode 100644
index 000000000..dc79a8baa
--- /dev/null
+++ b/hw/gpio/zaurus.c
@@ -0,0 +1,297 @@
+/*
+ * Copyright (c) 2006-2008 Openedhand Ltd.
+ * Written by Andrzej Zaborowski <balrog@zabor.org>
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License as
+ * published by the Free Software Foundation; either version 2 or
+ * (at your option) version 3 of the License.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+#include "hw/hw.h"
+#include "hw/arm/sharpsl.h"
+#include "hw/sysbus.h"
+
+#undef REG_FMT
+#define REG_FMT "0x%02lx"
+
+/* SCOOP devices */
+
+#define TYPE_SCOOP "scoop"
+#define SCOOP(obj) OBJECT_CHECK(ScoopInfo, (obj), TYPE_SCOOP)
+
+typedef struct ScoopInfo ScoopInfo;
+struct ScoopInfo {
+ SysBusDevice parent_obj;
+
+ qemu_irq handler[16];
+ MemoryRegion iomem;
+ uint16_t status;
+ uint16_t power;
+ uint32_t gpio_level;
+ uint32_t gpio_dir;
+ uint32_t prev_level;
+
+ uint16_t mcr;
+ uint16_t cdr;
+ uint16_t ccr;
+ uint16_t irr;
+ uint16_t imr;
+ uint16_t isr;
+};
+
+#define SCOOP_MCR 0x00
+#define SCOOP_CDR 0x04
+#define SCOOP_CSR 0x08
+#define SCOOP_CPR 0x0c
+#define SCOOP_CCR 0x10
+#define SCOOP_IRR_IRM 0x14
+#define SCOOP_IMR 0x18
+#define SCOOP_ISR 0x1c
+#define SCOOP_GPCR 0x20
+#define SCOOP_GPWR 0x24
+#define SCOOP_GPRR 0x28
+
+static inline void scoop_gpio_handler_update(ScoopInfo *s) {
+ uint32_t level, diff;
+ int bit;
+ level = s->gpio_level & s->gpio_dir;
+
+ for (diff = s->prev_level ^ level; diff; diff ^= 1 << bit) {
+ bit = ffs(diff) - 1;
+ qemu_set_irq(s->handler[bit], (level >> bit) & 1);
+ }
+
+ s->prev_level = level;
+}
+
+static uint64_t scoop_read(void *opaque, hwaddr addr,
+ unsigned size)
+{
+ ScoopInfo *s = (ScoopInfo *) opaque;
+
+ switch (addr & 0x3f) {
+ case SCOOP_MCR:
+ return s->mcr;
+ case SCOOP_CDR:
+ return s->cdr;
+ case SCOOP_CSR:
+ return s->status;
+ case SCOOP_CPR:
+ return s->power;
+ case SCOOP_CCR:
+ return s->ccr;
+ case SCOOP_IRR_IRM:
+ return s->irr;
+ case SCOOP_IMR:
+ return s->imr;
+ case SCOOP_ISR:
+ return s->isr;
+ case SCOOP_GPCR:
+ return s->gpio_dir;
+ case SCOOP_GPWR:
+ case SCOOP_GPRR:
+ return s->gpio_level;
+ default:
+ zaurus_printf("Bad register offset " REG_FMT "\n", (unsigned long)addr);
+ }
+
+ return 0;
+}
+
+static void scoop_write(void *opaque, hwaddr addr,
+ uint64_t value, unsigned size)
+{
+ ScoopInfo *s = (ScoopInfo *) opaque;
+ value &= 0xffff;
+
+ switch (addr & 0x3f) {
+ case SCOOP_MCR:
+ s->mcr = value;
+ break;
+ case SCOOP_CDR:
+ s->cdr = value;
+ break;
+ case SCOOP_CPR:
+ s->power = value;
+ if (value & 0x80)
+ s->power |= 0x8040;
+ break;
+ case SCOOP_CCR:
+ s->ccr = value;
+ break;
+ case SCOOP_IRR_IRM:
+ s->irr = value;
+ break;
+ case SCOOP_IMR:
+ s->imr = value;
+ break;
+ case SCOOP_ISR:
+ s->isr = value;
+ break;
+ case SCOOP_GPCR:
+ s->gpio_dir = value;
+ scoop_gpio_handler_update(s);
+ break;
+ case SCOOP_GPWR:
+ case SCOOP_GPRR: /* GPRR is probably R/O in real HW */
+ s->gpio_level = value & s->gpio_dir;
+ scoop_gpio_handler_update(s);
+ break;
+ default:
+ zaurus_printf("Bad register offset " REG_FMT "\n", (unsigned long)addr);
+ }
+}
+
+static const MemoryRegionOps scoop_ops = {
+ .read = scoop_read,
+ .write = scoop_write,
+ .endianness = DEVICE_NATIVE_ENDIAN,
+};
+
+static void scoop_gpio_set(void *opaque, int line, int level)
+{
+ ScoopInfo *s = (ScoopInfo *) opaque;
+
+ if (level)
+ s->gpio_level |= (1 << line);
+ else
+ s->gpio_level &= ~(1 << line);
+}
+
+static int scoop_init(SysBusDevice *sbd)
+{
+ DeviceState *dev = DEVICE(sbd);
+ ScoopInfo *s = SCOOP(dev);
+
+ s->status = 0x02;
+ qdev_init_gpio_out(dev, s->handler, 16);
+ qdev_init_gpio_in(dev, scoop_gpio_set, 16);
+ memory_region_init_io(&s->iomem, OBJECT(s), &scoop_ops, s, "scoop", 0x1000);
+
+ sysbus_init_mmio(sbd, &s->iomem);
+
+ return 0;
+}
+
+static int scoop_post_load(void *opaque, int version_id)
+{
+ ScoopInfo *s = (ScoopInfo *) opaque;
+ int i;
+ uint32_t level;
+
+ level = s->gpio_level & s->gpio_dir;
+
+ for (i = 0; i < 16; i++) {
+ qemu_set_irq(s->handler[i], (level >> i) & 1);
+ }
+
+ s->prev_level = level;
+
+ return 0;
+}
+
+static bool is_version_0 (void *opaque, int version_id)
+{
+ return version_id == 0;
+}
+
+static const VMStateDescription vmstate_scoop_regs = {
+ .name = "scoop",
+ .version_id = 1,
+ .minimum_version_id = 0,
+ .minimum_version_id_old = 0,
+ .post_load = scoop_post_load,
+ .fields = (VMStateField []) {
+ VMSTATE_UINT16(status, ScoopInfo),
+ VMSTATE_UINT16(power, ScoopInfo),
+ VMSTATE_UINT32(gpio_level, ScoopInfo),
+ VMSTATE_UINT32(gpio_dir, ScoopInfo),
+ VMSTATE_UINT32(prev_level, ScoopInfo),
+ VMSTATE_UINT16(mcr, ScoopInfo),
+ VMSTATE_UINT16(cdr, ScoopInfo),
+ VMSTATE_UINT16(ccr, ScoopInfo),
+ VMSTATE_UINT16(irr, ScoopInfo),
+ VMSTATE_UINT16(imr, ScoopInfo),
+ VMSTATE_UINT16(isr, ScoopInfo),
+ VMSTATE_UNUSED_TEST(is_version_0, 2),
+ VMSTATE_END_OF_LIST(),
+ },
+};
+
+static Property scoop_sysbus_properties[] = {
+ DEFINE_PROP_END_OF_LIST(),
+};
+
+static void scoop_sysbus_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
+
+ k->init = scoop_init;
+ dc->desc = "Scoop2 Sharp custom ASIC";
+ dc->vmsd = &vmstate_scoop_regs;
+ dc->props = scoop_sysbus_properties;
+}
+
+static const TypeInfo scoop_sysbus_info = {
+ .name = TYPE_SCOOP,
+ .parent = TYPE_SYS_BUS_DEVICE,
+ .instance_size = sizeof(ScoopInfo),
+ .class_init = scoop_sysbus_class_init,
+};
+
+static void scoop_register_types(void)
+{
+ type_register_static(&scoop_sysbus_info);
+}
+
+type_init(scoop_register_types)
+
+/* Write the bootloader parameters memory area. */
+
+#define MAGIC_CHG(a, b, c, d) ((d << 24) | (c << 16) | (b << 8) | a)
+
+static struct QEMU_PACKED sl_param_info {
+ uint32_t comadj_keyword;
+ int32_t comadj;
+
+ uint32_t uuid_keyword;
+ char uuid[16];
+
+ uint32_t touch_keyword;
+ int32_t touch_xp;
+ int32_t touch_yp;
+ int32_t touch_xd;
+ int32_t touch_yd;
+
+ uint32_t adadj_keyword;
+ int32_t adadj;
+
+ uint32_t phad_keyword;
+ int32_t phadadj;
+} zaurus_bootparam = {
+ .comadj_keyword = MAGIC_CHG('C', 'M', 'A', 'D'),
+ .comadj = 125,
+ .uuid_keyword = MAGIC_CHG('U', 'U', 'I', 'D'),
+ .uuid = { -1 },
+ .touch_keyword = MAGIC_CHG('T', 'U', 'C', 'H'),
+ .touch_xp = -1,
+ .adadj_keyword = MAGIC_CHG('B', 'V', 'A', 'D'),
+ .adadj = -1,
+ .phad_keyword = MAGIC_CHG('P', 'H', 'A', 'D'),
+ .phadadj = 0x01,
+};
+
+void sl_bootparam_write(hwaddr ptr)
+{
+ cpu_physical_memory_write(ptr, &zaurus_bootparam,
+ sizeof(struct sl_param_info));
+}
diff --git a/hw/grackle_pci.c b/hw/grackle_pci.c
deleted file mode 100644
index 67da30728..000000000
--- a/hw/grackle_pci.c
+++ /dev/null
@@ -1,165 +0,0 @@
-/*
- * QEMU Grackle PCI host (heathrow OldWorld PowerMac)
- *
- * Copyright (c) 2006-2007 Fabrice Bellard
- * Copyright (c) 2007 Jocelyn Mayer
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
- * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
- * THE SOFTWARE.
- */
-
-#include "pci_host.h"
-#include "ppc_mac.h"
-#include "pci.h"
-
-/* debug Grackle */
-//#define DEBUG_GRACKLE
-
-#ifdef DEBUG_GRACKLE
-#define GRACKLE_DPRINTF(fmt, ...) \
- do { printf("GRACKLE: " fmt , ## __VA_ARGS__); } while (0)
-#else
-#define GRACKLE_DPRINTF(fmt, ...)
-#endif
-
-#define GRACKLE_PCI_HOST_BRIDGE(obj) \
- OBJECT_CHECK(GrackleState, (obj), TYPE_GRACKLE_PCI_HOST_BRIDGE)
-
-typedef struct GrackleState {
- PCIHostState parent_obj;
-
- MemoryRegion pci_mmio;
- MemoryRegion pci_hole;
-} GrackleState;
-
-/* Don't know if this matches real hardware, but it agrees with OHW. */
-static int pci_grackle_map_irq(PCIDevice *pci_dev, int irq_num)
-{
- return (irq_num + (pci_dev->devfn >> 3)) & 3;
-}
-
-static void pci_grackle_set_irq(void *opaque, int irq_num, int level)
-{
- qemu_irq *pic = opaque;
-
- GRACKLE_DPRINTF("set_irq num %d level %d\n", irq_num, level);
- qemu_set_irq(pic[irq_num + 0x15], level);
-}
-
-PCIBus *pci_grackle_init(uint32_t base, qemu_irq *pic,
- MemoryRegion *address_space_mem,
- MemoryRegion *address_space_io)
-{
- DeviceState *dev;
- SysBusDevice *s;
- PCIHostState *phb;
- GrackleState *d;
-
- dev = qdev_create(NULL, TYPE_GRACKLE_PCI_HOST_BRIDGE);
- qdev_init_nofail(dev);
- s = SYS_BUS_DEVICE(dev);
- phb = PCI_HOST_BRIDGE(dev);
- d = GRACKLE_PCI_HOST_BRIDGE(dev);
-
- memory_region_init(&d->pci_mmio, "pci-mmio", 0x100000000ULL);
- memory_region_init_alias(&d->pci_hole, "pci-hole", &d->pci_mmio,
- 0x80000000ULL, 0x7e000000ULL);
- memory_region_add_subregion(address_space_mem, 0x80000000ULL,
- &d->pci_hole);
-
- phb->bus = pci_register_bus(dev, "pci",
- pci_grackle_set_irq,
- pci_grackle_map_irq,
- pic,
- &d->pci_mmio,
- address_space_io,
- 0, 4);
-
- pci_create_simple(phb->bus, 0, "grackle");
-
- sysbus_mmio_map(s, 0, base);
- sysbus_mmio_map(s, 1, base + 0x00200000);
-
- return phb->bus;
-}
-
-static int pci_grackle_init_device(SysBusDevice *dev)
-{
- PCIHostState *phb;
-
- phb = PCI_HOST_BRIDGE(dev);
-
- memory_region_init_io(&phb->conf_mem, &pci_host_conf_le_ops,
- dev, "pci-conf-idx", 0x1000);
- memory_region_init_io(&phb->data_mem, &pci_host_data_le_ops,
- dev, "pci-data-idx", 0x1000);
- sysbus_init_mmio(dev, &phb->conf_mem);
- sysbus_init_mmio(dev, &phb->data_mem);
-
- return 0;
-}
-
-static int grackle_pci_host_init(PCIDevice *d)
-{
- d->config[0x09] = 0x01;
- return 0;
-}
-
-static void grackle_pci_class_init(ObjectClass *klass, void *data)
-{
- PCIDeviceClass *k = PCI_DEVICE_CLASS(klass);
- DeviceClass *dc = DEVICE_CLASS(klass);
-
- k->init = grackle_pci_host_init;
- k->vendor_id = PCI_VENDOR_ID_MOTOROLA;
- k->device_id = PCI_DEVICE_ID_MOTOROLA_MPC106;
- k->revision = 0x00;
- k->class_id = PCI_CLASS_BRIDGE_HOST;
- dc->no_user = 1;
-}
-
-static const TypeInfo grackle_pci_info = {
- .name = "grackle",
- .parent = TYPE_PCI_DEVICE,
- .instance_size = sizeof(PCIDevice),
- .class_init = grackle_pci_class_init,
-};
-
-static void pci_grackle_class_init(ObjectClass *klass, void *data)
-{
- SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
- DeviceClass *dc = DEVICE_CLASS(klass);
-
- k->init = pci_grackle_init_device;
- dc->no_user = 1;
-}
-
-static const TypeInfo grackle_pci_host_info = {
- .name = TYPE_GRACKLE_PCI_HOST_BRIDGE,
- .parent = TYPE_PCI_HOST_BRIDGE,
- .instance_size = sizeof(GrackleState),
- .class_init = pci_grackle_class_init,
-};
-
-static void grackle_register_types(void)
-{
- type_register_static(&grackle_pci_info);
- type_register_static(&grackle_pci_host_info);
-}
-
-type_init(grackle_register_types)
diff --git a/hw/grlib.h b/hw/grlib.h
deleted file mode 100644
index 35c22f599..000000000
--- a/hw/grlib.h
+++ /dev/null
@@ -1,126 +0,0 @@
-/*
- * QEMU GRLIB Components
- *
- * Copyright (c) 2010-2011 AdaCore
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
- * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
- * THE SOFTWARE.
- */
-
-#ifndef _GRLIB_H_
-#define _GRLIB_H_
-
-#include "qdev.h"
-#include "sysbus.h"
-
-/* Emulation of GrLib device is base on the GRLIB IP Core User's Manual:
- * http://www.gaisler.com/products/grlib/grip.pdf
- */
-
-/* IRQMP */
-
-typedef void (*set_pil_in_fn) (void *opaque, uint32_t pil_in);
-
-void grlib_irqmp_set_irq(void *opaque, int irq, int level);
-
-void grlib_irqmp_ack(DeviceState *dev, int intno);
-
-static inline
-DeviceState *grlib_irqmp_create(hwaddr base,
- CPUSPARCState *env,
- qemu_irq **cpu_irqs,
- uint32_t nr_irqs,
- set_pil_in_fn set_pil_in)
-{
- DeviceState *dev;
-
- assert(cpu_irqs != NULL);
-
- dev = qdev_create(NULL, "grlib,irqmp");
- qdev_prop_set_ptr(dev, "set_pil_in", set_pil_in);
- qdev_prop_set_ptr(dev, "set_pil_in_opaque", env);
-
- if (qdev_init(dev)) {
- return NULL;
- }
-
- env->irq_manager = dev;
-
- sysbus_mmio_map(sysbus_from_qdev(dev), 0, base);
-
- *cpu_irqs = qemu_allocate_irqs(grlib_irqmp_set_irq,
- dev,
- nr_irqs);
-
- return dev;
-}
-
-/* GPTimer */
-
-static inline
-DeviceState *grlib_gptimer_create(hwaddr base,
- uint32_t nr_timers,
- uint32_t freq,
- qemu_irq *cpu_irqs,
- int base_irq)
-{
- DeviceState *dev;
- int i;
-
- dev = qdev_create(NULL, "grlib,gptimer");
- qdev_prop_set_uint32(dev, "nr-timers", nr_timers);
- qdev_prop_set_uint32(dev, "frequency", freq);
- qdev_prop_set_uint32(dev, "irq-line", base_irq);
-
- if (qdev_init(dev)) {
- return NULL;
- }
-
- sysbus_mmio_map(sysbus_from_qdev(dev), 0, base);
-
- for (i = 0; i < nr_timers; i++) {
- sysbus_connect_irq(sysbus_from_qdev(dev), i, cpu_irqs[base_irq + i]);
- }
-
- return dev;
-}
-
-/* APB UART */
-
-static inline
-DeviceState *grlib_apbuart_create(hwaddr base,
- CharDriverState *serial,
- qemu_irq irq)
-{
- DeviceState *dev;
-
- dev = qdev_create(NULL, "grlib,apbuart");
- qdev_prop_set_chr(dev, "chrdev", serial);
-
- if (qdev_init(dev)) {
- return NULL;
- }
-
- sysbus_mmio_map(sysbus_from_qdev(dev), 0, base);
-
- sysbus_connect_irq(sysbus_from_qdev(dev), 0, irq);
-
- return dev;
-}
-
-#endif /* ! _GRLIB_H_ */
diff --git a/hw/grlib_apbuart.c b/hw/grlib_apbuart.c
deleted file mode 100644
index 0865764de..000000000
--- a/hw/grlib_apbuart.c
+++ /dev/null
@@ -1,271 +0,0 @@
-/*
- * QEMU GRLIB APB UART Emulator
- *
- * Copyright (c) 2010-2011 AdaCore
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
- * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
- * THE SOFTWARE.
- */
-
-#include "sysbus.h"
-#include "qemu-char.h"
-
-#include "trace.h"
-
-#define UART_REG_SIZE 20 /* Size of memory mapped registers */
-
-/* UART status register fields */
-#define UART_DATA_READY (1 << 0)
-#define UART_TRANSMIT_SHIFT_EMPTY (1 << 1)
-#define UART_TRANSMIT_FIFO_EMPTY (1 << 2)
-#define UART_BREAK_RECEIVED (1 << 3)
-#define UART_OVERRUN (1 << 4)
-#define UART_PARITY_ERROR (1 << 5)
-#define UART_FRAMING_ERROR (1 << 6)
-#define UART_TRANSMIT_FIFO_HALF (1 << 7)
-#define UART_RECEIVE_FIFO_HALF (1 << 8)
-#define UART_TRANSMIT_FIFO_FULL (1 << 9)
-#define UART_RECEIVE_FIFO_FULL (1 << 10)
-
-/* UART control register fields */
-#define UART_RECEIVE_ENABLE (1 << 0)
-#define UART_TRANSMIT_ENABLE (1 << 1)
-#define UART_RECEIVE_INTERRUPT (1 << 2)
-#define UART_TRANSMIT_INTERRUPT (1 << 3)
-#define UART_PARITY_SELECT (1 << 4)
-#define UART_PARITY_ENABLE (1 << 5)
-#define UART_FLOW_CONTROL (1 << 6)
-#define UART_LOOPBACK (1 << 7)
-#define UART_EXTERNAL_CLOCK (1 << 8)
-#define UART_RECEIVE_FIFO_INTERRUPT (1 << 9)
-#define UART_TRANSMIT_FIFO_INTERRUPT (1 << 10)
-#define UART_FIFO_DEBUG_MODE (1 << 11)
-#define UART_OUTPUT_ENABLE (1 << 12)
-#define UART_FIFO_AVAILABLE (1 << 31)
-
-/* Memory mapped register offsets */
-#define DATA_OFFSET 0x00
-#define STATUS_OFFSET 0x04
-#define CONTROL_OFFSET 0x08
-#define SCALER_OFFSET 0x0C /* not supported */
-#define FIFO_DEBUG_OFFSET 0x10 /* not supported */
-
-#define FIFO_LENGTH 1024
-
-typedef struct UART {
- SysBusDevice busdev;
- MemoryRegion iomem;
- qemu_irq irq;
-
- CharDriverState *chr;
-
- /* registers */
- uint32_t receive;
- uint32_t status;
- uint32_t control;
-
- /* FIFO */
- char buffer[FIFO_LENGTH];
- int len;
- int current;
-} UART;
-
-static int uart_data_to_read(UART *uart)
-{
- return uart->current < uart->len;
-}
-
-static char uart_pop(UART *uart)
-{
- char ret;
-
- if (uart->len == 0) {
- uart->status &= ~UART_DATA_READY;
- return 0;
- }
-
- ret = uart->buffer[uart->current++];
-
- if (uart->current >= uart->len) {
- /* Flush */
- uart->len = 0;
- uart->current = 0;
- }
-
- if (!uart_data_to_read(uart)) {
- uart->status &= ~UART_DATA_READY;
- }
-
- return ret;
-}
-
-static void uart_add_to_fifo(UART *uart,
- const uint8_t *buffer,
- int length)
-{
- if (uart->len + length > FIFO_LENGTH) {
- abort();
- }
- memcpy(uart->buffer + uart->len, buffer, length);
- uart->len += length;
-}
-
-static int grlib_apbuart_can_receive(void *opaque)
-{
- UART *uart = opaque;
-
- return FIFO_LENGTH - uart->len;
-}
-
-static void grlib_apbuart_receive(void *opaque, const uint8_t *buf, int size)
-{
- UART *uart = opaque;
-
- uart_add_to_fifo(uart, buf, size);
-
- uart->status |= UART_DATA_READY;
-
- if (uart->control & UART_RECEIVE_INTERRUPT) {
- qemu_irq_pulse(uart->irq);
- }
-}
-
-static void grlib_apbuart_event(void *opaque, int event)
-{
- trace_grlib_apbuart_event(event);
-}
-
-
-static uint64_t grlib_apbuart_read(void *opaque, hwaddr addr,
- unsigned size)
-{
- UART *uart = opaque;
-
- addr &= 0xff;
-
- /* Unit registers */
- switch (addr) {
- case DATA_OFFSET:
- case DATA_OFFSET + 3: /* when only one byte read */
- return uart_pop(uart);
-
- case STATUS_OFFSET:
- /* Read Only */
- return uart->status;
-
- case CONTROL_OFFSET:
- return uart->control;
-
- case SCALER_OFFSET:
- /* Not supported */
- return 0;
-
- default:
- trace_grlib_apbuart_readl_unknown(addr);
- return 0;
- }
-}
-
-static void grlib_apbuart_write(void *opaque, hwaddr addr,
- uint64_t value, unsigned size)
-{
- UART *uart = opaque;
- unsigned char c = 0;
-
- addr &= 0xff;
-
- /* Unit registers */
- switch (addr) {
- case DATA_OFFSET:
- case DATA_OFFSET + 3: /* When only one byte write */
- c = value & 0xFF;
- qemu_chr_fe_write(uart->chr, &c, 1);
- return;
-
- case STATUS_OFFSET:
- /* Read Only */
- return;
-
- case CONTROL_OFFSET:
- uart->control = value;
- return;
-
- case SCALER_OFFSET:
- /* Not supported */
- return;
-
- default:
- break;
- }
-
- trace_grlib_apbuart_writel_unknown(addr, value);
-}
-
-static const MemoryRegionOps grlib_apbuart_ops = {
- .write = grlib_apbuart_write,
- .read = grlib_apbuart_read,
- .endianness = DEVICE_NATIVE_ENDIAN,
-};
-
-static int grlib_apbuart_init(SysBusDevice *dev)
-{
- UART *uart = FROM_SYSBUS(typeof(*uart), dev);
-
- qemu_chr_add_handlers(uart->chr,
- grlib_apbuart_can_receive,
- grlib_apbuart_receive,
- grlib_apbuart_event,
- uart);
-
- sysbus_init_irq(dev, &uart->irq);
-
- memory_region_init_io(&uart->iomem, &grlib_apbuart_ops, uart,
- "uart", UART_REG_SIZE);
-
- sysbus_init_mmio(dev, &uart->iomem);
-
- return 0;
-}
-
-static Property grlib_gptimer_properties[] = {
- DEFINE_PROP_CHR("chrdev", UART, chr),
- DEFINE_PROP_END_OF_LIST(),
-};
-
-static void grlib_gptimer_class_init(ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS(klass);
- SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
-
- k->init = grlib_apbuart_init;
- dc->props = grlib_gptimer_properties;
-}
-
-static TypeInfo grlib_gptimer_info = {
- .name = "grlib,apbuart",
- .parent = TYPE_SYS_BUS_DEVICE,
- .instance_size = sizeof(UART),
- .class_init = grlib_gptimer_class_init,
-};
-
-static void grlib_gptimer_register_types(void)
-{
- type_register_static(&grlib_gptimer_info);
-}
-
-type_init(grlib_gptimer_register_types)
diff --git a/hw/grlib_gptimer.c b/hw/grlib_gptimer.c
deleted file mode 100644
index 2fdccfba0..000000000
--- a/hw/grlib_gptimer.c
+++ /dev/null
@@ -1,404 +0,0 @@
-/*
- * QEMU GRLIB GPTimer Emulator
- *
- * Copyright (c) 2010-2011 AdaCore
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
- * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
- * THE SOFTWARE.
- */
-
-#include "sysbus.h"
-#include "qemu-timer.h"
-#include "ptimer.h"
-
-#include "trace.h"
-
-#define UNIT_REG_SIZE 16 /* Size of memory mapped regs for the unit */
-#define GPTIMER_REG_SIZE 16 /* Size of memory mapped regs for a GPTimer */
-
-#define GPTIMER_MAX_TIMERS 8
-
-/* GPTimer Config register fields */
-#define GPTIMER_ENABLE (1 << 0)
-#define GPTIMER_RESTART (1 << 1)
-#define GPTIMER_LOAD (1 << 2)
-#define GPTIMER_INT_ENABLE (1 << 3)
-#define GPTIMER_INT_PENDING (1 << 4)
-#define GPTIMER_CHAIN (1 << 5) /* Not supported */
-#define GPTIMER_DEBUG_HALT (1 << 6) /* Not supported */
-
-/* Memory mapped register offsets */
-#define SCALER_OFFSET 0x00
-#define SCALER_RELOAD_OFFSET 0x04
-#define CONFIG_OFFSET 0x08
-#define COUNTER_OFFSET 0x00
-#define COUNTER_RELOAD_OFFSET 0x04
-#define TIMER_BASE 0x10
-
-typedef struct GPTimer GPTimer;
-typedef struct GPTimerUnit GPTimerUnit;
-
-struct GPTimer {
- QEMUBH *bh;
- struct ptimer_state *ptimer;
-
- qemu_irq irq;
- int id;
- GPTimerUnit *unit;
-
- /* registers */
- uint32_t counter;
- uint32_t reload;
- uint32_t config;
-};
-
-struct GPTimerUnit {
- SysBusDevice busdev;
- MemoryRegion iomem;
-
- uint32_t nr_timers; /* Number of timers available */
- uint32_t freq_hz; /* System frequency */
- uint32_t irq_line; /* Base irq line */
-
- GPTimer *timers;
-
- /* registers */
- uint32_t scaler;
- uint32_t reload;
- uint32_t config;
-};
-
-static void grlib_gptimer_enable(GPTimer *timer)
-{
- assert(timer != NULL);
-
-
- ptimer_stop(timer->ptimer);
-
- if (!(timer->config & GPTIMER_ENABLE)) {
- /* Timer disabled */
- trace_grlib_gptimer_disabled(timer->id, timer->config);
- return;
- }
-
- /* ptimer is triggered when the counter reach 0 but GPTimer is triggered at
- underflow. Set count + 1 to simulate the GPTimer behavior. */
-
- trace_grlib_gptimer_enable(timer->id, timer->counter + 1);
-
- ptimer_set_count(timer->ptimer, timer->counter + 1);
- ptimer_run(timer->ptimer, 1);
-}
-
-static void grlib_gptimer_restart(GPTimer *timer)
-{
- assert(timer != NULL);
-
- trace_grlib_gptimer_restart(timer->id, timer->reload);
-
- timer->counter = timer->reload;
- grlib_gptimer_enable(timer);
-}
-
-static void grlib_gptimer_set_scaler(GPTimerUnit *unit, uint32_t scaler)
-{
- int i = 0;
- uint32_t value = 0;
-
- assert(unit != NULL);
-
- if (scaler > 0) {
- value = unit->freq_hz / (scaler + 1);
- } else {
- value = unit->freq_hz;
- }
-
- trace_grlib_gptimer_set_scaler(scaler, value);
-
- for (i = 0; i < unit->nr_timers; i++) {
- ptimer_set_freq(unit->timers[i].ptimer, value);
- }
-}
-
-static void grlib_gptimer_hit(void *opaque)
-{
- GPTimer *timer = opaque;
- assert(timer != NULL);
-
- trace_grlib_gptimer_hit(timer->id);
-
- /* Timer expired */
-
- if (timer->config & GPTIMER_INT_ENABLE) {
- /* Set the pending bit (only unset by write in the config register) */
- timer->config |= GPTIMER_INT_PENDING;
- qemu_irq_pulse(timer->irq);
- }
-
- if (timer->config & GPTIMER_RESTART) {
- grlib_gptimer_restart(timer);
- }
-}
-
-static uint64_t grlib_gptimer_read(void *opaque, hwaddr addr,
- unsigned size)
-{
- GPTimerUnit *unit = opaque;
- hwaddr timer_addr;
- int id;
- uint32_t value = 0;
-
- addr &= 0xff;
-
- /* Unit registers */
- switch (addr) {
- case SCALER_OFFSET:
- trace_grlib_gptimer_readl(-1, addr, unit->scaler);
- return unit->scaler;
-
- case SCALER_RELOAD_OFFSET:
- trace_grlib_gptimer_readl(-1, addr, unit->reload);
- return unit->reload;
-
- case CONFIG_OFFSET:
- trace_grlib_gptimer_readl(-1, addr, unit->config);
- return unit->config;
-
- default:
- break;
- }
-
- timer_addr = (addr % TIMER_BASE);
- id = (addr - TIMER_BASE) / TIMER_BASE;
-
- if (id >= 0 && id < unit->nr_timers) {
-
- /* GPTimer registers */
- switch (timer_addr) {
- case COUNTER_OFFSET:
- value = ptimer_get_count(unit->timers[id].ptimer);
- trace_grlib_gptimer_readl(id, addr, value);
- return value;
-
- case COUNTER_RELOAD_OFFSET:
- value = unit->timers[id].reload;
- trace_grlib_gptimer_readl(id, addr, value);
- return value;
-
- case CONFIG_OFFSET:
- trace_grlib_gptimer_readl(id, addr, unit->timers[id].config);
- return unit->timers[id].config;
-
- default:
- break;
- }
-
- }
-
- trace_grlib_gptimer_readl(-1, addr, 0);
- return 0;
-}
-
-static void grlib_gptimer_write(void *opaque, hwaddr addr,
- uint64_t value, unsigned size)
-{
- GPTimerUnit *unit = opaque;
- hwaddr timer_addr;
- int id;
-
- addr &= 0xff;
-
- /* Unit registers */
- switch (addr) {
- case SCALER_OFFSET:
- value &= 0xFFFF; /* clean up the value */
- unit->scaler = value;
- trace_grlib_gptimer_writel(-1, addr, unit->scaler);
- return;
-
- case SCALER_RELOAD_OFFSET:
- value &= 0xFFFF; /* clean up the value */
- unit->reload = value;
- trace_grlib_gptimer_writel(-1, addr, unit->reload);
- grlib_gptimer_set_scaler(unit, value);
- return;
-
- case CONFIG_OFFSET:
- /* Read Only (disable timer freeze not supported) */
- trace_grlib_gptimer_writel(-1, addr, 0);
- return;
-
- default:
- break;
- }
-
- timer_addr = (addr % TIMER_BASE);
- id = (addr - TIMER_BASE) / TIMER_BASE;
-
- if (id >= 0 && id < unit->nr_timers) {
-
- /* GPTimer registers */
- switch (timer_addr) {
- case COUNTER_OFFSET:
- trace_grlib_gptimer_writel(id, addr, value);
- unit->timers[id].counter = value;
- grlib_gptimer_enable(&unit->timers[id]);
- return;
-
- case COUNTER_RELOAD_OFFSET:
- trace_grlib_gptimer_writel(id, addr, value);
- unit->timers[id].reload = value;
- return;
-
- case CONFIG_OFFSET:
- trace_grlib_gptimer_writel(id, addr, value);
-
- if (value & GPTIMER_INT_PENDING) {
- /* clear pending bit */
- value &= ~GPTIMER_INT_PENDING;
- } else {
- /* keep pending bit */
- value |= unit->timers[id].config & GPTIMER_INT_PENDING;
- }
-
- unit->timers[id].config = value;
-
- /* gptimer_restart calls gptimer_enable, so if "enable" and "load"
- bits are present, we just have to call restart. */
-
- if (value & GPTIMER_LOAD) {
- grlib_gptimer_restart(&unit->timers[id]);
- } else if (value & GPTIMER_ENABLE) {
- grlib_gptimer_enable(&unit->timers[id]);
- }
-
- /* These fields must always be read as 0 */
- value &= ~(GPTIMER_LOAD & GPTIMER_DEBUG_HALT);
-
- unit->timers[id].config = value;
- return;
-
- default:
- break;
- }
-
- }
-
- trace_grlib_gptimer_writel(-1, addr, value);
-}
-
-static const MemoryRegionOps grlib_gptimer_ops = {
- .read = grlib_gptimer_read,
- .write = grlib_gptimer_write,
- .endianness = DEVICE_NATIVE_ENDIAN,
- .valid = {
- .min_access_size = 4,
- .max_access_size = 4,
- },
-};
-
-static void grlib_gptimer_reset(DeviceState *d)
-{
- GPTimerUnit *unit = container_of(d, GPTimerUnit, busdev.qdev);
- int i = 0;
-
- assert(unit != NULL);
-
- unit->scaler = 0;
- unit->reload = 0;
- unit->config = 0;
-
- unit->config = unit->nr_timers;
- unit->config |= unit->irq_line << 3;
- unit->config |= 1 << 8; /* separate interrupt */
- unit->config |= 1 << 9; /* Disable timer freeze */
-
-
- for (i = 0; i < unit->nr_timers; i++) {
- GPTimer *timer = &unit->timers[i];
-
- timer->counter = 0;
- timer->reload = 0;
- timer->config = 0;
- ptimer_stop(timer->ptimer);
- ptimer_set_count(timer->ptimer, 0);
- ptimer_set_freq(timer->ptimer, unit->freq_hz);
- }
-}
-
-static int grlib_gptimer_init(SysBusDevice *dev)
-{
- GPTimerUnit *unit = FROM_SYSBUS(typeof(*unit), dev);
- unsigned int i;
-
- assert(unit->nr_timers > 0);
- assert(unit->nr_timers <= GPTIMER_MAX_TIMERS);
-
- unit->timers = g_malloc0(sizeof unit->timers[0] * unit->nr_timers);
-
- for (i = 0; i < unit->nr_timers; i++) {
- GPTimer *timer = &unit->timers[i];
-
- timer->unit = unit;
- timer->bh = qemu_bh_new(grlib_gptimer_hit, timer);
- timer->ptimer = ptimer_init(timer->bh);
- timer->id = i;
-
- /* One IRQ line for each timer */
- sysbus_init_irq(dev, &timer->irq);
-
- ptimer_set_freq(timer->ptimer, unit->freq_hz);
- }
-
- memory_region_init_io(&unit->iomem, &grlib_gptimer_ops, unit, "gptimer",
- UNIT_REG_SIZE + GPTIMER_REG_SIZE * unit->nr_timers);
-
- sysbus_init_mmio(dev, &unit->iomem);
- return 0;
-}
-
-static Property grlib_gptimer_properties[] = {
- DEFINE_PROP_UINT32("frequency", GPTimerUnit, freq_hz, 40000000),
- DEFINE_PROP_UINT32("irq-line", GPTimerUnit, irq_line, 8),
- DEFINE_PROP_UINT32("nr-timers", GPTimerUnit, nr_timers, 2),
- DEFINE_PROP_END_OF_LIST(),
-};
-
-static void grlib_gptimer_class_init(ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS(klass);
- SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
-
- k->init = grlib_gptimer_init;
- dc->reset = grlib_gptimer_reset;
- dc->props = grlib_gptimer_properties;
-}
-
-static TypeInfo grlib_gptimer_info = {
- .name = "grlib,gptimer",
- .parent = TYPE_SYS_BUS_DEVICE,
- .instance_size = sizeof(GPTimerUnit),
- .class_init = grlib_gptimer_class_init,
-};
-
-static void grlib_gptimer_register_types(void)
-{
- type_register_static(&grlib_gptimer_info);
-}
-
-type_init(grlib_gptimer_register_types)
diff --git a/hw/grlib_irqmp.c b/hw/grlib_irqmp.c
deleted file mode 100644
index 23a6a02bc..000000000
--- a/hw/grlib_irqmp.c
+++ /dev/null
@@ -1,385 +0,0 @@
-/*
- * QEMU GRLIB IRQMP Emulator
- *
- * (Multiprocessor and extended interrupt not supported)
- *
- * Copyright (c) 2010-2011 AdaCore
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
- * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
- * THE SOFTWARE.
- */
-
-#include "sysbus.h"
-#include "cpu.h"
-
-#include "grlib.h"
-
-#include "trace.h"
-
-#define IRQMP_MAX_CPU 16
-#define IRQMP_REG_SIZE 256 /* Size of memory mapped registers */
-
-/* Memory mapped register offsets */
-#define LEVEL_OFFSET 0x00
-#define PENDING_OFFSET 0x04
-#define FORCE0_OFFSET 0x08
-#define CLEAR_OFFSET 0x0C
-#define MP_STATUS_OFFSET 0x10
-#define BROADCAST_OFFSET 0x14
-#define MASK_OFFSET 0x40
-#define FORCE_OFFSET 0x80
-#define EXTENDED_OFFSET 0xC0
-
-typedef struct IRQMPState IRQMPState;
-
-typedef struct IRQMP {
- SysBusDevice busdev;
- MemoryRegion iomem;
-
- void *set_pil_in;
- void *set_pil_in_opaque;
-
- IRQMPState *state;
-} IRQMP;
-
-struct IRQMPState {
- uint32_t level;
- uint32_t pending;
- uint32_t clear;
- uint32_t broadcast;
-
- uint32_t mask[IRQMP_MAX_CPU];
- uint32_t force[IRQMP_MAX_CPU];
- uint32_t extended[IRQMP_MAX_CPU];
-
- IRQMP *parent;
-};
-
-static void grlib_irqmp_check_irqs(IRQMPState *state)
-{
- uint32_t pend = 0;
- uint32_t level0 = 0;
- uint32_t level1 = 0;
- set_pil_in_fn set_pil_in;
-
- assert(state != NULL);
- assert(state->parent != NULL);
-
- /* IRQ for CPU 0 (no SMP support) */
- pend = (state->pending | state->force[0])
- & state->mask[0];
-
- level0 = pend & ~state->level;
- level1 = pend & state->level;
-
- trace_grlib_irqmp_check_irqs(state->pending, state->force[0],
- state->mask[0], level1, level0);
-
- set_pil_in = (set_pil_in_fn)state->parent->set_pil_in;
-
- /* Trigger level1 interrupt first and level0 if there is no level1 */
- if (level1 != 0) {
- set_pil_in(state->parent->set_pil_in_opaque, level1);
- } else {
- set_pil_in(state->parent->set_pil_in_opaque, level0);
- }
-}
-
-void grlib_irqmp_ack(DeviceState *dev, int intno)
-{
- SysBusDevice *sdev;
- IRQMP *irqmp;
- IRQMPState *state;
- uint32_t mask;
-
- assert(dev != NULL);
-
- sdev = sysbus_from_qdev(dev);
- assert(sdev != NULL);
-
- irqmp = FROM_SYSBUS(typeof(*irqmp), sdev);
- assert(irqmp != NULL);
-
- state = irqmp->state;
- assert(state != NULL);
-
- intno &= 15;
- mask = 1 << intno;
-
- trace_grlib_irqmp_ack(intno);
-
- /* Clear registers */
- state->pending &= ~mask;
- state->force[0] &= ~mask; /* Only CPU 0 (No SMP support) */
-
- grlib_irqmp_check_irqs(state);
-}
-
-void grlib_irqmp_set_irq(void *opaque, int irq, int level)
-{
- IRQMP *irqmp;
- IRQMPState *s;
- int i = 0;
-
- assert(opaque != NULL);
-
- irqmp = FROM_SYSBUS(typeof(*irqmp), sysbus_from_qdev(opaque));
- assert(irqmp != NULL);
-
- s = irqmp->state;
- assert(s != NULL);
- assert(s->parent != NULL);
-
-
- if (level) {
- trace_grlib_irqmp_set_irq(irq);
-
- if (s->broadcast & 1 << irq) {
- /* Broadcasted IRQ */
- for (i = 0; i < IRQMP_MAX_CPU; i++) {
- s->force[i] |= 1 << irq;
- }
- } else {
- s->pending |= 1 << irq;
- }
- grlib_irqmp_check_irqs(s);
-
- }
-}
-
-static uint64_t grlib_irqmp_read(void *opaque, hwaddr addr,
- unsigned size)
-{
- IRQMP *irqmp = opaque;
- IRQMPState *state;
-
- assert(irqmp != NULL);
- state = irqmp->state;
- assert(state != NULL);
-
- addr &= 0xff;
-
- /* global registers */
- switch (addr) {
- case LEVEL_OFFSET:
- return state->level;
-
- case PENDING_OFFSET:
- return state->pending;
-
- case FORCE0_OFFSET:
- /* This register is an "alias" for the force register of CPU 0 */
- return state->force[0];
-
- case CLEAR_OFFSET:
- case MP_STATUS_OFFSET:
- /* Always read as 0 */
- return 0;
-
- case BROADCAST_OFFSET:
- return state->broadcast;
-
- default:
- break;
- }
-
- /* mask registers */
- if (addr >= MASK_OFFSET && addr < FORCE_OFFSET) {
- int cpu = (addr - MASK_OFFSET) / 4;
- assert(cpu >= 0 && cpu < IRQMP_MAX_CPU);
-
- return state->mask[cpu];
- }
-
- /* force registers */
- if (addr >= FORCE_OFFSET && addr < EXTENDED_OFFSET) {
- int cpu = (addr - FORCE_OFFSET) / 4;
- assert(cpu >= 0 && cpu < IRQMP_MAX_CPU);
-
- return state->force[cpu];
- }
-
- /* extended (not supported) */
- if (addr >= EXTENDED_OFFSET && addr < IRQMP_REG_SIZE) {
- int cpu = (addr - EXTENDED_OFFSET) / 4;
- assert(cpu >= 0 && cpu < IRQMP_MAX_CPU);
-
- return state->extended[cpu];
- }
-
- trace_grlib_irqmp_readl_unknown(addr);
- return 0;
-}
-
-static void grlib_irqmp_write(void *opaque, hwaddr addr,
- uint64_t value, unsigned size)
-{
- IRQMP *irqmp = opaque;
- IRQMPState *state;
-
- assert(irqmp != NULL);
- state = irqmp->state;
- assert(state != NULL);
-
- addr &= 0xff;
-
- /* global registers */
- switch (addr) {
- case LEVEL_OFFSET:
- value &= 0xFFFF << 1; /* clean up the value */
- state->level = value;
- return;
-
- case PENDING_OFFSET:
- /* Read Only */
- return;
-
- case FORCE0_OFFSET:
- /* This register is an "alias" for the force register of CPU 0 */
-
- value &= 0xFFFE; /* clean up the value */
- state->force[0] = value;
- grlib_irqmp_check_irqs(irqmp->state);
- return;
-
- case CLEAR_OFFSET:
- value &= ~1; /* clean up the value */
- state->pending &= ~value;
- return;
-
- case MP_STATUS_OFFSET:
- /* Read Only (no SMP support) */
- return;
-
- case BROADCAST_OFFSET:
- value &= 0xFFFE; /* clean up the value */
- state->broadcast = value;
- return;
-
- default:
- break;
- }
-
- /* mask registers */
- if (addr >= MASK_OFFSET && addr < FORCE_OFFSET) {
- int cpu = (addr - MASK_OFFSET) / 4;
- assert(cpu >= 0 && cpu < IRQMP_MAX_CPU);
-
- value &= ~1; /* clean up the value */
- state->mask[cpu] = value;
- grlib_irqmp_check_irqs(irqmp->state);
- return;
- }
-
- /* force registers */
- if (addr >= FORCE_OFFSET && addr < EXTENDED_OFFSET) {
- int cpu = (addr - FORCE_OFFSET) / 4;
- assert(cpu >= 0 && cpu < IRQMP_MAX_CPU);
-
- uint32_t force = value & 0xFFFE;
- uint32_t clear = (value >> 16) & 0xFFFE;
- uint32_t old = state->force[cpu];
-
- state->force[cpu] = (old | force) & ~clear;
- grlib_irqmp_check_irqs(irqmp->state);
- return;
- }
-
- /* extended (not supported) */
- if (addr >= EXTENDED_OFFSET && addr < IRQMP_REG_SIZE) {
- int cpu = (addr - EXTENDED_OFFSET) / 4;
- assert(cpu >= 0 && cpu < IRQMP_MAX_CPU);
-
- value &= 0xF; /* clean up the value */
- state->extended[cpu] = value;
- return;
- }
-
- trace_grlib_irqmp_writel_unknown(addr, value);
-}
-
-static const MemoryRegionOps grlib_irqmp_ops = {
- .read = grlib_irqmp_read,
- .write = grlib_irqmp_write,
- .endianness = DEVICE_NATIVE_ENDIAN,
- .valid = {
- .min_access_size = 4,
- .max_access_size = 4,
- },
-};
-
-static void grlib_irqmp_reset(DeviceState *d)
-{
- IRQMP *irqmp = container_of(d, IRQMP, busdev.qdev);
- assert(irqmp != NULL);
- assert(irqmp->state != NULL);
-
- memset(irqmp->state, 0, sizeof *irqmp->state);
- irqmp->state->parent = irqmp;
-}
-
-static int grlib_irqmp_init(SysBusDevice *dev)
-{
- IRQMP *irqmp = FROM_SYSBUS(typeof(*irqmp), dev);
-
- assert(irqmp != NULL);
-
- /* Check parameters */
- if (irqmp->set_pil_in == NULL) {
- return -1;
- }
-
- memory_region_init_io(&irqmp->iomem, &grlib_irqmp_ops, irqmp,
- "irqmp", IRQMP_REG_SIZE);
-
- irqmp->state = g_malloc0(sizeof *irqmp->state);
-
- sysbus_init_mmio(dev, &irqmp->iomem);
-
- return 0;
-}
-
-static Property grlib_irqmp_properties[] = {
- DEFINE_PROP_PTR("set_pil_in", IRQMP, set_pil_in),
- DEFINE_PROP_PTR("set_pil_in_opaque", IRQMP, set_pil_in_opaque),
- DEFINE_PROP_END_OF_LIST(),
-};
-
-static void grlib_irqmp_class_init(ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS(klass);
- SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
-
- k->init = grlib_irqmp_init;
- dc->reset = grlib_irqmp_reset;
- dc->props = grlib_irqmp_properties;
-}
-
-static TypeInfo grlib_irqmp_info = {
- .name = "grlib,irqmp",
- .parent = TYPE_SYS_BUS_DEVICE,
- .instance_size = sizeof(IRQMP),
- .class_init = grlib_irqmp_class_init,
-};
-
-static void grlib_irqmp_register_types(void)
-{
- type_register_static(&grlib_irqmp_info);
-}
-
-type_init(grlib_irqmp_register_types)
diff --git a/hw/gt64xxx.c b/hw/gt64xxx.c
deleted file mode 100644
index 95d491d93..000000000
--- a/hw/gt64xxx.c
+++ /dev/null
@@ -1,1188 +0,0 @@
-/*
- * QEMU GT64120 PCI host
- *
- * Copyright (c) 2006,2007 Aurelien Jarno
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
- * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
- * THE SOFTWARE.
- */
-
-#include "hw.h"
-#include "mips.h"
-#include "pci.h"
-#include "pci_host.h"
-#include "pc.h"
-#include "exec-memory.h"
-
-//#define DEBUG
-
-#ifdef DEBUG
-#define DPRINTF(fmt, ...) fprintf(stderr, "%s: " fmt, __FUNCTION__, ##__VA_ARGS__)
-#else
-#define DPRINTF(fmt, ...)
-#endif
-
-#define GT_REGS (0x1000 >> 2)
-
-/* CPU Configuration */
-#define GT_CPU (0x000 >> 2)
-#define GT_MULTI (0x120 >> 2)
-
-/* CPU Address Decode */
-#define GT_SCS10LD (0x008 >> 2)
-#define GT_SCS10HD (0x010 >> 2)
-#define GT_SCS32LD (0x018 >> 2)
-#define GT_SCS32HD (0x020 >> 2)
-#define GT_CS20LD (0x028 >> 2)
-#define GT_CS20HD (0x030 >> 2)
-#define GT_CS3BOOTLD (0x038 >> 2)
-#define GT_CS3BOOTHD (0x040 >> 2)
-#define GT_PCI0IOLD (0x048 >> 2)
-#define GT_PCI0IOHD (0x050 >> 2)
-#define GT_PCI0M0LD (0x058 >> 2)
-#define GT_PCI0M0HD (0x060 >> 2)
-#define GT_PCI0M1LD (0x080 >> 2)
-#define GT_PCI0M1HD (0x088 >> 2)
-#define GT_PCI1IOLD (0x090 >> 2)
-#define GT_PCI1IOHD (0x098 >> 2)
-#define GT_PCI1M0LD (0x0a0 >> 2)
-#define GT_PCI1M0HD (0x0a8 >> 2)
-#define GT_PCI1M1LD (0x0b0 >> 2)
-#define GT_PCI1M1HD (0x0b8 >> 2)
-#define GT_ISD (0x068 >> 2)
-
-#define GT_SCS10AR (0x0d0 >> 2)
-#define GT_SCS32AR (0x0d8 >> 2)
-#define GT_CS20R (0x0e0 >> 2)
-#define GT_CS3BOOTR (0x0e8 >> 2)
-
-#define GT_PCI0IOREMAP (0x0f0 >> 2)
-#define GT_PCI0M0REMAP (0x0f8 >> 2)
-#define GT_PCI0M1REMAP (0x100 >> 2)
-#define GT_PCI1IOREMAP (0x108 >> 2)
-#define GT_PCI1M0REMAP (0x110 >> 2)
-#define GT_PCI1M1REMAP (0x118 >> 2)
-
-/* CPU Error Report */
-#define GT_CPUERR_ADDRLO (0x070 >> 2)
-#define GT_CPUERR_ADDRHI (0x078 >> 2)
-#define GT_CPUERR_DATALO (0x128 >> 2) /* GT-64120A only */
-#define GT_CPUERR_DATAHI (0x130 >> 2) /* GT-64120A only */
-#define GT_CPUERR_PARITY (0x138 >> 2) /* GT-64120A only */
-
-/* CPU Sync Barrier */
-#define GT_PCI0SYNC (0x0c0 >> 2)
-#define GT_PCI1SYNC (0x0c8 >> 2)
-
-/* SDRAM and Device Address Decode */
-#define GT_SCS0LD (0x400 >> 2)
-#define GT_SCS0HD (0x404 >> 2)
-#define GT_SCS1LD (0x408 >> 2)
-#define GT_SCS1HD (0x40c >> 2)
-#define GT_SCS2LD (0x410 >> 2)
-#define GT_SCS2HD (0x414 >> 2)
-#define GT_SCS3LD (0x418 >> 2)
-#define GT_SCS3HD (0x41c >> 2)
-#define GT_CS0LD (0x420 >> 2)
-#define GT_CS0HD (0x424 >> 2)
-#define GT_CS1LD (0x428 >> 2)
-#define GT_CS1HD (0x42c >> 2)
-#define GT_CS2LD (0x430 >> 2)
-#define GT_CS2HD (0x434 >> 2)
-#define GT_CS3LD (0x438 >> 2)
-#define GT_CS3HD (0x43c >> 2)
-#define GT_BOOTLD (0x440 >> 2)
-#define GT_BOOTHD (0x444 >> 2)
-#define GT_ADERR (0x470 >> 2)
-
-/* SDRAM Configuration */
-#define GT_SDRAM_CFG (0x448 >> 2)
-#define GT_SDRAM_OPMODE (0x474 >> 2)
-#define GT_SDRAM_BM (0x478 >> 2)
-#define GT_SDRAM_ADDRDECODE (0x47c >> 2)
-
-/* SDRAM Parameters */
-#define GT_SDRAM_B0 (0x44c >> 2)
-#define GT_SDRAM_B1 (0x450 >> 2)
-#define GT_SDRAM_B2 (0x454 >> 2)
-#define GT_SDRAM_B3 (0x458 >> 2)
-
-/* Device Parameters */
-#define GT_DEV_B0 (0x45c >> 2)
-#define GT_DEV_B1 (0x460 >> 2)
-#define GT_DEV_B2 (0x464 >> 2)
-#define GT_DEV_B3 (0x468 >> 2)
-#define GT_DEV_BOOT (0x46c >> 2)
-
-/* ECC */
-#define GT_ECC_ERRDATALO (0x480 >> 2) /* GT-64120A only */
-#define GT_ECC_ERRDATAHI (0x484 >> 2) /* GT-64120A only */
-#define GT_ECC_MEM (0x488 >> 2) /* GT-64120A only */
-#define GT_ECC_CALC (0x48c >> 2) /* GT-64120A only */
-#define GT_ECC_ERRADDR (0x490 >> 2) /* GT-64120A only */
-
-/* DMA Record */
-#define GT_DMA0_CNT (0x800 >> 2)
-#define GT_DMA1_CNT (0x804 >> 2)
-#define GT_DMA2_CNT (0x808 >> 2)
-#define GT_DMA3_CNT (0x80c >> 2)
-#define GT_DMA0_SA (0x810 >> 2)
-#define GT_DMA1_SA (0x814 >> 2)
-#define GT_DMA2_SA (0x818 >> 2)
-#define GT_DMA3_SA (0x81c >> 2)
-#define GT_DMA0_DA (0x820 >> 2)
-#define GT_DMA1_DA (0x824 >> 2)
-#define GT_DMA2_DA (0x828 >> 2)
-#define GT_DMA3_DA (0x82c >> 2)
-#define GT_DMA0_NEXT (0x830 >> 2)
-#define GT_DMA1_NEXT (0x834 >> 2)
-#define GT_DMA2_NEXT (0x838 >> 2)
-#define GT_DMA3_NEXT (0x83c >> 2)
-#define GT_DMA0_CUR (0x870 >> 2)
-#define GT_DMA1_CUR (0x874 >> 2)
-#define GT_DMA2_CUR (0x878 >> 2)
-#define GT_DMA3_CUR (0x87c >> 2)
-
-/* DMA Channel Control */
-#define GT_DMA0_CTRL (0x840 >> 2)
-#define GT_DMA1_CTRL (0x844 >> 2)
-#define GT_DMA2_CTRL (0x848 >> 2)
-#define GT_DMA3_CTRL (0x84c >> 2)
-
-/* DMA Arbiter */
-#define GT_DMA_ARB (0x860 >> 2)
-
-/* Timer/Counter */
-#define GT_TC0 (0x850 >> 2)
-#define GT_TC1 (0x854 >> 2)
-#define GT_TC2 (0x858 >> 2)
-#define GT_TC3 (0x85c >> 2)
-#define GT_TC_CONTROL (0x864 >> 2)
-
-/* PCI Internal */
-#define GT_PCI0_CMD (0xc00 >> 2)
-#define GT_PCI0_TOR (0xc04 >> 2)
-#define GT_PCI0_BS_SCS10 (0xc08 >> 2)
-#define GT_PCI0_BS_SCS32 (0xc0c >> 2)
-#define GT_PCI0_BS_CS20 (0xc10 >> 2)
-#define GT_PCI0_BS_CS3BT (0xc14 >> 2)
-#define GT_PCI1_IACK (0xc30 >> 2)
-#define GT_PCI0_IACK (0xc34 >> 2)
-#define GT_PCI0_BARE (0xc3c >> 2)
-#define GT_PCI0_PREFMBR (0xc40 >> 2)
-#define GT_PCI0_SCS10_BAR (0xc48 >> 2)
-#define GT_PCI0_SCS32_BAR (0xc4c >> 2)
-#define GT_PCI0_CS20_BAR (0xc50 >> 2)
-#define GT_PCI0_CS3BT_BAR (0xc54 >> 2)
-#define GT_PCI0_SSCS10_BAR (0xc58 >> 2)
-#define GT_PCI0_SSCS32_BAR (0xc5c >> 2)
-#define GT_PCI0_SCS3BT_BAR (0xc64 >> 2)
-#define GT_PCI1_CMD (0xc80 >> 2)
-#define GT_PCI1_TOR (0xc84 >> 2)
-#define GT_PCI1_BS_SCS10 (0xc88 >> 2)
-#define GT_PCI1_BS_SCS32 (0xc8c >> 2)
-#define GT_PCI1_BS_CS20 (0xc90 >> 2)
-#define GT_PCI1_BS_CS3BT (0xc94 >> 2)
-#define GT_PCI1_BARE (0xcbc >> 2)
-#define GT_PCI1_PREFMBR (0xcc0 >> 2)
-#define GT_PCI1_SCS10_BAR (0xcc8 >> 2)
-#define GT_PCI1_SCS32_BAR (0xccc >> 2)
-#define GT_PCI1_CS20_BAR (0xcd0 >> 2)
-#define GT_PCI1_CS3BT_BAR (0xcd4 >> 2)
-#define GT_PCI1_SSCS10_BAR (0xcd8 >> 2)
-#define GT_PCI1_SSCS32_BAR (0xcdc >> 2)
-#define GT_PCI1_SCS3BT_BAR (0xce4 >> 2)
-#define GT_PCI1_CFGADDR (0xcf0 >> 2)
-#define GT_PCI1_CFGDATA (0xcf4 >> 2)
-#define GT_PCI0_CFGADDR (0xcf8 >> 2)
-#define GT_PCI0_CFGDATA (0xcfc >> 2)
-
-/* Interrupts */
-#define GT_INTRCAUSE (0xc18 >> 2)
-#define GT_INTRMASK (0xc1c >> 2)
-#define GT_PCI0_ICMASK (0xc24 >> 2)
-#define GT_PCI0_SERR0MASK (0xc28 >> 2)
-#define GT_CPU_INTSEL (0xc70 >> 2)
-#define GT_PCI0_INTSEL (0xc74 >> 2)
-#define GT_HINTRCAUSE (0xc98 >> 2)
-#define GT_HINTRMASK (0xc9c >> 2)
-#define GT_PCI0_HICMASK (0xca4 >> 2)
-#define GT_PCI1_SERR1MASK (0xca8 >> 2)
-
-#define PCI_MAPPING_ENTRY(regname) \
- hwaddr regname ##_start; \
- hwaddr regname ##_length; \
- MemoryRegion regname ##_mem
-
-#define TYPE_GT64120_PCI_HOST_BRIDGE "gt64120"
-
-#define GT64120_PCI_HOST_BRIDGE(obj) \
- OBJECT_CHECK(GT64120State, (obj), TYPE_GT64120_PCI_HOST_BRIDGE)
-
-typedef struct GT64120State {
- PCIHostState parent_obj;
-
- uint32_t regs[GT_REGS];
- PCI_MAPPING_ENTRY(PCI0IO);
- PCI_MAPPING_ENTRY(ISD);
-} GT64120State;
-
-/* Adjust range to avoid touching space which isn't mappable via PCI */
-/* XXX: Hardcoded values for Malta: 0x1e000000 - 0x1f100000
- 0x1fc00000 - 0x1fd00000 */
-static void check_reserved_space (hwaddr *start,
- hwaddr *length)
-{
- hwaddr begin = *start;
- hwaddr end = *start + *length;
-
- if (end >= 0x1e000000LL && end < 0x1f100000LL)
- end = 0x1e000000LL;
- if (begin >= 0x1e000000LL && begin < 0x1f100000LL)
- begin = 0x1f100000LL;
- if (end >= 0x1fc00000LL && end < 0x1fd00000LL)
- end = 0x1fc00000LL;
- if (begin >= 0x1fc00000LL && begin < 0x1fd00000LL)
- begin = 0x1fd00000LL;
- /* XXX: This is broken when a reserved range splits the requested range */
- if (end >= 0x1f100000LL && begin < 0x1e000000LL)
- end = 0x1e000000LL;
- if (end >= 0x1fd00000LL && begin < 0x1fc00000LL)
- end = 0x1fc00000LL;
-
- *start = begin;
- *length = end - begin;
-}
-
-static void gt64120_isd_mapping(GT64120State *s)
-{
- hwaddr start = s->regs[GT_ISD] << 21;
- hwaddr length = 0x1000;
-
- if (s->ISD_length) {
- memory_region_del_subregion(get_system_memory(), &s->ISD_mem);
- }
- check_reserved_space(&start, &length);
- length = 0x1000;
- /* Map new address */
- DPRINTF("ISD: "TARGET_FMT_plx"@"TARGET_FMT_plx
- " -> "TARGET_FMT_plx"@"TARGET_FMT_plx"\n",
- s->ISD_length, s->ISD_start, length, start);
- s->ISD_start = start;
- s->ISD_length = length;
- memory_region_add_subregion(get_system_memory(), s->ISD_start, &s->ISD_mem);
-}
-
-static void gt64120_pci_mapping(GT64120State *s)
-{
- /* Update IO mapping */
- if ((s->regs[GT_PCI0IOLD] & 0x7f) <= s->regs[GT_PCI0IOHD])
- {
- /* Unmap old IO address */
- if (s->PCI0IO_length)
- {
- memory_region_del_subregion(get_system_memory(), &s->PCI0IO_mem);
- memory_region_destroy(&s->PCI0IO_mem);
- }
- /* Map new IO address */
- s->PCI0IO_start = s->regs[GT_PCI0IOLD] << 21;
- s->PCI0IO_length = ((s->regs[GT_PCI0IOHD] + 1) - (s->regs[GT_PCI0IOLD] & 0x7f)) << 21;
- isa_mem_base = s->PCI0IO_start;
- if (s->PCI0IO_length) {
- isa_mmio_setup(&s->PCI0IO_mem, s->PCI0IO_length);
- memory_region_add_subregion(get_system_memory(), s->PCI0IO_start,
- &s->PCI0IO_mem);
- }
- }
-}
-
-static void gt64120_writel (void *opaque, hwaddr addr,
- uint64_t val, unsigned size)
-{
- GT64120State *s = opaque;
- PCIHostState *phb = PCI_HOST_BRIDGE(s);
- uint32_t saddr;
-
- if (!(s->regs[GT_CPU] & 0x00001000))
- val = bswap32(val);
-
- saddr = (addr & 0xfff) >> 2;
- switch (saddr) {
-
- /* CPU Configuration */
- case GT_CPU:
- s->regs[GT_CPU] = val;
- break;
- case GT_MULTI:
- /* Read-only register as only one GT64xxx is present on the CPU bus */
- break;
-
- /* CPU Address Decode */
- case GT_PCI0IOLD:
- s->regs[GT_PCI0IOLD] = val & 0x00007fff;
- s->regs[GT_PCI0IOREMAP] = val & 0x000007ff;
- gt64120_pci_mapping(s);
- break;
- case GT_PCI0M0LD:
- s->regs[GT_PCI0M0LD] = val & 0x00007fff;
- s->regs[GT_PCI0M0REMAP] = val & 0x000007ff;
- break;
- case GT_PCI0M1LD:
- s->regs[GT_PCI0M1LD] = val & 0x00007fff;
- s->regs[GT_PCI0M1REMAP] = val & 0x000007ff;
- break;
- case GT_PCI1IOLD:
- s->regs[GT_PCI1IOLD] = val & 0x00007fff;
- s->regs[GT_PCI1IOREMAP] = val & 0x000007ff;
- break;
- case GT_PCI1M0LD:
- s->regs[GT_PCI1M0LD] = val & 0x00007fff;
- s->regs[GT_PCI1M0REMAP] = val & 0x000007ff;
- break;
- case GT_PCI1M1LD:
- s->regs[GT_PCI1M1LD] = val & 0x00007fff;
- s->regs[GT_PCI1M1REMAP] = val & 0x000007ff;
- break;
- case GT_PCI0IOHD:
- s->regs[saddr] = val & 0x0000007f;
- gt64120_pci_mapping(s);
- break;
- case GT_PCI0M0HD:
- case GT_PCI0M1HD:
- case GT_PCI1IOHD:
- case GT_PCI1M0HD:
- case GT_PCI1M1HD:
- s->regs[saddr] = val & 0x0000007f;
- break;
- case GT_ISD:
- s->regs[saddr] = val & 0x00007fff;
- gt64120_isd_mapping(s);
- break;
-
- case GT_PCI0IOREMAP:
- case GT_PCI0M0REMAP:
- case GT_PCI0M1REMAP:
- case GT_PCI1IOREMAP:
- case GT_PCI1M0REMAP:
- case GT_PCI1M1REMAP:
- s->regs[saddr] = val & 0x000007ff;
- break;
-
- /* CPU Error Report */
- case GT_CPUERR_ADDRLO:
- case GT_CPUERR_ADDRHI:
- case GT_CPUERR_DATALO:
- case GT_CPUERR_DATAHI:
- case GT_CPUERR_PARITY:
- /* Read-only registers, do nothing */
- break;
-
- /* CPU Sync Barrier */
- case GT_PCI0SYNC:
- case GT_PCI1SYNC:
- /* Read-only registers, do nothing */
- break;
-
- /* SDRAM and Device Address Decode */
- case GT_SCS0LD:
- case GT_SCS0HD:
- case GT_SCS1LD:
- case GT_SCS1HD:
- case GT_SCS2LD:
- case GT_SCS2HD:
- case GT_SCS3LD:
- case GT_SCS3HD:
- case GT_CS0LD:
- case GT_CS0HD:
- case GT_CS1LD:
- case GT_CS1HD:
- case GT_CS2LD:
- case GT_CS2HD:
- case GT_CS3LD:
- case GT_CS3HD:
- case GT_BOOTLD:
- case GT_BOOTHD:
- case GT_ADERR:
- /* SDRAM Configuration */
- case GT_SDRAM_CFG:
- case GT_SDRAM_OPMODE:
- case GT_SDRAM_BM:
- case GT_SDRAM_ADDRDECODE:
- /* Accept and ignore SDRAM interleave configuration */
- s->regs[saddr] = val;
- break;
-
- /* Device Parameters */
- case GT_DEV_B0:
- case GT_DEV_B1:
- case GT_DEV_B2:
- case GT_DEV_B3:
- case GT_DEV_BOOT:
- /* Not implemented */
- DPRINTF ("Unimplemented device register offset 0x%x\n", saddr << 2);
- break;
-
- /* ECC */
- case GT_ECC_ERRDATALO:
- case GT_ECC_ERRDATAHI:
- case GT_ECC_MEM:
- case GT_ECC_CALC:
- case GT_ECC_ERRADDR:
- /* Read-only registers, do nothing */
- break;
-
- /* DMA Record */
- case GT_DMA0_CNT:
- case GT_DMA1_CNT:
- case GT_DMA2_CNT:
- case GT_DMA3_CNT:
- case GT_DMA0_SA:
- case GT_DMA1_SA:
- case GT_DMA2_SA:
- case GT_DMA3_SA:
- case GT_DMA0_DA:
- case GT_DMA1_DA:
- case GT_DMA2_DA:
- case GT_DMA3_DA:
- case GT_DMA0_NEXT:
- case GT_DMA1_NEXT:
- case GT_DMA2_NEXT:
- case GT_DMA3_NEXT:
- case GT_DMA0_CUR:
- case GT_DMA1_CUR:
- case GT_DMA2_CUR:
- case GT_DMA3_CUR:
- /* Not implemented */
- DPRINTF ("Unimplemented DMA register offset 0x%x\n", saddr << 2);
- break;
-
- /* DMA Channel Control */
- case GT_DMA0_CTRL:
- case GT_DMA1_CTRL:
- case GT_DMA2_CTRL:
- case GT_DMA3_CTRL:
- /* Not implemented */
- DPRINTF ("Unimplemented DMA register offset 0x%x\n", saddr << 2);
- break;
-
- /* DMA Arbiter */
- case GT_DMA_ARB:
- /* Not implemented */
- DPRINTF ("Unimplemented DMA register offset 0x%x\n", saddr << 2);
- break;
-
- /* Timer/Counter */
- case GT_TC0:
- case GT_TC1:
- case GT_TC2:
- case GT_TC3:
- case GT_TC_CONTROL:
- /* Not implemented */
- DPRINTF ("Unimplemented timer register offset 0x%x\n", saddr << 2);
- break;
-
- /* PCI Internal */
- case GT_PCI0_CMD:
- case GT_PCI1_CMD:
- s->regs[saddr] = val & 0x0401fc0f;
- break;
- case GT_PCI0_TOR:
- case GT_PCI0_BS_SCS10:
- case GT_PCI0_BS_SCS32:
- case GT_PCI0_BS_CS20:
- case GT_PCI0_BS_CS3BT:
- case GT_PCI1_IACK:
- case GT_PCI0_IACK:
- case GT_PCI0_BARE:
- case GT_PCI0_PREFMBR:
- case GT_PCI0_SCS10_BAR:
- case GT_PCI0_SCS32_BAR:
- case GT_PCI0_CS20_BAR:
- case GT_PCI0_CS3BT_BAR:
- case GT_PCI0_SSCS10_BAR:
- case GT_PCI0_SSCS32_BAR:
- case GT_PCI0_SCS3BT_BAR:
- case GT_PCI1_TOR:
- case GT_PCI1_BS_SCS10:
- case GT_PCI1_BS_SCS32:
- case GT_PCI1_BS_CS20:
- case GT_PCI1_BS_CS3BT:
- case GT_PCI1_BARE:
- case GT_PCI1_PREFMBR:
- case GT_PCI1_SCS10_BAR:
- case GT_PCI1_SCS32_BAR:
- case GT_PCI1_CS20_BAR:
- case GT_PCI1_CS3BT_BAR:
- case GT_PCI1_SSCS10_BAR:
- case GT_PCI1_SSCS32_BAR:
- case GT_PCI1_SCS3BT_BAR:
- case GT_PCI1_CFGADDR:
- case GT_PCI1_CFGDATA:
- /* not implemented */
- break;
- case GT_PCI0_CFGADDR:
- phb->config_reg = val & 0x80fffffc;
- break;
- case GT_PCI0_CFGDATA:
- if (!(s->regs[GT_PCI0_CMD] & 1) && (phb->config_reg & 0x00fff800)) {
- val = bswap32(val);
- }
- if (phb->config_reg & (1u << 31)) {
- pci_data_write(phb->bus, phb->config_reg, val, 4);
- }
- break;
-
- /* Interrupts */
- case GT_INTRCAUSE:
- /* not really implemented */
- s->regs[saddr] = ~(~(s->regs[saddr]) | ~(val & 0xfffffffe));
- s->regs[saddr] |= !!(s->regs[saddr] & 0xfffffffe);
- DPRINTF("INTRCAUSE %" PRIx64 "\n", val);
- break;
- case GT_INTRMASK:
- s->regs[saddr] = val & 0x3c3ffffe;
- DPRINTF("INTRMASK %" PRIx64 "\n", val);
- break;
- case GT_PCI0_ICMASK:
- s->regs[saddr] = val & 0x03fffffe;
- DPRINTF("ICMASK %" PRIx64 "\n", val);
- break;
- case GT_PCI0_SERR0MASK:
- s->regs[saddr] = val & 0x0000003f;
- DPRINTF("SERR0MASK %" PRIx64 "\n", val);
- break;
-
- /* Reserved when only PCI_0 is configured. */
- case GT_HINTRCAUSE:
- case GT_CPU_INTSEL:
- case GT_PCI0_INTSEL:
- case GT_HINTRMASK:
- case GT_PCI0_HICMASK:
- case GT_PCI1_SERR1MASK:
- /* not implemented */
- break;
-
- /* SDRAM Parameters */
- case GT_SDRAM_B0:
- case GT_SDRAM_B1:
- case GT_SDRAM_B2:
- case GT_SDRAM_B3:
- /* We don't simulate electrical parameters of the SDRAM.
- Accept, but ignore the values. */
- s->regs[saddr] = val;
- break;
-
- default:
- DPRINTF ("Bad register offset 0x%x\n", (int)addr);
- break;
- }
-}
-
-static uint64_t gt64120_readl (void *opaque,
- hwaddr addr, unsigned size)
-{
- GT64120State *s = opaque;
- PCIHostState *phb = PCI_HOST_BRIDGE(s);
- uint32_t val;
- uint32_t saddr;
-
- saddr = (addr & 0xfff) >> 2;
- switch (saddr) {
-
- /* CPU Configuration */
- case GT_MULTI:
- /* Only one GT64xxx is present on the CPU bus, return
- the initial value */
- val = s->regs[saddr];
- break;
-
- /* CPU Error Report */
- case GT_CPUERR_ADDRLO:
- case GT_CPUERR_ADDRHI:
- case GT_CPUERR_DATALO:
- case GT_CPUERR_DATAHI:
- case GT_CPUERR_PARITY:
- /* Emulated memory has no error, always return the initial
- values */
- val = s->regs[saddr];
- break;
-
- /* CPU Sync Barrier */
- case GT_PCI0SYNC:
- case GT_PCI1SYNC:
- /* Reading those register should empty all FIFO on the PCI
- bus, which are not emulated. The return value should be
- a random value that should be ignored. */
- val = 0xc000ffee;
- break;
-
- /* ECC */
- case GT_ECC_ERRDATALO:
- case GT_ECC_ERRDATAHI:
- case GT_ECC_MEM:
- case GT_ECC_CALC:
- case GT_ECC_ERRADDR:
- /* Emulated memory has no error, always return the initial
- values */
- val = s->regs[saddr];
- break;
-
- case GT_CPU:
- case GT_SCS10LD:
- case GT_SCS10HD:
- case GT_SCS32LD:
- case GT_SCS32HD:
- case GT_CS20LD:
- case GT_CS20HD:
- case GT_CS3BOOTLD:
- case GT_CS3BOOTHD:
- case GT_SCS10AR:
- case GT_SCS32AR:
- case GT_CS20R:
- case GT_CS3BOOTR:
- case GT_PCI0IOLD:
- case GT_PCI0M0LD:
- case GT_PCI0M1LD:
- case GT_PCI1IOLD:
- case GT_PCI1M0LD:
- case GT_PCI1M1LD:
- case GT_PCI0IOHD:
- case GT_PCI0M0HD:
- case GT_PCI0M1HD:
- case GT_PCI1IOHD:
- case GT_PCI1M0HD:
- case GT_PCI1M1HD:
- case GT_PCI0IOREMAP:
- case GT_PCI0M0REMAP:
- case GT_PCI0M1REMAP:
- case GT_PCI1IOREMAP:
- case GT_PCI1M0REMAP:
- case GT_PCI1M1REMAP:
- case GT_ISD:
- val = s->regs[saddr];
- break;
- case GT_PCI0_IACK:
- /* Read the IRQ number */
- val = pic_read_irq(isa_pic);
- break;
-
- /* SDRAM and Device Address Decode */
- case GT_SCS0LD:
- case GT_SCS0HD:
- case GT_SCS1LD:
- case GT_SCS1HD:
- case GT_SCS2LD:
- case GT_SCS2HD:
- case GT_SCS3LD:
- case GT_SCS3HD:
- case GT_CS0LD:
- case GT_CS0HD:
- case GT_CS1LD:
- case GT_CS1HD:
- case GT_CS2LD:
- case GT_CS2HD:
- case GT_CS3LD:
- case GT_CS3HD:
- case GT_BOOTLD:
- case GT_BOOTHD:
- case GT_ADERR:
- val = s->regs[saddr];
- break;
-
- /* SDRAM Configuration */
- case GT_SDRAM_CFG:
- case GT_SDRAM_OPMODE:
- case GT_SDRAM_BM:
- case GT_SDRAM_ADDRDECODE:
- val = s->regs[saddr];
- break;
-
- /* SDRAM Parameters */
- case GT_SDRAM_B0:
- case GT_SDRAM_B1:
- case GT_SDRAM_B2:
- case GT_SDRAM_B3:
- /* We don't simulate electrical parameters of the SDRAM.
- Just return the last written value. */
- val = s->regs[saddr];
- break;
-
- /* Device Parameters */
- case GT_DEV_B0:
- case GT_DEV_B1:
- case GT_DEV_B2:
- case GT_DEV_B3:
- case GT_DEV_BOOT:
- val = s->regs[saddr];
- break;
-
- /* DMA Record */
- case GT_DMA0_CNT:
- case GT_DMA1_CNT:
- case GT_DMA2_CNT:
- case GT_DMA3_CNT:
- case GT_DMA0_SA:
- case GT_DMA1_SA:
- case GT_DMA2_SA:
- case GT_DMA3_SA:
- case GT_DMA0_DA:
- case GT_DMA1_DA:
- case GT_DMA2_DA:
- case GT_DMA3_DA:
- case GT_DMA0_NEXT:
- case GT_DMA1_NEXT:
- case GT_DMA2_NEXT:
- case GT_DMA3_NEXT:
- case GT_DMA0_CUR:
- case GT_DMA1_CUR:
- case GT_DMA2_CUR:
- case GT_DMA3_CUR:
- val = s->regs[saddr];
- break;
-
- /* DMA Channel Control */
- case GT_DMA0_CTRL:
- case GT_DMA1_CTRL:
- case GT_DMA2_CTRL:
- case GT_DMA3_CTRL:
- val = s->regs[saddr];
- break;
-
- /* DMA Arbiter */
- case GT_DMA_ARB:
- val = s->regs[saddr];
- break;
-
- /* Timer/Counter */
- case GT_TC0:
- case GT_TC1:
- case GT_TC2:
- case GT_TC3:
- case GT_TC_CONTROL:
- val = s->regs[saddr];
- break;
-
- /* PCI Internal */
- case GT_PCI0_CFGADDR:
- val = phb->config_reg;
- break;
- case GT_PCI0_CFGDATA:
- if (!(phb->config_reg & (1 << 31))) {
- val = 0xffffffff;
- } else {
- val = pci_data_read(phb->bus, phb->config_reg, 4);
- }
- if (!(s->regs[GT_PCI0_CMD] & 1) && (phb->config_reg & 0x00fff800)) {
- val = bswap32(val);
- }
- break;
-
- case GT_PCI0_CMD:
- case GT_PCI0_TOR:
- case GT_PCI0_BS_SCS10:
- case GT_PCI0_BS_SCS32:
- case GT_PCI0_BS_CS20:
- case GT_PCI0_BS_CS3BT:
- case GT_PCI1_IACK:
- case GT_PCI0_BARE:
- case GT_PCI0_PREFMBR:
- case GT_PCI0_SCS10_BAR:
- case GT_PCI0_SCS32_BAR:
- case GT_PCI0_CS20_BAR:
- case GT_PCI0_CS3BT_BAR:
- case GT_PCI0_SSCS10_BAR:
- case GT_PCI0_SSCS32_BAR:
- case GT_PCI0_SCS3BT_BAR:
- case GT_PCI1_CMD:
- case GT_PCI1_TOR:
- case GT_PCI1_BS_SCS10:
- case GT_PCI1_BS_SCS32:
- case GT_PCI1_BS_CS20:
- case GT_PCI1_BS_CS3BT:
- case GT_PCI1_BARE:
- case GT_PCI1_PREFMBR:
- case GT_PCI1_SCS10_BAR:
- case GT_PCI1_SCS32_BAR:
- case GT_PCI1_CS20_BAR:
- case GT_PCI1_CS3BT_BAR:
- case GT_PCI1_SSCS10_BAR:
- case GT_PCI1_SSCS32_BAR:
- case GT_PCI1_SCS3BT_BAR:
- case GT_PCI1_CFGADDR:
- case GT_PCI1_CFGDATA:
- val = s->regs[saddr];
- break;
-
- /* Interrupts */
- case GT_INTRCAUSE:
- val = s->regs[saddr];
- DPRINTF("INTRCAUSE %x\n", val);
- break;
- case GT_INTRMASK:
- val = s->regs[saddr];
- DPRINTF("INTRMASK %x\n", val);
- break;
- case GT_PCI0_ICMASK:
- val = s->regs[saddr];
- DPRINTF("ICMASK %x\n", val);
- break;
- case GT_PCI0_SERR0MASK:
- val = s->regs[saddr];
- DPRINTF("SERR0MASK %x\n", val);
- break;
-
- /* Reserved when only PCI_0 is configured. */
- case GT_HINTRCAUSE:
- case GT_CPU_INTSEL:
- case GT_PCI0_INTSEL:
- case GT_HINTRMASK:
- case GT_PCI0_HICMASK:
- case GT_PCI1_SERR1MASK:
- val = s->regs[saddr];
- break;
-
- default:
- val = s->regs[saddr];
- DPRINTF ("Bad register offset 0x%x\n", (int)addr);
- break;
- }
-
- if (!(s->regs[GT_CPU] & 0x00001000))
- val = bswap32(val);
-
- return val;
-}
-
-static const MemoryRegionOps isd_mem_ops = {
- .read = gt64120_readl,
- .write = gt64120_writel,
- .endianness = DEVICE_NATIVE_ENDIAN,
-};
-
-static int gt64120_pci_map_irq(PCIDevice *pci_dev, int irq_num)
-{
- int slot;
-
- slot = (pci_dev->devfn >> 3);
-
- switch (slot) {
- /* PIIX4 USB */
- case 10:
- return 3;
- /* AMD 79C973 Ethernet */
- case 11:
- return 1;
- /* Crystal 4281 Sound */
- case 12:
- return 2;
- /* PCI slot 1 to 4 */
- case 18 ... 21:
- return ((slot - 18) + irq_num) & 0x03;
- /* Unknown device, don't do any translation */
- default:
- return irq_num;
- }
-}
-
-static int pci_irq_levels[4];
-
-static void gt64120_pci_set_irq(void *opaque, int irq_num, int level)
-{
- int i, pic_irq, pic_level;
- qemu_irq *pic = opaque;
-
- pci_irq_levels[irq_num] = level;
-
- /* now we change the pic irq level according to the piix irq mappings */
- /* XXX: optimize */
- pic_irq = piix4_dev->config[0x60 + irq_num];
- if (pic_irq < 16) {
- /* The pic level is the logical OR of all the PCI irqs mapped
- to it */
- pic_level = 0;
- for (i = 0; i < 4; i++) {
- if (pic_irq == piix4_dev->config[0x60 + i])
- pic_level |= pci_irq_levels[i];
- }
- qemu_set_irq(pic[pic_irq], pic_level);
- }
-}
-
-
-static void gt64120_reset(void *opaque)
-{
- GT64120State *s = opaque;
-
- /* FIXME: Malta specific hw assumptions ahead */
-
- /* CPU Configuration */
-#ifdef TARGET_WORDS_BIGENDIAN
- s->regs[GT_CPU] = 0x00000000;
-#else
- s->regs[GT_CPU] = 0x00001000;
-#endif
- s->regs[GT_MULTI] = 0x00000003;
-
- /* CPU Address decode */
- s->regs[GT_SCS10LD] = 0x00000000;
- s->regs[GT_SCS10HD] = 0x00000007;
- s->regs[GT_SCS32LD] = 0x00000008;
- s->regs[GT_SCS32HD] = 0x0000000f;
- s->regs[GT_CS20LD] = 0x000000e0;
- s->regs[GT_CS20HD] = 0x00000070;
- s->regs[GT_CS3BOOTLD] = 0x000000f8;
- s->regs[GT_CS3BOOTHD] = 0x0000007f;
-
- s->regs[GT_PCI0IOLD] = 0x00000080;
- s->regs[GT_PCI0IOHD] = 0x0000000f;
- s->regs[GT_PCI0M0LD] = 0x00000090;
- s->regs[GT_PCI0M0HD] = 0x0000001f;
- s->regs[GT_ISD] = 0x000000a0;
- s->regs[GT_PCI0M1LD] = 0x00000790;
- s->regs[GT_PCI0M1HD] = 0x0000001f;
- s->regs[GT_PCI1IOLD] = 0x00000100;
- s->regs[GT_PCI1IOHD] = 0x0000000f;
- s->regs[GT_PCI1M0LD] = 0x00000110;
- s->regs[GT_PCI1M0HD] = 0x0000001f;
- s->regs[GT_PCI1M1LD] = 0x00000120;
- s->regs[GT_PCI1M1HD] = 0x0000002f;
-
- s->regs[GT_SCS10AR] = 0x00000000;
- s->regs[GT_SCS32AR] = 0x00000008;
- s->regs[GT_CS20R] = 0x000000e0;
- s->regs[GT_CS3BOOTR] = 0x000000f8;
-
- s->regs[GT_PCI0IOREMAP] = 0x00000080;
- s->regs[GT_PCI0M0REMAP] = 0x00000090;
- s->regs[GT_PCI0M1REMAP] = 0x00000790;
- s->regs[GT_PCI1IOREMAP] = 0x00000100;
- s->regs[GT_PCI1M0REMAP] = 0x00000110;
- s->regs[GT_PCI1M1REMAP] = 0x00000120;
-
- /* CPU Error Report */
- s->regs[GT_CPUERR_ADDRLO] = 0x00000000;
- s->regs[GT_CPUERR_ADDRHI] = 0x00000000;
- s->regs[GT_CPUERR_DATALO] = 0xffffffff;
- s->regs[GT_CPUERR_DATAHI] = 0xffffffff;
- s->regs[GT_CPUERR_PARITY] = 0x000000ff;
-
- /* CPU Sync Barrier */
- s->regs[GT_PCI0SYNC] = 0x00000000;
- s->regs[GT_PCI1SYNC] = 0x00000000;
-
- /* SDRAM and Device Address Decode */
- s->regs[GT_SCS0LD] = 0x00000000;
- s->regs[GT_SCS0HD] = 0x00000007;
- s->regs[GT_SCS1LD] = 0x00000008;
- s->regs[GT_SCS1HD] = 0x0000000f;
- s->regs[GT_SCS2LD] = 0x00000010;
- s->regs[GT_SCS2HD] = 0x00000017;
- s->regs[GT_SCS3LD] = 0x00000018;
- s->regs[GT_SCS3HD] = 0x0000001f;
- s->regs[GT_CS0LD] = 0x000000c0;
- s->regs[GT_CS0HD] = 0x000000c7;
- s->regs[GT_CS1LD] = 0x000000c8;
- s->regs[GT_CS1HD] = 0x000000cf;
- s->regs[GT_CS2LD] = 0x000000d0;
- s->regs[GT_CS2HD] = 0x000000df;
- s->regs[GT_CS3LD] = 0x000000f0;
- s->regs[GT_CS3HD] = 0x000000fb;
- s->regs[GT_BOOTLD] = 0x000000fc;
- s->regs[GT_BOOTHD] = 0x000000ff;
- s->regs[GT_ADERR] = 0xffffffff;
-
- /* SDRAM Configuration */
- s->regs[GT_SDRAM_CFG] = 0x00000200;
- s->regs[GT_SDRAM_OPMODE] = 0x00000000;
- s->regs[GT_SDRAM_BM] = 0x00000007;
- s->regs[GT_SDRAM_ADDRDECODE] = 0x00000002;
-
- /* SDRAM Parameters */
- s->regs[GT_SDRAM_B0] = 0x00000005;
- s->regs[GT_SDRAM_B1] = 0x00000005;
- s->regs[GT_SDRAM_B2] = 0x00000005;
- s->regs[GT_SDRAM_B3] = 0x00000005;
-
- /* ECC */
- s->regs[GT_ECC_ERRDATALO] = 0x00000000;
- s->regs[GT_ECC_ERRDATAHI] = 0x00000000;
- s->regs[GT_ECC_MEM] = 0x00000000;
- s->regs[GT_ECC_CALC] = 0x00000000;
- s->regs[GT_ECC_ERRADDR] = 0x00000000;
-
- /* Device Parameters */
- s->regs[GT_DEV_B0] = 0x386fffff;
- s->regs[GT_DEV_B1] = 0x386fffff;
- s->regs[GT_DEV_B2] = 0x386fffff;
- s->regs[GT_DEV_B3] = 0x386fffff;
- s->regs[GT_DEV_BOOT] = 0x146fffff;
-
- /* DMA registers are all zeroed at reset */
-
- /* Timer/Counter */
- s->regs[GT_TC0] = 0xffffffff;
- s->regs[GT_TC1] = 0x00ffffff;
- s->regs[GT_TC2] = 0x00ffffff;
- s->regs[GT_TC3] = 0x00ffffff;
- s->regs[GT_TC_CONTROL] = 0x00000000;
-
- /* PCI Internal */
-#ifdef TARGET_WORDS_BIGENDIAN
- s->regs[GT_PCI0_CMD] = 0x00000000;
-#else
- s->regs[GT_PCI0_CMD] = 0x00010001;
-#endif
- s->regs[GT_PCI0_TOR] = 0x0000070f;
- s->regs[GT_PCI0_BS_SCS10] = 0x00fff000;
- s->regs[GT_PCI0_BS_SCS32] = 0x00fff000;
- s->regs[GT_PCI0_BS_CS20] = 0x01fff000;
- s->regs[GT_PCI0_BS_CS3BT] = 0x00fff000;
- s->regs[GT_PCI1_IACK] = 0x00000000;
- s->regs[GT_PCI0_IACK] = 0x00000000;
- s->regs[GT_PCI0_BARE] = 0x0000000f;
- s->regs[GT_PCI0_PREFMBR] = 0x00000040;
- s->regs[GT_PCI0_SCS10_BAR] = 0x00000000;
- s->regs[GT_PCI0_SCS32_BAR] = 0x01000000;
- s->regs[GT_PCI0_CS20_BAR] = 0x1c000000;
- s->regs[GT_PCI0_CS3BT_BAR] = 0x1f000000;
- s->regs[GT_PCI0_SSCS10_BAR] = 0x00000000;
- s->regs[GT_PCI0_SSCS32_BAR] = 0x01000000;
- s->regs[GT_PCI0_SCS3BT_BAR] = 0x1f000000;
-#ifdef TARGET_WORDS_BIGENDIAN
- s->regs[GT_PCI1_CMD] = 0x00000000;
-#else
- s->regs[GT_PCI1_CMD] = 0x00010001;
-#endif
- s->regs[GT_PCI1_TOR] = 0x0000070f;
- s->regs[GT_PCI1_BS_SCS10] = 0x00fff000;
- s->regs[GT_PCI1_BS_SCS32] = 0x00fff000;
- s->regs[GT_PCI1_BS_CS20] = 0x01fff000;
- s->regs[GT_PCI1_BS_CS3BT] = 0x00fff000;
- s->regs[GT_PCI1_BARE] = 0x0000000f;
- s->regs[GT_PCI1_PREFMBR] = 0x00000040;
- s->regs[GT_PCI1_SCS10_BAR] = 0x00000000;
- s->regs[GT_PCI1_SCS32_BAR] = 0x01000000;
- s->regs[GT_PCI1_CS20_BAR] = 0x1c000000;
- s->regs[GT_PCI1_CS3BT_BAR] = 0x1f000000;
- s->regs[GT_PCI1_SSCS10_BAR] = 0x00000000;
- s->regs[GT_PCI1_SSCS32_BAR] = 0x01000000;
- s->regs[GT_PCI1_SCS3BT_BAR] = 0x1f000000;
- s->regs[GT_PCI1_CFGADDR] = 0x00000000;
- s->regs[GT_PCI1_CFGDATA] = 0x00000000;
- s->regs[GT_PCI0_CFGADDR] = 0x00000000;
-
- /* Interrupt registers are all zeroed at reset */
-
- gt64120_isd_mapping(s);
- gt64120_pci_mapping(s);
-}
-
-PCIBus *gt64120_register(qemu_irq *pic)
-{
- GT64120State *d;
- PCIHostState *phb;
- DeviceState *dev;
-
- dev = qdev_create(NULL, TYPE_GT64120_PCI_HOST_BRIDGE);
- qdev_init_nofail(dev);
- d = GT64120_PCI_HOST_BRIDGE(dev);
- phb = PCI_HOST_BRIDGE(dev);
- phb->bus = pci_register_bus(dev, "pci",
- gt64120_pci_set_irq, gt64120_pci_map_irq,
- pic,
- get_system_memory(),
- get_system_io(),
- PCI_DEVFN(18, 0), 4);
- memory_region_init_io(&d->ISD_mem, &isd_mem_ops, d, "isd-mem", 0x1000);
-
- pci_create_simple(phb->bus, PCI_DEVFN(0, 0), "gt64120_pci");
- return phb->bus;
-}
-
-static int gt64120_init(SysBusDevice *dev)
-{
- GT64120State *s;
-
- s = GT64120_PCI_HOST_BRIDGE(dev);
-
- /* FIXME: This value is computed from registers during reset, but some
- devices (e.g. VGA card) need to know it when they are registered.
- This also mean that changing the register to change the mapping
- does not fully work. */
- isa_mem_base = 0x10000000;
- qemu_register_reset(gt64120_reset, s);
- return 0;
-}
-
-static int gt64120_pci_init(PCIDevice *d)
-{
- /* FIXME: Malta specific hw assumptions ahead */
- pci_set_word(d->config + PCI_COMMAND, 0);
- pci_set_word(d->config + PCI_STATUS,
- PCI_STATUS_FAST_BACK | PCI_STATUS_DEVSEL_MEDIUM);
- pci_config_set_prog_interface(d->config, 0);
- pci_set_long(d->config + PCI_BASE_ADDRESS_0, 0x00000008);
- pci_set_long(d->config + PCI_BASE_ADDRESS_1, 0x01000008);
- pci_set_long(d->config + PCI_BASE_ADDRESS_2, 0x1c000000);
- pci_set_long(d->config + PCI_BASE_ADDRESS_3, 0x1f000000);
- pci_set_long(d->config + PCI_BASE_ADDRESS_4, 0x14000000);
- pci_set_long(d->config + PCI_BASE_ADDRESS_5, 0x14000001);
- pci_set_byte(d->config + 0x3d, 0x01);
-
- return 0;
-}
-
-static void gt64120_pci_class_init(ObjectClass *klass, void *data)
-{
- PCIDeviceClass *k = PCI_DEVICE_CLASS(klass);
-
- k->init = gt64120_pci_init;
- k->vendor_id = PCI_VENDOR_ID_MARVELL;
- k->device_id = PCI_DEVICE_ID_MARVELL_GT6412X;
- k->revision = 0x10;
- k->class_id = PCI_CLASS_BRIDGE_HOST;
-}
-
-static const TypeInfo gt64120_pci_info = {
- .name = "gt64120_pci",
- .parent = TYPE_PCI_DEVICE,
- .instance_size = sizeof(PCIDevice),
- .class_init = gt64120_pci_class_init,
-};
-
-static void gt64120_class_init(ObjectClass *klass, void *data)
-{
- SysBusDeviceClass *sdc = SYS_BUS_DEVICE_CLASS(klass);
-
- sdc->init = gt64120_init;
-}
-
-static const TypeInfo gt64120_info = {
- .name = TYPE_GT64120_PCI_HOST_BRIDGE,
- .parent = TYPE_PCI_HOST_BRIDGE,
- .instance_size = sizeof(GT64120State),
- .class_init = gt64120_class_init,
-};
-
-static void gt64120_pci_register_types(void)
-{
- type_register_static(&gt64120_info);
- type_register_static(&gt64120_pci_info);
-}
-
-type_init(gt64120_pci_register_types)
diff --git a/hw/gumstix.c b/hw/gumstix.c
deleted file mode 100644
index 4103a88b8..000000000
--- a/hw/gumstix.c
+++ /dev/null
@@ -1,139 +0,0 @@
-/*
- * Gumstix Platforms
- *
- * Copyright (c) 2007 by Thorsten Zitterell <info@bitmux.org>
- *
- * Code based on spitz platform by Andrzej Zaborowski <balrog@zabor.org>
- *
- * This code is licensed under the GNU GPL v2.
- *
- * Contributions after 2012-01-13 are licensed under the terms of the
- * GNU GPL, version 2 or (at your option) any later version.
- */
-
-/*
- * Example usage:
- *
- * connex:
- * =======
- * create image:
- * # dd of=flash bs=1k count=16k if=/dev/zero
- * # dd of=flash bs=1k conv=notrunc if=u-boot.bin
- * # dd of=flash bs=1k conv=notrunc seek=256 if=rootfs.arm_nofpu.jffs2
- * start it:
- * # qemu-system-arm -M connex -pflash flash -monitor null -nographic
- *
- * verdex:
- * =======
- * create image:
- * # dd of=flash bs=1k count=32k if=/dev/zero
- * # dd of=flash bs=1k conv=notrunc if=u-boot.bin
- * # dd of=flash bs=1k conv=notrunc seek=256 if=rootfs.arm_nofpu.jffs2
- * # dd of=flash bs=1k conv=notrunc seek=31744 if=uImage
- * start it:
- * # qemu-system-arm -M verdex -pflash flash -monitor null -nographic -m 289
- */
-
-#include "hw.h"
-#include "pxa.h"
-#include "net.h"
-#include "flash.h"
-#include "devices.h"
-#include "boards.h"
-#include "blockdev.h"
-#include "exec-memory.h"
-
-static const int sector_len = 128 * 1024;
-
-static void connex_init(QEMUMachineInitArgs *args)
-{
- PXA2xxState *cpu;
- DriveInfo *dinfo;
- int be;
- MemoryRegion *address_space_mem = get_system_memory();
-
- uint32_t connex_rom = 0x01000000;
- uint32_t connex_ram = 0x04000000;
-
- cpu = pxa255_init(address_space_mem, connex_ram);
-
- dinfo = drive_get(IF_PFLASH, 0, 0);
- if (!dinfo) {
- fprintf(stderr, "A flash image must be given with the "
- "'pflash' parameter\n");
- exit(1);
- }
-
-#ifdef TARGET_WORDS_BIGENDIAN
- be = 1;
-#else
- be = 0;
-#endif
- if (!pflash_cfi01_register(0x00000000, NULL, "connext.rom", connex_rom,
- dinfo->bdrv, sector_len, connex_rom / sector_len,
- 2, 0, 0, 0, 0, be)) {
- fprintf(stderr, "qemu: Error registering flash memory.\n");
- exit(1);
- }
-
- /* Interrupt line of NIC is connected to GPIO line 36 */
- smc91c111_init(&nd_table[0], 0x04000300,
- qdev_get_gpio_in(cpu->gpio, 36));
-}
-
-static void verdex_init(QEMUMachineInitArgs *args)
-{
- const char *cpu_model = args->cpu_model;
- PXA2xxState *cpu;
- DriveInfo *dinfo;
- int be;
- MemoryRegion *address_space_mem = get_system_memory();
-
- uint32_t verdex_rom = 0x02000000;
- uint32_t verdex_ram = 0x10000000;
-
- cpu = pxa270_init(address_space_mem, verdex_ram, cpu_model ?: "pxa270-c0");
-
- dinfo = drive_get(IF_PFLASH, 0, 0);
- if (!dinfo) {
- fprintf(stderr, "A flash image must be given with the "
- "'pflash' parameter\n");
- exit(1);
- }
-
-#ifdef TARGET_WORDS_BIGENDIAN
- be = 1;
-#else
- be = 0;
-#endif
- if (!pflash_cfi01_register(0x00000000, NULL, "verdex.rom", verdex_rom,
- dinfo->bdrv, sector_len, verdex_rom / sector_len,
- 2, 0, 0, 0, 0, be)) {
- fprintf(stderr, "qemu: Error registering flash memory.\n");
- exit(1);
- }
-
- /* Interrupt line of NIC is connected to GPIO line 99 */
- smc91c111_init(&nd_table[0], 0x04000300,
- qdev_get_gpio_in(cpu->gpio, 99));
-}
-
-static QEMUMachine connex_machine = {
- .name = "connex",
- .desc = "Gumstix Connex (PXA255)",
- .init = connex_init,
-};
-
-static QEMUMachine verdex_machine = {
- .name = "verdex",
- .desc = "Gumstix Verdex (PXA270)",
- .init = verdex_init,
-};
-
-static void gumstix_machine_init(void)
-{
- qemu_register_machine(&connex_machine);
- qemu_register_machine(&verdex_machine);
-}
-
-machine_init(gumstix_machine_init);
diff --git a/hw/gus.c b/hw/gus.c
deleted file mode 100644
index 840d098d6..000000000
--- a/hw/gus.c
+++ /dev/null
@@ -1,332 +0,0 @@
-/*
- * QEMU Proxy for Gravis Ultrasound GF1 emulation by Tibor "TS" Schütz
- *
- * Copyright (c) 2002-2005 Vassili Karpov (malc)
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
- * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
- * THE SOFTWARE.
- */
-#include "hw.h"
-#include "audiodev.h"
-#include "audio/audio.h"
-#include "isa.h"
-#include "gusemu.h"
-#include "gustate.h"
-
-#define dolog(...) AUD_log ("audio", __VA_ARGS__)
-#ifdef DEBUG
-#define ldebug(...) dolog (__VA_ARGS__)
-#else
-#define ldebug(...)
-#endif
-
-#ifdef HOST_WORDS_BIGENDIAN
-#define GUS_ENDIANNESS 1
-#else
-#define GUS_ENDIANNESS 0
-#endif
-
-#define IO_READ_PROTO(name) \
- static uint32_t name (void *opaque, uint32_t nport)
-#define IO_WRITE_PROTO(name) \
- static void name (void *opaque, uint32_t nport, uint32_t val)
-
-typedef struct GUSState {
- ISADevice dev;
- GUSEmuState emu;
- QEMUSoundCard card;
- uint32_t freq;
- uint32_t port;
- int pos, left, shift, irqs;
- GUSsample *mixbuf;
- uint8_t himem[1024 * 1024 + 32 + 4096];
- int samples;
- SWVoiceOut *voice;
- int64_t last_ticks;
- qemu_irq pic;
-} GUSState;
-
-IO_READ_PROTO (gus_readb)
-{
- GUSState *s = opaque;
-
- return gus_read (&s->emu, nport, 1);
-}
-
-IO_READ_PROTO (gus_readw)
-{
- GUSState *s = opaque;
-
- return gus_read (&s->emu, nport, 2);
-}
-
-IO_WRITE_PROTO (gus_writeb)
-{
- GUSState *s = opaque;
-
- gus_write (&s->emu, nport, 1, val);
-}
-
-IO_WRITE_PROTO (gus_writew)
-{
- GUSState *s = opaque;
-
- gus_write (&s->emu, nport, 2, val);
-}
-
-static int write_audio (GUSState *s, int samples)
-{
- int net = 0;
- int pos = s->pos;
-
- while (samples) {
- int nbytes, wbytes, wsampl;
-
- nbytes = samples << s->shift;
- wbytes = AUD_write (
- s->voice,
- s->mixbuf + (pos << (s->shift - 1)),
- nbytes
- );
-
- if (wbytes) {
- wsampl = wbytes >> s->shift;
-
- samples -= wsampl;
- pos = (pos + wsampl) % s->samples;
-
- net += wsampl;
- }
- else {
- break;
- }
- }
-
- return net;
-}
-
-static void GUS_callback (void *opaque, int free)
-{
- int samples, to_play, net = 0;
- GUSState *s = opaque;
-
- samples = free >> s->shift;
- to_play = audio_MIN (samples, s->left);
-
- while (to_play) {
- int written = write_audio (s, to_play);
-
- if (!written) {
- goto reset;
- }
-
- s->left -= written;
- to_play -= written;
- samples -= written;
- net += written;
- }
-
- samples = audio_MIN (samples, s->samples);
- if (samples) {
- gus_mixvoices (&s->emu, s->freq, samples, s->mixbuf);
-
- while (samples) {
- int written = write_audio (s, samples);
- if (!written) {
- break;
- }
- samples -= written;
- net += written;
- }
- }
- s->left = samples;
-
- reset:
- gus_irqgen (&s->emu, muldiv64 (net, 1000000, s->freq));
-}
-
-int GUS_irqrequest (GUSEmuState *emu, int hwirq, int n)
-{
- GUSState *s = emu->opaque;
- /* qemu_irq_lower (s->pic); */
- qemu_irq_raise (s->pic);
- s->irqs += n;
- ldebug ("irqrequest %d %d %d\n", hwirq, n, s->irqs);
- return n;
-}
-
-void GUS_irqclear (GUSEmuState *emu, int hwirq)
-{
- GUSState *s = emu->opaque;
- ldebug ("irqclear %d %d\n", hwirq, s->irqs);
- qemu_irq_lower (s->pic);
- s->irqs -= 1;
-#ifdef IRQ_STORM
- if (s->irqs > 0) {
- qemu_irq_raise (s->pic[hwirq]);
- }
-#endif
-}
-
-void GUS_dmarequest (GUSEmuState *der)
-{
- /* GUSState *s = (GUSState *) der; */
- ldebug ("dma request %d\n", der->gusdma);
- DMA_hold_DREQ (der->gusdma);
-}
-
-static int GUS_read_DMA (void *opaque, int nchan, int dma_pos, int dma_len)
-{
- GUSState *s = opaque;
- char tmpbuf[4096];
- int pos = dma_pos, mode, left = dma_len - dma_pos;
-
- ldebug ("read DMA %#x %d\n", dma_pos, dma_len);
- mode = DMA_get_channel_mode (s->emu.gusdma);
- while (left) {
- int to_copy = audio_MIN ((size_t) left, sizeof (tmpbuf));
- int copied;
-
- ldebug ("left=%d to_copy=%d pos=%d\n", left, to_copy, pos);
- copied = DMA_read_memory (nchan, tmpbuf, pos, to_copy);
- gus_dma_transferdata (&s->emu, tmpbuf, copied, left == copied);
- left -= copied;
- pos += copied;
- }
-
- if (0 == ((mode >> 4) & 1)) {
- DMA_release_DREQ (s->emu.gusdma);
- }
- return dma_len;
-}
-
-static const VMStateDescription vmstate_gus = {
- .name = "gus",
- .version_id = 2,
- .minimum_version_id = 2,
- .minimum_version_id_old = 2,
- .fields = (VMStateField []) {
- VMSTATE_INT32 (pos, GUSState),
- VMSTATE_INT32 (left, GUSState),
- VMSTATE_INT32 (shift, GUSState),
- VMSTATE_INT32 (irqs, GUSState),
- VMSTATE_INT32 (samples, GUSState),
- VMSTATE_INT64 (last_ticks, GUSState),
- VMSTATE_BUFFER (himem, GUSState),
- VMSTATE_END_OF_LIST ()
- }
-};
-
-static const MemoryRegionPortio gus_portio_list1[] = {
- {0x000, 1, 1, .write = gus_writeb },
- {0x000, 1, 2, .write = gus_writew },
- {0x006, 10, 1, .read = gus_readb, .write = gus_writeb },
- {0x006, 10, 2, .read = gus_readw, .write = gus_writew },
- {0x100, 8, 1, .read = gus_readb, .write = gus_writeb },
- {0x100, 8, 2, .read = gus_readw, .write = gus_writew },
- PORTIO_END_OF_LIST (),
-};
-
-static const MemoryRegionPortio gus_portio_list2[] = {
- {0, 1, 1, .read = gus_readb },
- {0, 1, 2, .read = gus_readw },
- PORTIO_END_OF_LIST (),
-};
-
-static int gus_initfn (ISADevice *dev)
-{
- GUSState *s = DO_UPCAST (GUSState, dev, dev);
- struct audsettings as;
-
- AUD_register_card ("gus", &s->card);
-
- as.freq = s->freq;
- as.nchannels = 2;
- as.fmt = AUD_FMT_S16;
- as.endianness = GUS_ENDIANNESS;
-
- s->voice = AUD_open_out (
- &s->card,
- NULL,
- "gus",
- s,
- GUS_callback,
- &as
- );
-
- if (!s->voice) {
- AUD_remove_card (&s->card);
- return -1;
- }
-
- s->shift = 2;
- s->samples = AUD_get_buffer_size_out (s->voice) >> s->shift;
- s->mixbuf = g_malloc0 (s->samples << s->shift);
-
- isa_register_portio_list (dev, s->port, gus_portio_list1, s, "gus");
- isa_register_portio_list (dev, (s->port + 0x100) & 0xf00,
- gus_portio_list2, s, "gus");
-
- DMA_register_channel (s->emu.gusdma, GUS_read_DMA, s);
- s->emu.himemaddr = s->himem;
- s->emu.gusdatapos = s->emu.himemaddr + 1024 * 1024 + 32;
- s->emu.opaque = s;
- isa_init_irq (dev, &s->pic, s->emu.gusirq);
-
- AUD_set_active_out (s->voice, 1);
-
- return 0;
-}
-
-int GUS_init (ISABus *bus)
-{
- isa_create_simple (bus, "gus");
- return 0;
-}
-
-static Property gus_properties[] = {
- DEFINE_PROP_UINT32 ("freq", GUSState, freq, 44100),
- DEFINE_PROP_HEX32 ("iobase", GUSState, port, 0x240),
- DEFINE_PROP_UINT32 ("irq", GUSState, emu.gusirq, 7),
- DEFINE_PROP_UINT32 ("dma", GUSState, emu.gusdma, 3),
- DEFINE_PROP_END_OF_LIST (),
-};
-
-static void gus_class_initfn (ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS (klass);
- ISADeviceClass *ic = ISA_DEVICE_CLASS (klass);
- ic->init = gus_initfn;
- dc->desc = "Gravis Ultrasound GF1";
- dc->vmsd = &vmstate_gus;
- dc->props = gus_properties;
-}
-
-static TypeInfo gus_info = {
- .name = "gus",
- .parent = TYPE_ISA_DEVICE,
- .instance_size = sizeof (GUSState),
- .class_init = gus_class_initfn,
-};
-
-static void gus_register_types (void)
-{
- type_register_static (&gus_info);
-}
-
-type_init (gus_register_types)
diff --git a/hw/hd-geometry.c b/hw/hd-geometry.c
deleted file mode 100644
index 1cdb9fb75..000000000
--- a/hw/hd-geometry.c
+++ /dev/null
@@ -1,157 +0,0 @@
-/*
- * Hard disk geometry utilities
- *
- * Copyright (C) 2012 Red Hat, Inc.
- *
- * This work is licensed under the terms of the GNU GPL, version 2 or later.
- * See the COPYING file in the top-level directory.
- *
- * This file incorporates work covered by the following copyright and
- * permission notice:
- *
- * Copyright (c) 2003 Fabrice Bellard
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
- * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
- * THE SOFTWARE.
- */
-
-#include "block.h"
-#include "hw/block-common.h"
-#include "trace.h"
-
-struct partition {
- uint8_t boot_ind; /* 0x80 - active */
- uint8_t head; /* starting head */
- uint8_t sector; /* starting sector */
- uint8_t cyl; /* starting cylinder */
- uint8_t sys_ind; /* What partition type */
- uint8_t end_head; /* end head */
- uint8_t end_sector; /* end sector */
- uint8_t end_cyl; /* end cylinder */
- uint32_t start_sect; /* starting sector counting from 0 */
- uint32_t nr_sects; /* nr of sectors in partition */
-} QEMU_PACKED;
-
-/* try to guess the disk logical geometry from the MSDOS partition table.
- Return 0 if OK, -1 if could not guess */
-static int guess_disk_lchs(BlockDriverState *bs,
- int *pcylinders, int *pheads, int *psectors)
-{
- uint8_t buf[BDRV_SECTOR_SIZE];
- int i, heads, sectors, cylinders;
- struct partition *p;
- uint32_t nr_sects;
- uint64_t nb_sectors;
-
- bdrv_get_geometry(bs, &nb_sectors);
-
- /**
- * The function will be invoked during startup not only in sync I/O mode,
- * but also in async I/O mode. So the I/O throttling function has to
- * be disabled temporarily here, not permanently.
- */
- if (bdrv_read_unthrottled(bs, 0, buf, 1) < 0) {
- return -1;
- }
- /* test msdos magic */
- if (buf[510] != 0x55 || buf[511] != 0xaa) {
- return -1;
- }
- for (i = 0; i < 4; i++) {
- p = ((struct partition *)(buf + 0x1be)) + i;
- nr_sects = le32_to_cpu(p->nr_sects);
- if (nr_sects && p->end_head) {
- /* We make the assumption that the partition terminates on
- a cylinder boundary */
- heads = p->end_head + 1;
- sectors = p->end_sector & 63;
- if (sectors == 0) {
- continue;
- }
- cylinders = nb_sectors / (heads * sectors);
- if (cylinders < 1 || cylinders > 16383) {
- continue;
- }
- *pheads = heads;
- *psectors = sectors;
- *pcylinders = cylinders;
- trace_hd_geometry_lchs_guess(bs, cylinders, heads, sectors);
- return 0;
- }
- }
- return -1;
-}
-
-static void guess_chs_for_size(BlockDriverState *bs,
- uint32_t *pcyls, uint32_t *pheads, uint32_t *psecs)
-{
- uint64_t nb_sectors;
- int cylinders;
-
- bdrv_get_geometry(bs, &nb_sectors);
-
- cylinders = nb_sectors / (16 * 63);
- if (cylinders > 16383) {
- cylinders = 16383;
- } else if (cylinders < 2) {
- cylinders = 2;
- }
- *pcyls = cylinders;
- *pheads = 16;
- *psecs = 63;
-}
-
-void hd_geometry_guess(BlockDriverState *bs,
- uint32_t *pcyls, uint32_t *pheads, uint32_t *psecs,
- int *ptrans)
-{
- int cylinders, heads, secs, translation;
-
- if (guess_disk_lchs(bs, &cylinders, &heads, &secs) < 0) {
- /* no LCHS guess: use a standard physical disk geometry */
- guess_chs_for_size(bs, pcyls, pheads, psecs);
- translation = hd_bios_chs_auto_trans(*pcyls, *pheads, *psecs);
- } else if (heads > 16) {
- /* LCHS guess with heads > 16 means that a BIOS LBA
- translation was active, so a standard physical disk
- geometry is OK */
- guess_chs_for_size(bs, pcyls, pheads, psecs);
- translation = *pcyls * *pheads <= 131072
- ? BIOS_ATA_TRANSLATION_LARGE
- : BIOS_ATA_TRANSLATION_LBA;
- } else {
- /* LCHS guess with heads <= 16: use as physical geometry */
- *pcyls = cylinders;
- *pheads = heads;
- *psecs = secs;
- /* disable any translation to be in sync with
- the logical geometry */
- translation = BIOS_ATA_TRANSLATION_NONE;
- }
- if (ptrans) {
- *ptrans = translation;
- }
- trace_hd_geometry_guess(bs, *pcyls, *pheads, *psecs, translation);
-}
-
-int hd_bios_chs_auto_trans(uint32_t cyls, uint32_t heads, uint32_t secs)
-{
- return cyls <= 1024 && heads <= 16 && secs <= 63
- ? BIOS_ATA_TRANSLATION_NONE
- : BIOS_ATA_TRANSLATION_LBA;
-}
diff --git a/hw/hda-audio.c b/hw/hda-audio.c
deleted file mode 100644
index 36761dd2d..000000000
--- a/hw/hda-audio.c
+++ /dev/null
@@ -1,1098 +0,0 @@
-/*
- * Copyright (C) 2010 Red Hat, Inc.
- *
- * written by Gerd Hoffmann <kraxel@redhat.com>
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License as
- * published by the Free Software Foundation; either version 2 or
- * (at your option) version 3 of the License.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, see <http://www.gnu.org/licenses/>.
- */
-
-#include "hw.h"
-#include "pci.h"
-#include "intel-hda.h"
-#include "intel-hda-defs.h"
-#include "audio/audio.h"
-
-/* -------------------------------------------------------------------------- */
-
-typedef struct desc_param {
- uint32_t id;
- uint32_t val;
-} desc_param;
-
-typedef struct desc_node {
- uint32_t nid;
- const char *name;
- const desc_param *params;
- uint32_t nparams;
- uint32_t config;
- uint32_t pinctl;
- uint32_t *conn;
- uint32_t stindex;
-} desc_node;
-
-typedef struct desc_codec {
- const char *name;
- uint32_t iid;
- const desc_node *nodes;
- uint32_t nnodes;
-} desc_codec;
-
-static const desc_param* hda_codec_find_param(const desc_node *node, uint32_t id)
-{
- int i;
-
- for (i = 0; i < node->nparams; i++) {
- if (node->params[i].id == id) {
- return &node->params[i];
- }
- }
- return NULL;
-}
-
-static const desc_node* hda_codec_find_node(const desc_codec *codec, uint32_t nid)
-{
- int i;
-
- for (i = 0; i < codec->nnodes; i++) {
- if (codec->nodes[i].nid == nid) {
- return &codec->nodes[i];
- }
- }
- return NULL;
-}
-
-static void hda_codec_parse_fmt(uint32_t format, struct audsettings *as)
-{
- if (format & AC_FMT_TYPE_NON_PCM) {
- return;
- }
-
- as->freq = (format & AC_FMT_BASE_44K) ? 44100 : 48000;
-
- switch ((format & AC_FMT_MULT_MASK) >> AC_FMT_MULT_SHIFT) {
- case 1: as->freq *= 2; break;
- case 2: as->freq *= 3; break;
- case 3: as->freq *= 4; break;
- }
-
- switch ((format & AC_FMT_DIV_MASK) >> AC_FMT_DIV_SHIFT) {
- case 1: as->freq /= 2; break;
- case 2: as->freq /= 3; break;
- case 3: as->freq /= 4; break;
- case 4: as->freq /= 5; break;
- case 5: as->freq /= 6; break;
- case 6: as->freq /= 7; break;
- case 7: as->freq /= 8; break;
- }
-
- switch (format & AC_FMT_BITS_MASK) {
- case AC_FMT_BITS_8: as->fmt = AUD_FMT_S8; break;
- case AC_FMT_BITS_16: as->fmt = AUD_FMT_S16; break;
- case AC_FMT_BITS_32: as->fmt = AUD_FMT_S32; break;
- }
-
- as->nchannels = ((format & AC_FMT_CHAN_MASK) >> AC_FMT_CHAN_SHIFT) + 1;
-}
-
-/* -------------------------------------------------------------------------- */
-/*
- * HDA codec descriptions
- */
-
-/* some defines */
-
-#define QEMU_HDA_ID_VENDOR 0x1af4
-#define QEMU_HDA_PCM_FORMATS (AC_SUPPCM_BITS_16 | \
- 0x1fc /* 16 -> 96 kHz */)
-#define QEMU_HDA_AMP_NONE (0)
-#define QEMU_HDA_AMP_STEPS 0x4a
-
-#ifdef CONFIG_MIXEMU
-# define QEMU_HDA_ID_OUTPUT ((QEMU_HDA_ID_VENDOR << 16) | 0x12)
-# define QEMU_HDA_ID_DUPLEX ((QEMU_HDA_ID_VENDOR << 16) | 0x22)
-# define QEMU_HDA_ID_MICRO ((QEMU_HDA_ID_VENDOR << 16) | 0x32)
-# define QEMU_HDA_AMP_CAPS \
- (AC_AMPCAP_MUTE | \
- (QEMU_HDA_AMP_STEPS << AC_AMPCAP_OFFSET_SHIFT) | \
- (QEMU_HDA_AMP_STEPS << AC_AMPCAP_NUM_STEPS_SHIFT) | \
- (3 << AC_AMPCAP_STEP_SIZE_SHIFT))
-#else
-# define QEMU_HDA_ID_OUTPUT ((QEMU_HDA_ID_VENDOR << 16) | 0x11)
-# define QEMU_HDA_ID_DUPLEX ((QEMU_HDA_ID_VENDOR << 16) | 0x21)
-# define QEMU_HDA_ID_MICRO ((QEMU_HDA_ID_VENDOR << 16) | 0x31)
-# define QEMU_HDA_AMP_CAPS QEMU_HDA_AMP_NONE
-#endif
-
-/* common: audio output widget */
-static const desc_param common_params_audio_dac[] = {
- {
- .id = AC_PAR_AUDIO_WIDGET_CAP,
- .val = ((AC_WID_AUD_OUT << AC_WCAP_TYPE_SHIFT) |
- AC_WCAP_FORMAT_OVRD |
- AC_WCAP_AMP_OVRD |
- AC_WCAP_OUT_AMP |
- AC_WCAP_STEREO),
- },{
- .id = AC_PAR_PCM,
- .val = QEMU_HDA_PCM_FORMATS,
- },{
- .id = AC_PAR_STREAM,
- .val = AC_SUPFMT_PCM,
- },{
- .id = AC_PAR_AMP_IN_CAP,
- .val = QEMU_HDA_AMP_NONE,
- },{
- .id = AC_PAR_AMP_OUT_CAP,
- .val = QEMU_HDA_AMP_CAPS,
- },
-};
-
-/* common: audio input widget */
-static const desc_param common_params_audio_adc[] = {
- {
- .id = AC_PAR_AUDIO_WIDGET_CAP,
- .val = ((AC_WID_AUD_IN << AC_WCAP_TYPE_SHIFT) |
- AC_WCAP_CONN_LIST |
- AC_WCAP_FORMAT_OVRD |
- AC_WCAP_AMP_OVRD |
- AC_WCAP_IN_AMP |
- AC_WCAP_STEREO),
- },{
- .id = AC_PAR_CONNLIST_LEN,
- .val = 1,
- },{
- .id = AC_PAR_PCM,
- .val = QEMU_HDA_PCM_FORMATS,
- },{
- .id = AC_PAR_STREAM,
- .val = AC_SUPFMT_PCM,
- },{
- .id = AC_PAR_AMP_IN_CAP,
- .val = QEMU_HDA_AMP_CAPS,
- },{
- .id = AC_PAR_AMP_OUT_CAP,
- .val = QEMU_HDA_AMP_NONE,
- },
-};
-
-/* common: pin widget (line-out) */
-static const desc_param common_params_audio_lineout[] = {
- {
- .id = AC_PAR_AUDIO_WIDGET_CAP,
- .val = ((AC_WID_PIN << AC_WCAP_TYPE_SHIFT) |
- AC_WCAP_CONN_LIST |
- AC_WCAP_STEREO),
- },{
- .id = AC_PAR_PIN_CAP,
- .val = AC_PINCAP_OUT,
- },{
- .id = AC_PAR_CONNLIST_LEN,
- .val = 1,
- },{
- .id = AC_PAR_AMP_IN_CAP,
- .val = QEMU_HDA_AMP_NONE,
- },{
- .id = AC_PAR_AMP_OUT_CAP,
- .val = QEMU_HDA_AMP_NONE,
- },
-};
-
-/* common: pin widget (line-in) */
-static const desc_param common_params_audio_linein[] = {
- {
- .id = AC_PAR_AUDIO_WIDGET_CAP,
- .val = ((AC_WID_PIN << AC_WCAP_TYPE_SHIFT) |
- AC_WCAP_STEREO),
- },{
- .id = AC_PAR_PIN_CAP,
- .val = AC_PINCAP_IN,
- },{
- .id = AC_PAR_AMP_IN_CAP,
- .val = QEMU_HDA_AMP_NONE,
- },{
- .id = AC_PAR_AMP_OUT_CAP,
- .val = QEMU_HDA_AMP_NONE,
- },
-};
-
-/* output: root node */
-static const desc_param output_params_root[] = {
- {
- .id = AC_PAR_VENDOR_ID,
- .val = QEMU_HDA_ID_OUTPUT,
- },{
- .id = AC_PAR_SUBSYSTEM_ID,
- .val = QEMU_HDA_ID_OUTPUT,
- },{
- .id = AC_PAR_REV_ID,
- .val = 0x00100101,
- },{
- .id = AC_PAR_NODE_COUNT,
- .val = 0x00010001,
- },
-};
-
-/* output: audio function */
-static const desc_param output_params_audio_func[] = {
- {
- .id = AC_PAR_FUNCTION_TYPE,
- .val = AC_GRP_AUDIO_FUNCTION,
- },{
- .id = AC_PAR_SUBSYSTEM_ID,
- .val = QEMU_HDA_ID_OUTPUT,
- },{
- .id = AC_PAR_NODE_COUNT,
- .val = 0x00020002,
- },{
- .id = AC_PAR_PCM,
- .val = QEMU_HDA_PCM_FORMATS,
- },{
- .id = AC_PAR_STREAM,
- .val = AC_SUPFMT_PCM,
- },{
- .id = AC_PAR_AMP_IN_CAP,
- .val = QEMU_HDA_AMP_NONE,
- },{
- .id = AC_PAR_AMP_OUT_CAP,
- .val = QEMU_HDA_AMP_NONE,
- },{
- .id = AC_PAR_GPIO_CAP,
- .val = 0,
- },{
- .id = AC_PAR_AUDIO_FG_CAP,
- .val = 0x00000808,
- },{
- .id = AC_PAR_POWER_STATE,
- .val = 0,
- },
-};
-
-/* output: nodes */
-static const desc_node output_nodes[] = {
- {
- .nid = AC_NODE_ROOT,
- .name = "root",
- .params = output_params_root,
- .nparams = ARRAY_SIZE(output_params_root),
- },{
- .nid = 1,
- .name = "func",
- .params = output_params_audio_func,
- .nparams = ARRAY_SIZE(output_params_audio_func),
- },{
- .nid = 2,
- .name = "dac",
- .params = common_params_audio_dac,
- .nparams = ARRAY_SIZE(common_params_audio_dac),
- .stindex = 0,
- },{
- .nid = 3,
- .name = "out",
- .params = common_params_audio_lineout,
- .nparams = ARRAY_SIZE(common_params_audio_lineout),
- .config = ((AC_JACK_PORT_COMPLEX << AC_DEFCFG_PORT_CONN_SHIFT) |
- (AC_JACK_LINE_OUT << AC_DEFCFG_DEVICE_SHIFT) |
- (AC_JACK_CONN_UNKNOWN << AC_DEFCFG_CONN_TYPE_SHIFT) |
- (AC_JACK_COLOR_GREEN << AC_DEFCFG_COLOR_SHIFT) |
- 0x10),
- .pinctl = AC_PINCTL_OUT_EN,
- .conn = (uint32_t[]) { 2 },
- }
-};
-
-/* output: codec */
-static const desc_codec output = {
- .name = "output",
- .iid = QEMU_HDA_ID_OUTPUT,
- .nodes = output_nodes,
- .nnodes = ARRAY_SIZE(output_nodes),
-};
-
-/* duplex: root node */
-static const desc_param duplex_params_root[] = {
- {
- .id = AC_PAR_VENDOR_ID,
- .val = QEMU_HDA_ID_DUPLEX,
- },{
- .id = AC_PAR_SUBSYSTEM_ID,
- .val = QEMU_HDA_ID_DUPLEX,
- },{
- .id = AC_PAR_REV_ID,
- .val = 0x00100101,
- },{
- .id = AC_PAR_NODE_COUNT,
- .val = 0x00010001,
- },
-};
-
-/* duplex: audio function */
-static const desc_param duplex_params_audio_func[] = {
- {
- .id = AC_PAR_FUNCTION_TYPE,
- .val = AC_GRP_AUDIO_FUNCTION,
- },{
- .id = AC_PAR_SUBSYSTEM_ID,
- .val = QEMU_HDA_ID_DUPLEX,
- },{
- .id = AC_PAR_NODE_COUNT,
- .val = 0x00020004,
- },{
- .id = AC_PAR_PCM,
- .val = QEMU_HDA_PCM_FORMATS,
- },{
- .id = AC_PAR_STREAM,
- .val = AC_SUPFMT_PCM,
- },{
- .id = AC_PAR_AMP_IN_CAP,
- .val = QEMU_HDA_AMP_NONE,
- },{
- .id = AC_PAR_AMP_OUT_CAP,
- .val = QEMU_HDA_AMP_NONE,
- },{
- .id = AC_PAR_GPIO_CAP,
- .val = 0,
- },{
- .id = AC_PAR_AUDIO_FG_CAP,
- .val = 0x00000808,
- },{
- .id = AC_PAR_POWER_STATE,
- .val = 0,
- },
-};
-
-/* duplex: nodes */
-static const desc_node duplex_nodes[] = {
- {
- .nid = AC_NODE_ROOT,
- .name = "root",
- .params = duplex_params_root,
- .nparams = ARRAY_SIZE(duplex_params_root),
- },{
- .nid = 1,
- .name = "func",
- .params = duplex_params_audio_func,
- .nparams = ARRAY_SIZE(duplex_params_audio_func),
- },{
- .nid = 2,
- .name = "dac",
- .params = common_params_audio_dac,
- .nparams = ARRAY_SIZE(common_params_audio_dac),
- .stindex = 0,
- },{
- .nid = 3,
- .name = "out",
- .params = common_params_audio_lineout,
- .nparams = ARRAY_SIZE(common_params_audio_lineout),
- .config = ((AC_JACK_PORT_COMPLEX << AC_DEFCFG_PORT_CONN_SHIFT) |
- (AC_JACK_LINE_OUT << AC_DEFCFG_DEVICE_SHIFT) |
- (AC_JACK_CONN_UNKNOWN << AC_DEFCFG_CONN_TYPE_SHIFT) |
- (AC_JACK_COLOR_GREEN << AC_DEFCFG_COLOR_SHIFT) |
- 0x10),
- .pinctl = AC_PINCTL_OUT_EN,
- .conn = (uint32_t[]) { 2 },
- },{
- .nid = 4,
- .name = "adc",
- .params = common_params_audio_adc,
- .nparams = ARRAY_SIZE(common_params_audio_adc),
- .stindex = 1,
- .conn = (uint32_t[]) { 5 },
- },{
- .nid = 5,
- .name = "in",
- .params = common_params_audio_linein,
- .nparams = ARRAY_SIZE(common_params_audio_linein),
- .config = ((AC_JACK_PORT_COMPLEX << AC_DEFCFG_PORT_CONN_SHIFT) |
- (AC_JACK_LINE_IN << AC_DEFCFG_DEVICE_SHIFT) |
- (AC_JACK_CONN_UNKNOWN << AC_DEFCFG_CONN_TYPE_SHIFT) |
- (AC_JACK_COLOR_RED << AC_DEFCFG_COLOR_SHIFT) |
- 0x20),
- .pinctl = AC_PINCTL_IN_EN,
- }
-};
-
-/* duplex: codec */
-static const desc_codec duplex = {
- .name = "duplex",
- .iid = QEMU_HDA_ID_DUPLEX,
- .nodes = duplex_nodes,
- .nnodes = ARRAY_SIZE(duplex_nodes),
-};
-
-/* micro: root node */
-static const desc_param micro_params_root[] = {
- {
- .id = AC_PAR_VENDOR_ID,
- .val = QEMU_HDA_ID_MICRO,
- },{
- .id = AC_PAR_SUBSYSTEM_ID,
- .val = QEMU_HDA_ID_MICRO,
- },{
- .id = AC_PAR_REV_ID,
- .val = 0x00100101,
- },{
- .id = AC_PAR_NODE_COUNT,
- .val = 0x00010001,
- },
-};
-
-/* micro: audio function */
-static const desc_param micro_params_audio_func[] = {
- {
- .id = AC_PAR_FUNCTION_TYPE,
- .val = AC_GRP_AUDIO_FUNCTION,
- },{
- .id = AC_PAR_SUBSYSTEM_ID,
- .val = QEMU_HDA_ID_MICRO,
- },{
- .id = AC_PAR_NODE_COUNT,
- .val = 0x00020004,
- },{
- .id = AC_PAR_PCM,
- .val = QEMU_HDA_PCM_FORMATS,
- },{
- .id = AC_PAR_STREAM,
- .val = AC_SUPFMT_PCM,
- },{
- .id = AC_PAR_AMP_IN_CAP,
- .val = QEMU_HDA_AMP_NONE,
- },{
- .id = AC_PAR_AMP_OUT_CAP,
- .val = QEMU_HDA_AMP_NONE,
- },{
- .id = AC_PAR_GPIO_CAP,
- .val = 0,
- },{
- .id = AC_PAR_AUDIO_FG_CAP,
- .val = 0x00000808,
- },{
- .id = AC_PAR_POWER_STATE,
- .val = 0,
- },
-};
-
-/* micro: nodes */
-static const desc_node micro_nodes[] = {
- {
- .nid = AC_NODE_ROOT,
- .name = "root",
- .params = micro_params_root,
- .nparams = ARRAY_SIZE(micro_params_root),
- },{
- .nid = 1,
- .name = "func",
- .params = micro_params_audio_func,
- .nparams = ARRAY_SIZE(micro_params_audio_func),
- },{
- .nid = 2,
- .name = "dac",
- .params = common_params_audio_dac,
- .nparams = ARRAY_SIZE(common_params_audio_dac),
- .stindex = 0,
- },{
- .nid = 3,
- .name = "out",
- .params = common_params_audio_lineout,
- .nparams = ARRAY_SIZE(common_params_audio_lineout),
- .config = ((AC_JACK_PORT_COMPLEX << AC_DEFCFG_PORT_CONN_SHIFT) |
- (AC_JACK_SPEAKER << AC_DEFCFG_DEVICE_SHIFT) |
- (AC_JACK_CONN_UNKNOWN << AC_DEFCFG_CONN_TYPE_SHIFT) |
- (AC_JACK_COLOR_GREEN << AC_DEFCFG_COLOR_SHIFT) |
- 0x10),
- .pinctl = AC_PINCTL_OUT_EN,
- .conn = (uint32_t[]) { 2 },
- },{
- .nid = 4,
- .name = "adc",
- .params = common_params_audio_adc,
- .nparams = ARRAY_SIZE(common_params_audio_adc),
- .stindex = 1,
- .conn = (uint32_t[]) { 5 },
- },{
- .nid = 5,
- .name = "in",
- .params = common_params_audio_linein,
- .nparams = ARRAY_SIZE(common_params_audio_linein),
- .config = ((AC_JACK_PORT_COMPLEX << AC_DEFCFG_PORT_CONN_SHIFT) |
- (AC_JACK_MIC_IN << AC_DEFCFG_DEVICE_SHIFT) |
- (AC_JACK_CONN_UNKNOWN << AC_DEFCFG_CONN_TYPE_SHIFT) |
- (AC_JACK_COLOR_RED << AC_DEFCFG_COLOR_SHIFT) |
- 0x20),
- .pinctl = AC_PINCTL_IN_EN,
- }
-};
-
-/* micro: codec */
-static const desc_codec micro = {
- .name = "micro",
- .iid = QEMU_HDA_ID_MICRO,
- .nodes = micro_nodes,
- .nnodes = ARRAY_SIZE(micro_nodes),
-};
-
-/* -------------------------------------------------------------------------- */
-
-static const char *fmt2name[] = {
- [ AUD_FMT_U8 ] = "PCM-U8",
- [ AUD_FMT_S8 ] = "PCM-S8",
- [ AUD_FMT_U16 ] = "PCM-U16",
- [ AUD_FMT_S16 ] = "PCM-S16",
- [ AUD_FMT_U32 ] = "PCM-U32",
- [ AUD_FMT_S32 ] = "PCM-S32",
-};
-
-typedef struct HDAAudioState HDAAudioState;
-typedef struct HDAAudioStream HDAAudioStream;
-
-struct HDAAudioStream {
- HDAAudioState *state;
- const desc_node *node;
- bool output, running;
- uint32_t stream;
- uint32_t channel;
- uint32_t format;
- uint32_t gain_left, gain_right;
- bool mute_left, mute_right;
- struct audsettings as;
- union {
- SWVoiceIn *in;
- SWVoiceOut *out;
- } voice;
- uint8_t buf[HDA_BUFFER_SIZE];
- uint32_t bpos;
-};
-
-struct HDAAudioState {
- HDACodecDevice hda;
- const char *name;
-
- QEMUSoundCard card;
- const desc_codec *desc;
- HDAAudioStream st[4];
- bool running_compat[16];
- bool running_real[2 * 16];
-
- /* properties */
- uint32_t debug;
-};
-
-static void hda_audio_input_cb(void *opaque, int avail)
-{
- HDAAudioStream *st = opaque;
- int recv = 0;
- int len;
- bool rc;
-
- while (avail - recv >= sizeof(st->buf)) {
- if (st->bpos != sizeof(st->buf)) {
- len = AUD_read(st->voice.in, st->buf + st->bpos,
- sizeof(st->buf) - st->bpos);
- st->bpos += len;
- recv += len;
- if (st->bpos != sizeof(st->buf)) {
- break;
- }
- }
- rc = hda_codec_xfer(&st->state->hda, st->stream, false,
- st->buf, sizeof(st->buf));
- if (!rc) {
- break;
- }
- st->bpos = 0;
- }
-}
-
-static void hda_audio_output_cb(void *opaque, int avail)
-{
- HDAAudioStream *st = opaque;
- int sent = 0;
- int len;
- bool rc;
-
- while (avail - sent >= sizeof(st->buf)) {
- if (st->bpos == sizeof(st->buf)) {
- rc = hda_codec_xfer(&st->state->hda, st->stream, true,
- st->buf, sizeof(st->buf));
- if (!rc) {
- break;
- }
- st->bpos = 0;
- }
- len = AUD_write(st->voice.out, st->buf + st->bpos,
- sizeof(st->buf) - st->bpos);
- st->bpos += len;
- sent += len;
- if (st->bpos != sizeof(st->buf)) {
- break;
- }
- }
-}
-
-static void hda_audio_set_running(HDAAudioStream *st, bool running)
-{
- if (st->node == NULL) {
- return;
- }
- if (st->running == running) {
- return;
- }
- st->running = running;
- dprint(st->state, 1, "%s: %s (stream %d)\n", st->node->name,
- st->running ? "on" : "off", st->stream);
- if (st->output) {
- AUD_set_active_out(st->voice.out, st->running);
- } else {
- AUD_set_active_in(st->voice.in, st->running);
- }
-}
-
-static void hda_audio_set_amp(HDAAudioStream *st)
-{
- bool muted;
- uint32_t left, right;
-
- if (st->node == NULL) {
- return;
- }
-
- muted = st->mute_left && st->mute_right;
- left = st->mute_left ? 0 : st->gain_left;
- right = st->mute_right ? 0 : st->gain_right;
-
- left = left * 255 / QEMU_HDA_AMP_STEPS;
- right = right * 255 / QEMU_HDA_AMP_STEPS;
-
- if (st->output) {
- AUD_set_volume_out(st->voice.out, muted, left, right);
- } else {
- AUD_set_volume_in(st->voice.in, muted, left, right);
- }
-}
-
-static void hda_audio_setup(HDAAudioStream *st)
-{
- if (st->node == NULL) {
- return;
- }
-
- dprint(st->state, 1, "%s: format: %d x %s @ %d Hz\n",
- st->node->name, st->as.nchannels,
- fmt2name[st->as.fmt], st->as.freq);
-
- if (st->output) {
- st->voice.out = AUD_open_out(&st->state->card, st->voice.out,
- st->node->name, st,
- hda_audio_output_cb, &st->as);
- } else {
- st->voice.in = AUD_open_in(&st->state->card, st->voice.in,
- st->node->name, st,
- hda_audio_input_cb, &st->as);
- }
-}
-
-static void hda_audio_command(HDACodecDevice *hda, uint32_t nid, uint32_t data)
-{
- HDAAudioState *a = DO_UPCAST(HDAAudioState, hda, hda);
- HDAAudioStream *st;
- const desc_node *node = NULL;
- const desc_param *param;
- uint32_t verb, payload, response, count, shift;
-
- if ((data & 0x70000) == 0x70000) {
- /* 12/8 id/payload */
- verb = (data >> 8) & 0xfff;
- payload = data & 0x00ff;
- } else {
- /* 4/16 id/payload */
- verb = (data >> 8) & 0xf00;
- payload = data & 0xffff;
- }
-
- node = hda_codec_find_node(a->desc, nid);
- if (node == NULL) {
- goto fail;
- }
- dprint(a, 2, "%s: nid %d (%s), verb 0x%x, payload 0x%x\n",
- __FUNCTION__, nid, node->name, verb, payload);
-
- switch (verb) {
- /* all nodes */
- case AC_VERB_PARAMETERS:
- param = hda_codec_find_param(node, payload);
- if (param == NULL) {
- goto fail;
- }
- hda_codec_response(hda, true, param->val);
- break;
- case AC_VERB_GET_SUBSYSTEM_ID:
- hda_codec_response(hda, true, a->desc->iid);
- break;
-
- /* all functions */
- case AC_VERB_GET_CONNECT_LIST:
- param = hda_codec_find_param(node, AC_PAR_CONNLIST_LEN);
- count = param ? param->val : 0;
- response = 0;
- shift = 0;
- while (payload < count && shift < 32) {
- response |= node->conn[payload] << shift;
- payload++;
- shift += 8;
- }
- hda_codec_response(hda, true, response);
- break;
-
- /* pin widget */
- case AC_VERB_GET_CONFIG_DEFAULT:
- hda_codec_response(hda, true, node->config);
- break;
- case AC_VERB_GET_PIN_WIDGET_CONTROL:
- hda_codec_response(hda, true, node->pinctl);
- break;
- case AC_VERB_SET_PIN_WIDGET_CONTROL:
- if (node->pinctl != payload) {
- dprint(a, 1, "unhandled pin control bit\n");
- }
- hda_codec_response(hda, true, 0);
- break;
-
- /* audio in/out widget */
- case AC_VERB_SET_CHANNEL_STREAMID:
- st = a->st + node->stindex;
- if (st->node == NULL) {
- goto fail;
- }
- hda_audio_set_running(st, false);
- st->stream = (payload >> 4) & 0x0f;
- st->channel = payload & 0x0f;
- dprint(a, 2, "%s: stream %d, channel %d\n",
- st->node->name, st->stream, st->channel);
- hda_audio_set_running(st, a->running_real[st->output * 16 + st->stream]);
- hda_codec_response(hda, true, 0);
- break;
- case AC_VERB_GET_CONV:
- st = a->st + node->stindex;
- if (st->node == NULL) {
- goto fail;
- }
- response = st->stream << 4 | st->channel;
- hda_codec_response(hda, true, response);
- break;
- case AC_VERB_SET_STREAM_FORMAT:
- st = a->st + node->stindex;
- if (st->node == NULL) {
- goto fail;
- }
- st->format = payload;
- hda_codec_parse_fmt(st->format, &st->as);
- hda_audio_setup(st);
- hda_codec_response(hda, true, 0);
- break;
- case AC_VERB_GET_STREAM_FORMAT:
- st = a->st + node->stindex;
- if (st->node == NULL) {
- goto fail;
- }
- hda_codec_response(hda, true, st->format);
- break;
- case AC_VERB_GET_AMP_GAIN_MUTE:
- st = a->st + node->stindex;
- if (st->node == NULL) {
- goto fail;
- }
- if (payload & AC_AMP_GET_LEFT) {
- response = st->gain_left | (st->mute_left ? AC_AMP_MUTE : 0);
- } else {
- response = st->gain_right | (st->mute_right ? AC_AMP_MUTE : 0);
- }
- hda_codec_response(hda, true, response);
- break;
- case AC_VERB_SET_AMP_GAIN_MUTE:
- st = a->st + node->stindex;
- if (st->node == NULL) {
- goto fail;
- }
- dprint(a, 1, "amp (%s): %s%s%s%s index %d gain %3d %s\n",
- st->node->name,
- (payload & AC_AMP_SET_OUTPUT) ? "o" : "-",
- (payload & AC_AMP_SET_INPUT) ? "i" : "-",
- (payload & AC_AMP_SET_LEFT) ? "l" : "-",
- (payload & AC_AMP_SET_RIGHT) ? "r" : "-",
- (payload & AC_AMP_SET_INDEX) >> AC_AMP_SET_INDEX_SHIFT,
- (payload & AC_AMP_GAIN),
- (payload & AC_AMP_MUTE) ? "muted" : "");
- if (payload & AC_AMP_SET_LEFT) {
- st->gain_left = payload & AC_AMP_GAIN;
- st->mute_left = payload & AC_AMP_MUTE;
- }
- if (payload & AC_AMP_SET_RIGHT) {
- st->gain_right = payload & AC_AMP_GAIN;
- st->mute_right = payload & AC_AMP_MUTE;
- }
- hda_audio_set_amp(st);
- hda_codec_response(hda, true, 0);
- break;
-
- /* not supported */
- case AC_VERB_SET_POWER_STATE:
- case AC_VERB_GET_POWER_STATE:
- case AC_VERB_GET_SDI_SELECT:
- hda_codec_response(hda, true, 0);
- break;
- default:
- goto fail;
- }
- return;
-
-fail:
- dprint(a, 1, "%s: not handled: nid %d (%s), verb 0x%x, payload 0x%x\n",
- __FUNCTION__, nid, node ? node->name : "?", verb, payload);
- hda_codec_response(hda, true, 0);
-}
-
-static void hda_audio_stream(HDACodecDevice *hda, uint32_t stnr, bool running, bool output)
-{
- HDAAudioState *a = DO_UPCAST(HDAAudioState, hda, hda);
- int s;
-
- a->running_compat[stnr] = running;
- a->running_real[output * 16 + stnr] = running;
- for (s = 0; s < ARRAY_SIZE(a->st); s++) {
- if (a->st[s].node == NULL) {
- continue;
- }
- if (a->st[s].output != output) {
- continue;
- }
- if (a->st[s].stream != stnr) {
- continue;
- }
- hda_audio_set_running(&a->st[s], running);
- }
-}
-
-static int hda_audio_init(HDACodecDevice *hda, const struct desc_codec *desc)
-{
- HDAAudioState *a = DO_UPCAST(HDAAudioState, hda, hda);
- HDAAudioStream *st;
- const desc_node *node;
- const desc_param *param;
- uint32_t i, type;
-
- a->desc = desc;
- a->name = object_get_typename(OBJECT(a));
- dprint(a, 1, "%s: cad %d\n", __FUNCTION__, a->hda.cad);
-
- AUD_register_card("hda", &a->card);
- for (i = 0; i < a->desc->nnodes; i++) {
- node = a->desc->nodes + i;
- param = hda_codec_find_param(node, AC_PAR_AUDIO_WIDGET_CAP);
- if (NULL == param)
- continue;
- type = (param->val & AC_WCAP_TYPE) >> AC_WCAP_TYPE_SHIFT;
- switch (type) {
- case AC_WID_AUD_OUT:
- case AC_WID_AUD_IN:
- assert(node->stindex < ARRAY_SIZE(a->st));
- st = a->st + node->stindex;
- st->state = a;
- st->node = node;
- if (type == AC_WID_AUD_OUT) {
- /* unmute output by default */
- st->gain_left = QEMU_HDA_AMP_STEPS;
- st->gain_right = QEMU_HDA_AMP_STEPS;
- st->bpos = sizeof(st->buf);
- st->output = true;
- } else {
- st->output = false;
- }
- st->format = AC_FMT_TYPE_PCM | AC_FMT_BITS_16 |
- (1 << AC_FMT_CHAN_SHIFT);
- hda_codec_parse_fmt(st->format, &st->as);
- hda_audio_setup(st);
- break;
- }
- }
- return 0;
-}
-
-static int hda_audio_exit(HDACodecDevice *hda)
-{
- HDAAudioState *a = DO_UPCAST(HDAAudioState, hda, hda);
- HDAAudioStream *st;
- int i;
-
- dprint(a, 1, "%s\n", __FUNCTION__);
- for (i = 0; i < ARRAY_SIZE(a->st); i++) {
- st = a->st + i;
- if (st->node == NULL) {
- continue;
- }
- if (st->output) {
- AUD_close_out(&a->card, st->voice.out);
- } else {
- AUD_close_in(&a->card, st->voice.in);
- }
- }
- AUD_remove_card(&a->card);
- return 0;
-}
-
-static int hda_audio_post_load(void *opaque, int version)
-{
- HDAAudioState *a = opaque;
- HDAAudioStream *st;
- int i;
-
- dprint(a, 1, "%s\n", __FUNCTION__);
- if (version == 1) {
- /* assume running_compat[] is for output streams */
- for (i = 0; i < ARRAY_SIZE(a->running_compat); i++)
- a->running_real[16 + i] = a->running_compat[i];
- }
-
- for (i = 0; i < ARRAY_SIZE(a->st); i++) {
- st = a->st + i;
- if (st->node == NULL)
- continue;
- hda_codec_parse_fmt(st->format, &st->as);
- hda_audio_setup(st);
- hda_audio_set_amp(st);
- hda_audio_set_running(st, a->running_real[st->output * 16 + st->stream]);
- }
- return 0;
-}
-
-static const VMStateDescription vmstate_hda_audio_stream = {
- .name = "hda-audio-stream",
- .version_id = 1,
- .fields = (VMStateField []) {
- VMSTATE_UINT32(stream, HDAAudioStream),
- VMSTATE_UINT32(channel, HDAAudioStream),
- VMSTATE_UINT32(format, HDAAudioStream),
- VMSTATE_UINT32(gain_left, HDAAudioStream),
- VMSTATE_UINT32(gain_right, HDAAudioStream),
- VMSTATE_BOOL(mute_left, HDAAudioStream),
- VMSTATE_BOOL(mute_right, HDAAudioStream),
- VMSTATE_UINT32(bpos, HDAAudioStream),
- VMSTATE_BUFFER(buf, HDAAudioStream),
- VMSTATE_END_OF_LIST()
- }
-};
-
-static const VMStateDescription vmstate_hda_audio = {
- .name = "hda-audio",
- .version_id = 2,
- .post_load = hda_audio_post_load,
- .fields = (VMStateField []) {
- VMSTATE_STRUCT_ARRAY(st, HDAAudioState, 4, 0,
- vmstate_hda_audio_stream,
- HDAAudioStream),
- VMSTATE_BOOL_ARRAY(running_compat, HDAAudioState, 16),
- VMSTATE_BOOL_ARRAY_V(running_real, HDAAudioState, 2 * 16, 2),
- VMSTATE_END_OF_LIST()
- }
-};
-
-static Property hda_audio_properties[] = {
- DEFINE_PROP_UINT32("debug", HDAAudioState, debug, 0),
- DEFINE_PROP_END_OF_LIST(),
-};
-
-static int hda_audio_init_output(HDACodecDevice *hda)
-{
- return hda_audio_init(hda, &output);
-}
-
-static int hda_audio_init_duplex(HDACodecDevice *hda)
-{
- return hda_audio_init(hda, &duplex);
-}
-
-static int hda_audio_init_micro(HDACodecDevice *hda)
-{
- return hda_audio_init(hda, &micro);
-}
-
-static void hda_audio_output_class_init(ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS(klass);
- HDACodecDeviceClass *k = HDA_CODEC_DEVICE_CLASS(klass);
-
- k->init = hda_audio_init_output;
- k->exit = hda_audio_exit;
- k->command = hda_audio_command;
- k->stream = hda_audio_stream;
- dc->desc = "HDA Audio Codec, output-only (line-out)";
- dc->vmsd = &vmstate_hda_audio;
- dc->props = hda_audio_properties;
-}
-
-static TypeInfo hda_audio_output_info = {
- .name = "hda-output",
- .parent = TYPE_HDA_CODEC_DEVICE,
- .instance_size = sizeof(HDAAudioState),
- .class_init = hda_audio_output_class_init,
-};
-
-static void hda_audio_duplex_class_init(ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS(klass);
- HDACodecDeviceClass *k = HDA_CODEC_DEVICE_CLASS(klass);
-
- k->init = hda_audio_init_duplex;
- k->exit = hda_audio_exit;
- k->command = hda_audio_command;
- k->stream = hda_audio_stream;
- dc->desc = "HDA Audio Codec, duplex (line-out, line-in)";
- dc->vmsd = &vmstate_hda_audio;
- dc->props = hda_audio_properties;
-}
-
-static TypeInfo hda_audio_duplex_info = {
- .name = "hda-duplex",
- .parent = TYPE_HDA_CODEC_DEVICE,
- .instance_size = sizeof(HDAAudioState),
- .class_init = hda_audio_duplex_class_init,
-};
-
-static void hda_audio_micro_class_init(ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS(klass);
- HDACodecDeviceClass *k = HDA_CODEC_DEVICE_CLASS(klass);
-
- k->init = hda_audio_init_micro;
- k->exit = hda_audio_exit;
- k->command = hda_audio_command;
- k->stream = hda_audio_stream;
- dc->desc = "HDA Audio Codec, duplex (speaker, microphone)";
- dc->vmsd = &vmstate_hda_audio;
- dc->props = hda_audio_properties;
-}
-
-static TypeInfo hda_audio_micro_info = {
- .name = "hda-micro",
- .parent = TYPE_HDA_CODEC_DEVICE,
- .instance_size = sizeof(HDAAudioState),
- .class_init = hda_audio_micro_class_init,
-};
-
-static void hda_audio_register_types(void)
-{
- type_register_static(&hda_audio_output_info);
- type_register_static(&hda_audio_duplex_info);
- type_register_static(&hda_audio_micro_info);
-}
-
-type_init(hda_audio_register_types)
diff --git a/hw/heathrow_pic.c b/hw/heathrow_pic.c
deleted file mode 100644
index b9ec8e7b4..000000000
--- a/hw/heathrow_pic.c
+++ /dev/null
@@ -1,215 +0,0 @@
-/*
- * Heathrow PIC support (OldWorld PowerMac)
- *
- * Copyright (c) 2005-2007 Fabrice Bellard
- * Copyright (c) 2007 Jocelyn Mayer
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
- * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
- * THE SOFTWARE.
- */
-#include "hw.h"
-#include "ppc_mac.h"
-
-/* debug PIC */
-//#define DEBUG_PIC
-
-#ifdef DEBUG_PIC
-#define PIC_DPRINTF(fmt, ...) \
- do { printf("PIC: " fmt , ## __VA_ARGS__); } while (0)
-#else
-#define PIC_DPRINTF(fmt, ...)
-#endif
-
-typedef struct HeathrowPIC {
- uint32_t events;
- uint32_t mask;
- uint32_t levels;
- uint32_t level_triggered;
-} HeathrowPIC;
-
-typedef struct HeathrowPICS {
- MemoryRegion mem;
- HeathrowPIC pics[2];
- qemu_irq *irqs;
-} HeathrowPICS;
-
-static inline int check_irq(HeathrowPIC *pic)
-{
- return (pic->events | (pic->levels & pic->level_triggered)) & pic->mask;
-}
-
-/* update the CPU irq state */
-static void heathrow_pic_update(HeathrowPICS *s)
-{
- if (check_irq(&s->pics[0]) || check_irq(&s->pics[1])) {
- qemu_irq_raise(s->irqs[0]);
- } else {
- qemu_irq_lower(s->irqs[0]);
- }
-}
-
-static void pic_write(void *opaque, hwaddr addr,
- uint64_t value, unsigned size)
-{
- HeathrowPICS *s = opaque;
- HeathrowPIC *pic;
- unsigned int n;
-
- n = ((addr & 0xfff) - 0x10) >> 4;
- PIC_DPRINTF("writel: " TARGET_FMT_plx " %u: %08x\n", addr, n, value);
- if (n >= 2)
- return;
- pic = &s->pics[n];
- switch(addr & 0xf) {
- case 0x04:
- pic->mask = value;
- heathrow_pic_update(s);
- break;
- case 0x08:
- /* do not reset level triggered IRQs */
- value &= ~pic->level_triggered;
- pic->events &= ~value;
- heathrow_pic_update(s);
- break;
- default:
- break;
- }
-}
-
-static uint64_t pic_read(void *opaque, hwaddr addr,
- unsigned size)
-{
- HeathrowPICS *s = opaque;
- HeathrowPIC *pic;
- unsigned int n;
- uint32_t value;
-
- n = ((addr & 0xfff) - 0x10) >> 4;
- if (n >= 2) {
- value = 0;
- } else {
- pic = &s->pics[n];
- switch(addr & 0xf) {
- case 0x0:
- value = pic->events;
- break;
- case 0x4:
- value = pic->mask;
- break;
- case 0xc:
- value = pic->levels;
- break;
- default:
- value = 0;
- break;
- }
- }
- PIC_DPRINTF("readl: " TARGET_FMT_plx " %u: %08x\n", addr, n, value);
- return value;
-}
-
-static const MemoryRegionOps heathrow_pic_ops = {
- .read = pic_read,
- .write = pic_write,
- .endianness = DEVICE_LITTLE_ENDIAN,
-};
-
-static void heathrow_pic_set_irq(void *opaque, int num, int level)
-{
- HeathrowPICS *s = opaque;
- HeathrowPIC *pic;
- unsigned int irq_bit;
-
-#if defined(DEBUG)
- {
- static int last_level[64];
- if (last_level[num] != level) {
- PIC_DPRINTF("set_irq: num=0x%02x level=%d\n", num, level);
- last_level[num] = level;
- }
- }
-#endif
- pic = &s->pics[1 - (num >> 5)];
- irq_bit = 1 << (num & 0x1f);
- if (level) {
- pic->events |= irq_bit & ~pic->level_triggered;
- pic->levels |= irq_bit;
- } else {
- pic->levels &= ~irq_bit;
- }
- heathrow_pic_update(s);
-}
-
-static const VMStateDescription vmstate_heathrow_pic_one = {
- .name = "heathrow_pic_one",
- .version_id = 0,
- .minimum_version_id = 0,
- .minimum_version_id_old = 0,
- .fields = (VMStateField[]) {
- VMSTATE_UINT32(events, HeathrowPIC),
- VMSTATE_UINT32(mask, HeathrowPIC),
- VMSTATE_UINT32(levels, HeathrowPIC),
- VMSTATE_UINT32(level_triggered, HeathrowPIC),
- VMSTATE_END_OF_LIST()
- }
-};
-
-static const VMStateDescription vmstate_heathrow_pic = {
- .name = "heathrow_pic",
- .version_id = 1,
- .minimum_version_id = 1,
- .minimum_version_id_old = 1,
- .fields = (VMStateField[]) {
- VMSTATE_STRUCT_ARRAY(pics, HeathrowPICS, 2, 1,
- vmstate_heathrow_pic_one, HeathrowPIC),
- VMSTATE_END_OF_LIST()
- }
-};
-
-static void heathrow_pic_reset_one(HeathrowPIC *s)
-{
- memset(s, '\0', sizeof(HeathrowPIC));
-}
-
-static void heathrow_pic_reset(void *opaque)
-{
- HeathrowPICS *s = opaque;
-
- heathrow_pic_reset_one(&s->pics[0]);
- heathrow_pic_reset_one(&s->pics[1]);
-
- s->pics[0].level_triggered = 0;
- s->pics[1].level_triggered = 0x1ff00000;
-}
-
-qemu_irq *heathrow_pic_init(MemoryRegion **pmem,
- int nb_cpus, qemu_irq **irqs)
-{
- HeathrowPICS *s;
-
- s = g_malloc0(sizeof(HeathrowPICS));
- /* only 1 CPU */
- s->irqs = irqs[0];
- memory_region_init_io(&s->mem, &heathrow_pic_ops, s,
- "heathrow-pic", 0x1000);
- *pmem = &s->mem;
-
- vmstate_register(NULL, -1, &vmstate_heathrow_pic, s);
- qemu_register_reset(heathrow_pic_reset, s);
- return qemu_allocate_irqs(heathrow_pic_set_irq, s, 64);
-}
diff --git a/hw/hid.c b/hw/hid.c
deleted file mode 100644
index 03761ab8b..000000000
--- a/hw/hid.c
+++ /dev/null
@@ -1,467 +0,0 @@
-/*
- * QEMU HID devices
- *
- * Copyright (c) 2005 Fabrice Bellard
- * Copyright (c) 2007 OpenMoko, Inc. (andrew@openedhand.com)
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
- * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
- * THE SOFTWARE.
- */
-#include "hw.h"
-#include "console.h"
-#include "qemu-timer.h"
-#include "hid.h"
-
-#define HID_USAGE_ERROR_ROLLOVER 0x01
-#define HID_USAGE_POSTFAIL 0x02
-#define HID_USAGE_ERROR_UNDEFINED 0x03
-
-/* Indices are QEMU keycodes, values are from HID Usage Table. Indices
- * above 0x80 are for keys that come after 0xe0 or 0xe1+0x1d or 0xe1+0x9d. */
-static const uint8_t hid_usage_keys[0x100] = {
- 0x00, 0x29, 0x1e, 0x1f, 0x20, 0x21, 0x22, 0x23,
- 0x24, 0x25, 0x26, 0x27, 0x2d, 0x2e, 0x2a, 0x2b,
- 0x14, 0x1a, 0x08, 0x15, 0x17, 0x1c, 0x18, 0x0c,
- 0x12, 0x13, 0x2f, 0x30, 0x28, 0xe0, 0x04, 0x16,
- 0x07, 0x09, 0x0a, 0x0b, 0x0d, 0x0e, 0x0f, 0x33,
- 0x34, 0x35, 0xe1, 0x31, 0x1d, 0x1b, 0x06, 0x19,
- 0x05, 0x11, 0x10, 0x36, 0x37, 0x38, 0xe5, 0x55,
- 0xe2, 0x2c, 0x32, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e,
- 0x3f, 0x40, 0x41, 0x42, 0x43, 0x53, 0x47, 0x5f,
- 0x60, 0x61, 0x56, 0x5c, 0x5d, 0x5e, 0x57, 0x59,
- 0x5a, 0x5b, 0x62, 0x63, 0x00, 0x00, 0x00, 0x44,
- 0x45, 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e,
- 0xe8, 0xe9, 0x71, 0x72, 0x73, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x85, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0xe3, 0xe7, 0x65,
-
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x58, 0xe4, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x54, 0x00, 0x46,
- 0xe6, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x48, 0x00, 0x4a,
- 0x52, 0x4b, 0x00, 0x50, 0x00, 0x4f, 0x00, 0x4d,
- 0x51, 0x4e, 0x49, 0x4c, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0xe3, 0xe7, 0x65, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-};
-
-bool hid_has_events(HIDState *hs)
-{
- return hs->n > 0;
-}
-
-void hid_set_next_idle(HIDState *hs, int64_t curtime)
-{
- hs->next_idle_clock = curtime + (get_ticks_per_sec() * hs->idle * 4) / 1000;
-}
-
-static void hid_pointer_event_clear(HIDPointerEvent *e, int buttons)
-{
- e->xdx = e->ydy = e->dz = 0;
- e->buttons_state = buttons;
-}
-
-static void hid_pointer_event_combine(HIDPointerEvent *e, int xyrel,
- int x1, int y1, int z1) {
- if (xyrel) {
- e->xdx += x1;
- e->ydy += y1;
- } else {
- e->xdx = x1;
- e->ydy = y1;
- /* Windows drivers do not like the 0/0 position and ignore such
- * events. */
- if (!(x1 | y1)) {
- e->xdx = 1;
- }
- }
- e->dz += z1;
-}
-
-static void hid_pointer_event(void *opaque,
- int x1, int y1, int z1, int buttons_state)
-{
- HIDState *hs = opaque;
- unsigned use_slot = (hs->head + hs->n - 1) & QUEUE_MASK;
- unsigned previous_slot = (use_slot - 1) & QUEUE_MASK;
-
- /* We combine events where feasible to keep the queue small. We shouldn't
- * combine anything with the first event of a particular button state, as
- * that would change the location of the button state change. When the
- * queue is empty, a second event is needed because we don't know if
- * the first event changed the button state. */
- if (hs->n == QUEUE_LENGTH) {
- /* Queue full. Discard old button state, combine motion normally. */
- hs->ptr.queue[use_slot].buttons_state = buttons_state;
- } else if (hs->n < 2 ||
- hs->ptr.queue[use_slot].buttons_state != buttons_state ||
- hs->ptr.queue[previous_slot].buttons_state !=
- hs->ptr.queue[use_slot].buttons_state) {
- /* Cannot or should not combine, so add an empty item to the queue. */
- QUEUE_INCR(use_slot);
- hs->n++;
- hid_pointer_event_clear(&hs->ptr.queue[use_slot], buttons_state);
- }
- hid_pointer_event_combine(&hs->ptr.queue[use_slot],
- hs->kind == HID_MOUSE,
- x1, y1, z1);
- hs->event(hs);
-}
-
-static void hid_keyboard_event(void *opaque, int keycode)
-{
- HIDState *hs = opaque;
- int slot;
-
- if (hs->n == QUEUE_LENGTH) {
- fprintf(stderr, "usb-kbd: warning: key event queue full\n");
- return;
- }
- slot = (hs->head + hs->n) & QUEUE_MASK; hs->n++;
- hs->kbd.keycodes[slot] = keycode;
- hs->event(hs);
-}
-
-static void hid_keyboard_process_keycode(HIDState *hs)
-{
- uint8_t hid_code, key;
- int i, keycode, slot;
-
- if (hs->n == 0) {
- return;
- }
- slot = hs->head & QUEUE_MASK; QUEUE_INCR(hs->head); hs->n--;
- keycode = hs->kbd.keycodes[slot];
-
- key = keycode & 0x7f;
- hid_code = hid_usage_keys[key | ((hs->kbd.modifiers >> 1) & (1 << 7))];
- hs->kbd.modifiers &= ~(1 << 8);
-
- switch (hid_code) {
- case 0x00:
- return;
-
- case 0xe0:
- if (hs->kbd.modifiers & (1 << 9)) {
- hs->kbd.modifiers ^= 3 << 8;
- return;
- }
- case 0xe1 ... 0xe7:
- if (keycode & (1 << 7)) {
- hs->kbd.modifiers &= ~(1 << (hid_code & 0x0f));
- return;
- }
- case 0xe8 ... 0xef:
- hs->kbd.modifiers |= 1 << (hid_code & 0x0f);
- return;
- }
-
- if (keycode & (1 << 7)) {
- for (i = hs->kbd.keys - 1; i >= 0; i--) {
- if (hs->kbd.key[i] == hid_code) {
- hs->kbd.key[i] = hs->kbd.key[-- hs->kbd.keys];
- hs->kbd.key[hs->kbd.keys] = 0x00;
- break;
- }
- }
- if (i < 0) {
- return;
- }
- } else {
- for (i = hs->kbd.keys - 1; i >= 0; i--) {
- if (hs->kbd.key[i] == hid_code) {
- break;
- }
- }
- if (i < 0) {
- if (hs->kbd.keys < sizeof(hs->kbd.key)) {
- hs->kbd.key[hs->kbd.keys++] = hid_code;
- }
- } else {
- return;
- }
- }
-}
-
-static inline int int_clamp(int val, int vmin, int vmax)
-{
- if (val < vmin) {
- return vmin;
- } else if (val > vmax) {
- return vmax;
- } else {
- return val;
- }
-}
-
-void hid_pointer_activate(HIDState *hs)
-{
- if (!hs->ptr.mouse_grabbed) {
- qemu_activate_mouse_event_handler(hs->ptr.eh_entry);
- hs->ptr.mouse_grabbed = 1;
- }
-}
-
-int hid_pointer_poll(HIDState *hs, uint8_t *buf, int len)
-{
- int dx, dy, dz, b, l;
- int index;
- HIDPointerEvent *e;
-
- hid_pointer_activate(hs);
-
- /* When the buffer is empty, return the last event. Relative
- movements will all be zero. */
- index = (hs->n ? hs->head : hs->head - 1);
- e = &hs->ptr.queue[index & QUEUE_MASK];
-
- if (hs->kind == HID_MOUSE) {
- dx = int_clamp(e->xdx, -127, 127);
- dy = int_clamp(e->ydy, -127, 127);
- e->xdx -= dx;
- e->ydy -= dy;
- } else {
- dx = e->xdx;
- dy = e->ydy;
- }
- dz = int_clamp(e->dz, -127, 127);
- e->dz -= dz;
-
- b = 0;
- if (e->buttons_state & MOUSE_EVENT_LBUTTON) {
- b |= 0x01;
- }
- if (e->buttons_state & MOUSE_EVENT_RBUTTON) {
- b |= 0x02;
- }
- if (e->buttons_state & MOUSE_EVENT_MBUTTON) {
- b |= 0x04;
- }
-
- if (hs->n &&
- !e->dz &&
- (hs->kind == HID_TABLET || (!e->xdx && !e->ydy))) {
- /* that deals with this event */
- QUEUE_INCR(hs->head);
- hs->n--;
- }
-
- /* Appears we have to invert the wheel direction */
- dz = 0 - dz;
- l = 0;
- switch (hs->kind) {
- case HID_MOUSE:
- if (len > l) {
- buf[l++] = b;
- }
- if (len > l) {
- buf[l++] = dx;
- }
- if (len > l) {
- buf[l++] = dy;
- }
- if (len > l) {
- buf[l++] = dz;
- }
- break;
-
- case HID_TABLET:
- if (len > l) {
- buf[l++] = b;
- }
- if (len > l) {
- buf[l++] = dx & 0xff;
- }
- if (len > l) {
- buf[l++] = dx >> 8;
- }
- if (len > l) {
- buf[l++] = dy & 0xff;
- }
- if (len > l) {
- buf[l++] = dy >> 8;
- }
- if (len > l) {
- buf[l++] = dz;
- }
- break;
-
- default:
- abort();
- }
-
- return l;
-}
-
-int hid_keyboard_poll(HIDState *hs, uint8_t *buf, int len)
-{
- if (len < 2) {
- return 0;
- }
-
- hid_keyboard_process_keycode(hs);
-
- buf[0] = hs->kbd.modifiers & 0xff;
- buf[1] = 0;
- if (hs->kbd.keys > 6) {
- memset(buf + 2, HID_USAGE_ERROR_ROLLOVER, MIN(8, len) - 2);
- } else {
- memcpy(buf + 2, hs->kbd.key, MIN(8, len) - 2);
- }
-
- return MIN(8, len);
-}
-
-int hid_keyboard_write(HIDState *hs, uint8_t *buf, int len)
-{
- if (len > 0) {
- int ledstate = 0;
- /* 0x01: Num Lock LED
- * 0x02: Caps Lock LED
- * 0x04: Scroll Lock LED
- * 0x08: Compose LED
- * 0x10: Kana LED */
- hs->kbd.leds = buf[0];
- if (hs->kbd.leds & 0x04) {
- ledstate |= QEMU_SCROLL_LOCK_LED;
- }
- if (hs->kbd.leds & 0x01) {
- ledstate |= QEMU_NUM_LOCK_LED;
- }
- if (hs->kbd.leds & 0x02) {
- ledstate |= QEMU_CAPS_LOCK_LED;
- }
- kbd_put_ledstate(ledstate);
- }
- return 0;
-}
-
-void hid_reset(HIDState *hs)
-{
- switch (hs->kind) {
- case HID_KEYBOARD:
- memset(hs->kbd.keycodes, 0, sizeof(hs->kbd.keycodes));
- memset(hs->kbd.key, 0, sizeof(hs->kbd.key));
- hs->kbd.keys = 0;
- break;
- case HID_MOUSE:
- case HID_TABLET:
- memset(hs->ptr.queue, 0, sizeof(hs->ptr.queue));
- break;
- }
- hs->head = 0;
- hs->n = 0;
- hs->protocol = 1;
- hs->idle = 0;
-}
-
-void hid_free(HIDState *hs)
-{
- switch (hs->kind) {
- case HID_KEYBOARD:
- qemu_remove_kbd_event_handler();
- break;
- case HID_MOUSE:
- case HID_TABLET:
- qemu_remove_mouse_event_handler(hs->ptr.eh_entry);
- break;
- }
-}
-
-void hid_init(HIDState *hs, int kind, HIDEventFunc event)
-{
- hs->kind = kind;
- hs->event = event;
-
- if (hs->kind == HID_KEYBOARD) {
- qemu_add_kbd_event_handler(hid_keyboard_event, hs);
- } else if (hs->kind == HID_MOUSE) {
- hs->ptr.eh_entry = qemu_add_mouse_event_handler(hid_pointer_event, hs,
- 0, "QEMU HID Mouse");
- } else if (hs->kind == HID_TABLET) {
- hs->ptr.eh_entry = qemu_add_mouse_event_handler(hid_pointer_event, hs,
- 1, "QEMU HID Tablet");
- }
-}
-
-static int hid_post_load(void *opaque, int version_id)
-{
- HIDState *s = opaque;
-
- if (s->idle) {
- hid_set_next_idle(s, qemu_get_clock_ns(vm_clock));
- }
- return 0;
-}
-
-static const VMStateDescription vmstate_hid_ptr_queue = {
- .name = "HIDPointerEventQueue",
- .version_id = 1,
- .minimum_version_id = 1,
- .fields = (VMStateField[]) {
- VMSTATE_INT32(xdx, HIDPointerEvent),
- VMSTATE_INT32(ydy, HIDPointerEvent),
- VMSTATE_INT32(dz, HIDPointerEvent),
- VMSTATE_INT32(buttons_state, HIDPointerEvent),
- VMSTATE_END_OF_LIST()
- }
-};
-
-const VMStateDescription vmstate_hid_ptr_device = {
- .name = "HIDPointerDevice",
- .version_id = 1,
- .minimum_version_id = 1,
- .post_load = hid_post_load,
- .fields = (VMStateField[]) {
- VMSTATE_STRUCT_ARRAY(ptr.queue, HIDState, QUEUE_LENGTH, 0,
- vmstate_hid_ptr_queue, HIDPointerEvent),
- VMSTATE_UINT32(head, HIDState),
- VMSTATE_UINT32(n, HIDState),
- VMSTATE_INT32(protocol, HIDState),
- VMSTATE_UINT8(idle, HIDState),
- VMSTATE_END_OF_LIST(),
- }
-};
-
-const VMStateDescription vmstate_hid_keyboard_device = {
- .name = "HIDKeyboardDevice",
- .version_id = 1,
- .minimum_version_id = 1,
- .post_load = hid_post_load,
- .fields = (VMStateField[]) {
- VMSTATE_UINT32_ARRAY(kbd.keycodes, HIDState, QUEUE_LENGTH),
- VMSTATE_UINT32(head, HIDState),
- VMSTATE_UINT32(n, HIDState),
- VMSTATE_UINT16(kbd.modifiers, HIDState),
- VMSTATE_UINT8(kbd.leds, HIDState),
- VMSTATE_UINT8_ARRAY(kbd.key, HIDState, 16),
- VMSTATE_INT32(kbd.keys, HIDState),
- VMSTATE_INT32(protocol, HIDState),
- VMSTATE_UINT8(idle, HIDState),
- VMSTATE_END_OF_LIST(),
- }
-};
diff --git a/hw/hid.h b/hw/hid.h
deleted file mode 100644
index 5315cf7a3..000000000
--- a/hw/hid.h
+++ /dev/null
@@ -1,82 +0,0 @@
-#ifndef QEMU_HID_H
-#define QEMU_HID_H
-
-#include "vmstate.h"
-
-#define HID_MOUSE 1
-#define HID_TABLET 2
-#define HID_KEYBOARD 3
-
-typedef struct HIDPointerEvent {
- int32_t xdx, ydy; /* relative iff it's a mouse, otherwise absolute */
- int32_t dz, buttons_state;
-} HIDPointerEvent;
-
-#define QUEUE_LENGTH 16 /* should be enough for a triple-click */
-#define QUEUE_MASK (QUEUE_LENGTH-1u)
-#define QUEUE_INCR(v) ((v)++, (v) &= QUEUE_MASK)
-
-typedef struct HIDState HIDState;
-typedef void (*HIDEventFunc)(HIDState *s);
-
-typedef struct HIDMouseState {
- HIDPointerEvent queue[QUEUE_LENGTH];
- int mouse_grabbed;
- QEMUPutMouseEntry *eh_entry;
-} HIDMouseState;
-
-typedef struct HIDKeyboardState {
- uint32_t keycodes[QUEUE_LENGTH];
- uint16_t modifiers;
- uint8_t leds;
- uint8_t key[16];
- int32_t keys;
-} HIDKeyboardState;
-
-struct HIDState {
- union {
- HIDMouseState ptr;
- HIDKeyboardState kbd;
- };
- uint32_t head; /* index into circular queue */
- uint32_t n;
- int kind;
- int32_t protocol;
- uint8_t idle;
- int64_t next_idle_clock;
- HIDEventFunc event;
-};
-
-void hid_init(HIDState *hs, int kind, HIDEventFunc event);
-void hid_reset(HIDState *hs);
-void hid_free(HIDState *hs);
-
-bool hid_has_events(HIDState *hs);
-void hid_set_next_idle(HIDState *hs, int64_t curtime);
-void hid_pointer_activate(HIDState *hs);
-int hid_pointer_poll(HIDState *hs, uint8_t *buf, int len);
-int hid_keyboard_poll(HIDState *hs, uint8_t *buf, int len);
-int hid_keyboard_write(HIDState *hs, uint8_t *buf, int len);
-
-extern const VMStateDescription vmstate_hid_keyboard_device;
-
-#define VMSTATE_HID_KEYBOARD_DEVICE(_field, _state) { \
- .name = (stringify(_field)), \
- .size = sizeof(HIDState), \
- .vmsd = &vmstate_hid_keyboard_device, \
- .flags = VMS_STRUCT, \
- .offset = vmstate_offset_value(_state, _field, HIDState), \
-}
-
-extern const VMStateDescription vmstate_hid_ptr_device;
-
-#define VMSTATE_HID_POINTER_DEVICE(_field, _state) { \
- .name = (stringify(_field)), \
- .size = sizeof(HIDState), \
- .vmsd = &vmstate_hid_ptr_device, \
- .flags = VMS_STRUCT, \
- .offset = vmstate_offset_value(_state, _field, HIDState), \
-}
-
-
-#endif /* QEMU_HID_H */
diff --git a/hw/highbank.c b/hw/highbank.c
deleted file mode 100644
index afbb00542..000000000
--- a/hw/highbank.c
+++ /dev/null
@@ -1,338 +0,0 @@
-/*
- * Calxeda Highbank SoC emulation
- *
- * Copyright (c) 2010-2012 Calxeda
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms and conditions of the GNU General Public License,
- * version 2 or later, as published by the Free Software Foundation.
- *
- * This program is distributed in the hope it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
- * more details.
- *
- * You should have received a copy of the GNU General Public License along with
- * this program. If not, see <http://www.gnu.org/licenses/>.
- *
- */
-
-#include "sysbus.h"
-#include "arm-misc.h"
-#include "devices.h"
-#include "loader.h"
-#include "net.h"
-#include "sysemu.h"
-#include "boards.h"
-#include "sysbus.h"
-#include "blockdev.h"
-#include "exec-memory.h"
-
-#define SMP_BOOT_ADDR 0x100
-#define SMP_BOOT_REG 0x40
-#define GIC_BASE_ADDR 0xfff10000
-
-#define NIRQ_GIC 160
-
-/* Board init. */
-
-static void hb_write_secondary(ARMCPU *cpu, const struct arm_boot_info *info)
-{
- int n;
- uint32_t smpboot[] = {
- 0xee100fb0, /* mrc p15, 0, r0, c0, c0, 5 - read current core id */
- 0xe210000f, /* ands r0, r0, #0x0f */
- 0xe3a03040, /* mov r3, #0x40 - jump address is 0x40 + 0x10 * core id */
- 0xe0830200, /* add r0, r3, r0, lsl #4 */
- 0xe59f2018, /* ldr r2, privbase */
- 0xe3a01001, /* mov r1, #1 */
- 0xe5821100, /* str r1, [r2, #256] */
- 0xe320f003, /* wfi */
- 0xe5901000, /* ldr r1, [r0] */
- 0xe1110001, /* tst r1, r1 */
- 0x0afffffb, /* beq <wfi> */
- 0xe12fff11, /* bx r1 */
- GIC_BASE_ADDR /* privbase: gic address. */
- };
- for (n = 0; n < ARRAY_SIZE(smpboot); n++) {
- smpboot[n] = tswap32(smpboot[n]);
- }
- rom_add_blob_fixed("smpboot", smpboot, sizeof(smpboot), SMP_BOOT_ADDR);
-}
-
-static void hb_reset_secondary(ARMCPU *cpu, const struct arm_boot_info *info)
-{
- CPUARMState *env = &cpu->env;
-
- switch (info->nb_cpus) {
- case 4:
- stl_phys_notdirty(SMP_BOOT_REG + 0x30, 0);
- case 3:
- stl_phys_notdirty(SMP_BOOT_REG + 0x20, 0);
- case 2:
- stl_phys_notdirty(SMP_BOOT_REG + 0x10, 0);
- env->regs[15] = SMP_BOOT_ADDR;
- break;
- default:
- break;
- }
-}
-
-#define NUM_REGS 0x200
-static void hb_regs_write(void *opaque, hwaddr offset,
- uint64_t value, unsigned size)
-{
- uint32_t *regs = opaque;
-
- if (offset == 0xf00) {
- if (value == 1 || value == 2) {
- qemu_system_reset_request();
- } else if (value == 3) {
- qemu_system_shutdown_request();
- }
- }
-
- regs[offset/4] = value;
-}
-
-static uint64_t hb_regs_read(void *opaque, hwaddr offset,
- unsigned size)
-{
- uint32_t *regs = opaque;
- uint32_t value = regs[offset/4];
-
- if ((offset == 0x100) || (offset == 0x108) || (offset == 0x10C)) {
- value |= 0x30000000;
- }
-
- return value;
-}
-
-static const MemoryRegionOps hb_mem_ops = {
- .read = hb_regs_read,
- .write = hb_regs_write,
- .endianness = DEVICE_NATIVE_ENDIAN,
-};
-
-typedef struct {
- SysBusDevice busdev;
- MemoryRegion *iomem;
- uint32_t regs[NUM_REGS];
-} HighbankRegsState;
-
-static VMStateDescription vmstate_highbank_regs = {
- .name = "highbank-regs",
- .version_id = 0,
- .minimum_version_id = 0,
- .minimum_version_id_old = 0,
- .fields = (VMStateField[]) {
- VMSTATE_UINT32_ARRAY(regs, HighbankRegsState, NUM_REGS),
- VMSTATE_END_OF_LIST(),
- },
-};
-
-static void highbank_regs_reset(DeviceState *dev)
-{
- SysBusDevice *sys_dev = sysbus_from_qdev(dev);
- HighbankRegsState *s = FROM_SYSBUS(HighbankRegsState, sys_dev);
-
- s->regs[0x40] = 0x05F20121;
- s->regs[0x41] = 0x2;
- s->regs[0x42] = 0x05F30121;
- s->regs[0x43] = 0x05F40121;
-}
-
-static int highbank_regs_init(SysBusDevice *dev)
-{
- HighbankRegsState *s = FROM_SYSBUS(HighbankRegsState, dev);
-
- s->iomem = g_new(MemoryRegion, 1);
- memory_region_init_io(s->iomem, &hb_mem_ops, s->regs, "highbank_regs",
- 0x1000);
- sysbus_init_mmio(dev, s->iomem);
-
- return 0;
-}
-
-static void highbank_regs_class_init(ObjectClass *klass, void *data)
-{
- SysBusDeviceClass *sbc = SYS_BUS_DEVICE_CLASS(klass);
- DeviceClass *dc = DEVICE_CLASS(klass);
-
- sbc->init = highbank_regs_init;
- dc->desc = "Calxeda Highbank registers";
- dc->vmsd = &vmstate_highbank_regs;
- dc->reset = highbank_regs_reset;
-}
-
-static TypeInfo highbank_regs_info = {
- .name = "highbank-regs",
- .parent = TYPE_SYS_BUS_DEVICE,
- .instance_size = sizeof(HighbankRegsState),
- .class_init = highbank_regs_class_init,
-};
-
-static void highbank_regs_register_types(void)
-{
- type_register_static(&highbank_regs_info);
-}
-
-type_init(highbank_regs_register_types)
-
-static struct arm_boot_info highbank_binfo;
-
-/* ram_size must be set to match the upper bound of memory in the
- * device tree (linux/arch/arm/boot/dts/highbank.dts), which is
- * normally 0xff900000 or -m 4089. When running this board on a
- * 32-bit host, set the reg value of memory to 0xf7ff00000 in the
- * device tree and pass -m 2047 to QEMU.
- */
-static void highbank_init(QEMUMachineInitArgs *args)
-{
- ram_addr_t ram_size = args->ram_size;
- const char *cpu_model = args->cpu_model;
- const char *kernel_filename = args->kernel_filename;
- const char *kernel_cmdline = args->kernel_cmdline;
- const char *initrd_filename = args->initrd_filename;
- DeviceState *dev;
- SysBusDevice *busdev;
- qemu_irq *irqp;
- qemu_irq pic[128];
- int n;
- qemu_irq cpu_irq[4];
- MemoryRegion *sysram;
- MemoryRegion *dram;
- MemoryRegion *sysmem;
- char *sysboot_filename;
-
- if (!cpu_model) {
- cpu_model = "cortex-a9";
- }
-
- for (n = 0; n < smp_cpus; n++) {
- ARMCPU *cpu;
- cpu = cpu_arm_init(cpu_model);
- if (cpu == NULL) {
- fprintf(stderr, "Unable to find CPU definition\n");
- exit(1);
- }
-
- /* This will become a QOM property eventually */
- cpu->reset_cbar = GIC_BASE_ADDR;
- irqp = arm_pic_init_cpu(cpu);
- cpu_irq[n] = irqp[ARM_PIC_CPU_IRQ];
- }
-
- sysmem = get_system_memory();
- dram = g_new(MemoryRegion, 1);
- memory_region_init_ram(dram, "highbank.dram", ram_size);
- /* SDRAM at address zero. */
- memory_region_add_subregion(sysmem, 0, dram);
-
- sysram = g_new(MemoryRegion, 1);
- memory_region_init_ram(sysram, "highbank.sysram", 0x8000);
- memory_region_add_subregion(sysmem, 0xfff88000, sysram);
- if (bios_name != NULL) {
- sysboot_filename = qemu_find_file(QEMU_FILE_TYPE_BIOS, bios_name);
- if (sysboot_filename != NULL) {
- uint32_t filesize = get_image_size(sysboot_filename);
- if (load_image_targphys("sysram.bin", 0xfff88000, filesize) < 0) {
- hw_error("Unable to load %s\n", bios_name);
- }
- } else {
- hw_error("Unable to find %s\n", bios_name);
- }
- }
-
- dev = qdev_create(NULL, "a9mpcore_priv");
- qdev_prop_set_uint32(dev, "num-cpu", smp_cpus);
- qdev_prop_set_uint32(dev, "num-irq", NIRQ_GIC);
- qdev_init_nofail(dev);
- busdev = sysbus_from_qdev(dev);
- sysbus_mmio_map(busdev, 0, GIC_BASE_ADDR);
- for (n = 0; n < smp_cpus; n++) {
- sysbus_connect_irq(busdev, n, cpu_irq[n]);
- }
-
- for (n = 0; n < 128; n++) {
- pic[n] = qdev_get_gpio_in(dev, n);
- }
-
- dev = qdev_create(NULL, "l2x0");
- qdev_init_nofail(dev);
- busdev = sysbus_from_qdev(dev);
- sysbus_mmio_map(busdev, 0, 0xfff12000);
-
- dev = qdev_create(NULL, "sp804");
- qdev_prop_set_uint32(dev, "freq0", 150000000);
- qdev_prop_set_uint32(dev, "freq1", 150000000);
- qdev_init_nofail(dev);
- busdev = sysbus_from_qdev(dev);
- sysbus_mmio_map(busdev, 0, 0xfff34000);
- sysbus_connect_irq(busdev, 0, pic[18]);
- sysbus_create_simple("pl011", 0xfff36000, pic[20]);
-
- dev = qdev_create(NULL, "highbank-regs");
- qdev_init_nofail(dev);
- busdev = sysbus_from_qdev(dev);
- sysbus_mmio_map(busdev, 0, 0xfff3c000);
-
- sysbus_create_simple("pl061", 0xfff30000, pic[14]);
- sysbus_create_simple("pl061", 0xfff31000, pic[15]);
- sysbus_create_simple("pl061", 0xfff32000, pic[16]);
- sysbus_create_simple("pl061", 0xfff33000, pic[17]);
- sysbus_create_simple("pl031", 0xfff35000, pic[19]);
- sysbus_create_simple("pl022", 0xfff39000, pic[23]);
-
- sysbus_create_simple("sysbus-ahci", 0xffe08000, pic[83]);
-
- if (nd_table[0].used) {
- qemu_check_nic_model(&nd_table[0], "xgmac");
- dev = qdev_create(NULL, "xgmac");
- qdev_set_nic_properties(dev, &nd_table[0]);
- qdev_init_nofail(dev);
- sysbus_mmio_map(sysbus_from_qdev(dev), 0, 0xfff50000);
- sysbus_connect_irq(sysbus_from_qdev(dev), 0, pic[77]);
- sysbus_connect_irq(sysbus_from_qdev(dev), 1, pic[78]);
- sysbus_connect_irq(sysbus_from_qdev(dev), 2, pic[79]);
-
- qemu_check_nic_model(&nd_table[1], "xgmac");
- dev = qdev_create(NULL, "xgmac");
- qdev_set_nic_properties(dev, &nd_table[1]);
- qdev_init_nofail(dev);
- sysbus_mmio_map(sysbus_from_qdev(dev), 0, 0xfff51000);
- sysbus_connect_irq(sysbus_from_qdev(dev), 0, pic[80]);
- sysbus_connect_irq(sysbus_from_qdev(dev), 1, pic[81]);
- sysbus_connect_irq(sysbus_from_qdev(dev), 2, pic[82]);
- }
-
- highbank_binfo.ram_size = ram_size;
- highbank_binfo.kernel_filename = kernel_filename;
- highbank_binfo.kernel_cmdline = kernel_cmdline;
- highbank_binfo.initrd_filename = initrd_filename;
- /* highbank requires a dtb in order to boot, and the dtb will override
- * the board ID. The following value is ignored, so set it to -1 to be
- * clear that the value is meaningless.
- */
- highbank_binfo.board_id = -1;
- highbank_binfo.nb_cpus = smp_cpus;
- highbank_binfo.loader_start = 0;
- highbank_binfo.write_secondary_boot = hb_write_secondary;
- highbank_binfo.secondary_cpu_reset_hook = hb_reset_secondary;
- arm_load_kernel(arm_env_get_cpu(first_cpu), &highbank_binfo);
-}
-
-static QEMUMachine highbank_machine = {
- .name = "highbank",
- .desc = "Calxeda Highbank (ECX-1000)",
- .init = highbank_init,
- .use_scsi = 1,
- .max_cpus = 4,
-};
-
-static void highbank_machine_init(void)
-{
- qemu_register_machine(&highbank_machine);
-}
-
-machine_init(highbank_machine_init);
diff --git a/hw/hpet.c b/hw/hpet.c
deleted file mode 100644
index 50ac067ec..000000000
--- a/hw/hpet.c
+++ /dev/null
@@ -1,760 +0,0 @@
-/*
- * High Precisition Event Timer emulation
- *
- * Copyright (c) 2007 Alexander Graf
- * Copyright (c) 2008 IBM Corporation
- *
- * Authors: Beth Kon <bkon@us.ibm.com>
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, see <http://www.gnu.org/licenses/>.
- *
- * *****************************************************************
- *
- * This driver attempts to emulate an HPET device in software.
- */
-
-#include "hw.h"
-#include "pc.h"
-#include "console.h"
-#include "qemu-timer.h"
-#include "hpet_emul.h"
-#include "sysbus.h"
-#include "mc146818rtc.h"
-#include "i8254.h"
-
-//#define HPET_DEBUG
-#ifdef HPET_DEBUG
-#define DPRINTF printf
-#else
-#define DPRINTF(...)
-#endif
-
-#define HPET_MSI_SUPPORT 0
-
-struct HPETState;
-typedef struct HPETTimer { /* timers */
- uint8_t tn; /*timer number*/
- QEMUTimer *qemu_timer;
- struct HPETState *state;
- /* Memory-mapped, software visible timer registers */
- uint64_t config; /* configuration/cap */
- uint64_t cmp; /* comparator */
- uint64_t fsb; /* FSB route */
- /* Hidden register state */
- uint64_t period; /* Last value written to comparator */
- uint8_t wrap_flag; /* timer pop will indicate wrap for one-shot 32-bit
- * mode. Next pop will be actual timer expiration.
- */
-} HPETTimer;
-
-typedef struct HPETState {
- SysBusDevice busdev;
- MemoryRegion iomem;
- uint64_t hpet_offset;
- qemu_irq irqs[HPET_NUM_IRQ_ROUTES];
- uint32_t flags;
- uint8_t rtc_irq_level;
- qemu_irq pit_enabled;
- uint8_t num_timers;
- HPETTimer timer[HPET_MAX_TIMERS];
-
- /* Memory-mapped, software visible registers */
- uint64_t capability; /* capabilities */
- uint64_t config; /* configuration */
- uint64_t isr; /* interrupt status reg */
- uint64_t hpet_counter; /* main counter */
- uint8_t hpet_id; /* instance id */
-} HPETState;
-
-static uint32_t hpet_in_legacy_mode(HPETState *s)
-{
- return s->config & HPET_CFG_LEGACY;
-}
-
-static uint32_t timer_int_route(struct HPETTimer *timer)
-{
- return (timer->config & HPET_TN_INT_ROUTE_MASK) >> HPET_TN_INT_ROUTE_SHIFT;
-}
-
-static uint32_t timer_fsb_route(HPETTimer *t)
-{
- return t->config & HPET_TN_FSB_ENABLE;
-}
-
-static uint32_t hpet_enabled(HPETState *s)
-{
- return s->config & HPET_CFG_ENABLE;
-}
-
-static uint32_t timer_is_periodic(HPETTimer *t)
-{
- return t->config & HPET_TN_PERIODIC;
-}
-
-static uint32_t timer_enabled(HPETTimer *t)
-{
- return t->config & HPET_TN_ENABLE;
-}
-
-static uint32_t hpet_time_after(uint64_t a, uint64_t b)
-{
- return ((int32_t)(b) - (int32_t)(a) < 0);
-}
-
-static uint32_t hpet_time_after64(uint64_t a, uint64_t b)
-{
- return ((int64_t)(b) - (int64_t)(a) < 0);
-}
-
-static uint64_t ticks_to_ns(uint64_t value)
-{
- return (muldiv64(value, HPET_CLK_PERIOD, FS_PER_NS));
-}
-
-static uint64_t ns_to_ticks(uint64_t value)
-{
- return (muldiv64(value, FS_PER_NS, HPET_CLK_PERIOD));
-}
-
-static uint64_t hpet_fixup_reg(uint64_t new, uint64_t old, uint64_t mask)
-{
- new &= mask;
- new |= old & ~mask;
- return new;
-}
-
-static int activating_bit(uint64_t old, uint64_t new, uint64_t mask)
-{
- return (!(old & mask) && (new & mask));
-}
-
-static int deactivating_bit(uint64_t old, uint64_t new, uint64_t mask)
-{
- return ((old & mask) && !(new & mask));
-}
-
-static uint64_t hpet_get_ticks(HPETState *s)
-{
- return ns_to_ticks(qemu_get_clock_ns(vm_clock) + s->hpet_offset);
-}
-
-/*
- * calculate diff between comparator value and current ticks
- */
-static inline uint64_t hpet_calculate_diff(HPETTimer *t, uint64_t current)
-{
-
- if (t->config & HPET_TN_32BIT) {
- uint32_t diff, cmp;
-
- cmp = (uint32_t)t->cmp;
- diff = cmp - (uint32_t)current;
- diff = (int32_t)diff > 0 ? diff : (uint32_t)1;
- return (uint64_t)diff;
- } else {
- uint64_t diff, cmp;
-
- cmp = t->cmp;
- diff = cmp - current;
- diff = (int64_t)diff > 0 ? diff : (uint64_t)1;
- return diff;
- }
-}
-
-static void update_irq(struct HPETTimer *timer, int set)
-{
- uint64_t mask;
- HPETState *s;
- int route;
-
- if (timer->tn <= 1 && hpet_in_legacy_mode(timer->state)) {
- /* if LegacyReplacementRoute bit is set, HPET specification requires
- * timer0 be routed to IRQ0 in NON-APIC or IRQ2 in the I/O APIC,
- * timer1 be routed to IRQ8 in NON-APIC or IRQ8 in the I/O APIC.
- */
- route = (timer->tn == 0) ? 0 : RTC_ISA_IRQ;
- } else {
- route = timer_int_route(timer);
- }
- s = timer->state;
- mask = 1 << timer->tn;
- if (!set || !timer_enabled(timer) || !hpet_enabled(timer->state)) {
- s->isr &= ~mask;
- if (!timer_fsb_route(timer)) {
- qemu_irq_lower(s->irqs[route]);
- }
- } else if (timer_fsb_route(timer)) {
- stl_le_phys(timer->fsb >> 32, timer->fsb & 0xffffffff);
- } else if (timer->config & HPET_TN_TYPE_LEVEL) {
- s->isr |= mask;
- qemu_irq_raise(s->irqs[route]);
- } else {
- s->isr &= ~mask;
- qemu_irq_pulse(s->irqs[route]);
- }
-}
-
-static void hpet_pre_save(void *opaque)
-{
- HPETState *s = opaque;
-
- /* save current counter value */
- s->hpet_counter = hpet_get_ticks(s);
-}
-
-static int hpet_pre_load(void *opaque)
-{
- HPETState *s = opaque;
-
- /* version 1 only supports 3, later versions will load the actual value */
- s->num_timers = HPET_MIN_TIMERS;
- return 0;
-}
-
-static int hpet_post_load(void *opaque, int version_id)
-{
- HPETState *s = opaque;
-
- /* Recalculate the offset between the main counter and guest time */
- s->hpet_offset = ticks_to_ns(s->hpet_counter) - qemu_get_clock_ns(vm_clock);
-
- /* Push number of timers into capability returned via HPET_ID */
- s->capability &= ~HPET_ID_NUM_TIM_MASK;
- s->capability |= (s->num_timers - 1) << HPET_ID_NUM_TIM_SHIFT;
- hpet_cfg.hpet[s->hpet_id].event_timer_block_id = (uint32_t)s->capability;
-
- /* Derive HPET_MSI_SUPPORT from the capability of the first timer. */
- s->flags &= ~(1 << HPET_MSI_SUPPORT);
- if (s->timer[0].config & HPET_TN_FSB_CAP) {
- s->flags |= 1 << HPET_MSI_SUPPORT;
- }
- return 0;
-}
-
-static bool hpet_rtc_irq_level_needed(void *opaque)
-{
- HPETState *s = opaque;
-
- return s->rtc_irq_level != 0;
-}
-
-static const VMStateDescription vmstate_hpet_rtc_irq_level = {
- .name = "hpet/rtc_irq_level",
- .version_id = 1,
- .minimum_version_id = 1,
- .minimum_version_id_old = 1,
- .fields = (VMStateField[]) {
- VMSTATE_UINT8(rtc_irq_level, HPETState),
- VMSTATE_END_OF_LIST()
- }
-};
-
-static const VMStateDescription vmstate_hpet_timer = {
- .name = "hpet_timer",
- .version_id = 1,
- .minimum_version_id = 1,
- .minimum_version_id_old = 1,
- .fields = (VMStateField []) {
- VMSTATE_UINT8(tn, HPETTimer),
- VMSTATE_UINT64(config, HPETTimer),
- VMSTATE_UINT64(cmp, HPETTimer),
- VMSTATE_UINT64(fsb, HPETTimer),
- VMSTATE_UINT64(period, HPETTimer),
- VMSTATE_UINT8(wrap_flag, HPETTimer),
- VMSTATE_TIMER(qemu_timer, HPETTimer),
- VMSTATE_END_OF_LIST()
- }
-};
-
-static const VMStateDescription vmstate_hpet = {
- .name = "hpet",
- .version_id = 2,
- .minimum_version_id = 1,
- .minimum_version_id_old = 1,
- .pre_save = hpet_pre_save,
- .pre_load = hpet_pre_load,
- .post_load = hpet_post_load,
- .fields = (VMStateField []) {
- VMSTATE_UINT64(config, HPETState),
- VMSTATE_UINT64(isr, HPETState),
- VMSTATE_UINT64(hpet_counter, HPETState),
- VMSTATE_UINT8_V(num_timers, HPETState, 2),
- VMSTATE_STRUCT_VARRAY_UINT8(timer, HPETState, num_timers, 0,
- vmstate_hpet_timer, HPETTimer),
- VMSTATE_END_OF_LIST()
- },
- .subsections = (VMStateSubsection[]) {
- {
- .vmsd = &vmstate_hpet_rtc_irq_level,
- .needed = hpet_rtc_irq_level_needed,
- }, {
- /* empty */
- }
- }
-};
-
-/*
- * timer expiration callback
- */
-static void hpet_timer(void *opaque)
-{
- HPETTimer *t = opaque;
- uint64_t diff;
-
- uint64_t period = t->period;
- uint64_t cur_tick = hpet_get_ticks(t->state);
-
- if (timer_is_periodic(t) && period != 0) {
- if (t->config & HPET_TN_32BIT) {
- while (hpet_time_after(cur_tick, t->cmp)) {
- t->cmp = (uint32_t)(t->cmp + t->period);
- }
- } else {
- while (hpet_time_after64(cur_tick, t->cmp)) {
- t->cmp += period;
- }
- }
- diff = hpet_calculate_diff(t, cur_tick);
- qemu_mod_timer(t->qemu_timer,
- qemu_get_clock_ns(vm_clock) + (int64_t)ticks_to_ns(diff));
- } else if (t->config & HPET_TN_32BIT && !timer_is_periodic(t)) {
- if (t->wrap_flag) {
- diff = hpet_calculate_diff(t, cur_tick);
- qemu_mod_timer(t->qemu_timer, qemu_get_clock_ns(vm_clock) +
- (int64_t)ticks_to_ns(diff));
- t->wrap_flag = 0;
- }
- }
- update_irq(t, 1);
-}
-
-static void hpet_set_timer(HPETTimer *t)
-{
- uint64_t diff;
- uint32_t wrap_diff; /* how many ticks until we wrap? */
- uint64_t cur_tick = hpet_get_ticks(t->state);
-
- /* whenever new timer is being set up, make sure wrap_flag is 0 */
- t->wrap_flag = 0;
- diff = hpet_calculate_diff(t, cur_tick);
-
- /* hpet spec says in one-shot 32-bit mode, generate an interrupt when
- * counter wraps in addition to an interrupt with comparator match.
- */
- if (t->config & HPET_TN_32BIT && !timer_is_periodic(t)) {
- wrap_diff = 0xffffffff - (uint32_t)cur_tick;
- if (wrap_diff < (uint32_t)diff) {
- diff = wrap_diff;
- t->wrap_flag = 1;
- }
- }
- qemu_mod_timer(t->qemu_timer,
- qemu_get_clock_ns(vm_clock) + (int64_t)ticks_to_ns(diff));
-}
-
-static void hpet_del_timer(HPETTimer *t)
-{
- qemu_del_timer(t->qemu_timer);
- update_irq(t, 0);
-}
-
-#ifdef HPET_DEBUG
-static uint32_t hpet_ram_readb(void *opaque, hwaddr addr)
-{
- printf("qemu: hpet_read b at %" PRIx64 "\n", addr);
- return 0;
-}
-
-static uint32_t hpet_ram_readw(void *opaque, hwaddr addr)
-{
- printf("qemu: hpet_read w at %" PRIx64 "\n", addr);
- return 0;
-}
-#endif
-
-static uint64_t hpet_ram_read(void *opaque, hwaddr addr,
- unsigned size)
-{
- HPETState *s = opaque;
- uint64_t cur_tick, index;
-
- DPRINTF("qemu: Enter hpet_ram_readl at %" PRIx64 "\n", addr);
- index = addr;
- /*address range of all TN regs*/
- if (index >= 0x100 && index <= 0x3ff) {
- uint8_t timer_id = (addr - 0x100) / 0x20;
- HPETTimer *timer = &s->timer[timer_id];
-
- if (timer_id > s->num_timers) {
- DPRINTF("qemu: timer id out of range\n");
- return 0;
- }
-
- switch ((addr - 0x100) % 0x20) {
- case HPET_TN_CFG:
- return timer->config;
- case HPET_TN_CFG + 4: // Interrupt capabilities
- return timer->config >> 32;
- case HPET_TN_CMP: // comparator register
- return timer->cmp;
- case HPET_TN_CMP + 4:
- return timer->cmp >> 32;
- case HPET_TN_ROUTE:
- return timer->fsb;
- case HPET_TN_ROUTE + 4:
- return timer->fsb >> 32;
- default:
- DPRINTF("qemu: invalid hpet_ram_readl\n");
- break;
- }
- } else {
- switch (index) {
- case HPET_ID:
- return s->capability;
- case HPET_PERIOD:
- return s->capability >> 32;
- case HPET_CFG:
- return s->config;
- case HPET_CFG + 4:
- DPRINTF("qemu: invalid HPET_CFG + 4 hpet_ram_readl\n");
- return 0;
- case HPET_COUNTER:
- if (hpet_enabled(s)) {
- cur_tick = hpet_get_ticks(s);
- } else {
- cur_tick = s->hpet_counter;
- }
- DPRINTF("qemu: reading counter = %" PRIx64 "\n", cur_tick);
- return cur_tick;
- case HPET_COUNTER + 4:
- if (hpet_enabled(s)) {
- cur_tick = hpet_get_ticks(s);
- } else {
- cur_tick = s->hpet_counter;
- }
- DPRINTF("qemu: reading counter + 4 = %" PRIx64 "\n", cur_tick);
- return cur_tick >> 32;
- case HPET_STATUS:
- return s->isr;
- default:
- DPRINTF("qemu: invalid hpet_ram_readl\n");
- break;
- }
- }
- return 0;
-}
-
-static void hpet_ram_write(void *opaque, hwaddr addr,
- uint64_t value, unsigned size)
-{
- int i;
- HPETState *s = opaque;
- uint64_t old_val, new_val, val, index;
-
- DPRINTF("qemu: Enter hpet_ram_writel at %" PRIx64 " = %#x\n", addr, value);
- index = addr;
- old_val = hpet_ram_read(opaque, addr, 4);
- new_val = value;
-
- /*address range of all TN regs*/
- if (index >= 0x100 && index <= 0x3ff) {
- uint8_t timer_id = (addr - 0x100) / 0x20;
- HPETTimer *timer = &s->timer[timer_id];
-
- DPRINTF("qemu: hpet_ram_writel timer_id = %#x\n", timer_id);
- if (timer_id > s->num_timers) {
- DPRINTF("qemu: timer id out of range\n");
- return;
- }
- switch ((addr - 0x100) % 0x20) {
- case HPET_TN_CFG:
- DPRINTF("qemu: hpet_ram_writel HPET_TN_CFG\n");
- if (activating_bit(old_val, new_val, HPET_TN_FSB_ENABLE)) {
- update_irq(timer, 0);
- }
- val = hpet_fixup_reg(new_val, old_val, HPET_TN_CFG_WRITE_MASK);
- timer->config = (timer->config & 0xffffffff00000000ULL) | val;
- if (new_val & HPET_TN_32BIT) {
- timer->cmp = (uint32_t)timer->cmp;
- timer->period = (uint32_t)timer->period;
- }
- if (activating_bit(old_val, new_val, HPET_TN_ENABLE)) {
- hpet_set_timer(timer);
- } else if (deactivating_bit(old_val, new_val, HPET_TN_ENABLE)) {
- hpet_del_timer(timer);
- }
- break;
- case HPET_TN_CFG + 4: // Interrupt capabilities
- DPRINTF("qemu: invalid HPET_TN_CFG+4 write\n");
- break;
- case HPET_TN_CMP: // comparator register
- DPRINTF("qemu: hpet_ram_writel HPET_TN_CMP\n");
- if (timer->config & HPET_TN_32BIT) {
- new_val = (uint32_t)new_val;
- }
- if (!timer_is_periodic(timer)
- || (timer->config & HPET_TN_SETVAL)) {
- timer->cmp = (timer->cmp & 0xffffffff00000000ULL) | new_val;
- }
- if (timer_is_periodic(timer)) {
- /*
- * FIXME: Clamp period to reasonable min value?
- * Clamp period to reasonable max value
- */
- new_val &= (timer->config & HPET_TN_32BIT ? ~0u : ~0ull) >> 1;
- timer->period =
- (timer->period & 0xffffffff00000000ULL) | new_val;
- }
- timer->config &= ~HPET_TN_SETVAL;
- if (hpet_enabled(s)) {
- hpet_set_timer(timer);
- }
- break;
- case HPET_TN_CMP + 4: // comparator register high order
- DPRINTF("qemu: hpet_ram_writel HPET_TN_CMP + 4\n");
- if (!timer_is_periodic(timer)
- || (timer->config & HPET_TN_SETVAL)) {
- timer->cmp = (timer->cmp & 0xffffffffULL) | new_val << 32;
- } else {
- /*
- * FIXME: Clamp period to reasonable min value?
- * Clamp period to reasonable max value
- */
- new_val &= (timer->config & HPET_TN_32BIT ? ~0u : ~0ull) >> 1;
- timer->period =
- (timer->period & 0xffffffffULL) | new_val << 32;
- }
- timer->config &= ~HPET_TN_SETVAL;
- if (hpet_enabled(s)) {
- hpet_set_timer(timer);
- }
- break;
- case HPET_TN_ROUTE:
- timer->fsb = (timer->fsb & 0xffffffff00000000ULL) | new_val;
- break;
- case HPET_TN_ROUTE + 4:
- timer->fsb = (new_val << 32) | (timer->fsb & 0xffffffff);
- break;
- default:
- DPRINTF("qemu: invalid hpet_ram_writel\n");
- break;
- }
- return;
- } else {
- switch (index) {
- case HPET_ID:
- return;
- case HPET_CFG:
- val = hpet_fixup_reg(new_val, old_val, HPET_CFG_WRITE_MASK);
- s->config = (s->config & 0xffffffff00000000ULL) | val;
- if (activating_bit(old_val, new_val, HPET_CFG_ENABLE)) {
- /* Enable main counter and interrupt generation. */
- s->hpet_offset =
- ticks_to_ns(s->hpet_counter) - qemu_get_clock_ns(vm_clock);
- for (i = 0; i < s->num_timers; i++) {
- if ((&s->timer[i])->cmp != ~0ULL) {
- hpet_set_timer(&s->timer[i]);
- }
- }
- } else if (deactivating_bit(old_val, new_val, HPET_CFG_ENABLE)) {
- /* Halt main counter and disable interrupt generation. */
- s->hpet_counter = hpet_get_ticks(s);
- for (i = 0; i < s->num_timers; i++) {
- hpet_del_timer(&s->timer[i]);
- }
- }
- /* i8254 and RTC output pins are disabled
- * when HPET is in legacy mode */
- if (activating_bit(old_val, new_val, HPET_CFG_LEGACY)) {
- qemu_set_irq(s->pit_enabled, 0);
- qemu_irq_lower(s->irqs[0]);
- qemu_irq_lower(s->irqs[RTC_ISA_IRQ]);
- } else if (deactivating_bit(old_val, new_val, HPET_CFG_LEGACY)) {
- qemu_irq_lower(s->irqs[0]);
- qemu_set_irq(s->pit_enabled, 1);
- qemu_set_irq(s->irqs[RTC_ISA_IRQ], s->rtc_irq_level);
- }
- break;
- case HPET_CFG + 4:
- DPRINTF("qemu: invalid HPET_CFG+4 write\n");
- break;
- case HPET_STATUS:
- val = new_val & s->isr;
- for (i = 0; i < s->num_timers; i++) {
- if (val & (1 << i)) {
- update_irq(&s->timer[i], 0);
- }
- }
- break;
- case HPET_COUNTER:
- if (hpet_enabled(s)) {
- DPRINTF("qemu: Writing counter while HPET enabled!\n");
- }
- s->hpet_counter =
- (s->hpet_counter & 0xffffffff00000000ULL) | value;
- DPRINTF("qemu: HPET counter written. ctr = %#x -> %" PRIx64 "\n",
- value, s->hpet_counter);
- break;
- case HPET_COUNTER + 4:
- if (hpet_enabled(s)) {
- DPRINTF("qemu: Writing counter while HPET enabled!\n");
- }
- s->hpet_counter =
- (s->hpet_counter & 0xffffffffULL) | (((uint64_t)value) << 32);
- DPRINTF("qemu: HPET counter + 4 written. ctr = %#x -> %" PRIx64 "\n",
- value, s->hpet_counter);
- break;
- default:
- DPRINTF("qemu: invalid hpet_ram_writel\n");
- break;
- }
- }
-}
-
-static const MemoryRegionOps hpet_ram_ops = {
- .read = hpet_ram_read,
- .write = hpet_ram_write,
- .valid = {
- .min_access_size = 4,
- .max_access_size = 4,
- },
- .endianness = DEVICE_NATIVE_ENDIAN,
-};
-
-static void hpet_reset(DeviceState *d)
-{
- HPETState *s = FROM_SYSBUS(HPETState, sysbus_from_qdev(d));
- int i;
-
- for (i = 0; i < s->num_timers; i++) {
- HPETTimer *timer = &s->timer[i];
-
- hpet_del_timer(timer);
- timer->cmp = ~0ULL;
- timer->config = HPET_TN_PERIODIC_CAP | HPET_TN_SIZE_CAP;
- if (s->flags & (1 << HPET_MSI_SUPPORT)) {
- timer->config |= HPET_TN_FSB_CAP;
- }
- /* advertise availability of ioapic inti2 */
- timer->config |= 0x00000004ULL << 32;
- timer->period = 0ULL;
- timer->wrap_flag = 0;
- }
-
- qemu_set_irq(s->pit_enabled, 1);
- s->hpet_counter = 0ULL;
- s->hpet_offset = 0ULL;
- s->config = 0ULL;
- hpet_cfg.hpet[s->hpet_id].event_timer_block_id = (uint32_t)s->capability;
- hpet_cfg.hpet[s->hpet_id].address = sysbus_from_qdev(d)->mmio[0].addr;
-
- /* to document that the RTC lowers its output on reset as well */
- s->rtc_irq_level = 0;
-}
-
-static void hpet_handle_legacy_irq(void *opaque, int n, int level)
-{
- HPETState *s = FROM_SYSBUS(HPETState, opaque);
-
- if (n == HPET_LEGACY_PIT_INT) {
- if (!hpet_in_legacy_mode(s)) {
- qemu_set_irq(s->irqs[0], level);
- }
- } else {
- s->rtc_irq_level = level;
- if (!hpet_in_legacy_mode(s)) {
- qemu_set_irq(s->irqs[RTC_ISA_IRQ], level);
- }
- }
-}
-
-static int hpet_init(SysBusDevice *dev)
-{
- HPETState *s = FROM_SYSBUS(HPETState, dev);
- int i;
- HPETTimer *timer;
-
- if (hpet_cfg.count == UINT8_MAX) {
- /* first instance */
- hpet_cfg.count = 0;
- }
-
- if (hpet_cfg.count == 8) {
- fprintf(stderr, "Only 8 instances of HPET is allowed\n");
- return -1;
- }
-
- s->hpet_id = hpet_cfg.count++;
-
- for (i = 0; i < HPET_NUM_IRQ_ROUTES; i++) {
- sysbus_init_irq(dev, &s->irqs[i]);
- }
-
- if (s->num_timers < HPET_MIN_TIMERS) {
- s->num_timers = HPET_MIN_TIMERS;
- } else if (s->num_timers > HPET_MAX_TIMERS) {
- s->num_timers = HPET_MAX_TIMERS;
- }
- for (i = 0; i < HPET_MAX_TIMERS; i++) {
- timer = &s->timer[i];
- timer->qemu_timer = qemu_new_timer_ns(vm_clock, hpet_timer, timer);
- timer->tn = i;
- timer->state = s;
- }
-
- /* 64-bit main counter; LegacyReplacementRoute. */
- s->capability = 0x8086a001ULL;
- s->capability |= (s->num_timers - 1) << HPET_ID_NUM_TIM_SHIFT;
- s->capability |= ((HPET_CLK_PERIOD) << 32);
-
- qdev_init_gpio_in(&dev->qdev, hpet_handle_legacy_irq, 2);
- qdev_init_gpio_out(&dev->qdev, &s->pit_enabled, 1);
-
- /* HPET Area */
- memory_region_init_io(&s->iomem, &hpet_ram_ops, s, "hpet", 0x400);
- sysbus_init_mmio(dev, &s->iomem);
- return 0;
-}
-
-static Property hpet_device_properties[] = {
- DEFINE_PROP_UINT8("timers", HPETState, num_timers, HPET_MIN_TIMERS),
- DEFINE_PROP_BIT("msi", HPETState, flags, HPET_MSI_SUPPORT, false),
- DEFINE_PROP_END_OF_LIST(),
-};
-
-static void hpet_device_class_init(ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS(klass);
- SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
-
- k->init = hpet_init;
- dc->no_user = 1;
- dc->reset = hpet_reset;
- dc->vmsd = &vmstate_hpet;
- dc->props = hpet_device_properties;
-}
-
-static TypeInfo hpet_device_info = {
- .name = "hpet",
- .parent = TYPE_SYS_BUS_DEVICE,
- .instance_size = sizeof(HPETState),
- .class_init = hpet_device_class_init,
-};
-
-static void hpet_register_types(void)
-{
- type_register_static(&hpet_device_info);
-}
-
-type_init(hpet_register_types)
diff --git a/hw/hpet_emul.h b/hw/hpet_emul.h
deleted file mode 100644
index 757f79fdd..000000000
--- a/hw/hpet_emul.h
+++ /dev/null
@@ -1,74 +0,0 @@
-/*
- * QEMU Emulated HPET support
- *
- * Copyright IBM, Corp. 2008
- *
- * Authors:
- * Beth Kon <bkon@us.ibm.com>
- *
- * This work is licensed under the terms of the GNU GPL, version 2. See
- * the COPYING file in the top-level directory.
- *
- */
-#ifndef QEMU_HPET_EMUL_H
-#define QEMU_HPET_EMUL_H
-
-#define HPET_BASE 0xfed00000
-#define HPET_CLK_PERIOD 10000000ULL /* 10000000 femtoseconds == 10ns*/
-
-#define FS_PER_NS 1000000
-#define HPET_MIN_TIMERS 3
-#define HPET_MAX_TIMERS 32
-
-#define HPET_NUM_IRQ_ROUTES 32
-
-#define HPET_LEGACY_PIT_INT 0
-#define HPET_LEGACY_RTC_INT 1
-
-#define HPET_CFG_ENABLE 0x001
-#define HPET_CFG_LEGACY 0x002
-
-#define HPET_ID 0x000
-#define HPET_PERIOD 0x004
-#define HPET_CFG 0x010
-#define HPET_STATUS 0x020
-#define HPET_COUNTER 0x0f0
-#define HPET_TN_CFG 0x000
-#define HPET_TN_CMP 0x008
-#define HPET_TN_ROUTE 0x010
-#define HPET_CFG_WRITE_MASK 0x3
-
-#define HPET_ID_NUM_TIM_SHIFT 8
-#define HPET_ID_NUM_TIM_MASK 0x1f00
-
-#define HPET_TN_TYPE_LEVEL 0x002
-#define HPET_TN_ENABLE 0x004
-#define HPET_TN_PERIODIC 0x008
-#define HPET_TN_PERIODIC_CAP 0x010
-#define HPET_TN_SIZE_CAP 0x020
-#define HPET_TN_SETVAL 0x040
-#define HPET_TN_32BIT 0x100
-#define HPET_TN_INT_ROUTE_MASK 0x3e00
-#define HPET_TN_FSB_ENABLE 0x4000
-#define HPET_TN_FSB_CAP 0x8000
-#define HPET_TN_CFG_WRITE_MASK 0x7f4e
-#define HPET_TN_INT_ROUTE_SHIFT 9
-#define HPET_TN_INT_ROUTE_CAP_SHIFT 32
-#define HPET_TN_CFG_BITS_READONLY_OR_RESERVED 0xffff80b1U
-
-struct hpet_fw_entry
-{
- uint32_t event_timer_block_id;
- uint64_t address;
- uint16_t min_tick;
- uint8_t page_prot;
-} QEMU_PACKED;
-
-struct hpet_fw_config
-{
- uint8_t count;
- struct hpet_fw_entry hpet[8];
-} QEMU_PACKED;
-
-extern struct hpet_fw_config hpet_cfg;
-#endif
diff --git a/hw/hw.h b/hw/hw.h
deleted file mode 100644
index f530f6f41..000000000
--- a/hw/hw.h
+++ /dev/null
@@ -1,70 +0,0 @@
-/* Declarations for use by hardware emulation. */
-#ifndef QEMU_HW_H
-#define QEMU_HW_H
-
-#include "qemu-common.h"
-
-#if !defined(CONFIG_USER_ONLY) && !defined(NEED_CPU_H)
-#include "cpu-common.h"
-#endif
-
-#include "ioport.h"
-#include "irq.h"
-#include "qemu-aio.h"
-#include "qemu-file.h"
-#include "vmstate.h"
-#include "qemu-log.h"
-
-#ifdef NEED_CPU_H
-#if TARGET_LONG_BITS == 64
-#define qemu_put_betl qemu_put_be64
-#define qemu_get_betl qemu_get_be64
-#define qemu_put_betls qemu_put_be64s
-#define qemu_get_betls qemu_get_be64s
-#define qemu_put_sbetl qemu_put_sbe64
-#define qemu_get_sbetl qemu_get_sbe64
-#define qemu_put_sbetls qemu_put_sbe64s
-#define qemu_get_sbetls qemu_get_sbe64s
-#else
-#define qemu_put_betl qemu_put_be32
-#define qemu_get_betl qemu_get_be32
-#define qemu_put_betls qemu_put_be32s
-#define qemu_get_betls qemu_get_be32s
-#define qemu_put_sbetl qemu_put_sbe32
-#define qemu_get_sbetl qemu_get_sbe32
-#define qemu_put_sbetls qemu_put_sbe32s
-#define qemu_get_sbetls qemu_get_sbe32s
-#endif
-#endif
-
-typedef void QEMUResetHandler(void *opaque);
-
-void qemu_register_reset(QEMUResetHandler *func, void *opaque);
-void qemu_unregister_reset(QEMUResetHandler *func, void *opaque);
-
-/* handler to set the boot_device order for a specific type of QEMUMachine */
-/* return 0 if success */
-typedef int QEMUBootSetHandler(void *opaque, const char *boot_devices);
-void qemu_register_boot_set(QEMUBootSetHandler *func, void *opaque);
-int qemu_boot_set(const char *boot_devices);
-
-#ifdef NEED_CPU_H
-#if TARGET_LONG_BITS == 64
-#define VMSTATE_UINTTL_V(_f, _s, _v) \
- VMSTATE_UINT64_V(_f, _s, _v)
-#define VMSTATE_UINTTL_ARRAY_V(_f, _s, _n, _v) \
- VMSTATE_UINT64_ARRAY_V(_f, _s, _n, _v)
-#else
-#define VMSTATE_UINTTL_V(_f, _s, _v) \
- VMSTATE_UINT32_V(_f, _s, _v)
-#define VMSTATE_UINTTL_ARRAY_V(_f, _s, _n, _v) \
- VMSTATE_UINT32_ARRAY_V(_f, _s, _n, _v)
-#endif
-#define VMSTATE_UINTTL(_f, _s) \
- VMSTATE_UINTTL_V(_f, _s, 0)
-#define VMSTATE_UINTTL_ARRAY(_f, _s, _n) \
- VMSTATE_UINTTL_ARRAY_V(_f, _s, _n, 0)
-
-#endif
-
-#endif
diff --git a/hw/i2c.c b/hw/i2c.c
deleted file mode 100644
index 296bece11..000000000
--- a/hw/i2c.c
+++ /dev/null
@@ -1,246 +0,0 @@
-/*
- * QEMU I2C bus interface.
- *
- * Copyright (c) 2007 CodeSourcery.
- * Written by Paul Brook
- *
- * This code is licensed under the LGPL.
- */
-
-#include "i2c.h"
-
-struct i2c_bus
-{
- BusState qbus;
- I2CSlave *current_dev;
- I2CSlave *dev;
- uint8_t saved_address;
-};
-
-static Property i2c_props[] = {
- DEFINE_PROP_UINT8("address", struct I2CSlave, address, 0),
- DEFINE_PROP_END_OF_LIST(),
-};
-
-#define TYPE_I2C_BUS "i2c-bus"
-#define I2C_BUS(obj) OBJECT_CHECK(i2c_bus, (obj), TYPE_I2C_BUS)
-
-static const TypeInfo i2c_bus_info = {
- .name = TYPE_I2C_BUS,
- .parent = TYPE_BUS,
- .instance_size = sizeof(i2c_bus),
-};
-
-static void i2c_bus_pre_save(void *opaque)
-{
- i2c_bus *bus = opaque;
-
- bus->saved_address = bus->current_dev ? bus->current_dev->address : -1;
-}
-
-static int i2c_bus_post_load(void *opaque, int version_id)
-{
- i2c_bus *bus = opaque;
-
- /* The bus is loaded before attached devices, so load and save the
- current device id. Devices will check themselves as loaded. */
- bus->current_dev = NULL;
- return 0;
-}
-
-static const VMStateDescription vmstate_i2c_bus = {
- .name = "i2c_bus",
- .version_id = 1,
- .minimum_version_id = 1,
- .minimum_version_id_old = 1,
- .pre_save = i2c_bus_pre_save,
- .post_load = i2c_bus_post_load,
- .fields = (VMStateField []) {
- VMSTATE_UINT8(saved_address, i2c_bus),
- VMSTATE_END_OF_LIST()
- }
-};
-
-/* Create a new I2C bus. */
-i2c_bus *i2c_init_bus(DeviceState *parent, const char *name)
-{
- i2c_bus *bus;
-
- bus = FROM_QBUS(i2c_bus, qbus_create(TYPE_I2C_BUS, parent, name));
- vmstate_register(NULL, -1, &vmstate_i2c_bus, bus);
- return bus;
-}
-
-void i2c_set_slave_address(I2CSlave *dev, uint8_t address)
-{
- dev->address = address;
-}
-
-/* Return nonzero if bus is busy. */
-int i2c_bus_busy(i2c_bus *bus)
-{
- return bus->current_dev != NULL;
-}
-
-/* Returns non-zero if the address is not valid. */
-/* TODO: Make this handle multiple masters. */
-int i2c_start_transfer(i2c_bus *bus, uint8_t address, int recv)
-{
- BusChild *kid;
- I2CSlave *slave = NULL;
- I2CSlaveClass *sc;
-
- QTAILQ_FOREACH(kid, &bus->qbus.children, sibling) {
- DeviceState *qdev = kid->child;
- I2CSlave *candidate = I2C_SLAVE_FROM_QDEV(qdev);
- if (candidate->address == address) {
- slave = candidate;
- break;
- }
- }
-
- if (!slave) {
- return 1;
- }
-
- sc = I2C_SLAVE_GET_CLASS(slave);
- /* If the bus is already busy, assume this is a repeated
- start condition. */
- bus->current_dev = slave;
- if (sc->event) {
- sc->event(slave, recv ? I2C_START_RECV : I2C_START_SEND);
- }
- return 0;
-}
-
-void i2c_end_transfer(i2c_bus *bus)
-{
- I2CSlave *dev = bus->current_dev;
- I2CSlaveClass *sc;
-
- if (!dev) {
- return;
- }
-
- sc = I2C_SLAVE_GET_CLASS(dev);
- if (sc->event) {
- sc->event(dev, I2C_FINISH);
- }
-
- bus->current_dev = NULL;
-}
-
-int i2c_send(i2c_bus *bus, uint8_t data)
-{
- I2CSlave *dev = bus->current_dev;
- I2CSlaveClass *sc;
-
- if (!dev) {
- return -1;
- }
-
- sc = I2C_SLAVE_GET_CLASS(dev);
- if (sc->send) {
- return sc->send(dev, data);
- }
-
- return -1;
-}
-
-int i2c_recv(i2c_bus *bus)
-{
- I2CSlave *dev = bus->current_dev;
- I2CSlaveClass *sc;
-
- if (!dev) {
- return -1;
- }
-
- sc = I2C_SLAVE_GET_CLASS(dev);
- if (sc->recv) {
- return sc->recv(dev);
- }
-
- return -1;
-}
-
-void i2c_nack(i2c_bus *bus)
-{
- I2CSlave *dev = bus->current_dev;
- I2CSlaveClass *sc;
-
- if (!dev) {
- return;
- }
-
- sc = I2C_SLAVE_GET_CLASS(dev);
- if (sc->event) {
- sc->event(dev, I2C_NACK);
- }
-}
-
-static int i2c_slave_post_load(void *opaque, int version_id)
-{
- I2CSlave *dev = opaque;
- i2c_bus *bus;
- bus = FROM_QBUS(i2c_bus, qdev_get_parent_bus(&dev->qdev));
- if (bus->saved_address == dev->address) {
- bus->current_dev = dev;
- }
- return 0;
-}
-
-const VMStateDescription vmstate_i2c_slave = {
- .name = "I2CSlave",
- .version_id = 1,
- .minimum_version_id = 1,
- .minimum_version_id_old = 1,
- .post_load = i2c_slave_post_load,
- .fields = (VMStateField []) {
- VMSTATE_UINT8(address, I2CSlave),
- VMSTATE_END_OF_LIST()
- }
-};
-
-static int i2c_slave_qdev_init(DeviceState *dev)
-{
- I2CSlave *s = I2C_SLAVE_FROM_QDEV(dev);
- I2CSlaveClass *sc = I2C_SLAVE_GET_CLASS(s);
-
- return sc->init(s);
-}
-
-DeviceState *i2c_create_slave(i2c_bus *bus, const char *name, uint8_t addr)
-{
- DeviceState *dev;
-
- dev = qdev_create(&bus->qbus, name);
- qdev_prop_set_uint8(dev, "address", addr);
- qdev_init_nofail(dev);
- return dev;
-}
-
-static void i2c_slave_class_init(ObjectClass *klass, void *data)
-{
- DeviceClass *k = DEVICE_CLASS(klass);
- k->init = i2c_slave_qdev_init;
- k->bus_type = TYPE_I2C_BUS;
- k->props = i2c_props;
-}
-
-static TypeInfo i2c_slave_type_info = {
- .name = TYPE_I2C_SLAVE,
- .parent = TYPE_DEVICE,
- .instance_size = sizeof(I2CSlave),
- .abstract = true,
- .class_size = sizeof(I2CSlaveClass),
- .class_init = i2c_slave_class_init,
-};
-
-static void i2c_slave_register_types(void)
-{
- type_register_static(&i2c_bus_info);
- type_register_static(&i2c_slave_type_info);
-}
-
-type_init(i2c_slave_register_types)
diff --git a/hw/i2c.h b/hw/i2c.h
deleted file mode 100644
index 0f5682b4b..000000000
--- a/hw/i2c.h
+++ /dev/null
@@ -1,92 +0,0 @@
-#ifndef QEMU_I2C_H
-#define QEMU_I2C_H
-
-#include "qdev.h"
-
-/* The QEMU I2C implementation only supports simple transfers that complete
- immediately. It does not support slave devices that need to be able to
- defer their response (eg. CPU slave interfaces where the data is supplied
- by the device driver in response to an interrupt). */
-
-enum i2c_event {
- I2C_START_RECV,
- I2C_START_SEND,
- I2C_FINISH,
- I2C_NACK /* Masker NACKed a receive byte. */
-};
-
-typedef struct I2CSlave I2CSlave;
-
-#define TYPE_I2C_SLAVE "i2c-slave"
-#define I2C_SLAVE(obj) \
- OBJECT_CHECK(I2CSlave, (obj), TYPE_I2C_SLAVE)
-#define I2C_SLAVE_CLASS(klass) \
- OBJECT_CLASS_CHECK(I2CSlaveClass, (klass), TYPE_I2C_SLAVE)
-#define I2C_SLAVE_GET_CLASS(obj) \
- OBJECT_GET_CLASS(I2CSlaveClass, (obj), TYPE_I2C_SLAVE)
-
-typedef struct I2CSlaveClass
-{
- DeviceClass parent_class;
-
- /* Callbacks provided by the device. */
- int (*init)(I2CSlave *dev);
-
- /* Master to slave. */
- int (*send)(I2CSlave *s, uint8_t data);
-
- /* Slave to master. */
- int (*recv)(I2CSlave *s);
-
- /* Notify the slave of a bus state change. */
- void (*event)(I2CSlave *s, enum i2c_event event);
-} I2CSlaveClass;
-
-struct I2CSlave
-{
- DeviceState qdev;
-
- /* Remaining fields for internal use by the I2C code. */
- uint8_t address;
-};
-
-i2c_bus *i2c_init_bus(DeviceState *parent, const char *name);
-void i2c_set_slave_address(I2CSlave *dev, uint8_t address);
-int i2c_bus_busy(i2c_bus *bus);
-int i2c_start_transfer(i2c_bus *bus, uint8_t address, int recv);
-void i2c_end_transfer(i2c_bus *bus);
-void i2c_nack(i2c_bus *bus);
-int i2c_send(i2c_bus *bus, uint8_t data);
-int i2c_recv(i2c_bus *bus);
-
-#define I2C_SLAVE_FROM_QDEV(dev) DO_UPCAST(I2CSlave, qdev, dev)
-#define FROM_I2C_SLAVE(type, dev) DO_UPCAST(type, i2c, dev)
-
-DeviceState *i2c_create_slave(i2c_bus *bus, const char *name, uint8_t addr);
-
-/* wm8750.c */
-void wm8750_data_req_set(DeviceState *dev,
- void (*data_req)(void *, int, int), void *opaque);
-void wm8750_dac_dat(void *opaque, uint32_t sample);
-uint32_t wm8750_adc_dat(void *opaque);
-void *wm8750_dac_buffer(void *opaque, int samples);
-void wm8750_dac_commit(void *opaque);
-void wm8750_set_bclk_in(void *opaque, int new_hz);
-
-/* tmp105.c */
-void tmp105_set(I2CSlave *i2c, int temp);
-
-/* lm832x.c */
-void lm832x_key_event(DeviceState *dev, int key, int state);
-
-extern const VMStateDescription vmstate_i2c_slave;
-
-#define VMSTATE_I2C_SLAVE(_field, _state) { \
- .name = (stringify(_field)), \
- .size = sizeof(I2CSlave), \
- .vmsd = &vmstate_i2c_slave, \
- .flags = VMS_STRUCT, \
- .offset = vmstate_offset_value(_state, _field, I2CSlave), \
-}
-
-#endif
diff --git a/hw/i2c/Makefile.objs b/hw/i2c/Makefile.objs
new file mode 100644
index 000000000..648278e7c
--- /dev/null
+++ b/hw/i2c/Makefile.objs
@@ -0,0 +1,7 @@
+common-obj-y += core.o smbus.o smbus_eeprom.o
+common-obj-$(CONFIG_VERSATILE_I2C) += versatile_i2c.o
+common-obj-$(CONFIG_ACPI) += smbus_ich9.o
+common-obj-$(CONFIG_APM) += pm_smbus.o
+common-obj-$(CONFIG_BITBANG_I2C) += bitbang_i2c.o
+common-obj-$(CONFIG_EXYNOS4) += exynos4210_i2c.o
+obj-$(CONFIG_OMAP) += omap_i2c.o
diff --git a/hw/i2c/bitbang_i2c.c b/hw/i2c/bitbang_i2c.c
new file mode 100644
index 000000000..ca59456d1
--- /dev/null
+++ b/hw/i2c/bitbang_i2c.c
@@ -0,0 +1,252 @@
+/*
+ * Bit-Bang i2c emulation extracted from
+ * Marvell MV88W8618 / Freecom MusicPal emulation.
+ *
+ * Copyright (c) 2008 Jan Kiszka
+ *
+ * This code is licensed under the GNU GPL v2.
+ *
+ * Contributions after 2012-01-13 are licensed under the terms of the
+ * GNU GPL, version 2 or (at your option) any later version.
+ */
+#include "hw/hw.h"
+#include "bitbang_i2c.h"
+#include "hw/sysbus.h"
+
+//#define DEBUG_BITBANG_I2C
+
+#ifdef DEBUG_BITBANG_I2C
+#define DPRINTF(fmt, ...) \
+do { printf("bitbang_i2c: " fmt , ## __VA_ARGS__); } while (0)
+#else
+#define DPRINTF(fmt, ...) do {} while(0)
+#endif
+
+typedef enum bitbang_i2c_state {
+ STOPPED = 0,
+ SENDING_BIT7,
+ SENDING_BIT6,
+ SENDING_BIT5,
+ SENDING_BIT4,
+ SENDING_BIT3,
+ SENDING_BIT2,
+ SENDING_BIT1,
+ SENDING_BIT0,
+ WAITING_FOR_ACK,
+ RECEIVING_BIT7,
+ RECEIVING_BIT6,
+ RECEIVING_BIT5,
+ RECEIVING_BIT4,
+ RECEIVING_BIT3,
+ RECEIVING_BIT2,
+ RECEIVING_BIT1,
+ RECEIVING_BIT0,
+ SENDING_ACK,
+ SENT_NACK
+} bitbang_i2c_state;
+
+struct bitbang_i2c_interface {
+ i2c_bus *bus;
+ bitbang_i2c_state state;
+ int last_data;
+ int last_clock;
+ int device_out;
+ uint8_t buffer;
+ int current_addr;
+};
+
+static void bitbang_i2c_enter_stop(bitbang_i2c_interface *i2c)
+{
+ DPRINTF("STOP\n");
+ if (i2c->current_addr >= 0)
+ i2c_end_transfer(i2c->bus);
+ i2c->current_addr = -1;
+ i2c->state = STOPPED;
+}
+
+/* Set device data pin. */
+static int bitbang_i2c_ret(bitbang_i2c_interface *i2c, int level)
+{
+ i2c->device_out = level;
+ //DPRINTF("%d %d %d\n", i2c->last_clock, i2c->last_data, i2c->device_out);
+ return level & i2c->last_data;
+}
+
+/* Leave device data pin unodified. */
+static int bitbang_i2c_nop(bitbang_i2c_interface *i2c)
+{
+ return bitbang_i2c_ret(i2c, i2c->device_out);
+}
+
+/* Returns data line level. */
+int bitbang_i2c_set(bitbang_i2c_interface *i2c, int line, int level)
+{
+ int data;
+
+ if (level != 0 && level != 1) {
+ abort();
+ }
+
+ if (line == BITBANG_I2C_SDA) {
+ if (level == i2c->last_data) {
+ return bitbang_i2c_nop(i2c);
+ }
+ i2c->last_data = level;
+ if (i2c->last_clock == 0) {
+ return bitbang_i2c_nop(i2c);
+ }
+ if (level == 0) {
+ DPRINTF("START\n");
+ /* START condition. */
+ i2c->state = SENDING_BIT7;
+ i2c->current_addr = -1;
+ } else {
+ /* STOP condition. */
+ bitbang_i2c_enter_stop(i2c);
+ }
+ return bitbang_i2c_ret(i2c, 1);
+ }
+
+ data = i2c->last_data;
+ if (i2c->last_clock == level) {
+ return bitbang_i2c_nop(i2c);
+ }
+ i2c->last_clock = level;
+ if (level == 0) {
+ /* State is set/read at the start of the clock pulse.
+ release the data line at the end. */
+ return bitbang_i2c_ret(i2c, 1);
+ }
+ switch (i2c->state) {
+ case STOPPED:
+ case SENT_NACK:
+ return bitbang_i2c_ret(i2c, 1);
+
+ case SENDING_BIT7 ... SENDING_BIT0:
+ i2c->buffer = (i2c->buffer << 1) | data;
+ /* will end up in WAITING_FOR_ACK */
+ i2c->state++;
+ return bitbang_i2c_ret(i2c, 1);
+
+ case WAITING_FOR_ACK:
+ if (i2c->current_addr < 0) {
+ i2c->current_addr = i2c->buffer;
+ DPRINTF("Address 0x%02x\n", i2c->current_addr);
+ i2c_start_transfer(i2c->bus, i2c->current_addr >> 1,
+ i2c->current_addr & 1);
+ } else {
+ DPRINTF("Sent 0x%02x\n", i2c->buffer);
+ i2c_send(i2c->bus, i2c->buffer);
+ }
+ if (i2c->current_addr & 1) {
+ i2c->state = RECEIVING_BIT7;
+ } else {
+ i2c->state = SENDING_BIT7;
+ }
+ return bitbang_i2c_ret(i2c, 0);
+
+ case RECEIVING_BIT7:
+ i2c->buffer = i2c_recv(i2c->bus);
+ DPRINTF("RX byte 0x%02x\n", i2c->buffer);
+ /* Fall through... */
+ case RECEIVING_BIT6 ... RECEIVING_BIT0:
+ data = i2c->buffer >> 7;
+ /* will end up in SENDING_ACK */
+ i2c->state++;
+ i2c->buffer <<= 1;
+ return bitbang_i2c_ret(i2c, data);
+
+ case SENDING_ACK:
+ i2c->state = RECEIVING_BIT7;
+ if (data != 0) {
+ DPRINTF("NACKED\n");
+ i2c->state = SENT_NACK;
+ i2c_nack(i2c->bus);
+ } else {
+ DPRINTF("ACKED\n");
+ }
+ return bitbang_i2c_ret(i2c, 1);
+ }
+ abort();
+}
+
+bitbang_i2c_interface *bitbang_i2c_init(i2c_bus *bus)
+{
+ bitbang_i2c_interface *s;
+
+ s = g_malloc0(sizeof(bitbang_i2c_interface));
+
+ s->bus = bus;
+ s->last_data = 1;
+ s->last_clock = 1;
+ s->device_out = 1;
+
+ return s;
+}
+
+/* GPIO interface. */
+
+#define TYPE_GPIO_I2C "gpio_i2c"
+#define GPIO_I2C(obj) OBJECT_CHECK(GPIOI2CState, (obj), TYPE_GPIO_I2C)
+
+typedef struct GPIOI2CState {
+ SysBusDevice parent_obj;
+
+ MemoryRegion dummy_iomem;
+ bitbang_i2c_interface *bitbang;
+ int last_level;
+ qemu_irq out;
+} GPIOI2CState;
+
+static void bitbang_i2c_gpio_set(void *opaque, int irq, int level)
+{
+ GPIOI2CState *s = opaque;
+
+ level = bitbang_i2c_set(s->bitbang, irq, level);
+ if (level != s->last_level) {
+ s->last_level = level;
+ qemu_set_irq(s->out, level);
+ }
+}
+
+static int gpio_i2c_init(SysBusDevice *sbd)
+{
+ DeviceState *dev = DEVICE(sbd);
+ GPIOI2CState *s = GPIO_I2C(dev);
+ i2c_bus *bus;
+
+ memory_region_init(&s->dummy_iomem, OBJECT(s), "gpio_i2c", 0);
+ sysbus_init_mmio(sbd, &s->dummy_iomem);
+
+ bus = i2c_init_bus(dev, "i2c");
+ s->bitbang = bitbang_i2c_init(bus);
+
+ qdev_init_gpio_in(dev, bitbang_i2c_gpio_set, 2);
+ qdev_init_gpio_out(dev, &s->out, 1);
+
+ return 0;
+}
+
+static void gpio_i2c_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
+
+ k->init = gpio_i2c_init;
+ set_bit(DEVICE_CATEGORY_BRIDGE, dc->categories);
+ dc->desc = "Virtual GPIO to I2C bridge";
+}
+
+static const TypeInfo gpio_i2c_info = {
+ .name = TYPE_GPIO_I2C,
+ .parent = TYPE_SYS_BUS_DEVICE,
+ .instance_size = sizeof(GPIOI2CState),
+ .class_init = gpio_i2c_class_init,
+};
+
+static void bitbang_i2c_register_types(void)
+{
+ type_register_static(&gpio_i2c_info);
+}
+
+type_init(bitbang_i2c_register_types)
diff --git a/hw/i2c/bitbang_i2c.h b/hw/i2c/bitbang_i2c.h
new file mode 100644
index 000000000..2866ac351
--- /dev/null
+++ b/hw/i2c/bitbang_i2c.h
@@ -0,0 +1,14 @@
+#ifndef BITBANG_I2C_H
+#define BITBANG_I2C_H
+
+#include "hw/i2c/i2c.h"
+
+typedef struct bitbang_i2c_interface bitbang_i2c_interface;
+
+#define BITBANG_I2C_SDA 0
+#define BITBANG_I2C_SCL 1
+
+bitbang_i2c_interface *bitbang_i2c_init(i2c_bus *bus);
+int bitbang_i2c_set(bitbang_i2c_interface *i2c, int line, int level);
+
+#endif
diff --git a/hw/i2c/core.c b/hw/i2c/core.c
new file mode 100644
index 000000000..c97e7f7dc
--- /dev/null
+++ b/hw/i2c/core.c
@@ -0,0 +1,247 @@
+/*
+ * QEMU I2C bus interface.
+ *
+ * Copyright (c) 2007 CodeSourcery.
+ * Written by Paul Brook
+ *
+ * This code is licensed under the LGPL.
+ */
+
+#include "hw/i2c/i2c.h"
+
+struct i2c_bus
+{
+ BusState qbus;
+ I2CSlave *current_dev;
+ I2CSlave *dev;
+ uint8_t saved_address;
+};
+
+static Property i2c_props[] = {
+ DEFINE_PROP_UINT8("address", struct I2CSlave, address, 0),
+ DEFINE_PROP_END_OF_LIST(),
+};
+
+#define TYPE_I2C_BUS "i2c-bus"
+#define I2C_BUS(obj) OBJECT_CHECK(i2c_bus, (obj), TYPE_I2C_BUS)
+
+static const TypeInfo i2c_bus_info = {
+ .name = TYPE_I2C_BUS,
+ .parent = TYPE_BUS,
+ .instance_size = sizeof(i2c_bus),
+};
+
+static void i2c_bus_pre_save(void *opaque)
+{
+ i2c_bus *bus = opaque;
+
+ bus->saved_address = bus->current_dev ? bus->current_dev->address : -1;
+}
+
+static int i2c_bus_post_load(void *opaque, int version_id)
+{
+ i2c_bus *bus = opaque;
+
+ /* The bus is loaded before attached devices, so load and save the
+ current device id. Devices will check themselves as loaded. */
+ bus->current_dev = NULL;
+ return 0;
+}
+
+static const VMStateDescription vmstate_i2c_bus = {
+ .name = "i2c_bus",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .minimum_version_id_old = 1,
+ .pre_save = i2c_bus_pre_save,
+ .post_load = i2c_bus_post_load,
+ .fields = (VMStateField []) {
+ VMSTATE_UINT8(saved_address, i2c_bus),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+/* Create a new I2C bus. */
+i2c_bus *i2c_init_bus(DeviceState *parent, const char *name)
+{
+ i2c_bus *bus;
+
+ bus = I2C_BUS(qbus_create(TYPE_I2C_BUS, parent, name));
+ vmstate_register(NULL, -1, &vmstate_i2c_bus, bus);
+ return bus;
+}
+
+void i2c_set_slave_address(I2CSlave *dev, uint8_t address)
+{
+ dev->address = address;
+}
+
+/* Return nonzero if bus is busy. */
+int i2c_bus_busy(i2c_bus *bus)
+{
+ return bus->current_dev != NULL;
+}
+
+/* Returns non-zero if the address is not valid. */
+/* TODO: Make this handle multiple masters. */
+int i2c_start_transfer(i2c_bus *bus, uint8_t address, int recv)
+{
+ BusChild *kid;
+ I2CSlave *slave = NULL;
+ I2CSlaveClass *sc;
+
+ QTAILQ_FOREACH(kid, &bus->qbus.children, sibling) {
+ DeviceState *qdev = kid->child;
+ I2CSlave *candidate = I2C_SLAVE(qdev);
+ if (candidate->address == address) {
+ slave = candidate;
+ break;
+ }
+ }
+
+ if (!slave) {
+ return 1;
+ }
+
+ sc = I2C_SLAVE_GET_CLASS(slave);
+ /* If the bus is already busy, assume this is a repeated
+ start condition. */
+ bus->current_dev = slave;
+ if (sc->event) {
+ sc->event(slave, recv ? I2C_START_RECV : I2C_START_SEND);
+ }
+ return 0;
+}
+
+void i2c_end_transfer(i2c_bus *bus)
+{
+ I2CSlave *dev = bus->current_dev;
+ I2CSlaveClass *sc;
+
+ if (!dev) {
+ return;
+ }
+
+ sc = I2C_SLAVE_GET_CLASS(dev);
+ if (sc->event) {
+ sc->event(dev, I2C_FINISH);
+ }
+
+ bus->current_dev = NULL;
+}
+
+int i2c_send(i2c_bus *bus, uint8_t data)
+{
+ I2CSlave *dev = bus->current_dev;
+ I2CSlaveClass *sc;
+
+ if (!dev) {
+ return -1;
+ }
+
+ sc = I2C_SLAVE_GET_CLASS(dev);
+ if (sc->send) {
+ return sc->send(dev, data);
+ }
+
+ return -1;
+}
+
+int i2c_recv(i2c_bus *bus)
+{
+ I2CSlave *dev = bus->current_dev;
+ I2CSlaveClass *sc;
+
+ if (!dev) {
+ return -1;
+ }
+
+ sc = I2C_SLAVE_GET_CLASS(dev);
+ if (sc->recv) {
+ return sc->recv(dev);
+ }
+
+ return -1;
+}
+
+void i2c_nack(i2c_bus *bus)
+{
+ I2CSlave *dev = bus->current_dev;
+ I2CSlaveClass *sc;
+
+ if (!dev) {
+ return;
+ }
+
+ sc = I2C_SLAVE_GET_CLASS(dev);
+ if (sc->event) {
+ sc->event(dev, I2C_NACK);
+ }
+}
+
+static int i2c_slave_post_load(void *opaque, int version_id)
+{
+ I2CSlave *dev = opaque;
+ i2c_bus *bus;
+ bus = I2C_BUS(qdev_get_parent_bus(DEVICE(dev)));
+ if (bus->saved_address == dev->address) {
+ bus->current_dev = dev;
+ }
+ return 0;
+}
+
+const VMStateDescription vmstate_i2c_slave = {
+ .name = "I2CSlave",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .minimum_version_id_old = 1,
+ .post_load = i2c_slave_post_load,
+ .fields = (VMStateField []) {
+ VMSTATE_UINT8(address, I2CSlave),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+static int i2c_slave_qdev_init(DeviceState *dev)
+{
+ I2CSlave *s = I2C_SLAVE(dev);
+ I2CSlaveClass *sc = I2C_SLAVE_GET_CLASS(s);
+
+ return sc->init(s);
+}
+
+DeviceState *i2c_create_slave(i2c_bus *bus, const char *name, uint8_t addr)
+{
+ DeviceState *dev;
+
+ dev = qdev_create(&bus->qbus, name);
+ qdev_prop_set_uint8(dev, "address", addr);
+ qdev_init_nofail(dev);
+ return dev;
+}
+
+static void i2c_slave_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *k = DEVICE_CLASS(klass);
+ k->init = i2c_slave_qdev_init;
+ set_bit(DEVICE_CATEGORY_MISC, k->categories);
+ k->bus_type = TYPE_I2C_BUS;
+ k->props = i2c_props;
+}
+
+static const TypeInfo i2c_slave_type_info = {
+ .name = TYPE_I2C_SLAVE,
+ .parent = TYPE_DEVICE,
+ .instance_size = sizeof(I2CSlave),
+ .abstract = true,
+ .class_size = sizeof(I2CSlaveClass),
+ .class_init = i2c_slave_class_init,
+};
+
+static void i2c_slave_register_types(void)
+{
+ type_register_static(&i2c_bus_info);
+ type_register_static(&i2c_slave_type_info);
+}
+
+type_init(i2c_slave_register_types)
diff --git a/hw/i2c/exynos4210_i2c.c b/hw/i2c/exynos4210_i2c.c
new file mode 100644
index 000000000..ce5f849c7
--- /dev/null
+++ b/hw/i2c/exynos4210_i2c.c
@@ -0,0 +1,336 @@
+/*
+ * Exynos4210 I2C Bus Serial Interface Emulation
+ *
+ * Copyright (C) 2012 Samsung Electronics Co Ltd.
+ * Maksim Kozlov, <m.kozlov@samsung.com>
+ * Igor Mitsyanko, <i.mitsyanko@samsung.com>
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+#include "qemu/timer.h"
+#include "hw/sysbus.h"
+#include "hw/i2c/i2c.h"
+
+#ifndef EXYNOS4_I2C_DEBUG
+#define EXYNOS4_I2C_DEBUG 0
+#endif
+
+#define TYPE_EXYNOS4_I2C "exynos4210.i2c"
+#define EXYNOS4_I2C(obj) \
+ OBJECT_CHECK(Exynos4210I2CState, (obj), TYPE_EXYNOS4_I2C)
+
+/* Exynos4210 I2C memory map */
+#define EXYNOS4_I2C_MEM_SIZE 0x14
+#define I2CCON_ADDR 0x00 /* control register */
+#define I2CSTAT_ADDR 0x04 /* control/status register */
+#define I2CADD_ADDR 0x08 /* address register */
+#define I2CDS_ADDR 0x0c /* data shift register */
+#define I2CLC_ADDR 0x10 /* line control register */
+
+#define I2CCON_ACK_GEN (1 << 7)
+#define I2CCON_INTRS_EN (1 << 5)
+#define I2CCON_INT_PEND (1 << 4)
+
+#define EXYNOS4_I2C_MODE(reg) (((reg) >> 6) & 3)
+#define I2C_IN_MASTER_MODE(reg) (((reg) >> 6) & 2)
+#define I2CMODE_MASTER_Rx 0x2
+#define I2CMODE_MASTER_Tx 0x3
+#define I2CSTAT_LAST_BIT (1 << 0)
+#define I2CSTAT_OUTPUT_EN (1 << 4)
+#define I2CSTAT_START_BUSY (1 << 5)
+
+
+#if EXYNOS4_I2C_DEBUG
+#define DPRINT(fmt, args...) \
+ do { fprintf(stderr, "QEMU I2C: "fmt, ## args); } while (0)
+
+static const char *exynos4_i2c_get_regname(unsigned offset)
+{
+ switch (offset) {
+ case I2CCON_ADDR:
+ return "I2CCON";
+ case I2CSTAT_ADDR:
+ return "I2CSTAT";
+ case I2CADD_ADDR:
+ return "I2CADD";
+ case I2CDS_ADDR:
+ return "I2CDS";
+ case I2CLC_ADDR:
+ return "I2CLC";
+ default:
+ return "[?]";
+ }
+}
+
+#else
+#define DPRINT(fmt, args...) do { } while (0)
+#endif
+
+typedef struct Exynos4210I2CState {
+ SysBusDevice parent_obj;
+
+ MemoryRegion iomem;
+ i2c_bus *bus;
+ qemu_irq irq;
+
+ uint8_t i2ccon;
+ uint8_t i2cstat;
+ uint8_t i2cadd;
+ uint8_t i2cds;
+ uint8_t i2clc;
+ bool scl_free;
+} Exynos4210I2CState;
+
+static inline void exynos4210_i2c_raise_interrupt(Exynos4210I2CState *s)
+{
+ if (s->i2ccon & I2CCON_INTRS_EN) {
+ s->i2ccon |= I2CCON_INT_PEND;
+ qemu_irq_raise(s->irq);
+ }
+}
+
+static void exynos4210_i2c_data_receive(void *opaque)
+{
+ Exynos4210I2CState *s = (Exynos4210I2CState *)opaque;
+ int ret;
+
+ s->i2cstat &= ~I2CSTAT_LAST_BIT;
+ s->scl_free = false;
+ ret = i2c_recv(s->bus);
+ if (ret < 0 && (s->i2ccon & I2CCON_ACK_GEN)) {
+ s->i2cstat |= I2CSTAT_LAST_BIT; /* Data is not acknowledged */
+ } else {
+ s->i2cds = ret;
+ }
+ exynos4210_i2c_raise_interrupt(s);
+}
+
+static void exynos4210_i2c_data_send(void *opaque)
+{
+ Exynos4210I2CState *s = (Exynos4210I2CState *)opaque;
+
+ s->i2cstat &= ~I2CSTAT_LAST_BIT;
+ s->scl_free = false;
+ if (i2c_send(s->bus, s->i2cds) < 0 && (s->i2ccon & I2CCON_ACK_GEN)) {
+ s->i2cstat |= I2CSTAT_LAST_BIT;
+ }
+ exynos4210_i2c_raise_interrupt(s);
+}
+
+static uint64_t exynos4210_i2c_read(void *opaque, hwaddr offset,
+ unsigned size)
+{
+ Exynos4210I2CState *s = (Exynos4210I2CState *)opaque;
+ uint8_t value;
+
+ switch (offset) {
+ case I2CCON_ADDR:
+ value = s->i2ccon;
+ break;
+ case I2CSTAT_ADDR:
+ value = s->i2cstat;
+ break;
+ case I2CADD_ADDR:
+ value = s->i2cadd;
+ break;
+ case I2CDS_ADDR:
+ value = s->i2cds;
+ s->scl_free = true;
+ if (EXYNOS4_I2C_MODE(s->i2cstat) == I2CMODE_MASTER_Rx &&
+ (s->i2cstat & I2CSTAT_START_BUSY) &&
+ !(s->i2ccon & I2CCON_INT_PEND)) {
+ exynos4210_i2c_data_receive(s);
+ }
+ break;
+ case I2CLC_ADDR:
+ value = s->i2clc;
+ break;
+ default:
+ value = 0;
+ DPRINT("ERROR: Bad read offset 0x%x\n", (unsigned int)offset);
+ break;
+ }
+
+ DPRINT("read %s [0x%02x] -> 0x%02x\n", exynos4_i2c_get_regname(offset),
+ (unsigned int)offset, value);
+ return value;
+}
+
+static void exynos4210_i2c_write(void *opaque, hwaddr offset,
+ uint64_t value, unsigned size)
+{
+ Exynos4210I2CState *s = (Exynos4210I2CState *)opaque;
+ uint8_t v = value & 0xff;
+
+ DPRINT("write %s [0x%02x] <- 0x%02x\n", exynos4_i2c_get_regname(offset),
+ (unsigned int)offset, v);
+
+ switch (offset) {
+ case I2CCON_ADDR:
+ s->i2ccon = (v & ~I2CCON_INT_PEND) | (s->i2ccon & I2CCON_INT_PEND);
+ if ((s->i2ccon & I2CCON_INT_PEND) && !(v & I2CCON_INT_PEND)) {
+ s->i2ccon &= ~I2CCON_INT_PEND;
+ qemu_irq_lower(s->irq);
+ if (!(s->i2ccon & I2CCON_INTRS_EN)) {
+ s->i2cstat &= ~I2CSTAT_START_BUSY;
+ }
+
+ if (s->i2cstat & I2CSTAT_START_BUSY) {
+ if (s->scl_free) {
+ if (EXYNOS4_I2C_MODE(s->i2cstat) == I2CMODE_MASTER_Tx) {
+ exynos4210_i2c_data_send(s);
+ } else if (EXYNOS4_I2C_MODE(s->i2cstat) ==
+ I2CMODE_MASTER_Rx) {
+ exynos4210_i2c_data_receive(s);
+ }
+ } else {
+ s->i2ccon |= I2CCON_INT_PEND;
+ qemu_irq_raise(s->irq);
+ }
+ }
+ }
+ break;
+ case I2CSTAT_ADDR:
+ s->i2cstat =
+ (s->i2cstat & I2CSTAT_START_BUSY) | (v & ~I2CSTAT_START_BUSY);
+
+ if (!(s->i2cstat & I2CSTAT_OUTPUT_EN)) {
+ s->i2cstat &= ~I2CSTAT_START_BUSY;
+ s->scl_free = true;
+ qemu_irq_lower(s->irq);
+ break;
+ }
+
+ /* Nothing to do if in i2c slave mode */
+ if (!I2C_IN_MASTER_MODE(s->i2cstat)) {
+ break;
+ }
+
+ if (v & I2CSTAT_START_BUSY) {
+ s->i2cstat &= ~I2CSTAT_LAST_BIT;
+ s->i2cstat |= I2CSTAT_START_BUSY; /* Line is busy */
+ s->scl_free = false;
+
+ /* Generate start bit and send slave address */
+ if (i2c_start_transfer(s->bus, s->i2cds >> 1, s->i2cds & 0x1) &&
+ (s->i2ccon & I2CCON_ACK_GEN)) {
+ s->i2cstat |= I2CSTAT_LAST_BIT;
+ } else if (EXYNOS4_I2C_MODE(s->i2cstat) == I2CMODE_MASTER_Rx) {
+ exynos4210_i2c_data_receive(s);
+ }
+ exynos4210_i2c_raise_interrupt(s);
+ } else {
+ i2c_end_transfer(s->bus);
+ if (!(s->i2ccon & I2CCON_INT_PEND)) {
+ s->i2cstat &= ~I2CSTAT_START_BUSY;
+ }
+ s->scl_free = true;
+ }
+ break;
+ case I2CADD_ADDR:
+ if ((s->i2cstat & I2CSTAT_OUTPUT_EN) == 0) {
+ s->i2cadd = v;
+ }
+ break;
+ case I2CDS_ADDR:
+ if (s->i2cstat & I2CSTAT_OUTPUT_EN) {
+ s->i2cds = v;
+ s->scl_free = true;
+ if (EXYNOS4_I2C_MODE(s->i2cstat) == I2CMODE_MASTER_Tx &&
+ (s->i2cstat & I2CSTAT_START_BUSY) &&
+ !(s->i2ccon & I2CCON_INT_PEND)) {
+ exynos4210_i2c_data_send(s);
+ }
+ }
+ break;
+ case I2CLC_ADDR:
+ s->i2clc = v;
+ break;
+ default:
+ DPRINT("ERROR: Bad write offset 0x%x\n", (unsigned int)offset);
+ break;
+ }
+}
+
+static const MemoryRegionOps exynos4210_i2c_ops = {
+ .read = exynos4210_i2c_read,
+ .write = exynos4210_i2c_write,
+ .endianness = DEVICE_NATIVE_ENDIAN,
+};
+
+static const VMStateDescription exynos4210_i2c_vmstate = {
+ .name = "exynos4210.i2c",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .fields = (VMStateField[]) {
+ VMSTATE_UINT8(i2ccon, Exynos4210I2CState),
+ VMSTATE_UINT8(i2cstat, Exynos4210I2CState),
+ VMSTATE_UINT8(i2cds, Exynos4210I2CState),
+ VMSTATE_UINT8(i2cadd, Exynos4210I2CState),
+ VMSTATE_UINT8(i2clc, Exynos4210I2CState),
+ VMSTATE_BOOL(scl_free, Exynos4210I2CState),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+static void exynos4210_i2c_reset(DeviceState *d)
+{
+ Exynos4210I2CState *s = EXYNOS4_I2C(d);
+
+ s->i2ccon = 0x00;
+ s->i2cstat = 0x00;
+ s->i2cds = 0xFF;
+ s->i2clc = 0x00;
+ s->i2cadd = 0xFF;
+ s->scl_free = true;
+}
+
+static int exynos4210_i2c_realize(SysBusDevice *sbd)
+{
+ DeviceState *dev = DEVICE(sbd);
+ Exynos4210I2CState *s = EXYNOS4_I2C(dev);
+
+ memory_region_init_io(&s->iomem, OBJECT(s), &exynos4210_i2c_ops, s,
+ TYPE_EXYNOS4_I2C, EXYNOS4_I2C_MEM_SIZE);
+ sysbus_init_mmio(sbd, &s->iomem);
+ sysbus_init_irq(sbd, &s->irq);
+ s->bus = i2c_init_bus(dev, "i2c");
+ return 0;
+}
+
+static void exynos4210_i2c_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ SysBusDeviceClass *sbdc = SYS_BUS_DEVICE_CLASS(klass);
+
+ dc->vmsd = &exynos4210_i2c_vmstate;
+ dc->reset = exynos4210_i2c_reset;
+ sbdc->init = exynos4210_i2c_realize;
+}
+
+static const TypeInfo exynos4210_i2c_type_info = {
+ .name = TYPE_EXYNOS4_I2C,
+ .parent = TYPE_SYS_BUS_DEVICE,
+ .instance_size = sizeof(Exynos4210I2CState),
+ .class_init = exynos4210_i2c_class_init,
+};
+
+static void exynos4210_i2c_register_types(void)
+{
+ type_register_static(&exynos4210_i2c_type_info);
+}
+
+type_init(exynos4210_i2c_register_types)
diff --git a/hw/i2c/omap_i2c.c b/hw/i2c/omap_i2c.c
new file mode 100644
index 000000000..f528b2b38
--- /dev/null
+++ b/hw/i2c/omap_i2c.c
@@ -0,0 +1,498 @@
+/*
+ * TI OMAP on-chip I2C controller. Only "new I2C" mode supported.
+ *
+ * Copyright (C) 2007 Andrzej Zaborowski <balrog@zabor.org>
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License as
+ * published by the Free Software Foundation; either version 2 of
+ * the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+#include "hw/hw.h"
+#include "hw/i2c/i2c.h"
+#include "hw/arm/omap.h"
+#include "hw/sysbus.h"
+
+#define TYPE_OMAP_I2C "omap_i2c"
+#define OMAP_I2C(obj) OBJECT_CHECK(OMAPI2CState, (obj), TYPE_OMAP_I2C)
+
+typedef struct OMAPI2CState {
+ SysBusDevice parent_obj;
+
+ MemoryRegion iomem;
+ qemu_irq irq;
+ qemu_irq drq[2];
+ i2c_bus *bus;
+
+ uint8_t revision;
+ void *iclk;
+ void *fclk;
+
+ uint8_t mask;
+ uint16_t stat;
+ uint16_t dma;
+ uint16_t count;
+ int count_cur;
+ uint32_t fifo;
+ int rxlen;
+ int txlen;
+ uint16_t control;
+ uint16_t addr[2];
+ uint8_t divider;
+ uint8_t times[2];
+ uint16_t test;
+} OMAPI2CState;
+
+#define OMAP2_INTR_REV 0x34
+#define OMAP2_GC_REV 0x34
+
+static void omap_i2c_interrupts_update(OMAPI2CState *s)
+{
+ qemu_set_irq(s->irq, s->stat & s->mask);
+ if ((s->dma >> 15) & 1) /* RDMA_EN */
+ qemu_set_irq(s->drq[0], (s->stat >> 3) & 1); /* RRDY */
+ if ((s->dma >> 7) & 1) /* XDMA_EN */
+ qemu_set_irq(s->drq[1], (s->stat >> 4) & 1); /* XRDY */
+}
+
+static void omap_i2c_fifo_run(OMAPI2CState *s)
+{
+ int ack = 1;
+
+ if (!i2c_bus_busy(s->bus))
+ return;
+
+ if ((s->control >> 2) & 1) { /* RM */
+ if ((s->control >> 1) & 1) { /* STP */
+ i2c_end_transfer(s->bus);
+ s->control &= ~(1 << 1); /* STP */
+ s->count_cur = s->count;
+ s->txlen = 0;
+ } else if ((s->control >> 9) & 1) { /* TRX */
+ while (ack && s->txlen)
+ ack = (i2c_send(s->bus,
+ (s->fifo >> ((-- s->txlen) << 3)) &
+ 0xff) >= 0);
+ s->stat |= 1 << 4; /* XRDY */
+ } else {
+ while (s->rxlen < 4)
+ s->fifo |= i2c_recv(s->bus) << ((s->rxlen ++) << 3);
+ s->stat |= 1 << 3; /* RRDY */
+ }
+ } else {
+ if ((s->control >> 9) & 1) { /* TRX */
+ while (ack && s->count_cur && s->txlen) {
+ ack = (i2c_send(s->bus,
+ (s->fifo >> ((-- s->txlen) << 3)) &
+ 0xff) >= 0);
+ s->count_cur --;
+ }
+ if (ack && s->count_cur)
+ s->stat |= 1 << 4; /* XRDY */
+ else
+ s->stat &= ~(1 << 4); /* XRDY */
+ if (!s->count_cur) {
+ s->stat |= 1 << 2; /* ARDY */
+ s->control &= ~(1 << 10); /* MST */
+ }
+ } else {
+ while (s->count_cur && s->rxlen < 4) {
+ s->fifo |= i2c_recv(s->bus) << ((s->rxlen ++) << 3);
+ s->count_cur --;
+ }
+ if (s->rxlen)
+ s->stat |= 1 << 3; /* RRDY */
+ else
+ s->stat &= ~(1 << 3); /* RRDY */
+ }
+ if (!s->count_cur) {
+ if ((s->control >> 1) & 1) { /* STP */
+ i2c_end_transfer(s->bus);
+ s->control &= ~(1 << 1); /* STP */
+ s->count_cur = s->count;
+ s->txlen = 0;
+ } else {
+ s->stat |= 1 << 2; /* ARDY */
+ s->control &= ~(1 << 10); /* MST */
+ }
+ }
+ }
+
+ s->stat |= (!ack) << 1; /* NACK */
+ if (!ack)
+ s->control &= ~(1 << 1); /* STP */
+}
+
+static void omap_i2c_reset(DeviceState *dev)
+{
+ OMAPI2CState *s = OMAP_I2C(dev);
+
+ s->mask = 0;
+ s->stat = 0;
+ s->dma = 0;
+ s->count = 0;
+ s->count_cur = 0;
+ s->fifo = 0;
+ s->rxlen = 0;
+ s->txlen = 0;
+ s->control = 0;
+ s->addr[0] = 0;
+ s->addr[1] = 0;
+ s->divider = 0;
+ s->times[0] = 0;
+ s->times[1] = 0;
+ s->test = 0;
+}
+
+static uint32_t omap_i2c_read(void *opaque, hwaddr addr)
+{
+ OMAPI2CState *s = opaque;
+ int offset = addr & OMAP_MPUI_REG_MASK;
+ uint16_t ret;
+
+ switch (offset) {
+ case 0x00: /* I2C_REV */
+ return s->revision; /* REV */
+
+ case 0x04: /* I2C_IE */
+ return s->mask;
+
+ case 0x08: /* I2C_STAT */
+ return s->stat | (i2c_bus_busy(s->bus) << 12);
+
+ case 0x0c: /* I2C_IV */
+ if (s->revision >= OMAP2_INTR_REV)
+ break;
+ ret = ffs(s->stat & s->mask);
+ if (ret)
+ s->stat ^= 1 << (ret - 1);
+ omap_i2c_interrupts_update(s);
+ return ret;
+
+ case 0x10: /* I2C_SYSS */
+ return (s->control >> 15) & 1; /* I2C_EN */
+
+ case 0x14: /* I2C_BUF */
+ return s->dma;
+
+ case 0x18: /* I2C_CNT */
+ return s->count_cur; /* DCOUNT */
+
+ case 0x1c: /* I2C_DATA */
+ ret = 0;
+ if (s->control & (1 << 14)) { /* BE */
+ ret |= ((s->fifo >> 0) & 0xff) << 8;
+ ret |= ((s->fifo >> 8) & 0xff) << 0;
+ } else {
+ ret |= ((s->fifo >> 8) & 0xff) << 8;
+ ret |= ((s->fifo >> 0) & 0xff) << 0;
+ }
+ if (s->rxlen == 1) {
+ s->stat |= 1 << 15; /* SBD */
+ s->rxlen = 0;
+ } else if (s->rxlen > 1) {
+ if (s->rxlen > 2)
+ s->fifo >>= 16;
+ s->rxlen -= 2;
+ } else {
+ /* XXX: remote access (qualifier) error - what's that? */
+ }
+ if (!s->rxlen) {
+ s->stat &= ~(1 << 3); /* RRDY */
+ if (((s->control >> 10) & 1) && /* MST */
+ ((~s->control >> 9) & 1)) { /* TRX */
+ s->stat |= 1 << 2; /* ARDY */
+ s->control &= ~(1 << 10); /* MST */
+ }
+ }
+ s->stat &= ~(1 << 11); /* ROVR */
+ omap_i2c_fifo_run(s);
+ omap_i2c_interrupts_update(s);
+ return ret;
+
+ case 0x20: /* I2C_SYSC */
+ return 0;
+
+ case 0x24: /* I2C_CON */
+ return s->control;
+
+ case 0x28: /* I2C_OA */
+ return s->addr[0];
+
+ case 0x2c: /* I2C_SA */
+ return s->addr[1];
+
+ case 0x30: /* I2C_PSC */
+ return s->divider;
+
+ case 0x34: /* I2C_SCLL */
+ return s->times[0];
+
+ case 0x38: /* I2C_SCLH */
+ return s->times[1];
+
+ case 0x3c: /* I2C_SYSTEST */
+ if (s->test & (1 << 15)) { /* ST_EN */
+ s->test ^= 0xa;
+ return s->test;
+ } else
+ return s->test & ~0x300f;
+ }
+
+ OMAP_BAD_REG(addr);
+ return 0;
+}
+
+static void omap_i2c_write(void *opaque, hwaddr addr,
+ uint32_t value)
+{
+ OMAPI2CState *s = opaque;
+ int offset = addr & OMAP_MPUI_REG_MASK;
+ int nack;
+
+ switch (offset) {
+ case 0x00: /* I2C_REV */
+ case 0x0c: /* I2C_IV */
+ case 0x10: /* I2C_SYSS */
+ OMAP_RO_REG(addr);
+ return;
+
+ case 0x04: /* I2C_IE */
+ s->mask = value & (s->revision < OMAP2_GC_REV ? 0x1f : 0x3f);
+ break;
+
+ case 0x08: /* I2C_STAT */
+ if (s->revision < OMAP2_INTR_REV) {
+ OMAP_RO_REG(addr);
+ return;
+ }
+
+ /* RRDY and XRDY are reset by hardware. (in all versions???) */
+ s->stat &= ~(value & 0x27);
+ omap_i2c_interrupts_update(s);
+ break;
+
+ case 0x14: /* I2C_BUF */
+ s->dma = value & 0x8080;
+ if (value & (1 << 15)) /* RDMA_EN */
+ s->mask &= ~(1 << 3); /* RRDY_IE */
+ if (value & (1 << 7)) /* XDMA_EN */
+ s->mask &= ~(1 << 4); /* XRDY_IE */
+ break;
+
+ case 0x18: /* I2C_CNT */
+ s->count = value; /* DCOUNT */
+ break;
+
+ case 0x1c: /* I2C_DATA */
+ if (s->txlen > 2) {
+ /* XXX: remote access (qualifier) error - what's that? */
+ break;
+ }
+ s->fifo <<= 16;
+ s->txlen += 2;
+ if (s->control & (1 << 14)) { /* BE */
+ s->fifo |= ((value >> 8) & 0xff) << 8;
+ s->fifo |= ((value >> 0) & 0xff) << 0;
+ } else {
+ s->fifo |= ((value >> 0) & 0xff) << 8;
+ s->fifo |= ((value >> 8) & 0xff) << 0;
+ }
+ s->stat &= ~(1 << 10); /* XUDF */
+ if (s->txlen > 2)
+ s->stat &= ~(1 << 4); /* XRDY */
+ omap_i2c_fifo_run(s);
+ omap_i2c_interrupts_update(s);
+ break;
+
+ case 0x20: /* I2C_SYSC */
+ if (s->revision < OMAP2_INTR_REV) {
+ OMAP_BAD_REG(addr);
+ return;
+ }
+
+ if (value & 2) {
+ omap_i2c_reset(DEVICE(s));
+ }
+ break;
+
+ case 0x24: /* I2C_CON */
+ s->control = value & 0xcf87;
+ if (~value & (1 << 15)) { /* I2C_EN */
+ if (s->revision < OMAP2_INTR_REV) {
+ omap_i2c_reset(DEVICE(s));
+ }
+ break;
+ }
+ if ((value & (1 << 15)) && !(value & (1 << 10))) { /* MST */
+ fprintf(stderr, "%s: I^2C slave mode not supported\n",
+ __FUNCTION__);
+ break;
+ }
+ if ((value & (1 << 15)) && value & (1 << 8)) { /* XA */
+ fprintf(stderr, "%s: 10-bit addressing mode not supported\n",
+ __FUNCTION__);
+ break;
+ }
+ if ((value & (1 << 15)) && value & (1 << 0)) { /* STT */
+ nack = !!i2c_start_transfer(s->bus, s->addr[1], /* SA */
+ (~value >> 9) & 1); /* TRX */
+ s->stat |= nack << 1; /* NACK */
+ s->control &= ~(1 << 0); /* STT */
+ s->fifo = 0;
+ if (nack)
+ s->control &= ~(1 << 1); /* STP */
+ else {
+ s->count_cur = s->count;
+ omap_i2c_fifo_run(s);
+ }
+ omap_i2c_interrupts_update(s);
+ }
+ break;
+
+ case 0x28: /* I2C_OA */
+ s->addr[0] = value & 0x3ff;
+ break;
+
+ case 0x2c: /* I2C_SA */
+ s->addr[1] = value & 0x3ff;
+ break;
+
+ case 0x30: /* I2C_PSC */
+ s->divider = value;
+ break;
+
+ case 0x34: /* I2C_SCLL */
+ s->times[0] = value;
+ break;
+
+ case 0x38: /* I2C_SCLH */
+ s->times[1] = value;
+ break;
+
+ case 0x3c: /* I2C_SYSTEST */
+ s->test = value & 0xf80f;
+ if (value & (1 << 11)) /* SBB */
+ if (s->revision >= OMAP2_INTR_REV) {
+ s->stat |= 0x3f;
+ omap_i2c_interrupts_update(s);
+ }
+ if (value & (1 << 15)) /* ST_EN */
+ fprintf(stderr, "%s: System Test not supported\n", __FUNCTION__);
+ break;
+
+ default:
+ OMAP_BAD_REG(addr);
+ return;
+ }
+}
+
+static void omap_i2c_writeb(void *opaque, hwaddr addr,
+ uint32_t value)
+{
+ OMAPI2CState *s = opaque;
+ int offset = addr & OMAP_MPUI_REG_MASK;
+
+ switch (offset) {
+ case 0x1c: /* I2C_DATA */
+ if (s->txlen > 2) {
+ /* XXX: remote access (qualifier) error - what's that? */
+ break;
+ }
+ s->fifo <<= 8;
+ s->txlen += 1;
+ s->fifo |= value & 0xff;
+ s->stat &= ~(1 << 10); /* XUDF */
+ if (s->txlen > 2)
+ s->stat &= ~(1 << 4); /* XRDY */
+ omap_i2c_fifo_run(s);
+ omap_i2c_interrupts_update(s);
+ break;
+
+ default:
+ OMAP_BAD_REG(addr);
+ return;
+ }
+}
+
+static const MemoryRegionOps omap_i2c_ops = {
+ .old_mmio = {
+ .read = {
+ omap_badwidth_read16,
+ omap_i2c_read,
+ omap_badwidth_read16,
+ },
+ .write = {
+ omap_i2c_writeb, /* Only the last fifo write can be 8 bit. */
+ omap_i2c_write,
+ omap_badwidth_write16,
+ },
+ },
+ .endianness = DEVICE_NATIVE_ENDIAN,
+};
+
+static int omap_i2c_init(SysBusDevice *sbd)
+{
+ DeviceState *dev = DEVICE(sbd);
+ OMAPI2CState *s = OMAP_I2C(dev);
+
+ if (!s->fclk) {
+ hw_error("omap_i2c: fclk not connected\n");
+ }
+ if (s->revision >= OMAP2_INTR_REV && !s->iclk) {
+ /* Note that OMAP1 doesn't have a separate interface clock */
+ hw_error("omap_i2c: iclk not connected\n");
+ }
+ sysbus_init_irq(sbd, &s->irq);
+ sysbus_init_irq(sbd, &s->drq[0]);
+ sysbus_init_irq(sbd, &s->drq[1]);
+ memory_region_init_io(&s->iomem, OBJECT(s), &omap_i2c_ops, s, "omap.i2c",
+ (s->revision < OMAP2_INTR_REV) ? 0x800 : 0x1000);
+ sysbus_init_mmio(sbd, &s->iomem);
+ s->bus = i2c_init_bus(dev, NULL);
+ return 0;
+}
+
+static Property omap_i2c_properties[] = {
+ DEFINE_PROP_UINT8("revision", OMAPI2CState, revision, 0),
+ DEFINE_PROP_PTR("iclk", OMAPI2CState, iclk),
+ DEFINE_PROP_PTR("fclk", OMAPI2CState, fclk),
+ DEFINE_PROP_END_OF_LIST(),
+};
+
+static void omap_i2c_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
+ k->init = omap_i2c_init;
+ dc->props = omap_i2c_properties;
+ dc->reset = omap_i2c_reset;
+}
+
+static const TypeInfo omap_i2c_info = {
+ .name = TYPE_OMAP_I2C,
+ .parent = TYPE_SYS_BUS_DEVICE,
+ .instance_size = sizeof(OMAPI2CState),
+ .class_init = omap_i2c_class_init,
+};
+
+static void omap_i2c_register_types(void)
+{
+ type_register_static(&omap_i2c_info);
+}
+
+i2c_bus *omap_i2c_bus(DeviceState *omap_i2c)
+{
+ OMAPI2CState *s = OMAP_I2C(omap_i2c);
+ return s->bus;
+}
+
+type_init(omap_i2c_register_types)
diff --git a/hw/i2c/pm_smbus.c b/hw/i2c/pm_smbus.c
new file mode 100644
index 000000000..c98e44753
--- /dev/null
+++ b/hw/i2c/pm_smbus.c
@@ -0,0 +1,207 @@
+/*
+ * PC SMBus implementation
+ * splitted from acpi.c
+ *
+ * Copyright (c) 2006 Fabrice Bellard
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License version 2 as published by the Free Software Foundation.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, see
+ * <http://www.gnu.org/licenses/>.
+ */
+#include "hw/hw.h"
+#include "hw/i386/pc.h"
+#include "hw/i2c/pm_smbus.h"
+#include "hw/i2c/smbus.h"
+
+/* no save/load? */
+
+#define SMBHSTSTS 0x00
+#define SMBHSTCNT 0x02
+#define SMBHSTCMD 0x03
+#define SMBHSTADD 0x04
+#define SMBHSTDAT0 0x05
+#define SMBHSTDAT1 0x06
+#define SMBBLKDAT 0x07
+
+#define STS_HOST_BUSY (1)
+#define STS_INTR (1<<1)
+#define STS_DEV_ERR (1<<2)
+#define STS_BUS_ERR (1<<3)
+#define STS_FAILED (1<<4)
+#define STS_SMBALERT (1<<5)
+#define STS_INUSE_STS (1<<6)
+#define STS_BYTE_DONE (1<<7)
+/* Signs of successfully transaction end :
+* ByteDoneStatus = 1 (STS_BYTE_DONE) and INTR = 1 (STS_INTR )
+*/
+
+//#define DEBUG
+
+#ifdef DEBUG
+# define SMBUS_DPRINTF(format, ...) printf(format, ## __VA_ARGS__)
+#else
+# define SMBUS_DPRINTF(format, ...) do { } while (0)
+#endif
+
+
+static void smb_transaction(PMSMBus *s)
+{
+ uint8_t prot = (s->smb_ctl >> 2) & 0x07;
+ uint8_t read = s->smb_addr & 0x01;
+ uint8_t cmd = s->smb_cmd;
+ uint8_t addr = s->smb_addr >> 1;
+ i2c_bus *bus = s->smbus;
+
+ SMBUS_DPRINTF("SMBus trans addr=0x%02x prot=0x%02x\n", addr, prot);
+ /* Transaction isn't exec if STS_DEV_ERR bit set */
+ if ((s->smb_stat & STS_DEV_ERR) != 0) {
+ goto error;
+ }
+ switch(prot) {
+ case 0x0:
+ smbus_quick_command(bus, addr, read);
+ s->smb_stat |= STS_BYTE_DONE | STS_INTR;
+ break;
+ case 0x1:
+ if (read) {
+ s->smb_data0 = smbus_receive_byte(bus, addr);
+ } else {
+ smbus_send_byte(bus, addr, cmd);
+ }
+ s->smb_stat |= STS_BYTE_DONE | STS_INTR;
+ break;
+ case 0x2:
+ if (read) {
+ s->smb_data0 = smbus_read_byte(bus, addr, cmd);
+ } else {
+ smbus_write_byte(bus, addr, cmd, s->smb_data0);
+ }
+ s->smb_stat |= STS_BYTE_DONE | STS_INTR;
+ break;
+ case 0x3:
+ if (read) {
+ uint16_t val;
+ val = smbus_read_word(bus, addr, cmd);
+ s->smb_data0 = val;
+ s->smb_data1 = val >> 8;
+ } else {
+ smbus_write_word(bus, addr, cmd, (s->smb_data1 << 8) | s->smb_data0);
+ }
+ s->smb_stat |= STS_BYTE_DONE | STS_INTR;
+ break;
+ case 0x5:
+ if (read) {
+ s->smb_data0 = smbus_read_block(bus, addr, cmd, s->smb_data);
+ } else {
+ smbus_write_block(bus, addr, cmd, s->smb_data, s->smb_data0);
+ }
+ s->smb_stat |= STS_BYTE_DONE | STS_INTR;
+ break;
+ default:
+ goto error;
+ }
+ return;
+
+ error:
+ s->smb_stat |= STS_DEV_ERR;
+}
+
+static void smb_ioport_writeb(void *opaque, hwaddr addr, uint64_t val,
+ unsigned width)
+{
+ PMSMBus *s = opaque;
+
+ SMBUS_DPRINTF("SMB writeb port=0x%04x val=0x%02x\n", addr, val);
+ switch(addr) {
+ case SMBHSTSTS:
+ s->smb_stat = (~(val & 0xff)) & s->smb_stat;
+ s->smb_index = 0;
+ break;
+ case SMBHSTCNT:
+ s->smb_ctl = val;
+ if (val & 0x40)
+ smb_transaction(s);
+ break;
+ case SMBHSTCMD:
+ s->smb_cmd = val;
+ break;
+ case SMBHSTADD:
+ s->smb_addr = val;
+ break;
+ case SMBHSTDAT0:
+ s->smb_data0 = val;
+ break;
+ case SMBHSTDAT1:
+ s->smb_data1 = val;
+ break;
+ case SMBBLKDAT:
+ s->smb_data[s->smb_index++] = val;
+ if (s->smb_index > 31)
+ s->smb_index = 0;
+ break;
+ default:
+ break;
+ }
+}
+
+static uint64_t smb_ioport_readb(void *opaque, hwaddr addr, unsigned width)
+{
+ PMSMBus *s = opaque;
+ uint32_t val;
+
+ switch(addr) {
+ case SMBHSTSTS:
+ val = s->smb_stat;
+ break;
+ case SMBHSTCNT:
+ s->smb_index = 0;
+ val = s->smb_ctl & 0x1f;
+ break;
+ case SMBHSTCMD:
+ val = s->smb_cmd;
+ break;
+ case SMBHSTADD:
+ val = s->smb_addr;
+ break;
+ case SMBHSTDAT0:
+ val = s->smb_data0;
+ break;
+ case SMBHSTDAT1:
+ val = s->smb_data1;
+ break;
+ case SMBBLKDAT:
+ val = s->smb_data[s->smb_index++];
+ if (s->smb_index > 31)
+ s->smb_index = 0;
+ break;
+ default:
+ val = 0;
+ break;
+ }
+ SMBUS_DPRINTF("SMB readb port=0x%04x val=0x%02x\n", addr, val);
+ return val;
+}
+
+static const MemoryRegionOps pm_smbus_ops = {
+ .read = smb_ioport_readb,
+ .write = smb_ioport_writeb,
+ .valid.min_access_size = 1,
+ .valid.max_access_size = 1,
+ .endianness = DEVICE_LITTLE_ENDIAN,
+};
+
+void pm_smbus_init(DeviceState *parent, PMSMBus *smb)
+{
+ smb->smbus = i2c_init_bus(parent, "i2c");
+ memory_region_init_io(&smb->io, OBJECT(parent), &pm_smbus_ops, smb,
+ "pm-smbus", 64);
+}
diff --git a/hw/i2c/smbus.c b/hw/i2c/smbus.c
new file mode 100644
index 000000000..25d2d0416
--- /dev/null
+++ b/hw/i2c/smbus.c
@@ -0,0 +1,335 @@
+/*
+ * QEMU SMBus device emulation.
+ *
+ * Copyright (c) 2007 CodeSourcery.
+ * Written by Paul Brook
+ *
+ * This code is licensed under the LGPL.
+ */
+
+/* TODO: Implement PEC. */
+
+#include "hw/hw.h"
+#include "hw/i2c/i2c.h"
+#include "hw/i2c/smbus.h"
+
+//#define DEBUG_SMBUS 1
+
+#ifdef DEBUG_SMBUS
+#define DPRINTF(fmt, ...) \
+do { printf("smbus(%02x): " fmt , dev->i2c.address, ## __VA_ARGS__); } while (0)
+#define BADF(fmt, ...) \
+do { fprintf(stderr, "smbus: error: " fmt , ## __VA_ARGS__); exit(1);} while (0)
+#else
+#define DPRINTF(fmt, ...) do {} while(0)
+#define BADF(fmt, ...) \
+do { fprintf(stderr, "smbus: error: " fmt , ## __VA_ARGS__);} while (0)
+#endif
+
+enum {
+ SMBUS_IDLE,
+ SMBUS_WRITE_DATA,
+ SMBUS_RECV_BYTE,
+ SMBUS_READ_DATA,
+ SMBUS_DONE,
+ SMBUS_CONFUSED = -1
+};
+
+static void smbus_do_quick_cmd(SMBusDevice *dev, int recv)
+{
+ SMBusDeviceClass *sc = SMBUS_DEVICE_GET_CLASS(dev);
+
+ DPRINTF("Quick Command %d\n", recv);
+ if (sc->quick_cmd) {
+ sc->quick_cmd(dev, recv);
+ }
+}
+
+static void smbus_do_write(SMBusDevice *dev)
+{
+ SMBusDeviceClass *sc = SMBUS_DEVICE_GET_CLASS(dev);
+
+ if (dev->data_len == 0) {
+ smbus_do_quick_cmd(dev, 0);
+ } else if (dev->data_len == 1) {
+ DPRINTF("Send Byte\n");
+ if (sc->send_byte) {
+ sc->send_byte(dev, dev->data_buf[0]);
+ }
+ } else {
+ dev->command = dev->data_buf[0];
+ DPRINTF("Command %d len %d\n", dev->command, dev->data_len - 1);
+ if (sc->write_data) {
+ sc->write_data(dev, dev->command, dev->data_buf + 1,
+ dev->data_len - 1);
+ }
+ }
+}
+
+static void smbus_i2c_event(I2CSlave *s, enum i2c_event event)
+{
+ SMBusDevice *dev = SMBUS_DEVICE(s);
+
+ switch (event) {
+ case I2C_START_SEND:
+ switch (dev->mode) {
+ case SMBUS_IDLE:
+ DPRINTF("Incoming data\n");
+ dev->mode = SMBUS_WRITE_DATA;
+ break;
+ default:
+ BADF("Unexpected send start condition in state %d\n", dev->mode);
+ dev->mode = SMBUS_CONFUSED;
+ break;
+ }
+ break;
+
+ case I2C_START_RECV:
+ switch (dev->mode) {
+ case SMBUS_IDLE:
+ DPRINTF("Read mode\n");
+ dev->mode = SMBUS_RECV_BYTE;
+ break;
+ case SMBUS_WRITE_DATA:
+ if (dev->data_len == 0) {
+ BADF("Read after write with no data\n");
+ dev->mode = SMBUS_CONFUSED;
+ } else {
+ if (dev->data_len > 1) {
+ smbus_do_write(dev);
+ } else {
+ dev->command = dev->data_buf[0];
+ DPRINTF("%02x: Command %d\n", dev->i2c.address,
+ dev->command);
+ }
+ DPRINTF("Read mode\n");
+ dev->data_len = 0;
+ dev->mode = SMBUS_READ_DATA;
+ }
+ break;
+ default:
+ BADF("Unexpected recv start condition in state %d\n", dev->mode);
+ dev->mode = SMBUS_CONFUSED;
+ break;
+ }
+ break;
+
+ case I2C_FINISH:
+ switch (dev->mode) {
+ case SMBUS_WRITE_DATA:
+ smbus_do_write(dev);
+ break;
+ case SMBUS_RECV_BYTE:
+ smbus_do_quick_cmd(dev, 1);
+ break;
+ case SMBUS_READ_DATA:
+ BADF("Unexpected stop during receive\n");
+ break;
+ default:
+ /* Nothing to do. */
+ break;
+ }
+ dev->mode = SMBUS_IDLE;
+ dev->data_len = 0;
+ break;
+
+ case I2C_NACK:
+ switch (dev->mode) {
+ case SMBUS_DONE:
+ /* Nothing to do. */
+ break;
+ case SMBUS_READ_DATA:
+ dev->mode = SMBUS_DONE;
+ break;
+ default:
+ BADF("Unexpected NACK in state %d\n", dev->mode);
+ dev->mode = SMBUS_CONFUSED;
+ break;
+ }
+ }
+}
+
+static int smbus_i2c_recv(I2CSlave *s)
+{
+ SMBusDevice *dev = SMBUS_DEVICE(s);
+ SMBusDeviceClass *sc = SMBUS_DEVICE_GET_CLASS(dev);
+ int ret;
+
+ switch (dev->mode) {
+ case SMBUS_RECV_BYTE:
+ if (sc->receive_byte) {
+ ret = sc->receive_byte(dev);
+ } else {
+ ret = 0;
+ }
+ DPRINTF("Receive Byte %02x\n", ret);
+ dev->mode = SMBUS_DONE;
+ break;
+ case SMBUS_READ_DATA:
+ if (sc->read_data) {
+ ret = sc->read_data(dev, dev->command, dev->data_len);
+ dev->data_len++;
+ } else {
+ ret = 0;
+ }
+ DPRINTF("Read data %02x\n", ret);
+ break;
+ default:
+ BADF("Unexpected read in state %d\n", dev->mode);
+ dev->mode = SMBUS_CONFUSED;
+ ret = 0;
+ break;
+ }
+ return ret;
+}
+
+static int smbus_i2c_send(I2CSlave *s, uint8_t data)
+{
+ SMBusDevice *dev = SMBUS_DEVICE(s);
+
+ switch (dev->mode) {
+ case SMBUS_WRITE_DATA:
+ DPRINTF("Write data %02x\n", data);
+ dev->data_buf[dev->data_len++] = data;
+ break;
+ default:
+ BADF("Unexpected write in state %d\n", dev->mode);
+ break;
+ }
+ return 0;
+}
+
+static int smbus_device_init(I2CSlave *i2c)
+{
+ SMBusDevice *dev = SMBUS_DEVICE(i2c);
+ SMBusDeviceClass *sc = SMBUS_DEVICE_GET_CLASS(dev);
+
+ return sc->init(dev);
+}
+
+/* Master device commands. */
+void smbus_quick_command(i2c_bus *bus, uint8_t addr, int read)
+{
+ i2c_start_transfer(bus, addr, read);
+ i2c_end_transfer(bus);
+}
+
+uint8_t smbus_receive_byte(i2c_bus *bus, uint8_t addr)
+{
+ uint8_t data;
+
+ i2c_start_transfer(bus, addr, 1);
+ data = i2c_recv(bus);
+ i2c_nack(bus);
+ i2c_end_transfer(bus);
+ return data;
+}
+
+void smbus_send_byte(i2c_bus *bus, uint8_t addr, uint8_t data)
+{
+ i2c_start_transfer(bus, addr, 0);
+ i2c_send(bus, data);
+ i2c_end_transfer(bus);
+}
+
+uint8_t smbus_read_byte(i2c_bus *bus, uint8_t addr, uint8_t command)
+{
+ uint8_t data;
+ i2c_start_transfer(bus, addr, 0);
+ i2c_send(bus, command);
+ i2c_start_transfer(bus, addr, 1);
+ data = i2c_recv(bus);
+ i2c_nack(bus);
+ i2c_end_transfer(bus);
+ return data;
+}
+
+void smbus_write_byte(i2c_bus *bus, uint8_t addr, uint8_t command, uint8_t data)
+{
+ i2c_start_transfer(bus, addr, 0);
+ i2c_send(bus, command);
+ i2c_send(bus, data);
+ i2c_end_transfer(bus);
+}
+
+uint16_t smbus_read_word(i2c_bus *bus, uint8_t addr, uint8_t command)
+{
+ uint16_t data;
+ i2c_start_transfer(bus, addr, 0);
+ i2c_send(bus, command);
+ i2c_start_transfer(bus, addr, 1);
+ data = i2c_recv(bus);
+ data |= i2c_recv(bus) << 8;
+ i2c_nack(bus);
+ i2c_end_transfer(bus);
+ return data;
+}
+
+void smbus_write_word(i2c_bus *bus, uint8_t addr, uint8_t command, uint16_t data)
+{
+ i2c_start_transfer(bus, addr, 0);
+ i2c_send(bus, command);
+ i2c_send(bus, data & 0xff);
+ i2c_send(bus, data >> 8);
+ i2c_end_transfer(bus);
+}
+
+int smbus_read_block(i2c_bus *bus, uint8_t addr, uint8_t command, uint8_t *data)
+{
+ int len;
+ int i;
+
+ i2c_start_transfer(bus, addr, 0);
+ i2c_send(bus, command);
+ i2c_start_transfer(bus, addr, 1);
+ len = i2c_recv(bus);
+ if (len > 32)
+ len = 0;
+ for (i = 0; i < len; i++)
+ data[i] = i2c_recv(bus);
+ i2c_nack(bus);
+ i2c_end_transfer(bus);
+ return len;
+}
+
+void smbus_write_block(i2c_bus *bus, uint8_t addr, uint8_t command, uint8_t *data,
+ int len)
+{
+ int i;
+
+ if (len > 32)
+ len = 32;
+
+ i2c_start_transfer(bus, addr, 0);
+ i2c_send(bus, command);
+ i2c_send(bus, len);
+ for (i = 0; i < len; i++)
+ i2c_send(bus, data[i]);
+ i2c_end_transfer(bus);
+}
+
+static void smbus_device_class_init(ObjectClass *klass, void *data)
+{
+ I2CSlaveClass *sc = I2C_SLAVE_CLASS(klass);
+
+ sc->init = smbus_device_init;
+ sc->event = smbus_i2c_event;
+ sc->recv = smbus_i2c_recv;
+ sc->send = smbus_i2c_send;
+}
+
+static const TypeInfo smbus_device_type_info = {
+ .name = TYPE_SMBUS_DEVICE,
+ .parent = TYPE_I2C_SLAVE,
+ .instance_size = sizeof(SMBusDevice),
+ .abstract = true,
+ .class_size = sizeof(SMBusDeviceClass),
+ .class_init = smbus_device_class_init,
+};
+
+static void smbus_device_register_types(void)
+{
+ type_register_static(&smbus_device_type_info);
+}
+
+type_init(smbus_device_register_types)
diff --git a/hw/i2c/smbus_eeprom.c b/hw/i2c/smbus_eeprom.c
new file mode 100644
index 000000000..015428376
--- /dev/null
+++ b/hw/i2c/smbus_eeprom.c
@@ -0,0 +1,156 @@
+/*
+ * QEMU SMBus EEPROM device
+ *
+ * Copyright (c) 2007 Arastra, Inc.
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+#include "hw/hw.h"
+#include "hw/i2c/i2c.h"
+#include "hw/i2c/smbus.h"
+
+//#define DEBUG
+
+typedef struct SMBusEEPROMDevice {
+ SMBusDevice smbusdev;
+ void *data;
+ uint8_t offset;
+} SMBusEEPROMDevice;
+
+static void eeprom_quick_cmd(SMBusDevice *dev, uint8_t read)
+{
+#ifdef DEBUG
+ printf("eeprom_quick_cmd: addr=0x%02x read=%d\n", dev->i2c.address, read);
+#endif
+}
+
+static void eeprom_send_byte(SMBusDevice *dev, uint8_t val)
+{
+ SMBusEEPROMDevice *eeprom = (SMBusEEPROMDevice *) dev;
+#ifdef DEBUG
+ printf("eeprom_send_byte: addr=0x%02x val=0x%02x\n",
+ dev->i2c.address, val);
+#endif
+ eeprom->offset = val;
+}
+
+static uint8_t eeprom_receive_byte(SMBusDevice *dev)
+{
+ SMBusEEPROMDevice *eeprom = (SMBusEEPROMDevice *) dev;
+ uint8_t *data = eeprom->data;
+ uint8_t val = data[eeprom->offset++];
+#ifdef DEBUG
+ printf("eeprom_receive_byte: addr=0x%02x val=0x%02x\n",
+ dev->i2c.address, val);
+#endif
+ return val;
+}
+
+static void eeprom_write_data(SMBusDevice *dev, uint8_t cmd, uint8_t *buf, int len)
+{
+ SMBusEEPROMDevice *eeprom = (SMBusEEPROMDevice *) dev;
+ int n;
+#ifdef DEBUG
+ printf("eeprom_write_byte: addr=0x%02x cmd=0x%02x val=0x%02x\n",
+ dev->i2c.address, cmd, buf[0]);
+#endif
+ /* An page write operation is not a valid SMBus command.
+ It is a block write without a length byte. Fortunately we
+ get the full block anyway. */
+ /* TODO: Should this set the current location? */
+ if (cmd + len > 256)
+ n = 256 - cmd;
+ else
+ n = len;
+ memcpy(eeprom->data + cmd, buf, n);
+ len -= n;
+ if (len)
+ memcpy(eeprom->data, buf + n, len);
+}
+
+static uint8_t eeprom_read_data(SMBusDevice *dev, uint8_t cmd, int n)
+{
+ SMBusEEPROMDevice *eeprom = (SMBusEEPROMDevice *) dev;
+ /* If this is the first byte then set the current position. */
+ if (n == 0)
+ eeprom->offset = cmd;
+ /* As with writes, we implement block reads without the
+ SMBus length byte. */
+ return eeprom_receive_byte(dev);
+}
+
+static int smbus_eeprom_initfn(SMBusDevice *dev)
+{
+ SMBusEEPROMDevice *eeprom = (SMBusEEPROMDevice *)dev;
+
+ eeprom->offset = 0;
+ return 0;
+}
+
+static Property smbus_eeprom_properties[] = {
+ DEFINE_PROP_PTR("data", SMBusEEPROMDevice, data),
+ DEFINE_PROP_END_OF_LIST(),
+};
+
+static void smbus_eeprom_class_initfn(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ SMBusDeviceClass *sc = SMBUS_DEVICE_CLASS(klass);
+
+ sc->init = smbus_eeprom_initfn;
+ sc->quick_cmd = eeprom_quick_cmd;
+ sc->send_byte = eeprom_send_byte;
+ sc->receive_byte = eeprom_receive_byte;
+ sc->write_data = eeprom_write_data;
+ sc->read_data = eeprom_read_data;
+ dc->props = smbus_eeprom_properties;
+}
+
+static const TypeInfo smbus_eeprom_info = {
+ .name = "smbus-eeprom",
+ .parent = TYPE_SMBUS_DEVICE,
+ .instance_size = sizeof(SMBusEEPROMDevice),
+ .class_init = smbus_eeprom_class_initfn,
+};
+
+static void smbus_eeprom_register_types(void)
+{
+ type_register_static(&smbus_eeprom_info);
+}
+
+type_init(smbus_eeprom_register_types)
+
+void smbus_eeprom_init(i2c_bus *smbus, int nb_eeprom,
+ const uint8_t *eeprom_spd, int eeprom_spd_size)
+{
+ int i;
+ uint8_t *eeprom_buf = g_malloc0(8 * 256); /* XXX: make this persistent */
+ if (eeprom_spd_size > 0) {
+ memcpy(eeprom_buf, eeprom_spd, eeprom_spd_size);
+ }
+
+ for (i = 0; i < nb_eeprom; i++) {
+ DeviceState *eeprom;
+ eeprom = qdev_create((BusState *)smbus, "smbus-eeprom");
+ qdev_prop_set_uint8(eeprom, "address", 0x50 + i);
+ qdev_prop_set_ptr(eeprom, "data", eeprom_buf + (i * 256));
+ qdev_init_nofail(eeprom);
+ }
+}
diff --git a/hw/i2c/smbus_ich9.c b/hw/i2c/smbus_ich9.c
new file mode 100644
index 000000000..ca229789f
--- /dev/null
+++ b/hw/i2c/smbus_ich9.c
@@ -0,0 +1,127 @@
+/*
+ * ACPI implementation
+ *
+ * Copyright (c) 2006 Fabrice Bellard
+ * Copyright (c) 2009 Isaku Yamahata <yamahata at valinux co jp>
+ * VA Linux Systems Japan K.K.
+ * Copyright (C) 2012 Jason Baron <jbaron@redhat.com>
+ *
+ * This is based on acpi.c, but heavily rewritten.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License version 2 as published by the Free Software Foundation.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, see <http://www.gnu.org/licenses/>
+ *
+ * Contributions after 2012-01-13 are licensed under the terms of the
+ * GNU GPL, version 2 or (at your option) any later version.
+ *
+ */
+#include "hw/hw.h"
+#include "hw/i386/pc.h"
+#include "hw/i2c/pm_smbus.h"
+#include "hw/pci/pci.h"
+#include "sysemu/sysemu.h"
+#include "hw/i2c/i2c.h"
+#include "hw/i2c/smbus.h"
+
+#include "hw/i386/ich9.h"
+
+#define TYPE_ICH9_SMB_DEVICE "ICH9 SMB"
+#define ICH9_SMB_DEVICE(obj) \
+ OBJECT_CHECK(ICH9SMBState, (obj), TYPE_ICH9_SMB_DEVICE)
+
+typedef struct ICH9SMBState {
+ PCIDevice dev;
+
+ PMSMBus smb;
+} ICH9SMBState;
+
+static const VMStateDescription vmstate_ich9_smbus = {
+ .name = "ich9_smb",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .minimum_version_id_old = 1,
+ .fields = (VMStateField[]) {
+ VMSTATE_PCI_DEVICE(dev, struct ICH9SMBState),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+static void ich9_smbus_write_config(PCIDevice *d, uint32_t address,
+ uint32_t val, int len)
+{
+ ICH9SMBState *s = ICH9_SMB_DEVICE(d);
+
+ pci_default_write_config(d, address, val, len);
+ if (range_covers_byte(address, len, ICH9_SMB_HOSTC)) {
+ uint8_t hostc = s->dev.config[ICH9_SMB_HOSTC];
+ if ((hostc & ICH9_SMB_HOSTC_HST_EN) &&
+ !(hostc & ICH9_SMB_HOSTC_I2C_EN)) {
+ memory_region_set_enabled(&s->smb.io, true);
+ } else {
+ memory_region_set_enabled(&s->smb.io, false);
+ }
+ }
+}
+
+static int ich9_smbus_initfn(PCIDevice *d)
+{
+ ICH9SMBState *s = ICH9_SMB_DEVICE(d);
+
+ /* TODO? D31IP.SMIP in chipset configuration space */
+ pci_config_set_interrupt_pin(d->config, 0x01); /* interrupt pin 1 */
+
+ pci_set_byte(d->config + ICH9_SMB_HOSTC, 0);
+ /* TODO bar0, bar1: 64bit BAR support*/
+
+ pm_smbus_init(&d->qdev, &s->smb);
+ pci_register_bar(d, ICH9_SMB_SMB_BASE_BAR, PCI_BASE_ADDRESS_SPACE_IO,
+ &s->smb.io);
+ return 0;
+}
+
+static void ich9_smb_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ PCIDeviceClass *k = PCI_DEVICE_CLASS(klass);
+
+ k->vendor_id = PCI_VENDOR_ID_INTEL;
+ k->device_id = PCI_DEVICE_ID_INTEL_ICH9_6;
+ k->revision = ICH9_A2_SMB_REVISION;
+ k->class_id = PCI_CLASS_SERIAL_SMBUS;
+ dc->no_user = 1;
+ dc->vmsd = &vmstate_ich9_smbus;
+ dc->desc = "ICH9 SMBUS Bridge";
+ k->init = ich9_smbus_initfn;
+ k->config_write = ich9_smbus_write_config;
+}
+
+i2c_bus *ich9_smb_init(PCIBus *bus, int devfn, uint32_t smb_io_base)
+{
+ PCIDevice *d =
+ pci_create_simple_multifunction(bus, devfn, true, TYPE_ICH9_SMB_DEVICE);
+ ICH9SMBState *s = ICH9_SMB_DEVICE(d);
+ return s->smb.smbus;
+}
+
+static const TypeInfo ich9_smb_info = {
+ .name = TYPE_ICH9_SMB_DEVICE,
+ .parent = TYPE_PCI_DEVICE,
+ .instance_size = sizeof(ICH9SMBState),
+ .class_init = ich9_smb_class_init,
+};
+
+static void ich9_smb_register(void)
+{
+ type_register_static(&ich9_smb_info);
+}
+
+type_init(ich9_smb_register);
diff --git a/hw/i2c/versatile_i2c.c b/hw/i2c/versatile_i2c.c
new file mode 100644
index 000000000..02e9f171b
--- /dev/null
+++ b/hw/i2c/versatile_i2c.c
@@ -0,0 +1,113 @@
+/*
+ * ARM Versatile I2C controller
+ *
+ * Copyright (c) 2006-2007 CodeSourcery.
+ * Copyright (c) 2012 Oskar Andero <oskar.andero@gmail.com>
+ *
+ * This file is derived from hw/realview.c by Paul Brook
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+#include "hw/sysbus.h"
+#include "bitbang_i2c.h"
+
+#define TYPE_VERSATILE_I2C "versatile_i2c"
+#define VERSATILE_I2C(obj) \
+ OBJECT_CHECK(VersatileI2CState, (obj), TYPE_VERSATILE_I2C)
+
+typedef struct VersatileI2CState {
+ SysBusDevice parent_obj;
+
+ MemoryRegion iomem;
+ bitbang_i2c_interface *bitbang;
+ int out;
+ int in;
+} VersatileI2CState;
+
+static uint64_t versatile_i2c_read(void *opaque, hwaddr offset,
+ unsigned size)
+{
+ VersatileI2CState *s = (VersatileI2CState *)opaque;
+
+ if (offset == 0) {
+ return (s->out & 1) | (s->in << 1);
+ } else {
+ qemu_log_mask(LOG_GUEST_ERROR,
+ "%s: Bad offset 0x%x\n", __func__, (int)offset);
+ return -1;
+ }
+}
+
+static void versatile_i2c_write(void *opaque, hwaddr offset,
+ uint64_t value, unsigned size)
+{
+ VersatileI2CState *s = (VersatileI2CState *)opaque;
+
+ switch (offset) {
+ case 0:
+ s->out |= value & 3;
+ break;
+ case 4:
+ s->out &= ~value;
+ break;
+ default:
+ qemu_log_mask(LOG_GUEST_ERROR,
+ "%s: Bad offset 0x%x\n", __func__, (int)offset);
+ }
+ bitbang_i2c_set(s->bitbang, BITBANG_I2C_SCL, (s->out & 1) != 0);
+ s->in = bitbang_i2c_set(s->bitbang, BITBANG_I2C_SDA, (s->out & 2) != 0);
+}
+
+static const MemoryRegionOps versatile_i2c_ops = {
+ .read = versatile_i2c_read,
+ .write = versatile_i2c_write,
+ .endianness = DEVICE_NATIVE_ENDIAN,
+};
+
+static int versatile_i2c_init(SysBusDevice *sbd)
+{
+ DeviceState *dev = DEVICE(sbd);
+ VersatileI2CState *s = VERSATILE_I2C(dev);
+ i2c_bus *bus;
+
+ bus = i2c_init_bus(dev, "i2c");
+ s->bitbang = bitbang_i2c_init(bus);
+ memory_region_init_io(&s->iomem, OBJECT(s), &versatile_i2c_ops, s,
+ "versatile_i2c", 0x1000);
+ sysbus_init_mmio(sbd, &s->iomem);
+ return 0;
+}
+
+static void versatile_i2c_class_init(ObjectClass *klass, void *data)
+{
+ SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
+
+ k->init = versatile_i2c_init;
+}
+
+static const TypeInfo versatile_i2c_info = {
+ .name = TYPE_VERSATILE_I2C,
+ .parent = TYPE_SYS_BUS_DEVICE,
+ .instance_size = sizeof(VersatileI2CState),
+ .class_init = versatile_i2c_class_init,
+};
+
+static void versatile_i2c_register_types(void)
+{
+ type_register_static(&versatile_i2c_info);
+}
+
+type_init(versatile_i2c_register_types)
diff --git a/hw/i386/Makefile.objs b/hw/i386/Makefile.objs
index 0d3f6a8e8..45e61655e 100644
--- a/hw/i386/Makefile.objs
+++ b/hw/i386/Makefile.objs
@@ -1,16 +1,7 @@
-obj-y += mc146818rtc.o pc.o
-obj-y += apic_common.o apic.o kvmvapic.o
-obj-y += sga.o ioapic_common.o ioapic.o piix_pci.o
-obj-y += vmport.o
-obj-y += pci-hotplug.o smbios.o wdt_ib700.o
-obj-y += debugcon.o multiboot.o
-obj-y += pc_piix.o
+obj-$(CONFIG_KVM) += kvm/
+obj-y += multiboot.o smbios.o
+obj-y += pc.o pc_piix.o pc_q35.o
obj-y += pc_sysfw.o
-obj-y += lpc_ich9.o q35.o pc_q35.o
-obj-$(CONFIG_XEN) += xen_platform.o xen_apic.o
-obj-$(CONFIG_XEN_PCI_PASSTHROUGH) += xen-host-pci-device.o
-obj-$(CONFIG_XEN_PCI_PASSTHROUGH) += xen_pt.o xen_pt_config_init.o xen_pt_msi.o
-obj-y += kvm/
-obj-$(CONFIG_SPICE) += qxl.o qxl-logger.o qxl-render.o
+obj-$(CONFIG_XEN) += xen_domainbuild.o xen_machine_pv.o
-obj-y := $(addprefix ../,$(obj-y))
+obj-y += kvmvapic.o
diff --git a/hw/i386/kvm/Makefile.objs b/hw/i386/kvm/Makefile.objs
new file mode 100644
index 000000000..d8bce209b
--- /dev/null
+++ b/hw/i386/kvm/Makefile.objs
@@ -0,0 +1 @@
+obj-y += clock.o apic.o i8259.o ioapic.o i8254.o pci-assign.o
diff --git a/hw/i386/kvm/apic.c b/hw/i386/kvm/apic.c
new file mode 100644
index 000000000..179b806d9
--- /dev/null
+++ b/hw/i386/kvm/apic.c
@@ -0,0 +1,209 @@
+/*
+ * KVM in-kernel APIC support
+ *
+ * Copyright (c) 2011 Siemens AG
+ *
+ * Authors:
+ * Jan Kiszka <jan.kiszka@siemens.com>
+ *
+ * This work is licensed under the terms of the GNU GPL version 2.
+ * See the COPYING file in the top-level directory.
+ */
+#include "hw/i386/apic_internal.h"
+#include "hw/pci/msi.h"
+#include "sysemu/kvm.h"
+
+static inline void kvm_apic_set_reg(struct kvm_lapic_state *kapic,
+ int reg_id, uint32_t val)
+{
+ *((uint32_t *)(kapic->regs + (reg_id << 4))) = val;
+}
+
+static inline uint32_t kvm_apic_get_reg(struct kvm_lapic_state *kapic,
+ int reg_id)
+{
+ return *((uint32_t *)(kapic->regs + (reg_id << 4)));
+}
+
+void kvm_put_apic_state(DeviceState *d, struct kvm_lapic_state *kapic)
+{
+ APICCommonState *s = DO_UPCAST(APICCommonState, busdev.qdev, d);
+ int i;
+
+ memset(kapic, 0, sizeof(*kapic));
+ kvm_apic_set_reg(kapic, 0x2, s->id << 24);
+ kvm_apic_set_reg(kapic, 0x8, s->tpr);
+ kvm_apic_set_reg(kapic, 0xd, s->log_dest << 24);
+ kvm_apic_set_reg(kapic, 0xe, s->dest_mode << 28 | 0x0fffffff);
+ kvm_apic_set_reg(kapic, 0xf, s->spurious_vec);
+ for (i = 0; i < 8; i++) {
+ kvm_apic_set_reg(kapic, 0x10 + i, s->isr[i]);
+ kvm_apic_set_reg(kapic, 0x18 + i, s->tmr[i]);
+ kvm_apic_set_reg(kapic, 0x20 + i, s->irr[i]);
+ }
+ kvm_apic_set_reg(kapic, 0x28, s->esr);
+ kvm_apic_set_reg(kapic, 0x30, s->icr[0]);
+ kvm_apic_set_reg(kapic, 0x31, s->icr[1]);
+ for (i = 0; i < APIC_LVT_NB; i++) {
+ kvm_apic_set_reg(kapic, 0x32 + i, s->lvt[i]);
+ }
+ kvm_apic_set_reg(kapic, 0x38, s->initial_count);
+ kvm_apic_set_reg(kapic, 0x3e, s->divide_conf);
+}
+
+void kvm_get_apic_state(DeviceState *d, struct kvm_lapic_state *kapic)
+{
+ APICCommonState *s = DO_UPCAST(APICCommonState, busdev.qdev, d);
+ int i, v;
+
+ s->id = kvm_apic_get_reg(kapic, 0x2) >> 24;
+ s->tpr = kvm_apic_get_reg(kapic, 0x8);
+ s->arb_id = kvm_apic_get_reg(kapic, 0x9);
+ s->log_dest = kvm_apic_get_reg(kapic, 0xd) >> 24;
+ s->dest_mode = kvm_apic_get_reg(kapic, 0xe) >> 28;
+ s->spurious_vec = kvm_apic_get_reg(kapic, 0xf);
+ for (i = 0; i < 8; i++) {
+ s->isr[i] = kvm_apic_get_reg(kapic, 0x10 + i);
+ s->tmr[i] = kvm_apic_get_reg(kapic, 0x18 + i);
+ s->irr[i] = kvm_apic_get_reg(kapic, 0x20 + i);
+ }
+ s->esr = kvm_apic_get_reg(kapic, 0x28);
+ s->icr[0] = kvm_apic_get_reg(kapic, 0x30);
+ s->icr[1] = kvm_apic_get_reg(kapic, 0x31);
+ for (i = 0; i < APIC_LVT_NB; i++) {
+ s->lvt[i] = kvm_apic_get_reg(kapic, 0x32 + i);
+ }
+ s->initial_count = kvm_apic_get_reg(kapic, 0x38);
+ s->divide_conf = kvm_apic_get_reg(kapic, 0x3e);
+
+ v = (s->divide_conf & 3) | ((s->divide_conf >> 1) & 4);
+ s->count_shift = (v + 1) & 7;
+
+ s->initial_count_load_time = qemu_get_clock_ns(vm_clock);
+ apic_next_timer(s, s->initial_count_load_time);
+}
+
+static void kvm_apic_set_base(APICCommonState *s, uint64_t val)
+{
+ s->apicbase = val;
+}
+
+static void kvm_apic_set_tpr(APICCommonState *s, uint8_t val)
+{
+ s->tpr = (val & 0x0f) << 4;
+}
+
+static uint8_t kvm_apic_get_tpr(APICCommonState *s)
+{
+ return s->tpr >> 4;
+}
+
+static void kvm_apic_enable_tpr_reporting(APICCommonState *s, bool enable)
+{
+ struct kvm_tpr_access_ctl ctl = {
+ .enabled = enable
+ };
+
+ kvm_vcpu_ioctl(CPU(s->cpu), KVM_TPR_ACCESS_REPORTING, &ctl);
+}
+
+static void kvm_apic_vapic_base_update(APICCommonState *s)
+{
+ struct kvm_vapic_addr vapid_addr = {
+ .vapic_addr = s->vapic_paddr,
+ };
+ int ret;
+
+ ret = kvm_vcpu_ioctl(CPU(s->cpu), KVM_SET_VAPIC_ADDR, &vapid_addr);
+ if (ret < 0) {
+ fprintf(stderr, "KVM: setting VAPIC address failed (%s)\n",
+ strerror(-ret));
+ abort();
+ }
+}
+
+static void do_inject_external_nmi(void *data)
+{
+ APICCommonState *s = data;
+ CPUState *cpu = CPU(s->cpu);
+ uint32_t lvt;
+ int ret;
+
+ cpu_synchronize_state(cpu);
+
+ lvt = s->lvt[APIC_LVT_LINT1];
+ if (!(lvt & APIC_LVT_MASKED) && ((lvt >> 8) & 7) == APIC_DM_NMI) {
+ ret = kvm_vcpu_ioctl(cpu, KVM_NMI);
+ if (ret < 0) {
+ fprintf(stderr, "KVM: injection failed, NMI lost (%s)\n",
+ strerror(-ret));
+ }
+ }
+}
+
+static void kvm_apic_external_nmi(APICCommonState *s)
+{
+ run_on_cpu(CPU(s->cpu), do_inject_external_nmi, s);
+}
+
+static uint64_t kvm_apic_mem_read(void *opaque, hwaddr addr,
+ unsigned size)
+{
+ return ~(uint64_t)0;
+}
+
+static void kvm_apic_mem_write(void *opaque, hwaddr addr,
+ uint64_t data, unsigned size)
+{
+ MSIMessage msg = { .address = addr, .data = data };
+ int ret;
+
+ ret = kvm_irqchip_send_msi(kvm_state, msg);
+ if (ret < 0) {
+ fprintf(stderr, "KVM: injection failed, MSI lost (%s)\n",
+ strerror(-ret));
+ }
+}
+
+static const MemoryRegionOps kvm_apic_io_ops = {
+ .read = kvm_apic_mem_read,
+ .write = kvm_apic_mem_write,
+ .endianness = DEVICE_NATIVE_ENDIAN,
+};
+
+static void kvm_apic_init(APICCommonState *s)
+{
+ memory_region_init_io(&s->io_memory, NULL, &kvm_apic_io_ops, s, "kvm-apic-msi",
+ APIC_SPACE_SIZE);
+
+ if (kvm_has_gsi_routing()) {
+ msi_supported = true;
+ }
+}
+
+static void kvm_apic_class_init(ObjectClass *klass, void *data)
+{
+ APICCommonClass *k = APIC_COMMON_CLASS(klass);
+
+ k->init = kvm_apic_init;
+ k->set_base = kvm_apic_set_base;
+ k->set_tpr = kvm_apic_set_tpr;
+ k->get_tpr = kvm_apic_get_tpr;
+ k->enable_tpr_reporting = kvm_apic_enable_tpr_reporting;
+ k->vapic_base_update = kvm_apic_vapic_base_update;
+ k->external_nmi = kvm_apic_external_nmi;
+}
+
+static const TypeInfo kvm_apic_info = {
+ .name = "kvm-apic",
+ .parent = TYPE_APIC_COMMON,
+ .instance_size = sizeof(APICCommonState),
+ .class_init = kvm_apic_class_init,
+};
+
+static void kvm_apic_register_types(void)
+{
+ type_register_static(&kvm_apic_info);
+}
+
+type_init(kvm_apic_register_types)
diff --git a/hw/i386/kvm/clock.c b/hw/i386/kvm/clock.c
new file mode 100644
index 000000000..e89e2f768
--- /dev/null
+++ b/hw/i386/kvm/clock.c
@@ -0,0 +1,145 @@
+/*
+ * QEMU KVM support, paravirtual clock device
+ *
+ * Copyright (C) 2011 Siemens AG
+ *
+ * Authors:
+ * Jan Kiszka <jan.kiszka@siemens.com>
+ *
+ * This work is licensed under the terms of the GNU GPL version 2.
+ * See the COPYING file in the top-level directory.
+ *
+ * Contributions after 2012-01-13 are licensed under the terms of the
+ * GNU GPL, version 2 or (at your option) any later version.
+ */
+
+#include "qemu-common.h"
+#include "sysemu/sysemu.h"
+#include "sysemu/kvm.h"
+#include "hw/sysbus.h"
+#include "hw/kvm/clock.h"
+
+#include <linux/kvm.h>
+#include <linux/kvm_para.h>
+
+#define TYPE_KVM_CLOCK "kvmclock"
+#define KVM_CLOCK(obj) OBJECT_CHECK(KVMClockState, (obj), TYPE_KVM_CLOCK)
+
+typedef struct KVMClockState {
+ /*< private >*/
+ SysBusDevice busdev;
+ /*< public >*/
+
+ uint64_t clock;
+ bool clock_valid;
+} KVMClockState;
+
+
+static void kvmclock_vm_state_change(void *opaque, int running,
+ RunState state)
+{
+ KVMClockState *s = opaque;
+ CPUState *cpu = first_cpu;
+ int cap_clock_ctrl = kvm_check_extension(kvm_state, KVM_CAP_KVMCLOCK_CTRL);
+ int ret;
+
+ if (running) {
+ struct kvm_clock_data data;
+
+ s->clock_valid = false;
+
+ data.clock = s->clock;
+ data.flags = 0;
+ ret = kvm_vm_ioctl(kvm_state, KVM_SET_CLOCK, &data);
+ if (ret < 0) {
+ fprintf(stderr, "KVM_SET_CLOCK failed: %s\n", strerror(ret));
+ abort();
+ }
+
+ if (!cap_clock_ctrl) {
+ return;
+ }
+ for (cpu = first_cpu; cpu != NULL; cpu = cpu->next_cpu) {
+ ret = kvm_vcpu_ioctl(cpu, KVM_KVMCLOCK_CTRL, 0);
+ if (ret) {
+ if (ret != -EINVAL) {
+ fprintf(stderr, "%s: %s\n", __func__, strerror(-ret));
+ }
+ return;
+ }
+ }
+ } else {
+ struct kvm_clock_data data;
+ int ret;
+
+ if (s->clock_valid) {
+ return;
+ }
+ ret = kvm_vm_ioctl(kvm_state, KVM_GET_CLOCK, &data);
+ if (ret < 0) {
+ fprintf(stderr, "KVM_GET_CLOCK failed: %s\n", strerror(ret));
+ abort();
+ }
+ s->clock = data.clock;
+
+ /*
+ * If the VM is stopped, declare the clock state valid to
+ * avoid re-reading it on next vmsave (which would return
+ * a different value). Will be reset when the VM is continued.
+ */
+ s->clock_valid = true;
+ }
+}
+
+static void kvmclock_realize(DeviceState *dev, Error **errp)
+{
+ KVMClockState *s = KVM_CLOCK(dev);
+
+ qemu_add_vm_change_state_handler(kvmclock_vm_state_change, s);
+}
+
+static const VMStateDescription kvmclock_vmsd = {
+ .name = "kvmclock",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .minimum_version_id_old = 1,
+ .fields = (VMStateField[]) {
+ VMSTATE_UINT64(clock, KVMClockState),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+static void kvmclock_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+
+ dc->realize = kvmclock_realize;
+ dc->no_user = 1;
+ dc->vmsd = &kvmclock_vmsd;
+}
+
+static const TypeInfo kvmclock_info = {
+ .name = TYPE_KVM_CLOCK,
+ .parent = TYPE_SYS_BUS_DEVICE,
+ .instance_size = sizeof(KVMClockState),
+ .class_init = kvmclock_class_init,
+};
+
+/* Note: Must be called after VCPU initialization. */
+void kvmclock_create(void)
+{
+ X86CPU *cpu = X86_CPU(first_cpu);
+
+ if (kvm_enabled() &&
+ cpu->env.features[FEAT_KVM] & ((1ULL << KVM_FEATURE_CLOCKSOURCE) |
+ (1ULL << KVM_FEATURE_CLOCKSOURCE2))) {
+ sysbus_create_simple(TYPE_KVM_CLOCK, -1, NULL);
+ }
+}
+
+static void kvmclock_register_types(void)
+{
+ type_register_static(&kvmclock_info);
+}
+
+type_init(kvmclock_register_types)
diff --git a/hw/i386/kvm/i8254.c b/hw/i386/kvm/i8254.c
new file mode 100644
index 000000000..c1f40948f
--- /dev/null
+++ b/hw/i386/kvm/i8254.c
@@ -0,0 +1,336 @@
+/*
+ * KVM in-kernel PIT (i8254) support
+ *
+ * Copyright (c) 2003-2004 Fabrice Bellard
+ * Copyright (c) 2012 Jan Kiszka, Siemens AG
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+#include "qemu/timer.h"
+#include "sysemu/sysemu.h"
+#include "hw/timer/i8254.h"
+#include "hw/timer/i8254_internal.h"
+#include "sysemu/kvm.h"
+
+#define KVM_PIT_REINJECT_BIT 0
+
+#define CALIBRATION_ROUNDS 3
+
+#define KVM_PIT(obj) OBJECT_CHECK(KVMPITState, (obj), TYPE_KVM_I8254)
+#define KVM_PIT_CLASS(class) \
+ OBJECT_CLASS_CHECK(KVMPITClass, (class), TYPE_KVM_I8254)
+#define KVM_PIT_GET_CLASS(obj) \
+ OBJECT_GET_CLASS(KVMPITClass, (obj), TYPE_KVM_I8254)
+
+typedef struct KVMPITState {
+ PITCommonState parent_obj;
+
+ LostTickPolicy lost_tick_policy;
+ bool vm_stopped;
+ int64_t kernel_clock_offset;
+} KVMPITState;
+
+typedef struct KVMPITClass {
+ PITCommonClass parent_class;
+
+ DeviceRealize parent_realize;
+} KVMPITClass;
+
+static int64_t abs64(int64_t v)
+{
+ return v < 0 ? -v : v;
+}
+
+static void kvm_pit_update_clock_offset(KVMPITState *s)
+{
+ int64_t offset, clock_offset;
+ struct timespec ts;
+ int i;
+
+ /*
+ * Measure the delta between CLOCK_MONOTONIC, the base used for
+ * kvm_pit_channel_state::count_load_time, and vm_clock. Take the
+ * minimum of several samples to filter out scheduling noise.
+ */
+ clock_offset = INT64_MAX;
+ for (i = 0; i < CALIBRATION_ROUNDS; i++) {
+ offset = qemu_get_clock_ns(vm_clock);
+ clock_gettime(CLOCK_MONOTONIC, &ts);
+ offset -= ts.tv_nsec;
+ offset -= (int64_t)ts.tv_sec * 1000000000;
+ if (abs64(offset) < abs64(clock_offset)) {
+ clock_offset = offset;
+ }
+ }
+ s->kernel_clock_offset = clock_offset;
+}
+
+static void kvm_pit_get(PITCommonState *pit)
+{
+ KVMPITState *s = KVM_PIT(pit);
+ struct kvm_pit_state2 kpit;
+ struct kvm_pit_channel_state *kchan;
+ struct PITChannelState *sc;
+ int i, ret;
+
+ /* No need to re-read the state if VM is stopped. */
+ if (s->vm_stopped) {
+ return;
+ }
+
+ if (kvm_has_pit_state2()) {
+ ret = kvm_vm_ioctl(kvm_state, KVM_GET_PIT2, &kpit);
+ if (ret < 0) {
+ fprintf(stderr, "KVM_GET_PIT2 failed: %s\n", strerror(ret));
+ abort();
+ }
+ pit->channels[0].irq_disabled = kpit.flags & KVM_PIT_FLAGS_HPET_LEGACY;
+ } else {
+ /*
+ * kvm_pit_state2 is superset of kvm_pit_state struct,
+ * so we can use it for KVM_GET_PIT as well.
+ */
+ ret = kvm_vm_ioctl(kvm_state, KVM_GET_PIT, &kpit);
+ if (ret < 0) {
+ fprintf(stderr, "KVM_GET_PIT failed: %s\n", strerror(ret));
+ abort();
+ }
+ }
+ for (i = 0; i < 3; i++) {
+ kchan = &kpit.channels[i];
+ sc = &pit->channels[i];
+ sc->count = kchan->count;
+ sc->latched_count = kchan->latched_count;
+ sc->count_latched = kchan->count_latched;
+ sc->status_latched = kchan->status_latched;
+ sc->status = kchan->status;
+ sc->read_state = kchan->read_state;
+ sc->write_state = kchan->write_state;
+ sc->write_latch = kchan->write_latch;
+ sc->rw_mode = kchan->rw_mode;
+ sc->mode = kchan->mode;
+ sc->bcd = kchan->bcd;
+ sc->gate = kchan->gate;
+ sc->count_load_time = kchan->count_load_time + s->kernel_clock_offset;
+ }
+
+ sc = &pit->channels[0];
+ sc->next_transition_time =
+ pit_get_next_transition_time(sc, sc->count_load_time);
+}
+
+static void kvm_pit_put(PITCommonState *pit)
+{
+ KVMPITState *s = KVM_PIT(pit);
+ struct kvm_pit_state2 kpit;
+ struct kvm_pit_channel_state *kchan;
+ struct PITChannelState *sc;
+ int i, ret;
+
+ /* The offset keeps changing as long as the VM is stopped. */
+ if (s->vm_stopped) {
+ kvm_pit_update_clock_offset(s);
+ }
+
+ kpit.flags = pit->channels[0].irq_disabled ? KVM_PIT_FLAGS_HPET_LEGACY : 0;
+ for (i = 0; i < 3; i++) {
+ kchan = &kpit.channels[i];
+ sc = &pit->channels[i];
+ kchan->count = sc->count;
+ kchan->latched_count = sc->latched_count;
+ kchan->count_latched = sc->count_latched;
+ kchan->status_latched = sc->status_latched;
+ kchan->status = sc->status;
+ kchan->read_state = sc->read_state;
+ kchan->write_state = sc->write_state;
+ kchan->write_latch = sc->write_latch;
+ kchan->rw_mode = sc->rw_mode;
+ kchan->mode = sc->mode;
+ kchan->bcd = sc->bcd;
+ kchan->gate = sc->gate;
+ kchan->count_load_time = sc->count_load_time - s->kernel_clock_offset;
+ }
+
+ ret = kvm_vm_ioctl(kvm_state,
+ kvm_has_pit_state2() ? KVM_SET_PIT2 : KVM_SET_PIT,
+ &kpit);
+ if (ret < 0) {
+ fprintf(stderr, "%s failed: %s\n",
+ kvm_has_pit_state2() ? "KVM_SET_PIT2" : "KVM_SET_PIT",
+ strerror(ret));
+ abort();
+ }
+}
+
+static void kvm_pit_set_gate(PITCommonState *s, PITChannelState *sc, int val)
+{
+ kvm_pit_get(s);
+
+ switch (sc->mode) {
+ default:
+ case 0:
+ case 4:
+ /* XXX: just disable/enable counting */
+ break;
+ case 1:
+ case 2:
+ case 3:
+ case 5:
+ if (sc->gate < val) {
+ /* restart counting on rising edge */
+ sc->count_load_time = qemu_get_clock_ns(vm_clock);
+ }
+ break;
+ }
+ sc->gate = val;
+
+ kvm_pit_put(s);
+}
+
+static void kvm_pit_get_channel_info(PITCommonState *s, PITChannelState *sc,
+ PITChannelInfo *info)
+{
+ kvm_pit_get(s);
+
+ pit_get_channel_info_common(s, sc, info);
+}
+
+static void kvm_pit_reset(DeviceState *dev)
+{
+ PITCommonState *s = PIT_COMMON(dev);
+
+ pit_reset_common(s);
+
+ kvm_pit_put(s);
+}
+
+static void kvm_pit_irq_control(void *opaque, int n, int enable)
+{
+ PITCommonState *pit = opaque;
+ PITChannelState *s = &pit->channels[0];
+
+ kvm_pit_get(pit);
+
+ s->irq_disabled = !enable;
+
+ kvm_pit_put(pit);
+}
+
+static void kvm_pit_vm_state_change(void *opaque, int running,
+ RunState state)
+{
+ KVMPITState *s = opaque;
+
+ if (running) {
+ kvm_pit_update_clock_offset(s);
+ s->vm_stopped = false;
+ } else {
+ kvm_pit_update_clock_offset(s);
+ kvm_pit_get(PIT_COMMON(s));
+ s->vm_stopped = true;
+ }
+}
+
+static void kvm_pit_realizefn(DeviceState *dev, Error **errp)
+{
+ PITCommonState *pit = PIT_COMMON(dev);
+ KVMPITClass *kpc = KVM_PIT_GET_CLASS(dev);
+ KVMPITState *s = KVM_PIT(pit);
+ struct kvm_pit_config config = {
+ .flags = 0,
+ };
+ int ret;
+
+ if (kvm_check_extension(kvm_state, KVM_CAP_PIT2)) {
+ ret = kvm_vm_ioctl(kvm_state, KVM_CREATE_PIT2, &config);
+ } else {
+ ret = kvm_vm_ioctl(kvm_state, KVM_CREATE_PIT);
+ }
+ if (ret < 0) {
+ error_setg(errp, "Create kernel PIC irqchip failed: %s",
+ strerror(ret));
+ return;
+ }
+ switch (s->lost_tick_policy) {
+ case LOST_TICK_DELAY:
+ break; /* enabled by default */
+ case LOST_TICK_DISCARD:
+ if (kvm_check_extension(kvm_state, KVM_CAP_REINJECT_CONTROL)) {
+ struct kvm_reinject_control control = { .pit_reinject = 0 };
+
+ ret = kvm_vm_ioctl(kvm_state, KVM_REINJECT_CONTROL, &control);
+ if (ret < 0) {
+ error_setg(errp,
+ "Can't disable in-kernel PIT reinjection: %s",
+ strerror(ret));
+ return;
+ }
+ }
+ break;
+ default:
+ error_setg(errp, "Lost tick policy not supported.");
+ return;
+ }
+
+ memory_region_init_reservation(&pit->ioports, NULL, "kvm-pit", 4);
+
+ qdev_init_gpio_in(dev, kvm_pit_irq_control, 1);
+
+ qemu_add_vm_change_state_handler(kvm_pit_vm_state_change, s);
+
+ kpc->parent_realize(dev, errp);
+}
+
+static Property kvm_pit_properties[] = {
+ DEFINE_PROP_HEX32("iobase", PITCommonState, iobase, -1),
+ DEFINE_PROP_LOSTTICKPOLICY("lost_tick_policy", KVMPITState,
+ lost_tick_policy, LOST_TICK_DELAY),
+ DEFINE_PROP_END_OF_LIST(),
+};
+
+static void kvm_pit_class_init(ObjectClass *klass, void *data)
+{
+ KVMPITClass *kpc = KVM_PIT_CLASS(klass);
+ PITCommonClass *k = PIT_COMMON_CLASS(klass);
+ DeviceClass *dc = DEVICE_CLASS(klass);
+
+ kpc->parent_realize = dc->realize;
+ dc->realize = kvm_pit_realizefn;
+ k->set_channel_gate = kvm_pit_set_gate;
+ k->get_channel_info = kvm_pit_get_channel_info;
+ k->pre_save = kvm_pit_get;
+ k->post_load = kvm_pit_put;
+ dc->reset = kvm_pit_reset;
+ dc->props = kvm_pit_properties;
+}
+
+static const TypeInfo kvm_pit_info = {
+ .name = TYPE_KVM_I8254,
+ .parent = TYPE_PIT_COMMON,
+ .instance_size = sizeof(KVMPITState),
+ .class_init = kvm_pit_class_init,
+ .class_size = sizeof(KVMPITClass),
+};
+
+static void kvm_pit_register(void)
+{
+ type_register_static(&kvm_pit_info);
+}
+
+type_init(kvm_pit_register)
diff --git a/hw/i386/kvm/i8259.c b/hw/i386/kvm/i8259.c
new file mode 100644
index 000000000..53e3ca8c6
--- /dev/null
+++ b/hw/i386/kvm/i8259.c
@@ -0,0 +1,162 @@
+/*
+ * KVM in-kernel PIC (i8259) support
+ *
+ * Copyright (c) 2011 Siemens AG
+ *
+ * Authors:
+ * Jan Kiszka <jan.kiszka@siemens.com>
+ *
+ * This work is licensed under the terms of the GNU GPL version 2.
+ * See the COPYING file in the top-level directory.
+ */
+#include "hw/isa/i8259_internal.h"
+#include "hw/i386/apic_internal.h"
+#include "sysemu/kvm.h"
+
+#define TYPE_KVM_I8259 "kvm-i8259"
+#define KVM_PIC_CLASS(class) \
+ OBJECT_CLASS_CHECK(KVMPICClass, (class), TYPE_KVM_I8259)
+#define KVM_PIC_GET_CLASS(obj) \
+ OBJECT_GET_CLASS(KVMPICClass, (obj), TYPE_KVM_I8259)
+
+/**
+ * KVMPICClass:
+ * @parent_realize: The parent's realizefn.
+ */
+typedef struct KVMPICClass {
+ PICCommonClass parent_class;
+
+ DeviceRealize parent_realize;
+} KVMPICClass;
+
+static void kvm_pic_get(PICCommonState *s)
+{
+ struct kvm_irqchip chip;
+ struct kvm_pic_state *kpic;
+ int ret;
+
+ chip.chip_id = s->master ? KVM_IRQCHIP_PIC_MASTER : KVM_IRQCHIP_PIC_SLAVE;
+ ret = kvm_vm_ioctl(kvm_state, KVM_GET_IRQCHIP, &chip);
+ if (ret < 0) {
+ fprintf(stderr, "KVM_GET_IRQCHIP failed: %s\n", strerror(ret));
+ abort();
+ }
+
+ kpic = &chip.chip.pic;
+
+ s->last_irr = kpic->last_irr;
+ s->irr = kpic->irr;
+ s->imr = kpic->imr;
+ s->isr = kpic->isr;
+ s->priority_add = kpic->priority_add;
+ s->irq_base = kpic->irq_base;
+ s->read_reg_select = kpic->read_reg_select;
+ s->poll = kpic->poll;
+ s->special_mask = kpic->special_mask;
+ s->init_state = kpic->init_state;
+ s->auto_eoi = kpic->auto_eoi;
+ s->rotate_on_auto_eoi = kpic->rotate_on_auto_eoi;
+ s->special_fully_nested_mode = kpic->special_fully_nested_mode;
+ s->init4 = kpic->init4;
+ s->elcr = kpic->elcr;
+ s->elcr_mask = kpic->elcr_mask;
+}
+
+static void kvm_pic_put(PICCommonState *s)
+{
+ struct kvm_irqchip chip;
+ struct kvm_pic_state *kpic;
+ int ret;
+
+ chip.chip_id = s->master ? KVM_IRQCHIP_PIC_MASTER : KVM_IRQCHIP_PIC_SLAVE;
+
+ kpic = &chip.chip.pic;
+
+ kpic->last_irr = s->last_irr;
+ kpic->irr = s->irr;
+ kpic->imr = s->imr;
+ kpic->isr = s->isr;
+ kpic->priority_add = s->priority_add;
+ kpic->irq_base = s->irq_base;
+ kpic->read_reg_select = s->read_reg_select;
+ kpic->poll = s->poll;
+ kpic->special_mask = s->special_mask;
+ kpic->init_state = s->init_state;
+ kpic->auto_eoi = s->auto_eoi;
+ kpic->rotate_on_auto_eoi = s->rotate_on_auto_eoi;
+ kpic->special_fully_nested_mode = s->special_fully_nested_mode;
+ kpic->init4 = s->init4;
+ kpic->elcr = s->elcr;
+ kpic->elcr_mask = s->elcr_mask;
+
+ ret = kvm_vm_ioctl(kvm_state, KVM_SET_IRQCHIP, &chip);
+ if (ret < 0) {
+ fprintf(stderr, "KVM_GET_IRQCHIP failed: %s\n", strerror(ret));
+ abort();
+ }
+}
+
+static void kvm_pic_reset(DeviceState *dev)
+{
+ PICCommonState *s = PIC_COMMON(dev);
+
+ s->elcr = 0;
+ pic_reset_common(s);
+
+ kvm_pic_put(s);
+}
+
+static void kvm_pic_set_irq(void *opaque, int irq, int level)
+{
+ int delivered;
+
+ delivered = kvm_set_irq(kvm_state, irq, level);
+ apic_report_irq_delivered(delivered);
+}
+
+static void kvm_pic_realize(DeviceState *dev, Error **errp)
+{
+ PICCommonState *s = PIC_COMMON(dev);
+ KVMPICClass *kpc = KVM_PIC_GET_CLASS(dev);
+
+ memory_region_init_reservation(&s->base_io, NULL, "kvm-pic", 2);
+ memory_region_init_reservation(&s->elcr_io, NULL, "kvm-elcr", 1);
+
+ kpc->parent_realize(dev, errp);
+}
+
+qemu_irq *kvm_i8259_init(ISABus *bus)
+{
+ i8259_init_chip(TYPE_KVM_I8259, bus, true);
+ i8259_init_chip(TYPE_KVM_I8259, bus, false);
+
+ return qemu_allocate_irqs(kvm_pic_set_irq, NULL, ISA_NUM_IRQS);
+}
+
+static void kvm_i8259_class_init(ObjectClass *klass, void *data)
+{
+ KVMPICClass *kpc = KVM_PIC_CLASS(klass);
+ PICCommonClass *k = PIC_COMMON_CLASS(klass);
+ DeviceClass *dc = DEVICE_CLASS(klass);
+
+ dc->reset = kvm_pic_reset;
+ kpc->parent_realize = dc->realize;
+ dc->realize = kvm_pic_realize;
+ k->pre_save = kvm_pic_get;
+ k->post_load = kvm_pic_put;
+}
+
+static const TypeInfo kvm_i8259_info = {
+ .name = TYPE_KVM_I8259,
+ .parent = TYPE_PIC_COMMON,
+ .instance_size = sizeof(PICCommonState),
+ .class_init = kvm_i8259_class_init,
+ .class_size = sizeof(KVMPICClass),
+};
+
+static void kvm_pic_register_types(void)
+{
+ type_register_static(&kvm_i8259_info);
+}
+
+type_init(kvm_pic_register_types)
diff --git a/hw/i386/kvm/ioapic.c b/hw/i386/kvm/ioapic.c
new file mode 100644
index 000000000..f11a54082
--- /dev/null
+++ b/hw/i386/kvm/ioapic.c
@@ -0,0 +1,166 @@
+/*
+ * KVM in-kernel IOPIC support
+ *
+ * Copyright (c) 2011 Siemens AG
+ *
+ * Authors:
+ * Jan Kiszka <jan.kiszka@siemens.com>
+ *
+ * This work is licensed under the terms of the GNU GPL version 2.
+ * See the COPYING file in the top-level directory.
+ */
+
+#include "hw/i386/pc.h"
+#include "hw/i386/ioapic_internal.h"
+#include "hw/i386/apic_internal.h"
+#include "sysemu/kvm.h"
+
+/* PC Utility function */
+void kvm_pc_setup_irq_routing(bool pci_enabled)
+{
+ KVMState *s = kvm_state;
+ int i;
+
+ if (kvm_check_extension(s, KVM_CAP_IRQ_ROUTING)) {
+ for (i = 0; i < 8; ++i) {
+ if (i == 2) {
+ continue;
+ }
+ kvm_irqchip_add_irq_route(s, i, KVM_IRQCHIP_PIC_MASTER, i);
+ }
+ for (i = 8; i < 16; ++i) {
+ kvm_irqchip_add_irq_route(s, i, KVM_IRQCHIP_PIC_SLAVE, i - 8);
+ }
+ if (pci_enabled) {
+ for (i = 0; i < 24; ++i) {
+ if (i == 0) {
+ kvm_irqchip_add_irq_route(s, i, KVM_IRQCHIP_IOAPIC, 2);
+ } else if (i != 2) {
+ kvm_irqchip_add_irq_route(s, i, KVM_IRQCHIP_IOAPIC, i);
+ }
+ }
+ }
+ kvm_irqchip_commit_routes(s);
+ }
+}
+
+void kvm_pc_gsi_handler(void *opaque, int n, int level)
+{
+ GSIState *s = opaque;
+
+ if (n < ISA_NUM_IRQS) {
+ /* Kernel will forward to both PIC and IOAPIC */
+ qemu_set_irq(s->i8259_irq[n], level);
+ } else {
+ qemu_set_irq(s->ioapic_irq[n], level);
+ }
+}
+
+typedef struct KVMIOAPICState KVMIOAPICState;
+
+struct KVMIOAPICState {
+ IOAPICCommonState ioapic;
+ uint32_t kvm_gsi_base;
+};
+
+static void kvm_ioapic_get(IOAPICCommonState *s)
+{
+ struct kvm_irqchip chip;
+ struct kvm_ioapic_state *kioapic;
+ int ret, i;
+
+ chip.chip_id = KVM_IRQCHIP_IOAPIC;
+ ret = kvm_vm_ioctl(kvm_state, KVM_GET_IRQCHIP, &chip);
+ if (ret < 0) {
+ fprintf(stderr, "KVM_GET_IRQCHIP failed: %s\n", strerror(ret));
+ abort();
+ }
+
+ kioapic = &chip.chip.ioapic;
+
+ s->id = kioapic->id;
+ s->ioregsel = kioapic->ioregsel;
+ s->irr = kioapic->irr;
+ for (i = 0; i < IOAPIC_NUM_PINS; i++) {
+ s->ioredtbl[i] = kioapic->redirtbl[i].bits;
+ }
+}
+
+static void kvm_ioapic_put(IOAPICCommonState *s)
+{
+ struct kvm_irqchip chip;
+ struct kvm_ioapic_state *kioapic;
+ int ret, i;
+
+ chip.chip_id = KVM_IRQCHIP_IOAPIC;
+ kioapic = &chip.chip.ioapic;
+
+ kioapic->id = s->id;
+ kioapic->ioregsel = s->ioregsel;
+ kioapic->base_address = s->busdev.mmio[0].addr;
+ kioapic->irr = s->irr;
+ for (i = 0; i < IOAPIC_NUM_PINS; i++) {
+ kioapic->redirtbl[i].bits = s->ioredtbl[i];
+ }
+
+ ret = kvm_vm_ioctl(kvm_state, KVM_SET_IRQCHIP, &chip);
+ if (ret < 0) {
+ fprintf(stderr, "KVM_GET_IRQCHIP failed: %s\n", strerror(ret));
+ abort();
+ }
+}
+
+static void kvm_ioapic_reset(DeviceState *dev)
+{
+ IOAPICCommonState *s = IOAPIC_COMMON(dev);
+
+ ioapic_reset_common(dev);
+ kvm_ioapic_put(s);
+}
+
+static void kvm_ioapic_set_irq(void *opaque, int irq, int level)
+{
+ KVMIOAPICState *s = opaque;
+ int delivered;
+
+ delivered = kvm_set_irq(kvm_state, s->kvm_gsi_base + irq, level);
+ apic_report_irq_delivered(delivered);
+}
+
+static void kvm_ioapic_init(IOAPICCommonState *s, int instance_no)
+{
+ memory_region_init_reservation(&s->io_memory, NULL, "kvm-ioapic", 0x1000);
+
+ qdev_init_gpio_in(DEVICE(s), kvm_ioapic_set_irq, IOAPIC_NUM_PINS);
+}
+
+static Property kvm_ioapic_properties[] = {
+ DEFINE_PROP_UINT32("gsi_base", KVMIOAPICState, kvm_gsi_base, 0),
+ DEFINE_PROP_END_OF_LIST()
+};
+
+static void kvm_ioapic_class_init(ObjectClass *klass, void *data)
+{
+ IOAPICCommonClass *k = IOAPIC_COMMON_CLASS(klass);
+ DeviceClass *dc = DEVICE_CLASS(klass);
+
+ k->init = kvm_ioapic_init;
+ k->pre_save = kvm_ioapic_get;
+ k->post_load = kvm_ioapic_put;
+ dc->reset = kvm_ioapic_reset;
+ dc->props = kvm_ioapic_properties;
+}
+
+static const TypeInfo kvm_ioapic_info = {
+ .name = "kvm-ioapic",
+ .parent = TYPE_IOAPIC_COMMON,
+ .instance_size = sizeof(KVMIOAPICState),
+ .class_init = kvm_ioapic_class_init,
+};
+
+static void kvm_ioapic_register_types(void)
+{
+ type_register_static(&kvm_ioapic_info);
+}
+
+type_init(kvm_ioapic_register_types)
diff --git a/hw/i386/kvm/pci-assign.c b/hw/i386/kvm/pci-assign.c
new file mode 100644
index 000000000..5618173cc
--- /dev/null
+++ b/hw/i386/kvm/pci-assign.c
@@ -0,0 +1,1946 @@
+/*
+ * Copyright (c) 2007, Neocleus Corporation.
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2. See
+ * the COPYING file in the top-level directory.
+ *
+ *
+ * Assign a PCI device from the host to a guest VM.
+ *
+ * This implementation uses the classic device assignment interface of KVM
+ * and is only available on x86 hosts. It is expected to be obsoleted by VFIO
+ * based device assignment.
+ *
+ * Adapted for KVM (qemu-kvm) by Qumranet. QEMU version was based on qemu-kvm
+ * revision 4144fe9d48. See its repository for the history.
+ *
+ * Copyright (c) 2007, Neocleus, Alex Novik (alex@neocleus.com)
+ * Copyright (c) 2007, Neocleus, Guy Zana (guy@neocleus.com)
+ * Copyright (C) 2008, Qumranet, Amit Shah (amit.shah@qumranet.com)
+ * Copyright (C) 2008, Red Hat, Amit Shah (amit.shah@redhat.com)
+ * Copyright (C) 2008, IBM, Muli Ben-Yehuda (muli@il.ibm.com)
+ */
+#include <stdio.h>
+#include <unistd.h>
+#include <sys/io.h>
+#include <sys/mman.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include "hw/hw.h"
+#include "hw/i386/pc.h"
+#include "qemu/error-report.h"
+#include "ui/console.h"
+#include "hw/loader.h"
+#include "monitor/monitor.h"
+#include "qemu/range.h"
+#include "sysemu/sysemu.h"
+#include "hw/pci/pci.h"
+#include "hw/pci/msi.h"
+#include "kvm_i386.h"
+
+#define MSIX_PAGE_SIZE 0x1000
+
+/* From linux/ioport.h */
+#define IORESOURCE_IO 0x00000100 /* Resource type */
+#define IORESOURCE_MEM 0x00000200
+#define IORESOURCE_IRQ 0x00000400
+#define IORESOURCE_DMA 0x00000800
+#define IORESOURCE_PREFETCH 0x00002000 /* No side effects */
+#define IORESOURCE_MEM_64 0x00100000
+
+//#define DEVICE_ASSIGNMENT_DEBUG
+
+#ifdef DEVICE_ASSIGNMENT_DEBUG
+#define DEBUG(fmt, ...) \
+ do { \
+ fprintf(stderr, "%s: " fmt, __func__ , __VA_ARGS__); \
+ } while (0)
+#else
+#define DEBUG(fmt, ...)
+#endif
+
+typedef struct PCIRegion {
+ int type; /* Memory or port I/O */
+ int valid;
+ uint64_t base_addr;
+ uint64_t size; /* size of the region */
+ int resource_fd;
+} PCIRegion;
+
+typedef struct PCIDevRegions {
+ uint8_t bus, dev, func; /* Bus inside domain, device and function */
+ int irq; /* IRQ number */
+ uint16_t region_number; /* number of active regions */
+
+ /* Port I/O or MMIO Regions */
+ PCIRegion regions[PCI_NUM_REGIONS - 1];
+ int config_fd;
+} PCIDevRegions;
+
+typedef struct AssignedDevRegion {
+ MemoryRegion container;
+ MemoryRegion real_iomem;
+ union {
+ uint8_t *r_virtbase; /* mmapped access address for memory regions */
+ uint32_t r_baseport; /* the base guest port for I/O regions */
+ } u;
+ pcibus_t e_size; /* emulated size of region in bytes */
+ pcibus_t r_size; /* real size of region in bytes */
+ PCIRegion *region;
+} AssignedDevRegion;
+
+#define ASSIGNED_DEVICE_PREFER_MSI_BIT 0
+#define ASSIGNED_DEVICE_SHARE_INTX_BIT 1
+
+#define ASSIGNED_DEVICE_PREFER_MSI_MASK (1 << ASSIGNED_DEVICE_PREFER_MSI_BIT)
+#define ASSIGNED_DEVICE_SHARE_INTX_MASK (1 << ASSIGNED_DEVICE_SHARE_INTX_BIT)
+
+typedef struct MSIXTableEntry {
+ uint32_t addr_lo;
+ uint32_t addr_hi;
+ uint32_t data;
+ uint32_t ctrl;
+} MSIXTableEntry;
+
+typedef enum AssignedIRQType {
+ ASSIGNED_IRQ_NONE = 0,
+ ASSIGNED_IRQ_INTX_HOST_INTX,
+ ASSIGNED_IRQ_INTX_HOST_MSI,
+ ASSIGNED_IRQ_MSI,
+ ASSIGNED_IRQ_MSIX
+} AssignedIRQType;
+
+typedef struct AssignedDevice {
+ PCIDevice dev;
+ PCIHostDeviceAddress host;
+ uint32_t dev_id;
+ uint32_t features;
+ int intpin;
+ AssignedDevRegion v_addrs[PCI_NUM_REGIONS - 1];
+ PCIDevRegions real_device;
+ PCIINTxRoute intx_route;
+ AssignedIRQType assigned_irq_type;
+ struct {
+#define ASSIGNED_DEVICE_CAP_MSI (1 << 0)
+#define ASSIGNED_DEVICE_CAP_MSIX (1 << 1)
+ uint32_t available;
+#define ASSIGNED_DEVICE_MSI_ENABLED (1 << 0)
+#define ASSIGNED_DEVICE_MSIX_ENABLED (1 << 1)
+#define ASSIGNED_DEVICE_MSIX_MASKED (1 << 2)
+ uint32_t state;
+ } cap;
+ uint8_t emulate_config_read[PCI_CONFIG_SPACE_SIZE];
+ uint8_t emulate_config_write[PCI_CONFIG_SPACE_SIZE];
+ int msi_virq_nr;
+ int *msi_virq;
+ MSIXTableEntry *msix_table;
+ hwaddr msix_table_addr;
+ uint16_t msix_max;
+ MemoryRegion mmio;
+ char *configfd_name;
+ int32_t bootindex;
+} AssignedDevice;
+
+static void assigned_dev_update_irq_routing(PCIDevice *dev);
+
+static void assigned_dev_load_option_rom(AssignedDevice *dev);
+
+static void assigned_dev_unregister_msix_mmio(AssignedDevice *dev);
+
+static uint64_t assigned_dev_ioport_rw(AssignedDevRegion *dev_region,
+ hwaddr addr, int size,
+ uint64_t *data)
+{
+ uint64_t val = 0;
+ int fd = dev_region->region->resource_fd;
+
+ if (fd >= 0) {
+ if (data) {
+ DEBUG("pwrite data=%" PRIx64 ", size=%d, e_phys=" TARGET_FMT_plx
+ ", addr="TARGET_FMT_plx"\n", *data, size, addr, addr);
+ if (pwrite(fd, data, size, addr) != size) {
+ error_report("%s - pwrite failed %s",
+ __func__, strerror(errno));
+ }
+ } else {
+ if (pread(fd, &val, size, addr) != size) {
+ error_report("%s - pread failed %s",
+ __func__, strerror(errno));
+ val = (1UL << (size * 8)) - 1;
+ }
+ DEBUG("pread val=%" PRIx64 ", size=%d, e_phys=" TARGET_FMT_plx
+ ", addr=" TARGET_FMT_plx "\n", val, size, addr, addr);
+ }
+ } else {
+ uint32_t port = addr + dev_region->u.r_baseport;
+
+ if (data) {
+ DEBUG("out data=%" PRIx64 ", size=%d, e_phys=" TARGET_FMT_plx
+ ", host=%x\n", *data, size, addr, port);
+ switch (size) {
+ case 1:
+ outb(*data, port);
+ break;
+ case 2:
+ outw(*data, port);
+ break;
+ case 4:
+ outl(*data, port);
+ break;
+ }
+ } else {
+ switch (size) {
+ case 1:
+ val = inb(port);
+ break;
+ case 2:
+ val = inw(port);
+ break;
+ case 4:
+ val = inl(port);
+ break;
+ }
+ DEBUG("in data=%" PRIx64 ", size=%d, e_phys=" TARGET_FMT_plx
+ ", host=%x\n", val, size, addr, port);
+ }
+ }
+ return val;
+}
+
+static void assigned_dev_ioport_write(void *opaque, hwaddr addr,
+ uint64_t data, unsigned size)
+{
+ assigned_dev_ioport_rw(opaque, addr, size, &data);
+}
+
+static uint64_t assigned_dev_ioport_read(void *opaque,
+ hwaddr addr, unsigned size)
+{
+ return assigned_dev_ioport_rw(opaque, addr, size, NULL);
+}
+
+static uint32_t slow_bar_readb(void *opaque, hwaddr addr)
+{
+ AssignedDevRegion *d = opaque;
+ uint8_t *in = d->u.r_virtbase + addr;
+ uint32_t r;
+
+ r = *in;
+ DEBUG("addr=0x" TARGET_FMT_plx " val=0x%08x\n", addr, r);
+
+ return r;
+}
+
+static uint32_t slow_bar_readw(void *opaque, hwaddr addr)
+{
+ AssignedDevRegion *d = opaque;
+ uint16_t *in = (uint16_t *)(d->u.r_virtbase + addr);
+ uint32_t r;
+
+ r = *in;
+ DEBUG("addr=0x" TARGET_FMT_plx " val=0x%08x\n", addr, r);
+
+ return r;
+}
+
+static uint32_t slow_bar_readl(void *opaque, hwaddr addr)
+{
+ AssignedDevRegion *d = opaque;
+ uint32_t *in = (uint32_t *)(d->u.r_virtbase + addr);
+ uint32_t r;
+
+ r = *in;
+ DEBUG("addr=0x" TARGET_FMT_plx " val=0x%08x\n", addr, r);
+
+ return r;
+}
+
+static void slow_bar_writeb(void *opaque, hwaddr addr, uint32_t val)
+{
+ AssignedDevRegion *d = opaque;
+ uint8_t *out = d->u.r_virtbase + addr;
+
+ DEBUG("addr=0x" TARGET_FMT_plx " val=0x%02x\n", addr, val);
+ *out = val;
+}
+
+static void slow_bar_writew(void *opaque, hwaddr addr, uint32_t val)
+{
+ AssignedDevRegion *d = opaque;
+ uint16_t *out = (uint16_t *)(d->u.r_virtbase + addr);
+
+ DEBUG("addr=0x" TARGET_FMT_plx " val=0x%04x\n", addr, val);
+ *out = val;
+}
+
+static void slow_bar_writel(void *opaque, hwaddr addr, uint32_t val)
+{
+ AssignedDevRegion *d = opaque;
+ uint32_t *out = (uint32_t *)(d->u.r_virtbase + addr);
+
+ DEBUG("addr=0x" TARGET_FMT_plx " val=0x%08x\n", addr, val);
+ *out = val;
+}
+
+static const MemoryRegionOps slow_bar_ops = {
+ .old_mmio = {
+ .read = { slow_bar_readb, slow_bar_readw, slow_bar_readl, },
+ .write = { slow_bar_writeb, slow_bar_writew, slow_bar_writel, },
+ },
+ .endianness = DEVICE_NATIVE_ENDIAN,
+};
+
+static void assigned_dev_iomem_setup(PCIDevice *pci_dev, int region_num,
+ pcibus_t e_size)
+{
+ AssignedDevice *r_dev = DO_UPCAST(AssignedDevice, dev, pci_dev);
+ AssignedDevRegion *region = &r_dev->v_addrs[region_num];
+ PCIRegion *real_region = &r_dev->real_device.regions[region_num];
+
+ if (e_size > 0) {
+ memory_region_init(&region->container, OBJECT(pci_dev),
+ "assigned-dev-container", e_size);
+ memory_region_add_subregion(&region->container, 0, &region->real_iomem);
+
+ /* deal with MSI-X MMIO page */
+ if (real_region->base_addr <= r_dev->msix_table_addr &&
+ real_region->base_addr + real_region->size >
+ r_dev->msix_table_addr) {
+ uint64_t offset = r_dev->msix_table_addr - real_region->base_addr;
+
+ memory_region_add_subregion_overlap(&region->container,
+ offset,
+ &r_dev->mmio,
+ 1);
+ }
+ }
+}
+
+static const MemoryRegionOps assigned_dev_ioport_ops = {
+ .read = assigned_dev_ioport_read,
+ .write = assigned_dev_ioport_write,
+ .endianness = DEVICE_NATIVE_ENDIAN,
+};
+
+static void assigned_dev_ioport_setup(PCIDevice *pci_dev, int region_num,
+ pcibus_t size)
+{
+ AssignedDevice *r_dev = DO_UPCAST(AssignedDevice, dev, pci_dev);
+ AssignedDevRegion *region = &r_dev->v_addrs[region_num];
+
+ region->e_size = size;
+ memory_region_init(&region->container, OBJECT(pci_dev),
+ "assigned-dev-container", size);
+ memory_region_init_io(&region->real_iomem, OBJECT(pci_dev),
+ &assigned_dev_ioport_ops, r_dev->v_addrs + region_num,
+ "assigned-dev-iomem", size);
+ memory_region_add_subregion(&region->container, 0, &region->real_iomem);
+}
+
+static uint32_t assigned_dev_pci_read(PCIDevice *d, int pos, int len)
+{
+ AssignedDevice *pci_dev = DO_UPCAST(AssignedDevice, dev, d);
+ uint32_t val;
+ ssize_t ret;
+ int fd = pci_dev->real_device.config_fd;
+
+again:
+ ret = pread(fd, &val, len, pos);
+ if (ret != len) {
+ if ((ret < 0) && (errno == EINTR || errno == EAGAIN)) {
+ goto again;
+ }
+
+ hw_error("pci read failed, ret = %zd errno = %d\n", ret, errno);
+ }
+
+ return val;
+}
+
+static uint8_t assigned_dev_pci_read_byte(PCIDevice *d, int pos)
+{
+ return (uint8_t)assigned_dev_pci_read(d, pos, 1);
+}
+
+static void assigned_dev_pci_write(PCIDevice *d, int pos, uint32_t val, int len)
+{
+ AssignedDevice *pci_dev = DO_UPCAST(AssignedDevice, dev, d);
+ ssize_t ret;
+ int fd = pci_dev->real_device.config_fd;
+
+again:
+ ret = pwrite(fd, &val, len, pos);
+ if (ret != len) {
+ if ((ret < 0) && (errno == EINTR || errno == EAGAIN)) {
+ goto again;
+ }
+
+ hw_error("pci write failed, ret = %zd errno = %d\n", ret, errno);
+ }
+}
+
+static void assigned_dev_emulate_config_read(AssignedDevice *dev,
+ uint32_t offset, uint32_t len)
+{
+ memset(dev->emulate_config_read + offset, 0xff, len);
+}
+
+static void assigned_dev_direct_config_read(AssignedDevice *dev,
+ uint32_t offset, uint32_t len)
+{
+ memset(dev->emulate_config_read + offset, 0, len);
+}
+
+static void assigned_dev_direct_config_write(AssignedDevice *dev,
+ uint32_t offset, uint32_t len)
+{
+ memset(dev->emulate_config_write + offset, 0, len);
+}
+
+static uint8_t pci_find_cap_offset(PCIDevice *d, uint8_t cap, uint8_t start)
+{
+ int id;
+ int max_cap = 48;
+ int pos = start ? start : PCI_CAPABILITY_LIST;
+ int status;
+
+ status = assigned_dev_pci_read_byte(d, PCI_STATUS);
+ if ((status & PCI_STATUS_CAP_LIST) == 0) {
+ return 0;
+ }
+
+ while (max_cap--) {
+ pos = assigned_dev_pci_read_byte(d, pos);
+ if (pos < 0x40) {
+ break;
+ }
+
+ pos &= ~3;
+ id = assigned_dev_pci_read_byte(d, pos + PCI_CAP_LIST_ID);
+
+ if (id == 0xff) {
+ break;
+ }
+ if (id == cap) {
+ return pos;
+ }
+
+ pos += PCI_CAP_LIST_NEXT;
+ }
+ return 0;
+}
+
+static int assigned_dev_register_regions(PCIRegion *io_regions,
+ unsigned long regions_num,
+ AssignedDevice *pci_dev)
+{
+ uint32_t i;
+ PCIRegion *cur_region = io_regions;
+
+ for (i = 0; i < regions_num; i++, cur_region++) {
+ if (!cur_region->valid) {
+ continue;
+ }
+
+ /* handle memory io regions */
+ if (cur_region->type & IORESOURCE_MEM) {
+ int t = PCI_BASE_ADDRESS_SPACE_MEMORY;
+ if (cur_region->type & IORESOURCE_PREFETCH) {
+ t |= PCI_BASE_ADDRESS_MEM_PREFETCH;
+ }
+ if (cur_region->type & IORESOURCE_MEM_64) {
+ t |= PCI_BASE_ADDRESS_MEM_TYPE_64;
+ }
+
+ /* map physical memory */
+ pci_dev->v_addrs[i].u.r_virtbase = mmap(NULL, cur_region->size,
+ PROT_WRITE | PROT_READ,
+ MAP_SHARED,
+ cur_region->resource_fd,
+ (off_t)0);
+
+ if (pci_dev->v_addrs[i].u.r_virtbase == MAP_FAILED) {
+ pci_dev->v_addrs[i].u.r_virtbase = NULL;
+ error_report("%s: Error: Couldn't mmap 0x%" PRIx64 "!",
+ __func__, cur_region->base_addr);
+ return -1;
+ }
+
+ pci_dev->v_addrs[i].r_size = cur_region->size;
+ pci_dev->v_addrs[i].e_size = 0;
+
+ /* add offset */
+ pci_dev->v_addrs[i].u.r_virtbase +=
+ (cur_region->base_addr & 0xFFF);
+
+ if (cur_region->size & 0xFFF) {
+ error_report("PCI region %d at address 0x%" PRIx64 " has "
+ "size 0x%" PRIx64 ", which is not a multiple of "
+ "4K. You might experience some performance hit "
+ "due to that.",
+ i, cur_region->base_addr, cur_region->size);
+ memory_region_init_io(&pci_dev->v_addrs[i].real_iomem,
+ OBJECT(pci_dev), &slow_bar_ops,
+ &pci_dev->v_addrs[i],
+ "assigned-dev-slow-bar",
+ cur_region->size);
+ } else {
+ void *virtbase = pci_dev->v_addrs[i].u.r_virtbase;
+ char name[32];
+ snprintf(name, sizeof(name), "%s.bar%d",
+ object_get_typename(OBJECT(pci_dev)), i);
+ memory_region_init_ram_ptr(&pci_dev->v_addrs[i].real_iomem,
+ OBJECT(pci_dev), name,
+ cur_region->size, virtbase);
+ vmstate_register_ram(&pci_dev->v_addrs[i].real_iomem,
+ &pci_dev->dev.qdev);
+ }
+
+ assigned_dev_iomem_setup(&pci_dev->dev, i, cur_region->size);
+ pci_register_bar((PCIDevice *) pci_dev, i, t,
+ &pci_dev->v_addrs[i].container);
+ continue;
+ } else {
+ /* handle port io regions */
+ uint32_t val;
+ int ret;
+
+ /* Test kernel support for ioport resource read/write. Old
+ * kernels return EIO. New kernels only allow 1/2/4 byte reads
+ * so should return EINVAL for a 3 byte read */
+ ret = pread(pci_dev->v_addrs[i].region->resource_fd, &val, 3, 0);
+ if (ret >= 0) {
+ error_report("Unexpected return from I/O port read: %d", ret);
+ abort();
+ } else if (errno != EINVAL) {
+ error_report("Kernel doesn't support ioport resource "
+ "access, hiding this region.");
+ close(pci_dev->v_addrs[i].region->resource_fd);
+ cur_region->valid = 0;
+ continue;
+ }
+
+ pci_dev->v_addrs[i].u.r_baseport = cur_region->base_addr;
+ pci_dev->v_addrs[i].r_size = cur_region->size;
+ pci_dev->v_addrs[i].e_size = 0;
+
+ assigned_dev_ioport_setup(&pci_dev->dev, i, cur_region->size);
+ pci_register_bar((PCIDevice *) pci_dev, i,
+ PCI_BASE_ADDRESS_SPACE_IO,
+ &pci_dev->v_addrs[i].container);
+ }
+ }
+
+ /* success */
+ return 0;
+}
+
+static int get_real_id(const char *devpath, const char *idname, uint16_t *val)
+{
+ FILE *f;
+ char name[128];
+ long id;
+
+ snprintf(name, sizeof(name), "%s%s", devpath, idname);
+ f = fopen(name, "r");
+ if (f == NULL) {
+ error_report("%s: %s: %m", __func__, name);
+ return -1;
+ }
+ if (fscanf(f, "%li\n", &id) == 1) {
+ *val = id;
+ } else {
+ fclose(f);
+ return -1;
+ }
+ fclose(f);
+
+ return 0;
+}
+
+static int get_real_vendor_id(const char *devpath, uint16_t *val)
+{
+ return get_real_id(devpath, "vendor", val);
+}
+
+static int get_real_device_id(const char *devpath, uint16_t *val)
+{
+ return get_real_id(devpath, "device", val);
+}
+
+static int get_real_device(AssignedDevice *pci_dev, uint16_t r_seg,
+ uint8_t r_bus, uint8_t r_dev, uint8_t r_func)
+{
+ char dir[128], name[128];
+ int fd, r = 0, v;
+ FILE *f;
+ uint64_t start, end, size, flags;
+ uint16_t id;
+ PCIRegion *rp;
+ PCIDevRegions *dev = &pci_dev->real_device;
+
+ dev->region_number = 0;
+
+ snprintf(dir, sizeof(dir), "/sys/bus/pci/devices/%04x:%02x:%02x.%x/",
+ r_seg, r_bus, r_dev, r_func);
+
+ snprintf(name, sizeof(name), "%sconfig", dir);
+
+ if (pci_dev->configfd_name && *pci_dev->configfd_name) {
+ dev->config_fd = monitor_handle_fd_param(cur_mon, pci_dev->configfd_name);
+ if (dev->config_fd < 0) {
+ return 1;
+ }
+ } else {
+ dev->config_fd = open(name, O_RDWR);
+
+ if (dev->config_fd == -1) {
+ error_report("%s: %s: %m", __func__, name);
+ return 1;
+ }
+ }
+again:
+ r = read(dev->config_fd, pci_dev->dev.config,
+ pci_config_size(&pci_dev->dev));
+ if (r < 0) {
+ if (errno == EINTR || errno == EAGAIN) {
+ goto again;
+ }
+ error_report("%s: read failed, errno = %d", __func__, errno);
+ }
+
+ /* Restore or clear multifunction, this is always controlled by qemu */
+ if (pci_dev->dev.cap_present & QEMU_PCI_CAP_MULTIFUNCTION) {
+ pci_dev->dev.config[PCI_HEADER_TYPE] |= PCI_HEADER_TYPE_MULTI_FUNCTION;
+ } else {
+ pci_dev->dev.config[PCI_HEADER_TYPE] &= ~PCI_HEADER_TYPE_MULTI_FUNCTION;
+ }
+
+ /* Clear host resource mapping info. If we choose not to register a
+ * BAR, such as might be the case with the option ROM, we can get
+ * confusing, unwritable, residual addresses from the host here. */
+ memset(&pci_dev->dev.config[PCI_BASE_ADDRESS_0], 0, 24);
+ memset(&pci_dev->dev.config[PCI_ROM_ADDRESS], 0, 4);
+
+ snprintf(name, sizeof(name), "%sresource", dir);
+
+ f = fopen(name, "r");
+ if (f == NULL) {
+ error_report("%s: %s: %m", __func__, name);
+ return 1;
+ }
+
+ for (r = 0; r < PCI_ROM_SLOT; r++) {
+ if (fscanf(f, "%" SCNi64 " %" SCNi64 " %" SCNi64 "\n",
+ &start, &end, &flags) != 3) {
+ break;
+ }
+
+ rp = dev->regions + r;
+ rp->valid = 0;
+ rp->resource_fd = -1;
+ size = end - start + 1;
+ flags &= IORESOURCE_IO | IORESOURCE_MEM | IORESOURCE_PREFETCH
+ | IORESOURCE_MEM_64;
+ if (size == 0 || (flags & ~IORESOURCE_PREFETCH) == 0) {
+ continue;
+ }
+ if (flags & IORESOURCE_MEM) {
+ flags &= ~IORESOURCE_IO;
+ } else {
+ flags &= ~IORESOURCE_PREFETCH;
+ }
+ snprintf(name, sizeof(name), "%sresource%d", dir, r);
+ fd = open(name, O_RDWR);
+ if (fd == -1) {
+ continue;
+ }
+ rp->resource_fd = fd;
+
+ rp->type = flags;
+ rp->valid = 1;
+ rp->base_addr = start;
+ rp->size = size;
+ pci_dev->v_addrs[r].region = rp;
+ DEBUG("region %d size %" PRIu64 " start 0x%" PRIx64
+ " type %d resource_fd %d\n",
+ r, rp->size, start, rp->type, rp->resource_fd);
+ }
+
+ fclose(f);
+
+ /* read and fill vendor ID */
+ v = get_real_vendor_id(dir, &id);
+ if (v) {
+ return 1;
+ }
+ pci_dev->dev.config[0] = id & 0xff;
+ pci_dev->dev.config[1] = (id & 0xff00) >> 8;
+
+ /* read and fill device ID */
+ v = get_real_device_id(dir, &id);
+ if (v) {
+ return 1;
+ }
+ pci_dev->dev.config[2] = id & 0xff;
+ pci_dev->dev.config[3] = (id & 0xff00) >> 8;
+
+ pci_word_test_and_clear_mask(pci_dev->emulate_config_write + PCI_COMMAND,
+ PCI_COMMAND_MASTER | PCI_COMMAND_INTX_DISABLE);
+
+ dev->region_number = r;
+ return 0;
+}
+
+static void free_msi_virqs(AssignedDevice *dev)
+{
+ int i;
+
+ for (i = 0; i < dev->msi_virq_nr; i++) {
+ if (dev->msi_virq[i] >= 0) {
+ kvm_irqchip_release_virq(kvm_state, dev->msi_virq[i]);
+ dev->msi_virq[i] = -1;
+ }
+ }
+ g_free(dev->msi_virq);
+ dev->msi_virq = NULL;
+ dev->msi_virq_nr = 0;
+}
+
+static void free_assigned_device(AssignedDevice *dev)
+{
+ int i;
+
+ if (dev->cap.available & ASSIGNED_DEVICE_CAP_MSIX) {
+ assigned_dev_unregister_msix_mmio(dev);
+ }
+ for (i = 0; i < dev->real_device.region_number; i++) {
+ PCIRegion *pci_region = &dev->real_device.regions[i];
+ AssignedDevRegion *region = &dev->v_addrs[i];
+
+ if (!pci_region->valid) {
+ continue;
+ }
+ if (pci_region->type & IORESOURCE_IO) {
+ if (region->u.r_baseport) {
+ memory_region_del_subregion(&region->container,
+ &region->real_iomem);
+ memory_region_destroy(&region->real_iomem);
+ memory_region_destroy(&region->container);
+ }
+ } else if (pci_region->type & IORESOURCE_MEM) {
+ if (region->u.r_virtbase) {
+ memory_region_del_subregion(&region->container,
+ &region->real_iomem);
+
+ /* Remove MSI-X table subregion */
+ if (pci_region->base_addr <= dev->msix_table_addr &&
+ pci_region->base_addr + pci_region->size >
+ dev->msix_table_addr) {
+ memory_region_del_subregion(&region->container,
+ &dev->mmio);
+ }
+
+ memory_region_destroy(&region->real_iomem);
+ memory_region_destroy(&region->container);
+ if (munmap(region->u.r_virtbase,
+ (pci_region->size + 0xFFF) & 0xFFFFF000)) {
+ error_report("Failed to unmap assigned device region: %s",
+ strerror(errno));
+ }
+ }
+ }
+ if (pci_region->resource_fd >= 0) {
+ close(pci_region->resource_fd);
+ }
+ }
+
+ if (dev->real_device.config_fd >= 0) {
+ close(dev->real_device.config_fd);
+ }
+
+ free_msi_virqs(dev);
+}
+
+static void assign_failed_examine(AssignedDevice *dev)
+{
+ char name[PATH_MAX], dir[PATH_MAX], driver[PATH_MAX] = {}, *ns;
+ uint16_t vendor_id, device_id;
+ int r;
+
+ snprintf(dir, sizeof(dir), "/sys/bus/pci/devices/%04x:%02x:%02x.%01x/",
+ dev->host.domain, dev->host.bus, dev->host.slot,
+ dev->host.function);
+
+ snprintf(name, sizeof(name), "%sdriver", dir);
+
+ r = readlink(name, driver, sizeof(driver));
+ if ((r <= 0) || r >= sizeof(driver)) {
+ goto fail;
+ }
+
+ ns = strrchr(driver, '/');
+ if (!ns) {
+ goto fail;
+ }
+
+ ns++;
+
+ if (get_real_vendor_id(dir, &vendor_id) ||
+ get_real_device_id(dir, &device_id)) {
+ goto fail;
+ }
+
+ error_report("*** The driver '%s' is occupying your device "
+ "%04x:%02x:%02x.%x.",
+ ns, dev->host.domain, dev->host.bus, dev->host.slot,
+ dev->host.function);
+ error_report("***");
+ error_report("*** You can try the following commands to free it:");
+ error_report("***");
+ error_report("*** $ echo \"%04x %04x\" > /sys/bus/pci/drivers/pci-stub/"
+ "new_id", vendor_id, device_id);
+ error_report("*** $ echo \"%04x:%02x:%02x.%x\" > /sys/bus/pci/drivers/"
+ "%s/unbind",
+ dev->host.domain, dev->host.bus, dev->host.slot,
+ dev->host.function, ns);
+ error_report("*** $ echo \"%04x:%02x:%02x.%x\" > /sys/bus/pci/drivers/"
+ "pci-stub/bind",
+ dev->host.domain, dev->host.bus, dev->host.slot,
+ dev->host.function);
+ error_report("*** $ echo \"%04x %04x\" > /sys/bus/pci/drivers/pci-stub"
+ "/remove_id", vendor_id, device_id);
+ error_report("***");
+
+ return;
+
+fail:
+ error_report("Couldn't find out why.");
+}
+
+static int assign_device(AssignedDevice *dev)
+{
+ uint32_t flags = KVM_DEV_ASSIGN_ENABLE_IOMMU;
+ int r;
+
+ /* Only pass non-zero PCI segment to capable module */
+ if (!kvm_check_extension(kvm_state, KVM_CAP_PCI_SEGMENT) &&
+ dev->host.domain) {
+ error_report("Can't assign device inside non-zero PCI segment "
+ "as this KVM module doesn't support it.");
+ return -ENODEV;
+ }
+
+ if (!kvm_check_extension(kvm_state, KVM_CAP_IOMMU)) {
+ error_report("No IOMMU found. Unable to assign device \"%s\"",
+ dev->dev.qdev.id);
+ return -ENODEV;
+ }
+
+ if (dev->features & ASSIGNED_DEVICE_SHARE_INTX_MASK &&
+ kvm_has_intx_set_mask()) {
+ flags |= KVM_DEV_ASSIGN_PCI_2_3;
+ }
+
+ r = kvm_device_pci_assign(kvm_state, &dev->host, flags, &dev->dev_id);
+ if (r < 0) {
+ error_report("Failed to assign device \"%s\" : %s",
+ dev->dev.qdev.id, strerror(-r));
+
+ switch (r) {
+ case -EBUSY:
+ assign_failed_examine(dev);
+ break;
+ default:
+ break;
+ }
+ }
+ return r;
+}
+
+static bool check_irqchip_in_kernel(void)
+{
+ if (kvm_irqchip_in_kernel()) {
+ return true;
+ }
+ error_report("pci-assign: error: requires KVM with in-kernel irqchip "
+ "enabled");
+ return false;
+}
+
+static int assign_intx(AssignedDevice *dev)
+{
+ AssignedIRQType new_type;
+ PCIINTxRoute intx_route;
+ bool intx_host_msi;
+ int r;
+
+ /* Interrupt PIN 0 means don't use INTx */
+ if (assigned_dev_pci_read_byte(&dev->dev, PCI_INTERRUPT_PIN) == 0) {
+ pci_device_set_intx_routing_notifier(&dev->dev, NULL);
+ return 0;
+ }
+
+ if (!check_irqchip_in_kernel()) {
+ return -ENOTSUP;
+ }
+
+ pci_device_set_intx_routing_notifier(&dev->dev,
+ assigned_dev_update_irq_routing);
+
+ intx_route = pci_device_route_intx_to_irq(&dev->dev, dev->intpin);
+ assert(intx_route.mode != PCI_INTX_INVERTED);
+
+ if (!pci_intx_route_changed(&dev->intx_route, &intx_route)) {
+ return 0;
+ }
+
+ switch (dev->assigned_irq_type) {
+ case ASSIGNED_IRQ_INTX_HOST_INTX:
+ case ASSIGNED_IRQ_INTX_HOST_MSI:
+ intx_host_msi = dev->assigned_irq_type == ASSIGNED_IRQ_INTX_HOST_MSI;
+ r = kvm_device_intx_deassign(kvm_state, dev->dev_id, intx_host_msi);
+ break;
+ case ASSIGNED_IRQ_MSI:
+ r = kvm_device_msi_deassign(kvm_state, dev->dev_id);
+ break;
+ case ASSIGNED_IRQ_MSIX:
+ r = kvm_device_msix_deassign(kvm_state, dev->dev_id);
+ break;
+ default:
+ r = 0;
+ break;
+ }
+ if (r) {
+ perror("assign_intx: deassignment of previous interrupt failed");
+ }
+ dev->assigned_irq_type = ASSIGNED_IRQ_NONE;
+
+ if (intx_route.mode == PCI_INTX_DISABLED) {
+ dev->intx_route = intx_route;
+ return 0;
+ }
+
+retry:
+ if (dev->features & ASSIGNED_DEVICE_PREFER_MSI_MASK &&
+ dev->cap.available & ASSIGNED_DEVICE_CAP_MSI) {
+ intx_host_msi = true;
+ new_type = ASSIGNED_IRQ_INTX_HOST_MSI;
+ } else {
+ intx_host_msi = false;
+ new_type = ASSIGNED_IRQ_INTX_HOST_INTX;
+ }
+
+ r = kvm_device_intx_assign(kvm_state, dev->dev_id, intx_host_msi,
+ intx_route.irq);
+ if (r < 0) {
+ if (r == -EIO && !(dev->features & ASSIGNED_DEVICE_PREFER_MSI_MASK) &&
+ dev->cap.available & ASSIGNED_DEVICE_CAP_MSI) {
+ /* Retry with host-side MSI. There might be an IRQ conflict and
+ * either the kernel or the device doesn't support sharing. */
+ error_report("Host-side INTx sharing not supported, "
+ "using MSI instead");
+ error_printf("Some devices do not work properly in this mode.\n");
+ dev->features |= ASSIGNED_DEVICE_PREFER_MSI_MASK;
+ goto retry;
+ }
+ error_report("Failed to assign irq for \"%s\": %s",
+ dev->dev.qdev.id, strerror(-r));
+ error_report("Perhaps you are assigning a device "
+ "that shares an IRQ with another device?");
+ return r;
+ }
+
+ dev->intx_route = intx_route;
+ dev->assigned_irq_type = new_type;
+ return r;
+}
+
+static void deassign_device(AssignedDevice *dev)
+{
+ int r;
+
+ r = kvm_device_pci_deassign(kvm_state, dev->dev_id);
+ assert(r == 0);
+}
+
+/* The pci config space got updated. Check if irq numbers have changed
+ * for our devices
+ */
+static void assigned_dev_update_irq_routing(PCIDevice *dev)
+{
+ AssignedDevice *assigned_dev = DO_UPCAST(AssignedDevice, dev, dev);
+ Error *err = NULL;
+ int r;
+
+ r = assign_intx(assigned_dev);
+ if (r < 0) {
+ qdev_unplug(&dev->qdev, &err);
+ assert(!err);
+ }
+}
+
+static void assigned_dev_update_msi(PCIDevice *pci_dev)
+{
+ AssignedDevice *assigned_dev = DO_UPCAST(AssignedDevice, dev, pci_dev);
+ uint8_t ctrl_byte = pci_get_byte(pci_dev->config + pci_dev->msi_cap +
+ PCI_MSI_FLAGS);
+ int r;
+
+ /* Some guests gratuitously disable MSI even if they're not using it,
+ * try to catch this by only deassigning irqs if the guest is using
+ * MSI or intends to start. */
+ if (assigned_dev->assigned_irq_type == ASSIGNED_IRQ_MSI ||
+ (ctrl_byte & PCI_MSI_FLAGS_ENABLE)) {
+ r = kvm_device_msi_deassign(kvm_state, assigned_dev->dev_id);
+ /* -ENXIO means no assigned irq */
+ if (r && r != -ENXIO) {
+ perror("assigned_dev_update_msi: deassign irq");
+ }
+
+ free_msi_virqs(assigned_dev);
+
+ assigned_dev->assigned_irq_type = ASSIGNED_IRQ_NONE;
+ pci_device_set_intx_routing_notifier(pci_dev, NULL);
+ }
+
+ if (ctrl_byte & PCI_MSI_FLAGS_ENABLE) {
+ MSIMessage msg = msi_get_message(pci_dev, 0);
+ int virq;
+
+ virq = kvm_irqchip_add_msi_route(kvm_state, msg);
+ if (virq < 0) {
+ perror("assigned_dev_update_msi: kvm_irqchip_add_msi_route");
+ return;
+ }
+
+ assigned_dev->msi_virq = g_malloc(sizeof(*assigned_dev->msi_virq));
+ assigned_dev->msi_virq_nr = 1;
+ assigned_dev->msi_virq[0] = virq;
+ if (kvm_device_msi_assign(kvm_state, assigned_dev->dev_id, virq) < 0) {
+ perror("assigned_dev_update_msi: kvm_device_msi_assign");
+ }
+
+ assigned_dev->intx_route.mode = PCI_INTX_DISABLED;
+ assigned_dev->intx_route.irq = -1;
+ assigned_dev->assigned_irq_type = ASSIGNED_IRQ_MSI;
+ } else {
+ assign_intx(assigned_dev);
+ }
+}
+
+static void assigned_dev_update_msi_msg(PCIDevice *pci_dev)
+{
+ AssignedDevice *assigned_dev = DO_UPCAST(AssignedDevice, dev, pci_dev);
+ uint8_t ctrl_byte = pci_get_byte(pci_dev->config + pci_dev->msi_cap +
+ PCI_MSI_FLAGS);
+
+ if (assigned_dev->assigned_irq_type != ASSIGNED_IRQ_MSI ||
+ !(ctrl_byte & PCI_MSI_FLAGS_ENABLE)) {
+ return;
+ }
+
+ kvm_irqchip_update_msi_route(kvm_state, assigned_dev->msi_virq[0],
+ msi_get_message(pci_dev, 0));
+}
+
+static bool assigned_dev_msix_masked(MSIXTableEntry *entry)
+{
+ return (entry->ctrl & cpu_to_le32(0x1)) != 0;
+}
+
+/*
+ * When MSI-X is first enabled the vector table typically has all the
+ * vectors masked, so we can't use that as the obvious test to figure out
+ * how many vectors to initially enable. Instead we look at the data field
+ * because this is what worked for pci-assign for a long time. This makes
+ * sure the physical MSI-X state tracks the guest's view, which is important
+ * for some VF/PF and PF/fw communication channels.
+ */
+static bool assigned_dev_msix_skipped(MSIXTableEntry *entry)
+{
+ return !entry->data;
+}
+
+static int assigned_dev_update_msix_mmio(PCIDevice *pci_dev)
+{
+ AssignedDevice *adev = DO_UPCAST(AssignedDevice, dev, pci_dev);
+ uint16_t entries_nr = 0;
+ int i, r = 0;
+ MSIXTableEntry *entry = adev->msix_table;
+ MSIMessage msg;
+
+ /* Get the usable entry number for allocating */
+ for (i = 0; i < adev->msix_max; i++, entry++) {
+ if (assigned_dev_msix_skipped(entry)) {
+ continue;
+ }
+ entries_nr++;
+ }
+
+ DEBUG("MSI-X entries: %d\n", entries_nr);
+
+ /* It's valid to enable MSI-X with all entries masked */
+ if (!entries_nr) {
+ return 0;
+ }
+
+ r = kvm_device_msix_init_vectors(kvm_state, adev->dev_id, entries_nr);
+ if (r != 0) {
+ error_report("fail to set MSI-X entry number for MSIX! %s",
+ strerror(-r));
+ return r;
+ }
+
+ free_msi_virqs(adev);
+
+ adev->msi_virq_nr = adev->msix_max;
+ adev->msi_virq = g_malloc(adev->msix_max * sizeof(*adev->msi_virq));
+
+ entry = adev->msix_table;
+ for (i = 0; i < adev->msix_max; i++, entry++) {
+ adev->msi_virq[i] = -1;
+
+ if (assigned_dev_msix_skipped(entry)) {
+ continue;
+ }
+
+ msg.address = entry->addr_lo | ((uint64_t)entry->addr_hi << 32);
+ msg.data = entry->data;
+ r = kvm_irqchip_add_msi_route(kvm_state, msg);
+ if (r < 0) {
+ return r;
+ }
+ adev->msi_virq[i] = r;
+
+ DEBUG("MSI-X vector %d, gsi %d, addr %08x_%08x, data %08x\n", i,
+ r, entry->addr_hi, entry->addr_lo, entry->data);
+
+ r = kvm_device_msix_set_vector(kvm_state, adev->dev_id, i,
+ adev->msi_virq[i]);
+ if (r) {
+ error_report("fail to set MSI-X entry! %s", strerror(-r));
+ break;
+ }
+ }
+
+ return r;
+}
+
+static void assigned_dev_update_msix(PCIDevice *pci_dev)
+{
+ AssignedDevice *assigned_dev = DO_UPCAST(AssignedDevice, dev, pci_dev);
+ uint16_t ctrl_word = pci_get_word(pci_dev->config + pci_dev->msix_cap +
+ PCI_MSIX_FLAGS);
+ int r;
+
+ /* Some guests gratuitously disable MSIX even if they're not using it,
+ * try to catch this by only deassigning irqs if the guest is using
+ * MSIX or intends to start. */
+ if ((assigned_dev->assigned_irq_type == ASSIGNED_IRQ_MSIX) ||
+ (ctrl_word & PCI_MSIX_FLAGS_ENABLE)) {
+ r = kvm_device_msix_deassign(kvm_state, assigned_dev->dev_id);
+ /* -ENXIO means no assigned irq */
+ if (r && r != -ENXIO) {
+ perror("assigned_dev_update_msix: deassign irq");
+ }
+
+ free_msi_virqs(assigned_dev);
+
+ assigned_dev->assigned_irq_type = ASSIGNED_IRQ_NONE;
+ pci_device_set_intx_routing_notifier(pci_dev, NULL);
+ }
+
+ if (ctrl_word & PCI_MSIX_FLAGS_ENABLE) {
+ if (assigned_dev_update_msix_mmio(pci_dev) < 0) {
+ perror("assigned_dev_update_msix_mmio");
+ return;
+ }
+
+ if (assigned_dev->msi_virq_nr > 0) {
+ if (kvm_device_msix_assign(kvm_state, assigned_dev->dev_id) < 0) {
+ perror("assigned_dev_enable_msix: assign irq");
+ return;
+ }
+ }
+ assigned_dev->intx_route.mode = PCI_INTX_DISABLED;
+ assigned_dev->intx_route.irq = -1;
+ assigned_dev->assigned_irq_type = ASSIGNED_IRQ_MSIX;
+ } else {
+ assign_intx(assigned_dev);
+ }
+}
+
+static uint32_t assigned_dev_pci_read_config(PCIDevice *pci_dev,
+ uint32_t address, int len)
+{
+ AssignedDevice *assigned_dev = DO_UPCAST(AssignedDevice, dev, pci_dev);
+ uint32_t virt_val = pci_default_read_config(pci_dev, address, len);
+ uint32_t real_val, emulate_mask, full_emulation_mask;
+
+ emulate_mask = 0;
+ memcpy(&emulate_mask, assigned_dev->emulate_config_read + address, len);
+ emulate_mask = le32_to_cpu(emulate_mask);
+
+ full_emulation_mask = 0xffffffff >> (32 - len * 8);
+
+ if (emulate_mask != full_emulation_mask) {
+ real_val = assigned_dev_pci_read(pci_dev, address, len);
+ return (virt_val & emulate_mask) | (real_val & ~emulate_mask);
+ } else {
+ return virt_val;
+ }
+}
+
+static void assigned_dev_pci_write_config(PCIDevice *pci_dev, uint32_t address,
+ uint32_t val, int len)
+{
+ AssignedDevice *assigned_dev = DO_UPCAST(AssignedDevice, dev, pci_dev);
+ uint16_t old_cmd = pci_get_word(pci_dev->config + PCI_COMMAND);
+ uint32_t emulate_mask, full_emulation_mask;
+ int ret;
+
+ pci_default_write_config(pci_dev, address, val, len);
+
+ if (kvm_has_intx_set_mask() &&
+ range_covers_byte(address, len, PCI_COMMAND + 1)) {
+ bool intx_masked = (pci_get_word(pci_dev->config + PCI_COMMAND) &
+ PCI_COMMAND_INTX_DISABLE);
+
+ if (intx_masked != !!(old_cmd & PCI_COMMAND_INTX_DISABLE)) {
+ ret = kvm_device_intx_set_mask(kvm_state, assigned_dev->dev_id,
+ intx_masked);
+ if (ret) {
+ perror("assigned_dev_pci_write_config: set intx mask");
+ }
+ }
+ }
+ if (assigned_dev->cap.available & ASSIGNED_DEVICE_CAP_MSI) {
+ if (range_covers_byte(address, len,
+ pci_dev->msi_cap + PCI_MSI_FLAGS)) {
+ assigned_dev_update_msi(pci_dev);
+ } else if (ranges_overlap(address, len, /* 32bit MSI only */
+ pci_dev->msi_cap + PCI_MSI_ADDRESS_LO, 6)) {
+ assigned_dev_update_msi_msg(pci_dev);
+ }
+ }
+ if (assigned_dev->cap.available & ASSIGNED_DEVICE_CAP_MSIX) {
+ if (range_covers_byte(address, len,
+ pci_dev->msix_cap + PCI_MSIX_FLAGS + 1)) {
+ assigned_dev_update_msix(pci_dev);
+ }
+ }
+
+ emulate_mask = 0;
+ memcpy(&emulate_mask, assigned_dev->emulate_config_write + address, len);
+ emulate_mask = le32_to_cpu(emulate_mask);
+
+ full_emulation_mask = 0xffffffff >> (32 - len * 8);
+
+ if (emulate_mask != full_emulation_mask) {
+ if (emulate_mask) {
+ val &= ~emulate_mask;
+ val |= assigned_dev_pci_read(pci_dev, address, len) & emulate_mask;
+ }
+ assigned_dev_pci_write(pci_dev, address, val, len);
+ }
+}
+
+static void assigned_dev_setup_cap_read(AssignedDevice *dev, uint32_t offset,
+ uint32_t len)
+{
+ assigned_dev_direct_config_read(dev, offset, len);
+ assigned_dev_emulate_config_read(dev, offset + PCI_CAP_LIST_NEXT, 1);
+}
+
+static int assigned_device_pci_cap_init(PCIDevice *pci_dev)
+{
+ AssignedDevice *dev = DO_UPCAST(AssignedDevice, dev, pci_dev);
+ PCIRegion *pci_region = dev->real_device.regions;
+ int ret, pos;
+
+ /* Clear initial capabilities pointer and status copied from hw */
+ pci_set_byte(pci_dev->config + PCI_CAPABILITY_LIST, 0);
+ pci_set_word(pci_dev->config + PCI_STATUS,
+ pci_get_word(pci_dev->config + PCI_STATUS) &
+ ~PCI_STATUS_CAP_LIST);
+
+ /* Expose MSI capability
+ * MSI capability is the 1st capability in capability config */
+ pos = pci_find_cap_offset(pci_dev, PCI_CAP_ID_MSI, 0);
+ if (pos != 0 && kvm_check_extension(kvm_state, KVM_CAP_ASSIGN_DEV_IRQ)) {
+ if (!check_irqchip_in_kernel()) {
+ return -ENOTSUP;
+ }
+ dev->cap.available |= ASSIGNED_DEVICE_CAP_MSI;
+ /* Only 32-bit/no-mask currently supported */
+ ret = pci_add_capability(pci_dev, PCI_CAP_ID_MSI, pos, 10);
+ if (ret < 0) {
+ return ret;
+ }
+ pci_dev->msi_cap = pos;
+
+ pci_set_word(pci_dev->config + pos + PCI_MSI_FLAGS,
+ pci_get_word(pci_dev->config + pos + PCI_MSI_FLAGS) &
+ PCI_MSI_FLAGS_QMASK);
+ pci_set_long(pci_dev->config + pos + PCI_MSI_ADDRESS_LO, 0);
+ pci_set_word(pci_dev->config + pos + PCI_MSI_DATA_32, 0);
+
+ /* Set writable fields */
+ pci_set_word(pci_dev->wmask + pos + PCI_MSI_FLAGS,
+ PCI_MSI_FLAGS_QSIZE | PCI_MSI_FLAGS_ENABLE);
+ pci_set_long(pci_dev->wmask + pos + PCI_MSI_ADDRESS_LO, 0xfffffffc);
+ pci_set_word(pci_dev->wmask + pos + PCI_MSI_DATA_32, 0xffff);
+ }
+ /* Expose MSI-X capability */
+ pos = pci_find_cap_offset(pci_dev, PCI_CAP_ID_MSIX, 0);
+ if (pos != 0 && kvm_device_msix_supported(kvm_state)) {
+ int bar_nr;
+ uint32_t msix_table_entry;
+
+ if (!check_irqchip_in_kernel()) {
+ return -ENOTSUP;
+ }
+ dev->cap.available |= ASSIGNED_DEVICE_CAP_MSIX;
+ ret = pci_add_capability(pci_dev, PCI_CAP_ID_MSIX, pos, 12);
+ if (ret < 0) {
+ return ret;
+ }
+ pci_dev->msix_cap = pos;
+
+ pci_set_word(pci_dev->config + pos + PCI_MSIX_FLAGS,
+ pci_get_word(pci_dev->config + pos + PCI_MSIX_FLAGS) &
+ PCI_MSIX_FLAGS_QSIZE);
+
+ /* Only enable and function mask bits are writable */
+ pci_set_word(pci_dev->wmask + pos + PCI_MSIX_FLAGS,
+ PCI_MSIX_FLAGS_ENABLE | PCI_MSIX_FLAGS_MASKALL);
+
+ msix_table_entry = pci_get_long(pci_dev->config + pos + PCI_MSIX_TABLE);
+ bar_nr = msix_table_entry & PCI_MSIX_FLAGS_BIRMASK;
+ msix_table_entry &= ~PCI_MSIX_FLAGS_BIRMASK;
+ dev->msix_table_addr = pci_region[bar_nr].base_addr + msix_table_entry;
+ dev->msix_max = pci_get_word(pci_dev->config + pos + PCI_MSIX_FLAGS);
+ dev->msix_max &= PCI_MSIX_FLAGS_QSIZE;
+ dev->msix_max += 1;
+ }
+
+ /* Minimal PM support, nothing writable, device appears to NAK changes */
+ pos = pci_find_cap_offset(pci_dev, PCI_CAP_ID_PM, 0);
+ if (pos) {
+ uint16_t pmc;
+
+ ret = pci_add_capability(pci_dev, PCI_CAP_ID_PM, pos, PCI_PM_SIZEOF);
+ if (ret < 0) {
+ return ret;
+ }
+
+ assigned_dev_setup_cap_read(dev, pos, PCI_PM_SIZEOF);
+
+ pmc = pci_get_word(pci_dev->config + pos + PCI_CAP_FLAGS);
+ pmc &= (PCI_PM_CAP_VER_MASK | PCI_PM_CAP_DSI);
+ pci_set_word(pci_dev->config + pos + PCI_CAP_FLAGS, pmc);
+
+ /* assign_device will bring the device up to D0, so we don't need
+ * to worry about doing that ourselves here. */
+ pci_set_word(pci_dev->config + pos + PCI_PM_CTRL,
+ PCI_PM_CTRL_NO_SOFT_RESET);
+
+ pci_set_byte(pci_dev->config + pos + PCI_PM_PPB_EXTENSIONS, 0);
+ pci_set_byte(pci_dev->config + pos + PCI_PM_DATA_REGISTER, 0);
+ }
+
+ pos = pci_find_cap_offset(pci_dev, PCI_CAP_ID_EXP, 0);
+ if (pos) {
+ uint8_t version, size = 0;
+ uint16_t type, devctl, lnksta;
+ uint32_t devcap, lnkcap;
+
+ version = pci_get_byte(pci_dev->config + pos + PCI_EXP_FLAGS);
+ version &= PCI_EXP_FLAGS_VERS;
+ if (version == 1) {
+ size = 0x14;
+ } else if (version == 2) {
+ /*
+ * Check for non-std size, accept reduced size to 0x34,
+ * which is what bcm5761 implemented, violating the
+ * PCIe v3.0 spec that regs should exist and be read as 0,
+ * not optionally provided and shorten the struct size.
+ */
+ size = MIN(0x3c, PCI_CONFIG_SPACE_SIZE - pos);
+ if (size < 0x34) {
+ error_report("%s: Invalid size PCIe cap-id 0x%x",
+ __func__, PCI_CAP_ID_EXP);
+ return -EINVAL;
+ } else if (size != 0x3c) {
+ error_report("WARNING, %s: PCIe cap-id 0x%x has "
+ "non-standard size 0x%x; std size should be 0x3c",
+ __func__, PCI_CAP_ID_EXP, size);
+ }
+ } else if (version == 0) {
+ uint16_t vid, did;
+ vid = pci_get_word(pci_dev->config + PCI_VENDOR_ID);
+ did = pci_get_word(pci_dev->config + PCI_DEVICE_ID);
+ if (vid == PCI_VENDOR_ID_INTEL && did == 0x10ed) {
+ /*
+ * quirk for Intel 82599 VF with invalid PCIe capability
+ * version, should really be version 2 (same as PF)
+ */
+ size = 0x3c;
+ }
+ }
+
+ if (size == 0) {
+ error_report("%s: Unsupported PCI express capability version %d",
+ __func__, version);
+ return -EINVAL;
+ }
+
+ ret = pci_add_capability(pci_dev, PCI_CAP_ID_EXP, pos, size);
+ if (ret < 0) {
+ return ret;
+ }
+
+ assigned_dev_setup_cap_read(dev, pos, size);
+
+ type = pci_get_word(pci_dev->config + pos + PCI_EXP_FLAGS);
+ type = (type & PCI_EXP_FLAGS_TYPE) >> 4;
+ if (type != PCI_EXP_TYPE_ENDPOINT &&
+ type != PCI_EXP_TYPE_LEG_END && type != PCI_EXP_TYPE_RC_END) {
+ error_report("Device assignment only supports endpoint assignment,"
+ " device type %d", type);
+ return -EINVAL;
+ }
+
+ /* capabilities, pass existing read-only copy
+ * PCI_EXP_FLAGS_IRQ: updated by hardware, should be direct read */
+
+ /* device capabilities: hide FLR */
+ devcap = pci_get_long(pci_dev->config + pos + PCI_EXP_DEVCAP);
+ devcap &= ~PCI_EXP_DEVCAP_FLR;
+ pci_set_long(pci_dev->config + pos + PCI_EXP_DEVCAP, devcap);
+
+ /* device control: clear all error reporting enable bits, leaving
+ * only a few host values. Note, these are
+ * all writable, but not passed to hw.
+ */
+ devctl = pci_get_word(pci_dev->config + pos + PCI_EXP_DEVCTL);
+ devctl = (devctl & (PCI_EXP_DEVCTL_READRQ | PCI_EXP_DEVCTL_PAYLOAD)) |
+ PCI_EXP_DEVCTL_RELAX_EN | PCI_EXP_DEVCTL_NOSNOOP_EN;
+ pci_set_word(pci_dev->config + pos + PCI_EXP_DEVCTL, devctl);
+ devctl = PCI_EXP_DEVCTL_BCR_FLR | PCI_EXP_DEVCTL_AUX_PME;
+ pci_set_word(pci_dev->wmask + pos + PCI_EXP_DEVCTL, ~devctl);
+
+ /* Clear device status */
+ pci_set_word(pci_dev->config + pos + PCI_EXP_DEVSTA, 0);
+
+ /* Link capabilities, expose links and latencues, clear reporting */
+ lnkcap = pci_get_long(pci_dev->config + pos + PCI_EXP_LNKCAP);
+ lnkcap &= (PCI_EXP_LNKCAP_SLS | PCI_EXP_LNKCAP_MLW |
+ PCI_EXP_LNKCAP_ASPMS | PCI_EXP_LNKCAP_L0SEL |
+ PCI_EXP_LNKCAP_L1EL);
+ pci_set_long(pci_dev->config + pos + PCI_EXP_LNKCAP, lnkcap);
+
+ /* Link control, pass existing read-only copy. Should be writable? */
+
+ /* Link status, only expose current speed and width */
+ lnksta = pci_get_word(pci_dev->config + pos + PCI_EXP_LNKSTA);
+ lnksta &= (PCI_EXP_LNKSTA_CLS | PCI_EXP_LNKSTA_NLW);
+ pci_set_word(pci_dev->config + pos + PCI_EXP_LNKSTA, lnksta);
+
+ if (version >= 2) {
+ /* Slot capabilities, control, status - not needed for endpoints */
+ pci_set_long(pci_dev->config + pos + PCI_EXP_SLTCAP, 0);
+ pci_set_word(pci_dev->config + pos + PCI_EXP_SLTCTL, 0);
+ pci_set_word(pci_dev->config + pos + PCI_EXP_SLTSTA, 0);
+
+ /* Root control, capabilities, status - not needed for endpoints */
+ pci_set_word(pci_dev->config + pos + PCI_EXP_RTCTL, 0);
+ pci_set_word(pci_dev->config + pos + PCI_EXP_RTCAP, 0);
+ pci_set_long(pci_dev->config + pos + PCI_EXP_RTSTA, 0);
+
+ /* Device capabilities/control 2, pass existing read-only copy */
+ /* Link control 2, pass existing read-only copy */
+ }
+ }
+
+ pos = pci_find_cap_offset(pci_dev, PCI_CAP_ID_PCIX, 0);
+ if (pos) {
+ uint16_t cmd;
+ uint32_t status;
+
+ /* Only expose the minimum, 8 byte capability */
+ ret = pci_add_capability(pci_dev, PCI_CAP_ID_PCIX, pos, 8);
+ if (ret < 0) {
+ return ret;
+ }
+
+ assigned_dev_setup_cap_read(dev, pos, 8);
+
+ /* Command register, clear upper bits, including extended modes */
+ cmd = pci_get_word(pci_dev->config + pos + PCI_X_CMD);
+ cmd &= (PCI_X_CMD_DPERR_E | PCI_X_CMD_ERO | PCI_X_CMD_MAX_READ |
+ PCI_X_CMD_MAX_SPLIT);
+ pci_set_word(pci_dev->config + pos + PCI_X_CMD, cmd);
+
+ /* Status register, update with emulated PCI bus location, clear
+ * error bits, leave the rest. */
+ status = pci_get_long(pci_dev->config + pos + PCI_X_STATUS);
+ status &= ~(PCI_X_STATUS_BUS | PCI_X_STATUS_DEVFN);
+ status |= (pci_bus_num(pci_dev->bus) << 8) | pci_dev->devfn;
+ status &= ~(PCI_X_STATUS_SPL_DISC | PCI_X_STATUS_UNX_SPL |
+ PCI_X_STATUS_SPL_ERR);
+ pci_set_long(pci_dev->config + pos + PCI_X_STATUS, status);
+ }
+
+ pos = pci_find_cap_offset(pci_dev, PCI_CAP_ID_VPD, 0);
+ if (pos) {
+ /* Direct R/W passthrough */
+ ret = pci_add_capability(pci_dev, PCI_CAP_ID_VPD, pos, 8);
+ if (ret < 0) {
+ return ret;
+ }
+
+ assigned_dev_setup_cap_read(dev, pos, 8);
+
+ /* direct write for cap content */
+ assigned_dev_direct_config_write(dev, pos + 2, 6);
+ }
+
+ /* Devices can have multiple vendor capabilities, get them all */
+ for (pos = 0; (pos = pci_find_cap_offset(pci_dev, PCI_CAP_ID_VNDR, pos));
+ pos += PCI_CAP_LIST_NEXT) {
+ uint8_t len = pci_get_byte(pci_dev->config + pos + PCI_CAP_FLAGS);
+ /* Direct R/W passthrough */
+ ret = pci_add_capability(pci_dev, PCI_CAP_ID_VNDR, pos, len);
+ if (ret < 0) {
+ return ret;
+ }
+
+ assigned_dev_setup_cap_read(dev, pos, len);
+
+ /* direct write for cap content */
+ assigned_dev_direct_config_write(dev, pos + 2, len - 2);
+ }
+
+ /* If real and virtual capability list status bits differ, virtualize the
+ * access. */
+ if ((pci_get_word(pci_dev->config + PCI_STATUS) & PCI_STATUS_CAP_LIST) !=
+ (assigned_dev_pci_read_byte(pci_dev, PCI_STATUS) &
+ PCI_STATUS_CAP_LIST)) {
+ dev->emulate_config_read[PCI_STATUS] |= PCI_STATUS_CAP_LIST;
+ }
+
+ return 0;
+}
+
+static uint64_t
+assigned_dev_msix_mmio_read(void *opaque, hwaddr addr,
+ unsigned size)
+{
+ AssignedDevice *adev = opaque;
+ uint64_t val;
+
+ memcpy(&val, (void *)((uint8_t *)adev->msix_table + addr), size);
+
+ return val;
+}
+
+static void assigned_dev_msix_mmio_write(void *opaque, hwaddr addr,
+ uint64_t val, unsigned size)
+{
+ AssignedDevice *adev = opaque;
+ PCIDevice *pdev = &adev->dev;
+ uint16_t ctrl;
+ MSIXTableEntry orig;
+ int i = addr >> 4;
+
+ if (i >= adev->msix_max) {
+ return; /* Drop write */
+ }
+
+ ctrl = pci_get_word(pdev->config + pdev->msix_cap + PCI_MSIX_FLAGS);
+
+ DEBUG("write to MSI-X table offset 0x%lx, val 0x%lx\n", addr, val);
+
+ if (ctrl & PCI_MSIX_FLAGS_ENABLE) {
+ orig = adev->msix_table[i];
+ }
+
+ memcpy((uint8_t *)adev->msix_table + addr, &val, size);
+
+ if (ctrl & PCI_MSIX_FLAGS_ENABLE) {
+ MSIXTableEntry *entry = &adev->msix_table[i];
+
+ if (!assigned_dev_msix_masked(&orig) &&
+ assigned_dev_msix_masked(entry)) {
+ /*
+ * Vector masked, disable it
+ *
+ * XXX It's not clear if we can or should actually attempt
+ * to mask or disable the interrupt. KVM doesn't have
+ * support for pending bits and kvm_assign_set_msix_entry
+ * doesn't modify the device hardware mask. Interrupts
+ * while masked are simply not injected to the guest, so
+ * are lost. Can we get away with always injecting an
+ * interrupt on unmask?
+ */
+ } else if (assigned_dev_msix_masked(&orig) &&
+ !assigned_dev_msix_masked(entry)) {
+ /* Vector unmasked */
+ if (i >= adev->msi_virq_nr || adev->msi_virq[i] < 0) {
+ /* Previously unassigned vector, start from scratch */
+ assigned_dev_update_msix(pdev);
+ return;
+ } else {
+ /* Update an existing, previously masked vector */
+ MSIMessage msg;
+ int ret;
+
+ msg.address = entry->addr_lo |
+ ((uint64_t)entry->addr_hi << 32);
+ msg.data = entry->data;
+
+ ret = kvm_irqchip_update_msi_route(kvm_state,
+ adev->msi_virq[i], msg);
+ if (ret) {
+ error_report("Error updating irq routing entry (%d)", ret);
+ }
+ }
+ }
+ }
+}
+
+static const MemoryRegionOps assigned_dev_msix_mmio_ops = {
+ .read = assigned_dev_msix_mmio_read,
+ .write = assigned_dev_msix_mmio_write,
+ .endianness = DEVICE_NATIVE_ENDIAN,
+ .valid = {
+ .min_access_size = 4,
+ .max_access_size = 8,
+ },
+ .impl = {
+ .min_access_size = 4,
+ .max_access_size = 8,
+ },
+};
+
+static void assigned_dev_msix_reset(AssignedDevice *dev)
+{
+ MSIXTableEntry *entry;
+ int i;
+
+ if (!dev->msix_table) {
+ return;
+ }
+
+ memset(dev->msix_table, 0, MSIX_PAGE_SIZE);
+
+ for (i = 0, entry = dev->msix_table; i < dev->msix_max; i++, entry++) {
+ entry->ctrl = cpu_to_le32(0x1); /* Masked */
+ }
+}
+
+static int assigned_dev_register_msix_mmio(AssignedDevice *dev)
+{
+ dev->msix_table = mmap(NULL, MSIX_PAGE_SIZE, PROT_READ|PROT_WRITE,
+ MAP_ANONYMOUS|MAP_PRIVATE, 0, 0);
+ if (dev->msix_table == MAP_FAILED) {
+ error_report("fail allocate msix_table! %s", strerror(errno));
+ return -EFAULT;
+ }
+
+ assigned_dev_msix_reset(dev);
+
+ memory_region_init_io(&dev->mmio, OBJECT(dev), &assigned_dev_msix_mmio_ops,
+ dev, "assigned-dev-msix", MSIX_PAGE_SIZE);
+ return 0;
+}
+
+static void assigned_dev_unregister_msix_mmio(AssignedDevice *dev)
+{
+ if (!dev->msix_table) {
+ return;
+ }
+
+ memory_region_destroy(&dev->mmio);
+
+ if (munmap(dev->msix_table, MSIX_PAGE_SIZE) == -1) {
+ error_report("error unmapping msix_table! %s", strerror(errno));
+ }
+ dev->msix_table = NULL;
+}
+
+static const VMStateDescription vmstate_assigned_device = {
+ .name = "pci-assign",
+ .unmigratable = 1,
+};
+
+static void reset_assigned_device(DeviceState *dev)
+{
+ PCIDevice *pci_dev = DO_UPCAST(PCIDevice, qdev, dev);
+ AssignedDevice *adev = DO_UPCAST(AssignedDevice, dev, pci_dev);
+ char reset_file[64];
+ const char reset[] = "1";
+ int fd, ret;
+
+ /*
+ * If a guest is reset without being shutdown, MSI/MSI-X can still
+ * be running. We want to return the device to a known state on
+ * reset, so disable those here. We especially do not want MSI-X
+ * enabled since it lives in MMIO space, which is about to get
+ * disabled.
+ */
+ if (adev->assigned_irq_type == ASSIGNED_IRQ_MSIX) {
+ uint16_t ctrl = pci_get_word(pci_dev->config +
+ pci_dev->msix_cap + PCI_MSIX_FLAGS);
+
+ pci_set_word(pci_dev->config + pci_dev->msix_cap + PCI_MSIX_FLAGS,
+ ctrl & ~PCI_MSIX_FLAGS_ENABLE);
+ assigned_dev_update_msix(pci_dev);
+ } else if (adev->assigned_irq_type == ASSIGNED_IRQ_MSI) {
+ uint8_t ctrl = pci_get_byte(pci_dev->config +
+ pci_dev->msi_cap + PCI_MSI_FLAGS);
+
+ pci_set_byte(pci_dev->config + pci_dev->msi_cap + PCI_MSI_FLAGS,
+ ctrl & ~PCI_MSI_FLAGS_ENABLE);
+ assigned_dev_update_msi(pci_dev);
+ }
+
+ snprintf(reset_file, sizeof(reset_file),
+ "/sys/bus/pci/devices/%04x:%02x:%02x.%01x/reset",
+ adev->host.domain, adev->host.bus, adev->host.slot,
+ adev->host.function);
+
+ /*
+ * Issue a device reset via pci-sysfs. Note that we use write(2) here
+ * and ignore the return value because some kernels have a bug that
+ * returns 0 rather than bytes written on success, sending us into an
+ * infinite retry loop using other write mechanisms.
+ */
+ fd = open(reset_file, O_WRONLY);
+ if (fd != -1) {
+ ret = write(fd, reset, strlen(reset));
+ (void)ret;
+ close(fd);
+ }
+
+ /*
+ * When a 0 is written to the bus master register, the device is logically
+ * disconnected from the PCI bus. This avoids further DMA transfers.
+ */
+ assigned_dev_pci_write_config(pci_dev, PCI_COMMAND, 0, 1);
+}
+
+static int assigned_initfn(struct PCIDevice *pci_dev)
+{
+ AssignedDevice *dev = DO_UPCAST(AssignedDevice, dev, pci_dev);
+ uint8_t e_intx;
+ int r;
+
+ if (!kvm_enabled()) {
+ error_report("pci-assign: error: requires KVM support");
+ return -1;
+ }
+
+ if (!dev->host.domain && !dev->host.bus && !dev->host.slot &&
+ !dev->host.function) {
+ error_report("pci-assign: error: no host device specified");
+ return -1;
+ }
+
+ /*
+ * Set up basic config space access control. Will be further refined during
+ * device initialization.
+ */
+ assigned_dev_emulate_config_read(dev, 0, PCI_CONFIG_SPACE_SIZE);
+ assigned_dev_direct_config_read(dev, PCI_STATUS, 2);
+ assigned_dev_direct_config_read(dev, PCI_REVISION_ID, 1);
+ assigned_dev_direct_config_read(dev, PCI_CLASS_PROG, 3);
+ assigned_dev_direct_config_read(dev, PCI_CACHE_LINE_SIZE, 1);
+ assigned_dev_direct_config_read(dev, PCI_LATENCY_TIMER, 1);
+ assigned_dev_direct_config_read(dev, PCI_BIST, 1);
+ assigned_dev_direct_config_read(dev, PCI_CARDBUS_CIS, 4);
+ assigned_dev_direct_config_read(dev, PCI_SUBSYSTEM_VENDOR_ID, 2);
+ assigned_dev_direct_config_read(dev, PCI_SUBSYSTEM_ID, 2);
+ assigned_dev_direct_config_read(dev, PCI_CAPABILITY_LIST + 1, 7);
+ assigned_dev_direct_config_read(dev, PCI_MIN_GNT, 1);
+ assigned_dev_direct_config_read(dev, PCI_MAX_LAT, 1);
+ memcpy(dev->emulate_config_write, dev->emulate_config_read,
+ sizeof(dev->emulate_config_read));
+
+ if (get_real_device(dev, dev->host.domain, dev->host.bus,
+ dev->host.slot, dev->host.function)) {
+ error_report("pci-assign: Error: Couldn't get real device (%s)!",
+ dev->dev.qdev.id);
+ goto out;
+ }
+
+ if (assigned_device_pci_cap_init(pci_dev) < 0) {
+ goto out;
+ }
+
+ /* intercept MSI-X entry page in the MMIO */
+ if (dev->cap.available & ASSIGNED_DEVICE_CAP_MSIX) {
+ if (assigned_dev_register_msix_mmio(dev)) {
+ goto out;
+ }
+ }
+
+ /* handle real device's MMIO/PIO BARs */
+ if (assigned_dev_register_regions(dev->real_device.regions,
+ dev->real_device.region_number,
+ dev)) {
+ goto out;
+ }
+
+ /* handle interrupt routing */
+ e_intx = dev->dev.config[PCI_INTERRUPT_PIN] - 1;
+ dev->intpin = e_intx;
+ dev->intx_route.mode = PCI_INTX_DISABLED;
+ dev->intx_route.irq = -1;
+
+ /* assign device to guest */
+ r = assign_device(dev);
+ if (r < 0) {
+ goto out;
+ }
+
+ /* assign legacy INTx to the device */
+ r = assign_intx(dev);
+ if (r < 0) {
+ goto assigned_out;
+ }
+
+ assigned_dev_load_option_rom(dev);
+
+ add_boot_device_path(dev->bootindex, &pci_dev->qdev, NULL);
+
+ return 0;
+
+assigned_out:
+ deassign_device(dev);
+out:
+ free_assigned_device(dev);
+ return -1;
+}
+
+static void assigned_exitfn(struct PCIDevice *pci_dev)
+{
+ AssignedDevice *dev = DO_UPCAST(AssignedDevice, dev, pci_dev);
+
+ deassign_device(dev);
+ free_assigned_device(dev);
+}
+
+static Property assigned_dev_properties[] = {
+ DEFINE_PROP_PCI_HOST_DEVADDR("host", AssignedDevice, host),
+ DEFINE_PROP_BIT("prefer_msi", AssignedDevice, features,
+ ASSIGNED_DEVICE_PREFER_MSI_BIT, false),
+ DEFINE_PROP_BIT("share_intx", AssignedDevice, features,
+ ASSIGNED_DEVICE_SHARE_INTX_BIT, true),
+ DEFINE_PROP_INT32("bootindex", AssignedDevice, bootindex, -1),
+ DEFINE_PROP_STRING("configfd", AssignedDevice, configfd_name),
+ DEFINE_PROP_END_OF_LIST(),
+};
+
+static void assign_class_init(ObjectClass *klass, void *data)
+{
+ PCIDeviceClass *k = PCI_DEVICE_CLASS(klass);
+ DeviceClass *dc = DEVICE_CLASS(klass);
+
+ k->init = assigned_initfn;
+ k->exit = assigned_exitfn;
+ k->config_read = assigned_dev_pci_read_config;
+ k->config_write = assigned_dev_pci_write_config;
+ dc->props = assigned_dev_properties;
+ dc->vmsd = &vmstate_assigned_device;
+ dc->reset = reset_assigned_device;
+ set_bit(DEVICE_CATEGORY_MISC, dc->categories);
+ dc->desc = "KVM-based PCI passthrough";
+}
+
+static const TypeInfo assign_info = {
+ .name = "kvm-pci-assign",
+ .parent = TYPE_PCI_DEVICE,
+ .instance_size = sizeof(AssignedDevice),
+ .class_init = assign_class_init,
+};
+
+static void assign_register_types(void)
+{
+ type_register_static(&assign_info);
+}
+
+type_init(assign_register_types)
+
+/*
+ * Scan the assigned devices for the devices that have an option ROM, and then
+ * load the corresponding ROM data to RAM. If an error occurs while loading an
+ * option ROM, we just ignore that option ROM and continue with the next one.
+ */
+static void assigned_dev_load_option_rom(AssignedDevice *dev)
+{
+ char name[32], rom_file[64];
+ FILE *fp;
+ uint8_t val;
+ struct stat st;
+ void *ptr;
+
+ /* If loading ROM from file, pci handles it */
+ if (dev->dev.romfile || !dev->dev.rom_bar) {
+ return;
+ }
+
+ snprintf(rom_file, sizeof(rom_file),
+ "/sys/bus/pci/devices/%04x:%02x:%02x.%01x/rom",
+ dev->host.domain, dev->host.bus, dev->host.slot,
+ dev->host.function);
+
+ if (stat(rom_file, &st)) {
+ return;
+ }
+
+ if (access(rom_file, F_OK)) {
+ error_report("pci-assign: Insufficient privileges for %s", rom_file);
+ return;
+ }
+
+ /* Write "1" to the ROM file to enable it */
+ fp = fopen(rom_file, "r+");
+ if (fp == NULL) {
+ return;
+ }
+ val = 1;
+ if (fwrite(&val, 1, 1, fp) != 1) {
+ goto close_rom;
+ }
+ fseek(fp, 0, SEEK_SET);
+
+ snprintf(name, sizeof(name), "%s.rom",
+ object_get_typename(OBJECT(dev)));
+ memory_region_init_ram(&dev->dev.rom, OBJECT(dev), name, st.st_size);
+ vmstate_register_ram(&dev->dev.rom, &dev->dev.qdev);
+ ptr = memory_region_get_ram_ptr(&dev->dev.rom);
+ memset(ptr, 0xff, st.st_size);
+
+ if (!fread(ptr, 1, st.st_size, fp)) {
+ error_report("pci-assign: Cannot read from host %s", rom_file);
+ error_printf("Device option ROM contents are probably invalid "
+ "(check dmesg).\nSkip option ROM probe with rombar=0, "
+ "or load from file with romfile=\n");
+ memory_region_destroy(&dev->dev.rom);
+ goto close_rom;
+ }
+
+ pci_register_bar(&dev->dev, PCI_ROM_SLOT, 0, &dev->dev.rom);
+ dev->dev.has_rom = true;
+close_rom:
+ /* Write "0" to disable ROM */
+ fseek(fp, 0, SEEK_SET);
+ val = 0;
+ if (!fwrite(&val, 1, 1, fp)) {
+ DEBUG("%s\n", "Failed to disable pci-sysfs rom file");
+ }
+ fclose(fp);
+}
diff --git a/hw/i386/kvmvapic.c b/hw/i386/kvmvapic.c
new file mode 100644
index 000000000..15beb8044
--- /dev/null
+++ b/hw/i386/kvmvapic.c
@@ -0,0 +1,838 @@
+/*
+ * TPR optimization for 32-bit Windows guests (XP and Server 2003)
+ *
+ * Copyright (C) 2007-2008 Qumranet Technologies
+ * Copyright (C) 2012 Jan Kiszka, Siemens AG
+ *
+ * This work is licensed under the terms of the GNU GPL version 2, or
+ * (at your option) any later version. See the COPYING file in the
+ * top-level directory.
+ */
+#include "sysemu/sysemu.h"
+#include "sysemu/cpus.h"
+#include "sysemu/kvm.h"
+#include "hw/i386/apic_internal.h"
+#include "hw/sysbus.h"
+
+#define VAPIC_IO_PORT 0x7e
+
+#define VAPIC_CPU_SHIFT 7
+
+#define ROM_BLOCK_SIZE 512
+#define ROM_BLOCK_MASK (~(ROM_BLOCK_SIZE - 1))
+
+typedef enum VAPICMode {
+ VAPIC_INACTIVE = 0,
+ VAPIC_ACTIVE = 1,
+ VAPIC_STANDBY = 2,
+} VAPICMode;
+
+typedef struct VAPICHandlers {
+ uint32_t set_tpr;
+ uint32_t set_tpr_eax;
+ uint32_t get_tpr[8];
+ uint32_t get_tpr_stack;
+} QEMU_PACKED VAPICHandlers;
+
+typedef struct GuestROMState {
+ char signature[8];
+ uint32_t vaddr;
+ uint32_t fixup_start;
+ uint32_t fixup_end;
+ uint32_t vapic_vaddr;
+ uint32_t vapic_size;
+ uint32_t vcpu_shift;
+ uint32_t real_tpr_addr;
+ VAPICHandlers up;
+ VAPICHandlers mp;
+} QEMU_PACKED GuestROMState;
+
+typedef struct VAPICROMState {
+ SysBusDevice busdev;
+ MemoryRegion io;
+ MemoryRegion rom;
+ uint32_t state;
+ uint32_t rom_state_paddr;
+ uint32_t rom_state_vaddr;
+ uint32_t vapic_paddr;
+ uint32_t real_tpr_addr;
+ GuestROMState rom_state;
+ size_t rom_size;
+ bool rom_mapped_writable;
+} VAPICROMState;
+
+#define TYPE_VAPIC "kvmvapic"
+#define VAPIC(obj) OBJECT_CHECK(VAPICROMState, (obj), TYPE_VAPIC)
+
+#define TPR_INSTR_ABS_MODRM 0x1
+#define TPR_INSTR_MATCH_MODRM_REG 0x2
+
+typedef struct TPRInstruction {
+ uint8_t opcode;
+ uint8_t modrm_reg;
+ unsigned int flags;
+ TPRAccess access;
+ size_t length;
+ off_t addr_offset;
+} TPRInstruction;
+
+/* must be sorted by length, shortest first */
+static const TPRInstruction tpr_instr[] = {
+ { /* mov abs to eax */
+ .opcode = 0xa1,
+ .access = TPR_ACCESS_READ,
+ .length = 5,
+ .addr_offset = 1,
+ },
+ { /* mov eax to abs */
+ .opcode = 0xa3,
+ .access = TPR_ACCESS_WRITE,
+ .length = 5,
+ .addr_offset = 1,
+ },
+ { /* mov r32 to r/m32 */
+ .opcode = 0x89,
+ .flags = TPR_INSTR_ABS_MODRM,
+ .access = TPR_ACCESS_WRITE,
+ .length = 6,
+ .addr_offset = 2,
+ },
+ { /* mov r/m32 to r32 */
+ .opcode = 0x8b,
+ .flags = TPR_INSTR_ABS_MODRM,
+ .access = TPR_ACCESS_READ,
+ .length = 6,
+ .addr_offset = 2,
+ },
+ { /* push r/m32 */
+ .opcode = 0xff,
+ .modrm_reg = 6,
+ .flags = TPR_INSTR_ABS_MODRM | TPR_INSTR_MATCH_MODRM_REG,
+ .access = TPR_ACCESS_READ,
+ .length = 6,
+ .addr_offset = 2,
+ },
+ { /* mov imm32, r/m32 (c7/0) */
+ .opcode = 0xc7,
+ .modrm_reg = 0,
+ .flags = TPR_INSTR_ABS_MODRM | TPR_INSTR_MATCH_MODRM_REG,
+ .access = TPR_ACCESS_WRITE,
+ .length = 10,
+ .addr_offset = 2,
+ },
+};
+
+static void read_guest_rom_state(VAPICROMState *s)
+{
+ cpu_physical_memory_rw(s->rom_state_paddr, (void *)&s->rom_state,
+ sizeof(GuestROMState), 0);
+}
+
+static void write_guest_rom_state(VAPICROMState *s)
+{
+ cpu_physical_memory_rw(s->rom_state_paddr, (void *)&s->rom_state,
+ sizeof(GuestROMState), 1);
+}
+
+static void update_guest_rom_state(VAPICROMState *s)
+{
+ read_guest_rom_state(s);
+
+ s->rom_state.real_tpr_addr = cpu_to_le32(s->real_tpr_addr);
+ s->rom_state.vcpu_shift = cpu_to_le32(VAPIC_CPU_SHIFT);
+
+ write_guest_rom_state(s);
+}
+
+static int find_real_tpr_addr(VAPICROMState *s, CPUX86State *env)
+{
+ CPUState *cs = CPU(x86_env_get_cpu(env));
+ hwaddr paddr;
+ target_ulong addr;
+
+ if (s->state == VAPIC_ACTIVE) {
+ return 0;
+ }
+ /*
+ * If there is no prior TPR access instruction we could analyze (which is
+ * the case after resume from hibernation), we need to scan the possible
+ * virtual address space for the APIC mapping.
+ */
+ for (addr = 0xfffff000; addr >= 0x80000000; addr -= TARGET_PAGE_SIZE) {
+ paddr = cpu_get_phys_page_debug(cs, addr);
+ if (paddr != APIC_DEFAULT_ADDRESS) {
+ continue;
+ }
+ s->real_tpr_addr = addr + 0x80;
+ update_guest_rom_state(s);
+ return 0;
+ }
+ return -1;
+}
+
+static uint8_t modrm_reg(uint8_t modrm)
+{
+ return (modrm >> 3) & 7;
+}
+
+static bool is_abs_modrm(uint8_t modrm)
+{
+ return (modrm & 0xc7) == 0x05;
+}
+
+static bool opcode_matches(uint8_t *opcode, const TPRInstruction *instr)
+{
+ return opcode[0] == instr->opcode &&
+ (!(instr->flags & TPR_INSTR_ABS_MODRM) || is_abs_modrm(opcode[1])) &&
+ (!(instr->flags & TPR_INSTR_MATCH_MODRM_REG) ||
+ modrm_reg(opcode[1]) == instr->modrm_reg);
+}
+
+static int evaluate_tpr_instruction(VAPICROMState *s, X86CPU *cpu,
+ target_ulong *pip, TPRAccess access)
+{
+ CPUState *cs = CPU(cpu);
+ const TPRInstruction *instr;
+ target_ulong ip = *pip;
+ uint8_t opcode[2];
+ uint32_t real_tpr_addr;
+ int i;
+
+ if ((ip & 0xf0000000ULL) != 0x80000000ULL &&
+ (ip & 0xf0000000ULL) != 0xe0000000ULL) {
+ return -1;
+ }
+
+ /*
+ * Early Windows 2003 SMP initialization contains a
+ *
+ * mov imm32, r/m32
+ *
+ * instruction that is patched by TPR optimization. The problem is that
+ * RSP, used by the patched instruction, is zero, so the guest gets a
+ * double fault and dies.
+ */
+ if (cpu->env.regs[R_ESP] == 0) {
+ return -1;
+ }
+
+ if (kvm_enabled() && !kvm_irqchip_in_kernel()) {
+ /*
+ * KVM without kernel-based TPR access reporting will pass an IP that
+ * points after the accessing instruction. So we need to look backward
+ * to find the reason.
+ */
+ for (i = 0; i < ARRAY_SIZE(tpr_instr); i++) {
+ instr = &tpr_instr[i];
+ if (instr->access != access) {
+ continue;
+ }
+ if (cpu_memory_rw_debug(cs, ip - instr->length, opcode,
+ sizeof(opcode), 0) < 0) {
+ return -1;
+ }
+ if (opcode_matches(opcode, instr)) {
+ ip -= instr->length;
+ goto instruction_ok;
+ }
+ }
+ return -1;
+ } else {
+ if (cpu_memory_rw_debug(cs, ip, opcode, sizeof(opcode), 0) < 0) {
+ return -1;
+ }
+ for (i = 0; i < ARRAY_SIZE(tpr_instr); i++) {
+ instr = &tpr_instr[i];
+ if (opcode_matches(opcode, instr)) {
+ goto instruction_ok;
+ }
+ }
+ return -1;
+ }
+
+instruction_ok:
+ /*
+ * Grab the virtual TPR address from the instruction
+ * and update the cached values.
+ */
+ if (cpu_memory_rw_debug(cs, ip + instr->addr_offset,
+ (void *)&real_tpr_addr,
+ sizeof(real_tpr_addr), 0) < 0) {
+ return -1;
+ }
+ real_tpr_addr = le32_to_cpu(real_tpr_addr);
+ if ((real_tpr_addr & 0xfff) != 0x80) {
+ return -1;
+ }
+ s->real_tpr_addr = real_tpr_addr;
+ update_guest_rom_state(s);
+
+ *pip = ip;
+ return 0;
+}
+
+static int update_rom_mapping(VAPICROMState *s, CPUX86State *env, target_ulong ip)
+{
+ CPUState *cs = CPU(x86_env_get_cpu(env));
+ hwaddr paddr;
+ uint32_t rom_state_vaddr;
+ uint32_t pos, patch, offset;
+
+ /* nothing to do if already activated */
+ if (s->state == VAPIC_ACTIVE) {
+ return 0;
+ }
+
+ /* bail out if ROM init code was not executed (missing ROM?) */
+ if (s->state == VAPIC_INACTIVE) {
+ return -1;
+ }
+
+ /* find out virtual address of the ROM */
+ rom_state_vaddr = s->rom_state_paddr + (ip & 0xf0000000);
+ paddr = cpu_get_phys_page_debug(cs, rom_state_vaddr);
+ if (paddr == -1) {
+ return -1;
+ }
+ paddr += rom_state_vaddr & ~TARGET_PAGE_MASK;
+ if (paddr != s->rom_state_paddr) {
+ return -1;
+ }
+ read_guest_rom_state(s);
+ if (memcmp(s->rom_state.signature, "kvm aPiC", 8) != 0) {
+ return -1;
+ }
+ s->rom_state_vaddr = rom_state_vaddr;
+
+ /* fixup addresses in ROM if needed */
+ if (rom_state_vaddr == le32_to_cpu(s->rom_state.vaddr)) {
+ return 0;
+ }
+ for (pos = le32_to_cpu(s->rom_state.fixup_start);
+ pos < le32_to_cpu(s->rom_state.fixup_end);
+ pos += 4) {
+ cpu_physical_memory_rw(paddr + pos - s->rom_state.vaddr,
+ (void *)&offset, sizeof(offset), 0);
+ offset = le32_to_cpu(offset);
+ cpu_physical_memory_rw(paddr + offset, (void *)&patch,
+ sizeof(patch), 0);
+ patch = le32_to_cpu(patch);
+ patch += rom_state_vaddr - le32_to_cpu(s->rom_state.vaddr);
+ patch = cpu_to_le32(patch);
+ cpu_physical_memory_rw(paddr + offset, (void *)&patch,
+ sizeof(patch), 1);
+ }
+ read_guest_rom_state(s);
+ s->vapic_paddr = paddr + le32_to_cpu(s->rom_state.vapic_vaddr) -
+ le32_to_cpu(s->rom_state.vaddr);
+
+ return 0;
+}
+
+/*
+ * Tries to read the unique processor number from the Kernel Processor Control
+ * Region (KPCR) of 32-bit Windows XP and Server 2003. Returns -1 if the KPCR
+ * cannot be accessed or is considered invalid. This also ensures that we are
+ * not patching the wrong guest.
+ */
+static int get_kpcr_number(X86CPU *cpu)
+{
+ CPUX86State *env = &cpu->env;
+ struct kpcr {
+ uint8_t fill1[0x1c];
+ uint32_t self;
+ uint8_t fill2[0x31];
+ uint8_t number;
+ } QEMU_PACKED kpcr;
+
+ if (cpu_memory_rw_debug(CPU(cpu), env->segs[R_FS].base,
+ (void *)&kpcr, sizeof(kpcr), 0) < 0 ||
+ kpcr.self != env->segs[R_FS].base) {
+ return -1;
+ }
+ return kpcr.number;
+}
+
+static int vapic_enable(VAPICROMState *s, X86CPU *cpu)
+{
+ int cpu_number = get_kpcr_number(cpu);
+ hwaddr vapic_paddr;
+ static const uint8_t enabled = 1;
+
+ if (cpu_number < 0) {
+ return -1;
+ }
+ vapic_paddr = s->vapic_paddr +
+ (((hwaddr)cpu_number) << VAPIC_CPU_SHIFT);
+ cpu_physical_memory_rw(vapic_paddr + offsetof(VAPICState, enabled),
+ (void *)&enabled, sizeof(enabled), 1);
+ apic_enable_vapic(cpu->env.apic_state, vapic_paddr);
+
+ s->state = VAPIC_ACTIVE;
+
+ return 0;
+}
+
+static void patch_byte(X86CPU *cpu, target_ulong addr, uint8_t byte)
+{
+ cpu_memory_rw_debug(CPU(cpu), addr, &byte, 1, 1);
+}
+
+static void patch_call(VAPICROMState *s, X86CPU *cpu, target_ulong ip,
+ uint32_t target)
+{
+ uint32_t offset;
+
+ offset = cpu_to_le32(target - ip - 5);
+ patch_byte(cpu, ip, 0xe8); /* call near */
+ cpu_memory_rw_debug(CPU(cpu), ip + 1, (void *)&offset, sizeof(offset), 1);
+}
+
+static void patch_instruction(VAPICROMState *s, X86CPU *cpu, target_ulong ip)
+{
+ CPUState *cs = CPU(cpu);
+ CPUX86State *env = &cpu->env;
+ VAPICHandlers *handlers;
+ uint8_t opcode[2];
+ uint32_t imm32;
+ target_ulong current_pc = 0;
+ target_ulong current_cs_base = 0;
+ int current_flags = 0;
+
+ if (smp_cpus == 1) {
+ handlers = &s->rom_state.up;
+ } else {
+ handlers = &s->rom_state.mp;
+ }
+
+ if (!kvm_enabled()) {
+ cpu_restore_state(env, env->mem_io_pc);
+ cpu_get_tb_cpu_state(env, &current_pc, &current_cs_base,
+ &current_flags);
+ }
+
+ pause_all_vcpus();
+
+ cpu_memory_rw_debug(cs, ip, opcode, sizeof(opcode), 0);
+
+ switch (opcode[0]) {
+ case 0x89: /* mov r32 to r/m32 */
+ patch_byte(cpu, ip, 0x50 + modrm_reg(opcode[1])); /* push reg */
+ patch_call(s, cpu, ip + 1, handlers->set_tpr);
+ break;
+ case 0x8b: /* mov r/m32 to r32 */
+ patch_byte(cpu, ip, 0x90);
+ patch_call(s, cpu, ip + 1, handlers->get_tpr[modrm_reg(opcode[1])]);
+ break;
+ case 0xa1: /* mov abs to eax */
+ patch_call(s, cpu, ip, handlers->get_tpr[0]);
+ break;
+ case 0xa3: /* mov eax to abs */
+ patch_call(s, cpu, ip, handlers->set_tpr_eax);
+ break;
+ case 0xc7: /* mov imm32, r/m32 (c7/0) */
+ patch_byte(cpu, ip, 0x68); /* push imm32 */
+ cpu_memory_rw_debug(cs, ip + 6, (void *)&imm32, sizeof(imm32), 0);
+ cpu_memory_rw_debug(cs, ip + 1, (void *)&imm32, sizeof(imm32), 1);
+ patch_call(s, cpu, ip + 5, handlers->set_tpr);
+ break;
+ case 0xff: /* push r/m32 */
+ patch_byte(cpu, ip, 0x50); /* push eax */
+ patch_call(s, cpu, ip + 1, handlers->get_tpr_stack);
+ break;
+ default:
+ abort();
+ }
+
+ resume_all_vcpus();
+
+ if (!kvm_enabled()) {
+ cs->current_tb = NULL;
+ tb_gen_code(env, current_pc, current_cs_base, current_flags, 1);
+ cpu_resume_from_signal(env, NULL);
+ }
+}
+
+void vapic_report_tpr_access(DeviceState *dev, CPUState *cs, target_ulong ip,
+ TPRAccess access)
+{
+ VAPICROMState *s = VAPIC(dev);
+ X86CPU *cpu = X86_CPU(cs);
+ CPUX86State *env = &cpu->env;
+
+ cpu_synchronize_state(cs);
+
+ if (evaluate_tpr_instruction(s, cpu, &ip, access) < 0) {
+ if (s->state == VAPIC_ACTIVE) {
+ vapic_enable(s, cpu);
+ }
+ return;
+ }
+ if (update_rom_mapping(s, env, ip) < 0) {
+ return;
+ }
+ if (vapic_enable(s, cpu) < 0) {
+ return;
+ }
+ patch_instruction(s, cpu, ip);
+}
+
+typedef struct VAPICEnableTPRReporting {
+ DeviceState *apic;
+ bool enable;
+} VAPICEnableTPRReporting;
+
+static void vapic_do_enable_tpr_reporting(void *data)
+{
+ VAPICEnableTPRReporting *info = data;
+
+ apic_enable_tpr_access_reporting(info->apic, info->enable);
+}
+
+static void vapic_enable_tpr_reporting(bool enable)
+{
+ VAPICEnableTPRReporting info = {
+ .enable = enable,
+ };
+ CPUState *cs;
+ X86CPU *cpu;
+ CPUX86State *env;
+
+ for (cs = first_cpu; cs != NULL; cs = cs->next_cpu) {
+ cpu = X86_CPU(cs);
+ env = &cpu->env;
+ info.apic = env->apic_state;
+ run_on_cpu(cs, vapic_do_enable_tpr_reporting, &info);
+ }
+}
+
+static void vapic_reset(DeviceState *dev)
+{
+ VAPICROMState *s = VAPIC(dev);
+
+ if (s->state == VAPIC_ACTIVE) {
+ s->state = VAPIC_STANDBY;
+ }
+ vapic_enable_tpr_reporting(false);
+}
+
+/*
+ * Set the IRQ polling hypercalls to the supported variant:
+ * - vmcall if using KVM in-kernel irqchip
+ * - 32-bit VAPIC port write otherwise
+ */
+static int patch_hypercalls(VAPICROMState *s)
+{
+ hwaddr rom_paddr = s->rom_state_paddr & ROM_BLOCK_MASK;
+ static const uint8_t vmcall_pattern[] = { /* vmcall */
+ 0xb8, 0x1, 0, 0, 0, 0xf, 0x1, 0xc1
+ };
+ static const uint8_t outl_pattern[] = { /* nop; outl %eax,0x7e */
+ 0xb8, 0x1, 0, 0, 0, 0x90, 0xe7, 0x7e
+ };
+ uint8_t alternates[2];
+ const uint8_t *pattern;
+ const uint8_t *patch;
+ int patches = 0;
+ off_t pos;
+ uint8_t *rom;
+
+ rom = g_malloc(s->rom_size);
+ cpu_physical_memory_rw(rom_paddr, rom, s->rom_size, 0);
+
+ for (pos = 0; pos < s->rom_size - sizeof(vmcall_pattern); pos++) {
+ if (kvm_irqchip_in_kernel()) {
+ pattern = outl_pattern;
+ alternates[0] = outl_pattern[7];
+ alternates[1] = outl_pattern[7];
+ patch = &vmcall_pattern[5];
+ } else {
+ pattern = vmcall_pattern;
+ alternates[0] = vmcall_pattern[7];
+ alternates[1] = 0xd9; /* AMD's VMMCALL */
+ patch = &outl_pattern[5];
+ }
+ if (memcmp(rom + pos, pattern, 7) == 0 &&
+ (rom[pos + 7] == alternates[0] || rom[pos + 7] == alternates[1])) {
+ cpu_physical_memory_rw(rom_paddr + pos + 5, (uint8_t *)patch,
+ 3, 1);
+ /*
+ * Don't flush the tb here. Under ordinary conditions, the patched
+ * calls are miles away from the current IP. Under malicious
+ * conditions, the guest could trick us to crash.
+ */
+ }
+ }
+
+ g_free(rom);
+
+ if (patches != 0 && patches != 2) {
+ return -1;
+ }
+
+ return 0;
+}
+
+/*
+ * For TCG mode or the time KVM honors read-only memory regions, we need to
+ * enable write access to the option ROM so that variables can be updated by
+ * the guest.
+ */
+static void vapic_map_rom_writable(VAPICROMState *s)
+{
+ hwaddr rom_paddr = s->rom_state_paddr & ROM_BLOCK_MASK;
+ MemoryRegionSection section;
+ MemoryRegion *as;
+ size_t rom_size;
+ uint8_t *ram;
+
+ as = sysbus_address_space(&s->busdev);
+
+ if (s->rom_mapped_writable) {
+ memory_region_del_subregion(as, &s->rom);
+ memory_region_destroy(&s->rom);
+ }
+
+ /* grab RAM memory region (region @rom_paddr may still be pc.rom) */
+ section = memory_region_find(as, 0, 1);
+
+ /* read ROM size from RAM region */
+ ram = memory_region_get_ram_ptr(section.mr);
+ rom_size = ram[rom_paddr + 2] * ROM_BLOCK_SIZE;
+ s->rom_size = rom_size;
+
+ /* We need to round to avoid creating subpages
+ * from which we cannot run code. */
+ rom_size += rom_paddr & ~TARGET_PAGE_MASK;
+ rom_paddr &= TARGET_PAGE_MASK;
+ rom_size = TARGET_PAGE_ALIGN(rom_size);
+
+ memory_region_init_alias(&s->rom, OBJECT(s), "kvmvapic-rom", section.mr,
+ rom_paddr, rom_size);
+ memory_region_add_subregion_overlap(as, rom_paddr, &s->rom, 1000);
+ s->rom_mapped_writable = true;
+ memory_region_unref(section.mr);
+}
+
+static int vapic_prepare(VAPICROMState *s)
+{
+ vapic_map_rom_writable(s);
+
+ if (patch_hypercalls(s) < 0) {
+ return -1;
+ }
+
+ vapic_enable_tpr_reporting(true);
+
+ return 0;
+}
+
+static void vapic_write(void *opaque, hwaddr addr, uint64_t data,
+ unsigned int size)
+{
+ CPUState *cs = current_cpu;
+ X86CPU *cpu = X86_CPU(cs);
+ CPUX86State *env = &cpu->env;
+ hwaddr rom_paddr;
+ VAPICROMState *s = opaque;
+
+ cpu_synchronize_state(cs);
+
+ /*
+ * The VAPIC supports two PIO-based hypercalls, both via port 0x7E.
+ * o 16-bit write access:
+ * Reports the option ROM initialization to the hypervisor. Written
+ * value is the offset of the state structure in the ROM.
+ * o 8-bit write access:
+ * Reactivates the VAPIC after a guest hibernation, i.e. after the
+ * option ROM content has been re-initialized by a guest power cycle.
+ * o 32-bit write access:
+ * Poll for pending IRQs, considering the current VAPIC state.
+ */
+ switch (size) {
+ case 2:
+ if (s->state == VAPIC_INACTIVE) {
+ rom_paddr = (env->segs[R_CS].base + env->eip) & ROM_BLOCK_MASK;
+ s->rom_state_paddr = rom_paddr + data;
+
+ s->state = VAPIC_STANDBY;
+ }
+ if (vapic_prepare(s) < 0) {
+ s->state = VAPIC_INACTIVE;
+ break;
+ }
+ break;
+ case 1:
+ if (kvm_enabled()) {
+ /*
+ * Disable triggering instruction in ROM by writing a NOP.
+ *
+ * We cannot do this in TCG mode as the reported IP is not
+ * accurate.
+ */
+ pause_all_vcpus();
+ patch_byte(cpu, env->eip - 2, 0x66);
+ patch_byte(cpu, env->eip - 1, 0x90);
+ resume_all_vcpus();
+ }
+
+ if (s->state == VAPIC_ACTIVE) {
+ break;
+ }
+ if (update_rom_mapping(s, env, env->eip) < 0) {
+ break;
+ }
+ if (find_real_tpr_addr(s, env) < 0) {
+ break;
+ }
+ vapic_enable(s, cpu);
+ break;
+ default:
+ case 4:
+ if (!kvm_irqchip_in_kernel()) {
+ apic_poll_irq(env->apic_state);
+ }
+ break;
+ }
+}
+
+static uint64_t vapic_read(void *opaque, hwaddr addr, unsigned size)
+{
+ return 0xffffffff;
+}
+
+static const MemoryRegionOps vapic_ops = {
+ .write = vapic_write,
+ .read = vapic_read,
+ .endianness = DEVICE_NATIVE_ENDIAN,
+};
+
+static void vapic_realize(DeviceState *dev, Error **errp)
+{
+ SysBusDevice *sbd = SYS_BUS_DEVICE(dev);
+ VAPICROMState *s = VAPIC(dev);
+
+ memory_region_init_io(&s->io, OBJECT(s), &vapic_ops, s, "kvmvapic", 2);
+ sysbus_add_io(sbd, VAPIC_IO_PORT, &s->io);
+ sysbus_init_ioports(sbd, VAPIC_IO_PORT, 2);
+
+ option_rom[nb_option_roms].name = "kvmvapic.bin";
+ option_rom[nb_option_roms].bootindex = -1;
+ nb_option_roms++;
+}
+
+static void do_vapic_enable(void *data)
+{
+ VAPICROMState *s = data;
+ X86CPU *cpu = X86_CPU(first_cpu);
+
+ vapic_enable(s, cpu);
+}
+
+static int vapic_post_load(void *opaque, int version_id)
+{
+ VAPICROMState *s = opaque;
+ uint8_t *zero;
+
+ /*
+ * The old implementation of qemu-kvm did not provide the state
+ * VAPIC_STANDBY. Reconstruct it.
+ */
+ if (s->state == VAPIC_INACTIVE && s->rom_state_paddr != 0) {
+ s->state = VAPIC_STANDBY;
+ }
+
+ if (s->state != VAPIC_INACTIVE) {
+ if (vapic_prepare(s) < 0) {
+ return -1;
+ }
+ }
+ if (s->state == VAPIC_ACTIVE) {
+ if (smp_cpus == 1) {
+ run_on_cpu(first_cpu, do_vapic_enable, s);
+ } else {
+ zero = g_malloc0(s->rom_state.vapic_size);
+ cpu_physical_memory_rw(s->vapic_paddr, zero,
+ s->rom_state.vapic_size, 1);
+ g_free(zero);
+ }
+ }
+
+ return 0;
+}
+
+static const VMStateDescription vmstate_handlers = {
+ .name = "kvmvapic-handlers",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .minimum_version_id_old = 1,
+ .fields = (VMStateField[]) {
+ VMSTATE_UINT32(set_tpr, VAPICHandlers),
+ VMSTATE_UINT32(set_tpr_eax, VAPICHandlers),
+ VMSTATE_UINT32_ARRAY(get_tpr, VAPICHandlers, 8),
+ VMSTATE_UINT32(get_tpr_stack, VAPICHandlers),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+static const VMStateDescription vmstate_guest_rom = {
+ .name = "kvmvapic-guest-rom",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .minimum_version_id_old = 1,
+ .fields = (VMStateField[]) {
+ VMSTATE_UNUSED(8), /* signature */
+ VMSTATE_UINT32(vaddr, GuestROMState),
+ VMSTATE_UINT32(fixup_start, GuestROMState),
+ VMSTATE_UINT32(fixup_end, GuestROMState),
+ VMSTATE_UINT32(vapic_vaddr, GuestROMState),
+ VMSTATE_UINT32(vapic_size, GuestROMState),
+ VMSTATE_UINT32(vcpu_shift, GuestROMState),
+ VMSTATE_UINT32(real_tpr_addr, GuestROMState),
+ VMSTATE_STRUCT(up, GuestROMState, 0, vmstate_handlers, VAPICHandlers),
+ VMSTATE_STRUCT(mp, GuestROMState, 0, vmstate_handlers, VAPICHandlers),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+static const VMStateDescription vmstate_vapic = {
+ .name = "kvm-tpr-opt", /* compatible with qemu-kvm VAPIC */
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .minimum_version_id_old = 1,
+ .post_load = vapic_post_load,
+ .fields = (VMStateField[]) {
+ VMSTATE_STRUCT(rom_state, VAPICROMState, 0, vmstate_guest_rom,
+ GuestROMState),
+ VMSTATE_UINT32(state, VAPICROMState),
+ VMSTATE_UINT32(real_tpr_addr, VAPICROMState),
+ VMSTATE_UINT32(rom_state_vaddr, VAPICROMState),
+ VMSTATE_UINT32(vapic_paddr, VAPICROMState),
+ VMSTATE_UINT32(rom_state_paddr, VAPICROMState),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+static void vapic_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+
+ dc->no_user = 1;
+ dc->reset = vapic_reset;
+ dc->vmsd = &vmstate_vapic;
+ dc->realize = vapic_realize;
+}
+
+static const TypeInfo vapic_type = {
+ .name = TYPE_VAPIC,
+ .parent = TYPE_SYS_BUS_DEVICE,
+ .instance_size = sizeof(VAPICROMState),
+ .class_init = vapic_class_init,
+};
+
+static void vapic_register(void)
+{
+ type_register_static(&vapic_type);
+}
+
+type_init(vapic_register);
diff --git a/hw/i386/multiboot.c b/hw/i386/multiboot.c
new file mode 100644
index 000000000..985ca1ed8
--- /dev/null
+++ b/hw/i386/multiboot.c
@@ -0,0 +1,347 @@
+/*
+ * QEMU PC System Emulator
+ *
+ * Copyright (c) 2003-2004 Fabrice Bellard
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+#include "hw/hw.h"
+#include "hw/nvram/fw_cfg.h"
+#include "multiboot.h"
+#include "hw/loader.h"
+#include "elf.h"
+#include "sysemu/sysemu.h"
+
+/* Show multiboot debug output */
+//#define DEBUG_MULTIBOOT
+
+#ifdef DEBUG_MULTIBOOT
+#define mb_debug(a...) fprintf(stderr, ## a)
+#else
+#define mb_debug(a...)
+#endif
+
+#define MULTIBOOT_STRUCT_ADDR 0x9000
+
+#if MULTIBOOT_STRUCT_ADDR > 0xf0000
+#error multiboot struct needs to fit in 16 bit real mode
+#endif
+
+enum {
+ /* Multiboot info */
+ MBI_FLAGS = 0,
+ MBI_MEM_LOWER = 4,
+ MBI_MEM_UPPER = 8,
+ MBI_BOOT_DEVICE = 12,
+ MBI_CMDLINE = 16,
+ MBI_MODS_COUNT = 20,
+ MBI_MODS_ADDR = 24,
+ MBI_MMAP_ADDR = 48,
+
+ MBI_SIZE = 88,
+
+ /* Multiboot modules */
+ MB_MOD_START = 0,
+ MB_MOD_END = 4,
+ MB_MOD_CMDLINE = 8,
+
+ MB_MOD_SIZE = 16,
+
+ /* Region offsets */
+ ADDR_E820_MAP = MULTIBOOT_STRUCT_ADDR + 0,
+ ADDR_MBI = ADDR_E820_MAP + 0x500,
+
+ /* Multiboot flags */
+ MULTIBOOT_FLAGS_MEMORY = 1 << 0,
+ MULTIBOOT_FLAGS_BOOT_DEVICE = 1 << 1,
+ MULTIBOOT_FLAGS_CMDLINE = 1 << 2,
+ MULTIBOOT_FLAGS_MODULES = 1 << 3,
+ MULTIBOOT_FLAGS_MMAP = 1 << 6,
+};
+
+typedef struct {
+ /* buffer holding kernel, cmdlines and mb_infos */
+ void *mb_buf;
+ /* address in target */
+ hwaddr mb_buf_phys;
+ /* size of mb_buf in bytes */
+ unsigned mb_buf_size;
+ /* offset of mb-info's in bytes */
+ hwaddr offset_mbinfo;
+ /* offset in buffer for cmdlines in bytes */
+ hwaddr offset_cmdlines;
+ /* offset of modules in bytes */
+ hwaddr offset_mods;
+ /* available slots for mb modules infos */
+ int mb_mods_avail;
+ /* currently used slots of mb modules */
+ int mb_mods_count;
+} MultibootState;
+
+static uint32_t mb_add_cmdline(MultibootState *s, const char *cmdline)
+{
+ hwaddr p = s->offset_cmdlines;
+ char *b = (char *)s->mb_buf + p;
+
+ get_opt_value(b, strlen(cmdline) + 1, cmdline);
+ s->offset_cmdlines += strlen(b) + 1;
+ return s->mb_buf_phys + p;
+}
+
+static void mb_add_mod(MultibootState *s,
+ hwaddr start, hwaddr end,
+ hwaddr cmdline_phys)
+{
+ char *p;
+ assert(s->mb_mods_count < s->mb_mods_avail);
+
+ p = (char *)s->mb_buf + s->offset_mbinfo + MB_MOD_SIZE * s->mb_mods_count;
+
+ stl_p(p + MB_MOD_START, start);
+ stl_p(p + MB_MOD_END, end);
+ stl_p(p + MB_MOD_CMDLINE, cmdline_phys);
+
+ mb_debug("mod%02d: "TARGET_FMT_plx" - "TARGET_FMT_plx"\n",
+ s->mb_mods_count, start, end);
+
+ s->mb_mods_count++;
+}
+
+int load_multiboot(FWCfgState *fw_cfg,
+ FILE *f,
+ const char *kernel_filename,
+ const char *initrd_filename,
+ const char *kernel_cmdline,
+ int kernel_file_size,
+ uint8_t *header)
+{
+ int i, is_multiboot = 0;
+ uint32_t flags = 0;
+ uint32_t mh_entry_addr;
+ uint32_t mh_load_addr;
+ uint32_t mb_kernel_size;
+ MultibootState mbs;
+ uint8_t bootinfo[MBI_SIZE];
+ uint8_t *mb_bootinfo_data;
+
+ /* Ok, let's see if it is a multiboot image.
+ The header is 12x32bit long, so the latest entry may be 8192 - 48. */
+ for (i = 0; i < (8192 - 48); i += 4) {
+ if (ldl_p(header+i) == 0x1BADB002) {
+ uint32_t checksum = ldl_p(header+i+8);
+ flags = ldl_p(header+i+4);
+ checksum += flags;
+ checksum += (uint32_t)0x1BADB002;
+ if (!checksum) {
+ is_multiboot = 1;
+ break;
+ }
+ }
+ }
+
+ if (!is_multiboot)
+ return 0; /* no multiboot */
+
+ mb_debug("qemu: I believe we found a multiboot image!\n");
+ memset(bootinfo, 0, sizeof(bootinfo));
+ memset(&mbs, 0, sizeof(mbs));
+
+ if (flags & 0x00000004) { /* MULTIBOOT_HEADER_HAS_VBE */
+ fprintf(stderr, "qemu: multiboot knows VBE. we don't.\n");
+ }
+ if (!(flags & 0x00010000)) { /* MULTIBOOT_HEADER_HAS_ADDR */
+ uint64_t elf_entry;
+ uint64_t elf_low, elf_high;
+ int kernel_size;
+ fclose(f);
+
+ if (((struct elf64_hdr*)header)->e_machine == EM_X86_64) {
+ fprintf(stderr, "Cannot load x86-64 image, give a 32bit one.\n");
+ exit(1);
+ }
+
+ kernel_size = load_elf(kernel_filename, NULL, NULL, &elf_entry,
+ &elf_low, &elf_high, 0, ELF_MACHINE, 0);
+ if (kernel_size < 0) {
+ fprintf(stderr, "Error while loading elf kernel\n");
+ exit(1);
+ }
+ mh_load_addr = elf_low;
+ mb_kernel_size = elf_high - elf_low;
+ mh_entry_addr = elf_entry;
+
+ mbs.mb_buf = g_malloc(mb_kernel_size);
+ if (rom_copy(mbs.mb_buf, mh_load_addr, mb_kernel_size) != mb_kernel_size) {
+ fprintf(stderr, "Error while fetching elf kernel from rom\n");
+ exit(1);
+ }
+
+ mb_debug("qemu: loading multiboot-elf kernel (%#x bytes) with entry %#zx\n",
+ mb_kernel_size, (size_t)mh_entry_addr);
+ } else {
+ /* Valid if mh_flags sets MULTIBOOT_HEADER_HAS_ADDR. */
+ uint32_t mh_header_addr = ldl_p(header+i+12);
+ uint32_t mh_load_end_addr = ldl_p(header+i+20);
+ uint32_t mh_bss_end_addr = ldl_p(header+i+24);
+ mh_load_addr = ldl_p(header+i+16);
+ uint32_t mb_kernel_text_offset = i - (mh_header_addr - mh_load_addr);
+ uint32_t mb_load_size = 0;
+ mh_entry_addr = ldl_p(header+i+28);
+
+ if (mh_load_end_addr) {
+ mb_kernel_size = mh_bss_end_addr - mh_load_addr;
+ mb_load_size = mh_load_end_addr - mh_load_addr;
+ } else {
+ mb_kernel_size = kernel_file_size - mb_kernel_text_offset;
+ mb_load_size = mb_kernel_size;
+ }
+
+ /* Valid if mh_flags sets MULTIBOOT_HEADER_HAS_VBE.
+ uint32_t mh_mode_type = ldl_p(header+i+32);
+ uint32_t mh_width = ldl_p(header+i+36);
+ uint32_t mh_height = ldl_p(header+i+40);
+ uint32_t mh_depth = ldl_p(header+i+44); */
+
+ mb_debug("multiboot: mh_header_addr = %#x\n", mh_header_addr);
+ mb_debug("multiboot: mh_load_addr = %#x\n", mh_load_addr);
+ mb_debug("multiboot: mh_load_end_addr = %#x\n", mh_load_end_addr);
+ mb_debug("multiboot: mh_bss_end_addr = %#x\n", mh_bss_end_addr);
+ mb_debug("qemu: loading multiboot kernel (%#x bytes) at %#x\n",
+ mb_load_size, mh_load_addr);
+
+ mbs.mb_buf = g_malloc(mb_kernel_size);
+ fseek(f, mb_kernel_text_offset, SEEK_SET);
+ if (fread(mbs.mb_buf, 1, mb_load_size, f) != mb_load_size) {
+ fprintf(stderr, "fread() failed\n");
+ exit(1);
+ }
+ memset(mbs.mb_buf + mb_load_size, 0, mb_kernel_size - mb_load_size);
+ fclose(f);
+ }
+
+ mbs.mb_buf_phys = mh_load_addr;
+
+ mbs.mb_buf_size = TARGET_PAGE_ALIGN(mb_kernel_size);
+ mbs.offset_mbinfo = mbs.mb_buf_size;
+
+ /* Calculate space for cmdlines and mb_mods */
+ mbs.mb_buf_size += strlen(kernel_filename) + 1;
+ mbs.mb_buf_size += strlen(kernel_cmdline) + 1;
+ if (initrd_filename) {
+ const char *r = initrd_filename;
+ mbs.mb_buf_size += strlen(r) + 1;
+ mbs.mb_mods_avail = 1;
+ while (*(r = get_opt_value(NULL, 0, r))) {
+ mbs.mb_mods_avail++;
+ r++;
+ }
+ mbs.mb_buf_size += MB_MOD_SIZE * mbs.mb_mods_avail;
+ }
+
+ mbs.mb_buf_size = TARGET_PAGE_ALIGN(mbs.mb_buf_size);
+
+ /* enlarge mb_buf to hold cmdlines and mb-info structs */
+ mbs.mb_buf = g_realloc(mbs.mb_buf, mbs.mb_buf_size);
+ mbs.offset_cmdlines = mbs.offset_mbinfo + mbs.mb_mods_avail * MB_MOD_SIZE;
+
+ if (initrd_filename) {
+ char *next_initrd, not_last;
+
+ mbs.offset_mods = mbs.mb_buf_size;
+
+ do {
+ char *next_space;
+ int mb_mod_length;
+ uint32_t offs = mbs.mb_buf_size;
+
+ next_initrd = (char *)get_opt_value(NULL, 0, initrd_filename);
+ not_last = *next_initrd;
+ *next_initrd = '\0';
+ /* if a space comes after the module filename, treat everything
+ after that as parameters */
+ hwaddr c = mb_add_cmdline(&mbs, initrd_filename);
+ if ((next_space = strchr(initrd_filename, ' ')))
+ *next_space = '\0';
+ mb_debug("multiboot loading module: %s\n", initrd_filename);
+ mb_mod_length = get_image_size(initrd_filename);
+ if (mb_mod_length < 0) {
+ fprintf(stderr, "Failed to open file '%s'\n", initrd_filename);
+ exit(1);
+ }
+
+ mbs.mb_buf_size = TARGET_PAGE_ALIGN(mb_mod_length + mbs.mb_buf_size);
+ mbs.mb_buf = g_realloc(mbs.mb_buf, mbs.mb_buf_size);
+
+ load_image(initrd_filename, (unsigned char *)mbs.mb_buf + offs);
+ mb_add_mod(&mbs, mbs.mb_buf_phys + offs,
+ mbs.mb_buf_phys + offs + mb_mod_length, c);
+
+ mb_debug("mod_start: %p\nmod_end: %p\n cmdline: "TARGET_FMT_plx"\n",
+ (char *)mbs.mb_buf + offs,
+ (char *)mbs.mb_buf + offs + mb_mod_length, c);
+ initrd_filename = next_initrd+1;
+ } while (not_last);
+ }
+
+ /* Commandline support */
+ char kcmdline[strlen(kernel_filename) + strlen(kernel_cmdline) + 2];
+ snprintf(kcmdline, sizeof(kcmdline), "%s %s",
+ kernel_filename, kernel_cmdline);
+ stl_p(bootinfo + MBI_CMDLINE, mb_add_cmdline(&mbs, kcmdline));
+
+ stl_p(bootinfo + MBI_MODS_ADDR, mbs.mb_buf_phys + mbs.offset_mbinfo);
+ stl_p(bootinfo + MBI_MODS_COUNT, mbs.mb_mods_count); /* mods_count */
+
+ /* the kernel is where we want it to be now */
+ stl_p(bootinfo + MBI_FLAGS, MULTIBOOT_FLAGS_MEMORY
+ | MULTIBOOT_FLAGS_BOOT_DEVICE
+ | MULTIBOOT_FLAGS_CMDLINE
+ | MULTIBOOT_FLAGS_MODULES
+ | MULTIBOOT_FLAGS_MMAP);
+ stl_p(bootinfo + MBI_BOOT_DEVICE, 0x8000ffff); /* XXX: use the -boot switch? */
+ stl_p(bootinfo + MBI_MMAP_ADDR, ADDR_E820_MAP);
+
+ mb_debug("multiboot: mh_entry_addr = %#x\n", mh_entry_addr);
+ mb_debug(" mb_buf_phys = "TARGET_FMT_plx"\n", mbs.mb_buf_phys);
+ mb_debug(" mod_start = "TARGET_FMT_plx"\n", mbs.mb_buf_phys + mbs.offset_mods);
+ mb_debug(" mb_mods_count = %d\n", mbs.mb_mods_count);
+
+ /* save bootinfo off the stack */
+ mb_bootinfo_data = g_malloc(sizeof(bootinfo));
+ memcpy(mb_bootinfo_data, bootinfo, sizeof(bootinfo));
+
+ /* Pass variables to option rom */
+ fw_cfg_add_i32(fw_cfg, FW_CFG_KERNEL_ENTRY, mh_entry_addr);
+ fw_cfg_add_i32(fw_cfg, FW_CFG_KERNEL_ADDR, mh_load_addr);
+ fw_cfg_add_i32(fw_cfg, FW_CFG_KERNEL_SIZE, mbs.mb_buf_size);
+ fw_cfg_add_bytes(fw_cfg, FW_CFG_KERNEL_DATA,
+ mbs.mb_buf, mbs.mb_buf_size);
+
+ fw_cfg_add_i32(fw_cfg, FW_CFG_INITRD_ADDR, ADDR_MBI);
+ fw_cfg_add_i32(fw_cfg, FW_CFG_INITRD_SIZE, sizeof(bootinfo));
+ fw_cfg_add_bytes(fw_cfg, FW_CFG_INITRD_DATA, mb_bootinfo_data,
+ sizeof(bootinfo));
+
+ option_rom[nb_option_roms].name = "multiboot.bin";
+ option_rom[nb_option_roms].bootindex = 0;
+ nb_option_roms++;
+
+ return 1; /* yes, we are multiboot */
+}
diff --git a/hw/i386/multiboot.h b/hw/i386/multiboot.h
new file mode 100644
index 000000000..60de309cd
--- /dev/null
+++ b/hw/i386/multiboot.h
@@ -0,0 +1,14 @@
+#ifndef QEMU_MULTIBOOT_H
+#define QEMU_MULTIBOOT_H
+
+#include "hw/nvram/fw_cfg.h"
+
+int load_multiboot(FWCfgState *fw_cfg,
+ FILE *f,
+ const char *kernel_filename,
+ const char *initrd_filename,
+ const char *kernel_cmdline,
+ int kernel_file_size,
+ uint8_t *header);
+
+#endif
diff --git a/hw/i386/pc.c b/hw/i386/pc.c
new file mode 100644
index 000000000..e8bc8ce17
--- /dev/null
+++ b/hw/i386/pc.c
@@ -0,0 +1,1364 @@
+/*
+ * QEMU PC System Emulator
+ *
+ * Copyright (c) 2003-2004 Fabrice Bellard
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+#include "hw/hw.h"
+#include "hw/i386/pc.h"
+#include "hw/char/serial.h"
+#include "hw/i386/apic.h"
+#include "hw/block/fdc.h"
+#include "hw/ide.h"
+#include "hw/pci/pci.h"
+#include "monitor/monitor.h"
+#include "hw/nvram/fw_cfg.h"
+#include "hw/timer/hpet.h"
+#include "hw/i386/smbios.h"
+#include "hw/loader.h"
+#include "elf.h"
+#include "multiboot.h"
+#include "hw/timer/mc146818rtc.h"
+#include "hw/timer/i8254.h"
+#include "hw/audio/pcspk.h"
+#include "hw/pci/msi.h"
+#include "hw/sysbus.h"
+#include "sysemu/sysemu.h"
+#include "sysemu/kvm.h"
+#include "kvm_i386.h"
+#include "hw/xen/xen.h"
+#include "sysemu/blockdev.h"
+#include "hw/block/block.h"
+#include "ui/qemu-spice.h"
+#include "exec/memory.h"
+#include "exec/address-spaces.h"
+#include "sysemu/arch_init.h"
+#include "qemu/bitmap.h"
+#include "qemu/config-file.h"
+#include "hw/acpi/acpi.h"
+#include "hw/cpu/icc_bus.h"
+#include "hw/boards.h"
+#include "hw/pci/pci_host.h"
+
+/* debug PC/ISA interrupts */
+//#define DEBUG_IRQ
+
+#ifdef DEBUG_IRQ
+#define DPRINTF(fmt, ...) \
+ do { printf("CPUIRQ: " fmt , ## __VA_ARGS__); } while (0)
+#else
+#define DPRINTF(fmt, ...)
+#endif
+
+/* Leave a chunk of memory at the top of RAM for the BIOS ACPI tables. */
+#define ACPI_DATA_SIZE 0x10000
+#define BIOS_CFG_IOPORT 0x510
+#define FW_CFG_ACPI_TABLES (FW_CFG_ARCH_LOCAL + 0)
+#define FW_CFG_SMBIOS_ENTRIES (FW_CFG_ARCH_LOCAL + 1)
+#define FW_CFG_IRQ0_OVERRIDE (FW_CFG_ARCH_LOCAL + 2)
+#define FW_CFG_E820_TABLE (FW_CFG_ARCH_LOCAL + 3)
+#define FW_CFG_HPET (FW_CFG_ARCH_LOCAL + 4)
+
+#define E820_NR_ENTRIES 16
+
+struct e820_entry {
+ uint64_t address;
+ uint64_t length;
+ uint32_t type;
+} QEMU_PACKED __attribute((__aligned__(4)));
+
+struct e820_table {
+ uint32_t count;
+ struct e820_entry entry[E820_NR_ENTRIES];
+} QEMU_PACKED __attribute((__aligned__(4)));
+
+static struct e820_table e820_table;
+struct hpet_fw_config hpet_cfg = {.count = UINT8_MAX};
+
+void gsi_handler(void *opaque, int n, int level)
+{
+ GSIState *s = opaque;
+
+ DPRINTF("pc: %s GSI %d\n", level ? "raising" : "lowering", n);
+ if (n < ISA_NUM_IRQS) {
+ qemu_set_irq(s->i8259_irq[n], level);
+ }
+ qemu_set_irq(s->ioapic_irq[n], level);
+}
+
+static void ioport80_write(void *opaque, hwaddr addr, uint64_t data,
+ unsigned size)
+{
+}
+
+static uint64_t ioport80_read(void *opaque, hwaddr addr, unsigned size)
+{
+ return 0xffffffffffffffffULL;
+}
+
+/* MSDOS compatibility mode FPU exception support */
+static qemu_irq ferr_irq;
+
+void pc_register_ferr_irq(qemu_irq irq)
+{
+ ferr_irq = irq;
+}
+
+/* XXX: add IGNNE support */
+void cpu_set_ferr(CPUX86State *s)
+{
+ qemu_irq_raise(ferr_irq);
+}
+
+static void ioportF0_write(void *opaque, hwaddr addr, uint64_t data,
+ unsigned size)
+{
+ qemu_irq_lower(ferr_irq);
+}
+
+static uint64_t ioportF0_read(void *opaque, hwaddr addr, unsigned size)
+{
+ return 0xffffffffffffffffULL;
+}
+
+/* TSC handling */
+uint64_t cpu_get_tsc(CPUX86State *env)
+{
+ return cpu_get_ticks();
+}
+
+/* SMM support */
+
+static cpu_set_smm_t smm_set;
+static void *smm_arg;
+
+void cpu_smm_register(cpu_set_smm_t callback, void *arg)
+{
+ assert(smm_set == NULL);
+ assert(smm_arg == NULL);
+ smm_set = callback;
+ smm_arg = arg;
+}
+
+void cpu_smm_update(CPUX86State *env)
+{
+ if (smm_set && smm_arg && CPU(x86_env_get_cpu(env)) == first_cpu) {
+ smm_set(!!(env->hflags & HF_SMM_MASK), smm_arg);
+ }
+}
+
+
+/* IRQ handling */
+int cpu_get_pic_interrupt(CPUX86State *env)
+{
+ int intno;
+
+ intno = apic_get_interrupt(env->apic_state);
+ if (intno >= 0) {
+ return intno;
+ }
+ /* read the irq from the PIC */
+ if (!apic_accept_pic_intr(env->apic_state)) {
+ return -1;
+ }
+
+ intno = pic_read_irq(isa_pic);
+ return intno;
+}
+
+static void pic_irq_request(void *opaque, int irq, int level)
+{
+ CPUState *cs = first_cpu;
+ X86CPU *cpu = X86_CPU(cs);
+ CPUX86State *env = &cpu->env;
+
+ DPRINTF("pic_irqs: %s irq %d\n", level? "raise" : "lower", irq);
+ if (env->apic_state) {
+ while (cs) {
+ cpu = X86_CPU(cs);
+ env = &cpu->env;
+ if (apic_accept_pic_intr(env->apic_state)) {
+ apic_deliver_pic_intr(env->apic_state, level);
+ }
+ cs = cs->next_cpu;
+ }
+ } else {
+ if (level) {
+ cpu_interrupt(cs, CPU_INTERRUPT_HARD);
+ } else {
+ cpu_reset_interrupt(cs, CPU_INTERRUPT_HARD);
+ }
+ }
+}
+
+/* PC cmos mappings */
+
+#define REG_EQUIPMENT_BYTE 0x14
+
+static int cmos_get_fd_drive_type(FDriveType fd0)
+{
+ int val;
+
+ switch (fd0) {
+ case FDRIVE_DRV_144:
+ /* 1.44 Mb 3"5 drive */
+ val = 4;
+ break;
+ case FDRIVE_DRV_288:
+ /* 2.88 Mb 3"5 drive */
+ val = 5;
+ break;
+ case FDRIVE_DRV_120:
+ /* 1.2 Mb 5"5 drive */
+ val = 2;
+ break;
+ case FDRIVE_DRV_NONE:
+ default:
+ val = 0;
+ break;
+ }
+ return val;
+}
+
+static void cmos_init_hd(ISADevice *s, int type_ofs, int info_ofs,
+ int16_t cylinders, int8_t heads, int8_t sectors)
+{
+ rtc_set_memory(s, type_ofs, 47);
+ rtc_set_memory(s, info_ofs, cylinders);
+ rtc_set_memory(s, info_ofs + 1, cylinders >> 8);
+ rtc_set_memory(s, info_ofs + 2, heads);
+ rtc_set_memory(s, info_ofs + 3, 0xff);
+ rtc_set_memory(s, info_ofs + 4, 0xff);
+ rtc_set_memory(s, info_ofs + 5, 0xc0 | ((heads > 8) << 3));
+ rtc_set_memory(s, info_ofs + 6, cylinders);
+ rtc_set_memory(s, info_ofs + 7, cylinders >> 8);
+ rtc_set_memory(s, info_ofs + 8, sectors);
+}
+
+/* convert boot_device letter to something recognizable by the bios */
+static int boot_device2nibble(char boot_device)
+{
+ switch(boot_device) {
+ case 'a':
+ case 'b':
+ return 0x01; /* floppy boot */
+ case 'c':
+ return 0x02; /* hard drive boot */
+ case 'd':
+ return 0x03; /* CD-ROM boot */
+ case 'n':
+ return 0x04; /* Network boot */
+ }
+ return 0;
+}
+
+static int set_boot_dev(ISADevice *s, const char *boot_device)
+{
+#define PC_MAX_BOOT_DEVICES 3
+ int nbds, bds[3] = { 0, };
+ int i;
+
+ nbds = strlen(boot_device);
+ if (nbds > PC_MAX_BOOT_DEVICES) {
+ error_report("Too many boot devices for PC");
+ return(1);
+ }
+ for (i = 0; i < nbds; i++) {
+ bds[i] = boot_device2nibble(boot_device[i]);
+ if (bds[i] == 0) {
+ error_report("Invalid boot device for PC: '%c'",
+ boot_device[i]);
+ return(1);
+ }
+ }
+ rtc_set_memory(s, 0x3d, (bds[1] << 4) | bds[0]);
+ rtc_set_memory(s, 0x38, (bds[2] << 4) | (fd_bootchk ? 0x0 : 0x1));
+ return(0);
+}
+
+static int pc_boot_set(void *opaque, const char *boot_device)
+{
+ return set_boot_dev(opaque, boot_device);
+}
+
+typedef struct pc_cmos_init_late_arg {
+ ISADevice *rtc_state;
+ BusState *idebus[2];
+} pc_cmos_init_late_arg;
+
+static void pc_cmos_init_late(void *opaque)
+{
+ pc_cmos_init_late_arg *arg = opaque;
+ ISADevice *s = arg->rtc_state;
+ int16_t cylinders;
+ int8_t heads, sectors;
+ int val;
+ int i, trans;
+
+ val = 0;
+ if (ide_get_geometry(arg->idebus[0], 0,
+ &cylinders, &heads, &sectors) >= 0) {
+ cmos_init_hd(s, 0x19, 0x1b, cylinders, heads, sectors);
+ val |= 0xf0;
+ }
+ if (ide_get_geometry(arg->idebus[0], 1,
+ &cylinders, &heads, &sectors) >= 0) {
+ cmos_init_hd(s, 0x1a, 0x24, cylinders, heads, sectors);
+ val |= 0x0f;
+ }
+ rtc_set_memory(s, 0x12, val);
+
+ val = 0;
+ for (i = 0; i < 4; i++) {
+ /* NOTE: ide_get_geometry() returns the physical
+ geometry. It is always such that: 1 <= sects <= 63, 1
+ <= heads <= 16, 1 <= cylinders <= 16383. The BIOS
+ geometry can be different if a translation is done. */
+ if (ide_get_geometry(arg->idebus[i / 2], i % 2,
+ &cylinders, &heads, &sectors) >= 0) {
+ trans = ide_get_bios_chs_trans(arg->idebus[i / 2], i % 2) - 1;
+ assert((trans & ~3) == 0);
+ val |= trans << (i * 2);
+ }
+ }
+ rtc_set_memory(s, 0x39, val);
+
+ qemu_unregister_reset(pc_cmos_init_late, opaque);
+}
+
+typedef struct RTCCPUHotplugArg {
+ Notifier cpu_added_notifier;
+ ISADevice *rtc_state;
+} RTCCPUHotplugArg;
+
+static void rtc_notify_cpu_added(Notifier *notifier, void *data)
+{
+ RTCCPUHotplugArg *arg = container_of(notifier, RTCCPUHotplugArg,
+ cpu_added_notifier);
+ ISADevice *s = arg->rtc_state;
+
+ /* increment the number of CPUs */
+ rtc_set_memory(s, 0x5f, rtc_get_memory(s, 0x5f) + 1);
+}
+
+void pc_cmos_init(ram_addr_t ram_size, ram_addr_t above_4g_mem_size,
+ const char *boot_device,
+ ISADevice *floppy, BusState *idebus0, BusState *idebus1,
+ ISADevice *s)
+{
+ int val, nb, i;
+ FDriveType fd_type[2] = { FDRIVE_DRV_NONE, FDRIVE_DRV_NONE };
+ static pc_cmos_init_late_arg arg;
+ static RTCCPUHotplugArg cpu_hotplug_cb;
+
+ /* various important CMOS locations needed by PC/Bochs bios */
+
+ /* memory size */
+ /* base memory (first MiB) */
+ val = MIN(ram_size / 1024, 640);
+ rtc_set_memory(s, 0x15, val);
+ rtc_set_memory(s, 0x16, val >> 8);
+ /* extended memory (next 64MiB) */
+ if (ram_size > 1024 * 1024) {
+ val = (ram_size - 1024 * 1024) / 1024;
+ } else {
+ val = 0;
+ }
+ if (val > 65535)
+ val = 65535;
+ rtc_set_memory(s, 0x17, val);
+ rtc_set_memory(s, 0x18, val >> 8);
+ rtc_set_memory(s, 0x30, val);
+ rtc_set_memory(s, 0x31, val >> 8);
+ /* memory between 16MiB and 4GiB */
+ if (ram_size > 16 * 1024 * 1024) {
+ val = (ram_size - 16 * 1024 * 1024) / 65536;
+ } else {
+ val = 0;
+ }
+ if (val > 65535)
+ val = 65535;
+ rtc_set_memory(s, 0x34, val);
+ rtc_set_memory(s, 0x35, val >> 8);
+ /* memory above 4GiB */
+ val = above_4g_mem_size / 65536;
+ rtc_set_memory(s, 0x5b, val);
+ rtc_set_memory(s, 0x5c, val >> 8);
+ rtc_set_memory(s, 0x5d, val >> 16);
+
+ /* set the number of CPU */
+ rtc_set_memory(s, 0x5f, smp_cpus - 1);
+ /* init CPU hotplug notifier */
+ cpu_hotplug_cb.rtc_state = s;
+ cpu_hotplug_cb.cpu_added_notifier.notify = rtc_notify_cpu_added;
+ qemu_register_cpu_added_notifier(&cpu_hotplug_cb.cpu_added_notifier);
+
+ if (set_boot_dev(s, boot_device)) {
+ exit(1);
+ }
+
+ /* floppy type */
+ if (floppy) {
+ for (i = 0; i < 2; i++) {
+ fd_type[i] = isa_fdc_get_drive_type(floppy, i);
+ }
+ }
+ val = (cmos_get_fd_drive_type(fd_type[0]) << 4) |
+ cmos_get_fd_drive_type(fd_type[1]);
+ rtc_set_memory(s, 0x10, val);
+
+ val = 0;
+ nb = 0;
+ if (fd_type[0] < FDRIVE_DRV_NONE) {
+ nb++;
+ }
+ if (fd_type[1] < FDRIVE_DRV_NONE) {
+ nb++;
+ }
+ switch (nb) {
+ case 0:
+ break;
+ case 1:
+ val |= 0x01; /* 1 drive, ready for boot */
+ break;
+ case 2:
+ val |= 0x41; /* 2 drives, ready for boot */
+ break;
+ }
+ val |= 0x02; /* FPU is there */
+ val |= 0x04; /* PS/2 mouse installed */
+ rtc_set_memory(s, REG_EQUIPMENT_BYTE, val);
+
+ /* hard drives */
+ arg.rtc_state = s;
+ arg.idebus[0] = idebus0;
+ arg.idebus[1] = idebus1;
+ qemu_register_reset(pc_cmos_init_late, &arg);
+}
+
+#define TYPE_PORT92 "port92"
+#define PORT92(obj) OBJECT_CHECK(Port92State, (obj), TYPE_PORT92)
+
+/* port 92 stuff: could be split off */
+typedef struct Port92State {
+ ISADevice parent_obj;
+
+ MemoryRegion io;
+ uint8_t outport;
+ qemu_irq *a20_out;
+} Port92State;
+
+static void port92_write(void *opaque, hwaddr addr, uint64_t val,
+ unsigned size)
+{
+ Port92State *s = opaque;
+
+ DPRINTF("port92: write 0x%02x\n", val);
+ s->outport = val;
+ qemu_set_irq(*s->a20_out, (val >> 1) & 1);
+ if (val & 1) {
+ qemu_system_reset_request();
+ }
+}
+
+static uint64_t port92_read(void *opaque, hwaddr addr,
+ unsigned size)
+{
+ Port92State *s = opaque;
+ uint32_t ret;
+
+ ret = s->outport;
+ DPRINTF("port92: read 0x%02x\n", ret);
+ return ret;
+}
+
+static void port92_init(ISADevice *dev, qemu_irq *a20_out)
+{
+ Port92State *s = PORT92(dev);
+
+ s->a20_out = a20_out;
+}
+
+static const VMStateDescription vmstate_port92_isa = {
+ .name = "port92",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .minimum_version_id_old = 1,
+ .fields = (VMStateField []) {
+ VMSTATE_UINT8(outport, Port92State),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+static void port92_reset(DeviceState *d)
+{
+ Port92State *s = PORT92(d);
+
+ s->outport &= ~1;
+}
+
+static const MemoryRegionOps port92_ops = {
+ .read = port92_read,
+ .write = port92_write,
+ .impl = {
+ .min_access_size = 1,
+ .max_access_size = 1,
+ },
+ .endianness = DEVICE_LITTLE_ENDIAN,
+};
+
+static void port92_initfn(Object *obj)
+{
+ Port92State *s = PORT92(obj);
+
+ memory_region_init_io(&s->io, OBJECT(s), &port92_ops, s, "port92", 1);
+
+ s->outport = 0;
+}
+
+static void port92_realizefn(DeviceState *dev, Error **errp)
+{
+ ISADevice *isadev = ISA_DEVICE(dev);
+ Port92State *s = PORT92(dev);
+
+ isa_register_ioport(isadev, &s->io, 0x92);
+}
+
+static void port92_class_initfn(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+
+ dc->no_user = 1;
+ dc->realize = port92_realizefn;
+ dc->reset = port92_reset;
+ dc->vmsd = &vmstate_port92_isa;
+}
+
+static const TypeInfo port92_info = {
+ .name = TYPE_PORT92,
+ .parent = TYPE_ISA_DEVICE,
+ .instance_size = sizeof(Port92State),
+ .instance_init = port92_initfn,
+ .class_init = port92_class_initfn,
+};
+
+static void port92_register_types(void)
+{
+ type_register_static(&port92_info);
+}
+
+type_init(port92_register_types)
+
+static void handle_a20_line_change(void *opaque, int irq, int level)
+{
+ X86CPU *cpu = opaque;
+
+ /* XXX: send to all CPUs ? */
+ /* XXX: add logic to handle multiple A20 line sources */
+ x86_cpu_set_a20(cpu, level);
+}
+
+int e820_add_entry(uint64_t address, uint64_t length, uint32_t type)
+{
+ int index = le32_to_cpu(e820_table.count);
+ struct e820_entry *entry;
+
+ if (index >= E820_NR_ENTRIES)
+ return -EBUSY;
+ entry = &e820_table.entry[index++];
+
+ entry->address = cpu_to_le64(address);
+ entry->length = cpu_to_le64(length);
+ entry->type = cpu_to_le32(type);
+
+ e820_table.count = cpu_to_le32(index);
+ return index;
+}
+
+/* Calculates the limit to CPU APIC ID values
+ *
+ * This function returns the limit for the APIC ID value, so that all
+ * CPU APIC IDs are < pc_apic_id_limit().
+ *
+ * This is used for FW_CFG_MAX_CPUS. See comments on bochs_bios_init().
+ */
+static unsigned int pc_apic_id_limit(unsigned int max_cpus)
+{
+ return x86_cpu_apic_id_from_index(max_cpus - 1) + 1;
+}
+
+static FWCfgState *bochs_bios_init(void)
+{
+ FWCfgState *fw_cfg;
+ uint8_t *smbios_table;
+ size_t smbios_len;
+ uint64_t *numa_fw_cfg;
+ int i, j;
+ unsigned int apic_id_limit = pc_apic_id_limit(max_cpus);
+
+ fw_cfg = fw_cfg_init(BIOS_CFG_IOPORT, BIOS_CFG_IOPORT + 1, 0, 0);
+ /* FW_CFG_MAX_CPUS is a bit confusing/problematic on x86:
+ *
+ * SeaBIOS needs FW_CFG_MAX_CPUS for CPU hotplug, but the CPU hotplug
+ * QEMU<->SeaBIOS interface is not based on the "CPU index", but on the APIC
+ * ID of hotplugged CPUs[1]. This means that FW_CFG_MAX_CPUS is not the
+ * "maximum number of CPUs", but the "limit to the APIC ID values SeaBIOS
+ * may see".
+ *
+ * So, this means we must not use max_cpus, here, but the maximum possible
+ * APIC ID value, plus one.
+ *
+ * [1] The only kind of "CPU identifier" used between SeaBIOS and QEMU is
+ * the APIC ID, not the "CPU index"
+ */
+ fw_cfg_add_i16(fw_cfg, FW_CFG_MAX_CPUS, (uint16_t)apic_id_limit);
+ fw_cfg_add_i32(fw_cfg, FW_CFG_ID, 1);
+ fw_cfg_add_i64(fw_cfg, FW_CFG_RAM_SIZE, (uint64_t)ram_size);
+ fw_cfg_add_bytes(fw_cfg, FW_CFG_ACPI_TABLES,
+ acpi_tables, acpi_tables_len);
+ fw_cfg_add_i32(fw_cfg, FW_CFG_IRQ0_OVERRIDE, kvm_allows_irq0_override());
+
+ smbios_table = smbios_get_table(&smbios_len);
+ if (smbios_table)
+ fw_cfg_add_bytes(fw_cfg, FW_CFG_SMBIOS_ENTRIES,
+ smbios_table, smbios_len);
+ fw_cfg_add_bytes(fw_cfg, FW_CFG_E820_TABLE,
+ &e820_table, sizeof(e820_table));
+
+ fw_cfg_add_bytes(fw_cfg, FW_CFG_HPET, &hpet_cfg, sizeof(hpet_cfg));
+ /* allocate memory for the NUMA channel: one (64bit) word for the number
+ * of nodes, one word for each VCPU->node and one word for each node to
+ * hold the amount of memory.
+ */
+ numa_fw_cfg = g_new0(uint64_t, 1 + apic_id_limit + nb_numa_nodes);
+ numa_fw_cfg[0] = cpu_to_le64(nb_numa_nodes);
+ for (i = 0; i < max_cpus; i++) {
+ unsigned int apic_id = x86_cpu_apic_id_from_index(i);
+ assert(apic_id < apic_id_limit);
+ for (j = 0; j < nb_numa_nodes; j++) {
+ if (test_bit(i, node_cpumask[j])) {
+ numa_fw_cfg[apic_id + 1] = cpu_to_le64(j);
+ break;
+ }
+ }
+ }
+ for (i = 0; i < nb_numa_nodes; i++) {
+ numa_fw_cfg[apic_id_limit + 1 + i] = cpu_to_le64(node_mem[i]);
+ }
+ fw_cfg_add_bytes(fw_cfg, FW_CFG_NUMA, numa_fw_cfg,
+ (1 + apic_id_limit + nb_numa_nodes) *
+ sizeof(*numa_fw_cfg));
+
+ return fw_cfg;
+}
+
+static long get_file_size(FILE *f)
+{
+ long where, size;
+
+ /* XXX: on Unix systems, using fstat() probably makes more sense */
+
+ where = ftell(f);
+ fseek(f, 0, SEEK_END);
+ size = ftell(f);
+ fseek(f, where, SEEK_SET);
+
+ return size;
+}
+
+static void load_linux(FWCfgState *fw_cfg,
+ const char *kernel_filename,
+ const char *initrd_filename,
+ const char *kernel_cmdline,
+ hwaddr max_ram_size)
+{
+ uint16_t protocol;
+ int setup_size, kernel_size, initrd_size = 0, cmdline_size;
+ uint32_t initrd_max;
+ uint8_t header[8192], *setup, *kernel, *initrd_data;
+ hwaddr real_addr, prot_addr, cmdline_addr, initrd_addr = 0;
+ FILE *f;
+ char *vmode;
+
+ /* Align to 16 bytes as a paranoia measure */
+ cmdline_size = (strlen(kernel_cmdline)+16) & ~15;
+
+ /* load the kernel header */
+ f = fopen(kernel_filename, "rb");
+ if (!f || !(kernel_size = get_file_size(f)) ||
+ fread(header, 1, MIN(ARRAY_SIZE(header), kernel_size), f) !=
+ MIN(ARRAY_SIZE(header), kernel_size)) {
+ fprintf(stderr, "qemu: could not load kernel '%s': %s\n",
+ kernel_filename, strerror(errno));
+ exit(1);
+ }
+
+ /* kernel protocol version */
+#if 0
+ fprintf(stderr, "header magic: %#x\n", ldl_p(header+0x202));
+#endif
+ if (ldl_p(header+0x202) == 0x53726448) {
+ protocol = lduw_p(header+0x206);
+ } else {
+ /* This looks like a multiboot kernel. If it is, let's stop
+ treating it like a Linux kernel. */
+ if (load_multiboot(fw_cfg, f, kernel_filename, initrd_filename,
+ kernel_cmdline, kernel_size, header)) {
+ return;
+ }
+ protocol = 0;
+ }
+
+ if (protocol < 0x200 || !(header[0x211] & 0x01)) {
+ /* Low kernel */
+ real_addr = 0x90000;
+ cmdline_addr = 0x9a000 - cmdline_size;
+ prot_addr = 0x10000;
+ } else if (protocol < 0x202) {
+ /* High but ancient kernel */
+ real_addr = 0x90000;
+ cmdline_addr = 0x9a000 - cmdline_size;
+ prot_addr = 0x100000;
+ } else {
+ /* High and recent kernel */
+ real_addr = 0x10000;
+ cmdline_addr = 0x20000;
+ prot_addr = 0x100000;
+ }
+
+#if 0
+ fprintf(stderr,
+ "qemu: real_addr = 0x" TARGET_FMT_plx "\n"
+ "qemu: cmdline_addr = 0x" TARGET_FMT_plx "\n"
+ "qemu: prot_addr = 0x" TARGET_FMT_plx "\n",
+ real_addr,
+ cmdline_addr,
+ prot_addr);
+#endif
+
+ /* highest address for loading the initrd */
+ if (protocol >= 0x203) {
+ initrd_max = ldl_p(header+0x22c);
+ } else {
+ initrd_max = 0x37ffffff;
+ }
+
+ if (initrd_max >= max_ram_size-ACPI_DATA_SIZE)
+ initrd_max = max_ram_size-ACPI_DATA_SIZE-1;
+
+ fw_cfg_add_i32(fw_cfg, FW_CFG_CMDLINE_ADDR, cmdline_addr);
+ fw_cfg_add_i32(fw_cfg, FW_CFG_CMDLINE_SIZE, strlen(kernel_cmdline)+1);
+ fw_cfg_add_string(fw_cfg, FW_CFG_CMDLINE_DATA, kernel_cmdline);
+
+ if (protocol >= 0x202) {
+ stl_p(header+0x228, cmdline_addr);
+ } else {
+ stw_p(header+0x20, 0xA33F);
+ stw_p(header+0x22, cmdline_addr-real_addr);
+ }
+
+ /* handle vga= parameter */
+ vmode = strstr(kernel_cmdline, "vga=");
+ if (vmode) {
+ unsigned int video_mode;
+ /* skip "vga=" */
+ vmode += 4;
+ if (!strncmp(vmode, "normal", 6)) {
+ video_mode = 0xffff;
+ } else if (!strncmp(vmode, "ext", 3)) {
+ video_mode = 0xfffe;
+ } else if (!strncmp(vmode, "ask", 3)) {
+ video_mode = 0xfffd;
+ } else {
+ video_mode = strtol(vmode, NULL, 0);
+ }
+ stw_p(header+0x1fa, video_mode);
+ }
+
+ /* loader type */
+ /* High nybble = B reserved for QEMU; low nybble is revision number.
+ If this code is substantially changed, you may want to consider
+ incrementing the revision. */
+ if (protocol >= 0x200) {
+ header[0x210] = 0xB0;
+ }
+ /* heap */
+ if (protocol >= 0x201) {
+ header[0x211] |= 0x80; /* CAN_USE_HEAP */
+ stw_p(header+0x224, cmdline_addr-real_addr-0x200);
+ }
+
+ /* load initrd */
+ if (initrd_filename) {
+ if (protocol < 0x200) {
+ fprintf(stderr, "qemu: linux kernel too old to load a ram disk\n");
+ exit(1);
+ }
+
+ initrd_size = get_image_size(initrd_filename);
+ if (initrd_size < 0) {
+ fprintf(stderr, "qemu: error reading initrd %s\n",
+ initrd_filename);
+ exit(1);
+ }
+
+ initrd_addr = (initrd_max-initrd_size) & ~4095;
+
+ initrd_data = g_malloc(initrd_size);
+ load_image(initrd_filename, initrd_data);
+
+ fw_cfg_add_i32(fw_cfg, FW_CFG_INITRD_ADDR, initrd_addr);
+ fw_cfg_add_i32(fw_cfg, FW_CFG_INITRD_SIZE, initrd_size);
+ fw_cfg_add_bytes(fw_cfg, FW_CFG_INITRD_DATA, initrd_data, initrd_size);
+
+ stl_p(header+0x218, initrd_addr);
+ stl_p(header+0x21c, initrd_size);
+ }
+
+ /* load kernel and setup */
+ setup_size = header[0x1f1];
+ if (setup_size == 0) {
+ setup_size = 4;
+ }
+ setup_size = (setup_size+1)*512;
+ kernel_size -= setup_size;
+
+ setup = g_malloc(setup_size);
+ kernel = g_malloc(kernel_size);
+ fseek(f, 0, SEEK_SET);
+ if (fread(setup, 1, setup_size, f) != setup_size) {
+ fprintf(stderr, "fread() failed\n");
+ exit(1);
+ }
+ if (fread(kernel, 1, kernel_size, f) != kernel_size) {
+ fprintf(stderr, "fread() failed\n");
+ exit(1);
+ }
+ fclose(f);
+ memcpy(setup, header, MIN(sizeof(header), setup_size));
+
+ fw_cfg_add_i32(fw_cfg, FW_CFG_KERNEL_ADDR, prot_addr);
+ fw_cfg_add_i32(fw_cfg, FW_CFG_KERNEL_SIZE, kernel_size);
+ fw_cfg_add_bytes(fw_cfg, FW_CFG_KERNEL_DATA, kernel, kernel_size);
+
+ fw_cfg_add_i32(fw_cfg, FW_CFG_SETUP_ADDR, real_addr);
+ fw_cfg_add_i32(fw_cfg, FW_CFG_SETUP_SIZE, setup_size);
+ fw_cfg_add_bytes(fw_cfg, FW_CFG_SETUP_DATA, setup, setup_size);
+
+ option_rom[nb_option_roms].name = "linuxboot.bin";
+ option_rom[nb_option_roms].bootindex = 0;
+ nb_option_roms++;
+}
+
+#define NE2000_NB_MAX 6
+
+static const int ne2000_io[NE2000_NB_MAX] = { 0x300, 0x320, 0x340, 0x360,
+ 0x280, 0x380 };
+static const int ne2000_irq[NE2000_NB_MAX] = { 9, 10, 11, 3, 4, 5 };
+
+static const int parallel_io[MAX_PARALLEL_PORTS] = { 0x378, 0x278, 0x3bc };
+static const int parallel_irq[MAX_PARALLEL_PORTS] = { 7, 7, 7 };
+
+void pc_init_ne2k_isa(ISABus *bus, NICInfo *nd)
+{
+ static int nb_ne2k = 0;
+
+ if (nb_ne2k == NE2000_NB_MAX)
+ return;
+ isa_ne2000_init(bus, ne2000_io[nb_ne2k],
+ ne2000_irq[nb_ne2k], nd);
+ nb_ne2k++;
+}
+
+DeviceState *cpu_get_current_apic(void)
+{
+ if (current_cpu) {
+ X86CPU *cpu = X86_CPU(current_cpu);
+ return cpu->env.apic_state;
+ } else {
+ return NULL;
+ }
+}
+
+void pc_acpi_smi_interrupt(void *opaque, int irq, int level)
+{
+ X86CPU *cpu = opaque;
+
+ if (level) {
+ cpu_interrupt(CPU(cpu), CPU_INTERRUPT_SMI);
+ }
+}
+
+static X86CPU *pc_new_cpu(const char *cpu_model, int64_t apic_id,
+ DeviceState *icc_bridge, Error **errp)
+{
+ X86CPU *cpu;
+ Error *local_err = NULL;
+
+ cpu = cpu_x86_create(cpu_model, icc_bridge, &local_err);
+ if (local_err != NULL) {
+ error_propagate(errp, local_err);
+ return NULL;
+ }
+
+ object_property_set_int(OBJECT(cpu), apic_id, "apic-id", &local_err);
+ object_property_set_bool(OBJECT(cpu), true, "realized", &local_err);
+
+ if (local_err) {
+ error_propagate(errp, local_err);
+ object_unref(OBJECT(cpu));
+ cpu = NULL;
+ }
+ return cpu;
+}
+
+static const char *current_cpu_model;
+
+void pc_hot_add_cpu(const int64_t id, Error **errp)
+{
+ DeviceState *icc_bridge;
+ int64_t apic_id = x86_cpu_apic_id_from_index(id);
+
+ if (id < 0) {
+ error_setg(errp, "Invalid CPU id: %" PRIi64, id);
+ return;
+ }
+
+ if (cpu_exists(apic_id)) {
+ error_setg(errp, "Unable to add CPU: %" PRIi64
+ ", it already exists", id);
+ return;
+ }
+
+ if (id >= max_cpus) {
+ error_setg(errp, "Unable to add CPU: %" PRIi64
+ ", max allowed: %d", id, max_cpus - 1);
+ return;
+ }
+
+ icc_bridge = DEVICE(object_resolve_path_type("icc-bridge",
+ TYPE_ICC_BRIDGE, NULL));
+ pc_new_cpu(current_cpu_model, apic_id, icc_bridge, errp);
+}
+
+void pc_cpus_init(const char *cpu_model, DeviceState *icc_bridge)
+{
+ int i;
+ X86CPU *cpu = NULL;
+ Error *error = NULL;
+
+ /* init CPUs */
+ if (cpu_model == NULL) {
+#ifdef TARGET_X86_64
+ cpu_model = "qemu64";
+#else
+ cpu_model = "qemu32";
+#endif
+ }
+ current_cpu_model = cpu_model;
+
+ for (i = 0; i < smp_cpus; i++) {
+ cpu = pc_new_cpu(cpu_model, x86_cpu_apic_id_from_index(i),
+ icc_bridge, &error);
+ if (error) {
+ fprintf(stderr, "%s\n", error_get_pretty(error));
+ error_free(error);
+ exit(1);
+ }
+ }
+
+ /* map APIC MMIO area if CPU has APIC */
+ if (cpu && cpu->env.apic_state) {
+ /* XXX: what if the base changes? */
+ sysbus_mmio_map_overlap(SYS_BUS_DEVICE(icc_bridge), 0,
+ APIC_DEFAULT_ADDRESS, 0x1000);
+ }
+}
+
+/* pci-info ROM file. Little endian format */
+typedef struct PcRomPciInfo {
+ uint64_t w32_min;
+ uint64_t w32_max;
+ uint64_t w64_min;
+ uint64_t w64_max;
+} PcRomPciInfo;
+
+static void pc_fw_cfg_guest_info(PcGuestInfo *guest_info)
+{
+ PcRomPciInfo *info;
+ Object *pci_info;
+ bool ambiguous = false;
+
+ if (!guest_info->has_pci_info || !guest_info->fw_cfg) {
+ return;
+ }
+ pci_info = object_resolve_path_type("", TYPE_PCI_HOST_BRIDGE, &ambiguous);
+ g_assert(!ambiguous);
+ if (!pci_info) {
+ return;
+ }
+
+ info = g_malloc(sizeof *info);
+ info->w32_min = cpu_to_le64(object_property_get_int(pci_info,
+ PCI_HOST_PROP_PCI_HOLE_START, NULL));
+ info->w32_max = cpu_to_le64(object_property_get_int(pci_info,
+ PCI_HOST_PROP_PCI_HOLE_END, NULL));
+ info->w64_min = cpu_to_le64(object_property_get_int(pci_info,
+ PCI_HOST_PROP_PCI_HOLE64_START, NULL));
+ info->w64_max = cpu_to_le64(object_property_get_int(pci_info,
+ PCI_HOST_PROP_PCI_HOLE64_END, NULL));
+ /* Pass PCI hole info to guest via a side channel.
+ * Required so guest PCI enumeration does the right thing. */
+ fw_cfg_add_file(guest_info->fw_cfg, "etc/pci-info", info, sizeof *info);
+}
+
+typedef struct PcGuestInfoState {
+ PcGuestInfo info;
+ Notifier machine_done;
+} PcGuestInfoState;
+
+static
+void pc_guest_info_machine_done(Notifier *notifier, void *data)
+{
+ PcGuestInfoState *guest_info_state = container_of(notifier,
+ PcGuestInfoState,
+ machine_done);
+ pc_fw_cfg_guest_info(&guest_info_state->info);
+}
+
+PcGuestInfo *pc_guest_info_init(ram_addr_t below_4g_mem_size,
+ ram_addr_t above_4g_mem_size)
+{
+ PcGuestInfoState *guest_info_state = g_malloc0(sizeof *guest_info_state);
+ PcGuestInfo *guest_info = &guest_info_state->info;
+
+ guest_info_state->machine_done.notify = pc_guest_info_machine_done;
+ qemu_add_machine_init_done_notifier(&guest_info_state->machine_done);
+ return guest_info;
+}
+
+void pc_init_pci64_hole(PcPciInfo *pci_info, uint64_t pci_hole64_start,
+ uint64_t pci_hole64_size)
+{
+ if ((sizeof(hwaddr) == 4) || (!pci_hole64_size)) {
+ return;
+ }
+ /*
+ * BIOS does not set MTRR entries for the 64 bit window, so no need to
+ * align address to power of two. Align address at 1G, this makes sure
+ * it can be exactly covered with a PAT entry even when using huge
+ * pages.
+ */
+ pci_info->w64.begin = ROUND_UP(pci_hole64_start, 0x1ULL << 30);
+ pci_info->w64.end = pci_info->w64.begin + pci_hole64_size;
+ assert(pci_info->w64.begin <= pci_info->w64.end);
+}
+
+void pc_acpi_init(const char *default_dsdt)
+{
+ char *filename;
+
+ if (acpi_tables != NULL) {
+ /* manually set via -acpitable, leave it alone */
+ return;
+ }
+
+ filename = qemu_find_file(QEMU_FILE_TYPE_BIOS, default_dsdt);
+ if (filename == NULL) {
+ fprintf(stderr, "WARNING: failed to find %s\n", default_dsdt);
+ } else {
+ char *arg;
+ QemuOpts *opts;
+ Error *err = NULL;
+
+ arg = g_strdup_printf("file=%s", filename);
+
+ /* creates a deep copy of "arg" */
+ opts = qemu_opts_parse(qemu_find_opts("acpi"), arg, 0);
+ g_assert(opts != NULL);
+
+ acpi_table_add(opts, &err);
+ if (err) {
+ fprintf(stderr, "WARNING: failed to load %s: %s\n", filename,
+ error_get_pretty(err));
+ error_free(err);
+ }
+ g_free(arg);
+ g_free(filename);
+ }
+}
+
+FWCfgState *pc_memory_init(MemoryRegion *system_memory,
+ const char *kernel_filename,
+ const char *kernel_cmdline,
+ const char *initrd_filename,
+ ram_addr_t below_4g_mem_size,
+ ram_addr_t above_4g_mem_size,
+ MemoryRegion *rom_memory,
+ MemoryRegion **ram_memory,
+ PcGuestInfo *guest_info)
+{
+ int linux_boot, i;
+ MemoryRegion *ram, *option_rom_mr;
+ MemoryRegion *ram_below_4g, *ram_above_4g;
+ FWCfgState *fw_cfg;
+
+ linux_boot = (kernel_filename != NULL);
+
+ /* Allocate RAM. We allocate it as a single memory region and use
+ * aliases to address portions of it, mostly for backwards compatibility
+ * with older qemus that used qemu_ram_alloc().
+ */
+ ram = g_malloc(sizeof(*ram));
+ memory_region_init_ram(ram, NULL, "pc.ram",
+ below_4g_mem_size + above_4g_mem_size);
+ vmstate_register_ram_global(ram);
+ *ram_memory = ram;
+ ram_below_4g = g_malloc(sizeof(*ram_below_4g));
+ memory_region_init_alias(ram_below_4g, NULL, "ram-below-4g", ram,
+ 0, below_4g_mem_size);
+ memory_region_add_subregion(system_memory, 0, ram_below_4g);
+ if (above_4g_mem_size > 0) {
+ ram_above_4g = g_malloc(sizeof(*ram_above_4g));
+ memory_region_init_alias(ram_above_4g, NULL, "ram-above-4g", ram,
+ below_4g_mem_size, above_4g_mem_size);
+ memory_region_add_subregion(system_memory, 0x100000000ULL,
+ ram_above_4g);
+ }
+
+
+ /* Initialize PC system firmware */
+ pc_system_firmware_init(rom_memory, guest_info->isapc_ram_fw);
+
+ option_rom_mr = g_malloc(sizeof(*option_rom_mr));
+ memory_region_init_ram(option_rom_mr, NULL, "pc.rom", PC_ROM_SIZE);
+ vmstate_register_ram_global(option_rom_mr);
+ memory_region_add_subregion_overlap(rom_memory,
+ PC_ROM_MIN_VGA,
+ option_rom_mr,
+ 1);
+
+ fw_cfg = bochs_bios_init();
+ rom_set_fw(fw_cfg);
+
+ if (linux_boot) {
+ load_linux(fw_cfg, kernel_filename, initrd_filename, kernel_cmdline, below_4g_mem_size);
+ }
+
+ for (i = 0; i < nb_option_roms; i++) {
+ rom_add_option(option_rom[i].name, option_rom[i].bootindex);
+ }
+ guest_info->fw_cfg = fw_cfg;
+ return fw_cfg;
+}
+
+qemu_irq *pc_allocate_cpu_irq(void)
+{
+ return qemu_allocate_irqs(pic_irq_request, NULL, 1);
+}
+
+DeviceState *pc_vga_init(ISABus *isa_bus, PCIBus *pci_bus)
+{
+ DeviceState *dev = NULL;
+
+ if (pci_bus) {
+ PCIDevice *pcidev = pci_vga_init(pci_bus);
+ dev = pcidev ? &pcidev->qdev : NULL;
+ } else if (isa_bus) {
+ ISADevice *isadev = isa_vga_init(isa_bus);
+ dev = isadev ? DEVICE(isadev) : NULL;
+ }
+ return dev;
+}
+
+static void cpu_request_exit(void *opaque, int irq, int level)
+{
+ CPUState *cpu = current_cpu;
+
+ if (cpu && level) {
+ cpu_exit(cpu);
+ }
+}
+
+static const MemoryRegionOps ioport80_io_ops = {
+ .write = ioport80_write,
+ .read = ioport80_read,
+ .endianness = DEVICE_NATIVE_ENDIAN,
+ .impl = {
+ .min_access_size = 1,
+ .max_access_size = 1,
+ },
+};
+
+static const MemoryRegionOps ioportF0_io_ops = {
+ .write = ioportF0_write,
+ .read = ioportF0_read,
+ .endianness = DEVICE_NATIVE_ENDIAN,
+ .impl = {
+ .min_access_size = 1,
+ .max_access_size = 1,
+ },
+};
+
+void pc_basic_device_init(ISABus *isa_bus, qemu_irq *gsi,
+ ISADevice **rtc_state,
+ ISADevice **floppy,
+ bool no_vmport)
+{
+ int i;
+ DriveInfo *fd[MAX_FD];
+ DeviceState *hpet = NULL;
+ int pit_isa_irq = 0;
+ qemu_irq pit_alt_irq = NULL;
+ qemu_irq rtc_irq = NULL;
+ qemu_irq *a20_line;
+ ISADevice *i8042, *port92, *vmmouse, *pit = NULL;
+ qemu_irq *cpu_exit_irq;
+ MemoryRegion *ioport80_io = g_new(MemoryRegion, 1);
+ MemoryRegion *ioportF0_io = g_new(MemoryRegion, 1);
+
+ memory_region_init_io(ioport80_io, NULL, &ioport80_io_ops, NULL, "ioport80", 1);
+ memory_region_add_subregion(isa_bus->address_space_io, 0x80, ioport80_io);
+
+ memory_region_init_io(ioportF0_io, NULL, &ioportF0_io_ops, NULL, "ioportF0", 1);
+ memory_region_add_subregion(isa_bus->address_space_io, 0xf0, ioportF0_io);
+
+ /*
+ * Check if an HPET shall be created.
+ *
+ * Without KVM_CAP_PIT_STATE2, we cannot switch off the in-kernel PIT
+ * when the HPET wants to take over. Thus we have to disable the latter.
+ */
+ if (!no_hpet && (!kvm_irqchip_in_kernel() || kvm_has_pit_state2())) {
+ hpet = sysbus_try_create_simple("hpet", HPET_BASE, NULL);
+
+ if (hpet) {
+ for (i = 0; i < GSI_NUM_PINS; i++) {
+ sysbus_connect_irq(SYS_BUS_DEVICE(hpet), i, gsi[i]);
+ }
+ pit_isa_irq = -1;
+ pit_alt_irq = qdev_get_gpio_in(hpet, HPET_LEGACY_PIT_INT);
+ rtc_irq = qdev_get_gpio_in(hpet, HPET_LEGACY_RTC_INT);
+ }
+ }
+ *rtc_state = rtc_init(isa_bus, 2000, rtc_irq);
+
+ qemu_register_boot_set(pc_boot_set, *rtc_state);
+
+ if (!xen_enabled()) {
+ if (kvm_irqchip_in_kernel()) {
+ pit = kvm_pit_init(isa_bus, 0x40);
+ } else {
+ pit = pit_init(isa_bus, 0x40, pit_isa_irq, pit_alt_irq);
+ }
+ if (hpet) {
+ /* connect PIT to output control line of the HPET */
+ qdev_connect_gpio_out(hpet, 0, qdev_get_gpio_in(DEVICE(pit), 0));
+ }
+ pcspk_init(isa_bus, pit);
+ }
+
+ for(i = 0; i < MAX_SERIAL_PORTS; i++) {
+ if (serial_hds[i]) {
+ serial_isa_init(isa_bus, i, serial_hds[i]);
+ }
+ }
+
+ for(i = 0; i < MAX_PARALLEL_PORTS; i++) {
+ if (parallel_hds[i]) {
+ parallel_init(isa_bus, i, parallel_hds[i]);
+ }
+ }
+
+ a20_line = qemu_allocate_irqs(handle_a20_line_change, first_cpu, 2);
+ i8042 = isa_create_simple(isa_bus, "i8042");
+ i8042_setup_a20_line(i8042, &a20_line[0]);
+ if (!no_vmport) {
+ vmport_init(isa_bus);
+ vmmouse = isa_try_create(isa_bus, "vmmouse");
+ } else {
+ vmmouse = NULL;
+ }
+ if (vmmouse) {
+ DeviceState *dev = DEVICE(vmmouse);
+ qdev_prop_set_ptr(dev, "ps2_mouse", i8042);
+ qdev_init_nofail(dev);
+ }
+ port92 = isa_create_simple(isa_bus, "port92");
+ port92_init(port92, &a20_line[1]);
+
+ cpu_exit_irq = qemu_allocate_irqs(cpu_request_exit, NULL, 1);
+ DMA_init(0, cpu_exit_irq);
+
+ for(i = 0; i < MAX_FD; i++) {
+ fd[i] = drive_get(IF_FLOPPY, 0, i);
+ }
+ *floppy = fdctrl_init_isa(isa_bus, fd);
+}
+
+void pc_nic_init(ISABus *isa_bus, PCIBus *pci_bus)
+{
+ int i;
+
+ for (i = 0; i < nb_nics; i++) {
+ NICInfo *nd = &nd_table[i];
+
+ if (!pci_bus || (nd->model && strcmp(nd->model, "ne2k_isa") == 0)) {
+ pc_init_ne2k_isa(isa_bus, nd);
+ } else {
+ pci_nic_init_nofail(nd, pci_bus, "e1000", NULL);
+ }
+ }
+}
+
+void pc_pci_device_init(PCIBus *pci_bus)
+{
+ int max_bus;
+ int bus;
+
+ max_bus = drive_get_max_bus(IF_SCSI);
+ for (bus = 0; bus <= max_bus; bus++) {
+ pci_create_simple(pci_bus, -1, "lsi53c895a");
+ }
+}
+
+void ioapic_init_gsi(GSIState *gsi_state, const char *parent_name)
+{
+ DeviceState *dev;
+ SysBusDevice *d;
+ unsigned int i;
+
+ if (kvm_irqchip_in_kernel()) {
+ dev = qdev_create(NULL, "kvm-ioapic");
+ } else {
+ dev = qdev_create(NULL, "ioapic");
+ }
+ if (parent_name) {
+ object_property_add_child(object_resolve_path(parent_name, NULL),
+ "ioapic", OBJECT(dev), NULL);
+ }
+ qdev_init_nofail(dev);
+ d = SYS_BUS_DEVICE(dev);
+ sysbus_mmio_map(d, 0, IO_APIC_DEFAULT_ADDRESS);
+
+ for (i = 0; i < IOAPIC_NUM_PINS; i++) {
+ gsi_state->ioapic_irq[i] = qdev_get_gpio_in(dev, i);
+ }
+}
diff --git a/hw/i386/pc_piix.c b/hw/i386/pc_piix.c
new file mode 100644
index 000000000..6e1e654f3
--- /dev/null
+++ b/hw/i386/pc_piix.c
@@ -0,0 +1,782 @@
+/*
+ * QEMU PC System Emulator
+ *
+ * Copyright (c) 2003-2004 Fabrice Bellard
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+#include <glib.h>
+
+#include "hw/hw.h"
+#include "hw/i386/pc.h"
+#include "hw/i386/apic.h"
+#include "hw/pci/pci.h"
+#include "hw/pci/pci_ids.h"
+#include "hw/usb.h"
+#include "net/net.h"
+#include "hw/boards.h"
+#include "hw/ide.h"
+#include "sysemu/kvm.h"
+#include "hw/kvm/clock.h"
+#include "sysemu/sysemu.h"
+#include "hw/sysbus.h"
+#include "hw/cpu/icc_bus.h"
+#include "sysemu/arch_init.h"
+#include "sysemu/blockdev.h"
+#include "hw/i2c/smbus.h"
+#include "hw/xen/xen.h"
+#include "exec/memory.h"
+#include "exec/address-spaces.h"
+#include "hw/acpi/acpi.h"
+#include "cpu.h"
+#ifdef CONFIG_XEN
+# include <xen/hvm/hvm_info_table.h>
+#endif
+
+#define MAX_IDE_BUS 2
+
+static const int ide_iobase[MAX_IDE_BUS] = { 0x1f0, 0x170 };
+static const int ide_iobase2[MAX_IDE_BUS] = { 0x3f6, 0x376 };
+static const int ide_irq[MAX_IDE_BUS] = { 14, 15 };
+
+static bool has_pvpanic;
+static bool has_pci_info = true;
+
+/* PC hardware initialisation */
+static void pc_init1(MemoryRegion *system_memory,
+ MemoryRegion *system_io,
+ ram_addr_t ram_size,
+ const char *boot_device,
+ const char *kernel_filename,
+ const char *kernel_cmdline,
+ const char *initrd_filename,
+ const char *cpu_model,
+ int pci_enabled,
+ int kvmclock_enabled)
+{
+ int i;
+ ram_addr_t below_4g_mem_size, above_4g_mem_size;
+ PCIBus *pci_bus;
+ ISABus *isa_bus;
+ PCII440FXState *i440fx_state;
+ int piix3_devfn = -1;
+ qemu_irq *cpu_irq;
+ qemu_irq *gsi;
+ qemu_irq *i8259;
+ qemu_irq *smi_irq;
+ GSIState *gsi_state;
+ DriveInfo *hd[MAX_IDE_BUS * MAX_IDE_DEVS];
+ BusState *idebus[MAX_IDE_BUS];
+ ISADevice *rtc_state;
+ ISADevice *floppy;
+ MemoryRegion *ram_memory;
+ MemoryRegion *pci_memory;
+ MemoryRegion *rom_memory;
+ DeviceState *icc_bridge;
+ FWCfgState *fw_cfg = NULL;
+ PcGuestInfo *guest_info;
+
+ if (xen_enabled() && xen_hvm_init() != 0) {
+ fprintf(stderr, "xen hardware virtual machine initialisation failed\n");
+ exit(1);
+ }
+
+ icc_bridge = qdev_create(NULL, TYPE_ICC_BRIDGE);
+ object_property_add_child(qdev_get_machine(), "icc-bridge",
+ OBJECT(icc_bridge), NULL);
+
+ pc_cpus_init(cpu_model, icc_bridge);
+
+ if (kvm_enabled() && kvmclock_enabled) {
+ kvmclock_create();
+ }
+
+ if (ram_size >= 0xe0000000 ) {
+ above_4g_mem_size = ram_size - 0xe0000000;
+ below_4g_mem_size = 0xe0000000;
+ } else {
+ above_4g_mem_size = 0;
+ below_4g_mem_size = ram_size;
+ }
+
+ if (pci_enabled) {
+ pci_memory = g_new(MemoryRegion, 1);
+ memory_region_init(pci_memory, NULL, "pci", INT64_MAX);
+ rom_memory = pci_memory;
+ } else {
+ pci_memory = NULL;
+ rom_memory = system_memory;
+ }
+
+ guest_info = pc_guest_info_init(below_4g_mem_size, above_4g_mem_size);
+ guest_info->has_pci_info = has_pci_info;
+ guest_info->isapc_ram_fw = !pci_enabled;
+
+ /* allocate ram and load rom/bios */
+ if (!xen_enabled()) {
+ fw_cfg = pc_memory_init(system_memory,
+ kernel_filename, kernel_cmdline, initrd_filename,
+ below_4g_mem_size, above_4g_mem_size,
+ rom_memory, &ram_memory, guest_info);
+ }
+
+ gsi_state = g_malloc0(sizeof(*gsi_state));
+ if (kvm_irqchip_in_kernel()) {
+ kvm_pc_setup_irq_routing(pci_enabled);
+ gsi = qemu_allocate_irqs(kvm_pc_gsi_handler, gsi_state,
+ GSI_NUM_PINS);
+ } else {
+ gsi = qemu_allocate_irqs(gsi_handler, gsi_state, GSI_NUM_PINS);
+ }
+
+ if (pci_enabled) {
+ pci_bus = i440fx_init(&i440fx_state, &piix3_devfn, &isa_bus, gsi,
+ system_memory, system_io, ram_size,
+ below_4g_mem_size,
+ 0x100000000ULL - below_4g_mem_size,
+ above_4g_mem_size,
+ pci_memory, ram_memory);
+ } else {
+ pci_bus = NULL;
+ i440fx_state = NULL;
+ isa_bus = isa_bus_new(NULL, system_io);
+ no_hpet = 1;
+ }
+ isa_bus_irqs(isa_bus, gsi);
+
+ if (kvm_irqchip_in_kernel()) {
+ i8259 = kvm_i8259_init(isa_bus);
+ } else if (xen_enabled()) {
+ i8259 = xen_interrupt_controller_init();
+ } else {
+ cpu_irq = pc_allocate_cpu_irq();
+ i8259 = i8259_init(isa_bus, cpu_irq[0]);
+ }
+
+ for (i = 0; i < ISA_NUM_IRQS; i++) {
+ gsi_state->i8259_irq[i] = i8259[i];
+ }
+ if (pci_enabled) {
+ ioapic_init_gsi(gsi_state, "i440fx");
+ }
+ qdev_init_nofail(icc_bridge);
+
+ pc_register_ferr_irq(gsi[13]);
+
+ pc_vga_init(isa_bus, pci_enabled ? pci_bus : NULL);
+
+ /* init basic PC hardware */
+ pc_basic_device_init(isa_bus, gsi, &rtc_state, &floppy, xen_enabled());
+
+ pc_nic_init(isa_bus, pci_bus);
+
+ ide_drive_get(hd, MAX_IDE_BUS);
+ if (pci_enabled) {
+ PCIDevice *dev;
+ if (xen_enabled()) {
+ dev = pci_piix3_xen_ide_init(pci_bus, hd, piix3_devfn + 1);
+ } else {
+ dev = pci_piix3_ide_init(pci_bus, hd, piix3_devfn + 1);
+ }
+ idebus[0] = qdev_get_child_bus(&dev->qdev, "ide.0");
+ idebus[1] = qdev_get_child_bus(&dev->qdev, "ide.1");
+ } else {
+ for(i = 0; i < MAX_IDE_BUS; i++) {
+ ISADevice *dev;
+ dev = isa_ide_init(isa_bus, ide_iobase[i], ide_iobase2[i],
+ ide_irq[i],
+ hd[MAX_IDE_DEVS * i], hd[MAX_IDE_DEVS * i + 1]);
+ idebus[i] = qdev_get_child_bus(DEVICE(dev), "ide.0");
+ }
+ }
+
+ pc_cmos_init(below_4g_mem_size, above_4g_mem_size, boot_device,
+ floppy, idebus[0], idebus[1], rtc_state);
+
+ if (pci_enabled && usb_enabled(false)) {
+ pci_create_simple(pci_bus, piix3_devfn + 2, "piix3-usb-uhci");
+ }
+
+ if (pci_enabled && acpi_enabled) {
+ i2c_bus *smbus;
+
+ smi_irq = qemu_allocate_irqs(pc_acpi_smi_interrupt, first_cpu, 1);
+ /* TODO: Populate SPD eeprom data. */
+ smbus = piix4_pm_init(pci_bus, piix3_devfn + 3, 0xb100,
+ gsi[9], *smi_irq,
+ kvm_enabled(), fw_cfg);
+ smbus_eeprom_init(smbus, 8, NULL, 0);
+ }
+
+ if (pci_enabled) {
+ pc_pci_device_init(pci_bus);
+ }
+
+ if (has_pvpanic) {
+ pvpanic_init(isa_bus);
+ }
+}
+
+static void pc_init_pci(QEMUMachineInitArgs *args)
+{
+ ram_addr_t ram_size = args->ram_size;
+ const char *cpu_model = args->cpu_model;
+ const char *kernel_filename = args->kernel_filename;
+ const char *kernel_cmdline = args->kernel_cmdline;
+ const char *initrd_filename = args->initrd_filename;
+ const char *boot_device = args->boot_device;
+ pc_init1(get_system_memory(),
+ get_system_io(),
+ ram_size, boot_device,
+ kernel_filename, kernel_cmdline,
+ initrd_filename, cpu_model, 1, 1);
+}
+
+static void pc_init_pci_1_6(QEMUMachineInitArgs *args)
+{
+ has_pci_info = false;
+ pc_init_pci(args);
+}
+
+static void pc_init_pci_1_5(QEMUMachineInitArgs *args)
+{
+ has_pvpanic = true;
+ pc_init_pci_1_6(args);
+}
+
+static void pc_init_pci_1_4(QEMUMachineInitArgs *args)
+{
+ x86_cpu_compat_set_features("n270", FEAT_1_ECX, 0, CPUID_EXT_MOVBE);
+ x86_cpu_compat_set_features("Westmere", FEAT_1_ECX, 0, CPUID_EXT_PCLMULQDQ);
+ has_pci_info = false;
+ pc_init_pci(args);
+}
+
+static void pc_init_pci_1_3(QEMUMachineInitArgs *args)
+{
+ enable_compat_apic_id_mode();
+ pc_init_pci_1_4(args);
+}
+
+/* PC machine init function for pc-1.1 to pc-1.2 */
+static void pc_init_pci_1_2(QEMUMachineInitArgs *args)
+{
+ disable_kvm_pv_eoi();
+ pc_init_pci_1_3(args);
+}
+
+/* PC machine init function for pc-0.14 to pc-1.0 */
+static void pc_init_pci_1_0(QEMUMachineInitArgs *args)
+{
+ pc_init_pci_1_2(args);
+}
+
+/* PC init function for pc-0.10 to pc-0.13, and reused by xenfv */
+static void pc_init_pci_no_kvmclock(QEMUMachineInitArgs *args)
+{
+ ram_addr_t ram_size = args->ram_size;
+ const char *cpu_model = args->cpu_model;
+ const char *kernel_filename = args->kernel_filename;
+ const char *kernel_cmdline = args->kernel_cmdline;
+ const char *initrd_filename = args->initrd_filename;
+ const char *boot_device = args->boot_device;
+ has_pci_info = false;
+ disable_kvm_pv_eoi();
+ enable_compat_apic_id_mode();
+ pc_init1(get_system_memory(),
+ get_system_io(),
+ ram_size, boot_device,
+ kernel_filename, kernel_cmdline,
+ initrd_filename, cpu_model, 1, 0);
+}
+
+static void pc_init_isa(QEMUMachineInitArgs *args)
+{
+ ram_addr_t ram_size = args->ram_size;
+ const char *cpu_model = args->cpu_model;
+ const char *kernel_filename = args->kernel_filename;
+ const char *kernel_cmdline = args->kernel_cmdline;
+ const char *initrd_filename = args->initrd_filename;
+ const char *boot_device = args->boot_device;
+ has_pci_info = false;
+ if (cpu_model == NULL)
+ cpu_model = "486";
+ disable_kvm_pv_eoi();
+ enable_compat_apic_id_mode();
+ pc_init1(get_system_memory(),
+ get_system_io(),
+ ram_size, boot_device,
+ kernel_filename, kernel_cmdline,
+ initrd_filename, cpu_model, 0, 1);
+}
+
+#ifdef CONFIG_XEN
+static void pc_xen_hvm_init(QEMUMachineInitArgs *args)
+{
+ PCIBus *bus;
+
+ pc_init_pci(args);
+
+ bus = pci_find_primary_bus();
+ if (bus != NULL) {
+ pci_create_simple(bus, -1, "xen-platform");
+ }
+}
+#endif
+
+static QEMUMachine pc_i440fx_machine_v1_6 = {
+ .name = "pc-i440fx-1.6",
+ .alias = "pc",
+ .desc = "Standard PC (i440FX + PIIX, 1996)",
+ .init = pc_init_pci_1_6,
+ .hot_add_cpu = pc_hot_add_cpu,
+ .max_cpus = 255,
+ .is_default = 1,
+ DEFAULT_MACHINE_OPTIONS,
+};
+
+static QEMUMachine pc_i440fx_machine_v1_5 = {
+ .name = "pc-i440fx-1.5",
+ .desc = "Standard PC (i440FX + PIIX, 1996)",
+ .init = pc_init_pci_1_5,
+ .hot_add_cpu = pc_hot_add_cpu,
+ .max_cpus = 255,
+ .compat_props = (GlobalProperty[]) {
+ PC_COMPAT_1_5,
+ { /* end of list */ }
+ },
+ DEFAULT_MACHINE_OPTIONS,
+};
+
+static QEMUMachine pc_i440fx_machine_v1_4 = {
+ .name = "pc-i440fx-1.4",
+ .desc = "Standard PC (i440FX + PIIX, 1996)",
+ .init = pc_init_pci_1_4,
+ .max_cpus = 255,
+ .compat_props = (GlobalProperty[]) {
+ PC_COMPAT_1_4,
+ { /* end of list */ }
+ },
+ DEFAULT_MACHINE_OPTIONS,
+};
+
+#define PC_COMPAT_1_3 \
+ PC_COMPAT_1_4, \
+ {\
+ .driver = "usb-tablet",\
+ .property = "usb_version",\
+ .value = stringify(1),\
+ },{\
+ .driver = "virtio-net-pci",\
+ .property = "ctrl_mac_addr",\
+ .value = "off", \
+ },{ \
+ .driver = "virtio-net-pci", \
+ .property = "mq", \
+ .value = "off", \
+ }, {\
+ .driver = "e1000",\
+ .property = "autonegotiation",\
+ .value = "off",\
+ }
+
+static QEMUMachine pc_machine_v1_3 = {
+ .name = "pc-1.3",
+ .desc = "Standard PC",
+ .init = pc_init_pci_1_3,
+ .max_cpus = 255,
+ .compat_props = (GlobalProperty[]) {
+ PC_COMPAT_1_3,
+ { /* end of list */ }
+ },
+ DEFAULT_MACHINE_OPTIONS,
+};
+
+#define PC_COMPAT_1_2 \
+ PC_COMPAT_1_3,\
+ {\
+ .driver = "nec-usb-xhci",\
+ .property = "msi",\
+ .value = "off",\
+ },{\
+ .driver = "nec-usb-xhci",\
+ .property = "msix",\
+ .value = "off",\
+ },{\
+ .driver = "ivshmem",\
+ .property = "use64",\
+ .value = "0",\
+ },{\
+ .driver = "qxl",\
+ .property = "revision",\
+ .value = stringify(3),\
+ },{\
+ .driver = "qxl-vga",\
+ .property = "revision",\
+ .value = stringify(3),\
+ },{\
+ .driver = "VGA",\
+ .property = "mmio",\
+ .value = "off",\
+ }
+
+static QEMUMachine pc_machine_v1_2 = {
+ .name = "pc-1.2",
+ .desc = "Standard PC",
+ .init = pc_init_pci_1_2,
+ .max_cpus = 255,
+ .compat_props = (GlobalProperty[]) {
+ PC_COMPAT_1_2,
+ { /* end of list */ }
+ },
+ DEFAULT_MACHINE_OPTIONS,
+};
+
+#define PC_COMPAT_1_1 \
+ PC_COMPAT_1_2,\
+ {\
+ .driver = "virtio-scsi-pci",\
+ .property = "hotplug",\
+ .value = "off",\
+ },{\
+ .driver = "virtio-scsi-pci",\
+ .property = "param_change",\
+ .value = "off",\
+ },{\
+ .driver = "VGA",\
+ .property = "vgamem_mb",\
+ .value = stringify(8),\
+ },{\
+ .driver = "vmware-svga",\
+ .property = "vgamem_mb",\
+ .value = stringify(8),\
+ },{\
+ .driver = "qxl-vga",\
+ .property = "vgamem_mb",\
+ .value = stringify(8),\
+ },{\
+ .driver = "qxl",\
+ .property = "vgamem_mb",\
+ .value = stringify(8),\
+ },{\
+ .driver = "virtio-blk-pci",\
+ .property = "config-wce",\
+ .value = "off",\
+ }
+
+static QEMUMachine pc_machine_v1_1 = {
+ .name = "pc-1.1",
+ .desc = "Standard PC",
+ .init = pc_init_pci_1_2,
+ .max_cpus = 255,
+ .compat_props = (GlobalProperty[]) {
+ PC_COMPAT_1_1,
+ { /* end of list */ }
+ },
+ DEFAULT_MACHINE_OPTIONS,
+};
+
+#define PC_COMPAT_1_0 \
+ PC_COMPAT_1_1,\
+ {\
+ .driver = TYPE_ISA_FDC,\
+ .property = "check_media_rate",\
+ .value = "off",\
+ }, {\
+ .driver = "virtio-balloon-pci",\
+ .property = "class",\
+ .value = stringify(PCI_CLASS_MEMORY_RAM),\
+ },{\
+ .driver = "apic",\
+ .property = "vapic",\
+ .value = "off",\
+ },{\
+ .driver = TYPE_USB_DEVICE,\
+ .property = "full-path",\
+ .value = "no",\
+ }
+
+static QEMUMachine pc_machine_v1_0 = {
+ .name = "pc-1.0",
+ .desc = "Standard PC",
+ .init = pc_init_pci_1_0,
+ .max_cpus = 255,
+ .compat_props = (GlobalProperty[]) {
+ PC_COMPAT_1_0,
+ { /* end of list */ }
+ },
+ .hw_version = "1.0",
+ DEFAULT_MACHINE_OPTIONS,
+};
+
+#define PC_COMPAT_0_15 \
+ PC_COMPAT_1_0
+
+static QEMUMachine pc_machine_v0_15 = {
+ .name = "pc-0.15",
+ .desc = "Standard PC",
+ .init = pc_init_pci_1_0,
+ .max_cpus = 255,
+ .compat_props = (GlobalProperty[]) {
+ PC_COMPAT_0_15,
+ { /* end of list */ }
+ },
+ .hw_version = "0.15",
+ DEFAULT_MACHINE_OPTIONS,
+};
+
+#define PC_COMPAT_0_14 \
+ PC_COMPAT_0_15,\
+ {\
+ .driver = "virtio-blk-pci",\
+ .property = "event_idx",\
+ .value = "off",\
+ },{\
+ .driver = "virtio-serial-pci",\
+ .property = "event_idx",\
+ .value = "off",\
+ },{\
+ .driver = "virtio-net-pci",\
+ .property = "event_idx",\
+ .value = "off",\
+ },{\
+ .driver = "virtio-balloon-pci",\
+ .property = "event_idx",\
+ .value = "off",\
+ }
+
+static QEMUMachine pc_machine_v0_14 = {
+ .name = "pc-0.14",
+ .desc = "Standard PC",
+ .init = pc_init_pci_1_0,
+ .max_cpus = 255,
+ .compat_props = (GlobalProperty[]) {
+ PC_COMPAT_0_14,
+ {
+ .driver = "qxl",
+ .property = "revision",
+ .value = stringify(2),
+ },{
+ .driver = "qxl-vga",
+ .property = "revision",
+ .value = stringify(2),
+ },
+ { /* end of list */ }
+ },
+ .hw_version = "0.14",
+ DEFAULT_MACHINE_OPTIONS,
+};
+
+#define PC_COMPAT_0_13 \
+ PC_COMPAT_0_14,\
+ {\
+ .driver = TYPE_PCI_DEVICE,\
+ .property = "command_serr_enable",\
+ .value = "off",\
+ },{\
+ .driver = "AC97",\
+ .property = "use_broken_id",\
+ .value = stringify(1),\
+ }
+
+static QEMUMachine pc_machine_v0_13 = {
+ .name = "pc-0.13",
+ .desc = "Standard PC",
+ .init = pc_init_pci_no_kvmclock,
+ .max_cpus = 255,
+ .compat_props = (GlobalProperty[]) {
+ PC_COMPAT_0_13,
+ {
+ .driver = "virtio-9p-pci",
+ .property = "vectors",
+ .value = stringify(0),
+ },{
+ .driver = "VGA",
+ .property = "rombar",
+ .value = stringify(0),
+ },{
+ .driver = "vmware-svga",
+ .property = "rombar",
+ .value = stringify(0),
+ },
+ { /* end of list */ }
+ },
+ .hw_version = "0.13",
+ DEFAULT_MACHINE_OPTIONS,
+};
+
+#define PC_COMPAT_0_12 \
+ PC_COMPAT_0_13,\
+ {\
+ .driver = "virtio-serial-pci",\
+ .property = "max_ports",\
+ .value = stringify(1),\
+ },{\
+ .driver = "virtio-serial-pci",\
+ .property = "vectors",\
+ .value = stringify(0),\
+ },{\
+ .driver = "usb-mouse",\
+ .property = "serial",\
+ .value = "1",\
+ },{\
+ .driver = "usb-tablet",\
+ .property = "serial",\
+ .value = "1",\
+ },{\
+ .driver = "usb-kbd",\
+ .property = "serial",\
+ .value = "1",\
+ }
+
+static QEMUMachine pc_machine_v0_12 = {
+ .name = "pc-0.12",
+ .desc = "Standard PC",
+ .init = pc_init_pci_no_kvmclock,
+ .max_cpus = 255,
+ .compat_props = (GlobalProperty[]) {
+ PC_COMPAT_0_12,
+ {
+ .driver = "VGA",
+ .property = "rombar",
+ .value = stringify(0),
+ },{
+ .driver = "vmware-svga",
+ .property = "rombar",
+ .value = stringify(0),
+ },
+ { /* end of list */ }
+ },
+ .hw_version = "0.12",
+ DEFAULT_MACHINE_OPTIONS,
+};
+
+#define PC_COMPAT_0_11 \
+ PC_COMPAT_0_12,\
+ {\
+ .driver = "virtio-blk-pci",\
+ .property = "vectors",\
+ .value = stringify(0),\
+ },{\
+ .driver = TYPE_PCI_DEVICE,\
+ .property = "rombar",\
+ .value = stringify(0),\
+ }
+
+static QEMUMachine pc_machine_v0_11 = {
+ .name = "pc-0.11",
+ .desc = "Standard PC, qemu 0.11",
+ .init = pc_init_pci_no_kvmclock,
+ .max_cpus = 255,
+ .compat_props = (GlobalProperty[]) {
+ PC_COMPAT_0_11,
+ {
+ .driver = "ide-drive",
+ .property = "ver",
+ .value = "0.11",
+ },{
+ .driver = "scsi-disk",
+ .property = "ver",
+ .value = "0.11",
+ },
+ { /* end of list */ }
+ },
+ .hw_version = "0.11",
+ DEFAULT_MACHINE_OPTIONS,
+};
+
+static QEMUMachine pc_machine_v0_10 = {
+ .name = "pc-0.10",
+ .desc = "Standard PC, qemu 0.10",
+ .init = pc_init_pci_no_kvmclock,
+ .max_cpus = 255,
+ .compat_props = (GlobalProperty[]) {
+ PC_COMPAT_0_11,
+ {
+ .driver = "virtio-blk-pci",
+ .property = "class",
+ .value = stringify(PCI_CLASS_STORAGE_OTHER),
+ },{
+ .driver = "virtio-serial-pci",
+ .property = "class",
+ .value = stringify(PCI_CLASS_DISPLAY_OTHER),
+ },{
+ .driver = "virtio-net-pci",
+ .property = "vectors",
+ .value = stringify(0),
+ },{
+ .driver = "ide-drive",
+ .property = "ver",
+ .value = "0.10",
+ },{
+ .driver = "scsi-disk",
+ .property = "ver",
+ .value = "0.10",
+ },
+ { /* end of list */ }
+ },
+ .hw_version = "0.10",
+ DEFAULT_MACHINE_OPTIONS,
+};
+
+static QEMUMachine isapc_machine = {
+ .name = "isapc",
+ .desc = "ISA-only PC",
+ .init = pc_init_isa,
+ .max_cpus = 1,
+ .compat_props = (GlobalProperty[]) {
+ { /* end of list */ }
+ },
+ DEFAULT_MACHINE_OPTIONS,
+};
+
+#ifdef CONFIG_XEN
+static QEMUMachine xenfv_machine = {
+ .name = "xenfv",
+ .desc = "Xen Fully-virtualized PC",
+ .init = pc_xen_hvm_init,
+ .max_cpus = HVM_MAX_VCPUS,
+ .default_machine_opts = "accel=xen",
+ DEFAULT_MACHINE_OPTIONS,
+};
+#endif
+
+static void pc_machine_init(void)
+{
+ qemu_register_machine(&pc_i440fx_machine_v1_6);
+ qemu_register_machine(&pc_i440fx_machine_v1_5);
+ qemu_register_machine(&pc_i440fx_machine_v1_4);
+ qemu_register_machine(&pc_machine_v1_3);
+ qemu_register_machine(&pc_machine_v1_2);
+ qemu_register_machine(&pc_machine_v1_1);
+ qemu_register_machine(&pc_machine_v1_0);
+ qemu_register_machine(&pc_machine_v0_15);
+ qemu_register_machine(&pc_machine_v0_14);
+ qemu_register_machine(&pc_machine_v0_13);
+ qemu_register_machine(&pc_machine_v0_12);
+ qemu_register_machine(&pc_machine_v0_11);
+ qemu_register_machine(&pc_machine_v0_10);
+ qemu_register_machine(&isapc_machine);
+#ifdef CONFIG_XEN
+ qemu_register_machine(&xenfv_machine);
+#endif
+}
+
+machine_init(pc_machine_init);
diff --git a/hw/i386/pc_q35.c b/hw/i386/pc_q35.c
new file mode 100644
index 000000000..10e770e36
--- /dev/null
+++ b/hw/i386/pc_q35.c
@@ -0,0 +1,283 @@
+/*
+ * Q35 chipset based pc system emulator
+ *
+ * Copyright (c) 2003-2004 Fabrice Bellard
+ * Copyright (c) 2009, 2010
+ * Isaku Yamahata <yamahata at valinux co jp>
+ * VA Linux Systems Japan K.K.
+ * Copyright (C) 2012 Jason Baron <jbaron@redhat.com>
+ *
+ * This is based on pc.c, but heavily modified.
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+#include "hw/hw.h"
+#include "sysemu/arch_init.h"
+#include "hw/i2c/smbus.h"
+#include "hw/boards.h"
+#include "hw/timer/mc146818rtc.h"
+#include "hw/xen/xen.h"
+#include "sysemu/kvm.h"
+#include "hw/kvm/clock.h"
+#include "hw/pci-host/q35.h"
+#include "exec/address-spaces.h"
+#include "hw/i386/ich9.h"
+#include "hw/ide/pci.h"
+#include "hw/ide/ahci.h"
+#include "hw/usb.h"
+#include "hw/cpu/icc_bus.h"
+
+/* ICH9 AHCI has 6 ports */
+#define MAX_SATA_PORTS 6
+
+static bool has_pvpanic;
+static bool has_pci_info = true;
+
+/* PC hardware initialisation */
+static void pc_q35_init(QEMUMachineInitArgs *args)
+{
+ ram_addr_t ram_size = args->ram_size;
+ const char *cpu_model = args->cpu_model;
+ const char *kernel_filename = args->kernel_filename;
+ const char *kernel_cmdline = args->kernel_cmdline;
+ const char *initrd_filename = args->initrd_filename;
+ const char *boot_device = args->boot_device;
+ ram_addr_t below_4g_mem_size, above_4g_mem_size;
+ Q35PCIHost *q35_host;
+ PCIHostState *phb;
+ PCIBus *host_bus;
+ PCIDevice *lpc;
+ BusState *idebus[MAX_SATA_PORTS];
+ ISADevice *rtc_state;
+ ISADevice *floppy;
+ MemoryRegion *pci_memory;
+ MemoryRegion *rom_memory;
+ MemoryRegion *ram_memory;
+ GSIState *gsi_state;
+ ISABus *isa_bus;
+ int pci_enabled = 1;
+ qemu_irq *cpu_irq;
+ qemu_irq *gsi;
+ qemu_irq *i8259;
+ int i;
+ ICH9LPCState *ich9_lpc;
+ PCIDevice *ahci;
+ DeviceState *icc_bridge;
+ PcGuestInfo *guest_info;
+
+ icc_bridge = qdev_create(NULL, TYPE_ICC_BRIDGE);
+ object_property_add_child(qdev_get_machine(), "icc-bridge",
+ OBJECT(icc_bridge), NULL);
+
+ pc_cpus_init(cpu_model, icc_bridge);
+ pc_acpi_init("q35-acpi-dsdt.aml");
+
+ kvmclock_create();
+
+ if (ram_size >= 0xb0000000) {
+ above_4g_mem_size = ram_size - 0xb0000000;
+ below_4g_mem_size = 0xb0000000;
+ } else {
+ above_4g_mem_size = 0;
+ below_4g_mem_size = ram_size;
+ }
+
+ /* pci enabled */
+ if (pci_enabled) {
+ pci_memory = g_new(MemoryRegion, 1);
+ memory_region_init(pci_memory, NULL, "pci", INT64_MAX);
+ rom_memory = pci_memory;
+ } else {
+ pci_memory = NULL;
+ rom_memory = get_system_memory();
+ }
+
+ guest_info = pc_guest_info_init(below_4g_mem_size, above_4g_mem_size);
+ guest_info->has_pci_info = has_pci_info;
+ guest_info->isapc_ram_fw = false;
+
+ /* allocate ram and load rom/bios */
+ if (!xen_enabled()) {
+ pc_memory_init(get_system_memory(), kernel_filename, kernel_cmdline,
+ initrd_filename, below_4g_mem_size, above_4g_mem_size,
+ rom_memory, &ram_memory, guest_info);
+ }
+
+ /* irq lines */
+ gsi_state = g_malloc0(sizeof(*gsi_state));
+ if (kvm_irqchip_in_kernel()) {
+ kvm_pc_setup_irq_routing(pci_enabled);
+ gsi = qemu_allocate_irqs(kvm_pc_gsi_handler, gsi_state,
+ GSI_NUM_PINS);
+ } else {
+ gsi = qemu_allocate_irqs(gsi_handler, gsi_state, GSI_NUM_PINS);
+ }
+
+ /* create pci host bus */
+ q35_host = Q35_HOST_DEVICE(qdev_create(NULL, TYPE_Q35_HOST_DEVICE));
+
+ object_property_add_child(qdev_get_machine(), "q35", OBJECT(q35_host), NULL);
+ q35_host->mch.ram_memory = ram_memory;
+ q35_host->mch.pci_address_space = pci_memory;
+ q35_host->mch.system_memory = get_system_memory();
+ q35_host->mch.address_space_io = get_system_io();
+ q35_host->mch.below_4g_mem_size = below_4g_mem_size;
+ q35_host->mch.above_4g_mem_size = above_4g_mem_size;
+ q35_host->mch.guest_info = guest_info;
+ /* pci */
+ qdev_init_nofail(DEVICE(q35_host));
+ phb = PCI_HOST_BRIDGE(q35_host);
+ host_bus = phb->bus;
+ /* create ISA bus */
+ lpc = pci_create_simple_multifunction(host_bus, PCI_DEVFN(ICH9_LPC_DEV,
+ ICH9_LPC_FUNC), true,
+ TYPE_ICH9_LPC_DEVICE);
+ ich9_lpc = ICH9_LPC_DEVICE(lpc);
+ ich9_lpc->pic = gsi;
+ ich9_lpc->ioapic = gsi_state->ioapic_irq;
+ pci_bus_irqs(host_bus, ich9_lpc_set_irq, ich9_lpc_map_irq, ich9_lpc,
+ ICH9_LPC_NB_PIRQS);
+ pci_bus_set_route_irq_fn(host_bus, ich9_route_intx_pin_to_irq);
+ isa_bus = ich9_lpc->isa_bus;
+
+ /*end early*/
+ isa_bus_irqs(isa_bus, gsi);
+
+ if (kvm_irqchip_in_kernel()) {
+ i8259 = kvm_i8259_init(isa_bus);
+ } else if (xen_enabled()) {
+ i8259 = xen_interrupt_controller_init();
+ } else {
+ cpu_irq = pc_allocate_cpu_irq();
+ i8259 = i8259_init(isa_bus, cpu_irq[0]);
+ }
+
+ for (i = 0; i < ISA_NUM_IRQS; i++) {
+ gsi_state->i8259_irq[i] = i8259[i];
+ }
+ if (pci_enabled) {
+ ioapic_init_gsi(gsi_state, NULL);
+ }
+ qdev_init_nofail(icc_bridge);
+
+ pc_register_ferr_irq(gsi[13]);
+
+ /* init basic PC hardware */
+ pc_basic_device_init(isa_bus, gsi, &rtc_state, &floppy, false);
+
+ /* connect pm stuff to lpc */
+ ich9_lpc_pm_init(lpc);
+
+ /* ahci and SATA device, for q35 1 ahci controller is built-in */
+ ahci = pci_create_simple_multifunction(host_bus,
+ PCI_DEVFN(ICH9_SATA1_DEV,
+ ICH9_SATA1_FUNC),
+ true, "ich9-ahci");
+ idebus[0] = qdev_get_child_bus(&ahci->qdev, "ide.0");
+ idebus[1] = qdev_get_child_bus(&ahci->qdev, "ide.1");
+
+ if (usb_enabled(false)) {
+ /* Should we create 6 UHCI according to ich9 spec? */
+ ehci_create_ich9_with_companions(host_bus, 0x1d);
+ }
+
+ /* TODO: Populate SPD eeprom data. */
+ smbus_eeprom_init(ich9_smb_init(host_bus,
+ PCI_DEVFN(ICH9_SMB_DEV, ICH9_SMB_FUNC),
+ 0xb100),
+ 8, NULL, 0);
+
+ pc_cmos_init(below_4g_mem_size, above_4g_mem_size, boot_device,
+ floppy, idebus[0], idebus[1], rtc_state);
+
+ /* the rest devices to which pci devfn is automatically assigned */
+ pc_vga_init(isa_bus, host_bus);
+ pc_nic_init(isa_bus, host_bus);
+ if (pci_enabled) {
+ pc_pci_device_init(host_bus);
+ }
+
+ if (has_pvpanic) {
+ pvpanic_init(isa_bus);
+ }
+}
+
+static void pc_q35_init_1_6(QEMUMachineInitArgs *args)
+{
+ has_pci_info = false;
+ pc_q35_init(args);
+}
+
+static void pc_q35_init_1_5(QEMUMachineInitArgs *args)
+{
+ has_pvpanic = true;
+ pc_q35_init_1_6(args);
+}
+
+static void pc_q35_init_1_4(QEMUMachineInitArgs *args)
+{
+ x86_cpu_compat_set_features("n270", FEAT_1_ECX, 0, CPUID_EXT_MOVBE);
+ x86_cpu_compat_set_features("Westmere", FEAT_1_ECX, 0, CPUID_EXT_PCLMULQDQ);
+ has_pci_info = false;
+ pc_q35_init(args);
+}
+
+static QEMUMachine pc_q35_machine_v1_6 = {
+ .name = "pc-q35-1.6",
+ .alias = "q35",
+ .desc = "Standard PC (Q35 + ICH9, 2009)",
+ .init = pc_q35_init_1_6,
+ .hot_add_cpu = pc_hot_add_cpu,
+ .max_cpus = 255,
+ DEFAULT_MACHINE_OPTIONS,
+};
+
+static QEMUMachine pc_q35_machine_v1_5 = {
+ .name = "pc-q35-1.5",
+ .desc = "Standard PC (Q35 + ICH9, 2009)",
+ .init = pc_q35_init_1_5,
+ .hot_add_cpu = pc_hot_add_cpu,
+ .max_cpus = 255,
+ .compat_props = (GlobalProperty[]) {
+ PC_COMPAT_1_5,
+ { /* end of list */ }
+ },
+ DEFAULT_MACHINE_OPTIONS,
+};
+
+static QEMUMachine pc_q35_machine_v1_4 = {
+ .name = "pc-q35-1.4",
+ .desc = "Standard PC (Q35 + ICH9, 2009)",
+ .init = pc_q35_init_1_4,
+ .max_cpus = 255,
+ .compat_props = (GlobalProperty[]) {
+ PC_COMPAT_1_4,
+ { /* end of list */ }
+ },
+ DEFAULT_MACHINE_OPTIONS,
+};
+
+static void pc_q35_machine_init(void)
+{
+ qemu_register_machine(&pc_q35_machine_v1_6);
+ qemu_register_machine(&pc_q35_machine_v1_5);
+ qemu_register_machine(&pc_q35_machine_v1_4);
+}
+
+machine_init(pc_q35_machine_init);
diff --git a/hw/i386/pc_sysfw.c b/hw/i386/pc_sysfw.c
new file mode 100644
index 000000000..8246a1bdd
--- /dev/null
+++ b/hw/i386/pc_sysfw.c
@@ -0,0 +1,188 @@
+/*
+ * QEMU PC System Firmware
+ *
+ * Copyright (c) 2003-2004 Fabrice Bellard
+ * Copyright (c) 2011-2012 Intel Corporation
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+#include "sysemu/blockdev.h"
+#include "qemu/error-report.h"
+#include "hw/sysbus.h"
+#include "hw/hw.h"
+#include "hw/i386/pc.h"
+#include "hw/boards.h"
+#include "hw/loader.h"
+#include "sysemu/sysemu.h"
+#include "hw/block/flash.h"
+#include "sysemu/kvm.h"
+
+#define BIOS_FILENAME "bios.bin"
+
+typedef struct PcSysFwDevice {
+ SysBusDevice busdev;
+ uint8_t isapc_ram_fw;
+} PcSysFwDevice;
+
+static void pc_isa_bios_init(MemoryRegion *rom_memory,
+ MemoryRegion *flash_mem,
+ int ram_size)
+{
+ int isa_bios_size;
+ MemoryRegion *isa_bios;
+ uint64_t flash_size;
+ void *flash_ptr, *isa_bios_ptr;
+
+ flash_size = memory_region_size(flash_mem);
+
+ /* map the last 128KB of the BIOS in ISA space */
+ isa_bios_size = flash_size;
+ if (isa_bios_size > (128 * 1024)) {
+ isa_bios_size = 128 * 1024;
+ }
+ isa_bios = g_malloc(sizeof(*isa_bios));
+ memory_region_init_ram(isa_bios, NULL, "isa-bios", isa_bios_size);
+ vmstate_register_ram_global(isa_bios);
+ memory_region_add_subregion_overlap(rom_memory,
+ 0x100000 - isa_bios_size,
+ isa_bios,
+ 1);
+
+ /* copy ISA rom image from top of flash memory */
+ flash_ptr = memory_region_get_ram_ptr(flash_mem);
+ isa_bios_ptr = memory_region_get_ram_ptr(isa_bios);
+ memcpy(isa_bios_ptr,
+ ((uint8_t*)flash_ptr) + (flash_size - isa_bios_size),
+ isa_bios_size);
+
+ memory_region_set_readonly(isa_bios, true);
+}
+
+static void pc_system_flash_init(MemoryRegion *rom_memory,
+ DriveInfo *pflash_drv)
+{
+ BlockDriverState *bdrv;
+ int64_t size;
+ hwaddr phys_addr;
+ int sector_bits, sector_size;
+ pflash_t *system_flash;
+ MemoryRegion *flash_mem;
+
+ bdrv = pflash_drv->bdrv;
+ size = bdrv_getlength(pflash_drv->bdrv);
+ sector_bits = 12;
+ sector_size = 1 << sector_bits;
+
+ if ((size % sector_size) != 0) {
+ fprintf(stderr,
+ "qemu: PC system firmware (pflash) must be a multiple of 0x%x\n",
+ sector_size);
+ exit(1);
+ }
+
+ phys_addr = 0x100000000ULL - size;
+ system_flash = pflash_cfi01_register(phys_addr, NULL, "system.flash", size,
+ bdrv, sector_size, size >> sector_bits,
+ 1, 0x0000, 0x0000, 0x0000, 0x0000, 0);
+ flash_mem = pflash_cfi01_get_memory(system_flash);
+
+ pc_isa_bios_init(rom_memory, flash_mem, size);
+}
+
+static void old_pc_system_rom_init(MemoryRegion *rom_memory, bool isapc_ram_fw)
+{
+ char *filename;
+ MemoryRegion *bios, *isa_bios;
+ int bios_size, isa_bios_size;
+ int ret;
+
+ /* BIOS load */
+ if (bios_name == NULL) {
+ bios_name = BIOS_FILENAME;
+ }
+ filename = qemu_find_file(QEMU_FILE_TYPE_BIOS, bios_name);
+ if (filename) {
+ bios_size = get_image_size(filename);
+ } else {
+ bios_size = -1;
+ }
+ if (bios_size <= 0 ||
+ (bios_size % 65536) != 0) {
+ goto bios_error;
+ }
+ bios = g_malloc(sizeof(*bios));
+ memory_region_init_ram(bios, NULL, "pc.bios", bios_size);
+ vmstate_register_ram_global(bios);
+ if (!isapc_ram_fw) {
+ memory_region_set_readonly(bios, true);
+ }
+ ret = rom_add_file_fixed(bios_name, (uint32_t)(-bios_size), -1);
+ if (ret != 0) {
+ bios_error:
+ fprintf(stderr, "qemu: could not load PC BIOS '%s'\n", bios_name);
+ exit(1);
+ }
+ if (filename) {
+ g_free(filename);
+ }
+
+ /* map the last 128KB of the BIOS in ISA space */
+ isa_bios_size = bios_size;
+ if (isa_bios_size > (128 * 1024)) {
+ isa_bios_size = 128 * 1024;
+ }
+ isa_bios = g_malloc(sizeof(*isa_bios));
+ memory_region_init_alias(isa_bios, NULL, "isa-bios", bios,
+ bios_size - isa_bios_size, isa_bios_size);
+ memory_region_add_subregion_overlap(rom_memory,
+ 0x100000 - isa_bios_size,
+ isa_bios,
+ 1);
+ if (!isapc_ram_fw) {
+ memory_region_set_readonly(isa_bios, true);
+ }
+
+ /* map all the bios at the top of memory */
+ memory_region_add_subregion(rom_memory,
+ (uint32_t)(-bios_size),
+ bios);
+}
+
+void pc_system_firmware_init(MemoryRegion *rom_memory, bool isapc_ram_fw)
+{
+ DriveInfo *pflash_drv;
+
+ pflash_drv = drive_get(IF_PFLASH, 0, 0);
+
+ if (isapc_ram_fw || pflash_drv == NULL) {
+ /* When a pflash drive is not found, use rom-mode */
+ old_pc_system_rom_init(rom_memory, isapc_ram_fw);
+ return;
+ }
+
+ if (kvm_enabled() && !kvm_readonly_mem_enabled()) {
+ /* Older KVM cannot execute from device memory. So, flash memory
+ * cannot be used unless the readonly memory kvm capability is present. */
+ fprintf(stderr, "qemu: pflash with kvm requires KVM readonly memory support\n");
+ exit(1);
+ }
+
+ pc_system_flash_init(rom_memory, pflash_drv);
+}
diff --git a/hw/i386/smbios.c b/hw/i386/smbios.c
new file mode 100644
index 000000000..e708cb891
--- /dev/null
+++ b/hw/i386/smbios.c
@@ -0,0 +1,246 @@
+/*
+ * SMBIOS Support
+ *
+ * Copyright (C) 2009 Hewlett-Packard Development Company, L.P.
+ *
+ * Authors:
+ * Alex Williamson <alex.williamson@hp.com>
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2. See
+ * the COPYING file in the top-level directory.
+ *
+ * Contributions after 2012-01-13 are licensed under the terms of the
+ * GNU GPL, version 2 or (at your option) any later version.
+ */
+
+#include "qemu/error-report.h"
+#include "sysemu/sysemu.h"
+#include "hw/i386/smbios.h"
+#include "hw/loader.h"
+
+/*
+ * Structures shared with the BIOS
+ */
+struct smbios_header {
+ uint16_t length;
+ uint8_t type;
+} QEMU_PACKED;
+
+struct smbios_field {
+ struct smbios_header header;
+ uint8_t type;
+ uint16_t offset;
+ uint8_t data[];
+} QEMU_PACKED;
+
+struct smbios_table {
+ struct smbios_header header;
+ uint8_t data[];
+} QEMU_PACKED;
+
+#define SMBIOS_FIELD_ENTRY 0
+#define SMBIOS_TABLE_ENTRY 1
+
+
+static uint8_t *smbios_entries;
+static size_t smbios_entries_len;
+static int smbios_type4_count = 0;
+
+static void smbios_validate_table(void)
+{
+ if (smbios_type4_count && smbios_type4_count != smp_cpus) {
+ error_report("Number of SMBIOS Type 4 tables must match cpu count");
+ exit(1);
+ }
+}
+
+uint8_t *smbios_get_table(size_t *length)
+{
+ smbios_validate_table();
+ *length = smbios_entries_len;
+ return smbios_entries;
+}
+
+/*
+ * To avoid unresolvable overlaps in data, don't allow both
+ * tables and fields for the same smbios type.
+ */
+static void smbios_check_collision(int type, int entry)
+{
+ uint16_t *num_entries = (uint16_t *)smbios_entries;
+ struct smbios_header *header;
+ char *p;
+ int i;
+
+ if (!num_entries)
+ return;
+
+ p = (char *)(num_entries + 1);
+
+ for (i = 0; i < *num_entries; i++) {
+ header = (struct smbios_header *)p;
+ if (entry == SMBIOS_TABLE_ENTRY && header->type == SMBIOS_FIELD_ENTRY) {
+ struct smbios_field *field = (void *)header;
+ if (type == field->type) {
+ error_report("SMBIOS type %d field already defined, "
+ "cannot add table", type);
+ exit(1);
+ }
+ } else if (entry == SMBIOS_FIELD_ENTRY &&
+ header->type == SMBIOS_TABLE_ENTRY) {
+ struct smbios_structure_header *table = (void *)(header + 1);
+ if (type == table->type) {
+ error_report("SMBIOS type %d table already defined, "
+ "cannot add field", type);
+ exit(1);
+ }
+ }
+ p += le16_to_cpu(header->length);
+ }
+}
+
+void smbios_add_field(int type, int offset, const void *data, size_t len)
+{
+ struct smbios_field *field;
+
+ smbios_check_collision(type, SMBIOS_FIELD_ENTRY);
+
+ if (!smbios_entries) {
+ smbios_entries_len = sizeof(uint16_t);
+ smbios_entries = g_malloc0(smbios_entries_len);
+ }
+ smbios_entries = g_realloc(smbios_entries, smbios_entries_len +
+ sizeof(*field) + len);
+ field = (struct smbios_field *)(smbios_entries + smbios_entries_len);
+ field->header.type = SMBIOS_FIELD_ENTRY;
+ field->header.length = cpu_to_le16(sizeof(*field) + len);
+
+ field->type = type;
+ field->offset = cpu_to_le16(offset);
+ memcpy(field->data, data, len);
+
+ smbios_entries_len += sizeof(*field) + len;
+ (*(uint16_t *)smbios_entries) =
+ cpu_to_le16(le16_to_cpu(*(uint16_t *)smbios_entries) + 1);
+}
+
+static void smbios_build_type_0_fields(const char *t)
+{
+ char buf[1024];
+ unsigned char major, minor;
+
+ if (get_param_value(buf, sizeof(buf), "vendor", t))
+ smbios_add_field(0, offsetof(struct smbios_type_0, vendor_str),
+ buf, strlen(buf) + 1);
+ if (get_param_value(buf, sizeof(buf), "version", t))
+ smbios_add_field(0, offsetof(struct smbios_type_0, bios_version_str),
+ buf, strlen(buf) + 1);
+ if (get_param_value(buf, sizeof(buf), "date", t))
+ smbios_add_field(0, offsetof(struct smbios_type_0,
+ bios_release_date_str),
+ buf, strlen(buf) + 1);
+ if (get_param_value(buf, sizeof(buf), "release", t)) {
+ if (sscanf(buf, "%hhu.%hhu", &major, &minor) != 2) {
+ error_report("Invalid release");
+ exit(1);
+ }
+ smbios_add_field(0, offsetof(struct smbios_type_0,
+ system_bios_major_release),
+ &major, 1);
+ smbios_add_field(0, offsetof(struct smbios_type_0,
+ system_bios_minor_release),
+ &minor, 1);
+ }
+}
+
+static void smbios_build_type_1_fields(const char *t)
+{
+ char buf[1024];
+
+ if (get_param_value(buf, sizeof(buf), "manufacturer", t))
+ smbios_add_field(1, offsetof(struct smbios_type_1, manufacturer_str),
+ buf, strlen(buf) + 1);
+ if (get_param_value(buf, sizeof(buf), "product", t))
+ smbios_add_field(1, offsetof(struct smbios_type_1, product_name_str),
+ buf, strlen(buf) + 1);
+ if (get_param_value(buf, sizeof(buf), "version", t))
+ smbios_add_field(1, offsetof(struct smbios_type_1, version_str),
+ buf, strlen(buf) + 1);
+ if (get_param_value(buf, sizeof(buf), "serial", t))
+ smbios_add_field(1, offsetof(struct smbios_type_1, serial_number_str),
+ buf, strlen(buf) + 1);
+ if (get_param_value(buf, sizeof(buf), "uuid", t)) {
+ if (qemu_uuid_parse(buf, qemu_uuid) != 0) {
+ error_report("Invalid UUID");
+ exit(1);
+ }
+ }
+ if (get_param_value(buf, sizeof(buf), "sku", t))
+ smbios_add_field(1, offsetof(struct smbios_type_1, sku_number_str),
+ buf, strlen(buf) + 1);
+ if (get_param_value(buf, sizeof(buf), "family", t))
+ smbios_add_field(1, offsetof(struct smbios_type_1, family_str),
+ buf, strlen(buf) + 1);
+}
+
+int smbios_entry_add(const char *t)
+{
+ char buf[1024];
+
+ if (get_param_value(buf, sizeof(buf), "file", t)) {
+ struct smbios_structure_header *header;
+ struct smbios_table *table;
+ int size = get_image_size(buf);
+
+ if (size == -1 || size < sizeof(struct smbios_structure_header)) {
+ error_report("Cannot read SMBIOS file %s", buf);
+ exit(1);
+ }
+
+ if (!smbios_entries) {
+ smbios_entries_len = sizeof(uint16_t);
+ smbios_entries = g_malloc0(smbios_entries_len);
+ }
+
+ smbios_entries = g_realloc(smbios_entries, smbios_entries_len +
+ sizeof(*table) + size);
+ table = (struct smbios_table *)(smbios_entries + smbios_entries_len);
+ table->header.type = SMBIOS_TABLE_ENTRY;
+ table->header.length = cpu_to_le16(sizeof(*table) + size);
+
+ if (load_image(buf, table->data) != size) {
+ error_report("Failed to load SMBIOS file %s", buf);
+ exit(1);
+ }
+
+ header = (struct smbios_structure_header *)(table->data);
+ smbios_check_collision(header->type, SMBIOS_TABLE_ENTRY);
+ if (header->type == 4) {
+ smbios_type4_count++;
+ }
+
+ smbios_entries_len += sizeof(*table) + size;
+ (*(uint16_t *)smbios_entries) =
+ cpu_to_le16(le16_to_cpu(*(uint16_t *)smbios_entries) + 1);
+ return 0;
+ }
+
+ if (get_param_value(buf, sizeof(buf), "type", t)) {
+ unsigned long type = strtoul(buf, NULL, 0);
+ switch (type) {
+ case 0:
+ smbios_build_type_0_fields(t);
+ return 0;
+ case 1:
+ smbios_build_type_1_fields(t);
+ return 0;
+ default:
+ error_report("Don't know how to build fields for SMBIOS type %ld",
+ type);
+ exit(1);
+ }
+ }
+
+ error_report("Must specify type= or file=");
+ return -1;
+}
diff --git a/hw/i386/xen_domainbuild.c b/hw/i386/xen_domainbuild.c
new file mode 100644
index 000000000..4e2cf95ae
--- /dev/null
+++ b/hw/i386/xen_domainbuild.c
@@ -0,0 +1,299 @@
+#include <signal.h>
+#include "hw/xen/xen_backend.h"
+#include "xen_domainbuild.h"
+#include "qemu/timer.h"
+#include "qemu/log.h"
+
+#include <xenguest.h>
+
+static int xenstore_domain_mkdir(char *path)
+{
+ struct xs_permissions perms_ro[] = {{
+ .id = 0, /* set owner: dom0 */
+ },{
+ .id = xen_domid,
+ .perms = XS_PERM_READ,
+ }};
+ struct xs_permissions perms_rw[] = {{
+ .id = 0, /* set owner: dom0 */
+ },{
+ .id = xen_domid,
+ .perms = XS_PERM_READ | XS_PERM_WRITE,
+ }};
+ const char *writable[] = { "device", "control", "error", NULL };
+ char subpath[256];
+ int i;
+
+ if (!xs_mkdir(xenstore, 0, path)) {
+ fprintf(stderr, "%s: xs_mkdir %s: failed\n", __FUNCTION__, path);
+ return -1;
+ }
+ if (!xs_set_permissions(xenstore, 0, path, perms_ro, 2)) {
+ fprintf(stderr, "%s: xs_set_permissions failed\n", __FUNCTION__);
+ return -1;
+ }
+
+ for (i = 0; writable[i]; i++) {
+ snprintf(subpath, sizeof(subpath), "%s/%s", path, writable[i]);
+ if (!xs_mkdir(xenstore, 0, subpath)) {
+ fprintf(stderr, "%s: xs_mkdir %s: failed\n", __FUNCTION__, subpath);
+ return -1;
+ }
+ if (!xs_set_permissions(xenstore, 0, subpath, perms_rw, 2)) {
+ fprintf(stderr, "%s: xs_set_permissions failed\n", __FUNCTION__);
+ return -1;
+ }
+ }
+ return 0;
+}
+
+int xenstore_domain_init1(const char *kernel, const char *ramdisk,
+ const char *cmdline)
+{
+ char *dom, uuid_string[42], vm[256], path[256];
+ int i;
+
+ snprintf(uuid_string, sizeof(uuid_string), UUID_FMT,
+ qemu_uuid[0], qemu_uuid[1], qemu_uuid[2], qemu_uuid[3],
+ qemu_uuid[4], qemu_uuid[5], qemu_uuid[6], qemu_uuid[7],
+ qemu_uuid[8], qemu_uuid[9], qemu_uuid[10], qemu_uuid[11],
+ qemu_uuid[12], qemu_uuid[13], qemu_uuid[14], qemu_uuid[15]);
+ dom = xs_get_domain_path(xenstore, xen_domid);
+ snprintf(vm, sizeof(vm), "/vm/%s", uuid_string);
+
+ xenstore_domain_mkdir(dom);
+
+ xenstore_write_str(vm, "image/ostype", "linux");
+ if (kernel)
+ xenstore_write_str(vm, "image/kernel", kernel);
+ if (ramdisk)
+ xenstore_write_str(vm, "image/ramdisk", ramdisk);
+ if (cmdline)
+ xenstore_write_str(vm, "image/cmdline", cmdline);
+
+ /* name + id */
+ xenstore_write_str(vm, "name", qemu_name ? qemu_name : "no-name");
+ xenstore_write_str(vm, "uuid", uuid_string);
+ xenstore_write_str(dom, "name", qemu_name ? qemu_name : "no-name");
+ xenstore_write_int(dom, "domid", xen_domid);
+ xenstore_write_str(dom, "vm", vm);
+
+ /* memory */
+ xenstore_write_int(dom, "memory/target", ram_size >> 10); // kB
+ xenstore_write_int(vm, "memory", ram_size >> 20); // MB
+ xenstore_write_int(vm, "maxmem", ram_size >> 20); // MB
+
+ /* cpus */
+ for (i = 0; i < smp_cpus; i++) {
+ snprintf(path, sizeof(path), "cpu/%d/availability",i);
+ xenstore_write_str(dom, path, "online");
+ }
+ xenstore_write_int(vm, "vcpu_avail", smp_cpus);
+ xenstore_write_int(vm, "vcpus", smp_cpus);
+
+ /* vnc password */
+ xenstore_write_str(vm, "vncpassword", "" /* FIXME */);
+
+ free(dom);
+ return 0;
+}
+
+int xenstore_domain_init2(int xenstore_port, int xenstore_mfn,
+ int console_port, int console_mfn)
+{
+ char *dom;
+
+ dom = xs_get_domain_path(xenstore, xen_domid);
+
+ /* signal new domain */
+ xs_introduce_domain(xenstore,
+ xen_domid,
+ xenstore_mfn,
+ xenstore_port);
+
+ /* xenstore */
+ xenstore_write_int(dom, "store/ring-ref", xenstore_mfn);
+ xenstore_write_int(dom, "store/port", xenstore_port);
+
+ /* console */
+ xenstore_write_str(dom, "console/type", "ioemu");
+ xenstore_write_int(dom, "console/limit", 128 * 1024);
+ xenstore_write_int(dom, "console/ring-ref", console_mfn);
+ xenstore_write_int(dom, "console/port", console_port);
+ xen_config_dev_console(0);
+
+ free(dom);
+ return 0;
+}
+
+/* ------------------------------------------------------------- */
+
+static QEMUTimer *xen_poll;
+
+/* check domain state once per second */
+static void xen_domain_poll(void *opaque)
+{
+ struct xc_dominfo info;
+ int rc;
+
+ rc = xc_domain_getinfo(xen_xc, xen_domid, 1, &info);
+ if ((rc != 1) || (info.domid != xen_domid)) {
+ qemu_log("xen: domain %d is gone\n", xen_domid);
+ goto quit;
+ }
+ if (info.dying) {
+ qemu_log("xen: domain %d is dying (%s%s)\n", xen_domid,
+ info.crashed ? "crashed" : "",
+ info.shutdown ? "shutdown" : "");
+ goto quit;
+ }
+
+ qemu_mod_timer(xen_poll, qemu_get_clock_ms(rt_clock) + 1000);
+ return;
+
+quit:
+ qemu_system_shutdown_request();
+}
+
+static int xen_domain_watcher(void)
+{
+ int qemu_running = 1;
+ int fd[2], i, n, rc;
+ char byte;
+
+ if (pipe(fd) != 0) {
+ qemu_log("%s: Huh? pipe error: %s\n", __FUNCTION__, strerror(errno));
+ return -1;
+ }
+ if (fork() != 0)
+ return 0; /* not child */
+
+ /* close all file handles, except stdio/out/err,
+ * our watch pipe and the xen interface handle */
+ n = getdtablesize();
+ for (i = 3; i < n; i++) {
+ if (i == fd[0])
+ continue;
+ if (i == xc_fd(xen_xc)) {
+ continue;
+ }
+ close(i);
+ }
+
+ /* ignore term signals */
+ signal(SIGINT, SIG_IGN);
+ signal(SIGTERM, SIG_IGN);
+
+ /* wait for qemu exiting */
+ while (qemu_running) {
+ rc = read(fd[0], &byte, 1);
+ switch (rc) {
+ case -1:
+ if (errno == EINTR)
+ continue;
+ qemu_log("%s: Huh? read error: %s\n", __FUNCTION__, strerror(errno));
+ qemu_running = 0;
+ break;
+ case 0:
+ /* EOF -> qemu exited */
+ qemu_running = 0;
+ break;
+ default:
+ qemu_log("%s: Huh? data on the watch pipe?\n", __FUNCTION__);
+ break;
+ }
+ }
+
+ /* cleanup */
+ qemu_log("%s: destroy domain %d\n", __FUNCTION__, xen_domid);
+ xc_domain_destroy(xen_xc, xen_domid);
+ _exit(0);
+}
+
+/* normal cleanup */
+static void xen_domain_cleanup(void)
+{
+ char *dom;
+
+ dom = xs_get_domain_path(xenstore, xen_domid);
+ if (dom) {
+ xs_rm(xenstore, 0, dom);
+ free(dom);
+ }
+ xs_release_domain(xenstore, xen_domid);
+}
+
+int xen_domain_build_pv(const char *kernel, const char *ramdisk,
+ const char *cmdline)
+{
+ uint32_t ssidref = 0;
+ uint32_t flags = 0;
+ xen_domain_handle_t uuid;
+ unsigned int xenstore_port = 0, console_port = 0;
+ unsigned long xenstore_mfn = 0, console_mfn = 0;
+ int rc;
+
+ memcpy(uuid, qemu_uuid, sizeof(uuid));
+ rc = xc_domain_create(xen_xc, ssidref, uuid, flags, &xen_domid);
+ if (rc < 0) {
+ fprintf(stderr, "xen: xc_domain_create() failed\n");
+ goto err;
+ }
+ qemu_log("xen: created domain %d\n", xen_domid);
+ atexit(xen_domain_cleanup);
+ if (xen_domain_watcher() == -1) {
+ goto err;
+ }
+
+ xenstore_domain_init1(kernel, ramdisk, cmdline);
+
+ rc = xc_domain_max_vcpus(xen_xc, xen_domid, smp_cpus);
+ if (rc < 0) {
+ fprintf(stderr, "xen: xc_domain_max_vcpus() failed\n");
+ goto err;
+ }
+
+#if 0
+ rc = xc_domain_setcpuweight(xen_xc, xen_domid, 256);
+ if (rc < 0) {
+ fprintf(stderr, "xen: xc_domain_setcpuweight() failed\n");
+ goto err;
+ }
+#endif
+
+ rc = xc_domain_setmaxmem(xen_xc, xen_domid, ram_size >> 10);
+ if (rc < 0) {
+ fprintf(stderr, "xen: xc_domain_setmaxmem() failed\n");
+ goto err;
+ }
+
+ xenstore_port = xc_evtchn_alloc_unbound(xen_xc, xen_domid, 0);
+ console_port = xc_evtchn_alloc_unbound(xen_xc, xen_domid, 0);
+
+ rc = xc_linux_build(xen_xc, xen_domid, ram_size >> 20,
+ kernel, ramdisk, cmdline,
+ 0, flags,
+ xenstore_port, &xenstore_mfn,
+ console_port, &console_mfn);
+ if (rc < 0) {
+ fprintf(stderr, "xen: xc_linux_build() failed\n");
+ goto err;
+ }
+
+ xenstore_domain_init2(xenstore_port, xenstore_mfn,
+ console_port, console_mfn);
+
+ qemu_log("xen: unpausing domain %d\n", xen_domid);
+ rc = xc_domain_unpause(xen_xc, xen_domid);
+ if (rc < 0) {
+ fprintf(stderr, "xen: xc_domain_unpause() failed\n");
+ goto err;
+ }
+
+ xen_poll = qemu_new_timer_ms(rt_clock, xen_domain_poll, NULL);
+ qemu_mod_timer(xen_poll, qemu_get_clock_ms(rt_clock) + 1000);
+ return 0;
+
+err:
+ return -1;
+}
diff --git a/hw/i386/xen_domainbuild.h b/hw/i386/xen_domainbuild.h
new file mode 100644
index 000000000..29a91ea7b
--- /dev/null
+++ b/hw/i386/xen_domainbuild.h
@@ -0,0 +1,13 @@
+#ifndef QEMU_HW_XEN_DOMAINBUILD_H
+#define QEMU_HW_XEN_DOMAINBUILD_H 1
+
+#include "hw/xen/xen_common.h"
+
+int xenstore_domain_init1(const char *kernel, const char *ramdisk,
+ const char *cmdline);
+int xenstore_domain_init2(int xenstore_port, int xenstore_mfn,
+ int console_port, int console_mfn);
+int xen_domain_build_pv(const char *kernel, const char *ramdisk,
+ const char *cmdline);
+
+#endif /* QEMU_HW_XEN_DOMAINBUILD_H */
diff --git a/hw/i386/xen_machine_pv.c b/hw/i386/xen_machine_pv.c
new file mode 100644
index 000000000..9f2e2918f
--- /dev/null
+++ b/hw/i386/xen_machine_pv.c
@@ -0,0 +1,110 @@
+/*
+ * QEMU Xen PV Machine
+ *
+ * Copyright (c) 2007 Red Hat
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+#include "hw/hw.h"
+#include "hw/boards.h"
+#include "hw/xen/xen_backend.h"
+#include "xen_domainbuild.h"
+#include "sysemu/blockdev.h"
+
+static void xen_init_pv(QEMUMachineInitArgs *args)
+{
+ const char *kernel_filename = args->kernel_filename;
+ const char *kernel_cmdline = args->kernel_cmdline;
+ const char *initrd_filename = args->initrd_filename;
+ DriveInfo *dinfo;
+ int i;
+
+ /* Initialize backend core & drivers */
+ if (xen_be_init() != 0) {
+ fprintf(stderr, "%s: xen backend core setup failed\n", __FUNCTION__);
+ exit(1);
+ }
+
+ switch (xen_mode) {
+ case XEN_ATTACH:
+ /* nothing to do, xend handles everything */
+ break;
+ case XEN_CREATE:
+ if (xen_domain_build_pv(kernel_filename, initrd_filename,
+ kernel_cmdline) < 0) {
+ fprintf(stderr, "xen pv domain creation failed\n");
+ exit(1);
+ }
+ break;
+ case XEN_EMULATE:
+ fprintf(stderr, "xen emulation not implemented (yet)\n");
+ exit(1);
+ break;
+ }
+
+ xen_be_register("console", &xen_console_ops);
+ xen_be_register("vkbd", &xen_kbdmouse_ops);
+ xen_be_register("vfb", &xen_framebuffer_ops);
+ xen_be_register("qdisk", &xen_blkdev_ops);
+ xen_be_register("qnic", &xen_netdev_ops);
+
+ /* configure framebuffer */
+ if (xenfb_enabled) {
+ xen_config_dev_vfb(0, "vnc");
+ xen_config_dev_vkbd(0);
+ }
+
+ /* configure disks */
+ for (i = 0; i < 16; i++) {
+ dinfo = drive_get(IF_XEN, 0, i);
+ if (!dinfo)
+ continue;
+ xen_config_dev_blk(dinfo);
+ }
+
+ /* configure nics */
+ for (i = 0; i < nb_nics; i++) {
+ if (!nd_table[i].model || 0 != strcmp(nd_table[i].model, "xen"))
+ continue;
+ xen_config_dev_nic(nd_table + i);
+ }
+
+ /* config cleanup hook */
+ atexit(xen_config_cleanup);
+
+ /* setup framebuffer */
+ xen_init_display(xen_domid);
+}
+
+static QEMUMachine xenpv_machine = {
+ .name = "xenpv",
+ .desc = "Xen Para-virtualized PC",
+ .init = xen_init_pv,
+ .max_cpus = 1,
+ .default_machine_opts = "accel=xen",
+ DEFAULT_MACHINE_OPTIONS,
+};
+
+static void xenpv_machine_init(void)
+{
+ qemu_register_machine(&xenpv_machine);
+}
+
+machine_init(xenpv_machine_init);
diff --git a/hw/i82374.c b/hw/i82374.c
deleted file mode 100644
index 4a922c3f4..000000000
--- a/hw/i82374.c
+++ /dev/null
@@ -1,168 +0,0 @@
-/*
- * QEMU Intel 82374 emulation (Enhanced DMA controller)
- *
- * Copyright (c) 2010 Hervé Poussineau
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
- * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
- * THE SOFTWARE.
- */
-
-#include "isa.h"
-
-//#define DEBUG_I82374
-
-#ifdef DEBUG_I82374
-#define DPRINTF(fmt, ...) \
-do { fprintf(stderr, "i82374: " fmt , ## __VA_ARGS__); } while (0)
-#else
-#define DPRINTF(fmt, ...) \
-do {} while (0)
-#endif
-#define BADF(fmt, ...) \
-do { fprintf(stderr, "i82374 ERROR: " fmt , ## __VA_ARGS__); } while (0)
-
-typedef struct I82374State {
- uint8_t commands[8];
- qemu_irq out;
-} I82374State;
-
-static const VMStateDescription vmstate_i82374 = {
- .name = "i82374",
- .version_id = 0,
- .minimum_version_id = 0,
- .fields = (VMStateField[]) {
- VMSTATE_UINT8_ARRAY(commands, I82374State, 8),
- VMSTATE_END_OF_LIST()
- },
-};
-
-static uint32_t i82374_read_isr(void *opaque, uint32_t nport)
-{
- uint32_t val = 0;
-
- BADF("%s: %08x\n", __func__, nport);
-
- DPRINTF("%s: %08x=%08x\n", __func__, nport, val);
- return val;
-}
-
-static void i82374_write_command(void *opaque, uint32_t nport, uint32_t data)
-{
- DPRINTF("%s: %08x=%08x\n", __func__, nport, data);
-
- if (data != 0x42) {
- /* Not Stop S/G command */
- BADF("%s: %08x=%08x\n", __func__, nport, data);
- }
-}
-
-static uint32_t i82374_read_status(void *opaque, uint32_t nport)
-{
- uint32_t val = 0;
-
- BADF("%s: %08x\n", __func__, nport);
-
- DPRINTF("%s: %08x=%08x\n", __func__, nport, val);
- return val;
-}
-
-static void i82374_write_descriptor(void *opaque, uint32_t nport, uint32_t data)
-{
- DPRINTF("%s: %08x=%08x\n", __func__, nport, data);
-
- BADF("%s: %08x=%08x\n", __func__, nport, data);
-}
-
-static uint32_t i82374_read_descriptor(void *opaque, uint32_t nport)
-{
- uint32_t val = 0;
-
- BADF("%s: %08x\n", __func__, nport);
-
- DPRINTF("%s: %08x=%08x\n", __func__, nport, val);
- return val;
-}
-
-static void i82374_init(I82374State *s)
-{
- DMA_init(1, &s->out);
- memset(s->commands, 0, sizeof(s->commands));
-}
-
-typedef struct ISAi82374State {
- ISADevice dev;
- uint32_t iobase;
- I82374State state;
-} ISAi82374State;
-
-static const VMStateDescription vmstate_isa_i82374 = {
- .name = "isa-i82374",
- .version_id = 0,
- .minimum_version_id = 0,
- .fields = (VMStateField[]) {
- VMSTATE_STRUCT(state, ISAi82374State, 0, vmstate_i82374, I82374State),
- VMSTATE_END_OF_LIST()
- },
-};
-
-static int i82374_isa_init(ISADevice *dev)
-{
- ISAi82374State *isa = DO_UPCAST(ISAi82374State, dev, dev);
- I82374State *s = &isa->state;
-
- register_ioport_read(isa->iobase + 0x0A, 1, 1, i82374_read_isr, s);
- register_ioport_write(isa->iobase + 0x10, 8, 1, i82374_write_command, s);
- register_ioport_read(isa->iobase + 0x18, 8, 1, i82374_read_status, s);
- register_ioport_write(isa->iobase + 0x20, 0x20, 1, i82374_write_descriptor, s);
- register_ioport_read(isa->iobase + 0x20, 0x20, 1, i82374_read_descriptor, s);
-
- i82374_init(s);
-
- qdev_init_gpio_out(&dev->qdev, &s->out, 1);
-
- return 0;
-}
-
-static Property i82374_properties[] = {
- DEFINE_PROP_HEX32("iobase", ISAi82374State, iobase, 0x400),
- DEFINE_PROP_END_OF_LIST()
-};
-
-static void i82374_class_init(ObjectClass *klass, void *data)
-{
- ISADeviceClass *k = ISA_DEVICE_CLASS(klass);
- DeviceClass *dc = DEVICE_CLASS(klass);
-
- k->init = i82374_isa_init;
- dc->vmsd = &vmstate_isa_i82374;
- dc->props = i82374_properties;
-}
-
-static TypeInfo i82374_isa_info = {
- .name = "i82374",
- .parent = TYPE_ISA_DEVICE,
- .instance_size = sizeof(ISAi82374State),
- .class_init = i82374_class_init,
-};
-
-static void i82374_register_types(void)
-{
- type_register_static(&i82374_isa_info);
-}
-
-type_init(i82374_register_types)
diff --git a/hw/i82378.c b/hw/i82378.c
deleted file mode 100644
index 99f35d41e..000000000
--- a/hw/i82378.c
+++ /dev/null
@@ -1,277 +0,0 @@
-/*
- * QEMU Intel i82378 emulation (PCI to ISA bridge)
- *
- * Copyright (c) 2010-2011 Hervé Poussineau
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, see <http://www.gnu.org/licenses/>.
- */
-
-#include "pci.h"
-#include "pc.h"
-#include "i8254.h"
-#include "pcspk.h"
-
-//#define DEBUG_I82378
-
-#ifdef DEBUG_I82378
-#define DPRINTF(fmt, ...) \
-do { fprintf(stderr, "i82378: " fmt , ## __VA_ARGS__); } while (0)
-#else
-#define DPRINTF(fmt, ...) \
-do {} while (0)
-#endif
-
-#define BADF(fmt, ...) \
-do { fprintf(stderr, "i82378 ERROR: " fmt , ## __VA_ARGS__); } while (0)
-
-typedef struct I82378State {
- qemu_irq out[2];
- qemu_irq *i8259;
- MemoryRegion io;
- MemoryRegion mem;
-} I82378State;
-
-typedef struct PCIi82378State {
- PCIDevice pci_dev;
- uint32_t isa_io_base;
- uint32_t isa_mem_base;
- I82378State state;
-} PCIi82378State;
-
-static const VMStateDescription vmstate_pci_i82378 = {
- .name = "pci-i82378",
- .version_id = 0,
- .minimum_version_id = 0,
- .fields = (VMStateField[]) {
- VMSTATE_PCI_DEVICE(pci_dev, PCIi82378State),
- VMSTATE_END_OF_LIST()
- },
-};
-
-static void i82378_io_write(void *opaque, hwaddr addr,
- uint64_t value, unsigned int size)
-{
- switch (size) {
- case 1:
- DPRINTF("%s: " TARGET_FMT_plx "=%02" PRIx64 "\n", __func__,
- addr, value);
- cpu_outb(addr, value);
- break;
- case 2:
- DPRINTF("%s: " TARGET_FMT_plx "=%04" PRIx64 "\n", __func__,
- addr, value);
- cpu_outw(addr, value);
- break;
- case 4:
- DPRINTF("%s: " TARGET_FMT_plx "=%08" PRIx64 "\n", __func__,
- addr, value);
- cpu_outl(addr, value);
- break;
- default:
- abort();
- }
-}
-
-static uint64_t i82378_io_read(void *opaque, hwaddr addr,
- unsigned int size)
-{
- DPRINTF("%s: " TARGET_FMT_plx "\n", __func__, addr);
- switch (size) {
- case 1:
- return cpu_inb(addr);
- case 2:
- return cpu_inw(addr);
- case 4:
- return cpu_inl(addr);
- default:
- abort();
- }
-}
-
-static const MemoryRegionOps i82378_io_ops = {
- .read = i82378_io_read,
- .write = i82378_io_write,
- .endianness = DEVICE_LITTLE_ENDIAN,
-};
-
-static void i82378_mem_write(void *opaque, hwaddr addr,
- uint64_t value, unsigned int size)
-{
- switch (size) {
- case 1:
- DPRINTF("%s: " TARGET_FMT_plx "=%02" PRIx64 "\n", __func__,
- addr, value);
- cpu_outb(addr, value);
- break;
- case 2:
- DPRINTF("%s: " TARGET_FMT_plx "=%04" PRIx64 "\n", __func__,
- addr, value);
- cpu_outw(addr, value);
- break;
- case 4:
- DPRINTF("%s: " TARGET_FMT_plx "=%08" PRIx64 "\n", __func__,
- addr, value);
- cpu_outl(addr, value);
- break;
- default:
- abort();
- }
-}
-
-static uint64_t i82378_mem_read(void *opaque, hwaddr addr,
- unsigned int size)
-{
- DPRINTF("%s: " TARGET_FMT_plx "\n", __func__, addr);
- switch (size) {
- case 1:
- return cpu_inb(addr);
- case 2:
- return cpu_inw(addr);
- case 4:
- return cpu_inl(addr);
- default:
- abort();
- }
-}
-
-static const MemoryRegionOps i82378_mem_ops = {
- .read = i82378_mem_read,
- .write = i82378_mem_write,
- .endianness = DEVICE_LITTLE_ENDIAN,
-};
-
-static void i82378_request_out0_irq(void *opaque, int irq, int level)
-{
- I82378State *s = opaque;
- qemu_set_irq(s->out[0], level);
-}
-
-static void i82378_request_pic_irq(void *opaque, int irq, int level)
-{
- DeviceState *dev = opaque;
- PCIDevice *pci = DO_UPCAST(PCIDevice, qdev, dev);
- PCIi82378State *s = DO_UPCAST(PCIi82378State, pci_dev, pci);
-
- qemu_set_irq(s->state.i8259[irq], level);
-}
-
-static void i82378_init(DeviceState *dev, I82378State *s)
-{
- ISABus *isabus = DO_UPCAST(ISABus, qbus, qdev_get_child_bus(dev, "isa.0"));
- ISADevice *pit;
- ISADevice *isa;
- qemu_irq *out0_irq;
-
- /* This device has:
- 2 82C59 (irq)
- 1 82C54 (pit)
- 2 82C37 (dma)
- NMI
- Utility Bus Support Registers
-
- All devices accept byte access only, except timer
- */
-
- qdev_init_gpio_out(dev, s->out, 2);
- qdev_init_gpio_in(dev, i82378_request_pic_irq, 16);
-
- /* Workaround the fact that i8259 is not qdev'ified... */
- out0_irq = qemu_allocate_irqs(i82378_request_out0_irq, s, 1);
-
- /* 2 82C59 (irq) */
- s->i8259 = i8259_init(isabus, *out0_irq);
- isa_bus_irqs(isabus, s->i8259);
-
- /* 1 82C54 (pit) */
- pit = pit_init(isabus, 0x40, 0, NULL);
-
- /* speaker */
- pcspk_init(isabus, pit);
-
- /* 2 82C37 (dma) */
- isa = isa_create_simple(isabus, "i82374");
- qdev_connect_gpio_out(&isa->qdev, 0, s->out[1]);
-
- /* timer */
- isa_create_simple(isabus, "mc146818rtc");
-}
-
-static int pci_i82378_init(PCIDevice *dev)
-{
- PCIi82378State *pci = DO_UPCAST(PCIi82378State, pci_dev, dev);
- I82378State *s = &pci->state;
- uint8_t *pci_conf;
-
- pci_conf = dev->config;
- pci_set_word(pci_conf + PCI_COMMAND,
- PCI_COMMAND_IO | PCI_COMMAND_MEMORY | PCI_COMMAND_MASTER);
- pci_set_word(pci_conf + PCI_STATUS,
- PCI_STATUS_DEVSEL_MEDIUM);
-
- pci_conf[PCI_INTERRUPT_PIN] = 1; /* interrupt pin 0 */
-
- memory_region_init_io(&s->io, &i82378_io_ops, s, "i82378-io", 0x00010000);
- pci_register_bar(dev, 0, PCI_BASE_ADDRESS_SPACE_MEMORY, &s->io);
-
- memory_region_init_io(&s->mem, &i82378_mem_ops, s, "i82378-mem", 0x01000000);
- pci_register_bar(dev, 1, PCI_BASE_ADDRESS_SPACE_MEMORY, &s->mem);
-
- /* Make I/O address read only */
- pci_set_word(dev->wmask + PCI_COMMAND, PCI_COMMAND_SPECIAL);
- pci_set_long(dev->wmask + PCI_BASE_ADDRESS_0, 0);
- pci_set_long(pci_conf + PCI_BASE_ADDRESS_0, pci->isa_io_base);
-
- isa_mem_base = pci->isa_mem_base;
- isa_bus_new(&dev->qdev, pci_address_space_io(dev));
-
- i82378_init(&dev->qdev, s);
-
- return 0;
-}
-
-static Property i82378_properties[] = {
- DEFINE_PROP_HEX32("iobase", PCIi82378State, isa_io_base, 0x80000000),
- DEFINE_PROP_HEX32("membase", PCIi82378State, isa_mem_base, 0xc0000000),
- DEFINE_PROP_END_OF_LIST()
-};
-
-static void pci_i82378_class_init(ObjectClass *klass, void *data)
-{
- PCIDeviceClass *k = PCI_DEVICE_CLASS(klass);
- DeviceClass *dc = DEVICE_CLASS(klass);
-
- k->init = pci_i82378_init;
- k->vendor_id = PCI_VENDOR_ID_INTEL;
- k->device_id = PCI_DEVICE_ID_INTEL_82378;
- k->revision = 0x03;
- k->class_id = PCI_CLASS_BRIDGE_ISA;
- k->subsystem_vendor_id = 0x0;
- k->subsystem_id = 0x0;
- dc->vmsd = &vmstate_pci_i82378;
- dc->props = i82378_properties;
-}
-
-static TypeInfo pci_i82378_info = {
- .name = "i82378",
- .parent = TYPE_PCI_DEVICE,
- .instance_size = sizeof(PCIi82378State),
- .class_init = pci_i82378_class_init,
-};
-
-static void i82378_register_types(void)
-{
- type_register_static(&pci_i82378_info);
-}
-
-type_init(i82378_register_types)
diff --git a/hw/i8254.c b/hw/i8254.c
deleted file mode 100644
index bea5f92fd..000000000
--- a/hw/i8254.c
+++ /dev/null
@@ -1,362 +0,0 @@
-/*
- * QEMU 8253/8254 interval timer emulation
- *
- * Copyright (c) 2003-2004 Fabrice Bellard
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
- * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
- * THE SOFTWARE.
- */
-#include "hw.h"
-#include "pc.h"
-#include "isa.h"
-#include "qemu-timer.h"
-#include "i8254.h"
-#include "i8254_internal.h"
-
-//#define DEBUG_PIT
-
-#define RW_STATE_LSB 1
-#define RW_STATE_MSB 2
-#define RW_STATE_WORD0 3
-#define RW_STATE_WORD1 4
-
-static void pit_irq_timer_update(PITChannelState *s, int64_t current_time);
-
-static int pit_get_count(PITChannelState *s)
-{
- uint64_t d;
- int counter;
-
- d = muldiv64(qemu_get_clock_ns(vm_clock) - s->count_load_time, PIT_FREQ,
- get_ticks_per_sec());
- switch(s->mode) {
- case 0:
- case 1:
- case 4:
- case 5:
- counter = (s->count - d) & 0xffff;
- break;
- case 3:
- /* XXX: may be incorrect for odd counts */
- counter = s->count - ((2 * d) % s->count);
- break;
- default:
- counter = s->count - (d % s->count);
- break;
- }
- return counter;
-}
-
-/* val must be 0 or 1 */
-static void pit_set_channel_gate(PITCommonState *s, PITChannelState *sc,
- int val)
-{
- switch (sc->mode) {
- default:
- case 0:
- case 4:
- /* XXX: just disable/enable counting */
- break;
- case 1:
- case 5:
- if (sc->gate < val) {
- /* restart counting on rising edge */
- sc->count_load_time = qemu_get_clock_ns(vm_clock);
- pit_irq_timer_update(sc, sc->count_load_time);
- }
- break;
- case 2:
- case 3:
- if (sc->gate < val) {
- /* restart counting on rising edge */
- sc->count_load_time = qemu_get_clock_ns(vm_clock);
- pit_irq_timer_update(sc, sc->count_load_time);
- }
- /* XXX: disable/enable counting */
- break;
- }
- sc->gate = val;
-}
-
-static inline void pit_load_count(PITChannelState *s, int val)
-{
- if (val == 0)
- val = 0x10000;
- s->count_load_time = qemu_get_clock_ns(vm_clock);
- s->count = val;
- pit_irq_timer_update(s, s->count_load_time);
-}
-
-/* if already latched, do not latch again */
-static void pit_latch_count(PITChannelState *s)
-{
- if (!s->count_latched) {
- s->latched_count = pit_get_count(s);
- s->count_latched = s->rw_mode;
- }
-}
-
-static void pit_ioport_write(void *opaque, hwaddr addr,
- uint64_t val, unsigned size)
-{
- PITCommonState *pit = opaque;
- int channel, access;
- PITChannelState *s;
-
- addr &= 3;
- if (addr == 3) {
- channel = val >> 6;
- if (channel == 3) {
- /* read back command */
- for(channel = 0; channel < 3; channel++) {
- s = &pit->channels[channel];
- if (val & (2 << channel)) {
- if (!(val & 0x20)) {
- pit_latch_count(s);
- }
- if (!(val & 0x10) && !s->status_latched) {
- /* status latch */
- /* XXX: add BCD and null count */
- s->status =
- (pit_get_out(s,
- qemu_get_clock_ns(vm_clock)) << 7) |
- (s->rw_mode << 4) |
- (s->mode << 1) |
- s->bcd;
- s->status_latched = 1;
- }
- }
- }
- } else {
- s = &pit->channels[channel];
- access = (val >> 4) & 3;
- if (access == 0) {
- pit_latch_count(s);
- } else {
- s->rw_mode = access;
- s->read_state = access;
- s->write_state = access;
-
- s->mode = (val >> 1) & 7;
- s->bcd = val & 1;
- /* XXX: update irq timer ? */
- }
- }
- } else {
- s = &pit->channels[addr];
- switch(s->write_state) {
- default:
- case RW_STATE_LSB:
- pit_load_count(s, val);
- break;
- case RW_STATE_MSB:
- pit_load_count(s, val << 8);
- break;
- case RW_STATE_WORD0:
- s->write_latch = val;
- s->write_state = RW_STATE_WORD1;
- break;
- case RW_STATE_WORD1:
- pit_load_count(s, s->write_latch | (val << 8));
- s->write_state = RW_STATE_WORD0;
- break;
- }
- }
-}
-
-static uint64_t pit_ioport_read(void *opaque, hwaddr addr,
- unsigned size)
-{
- PITCommonState *pit = opaque;
- int ret, count;
- PITChannelState *s;
-
- addr &= 3;
- s = &pit->channels[addr];
- if (s->status_latched) {
- s->status_latched = 0;
- ret = s->status;
- } else if (s->count_latched) {
- switch(s->count_latched) {
- default:
- case RW_STATE_LSB:
- ret = s->latched_count & 0xff;
- s->count_latched = 0;
- break;
- case RW_STATE_MSB:
- ret = s->latched_count >> 8;
- s->count_latched = 0;
- break;
- case RW_STATE_WORD0:
- ret = s->latched_count & 0xff;
- s->count_latched = RW_STATE_MSB;
- break;
- }
- } else {
- switch(s->read_state) {
- default:
- case RW_STATE_LSB:
- count = pit_get_count(s);
- ret = count & 0xff;
- break;
- case RW_STATE_MSB:
- count = pit_get_count(s);
- ret = (count >> 8) & 0xff;
- break;
- case RW_STATE_WORD0:
- count = pit_get_count(s);
- ret = count & 0xff;
- s->read_state = RW_STATE_WORD1;
- break;
- case RW_STATE_WORD1:
- count = pit_get_count(s);
- ret = (count >> 8) & 0xff;
- s->read_state = RW_STATE_WORD0;
- break;
- }
- }
- return ret;
-}
-
-static void pit_irq_timer_update(PITChannelState *s, int64_t current_time)
-{
- int64_t expire_time;
- int irq_level;
-
- if (!s->irq_timer || s->irq_disabled) {
- return;
- }
- expire_time = pit_get_next_transition_time(s, current_time);
- irq_level = pit_get_out(s, current_time);
- qemu_set_irq(s->irq, irq_level);
-#ifdef DEBUG_PIT
- printf("irq_level=%d next_delay=%f\n",
- irq_level,
- (double)(expire_time - current_time) / get_ticks_per_sec());
-#endif
- s->next_transition_time = expire_time;
- if (expire_time != -1)
- qemu_mod_timer(s->irq_timer, expire_time);
- else
- qemu_del_timer(s->irq_timer);
-}
-
-static void pit_irq_timer(void *opaque)
-{
- PITChannelState *s = opaque;
-
- pit_irq_timer_update(s, s->next_transition_time);
-}
-
-static void pit_reset(DeviceState *dev)
-{
- PITCommonState *pit = DO_UPCAST(PITCommonState, dev.qdev, dev);
- PITChannelState *s;
-
- pit_reset_common(pit);
-
- s = &pit->channels[0];
- if (!s->irq_disabled) {
- qemu_mod_timer(s->irq_timer, s->next_transition_time);
- }
-}
-
-/* When HPET is operating in legacy mode, suppress the ignored timer IRQ,
- * reenable it when legacy mode is left again. */
-static void pit_irq_control(void *opaque, int n, int enable)
-{
- PITCommonState *pit = opaque;
- PITChannelState *s = &pit->channels[0];
-
- if (enable) {
- s->irq_disabled = 0;
- pit_irq_timer_update(s, qemu_get_clock_ns(vm_clock));
- } else {
- s->irq_disabled = 1;
- qemu_del_timer(s->irq_timer);
- }
-}
-
-static const MemoryRegionOps pit_ioport_ops = {
- .read = pit_ioport_read,
- .write = pit_ioport_write,
- .impl = {
- .min_access_size = 1,
- .max_access_size = 1,
- },
- .endianness = DEVICE_LITTLE_ENDIAN,
-};
-
-static void pit_post_load(PITCommonState *s)
-{
- PITChannelState *sc = &s->channels[0];
-
- if (sc->next_transition_time != -1) {
- qemu_mod_timer(sc->irq_timer, sc->next_transition_time);
- } else {
- qemu_del_timer(sc->irq_timer);
- }
-}
-
-static int pit_initfn(PITCommonState *pit)
-{
- PITChannelState *s;
-
- s = &pit->channels[0];
- /* the timer 0 is connected to an IRQ */
- s->irq_timer = qemu_new_timer_ns(vm_clock, pit_irq_timer, s);
- qdev_init_gpio_out(&pit->dev.qdev, &s->irq, 1);
-
- memory_region_init_io(&pit->ioports, &pit_ioport_ops, pit, "pit", 4);
-
- qdev_init_gpio_in(&pit->dev.qdev, pit_irq_control, 1);
-
- return 0;
-}
-
-static Property pit_properties[] = {
- DEFINE_PROP_HEX32("iobase", PITCommonState, iobase, -1),
- DEFINE_PROP_END_OF_LIST(),
-};
-
-static void pit_class_initfn(ObjectClass *klass, void *data)
-{
- PITCommonClass *k = PIT_COMMON_CLASS(klass);
- DeviceClass *dc = DEVICE_CLASS(klass);
-
- k->init = pit_initfn;
- k->set_channel_gate = pit_set_channel_gate;
- k->get_channel_info = pit_get_channel_info_common;
- k->post_load = pit_post_load;
- dc->reset = pit_reset;
- dc->props = pit_properties;
-}
-
-static TypeInfo pit_info = {
- .name = "isa-pit",
- .parent = TYPE_PIT_COMMON,
- .instance_size = sizeof(PITCommonState),
- .class_init = pit_class_initfn,
-};
-
-static void pit_register_types(void)
-{
- type_register_static(&pit_info);
-}
-
-type_init(pit_register_types)
diff --git a/hw/i8254.h b/hw/i8254.h
deleted file mode 100644
index ba6b598a9..000000000
--- a/hw/i8254.h
+++ /dev/null
@@ -1,68 +0,0 @@
-/*
- * QEMU 8253/8254 interval timer emulation
- *
- * Copyright (c) 2003-2004 Fabrice Bellard
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
- * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
- * THE SOFTWARE.
- */
-
-#ifndef HW_I8254_H
-#define HW_I8254_H
-
-#include "hw.h"
-#include "isa.h"
-
-#define PIT_FREQ 1193182
-
-typedef struct PITChannelInfo {
- int gate;
- int mode;
- int initial_count;
- int out;
-} PITChannelInfo;
-
-static inline ISADevice *pit_init(ISABus *bus, int base, int isa_irq,
- qemu_irq alt_irq)
-{
- ISADevice *dev;
-
- dev = isa_create(bus, "isa-pit");
- qdev_prop_set_uint32(&dev->qdev, "iobase", base);
- qdev_init_nofail(&dev->qdev);
- qdev_connect_gpio_out(&dev->qdev, 0,
- isa_irq >= 0 ? isa_get_irq(dev, isa_irq) : alt_irq);
-
- return dev;
-}
-
-static inline ISADevice *kvm_pit_init(ISABus *bus, int base)
-{
- ISADevice *dev;
-
- dev = isa_create(bus, "kvm-pit");
- qdev_prop_set_uint32(&dev->qdev, "iobase", base);
- qdev_init_nofail(&dev->qdev);
-
- return dev;
-}
-
-void pit_set_gate(ISADevice *dev, int channel, int val);
-void pit_get_channel_info(ISADevice *dev, int channel, PITChannelInfo *info);
-
-#endif /* !HW_I8254_H */
diff --git a/hw/i8254_common.c b/hw/i8254_common.c
deleted file mode 100644
index a03d7cd45..000000000
--- a/hw/i8254_common.c
+++ /dev/null
@@ -1,311 +0,0 @@
-/*
- * QEMU 8253/8254 - common bits of emulated and KVM kernel model
- *
- * Copyright (c) 2003-2004 Fabrice Bellard
- * Copyright (c) 2012 Jan Kiszka, Siemens AG
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
- * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
- * THE SOFTWARE.
- */
-#include "hw.h"
-#include "pc.h"
-#include "isa.h"
-#include "qemu-timer.h"
-#include "i8254.h"
-#include "i8254_internal.h"
-
-/* val must be 0 or 1 */
-void pit_set_gate(ISADevice *dev, int channel, int val)
-{
- PITCommonState *pit = PIT_COMMON(dev);
- PITChannelState *s = &pit->channels[channel];
- PITCommonClass *c = PIT_COMMON_GET_CLASS(pit);
-
- c->set_channel_gate(pit, s, val);
-}
-
-/* get pit output bit */
-int pit_get_out(PITChannelState *s, int64_t current_time)
-{
- uint64_t d;
- int out;
-
- d = muldiv64(current_time - s->count_load_time, PIT_FREQ,
- get_ticks_per_sec());
- switch (s->mode) {
- default:
- case 0:
- out = (d >= s->count);
- break;
- case 1:
- out = (d < s->count);
- break;
- case 2:
- if ((d % s->count) == 0 && d != 0) {
- out = 1;
- } else {
- out = 0;
- }
- break;
- case 3:
- out = (d % s->count) < ((s->count + 1) >> 1);
- break;
- case 4:
- case 5:
- out = (d == s->count);
- break;
- }
- return out;
-}
-
-/* return -1 if no transition will occur. */
-int64_t pit_get_next_transition_time(PITChannelState *s, int64_t current_time)
-{
- uint64_t d, next_time, base;
- int period2;
-
- d = muldiv64(current_time - s->count_load_time, PIT_FREQ,
- get_ticks_per_sec());
- switch (s->mode) {
- default:
- case 0:
- case 1:
- if (d < s->count) {
- next_time = s->count;
- } else {
- return -1;
- }
- break;
- case 2:
- base = (d / s->count) * s->count;
- if ((d - base) == 0 && d != 0) {
- next_time = base + s->count;
- } else {
- next_time = base + s->count + 1;
- }
- break;
- case 3:
- base = (d / s->count) * s->count;
- period2 = ((s->count + 1) >> 1);
- if ((d - base) < period2) {
- next_time = base + period2;
- } else {
- next_time = base + s->count;
- }
- break;
- case 4:
- case 5:
- if (d < s->count) {
- next_time = s->count;
- } else if (d == s->count) {
- next_time = s->count + 1;
- } else {
- return -1;
- }
- break;
- }
- /* convert to timer units */
- next_time = s->count_load_time + muldiv64(next_time, get_ticks_per_sec(),
- PIT_FREQ);
- /* fix potential rounding problems */
- /* XXX: better solution: use a clock at PIT_FREQ Hz */
- if (next_time <= current_time) {
- next_time = current_time + 1;
- }
- return next_time;
-}
-
-void pit_get_channel_info_common(PITCommonState *s, PITChannelState *sc,
- PITChannelInfo *info)
-{
- info->gate = sc->gate;
- info->mode = sc->mode;
- info->initial_count = sc->count;
- info->out = pit_get_out(sc, qemu_get_clock_ns(vm_clock));
-}
-
-void pit_get_channel_info(ISADevice *dev, int channel, PITChannelInfo *info)
-{
- PITCommonState *pit = PIT_COMMON(dev);
- PITChannelState *s = &pit->channels[channel];
- PITCommonClass *c = PIT_COMMON_GET_CLASS(pit);
-
- c->get_channel_info(pit, s, info);
-}
-
-void pit_reset_common(PITCommonState *pit)
-{
- PITChannelState *s;
- int i;
-
- for (i = 0; i < 3; i++) {
- s = &pit->channels[i];
- s->mode = 3;
- s->gate = (i != 2);
- s->count_load_time = qemu_get_clock_ns(vm_clock);
- s->count = 0x10000;
- if (i == 0 && !s->irq_disabled) {
- s->next_transition_time =
- pit_get_next_transition_time(s, s->count_load_time);
- }
- }
-}
-
-static int pit_init_common(ISADevice *dev)
-{
- PITCommonState *pit = PIT_COMMON(dev);
- PITCommonClass *c = PIT_COMMON_GET_CLASS(pit);
- int ret;
-
- ret = c->init(pit);
- if (ret < 0) {
- return ret;
- }
-
- isa_register_ioport(dev, &pit->ioports, pit->iobase);
-
- qdev_set_legacy_instance_id(&dev->qdev, pit->iobase, 2);
-
- return 0;
-}
-
-static const VMStateDescription vmstate_pit_channel = {
- .name = "pit channel",
- .version_id = 2,
- .minimum_version_id = 2,
- .minimum_version_id_old = 2,
- .fields = (VMStateField[]) {
- VMSTATE_INT32(count, PITChannelState),
- VMSTATE_UINT16(latched_count, PITChannelState),
- VMSTATE_UINT8(count_latched, PITChannelState),
- VMSTATE_UINT8(status_latched, PITChannelState),
- VMSTATE_UINT8(status, PITChannelState),
- VMSTATE_UINT8(read_state, PITChannelState),
- VMSTATE_UINT8(write_state, PITChannelState),
- VMSTATE_UINT8(write_latch, PITChannelState),
- VMSTATE_UINT8(rw_mode, PITChannelState),
- VMSTATE_UINT8(mode, PITChannelState),
- VMSTATE_UINT8(bcd, PITChannelState),
- VMSTATE_UINT8(gate, PITChannelState),
- VMSTATE_INT64(count_load_time, PITChannelState),
- VMSTATE_INT64(next_transition_time, PITChannelState),
- VMSTATE_END_OF_LIST()
- }
-};
-
-static int pit_load_old(QEMUFile *f, void *opaque, int version_id)
-{
- PITCommonState *pit = opaque;
- PITCommonClass *c = PIT_COMMON_GET_CLASS(pit);
- PITChannelState *s;
- int i;
-
- if (version_id != 1) {
- return -EINVAL;
- }
-
- for (i = 0; i < 3; i++) {
- s = &pit->channels[i];
- s->count = qemu_get_be32(f);
- qemu_get_be16s(f, &s->latched_count);
- qemu_get_8s(f, &s->count_latched);
- qemu_get_8s(f, &s->status_latched);
- qemu_get_8s(f, &s->status);
- qemu_get_8s(f, &s->read_state);
- qemu_get_8s(f, &s->write_state);
- qemu_get_8s(f, &s->write_latch);
- qemu_get_8s(f, &s->rw_mode);
- qemu_get_8s(f, &s->mode);
- qemu_get_8s(f, &s->bcd);
- qemu_get_8s(f, &s->gate);
- s->count_load_time = qemu_get_be64(f);
- s->irq_disabled = 0;
- if (i == 0) {
- s->next_transition_time = qemu_get_be64(f);
- }
- }
- if (c->post_load) {
- c->post_load(pit);
- }
- return 0;
-}
-
-static void pit_dispatch_pre_save(void *opaque)
-{
- PITCommonState *s = opaque;
- PITCommonClass *c = PIT_COMMON_GET_CLASS(s);
-
- if (c->pre_save) {
- c->pre_save(s);
- }
-}
-
-static int pit_dispatch_post_load(void *opaque, int version_id)
-{
- PITCommonState *s = opaque;
- PITCommonClass *c = PIT_COMMON_GET_CLASS(s);
-
- if (c->post_load) {
- c->post_load(s);
- }
- return 0;
-}
-
-static const VMStateDescription vmstate_pit_common = {
- .name = "i8254",
- .version_id = 3,
- .minimum_version_id = 2,
- .minimum_version_id_old = 1,
- .load_state_old = pit_load_old,
- .pre_save = pit_dispatch_pre_save,
- .post_load = pit_dispatch_post_load,
- .fields = (VMStateField[]) {
- VMSTATE_UINT32_V(channels[0].irq_disabled, PITCommonState, 3),
- VMSTATE_STRUCT_ARRAY(channels, PITCommonState, 3, 2,
- vmstate_pit_channel, PITChannelState),
- VMSTATE_INT64(channels[0].next_transition_time,
- PITCommonState), /* formerly irq_timer */
- VMSTATE_END_OF_LIST()
- }
-};
-
-static void pit_common_class_init(ObjectClass *klass, void *data)
-{
- ISADeviceClass *ic = ISA_DEVICE_CLASS(klass);
- DeviceClass *dc = DEVICE_CLASS(klass);
-
- ic->init = pit_init_common;
- dc->vmsd = &vmstate_pit_common;
- dc->no_user = 1;
-}
-
-static TypeInfo pit_common_type = {
- .name = TYPE_PIT_COMMON,
- .parent = TYPE_ISA_DEVICE,
- .instance_size = sizeof(PITCommonState),
- .class_size = sizeof(PITCommonClass),
- .class_init = pit_common_class_init,
- .abstract = true,
-};
-
-static void register_devices(void)
-{
- type_register_static(&pit_common_type);
-}
-
-type_init(register_devices);
diff --git a/hw/i8254_internal.h b/hw/i8254_internal.h
deleted file mode 100644
index 686f0c2ba..000000000
--- a/hw/i8254_internal.h
+++ /dev/null
@@ -1,85 +0,0 @@
-/*
- * QEMU 8253/8254 - internal interfaces
- *
- * Copyright (c) 2011 Jan Kiszka, Siemens AG
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
- * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
- * THE SOFTWARE.
- */
-
-#ifndef QEMU_I8254_INTERNAL_H
-#define QEMU_I8254_INTERNAL_H
-
-#include "hw.h"
-#include "pc.h"
-#include "isa.h"
-
-typedef struct PITChannelState {
- int count; /* can be 65536 */
- uint16_t latched_count;
- uint8_t count_latched;
- uint8_t status_latched;
- uint8_t status;
- uint8_t read_state;
- uint8_t write_state;
- uint8_t write_latch;
- uint8_t rw_mode;
- uint8_t mode;
- uint8_t bcd; /* not supported */
- uint8_t gate; /* timer start */
- int64_t count_load_time;
- /* irq handling */
- int64_t next_transition_time;
- QEMUTimer *irq_timer;
- qemu_irq irq;
- uint32_t irq_disabled;
-} PITChannelState;
-
-typedef struct PITCommonState {
- ISADevice dev;
- MemoryRegion ioports;
- uint32_t iobase;
- PITChannelState channels[3];
-} PITCommonState;
-
-#define TYPE_PIT_COMMON "pit-common"
-#define PIT_COMMON(obj) \
- OBJECT_CHECK(PITCommonState, (obj), TYPE_PIT_COMMON)
-#define PIT_COMMON_CLASS(klass) \
- OBJECT_CLASS_CHECK(PITCommonClass, (klass), TYPE_PIT_COMMON)
-#define PIT_COMMON_GET_CLASS(obj) \
- OBJECT_GET_CLASS(PITCommonClass, (obj), TYPE_PIT_COMMON)
-
-typedef struct PITCommonClass {
- ISADeviceClass parent_class;
-
- int (*init)(PITCommonState *s);
- void (*set_channel_gate)(PITCommonState *s, PITChannelState *sc, int val);
- void (*get_channel_info)(PITCommonState *s, PITChannelState *sc,
- PITChannelInfo *info);
- void (*pre_save)(PITCommonState *s);
- void (*post_load)(PITCommonState *s);
-} PITCommonClass;
-
-int pit_get_out(PITChannelState *s, int64_t current_time);
-int64_t pit_get_next_transition_time(PITChannelState *s, int64_t current_time);
-void pit_get_channel_info_common(PITCommonState *s, PITChannelState *sc,
- PITChannelInfo *info);
-void pit_reset_common(PITCommonState *s);
-
-#endif /* !QEMU_I8254_INTERNAL_H */
diff --git a/hw/i8259.c b/hw/i8259.c
deleted file mode 100644
index af0ba4d7c..000000000
--- a/hw/i8259.c
+++ /dev/null
@@ -1,496 +0,0 @@
-/*
- * QEMU 8259 interrupt controller emulation
- *
- * Copyright (c) 2003-2004 Fabrice Bellard
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
- * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
- * THE SOFTWARE.
- */
-#include "hw.h"
-#include "pc.h"
-#include "isa.h"
-#include "monitor.h"
-#include "qemu-timer.h"
-#include "i8259_internal.h"
-
-/* debug PIC */
-//#define DEBUG_PIC
-
-#ifdef DEBUG_PIC
-#define DPRINTF(fmt, ...) \
- do { printf("pic: " fmt , ## __VA_ARGS__); } while (0)
-#else
-#define DPRINTF(fmt, ...)
-#endif
-
-//#define DEBUG_IRQ_LATENCY
-//#define DEBUG_IRQ_COUNT
-
-#if defined(DEBUG_PIC) || defined(DEBUG_IRQ_COUNT)
-static int irq_level[16];
-#endif
-#ifdef DEBUG_IRQ_COUNT
-static uint64_t irq_count[16];
-#endif
-#ifdef DEBUG_IRQ_LATENCY
-static int64_t irq_time[16];
-#endif
-DeviceState *isa_pic;
-static PICCommonState *slave_pic;
-
-/* return the highest priority found in mask (highest = smallest
- number). Return 8 if no irq */
-static int get_priority(PICCommonState *s, int mask)
-{
- int priority;
-
- if (mask == 0) {
- return 8;
- }
- priority = 0;
- while ((mask & (1 << ((priority + s->priority_add) & 7))) == 0) {
- priority++;
- }
- return priority;
-}
-
-/* return the pic wanted interrupt. return -1 if none */
-static int pic_get_irq(PICCommonState *s)
-{
- int mask, cur_priority, priority;
-
- mask = s->irr & ~s->imr;
- priority = get_priority(s, mask);
- if (priority == 8) {
- return -1;
- }
- /* compute current priority. If special fully nested mode on the
- master, the IRQ coming from the slave is not taken into account
- for the priority computation. */
- mask = s->isr;
- if (s->special_mask) {
- mask &= ~s->imr;
- }
- if (s->special_fully_nested_mode && s->master) {
- mask &= ~(1 << 2);
- }
- cur_priority = get_priority(s, mask);
- if (priority < cur_priority) {
- /* higher priority found: an irq should be generated */
- return (priority + s->priority_add) & 7;
- } else {
- return -1;
- }
-}
-
-/* Update INT output. Must be called every time the output may have changed. */
-static void pic_update_irq(PICCommonState *s)
-{
- int irq;
-
- irq = pic_get_irq(s);
- if (irq >= 0) {
- DPRINTF("pic%d: imr=%x irr=%x padd=%d\n",
- s->master ? 0 : 1, s->imr, s->irr, s->priority_add);
- qemu_irq_raise(s->int_out[0]);
- } else {
- qemu_irq_lower(s->int_out[0]);
- }
-}
-
-/* set irq level. If an edge is detected, then the IRR is set to 1 */
-static void pic_set_irq(void *opaque, int irq, int level)
-{
- PICCommonState *s = opaque;
- int mask = 1 << irq;
-
-#if defined(DEBUG_PIC) || defined(DEBUG_IRQ_COUNT) || \
- defined(DEBUG_IRQ_LATENCY)
- int irq_index = s->master ? irq : irq + 8;
-#endif
-#if defined(DEBUG_PIC) || defined(DEBUG_IRQ_COUNT)
- if (level != irq_level[irq_index]) {
- DPRINTF("pic_set_irq: irq=%d level=%d\n", irq_index, level);
- irq_level[irq_index] = level;
-#ifdef DEBUG_IRQ_COUNT
- if (level == 1) {
- irq_count[irq_index]++;
- }
-#endif
- }
-#endif
-#ifdef DEBUG_IRQ_LATENCY
- if (level) {
- irq_time[irq_index] = qemu_get_clock_ns(vm_clock);
- }
-#endif
-
- if (s->elcr & mask) {
- /* level triggered */
- if (level) {
- s->irr |= mask;
- s->last_irr |= mask;
- } else {
- s->irr &= ~mask;
- s->last_irr &= ~mask;
- }
- } else {
- /* edge triggered */
- if (level) {
- if ((s->last_irr & mask) == 0) {
- s->irr |= mask;
- }
- s->last_irr |= mask;
- } else {
- s->last_irr &= ~mask;
- }
- }
- pic_update_irq(s);
-}
-
-/* acknowledge interrupt 'irq' */
-static void pic_intack(PICCommonState *s, int irq)
-{
- if (s->auto_eoi) {
- if (s->rotate_on_auto_eoi) {
- s->priority_add = (irq + 1) & 7;
- }
- } else {
- s->isr |= (1 << irq);
- }
- /* We don't clear a level sensitive interrupt here */
- if (!(s->elcr & (1 << irq))) {
- s->irr &= ~(1 << irq);
- }
- pic_update_irq(s);
-}
-
-int pic_read_irq(DeviceState *d)
-{
- PICCommonState *s = DO_UPCAST(PICCommonState, dev.qdev, d);
- int irq, irq2, intno;
-
- irq = pic_get_irq(s);
- if (irq >= 0) {
- if (irq == 2) {
- irq2 = pic_get_irq(slave_pic);
- if (irq2 >= 0) {
- pic_intack(slave_pic, irq2);
- } else {
- /* spurious IRQ on slave controller */
- irq2 = 7;
- }
- intno = slave_pic->irq_base + irq2;
- } else {
- intno = s->irq_base + irq;
- }
- pic_intack(s, irq);
- } else {
- /* spurious IRQ on host controller */
- irq = 7;
- intno = s->irq_base + irq;
- }
-
-#if defined(DEBUG_PIC) || defined(DEBUG_IRQ_LATENCY)
- if (irq == 2) {
- irq = irq2 + 8;
- }
-#endif
-#ifdef DEBUG_IRQ_LATENCY
- printf("IRQ%d latency=%0.3fus\n",
- irq,
- (double)(qemu_get_clock_ns(vm_clock) -
- irq_time[irq]) * 1000000.0 / get_ticks_per_sec());
-#endif
- DPRINTF("pic_interrupt: irq=%d\n", irq);
- return intno;
-}
-
-static void pic_init_reset(PICCommonState *s)
-{
- pic_reset_common(s);
- pic_update_irq(s);
-}
-
-static void pic_reset(DeviceState *dev)
-{
- PICCommonState *s = DO_UPCAST(PICCommonState, dev.qdev, dev);
-
- s->elcr = 0;
- pic_init_reset(s);
-}
-
-static void pic_ioport_write(void *opaque, hwaddr addr64,
- uint64_t val64, unsigned size)
-{
- PICCommonState *s = opaque;
- uint32_t addr = addr64;
- uint32_t val = val64;
- int priority, cmd, irq;
-
- DPRINTF("write: addr=0x%02x val=0x%02x\n", addr, val);
- if (addr == 0) {
- if (val & 0x10) {
- pic_init_reset(s);
- s->init_state = 1;
- s->init4 = val & 1;
- s->single_mode = val & 2;
- if (val & 0x08) {
- hw_error("level sensitive irq not supported");
- }
- } else if (val & 0x08) {
- if (val & 0x04) {
- s->poll = 1;
- }
- if (val & 0x02) {
- s->read_reg_select = val & 1;
- }
- if (val & 0x40) {
- s->special_mask = (val >> 5) & 1;
- }
- } else {
- cmd = val >> 5;
- switch (cmd) {
- case 0:
- case 4:
- s->rotate_on_auto_eoi = cmd >> 2;
- break;
- case 1: /* end of interrupt */
- case 5:
- priority = get_priority(s, s->isr);
- if (priority != 8) {
- irq = (priority + s->priority_add) & 7;
- s->isr &= ~(1 << irq);
- if (cmd == 5) {
- s->priority_add = (irq + 1) & 7;
- }
- pic_update_irq(s);
- }
- break;
- case 3:
- irq = val & 7;
- s->isr &= ~(1 << irq);
- pic_update_irq(s);
- break;
- case 6:
- s->priority_add = (val + 1) & 7;
- pic_update_irq(s);
- break;
- case 7:
- irq = val & 7;
- s->isr &= ~(1 << irq);
- s->priority_add = (irq + 1) & 7;
- pic_update_irq(s);
- break;
- default:
- /* no operation */
- break;
- }
- }
- } else {
- switch (s->init_state) {
- case 0:
- /* normal mode */
- s->imr = val;
- pic_update_irq(s);
- break;
- case 1:
- s->irq_base = val & 0xf8;
- s->init_state = s->single_mode ? (s->init4 ? 3 : 0) : 2;
- break;
- case 2:
- if (s->init4) {
- s->init_state = 3;
- } else {
- s->init_state = 0;
- }
- break;
- case 3:
- s->special_fully_nested_mode = (val >> 4) & 1;
- s->auto_eoi = (val >> 1) & 1;
- s->init_state = 0;
- break;
- }
- }
-}
-
-static uint64_t pic_ioport_read(void *opaque, hwaddr addr,
- unsigned size)
-{
- PICCommonState *s = opaque;
- int ret;
-
- if (s->poll) {
- ret = pic_get_irq(s);
- if (ret >= 0) {
- pic_intack(s, ret);
- ret |= 0x80;
- } else {
- ret = 0;
- }
- s->poll = 0;
- } else {
- if (addr == 0) {
- if (s->read_reg_select) {
- ret = s->isr;
- } else {
- ret = s->irr;
- }
- } else {
- ret = s->imr;
- }
- }
- DPRINTF("read: addr=0x%02x val=0x%02x\n", addr, ret);
- return ret;
-}
-
-int pic_get_output(DeviceState *d)
-{
- PICCommonState *s = DO_UPCAST(PICCommonState, dev.qdev, d);
-
- return (pic_get_irq(s) >= 0);
-}
-
-static void elcr_ioport_write(void *opaque, hwaddr addr,
- uint64_t val, unsigned size)
-{
- PICCommonState *s = opaque;
- s->elcr = val & s->elcr_mask;
-}
-
-static uint64_t elcr_ioport_read(void *opaque, hwaddr addr,
- unsigned size)
-{
- PICCommonState *s = opaque;
- return s->elcr;
-}
-
-static const MemoryRegionOps pic_base_ioport_ops = {
- .read = pic_ioport_read,
- .write = pic_ioport_write,
- .impl = {
- .min_access_size = 1,
- .max_access_size = 1,
- },
-};
-
-static const MemoryRegionOps pic_elcr_ioport_ops = {
- .read = elcr_ioport_read,
- .write = elcr_ioport_write,
- .impl = {
- .min_access_size = 1,
- .max_access_size = 1,
- },
-};
-
-static void pic_init(PICCommonState *s)
-{
- memory_region_init_io(&s->base_io, &pic_base_ioport_ops, s, "pic", 2);
- memory_region_init_io(&s->elcr_io, &pic_elcr_ioport_ops, s, "elcr", 1);
-
- qdev_init_gpio_out(&s->dev.qdev, s->int_out, ARRAY_SIZE(s->int_out));
- qdev_init_gpio_in(&s->dev.qdev, pic_set_irq, 8);
-}
-
-void pic_info(Monitor *mon)
-{
- int i;
- PICCommonState *s;
-
- if (!isa_pic) {
- return;
- }
- for (i = 0; i < 2; i++) {
- s = i == 0 ? DO_UPCAST(PICCommonState, dev.qdev, isa_pic) : slave_pic;
- monitor_printf(mon, "pic%d: irr=%02x imr=%02x isr=%02x hprio=%d "
- "irq_base=%02x rr_sel=%d elcr=%02x fnm=%d\n",
- i, s->irr, s->imr, s->isr, s->priority_add,
- s->irq_base, s->read_reg_select, s->elcr,
- s->special_fully_nested_mode);
- }
-}
-
-void irq_info(Monitor *mon)
-{
-#ifndef DEBUG_IRQ_COUNT
- monitor_printf(mon, "irq statistic code not compiled.\n");
-#else
- int i;
- int64_t count;
-
- monitor_printf(mon, "IRQ statistics:\n");
- for (i = 0; i < 16; i++) {
- count = irq_count[i];
- if (count > 0) {
- monitor_printf(mon, "%2d: %" PRId64 "\n", i, count);
- }
- }
-#endif
-}
-
-qemu_irq *i8259_init(ISABus *bus, qemu_irq parent_irq)
-{
- qemu_irq *irq_set;
- ISADevice *dev;
- int i;
-
- irq_set = g_malloc(ISA_NUM_IRQS * sizeof(qemu_irq));
-
- dev = i8259_init_chip("isa-i8259", bus, true);
-
- qdev_connect_gpio_out(&dev->qdev, 0, parent_irq);
- for (i = 0 ; i < 8; i++) {
- irq_set[i] = qdev_get_gpio_in(&dev->qdev, i);
- }
-
- isa_pic = &dev->qdev;
-
- dev = i8259_init_chip("isa-i8259", bus, false);
-
- qdev_connect_gpio_out(&dev->qdev, 0, irq_set[2]);
- for (i = 0 ; i < 8; i++) {
- irq_set[i + 8] = qdev_get_gpio_in(&dev->qdev, i);
- }
-
- slave_pic = DO_UPCAST(PICCommonState, dev, dev);
-
- return irq_set;
-}
-
-static void i8259_class_init(ObjectClass *klass, void *data)
-{
- PICCommonClass *k = PIC_COMMON_CLASS(klass);
- DeviceClass *dc = DEVICE_CLASS(klass);
-
- k->init = pic_init;
- dc->reset = pic_reset;
-}
-
-static TypeInfo i8259_info = {
- .name = "isa-i8259",
- .instance_size = sizeof(PICCommonState),
- .parent = TYPE_PIC_COMMON,
- .class_init = i8259_class_init,
-};
-
-static void pic_register_types(void)
-{
- type_register_static(&i8259_info);
-}
-
-type_init(pic_register_types)
diff --git a/hw/i8259_common.c b/hw/i8259_common.c
deleted file mode 100644
index ab3d98b2a..000000000
--- a/hw/i8259_common.c
+++ /dev/null
@@ -1,161 +0,0 @@
-/*
- * QEMU 8259 - common bits of emulated and KVM kernel model
- *
- * Copyright (c) 2003-2004 Fabrice Bellard
- * Copyright (c) 2011 Jan Kiszka, Siemens AG
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
- * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
- * THE SOFTWARE.
- */
-#include "pc.h"
-#include "i8259_internal.h"
-
-void pic_reset_common(PICCommonState *s)
-{
- s->last_irr = 0;
- s->irr &= s->elcr;
- s->imr = 0;
- s->isr = 0;
- s->priority_add = 0;
- s->irq_base = 0;
- s->read_reg_select = 0;
- s->poll = 0;
- s->special_mask = 0;
- s->init_state = 0;
- s->auto_eoi = 0;
- s->rotate_on_auto_eoi = 0;
- s->special_fully_nested_mode = 0;
- s->init4 = 0;
- s->single_mode = 0;
- /* Note: ELCR is not reset */
-}
-
-static void pic_dispatch_pre_save(void *opaque)
-{
- PICCommonState *s = opaque;
- PICCommonClass *info = PIC_COMMON_GET_CLASS(s);
-
- if (info->pre_save) {
- info->pre_save(s);
- }
-}
-
-static int pic_dispatch_post_load(void *opaque, int version_id)
-{
- PICCommonState *s = opaque;
- PICCommonClass *info = PIC_COMMON_GET_CLASS(s);
-
- if (info->post_load) {
- info->post_load(s);
- }
- return 0;
-}
-
-static int pic_init_common(ISADevice *dev)
-{
- PICCommonState *s = DO_UPCAST(PICCommonState, dev, dev);
- PICCommonClass *info = PIC_COMMON_GET_CLASS(s);
-
- info->init(s);
-
- isa_register_ioport(NULL, &s->base_io, s->iobase);
- if (s->elcr_addr != -1) {
- isa_register_ioport(NULL, &s->elcr_io, s->elcr_addr);
- }
-
- qdev_set_legacy_instance_id(&s->dev.qdev, s->iobase, 1);
-
- return 0;
-}
-
-ISADevice *i8259_init_chip(const char *name, ISABus *bus, bool master)
-{
- ISADevice *dev;
-
- dev = isa_create(bus, name);
- qdev_prop_set_uint32(&dev->qdev, "iobase", master ? 0x20 : 0xa0);
- qdev_prop_set_uint32(&dev->qdev, "elcr_addr", master ? 0x4d0 : 0x4d1);
- qdev_prop_set_uint8(&dev->qdev, "elcr_mask", master ? 0xf8 : 0xde);
- qdev_prop_set_bit(&dev->qdev, "master", master);
- qdev_init_nofail(&dev->qdev);
-
- return dev;
-}
-
-static const VMStateDescription vmstate_pic_common = {
- .name = "i8259",
- .version_id = 1,
- .minimum_version_id = 1,
- .minimum_version_id_old = 1,
- .pre_save = pic_dispatch_pre_save,
- .post_load = pic_dispatch_post_load,
- .fields = (VMStateField[]) {
- VMSTATE_UINT8(last_irr, PICCommonState),
- VMSTATE_UINT8(irr, PICCommonState),
- VMSTATE_UINT8(imr, PICCommonState),
- VMSTATE_UINT8(isr, PICCommonState),
- VMSTATE_UINT8(priority_add, PICCommonState),
- VMSTATE_UINT8(irq_base, PICCommonState),
- VMSTATE_UINT8(read_reg_select, PICCommonState),
- VMSTATE_UINT8(poll, PICCommonState),
- VMSTATE_UINT8(special_mask, PICCommonState),
- VMSTATE_UINT8(init_state, PICCommonState),
- VMSTATE_UINT8(auto_eoi, PICCommonState),
- VMSTATE_UINT8(rotate_on_auto_eoi, PICCommonState),
- VMSTATE_UINT8(special_fully_nested_mode, PICCommonState),
- VMSTATE_UINT8(init4, PICCommonState),
- VMSTATE_UINT8(single_mode, PICCommonState),
- VMSTATE_UINT8(elcr, PICCommonState),
- VMSTATE_END_OF_LIST()
- }
-};
-
-static Property pic_properties_common[] = {
- DEFINE_PROP_HEX32("iobase", PICCommonState, iobase, -1),
- DEFINE_PROP_HEX32("elcr_addr", PICCommonState, elcr_addr, -1),
- DEFINE_PROP_HEX8("elcr_mask", PICCommonState, elcr_mask, -1),
- DEFINE_PROP_BIT("master", PICCommonState, master, 0, false),
- DEFINE_PROP_END_OF_LIST(),
-};
-
-static void pic_common_class_init(ObjectClass *klass, void *data)
-{
- ISADeviceClass *ic = ISA_DEVICE_CLASS(klass);
- DeviceClass *dc = DEVICE_CLASS(klass);
-
- dc->vmsd = &vmstate_pic_common;
- dc->no_user = 1;
- dc->props = pic_properties_common;
- ic->init = pic_init_common;
-}
-
-static TypeInfo pic_common_type = {
- .name = TYPE_PIC_COMMON,
- .parent = TYPE_ISA_DEVICE,
- .instance_size = sizeof(PICCommonState),
- .class_size = sizeof(PICCommonClass),
- .class_init = pic_common_class_init,
- .abstract = true,
-};
-
-static void register_types(void)
-{
- type_register_static(&pic_common_type);
-}
-
-type_init(register_types);
diff --git a/hw/i8259_internal.h b/hw/i8259_internal.h
deleted file mode 100644
index 8785b1da3..000000000
--- a/hw/i8259_internal.h
+++ /dev/null
@@ -1,82 +0,0 @@
-/*
- * QEMU 8259 - internal interfaces
- *
- * Copyright (c) 2011 Jan Kiszka, Siemens AG
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
- * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
- * THE SOFTWARE.
- */
-
-#ifndef QEMU_I8259_INTERNAL_H
-#define QEMU_I8259_INTERNAL_H
-
-#include "hw.h"
-#include "pc.h"
-#include "isa.h"
-
-typedef struct PICCommonState PICCommonState;
-
-#define TYPE_PIC_COMMON "pic-common"
-#define PIC_COMMON(obj) \
- OBJECT_CHECK(PICCommonState, (obj), TYPE_PIC_COMMON)
-#define PIC_COMMON_CLASS(klass) \
- OBJECT_CLASS_CHECK(PICCommonClass, (klass), TYPE_PIC_COMMON)
-#define PIC_COMMON_GET_CLASS(obj) \
- OBJECT_GET_CLASS(PICCommonClass, (obj), TYPE_PIC_COMMON)
-
-typedef struct PICCommonClass
-{
- ISADeviceClass parent_class;
- void (*init)(PICCommonState *s);
- void (*pre_save)(PICCommonState *s);
- void (*post_load)(PICCommonState *s);
-} PICCommonClass;
-
-struct PICCommonState {
- ISADevice dev;
- uint8_t last_irr; /* edge detection */
- uint8_t irr; /* interrupt request register */
- uint8_t imr; /* interrupt mask register */
- uint8_t isr; /* interrupt service register */
- uint8_t priority_add; /* highest irq priority */
- uint8_t irq_base;
- uint8_t read_reg_select;
- uint8_t poll;
- uint8_t special_mask;
- uint8_t init_state;
- uint8_t auto_eoi;
- uint8_t rotate_on_auto_eoi;
- uint8_t special_fully_nested_mode;
- uint8_t init4; /* true if 4 byte init */
- uint8_t single_mode; /* true if slave pic is not initialized */
- uint8_t elcr; /* PIIX edge/trigger selection*/
- uint8_t elcr_mask;
- qemu_irq int_out[1];
- uint32_t master; /* reflects /SP input pin */
- uint32_t iobase;
- uint32_t elcr_addr;
- MemoryRegion base_io;
- MemoryRegion elcr_io;
-};
-
-void pic_reset_common(PICCommonState *s);
-
-ISADevice *i8259_init_chip(const char *name, ISABus *bus, bool master);
-
-
-#endif /* !QEMU_I8259_INTERNAL_H */
diff --git a/hw/i82801b11.c b/hw/i82801b11.c
deleted file mode 100644
index 3d1f996b2..000000000
--- a/hw/i82801b11.c
+++ /dev/null
@@ -1,125 +0,0 @@
-/*
- * Copyright (c) 2006 Fabrice Bellard
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
- * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
- * THE SOFTWARE.
- */
-/*
- * QEMU i82801b11 dmi-to-pci Bridge Emulation
- *
- * Copyright (c) 2009, 2010, 2011
- * Isaku Yamahata <yamahata at valinux co jp>
- * VA Linux Systems Japan K.K.
- * Copyright (C) 2012 Jason Baron <jbaron@redhat.com>
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, see <http://www.gnu.org/licenses/>
- */
-
-#include "pci.h"
-#include "ich9.h"
-
-
-/*****************************************************************************/
-/* ICH9 DMI-to-PCI bridge */
-#define I82801ba_SSVID_OFFSET 0x50
-#define I82801ba_SSVID_SVID 0
-#define I82801ba_SSVID_SSID 0
-
-typedef struct I82801b11Bridge {
- PCIBridge br;
-} I82801b11Bridge;
-
-static int i82801b11_bridge_initfn(PCIDevice *d)
-{
- int rc;
-
- rc = pci_bridge_initfn(d);
- if (rc < 0) {
- return rc;
- }
-
- rc = pci_bridge_ssvid_init(d, I82801ba_SSVID_OFFSET,
- I82801ba_SSVID_SVID, I82801ba_SSVID_SSID);
- if (rc < 0) {
- goto err_bridge;
- }
- pci_config_set_prog_interface(d->config, PCI_CLASS_BRDIGE_PCI_INF_SUB);
- return 0;
-
-err_bridge:
- pci_bridge_exitfn(d);
-
- return rc;
-}
-
-static void i82801b11_bridge_class_init(ObjectClass *klass, void *data)
-{
- PCIDeviceClass *k = PCI_DEVICE_CLASS(klass);
-
- k->is_bridge = 1;
- k->vendor_id = PCI_VENDOR_ID_INTEL;
- k->device_id = PCI_DEVICE_ID_INTEL_82801BA_11;
- k->revision = ICH9_D2P_A2_REVISION;
- k->init = i82801b11_bridge_initfn;
-}
-
-static const TypeInfo i82801b11_bridge_info = {
- .name = "i82801b11-bridge",
- .parent = TYPE_PCI_DEVICE,
- .instance_size = sizeof(I82801b11Bridge),
- .class_init = i82801b11_bridge_class_init,
-};
-
-PCIBus *ich9_d2pbr_init(PCIBus *bus, int devfn, int sec_bus)
-{
- PCIDevice *d;
- PCIBridge *br;
- char buf[16];
- DeviceState *qdev;
-
- d = pci_create_multifunction(bus, devfn, true, "i82801b11-bridge");
- if (!d) {
- return NULL;
- }
- br = DO_UPCAST(PCIBridge, dev, d);
- qdev = &br->dev.qdev;
-
- snprintf(buf, sizeof(buf), "pci.%d", sec_bus);
- pci_bridge_map_irq(br, buf, pci_swizzle_map_irq_fn);
- qdev_init_nofail(qdev);
-
- return pci_bridge_get_sec_bus(br);
-}
-
-static void d2pbr_register(void)
-{
- type_register_static(&i82801b11_bridge_info);
-}
-
-type_init(d2pbr_register);
diff --git a/hw/ich9.h b/hw/ich9.h
deleted file mode 100644
index de491350c..000000000
--- a/hw/ich9.h
+++ /dev/null
@@ -1,207 +0,0 @@
-#ifndef HW_ICH9_H
-#define HW_ICH9_H
-
-#include "hw.h"
-#include "range.h"
-#include "isa.h"
-#include "sysbus.h"
-#include "pc.h"
-#include "apm.h"
-#include "ioapic.h"
-#include "pci.h"
-#include "pcie_host.h"
-#include "pci_bridge.h"
-#include "acpi.h"
-#include "acpi_ich9.h"
-#include "pam.h"
-#include "pci_internals.h"
-
-void ich9_lpc_set_irq(void *opaque, int irq_num, int level);
-int ich9_lpc_map_irq(PCIDevice *pci_dev, int intx);
-void ich9_lpc_pm_init(PCIDevice *pci_lpc, qemu_irq cmos_s3);
-PCIBus *ich9_d2pbr_init(PCIBus *bus, int devfn, int sec_bus);
-i2c_bus *ich9_smb_init(PCIBus *bus, int devfn, uint32_t smb_io_base);
-
-#define ICH9_CC_SIZE (16 * 1024) /* 16KB */
-
-#define TYPE_ICH9_LPC_DEVICE "ICH9 LPC"
-#define ICH9_LPC_DEVICE(obj) \
- OBJECT_CHECK(ICH9LPCState, (obj), TYPE_ICH9_LPC_DEVICE)
-
-typedef struct ICH9LPCState {
- /* ICH9 LPC PCI to ISA bridge */
- PCIDevice d;
-
- /* (pci device, intx) -> pirq
- * In real chipset case, the unused slots are never used
- * as ICH9 supports only D25-D32 irq routing.
- * On the other hand in qemu case, any slot/function can be populated
- * via command line option.
- * So fallback interrupt routing for any devices in any slots is necessary.
- */
- uint8_t irr[PCI_SLOT_MAX][PCI_NUM_PINS];
-
- APMState apm;
- ICH9LPCPMRegs pm;
- uint32_t sci_level; /* track sci level */
-
- /* 10.1 Chipset Configuration registers(Memory Space)
- which is pointed by RCBA */
- uint8_t chip_config[ICH9_CC_SIZE];
- /* isa bus */
- ISABus *isa_bus;
- MemoryRegion rbca_mem;
-
- qemu_irq *pic;
- qemu_irq *ioapic;
-} ICH9LPCState;
-
-#define Q35_MASK(bit, ms_bit, ls_bit) \
-((uint##bit##_t)(((1ULL << ((ms_bit) + 1)) - 1) & ~((1ULL << ls_bit) - 1)))
-
-/* ICH9: Chipset Configuration Registers */
-#define ICH9_CC_ADDR_MASK (ICH9_CC_SIZE - 1)
-
-#define ICH9_CC
-#define ICH9_CC_D28IP 0x310C
-#define ICH9_CC_D28IP_SHIFT 4
-#define ICH9_CC_D28IP_MASK 0xf
-#define ICH9_CC_D28IP_DEFAULT 0x00214321
-#define ICH9_CC_D31IR 0x3140
-#define ICH9_CC_D30IR 0x3142
-#define ICH9_CC_D29IR 0x3144
-#define ICH9_CC_D28IR 0x3146
-#define ICH9_CC_D27IR 0x3148
-#define ICH9_CC_D26IR 0x314C
-#define ICH9_CC_D25IR 0x3150
-#define ICH9_CC_DIR_DEFAULT 0x3210
-#define ICH9_CC_D30IR_DEFAULT 0x0
-#define ICH9_CC_DIR_SHIFT 4
-#define ICH9_CC_DIR_MASK 0x7
-#define ICH9_CC_OIC 0x31FF
-#define ICH9_CC_OIC_AEN 0x1
-
-/* D28:F[0-5] */
-#define ICH9_PCIE_DEV 28
-#define ICH9_PCIE_FUNC_MAX 6
-
-
-/* D29:F0 USB UHCI Controller #1 */
-#define ICH9_USB_UHCI1_DEV 29
-#define ICH9_USB_UHCI1_FUNC 0
-
-/* D30:F0 DMI-to-PCI brdige */
-#define ICH9_D2P_BRIDGE "ICH9 D2P BRIDGE"
-#define ICH9_D2P_BRIDGE_SAVEVM_VERSION 0
-
-#define ICH9_D2P_BRIDGE_DEV 30
-#define ICH9_D2P_BRIDGE_FUNC 0
-
-#define ICH9_D2P_SECONDARY_DEFAULT (256 - 8)
-
-#define ICH9_D2P_A2_REVISION 0x92
-
-
-/* D31:F1 LPC controller */
-#define ICH9_A2_LPC "ICH9 A2 LPC"
-#define ICH9_A2_LPC_SAVEVM_VERSION 0
-
-#define ICH9_LPC_DEV 31
-#define ICH9_LPC_FUNC 0
-
-#define ICH9_A2_LPC_REVISION 0x2
-#define ICH9_LPC_NB_PIRQS 8 /* PCI A-H */
-
-#define ICH9_LPC_PMBASE 0x40
-#define ICH9_LPC_PMBASE_BASE_ADDRESS_MASK Q35_MASK(32, 15, 7)
-#define ICH9_LPC_PMBASE_RTE 0x1
-#define ICH9_LPC_PMBASE_DEFAULT 0x1
-#define ICH9_LPC_ACPI_CTRL 0x44
-#define ICH9_LPC_ACPI_CTRL_ACPI_EN 0x80
-#define ICH9_LPC_ACPI_CTRL_SCI_IRQ_SEL_MASK Q35_MASK(8, 2, 0)
-#define ICH9_LPC_ACPI_CTRL_9 0x0
-#define ICH9_LPC_ACPI_CTRL_10 0x1
-#define ICH9_LPC_ACPI_CTRL_11 0x2
-#define ICH9_LPC_ACPI_CTRL_20 0x4
-#define ICH9_LPC_ACPI_CTRL_21 0x5
-#define ICH9_LPC_ACPI_CTRL_DEFAULT 0x0
-
-#define ICH9_LPC_PIRQA_ROUT 0x60
-#define ICH9_LPC_PIRQB_ROUT 0x61
-#define ICH9_LPC_PIRQC_ROUT 0x62
-#define ICH9_LPC_PIRQD_ROUT 0x63
-
-#define ICH9_LPC_PIRQE_ROUT 0x68
-#define ICH9_LPC_PIRQF_ROUT 0x69
-#define ICH9_LPC_PIRQG_ROUT 0x6a
-#define ICH9_LPC_PIRQH_ROUT 0x6b
-
-#define ICH9_LPC_PIRQ_ROUT_IRQEN 0x80
-#define ICH9_LPC_PIRQ_ROUT_MASK Q35_MASK(8, 3, 0)
-#define ICH9_LPC_PIRQ_ROUT_DEFAULT 0x80
-
-#define ICH9_LPC_RCBA 0xf0
-#define ICH9_LPC_RCBA_BA_MASK Q35_MASK(32, 31, 14)
-#define ICH9_LPC_RCBA_EN 0x1
-#define ICH9_LPC_RCBA_DEFAULT 0x0
-
-#define ICH9_LPC_PIC_NUM_PINS 16
-#define ICH9_LPC_IOAPIC_NUM_PINS 24
-
-/* D31:F2 SATA Controller #1 */
-#define ICH9_SATA1_DEV 31
-#define ICH9_SATA1_FUNC 2
-
-/* D30:F1 power management I/O registers
- offset from the address ICH9_LPC_PMBASE */
-
-/* ICH9 LPC PM I/O registers are 128 ports and 128-aligned */
-#define ICH9_PMIO_SIZE 128
-#define ICH9_PMIO_MASK (ICH9_PMIO_SIZE - 1)
-
-#define ICH9_PMIO_PM1_STS 0x00
-#define ICH9_PMIO_PM1_EN 0x02
-#define ICH9_PMIO_PM1_CNT 0x04
-#define ICH9_PMIO_PM1_TMR 0x08
-#define ICH9_PMIO_GPE0_STS 0x20
-#define ICH9_PMIO_GPE0_EN 0x28
-#define ICH9_PMIO_GPE0_LEN 16
-#define ICH9_PMIO_SMI_EN 0x30
-#define ICH9_PMIO_SMI_EN_APMC_EN (1 << 5)
-#define ICH9_PMIO_SMI_STS 0x34
-
-/* FADT ACPI_ENABLE/ACPI_DISABLE */
-#define ICH9_APM_ACPI_ENABLE 0x2
-#define ICH9_APM_ACPI_DISABLE 0x3
-
-
-/* D31:F3 SMBus controller */
-#define ICH9_A2_SMB_REVISION 0x02
-#define ICH9_SMB_PI 0x00
-
-#define ICH9_SMB_SMBMBAR0 0x10
-#define ICH9_SMB_SMBMBAR1 0x14
-#define ICH9_SMB_SMBM_BAR 0
-#define ICH9_SMB_SMBM_SIZE (1 << 8)
-#define ICH9_SMB_SMB_BASE 0x20
-#define ICH9_SMB_SMB_BASE_BAR 4
-#define ICH9_SMB_SMB_BASE_SIZE (1 << 5)
-#define ICH9_SMB_HOSTC 0x40
-#define ICH9_SMB_HOSTC_SSRESET ((uint8_t)(1 << 3))
-#define ICH9_SMB_HOSTC_I2C_EN ((uint8_t)(1 << 2))
-#define ICH9_SMB_HOSTC_SMB_SMI_EN ((uint8_t)(1 << 1))
-#define ICH9_SMB_HOSTC_HST_EN ((uint8_t)(1 << 0))
-
-/* D31:F3 SMBus I/O and memory mapped I/O registers */
-#define ICH9_SMB_DEV 31
-#define ICH9_SMB_FUNC 3
-
-#define ICH9_SMB_HST_STS 0x00
-#define ICH9_SMB_HST_CNT 0x02
-#define ICH9_SMB_HST_CMD 0x03
-#define ICH9_SMB_XMIT_SLVA 0x04
-#define ICH9_SMB_HST_D0 0x05
-#define ICH9_SMB_HST_D1 0x06
-#define ICH9_SMB_HOST_BLOCK_DB 0x07
-
-#endif /* HW_ICH9_H */
diff --git a/hw/ide.h b/hw/ide.h
deleted file mode 100644
index add742c4a..000000000
--- a/hw/ide.h
+++ /dev/null
@@ -1,39 +0,0 @@
-#ifndef HW_IDE_H
-#define HW_IDE_H
-
-#include "isa.h"
-#include "pci.h"
-#include "memory.h"
-
-#define MAX_IDE_DEVS 2
-
-/* ide-isa.c */
-ISADevice *isa_ide_init(ISABus *bus, int iobase, int iobase2, int isairq,
- DriveInfo *hd0, DriveInfo *hd1);
-
-/* ide-pci.c */
-void pci_cmd646_ide_init(PCIBus *bus, DriveInfo **hd_table,
- int secondary_ide_enabled);
-PCIDevice *pci_piix3_xen_ide_init(PCIBus *bus, DriveInfo **hd_table, int devfn);
-PCIDevice *pci_piix3_ide_init(PCIBus *bus, DriveInfo **hd_table, int devfn);
-PCIDevice *pci_piix4_ide_init(PCIBus *bus, DriveInfo **hd_table, int devfn);
-void vt82c686b_ide_init(PCIBus *bus, DriveInfo **hd_table, int devfn);
-
-/* ide-macio.c */
-MemoryRegion *pmac_ide_init (DriveInfo **hd_table, qemu_irq irq,
- void *dbdma, int channel, qemu_irq dma_irq);
-
-/* ide-mmio.c */
-void mmio_ide_init (hwaddr membase, hwaddr membase2,
- MemoryRegion *address_space,
- qemu_irq irq, int shift,
- DriveInfo *hd0, DriveInfo *hd1);
-
-int ide_get_geometry(BusState *bus, int unit,
- int16_t *cyls, int8_t *heads, int8_t *secs);
-int ide_get_bios_chs_trans(BusState *bus, int unit);
-
-/* ide/core.c */
-void ide_drive_get(DriveInfo **hd, int max_bus);
-
-#endif /* HW_IDE_H */
diff --git a/hw/ide/Makefile.objs b/hw/ide/Makefile.objs
index 5c8c22aad..729e9bd0d 100644
--- a/hw/ide/Makefile.objs
+++ b/hw/ide/Makefile.objs
@@ -5,6 +5,8 @@ common-obj-$(CONFIG_IDE_ISA) += isa.o
common-obj-$(CONFIG_IDE_PIIX) += piix.o
common-obj-$(CONFIG_IDE_CMD646) += cmd646.o
common-obj-$(CONFIG_IDE_MACIO) += macio.o
+common-obj-$(CONFIG_IDE_MMIO) += mmio.o
common-obj-$(CONFIG_IDE_VIA) += via.o
+common-obj-$(CONFIG_MICRODRIVE) += microdrive.o
common-obj-$(CONFIG_AHCI) += ahci.o
common-obj-$(CONFIG_AHCI) += ich.o
diff --git a/hw/ide/ahci.c b/hw/ide/ahci.c
index 67562db04..bba150fd7 100644
--- a/hw/ide/ahci.c
+++ b/hw/ide/ahci.c
@@ -22,14 +22,13 @@
*/
#include <hw/hw.h>
-#include <hw/msi.h>
-#include <hw/pc.h>
-#include <hw/pci.h>
+#include <hw/pci/msi.h>
+#include <hw/i386/pc.h>
+#include <hw/pci/pci.h>
#include <hw/sysbus.h>
-#include "monitor.h"
-#include "dma.h"
-#include "cpu-common.h"
+#include "monitor/monitor.h"
+#include "sysemu/dma.h"
#include "internal.h"
#include <hw/ide/pci.h>
#include <hw/ide/ahci.h>
@@ -118,12 +117,13 @@ static uint32_t ahci_port_read(AHCIState *s, int port, int offset)
static void ahci_irq_raise(AHCIState *s, AHCIDevice *dev)
{
- struct AHCIPCIState *d = container_of(s, AHCIPCIState, ahci);
+ AHCIPCIState *d = container_of(s, AHCIPCIState, ahci);
+ PCIDevice *pci_dev = PCI_DEVICE(d);
DPRINTF(0, "raise irq\n");
- if (msi_enabled(&d->card)) {
- msi_notify(&d->card, 0);
+ if (msi_enabled(pci_dev)) {
+ msi_notify(pci_dev, 0);
} else {
qemu_irq_raise(s->irq);
}
@@ -131,11 +131,11 @@ static void ahci_irq_raise(AHCIState *s, AHCIDevice *dev)
static void ahci_irq_lower(AHCIState *s, AHCIDevice *dev)
{
- struct AHCIPCIState *d = container_of(s, AHCIPCIState, ahci);
+ AHCIPCIState *d = container_of(s, AHCIPCIState, ahci);
DPRINTF(0, "lower irq\n");
- if (!msi_enabled(&d->card)) {
+ if (!msi_enabled(PCI_DEVICE(d))) {
qemu_irq_lower(s->irq);
}
}
@@ -241,7 +241,7 @@ static void ahci_port_write(AHCIState *s, int port, int offset, uint32_t val)
if ((pr->cmd & PORT_CMD_FIS_ON) &&
!s->dev[port].init_d2h_sent) {
ahci_init_d2h(&s->dev[port]);
- s->dev[port].init_d2h_sent = 1;
+ s->dev[port].init_d2h_sent = true;
}
check_cmd(s, port);
@@ -494,7 +494,7 @@ static void ahci_reset_port(AHCIState *s, int port)
pr->scr_err = 0;
pr->scr_act = 0;
d->busy_slot = -1;
- d->init_d2h_sent = 0;
+ d->init_d2h_sent = false;
ide_state = &s->dev[port].port.ifs[0];
if (!ide_state->bs) {
@@ -598,7 +598,7 @@ static void ahci_write_fis_d2h(AHCIDevice *ad, uint8_t *cmd_fis)
if (!cmd_fis) {
/* map cmd_fis */
uint64_t tbl_addr = le64_to_cpu(ad->cur_cmd->tbl_addr);
- cmd_fis = dma_memory_map(ad->hba->dma, tbl_addr, &cmd_len,
+ cmd_fis = dma_memory_map(ad->hba->as, tbl_addr, &cmd_len,
DMA_DIRECTION_TO_DEVICE);
cmd_mapped = 1;
}
@@ -631,7 +631,7 @@ static void ahci_write_fis_d2h(AHCIDevice *ad, uint8_t *cmd_fis)
ahci_trigger_irq(ad->hba, ad, PORT_IRQ_D2H_REG_FIS);
if (cmd_mapped) {
- dma_memory_unmap(ad->hba->dma, cmd_fis, cmd_len,
+ dma_memory_unmap(ad->hba->as, cmd_fis, cmd_len,
DMA_DIRECTION_TO_DEVICE, cmd_len);
}
}
@@ -651,6 +651,8 @@ static int ahci_populate_sglist(AHCIDevice *ad, QEMUSGList *sglist, int offset)
int off_idx = -1;
int off_pos = -1;
int tbl_entry_size;
+ IDEBus *bus = &ad->port;
+ BusState *qbus = BUS(bus);
if (!sglist_alloc_hint) {
DPRINTF(ad->port_no, "no sg list given by guest: 0x%08x\n", opts);
@@ -658,7 +660,7 @@ static int ahci_populate_sglist(AHCIDevice *ad, QEMUSGList *sglist, int offset)
}
/* map PRDT */
- if (!(prdt = dma_memory_map(ad->hba->dma, prdt_addr, &prdt_len,
+ if (!(prdt = dma_memory_map(ad->hba->as, prdt_addr, &prdt_len,
DMA_DIRECTION_TO_DEVICE))){
DPRINTF(ad->port_no, "map failed\n");
return -1;
@@ -692,7 +694,8 @@ static int ahci_populate_sglist(AHCIDevice *ad, QEMUSGList *sglist, int offset)
goto out;
}
- qemu_sglist_init(sglist, (sglist_alloc_hint - off_idx), ad->hba->dma);
+ qemu_sglist_init(sglist, qbus->parent, (sglist_alloc_hint - off_idx),
+ ad->hba->as);
qemu_sglist_add(sglist, le64_to_cpu(tbl[off_idx].addr + off_pos),
le32_to_cpu(tbl[off_idx].flags_size) + 1 - off_pos);
@@ -704,7 +707,7 @@ static int ahci_populate_sglist(AHCIDevice *ad, QEMUSGList *sglist, int offset)
}
out:
- dma_memory_unmap(ad->hba->dma, prdt, prdt_len,
+ dma_memory_unmap(ad->hba->as, prdt, prdt_len,
DMA_DIRECTION_TO_DEVICE, prdt_len);
return r;
}
@@ -837,7 +840,7 @@ static int handle_cmd(AHCIState *s, int port, int slot)
tbl_addr = le64_to_cpu(cmd->tbl_addr);
cmd_len = 0x80;
- cmd_fis = dma_memory_map(s->dma, tbl_addr, &cmd_len,
+ cmd_fis = dma_memory_map(s->as, tbl_addr, &cmd_len,
DMA_DIRECTION_FROM_DEVICE);
if (!cmd_fis) {
@@ -946,7 +949,7 @@ static int handle_cmd(AHCIState *s, int port, int slot)
ide_state->hcyl = 0xeb;
debug_print_fis(ide_state->io_buffer, 0x10);
ide_state->feature = IDE_FEATURE_DMA;
- s->dev[port].done_atapi_packet = 0;
+ s->dev[port].done_atapi_packet = false;
/* XXX send PIO setup FIS */
}
@@ -964,7 +967,7 @@ static int handle_cmd(AHCIState *s, int port, int slot)
}
out:
- dma_memory_unmap(s->dma, cmd_fis, cmd_len, DMA_DIRECTION_FROM_DEVICE,
+ dma_memory_unmap(s->as, cmd_fis, cmd_len, DMA_DIRECTION_FROM_DEVICE,
cmd_len);
if (s->dev[port].port.ifs[0].status & (BUSY_STAT|DRQ_STAT)) {
@@ -991,7 +994,7 @@ static int ahci_start_transfer(IDEDMA *dma)
if (is_atapi && !ad->done_atapi_packet) {
/* already prepopulated iobuffer */
- ad->done_atapi_packet = 1;
+ ad->done_atapi_packet = true;
goto out;
}
@@ -1035,11 +1038,10 @@ out:
static void ahci_start_dma(IDEDMA *dma, IDEState *s,
BlockDriverCompletionFunc *dma_cb)
{
+#ifdef DEBUG_AHCI
AHCIDevice *ad = DO_UPCAST(AHCIDevice, dma, dma);
-
+#endif
DPRINTF(ad->port_no, "\n");
- ad->dma_cb = dma_cb;
- ad->dma_status |= BM_STATUS_DMAING;
s->io_buffer_offset = 0;
dma_cb(s, 0);
}
@@ -1095,7 +1097,6 @@ static int ahci_dma_set_unit(IDEDMA *dma, int unit)
static int ahci_dma_add_status(IDEDMA *dma, int status)
{
AHCIDevice *ad = DO_UPCAST(AHCIDevice, dma, dma);
- ad->dma_status |= status;
DPRINTF(ad->port_no, "set status: %x\n", status);
if (status & BM_STATUS_INT) {
@@ -1107,15 +1108,18 @@ static int ahci_dma_add_status(IDEDMA *dma, int status)
static int ahci_dma_set_inactive(IDEDMA *dma)
{
+ return 0;
+}
+
+static int ahci_async_cmd_done(IDEDMA *dma)
+{
AHCIDevice *ad = DO_UPCAST(AHCIDevice, dma, dma);
- DPRINTF(ad->port_no, "dma done\n");
+ DPRINTF(ad->port_no, "async cmd done\n");
/* update d2h status */
ahci_write_fis_d2h(ad, NULL);
- ad->dma_cb = NULL;
-
if (!ad->check_bh) {
/* maybe we still have something to process, check later */
ad->check_bh = qemu_bh_new(ahci_check_cmd_bh, ad);
@@ -1146,29 +1150,32 @@ static const IDEDMAOps ahci_dma_ops = {
.set_unit = ahci_dma_set_unit,
.add_status = ahci_dma_add_status,
.set_inactive = ahci_dma_set_inactive,
+ .async_cmd_done = ahci_async_cmd_done,
.restart_cb = ahci_dma_restart_cb,
.reset = ahci_dma_reset,
};
-void ahci_init(AHCIState *s, DeviceState *qdev, DMAContext *dma, int ports)
+void ahci_init(AHCIState *s, DeviceState *qdev, AddressSpace *as, int ports)
{
qemu_irq *irqs;
int i;
- s->dma = dma;
+ s->as = as;
s->ports = ports;
s->dev = g_malloc0(sizeof(AHCIDevice) * ports);
ahci_reg_init(s);
/* XXX BAR size should be 1k, but that breaks, so bump it to 4k for now */
- memory_region_init_io(&s->mem, &ahci_mem_ops, s, "ahci", AHCI_MEM_BAR_SIZE);
- memory_region_init_io(&s->idp, &ahci_idp_ops, s, "ahci-idp", 32);
+ memory_region_init_io(&s->mem, OBJECT(qdev), &ahci_mem_ops, s,
+ "ahci", AHCI_MEM_BAR_SIZE);
+ memory_region_init_io(&s->idp, OBJECT(qdev), &ahci_idp_ops, s,
+ "ahci-idp", 32);
irqs = qemu_allocate_irqs(ahci_irq_set, s, s->ports);
for (i = 0; i < s->ports; i++) {
AHCIDevice *ad = &s->dev[i];
- ide_bus_new(&ad->port, qdev, i);
+ ide_bus_new(&ad->port, qdev, i, 1);
ide_init2(&ad->port, irqs[i]);
ad->hba = s;
@@ -1203,32 +1210,119 @@ void ahci_reset(AHCIState *s)
}
}
+static const VMStateDescription vmstate_ahci_device = {
+ .name = "ahci port",
+ .version_id = 1,
+ .fields = (VMStateField []) {
+ VMSTATE_IDE_BUS(port, AHCIDevice),
+ VMSTATE_UINT32(port_state, AHCIDevice),
+ VMSTATE_UINT32(finished, AHCIDevice),
+ VMSTATE_UINT32(port_regs.lst_addr, AHCIDevice),
+ VMSTATE_UINT32(port_regs.lst_addr_hi, AHCIDevice),
+ VMSTATE_UINT32(port_regs.fis_addr, AHCIDevice),
+ VMSTATE_UINT32(port_regs.fis_addr_hi, AHCIDevice),
+ VMSTATE_UINT32(port_regs.irq_stat, AHCIDevice),
+ VMSTATE_UINT32(port_regs.irq_mask, AHCIDevice),
+ VMSTATE_UINT32(port_regs.cmd, AHCIDevice),
+ VMSTATE_UINT32(port_regs.tfdata, AHCIDevice),
+ VMSTATE_UINT32(port_regs.sig, AHCIDevice),
+ VMSTATE_UINT32(port_regs.scr_stat, AHCIDevice),
+ VMSTATE_UINT32(port_regs.scr_ctl, AHCIDevice),
+ VMSTATE_UINT32(port_regs.scr_err, AHCIDevice),
+ VMSTATE_UINT32(port_regs.scr_act, AHCIDevice),
+ VMSTATE_UINT32(port_regs.cmd_issue, AHCIDevice),
+ VMSTATE_BOOL(done_atapi_packet, AHCIDevice),
+ VMSTATE_INT32(busy_slot, AHCIDevice),
+ VMSTATE_BOOL(init_d2h_sent, AHCIDevice),
+ VMSTATE_END_OF_LIST()
+ },
+};
+
+static int ahci_state_post_load(void *opaque, int version_id)
+{
+ int i;
+ struct AHCIDevice *ad;
+ AHCIState *s = opaque;
+
+ for (i = 0; i < s->ports; i++) {
+ ad = &s->dev[i];
+ AHCIPortRegs *pr = &ad->port_regs;
+
+ map_page(&ad->lst,
+ ((uint64_t)pr->lst_addr_hi << 32) | pr->lst_addr, 1024);
+ map_page(&ad->res_fis,
+ ((uint64_t)pr->fis_addr_hi << 32) | pr->fis_addr, 256);
+ /*
+ * All pending i/o should be flushed out on a migrate. However,
+ * we might not have cleared the busy_slot since this is done
+ * in a bh. Also, issue i/o against any slots that are pending.
+ */
+ if ((ad->busy_slot != -1) &&
+ !(ad->port.ifs[0].status & (BUSY_STAT|DRQ_STAT))) {
+ pr->cmd_issue &= ~(1 << ad->busy_slot);
+ ad->busy_slot = -1;
+ }
+ check_cmd(s, i);
+ }
+
+ return 0;
+}
+
+const VMStateDescription vmstate_ahci = {
+ .name = "ahci",
+ .version_id = 1,
+ .post_load = ahci_state_post_load,
+ .fields = (VMStateField []) {
+ VMSTATE_STRUCT_VARRAY_POINTER_INT32(dev, AHCIState, ports,
+ vmstate_ahci_device, AHCIDevice),
+ VMSTATE_UINT32(control_regs.cap, AHCIState),
+ VMSTATE_UINT32(control_regs.ghc, AHCIState),
+ VMSTATE_UINT32(control_regs.irqstatus, AHCIState),
+ VMSTATE_UINT32(control_regs.impl, AHCIState),
+ VMSTATE_UINT32(control_regs.version, AHCIState),
+ VMSTATE_UINT32(idp_index, AHCIState),
+ VMSTATE_INT32(ports, AHCIState),
+ VMSTATE_END_OF_LIST()
+ },
+};
+
+#define TYPE_SYSBUS_AHCI "sysbus-ahci"
+#define SYSBUS_AHCI(obj) OBJECT_CHECK(SysbusAHCIState, (obj), TYPE_SYSBUS_AHCI)
+
typedef struct SysbusAHCIState {
- SysBusDevice busdev;
+ /*< private >*/
+ SysBusDevice parent_obj;
+ /*< public >*/
+
AHCIState ahci;
uint32_t num_ports;
} SysbusAHCIState;
static const VMStateDescription vmstate_sysbus_ahci = {
.name = "sysbus-ahci",
- .unmigratable = 1,
+ .unmigratable = 1, /* Still buggy under I/O load */
+ .fields = (VMStateField []) {
+ VMSTATE_AHCI(ahci, AHCIPCIState),
+ VMSTATE_END_OF_LIST()
+ },
};
static void sysbus_ahci_reset(DeviceState *dev)
{
- SysbusAHCIState *s = DO_UPCAST(SysbusAHCIState, busdev.qdev, dev);
+ SysbusAHCIState *s = SYSBUS_AHCI(dev);
ahci_reset(&s->ahci);
}
-static int sysbus_ahci_init(SysBusDevice *dev)
+static void sysbus_ahci_realize(DeviceState *dev, Error **errp)
{
- SysbusAHCIState *s = FROM_SYSBUS(SysbusAHCIState, dev);
- ahci_init(&s->ahci, &dev->qdev, NULL, s->num_ports);
+ SysBusDevice *sbd = SYS_BUS_DEVICE(dev);
+ SysbusAHCIState *s = SYSBUS_AHCI(dev);
- sysbus_init_mmio(dev, &s->ahci.mem);
- sysbus_init_irq(dev, &s->ahci.irq);
- return 0;
+ ahci_init(&s->ahci, dev, NULL, s->num_ports);
+
+ sysbus_init_mmio(sbd, &s->ahci.mem);
+ sysbus_init_irq(sbd, &s->ahci.irq);
}
static Property sysbus_ahci_properties[] = {
@@ -1238,17 +1332,17 @@ static Property sysbus_ahci_properties[] = {
static void sysbus_ahci_class_init(ObjectClass *klass, void *data)
{
- SysBusDeviceClass *sbc = SYS_BUS_DEVICE_CLASS(klass);
DeviceClass *dc = DEVICE_CLASS(klass);
- sbc->init = sysbus_ahci_init;
+ dc->realize = sysbus_ahci_realize;
dc->vmsd = &vmstate_sysbus_ahci;
dc->props = sysbus_ahci_properties;
dc->reset = sysbus_ahci_reset;
+ set_bit(DEVICE_CATEGORY_STORAGE, dc->categories);
}
-static TypeInfo sysbus_ahci_info = {
- .name = "sysbus-ahci",
+static const TypeInfo sysbus_ahci_info = {
+ .name = TYPE_SYSBUS_AHCI,
.parent = TYPE_SYS_BUS_DEVICE,
.instance_size = sizeof(SysbusAHCIState),
.class_init = sysbus_ahci_class_init,
diff --git a/hw/ide/ahci.h b/hw/ide/ahci.h
index 1200a56ad..20e412c24 100644
--- a/hw/ide/ahci.h
+++ b/hw/ide/ahci.h
@@ -281,11 +281,9 @@ struct AHCIDevice {
QEMUBH *check_bh;
uint8_t *lst;
uint8_t *res_fis;
- int dma_status;
- int done_atapi_packet;
- int busy_slot;
- int init_d2h_sent;
- BlockDriverCompletionFunc *dma_cb;
+ bool done_atapi_packet;
+ int32_t busy_slot;
+ bool init_d2h_sent;
AHCICmdHdr *cur_cmd;
NCQTransferState ncq_tfs[AHCI_MAX_CMDS];
};
@@ -297,16 +295,34 @@ typedef struct AHCIState {
MemoryRegion idp; /* Index-Data Pair I/O port space */
unsigned idp_offset; /* Offset of index in I/O port space */
uint32_t idp_index; /* Current IDP index */
- int ports;
+ int32_t ports;
qemu_irq irq;
- DMAContext *dma;
+ AddressSpace *as;
} AHCIState;
typedef struct AHCIPCIState {
- PCIDevice card;
+ /*< private >*/
+ PCIDevice parent_obj;
+ /*< public >*/
+
AHCIState ahci;
} AHCIPCIState;
+#define TYPE_ICH9_AHCI "ich9-ahci"
+
+#define ICH_AHCI(obj) \
+ OBJECT_CHECK(AHCIPCIState, (obj), TYPE_ICH9_AHCI)
+
+extern const VMStateDescription vmstate_ahci;
+
+#define VMSTATE_AHCI(_field, _state) { \
+ .name = (stringify(_field)), \
+ .size = sizeof(AHCIState), \
+ .vmsd = &vmstate_ahci, \
+ .flags = VMS_STRUCT, \
+ .offset = vmstate_offset_value(_state, _field, AHCIState), \
+}
+
typedef struct NCQFrame {
uint8_t fis_type;
uint8_t c;
@@ -330,7 +346,7 @@ typedef struct NCQFrame {
uint8_t reserved10;
} QEMU_PACKED NCQFrame;
-void ahci_init(AHCIState *s, DeviceState *qdev, DMAContext *dma, int ports);
+void ahci_init(AHCIState *s, DeviceState *qdev, AddressSpace *as, int ports);
void ahci_uninit(AHCIState *s);
void ahci_reset(AHCIState *s);
diff --git a/hw/ide/atapi.c b/hw/ide/atapi.c
index 861fd2bec..05e60b1cd 100644
--- a/hw/ide/atapi.c
+++ b/hw/ide/atapi.c
@@ -24,7 +24,7 @@
*/
#include "hw/ide/internal.h"
-#include "hw/scsi.h"
+#include "hw/scsi/scsi.h"
static void ide_atapi_cmd_read_dma_cb(void *opaque, int ret);
diff --git a/hw/ide/cmd646.c b/hw/ide/cmd646.c
index 804db60ff..d6ef7992d 100644
--- a/hw/ide/cmd646.c
+++ b/hw/ide/cmd646.c
@@ -23,12 +23,12 @@
* THE SOFTWARE.
*/
#include <hw/hw.h>
-#include <hw/pc.h>
-#include <hw/pci.h>
-#include <hw/isa.h>
-#include "block.h"
-#include "sysemu.h"
-#include "dma.h"
+#include <hw/i386/pc.h>
+#include <hw/pci/pci.h>
+#include <hw/isa/isa.h>
+#include "block/block.h"
+#include "sysemu/sysemu.h"
+#include "sysemu/dma.h"
#include <hw/ide/pci.h>
@@ -117,15 +117,17 @@ static void setup_cmd646_bar(PCIIDEState *d, int bus_num)
bar->bus = bus;
bar->pci_dev = d;
- memory_region_init_io(&bar->cmd, &cmd646_cmd_ops, bar, "cmd646-cmd", 4);
- memory_region_init_io(&bar->data, &cmd646_data_ops, bar, "cmd646-data", 8);
+ memory_region_init_io(&bar->cmd, OBJECT(d), &cmd646_cmd_ops, bar,
+ "cmd646-cmd", 4);
+ memory_region_init_io(&bar->data, OBJECT(d), &cmd646_data_ops, bar,
+ "cmd646-data", 8);
}
static uint64_t bmdma_read(void *opaque, hwaddr addr,
unsigned size)
{
BMDMAState *bm = opaque;
- PCIIDEState *pci_dev = bm->pci_dev;
+ PCIDevice *pci_dev = PCI_DEVICE(bm->pci_dev);
uint32_t val;
if (size != 1) {
@@ -137,16 +139,16 @@ static uint64_t bmdma_read(void *opaque, hwaddr addr,
val = bm->cmd;
break;
case 1:
- val = pci_dev->dev.config[MRDMODE];
+ val = pci_dev->config[MRDMODE];
break;
case 2:
val = bm->status;
break;
case 3:
- if (bm == &pci_dev->bmdma[0]) {
- val = pci_dev->dev.config[UDIDETCR0];
+ if (bm == &bm->pci_dev->bmdma[0]) {
+ val = pci_dev->config[UDIDETCR0];
} else {
- val = pci_dev->dev.config[UDIDETCR1];
+ val = pci_dev->config[UDIDETCR1];
}
break;
default:
@@ -154,7 +156,7 @@ static uint64_t bmdma_read(void *opaque, hwaddr addr,
break;
}
#ifdef DEBUG_IDE
- printf("bmdma: readb 0x%02x : 0x%02x\n", addr, val);
+ printf("bmdma: readb " TARGET_FMT_plx " : 0x%02x\n", addr, val);
#endif
return val;
}
@@ -163,32 +165,33 @@ static void bmdma_write(void *opaque, hwaddr addr,
uint64_t val, unsigned size)
{
BMDMAState *bm = opaque;
- PCIIDEState *pci_dev = bm->pci_dev;
+ PCIDevice *pci_dev = PCI_DEVICE(bm->pci_dev);
if (size != 1) {
return;
}
#ifdef DEBUG_IDE
- printf("bmdma: writeb 0x%02x : 0x%02x\n", addr, val);
+ printf("bmdma: writeb " TARGET_FMT_plx " : 0x%" PRIx64 "\n", addr, val);
#endif
switch(addr & 3) {
case 0:
bmdma_cmd_writeb(bm, val);
break;
case 1:
- pci_dev->dev.config[MRDMODE] =
- (pci_dev->dev.config[MRDMODE] & ~0x30) | (val & 0x30);
- cmd646_update_irq(pci_dev);
+ pci_dev->config[MRDMODE] =
+ (pci_dev->config[MRDMODE] & ~0x30) | (val & 0x30);
+ cmd646_update_irq(bm->pci_dev);
break;
case 2:
bm->status = (val & 0x60) | (bm->status & 1) | (bm->status & ~val & 0x06);
break;
case 3:
- if (bm == &pci_dev->bmdma[0])
- pci_dev->dev.config[UDIDETCR0] = val;
- else
- pci_dev->dev.config[UDIDETCR1] = val;
+ if (bm == &bm->pci_dev->bmdma[0]) {
+ pci_dev->config[UDIDETCR0] = val;
+ } else {
+ pci_dev->config[UDIDETCR1] = val;
+ }
break;
}
}
@@ -203,13 +206,14 @@ static void bmdma_setup_bar(PCIIDEState *d)
BMDMAState *bm;
int i;
- memory_region_init(&d->bmdma_bar, "cmd646-bmdma", 16);
+ memory_region_init(&d->bmdma_bar, OBJECT(d), "cmd646-bmdma", 16);
for(i = 0;i < 2; i++) {
bm = &d->bmdma[i];
- memory_region_init_io(&bm->extra_io, &cmd646_bmdma_ops, bm,
+ memory_region_init_io(&bm->extra_io, OBJECT(d), &cmd646_bmdma_ops, bm,
"cmd646-bmdma-bus", 4);
memory_region_add_subregion(&d->bmdma_bar, i * 8, &bm->extra_io);
- memory_region_init_io(&bm->addr_ioport, &bmdma_addr_ioport_ops, bm,
+ memory_region_init_io(&bm->addr_ioport, OBJECT(d),
+ &bmdma_addr_ioport_ops, bm,
"cmd646-bmdma-ioport", 4);
memory_region_add_subregion(&d->bmdma_bar, i * 8 + 4, &bm->addr_ioport);
}
@@ -219,25 +223,29 @@ static void bmdma_setup_bar(PCIIDEState *d)
registers */
static void cmd646_update_irq(PCIIDEState *d)
{
+ PCIDevice *pd = PCI_DEVICE(d);
int pci_level;
- pci_level = ((d->dev.config[MRDMODE] & MRDMODE_INTR_CH0) &&
- !(d->dev.config[MRDMODE] & MRDMODE_BLK_CH0)) ||
- ((d->dev.config[MRDMODE] & MRDMODE_INTR_CH1) &&
- !(d->dev.config[MRDMODE] & MRDMODE_BLK_CH1));
- qemu_set_irq(d->dev.irq[0], pci_level);
+
+ pci_level = ((pd->config[MRDMODE] & MRDMODE_INTR_CH0) &&
+ !(pd->config[MRDMODE] & MRDMODE_BLK_CH0)) ||
+ ((pd->config[MRDMODE] & MRDMODE_INTR_CH1) &&
+ !(pd->config[MRDMODE] & MRDMODE_BLK_CH1));
+ qemu_set_irq(pd->irq[0], pci_level);
}
/* the PCI irq level is the logical OR of the two channels */
static void cmd646_set_irq(void *opaque, int channel, int level)
{
PCIIDEState *d = opaque;
+ PCIDevice *pd = PCI_DEVICE(d);
int irq_mask;
irq_mask = MRDMODE_INTR_CH0 << channel;
- if (level)
- d->dev.config[MRDMODE] |= irq_mask;
- else
- d->dev.config[MRDMODE] &= ~irq_mask;
+ if (level) {
+ pd->config[MRDMODE] |= irq_mask;
+ } else {
+ pd->config[MRDMODE] &= ~irq_mask;
+ }
cmd646_update_irq(d);
}
@@ -254,8 +262,8 @@ static void cmd646_reset(void *opaque)
/* CMD646 PCI IDE controller */
static int pci_cmd646_ide_initfn(PCIDevice *dev)
{
- PCIIDEState *d = DO_UPCAST(PCIIDEState, dev, dev);
- uint8_t *pci_conf = d->dev.config;
+ PCIIDEState *d = PCI_IDE(dev);
+ uint8_t *pci_conf = dev->config;
qemu_irq *irq;
int i;
@@ -281,7 +289,7 @@ static int pci_cmd646_ide_initfn(PCIDevice *dev)
irq = qemu_allocate_irqs(cmd646_set_irq, d, 2);
for (i = 0; i < 2; i++) {
- ide_bus_new(&d->bus[i], &d->dev.qdev, i);
+ ide_bus_new(&d->bus[i], DEVICE(dev), i, 2);
ide_init2(&d->bus[i], irq[i]);
bmdma_init(&d->bus[i], &d->bmdma[i], d);
@@ -290,14 +298,14 @@ static int pci_cmd646_ide_initfn(PCIDevice *dev)
&d->bmdma[i].dma);
}
- vmstate_register(&dev->qdev, 0, &vmstate_ide_pci, d);
+ vmstate_register(DEVICE(dev), 0, &vmstate_ide_pci, d);
qemu_register_reset(cmd646_reset, d);
return 0;
}
static void pci_cmd646_ide_exitfn(PCIDevice *dev)
{
- PCIIDEState *d = DO_UPCAST(PCIIDEState, dev, dev);
+ PCIIDEState *d = PCI_IDE(dev);
unsigned i;
for (i = 0; i < 2; ++i) {
@@ -342,10 +350,9 @@ static void cmd646_ide_class_init(ObjectClass *klass, void *data)
dc->props = cmd646_ide_properties;
}
-static TypeInfo cmd646_ide_info = {
+static const TypeInfo cmd646_ide_info = {
.name = "cmd646-ide",
- .parent = TYPE_PCI_DEVICE,
- .instance_size = sizeof(PCIIDEState),
+ .parent = TYPE_PCI_IDE,
.class_init = cmd646_ide_class_init,
};
diff --git a/hw/ide/core.c b/hw/ide/core.c
index c4f93d0e4..a73af7252 100644
--- a/hw/ide/core.c
+++ b/hw/ide/core.c
@@ -23,15 +23,15 @@
* THE SOFTWARE.
*/
#include <hw/hw.h>
-#include <hw/pc.h>
-#include <hw/pci.h>
-#include <hw/isa.h>
-#include "qemu-error.h"
-#include "qemu-timer.h"
-#include "sysemu.h"
-#include "dma.h"
-#include "hw/block-common.h"
-#include "blockdev.h"
+#include <hw/i386/pc.h>
+#include <hw/pci/pci.h>
+#include <hw/isa/isa.h>
+#include "qemu/error-report.h"
+#include "qemu/timer.h"
+#include "sysemu/sysemu.h"
+#include "sysemu/dma.h"
+#include "hw/block/block.h"
+#include "sysemu/blockdev.h"
#include <hw/ide/internal.h>
@@ -325,14 +325,26 @@ typedef struct TrimAIOCB {
BlockDriverAIOCB common;
QEMUBH *bh;
int ret;
+ QEMUIOVector *qiov;
+ BlockDriverAIOCB *aiocb;
+ int i, j;
} TrimAIOCB;
static void trim_aio_cancel(BlockDriverAIOCB *acb)
{
TrimAIOCB *iocb = container_of(acb, TrimAIOCB, common);
+ /* Exit the loop in case bdrv_aio_cancel calls ide_issue_trim_cb again. */
+ iocb->j = iocb->qiov->niov - 1;
+ iocb->i = (iocb->qiov->iov[iocb->j].iov_len / 8) - 1;
+
+ /* Tell ide_issue_trim_cb not to trigger the completion, too. */
qemu_bh_delete(iocb->bh);
iocb->bh = NULL;
+
+ if (iocb->aiocb) {
+ bdrv_aio_cancel(iocb->aiocb);
+ }
qemu_aio_release(iocb);
}
@@ -349,43 +361,60 @@ static void ide_trim_bh_cb(void *opaque)
qemu_bh_delete(iocb->bh);
iocb->bh = NULL;
-
qemu_aio_release(iocb);
}
+static void ide_issue_trim_cb(void *opaque, int ret)
+{
+ TrimAIOCB *iocb = opaque;
+ if (ret >= 0) {
+ while (iocb->j < iocb->qiov->niov) {
+ int j = iocb->j;
+ while (++iocb->i < iocb->qiov->iov[j].iov_len / 8) {
+ int i = iocb->i;
+ uint64_t *buffer = iocb->qiov->iov[j].iov_base;
+
+ /* 6-byte LBA + 2-byte range per entry */
+ uint64_t entry = le64_to_cpu(buffer[i]);
+ uint64_t sector = entry & 0x0000ffffffffffffULL;
+ uint16_t count = entry >> 48;
+
+ if (count == 0) {
+ continue;
+ }
+
+ /* Got an entry! Submit and exit. */
+ iocb->aiocb = bdrv_aio_discard(iocb->common.bs, sector, count,
+ ide_issue_trim_cb, opaque);
+ return;
+ }
+
+ iocb->j++;
+ iocb->i = -1;
+ }
+ } else {
+ iocb->ret = ret;
+ }
+
+ iocb->aiocb = NULL;
+ if (iocb->bh) {
+ qemu_bh_schedule(iocb->bh);
+ }
+}
+
BlockDriverAIOCB *ide_issue_trim(BlockDriverState *bs,
int64_t sector_num, QEMUIOVector *qiov, int nb_sectors,
BlockDriverCompletionFunc *cb, void *opaque)
{
TrimAIOCB *iocb;
- int i, j, ret;
iocb = qemu_aio_get(&trim_aiocb_info, bs, cb, opaque);
iocb->bh = qemu_bh_new(ide_trim_bh_cb, iocb);
iocb->ret = 0;
-
- for (j = 0; j < qiov->niov; j++) {
- uint64_t *buffer = qiov->iov[j].iov_base;
-
- for (i = 0; i < qiov->iov[j].iov_len / 8; i++) {
- /* 6-byte LBA + 2-byte range per entry */
- uint64_t entry = le64_to_cpu(buffer[i]);
- uint64_t sector = entry & 0x0000ffffffffffffULL;
- uint16_t count = entry >> 48;
-
- if (count == 0) {
- break;
- }
-
- ret = bdrv_discard(bs, sector, count);
- if (!iocb->ret) {
- iocb->ret = ret;
- }
- }
- }
-
- qemu_bh_schedule(iocb->bh);
-
+ iocb->qiov = qiov;
+ iocb->i = -1;
+ iocb->j = 0;
+ ide_issue_trim_cb(iocb, 0);
return &iocb->common;
}
@@ -539,10 +568,18 @@ static void dma_buf_commit(IDEState *s)
qemu_sglist_destroy(&s->sg);
}
+static void ide_async_cmd_done(IDEState *s)
+{
+ if (s->bus->dma->ops->async_cmd_done) {
+ s->bus->dma->ops->async_cmd_done(s->bus->dma);
+ }
+}
+
void ide_set_inactive(IDEState *s)
{
s->bus->dma->aiocb = NULL;
s->bus->dma->ops->set_inactive(s->bus->dma);
+ ide_async_cmd_done(s);
}
void ide_dma_error(IDEState *s)
@@ -775,6 +812,7 @@ static void ide_flush_cb(void *opaque, int ret)
bdrv_acct_done(s->bs, &s->acct);
s->status = READY_STAT | SEEK_STAT;
+ ide_async_cmd_done(s);
ide_set_irq(s->bus);
}
@@ -785,6 +823,7 @@ void ide_flush_cache(IDEState *s)
return;
}
+ s->status |= BUSY_STAT;
bdrv_acct_start(s->bs, &s->acct, 0, BDRV_ACCT_FLUSH);
bdrv_aio_flush(s->bs, ide_flush_cb, s);
}
@@ -974,612 +1013,729 @@ void ide_ioport_write(void *opaque, uint32_t addr, uint32_t val)
}
}
-#define HD_OK (1u << IDE_HD)
-#define CD_OK (1u << IDE_CD)
-#define CFA_OK (1u << IDE_CFATA)
-#define HD_CFA_OK (HD_OK | CFA_OK)
-#define ALL_OK (HD_OK | CD_OK | CFA_OK)
+static bool cmd_nop(IDEState *s, uint8_t cmd)
+{
+ return true;
+}
-/* See ACS-2 T13/2015-D Table B.2 Command codes */
-static const uint8_t ide_cmd_table[0x100] = {
- /* NOP not implemented, mandatory for CD */
- [CFA_REQ_EXT_ERROR_CODE] = CFA_OK,
- [WIN_DSM] = ALL_OK,
- [WIN_DEVICE_RESET] = CD_OK,
- [WIN_RECAL] = HD_CFA_OK,
- [WIN_READ] = ALL_OK,
- [WIN_READ_ONCE] = ALL_OK,
- [WIN_READ_EXT] = HD_CFA_OK,
- [WIN_READDMA_EXT] = HD_CFA_OK,
- [WIN_READ_NATIVE_MAX_EXT] = HD_CFA_OK,
- [WIN_MULTREAD_EXT] = HD_CFA_OK,
- [WIN_WRITE] = HD_CFA_OK,
- [WIN_WRITE_ONCE] = HD_CFA_OK,
- [WIN_WRITE_EXT] = HD_CFA_OK,
- [WIN_WRITEDMA_EXT] = HD_CFA_OK,
- [CFA_WRITE_SECT_WO_ERASE] = CFA_OK,
- [WIN_MULTWRITE_EXT] = HD_CFA_OK,
- [WIN_WRITE_VERIFY] = HD_CFA_OK,
- [WIN_VERIFY] = HD_CFA_OK,
- [WIN_VERIFY_ONCE] = HD_CFA_OK,
- [WIN_VERIFY_EXT] = HD_CFA_OK,
- [WIN_SEEK] = HD_CFA_OK,
- [CFA_TRANSLATE_SECTOR] = CFA_OK,
- [WIN_DIAGNOSE] = ALL_OK,
- [WIN_SPECIFY] = HD_CFA_OK,
- [WIN_STANDBYNOW2] = ALL_OK,
- [WIN_IDLEIMMEDIATE2] = ALL_OK,
- [WIN_STANDBY2] = ALL_OK,
- [WIN_SETIDLE2] = ALL_OK,
- [WIN_CHECKPOWERMODE2] = ALL_OK,
- [WIN_SLEEPNOW2] = ALL_OK,
- [WIN_PACKETCMD] = CD_OK,
- [WIN_PIDENTIFY] = CD_OK,
- [WIN_SMART] = HD_CFA_OK,
- [CFA_ACCESS_METADATA_STORAGE] = CFA_OK,
- [CFA_ERASE_SECTORS] = CFA_OK,
- [WIN_MULTREAD] = HD_CFA_OK,
- [WIN_MULTWRITE] = HD_CFA_OK,
- [WIN_SETMULT] = HD_CFA_OK,
- [WIN_READDMA] = HD_CFA_OK,
- [WIN_READDMA_ONCE] = HD_CFA_OK,
- [WIN_WRITEDMA] = HD_CFA_OK,
- [WIN_WRITEDMA_ONCE] = HD_CFA_OK,
- [CFA_WRITE_MULTI_WO_ERASE] = CFA_OK,
- [WIN_STANDBYNOW1] = ALL_OK,
- [WIN_IDLEIMMEDIATE] = ALL_OK,
- [WIN_STANDBY] = ALL_OK,
- [WIN_SETIDLE1] = ALL_OK,
- [WIN_CHECKPOWERMODE1] = ALL_OK,
- [WIN_SLEEPNOW1] = ALL_OK,
- [WIN_FLUSH_CACHE] = ALL_OK,
- [WIN_FLUSH_CACHE_EXT] = HD_CFA_OK,
- [WIN_IDENTIFY] = ALL_OK,
- [WIN_SETFEATURES] = ALL_OK,
- [IBM_SENSE_CONDITION] = CFA_OK,
- [CFA_WEAR_LEVEL] = HD_CFA_OK,
- [WIN_READ_NATIVE_MAX] = ALL_OK,
-};
+static bool cmd_data_set_management(IDEState *s, uint8_t cmd)
+{
+ switch (s->feature) {
+ case DSM_TRIM:
+ if (s->bs) {
+ ide_sector_start_dma(s, IDE_DMA_TRIM);
+ return false;
+ }
+ break;
+ }
-static bool ide_cmd_permitted(IDEState *s, uint32_t cmd)
+ ide_abort_command(s);
+ return true;
+}
+
+static bool cmd_identify(IDEState *s, uint8_t cmd)
{
- return cmd < ARRAY_SIZE(ide_cmd_table)
- && (ide_cmd_table[cmd] & (1u << s->drive_kind));
+ if (s->bs && s->drive_kind != IDE_CD) {
+ if (s->drive_kind != IDE_CFATA) {
+ ide_identify(s);
+ } else {
+ ide_cfata_identify(s);
+ }
+ s->status = READY_STAT | SEEK_STAT;
+ ide_transfer_start(s, s->io_buffer, 512, ide_transfer_stop);
+ ide_set_irq(s->bus);
+ return false;
+ } else {
+ if (s->drive_kind == IDE_CD) {
+ ide_set_signature(s);
+ }
+ ide_abort_command(s);
+ }
+
+ return true;
}
-void ide_exec_cmd(IDEBus *bus, uint32_t val)
+static bool cmd_verify(IDEState *s, uint8_t cmd)
{
- uint16_t *identify_data;
- IDEState *s;
+ bool lba48 = (cmd == WIN_VERIFY_EXT);
+
+ /* do sector number check ? */
+ ide_cmd_lba48_transform(s, lba48);
+
+ return true;
+}
+
+static bool cmd_set_multiple_mode(IDEState *s, uint8_t cmd)
+{
+ if (s->drive_kind == IDE_CFATA && s->nsector == 0) {
+ /* Disable Read and Write Multiple */
+ s->mult_sectors = 0;
+ } else if ((s->nsector & 0xff) != 0 &&
+ ((s->nsector & 0xff) > MAX_MULT_SECTORS ||
+ (s->nsector & (s->nsector - 1)) != 0)) {
+ ide_abort_command(s);
+ } else {
+ s->mult_sectors = s->nsector & 0xff;
+ }
+
+ return true;
+}
+
+static bool cmd_read_multiple(IDEState *s, uint8_t cmd)
+{
+ bool lba48 = (cmd == WIN_MULTREAD_EXT);
+
+ if (!s->bs || !s->mult_sectors) {
+ ide_abort_command(s);
+ return true;
+ }
+
+ ide_cmd_lba48_transform(s, lba48);
+ s->req_nb_sectors = s->mult_sectors;
+ ide_sector_read(s);
+ return false;
+}
+
+static bool cmd_write_multiple(IDEState *s, uint8_t cmd)
+{
+ bool lba48 = (cmd == WIN_MULTWRITE_EXT);
int n;
- int lba48 = 0;
-#if defined(DEBUG_IDE)
- printf("ide: CMD=%02x\n", val);
-#endif
- s = idebus_active_if(bus);
- /* ignore commands to non existent slave */
- if (s != bus->ifs && !s->bs)
- return;
+ if (!s->bs || !s->mult_sectors) {
+ ide_abort_command(s);
+ return true;
+ }
- /* Only DEVICE RESET is allowed while BSY or/and DRQ are set */
- if ((s->status & (BUSY_STAT|DRQ_STAT)) && val != WIN_DEVICE_RESET)
- return;
+ ide_cmd_lba48_transform(s, lba48);
- if (!ide_cmd_permitted(s, val)) {
- goto abort_cmd;
+ s->req_nb_sectors = s->mult_sectors;
+ n = MIN(s->nsector, s->req_nb_sectors);
+
+ s->status = SEEK_STAT | READY_STAT;
+ ide_transfer_start(s, s->io_buffer, 512 * n, ide_sector_write);
+
+ s->media_changed = 1;
+
+ return false;
+}
+
+static bool cmd_read_pio(IDEState *s, uint8_t cmd)
+{
+ bool lba48 = (cmd == WIN_READ_EXT);
+
+ if (s->drive_kind == IDE_CD) {
+ ide_set_signature(s); /* odd, but ATA4 8.27.5.2 requires it */
+ ide_abort_command(s);
+ return true;
+ }
+
+ if (!s->bs) {
+ ide_abort_command(s);
+ return true;
+ }
+
+ ide_cmd_lba48_transform(s, lba48);
+ s->req_nb_sectors = 1;
+ ide_sector_read(s);
+
+ return false;
+}
+
+static bool cmd_write_pio(IDEState *s, uint8_t cmd)
+{
+ bool lba48 = (cmd == WIN_WRITE_EXT);
+
+ if (!s->bs) {
+ ide_abort_command(s);
+ return true;
+ }
+
+ ide_cmd_lba48_transform(s, lba48);
+
+ s->req_nb_sectors = 1;
+ s->status = SEEK_STAT | READY_STAT;
+ ide_transfer_start(s, s->io_buffer, 512, ide_sector_write);
+
+ s->media_changed = 1;
+
+ return false;
+}
+
+static bool cmd_read_dma(IDEState *s, uint8_t cmd)
+{
+ bool lba48 = (cmd == WIN_READDMA_EXT);
+
+ if (!s->bs) {
+ ide_abort_command(s);
+ return true;
+ }
+
+ ide_cmd_lba48_transform(s, lba48);
+ ide_sector_start_dma(s, IDE_DMA_READ);
+
+ return false;
+}
+
+static bool cmd_write_dma(IDEState *s, uint8_t cmd)
+{
+ bool lba48 = (cmd == WIN_WRITEDMA_EXT);
+
+ if (!s->bs) {
+ ide_abort_command(s);
+ return true;
+ }
+
+ ide_cmd_lba48_transform(s, lba48);
+ ide_sector_start_dma(s, IDE_DMA_WRITE);
+
+ s->media_changed = 1;
+
+ return false;
+}
+
+static bool cmd_flush_cache(IDEState *s, uint8_t cmd)
+{
+ ide_flush_cache(s);
+ return false;
+}
+
+static bool cmd_seek(IDEState *s, uint8_t cmd)
+{
+ /* XXX: Check that seek is within bounds */
+ return true;
+}
+
+static bool cmd_read_native_max(IDEState *s, uint8_t cmd)
+{
+ bool lba48 = (cmd == WIN_READ_NATIVE_MAX_EXT);
+
+ /* Refuse if no sectors are addressable (e.g. medium not inserted) */
+ if (s->nb_sectors == 0) {
+ ide_abort_command(s);
+ return true;
+ }
+
+ ide_cmd_lba48_transform(s, lba48);
+ ide_set_sector(s, s->nb_sectors - 1);
+
+ return true;
+}
+
+static bool cmd_check_power_mode(IDEState *s, uint8_t cmd)
+{
+ s->nsector = 0xff; /* device active or idle */
+ return true;
+}
+
+static bool cmd_set_features(IDEState *s, uint8_t cmd)
+{
+ uint16_t *identify_data;
+
+ if (!s->bs) {
+ ide_abort_command(s);
+ return true;
}
- switch(val) {
- case WIN_DSM:
- switch (s->feature) {
- case DSM_TRIM:
- if (!s->bs) {
+ /* XXX: valid for CDROM ? */
+ switch (s->feature) {
+ case 0x02: /* write cache enable */
+ bdrv_set_enable_write_cache(s->bs, true);
+ identify_data = (uint16_t *)s->identify_data;
+ put_le16(identify_data + 85, (1 << 14) | (1 << 5) | 1);
+ return true;
+ case 0x82: /* write cache disable */
+ bdrv_set_enable_write_cache(s->bs, false);
+ identify_data = (uint16_t *)s->identify_data;
+ put_le16(identify_data + 85, (1 << 14) | 1);
+ ide_flush_cache(s);
+ return false;
+ case 0xcc: /* reverting to power-on defaults enable */
+ case 0x66: /* reverting to power-on defaults disable */
+ case 0xaa: /* read look-ahead enable */
+ case 0x55: /* read look-ahead disable */
+ case 0x05: /* set advanced power management mode */
+ case 0x85: /* disable advanced power management mode */
+ case 0x69: /* NOP */
+ case 0x67: /* NOP */
+ case 0x96: /* NOP */
+ case 0x9a: /* NOP */
+ case 0x42: /* enable Automatic Acoustic Mode */
+ case 0xc2: /* disable Automatic Acoustic Mode */
+ return true;
+ case 0x03: /* set transfer mode */
+ {
+ uint8_t val = s->nsector & 0x07;
+ identify_data = (uint16_t *)s->identify_data;
+
+ switch (s->nsector >> 3) {
+ case 0x00: /* pio default */
+ case 0x01: /* pio mode */
+ put_le16(identify_data + 62, 0x07);
+ put_le16(identify_data + 63, 0x07);
+ put_le16(identify_data + 88, 0x3f);
+ break;
+ case 0x02: /* sigle word dma mode*/
+ put_le16(identify_data + 62, 0x07 | (1 << (val + 8)));
+ put_le16(identify_data + 63, 0x07);
+ put_le16(identify_data + 88, 0x3f);
+ break;
+ case 0x04: /* mdma mode */
+ put_le16(identify_data + 62, 0x07);
+ put_le16(identify_data + 63, 0x07 | (1 << (val + 8)));
+ put_le16(identify_data + 88, 0x3f);
+ break;
+ case 0x08: /* udma mode */
+ put_le16(identify_data + 62, 0x07);
+ put_le16(identify_data + 63, 0x07);
+ put_le16(identify_data + 88, 0x3f | (1 << (val + 8)));
+ break;
+ default:
goto abort_cmd;
}
- ide_sector_start_dma(s, IDE_DMA_TRIM);
- break;
- default:
- goto abort_cmd;
- }
- break;
- case WIN_IDENTIFY:
- if (s->bs && s->drive_kind != IDE_CD) {
- if (s->drive_kind != IDE_CFATA)
- ide_identify(s);
- else
- ide_cfata_identify(s);
- s->status = READY_STAT | SEEK_STAT;
- ide_transfer_start(s, s->io_buffer, 512, ide_transfer_stop);
- } else {
- if (s->drive_kind == IDE_CD) {
- ide_set_signature(s);
- }
- ide_abort_command(s);
+ return true;
}
- ide_set_irq(s->bus);
- break;
- case WIN_SPECIFY:
- case WIN_RECAL:
- s->error = 0;
+ }
+
+abort_cmd:
+ ide_abort_command(s);
+ return true;
+}
+
+
+/*** ATAPI commands ***/
+
+static bool cmd_identify_packet(IDEState *s, uint8_t cmd)
+{
+ ide_atapi_identify(s);
+ s->status = READY_STAT | SEEK_STAT;
+ ide_transfer_start(s, s->io_buffer, 512, ide_transfer_stop);
+ ide_set_irq(s->bus);
+ return false;
+}
+
+static bool cmd_exec_dev_diagnostic(IDEState *s, uint8_t cmd)
+{
+ ide_set_signature(s);
+
+ if (s->drive_kind == IDE_CD) {
+ s->status = 0; /* ATAPI spec (v6) section 9.10 defines packet
+ * devices to return a clear status register
+ * with READY_STAT *not* set. */
+ } else {
s->status = READY_STAT | SEEK_STAT;
+ /* The bits of the error register are not as usual for this command!
+ * They are part of the regular output (this is why ERR_STAT isn't set)
+ * Device 0 passed, Device 1 passed or not present. */
+ s->error = 0x01;
ide_set_irq(s->bus);
+ }
+
+ return false;
+}
+
+static bool cmd_device_reset(IDEState *s, uint8_t cmd)
+{
+ ide_set_signature(s);
+ s->status = 0x00; /* NOTE: READY is _not_ set */
+ s->error = 0x01;
+
+ return false;
+}
+
+static bool cmd_packet(IDEState *s, uint8_t cmd)
+{
+ /* overlapping commands not supported */
+ if (s->feature & 0x02) {
+ ide_abort_command(s);
+ return true;
+ }
+
+ s->status = READY_STAT | SEEK_STAT;
+ s->atapi_dma = s->feature & 1;
+ s->nsector = 1;
+ ide_transfer_start(s, s->io_buffer, ATAPI_PACKET_SIZE,
+ ide_atapi_cmd);
+ return false;
+}
+
+
+/*** CF-ATA commands ***/
+
+static bool cmd_cfa_req_ext_error_code(IDEState *s, uint8_t cmd)
+{
+ s->error = 0x09; /* miscellaneous error */
+ s->status = READY_STAT | SEEK_STAT;
+ ide_set_irq(s->bus);
+
+ return false;
+}
+
+static bool cmd_cfa_erase_sectors(IDEState *s, uint8_t cmd)
+{
+ /* WIN_SECURITY_FREEZE_LOCK has the same ID as CFA_WEAR_LEVEL and is
+ * required for Windows 8 to work with AHCI */
+
+ if (cmd == CFA_WEAR_LEVEL) {
+ s->nsector = 0;
+ }
+
+ if (cmd == CFA_ERASE_SECTORS) {
+ s->media_changed = 1;
+ }
+
+ return true;
+}
+
+static bool cmd_cfa_translate_sector(IDEState *s, uint8_t cmd)
+{
+ s->status = READY_STAT | SEEK_STAT;
+
+ memset(s->io_buffer, 0, 0x200);
+ s->io_buffer[0x00] = s->hcyl; /* Cyl MSB */
+ s->io_buffer[0x01] = s->lcyl; /* Cyl LSB */
+ s->io_buffer[0x02] = s->select; /* Head */
+ s->io_buffer[0x03] = s->sector; /* Sector */
+ s->io_buffer[0x04] = ide_get_sector(s) >> 16; /* LBA MSB */
+ s->io_buffer[0x05] = ide_get_sector(s) >> 8; /* LBA */
+ s->io_buffer[0x06] = ide_get_sector(s) >> 0; /* LBA LSB */
+ s->io_buffer[0x13] = 0x00; /* Erase flag */
+ s->io_buffer[0x18] = 0x00; /* Hot count */
+ s->io_buffer[0x19] = 0x00; /* Hot count */
+ s->io_buffer[0x1a] = 0x01; /* Hot count */
+
+ ide_transfer_start(s, s->io_buffer, 0x200, ide_transfer_stop);
+ ide_set_irq(s->bus);
+
+ return false;
+}
+
+static bool cmd_cfa_access_metadata_storage(IDEState *s, uint8_t cmd)
+{
+ switch (s->feature) {
+ case 0x02: /* Inquiry Metadata Storage */
+ ide_cfata_metadata_inquiry(s);
break;
- case WIN_SETMULT:
- if (s->drive_kind == IDE_CFATA && s->nsector == 0) {
- /* Disable Read and Write Multiple */
- s->mult_sectors = 0;
- s->status = READY_STAT | SEEK_STAT;
- } else if ((s->nsector & 0xff) != 0 &&
- ((s->nsector & 0xff) > MAX_MULT_SECTORS ||
- (s->nsector & (s->nsector - 1)) != 0)) {
- ide_abort_command(s);
- } else {
- s->mult_sectors = s->nsector & 0xff;
- s->status = READY_STAT | SEEK_STAT;
- }
- ide_set_irq(s->bus);
+ case 0x03: /* Read Metadata Storage */
+ ide_cfata_metadata_read(s);
break;
- case WIN_VERIFY_EXT:
- lba48 = 1;
- case WIN_VERIFY:
- case WIN_VERIFY_ONCE:
- /* do sector number check ? */
- ide_cmd_lba48_transform(s, lba48);
- s->status = READY_STAT | SEEK_STAT;
- ide_set_irq(s->bus);
+ case 0x04: /* Write Metadata Storage */
+ ide_cfata_metadata_write(s);
break;
- case WIN_READ_EXT:
- lba48 = 1;
- case WIN_READ:
- case WIN_READ_ONCE:
- if (s->drive_kind == IDE_CD) {
- ide_set_signature(s); /* odd, but ATA4 8.27.5.2 requires it */
- goto abort_cmd;
- }
- if (!s->bs) {
- goto abort_cmd;
- }
- ide_cmd_lba48_transform(s, lba48);
- s->req_nb_sectors = 1;
- ide_sector_read(s);
+ default:
+ ide_abort_command(s);
+ return true;
+ }
+
+ ide_transfer_start(s, s->io_buffer, 0x200, ide_transfer_stop);
+ s->status = 0x00; /* NOTE: READY is _not_ set */
+ ide_set_irq(s->bus);
+
+ return false;
+}
+
+static bool cmd_ibm_sense_condition(IDEState *s, uint8_t cmd)
+{
+ switch (s->feature) {
+ case 0x01: /* sense temperature in device */
+ s->nsector = 0x50; /* +20 C */
break;
- case WIN_WRITE_EXT:
- lba48 = 1;
- case WIN_WRITE:
- case WIN_WRITE_ONCE:
- case CFA_WRITE_SECT_WO_ERASE:
- case WIN_WRITE_VERIFY:
- if (!s->bs) {
+ default:
+ ide_abort_command(s);
+ return true;
+ }
+
+ return true;
+}
+
+
+/*** SMART commands ***/
+
+static bool cmd_smart(IDEState *s, uint8_t cmd)
+{
+ int n;
+
+ if (s->hcyl != 0xc2 || s->lcyl != 0x4f) {
+ goto abort_cmd;
+ }
+
+ if (!s->smart_enabled && s->feature != SMART_ENABLE) {
+ goto abort_cmd;
+ }
+
+ switch (s->feature) {
+ case SMART_DISABLE:
+ s->smart_enabled = 0;
+ return true;
+
+ case SMART_ENABLE:
+ s->smart_enabled = 1;
+ return true;
+
+ case SMART_ATTR_AUTOSAVE:
+ switch (s->sector) {
+ case 0x00:
+ s->smart_autosave = 0;
+ break;
+ case 0xf1:
+ s->smart_autosave = 1;
+ break;
+ default:
goto abort_cmd;
}
- ide_cmd_lba48_transform(s, lba48);
- s->error = 0;
- s->status = SEEK_STAT | READY_STAT;
- s->req_nb_sectors = 1;
- ide_transfer_start(s, s->io_buffer, 512, ide_sector_write);
- s->media_changed = 1;
- break;
- case WIN_MULTREAD_EXT:
- lba48 = 1;
- case WIN_MULTREAD:
- if (!s->bs) {
- goto abort_cmd;
+ return true;
+
+ case SMART_STATUS:
+ if (!s->smart_errors) {
+ s->hcyl = 0xc2;
+ s->lcyl = 0x4f;
+ } else {
+ s->hcyl = 0x2c;
+ s->lcyl = 0xf4;
}
- if (!s->mult_sectors) {
- goto abort_cmd;
+ return true;
+
+ case SMART_READ_THRESH:
+ memset(s->io_buffer, 0, 0x200);
+ s->io_buffer[0] = 0x01; /* smart struct version */
+
+ for (n = 0; n < ARRAY_SIZE(smart_attributes); n++) {
+ s->io_buffer[2 + 0 + (n * 12)] = smart_attributes[n][0];
+ s->io_buffer[2 + 1 + (n * 12)] = smart_attributes[n][11];
}
- ide_cmd_lba48_transform(s, lba48);
- s->req_nb_sectors = s->mult_sectors;
- ide_sector_read(s);
- break;
- case WIN_MULTWRITE_EXT:
- lba48 = 1;
- case WIN_MULTWRITE:
- case CFA_WRITE_MULTI_WO_ERASE:
- if (!s->bs) {
- goto abort_cmd;
+
+ /* checksum */
+ for (n = 0; n < 511; n++) {
+ s->io_buffer[511] += s->io_buffer[n];
}
- if (!s->mult_sectors) {
- goto abort_cmd;
+ s->io_buffer[511] = 0x100 - s->io_buffer[511];
+
+ s->status = READY_STAT | SEEK_STAT;
+ ide_transfer_start(s, s->io_buffer, 0x200, ide_transfer_stop);
+ ide_set_irq(s->bus);
+ return false;
+
+ case SMART_READ_DATA:
+ memset(s->io_buffer, 0, 0x200);
+ s->io_buffer[0] = 0x01; /* smart struct version */
+
+ for (n = 0; n < ARRAY_SIZE(smart_attributes); n++) {
+ int i;
+ for (i = 0; i < 11; i++) {
+ s->io_buffer[2 + i + (n * 12)] = smart_attributes[n][i];
+ }
}
- ide_cmd_lba48_transform(s, lba48);
- s->error = 0;
- s->status = SEEK_STAT | READY_STAT;
- s->req_nb_sectors = s->mult_sectors;
- n = s->nsector;
- if (n > s->req_nb_sectors)
- n = s->req_nb_sectors;
- ide_transfer_start(s, s->io_buffer, 512 * n, ide_sector_write);
- s->media_changed = 1;
- break;
- case WIN_READDMA_EXT:
- lba48 = 1;
- case WIN_READDMA:
- case WIN_READDMA_ONCE:
- if (!s->bs) {
- goto abort_cmd;
+
+ s->io_buffer[362] = 0x02 | (s->smart_autosave ? 0x80 : 0x00);
+ if (s->smart_selftest_count == 0) {
+ s->io_buffer[363] = 0;
+ } else {
+ s->io_buffer[363] =
+ s->smart_selftest_data[3 +
+ (s->smart_selftest_count - 1) *
+ 24];
}
- ide_cmd_lba48_transform(s, lba48);
- ide_sector_start_dma(s, IDE_DMA_READ);
- break;
- case WIN_WRITEDMA_EXT:
- lba48 = 1;
- case WIN_WRITEDMA:
- case WIN_WRITEDMA_ONCE:
- if (!s->bs) {
- goto abort_cmd;
+ s->io_buffer[364] = 0x20;
+ s->io_buffer[365] = 0x01;
+ /* offline data collection capacity: execute + self-test*/
+ s->io_buffer[367] = (1 << 4 | 1 << 3 | 1);
+ s->io_buffer[368] = 0x03; /* smart capability (1) */
+ s->io_buffer[369] = 0x00; /* smart capability (2) */
+ s->io_buffer[370] = 0x01; /* error logging supported */
+ s->io_buffer[372] = 0x02; /* minutes for poll short test */
+ s->io_buffer[373] = 0x36; /* minutes for poll ext test */
+ s->io_buffer[374] = 0x01; /* minutes for poll conveyance */
+
+ for (n = 0; n < 511; n++) {
+ s->io_buffer[511] += s->io_buffer[n];
}
- ide_cmd_lba48_transform(s, lba48);
- ide_sector_start_dma(s, IDE_DMA_WRITE);
- s->media_changed = 1;
- break;
- case WIN_READ_NATIVE_MAX_EXT:
- lba48 = 1;
- case WIN_READ_NATIVE_MAX:
- ide_cmd_lba48_transform(s, lba48);
- ide_set_sector(s, s->nb_sectors - 1);
- s->status = READY_STAT | SEEK_STAT;
- ide_set_irq(s->bus);
- break;
- case WIN_CHECKPOWERMODE1:
- case WIN_CHECKPOWERMODE2:
- s->error = 0;
- s->nsector = 0xff; /* device active or idle */
+ s->io_buffer[511] = 0x100 - s->io_buffer[511];
+
s->status = READY_STAT | SEEK_STAT;
+ ide_transfer_start(s, s->io_buffer, 0x200, ide_transfer_stop);
ide_set_irq(s->bus);
- break;
- case WIN_SETFEATURES:
- if (!s->bs)
- goto abort_cmd;
- /* XXX: valid for CDROM ? */
- switch(s->feature) {
- case 0x02: /* write cache enable */
- bdrv_set_enable_write_cache(s->bs, true);
- identify_data = (uint16_t *)s->identify_data;
- put_le16(identify_data + 85, (1 << 14) | (1 << 5) | 1);
- s->status = READY_STAT | SEEK_STAT;
- ide_set_irq(s->bus);
- break;
- case 0x82: /* write cache disable */
- bdrv_set_enable_write_cache(s->bs, false);
- identify_data = (uint16_t *)s->identify_data;
- put_le16(identify_data + 85, (1 << 14) | 1);
- ide_flush_cache(s);
- break;
- case 0xcc: /* reverting to power-on defaults enable */
- case 0x66: /* reverting to power-on defaults disable */
- case 0xaa: /* read look-ahead enable */
- case 0x55: /* read look-ahead disable */
- case 0x05: /* set advanced power management mode */
- case 0x85: /* disable advanced power management mode */
- case 0x69: /* NOP */
- case 0x67: /* NOP */
- case 0x96: /* NOP */
- case 0x9a: /* NOP */
- case 0x42: /* enable Automatic Acoustic Mode */
- case 0xc2: /* disable Automatic Acoustic Mode */
- s->status = READY_STAT | SEEK_STAT;
- ide_set_irq(s->bus);
+ return false;
+
+ case SMART_READ_LOG:
+ switch (s->sector) {
+ case 0x01: /* summary smart error log */
+ memset(s->io_buffer, 0, 0x200);
+ s->io_buffer[0] = 0x01;
+ s->io_buffer[1] = 0x00; /* no error entries */
+ s->io_buffer[452] = s->smart_errors & 0xff;
+ s->io_buffer[453] = (s->smart_errors & 0xff00) >> 8;
+
+ for (n = 0; n < 511; n++) {
+ s->io_buffer[511] += s->io_buffer[n];
+ }
+ s->io_buffer[511] = 0x100 - s->io_buffer[511];
break;
- case 0x03: { /* set transfer mode */
- uint8_t val = s->nsector & 0x07;
- identify_data = (uint16_t *)s->identify_data;
-
- switch (s->nsector >> 3) {
- case 0x00: /* pio default */
- case 0x01: /* pio mode */
- put_le16(identify_data + 62,0x07);
- put_le16(identify_data + 63,0x07);
- put_le16(identify_data + 88,0x3f);
- break;
- case 0x02: /* sigle word dma mode*/
- put_le16(identify_data + 62,0x07 | (1 << (val + 8)));
- put_le16(identify_data + 63,0x07);
- put_le16(identify_data + 88,0x3f);
- break;
- case 0x04: /* mdma mode */
- put_le16(identify_data + 62,0x07);
- put_le16(identify_data + 63,0x07 | (1 << (val + 8)));
- put_le16(identify_data + 88,0x3f);
- break;
- case 0x08: /* udma mode */
- put_le16(identify_data + 62,0x07);
- put_le16(identify_data + 63,0x07);
- put_le16(identify_data + 88,0x3f | (1 << (val + 8)));
- break;
- default:
- goto abort_cmd;
- }
- s->status = READY_STAT | SEEK_STAT;
- ide_set_irq(s->bus);
+ case 0x06: /* smart self test log */
+ memset(s->io_buffer, 0, 0x200);
+ s->io_buffer[0] = 0x01;
+ if (s->smart_selftest_count == 0) {
+ s->io_buffer[508] = 0;
+ } else {
+ s->io_buffer[508] = s->smart_selftest_count;
+ for (n = 2; n < 506; n++) {
+ s->io_buffer[n] = s->smart_selftest_data[n];
+ }
+ }
+
+ for (n = 0; n < 511; n++) {
+ s->io_buffer[511] += s->io_buffer[n];
+ }
+ s->io_buffer[511] = 0x100 - s->io_buffer[511];
break;
- }
default:
goto abort_cmd;
}
- break;
- case WIN_FLUSH_CACHE:
- case WIN_FLUSH_CACHE_EXT:
- ide_flush_cache(s);
- break;
- case WIN_STANDBY:
- case WIN_STANDBY2:
- case WIN_STANDBYNOW1:
- case WIN_STANDBYNOW2:
- case WIN_IDLEIMMEDIATE:
- case WIN_IDLEIMMEDIATE2:
- case WIN_SETIDLE1:
- case WIN_SETIDLE2:
- case WIN_SLEEPNOW1:
- case WIN_SLEEPNOW2:
- s->status = READY_STAT;
- ide_set_irq(s->bus);
- break;
- case WIN_SEEK:
- /* XXX: Check that seek is within bounds */
- s->status = READY_STAT | SEEK_STAT;
- ide_set_irq(s->bus);
- break;
- /* ATAPI commands */
- case WIN_PIDENTIFY:
- ide_atapi_identify(s);
- s->status = READY_STAT | SEEK_STAT;
- ide_transfer_start(s, s->io_buffer, 512, ide_transfer_stop);
- ide_set_irq(s->bus);
- break;
- case WIN_DIAGNOSE:
- ide_set_signature(s);
- if (s->drive_kind == IDE_CD)
- s->status = 0; /* ATAPI spec (v6) section 9.10 defines packet
- * devices to return a clear status register
- * with READY_STAT *not* set. */
- else
- s->status = READY_STAT | SEEK_STAT;
- s->error = 0x01; /* Device 0 passed, Device 1 passed or not
- * present.
- */
- ide_set_irq(s->bus);
- break;
- case WIN_DEVICE_RESET:
- ide_set_signature(s);
- s->status = 0x00; /* NOTE: READY is _not_ set */
- s->error = 0x01;
- break;
- case WIN_PACKETCMD:
- /* overlapping commands not supported */
- if (s->feature & 0x02)
- goto abort_cmd;
- s->status = READY_STAT | SEEK_STAT;
- s->atapi_dma = s->feature & 1;
- s->nsector = 1;
- ide_transfer_start(s, s->io_buffer, ATAPI_PACKET_SIZE,
- ide_atapi_cmd);
- break;
- /* CF-ATA commands */
- case CFA_REQ_EXT_ERROR_CODE:
- s->error = 0x09; /* miscellaneous error */
- s->status = READY_STAT | SEEK_STAT;
- ide_set_irq(s->bus);
- break;
- case CFA_ERASE_SECTORS:
- case CFA_WEAR_LEVEL:
-#if 0
- /* This one has the same ID as CFA_WEAR_LEVEL and is required for
- Windows 8 to work with AHCI */
- case WIN_SECURITY_FREEZE_LOCK:
-#endif
- if (val == CFA_WEAR_LEVEL)
- s->nsector = 0;
- if (val == CFA_ERASE_SECTORS)
- s->media_changed = 1;
- s->error = 0x00;
- s->status = READY_STAT | SEEK_STAT;
- ide_set_irq(s->bus);
- break;
- case CFA_TRANSLATE_SECTOR:
- s->error = 0x00;
s->status = READY_STAT | SEEK_STAT;
- memset(s->io_buffer, 0, 0x200);
- s->io_buffer[0x00] = s->hcyl; /* Cyl MSB */
- s->io_buffer[0x01] = s->lcyl; /* Cyl LSB */
- s->io_buffer[0x02] = s->select; /* Head */
- s->io_buffer[0x03] = s->sector; /* Sector */
- s->io_buffer[0x04] = ide_get_sector(s) >> 16; /* LBA MSB */
- s->io_buffer[0x05] = ide_get_sector(s) >> 8; /* LBA */
- s->io_buffer[0x06] = ide_get_sector(s) >> 0; /* LBA LSB */
- s->io_buffer[0x13] = 0x00; /* Erase flag */
- s->io_buffer[0x18] = 0x00; /* Hot count */
- s->io_buffer[0x19] = 0x00; /* Hot count */
- s->io_buffer[0x1a] = 0x01; /* Hot count */
ide_transfer_start(s, s->io_buffer, 0x200, ide_transfer_stop);
ide_set_irq(s->bus);
- break;
- case CFA_ACCESS_METADATA_STORAGE:
- switch (s->feature) {
- case 0x02: /* Inquiry Metadata Storage */
- ide_cfata_metadata_inquiry(s);
- break;
- case 0x03: /* Read Metadata Storage */
- ide_cfata_metadata_read(s);
- break;
- case 0x04: /* Write Metadata Storage */
- ide_cfata_metadata_write(s);
+ return false;
+
+ case SMART_EXECUTE_OFFLINE:
+ switch (s->sector) {
+ case 0: /* off-line routine */
+ case 1: /* short self test */
+ case 2: /* extended self test */
+ s->smart_selftest_count++;
+ if (s->smart_selftest_count > 21) {
+ s->smart_selftest_count = 0;
+ }
+ n = 2 + (s->smart_selftest_count - 1) * 24;
+ s->smart_selftest_data[n] = s->sector;
+ s->smart_selftest_data[n + 1] = 0x00; /* OK and finished */
+ s->smart_selftest_data[n + 2] = 0x34; /* hour count lsb */
+ s->smart_selftest_data[n + 3] = 0x12; /* hour count msb */
break;
default:
goto abort_cmd;
}
- ide_transfer_start(s, s->io_buffer, 0x200, ide_transfer_stop);
- s->status = 0x00; /* NOTE: READY is _not_ set */
+ return true;
+ }
+
+abort_cmd:
+ ide_abort_command(s);
+ return true;
+}
+
+#define HD_OK (1u << IDE_HD)
+#define CD_OK (1u << IDE_CD)
+#define CFA_OK (1u << IDE_CFATA)
+#define HD_CFA_OK (HD_OK | CFA_OK)
+#define ALL_OK (HD_OK | CD_OK | CFA_OK)
+
+/* Set the Disk Seek Completed status bit during completion */
+#define SET_DSC (1u << 8)
+
+/* See ACS-2 T13/2015-D Table B.2 Command codes */
+static const struct {
+ /* Returns true if the completion code should be run */
+ bool (*handler)(IDEState *s, uint8_t cmd);
+ int flags;
+} ide_cmd_table[0x100] = {
+ /* NOP not implemented, mandatory for CD */
+ [CFA_REQ_EXT_ERROR_CODE] = { cmd_cfa_req_ext_error_code, CFA_OK },
+ [WIN_DSM] = { cmd_data_set_management, ALL_OK },
+ [WIN_DEVICE_RESET] = { cmd_device_reset, CD_OK },
+ [WIN_RECAL] = { cmd_nop, HD_CFA_OK | SET_DSC},
+ [WIN_READ] = { cmd_read_pio, ALL_OK },
+ [WIN_READ_ONCE] = { cmd_read_pio, ALL_OK },
+ [WIN_READ_EXT] = { cmd_read_pio, HD_CFA_OK },
+ [WIN_READDMA_EXT] = { cmd_read_dma, HD_CFA_OK },
+ [WIN_READ_NATIVE_MAX_EXT] = { cmd_read_native_max, HD_CFA_OK | SET_DSC },
+ [WIN_MULTREAD_EXT] = { cmd_read_multiple, HD_CFA_OK },
+ [WIN_WRITE] = { cmd_write_pio, HD_CFA_OK },
+ [WIN_WRITE_ONCE] = { cmd_write_pio, HD_CFA_OK },
+ [WIN_WRITE_EXT] = { cmd_write_pio, HD_CFA_OK },
+ [WIN_WRITEDMA_EXT] = { cmd_write_dma, HD_CFA_OK },
+ [CFA_WRITE_SECT_WO_ERASE] = { cmd_write_pio, CFA_OK },
+ [WIN_MULTWRITE_EXT] = { cmd_write_multiple, HD_CFA_OK },
+ [WIN_WRITE_VERIFY] = { cmd_write_pio, HD_CFA_OK },
+ [WIN_VERIFY] = { cmd_verify, HD_CFA_OK | SET_DSC },
+ [WIN_VERIFY_ONCE] = { cmd_verify, HD_CFA_OK | SET_DSC },
+ [WIN_VERIFY_EXT] = { cmd_verify, HD_CFA_OK | SET_DSC },
+ [WIN_SEEK] = { cmd_seek, HD_CFA_OK | SET_DSC },
+ [CFA_TRANSLATE_SECTOR] = { cmd_cfa_translate_sector, CFA_OK },
+ [WIN_DIAGNOSE] = { cmd_exec_dev_diagnostic, ALL_OK },
+ [WIN_SPECIFY] = { cmd_nop, HD_CFA_OK | SET_DSC },
+ [WIN_STANDBYNOW2] = { cmd_nop, ALL_OK },
+ [WIN_IDLEIMMEDIATE2] = { cmd_nop, ALL_OK },
+ [WIN_STANDBY2] = { cmd_nop, ALL_OK },
+ [WIN_SETIDLE2] = { cmd_nop, ALL_OK },
+ [WIN_CHECKPOWERMODE2] = { cmd_check_power_mode, ALL_OK | SET_DSC },
+ [WIN_SLEEPNOW2] = { cmd_nop, ALL_OK },
+ [WIN_PACKETCMD] = { cmd_packet, CD_OK },
+ [WIN_PIDENTIFY] = { cmd_identify_packet, CD_OK },
+ [WIN_SMART] = { cmd_smart, HD_CFA_OK | SET_DSC },
+ [CFA_ACCESS_METADATA_STORAGE] = { cmd_cfa_access_metadata_storage, CFA_OK },
+ [CFA_ERASE_SECTORS] = { cmd_cfa_erase_sectors, CFA_OK | SET_DSC },
+ [WIN_MULTREAD] = { cmd_read_multiple, HD_CFA_OK },
+ [WIN_MULTWRITE] = { cmd_write_multiple, HD_CFA_OK },
+ [WIN_SETMULT] = { cmd_set_multiple_mode, HD_CFA_OK | SET_DSC },
+ [WIN_READDMA] = { cmd_read_dma, HD_CFA_OK },
+ [WIN_READDMA_ONCE] = { cmd_read_dma, HD_CFA_OK },
+ [WIN_WRITEDMA] = { cmd_write_dma, HD_CFA_OK },
+ [WIN_WRITEDMA_ONCE] = { cmd_write_dma, HD_CFA_OK },
+ [CFA_WRITE_MULTI_WO_ERASE] = { cmd_write_multiple, CFA_OK },
+ [WIN_STANDBYNOW1] = { cmd_nop, ALL_OK },
+ [WIN_IDLEIMMEDIATE] = { cmd_nop, ALL_OK },
+ [WIN_STANDBY] = { cmd_nop, ALL_OK },
+ [WIN_SETIDLE1] = { cmd_nop, ALL_OK },
+ [WIN_CHECKPOWERMODE1] = { cmd_check_power_mode, ALL_OK | SET_DSC },
+ [WIN_SLEEPNOW1] = { cmd_nop, ALL_OK },
+ [WIN_FLUSH_CACHE] = { cmd_flush_cache, ALL_OK },
+ [WIN_FLUSH_CACHE_EXT] = { cmd_flush_cache, HD_CFA_OK },
+ [WIN_IDENTIFY] = { cmd_identify, ALL_OK },
+ [WIN_SETFEATURES] = { cmd_set_features, ALL_OK | SET_DSC },
+ [IBM_SENSE_CONDITION] = { cmd_ibm_sense_condition, CFA_OK | SET_DSC },
+ [CFA_WEAR_LEVEL] = { cmd_cfa_erase_sectors, HD_CFA_OK | SET_DSC },
+ [WIN_READ_NATIVE_MAX] = { cmd_read_native_max, ALL_OK | SET_DSC },
+};
+
+static bool ide_cmd_permitted(IDEState *s, uint32_t cmd)
+{
+ return cmd < ARRAY_SIZE(ide_cmd_table)
+ && (ide_cmd_table[cmd].flags & (1u << s->drive_kind));
+}
+
+void ide_exec_cmd(IDEBus *bus, uint32_t val)
+{
+ IDEState *s;
+ bool complete;
+
+#if defined(DEBUG_IDE)
+ printf("ide: CMD=%02x\n", val);
+#endif
+ s = idebus_active_if(bus);
+ /* ignore commands to non existent slave */
+ if (s != bus->ifs && !s->bs)
+ return;
+
+ /* Only DEVICE RESET is allowed while BSY or/and DRQ are set */
+ if ((s->status & (BUSY_STAT|DRQ_STAT)) && val != WIN_DEVICE_RESET)
+ return;
+
+ if (!ide_cmd_permitted(s, val)) {
+ ide_abort_command(s);
ide_set_irq(s->bus);
- break;
- case IBM_SENSE_CONDITION:
- switch (s->feature) {
- case 0x01: /* sense temperature in device */
- s->nsector = 0x50; /* +20 C */
- break;
- default:
- goto abort_cmd;
+ return;
+ }
+
+ s->status = READY_STAT | BUSY_STAT;
+ s->error = 0;
+
+ complete = ide_cmd_table[val].handler(s, val);
+ if (complete) {
+ s->status &= ~BUSY_STAT;
+ assert(!!s->error == !!(s->status & ERR_STAT));
+
+ if ((ide_cmd_table[val].flags & SET_DSC) && !s->error) {
+ s->status |= SEEK_STAT;
}
- s->status = READY_STAT | SEEK_STAT;
- ide_set_irq(s->bus);
- break;
- case WIN_SMART:
- if (s->hcyl != 0xc2 || s->lcyl != 0x4f)
- goto abort_cmd;
- if (!s->smart_enabled && s->feature != SMART_ENABLE)
- goto abort_cmd;
- switch (s->feature) {
- case SMART_DISABLE:
- s->smart_enabled = 0;
- s->status = READY_STAT | SEEK_STAT;
- ide_set_irq(s->bus);
- break;
- case SMART_ENABLE:
- s->smart_enabled = 1;
- s->status = READY_STAT | SEEK_STAT;
- ide_set_irq(s->bus);
- break;
- case SMART_ATTR_AUTOSAVE:
- switch (s->sector) {
- case 0x00:
- s->smart_autosave = 0;
- break;
- case 0xf1:
- s->smart_autosave = 1;
- break;
- default:
- goto abort_cmd;
- }
- s->status = READY_STAT | SEEK_STAT;
- ide_set_irq(s->bus);
- break;
- case SMART_STATUS:
- if (!s->smart_errors) {
- s->hcyl = 0xc2;
- s->lcyl = 0x4f;
- } else {
- s->hcyl = 0x2c;
- s->lcyl = 0xf4;
- }
- s->status = READY_STAT | SEEK_STAT;
- ide_set_irq(s->bus);
- break;
- case SMART_READ_THRESH:
- memset(s->io_buffer, 0, 0x200);
- s->io_buffer[0] = 0x01; /* smart struct version */
- for (n = 0; n < ARRAY_SIZE(smart_attributes); n++) {
- s->io_buffer[2+0+(n*12)] = smart_attributes[n][0];
- s->io_buffer[2+1+(n*12)] = smart_attributes[n][11];
- }
- for (n=0; n<511; n++) /* checksum */
- s->io_buffer[511] += s->io_buffer[n];
- s->io_buffer[511] = 0x100 - s->io_buffer[511];
- s->status = READY_STAT | SEEK_STAT;
- ide_transfer_start(s, s->io_buffer, 0x200, ide_transfer_stop);
- ide_set_irq(s->bus);
- break;
- case SMART_READ_DATA:
- memset(s->io_buffer, 0, 0x200);
- s->io_buffer[0] = 0x01; /* smart struct version */
- for (n = 0; n < ARRAY_SIZE(smart_attributes); n++) {
- int i;
- for(i = 0; i < 11; i++) {
- s->io_buffer[2+i+(n*12)] = smart_attributes[n][i];
- }
- }
- s->io_buffer[362] = 0x02 | (s->smart_autosave?0x80:0x00);
- if (s->smart_selftest_count == 0) {
- s->io_buffer[363] = 0;
- } else {
- s->io_buffer[363] =
- s->smart_selftest_data[3 +
- (s->smart_selftest_count - 1) *
- 24];
- }
- s->io_buffer[364] = 0x20;
- s->io_buffer[365] = 0x01;
- /* offline data collection capacity: execute + self-test*/
- s->io_buffer[367] = (1<<4 | 1<<3 | 1);
- s->io_buffer[368] = 0x03; /* smart capability (1) */
- s->io_buffer[369] = 0x00; /* smart capability (2) */
- s->io_buffer[370] = 0x01; /* error logging supported */
- s->io_buffer[372] = 0x02; /* minutes for poll short test */
- s->io_buffer[373] = 0x36; /* minutes for poll ext test */
- s->io_buffer[374] = 0x01; /* minutes for poll conveyance */
-
- for (n=0; n<511; n++)
- s->io_buffer[511] += s->io_buffer[n];
- s->io_buffer[511] = 0x100 - s->io_buffer[511];
- s->status = READY_STAT | SEEK_STAT;
- ide_transfer_start(s, s->io_buffer, 0x200, ide_transfer_stop);
- ide_set_irq(s->bus);
- break;
- case SMART_READ_LOG:
- switch (s->sector) {
- case 0x01: /* summary smart error log */
- memset(s->io_buffer, 0, 0x200);
- s->io_buffer[0] = 0x01;
- s->io_buffer[1] = 0x00; /* no error entries */
- s->io_buffer[452] = s->smart_errors & 0xff;
- s->io_buffer[453] = (s->smart_errors & 0xff00) >> 8;
-
- for (n=0; n<511; n++)
- s->io_buffer[511] += s->io_buffer[n];
- s->io_buffer[511] = 0x100 - s->io_buffer[511];
- break;
- case 0x06: /* smart self test log */
- memset(s->io_buffer, 0, 0x200);
- s->io_buffer[0] = 0x01;
- if (s->smart_selftest_count == 0) {
- s->io_buffer[508] = 0;
- } else {
- s->io_buffer[508] = s->smart_selftest_count;
- for (n=2; n<506; n++)
- s->io_buffer[n] = s->smart_selftest_data[n];
- }
- for (n=0; n<511; n++)
- s->io_buffer[511] += s->io_buffer[n];
- s->io_buffer[511] = 0x100 - s->io_buffer[511];
- break;
- default:
- goto abort_cmd;
- }
- s->status = READY_STAT | SEEK_STAT;
- ide_transfer_start(s, s->io_buffer, 0x200, ide_transfer_stop);
- ide_set_irq(s->bus);
- break;
- case SMART_EXECUTE_OFFLINE:
- switch (s->sector) {
- case 0: /* off-line routine */
- case 1: /* short self test */
- case 2: /* extended self test */
- s->smart_selftest_count++;
- if(s->smart_selftest_count > 21)
- s->smart_selftest_count = 0;
- n = 2 + (s->smart_selftest_count - 1) * 24;
- s->smart_selftest_data[n] = s->sector;
- s->smart_selftest_data[n+1] = 0x00; /* OK and finished */
- s->smart_selftest_data[n+2] = 0x34; /* hour count lsb */
- s->smart_selftest_data[n+3] = 0x12; /* hour count msb */
- s->status = READY_STAT | SEEK_STAT;
- ide_set_irq(s->bus);
- break;
- default:
- goto abort_cmd;
- }
- break;
- default:
- goto abort_cmd;
- }
- break;
- default:
- /* should not be reachable */
- abort_cmd:
- ide_abort_command(s);
ide_set_irq(s->bus);
- break;
}
}
@@ -1869,6 +2025,8 @@ static void ide_reset(IDEState *s)
s->io_buffer_index = 0;
s->cd_sector_size = 0;
s->atapi_dma = 0;
+ s->tray_locked = 0;
+ s->tray_open = 0;
/* ATA DMA state */
s->io_buffer_size = 0;
s->req_nb_sectors = 0;
diff --git a/hw/ide/ich.c b/hw/ide/ich.c
index 272b7734b..bff952bf6 100644
--- a/hw/ide/ich.c
+++ b/hw/ide/ich.c
@@ -61,12 +61,12 @@
*/
#include <hw/hw.h>
-#include <hw/msi.h>
-#include <hw/pc.h>
-#include <hw/pci.h>
-#include <hw/isa.h>
-#include "block.h"
-#include "dma.h"
+#include <hw/pci/msi.h>
+#include <hw/i386/pc.h>
+#include <hw/pci/pci.h>
+#include <hw/isa/isa.h>
+#include "block/block.h"
+#include "sysemu/dma.h"
#include <hw/ide/pci.h>
#include <hw/ide/ahci.h>
@@ -79,14 +79,20 @@
#define ICH9_IDP_INDEX 0x10
#define ICH9_IDP_INDEX_LOG2 0x04
-static const VMStateDescription vmstate_ahci = {
- .name = "ahci",
- .unmigratable = 1,
+static const VMStateDescription vmstate_ich9_ahci = {
+ .name = "ich9_ahci",
+ .unmigratable = 1, /* Still buggy under I/O load */
+ .version_id = 1,
+ .fields = (VMStateField []) {
+ VMSTATE_PCI_DEVICE(parent_obj, AHCIPCIState),
+ VMSTATE_AHCI(ahci, AHCIPCIState),
+ VMSTATE_END_OF_LIST()
+ },
};
static void pci_ich9_reset(DeviceState *dev)
{
- struct AHCIPCIState *d = DO_UPCAST(struct AHCIPCIState, card.qdev, dev);
+ AHCIPCIState *d = ICH_AHCI(dev);
ahci_reset(&d->ahci);
}
@@ -96,34 +102,34 @@ static int pci_ich9_ahci_init(PCIDevice *dev)
struct AHCIPCIState *d;
int sata_cap_offset;
uint8_t *sata_cap;
- d = DO_UPCAST(struct AHCIPCIState, card, dev);
+ d = ICH_AHCI(dev);
- ahci_init(&d->ahci, &dev->qdev, pci_dma_context(dev), 6);
+ ahci_init(&d->ahci, DEVICE(dev), pci_get_address_space(dev), 6);
- pci_config_set_prog_interface(d->card.config, AHCI_PROGMODE_MAJOR_REV_1);
+ pci_config_set_prog_interface(dev->config, AHCI_PROGMODE_MAJOR_REV_1);
- d->card.config[PCI_CACHE_LINE_SIZE] = 0x08; /* Cache line size */
- d->card.config[PCI_LATENCY_TIMER] = 0x00; /* Latency timer */
- pci_config_set_interrupt_pin(d->card.config, 1);
+ dev->config[PCI_CACHE_LINE_SIZE] = 0x08; /* Cache line size */
+ dev->config[PCI_LATENCY_TIMER] = 0x00; /* Latency timer */
+ pci_config_set_interrupt_pin(dev->config, 1);
/* XXX Software should program this register */
- d->card.config[0x90] = 1 << 6; /* Address Map Register - AHCI mode */
+ dev->config[0x90] = 1 << 6; /* Address Map Register - AHCI mode */
msi_init(dev, 0x50, 1, true, false);
- d->ahci.irq = d->card.irq[0];
+ d->ahci.irq = dev->irq[0];
- pci_register_bar(&d->card, ICH9_IDP_BAR, PCI_BASE_ADDRESS_SPACE_IO,
+ pci_register_bar(dev, ICH9_IDP_BAR, PCI_BASE_ADDRESS_SPACE_IO,
&d->ahci.idp);
- pci_register_bar(&d->card, ICH9_MEM_BAR, PCI_BASE_ADDRESS_SPACE_MEMORY,
+ pci_register_bar(dev, ICH9_MEM_BAR, PCI_BASE_ADDRESS_SPACE_MEMORY,
&d->ahci.mem);
- sata_cap_offset = pci_add_capability(&d->card, PCI_CAP_ID_SATA,
+ sata_cap_offset = pci_add_capability(dev, PCI_CAP_ID_SATA,
ICH9_SATA_CAP_OFFSET, SATA_CAP_SIZE);
if (sata_cap_offset < 0) {
return sata_cap_offset;
}
- sata_cap = d->card.config + sata_cap_offset;
+ sata_cap = dev->config + sata_cap_offset;
pci_set_word(sata_cap + SATA_CAP_REV, 0x10);
pci_set_long(sata_cap + SATA_CAP_BAR,
(ICH9_IDP_BAR + 0x4) | (ICH9_IDP_INDEX_LOG2 << 4));
@@ -135,7 +141,7 @@ static int pci_ich9_ahci_init(PCIDevice *dev)
static void pci_ich9_uninit(PCIDevice *dev)
{
struct AHCIPCIState *d;
- d = DO_UPCAST(struct AHCIPCIState, card, dev);
+ d = ICH_AHCI(dev);
msi_uninit(dev);
ahci_uninit(&d->ahci);
@@ -152,12 +158,13 @@ static void ich_ahci_class_init(ObjectClass *klass, void *data)
k->device_id = PCI_DEVICE_ID_INTEL_82801IR;
k->revision = 0x02;
k->class_id = PCI_CLASS_STORAGE_SATA;
- dc->vmsd = &vmstate_ahci;
+ dc->vmsd = &vmstate_ich9_ahci;
dc->reset = pci_ich9_reset;
+ set_bit(DEVICE_CATEGORY_STORAGE, dc->categories);
}
-static TypeInfo ich_ahci_info = {
- .name = "ich9-ahci",
+static const TypeInfo ich_ahci_info = {
+ .name = TYPE_ICH9_AHCI,
.parent = TYPE_PCI_DEVICE,
.instance_size = sizeof(AHCIPCIState),
.class_init = ich_ahci_class_init,
diff --git a/hw/ide/internal.h b/hw/ide/internal.h
index bf7d313cf..048a05214 100644
--- a/hw/ide/internal.h
+++ b/hw/ide/internal.h
@@ -7,12 +7,11 @@
* non-internal declarations are in hw/ide.h
*/
#include <hw/ide.h>
-#include <hw/isa.h>
-#include "iorange.h"
-#include "dma.h"
-#include "sysemu.h"
-#include "hw/block-common.h"
-#include "hw/scsi-defs.h"
+#include <hw/isa/isa.h>
+#include "sysemu/dma.h"
+#include "sysemu/sysemu.h"
+#include "hw/block/block.h"
+#include "block/scsi.h"
/* debug IDE devices */
//#define DEBUG_IDE
@@ -434,6 +433,7 @@ struct IDEDMAOps {
DMAIntFunc *set_unit;
DMAIntFunc *add_status;
DMAFunc *set_inactive;
+ DMAFunc *async_cmd_done;
DMARestartFunc *restart_cb;
DMAFunc *reset;
};
@@ -451,6 +451,7 @@ struct IDEBus {
IDEDevice *slave;
IDEState ifs[2];
int bus_id;
+ int max_units;
IDEDMA *dma;
uint8_t unit;
uint8_t cmd;
@@ -575,7 +576,7 @@ void ide_atapi_cmd(IDEState *s);
void ide_atapi_cmd_reply_end(IDEState *s);
/* hw/ide/qdev.c */
-void ide_bus_new(IDEBus *idebus, DeviceState *dev, int bus_id);
+void ide_bus_new(IDEBus *idebus, DeviceState *dev, int bus_id, int max_units);
IDEDevice *ide_create_drive(IDEBus *bus, int unit, DriveInfo *drive);
#endif /* HW_IDE_INTERNAL_H */
diff --git a/hw/ide/isa.c b/hw/ide/isa.c
index 8ab2718ee..bbc8c6b9c 100644
--- a/hw/ide/isa.c
+++ b/hw/ide/isa.c
@@ -23,18 +23,22 @@
* THE SOFTWARE.
*/
#include <hw/hw.h>
-#include <hw/pc.h>
-#include <hw/isa.h>
-#include "block.h"
-#include "dma.h"
+#include <hw/i386/pc.h>
+#include <hw/isa/isa.h>
+#include "block/block.h"
+#include "sysemu/dma.h"
#include <hw/ide/internal.h>
/***********************************************************/
/* ISA IDE definitions */
+#define TYPE_ISA_IDE "isa-ide"
+#define ISA_IDE(obj) OBJECT_CHECK(ISAIDEState, (obj), TYPE_ISA_IDE)
+
typedef struct ISAIDEState {
- ISADevice dev;
+ ISADevice parent_obj;
+
IDEBus bus;
uint32_t iobase;
uint32_t iobase2;
@@ -44,7 +48,7 @@ typedef struct ISAIDEState {
static void isa_ide_reset(DeviceState *d)
{
- ISAIDEState *s = container_of(d, ISAIDEState, dev.qdev);
+ ISAIDEState *s = ISA_IDE(d);
ide_bus_reset(&s->bus);
}
@@ -61,37 +65,42 @@ static const VMStateDescription vmstate_ide_isa = {
}
};
-static int isa_ide_initfn(ISADevice *dev)
+static void isa_ide_realizefn(DeviceState *dev, Error **errp)
{
- ISAIDEState *s = DO_UPCAST(ISAIDEState, dev, dev);
+ ISADevice *isadev = ISA_DEVICE(dev);
+ ISAIDEState *s = ISA_IDE(dev);
- ide_bus_new(&s->bus, &s->dev.qdev, 0);
- ide_init_ioport(&s->bus, dev, s->iobase, s->iobase2);
- isa_init_irq(dev, &s->irq, s->isairq);
+ ide_bus_new(&s->bus, dev, 0, 2);
+ ide_init_ioport(&s->bus, isadev, s->iobase, s->iobase2);
+ isa_init_irq(isadev, &s->irq, s->isairq);
ide_init2(&s->bus, s->irq);
- vmstate_register(&dev->qdev, 0, &vmstate_ide_isa, s);
- return 0;
+ vmstate_register(dev, 0, &vmstate_ide_isa, s);
};
ISADevice *isa_ide_init(ISABus *bus, int iobase, int iobase2, int isairq,
DriveInfo *hd0, DriveInfo *hd1)
{
- ISADevice *dev;
+ DeviceState *dev;
+ ISADevice *isadev;
ISAIDEState *s;
- dev = isa_create(bus, "isa-ide");
- qdev_prop_set_uint32(&dev->qdev, "iobase", iobase);
- qdev_prop_set_uint32(&dev->qdev, "iobase2", iobase2);
- qdev_prop_set_uint32(&dev->qdev, "irq", isairq);
- if (qdev_init(&dev->qdev) < 0)
+ isadev = isa_create(bus, TYPE_ISA_IDE);
+ dev = DEVICE(isadev);
+ qdev_prop_set_uint32(dev, "iobase", iobase);
+ qdev_prop_set_uint32(dev, "iobase2", iobase2);
+ qdev_prop_set_uint32(dev, "irq", isairq);
+ if (qdev_init(dev) < 0) {
return NULL;
+ }
- s = DO_UPCAST(ISAIDEState, dev, dev);
- if (hd0)
+ s = ISA_IDE(dev);
+ if (hd0) {
ide_create_drive(&s->bus, 0, hd0);
- if (hd1)
+ }
+ if (hd1) {
ide_create_drive(&s->bus, 1, hd1);
- return dev;
+ }
+ return isadev;
}
static Property isa_ide_properties[] = {
@@ -104,15 +113,16 @@ static Property isa_ide_properties[] = {
static void isa_ide_class_initfn(ObjectClass *klass, void *data)
{
DeviceClass *dc = DEVICE_CLASS(klass);
- ISADeviceClass *ic = ISA_DEVICE_CLASS(klass);
- ic->init = isa_ide_initfn;
+
+ dc->realize = isa_ide_realizefn;
dc->fw_name = "ide";
dc->reset = isa_ide_reset;
dc->props = isa_ide_properties;
+ set_bit(DEVICE_CATEGORY_STORAGE, dc->categories);
}
-static TypeInfo isa_ide_info = {
- .name = "isa-ide",
+static const TypeInfo isa_ide_info = {
+ .name = TYPE_ISA_IDE,
.parent = TYPE_ISA_DEVICE,
.instance_size = sizeof(ISAIDEState),
.class_init = isa_ide_class_initfn,
diff --git a/hw/ide/macio.c b/hw/ide/macio.c
index d2edcc085..ef4ba2b2c 100644
--- a/hw/ide/macio.c
+++ b/hw/ide/macio.c
@@ -22,23 +22,33 @@
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
* THE SOFTWARE.
*/
-#include <hw/hw.h>
-#include <hw/ppc_mac.h>
-#include <hw/mac_dbdma.h>
-#include "block.h"
-#include "dma.h"
+#include "hw/hw.h"
+#include "hw/ppc/mac.h"
+#include "hw/ppc/mac_dbdma.h"
+#include "block/block.h"
+#include "sysemu/dma.h"
#include <hw/ide/internal.h>
+/* debug MACIO */
+// #define DEBUG_MACIO
+
+#ifdef DEBUG_MACIO
+static const int debug_macio = 1;
+#else
+static const int debug_macio = 0;
+#endif
+
+#define MACIO_DPRINTF(fmt, ...) do { \
+ if (debug_macio) { \
+ printf(fmt , ## __VA_ARGS__); \
+ } \
+ } while (0)
+
+
/***********************************************************/
/* MacIO based PowerPC IDE */
-typedef struct MACIOIDEState {
- MemoryRegion mem;
- IDEBus bus;
- BlockDriverAIOCB *aiocb;
-} MACIOIDEState;
-
#define MACIO_PAGE_SIZE 4096
static void pmac_ide_atapi_transfer_cb(void *opaque, int ret)
@@ -46,14 +56,26 @@ static void pmac_ide_atapi_transfer_cb(void *opaque, int ret)
DBDMA_io *io = opaque;
MACIOIDEState *m = io->opaque;
IDEState *s = idebus_active_if(&m->bus);
+ int unaligned;
if (ret < 0) {
m->aiocb = NULL;
qemu_sglist_destroy(&s->sg);
ide_atapi_io_error(s, ret);
+ io->remainder_len = 0;
goto done;
}
+ if (!m->dma_active) {
+ MACIO_DPRINTF("waiting for data (%#x - %#x - %x)\n",
+ s->nsector, io->len, s->status);
+ /* data not ready yet, wait for the channel to get restarted */
+ io->processing = false;
+ return;
+ }
+
+ MACIO_DPRINTF("io_buffer_size = %#x\n", s->io_buffer_size);
+
if (s->io_buffer_size > 0) {
m->aiocb = NULL;
qemu_sglist_destroy(&s->sg);
@@ -61,33 +83,94 @@ static void pmac_ide_atapi_transfer_cb(void *opaque, int ret)
s->packet_transfer_size -= s->io_buffer_size;
s->io_buffer_index += s->io_buffer_size;
- s->lba += s->io_buffer_index >> 11;
+ s->lba += s->io_buffer_index >> 11;
s->io_buffer_index &= 0x7ff;
}
- if (s->packet_transfer_size <= 0)
+ s->io_buffer_size = MIN(io->len, s->packet_transfer_size);
+
+ MACIO_DPRINTF("remainder: %d io->len: %d size: %d\n", io->remainder_len,
+ io->len, s->packet_transfer_size);
+ if (io->remainder_len && io->len) {
+ /* guest wants the rest of its previous transfer */
+ int remainder_len = MIN(io->remainder_len, io->len);
+
+ MACIO_DPRINTF("copying remainder %d bytes\n", remainder_len);
+
+ cpu_physical_memory_write(io->addr, io->remainder + 0x200 -
+ remainder_len, remainder_len);
+
+ io->addr += remainder_len;
+ io->len -= remainder_len;
+ s->io_buffer_size = remainder_len;
+ io->remainder_len -= remainder_len;
+ /* treat remainder as individual transfer, start again */
+ qemu_sglist_init(&s->sg, DEVICE(m), io->len / MACIO_PAGE_SIZE + 1,
+ &address_space_memory);
+ pmac_ide_atapi_transfer_cb(opaque, 0);
+ return;
+ }
+
+ if (!s->packet_transfer_size) {
+ MACIO_DPRINTF("end of transfer\n");
ide_atapi_cmd_ok(s);
+ m->dma_active = false;
+ }
if (io->len == 0) {
+ MACIO_DPRINTF("end of DMA\n");
goto done;
}
/* launch next transfer */
- s->io_buffer_size = io->len;
+ /* handle unaligned accesses first, get them over with and only do the
+ remaining bulk transfer using our async DMA helpers */
+ unaligned = io->len & 0x1ff;
+ if (unaligned) {
+ int sector_num = (s->lba << 2) + (s->io_buffer_index >> 9);
+ int nsector = io->len >> 9;
+
+ MACIO_DPRINTF("precopying unaligned %d bytes to %#" HWADDR_PRIx "\n",
+ unaligned, io->addr + io->len - unaligned);
+
+ bdrv_read(s->bs, sector_num + nsector, io->remainder, 1);
+ cpu_physical_memory_write(io->addr + io->len - unaligned,
+ io->remainder, unaligned);
- qemu_sglist_init(&s->sg, io->len / MACIO_PAGE_SIZE + 1,
- &dma_context_memory);
+ io->len -= unaligned;
+ }
+
+ MACIO_DPRINTF("io->len = %#x\n", io->len);
+
+ qemu_sglist_init(&s->sg, DEVICE(m), io->len / MACIO_PAGE_SIZE + 1,
+ &address_space_memory);
qemu_sglist_add(&s->sg, io->addr, io->len);
- io->addr += io->len;
+ io->addr += s->io_buffer_size;
+ io->remainder_len = MIN(s->packet_transfer_size - s->io_buffer_size,
+ (0x200 - unaligned) & 0x1ff);
+ MACIO_DPRINTF("set remainder to: %d\n", io->remainder_len);
+
+ /* We would read no data from the block layer, thus not get a callback.
+ Just fake completion manually. */
+ if (!io->len) {
+ pmac_ide_atapi_transfer_cb(opaque, 0);
+ return;
+ }
+
io->len = 0;
+ MACIO_DPRINTF("sector_num=%d size=%d, cmd_cmd=%d\n",
+ (s->lba << 2) + (s->io_buffer_index >> 9),
+ s->packet_transfer_size, s->dma_cmd);
+
m->aiocb = dma_bdrv_read(s->bs, &s->sg,
(int64_t)(s->lba << 2) + (s->io_buffer_index >> 9),
pmac_ide_atapi_transfer_cb, io);
return;
done:
+ MACIO_DPRINTF("done DMA\n");
bdrv_acct_done(s->bs, &s->acct);
io->dma_end(opaque);
}
@@ -97,17 +180,29 @@ static void pmac_ide_transfer_cb(void *opaque, int ret)
DBDMA_io *io = opaque;
MACIOIDEState *m = io->opaque;
IDEState *s = idebus_active_if(&m->bus);
- int n;
+ int n = 0;
int64_t sector_num;
+ int unaligned;
if (ret < 0) {
+ MACIO_DPRINTF("DMA error\n");
m->aiocb = NULL;
qemu_sglist_destroy(&s->sg);
- ide_dma_error(s);
+ ide_dma_error(s);
+ io->remainder_len = 0;
goto done;
}
+ if (!m->dma_active) {
+ MACIO_DPRINTF("waiting for data (%#x - %#x - %x)\n",
+ s->nsector, io->len, s->status);
+ /* data not ready yet, wait for the channel to get restarted */
+ io->processing = false;
+ return;
+ }
+
sector_num = ide_get_sector(s);
+ MACIO_DPRINTF("io_buffer_size = %#x\n", s->io_buffer_size);
if (s->io_buffer_size > 0) {
m->aiocb = NULL;
qemu_sglist_destroy(&s->sg);
@@ -117,40 +212,110 @@ static void pmac_ide_transfer_cb(void *opaque, int ret)
s->nsector -= n;
}
- /* end of transfer ? */
- if (s->nsector == 0) {
+ MACIO_DPRINTF("remainder: %d io->len: %d nsector: %d "
+ "sector_num: %" PRId64 "\n",
+ io->remainder_len, io->len, s->nsector, sector_num);
+ if (io->remainder_len && io->len) {
+ /* guest wants the rest of its previous transfer */
+ int remainder_len = MIN(io->remainder_len, io->len);
+ uint8_t *p = &io->remainder[0x200 - remainder_len];
+
+ MACIO_DPRINTF("copying remainder %d bytes at %#" HWADDR_PRIx "\n",
+ remainder_len, io->addr);
+
+ switch (s->dma_cmd) {
+ case IDE_DMA_READ:
+ cpu_physical_memory_write(io->addr, p, remainder_len);
+ break;
+ case IDE_DMA_WRITE:
+ cpu_physical_memory_read(io->addr, p, remainder_len);
+ bdrv_write(s->bs, sector_num - 1, io->remainder, 1);
+ break;
+ case IDE_DMA_TRIM:
+ break;
+ }
+ io->addr += remainder_len;
+ io->len -= remainder_len;
+ io->remainder_len -= remainder_len;
+ }
+
+ if (s->nsector == 0 && !io->remainder_len) {
+ MACIO_DPRINTF("end of transfer\n");
s->status = READY_STAT | SEEK_STAT;
ide_set_irq(s->bus);
+ m->dma_active = false;
}
- /* end of DMA ? */
if (io->len == 0) {
+ MACIO_DPRINTF("end of DMA\n");
goto done;
}
/* launch next transfer */
s->io_buffer_index = 0;
- s->io_buffer_size = io->len;
+ s->io_buffer_size = MIN(io->len, s->nsector * 512);
+
+ /* handle unaligned accesses first, get them over with and only do the
+ remaining bulk transfer using our async DMA helpers */
+ unaligned = io->len & 0x1ff;
+ if (unaligned) {
+ int nsector = io->len >> 9;
+
+ MACIO_DPRINTF("precopying unaligned %d bytes to %#" HWADDR_PRIx "\n",
+ unaligned, io->addr + io->len - unaligned);
+
+ switch (s->dma_cmd) {
+ case IDE_DMA_READ:
+ bdrv_read(s->bs, sector_num + nsector, io->remainder, 1);
+ cpu_physical_memory_write(io->addr + io->len - unaligned,
+ io->remainder, unaligned);
+ break;
+ case IDE_DMA_WRITE:
+ /* cache the contents in our io struct */
+ cpu_physical_memory_read(io->addr + io->len - unaligned,
+ io->remainder, unaligned);
+ break;
+ case IDE_DMA_TRIM:
+ break;
+ }
+
+ io->len -= unaligned;
+ }
+
+ MACIO_DPRINTF("io->len = %#x\n", io->len);
- qemu_sglist_init(&s->sg, io->len / MACIO_PAGE_SIZE + 1,
- &dma_context_memory);
+ qemu_sglist_init(&s->sg, DEVICE(m), io->len / MACIO_PAGE_SIZE + 1,
+ &address_space_memory);
qemu_sglist_add(&s->sg, io->addr, io->len);
- io->addr += io->len;
+ io->addr += io->len + unaligned;
+ io->remainder_len = (0x200 - unaligned) & 0x1ff;
+ MACIO_DPRINTF("set remainder to: %d\n", io->remainder_len);
+
+ /* We would read no data from the block layer, thus not get a callback.
+ Just fake completion manually. */
+ if (!io->len) {
+ pmac_ide_transfer_cb(opaque, 0);
+ return;
+ }
+
io->len = 0;
+ MACIO_DPRINTF("sector_num=%" PRId64 " n=%d, nsector=%d, cmd_cmd=%d\n",
+ sector_num, n, s->nsector, s->dma_cmd);
+
switch (s->dma_cmd) {
case IDE_DMA_READ:
m->aiocb = dma_bdrv_read(s->bs, &s->sg, sector_num,
- pmac_ide_transfer_cb, io);
+ pmac_ide_transfer_cb, io);
break;
case IDE_DMA_WRITE:
m->aiocb = dma_bdrv_write(s->bs, &s->sg, sector_num,
- pmac_ide_transfer_cb, io);
+ pmac_ide_transfer_cb, io);
break;
case IDE_DMA_TRIM:
m->aiocb = dma_bdrv_io(s->bs, &s->sg, sector_num,
- ide_issue_trim, pmac_ide_transfer_cb, s,
+ ide_issue_trim, pmac_ide_transfer_cb, io,
DMA_DIRECTION_TO_DEVICE);
break;
}
@@ -168,6 +333,8 @@ static void pmac_ide_transfer(DBDMA_io *io)
MACIOIDEState *m = io->opaque;
IDEState *s = idebus_active_if(&m->bus);
+ MACIO_DPRINTF("\n");
+
s->io_buffer_size = 0;
if (s->drive_kind == IDE_CD) {
bdrv_acct_start(s->bs, &s->acct, io->len, BDRV_ACCT_READ);
@@ -321,30 +488,111 @@ static const VMStateDescription vmstate_pmac = {
}
};
-static void pmac_ide_reset(void *opaque)
+static void macio_ide_reset(DeviceState *dev)
{
- MACIOIDEState *d = opaque;
+ MACIOIDEState *d = MACIO_IDE(dev);
ide_bus_reset(&d->bus);
}
-/* hd_table must contain 4 block drivers */
-/* PowerMac uses memory mapped registers, not I/O. Return the memory
- I/O index to access the ide. */
-MemoryRegion *pmac_ide_init (DriveInfo **hd_table, qemu_irq irq,
- void *dbdma, int channel, qemu_irq dma_irq)
+static int ide_nop(IDEDMA *dma)
+{
+ return 0;
+}
+
+static int ide_nop_int(IDEDMA *dma, int x)
+{
+ return 0;
+}
+
+static void ide_nop_restart(void *opaque, int x, RunState y)
+{
+}
+
+static void ide_dbdma_start(IDEDMA *dma, IDEState *s,
+ BlockDriverCompletionFunc *cb)
+{
+ MACIOIDEState *m = container_of(dma, MACIOIDEState, dma);
+
+ MACIO_DPRINTF("\n");
+ m->dma_active = true;
+ DBDMA_kick(m->dbdma);
+}
+
+static const IDEDMAOps dbdma_ops = {
+ .start_dma = ide_dbdma_start,
+ .start_transfer = ide_nop,
+ .prepare_buf = ide_nop_int,
+ .rw_buf = ide_nop_int,
+ .set_unit = ide_nop_int,
+ .add_status = ide_nop_int,
+ .set_inactive = ide_nop,
+ .restart_cb = ide_nop_restart,
+ .reset = ide_nop,
+};
+
+static void macio_ide_realizefn(DeviceState *dev, Error **errp)
+{
+ MACIOIDEState *s = MACIO_IDE(dev);
+
+ ide_init2(&s->bus, s->irq);
+
+ /* Register DMA callbacks */
+ s->dma.ops = &dbdma_ops;
+ s->bus.dma = &s->dma;
+}
+
+static void macio_ide_initfn(Object *obj)
{
- MACIOIDEState *d;
+ SysBusDevice *d = SYS_BUS_DEVICE(obj);
+ MACIOIDEState *s = MACIO_IDE(obj);
+
+ ide_bus_new(&s->bus, DEVICE(obj), 0, 2);
+ memory_region_init_io(&s->mem, obj, &pmac_ide_ops, s, "pmac-ide", 0x1000);
+ sysbus_init_mmio(d, &s->mem);
+ sysbus_init_irq(d, &s->irq);
+ sysbus_init_irq(d, &s->dma_irq);
+}
+
+static void macio_ide_class_init(ObjectClass *oc, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(oc);
+
+ dc->realize = macio_ide_realizefn;
+ dc->reset = macio_ide_reset;
+ dc->vmsd = &vmstate_pmac;
+}
- d = g_malloc0(sizeof(MACIOIDEState));
- ide_init2_with_non_qdev_drives(&d->bus, hd_table[0], hd_table[1], irq);
+static const TypeInfo macio_ide_type_info = {
+ .name = TYPE_MACIO_IDE,
+ .parent = TYPE_SYS_BUS_DEVICE,
+ .instance_size = sizeof(MACIOIDEState),
+ .instance_init = macio_ide_initfn,
+ .class_init = macio_ide_class_init,
+};
- if (dbdma)
- DBDMA_register_channel(dbdma, channel, dma_irq, pmac_ide_transfer, pmac_ide_flush, d);
+static void macio_ide_register_types(void)
+{
+ type_register_static(&macio_ide_type_info);
+}
- memory_region_init_io(&d->mem, &pmac_ide_ops, d, "pmac-ide", 0x1000);
- vmstate_register(NULL, 0, &vmstate_pmac, d);
- qemu_register_reset(pmac_ide_reset, d);
+/* hd_table must contain 2 block drivers */
+void macio_ide_init_drives(MACIOIDEState *s, DriveInfo **hd_table)
+{
+ int i;
- return &d->mem;
+ for (i = 0; i < 2; i++) {
+ if (hd_table[i]) {
+ ide_create_drive(&s->bus, i, hd_table[i]);
+ }
+ }
}
+
+void macio_ide_register_dma(MACIOIDEState *s, void *dbdma, int channel)
+{
+ s->dbdma = dbdma;
+ DBDMA_register_channel(dbdma, channel, s->dma_irq,
+ pmac_ide_transfer, pmac_ide_flush, s);
+}
+
+type_init(macio_ide_register_types)
diff --git a/hw/ide/microdrive.c b/hw/ide/microdrive.c
index 9eee5b50b..92c1df046 100644
--- a/hw/ide/microdrive.c
+++ b/hw/ide/microdrive.c
@@ -23,10 +23,10 @@
* THE SOFTWARE.
*/
#include <hw/hw.h>
-#include <hw/pc.h>
+#include <hw/i386/pc.h>
#include <hw/pcmcia.h>
-#include "block.h"
-#include "dma.h"
+#include "block/block.h"
+#include "sysemu/dma.h"
#include <hw/ide/internal.h>
diff --git a/hw/ide/mmio.c b/hw/ide/mmio.c
index bcb26c8b6..d251ff983 100644
--- a/hw/ide/mmio.c
+++ b/hw/ide/mmio.c
@@ -22,9 +22,10 @@
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
* THE SOFTWARE.
*/
-#include <hw/hw.h>
-#include "block.h"
-#include "dma.h"
+#include "hw/hw.h"
+#include "hw/sysbus.h"
+#include "block/block.h"
+#include "sysemu/dma.h"
#include <hw/ide/internal.h>
@@ -34,15 +35,24 @@
* dedicated ide controller, which is often seen on embedded boards.
*/
-typedef struct {
+#define TYPE_MMIO_IDE "mmio-ide"
+#define MMIO_IDE(obj) OBJECT_CHECK(MMIOState, (obj), TYPE_MMIO_IDE)
+
+typedef struct MMIOIDEState {
+ /*< private >*/
+ SysBusDevice parent_obj;
+ /*< public >*/
+
IDEBus bus;
- int shift;
+
+ uint32_t shift;
+ qemu_irq irq;
MemoryRegion iomem1, iomem2;
} MMIOState;
-static void mmio_ide_reset(void *opaque)
+static void mmio_ide_reset(DeviceState *dev)
{
- MMIOState *s = opaque;
+ MMIOState *s = MMIO_IDE(dev);
ide_bus_reset(&s->bus);
}
@@ -107,24 +117,68 @@ static const VMStateDescription vmstate_ide_mmio = {
}
};
-void mmio_ide_init (hwaddr membase, hwaddr membase2,
- MemoryRegion *address_space,
- qemu_irq irq, int shift,
- DriveInfo *hd0, DriveInfo *hd1)
+static void mmio_ide_realizefn(DeviceState *dev, Error **errp)
+{
+ SysBusDevice *d = SYS_BUS_DEVICE(dev);
+ MMIOState *s = MMIO_IDE(dev);
+
+ ide_init2(&s->bus, s->irq);
+
+ memory_region_init_io(&s->iomem1, OBJECT(s), &mmio_ide_ops, s,
+ "ide-mmio.1", 16 << s->shift);
+ memory_region_init_io(&s->iomem2, OBJECT(s), &mmio_ide_cs_ops, s,
+ "ide-mmio.2", 2 << s->shift);
+ sysbus_init_mmio(d, &s->iomem1);
+ sysbus_init_mmio(d, &s->iomem2);
+}
+
+static void mmio_ide_initfn(Object *obj)
+{
+ SysBusDevice *d = SYS_BUS_DEVICE(obj);
+ MMIOState *s = MMIO_IDE(obj);
+
+ ide_bus_new(&s->bus, DEVICE(obj), 0, 2);
+ sysbus_init_irq(d, &s->irq);
+}
+
+static Property mmio_ide_properties[] = {
+ DEFINE_PROP_UINT32("shift", MMIOState, shift, 0),
+ DEFINE_PROP_END_OF_LIST()
+};
+
+static void mmio_ide_class_init(ObjectClass *oc, void *data)
{
- MMIOState *s = g_malloc0(sizeof(MMIOState));
+ DeviceClass *dc = DEVICE_CLASS(oc);
+
+ dc->realize = mmio_ide_realizefn;
+ dc->reset = mmio_ide_reset;
+ dc->props = mmio_ide_properties;
+ dc->vmsd = &vmstate_ide_mmio;
+}
+
+static const TypeInfo mmio_ide_type_info = {
+ .name = TYPE_MMIO_IDE,
+ .parent = TYPE_SYS_BUS_DEVICE,
+ .instance_size = sizeof(MMIOState),
+ .instance_init = mmio_ide_initfn,
+ .class_init = mmio_ide_class_init,
+};
- ide_init2_with_non_qdev_drives(&s->bus, hd0, hd1, irq);
+static void mmio_ide_register_types(void)
+{
+ type_register_static(&mmio_ide_type_info);
+}
- s->shift = shift;
+void mmio_ide_init_drives(DeviceState *dev, DriveInfo *hd0, DriveInfo *hd1)
+{
+ MMIOState *s = MMIO_IDE(dev);
- memory_region_init_io(&s->iomem1, &mmio_ide_ops, s,
- "ide-mmio.1", 16 << shift);
- memory_region_init_io(&s->iomem2, &mmio_ide_cs_ops, s,
- "ide-mmio.2", 2 << shift);
- memory_region_add_subregion(address_space, membase, &s->iomem1);
- memory_region_add_subregion(address_space, membase2, &s->iomem2);
- vmstate_register(NULL, 0, &vmstate_ide_mmio, s);
- qemu_register_reset(mmio_ide_reset, s);
+ if (hd0 != NULL) {
+ ide_create_drive(&s->bus, 0, hd0);
+ }
+ if (hd1 != NULL) {
+ ide_create_drive(&s->bus, 1, hd1);
+ }
}
+type_init(mmio_ide_register_types)
diff --git a/hw/ide/pci.c b/hw/ide/pci.c
index bcdd70e45..91151fc85 100644
--- a/hw/ide/pci.c
+++ b/hw/ide/pci.c
@@ -23,11 +23,11 @@
* THE SOFTWARE.
*/
#include <hw/hw.h>
-#include <hw/pc.h>
-#include <hw/pci.h>
-#include <hw/isa.h>
-#include "block.h"
-#include "dma.h"
+#include <hw/i386/pc.h>
+#include <hw/pci/pci.h>
+#include <hw/isa/isa.h>
+#include "block/block.h"
+#include "sysemu/dma.h"
#include <hw/ide/pci.h>
@@ -56,13 +56,14 @@ static int bmdma_prepare_buf(IDEDMA *dma, int is_write)
{
BMDMAState *bm = DO_UPCAST(BMDMAState, dma, dma);
IDEState *s = bmdma_active_if(bm);
+ PCIDevice *pci_dev = PCI_DEVICE(bm->pci_dev);
struct {
uint32_t addr;
uint32_t size;
} prd;
int l, len;
- pci_dma_sglist_init(&s->sg, &bm->pci_dev->dev,
+ pci_dma_sglist_init(&s->sg, pci_dev,
s->nsector / (BMDMA_PAGE_SIZE / 512) + 1);
s->io_buffer_size = 0;
for(;;) {
@@ -71,7 +72,7 @@ static int bmdma_prepare_buf(IDEDMA *dma, int is_write)
if (bm->cur_prd_last ||
(bm->cur_addr - bm->addr) >= BMDMA_PAGE_SIZE)
return s->io_buffer_size != 0;
- pci_dma_read(&bm->pci_dev->dev, bm->cur_addr, &prd, 8);
+ pci_dma_read(pci_dev, bm->cur_addr, &prd, 8);
bm->cur_addr += 8;
prd.addr = le32_to_cpu(prd.addr);
prd.size = le32_to_cpu(prd.size);
@@ -98,6 +99,7 @@ static int bmdma_rw_buf(IDEDMA *dma, int is_write)
{
BMDMAState *bm = DO_UPCAST(BMDMAState, dma, dma);
IDEState *s = bmdma_active_if(bm);
+ PCIDevice *pci_dev = PCI_DEVICE(bm->pci_dev);
struct {
uint32_t addr;
uint32_t size;
@@ -113,7 +115,7 @@ static int bmdma_rw_buf(IDEDMA *dma, int is_write)
if (bm->cur_prd_last ||
(bm->cur_addr - bm->addr) >= BMDMA_PAGE_SIZE)
return 0;
- pci_dma_read(&bm->pci_dev->dev, bm->cur_addr, &prd, 8);
+ pci_dma_read(pci_dev, bm->cur_addr, &prd, 8);
bm->cur_addr += 8;
prd.addr = le32_to_cpu(prd.addr);
prd.size = le32_to_cpu(prd.size);
@@ -128,10 +130,10 @@ static int bmdma_rw_buf(IDEDMA *dma, int is_write)
l = bm->cur_prd_len;
if (l > 0) {
if (is_write) {
- pci_dma_write(&bm->pci_dev->dev, bm->cur_prd_addr,
+ pci_dma_write(pci_dev, bm->cur_prd_addr,
s->io_buffer + s->io_buffer_index, l);
} else {
- pci_dma_read(&bm->pci_dev->dev, bm->cur_prd_addr,
+ pci_dma_read(pci_dev, bm->cur_prd_addr,
s->io_buffer + s->io_buffer_index, l);
}
bm->cur_prd_addr += l;
@@ -311,8 +313,8 @@ void bmdma_cmd_writeb(BMDMAState *bm, uint32_t val)
if (bm->bus->dma->aiocb) {
bdrv_drain_all();
assert(bm->bus->dma->aiocb == NULL);
- assert((bm->status & BM_STATUS_DMAING) == 0);
}
+ bm->status &= ~BM_STATUS_DMAING;
} else {
bm->cur_addr = bm->addr;
if (!(bm->status & BM_STATUS_DMAING)) {
@@ -480,7 +482,7 @@ const VMStateDescription vmstate_ide_pci = {
.minimum_version_id_old = 0,
.post_load = ide_pci_post_load,
.fields = (VMStateField []) {
- VMSTATE_PCI_DEVICE(dev, PCIIDEState),
+ VMSTATE_PCI_DEVICE(parent_obj, PCIIDEState),
VMSTATE_STRUCT_ARRAY(bmdma, PCIIDEState, 2, 0,
vmstate_bmdma, BMDMAState),
VMSTATE_IDE_BUS_ARRAY(bus, PCIIDEState, 2),
@@ -492,7 +494,7 @@ const VMStateDescription vmstate_ide_pci = {
void pci_ide_create_devs(PCIDevice *dev, DriveInfo **hd_table)
{
- PCIIDEState *d = DO_UPCAST(PCIIDEState, dev, dev);
+ PCIIDEState *d = PCI_IDE(dev);
static const int bus[4] = { 0, 0, 1, 1 };
static const int unit[4] = { 0, 1, 0, 1 };
int i;
@@ -531,3 +533,17 @@ void bmdma_init(IDEBus *bus, BMDMAState *bm, PCIIDEState *d)
bus->irq = *irq;
bm->pci_dev = d;
}
+
+static const TypeInfo pci_ide_type_info = {
+ .name = TYPE_PCI_IDE,
+ .parent = TYPE_PCI_DEVICE,
+ .instance_size = sizeof(PCIIDEState),
+ .abstract = true,
+};
+
+static void pci_ide_register_types(void)
+{
+ type_register_static(&pci_ide_type_info);
+}
+
+type_init(pci_ide_register_types)
diff --git a/hw/ide/pci.h b/hw/ide/pci.h
index a694e546d..2428275c8 100644
--- a/hw/ide/pci.h
+++ b/hw/ide/pci.h
@@ -37,8 +37,14 @@ typedef struct CMD646BAR {
struct PCIIDEState *pci_dev;
} CMD646BAR;
+#define TYPE_PCI_IDE "pci-ide"
+#define PCI_IDE(obj) OBJECT_CHECK(PCIIDEState, (obj), TYPE_PCI_IDE)
+
typedef struct PCIIDEState {
- PCIDevice dev;
+ /*< private >*/
+ PCIDevice parent_obj;
+ /*< public >*/
+
IDEBus bus[2];
BMDMAState bmdma[2];
uint32_t secondary; /* used only for cmd646 */
diff --git a/hw/ide/piix.c b/hw/ide/piix.c
index 9431badad..e6e6c0bb7 100644
--- a/hw/ide/piix.c
+++ b/hw/ide/piix.c
@@ -24,12 +24,12 @@
*/
#include <hw/hw.h>
-#include <hw/pc.h>
-#include <hw/pci.h>
-#include <hw/isa.h>
-#include "blockdev.h"
-#include "sysemu.h"
-#include "dma.h"
+#include <hw/i386/pc.h>
+#include <hw/pci/pci.h>
+#include <hw/isa/isa.h>
+#include "sysemu/blockdev.h"
+#include "sysemu/sysemu.h"
+#include "sysemu/dma.h"
#include <hw/ide/pci.h>
@@ -90,15 +90,15 @@ static void bmdma_setup_bar(PCIIDEState *d)
{
int i;
- memory_region_init(&d->bmdma_bar, "piix-bmdma-container", 16);
+ memory_region_init(&d->bmdma_bar, OBJECT(d), "piix-bmdma-container", 16);
for(i = 0;i < 2; i++) {
BMDMAState *bm = &d->bmdma[i];
- memory_region_init_io(&bm->extra_io, &piix_bmdma_ops, bm,
+ memory_region_init_io(&bm->extra_io, OBJECT(d), &piix_bmdma_ops, bm,
"piix-bmdma", 4);
memory_region_add_subregion(&d->bmdma_bar, i * 8, &bm->extra_io);
- memory_region_init_io(&bm->addr_ioport, &bmdma_addr_ioport_ops, bm,
- "bmdma", 4);
+ memory_region_init_io(&bm->addr_ioport, OBJECT(d),
+ &bmdma_addr_ioport_ops, bm, "bmdma", 4);
memory_region_add_subregion(&d->bmdma_bar, i * 8 + 4, &bm->addr_ioport);
}
}
@@ -106,7 +106,8 @@ static void bmdma_setup_bar(PCIIDEState *d)
static void piix3_reset(void *opaque)
{
PCIIDEState *d = opaque;
- uint8_t *pci_conf = d->dev.config;
+ PCIDevice *pd = PCI_DEVICE(d);
+ uint8_t *pci_conf = pd->config;
int i;
for (i = 0; i < 2; i++) {
@@ -135,7 +136,7 @@ static void pci_piix_init_ports(PCIIDEState *d) {
int i;
for (i = 0; i < 2; i++) {
- ide_bus_new(&d->bus[i], &d->dev.qdev, i);
+ ide_bus_new(&d->bus[i], DEVICE(d), i, 2);
ide_init_ioport(&d->bus[i], NULL, port_info[i].iobase,
port_info[i].iobase2);
ide_init2(&d->bus[i], isa_get_irq(NULL, port_info[i].isairq));
@@ -149,17 +150,17 @@ static void pci_piix_init_ports(PCIIDEState *d) {
static int pci_piix_ide_initfn(PCIDevice *dev)
{
- PCIIDEState *d = DO_UPCAST(PCIIDEState, dev, dev);
- uint8_t *pci_conf = d->dev.config;
+ PCIIDEState *d = PCI_IDE(dev);
+ uint8_t *pci_conf = dev->config;
pci_conf[PCI_CLASS_PROG] = 0x80; // legacy ATA mode
qemu_register_reset(piix3_reset, d);
bmdma_setup_bar(d);
- pci_register_bar(&d->dev, 4, PCI_BASE_ADDRESS_SPACE_IO, &d->bmdma_bar);
+ pci_register_bar(dev, 4, PCI_BASE_ADDRESS_SPACE_IO, &d->bmdma_bar);
- vmstate_register(&d->dev.qdev, 0, &vmstate_ide_pci, d);
+ vmstate_register(DEVICE(dev), 0, &vmstate_ide_pci, d);
pci_piix_init_ports(d);
@@ -168,13 +169,11 @@ static int pci_piix_ide_initfn(PCIDevice *dev)
static int pci_piix3_xen_ide_unplug(DeviceState *dev)
{
- PCIDevice *pci_dev;
PCIIDEState *pci_ide;
DriveInfo *di;
int i = 0;
- pci_dev = DO_UPCAST(PCIDevice, qdev, dev);
- pci_ide = DO_UPCAST(PCIIDEState, dev, pci_dev);
+ pci_ide = PCI_IDE(dev);
for (; i < 3; i++) {
di = drive_get_by_index(IF_IDE, i);
@@ -188,7 +187,7 @@ static int pci_piix3_xen_ide_unplug(DeviceState *dev)
drive_put_ref(di);
}
}
- qdev_reset_all(&(pci_ide->dev.qdev));
+ qdev_reset_all(DEVICE(dev));
return 0;
}
@@ -203,7 +202,7 @@ PCIDevice *pci_piix3_xen_ide_init(PCIBus *bus, DriveInfo **hd_table, int devfn)
static void pci_piix_ide_exitfn(PCIDevice *dev)
{
- PCIIDEState *d = DO_UPCAST(PCIIDEState, dev, dev);
+ PCIIDEState *d = PCI_IDE(dev);
unsigned i;
for (i = 0; i < 2; ++i) {
@@ -248,13 +247,13 @@ static void piix3_ide_class_init(ObjectClass *klass, void *data)
k->vendor_id = PCI_VENDOR_ID_INTEL;
k->device_id = PCI_DEVICE_ID_INTEL_82371SB_1;
k->class_id = PCI_CLASS_STORAGE_IDE;
+ set_bit(DEVICE_CATEGORY_STORAGE, dc->categories);
dc->no_user = 1;
}
-static TypeInfo piix3_ide_info = {
+static const TypeInfo piix3_ide_info = {
.name = "piix3-ide",
- .parent = TYPE_PCI_DEVICE,
- .instance_size = sizeof(PCIIDEState),
+ .parent = TYPE_PCI_IDE,
.class_init = piix3_ide_class_init,
};
@@ -267,14 +266,14 @@ static void piix3_ide_xen_class_init(ObjectClass *klass, void *data)
k->vendor_id = PCI_VENDOR_ID_INTEL;
k->device_id = PCI_DEVICE_ID_INTEL_82371SB_1;
k->class_id = PCI_CLASS_STORAGE_IDE;
+ set_bit(DEVICE_CATEGORY_STORAGE, dc->categories);
dc->no_user = 1;
dc->unplug = pci_piix3_xen_ide_unplug;
}
-static TypeInfo piix3_ide_xen_info = {
+static const TypeInfo piix3_ide_xen_info = {
.name = "piix3-ide-xen",
- .parent = TYPE_PCI_DEVICE,
- .instance_size = sizeof(PCIIDEState),
+ .parent = TYPE_PCI_IDE,
.class_init = piix3_ide_xen_class_init,
};
@@ -289,13 +288,13 @@ static void piix4_ide_class_init(ObjectClass *klass, void *data)
k->vendor_id = PCI_VENDOR_ID_INTEL;
k->device_id = PCI_DEVICE_ID_INTEL_82371AB;
k->class_id = PCI_CLASS_STORAGE_IDE;
+ set_bit(DEVICE_CATEGORY_STORAGE, dc->categories);
dc->no_user = 1;
}
-static TypeInfo piix4_ide_info = {
+static const TypeInfo piix4_ide_info = {
.name = "piix4-ide",
- .parent = TYPE_PCI_DEVICE,
- .instance_size = sizeof(PCIIDEState),
+ .parent = TYPE_PCI_IDE,
.class_init = piix4_ide_class_init,
};
diff --git a/hw/ide/qdev.c b/hw/ide/qdev.c
index f2e4ea420..1d84e1537 100644
--- a/hw/ide/qdev.c
+++ b/hw/ide/qdev.c
@@ -17,12 +17,12 @@
* License along with this library; if not, see <http://www.gnu.org/licenses/>.
*/
#include <hw/hw.h>
-#include "dma.h"
-#include "qemu-error.h"
+#include "sysemu/dma.h"
+#include "qemu/error-report.h"
#include <hw/ide/internal.h>
-#include "blockdev.h"
-#include "hw/block-common.h"
-#include "sysemu.h"
+#include "sysemu/blockdev.h"
+#include "hw/block/block.h"
+#include "sysemu/sysemu.h"
/* --------------------------------- */
@@ -47,10 +47,11 @@ static const TypeInfo ide_bus_info = {
.class_init = ide_bus_class_init,
};
-void ide_bus_new(IDEBus *idebus, DeviceState *dev, int bus_id)
+void ide_bus_new(IDEBus *idebus, DeviceState *dev, int bus_id, int max_units)
{
qbus_create_inplace(&idebus->qbus, TYPE_IDE_BUS, dev, NULL);
idebus->bus_id = bus_id;
+ idebus->max_units = max_units;
}
static char *idebus_get_fw_dev_path(DeviceState *dev)
@@ -76,6 +77,13 @@ static int ide_qdev_init(DeviceState *qdev)
if (dev->unit == -1) {
dev->unit = bus->master ? 1 : 0;
}
+
+ if (dev->unit >= bus->max_units) {
+ error_report("Can't create IDE unit %d, bus supports only %d units",
+ dev->unit, bus->max_units);
+ goto err;
+ }
+
switch (dev->unit) {
case 0:
if (bus->master) {
@@ -143,7 +151,10 @@ static int ide_dev_initfn(IDEDevice *dev, IDEDriveKind kind)
IDEBus *bus = DO_UPCAST(IDEBus, qbus, dev->qdev.parent_bus);
IDEState *s = bus->ifs + dev->unit;
- if (dev->conf.discard_granularity && dev->conf.discard_granularity != 512) {
+ if (dev->conf.discard_granularity == -1) {
+ dev->conf.discard_granularity = 512;
+ } else if (dev->conf.discard_granularity &&
+ dev->conf.discard_granularity != 512) {
error_report("discard_granularity must be 512 for ide");
return -1;
}
@@ -216,7 +227,7 @@ static void ide_hd_class_init(ObjectClass *klass, void *data)
dc->props = ide_hd_properties;
}
-static TypeInfo ide_hd_info = {
+static const TypeInfo ide_hd_info = {
.name = "ide-hd",
.parent = TYPE_IDE_DEVICE,
.instance_size = sizeof(IDEDrive),
@@ -238,7 +249,7 @@ static void ide_cd_class_init(ObjectClass *klass, void *data)
dc->props = ide_cd_properties;
}
-static TypeInfo ide_cd_info = {
+static const TypeInfo ide_cd_info = {
.name = "ide-cd",
.parent = TYPE_IDE_DEVICE,
.instance_size = sizeof(IDEDrive),
@@ -260,7 +271,7 @@ static void ide_drive_class_init(ObjectClass *klass, void *data)
dc->props = ide_drive_properties;
}
-static TypeInfo ide_drive_info = {
+static const TypeInfo ide_drive_info = {
.name = "ide-drive",
.parent = TYPE_IDE_DEVICE,
.instance_size = sizeof(IDEDrive),
@@ -271,11 +282,12 @@ static void ide_device_class_init(ObjectClass *klass, void *data)
{
DeviceClass *k = DEVICE_CLASS(klass);
k->init = ide_qdev_init;
+ set_bit(DEVICE_CATEGORY_STORAGE, k->categories);
k->bus_type = TYPE_IDE_BUS;
k->props = ide_props;
}
-static TypeInfo ide_device_type_info = {
+static const TypeInfo ide_device_type_info = {
.name = TYPE_IDE_DEVICE,
.parent = TYPE_DEVICE,
.instance_size = sizeof(IDEDevice),
diff --git a/hw/ide/via.c b/hw/ide/via.c
index efda1733d..e5fb2970e 100644
--- a/hw/ide/via.c
+++ b/hw/ide/via.c
@@ -24,12 +24,12 @@
* THE SOFTWARE.
*/
#include <hw/hw.h>
-#include <hw/pc.h>
-#include <hw/pci.h>
-#include <hw/isa.h>
-#include "block.h"
-#include "sysemu.h"
-#include "dma.h"
+#include <hw/i386/pc.h>
+#include <hw/pci/pci.h>
+#include <hw/isa/isa.h>
+#include "block/block.h"
+#include "sysemu/sysemu.h"
+#include "sysemu/dma.h"
#include <hw/ide/pci.h>
@@ -92,15 +92,15 @@ static void bmdma_setup_bar(PCIIDEState *d)
{
int i;
- memory_region_init(&d->bmdma_bar, "via-bmdma-container", 16);
+ memory_region_init(&d->bmdma_bar, OBJECT(d), "via-bmdma-container", 16);
for(i = 0;i < 2; i++) {
BMDMAState *bm = &d->bmdma[i];
- memory_region_init_io(&bm->extra_io, &via_bmdma_ops, bm,
+ memory_region_init_io(&bm->extra_io, OBJECT(d), &via_bmdma_ops, bm,
"via-bmdma", 4);
memory_region_add_subregion(&d->bmdma_bar, i * 8, &bm->extra_io);
- memory_region_init_io(&bm->addr_ioport, &bmdma_addr_ioport_ops, bm,
- "bmdma", 4);
+ memory_region_init_io(&bm->addr_ioport, OBJECT(d),
+ &bmdma_addr_ioport_ops, bm, "bmdma", 4);
memory_region_add_subregion(&d->bmdma_bar, i * 8 + 4, &bm->addr_ioport);
}
}
@@ -108,7 +108,8 @@ static void bmdma_setup_bar(PCIIDEState *d)
static void via_reset(void *opaque)
{
PCIIDEState *d = opaque;
- uint8_t *pci_conf = d->dev.config;
+ PCIDevice *pd = PCI_DEVICE(d);
+ uint8_t *pci_conf = pd->config;
int i;
for (i = 0; i < 2; i++) {
@@ -158,7 +159,7 @@ static void vt82c686b_init_ports(PCIIDEState *d) {
int i;
for (i = 0; i < 2; i++) {
- ide_bus_new(&d->bus[i], &d->dev.qdev, i);
+ ide_bus_new(&d->bus[i], DEVICE(d), i, 2);
ide_init_ioport(&d->bus[i], NULL, port_info[i].iobase,
port_info[i].iobase2);
ide_init2(&d->bus[i], isa_get_irq(NULL, port_info[i].isairq));
@@ -173,17 +174,17 @@ static void vt82c686b_init_ports(PCIIDEState *d) {
/* via ide func */
static int vt82c686b_ide_initfn(PCIDevice *dev)
{
- PCIIDEState *d = DO_UPCAST(PCIIDEState, dev, dev);
- uint8_t *pci_conf = d->dev.config;
+ PCIIDEState *d = PCI_IDE(dev);
+ uint8_t *pci_conf = dev->config;
pci_config_set_prog_interface(pci_conf, 0x8a); /* legacy ATA mode */
pci_set_long(pci_conf + PCI_CAPABILITY_LIST, 0x000000c0);
qemu_register_reset(via_reset, d);
bmdma_setup_bar(d);
- pci_register_bar(&d->dev, 4, PCI_BASE_ADDRESS_SPACE_IO, &d->bmdma_bar);
+ pci_register_bar(dev, 4, PCI_BASE_ADDRESS_SPACE_IO, &d->bmdma_bar);
- vmstate_register(&dev->qdev, 0, &vmstate_ide_pci, d);
+ vmstate_register(DEVICE(dev), 0, &vmstate_ide_pci, d);
vt82c686b_init_ports(d);
@@ -192,7 +193,7 @@ static int vt82c686b_ide_initfn(PCIDevice *dev)
static void vt82c686b_ide_exitfn(PCIDevice *dev)
{
- PCIIDEState *d = DO_UPCAST(PCIIDEState, dev, dev);
+ PCIIDEState *d = PCI_IDE(dev);
unsigned i;
for (i = 0; i < 2; ++i) {
@@ -223,13 +224,13 @@ static void via_ide_class_init(ObjectClass *klass, void *data)
k->device_id = PCI_DEVICE_ID_VIA_IDE;
k->revision = 0x06;
k->class_id = PCI_CLASS_STORAGE_IDE;
+ set_bit(DEVICE_CATEGORY_STORAGE, dc->categories);
dc->no_user = 1;
}
-static TypeInfo via_ide_info = {
+static const TypeInfo via_ide_info = {
.name = "via-ide",
- .parent = TYPE_PCI_DEVICE,
- .instance_size = sizeof(PCIIDEState),
+ .parent = TYPE_PCI_IDE,
.class_init = via_ide_class_init,
};
diff --git a/hw/imx.h b/hw/imx.h
deleted file mode 100644
index ea9e09327..000000000
--- a/hw/imx.h
+++ /dev/null
@@ -1,34 +0,0 @@
-/*
- * i.MX31 emulation
- *
- * Copyright (C) 2012 Peter Chubb
- * NICTA
- *
- * This code is released under the GPL, version 2.0 or later
- * See the file `../COPYING' for details.
- */
-
-#ifndef IMX_H
-#define IMX_H
-
-void imx_serial_create(int uart, const hwaddr addr, qemu_irq irq);
-
-typedef enum {
- NOCLK,
- MCU,
- HSP,
- IPG,
- CLK_32k
-} IMXClk;
-
-uint32_t imx_clock_frequency(DeviceState *s, IMXClk clock);
-
-void imx_timerp_create(const hwaddr addr,
- qemu_irq irq,
- DeviceState *ccm);
-void imx_timerg_create(const hwaddr addr,
- qemu_irq irq,
- DeviceState *ccm);
-
-
-#endif /* IMX_H */
diff --git a/hw/imx_avic.c b/hw/imx_avic.c
deleted file mode 100644
index 810979366..000000000
--- a/hw/imx_avic.c
+++ /dev/null
@@ -1,408 +0,0 @@
-/*
- * i.MX31 Vectored Interrupt Controller
- *
- * Note this is NOT the PL192 provided by ARM, but
- * a custom implementation by Freescale.
- *
- * Copyright (c) 2008 OKL
- * Copyright (c) 2011 NICTA Pty Ltd
- * Originally written by Hans Jiang
- *
- * This code is licensed under the GPL version 2 or later. See
- * the COPYING file in the top-level directory.
- *
- * TODO: implement vectors.
- */
-
-#include "hw.h"
-#include "sysbus.h"
-#include "host-utils.h"
-
-#define DEBUG_INT 1
-#undef DEBUG_INT /* comment out for debugging */
-
-#ifdef DEBUG_INT
-#define DPRINTF(fmt, args...) \
-do { printf("imx_avic: " fmt , ##args); } while (0)
-#else
-#define DPRINTF(fmt, args...) do {} while (0)
-#endif
-
-/*
- * Define to 1 for messages about attempts to
- * access unimplemented registers or similar.
- */
-#define DEBUG_IMPLEMENTATION 1
-#if DEBUG_IMPLEMENTATION
-# define IPRINTF(fmt, args...) \
- do { fprintf(stderr, "imx_avic: " fmt, ##args); } while (0)
-#else
-# define IPRINTF(fmt, args...) do {} while (0)
-#endif
-
-#define IMX_AVIC_NUM_IRQS 64
-
-/* Interrupt Control Bits */
-#define ABFLAG (1<<25)
-#define ABFEN (1<<24)
-#define NIDIS (1<<22) /* Normal Interrupt disable */
-#define FIDIS (1<<21) /* Fast interrupt disable */
-#define NIAD (1<<20) /* Normal Interrupt Arbiter Rise ARM level */
-#define FIAD (1<<19) /* Fast Interrupt Arbiter Rise ARM level */
-#define NM (1<<18) /* Normal interrupt mode */
-
-
-#define PRIO_PER_WORD (sizeof(uint32_t) * 8 / 4)
-#define PRIO_WORDS (IMX_AVIC_NUM_IRQS/PRIO_PER_WORD)
-
-typedef struct {
- SysBusDevice busdev;
- MemoryRegion iomem;
- uint64_t pending;
- uint64_t enabled;
- uint64_t is_fiq;
- uint32_t intcntl;
- uint32_t intmask;
- qemu_irq irq;
- qemu_irq fiq;
- uint32_t prio[PRIO_WORDS]; /* Priorities are 4-bits each */
-} IMXAVICState;
-
-static const VMStateDescription vmstate_imx_avic = {
- .name = "imx-avic",
- .version_id = 1,
- .minimum_version_id = 1,
- .minimum_version_id_old = 1,
- .fields = (VMStateField[]) {
- VMSTATE_UINT64(pending, IMXAVICState),
- VMSTATE_UINT64(enabled, IMXAVICState),
- VMSTATE_UINT64(is_fiq, IMXAVICState),
- VMSTATE_UINT32(intcntl, IMXAVICState),
- VMSTATE_UINT32(intmask, IMXAVICState),
- VMSTATE_UINT32_ARRAY(prio, IMXAVICState, PRIO_WORDS),
- VMSTATE_END_OF_LIST()
- },
-};
-
-
-
-static inline int imx_avic_prio(IMXAVICState *s, int irq)
-{
- uint32_t word = irq / PRIO_PER_WORD;
- uint32_t part = 4 * (irq % PRIO_PER_WORD);
- return 0xf & (s->prio[word] >> part);
-}
-
-static inline void imx_avic_set_prio(IMXAVICState *s, int irq, int prio)
-{
- uint32_t word = irq / PRIO_PER_WORD;
- uint32_t part = 4 * (irq % PRIO_PER_WORD);
- uint32_t mask = ~(0xf << part);
- s->prio[word] &= mask;
- s->prio[word] |= prio << part;
-}
-
-/* Update interrupts. */
-static void imx_avic_update(IMXAVICState *s)
-{
- int i;
- uint64_t new = s->pending & s->enabled;
- uint64_t flags;
-
- flags = new & s->is_fiq;
- qemu_set_irq(s->fiq, !!flags);
-
- flags = new & ~s->is_fiq;
- if (!flags || (s->intmask == 0x1f)) {
- qemu_set_irq(s->irq, !!flags);
- return;
- }
-
- /*
- * Take interrupt if there's a pending interrupt with
- * priority higher than the value of intmask
- */
- for (i = 0; i < IMX_AVIC_NUM_IRQS; i++) {
- if (flags & (1UL << i)) {
- if (imx_avic_prio(s, i) > s->intmask) {
- qemu_set_irq(s->irq, 1);
- return;
- }
- }
- }
- qemu_set_irq(s->irq, 0);
-}
-
-static void imx_avic_set_irq(void *opaque, int irq, int level)
-{
- IMXAVICState *s = (IMXAVICState *)opaque;
-
- if (level) {
- DPRINTF("Raising IRQ %d, prio %d\n",
- irq, imx_avic_prio(s, irq));
- s->pending |= (1ULL << irq);
- } else {
- DPRINTF("Clearing IRQ %d, prio %d\n",
- irq, imx_avic_prio(s, irq));
- s->pending &= ~(1ULL << irq);
- }
-
- imx_avic_update(s);
-}
-
-
-static uint64_t imx_avic_read(void *opaque,
- hwaddr offset, unsigned size)
-{
- IMXAVICState *s = (IMXAVICState *)opaque;
-
-
- DPRINTF("read(offset = 0x%x)\n", offset >> 2);
- switch (offset >> 2) {
- case 0: /* INTCNTL */
- return s->intcntl;
-
- case 1: /* Normal Interrupt Mask Register, NIMASK */
- return s->intmask;
-
- case 2: /* Interrupt Enable Number Register, INTENNUM */
- case 3: /* Interrupt Disable Number Register, INTDISNUM */
- return 0;
-
- case 4: /* Interrupt Enabled Number Register High */
- return s->enabled >> 32;
-
- case 5: /* Interrupt Enabled Number Register Low */
- return s->enabled & 0xffffffffULL;
-
- case 6: /* Interrupt Type Register High */
- return s->is_fiq >> 32;
-
- case 7: /* Interrupt Type Register Low */
- return s->is_fiq & 0xffffffffULL;
-
- case 8: /* Normal Interrupt Priority Register 7 */
- case 9: /* Normal Interrupt Priority Register 6 */
- case 10:/* Normal Interrupt Priority Register 5 */
- case 11:/* Normal Interrupt Priority Register 4 */
- case 12:/* Normal Interrupt Priority Register 3 */
- case 13:/* Normal Interrupt Priority Register 2 */
- case 14:/* Normal Interrupt Priority Register 1 */
- case 15:/* Normal Interrupt Priority Register 0 */
- return s->prio[15-(offset>>2)];
-
- case 16: /* Normal interrupt vector and status register */
- {
- /*
- * This returns the highest priority
- * outstanding interrupt. Where there is more than
- * one pending IRQ with the same priority,
- * take the highest numbered one.
- */
- uint64_t flags = s->pending & s->enabled & ~s->is_fiq;
- int i;
- int prio = -1;
- int irq = -1;
- for (i = 63; i >= 0; --i) {
- if (flags & (1ULL<<i)) {
- int irq_prio = imx_avic_prio(s, i);
- if (irq_prio > prio) {
- irq = i;
- prio = irq_prio;
- }
- }
- }
- if (irq >= 0) {
- imx_avic_set_irq(s, irq, 0);
- return irq << 16 | prio;
- }
- return 0xffffffffULL;
- }
- case 17:/* Fast Interrupt vector and status register */
- {
- uint64_t flags = s->pending & s->enabled & s->is_fiq;
- int i = ctz64(flags);
- if (i < 64) {
- imx_avic_set_irq(opaque, i, 0);
- return i;
- }
- return 0xffffffffULL;
- }
- case 18:/* Interrupt source register high */
- return s->pending >> 32;
-
- case 19:/* Interrupt source register low */
- return s->pending & 0xffffffffULL;
-
- case 20:/* Interrupt Force Register high */
- case 21:/* Interrupt Force Register low */
- return 0;
-
- case 22:/* Normal Interrupt Pending Register High */
- return (s->pending & s->enabled & ~s->is_fiq) >> 32;
-
- case 23:/* Normal Interrupt Pending Register Low */
- return (s->pending & s->enabled & ~s->is_fiq) & 0xffffffffULL;
-
- case 24: /* Fast Interrupt Pending Register High */
- return (s->pending & s->enabled & s->is_fiq) >> 32;
-
- case 25: /* Fast Interrupt Pending Register Low */
- return (s->pending & s->enabled & s->is_fiq) & 0xffffffffULL;
-
- case 0x40: /* AVIC vector 0, use for WFI WAR */
- return 0x4;
-
- default:
- IPRINTF("imx_avic_read: Bad offset 0x%x\n", (int)offset);
- return 0;
- }
-}
-
-static void imx_avic_write(void *opaque, hwaddr offset,
- uint64_t val, unsigned size)
-{
- IMXAVICState *s = (IMXAVICState *)opaque;
-
- /* Vector Registers not yet supported */
- if (offset >= 0x100 && offset <= 0x2fc) {
- IPRINTF("imx_avic_write to vector register %d ignored\n",
- (unsigned int)((offset - 0x100) >> 2));
- return;
- }
-
- DPRINTF("imx_avic_write(0x%x) = %x\n",
- (unsigned int)offset>>2, (unsigned int)val);
- switch (offset >> 2) {
- case 0: /* Interrupt Control Register, INTCNTL */
- s->intcntl = val & (ABFEN | NIDIS | FIDIS | NIAD | FIAD | NM);
- if (s->intcntl & ABFEN) {
- s->intcntl &= ~(val & ABFLAG);
- }
- break;
-
- case 1: /* Normal Interrupt Mask Register, NIMASK */
- s->intmask = val & 0x1f;
- break;
-
- case 2: /* Interrupt Enable Number Register, INTENNUM */
- DPRINTF("enable(%d)\n", (int)val);
- val &= 0x3f;
- s->enabled |= (1ULL << val);
- break;
-
- case 3: /* Interrupt Disable Number Register, INTDISNUM */
- DPRINTF("disable(%d)\n", (int)val);
- val &= 0x3f;
- s->enabled &= ~(1ULL << val);
- break;
-
- case 4: /* Interrupt Enable Number Register High */
- s->enabled = (s->enabled & 0xffffffffULL) | (val << 32);
- break;
-
- case 5: /* Interrupt Enable Number Register Low */
- s->enabled = (s->enabled & 0xffffffff00000000ULL) | val;
- break;
-
- case 6: /* Interrupt Type Register High */
- s->is_fiq = (s->is_fiq & 0xffffffffULL) | (val << 32);
- break;
-
- case 7: /* Interrupt Type Register Low */
- s->is_fiq = (s->is_fiq & 0xffffffff00000000ULL) | val;
- break;
-
- case 8: /* Normal Interrupt Priority Register 7 */
- case 9: /* Normal Interrupt Priority Register 6 */
- case 10:/* Normal Interrupt Priority Register 5 */
- case 11:/* Normal Interrupt Priority Register 4 */
- case 12:/* Normal Interrupt Priority Register 3 */
- case 13:/* Normal Interrupt Priority Register 2 */
- case 14:/* Normal Interrupt Priority Register 1 */
- case 15:/* Normal Interrupt Priority Register 0 */
- s->prio[15-(offset>>2)] = val;
- break;
-
- /* Read-only registers, writes ignored */
- case 16:/* Normal Interrupt Vector and Status register */
- case 17:/* Fast Interrupt vector and status register */
- case 18:/* Interrupt source register high */
- case 19:/* Interrupt source register low */
- return;
-
- case 20:/* Interrupt Force Register high */
- s->pending = (s->pending & 0xffffffffULL) | (val << 32);
- break;
-
- case 21:/* Interrupt Force Register low */
- s->pending = (s->pending & 0xffffffff00000000ULL) | val;
- break;
-
- case 22:/* Normal Interrupt Pending Register High */
- case 23:/* Normal Interrupt Pending Register Low */
- case 24: /* Fast Interrupt Pending Register High */
- case 25: /* Fast Interrupt Pending Register Low */
- return;
-
- default:
- IPRINTF("imx_avic_write: Bad offset %x\n", (int)offset);
- }
- imx_avic_update(s);
-}
-
-static const MemoryRegionOps imx_avic_ops = {
- .read = imx_avic_read,
- .write = imx_avic_write,
- .endianness = DEVICE_NATIVE_ENDIAN,
-};
-
-static void imx_avic_reset(DeviceState *dev)
-{
- IMXAVICState *s = container_of(dev, IMXAVICState, busdev.qdev);
- s->pending = 0;
- s->enabled = 0;
- s->is_fiq = 0;
- s->intmask = 0x1f;
- s->intcntl = 0;
- memset(s->prio, 0, sizeof s->prio);
-}
-
-static int imx_avic_init(SysBusDevice *dev)
-{
- IMXAVICState *s = FROM_SYSBUS(IMXAVICState, dev);;
-
- memory_region_init_io(&s->iomem, &imx_avic_ops, s, "imx_avic", 0x1000);
- sysbus_init_mmio(dev, &s->iomem);
-
- qdev_init_gpio_in(&dev->qdev, imx_avic_set_irq, IMX_AVIC_NUM_IRQS);
- sysbus_init_irq(dev, &s->irq);
- sysbus_init_irq(dev, &s->fiq);
-
- return 0;
-}
-
-
-static void imx_avic_class_init(ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS(klass);
- SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
- k->init = imx_avic_init;
- dc->vmsd = &vmstate_imx_avic;
- dc->reset = imx_avic_reset;
- dc->desc = "i.MX Advanced Vector Interrupt Controller";
-}
-
-static const TypeInfo imx_avic_info = {
- .name = "imx_avic",
- .parent = TYPE_SYS_BUS_DEVICE,
- .instance_size = sizeof(IMXAVICState),
- .class_init = imx_avic_class_init,
-};
-
-static void imx_avic_register_types(void)
-{
- type_register_static(&imx_avic_info);
-}
-
-type_init(imx_avic_register_types)
diff --git a/hw/imx_ccm.c b/hw/imx_ccm.c
deleted file mode 100644
index f2e623cd2..000000000
--- a/hw/imx_ccm.c
+++ /dev/null
@@ -1,321 +0,0 @@
-/*
- * IMX31 Clock Control Module
- *
- * Copyright (C) 2012 NICTA
- *
- * This work is licensed under the terms of the GNU GPL, version 2 or later.
- * See the COPYING file in the top-level directory.
- *
- * To get the timer frequencies right, we need to emulate at least part of
- * the CCM.
- */
-
-#include "hw.h"
-#include "sysbus.h"
-#include "sysemu.h"
-#include "imx.h"
-
-#define CKIH_FREQ 26000000 /* 26MHz crystal input */
-#define CKIL_FREQ 32768 /* nominal 32khz clock */
-
-
-//#define DEBUG_CCM 1
-#ifdef DEBUG_CCM
-#define DPRINTF(fmt, args...) \
-do { printf("imx_ccm: " fmt , ##args); } while (0)
-#else
-#define DPRINTF(fmt, args...) do {} while (0)
-#endif
-
-static int imx_ccm_post_load(void *opaque, int version_id);
-
-typedef struct {
- SysBusDevice busdev;
- MemoryRegion iomem;
-
- uint32_t ccmr;
- uint32_t pdr0;
- uint32_t pdr1;
- uint32_t mpctl;
- uint32_t spctl;
- uint32_t cgr[3];
- uint32_t pmcr0;
- uint32_t pmcr1;
-
- /* Frequencies precalculated on register changes */
- uint32_t pll_refclk_freq;
- uint32_t mcu_clk_freq;
- uint32_t hsp_clk_freq;
- uint32_t ipg_clk_freq;
-} IMXCCMState;
-
-static const VMStateDescription vmstate_imx_ccm = {
- .name = "imx-ccm",
- .version_id = 1,
- .minimum_version_id = 1,
- .minimum_version_id_old = 1,
- .fields = (VMStateField[]) {
- VMSTATE_UINT32(ccmr, IMXCCMState),
- VMSTATE_UINT32(pdr0, IMXCCMState),
- VMSTATE_UINT32(pdr1, IMXCCMState),
- VMSTATE_UINT32(mpctl, IMXCCMState),
- VMSTATE_UINT32(spctl, IMXCCMState),
- VMSTATE_UINT32_ARRAY(cgr, IMXCCMState, 3),
- VMSTATE_UINT32(pmcr0, IMXCCMState),
- VMSTATE_UINT32(pmcr1, IMXCCMState),
- VMSTATE_UINT32(pll_refclk_freq, IMXCCMState),
- },
- .post_load = imx_ccm_post_load,
-};
-
-/* CCMR */
-#define CCMR_FPME (1<<0)
-#define CCMR_MPE (1<<3)
-#define CCMR_MDS (1<<7)
-#define CCMR_FPMF (1<<26)
-#define CCMR_PRCS (3<<1)
-
-/* PDR0 */
-#define PDR0_MCU_PODF_SHIFT (0)
-#define PDR0_MCU_PODF_MASK (0x7)
-#define PDR0_MAX_PODF_SHIFT (3)
-#define PDR0_MAX_PODF_MASK (0x7)
-#define PDR0_IPG_PODF_SHIFT (6)
-#define PDR0_IPG_PODF_MASK (0x3)
-#define PDR0_NFC_PODF_SHIFT (8)
-#define PDR0_NFC_PODF_MASK (0x7)
-#define PDR0_HSP_PODF_SHIFT (11)
-#define PDR0_HSP_PODF_MASK (0x7)
-#define PDR0_PER_PODF_SHIFT (16)
-#define PDR0_PER_PODF_MASK (0x1f)
-#define PDR0_CSI_PODF_SHIFT (23)
-#define PDR0_CSI_PODF_MASK (0x1ff)
-
-#define EXTRACT(value, name) (((value) >> PDR0_##name##_PODF_SHIFT) \
- & PDR0_##name##_PODF_MASK)
-#define INSERT(value, name) (((value) & PDR0_##name##_PODF_MASK) << \
- PDR0_##name##_PODF_SHIFT)
-/* PLL control registers */
-#define PD(v) (((v) >> 26) & 0xf)
-#define MFD(v) (((v) >> 16) & 0x3ff)
-#define MFI(v) (((v) >> 10) & 0xf);
-#define MFN(v) ((v) & 0x3ff)
-
-#define PLL_PD(x) (((x) & 0xf) << 26)
-#define PLL_MFD(x) (((x) & 0x3ff) << 16)
-#define PLL_MFI(x) (((x) & 0xf) << 10)
-#define PLL_MFN(x) (((x) & 0x3ff) << 0)
-
-uint32_t imx_clock_frequency(DeviceState *dev, IMXClk clock)
-{
- IMXCCMState *s = container_of(dev, IMXCCMState, busdev.qdev);
-
- switch (clock) {
- case NOCLK:
- return 0;
- case MCU:
- return s->mcu_clk_freq;
- case HSP:
- return s->hsp_clk_freq;
- case IPG:
- return s->ipg_clk_freq;
- case CLK_32k:
- return CKIL_FREQ;
- }
- return 0;
-}
-
-/*
- * Calculate PLL output frequency
- */
-static uint32_t calc_pll(uint32_t pllreg, uint32_t base_freq)
-{
- int32_t mfn = MFN(pllreg); /* Numerator */
- uint32_t mfi = MFI(pllreg); /* Integer part */
- uint32_t mfd = 1 + MFD(pllreg); /* Denominator */
- uint32_t pd = 1 + PD(pllreg); /* Pre-divider */
-
- if (mfi < 5) {
- mfi = 5;
- }
- /* mfn is 10-bit signed twos-complement */
- mfn <<= 32 - 10;
- mfn >>= 32 - 10;
-
- return ((2 * (base_freq >> 10) * (mfi * mfd + mfn)) /
- (mfd * pd)) << 10;
-}
-
-static void update_clocks(IMXCCMState *s)
-{
- /*
- * If we ever emulate more clocks, this should switch to a data-driven
- * approach
- */
-
- if ((s->ccmr & CCMR_PRCS) == 1) {
- s->pll_refclk_freq = CKIL_FREQ * 1024;
- } else {
- s->pll_refclk_freq = CKIH_FREQ;
- }
-
- /* ipg_clk_arm aka MCU clock */
- if ((s->ccmr & CCMR_MDS) || !(s->ccmr & CCMR_MPE)) {
- s->mcu_clk_freq = s->pll_refclk_freq;
- } else {
- s->mcu_clk_freq = calc_pll(s->mpctl, s->pll_refclk_freq);
- }
-
- /* High-speed clock */
- s->hsp_clk_freq = s->mcu_clk_freq / (1 + EXTRACT(s->pdr0, HSP));
- s->ipg_clk_freq = s->hsp_clk_freq / (1 + EXTRACT(s->pdr0, IPG));
-
- DPRINTF("Clocks: mcu %uMHz, HSP %uMHz, IPG %uHz\n",
- s->mcu_clk_freq / 1000000,
- s->hsp_clk_freq / 1000000,
- s->ipg_clk_freq);
-}
-
-static void imx_ccm_reset(DeviceState *dev)
-{
- IMXCCMState *s = container_of(dev, IMXCCMState, busdev.qdev);
-
- s->ccmr = 0x074b0b7b;
- s->pdr0 = 0xff870b48;
- s->pdr1 = 0x49fcfe7f;
- s->mpctl = PLL_PD(1) | PLL_MFD(0) | PLL_MFI(6) | PLL_MFN(0);
- s->cgr[0] = s->cgr[1] = s->cgr[2] = 0xffffffff;
- s->spctl = PLL_PD(1) | PLL_MFD(4) | PLL_MFI(0xc) | PLL_MFN(1);
- s->pmcr0 = 0x80209828;
-
- update_clocks(s);
-}
-
-static uint64_t imx_ccm_read(void *opaque, hwaddr offset,
- unsigned size)
-{
- IMXCCMState *s = (IMXCCMState *)opaque;
-
- DPRINTF("read(offset=%x)", offset >> 2);
- switch (offset >> 2) {
- case 0: /* CCMR */
- DPRINTF(" ccmr = 0x%x\n", s->ccmr);
- return s->ccmr;
- case 1:
- DPRINTF(" pdr0 = 0x%x\n", s->pdr0);
- return s->pdr0;
- case 2:
- DPRINTF(" pdr1 = 0x%x\n", s->pdr1);
- return s->pdr1;
- case 4:
- DPRINTF(" mpctl = 0x%x\n", s->mpctl);
- return s->mpctl;
- case 6:
- DPRINTF(" spctl = 0x%x\n", s->spctl);
- return s->spctl;
- case 8:
- DPRINTF(" cgr0 = 0x%x\n", s->cgr[0]);
- return s->cgr[0];
- case 9:
- DPRINTF(" cgr1 = 0x%x\n", s->cgr[1]);
- return s->cgr[1];
- case 10:
- DPRINTF(" cgr2 = 0x%x\n", s->cgr[2]);
- return s->cgr[2];
- case 18: /* LTR1 */
- return 0x00004040;
- case 23:
- DPRINTF(" pcmr0 = 0x%x\n", s->pmcr0);
- return s->pmcr0;
- }
- DPRINTF(" return 0\n");
- return 0;
-}
-
-static void imx_ccm_write(void *opaque, hwaddr offset,
- uint64_t value, unsigned size)
-{
- IMXCCMState *s = (IMXCCMState *)opaque;
-
- DPRINTF("write(offset=%x, value = %x)\n",
- offset >> 2, (unsigned int)value);
- switch (offset >> 2) {
- case 0:
- s->ccmr = CCMR_FPMF | (value & 0x3b6fdfff);
- break;
- case 1:
- s->pdr0 = value & 0xff9f3fff;
- break;
- case 2:
- s->pdr1 = value;
- break;
- case 4:
- s->mpctl = value & 0xbfff3fff;
- break;
- case 6:
- s->spctl = value & 0xbfff3fff;
- break;
- case 8:
- s->cgr[0] = value;
- return;
- case 9:
- s->cgr[1] = value;
- return;
- case 10:
- s->cgr[2] = value;
- return;
-
- default:
- return;
- }
- update_clocks(s);
-}
-
-static const struct MemoryRegionOps imx_ccm_ops = {
- .read = imx_ccm_read,
- .write = imx_ccm_write,
- .endianness = DEVICE_NATIVE_ENDIAN,
-};
-
-static int imx_ccm_init(SysBusDevice *dev)
-{
- IMXCCMState *s = FROM_SYSBUS(typeof(*s), dev);
-
- memory_region_init_io(&s->iomem, &imx_ccm_ops, s, "imx_ccm", 0x1000);
- sysbus_init_mmio(dev, &s->iomem);
-
- return 0;
-}
-
-static int imx_ccm_post_load(void *opaque, int version_id)
-{
- IMXCCMState *s = (IMXCCMState *)opaque;
-
- update_clocks(s);
- return 0;
-}
-
-static void imx_ccm_class_init(ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS(klass);
- SysBusDeviceClass *sbc = SYS_BUS_DEVICE_CLASS(klass);
-
- sbc->init = imx_ccm_init;
- dc->reset = imx_ccm_reset;
- dc->vmsd = &vmstate_imx_ccm;
- dc->desc = "i.MX Clock Control Module";
-}
-
-static TypeInfo imx_ccm_info = {
- .name = "imx_ccm",
- .parent = TYPE_SYS_BUS_DEVICE,
- .instance_size = sizeof(IMXCCMState),
- .class_init = imx_ccm_class_init,
-};
-
-static void imx_ccm_register_types(void)
-{
- type_register_static(&imx_ccm_info);
-}
-
-type_init(imx_ccm_register_types)
diff --git a/hw/imx_serial.c b/hw/imx_serial.c
deleted file mode 100644
index dcd125fd2..000000000
--- a/hw/imx_serial.c
+++ /dev/null
@@ -1,467 +0,0 @@
-/*
- * IMX31 UARTS
- *
- * Copyright (c) 2008 OKL
- * Originally Written by Hans Jiang
- * Copyright (c) 2011 NICTA Pty Ltd.
- *
- * This work is licensed under the terms of the GNU GPL, version 2 or later.
- * See the COPYING file in the top-level directory.
- *
- * This is a `bare-bones' implementation of the IMX series serial ports.
- * TODO:
- * -- implement FIFOs. The real hardware has 32 word transmit
- * and receive FIFOs; we currently use a 1-char buffer
- * -- implement DMA
- * -- implement BAUD-rate and modem lines, for when the backend
- * is a real serial device.
- */
-
-#include "hw.h"
-#include "sysbus.h"
-#include "sysemu.h"
-#include "qemu-char.h"
-#include "imx.h"
-
-//#define DEBUG_SERIAL 1
-#ifdef DEBUG_SERIAL
-#define DPRINTF(fmt, args...) \
-do { printf("imx_serial: " fmt , ##args); } while (0)
-#else
-#define DPRINTF(fmt, args...) do {} while (0)
-#endif
-
-/*
- * Define to 1 for messages about attempts to
- * access unimplemented registers or similar.
- */
-//#define DEBUG_IMPLEMENTATION 1
-#ifdef DEBUG_IMPLEMENTATION
-# define IPRINTF(fmt, args...) \
- do { fprintf(stderr, "imx_serial: " fmt, ##args); } while (0)
-#else
-# define IPRINTF(fmt, args...) do {} while (0)
-#endif
-
-typedef struct {
- SysBusDevice busdev;
- MemoryRegion iomem;
- int32_t readbuff;
-
- uint32_t usr1;
- uint32_t usr2;
- uint32_t ucr1;
- uint32_t ucr2;
- uint32_t uts1;
-
- /*
- * The registers below are implemented just so that the
- * guest OS sees what it has written
- */
- uint32_t onems;
- uint32_t ufcr;
- uint32_t ubmr;
- uint32_t ubrc;
- uint32_t ucr3;
-
- qemu_irq irq;
- CharDriverState *chr;
-} IMXSerialState;
-
-static const VMStateDescription vmstate_imx_serial = {
- .name = "imx-serial",
- .version_id = 1,
- .minimum_version_id = 1,
- .minimum_version_id_old = 1,
- .fields = (VMStateField[]) {
- VMSTATE_INT32(readbuff, IMXSerialState),
- VMSTATE_UINT32(usr1, IMXSerialState),
- VMSTATE_UINT32(usr2, IMXSerialState),
- VMSTATE_UINT32(ucr1, IMXSerialState),
- VMSTATE_UINT32(uts1, IMXSerialState),
- VMSTATE_UINT32(onems, IMXSerialState),
- VMSTATE_UINT32(ufcr, IMXSerialState),
- VMSTATE_UINT32(ubmr, IMXSerialState),
- VMSTATE_UINT32(ubrc, IMXSerialState),
- VMSTATE_UINT32(ucr3, IMXSerialState),
- VMSTATE_END_OF_LIST()
- },
-};
-
-
-#define URXD_CHARRDY (1<<15) /* character read is valid */
-#define URXD_ERR (1<<14) /* Character has error */
-#define URXD_BRK (1<<11) /* Break received */
-
-#define USR1_PARTYER (1<<15) /* Parity Error */
-#define USR1_RTSS (1<<14) /* RTS pin status */
-#define USR1_TRDY (1<<13) /* Tx ready */
-#define USR1_RTSD (1<<12) /* RTS delta: pin changed state */
-#define USR1_ESCF (1<<11) /* Escape sequence interrupt */
-#define USR1_FRAMERR (1<<10) /* Framing error */
-#define USR1_RRDY (1<<9) /* receiver ready */
-#define USR1_AGTIM (1<<8) /* Aging timer interrupt */
-#define USR1_DTRD (1<<7) /* DTR changed */
-#define USR1_RXDS (1<<6) /* Receiver is idle */
-#define USR1_AIRINT (1<<5) /* Aysnch IR interrupt */
-#define USR1_AWAKE (1<<4) /* Falling edge detected on RXd pin */
-
-#define USR2_ADET (1<<15) /* Autobaud complete */
-#define USR2_TXFE (1<<14) /* Transmit FIFO empty */
-#define USR2_DTRF (1<<13) /* DTR/DSR transition */
-#define USR2_IDLE (1<<12) /* UART has been idle for too long */
-#define USR2_ACST (1<<11) /* Autobaud counter stopped */
-#define USR2_RIDELT (1<<10) /* Ring Indicator delta */
-#define USR2_RIIN (1<<9) /* Ring Indicator Input */
-#define USR2_IRINT (1<<8) /* Serial Infrared Interrupt */
-#define USR2_WAKE (1<<7) /* Start bit detected */
-#define USR2_DCDDELT (1<<6) /* Data Carrier Detect delta */
-#define USR2_DCDIN (1<<5) /* Data Carrier Detect Input */
-#define USR2_RTSF (1<<4) /* RTS transition */
-#define USR2_TXDC (1<<3) /* Transmission complete */
-#define USR2_BRCD (1<<2) /* Break condition detected */
-#define USR2_ORE (1<<1) /* Overrun error */
-#define USR2_RDR (1<<0) /* Receive data ready */
-
-#define UCR1_TRDYEN (1<<13) /* Tx Ready Interrupt Enable */
-#define UCR1_RRDYEN (1<<9) /* Rx Ready Interrupt Enable */
-#define UCR1_TXMPTYEN (1<<6) /* Tx Empty Interrupt Enable */
-#define UCR1_UARTEN (1<<0) /* UART Enable */
-
-#define UCR2_TXEN (1<<2) /* Transmitter enable */
-#define UCR2_RXEN (1<<1) /* Receiver enable */
-#define UCR2_SRST (1<<0) /* Reset complete */
-
-#define UTS1_TXEMPTY (1<<6)
-#define UTS1_RXEMPTY (1<<5)
-#define UTS1_TXFULL (1<<4)
-#define UTS1_RXFULL (1<<3)
-
-static void imx_update(IMXSerialState *s)
-{
- uint32_t flags;
-
- flags = (s->usr1 & s->ucr1) & (USR1_TRDY|USR1_RRDY);
- if (!(s->ucr1 & UCR1_TXMPTYEN)) {
- flags &= ~USR1_TRDY;
- }
-
- qemu_set_irq(s->irq, !!flags);
-}
-
-static void imx_serial_reset(IMXSerialState *s)
-{
-
- s->usr1 = USR1_TRDY | USR1_RXDS;
- /*
- * Fake attachment of a terminal: assert RTS.
- */
- s->usr1 |= USR1_RTSS;
- s->usr2 = USR2_TXFE | USR2_TXDC | USR2_DCDIN;
- s->uts1 = UTS1_RXEMPTY | UTS1_TXEMPTY;
- s->ucr1 = 0;
- s->ucr2 = UCR2_SRST;
- s->ucr3 = 0x700;
- s->ubmr = 0;
- s->ubrc = 4;
- s->readbuff = URXD_ERR;
-}
-
-static void imx_serial_reset_at_boot(DeviceState *dev)
-{
- IMXSerialState *s = container_of(dev, IMXSerialState, busdev.qdev);
-
- imx_serial_reset(s);
-
- /*
- * enable the uart on boot, so messages from the linux decompresser
- * are visible. On real hardware this is done by the boot rom
- * before anything else is loaded.
- */
- s->ucr1 = UCR1_UARTEN;
- s->ucr2 = UCR2_TXEN;
-
-}
-
-static uint64_t imx_serial_read(void *opaque, hwaddr offset,
- unsigned size)
-{
- IMXSerialState *s = (IMXSerialState *)opaque;
- uint32_t c;
-
- DPRINTF("read(offset=%x)\n", offset >> 2);
- switch (offset >> 2) {
- case 0x0: /* URXD */
- c = s->readbuff;
- if (!(s->uts1 & UTS1_RXEMPTY)) {
- /* Character is valid */
- c |= URXD_CHARRDY;
- s->usr1 &= ~USR1_RRDY;
- s->usr2 &= ~USR2_RDR;
- s->uts1 |= UTS1_RXEMPTY;
- imx_update(s);
- qemu_chr_accept_input(s->chr);
- }
- return c;
-
- case 0x20: /* UCR1 */
- return s->ucr1;
-
- case 0x21: /* UCR2 */
- return s->ucr2;
-
- case 0x25: /* USR1 */
- return s->usr1;
-
- case 0x26: /* USR2 */
- return s->usr2;
-
- case 0x2A: /* BRM Modulator */
- return s->ubmr;
-
- case 0x2B: /* Baud Rate Count */
- return s->ubrc;
-
- case 0x2d: /* Test register */
- return s->uts1;
-
- case 0x24: /* UFCR */
- return s->ufcr;
-
- case 0x2c:
- return s->onems;
-
- case 0x22: /* UCR3 */
- return s->ucr3;
-
- case 0x23: /* UCR4 */
- case 0x29: /* BRM Incremental */
- return 0x0; /* TODO */
-
- default:
- IPRINTF("imx_serial_read: bad offset: 0x%x\n", (int)offset);
- return 0;
- }
-}
-
-static void imx_serial_write(void *opaque, hwaddr offset,
- uint64_t value, unsigned size)
-{
- IMXSerialState *s = (IMXSerialState *)opaque;
- unsigned char ch;
-
- DPRINTF("write(offset=%x, value = %x) to %s\n",
- offset >> 2,
- (unsigned int)value, s->chr ? s->chr->label : "NODEV");
-
- switch (offset >> 2) {
- case 0x10: /* UTXD */
- ch = value;
- if (s->ucr2 & UCR2_TXEN) {
- if (s->chr) {
- qemu_chr_fe_write(s->chr, &ch, 1);
- }
- s->usr1 &= ~USR1_TRDY;
- imx_update(s);
- s->usr1 |= USR1_TRDY;
- imx_update(s);
- }
- break;
-
- case 0x20: /* UCR1 */
- s->ucr1 = value & 0xffff;
- DPRINTF("write(ucr1=%x)\n", (unsigned int)value);
- imx_update(s);
- break;
-
- case 0x21: /* UCR2 */
- /*
- * Only a few bits in control register 2 are implemented as yet.
- * If it's intended to use a real serial device as a back-end, this
- * register will have to be implemented more fully.
- */
- if (!(value & UCR2_SRST)) {
- imx_serial_reset(s);
- imx_update(s);
- value |= UCR2_SRST;
- }
- if (value & UCR2_RXEN) {
- if (!(s->ucr2 & UCR2_RXEN)) {
- qemu_chr_accept_input(s->chr);
- }
- }
- s->ucr2 = value & 0xffff;
- break;
-
- case 0x25: /* USR1 */
- value &= USR1_AWAKE | USR1_AIRINT | USR1_DTRD | USR1_AGTIM |
- USR1_FRAMERR | USR1_ESCF | USR1_RTSD | USR1_PARTYER;
- s->usr1 &= ~value;
- break;
-
- case 0x26: /* USR2 */
- /*
- * Writing 1 to some bits clears them; all other
- * values are ignored
- */
- value &= USR2_ADET | USR2_DTRF | USR2_IDLE | USR2_ACST |
- USR2_RIDELT | USR2_IRINT | USR2_WAKE |
- USR2_DCDDELT | USR2_RTSF | USR2_BRCD | USR2_ORE;
- s->usr2 &= ~value;
- break;
-
- /*
- * Linux expects to see what it writes to these registers
- * We don't currently alter the baud rate
- */
- case 0x29: /* UBIR */
- s->ubrc = value & 0xffff;
- break;
-
- case 0x2a: /* UBMR */
- s->ubmr = value & 0xffff;
- break;
-
- case 0x2c: /* One ms reg */
- s->onems = value & 0xffff;
- break;
-
- case 0x24: /* FIFO control register */
- s->ufcr = value & 0xffff;
- break;
-
- case 0x22: /* UCR3 */
- s->ucr3 = value & 0xffff;
- break;
-
- case 0x2d: /* UTS1 */
- case 0x23: /* UCR4 */
- IPRINTF("Unimplemented Register %x written to\n", offset >> 2);
- /* TODO */
- break;
-
- default:
- IPRINTF("imx_serial_write: Bad offset 0x%x\n", (int)offset);
- }
-}
-
-static int imx_can_receive(void *opaque)
-{
- IMXSerialState *s = (IMXSerialState *)opaque;
- return !(s->usr1 & USR1_RRDY);
-}
-
-static void imx_put_data(void *opaque, uint32_t value)
-{
- IMXSerialState *s = (IMXSerialState *)opaque;
- DPRINTF("received char\n");
- s->usr1 |= USR1_RRDY;
- s->usr2 |= USR2_RDR;
- s->uts1 &= ~UTS1_RXEMPTY;
- s->readbuff = value;
- imx_update(s);
-}
-
-static void imx_receive(void *opaque, const uint8_t *buf, int size)
-{
- imx_put_data(opaque, *buf);
-}
-
-static void imx_event(void *opaque, int event)
-{
- if (event == CHR_EVENT_BREAK) {
- imx_put_data(opaque, URXD_BRK);
- }
-}
-
-
-static const struct MemoryRegionOps imx_serial_ops = {
- .read = imx_serial_read,
- .write = imx_serial_write,
- .endianness = DEVICE_NATIVE_ENDIAN,
-};
-
-static int imx_serial_init(SysBusDevice *dev)
-{
- IMXSerialState *s = FROM_SYSBUS(IMXSerialState, dev);
-
-
- memory_region_init_io(&s->iomem, &imx_serial_ops, s, "imx-serial", 0x1000);
- sysbus_init_mmio(dev, &s->iomem);
- sysbus_init_irq(dev, &s->irq);
-
- if (s->chr) {
- qemu_chr_add_handlers(s->chr, imx_can_receive, imx_receive,
- imx_event, s);
- } else {
- DPRINTF("No char dev for uart at 0x%lx\n",
- (unsigned long)s->iomem.ram_addr);
- }
-
- return 0;
-}
-
-void imx_serial_create(int uart, const hwaddr addr, qemu_irq irq)
-{
- DeviceState *dev;
- SysBusDevice *bus;
- CharDriverState *chr;
- const char chr_name[] = "serial";
- char label[ARRAY_SIZE(chr_name) + 1];
-
- dev = qdev_create(NULL, "imx-serial");
-
- if (uart >= MAX_SERIAL_PORTS) {
- hw_error("Cannot assign uart %d: QEMU supports only %d ports\n",
- uart, MAX_SERIAL_PORTS);
- }
- chr = serial_hds[uart];
- if (!chr) {
- snprintf(label, ARRAY_SIZE(label), "%s%d", chr_name, uart);
- chr = qemu_chr_new(label, "null", NULL);
- if (!(chr)) {
- hw_error("Can't assign serial port to imx-uart%d.\n", uart);
- }
- }
-
- qdev_prop_set_chr(dev, "chardev", chr);
- bus = sysbus_from_qdev(dev);
- qdev_init_nofail(dev);
- if (addr != (hwaddr)-1) {
- sysbus_mmio_map(bus, 0, addr);
- }
- sysbus_connect_irq(bus, 0, irq);
-
-}
-
-
-static Property imx32_serial_properties[] = {
- DEFINE_PROP_CHR("chardev", IMXSerialState, chr),
- DEFINE_PROP_END_OF_LIST(),
-};
-
-static void imx_serial_class_init(ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS(klass);
- SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
-
- k->init = imx_serial_init;
- dc->vmsd = &vmstate_imx_serial;
- dc->reset = imx_serial_reset_at_boot;
- dc->desc = "i.MX series UART";
- dc->props = imx32_serial_properties;
-}
-
-static TypeInfo imx_serial_info = {
- .name = "imx-serial",
- .parent = TYPE_SYS_BUS_DEVICE,
- .instance_size = sizeof(IMXSerialState),
- .class_init = imx_serial_class_init,
-};
-
-static void imx_serial_register_types(void)
-{
- type_register_static(&imx_serial_info);
-}
-
-type_init(imx_serial_register_types)
diff --git a/hw/imx_timer.c b/hw/imx_timer.c
deleted file mode 100644
index 33f33fb41..000000000
--- a/hw/imx_timer.c
+++ /dev/null
@@ -1,689 +0,0 @@
-/*
- * IMX31 Timer
- *
- * Copyright (c) 2008 OK Labs
- * Copyright (c) 2011 NICTA Pty Ltd
- * Originally written by Hans Jiang
- * Updated by Peter Chubb
- *
- * This code is licensed under GPL version 2 or later. See
- * the COPYING file in the top-level directory.
- *
- */
-
-#include "hw.h"
-#include "qemu-timer.h"
-#include "ptimer.h"
-#include "sysbus.h"
-#include "imx.h"
-
-//#define DEBUG_TIMER 1
-#ifdef DEBUG_TIMER
-# define DPRINTF(fmt, args...) \
- do { printf("imx_timer: " fmt , ##args); } while (0)
-#else
-# define DPRINTF(fmt, args...) do {} while (0)
-#endif
-
-/*
- * Define to 1 for messages about attempts to
- * access unimplemented registers or similar.
- */
-#define DEBUG_IMPLEMENTATION 1
-#if DEBUG_IMPLEMENTATION
-# define IPRINTF(fmt, args...) \
- do { fprintf(stderr, "imx_timer: " fmt, ##args); } while (0)
-#else
-# define IPRINTF(fmt, args...) do {} while (0)
-#endif
-
-/*
- * GPT : General purpose timer
- *
- * This timer counts up continuously while it is enabled, resetting itself
- * to 0 when it reaches TIMER_MAX (in freerun mode) or when it
- * reaches the value of ocr1 (in periodic mode). WE simulate this using a
- * QEMU ptimer counting down from ocr1 and reloading from ocr1 in
- * periodic mode, or counting from ocr1 to zero, then TIMER_MAX - ocr1.
- * waiting_rov is set when counting from TIMER_MAX.
- *
- * In the real hardware, there are three comparison registers that can
- * trigger interrupts, and compare channel 1 can be used to
- * force-reset the timer. However, this is a `bare-bones'
- * implementation: only what Linux 3.x uses has been implemented
- * (free-running timer from 0 to OCR1 or TIMER_MAX) .
- */
-
-
-#define TIMER_MAX 0XFFFFFFFFUL
-
-/* Control register. Not all of these bits have any effect (yet) */
-#define GPT_CR_EN (1 << 0) /* GPT Enable */
-#define GPT_CR_ENMOD (1 << 1) /* GPT Enable Mode */
-#define GPT_CR_DBGEN (1 << 2) /* GPT Debug mode enable */
-#define GPT_CR_WAITEN (1 << 3) /* GPT Wait Mode Enable */
-#define GPT_CR_DOZEN (1 << 4) /* GPT Doze mode enable */
-#define GPT_CR_STOPEN (1 << 5) /* GPT Stop Mode Enable */
-#define GPT_CR_CLKSRC_SHIFT (6)
-#define GPT_CR_CLKSRC_MASK (0x7)
-
-#define GPT_CR_FRR (1 << 9) /* Freerun or Restart */
-#define GPT_CR_SWR (1 << 15) /* Software Reset */
-#define GPT_CR_IM1 (3 << 16) /* Input capture channel 1 mode (2 bits) */
-#define GPT_CR_IM2 (3 << 18) /* Input capture channel 2 mode (2 bits) */
-#define GPT_CR_OM1 (7 << 20) /* Output Compare Channel 1 Mode (3 bits) */
-#define GPT_CR_OM2 (7 << 23) /* Output Compare Channel 2 Mode (3 bits) */
-#define GPT_CR_OM3 (7 << 26) /* Output Compare Channel 3 Mode (3 bits) */
-#define GPT_CR_FO1 (1 << 29) /* Force Output Compare Channel 1 */
-#define GPT_CR_FO2 (1 << 30) /* Force Output Compare Channel 2 */
-#define GPT_CR_FO3 (1 << 31) /* Force Output Compare Channel 3 */
-
-#define GPT_SR_OF1 (1 << 0)
-#define GPT_SR_ROV (1 << 5)
-
-#define GPT_IR_OF1IE (1 << 0)
-#define GPT_IR_ROVIE (1 << 5)
-
-typedef struct {
- SysBusDevice busdev;
- ptimer_state *timer;
- MemoryRegion iomem;
- DeviceState *ccm;
-
- uint32_t cr;
- uint32_t pr;
- uint32_t sr;
- uint32_t ir;
- uint32_t ocr1;
- uint32_t cnt;
-
- uint32_t waiting_rov;
- qemu_irq irq;
-} IMXTimerGState;
-
-static const VMStateDescription vmstate_imx_timerg = {
- .name = "imx-timerg",
- .version_id = 1,
- .minimum_version_id = 1,
- .minimum_version_id_old = 1,
- .fields = (VMStateField[]) {
- VMSTATE_UINT32(cr, IMXTimerGState),
- VMSTATE_UINT32(pr, IMXTimerGState),
- VMSTATE_UINT32(sr, IMXTimerGState),
- VMSTATE_UINT32(ir, IMXTimerGState),
- VMSTATE_UINT32(ocr1, IMXTimerGState),
- VMSTATE_UINT32(cnt, IMXTimerGState),
- VMSTATE_UINT32(waiting_rov, IMXTimerGState),
- VMSTATE_PTIMER(timer, IMXTimerGState),
- VMSTATE_END_OF_LIST()
- }
-};
-
-static const IMXClk imx_timerg_clocks[] = {
- NOCLK, /* 000 No clock source */
- IPG, /* 001 ipg_clk, 532MHz*/
- IPG, /* 010 ipg_clk_highfreq */
- NOCLK, /* 011 not defined */
- CLK_32k, /* 100 ipg_clk_32k */
- NOCLK, /* 101 not defined */
- NOCLK, /* 110 not defined */
- NOCLK, /* 111 not defined */
-};
-
-
-static void imx_timerg_set_freq(IMXTimerGState *s)
-{
- int clksrc;
- uint32_t freq;
-
- clksrc = (s->cr >> GPT_CR_CLKSRC_SHIFT) & GPT_CR_CLKSRC_MASK;
- freq = imx_clock_frequency(s->ccm, imx_timerg_clocks[clksrc]) / (1 + s->pr);
-
- DPRINTF("Setting gtimer clksrc %d to frequency %d\n", clksrc, freq);
- if (freq) {
- ptimer_set_freq(s->timer, freq);
- }
-}
-
-static void imx_timerg_update(IMXTimerGState *s)
-{
- uint32_t flags = s->sr & s->ir & (GPT_SR_OF1 | GPT_SR_ROV);
-
- DPRINTF("g-timer SR: %s %s IR=%s %s, %s\n",
- s->sr & GPT_SR_OF1 ? "OF1" : "",
- s->sr & GPT_SR_ROV ? "ROV" : "",
- s->ir & GPT_SR_OF1 ? "OF1" : "",
- s->ir & GPT_SR_ROV ? "ROV" : "",
- s->cr & GPT_CR_EN ? "CR_EN" : "Not Enabled");
-
-
- qemu_set_irq(s->irq, (s->cr & GPT_CR_EN) && flags);
-}
-
-static uint32_t imx_timerg_update_counts(IMXTimerGState *s)
-{
- uint64_t target = s->waiting_rov ? TIMER_MAX : s->ocr1;
- uint64_t cnt = ptimer_get_count(s->timer);
- s->cnt = target - cnt;
- return s->cnt;
-}
-
-static void imx_timerg_reload(IMXTimerGState *s, uint32_t timeout)
-{
- uint64_t diff_cnt;
-
- if (!(s->cr & GPT_CR_FRR)) {
- IPRINTF("IMX_timerg_reload --- called in reset-mode\n");
- return;
- }
-
- /*
- * For small timeouts, qemu sometimes runs too slow.
- * Better deliver a late interrupt than none.
- *
- * In Reset mode (FRR bit clear)
- * the ptimer reloads itself from OCR1;
- * in free-running mode we need to fake
- * running from 0 to ocr1 to TIMER_MAX
- */
- if (timeout > s->cnt) {
- diff_cnt = timeout - s->cnt;
- } else {
- diff_cnt = 0;
- }
- ptimer_set_count(s->timer, diff_cnt);
-}
-
-static uint64_t imx_timerg_read(void *opaque, hwaddr offset,
- unsigned size)
-{
- IMXTimerGState *s = (IMXTimerGState *)opaque;
-
- DPRINTF("g-read(offset=%x)", offset >> 2);
- switch (offset >> 2) {
- case 0: /* Control Register */
- DPRINTF(" cr = %x\n", s->cr);
- return s->cr;
-
- case 1: /* prescaler */
- DPRINTF(" pr = %x\n", s->pr);
- return s->pr;
-
- case 2: /* Status Register */
- DPRINTF(" sr = %x\n", s->sr);
- return s->sr;
-
- case 3: /* Interrupt Register */
- DPRINTF(" ir = %x\n", s->ir);
- return s->ir;
-
- case 4: /* Output Compare Register 1 */
- DPRINTF(" ocr1 = %x\n", s->ocr1);
- return s->ocr1;
-
-
- case 9: /* cnt */
- imx_timerg_update_counts(s);
- DPRINTF(" cnt = %x\n", s->cnt);
- return s->cnt;
- }
-
- IPRINTF("imx_timerg_read: Bad offset %x\n",
- (int)offset >> 2);
- return 0;
-}
-
-static void imx_timerg_reset(DeviceState *dev)
-{
- IMXTimerGState *s = container_of(dev, IMXTimerGState, busdev.qdev);
-
- /*
- * Soft reset doesn't touch some bits; hard reset clears them
- */
- s->cr &= ~(GPT_CR_EN|GPT_CR_DOZEN|GPT_CR_WAITEN|GPT_CR_DBGEN);
- s->sr = 0;
- s->pr = 0;
- s->ir = 0;
- s->cnt = 0;
- s->ocr1 = TIMER_MAX;
- ptimer_stop(s->timer);
- ptimer_set_limit(s->timer, TIMER_MAX, 1);
- imx_timerg_set_freq(s);
-}
-
-static void imx_timerg_write(void *opaque, hwaddr offset,
- uint64_t value, unsigned size)
-{
- IMXTimerGState *s = (IMXTimerGState *)opaque;
- DPRINTF("g-write(offset=%x, value = 0x%x)\n", (unsigned int)offset >> 2,
- (unsigned int)value);
-
- switch (offset >> 2) {
- case 0: {
- uint32_t oldcr = s->cr;
- /* CR */
- if (value & GPT_CR_SWR) { /* force reset */
- value &= ~GPT_CR_SWR;
- imx_timerg_reset(&s->busdev.qdev);
- imx_timerg_update(s);
- }
-
- s->cr = value & ~0x7c00;
- imx_timerg_set_freq(s);
- if ((oldcr ^ value) & GPT_CR_EN) {
- if (value & GPT_CR_EN) {
- if (value & GPT_CR_ENMOD) {
- ptimer_set_count(s->timer, s->ocr1);
- s->cnt = 0;
- }
- ptimer_run(s->timer,
- (value & GPT_CR_FRR) && (s->ocr1 != TIMER_MAX));
- } else {
- ptimer_stop(s->timer);
- };
- }
- return;
- }
-
- case 1: /* Prescaler */
- s->pr = value & 0xfff;
- imx_timerg_set_freq(s);
- return;
-
- case 2: /* SR */
- /*
- * No point in implementing the status register bits to do with
- * external interrupt sources.
- */
- value &= GPT_SR_OF1 | GPT_SR_ROV;
- s->sr &= ~value;
- imx_timerg_update(s);
- return;
-
- case 3: /* IR -- interrupt register */
- s->ir = value & 0x3f;
- imx_timerg_update(s);
- return;
-
- case 4: /* OCR1 -- output compare register */
- /* In non-freerun mode, reset count when this register is written */
- if (!(s->cr & GPT_CR_FRR)) {
- s->waiting_rov = 0;
- ptimer_set_limit(s->timer, value, 1);
- } else {
- imx_timerg_update_counts(s);
- if (value > s->cnt) {
- s->waiting_rov = 0;
- imx_timerg_reload(s, value);
- } else {
- s->waiting_rov = 1;
- imx_timerg_reload(s, TIMER_MAX - s->cnt);
- }
- }
- s->ocr1 = value;
- return;
-
- default:
- IPRINTF("imx_timerg_write: Bad offset %x\n",
- (int)offset >> 2);
- }
-}
-
-static void imx_timerg_timeout(void *opaque)
-{
- IMXTimerGState *s = (IMXTimerGState *)opaque;
-
- DPRINTF("imx_timerg_timeout, waiting rov=%d\n", s->waiting_rov);
- if (s->cr & GPT_CR_FRR) {
- /*
- * Free running timer from 0 -> TIMERMAX
- * Generates interrupt at TIMER_MAX and at cnt==ocr1
- * If ocr1 == TIMER_MAX, then no need to reload timer.
- */
- if (s->ocr1 == TIMER_MAX) {
- DPRINTF("s->ocr1 == TIMER_MAX, FRR\n");
- s->sr |= GPT_SR_OF1 | GPT_SR_ROV;
- imx_timerg_update(s);
- return;
- }
-
- if (s->waiting_rov) {
- /*
- * We were waiting for cnt==TIMER_MAX
- */
- s->sr |= GPT_SR_ROV;
- s->waiting_rov = 0;
- s->cnt = 0;
- imx_timerg_reload(s, s->ocr1);
- } else {
- /* Must have got a cnt==ocr1 timeout. */
- s->sr |= GPT_SR_OF1;
- s->cnt = s->ocr1;
- s->waiting_rov = 1;
- imx_timerg_reload(s, TIMER_MAX);
- }
- imx_timerg_update(s);
- return;
- }
-
- s->sr |= GPT_SR_OF1;
- imx_timerg_update(s);
-}
-
-static const MemoryRegionOps imx_timerg_ops = {
- .read = imx_timerg_read,
- .write = imx_timerg_write,
- .endianness = DEVICE_NATIVE_ENDIAN,
-};
-
-
-static int imx_timerg_init(SysBusDevice *dev)
-{
- IMXTimerGState *s = FROM_SYSBUS(IMXTimerGState, dev);
- QEMUBH *bh;
-
- sysbus_init_irq(dev, &s->irq);
- memory_region_init_io(&s->iomem, &imx_timerg_ops,
- s, "imxg-timer",
- 0x00001000);
- sysbus_init_mmio(dev, &s->iomem);
-
- bh = qemu_bh_new(imx_timerg_timeout, s);
- s->timer = ptimer_init(bh);
-
- /* Hard reset resets extra bits in CR */
- s->cr = 0;
- return 0;
-}
-
-
-
-/*
- * EPIT: Enhanced periodic interrupt timer
- */
-
-#define CR_EN (1 << 0)
-#define CR_ENMOD (1 << 1)
-#define CR_OCIEN (1 << 2)
-#define CR_RLD (1 << 3)
-#define CR_PRESCALE_SHIFT (4)
-#define CR_PRESCALE_MASK (0xfff)
-#define CR_SWR (1 << 16)
-#define CR_IOVW (1 << 17)
-#define CR_DBGEN (1 << 18)
-#define CR_EPIT (1 << 19)
-#define CR_DOZEN (1 << 20)
-#define CR_STOPEN (1 << 21)
-#define CR_CLKSRC_SHIFT (24)
-#define CR_CLKSRC_MASK (0x3 << CR_CLKSRC_SHIFT)
-
-
-/*
- * Exact clock frequencies vary from board to board.
- * These are typical.
- */
-static const IMXClk imx_timerp_clocks[] = {
- 0, /* disabled */
- IPG, /* ipg_clk, ~532MHz */
- IPG, /* ipg_clk_highfreq */
- CLK_32k, /* ipg_clk_32k -- ~32kHz */
-};
-
-typedef struct {
- SysBusDevice busdev;
- ptimer_state *timer;
- MemoryRegion iomem;
- DeviceState *ccm;
-
- uint32_t cr;
- uint32_t lr;
- uint32_t cmp;
-
- uint32_t freq;
- int int_level;
- qemu_irq irq;
-} IMXTimerPState;
-
-/*
- * Update interrupt status
- */
-static void imx_timerp_update(IMXTimerPState *s)
-{
- if (s->int_level && (s->cr & CR_OCIEN)) {
- qemu_irq_raise(s->irq);
- } else {
- qemu_irq_lower(s->irq);
- }
-}
-
-static void imx_timerp_reset(DeviceState *dev)
-{
- IMXTimerPState *s = container_of(dev, IMXTimerPState, busdev.qdev);
-
- s->cr = 0;
- s->lr = TIMER_MAX;
- s->int_level = 0;
- s->cmp = 0;
- ptimer_stop(s->timer);
- ptimer_set_count(s->timer, TIMER_MAX);
-}
-
-static uint64_t imx_timerp_read(void *opaque, hwaddr offset,
- unsigned size)
-{
- IMXTimerPState *s = (IMXTimerPState *)opaque;
-
- DPRINTF("p-read(offset=%x)", offset >> 2);
- switch (offset >> 2) {
- case 0: /* Control Register */
- DPRINTF("cr %x\n", s->cr);
- return s->cr;
-
- case 1: /* Status Register */
- DPRINTF("int_level %x\n", s->int_level);
- return s->int_level;
-
- case 2: /* LR - ticks*/
- DPRINTF("lr %x\n", s->lr);
- return s->lr;
-
- case 3: /* CMP */
- DPRINTF("cmp %x\n", s->cmp);
- return s->cmp;
-
- case 4: /* CNT */
- return ptimer_get_count(s->timer);
- }
- IPRINTF("imx_timerp_read: Bad offset %x\n",
- (int)offset >> 2);
- return 0;
-}
-
-static void set_timerp_freq(IMXTimerPState *s)
-{
- int clksrc;
- unsigned prescaler;
- uint32_t freq;
-
- clksrc = (s->cr & CR_CLKSRC_MASK) >> CR_CLKSRC_SHIFT;
- prescaler = 1 + ((s->cr >> CR_PRESCALE_SHIFT) & CR_PRESCALE_MASK);
- freq = imx_clock_frequency(s->ccm, imx_timerp_clocks[clksrc]) / prescaler;
-
- s->freq = freq;
- DPRINTF("Setting ptimer frequency to %u\n", freq);
-
- if (freq) {
- ptimer_set_freq(s->timer, freq);
- }
-}
-
-static void imx_timerp_write(void *opaque, hwaddr offset,
- uint64_t value, unsigned size)
-{
- IMXTimerPState *s = (IMXTimerPState *)opaque;
- DPRINTF("p-write(offset=%x, value = %x)\n", (unsigned int)offset >> 2,
- (unsigned int)value);
-
- switch (offset >> 2) {
- case 0: /* CR */
- if (value & CR_SWR) {
- imx_timerp_reset(&s->busdev.qdev);
- value &= ~CR_SWR;
- }
- s->cr = value & 0x03ffffff;
- set_timerp_freq(s);
-
- if (s->freq && (s->cr & CR_EN)) {
- if (!(s->cr & CR_ENMOD)) {
- ptimer_set_count(s->timer, s->lr);
- }
- ptimer_run(s->timer, 0);
- } else {
- ptimer_stop(s->timer);
- }
- break;
-
- case 1: /* SR - ACK*/
- s->int_level = 0;
- imx_timerp_update(s);
- break;
-
- case 2: /* LR - set ticks */
- s->lr = value;
- ptimer_set_limit(s->timer, value, !!(s->cr & CR_IOVW));
- break;
-
- case 3: /* CMP */
- s->cmp = value;
- if (value) {
- IPRINTF(
- "Values for EPIT comparison other than zero not supported\n"
- );
- }
- break;
-
- default:
- IPRINTF("imx_timerp_write: Bad offset %x\n",
- (int)offset >> 2);
- }
-}
-
-static void imx_timerp_tick(void *opaque)
-{
- IMXTimerPState *s = (IMXTimerPState *)opaque;
-
- DPRINTF("imxp tick\n");
- if (!(s->cr & CR_RLD)) {
- ptimer_set_count(s->timer, TIMER_MAX);
- }
- s->int_level = 1;
- imx_timerp_update(s);
-}
-
-void imx_timerp_create(const hwaddr addr,
- qemu_irq irq,
- DeviceState *ccm)
-{
- IMXTimerPState *pp;
- DeviceState *dev;
-
- dev = sysbus_create_simple("imx_timerp", addr, irq);
- pp = container_of(dev, IMXTimerPState, busdev.qdev);
- pp->ccm = ccm;
-}
-
-static const MemoryRegionOps imx_timerp_ops = {
- .read = imx_timerp_read,
- .write = imx_timerp_write,
- .endianness = DEVICE_NATIVE_ENDIAN,
-};
-
-static const VMStateDescription vmstate_imx_timerp = {
- .name = "imx-timerp",
- .version_id = 1,
- .minimum_version_id = 1,
- .minimum_version_id_old = 1,
- .fields = (VMStateField[]) {
- VMSTATE_UINT32(cr, IMXTimerPState),
- VMSTATE_UINT32(lr, IMXTimerPState),
- VMSTATE_UINT32(cmp, IMXTimerPState),
- VMSTATE_UINT32(freq, IMXTimerPState),
- VMSTATE_INT32(int_level, IMXTimerPState),
- VMSTATE_PTIMER(timer, IMXTimerPState),
- VMSTATE_END_OF_LIST()
- }
-};
-
-static int imx_timerp_init(SysBusDevice *dev)
-{
- IMXTimerPState *s = FROM_SYSBUS(IMXTimerPState, dev);
- QEMUBH *bh;
-
- DPRINTF("imx_timerp_init\n");
-
- sysbus_init_irq(dev, &s->irq);
- memory_region_init_io(&s->iomem, &imx_timerp_ops,
- s, "imxp-timer",
- 0x00001000);
- sysbus_init_mmio(dev, &s->iomem);
-
- bh = qemu_bh_new(imx_timerp_tick, s);
- s->timer = ptimer_init(bh);
-
- return 0;
-}
-
-
-void imx_timerg_create(const hwaddr addr,
- qemu_irq irq,
- DeviceState *ccm)
-{
- IMXTimerGState *pp;
- DeviceState *dev;
-
- dev = sysbus_create_simple("imx_timerg", addr, irq);
- pp = container_of(dev, IMXTimerGState, busdev.qdev);
- pp->ccm = ccm;
-}
-
-static void imx_timerg_class_init(ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS(klass);
- SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
- k->init = imx_timerg_init;
- dc->vmsd = &vmstate_imx_timerg;
- dc->reset = imx_timerg_reset;
- dc->desc = "i.MX general timer";
-}
-
-static void imx_timerp_class_init(ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS(klass);
- SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
- k->init = imx_timerp_init;
- dc->vmsd = &vmstate_imx_timerp;
- dc->reset = imx_timerp_reset;
- dc->desc = "i.MX periodic timer";
-}
-
-static const TypeInfo imx_timerp_info = {
- .name = "imx_timerp",
- .parent = TYPE_SYS_BUS_DEVICE,
- .instance_size = sizeof(IMXTimerPState),
- .class_init = imx_timerp_class_init,
-};
-
-static const TypeInfo imx_timerg_info = {
- .name = "imx_timerg",
- .parent = TYPE_SYS_BUS_DEVICE,
- .instance_size = sizeof(IMXTimerGState),
- .class_init = imx_timerg_class_init,
-};
-
-static void imx_timer_register_types(void)
-{
- type_register_static(&imx_timerp_info);
- type_register_static(&imx_timerg_info);
-}
-
-type_init(imx_timer_register_types)
diff --git a/hw/input/Makefile.objs b/hw/input/Makefile.objs
new file mode 100644
index 000000000..e8c80b9de
--- /dev/null
+++ b/hw/input/Makefile.objs
@@ -0,0 +1,13 @@
+common-obj-$(CONFIG_ADB) += adb.o
+common-obj-y += hid.o
+common-obj-$(CONFIG_LM832X) += lm832x.o
+common-obj-$(CONFIG_PCKBD) += pckbd.o
+common-obj-$(CONFIG_PL050) += pl050.o
+common-obj-y += ps2.o
+common-obj-$(CONFIG_STELLARIS_INPUT) += stellaris_input.o
+common-obj-$(CONFIG_TSC2005) += tsc2005.o
+common-obj-$(CONFIG_VMMOUSE) += vmmouse.o
+
+obj-$(CONFIG_MILKYMIST) += milkymist-softusb.o
+obj-$(CONFIG_PXA2XX) += pxa2xx_keypad.o
+obj-$(CONFIG_TSC210X) += tsc210x.o
diff --git a/hw/input/adb.c b/hw/input/adb.c
new file mode 100644
index 000000000..a75d3fd7b
--- /dev/null
+++ b/hw/input/adb.c
@@ -0,0 +1,581 @@
+/*
+ * QEMU ADB support
+ *
+ * Copyright (c) 2004 Fabrice Bellard
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+#include "hw/hw.h"
+#include "hw/input/adb.h"
+#include "ui/console.h"
+
+/* debug ADB */
+//#define DEBUG_ADB
+
+#ifdef DEBUG_ADB
+#define ADB_DPRINTF(fmt, ...) \
+do { printf("ADB: " fmt , ## __VA_ARGS__); } while (0)
+#else
+#define ADB_DPRINTF(fmt, ...)
+#endif
+
+/* ADB commands */
+#define ADB_BUSRESET 0x00
+#define ADB_FLUSH 0x01
+#define ADB_WRITEREG 0x08
+#define ADB_READREG 0x0c
+
+/* ADB device commands */
+#define ADB_CMD_SELF_TEST 0xff
+#define ADB_CMD_CHANGE_ID 0xfe
+#define ADB_CMD_CHANGE_ID_AND_ACT 0xfd
+#define ADB_CMD_CHANGE_ID_AND_ENABLE 0x00
+
+/* ADB default device IDs (upper 4 bits of ADB command byte) */
+#define ADB_DEVID_DONGLE 1
+#define ADB_DEVID_KEYBOARD 2
+#define ADB_DEVID_MOUSE 3
+#define ADB_DEVID_TABLET 4
+#define ADB_DEVID_MODEM 5
+#define ADB_DEVID_MISC 7
+
+/* error codes */
+#define ADB_RET_NOTPRESENT (-2)
+
+static void adb_device_reset(ADBDevice *d)
+{
+ qdev_reset_all(DEVICE(d));
+}
+
+int adb_request(ADBBusState *s, uint8_t *obuf, const uint8_t *buf, int len)
+{
+ ADBDevice *d;
+ int devaddr, cmd, i;
+
+ cmd = buf[0] & 0xf;
+ if (cmd == ADB_BUSRESET) {
+ for(i = 0; i < s->nb_devices; i++) {
+ d = s->devices[i];
+ adb_device_reset(d);
+ }
+ return 0;
+ }
+ devaddr = buf[0] >> 4;
+ for(i = 0; i < s->nb_devices; i++) {
+ d = s->devices[i];
+ if (d->devaddr == devaddr) {
+ ADBDeviceClass *adc = ADB_DEVICE_GET_CLASS(d);
+ return adc->devreq(d, obuf, buf, len);
+ }
+ }
+ return ADB_RET_NOTPRESENT;
+}
+
+/* XXX: move that to cuda ? */
+int adb_poll(ADBBusState *s, uint8_t *obuf)
+{
+ ADBDevice *d;
+ int olen, i;
+ uint8_t buf[1];
+
+ olen = 0;
+ for(i = 0; i < s->nb_devices; i++) {
+ if (s->poll_index >= s->nb_devices)
+ s->poll_index = 0;
+ d = s->devices[s->poll_index];
+ buf[0] = ADB_READREG | (d->devaddr << 4);
+ olen = adb_request(s, obuf + 1, buf, 1);
+ /* if there is data, we poll again the same device */
+ if (olen > 0) {
+ obuf[0] = buf[0];
+ olen++;
+ break;
+ }
+ s->poll_index++;
+ }
+ return olen;
+}
+
+static const TypeInfo adb_bus_type_info = {
+ .name = TYPE_ADB_BUS,
+ .parent = TYPE_BUS,
+ .instance_size = sizeof(ADBBusState),
+};
+
+static void adb_device_realizefn(DeviceState *dev, Error **errp)
+{
+ ADBDevice *d = ADB_DEVICE(dev);
+ ADBBusState *bus = ADB_BUS(qdev_get_parent_bus(dev));
+
+ if (bus->nb_devices >= MAX_ADB_DEVICES) {
+ return;
+ }
+
+ bus->devices[bus->nb_devices++] = d;
+}
+
+static void adb_device_class_init(ObjectClass *oc, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(oc);
+
+ dc->realize = adb_device_realizefn;
+ dc->bus_type = TYPE_ADB_BUS;
+}
+
+static const TypeInfo adb_device_type_info = {
+ .name = TYPE_ADB_DEVICE,
+ .parent = TYPE_DEVICE,
+ .instance_size = sizeof(ADBDevice),
+ .abstract = true,
+ .class_init = adb_device_class_init,
+};
+
+/***************************************************************/
+/* Keyboard ADB device */
+
+#define ADB_KEYBOARD(obj) OBJECT_CHECK(KBDState, (obj), TYPE_ADB_KEYBOARD)
+
+typedef struct KBDState {
+ /*< private >*/
+ ADBDevice parent_obj;
+ /*< public >*/
+
+ uint8_t data[128];
+ int rptr, wptr, count;
+} KBDState;
+
+#define ADB_KEYBOARD_CLASS(class) \
+ OBJECT_CLASS_CHECK(ADBKeyboardClass, (class), TYPE_ADB_KEYBOARD)
+#define ADB_KEYBOARD_GET_CLASS(obj) \
+ OBJECT_GET_CLASS(ADBKeyboardClass, (obj), TYPE_ADB_KEYBOARD)
+
+typedef struct ADBKeyboardClass {
+ /*< private >*/
+ ADBDeviceClass parent_class;
+ /*< public >*/
+
+ DeviceRealize parent_realize;
+} ADBKeyboardClass;
+
+static const uint8_t pc_to_adb_keycode[256] = {
+ 0, 53, 18, 19, 20, 21, 23, 22, 26, 28, 25, 29, 27, 24, 51, 48,
+ 12, 13, 14, 15, 17, 16, 32, 34, 31, 35, 33, 30, 36, 54, 0, 1,
+ 2, 3, 5, 4, 38, 40, 37, 41, 39, 50, 56, 42, 6, 7, 8, 9,
+ 11, 45, 46, 43, 47, 44,123, 67, 58, 49, 57,122,120, 99,118, 96,
+ 97, 98,100,101,109, 71,107, 89, 91, 92, 78, 86, 87, 88, 69, 83,
+ 84, 85, 82, 65, 0, 0, 10,103,111, 0, 0,110, 81, 0, 0, 0,
+ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+ 0, 0, 0, 94, 0, 93, 0, 0, 0, 0, 0, 0,104,102, 0, 0,
+ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 76,125, 0, 0,
+ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,105, 0, 0, 0, 0, 0,
+ 0, 0, 0, 0, 0, 75, 0, 0,124, 0, 0, 0, 0, 0, 0, 0,
+ 0, 0, 0, 0, 0, 0, 0,115, 62,116, 0, 59, 0, 60, 0,119,
+ 61,121,114,117, 0, 0, 0, 0, 0, 0, 0, 55,126, 0,127, 0,
+ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+ 0, 0, 0, 0, 0, 95, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+};
+
+static void adb_kbd_put_keycode(void *opaque, int keycode)
+{
+ KBDState *s = opaque;
+
+ if (s->count < sizeof(s->data)) {
+ s->data[s->wptr] = keycode;
+ if (++s->wptr == sizeof(s->data))
+ s->wptr = 0;
+ s->count++;
+ }
+}
+
+static int adb_kbd_poll(ADBDevice *d, uint8_t *obuf)
+{
+ static int ext_keycode;
+ KBDState *s = ADB_KEYBOARD(d);
+ int adb_keycode, keycode;
+ int olen;
+
+ olen = 0;
+ for(;;) {
+ if (s->count == 0)
+ break;
+ keycode = s->data[s->rptr];
+ if (++s->rptr == sizeof(s->data))
+ s->rptr = 0;
+ s->count--;
+
+ if (keycode == 0xe0) {
+ ext_keycode = 1;
+ } else {
+ if (ext_keycode)
+ adb_keycode = pc_to_adb_keycode[keycode | 0x80];
+ else
+ adb_keycode = pc_to_adb_keycode[keycode & 0x7f];
+ obuf[0] = adb_keycode | (keycode & 0x80);
+ /* NOTE: could put a second keycode if needed */
+ obuf[1] = 0xff;
+ olen = 2;
+ ext_keycode = 0;
+ break;
+ }
+ }
+ return olen;
+}
+
+static int adb_kbd_request(ADBDevice *d, uint8_t *obuf,
+ const uint8_t *buf, int len)
+{
+ KBDState *s = ADB_KEYBOARD(d);
+ int cmd, reg, olen;
+
+ if ((buf[0] & 0x0f) == ADB_FLUSH) {
+ /* flush keyboard fifo */
+ s->wptr = s->rptr = s->count = 0;
+ return 0;
+ }
+
+ cmd = buf[0] & 0xc;
+ reg = buf[0] & 0x3;
+ olen = 0;
+ switch(cmd) {
+ case ADB_WRITEREG:
+ switch(reg) {
+ case 2:
+ /* LED status */
+ break;
+ case 3:
+ switch(buf[2]) {
+ case ADB_CMD_SELF_TEST:
+ break;
+ case ADB_CMD_CHANGE_ID:
+ case ADB_CMD_CHANGE_ID_AND_ACT:
+ case ADB_CMD_CHANGE_ID_AND_ENABLE:
+ d->devaddr = buf[1] & 0xf;
+ break;
+ default:
+ /* XXX: check this */
+ d->devaddr = buf[1] & 0xf;
+ d->handler = buf[2];
+ break;
+ }
+ }
+ break;
+ case ADB_READREG:
+ switch(reg) {
+ case 0:
+ olen = adb_kbd_poll(d, obuf);
+ break;
+ case 1:
+ break;
+ case 2:
+ obuf[0] = 0x00; /* XXX: check this */
+ obuf[1] = 0x07; /* led status */
+ olen = 2;
+ break;
+ case 3:
+ obuf[0] = d->handler;
+ obuf[1] = d->devaddr;
+ olen = 2;
+ break;
+ }
+ break;
+ }
+ return olen;
+}
+
+static const VMStateDescription vmstate_adb_kbd = {
+ .name = "adb_kbd",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .minimum_version_id_old = 1,
+ .fields = (VMStateField[]) {
+ VMSTATE_BUFFER(data, KBDState),
+ VMSTATE_INT32(rptr, KBDState),
+ VMSTATE_INT32(wptr, KBDState),
+ VMSTATE_INT32(count, KBDState),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+static void adb_kbd_reset(DeviceState *dev)
+{
+ ADBDevice *d = ADB_DEVICE(dev);
+ KBDState *s = ADB_KEYBOARD(dev);
+
+ d->handler = 1;
+ d->devaddr = ADB_DEVID_KEYBOARD;
+ memset(s->data, 0, sizeof(s->data));
+ s->rptr = 0;
+ s->wptr = 0;
+ s->count = 0;
+}
+
+static void adb_kbd_realizefn(DeviceState *dev, Error **errp)
+{
+ ADBDevice *d = ADB_DEVICE(dev);
+ ADBKeyboardClass *akc = ADB_KEYBOARD_GET_CLASS(dev);
+
+ akc->parent_realize(dev, errp);
+
+ qemu_add_kbd_event_handler(adb_kbd_put_keycode, d);
+}
+
+static void adb_kbd_initfn(Object *obj)
+{
+ ADBDevice *d = ADB_DEVICE(obj);
+
+ d->devaddr = ADB_DEVID_KEYBOARD;
+}
+
+static void adb_kbd_class_init(ObjectClass *oc, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(oc);
+ ADBDeviceClass *adc = ADB_DEVICE_CLASS(oc);
+ ADBKeyboardClass *akc = ADB_KEYBOARD_CLASS(oc);
+
+ akc->parent_realize = dc->realize;
+ dc->realize = adb_kbd_realizefn;
+
+ adc->devreq = adb_kbd_request;
+ dc->reset = adb_kbd_reset;
+ dc->vmsd = &vmstate_adb_kbd;
+}
+
+static const TypeInfo adb_kbd_type_info = {
+ .name = TYPE_ADB_KEYBOARD,
+ .parent = TYPE_ADB_DEVICE,
+ .instance_size = sizeof(KBDState),
+ .instance_init = adb_kbd_initfn,
+ .class_init = adb_kbd_class_init,
+ .class_size = sizeof(ADBKeyboardClass),
+};
+
+/***************************************************************/
+/* Mouse ADB device */
+
+#define ADB_MOUSE(obj) OBJECT_CHECK(MouseState, (obj), TYPE_ADB_MOUSE)
+
+typedef struct MouseState {
+ /*< public >*/
+ ADBDevice parent_obj;
+ /*< private >*/
+
+ int buttons_state, last_buttons_state;
+ int dx, dy, dz;
+} MouseState;
+
+#define ADB_MOUSE_CLASS(class) \
+ OBJECT_CLASS_CHECK(ADBMouseClass, (class), TYPE_ADB_MOUSE)
+#define ADB_MOUSE_GET_CLASS(obj) \
+ OBJECT_GET_CLASS(ADBMouseClass, (obj), TYPE_ADB_MOUSE)
+
+typedef struct ADBMouseClass {
+ /*< public >*/
+ ADBDeviceClass parent_class;
+ /*< private >*/
+
+ DeviceRealize parent_realize;
+} ADBMouseClass;
+
+static void adb_mouse_event(void *opaque,
+ int dx1, int dy1, int dz1, int buttons_state)
+{
+ MouseState *s = opaque;
+
+ s->dx += dx1;
+ s->dy += dy1;
+ s->dz += dz1;
+ s->buttons_state = buttons_state;
+}
+
+
+static int adb_mouse_poll(ADBDevice *d, uint8_t *obuf)
+{
+ MouseState *s = ADB_MOUSE(d);
+ int dx, dy;
+
+ if (s->last_buttons_state == s->buttons_state &&
+ s->dx == 0 && s->dy == 0)
+ return 0;
+
+ dx = s->dx;
+ if (dx < -63)
+ dx = -63;
+ else if (dx > 63)
+ dx = 63;
+
+ dy = s->dy;
+ if (dy < -63)
+ dy = -63;
+ else if (dy > 63)
+ dy = 63;
+
+ s->dx -= dx;
+ s->dy -= dy;
+ s->last_buttons_state = s->buttons_state;
+
+ dx &= 0x7f;
+ dy &= 0x7f;
+
+ if (!(s->buttons_state & MOUSE_EVENT_LBUTTON))
+ dy |= 0x80;
+ if (!(s->buttons_state & MOUSE_EVENT_RBUTTON))
+ dx |= 0x80;
+
+ obuf[0] = dy;
+ obuf[1] = dx;
+ return 2;
+}
+
+static int adb_mouse_request(ADBDevice *d, uint8_t *obuf,
+ const uint8_t *buf, int len)
+{
+ MouseState *s = ADB_MOUSE(d);
+ int cmd, reg, olen;
+
+ if ((buf[0] & 0x0f) == ADB_FLUSH) {
+ /* flush mouse fifo */
+ s->buttons_state = s->last_buttons_state;
+ s->dx = 0;
+ s->dy = 0;
+ s->dz = 0;
+ return 0;
+ }
+
+ cmd = buf[0] & 0xc;
+ reg = buf[0] & 0x3;
+ olen = 0;
+ switch(cmd) {
+ case ADB_WRITEREG:
+ ADB_DPRINTF("write reg %d val 0x%2.2x\n", reg, buf[1]);
+ switch(reg) {
+ case 2:
+ break;
+ case 3:
+ switch(buf[2]) {
+ case ADB_CMD_SELF_TEST:
+ break;
+ case ADB_CMD_CHANGE_ID:
+ case ADB_CMD_CHANGE_ID_AND_ACT:
+ case ADB_CMD_CHANGE_ID_AND_ENABLE:
+ d->devaddr = buf[1] & 0xf;
+ break;
+ default:
+ /* XXX: check this */
+ d->devaddr = buf[1] & 0xf;
+ break;
+ }
+ }
+ break;
+ case ADB_READREG:
+ switch(reg) {
+ case 0:
+ olen = adb_mouse_poll(d, obuf);
+ break;
+ case 1:
+ break;
+ case 3:
+ obuf[0] = d->handler;
+ obuf[1] = d->devaddr;
+ olen = 2;
+ break;
+ }
+ ADB_DPRINTF("read reg %d obuf[0] 0x%2.2x obuf[1] 0x%2.2x\n", reg,
+ obuf[0], obuf[1]);
+ break;
+ }
+ return olen;
+}
+
+static void adb_mouse_reset(DeviceState *dev)
+{
+ ADBDevice *d = ADB_DEVICE(dev);
+ MouseState *s = ADB_MOUSE(dev);
+
+ d->handler = 2;
+ d->devaddr = ADB_DEVID_MOUSE;
+ s->last_buttons_state = s->buttons_state = 0;
+ s->dx = s->dy = s->dz = 0;
+}
+
+static const VMStateDescription vmstate_adb_mouse = {
+ .name = "adb_mouse",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .minimum_version_id_old = 1,
+ .fields = (VMStateField[]) {
+ VMSTATE_INT32(buttons_state, MouseState),
+ VMSTATE_INT32(last_buttons_state, MouseState),
+ VMSTATE_INT32(dx, MouseState),
+ VMSTATE_INT32(dy, MouseState),
+ VMSTATE_INT32(dz, MouseState),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+static void adb_mouse_realizefn(DeviceState *dev, Error **errp)
+{
+ MouseState *s = ADB_MOUSE(dev);
+ ADBMouseClass *amc = ADB_MOUSE_GET_CLASS(dev);
+
+ amc->parent_realize(dev, errp);
+
+ qemu_add_mouse_event_handler(adb_mouse_event, s, 0, "QEMU ADB Mouse");
+}
+
+static void adb_mouse_initfn(Object *obj)
+{
+ ADBDevice *d = ADB_DEVICE(obj);
+
+ d->devaddr = ADB_DEVID_MOUSE;
+}
+
+static void adb_mouse_class_init(ObjectClass *oc, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(oc);
+ ADBDeviceClass *adc = ADB_DEVICE_CLASS(oc);
+ ADBMouseClass *amc = ADB_MOUSE_CLASS(oc);
+
+ amc->parent_realize = dc->realize;
+ dc->realize = adb_mouse_realizefn;
+
+ adc->devreq = adb_mouse_request;
+ dc->reset = adb_mouse_reset;
+ dc->vmsd = &vmstate_adb_mouse;
+}
+
+static const TypeInfo adb_mouse_type_info = {
+ .name = TYPE_ADB_MOUSE,
+ .parent = TYPE_ADB_DEVICE,
+ .instance_size = sizeof(MouseState),
+ .instance_init = adb_mouse_initfn,
+ .class_init = adb_mouse_class_init,
+ .class_size = sizeof(ADBMouseClass),
+};
+
+
+static void adb_register_types(void)
+{
+ type_register_static(&adb_bus_type_info);
+ type_register_static(&adb_device_type_info);
+ type_register_static(&adb_kbd_type_info);
+ type_register_static(&adb_mouse_type_info);
+}
+
+type_init(adb_register_types)
diff --git a/hw/input/hid.c b/hw/input/hid.c
new file mode 100644
index 000000000..14b312595
--- /dev/null
+++ b/hw/input/hid.c
@@ -0,0 +1,498 @@
+/*
+ * QEMU HID devices
+ *
+ * Copyright (c) 2005 Fabrice Bellard
+ * Copyright (c) 2007 OpenMoko, Inc. (andrew@openedhand.com)
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+#include "hw/hw.h"
+#include "ui/console.h"
+#include "qemu/timer.h"
+#include "hw/input/hid.h"
+
+#define HID_USAGE_ERROR_ROLLOVER 0x01
+#define HID_USAGE_POSTFAIL 0x02
+#define HID_USAGE_ERROR_UNDEFINED 0x03
+
+/* Indices are QEMU keycodes, values are from HID Usage Table. Indices
+ * above 0x80 are for keys that come after 0xe0 or 0xe1+0x1d or 0xe1+0x9d. */
+static const uint8_t hid_usage_keys[0x100] = {
+ 0x00, 0x29, 0x1e, 0x1f, 0x20, 0x21, 0x22, 0x23,
+ 0x24, 0x25, 0x26, 0x27, 0x2d, 0x2e, 0x2a, 0x2b,
+ 0x14, 0x1a, 0x08, 0x15, 0x17, 0x1c, 0x18, 0x0c,
+ 0x12, 0x13, 0x2f, 0x30, 0x28, 0xe0, 0x04, 0x16,
+ 0x07, 0x09, 0x0a, 0x0b, 0x0d, 0x0e, 0x0f, 0x33,
+ 0x34, 0x35, 0xe1, 0x31, 0x1d, 0x1b, 0x06, 0x19,
+ 0x05, 0x11, 0x10, 0x36, 0x37, 0x38, 0xe5, 0x55,
+ 0xe2, 0x2c, 0x32, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e,
+ 0x3f, 0x40, 0x41, 0x42, 0x43, 0x53, 0x47, 0x5f,
+ 0x60, 0x61, 0x56, 0x5c, 0x5d, 0x5e, 0x57, 0x59,
+ 0x5a, 0x5b, 0x62, 0x63, 0x00, 0x00, 0x00, 0x44,
+ 0x45, 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e,
+ 0xe8, 0xe9, 0x71, 0x72, 0x73, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x85, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0xe3, 0xe7, 0x65,
+
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x58, 0xe4, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x54, 0x00, 0x46,
+ 0xe6, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x48, 0x00, 0x4a,
+ 0x52, 0x4b, 0x00, 0x50, 0x00, 0x4f, 0x00, 0x4d,
+ 0x51, 0x4e, 0x49, 0x4c, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0xe3, 0xe7, 0x65, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+};
+
+bool hid_has_events(HIDState *hs)
+{
+ return hs->n > 0 || hs->idle_pending;
+}
+
+static void hid_idle_timer(void *opaque)
+{
+ HIDState *hs = opaque;
+
+ hs->idle_pending = true;
+ hs->event(hs);
+}
+
+static void hid_del_idle_timer(HIDState *hs)
+{
+ if (hs->idle_timer) {
+ qemu_del_timer(hs->idle_timer);
+ qemu_free_timer(hs->idle_timer);
+ hs->idle_timer = NULL;
+ }
+}
+
+void hid_set_next_idle(HIDState *hs)
+{
+ if (hs->idle) {
+ uint64_t expire_time = qemu_get_clock_ns(vm_clock) +
+ get_ticks_per_sec() * hs->idle * 4 / 1000;
+ if (!hs->idle_timer) {
+ hs->idle_timer = qemu_new_timer_ns(vm_clock, hid_idle_timer, hs);
+ }
+ qemu_mod_timer_ns(hs->idle_timer, expire_time);
+ } else {
+ hid_del_idle_timer(hs);
+ }
+}
+
+static void hid_pointer_event_clear(HIDPointerEvent *e, int buttons)
+{
+ e->xdx = e->ydy = e->dz = 0;
+ e->buttons_state = buttons;
+}
+
+static void hid_pointer_event_combine(HIDPointerEvent *e, int xyrel,
+ int x1, int y1, int z1) {
+ if (xyrel) {
+ e->xdx += x1;
+ e->ydy += y1;
+ } else {
+ e->xdx = x1;
+ e->ydy = y1;
+ /* Windows drivers do not like the 0/0 position and ignore such
+ * events. */
+ if (!(x1 | y1)) {
+ e->xdx = 1;
+ }
+ }
+ e->dz += z1;
+}
+
+static void hid_pointer_event(void *opaque,
+ int x1, int y1, int z1, int buttons_state)
+{
+ HIDState *hs = opaque;
+ unsigned use_slot = (hs->head + hs->n - 1) & QUEUE_MASK;
+ unsigned previous_slot = (use_slot - 1) & QUEUE_MASK;
+
+ /* We combine events where feasible to keep the queue small. We shouldn't
+ * combine anything with the first event of a particular button state, as
+ * that would change the location of the button state change. When the
+ * queue is empty, a second event is needed because we don't know if
+ * the first event changed the button state. */
+ if (hs->n == QUEUE_LENGTH) {
+ /* Queue full. Discard old button state, combine motion normally. */
+ hs->ptr.queue[use_slot].buttons_state = buttons_state;
+ } else if (hs->n < 2 ||
+ hs->ptr.queue[use_slot].buttons_state != buttons_state ||
+ hs->ptr.queue[previous_slot].buttons_state !=
+ hs->ptr.queue[use_slot].buttons_state) {
+ /* Cannot or should not combine, so add an empty item to the queue. */
+ QUEUE_INCR(use_slot);
+ hs->n++;
+ hid_pointer_event_clear(&hs->ptr.queue[use_slot], buttons_state);
+ }
+ hid_pointer_event_combine(&hs->ptr.queue[use_slot],
+ hs->kind == HID_MOUSE,
+ x1, y1, z1);
+ hs->event(hs);
+}
+
+static void hid_keyboard_event(void *opaque, int keycode)
+{
+ HIDState *hs = opaque;
+ int slot;
+
+ if (hs->n == QUEUE_LENGTH) {
+ fprintf(stderr, "usb-kbd: warning: key event queue full\n");
+ return;
+ }
+ slot = (hs->head + hs->n) & QUEUE_MASK; hs->n++;
+ hs->kbd.keycodes[slot] = keycode;
+ hs->event(hs);
+}
+
+static void hid_keyboard_process_keycode(HIDState *hs)
+{
+ uint8_t hid_code, key;
+ int i, keycode, slot;
+
+ if (hs->n == 0) {
+ return;
+ }
+ slot = hs->head & QUEUE_MASK; QUEUE_INCR(hs->head); hs->n--;
+ keycode = hs->kbd.keycodes[slot];
+
+ key = keycode & 0x7f;
+ hid_code = hid_usage_keys[key | ((hs->kbd.modifiers >> 1) & (1 << 7))];
+ hs->kbd.modifiers &= ~(1 << 8);
+
+ switch (hid_code) {
+ case 0x00:
+ return;
+
+ case 0xe0:
+ if (hs->kbd.modifiers & (1 << 9)) {
+ hs->kbd.modifiers ^= 3 << 8;
+ return;
+ }
+ case 0xe1 ... 0xe7:
+ if (keycode & (1 << 7)) {
+ hs->kbd.modifiers &= ~(1 << (hid_code & 0x0f));
+ return;
+ }
+ case 0xe8 ... 0xef:
+ hs->kbd.modifiers |= 1 << (hid_code & 0x0f);
+ return;
+ }
+
+ if (keycode & (1 << 7)) {
+ for (i = hs->kbd.keys - 1; i >= 0; i--) {
+ if (hs->kbd.key[i] == hid_code) {
+ hs->kbd.key[i] = hs->kbd.key[-- hs->kbd.keys];
+ hs->kbd.key[hs->kbd.keys] = 0x00;
+ break;
+ }
+ }
+ if (i < 0) {
+ return;
+ }
+ } else {
+ for (i = hs->kbd.keys - 1; i >= 0; i--) {
+ if (hs->kbd.key[i] == hid_code) {
+ break;
+ }
+ }
+ if (i < 0) {
+ if (hs->kbd.keys < sizeof(hs->kbd.key)) {
+ hs->kbd.key[hs->kbd.keys++] = hid_code;
+ }
+ } else {
+ return;
+ }
+ }
+}
+
+static inline int int_clamp(int val, int vmin, int vmax)
+{
+ if (val < vmin) {
+ return vmin;
+ } else if (val > vmax) {
+ return vmax;
+ } else {
+ return val;
+ }
+}
+
+void hid_pointer_activate(HIDState *hs)
+{
+ if (!hs->ptr.mouse_grabbed) {
+ qemu_activate_mouse_event_handler(hs->ptr.eh_entry);
+ hs->ptr.mouse_grabbed = 1;
+ }
+}
+
+int hid_pointer_poll(HIDState *hs, uint8_t *buf, int len)
+{
+ int dx, dy, dz, b, l;
+ int index;
+ HIDPointerEvent *e;
+
+ hs->idle_pending = false;
+
+ hid_pointer_activate(hs);
+
+ /* When the buffer is empty, return the last event. Relative
+ movements will all be zero. */
+ index = (hs->n ? hs->head : hs->head - 1);
+ e = &hs->ptr.queue[index & QUEUE_MASK];
+
+ if (hs->kind == HID_MOUSE) {
+ dx = int_clamp(e->xdx, -127, 127);
+ dy = int_clamp(e->ydy, -127, 127);
+ e->xdx -= dx;
+ e->ydy -= dy;
+ } else {
+ dx = e->xdx;
+ dy = e->ydy;
+ }
+ dz = int_clamp(e->dz, -127, 127);
+ e->dz -= dz;
+
+ b = 0;
+ if (e->buttons_state & MOUSE_EVENT_LBUTTON) {
+ b |= 0x01;
+ }
+ if (e->buttons_state & MOUSE_EVENT_RBUTTON) {
+ b |= 0x02;
+ }
+ if (e->buttons_state & MOUSE_EVENT_MBUTTON) {
+ b |= 0x04;
+ }
+
+ if (hs->n &&
+ !e->dz &&
+ (hs->kind == HID_TABLET || (!e->xdx && !e->ydy))) {
+ /* that deals with this event */
+ QUEUE_INCR(hs->head);
+ hs->n--;
+ }
+
+ /* Appears we have to invert the wheel direction */
+ dz = 0 - dz;
+ l = 0;
+ switch (hs->kind) {
+ case HID_MOUSE:
+ if (len > l) {
+ buf[l++] = b;
+ }
+ if (len > l) {
+ buf[l++] = dx;
+ }
+ if (len > l) {
+ buf[l++] = dy;
+ }
+ if (len > l) {
+ buf[l++] = dz;
+ }
+ break;
+
+ case HID_TABLET:
+ if (len > l) {
+ buf[l++] = b;
+ }
+ if (len > l) {
+ buf[l++] = dx & 0xff;
+ }
+ if (len > l) {
+ buf[l++] = dx >> 8;
+ }
+ if (len > l) {
+ buf[l++] = dy & 0xff;
+ }
+ if (len > l) {
+ buf[l++] = dy >> 8;
+ }
+ if (len > l) {
+ buf[l++] = dz;
+ }
+ break;
+
+ default:
+ abort();
+ }
+
+ return l;
+}
+
+int hid_keyboard_poll(HIDState *hs, uint8_t *buf, int len)
+{
+ hs->idle_pending = false;
+
+ if (len < 2) {
+ return 0;
+ }
+
+ hid_keyboard_process_keycode(hs);
+
+ buf[0] = hs->kbd.modifiers & 0xff;
+ buf[1] = 0;
+ if (hs->kbd.keys > 6) {
+ memset(buf + 2, HID_USAGE_ERROR_ROLLOVER, MIN(8, len) - 2);
+ } else {
+ memcpy(buf + 2, hs->kbd.key, MIN(8, len) - 2);
+ }
+
+ return MIN(8, len);
+}
+
+int hid_keyboard_write(HIDState *hs, uint8_t *buf, int len)
+{
+ if (len > 0) {
+ int ledstate = 0;
+ /* 0x01: Num Lock LED
+ * 0x02: Caps Lock LED
+ * 0x04: Scroll Lock LED
+ * 0x08: Compose LED
+ * 0x10: Kana LED */
+ hs->kbd.leds = buf[0];
+ if (hs->kbd.leds & 0x04) {
+ ledstate |= QEMU_SCROLL_LOCK_LED;
+ }
+ if (hs->kbd.leds & 0x01) {
+ ledstate |= QEMU_NUM_LOCK_LED;
+ }
+ if (hs->kbd.leds & 0x02) {
+ ledstate |= QEMU_CAPS_LOCK_LED;
+ }
+ kbd_put_ledstate(ledstate);
+ }
+ return 0;
+}
+
+void hid_reset(HIDState *hs)
+{
+ switch (hs->kind) {
+ case HID_KEYBOARD:
+ memset(hs->kbd.keycodes, 0, sizeof(hs->kbd.keycodes));
+ memset(hs->kbd.key, 0, sizeof(hs->kbd.key));
+ hs->kbd.keys = 0;
+ break;
+ case HID_MOUSE:
+ case HID_TABLET:
+ memset(hs->ptr.queue, 0, sizeof(hs->ptr.queue));
+ break;
+ }
+ hs->head = 0;
+ hs->n = 0;
+ hs->protocol = 1;
+ hs->idle = 0;
+ hs->idle_pending = false;
+ hid_del_idle_timer(hs);
+}
+
+void hid_free(HIDState *hs)
+{
+ switch (hs->kind) {
+ case HID_KEYBOARD:
+ qemu_remove_kbd_event_handler(hs->kbd.eh_entry);
+ break;
+ case HID_MOUSE:
+ case HID_TABLET:
+ qemu_remove_mouse_event_handler(hs->ptr.eh_entry);
+ break;
+ }
+ hid_del_idle_timer(hs);
+}
+
+void hid_init(HIDState *hs, int kind, HIDEventFunc event)
+{
+ hs->kind = kind;
+ hs->event = event;
+
+ if (hs->kind == HID_KEYBOARD) {
+ hs->kbd.eh_entry = qemu_add_kbd_event_handler(hid_keyboard_event, hs);
+ } else if (hs->kind == HID_MOUSE) {
+ hs->ptr.eh_entry = qemu_add_mouse_event_handler(hid_pointer_event, hs,
+ 0, "QEMU HID Mouse");
+ } else if (hs->kind == HID_TABLET) {
+ hs->ptr.eh_entry = qemu_add_mouse_event_handler(hid_pointer_event, hs,
+ 1, "QEMU HID Tablet");
+ }
+}
+
+static int hid_post_load(void *opaque, int version_id)
+{
+ HIDState *s = opaque;
+
+ hid_set_next_idle(s);
+ return 0;
+}
+
+static const VMStateDescription vmstate_hid_ptr_queue = {
+ .name = "HIDPointerEventQueue",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .fields = (VMStateField[]) {
+ VMSTATE_INT32(xdx, HIDPointerEvent),
+ VMSTATE_INT32(ydy, HIDPointerEvent),
+ VMSTATE_INT32(dz, HIDPointerEvent),
+ VMSTATE_INT32(buttons_state, HIDPointerEvent),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+const VMStateDescription vmstate_hid_ptr_device = {
+ .name = "HIDPointerDevice",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .post_load = hid_post_load,
+ .fields = (VMStateField[]) {
+ VMSTATE_STRUCT_ARRAY(ptr.queue, HIDState, QUEUE_LENGTH, 0,
+ vmstate_hid_ptr_queue, HIDPointerEvent),
+ VMSTATE_UINT32(head, HIDState),
+ VMSTATE_UINT32(n, HIDState),
+ VMSTATE_INT32(protocol, HIDState),
+ VMSTATE_UINT8(idle, HIDState),
+ VMSTATE_END_OF_LIST(),
+ }
+};
+
+const VMStateDescription vmstate_hid_keyboard_device = {
+ .name = "HIDKeyboardDevice",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .post_load = hid_post_load,
+ .fields = (VMStateField[]) {
+ VMSTATE_UINT32_ARRAY(kbd.keycodes, HIDState, QUEUE_LENGTH),
+ VMSTATE_UINT32(head, HIDState),
+ VMSTATE_UINT32(n, HIDState),
+ VMSTATE_UINT16(kbd.modifiers, HIDState),
+ VMSTATE_UINT8(kbd.leds, HIDState),
+ VMSTATE_UINT8_ARRAY(kbd.key, HIDState, 16),
+ VMSTATE_INT32(kbd.keys, HIDState),
+ VMSTATE_INT32(protocol, HIDState),
+ VMSTATE_UINT8(idle, HIDState),
+ VMSTATE_END_OF_LIST(),
+ }
+};
diff --git a/hw/input/lm832x.c b/hw/input/lm832x.c
new file mode 100644
index 000000000..bacbeb234
--- /dev/null
+++ b/hw/input/lm832x.c
@@ -0,0 +1,521 @@
+/*
+ * National Semiconductor LM8322/8323 GPIO keyboard & PWM chips.
+ *
+ * Copyright (C) 2008 Nokia Corporation
+ * Written by Andrzej Zaborowski <andrew@openedhand.com>
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License as
+ * published by the Free Software Foundation; either version 2 or
+ * (at your option) version 3 of the License.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "hw/hw.h"
+#include "hw/i2c/i2c.h"
+#include "qemu/timer.h"
+#include "ui/console.h"
+
+typedef struct {
+ I2CSlave i2c;
+ uint8_t i2c_dir;
+ uint8_t i2c_cycle;
+ uint8_t reg;
+
+ qemu_irq nirq;
+ uint16_t model;
+
+ struct {
+ qemu_irq out[2];
+ int in[2][2];
+ } mux;
+
+ uint8_t config;
+ uint8_t status;
+ uint8_t acttime;
+ uint8_t error;
+ uint8_t clock;
+
+ struct {
+ uint16_t pull;
+ uint16_t mask;
+ uint16_t dir;
+ uint16_t level;
+ qemu_irq out[16];
+ } gpio;
+
+ struct {
+ uint8_t dbnctime;
+ uint8_t size;
+ uint8_t start;
+ uint8_t len;
+ uint8_t fifo[16];
+ } kbd;
+
+ struct {
+ uint16_t file[256];
+ uint8_t faddr;
+ uint8_t addr[3];
+ QEMUTimer *tm[3];
+ } pwm;
+} LM823KbdState;
+
+#define INT_KEYPAD (1 << 0)
+#define INT_ERROR (1 << 3)
+#define INT_NOINIT (1 << 4)
+#define INT_PWMEND(n) (1 << (5 + n))
+
+#define ERR_BADPAR (1 << 0)
+#define ERR_CMDUNK (1 << 1)
+#define ERR_KEYOVR (1 << 2)
+#define ERR_FIFOOVR (1 << 6)
+
+static void lm_kbd_irq_update(LM823KbdState *s)
+{
+ qemu_set_irq(s->nirq, !s->status);
+}
+
+static void lm_kbd_gpio_update(LM823KbdState *s)
+{
+}
+
+static void lm_kbd_reset(LM823KbdState *s)
+{
+ s->config = 0x80;
+ s->status = INT_NOINIT;
+ s->acttime = 125;
+ s->kbd.dbnctime = 3;
+ s->kbd.size = 0x33;
+ s->clock = 0x08;
+
+ lm_kbd_irq_update(s);
+ lm_kbd_gpio_update(s);
+}
+
+static void lm_kbd_error(LM823KbdState *s, int err)
+{
+ s->error |= err;
+ s->status |= INT_ERROR;
+ lm_kbd_irq_update(s);
+}
+
+static void lm_kbd_pwm_tick(LM823KbdState *s, int line)
+{
+}
+
+static void lm_kbd_pwm_start(LM823KbdState *s, int line)
+{
+ lm_kbd_pwm_tick(s, line);
+}
+
+static void lm_kbd_pwm0_tick(void *opaque)
+{
+ lm_kbd_pwm_tick(opaque, 0);
+}
+static void lm_kbd_pwm1_tick(void *opaque)
+{
+ lm_kbd_pwm_tick(opaque, 1);
+}
+static void lm_kbd_pwm2_tick(void *opaque)
+{
+ lm_kbd_pwm_tick(opaque, 2);
+}
+
+enum {
+ LM832x_CMD_READ_ID = 0x80, /* Read chip ID. */
+ LM832x_CMD_WRITE_CFG = 0x81, /* Set configuration item. */
+ LM832x_CMD_READ_INT = 0x82, /* Get interrupt status. */
+ LM832x_CMD_RESET = 0x83, /* Reset, same as external one */
+ LM823x_CMD_WRITE_PULL_DOWN = 0x84, /* Select GPIO pull-up/down. */
+ LM832x_CMD_WRITE_PORT_SEL = 0x85, /* Select GPIO in/out. */
+ LM832x_CMD_WRITE_PORT_STATE = 0x86, /* Set GPIO pull-up/down. */
+ LM832x_CMD_READ_PORT_SEL = 0x87, /* Get GPIO in/out. */
+ LM832x_CMD_READ_PORT_STATE = 0x88, /* Get GPIO pull-up/down. */
+ LM832x_CMD_READ_FIFO = 0x89, /* Read byte from FIFO. */
+ LM832x_CMD_RPT_READ_FIFO = 0x8a, /* Read FIFO (no increment). */
+ LM832x_CMD_SET_ACTIVE = 0x8b, /* Set active time. */
+ LM832x_CMD_READ_ERROR = 0x8c, /* Get error status. */
+ LM832x_CMD_READ_ROTATOR = 0x8e, /* Read rotator status. */
+ LM832x_CMD_SET_DEBOUNCE = 0x8f, /* Set debouncing time. */
+ LM832x_CMD_SET_KEY_SIZE = 0x90, /* Set keypad size. */
+ LM832x_CMD_READ_KEY_SIZE = 0x91, /* Get keypad size. */
+ LM832x_CMD_READ_CFG = 0x92, /* Get configuration item. */
+ LM832x_CMD_WRITE_CLOCK = 0x93, /* Set clock config. */
+ LM832x_CMD_READ_CLOCK = 0x94, /* Get clock config. */
+ LM832x_CMD_PWM_WRITE = 0x95, /* Write PWM script. */
+ LM832x_CMD_PWM_START = 0x96, /* Start PWM engine. */
+ LM832x_CMD_PWM_STOP = 0x97, /* Stop PWM engine. */
+ LM832x_GENERAL_ERROR = 0xff, /* There was one error.
+ Previously was represented by -1
+ This is not a command */
+};
+
+#define LM832x_MAX_KPX 8
+#define LM832x_MAX_KPY 12
+
+static uint8_t lm_kbd_read(LM823KbdState *s, int reg, int byte)
+{
+ int ret;
+
+ switch (reg) {
+ case LM832x_CMD_READ_ID:
+ ret = 0x0400;
+ break;
+
+ case LM832x_CMD_READ_INT:
+ ret = s->status;
+ if (!(s->status & INT_NOINIT)) {
+ s->status = 0;
+ lm_kbd_irq_update(s);
+ }
+ break;
+
+ case LM832x_CMD_READ_PORT_SEL:
+ ret = s->gpio.dir;
+ break;
+ case LM832x_CMD_READ_PORT_STATE:
+ ret = s->gpio.mask;
+ break;
+
+ case LM832x_CMD_READ_FIFO:
+ if (s->kbd.len <= 1)
+ return 0x00;
+
+ /* Example response from the two commands after a INT_KEYPAD
+ * interrupt caused by the key 0x3c being pressed:
+ * RPT_READ_FIFO: 55 bc 00 4e ff 0a 50 08 00 29 d9 08 01 c9 01
+ * READ_FIFO: bc 00 00 4e ff 0a 50 08 00 29 d9 08 01 c9 01
+ * RPT_READ_FIFO: bc 00 00 4e ff 0a 50 08 00 29 d9 08 01 c9 01
+ *
+ * 55 is the code of the key release event serviced in the previous
+ * interrupt handling.
+ *
+ * TODO: find out whether the FIFO is advanced a single character
+ * before reading every byte or the whole size of the FIFO at the
+ * last LM832x_CMD_READ_FIFO. This affects LM832x_CMD_RPT_READ_FIFO
+ * output in cases where there are more than one event in the FIFO.
+ * Assume 0xbc and 0x3c events are in the FIFO:
+ * RPT_READ_FIFO: 55 bc 3c 00 4e ff 0a 50 08 00 29 d9 08 01 c9
+ * READ_FIFO: bc 3c 00 00 4e ff 0a 50 08 00 29 d9 08 01 c9
+ * Does RPT_READ_FIFO now return 0xbc and 0x3c or only 0x3c?
+ */
+ s->kbd.start ++;
+ s->kbd.start &= sizeof(s->kbd.fifo) - 1;
+ s->kbd.len --;
+
+ return s->kbd.fifo[s->kbd.start];
+ case LM832x_CMD_RPT_READ_FIFO:
+ if (byte >= s->kbd.len)
+ return 0x00;
+
+ return s->kbd.fifo[(s->kbd.start + byte) & (sizeof(s->kbd.fifo) - 1)];
+
+ case LM832x_CMD_READ_ERROR:
+ return s->error;
+
+ case LM832x_CMD_READ_ROTATOR:
+ return 0;
+
+ case LM832x_CMD_READ_KEY_SIZE:
+ return s->kbd.size;
+
+ case LM832x_CMD_READ_CFG:
+ return s->config & 0xf;
+
+ case LM832x_CMD_READ_CLOCK:
+ return (s->clock & 0xfc) | 2;
+
+ default:
+ lm_kbd_error(s, ERR_CMDUNK);
+ fprintf(stderr, "%s: unknown command %02x\n", __FUNCTION__, reg);
+ return 0x00;
+ }
+
+ return ret >> (byte << 3);
+}
+
+static void lm_kbd_write(LM823KbdState *s, int reg, int byte, uint8_t value)
+{
+ switch (reg) {
+ case LM832x_CMD_WRITE_CFG:
+ s->config = value;
+ /* This must be done whenever s->mux.in is updated (never). */
+ if ((s->config >> 1) & 1) /* MUX1EN */
+ qemu_set_irq(s->mux.out[0], s->mux.in[0][(s->config >> 0) & 1]);
+ if ((s->config >> 3) & 1) /* MUX2EN */
+ qemu_set_irq(s->mux.out[0], s->mux.in[0][(s->config >> 2) & 1]);
+ /* TODO: check that this is issued only following the chip reset
+ * and not in the middle of operation and that it is followed by
+ * the GPIO ports re-resablishing through WRITE_PORT_SEL and
+ * WRITE_PORT_STATE (using a timer perhaps) and otherwise output
+ * warnings. */
+ s->status = 0;
+ lm_kbd_irq_update(s);
+ s->kbd.len = 0;
+ s->kbd.start = 0;
+ s->reg = LM832x_GENERAL_ERROR;
+ break;
+
+ case LM832x_CMD_RESET:
+ if (value == 0xaa)
+ lm_kbd_reset(s);
+ else
+ lm_kbd_error(s, ERR_BADPAR);
+ s->reg = LM832x_GENERAL_ERROR;
+ break;
+
+ case LM823x_CMD_WRITE_PULL_DOWN:
+ if (!byte)
+ s->gpio.pull = value;
+ else {
+ s->gpio.pull |= value << 8;
+ lm_kbd_gpio_update(s);
+ s->reg = LM832x_GENERAL_ERROR;
+ }
+ break;
+ case LM832x_CMD_WRITE_PORT_SEL:
+ if (!byte)
+ s->gpio.dir = value;
+ else {
+ s->gpio.dir |= value << 8;
+ lm_kbd_gpio_update(s);
+ s->reg = LM832x_GENERAL_ERROR;
+ }
+ break;
+ case LM832x_CMD_WRITE_PORT_STATE:
+ if (!byte)
+ s->gpio.mask = value;
+ else {
+ s->gpio.mask |= value << 8;
+ lm_kbd_gpio_update(s);
+ s->reg = LM832x_GENERAL_ERROR;
+ }
+ break;
+
+ case LM832x_CMD_SET_ACTIVE:
+ s->acttime = value;
+ s->reg = LM832x_GENERAL_ERROR;
+ break;
+
+ case LM832x_CMD_SET_DEBOUNCE:
+ s->kbd.dbnctime = value;
+ s->reg = LM832x_GENERAL_ERROR;
+ if (!value)
+ lm_kbd_error(s, ERR_BADPAR);
+ break;
+
+ case LM832x_CMD_SET_KEY_SIZE:
+ s->kbd.size = value;
+ s->reg = LM832x_GENERAL_ERROR;
+ if (
+ (value & 0xf) < 3 || (value & 0xf) > LM832x_MAX_KPY ||
+ (value >> 4) < 3 || (value >> 4) > LM832x_MAX_KPX)
+ lm_kbd_error(s, ERR_BADPAR);
+ break;
+
+ case LM832x_CMD_WRITE_CLOCK:
+ s->clock = value;
+ s->reg = LM832x_GENERAL_ERROR;
+ if ((value & 3) && (value & 3) != 3) {
+ lm_kbd_error(s, ERR_BADPAR);
+ fprintf(stderr, "%s: invalid clock setting in RCPWM\n",
+ __FUNCTION__);
+ }
+ /* TODO: Validate that the command is only issued once */
+ break;
+
+ case LM832x_CMD_PWM_WRITE:
+ if (byte == 0) {
+ if (!(value & 3) || (value >> 2) > 59) {
+ lm_kbd_error(s, ERR_BADPAR);
+ s->reg = LM832x_GENERAL_ERROR;
+ break;
+ }
+
+ s->pwm.faddr = value;
+ s->pwm.file[s->pwm.faddr] = 0;
+ } else if (byte == 1) {
+ s->pwm.file[s->pwm.faddr] |= value << 8;
+ } else if (byte == 2) {
+ s->pwm.file[s->pwm.faddr] |= value << 0;
+ s->reg = LM832x_GENERAL_ERROR;
+ }
+ break;
+ case LM832x_CMD_PWM_START:
+ s->reg = LM832x_GENERAL_ERROR;
+ if (!(value & 3) || (value >> 2) > 59) {
+ lm_kbd_error(s, ERR_BADPAR);
+ break;
+ }
+
+ s->pwm.addr[(value & 3) - 1] = value >> 2;
+ lm_kbd_pwm_start(s, (value & 3) - 1);
+ break;
+ case LM832x_CMD_PWM_STOP:
+ s->reg = LM832x_GENERAL_ERROR;
+ if (!(value & 3)) {
+ lm_kbd_error(s, ERR_BADPAR);
+ break;
+ }
+
+ qemu_del_timer(s->pwm.tm[(value & 3) - 1]);
+ break;
+
+ case LM832x_GENERAL_ERROR:
+ lm_kbd_error(s, ERR_BADPAR);
+ break;
+ default:
+ lm_kbd_error(s, ERR_CMDUNK);
+ fprintf(stderr, "%s: unknown command %02x\n", __FUNCTION__, reg);
+ break;
+ }
+}
+
+static void lm_i2c_event(I2CSlave *i2c, enum i2c_event event)
+{
+ LM823KbdState *s = FROM_I2C_SLAVE(LM823KbdState, i2c);
+
+ switch (event) {
+ case I2C_START_RECV:
+ case I2C_START_SEND:
+ s->i2c_cycle = 0;
+ s->i2c_dir = (event == I2C_START_SEND);
+ break;
+
+ default:
+ break;
+ }
+}
+
+static int lm_i2c_rx(I2CSlave *i2c)
+{
+ LM823KbdState *s = FROM_I2C_SLAVE(LM823KbdState, i2c);
+
+ return lm_kbd_read(s, s->reg, s->i2c_cycle ++);
+}
+
+static int lm_i2c_tx(I2CSlave *i2c, uint8_t data)
+{
+ LM823KbdState *s = (LM823KbdState *) i2c;
+
+ if (!s->i2c_cycle)
+ s->reg = data;
+ else
+ lm_kbd_write(s, s->reg, s->i2c_cycle - 1, data);
+ s->i2c_cycle ++;
+
+ return 0;
+}
+
+static int lm_kbd_post_load(void *opaque, int version_id)
+{
+ LM823KbdState *s = opaque;
+
+ lm_kbd_irq_update(s);
+ lm_kbd_gpio_update(s);
+
+ return 0;
+}
+
+static const VMStateDescription vmstate_lm_kbd = {
+ .name = "LM8323",
+ .version_id = 0,
+ .minimum_version_id = 0,
+ .minimum_version_id_old = 0,
+ .post_load = lm_kbd_post_load,
+ .fields = (VMStateField []) {
+ VMSTATE_I2C_SLAVE(i2c, LM823KbdState),
+ VMSTATE_UINT8(i2c_dir, LM823KbdState),
+ VMSTATE_UINT8(i2c_cycle, LM823KbdState),
+ VMSTATE_UINT8(reg, LM823KbdState),
+ VMSTATE_UINT8(config, LM823KbdState),
+ VMSTATE_UINT8(status, LM823KbdState),
+ VMSTATE_UINT8(acttime, LM823KbdState),
+ VMSTATE_UINT8(error, LM823KbdState),
+ VMSTATE_UINT8(clock, LM823KbdState),
+ VMSTATE_UINT16(gpio.pull, LM823KbdState),
+ VMSTATE_UINT16(gpio.mask, LM823KbdState),
+ VMSTATE_UINT16(gpio.dir, LM823KbdState),
+ VMSTATE_UINT16(gpio.level, LM823KbdState),
+ VMSTATE_UINT8(kbd.dbnctime, LM823KbdState),
+ VMSTATE_UINT8(kbd.size, LM823KbdState),
+ VMSTATE_UINT8(kbd.start, LM823KbdState),
+ VMSTATE_UINT8(kbd.len, LM823KbdState),
+ VMSTATE_BUFFER(kbd.fifo, LM823KbdState),
+ VMSTATE_UINT16_ARRAY(pwm.file, LM823KbdState, 256),
+ VMSTATE_UINT8(pwm.faddr, LM823KbdState),
+ VMSTATE_BUFFER(pwm.addr, LM823KbdState),
+ VMSTATE_TIMER_ARRAY(pwm.tm, LM823KbdState, 3),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+
+static int lm8323_init(I2CSlave *i2c)
+{
+ LM823KbdState *s = FROM_I2C_SLAVE(LM823KbdState, i2c);
+
+ s->model = 0x8323;
+ s->pwm.tm[0] = qemu_new_timer_ns(vm_clock, lm_kbd_pwm0_tick, s);
+ s->pwm.tm[1] = qemu_new_timer_ns(vm_clock, lm_kbd_pwm1_tick, s);
+ s->pwm.tm[2] = qemu_new_timer_ns(vm_clock, lm_kbd_pwm2_tick, s);
+ qdev_init_gpio_out(&i2c->qdev, &s->nirq, 1);
+
+ lm_kbd_reset(s);
+
+ qemu_register_reset((void *) lm_kbd_reset, s);
+ return 0;
+}
+
+void lm832x_key_event(DeviceState *dev, int key, int state)
+{
+ LM823KbdState *s = FROM_I2C_SLAVE(LM823KbdState, I2C_SLAVE(dev));
+
+ if ((s->status & INT_ERROR) && (s->error & ERR_FIFOOVR))
+ return;
+
+ if (s->kbd.len >= sizeof(s->kbd.fifo)) {
+ lm_kbd_error(s, ERR_FIFOOVR);
+ return;
+ }
+
+ s->kbd.fifo[(s->kbd.start + s->kbd.len ++) & (sizeof(s->kbd.fifo) - 1)] =
+ key | (state << 7);
+
+ /* We never set ERR_KEYOVR because we support multiple keys fine. */
+ s->status |= INT_KEYPAD;
+ lm_kbd_irq_update(s);
+}
+
+static void lm8323_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ I2CSlaveClass *k = I2C_SLAVE_CLASS(klass);
+
+ k->init = lm8323_init;
+ k->event = lm_i2c_event;
+ k->recv = lm_i2c_rx;
+ k->send = lm_i2c_tx;
+ dc->vmsd = &vmstate_lm_kbd;
+}
+
+static const TypeInfo lm8323_info = {
+ .name = "lm8323",
+ .parent = TYPE_I2C_SLAVE,
+ .instance_size = sizeof(LM823KbdState),
+ .class_init = lm8323_class_init,
+};
+
+static void lm832x_register_types(void)
+{
+ type_register_static(&lm8323_info);
+}
+
+type_init(lm832x_register_types)
diff --git a/hw/input/milkymist-softusb.c b/hw/input/milkymist-softusb.c
new file mode 100644
index 000000000..ecde33cb9
--- /dev/null
+++ b/hw/input/milkymist-softusb.c
@@ -0,0 +1,338 @@
+/*
+ * QEMU model of the Milkymist SoftUSB block.
+ *
+ * Copyright (c) 2010 Michael Walle <michael@walle.cc>
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, see <http://www.gnu.org/licenses/>.
+ *
+ *
+ * Specification available at:
+ * not available yet
+ */
+
+#include "hw/hw.h"
+#include "hw/sysbus.h"
+#include "trace.h"
+#include "ui/console.h"
+#include "hw/input/hid.h"
+#include "qemu/error-report.h"
+
+enum {
+ R_CTRL = 0,
+ R_MAX
+};
+
+enum {
+ CTRL_RESET = (1<<0),
+};
+
+#define COMLOC_DEBUG_PRODUCE 0x1000
+#define COMLOC_DEBUG_BASE 0x1001
+#define COMLOC_MEVT_PRODUCE 0x1101
+#define COMLOC_MEVT_BASE 0x1102
+#define COMLOC_KEVT_PRODUCE 0x1142
+#define COMLOC_KEVT_BASE 0x1143
+
+#define TYPE_MILKYMIST_SOFTUSB "milkymist-softusb"
+#define MILKYMIST_SOFTUSB(obj) \
+ OBJECT_CHECK(MilkymistSoftUsbState, (obj), TYPE_MILKYMIST_SOFTUSB)
+
+struct MilkymistSoftUsbState {
+ SysBusDevice parent_obj;
+
+ HIDState hid_kbd;
+ HIDState hid_mouse;
+
+ MemoryRegion regs_region;
+ MemoryRegion pmem;
+ MemoryRegion dmem;
+ qemu_irq irq;
+
+ void *pmem_ptr;
+ void *dmem_ptr;
+
+ /* device properties */
+ uint32_t pmem_size;
+ uint32_t dmem_size;
+
+ /* device registers */
+ uint32_t regs[R_MAX];
+
+ /* mouse state */
+ uint8_t mouse_hid_buffer[4];
+
+ /* keyboard state */
+ uint8_t kbd_hid_buffer[8];
+};
+typedef struct MilkymistSoftUsbState MilkymistSoftUsbState;
+
+static uint64_t softusb_read(void *opaque, hwaddr addr,
+ unsigned size)
+{
+ MilkymistSoftUsbState *s = opaque;
+ uint32_t r = 0;
+
+ addr >>= 2;
+ switch (addr) {
+ case R_CTRL:
+ r = s->regs[addr];
+ break;
+
+ default:
+ error_report("milkymist_softusb: read access to unknown register 0x"
+ TARGET_FMT_plx, addr << 2);
+ break;
+ }
+
+ trace_milkymist_softusb_memory_read(addr << 2, r);
+
+ return r;
+}
+
+static void
+softusb_write(void *opaque, hwaddr addr, uint64_t value,
+ unsigned size)
+{
+ MilkymistSoftUsbState *s = opaque;
+
+ trace_milkymist_softusb_memory_write(addr, value);
+
+ addr >>= 2;
+ switch (addr) {
+ case R_CTRL:
+ s->regs[addr] = value;
+ break;
+
+ default:
+ error_report("milkymist_softusb: write access to unknown register 0x"
+ TARGET_FMT_plx, addr << 2);
+ break;
+ }
+}
+
+static const MemoryRegionOps softusb_mmio_ops = {
+ .read = softusb_read,
+ .write = softusb_write,
+ .endianness = DEVICE_NATIVE_ENDIAN,
+ .valid = {
+ .min_access_size = 4,
+ .max_access_size = 4,
+ },
+};
+
+static inline void softusb_read_dmem(MilkymistSoftUsbState *s,
+ uint32_t offset, uint8_t *buf, uint32_t len)
+{
+ if (offset + len >= s->dmem_size) {
+ error_report("milkymist_softusb: read dmem out of bounds "
+ "at offset 0x%x, len %d", offset, len);
+ memset(buf, 0, len);
+ return;
+ }
+
+ memcpy(buf, s->dmem_ptr + offset, len);
+}
+
+static inline void softusb_write_dmem(MilkymistSoftUsbState *s,
+ uint32_t offset, uint8_t *buf, uint32_t len)
+{
+ if (offset + len >= s->dmem_size) {
+ error_report("milkymist_softusb: write dmem out of bounds "
+ "at offset 0x%x, len %d", offset, len);
+ return;
+ }
+
+ memcpy(s->dmem_ptr + offset, buf, len);
+}
+
+static inline void softusb_read_pmem(MilkymistSoftUsbState *s,
+ uint32_t offset, uint8_t *buf, uint32_t len)
+{
+ if (offset + len >= s->pmem_size) {
+ error_report("milkymist_softusb: read pmem out of bounds "
+ "at offset 0x%x, len %d", offset, len);
+ memset(buf, 0, len);
+ return;
+ }
+
+ memcpy(buf, s->pmem_ptr + offset, len);
+}
+
+static inline void softusb_write_pmem(MilkymistSoftUsbState *s,
+ uint32_t offset, uint8_t *buf, uint32_t len)
+{
+ if (offset + len >= s->pmem_size) {
+ error_report("milkymist_softusb: write pmem out of bounds "
+ "at offset 0x%x, len %d", offset, len);
+ return;
+ }
+
+ memcpy(s->pmem_ptr + offset, buf, len);
+}
+
+static void softusb_mouse_changed(MilkymistSoftUsbState *s)
+{
+ uint8_t m;
+
+ softusb_read_dmem(s, COMLOC_MEVT_PRODUCE, &m, 1);
+ trace_milkymist_softusb_mevt(m);
+ softusb_write_dmem(s, COMLOC_MEVT_BASE + 4 * m, s->mouse_hid_buffer, 4);
+ m = (m + 1) & 0xf;
+ softusb_write_dmem(s, COMLOC_MEVT_PRODUCE, &m, 1);
+
+ trace_milkymist_softusb_pulse_irq();
+ qemu_irq_pulse(s->irq);
+}
+
+static void softusb_kbd_changed(MilkymistSoftUsbState *s)
+{
+ uint8_t m;
+
+ softusb_read_dmem(s, COMLOC_KEVT_PRODUCE, &m, 1);
+ trace_milkymist_softusb_kevt(m);
+ softusb_write_dmem(s, COMLOC_KEVT_BASE + 8 * m, s->kbd_hid_buffer, 8);
+ m = (m + 1) & 0x7;
+ softusb_write_dmem(s, COMLOC_KEVT_PRODUCE, &m, 1);
+
+ trace_milkymist_softusb_pulse_irq();
+ qemu_irq_pulse(s->irq);
+}
+
+static void softusb_kbd_hid_datain(HIDState *hs)
+{
+ MilkymistSoftUsbState *s = container_of(hs, MilkymistSoftUsbState, hid_kbd);
+ int len;
+
+ /* if device is in reset, do nothing */
+ if (s->regs[R_CTRL] & CTRL_RESET) {
+ return;
+ }
+
+ len = hid_keyboard_poll(hs, s->kbd_hid_buffer, sizeof(s->kbd_hid_buffer));
+
+ if (len == 8) {
+ softusb_kbd_changed(s);
+ }
+}
+
+static void softusb_mouse_hid_datain(HIDState *hs)
+{
+ MilkymistSoftUsbState *s =
+ container_of(hs, MilkymistSoftUsbState, hid_mouse);
+ int len;
+
+ /* if device is in reset, do nothing */
+ if (s->regs[R_CTRL] & CTRL_RESET) {
+ return;
+ }
+
+ len = hid_pointer_poll(hs, s->mouse_hid_buffer,
+ sizeof(s->mouse_hid_buffer));
+
+ if (len == 4) {
+ softusb_mouse_changed(s);
+ }
+}
+
+static void milkymist_softusb_reset(DeviceState *d)
+{
+ MilkymistSoftUsbState *s = MILKYMIST_SOFTUSB(d);
+ int i;
+
+ for (i = 0; i < R_MAX; i++) {
+ s->regs[i] = 0;
+ }
+ memset(s->kbd_hid_buffer, 0, sizeof(s->kbd_hid_buffer));
+ memset(s->mouse_hid_buffer, 0, sizeof(s->mouse_hid_buffer));
+
+ hid_reset(&s->hid_kbd);
+ hid_reset(&s->hid_mouse);
+
+ /* defaults */
+ s->regs[R_CTRL] = CTRL_RESET;
+}
+
+static int milkymist_softusb_init(SysBusDevice *dev)
+{
+ MilkymistSoftUsbState *s = MILKYMIST_SOFTUSB(dev);
+
+ sysbus_init_irq(dev, &s->irq);
+
+ memory_region_init_io(&s->regs_region, OBJECT(s), &softusb_mmio_ops, s,
+ "milkymist-softusb", R_MAX * 4);
+ sysbus_init_mmio(dev, &s->regs_region);
+
+ /* register pmem and dmem */
+ memory_region_init_ram(&s->pmem, OBJECT(s), "milkymist-softusb.pmem",
+ s->pmem_size);
+ vmstate_register_ram_global(&s->pmem);
+ s->pmem_ptr = memory_region_get_ram_ptr(&s->pmem);
+ sysbus_init_mmio(dev, &s->pmem);
+ memory_region_init_ram(&s->dmem, OBJECT(s), "milkymist-softusb.dmem",
+ s->dmem_size);
+ vmstate_register_ram_global(&s->dmem);
+ s->dmem_ptr = memory_region_get_ram_ptr(&s->dmem);
+ sysbus_init_mmio(dev, &s->dmem);
+
+ hid_init(&s->hid_kbd, HID_KEYBOARD, softusb_kbd_hid_datain);
+ hid_init(&s->hid_mouse, HID_MOUSE, softusb_mouse_hid_datain);
+
+ return 0;
+}
+
+static const VMStateDescription vmstate_milkymist_softusb = {
+ .name = "milkymist-softusb",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .minimum_version_id_old = 1,
+ .fields = (VMStateField[]) {
+ VMSTATE_UINT32_ARRAY(regs, MilkymistSoftUsbState, R_MAX),
+ VMSTATE_HID_KEYBOARD_DEVICE(hid_kbd, MilkymistSoftUsbState),
+ VMSTATE_HID_POINTER_DEVICE(hid_mouse, MilkymistSoftUsbState),
+ VMSTATE_BUFFER(kbd_hid_buffer, MilkymistSoftUsbState),
+ VMSTATE_BUFFER(mouse_hid_buffer, MilkymistSoftUsbState),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+static Property milkymist_softusb_properties[] = {
+ DEFINE_PROP_UINT32("pmem_size", MilkymistSoftUsbState, pmem_size, 0x00001000),
+ DEFINE_PROP_UINT32("dmem_size", MilkymistSoftUsbState, dmem_size, 0x00002000),
+ DEFINE_PROP_END_OF_LIST(),
+};
+
+static void milkymist_softusb_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
+
+ k->init = milkymist_softusb_init;
+ dc->reset = milkymist_softusb_reset;
+ dc->vmsd = &vmstate_milkymist_softusb;
+ dc->props = milkymist_softusb_properties;
+}
+
+static const TypeInfo milkymist_softusb_info = {
+ .name = TYPE_MILKYMIST_SOFTUSB,
+ .parent = TYPE_SYS_BUS_DEVICE,
+ .instance_size = sizeof(MilkymistSoftUsbState),
+ .class_init = milkymist_softusb_class_init,
+};
+
+static void milkymist_softusb_register_types(void)
+{
+ type_register_static(&milkymist_softusb_info);
+}
+
+type_init(milkymist_softusb_register_types)
diff --git a/hw/input/pckbd.c b/hw/input/pckbd.c
new file mode 100644
index 000000000..ce86237cf
--- /dev/null
+++ b/hw/input/pckbd.c
@@ -0,0 +1,542 @@
+/*
+ * QEMU PC keyboard emulation
+ *
+ * Copyright (c) 2003 Fabrice Bellard
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+#include "hw/hw.h"
+#include "hw/isa/isa.h"
+#include "hw/i386/pc.h"
+#include "hw/input/ps2.h"
+#include "sysemu/sysemu.h"
+
+/* debug PC keyboard */
+//#define DEBUG_KBD
+#ifdef DEBUG_KBD
+#define DPRINTF(fmt, ...) \
+ do { printf("KBD: " fmt , ## __VA_ARGS__); } while (0)
+#else
+#define DPRINTF(fmt, ...)
+#endif
+
+/* Keyboard Controller Commands */
+#define KBD_CCMD_READ_MODE 0x20 /* Read mode bits */
+#define KBD_CCMD_WRITE_MODE 0x60 /* Write mode bits */
+#define KBD_CCMD_GET_VERSION 0xA1 /* Get controller version */
+#define KBD_CCMD_MOUSE_DISABLE 0xA7 /* Disable mouse interface */
+#define KBD_CCMD_MOUSE_ENABLE 0xA8 /* Enable mouse interface */
+#define KBD_CCMD_TEST_MOUSE 0xA9 /* Mouse interface test */
+#define KBD_CCMD_SELF_TEST 0xAA /* Controller self test */
+#define KBD_CCMD_KBD_TEST 0xAB /* Keyboard interface test */
+#define KBD_CCMD_KBD_DISABLE 0xAD /* Keyboard interface disable */
+#define KBD_CCMD_KBD_ENABLE 0xAE /* Keyboard interface enable */
+#define KBD_CCMD_READ_INPORT 0xC0 /* read input port */
+#define KBD_CCMD_READ_OUTPORT 0xD0 /* read output port */
+#define KBD_CCMD_WRITE_OUTPORT 0xD1 /* write output port */
+#define KBD_CCMD_WRITE_OBUF 0xD2
+#define KBD_CCMD_WRITE_AUX_OBUF 0xD3 /* Write to output buffer as if
+ initiated by the auxiliary device */
+#define KBD_CCMD_WRITE_MOUSE 0xD4 /* Write the following byte to the mouse */
+#define KBD_CCMD_DISABLE_A20 0xDD /* HP vectra only ? */
+#define KBD_CCMD_ENABLE_A20 0xDF /* HP vectra only ? */
+#define KBD_CCMD_PULSE_BITS_3_0 0xF0 /* Pulse bits 3-0 of the output port P2. */
+#define KBD_CCMD_RESET 0xFE /* Pulse bit 0 of the output port P2 = CPU reset. */
+#define KBD_CCMD_NO_OP 0xFF /* Pulse no bits of the output port P2. */
+
+/* Keyboard Commands */
+#define KBD_CMD_SET_LEDS 0xED /* Set keyboard leds */
+#define KBD_CMD_ECHO 0xEE
+#define KBD_CMD_GET_ID 0xF2 /* get keyboard ID */
+#define KBD_CMD_SET_RATE 0xF3 /* Set typematic rate */
+#define KBD_CMD_ENABLE 0xF4 /* Enable scanning */
+#define KBD_CMD_RESET_DISABLE 0xF5 /* reset and disable scanning */
+#define KBD_CMD_RESET_ENABLE 0xF6 /* reset and enable scanning */
+#define KBD_CMD_RESET 0xFF /* Reset */
+
+/* Keyboard Replies */
+#define KBD_REPLY_POR 0xAA /* Power on reset */
+#define KBD_REPLY_ACK 0xFA /* Command ACK */
+#define KBD_REPLY_RESEND 0xFE /* Command NACK, send the cmd again */
+
+/* Status Register Bits */
+#define KBD_STAT_OBF 0x01 /* Keyboard output buffer full */
+#define KBD_STAT_IBF 0x02 /* Keyboard input buffer full */
+#define KBD_STAT_SELFTEST 0x04 /* Self test successful */
+#define KBD_STAT_CMD 0x08 /* Last write was a command write (0=data) */
+#define KBD_STAT_UNLOCKED 0x10 /* Zero if keyboard locked */
+#define KBD_STAT_MOUSE_OBF 0x20 /* Mouse output buffer full */
+#define KBD_STAT_GTO 0x40 /* General receive/xmit timeout */
+#define KBD_STAT_PERR 0x80 /* Parity error */
+
+/* Controller Mode Register Bits */
+#define KBD_MODE_KBD_INT 0x01 /* Keyboard data generate IRQ1 */
+#define KBD_MODE_MOUSE_INT 0x02 /* Mouse data generate IRQ12 */
+#define KBD_MODE_SYS 0x04 /* The system flag (?) */
+#define KBD_MODE_NO_KEYLOCK 0x08 /* The keylock doesn't affect the keyboard if set */
+#define KBD_MODE_DISABLE_KBD 0x10 /* Disable keyboard interface */
+#define KBD_MODE_DISABLE_MOUSE 0x20 /* Disable mouse interface */
+#define KBD_MODE_KCC 0x40 /* Scan code conversion to PC format */
+#define KBD_MODE_RFU 0x80
+
+/* Output Port Bits */
+#define KBD_OUT_RESET 0x01 /* 1=normal mode, 0=reset */
+#define KBD_OUT_A20 0x02 /* x86 only */
+#define KBD_OUT_OBF 0x10 /* Keyboard output buffer full */
+#define KBD_OUT_MOUSE_OBF 0x20 /* Mouse output buffer full */
+
+/* Mouse Commands */
+#define AUX_SET_SCALE11 0xE6 /* Set 1:1 scaling */
+#define AUX_SET_SCALE21 0xE7 /* Set 2:1 scaling */
+#define AUX_SET_RES 0xE8 /* Set resolution */
+#define AUX_GET_SCALE 0xE9 /* Get scaling factor */
+#define AUX_SET_STREAM 0xEA /* Set stream mode */
+#define AUX_POLL 0xEB /* Poll */
+#define AUX_RESET_WRAP 0xEC /* Reset wrap mode */
+#define AUX_SET_WRAP 0xEE /* Set wrap mode */
+#define AUX_SET_REMOTE 0xF0 /* Set remote mode */
+#define AUX_GET_TYPE 0xF2 /* Get type */
+#define AUX_SET_SAMPLE 0xF3 /* Set sample rate */
+#define AUX_ENABLE_DEV 0xF4 /* Enable aux device */
+#define AUX_DISABLE_DEV 0xF5 /* Disable aux device */
+#define AUX_SET_DEFAULT 0xF6
+#define AUX_RESET 0xFF /* Reset aux device */
+#define AUX_ACK 0xFA /* Command byte ACK. */
+
+#define MOUSE_STATUS_REMOTE 0x40
+#define MOUSE_STATUS_ENABLED 0x20
+#define MOUSE_STATUS_SCALE21 0x10
+
+#define KBD_PENDING_KBD 1
+#define KBD_PENDING_AUX 2
+
+typedef struct KBDState {
+ uint8_t write_cmd; /* if non zero, write data to port 60 is expected */
+ uint8_t status;
+ uint8_t mode;
+ uint8_t outport;
+ /* Bitmask of devices with data available. */
+ uint8_t pending;
+ void *kbd;
+ void *mouse;
+
+ qemu_irq irq_kbd;
+ qemu_irq irq_mouse;
+ qemu_irq *a20_out;
+ hwaddr mask;
+} KBDState;
+
+/* update irq and KBD_STAT_[MOUSE_]OBF */
+/* XXX: not generating the irqs if KBD_MODE_DISABLE_KBD is set may be
+ incorrect, but it avoids having to simulate exact delays */
+static void kbd_update_irq(KBDState *s)
+{
+ int irq_kbd_level, irq_mouse_level;
+
+ irq_kbd_level = 0;
+ irq_mouse_level = 0;
+ s->status &= ~(KBD_STAT_OBF | KBD_STAT_MOUSE_OBF);
+ s->outport &= ~(KBD_OUT_OBF | KBD_OUT_MOUSE_OBF);
+ if (s->pending) {
+ s->status |= KBD_STAT_OBF;
+ s->outport |= KBD_OUT_OBF;
+ /* kbd data takes priority over aux data. */
+ if (s->pending == KBD_PENDING_AUX) {
+ s->status |= KBD_STAT_MOUSE_OBF;
+ s->outport |= KBD_OUT_MOUSE_OBF;
+ if (s->mode & KBD_MODE_MOUSE_INT)
+ irq_mouse_level = 1;
+ } else {
+ if ((s->mode & KBD_MODE_KBD_INT) &&
+ !(s->mode & KBD_MODE_DISABLE_KBD))
+ irq_kbd_level = 1;
+ }
+ }
+ qemu_set_irq(s->irq_kbd, irq_kbd_level);
+ qemu_set_irq(s->irq_mouse, irq_mouse_level);
+}
+
+static void kbd_update_kbd_irq(void *opaque, int level)
+{
+ KBDState *s = (KBDState *)opaque;
+
+ if (level)
+ s->pending |= KBD_PENDING_KBD;
+ else
+ s->pending &= ~KBD_PENDING_KBD;
+ kbd_update_irq(s);
+}
+
+static void kbd_update_aux_irq(void *opaque, int level)
+{
+ KBDState *s = (KBDState *)opaque;
+
+ if (level)
+ s->pending |= KBD_PENDING_AUX;
+ else
+ s->pending &= ~KBD_PENDING_AUX;
+ kbd_update_irq(s);
+}
+
+static uint64_t kbd_read_status(void *opaque, hwaddr addr,
+ unsigned size)
+{
+ KBDState *s = opaque;
+ int val;
+ val = s->status;
+ DPRINTF("kbd: read status=0x%02x\n", val);
+ return val;
+}
+
+static void kbd_queue(KBDState *s, int b, int aux)
+{
+ if (aux)
+ ps2_queue(s->mouse, b);
+ else
+ ps2_queue(s->kbd, b);
+}
+
+static void outport_write(KBDState *s, uint32_t val)
+{
+ DPRINTF("kbd: write outport=0x%02x\n", val);
+ s->outport = val;
+ if (s->a20_out) {
+ qemu_set_irq(*s->a20_out, (val >> 1) & 1);
+ }
+ if (!(val & 1)) {
+ qemu_system_reset_request();
+ }
+}
+
+static void kbd_write_command(void *opaque, hwaddr addr,
+ uint64_t val, unsigned size)
+{
+ KBDState *s = opaque;
+
+ DPRINTF("kbd: write cmd=0x%02x\n", val);
+
+ /* Bits 3-0 of the output port P2 of the keyboard controller may be pulsed
+ * low for approximately 6 micro seconds. Bits 3-0 of the KBD_CCMD_PULSE
+ * command specify the output port bits to be pulsed.
+ * 0: Bit should be pulsed. 1: Bit should not be modified.
+ * The only useful version of this command is pulsing bit 0,
+ * which does a CPU reset.
+ */
+ if((val & KBD_CCMD_PULSE_BITS_3_0) == KBD_CCMD_PULSE_BITS_3_0) {
+ if(!(val & 1))
+ val = KBD_CCMD_RESET;
+ else
+ val = KBD_CCMD_NO_OP;
+ }
+
+ switch(val) {
+ case KBD_CCMD_READ_MODE:
+ kbd_queue(s, s->mode, 0);
+ break;
+ case KBD_CCMD_WRITE_MODE:
+ case KBD_CCMD_WRITE_OBUF:
+ case KBD_CCMD_WRITE_AUX_OBUF:
+ case KBD_CCMD_WRITE_MOUSE:
+ case KBD_CCMD_WRITE_OUTPORT:
+ s->write_cmd = val;
+ break;
+ case KBD_CCMD_MOUSE_DISABLE:
+ s->mode |= KBD_MODE_DISABLE_MOUSE;
+ break;
+ case KBD_CCMD_MOUSE_ENABLE:
+ s->mode &= ~KBD_MODE_DISABLE_MOUSE;
+ break;
+ case KBD_CCMD_TEST_MOUSE:
+ kbd_queue(s, 0x00, 0);
+ break;
+ case KBD_CCMD_SELF_TEST:
+ s->status |= KBD_STAT_SELFTEST;
+ kbd_queue(s, 0x55, 0);
+ break;
+ case KBD_CCMD_KBD_TEST:
+ kbd_queue(s, 0x00, 0);
+ break;
+ case KBD_CCMD_KBD_DISABLE:
+ s->mode |= KBD_MODE_DISABLE_KBD;
+ kbd_update_irq(s);
+ break;
+ case KBD_CCMD_KBD_ENABLE:
+ s->mode &= ~KBD_MODE_DISABLE_KBD;
+ kbd_update_irq(s);
+ break;
+ case KBD_CCMD_READ_INPORT:
+ kbd_queue(s, 0x00, 0);
+ break;
+ case KBD_CCMD_READ_OUTPORT:
+ kbd_queue(s, s->outport, 0);
+ break;
+ case KBD_CCMD_ENABLE_A20:
+ if (s->a20_out) {
+ qemu_irq_raise(*s->a20_out);
+ }
+ s->outport |= KBD_OUT_A20;
+ break;
+ case KBD_CCMD_DISABLE_A20:
+ if (s->a20_out) {
+ qemu_irq_lower(*s->a20_out);
+ }
+ s->outport &= ~KBD_OUT_A20;
+ break;
+ case KBD_CCMD_RESET:
+ qemu_system_reset_request();
+ break;
+ case KBD_CCMD_NO_OP:
+ /* ignore that */
+ break;
+ default:
+ fprintf(stderr, "qemu: unsupported keyboard cmd=0x%02x\n", (int)val);
+ break;
+ }
+}
+
+static uint64_t kbd_read_data(void *opaque, hwaddr addr,
+ unsigned size)
+{
+ KBDState *s = opaque;
+ uint32_t val;
+
+ if (s->pending == KBD_PENDING_AUX)
+ val = ps2_read_data(s->mouse);
+ else
+ val = ps2_read_data(s->kbd);
+
+ DPRINTF("kbd: read data=0x%02x\n", val);
+ return val;
+}
+
+static void kbd_write_data(void *opaque, hwaddr addr,
+ uint64_t val, unsigned size)
+{
+ KBDState *s = opaque;
+
+ DPRINTF("kbd: write data=0x%02x\n", val);
+
+ switch(s->write_cmd) {
+ case 0:
+ ps2_write_keyboard(s->kbd, val);
+ break;
+ case KBD_CCMD_WRITE_MODE:
+ s->mode = val;
+ ps2_keyboard_set_translation(s->kbd, (s->mode & KBD_MODE_KCC) != 0);
+ /* ??? */
+ kbd_update_irq(s);
+ break;
+ case KBD_CCMD_WRITE_OBUF:
+ kbd_queue(s, val, 0);
+ break;
+ case KBD_CCMD_WRITE_AUX_OBUF:
+ kbd_queue(s, val, 1);
+ break;
+ case KBD_CCMD_WRITE_OUTPORT:
+ outport_write(s, val);
+ break;
+ case KBD_CCMD_WRITE_MOUSE:
+ ps2_write_mouse(s->mouse, val);
+ break;
+ default:
+ break;
+ }
+ s->write_cmd = 0;
+}
+
+static void kbd_reset(void *opaque)
+{
+ KBDState *s = opaque;
+
+ s->mode = KBD_MODE_KBD_INT | KBD_MODE_MOUSE_INT;
+ s->status = KBD_STAT_CMD | KBD_STAT_UNLOCKED;
+ s->outport = KBD_OUT_RESET | KBD_OUT_A20;
+}
+
+static const VMStateDescription vmstate_kbd = {
+ .name = "pckbd",
+ .version_id = 3,
+ .minimum_version_id = 3,
+ .minimum_version_id_old = 3,
+ .fields = (VMStateField []) {
+ VMSTATE_UINT8(write_cmd, KBDState),
+ VMSTATE_UINT8(status, KBDState),
+ VMSTATE_UINT8(mode, KBDState),
+ VMSTATE_UINT8(pending, KBDState),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+/* Memory mapped interface */
+static uint32_t kbd_mm_readb (void *opaque, hwaddr addr)
+{
+ KBDState *s = opaque;
+
+ if (addr & s->mask)
+ return kbd_read_status(s, 0, 1) & 0xff;
+ else
+ return kbd_read_data(s, 0, 1) & 0xff;
+}
+
+static void kbd_mm_writeb (void *opaque, hwaddr addr, uint32_t value)
+{
+ KBDState *s = opaque;
+
+ if (addr & s->mask)
+ kbd_write_command(s, 0, value & 0xff, 1);
+ else
+ kbd_write_data(s, 0, value & 0xff, 1);
+}
+
+static const MemoryRegionOps i8042_mmio_ops = {
+ .endianness = DEVICE_NATIVE_ENDIAN,
+ .old_mmio = {
+ .read = { kbd_mm_readb, kbd_mm_readb, kbd_mm_readb },
+ .write = { kbd_mm_writeb, kbd_mm_writeb, kbd_mm_writeb },
+ },
+};
+
+void i8042_mm_init(qemu_irq kbd_irq, qemu_irq mouse_irq,
+ MemoryRegion *region, ram_addr_t size,
+ hwaddr mask)
+{
+ KBDState *s = g_malloc0(sizeof(KBDState));
+
+ s->irq_kbd = kbd_irq;
+ s->irq_mouse = mouse_irq;
+ s->mask = mask;
+
+ vmstate_register(NULL, 0, &vmstate_kbd, s);
+
+ memory_region_init_io(region, NULL, &i8042_mmio_ops, s, "i8042", size);
+
+ s->kbd = ps2_kbd_init(kbd_update_kbd_irq, s);
+ s->mouse = ps2_mouse_init(kbd_update_aux_irq, s);
+ qemu_register_reset(kbd_reset, s);
+}
+
+#define TYPE_I8042 "i8042"
+#define I8042(obj) OBJECT_CHECK(ISAKBDState, (obj), TYPE_I8042)
+
+typedef struct ISAKBDState {
+ ISADevice parent_obj;
+
+ KBDState kbd;
+ MemoryRegion io[2];
+} ISAKBDState;
+
+void i8042_isa_mouse_fake_event(void *opaque)
+{
+ ISADevice *dev = opaque;
+ ISAKBDState *isa = I8042(dev);
+ KBDState *s = &isa->kbd;
+
+ ps2_mouse_fake_event(s->mouse);
+}
+
+void i8042_setup_a20_line(ISADevice *dev, qemu_irq *a20_out)
+{
+ ISAKBDState *isa = I8042(dev);
+ KBDState *s = &isa->kbd;
+
+ s->a20_out = a20_out;
+}
+
+static const VMStateDescription vmstate_kbd_isa = {
+ .name = "pckbd",
+ .version_id = 3,
+ .minimum_version_id = 3,
+ .minimum_version_id_old = 3,
+ .fields = (VMStateField []) {
+ VMSTATE_STRUCT(kbd, ISAKBDState, 0, vmstate_kbd, KBDState),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+static const MemoryRegionOps i8042_data_ops = {
+ .read = kbd_read_data,
+ .write = kbd_write_data,
+ .impl = {
+ .min_access_size = 1,
+ .max_access_size = 1,
+ },
+ .endianness = DEVICE_LITTLE_ENDIAN,
+};
+
+static const MemoryRegionOps i8042_cmd_ops = {
+ .read = kbd_read_status,
+ .write = kbd_write_command,
+ .impl = {
+ .min_access_size = 1,
+ .max_access_size = 1,
+ },
+ .endianness = DEVICE_LITTLE_ENDIAN,
+};
+
+static void i8042_initfn(Object *obj)
+{
+ ISAKBDState *isa_s = I8042(obj);
+ KBDState *s = &isa_s->kbd;
+
+ memory_region_init_io(isa_s->io + 0, obj, &i8042_data_ops, s,
+ "i8042-data", 1);
+ memory_region_init_io(isa_s->io + 1, obj, &i8042_cmd_ops, s,
+ "i8042-cmd", 1);
+}
+
+static void i8042_realizefn(DeviceState *dev, Error **errp)
+{
+ ISADevice *isadev = ISA_DEVICE(dev);
+ ISAKBDState *isa_s = I8042(dev);
+ KBDState *s = &isa_s->kbd;
+
+ isa_init_irq(isadev, &s->irq_kbd, 1);
+ isa_init_irq(isadev, &s->irq_mouse, 12);
+
+ isa_register_ioport(isadev, isa_s->io + 0, 0x60);
+ isa_register_ioport(isadev, isa_s->io + 1, 0x64);
+
+ s->kbd = ps2_kbd_init(kbd_update_kbd_irq, s);
+ s->mouse = ps2_mouse_init(kbd_update_aux_irq, s);
+ qemu_register_reset(kbd_reset, s);
+}
+
+static void i8042_class_initfn(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+
+ dc->realize = i8042_realizefn;
+ dc->no_user = 1;
+ dc->vmsd = &vmstate_kbd_isa;
+}
+
+static const TypeInfo i8042_info = {
+ .name = TYPE_I8042,
+ .parent = TYPE_ISA_DEVICE,
+ .instance_size = sizeof(ISAKBDState),
+ .instance_init = i8042_initfn,
+ .class_init = i8042_class_initfn,
+};
+
+static void i8042_register_types(void)
+{
+ type_register_static(&i8042_info);
+}
+
+type_init(i8042_register_types)
diff --git a/hw/input/pl050.c b/hw/input/pl050.c
new file mode 100644
index 000000000..c1b08d5a4
--- /dev/null
+++ b/hw/input/pl050.c
@@ -0,0 +1,205 @@
+/*
+ * Arm PrimeCell PL050 Keyboard / Mouse Interface
+ *
+ * Copyright (c) 2006-2007 CodeSourcery.
+ * Written by Paul Brook
+ *
+ * This code is licensed under the GPL.
+ */
+
+#include "hw/sysbus.h"
+#include "hw/input/ps2.h"
+
+#define TYPE_PL050 "pl050"
+#define PL050(obj) OBJECT_CHECK(PL050State, (obj), TYPE_PL050)
+
+typedef struct PL050State {
+ SysBusDevice parent_obj;
+
+ MemoryRegion iomem;
+ void *dev;
+ uint32_t cr;
+ uint32_t clk;
+ uint32_t last;
+ int pending;
+ qemu_irq irq;
+ bool is_mouse;
+} PL050State;
+
+static const VMStateDescription vmstate_pl050 = {
+ .name = "pl050",
+ .version_id = 2,
+ .minimum_version_id = 2,
+ .fields = (VMStateField[]) {
+ VMSTATE_UINT32(cr, PL050State),
+ VMSTATE_UINT32(clk, PL050State),
+ VMSTATE_UINT32(last, PL050State),
+ VMSTATE_INT32(pending, PL050State),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+#define PL050_TXEMPTY (1 << 6)
+#define PL050_TXBUSY (1 << 5)
+#define PL050_RXFULL (1 << 4)
+#define PL050_RXBUSY (1 << 3)
+#define PL050_RXPARITY (1 << 2)
+#define PL050_KMIC (1 << 1)
+#define PL050_KMID (1 << 0)
+
+static const unsigned char pl050_id[] =
+{ 0x50, 0x10, 0x04, 0x00, 0x0d, 0xf0, 0x05, 0xb1 };
+
+static void pl050_update(void *opaque, int level)
+{
+ PL050State *s = (PL050State *)opaque;
+ int raise;
+
+ s->pending = level;
+ raise = (s->pending && (s->cr & 0x10) != 0)
+ || (s->cr & 0x08) != 0;
+ qemu_set_irq(s->irq, raise);
+}
+
+static uint64_t pl050_read(void *opaque, hwaddr offset,
+ unsigned size)
+{
+ PL050State *s = (PL050State *)opaque;
+ if (offset >= 0xfe0 && offset < 0x1000)
+ return pl050_id[(offset - 0xfe0) >> 2];
+
+ switch (offset >> 2) {
+ case 0: /* KMICR */
+ return s->cr;
+ case 1: /* KMISTAT */
+ {
+ uint8_t val;
+ uint32_t stat;
+
+ val = s->last;
+ val = val ^ (val >> 4);
+ val = val ^ (val >> 2);
+ val = (val ^ (val >> 1)) & 1;
+
+ stat = PL050_TXEMPTY;
+ if (val)
+ stat |= PL050_RXPARITY;
+ if (s->pending)
+ stat |= PL050_RXFULL;
+
+ return stat;
+ }
+ case 2: /* KMIDATA */
+ if (s->pending)
+ s->last = ps2_read_data(s->dev);
+ return s->last;
+ case 3: /* KMICLKDIV */
+ return s->clk;
+ case 4: /* KMIIR */
+ return s->pending | 2;
+ default:
+ qemu_log_mask(LOG_GUEST_ERROR,
+ "pl050_read: Bad offset %x\n", (int)offset);
+ return 0;
+ }
+}
+
+static void pl050_write(void *opaque, hwaddr offset,
+ uint64_t value, unsigned size)
+{
+ PL050State *s = (PL050State *)opaque;
+ switch (offset >> 2) {
+ case 0: /* KMICR */
+ s->cr = value;
+ pl050_update(s, s->pending);
+ /* ??? Need to implement the enable/disable bit. */
+ break;
+ case 2: /* KMIDATA */
+ /* ??? This should toggle the TX interrupt line. */
+ /* ??? This means kbd/mouse can block each other. */
+ if (s->is_mouse) {
+ ps2_write_mouse(s->dev, value);
+ } else {
+ ps2_write_keyboard(s->dev, value);
+ }
+ break;
+ case 3: /* KMICLKDIV */
+ s->clk = value;
+ return;
+ default:
+ qemu_log_mask(LOG_GUEST_ERROR,
+ "pl050_write: Bad offset %x\n", (int)offset);
+ }
+}
+static const MemoryRegionOps pl050_ops = {
+ .read = pl050_read,
+ .write = pl050_write,
+ .endianness = DEVICE_NATIVE_ENDIAN,
+};
+
+static int pl050_initfn(SysBusDevice *dev)
+{
+ PL050State *s = PL050(dev);
+
+ memory_region_init_io(&s->iomem, OBJECT(s), &pl050_ops, s, "pl050", 0x1000);
+ sysbus_init_mmio(dev, &s->iomem);
+ sysbus_init_irq(dev, &s->irq);
+ if (s->is_mouse) {
+ s->dev = ps2_mouse_init(pl050_update, s);
+ } else {
+ s->dev = ps2_kbd_init(pl050_update, s);
+ }
+ return 0;
+}
+
+static void pl050_keyboard_init(Object *obj)
+{
+ PL050State *s = PL050(obj);
+
+ s->is_mouse = false;
+}
+
+static void pl050_mouse_init(Object *obj)
+{
+ PL050State *s = PL050(obj);
+
+ s->is_mouse = true;
+}
+
+static const TypeInfo pl050_kbd_info = {
+ .name = "pl050_keyboard",
+ .parent = TYPE_PL050,
+ .instance_init = pl050_keyboard_init,
+};
+
+static const TypeInfo pl050_mouse_info = {
+ .name = "pl050_mouse",
+ .parent = TYPE_PL050,
+ .instance_init = pl050_mouse_init,
+};
+
+static void pl050_class_init(ObjectClass *oc, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(oc);
+ SysBusDeviceClass *sdc = SYS_BUS_DEVICE_CLASS(oc);
+
+ sdc->init = pl050_initfn;
+ dc->vmsd = &vmstate_pl050;
+}
+
+static const TypeInfo pl050_type_info = {
+ .name = TYPE_PL050,
+ .parent = TYPE_SYS_BUS_DEVICE,
+ .instance_size = sizeof(PL050State),
+ .abstract = true,
+ .class_init = pl050_class_init,
+};
+
+static void pl050_register_types(void)
+{
+ type_register_static(&pl050_type_info);
+ type_register_static(&pl050_kbd_info);
+ type_register_static(&pl050_mouse_info);
+}
+
+type_init(pl050_register_types)
diff --git a/hw/input/ps2.c b/hw/input/ps2.c
new file mode 100644
index 000000000..34120796b
--- /dev/null
+++ b/hw/input/ps2.c
@@ -0,0 +1,676 @@
+/*
+ * QEMU PS/2 keyboard/mouse emulation
+ *
+ * Copyright (c) 2003 Fabrice Bellard
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+#include "hw/hw.h"
+#include "hw/input/ps2.h"
+#include "ui/console.h"
+#include "sysemu/sysemu.h"
+
+/* debug PC keyboard */
+//#define DEBUG_KBD
+
+/* debug PC keyboard : only mouse */
+//#define DEBUG_MOUSE
+
+/* Keyboard Commands */
+#define KBD_CMD_SET_LEDS 0xED /* Set keyboard leds */
+#define KBD_CMD_ECHO 0xEE
+#define KBD_CMD_SCANCODE 0xF0 /* Get/set scancode set */
+#define KBD_CMD_GET_ID 0xF2 /* get keyboard ID */
+#define KBD_CMD_SET_RATE 0xF3 /* Set typematic rate */
+#define KBD_CMD_ENABLE 0xF4 /* Enable scanning */
+#define KBD_CMD_RESET_DISABLE 0xF5 /* reset and disable scanning */
+#define KBD_CMD_RESET_ENABLE 0xF6 /* reset and enable scanning */
+#define KBD_CMD_RESET 0xFF /* Reset */
+
+/* Keyboard Replies */
+#define KBD_REPLY_POR 0xAA /* Power on reset */
+#define KBD_REPLY_ID 0xAB /* Keyboard ID */
+#define KBD_REPLY_ACK 0xFA /* Command ACK */
+#define KBD_REPLY_RESEND 0xFE /* Command NACK, send the cmd again */
+
+/* Mouse Commands */
+#define AUX_SET_SCALE11 0xE6 /* Set 1:1 scaling */
+#define AUX_SET_SCALE21 0xE7 /* Set 2:1 scaling */
+#define AUX_SET_RES 0xE8 /* Set resolution */
+#define AUX_GET_SCALE 0xE9 /* Get scaling factor */
+#define AUX_SET_STREAM 0xEA /* Set stream mode */
+#define AUX_POLL 0xEB /* Poll */
+#define AUX_RESET_WRAP 0xEC /* Reset wrap mode */
+#define AUX_SET_WRAP 0xEE /* Set wrap mode */
+#define AUX_SET_REMOTE 0xF0 /* Set remote mode */
+#define AUX_GET_TYPE 0xF2 /* Get type */
+#define AUX_SET_SAMPLE 0xF3 /* Set sample rate */
+#define AUX_ENABLE_DEV 0xF4 /* Enable aux device */
+#define AUX_DISABLE_DEV 0xF5 /* Disable aux device */
+#define AUX_SET_DEFAULT 0xF6
+#define AUX_RESET 0xFF /* Reset aux device */
+#define AUX_ACK 0xFA /* Command byte ACK. */
+
+#define MOUSE_STATUS_REMOTE 0x40
+#define MOUSE_STATUS_ENABLED 0x20
+#define MOUSE_STATUS_SCALE21 0x10
+
+#define PS2_QUEUE_SIZE 256
+
+typedef struct {
+ uint8_t data[PS2_QUEUE_SIZE];
+ int rptr, wptr, count;
+} PS2Queue;
+
+typedef struct {
+ PS2Queue queue;
+ int32_t write_cmd;
+ void (*update_irq)(void *, int);
+ void *update_arg;
+} PS2State;
+
+typedef struct {
+ PS2State common;
+ int scan_enabled;
+ /* QEMU uses translated PC scancodes internally. To avoid multiple
+ conversions we do the translation (if any) in the PS/2 emulation
+ not the keyboard controller. */
+ int translate;
+ int scancode_set; /* 1=XT, 2=AT, 3=PS/2 */
+ int ledstate;
+} PS2KbdState;
+
+typedef struct {
+ PS2State common;
+ uint8_t mouse_status;
+ uint8_t mouse_resolution;
+ uint8_t mouse_sample_rate;
+ uint8_t mouse_wrap;
+ uint8_t mouse_type; /* 0 = PS2, 3 = IMPS/2, 4 = IMEX */
+ uint8_t mouse_detect_state;
+ int mouse_dx; /* current values, needed for 'poll' mode */
+ int mouse_dy;
+ int mouse_dz;
+ uint8_t mouse_buttons;
+} PS2MouseState;
+
+/* Table to convert from PC scancodes to raw scancodes. */
+static const unsigned char ps2_raw_keycode[128] = {
+ 0, 118, 22, 30, 38, 37, 46, 54, 61, 62, 70, 69, 78, 85, 102, 13,
+ 21, 29, 36, 45, 44, 53, 60, 67, 68, 77, 84, 91, 90, 20, 28, 27,
+ 35, 43, 52, 51, 59, 66, 75, 76, 82, 14, 18, 93, 26, 34, 33, 42,
+ 50, 49, 58, 65, 73, 74, 89, 124, 17, 41, 88, 5, 6, 4, 12, 3,
+ 11, 2, 10, 1, 9, 119, 126, 108, 117, 125, 123, 107, 115, 116, 121, 105,
+114, 122, 112, 113, 127, 96, 97, 120, 7, 15, 23, 31, 39, 47, 55, 63,
+ 71, 79, 86, 94, 8, 16, 24, 32, 40, 48, 56, 64, 72, 80, 87, 111,
+ 19, 25, 57, 81, 83, 92, 95, 98, 99, 100, 101, 103, 104, 106, 109, 110
+};
+static const unsigned char ps2_raw_keycode_set3[128] = {
+ 0, 8, 22, 30, 38, 37, 46, 54, 61, 62, 70, 69, 78, 85, 102, 13,
+ 21, 29, 36, 45, 44, 53, 60, 67, 68, 77, 84, 91, 90, 17, 28, 27,
+ 35, 43, 52, 51, 59, 66, 75, 76, 82, 14, 18, 92, 26, 34, 33, 42,
+ 50, 49, 58, 65, 73, 74, 89, 126, 25, 41, 20, 7, 15, 23, 31, 39,
+ 47, 2, 63, 71, 79, 118, 95, 108, 117, 125, 132, 107, 115, 116, 124, 105,
+114, 122, 112, 113, 127, 96, 97, 86, 94, 15, 23, 31, 39, 47, 55, 63,
+ 71, 79, 86, 94, 8, 16, 24, 32, 40, 48, 56, 64, 72, 80, 87, 111,
+ 19, 25, 57, 81, 83, 92, 95, 98, 99, 100, 101, 103, 104, 106, 109, 110
+};
+
+void ps2_queue(void *opaque, int b)
+{
+ PS2State *s = (PS2State *)opaque;
+ PS2Queue *q = &s->queue;
+
+ if (q->count >= PS2_QUEUE_SIZE)
+ return;
+ q->data[q->wptr] = b;
+ if (++q->wptr == PS2_QUEUE_SIZE)
+ q->wptr = 0;
+ q->count++;
+ s->update_irq(s->update_arg, 1);
+}
+
+/*
+ keycode is expressed as follow:
+ bit 7 - 0 key pressed, 1 = key released
+ bits 6-0 - translated scancode set 2
+ */
+static void ps2_put_keycode(void *opaque, int keycode)
+{
+ PS2KbdState *s = opaque;
+
+ qemu_system_wakeup_request(QEMU_WAKEUP_REASON_OTHER);
+ /* XXX: add support for scancode set 1 */
+ if (!s->translate && keycode < 0xe0 && s->scancode_set > 1) {
+ if (keycode & 0x80) {
+ ps2_queue(&s->common, 0xf0);
+ }
+ if (s->scancode_set == 2) {
+ keycode = ps2_raw_keycode[keycode & 0x7f];
+ } else if (s->scancode_set == 3) {
+ keycode = ps2_raw_keycode_set3[keycode & 0x7f];
+ }
+ }
+ ps2_queue(&s->common, keycode);
+}
+
+uint32_t ps2_read_data(void *opaque)
+{
+ PS2State *s = (PS2State *)opaque;
+ PS2Queue *q;
+ int val, index;
+
+ q = &s->queue;
+ if (q->count == 0) {
+ /* NOTE: if no data left, we return the last keyboard one
+ (needed for EMM386) */
+ /* XXX: need a timer to do things correctly */
+ index = q->rptr - 1;
+ if (index < 0)
+ index = PS2_QUEUE_SIZE - 1;
+ val = q->data[index];
+ } else {
+ val = q->data[q->rptr];
+ if (++q->rptr == PS2_QUEUE_SIZE)
+ q->rptr = 0;
+ q->count--;
+ /* reading deasserts IRQ */
+ s->update_irq(s->update_arg, 0);
+ /* reassert IRQs if data left */
+ s->update_irq(s->update_arg, q->count != 0);
+ }
+ return val;
+}
+
+static void ps2_set_ledstate(PS2KbdState *s, int ledstate)
+{
+ s->ledstate = ledstate;
+ kbd_put_ledstate(ledstate);
+}
+
+static void ps2_reset_keyboard(PS2KbdState *s)
+{
+ s->scan_enabled = 1;
+ s->scancode_set = 2;
+ ps2_set_ledstate(s, 0);
+}
+
+void ps2_write_keyboard(void *opaque, int val)
+{
+ PS2KbdState *s = (PS2KbdState *)opaque;
+
+ switch(s->common.write_cmd) {
+ default:
+ case -1:
+ switch(val) {
+ case 0x00:
+ ps2_queue(&s->common, KBD_REPLY_ACK);
+ break;
+ case 0x05:
+ ps2_queue(&s->common, KBD_REPLY_RESEND);
+ break;
+ case KBD_CMD_GET_ID:
+ ps2_queue(&s->common, KBD_REPLY_ACK);
+ /* We emulate a MF2 AT keyboard here */
+ ps2_queue(&s->common, KBD_REPLY_ID);
+ if (s->translate)
+ ps2_queue(&s->common, 0x41);
+ else
+ ps2_queue(&s->common, 0x83);
+ break;
+ case KBD_CMD_ECHO:
+ ps2_queue(&s->common, KBD_CMD_ECHO);
+ break;
+ case KBD_CMD_ENABLE:
+ s->scan_enabled = 1;
+ ps2_queue(&s->common, KBD_REPLY_ACK);
+ break;
+ case KBD_CMD_SCANCODE:
+ case KBD_CMD_SET_LEDS:
+ case KBD_CMD_SET_RATE:
+ s->common.write_cmd = val;
+ ps2_queue(&s->common, KBD_REPLY_ACK);
+ break;
+ case KBD_CMD_RESET_DISABLE:
+ ps2_reset_keyboard(s);
+ s->scan_enabled = 0;
+ ps2_queue(&s->common, KBD_REPLY_ACK);
+ break;
+ case KBD_CMD_RESET_ENABLE:
+ ps2_reset_keyboard(s);
+ s->scan_enabled = 1;
+ ps2_queue(&s->common, KBD_REPLY_ACK);
+ break;
+ case KBD_CMD_RESET:
+ ps2_reset_keyboard(s);
+ ps2_queue(&s->common, KBD_REPLY_ACK);
+ ps2_queue(&s->common, KBD_REPLY_POR);
+ break;
+ default:
+ ps2_queue(&s->common, KBD_REPLY_ACK);
+ break;
+ }
+ break;
+ case KBD_CMD_SCANCODE:
+ if (val == 0) {
+ if (s->scancode_set == 1)
+ ps2_put_keycode(s, 0x43);
+ else if (s->scancode_set == 2)
+ ps2_put_keycode(s, 0x41);
+ else if (s->scancode_set == 3)
+ ps2_put_keycode(s, 0x3f);
+ } else {
+ if (val >= 1 && val <= 3)
+ s->scancode_set = val;
+ ps2_queue(&s->common, KBD_REPLY_ACK);
+ }
+ s->common.write_cmd = -1;
+ break;
+ case KBD_CMD_SET_LEDS:
+ ps2_set_ledstate(s, val);
+ ps2_queue(&s->common, KBD_REPLY_ACK);
+ s->common.write_cmd = -1;
+ break;
+ case KBD_CMD_SET_RATE:
+ ps2_queue(&s->common, KBD_REPLY_ACK);
+ s->common.write_cmd = -1;
+ break;
+ }
+}
+
+/* Set the scancode translation mode.
+ 0 = raw scancodes.
+ 1 = translated scancodes (used by qemu internally). */
+
+void ps2_keyboard_set_translation(void *opaque, int mode)
+{
+ PS2KbdState *s = (PS2KbdState *)opaque;
+ s->translate = mode;
+}
+
+static void ps2_mouse_send_packet(PS2MouseState *s)
+{
+ unsigned int b;
+ int dx1, dy1, dz1;
+
+ dx1 = s->mouse_dx;
+ dy1 = s->mouse_dy;
+ dz1 = s->mouse_dz;
+ /* XXX: increase range to 8 bits ? */
+ if (dx1 > 127)
+ dx1 = 127;
+ else if (dx1 < -127)
+ dx1 = -127;
+ if (dy1 > 127)
+ dy1 = 127;
+ else if (dy1 < -127)
+ dy1 = -127;
+ b = 0x08 | ((dx1 < 0) << 4) | ((dy1 < 0) << 5) | (s->mouse_buttons & 0x07);
+ ps2_queue(&s->common, b);
+ ps2_queue(&s->common, dx1 & 0xff);
+ ps2_queue(&s->common, dy1 & 0xff);
+ /* extra byte for IMPS/2 or IMEX */
+ switch(s->mouse_type) {
+ default:
+ break;
+ case 3:
+ if (dz1 > 127)
+ dz1 = 127;
+ else if (dz1 < -127)
+ dz1 = -127;
+ ps2_queue(&s->common, dz1 & 0xff);
+ break;
+ case 4:
+ if (dz1 > 7)
+ dz1 = 7;
+ else if (dz1 < -7)
+ dz1 = -7;
+ b = (dz1 & 0x0f) | ((s->mouse_buttons & 0x18) << 1);
+ ps2_queue(&s->common, b);
+ break;
+ }
+
+ /* update deltas */
+ s->mouse_dx -= dx1;
+ s->mouse_dy -= dy1;
+ s->mouse_dz -= dz1;
+}
+
+static void ps2_mouse_event(void *opaque,
+ int dx, int dy, int dz, int buttons_state)
+{
+ PS2MouseState *s = opaque;
+
+ /* check if deltas are recorded when disabled */
+ if (!(s->mouse_status & MOUSE_STATUS_ENABLED))
+ return;
+
+ s->mouse_dx += dx;
+ s->mouse_dy -= dy;
+ s->mouse_dz += dz;
+ /* XXX: SDL sometimes generates nul events: we delete them */
+ if (s->mouse_dx == 0 && s->mouse_dy == 0 && s->mouse_dz == 0 &&
+ s->mouse_buttons == buttons_state)
+ return;
+ s->mouse_buttons = buttons_state;
+
+ if (buttons_state) {
+ qemu_system_wakeup_request(QEMU_WAKEUP_REASON_OTHER);
+ }
+
+ if (!(s->mouse_status & MOUSE_STATUS_REMOTE) &&
+ (s->common.queue.count < (PS2_QUEUE_SIZE - 16))) {
+ for(;;) {
+ /* if not remote, send event. Multiple events are sent if
+ too big deltas */
+ ps2_mouse_send_packet(s);
+ if (s->mouse_dx == 0 && s->mouse_dy == 0 && s->mouse_dz == 0)
+ break;
+ }
+ }
+}
+
+void ps2_mouse_fake_event(void *opaque)
+{
+ ps2_mouse_event(opaque, 1, 0, 0, 0);
+}
+
+void ps2_write_mouse(void *opaque, int val)
+{
+ PS2MouseState *s = (PS2MouseState *)opaque;
+#ifdef DEBUG_MOUSE
+ printf("kbd: write mouse 0x%02x\n", val);
+#endif
+ switch(s->common.write_cmd) {
+ default:
+ case -1:
+ /* mouse command */
+ if (s->mouse_wrap) {
+ if (val == AUX_RESET_WRAP) {
+ s->mouse_wrap = 0;
+ ps2_queue(&s->common, AUX_ACK);
+ return;
+ } else if (val != AUX_RESET) {
+ ps2_queue(&s->common, val);
+ return;
+ }
+ }
+ switch(val) {
+ case AUX_SET_SCALE11:
+ s->mouse_status &= ~MOUSE_STATUS_SCALE21;
+ ps2_queue(&s->common, AUX_ACK);
+ break;
+ case AUX_SET_SCALE21:
+ s->mouse_status |= MOUSE_STATUS_SCALE21;
+ ps2_queue(&s->common, AUX_ACK);
+ break;
+ case AUX_SET_STREAM:
+ s->mouse_status &= ~MOUSE_STATUS_REMOTE;
+ ps2_queue(&s->common, AUX_ACK);
+ break;
+ case AUX_SET_WRAP:
+ s->mouse_wrap = 1;
+ ps2_queue(&s->common, AUX_ACK);
+ break;
+ case AUX_SET_REMOTE:
+ s->mouse_status |= MOUSE_STATUS_REMOTE;
+ ps2_queue(&s->common, AUX_ACK);
+ break;
+ case AUX_GET_TYPE:
+ ps2_queue(&s->common, AUX_ACK);
+ ps2_queue(&s->common, s->mouse_type);
+ break;
+ case AUX_SET_RES:
+ case AUX_SET_SAMPLE:
+ s->common.write_cmd = val;
+ ps2_queue(&s->common, AUX_ACK);
+ break;
+ case AUX_GET_SCALE:
+ ps2_queue(&s->common, AUX_ACK);
+ ps2_queue(&s->common, s->mouse_status);
+ ps2_queue(&s->common, s->mouse_resolution);
+ ps2_queue(&s->common, s->mouse_sample_rate);
+ break;
+ case AUX_POLL:
+ ps2_queue(&s->common, AUX_ACK);
+ ps2_mouse_send_packet(s);
+ break;
+ case AUX_ENABLE_DEV:
+ s->mouse_status |= MOUSE_STATUS_ENABLED;
+ ps2_queue(&s->common, AUX_ACK);
+ break;
+ case AUX_DISABLE_DEV:
+ s->mouse_status &= ~MOUSE_STATUS_ENABLED;
+ ps2_queue(&s->common, AUX_ACK);
+ break;
+ case AUX_SET_DEFAULT:
+ s->mouse_sample_rate = 100;
+ s->mouse_resolution = 2;
+ s->mouse_status = 0;
+ ps2_queue(&s->common, AUX_ACK);
+ break;
+ case AUX_RESET:
+ s->mouse_sample_rate = 100;
+ s->mouse_resolution = 2;
+ s->mouse_status = 0;
+ s->mouse_type = 0;
+ ps2_queue(&s->common, AUX_ACK);
+ ps2_queue(&s->common, 0xaa);
+ ps2_queue(&s->common, s->mouse_type);
+ break;
+ default:
+ break;
+ }
+ break;
+ case AUX_SET_SAMPLE:
+ s->mouse_sample_rate = val;
+ /* detect IMPS/2 or IMEX */
+ switch(s->mouse_detect_state) {
+ default:
+ case 0:
+ if (val == 200)
+ s->mouse_detect_state = 1;
+ break;
+ case 1:
+ if (val == 100)
+ s->mouse_detect_state = 2;
+ else if (val == 200)
+ s->mouse_detect_state = 3;
+ else
+ s->mouse_detect_state = 0;
+ break;
+ case 2:
+ if (val == 80)
+ s->mouse_type = 3; /* IMPS/2 */
+ s->mouse_detect_state = 0;
+ break;
+ case 3:
+ if (val == 80)
+ s->mouse_type = 4; /* IMEX */
+ s->mouse_detect_state = 0;
+ break;
+ }
+ ps2_queue(&s->common, AUX_ACK);
+ s->common.write_cmd = -1;
+ break;
+ case AUX_SET_RES:
+ s->mouse_resolution = val;
+ ps2_queue(&s->common, AUX_ACK);
+ s->common.write_cmd = -1;
+ break;
+ }
+}
+
+static void ps2_common_reset(PS2State *s)
+{
+ PS2Queue *q;
+ s->write_cmd = -1;
+ q = &s->queue;
+ q->rptr = 0;
+ q->wptr = 0;
+ q->count = 0;
+ s->update_irq(s->update_arg, 0);
+}
+
+static void ps2_kbd_reset(void *opaque)
+{
+ PS2KbdState *s = (PS2KbdState *) opaque;
+
+ ps2_common_reset(&s->common);
+ s->scan_enabled = 0;
+ s->translate = 0;
+ s->scancode_set = 0;
+}
+
+static void ps2_mouse_reset(void *opaque)
+{
+ PS2MouseState *s = (PS2MouseState *) opaque;
+
+ ps2_common_reset(&s->common);
+ s->mouse_status = 0;
+ s->mouse_resolution = 0;
+ s->mouse_sample_rate = 0;
+ s->mouse_wrap = 0;
+ s->mouse_type = 0;
+ s->mouse_detect_state = 0;
+ s->mouse_dx = 0;
+ s->mouse_dy = 0;
+ s->mouse_dz = 0;
+ s->mouse_buttons = 0;
+}
+
+static const VMStateDescription vmstate_ps2_common = {
+ .name = "PS2 Common State",
+ .version_id = 3,
+ .minimum_version_id = 2,
+ .minimum_version_id_old = 2,
+ .fields = (VMStateField []) {
+ VMSTATE_INT32(write_cmd, PS2State),
+ VMSTATE_INT32(queue.rptr, PS2State),
+ VMSTATE_INT32(queue.wptr, PS2State),
+ VMSTATE_INT32(queue.count, PS2State),
+ VMSTATE_BUFFER(queue.data, PS2State),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+static bool ps2_keyboard_ledstate_needed(void *opaque)
+{
+ PS2KbdState *s = opaque;
+
+ return s->ledstate != 0; /* 0 is default state */
+}
+
+static int ps2_kbd_ledstate_post_load(void *opaque, int version_id)
+{
+ PS2KbdState *s = opaque;
+
+ kbd_put_ledstate(s->ledstate);
+ return 0;
+}
+
+static const VMStateDescription vmstate_ps2_keyboard_ledstate = {
+ .name = "ps2kbd/ledstate",
+ .version_id = 3,
+ .minimum_version_id = 2,
+ .minimum_version_id_old = 2,
+ .post_load = ps2_kbd_ledstate_post_load,
+ .fields = (VMStateField []) {
+ VMSTATE_INT32(ledstate, PS2KbdState),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+static int ps2_kbd_post_load(void* opaque, int version_id)
+{
+ PS2KbdState *s = (PS2KbdState*)opaque;
+
+ if (version_id == 2)
+ s->scancode_set=2;
+ return 0;
+}
+
+static const VMStateDescription vmstate_ps2_keyboard = {
+ .name = "ps2kbd",
+ .version_id = 3,
+ .minimum_version_id = 2,
+ .minimum_version_id_old = 2,
+ .post_load = ps2_kbd_post_load,
+ .fields = (VMStateField []) {
+ VMSTATE_STRUCT(common, PS2KbdState, 0, vmstate_ps2_common, PS2State),
+ VMSTATE_INT32(scan_enabled, PS2KbdState),
+ VMSTATE_INT32(translate, PS2KbdState),
+ VMSTATE_INT32_V(scancode_set, PS2KbdState,3),
+ VMSTATE_END_OF_LIST()
+ },
+ .subsections = (VMStateSubsection []) {
+ {
+ .vmsd = &vmstate_ps2_keyboard_ledstate,
+ .needed = ps2_keyboard_ledstate_needed,
+ }, {
+ /* empty */
+ }
+ }
+};
+
+static const VMStateDescription vmstate_ps2_mouse = {
+ .name = "ps2mouse",
+ .version_id = 2,
+ .minimum_version_id = 2,
+ .minimum_version_id_old = 2,
+ .fields = (VMStateField []) {
+ VMSTATE_STRUCT(common, PS2MouseState, 0, vmstate_ps2_common, PS2State),
+ VMSTATE_UINT8(mouse_status, PS2MouseState),
+ VMSTATE_UINT8(mouse_resolution, PS2MouseState),
+ VMSTATE_UINT8(mouse_sample_rate, PS2MouseState),
+ VMSTATE_UINT8(mouse_wrap, PS2MouseState),
+ VMSTATE_UINT8(mouse_type, PS2MouseState),
+ VMSTATE_UINT8(mouse_detect_state, PS2MouseState),
+ VMSTATE_INT32(mouse_dx, PS2MouseState),
+ VMSTATE_INT32(mouse_dy, PS2MouseState),
+ VMSTATE_INT32(mouse_dz, PS2MouseState),
+ VMSTATE_UINT8(mouse_buttons, PS2MouseState),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+void *ps2_kbd_init(void (*update_irq)(void *, int), void *update_arg)
+{
+ PS2KbdState *s = (PS2KbdState *)g_malloc0(sizeof(PS2KbdState));
+
+ s->common.update_irq = update_irq;
+ s->common.update_arg = update_arg;
+ s->scancode_set = 2;
+ vmstate_register(NULL, 0, &vmstate_ps2_keyboard, s);
+ qemu_add_kbd_event_handler(ps2_put_keycode, s);
+ qemu_register_reset(ps2_kbd_reset, s);
+ return s;
+}
+
+void *ps2_mouse_init(void (*update_irq)(void *, int), void *update_arg)
+{
+ PS2MouseState *s = (PS2MouseState *)g_malloc0(sizeof(PS2MouseState));
+
+ s->common.update_irq = update_irq;
+ s->common.update_arg = update_arg;
+ vmstate_register(NULL, 0, &vmstate_ps2_mouse, s);
+ qemu_add_mouse_event_handler(ps2_mouse_event, s, 0, "QEMU PS/2 Mouse");
+ qemu_register_reset(ps2_mouse_reset, s);
+ return s;
+}
diff --git a/hw/input/pxa2xx_keypad.c b/hw/input/pxa2xx_keypad.c
new file mode 100644
index 000000000..846d1370d
--- /dev/null
+++ b/hw/input/pxa2xx_keypad.c
@@ -0,0 +1,335 @@
+/*
+ * Intel PXA27X Keypad Controller emulation.
+ *
+ * Copyright (c) 2007 MontaVista Software, Inc
+ * Written by Armin Kuster <akuster@kama-aina.net>
+ * or <Akuster@mvista.com>
+ *
+ * This code is licensed under the GPLv2.
+ *
+ * Contributions after 2012-01-13 are licensed under the terms of the
+ * GNU GPL, version 2 or (at your option) any later version.
+ */
+
+#include "hw/hw.h"
+#include "hw/arm/pxa.h"
+#include "ui/console.h"
+
+/*
+ * Keypad
+ */
+#define KPC 0x00 /* Keypad Interface Control register */
+#define KPDK 0x08 /* Keypad Interface Direct Key register */
+#define KPREC 0x10 /* Keypad Interface Rotary Encoder register */
+#define KPMK 0x18 /* Keypad Interface Matrix Key register */
+#define KPAS 0x20 /* Keypad Interface Automatic Scan register */
+#define KPASMKP0 0x28 /* Keypad Interface Automatic Scan Multiple
+ Key Presser register 0 */
+#define KPASMKP1 0x30 /* Keypad Interface Automatic Scan Multiple
+ Key Presser register 1 */
+#define KPASMKP2 0x38 /* Keypad Interface Automatic Scan Multiple
+ Key Presser register 2 */
+#define KPASMKP3 0x40 /* Keypad Interface Automatic Scan Multiple
+ Key Presser register 3 */
+#define KPKDI 0x48 /* Keypad Interface Key Debounce Interval
+ register */
+
+/* Keypad defines */
+#define KPC_AS (0x1 << 30) /* Automatic Scan bit */
+#define KPC_ASACT (0x1 << 29) /* Automatic Scan on Activity */
+#define KPC_MI (0x1 << 22) /* Matrix interrupt bit */
+#define KPC_IMKP (0x1 << 21) /* Ignore Multiple Key Press */
+#define KPC_MS7 (0x1 << 20) /* Matrix scan line 7 */
+#define KPC_MS6 (0x1 << 19) /* Matrix scan line 6 */
+#define KPC_MS5 (0x1 << 18) /* Matrix scan line 5 */
+#define KPC_MS4 (0x1 << 17) /* Matrix scan line 4 */
+#define KPC_MS3 (0x1 << 16) /* Matrix scan line 3 */
+#define KPC_MS2 (0x1 << 15) /* Matrix scan line 2 */
+#define KPC_MS1 (0x1 << 14) /* Matrix scan line 1 */
+#define KPC_MS0 (0x1 << 13) /* Matrix scan line 0 */
+#define KPC_ME (0x1 << 12) /* Matrix Keypad Enable */
+#define KPC_MIE (0x1 << 11) /* Matrix Interrupt Enable */
+#define KPC_DK_DEB_SEL (0x1 << 9) /* Direct Keypad Debounce Select */
+#define KPC_DI (0x1 << 5) /* Direct key interrupt bit */
+#define KPC_RE_ZERO_DEB (0x1 << 4) /* Rotary Encoder Zero Debounce */
+#define KPC_REE1 (0x1 << 3) /* Rotary Encoder1 Enable */
+#define KPC_REE0 (0x1 << 2) /* Rotary Encoder0 Enable */
+#define KPC_DE (0x1 << 1) /* Direct Keypad Enable */
+#define KPC_DIE (0x1 << 0) /* Direct Keypad interrupt Enable */
+
+#define KPDK_DKP (0x1 << 31)
+#define KPDK_DK7 (0x1 << 7)
+#define KPDK_DK6 (0x1 << 6)
+#define KPDK_DK5 (0x1 << 5)
+#define KPDK_DK4 (0x1 << 4)
+#define KPDK_DK3 (0x1 << 3)
+#define KPDK_DK2 (0x1 << 2)
+#define KPDK_DK1 (0x1 << 1)
+#define KPDK_DK0 (0x1 << 0)
+
+#define KPREC_OF1 (0x1 << 31)
+#define KPREC_UF1 (0x1 << 30)
+#define KPREC_OF0 (0x1 << 15)
+#define KPREC_UF0 (0x1 << 14)
+
+#define KPMK_MKP (0x1 << 31)
+#define KPAS_SO (0x1 << 31)
+#define KPASMKPx_SO (0x1 << 31)
+
+
+#define KPASMKPx_MKC(row, col) (1 << (row + 16 * (col % 2)))
+
+#define PXAKBD_MAXROW 8
+#define PXAKBD_MAXCOL 8
+
+struct PXA2xxKeyPadState {
+ MemoryRegion iomem;
+ qemu_irq irq;
+ struct keymap *map;
+ int pressed_cnt;
+ int alt_code;
+
+ uint32_t kpc;
+ uint32_t kpdk;
+ uint32_t kprec;
+ uint32_t kpmk;
+ uint32_t kpas;
+ uint32_t kpasmkp[4];
+ uint32_t kpkdi;
+};
+
+static void pxa27x_keypad_find_pressed_key(PXA2xxKeyPadState *kp, int *row, int *col)
+{
+ int i;
+ for (i = 0; i < 4; i++)
+ {
+ *col = i * 2;
+ for (*row = 0; *row < 8; (*row)++) {
+ if (kp->kpasmkp[i] & (1 << *row))
+ return;
+ }
+ *col = i * 2 + 1;
+ for (*row = 0; *row < 8; (*row)++) {
+ if (kp->kpasmkp[i] & (1 << (*row + 16)))
+ return;
+ }
+ }
+}
+
+static void pxa27x_keyboard_event (PXA2xxKeyPadState *kp, int keycode)
+{
+ int row, col, rel, assert_irq = 0;
+ uint32_t val;
+
+ if (keycode == 0xe0) {
+ kp->alt_code = 1;
+ return;
+ }
+
+ if(!(kp->kpc & KPC_ME)) /* skip if not enabled */
+ return;
+
+ rel = (keycode & 0x80) ? 1 : 0; /* key release from qemu */
+ keycode &= ~0x80; /* strip qemu key release bit */
+ if (kp->alt_code) {
+ keycode |= 0x80;
+ kp->alt_code = 0;
+ }
+
+ row = kp->map[keycode].row;
+ col = kp->map[keycode].column;
+ if (row == -1 || col == -1) {
+ return;
+ }
+
+ val = KPASMKPx_MKC(row, col);
+ if (rel) {
+ if (kp->kpasmkp[col / 2] & val) {
+ kp->kpasmkp[col / 2] &= ~val;
+ kp->pressed_cnt--;
+ assert_irq = 1;
+ }
+ } else {
+ if (!(kp->kpasmkp[col / 2] & val)) {
+ kp->kpasmkp[col / 2] |= val;
+ kp->pressed_cnt++;
+ assert_irq = 1;
+ }
+ }
+ kp->kpas = ((kp->pressed_cnt & 0x1f) << 26) | (0xf << 4) | 0xf;
+ if (kp->pressed_cnt == 1) {
+ kp->kpas &= ~((0xf << 4) | 0xf);
+ if (rel) {
+ pxa27x_keypad_find_pressed_key(kp, &row, &col);
+ }
+ kp->kpas |= ((row & 0xf) << 4) | (col & 0xf);
+ }
+
+ if (!(kp->kpc & (KPC_AS | KPC_ASACT)))
+ assert_irq = 0;
+
+ if (assert_irq && (kp->kpc & KPC_MIE)) {
+ kp->kpc |= KPC_MI;
+ qemu_irq_raise(kp->irq);
+ }
+}
+
+static uint64_t pxa2xx_keypad_read(void *opaque, hwaddr offset,
+ unsigned size)
+{
+ PXA2xxKeyPadState *s = (PXA2xxKeyPadState *) opaque;
+ uint32_t tmp;
+
+ switch (offset) {
+ case KPC:
+ tmp = s->kpc;
+ if(tmp & KPC_MI)
+ s->kpc &= ~(KPC_MI);
+ if(tmp & KPC_DI)
+ s->kpc &= ~(KPC_DI);
+ qemu_irq_lower(s->irq);
+ return tmp;
+ break;
+ case KPDK:
+ return s->kpdk;
+ break;
+ case KPREC:
+ tmp = s->kprec;
+ if(tmp & KPREC_OF1)
+ s->kprec &= ~(KPREC_OF1);
+ if(tmp & KPREC_UF1)
+ s->kprec &= ~(KPREC_UF1);
+ if(tmp & KPREC_OF0)
+ s->kprec &= ~(KPREC_OF0);
+ if(tmp & KPREC_UF0)
+ s->kprec &= ~(KPREC_UF0);
+ return tmp;
+ break;
+ case KPMK:
+ tmp = s->kpmk;
+ if(tmp & KPMK_MKP)
+ s->kpmk &= ~(KPMK_MKP);
+ return tmp;
+ break;
+ case KPAS:
+ return s->kpas;
+ break;
+ case KPASMKP0:
+ return s->kpasmkp[0];
+ break;
+ case KPASMKP1:
+ return s->kpasmkp[1];
+ break;
+ case KPASMKP2:
+ return s->kpasmkp[2];
+ break;
+ case KPASMKP3:
+ return s->kpasmkp[3];
+ break;
+ case KPKDI:
+ return s->kpkdi;
+ break;
+ default:
+ hw_error("%s: Bad offset " REG_FMT "\n", __FUNCTION__, offset);
+ }
+
+ return 0;
+}
+
+static void pxa2xx_keypad_write(void *opaque, hwaddr offset,
+ uint64_t value, unsigned size)
+{
+ PXA2xxKeyPadState *s = (PXA2xxKeyPadState *) opaque;
+
+ switch (offset) {
+ case KPC:
+ s->kpc = value;
+ if (s->kpc & KPC_AS) {
+ s->kpc &= ~(KPC_AS);
+ }
+ break;
+ case KPDK:
+ s->kpdk = value;
+ break;
+ case KPREC:
+ s->kprec = value;
+ break;
+ case KPMK:
+ s->kpmk = value;
+ break;
+ case KPAS:
+ s->kpas = value;
+ break;
+ case KPASMKP0:
+ s->kpasmkp[0] = value;
+ break;
+ case KPASMKP1:
+ s->kpasmkp[1] = value;
+ break;
+ case KPASMKP2:
+ s->kpasmkp[2] = value;
+ break;
+ case KPASMKP3:
+ s->kpasmkp[3] = value;
+ break;
+ case KPKDI:
+ s->kpkdi = value;
+ break;
+
+ default:
+ hw_error("%s: Bad offset " REG_FMT "\n", __FUNCTION__, offset);
+ }
+}
+
+static const MemoryRegionOps pxa2xx_keypad_ops = {
+ .read = pxa2xx_keypad_read,
+ .write = pxa2xx_keypad_write,
+ .endianness = DEVICE_NATIVE_ENDIAN,
+};
+
+static const VMStateDescription vmstate_pxa2xx_keypad = {
+ .name = "pxa2xx_keypad",
+ .version_id = 0,
+ .minimum_version_id = 0,
+ .minimum_version_id_old = 0,
+ .fields = (VMStateField[]) {
+ VMSTATE_UINT32(kpc, PXA2xxKeyPadState),
+ VMSTATE_UINT32(kpdk, PXA2xxKeyPadState),
+ VMSTATE_UINT32(kprec, PXA2xxKeyPadState),
+ VMSTATE_UINT32(kpmk, PXA2xxKeyPadState),
+ VMSTATE_UINT32(kpas, PXA2xxKeyPadState),
+ VMSTATE_UINT32_ARRAY(kpasmkp, PXA2xxKeyPadState, 4),
+ VMSTATE_UINT32(kpkdi, PXA2xxKeyPadState),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+PXA2xxKeyPadState *pxa27x_keypad_init(MemoryRegion *sysmem,
+ hwaddr base,
+ qemu_irq irq)
+{
+ PXA2xxKeyPadState *s;
+
+ s = (PXA2xxKeyPadState *) g_malloc0(sizeof(PXA2xxKeyPadState));
+ s->irq = irq;
+
+ memory_region_init_io(&s->iomem, NULL, &pxa2xx_keypad_ops, s,
+ "pxa2xx-keypad", 0x00100000);
+ memory_region_add_subregion(sysmem, base, &s->iomem);
+
+ vmstate_register(NULL, 0, &vmstate_pxa2xx_keypad, s);
+
+ return s;
+}
+
+void pxa27x_register_keypad(PXA2xxKeyPadState *kp, struct keymap *map,
+ int size)
+{
+ if(!map || size < 0x80) {
+ fprintf(stderr, "%s - No PXA keypad map defined\n", __FUNCTION__);
+ exit(-1);
+ }
+
+ kp->map = map;
+ qemu_add_kbd_event_handler((QEMUPutKBDEvent *) pxa27x_keyboard_event, kp);
+}
diff --git a/hw/input/stellaris_input.c b/hw/input/stellaris_input.c
new file mode 100644
index 000000000..4e407922a
--- /dev/null
+++ b/hw/input/stellaris_input.c
@@ -0,0 +1,89 @@
+/*
+ * Gamepad style buttons connected to IRQ/GPIO lines
+ *
+ * Copyright (c) 2007 CodeSourcery.
+ * Written by Paul Brook
+ *
+ * This code is licensed under the GPL.
+ */
+#include "hw/hw.h"
+#include "hw/devices.h"
+#include "ui/console.h"
+
+typedef struct {
+ qemu_irq irq;
+ int keycode;
+ uint8_t pressed;
+} gamepad_button;
+
+typedef struct {
+ gamepad_button *buttons;
+ int num_buttons;
+ int extension;
+} gamepad_state;
+
+static void stellaris_gamepad_put_key(void * opaque, int keycode)
+{
+ gamepad_state *s = (gamepad_state *)opaque;
+ int i;
+ int down;
+
+ if (keycode == 0xe0 && !s->extension) {
+ s->extension = 0x80;
+ return;
+ }
+
+ down = (keycode & 0x80) == 0;
+ keycode = (keycode & 0x7f) | s->extension;
+
+ for (i = 0; i < s->num_buttons; i++) {
+ if (s->buttons[i].keycode == keycode
+ && s->buttons[i].pressed != down) {
+ s->buttons[i].pressed = down;
+ qemu_set_irq(s->buttons[i].irq, down);
+ }
+ }
+
+ s->extension = 0;
+}
+
+static const VMStateDescription vmstate_stellaris_button = {
+ .name = "stellaris_button",
+ .version_id = 0,
+ .minimum_version_id = 0,
+ .minimum_version_id_old = 0,
+ .fields = (VMStateField[]) {
+ VMSTATE_UINT8(pressed, gamepad_button),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+static const VMStateDescription vmstate_stellaris_gamepad = {
+ .name = "stellaris_gamepad",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .minimum_version_id_old = 1,
+ .fields = (VMStateField[]) {
+ VMSTATE_INT32(extension, gamepad_state),
+ VMSTATE_STRUCT_VARRAY_INT32(buttons, gamepad_state, num_buttons, 0,
+ vmstate_stellaris_button, gamepad_button),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+/* Returns an array 5 ouput slots. */
+void stellaris_gamepad_init(int n, qemu_irq *irq, const int *keycode)
+{
+ gamepad_state *s;
+ int i;
+
+ s = (gamepad_state *)g_malloc0(sizeof (gamepad_state));
+ s->buttons = (gamepad_button *)g_malloc0(n * sizeof (gamepad_button));
+ for (i = 0; i < n; i++) {
+ s->buttons[i].irq = irq[i];
+ s->buttons[i].keycode = keycode[i];
+ }
+ s->num_buttons = n;
+ qemu_add_kbd_event_handler(stellaris_gamepad_put_key, s);
+ vmstate_register(NULL, -1, &vmstate_stellaris_gamepad, s);
+}
diff --git a/hw/input/tsc2005.c b/hw/input/tsc2005.c
new file mode 100644
index 000000000..a771cd5e5
--- /dev/null
+++ b/hw/input/tsc2005.c
@@ -0,0 +1,593 @@
+/*
+ * TI TSC2005 emulator.
+ *
+ * Copyright (c) 2006 Andrzej Zaborowski <balrog@zabor.org>
+ * Copyright (C) 2008 Nokia Corporation
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License as
+ * published by the Free Software Foundation; either version 2 or
+ * (at your option) version 3 of the License.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "hw/hw.h"
+#include "qemu/timer.h"
+#include "ui/console.h"
+#include "hw/devices.h"
+
+#define TSC_CUT_RESOLUTION(value, p) ((value) >> (16 - (p ? 12 : 10)))
+
+typedef struct {
+ qemu_irq pint; /* Combination of the nPENIRQ and DAV signals */
+ QEMUTimer *timer;
+ uint16_t model;
+
+ int x, y;
+ int pressure;
+
+ int state, reg, irq, command;
+ uint16_t data, dav;
+
+ int busy;
+ int enabled;
+ int host_mode;
+ int function;
+ int nextfunction;
+ int precision;
+ int nextprecision;
+ int filter;
+ int pin_func;
+ int timing[2];
+ int noise;
+ int reset;
+ int pdst;
+ int pnd0;
+ uint16_t temp_thr[2];
+ uint16_t aux_thr[2];
+
+ int tr[8];
+} TSC2005State;
+
+enum {
+ TSC_MODE_XYZ_SCAN = 0x0,
+ TSC_MODE_XY_SCAN,
+ TSC_MODE_X,
+ TSC_MODE_Y,
+ TSC_MODE_Z,
+ TSC_MODE_AUX,
+ TSC_MODE_TEMP1,
+ TSC_MODE_TEMP2,
+ TSC_MODE_AUX_SCAN,
+ TSC_MODE_X_TEST,
+ TSC_MODE_Y_TEST,
+ TSC_MODE_TS_TEST,
+ TSC_MODE_RESERVED,
+ TSC_MODE_XX_DRV,
+ TSC_MODE_YY_DRV,
+ TSC_MODE_YX_DRV,
+};
+
+static const uint16_t mode_regs[16] = {
+ 0xf000, /* X, Y, Z scan */
+ 0xc000, /* X, Y scan */
+ 0x8000, /* X */
+ 0x4000, /* Y */
+ 0x3000, /* Z */
+ 0x0800, /* AUX */
+ 0x0400, /* TEMP1 */
+ 0x0200, /* TEMP2 */
+ 0x0800, /* AUX scan */
+ 0x0040, /* X test */
+ 0x0020, /* Y test */
+ 0x0080, /* Short-circuit test */
+ 0x0000, /* Reserved */
+ 0x0000, /* X+, X- drivers */
+ 0x0000, /* Y+, Y- drivers */
+ 0x0000, /* Y+, X- drivers */
+};
+
+#define X_TRANSFORM(s) \
+ ((s->y * s->tr[0] - s->x * s->tr[1]) / s->tr[2] + s->tr[3])
+#define Y_TRANSFORM(s) \
+ ((s->y * s->tr[4] - s->x * s->tr[5]) / s->tr[6] + s->tr[7])
+#define Z1_TRANSFORM(s) \
+ ((400 - ((s)->x >> 7) + ((s)->pressure << 10)) << 4)
+#define Z2_TRANSFORM(s) \
+ ((4000 + ((s)->y >> 7) - ((s)->pressure << 10)) << 4)
+
+#define AUX_VAL (700 << 4) /* +/- 3 at 12-bit */
+#define TEMP1_VAL (1264 << 4) /* +/- 5 at 12-bit */
+#define TEMP2_VAL (1531 << 4) /* +/- 5 at 12-bit */
+
+static uint16_t tsc2005_read(TSC2005State *s, int reg)
+{
+ uint16_t ret;
+
+ switch (reg) {
+ case 0x0: /* X */
+ s->dav &= ~mode_regs[TSC_MODE_X];
+ return TSC_CUT_RESOLUTION(X_TRANSFORM(s), s->precision) +
+ (s->noise & 3);
+ case 0x1: /* Y */
+ s->dav &= ~mode_regs[TSC_MODE_Y];
+ s->noise ++;
+ return TSC_CUT_RESOLUTION(Y_TRANSFORM(s), s->precision) ^
+ (s->noise & 3);
+ case 0x2: /* Z1 */
+ s->dav &= 0xdfff;
+ return TSC_CUT_RESOLUTION(Z1_TRANSFORM(s), s->precision) -
+ (s->noise & 3);
+ case 0x3: /* Z2 */
+ s->dav &= 0xefff;
+ return TSC_CUT_RESOLUTION(Z2_TRANSFORM(s), s->precision) |
+ (s->noise & 3);
+
+ case 0x4: /* AUX */
+ s->dav &= ~mode_regs[TSC_MODE_AUX];
+ return TSC_CUT_RESOLUTION(AUX_VAL, s->precision);
+
+ case 0x5: /* TEMP1 */
+ s->dav &= ~mode_regs[TSC_MODE_TEMP1];
+ return TSC_CUT_RESOLUTION(TEMP1_VAL, s->precision) -
+ (s->noise & 5);
+ case 0x6: /* TEMP2 */
+ s->dav &= 0xdfff;
+ s->dav &= ~mode_regs[TSC_MODE_TEMP2];
+ return TSC_CUT_RESOLUTION(TEMP2_VAL, s->precision) ^
+ (s->noise & 3);
+
+ case 0x7: /* Status */
+ ret = s->dav | (s->reset << 7) | (s->pdst << 2) | 0x0;
+ s->dav &= ~(mode_regs[TSC_MODE_X_TEST] | mode_regs[TSC_MODE_Y_TEST] |
+ mode_regs[TSC_MODE_TS_TEST]);
+ s->reset = 1;
+ return ret;
+
+ case 0x8: /* AUX high treshold */
+ return s->aux_thr[1];
+ case 0x9: /* AUX low treshold */
+ return s->aux_thr[0];
+
+ case 0xa: /* TEMP high treshold */
+ return s->temp_thr[1];
+ case 0xb: /* TEMP low treshold */
+ return s->temp_thr[0];
+
+ case 0xc: /* CFR0 */
+ return (s->pressure << 15) | ((!s->busy) << 14) |
+ (s->nextprecision << 13) | s->timing[0];
+ case 0xd: /* CFR1 */
+ return s->timing[1];
+ case 0xe: /* CFR2 */
+ return (s->pin_func << 14) | s->filter;
+
+ case 0xf: /* Function select status */
+ return s->function >= 0 ? 1 << s->function : 0;
+ }
+
+ /* Never gets here */
+ return 0xffff;
+}
+
+static void tsc2005_write(TSC2005State *s, int reg, uint16_t data)
+{
+ switch (reg) {
+ case 0x8: /* AUX high treshold */
+ s->aux_thr[1] = data;
+ break;
+ case 0x9: /* AUX low treshold */
+ s->aux_thr[0] = data;
+ break;
+
+ case 0xa: /* TEMP high treshold */
+ s->temp_thr[1] = data;
+ break;
+ case 0xb: /* TEMP low treshold */
+ s->temp_thr[0] = data;
+ break;
+
+ case 0xc: /* CFR0 */
+ s->host_mode = data >> 15;
+ if (s->enabled != !(data & 0x4000)) {
+ s->enabled = !(data & 0x4000);
+ fprintf(stderr, "%s: touchscreen sense %sabled\n",
+ __FUNCTION__, s->enabled ? "en" : "dis");
+ if (s->busy && !s->enabled)
+ qemu_del_timer(s->timer);
+ s->busy &= s->enabled;
+ }
+ s->nextprecision = (data >> 13) & 1;
+ s->timing[0] = data & 0x1fff;
+ if ((s->timing[0] >> 11) == 3)
+ fprintf(stderr, "%s: illegal conversion clock setting\n",
+ __FUNCTION__);
+ break;
+ case 0xd: /* CFR1 */
+ s->timing[1] = data & 0xf07;
+ break;
+ case 0xe: /* CFR2 */
+ s->pin_func = (data >> 14) & 3;
+ s->filter = data & 0x3fff;
+ break;
+
+ default:
+ fprintf(stderr, "%s: write into read-only register %x\n",
+ __FUNCTION__, reg);
+ }
+}
+
+/* This handles most of the chip's logic. */
+static void tsc2005_pin_update(TSC2005State *s)
+{
+ int64_t expires;
+ int pin_state;
+
+ switch (s->pin_func) {
+ case 0:
+ pin_state = !s->pressure && !!s->dav;
+ break;
+ case 1:
+ case 3:
+ default:
+ pin_state = !s->dav;
+ break;
+ case 2:
+ pin_state = !s->pressure;
+ }
+
+ if (pin_state != s->irq) {
+ s->irq = pin_state;
+ qemu_set_irq(s->pint, s->irq);
+ }
+
+ switch (s->nextfunction) {
+ case TSC_MODE_XYZ_SCAN:
+ case TSC_MODE_XY_SCAN:
+ if (!s->host_mode && s->dav)
+ s->enabled = 0;
+ if (!s->pressure)
+ return;
+ /* Fall through */
+ case TSC_MODE_AUX_SCAN:
+ break;
+
+ case TSC_MODE_X:
+ case TSC_MODE_Y:
+ case TSC_MODE_Z:
+ if (!s->pressure)
+ return;
+ /* Fall through */
+ case TSC_MODE_AUX:
+ case TSC_MODE_TEMP1:
+ case TSC_MODE_TEMP2:
+ case TSC_MODE_X_TEST:
+ case TSC_MODE_Y_TEST:
+ case TSC_MODE_TS_TEST:
+ if (s->dav)
+ s->enabled = 0;
+ break;
+
+ case TSC_MODE_RESERVED:
+ case TSC_MODE_XX_DRV:
+ case TSC_MODE_YY_DRV:
+ case TSC_MODE_YX_DRV:
+ default:
+ return;
+ }
+
+ if (!s->enabled || s->busy)
+ return;
+
+ s->busy = 1;
+ s->precision = s->nextprecision;
+ s->function = s->nextfunction;
+ s->pdst = !s->pnd0; /* Synchronised on internal clock */
+ expires = qemu_get_clock_ns(vm_clock) + (get_ticks_per_sec() >> 7);
+ qemu_mod_timer(s->timer, expires);
+}
+
+static void tsc2005_reset(TSC2005State *s)
+{
+ s->state = 0;
+ s->pin_func = 0;
+ s->enabled = 0;
+ s->busy = 0;
+ s->nextprecision = 0;
+ s->nextfunction = 0;
+ s->timing[0] = 0;
+ s->timing[1] = 0;
+ s->irq = 0;
+ s->dav = 0;
+ s->reset = 0;
+ s->pdst = 1;
+ s->pnd0 = 0;
+ s->function = -1;
+ s->temp_thr[0] = 0x000;
+ s->temp_thr[1] = 0xfff;
+ s->aux_thr[0] = 0x000;
+ s->aux_thr[1] = 0xfff;
+
+ tsc2005_pin_update(s);
+}
+
+static uint8_t tsc2005_txrx_word(void *opaque, uint8_t value)
+{
+ TSC2005State *s = opaque;
+ uint32_t ret = 0;
+
+ switch (s->state ++) {
+ case 0:
+ if (value & 0x80) {
+ /* Command */
+ if (value & (1 << 1))
+ tsc2005_reset(s);
+ else {
+ s->nextfunction = (value >> 3) & 0xf;
+ s->nextprecision = (value >> 2) & 1;
+ if (s->enabled != !(value & 1)) {
+ s->enabled = !(value & 1);
+ fprintf(stderr, "%s: touchscreen sense %sabled\n",
+ __FUNCTION__, s->enabled ? "en" : "dis");
+ if (s->busy && !s->enabled)
+ qemu_del_timer(s->timer);
+ s->busy &= s->enabled;
+ }
+ tsc2005_pin_update(s);
+ }
+
+ s->state = 0;
+ } else if (value) {
+ /* Data transfer */
+ s->reg = (value >> 3) & 0xf;
+ s->pnd0 = (value >> 1) & 1;
+ s->command = value & 1;
+
+ if (s->command) {
+ /* Read */
+ s->data = tsc2005_read(s, s->reg);
+ tsc2005_pin_update(s);
+ } else
+ s->data = 0;
+ } else
+ s->state = 0;
+ break;
+
+ case 1:
+ if (s->command)
+ ret = (s->data >> 8) & 0xff;
+ else
+ s->data |= value << 8;
+ break;
+
+ case 2:
+ if (s->command)
+ ret = s->data & 0xff;
+ else {
+ s->data |= value;
+ tsc2005_write(s, s->reg, s->data);
+ tsc2005_pin_update(s);
+ }
+
+ s->state = 0;
+ break;
+ }
+
+ return ret;
+}
+
+uint32_t tsc2005_txrx(void *opaque, uint32_t value, int len)
+{
+ uint32_t ret = 0;
+
+ len &= ~7;
+ while (len > 0) {
+ len -= 8;
+ ret |= tsc2005_txrx_word(opaque, (value >> len) & 0xff) << len;
+ }
+
+ return ret;
+}
+
+static void tsc2005_timer_tick(void *opaque)
+{
+ TSC2005State *s = opaque;
+
+ /* Timer ticked -- a set of conversions has been finished. */
+
+ if (!s->busy)
+ return;
+
+ s->busy = 0;
+ s->dav |= mode_regs[s->function];
+ s->function = -1;
+ tsc2005_pin_update(s);
+}
+
+static void tsc2005_touchscreen_event(void *opaque,
+ int x, int y, int z, int buttons_state)
+{
+ TSC2005State *s = opaque;
+ int p = s->pressure;
+
+ if (buttons_state) {
+ s->x = x;
+ s->y = y;
+ }
+ s->pressure = !!buttons_state;
+
+ /*
+ * Note: We would get better responsiveness in the guest by
+ * signaling TS events immediately, but for now we simulate
+ * the first conversion delay for sake of correctness.
+ */
+ if (p != s->pressure)
+ tsc2005_pin_update(s);
+}
+
+static void tsc2005_save(QEMUFile *f, void *opaque)
+{
+ TSC2005State *s = (TSC2005State *) opaque;
+ int i;
+
+ qemu_put_be16(f, s->x);
+ qemu_put_be16(f, s->y);
+ qemu_put_byte(f, s->pressure);
+
+ qemu_put_byte(f, s->state);
+ qemu_put_byte(f, s->reg);
+ qemu_put_byte(f, s->command);
+
+ qemu_put_byte(f, s->irq);
+ qemu_put_be16s(f, &s->dav);
+ qemu_put_be16s(f, &s->data);
+
+ qemu_put_timer(f, s->timer);
+ qemu_put_byte(f, s->enabled);
+ qemu_put_byte(f, s->host_mode);
+ qemu_put_byte(f, s->function);
+ qemu_put_byte(f, s->nextfunction);
+ qemu_put_byte(f, s->precision);
+ qemu_put_byte(f, s->nextprecision);
+ qemu_put_be16(f, s->filter);
+ qemu_put_byte(f, s->pin_func);
+ qemu_put_be16(f, s->timing[0]);
+ qemu_put_be16(f, s->timing[1]);
+ qemu_put_be16s(f, &s->temp_thr[0]);
+ qemu_put_be16s(f, &s->temp_thr[1]);
+ qemu_put_be16s(f, &s->aux_thr[0]);
+ qemu_put_be16s(f, &s->aux_thr[1]);
+ qemu_put_be32(f, s->noise);
+ qemu_put_byte(f, s->reset);
+ qemu_put_byte(f, s->pdst);
+ qemu_put_byte(f, s->pnd0);
+
+ for (i = 0; i < 8; i ++)
+ qemu_put_be32(f, s->tr[i]);
+}
+
+static int tsc2005_load(QEMUFile *f, void *opaque, int version_id)
+{
+ TSC2005State *s = (TSC2005State *) opaque;
+ int i;
+
+ s->x = qemu_get_be16(f);
+ s->y = qemu_get_be16(f);
+ s->pressure = qemu_get_byte(f);
+
+ s->state = qemu_get_byte(f);
+ s->reg = qemu_get_byte(f);
+ s->command = qemu_get_byte(f);
+
+ s->irq = qemu_get_byte(f);
+ qemu_get_be16s(f, &s->dav);
+ qemu_get_be16s(f, &s->data);
+
+ qemu_get_timer(f, s->timer);
+ s->enabled = qemu_get_byte(f);
+ s->host_mode = qemu_get_byte(f);
+ s->function = qemu_get_byte(f);
+ s->nextfunction = qemu_get_byte(f);
+ s->precision = qemu_get_byte(f);
+ s->nextprecision = qemu_get_byte(f);
+ s->filter = qemu_get_be16(f);
+ s->pin_func = qemu_get_byte(f);
+ s->timing[0] = qemu_get_be16(f);
+ s->timing[1] = qemu_get_be16(f);
+ qemu_get_be16s(f, &s->temp_thr[0]);
+ qemu_get_be16s(f, &s->temp_thr[1]);
+ qemu_get_be16s(f, &s->aux_thr[0]);
+ qemu_get_be16s(f, &s->aux_thr[1]);
+ s->noise = qemu_get_be32(f);
+ s->reset = qemu_get_byte(f);
+ s->pdst = qemu_get_byte(f);
+ s->pnd0 = qemu_get_byte(f);
+
+ for (i = 0; i < 8; i ++)
+ s->tr[i] = qemu_get_be32(f);
+
+ s->busy = qemu_timer_pending(s->timer);
+ tsc2005_pin_update(s);
+
+ return 0;
+}
+
+void *tsc2005_init(qemu_irq pintdav)
+{
+ TSC2005State *s;
+
+ s = (TSC2005State *)
+ g_malloc0(sizeof(TSC2005State));
+ s->x = 400;
+ s->y = 240;
+ s->pressure = 0;
+ s->precision = s->nextprecision = 0;
+ s->timer = qemu_new_timer_ns(vm_clock, tsc2005_timer_tick, s);
+ s->pint = pintdav;
+ s->model = 0x2005;
+
+ s->tr[0] = 0;
+ s->tr[1] = 1;
+ s->tr[2] = 1;
+ s->tr[3] = 0;
+ s->tr[4] = 1;
+ s->tr[5] = 0;
+ s->tr[6] = 1;
+ s->tr[7] = 0;
+
+ tsc2005_reset(s);
+
+ qemu_add_mouse_event_handler(tsc2005_touchscreen_event, s, 1,
+ "QEMU TSC2005-driven Touchscreen");
+
+ qemu_register_reset((void *) tsc2005_reset, s);
+ register_savevm(NULL, "tsc2005", -1, 0, tsc2005_save, tsc2005_load, s);
+
+ return s;
+}
+
+/*
+ * Use tslib generated calibration data to generate ADC input values
+ * from the touchscreen. Assuming 12-bit precision was used during
+ * tslib calibration.
+ */
+void tsc2005_set_transform(void *opaque, MouseTransformInfo *info)
+{
+ TSC2005State *s = (TSC2005State *) opaque;
+
+ /* This version assumes touchscreen X & Y axis are parallel or
+ * perpendicular to LCD's X & Y axis in some way. */
+ if (abs(info->a[0]) > abs(info->a[1])) {
+ s->tr[0] = 0;
+ s->tr[1] = -info->a[6] * info->x;
+ s->tr[2] = info->a[0];
+ s->tr[3] = -info->a[2] / info->a[0];
+ s->tr[4] = info->a[6] * info->y;
+ s->tr[5] = 0;
+ s->tr[6] = info->a[4];
+ s->tr[7] = -info->a[5] / info->a[4];
+ } else {
+ s->tr[0] = info->a[6] * info->y;
+ s->tr[1] = 0;
+ s->tr[2] = info->a[1];
+ s->tr[3] = -info->a[2] / info->a[1];
+ s->tr[4] = 0;
+ s->tr[5] = -info->a[6] * info->x;
+ s->tr[6] = info->a[3];
+ s->tr[7] = -info->a[5] / info->a[3];
+ }
+
+ s->tr[0] >>= 11;
+ s->tr[1] >>= 11;
+ s->tr[3] <<= 4;
+ s->tr[4] >>= 11;
+ s->tr[5] >>= 11;
+ s->tr[7] <<= 4;
+}
diff --git a/hw/input/tsc210x.c b/hw/input/tsc210x.c
new file mode 100644
index 000000000..9b854e77d
--- /dev/null
+++ b/hw/input/tsc210x.c
@@ -0,0 +1,1293 @@
+/*
+ * TI TSC2102 (touchscreen/sensors/audio controller) emulator.
+ * TI TSC2301 (touchscreen/sensors/keypad).
+ *
+ * Copyright (c) 2006 Andrzej Zaborowski <balrog@zabor.org>
+ * Copyright (C) 2008 Nokia Corporation
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License as
+ * published by the Free Software Foundation; either version 2 or
+ * (at your option) version 3 of the License.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "hw/hw.h"
+#include "audio/audio.h"
+#include "qemu/timer.h"
+#include "ui/console.h"
+#include "hw/arm/omap.h" /* For I2SCodec and uWireSlave */
+#include "hw/devices.h"
+
+#define TSC_DATA_REGISTERS_PAGE 0x0
+#define TSC_CONTROL_REGISTERS_PAGE 0x1
+#define TSC_AUDIO_REGISTERS_PAGE 0x2
+
+#define TSC_VERBOSE
+
+#define TSC_CUT_RESOLUTION(value, p) ((value) >> (16 - resolution[p]))
+
+typedef struct {
+ qemu_irq pint;
+ qemu_irq kbint;
+ qemu_irq davint;
+ QEMUTimer *timer;
+ QEMUSoundCard card;
+ uWireSlave chip;
+ I2SCodec codec;
+ uint8_t in_fifo[16384];
+ uint8_t out_fifo[16384];
+ uint16_t model;
+
+ int x, y;
+ int pressure;
+
+ int state, page, offset, irq;
+ uint16_t command, dav;
+
+ int busy;
+ int enabled;
+ int host_mode;
+ int function;
+ int nextfunction;
+ int precision;
+ int nextprecision;
+ int filter;
+ int pin_func;
+ int ref;
+ int timing;
+ int noise;
+
+ uint16_t audio_ctrl1;
+ uint16_t audio_ctrl2;
+ uint16_t audio_ctrl3;
+ uint16_t pll[3];
+ uint16_t volume;
+ int64_t volume_change;
+ int softstep;
+ uint16_t dac_power;
+ int64_t powerdown;
+ uint16_t filter_data[0x14];
+
+ const char *name;
+ SWVoiceIn *adc_voice[1];
+ SWVoiceOut *dac_voice[1];
+ int i2s_rx_rate;
+ int i2s_tx_rate;
+
+ int tr[8];
+
+ struct {
+ uint16_t down;
+ uint16_t mask;
+ int scan;
+ int debounce;
+ int mode;
+ int intr;
+ } kb;
+} TSC210xState;
+
+static const int resolution[4] = { 12, 8, 10, 12 };
+
+#define TSC_MODE_NO_SCAN 0x0
+#define TSC_MODE_XY_SCAN 0x1
+#define TSC_MODE_XYZ_SCAN 0x2
+#define TSC_MODE_X 0x3
+#define TSC_MODE_Y 0x4
+#define TSC_MODE_Z 0x5
+#define TSC_MODE_BAT1 0x6
+#define TSC_MODE_BAT2 0x7
+#define TSC_MODE_AUX 0x8
+#define TSC_MODE_AUX_SCAN 0x9
+#define TSC_MODE_TEMP1 0xa
+#define TSC_MODE_PORT_SCAN 0xb
+#define TSC_MODE_TEMP2 0xc
+#define TSC_MODE_XX_DRV 0xd
+#define TSC_MODE_YY_DRV 0xe
+#define TSC_MODE_YX_DRV 0xf
+
+static const uint16_t mode_regs[16] = {
+ 0x0000, /* No scan */
+ 0x0600, /* X, Y scan */
+ 0x0780, /* X, Y, Z scan */
+ 0x0400, /* X */
+ 0x0200, /* Y */
+ 0x0180, /* Z */
+ 0x0040, /* BAT1 */
+ 0x0030, /* BAT2 */
+ 0x0010, /* AUX */
+ 0x0010, /* AUX scan */
+ 0x0004, /* TEMP1 */
+ 0x0070, /* Port scan */
+ 0x0002, /* TEMP2 */
+ 0x0000, /* X+, X- drivers */
+ 0x0000, /* Y+, Y- drivers */
+ 0x0000, /* Y+, X- drivers */
+};
+
+#define X_TRANSFORM(s) \
+ ((s->y * s->tr[0] - s->x * s->tr[1]) / s->tr[2] + s->tr[3])
+#define Y_TRANSFORM(s) \
+ ((s->y * s->tr[4] - s->x * s->tr[5]) / s->tr[6] + s->tr[7])
+#define Z1_TRANSFORM(s) \
+ ((400 - ((s)->x >> 7) + ((s)->pressure << 10)) << 4)
+#define Z2_TRANSFORM(s) \
+ ((4000 + ((s)->y >> 7) - ((s)->pressure << 10)) << 4)
+
+#define BAT1_VAL 0x8660
+#define BAT2_VAL 0x0000
+#define AUX1_VAL 0x35c0
+#define AUX2_VAL 0xffff
+#define TEMP1_VAL 0x8c70
+#define TEMP2_VAL 0xa5b0
+
+#define TSC_POWEROFF_DELAY 50
+#define TSC_SOFTSTEP_DELAY 50
+
+static void tsc210x_reset(TSC210xState *s)
+{
+ s->state = 0;
+ s->pin_func = 2;
+ s->enabled = 0;
+ s->busy = 0;
+ s->nextfunction = 0;
+ s->ref = 0;
+ s->timing = 0;
+ s->irq = 0;
+ s->dav = 0;
+
+ s->audio_ctrl1 = 0x0000;
+ s->audio_ctrl2 = 0x4410;
+ s->audio_ctrl3 = 0x0000;
+ s->pll[0] = 0x1004;
+ s->pll[1] = 0x0000;
+ s->pll[2] = 0x1fff;
+ s->volume = 0xffff;
+ s->dac_power = 0x8540;
+ s->softstep = 1;
+ s->volume_change = 0;
+ s->powerdown = 0;
+ s->filter_data[0x00] = 0x6be3;
+ s->filter_data[0x01] = 0x9666;
+ s->filter_data[0x02] = 0x675d;
+ s->filter_data[0x03] = 0x6be3;
+ s->filter_data[0x04] = 0x9666;
+ s->filter_data[0x05] = 0x675d;
+ s->filter_data[0x06] = 0x7d83;
+ s->filter_data[0x07] = 0x84ee;
+ s->filter_data[0x08] = 0x7d83;
+ s->filter_data[0x09] = 0x84ee;
+ s->filter_data[0x0a] = 0x6be3;
+ s->filter_data[0x0b] = 0x9666;
+ s->filter_data[0x0c] = 0x675d;
+ s->filter_data[0x0d] = 0x6be3;
+ s->filter_data[0x0e] = 0x9666;
+ s->filter_data[0x0f] = 0x675d;
+ s->filter_data[0x10] = 0x7d83;
+ s->filter_data[0x11] = 0x84ee;
+ s->filter_data[0x12] = 0x7d83;
+ s->filter_data[0x13] = 0x84ee;
+
+ s->i2s_tx_rate = 0;
+ s->i2s_rx_rate = 0;
+
+ s->kb.scan = 1;
+ s->kb.debounce = 0;
+ s->kb.mask = 0x0000;
+ s->kb.mode = 3;
+ s->kb.intr = 0;
+
+ qemu_set_irq(s->pint, !s->irq);
+ qemu_set_irq(s->davint, !s->dav);
+ qemu_irq_raise(s->kbint);
+}
+
+typedef struct {
+ int rate;
+ int dsor;
+ int fsref;
+} TSC210xRateInfo;
+
+/* { rate, dsor, fsref } */
+static const TSC210xRateInfo tsc2101_rates[] = {
+ /* Fsref / 6.0 */
+ { 7350, 7, 1 },
+ { 8000, 7, 0 },
+ /* Fsref / 5.5 */
+ { 8018, 6, 1 },
+ { 8727, 6, 0 },
+ /* Fsref / 5.0 */
+ { 8820, 5, 1 },
+ { 9600, 5, 0 },
+ /* Fsref / 4.0 */
+ { 11025, 4, 1 },
+ { 12000, 4, 0 },
+ /* Fsref / 3.0 */
+ { 14700, 3, 1 },
+ { 16000, 3, 0 },
+ /* Fsref / 2.0 */
+ { 22050, 2, 1 },
+ { 24000, 2, 0 },
+ /* Fsref / 1.5 */
+ { 29400, 1, 1 },
+ { 32000, 1, 0 },
+ /* Fsref */
+ { 44100, 0, 1 },
+ { 48000, 0, 0 },
+
+ { 0, 0, 0 },
+};
+
+/* { rate, dsor, fsref } */
+static const TSC210xRateInfo tsc2102_rates[] = {
+ /* Fsref / 6.0 */
+ { 7350, 63, 1 },
+ { 8000, 63, 0 },
+ /* Fsref / 6.0 */
+ { 7350, 54, 1 },
+ { 8000, 54, 0 },
+ /* Fsref / 5.0 */
+ { 8820, 45, 1 },
+ { 9600, 45, 0 },
+ /* Fsref / 4.0 */
+ { 11025, 36, 1 },
+ { 12000, 36, 0 },
+ /* Fsref / 3.0 */
+ { 14700, 27, 1 },
+ { 16000, 27, 0 },
+ /* Fsref / 2.0 */
+ { 22050, 18, 1 },
+ { 24000, 18, 0 },
+ /* Fsref / 1.5 */
+ { 29400, 9, 1 },
+ { 32000, 9, 0 },
+ /* Fsref */
+ { 44100, 0, 1 },
+ { 48000, 0, 0 },
+
+ { 0, 0, 0 },
+};
+
+static inline void tsc210x_out_flush(TSC210xState *s, int len)
+{
+ uint8_t *data = s->codec.out.fifo + s->codec.out.start;
+ uint8_t *end = data + len;
+
+ while (data < end)
+ data += AUD_write(s->dac_voice[0], data, end - data) ?: (end - data);
+
+ s->codec.out.len -= len;
+ if (s->codec.out.len)
+ memmove(s->codec.out.fifo, end, s->codec.out.len);
+ s->codec.out.start = 0;
+}
+
+static void tsc210x_audio_out_cb(TSC210xState *s, int free_b)
+{
+ if (s->codec.out.len >= free_b) {
+ tsc210x_out_flush(s, free_b);
+ return;
+ }
+
+ s->codec.out.size = MIN(free_b, 16384);
+ qemu_irq_raise(s->codec.tx_start);
+}
+
+static void tsc2102_audio_rate_update(TSC210xState *s)
+{
+ const TSC210xRateInfo *rate;
+
+ s->codec.tx_rate = 0;
+ s->codec.rx_rate = 0;
+ if (s->dac_power & (1 << 15)) /* PWDNC */
+ return;
+
+ for (rate = tsc2102_rates; rate->rate; rate ++)
+ if (rate->dsor == (s->audio_ctrl1 & 0x3f) && /* DACFS */
+ rate->fsref == ((s->audio_ctrl3 >> 13) & 1))/* REFFS */
+ break;
+ if (!rate->rate) {
+ printf("%s: unknown sampling rate configured\n", __FUNCTION__);
+ return;
+ }
+
+ s->codec.tx_rate = rate->rate;
+}
+
+static void tsc2102_audio_output_update(TSC210xState *s)
+{
+ int enable;
+ struct audsettings fmt;
+
+ if (s->dac_voice[0]) {
+ tsc210x_out_flush(s, s->codec.out.len);
+ s->codec.out.size = 0;
+ AUD_set_active_out(s->dac_voice[0], 0);
+ AUD_close_out(&s->card, s->dac_voice[0]);
+ s->dac_voice[0] = NULL;
+ }
+ s->codec.cts = 0;
+
+ enable =
+ (~s->dac_power & (1 << 15)) && /* PWDNC */
+ (~s->dac_power & (1 << 10)); /* DAPWDN */
+ if (!enable || !s->codec.tx_rate)
+ return;
+
+ /* Force our own sampling rate even in slave DAC mode */
+ fmt.endianness = 0;
+ fmt.nchannels = 2;
+ fmt.freq = s->codec.tx_rate;
+ fmt.fmt = AUD_FMT_S16;
+
+ s->dac_voice[0] = AUD_open_out(&s->card, s->dac_voice[0],
+ "tsc2102.sink", s, (void *) tsc210x_audio_out_cb, &fmt);
+ if (s->dac_voice[0]) {
+ s->codec.cts = 1;
+ AUD_set_active_out(s->dac_voice[0], 1);
+ }
+}
+
+static uint16_t tsc2102_data_register_read(TSC210xState *s, int reg)
+{
+ switch (reg) {
+ case 0x00: /* X */
+ s->dav &= 0xfbff;
+ return TSC_CUT_RESOLUTION(X_TRANSFORM(s), s->precision) +
+ (s->noise & 3);
+
+ case 0x01: /* Y */
+ s->noise ++;
+ s->dav &= 0xfdff;
+ return TSC_CUT_RESOLUTION(Y_TRANSFORM(s), s->precision) ^
+ (s->noise & 3);
+
+ case 0x02: /* Z1 */
+ s->dav &= 0xfeff;
+ return TSC_CUT_RESOLUTION(Z1_TRANSFORM(s), s->precision) -
+ (s->noise & 3);
+
+ case 0x03: /* Z2 */
+ s->dav &= 0xff7f;
+ return TSC_CUT_RESOLUTION(Z2_TRANSFORM(s), s->precision) |
+ (s->noise & 3);
+
+ case 0x04: /* KPData */
+ if ((s->model & 0xff00) == 0x2300) {
+ if (s->kb.intr && (s->kb.mode & 2)) {
+ s->kb.intr = 0;
+ qemu_irq_raise(s->kbint);
+ }
+ return s->kb.down;
+ }
+
+ return 0xffff;
+
+ case 0x05: /* BAT1 */
+ s->dav &= 0xffbf;
+ return TSC_CUT_RESOLUTION(BAT1_VAL, s->precision) +
+ (s->noise & 6);
+
+ case 0x06: /* BAT2 */
+ s->dav &= 0xffdf;
+ return TSC_CUT_RESOLUTION(BAT2_VAL, s->precision);
+
+ case 0x07: /* AUX1 */
+ s->dav &= 0xffef;
+ return TSC_CUT_RESOLUTION(AUX1_VAL, s->precision);
+
+ case 0x08: /* AUX2 */
+ s->dav &= 0xfff7;
+ return 0xffff;
+
+ case 0x09: /* TEMP1 */
+ s->dav &= 0xfffb;
+ return TSC_CUT_RESOLUTION(TEMP1_VAL, s->precision) -
+ (s->noise & 5);
+
+ case 0x0a: /* TEMP2 */
+ s->dav &= 0xfffd;
+ return TSC_CUT_RESOLUTION(TEMP2_VAL, s->precision) ^
+ (s->noise & 3);
+
+ case 0x0b: /* DAC */
+ s->dav &= 0xfffe;
+ return 0xffff;
+
+ default:
+#ifdef TSC_VERBOSE
+ fprintf(stderr, "tsc2102_data_register_read: "
+ "no such register: 0x%02x\n", reg);
+#endif
+ return 0xffff;
+ }
+}
+
+static uint16_t tsc2102_control_register_read(
+ TSC210xState *s, int reg)
+{
+ switch (reg) {
+ case 0x00: /* TSC ADC */
+ return (s->pressure << 15) | ((!s->busy) << 14) |
+ (s->nextfunction << 10) | (s->nextprecision << 8) | s->filter;
+
+ case 0x01: /* Status / Keypad Control */
+ if ((s->model & 0xff00) == 0x2100)
+ return (s->pin_func << 14) | ((!s->enabled) << 13) |
+ (s->host_mode << 12) | ((!!s->dav) << 11) | s->dav;
+ else
+ return (s->kb.intr << 15) | ((s->kb.scan || !s->kb.down) << 14) |
+ (s->kb.debounce << 11);
+
+ case 0x02: /* DAC Control */
+ if ((s->model & 0xff00) == 0x2300)
+ return s->dac_power & 0x8000;
+ else
+ goto bad_reg;
+
+ case 0x03: /* Reference */
+ return s->ref;
+
+ case 0x04: /* Reset */
+ return 0xffff;
+
+ case 0x05: /* Configuration */
+ return s->timing;
+
+ case 0x06: /* Secondary configuration */
+ if ((s->model & 0xff00) == 0x2100)
+ goto bad_reg;
+ return ((!s->dav) << 15) | ((s->kb.mode & 1) << 14) | s->pll[2];
+
+ case 0x10: /* Keypad Mask */
+ if ((s->model & 0xff00) == 0x2100)
+ goto bad_reg;
+ return s->kb.mask;
+
+ default:
+ bad_reg:
+#ifdef TSC_VERBOSE
+ fprintf(stderr, "tsc2102_control_register_read: "
+ "no such register: 0x%02x\n", reg);
+#endif
+ return 0xffff;
+ }
+}
+
+static uint16_t tsc2102_audio_register_read(TSC210xState *s, int reg)
+{
+ int l_ch, r_ch;
+ uint16_t val;
+
+ switch (reg) {
+ case 0x00: /* Audio Control 1 */
+ return s->audio_ctrl1;
+
+ case 0x01:
+ return 0xff00;
+
+ case 0x02: /* DAC Volume Control */
+ return s->volume;
+
+ case 0x03:
+ return 0x8b00;
+
+ case 0x04: /* Audio Control 2 */
+ l_ch = 1;
+ r_ch = 1;
+ if (s->softstep && !(s->dac_power & (1 << 10))) {
+ l_ch = (qemu_get_clock_ns(vm_clock) >
+ s->volume_change + TSC_SOFTSTEP_DELAY);
+ r_ch = (qemu_get_clock_ns(vm_clock) >
+ s->volume_change + TSC_SOFTSTEP_DELAY);
+ }
+
+ return s->audio_ctrl2 | (l_ch << 3) | (r_ch << 2);
+
+ case 0x05: /* Stereo DAC Power Control */
+ return 0x2aa0 | s->dac_power |
+ (((s->dac_power & (1 << 10)) &&
+ (qemu_get_clock_ns(vm_clock) >
+ s->powerdown + TSC_POWEROFF_DELAY)) << 6);
+
+ case 0x06: /* Audio Control 3 */
+ val = s->audio_ctrl3 | 0x0001;
+ s->audio_ctrl3 &= 0xff3f;
+ return val;
+
+ case 0x07: /* LCH_BASS_BOOST_N0 */
+ case 0x08: /* LCH_BASS_BOOST_N1 */
+ case 0x09: /* LCH_BASS_BOOST_N2 */
+ case 0x0a: /* LCH_BASS_BOOST_N3 */
+ case 0x0b: /* LCH_BASS_BOOST_N4 */
+ case 0x0c: /* LCH_BASS_BOOST_N5 */
+ case 0x0d: /* LCH_BASS_BOOST_D1 */
+ case 0x0e: /* LCH_BASS_BOOST_D2 */
+ case 0x0f: /* LCH_BASS_BOOST_D4 */
+ case 0x10: /* LCH_BASS_BOOST_D5 */
+ case 0x11: /* RCH_BASS_BOOST_N0 */
+ case 0x12: /* RCH_BASS_BOOST_N1 */
+ case 0x13: /* RCH_BASS_BOOST_N2 */
+ case 0x14: /* RCH_BASS_BOOST_N3 */
+ case 0x15: /* RCH_BASS_BOOST_N4 */
+ case 0x16: /* RCH_BASS_BOOST_N5 */
+ case 0x17: /* RCH_BASS_BOOST_D1 */
+ case 0x18: /* RCH_BASS_BOOST_D2 */
+ case 0x19: /* RCH_BASS_BOOST_D4 */
+ case 0x1a: /* RCH_BASS_BOOST_D5 */
+ return s->filter_data[reg - 0x07];
+
+ case 0x1b: /* PLL Programmability 1 */
+ return s->pll[0];
+
+ case 0x1c: /* PLL Programmability 2 */
+ return s->pll[1];
+
+ case 0x1d: /* Audio Control 4 */
+ return (!s->softstep) << 14;
+
+ default:
+#ifdef TSC_VERBOSE
+ fprintf(stderr, "tsc2102_audio_register_read: "
+ "no such register: 0x%02x\n", reg);
+#endif
+ return 0xffff;
+ }
+}
+
+static void tsc2102_data_register_write(
+ TSC210xState *s, int reg, uint16_t value)
+{
+ switch (reg) {
+ case 0x00: /* X */
+ case 0x01: /* Y */
+ case 0x02: /* Z1 */
+ case 0x03: /* Z2 */
+ case 0x05: /* BAT1 */
+ case 0x06: /* BAT2 */
+ case 0x07: /* AUX1 */
+ case 0x08: /* AUX2 */
+ case 0x09: /* TEMP1 */
+ case 0x0a: /* TEMP2 */
+ return;
+
+ default:
+#ifdef TSC_VERBOSE
+ fprintf(stderr, "tsc2102_data_register_write: "
+ "no such register: 0x%02x\n", reg);
+#endif
+ }
+}
+
+static void tsc2102_control_register_write(
+ TSC210xState *s, int reg, uint16_t value)
+{
+ switch (reg) {
+ case 0x00: /* TSC ADC */
+ s->host_mode = value >> 15;
+ s->enabled = !(value & 0x4000);
+ if (s->busy && !s->enabled)
+ qemu_del_timer(s->timer);
+ s->busy &= s->enabled;
+ s->nextfunction = (value >> 10) & 0xf;
+ s->nextprecision = (value >> 8) & 3;
+ s->filter = value & 0xff;
+ return;
+
+ case 0x01: /* Status / Keypad Control */
+ if ((s->model & 0xff00) == 0x2100)
+ s->pin_func = value >> 14;
+ else {
+ s->kb.scan = (value >> 14) & 1;
+ s->kb.debounce = (value >> 11) & 7;
+ if (s->kb.intr && s->kb.scan) {
+ s->kb.intr = 0;
+ qemu_irq_raise(s->kbint);
+ }
+ }
+ return;
+
+ case 0x02: /* DAC Control */
+ if ((s->model & 0xff00) == 0x2300) {
+ s->dac_power &= 0x7fff;
+ s->dac_power |= 0x8000 & value;
+ } else
+ goto bad_reg;
+ break;
+
+ case 0x03: /* Reference */
+ s->ref = value & 0x1f;
+ return;
+
+ case 0x04: /* Reset */
+ if (value == 0xbb00) {
+ if (s->busy)
+ qemu_del_timer(s->timer);
+ tsc210x_reset(s);
+#ifdef TSC_VERBOSE
+ } else {
+ fprintf(stderr, "tsc2102_control_register_write: "
+ "wrong value written into RESET\n");
+#endif
+ }
+ return;
+
+ case 0x05: /* Configuration */
+ s->timing = value & 0x3f;
+#ifdef TSC_VERBOSE
+ if (value & ~0x3f)
+ fprintf(stderr, "tsc2102_control_register_write: "
+ "wrong value written into CONFIG\n");
+#endif
+ return;
+
+ case 0x06: /* Secondary configuration */
+ if ((s->model & 0xff00) == 0x2100)
+ goto bad_reg;
+ s->kb.mode = value >> 14;
+ s->pll[2] = value & 0x3ffff;
+ return;
+
+ case 0x10: /* Keypad Mask */
+ if ((s->model & 0xff00) == 0x2100)
+ goto bad_reg;
+ s->kb.mask = value;
+ return;
+
+ default:
+ bad_reg:
+#ifdef TSC_VERBOSE
+ fprintf(stderr, "tsc2102_control_register_write: "
+ "no such register: 0x%02x\n", reg);
+#endif
+ }
+}
+
+static void tsc2102_audio_register_write(
+ TSC210xState *s, int reg, uint16_t value)
+{
+ switch (reg) {
+ case 0x00: /* Audio Control 1 */
+ s->audio_ctrl1 = value & 0x0f3f;
+#ifdef TSC_VERBOSE
+ if ((value & ~0x0f3f) || ((value & 7) != ((value >> 3) & 7)))
+ fprintf(stderr, "tsc2102_audio_register_write: "
+ "wrong value written into Audio 1\n");
+#endif
+ tsc2102_audio_rate_update(s);
+ tsc2102_audio_output_update(s);
+ return;
+
+ case 0x01:
+#ifdef TSC_VERBOSE
+ if (value != 0xff00)
+ fprintf(stderr, "tsc2102_audio_register_write: "
+ "wrong value written into reg 0x01\n");
+#endif
+ return;
+
+ case 0x02: /* DAC Volume Control */
+ s->volume = value;
+ s->volume_change = qemu_get_clock_ns(vm_clock);
+ return;
+
+ case 0x03:
+#ifdef TSC_VERBOSE
+ if (value != 0x8b00)
+ fprintf(stderr, "tsc2102_audio_register_write: "
+ "wrong value written into reg 0x03\n");
+#endif
+ return;
+
+ case 0x04: /* Audio Control 2 */
+ s->audio_ctrl2 = value & 0xf7f2;
+#ifdef TSC_VERBOSE
+ if (value & ~0xf7fd)
+ fprintf(stderr, "tsc2102_audio_register_write: "
+ "wrong value written into Audio 2\n");
+#endif
+ return;
+
+ case 0x05: /* Stereo DAC Power Control */
+ if ((value & ~s->dac_power) & (1 << 10))
+ s->powerdown = qemu_get_clock_ns(vm_clock);
+
+ s->dac_power = value & 0x9543;
+#ifdef TSC_VERBOSE
+ if ((value & ~0x9543) != 0x2aa0)
+ fprintf(stderr, "tsc2102_audio_register_write: "
+ "wrong value written into Power\n");
+#endif
+ tsc2102_audio_rate_update(s);
+ tsc2102_audio_output_update(s);
+ return;
+
+ case 0x06: /* Audio Control 3 */
+ s->audio_ctrl3 &= 0x00c0;
+ s->audio_ctrl3 |= value & 0xf800;
+#ifdef TSC_VERBOSE
+ if (value & ~0xf8c7)
+ fprintf(stderr, "tsc2102_audio_register_write: "
+ "wrong value written into Audio 3\n");
+#endif
+ tsc2102_audio_output_update(s);
+ return;
+
+ case 0x07: /* LCH_BASS_BOOST_N0 */
+ case 0x08: /* LCH_BASS_BOOST_N1 */
+ case 0x09: /* LCH_BASS_BOOST_N2 */
+ case 0x0a: /* LCH_BASS_BOOST_N3 */
+ case 0x0b: /* LCH_BASS_BOOST_N4 */
+ case 0x0c: /* LCH_BASS_BOOST_N5 */
+ case 0x0d: /* LCH_BASS_BOOST_D1 */
+ case 0x0e: /* LCH_BASS_BOOST_D2 */
+ case 0x0f: /* LCH_BASS_BOOST_D4 */
+ case 0x10: /* LCH_BASS_BOOST_D5 */
+ case 0x11: /* RCH_BASS_BOOST_N0 */
+ case 0x12: /* RCH_BASS_BOOST_N1 */
+ case 0x13: /* RCH_BASS_BOOST_N2 */
+ case 0x14: /* RCH_BASS_BOOST_N3 */
+ case 0x15: /* RCH_BASS_BOOST_N4 */
+ case 0x16: /* RCH_BASS_BOOST_N5 */
+ case 0x17: /* RCH_BASS_BOOST_D1 */
+ case 0x18: /* RCH_BASS_BOOST_D2 */
+ case 0x19: /* RCH_BASS_BOOST_D4 */
+ case 0x1a: /* RCH_BASS_BOOST_D5 */
+ s->filter_data[reg - 0x07] = value;
+ return;
+
+ case 0x1b: /* PLL Programmability 1 */
+ s->pll[0] = value & 0xfffc;
+#ifdef TSC_VERBOSE
+ if (value & ~0xfffc)
+ fprintf(stderr, "tsc2102_audio_register_write: "
+ "wrong value written into PLL 1\n");
+#endif
+ return;
+
+ case 0x1c: /* PLL Programmability 2 */
+ s->pll[1] = value & 0xfffc;
+#ifdef TSC_VERBOSE
+ if (value & ~0xfffc)
+ fprintf(stderr, "tsc2102_audio_register_write: "
+ "wrong value written into PLL 2\n");
+#endif
+ return;
+
+ case 0x1d: /* Audio Control 4 */
+ s->softstep = !(value & 0x4000);
+#ifdef TSC_VERBOSE
+ if (value & ~0x4000)
+ fprintf(stderr, "tsc2102_audio_register_write: "
+ "wrong value written into Audio 4\n");
+#endif
+ return;
+
+ default:
+#ifdef TSC_VERBOSE
+ fprintf(stderr, "tsc2102_audio_register_write: "
+ "no such register: 0x%02x\n", reg);
+#endif
+ }
+}
+
+/* This handles most of the chip logic. */
+static void tsc210x_pin_update(TSC210xState *s)
+{
+ int64_t expires;
+ int pin_state;
+
+ switch (s->pin_func) {
+ case 0:
+ pin_state = s->pressure;
+ break;
+ case 1:
+ pin_state = !!s->dav;
+ break;
+ case 2:
+ default:
+ pin_state = s->pressure && !s->dav;
+ }
+
+ if (!s->enabled)
+ pin_state = 0;
+
+ if (pin_state != s->irq) {
+ s->irq = pin_state;
+ qemu_set_irq(s->pint, !s->irq);
+ }
+
+ switch (s->nextfunction) {
+ case TSC_MODE_XY_SCAN:
+ case TSC_MODE_XYZ_SCAN:
+ if (!s->pressure)
+ return;
+ break;
+
+ case TSC_MODE_X:
+ case TSC_MODE_Y:
+ case TSC_MODE_Z:
+ if (!s->pressure)
+ return;
+ /* Fall through */
+ case TSC_MODE_BAT1:
+ case TSC_MODE_BAT2:
+ case TSC_MODE_AUX:
+ case TSC_MODE_TEMP1:
+ case TSC_MODE_TEMP2:
+ if (s->dav)
+ s->enabled = 0;
+ break;
+
+ case TSC_MODE_AUX_SCAN:
+ case TSC_MODE_PORT_SCAN:
+ break;
+
+ case TSC_MODE_NO_SCAN:
+ case TSC_MODE_XX_DRV:
+ case TSC_MODE_YY_DRV:
+ case TSC_MODE_YX_DRV:
+ default:
+ return;
+ }
+
+ if (!s->enabled || s->busy || s->dav)
+ return;
+
+ s->busy = 1;
+ s->precision = s->nextprecision;
+ s->function = s->nextfunction;
+ expires = qemu_get_clock_ns(vm_clock) + (get_ticks_per_sec() >> 10);
+ qemu_mod_timer(s->timer, expires);
+}
+
+static uint16_t tsc210x_read(TSC210xState *s)
+{
+ uint16_t ret = 0x0000;
+
+ if (!s->command)
+ fprintf(stderr, "tsc210x_read: SPI underrun!\n");
+
+ switch (s->page) {
+ case TSC_DATA_REGISTERS_PAGE:
+ ret = tsc2102_data_register_read(s, s->offset);
+ if (!s->dav)
+ qemu_irq_raise(s->davint);
+ break;
+ case TSC_CONTROL_REGISTERS_PAGE:
+ ret = tsc2102_control_register_read(s, s->offset);
+ break;
+ case TSC_AUDIO_REGISTERS_PAGE:
+ ret = tsc2102_audio_register_read(s, s->offset);
+ break;
+ default:
+ hw_error("tsc210x_read: wrong memory page\n");
+ }
+
+ tsc210x_pin_update(s);
+
+ /* Allow sequential reads. */
+ s->offset ++;
+ s->state = 0;
+ return ret;
+}
+
+static void tsc210x_write(TSC210xState *s, uint16_t value)
+{
+ /*
+ * This is a two-state state machine for reading
+ * command and data every second time.
+ */
+ if (!s->state) {
+ s->command = value >> 15;
+ s->page = (value >> 11) & 0x0f;
+ s->offset = (value >> 5) & 0x3f;
+ s->state = 1;
+ } else {
+ if (s->command)
+ fprintf(stderr, "tsc210x_write: SPI overrun!\n");
+ else
+ switch (s->page) {
+ case TSC_DATA_REGISTERS_PAGE:
+ tsc2102_data_register_write(s, s->offset, value);
+ break;
+ case TSC_CONTROL_REGISTERS_PAGE:
+ tsc2102_control_register_write(s, s->offset, value);
+ break;
+ case TSC_AUDIO_REGISTERS_PAGE:
+ tsc2102_audio_register_write(s, s->offset, value);
+ break;
+ default:
+ hw_error("tsc210x_write: wrong memory page\n");
+ }
+
+ tsc210x_pin_update(s);
+ s->state = 0;
+ }
+}
+
+uint32_t tsc210x_txrx(void *opaque, uint32_t value, int len)
+{
+ TSC210xState *s = opaque;
+ uint32_t ret = 0;
+
+ if (len != 16)
+ hw_error("%s: FIXME: bad SPI word width %i\n", __FUNCTION__, len);
+
+ /* TODO: sequential reads etc - how do we make sure the host doesn't
+ * unintentionally read out a conversion result from a register while
+ * transmitting the command word of the next command? */
+ if (!value || (s->state && s->command))
+ ret = tsc210x_read(s);
+ if (value || (s->state && !s->command))
+ tsc210x_write(s, value);
+
+ return ret;
+}
+
+static void tsc210x_timer_tick(void *opaque)
+{
+ TSC210xState *s = opaque;
+
+ /* Timer ticked -- a set of conversions has been finished. */
+
+ if (!s->busy)
+ return;
+
+ s->busy = 0;
+ s->dav |= mode_regs[s->function];
+ tsc210x_pin_update(s);
+ qemu_irq_lower(s->davint);
+}
+
+static void tsc210x_touchscreen_event(void *opaque,
+ int x, int y, int z, int buttons_state)
+{
+ TSC210xState *s = opaque;
+ int p = s->pressure;
+
+ if (buttons_state) {
+ s->x = x;
+ s->y = y;
+ }
+ s->pressure = !!buttons_state;
+
+ /*
+ * Note: We would get better responsiveness in the guest by
+ * signaling TS events immediately, but for now we simulate
+ * the first conversion delay for sake of correctness.
+ */
+ if (p != s->pressure)
+ tsc210x_pin_update(s);
+}
+
+static void tsc210x_i2s_swallow(TSC210xState *s)
+{
+ if (s->dac_voice[0])
+ tsc210x_out_flush(s, s->codec.out.len);
+ else
+ s->codec.out.len = 0;
+}
+
+static void tsc210x_i2s_set_rate(TSC210xState *s, int in, int out)
+{
+ s->i2s_tx_rate = out;
+ s->i2s_rx_rate = in;
+}
+
+static void tsc210x_save(QEMUFile *f, void *opaque)
+{
+ TSC210xState *s = (TSC210xState *) opaque;
+ int64_t now = qemu_get_clock_ns(vm_clock);
+ int i;
+
+ qemu_put_be16(f, s->x);
+ qemu_put_be16(f, s->y);
+ qemu_put_byte(f, s->pressure);
+
+ qemu_put_byte(f, s->state);
+ qemu_put_byte(f, s->page);
+ qemu_put_byte(f, s->offset);
+ qemu_put_byte(f, s->command);
+
+ qemu_put_byte(f, s->irq);
+ qemu_put_be16s(f, &s->dav);
+
+ qemu_put_timer(f, s->timer);
+ qemu_put_byte(f, s->enabled);
+ qemu_put_byte(f, s->host_mode);
+ qemu_put_byte(f, s->function);
+ qemu_put_byte(f, s->nextfunction);
+ qemu_put_byte(f, s->precision);
+ qemu_put_byte(f, s->nextprecision);
+ qemu_put_byte(f, s->filter);
+ qemu_put_byte(f, s->pin_func);
+ qemu_put_byte(f, s->ref);
+ qemu_put_byte(f, s->timing);
+ qemu_put_be32(f, s->noise);
+
+ qemu_put_be16s(f, &s->audio_ctrl1);
+ qemu_put_be16s(f, &s->audio_ctrl2);
+ qemu_put_be16s(f, &s->audio_ctrl3);
+ qemu_put_be16s(f, &s->pll[0]);
+ qemu_put_be16s(f, &s->pll[1]);
+ qemu_put_be16s(f, &s->volume);
+ qemu_put_sbe64(f, (s->volume_change - now));
+ qemu_put_sbe64(f, (s->powerdown - now));
+ qemu_put_byte(f, s->softstep);
+ qemu_put_be16s(f, &s->dac_power);
+
+ for (i = 0; i < 0x14; i ++)
+ qemu_put_be16s(f, &s->filter_data[i]);
+}
+
+static int tsc210x_load(QEMUFile *f, void *opaque, int version_id)
+{
+ TSC210xState *s = (TSC210xState *) opaque;
+ int64_t now = qemu_get_clock_ns(vm_clock);
+ int i;
+
+ s->x = qemu_get_be16(f);
+ s->y = qemu_get_be16(f);
+ s->pressure = qemu_get_byte(f);
+
+ s->state = qemu_get_byte(f);
+ s->page = qemu_get_byte(f);
+ s->offset = qemu_get_byte(f);
+ s->command = qemu_get_byte(f);
+
+ s->irq = qemu_get_byte(f);
+ qemu_get_be16s(f, &s->dav);
+
+ qemu_get_timer(f, s->timer);
+ s->enabled = qemu_get_byte(f);
+ s->host_mode = qemu_get_byte(f);
+ s->function = qemu_get_byte(f);
+ s->nextfunction = qemu_get_byte(f);
+ s->precision = qemu_get_byte(f);
+ s->nextprecision = qemu_get_byte(f);
+ s->filter = qemu_get_byte(f);
+ s->pin_func = qemu_get_byte(f);
+ s->ref = qemu_get_byte(f);
+ s->timing = qemu_get_byte(f);
+ s->noise = qemu_get_be32(f);
+
+ qemu_get_be16s(f, &s->audio_ctrl1);
+ qemu_get_be16s(f, &s->audio_ctrl2);
+ qemu_get_be16s(f, &s->audio_ctrl3);
+ qemu_get_be16s(f, &s->pll[0]);
+ qemu_get_be16s(f, &s->pll[1]);
+ qemu_get_be16s(f, &s->volume);
+ s->volume_change = qemu_get_sbe64(f) + now;
+ s->powerdown = qemu_get_sbe64(f) + now;
+ s->softstep = qemu_get_byte(f);
+ qemu_get_be16s(f, &s->dac_power);
+
+ for (i = 0; i < 0x14; i ++)
+ qemu_get_be16s(f, &s->filter_data[i]);
+
+ s->busy = qemu_timer_pending(s->timer);
+ qemu_set_irq(s->pint, !s->irq);
+ qemu_set_irq(s->davint, !s->dav);
+
+ return 0;
+}
+
+uWireSlave *tsc2102_init(qemu_irq pint)
+{
+ TSC210xState *s;
+
+ s = (TSC210xState *)
+ g_malloc0(sizeof(TSC210xState));
+ memset(s, 0, sizeof(TSC210xState));
+ s->x = 160;
+ s->y = 160;
+ s->pressure = 0;
+ s->precision = s->nextprecision = 0;
+ s->timer = qemu_new_timer_ns(vm_clock, tsc210x_timer_tick, s);
+ s->pint = pint;
+ s->model = 0x2102;
+ s->name = "tsc2102";
+
+ s->tr[0] = 0;
+ s->tr[1] = 1;
+ s->tr[2] = 1;
+ s->tr[3] = 0;
+ s->tr[4] = 1;
+ s->tr[5] = 0;
+ s->tr[6] = 1;
+ s->tr[7] = 0;
+
+ s->chip.opaque = s;
+ s->chip.send = (void *) tsc210x_write;
+ s->chip.receive = (void *) tsc210x_read;
+
+ s->codec.opaque = s;
+ s->codec.tx_swallow = (void *) tsc210x_i2s_swallow;
+ s->codec.set_rate = (void *) tsc210x_i2s_set_rate;
+ s->codec.in.fifo = s->in_fifo;
+ s->codec.out.fifo = s->out_fifo;
+
+ tsc210x_reset(s);
+
+ qemu_add_mouse_event_handler(tsc210x_touchscreen_event, s, 1,
+ "QEMU TSC2102-driven Touchscreen");
+
+ AUD_register_card(s->name, &s->card);
+
+ qemu_register_reset((void *) tsc210x_reset, s);
+ register_savevm(NULL, s->name, -1, 0,
+ tsc210x_save, tsc210x_load, s);
+
+ return &s->chip;
+}
+
+uWireSlave *tsc2301_init(qemu_irq penirq, qemu_irq kbirq, qemu_irq dav)
+{
+ TSC210xState *s;
+
+ s = (TSC210xState *)
+ g_malloc0(sizeof(TSC210xState));
+ memset(s, 0, sizeof(TSC210xState));
+ s->x = 400;
+ s->y = 240;
+ s->pressure = 0;
+ s->precision = s->nextprecision = 0;
+ s->timer = qemu_new_timer_ns(vm_clock, tsc210x_timer_tick, s);
+ s->pint = penirq;
+ s->kbint = kbirq;
+ s->davint = dav;
+ s->model = 0x2301;
+ s->name = "tsc2301";
+
+ s->tr[0] = 0;
+ s->tr[1] = 1;
+ s->tr[2] = 1;
+ s->tr[3] = 0;
+ s->tr[4] = 1;
+ s->tr[5] = 0;
+ s->tr[6] = 1;
+ s->tr[7] = 0;
+
+ s->chip.opaque = s;
+ s->chip.send = (void *) tsc210x_write;
+ s->chip.receive = (void *) tsc210x_read;
+
+ s->codec.opaque = s;
+ s->codec.tx_swallow = (void *) tsc210x_i2s_swallow;
+ s->codec.set_rate = (void *) tsc210x_i2s_set_rate;
+ s->codec.in.fifo = s->in_fifo;
+ s->codec.out.fifo = s->out_fifo;
+
+ tsc210x_reset(s);
+
+ qemu_add_mouse_event_handler(tsc210x_touchscreen_event, s, 1,
+ "QEMU TSC2301-driven Touchscreen");
+
+ AUD_register_card(s->name, &s->card);
+
+ qemu_register_reset((void *) tsc210x_reset, s);
+ register_savevm(NULL, s->name, -1, 0, tsc210x_save, tsc210x_load, s);
+
+ return &s->chip;
+}
+
+I2SCodec *tsc210x_codec(uWireSlave *chip)
+{
+ TSC210xState *s = (TSC210xState *) chip->opaque;
+
+ return &s->codec;
+}
+
+/*
+ * Use tslib generated calibration data to generate ADC input values
+ * from the touchscreen. Assuming 12-bit precision was used during
+ * tslib calibration.
+ */
+void tsc210x_set_transform(uWireSlave *chip,
+ MouseTransformInfo *info)
+{
+ TSC210xState *s = (TSC210xState *) chip->opaque;
+#if 0
+ int64_t ltr[8];
+
+ ltr[0] = (int64_t) info->a[1] * info->y;
+ ltr[1] = (int64_t) info->a[4] * info->x;
+ ltr[2] = (int64_t) info->a[1] * info->a[3] -
+ (int64_t) info->a[4] * info->a[0];
+ ltr[3] = (int64_t) info->a[2] * info->a[4] -
+ (int64_t) info->a[5] * info->a[1];
+ ltr[4] = (int64_t) info->a[0] * info->y;
+ ltr[5] = (int64_t) info->a[3] * info->x;
+ ltr[6] = (int64_t) info->a[4] * info->a[0] -
+ (int64_t) info->a[1] * info->a[3];
+ ltr[7] = (int64_t) info->a[2] * info->a[3] -
+ (int64_t) info->a[5] * info->a[0];
+
+ /* Avoid integer overflow */
+ s->tr[0] = ltr[0] >> 11;
+ s->tr[1] = ltr[1] >> 11;
+ s->tr[2] = muldiv64(ltr[2], 1, info->a[6]);
+ s->tr[3] = muldiv64(ltr[3], 1 << 4, ltr[2]);
+ s->tr[4] = ltr[4] >> 11;
+ s->tr[5] = ltr[5] >> 11;
+ s->tr[6] = muldiv64(ltr[6], 1, info->a[6]);
+ s->tr[7] = muldiv64(ltr[7], 1 << 4, ltr[6]);
+#else
+
+ /* This version assumes touchscreen X & Y axis are parallel or
+ * perpendicular to LCD's X & Y axis in some way. */
+ if (abs(info->a[0]) > abs(info->a[1])) {
+ s->tr[0] = 0;
+ s->tr[1] = -info->a[6] * info->x;
+ s->tr[2] = info->a[0];
+ s->tr[3] = -info->a[2] / info->a[0];
+ s->tr[4] = info->a[6] * info->y;
+ s->tr[5] = 0;
+ s->tr[6] = info->a[4];
+ s->tr[7] = -info->a[5] / info->a[4];
+ } else {
+ s->tr[0] = info->a[6] * info->y;
+ s->tr[1] = 0;
+ s->tr[2] = info->a[1];
+ s->tr[3] = -info->a[2] / info->a[1];
+ s->tr[4] = 0;
+ s->tr[5] = -info->a[6] * info->x;
+ s->tr[6] = info->a[3];
+ s->tr[7] = -info->a[5] / info->a[3];
+ }
+
+ s->tr[0] >>= 11;
+ s->tr[1] >>= 11;
+ s->tr[3] <<= 4;
+ s->tr[4] >>= 11;
+ s->tr[5] >>= 11;
+ s->tr[7] <<= 4;
+#endif
+}
+
+void tsc210x_key_event(uWireSlave *chip, int key, int down)
+{
+ TSC210xState *s = (TSC210xState *) chip->opaque;
+
+ if (down)
+ s->kb.down |= 1 << key;
+ else
+ s->kb.down &= ~(1 << key);
+
+ if (down && (s->kb.down & ~s->kb.mask) && !s->kb.intr) {
+ s->kb.intr = 1;
+ qemu_irq_lower(s->kbint);
+ } else if (s->kb.intr && !(s->kb.down & ~s->kb.mask) &&
+ !(s->kb.mode & 1)) {
+ s->kb.intr = 0;
+ qemu_irq_raise(s->kbint);
+ }
+}
diff --git a/hw/input/vmmouse.c b/hw/input/vmmouse.c
new file mode 100644
index 000000000..abd032b79
--- /dev/null
+++ b/hw/input/vmmouse.c
@@ -0,0 +1,303 @@
+/*
+ * QEMU VMMouse emulation
+ *
+ * Copyright (C) 2007 Anthony Liguori <anthony@codemonkey.ws>
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+#include "hw/hw.h"
+#include "ui/console.h"
+#include "hw/input/ps2.h"
+#include "hw/i386/pc.h"
+#include "hw/qdev.h"
+
+/* debug only vmmouse */
+//#define DEBUG_VMMOUSE
+
+/* VMMouse Commands */
+#define VMMOUSE_GETVERSION 10
+#define VMMOUSE_DATA 39
+#define VMMOUSE_STATUS 40
+#define VMMOUSE_COMMAND 41
+
+#define VMMOUSE_READ_ID 0x45414552
+#define VMMOUSE_DISABLE 0x000000f5
+#define VMMOUSE_REQUEST_RELATIVE 0x4c455252
+#define VMMOUSE_REQUEST_ABSOLUTE 0x53424152
+
+#define VMMOUSE_QUEUE_SIZE 1024
+
+#define VMMOUSE_VERSION 0x3442554a
+
+#ifdef DEBUG_VMMOUSE
+#define DPRINTF(fmt, ...) printf(fmt, ## __VA_ARGS__)
+#else
+#define DPRINTF(fmt, ...) do { } while (0)
+#endif
+
+#define TYPE_VMMOUSE "vmmouse"
+#define VMMOUSE(obj) OBJECT_CHECK(VMMouseState, (obj), TYPE_VMMOUSE)
+
+typedef struct VMMouseState
+{
+ ISADevice parent_obj;
+
+ uint32_t queue[VMMOUSE_QUEUE_SIZE];
+ int32_t queue_size;
+ uint16_t nb_queue;
+ uint16_t status;
+ uint8_t absolute;
+ QEMUPutMouseEntry *entry;
+ void *ps2_mouse;
+} VMMouseState;
+
+static uint32_t vmmouse_get_status(VMMouseState *s)
+{
+ DPRINTF("vmmouse_get_status()\n");
+ return (s->status << 16) | s->nb_queue;
+}
+
+static void vmmouse_mouse_event(void *opaque, int x, int y, int dz, int buttons_state)
+{
+ VMMouseState *s = opaque;
+ int buttons = 0;
+
+ if (s->nb_queue > (VMMOUSE_QUEUE_SIZE - 4))
+ return;
+
+ DPRINTF("vmmouse_mouse_event(%d, %d, %d, %d)\n",
+ x, y, dz, buttons_state);
+
+ if ((buttons_state & MOUSE_EVENT_LBUTTON))
+ buttons |= 0x20;
+ if ((buttons_state & MOUSE_EVENT_RBUTTON))
+ buttons |= 0x10;
+ if ((buttons_state & MOUSE_EVENT_MBUTTON))
+ buttons |= 0x08;
+
+ if (s->absolute) {
+ x <<= 1;
+ y <<= 1;
+ }
+
+ s->queue[s->nb_queue++] = buttons;
+ s->queue[s->nb_queue++] = x;
+ s->queue[s->nb_queue++] = y;
+ s->queue[s->nb_queue++] = dz;
+
+ /* need to still generate PS2 events to notify driver to
+ read from queue */
+ i8042_isa_mouse_fake_event(s->ps2_mouse);
+}
+
+static void vmmouse_remove_handler(VMMouseState *s)
+{
+ if (s->entry) {
+ qemu_remove_mouse_event_handler(s->entry);
+ s->entry = NULL;
+ }
+}
+
+static void vmmouse_update_handler(VMMouseState *s, int absolute)
+{
+ if (s->status != 0) {
+ return;
+ }
+ if (s->absolute != absolute) {
+ s->absolute = absolute;
+ vmmouse_remove_handler(s);
+ }
+ if (s->entry == NULL) {
+ s->entry = qemu_add_mouse_event_handler(vmmouse_mouse_event,
+ s, s->absolute,
+ "vmmouse");
+ qemu_activate_mouse_event_handler(s->entry);
+ }
+}
+
+static void vmmouse_read_id(VMMouseState *s)
+{
+ DPRINTF("vmmouse_read_id()\n");
+
+ if (s->nb_queue == VMMOUSE_QUEUE_SIZE)
+ return;
+
+ s->queue[s->nb_queue++] = VMMOUSE_VERSION;
+ s->status = 0;
+}
+
+static void vmmouse_request_relative(VMMouseState *s)
+{
+ DPRINTF("vmmouse_request_relative()\n");
+ vmmouse_update_handler(s, 0);
+}
+
+static void vmmouse_request_absolute(VMMouseState *s)
+{
+ DPRINTF("vmmouse_request_absolute()\n");
+ vmmouse_update_handler(s, 1);
+}
+
+static void vmmouse_disable(VMMouseState *s)
+{
+ DPRINTF("vmmouse_disable()\n");
+ s->status = 0xffff;
+ vmmouse_remove_handler(s);
+}
+
+static void vmmouse_data(VMMouseState *s, uint32_t *data, uint32_t size)
+{
+ int i;
+
+ DPRINTF("vmmouse_data(%d)\n", size);
+
+ if (size == 0 || size > 6 || size > s->nb_queue) {
+ printf("vmmouse: driver requested too much data %d\n", size);
+ s->status = 0xffff;
+ vmmouse_remove_handler(s);
+ return;
+ }
+
+ for (i = 0; i < size; i++)
+ data[i] = s->queue[i];
+
+ s->nb_queue -= size;
+ if (s->nb_queue)
+ memmove(s->queue, &s->queue[size], sizeof(s->queue[0]) * s->nb_queue);
+}
+
+static uint32_t vmmouse_ioport_read(void *opaque, uint32_t addr)
+{
+ VMMouseState *s = opaque;
+ uint32_t data[6];
+ uint16_t command;
+
+ vmmouse_get_data(data);
+
+ command = data[2] & 0xFFFF;
+
+ switch (command) {
+ case VMMOUSE_STATUS:
+ data[0] = vmmouse_get_status(s);
+ break;
+ case VMMOUSE_COMMAND:
+ switch (data[1]) {
+ case VMMOUSE_DISABLE:
+ vmmouse_disable(s);
+ break;
+ case VMMOUSE_READ_ID:
+ vmmouse_read_id(s);
+ break;
+ case VMMOUSE_REQUEST_RELATIVE:
+ vmmouse_request_relative(s);
+ break;
+ case VMMOUSE_REQUEST_ABSOLUTE:
+ vmmouse_request_absolute(s);
+ break;
+ default:
+ printf("vmmouse: unknown command %x\n", data[1]);
+ break;
+ }
+ break;
+ case VMMOUSE_DATA:
+ vmmouse_data(s, data, data[1]);
+ break;
+ default:
+ printf("vmmouse: unknown command %x\n", command);
+ break;
+ }
+
+ vmmouse_set_data(data);
+ return data[0];
+}
+
+static int vmmouse_post_load(void *opaque, int version_id)
+{
+ VMMouseState *s = opaque;
+
+ vmmouse_remove_handler(s);
+ vmmouse_update_handler(s, s->absolute);
+ return 0;
+}
+
+static const VMStateDescription vmstate_vmmouse = {
+ .name = "vmmouse",
+ .version_id = 0,
+ .minimum_version_id = 0,
+ .minimum_version_id_old = 0,
+ .post_load = vmmouse_post_load,
+ .fields = (VMStateField []) {
+ VMSTATE_INT32_EQUAL(queue_size, VMMouseState),
+ VMSTATE_UINT32_ARRAY(queue, VMMouseState, VMMOUSE_QUEUE_SIZE),
+ VMSTATE_UINT16(nb_queue, VMMouseState),
+ VMSTATE_UINT16(status, VMMouseState),
+ VMSTATE_UINT8(absolute, VMMouseState),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+static void vmmouse_reset(DeviceState *d)
+{
+ VMMouseState *s = VMMOUSE(d);
+
+ s->queue_size = VMMOUSE_QUEUE_SIZE;
+
+ vmmouse_disable(s);
+}
+
+static void vmmouse_realizefn(DeviceState *dev, Error **errp)
+{
+ VMMouseState *s = VMMOUSE(dev);
+
+ DPRINTF("vmmouse_init\n");
+
+ vmport_register(VMMOUSE_STATUS, vmmouse_ioport_read, s);
+ vmport_register(VMMOUSE_COMMAND, vmmouse_ioport_read, s);
+ vmport_register(VMMOUSE_DATA, vmmouse_ioport_read, s);
+}
+
+static Property vmmouse_properties[] = {
+ DEFINE_PROP_PTR("ps2_mouse", VMMouseState, ps2_mouse),
+ DEFINE_PROP_END_OF_LIST(),
+};
+
+static void vmmouse_class_initfn(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+
+ dc->realize = vmmouse_realizefn;
+ dc->no_user = 1;
+ dc->reset = vmmouse_reset;
+ dc->vmsd = &vmstate_vmmouse;
+ dc->props = vmmouse_properties;
+}
+
+static const TypeInfo vmmouse_info = {
+ .name = TYPE_VMMOUSE,
+ .parent = TYPE_ISA_DEVICE,
+ .instance_size = sizeof(VMMouseState),
+ .class_init = vmmouse_class_initfn,
+};
+
+static void vmmouse_register_types(void)
+{
+ type_register_static(&vmmouse_info);
+}
+
+type_init(vmmouse_register_types)
diff --git a/hw/intc/Makefile.objs b/hw/intc/Makefile.objs
new file mode 100644
index 000000000..2851eed25
--- /dev/null
+++ b/hw/intc/Makefile.objs
@@ -0,0 +1,25 @@
+common-obj-$(CONFIG_HEATHROW_PIC) += heathrow_pic.o
+common-obj-$(CONFIG_I8259) += i8259_common.o i8259.o
+common-obj-$(CONFIG_PL190) += pl190.o
+common-obj-$(CONFIG_PUV3) += puv3_intc.o
+common-obj-$(CONFIG_XILINX) += xilinx_intc.o
+common-obj-$(CONFIG_ETRAXFS) += etraxfs_pic.o
+common-obj-$(CONFIG_IMX) += imx_avic.o
+common-obj-$(CONFIG_LM32) += lm32_pic.o
+common-obj-$(CONFIG_REALVIEW) += realview_gic.o
+common-obj-$(CONFIG_SLAVIO) += slavio_intctl.o
+common-obj-$(CONFIG_IOAPIC) += ioapic_common.o
+common-obj-$(CONFIG_ARM_GIC) += arm_gic_common.o
+common-obj-$(CONFIG_ARM_GIC) += arm_gic.o
+common-obj-$(CONFIG_OPENPIC) += openpic.o
+
+obj-$(CONFIG_APIC) += apic.o apic_common.o
+obj-$(CONFIG_ARM_GIC_KVM) += arm_gic_kvm.o
+obj-$(CONFIG_STELLARIS) += armv7m_nvic.o
+obj-$(CONFIG_EXYNOS4) += exynos4210_gic.o exynos4210_combiner.o
+obj-$(CONFIG_GRLIB) += grlib_irqmp.o
+obj-$(CONFIG_IOAPIC) += ioapic.o
+obj-$(CONFIG_OMAP) += omap_intc.o
+obj-$(CONFIG_OPENPIC_KVM) += openpic_kvm.o
+obj-$(CONFIG_SH4) += sh_intc.o
+obj-$(CONFIG_XICS) += xics.o
diff --git a/hw/intc/apic.c b/hw/intc/apic.c
new file mode 100644
index 000000000..5e3b96e4d
--- /dev/null
+++ b/hw/intc/apic.c
@@ -0,0 +1,911 @@
+/*
+ * APIC support
+ *
+ * Copyright (c) 2004-2005 Fabrice Bellard
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, see <http://www.gnu.org/licenses/>
+ */
+#include "qemu/thread.h"
+#include "hw/i386/apic_internal.h"
+#include "hw/i386/apic.h"
+#include "hw/i386/ioapic.h"
+#include "hw/pci/msi.h"
+#include "qemu/host-utils.h"
+#include "trace.h"
+#include "hw/i386/pc.h"
+#include "hw/i386/apic-msidef.h"
+
+#define MAX_APIC_WORDS 8
+
+#define SYNC_FROM_VAPIC 0x1
+#define SYNC_TO_VAPIC 0x2
+#define SYNC_ISR_IRR_TO_VAPIC 0x4
+
+static APICCommonState *local_apics[MAX_APICS + 1];
+
+static void apic_set_irq(APICCommonState *s, int vector_num, int trigger_mode);
+static void apic_update_irq(APICCommonState *s);
+static void apic_get_delivery_bitmask(uint32_t *deliver_bitmask,
+ uint8_t dest, uint8_t dest_mode);
+
+/* Find first bit starting from msb */
+static int apic_fls_bit(uint32_t value)
+{
+ return 31 - clz32(value);
+}
+
+/* Find first bit starting from lsb */
+static int apic_ffs_bit(uint32_t value)
+{
+ return ctz32(value);
+}
+
+static inline void apic_set_bit(uint32_t *tab, int index)
+{
+ int i, mask;
+ i = index >> 5;
+ mask = 1 << (index & 0x1f);
+ tab[i] |= mask;
+}
+
+static inline void apic_reset_bit(uint32_t *tab, int index)
+{
+ int i, mask;
+ i = index >> 5;
+ mask = 1 << (index & 0x1f);
+ tab[i] &= ~mask;
+}
+
+static inline int apic_get_bit(uint32_t *tab, int index)
+{
+ int i, mask;
+ i = index >> 5;
+ mask = 1 << (index & 0x1f);
+ return !!(tab[i] & mask);
+}
+
+/* return -1 if no bit is set */
+static int get_highest_priority_int(uint32_t *tab)
+{
+ int i;
+ for (i = 7; i >= 0; i--) {
+ if (tab[i] != 0) {
+ return i * 32 + apic_fls_bit(tab[i]);
+ }
+ }
+ return -1;
+}
+
+static void apic_sync_vapic(APICCommonState *s, int sync_type)
+{
+ VAPICState vapic_state;
+ size_t length;
+ off_t start;
+ int vector;
+
+ if (!s->vapic_paddr) {
+ return;
+ }
+ if (sync_type & SYNC_FROM_VAPIC) {
+ cpu_physical_memory_rw(s->vapic_paddr, (void *)&vapic_state,
+ sizeof(vapic_state), 0);
+ s->tpr = vapic_state.tpr;
+ }
+ if (sync_type & (SYNC_TO_VAPIC | SYNC_ISR_IRR_TO_VAPIC)) {
+ start = offsetof(VAPICState, isr);
+ length = offsetof(VAPICState, enabled) - offsetof(VAPICState, isr);
+
+ if (sync_type & SYNC_TO_VAPIC) {
+ assert(qemu_cpu_is_self(CPU(s->cpu)));
+
+ vapic_state.tpr = s->tpr;
+ vapic_state.enabled = 1;
+ start = 0;
+ length = sizeof(VAPICState);
+ }
+
+ vector = get_highest_priority_int(s->isr);
+ if (vector < 0) {
+ vector = 0;
+ }
+ vapic_state.isr = vector & 0xf0;
+
+ vapic_state.zero = 0;
+
+ vector = get_highest_priority_int(s->irr);
+ if (vector < 0) {
+ vector = 0;
+ }
+ vapic_state.irr = vector & 0xff;
+
+ cpu_physical_memory_write_rom(s->vapic_paddr + start,
+ ((void *)&vapic_state) + start, length);
+ }
+}
+
+static void apic_vapic_base_update(APICCommonState *s)
+{
+ apic_sync_vapic(s, SYNC_TO_VAPIC);
+}
+
+static void apic_local_deliver(APICCommonState *s, int vector)
+{
+ uint32_t lvt = s->lvt[vector];
+ int trigger_mode;
+
+ trace_apic_local_deliver(vector, (lvt >> 8) & 7);
+
+ if (lvt & APIC_LVT_MASKED)
+ return;
+
+ switch ((lvt >> 8) & 7) {
+ case APIC_DM_SMI:
+ cpu_interrupt(CPU(s->cpu), CPU_INTERRUPT_SMI);
+ break;
+
+ case APIC_DM_NMI:
+ cpu_interrupt(CPU(s->cpu), CPU_INTERRUPT_NMI);
+ break;
+
+ case APIC_DM_EXTINT:
+ cpu_interrupt(CPU(s->cpu), CPU_INTERRUPT_HARD);
+ break;
+
+ case APIC_DM_FIXED:
+ trigger_mode = APIC_TRIGGER_EDGE;
+ if ((vector == APIC_LVT_LINT0 || vector == APIC_LVT_LINT1) &&
+ (lvt & APIC_LVT_LEVEL_TRIGGER))
+ trigger_mode = APIC_TRIGGER_LEVEL;
+ apic_set_irq(s, lvt & 0xff, trigger_mode);
+ }
+}
+
+void apic_deliver_pic_intr(DeviceState *d, int level)
+{
+ APICCommonState *s = DO_UPCAST(APICCommonState, busdev.qdev, d);
+
+ if (level) {
+ apic_local_deliver(s, APIC_LVT_LINT0);
+ } else {
+ uint32_t lvt = s->lvt[APIC_LVT_LINT0];
+
+ switch ((lvt >> 8) & 7) {
+ case APIC_DM_FIXED:
+ if (!(lvt & APIC_LVT_LEVEL_TRIGGER))
+ break;
+ apic_reset_bit(s->irr, lvt & 0xff);
+ /* fall through */
+ case APIC_DM_EXTINT:
+ cpu_reset_interrupt(CPU(s->cpu), CPU_INTERRUPT_HARD);
+ break;
+ }
+ }
+}
+
+static void apic_external_nmi(APICCommonState *s)
+{
+ apic_local_deliver(s, APIC_LVT_LINT1);
+}
+
+#define foreach_apic(apic, deliver_bitmask, code) \
+{\
+ int __i, __j, __mask;\
+ for(__i = 0; __i < MAX_APIC_WORDS; __i++) {\
+ __mask = deliver_bitmask[__i];\
+ if (__mask) {\
+ for(__j = 0; __j < 32; __j++) {\
+ if (__mask & (1 << __j)) {\
+ apic = local_apics[__i * 32 + __j];\
+ if (apic) {\
+ code;\
+ }\
+ }\
+ }\
+ }\
+ }\
+}
+
+static void apic_bus_deliver(const uint32_t *deliver_bitmask,
+ uint8_t delivery_mode, uint8_t vector_num,
+ uint8_t trigger_mode)
+{
+ APICCommonState *apic_iter;
+
+ switch (delivery_mode) {
+ case APIC_DM_LOWPRI:
+ /* XXX: search for focus processor, arbitration */
+ {
+ int i, d;
+ d = -1;
+ for(i = 0; i < MAX_APIC_WORDS; i++) {
+ if (deliver_bitmask[i]) {
+ d = i * 32 + apic_ffs_bit(deliver_bitmask[i]);
+ break;
+ }
+ }
+ if (d >= 0) {
+ apic_iter = local_apics[d];
+ if (apic_iter) {
+ apic_set_irq(apic_iter, vector_num, trigger_mode);
+ }
+ }
+ }
+ return;
+
+ case APIC_DM_FIXED:
+ break;
+
+ case APIC_DM_SMI:
+ foreach_apic(apic_iter, deliver_bitmask,
+ cpu_interrupt(CPU(apic_iter->cpu), CPU_INTERRUPT_SMI)
+ );
+ return;
+
+ case APIC_DM_NMI:
+ foreach_apic(apic_iter, deliver_bitmask,
+ cpu_interrupt(CPU(apic_iter->cpu), CPU_INTERRUPT_NMI)
+ );
+ return;
+
+ case APIC_DM_INIT:
+ /* normal INIT IPI sent to processors */
+ foreach_apic(apic_iter, deliver_bitmask,
+ cpu_interrupt(CPU(apic_iter->cpu),
+ CPU_INTERRUPT_INIT)
+ );
+ return;
+
+ case APIC_DM_EXTINT:
+ /* handled in I/O APIC code */
+ break;
+
+ default:
+ return;
+ }
+
+ foreach_apic(apic_iter, deliver_bitmask,
+ apic_set_irq(apic_iter, vector_num, trigger_mode) );
+}
+
+void apic_deliver_irq(uint8_t dest, uint8_t dest_mode, uint8_t delivery_mode,
+ uint8_t vector_num, uint8_t trigger_mode)
+{
+ uint32_t deliver_bitmask[MAX_APIC_WORDS];
+
+ trace_apic_deliver_irq(dest, dest_mode, delivery_mode, vector_num,
+ trigger_mode);
+
+ apic_get_delivery_bitmask(deliver_bitmask, dest, dest_mode);
+ apic_bus_deliver(deliver_bitmask, delivery_mode, vector_num, trigger_mode);
+}
+
+static void apic_set_base(APICCommonState *s, uint64_t val)
+{
+ s->apicbase = (val & 0xfffff000) |
+ (s->apicbase & (MSR_IA32_APICBASE_BSP | MSR_IA32_APICBASE_ENABLE));
+ /* if disabled, cannot be enabled again */
+ if (!(val & MSR_IA32_APICBASE_ENABLE)) {
+ s->apicbase &= ~MSR_IA32_APICBASE_ENABLE;
+ cpu_clear_apic_feature(&s->cpu->env);
+ s->spurious_vec &= ~APIC_SV_ENABLE;
+ }
+}
+
+static void apic_set_tpr(APICCommonState *s, uint8_t val)
+{
+ /* Updates from cr8 are ignored while the VAPIC is active */
+ if (!s->vapic_paddr) {
+ s->tpr = val << 4;
+ apic_update_irq(s);
+ }
+}
+
+static uint8_t apic_get_tpr(APICCommonState *s)
+{
+ apic_sync_vapic(s, SYNC_FROM_VAPIC);
+ return s->tpr >> 4;
+}
+
+static int apic_get_ppr(APICCommonState *s)
+{
+ int tpr, isrv, ppr;
+
+ tpr = (s->tpr >> 4);
+ isrv = get_highest_priority_int(s->isr);
+ if (isrv < 0)
+ isrv = 0;
+ isrv >>= 4;
+ if (tpr >= isrv)
+ ppr = s->tpr;
+ else
+ ppr = isrv << 4;
+ return ppr;
+}
+
+static int apic_get_arb_pri(APICCommonState *s)
+{
+ /* XXX: arbitration */
+ return 0;
+}
+
+
+/*
+ * <0 - low prio interrupt,
+ * 0 - no interrupt,
+ * >0 - interrupt number
+ */
+static int apic_irq_pending(APICCommonState *s)
+{
+ int irrv, ppr;
+ irrv = get_highest_priority_int(s->irr);
+ if (irrv < 0) {
+ return 0;
+ }
+ ppr = apic_get_ppr(s);
+ if (ppr && (irrv & 0xf0) <= (ppr & 0xf0)) {
+ return -1;
+ }
+
+ return irrv;
+}
+
+/* signal the CPU if an irq is pending */
+static void apic_update_irq(APICCommonState *s)
+{
+ CPUState *cpu;
+
+ if (!(s->spurious_vec & APIC_SV_ENABLE)) {
+ return;
+ }
+ cpu = CPU(s->cpu);
+ if (!qemu_cpu_is_self(cpu)) {
+ cpu_interrupt(cpu, CPU_INTERRUPT_POLL);
+ } else if (apic_irq_pending(s) > 0) {
+ cpu_interrupt(cpu, CPU_INTERRUPT_HARD);
+ }
+}
+
+void apic_poll_irq(DeviceState *d)
+{
+ APICCommonState *s = APIC_COMMON(d);
+
+ apic_sync_vapic(s, SYNC_FROM_VAPIC);
+ apic_update_irq(s);
+}
+
+static void apic_set_irq(APICCommonState *s, int vector_num, int trigger_mode)
+{
+ apic_report_irq_delivered(!apic_get_bit(s->irr, vector_num));
+
+ apic_set_bit(s->irr, vector_num);
+ if (trigger_mode)
+ apic_set_bit(s->tmr, vector_num);
+ else
+ apic_reset_bit(s->tmr, vector_num);
+ if (s->vapic_paddr) {
+ apic_sync_vapic(s, SYNC_ISR_IRR_TO_VAPIC);
+ /*
+ * The vcpu thread needs to see the new IRR before we pull its current
+ * TPR value. That way, if we miss a lowering of the TRP, the guest
+ * has the chance to notice the new IRR and poll for IRQs on its own.
+ */
+ smp_wmb();
+ apic_sync_vapic(s, SYNC_FROM_VAPIC);
+ }
+ apic_update_irq(s);
+}
+
+static void apic_eoi(APICCommonState *s)
+{
+ int isrv;
+ isrv = get_highest_priority_int(s->isr);
+ if (isrv < 0)
+ return;
+ apic_reset_bit(s->isr, isrv);
+ if (!(s->spurious_vec & APIC_SV_DIRECTED_IO) && apic_get_bit(s->tmr, isrv)) {
+ ioapic_eoi_broadcast(isrv);
+ }
+ apic_sync_vapic(s, SYNC_FROM_VAPIC | SYNC_TO_VAPIC);
+ apic_update_irq(s);
+}
+
+static int apic_find_dest(uint8_t dest)
+{
+ APICCommonState *apic = local_apics[dest];
+ int i;
+
+ if (apic && apic->id == dest)
+ return dest; /* shortcut in case apic->id == apic->idx */
+
+ for (i = 0; i < MAX_APICS; i++) {
+ apic = local_apics[i];
+ if (apic && apic->id == dest)
+ return i;
+ if (!apic)
+ break;
+ }
+
+ return -1;
+}
+
+static void apic_get_delivery_bitmask(uint32_t *deliver_bitmask,
+ uint8_t dest, uint8_t dest_mode)
+{
+ APICCommonState *apic_iter;
+ int i;
+
+ if (dest_mode == 0) {
+ if (dest == 0xff) {
+ memset(deliver_bitmask, 0xff, MAX_APIC_WORDS * sizeof(uint32_t));
+ } else {
+ int idx = apic_find_dest(dest);
+ memset(deliver_bitmask, 0x00, MAX_APIC_WORDS * sizeof(uint32_t));
+ if (idx >= 0)
+ apic_set_bit(deliver_bitmask, idx);
+ }
+ } else {
+ /* XXX: cluster mode */
+ memset(deliver_bitmask, 0x00, MAX_APIC_WORDS * sizeof(uint32_t));
+ for(i = 0; i < MAX_APICS; i++) {
+ apic_iter = local_apics[i];
+ if (apic_iter) {
+ if (apic_iter->dest_mode == 0xf) {
+ if (dest & apic_iter->log_dest)
+ apic_set_bit(deliver_bitmask, i);
+ } else if (apic_iter->dest_mode == 0x0) {
+ if ((dest & 0xf0) == (apic_iter->log_dest & 0xf0) &&
+ (dest & apic_iter->log_dest & 0x0f)) {
+ apic_set_bit(deliver_bitmask, i);
+ }
+ }
+ } else {
+ break;
+ }
+ }
+ }
+}
+
+static void apic_startup(APICCommonState *s, int vector_num)
+{
+ s->sipi_vector = vector_num;
+ cpu_interrupt(CPU(s->cpu), CPU_INTERRUPT_SIPI);
+}
+
+void apic_sipi(DeviceState *d)
+{
+ APICCommonState *s = DO_UPCAST(APICCommonState, busdev.qdev, d);
+
+ cpu_reset_interrupt(CPU(s->cpu), CPU_INTERRUPT_SIPI);
+
+ if (!s->wait_for_sipi)
+ return;
+ cpu_x86_load_seg_cache_sipi(s->cpu, s->sipi_vector);
+ s->wait_for_sipi = 0;
+}
+
+static void apic_deliver(DeviceState *d, uint8_t dest, uint8_t dest_mode,
+ uint8_t delivery_mode, uint8_t vector_num,
+ uint8_t trigger_mode)
+{
+ APICCommonState *s = DO_UPCAST(APICCommonState, busdev.qdev, d);
+ uint32_t deliver_bitmask[MAX_APIC_WORDS];
+ int dest_shorthand = (s->icr[0] >> 18) & 3;
+ APICCommonState *apic_iter;
+
+ switch (dest_shorthand) {
+ case 0:
+ apic_get_delivery_bitmask(deliver_bitmask, dest, dest_mode);
+ break;
+ case 1:
+ memset(deliver_bitmask, 0x00, sizeof(deliver_bitmask));
+ apic_set_bit(deliver_bitmask, s->idx);
+ break;
+ case 2:
+ memset(deliver_bitmask, 0xff, sizeof(deliver_bitmask));
+ break;
+ case 3:
+ memset(deliver_bitmask, 0xff, sizeof(deliver_bitmask));
+ apic_reset_bit(deliver_bitmask, s->idx);
+ break;
+ }
+
+ switch (delivery_mode) {
+ case APIC_DM_INIT:
+ {
+ int trig_mode = (s->icr[0] >> 15) & 1;
+ int level = (s->icr[0] >> 14) & 1;
+ if (level == 0 && trig_mode == 1) {
+ foreach_apic(apic_iter, deliver_bitmask,
+ apic_iter->arb_id = apic_iter->id );
+ return;
+ }
+ }
+ break;
+
+ case APIC_DM_SIPI:
+ foreach_apic(apic_iter, deliver_bitmask,
+ apic_startup(apic_iter, vector_num) );
+ return;
+ }
+
+ apic_bus_deliver(deliver_bitmask, delivery_mode, vector_num, trigger_mode);
+}
+
+static bool apic_check_pic(APICCommonState *s)
+{
+ if (!apic_accept_pic_intr(&s->busdev.qdev) || !pic_get_output(isa_pic)) {
+ return false;
+ }
+ apic_deliver_pic_intr(&s->busdev.qdev, 1);
+ return true;
+}
+
+int apic_get_interrupt(DeviceState *d)
+{
+ APICCommonState *s = DO_UPCAST(APICCommonState, busdev.qdev, d);
+ int intno;
+
+ /* if the APIC is installed or enabled, we let the 8259 handle the
+ IRQs */
+ if (!s)
+ return -1;
+ if (!(s->spurious_vec & APIC_SV_ENABLE))
+ return -1;
+
+ apic_sync_vapic(s, SYNC_FROM_VAPIC);
+ intno = apic_irq_pending(s);
+
+ if (intno == 0) {
+ apic_sync_vapic(s, SYNC_TO_VAPIC);
+ return -1;
+ } else if (intno < 0) {
+ apic_sync_vapic(s, SYNC_TO_VAPIC);
+ return s->spurious_vec & 0xff;
+ }
+ apic_reset_bit(s->irr, intno);
+ apic_set_bit(s->isr, intno);
+ apic_sync_vapic(s, SYNC_TO_VAPIC);
+
+ /* re-inject if there is still a pending PIC interrupt */
+ apic_check_pic(s);
+
+ apic_update_irq(s);
+
+ return intno;
+}
+
+int apic_accept_pic_intr(DeviceState *d)
+{
+ APICCommonState *s = DO_UPCAST(APICCommonState, busdev.qdev, d);
+ uint32_t lvt0;
+
+ if (!s)
+ return -1;
+
+ lvt0 = s->lvt[APIC_LVT_LINT0];
+
+ if ((s->apicbase & MSR_IA32_APICBASE_ENABLE) == 0 ||
+ (lvt0 & APIC_LVT_MASKED) == 0)
+ return 1;
+
+ return 0;
+}
+
+static uint32_t apic_get_current_count(APICCommonState *s)
+{
+ int64_t d;
+ uint32_t val;
+ d = (qemu_get_clock_ns(vm_clock) - s->initial_count_load_time) >>
+ s->count_shift;
+ if (s->lvt[APIC_LVT_TIMER] & APIC_LVT_TIMER_PERIODIC) {
+ /* periodic */
+ val = s->initial_count - (d % ((uint64_t)s->initial_count + 1));
+ } else {
+ if (d >= s->initial_count)
+ val = 0;
+ else
+ val = s->initial_count - d;
+ }
+ return val;
+}
+
+static void apic_timer_update(APICCommonState *s, int64_t current_time)
+{
+ if (apic_next_timer(s, current_time)) {
+ qemu_mod_timer(s->timer, s->next_time);
+ } else {
+ qemu_del_timer(s->timer);
+ }
+}
+
+static void apic_timer(void *opaque)
+{
+ APICCommonState *s = opaque;
+
+ apic_local_deliver(s, APIC_LVT_TIMER);
+ apic_timer_update(s, s->next_time);
+}
+
+static uint32_t apic_mem_readb(void *opaque, hwaddr addr)
+{
+ return 0;
+}
+
+static uint32_t apic_mem_readw(void *opaque, hwaddr addr)
+{
+ return 0;
+}
+
+static void apic_mem_writeb(void *opaque, hwaddr addr, uint32_t val)
+{
+}
+
+static void apic_mem_writew(void *opaque, hwaddr addr, uint32_t val)
+{
+}
+
+static uint32_t apic_mem_readl(void *opaque, hwaddr addr)
+{
+ DeviceState *d;
+ APICCommonState *s;
+ uint32_t val;
+ int index;
+
+ d = cpu_get_current_apic();
+ if (!d) {
+ return 0;
+ }
+ s = DO_UPCAST(APICCommonState, busdev.qdev, d);
+
+ index = (addr >> 4) & 0xff;
+ switch(index) {
+ case 0x02: /* id */
+ val = s->id << 24;
+ break;
+ case 0x03: /* version */
+ val = 0x11 | ((APIC_LVT_NB - 1) << 16); /* version 0x11 */
+ break;
+ case 0x08:
+ apic_sync_vapic(s, SYNC_FROM_VAPIC);
+ if (apic_report_tpr_access) {
+ cpu_report_tpr_access(&s->cpu->env, TPR_ACCESS_READ);
+ }
+ val = s->tpr;
+ break;
+ case 0x09:
+ val = apic_get_arb_pri(s);
+ break;
+ case 0x0a:
+ /* ppr */
+ val = apic_get_ppr(s);
+ break;
+ case 0x0b:
+ val = 0;
+ break;
+ case 0x0d:
+ val = s->log_dest << 24;
+ break;
+ case 0x0e:
+ val = s->dest_mode << 28;
+ break;
+ case 0x0f:
+ val = s->spurious_vec;
+ break;
+ case 0x10 ... 0x17:
+ val = s->isr[index & 7];
+ break;
+ case 0x18 ... 0x1f:
+ val = s->tmr[index & 7];
+ break;
+ case 0x20 ... 0x27:
+ val = s->irr[index & 7];
+ break;
+ case 0x28:
+ val = s->esr;
+ break;
+ case 0x30:
+ case 0x31:
+ val = s->icr[index & 1];
+ break;
+ case 0x32 ... 0x37:
+ val = s->lvt[index - 0x32];
+ break;
+ case 0x38:
+ val = s->initial_count;
+ break;
+ case 0x39:
+ val = apic_get_current_count(s);
+ break;
+ case 0x3e:
+ val = s->divide_conf;
+ break;
+ default:
+ s->esr |= ESR_ILLEGAL_ADDRESS;
+ val = 0;
+ break;
+ }
+ trace_apic_mem_readl(addr, val);
+ return val;
+}
+
+static void apic_send_msi(hwaddr addr, uint32_t data)
+{
+ uint8_t dest = (addr & MSI_ADDR_DEST_ID_MASK) >> MSI_ADDR_DEST_ID_SHIFT;
+ uint8_t vector = (data & MSI_DATA_VECTOR_MASK) >> MSI_DATA_VECTOR_SHIFT;
+ uint8_t dest_mode = (addr >> MSI_ADDR_DEST_MODE_SHIFT) & 0x1;
+ uint8_t trigger_mode = (data >> MSI_DATA_TRIGGER_SHIFT) & 0x1;
+ uint8_t delivery = (data >> MSI_DATA_DELIVERY_MODE_SHIFT) & 0x7;
+ /* XXX: Ignore redirection hint. */
+ apic_deliver_irq(dest, dest_mode, delivery, vector, trigger_mode);
+}
+
+static void apic_mem_writel(void *opaque, hwaddr addr, uint32_t val)
+{
+ DeviceState *d;
+ APICCommonState *s;
+ int index = (addr >> 4) & 0xff;
+ if (addr > 0xfff || !index) {
+ /* MSI and MMIO APIC are at the same memory location,
+ * but actually not on the global bus: MSI is on PCI bus
+ * APIC is connected directly to the CPU.
+ * Mapping them on the global bus happens to work because
+ * MSI registers are reserved in APIC MMIO and vice versa. */
+ apic_send_msi(addr, val);
+ return;
+ }
+
+ d = cpu_get_current_apic();
+ if (!d) {
+ return;
+ }
+ s = DO_UPCAST(APICCommonState, busdev.qdev, d);
+
+ trace_apic_mem_writel(addr, val);
+
+ switch(index) {
+ case 0x02:
+ s->id = (val >> 24);
+ break;
+ case 0x03:
+ break;
+ case 0x08:
+ if (apic_report_tpr_access) {
+ cpu_report_tpr_access(&s->cpu->env, TPR_ACCESS_WRITE);
+ }
+ s->tpr = val;
+ apic_sync_vapic(s, SYNC_TO_VAPIC);
+ apic_update_irq(s);
+ break;
+ case 0x09:
+ case 0x0a:
+ break;
+ case 0x0b: /* EOI */
+ apic_eoi(s);
+ break;
+ case 0x0d:
+ s->log_dest = val >> 24;
+ break;
+ case 0x0e:
+ s->dest_mode = val >> 28;
+ break;
+ case 0x0f:
+ s->spurious_vec = val & 0x1ff;
+ apic_update_irq(s);
+ break;
+ case 0x10 ... 0x17:
+ case 0x18 ... 0x1f:
+ case 0x20 ... 0x27:
+ case 0x28:
+ break;
+ case 0x30:
+ s->icr[0] = val;
+ apic_deliver(d, (s->icr[1] >> 24) & 0xff, (s->icr[0] >> 11) & 1,
+ (s->icr[0] >> 8) & 7, (s->icr[0] & 0xff),
+ (s->icr[0] >> 15) & 1);
+ break;
+ case 0x31:
+ s->icr[1] = val;
+ break;
+ case 0x32 ... 0x37:
+ {
+ int n = index - 0x32;
+ s->lvt[n] = val;
+ if (n == APIC_LVT_TIMER) {
+ apic_timer_update(s, qemu_get_clock_ns(vm_clock));
+ } else if (n == APIC_LVT_LINT0 && apic_check_pic(s)) {
+ apic_update_irq(s);
+ }
+ }
+ break;
+ case 0x38:
+ s->initial_count = val;
+ s->initial_count_load_time = qemu_get_clock_ns(vm_clock);
+ apic_timer_update(s, s->initial_count_load_time);
+ break;
+ case 0x39:
+ break;
+ case 0x3e:
+ {
+ int v;
+ s->divide_conf = val & 0xb;
+ v = (s->divide_conf & 3) | ((s->divide_conf >> 1) & 4);
+ s->count_shift = (v + 1) & 7;
+ }
+ break;
+ default:
+ s->esr |= ESR_ILLEGAL_ADDRESS;
+ break;
+ }
+}
+
+static void apic_pre_save(APICCommonState *s)
+{
+ apic_sync_vapic(s, SYNC_FROM_VAPIC);
+}
+
+static void apic_post_load(APICCommonState *s)
+{
+ if (s->timer_expiry != -1) {
+ qemu_mod_timer(s->timer, s->timer_expiry);
+ } else {
+ qemu_del_timer(s->timer);
+ }
+}
+
+static const MemoryRegionOps apic_io_ops = {
+ .old_mmio = {
+ .read = { apic_mem_readb, apic_mem_readw, apic_mem_readl, },
+ .write = { apic_mem_writeb, apic_mem_writew, apic_mem_writel, },
+ },
+ .endianness = DEVICE_NATIVE_ENDIAN,
+};
+
+static void apic_init(APICCommonState *s)
+{
+ memory_region_init_io(&s->io_memory, OBJECT(s), &apic_io_ops, s, "apic-msi",
+ APIC_SPACE_SIZE);
+
+ s->timer = qemu_new_timer_ns(vm_clock, apic_timer, s);
+ local_apics[s->idx] = s;
+
+ msi_supported = true;
+}
+
+static void apic_class_init(ObjectClass *klass, void *data)
+{
+ APICCommonClass *k = APIC_COMMON_CLASS(klass);
+
+ k->init = apic_init;
+ k->set_base = apic_set_base;
+ k->set_tpr = apic_set_tpr;
+ k->get_tpr = apic_get_tpr;
+ k->vapic_base_update = apic_vapic_base_update;
+ k->external_nmi = apic_external_nmi;
+ k->pre_save = apic_pre_save;
+ k->post_load = apic_post_load;
+}
+
+static const TypeInfo apic_info = {
+ .name = "apic",
+ .instance_size = sizeof(APICCommonState),
+ .parent = TYPE_APIC_COMMON,
+ .class_init = apic_class_init,
+};
+
+static void apic_register_types(void)
+{
+ type_register_static(&apic_info);
+}
+
+type_init(apic_register_types)
diff --git a/hw/intc/apic_common.c b/hw/intc/apic_common.c
new file mode 100644
index 000000000..b03e904a7
--- /dev/null
+++ b/hw/intc/apic_common.c
@@ -0,0 +1,408 @@
+/*
+ * APIC support - common bits of emulated and KVM kernel model
+ *
+ * Copyright (c) 2004-2005 Fabrice Bellard
+ * Copyright (c) 2011 Jan Kiszka, Siemens AG
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, see <http://www.gnu.org/licenses/>
+ */
+#include "hw/i386/apic.h"
+#include "hw/i386/apic_internal.h"
+#include "trace.h"
+#include "sysemu/kvm.h"
+#include "hw/qdev.h"
+#include "hw/sysbus.h"
+
+static int apic_irq_delivered;
+bool apic_report_tpr_access;
+
+void cpu_set_apic_base(DeviceState *d, uint64_t val)
+{
+ trace_cpu_set_apic_base(val);
+
+ if (d) {
+ APICCommonState *s = APIC_COMMON(d);
+ APICCommonClass *info = APIC_COMMON_GET_CLASS(s);
+ info->set_base(s, val);
+ }
+}
+
+uint64_t cpu_get_apic_base(DeviceState *d)
+{
+ if (d) {
+ APICCommonState *s = APIC_COMMON(d);
+ trace_cpu_get_apic_base((uint64_t)s->apicbase);
+ return s->apicbase;
+ } else {
+ trace_cpu_get_apic_base(MSR_IA32_APICBASE_BSP);
+ return MSR_IA32_APICBASE_BSP;
+ }
+}
+
+void cpu_set_apic_tpr(DeviceState *d, uint8_t val)
+{
+ APICCommonState *s;
+ APICCommonClass *info;
+
+ if (!d) {
+ return;
+ }
+
+ s = APIC_COMMON(d);
+ info = APIC_COMMON_GET_CLASS(s);
+
+ info->set_tpr(s, val);
+}
+
+uint8_t cpu_get_apic_tpr(DeviceState *d)
+{
+ APICCommonState *s;
+ APICCommonClass *info;
+
+ if (!d) {
+ return 0;
+ }
+
+ s = APIC_COMMON(d);
+ info = APIC_COMMON_GET_CLASS(s);
+
+ return info->get_tpr(s);
+}
+
+void apic_enable_tpr_access_reporting(DeviceState *d, bool enable)
+{
+ APICCommonState *s = DO_UPCAST(APICCommonState, busdev.qdev, d);
+ APICCommonClass *info = APIC_COMMON_GET_CLASS(s);
+
+ apic_report_tpr_access = enable;
+ if (info->enable_tpr_reporting) {
+ info->enable_tpr_reporting(s, enable);
+ }
+}
+
+void apic_enable_vapic(DeviceState *d, hwaddr paddr)
+{
+ APICCommonState *s = DO_UPCAST(APICCommonState, busdev.qdev, d);
+ APICCommonClass *info = APIC_COMMON_GET_CLASS(s);
+
+ s->vapic_paddr = paddr;
+ info->vapic_base_update(s);
+}
+
+void apic_handle_tpr_access_report(DeviceState *d, target_ulong ip,
+ TPRAccess access)
+{
+ APICCommonState *s = DO_UPCAST(APICCommonState, busdev.qdev, d);
+
+ vapic_report_tpr_access(s->vapic, CPU(s->cpu), ip, access);
+}
+
+void apic_report_irq_delivered(int delivered)
+{
+ apic_irq_delivered += delivered;
+
+ trace_apic_report_irq_delivered(apic_irq_delivered);
+}
+
+void apic_reset_irq_delivered(void)
+{
+ trace_apic_reset_irq_delivered(apic_irq_delivered);
+
+ apic_irq_delivered = 0;
+}
+
+int apic_get_irq_delivered(void)
+{
+ trace_apic_get_irq_delivered(apic_irq_delivered);
+
+ return apic_irq_delivered;
+}
+
+void apic_deliver_nmi(DeviceState *d)
+{
+ APICCommonState *s = APIC_COMMON(d);
+ APICCommonClass *info = APIC_COMMON_GET_CLASS(s);
+
+ info->external_nmi(s);
+}
+
+bool apic_next_timer(APICCommonState *s, int64_t current_time)
+{
+ int64_t d;
+
+ /* We need to store the timer state separately to support APIC
+ * implementations that maintain a non-QEMU timer, e.g. inside the
+ * host kernel. This open-coded state allows us to migrate between
+ * both models. */
+ s->timer_expiry = -1;
+
+ if (s->lvt[APIC_LVT_TIMER] & APIC_LVT_MASKED) {
+ return false;
+ }
+
+ d = (current_time - s->initial_count_load_time) >> s->count_shift;
+
+ if (s->lvt[APIC_LVT_TIMER] & APIC_LVT_TIMER_PERIODIC) {
+ if (!s->initial_count) {
+ return false;
+ }
+ d = ((d / ((uint64_t)s->initial_count + 1)) + 1) *
+ ((uint64_t)s->initial_count + 1);
+ } else {
+ if (d >= s->initial_count) {
+ return false;
+ }
+ d = (uint64_t)s->initial_count + 1;
+ }
+ s->next_time = s->initial_count_load_time + (d << s->count_shift);
+ s->timer_expiry = s->next_time;
+ return true;
+}
+
+void apic_init_reset(DeviceState *d)
+{
+ APICCommonState *s = DO_UPCAST(APICCommonState, busdev.qdev, d);
+ int i;
+
+ if (!s) {
+ return;
+ }
+ s->tpr = 0;
+ s->spurious_vec = 0xff;
+ s->log_dest = 0;
+ s->dest_mode = 0xf;
+ memset(s->isr, 0, sizeof(s->isr));
+ memset(s->tmr, 0, sizeof(s->tmr));
+ memset(s->irr, 0, sizeof(s->irr));
+ for (i = 0; i < APIC_LVT_NB; i++) {
+ s->lvt[i] = APIC_LVT_MASKED;
+ }
+ s->esr = 0;
+ memset(s->icr, 0, sizeof(s->icr));
+ s->divide_conf = 0;
+ s->count_shift = 0;
+ s->initial_count = 0;
+ s->initial_count_load_time = 0;
+ s->next_time = 0;
+ s->wait_for_sipi = 1;
+
+ if (s->timer) {
+ qemu_del_timer(s->timer);
+ }
+ s->timer_expiry = -1;
+}
+
+void apic_designate_bsp(DeviceState *d)
+{
+ if (d == NULL) {
+ return;
+ }
+
+ APICCommonState *s = APIC_COMMON(d);
+ s->apicbase |= MSR_IA32_APICBASE_BSP;
+}
+
+static void apic_reset_common(DeviceState *d)
+{
+ APICCommonState *s = DO_UPCAST(APICCommonState, busdev.qdev, d);
+ APICCommonClass *info = APIC_COMMON_GET_CLASS(s);
+ bool bsp;
+
+ bsp = cpu_is_bsp(s->cpu);
+ s->apicbase = APIC_DEFAULT_ADDRESS |
+ (bsp ? MSR_IA32_APICBASE_BSP : 0) | MSR_IA32_APICBASE_ENABLE;
+
+ s->vapic_paddr = 0;
+ info->vapic_base_update(s);
+
+ apic_init_reset(d);
+
+ if (bsp) {
+ /*
+ * LINT0 delivery mode on CPU #0 is set to ExtInt at initialization
+ * time typically by BIOS, so PIC interrupt can be delivered to the
+ * processor when local APIC is enabled.
+ */
+ s->lvt[APIC_LVT_LINT0] = 0x700;
+ }
+}
+
+/* This function is only used for old state version 1 and 2 */
+static int apic_load_old(QEMUFile *f, void *opaque, int version_id)
+{
+ APICCommonState *s = opaque;
+ APICCommonClass *info = APIC_COMMON_GET_CLASS(s);
+ int i;
+
+ if (version_id > 2) {
+ return -EINVAL;
+ }
+
+ /* XXX: what if the base changes? (registered memory regions) */
+ qemu_get_be32s(f, &s->apicbase);
+ qemu_get_8s(f, &s->id);
+ qemu_get_8s(f, &s->arb_id);
+ qemu_get_8s(f, &s->tpr);
+ qemu_get_be32s(f, &s->spurious_vec);
+ qemu_get_8s(f, &s->log_dest);
+ qemu_get_8s(f, &s->dest_mode);
+ for (i = 0; i < 8; i++) {
+ qemu_get_be32s(f, &s->isr[i]);
+ qemu_get_be32s(f, &s->tmr[i]);
+ qemu_get_be32s(f, &s->irr[i]);
+ }
+ for (i = 0; i < APIC_LVT_NB; i++) {
+ qemu_get_be32s(f, &s->lvt[i]);
+ }
+ qemu_get_be32s(f, &s->esr);
+ qemu_get_be32s(f, &s->icr[0]);
+ qemu_get_be32s(f, &s->icr[1]);
+ qemu_get_be32s(f, &s->divide_conf);
+ s->count_shift = qemu_get_be32(f);
+ qemu_get_be32s(f, &s->initial_count);
+ s->initial_count_load_time = qemu_get_be64(f);
+ s->next_time = qemu_get_be64(f);
+
+ if (version_id >= 2) {
+ s->timer_expiry = qemu_get_be64(f);
+ }
+
+ if (info->post_load) {
+ info->post_load(s);
+ }
+ return 0;
+}
+
+static int apic_init_common(ICCDevice *dev)
+{
+ APICCommonState *s = APIC_COMMON(dev);
+ APICCommonClass *info;
+ static DeviceState *vapic;
+ static int apic_no;
+ static bool mmio_registered;
+
+ if (apic_no >= MAX_APICS) {
+ return -1;
+ }
+ s->idx = apic_no++;
+
+ info = APIC_COMMON_GET_CLASS(s);
+ info->init(s);
+ if (!mmio_registered) {
+ ICCBus *b = ICC_BUS(qdev_get_parent_bus(DEVICE(dev)));
+ memory_region_add_subregion(b->apic_address_space, 0, &s->io_memory);
+ mmio_registered = true;
+ }
+
+ /* Note: We need at least 1M to map the VAPIC option ROM */
+ if (!vapic && s->vapic_control & VAPIC_ENABLE_MASK &&
+ ram_size >= 1024 * 1024) {
+ vapic = sysbus_create_simple("kvmvapic", -1, NULL);
+ }
+ s->vapic = vapic;
+ if (apic_report_tpr_access && info->enable_tpr_reporting) {
+ info->enable_tpr_reporting(s, true);
+ }
+
+ return 0;
+}
+
+static void apic_dispatch_pre_save(void *opaque)
+{
+ APICCommonState *s = APIC_COMMON(opaque);
+ APICCommonClass *info = APIC_COMMON_GET_CLASS(s);
+
+ if (info->pre_save) {
+ info->pre_save(s);
+ }
+}
+
+static int apic_dispatch_post_load(void *opaque, int version_id)
+{
+ APICCommonState *s = APIC_COMMON(opaque);
+ APICCommonClass *info = APIC_COMMON_GET_CLASS(s);
+
+ if (info->post_load) {
+ info->post_load(s);
+ }
+ return 0;
+}
+
+static const VMStateDescription vmstate_apic_common = {
+ .name = "apic",
+ .version_id = 3,
+ .minimum_version_id = 3,
+ .minimum_version_id_old = 1,
+ .load_state_old = apic_load_old,
+ .pre_save = apic_dispatch_pre_save,
+ .post_load = apic_dispatch_post_load,
+ .fields = (VMStateField[]) {
+ VMSTATE_UINT32(apicbase, APICCommonState),
+ VMSTATE_UINT8(id, APICCommonState),
+ VMSTATE_UINT8(arb_id, APICCommonState),
+ VMSTATE_UINT8(tpr, APICCommonState),
+ VMSTATE_UINT32(spurious_vec, APICCommonState),
+ VMSTATE_UINT8(log_dest, APICCommonState),
+ VMSTATE_UINT8(dest_mode, APICCommonState),
+ VMSTATE_UINT32_ARRAY(isr, APICCommonState, 8),
+ VMSTATE_UINT32_ARRAY(tmr, APICCommonState, 8),
+ VMSTATE_UINT32_ARRAY(irr, APICCommonState, 8),
+ VMSTATE_UINT32_ARRAY(lvt, APICCommonState, APIC_LVT_NB),
+ VMSTATE_UINT32(esr, APICCommonState),
+ VMSTATE_UINT32_ARRAY(icr, APICCommonState, 2),
+ VMSTATE_UINT32(divide_conf, APICCommonState),
+ VMSTATE_INT32(count_shift, APICCommonState),
+ VMSTATE_UINT32(initial_count, APICCommonState),
+ VMSTATE_INT64(initial_count_load_time, APICCommonState),
+ VMSTATE_INT64(next_time, APICCommonState),
+ VMSTATE_INT64(timer_expiry,
+ APICCommonState), /* open-coded timer state */
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+static Property apic_properties_common[] = {
+ DEFINE_PROP_UINT8("id", APICCommonState, id, -1),
+ DEFINE_PROP_BIT("vapic", APICCommonState, vapic_control, VAPIC_ENABLE_BIT,
+ true),
+ DEFINE_PROP_END_OF_LIST(),
+};
+
+static void apic_common_class_init(ObjectClass *klass, void *data)
+{
+ ICCDeviceClass *idc = ICC_DEVICE_CLASS(klass);
+ DeviceClass *dc = DEVICE_CLASS(klass);
+
+ dc->vmsd = &vmstate_apic_common;
+ dc->reset = apic_reset_common;
+ dc->no_user = 1;
+ dc->props = apic_properties_common;
+ idc->init = apic_init_common;
+}
+
+static const TypeInfo apic_common_type = {
+ .name = TYPE_APIC_COMMON,
+ .parent = TYPE_ICC_DEVICE,
+ .instance_size = sizeof(APICCommonState),
+ .class_size = sizeof(APICCommonClass),
+ .class_init = apic_common_class_init,
+ .abstract = true,
+};
+
+static void register_types(void)
+{
+ type_register_static(&apic_common_type);
+}
+
+type_init(register_types)
diff --git a/hw/intc/arm_gic.c b/hw/intc/arm_gic.c
new file mode 100644
index 000000000..d431b7a88
--- /dev/null
+++ b/hw/intc/arm_gic.c
@@ -0,0 +1,725 @@
+/*
+ * ARM Generic/Distributed Interrupt Controller
+ *
+ * Copyright (c) 2006-2007 CodeSourcery.
+ * Written by Paul Brook
+ *
+ * This code is licensed under the GPL.
+ */
+
+/* This file contains implementation code for the RealView EB interrupt
+ * controller, MPCore distributed interrupt controller and ARMv7-M
+ * Nested Vectored Interrupt Controller.
+ * It is compiled in two ways:
+ * (1) as a standalone file to produce a sysbus device which is a GIC
+ * that can be used on the realview board and as one of the builtin
+ * private peripherals for the ARM MP CPUs (11MPCore, A9, etc)
+ * (2) by being directly #included into armv7m_nvic.c to produce the
+ * armv7m_nvic device.
+ */
+
+#include "hw/sysbus.h"
+#include "gic_internal.h"
+#include "qom/cpu.h"
+
+//#define DEBUG_GIC
+
+#ifdef DEBUG_GIC
+#define DPRINTF(fmt, ...) \
+do { fprintf(stderr, "arm_gic: " fmt , ## __VA_ARGS__); } while (0)
+#else
+#define DPRINTF(fmt, ...) do {} while(0)
+#endif
+
+static const uint8_t gic_id[] = {
+ 0x90, 0x13, 0x04, 0x00, 0x0d, 0xf0, 0x05, 0xb1
+};
+
+#define NUM_CPU(s) ((s)->num_cpu)
+
+static inline int gic_get_current_cpu(GICState *s)
+{
+ if (s->num_cpu > 1) {
+ return current_cpu->cpu_index;
+ }
+ return 0;
+}
+
+/* TODO: Many places that call this routine could be optimized. */
+/* Update interrupt status after enabled or pending bits have been changed. */
+void gic_update(GICState *s)
+{
+ int best_irq;
+ int best_prio;
+ int irq;
+ int level;
+ int cpu;
+ int cm;
+
+ for (cpu = 0; cpu < NUM_CPU(s); cpu++) {
+ cm = 1 << cpu;
+ s->current_pending[cpu] = 1023;
+ if (!s->enabled || !s->cpu_enabled[cpu]) {
+ qemu_irq_lower(s->parent_irq[cpu]);
+ return;
+ }
+ best_prio = 0x100;
+ best_irq = 1023;
+ for (irq = 0; irq < s->num_irq; irq++) {
+ if (GIC_TEST_ENABLED(irq, cm) && GIC_TEST_PENDING(irq, cm)) {
+ if (GIC_GET_PRIORITY(irq, cpu) < best_prio) {
+ best_prio = GIC_GET_PRIORITY(irq, cpu);
+ best_irq = irq;
+ }
+ }
+ }
+ level = 0;
+ if (best_prio < s->priority_mask[cpu]) {
+ s->current_pending[cpu] = best_irq;
+ if (best_prio < s->running_priority[cpu]) {
+ DPRINTF("Raised pending IRQ %d (cpu %d)\n", best_irq, cpu);
+ level = 1;
+ }
+ }
+ qemu_set_irq(s->parent_irq[cpu], level);
+ }
+}
+
+void gic_set_pending_private(GICState *s, int cpu, int irq)
+{
+ int cm = 1 << cpu;
+
+ if (GIC_TEST_PENDING(irq, cm))
+ return;
+
+ DPRINTF("Set %d pending cpu %d\n", irq, cpu);
+ GIC_SET_PENDING(irq, cm);
+ gic_update(s);
+}
+
+/* Process a change in an external IRQ input. */
+static void gic_set_irq(void *opaque, int irq, int level)
+{
+ /* Meaning of the 'irq' parameter:
+ * [0..N-1] : external interrupts
+ * [N..N+31] : PPI (internal) interrupts for CPU 0
+ * [N+32..N+63] : PPI (internal interrupts for CPU 1
+ * ...
+ */
+ GICState *s = (GICState *)opaque;
+ int cm, target;
+ if (irq < (s->num_irq - GIC_INTERNAL)) {
+ /* The first external input line is internal interrupt 32. */
+ cm = ALL_CPU_MASK;
+ irq += GIC_INTERNAL;
+ target = GIC_TARGET(irq);
+ } else {
+ int cpu;
+ irq -= (s->num_irq - GIC_INTERNAL);
+ cpu = irq / GIC_INTERNAL;
+ irq %= GIC_INTERNAL;
+ cm = 1 << cpu;
+ target = cm;
+ }
+
+ if (level == GIC_TEST_LEVEL(irq, cm)) {
+ return;
+ }
+
+ if (level) {
+ GIC_SET_LEVEL(irq, cm);
+ if (GIC_TEST_TRIGGER(irq) || GIC_TEST_ENABLED(irq, cm)) {
+ DPRINTF("Set %d pending mask %x\n", irq, target);
+ GIC_SET_PENDING(irq, target);
+ }
+ } else {
+ GIC_CLEAR_LEVEL(irq, cm);
+ }
+ gic_update(s);
+}
+
+static void gic_set_running_irq(GICState *s, int cpu, int irq)
+{
+ s->running_irq[cpu] = irq;
+ if (irq == 1023) {
+ s->running_priority[cpu] = 0x100;
+ } else {
+ s->running_priority[cpu] = GIC_GET_PRIORITY(irq, cpu);
+ }
+ gic_update(s);
+}
+
+uint32_t gic_acknowledge_irq(GICState *s, int cpu)
+{
+ int new_irq;
+ int cm = 1 << cpu;
+ new_irq = s->current_pending[cpu];
+ if (new_irq == 1023
+ || GIC_GET_PRIORITY(new_irq, cpu) >= s->running_priority[cpu]) {
+ DPRINTF("ACK no pending IRQ\n");
+ return 1023;
+ }
+ s->last_active[new_irq][cpu] = s->running_irq[cpu];
+ /* Clear pending flags for both level and edge triggered interrupts.
+ Level triggered IRQs will be reasserted once they become inactive. */
+ GIC_CLEAR_PENDING(new_irq, GIC_TEST_MODEL(new_irq) ? ALL_CPU_MASK : cm);
+ gic_set_running_irq(s, cpu, new_irq);
+ DPRINTF("ACK %d\n", new_irq);
+ return new_irq;
+}
+
+void gic_complete_irq(GICState *s, int cpu, int irq)
+{
+ int update = 0;
+ int cm = 1 << cpu;
+ DPRINTF("EOI %d\n", irq);
+ if (irq >= s->num_irq) {
+ /* This handles two cases:
+ * 1. If software writes the ID of a spurious interrupt [ie 1023]
+ * to the GICC_EOIR, the GIC ignores that write.
+ * 2. If software writes the number of a non-existent interrupt
+ * this must be a subcase of "value written does not match the last
+ * valid interrupt value read from the Interrupt Acknowledge
+ * register" and so this is UNPREDICTABLE. We choose to ignore it.
+ */
+ return;
+ }
+ if (s->running_irq[cpu] == 1023)
+ return; /* No active IRQ. */
+ /* Mark level triggered interrupts as pending if they are still
+ raised. */
+ if (!GIC_TEST_TRIGGER(irq) && GIC_TEST_ENABLED(irq, cm)
+ && GIC_TEST_LEVEL(irq, cm) && (GIC_TARGET(irq) & cm) != 0) {
+ DPRINTF("Set %d pending mask %x\n", irq, cm);
+ GIC_SET_PENDING(irq, cm);
+ update = 1;
+ }
+ if (irq != s->running_irq[cpu]) {
+ /* Complete an IRQ that is not currently running. */
+ int tmp = s->running_irq[cpu];
+ while (s->last_active[tmp][cpu] != 1023) {
+ if (s->last_active[tmp][cpu] == irq) {
+ s->last_active[tmp][cpu] = s->last_active[irq][cpu];
+ break;
+ }
+ tmp = s->last_active[tmp][cpu];
+ }
+ if (update) {
+ gic_update(s);
+ }
+ } else {
+ /* Complete the current running IRQ. */
+ gic_set_running_irq(s, cpu, s->last_active[s->running_irq[cpu]][cpu]);
+ }
+}
+
+static uint32_t gic_dist_readb(void *opaque, hwaddr offset)
+{
+ GICState *s = (GICState *)opaque;
+ uint32_t res;
+ int irq;
+ int i;
+ int cpu;
+ int cm;
+ int mask;
+
+ cpu = gic_get_current_cpu(s);
+ cm = 1 << cpu;
+ if (offset < 0x100) {
+ if (offset == 0)
+ return s->enabled;
+ if (offset == 4)
+ return ((s->num_irq / 32) - 1) | ((NUM_CPU(s) - 1) << 5);
+ if (offset < 0x08)
+ return 0;
+ if (offset >= 0x80) {
+ /* Interrupt Security , RAZ/WI */
+ return 0;
+ }
+ goto bad_reg;
+ } else if (offset < 0x200) {
+ /* Interrupt Set/Clear Enable. */
+ if (offset < 0x180)
+ irq = (offset - 0x100) * 8;
+ else
+ irq = (offset - 0x180) * 8;
+ irq += GIC_BASE_IRQ;
+ if (irq >= s->num_irq)
+ goto bad_reg;
+ res = 0;
+ for (i = 0; i < 8; i++) {
+ if (GIC_TEST_ENABLED(irq + i, cm)) {
+ res |= (1 << i);
+ }
+ }
+ } else if (offset < 0x300) {
+ /* Interrupt Set/Clear Pending. */
+ if (offset < 0x280)
+ irq = (offset - 0x200) * 8;
+ else
+ irq = (offset - 0x280) * 8;
+ irq += GIC_BASE_IRQ;
+ if (irq >= s->num_irq)
+ goto bad_reg;
+ res = 0;
+ mask = (irq < GIC_INTERNAL) ? cm : ALL_CPU_MASK;
+ for (i = 0; i < 8; i++) {
+ if (GIC_TEST_PENDING(irq + i, mask)) {
+ res |= (1 << i);
+ }
+ }
+ } else if (offset < 0x400) {
+ /* Interrupt Active. */
+ irq = (offset - 0x300) * 8 + GIC_BASE_IRQ;
+ if (irq >= s->num_irq)
+ goto bad_reg;
+ res = 0;
+ mask = (irq < GIC_INTERNAL) ? cm : ALL_CPU_MASK;
+ for (i = 0; i < 8; i++) {
+ if (GIC_TEST_ACTIVE(irq + i, mask)) {
+ res |= (1 << i);
+ }
+ }
+ } else if (offset < 0x800) {
+ /* Interrupt Priority. */
+ irq = (offset - 0x400) + GIC_BASE_IRQ;
+ if (irq >= s->num_irq)
+ goto bad_reg;
+ res = GIC_GET_PRIORITY(irq, cpu);
+ } else if (offset < 0xc00) {
+ /* Interrupt CPU Target. */
+ if (s->num_cpu == 1 && s->revision != REV_11MPCORE) {
+ /* For uniprocessor GICs these RAZ/WI */
+ res = 0;
+ } else {
+ irq = (offset - 0x800) + GIC_BASE_IRQ;
+ if (irq >= s->num_irq) {
+ goto bad_reg;
+ }
+ if (irq >= 29 && irq <= 31) {
+ res = cm;
+ } else {
+ res = GIC_TARGET(irq);
+ }
+ }
+ } else if (offset < 0xf00) {
+ /* Interrupt Configuration. */
+ irq = (offset - 0xc00) * 2 + GIC_BASE_IRQ;
+ if (irq >= s->num_irq)
+ goto bad_reg;
+ res = 0;
+ for (i = 0; i < 4; i++) {
+ if (GIC_TEST_MODEL(irq + i))
+ res |= (1 << (i * 2));
+ if (GIC_TEST_TRIGGER(irq + i))
+ res |= (2 << (i * 2));
+ }
+ } else if (offset < 0xfe0) {
+ goto bad_reg;
+ } else /* offset >= 0xfe0 */ {
+ if (offset & 3) {
+ res = 0;
+ } else {
+ res = gic_id[(offset - 0xfe0) >> 2];
+ }
+ }
+ return res;
+bad_reg:
+ qemu_log_mask(LOG_GUEST_ERROR,
+ "gic_dist_readb: Bad offset %x\n", (int)offset);
+ return 0;
+}
+
+static uint32_t gic_dist_readw(void *opaque, hwaddr offset)
+{
+ uint32_t val;
+ val = gic_dist_readb(opaque, offset);
+ val |= gic_dist_readb(opaque, offset + 1) << 8;
+ return val;
+}
+
+static uint32_t gic_dist_readl(void *opaque, hwaddr offset)
+{
+ uint32_t val;
+ val = gic_dist_readw(opaque, offset);
+ val |= gic_dist_readw(opaque, offset + 2) << 16;
+ return val;
+}
+
+static void gic_dist_writeb(void *opaque, hwaddr offset,
+ uint32_t value)
+{
+ GICState *s = (GICState *)opaque;
+ int irq;
+ int i;
+ int cpu;
+
+ cpu = gic_get_current_cpu(s);
+ if (offset < 0x100) {
+ if (offset == 0) {
+ s->enabled = (value & 1);
+ DPRINTF("Distribution %sabled\n", s->enabled ? "En" : "Dis");
+ } else if (offset < 4) {
+ /* ignored. */
+ } else if (offset >= 0x80) {
+ /* Interrupt Security Registers, RAZ/WI */
+ } else {
+ goto bad_reg;
+ }
+ } else if (offset < 0x180) {
+ /* Interrupt Set Enable. */
+ irq = (offset - 0x100) * 8 + GIC_BASE_IRQ;
+ if (irq >= s->num_irq)
+ goto bad_reg;
+ if (irq < 16)
+ value = 0xff;
+ for (i = 0; i < 8; i++) {
+ if (value & (1 << i)) {
+ int mask =
+ (irq < GIC_INTERNAL) ? (1 << cpu) : GIC_TARGET(irq + i);
+ int cm = (irq < GIC_INTERNAL) ? (1 << cpu) : ALL_CPU_MASK;
+
+ if (!GIC_TEST_ENABLED(irq + i, cm)) {
+ DPRINTF("Enabled IRQ %d\n", irq + i);
+ }
+ GIC_SET_ENABLED(irq + i, cm);
+ /* If a raised level triggered IRQ enabled then mark
+ is as pending. */
+ if (GIC_TEST_LEVEL(irq + i, mask)
+ && !GIC_TEST_TRIGGER(irq + i)) {
+ DPRINTF("Set %d pending mask %x\n", irq + i, mask);
+ GIC_SET_PENDING(irq + i, mask);
+ }
+ }
+ }
+ } else if (offset < 0x200) {
+ /* Interrupt Clear Enable. */
+ irq = (offset - 0x180) * 8 + GIC_BASE_IRQ;
+ if (irq >= s->num_irq)
+ goto bad_reg;
+ if (irq < 16)
+ value = 0;
+ for (i = 0; i < 8; i++) {
+ if (value & (1 << i)) {
+ int cm = (irq < GIC_INTERNAL) ? (1 << cpu) : ALL_CPU_MASK;
+
+ if (GIC_TEST_ENABLED(irq + i, cm)) {
+ DPRINTF("Disabled IRQ %d\n", irq + i);
+ }
+ GIC_CLEAR_ENABLED(irq + i, cm);
+ }
+ }
+ } else if (offset < 0x280) {
+ /* Interrupt Set Pending. */
+ irq = (offset - 0x200) * 8 + GIC_BASE_IRQ;
+ if (irq >= s->num_irq)
+ goto bad_reg;
+ if (irq < 16)
+ irq = 0;
+
+ for (i = 0; i < 8; i++) {
+ if (value & (1 << i)) {
+ GIC_SET_PENDING(irq + i, GIC_TARGET(irq + i));
+ }
+ }
+ } else if (offset < 0x300) {
+ /* Interrupt Clear Pending. */
+ irq = (offset - 0x280) * 8 + GIC_BASE_IRQ;
+ if (irq >= s->num_irq)
+ goto bad_reg;
+ for (i = 0; i < 8; i++) {
+ /* ??? This currently clears the pending bit for all CPUs, even
+ for per-CPU interrupts. It's unclear whether this is the
+ corect behavior. */
+ if (value & (1 << i)) {
+ GIC_CLEAR_PENDING(irq + i, ALL_CPU_MASK);
+ }
+ }
+ } else if (offset < 0x400) {
+ /* Interrupt Active. */
+ goto bad_reg;
+ } else if (offset < 0x800) {
+ /* Interrupt Priority. */
+ irq = (offset - 0x400) + GIC_BASE_IRQ;
+ if (irq >= s->num_irq)
+ goto bad_reg;
+ if (irq < GIC_INTERNAL) {
+ s->priority1[irq][cpu] = value;
+ } else {
+ s->priority2[irq - GIC_INTERNAL] = value;
+ }
+ } else if (offset < 0xc00) {
+ /* Interrupt CPU Target. RAZ/WI on uniprocessor GICs, with the
+ * annoying exception of the 11MPCore's GIC.
+ */
+ if (s->num_cpu != 1 || s->revision == REV_11MPCORE) {
+ irq = (offset - 0x800) + GIC_BASE_IRQ;
+ if (irq >= s->num_irq) {
+ goto bad_reg;
+ }
+ if (irq < 29) {
+ value = 0;
+ } else if (irq < GIC_INTERNAL) {
+ value = ALL_CPU_MASK;
+ }
+ s->irq_target[irq] = value & ALL_CPU_MASK;
+ }
+ } else if (offset < 0xf00) {
+ /* Interrupt Configuration. */
+ irq = (offset - 0xc00) * 4 + GIC_BASE_IRQ;
+ if (irq >= s->num_irq)
+ goto bad_reg;
+ if (irq < GIC_INTERNAL)
+ value |= 0xaa;
+ for (i = 0; i < 4; i++) {
+ if (value & (1 << (i * 2))) {
+ GIC_SET_MODEL(irq + i);
+ } else {
+ GIC_CLEAR_MODEL(irq + i);
+ }
+ if (value & (2 << (i * 2))) {
+ GIC_SET_TRIGGER(irq + i);
+ } else {
+ GIC_CLEAR_TRIGGER(irq + i);
+ }
+ }
+ } else {
+ /* 0xf00 is only handled for 32-bit writes. */
+ goto bad_reg;
+ }
+ gic_update(s);
+ return;
+bad_reg:
+ qemu_log_mask(LOG_GUEST_ERROR,
+ "gic_dist_writeb: Bad offset %x\n", (int)offset);
+}
+
+static void gic_dist_writew(void *opaque, hwaddr offset,
+ uint32_t value)
+{
+ gic_dist_writeb(opaque, offset, value & 0xff);
+ gic_dist_writeb(opaque, offset + 1, value >> 8);
+}
+
+static void gic_dist_writel(void *opaque, hwaddr offset,
+ uint32_t value)
+{
+ GICState *s = (GICState *)opaque;
+ if (offset == 0xf00) {
+ int cpu;
+ int irq;
+ int mask;
+
+ cpu = gic_get_current_cpu(s);
+ irq = value & 0x3ff;
+ switch ((value >> 24) & 3) {
+ case 0:
+ mask = (value >> 16) & ALL_CPU_MASK;
+ break;
+ case 1:
+ mask = ALL_CPU_MASK ^ (1 << cpu);
+ break;
+ case 2:
+ mask = 1 << cpu;
+ break;
+ default:
+ DPRINTF("Bad Soft Int target filter\n");
+ mask = ALL_CPU_MASK;
+ break;
+ }
+ GIC_SET_PENDING(irq, mask);
+ gic_update(s);
+ return;
+ }
+ gic_dist_writew(opaque, offset, value & 0xffff);
+ gic_dist_writew(opaque, offset + 2, value >> 16);
+}
+
+static const MemoryRegionOps gic_dist_ops = {
+ .old_mmio = {
+ .read = { gic_dist_readb, gic_dist_readw, gic_dist_readl, },
+ .write = { gic_dist_writeb, gic_dist_writew, gic_dist_writel, },
+ },
+ .endianness = DEVICE_NATIVE_ENDIAN,
+};
+
+static uint32_t gic_cpu_read(GICState *s, int cpu, int offset)
+{
+ switch (offset) {
+ case 0x00: /* Control */
+ return s->cpu_enabled[cpu];
+ case 0x04: /* Priority mask */
+ return s->priority_mask[cpu];
+ case 0x08: /* Binary Point */
+ /* ??? Not implemented. */
+ return 0;
+ case 0x0c: /* Acknowledge */
+ return gic_acknowledge_irq(s, cpu);
+ case 0x14: /* Running Priority */
+ return s->running_priority[cpu];
+ case 0x18: /* Highest Pending Interrupt */
+ return s->current_pending[cpu];
+ default:
+ qemu_log_mask(LOG_GUEST_ERROR,
+ "gic_cpu_read: Bad offset %x\n", (int)offset);
+ return 0;
+ }
+}
+
+static void gic_cpu_write(GICState *s, int cpu, int offset, uint32_t value)
+{
+ switch (offset) {
+ case 0x00: /* Control */
+ s->cpu_enabled[cpu] = (value & 1);
+ DPRINTF("CPU %d %sabled\n", cpu, s->cpu_enabled[cpu] ? "En" : "Dis");
+ break;
+ case 0x04: /* Priority mask */
+ s->priority_mask[cpu] = (value & 0xff);
+ break;
+ case 0x08: /* Binary Point */
+ /* ??? Not implemented. */
+ break;
+ case 0x10: /* End Of Interrupt */
+ return gic_complete_irq(s, cpu, value & 0x3ff);
+ default:
+ qemu_log_mask(LOG_GUEST_ERROR,
+ "gic_cpu_write: Bad offset %x\n", (int)offset);
+ return;
+ }
+ gic_update(s);
+}
+
+/* Wrappers to read/write the GIC CPU interface for the current CPU */
+static uint64_t gic_thiscpu_read(void *opaque, hwaddr addr,
+ unsigned size)
+{
+ GICState *s = (GICState *)opaque;
+ return gic_cpu_read(s, gic_get_current_cpu(s), addr);
+}
+
+static void gic_thiscpu_write(void *opaque, hwaddr addr,
+ uint64_t value, unsigned size)
+{
+ GICState *s = (GICState *)opaque;
+ gic_cpu_write(s, gic_get_current_cpu(s), addr, value);
+}
+
+/* Wrappers to read/write the GIC CPU interface for a specific CPU.
+ * These just decode the opaque pointer into GICState* + cpu id.
+ */
+static uint64_t gic_do_cpu_read(void *opaque, hwaddr addr,
+ unsigned size)
+{
+ GICState **backref = (GICState **)opaque;
+ GICState *s = *backref;
+ int id = (backref - s->backref);
+ return gic_cpu_read(s, id, addr);
+}
+
+static void gic_do_cpu_write(void *opaque, hwaddr addr,
+ uint64_t value, unsigned size)
+{
+ GICState **backref = (GICState **)opaque;
+ GICState *s = *backref;
+ int id = (backref - s->backref);
+ gic_cpu_write(s, id, addr, value);
+}
+
+static const MemoryRegionOps gic_thiscpu_ops = {
+ .read = gic_thiscpu_read,
+ .write = gic_thiscpu_write,
+ .endianness = DEVICE_NATIVE_ENDIAN,
+};
+
+static const MemoryRegionOps gic_cpu_ops = {
+ .read = gic_do_cpu_read,
+ .write = gic_do_cpu_write,
+ .endianness = DEVICE_NATIVE_ENDIAN,
+};
+
+void gic_init_irqs_and_distributor(GICState *s, int num_irq)
+{
+ SysBusDevice *sbd = SYS_BUS_DEVICE(s);
+ int i;
+
+ i = s->num_irq - GIC_INTERNAL;
+ /* For the GIC, also expose incoming GPIO lines for PPIs for each CPU.
+ * GPIO array layout is thus:
+ * [0..N-1] SPIs
+ * [N..N+31] PPIs for CPU 0
+ * [N+32..N+63] PPIs for CPU 1
+ * ...
+ */
+ if (s->revision != REV_NVIC) {
+ i += (GIC_INTERNAL * s->num_cpu);
+ }
+ qdev_init_gpio_in(DEVICE(s), gic_set_irq, i);
+ for (i = 0; i < NUM_CPU(s); i++) {
+ sysbus_init_irq(sbd, &s->parent_irq[i]);
+ }
+ memory_region_init_io(&s->iomem, OBJECT(s), &gic_dist_ops, s,
+ "gic_dist", 0x1000);
+}
+
+static void arm_gic_realize(DeviceState *dev, Error **errp)
+{
+ /* Device instance realize function for the GIC sysbus device */
+ int i;
+ GICState *s = ARM_GIC(dev);
+ SysBusDevice *sbd = SYS_BUS_DEVICE(dev);
+ ARMGICClass *agc = ARM_GIC_GET_CLASS(s);
+
+ agc->parent_realize(dev, errp);
+ if (error_is_set(errp)) {
+ return;
+ }
+
+ gic_init_irqs_and_distributor(s, s->num_irq);
+
+ /* Memory regions for the CPU interfaces (NVIC doesn't have these):
+ * a region for "CPU interface for this core", then a region for
+ * "CPU interface for core 0", "for core 1", ...
+ * NB that the memory region size of 0x100 applies for the 11MPCore
+ * and also cores following the GIC v1 spec (ie A9).
+ * GIC v2 defines a larger memory region (0x1000) so this will need
+ * to be extended when we implement A15.
+ */
+ memory_region_init_io(&s->cpuiomem[0], OBJECT(s), &gic_thiscpu_ops, s,
+ "gic_cpu", 0x100);
+ for (i = 0; i < NUM_CPU(s); i++) {
+ s->backref[i] = s;
+ memory_region_init_io(&s->cpuiomem[i+1], OBJECT(s), &gic_cpu_ops,
+ &s->backref[i], "gic_cpu", 0x100);
+ }
+ /* Distributor */
+ sysbus_init_mmio(sbd, &s->iomem);
+ /* cpu interfaces (one for "current cpu" plus one per cpu) */
+ for (i = 0; i <= NUM_CPU(s); i++) {
+ sysbus_init_mmio(sbd, &s->cpuiomem[i]);
+ }
+}
+
+static void arm_gic_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ ARMGICClass *agc = ARM_GIC_CLASS(klass);
+
+ dc->no_user = 1;
+ agc->parent_realize = dc->realize;
+ dc->realize = arm_gic_realize;
+}
+
+static const TypeInfo arm_gic_info = {
+ .name = TYPE_ARM_GIC,
+ .parent = TYPE_ARM_GIC_COMMON,
+ .instance_size = sizeof(GICState),
+ .class_init = arm_gic_class_init,
+ .class_size = sizeof(ARMGICClass),
+};
+
+static void arm_gic_register_types(void)
+{
+ type_register_static(&arm_gic_info);
+}
+
+type_init(arm_gic_register_types)
diff --git a/hw/intc/arm_gic_common.c b/hw/intc/arm_gic_common.c
new file mode 100644
index 000000000..709b5c298
--- /dev/null
+++ b/hw/intc/arm_gic_common.c
@@ -0,0 +1,176 @@
+/*
+ * ARM GIC support - common bits of emulated and KVM kernel model
+ *
+ * Copyright (c) 2012 Linaro Limited
+ * Written by Peter Maydell
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "gic_internal.h"
+
+static void gic_pre_save(void *opaque)
+{
+ GICState *s = (GICState *)opaque;
+ ARMGICCommonClass *c = ARM_GIC_COMMON_GET_CLASS(s);
+
+ if (c->pre_save) {
+ c->pre_save(s);
+ }
+}
+
+static int gic_post_load(void *opaque, int version_id)
+{
+ GICState *s = (GICState *)opaque;
+ ARMGICCommonClass *c = ARM_GIC_COMMON_GET_CLASS(s);
+
+ if (c->post_load) {
+ c->post_load(s);
+ }
+ return 0;
+}
+
+static const VMStateDescription vmstate_gic_irq_state = {
+ .name = "arm_gic_irq_state",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .fields = (VMStateField[]) {
+ VMSTATE_UINT8(enabled, gic_irq_state),
+ VMSTATE_UINT8(pending, gic_irq_state),
+ VMSTATE_UINT8(active, gic_irq_state),
+ VMSTATE_UINT8(level, gic_irq_state),
+ VMSTATE_BOOL(model, gic_irq_state),
+ VMSTATE_BOOL(trigger, gic_irq_state),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+static const VMStateDescription vmstate_gic = {
+ .name = "arm_gic",
+ .version_id = 4,
+ .minimum_version_id = 4,
+ .pre_save = gic_pre_save,
+ .post_load = gic_post_load,
+ .fields = (VMStateField[]) {
+ VMSTATE_BOOL(enabled, GICState),
+ VMSTATE_BOOL_ARRAY(cpu_enabled, GICState, NCPU),
+ VMSTATE_STRUCT_ARRAY(irq_state, GICState, GIC_MAXIRQ, 1,
+ vmstate_gic_irq_state, gic_irq_state),
+ VMSTATE_UINT8_ARRAY(irq_target, GICState, GIC_MAXIRQ),
+ VMSTATE_UINT8_2DARRAY(priority1, GICState, GIC_INTERNAL, NCPU),
+ VMSTATE_UINT8_ARRAY(priority2, GICState, GIC_MAXIRQ - GIC_INTERNAL),
+ VMSTATE_UINT16_2DARRAY(last_active, GICState, GIC_MAXIRQ, NCPU),
+ VMSTATE_UINT16_ARRAY(priority_mask, GICState, NCPU),
+ VMSTATE_UINT16_ARRAY(running_irq, GICState, NCPU),
+ VMSTATE_UINT16_ARRAY(running_priority, GICState, NCPU),
+ VMSTATE_UINT16_ARRAY(current_pending, GICState, NCPU),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+static void arm_gic_common_realize(DeviceState *dev, Error **errp)
+{
+ GICState *s = ARM_GIC_COMMON(dev);
+ int num_irq = s->num_irq;
+
+ if (s->num_cpu > NCPU) {
+ error_setg(errp, "requested %u CPUs exceeds GIC maximum %d",
+ s->num_cpu, NCPU);
+ return;
+ }
+ s->num_irq += GIC_BASE_IRQ;
+ if (s->num_irq > GIC_MAXIRQ) {
+ error_setg(errp,
+ "requested %u interrupt lines exceeds GIC maximum %d",
+ num_irq, GIC_MAXIRQ);
+ return;
+ }
+ /* ITLinesNumber is represented as (N / 32) - 1 (see
+ * gic_dist_readb) so this is an implementation imposed
+ * restriction, not an architectural one:
+ */
+ if (s->num_irq < 32 || (s->num_irq % 32)) {
+ error_setg(errp,
+ "%d interrupt lines unsupported: not divisible by 32",
+ num_irq);
+ return;
+ }
+}
+
+static void arm_gic_common_reset(DeviceState *dev)
+{
+ GICState *s = ARM_GIC_COMMON(dev);
+ int i;
+ memset(s->irq_state, 0, GIC_MAXIRQ * sizeof(gic_irq_state));
+ for (i = 0 ; i < s->num_cpu; i++) {
+ if (s->revision == REV_11MPCORE) {
+ s->priority_mask[i] = 0xf0;
+ } else {
+ s->priority_mask[i] = 0;
+ }
+ s->current_pending[i] = 1023;
+ s->running_irq[i] = 1023;
+ s->running_priority[i] = 0x100;
+ s->cpu_enabled[i] = false;
+ }
+ for (i = 0; i < 16; i++) {
+ GIC_SET_ENABLED(i, ALL_CPU_MASK);
+ GIC_SET_TRIGGER(i);
+ }
+ if (s->num_cpu == 1) {
+ /* For uniprocessor GICs all interrupts always target the sole CPU */
+ for (i = 0; i < GIC_MAXIRQ; i++) {
+ s->irq_target[i] = 1;
+ }
+ }
+ s->enabled = false;
+}
+
+static Property arm_gic_common_properties[] = {
+ DEFINE_PROP_UINT32("num-cpu", GICState, num_cpu, 1),
+ DEFINE_PROP_UINT32("num-irq", GICState, num_irq, 32),
+ /* Revision can be 1 or 2 for GIC architecture specification
+ * versions 1 or 2, or 0 to indicate the legacy 11MPCore GIC.
+ * (Internally, 0xffffffff also indicates "not a GIC but an NVIC".)
+ */
+ DEFINE_PROP_UINT32("revision", GICState, revision, 1),
+ DEFINE_PROP_END_OF_LIST(),
+};
+
+static void arm_gic_common_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+
+ dc->reset = arm_gic_common_reset;
+ dc->realize = arm_gic_common_realize;
+ dc->props = arm_gic_common_properties;
+ dc->vmsd = &vmstate_gic;
+ dc->no_user = 1;
+}
+
+static const TypeInfo arm_gic_common_type = {
+ .name = TYPE_ARM_GIC_COMMON,
+ .parent = TYPE_SYS_BUS_DEVICE,
+ .instance_size = sizeof(GICState),
+ .class_size = sizeof(ARMGICCommonClass),
+ .class_init = arm_gic_common_class_init,
+ .abstract = true,
+};
+
+static void register_types(void)
+{
+ type_register_static(&arm_gic_common_type);
+}
+
+type_init(register_types)
diff --git a/hw/intc/arm_gic_kvm.c b/hw/intc/arm_gic_kvm.c
new file mode 100644
index 000000000..f71397542
--- /dev/null
+++ b/hw/intc/arm_gic_kvm.c
@@ -0,0 +1,169 @@
+/*
+ * ARM Generic Interrupt Controller using KVM in-kernel support
+ *
+ * Copyright (c) 2012 Linaro Limited
+ * Written by Peter Maydell
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "hw/sysbus.h"
+#include "sysemu/kvm.h"
+#include "kvm_arm.h"
+#include "gic_internal.h"
+
+#define TYPE_KVM_ARM_GIC "kvm-arm-gic"
+#define KVM_ARM_GIC(obj) \
+ OBJECT_CHECK(GICState, (obj), TYPE_KVM_ARM_GIC)
+#define KVM_ARM_GIC_CLASS(klass) \
+ OBJECT_CLASS_CHECK(KVMARMGICClass, (klass), TYPE_KVM_ARM_GIC)
+#define KVM_ARM_GIC_GET_CLASS(obj) \
+ OBJECT_GET_CLASS(KVMARMGICClass, (obj), TYPE_KVM_ARM_GIC)
+
+typedef struct KVMARMGICClass {
+ ARMGICCommonClass parent_class;
+ DeviceRealize parent_realize;
+ void (*parent_reset)(DeviceState *dev);
+} KVMARMGICClass;
+
+static void kvm_arm_gic_set_irq(void *opaque, int irq, int level)
+{
+ /* Meaning of the 'irq' parameter:
+ * [0..N-1] : external interrupts
+ * [N..N+31] : PPI (internal) interrupts for CPU 0
+ * [N+32..N+63] : PPI (internal interrupts for CPU 1
+ * ...
+ * Convert this to the kernel's desired encoding, which
+ * has separate fields in the irq number for type,
+ * CPU number and interrupt number.
+ */
+ GICState *s = (GICState *)opaque;
+ int kvm_irq, irqtype, cpu;
+
+ if (irq < (s->num_irq - GIC_INTERNAL)) {
+ /* External interrupt. The kernel numbers these like the GIC
+ * hardware, with external interrupt IDs starting after the
+ * internal ones.
+ */
+ irqtype = KVM_ARM_IRQ_TYPE_SPI;
+ cpu = 0;
+ irq += GIC_INTERNAL;
+ } else {
+ /* Internal interrupt: decode into (cpu, interrupt id) */
+ irqtype = KVM_ARM_IRQ_TYPE_PPI;
+ irq -= (s->num_irq - GIC_INTERNAL);
+ cpu = irq / GIC_INTERNAL;
+ irq %= GIC_INTERNAL;
+ }
+ kvm_irq = (irqtype << KVM_ARM_IRQ_TYPE_SHIFT)
+ | (cpu << KVM_ARM_IRQ_VCPU_SHIFT) | irq;
+
+ kvm_set_irq(kvm_state, kvm_irq, !!level);
+}
+
+static void kvm_arm_gic_put(GICState *s)
+{
+ /* TODO: there isn't currently a kernel interface to set the GIC state */
+}
+
+static void kvm_arm_gic_get(GICState *s)
+{
+ /* TODO: there isn't currently a kernel interface to get the GIC state */
+}
+
+static void kvm_arm_gic_reset(DeviceState *dev)
+{
+ GICState *s = ARM_GIC_COMMON(dev);
+ KVMARMGICClass *kgc = KVM_ARM_GIC_GET_CLASS(s);
+
+ kgc->parent_reset(dev);
+ kvm_arm_gic_put(s);
+}
+
+static void kvm_arm_gic_realize(DeviceState *dev, Error **errp)
+{
+ int i;
+ GICState *s = KVM_ARM_GIC(dev);
+ SysBusDevice *sbd = SYS_BUS_DEVICE(dev);
+ KVMARMGICClass *kgc = KVM_ARM_GIC_GET_CLASS(s);
+
+ kgc->parent_realize(dev, errp);
+ if (error_is_set(errp)) {
+ return;
+ }
+
+ i = s->num_irq - GIC_INTERNAL;
+ /* For the GIC, also expose incoming GPIO lines for PPIs for each CPU.
+ * GPIO array layout is thus:
+ * [0..N-1] SPIs
+ * [N..N+31] PPIs for CPU 0
+ * [N+32..N+63] PPIs for CPU 1
+ * ...
+ */
+ i += (GIC_INTERNAL * s->num_cpu);
+ qdev_init_gpio_in(dev, kvm_arm_gic_set_irq, i);
+ /* We never use our outbound IRQ lines but provide them so that
+ * we maintain the same interface as the non-KVM GIC.
+ */
+ for (i = 0; i < s->num_cpu; i++) {
+ sysbus_init_irq(sbd, &s->parent_irq[i]);
+ }
+ /* Distributor */
+ memory_region_init_reservation(&s->iomem, OBJECT(s),
+ "kvm-gic_dist", 0x1000);
+ sysbus_init_mmio(sbd, &s->iomem);
+ kvm_arm_register_device(&s->iomem,
+ (KVM_ARM_DEVICE_VGIC_V2 << KVM_ARM_DEVICE_ID_SHIFT)
+ | KVM_VGIC_V2_ADDR_TYPE_DIST);
+ /* CPU interface for current core. Unlike arm_gic, we don't
+ * provide the "interface for core #N" memory regions, because
+ * cores with a VGIC don't have those.
+ */
+ memory_region_init_reservation(&s->cpuiomem[0], OBJECT(s),
+ "kvm-gic_cpu", 0x1000);
+ sysbus_init_mmio(sbd, &s->cpuiomem[0]);
+ kvm_arm_register_device(&s->cpuiomem[0],
+ (KVM_ARM_DEVICE_VGIC_V2 << KVM_ARM_DEVICE_ID_SHIFT)
+ | KVM_VGIC_V2_ADDR_TYPE_CPU);
+}
+
+static void kvm_arm_gic_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ ARMGICCommonClass *agcc = ARM_GIC_COMMON_CLASS(klass);
+ KVMARMGICClass *kgc = KVM_ARM_GIC_CLASS(klass);
+
+ agcc->pre_save = kvm_arm_gic_get;
+ agcc->post_load = kvm_arm_gic_put;
+ kgc->parent_realize = dc->realize;
+ kgc->parent_reset = dc->reset;
+ dc->realize = kvm_arm_gic_realize;
+ dc->reset = kvm_arm_gic_reset;
+ dc->no_user = 1;
+}
+
+static const TypeInfo kvm_arm_gic_info = {
+ .name = TYPE_KVM_ARM_GIC,
+ .parent = TYPE_ARM_GIC_COMMON,
+ .instance_size = sizeof(GICState),
+ .class_init = kvm_arm_gic_class_init,
+ .class_size = sizeof(KVMARMGICClass),
+};
+
+static void kvm_arm_gic_register_types(void)
+{
+ type_register_static(&kvm_arm_gic_info);
+}
+
+type_init(kvm_arm_gic_register_types)
diff --git a/hw/intc/armv7m_nvic.c b/hw/intc/armv7m_nvic.c
new file mode 100644
index 000000000..178344b5a
--- /dev/null
+++ b/hw/intc/armv7m_nvic.c
@@ -0,0 +1,559 @@
+/*
+ * ARM Nested Vectored Interrupt Controller
+ *
+ * Copyright (c) 2006-2007 CodeSourcery.
+ * Written by Paul Brook
+ *
+ * This code is licensed under the GPL.
+ *
+ * The ARMv7M System controller is fairly tightly tied in with the
+ * NVIC. Much of that is also implemented here.
+ */
+
+#include "hw/sysbus.h"
+#include "qemu/timer.h"
+#include "hw/arm/arm.h"
+#include "exec/address-spaces.h"
+#include "gic_internal.h"
+
+typedef struct {
+ GICState gic;
+ struct {
+ uint32_t control;
+ uint32_t reload;
+ int64_t tick;
+ QEMUTimer *timer;
+ } systick;
+ MemoryRegion sysregmem;
+ MemoryRegion gic_iomem_alias;
+ MemoryRegion container;
+ uint32_t num_irq;
+} nvic_state;
+
+#define TYPE_NVIC "armv7m_nvic"
+/**
+ * NVICClass:
+ * @parent_reset: the parent class' reset handler.
+ *
+ * A model of the v7M NVIC and System Controller
+ */
+typedef struct NVICClass {
+ /*< private >*/
+ ARMGICClass parent_class;
+ /*< public >*/
+ DeviceRealize parent_realize;
+ void (*parent_reset)(DeviceState *dev);
+} NVICClass;
+
+#define NVIC_CLASS(klass) \
+ OBJECT_CLASS_CHECK(NVICClass, (klass), TYPE_NVIC)
+#define NVIC_GET_CLASS(obj) \
+ OBJECT_GET_CLASS(NVICClass, (obj), TYPE_NVIC)
+#define NVIC(obj) \
+ OBJECT_CHECK(nvic_state, (obj), TYPE_NVIC)
+
+static const uint8_t nvic_id[] = {
+ 0x00, 0xb0, 0x1b, 0x00, 0x0d, 0xe0, 0x05, 0xb1
+};
+
+/* qemu timers run at 1GHz. We want something closer to 1MHz. */
+#define SYSTICK_SCALE 1000ULL
+
+#define SYSTICK_ENABLE (1 << 0)
+#define SYSTICK_TICKINT (1 << 1)
+#define SYSTICK_CLKSOURCE (1 << 2)
+#define SYSTICK_COUNTFLAG (1 << 16)
+
+int system_clock_scale;
+
+/* Conversion factor from qemu timer to SysTick frequencies. */
+static inline int64_t systick_scale(nvic_state *s)
+{
+ if (s->systick.control & SYSTICK_CLKSOURCE)
+ return system_clock_scale;
+ else
+ return 1000;
+}
+
+static void systick_reload(nvic_state *s, int reset)
+{
+ if (reset)
+ s->systick.tick = qemu_get_clock_ns(vm_clock);
+ s->systick.tick += (s->systick.reload + 1) * systick_scale(s);
+ qemu_mod_timer(s->systick.timer, s->systick.tick);
+}
+
+static void systick_timer_tick(void * opaque)
+{
+ nvic_state *s = (nvic_state *)opaque;
+ s->systick.control |= SYSTICK_COUNTFLAG;
+ if (s->systick.control & SYSTICK_TICKINT) {
+ /* Trigger the interrupt. */
+ armv7m_nvic_set_pending(s, ARMV7M_EXCP_SYSTICK);
+ }
+ if (s->systick.reload == 0) {
+ s->systick.control &= ~SYSTICK_ENABLE;
+ } else {
+ systick_reload(s, 0);
+ }
+}
+
+static void systick_reset(nvic_state *s)
+{
+ s->systick.control = 0;
+ s->systick.reload = 0;
+ s->systick.tick = 0;
+ qemu_del_timer(s->systick.timer);
+}
+
+/* The external routines use the hardware vector numbering, ie. the first
+ IRQ is #16. The internal GIC routines use #32 as the first IRQ. */
+void armv7m_nvic_set_pending(void *opaque, int irq)
+{
+ nvic_state *s = (nvic_state *)opaque;
+ if (irq >= 16)
+ irq += 16;
+ gic_set_pending_private(&s->gic, 0, irq);
+}
+
+/* Make pending IRQ active. */
+int armv7m_nvic_acknowledge_irq(void *opaque)
+{
+ nvic_state *s = (nvic_state *)opaque;
+ uint32_t irq;
+
+ irq = gic_acknowledge_irq(&s->gic, 0);
+ if (irq == 1023)
+ hw_error("Interrupt but no vector\n");
+ if (irq >= 32)
+ irq -= 16;
+ return irq;
+}
+
+void armv7m_nvic_complete_irq(void *opaque, int irq)
+{
+ nvic_state *s = (nvic_state *)opaque;
+ if (irq >= 16)
+ irq += 16;
+ gic_complete_irq(&s->gic, 0, irq);
+}
+
+static uint32_t nvic_readl(nvic_state *s, uint32_t offset)
+{
+ ARMCPU *cpu;
+ uint32_t val;
+ int irq;
+
+ switch (offset) {
+ case 4: /* Interrupt Control Type. */
+ return (s->num_irq / 32) - 1;
+ case 0x10: /* SysTick Control and Status. */
+ val = s->systick.control;
+ s->systick.control &= ~SYSTICK_COUNTFLAG;
+ return val;
+ case 0x14: /* SysTick Reload Value. */
+ return s->systick.reload;
+ case 0x18: /* SysTick Current Value. */
+ {
+ int64_t t;
+ if ((s->systick.control & SYSTICK_ENABLE) == 0)
+ return 0;
+ t = qemu_get_clock_ns(vm_clock);
+ if (t >= s->systick.tick)
+ return 0;
+ val = ((s->systick.tick - (t + 1)) / systick_scale(s)) + 1;
+ /* The interrupt in triggered when the timer reaches zero.
+ However the counter is not reloaded until the next clock
+ tick. This is a hack to return zero during the first tick. */
+ if (val > s->systick.reload)
+ val = 0;
+ return val;
+ }
+ case 0x1c: /* SysTick Calibration Value. */
+ return 10000;
+ case 0xd00: /* CPUID Base. */
+ cpu = ARM_CPU(current_cpu);
+ return cpu->env.cp15.c0_cpuid;
+ case 0xd04: /* Interrupt Control State. */
+ /* VECTACTIVE */
+ val = s->gic.running_irq[0];
+ if (val == 1023) {
+ val = 0;
+ } else if (val >= 32) {
+ val -= 16;
+ }
+ /* RETTOBASE */
+ if (s->gic.running_irq[0] == 1023
+ || s->gic.last_active[s->gic.running_irq[0]][0] == 1023) {
+ val |= (1 << 11);
+ }
+ /* VECTPENDING */
+ if (s->gic.current_pending[0] != 1023)
+ val |= (s->gic.current_pending[0] << 12);
+ /* ISRPENDING */
+ for (irq = 32; irq < s->num_irq; irq++) {
+ if (s->gic.irq_state[irq].pending) {
+ val |= (1 << 22);
+ break;
+ }
+ }
+ /* PENDSTSET */
+ if (s->gic.irq_state[ARMV7M_EXCP_SYSTICK].pending)
+ val |= (1 << 26);
+ /* PENDSVSET */
+ if (s->gic.irq_state[ARMV7M_EXCP_PENDSV].pending)
+ val |= (1 << 28);
+ /* NMIPENDSET */
+ if (s->gic.irq_state[ARMV7M_EXCP_NMI].pending)
+ val |= (1 << 31);
+ return val;
+ case 0xd08: /* Vector Table Offset. */
+ cpu = ARM_CPU(current_cpu);
+ return cpu->env.v7m.vecbase;
+ case 0xd0c: /* Application Interrupt/Reset Control. */
+ return 0xfa05000;
+ case 0xd10: /* System Control. */
+ /* TODO: Implement SLEEPONEXIT. */
+ return 0;
+ case 0xd14: /* Configuration Control. */
+ /* TODO: Implement Configuration Control bits. */
+ return 0;
+ case 0xd24: /* System Handler Status. */
+ val = 0;
+ if (s->gic.irq_state[ARMV7M_EXCP_MEM].active) val |= (1 << 0);
+ if (s->gic.irq_state[ARMV7M_EXCP_BUS].active) val |= (1 << 1);
+ if (s->gic.irq_state[ARMV7M_EXCP_USAGE].active) val |= (1 << 3);
+ if (s->gic.irq_state[ARMV7M_EXCP_SVC].active) val |= (1 << 7);
+ if (s->gic.irq_state[ARMV7M_EXCP_DEBUG].active) val |= (1 << 8);
+ if (s->gic.irq_state[ARMV7M_EXCP_PENDSV].active) val |= (1 << 10);
+ if (s->gic.irq_state[ARMV7M_EXCP_SYSTICK].active) val |= (1 << 11);
+ if (s->gic.irq_state[ARMV7M_EXCP_USAGE].pending) val |= (1 << 12);
+ if (s->gic.irq_state[ARMV7M_EXCP_MEM].pending) val |= (1 << 13);
+ if (s->gic.irq_state[ARMV7M_EXCP_BUS].pending) val |= (1 << 14);
+ if (s->gic.irq_state[ARMV7M_EXCP_SVC].pending) val |= (1 << 15);
+ if (s->gic.irq_state[ARMV7M_EXCP_MEM].enabled) val |= (1 << 16);
+ if (s->gic.irq_state[ARMV7M_EXCP_BUS].enabled) val |= (1 << 17);
+ if (s->gic.irq_state[ARMV7M_EXCP_USAGE].enabled) val |= (1 << 18);
+ return val;
+ case 0xd28: /* Configurable Fault Status. */
+ /* TODO: Implement Fault Status. */
+ qemu_log_mask(LOG_UNIMP, "Configurable Fault Status unimplemented\n");
+ return 0;
+ case 0xd2c: /* Hard Fault Status. */
+ case 0xd30: /* Debug Fault Status. */
+ case 0xd34: /* Mem Manage Address. */
+ case 0xd38: /* Bus Fault Address. */
+ case 0xd3c: /* Aux Fault Status. */
+ /* TODO: Implement fault status registers. */
+ qemu_log_mask(LOG_UNIMP, "Fault status registers unimplemented\n");
+ return 0;
+ case 0xd40: /* PFR0. */
+ return 0x00000030;
+ case 0xd44: /* PRF1. */
+ return 0x00000200;
+ case 0xd48: /* DFR0. */
+ return 0x00100000;
+ case 0xd4c: /* AFR0. */
+ return 0x00000000;
+ case 0xd50: /* MMFR0. */
+ return 0x00000030;
+ case 0xd54: /* MMFR1. */
+ return 0x00000000;
+ case 0xd58: /* MMFR2. */
+ return 0x00000000;
+ case 0xd5c: /* MMFR3. */
+ return 0x00000000;
+ case 0xd60: /* ISAR0. */
+ return 0x01141110;
+ case 0xd64: /* ISAR1. */
+ return 0x02111000;
+ case 0xd68: /* ISAR2. */
+ return 0x21112231;
+ case 0xd6c: /* ISAR3. */
+ return 0x01111110;
+ case 0xd70: /* ISAR4. */
+ return 0x01310102;
+ /* TODO: Implement debug registers. */
+ default:
+ qemu_log_mask(LOG_GUEST_ERROR, "NVIC: Bad read offset 0x%x\n", offset);
+ return 0;
+ }
+}
+
+static void nvic_writel(nvic_state *s, uint32_t offset, uint32_t value)
+{
+ ARMCPU *cpu;
+ uint32_t oldval;
+ switch (offset) {
+ case 0x10: /* SysTick Control and Status. */
+ oldval = s->systick.control;
+ s->systick.control &= 0xfffffff8;
+ s->systick.control |= value & 7;
+ if ((oldval ^ value) & SYSTICK_ENABLE) {
+ int64_t now = qemu_get_clock_ns(vm_clock);
+ if (value & SYSTICK_ENABLE) {
+ if (s->systick.tick) {
+ s->systick.tick += now;
+ qemu_mod_timer(s->systick.timer, s->systick.tick);
+ } else {
+ systick_reload(s, 1);
+ }
+ } else {
+ qemu_del_timer(s->systick.timer);
+ s->systick.tick -= now;
+ if (s->systick.tick < 0)
+ s->systick.tick = 0;
+ }
+ } else if ((oldval ^ value) & SYSTICK_CLKSOURCE) {
+ /* This is a hack. Force the timer to be reloaded
+ when the reference clock is changed. */
+ systick_reload(s, 1);
+ }
+ break;
+ case 0x14: /* SysTick Reload Value. */
+ s->systick.reload = value;
+ break;
+ case 0x18: /* SysTick Current Value. Writes reload the timer. */
+ systick_reload(s, 1);
+ s->systick.control &= ~SYSTICK_COUNTFLAG;
+ break;
+ case 0xd04: /* Interrupt Control State. */
+ if (value & (1 << 31)) {
+ armv7m_nvic_set_pending(s, ARMV7M_EXCP_NMI);
+ }
+ if (value & (1 << 28)) {
+ armv7m_nvic_set_pending(s, ARMV7M_EXCP_PENDSV);
+ } else if (value & (1 << 27)) {
+ s->gic.irq_state[ARMV7M_EXCP_PENDSV].pending = 0;
+ gic_update(&s->gic);
+ }
+ if (value & (1 << 26)) {
+ armv7m_nvic_set_pending(s, ARMV7M_EXCP_SYSTICK);
+ } else if (value & (1 << 25)) {
+ s->gic.irq_state[ARMV7M_EXCP_SYSTICK].pending = 0;
+ gic_update(&s->gic);
+ }
+ break;
+ case 0xd08: /* Vector Table Offset. */
+ cpu = ARM_CPU(current_cpu);
+ cpu->env.v7m.vecbase = value & 0xffffff80;
+ break;
+ case 0xd0c: /* Application Interrupt/Reset Control. */
+ if ((value >> 16) == 0x05fa) {
+ if (value & 2) {
+ qemu_log_mask(LOG_UNIMP, "VECTCLRACTIVE unimplemented\n");
+ }
+ if (value & 5) {
+ qemu_log_mask(LOG_UNIMP, "AIRCR system reset unimplemented\n");
+ }
+ }
+ break;
+ case 0xd10: /* System Control. */
+ case 0xd14: /* Configuration Control. */
+ /* TODO: Implement control registers. */
+ qemu_log_mask(LOG_UNIMP, "NVIC: SCR and CCR unimplemented\n");
+ break;
+ case 0xd24: /* System Handler Control. */
+ /* TODO: Real hardware allows you to set/clear the active bits
+ under some circumstances. We don't implement this. */
+ s->gic.irq_state[ARMV7M_EXCP_MEM].enabled = (value & (1 << 16)) != 0;
+ s->gic.irq_state[ARMV7M_EXCP_BUS].enabled = (value & (1 << 17)) != 0;
+ s->gic.irq_state[ARMV7M_EXCP_USAGE].enabled = (value & (1 << 18)) != 0;
+ break;
+ case 0xd28: /* Configurable Fault Status. */
+ case 0xd2c: /* Hard Fault Status. */
+ case 0xd30: /* Debug Fault Status. */
+ case 0xd34: /* Mem Manage Address. */
+ case 0xd38: /* Bus Fault Address. */
+ case 0xd3c: /* Aux Fault Status. */
+ qemu_log_mask(LOG_UNIMP,
+ "NVIC: fault status registers unimplemented\n");
+ break;
+ case 0xf00: /* Software Triggered Interrupt Register */
+ if ((value & 0x1ff) < s->num_irq) {
+ gic_set_pending_private(&s->gic, 0, value & 0x1ff);
+ }
+ break;
+ default:
+ qemu_log_mask(LOG_GUEST_ERROR,
+ "NVIC: Bad write offset 0x%x\n", offset);
+ }
+}
+
+static uint64_t nvic_sysreg_read(void *opaque, hwaddr addr,
+ unsigned size)
+{
+ nvic_state *s = (nvic_state *)opaque;
+ uint32_t offset = addr;
+ int i;
+ uint32_t val;
+
+ switch (offset) {
+ case 0xd18 ... 0xd23: /* System Handler Priority. */
+ val = 0;
+ for (i = 0; i < size; i++) {
+ val |= s->gic.priority1[(offset - 0xd14) + i][0] << (i * 8);
+ }
+ return val;
+ case 0xfe0 ... 0xfff: /* ID. */
+ if (offset & 3) {
+ return 0;
+ }
+ return nvic_id[(offset - 0xfe0) >> 2];
+ }
+ if (size == 4) {
+ return nvic_readl(s, offset);
+ }
+ qemu_log_mask(LOG_GUEST_ERROR,
+ "NVIC: Bad read of size %d at offset 0x%x\n", size, offset);
+ return 0;
+}
+
+static void nvic_sysreg_write(void *opaque, hwaddr addr,
+ uint64_t value, unsigned size)
+{
+ nvic_state *s = (nvic_state *)opaque;
+ uint32_t offset = addr;
+ int i;
+
+ switch (offset) {
+ case 0xd18 ... 0xd23: /* System Handler Priority. */
+ for (i = 0; i < size; i++) {
+ s->gic.priority1[(offset - 0xd14) + i][0] =
+ (value >> (i * 8)) & 0xff;
+ }
+ gic_update(&s->gic);
+ return;
+ }
+ if (size == 4) {
+ nvic_writel(s, offset, value);
+ return;
+ }
+ qemu_log_mask(LOG_GUEST_ERROR,
+ "NVIC: Bad write of size %d at offset 0x%x\n", size, offset);
+}
+
+static const MemoryRegionOps nvic_sysreg_ops = {
+ .read = nvic_sysreg_read,
+ .write = nvic_sysreg_write,
+ .endianness = DEVICE_NATIVE_ENDIAN,
+};
+
+static const VMStateDescription vmstate_nvic = {
+ .name = "armv7m_nvic",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .minimum_version_id_old = 1,
+ .fields = (VMStateField[]) {
+ VMSTATE_UINT32(systick.control, nvic_state),
+ VMSTATE_UINT32(systick.reload, nvic_state),
+ VMSTATE_INT64(systick.tick, nvic_state),
+ VMSTATE_TIMER(systick.timer, nvic_state),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+static void armv7m_nvic_reset(DeviceState *dev)
+{
+ nvic_state *s = NVIC(dev);
+ NVICClass *nc = NVIC_GET_CLASS(s);
+ nc->parent_reset(dev);
+ /* Common GIC reset resets to disabled; the NVIC doesn't have
+ * per-CPU interfaces so mark our non-existent CPU interface
+ * as enabled by default, and with a priority mask which allows
+ * all interrupts through.
+ */
+ s->gic.cpu_enabled[0] = true;
+ s->gic.priority_mask[0] = 0x100;
+ /* The NVIC as a whole is always enabled. */
+ s->gic.enabled = true;
+ systick_reset(s);
+}
+
+static void armv7m_nvic_realize(DeviceState *dev, Error **errp)
+{
+ nvic_state *s = NVIC(dev);
+ NVICClass *nc = NVIC_GET_CLASS(s);
+
+ /* The NVIC always has only one CPU */
+ s->gic.num_cpu = 1;
+ /* Tell the common code we're an NVIC */
+ s->gic.revision = 0xffffffff;
+ s->num_irq = s->gic.num_irq;
+ nc->parent_realize(dev, errp);
+ if (error_is_set(errp)) {
+ return;
+ }
+ gic_init_irqs_and_distributor(&s->gic, s->num_irq);
+ /* The NVIC and system controller register area looks like this:
+ * 0..0xff : system control registers, including systick
+ * 0x100..0xcff : GIC-like registers
+ * 0xd00..0xfff : system control registers
+ * We use overlaying to put the GIC like registers
+ * over the top of the system control register region.
+ */
+ memory_region_init(&s->container, OBJECT(s), "nvic", 0x1000);
+ /* The system register region goes at the bottom of the priority
+ * stack as it covers the whole page.
+ */
+ memory_region_init_io(&s->sysregmem, OBJECT(s), &nvic_sysreg_ops, s,
+ "nvic_sysregs", 0x1000);
+ memory_region_add_subregion(&s->container, 0, &s->sysregmem);
+ /* Alias the GIC region so we can get only the section of it
+ * we need, and layer it on top of the system register region.
+ */
+ memory_region_init_alias(&s->gic_iomem_alias, OBJECT(s),
+ "nvic-gic", &s->gic.iomem,
+ 0x100, 0xc00);
+ memory_region_add_subregion_overlap(&s->container, 0x100,
+ &s->gic_iomem_alias, 1);
+ /* Map the whole thing into system memory at the location required
+ * by the v7M architecture.
+ */
+ memory_region_add_subregion(get_system_memory(), 0xe000e000, &s->container);
+ s->systick.timer = qemu_new_timer_ns(vm_clock, systick_timer_tick, s);
+}
+
+static void armv7m_nvic_instance_init(Object *obj)
+{
+ /* We have a different default value for the num-irq property
+ * than our superclass. This function runs after qdev init
+ * has set the defaults from the Property array and before
+ * any user-specified property setting, so just modify the
+ * value in the GICState struct.
+ */
+ GICState *s = ARM_GIC_COMMON(obj);
+ /* The ARM v7m may have anything from 0 to 496 external interrupt
+ * IRQ lines. We default to 64. Other boards may differ and should
+ * set the num-irq property appropriately.
+ */
+ s->num_irq = 64;
+}
+
+static void armv7m_nvic_class_init(ObjectClass *klass, void *data)
+{
+ NVICClass *nc = NVIC_CLASS(klass);
+ DeviceClass *dc = DEVICE_CLASS(klass);
+
+ nc->parent_reset = dc->reset;
+ nc->parent_realize = dc->realize;
+ dc->vmsd = &vmstate_nvic;
+ dc->reset = armv7m_nvic_reset;
+ dc->realize = armv7m_nvic_realize;
+}
+
+static const TypeInfo armv7m_nvic_info = {
+ .name = TYPE_NVIC,
+ .parent = TYPE_ARM_GIC_COMMON,
+ .instance_init = armv7m_nvic_instance_init,
+ .instance_size = sizeof(nvic_state),
+ .class_init = armv7m_nvic_class_init,
+ .class_size = sizeof(NVICClass),
+};
+
+static void armv7m_nvic_register_types(void)
+{
+ type_register_static(&armv7m_nvic_info);
+}
+
+type_init(armv7m_nvic_register_types)
diff --git a/hw/intc/etraxfs_pic.c b/hw/intc/etraxfs_pic.c
new file mode 100644
index 000000000..e02da533c
--- /dev/null
+++ b/hw/intc/etraxfs_pic.c
@@ -0,0 +1,187 @@
+/*
+ * QEMU ETRAX Interrupt Controller.
+ *
+ * Copyright (c) 2008 Edgar E. Iglesias, Axis Communications AB.
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+#include "hw/sysbus.h"
+#include "hw/hw.h"
+//#include "pc.h"
+//#include "etraxfs.h"
+
+#define D(x)
+
+#define R_RW_MASK 0
+#define R_R_VECT 1
+#define R_R_MASKED_VECT 2
+#define R_R_NMI 3
+#define R_R_GURU 4
+#define R_MAX 5
+
+#define TYPE_ETRAX_FS_PIC "etraxfs,pic"
+#define ETRAX_FS_PIC(obj) \
+ OBJECT_CHECK(struct etrax_pic, (obj), TYPE_ETRAX_FS_PIC)
+
+struct etrax_pic
+{
+ SysBusDevice parent_obj;
+
+ MemoryRegion mmio;
+ void *interrupt_vector;
+ qemu_irq parent_irq;
+ qemu_irq parent_nmi;
+ uint32_t regs[R_MAX];
+};
+
+static void pic_update(struct etrax_pic *fs)
+{
+ uint32_t vector = 0;
+ int i;
+
+ fs->regs[R_R_MASKED_VECT] = fs->regs[R_R_VECT] & fs->regs[R_RW_MASK];
+
+ /* The ETRAX interrupt controller signals interrupts to the core
+ through an interrupt request wire and an irq vector bus. If
+ multiple interrupts are simultaneously active it chooses vector
+ 0x30 and lets the sw choose the priorities. */
+ if (fs->regs[R_R_MASKED_VECT]) {
+ uint32_t mv = fs->regs[R_R_MASKED_VECT];
+ for (i = 0; i < 31; i++) {
+ if (mv & 1) {
+ vector = 0x31 + i;
+ /* Check for multiple interrupts. */
+ if (mv > 1)
+ vector = 0x30;
+ break;
+ }
+ mv >>= 1;
+ }
+ }
+
+ if (fs->interrupt_vector) {
+ /* hack alert: ptr property */
+ *(uint32_t*)(fs->interrupt_vector) = vector;
+ }
+ qemu_set_irq(fs->parent_irq, !!vector);
+}
+
+static uint64_t
+pic_read(void *opaque, hwaddr addr, unsigned int size)
+{
+ struct etrax_pic *fs = opaque;
+ uint32_t rval;
+
+ rval = fs->regs[addr >> 2];
+ D(printf("%s %x=%x\n", __func__, addr, rval));
+ return rval;
+}
+
+static void pic_write(void *opaque, hwaddr addr,
+ uint64_t value, unsigned int size)
+{
+ struct etrax_pic *fs = opaque;
+ D(printf("%s addr=%x val=%x\n", __func__, addr, value));
+
+ if (addr == R_RW_MASK) {
+ fs->regs[R_RW_MASK] = value;
+ pic_update(fs);
+ }
+}
+
+static const MemoryRegionOps pic_ops = {
+ .read = pic_read,
+ .write = pic_write,
+ .endianness = DEVICE_NATIVE_ENDIAN,
+ .valid = {
+ .min_access_size = 4,
+ .max_access_size = 4
+ }
+};
+
+static void nmi_handler(void *opaque, int irq, int level)
+{
+ struct etrax_pic *fs = (void *)opaque;
+ uint32_t mask;
+
+ mask = 1 << irq;
+ if (level)
+ fs->regs[R_R_NMI] |= mask;
+ else
+ fs->regs[R_R_NMI] &= ~mask;
+
+ qemu_set_irq(fs->parent_nmi, !!fs->regs[R_R_NMI]);
+}
+
+static void irq_handler(void *opaque, int irq, int level)
+{
+ struct etrax_pic *fs = (void *)opaque;
+
+ if (irq >= 30)
+ return nmi_handler(opaque, irq, level);
+
+ irq -= 1;
+ fs->regs[R_R_VECT] &= ~(1 << irq);
+ fs->regs[R_R_VECT] |= (!!level << irq);
+ pic_update(fs);
+}
+
+static int etraxfs_pic_init(SysBusDevice *sbd)
+{
+ DeviceState *dev = DEVICE(sbd);
+ struct etrax_pic *s = ETRAX_FS_PIC(dev);
+
+ qdev_init_gpio_in(dev, irq_handler, 32);
+ sysbus_init_irq(sbd, &s->parent_irq);
+ sysbus_init_irq(sbd, &s->parent_nmi);
+
+ memory_region_init_io(&s->mmio, OBJECT(s), &pic_ops, s,
+ "etraxfs-pic", R_MAX * 4);
+ sysbus_init_mmio(sbd, &s->mmio);
+ return 0;
+}
+
+static Property etraxfs_pic_properties[] = {
+ DEFINE_PROP_PTR("interrupt_vector", struct etrax_pic, interrupt_vector),
+ DEFINE_PROP_END_OF_LIST(),
+};
+
+static void etraxfs_pic_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
+
+ k->init = etraxfs_pic_init;
+ dc->props = etraxfs_pic_properties;
+}
+
+static const TypeInfo etraxfs_pic_info = {
+ .name = TYPE_ETRAX_FS_PIC,
+ .parent = TYPE_SYS_BUS_DEVICE,
+ .instance_size = sizeof(struct etrax_pic),
+ .class_init = etraxfs_pic_class_init,
+};
+
+static void etraxfs_pic_register_types(void)
+{
+ type_register_static(&etraxfs_pic_info);
+}
+
+type_init(etraxfs_pic_register_types)
diff --git a/hw/intc/exynos4210_combiner.c b/hw/intc/exynos4210_combiner.c
new file mode 100644
index 000000000..ef5e8eb22
--- /dev/null
+++ b/hw/intc/exynos4210_combiner.c
@@ -0,0 +1,460 @@
+/*
+ * Samsung exynos4210 Interrupt Combiner
+ *
+ * Copyright (c) 2000 - 2011 Samsung Electronics Co., Ltd.
+ * All rights reserved.
+ *
+ * Evgeny Voevodin <e.voevodin@samsung.com>
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+ * See the GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+/*
+ * Exynos4210 Combiner represents an OR gate for SOC's IRQ lines. It combines
+ * IRQ sources into groups and provides signal output to GIC from each group. It
+ * is driven by common mask and enable/disable logic. Take a note that not all
+ * IRQs are passed to GIC through Combiner.
+ */
+
+#include "hw/sysbus.h"
+
+#include "hw/arm/exynos4210.h"
+
+//#define DEBUG_COMBINER
+
+#ifdef DEBUG_COMBINER
+#define DPRINTF(fmt, ...) \
+ do { fprintf(stdout, "COMBINER: [%s:%d] " fmt, __func__ , __LINE__, \
+ ## __VA_ARGS__); } while (0)
+#else
+#define DPRINTF(fmt, ...) do {} while (0)
+#endif
+
+#define IIC_NGRP 64 /* Internal Interrupt Combiner
+ Groups number */
+#define IIC_NIRQ (IIC_NGRP * 8)/* Internal Interrupt Combiner
+ Interrupts number */
+#define IIC_REGION_SIZE 0x108 /* Size of memory mapped region */
+#define IIC_REGSET_SIZE 0x41
+
+/*
+ * State for each output signal of internal combiner
+ */
+typedef struct CombinerGroupState {
+ uint8_t src_mask; /* 1 - source enabled, 0 - disabled */
+ uint8_t src_pending; /* Pending source interrupts before masking */
+} CombinerGroupState;
+
+#define TYPE_EXYNOS4210_COMBINER "exynos4210.combiner"
+#define EXYNOS4210_COMBINER(obj) \
+ OBJECT_CHECK(Exynos4210CombinerState, (obj), TYPE_EXYNOS4210_COMBINER)
+
+typedef struct Exynos4210CombinerState {
+ SysBusDevice parent_obj;
+
+ MemoryRegion iomem;
+
+ struct CombinerGroupState group[IIC_NGRP];
+ uint32_t reg_set[IIC_REGSET_SIZE];
+ uint32_t icipsr[2];
+ uint32_t external; /* 1 means that this combiner is external */
+
+ qemu_irq output_irq[IIC_NGRP];
+} Exynos4210CombinerState;
+
+static const VMStateDescription vmstate_exynos4210_combiner_group_state = {
+ .name = "exynos4210.combiner.groupstate",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .minimum_version_id_old = 1,
+ .fields = (VMStateField[]) {
+ VMSTATE_UINT8(src_mask, CombinerGroupState),
+ VMSTATE_UINT8(src_pending, CombinerGroupState),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+static const VMStateDescription vmstate_exynos4210_combiner = {
+ .name = "exynos4210.combiner",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .minimum_version_id_old = 1,
+ .fields = (VMStateField[]) {
+ VMSTATE_STRUCT_ARRAY(group, Exynos4210CombinerState, IIC_NGRP, 0,
+ vmstate_exynos4210_combiner_group_state, CombinerGroupState),
+ VMSTATE_UINT32_ARRAY(reg_set, Exynos4210CombinerState,
+ IIC_REGSET_SIZE),
+ VMSTATE_UINT32_ARRAY(icipsr, Exynos4210CombinerState, 2),
+ VMSTATE_UINT32(external, Exynos4210CombinerState),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+/*
+ * Get Combiner input GPIO into irqs structure
+ */
+void exynos4210_combiner_get_gpioin(Exynos4210Irq *irqs, DeviceState *dev,
+ int ext)
+{
+ int n;
+ int bit;
+ int max;
+ qemu_irq *irq;
+
+ max = ext ? EXYNOS4210_MAX_EXT_COMBINER_IN_IRQ :
+ EXYNOS4210_MAX_INT_COMBINER_IN_IRQ;
+ irq = ext ? irqs->ext_combiner_irq : irqs->int_combiner_irq;
+
+ /*
+ * Some IRQs of Int/External Combiner are going to two Combiners groups,
+ * so let split them.
+ */
+ for (n = 0; n < max; n++) {
+
+ bit = EXYNOS4210_COMBINER_GET_BIT_NUM(n);
+
+ switch (n) {
+ /* MDNIE_LCD1 INTG1 */
+ case EXYNOS4210_COMBINER_GET_IRQ_NUM(1, 0) ...
+ EXYNOS4210_COMBINER_GET_IRQ_NUM(1, 3):
+ irq[n] = qemu_irq_split(qdev_get_gpio_in(dev, n),
+ irq[EXYNOS4210_COMBINER_GET_IRQ_NUM(0, bit + 4)]);
+ continue;
+
+ /* TMU INTG3 */
+ case EXYNOS4210_COMBINER_GET_IRQ_NUM(3, 4):
+ irq[n] = qemu_irq_split(qdev_get_gpio_in(dev, n),
+ irq[EXYNOS4210_COMBINER_GET_IRQ_NUM(2, bit)]);
+ continue;
+
+ /* LCD1 INTG12 */
+ case EXYNOS4210_COMBINER_GET_IRQ_NUM(12, 0) ...
+ EXYNOS4210_COMBINER_GET_IRQ_NUM(12, 3):
+ irq[n] = qemu_irq_split(qdev_get_gpio_in(dev, n),
+ irq[EXYNOS4210_COMBINER_GET_IRQ_NUM(11, bit + 4)]);
+ continue;
+
+ /* Multi-Core Timer INTG12 */
+ case EXYNOS4210_COMBINER_GET_IRQ_NUM(12, 4) ...
+ EXYNOS4210_COMBINER_GET_IRQ_NUM(12, 8):
+ irq[n] = qemu_irq_split(qdev_get_gpio_in(dev, n),
+ irq[EXYNOS4210_COMBINER_GET_IRQ_NUM(1, bit + 4)]);
+ continue;
+
+ /* Multi-Core Timer INTG35 */
+ case EXYNOS4210_COMBINER_GET_IRQ_NUM(35, 4) ...
+ EXYNOS4210_COMBINER_GET_IRQ_NUM(35, 8):
+ irq[n] = qemu_irq_split(qdev_get_gpio_in(dev, n),
+ irq[EXYNOS4210_COMBINER_GET_IRQ_NUM(1, bit + 4)]);
+ continue;
+
+ /* Multi-Core Timer INTG51 */
+ case EXYNOS4210_COMBINER_GET_IRQ_NUM(51, 4) ...
+ EXYNOS4210_COMBINER_GET_IRQ_NUM(51, 8):
+ irq[n] = qemu_irq_split(qdev_get_gpio_in(dev, n),
+ irq[EXYNOS4210_COMBINER_GET_IRQ_NUM(1, bit + 4)]);
+ continue;
+
+ /* Multi-Core Timer INTG53 */
+ case EXYNOS4210_COMBINER_GET_IRQ_NUM(53, 4) ...
+ EXYNOS4210_COMBINER_GET_IRQ_NUM(53, 8):
+ irq[n] = qemu_irq_split(qdev_get_gpio_in(dev, n),
+ irq[EXYNOS4210_COMBINER_GET_IRQ_NUM(1, bit + 4)]);
+ continue;
+ }
+
+ irq[n] = qdev_get_gpio_in(dev, n);
+ }
+}
+
+static uint64_t
+exynos4210_combiner_read(void *opaque, hwaddr offset, unsigned size)
+{
+ struct Exynos4210CombinerState *s =
+ (struct Exynos4210CombinerState *)opaque;
+ uint32_t req_quad_base_n; /* Base of registers quad. Multiply it by 4 and
+ get a start of corresponding group quad */
+ uint32_t grp_quad_base_n; /* Base of group quad */
+ uint32_t reg_n; /* Register number inside the quad */
+ uint32_t val;
+
+ req_quad_base_n = offset >> 4;
+ grp_quad_base_n = req_quad_base_n << 2;
+ reg_n = (offset - (req_quad_base_n << 4)) >> 2;
+
+ if (req_quad_base_n >= IIC_NGRP) {
+ /* Read of ICIPSR register */
+ return s->icipsr[reg_n];
+ }
+
+ val = 0;
+
+ switch (reg_n) {
+ /* IISTR */
+ case 2:
+ val |= s->group[grp_quad_base_n].src_pending;
+ val |= s->group[grp_quad_base_n + 1].src_pending << 8;
+ val |= s->group[grp_quad_base_n + 2].src_pending << 16;
+ val |= s->group[grp_quad_base_n + 3].src_pending << 24;
+ break;
+ /* IIMSR */
+ case 3:
+ val |= s->group[grp_quad_base_n].src_mask &
+ s->group[grp_quad_base_n].src_pending;
+ val |= (s->group[grp_quad_base_n + 1].src_mask &
+ s->group[grp_quad_base_n + 1].src_pending) << 8;
+ val |= (s->group[grp_quad_base_n + 2].src_mask &
+ s->group[grp_quad_base_n + 2].src_pending) << 16;
+ val |= (s->group[grp_quad_base_n + 3].src_mask &
+ s->group[grp_quad_base_n + 3].src_pending) << 24;
+ break;
+ default:
+ if (offset >> 2 >= IIC_REGSET_SIZE) {
+ hw_error("exynos4210.combiner: overflow of reg_set by 0x"
+ TARGET_FMT_plx "offset\n", offset);
+ }
+ val = s->reg_set[offset >> 2];
+ return 0;
+ }
+ return val;
+}
+
+static void exynos4210_combiner_update(void *opaque, uint8_t group_n)
+{
+ struct Exynos4210CombinerState *s =
+ (struct Exynos4210CombinerState *)opaque;
+
+ /* Send interrupt if needed */
+ if (s->group[group_n].src_mask & s->group[group_n].src_pending) {
+#ifdef DEBUG_COMBINER
+ if (group_n != 26) {
+ /* skip uart */
+ DPRINTF("%s raise IRQ[%d]\n", s->external ? "EXT" : "INT", group_n);
+ }
+#endif
+
+ /* Set Combiner interrupt pending status after masking */
+ if (group_n >= 32) {
+ s->icipsr[1] |= 1 << (group_n - 32);
+ } else {
+ s->icipsr[0] |= 1 << group_n;
+ }
+
+ qemu_irq_raise(s->output_irq[group_n]);
+ } else {
+#ifdef DEBUG_COMBINER
+ if (group_n != 26) {
+ /* skip uart */
+ DPRINTF("%s lower IRQ[%d]\n", s->external ? "EXT" : "INT", group_n);
+ }
+#endif
+
+ /* Set Combiner interrupt pending status after masking */
+ if (group_n >= 32) {
+ s->icipsr[1] &= ~(1 << (group_n - 32));
+ } else {
+ s->icipsr[0] &= ~(1 << group_n);
+ }
+
+ qemu_irq_lower(s->output_irq[group_n]);
+ }
+}
+
+static void exynos4210_combiner_write(void *opaque, hwaddr offset,
+ uint64_t val, unsigned size)
+{
+ struct Exynos4210CombinerState *s =
+ (struct Exynos4210CombinerState *)opaque;
+ uint32_t req_quad_base_n; /* Base of registers quad. Multiply it by 4 and
+ get a start of corresponding group quad */
+ uint32_t grp_quad_base_n; /* Base of group quad */
+ uint32_t reg_n; /* Register number inside the quad */
+
+ req_quad_base_n = offset >> 4;
+ grp_quad_base_n = req_quad_base_n << 2;
+ reg_n = (offset - (req_quad_base_n << 4)) >> 2;
+
+ if (req_quad_base_n >= IIC_NGRP) {
+ hw_error("exynos4210.combiner: unallowed write access at offset 0x"
+ TARGET_FMT_plx "\n", offset);
+ return;
+ }
+
+ if (reg_n > 1) {
+ hw_error("exynos4210.combiner: unallowed write access at offset 0x"
+ TARGET_FMT_plx "\n", offset);
+ return;
+ }
+
+ if (offset >> 2 >= IIC_REGSET_SIZE) {
+ hw_error("exynos4210.combiner: overflow of reg_set by 0x"
+ TARGET_FMT_plx "offset\n", offset);
+ }
+ s->reg_set[offset >> 2] = val;
+
+ switch (reg_n) {
+ /* IIESR */
+ case 0:
+ /* FIXME: what if irq is pending, allowed by mask, and we allow it
+ * again. Interrupt will rise again! */
+
+ DPRINTF("%s enable IRQ for groups %d, %d, %d, %d\n",
+ s->external ? "EXT" : "INT",
+ grp_quad_base_n,
+ grp_quad_base_n + 1,
+ grp_quad_base_n + 2,
+ grp_quad_base_n + 3);
+
+ /* Enable interrupt sources */
+ s->group[grp_quad_base_n].src_mask |= val & 0xFF;
+ s->group[grp_quad_base_n + 1].src_mask |= (val & 0xFF00) >> 8;
+ s->group[grp_quad_base_n + 2].src_mask |= (val & 0xFF0000) >> 16;
+ s->group[grp_quad_base_n + 3].src_mask |= (val & 0xFF000000) >> 24;
+
+ exynos4210_combiner_update(s, grp_quad_base_n);
+ exynos4210_combiner_update(s, grp_quad_base_n + 1);
+ exynos4210_combiner_update(s, grp_quad_base_n + 2);
+ exynos4210_combiner_update(s, grp_quad_base_n + 3);
+ break;
+ /* IIECR */
+ case 1:
+ DPRINTF("%s disable IRQ for groups %d, %d, %d, %d\n",
+ s->external ? "EXT" : "INT",
+ grp_quad_base_n,
+ grp_quad_base_n + 1,
+ grp_quad_base_n + 2,
+ grp_quad_base_n + 3);
+
+ /* Disable interrupt sources */
+ s->group[grp_quad_base_n].src_mask &= ~(val & 0xFF);
+ s->group[grp_quad_base_n + 1].src_mask &= ~((val & 0xFF00) >> 8);
+ s->group[grp_quad_base_n + 2].src_mask &= ~((val & 0xFF0000) >> 16);
+ s->group[grp_quad_base_n + 3].src_mask &= ~((val & 0xFF000000) >> 24);
+
+ exynos4210_combiner_update(s, grp_quad_base_n);
+ exynos4210_combiner_update(s, grp_quad_base_n + 1);
+ exynos4210_combiner_update(s, grp_quad_base_n + 2);
+ exynos4210_combiner_update(s, grp_quad_base_n + 3);
+ break;
+ default:
+ hw_error("exynos4210.combiner: unallowed write access at offset 0x"
+ TARGET_FMT_plx "\n", offset);
+ break;
+ }
+}
+
+/* Get combiner group and bit from irq number */
+static uint8_t get_combiner_group_and_bit(int irq, uint8_t *bit)
+{
+ *bit = irq - ((irq >> 3) << 3);
+ return irq >> 3;
+}
+
+/* Process a change in an external IRQ input. */
+static void exynos4210_combiner_handler(void *opaque, int irq, int level)
+{
+ struct Exynos4210CombinerState *s =
+ (struct Exynos4210CombinerState *)opaque;
+ uint8_t bit_n, group_n;
+
+ group_n = get_combiner_group_and_bit(irq, &bit_n);
+
+ if (s->external && group_n >= EXYNOS4210_MAX_EXT_COMBINER_OUT_IRQ) {
+ DPRINTF("%s unallowed IRQ group 0x%x\n", s->external ? "EXT" : "INT"
+ , group_n);
+ return;
+ }
+
+ if (level) {
+ s->group[group_n].src_pending |= 1 << bit_n;
+ } else {
+ s->group[group_n].src_pending &= ~(1 << bit_n);
+ }
+
+ exynos4210_combiner_update(s, group_n);
+}
+
+static void exynos4210_combiner_reset(DeviceState *d)
+{
+ struct Exynos4210CombinerState *s = (struct Exynos4210CombinerState *)d;
+
+ memset(&s->group, 0, sizeof(s->group));
+ memset(&s->reg_set, 0, sizeof(s->reg_set));
+
+ s->reg_set[0xC0 >> 2] = 0x01010101;
+ s->reg_set[0xC4 >> 2] = 0x01010101;
+ s->reg_set[0xD0 >> 2] = 0x01010101;
+ s->reg_set[0xD4 >> 2] = 0x01010101;
+}
+
+static const MemoryRegionOps exynos4210_combiner_ops = {
+ .read = exynos4210_combiner_read,
+ .write = exynos4210_combiner_write,
+ .endianness = DEVICE_NATIVE_ENDIAN,
+};
+
+/*
+ * Internal Combiner initialization.
+ */
+static int exynos4210_combiner_init(SysBusDevice *sbd)
+{
+ DeviceState *dev = DEVICE(sbd);
+ Exynos4210CombinerState *s = EXYNOS4210_COMBINER(dev);
+ unsigned int i;
+
+ /* Allocate general purpose input signals and connect a handler to each of
+ * them */
+ qdev_init_gpio_in(dev, exynos4210_combiner_handler, IIC_NIRQ);
+
+ /* Connect SysBusDev irqs to device specific irqs */
+ for (i = 0; i < IIC_NIRQ; i++) {
+ sysbus_init_irq(sbd, &s->output_irq[i]);
+ }
+
+ memory_region_init_io(&s->iomem, OBJECT(s), &exynos4210_combiner_ops, s,
+ "exynos4210-combiner", IIC_REGION_SIZE);
+ sysbus_init_mmio(sbd, &s->iomem);
+
+ return 0;
+}
+
+static Property exynos4210_combiner_properties[] = {
+ DEFINE_PROP_UINT32("external", Exynos4210CombinerState, external, 0),
+ DEFINE_PROP_END_OF_LIST(),
+};
+
+static void exynos4210_combiner_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
+
+ k->init = exynos4210_combiner_init;
+ dc->reset = exynos4210_combiner_reset;
+ dc->props = exynos4210_combiner_properties;
+ dc->vmsd = &vmstate_exynos4210_combiner;
+}
+
+static const TypeInfo exynos4210_combiner_info = {
+ .name = TYPE_EXYNOS4210_COMBINER,
+ .parent = TYPE_SYS_BUS_DEVICE,
+ .instance_size = sizeof(Exynos4210CombinerState),
+ .class_init = exynos4210_combiner_class_init,
+};
+
+static void exynos4210_combiner_register_types(void)
+{
+ type_register_static(&exynos4210_combiner_info);
+}
+
+type_init(exynos4210_combiner_register_types)
diff --git a/hw/intc/exynos4210_gic.c b/hw/intc/exynos4210_gic.c
new file mode 100644
index 000000000..5b913f786
--- /dev/null
+++ b/hw/intc/exynos4210_gic.c
@@ -0,0 +1,473 @@
+/*
+ * Samsung exynos4210 GIC implementation. Based on hw/arm_gic.c
+ *
+ * Copyright (c) 2000 - 2011 Samsung Electronics Co., Ltd.
+ * All rights reserved.
+ *
+ * Evgeny Voevodin <e.voevodin@samsung.com>
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+ * See the GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "hw/sysbus.h"
+#include "qemu-common.h"
+#include "hw/irq.h"
+#include "hw/arm/exynos4210.h"
+
+enum ExtGicId {
+ EXT_GIC_ID_MDMA_LCD0 = 66,
+ EXT_GIC_ID_PDMA0,
+ EXT_GIC_ID_PDMA1,
+ EXT_GIC_ID_TIMER0,
+ EXT_GIC_ID_TIMER1,
+ EXT_GIC_ID_TIMER2,
+ EXT_GIC_ID_TIMER3,
+ EXT_GIC_ID_TIMER4,
+ EXT_GIC_ID_MCT_L0,
+ EXT_GIC_ID_WDT,
+ EXT_GIC_ID_RTC_ALARM,
+ EXT_GIC_ID_RTC_TIC,
+ EXT_GIC_ID_GPIO_XB,
+ EXT_GIC_ID_GPIO_XA,
+ EXT_GIC_ID_MCT_L1,
+ EXT_GIC_ID_IEM_APC,
+ EXT_GIC_ID_IEM_IEC,
+ EXT_GIC_ID_NFC,
+ EXT_GIC_ID_UART0,
+ EXT_GIC_ID_UART1,
+ EXT_GIC_ID_UART2,
+ EXT_GIC_ID_UART3,
+ EXT_GIC_ID_UART4,
+ EXT_GIC_ID_MCT_G0,
+ EXT_GIC_ID_I2C0,
+ EXT_GIC_ID_I2C1,
+ EXT_GIC_ID_I2C2,
+ EXT_GIC_ID_I2C3,
+ EXT_GIC_ID_I2C4,
+ EXT_GIC_ID_I2C5,
+ EXT_GIC_ID_I2C6,
+ EXT_GIC_ID_I2C7,
+ EXT_GIC_ID_SPI0,
+ EXT_GIC_ID_SPI1,
+ EXT_GIC_ID_SPI2,
+ EXT_GIC_ID_MCT_G1,
+ EXT_GIC_ID_USB_HOST,
+ EXT_GIC_ID_USB_DEVICE,
+ EXT_GIC_ID_MODEMIF,
+ EXT_GIC_ID_HSMMC0,
+ EXT_GIC_ID_HSMMC1,
+ EXT_GIC_ID_HSMMC2,
+ EXT_GIC_ID_HSMMC3,
+ EXT_GIC_ID_SDMMC,
+ EXT_GIC_ID_MIPI_CSI_4LANE,
+ EXT_GIC_ID_MIPI_DSI_4LANE,
+ EXT_GIC_ID_MIPI_CSI_2LANE,
+ EXT_GIC_ID_MIPI_DSI_2LANE,
+ EXT_GIC_ID_ONENAND_AUDI,
+ EXT_GIC_ID_ROTATOR,
+ EXT_GIC_ID_FIMC0,
+ EXT_GIC_ID_FIMC1,
+ EXT_GIC_ID_FIMC2,
+ EXT_GIC_ID_FIMC3,
+ EXT_GIC_ID_JPEG,
+ EXT_GIC_ID_2D,
+ EXT_GIC_ID_PCIe,
+ EXT_GIC_ID_MIXER,
+ EXT_GIC_ID_HDMI,
+ EXT_GIC_ID_HDMI_I2C,
+ EXT_GIC_ID_MFC,
+ EXT_GIC_ID_TVENC,
+};
+
+enum ExtInt {
+ EXT_GIC_ID_EXTINT0 = 48,
+ EXT_GIC_ID_EXTINT1,
+ EXT_GIC_ID_EXTINT2,
+ EXT_GIC_ID_EXTINT3,
+ EXT_GIC_ID_EXTINT4,
+ EXT_GIC_ID_EXTINT5,
+ EXT_GIC_ID_EXTINT6,
+ EXT_GIC_ID_EXTINT7,
+ EXT_GIC_ID_EXTINT8,
+ EXT_GIC_ID_EXTINT9,
+ EXT_GIC_ID_EXTINT10,
+ EXT_GIC_ID_EXTINT11,
+ EXT_GIC_ID_EXTINT12,
+ EXT_GIC_ID_EXTINT13,
+ EXT_GIC_ID_EXTINT14,
+ EXT_GIC_ID_EXTINT15
+};
+
+/*
+ * External GIC sources which are not from External Interrupt Combiner or
+ * External Interrupts are starting from EXYNOS4210_MAX_EXT_COMBINER_OUT_IRQ,
+ * which is INTG16 in Internal Interrupt Combiner.
+ */
+
+static uint32_t
+combiner_grp_to_gic_id[64-EXYNOS4210_MAX_EXT_COMBINER_OUT_IRQ][8] = {
+ /* int combiner groups 16-19 */
+ { }, { }, { }, { },
+ /* int combiner group 20 */
+ { 0, EXT_GIC_ID_MDMA_LCD0 },
+ /* int combiner group 21 */
+ { EXT_GIC_ID_PDMA0, EXT_GIC_ID_PDMA1 },
+ /* int combiner group 22 */
+ { EXT_GIC_ID_TIMER0, EXT_GIC_ID_TIMER1, EXT_GIC_ID_TIMER2,
+ EXT_GIC_ID_TIMER3, EXT_GIC_ID_TIMER4 },
+ /* int combiner group 23 */
+ { EXT_GIC_ID_RTC_ALARM, EXT_GIC_ID_RTC_TIC },
+ /* int combiner group 24 */
+ { EXT_GIC_ID_GPIO_XB, EXT_GIC_ID_GPIO_XA },
+ /* int combiner group 25 */
+ { EXT_GIC_ID_IEM_APC, EXT_GIC_ID_IEM_IEC },
+ /* int combiner group 26 */
+ { EXT_GIC_ID_UART0, EXT_GIC_ID_UART1, EXT_GIC_ID_UART2, EXT_GIC_ID_UART3,
+ EXT_GIC_ID_UART4 },
+ /* int combiner group 27 */
+ { EXT_GIC_ID_I2C0, EXT_GIC_ID_I2C1, EXT_GIC_ID_I2C2, EXT_GIC_ID_I2C3,
+ EXT_GIC_ID_I2C4, EXT_GIC_ID_I2C5, EXT_GIC_ID_I2C6,
+ EXT_GIC_ID_I2C7 },
+ /* int combiner group 28 */
+ { EXT_GIC_ID_SPI0, EXT_GIC_ID_SPI1, EXT_GIC_ID_SPI2 , EXT_GIC_ID_USB_HOST},
+ /* int combiner group 29 */
+ { EXT_GIC_ID_HSMMC0, EXT_GIC_ID_HSMMC1, EXT_GIC_ID_HSMMC2,
+ EXT_GIC_ID_HSMMC3, EXT_GIC_ID_SDMMC },
+ /* int combiner group 30 */
+ { EXT_GIC_ID_MIPI_CSI_4LANE, EXT_GIC_ID_MIPI_CSI_2LANE },
+ /* int combiner group 31 */
+ { EXT_GIC_ID_MIPI_DSI_4LANE, EXT_GIC_ID_MIPI_DSI_2LANE },
+ /* int combiner group 32 */
+ { EXT_GIC_ID_FIMC0, EXT_GIC_ID_FIMC1 },
+ /* int combiner group 33 */
+ { EXT_GIC_ID_FIMC2, EXT_GIC_ID_FIMC3 },
+ /* int combiner group 34 */
+ { EXT_GIC_ID_ONENAND_AUDI, EXT_GIC_ID_NFC },
+ /* int combiner group 35 */
+ { 0, 0, 0, EXT_GIC_ID_MCT_L1, EXT_GIC_ID_MCT_G0, EXT_GIC_ID_MCT_G1 },
+ /* int combiner group 36 */
+ { EXT_GIC_ID_MIXER },
+ /* int combiner group 37 */
+ { EXT_GIC_ID_EXTINT4, EXT_GIC_ID_EXTINT5, EXT_GIC_ID_EXTINT6,
+ EXT_GIC_ID_EXTINT7 },
+ /* groups 38-50 */
+ { }, { }, { }, { }, { }, { }, { }, { }, { }, { }, { }, { }, { },
+ /* int combiner group 51 */
+ { EXT_GIC_ID_MCT_L0, 0, 0, 0, EXT_GIC_ID_MCT_G0, EXT_GIC_ID_MCT_G1 },
+ /* group 52 */
+ { },
+ /* int combiner group 53 */
+ { EXT_GIC_ID_WDT, 0, 0, 0, EXT_GIC_ID_MCT_G0, EXT_GIC_ID_MCT_G1 },
+ /* groups 54-63 */
+ { }, { }, { }, { }, { }, { }, { }, { }, { }, { }
+};
+
+#define EXYNOS4210_GIC_NIRQ 160
+
+#define EXYNOS4210_EXT_GIC_CPU_REGION_SIZE 0x10000
+#define EXYNOS4210_EXT_GIC_DIST_REGION_SIZE 0x10000
+
+#define EXYNOS4210_EXT_GIC_PER_CPU_OFFSET 0x8000
+#define EXYNOS4210_EXT_GIC_CPU_GET_OFFSET(n) \
+ ((n) * EXYNOS4210_EXT_GIC_PER_CPU_OFFSET)
+#define EXYNOS4210_EXT_GIC_DIST_GET_OFFSET(n) \
+ ((n) * EXYNOS4210_EXT_GIC_PER_CPU_OFFSET)
+
+#define EXYNOS4210_GIC_CPU_REGION_SIZE 0x100
+#define EXYNOS4210_GIC_DIST_REGION_SIZE 0x1000
+
+static void exynos4210_irq_handler(void *opaque, int irq, int level)
+{
+ Exynos4210Irq *s = (Exynos4210Irq *)opaque;
+
+ /* Bypass */
+ qemu_set_irq(s->board_irqs[irq], level);
+}
+
+/*
+ * Initialize exynos4210 IRQ subsystem stub.
+ */
+qemu_irq *exynos4210_init_irq(Exynos4210Irq *s)
+{
+ return qemu_allocate_irqs(exynos4210_irq_handler, s,
+ EXYNOS4210_MAX_INT_COMBINER_IN_IRQ);
+}
+
+/*
+ * Initialize board IRQs.
+ * These IRQs contain splitted Int/External Combiner and External Gic IRQs.
+ */
+void exynos4210_init_board_irqs(Exynos4210Irq *s)
+{
+ uint32_t grp, bit, irq_id, n;
+
+ for (n = 0; n < EXYNOS4210_MAX_EXT_COMBINER_IN_IRQ; n++) {
+ s->board_irqs[n] = qemu_irq_split(s->int_combiner_irq[n],
+ s->ext_combiner_irq[n]);
+
+ irq_id = 0;
+ if (n == EXYNOS4210_COMBINER_GET_IRQ_NUM(1, 4) ||
+ n == EXYNOS4210_COMBINER_GET_IRQ_NUM(12, 4)) {
+ /* MCT_G0 is passed to External GIC */
+ irq_id = EXT_GIC_ID_MCT_G0;
+ }
+ if (n == EXYNOS4210_COMBINER_GET_IRQ_NUM(1, 5) ||
+ n == EXYNOS4210_COMBINER_GET_IRQ_NUM(12, 5)) {
+ /* MCT_G1 is passed to External and GIC */
+ irq_id = EXT_GIC_ID_MCT_G1;
+ }
+ if (irq_id) {
+ s->board_irqs[n] = qemu_irq_split(s->int_combiner_irq[n],
+ s->ext_gic_irq[irq_id-32]);
+ }
+
+ }
+ for (; n < EXYNOS4210_MAX_INT_COMBINER_IN_IRQ; n++) {
+ /* these IDs are passed to Internal Combiner and External GIC */
+ grp = EXYNOS4210_COMBINER_GET_GRP_NUM(n);
+ bit = EXYNOS4210_COMBINER_GET_BIT_NUM(n);
+ irq_id = combiner_grp_to_gic_id[grp -
+ EXYNOS4210_MAX_EXT_COMBINER_OUT_IRQ][bit];
+
+ if (irq_id) {
+ s->board_irqs[n] = qemu_irq_split(s->int_combiner_irq[n],
+ s->ext_gic_irq[irq_id-32]);
+ }
+ }
+}
+
+/*
+ * Get IRQ number from exynos4210 IRQ subsystem stub.
+ * To identify IRQ source use internal combiner group and bit number
+ * grp - group number
+ * bit - bit number inside group
+ */
+uint32_t exynos4210_get_irq(uint32_t grp, uint32_t bit)
+{
+ return EXYNOS4210_COMBINER_GET_IRQ_NUM(grp, bit);
+}
+
+/********* GIC part *********/
+
+#define TYPE_EXYNOS4210_GIC "exynos4210.gic"
+#define EXYNOS4210_GIC(obj) \
+ OBJECT_CHECK(Exynos4210GicState, (obj), TYPE_EXYNOS4210_GIC)
+
+typedef struct {
+ SysBusDevice parent_obj;
+
+ MemoryRegion cpu_container;
+ MemoryRegion dist_container;
+ MemoryRegion cpu_alias[EXYNOS4210_NCPUS];
+ MemoryRegion dist_alias[EXYNOS4210_NCPUS];
+ uint32_t num_cpu;
+ DeviceState *gic;
+} Exynos4210GicState;
+
+static void exynos4210_gic_set_irq(void *opaque, int irq, int level)
+{
+ Exynos4210GicState *s = (Exynos4210GicState *)opaque;
+ qemu_set_irq(qdev_get_gpio_in(s->gic, irq), level);
+}
+
+static int exynos4210_gic_init(SysBusDevice *sbd)
+{
+ DeviceState *dev = DEVICE(sbd);
+ Exynos4210GicState *s = EXYNOS4210_GIC(dev);
+ uint32_t i;
+ const char cpu_prefix[] = "exynos4210-gic-alias_cpu";
+ const char dist_prefix[] = "exynos4210-gic-alias_dist";
+ char cpu_alias_name[sizeof(cpu_prefix) + 3];
+ char dist_alias_name[sizeof(cpu_prefix) + 3];
+ SysBusDevice *busdev;
+
+ s->gic = qdev_create(NULL, "arm_gic");
+ qdev_prop_set_uint32(s->gic, "num-cpu", s->num_cpu);
+ qdev_prop_set_uint32(s->gic, "num-irq", EXYNOS4210_GIC_NIRQ);
+ qdev_init_nofail(s->gic);
+ busdev = SYS_BUS_DEVICE(s->gic);
+
+ /* Pass through outbound IRQ lines from the GIC */
+ sysbus_pass_irq(sbd, busdev);
+
+ /* Pass through inbound GPIO lines to the GIC */
+ qdev_init_gpio_in(dev, exynos4210_gic_set_irq,
+ EXYNOS4210_GIC_NIRQ - 32);
+
+ memory_region_init(&s->cpu_container, OBJECT(s), "exynos4210-cpu-container",
+ EXYNOS4210_EXT_GIC_CPU_REGION_SIZE);
+ memory_region_init(&s->dist_container, OBJECT(s), "exynos4210-dist-container",
+ EXYNOS4210_EXT_GIC_DIST_REGION_SIZE);
+
+ for (i = 0; i < s->num_cpu; i++) {
+ /* Map CPU interface per SMP Core */
+ sprintf(cpu_alias_name, "%s%x", cpu_prefix, i);
+ memory_region_init_alias(&s->cpu_alias[i], OBJECT(s),
+ cpu_alias_name,
+ sysbus_mmio_get_region(busdev, 1),
+ 0,
+ EXYNOS4210_GIC_CPU_REGION_SIZE);
+ memory_region_add_subregion(&s->cpu_container,
+ EXYNOS4210_EXT_GIC_CPU_GET_OFFSET(i), &s->cpu_alias[i]);
+
+ /* Map Distributor per SMP Core */
+ sprintf(dist_alias_name, "%s%x", dist_prefix, i);
+ memory_region_init_alias(&s->dist_alias[i], OBJECT(s),
+ dist_alias_name,
+ sysbus_mmio_get_region(busdev, 0),
+ 0,
+ EXYNOS4210_GIC_DIST_REGION_SIZE);
+ memory_region_add_subregion(&s->dist_container,
+ EXYNOS4210_EXT_GIC_DIST_GET_OFFSET(i), &s->dist_alias[i]);
+ }
+
+ sysbus_init_mmio(sbd, &s->cpu_container);
+ sysbus_init_mmio(sbd, &s->dist_container);
+
+ return 0;
+}
+
+static Property exynos4210_gic_properties[] = {
+ DEFINE_PROP_UINT32("num-cpu", Exynos4210GicState, num_cpu, 1),
+ DEFINE_PROP_END_OF_LIST(),
+};
+
+static void exynos4210_gic_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
+
+ k->init = exynos4210_gic_init;
+ dc->props = exynos4210_gic_properties;
+}
+
+static const TypeInfo exynos4210_gic_info = {
+ .name = TYPE_EXYNOS4210_GIC,
+ .parent = TYPE_SYS_BUS_DEVICE,
+ .instance_size = sizeof(Exynos4210GicState),
+ .class_init = exynos4210_gic_class_init,
+};
+
+static void exynos4210_gic_register_types(void)
+{
+ type_register_static(&exynos4210_gic_info);
+}
+
+type_init(exynos4210_gic_register_types)
+
+/* IRQ OR Gate struct.
+ *
+ * This device models an OR gate. There are n_in input qdev gpio lines and one
+ * output sysbus IRQ line. The output IRQ level is formed as OR between all
+ * gpio inputs.
+ */
+
+#define TYPE_EXYNOS4210_IRQ_GATE "exynos4210.irq_gate"
+#define EXYNOS4210_IRQ_GATE(obj) \
+ OBJECT_CHECK(Exynos4210IRQGateState, (obj), TYPE_EXYNOS4210_IRQ_GATE)
+
+typedef struct Exynos4210IRQGateState {
+ SysBusDevice parent_obj;
+
+ uint32_t n_in; /* inputs amount */
+ uint32_t *level; /* input levels */
+ qemu_irq out; /* output IRQ */
+} Exynos4210IRQGateState;
+
+static Property exynos4210_irq_gate_properties[] = {
+ DEFINE_PROP_UINT32("n_in", Exynos4210IRQGateState, n_in, 1),
+ DEFINE_PROP_END_OF_LIST(),
+};
+
+static const VMStateDescription vmstate_exynos4210_irq_gate = {
+ .name = "exynos4210.irq_gate",
+ .version_id = 2,
+ .minimum_version_id = 2,
+ .minimum_version_id_old = 2,
+ .fields = (VMStateField[]) {
+ VMSTATE_VBUFFER_UINT32(level, Exynos4210IRQGateState, 1, NULL, 0, n_in),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+/* Process a change in IRQ input. */
+static void exynos4210_irq_gate_handler(void *opaque, int irq, int level)
+{
+ Exynos4210IRQGateState *s = (Exynos4210IRQGateState *)opaque;
+ uint32_t i;
+
+ assert(irq < s->n_in);
+
+ s->level[irq] = level;
+
+ for (i = 0; i < s->n_in; i++) {
+ if (s->level[i] >= 1) {
+ qemu_irq_raise(s->out);
+ return;
+ }
+ }
+
+ qemu_irq_lower(s->out);
+}
+
+static void exynos4210_irq_gate_reset(DeviceState *d)
+{
+ Exynos4210IRQGateState *s = EXYNOS4210_IRQ_GATE(d);
+
+ memset(s->level, 0, s->n_in * sizeof(*s->level));
+}
+
+/*
+ * IRQ Gate initialization.
+ */
+static int exynos4210_irq_gate_init(SysBusDevice *sbd)
+{
+ DeviceState *dev = DEVICE(sbd);
+ Exynos4210IRQGateState *s = EXYNOS4210_IRQ_GATE(dev);
+
+ /* Allocate general purpose input signals and connect a handler to each of
+ * them */
+ qdev_init_gpio_in(dev, exynos4210_irq_gate_handler, s->n_in);
+
+ s->level = g_malloc0(s->n_in * sizeof(*s->level));
+
+ sysbus_init_irq(sbd, &s->out);
+
+ return 0;
+}
+
+static void exynos4210_irq_gate_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
+
+ k->init = exynos4210_irq_gate_init;
+ dc->reset = exynos4210_irq_gate_reset;
+ dc->vmsd = &vmstate_exynos4210_irq_gate;
+ dc->props = exynos4210_irq_gate_properties;
+}
+
+static const TypeInfo exynos4210_irq_gate_info = {
+ .name = TYPE_EXYNOS4210_IRQ_GATE,
+ .parent = TYPE_SYS_BUS_DEVICE,
+ .instance_size = sizeof(Exynos4210IRQGateState),
+ .class_init = exynos4210_irq_gate_class_init,
+};
+
+static void exynos4210_irq_gate_register_types(void)
+{
+ type_register_static(&exynos4210_irq_gate_info);
+}
+
+type_init(exynos4210_irq_gate_register_types)
diff --git a/hw/intc/gic_internal.h b/hw/intc/gic_internal.h
new file mode 100644
index 000000000..14264373f
--- /dev/null
+++ b/hw/intc/gic_internal.h
@@ -0,0 +1,141 @@
+/*
+ * ARM GIC support - internal interfaces
+ *
+ * Copyright (c) 2012 Linaro Limited
+ * Written by Peter Maydell
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef QEMU_ARM_GIC_INTERNAL_H
+#define QEMU_ARM_GIC_INTERNAL_H
+
+#include "hw/sysbus.h"
+
+/* Maximum number of possible interrupts, determined by the GIC architecture */
+#define GIC_MAXIRQ 1020
+/* First 32 are private to each CPU (SGIs and PPIs). */
+#define GIC_INTERNAL 32
+/* Maximum number of possible CPU interfaces, determined by GIC architecture */
+#define NCPU 8
+
+#define ALL_CPU_MASK ((unsigned)(((1 << NCPU) - 1)))
+
+/* The NVIC has 16 internal vectors. However these are not exposed
+ through the normal GIC interface. */
+#define GIC_BASE_IRQ ((s->revision == REV_NVIC) ? 32 : 0)
+
+#define GIC_SET_ENABLED(irq, cm) s->irq_state[irq].enabled |= (cm)
+#define GIC_CLEAR_ENABLED(irq, cm) s->irq_state[irq].enabled &= ~(cm)
+#define GIC_TEST_ENABLED(irq, cm) ((s->irq_state[irq].enabled & (cm)) != 0)
+#define GIC_SET_PENDING(irq, cm) s->irq_state[irq].pending |= (cm)
+#define GIC_CLEAR_PENDING(irq, cm) s->irq_state[irq].pending &= ~(cm)
+#define GIC_TEST_PENDING(irq, cm) ((s->irq_state[irq].pending & (cm)) != 0)
+#define GIC_SET_ACTIVE(irq, cm) s->irq_state[irq].active |= (cm)
+#define GIC_CLEAR_ACTIVE(irq, cm) s->irq_state[irq].active &= ~(cm)
+#define GIC_TEST_ACTIVE(irq, cm) ((s->irq_state[irq].active & (cm)) != 0)
+#define GIC_SET_MODEL(irq) s->irq_state[irq].model = true
+#define GIC_CLEAR_MODEL(irq) s->irq_state[irq].model = false
+#define GIC_TEST_MODEL(irq) s->irq_state[irq].model
+#define GIC_SET_LEVEL(irq, cm) s->irq_state[irq].level = (cm)
+#define GIC_CLEAR_LEVEL(irq, cm) s->irq_state[irq].level &= ~(cm)
+#define GIC_TEST_LEVEL(irq, cm) ((s->irq_state[irq].level & (cm)) != 0)
+#define GIC_SET_TRIGGER(irq) s->irq_state[irq].trigger = true
+#define GIC_CLEAR_TRIGGER(irq) s->irq_state[irq].trigger = false
+#define GIC_TEST_TRIGGER(irq) s->irq_state[irq].trigger
+#define GIC_GET_PRIORITY(irq, cpu) (((irq) < GIC_INTERNAL) ? \
+ s->priority1[irq][cpu] : \
+ s->priority2[(irq) - GIC_INTERNAL])
+#define GIC_TARGET(irq) s->irq_target[irq]
+
+typedef struct gic_irq_state {
+ /* The enable bits are only banked for per-cpu interrupts. */
+ uint8_t enabled;
+ uint8_t pending;
+ uint8_t active;
+ uint8_t level;
+ bool model; /* 0 = N:N, 1 = 1:N */
+ bool trigger; /* nonzero = edge triggered. */
+} gic_irq_state;
+
+typedef struct GICState {
+ /*< private >*/
+ SysBusDevice parent_obj;
+ /*< public >*/
+
+ qemu_irq parent_irq[NCPU];
+ bool enabled;
+ bool cpu_enabled[NCPU];
+
+ gic_irq_state irq_state[GIC_MAXIRQ];
+ uint8_t irq_target[GIC_MAXIRQ];
+ uint8_t priority1[GIC_INTERNAL][NCPU];
+ uint8_t priority2[GIC_MAXIRQ - GIC_INTERNAL];
+ uint16_t last_active[GIC_MAXIRQ][NCPU];
+
+ uint16_t priority_mask[NCPU];
+ uint16_t running_irq[NCPU];
+ uint16_t running_priority[NCPU];
+ uint16_t current_pending[NCPU];
+
+ uint32_t num_cpu;
+
+ MemoryRegion iomem; /* Distributor */
+ /* This is just so we can have an opaque pointer which identifies
+ * both this GIC and which CPU interface we should be accessing.
+ */
+ struct GICState *backref[NCPU];
+ MemoryRegion cpuiomem[NCPU+1]; /* CPU interfaces */
+ uint32_t num_irq;
+ uint32_t revision;
+} GICState;
+
+/* The special cases for the revision property: */
+#define REV_11MPCORE 0
+#define REV_NVIC 0xffffffff
+
+void gic_set_pending_private(GICState *s, int cpu, int irq);
+uint32_t gic_acknowledge_irq(GICState *s, int cpu);
+void gic_complete_irq(GICState *s, int cpu, int irq);
+void gic_update(GICState *s);
+void gic_init_irqs_and_distributor(GICState *s, int num_irq);
+
+#define TYPE_ARM_GIC_COMMON "arm_gic_common"
+#define ARM_GIC_COMMON(obj) \
+ OBJECT_CHECK(GICState, (obj), TYPE_ARM_GIC_COMMON)
+#define ARM_GIC_COMMON_CLASS(klass) \
+ OBJECT_CLASS_CHECK(ARMGICCommonClass, (klass), TYPE_ARM_GIC_COMMON)
+#define ARM_GIC_COMMON_GET_CLASS(obj) \
+ OBJECT_GET_CLASS(ARMGICCommonClass, (obj), TYPE_ARM_GIC_COMMON)
+
+typedef struct ARMGICCommonClass {
+ SysBusDeviceClass parent_class;
+ void (*pre_save)(GICState *s);
+ void (*post_load)(GICState *s);
+} ARMGICCommonClass;
+
+#define TYPE_ARM_GIC "arm_gic"
+#define ARM_GIC(obj) \
+ OBJECT_CHECK(GICState, (obj), TYPE_ARM_GIC)
+#define ARM_GIC_CLASS(klass) \
+ OBJECT_CLASS_CHECK(ARMGICClass, (klass), TYPE_ARM_GIC)
+#define ARM_GIC_GET_CLASS(obj) \
+ OBJECT_GET_CLASS(ARMGICClass, (obj), TYPE_ARM_GIC)
+
+typedef struct ARMGICClass {
+ ARMGICCommonClass parent_class;
+ DeviceRealize parent_realize;
+} ARMGICClass;
+
+#endif /* !QEMU_ARM_GIC_INTERNAL_H */
diff --git a/hw/intc/grlib_irqmp.c b/hw/intc/grlib_irqmp.c
new file mode 100644
index 000000000..42e00bc4b
--- /dev/null
+++ b/hw/intc/grlib_irqmp.c
@@ -0,0 +1,372 @@
+/*
+ * QEMU GRLIB IRQMP Emulator
+ *
+ * (Multiprocessor and extended interrupt not supported)
+ *
+ * Copyright (c) 2010-2011 AdaCore
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+#include "hw/sysbus.h"
+#include "cpu.h"
+
+#include "hw/sparc/grlib.h"
+
+#include "trace.h"
+
+#define IRQMP_MAX_CPU 16
+#define IRQMP_REG_SIZE 256 /* Size of memory mapped registers */
+
+/* Memory mapped register offsets */
+#define LEVEL_OFFSET 0x00
+#define PENDING_OFFSET 0x04
+#define FORCE0_OFFSET 0x08
+#define CLEAR_OFFSET 0x0C
+#define MP_STATUS_OFFSET 0x10
+#define BROADCAST_OFFSET 0x14
+#define MASK_OFFSET 0x40
+#define FORCE_OFFSET 0x80
+#define EXTENDED_OFFSET 0xC0
+
+#define TYPE_GRLIB_IRQMP "grlib,irqmp"
+#define GRLIB_IRQMP(obj) OBJECT_CHECK(IRQMP, (obj), TYPE_GRLIB_IRQMP)
+
+typedef struct IRQMPState IRQMPState;
+
+typedef struct IRQMP {
+ SysBusDevice parent_obj;
+
+ MemoryRegion iomem;
+
+ void *set_pil_in;
+ void *set_pil_in_opaque;
+
+ IRQMPState *state;
+} IRQMP;
+
+struct IRQMPState {
+ uint32_t level;
+ uint32_t pending;
+ uint32_t clear;
+ uint32_t broadcast;
+
+ uint32_t mask[IRQMP_MAX_CPU];
+ uint32_t force[IRQMP_MAX_CPU];
+ uint32_t extended[IRQMP_MAX_CPU];
+
+ IRQMP *parent;
+};
+
+static void grlib_irqmp_check_irqs(IRQMPState *state)
+{
+ uint32_t pend = 0;
+ uint32_t level0 = 0;
+ uint32_t level1 = 0;
+ set_pil_in_fn set_pil_in;
+
+ assert(state != NULL);
+ assert(state->parent != NULL);
+
+ /* IRQ for CPU 0 (no SMP support) */
+ pend = (state->pending | state->force[0])
+ & state->mask[0];
+
+ level0 = pend & ~state->level;
+ level1 = pend & state->level;
+
+ trace_grlib_irqmp_check_irqs(state->pending, state->force[0],
+ state->mask[0], level1, level0);
+
+ set_pil_in = (set_pil_in_fn)state->parent->set_pil_in;
+
+ /* Trigger level1 interrupt first and level0 if there is no level1 */
+ if (level1 != 0) {
+ set_pil_in(state->parent->set_pil_in_opaque, level1);
+ } else {
+ set_pil_in(state->parent->set_pil_in_opaque, level0);
+ }
+}
+
+void grlib_irqmp_ack(DeviceState *dev, int intno)
+{
+ IRQMP *irqmp = GRLIB_IRQMP(dev);
+ IRQMPState *state;
+ uint32_t mask;
+
+ state = irqmp->state;
+ assert(state != NULL);
+
+ intno &= 15;
+ mask = 1 << intno;
+
+ trace_grlib_irqmp_ack(intno);
+
+ /* Clear registers */
+ state->pending &= ~mask;
+ state->force[0] &= ~mask; /* Only CPU 0 (No SMP support) */
+
+ grlib_irqmp_check_irqs(state);
+}
+
+void grlib_irqmp_set_irq(void *opaque, int irq, int level)
+{
+ IRQMP *irqmp = GRLIB_IRQMP(opaque);
+ IRQMPState *s;
+ int i = 0;
+
+ s = irqmp->state;
+ assert(s != NULL);
+ assert(s->parent != NULL);
+
+
+ if (level) {
+ trace_grlib_irqmp_set_irq(irq);
+
+ if (s->broadcast & 1 << irq) {
+ /* Broadcasted IRQ */
+ for (i = 0; i < IRQMP_MAX_CPU; i++) {
+ s->force[i] |= 1 << irq;
+ }
+ } else {
+ s->pending |= 1 << irq;
+ }
+ grlib_irqmp_check_irqs(s);
+
+ }
+}
+
+static uint64_t grlib_irqmp_read(void *opaque, hwaddr addr,
+ unsigned size)
+{
+ IRQMP *irqmp = opaque;
+ IRQMPState *state;
+
+ assert(irqmp != NULL);
+ state = irqmp->state;
+ assert(state != NULL);
+
+ addr &= 0xff;
+
+ /* global registers */
+ switch (addr) {
+ case LEVEL_OFFSET:
+ return state->level;
+
+ case PENDING_OFFSET:
+ return state->pending;
+
+ case FORCE0_OFFSET:
+ /* This register is an "alias" for the force register of CPU 0 */
+ return state->force[0];
+
+ case CLEAR_OFFSET:
+ case MP_STATUS_OFFSET:
+ /* Always read as 0 */
+ return 0;
+
+ case BROADCAST_OFFSET:
+ return state->broadcast;
+
+ default:
+ break;
+ }
+
+ /* mask registers */
+ if (addr >= MASK_OFFSET && addr < FORCE_OFFSET) {
+ int cpu = (addr - MASK_OFFSET) / 4;
+ assert(cpu >= 0 && cpu < IRQMP_MAX_CPU);
+
+ return state->mask[cpu];
+ }
+
+ /* force registers */
+ if (addr >= FORCE_OFFSET && addr < EXTENDED_OFFSET) {
+ int cpu = (addr - FORCE_OFFSET) / 4;
+ assert(cpu >= 0 && cpu < IRQMP_MAX_CPU);
+
+ return state->force[cpu];
+ }
+
+ /* extended (not supported) */
+ if (addr >= EXTENDED_OFFSET && addr < IRQMP_REG_SIZE) {
+ int cpu = (addr - EXTENDED_OFFSET) / 4;
+ assert(cpu >= 0 && cpu < IRQMP_MAX_CPU);
+
+ return state->extended[cpu];
+ }
+
+ trace_grlib_irqmp_readl_unknown(addr);
+ return 0;
+}
+
+static void grlib_irqmp_write(void *opaque, hwaddr addr,
+ uint64_t value, unsigned size)
+{
+ IRQMP *irqmp = opaque;
+ IRQMPState *state;
+
+ assert(irqmp != NULL);
+ state = irqmp->state;
+ assert(state != NULL);
+
+ addr &= 0xff;
+
+ /* global registers */
+ switch (addr) {
+ case LEVEL_OFFSET:
+ value &= 0xFFFF << 1; /* clean up the value */
+ state->level = value;
+ return;
+
+ case PENDING_OFFSET:
+ /* Read Only */
+ return;
+
+ case FORCE0_OFFSET:
+ /* This register is an "alias" for the force register of CPU 0 */
+
+ value &= 0xFFFE; /* clean up the value */
+ state->force[0] = value;
+ grlib_irqmp_check_irqs(irqmp->state);
+ return;
+
+ case CLEAR_OFFSET:
+ value &= ~1; /* clean up the value */
+ state->pending &= ~value;
+ return;
+
+ case MP_STATUS_OFFSET:
+ /* Read Only (no SMP support) */
+ return;
+
+ case BROADCAST_OFFSET:
+ value &= 0xFFFE; /* clean up the value */
+ state->broadcast = value;
+ return;
+
+ default:
+ break;
+ }
+
+ /* mask registers */
+ if (addr >= MASK_OFFSET && addr < FORCE_OFFSET) {
+ int cpu = (addr - MASK_OFFSET) / 4;
+ assert(cpu >= 0 && cpu < IRQMP_MAX_CPU);
+
+ value &= ~1; /* clean up the value */
+ state->mask[cpu] = value;
+ grlib_irqmp_check_irqs(irqmp->state);
+ return;
+ }
+
+ /* force registers */
+ if (addr >= FORCE_OFFSET && addr < EXTENDED_OFFSET) {
+ int cpu = (addr - FORCE_OFFSET) / 4;
+ assert(cpu >= 0 && cpu < IRQMP_MAX_CPU);
+
+ uint32_t force = value & 0xFFFE;
+ uint32_t clear = (value >> 16) & 0xFFFE;
+ uint32_t old = state->force[cpu];
+
+ state->force[cpu] = (old | force) & ~clear;
+ grlib_irqmp_check_irqs(irqmp->state);
+ return;
+ }
+
+ /* extended (not supported) */
+ if (addr >= EXTENDED_OFFSET && addr < IRQMP_REG_SIZE) {
+ int cpu = (addr - EXTENDED_OFFSET) / 4;
+ assert(cpu >= 0 && cpu < IRQMP_MAX_CPU);
+
+ value &= 0xF; /* clean up the value */
+ state->extended[cpu] = value;
+ return;
+ }
+
+ trace_grlib_irqmp_writel_unknown(addr, value);
+}
+
+static const MemoryRegionOps grlib_irqmp_ops = {
+ .read = grlib_irqmp_read,
+ .write = grlib_irqmp_write,
+ .endianness = DEVICE_NATIVE_ENDIAN,
+ .valid = {
+ .min_access_size = 4,
+ .max_access_size = 4,
+ },
+};
+
+static void grlib_irqmp_reset(DeviceState *d)
+{
+ IRQMP *irqmp = GRLIB_IRQMP(d);
+ assert(irqmp->state != NULL);
+
+ memset(irqmp->state, 0, sizeof *irqmp->state);
+ irqmp->state->parent = irqmp;
+}
+
+static int grlib_irqmp_init(SysBusDevice *dev)
+{
+ IRQMP *irqmp = GRLIB_IRQMP(dev);
+
+ /* Check parameters */
+ if (irqmp->set_pil_in == NULL) {
+ return -1;
+ }
+
+ memory_region_init_io(&irqmp->iomem, OBJECT(dev), &grlib_irqmp_ops, irqmp,
+ "irqmp", IRQMP_REG_SIZE);
+
+ irqmp->state = g_malloc0(sizeof *irqmp->state);
+
+ sysbus_init_mmio(dev, &irqmp->iomem);
+
+ return 0;
+}
+
+static Property grlib_irqmp_properties[] = {
+ DEFINE_PROP_PTR("set_pil_in", IRQMP, set_pil_in),
+ DEFINE_PROP_PTR("set_pil_in_opaque", IRQMP, set_pil_in_opaque),
+ DEFINE_PROP_END_OF_LIST(),
+};
+
+static void grlib_irqmp_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
+
+ k->init = grlib_irqmp_init;
+ dc->reset = grlib_irqmp_reset;
+ dc->props = grlib_irqmp_properties;
+}
+
+static const TypeInfo grlib_irqmp_info = {
+ .name = TYPE_GRLIB_IRQMP,
+ .parent = TYPE_SYS_BUS_DEVICE,
+ .instance_size = sizeof(IRQMP),
+ .class_init = grlib_irqmp_class_init,
+};
+
+static void grlib_irqmp_register_types(void)
+{
+ type_register_static(&grlib_irqmp_info);
+}
+
+type_init(grlib_irqmp_register_types)
diff --git a/hw/intc/heathrow_pic.c b/hw/intc/heathrow_pic.c
new file mode 100644
index 000000000..9818f2430
--- /dev/null
+++ b/hw/intc/heathrow_pic.c
@@ -0,0 +1,215 @@
+/*
+ * Heathrow PIC support (OldWorld PowerMac)
+ *
+ * Copyright (c) 2005-2007 Fabrice Bellard
+ * Copyright (c) 2007 Jocelyn Mayer
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+#include "hw/hw.h"
+#include "hw/ppc/mac.h"
+
+/* debug PIC */
+//#define DEBUG_PIC
+
+#ifdef DEBUG_PIC
+#define PIC_DPRINTF(fmt, ...) \
+ do { printf("PIC: " fmt , ## __VA_ARGS__); } while (0)
+#else
+#define PIC_DPRINTF(fmt, ...)
+#endif
+
+typedef struct HeathrowPIC {
+ uint32_t events;
+ uint32_t mask;
+ uint32_t levels;
+ uint32_t level_triggered;
+} HeathrowPIC;
+
+typedef struct HeathrowPICS {
+ MemoryRegion mem;
+ HeathrowPIC pics[2];
+ qemu_irq *irqs;
+} HeathrowPICS;
+
+static inline int check_irq(HeathrowPIC *pic)
+{
+ return (pic->events | (pic->levels & pic->level_triggered)) & pic->mask;
+}
+
+/* update the CPU irq state */
+static void heathrow_pic_update(HeathrowPICS *s)
+{
+ if (check_irq(&s->pics[0]) || check_irq(&s->pics[1])) {
+ qemu_irq_raise(s->irqs[0]);
+ } else {
+ qemu_irq_lower(s->irqs[0]);
+ }
+}
+
+static void pic_write(void *opaque, hwaddr addr,
+ uint64_t value, unsigned size)
+{
+ HeathrowPICS *s = opaque;
+ HeathrowPIC *pic;
+ unsigned int n;
+
+ n = ((addr & 0xfff) - 0x10) >> 4;
+ PIC_DPRINTF("writel: " TARGET_FMT_plx " %u: %08x\n", addr, n, value);
+ if (n >= 2)
+ return;
+ pic = &s->pics[n];
+ switch(addr & 0xf) {
+ case 0x04:
+ pic->mask = value;
+ heathrow_pic_update(s);
+ break;
+ case 0x08:
+ /* do not reset level triggered IRQs */
+ value &= ~pic->level_triggered;
+ pic->events &= ~value;
+ heathrow_pic_update(s);
+ break;
+ default:
+ break;
+ }
+}
+
+static uint64_t pic_read(void *opaque, hwaddr addr,
+ unsigned size)
+{
+ HeathrowPICS *s = opaque;
+ HeathrowPIC *pic;
+ unsigned int n;
+ uint32_t value;
+
+ n = ((addr & 0xfff) - 0x10) >> 4;
+ if (n >= 2) {
+ value = 0;
+ } else {
+ pic = &s->pics[n];
+ switch(addr & 0xf) {
+ case 0x0:
+ value = pic->events;
+ break;
+ case 0x4:
+ value = pic->mask;
+ break;
+ case 0xc:
+ value = pic->levels;
+ break;
+ default:
+ value = 0;
+ break;
+ }
+ }
+ PIC_DPRINTF("readl: " TARGET_FMT_plx " %u: %08x\n", addr, n, value);
+ return value;
+}
+
+static const MemoryRegionOps heathrow_pic_ops = {
+ .read = pic_read,
+ .write = pic_write,
+ .endianness = DEVICE_LITTLE_ENDIAN,
+};
+
+static void heathrow_pic_set_irq(void *opaque, int num, int level)
+{
+ HeathrowPICS *s = opaque;
+ HeathrowPIC *pic;
+ unsigned int irq_bit;
+
+#if defined(DEBUG)
+ {
+ static int last_level[64];
+ if (last_level[num] != level) {
+ PIC_DPRINTF("set_irq: num=0x%02x level=%d\n", num, level);
+ last_level[num] = level;
+ }
+ }
+#endif
+ pic = &s->pics[1 - (num >> 5)];
+ irq_bit = 1 << (num & 0x1f);
+ if (level) {
+ pic->events |= irq_bit & ~pic->level_triggered;
+ pic->levels |= irq_bit;
+ } else {
+ pic->levels &= ~irq_bit;
+ }
+ heathrow_pic_update(s);
+}
+
+static const VMStateDescription vmstate_heathrow_pic_one = {
+ .name = "heathrow_pic_one",
+ .version_id = 0,
+ .minimum_version_id = 0,
+ .minimum_version_id_old = 0,
+ .fields = (VMStateField[]) {
+ VMSTATE_UINT32(events, HeathrowPIC),
+ VMSTATE_UINT32(mask, HeathrowPIC),
+ VMSTATE_UINT32(levels, HeathrowPIC),
+ VMSTATE_UINT32(level_triggered, HeathrowPIC),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+static const VMStateDescription vmstate_heathrow_pic = {
+ .name = "heathrow_pic",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .minimum_version_id_old = 1,
+ .fields = (VMStateField[]) {
+ VMSTATE_STRUCT_ARRAY(pics, HeathrowPICS, 2, 1,
+ vmstate_heathrow_pic_one, HeathrowPIC),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+static void heathrow_pic_reset_one(HeathrowPIC *s)
+{
+ memset(s, '\0', sizeof(HeathrowPIC));
+}
+
+static void heathrow_pic_reset(void *opaque)
+{
+ HeathrowPICS *s = opaque;
+
+ heathrow_pic_reset_one(&s->pics[0]);
+ heathrow_pic_reset_one(&s->pics[1]);
+
+ s->pics[0].level_triggered = 0;
+ s->pics[1].level_triggered = 0x1ff00000;
+}
+
+qemu_irq *heathrow_pic_init(MemoryRegion **pmem,
+ int nb_cpus, qemu_irq **irqs)
+{
+ HeathrowPICS *s;
+
+ s = g_malloc0(sizeof(HeathrowPICS));
+ /* only 1 CPU */
+ s->irqs = irqs[0];
+ memory_region_init_io(&s->mem, NULL, &heathrow_pic_ops, s,
+ "heathrow-pic", 0x1000);
+ *pmem = &s->mem;
+
+ vmstate_register(NULL, -1, &vmstate_heathrow_pic, s);
+ qemu_register_reset(heathrow_pic_reset, s);
+ return qemu_allocate_irqs(heathrow_pic_set_irq, s, 64);
+}
diff --git a/hw/intc/i8259.c b/hw/intc/i8259.c
new file mode 100644
index 000000000..1415bda93
--- /dev/null
+++ b/hw/intc/i8259.c
@@ -0,0 +1,522 @@
+/*
+ * QEMU 8259 interrupt controller emulation
+ *
+ * Copyright (c) 2003-2004 Fabrice Bellard
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+#include "hw/hw.h"
+#include "hw/i386/pc.h"
+#include "hw/isa/isa.h"
+#include "monitor/monitor.h"
+#include "qemu/timer.h"
+#include "hw/isa/i8259_internal.h"
+
+/* debug PIC */
+//#define DEBUG_PIC
+
+#ifdef DEBUG_PIC
+#define DPRINTF(fmt, ...) \
+ do { printf("pic: " fmt , ## __VA_ARGS__); } while (0)
+#else
+#define DPRINTF(fmt, ...)
+#endif
+
+//#define DEBUG_IRQ_LATENCY
+//#define DEBUG_IRQ_COUNT
+
+#define TYPE_I8259 "isa-i8259"
+#define PIC_CLASS(class) OBJECT_CLASS_CHECK(PICClass, (class), TYPE_I8259)
+#define PIC_GET_CLASS(obj) OBJECT_GET_CLASS(PICClass, (obj), TYPE_I8259)
+
+/**
+ * PICClass:
+ * @parent_realize: The parent's realizefn.
+ */
+typedef struct PICClass {
+ PICCommonClass parent_class;
+
+ DeviceRealize parent_realize;
+} PICClass;
+
+#if defined(DEBUG_PIC) || defined(DEBUG_IRQ_COUNT)
+static int irq_level[16];
+#endif
+#ifdef DEBUG_IRQ_COUNT
+static uint64_t irq_count[16];
+#endif
+#ifdef DEBUG_IRQ_LATENCY
+static int64_t irq_time[16];
+#endif
+DeviceState *isa_pic;
+static PICCommonState *slave_pic;
+
+/* return the highest priority found in mask (highest = smallest
+ number). Return 8 if no irq */
+static int get_priority(PICCommonState *s, int mask)
+{
+ int priority;
+
+ if (mask == 0) {
+ return 8;
+ }
+ priority = 0;
+ while ((mask & (1 << ((priority + s->priority_add) & 7))) == 0) {
+ priority++;
+ }
+ return priority;
+}
+
+/* return the pic wanted interrupt. return -1 if none */
+static int pic_get_irq(PICCommonState *s)
+{
+ int mask, cur_priority, priority;
+
+ mask = s->irr & ~s->imr;
+ priority = get_priority(s, mask);
+ if (priority == 8) {
+ return -1;
+ }
+ /* compute current priority. If special fully nested mode on the
+ master, the IRQ coming from the slave is not taken into account
+ for the priority computation. */
+ mask = s->isr;
+ if (s->special_mask) {
+ mask &= ~s->imr;
+ }
+ if (s->special_fully_nested_mode && s->master) {
+ mask &= ~(1 << 2);
+ }
+ cur_priority = get_priority(s, mask);
+ if (priority < cur_priority) {
+ /* higher priority found: an irq should be generated */
+ return (priority + s->priority_add) & 7;
+ } else {
+ return -1;
+ }
+}
+
+/* Update INT output. Must be called every time the output may have changed. */
+static void pic_update_irq(PICCommonState *s)
+{
+ int irq;
+
+ irq = pic_get_irq(s);
+ if (irq >= 0) {
+ DPRINTF("pic%d: imr=%x irr=%x padd=%d\n",
+ s->master ? 0 : 1, s->imr, s->irr, s->priority_add);
+ qemu_irq_raise(s->int_out[0]);
+ } else {
+ qemu_irq_lower(s->int_out[0]);
+ }
+}
+
+/* set irq level. If an edge is detected, then the IRR is set to 1 */
+static void pic_set_irq(void *opaque, int irq, int level)
+{
+ PICCommonState *s = opaque;
+ int mask = 1 << irq;
+
+#if defined(DEBUG_PIC) || defined(DEBUG_IRQ_COUNT) || \
+ defined(DEBUG_IRQ_LATENCY)
+ int irq_index = s->master ? irq : irq + 8;
+#endif
+#if defined(DEBUG_PIC) || defined(DEBUG_IRQ_COUNT)
+ if (level != irq_level[irq_index]) {
+ DPRINTF("pic_set_irq: irq=%d level=%d\n", irq_index, level);
+ irq_level[irq_index] = level;
+#ifdef DEBUG_IRQ_COUNT
+ if (level == 1) {
+ irq_count[irq_index]++;
+ }
+#endif
+ }
+#endif
+#ifdef DEBUG_IRQ_LATENCY
+ if (level) {
+ irq_time[irq_index] = qemu_get_clock_ns(vm_clock);
+ }
+#endif
+
+ if (s->elcr & mask) {
+ /* level triggered */
+ if (level) {
+ s->irr |= mask;
+ s->last_irr |= mask;
+ } else {
+ s->irr &= ~mask;
+ s->last_irr &= ~mask;
+ }
+ } else {
+ /* edge triggered */
+ if (level) {
+ if ((s->last_irr & mask) == 0) {
+ s->irr |= mask;
+ }
+ s->last_irr |= mask;
+ } else {
+ s->last_irr &= ~mask;
+ }
+ }
+ pic_update_irq(s);
+}
+
+/* acknowledge interrupt 'irq' */
+static void pic_intack(PICCommonState *s, int irq)
+{
+ if (s->auto_eoi) {
+ if (s->rotate_on_auto_eoi) {
+ s->priority_add = (irq + 1) & 7;
+ }
+ } else {
+ s->isr |= (1 << irq);
+ }
+ /* We don't clear a level sensitive interrupt here */
+ if (!(s->elcr & (1 << irq))) {
+ s->irr &= ~(1 << irq);
+ }
+ pic_update_irq(s);
+}
+
+int pic_read_irq(DeviceState *d)
+{
+ PICCommonState *s = PIC_COMMON(d);
+ int irq, irq2, intno;
+
+ irq = pic_get_irq(s);
+ if (irq >= 0) {
+ if (irq == 2) {
+ irq2 = pic_get_irq(slave_pic);
+ if (irq2 >= 0) {
+ pic_intack(slave_pic, irq2);
+ } else {
+ /* spurious IRQ on slave controller */
+ irq2 = 7;
+ }
+ intno = slave_pic->irq_base + irq2;
+ } else {
+ intno = s->irq_base + irq;
+ }
+ pic_intack(s, irq);
+ } else {
+ /* spurious IRQ on host controller */
+ irq = 7;
+ intno = s->irq_base + irq;
+ }
+
+#if defined(DEBUG_PIC) || defined(DEBUG_IRQ_LATENCY)
+ if (irq == 2) {
+ irq = irq2 + 8;
+ }
+#endif
+#ifdef DEBUG_IRQ_LATENCY
+ printf("IRQ%d latency=%0.3fus\n",
+ irq,
+ (double)(qemu_get_clock_ns(vm_clock) -
+ irq_time[irq]) * 1000000.0 / get_ticks_per_sec());
+#endif
+ DPRINTF("pic_interrupt: irq=%d\n", irq);
+ return intno;
+}
+
+static void pic_init_reset(PICCommonState *s)
+{
+ pic_reset_common(s);
+ pic_update_irq(s);
+}
+
+static void pic_reset(DeviceState *dev)
+{
+ PICCommonState *s = PIC_COMMON(dev);
+
+ s->elcr = 0;
+ pic_init_reset(s);
+}
+
+static void pic_ioport_write(void *opaque, hwaddr addr64,
+ uint64_t val64, unsigned size)
+{
+ PICCommonState *s = opaque;
+ uint32_t addr = addr64;
+ uint32_t val = val64;
+ int priority, cmd, irq;
+
+ DPRINTF("write: addr=0x%02x val=0x%02x\n", addr, val);
+ if (addr == 0) {
+ if (val & 0x10) {
+ pic_init_reset(s);
+ s->init_state = 1;
+ s->init4 = val & 1;
+ s->single_mode = val & 2;
+ if (val & 0x08) {
+ hw_error("level sensitive irq not supported");
+ }
+ } else if (val & 0x08) {
+ if (val & 0x04) {
+ s->poll = 1;
+ }
+ if (val & 0x02) {
+ s->read_reg_select = val & 1;
+ }
+ if (val & 0x40) {
+ s->special_mask = (val >> 5) & 1;
+ }
+ } else {
+ cmd = val >> 5;
+ switch (cmd) {
+ case 0:
+ case 4:
+ s->rotate_on_auto_eoi = cmd >> 2;
+ break;
+ case 1: /* end of interrupt */
+ case 5:
+ priority = get_priority(s, s->isr);
+ if (priority != 8) {
+ irq = (priority + s->priority_add) & 7;
+ s->isr &= ~(1 << irq);
+ if (cmd == 5) {
+ s->priority_add = (irq + 1) & 7;
+ }
+ pic_update_irq(s);
+ }
+ break;
+ case 3:
+ irq = val & 7;
+ s->isr &= ~(1 << irq);
+ pic_update_irq(s);
+ break;
+ case 6:
+ s->priority_add = (val + 1) & 7;
+ pic_update_irq(s);
+ break;
+ case 7:
+ irq = val & 7;
+ s->isr &= ~(1 << irq);
+ s->priority_add = (irq + 1) & 7;
+ pic_update_irq(s);
+ break;
+ default:
+ /* no operation */
+ break;
+ }
+ }
+ } else {
+ switch (s->init_state) {
+ case 0:
+ /* normal mode */
+ s->imr = val;
+ pic_update_irq(s);
+ break;
+ case 1:
+ s->irq_base = val & 0xf8;
+ s->init_state = s->single_mode ? (s->init4 ? 3 : 0) : 2;
+ break;
+ case 2:
+ if (s->init4) {
+ s->init_state = 3;
+ } else {
+ s->init_state = 0;
+ }
+ break;
+ case 3:
+ s->special_fully_nested_mode = (val >> 4) & 1;
+ s->auto_eoi = (val >> 1) & 1;
+ s->init_state = 0;
+ break;
+ }
+ }
+}
+
+static uint64_t pic_ioport_read(void *opaque, hwaddr addr,
+ unsigned size)
+{
+ PICCommonState *s = opaque;
+ int ret;
+
+ if (s->poll) {
+ ret = pic_get_irq(s);
+ if (ret >= 0) {
+ pic_intack(s, ret);
+ ret |= 0x80;
+ } else {
+ ret = 0;
+ }
+ s->poll = 0;
+ } else {
+ if (addr == 0) {
+ if (s->read_reg_select) {
+ ret = s->isr;
+ } else {
+ ret = s->irr;
+ }
+ } else {
+ ret = s->imr;
+ }
+ }
+ DPRINTF("read: addr=0x%02x val=0x%02x\n", addr, ret);
+ return ret;
+}
+
+int pic_get_output(DeviceState *d)
+{
+ PICCommonState *s = PIC_COMMON(d);
+
+ return (pic_get_irq(s) >= 0);
+}
+
+static void elcr_ioport_write(void *opaque, hwaddr addr,
+ uint64_t val, unsigned size)
+{
+ PICCommonState *s = opaque;
+ s->elcr = val & s->elcr_mask;
+}
+
+static uint64_t elcr_ioport_read(void *opaque, hwaddr addr,
+ unsigned size)
+{
+ PICCommonState *s = opaque;
+ return s->elcr;
+}
+
+static const MemoryRegionOps pic_base_ioport_ops = {
+ .read = pic_ioport_read,
+ .write = pic_ioport_write,
+ .impl = {
+ .min_access_size = 1,
+ .max_access_size = 1,
+ },
+};
+
+static const MemoryRegionOps pic_elcr_ioport_ops = {
+ .read = elcr_ioport_read,
+ .write = elcr_ioport_write,
+ .impl = {
+ .min_access_size = 1,
+ .max_access_size = 1,
+ },
+};
+
+static void pic_realize(DeviceState *dev, Error **err)
+{
+ PICCommonState *s = PIC_COMMON(dev);
+ PICClass *pc = PIC_GET_CLASS(dev);
+
+ memory_region_init_io(&s->base_io, OBJECT(s), &pic_base_ioport_ops, s,
+ "pic", 2);
+ memory_region_init_io(&s->elcr_io, OBJECT(s), &pic_elcr_ioport_ops, s,
+ "elcr", 1);
+
+ qdev_init_gpio_out(dev, s->int_out, ARRAY_SIZE(s->int_out));
+ qdev_init_gpio_in(dev, pic_set_irq, 8);
+
+ pc->parent_realize(dev, err);
+}
+
+void pic_info(Monitor *mon, const QDict *qdict)
+{
+ int i;
+ PICCommonState *s;
+
+ if (!isa_pic) {
+ return;
+ }
+ for (i = 0; i < 2; i++) {
+ s = i == 0 ? PIC_COMMON(isa_pic) : slave_pic;
+ monitor_printf(mon, "pic%d: irr=%02x imr=%02x isr=%02x hprio=%d "
+ "irq_base=%02x rr_sel=%d elcr=%02x fnm=%d\n",
+ i, s->irr, s->imr, s->isr, s->priority_add,
+ s->irq_base, s->read_reg_select, s->elcr,
+ s->special_fully_nested_mode);
+ }
+}
+
+void irq_info(Monitor *mon, const QDict *qdict)
+{
+#ifndef DEBUG_IRQ_COUNT
+ monitor_printf(mon, "irq statistic code not compiled.\n");
+#else
+ int i;
+ int64_t count;
+
+ monitor_printf(mon, "IRQ statistics:\n");
+ for (i = 0; i < 16; i++) {
+ count = irq_count[i];
+ if (count > 0) {
+ monitor_printf(mon, "%2d: %" PRId64 "\n", i, count);
+ }
+ }
+#endif
+}
+
+qemu_irq *i8259_init(ISABus *bus, qemu_irq parent_irq)
+{
+ qemu_irq *irq_set;
+ DeviceState *dev;
+ ISADevice *isadev;
+ int i;
+
+ irq_set = g_malloc(ISA_NUM_IRQS * sizeof(qemu_irq));
+
+ isadev = i8259_init_chip(TYPE_I8259, bus, true);
+ dev = DEVICE(isadev);
+
+ qdev_connect_gpio_out(dev, 0, parent_irq);
+ for (i = 0 ; i < 8; i++) {
+ irq_set[i] = qdev_get_gpio_in(dev, i);
+ }
+
+ isa_pic = dev;
+
+ isadev = i8259_init_chip(TYPE_I8259, bus, false);
+ dev = DEVICE(isadev);
+
+ qdev_connect_gpio_out(dev, 0, irq_set[2]);
+ for (i = 0 ; i < 8; i++) {
+ irq_set[i + 8] = qdev_get_gpio_in(dev, i);
+ }
+
+ slave_pic = PIC_COMMON(dev);
+
+ return irq_set;
+}
+
+static void i8259_class_init(ObjectClass *klass, void *data)
+{
+ PICClass *k = PIC_CLASS(klass);
+ DeviceClass *dc = DEVICE_CLASS(klass);
+
+ k->parent_realize = dc->realize;
+ dc->realize = pic_realize;
+ dc->reset = pic_reset;
+}
+
+static const TypeInfo i8259_info = {
+ .name = TYPE_I8259,
+ .instance_size = sizeof(PICCommonState),
+ .parent = TYPE_PIC_COMMON,
+ .class_init = i8259_class_init,
+ .class_size = sizeof(PICClass),
+};
+
+static void pic_register_types(void)
+{
+ type_register_static(&i8259_info);
+}
+
+type_init(pic_register_types)
diff --git a/hw/intc/i8259_common.c b/hw/intc/i8259_common.c
new file mode 100644
index 000000000..803d037f6
--- /dev/null
+++ b/hw/intc/i8259_common.c
@@ -0,0 +1,157 @@
+/*
+ * QEMU 8259 - common bits of emulated and KVM kernel model
+ *
+ * Copyright (c) 2003-2004 Fabrice Bellard
+ * Copyright (c) 2011 Jan Kiszka, Siemens AG
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+#include "hw/i386/pc.h"
+#include "hw/isa/i8259_internal.h"
+
+void pic_reset_common(PICCommonState *s)
+{
+ s->last_irr = 0;
+ s->irr &= s->elcr;
+ s->imr = 0;
+ s->isr = 0;
+ s->priority_add = 0;
+ s->irq_base = 0;
+ s->read_reg_select = 0;
+ s->poll = 0;
+ s->special_mask = 0;
+ s->init_state = 0;
+ s->auto_eoi = 0;
+ s->rotate_on_auto_eoi = 0;
+ s->special_fully_nested_mode = 0;
+ s->init4 = 0;
+ s->single_mode = 0;
+ /* Note: ELCR is not reset */
+}
+
+static void pic_dispatch_pre_save(void *opaque)
+{
+ PICCommonState *s = opaque;
+ PICCommonClass *info = PIC_COMMON_GET_CLASS(s);
+
+ if (info->pre_save) {
+ info->pre_save(s);
+ }
+}
+
+static int pic_dispatch_post_load(void *opaque, int version_id)
+{
+ PICCommonState *s = opaque;
+ PICCommonClass *info = PIC_COMMON_GET_CLASS(s);
+
+ if (info->post_load) {
+ info->post_load(s);
+ }
+ return 0;
+}
+
+static void pic_common_realize(DeviceState *dev, Error **errp)
+{
+ PICCommonState *s = PIC_COMMON(dev);
+
+ isa_register_ioport(NULL, &s->base_io, s->iobase);
+ if (s->elcr_addr != -1) {
+ isa_register_ioport(NULL, &s->elcr_io, s->elcr_addr);
+ }
+
+ qdev_set_legacy_instance_id(dev, s->iobase, 1);
+}
+
+ISADevice *i8259_init_chip(const char *name, ISABus *bus, bool master)
+{
+ DeviceState *dev;
+ ISADevice *isadev;
+
+ isadev = isa_create(bus, name);
+ dev = DEVICE(isadev);
+ qdev_prop_set_uint32(dev, "iobase", master ? 0x20 : 0xa0);
+ qdev_prop_set_uint32(dev, "elcr_addr", master ? 0x4d0 : 0x4d1);
+ qdev_prop_set_uint8(dev, "elcr_mask", master ? 0xf8 : 0xde);
+ qdev_prop_set_bit(dev, "master", master);
+ qdev_init_nofail(dev);
+
+ return isadev;
+}
+
+static const VMStateDescription vmstate_pic_common = {
+ .name = "i8259",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .minimum_version_id_old = 1,
+ .pre_save = pic_dispatch_pre_save,
+ .post_load = pic_dispatch_post_load,
+ .fields = (VMStateField[]) {
+ VMSTATE_UINT8(last_irr, PICCommonState),
+ VMSTATE_UINT8(irr, PICCommonState),
+ VMSTATE_UINT8(imr, PICCommonState),
+ VMSTATE_UINT8(isr, PICCommonState),
+ VMSTATE_UINT8(priority_add, PICCommonState),
+ VMSTATE_UINT8(irq_base, PICCommonState),
+ VMSTATE_UINT8(read_reg_select, PICCommonState),
+ VMSTATE_UINT8(poll, PICCommonState),
+ VMSTATE_UINT8(special_mask, PICCommonState),
+ VMSTATE_UINT8(init_state, PICCommonState),
+ VMSTATE_UINT8(auto_eoi, PICCommonState),
+ VMSTATE_UINT8(rotate_on_auto_eoi, PICCommonState),
+ VMSTATE_UINT8(special_fully_nested_mode, PICCommonState),
+ VMSTATE_UINT8(init4, PICCommonState),
+ VMSTATE_UINT8(single_mode, PICCommonState),
+ VMSTATE_UINT8(elcr, PICCommonState),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+static Property pic_properties_common[] = {
+ DEFINE_PROP_HEX32("iobase", PICCommonState, iobase, -1),
+ DEFINE_PROP_HEX32("elcr_addr", PICCommonState, elcr_addr, -1),
+ DEFINE_PROP_HEX8("elcr_mask", PICCommonState, elcr_mask, -1),
+ DEFINE_PROP_BIT("master", PICCommonState, master, 0, false),
+ DEFINE_PROP_END_OF_LIST(),
+};
+
+static void pic_common_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+
+ dc->vmsd = &vmstate_pic_common;
+ dc->no_user = 1;
+ dc->props = pic_properties_common;
+ dc->realize = pic_common_realize;
+}
+
+static const TypeInfo pic_common_type = {
+ .name = TYPE_PIC_COMMON,
+ .parent = TYPE_ISA_DEVICE,
+ .instance_size = sizeof(PICCommonState),
+ .class_size = sizeof(PICCommonClass),
+ .class_init = pic_common_class_init,
+ .abstract = true,
+};
+
+static void pic_common_register_types(void)
+{
+ type_register_static(&pic_common_type);
+}
+
+type_init(pic_common_register_types)
diff --git a/hw/intc/imx_avic.c b/hw/intc/imx_avic.c
new file mode 100644
index 000000000..fb00e910f
--- /dev/null
+++ b/hw/intc/imx_avic.c
@@ -0,0 +1,416 @@
+/*
+ * i.MX31 Vectored Interrupt Controller
+ *
+ * Note this is NOT the PL192 provided by ARM, but
+ * a custom implementation by Freescale.
+ *
+ * Copyright (c) 2008 OKL
+ * Copyright (c) 2011 NICTA Pty Ltd
+ * Originally written by Hans Jiang
+ *
+ * This code is licensed under the GPL version 2 or later. See
+ * the COPYING file in the top-level directory.
+ *
+ * TODO: implement vectors.
+ */
+
+#include "hw/hw.h"
+#include "hw/sysbus.h"
+#include "qemu/host-utils.h"
+
+#define DEBUG_INT 1
+#undef DEBUG_INT /* comment out for debugging */
+
+#ifdef DEBUG_INT
+#define DPRINTF(fmt, args...) \
+do { printf("imx_avic: " fmt , ##args); } while (0)
+#else
+#define DPRINTF(fmt, args...) do {} while (0)
+#endif
+
+/*
+ * Define to 1 for messages about attempts to
+ * access unimplemented registers or similar.
+ */
+#define DEBUG_IMPLEMENTATION 1
+#if DEBUG_IMPLEMENTATION
+# define IPRINTF(fmt, args...) \
+ do { fprintf(stderr, "imx_avic: " fmt, ##args); } while (0)
+#else
+# define IPRINTF(fmt, args...) do {} while (0)
+#endif
+
+#define IMX_AVIC_NUM_IRQS 64
+
+/* Interrupt Control Bits */
+#define ABFLAG (1<<25)
+#define ABFEN (1<<24)
+#define NIDIS (1<<22) /* Normal Interrupt disable */
+#define FIDIS (1<<21) /* Fast interrupt disable */
+#define NIAD (1<<20) /* Normal Interrupt Arbiter Rise ARM level */
+#define FIAD (1<<19) /* Fast Interrupt Arbiter Rise ARM level */
+#define NM (1<<18) /* Normal interrupt mode */
+
+
+#define PRIO_PER_WORD (sizeof(uint32_t) * 8 / 4)
+#define PRIO_WORDS (IMX_AVIC_NUM_IRQS/PRIO_PER_WORD)
+
+#define TYPE_IMX_AVIC "imx_avic"
+#define IMX_AVIC(obj) \
+ OBJECT_CHECK(IMXAVICState, (obj), TYPE_IMX_AVIC)
+
+typedef struct IMXAVICState {
+ SysBusDevice parent_obj;
+
+ MemoryRegion iomem;
+ uint64_t pending;
+ uint64_t enabled;
+ uint64_t is_fiq;
+ uint32_t intcntl;
+ uint32_t intmask;
+ qemu_irq irq;
+ qemu_irq fiq;
+ uint32_t prio[PRIO_WORDS]; /* Priorities are 4-bits each */
+} IMXAVICState;
+
+static const VMStateDescription vmstate_imx_avic = {
+ .name = "imx-avic",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .minimum_version_id_old = 1,
+ .fields = (VMStateField[]) {
+ VMSTATE_UINT64(pending, IMXAVICState),
+ VMSTATE_UINT64(enabled, IMXAVICState),
+ VMSTATE_UINT64(is_fiq, IMXAVICState),
+ VMSTATE_UINT32(intcntl, IMXAVICState),
+ VMSTATE_UINT32(intmask, IMXAVICState),
+ VMSTATE_UINT32_ARRAY(prio, IMXAVICState, PRIO_WORDS),
+ VMSTATE_END_OF_LIST()
+ },
+};
+
+
+
+static inline int imx_avic_prio(IMXAVICState *s, int irq)
+{
+ uint32_t word = irq / PRIO_PER_WORD;
+ uint32_t part = 4 * (irq % PRIO_PER_WORD);
+ return 0xf & (s->prio[word] >> part);
+}
+
+static inline void imx_avic_set_prio(IMXAVICState *s, int irq, int prio)
+{
+ uint32_t word = irq / PRIO_PER_WORD;
+ uint32_t part = 4 * (irq % PRIO_PER_WORD);
+ uint32_t mask = ~(0xf << part);
+ s->prio[word] &= mask;
+ s->prio[word] |= prio << part;
+}
+
+/* Update interrupts. */
+static void imx_avic_update(IMXAVICState *s)
+{
+ int i;
+ uint64_t new = s->pending & s->enabled;
+ uint64_t flags;
+
+ flags = new & s->is_fiq;
+ qemu_set_irq(s->fiq, !!flags);
+
+ flags = new & ~s->is_fiq;
+ if (!flags || (s->intmask == 0x1f)) {
+ qemu_set_irq(s->irq, !!flags);
+ return;
+ }
+
+ /*
+ * Take interrupt if there's a pending interrupt with
+ * priority higher than the value of intmask
+ */
+ for (i = 0; i < IMX_AVIC_NUM_IRQS; i++) {
+ if (flags & (1UL << i)) {
+ if (imx_avic_prio(s, i) > s->intmask) {
+ qemu_set_irq(s->irq, 1);
+ return;
+ }
+ }
+ }
+ qemu_set_irq(s->irq, 0);
+}
+
+static void imx_avic_set_irq(void *opaque, int irq, int level)
+{
+ IMXAVICState *s = (IMXAVICState *)opaque;
+
+ if (level) {
+ DPRINTF("Raising IRQ %d, prio %d\n",
+ irq, imx_avic_prio(s, irq));
+ s->pending |= (1ULL << irq);
+ } else {
+ DPRINTF("Clearing IRQ %d, prio %d\n",
+ irq, imx_avic_prio(s, irq));
+ s->pending &= ~(1ULL << irq);
+ }
+
+ imx_avic_update(s);
+}
+
+
+static uint64_t imx_avic_read(void *opaque,
+ hwaddr offset, unsigned size)
+{
+ IMXAVICState *s = (IMXAVICState *)opaque;
+
+
+ DPRINTF("read(offset = 0x%x)\n", offset >> 2);
+ switch (offset >> 2) {
+ case 0: /* INTCNTL */
+ return s->intcntl;
+
+ case 1: /* Normal Interrupt Mask Register, NIMASK */
+ return s->intmask;
+
+ case 2: /* Interrupt Enable Number Register, INTENNUM */
+ case 3: /* Interrupt Disable Number Register, INTDISNUM */
+ return 0;
+
+ case 4: /* Interrupt Enabled Number Register High */
+ return s->enabled >> 32;
+
+ case 5: /* Interrupt Enabled Number Register Low */
+ return s->enabled & 0xffffffffULL;
+
+ case 6: /* Interrupt Type Register High */
+ return s->is_fiq >> 32;
+
+ case 7: /* Interrupt Type Register Low */
+ return s->is_fiq & 0xffffffffULL;
+
+ case 8: /* Normal Interrupt Priority Register 7 */
+ case 9: /* Normal Interrupt Priority Register 6 */
+ case 10:/* Normal Interrupt Priority Register 5 */
+ case 11:/* Normal Interrupt Priority Register 4 */
+ case 12:/* Normal Interrupt Priority Register 3 */
+ case 13:/* Normal Interrupt Priority Register 2 */
+ case 14:/* Normal Interrupt Priority Register 1 */
+ case 15:/* Normal Interrupt Priority Register 0 */
+ return s->prio[15-(offset>>2)];
+
+ case 16: /* Normal interrupt vector and status register */
+ {
+ /*
+ * This returns the highest priority
+ * outstanding interrupt. Where there is more than
+ * one pending IRQ with the same priority,
+ * take the highest numbered one.
+ */
+ uint64_t flags = s->pending & s->enabled & ~s->is_fiq;
+ int i;
+ int prio = -1;
+ int irq = -1;
+ for (i = 63; i >= 0; --i) {
+ if (flags & (1ULL<<i)) {
+ int irq_prio = imx_avic_prio(s, i);
+ if (irq_prio > prio) {
+ irq = i;
+ prio = irq_prio;
+ }
+ }
+ }
+ if (irq >= 0) {
+ imx_avic_set_irq(s, irq, 0);
+ return irq << 16 | prio;
+ }
+ return 0xffffffffULL;
+ }
+ case 17:/* Fast Interrupt vector and status register */
+ {
+ uint64_t flags = s->pending & s->enabled & s->is_fiq;
+ int i = ctz64(flags);
+ if (i < 64) {
+ imx_avic_set_irq(opaque, i, 0);
+ return i;
+ }
+ return 0xffffffffULL;
+ }
+ case 18:/* Interrupt source register high */
+ return s->pending >> 32;
+
+ case 19:/* Interrupt source register low */
+ return s->pending & 0xffffffffULL;
+
+ case 20:/* Interrupt Force Register high */
+ case 21:/* Interrupt Force Register low */
+ return 0;
+
+ case 22:/* Normal Interrupt Pending Register High */
+ return (s->pending & s->enabled & ~s->is_fiq) >> 32;
+
+ case 23:/* Normal Interrupt Pending Register Low */
+ return (s->pending & s->enabled & ~s->is_fiq) & 0xffffffffULL;
+
+ case 24: /* Fast Interrupt Pending Register High */
+ return (s->pending & s->enabled & s->is_fiq) >> 32;
+
+ case 25: /* Fast Interrupt Pending Register Low */
+ return (s->pending & s->enabled & s->is_fiq) & 0xffffffffULL;
+
+ case 0x40: /* AVIC vector 0, use for WFI WAR */
+ return 0x4;
+
+ default:
+ IPRINTF("imx_avic_read: Bad offset 0x%x\n", (int)offset);
+ return 0;
+ }
+}
+
+static void imx_avic_write(void *opaque, hwaddr offset,
+ uint64_t val, unsigned size)
+{
+ IMXAVICState *s = (IMXAVICState *)opaque;
+
+ /* Vector Registers not yet supported */
+ if (offset >= 0x100 && offset <= 0x2fc) {
+ IPRINTF("imx_avic_write to vector register %d ignored\n",
+ (unsigned int)((offset - 0x100) >> 2));
+ return;
+ }
+
+ DPRINTF("imx_avic_write(0x%x) = %x\n",
+ (unsigned int)offset>>2, (unsigned int)val);
+ switch (offset >> 2) {
+ case 0: /* Interrupt Control Register, INTCNTL */
+ s->intcntl = val & (ABFEN | NIDIS | FIDIS | NIAD | FIAD | NM);
+ if (s->intcntl & ABFEN) {
+ s->intcntl &= ~(val & ABFLAG);
+ }
+ break;
+
+ case 1: /* Normal Interrupt Mask Register, NIMASK */
+ s->intmask = val & 0x1f;
+ break;
+
+ case 2: /* Interrupt Enable Number Register, INTENNUM */
+ DPRINTF("enable(%d)\n", (int)val);
+ val &= 0x3f;
+ s->enabled |= (1ULL << val);
+ break;
+
+ case 3: /* Interrupt Disable Number Register, INTDISNUM */
+ DPRINTF("disable(%d)\n", (int)val);
+ val &= 0x3f;
+ s->enabled &= ~(1ULL << val);
+ break;
+
+ case 4: /* Interrupt Enable Number Register High */
+ s->enabled = (s->enabled & 0xffffffffULL) | (val << 32);
+ break;
+
+ case 5: /* Interrupt Enable Number Register Low */
+ s->enabled = (s->enabled & 0xffffffff00000000ULL) | val;
+ break;
+
+ case 6: /* Interrupt Type Register High */
+ s->is_fiq = (s->is_fiq & 0xffffffffULL) | (val << 32);
+ break;
+
+ case 7: /* Interrupt Type Register Low */
+ s->is_fiq = (s->is_fiq & 0xffffffff00000000ULL) | val;
+ break;
+
+ case 8: /* Normal Interrupt Priority Register 7 */
+ case 9: /* Normal Interrupt Priority Register 6 */
+ case 10:/* Normal Interrupt Priority Register 5 */
+ case 11:/* Normal Interrupt Priority Register 4 */
+ case 12:/* Normal Interrupt Priority Register 3 */
+ case 13:/* Normal Interrupt Priority Register 2 */
+ case 14:/* Normal Interrupt Priority Register 1 */
+ case 15:/* Normal Interrupt Priority Register 0 */
+ s->prio[15-(offset>>2)] = val;
+ break;
+
+ /* Read-only registers, writes ignored */
+ case 16:/* Normal Interrupt Vector and Status register */
+ case 17:/* Fast Interrupt vector and status register */
+ case 18:/* Interrupt source register high */
+ case 19:/* Interrupt source register low */
+ return;
+
+ case 20:/* Interrupt Force Register high */
+ s->pending = (s->pending & 0xffffffffULL) | (val << 32);
+ break;
+
+ case 21:/* Interrupt Force Register low */
+ s->pending = (s->pending & 0xffffffff00000000ULL) | val;
+ break;
+
+ case 22:/* Normal Interrupt Pending Register High */
+ case 23:/* Normal Interrupt Pending Register Low */
+ case 24: /* Fast Interrupt Pending Register High */
+ case 25: /* Fast Interrupt Pending Register Low */
+ return;
+
+ default:
+ IPRINTF("imx_avic_write: Bad offset %x\n", (int)offset);
+ }
+ imx_avic_update(s);
+}
+
+static const MemoryRegionOps imx_avic_ops = {
+ .read = imx_avic_read,
+ .write = imx_avic_write,
+ .endianness = DEVICE_NATIVE_ENDIAN,
+};
+
+static void imx_avic_reset(DeviceState *dev)
+{
+ IMXAVICState *s = IMX_AVIC(dev);
+
+ s->pending = 0;
+ s->enabled = 0;
+ s->is_fiq = 0;
+ s->intmask = 0x1f;
+ s->intcntl = 0;
+ memset(s->prio, 0, sizeof s->prio);
+}
+
+static int imx_avic_init(SysBusDevice *sbd)
+{
+ DeviceState *dev = DEVICE(sbd);
+ IMXAVICState *s = IMX_AVIC(dev);
+
+ memory_region_init_io(&s->iomem, OBJECT(s), &imx_avic_ops, s,
+ "imx_avic", 0x1000);
+ sysbus_init_mmio(sbd, &s->iomem);
+
+ qdev_init_gpio_in(dev, imx_avic_set_irq, IMX_AVIC_NUM_IRQS);
+ sysbus_init_irq(sbd, &s->irq);
+ sysbus_init_irq(sbd, &s->fiq);
+
+ return 0;
+}
+
+
+static void imx_avic_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
+ k->init = imx_avic_init;
+ dc->vmsd = &vmstate_imx_avic;
+ dc->reset = imx_avic_reset;
+ dc->desc = "i.MX Advanced Vector Interrupt Controller";
+}
+
+static const TypeInfo imx_avic_info = {
+ .name = TYPE_IMX_AVIC,
+ .parent = TYPE_SYS_BUS_DEVICE,
+ .instance_size = sizeof(IMXAVICState),
+ .class_init = imx_avic_class_init,
+};
+
+static void imx_avic_register_types(void)
+{
+ type_register_static(&imx_avic_info);
+}
+
+type_init(imx_avic_register_types)
diff --git a/hw/intc/ioapic.c b/hw/intc/ioapic.c
new file mode 100644
index 000000000..d866e0029
--- /dev/null
+++ b/hw/intc/ioapic.c
@@ -0,0 +1,259 @@
+/*
+ * ioapic.c IOAPIC emulation logic
+ *
+ * Copyright (c) 2004-2005 Fabrice Bellard
+ *
+ * Split the ioapic logic from apic.c
+ * Xiantao Zhang <xiantao.zhang@intel.com>
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "hw/hw.h"
+#include "hw/i386/pc.h"
+#include "hw/i386/ioapic.h"
+#include "hw/i386/ioapic_internal.h"
+
+//#define DEBUG_IOAPIC
+
+#ifdef DEBUG_IOAPIC
+#define DPRINTF(fmt, ...) \
+ do { printf("ioapic: " fmt , ## __VA_ARGS__); } while (0)
+#else
+#define DPRINTF(fmt, ...)
+#endif
+
+static IOAPICCommonState *ioapics[MAX_IOAPICS];
+
+static void ioapic_service(IOAPICCommonState *s)
+{
+ uint8_t i;
+ uint8_t trig_mode;
+ uint8_t vector;
+ uint8_t delivery_mode;
+ uint32_t mask;
+ uint64_t entry;
+ uint8_t dest;
+ uint8_t dest_mode;
+
+ for (i = 0; i < IOAPIC_NUM_PINS; i++) {
+ mask = 1 << i;
+ if (s->irr & mask) {
+ entry = s->ioredtbl[i];
+ if (!(entry & IOAPIC_LVT_MASKED)) {
+ trig_mode = ((entry >> IOAPIC_LVT_TRIGGER_MODE_SHIFT) & 1);
+ dest = entry >> IOAPIC_LVT_DEST_SHIFT;
+ dest_mode = (entry >> IOAPIC_LVT_DEST_MODE_SHIFT) & 1;
+ delivery_mode =
+ (entry >> IOAPIC_LVT_DELIV_MODE_SHIFT) & IOAPIC_DM_MASK;
+ if (trig_mode == IOAPIC_TRIGGER_EDGE) {
+ s->irr &= ~mask;
+ } else {
+ s->ioredtbl[i] |= IOAPIC_LVT_REMOTE_IRR;
+ }
+ if (delivery_mode == IOAPIC_DM_EXTINT) {
+ vector = pic_read_irq(isa_pic);
+ } else {
+ vector = entry & IOAPIC_VECTOR_MASK;
+ }
+ apic_deliver_irq(dest, dest_mode, delivery_mode,
+ vector, trig_mode);
+ }
+ }
+ }
+}
+
+static void ioapic_set_irq(void *opaque, int vector, int level)
+{
+ IOAPICCommonState *s = opaque;
+
+ /* ISA IRQs map to GSI 1-1 except for IRQ0 which maps
+ * to GSI 2. GSI maps to ioapic 1-1. This is not
+ * the cleanest way of doing it but it should work. */
+
+ DPRINTF("%s: %s vec %x\n", __func__, level ? "raise" : "lower", vector);
+ if (vector == 0) {
+ vector = 2;
+ }
+ if (vector >= 0 && vector < IOAPIC_NUM_PINS) {
+ uint32_t mask = 1 << vector;
+ uint64_t entry = s->ioredtbl[vector];
+
+ if (entry & (1 << IOAPIC_LVT_POLARITY_SHIFT)) {
+ level = !level;
+ }
+ if (((entry >> IOAPIC_LVT_TRIGGER_MODE_SHIFT) & 1) ==
+ IOAPIC_TRIGGER_LEVEL) {
+ /* level triggered */
+ if (level) {
+ s->irr |= mask;
+ ioapic_service(s);
+ } else {
+ s->irr &= ~mask;
+ }
+ } else {
+ /* According to the 82093AA manual, we must ignore edge requests
+ * if the input pin is masked. */
+ if (level && !(entry & IOAPIC_LVT_MASKED)) {
+ s->irr |= mask;
+ ioapic_service(s);
+ }
+ }
+ }
+}
+
+void ioapic_eoi_broadcast(int vector)
+{
+ IOAPICCommonState *s;
+ uint64_t entry;
+ int i, n;
+
+ for (i = 0; i < MAX_IOAPICS; i++) {
+ s = ioapics[i];
+ if (!s) {
+ continue;
+ }
+ for (n = 0; n < IOAPIC_NUM_PINS; n++) {
+ entry = s->ioredtbl[n];
+ if ((entry & IOAPIC_LVT_REMOTE_IRR)
+ && (entry & IOAPIC_VECTOR_MASK) == vector) {
+ s->ioredtbl[n] = entry & ~IOAPIC_LVT_REMOTE_IRR;
+ if (!(entry & IOAPIC_LVT_MASKED) && (s->irr & (1 << n))) {
+ ioapic_service(s);
+ }
+ }
+ }
+ }
+}
+
+static uint64_t
+ioapic_mem_read(void *opaque, hwaddr addr, unsigned int size)
+{
+ IOAPICCommonState *s = opaque;
+ int index;
+ uint32_t val = 0;
+
+ switch (addr & 0xff) {
+ case IOAPIC_IOREGSEL:
+ val = s->ioregsel;
+ break;
+ case IOAPIC_IOWIN:
+ if (size != 4) {
+ break;
+ }
+ switch (s->ioregsel) {
+ case IOAPIC_REG_ID:
+ val = s->id << IOAPIC_ID_SHIFT;
+ break;
+ case IOAPIC_REG_VER:
+ val = IOAPIC_VERSION |
+ ((IOAPIC_NUM_PINS - 1) << IOAPIC_VER_ENTRIES_SHIFT);
+ break;
+ case IOAPIC_REG_ARB:
+ val = 0;
+ break;
+ default:
+ index = (s->ioregsel - IOAPIC_REG_REDTBL_BASE) >> 1;
+ if (index >= 0 && index < IOAPIC_NUM_PINS) {
+ if (s->ioregsel & 1) {
+ val = s->ioredtbl[index] >> 32;
+ } else {
+ val = s->ioredtbl[index] & 0xffffffff;
+ }
+ }
+ }
+ DPRINTF("read: %08x = %08x\n", s->ioregsel, val);
+ break;
+ }
+ return val;
+}
+
+static void
+ioapic_mem_write(void *opaque, hwaddr addr, uint64_t val,
+ unsigned int size)
+{
+ IOAPICCommonState *s = opaque;
+ int index;
+
+ switch (addr & 0xff) {
+ case IOAPIC_IOREGSEL:
+ s->ioregsel = val;
+ break;
+ case IOAPIC_IOWIN:
+ if (size != 4) {
+ break;
+ }
+ DPRINTF("write: %08x = %08" PRIx64 "\n", s->ioregsel, val);
+ switch (s->ioregsel) {
+ case IOAPIC_REG_ID:
+ s->id = (val >> IOAPIC_ID_SHIFT) & IOAPIC_ID_MASK;
+ break;
+ case IOAPIC_REG_VER:
+ case IOAPIC_REG_ARB:
+ break;
+ default:
+ index = (s->ioregsel - IOAPIC_REG_REDTBL_BASE) >> 1;
+ if (index >= 0 && index < IOAPIC_NUM_PINS) {
+ if (s->ioregsel & 1) {
+ s->ioredtbl[index] &= 0xffffffff;
+ s->ioredtbl[index] |= (uint64_t)val << 32;
+ } else {
+ s->ioredtbl[index] &= ~0xffffffffULL;
+ s->ioredtbl[index] |= val;
+ }
+ ioapic_service(s);
+ }
+ }
+ break;
+ }
+}
+
+static const MemoryRegionOps ioapic_io_ops = {
+ .read = ioapic_mem_read,
+ .write = ioapic_mem_write,
+ .endianness = DEVICE_NATIVE_ENDIAN,
+};
+
+static void ioapic_init(IOAPICCommonState *s, int instance_no)
+{
+ memory_region_init_io(&s->io_memory, OBJECT(s), &ioapic_io_ops, s,
+ "ioapic", 0x1000);
+
+ qdev_init_gpio_in(DEVICE(s), ioapic_set_irq, IOAPIC_NUM_PINS);
+
+ ioapics[instance_no] = s;
+}
+
+static void ioapic_class_init(ObjectClass *klass, void *data)
+{
+ IOAPICCommonClass *k = IOAPIC_COMMON_CLASS(klass);
+ DeviceClass *dc = DEVICE_CLASS(klass);
+
+ k->init = ioapic_init;
+ dc->reset = ioapic_reset_common;
+}
+
+static const TypeInfo ioapic_info = {
+ .name = "ioapic",
+ .parent = TYPE_IOAPIC_COMMON,
+ .instance_size = sizeof(IOAPICCommonState),
+ .class_init = ioapic_class_init,
+};
+
+static void ioapic_register_types(void)
+{
+ type_register_static(&ioapic_info);
+}
+
+type_init(ioapic_register_types)
diff --git a/hw/intc/ioapic_common.c b/hw/intc/ioapic_common.c
new file mode 100644
index 000000000..6b705c154
--- /dev/null
+++ b/hw/intc/ioapic_common.c
@@ -0,0 +1,118 @@
+/*
+ * IOAPIC emulation logic - common bits of emulated and KVM kernel model
+ *
+ * Copyright (c) 2004-2005 Fabrice Bellard
+ * Copyright (c) 2009 Xiantao Zhang, Intel
+ * Copyright (c) 2011 Jan Kiszka, Siemens AG
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "hw/i386/ioapic.h"
+#include "hw/i386/ioapic_internal.h"
+#include "hw/sysbus.h"
+
+void ioapic_reset_common(DeviceState *dev)
+{
+ IOAPICCommonState *s = IOAPIC_COMMON(dev);
+ int i;
+
+ s->id = 0;
+ s->ioregsel = 0;
+ s->irr = 0;
+ for (i = 0; i < IOAPIC_NUM_PINS; i++) {
+ s->ioredtbl[i] = 1 << IOAPIC_LVT_MASKED_SHIFT;
+ }
+}
+
+static void ioapic_dispatch_pre_save(void *opaque)
+{
+ IOAPICCommonState *s = IOAPIC_COMMON(opaque);
+ IOAPICCommonClass *info = IOAPIC_COMMON_GET_CLASS(s);
+
+ if (info->pre_save) {
+ info->pre_save(s);
+ }
+}
+
+static int ioapic_dispatch_post_load(void *opaque, int version_id)
+{
+ IOAPICCommonState *s = IOAPIC_COMMON(opaque);
+ IOAPICCommonClass *info = IOAPIC_COMMON_GET_CLASS(s);
+
+ if (info->post_load) {
+ info->post_load(s);
+ }
+ return 0;
+}
+
+static void ioapic_common_realize(DeviceState *dev, Error **errp)
+{
+ IOAPICCommonState *s = IOAPIC_COMMON(dev);
+ IOAPICCommonClass *info;
+ static int ioapic_no;
+
+ if (ioapic_no >= MAX_IOAPICS) {
+ error_setg(errp, "Only %d ioapics allowed", MAX_IOAPICS);
+ return;
+ }
+
+ info = IOAPIC_COMMON_GET_CLASS(s);
+ info->init(s, ioapic_no);
+
+ sysbus_init_mmio(SYS_BUS_DEVICE(s), &s->io_memory);
+ ioapic_no++;
+}
+
+static const VMStateDescription vmstate_ioapic_common = {
+ .name = "ioapic",
+ .version_id = 3,
+ .minimum_version_id = 1,
+ .minimum_version_id_old = 1,
+ .pre_save = ioapic_dispatch_pre_save,
+ .post_load = ioapic_dispatch_post_load,
+ .fields = (VMStateField[]) {
+ VMSTATE_UINT8(id, IOAPICCommonState),
+ VMSTATE_UINT8(ioregsel, IOAPICCommonState),
+ VMSTATE_UNUSED_V(2, 8), /* to account for qemu-kvm's v2 format */
+ VMSTATE_UINT32_V(irr, IOAPICCommonState, 2),
+ VMSTATE_UINT64_ARRAY(ioredtbl, IOAPICCommonState, IOAPIC_NUM_PINS),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+static void ioapic_common_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+
+ dc->realize = ioapic_common_realize;
+ dc->vmsd = &vmstate_ioapic_common;
+ dc->no_user = 1;
+}
+
+static const TypeInfo ioapic_common_type = {
+ .name = TYPE_IOAPIC_COMMON,
+ .parent = TYPE_SYS_BUS_DEVICE,
+ .instance_size = sizeof(IOAPICCommonState),
+ .class_size = sizeof(IOAPICCommonClass),
+ .class_init = ioapic_common_class_init,
+ .abstract = true,
+};
+
+static void register_types(void)
+{
+ type_register_static(&ioapic_common_type);
+}
+
+type_init(register_types)
diff --git a/hw/intc/lm32_pic.c b/hw/intc/lm32_pic.c
new file mode 100644
index 000000000..32d009f67
--- /dev/null
+++ b/hw/intc/lm32_pic.c
@@ -0,0 +1,204 @@
+/*
+ * LatticeMico32 CPU interrupt controller logic.
+ *
+ * Copyright (c) 2010 Michael Walle <michael@walle.cc>
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <assert.h>
+
+#include "hw/hw.h"
+#include "hw/i386/pc.h"
+#include "monitor/monitor.h"
+#include "hw/sysbus.h"
+#include "trace.h"
+#include "hw/lm32/lm32_pic.h"
+
+#define TYPE_LM32_PIC "lm32-pic"
+#define LM32_PIC(obj) OBJECT_CHECK(LM32PicState, (obj), TYPE_LM32_PIC)
+
+struct LM32PicState {
+ SysBusDevice parent_obj;
+
+ qemu_irq parent_irq;
+ uint32_t im; /* interrupt mask */
+ uint32_t ip; /* interrupt pending */
+ uint32_t irq_state;
+
+ /* statistics */
+ uint32_t stats_irq_count[32];
+};
+typedef struct LM32PicState LM32PicState;
+
+static LM32PicState *pic;
+void lm32_do_pic_info(Monitor *mon, const QDict *qdict)
+{
+ if (pic == NULL) {
+ return;
+ }
+
+ monitor_printf(mon, "lm32-pic: im=%08x ip=%08x irq_state=%08x\n",
+ pic->im, pic->ip, pic->irq_state);
+}
+
+void lm32_irq_info(Monitor *mon, const QDict *qdict)
+{
+ int i;
+ uint32_t count;
+
+ if (pic == NULL) {
+ return;
+ }
+
+ monitor_printf(mon, "IRQ statistics:\n");
+ for (i = 0; i < 32; i++) {
+ count = pic->stats_irq_count[i];
+ if (count > 0) {
+ monitor_printf(mon, "%2d: %u\n", i, count);
+ }
+ }
+}
+
+static void update_irq(LM32PicState *s)
+{
+ s->ip |= s->irq_state;
+
+ if (s->ip & s->im) {
+ trace_lm32_pic_raise_irq();
+ qemu_irq_raise(s->parent_irq);
+ } else {
+ trace_lm32_pic_lower_irq();
+ qemu_irq_lower(s->parent_irq);
+ }
+}
+
+static void irq_handler(void *opaque, int irq, int level)
+{
+ LM32PicState *s = opaque;
+
+ assert(irq < 32);
+ trace_lm32_pic_interrupt(irq, level);
+
+ if (level) {
+ s->irq_state |= (1 << irq);
+ s->stats_irq_count[irq]++;
+ } else {
+ s->irq_state &= ~(1 << irq);
+ }
+
+ update_irq(s);
+}
+
+void lm32_pic_set_im(DeviceState *d, uint32_t im)
+{
+ LM32PicState *s = LM32_PIC(d);
+
+ trace_lm32_pic_set_im(im);
+ s->im = im;
+
+ update_irq(s);
+}
+
+void lm32_pic_set_ip(DeviceState *d, uint32_t ip)
+{
+ LM32PicState *s = LM32_PIC(d);
+
+ trace_lm32_pic_set_ip(ip);
+
+ /* ack interrupt */
+ s->ip &= ~ip;
+
+ update_irq(s);
+}
+
+uint32_t lm32_pic_get_im(DeviceState *d)
+{
+ LM32PicState *s = LM32_PIC(d);
+
+ trace_lm32_pic_get_im(s->im);
+ return s->im;
+}
+
+uint32_t lm32_pic_get_ip(DeviceState *d)
+{
+ LM32PicState *s = LM32_PIC(d);
+
+ trace_lm32_pic_get_ip(s->ip);
+ return s->ip;
+}
+
+static void pic_reset(DeviceState *d)
+{
+ LM32PicState *s = LM32_PIC(d);
+ int i;
+
+ s->im = 0;
+ s->ip = 0;
+ s->irq_state = 0;
+ for (i = 0; i < 32; i++) {
+ s->stats_irq_count[i] = 0;
+ }
+}
+
+static int lm32_pic_init(SysBusDevice *sbd)
+{
+ DeviceState *dev = DEVICE(sbd);
+ LM32PicState *s = LM32_PIC(dev);
+
+ qdev_init_gpio_in(dev, irq_handler, 32);
+ sysbus_init_irq(sbd, &s->parent_irq);
+
+ pic = s;
+
+ return 0;
+}
+
+static const VMStateDescription vmstate_lm32_pic = {
+ .name = "lm32-pic",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .minimum_version_id_old = 1,
+ .fields = (VMStateField[]) {
+ VMSTATE_UINT32(im, LM32PicState),
+ VMSTATE_UINT32(ip, LM32PicState),
+ VMSTATE_UINT32(irq_state, LM32PicState),
+ VMSTATE_UINT32_ARRAY(stats_irq_count, LM32PicState, 32),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+static void lm32_pic_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
+
+ k->init = lm32_pic_init;
+ dc->reset = pic_reset;
+ dc->vmsd = &vmstate_lm32_pic;
+}
+
+static const TypeInfo lm32_pic_info = {
+ .name = TYPE_LM32_PIC,
+ .parent = TYPE_SYS_BUS_DEVICE,
+ .instance_size = sizeof(LM32PicState),
+ .class_init = lm32_pic_class_init,
+};
+
+static void lm32_pic_register_types(void)
+{
+ type_register_static(&lm32_pic_info);
+}
+
+type_init(lm32_pic_register_types)
diff --git a/hw/intc/omap_intc.c b/hw/intc/omap_intc.c
new file mode 100644
index 000000000..7dd63da80
--- /dev/null
+++ b/hw/intc/omap_intc.c
@@ -0,0 +1,662 @@
+/*
+ * TI OMAP interrupt controller emulation.
+ *
+ * Copyright (C) 2006-2008 Andrzej Zaborowski <balrog@zabor.org>
+ * Copyright (C) 2007-2008 Nokia Corporation
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License as
+ * published by the Free Software Foundation; either version 2 or
+ * (at your option) version 3 of the License.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+#include "hw/hw.h"
+#include "hw/arm/omap.h"
+#include "hw/sysbus.h"
+
+/* Interrupt Handlers */
+struct omap_intr_handler_bank_s {
+ uint32_t irqs;
+ uint32_t inputs;
+ uint32_t mask;
+ uint32_t fiq;
+ uint32_t sens_edge;
+ uint32_t swi;
+ unsigned char priority[32];
+};
+
+#define TYPE_OMAP_INTC "common-omap-intc"
+#define OMAP_INTC(obj) \
+ OBJECT_CHECK(struct omap_intr_handler_s, (obj), TYPE_OMAP_INTC)
+
+struct omap_intr_handler_s {
+ SysBusDevice parent_obj;
+
+ qemu_irq *pins;
+ qemu_irq parent_intr[2];
+ MemoryRegion mmio;
+ void *iclk;
+ void *fclk;
+ unsigned char nbanks;
+ int level_only;
+ uint32_t size;
+
+ uint8_t revision;
+
+ /* state */
+ uint32_t new_agr[2];
+ int sir_intr[2];
+ int autoidle;
+ uint32_t mask;
+ struct omap_intr_handler_bank_s bank[3];
+};
+
+static void omap_inth_sir_update(struct omap_intr_handler_s *s, int is_fiq)
+{
+ int i, j, sir_intr, p_intr, p, f;
+ uint32_t level;
+ sir_intr = 0;
+ p_intr = 255;
+
+ /* Find the interrupt line with the highest dynamic priority.
+ * Note: 0 denotes the hightest priority.
+ * If all interrupts have the same priority, the default order is IRQ_N,
+ * IRQ_N-1,...,IRQ_0. */
+ for (j = 0; j < s->nbanks; ++j) {
+ level = s->bank[j].irqs & ~s->bank[j].mask &
+ (is_fiq ? s->bank[j].fiq : ~s->bank[j].fiq);
+ for (f = ffs(level), i = f - 1, level >>= f - 1; f; i += f,
+ level >>= f) {
+ p = s->bank[j].priority[i];
+ if (p <= p_intr) {
+ p_intr = p;
+ sir_intr = 32 * j + i;
+ }
+ f = ffs(level >> 1);
+ }
+ }
+ s->sir_intr[is_fiq] = sir_intr;
+}
+
+static inline void omap_inth_update(struct omap_intr_handler_s *s, int is_fiq)
+{
+ int i;
+ uint32_t has_intr = 0;
+
+ for (i = 0; i < s->nbanks; ++i)
+ has_intr |= s->bank[i].irqs & ~s->bank[i].mask &
+ (is_fiq ? s->bank[i].fiq : ~s->bank[i].fiq);
+
+ if (s->new_agr[is_fiq] & has_intr & s->mask) {
+ s->new_agr[is_fiq] = 0;
+ omap_inth_sir_update(s, is_fiq);
+ qemu_set_irq(s->parent_intr[is_fiq], 1);
+ }
+}
+
+#define INT_FALLING_EDGE 0
+#define INT_LOW_LEVEL 1
+
+static void omap_set_intr(void *opaque, int irq, int req)
+{
+ struct omap_intr_handler_s *ih = (struct omap_intr_handler_s *) opaque;
+ uint32_t rise;
+
+ struct omap_intr_handler_bank_s *bank = &ih->bank[irq >> 5];
+ int n = irq & 31;
+
+ if (req) {
+ rise = ~bank->irqs & (1 << n);
+ if (~bank->sens_edge & (1 << n))
+ rise &= ~bank->inputs;
+
+ bank->inputs |= (1 << n);
+ if (rise) {
+ bank->irqs |= rise;
+ omap_inth_update(ih, 0);
+ omap_inth_update(ih, 1);
+ }
+ } else {
+ rise = bank->sens_edge & bank->irqs & (1 << n);
+ bank->irqs &= ~rise;
+ bank->inputs &= ~(1 << n);
+ }
+}
+
+/* Simplified version with no edge detection */
+static void omap_set_intr_noedge(void *opaque, int irq, int req)
+{
+ struct omap_intr_handler_s *ih = (struct omap_intr_handler_s *) opaque;
+ uint32_t rise;
+
+ struct omap_intr_handler_bank_s *bank = &ih->bank[irq >> 5];
+ int n = irq & 31;
+
+ if (req) {
+ rise = ~bank->inputs & (1 << n);
+ if (rise) {
+ bank->irqs |= bank->inputs |= rise;
+ omap_inth_update(ih, 0);
+ omap_inth_update(ih, 1);
+ }
+ } else
+ bank->irqs = (bank->inputs &= ~(1 << n)) | bank->swi;
+}
+
+static uint64_t omap_inth_read(void *opaque, hwaddr addr,
+ unsigned size)
+{
+ struct omap_intr_handler_s *s = (struct omap_intr_handler_s *) opaque;
+ int i, offset = addr;
+ int bank_no = offset >> 8;
+ int line_no;
+ struct omap_intr_handler_bank_s *bank = &s->bank[bank_no];
+ offset &= 0xff;
+
+ switch (offset) {
+ case 0x00: /* ITR */
+ return bank->irqs;
+
+ case 0x04: /* MIR */
+ return bank->mask;
+
+ case 0x10: /* SIR_IRQ_CODE */
+ case 0x14: /* SIR_FIQ_CODE */
+ if (bank_no != 0)
+ break;
+ line_no = s->sir_intr[(offset - 0x10) >> 2];
+ bank = &s->bank[line_no >> 5];
+ i = line_no & 31;
+ if (((bank->sens_edge >> i) & 1) == INT_FALLING_EDGE)
+ bank->irqs &= ~(1 << i);
+ return line_no;
+
+ case 0x18: /* CONTROL_REG */
+ if (bank_no != 0)
+ break;
+ return 0;
+
+ case 0x1c: /* ILR0 */
+ case 0x20: /* ILR1 */
+ case 0x24: /* ILR2 */
+ case 0x28: /* ILR3 */
+ case 0x2c: /* ILR4 */
+ case 0x30: /* ILR5 */
+ case 0x34: /* ILR6 */
+ case 0x38: /* ILR7 */
+ case 0x3c: /* ILR8 */
+ case 0x40: /* ILR9 */
+ case 0x44: /* ILR10 */
+ case 0x48: /* ILR11 */
+ case 0x4c: /* ILR12 */
+ case 0x50: /* ILR13 */
+ case 0x54: /* ILR14 */
+ case 0x58: /* ILR15 */
+ case 0x5c: /* ILR16 */
+ case 0x60: /* ILR17 */
+ case 0x64: /* ILR18 */
+ case 0x68: /* ILR19 */
+ case 0x6c: /* ILR20 */
+ case 0x70: /* ILR21 */
+ case 0x74: /* ILR22 */
+ case 0x78: /* ILR23 */
+ case 0x7c: /* ILR24 */
+ case 0x80: /* ILR25 */
+ case 0x84: /* ILR26 */
+ case 0x88: /* ILR27 */
+ case 0x8c: /* ILR28 */
+ case 0x90: /* ILR29 */
+ case 0x94: /* ILR30 */
+ case 0x98: /* ILR31 */
+ i = (offset - 0x1c) >> 2;
+ return (bank->priority[i] << 2) |
+ (((bank->sens_edge >> i) & 1) << 1) |
+ ((bank->fiq >> i) & 1);
+
+ case 0x9c: /* ISR */
+ return 0x00000000;
+
+ }
+ OMAP_BAD_REG(addr);
+ return 0;
+}
+
+static void omap_inth_write(void *opaque, hwaddr addr,
+ uint64_t value, unsigned size)
+{
+ struct omap_intr_handler_s *s = (struct omap_intr_handler_s *) opaque;
+ int i, offset = addr;
+ int bank_no = offset >> 8;
+ struct omap_intr_handler_bank_s *bank = &s->bank[bank_no];
+ offset &= 0xff;
+
+ switch (offset) {
+ case 0x00: /* ITR */
+ /* Important: ignore the clearing if the IRQ is level-triggered and
+ the input bit is 1 */
+ bank->irqs &= value | (bank->inputs & bank->sens_edge);
+ return;
+
+ case 0x04: /* MIR */
+ bank->mask = value;
+ omap_inth_update(s, 0);
+ omap_inth_update(s, 1);
+ return;
+
+ case 0x10: /* SIR_IRQ_CODE */
+ case 0x14: /* SIR_FIQ_CODE */
+ OMAP_RO_REG(addr);
+ break;
+
+ case 0x18: /* CONTROL_REG */
+ if (bank_no != 0)
+ break;
+ if (value & 2) {
+ qemu_set_irq(s->parent_intr[1], 0);
+ s->new_agr[1] = ~0;
+ omap_inth_update(s, 1);
+ }
+ if (value & 1) {
+ qemu_set_irq(s->parent_intr[0], 0);
+ s->new_agr[0] = ~0;
+ omap_inth_update(s, 0);
+ }
+ return;
+
+ case 0x1c: /* ILR0 */
+ case 0x20: /* ILR1 */
+ case 0x24: /* ILR2 */
+ case 0x28: /* ILR3 */
+ case 0x2c: /* ILR4 */
+ case 0x30: /* ILR5 */
+ case 0x34: /* ILR6 */
+ case 0x38: /* ILR7 */
+ case 0x3c: /* ILR8 */
+ case 0x40: /* ILR9 */
+ case 0x44: /* ILR10 */
+ case 0x48: /* ILR11 */
+ case 0x4c: /* ILR12 */
+ case 0x50: /* ILR13 */
+ case 0x54: /* ILR14 */
+ case 0x58: /* ILR15 */
+ case 0x5c: /* ILR16 */
+ case 0x60: /* ILR17 */
+ case 0x64: /* ILR18 */
+ case 0x68: /* ILR19 */
+ case 0x6c: /* ILR20 */
+ case 0x70: /* ILR21 */
+ case 0x74: /* ILR22 */
+ case 0x78: /* ILR23 */
+ case 0x7c: /* ILR24 */
+ case 0x80: /* ILR25 */
+ case 0x84: /* ILR26 */
+ case 0x88: /* ILR27 */
+ case 0x8c: /* ILR28 */
+ case 0x90: /* ILR29 */
+ case 0x94: /* ILR30 */
+ case 0x98: /* ILR31 */
+ i = (offset - 0x1c) >> 2;
+ bank->priority[i] = (value >> 2) & 0x1f;
+ bank->sens_edge &= ~(1 << i);
+ bank->sens_edge |= ((value >> 1) & 1) << i;
+ bank->fiq &= ~(1 << i);
+ bank->fiq |= (value & 1) << i;
+ return;
+
+ case 0x9c: /* ISR */
+ for (i = 0; i < 32; i ++)
+ if (value & (1 << i)) {
+ omap_set_intr(s, 32 * bank_no + i, 1);
+ return;
+ }
+ return;
+ }
+ OMAP_BAD_REG(addr);
+}
+
+static const MemoryRegionOps omap_inth_mem_ops = {
+ .read = omap_inth_read,
+ .write = omap_inth_write,
+ .endianness = DEVICE_NATIVE_ENDIAN,
+ .valid = {
+ .min_access_size = 4,
+ .max_access_size = 4,
+ },
+};
+
+static void omap_inth_reset(DeviceState *dev)
+{
+ struct omap_intr_handler_s *s = OMAP_INTC(dev);
+ int i;
+
+ for (i = 0; i < s->nbanks; ++i){
+ s->bank[i].irqs = 0x00000000;
+ s->bank[i].mask = 0xffffffff;
+ s->bank[i].sens_edge = 0x00000000;
+ s->bank[i].fiq = 0x00000000;
+ s->bank[i].inputs = 0x00000000;
+ s->bank[i].swi = 0x00000000;
+ memset(s->bank[i].priority, 0, sizeof(s->bank[i].priority));
+
+ if (s->level_only)
+ s->bank[i].sens_edge = 0xffffffff;
+ }
+
+ s->new_agr[0] = ~0;
+ s->new_agr[1] = ~0;
+ s->sir_intr[0] = 0;
+ s->sir_intr[1] = 0;
+ s->autoidle = 0;
+ s->mask = ~0;
+
+ qemu_set_irq(s->parent_intr[0], 0);
+ qemu_set_irq(s->parent_intr[1], 0);
+}
+
+static int omap_intc_init(SysBusDevice *sbd)
+{
+ DeviceState *dev = DEVICE(sbd);
+ struct omap_intr_handler_s *s = OMAP_INTC(dev);
+
+ if (!s->iclk) {
+ hw_error("omap-intc: clk not connected\n");
+ }
+ s->nbanks = 1;
+ sysbus_init_irq(sbd, &s->parent_intr[0]);
+ sysbus_init_irq(sbd, &s->parent_intr[1]);
+ qdev_init_gpio_in(dev, omap_set_intr, s->nbanks * 32);
+ memory_region_init_io(&s->mmio, OBJECT(s), &omap_inth_mem_ops, s,
+ "omap-intc", s->size);
+ sysbus_init_mmio(sbd, &s->mmio);
+ return 0;
+}
+
+static Property omap_intc_properties[] = {
+ DEFINE_PROP_UINT32("size", struct omap_intr_handler_s, size, 0x100),
+ DEFINE_PROP_PTR("clk", struct omap_intr_handler_s, iclk),
+ DEFINE_PROP_END_OF_LIST(),
+};
+
+static void omap_intc_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
+
+ k->init = omap_intc_init;
+ dc->reset = omap_inth_reset;
+ dc->props = omap_intc_properties;
+}
+
+static const TypeInfo omap_intc_info = {
+ .name = "omap-intc",
+ .parent = TYPE_OMAP_INTC,
+ .class_init = omap_intc_class_init,
+};
+
+static uint64_t omap2_inth_read(void *opaque, hwaddr addr,
+ unsigned size)
+{
+ struct omap_intr_handler_s *s = (struct omap_intr_handler_s *) opaque;
+ int offset = addr;
+ int bank_no, line_no;
+ struct omap_intr_handler_bank_s *bank = NULL;
+
+ if ((offset & 0xf80) == 0x80) {
+ bank_no = (offset & 0x60) >> 5;
+ if (bank_no < s->nbanks) {
+ offset &= ~0x60;
+ bank = &s->bank[bank_no];
+ } else {
+ OMAP_BAD_REG(addr);
+ return 0;
+ }
+ }
+
+ switch (offset) {
+ case 0x00: /* INTC_REVISION */
+ return s->revision;
+
+ case 0x10: /* INTC_SYSCONFIG */
+ return (s->autoidle >> 2) & 1;
+
+ case 0x14: /* INTC_SYSSTATUS */
+ return 1; /* RESETDONE */
+
+ case 0x40: /* INTC_SIR_IRQ */
+ return s->sir_intr[0];
+
+ case 0x44: /* INTC_SIR_FIQ */
+ return s->sir_intr[1];
+
+ case 0x48: /* INTC_CONTROL */
+ return (!s->mask) << 2; /* GLOBALMASK */
+
+ case 0x4c: /* INTC_PROTECTION */
+ return 0;
+
+ case 0x50: /* INTC_IDLE */
+ return s->autoidle & 3;
+
+ /* Per-bank registers */
+ case 0x80: /* INTC_ITR */
+ return bank->inputs;
+
+ case 0x84: /* INTC_MIR */
+ return bank->mask;
+
+ case 0x88: /* INTC_MIR_CLEAR */
+ case 0x8c: /* INTC_MIR_SET */
+ return 0;
+
+ case 0x90: /* INTC_ISR_SET */
+ return bank->swi;
+
+ case 0x94: /* INTC_ISR_CLEAR */
+ return 0;
+
+ case 0x98: /* INTC_PENDING_IRQ */
+ return bank->irqs & ~bank->mask & ~bank->fiq;
+
+ case 0x9c: /* INTC_PENDING_FIQ */
+ return bank->irqs & ~bank->mask & bank->fiq;
+
+ /* Per-line registers */
+ case 0x100 ... 0x300: /* INTC_ILR */
+ bank_no = (offset - 0x100) >> 7;
+ if (bank_no > s->nbanks)
+ break;
+ bank = &s->bank[bank_no];
+ line_no = (offset & 0x7f) >> 2;
+ return (bank->priority[line_no] << 2) |
+ ((bank->fiq >> line_no) & 1);
+ }
+ OMAP_BAD_REG(addr);
+ return 0;
+}
+
+static void omap2_inth_write(void *opaque, hwaddr addr,
+ uint64_t value, unsigned size)
+{
+ struct omap_intr_handler_s *s = (struct omap_intr_handler_s *) opaque;
+ int offset = addr;
+ int bank_no, line_no;
+ struct omap_intr_handler_bank_s *bank = NULL;
+
+ if ((offset & 0xf80) == 0x80) {
+ bank_no = (offset & 0x60) >> 5;
+ if (bank_no < s->nbanks) {
+ offset &= ~0x60;
+ bank = &s->bank[bank_no];
+ } else {
+ OMAP_BAD_REG(addr);
+ return;
+ }
+ }
+
+ switch (offset) {
+ case 0x10: /* INTC_SYSCONFIG */
+ s->autoidle &= 4;
+ s->autoidle |= (value & 1) << 2;
+ if (value & 2) { /* SOFTRESET */
+ omap_inth_reset(DEVICE(s));
+ }
+ return;
+
+ case 0x48: /* INTC_CONTROL */
+ s->mask = (value & 4) ? 0 : ~0; /* GLOBALMASK */
+ if (value & 2) { /* NEWFIQAGR */
+ qemu_set_irq(s->parent_intr[1], 0);
+ s->new_agr[1] = ~0;
+ omap_inth_update(s, 1);
+ }
+ if (value & 1) { /* NEWIRQAGR */
+ qemu_set_irq(s->parent_intr[0], 0);
+ s->new_agr[0] = ~0;
+ omap_inth_update(s, 0);
+ }
+ return;
+
+ case 0x4c: /* INTC_PROTECTION */
+ /* TODO: Make a bitmap (or sizeof(char)map) of access privileges
+ * for every register, see Chapter 3 and 4 for privileged mode. */
+ if (value & 1)
+ fprintf(stderr, "%s: protection mode enable attempt\n",
+ __FUNCTION__);
+ return;
+
+ case 0x50: /* INTC_IDLE */
+ s->autoidle &= ~3;
+ s->autoidle |= value & 3;
+ return;
+
+ /* Per-bank registers */
+ case 0x84: /* INTC_MIR */
+ bank->mask = value;
+ omap_inth_update(s, 0);
+ omap_inth_update(s, 1);
+ return;
+
+ case 0x88: /* INTC_MIR_CLEAR */
+ bank->mask &= ~value;
+ omap_inth_update(s, 0);
+ omap_inth_update(s, 1);
+ return;
+
+ case 0x8c: /* INTC_MIR_SET */
+ bank->mask |= value;
+ return;
+
+ case 0x90: /* INTC_ISR_SET */
+ bank->irqs |= bank->swi |= value;
+ omap_inth_update(s, 0);
+ omap_inth_update(s, 1);
+ return;
+
+ case 0x94: /* INTC_ISR_CLEAR */
+ bank->swi &= ~value;
+ bank->irqs = bank->swi & bank->inputs;
+ return;
+
+ /* Per-line registers */
+ case 0x100 ... 0x300: /* INTC_ILR */
+ bank_no = (offset - 0x100) >> 7;
+ if (bank_no > s->nbanks)
+ break;
+ bank = &s->bank[bank_no];
+ line_no = (offset & 0x7f) >> 2;
+ bank->priority[line_no] = (value >> 2) & 0x3f;
+ bank->fiq &= ~(1 << line_no);
+ bank->fiq |= (value & 1) << line_no;
+ return;
+
+ case 0x00: /* INTC_REVISION */
+ case 0x14: /* INTC_SYSSTATUS */
+ case 0x40: /* INTC_SIR_IRQ */
+ case 0x44: /* INTC_SIR_FIQ */
+ case 0x80: /* INTC_ITR */
+ case 0x98: /* INTC_PENDING_IRQ */
+ case 0x9c: /* INTC_PENDING_FIQ */
+ OMAP_RO_REG(addr);
+ return;
+ }
+ OMAP_BAD_REG(addr);
+}
+
+static const MemoryRegionOps omap2_inth_mem_ops = {
+ .read = omap2_inth_read,
+ .write = omap2_inth_write,
+ .endianness = DEVICE_NATIVE_ENDIAN,
+ .valid = {
+ .min_access_size = 4,
+ .max_access_size = 4,
+ },
+};
+
+static int omap2_intc_init(SysBusDevice *sbd)
+{
+ DeviceState *dev = DEVICE(sbd);
+ struct omap_intr_handler_s *s = OMAP_INTC(dev);
+
+ if (!s->iclk) {
+ hw_error("omap2-intc: iclk not connected\n");
+ }
+ if (!s->fclk) {
+ hw_error("omap2-intc: fclk not connected\n");
+ }
+ s->level_only = 1;
+ s->nbanks = 3;
+ sysbus_init_irq(sbd, &s->parent_intr[0]);
+ sysbus_init_irq(sbd, &s->parent_intr[1]);
+ qdev_init_gpio_in(dev, omap_set_intr_noedge, s->nbanks * 32);
+ memory_region_init_io(&s->mmio, OBJECT(s), &omap2_inth_mem_ops, s,
+ "omap2-intc", 0x1000);
+ sysbus_init_mmio(sbd, &s->mmio);
+ return 0;
+}
+
+static Property omap2_intc_properties[] = {
+ DEFINE_PROP_UINT8("revision", struct omap_intr_handler_s,
+ revision, 0x21),
+ DEFINE_PROP_PTR("iclk", struct omap_intr_handler_s, iclk),
+ DEFINE_PROP_PTR("fclk", struct omap_intr_handler_s, fclk),
+ DEFINE_PROP_END_OF_LIST(),
+};
+
+static void omap2_intc_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
+
+ k->init = omap2_intc_init;
+ dc->reset = omap_inth_reset;
+ dc->props = omap2_intc_properties;
+}
+
+static const TypeInfo omap2_intc_info = {
+ .name = "omap2-intc",
+ .parent = TYPE_OMAP_INTC,
+ .class_init = omap2_intc_class_init,
+};
+
+static const TypeInfo omap_intc_type_info = {
+ .name = TYPE_OMAP_INTC,
+ .parent = TYPE_SYS_BUS_DEVICE,
+ .instance_size = sizeof(struct omap_intr_handler_s),
+ .abstract = true,
+};
+
+static void omap_intc_register_types(void)
+{
+ type_register_static(&omap_intc_type_info);
+ type_register_static(&omap_intc_info);
+ type_register_static(&omap2_intc_info);
+}
+
+type_init(omap_intc_register_types)
diff --git a/hw/intc/openpic.c b/hw/intc/openpic.c
new file mode 100644
index 000000000..7df72f44f
--- /dev/null
+++ b/hw/intc/openpic.c
@@ -0,0 +1,1663 @@
+/*
+ * OpenPIC emulation
+ *
+ * Copyright (c) 2004 Jocelyn Mayer
+ * 2011 Alexander Graf
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+/*
+ *
+ * Based on OpenPic implementations:
+ * - Intel GW80314 I/O companion chip developer's manual
+ * - Motorola MPC8245 & MPC8540 user manuals.
+ * - Motorola MCP750 (aka Raven) programmer manual.
+ * - Motorola Harrier programmer manuel
+ *
+ * Serial interrupts, as implemented in Raven chipset are not supported yet.
+ *
+ */
+#include "hw/hw.h"
+#include "hw/ppc/mac.h"
+#include "hw/pci/pci.h"
+#include "hw/ppc/openpic.h"
+#include "hw/ppc/ppc_e500.h"
+#include "hw/sysbus.h"
+#include "hw/pci/msi.h"
+#include "qemu/bitops.h"
+
+//#define DEBUG_OPENPIC
+
+#ifdef DEBUG_OPENPIC
+static const int debug_openpic = 1;
+#else
+static const int debug_openpic = 0;
+#endif
+
+#define DPRINTF(fmt, ...) do { \
+ if (debug_openpic) { \
+ printf(fmt , ## __VA_ARGS__); \
+ } \
+ } while (0)
+
+#define MAX_CPU 32
+#define MAX_MSI 8
+#define VID 0x03 /* MPIC version ID */
+
+/* OpenPIC capability flags */
+#define OPENPIC_FLAG_IDR_CRIT (1 << 0)
+#define OPENPIC_FLAG_ILR (2 << 0)
+
+/* OpenPIC address map */
+#define OPENPIC_GLB_REG_START 0x0
+#define OPENPIC_GLB_REG_SIZE 0x10F0
+#define OPENPIC_TMR_REG_START 0x10F0
+#define OPENPIC_TMR_REG_SIZE 0x220
+#define OPENPIC_MSI_REG_START 0x1600
+#define OPENPIC_MSI_REG_SIZE 0x200
+#define OPENPIC_SUMMARY_REG_START 0x3800
+#define OPENPIC_SUMMARY_REG_SIZE 0x800
+#define OPENPIC_SRC_REG_START 0x10000
+#define OPENPIC_SRC_REG_SIZE (OPENPIC_MAX_SRC * 0x20)
+#define OPENPIC_CPU_REG_START 0x20000
+#define OPENPIC_CPU_REG_SIZE 0x100 + ((MAX_CPU - 1) * 0x1000)
+
+/* Raven */
+#define RAVEN_MAX_CPU 2
+#define RAVEN_MAX_EXT 48
+#define RAVEN_MAX_IRQ 64
+#define RAVEN_MAX_TMR OPENPIC_MAX_TMR
+#define RAVEN_MAX_IPI OPENPIC_MAX_IPI
+
+/* Interrupt definitions */
+#define RAVEN_FE_IRQ (RAVEN_MAX_EXT) /* Internal functional IRQ */
+#define RAVEN_ERR_IRQ (RAVEN_MAX_EXT + 1) /* Error IRQ */
+#define RAVEN_TMR_IRQ (RAVEN_MAX_EXT + 2) /* First timer IRQ */
+#define RAVEN_IPI_IRQ (RAVEN_TMR_IRQ + RAVEN_MAX_TMR) /* First IPI IRQ */
+/* First doorbell IRQ */
+#define RAVEN_DBL_IRQ (RAVEN_IPI_IRQ + (RAVEN_MAX_CPU * RAVEN_MAX_IPI))
+
+typedef struct FslMpicInfo {
+ int max_ext;
+} FslMpicInfo;
+
+static FslMpicInfo fsl_mpic_20 = {
+ .max_ext = 12,
+};
+
+static FslMpicInfo fsl_mpic_42 = {
+ .max_ext = 12,
+};
+
+#define FRR_NIRQ_SHIFT 16
+#define FRR_NCPU_SHIFT 8
+#define FRR_VID_SHIFT 0
+
+#define VID_REVISION_1_2 2
+#define VID_REVISION_1_3 3
+
+#define VIR_GENERIC 0x00000000 /* Generic Vendor ID */
+
+#define GCR_RESET 0x80000000
+#define GCR_MODE_PASS 0x00000000
+#define GCR_MODE_MIXED 0x20000000
+#define GCR_MODE_PROXY 0x60000000
+
+#define TBCR_CI 0x80000000 /* count inhibit */
+#define TCCR_TOG 0x80000000 /* toggles when decrement to zero */
+
+#define IDR_EP_SHIFT 31
+#define IDR_EP_MASK (1 << IDR_EP_SHIFT)
+#define IDR_CI0_SHIFT 30
+#define IDR_CI1_SHIFT 29
+#define IDR_P1_SHIFT 1
+#define IDR_P0_SHIFT 0
+
+#define ILR_INTTGT_MASK 0x000000ff
+#define ILR_INTTGT_INT 0x00
+#define ILR_INTTGT_CINT 0x01 /* critical */
+#define ILR_INTTGT_MCP 0x02 /* machine check */
+
+/* The currently supported INTTGT values happen to be the same as QEMU's
+ * openpic output codes, but don't depend on this. The output codes
+ * could change (unlikely, but...) or support could be added for
+ * more INTTGT values.
+ */
+static const int inttgt_output[][2] = {
+ { ILR_INTTGT_INT, OPENPIC_OUTPUT_INT },
+ { ILR_INTTGT_CINT, OPENPIC_OUTPUT_CINT },
+ { ILR_INTTGT_MCP, OPENPIC_OUTPUT_MCK },
+};
+
+static int inttgt_to_output(int inttgt)
+{
+ int i;
+
+ for (i = 0; i < ARRAY_SIZE(inttgt_output); i++) {
+ if (inttgt_output[i][0] == inttgt) {
+ return inttgt_output[i][1];
+ }
+ }
+
+ fprintf(stderr, "%s: unsupported inttgt %d\n", __func__, inttgt);
+ return OPENPIC_OUTPUT_INT;
+}
+
+static int output_to_inttgt(int output)
+{
+ int i;
+
+ for (i = 0; i < ARRAY_SIZE(inttgt_output); i++) {
+ if (inttgt_output[i][1] == output) {
+ return inttgt_output[i][0];
+ }
+ }
+
+ abort();
+}
+
+#define MSIIR_OFFSET 0x140
+#define MSIIR_SRS_SHIFT 29
+#define MSIIR_SRS_MASK (0x7 << MSIIR_SRS_SHIFT)
+#define MSIIR_IBS_SHIFT 24
+#define MSIIR_IBS_MASK (0x1f << MSIIR_IBS_SHIFT)
+
+static int get_current_cpu(void)
+{
+ if (!current_cpu) {
+ return -1;
+ }
+
+ return current_cpu->cpu_index;
+}
+
+static uint32_t openpic_cpu_read_internal(void *opaque, hwaddr addr,
+ int idx);
+static void openpic_cpu_write_internal(void *opaque, hwaddr addr,
+ uint32_t val, int idx);
+
+typedef enum IRQType {
+ IRQ_TYPE_NORMAL = 0,
+ IRQ_TYPE_FSLINT, /* FSL internal interrupt -- level only */
+ IRQ_TYPE_FSLSPECIAL, /* FSL timer/IPI interrupt, edge, no polarity */
+} IRQType;
+
+typedef struct IRQQueue {
+ /* Round up to the nearest 64 IRQs so that the queue length
+ * won't change when moving between 32 and 64 bit hosts.
+ */
+ unsigned long queue[BITS_TO_LONGS((OPENPIC_MAX_IRQ + 63) & ~63)];
+ int next;
+ int priority;
+} IRQQueue;
+
+typedef struct IRQSource {
+ uint32_t ivpr; /* IRQ vector/priority register */
+ uint32_t idr; /* IRQ destination register */
+ uint32_t destmask; /* bitmap of CPU destinations */
+ int last_cpu;
+ int output; /* IRQ level, e.g. OPENPIC_OUTPUT_INT */
+ int pending; /* TRUE if IRQ is pending */
+ IRQType type;
+ bool level:1; /* level-triggered */
+ bool nomask:1; /* critical interrupts ignore mask on some FSL MPICs */
+} IRQSource;
+
+#define IVPR_MASK_SHIFT 31
+#define IVPR_MASK_MASK (1 << IVPR_MASK_SHIFT)
+#define IVPR_ACTIVITY_SHIFT 30
+#define IVPR_ACTIVITY_MASK (1 << IVPR_ACTIVITY_SHIFT)
+#define IVPR_MODE_SHIFT 29
+#define IVPR_MODE_MASK (1 << IVPR_MODE_SHIFT)
+#define IVPR_POLARITY_SHIFT 23
+#define IVPR_POLARITY_MASK (1 << IVPR_POLARITY_SHIFT)
+#define IVPR_SENSE_SHIFT 22
+#define IVPR_SENSE_MASK (1 << IVPR_SENSE_SHIFT)
+
+#define IVPR_PRIORITY_MASK (0xF << 16)
+#define IVPR_PRIORITY(_ivprr_) ((int)(((_ivprr_) & IVPR_PRIORITY_MASK) >> 16))
+#define IVPR_VECTOR(opp, _ivprr_) ((_ivprr_) & (opp)->vector_mask)
+
+/* IDR[EP/CI] are only for FSL MPIC prior to v4.0 */
+#define IDR_EP 0x80000000 /* external pin */
+#define IDR_CI 0x40000000 /* critical interrupt */
+
+typedef struct IRQDest {
+ int32_t ctpr; /* CPU current task priority */
+ IRQQueue raised;
+ IRQQueue servicing;
+ qemu_irq *irqs;
+
+ /* Count of IRQ sources asserting on non-INT outputs */
+ uint32_t outputs_active[OPENPIC_OUTPUT_NB];
+} IRQDest;
+
+#define OPENPIC(obj) OBJECT_CHECK(OpenPICState, (obj), TYPE_OPENPIC)
+
+typedef struct OpenPICState {
+ /*< private >*/
+ SysBusDevice parent_obj;
+ /*< public >*/
+
+ MemoryRegion mem;
+
+ /* Behavior control */
+ FslMpicInfo *fsl;
+ uint32_t model;
+ uint32_t flags;
+ uint32_t nb_irqs;
+ uint32_t vid;
+ uint32_t vir; /* Vendor identification register */
+ uint32_t vector_mask;
+ uint32_t tfrr_reset;
+ uint32_t ivpr_reset;
+ uint32_t idr_reset;
+ uint32_t brr1;
+ uint32_t mpic_mode_mask;
+
+ /* Sub-regions */
+ MemoryRegion sub_io_mem[6];
+
+ /* Global registers */
+ uint32_t frr; /* Feature reporting register */
+ uint32_t gcr; /* Global configuration register */
+ uint32_t pir; /* Processor initialization register */
+ uint32_t spve; /* Spurious vector register */
+ uint32_t tfrr; /* Timer frequency reporting register */
+ /* Source registers */
+ IRQSource src[OPENPIC_MAX_IRQ];
+ /* Local registers per output pin */
+ IRQDest dst[MAX_CPU];
+ uint32_t nb_cpus;
+ /* Timer registers */
+ struct {
+ uint32_t tccr; /* Global timer current count register */
+ uint32_t tbcr; /* Global timer base count register */
+ } timers[OPENPIC_MAX_TMR];
+ /* Shared MSI registers */
+ struct {
+ uint32_t msir; /* Shared Message Signaled Interrupt Register */
+ } msi[MAX_MSI];
+ uint32_t max_irq;
+ uint32_t irq_ipi0;
+ uint32_t irq_tim0;
+ uint32_t irq_msi;
+} OpenPICState;
+
+static inline void IRQ_setbit(IRQQueue *q, int n_IRQ)
+{
+ set_bit(n_IRQ, q->queue);
+}
+
+static inline void IRQ_resetbit(IRQQueue *q, int n_IRQ)
+{
+ clear_bit(n_IRQ, q->queue);
+}
+
+static inline int IRQ_testbit(IRQQueue *q, int n_IRQ)
+{
+ return test_bit(n_IRQ, q->queue);
+}
+
+static void IRQ_check(OpenPICState *opp, IRQQueue *q)
+{
+ int irq = -1;
+ int next = -1;
+ int priority = -1;
+
+ for (;;) {
+ irq = find_next_bit(q->queue, opp->max_irq, irq + 1);
+ if (irq == opp->max_irq) {
+ break;
+ }
+
+ DPRINTF("IRQ_check: irq %d set ivpr_pr=%d pr=%d\n",
+ irq, IVPR_PRIORITY(opp->src[irq].ivpr), priority);
+
+ if (IVPR_PRIORITY(opp->src[irq].ivpr) > priority) {
+ next = irq;
+ priority = IVPR_PRIORITY(opp->src[irq].ivpr);
+ }
+ }
+
+ q->next = next;
+ q->priority = priority;
+}
+
+static int IRQ_get_next(OpenPICState *opp, IRQQueue *q)
+{
+ /* XXX: optimize */
+ IRQ_check(opp, q);
+
+ return q->next;
+}
+
+static void IRQ_local_pipe(OpenPICState *opp, int n_CPU, int n_IRQ,
+ bool active, bool was_active)
+{
+ IRQDest *dst;
+ IRQSource *src;
+ int priority;
+
+ dst = &opp->dst[n_CPU];
+ src = &opp->src[n_IRQ];
+
+ DPRINTF("%s: IRQ %d active %d was %d\n",
+ __func__, n_IRQ, active, was_active);
+
+ if (src->output != OPENPIC_OUTPUT_INT) {
+ DPRINTF("%s: output %d irq %d active %d was %d count %d\n",
+ __func__, src->output, n_IRQ, active, was_active,
+ dst->outputs_active[src->output]);
+
+ /* On Freescale MPIC, critical interrupts ignore priority,
+ * IACK, EOI, etc. Before MPIC v4.1 they also ignore
+ * masking.
+ */
+ if (active) {
+ if (!was_active && dst->outputs_active[src->output]++ == 0) {
+ DPRINTF("%s: Raise OpenPIC output %d cpu %d irq %d\n",
+ __func__, src->output, n_CPU, n_IRQ);
+ qemu_irq_raise(dst->irqs[src->output]);
+ }
+ } else {
+ if (was_active && --dst->outputs_active[src->output] == 0) {
+ DPRINTF("%s: Lower OpenPIC output %d cpu %d irq %d\n",
+ __func__, src->output, n_CPU, n_IRQ);
+ qemu_irq_lower(dst->irqs[src->output]);
+ }
+ }
+
+ return;
+ }
+
+ priority = IVPR_PRIORITY(src->ivpr);
+
+ /* Even if the interrupt doesn't have enough priority,
+ * it is still raised, in case ctpr is lowered later.
+ */
+ if (active) {
+ IRQ_setbit(&dst->raised, n_IRQ);
+ } else {
+ IRQ_resetbit(&dst->raised, n_IRQ);
+ }
+
+ IRQ_check(opp, &dst->raised);
+
+ if (active && priority <= dst->ctpr) {
+ DPRINTF("%s: IRQ %d priority %d too low for ctpr %d on CPU %d\n",
+ __func__, n_IRQ, priority, dst->ctpr, n_CPU);
+ active = 0;
+ }
+
+ if (active) {
+ if (IRQ_get_next(opp, &dst->servicing) >= 0 &&
+ priority <= dst->servicing.priority) {
+ DPRINTF("%s: IRQ %d is hidden by servicing IRQ %d on CPU %d\n",
+ __func__, n_IRQ, dst->servicing.next, n_CPU);
+ } else {
+ DPRINTF("%s: Raise OpenPIC INT output cpu %d irq %d/%d\n",
+ __func__, n_CPU, n_IRQ, dst->raised.next);
+ qemu_irq_raise(opp->dst[n_CPU].irqs[OPENPIC_OUTPUT_INT]);
+ }
+ } else {
+ IRQ_get_next(opp, &dst->servicing);
+ if (dst->raised.priority > dst->ctpr &&
+ dst->raised.priority > dst->servicing.priority) {
+ DPRINTF("%s: IRQ %d inactive, IRQ %d prio %d above %d/%d, CPU %d\n",
+ __func__, n_IRQ, dst->raised.next, dst->raised.priority,
+ dst->ctpr, dst->servicing.priority, n_CPU);
+ /* IRQ line stays asserted */
+ } else {
+ DPRINTF("%s: IRQ %d inactive, current prio %d/%d, CPU %d\n",
+ __func__, n_IRQ, dst->ctpr, dst->servicing.priority, n_CPU);
+ qemu_irq_lower(opp->dst[n_CPU].irqs[OPENPIC_OUTPUT_INT]);
+ }
+ }
+}
+
+/* update pic state because registers for n_IRQ have changed value */
+static void openpic_update_irq(OpenPICState *opp, int n_IRQ)
+{
+ IRQSource *src;
+ bool active, was_active;
+ int i;
+
+ src = &opp->src[n_IRQ];
+ active = src->pending;
+
+ if ((src->ivpr & IVPR_MASK_MASK) && !src->nomask) {
+ /* Interrupt source is disabled */
+ DPRINTF("%s: IRQ %d is disabled\n", __func__, n_IRQ);
+ active = false;
+ }
+
+ was_active = !!(src->ivpr & IVPR_ACTIVITY_MASK);
+
+ /*
+ * We don't have a similar check for already-active because
+ * ctpr may have changed and we need to withdraw the interrupt.
+ */
+ if (!active && !was_active) {
+ DPRINTF("%s: IRQ %d is already inactive\n", __func__, n_IRQ);
+ return;
+ }
+
+ if (active) {
+ src->ivpr |= IVPR_ACTIVITY_MASK;
+ } else {
+ src->ivpr &= ~IVPR_ACTIVITY_MASK;
+ }
+
+ if (src->destmask == 0) {
+ /* No target */
+ DPRINTF("%s: IRQ %d has no target\n", __func__, n_IRQ);
+ return;
+ }
+
+ if (src->destmask == (1 << src->last_cpu)) {
+ /* Only one CPU is allowed to receive this IRQ */
+ IRQ_local_pipe(opp, src->last_cpu, n_IRQ, active, was_active);
+ } else if (!(src->ivpr & IVPR_MODE_MASK)) {
+ /* Directed delivery mode */
+ for (i = 0; i < opp->nb_cpus; i++) {
+ if (src->destmask & (1 << i)) {
+ IRQ_local_pipe(opp, i, n_IRQ, active, was_active);
+ }
+ }
+ } else {
+ /* Distributed delivery mode */
+ for (i = src->last_cpu + 1; i != src->last_cpu; i++) {
+ if (i == opp->nb_cpus) {
+ i = 0;
+ }
+ if (src->destmask & (1 << i)) {
+ IRQ_local_pipe(opp, i, n_IRQ, active, was_active);
+ src->last_cpu = i;
+ break;
+ }
+ }
+ }
+}
+
+static void openpic_set_irq(void *opaque, int n_IRQ, int level)
+{
+ OpenPICState *opp = opaque;
+ IRQSource *src;
+
+ if (n_IRQ >= OPENPIC_MAX_IRQ) {
+ fprintf(stderr, "%s: IRQ %d out of range\n", __func__, n_IRQ);
+ abort();
+ }
+
+ src = &opp->src[n_IRQ];
+ DPRINTF("openpic: set irq %d = %d ivpr=0x%08x\n",
+ n_IRQ, level, src->ivpr);
+ if (src->level) {
+ /* level-sensitive irq */
+ src->pending = level;
+ openpic_update_irq(opp, n_IRQ);
+ } else {
+ /* edge-sensitive irq */
+ if (level) {
+ src->pending = 1;
+ openpic_update_irq(opp, n_IRQ);
+ }
+
+ if (src->output != OPENPIC_OUTPUT_INT) {
+ /* Edge-triggered interrupts shouldn't be used
+ * with non-INT delivery, but just in case,
+ * try to make it do something sane rather than
+ * cause an interrupt storm. This is close to
+ * what you'd probably see happen in real hardware.
+ */
+ src->pending = 0;
+ openpic_update_irq(opp, n_IRQ);
+ }
+ }
+}
+
+static void openpic_reset(DeviceState *d)
+{
+ OpenPICState *opp = OPENPIC(d);
+ int i;
+
+ opp->gcr = GCR_RESET;
+ /* Initialise controller registers */
+ opp->frr = ((opp->nb_irqs - 1) << FRR_NIRQ_SHIFT) |
+ ((opp->nb_cpus - 1) << FRR_NCPU_SHIFT) |
+ (opp->vid << FRR_VID_SHIFT);
+
+ opp->pir = 0;
+ opp->spve = -1 & opp->vector_mask;
+ opp->tfrr = opp->tfrr_reset;
+ /* Initialise IRQ sources */
+ for (i = 0; i < opp->max_irq; i++) {
+ opp->src[i].ivpr = opp->ivpr_reset;
+ opp->src[i].idr = opp->idr_reset;
+
+ switch (opp->src[i].type) {
+ case IRQ_TYPE_NORMAL:
+ opp->src[i].level = !!(opp->ivpr_reset & IVPR_SENSE_MASK);
+ break;
+
+ case IRQ_TYPE_FSLINT:
+ opp->src[i].ivpr |= IVPR_POLARITY_MASK;
+ break;
+
+ case IRQ_TYPE_FSLSPECIAL:
+ break;
+ }
+ }
+ /* Initialise IRQ destinations */
+ for (i = 0; i < MAX_CPU; i++) {
+ opp->dst[i].ctpr = 15;
+ memset(&opp->dst[i].raised, 0, sizeof(IRQQueue));
+ opp->dst[i].raised.next = -1;
+ memset(&opp->dst[i].servicing, 0, sizeof(IRQQueue));
+ opp->dst[i].servicing.next = -1;
+ }
+ /* Initialise timers */
+ for (i = 0; i < OPENPIC_MAX_TMR; i++) {
+ opp->timers[i].tccr = 0;
+ opp->timers[i].tbcr = TBCR_CI;
+ }
+ /* Go out of RESET state */
+ opp->gcr = 0;
+}
+
+static inline uint32_t read_IRQreg_idr(OpenPICState *opp, int n_IRQ)
+{
+ return opp->src[n_IRQ].idr;
+}
+
+static inline uint32_t read_IRQreg_ilr(OpenPICState *opp, int n_IRQ)
+{
+ if (opp->flags & OPENPIC_FLAG_ILR) {
+ return output_to_inttgt(opp->src[n_IRQ].output);
+ }
+
+ return 0xffffffff;
+}
+
+static inline uint32_t read_IRQreg_ivpr(OpenPICState *opp, int n_IRQ)
+{
+ return opp->src[n_IRQ].ivpr;
+}
+
+static inline void write_IRQreg_idr(OpenPICState *opp, int n_IRQ, uint32_t val)
+{
+ IRQSource *src = &opp->src[n_IRQ];
+ uint32_t normal_mask = (1UL << opp->nb_cpus) - 1;
+ uint32_t crit_mask = 0;
+ uint32_t mask = normal_mask;
+ int crit_shift = IDR_EP_SHIFT - opp->nb_cpus;
+ int i;
+
+ if (opp->flags & OPENPIC_FLAG_IDR_CRIT) {
+ crit_mask = mask << crit_shift;
+ mask |= crit_mask | IDR_EP;
+ }
+
+ src->idr = val & mask;
+ DPRINTF("Set IDR %d to 0x%08x\n", n_IRQ, src->idr);
+
+ if (opp->flags & OPENPIC_FLAG_IDR_CRIT) {
+ if (src->idr & crit_mask) {
+ if (src->idr & normal_mask) {
+ DPRINTF("%s: IRQ configured for multiple output types, using "
+ "critical\n", __func__);
+ }
+
+ src->output = OPENPIC_OUTPUT_CINT;
+ src->nomask = true;
+ src->destmask = 0;
+
+ for (i = 0; i < opp->nb_cpus; i++) {
+ int n_ci = IDR_CI0_SHIFT - i;
+
+ if (src->idr & (1UL << n_ci)) {
+ src->destmask |= 1UL << i;
+ }
+ }
+ } else {
+ src->output = OPENPIC_OUTPUT_INT;
+ src->nomask = false;
+ src->destmask = src->idr & normal_mask;
+ }
+ } else {
+ src->destmask = src->idr;
+ }
+}
+
+static inline void write_IRQreg_ilr(OpenPICState *opp, int n_IRQ, uint32_t val)
+{
+ if (opp->flags & OPENPIC_FLAG_ILR) {
+ IRQSource *src = &opp->src[n_IRQ];
+
+ src->output = inttgt_to_output(val & ILR_INTTGT_MASK);
+ DPRINTF("Set ILR %d to 0x%08x, output %d\n", n_IRQ, src->idr,
+ src->output);
+
+ /* TODO: on MPIC v4.0 only, set nomask for non-INT */
+ }
+}
+
+static inline void write_IRQreg_ivpr(OpenPICState *opp, int n_IRQ, uint32_t val)
+{
+ uint32_t mask;
+
+ /* NOTE when implementing newer FSL MPIC models: starting with v4.0,
+ * the polarity bit is read-only on internal interrupts.
+ */
+ mask = IVPR_MASK_MASK | IVPR_PRIORITY_MASK | IVPR_SENSE_MASK |
+ IVPR_POLARITY_MASK | opp->vector_mask;
+
+ /* ACTIVITY bit is read-only */
+ opp->src[n_IRQ].ivpr =
+ (opp->src[n_IRQ].ivpr & IVPR_ACTIVITY_MASK) | (val & mask);
+
+ /* For FSL internal interrupts, The sense bit is reserved and zero,
+ * and the interrupt is always level-triggered. Timers and IPIs
+ * have no sense or polarity bits, and are edge-triggered.
+ */
+ switch (opp->src[n_IRQ].type) {
+ case IRQ_TYPE_NORMAL:
+ opp->src[n_IRQ].level = !!(opp->src[n_IRQ].ivpr & IVPR_SENSE_MASK);
+ break;
+
+ case IRQ_TYPE_FSLINT:
+ opp->src[n_IRQ].ivpr &= ~IVPR_SENSE_MASK;
+ break;
+
+ case IRQ_TYPE_FSLSPECIAL:
+ opp->src[n_IRQ].ivpr &= ~(IVPR_POLARITY_MASK | IVPR_SENSE_MASK);
+ break;
+ }
+
+ openpic_update_irq(opp, n_IRQ);
+ DPRINTF("Set IVPR %d to 0x%08x -> 0x%08x\n", n_IRQ, val,
+ opp->src[n_IRQ].ivpr);
+}
+
+static void openpic_gcr_write(OpenPICState *opp, uint64_t val)
+{
+ bool mpic_proxy = false;
+
+ if (val & GCR_RESET) {
+ openpic_reset(DEVICE(opp));
+ return;
+ }
+
+ opp->gcr &= ~opp->mpic_mode_mask;
+ opp->gcr |= val & opp->mpic_mode_mask;
+
+ /* Set external proxy mode */
+ if ((val & opp->mpic_mode_mask) == GCR_MODE_PROXY) {
+ mpic_proxy = true;
+ }
+
+ ppce500_set_mpic_proxy(mpic_proxy);
+}
+
+static void openpic_gbl_write(void *opaque, hwaddr addr, uint64_t val,
+ unsigned len)
+{
+ OpenPICState *opp = opaque;
+ IRQDest *dst;
+ int idx;
+
+ DPRINTF("%s: addr %#" HWADDR_PRIx " <= %08" PRIx64 "\n",
+ __func__, addr, val);
+ if (addr & 0xF) {
+ return;
+ }
+ switch (addr) {
+ case 0x00: /* Block Revision Register1 (BRR1) is Readonly */
+ break;
+ case 0x40:
+ case 0x50:
+ case 0x60:
+ case 0x70:
+ case 0x80:
+ case 0x90:
+ case 0xA0:
+ case 0xB0:
+ openpic_cpu_write_internal(opp, addr, val, get_current_cpu());
+ break;
+ case 0x1000: /* FRR */
+ break;
+ case 0x1020: /* GCR */
+ openpic_gcr_write(opp, val);
+ break;
+ case 0x1080: /* VIR */
+ break;
+ case 0x1090: /* PIR */
+ for (idx = 0; idx < opp->nb_cpus; idx++) {
+ if ((val & (1 << idx)) && !(opp->pir & (1 << idx))) {
+ DPRINTF("Raise OpenPIC RESET output for CPU %d\n", idx);
+ dst = &opp->dst[idx];
+ qemu_irq_raise(dst->irqs[OPENPIC_OUTPUT_RESET]);
+ } else if (!(val & (1 << idx)) && (opp->pir & (1 << idx))) {
+ DPRINTF("Lower OpenPIC RESET output for CPU %d\n", idx);
+ dst = &opp->dst[idx];
+ qemu_irq_lower(dst->irqs[OPENPIC_OUTPUT_RESET]);
+ }
+ }
+ opp->pir = val;
+ break;
+ case 0x10A0: /* IPI_IVPR */
+ case 0x10B0:
+ case 0x10C0:
+ case 0x10D0:
+ {
+ int idx;
+ idx = (addr - 0x10A0) >> 4;
+ write_IRQreg_ivpr(opp, opp->irq_ipi0 + idx, val);
+ }
+ break;
+ case 0x10E0: /* SPVE */
+ opp->spve = val & opp->vector_mask;
+ break;
+ default:
+ break;
+ }
+}
+
+static uint64_t openpic_gbl_read(void *opaque, hwaddr addr, unsigned len)
+{
+ OpenPICState *opp = opaque;
+ uint32_t retval;
+
+ DPRINTF("%s: addr %#" HWADDR_PRIx "\n", __func__, addr);
+ retval = 0xFFFFFFFF;
+ if (addr & 0xF) {
+ return retval;
+ }
+ switch (addr) {
+ case 0x1000: /* FRR */
+ retval = opp->frr;
+ break;
+ case 0x1020: /* GCR */
+ retval = opp->gcr;
+ break;
+ case 0x1080: /* VIR */
+ retval = opp->vir;
+ break;
+ case 0x1090: /* PIR */
+ retval = 0x00000000;
+ break;
+ case 0x00: /* Block Revision Register1 (BRR1) */
+ retval = opp->brr1;
+ break;
+ case 0x40:
+ case 0x50:
+ case 0x60:
+ case 0x70:
+ case 0x80:
+ case 0x90:
+ case 0xA0:
+ case 0xB0:
+ retval = openpic_cpu_read_internal(opp, addr, get_current_cpu());
+ break;
+ case 0x10A0: /* IPI_IVPR */
+ case 0x10B0:
+ case 0x10C0:
+ case 0x10D0:
+ {
+ int idx;
+ idx = (addr - 0x10A0) >> 4;
+ retval = read_IRQreg_ivpr(opp, opp->irq_ipi0 + idx);
+ }
+ break;
+ case 0x10E0: /* SPVE */
+ retval = opp->spve;
+ break;
+ default:
+ break;
+ }
+ DPRINTF("%s: => 0x%08x\n", __func__, retval);
+
+ return retval;
+}
+
+static void openpic_tmr_write(void *opaque, hwaddr addr, uint64_t val,
+ unsigned len)
+{
+ OpenPICState *opp = opaque;
+ int idx;
+
+ addr += 0x10f0;
+
+ DPRINTF("%s: addr %#" HWADDR_PRIx " <= %08" PRIx64 "\n",
+ __func__, addr, val);
+ if (addr & 0xF) {
+ return;
+ }
+
+ if (addr == 0x10f0) {
+ /* TFRR */
+ opp->tfrr = val;
+ return;
+ }
+
+ idx = (addr >> 6) & 0x3;
+ addr = addr & 0x30;
+
+ switch (addr & 0x30) {
+ case 0x00: /* TCCR */
+ break;
+ case 0x10: /* TBCR */
+ if ((opp->timers[idx].tccr & TCCR_TOG) != 0 &&
+ (val & TBCR_CI) == 0 &&
+ (opp->timers[idx].tbcr & TBCR_CI) != 0) {
+ opp->timers[idx].tccr &= ~TCCR_TOG;
+ }
+ opp->timers[idx].tbcr = val;
+ break;
+ case 0x20: /* TVPR */
+ write_IRQreg_ivpr(opp, opp->irq_tim0 + idx, val);
+ break;
+ case 0x30: /* TDR */
+ write_IRQreg_idr(opp, opp->irq_tim0 + idx, val);
+ break;
+ }
+}
+
+static uint64_t openpic_tmr_read(void *opaque, hwaddr addr, unsigned len)
+{
+ OpenPICState *opp = opaque;
+ uint32_t retval = -1;
+ int idx;
+
+ DPRINTF("%s: addr %#" HWADDR_PRIx "\n", __func__, addr);
+ if (addr & 0xF) {
+ goto out;
+ }
+ idx = (addr >> 6) & 0x3;
+ if (addr == 0x0) {
+ /* TFRR */
+ retval = opp->tfrr;
+ goto out;
+ }
+ switch (addr & 0x30) {
+ case 0x00: /* TCCR */
+ retval = opp->timers[idx].tccr;
+ break;
+ case 0x10: /* TBCR */
+ retval = opp->timers[idx].tbcr;
+ break;
+ case 0x20: /* TIPV */
+ retval = read_IRQreg_ivpr(opp, opp->irq_tim0 + idx);
+ break;
+ case 0x30: /* TIDE (TIDR) */
+ retval = read_IRQreg_idr(opp, opp->irq_tim0 + idx);
+ break;
+ }
+
+out:
+ DPRINTF("%s: => 0x%08x\n", __func__, retval);
+
+ return retval;
+}
+
+static void openpic_src_write(void *opaque, hwaddr addr, uint64_t val,
+ unsigned len)
+{
+ OpenPICState *opp = opaque;
+ int idx;
+
+ DPRINTF("%s: addr %#" HWADDR_PRIx " <= %08" PRIx64 "\n",
+ __func__, addr, val);
+
+ addr = addr & 0xffff;
+ idx = addr >> 5;
+
+ switch (addr & 0x1f) {
+ case 0x00:
+ write_IRQreg_ivpr(opp, idx, val);
+ break;
+ case 0x10:
+ write_IRQreg_idr(opp, idx, val);
+ break;
+ case 0x18:
+ write_IRQreg_ilr(opp, idx, val);
+ break;
+ }
+}
+
+static uint64_t openpic_src_read(void *opaque, uint64_t addr, unsigned len)
+{
+ OpenPICState *opp = opaque;
+ uint32_t retval;
+ int idx;
+
+ DPRINTF("%s: addr %#" HWADDR_PRIx "\n", __func__, addr);
+ retval = 0xFFFFFFFF;
+
+ addr = addr & 0xffff;
+ idx = addr >> 5;
+
+ switch (addr & 0x1f) {
+ case 0x00:
+ retval = read_IRQreg_ivpr(opp, idx);
+ break;
+ case 0x10:
+ retval = read_IRQreg_idr(opp, idx);
+ break;
+ case 0x18:
+ retval = read_IRQreg_ilr(opp, idx);
+ break;
+ }
+
+ DPRINTF("%s: => 0x%08x\n", __func__, retval);
+ return retval;
+}
+
+static void openpic_msi_write(void *opaque, hwaddr addr, uint64_t val,
+ unsigned size)
+{
+ OpenPICState *opp = opaque;
+ int idx = opp->irq_msi;
+ int srs, ibs;
+
+ DPRINTF("%s: addr %#" HWADDR_PRIx " <= 0x%08" PRIx64 "\n",
+ __func__, addr, val);
+ if (addr & 0xF) {
+ return;
+ }
+
+ switch (addr) {
+ case MSIIR_OFFSET:
+ srs = val >> MSIIR_SRS_SHIFT;
+ idx += srs;
+ ibs = (val & MSIIR_IBS_MASK) >> MSIIR_IBS_SHIFT;
+ opp->msi[srs].msir |= 1 << ibs;
+ openpic_set_irq(opp, idx, 1);
+ break;
+ default:
+ /* most registers are read-only, thus ignored */
+ break;
+ }
+}
+
+static uint64_t openpic_msi_read(void *opaque, hwaddr addr, unsigned size)
+{
+ OpenPICState *opp = opaque;
+ uint64_t r = 0;
+ int i, srs;
+
+ DPRINTF("%s: addr %#" HWADDR_PRIx "\n", __func__, addr);
+ if (addr & 0xF) {
+ return -1;
+ }
+
+ srs = addr >> 4;
+
+ switch (addr) {
+ case 0x00:
+ case 0x10:
+ case 0x20:
+ case 0x30:
+ case 0x40:
+ case 0x50:
+ case 0x60:
+ case 0x70: /* MSIRs */
+ r = opp->msi[srs].msir;
+ /* Clear on read */
+ opp->msi[srs].msir = 0;
+ openpic_set_irq(opp, opp->irq_msi + srs, 0);
+ break;
+ case 0x120: /* MSISR */
+ for (i = 0; i < MAX_MSI; i++) {
+ r |= (opp->msi[i].msir ? 1 : 0) << i;
+ }
+ break;
+ }
+
+ return r;
+}
+
+static uint64_t openpic_summary_read(void *opaque, hwaddr addr, unsigned size)
+{
+ uint64_t r = 0;
+
+ DPRINTF("%s: addr %#" HWADDR_PRIx "\n", __func__, addr);
+
+ /* TODO: EISR/EIMR */
+
+ return r;
+}
+
+static void openpic_summary_write(void *opaque, hwaddr addr, uint64_t val,
+ unsigned size)
+{
+ DPRINTF("%s: addr %#" HWADDR_PRIx " <= 0x%08" PRIx64 "\n",
+ __func__, addr, val);
+
+ /* TODO: EISR/EIMR */
+}
+
+static void openpic_cpu_write_internal(void *opaque, hwaddr addr,
+ uint32_t val, int idx)
+{
+ OpenPICState *opp = opaque;
+ IRQSource *src;
+ IRQDest *dst;
+ int s_IRQ, n_IRQ;
+
+ DPRINTF("%s: cpu %d addr %#" HWADDR_PRIx " <= 0x%08x\n", __func__, idx,
+ addr, val);
+
+ if (idx < 0) {
+ return;
+ }
+
+ if (addr & 0xF) {
+ return;
+ }
+ dst = &opp->dst[idx];
+ addr &= 0xFF0;
+ switch (addr) {
+ case 0x40: /* IPIDR */
+ case 0x50:
+ case 0x60:
+ case 0x70:
+ idx = (addr - 0x40) >> 4;
+ /* we use IDE as mask which CPUs to deliver the IPI to still. */
+ opp->src[opp->irq_ipi0 + idx].destmask |= val;
+ openpic_set_irq(opp, opp->irq_ipi0 + idx, 1);
+ openpic_set_irq(opp, opp->irq_ipi0 + idx, 0);
+ break;
+ case 0x80: /* CTPR */
+ dst->ctpr = val & 0x0000000F;
+
+ DPRINTF("%s: set CPU %d ctpr to %d, raised %d servicing %d\n",
+ __func__, idx, dst->ctpr, dst->raised.priority,
+ dst->servicing.priority);
+
+ if (dst->raised.priority <= dst->ctpr) {
+ DPRINTF("%s: Lower OpenPIC INT output cpu %d due to ctpr\n",
+ __func__, idx);
+ qemu_irq_lower(dst->irqs[OPENPIC_OUTPUT_INT]);
+ } else if (dst->raised.priority > dst->servicing.priority) {
+ DPRINTF("%s: Raise OpenPIC INT output cpu %d irq %d\n",
+ __func__, idx, dst->raised.next);
+ qemu_irq_raise(dst->irqs[OPENPIC_OUTPUT_INT]);
+ }
+
+ break;
+ case 0x90: /* WHOAMI */
+ /* Read-only register */
+ break;
+ case 0xA0: /* IACK */
+ /* Read-only register */
+ break;
+ case 0xB0: /* EOI */
+ DPRINTF("EOI\n");
+ s_IRQ = IRQ_get_next(opp, &dst->servicing);
+
+ if (s_IRQ < 0) {
+ DPRINTF("%s: EOI with no interrupt in service\n", __func__);
+ break;
+ }
+
+ IRQ_resetbit(&dst->servicing, s_IRQ);
+ /* Set up next servicing IRQ */
+ s_IRQ = IRQ_get_next(opp, &dst->servicing);
+ /* Check queued interrupts. */
+ n_IRQ = IRQ_get_next(opp, &dst->raised);
+ src = &opp->src[n_IRQ];
+ if (n_IRQ != -1 &&
+ (s_IRQ == -1 ||
+ IVPR_PRIORITY(src->ivpr) > dst->servicing.priority)) {
+ DPRINTF("Raise OpenPIC INT output cpu %d irq %d\n",
+ idx, n_IRQ);
+ qemu_irq_raise(opp->dst[idx].irqs[OPENPIC_OUTPUT_INT]);
+ }
+ break;
+ default:
+ break;
+ }
+}
+
+static void openpic_cpu_write(void *opaque, hwaddr addr, uint64_t val,
+ unsigned len)
+{
+ openpic_cpu_write_internal(opaque, addr, val, (addr & 0x1f000) >> 12);
+}
+
+
+static uint32_t openpic_iack(OpenPICState *opp, IRQDest *dst, int cpu)
+{
+ IRQSource *src;
+ int retval, irq;
+
+ DPRINTF("Lower OpenPIC INT output\n");
+ qemu_irq_lower(dst->irqs[OPENPIC_OUTPUT_INT]);
+
+ irq = IRQ_get_next(opp, &dst->raised);
+ DPRINTF("IACK: irq=%d\n", irq);
+
+ if (irq == -1) {
+ /* No more interrupt pending */
+ return opp->spve;
+ }
+
+ src = &opp->src[irq];
+ if (!(src->ivpr & IVPR_ACTIVITY_MASK) ||
+ !(IVPR_PRIORITY(src->ivpr) > dst->ctpr)) {
+ fprintf(stderr, "%s: bad raised IRQ %d ctpr %d ivpr 0x%08x\n",
+ __func__, irq, dst->ctpr, src->ivpr);
+ openpic_update_irq(opp, irq);
+ retval = opp->spve;
+ } else {
+ /* IRQ enter servicing state */
+ IRQ_setbit(&dst->servicing, irq);
+ retval = IVPR_VECTOR(opp, src->ivpr);
+ }
+
+ if (!src->level) {
+ /* edge-sensitive IRQ */
+ src->ivpr &= ~IVPR_ACTIVITY_MASK;
+ src->pending = 0;
+ IRQ_resetbit(&dst->raised, irq);
+ }
+
+ if ((irq >= opp->irq_ipi0) && (irq < (opp->irq_ipi0 + OPENPIC_MAX_IPI))) {
+ src->destmask &= ~(1 << cpu);
+ if (src->destmask && !src->level) {
+ /* trigger on CPUs that didn't know about it yet */
+ openpic_set_irq(opp, irq, 1);
+ openpic_set_irq(opp, irq, 0);
+ /* if all CPUs knew about it, set active bit again */
+ src->ivpr |= IVPR_ACTIVITY_MASK;
+ }
+ }
+
+ return retval;
+}
+
+static uint32_t openpic_cpu_read_internal(void *opaque, hwaddr addr,
+ int idx)
+{
+ OpenPICState *opp = opaque;
+ IRQDest *dst;
+ uint32_t retval;
+
+ DPRINTF("%s: cpu %d addr %#" HWADDR_PRIx "\n", __func__, idx, addr);
+ retval = 0xFFFFFFFF;
+
+ if (idx < 0) {
+ return retval;
+ }
+
+ if (addr & 0xF) {
+ return retval;
+ }
+ dst = &opp->dst[idx];
+ addr &= 0xFF0;
+ switch (addr) {
+ case 0x80: /* CTPR */
+ retval = dst->ctpr;
+ break;
+ case 0x90: /* WHOAMI */
+ retval = idx;
+ break;
+ case 0xA0: /* IACK */
+ retval = openpic_iack(opp, dst, idx);
+ break;
+ case 0xB0: /* EOI */
+ retval = 0;
+ break;
+ default:
+ break;
+ }
+ DPRINTF("%s: => 0x%08x\n", __func__, retval);
+
+ return retval;
+}
+
+static uint64_t openpic_cpu_read(void *opaque, hwaddr addr, unsigned len)
+{
+ return openpic_cpu_read_internal(opaque, addr, (addr & 0x1f000) >> 12);
+}
+
+static const MemoryRegionOps openpic_glb_ops_le = {
+ .write = openpic_gbl_write,
+ .read = openpic_gbl_read,
+ .endianness = DEVICE_LITTLE_ENDIAN,
+ .impl = {
+ .min_access_size = 4,
+ .max_access_size = 4,
+ },
+};
+
+static const MemoryRegionOps openpic_glb_ops_be = {
+ .write = openpic_gbl_write,
+ .read = openpic_gbl_read,
+ .endianness = DEVICE_BIG_ENDIAN,
+ .impl = {
+ .min_access_size = 4,
+ .max_access_size = 4,
+ },
+};
+
+static const MemoryRegionOps openpic_tmr_ops_le = {
+ .write = openpic_tmr_write,
+ .read = openpic_tmr_read,
+ .endianness = DEVICE_LITTLE_ENDIAN,
+ .impl = {
+ .min_access_size = 4,
+ .max_access_size = 4,
+ },
+};
+
+static const MemoryRegionOps openpic_tmr_ops_be = {
+ .write = openpic_tmr_write,
+ .read = openpic_tmr_read,
+ .endianness = DEVICE_BIG_ENDIAN,
+ .impl = {
+ .min_access_size = 4,
+ .max_access_size = 4,
+ },
+};
+
+static const MemoryRegionOps openpic_cpu_ops_le = {
+ .write = openpic_cpu_write,
+ .read = openpic_cpu_read,
+ .endianness = DEVICE_LITTLE_ENDIAN,
+ .impl = {
+ .min_access_size = 4,
+ .max_access_size = 4,
+ },
+};
+
+static const MemoryRegionOps openpic_cpu_ops_be = {
+ .write = openpic_cpu_write,
+ .read = openpic_cpu_read,
+ .endianness = DEVICE_BIG_ENDIAN,
+ .impl = {
+ .min_access_size = 4,
+ .max_access_size = 4,
+ },
+};
+
+static const MemoryRegionOps openpic_src_ops_le = {
+ .write = openpic_src_write,
+ .read = openpic_src_read,
+ .endianness = DEVICE_LITTLE_ENDIAN,
+ .impl = {
+ .min_access_size = 4,
+ .max_access_size = 4,
+ },
+};
+
+static const MemoryRegionOps openpic_src_ops_be = {
+ .write = openpic_src_write,
+ .read = openpic_src_read,
+ .endianness = DEVICE_BIG_ENDIAN,
+ .impl = {
+ .min_access_size = 4,
+ .max_access_size = 4,
+ },
+};
+
+static const MemoryRegionOps openpic_msi_ops_be = {
+ .read = openpic_msi_read,
+ .write = openpic_msi_write,
+ .endianness = DEVICE_BIG_ENDIAN,
+ .impl = {
+ .min_access_size = 4,
+ .max_access_size = 4,
+ },
+};
+
+static const MemoryRegionOps openpic_summary_ops_be = {
+ .read = openpic_summary_read,
+ .write = openpic_summary_write,
+ .endianness = DEVICE_BIG_ENDIAN,
+ .impl = {
+ .min_access_size = 4,
+ .max_access_size = 4,
+ },
+};
+
+static void openpic_save_IRQ_queue(QEMUFile* f, IRQQueue *q)
+{
+ unsigned int i;
+
+ for (i = 0; i < ARRAY_SIZE(q->queue); i++) {
+ /* Always put the lower half of a 64-bit long first, in case we
+ * restore on a 32-bit host. The least significant bits correspond
+ * to lower IRQ numbers in the bitmap.
+ */
+ qemu_put_be32(f, (uint32_t)q->queue[i]);
+#if LONG_MAX > 0x7FFFFFFF
+ qemu_put_be32(f, (uint32_t)(q->queue[i] >> 32));
+#endif
+ }
+
+ qemu_put_sbe32s(f, &q->next);
+ qemu_put_sbe32s(f, &q->priority);
+}
+
+static void openpic_save(QEMUFile* f, void *opaque)
+{
+ OpenPICState *opp = (OpenPICState *)opaque;
+ unsigned int i;
+
+ qemu_put_be32s(f, &opp->gcr);
+ qemu_put_be32s(f, &opp->vir);
+ qemu_put_be32s(f, &opp->pir);
+ qemu_put_be32s(f, &opp->spve);
+ qemu_put_be32s(f, &opp->tfrr);
+
+ qemu_put_be32s(f, &opp->nb_cpus);
+
+ for (i = 0; i < opp->nb_cpus; i++) {
+ qemu_put_sbe32s(f, &opp->dst[i].ctpr);
+ openpic_save_IRQ_queue(f, &opp->dst[i].raised);
+ openpic_save_IRQ_queue(f, &opp->dst[i].servicing);
+ qemu_put_buffer(f, (uint8_t *)&opp->dst[i].outputs_active,
+ sizeof(opp->dst[i].outputs_active));
+ }
+
+ for (i = 0; i < OPENPIC_MAX_TMR; i++) {
+ qemu_put_be32s(f, &opp->timers[i].tccr);
+ qemu_put_be32s(f, &opp->timers[i].tbcr);
+ }
+
+ for (i = 0; i < opp->max_irq; i++) {
+ qemu_put_be32s(f, &opp->src[i].ivpr);
+ qemu_put_be32s(f, &opp->src[i].idr);
+ qemu_get_be32s(f, &opp->src[i].destmask);
+ qemu_put_sbe32s(f, &opp->src[i].last_cpu);
+ qemu_put_sbe32s(f, &opp->src[i].pending);
+ }
+}
+
+static void openpic_load_IRQ_queue(QEMUFile* f, IRQQueue *q)
+{
+ unsigned int i;
+
+ for (i = 0; i < ARRAY_SIZE(q->queue); i++) {
+ unsigned long val;
+
+ val = qemu_get_be32(f);
+#if LONG_MAX > 0x7FFFFFFF
+ val <<= 32;
+ val |= qemu_get_be32(f);
+#endif
+
+ q->queue[i] = val;
+ }
+
+ qemu_get_sbe32s(f, &q->next);
+ qemu_get_sbe32s(f, &q->priority);
+}
+
+static int openpic_load(QEMUFile* f, void *opaque, int version_id)
+{
+ OpenPICState *opp = (OpenPICState *)opaque;
+ unsigned int i;
+
+ if (version_id != 1) {
+ return -EINVAL;
+ }
+
+ qemu_get_be32s(f, &opp->gcr);
+ qemu_get_be32s(f, &opp->vir);
+ qemu_get_be32s(f, &opp->pir);
+ qemu_get_be32s(f, &opp->spve);
+ qemu_get_be32s(f, &opp->tfrr);
+
+ qemu_get_be32s(f, &opp->nb_cpus);
+
+ for (i = 0; i < opp->nb_cpus; i++) {
+ qemu_get_sbe32s(f, &opp->dst[i].ctpr);
+ openpic_load_IRQ_queue(f, &opp->dst[i].raised);
+ openpic_load_IRQ_queue(f, &opp->dst[i].servicing);
+ qemu_get_buffer(f, (uint8_t *)&opp->dst[i].outputs_active,
+ sizeof(opp->dst[i].outputs_active));
+ }
+
+ for (i = 0; i < OPENPIC_MAX_TMR; i++) {
+ qemu_get_be32s(f, &opp->timers[i].tccr);
+ qemu_get_be32s(f, &opp->timers[i].tbcr);
+ }
+
+ for (i = 0; i < opp->max_irq; i++) {
+ uint32_t val;
+
+ val = qemu_get_be32(f);
+ write_IRQreg_idr(opp, i, val);
+ val = qemu_get_be32(f);
+ write_IRQreg_ivpr(opp, i, val);
+
+ qemu_get_be32s(f, &opp->src[i].ivpr);
+ qemu_get_be32s(f, &opp->src[i].idr);
+ qemu_get_be32s(f, &opp->src[i].destmask);
+ qemu_get_sbe32s(f, &opp->src[i].last_cpu);
+ qemu_get_sbe32s(f, &opp->src[i].pending);
+ }
+
+ return 0;
+}
+
+typedef struct MemReg {
+ const char *name;
+ MemoryRegionOps const *ops;
+ hwaddr start_addr;
+ ram_addr_t size;
+} MemReg;
+
+static void fsl_common_init(OpenPICState *opp)
+{
+ int i;
+ int virq = OPENPIC_MAX_SRC;
+
+ opp->vid = VID_REVISION_1_2;
+ opp->vir = VIR_GENERIC;
+ opp->vector_mask = 0xFFFF;
+ opp->tfrr_reset = 0;
+ opp->ivpr_reset = IVPR_MASK_MASK;
+ opp->idr_reset = 1 << 0;
+ opp->max_irq = OPENPIC_MAX_IRQ;
+
+ opp->irq_ipi0 = virq;
+ virq += OPENPIC_MAX_IPI;
+ opp->irq_tim0 = virq;
+ virq += OPENPIC_MAX_TMR;
+
+ assert(virq <= OPENPIC_MAX_IRQ);
+
+ opp->irq_msi = 224;
+
+ msi_supported = true;
+ for (i = 0; i < opp->fsl->max_ext; i++) {
+ opp->src[i].level = false;
+ }
+
+ /* Internal interrupts, including message and MSI */
+ for (i = 16; i < OPENPIC_MAX_SRC; i++) {
+ opp->src[i].type = IRQ_TYPE_FSLINT;
+ opp->src[i].level = true;
+ }
+
+ /* timers and IPIs */
+ for (i = OPENPIC_MAX_SRC; i < virq; i++) {
+ opp->src[i].type = IRQ_TYPE_FSLSPECIAL;
+ opp->src[i].level = false;
+ }
+}
+
+static void map_list(OpenPICState *opp, const MemReg *list, int *count)
+{
+ while (list->name) {
+ assert(*count < ARRAY_SIZE(opp->sub_io_mem));
+
+ memory_region_init_io(&opp->sub_io_mem[*count], OBJECT(opp), list->ops,
+ opp, list->name, list->size);
+
+ memory_region_add_subregion(&opp->mem, list->start_addr,
+ &opp->sub_io_mem[*count]);
+
+ (*count)++;
+ list++;
+ }
+}
+
+static void openpic_init(Object *obj)
+{
+ OpenPICState *opp = OPENPIC(obj);
+
+ memory_region_init(&opp->mem, obj, "openpic", 0x40000);
+}
+
+static void openpic_realize(DeviceState *dev, Error **errp)
+{
+ SysBusDevice *d = SYS_BUS_DEVICE(dev);
+ OpenPICState *opp = OPENPIC(dev);
+ int i, j;
+ int list_count = 0;
+ static const MemReg list_le[] = {
+ {"glb", &openpic_glb_ops_le,
+ OPENPIC_GLB_REG_START, OPENPIC_GLB_REG_SIZE},
+ {"tmr", &openpic_tmr_ops_le,
+ OPENPIC_TMR_REG_START, OPENPIC_TMR_REG_SIZE},
+ {"src", &openpic_src_ops_le,
+ OPENPIC_SRC_REG_START, OPENPIC_SRC_REG_SIZE},
+ {"cpu", &openpic_cpu_ops_le,
+ OPENPIC_CPU_REG_START, OPENPIC_CPU_REG_SIZE},
+ {NULL}
+ };
+ static const MemReg list_be[] = {
+ {"glb", &openpic_glb_ops_be,
+ OPENPIC_GLB_REG_START, OPENPIC_GLB_REG_SIZE},
+ {"tmr", &openpic_tmr_ops_be,
+ OPENPIC_TMR_REG_START, OPENPIC_TMR_REG_SIZE},
+ {"src", &openpic_src_ops_be,
+ OPENPIC_SRC_REG_START, OPENPIC_SRC_REG_SIZE},
+ {"cpu", &openpic_cpu_ops_be,
+ OPENPIC_CPU_REG_START, OPENPIC_CPU_REG_SIZE},
+ {NULL}
+ };
+ static const MemReg list_fsl[] = {
+ {"msi", &openpic_msi_ops_be,
+ OPENPIC_MSI_REG_START, OPENPIC_MSI_REG_SIZE},
+ {"summary", &openpic_summary_ops_be,
+ OPENPIC_SUMMARY_REG_START, OPENPIC_SUMMARY_REG_SIZE},
+ {NULL}
+ };
+
+ switch (opp->model) {
+ case OPENPIC_MODEL_FSL_MPIC_20:
+ default:
+ opp->fsl = &fsl_mpic_20;
+ opp->brr1 = 0x00400200;
+ opp->flags |= OPENPIC_FLAG_IDR_CRIT;
+ opp->nb_irqs = 80;
+ opp->mpic_mode_mask = GCR_MODE_MIXED;
+
+ fsl_common_init(opp);
+ map_list(opp, list_be, &list_count);
+ map_list(opp, list_fsl, &list_count);
+
+ break;
+
+ case OPENPIC_MODEL_FSL_MPIC_42:
+ opp->fsl = &fsl_mpic_42;
+ opp->brr1 = 0x00400402;
+ opp->flags |= OPENPIC_FLAG_ILR;
+ opp->nb_irqs = 196;
+ opp->mpic_mode_mask = GCR_MODE_PROXY;
+
+ fsl_common_init(opp);
+ map_list(opp, list_be, &list_count);
+ map_list(opp, list_fsl, &list_count);
+
+ break;
+
+ case OPENPIC_MODEL_RAVEN:
+ opp->nb_irqs = RAVEN_MAX_EXT;
+ opp->vid = VID_REVISION_1_3;
+ opp->vir = VIR_GENERIC;
+ opp->vector_mask = 0xFF;
+ opp->tfrr_reset = 4160000;
+ opp->ivpr_reset = IVPR_MASK_MASK | IVPR_MODE_MASK;
+ opp->idr_reset = 0;
+ opp->max_irq = RAVEN_MAX_IRQ;
+ opp->irq_ipi0 = RAVEN_IPI_IRQ;
+ opp->irq_tim0 = RAVEN_TMR_IRQ;
+ opp->brr1 = -1;
+ opp->mpic_mode_mask = GCR_MODE_MIXED;
+
+ if (opp->nb_cpus != 1) {
+ error_setg(errp, "Only UP supported today");
+ return;
+ }
+
+ map_list(opp, list_le, &list_count);
+ break;
+ }
+
+ for (i = 0; i < opp->nb_cpus; i++) {
+ opp->dst[i].irqs = g_new(qemu_irq, OPENPIC_OUTPUT_NB);
+ for (j = 0; j < OPENPIC_OUTPUT_NB; j++) {
+ sysbus_init_irq(d, &opp->dst[i].irqs[j]);
+ }
+ }
+
+ register_savevm(dev, "openpic", 0, 2,
+ openpic_save, openpic_load, opp);
+
+ sysbus_init_mmio(d, &opp->mem);
+ qdev_init_gpio_in(dev, openpic_set_irq, opp->max_irq);
+}
+
+static Property openpic_properties[] = {
+ DEFINE_PROP_UINT32("model", OpenPICState, model, OPENPIC_MODEL_FSL_MPIC_20),
+ DEFINE_PROP_UINT32("nb_cpus", OpenPICState, nb_cpus, 1),
+ DEFINE_PROP_END_OF_LIST(),
+};
+
+static void openpic_class_init(ObjectClass *oc, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(oc);
+
+ dc->realize = openpic_realize;
+ dc->props = openpic_properties;
+ dc->reset = openpic_reset;
+}
+
+static const TypeInfo openpic_info = {
+ .name = TYPE_OPENPIC,
+ .parent = TYPE_SYS_BUS_DEVICE,
+ .instance_size = sizeof(OpenPICState),
+ .instance_init = openpic_init,
+ .class_init = openpic_class_init,
+};
+
+static void openpic_register_types(void)
+{
+ type_register_static(&openpic_info);
+}
+
+type_init(openpic_register_types)
diff --git a/hw/intc/openpic_kvm.c b/hw/intc/openpic_kvm.c
new file mode 100644
index 000000000..c7f7b8406
--- /dev/null
+++ b/hw/intc/openpic_kvm.c
@@ -0,0 +1,264 @@
+/*
+ * KVM in-kernel OpenPIC
+ *
+ * Copyright 2013 Freescale Semiconductor, Inc.
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+#include <sys/ioctl.h>
+#include "exec/address-spaces.h"
+#include "hw/hw.h"
+#include "hw/ppc/openpic.h"
+#include "hw/pci/msi.h"
+#include "hw/sysbus.h"
+#include "sysemu/kvm.h"
+#include "qemu/log.h"
+
+#define KVM_OPENPIC(obj) \
+ OBJECT_CHECK(KVMOpenPICState, (obj), TYPE_KVM_OPENPIC)
+
+typedef struct KVMOpenPICState {
+ /*< private >*/
+ SysBusDevice parent_obj;
+ /*< public >*/
+
+ MemoryRegion mem;
+ MemoryListener mem_listener;
+ uint32_t fd;
+ uint32_t model;
+} KVMOpenPICState;
+
+static void kvm_openpic_set_irq(void *opaque, int n_IRQ, int level)
+{
+ kvm_set_irq(kvm_state, n_IRQ, level);
+}
+
+static void kvm_openpic_reset(DeviceState *d)
+{
+ qemu_log_mask(LOG_UNIMP, "%s: unimplemented\n", __func__);
+}
+
+static void kvm_openpic_write(void *opaque, hwaddr addr, uint64_t val,
+ unsigned size)
+{
+ KVMOpenPICState *opp = opaque;
+ struct kvm_device_attr attr;
+ uint32_t val32 = val;
+ int ret;
+
+ attr.group = KVM_DEV_MPIC_GRP_REGISTER;
+ attr.attr = addr;
+ attr.addr = (uint64_t)(unsigned long)&val32;
+
+ ret = ioctl(opp->fd, KVM_SET_DEVICE_ATTR, &attr);
+ if (ret < 0) {
+ qemu_log_mask(LOG_UNIMP, "%s: %s %" PRIx64 "\n", __func__,
+ strerror(errno), attr.attr);
+ }
+}
+
+static uint64_t kvm_openpic_read(void *opaque, hwaddr addr, unsigned size)
+{
+ KVMOpenPICState *opp = opaque;
+ struct kvm_device_attr attr;
+ uint32_t val = 0xdeadbeef;
+ int ret;
+
+ attr.group = KVM_DEV_MPIC_GRP_REGISTER;
+ attr.attr = addr;
+ attr.addr = (uint64_t)(unsigned long)&val;
+
+ ret = ioctl(opp->fd, KVM_GET_DEVICE_ATTR, &attr);
+ if (ret < 0) {
+ qemu_log_mask(LOG_UNIMP, "%s: %s %" PRIx64 "\n", __func__,
+ strerror(errno), attr.attr);
+ return 0;
+ }
+
+ return val;
+}
+
+static const MemoryRegionOps kvm_openpic_mem_ops = {
+ .write = kvm_openpic_write,
+ .read = kvm_openpic_read,
+ .endianness = DEVICE_BIG_ENDIAN,
+ .impl = {
+ .min_access_size = 4,
+ .max_access_size = 4,
+ },
+};
+
+static void kvm_openpic_region_add(MemoryListener *listener,
+ MemoryRegionSection *section)
+{
+ KVMOpenPICState *opp = container_of(listener, KVMOpenPICState,
+ mem_listener);
+ struct kvm_device_attr attr;
+ uint64_t reg_base;
+ int ret;
+
+ if (section->address_space != &address_space_memory) {
+ abort();
+ }
+
+ reg_base = section->offset_within_address_space;
+
+ attr.group = KVM_DEV_MPIC_GRP_MISC;
+ attr.attr = KVM_DEV_MPIC_BASE_ADDR;
+ attr.addr = (uint64_t)(unsigned long)&reg_base;
+
+ ret = ioctl(opp->fd, KVM_SET_DEVICE_ATTR, &attr);
+ if (ret < 0) {
+ fprintf(stderr, "%s: %s %" PRIx64 "\n", __func__,
+ strerror(errno), reg_base);
+ }
+}
+
+static void kvm_openpic_region_del(MemoryListener *listener,
+ MemoryRegionSection *section)
+{
+ KVMOpenPICState *opp = container_of(listener, KVMOpenPICState,
+ mem_listener);
+ struct kvm_device_attr attr;
+ uint64_t reg_base = 0;
+ int ret;
+
+ attr.group = KVM_DEV_MPIC_GRP_MISC;
+ attr.attr = KVM_DEV_MPIC_BASE_ADDR;
+ attr.addr = (uint64_t)(unsigned long)&reg_base;
+
+ ret = ioctl(opp->fd, KVM_SET_DEVICE_ATTR, &attr);
+ if (ret < 0) {
+ fprintf(stderr, "%s: %s %" PRIx64 "\n", __func__,
+ strerror(errno), reg_base);
+ }
+}
+
+static void kvm_openpic_init(Object *obj)
+{
+ KVMOpenPICState *opp = KVM_OPENPIC(obj);
+
+ memory_region_init_io(&opp->mem, OBJECT(opp), &kvm_openpic_mem_ops, opp,
+ "kvm-openpic", 0x40000);
+}
+
+static void kvm_openpic_realize(DeviceState *dev, Error **errp)
+{
+ SysBusDevice *d = SYS_BUS_DEVICE(dev);
+ KVMOpenPICState *opp = KVM_OPENPIC(dev);
+ KVMState *s = kvm_state;
+ int kvm_openpic_model;
+ struct kvm_create_device cd = {0};
+ int ret, i;
+
+ if (!kvm_check_extension(s, KVM_CAP_DEVICE_CTRL)) {
+ error_setg(errp, "Kernel is lacking Device Control API");
+ return;
+ }
+
+ switch (opp->model) {
+ case OPENPIC_MODEL_FSL_MPIC_20:
+ kvm_openpic_model = KVM_DEV_TYPE_FSL_MPIC_20;
+ break;
+
+ case OPENPIC_MODEL_FSL_MPIC_42:
+ kvm_openpic_model = KVM_DEV_TYPE_FSL_MPIC_42;
+ break;
+
+ default:
+ error_setg(errp, "Unsupported OpenPIC model %" PRIu32, opp->model);
+ return;
+ }
+
+ cd.type = kvm_openpic_model;
+ ret = kvm_vm_ioctl(s, KVM_CREATE_DEVICE, &cd);
+ if (ret < 0) {
+ error_setg(errp, "Can't create device %d: %s",
+ cd.type, strerror(errno));
+ return;
+ }
+ opp->fd = cd.fd;
+
+ sysbus_init_mmio(d, &opp->mem);
+ qdev_init_gpio_in(dev, kvm_openpic_set_irq, OPENPIC_MAX_IRQ);
+
+ opp->mem_listener.region_add = kvm_openpic_region_add;
+ opp->mem_listener.region_add = kvm_openpic_region_del;
+ memory_listener_register(&opp->mem_listener, &address_space_memory);
+
+ /* indicate pic capabilities */
+ msi_supported = true;
+ kvm_kernel_irqchip = true;
+ kvm_async_interrupts_allowed = true;
+
+ /* set up irq routing */
+ kvm_init_irq_routing(kvm_state);
+ for (i = 0; i < 256; ++i) {
+ kvm_irqchip_add_irq_route(kvm_state, i, 0, i);
+ }
+
+ kvm_irqfds_allowed = true;
+ kvm_msi_via_irqfd_allowed = true;
+ kvm_gsi_routing_allowed = true;
+
+ kvm_irqchip_commit_routes(s);
+}
+
+int kvm_openpic_connect_vcpu(DeviceState *d, CPUState *cs)
+{
+ KVMOpenPICState *opp = KVM_OPENPIC(d);
+ struct kvm_enable_cap encap = {};
+
+ encap.cap = KVM_CAP_IRQ_MPIC;
+ encap.args[0] = opp->fd;
+ encap.args[1] = cs->cpu_index;
+
+ return kvm_vcpu_ioctl(cs, KVM_ENABLE_CAP, &encap);
+}
+
+static Property kvm_openpic_properties[] = {
+ DEFINE_PROP_UINT32("model", KVMOpenPICState, model,
+ OPENPIC_MODEL_FSL_MPIC_20),
+ DEFINE_PROP_END_OF_LIST(),
+};
+
+static void kvm_openpic_class_init(ObjectClass *oc, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(oc);
+
+ dc->realize = kvm_openpic_realize;
+ dc->props = kvm_openpic_properties;
+ dc->reset = kvm_openpic_reset;
+}
+
+static const TypeInfo kvm_openpic_info = {
+ .name = TYPE_KVM_OPENPIC,
+ .parent = TYPE_SYS_BUS_DEVICE,
+ .instance_size = sizeof(KVMOpenPICState),
+ .instance_init = kvm_openpic_init,
+ .class_init = kvm_openpic_class_init,
+};
+
+static void kvm_openpic_register_types(void)
+{
+ type_register_static(&kvm_openpic_info);
+}
+
+type_init(kvm_openpic_register_types)
diff --git a/hw/intc/pl190.c b/hw/intc/pl190.c
new file mode 100644
index 000000000..329680da3
--- /dev/null
+++ b/hw/intc/pl190.c
@@ -0,0 +1,293 @@
+/*
+ * Arm PrimeCell PL190 Vector Interrupt Controller
+ *
+ * Copyright (c) 2006 CodeSourcery.
+ * Written by Paul Brook
+ *
+ * This code is licensed under the GPL.
+ */
+
+#include "hw/sysbus.h"
+
+/* The number of virtual priority levels. 16 user vectors plus the
+ unvectored IRQ. Chained interrupts would require an additional level
+ if implemented. */
+
+#define PL190_NUM_PRIO 17
+
+#define TYPE_PL190 "pl190"
+#define PL190(obj) OBJECT_CHECK(PL190State, (obj), TYPE_PL190)
+
+typedef struct PL190State {
+ SysBusDevice parent_obj;
+
+ MemoryRegion iomem;
+ uint32_t level;
+ uint32_t soft_level;
+ uint32_t irq_enable;
+ uint32_t fiq_select;
+ uint8_t vect_control[16];
+ uint32_t vect_addr[PL190_NUM_PRIO];
+ /* Mask containing interrupts with higher priority than this one. */
+ uint32_t prio_mask[PL190_NUM_PRIO + 1];
+ int protected;
+ /* Current priority level. */
+ int priority;
+ int prev_prio[PL190_NUM_PRIO];
+ qemu_irq irq;
+ qemu_irq fiq;
+} PL190State;
+
+static const unsigned char pl190_id[] =
+{ 0x90, 0x11, 0x04, 0x00, 0x0D, 0xf0, 0x05, 0xb1 };
+
+static inline uint32_t pl190_irq_level(PL190State *s)
+{
+ return (s->level | s->soft_level) & s->irq_enable & ~s->fiq_select;
+}
+
+/* Update interrupts. */
+static void pl190_update(PL190State *s)
+{
+ uint32_t level = pl190_irq_level(s);
+ int set;
+
+ set = (level & s->prio_mask[s->priority]) != 0;
+ qemu_set_irq(s->irq, set);
+ set = ((s->level | s->soft_level) & s->fiq_select) != 0;
+ qemu_set_irq(s->fiq, set);
+}
+
+static void pl190_set_irq(void *opaque, int irq, int level)
+{
+ PL190State *s = (PL190State *)opaque;
+
+ if (level)
+ s->level |= 1u << irq;
+ else
+ s->level &= ~(1u << irq);
+ pl190_update(s);
+}
+
+static void pl190_update_vectors(PL190State *s)
+{
+ uint32_t mask;
+ int i;
+ int n;
+
+ mask = 0;
+ for (i = 0; i < 16; i++)
+ {
+ s->prio_mask[i] = mask;
+ if (s->vect_control[i] & 0x20)
+ {
+ n = s->vect_control[i] & 0x1f;
+ mask |= 1 << n;
+ }
+ }
+ s->prio_mask[16] = mask;
+ pl190_update(s);
+}
+
+static uint64_t pl190_read(void *opaque, hwaddr offset,
+ unsigned size)
+{
+ PL190State *s = (PL190State *)opaque;
+ int i;
+
+ if (offset >= 0xfe0 && offset < 0x1000) {
+ return pl190_id[(offset - 0xfe0) >> 2];
+ }
+ if (offset >= 0x100 && offset < 0x140) {
+ return s->vect_addr[(offset - 0x100) >> 2];
+ }
+ if (offset >= 0x200 && offset < 0x240) {
+ return s->vect_control[(offset - 0x200) >> 2];
+ }
+ switch (offset >> 2) {
+ case 0: /* IRQSTATUS */
+ return pl190_irq_level(s);
+ case 1: /* FIQSATUS */
+ return (s->level | s->soft_level) & s->fiq_select;
+ case 2: /* RAWINTR */
+ return s->level | s->soft_level;
+ case 3: /* INTSELECT */
+ return s->fiq_select;
+ case 4: /* INTENABLE */
+ return s->irq_enable;
+ case 6: /* SOFTINT */
+ return s->soft_level;
+ case 8: /* PROTECTION */
+ return s->protected;
+ case 12: /* VECTADDR */
+ /* Read vector address at the start of an ISR. Increases the
+ * current priority level to that of the current interrupt.
+ *
+ * Since an enabled interrupt X at priority P causes prio_mask[Y]
+ * to have bit X set for all Y > P, this loop will stop with
+ * i == the priority of the highest priority set interrupt.
+ */
+ for (i = 0; i < s->priority; i++) {
+ if ((s->level | s->soft_level) & s->prio_mask[i + 1]) {
+ break;
+ }
+ }
+
+ /* Reading this value with no pending interrupts is undefined.
+ We return the default address. */
+ if (i == PL190_NUM_PRIO)
+ return s->vect_addr[16];
+ if (i < s->priority)
+ {
+ s->prev_prio[i] = s->priority;
+ s->priority = i;
+ pl190_update(s);
+ }
+ return s->vect_addr[s->priority];
+ case 13: /* DEFVECTADDR */
+ return s->vect_addr[16];
+ default:
+ qemu_log_mask(LOG_GUEST_ERROR,
+ "pl190_read: Bad offset %x\n", (int)offset);
+ return 0;
+ }
+}
+
+static void pl190_write(void *opaque, hwaddr offset,
+ uint64_t val, unsigned size)
+{
+ PL190State *s = (PL190State *)opaque;
+
+ if (offset >= 0x100 && offset < 0x140) {
+ s->vect_addr[(offset - 0x100) >> 2] = val;
+ pl190_update_vectors(s);
+ return;
+ }
+ if (offset >= 0x200 && offset < 0x240) {
+ s->vect_control[(offset - 0x200) >> 2] = val;
+ pl190_update_vectors(s);
+ return;
+ }
+ switch (offset >> 2) {
+ case 0: /* SELECT */
+ /* This is a readonly register, but linux tries to write to it
+ anyway. Ignore the write. */
+ break;
+ case 3: /* INTSELECT */
+ s->fiq_select = val;
+ break;
+ case 4: /* INTENABLE */
+ s->irq_enable |= val;
+ break;
+ case 5: /* INTENCLEAR */
+ s->irq_enable &= ~val;
+ break;
+ case 6: /* SOFTINT */
+ s->soft_level |= val;
+ break;
+ case 7: /* SOFTINTCLEAR */
+ s->soft_level &= ~val;
+ break;
+ case 8: /* PROTECTION */
+ /* TODO: Protection (supervisor only access) is not implemented. */
+ s->protected = val & 1;
+ break;
+ case 12: /* VECTADDR */
+ /* Restore the previous priority level. The value written is
+ ignored. */
+ if (s->priority < PL190_NUM_PRIO)
+ s->priority = s->prev_prio[s->priority];
+ break;
+ case 13: /* DEFVECTADDR */
+ s->vect_addr[16] = val;
+ break;
+ case 0xc0: /* ITCR */
+ if (val) {
+ qemu_log_mask(LOG_UNIMP, "pl190: Test mode not implemented\n");
+ }
+ break;
+ default:
+ qemu_log_mask(LOG_GUEST_ERROR,
+ "pl190_write: Bad offset %x\n", (int)offset);
+ return;
+ }
+ pl190_update(s);
+}
+
+static const MemoryRegionOps pl190_ops = {
+ .read = pl190_read,
+ .write = pl190_write,
+ .endianness = DEVICE_NATIVE_ENDIAN,
+};
+
+static void pl190_reset(DeviceState *d)
+{
+ PL190State *s = PL190(d);
+ int i;
+
+ for (i = 0; i < 16; i++) {
+ s->vect_addr[i] = 0;
+ s->vect_control[i] = 0;
+ }
+ s->vect_addr[16] = 0;
+ s->prio_mask[17] = 0xffffffff;
+ s->priority = PL190_NUM_PRIO;
+ pl190_update_vectors(s);
+}
+
+static int pl190_init(SysBusDevice *sbd)
+{
+ DeviceState *dev = DEVICE(sbd);
+ PL190State *s = PL190(dev);
+
+ memory_region_init_io(&s->iomem, OBJECT(s), &pl190_ops, s, "pl190", 0x1000);
+ sysbus_init_mmio(sbd, &s->iomem);
+ qdev_init_gpio_in(dev, pl190_set_irq, 32);
+ sysbus_init_irq(sbd, &s->irq);
+ sysbus_init_irq(sbd, &s->fiq);
+ return 0;
+}
+
+static const VMStateDescription vmstate_pl190 = {
+ .name = "pl190",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .fields = (VMStateField[]) {
+ VMSTATE_UINT32(level, PL190State),
+ VMSTATE_UINT32(soft_level, PL190State),
+ VMSTATE_UINT32(irq_enable, PL190State),
+ VMSTATE_UINT32(fiq_select, PL190State),
+ VMSTATE_UINT8_ARRAY(vect_control, PL190State, 16),
+ VMSTATE_UINT32_ARRAY(vect_addr, PL190State, PL190_NUM_PRIO),
+ VMSTATE_UINT32_ARRAY(prio_mask, PL190State, PL190_NUM_PRIO+1),
+ VMSTATE_INT32(protected, PL190State),
+ VMSTATE_INT32(priority, PL190State),
+ VMSTATE_INT32_ARRAY(prev_prio, PL190State, PL190_NUM_PRIO),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+static void pl190_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
+
+ k->init = pl190_init;
+ dc->no_user = 1;
+ dc->reset = pl190_reset;
+ dc->vmsd = &vmstate_pl190;
+}
+
+static const TypeInfo pl190_info = {
+ .name = TYPE_PL190,
+ .parent = TYPE_SYS_BUS_DEVICE,
+ .instance_size = sizeof(PL190State),
+ .class_init = pl190_class_init,
+};
+
+static void pl190_register_types(void)
+{
+ type_register_static(&pl190_info);
+}
+
+type_init(pl190_register_types)
diff --git a/hw/intc/puv3_intc.c b/hw/intc/puv3_intc.c
new file mode 100644
index 000000000..c2803d07d
--- /dev/null
+++ b/hw/intc/puv3_intc.c
@@ -0,0 +1,140 @@
+/*
+ * INTC device simulation in PKUnity SoC
+ *
+ * Copyright (C) 2010-2012 Guan Xuetao
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation, or any later version.
+ * See the COPYING file in the top-level directory.
+ */
+#include "hw/sysbus.h"
+
+#undef DEBUG_PUV3
+#include "hw/unicore32/puv3.h"
+
+#define TYPE_PUV3_INTC "puv3_intc"
+#define PUV3_INTC(obj) OBJECT_CHECK(PUV3INTCState, (obj), TYPE_PUV3_INTC)
+
+typedef struct PUV3INTCState {
+ SysBusDevice parent_obj;
+
+ MemoryRegion iomem;
+ qemu_irq parent_irq;
+
+ uint32_t reg_ICMR;
+ uint32_t reg_ICPR;
+} PUV3INTCState;
+
+/* Update interrupt status after enabled or pending bits have been changed. */
+static void puv3_intc_update(PUV3INTCState *s)
+{
+ if (s->reg_ICMR & s->reg_ICPR) {
+ qemu_irq_raise(s->parent_irq);
+ } else {
+ qemu_irq_lower(s->parent_irq);
+ }
+}
+
+/* Process a change in an external INTC input. */
+static void puv3_intc_handler(void *opaque, int irq, int level)
+{
+ PUV3INTCState *s = opaque;
+
+ DPRINTF("irq 0x%x, level 0x%x\n", irq, level);
+ if (level) {
+ s->reg_ICPR |= (1 << irq);
+ } else {
+ s->reg_ICPR &= ~(1 << irq);
+ }
+ puv3_intc_update(s);
+}
+
+static uint64_t puv3_intc_read(void *opaque, hwaddr offset,
+ unsigned size)
+{
+ PUV3INTCState *s = opaque;
+ uint32_t ret = 0;
+
+ switch (offset) {
+ case 0x04: /* INTC_ICMR */
+ ret = s->reg_ICMR;
+ break;
+ case 0x0c: /* INTC_ICIP */
+ ret = s->reg_ICPR; /* the same value with ICPR */
+ break;
+ default:
+ DPRINTF("Bad offset %x\n", (int)offset);
+ }
+ DPRINTF("offset 0x%x, value 0x%x\n", offset, ret);
+ return ret;
+}
+
+static void puv3_intc_write(void *opaque, hwaddr offset,
+ uint64_t value, unsigned size)
+{
+ PUV3INTCState *s = opaque;
+
+ DPRINTF("offset 0x%x, value 0x%x\n", offset, value);
+ switch (offset) {
+ case 0x00: /* INTC_ICLR */
+ case 0x14: /* INTC_ICCR */
+ break;
+ case 0x04: /* INTC_ICMR */
+ s->reg_ICMR = value;
+ break;
+ default:
+ DPRINTF("Bad offset 0x%x\n", (int)offset);
+ return;
+ }
+ puv3_intc_update(s);
+}
+
+static const MemoryRegionOps puv3_intc_ops = {
+ .read = puv3_intc_read,
+ .write = puv3_intc_write,
+ .impl = {
+ .min_access_size = 4,
+ .max_access_size = 4,
+ },
+ .endianness = DEVICE_NATIVE_ENDIAN,
+};
+
+static int puv3_intc_init(SysBusDevice *sbd)
+{
+ DeviceState *dev = DEVICE(sbd);
+ PUV3INTCState *s = PUV3_INTC(dev);
+
+ qdev_init_gpio_in(dev, puv3_intc_handler, PUV3_IRQS_NR);
+ sysbus_init_irq(sbd, &s->parent_irq);
+
+ s->reg_ICMR = 0;
+ s->reg_ICPR = 0;
+
+ memory_region_init_io(&s->iomem, OBJECT(s), &puv3_intc_ops, s, "puv3_intc",
+ PUV3_REGS_OFFSET);
+ sysbus_init_mmio(sbd, &s->iomem);
+
+ return 0;
+}
+
+static void puv3_intc_class_init(ObjectClass *klass, void *data)
+{
+ SysBusDeviceClass *sdc = SYS_BUS_DEVICE_CLASS(klass);
+
+ sdc->init = puv3_intc_init;
+}
+
+static const TypeInfo puv3_intc_info = {
+ .name = TYPE_PUV3_INTC,
+ .parent = TYPE_SYS_BUS_DEVICE,
+ .instance_size = sizeof(PUV3INTCState),
+ .class_init = puv3_intc_class_init,
+};
+
+static void puv3_intc_register_type(void)
+{
+ type_register_static(&puv3_intc_info);
+}
+
+type_init(puv3_intc_register_type)
diff --git a/hw/intc/realview_gic.c b/hw/intc/realview_gic.c
new file mode 100644
index 000000000..ce8044780
--- /dev/null
+++ b/hw/intc/realview_gic.c
@@ -0,0 +1,81 @@
+/*
+ * ARM RealView Emulation Baseboard Interrupt Controller
+ *
+ * Copyright (c) 2006-2007 CodeSourcery.
+ * Written by Paul Brook
+ *
+ * This code is licensed under the GPL.
+ */
+
+#include "hw/sysbus.h"
+
+#define TYPE_REALVIEW_GIC "realview_gic"
+#define REALVIEW_GIC(obj) \
+ OBJECT_CHECK(RealViewGICState, (obj), TYPE_REALVIEW_GIC)
+
+typedef struct {
+ SysBusDevice parent_obj;
+
+ DeviceState *gic;
+ MemoryRegion container;
+} RealViewGICState;
+
+static void realview_gic_set_irq(void *opaque, int irq, int level)
+{
+ RealViewGICState *s = (RealViewGICState *)opaque;
+ qemu_set_irq(qdev_get_gpio_in(s->gic, irq), level);
+}
+
+static int realview_gic_init(SysBusDevice *sbd)
+{
+ DeviceState *dev = DEVICE(sbd);
+ RealViewGICState *s = REALVIEW_GIC(dev);
+ SysBusDevice *busdev;
+ /* The GICs on the RealView boards have a fixed nonconfigurable
+ * number of interrupt lines, so we don't need to expose this as
+ * a qdev property.
+ */
+ int numirq = 96;
+
+ s->gic = qdev_create(NULL, "arm_gic");
+ qdev_prop_set_uint32(s->gic, "num-cpu", 1);
+ qdev_prop_set_uint32(s->gic, "num-irq", numirq);
+ qdev_init_nofail(s->gic);
+ busdev = SYS_BUS_DEVICE(s->gic);
+
+ /* Pass through outbound IRQ lines from the GIC */
+ sysbus_pass_irq(sbd, busdev);
+
+ /* Pass through inbound GPIO lines to the GIC */
+ qdev_init_gpio_in(dev, realview_gic_set_irq, numirq - 32);
+
+ memory_region_init(&s->container, OBJECT(s),
+ "realview-gic-container", 0x2000);
+ memory_region_add_subregion(&s->container, 0,
+ sysbus_mmio_get_region(busdev, 1));
+ memory_region_add_subregion(&s->container, 0x1000,
+ sysbus_mmio_get_region(busdev, 0));
+ sysbus_init_mmio(sbd, &s->container);
+ return 0;
+}
+
+static void realview_gic_class_init(ObjectClass *klass, void *data)
+{
+ SysBusDeviceClass *sdc = SYS_BUS_DEVICE_CLASS(klass);
+
+ sdc->init = realview_gic_init;
+}
+
+static const TypeInfo realview_gic_info = {
+ .name = TYPE_REALVIEW_GIC,
+ .parent = TYPE_SYS_BUS_DEVICE,
+ .instance_size = sizeof(RealViewGICState),
+ .class_init = realview_gic_class_init,
+};
+
+static void realview_gic_register_types(void)
+{
+ type_register_static(&realview_gic_info);
+}
+
+type_init(realview_gic_register_types)
diff --git a/hw/intc/sh_intc.c b/hw/intc/sh_intc.c
new file mode 100644
index 000000000..55c76e4af
--- /dev/null
+++ b/hw/intc/sh_intc.c
@@ -0,0 +1,512 @@
+/*
+ * SuperH interrupt controller module
+ *
+ * Copyright (c) 2007 Magnus Damm
+ * Based on sh_timer.c and arm_timer.c by Paul Brook
+ * Copyright (c) 2005-2006 CodeSourcery.
+ *
+ * This code is licensed under the GPL.
+ */
+
+#include "hw/sh4/sh_intc.h"
+#include "hw/hw.h"
+#include "hw/sh4/sh.h"
+
+//#define DEBUG_INTC
+//#define DEBUG_INTC_SOURCES
+
+#define INTC_A7(x) ((x) & 0x1fffffff)
+
+void sh_intc_toggle_source(struct intc_source *source,
+ int enable_adj, int assert_adj)
+{
+ int enable_changed = 0;
+ int pending_changed = 0;
+ int old_pending;
+
+ if ((source->enable_count == source->enable_max) && (enable_adj == -1))
+ enable_changed = -1;
+
+ source->enable_count += enable_adj;
+
+ if (source->enable_count == source->enable_max)
+ enable_changed = 1;
+
+ source->asserted += assert_adj;
+
+ old_pending = source->pending;
+ source->pending = source->asserted &&
+ (source->enable_count == source->enable_max);
+
+ if (old_pending != source->pending)
+ pending_changed = 1;
+
+ if (pending_changed) {
+ if (source->pending) {
+ source->parent->pending++;
+ if (source->parent->pending == 1) {
+ cpu_interrupt(first_cpu, CPU_INTERRUPT_HARD);
+ }
+ } else {
+ source->parent->pending--;
+ if (source->parent->pending == 0) {
+ cpu_reset_interrupt(first_cpu, CPU_INTERRUPT_HARD);
+ }
+ }
+ }
+
+ if (enable_changed || assert_adj || pending_changed) {
+#ifdef DEBUG_INTC_SOURCES
+ printf("sh_intc: (%d/%d/%d/%d) interrupt source 0x%x %s%s%s\n",
+ source->parent->pending,
+ source->asserted,
+ source->enable_count,
+ source->enable_max,
+ source->vect,
+ source->asserted ? "asserted " :
+ assert_adj ? "deasserted" : "",
+ enable_changed == 1 ? "enabled " :
+ enable_changed == -1 ? "disabled " : "",
+ source->pending ? "pending" : "");
+#endif
+ }
+}
+
+static void sh_intc_set_irq (void *opaque, int n, int level)
+{
+ struct intc_desc *desc = opaque;
+ struct intc_source *source = &(desc->sources[n]);
+
+ if (level && !source->asserted)
+ sh_intc_toggle_source(source, 0, 1);
+ else if (!level && source->asserted)
+ sh_intc_toggle_source(source, 0, -1);
+}
+
+int sh_intc_get_pending_vector(struct intc_desc *desc, int imask)
+{
+ unsigned int i;
+
+ /* slow: use a linked lists of pending sources instead */
+ /* wrong: take interrupt priority into account (one list per priority) */
+
+ if (imask == 0x0f) {
+ return -1; /* FIXME, update code to include priority per source */
+ }
+
+ for (i = 0; i < desc->nr_sources; i++) {
+ struct intc_source *source = desc->sources + i;
+
+ if (source->pending) {
+#ifdef DEBUG_INTC_SOURCES
+ printf("sh_intc: (%d) returning interrupt source 0x%x\n",
+ desc->pending, source->vect);
+#endif
+ return source->vect;
+ }
+ }
+
+ abort();
+}
+
+#define INTC_MODE_NONE 0
+#define INTC_MODE_DUAL_SET 1
+#define INTC_MODE_DUAL_CLR 2
+#define INTC_MODE_ENABLE_REG 3
+#define INTC_MODE_MASK_REG 4
+#define INTC_MODE_IS_PRIO 8
+
+static unsigned int sh_intc_mode(unsigned long address,
+ unsigned long set_reg, unsigned long clr_reg)
+{
+ if ((address != INTC_A7(set_reg)) &&
+ (address != INTC_A7(clr_reg)))
+ return INTC_MODE_NONE;
+
+ if (set_reg && clr_reg) {
+ if (address == INTC_A7(set_reg))
+ return INTC_MODE_DUAL_SET;
+ else
+ return INTC_MODE_DUAL_CLR;
+ }
+
+ if (set_reg)
+ return INTC_MODE_ENABLE_REG;
+ else
+ return INTC_MODE_MASK_REG;
+}
+
+static void sh_intc_locate(struct intc_desc *desc,
+ unsigned long address,
+ unsigned long **datap,
+ intc_enum **enums,
+ unsigned int *first,
+ unsigned int *width,
+ unsigned int *modep)
+{
+ unsigned int i, mode;
+
+ /* this is slow but works for now */
+
+ if (desc->mask_regs) {
+ for (i = 0; i < desc->nr_mask_regs; i++) {
+ struct intc_mask_reg *mr = desc->mask_regs + i;
+
+ mode = sh_intc_mode(address, mr->set_reg, mr->clr_reg);
+ if (mode == INTC_MODE_NONE)
+ continue;
+
+ *modep = mode;
+ *datap = &mr->value;
+ *enums = mr->enum_ids;
+ *first = mr->reg_width - 1;
+ *width = 1;
+ return;
+ }
+ }
+
+ if (desc->prio_regs) {
+ for (i = 0; i < desc->nr_prio_regs; i++) {
+ struct intc_prio_reg *pr = desc->prio_regs + i;
+
+ mode = sh_intc_mode(address, pr->set_reg, pr->clr_reg);
+ if (mode == INTC_MODE_NONE)
+ continue;
+
+ *modep = mode | INTC_MODE_IS_PRIO;
+ *datap = &pr->value;
+ *enums = pr->enum_ids;
+ *first = (pr->reg_width / pr->field_width) - 1;
+ *width = pr->field_width;
+ return;
+ }
+ }
+
+ abort();
+}
+
+static void sh_intc_toggle_mask(struct intc_desc *desc, intc_enum id,
+ int enable, int is_group)
+{
+ struct intc_source *source = desc->sources + id;
+
+ if (!id)
+ return;
+
+ if (!source->next_enum_id && (!source->enable_max || !source->vect)) {
+#ifdef DEBUG_INTC_SOURCES
+ printf("sh_intc: reserved interrupt source %d modified\n", id);
+#endif
+ return;
+ }
+
+ if (source->vect)
+ sh_intc_toggle_source(source, enable ? 1 : -1, 0);
+
+#ifdef DEBUG_INTC
+ else {
+ printf("setting interrupt group %d to %d\n", id, !!enable);
+ }
+#endif
+
+ if ((is_group || !source->vect) && source->next_enum_id) {
+ sh_intc_toggle_mask(desc, source->next_enum_id, enable, 1);
+ }
+
+#ifdef DEBUG_INTC
+ if (!source->vect) {
+ printf("setting interrupt group %d to %d - done\n", id, !!enable);
+ }
+#endif
+}
+
+static uint64_t sh_intc_read(void *opaque, hwaddr offset,
+ unsigned size)
+{
+ struct intc_desc *desc = opaque;
+ intc_enum *enum_ids = NULL;
+ unsigned int first = 0;
+ unsigned int width = 0;
+ unsigned int mode = 0;
+ unsigned long *valuep;
+
+#ifdef DEBUG_INTC
+ printf("sh_intc_read 0x%lx\n", (unsigned long) offset);
+#endif
+
+ sh_intc_locate(desc, (unsigned long)offset, &valuep,
+ &enum_ids, &first, &width, &mode);
+ return *valuep;
+}
+
+static void sh_intc_write(void *opaque, hwaddr offset,
+ uint64_t value, unsigned size)
+{
+ struct intc_desc *desc = opaque;
+ intc_enum *enum_ids = NULL;
+ unsigned int first = 0;
+ unsigned int width = 0;
+ unsigned int mode = 0;
+ unsigned int k;
+ unsigned long *valuep;
+ unsigned long mask;
+
+#ifdef DEBUG_INTC
+ printf("sh_intc_write 0x%lx 0x%08x\n", (unsigned long) offset, value);
+#endif
+
+ sh_intc_locate(desc, (unsigned long)offset, &valuep,
+ &enum_ids, &first, &width, &mode);
+
+ switch (mode) {
+ case INTC_MODE_ENABLE_REG | INTC_MODE_IS_PRIO: break;
+ case INTC_MODE_DUAL_SET: value |= *valuep; break;
+ case INTC_MODE_DUAL_CLR: value = *valuep & ~value; break;
+ default: abort();
+ }
+
+ for (k = 0; k <= first; k++) {
+ mask = ((1 << width) - 1) << ((first - k) * width);
+
+ if ((*valuep & mask) == (value & mask))
+ continue;
+#if 0
+ printf("k = %d, first = %d, enum = %d, mask = 0x%08x\n",
+ k, first, enum_ids[k], (unsigned int)mask);
+#endif
+ sh_intc_toggle_mask(desc, enum_ids[k], value & mask, 0);
+ }
+
+ *valuep = value;
+
+#ifdef DEBUG_INTC
+ printf("sh_intc_write 0x%lx -> 0x%08x\n", (unsigned long) offset, value);
+#endif
+}
+
+static const MemoryRegionOps sh_intc_ops = {
+ .read = sh_intc_read,
+ .write = sh_intc_write,
+ .endianness = DEVICE_NATIVE_ENDIAN,
+};
+
+struct intc_source *sh_intc_source(struct intc_desc *desc, intc_enum id)
+{
+ if (id)
+ return desc->sources + id;
+
+ return NULL;
+}
+
+static unsigned int sh_intc_register(MemoryRegion *sysmem,
+ struct intc_desc *desc,
+ const unsigned long address,
+ const char *type,
+ const char *action,
+ const unsigned int index)
+{
+ char name[60];
+ MemoryRegion *iomem, *iomem_p4, *iomem_a7;
+
+ if (!address) {
+ return 0;
+ }
+
+ iomem = &desc->iomem;
+ iomem_p4 = desc->iomem_aliases + index;
+ iomem_a7 = iomem_p4 + 1;
+
+#define SH_INTC_IOMEM_FORMAT "interrupt-controller-%s-%s-%s"
+ snprintf(name, sizeof(name), SH_INTC_IOMEM_FORMAT, type, action, "p4");
+ memory_region_init_alias(iomem_p4, NULL, name, iomem, INTC_A7(address), 4);
+ memory_region_add_subregion(sysmem, P4ADDR(address), iomem_p4);
+
+ snprintf(name, sizeof(name), SH_INTC_IOMEM_FORMAT, type, action, "a7");
+ memory_region_init_alias(iomem_a7, NULL, name, iomem, INTC_A7(address), 4);
+ memory_region_add_subregion(sysmem, A7ADDR(address), iomem_a7);
+#undef SH_INTC_IOMEM_FORMAT
+
+ /* used to increment aliases index */
+ return 2;
+}
+
+static void sh_intc_register_source(struct intc_desc *desc,
+ intc_enum source,
+ struct intc_group *groups,
+ int nr_groups)
+{
+ unsigned int i, k;
+ struct intc_source *s;
+
+ if (desc->mask_regs) {
+ for (i = 0; i < desc->nr_mask_regs; i++) {
+ struct intc_mask_reg *mr = desc->mask_regs + i;
+
+ for (k = 0; k < ARRAY_SIZE(mr->enum_ids); k++) {
+ if (mr->enum_ids[k] != source)
+ continue;
+
+ s = sh_intc_source(desc, mr->enum_ids[k]);
+ if (s)
+ s->enable_max++;
+ }
+ }
+ }
+
+ if (desc->prio_regs) {
+ for (i = 0; i < desc->nr_prio_regs; i++) {
+ struct intc_prio_reg *pr = desc->prio_regs + i;
+
+ for (k = 0; k < ARRAY_SIZE(pr->enum_ids); k++) {
+ if (pr->enum_ids[k] != source)
+ continue;
+
+ s = sh_intc_source(desc, pr->enum_ids[k]);
+ if (s)
+ s->enable_max++;
+ }
+ }
+ }
+
+ if (groups) {
+ for (i = 0; i < nr_groups; i++) {
+ struct intc_group *gr = groups + i;
+
+ for (k = 0; k < ARRAY_SIZE(gr->enum_ids); k++) {
+ if (gr->enum_ids[k] != source)
+ continue;
+
+ s = sh_intc_source(desc, gr->enum_ids[k]);
+ if (s)
+ s->enable_max++;
+ }
+ }
+ }
+
+}
+
+void sh_intc_register_sources(struct intc_desc *desc,
+ struct intc_vect *vectors,
+ int nr_vectors,
+ struct intc_group *groups,
+ int nr_groups)
+{
+ unsigned int i, k;
+ struct intc_source *s;
+
+ for (i = 0; i < nr_vectors; i++) {
+ struct intc_vect *vect = vectors + i;
+
+ sh_intc_register_source(desc, vect->enum_id, groups, nr_groups);
+ s = sh_intc_source(desc, vect->enum_id);
+ if (s) {
+ s->vect = vect->vect;
+
+#ifdef DEBUG_INTC_SOURCES
+ printf("sh_intc: registered source %d -> 0x%04x (%d/%d)\n",
+ vect->enum_id, s->vect, s->enable_count, s->enable_max);
+#endif
+ }
+ }
+
+ if (groups) {
+ for (i = 0; i < nr_groups; i++) {
+ struct intc_group *gr = groups + i;
+
+ s = sh_intc_source(desc, gr->enum_id);
+ s->next_enum_id = gr->enum_ids[0];
+
+ for (k = 1; k < ARRAY_SIZE(gr->enum_ids); k++) {
+ if (!gr->enum_ids[k])
+ continue;
+
+ s = sh_intc_source(desc, gr->enum_ids[k - 1]);
+ s->next_enum_id = gr->enum_ids[k];
+ }
+
+#ifdef DEBUG_INTC_SOURCES
+ printf("sh_intc: registered group %d (%d/%d)\n",
+ gr->enum_id, s->enable_count, s->enable_max);
+#endif
+ }
+ }
+}
+
+int sh_intc_init(MemoryRegion *sysmem,
+ struct intc_desc *desc,
+ int nr_sources,
+ struct intc_mask_reg *mask_regs,
+ int nr_mask_regs,
+ struct intc_prio_reg *prio_regs,
+ int nr_prio_regs)
+{
+ unsigned int i, j;
+
+ desc->pending = 0;
+ desc->nr_sources = nr_sources;
+ desc->mask_regs = mask_regs;
+ desc->nr_mask_regs = nr_mask_regs;
+ desc->prio_regs = prio_regs;
+ desc->nr_prio_regs = nr_prio_regs;
+ /* Allocate 4 MemoryRegions per register (2 actions * 2 aliases).
+ **/
+ desc->iomem_aliases = g_new0(MemoryRegion,
+ (nr_mask_regs + nr_prio_regs) * 4);
+
+ j = 0;
+ i = sizeof(struct intc_source) * nr_sources;
+ desc->sources = g_malloc0(i);
+
+ for (i = 0; i < desc->nr_sources; i++) {
+ struct intc_source *source = desc->sources + i;
+
+ source->parent = desc;
+ }
+
+ desc->irqs = qemu_allocate_irqs(sh_intc_set_irq, desc, nr_sources);
+
+ memory_region_init_io(&desc->iomem, NULL, &sh_intc_ops, desc,
+ "interrupt-controller", 0x100000000ULL);
+
+#define INT_REG_PARAMS(reg_struct, type, action, j) \
+ reg_struct->action##_reg, #type, #action, j
+ if (desc->mask_regs) {
+ for (i = 0; i < desc->nr_mask_regs; i++) {
+ struct intc_mask_reg *mr = desc->mask_regs + i;
+
+ j += sh_intc_register(sysmem, desc,
+ INT_REG_PARAMS(mr, mask, set, j));
+ j += sh_intc_register(sysmem, desc,
+ INT_REG_PARAMS(mr, mask, clr, j));
+ }
+ }
+
+ if (desc->prio_regs) {
+ for (i = 0; i < desc->nr_prio_regs; i++) {
+ struct intc_prio_reg *pr = desc->prio_regs + i;
+
+ j += sh_intc_register(sysmem, desc,
+ INT_REG_PARAMS(pr, prio, set, j));
+ j += sh_intc_register(sysmem, desc,
+ INT_REG_PARAMS(pr, prio, clr, j));
+ }
+ }
+#undef INT_REG_PARAMS
+
+ return 0;
+}
+
+/* Assert level <n> IRL interrupt.
+ 0:deassert. 1:lowest priority,... 15:highest priority. */
+void sh_intc_set_irl(void *opaque, int n, int level)
+{
+ struct intc_source *s = opaque;
+ int i, irl = level ^ 15;
+ for (i = 0; (s = sh_intc_source(s->parent, s->next_enum_id)); i++) {
+ if (i == irl)
+ sh_intc_toggle_source(s, s->enable_count?0:1, s->asserted?0:1);
+ else
+ if (s->asserted)
+ sh_intc_toggle_source(s, 0, -1);
+ }
+}
diff --git a/hw/intc/slavio_intctl.c b/hw/intc/slavio_intctl.c
new file mode 100644
index 000000000..41a167280
--- /dev/null
+++ b/hw/intc/slavio_intctl.c
@@ -0,0 +1,473 @@
+/*
+ * QEMU Sparc SLAVIO interrupt controller emulation
+ *
+ * Copyright (c) 2003-2005 Fabrice Bellard
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+#include "hw/sparc/sun4m.h"
+#include "monitor/monitor.h"
+#include "hw/sysbus.h"
+#include "trace.h"
+
+//#define DEBUG_IRQ_COUNT
+
+/*
+ * Registers of interrupt controller in sun4m.
+ *
+ * This is the interrupt controller part of chip STP2001 (Slave I/O), also
+ * produced as NCR89C105. See
+ * http://www.ibiblio.org/pub/historic-linux/early-ports/Sparc/NCR/NCR89C105.txt
+ *
+ * There is a system master controller and one for each cpu.
+ *
+ */
+
+#define MAX_CPUS 16
+#define MAX_PILS 16
+
+struct SLAVIO_INTCTLState;
+
+typedef struct SLAVIO_CPUINTCTLState {
+ MemoryRegion iomem;
+ struct SLAVIO_INTCTLState *master;
+ uint32_t intreg_pending;
+ uint32_t cpu;
+ uint32_t irl_out;
+} SLAVIO_CPUINTCTLState;
+
+#define TYPE_SLAVIO_INTCTL "slavio_intctl"
+#define SLAVIO_INTCTL(obj) \
+ OBJECT_CHECK(SLAVIO_INTCTLState, (obj), TYPE_SLAVIO_INTCTL)
+
+typedef struct SLAVIO_INTCTLState {
+ SysBusDevice parent_obj;
+
+ MemoryRegion iomem;
+#ifdef DEBUG_IRQ_COUNT
+ uint64_t irq_count[32];
+#endif
+ qemu_irq cpu_irqs[MAX_CPUS][MAX_PILS];
+ SLAVIO_CPUINTCTLState slaves[MAX_CPUS];
+ uint32_t intregm_pending;
+ uint32_t intregm_disabled;
+ uint32_t target_cpu;
+} SLAVIO_INTCTLState;
+
+#define INTCTL_MAXADDR 0xf
+#define INTCTL_SIZE (INTCTL_MAXADDR + 1)
+#define INTCTLM_SIZE 0x14
+#define MASTER_IRQ_MASK ~0x0fa2007f
+#define MASTER_DISABLE 0x80000000
+#define CPU_SOFTIRQ_MASK 0xfffe0000
+#define CPU_IRQ_INT15_IN (1 << 15)
+#define CPU_IRQ_TIMER_IN (1 << 14)
+
+static void slavio_check_interrupts(SLAVIO_INTCTLState *s, int set_irqs);
+
+// per-cpu interrupt controller
+static uint64_t slavio_intctl_mem_readl(void *opaque, hwaddr addr,
+ unsigned size)
+{
+ SLAVIO_CPUINTCTLState *s = opaque;
+ uint32_t saddr, ret;
+
+ saddr = addr >> 2;
+ switch (saddr) {
+ case 0:
+ ret = s->intreg_pending;
+ break;
+ default:
+ ret = 0;
+ break;
+ }
+ trace_slavio_intctl_mem_readl(s->cpu, addr, ret);
+
+ return ret;
+}
+
+static void slavio_intctl_mem_writel(void *opaque, hwaddr addr,
+ uint64_t val, unsigned size)
+{
+ SLAVIO_CPUINTCTLState *s = opaque;
+ uint32_t saddr;
+
+ saddr = addr >> 2;
+ trace_slavio_intctl_mem_writel(s->cpu, addr, val);
+ switch (saddr) {
+ case 1: // clear pending softints
+ val &= CPU_SOFTIRQ_MASK | CPU_IRQ_INT15_IN;
+ s->intreg_pending &= ~val;
+ slavio_check_interrupts(s->master, 1);
+ trace_slavio_intctl_mem_writel_clear(s->cpu, val, s->intreg_pending);
+ break;
+ case 2: // set softint
+ val &= CPU_SOFTIRQ_MASK;
+ s->intreg_pending |= val;
+ slavio_check_interrupts(s->master, 1);
+ trace_slavio_intctl_mem_writel_set(s->cpu, val, s->intreg_pending);
+ break;
+ default:
+ break;
+ }
+}
+
+static const MemoryRegionOps slavio_intctl_mem_ops = {
+ .read = slavio_intctl_mem_readl,
+ .write = slavio_intctl_mem_writel,
+ .endianness = DEVICE_NATIVE_ENDIAN,
+ .valid = {
+ .min_access_size = 4,
+ .max_access_size = 4,
+ },
+};
+
+// master system interrupt controller
+static uint64_t slavio_intctlm_mem_readl(void *opaque, hwaddr addr,
+ unsigned size)
+{
+ SLAVIO_INTCTLState *s = opaque;
+ uint32_t saddr, ret;
+
+ saddr = addr >> 2;
+ switch (saddr) {
+ case 0:
+ ret = s->intregm_pending & ~MASTER_DISABLE;
+ break;
+ case 1:
+ ret = s->intregm_disabled & MASTER_IRQ_MASK;
+ break;
+ case 4:
+ ret = s->target_cpu;
+ break;
+ default:
+ ret = 0;
+ break;
+ }
+ trace_slavio_intctlm_mem_readl(addr, ret);
+
+ return ret;
+}
+
+static void slavio_intctlm_mem_writel(void *opaque, hwaddr addr,
+ uint64_t val, unsigned size)
+{
+ SLAVIO_INTCTLState *s = opaque;
+ uint32_t saddr;
+
+ saddr = addr >> 2;
+ trace_slavio_intctlm_mem_writel(addr, val);
+ switch (saddr) {
+ case 2: // clear (enable)
+ // Force clear unused bits
+ val &= MASTER_IRQ_MASK;
+ s->intregm_disabled &= ~val;
+ trace_slavio_intctlm_mem_writel_enable(val, s->intregm_disabled);
+ slavio_check_interrupts(s, 1);
+ break;
+ case 3: // set (disable; doesn't affect pending)
+ // Force clear unused bits
+ val &= MASTER_IRQ_MASK;
+ s->intregm_disabled |= val;
+ slavio_check_interrupts(s, 1);
+ trace_slavio_intctlm_mem_writel_disable(val, s->intregm_disabled);
+ break;
+ case 4:
+ s->target_cpu = val & (MAX_CPUS - 1);
+ slavio_check_interrupts(s, 1);
+ trace_slavio_intctlm_mem_writel_target(s->target_cpu);
+ break;
+ default:
+ break;
+ }
+}
+
+static const MemoryRegionOps slavio_intctlm_mem_ops = {
+ .read = slavio_intctlm_mem_readl,
+ .write = slavio_intctlm_mem_writel,
+ .endianness = DEVICE_NATIVE_ENDIAN,
+ .valid = {
+ .min_access_size = 4,
+ .max_access_size = 4,
+ },
+};
+
+void slavio_pic_info(Monitor *mon, DeviceState *dev)
+{
+ SLAVIO_INTCTLState *s = SLAVIO_INTCTL(dev);
+ int i;
+
+ for (i = 0; i < MAX_CPUS; i++) {
+ monitor_printf(mon, "per-cpu %d: pending 0x%08x\n", i,
+ s->slaves[i].intreg_pending);
+ }
+ monitor_printf(mon, "master: pending 0x%08x, disabled 0x%08x\n",
+ s->intregm_pending, s->intregm_disabled);
+}
+
+void slavio_irq_info(Monitor *mon, DeviceState *dev)
+{
+#ifndef DEBUG_IRQ_COUNT
+ monitor_printf(mon, "irq statistic code not compiled.\n");
+#else
+ SLAVIO_INTCTLState *s = SLAVIO_INTCTL(dev);
+ int i;
+ int64_t count;
+
+ s = SLAVIO_INTCTL(dev);
+ monitor_printf(mon, "IRQ statistics:\n");
+ for (i = 0; i < 32; i++) {
+ count = s->irq_count[i];
+ if (count > 0)
+ monitor_printf(mon, "%2d: %" PRId64 "\n", i, count);
+ }
+#endif
+}
+
+static const uint32_t intbit_to_level[] = {
+ 2, 3, 5, 7, 9, 11, 13, 2, 3, 5, 7, 9, 11, 13, 12, 12,
+ 6, 13, 4, 10, 8, 9, 11, 0, 0, 0, 0, 15, 15, 15, 15, 0,
+};
+
+static void slavio_check_interrupts(SLAVIO_INTCTLState *s, int set_irqs)
+{
+ uint32_t pending = s->intregm_pending, pil_pending;
+ unsigned int i, j;
+
+ pending &= ~s->intregm_disabled;
+
+ trace_slavio_check_interrupts(pending, s->intregm_disabled);
+ for (i = 0; i < MAX_CPUS; i++) {
+ pil_pending = 0;
+
+ /* If we are the current interrupt target, get hard interrupts */
+ if (pending && !(s->intregm_disabled & MASTER_DISABLE) &&
+ (i == s->target_cpu)) {
+ for (j = 0; j < 32; j++) {
+ if ((pending & (1 << j)) && intbit_to_level[j]) {
+ pil_pending |= 1 << intbit_to_level[j];
+ }
+ }
+ }
+
+ /* Calculate current pending hard interrupts for display */
+ s->slaves[i].intreg_pending &= CPU_SOFTIRQ_MASK | CPU_IRQ_INT15_IN |
+ CPU_IRQ_TIMER_IN;
+ if (i == s->target_cpu) {
+ for (j = 0; j < 32; j++) {
+ if ((s->intregm_pending & (1 << j)) && intbit_to_level[j]) {
+ s->slaves[i].intreg_pending |= 1 << intbit_to_level[j];
+ }
+ }
+ }
+
+ /* Level 15 and CPU timer interrupts are only masked when
+ the MASTER_DISABLE bit is set */
+ if (!(s->intregm_disabled & MASTER_DISABLE)) {
+ pil_pending |= s->slaves[i].intreg_pending &
+ (CPU_IRQ_INT15_IN | CPU_IRQ_TIMER_IN);
+ }
+
+ /* Add soft interrupts */
+ pil_pending |= (s->slaves[i].intreg_pending & CPU_SOFTIRQ_MASK) >> 16;
+
+ if (set_irqs) {
+ /* Since there is not really an interrupt 0 (and pil_pending
+ * and irl_out bit zero are thus always zero) there is no need
+ * to do anything with cpu_irqs[i][0] and it is OK not to do
+ * the j=0 iteration of this loop.
+ */
+ for (j = MAX_PILS-1; j > 0; j--) {
+ if (pil_pending & (1 << j)) {
+ if (!(s->slaves[i].irl_out & (1 << j))) {
+ qemu_irq_raise(s->cpu_irqs[i][j]);
+ }
+ } else {
+ if (s->slaves[i].irl_out & (1 << j)) {
+ qemu_irq_lower(s->cpu_irqs[i][j]);
+ }
+ }
+ }
+ }
+ s->slaves[i].irl_out = pil_pending;
+ }
+}
+
+/*
+ * "irq" here is the bit number in the system interrupt register to
+ * separate serial and keyboard interrupts sharing a level.
+ */
+static void slavio_set_irq(void *opaque, int irq, int level)
+{
+ SLAVIO_INTCTLState *s = opaque;
+ uint32_t mask = 1 << irq;
+ uint32_t pil = intbit_to_level[irq];
+ unsigned int i;
+
+ trace_slavio_set_irq(s->target_cpu, irq, pil, level);
+ if (pil > 0) {
+ if (level) {
+#ifdef DEBUG_IRQ_COUNT
+ s->irq_count[pil]++;
+#endif
+ s->intregm_pending |= mask;
+ if (pil == 15) {
+ for (i = 0; i < MAX_CPUS; i++) {
+ s->slaves[i].intreg_pending |= 1 << pil;
+ }
+ }
+ } else {
+ s->intregm_pending &= ~mask;
+ if (pil == 15) {
+ for (i = 0; i < MAX_CPUS; i++) {
+ s->slaves[i].intreg_pending &= ~(1 << pil);
+ }
+ }
+ }
+ slavio_check_interrupts(s, 1);
+ }
+}
+
+static void slavio_set_timer_irq_cpu(void *opaque, int cpu, int level)
+{
+ SLAVIO_INTCTLState *s = opaque;
+
+ trace_slavio_set_timer_irq_cpu(cpu, level);
+
+ if (level) {
+ s->slaves[cpu].intreg_pending |= CPU_IRQ_TIMER_IN;
+ } else {
+ s->slaves[cpu].intreg_pending &= ~CPU_IRQ_TIMER_IN;
+ }
+
+ slavio_check_interrupts(s, 1);
+}
+
+static void slavio_set_irq_all(void *opaque, int irq, int level)
+{
+ if (irq < 32) {
+ slavio_set_irq(opaque, irq, level);
+ } else {
+ slavio_set_timer_irq_cpu(opaque, irq - 32, level);
+ }
+}
+
+static int vmstate_intctl_post_load(void *opaque, int version_id)
+{
+ SLAVIO_INTCTLState *s = opaque;
+
+ slavio_check_interrupts(s, 0);
+ return 0;
+}
+
+static const VMStateDescription vmstate_intctl_cpu = {
+ .name ="slavio_intctl_cpu",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .minimum_version_id_old = 1,
+ .fields = (VMStateField []) {
+ VMSTATE_UINT32(intreg_pending, SLAVIO_CPUINTCTLState),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+static const VMStateDescription vmstate_intctl = {
+ .name ="slavio_intctl",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .minimum_version_id_old = 1,
+ .post_load = vmstate_intctl_post_load,
+ .fields = (VMStateField []) {
+ VMSTATE_STRUCT_ARRAY(slaves, SLAVIO_INTCTLState, MAX_CPUS, 1,
+ vmstate_intctl_cpu, SLAVIO_CPUINTCTLState),
+ VMSTATE_UINT32(intregm_pending, SLAVIO_INTCTLState),
+ VMSTATE_UINT32(intregm_disabled, SLAVIO_INTCTLState),
+ VMSTATE_UINT32(target_cpu, SLAVIO_INTCTLState),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+static void slavio_intctl_reset(DeviceState *d)
+{
+ SLAVIO_INTCTLState *s = SLAVIO_INTCTL(d);
+ int i;
+
+ for (i = 0; i < MAX_CPUS; i++) {
+ s->slaves[i].intreg_pending = 0;
+ s->slaves[i].irl_out = 0;
+ }
+ s->intregm_disabled = ~MASTER_IRQ_MASK;
+ s->intregm_pending = 0;
+ s->target_cpu = 0;
+ slavio_check_interrupts(s, 0);
+}
+
+static int slavio_intctl_init1(SysBusDevice *sbd)
+{
+ DeviceState *dev = DEVICE(sbd);
+ SLAVIO_INTCTLState *s = SLAVIO_INTCTL(dev);
+ unsigned int i, j;
+ char slave_name[45];
+
+ qdev_init_gpio_in(dev, slavio_set_irq_all, 32 + MAX_CPUS);
+ memory_region_init_io(&s->iomem, OBJECT(s), &slavio_intctlm_mem_ops, s,
+ "master-interrupt-controller", INTCTLM_SIZE);
+ sysbus_init_mmio(sbd, &s->iomem);
+
+ for (i = 0; i < MAX_CPUS; i++) {
+ snprintf(slave_name, sizeof(slave_name),
+ "slave-interrupt-controller-%i", i);
+ for (j = 0; j < MAX_PILS; j++) {
+ sysbus_init_irq(sbd, &s->cpu_irqs[i][j]);
+ }
+ memory_region_init_io(&s->slaves[i].iomem, OBJECT(s),
+ &slavio_intctl_mem_ops,
+ &s->slaves[i], slave_name, INTCTL_SIZE);
+ sysbus_init_mmio(sbd, &s->slaves[i].iomem);
+ s->slaves[i].cpu = i;
+ s->slaves[i].master = s;
+ }
+
+ return 0;
+}
+
+static void slavio_intctl_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
+
+ k->init = slavio_intctl_init1;
+ dc->reset = slavio_intctl_reset;
+ dc->vmsd = &vmstate_intctl;
+}
+
+static const TypeInfo slavio_intctl_info = {
+ .name = TYPE_SLAVIO_INTCTL,
+ .parent = TYPE_SYS_BUS_DEVICE,
+ .instance_size = sizeof(SLAVIO_INTCTLState),
+ .class_init = slavio_intctl_class_init,
+};
+
+static void slavio_intctl_register_types(void)
+{
+ type_register_static(&slavio_intctl_info);
+}
+
+type_init(slavio_intctl_register_types)
diff --git a/hw/intc/xics.c b/hw/intc/xics.c
new file mode 100644
index 000000000..6b3c07158
--- /dev/null
+++ b/hw/intc/xics.c
@@ -0,0 +1,708 @@
+/*
+ * QEMU PowerPC pSeries Logical Partition (aka sPAPR) hardware System Emulator
+ *
+ * PAPR Virtualized Interrupt System, aka ICS/ICP aka xics
+ *
+ * Copyright (c) 2010,2011 David Gibson, IBM Corporation.
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ *
+ */
+
+#include "hw/hw.h"
+#include "trace.h"
+#include "hw/ppc/spapr.h"
+#include "hw/ppc/xics.h"
+
+/*
+ * ICP: Presentation layer
+ */
+
+#define XISR_MASK 0x00ffffff
+#define CPPR_MASK 0xff000000
+
+#define XISR(ss) (((ss)->xirr) & XISR_MASK)
+#define CPPR(ss) (((ss)->xirr) >> 24)
+
+static void ics_reject(ICSState *ics, int nr);
+static void ics_resend(ICSState *ics);
+static void ics_eoi(ICSState *ics, int nr);
+
+static void icp_check_ipi(XICSState *icp, int server)
+{
+ ICPState *ss = icp->ss + server;
+
+ if (XISR(ss) && (ss->pending_priority <= ss->mfrr)) {
+ return;
+ }
+
+ trace_xics_icp_check_ipi(server, ss->mfrr);
+
+ if (XISR(ss)) {
+ ics_reject(icp->ics, XISR(ss));
+ }
+
+ ss->xirr = (ss->xirr & ~XISR_MASK) | XICS_IPI;
+ ss->pending_priority = ss->mfrr;
+ qemu_irq_raise(ss->output);
+}
+
+static void icp_resend(XICSState *icp, int server)
+{
+ ICPState *ss = icp->ss + server;
+
+ if (ss->mfrr < CPPR(ss)) {
+ icp_check_ipi(icp, server);
+ }
+ ics_resend(icp->ics);
+}
+
+static void icp_set_cppr(XICSState *icp, int server, uint8_t cppr)
+{
+ ICPState *ss = icp->ss + server;
+ uint8_t old_cppr;
+ uint32_t old_xisr;
+
+ old_cppr = CPPR(ss);
+ ss->xirr = (ss->xirr & ~CPPR_MASK) | (cppr << 24);
+
+ if (cppr < old_cppr) {
+ if (XISR(ss) && (cppr <= ss->pending_priority)) {
+ old_xisr = XISR(ss);
+ ss->xirr &= ~XISR_MASK; /* Clear XISR */
+ ss->pending_priority = 0xff;
+ qemu_irq_lower(ss->output);
+ ics_reject(icp->ics, old_xisr);
+ }
+ } else {
+ if (!XISR(ss)) {
+ icp_resend(icp, server);
+ }
+ }
+}
+
+static void icp_set_mfrr(XICSState *icp, int server, uint8_t mfrr)
+{
+ ICPState *ss = icp->ss + server;
+
+ ss->mfrr = mfrr;
+ if (mfrr < CPPR(ss)) {
+ icp_check_ipi(icp, server);
+ }
+}
+
+static uint32_t icp_accept(ICPState *ss)
+{
+ uint32_t xirr = ss->xirr;
+
+ qemu_irq_lower(ss->output);
+ ss->xirr = ss->pending_priority << 24;
+ ss->pending_priority = 0xff;
+
+ trace_xics_icp_accept(xirr, ss->xirr);
+
+ return xirr;
+}
+
+static void icp_eoi(XICSState *icp, int server, uint32_t xirr)
+{
+ ICPState *ss = icp->ss + server;
+
+ /* Send EOI -> ICS */
+ ss->xirr = (ss->xirr & ~CPPR_MASK) | (xirr & CPPR_MASK);
+ trace_xics_icp_eoi(server, xirr, ss->xirr);
+ ics_eoi(icp->ics, xirr & XISR_MASK);
+ if (!XISR(ss)) {
+ icp_resend(icp, server);
+ }
+}
+
+static void icp_irq(XICSState *icp, int server, int nr, uint8_t priority)
+{
+ ICPState *ss = icp->ss + server;
+
+ trace_xics_icp_irq(server, nr, priority);
+
+ if ((priority >= CPPR(ss))
+ || (XISR(ss) && (ss->pending_priority <= priority))) {
+ ics_reject(icp->ics, nr);
+ } else {
+ if (XISR(ss)) {
+ ics_reject(icp->ics, XISR(ss));
+ }
+ ss->xirr = (ss->xirr & ~XISR_MASK) | (nr & XISR_MASK);
+ ss->pending_priority = priority;
+ trace_xics_icp_raise(ss->xirr, ss->pending_priority);
+ qemu_irq_raise(ss->output);
+ }
+}
+
+static const VMStateDescription vmstate_icp_server = {
+ .name = "icp/server",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .minimum_version_id_old = 1,
+ .fields = (VMStateField []) {
+ /* Sanity check */
+ VMSTATE_UINT32(xirr, ICPState),
+ VMSTATE_UINT8(pending_priority, ICPState),
+ VMSTATE_UINT8(mfrr, ICPState),
+ VMSTATE_END_OF_LIST()
+ },
+};
+
+static void icp_reset(DeviceState *dev)
+{
+ ICPState *icp = ICP(dev);
+
+ icp->xirr = 0;
+ icp->pending_priority = 0xff;
+ icp->mfrr = 0xff;
+
+ /* Make all outputs are deasserted */
+ qemu_set_irq(icp->output, 0);
+}
+
+static void icp_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+
+ dc->reset = icp_reset;
+ dc->vmsd = &vmstate_icp_server;
+}
+
+static TypeInfo icp_info = {
+ .name = TYPE_ICP,
+ .parent = TYPE_DEVICE,
+ .instance_size = sizeof(ICPState),
+ .class_init = icp_class_init,
+};
+
+/*
+ * ICS: Source layer
+ */
+static int ics_valid_irq(ICSState *ics, uint32_t nr)
+{
+ return (nr >= ics->offset)
+ && (nr < (ics->offset + ics->nr_irqs));
+}
+
+static void resend_msi(ICSState *ics, int srcno)
+{
+ ICSIRQState *irq = ics->irqs + srcno;
+
+ /* FIXME: filter by server#? */
+ if (irq->status & XICS_STATUS_REJECTED) {
+ irq->status &= ~XICS_STATUS_REJECTED;
+ if (irq->priority != 0xff) {
+ icp_irq(ics->icp, irq->server, srcno + ics->offset,
+ irq->priority);
+ }
+ }
+}
+
+static void resend_lsi(ICSState *ics, int srcno)
+{
+ ICSIRQState *irq = ics->irqs + srcno;
+
+ if ((irq->priority != 0xff)
+ && (irq->status & XICS_STATUS_ASSERTED)
+ && !(irq->status & XICS_STATUS_SENT)) {
+ irq->status |= XICS_STATUS_SENT;
+ icp_irq(ics->icp, irq->server, srcno + ics->offset, irq->priority);
+ }
+}
+
+static void set_irq_msi(ICSState *ics, int srcno, int val)
+{
+ ICSIRQState *irq = ics->irqs + srcno;
+
+ trace_xics_set_irq_msi(srcno, srcno + ics->offset);
+
+ if (val) {
+ if (irq->priority == 0xff) {
+ irq->status |= XICS_STATUS_MASKED_PENDING;
+ trace_xics_masked_pending();
+ } else {
+ icp_irq(ics->icp, irq->server, srcno + ics->offset, irq->priority);
+ }
+ }
+}
+
+static void set_irq_lsi(ICSState *ics, int srcno, int val)
+{
+ ICSIRQState *irq = ics->irqs + srcno;
+
+ trace_xics_set_irq_lsi(srcno, srcno + ics->offset);
+ if (val) {
+ irq->status |= XICS_STATUS_ASSERTED;
+ } else {
+ irq->status &= ~XICS_STATUS_ASSERTED;
+ }
+ resend_lsi(ics, srcno);
+}
+
+static void ics_set_irq(void *opaque, int srcno, int val)
+{
+ ICSState *ics = (ICSState *)opaque;
+
+ if (ics->islsi[srcno]) {
+ set_irq_lsi(ics, srcno, val);
+ } else {
+ set_irq_msi(ics, srcno, val);
+ }
+}
+
+static void write_xive_msi(ICSState *ics, int srcno)
+{
+ ICSIRQState *irq = ics->irqs + srcno;
+
+ if (!(irq->status & XICS_STATUS_MASKED_PENDING)
+ || (irq->priority == 0xff)) {
+ return;
+ }
+
+ irq->status &= ~XICS_STATUS_MASKED_PENDING;
+ icp_irq(ics->icp, irq->server, srcno + ics->offset, irq->priority);
+}
+
+static void write_xive_lsi(ICSState *ics, int srcno)
+{
+ resend_lsi(ics, srcno);
+}
+
+static void ics_write_xive(ICSState *ics, int nr, int server,
+ uint8_t priority, uint8_t saved_priority)
+{
+ int srcno = nr - ics->offset;
+ ICSIRQState *irq = ics->irqs + srcno;
+
+ irq->server = server;
+ irq->priority = priority;
+ irq->saved_priority = saved_priority;
+
+ trace_xics_ics_write_xive(nr, srcno, server, priority);
+
+ if (ics->islsi[srcno]) {
+ write_xive_lsi(ics, srcno);
+ } else {
+ write_xive_msi(ics, srcno);
+ }
+}
+
+static void ics_reject(ICSState *ics, int nr)
+{
+ ICSIRQState *irq = ics->irqs + nr - ics->offset;
+
+ trace_xics_ics_reject(nr, nr - ics->offset);
+ irq->status |= XICS_STATUS_REJECTED; /* Irrelevant but harmless for LSI */
+ irq->status &= ~XICS_STATUS_SENT; /* Irrelevant but harmless for MSI */
+}
+
+static void ics_resend(ICSState *ics)
+{
+ int i;
+
+ for (i = 0; i < ics->nr_irqs; i++) {
+ /* FIXME: filter by server#? */
+ if (ics->islsi[i]) {
+ resend_lsi(ics, i);
+ } else {
+ resend_msi(ics, i);
+ }
+ }
+}
+
+static void ics_eoi(ICSState *ics, int nr)
+{
+ int srcno = nr - ics->offset;
+ ICSIRQState *irq = ics->irqs + srcno;
+
+ trace_xics_ics_eoi(nr);
+
+ if (ics->islsi[srcno]) {
+ irq->status &= ~XICS_STATUS_SENT;
+ }
+}
+
+static void ics_reset(DeviceState *dev)
+{
+ ICSState *ics = ICS(dev);
+ int i;
+
+ memset(ics->irqs, 0, sizeof(ICSIRQState) * ics->nr_irqs);
+ for (i = 0; i < ics->nr_irqs; i++) {
+ ics->irqs[i].priority = 0xff;
+ ics->irqs[i].saved_priority = 0xff;
+ }
+}
+
+static int ics_post_load(void *opaque, int version_id)
+{
+ int i;
+ ICSState *ics = opaque;
+
+ for (i = 0; i < ics->icp->nr_servers; i++) {
+ icp_resend(ics->icp, i);
+ }
+
+ return 0;
+}
+
+static const VMStateDescription vmstate_ics_irq = {
+ .name = "ics/irq",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .minimum_version_id_old = 1,
+ .fields = (VMStateField []) {
+ VMSTATE_UINT32(server, ICSIRQState),
+ VMSTATE_UINT8(priority, ICSIRQState),
+ VMSTATE_UINT8(saved_priority, ICSIRQState),
+ VMSTATE_UINT8(status, ICSIRQState),
+ VMSTATE_END_OF_LIST()
+ },
+};
+
+static const VMStateDescription vmstate_ics = {
+ .name = "ics",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .minimum_version_id_old = 1,
+ .post_load = ics_post_load,
+ .fields = (VMStateField []) {
+ /* Sanity check */
+ VMSTATE_UINT32_EQUAL(nr_irqs, ICSState),
+
+ VMSTATE_STRUCT_VARRAY_POINTER_UINT32(irqs, ICSState, nr_irqs,
+ vmstate_ics_irq, ICSIRQState),
+ VMSTATE_END_OF_LIST()
+ },
+};
+
+static int ics_realize(DeviceState *dev)
+{
+ ICSState *ics = ICS(dev);
+
+ ics->irqs = g_malloc0(ics->nr_irqs * sizeof(ICSIRQState));
+ ics->islsi = g_malloc0(ics->nr_irqs * sizeof(bool));
+ ics->qirqs = qemu_allocate_irqs(ics_set_irq, ics, ics->nr_irqs);
+
+ return 0;
+}
+
+static void ics_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+
+ dc->init = ics_realize;
+ dc->vmsd = &vmstate_ics;
+ dc->reset = ics_reset;
+}
+
+static TypeInfo ics_info = {
+ .name = TYPE_ICS,
+ .parent = TYPE_DEVICE,
+ .instance_size = sizeof(ICSState),
+ .class_init = ics_class_init,
+};
+
+/*
+ * Exported functions
+ */
+
+qemu_irq xics_get_qirq(XICSState *icp, int irq)
+{
+ if (!ics_valid_irq(icp->ics, irq)) {
+ return NULL;
+ }
+
+ return icp->ics->qirqs[irq - icp->ics->offset];
+}
+
+void xics_set_irq_type(XICSState *icp, int irq, bool lsi)
+{
+ assert(ics_valid_irq(icp->ics, irq));
+
+ icp->ics->islsi[irq - icp->ics->offset] = lsi;
+}
+
+/*
+ * Guest interfaces
+ */
+
+static target_ulong h_cppr(PowerPCCPU *cpu, sPAPREnvironment *spapr,
+ target_ulong opcode, target_ulong *args)
+{
+ CPUState *cs = CPU(cpu);
+ target_ulong cppr = args[0];
+
+ icp_set_cppr(spapr->icp, cs->cpu_index, cppr);
+ return H_SUCCESS;
+}
+
+static target_ulong h_ipi(PowerPCCPU *cpu, sPAPREnvironment *spapr,
+ target_ulong opcode, target_ulong *args)
+{
+ target_ulong server = args[0];
+ target_ulong mfrr = args[1];
+
+ if (server >= spapr->icp->nr_servers) {
+ return H_PARAMETER;
+ }
+
+ icp_set_mfrr(spapr->icp, server, mfrr);
+ return H_SUCCESS;
+}
+
+static target_ulong h_xirr(PowerPCCPU *cpu, sPAPREnvironment *spapr,
+ target_ulong opcode, target_ulong *args)
+{
+ CPUState *cs = CPU(cpu);
+ uint32_t xirr = icp_accept(spapr->icp->ss + cs->cpu_index);
+
+ args[0] = xirr;
+ return H_SUCCESS;
+}
+
+static target_ulong h_eoi(PowerPCCPU *cpu, sPAPREnvironment *spapr,
+ target_ulong opcode, target_ulong *args)
+{
+ CPUState *cs = CPU(cpu);
+ target_ulong xirr = args[0];
+
+ icp_eoi(spapr->icp, cs->cpu_index, xirr);
+ return H_SUCCESS;
+}
+
+static void rtas_set_xive(PowerPCCPU *cpu, sPAPREnvironment *spapr,
+ uint32_t token,
+ uint32_t nargs, target_ulong args,
+ uint32_t nret, target_ulong rets)
+{
+ ICSState *ics = spapr->icp->ics;
+ uint32_t nr, server, priority;
+
+ if ((nargs != 3) || (nret != 1)) {
+ rtas_st(rets, 0, -3);
+ return;
+ }
+
+ nr = rtas_ld(args, 0);
+ server = rtas_ld(args, 1);
+ priority = rtas_ld(args, 2);
+
+ if (!ics_valid_irq(ics, nr) || (server >= ics->icp->nr_servers)
+ || (priority > 0xff)) {
+ rtas_st(rets, 0, -3);
+ return;
+ }
+
+ ics_write_xive(ics, nr, server, priority, priority);
+
+ rtas_st(rets, 0, 0); /* Success */
+}
+
+static void rtas_get_xive(PowerPCCPU *cpu, sPAPREnvironment *spapr,
+ uint32_t token,
+ uint32_t nargs, target_ulong args,
+ uint32_t nret, target_ulong rets)
+{
+ ICSState *ics = spapr->icp->ics;
+ uint32_t nr;
+
+ if ((nargs != 1) || (nret != 3)) {
+ rtas_st(rets, 0, -3);
+ return;
+ }
+
+ nr = rtas_ld(args, 0);
+
+ if (!ics_valid_irq(ics, nr)) {
+ rtas_st(rets, 0, -3);
+ return;
+ }
+
+ rtas_st(rets, 0, 0); /* Success */
+ rtas_st(rets, 1, ics->irqs[nr - ics->offset].server);
+ rtas_st(rets, 2, ics->irqs[nr - ics->offset].priority);
+}
+
+static void rtas_int_off(PowerPCCPU *cpu, sPAPREnvironment *spapr,
+ uint32_t token,
+ uint32_t nargs, target_ulong args,
+ uint32_t nret, target_ulong rets)
+{
+ ICSState *ics = spapr->icp->ics;
+ uint32_t nr;
+
+ if ((nargs != 1) || (nret != 1)) {
+ rtas_st(rets, 0, -3);
+ return;
+ }
+
+ nr = rtas_ld(args, 0);
+
+ if (!ics_valid_irq(ics, nr)) {
+ rtas_st(rets, 0, -3);
+ return;
+ }
+
+ ics_write_xive(ics, nr, ics->irqs[nr - ics->offset].server, 0xff,
+ ics->irqs[nr - ics->offset].priority);
+
+ rtas_st(rets, 0, 0); /* Success */
+}
+
+static void rtas_int_on(PowerPCCPU *cpu, sPAPREnvironment *spapr,
+ uint32_t token,
+ uint32_t nargs, target_ulong args,
+ uint32_t nret, target_ulong rets)
+{
+ ICSState *ics = spapr->icp->ics;
+ uint32_t nr;
+
+ if ((nargs != 1) || (nret != 1)) {
+ rtas_st(rets, 0, -3);
+ return;
+ }
+
+ nr = rtas_ld(args, 0);
+
+ if (!ics_valid_irq(ics, nr)) {
+ rtas_st(rets, 0, -3);
+ return;
+ }
+
+ ics_write_xive(ics, nr, ics->irqs[nr - ics->offset].server,
+ ics->irqs[nr - ics->offset].saved_priority,
+ ics->irqs[nr - ics->offset].saved_priority);
+
+ rtas_st(rets, 0, 0); /* Success */
+}
+
+/*
+ * XICS
+ */
+
+static void xics_reset(DeviceState *d)
+{
+ XICSState *icp = XICS(d);
+ int i;
+
+ for (i = 0; i < icp->nr_servers; i++) {
+ device_reset(DEVICE(&icp->ss[i]));
+ }
+
+ device_reset(DEVICE(icp->ics));
+}
+
+void xics_cpu_setup(XICSState *icp, PowerPCCPU *cpu)
+{
+ CPUState *cs = CPU(cpu);
+ CPUPPCState *env = &cpu->env;
+ ICPState *ss = &icp->ss[cs->cpu_index];
+
+ assert(cs->cpu_index < icp->nr_servers);
+
+ switch (PPC_INPUT(env)) {
+ case PPC_FLAGS_INPUT_POWER7:
+ ss->output = env->irq_inputs[POWER7_INPUT_INT];
+ break;
+
+ case PPC_FLAGS_INPUT_970:
+ ss->output = env->irq_inputs[PPC970_INPUT_INT];
+ break;
+
+ default:
+ fprintf(stderr, "XICS interrupt controller does not support this CPU "
+ "bus model\n");
+ abort();
+ }
+}
+
+static void xics_realize(DeviceState *dev, Error **errp)
+{
+ XICSState *icp = XICS(dev);
+ ICSState *ics = icp->ics;
+ int i;
+
+ ics->nr_irqs = icp->nr_irqs;
+ ics->offset = XICS_IRQ_BASE;
+ ics->icp = icp;
+ qdev_init_nofail(DEVICE(ics));
+
+ icp->ss = g_malloc0(icp->nr_servers*sizeof(ICPState));
+ for (i = 0; i < icp->nr_servers; i++) {
+ char buffer[32];
+ object_initialize(&icp->ss[i], TYPE_ICP);
+ snprintf(buffer, sizeof(buffer), "icp[%d]", i);
+ object_property_add_child(OBJECT(icp), buffer, OBJECT(&icp->ss[i]), NULL);
+ qdev_init_nofail(DEVICE(&icp->ss[i]));
+ }
+}
+
+static void xics_initfn(Object *obj)
+{
+ XICSState *xics = XICS(obj);
+
+ xics->ics = ICS(object_new(TYPE_ICS));
+ object_property_add_child(obj, "ics", OBJECT(xics->ics), NULL);
+}
+
+static Property xics_properties[] = {
+ DEFINE_PROP_UINT32("nr_servers", XICSState, nr_servers, -1),
+ DEFINE_PROP_UINT32("nr_irqs", XICSState, nr_irqs, -1),
+ DEFINE_PROP_END_OF_LIST(),
+};
+
+static void xics_class_init(ObjectClass *oc, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(oc);
+
+ dc->realize = xics_realize;
+ dc->props = xics_properties;
+ dc->reset = xics_reset;
+
+ spapr_rtas_register("ibm,set-xive", rtas_set_xive);
+ spapr_rtas_register("ibm,get-xive", rtas_get_xive);
+ spapr_rtas_register("ibm,int-off", rtas_int_off);
+ spapr_rtas_register("ibm,int-on", rtas_int_on);
+
+ spapr_register_hypercall(H_CPPR, h_cppr);
+ spapr_register_hypercall(H_IPI, h_ipi);
+ spapr_register_hypercall(H_XIRR, h_xirr);
+ spapr_register_hypercall(H_EOI, h_eoi);
+}
+
+static const TypeInfo xics_info = {
+ .name = TYPE_XICS,
+ .parent = TYPE_SYS_BUS_DEVICE,
+ .instance_size = sizeof(XICSState),
+ .class_init = xics_class_init,
+ .instance_init = xics_initfn,
+};
+
+static void xics_register_types(void)
+{
+ type_register_static(&xics_info);
+ type_register_static(&ics_info);
+ type_register_static(&icp_info);
+}
+
+type_init(xics_register_types)
diff --git a/hw/intc/xilinx_intc.c b/hw/intc/xilinx_intc.c
new file mode 100644
index 000000000..4a103988f
--- /dev/null
+++ b/hw/intc/xilinx_intc.c
@@ -0,0 +1,200 @@
+/*
+ * QEMU Xilinx OPB Interrupt Controller.
+ *
+ * Copyright (c) 2009 Edgar E. Iglesias.
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+#include "hw/sysbus.h"
+#include "hw/hw.h"
+
+#define D(x)
+
+#define R_ISR 0
+#define R_IPR 1
+#define R_IER 2
+#define R_IAR 3
+#define R_SIE 4
+#define R_CIE 5
+#define R_IVR 6
+#define R_MER 7
+#define R_MAX 8
+
+#define TYPE_XILINX_INTC "xlnx.xps-intc"
+#define XILINX_INTC(obj) OBJECT_CHECK(struct xlx_pic, (obj), TYPE_XILINX_INTC)
+
+struct xlx_pic
+{
+ SysBusDevice parent_obj;
+
+ MemoryRegion mmio;
+ qemu_irq parent_irq;
+
+ /* Configuration reg chosen at synthesis-time. QEMU populates
+ the bits at board-setup. */
+ uint32_t c_kind_of_intr;
+
+ /* Runtime control registers. */
+ uint32_t regs[R_MAX];
+ /* state of the interrupt input pins */
+ uint32_t irq_pin_state;
+};
+
+static void update_irq(struct xlx_pic *p)
+{
+ uint32_t i;
+
+ /* level triggered interrupt */
+ if (p->regs[R_MER] & 2) {
+ p->regs[R_ISR] |= p->irq_pin_state & ~p->c_kind_of_intr;
+ }
+
+ /* Update the pending register. */
+ p->regs[R_IPR] = p->regs[R_ISR] & p->regs[R_IER];
+
+ /* Update the vector register. */
+ for (i = 0; i < 32; i++) {
+ if (p->regs[R_IPR] & (1 << i))
+ break;
+ }
+ if (i == 32)
+ i = ~0;
+
+ p->regs[R_IVR] = i;
+ qemu_set_irq(p->parent_irq, (p->regs[R_MER] & 1) && p->regs[R_IPR]);
+}
+
+static uint64_t
+pic_read(void *opaque, hwaddr addr, unsigned int size)
+{
+ struct xlx_pic *p = opaque;
+ uint32_t r = 0;
+
+ addr >>= 2;
+ switch (addr)
+ {
+ default:
+ if (addr < ARRAY_SIZE(p->regs))
+ r = p->regs[addr];
+ break;
+
+ }
+ D(printf("%s %x=%x\n", __func__, addr * 4, r));
+ return r;
+}
+
+static void
+pic_write(void *opaque, hwaddr addr,
+ uint64_t val64, unsigned int size)
+{
+ struct xlx_pic *p = opaque;
+ uint32_t value = val64;
+
+ addr >>= 2;
+ D(qemu_log("%s addr=%x val=%x\n", __func__, addr * 4, value));
+ switch (addr)
+ {
+ case R_IAR:
+ p->regs[R_ISR] &= ~value; /* ACK. */
+ break;
+ case R_SIE:
+ p->regs[R_IER] |= value; /* Atomic set ie. */
+ break;
+ case R_CIE:
+ p->regs[R_IER] &= ~value; /* Atomic clear ie. */
+ break;
+ case R_ISR:
+ if ((p->regs[R_MER] & 2)) {
+ break;
+ }
+ /* fallthrough */
+ default:
+ if (addr < ARRAY_SIZE(p->regs))
+ p->regs[addr] = value;
+ break;
+ }
+ update_irq(p);
+}
+
+static const MemoryRegionOps pic_ops = {
+ .read = pic_read,
+ .write = pic_write,
+ .endianness = DEVICE_NATIVE_ENDIAN,
+ .valid = {
+ .min_access_size = 4,
+ .max_access_size = 4
+ }
+};
+
+static void irq_handler(void *opaque, int irq, int level)
+{
+ struct xlx_pic *p = opaque;
+
+ /* edge triggered interrupt */
+ if (p->c_kind_of_intr & (1 << irq) && p->regs[R_MER] & 2) {
+ p->regs[R_ISR] |= (level << irq);
+ }
+
+ p->irq_pin_state &= ~(1 << irq);
+ p->irq_pin_state |= level << irq;
+ update_irq(p);
+}
+
+static int xilinx_intc_init(SysBusDevice *sbd)
+{
+ DeviceState *dev = DEVICE(sbd);
+ struct xlx_pic *p = XILINX_INTC(dev);
+
+ qdev_init_gpio_in(dev, irq_handler, 32);
+ sysbus_init_irq(sbd, &p->parent_irq);
+
+ memory_region_init_io(&p->mmio, OBJECT(p), &pic_ops, p, "xlnx.xps-intc",
+ R_MAX * 4);
+ sysbus_init_mmio(sbd, &p->mmio);
+ return 0;
+}
+
+static Property xilinx_intc_properties[] = {
+ DEFINE_PROP_UINT32("kind-of-intr", struct xlx_pic, c_kind_of_intr, 0),
+ DEFINE_PROP_END_OF_LIST(),
+};
+
+static void xilinx_intc_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
+
+ k->init = xilinx_intc_init;
+ dc->props = xilinx_intc_properties;
+}
+
+static const TypeInfo xilinx_intc_info = {
+ .name = TYPE_XILINX_INTC,
+ .parent = TYPE_SYS_BUS_DEVICE,
+ .instance_size = sizeof(struct xlx_pic),
+ .class_init = xilinx_intc_class_init,
+};
+
+static void xilinx_intc_register_types(void)
+{
+ type_register_static(&xilinx_intc_info);
+}
+
+type_init(xilinx_intc_register_types)
diff --git a/hw/integratorcp.c b/hw/integratorcp.c
deleted file mode 100644
index 77807c39e..000000000
--- a/hw/integratorcp.c
+++ /dev/null
@@ -1,565 +0,0 @@
-/*
- * ARM Integrator CP System emulation.
- *
- * Copyright (c) 2005-2007 CodeSourcery.
- * Written by Paul Brook
- *
- * This code is licensed under the GPL
- */
-
-#include "sysbus.h"
-#include "devices.h"
-#include "boards.h"
-#include "arm-misc.h"
-#include "net.h"
-#include "exec-memory.h"
-#include "sysemu.h"
-
-typedef struct {
- SysBusDevice busdev;
- MemoryRegion iomem;
- uint32_t memsz;
- MemoryRegion flash;
- uint32_t cm_osc;
- uint32_t cm_ctrl;
- uint32_t cm_lock;
- uint32_t cm_auxosc;
- uint32_t cm_sdram;
- uint32_t cm_init;
- uint32_t cm_flags;
- uint32_t cm_nvflags;
- uint32_t int_level;
- uint32_t irq_enabled;
- uint32_t fiq_enabled;
-} integratorcm_state;
-
-static uint8_t integrator_spd[128] = {
- 128, 8, 4, 11, 9, 1, 64, 0, 2, 0xa0, 0xa0, 0, 0, 8, 0, 1,
- 0xe, 4, 0x1c, 1, 2, 0x20, 0xc0, 0, 0, 0, 0, 0x30, 0x28, 0x30, 0x28, 0x40
-};
-
-static uint64_t integratorcm_read(void *opaque, hwaddr offset,
- unsigned size)
-{
- integratorcm_state *s = (integratorcm_state *)opaque;
- if (offset >= 0x100 && offset < 0x200) {
- /* CM_SPD */
- if (offset >= 0x180)
- return 0;
- return integrator_spd[offset >> 2];
- }
- switch (offset >> 2) {
- case 0: /* CM_ID */
- return 0x411a3001;
- case 1: /* CM_PROC */
- return 0;
- case 2: /* CM_OSC */
- return s->cm_osc;
- case 3: /* CM_CTRL */
- return s->cm_ctrl;
- case 4: /* CM_STAT */
- return 0x00100000;
- case 5: /* CM_LOCK */
- if (s->cm_lock == 0xa05f) {
- return 0x1a05f;
- } else {
- return s->cm_lock;
- }
- case 6: /* CM_LMBUSCNT */
- /* ??? High frequency timer. */
- hw_error("integratorcm_read: CM_LMBUSCNT");
- case 7: /* CM_AUXOSC */
- return s->cm_auxosc;
- case 8: /* CM_SDRAM */
- return s->cm_sdram;
- case 9: /* CM_INIT */
- return s->cm_init;
- case 10: /* CM_REFCT */
- /* ??? High frequency timer. */
- hw_error("integratorcm_read: CM_REFCT");
- case 12: /* CM_FLAGS */
- return s->cm_flags;
- case 14: /* CM_NVFLAGS */
- return s->cm_nvflags;
- case 16: /* CM_IRQ_STAT */
- return s->int_level & s->irq_enabled;
- case 17: /* CM_IRQ_RSTAT */
- return s->int_level;
- case 18: /* CM_IRQ_ENSET */
- return s->irq_enabled;
- case 20: /* CM_SOFT_INTSET */
- return s->int_level & 1;
- case 24: /* CM_FIQ_STAT */
- return s->int_level & s->fiq_enabled;
- case 25: /* CM_FIQ_RSTAT */
- return s->int_level;
- case 26: /* CM_FIQ_ENSET */
- return s->fiq_enabled;
- case 32: /* CM_VOLTAGE_CTL0 */
- case 33: /* CM_VOLTAGE_CTL1 */
- case 34: /* CM_VOLTAGE_CTL2 */
- case 35: /* CM_VOLTAGE_CTL3 */
- /* ??? Voltage control unimplemented. */
- return 0;
- default:
- hw_error("integratorcm_read: Unimplemented offset 0x%x\n",
- (int)offset);
- return 0;
- }
-}
-
-static void integratorcm_do_remap(integratorcm_state *s)
-{
- /* Sync memory region state with CM_CTRL REMAP bit:
- * bit 0 => flash at address 0; bit 1 => RAM
- */
- memory_region_set_enabled(&s->flash, !(s->cm_ctrl & 4));
-}
-
-static void integratorcm_set_ctrl(integratorcm_state *s, uint32_t value)
-{
- if (value & 8) {
- qemu_system_reset_request();
- }
- if ((s->cm_ctrl ^ value) & 1) {
- /* (value & 1) != 0 means the green "MISC LED" is lit.
- * We don't have any nice place to display LEDs. printf is a bad
- * idea because Linux uses the LED as a heartbeat and the output
- * will swamp anything else on the terminal.
- */
- }
- /* Note that the RESET bit [3] always reads as zero */
- s->cm_ctrl = (s->cm_ctrl & ~5) | (value & 5);
- integratorcm_do_remap(s);
-}
-
-static void integratorcm_update(integratorcm_state *s)
-{
- /* ??? The CPU irq/fiq is raised when either the core module or base PIC
- are active. */
- if (s->int_level & (s->irq_enabled | s->fiq_enabled))
- hw_error("Core module interrupt\n");
-}
-
-static void integratorcm_write(void *opaque, hwaddr offset,
- uint64_t value, unsigned size)
-{
- integratorcm_state *s = (integratorcm_state *)opaque;
- switch (offset >> 2) {
- case 2: /* CM_OSC */
- if (s->cm_lock == 0xa05f)
- s->cm_osc = value;
- break;
- case 3: /* CM_CTRL */
- integratorcm_set_ctrl(s, value);
- break;
- case 5: /* CM_LOCK */
- s->cm_lock = value & 0xffff;
- break;
- case 7: /* CM_AUXOSC */
- if (s->cm_lock == 0xa05f)
- s->cm_auxosc = value;
- break;
- case 8: /* CM_SDRAM */
- s->cm_sdram = value;
- break;
- case 9: /* CM_INIT */
- /* ??? This can change the memory bus frequency. */
- s->cm_init = value;
- break;
- case 12: /* CM_FLAGSS */
- s->cm_flags |= value;
- break;
- case 13: /* CM_FLAGSC */
- s->cm_flags &= ~value;
- break;
- case 14: /* CM_NVFLAGSS */
- s->cm_nvflags |= value;
- break;
- case 15: /* CM_NVFLAGSS */
- s->cm_nvflags &= ~value;
- break;
- case 18: /* CM_IRQ_ENSET */
- s->irq_enabled |= value;
- integratorcm_update(s);
- break;
- case 19: /* CM_IRQ_ENCLR */
- s->irq_enabled &= ~value;
- integratorcm_update(s);
- break;
- case 20: /* CM_SOFT_INTSET */
- s->int_level |= (value & 1);
- integratorcm_update(s);
- break;
- case 21: /* CM_SOFT_INTCLR */
- s->int_level &= ~(value & 1);
- integratorcm_update(s);
- break;
- case 26: /* CM_FIQ_ENSET */
- s->fiq_enabled |= value;
- integratorcm_update(s);
- break;
- case 27: /* CM_FIQ_ENCLR */
- s->fiq_enabled &= ~value;
- integratorcm_update(s);
- break;
- case 32: /* CM_VOLTAGE_CTL0 */
- case 33: /* CM_VOLTAGE_CTL1 */
- case 34: /* CM_VOLTAGE_CTL2 */
- case 35: /* CM_VOLTAGE_CTL3 */
- /* ??? Voltage control unimplemented. */
- break;
- default:
- hw_error("integratorcm_write: Unimplemented offset 0x%x\n",
- (int)offset);
- break;
- }
-}
-
-/* Integrator/CM control registers. */
-
-static const MemoryRegionOps integratorcm_ops = {
- .read = integratorcm_read,
- .write = integratorcm_write,
- .endianness = DEVICE_NATIVE_ENDIAN,
-};
-
-static int integratorcm_init(SysBusDevice *dev)
-{
- integratorcm_state *s = FROM_SYSBUS(integratorcm_state, dev);
-
- s->cm_osc = 0x01000048;
- /* ??? What should the high bits of this value be? */
- s->cm_auxosc = 0x0007feff;
- s->cm_sdram = 0x00011122;
- if (s->memsz >= 256) {
- integrator_spd[31] = 64;
- s->cm_sdram |= 0x10;
- } else if (s->memsz >= 128) {
- integrator_spd[31] = 32;
- s->cm_sdram |= 0x0c;
- } else if (s->memsz >= 64) {
- integrator_spd[31] = 16;
- s->cm_sdram |= 0x08;
- } else if (s->memsz >= 32) {
- integrator_spd[31] = 4;
- s->cm_sdram |= 0x04;
- } else {
- integrator_spd[31] = 2;
- }
- memcpy(integrator_spd + 73, "QEMU-MEMORY", 11);
- s->cm_init = 0x00000112;
- memory_region_init_ram(&s->flash, "integrator.flash", 0x100000);
- vmstate_register_ram_global(&s->flash);
-
- memory_region_init_io(&s->iomem, &integratorcm_ops, s,
- "integratorcm", 0x00800000);
- sysbus_init_mmio(dev, &s->iomem);
-
- integratorcm_do_remap(s);
- /* ??? Save/restore. */
- return 0;
-}
-
-/* Integrator/CP hardware emulation. */
-/* Primary interrupt controller. */
-
-typedef struct icp_pic_state
-{
- SysBusDevice busdev;
- MemoryRegion iomem;
- uint32_t level;
- uint32_t irq_enabled;
- uint32_t fiq_enabled;
- qemu_irq parent_irq;
- qemu_irq parent_fiq;
-} icp_pic_state;
-
-static void icp_pic_update(icp_pic_state *s)
-{
- uint32_t flags;
-
- flags = (s->level & s->irq_enabled);
- qemu_set_irq(s->parent_irq, flags != 0);
- flags = (s->level & s->fiq_enabled);
- qemu_set_irq(s->parent_fiq, flags != 0);
-}
-
-static void icp_pic_set_irq(void *opaque, int irq, int level)
-{
- icp_pic_state *s = (icp_pic_state *)opaque;
- if (level)
- s->level |= 1 << irq;
- else
- s->level &= ~(1 << irq);
- icp_pic_update(s);
-}
-
-static uint64_t icp_pic_read(void *opaque, hwaddr offset,
- unsigned size)
-{
- icp_pic_state *s = (icp_pic_state *)opaque;
-
- switch (offset >> 2) {
- case 0: /* IRQ_STATUS */
- return s->level & s->irq_enabled;
- case 1: /* IRQ_RAWSTAT */
- return s->level;
- case 2: /* IRQ_ENABLESET */
- return s->irq_enabled;
- case 4: /* INT_SOFTSET */
- return s->level & 1;
- case 8: /* FRQ_STATUS */
- return s->level & s->fiq_enabled;
- case 9: /* FRQ_RAWSTAT */
- return s->level;
- case 10: /* FRQ_ENABLESET */
- return s->fiq_enabled;
- case 3: /* IRQ_ENABLECLR */
- case 5: /* INT_SOFTCLR */
- case 11: /* FRQ_ENABLECLR */
- default:
- printf ("icp_pic_read: Bad register offset 0x%x\n", (int)offset);
- return 0;
- }
-}
-
-static void icp_pic_write(void *opaque, hwaddr offset,
- uint64_t value, unsigned size)
-{
- icp_pic_state *s = (icp_pic_state *)opaque;
-
- switch (offset >> 2) {
- case 2: /* IRQ_ENABLESET */
- s->irq_enabled |= value;
- break;
- case 3: /* IRQ_ENABLECLR */
- s->irq_enabled &= ~value;
- break;
- case 4: /* INT_SOFTSET */
- if (value & 1)
- icp_pic_set_irq(s, 0, 1);
- break;
- case 5: /* INT_SOFTCLR */
- if (value & 1)
- icp_pic_set_irq(s, 0, 0);
- break;
- case 10: /* FRQ_ENABLESET */
- s->fiq_enabled |= value;
- break;
- case 11: /* FRQ_ENABLECLR */
- s->fiq_enabled &= ~value;
- break;
- case 0: /* IRQ_STATUS */
- case 1: /* IRQ_RAWSTAT */
- case 8: /* FRQ_STATUS */
- case 9: /* FRQ_RAWSTAT */
- default:
- printf ("icp_pic_write: Bad register offset 0x%x\n", (int)offset);
- return;
- }
- icp_pic_update(s);
-}
-
-static const MemoryRegionOps icp_pic_ops = {
- .read = icp_pic_read,
- .write = icp_pic_write,
- .endianness = DEVICE_NATIVE_ENDIAN,
-};
-
-static int icp_pic_init(SysBusDevice *dev)
-{
- icp_pic_state *s = FROM_SYSBUS(icp_pic_state, dev);
-
- qdev_init_gpio_in(&dev->qdev, icp_pic_set_irq, 32);
- sysbus_init_irq(dev, &s->parent_irq);
- sysbus_init_irq(dev, &s->parent_fiq);
- memory_region_init_io(&s->iomem, &icp_pic_ops, s, "icp-pic", 0x00800000);
- sysbus_init_mmio(dev, &s->iomem);
- return 0;
-}
-
-/* CP control registers. */
-
-static uint64_t icp_control_read(void *opaque, hwaddr offset,
- unsigned size)
-{
- switch (offset >> 2) {
- case 0: /* CP_IDFIELD */
- return 0x41034003;
- case 1: /* CP_FLASHPROG */
- return 0;
- case 2: /* CP_INTREG */
- return 0;
- case 3: /* CP_DECODE */
- return 0x11;
- default:
- hw_error("icp_control_read: Bad offset %x\n", (int)offset);
- return 0;
- }
-}
-
-static void icp_control_write(void *opaque, hwaddr offset,
- uint64_t value, unsigned size)
-{
- switch (offset >> 2) {
- case 1: /* CP_FLASHPROG */
- case 2: /* CP_INTREG */
- case 3: /* CP_DECODE */
- /* Nothing interesting implemented yet. */
- break;
- default:
- hw_error("icp_control_write: Bad offset %x\n", (int)offset);
- }
-}
-
-static const MemoryRegionOps icp_control_ops = {
- .read = icp_control_read,
- .write = icp_control_write,
- .endianness = DEVICE_NATIVE_ENDIAN,
-};
-
-static void icp_control_init(hwaddr base)
-{
- MemoryRegion *io;
-
- io = (MemoryRegion *)g_malloc0(sizeof(MemoryRegion));
- memory_region_init_io(io, &icp_control_ops, NULL,
- "control", 0x00800000);
- memory_region_add_subregion(get_system_memory(), base, io);
- /* ??? Save/restore. */
-}
-
-
-/* Board init. */
-
-static struct arm_boot_info integrator_binfo = {
- .loader_start = 0x0,
- .board_id = 0x113,
-};
-
-static void integratorcp_init(QEMUMachineInitArgs *args)
-{
- ram_addr_t ram_size = args->ram_size;
- const char *cpu_model = args->cpu_model;
- const char *kernel_filename = args->kernel_filename;
- const char *kernel_cmdline = args->kernel_cmdline;
- const char *initrd_filename = args->initrd_filename;
- ARMCPU *cpu;
- MemoryRegion *address_space_mem = get_system_memory();
- MemoryRegion *ram = g_new(MemoryRegion, 1);
- MemoryRegion *ram_alias = g_new(MemoryRegion, 1);
- qemu_irq pic[32];
- qemu_irq *cpu_pic;
- DeviceState *dev;
- int i;
-
- if (!cpu_model) {
- cpu_model = "arm926";
- }
- cpu = cpu_arm_init(cpu_model);
- if (!cpu) {
- fprintf(stderr, "Unable to find CPU definition\n");
- exit(1);
- }
-
- memory_region_init_ram(ram, "integrator.ram", ram_size);
- vmstate_register_ram_global(ram);
- /* ??? On a real system the first 1Mb is mapped as SSRAM or boot flash. */
- /* ??? RAM should repeat to fill physical memory space. */
- /* SDRAM at address zero*/
- memory_region_add_subregion(address_space_mem, 0, ram);
- /* And again at address 0x80000000 */
- memory_region_init_alias(ram_alias, "ram.alias", ram, 0, ram_size);
- memory_region_add_subregion(address_space_mem, 0x80000000, ram_alias);
-
- dev = qdev_create(NULL, "integrator_core");
- qdev_prop_set_uint32(dev, "memsz", ram_size >> 20);
- qdev_init_nofail(dev);
- sysbus_mmio_map((SysBusDevice *)dev, 0, 0x10000000);
-
- cpu_pic = arm_pic_init_cpu(cpu);
- dev = sysbus_create_varargs("integrator_pic", 0x14000000,
- cpu_pic[ARM_PIC_CPU_IRQ],
- cpu_pic[ARM_PIC_CPU_FIQ], NULL);
- for (i = 0; i < 32; i++) {
- pic[i] = qdev_get_gpio_in(dev, i);
- }
- sysbus_create_simple("integrator_pic", 0xca000000, pic[26]);
- sysbus_create_varargs("integrator_pit", 0x13000000,
- pic[5], pic[6], pic[7], NULL);
- sysbus_create_simple("pl031", 0x15000000, pic[8]);
- sysbus_create_simple("pl011", 0x16000000, pic[1]);
- sysbus_create_simple("pl011", 0x17000000, pic[2]);
- icp_control_init(0xcb000000);
- sysbus_create_simple("pl050_keyboard", 0x18000000, pic[3]);
- sysbus_create_simple("pl050_mouse", 0x19000000, pic[4]);
- sysbus_create_varargs("pl181", 0x1c000000, pic[23], pic[24], NULL);
- if (nd_table[0].used)
- smc91c111_init(&nd_table[0], 0xc8000000, pic[27]);
-
- sysbus_create_simple("pl110", 0xc0000000, pic[22]);
-
- integrator_binfo.ram_size = ram_size;
- integrator_binfo.kernel_filename = kernel_filename;
- integrator_binfo.kernel_cmdline = kernel_cmdline;
- integrator_binfo.initrd_filename = initrd_filename;
- arm_load_kernel(cpu, &integrator_binfo);
-}
-
-static QEMUMachine integratorcp_machine = {
- .name = "integratorcp",
- .desc = "ARM Integrator/CP (ARM926EJ-S)",
- .init = integratorcp_init,
- .is_default = 1,
-};
-
-static void integratorcp_machine_init(void)
-{
- qemu_register_machine(&integratorcp_machine);
-}
-
-machine_init(integratorcp_machine_init);
-
-static Property core_properties[] = {
- DEFINE_PROP_UINT32("memsz", integratorcm_state, memsz, 0),
- DEFINE_PROP_END_OF_LIST(),
-};
-
-static void core_class_init(ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS(klass);
- SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
-
- k->init = integratorcm_init;
- dc->props = core_properties;
-}
-
-static TypeInfo core_info = {
- .name = "integrator_core",
- .parent = TYPE_SYS_BUS_DEVICE,
- .instance_size = sizeof(integratorcm_state),
- .class_init = core_class_init,
-};
-
-static void icp_pic_class_init(ObjectClass *klass, void *data)
-{
- SysBusDeviceClass *sdc = SYS_BUS_DEVICE_CLASS(klass);
-
- sdc->init = icp_pic_init;
-}
-
-static TypeInfo icp_pic_info = {
- .name = "integrator_pic",
- .parent = TYPE_SYS_BUS_DEVICE,
- .instance_size = sizeof(icp_pic_state),
- .class_init = icp_pic_class_init,
-};
-
-static void integratorcp_register_types(void)
-{
- type_register_static(&icp_pic_info);
- type_register_static(&core_info);
-}
-
-type_init(integratorcp_register_types)
diff --git a/hw/intel-hda.c b/hw/intel-hda.c
deleted file mode 100644
index a68c3685e..000000000
--- a/hw/intel-hda.c
+++ /dev/null
@@ -1,1302 +0,0 @@
-/*
- * Copyright (C) 2010 Red Hat, Inc.
- *
- * written by Gerd Hoffmann <kraxel@redhat.com>
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License as
- * published by the Free Software Foundation; either version 2 or
- * (at your option) version 3 of the License.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, see <http://www.gnu.org/licenses/>.
- */
-
-#include "hw.h"
-#include "pci.h"
-#include "msi.h"
-#include "qemu-timer.h"
-#include "audiodev.h"
-#include "intel-hda.h"
-#include "intel-hda-defs.h"
-#include "dma.h"
-
-/* --------------------------------------------------------------------- */
-/* hda bus */
-
-static Property hda_props[] = {
- DEFINE_PROP_UINT32("cad", HDACodecDevice, cad, -1),
- DEFINE_PROP_END_OF_LIST()
-};
-
-static const TypeInfo hda_codec_bus_info = {
- .name = TYPE_HDA_BUS,
- .parent = TYPE_BUS,
- .instance_size = sizeof(HDACodecBus),
-};
-
-void hda_codec_bus_init(DeviceState *dev, HDACodecBus *bus,
- hda_codec_response_func response,
- hda_codec_xfer_func xfer)
-{
- qbus_create_inplace(&bus->qbus, TYPE_HDA_BUS, dev, NULL);
- bus->response = response;
- bus->xfer = xfer;
-}
-
-static int hda_codec_dev_init(DeviceState *qdev)
-{
- HDACodecBus *bus = DO_UPCAST(HDACodecBus, qbus, qdev->parent_bus);
- HDACodecDevice *dev = DO_UPCAST(HDACodecDevice, qdev, qdev);
- HDACodecDeviceClass *cdc = HDA_CODEC_DEVICE_GET_CLASS(dev);
-
- if (dev->cad == -1) {
- dev->cad = bus->next_cad;
- }
- if (dev->cad >= 15) {
- return -1;
- }
- bus->next_cad = dev->cad + 1;
- return cdc->init(dev);
-}
-
-static int hda_codec_dev_exit(DeviceState *qdev)
-{
- HDACodecDevice *dev = DO_UPCAST(HDACodecDevice, qdev, qdev);
- HDACodecDeviceClass *cdc = HDA_CODEC_DEVICE_GET_CLASS(dev);
-
- if (cdc->exit) {
- cdc->exit(dev);
- }
- return 0;
-}
-
-HDACodecDevice *hda_codec_find(HDACodecBus *bus, uint32_t cad)
-{
- BusChild *kid;
- HDACodecDevice *cdev;
-
- QTAILQ_FOREACH(kid, &bus->qbus.children, sibling) {
- DeviceState *qdev = kid->child;
- cdev = DO_UPCAST(HDACodecDevice, qdev, qdev);
- if (cdev->cad == cad) {
- return cdev;
- }
- }
- return NULL;
-}
-
-void hda_codec_response(HDACodecDevice *dev, bool solicited, uint32_t response)
-{
- HDACodecBus *bus = DO_UPCAST(HDACodecBus, qbus, dev->qdev.parent_bus);
- bus->response(dev, solicited, response);
-}
-
-bool hda_codec_xfer(HDACodecDevice *dev, uint32_t stnr, bool output,
- uint8_t *buf, uint32_t len)
-{
- HDACodecBus *bus = DO_UPCAST(HDACodecBus, qbus, dev->qdev.parent_bus);
- return bus->xfer(dev, stnr, output, buf, len);
-}
-
-/* --------------------------------------------------------------------- */
-/* intel hda emulation */
-
-typedef struct IntelHDAStream IntelHDAStream;
-typedef struct IntelHDAState IntelHDAState;
-typedef struct IntelHDAReg IntelHDAReg;
-
-typedef struct bpl {
- uint64_t addr;
- uint32_t len;
- uint32_t flags;
-} bpl;
-
-struct IntelHDAStream {
- /* registers */
- uint32_t ctl;
- uint32_t lpib;
- uint32_t cbl;
- uint32_t lvi;
- uint32_t fmt;
- uint32_t bdlp_lbase;
- uint32_t bdlp_ubase;
-
- /* state */
- bpl *bpl;
- uint32_t bentries;
- uint32_t bsize, be, bp;
-};
-
-struct IntelHDAState {
- PCIDevice pci;
- const char *name;
- HDACodecBus codecs;
-
- /* registers */
- uint32_t g_ctl;
- uint32_t wake_en;
- uint32_t state_sts;
- uint32_t int_ctl;
- uint32_t int_sts;
- uint32_t wall_clk;
-
- uint32_t corb_lbase;
- uint32_t corb_ubase;
- uint32_t corb_rp;
- uint32_t corb_wp;
- uint32_t corb_ctl;
- uint32_t corb_sts;
- uint32_t corb_size;
-
- uint32_t rirb_lbase;
- uint32_t rirb_ubase;
- uint32_t rirb_wp;
- uint32_t rirb_cnt;
- uint32_t rirb_ctl;
- uint32_t rirb_sts;
- uint32_t rirb_size;
-
- uint32_t dp_lbase;
- uint32_t dp_ubase;
-
- uint32_t icw;
- uint32_t irr;
- uint32_t ics;
-
- /* streams */
- IntelHDAStream st[8];
-
- /* state */
- MemoryRegion mmio;
- uint32_t rirb_count;
- int64_t wall_base_ns;
-
- /* debug logging */
- const IntelHDAReg *last_reg;
- uint32_t last_val;
- uint32_t last_write;
- uint32_t last_sec;
- uint32_t repeat_count;
-
- /* properties */
- uint32_t debug;
- uint32_t msi;
-};
-
-struct IntelHDAReg {
- const char *name; /* register name */
- uint32_t size; /* size in bytes */
- uint32_t reset; /* reset value */
- uint32_t wmask; /* write mask */
- uint32_t wclear; /* write 1 to clear bits */
- uint32_t offset; /* location in IntelHDAState */
- uint32_t shift; /* byte access entries for dwords */
- uint32_t stream;
- void (*whandler)(IntelHDAState *d, const IntelHDAReg *reg, uint32_t old);
- void (*rhandler)(IntelHDAState *d, const IntelHDAReg *reg);
-};
-
-static void intel_hda_reset(DeviceState *dev);
-
-/* --------------------------------------------------------------------- */
-
-static hwaddr intel_hda_addr(uint32_t lbase, uint32_t ubase)
-{
- hwaddr addr;
-
- addr = ((uint64_t)ubase << 32) | lbase;
- return addr;
-}
-
-static void intel_hda_update_int_sts(IntelHDAState *d)
-{
- uint32_t sts = 0;
- uint32_t i;
-
- /* update controller status */
- if (d->rirb_sts & ICH6_RBSTS_IRQ) {
- sts |= (1 << 30);
- }
- if (d->rirb_sts & ICH6_RBSTS_OVERRUN) {
- sts |= (1 << 30);
- }
- if (d->state_sts & d->wake_en) {
- sts |= (1 << 30);
- }
-
- /* update stream status */
- for (i = 0; i < 8; i++) {
- /* buffer completion interrupt */
- if (d->st[i].ctl & (1 << 26)) {
- sts |= (1 << i);
- }
- }
-
- /* update global status */
- if (sts & d->int_ctl) {
- sts |= (1 << 31);
- }
-
- d->int_sts = sts;
-}
-
-static void intel_hda_update_irq(IntelHDAState *d)
-{
- int msi = d->msi && msi_enabled(&d->pci);
- int level;
-
- intel_hda_update_int_sts(d);
- if (d->int_sts & (1 << 31) && d->int_ctl & (1 << 31)) {
- level = 1;
- } else {
- level = 0;
- }
- dprint(d, 2, "%s: level %d [%s]\n", __FUNCTION__,
- level, msi ? "msi" : "intx");
- if (msi) {
- if (level) {
- msi_notify(&d->pci, 0);
- }
- } else {
- qemu_set_irq(d->pci.irq[0], level);
- }
-}
-
-static int intel_hda_send_command(IntelHDAState *d, uint32_t verb)
-{
- uint32_t cad, nid, data;
- HDACodecDevice *codec;
- HDACodecDeviceClass *cdc;
-
- cad = (verb >> 28) & 0x0f;
- if (verb & (1 << 27)) {
- /* indirect node addressing, not specified in HDA 1.0 */
- dprint(d, 1, "%s: indirect node addressing (guest bug?)\n", __FUNCTION__);
- return -1;
- }
- nid = (verb >> 20) & 0x7f;
- data = verb & 0xfffff;
-
- codec = hda_codec_find(&d->codecs, cad);
- if (codec == NULL) {
- dprint(d, 1, "%s: addressed non-existing codec\n", __FUNCTION__);
- return -1;
- }
- cdc = HDA_CODEC_DEVICE_GET_CLASS(codec);
- cdc->command(codec, nid, data);
- return 0;
-}
-
-static void intel_hda_corb_run(IntelHDAState *d)
-{
- hwaddr addr;
- uint32_t rp, verb;
-
- if (d->ics & ICH6_IRS_BUSY) {
- dprint(d, 2, "%s: [icw] verb 0x%08x\n", __FUNCTION__, d->icw);
- intel_hda_send_command(d, d->icw);
- return;
- }
-
- for (;;) {
- if (!(d->corb_ctl & ICH6_CORBCTL_RUN)) {
- dprint(d, 2, "%s: !run\n", __FUNCTION__);
- return;
- }
- if ((d->corb_rp & 0xff) == d->corb_wp) {
- dprint(d, 2, "%s: corb ring empty\n", __FUNCTION__);
- return;
- }
- if (d->rirb_count == d->rirb_cnt) {
- dprint(d, 2, "%s: rirb count reached\n", __FUNCTION__);
- return;
- }
-
- rp = (d->corb_rp + 1) & 0xff;
- addr = intel_hda_addr(d->corb_lbase, d->corb_ubase);
- verb = ldl_le_pci_dma(&d->pci, addr + 4*rp);
- d->corb_rp = rp;
-
- dprint(d, 2, "%s: [rp 0x%x] verb 0x%08x\n", __FUNCTION__, rp, verb);
- intel_hda_send_command(d, verb);
- }
-}
-
-static void intel_hda_response(HDACodecDevice *dev, bool solicited, uint32_t response)
-{
- HDACodecBus *bus = DO_UPCAST(HDACodecBus, qbus, dev->qdev.parent_bus);
- IntelHDAState *d = container_of(bus, IntelHDAState, codecs);
- hwaddr addr;
- uint32_t wp, ex;
-
- if (d->ics & ICH6_IRS_BUSY) {
- dprint(d, 2, "%s: [irr] response 0x%x, cad 0x%x\n",
- __FUNCTION__, response, dev->cad);
- d->irr = response;
- d->ics &= ~(ICH6_IRS_BUSY | 0xf0);
- d->ics |= (ICH6_IRS_VALID | (dev->cad << 4));
- return;
- }
-
- if (!(d->rirb_ctl & ICH6_RBCTL_DMA_EN)) {
- dprint(d, 1, "%s: rirb dma disabled, drop codec response\n", __FUNCTION__);
- return;
- }
-
- ex = (solicited ? 0 : (1 << 4)) | dev->cad;
- wp = (d->rirb_wp + 1) & 0xff;
- addr = intel_hda_addr(d->rirb_lbase, d->rirb_ubase);
- stl_le_pci_dma(&d->pci, addr + 8*wp, response);
- stl_le_pci_dma(&d->pci, addr + 8*wp + 4, ex);
- d->rirb_wp = wp;
-
- dprint(d, 2, "%s: [wp 0x%x] response 0x%x, extra 0x%x\n",
- __FUNCTION__, wp, response, ex);
-
- d->rirb_count++;
- if (d->rirb_count == d->rirb_cnt) {
- dprint(d, 2, "%s: rirb count reached (%d)\n", __FUNCTION__, d->rirb_count);
- if (d->rirb_ctl & ICH6_RBCTL_IRQ_EN) {
- d->rirb_sts |= ICH6_RBSTS_IRQ;
- intel_hda_update_irq(d);
- }
- } else if ((d->corb_rp & 0xff) == d->corb_wp) {
- dprint(d, 2, "%s: corb ring empty (%d/%d)\n", __FUNCTION__,
- d->rirb_count, d->rirb_cnt);
- if (d->rirb_ctl & ICH6_RBCTL_IRQ_EN) {
- d->rirb_sts |= ICH6_RBSTS_IRQ;
- intel_hda_update_irq(d);
- }
- }
-}
-
-static bool intel_hda_xfer(HDACodecDevice *dev, uint32_t stnr, bool output,
- uint8_t *buf, uint32_t len)
-{
- HDACodecBus *bus = DO_UPCAST(HDACodecBus, qbus, dev->qdev.parent_bus);
- IntelHDAState *d = container_of(bus, IntelHDAState, codecs);
- hwaddr addr;
- uint32_t s, copy, left;
- IntelHDAStream *st;
- bool irq = false;
-
- st = output ? d->st + 4 : d->st;
- for (s = 0; s < 4; s++) {
- if (stnr == ((st[s].ctl >> 20) & 0x0f)) {
- st = st + s;
- break;
- }
- }
- if (s == 4) {
- return false;
- }
- if (st->bpl == NULL) {
- return false;
- }
- if (st->ctl & (1 << 26)) {
- /*
- * Wait with the next DMA xfer until the guest
- * has acked the buffer completion interrupt
- */
- return false;
- }
-
- left = len;
- while (left > 0) {
- copy = left;
- if (copy > st->bsize - st->lpib)
- copy = st->bsize - st->lpib;
- if (copy > st->bpl[st->be].len - st->bp)
- copy = st->bpl[st->be].len - st->bp;
-
- dprint(d, 3, "dma: entry %d, pos %d/%d, copy %d\n",
- st->be, st->bp, st->bpl[st->be].len, copy);
-
- pci_dma_rw(&d->pci, st->bpl[st->be].addr + st->bp, buf, copy, !output);
- st->lpib += copy;
- st->bp += copy;
- buf += copy;
- left -= copy;
-
- if (st->bpl[st->be].len == st->bp) {
- /* bpl entry filled */
- if (st->bpl[st->be].flags & 0x01) {
- irq = true;
- }
- st->bp = 0;
- st->be++;
- if (st->be == st->bentries) {
- /* bpl wrap around */
- st->be = 0;
- st->lpib = 0;
- }
- }
- }
- if (d->dp_lbase & 0x01) {
- addr = intel_hda_addr(d->dp_lbase & ~0x01, d->dp_ubase);
- stl_le_pci_dma(&d->pci, addr + 8*s, st->lpib);
- }
- dprint(d, 3, "dma: --\n");
-
- if (irq) {
- st->ctl |= (1 << 26); /* buffer completion interrupt */
- intel_hda_update_irq(d);
- }
- return true;
-}
-
-static void intel_hda_parse_bdl(IntelHDAState *d, IntelHDAStream *st)
-{
- hwaddr addr;
- uint8_t buf[16];
- uint32_t i;
-
- addr = intel_hda_addr(st->bdlp_lbase, st->bdlp_ubase);
- st->bentries = st->lvi +1;
- g_free(st->bpl);
- st->bpl = g_malloc(sizeof(bpl) * st->bentries);
- for (i = 0; i < st->bentries; i++, addr += 16) {
- pci_dma_read(&d->pci, addr, buf, 16);
- st->bpl[i].addr = le64_to_cpu(*(uint64_t *)buf);
- st->bpl[i].len = le32_to_cpu(*(uint32_t *)(buf + 8));
- st->bpl[i].flags = le32_to_cpu(*(uint32_t *)(buf + 12));
- dprint(d, 1, "bdl/%d: 0x%" PRIx64 " +0x%x, 0x%x\n",
- i, st->bpl[i].addr, st->bpl[i].len, st->bpl[i].flags);
- }
-
- st->bsize = st->cbl;
- st->lpib = 0;
- st->be = 0;
- st->bp = 0;
-}
-
-static void intel_hda_notify_codecs(IntelHDAState *d, uint32_t stream, bool running, bool output)
-{
- BusChild *kid;
- HDACodecDevice *cdev;
-
- QTAILQ_FOREACH(kid, &d->codecs.qbus.children, sibling) {
- DeviceState *qdev = kid->child;
- HDACodecDeviceClass *cdc;
-
- cdev = DO_UPCAST(HDACodecDevice, qdev, qdev);
- cdc = HDA_CODEC_DEVICE_GET_CLASS(cdev);
- if (cdc->stream) {
- cdc->stream(cdev, stream, running, output);
- }
- }
-}
-
-/* --------------------------------------------------------------------- */
-
-static void intel_hda_set_g_ctl(IntelHDAState *d, const IntelHDAReg *reg, uint32_t old)
-{
- if ((d->g_ctl & ICH6_GCTL_RESET) == 0) {
- intel_hda_reset(&d->pci.qdev);
- }
-}
-
-static void intel_hda_set_wake_en(IntelHDAState *d, const IntelHDAReg *reg, uint32_t old)
-{
- intel_hda_update_irq(d);
-}
-
-static void intel_hda_set_state_sts(IntelHDAState *d, const IntelHDAReg *reg, uint32_t old)
-{
- intel_hda_update_irq(d);
-}
-
-static void intel_hda_set_int_ctl(IntelHDAState *d, const IntelHDAReg *reg, uint32_t old)
-{
- intel_hda_update_irq(d);
-}
-
-static void intel_hda_get_wall_clk(IntelHDAState *d, const IntelHDAReg *reg)
-{
- int64_t ns;
-
- ns = qemu_get_clock_ns(vm_clock) - d->wall_base_ns;
- d->wall_clk = (uint32_t)(ns * 24 / 1000); /* 24 MHz */
-}
-
-static void intel_hda_set_corb_wp(IntelHDAState *d, const IntelHDAReg *reg, uint32_t old)
-{
- intel_hda_corb_run(d);
-}
-
-static void intel_hda_set_corb_ctl(IntelHDAState *d, const IntelHDAReg *reg, uint32_t old)
-{
- intel_hda_corb_run(d);
-}
-
-static void intel_hda_set_rirb_wp(IntelHDAState *d, const IntelHDAReg *reg, uint32_t old)
-{
- if (d->rirb_wp & ICH6_RIRBWP_RST) {
- d->rirb_wp = 0;
- }
-}
-
-static void intel_hda_set_rirb_sts(IntelHDAState *d, const IntelHDAReg *reg, uint32_t old)
-{
- intel_hda_update_irq(d);
-
- if ((old & ICH6_RBSTS_IRQ) && !(d->rirb_sts & ICH6_RBSTS_IRQ)) {
- /* cleared ICH6_RBSTS_IRQ */
- d->rirb_count = 0;
- intel_hda_corb_run(d);
- }
-}
-
-static void intel_hda_set_ics(IntelHDAState *d, const IntelHDAReg *reg, uint32_t old)
-{
- if (d->ics & ICH6_IRS_BUSY) {
- intel_hda_corb_run(d);
- }
-}
-
-static void intel_hda_set_st_ctl(IntelHDAState *d, const IntelHDAReg *reg, uint32_t old)
-{
- bool output = reg->stream >= 4;
- IntelHDAStream *st = d->st + reg->stream;
-
- if (st->ctl & 0x01) {
- /* reset */
- dprint(d, 1, "st #%d: reset\n", reg->stream);
- st->ctl = 0;
- }
- if ((st->ctl & 0x02) != (old & 0x02)) {
- uint32_t stnr = (st->ctl >> 20) & 0x0f;
- /* run bit flipped */
- if (st->ctl & 0x02) {
- /* start */
- dprint(d, 1, "st #%d: start %d (ring buf %d bytes)\n",
- reg->stream, stnr, st->cbl);
- intel_hda_parse_bdl(d, st);
- intel_hda_notify_codecs(d, stnr, true, output);
- } else {
- /* stop */
- dprint(d, 1, "st #%d: stop %d\n", reg->stream, stnr);
- intel_hda_notify_codecs(d, stnr, false, output);
- }
- }
- intel_hda_update_irq(d);
-}
-
-/* --------------------------------------------------------------------- */
-
-#define ST_REG(_n, _o) (0x80 + (_n) * 0x20 + (_o))
-
-static const struct IntelHDAReg regtab[] = {
- /* global */
- [ ICH6_REG_GCAP ] = {
- .name = "GCAP",
- .size = 2,
- .reset = 0x4401,
- },
- [ ICH6_REG_VMIN ] = {
- .name = "VMIN",
- .size = 1,
- },
- [ ICH6_REG_VMAJ ] = {
- .name = "VMAJ",
- .size = 1,
- .reset = 1,
- },
- [ ICH6_REG_OUTPAY ] = {
- .name = "OUTPAY",
- .size = 2,
- .reset = 0x3c,
- },
- [ ICH6_REG_INPAY ] = {
- .name = "INPAY",
- .size = 2,
- .reset = 0x1d,
- },
- [ ICH6_REG_GCTL ] = {
- .name = "GCTL",
- .size = 4,
- .wmask = 0x0103,
- .offset = offsetof(IntelHDAState, g_ctl),
- .whandler = intel_hda_set_g_ctl,
- },
- [ ICH6_REG_WAKEEN ] = {
- .name = "WAKEEN",
- .size = 2,
- .wmask = 0x7fff,
- .offset = offsetof(IntelHDAState, wake_en),
- .whandler = intel_hda_set_wake_en,
- },
- [ ICH6_REG_STATESTS ] = {
- .name = "STATESTS",
- .size = 2,
- .wmask = 0x7fff,
- .wclear = 0x7fff,
- .offset = offsetof(IntelHDAState, state_sts),
- .whandler = intel_hda_set_state_sts,
- },
-
- /* interrupts */
- [ ICH6_REG_INTCTL ] = {
- .name = "INTCTL",
- .size = 4,
- .wmask = 0xc00000ff,
- .offset = offsetof(IntelHDAState, int_ctl),
- .whandler = intel_hda_set_int_ctl,
- },
- [ ICH6_REG_INTSTS ] = {
- .name = "INTSTS",
- .size = 4,
- .wmask = 0xc00000ff,
- .wclear = 0xc00000ff,
- .offset = offsetof(IntelHDAState, int_sts),
- },
-
- /* misc */
- [ ICH6_REG_WALLCLK ] = {
- .name = "WALLCLK",
- .size = 4,
- .offset = offsetof(IntelHDAState, wall_clk),
- .rhandler = intel_hda_get_wall_clk,
- },
- [ ICH6_REG_WALLCLK + 0x2000 ] = {
- .name = "WALLCLK(alias)",
- .size = 4,
- .offset = offsetof(IntelHDAState, wall_clk),
- .rhandler = intel_hda_get_wall_clk,
- },
-
- /* dma engine */
- [ ICH6_REG_CORBLBASE ] = {
- .name = "CORBLBASE",
- .size = 4,
- .wmask = 0xffffff80,
- .offset = offsetof(IntelHDAState, corb_lbase),
- },
- [ ICH6_REG_CORBUBASE ] = {
- .name = "CORBUBASE",
- .size = 4,
- .wmask = 0xffffffff,
- .offset = offsetof(IntelHDAState, corb_ubase),
- },
- [ ICH6_REG_CORBWP ] = {
- .name = "CORBWP",
- .size = 2,
- .wmask = 0xff,
- .offset = offsetof(IntelHDAState, corb_wp),
- .whandler = intel_hda_set_corb_wp,
- },
- [ ICH6_REG_CORBRP ] = {
- .name = "CORBRP",
- .size = 2,
- .wmask = 0x80ff,
- .offset = offsetof(IntelHDAState, corb_rp),
- },
- [ ICH6_REG_CORBCTL ] = {
- .name = "CORBCTL",
- .size = 1,
- .wmask = 0x03,
- .offset = offsetof(IntelHDAState, corb_ctl),
- .whandler = intel_hda_set_corb_ctl,
- },
- [ ICH6_REG_CORBSTS ] = {
- .name = "CORBSTS",
- .size = 1,
- .wmask = 0x01,
- .wclear = 0x01,
- .offset = offsetof(IntelHDAState, corb_sts),
- },
- [ ICH6_REG_CORBSIZE ] = {
- .name = "CORBSIZE",
- .size = 1,
- .reset = 0x42,
- .offset = offsetof(IntelHDAState, corb_size),
- },
- [ ICH6_REG_RIRBLBASE ] = {
- .name = "RIRBLBASE",
- .size = 4,
- .wmask = 0xffffff80,
- .offset = offsetof(IntelHDAState, rirb_lbase),
- },
- [ ICH6_REG_RIRBUBASE ] = {
- .name = "RIRBUBASE",
- .size = 4,
- .wmask = 0xffffffff,
- .offset = offsetof(IntelHDAState, rirb_ubase),
- },
- [ ICH6_REG_RIRBWP ] = {
- .name = "RIRBWP",
- .size = 2,
- .wmask = 0x8000,
- .offset = offsetof(IntelHDAState, rirb_wp),
- .whandler = intel_hda_set_rirb_wp,
- },
- [ ICH6_REG_RINTCNT ] = {
- .name = "RINTCNT",
- .size = 2,
- .wmask = 0xff,
- .offset = offsetof(IntelHDAState, rirb_cnt),
- },
- [ ICH6_REG_RIRBCTL ] = {
- .name = "RIRBCTL",
- .size = 1,
- .wmask = 0x07,
- .offset = offsetof(IntelHDAState, rirb_ctl),
- },
- [ ICH6_REG_RIRBSTS ] = {
- .name = "RIRBSTS",
- .size = 1,
- .wmask = 0x05,
- .wclear = 0x05,
- .offset = offsetof(IntelHDAState, rirb_sts),
- .whandler = intel_hda_set_rirb_sts,
- },
- [ ICH6_REG_RIRBSIZE ] = {
- .name = "RIRBSIZE",
- .size = 1,
- .reset = 0x42,
- .offset = offsetof(IntelHDAState, rirb_size),
- },
-
- [ ICH6_REG_DPLBASE ] = {
- .name = "DPLBASE",
- .size = 4,
- .wmask = 0xffffff81,
- .offset = offsetof(IntelHDAState, dp_lbase),
- },
- [ ICH6_REG_DPUBASE ] = {
- .name = "DPUBASE",
- .size = 4,
- .wmask = 0xffffffff,
- .offset = offsetof(IntelHDAState, dp_ubase),
- },
-
- [ ICH6_REG_IC ] = {
- .name = "ICW",
- .size = 4,
- .wmask = 0xffffffff,
- .offset = offsetof(IntelHDAState, icw),
- },
- [ ICH6_REG_IR ] = {
- .name = "IRR",
- .size = 4,
- .offset = offsetof(IntelHDAState, irr),
- },
- [ ICH6_REG_IRS ] = {
- .name = "ICS",
- .size = 2,
- .wmask = 0x0003,
- .wclear = 0x0002,
- .offset = offsetof(IntelHDAState, ics),
- .whandler = intel_hda_set_ics,
- },
-
-#define HDA_STREAM(_t, _i) \
- [ ST_REG(_i, ICH6_REG_SD_CTL) ] = { \
- .stream = _i, \
- .name = _t stringify(_i) " CTL", \
- .size = 4, \
- .wmask = 0x1cff001f, \
- .offset = offsetof(IntelHDAState, st[_i].ctl), \
- .whandler = intel_hda_set_st_ctl, \
- }, \
- [ ST_REG(_i, ICH6_REG_SD_CTL) + 2] = { \
- .stream = _i, \
- .name = _t stringify(_i) " CTL(stnr)", \
- .size = 1, \
- .shift = 16, \
- .wmask = 0x00ff0000, \
- .offset = offsetof(IntelHDAState, st[_i].ctl), \
- .whandler = intel_hda_set_st_ctl, \
- }, \
- [ ST_REG(_i, ICH6_REG_SD_STS)] = { \
- .stream = _i, \
- .name = _t stringify(_i) " CTL(sts)", \
- .size = 1, \
- .shift = 24, \
- .wmask = 0x1c000000, \
- .wclear = 0x1c000000, \
- .offset = offsetof(IntelHDAState, st[_i].ctl), \
- .whandler = intel_hda_set_st_ctl, \
- }, \
- [ ST_REG(_i, ICH6_REG_SD_LPIB) ] = { \
- .stream = _i, \
- .name = _t stringify(_i) " LPIB", \
- .size = 4, \
- .offset = offsetof(IntelHDAState, st[_i].lpib), \
- }, \
- [ ST_REG(_i, ICH6_REG_SD_LPIB) + 0x2000 ] = { \
- .stream = _i, \
- .name = _t stringify(_i) " LPIB(alias)", \
- .size = 4, \
- .offset = offsetof(IntelHDAState, st[_i].lpib), \
- }, \
- [ ST_REG(_i, ICH6_REG_SD_CBL) ] = { \
- .stream = _i, \
- .name = _t stringify(_i) " CBL", \
- .size = 4, \
- .wmask = 0xffffffff, \
- .offset = offsetof(IntelHDAState, st[_i].cbl), \
- }, \
- [ ST_REG(_i, ICH6_REG_SD_LVI) ] = { \
- .stream = _i, \
- .name = _t stringify(_i) " LVI", \
- .size = 2, \
- .wmask = 0x00ff, \
- .offset = offsetof(IntelHDAState, st[_i].lvi), \
- }, \
- [ ST_REG(_i, ICH6_REG_SD_FIFOSIZE) ] = { \
- .stream = _i, \
- .name = _t stringify(_i) " FIFOS", \
- .size = 2, \
- .reset = HDA_BUFFER_SIZE, \
- }, \
- [ ST_REG(_i, ICH6_REG_SD_FORMAT) ] = { \
- .stream = _i, \
- .name = _t stringify(_i) " FMT", \
- .size = 2, \
- .wmask = 0x7f7f, \
- .offset = offsetof(IntelHDAState, st[_i].fmt), \
- }, \
- [ ST_REG(_i, ICH6_REG_SD_BDLPL) ] = { \
- .stream = _i, \
- .name = _t stringify(_i) " BDLPL", \
- .size = 4, \
- .wmask = 0xffffff80, \
- .offset = offsetof(IntelHDAState, st[_i].bdlp_lbase), \
- }, \
- [ ST_REG(_i, ICH6_REG_SD_BDLPU) ] = { \
- .stream = _i, \
- .name = _t stringify(_i) " BDLPU", \
- .size = 4, \
- .wmask = 0xffffffff, \
- .offset = offsetof(IntelHDAState, st[_i].bdlp_ubase), \
- }, \
-
- HDA_STREAM("IN", 0)
- HDA_STREAM("IN", 1)
- HDA_STREAM("IN", 2)
- HDA_STREAM("IN", 3)
-
- HDA_STREAM("OUT", 4)
- HDA_STREAM("OUT", 5)
- HDA_STREAM("OUT", 6)
- HDA_STREAM("OUT", 7)
-
-};
-
-static const IntelHDAReg *intel_hda_reg_find(IntelHDAState *d, hwaddr addr)
-{
- const IntelHDAReg *reg;
-
- if (addr >= sizeof(regtab)/sizeof(regtab[0])) {
- goto noreg;
- }
- reg = regtab+addr;
- if (reg->name == NULL) {
- goto noreg;
- }
- return reg;
-
-noreg:
- dprint(d, 1, "unknown register, addr 0x%x\n", (int) addr);
- return NULL;
-}
-
-static uint32_t *intel_hda_reg_addr(IntelHDAState *d, const IntelHDAReg *reg)
-{
- uint8_t *addr = (void*)d;
-
- addr += reg->offset;
- return (uint32_t*)addr;
-}
-
-static void intel_hda_reg_write(IntelHDAState *d, const IntelHDAReg *reg, uint32_t val,
- uint32_t wmask)
-{
- uint32_t *addr;
- uint32_t old;
-
- if (!reg) {
- return;
- }
-
- if (d->debug) {
- time_t now = time(NULL);
- if (d->last_write && d->last_reg == reg && d->last_val == val) {
- d->repeat_count++;
- if (d->last_sec != now) {
- dprint(d, 2, "previous register op repeated %d times\n", d->repeat_count);
- d->last_sec = now;
- d->repeat_count = 0;
- }
- } else {
- if (d->repeat_count) {
- dprint(d, 2, "previous register op repeated %d times\n", d->repeat_count);
- }
- dprint(d, 2, "write %-16s: 0x%x (%x)\n", reg->name, val, wmask);
- d->last_write = 1;
- d->last_reg = reg;
- d->last_val = val;
- d->last_sec = now;
- d->repeat_count = 0;
- }
- }
- assert(reg->offset != 0);
-
- addr = intel_hda_reg_addr(d, reg);
- old = *addr;
-
- if (reg->shift) {
- val <<= reg->shift;
- wmask <<= reg->shift;
- }
- wmask &= reg->wmask;
- *addr &= ~wmask;
- *addr |= wmask & val;
- *addr &= ~(val & reg->wclear);
-
- if (reg->whandler) {
- reg->whandler(d, reg, old);
- }
-}
-
-static uint32_t intel_hda_reg_read(IntelHDAState *d, const IntelHDAReg *reg,
- uint32_t rmask)
-{
- uint32_t *addr, ret;
-
- if (!reg) {
- return 0;
- }
-
- if (reg->rhandler) {
- reg->rhandler(d, reg);
- }
-
- if (reg->offset == 0) {
- /* constant read-only register */
- ret = reg->reset;
- } else {
- addr = intel_hda_reg_addr(d, reg);
- ret = *addr;
- if (reg->shift) {
- ret >>= reg->shift;
- }
- ret &= rmask;
- }
- if (d->debug) {
- time_t now = time(NULL);
- if (!d->last_write && d->last_reg == reg && d->last_val == ret) {
- d->repeat_count++;
- if (d->last_sec != now) {
- dprint(d, 2, "previous register op repeated %d times\n", d->repeat_count);
- d->last_sec = now;
- d->repeat_count = 0;
- }
- } else {
- if (d->repeat_count) {
- dprint(d, 2, "previous register op repeated %d times\n", d->repeat_count);
- }
- dprint(d, 2, "read %-16s: 0x%x (%x)\n", reg->name, ret, rmask);
- d->last_write = 0;
- d->last_reg = reg;
- d->last_val = ret;
- d->last_sec = now;
- d->repeat_count = 0;
- }
- }
- return ret;
-}
-
-static void intel_hda_regs_reset(IntelHDAState *d)
-{
- uint32_t *addr;
- int i;
-
- for (i = 0; i < sizeof(regtab)/sizeof(regtab[0]); i++) {
- if (regtab[i].name == NULL) {
- continue;
- }
- if (regtab[i].offset == 0) {
- continue;
- }
- addr = intel_hda_reg_addr(d, regtab + i);
- *addr = regtab[i].reset;
- }
-}
-
-/* --------------------------------------------------------------------- */
-
-static void intel_hda_mmio_writeb(void *opaque, hwaddr addr, uint32_t val)
-{
- IntelHDAState *d = opaque;
- const IntelHDAReg *reg = intel_hda_reg_find(d, addr);
-
- intel_hda_reg_write(d, reg, val, 0xff);
-}
-
-static void intel_hda_mmio_writew(void *opaque, hwaddr addr, uint32_t val)
-{
- IntelHDAState *d = opaque;
- const IntelHDAReg *reg = intel_hda_reg_find(d, addr);
-
- intel_hda_reg_write(d, reg, val, 0xffff);
-}
-
-static void intel_hda_mmio_writel(void *opaque, hwaddr addr, uint32_t val)
-{
- IntelHDAState *d = opaque;
- const IntelHDAReg *reg = intel_hda_reg_find(d, addr);
-
- intel_hda_reg_write(d, reg, val, 0xffffffff);
-}
-
-static uint32_t intel_hda_mmio_readb(void *opaque, hwaddr addr)
-{
- IntelHDAState *d = opaque;
- const IntelHDAReg *reg = intel_hda_reg_find(d, addr);
-
- return intel_hda_reg_read(d, reg, 0xff);
-}
-
-static uint32_t intel_hda_mmio_readw(void *opaque, hwaddr addr)
-{
- IntelHDAState *d = opaque;
- const IntelHDAReg *reg = intel_hda_reg_find(d, addr);
-
- return intel_hda_reg_read(d, reg, 0xffff);
-}
-
-static uint32_t intel_hda_mmio_readl(void *opaque, hwaddr addr)
-{
- IntelHDAState *d = opaque;
- const IntelHDAReg *reg = intel_hda_reg_find(d, addr);
-
- return intel_hda_reg_read(d, reg, 0xffffffff);
-}
-
-static const MemoryRegionOps intel_hda_mmio_ops = {
- .old_mmio = {
- .read = {
- intel_hda_mmio_readb,
- intel_hda_mmio_readw,
- intel_hda_mmio_readl,
- },
- .write = {
- intel_hda_mmio_writeb,
- intel_hda_mmio_writew,
- intel_hda_mmio_writel,
- },
- },
- .endianness = DEVICE_NATIVE_ENDIAN,
-};
-
-/* --------------------------------------------------------------------- */
-
-static void intel_hda_reset(DeviceState *dev)
-{
- BusChild *kid;
- IntelHDAState *d = DO_UPCAST(IntelHDAState, pci.qdev, dev);
- HDACodecDevice *cdev;
-
- intel_hda_regs_reset(d);
- d->wall_base_ns = qemu_get_clock_ns(vm_clock);
-
- /* reset codecs */
- QTAILQ_FOREACH(kid, &d->codecs.qbus.children, sibling) {
- DeviceState *qdev = kid->child;
- cdev = DO_UPCAST(HDACodecDevice, qdev, qdev);
- device_reset(DEVICE(cdev));
- d->state_sts |= (1 << cdev->cad);
- }
- intel_hda_update_irq(d);
-}
-
-static int intel_hda_init(PCIDevice *pci)
-{
- IntelHDAState *d = DO_UPCAST(IntelHDAState, pci, pci);
- uint8_t *conf = d->pci.config;
-
- d->name = object_get_typename(OBJECT(d));
-
- pci_config_set_interrupt_pin(conf, 1);
-
- /* HDCTL off 0x40 bit 0 selects signaling mode (1-HDA, 0 - Ac97) 18.1.19 */
- conf[0x40] = 0x01;
-
- memory_region_init_io(&d->mmio, &intel_hda_mmio_ops, d,
- "intel-hda", 0x4000);
- pci_register_bar(&d->pci, 0, 0, &d->mmio);
- if (d->msi) {
- msi_init(&d->pci, 0x50, 1, true, false);
- }
-
- hda_codec_bus_init(&d->pci.qdev, &d->codecs,
- intel_hda_response, intel_hda_xfer);
-
- return 0;
-}
-
-static void intel_hda_exit(PCIDevice *pci)
-{
- IntelHDAState *d = DO_UPCAST(IntelHDAState, pci, pci);
-
- msi_uninit(&d->pci);
- memory_region_destroy(&d->mmio);
-}
-
-static int intel_hda_post_load(void *opaque, int version)
-{
- IntelHDAState* d = opaque;
- int i;
-
- dprint(d, 1, "%s\n", __FUNCTION__);
- for (i = 0; i < ARRAY_SIZE(d->st); i++) {
- if (d->st[i].ctl & 0x02) {
- intel_hda_parse_bdl(d, &d->st[i]);
- }
- }
- intel_hda_update_irq(d);
- return 0;
-}
-
-static const VMStateDescription vmstate_intel_hda_stream = {
- .name = "intel-hda-stream",
- .version_id = 1,
- .fields = (VMStateField []) {
- VMSTATE_UINT32(ctl, IntelHDAStream),
- VMSTATE_UINT32(lpib, IntelHDAStream),
- VMSTATE_UINT32(cbl, IntelHDAStream),
- VMSTATE_UINT32(lvi, IntelHDAStream),
- VMSTATE_UINT32(fmt, IntelHDAStream),
- VMSTATE_UINT32(bdlp_lbase, IntelHDAStream),
- VMSTATE_UINT32(bdlp_ubase, IntelHDAStream),
- VMSTATE_END_OF_LIST()
- }
-};
-
-static const VMStateDescription vmstate_intel_hda = {
- .name = "intel-hda",
- .version_id = 1,
- .post_load = intel_hda_post_load,
- .fields = (VMStateField []) {
- VMSTATE_PCI_DEVICE(pci, IntelHDAState),
-
- /* registers */
- VMSTATE_UINT32(g_ctl, IntelHDAState),
- VMSTATE_UINT32(wake_en, IntelHDAState),
- VMSTATE_UINT32(state_sts, IntelHDAState),
- VMSTATE_UINT32(int_ctl, IntelHDAState),
- VMSTATE_UINT32(int_sts, IntelHDAState),
- VMSTATE_UINT32(wall_clk, IntelHDAState),
- VMSTATE_UINT32(corb_lbase, IntelHDAState),
- VMSTATE_UINT32(corb_ubase, IntelHDAState),
- VMSTATE_UINT32(corb_rp, IntelHDAState),
- VMSTATE_UINT32(corb_wp, IntelHDAState),
- VMSTATE_UINT32(corb_ctl, IntelHDAState),
- VMSTATE_UINT32(corb_sts, IntelHDAState),
- VMSTATE_UINT32(corb_size, IntelHDAState),
- VMSTATE_UINT32(rirb_lbase, IntelHDAState),
- VMSTATE_UINT32(rirb_ubase, IntelHDAState),
- VMSTATE_UINT32(rirb_wp, IntelHDAState),
- VMSTATE_UINT32(rirb_cnt, IntelHDAState),
- VMSTATE_UINT32(rirb_ctl, IntelHDAState),
- VMSTATE_UINT32(rirb_sts, IntelHDAState),
- VMSTATE_UINT32(rirb_size, IntelHDAState),
- VMSTATE_UINT32(dp_lbase, IntelHDAState),
- VMSTATE_UINT32(dp_ubase, IntelHDAState),
- VMSTATE_UINT32(icw, IntelHDAState),
- VMSTATE_UINT32(irr, IntelHDAState),
- VMSTATE_UINT32(ics, IntelHDAState),
- VMSTATE_STRUCT_ARRAY(st, IntelHDAState, 8, 0,
- vmstate_intel_hda_stream,
- IntelHDAStream),
-
- /* additional state info */
- VMSTATE_UINT32(rirb_count, IntelHDAState),
- VMSTATE_INT64(wall_base_ns, IntelHDAState),
-
- VMSTATE_END_OF_LIST()
- }
-};
-
-static Property intel_hda_properties[] = {
- DEFINE_PROP_UINT32("debug", IntelHDAState, debug, 0),
- DEFINE_PROP_UINT32("msi", IntelHDAState, msi, 1),
- DEFINE_PROP_END_OF_LIST(),
-};
-
-static void intel_hda_class_init(ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS(klass);
- PCIDeviceClass *k = PCI_DEVICE_CLASS(klass);
-
- k->init = intel_hda_init;
- k->exit = intel_hda_exit;
- k->vendor_id = PCI_VENDOR_ID_INTEL;
- k->device_id = 0x2668;
- k->revision = 1;
- k->class_id = PCI_CLASS_MULTIMEDIA_HD_AUDIO;
- dc->desc = "Intel HD Audio Controller";
- dc->reset = intel_hda_reset;
- dc->vmsd = &vmstate_intel_hda;
- dc->props = intel_hda_properties;
-}
-
-static TypeInfo intel_hda_info = {
- .name = "intel-hda",
- .parent = TYPE_PCI_DEVICE,
- .instance_size = sizeof(IntelHDAState),
- .class_init = intel_hda_class_init,
-};
-
-static void hda_codec_device_class_init(ObjectClass *klass, void *data)
-{
- DeviceClass *k = DEVICE_CLASS(klass);
- k->init = hda_codec_dev_init;
- k->exit = hda_codec_dev_exit;
- k->bus_type = TYPE_HDA_BUS;
- k->props = hda_props;
-}
-
-static TypeInfo hda_codec_device_type_info = {
- .name = TYPE_HDA_CODEC_DEVICE,
- .parent = TYPE_DEVICE,
- .instance_size = sizeof(HDACodecDevice),
- .abstract = true,
- .class_size = sizeof(HDACodecDeviceClass),
- .class_init = hda_codec_device_class_init,
-};
-
-static void intel_hda_register_types(void)
-{
- type_register_static(&hda_codec_bus_info);
- type_register_static(&intel_hda_info);
- type_register_static(&hda_codec_device_type_info);
-}
-
-type_init(intel_hda_register_types)
-
-/*
- * create intel hda controller with codec attached to it,
- * so '-soundhw hda' works.
- */
-int intel_hda_and_codec_init(PCIBus *bus)
-{
- PCIDevice *controller;
- BusState *hdabus;
- DeviceState *codec;
-
- controller = pci_create_simple(bus, -1, "intel-hda");
- hdabus = QLIST_FIRST(&controller->qdev.child_bus);
- codec = qdev_create(hdabus, "hda-duplex");
- qdev_init_nofail(codec);
- return 0;
-}
-
diff --git a/hw/intel-hda.h b/hw/intel-hda.h
deleted file mode 100644
index 22e0968d5..000000000
--- a/hw/intel-hda.h
+++ /dev/null
@@ -1,72 +0,0 @@
-#ifndef HW_INTEL_HDA_H
-#define HW_INTEL_HDA_H
-
-#include "qdev.h"
-
-/* --------------------------------------------------------------------- */
-/* hda bus */
-
-#define TYPE_HDA_CODEC_DEVICE "hda-codec"
-#define HDA_CODEC_DEVICE(obj) \
- OBJECT_CHECK(HDACodecDevice, (obj), TYPE_HDA_CODEC_DEVICE)
-#define HDA_CODEC_DEVICE_CLASS(klass) \
- OBJECT_CLASS_CHECK(HDACodecDeviceClass, (klass), TYPE_HDA_CODEC_DEVICE)
-#define HDA_CODEC_DEVICE_GET_CLASS(obj) \
- OBJECT_GET_CLASS(HDACodecDeviceClass, (obj), TYPE_HDA_CODEC_DEVICE)
-
-#define TYPE_HDA_BUS "HDA"
-#define HDA_BUS(obj) OBJECT_CHECK(HDACodecBus, (obj), TYPE_HDA_BUS)
-
-typedef struct HDACodecBus HDACodecBus;
-typedef struct HDACodecDevice HDACodecDevice;
-
-typedef void (*hda_codec_response_func)(HDACodecDevice *dev,
- bool solicited, uint32_t response);
-typedef bool (*hda_codec_xfer_func)(HDACodecDevice *dev,
- uint32_t stnr, bool output,
- uint8_t *buf, uint32_t len);
-
-struct HDACodecBus {
- BusState qbus;
- uint32_t next_cad;
- hda_codec_response_func response;
- hda_codec_xfer_func xfer;
-};
-
-typedef struct HDACodecDeviceClass
-{
- DeviceClass parent_class;
-
- int (*init)(HDACodecDevice *dev);
- int (*exit)(HDACodecDevice *dev);
- void (*command)(HDACodecDevice *dev, uint32_t nid, uint32_t data);
- void (*stream)(HDACodecDevice *dev, uint32_t stnr, bool running, bool output);
-} HDACodecDeviceClass;
-
-struct HDACodecDevice {
- DeviceState qdev;
- uint32_t cad; /* codec address */
-};
-
-void hda_codec_bus_init(DeviceState *dev, HDACodecBus *bus,
- hda_codec_response_func response,
- hda_codec_xfer_func xfer);
-HDACodecDevice *hda_codec_find(HDACodecBus *bus, uint32_t cad);
-
-void hda_codec_response(HDACodecDevice *dev, bool solicited, uint32_t response);
-bool hda_codec_xfer(HDACodecDevice *dev, uint32_t stnr, bool output,
- uint8_t *buf, uint32_t len);
-
-/* --------------------------------------------------------------------- */
-
-#define dprint(_dev, _level, _fmt, ...) \
- do { \
- if (_dev->debug >= _level) { \
- fprintf(stderr, "%s: ", _dev->name); \
- fprintf(stderr, _fmt, ## __VA_ARGS__); \
- } \
- } while (0)
-
-/* --------------------------------------------------------------------- */
-
-#endif
diff --git a/hw/ioapic.c b/hw/ioapic.c
deleted file mode 100644
index 72730951a..000000000
--- a/hw/ioapic.c
+++ /dev/null
@@ -1,259 +0,0 @@
-/*
- * ioapic.c IOAPIC emulation logic
- *
- * Copyright (c) 2004-2005 Fabrice Bellard
- *
- * Split the ioapic logic from apic.c
- * Xiantao Zhang <xiantao.zhang@intel.com>
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, see <http://www.gnu.org/licenses/>.
- */
-
-#include "hw.h"
-#include "pc.h"
-#include "apic.h"
-#include "ioapic.h"
-#include "ioapic_internal.h"
-
-//#define DEBUG_IOAPIC
-
-#ifdef DEBUG_IOAPIC
-#define DPRINTF(fmt, ...) \
- do { printf("ioapic: " fmt , ## __VA_ARGS__); } while (0)
-#else
-#define DPRINTF(fmt, ...)
-#endif
-
-static IOAPICCommonState *ioapics[MAX_IOAPICS];
-
-static void ioapic_service(IOAPICCommonState *s)
-{
- uint8_t i;
- uint8_t trig_mode;
- uint8_t vector;
- uint8_t delivery_mode;
- uint32_t mask;
- uint64_t entry;
- uint8_t dest;
- uint8_t dest_mode;
-
- for (i = 0; i < IOAPIC_NUM_PINS; i++) {
- mask = 1 << i;
- if (s->irr & mask) {
- entry = s->ioredtbl[i];
- if (!(entry & IOAPIC_LVT_MASKED)) {
- trig_mode = ((entry >> IOAPIC_LVT_TRIGGER_MODE_SHIFT) & 1);
- dest = entry >> IOAPIC_LVT_DEST_SHIFT;
- dest_mode = (entry >> IOAPIC_LVT_DEST_MODE_SHIFT) & 1;
- delivery_mode =
- (entry >> IOAPIC_LVT_DELIV_MODE_SHIFT) & IOAPIC_DM_MASK;
- if (trig_mode == IOAPIC_TRIGGER_EDGE) {
- s->irr &= ~mask;
- } else {
- s->ioredtbl[i] |= IOAPIC_LVT_REMOTE_IRR;
- }
- if (delivery_mode == IOAPIC_DM_EXTINT) {
- vector = pic_read_irq(isa_pic);
- } else {
- vector = entry & IOAPIC_VECTOR_MASK;
- }
- apic_deliver_irq(dest, dest_mode, delivery_mode,
- vector, trig_mode);
- }
- }
- }
-}
-
-static void ioapic_set_irq(void *opaque, int vector, int level)
-{
- IOAPICCommonState *s = opaque;
-
- /* ISA IRQs map to GSI 1-1 except for IRQ0 which maps
- * to GSI 2. GSI maps to ioapic 1-1. This is not
- * the cleanest way of doing it but it should work. */
-
- DPRINTF("%s: %s vec %x\n", __func__, level ? "raise" : "lower", vector);
- if (vector == 0) {
- vector = 2;
- }
- if (vector >= 0 && vector < IOAPIC_NUM_PINS) {
- uint32_t mask = 1 << vector;
- uint64_t entry = s->ioredtbl[vector];
-
- if (entry & (1 << IOAPIC_LVT_POLARITY_SHIFT)) {
- level = !level;
- }
- if (((entry >> IOAPIC_LVT_TRIGGER_MODE_SHIFT) & 1) ==
- IOAPIC_TRIGGER_LEVEL) {
- /* level triggered */
- if (level) {
- s->irr |= mask;
- ioapic_service(s);
- } else {
- s->irr &= ~mask;
- }
- } else {
- /* According to the 82093AA manual, we must ignore edge requests
- * if the input pin is masked. */
- if (level && !(entry & IOAPIC_LVT_MASKED)) {
- s->irr |= mask;
- ioapic_service(s);
- }
- }
- }
-}
-
-void ioapic_eoi_broadcast(int vector)
-{
- IOAPICCommonState *s;
- uint64_t entry;
- int i, n;
-
- for (i = 0; i < MAX_IOAPICS; i++) {
- s = ioapics[i];
- if (!s) {
- continue;
- }
- for (n = 0; n < IOAPIC_NUM_PINS; n++) {
- entry = s->ioredtbl[n];
- if ((entry & IOAPIC_LVT_REMOTE_IRR)
- && (entry & IOAPIC_VECTOR_MASK) == vector) {
- s->ioredtbl[n] = entry & ~IOAPIC_LVT_REMOTE_IRR;
- if (!(entry & IOAPIC_LVT_MASKED) && (s->irr & (1 << n))) {
- ioapic_service(s);
- }
- }
- }
- }
-}
-
-static uint64_t
-ioapic_mem_read(void *opaque, hwaddr addr, unsigned int size)
-{
- IOAPICCommonState *s = opaque;
- int index;
- uint32_t val = 0;
-
- switch (addr & 0xff) {
- case IOAPIC_IOREGSEL:
- val = s->ioregsel;
- break;
- case IOAPIC_IOWIN:
- if (size != 4) {
- break;
- }
- switch (s->ioregsel) {
- case IOAPIC_REG_ID:
- val = s->id << IOAPIC_ID_SHIFT;
- break;
- case IOAPIC_REG_VER:
- val = IOAPIC_VERSION |
- ((IOAPIC_NUM_PINS - 1) << IOAPIC_VER_ENTRIES_SHIFT);
- break;
- case IOAPIC_REG_ARB:
- val = 0;
- break;
- default:
- index = (s->ioregsel - IOAPIC_REG_REDTBL_BASE) >> 1;
- if (index >= 0 && index < IOAPIC_NUM_PINS) {
- if (s->ioregsel & 1) {
- val = s->ioredtbl[index] >> 32;
- } else {
- val = s->ioredtbl[index] & 0xffffffff;
- }
- }
- }
- DPRINTF("read: %08x = %08x\n", s->ioregsel, val);
- break;
- }
- return val;
-}
-
-static void
-ioapic_mem_write(void *opaque, hwaddr addr, uint64_t val,
- unsigned int size)
-{
- IOAPICCommonState *s = opaque;
- int index;
-
- switch (addr & 0xff) {
- case IOAPIC_IOREGSEL:
- s->ioregsel = val;
- break;
- case IOAPIC_IOWIN:
- if (size != 4) {
- break;
- }
- DPRINTF("write: %08x = %08" PRIx64 "\n", s->ioregsel, val);
- switch (s->ioregsel) {
- case IOAPIC_REG_ID:
- s->id = (val >> IOAPIC_ID_SHIFT) & IOAPIC_ID_MASK;
- break;
- case IOAPIC_REG_VER:
- case IOAPIC_REG_ARB:
- break;
- default:
- index = (s->ioregsel - IOAPIC_REG_REDTBL_BASE) >> 1;
- if (index >= 0 && index < IOAPIC_NUM_PINS) {
- if (s->ioregsel & 1) {
- s->ioredtbl[index] &= 0xffffffff;
- s->ioredtbl[index] |= (uint64_t)val << 32;
- } else {
- s->ioredtbl[index] &= ~0xffffffffULL;
- s->ioredtbl[index] |= val;
- }
- ioapic_service(s);
- }
- }
- break;
- }
-}
-
-static const MemoryRegionOps ioapic_io_ops = {
- .read = ioapic_mem_read,
- .write = ioapic_mem_write,
- .endianness = DEVICE_NATIVE_ENDIAN,
-};
-
-static void ioapic_init(IOAPICCommonState *s, int instance_no)
-{
- memory_region_init_io(&s->io_memory, &ioapic_io_ops, s, "ioapic", 0x1000);
-
- qdev_init_gpio_in(&s->busdev.qdev, ioapic_set_irq, IOAPIC_NUM_PINS);
-
- ioapics[instance_no] = s;
-}
-
-static void ioapic_class_init(ObjectClass *klass, void *data)
-{
- IOAPICCommonClass *k = IOAPIC_COMMON_CLASS(klass);
- DeviceClass *dc = DEVICE_CLASS(klass);
-
- k->init = ioapic_init;
- dc->reset = ioapic_reset_common;
-}
-
-static TypeInfo ioapic_info = {
- .name = "ioapic",
- .parent = TYPE_IOAPIC_COMMON,
- .instance_size = sizeof(IOAPICCommonState),
- .class_init = ioapic_class_init,
-};
-
-static void ioapic_register_types(void)
-{
- type_register_static(&ioapic_info);
-}
-
-type_init(ioapic_register_types)
diff --git a/hw/ioapic.h b/hw/ioapic.h
deleted file mode 100644
index 86e63dac7..000000000
--- a/hw/ioapic.h
+++ /dev/null
@@ -1,27 +0,0 @@
-/*
- * ioapic.c IOAPIC emulation logic
- *
- * Copyright (c) 2011 Jan Kiszka, Siemens AG
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, see <http://www.gnu.org/licenses/>.
- */
-
-#ifndef HW_IOAPIC_H
-#define HW_IOAPIC_H
-
-#define IOAPIC_NUM_PINS 24
-
-void ioapic_eoi_broadcast(int vector);
-
-#endif /* !HW_IOAPIC_H */
diff --git a/hw/ioapic_common.c b/hw/ioapic_common.c
deleted file mode 100644
index 653eef2ce..000000000
--- a/hw/ioapic_common.c
+++ /dev/null
@@ -1,120 +0,0 @@
-/*
- * IOAPIC emulation logic - common bits of emulated and KVM kernel model
- *
- * Copyright (c) 2004-2005 Fabrice Bellard
- * Copyright (c) 2009 Xiantao Zhang, Intel
- * Copyright (c) 2011 Jan Kiszka, Siemens AG
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, see <http://www.gnu.org/licenses/>.
- */
-
-#include "ioapic.h"
-#include "ioapic_internal.h"
-#include "sysbus.h"
-
-void ioapic_reset_common(DeviceState *dev)
-{
- IOAPICCommonState *s = IOAPIC_COMMON(dev);
- int i;
-
- s->id = 0;
- s->ioregsel = 0;
- s->irr = 0;
- for (i = 0; i < IOAPIC_NUM_PINS; i++) {
- s->ioredtbl[i] = 1 << IOAPIC_LVT_MASKED_SHIFT;
- }
-}
-
-static void ioapic_dispatch_pre_save(void *opaque)
-{
- IOAPICCommonState *s = IOAPIC_COMMON(opaque);
- IOAPICCommonClass *info = IOAPIC_COMMON_GET_CLASS(s);
-
- if (info->pre_save) {
- info->pre_save(s);
- }
-}
-
-static int ioapic_dispatch_post_load(void *opaque, int version_id)
-{
- IOAPICCommonState *s = IOAPIC_COMMON(opaque);
- IOAPICCommonClass *info = IOAPIC_COMMON_GET_CLASS(s);
-
- if (info->post_load) {
- info->post_load(s);
- }
- return 0;
-}
-
-static int ioapic_init_common(SysBusDevice *dev)
-{
- IOAPICCommonState *s = FROM_SYSBUS(IOAPICCommonState, dev);
- IOAPICCommonClass *info;
- static int ioapic_no;
-
- if (ioapic_no >= MAX_IOAPICS) {
- return -1;
- }
-
- info = IOAPIC_COMMON_GET_CLASS(s);
- info->init(s, ioapic_no);
-
- sysbus_init_mmio(&s->busdev, &s->io_memory);
- ioapic_no++;
-
- return 0;
-}
-
-static const VMStateDescription vmstate_ioapic_common = {
- .name = "ioapic",
- .version_id = 3,
- .minimum_version_id = 1,
- .minimum_version_id_old = 1,
- .pre_save = ioapic_dispatch_pre_save,
- .post_load = ioapic_dispatch_post_load,
- .fields = (VMStateField[]) {
- VMSTATE_UINT8(id, IOAPICCommonState),
- VMSTATE_UINT8(ioregsel, IOAPICCommonState),
- VMSTATE_UNUSED_V(2, 8), /* to account for qemu-kvm's v2 format */
- VMSTATE_UINT32_V(irr, IOAPICCommonState, 2),
- VMSTATE_UINT64_ARRAY(ioredtbl, IOAPICCommonState, IOAPIC_NUM_PINS),
- VMSTATE_END_OF_LIST()
- }
-};
-
-static void ioapic_common_class_init(ObjectClass *klass, void *data)
-{
- SysBusDeviceClass *sc = SYS_BUS_DEVICE_CLASS(klass);
- DeviceClass *dc = DEVICE_CLASS(klass);
-
- sc->init = ioapic_init_common;
- dc->vmsd = &vmstate_ioapic_common;
- dc->no_user = 1;
-}
-
-static TypeInfo ioapic_common_type = {
- .name = TYPE_IOAPIC_COMMON,
- .parent = TYPE_SYS_BUS_DEVICE,
- .instance_size = sizeof(IOAPICCommonState),
- .class_size = sizeof(IOAPICCommonClass),
- .class_init = ioapic_common_class_init,
- .abstract = true,
-};
-
-static void register_types(void)
-{
- type_register_static(&ioapic_common_type);
-}
-
-type_init(register_types)
diff --git a/hw/ioapic_internal.h b/hw/ioapic_internal.h
deleted file mode 100644
index e04c9f3c1..000000000
--- a/hw/ioapic_internal.h
+++ /dev/null
@@ -1,102 +0,0 @@
-/*
- * IOAPIC emulation logic - internal interfaces
- *
- * Copyright (c) 2004-2005 Fabrice Bellard
- * Copyright (c) 2009 Xiantao Zhang, Intel
- * Copyright (c) 2011 Jan Kiszka, Siemens AG
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, see <http://www.gnu.org/licenses/>.
- */
-
-#ifndef QEMU_IOAPIC_INTERNAL_H
-#define QEMU_IOAPIC_INTERNAL_H
-
-#include "hw.h"
-#include "memory.h"
-#include "sysbus.h"
-
-#define MAX_IOAPICS 1
-
-#define IOAPIC_VERSION 0x11
-
-#define IOAPIC_LVT_DEST_SHIFT 56
-#define IOAPIC_LVT_MASKED_SHIFT 16
-#define IOAPIC_LVT_TRIGGER_MODE_SHIFT 15
-#define IOAPIC_LVT_REMOTE_IRR_SHIFT 14
-#define IOAPIC_LVT_POLARITY_SHIFT 13
-#define IOAPIC_LVT_DELIV_STATUS_SHIFT 12
-#define IOAPIC_LVT_DEST_MODE_SHIFT 11
-#define IOAPIC_LVT_DELIV_MODE_SHIFT 8
-
-#define IOAPIC_LVT_MASKED (1 << IOAPIC_LVT_MASKED_SHIFT)
-#define IOAPIC_LVT_REMOTE_IRR (1 << IOAPIC_LVT_REMOTE_IRR_SHIFT)
-
-#define IOAPIC_TRIGGER_EDGE 0
-#define IOAPIC_TRIGGER_LEVEL 1
-
-/*io{apic,sapic} delivery mode*/
-#define IOAPIC_DM_FIXED 0x0
-#define IOAPIC_DM_LOWEST_PRIORITY 0x1
-#define IOAPIC_DM_PMI 0x2
-#define IOAPIC_DM_NMI 0x4
-#define IOAPIC_DM_INIT 0x5
-#define IOAPIC_DM_SIPI 0x6
-#define IOAPIC_DM_EXTINT 0x7
-#define IOAPIC_DM_MASK 0x7
-
-#define IOAPIC_VECTOR_MASK 0xff
-
-#define IOAPIC_IOREGSEL 0x00
-#define IOAPIC_IOWIN 0x10
-
-#define IOAPIC_REG_ID 0x00
-#define IOAPIC_REG_VER 0x01
-#define IOAPIC_REG_ARB 0x02
-#define IOAPIC_REG_REDTBL_BASE 0x10
-#define IOAPIC_ID 0x00
-
-#define IOAPIC_ID_SHIFT 24
-#define IOAPIC_ID_MASK 0xf
-
-#define IOAPIC_VER_ENTRIES_SHIFT 16
-
-typedef struct IOAPICCommonState IOAPICCommonState;
-
-#define TYPE_IOAPIC_COMMON "ioapic-common"
-#define IOAPIC_COMMON(obj) \
- OBJECT_CHECK(IOAPICCommonState, (obj), TYPE_IOAPIC_COMMON)
-#define IOAPIC_COMMON_CLASS(klass) \
- OBJECT_CLASS_CHECK(IOAPICCommonClass, (klass), TYPE_IOAPIC_COMMON)
-#define IOAPIC_COMMON_GET_CLASS(obj) \
- OBJECT_GET_CLASS(IOAPICCommonClass, (obj), TYPE_IOAPIC_COMMON)
-
-typedef struct IOAPICCommonClass {
- SysBusDeviceClass parent_class;
- void (*init)(IOAPICCommonState *s, int instance_no);
- void (*pre_save)(IOAPICCommonState *s);
- void (*post_load)(IOAPICCommonState *s);
-} IOAPICCommonClass;
-
-struct IOAPICCommonState {
- SysBusDevice busdev;
- MemoryRegion io_memory;
- uint8_t id;
- uint8_t ioregsel;
- uint32_t irr;
- uint64_t ioredtbl[IOAPIC_NUM_PINS];
-};
-
-void ioapic_reset_common(DeviceState *dev);
-
-#endif /* !QEMU_IOAPIC_INTERNAL_H */
diff --git a/hw/ioh3420.c b/hw/ioh3420.c
deleted file mode 100644
index 4d314733b..000000000
--- a/hw/ioh3420.c
+++ /dev/null
@@ -1,250 +0,0 @@
-/*
- * ioh3420.c
- * Intel X58 north bridge IOH
- * PCI Express root port device id 3420
- *
- * Copyright (c) 2010 Isaku Yamahata <yamahata at valinux co jp>
- * VA Linux Systems Japan K.K.
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, see <http://www.gnu.org/licenses/>.
- */
-
-#include "pci_ids.h"
-#include "msi.h"
-#include "pcie.h"
-#include "ioh3420.h"
-
-#define PCI_DEVICE_ID_IOH_EPORT 0x3420 /* D0:F0 express mode */
-#define PCI_DEVICE_ID_IOH_REV 0x2
-#define IOH_EP_SSVID_OFFSET 0x40
-#define IOH_EP_SSVID_SVID PCI_VENDOR_ID_INTEL
-#define IOH_EP_SSVID_SSID 0
-#define IOH_EP_MSI_OFFSET 0x60
-#define IOH_EP_MSI_SUPPORTED_FLAGS PCI_MSI_FLAGS_MASKBIT
-#define IOH_EP_MSI_NR_VECTOR 2
-#define IOH_EP_EXP_OFFSET 0x90
-#define IOH_EP_AER_OFFSET 0x100
-
-/*
- * If two MSI vector are allocated, Advanced Error Interrupt Message Number
- * is 1. otherwise 0.
- * 17.12.5.10 RPERRSTS, 32:27 bit Advanced Error Interrupt Message Number.
- */
-static uint8_t ioh3420_aer_vector(const PCIDevice *d)
-{
- switch (msi_nr_vectors_allocated(d)) {
- case 1:
- return 0;
- case 2:
- return 1;
- case 4:
- case 8:
- case 16:
- case 32:
- default:
- break;
- }
- abort();
- return 0;
-}
-
-static void ioh3420_aer_vector_update(PCIDevice *d)
-{
- pcie_aer_root_set_vector(d, ioh3420_aer_vector(d));
-}
-
-static void ioh3420_write_config(PCIDevice *d,
- uint32_t address, uint32_t val, int len)
-{
- uint32_t root_cmd =
- pci_get_long(d->config + d->exp.aer_cap + PCI_ERR_ROOT_COMMAND);
-
- pci_bridge_write_config(d, address, val, len);
- ioh3420_aer_vector_update(d);
- pcie_cap_slot_write_config(d, address, val, len);
- pcie_aer_write_config(d, address, val, len);
- pcie_aer_root_write_config(d, address, val, len, root_cmd);
-}
-
-static void ioh3420_reset(DeviceState *qdev)
-{
- PCIDevice *d = PCI_DEVICE(qdev);
-
- ioh3420_aer_vector_update(d);
- pcie_cap_root_reset(d);
- pcie_cap_deverr_reset(d);
- pcie_cap_slot_reset(d);
- pcie_aer_root_reset(d);
- pci_bridge_reset(qdev);
- pci_bridge_disable_base_limit(d);
-}
-
-static int ioh3420_initfn(PCIDevice *d)
-{
- PCIBridge* br = DO_UPCAST(PCIBridge, dev, d);
- PCIEPort *p = DO_UPCAST(PCIEPort, br, br);
- PCIESlot *s = DO_UPCAST(PCIESlot, port, p);
- int rc;
-
- rc = pci_bridge_initfn(d);
- if (rc < 0) {
- return rc;
- }
-
- pcie_port_init_reg(d);
-
- rc = pci_bridge_ssvid_init(d, IOH_EP_SSVID_OFFSET,
- IOH_EP_SSVID_SVID, IOH_EP_SSVID_SSID);
- if (rc < 0) {
- goto err_bridge;
- }
- rc = msi_init(d, IOH_EP_MSI_OFFSET, IOH_EP_MSI_NR_VECTOR,
- IOH_EP_MSI_SUPPORTED_FLAGS & PCI_MSI_FLAGS_64BIT,
- IOH_EP_MSI_SUPPORTED_FLAGS & PCI_MSI_FLAGS_MASKBIT);
- if (rc < 0) {
- goto err_bridge;
- }
- rc = pcie_cap_init(d, IOH_EP_EXP_OFFSET, PCI_EXP_TYPE_ROOT_PORT, p->port);
- if (rc < 0) {
- goto err_msi;
- }
- pcie_cap_deverr_init(d);
- pcie_cap_slot_init(d, s->slot);
- pcie_chassis_create(s->chassis);
- rc = pcie_chassis_add_slot(s);
- if (rc < 0) {
- goto err_pcie_cap;
- }
- pcie_cap_root_init(d);
- rc = pcie_aer_init(d, IOH_EP_AER_OFFSET);
- if (rc < 0) {
- goto err;
- }
- pcie_aer_root_init(d);
- ioh3420_aer_vector_update(d);
- return 0;
-
-err:
- pcie_chassis_del_slot(s);
-err_pcie_cap:
- pcie_cap_exit(d);
-err_msi:
- msi_uninit(d);
-err_bridge:
- pci_bridge_exitfn(d);
- return rc;
-}
-
-static void ioh3420_exitfn(PCIDevice *d)
-{
- PCIBridge* br = DO_UPCAST(PCIBridge, dev, d);
- PCIEPort *p = DO_UPCAST(PCIEPort, br, br);
- PCIESlot *s = DO_UPCAST(PCIESlot, port, p);
-
- pcie_aer_exit(d);
- pcie_chassis_del_slot(s);
- pcie_cap_exit(d);
- msi_uninit(d);
- pci_bridge_exitfn(d);
-}
-
-PCIESlot *ioh3420_init(PCIBus *bus, int devfn, bool multifunction,
- const char *bus_name, pci_map_irq_fn map_irq,
- uint8_t port, uint8_t chassis, uint16_t slot)
-{
- PCIDevice *d;
- PCIBridge *br;
- DeviceState *qdev;
-
- d = pci_create_multifunction(bus, devfn, multifunction, "ioh3420");
- if (!d) {
- return NULL;
- }
- br = DO_UPCAST(PCIBridge, dev, d);
-
- qdev = &br->dev.qdev;
- pci_bridge_map_irq(br, bus_name, map_irq);
- qdev_prop_set_uint8(qdev, "port", port);
- qdev_prop_set_uint8(qdev, "chassis", chassis);
- qdev_prop_set_uint16(qdev, "slot", slot);
- qdev_init_nofail(qdev);
-
- return DO_UPCAST(PCIESlot, port, DO_UPCAST(PCIEPort, br, br));
-}
-
-static const VMStateDescription vmstate_ioh3420 = {
- .name = "ioh-3240-express-root-port",
- .version_id = 1,
- .minimum_version_id = 1,
- .minimum_version_id_old = 1,
- .post_load = pcie_cap_slot_post_load,
- .fields = (VMStateField[]) {
- VMSTATE_PCIE_DEVICE(port.br.dev, PCIESlot),
- VMSTATE_STRUCT(port.br.dev.exp.aer_log, PCIESlot, 0,
- vmstate_pcie_aer_log, PCIEAERLog),
- VMSTATE_END_OF_LIST()
- }
-};
-
-static Property ioh3420_properties[] = {
- DEFINE_PROP_UINT8("port", PCIESlot, port.port, 0),
- DEFINE_PROP_UINT8("chassis", PCIESlot, chassis, 0),
- DEFINE_PROP_UINT16("slot", PCIESlot, slot, 0),
- DEFINE_PROP_UINT16("aer_log_max", PCIESlot,
- port.br.dev.exp.aer_log.log_max,
- PCIE_AER_LOG_MAX_DEFAULT),
- DEFINE_PROP_END_OF_LIST(),
-};
-
-static void ioh3420_class_init(ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS(klass);
- PCIDeviceClass *k = PCI_DEVICE_CLASS(klass);
-
- k->is_express = 1;
- k->is_bridge = 1;
- k->config_write = ioh3420_write_config;
- k->init = ioh3420_initfn;
- k->exit = ioh3420_exitfn;
- k->vendor_id = PCI_VENDOR_ID_INTEL;
- k->device_id = PCI_DEVICE_ID_IOH_EPORT;
- k->revision = PCI_DEVICE_ID_IOH_REV;
- dc->desc = "Intel IOH device id 3420 PCIE Root Port";
- dc->reset = ioh3420_reset;
- dc->vmsd = &vmstate_ioh3420;
- dc->props = ioh3420_properties;
-}
-
-static TypeInfo ioh3420_info = {
- .name = "ioh3420",
- .parent = TYPE_PCI_DEVICE,
- .instance_size = sizeof(PCIESlot),
- .class_init = ioh3420_class_init,
-};
-
-static void ioh3420_register_types(void)
-{
- type_register_static(&ioh3420_info);
-}
-
-type_init(ioh3420_register_types)
-
-/*
- * Local variables:
- * c-indent-level: 4
- * c-basic-offset: 4
- * tab-width: 8
- * indent-tab-mode: nil
- * End:
- */
diff --git a/hw/ioh3420.h b/hw/ioh3420.h
deleted file mode 100644
index 68c523ab4..000000000
--- a/hw/ioh3420.h
+++ /dev/null
@@ -1,10 +0,0 @@
-#ifndef QEMU_IOH3420_H
-#define QEMU_IOH3420_H
-
-#include "pcie_port.h"
-
-PCIESlot *ioh3420_init(PCIBus *bus, int devfn, bool multifunction,
- const char *bus_name, pci_map_irq_fn map_irq,
- uint8_t port, uint8_t chassis, uint16_t slot);
-
-#endif /* QEMU_IOH3420_H */
diff --git a/hw/irq.c b/hw/irq.c
deleted file mode 100644
index f4e2a7804..000000000
--- a/hw/irq.c
+++ /dev/null
@@ -1,136 +0,0 @@
-/*
- * QEMU IRQ/GPIO common code.
- *
- * Copyright (c) 2007 CodeSourcery.
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
- * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
- * THE SOFTWARE.
- */
-#include "qemu-common.h"
-#include "irq.h"
-
-struct IRQState {
- qemu_irq_handler handler;
- void *opaque;
- int n;
-};
-
-void qemu_set_irq(qemu_irq irq, int level)
-{
- if (!irq)
- return;
-
- irq->handler(irq->opaque, irq->n, level);
-}
-
-qemu_irq *qemu_extend_irqs(qemu_irq *old, int n_old, qemu_irq_handler handler,
- void *opaque, int n)
-{
- qemu_irq *s;
- struct IRQState *p;
- int i;
-
- if (!old) {
- n_old = 0;
- }
- s = old ? g_renew(qemu_irq, old, n + n_old) : g_new(qemu_irq, n);
- p = old ? g_renew(struct IRQState, s[0], n + n_old) :
- g_new(struct IRQState, n);
- for (i = 0; i < n + n_old; i++) {
- if (i >= n_old) {
- p->handler = handler;
- p->opaque = opaque;
- p->n = i;
- }
- s[i] = p;
- p++;
- }
- return s;
-}
-
-qemu_irq *qemu_allocate_irqs(qemu_irq_handler handler, void *opaque, int n)
-{
- return qemu_extend_irqs(NULL, 0, handler, opaque, n);
-}
-
-
-void qemu_free_irqs(qemu_irq *s)
-{
- g_free(s[0]);
- g_free(s);
-}
-
-static void qemu_notirq(void *opaque, int line, int level)
-{
- struct IRQState *irq = opaque;
-
- irq->handler(irq->opaque, irq->n, !level);
-}
-
-qemu_irq qemu_irq_invert(qemu_irq irq)
-{
- /* The default state for IRQs is low, so raise the output now. */
- qemu_irq_raise(irq);
- return qemu_allocate_irqs(qemu_notirq, irq, 1)[0];
-}
-
-static void qemu_splitirq(void *opaque, int line, int level)
-{
- struct IRQState **irq = opaque;
- irq[0]->handler(irq[0]->opaque, irq[0]->n, level);
- irq[1]->handler(irq[1]->opaque, irq[1]->n, level);
-}
-
-qemu_irq qemu_irq_split(qemu_irq irq1, qemu_irq irq2)
-{
- qemu_irq *s = g_malloc0(2 * sizeof(qemu_irq));
- s[0] = irq1;
- s[1] = irq2;
- return qemu_allocate_irqs(qemu_splitirq, s, 1)[0];
-}
-
-static void proxy_irq_handler(void *opaque, int n, int level)
-{
- qemu_irq **target = opaque;
-
- if (*target) {
- qemu_set_irq((*target)[n], level);
- }
-}
-
-qemu_irq *qemu_irq_proxy(qemu_irq **target, int n)
-{
- return qemu_allocate_irqs(proxy_irq_handler, target, n);
-}
-
-void qemu_irq_intercept_in(qemu_irq *gpio_in, qemu_irq_handler handler, int n)
-{
- int i;
- qemu_irq *old_irqs = qemu_allocate_irqs(NULL, NULL, n);
- for (i = 0; i < n; i++) {
- *old_irqs[i] = *gpio_in[i];
- gpio_in[i]->handler = handler;
- gpio_in[i]->opaque = old_irqs;
- }
-}
-
-void qemu_irq_intercept_out(qemu_irq **gpio_out, qemu_irq_handler handler, int n)
-{
- qemu_irq *old_irqs = *gpio_out;
- *gpio_out = qemu_allocate_irqs(handler, old_irqs, n);
-}
diff --git a/hw/irq.h b/hw/irq.h
deleted file mode 100644
index 610e6b762..000000000
--- a/hw/irq.h
+++ /dev/null
@@ -1,57 +0,0 @@
-#ifndef QEMU_IRQ_H
-#define QEMU_IRQ_H
-
-/* Generic IRQ/GPIO pin infrastructure. */
-
-typedef struct IRQState *qemu_irq;
-
-typedef void (*qemu_irq_handler)(void *opaque, int n, int level);
-
-void qemu_set_irq(qemu_irq irq, int level);
-
-static inline void qemu_irq_raise(qemu_irq irq)
-{
- qemu_set_irq(irq, 1);
-}
-
-static inline void qemu_irq_lower(qemu_irq irq)
-{
- qemu_set_irq(irq, 0);
-}
-
-static inline void qemu_irq_pulse(qemu_irq irq)
-{
- qemu_set_irq(irq, 1);
- qemu_set_irq(irq, 0);
-}
-
-/* Returns an array of N IRQs. Each IRQ is assigned the argument handler and
- * opaque data.
- */
-qemu_irq *qemu_allocate_irqs(qemu_irq_handler handler, void *opaque, int n);
-
-/* Extends an Array of IRQs. Old IRQs have their handlers and opaque data
- * preserved. New IRQs are assigned the argument handler and opaque data.
- */
-qemu_irq *qemu_extend_irqs(qemu_irq *old, int n_old, qemu_irq_handler handler,
- void *opaque, int n);
-
-void qemu_free_irqs(qemu_irq *s);
-
-/* Returns a new IRQ with opposite polarity. */
-qemu_irq qemu_irq_invert(qemu_irq irq);
-
-/* Returns a new IRQ which feeds into both the passed IRQs */
-qemu_irq qemu_irq_split(qemu_irq irq1, qemu_irq irq2);
-
-/* Returns a new IRQ set which connects 1:1 to another IRQ set, which
- * may be set later.
- */
-qemu_irq *qemu_irq_proxy(qemu_irq **target, int n);
-
-/* For internal use in qtest. Similar to qemu_irq_split, but operating
- on an existing vector of qemu_irq. */
-void qemu_irq_intercept_in(qemu_irq *gpio_in, qemu_irq_handler handler, int n);
-void qemu_irq_intercept_out(qemu_irq **gpio_out, qemu_irq_handler handler, int n);
-
-#endif
diff --git a/hw/isa-bus.c b/hw/isa-bus.c
deleted file mode 100644
index 685fdc0f8..000000000
--- a/hw/isa-bus.c
+++ /dev/null
@@ -1,267 +0,0 @@
-/*
- * isa bus support for qdev.
- *
- * Copyright (c) 2009 Gerd Hoffmann <kraxel@redhat.com>
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, see <http://www.gnu.org/licenses/>.
- */
-#include "hw.h"
-#include "monitor.h"
-#include "sysbus.h"
-#include "sysemu.h"
-#include "isa.h"
-#include "exec-memory.h"
-
-static ISABus *isabus;
-hwaddr isa_mem_base = 0;
-
-static void isabus_dev_print(Monitor *mon, DeviceState *dev, int indent);
-static char *isabus_get_fw_dev_path(DeviceState *dev);
-
-static void isa_bus_class_init(ObjectClass *klass, void *data)
-{
- BusClass *k = BUS_CLASS(klass);
-
- k->print_dev = isabus_dev_print;
- k->get_fw_dev_path = isabus_get_fw_dev_path;
-}
-
-static const TypeInfo isa_bus_info = {
- .name = TYPE_ISA_BUS,
- .parent = TYPE_BUS,
- .instance_size = sizeof(ISABus),
- .class_init = isa_bus_class_init,
-};
-
-ISABus *isa_bus_new(DeviceState *dev, MemoryRegion *address_space_io)
-{
- if (isabus) {
- fprintf(stderr, "Can't create a second ISA bus\n");
- return NULL;
- }
- if (NULL == dev) {
- dev = qdev_create(NULL, "isabus-bridge");
- qdev_init_nofail(dev);
- }
-
- isabus = FROM_QBUS(ISABus, qbus_create(TYPE_ISA_BUS, dev, NULL));
- isabus->address_space_io = address_space_io;
- return isabus;
-}
-
-void isa_bus_irqs(ISABus *bus, qemu_irq *irqs)
-{
- if (!bus) {
- hw_error("Can't set isa irqs with no isa bus present.");
- }
- bus->irqs = irqs;
-}
-
-/*
- * isa_get_irq() returns the corresponding qemu_irq entry for the i8259.
- *
- * This function is only for special cases such as the 'ferr', and
- * temporary use for normal devices until they are converted to qdev.
- */
-qemu_irq isa_get_irq(ISADevice *dev, int isairq)
-{
- assert(!dev || DO_UPCAST(ISABus, qbus, dev->qdev.parent_bus) == isabus);
- if (isairq < 0 || isairq > 15) {
- hw_error("isa irq %d invalid", isairq);
- }
- return isabus->irqs[isairq];
-}
-
-void isa_init_irq(ISADevice *dev, qemu_irq *p, int isairq)
-{
- assert(dev->nirqs < ARRAY_SIZE(dev->isairq));
- dev->isairq[dev->nirqs] = isairq;
- *p = isa_get_irq(dev, isairq);
- dev->nirqs++;
-}
-
-static inline void isa_init_ioport(ISADevice *dev, uint16_t ioport)
-{
- if (dev && (dev->ioport_id == 0 || ioport < dev->ioport_id)) {
- dev->ioport_id = ioport;
- }
-}
-
-void isa_register_ioport(ISADevice *dev, MemoryRegion *io, uint16_t start)
-{
- memory_region_add_subregion(isabus->address_space_io, start, io);
- isa_init_ioport(dev, start);
-}
-
-void isa_register_portio_list(ISADevice *dev, uint16_t start,
- const MemoryRegionPortio *pio_start,
- void *opaque, const char *name)
-{
- PortioList *piolist = g_new(PortioList, 1);
-
- /* START is how we should treat DEV, regardless of the actual
- contents of the portio array. This is how the old code
- actually handled e.g. the FDC device. */
- isa_init_ioport(dev, start);
-
- portio_list_init(piolist, pio_start, opaque, name);
- portio_list_add(piolist, isabus->address_space_io, start);
-}
-
-static int isa_qdev_init(DeviceState *qdev)
-{
- ISADevice *dev = ISA_DEVICE(qdev);
- ISADeviceClass *klass = ISA_DEVICE_GET_CLASS(dev);
-
- dev->isairq[0] = -1;
- dev->isairq[1] = -1;
-
- if (klass->init) {
- return klass->init(dev);
- }
-
- return 0;
-}
-
-ISADevice *isa_create(ISABus *bus, const char *name)
-{
- DeviceState *dev;
-
- if (!bus) {
- hw_error("Tried to create isa device %s with no isa bus present.",
- name);
- }
- dev = qdev_create(&bus->qbus, name);
- return ISA_DEVICE(dev);
-}
-
-ISADevice *isa_try_create(ISABus *bus, const char *name)
-{
- DeviceState *dev;
-
- if (!bus) {
- hw_error("Tried to create isa device %s with no isa bus present.",
- name);
- }
- dev = qdev_try_create(&bus->qbus, name);
- return ISA_DEVICE(dev);
-}
-
-ISADevice *isa_create_simple(ISABus *bus, const char *name)
-{
- ISADevice *dev;
-
- dev = isa_create(bus, name);
- qdev_init_nofail(&dev->qdev);
- return dev;
-}
-
-ISADevice *isa_vga_init(ISABus *bus)
-{
- switch (vga_interface_type) {
- case VGA_CIRRUS:
- return isa_create_simple(bus, "isa-cirrus-vga");
- case VGA_QXL:
- fprintf(stderr, "%s: qxl: no PCI bus\n", __func__);
- return NULL;
- case VGA_STD:
- return isa_create_simple(bus, "isa-vga");
- case VGA_VMWARE:
- fprintf(stderr, "%s: vmware_vga: no PCI bus\n", __func__);
- return NULL;
- case VGA_NONE:
- default:
- return NULL;
- }
-}
-
-static void isabus_dev_print(Monitor *mon, DeviceState *dev, int indent)
-{
- ISADevice *d = ISA_DEVICE(dev);
-
- if (d->isairq[1] != -1) {
- monitor_printf(mon, "%*sisa irqs %d,%d\n", indent, "",
- d->isairq[0], d->isairq[1]);
- } else if (d->isairq[0] != -1) {
- monitor_printf(mon, "%*sisa irq %d\n", indent, "",
- d->isairq[0]);
- }
-}
-
-static int isabus_bridge_init(SysBusDevice *dev)
-{
- /* nothing */
- return 0;
-}
-
-static void isabus_bridge_class_init(ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS(klass);
- SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
-
- k->init = isabus_bridge_init;
- dc->fw_name = "isa";
- dc->no_user = 1;
-}
-
-static TypeInfo isabus_bridge_info = {
- .name = "isabus-bridge",
- .parent = TYPE_SYS_BUS_DEVICE,
- .instance_size = sizeof(SysBusDevice),
- .class_init = isabus_bridge_class_init,
-};
-
-static void isa_device_class_init(ObjectClass *klass, void *data)
-{
- DeviceClass *k = DEVICE_CLASS(klass);
- k->init = isa_qdev_init;
- k->bus_type = TYPE_ISA_BUS;
-}
-
-static TypeInfo isa_device_type_info = {
- .name = TYPE_ISA_DEVICE,
- .parent = TYPE_DEVICE,
- .instance_size = sizeof(ISADevice),
- .abstract = true,
- .class_size = sizeof(ISADeviceClass),
- .class_init = isa_device_class_init,
-};
-
-static void isabus_register_types(void)
-{
- type_register_static(&isa_bus_info);
- type_register_static(&isabus_bridge_info);
- type_register_static(&isa_device_type_info);
-}
-
-static char *isabus_get_fw_dev_path(DeviceState *dev)
-{
- ISADevice *d = (ISADevice*)dev;
- char path[40];
- int off;
-
- off = snprintf(path, sizeof(path), "%s", qdev_fw_name(dev));
- if (d->ioport_id) {
- snprintf(path + off, sizeof(path) - off, "@%04x", d->ioport_id);
- }
-
- return g_strdup(path);
-}
-
-MemoryRegion *isa_address_space(ISADevice *dev)
-{
- return get_system_memory();
-}
-
-type_init(isabus_register_types)
diff --git a/hw/isa.h b/hw/isa.h
deleted file mode 100644
index f9382e836..000000000
--- a/hw/isa.h
+++ /dev/null
@@ -1,103 +0,0 @@
-#ifndef HW_ISA_H
-#define HW_ISA_H
-
-/* ISA bus */
-
-#include "ioport.h"
-#include "memory.h"
-#include "qdev.h"
-
-#define ISA_NUM_IRQS 16
-
-#define TYPE_ISA_DEVICE "isa-device"
-#define ISA_DEVICE(obj) \
- OBJECT_CHECK(ISADevice, (obj), TYPE_ISA_DEVICE)
-#define ISA_DEVICE_CLASS(klass) \
- OBJECT_CLASS_CHECK(ISADeviceClass, (klass), TYPE_ISA_DEVICE)
-#define ISA_DEVICE_GET_CLASS(obj) \
- OBJECT_GET_CLASS(ISADeviceClass, (obj), TYPE_ISA_DEVICE)
-
-#define TYPE_ISA_BUS "ISA"
-#define ISA_BUS(obj) OBJECT_CHECK(ISABus, (obj), TYPE_ISA_BUS)
-
-typedef struct ISADeviceClass {
- DeviceClass parent_class;
- int (*init)(ISADevice *dev);
-} ISADeviceClass;
-
-struct ISABus {
- BusState qbus;
- MemoryRegion *address_space_io;
- qemu_irq *irqs;
-};
-
-struct ISADevice {
- DeviceState qdev;
- uint32_t isairq[2];
- int nirqs;
- int ioport_id;
-};
-
-ISABus *isa_bus_new(DeviceState *dev, MemoryRegion *address_space_io);
-void isa_bus_irqs(ISABus *bus, qemu_irq *irqs);
-qemu_irq isa_get_irq(ISADevice *dev, int isairq);
-void isa_init_irq(ISADevice *dev, qemu_irq *p, int isairq);
-MemoryRegion *isa_address_space(ISADevice *dev);
-ISADevice *isa_create(ISABus *bus, const char *name);
-ISADevice *isa_try_create(ISABus *bus, const char *name);
-ISADevice *isa_create_simple(ISABus *bus, const char *name);
-
-ISADevice *isa_vga_init(ISABus *bus);
-
-/**
- * isa_register_ioport: Install an I/O port region on the ISA bus.
- *
- * Register an I/O port region via memory_region_add_subregion
- * inside the ISA I/O address space.
- *
- * @dev: the ISADevice against which these are registered; may be NULL.
- * @io: the #MemoryRegion being registered.
- * @start: the base I/O port.
- */
-void isa_register_ioport(ISADevice *dev, MemoryRegion *io, uint16_t start);
-
-/**
- * isa_register_portio_list: Initialize a set of ISA io ports
- *
- * Several ISA devices have many dis-joint I/O ports. Worse, these I/O
- * ports can be interleaved with I/O ports from other devices. This
- * function makes it easy to create multiple MemoryRegions for a single
- * device and use the legacy portio routines.
- *
- * @dev: the ISADevice against which these are registered; may be NULL.
- * @start: the base I/O port against which the portio->offset is applied.
- * @portio: the ports, sorted by offset.
- * @opaque: passed into the old_portio callbacks.
- * @name: passed into memory_region_init_io.
- */
-void isa_register_portio_list(ISADevice *dev, uint16_t start,
- const MemoryRegionPortio *portio,
- void *opaque, const char *name);
-
-static inline ISABus *isa_bus_from_device(ISADevice *d)
-{
- return DO_UPCAST(ISABus, qbus, d->qdev.parent_bus);
-}
-
-extern hwaddr isa_mem_base;
-
-void isa_mmio_setup(MemoryRegion *mr, hwaddr size);
-void isa_mmio_init(hwaddr base, hwaddr size);
-
-/* dma.c */
-int DMA_get_channel_mode (int nchan);
-int DMA_read_memory (int nchan, void *buf, int pos, int size);
-int DMA_write_memory (int nchan, void *buf, int pos, int size);
-void DMA_hold_DREQ (int nchan);
-void DMA_release_DREQ (int nchan);
-void DMA_schedule(int nchan);
-void DMA_init(int high_page_enable, qemu_irq *cpu_request_exit);
-void DMA_register_channel (int nchan,
- DMA_transfer_handler transfer_handler,
- void *opaque);
-#endif
diff --git a/hw/isa/Makefile.objs b/hw/isa/Makefile.objs
new file mode 100644
index 000000000..9164556a4
--- /dev/null
+++ b/hw/isa/Makefile.objs
@@ -0,0 +1,8 @@
+common-obj-y += isa-bus.o
+common-obj-$(CONFIG_APM) += apm.o
+common-obj-$(CONFIG_I82378) += i82378.o
+common-obj-$(CONFIG_PC87312) += pc87312.o
+common-obj-$(CONFIG_PIIX4) += piix4.o
+common-obj-$(CONFIG_VT82C686) += vt82c686.o
+
+obj-$(CONFIG_LPC_ICH9) += lpc_ich9.o
diff --git a/hw/isa/apm.c b/hw/isa/apm.c
new file mode 100644
index 000000000..f97e7a0c2
--- /dev/null
+++ b/hw/isa/apm.c
@@ -0,0 +1,102 @@
+/*
+ * QEMU PC APM controller Emulation
+ * This is split out from acpi.c
+ *
+ * Copyright (c) 2006 Fabrice Bellard
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License version 2 as published by the Free Software Foundation.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, see <http://www.gnu.org/licenses/>
+ *
+ * Contributions after 2012-01-13 are licensed under the terms of the
+ * GNU GPL, version 2 or (at your option) any later version.
+ */
+
+#include "hw/isa/apm.h"
+#include "hw/hw.h"
+#include "hw/pci/pci.h"
+
+//#define DEBUG
+
+#ifdef DEBUG
+# define APM_DPRINTF(format, ...) printf(format, ## __VA_ARGS__)
+#else
+# define APM_DPRINTF(format, ...) do { } while (0)
+#endif
+
+/* fixed I/O location */
+#define APM_CNT_IOPORT 0xb2
+#define APM_STS_IOPORT 0xb3
+
+static void apm_ioport_writeb(void *opaque, hwaddr addr, uint64_t val,
+ unsigned size)
+{
+ APMState *apm = opaque;
+ addr &= 1;
+ APM_DPRINTF("apm_ioport_writeb addr=0x%x val=0x%02x\n", addr, val);
+ if (addr == 0) {
+ apm->apmc = val;
+
+ if (apm->callback) {
+ (apm->callback)(val, apm->arg);
+ }
+ } else {
+ apm->apms = val;
+ }
+}
+
+static uint64_t apm_ioport_readb(void *opaque, hwaddr addr, unsigned size)
+{
+ APMState *apm = opaque;
+ uint32_t val;
+
+ addr &= 1;
+ if (addr == 0) {
+ val = apm->apmc;
+ } else {
+ val = apm->apms;
+ }
+ APM_DPRINTF("apm_ioport_readb addr=0x%x val=0x%02x\n", addr, val);
+ return val;
+}
+
+const VMStateDescription vmstate_apm = {
+ .name = "APM State",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .minimum_version_id_old = 1,
+ .fields = (VMStateField[]) {
+ VMSTATE_UINT8(apmc, APMState),
+ VMSTATE_UINT8(apms, APMState),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+static const MemoryRegionOps apm_ops = {
+ .read = apm_ioport_readb,
+ .write = apm_ioport_writeb,
+ .impl = {
+ .min_access_size = 1,
+ .max_access_size = 1,
+ },
+};
+
+void apm_init(PCIDevice *dev, APMState *apm, apm_ctrl_changed_t callback,
+ void *arg)
+{
+ apm->callback = callback;
+ apm->arg = arg;
+
+ /* ioport 0xb2, 0xb3 */
+ memory_region_init_io(&apm->io, OBJECT(dev), &apm_ops, apm, "apm-io", 2);
+ memory_region_add_subregion(pci_address_space_io(dev), APM_CNT_IOPORT,
+ &apm->io);
+}
diff --git a/hw/isa/i82378.c b/hw/isa/i82378.c
new file mode 100644
index 000000000..a7d9aa6da
--- /dev/null
+++ b/hw/isa/i82378.c
@@ -0,0 +1,149 @@
+/*
+ * QEMU Intel i82378 emulation (PCI to ISA bridge)
+ *
+ * Copyright (c) 2010-2011 Hervé Poussineau
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "hw/pci/pci.h"
+#include "hw/i386/pc.h"
+#include "hw/timer/i8254.h"
+#include "hw/audio/pcspk.h"
+
+#define TYPE_I82378 "i82378"
+#define I82378(obj) \
+ OBJECT_CHECK(I82378State, (obj), TYPE_I82378)
+
+typedef struct I82378State {
+ PCIDevice parent_obj;
+
+ qemu_irq out[2];
+ qemu_irq *i8259;
+ MemoryRegion io;
+} I82378State;
+
+static const VMStateDescription vmstate_i82378 = {
+ .name = "pci-i82378",
+ .version_id = 0,
+ .minimum_version_id = 0,
+ .fields = (VMStateField[]) {
+ VMSTATE_PCI_DEVICE(parent_obj, I82378State),
+ VMSTATE_END_OF_LIST()
+ },
+};
+
+static void i82378_request_out0_irq(void *opaque, int irq, int level)
+{
+ I82378State *s = opaque;
+ qemu_set_irq(s->out[0], level);
+}
+
+static void i82378_request_pic_irq(void *opaque, int irq, int level)
+{
+ DeviceState *dev = opaque;
+ I82378State *s = I82378(dev);
+
+ qemu_set_irq(s->i8259[irq], level);
+}
+
+static int i82378_initfn(PCIDevice *pci)
+{
+ DeviceState *dev = DEVICE(pci);
+ I82378State *s = I82378(dev);
+ uint8_t *pci_conf;
+ ISABus *isabus;
+ ISADevice *isa;
+ qemu_irq *out0_irq;
+
+ pci_conf = pci->config;
+ pci_set_word(pci_conf + PCI_COMMAND,
+ PCI_COMMAND_IO | PCI_COMMAND_MEMORY | PCI_COMMAND_MASTER);
+ pci_set_word(pci_conf + PCI_STATUS,
+ PCI_STATUS_DEVSEL_MEDIUM);
+
+ pci_config_set_interrupt_pin(pci_conf, 1); /* interrupt pin 0 */
+
+ isabus = isa_bus_new(dev, pci_address_space_io(pci));
+
+ /* This device has:
+ 2 82C59 (irq)
+ 1 82C54 (pit)
+ 2 82C37 (dma)
+ NMI
+ Utility Bus Support Registers
+
+ All devices accept byte access only, except timer
+ */
+
+ /* Workaround the fact that i8259 is not qdev'ified... */
+ out0_irq = qemu_allocate_irqs(i82378_request_out0_irq, s, 1);
+
+ /* 2 82C59 (irq) */
+ s->i8259 = i8259_init(isabus, *out0_irq);
+ isa_bus_irqs(isabus, s->i8259);
+
+ /* 1 82C54 (pit) */
+ isa = pit_init(isabus, 0x40, 0, NULL);
+
+ /* speaker */
+ pcspk_init(isabus, isa);
+
+ /* 2 82C37 (dma) */
+ isa = isa_create_simple(isabus, "i82374");
+ qdev_connect_gpio_out(DEVICE(isa), 0, s->out[1]);
+
+ /* timer */
+ isa_create_simple(isabus, "mc146818rtc");
+
+ return 0;
+}
+
+static void i82378_init(Object *obj)
+{
+ DeviceState *dev = DEVICE(obj);
+ I82378State *s = I82378(obj);
+
+ qdev_init_gpio_out(dev, s->out, 2);
+ qdev_init_gpio_in(dev, i82378_request_pic_irq, 16);
+}
+
+static void i82378_class_init(ObjectClass *klass, void *data)
+{
+ PCIDeviceClass *k = PCI_DEVICE_CLASS(klass);
+ DeviceClass *dc = DEVICE_CLASS(klass);
+
+ k->init = i82378_initfn;
+ k->vendor_id = PCI_VENDOR_ID_INTEL;
+ k->device_id = PCI_DEVICE_ID_INTEL_82378;
+ k->revision = 0x03;
+ k->class_id = PCI_CLASS_BRIDGE_ISA;
+ dc->vmsd = &vmstate_i82378;
+ set_bit(DEVICE_CATEGORY_BRIDGE, dc->categories);
+}
+
+static const TypeInfo i82378_type_info = {
+ .name = TYPE_I82378,
+ .parent = TYPE_PCI_DEVICE,
+ .instance_size = sizeof(I82378State),
+ .instance_init = i82378_init,
+ .class_init = i82378_class_init,
+};
+
+static void i82378_register_types(void)
+{
+ type_register_static(&i82378_type_info);
+}
+
+type_init(i82378_register_types)
diff --git a/hw/isa/isa-bus.c b/hw/isa/isa-bus.c
new file mode 100644
index 000000000..9e104eb9a
--- /dev/null
+++ b/hw/isa/isa-bus.c
@@ -0,0 +1,261 @@
+/*
+ * isa bus support for qdev.
+ *
+ * Copyright (c) 2009 Gerd Hoffmann <kraxel@redhat.com>
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, see <http://www.gnu.org/licenses/>.
+ */
+#include "hw/hw.h"
+#include "monitor/monitor.h"
+#include "hw/sysbus.h"
+#include "sysemu/sysemu.h"
+#include "hw/isa/isa.h"
+#include "exec/address-spaces.h"
+
+static ISABus *isabus;
+hwaddr isa_mem_base = 0;
+
+static void isabus_dev_print(Monitor *mon, DeviceState *dev, int indent);
+static char *isabus_get_fw_dev_path(DeviceState *dev);
+
+static void isa_bus_class_init(ObjectClass *klass, void *data)
+{
+ BusClass *k = BUS_CLASS(klass);
+
+ k->print_dev = isabus_dev_print;
+ k->get_fw_dev_path = isabus_get_fw_dev_path;
+}
+
+static const TypeInfo isa_bus_info = {
+ .name = TYPE_ISA_BUS,
+ .parent = TYPE_BUS,
+ .instance_size = sizeof(ISABus),
+ .class_init = isa_bus_class_init,
+};
+
+ISABus *isa_bus_new(DeviceState *dev, MemoryRegion *address_space_io)
+{
+ if (isabus) {
+ fprintf(stderr, "Can't create a second ISA bus\n");
+ return NULL;
+ }
+ if (NULL == dev) {
+ dev = qdev_create(NULL, "isabus-bridge");
+ qdev_init_nofail(dev);
+ }
+
+ isabus = ISA_BUS(qbus_create(TYPE_ISA_BUS, dev, NULL));
+ isabus->address_space_io = address_space_io;
+ return isabus;
+}
+
+void isa_bus_irqs(ISABus *bus, qemu_irq *irqs)
+{
+ if (!bus) {
+ hw_error("Can't set isa irqs with no isa bus present.");
+ }
+ bus->irqs = irqs;
+}
+
+/*
+ * isa_get_irq() returns the corresponding qemu_irq entry for the i8259.
+ *
+ * This function is only for special cases such as the 'ferr', and
+ * temporary use for normal devices until they are converted to qdev.
+ */
+qemu_irq isa_get_irq(ISADevice *dev, int isairq)
+{
+ assert(!dev || ISA_BUS(qdev_get_parent_bus(DEVICE(dev))) == isabus);
+ if (isairq < 0 || isairq > 15) {
+ hw_error("isa irq %d invalid", isairq);
+ }
+ return isabus->irqs[isairq];
+}
+
+void isa_init_irq(ISADevice *dev, qemu_irq *p, int isairq)
+{
+ assert(dev->nirqs < ARRAY_SIZE(dev->isairq));
+ dev->isairq[dev->nirqs] = isairq;
+ *p = isa_get_irq(dev, isairq);
+ dev->nirqs++;
+}
+
+static inline void isa_init_ioport(ISADevice *dev, uint16_t ioport)
+{
+ if (dev && (dev->ioport_id == 0 || ioport < dev->ioport_id)) {
+ dev->ioport_id = ioport;
+ }
+}
+
+void isa_register_ioport(ISADevice *dev, MemoryRegion *io, uint16_t start)
+{
+ memory_region_add_subregion(isabus->address_space_io, start, io);
+ isa_init_ioport(dev, start);
+}
+
+void isa_register_portio_list(ISADevice *dev, uint16_t start,
+ const MemoryRegionPortio *pio_start,
+ void *opaque, const char *name)
+{
+ PortioList *piolist = g_new(PortioList, 1);
+
+ /* START is how we should treat DEV, regardless of the actual
+ contents of the portio array. This is how the old code
+ actually handled e.g. the FDC device. */
+ isa_init_ioport(dev, start);
+
+ portio_list_init(piolist, OBJECT(dev), pio_start, opaque, name);
+ portio_list_add(piolist, isabus->address_space_io, start);
+}
+
+static void isa_device_init(Object *obj)
+{
+ ISADevice *dev = ISA_DEVICE(obj);
+
+ dev->isairq[0] = -1;
+ dev->isairq[1] = -1;
+}
+
+ISADevice *isa_create(ISABus *bus, const char *name)
+{
+ DeviceState *dev;
+
+ if (!bus) {
+ hw_error("Tried to create isa device %s with no isa bus present.",
+ name);
+ }
+ dev = qdev_create(BUS(bus), name);
+ return ISA_DEVICE(dev);
+}
+
+ISADevice *isa_try_create(ISABus *bus, const char *name)
+{
+ DeviceState *dev;
+
+ if (!bus) {
+ hw_error("Tried to create isa device %s with no isa bus present.",
+ name);
+ }
+ dev = qdev_try_create(BUS(bus), name);
+ return ISA_DEVICE(dev);
+}
+
+ISADevice *isa_create_simple(ISABus *bus, const char *name)
+{
+ ISADevice *dev;
+
+ dev = isa_create(bus, name);
+ qdev_init_nofail(DEVICE(dev));
+ return dev;
+}
+
+ISADevice *isa_vga_init(ISABus *bus)
+{
+ switch (vga_interface_type) {
+ case VGA_CIRRUS:
+ return isa_create_simple(bus, "isa-cirrus-vga");
+ case VGA_QXL:
+ fprintf(stderr, "%s: qxl: no PCI bus\n", __func__);
+ return NULL;
+ case VGA_STD:
+ return isa_create_simple(bus, "isa-vga");
+ case VGA_VMWARE:
+ fprintf(stderr, "%s: vmware_vga: no PCI bus\n", __func__);
+ return NULL;
+ case VGA_NONE:
+ default:
+ return NULL;
+ }
+}
+
+static void isabus_dev_print(Monitor *mon, DeviceState *dev, int indent)
+{
+ ISADevice *d = ISA_DEVICE(dev);
+
+ if (d->isairq[1] != -1) {
+ monitor_printf(mon, "%*sisa irqs %d,%d\n", indent, "",
+ d->isairq[0], d->isairq[1]);
+ } else if (d->isairq[0] != -1) {
+ monitor_printf(mon, "%*sisa irq %d\n", indent, "",
+ d->isairq[0]);
+ }
+}
+
+static void isabus_bridge_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+
+ dc->fw_name = "isa";
+ dc->no_user = 1;
+}
+
+static const TypeInfo isabus_bridge_info = {
+ .name = "isabus-bridge",
+ .parent = TYPE_SYS_BUS_DEVICE,
+ .instance_size = sizeof(SysBusDevice),
+ .class_init = isabus_bridge_class_init,
+};
+
+static void isa_device_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *k = DEVICE_CLASS(klass);
+ k->bus_type = TYPE_ISA_BUS;
+}
+
+static const TypeInfo isa_device_type_info = {
+ .name = TYPE_ISA_DEVICE,
+ .parent = TYPE_DEVICE,
+ .instance_size = sizeof(ISADevice),
+ .instance_init = isa_device_init,
+ .abstract = true,
+ .class_size = sizeof(ISADeviceClass),
+ .class_init = isa_device_class_init,
+};
+
+static void isabus_register_types(void)
+{
+ type_register_static(&isa_bus_info);
+ type_register_static(&isabus_bridge_info);
+ type_register_static(&isa_device_type_info);
+}
+
+static char *isabus_get_fw_dev_path(DeviceState *dev)
+{
+ ISADevice *d = ISA_DEVICE(dev);
+ char path[40];
+ int off;
+
+ off = snprintf(path, sizeof(path), "%s", qdev_fw_name(dev));
+ if (d->ioport_id) {
+ snprintf(path + off, sizeof(path) - off, "@%04x", d->ioport_id);
+ }
+
+ return g_strdup(path);
+}
+
+MemoryRegion *isa_address_space(ISADevice *dev)
+{
+ return get_system_memory();
+}
+
+MemoryRegion *isa_address_space_io(ISADevice *dev)
+{
+ if (dev) {
+ return isa_bus_from_device(dev)->address_space_io;
+ }
+
+ return isabus->address_space_io;
+}
+
+type_init(isabus_register_types)
diff --git a/hw/isa/lpc_ich9.c b/hw/isa/lpc_ich9.c
new file mode 100644
index 000000000..5633d08b6
--- /dev/null
+++ b/hw/isa/lpc_ich9.c
@@ -0,0 +1,629 @@
+/*
+ * QEMU ICH9 Emulation
+ *
+ * Copyright (c) 2006 Fabrice Bellard
+ * Copyright (c) 2009, 2010, 2011
+ * Isaku Yamahata <yamahata at valinux co jp>
+ * VA Linux Systems Japan K.K.
+ * Copyright (C) 2012 Jason Baron <jbaron@redhat.com>
+ *
+ * This is based on piix_pci.c, but heavily modified.
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+#include "qemu-common.h"
+#include "hw/hw.h"
+#include "qemu/range.h"
+#include "hw/isa/isa.h"
+#include "hw/sysbus.h"
+#include "hw/i386/pc.h"
+#include "hw/isa/apm.h"
+#include "hw/i386/ioapic.h"
+#include "hw/pci/pci.h"
+#include "hw/pci/pcie_host.h"
+#include "hw/pci/pci_bridge.h"
+#include "hw/i386/ich9.h"
+#include "hw/acpi/acpi.h"
+#include "hw/acpi/ich9.h"
+#include "hw/pci/pci_bus.h"
+#include "exec/address-spaces.h"
+#include "sysemu/sysemu.h"
+
+static int ich9_lpc_sci_irq(ICH9LPCState *lpc);
+
+/*****************************************************************************/
+/* ICH9 LPC PCI to ISA bridge */
+
+static void ich9_lpc_reset(DeviceState *qdev);
+
+/* chipset configuration register
+ * to access chipset configuration registers, pci_[sg]et_{byte, word, long}
+ * are used.
+ * Although it's not pci configuration space, it's little endian as Intel.
+ */
+
+static void ich9_cc_update_ir(uint8_t irr[PCI_NUM_PINS], uint16_t ir)
+{
+ int intx;
+ for (intx = 0; intx < PCI_NUM_PINS; intx++) {
+ irr[intx] = (ir >> (intx * ICH9_CC_DIR_SHIFT)) & ICH9_CC_DIR_MASK;
+ }
+}
+
+static void ich9_cc_update(ICH9LPCState *lpc)
+{
+ int slot;
+ int pci_intx;
+
+ const int reg_offsets[] = {
+ ICH9_CC_D25IR,
+ ICH9_CC_D26IR,
+ ICH9_CC_D27IR,
+ ICH9_CC_D28IR,
+ ICH9_CC_D29IR,
+ ICH9_CC_D30IR,
+ ICH9_CC_D31IR,
+ };
+ const int *offset;
+
+ /* D{25 - 31}IR, but D30IR is read only to 0. */
+ for (slot = 25, offset = reg_offsets; slot < 32; slot++, offset++) {
+ if (slot == 30) {
+ continue;
+ }
+ ich9_cc_update_ir(lpc->irr[slot],
+ pci_get_word(lpc->chip_config + *offset));
+ }
+
+ /*
+ * D30: DMI2PCI bridge
+ * It is arbitrarily decided how INTx lines of PCI devicesbehind the bridge
+ * are connected to pirq lines. Our choice is PIRQ[E-H].
+ * INT[A-D] are connected to PIRQ[E-H]
+ */
+ for (pci_intx = 0; pci_intx < PCI_NUM_PINS; pci_intx++) {
+ lpc->irr[30][pci_intx] = pci_intx + 4;
+ }
+}
+
+static void ich9_cc_init(ICH9LPCState *lpc)
+{
+ int slot;
+ int intx;
+
+ /* the default irq routing is arbitrary as long as it matches with
+ * acpi irq routing table.
+ * The one that is incompatible with piix_pci(= bochs) one is
+ * intentionally chosen to let the users know that the different
+ * board is used.
+ *
+ * int[A-D] -> pirq[E-F]
+ * avoid pirq A-D because they are used for pci express port
+ */
+ for (slot = 0; slot < PCI_SLOT_MAX; slot++) {
+ for (intx = 0; intx < PCI_NUM_PINS; intx++) {
+ lpc->irr[slot][intx] = (slot + intx) % 4 + 4;
+ }
+ }
+ ich9_cc_update(lpc);
+}
+
+static void ich9_cc_reset(ICH9LPCState *lpc)
+{
+ uint8_t *c = lpc->chip_config;
+
+ memset(lpc->chip_config, 0, sizeof(lpc->chip_config));
+
+ pci_set_long(c + ICH9_CC_D31IR, ICH9_CC_DIR_DEFAULT);
+ pci_set_long(c + ICH9_CC_D30IR, ICH9_CC_D30IR_DEFAULT);
+ pci_set_long(c + ICH9_CC_D29IR, ICH9_CC_DIR_DEFAULT);
+ pci_set_long(c + ICH9_CC_D28IR, ICH9_CC_DIR_DEFAULT);
+ pci_set_long(c + ICH9_CC_D27IR, ICH9_CC_DIR_DEFAULT);
+ pci_set_long(c + ICH9_CC_D26IR, ICH9_CC_DIR_DEFAULT);
+ pci_set_long(c + ICH9_CC_D25IR, ICH9_CC_DIR_DEFAULT);
+
+ ich9_cc_update(lpc);
+}
+
+static void ich9_cc_addr_len(uint64_t *addr, unsigned *len)
+{
+ *addr &= ICH9_CC_ADDR_MASK;
+ if (*addr + *len >= ICH9_CC_SIZE) {
+ *len = ICH9_CC_SIZE - *addr;
+ }
+}
+
+/* val: little endian */
+static void ich9_cc_write(void *opaque, hwaddr addr,
+ uint64_t val, unsigned len)
+{
+ ICH9LPCState *lpc = (ICH9LPCState *)opaque;
+
+ ich9_cc_addr_len(&addr, &len);
+ memcpy(lpc->chip_config + addr, &val, len);
+ pci_bus_fire_intx_routing_notifier(lpc->d.bus);
+ ich9_cc_update(lpc);
+}
+
+/* return value: little endian */
+static uint64_t ich9_cc_read(void *opaque, hwaddr addr,
+ unsigned len)
+{
+ ICH9LPCState *lpc = (ICH9LPCState *)opaque;
+
+ uint32_t val = 0;
+ ich9_cc_addr_len(&addr, &len);
+ memcpy(&val, lpc->chip_config + addr, len);
+ return val;
+}
+
+/* IRQ routing */
+/* */
+static void ich9_lpc_rout(uint8_t pirq_rout, int *pic_irq, int *pic_dis)
+{
+ *pic_irq = pirq_rout & ICH9_LPC_PIRQ_ROUT_MASK;
+ *pic_dis = pirq_rout & ICH9_LPC_PIRQ_ROUT_IRQEN;
+}
+
+static void ich9_lpc_pic_irq(ICH9LPCState *lpc, int pirq_num,
+ int *pic_irq, int *pic_dis)
+{
+ switch (pirq_num) {
+ case 0 ... 3: /* A-D */
+ ich9_lpc_rout(lpc->d.config[ICH9_LPC_PIRQA_ROUT + pirq_num],
+ pic_irq, pic_dis);
+ return;
+ case 4 ... 7: /* E-H */
+ ich9_lpc_rout(lpc->d.config[ICH9_LPC_PIRQE_ROUT + (pirq_num - 4)],
+ pic_irq, pic_dis);
+ return;
+ default:
+ break;
+ }
+ abort();
+}
+
+/* pic_irq: i8254 irq 0-15 */
+static void ich9_lpc_update_pic(ICH9LPCState *lpc, int pic_irq)
+{
+ int i, pic_level;
+
+ /* The pic level is the logical OR of all the PCI irqs mapped to it */
+ pic_level = 0;
+ for (i = 0; i < ICH9_LPC_NB_PIRQS; i++) {
+ int tmp_irq;
+ int tmp_dis;
+ ich9_lpc_pic_irq(lpc, i, &tmp_irq, &tmp_dis);
+ if (!tmp_dis && pic_irq == tmp_irq) {
+ pic_level |= pci_bus_get_irq_level(lpc->d.bus, i);
+ }
+ }
+ if (pic_irq == ich9_lpc_sci_irq(lpc)) {
+ pic_level |= lpc->sci_level;
+ }
+
+ qemu_set_irq(lpc->pic[pic_irq], pic_level);
+}
+
+/* pirq: pirq[A-H] 0-7*/
+static void ich9_lpc_update_by_pirq(ICH9LPCState *lpc, int pirq)
+{
+ int pic_irq;
+ int pic_dis;
+
+ ich9_lpc_pic_irq(lpc, pirq, &pic_irq, &pic_dis);
+ assert(pic_irq < ICH9_LPC_PIC_NUM_PINS);
+ if (pic_dis) {
+ return;
+ }
+
+ ich9_lpc_update_pic(lpc, pic_irq);
+}
+
+/* APIC mode: GSIx: PIRQ[A-H] -> GSI 16, ... no pirq shares same APIC pins. */
+static int ich9_pirq_to_gsi(int pirq)
+{
+ return pirq + ICH9_LPC_PIC_NUM_PINS;
+}
+
+static int ich9_gsi_to_pirq(int gsi)
+{
+ return gsi - ICH9_LPC_PIC_NUM_PINS;
+}
+
+static void ich9_lpc_update_apic(ICH9LPCState *lpc, int gsi)
+{
+ int level = 0;
+
+ if (gsi >= ICH9_LPC_PIC_NUM_PINS) {
+ level |= pci_bus_get_irq_level(lpc->d.bus, ich9_gsi_to_pirq(gsi));
+ }
+ if (gsi == ich9_lpc_sci_irq(lpc)) {
+ level |= lpc->sci_level;
+ }
+
+ qemu_set_irq(lpc->ioapic[gsi], level);
+}
+
+void ich9_lpc_set_irq(void *opaque, int pirq, int level)
+{
+ ICH9LPCState *lpc = opaque;
+
+ assert(0 <= pirq);
+ assert(pirq < ICH9_LPC_NB_PIRQS);
+
+ ich9_lpc_update_apic(lpc, ich9_pirq_to_gsi(pirq));
+ ich9_lpc_update_by_pirq(lpc, pirq);
+}
+
+/* return the pirq number (PIRQ[A-H]:0-7) corresponding to
+ * a given device irq pin.
+ */
+int ich9_lpc_map_irq(PCIDevice *pci_dev, int intx)
+{
+ BusState *bus = qdev_get_parent_bus(&pci_dev->qdev);
+ PCIBus *pci_bus = PCI_BUS(bus);
+ PCIDevice *lpc_pdev =
+ pci_bus->devices[PCI_DEVFN(ICH9_LPC_DEV, ICH9_LPC_FUNC)];
+ ICH9LPCState *lpc = ICH9_LPC_DEVICE(lpc_pdev);
+
+ return lpc->irr[PCI_SLOT(pci_dev->devfn)][intx];
+}
+
+PCIINTxRoute ich9_route_intx_pin_to_irq(void *opaque, int pirq_pin)
+{
+ ICH9LPCState *lpc = opaque;
+ PCIINTxRoute route;
+ int pic_irq;
+ int pic_dis;
+
+ assert(0 <= pirq_pin);
+ assert(pirq_pin < ICH9_LPC_NB_PIRQS);
+
+ route.mode = PCI_INTX_ENABLED;
+ ich9_lpc_pic_irq(lpc, pirq_pin, &pic_irq, &pic_dis);
+ if (!pic_dis) {
+ if (pic_irq < ICH9_LPC_PIC_NUM_PINS) {
+ route.irq = pic_irq;
+ } else {
+ route.mode = PCI_INTX_DISABLED;
+ route.irq = -1;
+ }
+ } else {
+ route.irq = ich9_pirq_to_gsi(pirq_pin);
+ }
+
+ return route;
+}
+
+static int ich9_lpc_sci_irq(ICH9LPCState *lpc)
+{
+ switch (lpc->d.config[ICH9_LPC_ACPI_CTRL] &
+ ICH9_LPC_ACPI_CTRL_SCI_IRQ_SEL_MASK) {
+ case ICH9_LPC_ACPI_CTRL_9:
+ return 9;
+ case ICH9_LPC_ACPI_CTRL_10:
+ return 10;
+ case ICH9_LPC_ACPI_CTRL_11:
+ return 11;
+ case ICH9_LPC_ACPI_CTRL_20:
+ return 20;
+ case ICH9_LPC_ACPI_CTRL_21:
+ return 21;
+ default:
+ /* reserved */
+ break;
+ }
+ return -1;
+}
+
+static void ich9_set_sci(void *opaque, int irq_num, int level)
+{
+ ICH9LPCState *lpc = opaque;
+ int irq;
+
+ assert(irq_num == 0);
+ level = !!level;
+ if (level == lpc->sci_level) {
+ return;
+ }
+ lpc->sci_level = level;
+
+ irq = ich9_lpc_sci_irq(lpc);
+ if (irq < 0) {
+ return;
+ }
+
+ ich9_lpc_update_apic(lpc, irq);
+ if (irq < ICH9_LPC_PIC_NUM_PINS) {
+ ich9_lpc_update_pic(lpc, irq);
+ }
+}
+
+void ich9_lpc_pm_init(PCIDevice *lpc_pci)
+{
+ ICH9LPCState *lpc = ICH9_LPC_DEVICE(lpc_pci);
+ qemu_irq *sci_irq;
+
+ sci_irq = qemu_allocate_irqs(ich9_set_sci, lpc, 1);
+ ich9_pm_init(lpc_pci, &lpc->pm, sci_irq[0]);
+
+ ich9_lpc_reset(&lpc->d.qdev);
+}
+
+/* APM */
+
+static void ich9_apm_ctrl_changed(uint32_t val, void *arg)
+{
+ ICH9LPCState *lpc = arg;
+
+ /* ACPI specs 3.0, 4.7.2.5 */
+ acpi_pm1_cnt_update(&lpc->pm.acpi_regs,
+ val == ICH9_APM_ACPI_ENABLE,
+ val == ICH9_APM_ACPI_DISABLE);
+
+ /* SMI_EN = PMBASE + 30. SMI control and enable register */
+ if (lpc->pm.smi_en & ICH9_PMIO_SMI_EN_APMC_EN) {
+ cpu_interrupt(first_cpu, CPU_INTERRUPT_SMI);
+ }
+}
+
+/* config:PMBASE */
+static void
+ich9_lpc_pmbase_update(ICH9LPCState *lpc)
+{
+ uint32_t pm_io_base = pci_get_long(lpc->d.config + ICH9_LPC_PMBASE);
+ pm_io_base &= ICH9_LPC_PMBASE_BASE_ADDRESS_MASK;
+
+ ich9_pm_iospace_update(&lpc->pm, pm_io_base);
+}
+
+/* config:RBCA */
+static void ich9_lpc_rcba_update(ICH9LPCState *lpc, uint32_t rbca_old)
+{
+ uint32_t rbca = pci_get_long(lpc->d.config + ICH9_LPC_RCBA);
+
+ if (rbca_old & ICH9_LPC_RCBA_EN) {
+ memory_region_del_subregion(get_system_memory(), &lpc->rbca_mem);
+ }
+ if (rbca & ICH9_LPC_RCBA_EN) {
+ memory_region_add_subregion_overlap(get_system_memory(),
+ rbca & ICH9_LPC_RCBA_BA_MASK,
+ &lpc->rbca_mem, 1);
+ }
+}
+
+static int ich9_lpc_post_load(void *opaque, int version_id)
+{
+ ICH9LPCState *lpc = opaque;
+
+ ich9_lpc_pmbase_update(lpc);
+ ich9_lpc_rcba_update(lpc, 0 /* disabled ICH9_LPC_RBCA_EN */);
+ return 0;
+}
+
+static void ich9_lpc_config_write(PCIDevice *d,
+ uint32_t addr, uint32_t val, int len)
+{
+ ICH9LPCState *lpc = ICH9_LPC_DEVICE(d);
+ uint32_t rbca_old = pci_get_long(d->config + ICH9_LPC_RCBA);
+
+ pci_default_write_config(d, addr, val, len);
+ if (ranges_overlap(addr, len, ICH9_LPC_PMBASE, 4)) {
+ ich9_lpc_pmbase_update(lpc);
+ }
+ if (ranges_overlap(addr, len, ICH9_LPC_RCBA, 4)) {
+ ich9_lpc_rcba_update(lpc, rbca_old);
+ }
+ if (ranges_overlap(addr, len, ICH9_LPC_PIRQA_ROUT, 4)) {
+ pci_bus_fire_intx_routing_notifier(lpc->d.bus);
+ }
+ if (ranges_overlap(addr, len, ICH9_LPC_PIRQE_ROUT, 4)) {
+ pci_bus_fire_intx_routing_notifier(lpc->d.bus);
+ }
+}
+
+static void ich9_lpc_reset(DeviceState *qdev)
+{
+ PCIDevice *d = PCI_DEVICE(qdev);
+ ICH9LPCState *lpc = ICH9_LPC_DEVICE(d);
+ uint32_t rbca_old = pci_get_long(d->config + ICH9_LPC_RCBA);
+ int i;
+
+ for (i = 0; i < 4; i++) {
+ pci_set_byte(d->config + ICH9_LPC_PIRQA_ROUT + i,
+ ICH9_LPC_PIRQ_ROUT_DEFAULT);
+ }
+ for (i = 0; i < 4; i++) {
+ pci_set_byte(d->config + ICH9_LPC_PIRQE_ROUT + i,
+ ICH9_LPC_PIRQ_ROUT_DEFAULT);
+ }
+ pci_set_byte(d->config + ICH9_LPC_ACPI_CTRL, ICH9_LPC_ACPI_CTRL_DEFAULT);
+
+ pci_set_long(d->config + ICH9_LPC_PMBASE, ICH9_LPC_PMBASE_DEFAULT);
+ pci_set_long(d->config + ICH9_LPC_RCBA, ICH9_LPC_RCBA_DEFAULT);
+
+ ich9_cc_reset(lpc);
+
+ ich9_lpc_pmbase_update(lpc);
+ ich9_lpc_rcba_update(lpc, rbca_old);
+
+ lpc->sci_level = 0;
+ lpc->rst_cnt = 0;
+}
+
+static const MemoryRegionOps rbca_mmio_ops = {
+ .read = ich9_cc_read,
+ .write = ich9_cc_write,
+ .endianness = DEVICE_LITTLE_ENDIAN,
+};
+
+static void ich9_lpc_machine_ready(Notifier *n, void *opaque)
+{
+ ICH9LPCState *s = container_of(n, ICH9LPCState, machine_ready);
+ MemoryRegion *io_as = pci_address_space_io(&s->d);
+ uint8_t *pci_conf;
+
+ pci_conf = s->d.config;
+ if (memory_region_present(io_as, 0x3f8)) {
+ /* com1 */
+ pci_conf[0x82] |= 0x01;
+ }
+ if (memory_region_present(io_as, 0x2f8)) {
+ /* com2 */
+ pci_conf[0x82] |= 0x02;
+ }
+ if (memory_region_present(io_as, 0x378)) {
+ /* lpt */
+ pci_conf[0x82] |= 0x04;
+ }
+ if (memory_region_present(io_as, 0x3f0)) {
+ /* floppy */
+ pci_conf[0x82] |= 0x08;
+ }
+}
+
+/* reset control */
+static void ich9_rst_cnt_write(void *opaque, hwaddr addr, uint64_t val,
+ unsigned len)
+{
+ ICH9LPCState *lpc = opaque;
+
+ if (val & 4) {
+ qemu_system_reset_request();
+ return;
+ }
+ lpc->rst_cnt = val & 0xA; /* keep FULL_RST (bit 3) and SYS_RST (bit 1) */
+}
+
+static uint64_t ich9_rst_cnt_read(void *opaque, hwaddr addr, unsigned len)
+{
+ ICH9LPCState *lpc = opaque;
+
+ return lpc->rst_cnt;
+}
+
+static const MemoryRegionOps ich9_rst_cnt_ops = {
+ .read = ich9_rst_cnt_read,
+ .write = ich9_rst_cnt_write,
+ .endianness = DEVICE_LITTLE_ENDIAN
+};
+
+static int ich9_lpc_initfn(PCIDevice *d)
+{
+ ICH9LPCState *lpc = ICH9_LPC_DEVICE(d);
+ ISABus *isa_bus;
+
+ isa_bus = isa_bus_new(&d->qdev, get_system_io());
+
+ pci_set_long(d->wmask + ICH9_LPC_PMBASE,
+ ICH9_LPC_PMBASE_BASE_ADDRESS_MASK);
+
+ memory_region_init_io(&lpc->rbca_mem, OBJECT(d), &rbca_mmio_ops, lpc,
+ "lpc-rbca-mmio", ICH9_CC_SIZE);
+
+ lpc->isa_bus = isa_bus;
+
+ ich9_cc_init(lpc);
+ apm_init(d, &lpc->apm, ich9_apm_ctrl_changed, lpc);
+
+ lpc->machine_ready.notify = ich9_lpc_machine_ready;
+ qemu_add_machine_init_done_notifier(&lpc->machine_ready);
+
+ memory_region_init_io(&lpc->rst_cnt_mem, OBJECT(d), &ich9_rst_cnt_ops, lpc,
+ "lpc-reset-control", 1);
+ memory_region_add_subregion_overlap(pci_address_space_io(d),
+ ICH9_RST_CNT_IOPORT, &lpc->rst_cnt_mem,
+ 1);
+
+ return 0;
+}
+
+static bool ich9_rst_cnt_needed(void *opaque)
+{
+ ICH9LPCState *lpc = opaque;
+
+ return (lpc->rst_cnt != 0);
+}
+
+static const VMStateDescription vmstate_ich9_rst_cnt = {
+ .name = "ICH9LPC/rst_cnt",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .fields = (VMStateField[]) {
+ VMSTATE_UINT8(rst_cnt, ICH9LPCState),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+static const VMStateDescription vmstate_ich9_lpc = {
+ .name = "ICH9LPC",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .minimum_version_id_old = 1,
+ .post_load = ich9_lpc_post_load,
+ .fields = (VMStateField[]) {
+ VMSTATE_PCI_DEVICE(d, ICH9LPCState),
+ VMSTATE_STRUCT(apm, ICH9LPCState, 0, vmstate_apm, APMState),
+ VMSTATE_STRUCT(pm, ICH9LPCState, 0, vmstate_ich9_pm, ICH9LPCPMRegs),
+ VMSTATE_UINT8_ARRAY(chip_config, ICH9LPCState, ICH9_CC_SIZE),
+ VMSTATE_UINT32(sci_level, ICH9LPCState),
+ VMSTATE_END_OF_LIST()
+ },
+ .subsections = (VMStateSubsection[]) {
+ {
+ .vmsd = &vmstate_ich9_rst_cnt,
+ .needed = ich9_rst_cnt_needed
+ },
+ { 0 }
+ }
+};
+
+static void ich9_lpc_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ PCIDeviceClass *k = PCI_DEVICE_CLASS(klass);
+
+ set_bit(DEVICE_CATEGORY_BRIDGE, dc->categories);
+ dc->reset = ich9_lpc_reset;
+ k->init = ich9_lpc_initfn;
+ dc->vmsd = &vmstate_ich9_lpc;
+ dc->no_user = 1;
+ k->config_write = ich9_lpc_config_write;
+ dc->desc = "ICH9 LPC bridge";
+ k->vendor_id = PCI_VENDOR_ID_INTEL;
+ k->device_id = PCI_DEVICE_ID_INTEL_ICH9_8;
+ k->revision = ICH9_A2_LPC_REVISION;
+ k->class_id = PCI_CLASS_BRIDGE_ISA;
+
+}
+
+static const TypeInfo ich9_lpc_info = {
+ .name = TYPE_ICH9_LPC_DEVICE,
+ .parent = TYPE_PCI_DEVICE,
+ .instance_size = sizeof(struct ICH9LPCState),
+ .class_init = ich9_lpc_class_init,
+};
+
+static void ich9_lpc_register(void)
+{
+ type_register_static(&ich9_lpc_info);
+}
+
+type_init(ich9_lpc_register);
diff --git a/hw/isa/pc87312.c b/hw/isa/pc87312.c
new file mode 100644
index 000000000..46a23fb6b
--- /dev/null
+++ b/hw/isa/pc87312.c
@@ -0,0 +1,400 @@
+/*
+ * QEMU National Semiconductor PC87312 (Super I/O)
+ *
+ * Copyright (c) 2010-2012 Herve Poussineau
+ * Copyright (c) 2011-2012 Andreas Färber
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+#include "hw/isa/pc87312.h"
+#include "qemu/error-report.h"
+#include "sysemu/blockdev.h"
+#include "sysemu/sysemu.h"
+#include "sysemu/char.h"
+#include "trace.h"
+
+
+#define REG_FER 0
+#define REG_FAR 1
+#define REG_PTR 2
+
+#define FER_PARALLEL_EN 0x01
+#define FER_UART1_EN 0x02
+#define FER_UART2_EN 0x04
+#define FER_FDC_EN 0x08
+#define FER_FDC_4 0x10
+#define FER_FDC_ADDR 0x20
+#define FER_IDE_EN 0x40
+#define FER_IDE_ADDR 0x80
+
+#define FAR_PARALLEL_ADDR 0x03
+#define FAR_UART1_ADDR 0x0C
+#define FAR_UART2_ADDR 0x30
+#define FAR_UART_3_4 0xC0
+
+#define PTR_POWER_DOWN 0x01
+#define PTR_CLOCK_DOWN 0x02
+#define PTR_PWDN 0x04
+#define PTR_IRQ_5_7 0x08
+#define PTR_UART1_TEST 0x10
+#define PTR_UART2_TEST 0x20
+#define PTR_LOCK_CONF 0x40
+#define PTR_EPP_MODE 0x80
+
+
+/* Parallel port */
+
+static inline bool is_parallel_enabled(PC87312State *s)
+{
+ return s->regs[REG_FER] & FER_PARALLEL_EN;
+}
+
+static const uint32_t parallel_base[] = { 0x378, 0x3bc, 0x278, 0x00 };
+
+static inline uint32_t get_parallel_iobase(PC87312State *s)
+{
+ return parallel_base[s->regs[REG_FAR] & FAR_PARALLEL_ADDR];
+}
+
+static const uint32_t parallel_irq[] = { 5, 7, 5, 0 };
+
+static inline uint32_t get_parallel_irq(PC87312State *s)
+{
+ int idx;
+ idx = (s->regs[REG_FAR] & FAR_PARALLEL_ADDR);
+ if (idx == 0) {
+ return (s->regs[REG_PTR] & PTR_IRQ_5_7) ? 7 : 5;
+ } else {
+ return parallel_irq[idx];
+ }
+}
+
+static inline bool is_parallel_epp(PC87312State *s)
+{
+ return s->regs[REG_PTR] & PTR_EPP_MODE;
+}
+
+
+/* UARTs */
+
+static const uint32_t uart_base[2][4] = {
+ { 0x3e8, 0x338, 0x2e8, 0x220 },
+ { 0x2e8, 0x238, 0x2e0, 0x228 }
+};
+
+static inline uint32_t get_uart_iobase(PC87312State *s, int i)
+{
+ int idx;
+ idx = (s->regs[REG_FAR] >> (2 * i + 2)) & 0x3;
+ if (idx == 0) {
+ return 0x3f8;
+ } else if (idx == 1) {
+ return 0x2f8;
+ } else {
+ return uart_base[idx & 1][(s->regs[REG_FAR] & FAR_UART_3_4) >> 6];
+ }
+}
+
+static inline uint32_t get_uart_irq(PC87312State *s, int i)
+{
+ int idx;
+ idx = (s->regs[REG_FAR] >> (2 * i + 2)) & 0x3;
+ return (idx & 1) ? 3 : 4;
+}
+
+static inline bool is_uart_enabled(PC87312State *s, int i)
+{
+ return s->regs[REG_FER] & (FER_UART1_EN << i);
+}
+
+
+/* Floppy controller */
+
+static inline bool is_fdc_enabled(PC87312State *s)
+{
+ return s->regs[REG_FER] & FER_FDC_EN;
+}
+
+static inline uint32_t get_fdc_iobase(PC87312State *s)
+{
+ return (s->regs[REG_FER] & FER_FDC_ADDR) ? 0x370 : 0x3f0;
+}
+
+
+/* IDE controller */
+
+static inline bool is_ide_enabled(PC87312State *s)
+{
+ return s->regs[REG_FER] & FER_IDE_EN;
+}
+
+static inline uint32_t get_ide_iobase(PC87312State *s)
+{
+ return (s->regs[REG_FER] & FER_IDE_ADDR) ? 0x170 : 0x1f0;
+}
+
+
+static void reconfigure_devices(PC87312State *s)
+{
+ error_report("pc87312: unsupported device reconfiguration (%02x %02x %02x)",
+ s->regs[REG_FER], s->regs[REG_FAR], s->regs[REG_PTR]);
+}
+
+static void pc87312_soft_reset(PC87312State *s)
+{
+ static const uint8_t fer_init[] = {
+ 0x4f, 0x4f, 0x4f, 0x4f, 0x4f, 0x4f, 0x4b, 0x4b,
+ 0x4b, 0x4b, 0x4b, 0x4b, 0x0f, 0x0f, 0x0f, 0x0f,
+ 0x49, 0x49, 0x49, 0x49, 0x07, 0x07, 0x07, 0x07,
+ 0x47, 0x47, 0x47, 0x47, 0x47, 0x47, 0x08, 0x00,
+ };
+ static const uint8_t far_init[] = {
+ 0x10, 0x11, 0x11, 0x39, 0x24, 0x38, 0x00, 0x01,
+ 0x01, 0x09, 0x08, 0x08, 0x10, 0x11, 0x39, 0x24,
+ 0x00, 0x01, 0x01, 0x00, 0x10, 0x11, 0x39, 0x24,
+ 0x10, 0x11, 0x11, 0x39, 0x24, 0x38, 0x10, 0x10,
+ };
+ static const uint8_t ptr_init[] = {
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02,
+ };
+
+ s->read_id_step = 0;
+ s->selected_index = REG_FER;
+
+ s->regs[REG_FER] = fer_init[s->config & 0x1f];
+ s->regs[REG_FAR] = far_init[s->config & 0x1f];
+ s->regs[REG_PTR] = ptr_init[s->config & 0x1f];
+}
+
+static void pc87312_hard_reset(PC87312State *s)
+{
+ pc87312_soft_reset(s);
+}
+
+static void pc87312_io_write(void *opaque, hwaddr addr, uint64_t val,
+ unsigned int size)
+{
+ PC87312State *s = opaque;
+
+ trace_pc87312_io_write(addr, val);
+
+ if ((addr & 1) == 0) {
+ /* Index register */
+ s->read_id_step = 2;
+ s->selected_index = val;
+ } else {
+ /* Data register */
+ if (s->selected_index < 3) {
+ s->regs[s->selected_index] = val;
+ reconfigure_devices(s);
+ }
+ }
+}
+
+static uint64_t pc87312_io_read(void *opaque, hwaddr addr, unsigned int size)
+{
+ PC87312State *s = opaque;
+ uint32_t val;
+
+ if ((addr & 1) == 0) {
+ /* Index register */
+ if (s->read_id_step++ == 0) {
+ val = 0x88;
+ } else if (s->read_id_step++ == 1) {
+ val = 0;
+ } else {
+ val = s->selected_index;
+ }
+ } else {
+ /* Data register */
+ if (s->selected_index < 3) {
+ val = s->regs[s->selected_index];
+ } else {
+ /* Invalid selected index */
+ val = 0;
+ }
+ }
+
+ trace_pc87312_io_read(addr, val);
+ return val;
+}
+
+static const MemoryRegionOps pc87312_io_ops = {
+ .read = pc87312_io_read,
+ .write = pc87312_io_write,
+ .endianness = DEVICE_LITTLE_ENDIAN,
+ .valid = {
+ .min_access_size = 1,
+ .max_access_size = 1,
+ },
+};
+
+static int pc87312_post_load(void *opaque, int version_id)
+{
+ PC87312State *s = opaque;
+
+ reconfigure_devices(s);
+ return 0;
+}
+
+static void pc87312_reset(DeviceState *d)
+{
+ PC87312State *s = PC87312(d);
+
+ pc87312_soft_reset(s);
+}
+
+static void pc87312_realize(DeviceState *dev, Error **errp)
+{
+ PC87312State *s;
+ DeviceState *d;
+ ISADevice *isa;
+ ISABus *bus;
+ CharDriverState *chr;
+ DriveInfo *drive;
+ char name[5];
+ int i;
+
+ s = PC87312(dev);
+ isa = ISA_DEVICE(dev);
+ bus = isa_bus_from_device(isa);
+ isa_register_ioport(isa, &s->io, s->iobase);
+ pc87312_hard_reset(s);
+
+ if (is_parallel_enabled(s)) {
+ chr = parallel_hds[0];
+ if (chr == NULL) {
+ chr = qemu_chr_new("par0", "null", NULL);
+ }
+ isa = isa_create(bus, "isa-parallel");
+ d = DEVICE(isa);
+ qdev_prop_set_uint32(d, "index", 0);
+ qdev_prop_set_uint32(d, "iobase", get_parallel_iobase(s));
+ qdev_prop_set_uint32(d, "irq", get_parallel_irq(s));
+ qdev_prop_set_chr(d, "chardev", chr);
+ qdev_init_nofail(d);
+ s->parallel.dev = isa;
+ trace_pc87312_info_parallel(get_parallel_iobase(s),
+ get_parallel_irq(s));
+ }
+
+ for (i = 0; i < 2; i++) {
+ if (is_uart_enabled(s, i)) {
+ chr = serial_hds[i];
+ if (chr == NULL) {
+ snprintf(name, sizeof(name), "ser%d", i);
+ chr = qemu_chr_new(name, "null", NULL);
+ }
+ isa = isa_create(bus, "isa-serial");
+ d = DEVICE(isa);
+ qdev_prop_set_uint32(d, "index", i);
+ qdev_prop_set_uint32(d, "iobase", get_uart_iobase(s, i));
+ qdev_prop_set_uint32(d, "irq", get_uart_irq(s, i));
+ qdev_prop_set_chr(d, "chardev", chr);
+ qdev_init_nofail(d);
+ s->uart[i].dev = isa;
+ trace_pc87312_info_serial(i, get_uart_iobase(s, i),
+ get_uart_irq(s, i));
+ }
+ }
+
+ if (is_fdc_enabled(s)) {
+ isa = isa_create(bus, "isa-fdc");
+ d = DEVICE(isa);
+ qdev_prop_set_uint32(d, "iobase", get_fdc_iobase(s));
+ qdev_prop_set_uint32(d, "irq", 6);
+ drive = drive_get(IF_FLOPPY, 0, 0);
+ if (drive != NULL) {
+ qdev_prop_set_drive_nofail(d, "driveA", drive->bdrv);
+ }
+ drive = drive_get(IF_FLOPPY, 0, 1);
+ if (drive != NULL) {
+ qdev_prop_set_drive_nofail(d, "driveB", drive->bdrv);
+ }
+ qdev_init_nofail(d);
+ s->fdc.dev = isa;
+ trace_pc87312_info_floppy(get_fdc_iobase(s));
+ }
+
+ if (is_ide_enabled(s)) {
+ isa = isa_create(bus, "isa-ide");
+ d = DEVICE(isa);
+ qdev_prop_set_uint32(d, "iobase", get_ide_iobase(s));
+ qdev_prop_set_uint32(d, "iobase2", get_ide_iobase(s) + 0x206);
+ qdev_prop_set_uint32(d, "irq", 14);
+ qdev_init_nofail(d);
+ s->ide.dev = isa;
+ trace_pc87312_info_ide(get_ide_iobase(s));
+ }
+}
+
+static void pc87312_initfn(Object *obj)
+{
+ PC87312State *s = PC87312(obj);
+
+ memory_region_init_io(&s->io, obj, &pc87312_io_ops, s, "pc87312", 2);
+}
+
+static const VMStateDescription vmstate_pc87312 = {
+ .name = "pc87312",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .post_load = pc87312_post_load,
+ .fields = (VMStateField[]) {
+ VMSTATE_UINT8(read_id_step, PC87312State),
+ VMSTATE_UINT8(selected_index, PC87312State),
+ VMSTATE_UINT8_ARRAY(regs, PC87312State, 3),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+static Property pc87312_properties[] = {
+ DEFINE_PROP_HEX32("iobase", PC87312State, iobase, 0x398),
+ DEFINE_PROP_UINT8("config", PC87312State, config, 1),
+ DEFINE_PROP_END_OF_LIST()
+};
+
+static void pc87312_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+
+ dc->realize = pc87312_realize;
+ dc->reset = pc87312_reset;
+ dc->vmsd = &vmstate_pc87312;
+ dc->props = pc87312_properties;
+}
+
+static const TypeInfo pc87312_type_info = {
+ .name = TYPE_PC87312,
+ .parent = TYPE_ISA_DEVICE,
+ .instance_size = sizeof(PC87312State),
+ .instance_init = pc87312_initfn,
+ .class_init = pc87312_class_init,
+};
+
+static void pc87312_register_types(void)
+{
+ type_register_static(&pc87312_type_info);
+}
+
+type_init(pc87312_register_types)
diff --git a/hw/isa/piix4.c b/hw/isa/piix4.c
new file mode 100644
index 000000000..1a1d4518c
--- /dev/null
+++ b/hw/isa/piix4.c
@@ -0,0 +1,132 @@
+/*
+ * QEMU PIIX4 PCI Bridge Emulation
+ *
+ * Copyright (c) 2006 Fabrice Bellard
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+#include "hw/hw.h"
+#include "hw/i386/pc.h"
+#include "hw/pci/pci.h"
+#include "hw/isa/isa.h"
+#include "hw/sysbus.h"
+
+PCIDevice *piix4_dev;
+
+typedef struct PIIX4State {
+ PCIDevice dev;
+} PIIX4State;
+
+static void piix4_reset(void *opaque)
+{
+ PIIX4State *d = opaque;
+ uint8_t *pci_conf = d->dev.config;
+
+ pci_conf[0x04] = 0x07; // master, memory and I/O
+ pci_conf[0x05] = 0x00;
+ pci_conf[0x06] = 0x00;
+ pci_conf[0x07] = 0x02; // PCI_status_devsel_medium
+ pci_conf[0x4c] = 0x4d;
+ pci_conf[0x4e] = 0x03;
+ pci_conf[0x4f] = 0x00;
+ pci_conf[0x60] = 0x0a; // PCI A -> IRQ 10
+ pci_conf[0x61] = 0x0a; // PCI B -> IRQ 10
+ pci_conf[0x62] = 0x0b; // PCI C -> IRQ 11
+ pci_conf[0x63] = 0x0b; // PCI D -> IRQ 11
+ pci_conf[0x69] = 0x02;
+ pci_conf[0x70] = 0x80;
+ pci_conf[0x76] = 0x0c;
+ pci_conf[0x77] = 0x0c;
+ pci_conf[0x78] = 0x02;
+ pci_conf[0x79] = 0x00;
+ pci_conf[0x80] = 0x00;
+ pci_conf[0x82] = 0x00;
+ pci_conf[0xa0] = 0x08;
+ pci_conf[0xa2] = 0x00;
+ pci_conf[0xa3] = 0x00;
+ pci_conf[0xa4] = 0x00;
+ pci_conf[0xa5] = 0x00;
+ pci_conf[0xa6] = 0x00;
+ pci_conf[0xa7] = 0x00;
+ pci_conf[0xa8] = 0x0f;
+ pci_conf[0xaa] = 0x00;
+ pci_conf[0xab] = 0x00;
+ pci_conf[0xac] = 0x00;
+ pci_conf[0xae] = 0x00;
+}
+
+static const VMStateDescription vmstate_piix4 = {
+ .name = "PIIX4",
+ .version_id = 2,
+ .minimum_version_id = 2,
+ .minimum_version_id_old = 2,
+ .fields = (VMStateField[]) {
+ VMSTATE_PCI_DEVICE(dev, PIIX4State),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+static int piix4_initfn(PCIDevice *dev)
+{
+ PIIX4State *d = DO_UPCAST(PIIX4State, dev, dev);
+
+ isa_bus_new(&d->dev.qdev, pci_address_space_io(dev));
+ piix4_dev = &d->dev;
+ qemu_register_reset(piix4_reset, d);
+ return 0;
+}
+
+int piix4_init(PCIBus *bus, ISABus **isa_bus, int devfn)
+{
+ PCIDevice *d;
+
+ d = pci_create_simple_multifunction(bus, devfn, true, "PIIX4");
+ *isa_bus = ISA_BUS(qdev_get_child_bus(DEVICE(d), "isa.0"));
+ return d->devfn;
+}
+
+static void piix4_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ PCIDeviceClass *k = PCI_DEVICE_CLASS(klass);
+
+ k->no_hotplug = 1;
+ k->init = piix4_initfn;
+ k->vendor_id = PCI_VENDOR_ID_INTEL;
+ k->device_id = PCI_DEVICE_ID_INTEL_82371AB_0;
+ k->class_id = PCI_CLASS_BRIDGE_ISA;
+ dc->desc = "ISA bridge";
+ dc->no_user = 1;
+ dc->vmsd = &vmstate_piix4;
+}
+
+static const TypeInfo piix4_info = {
+ .name = "PIIX4",
+ .parent = TYPE_PCI_DEVICE,
+ .instance_size = sizeof(PIIX4State),
+ .class_init = piix4_class_init,
+};
+
+static void piix4_register_types(void)
+{
+ type_register_static(&piix4_info);
+}
+
+type_init(piix4_register_types)
diff --git a/hw/isa/vt82c686.c b/hw/isa/vt82c686.c
new file mode 100644
index 000000000..8fe4fcb4a
--- /dev/null
+++ b/hw/isa/vt82c686.c
@@ -0,0 +1,502 @@
+/*
+ * VT82C686B south bridge support
+ *
+ * Copyright (c) 2008 yajin (yajin@vm-kernel.org)
+ * Copyright (c) 2009 chenming (chenming@rdc.faw.com.cn)
+ * Copyright (c) 2010 Huacai Chen (zltjiangshi@gmail.com)
+ * This code is licensed under the GNU GPL v2.
+ *
+ * Contributions after 2012-01-13 are licensed under the terms of the
+ * GNU GPL, version 2 or (at your option) any later version.
+ */
+
+#include "hw/hw.h"
+#include "hw/i386/pc.h"
+#include "hw/isa/vt82c686.h"
+#include "hw/i2c/i2c.h"
+#include "hw/i2c/smbus.h"
+#include "hw/pci/pci.h"
+#include "hw/isa/isa.h"
+#include "hw/sysbus.h"
+#include "hw/mips/mips.h"
+#include "hw/isa/apm.h"
+#include "hw/acpi/acpi.h"
+#include "hw/i2c/pm_smbus.h"
+#include "sysemu/sysemu.h"
+#include "qemu/timer.h"
+#include "exec/address-spaces.h"
+
+//#define DEBUG_VT82C686B
+
+#ifdef DEBUG_VT82C686B
+#define DPRINTF(fmt, ...) fprintf(stderr, "%s: " fmt, __FUNCTION__, ##__VA_ARGS__)
+#else
+#define DPRINTF(fmt, ...)
+#endif
+
+typedef struct SuperIOConfig
+{
+ uint8_t config[0xff];
+ uint8_t index;
+ uint8_t data;
+} SuperIOConfig;
+
+typedef struct VT82C686BState {
+ PCIDevice dev;
+ MemoryRegion superio;
+ SuperIOConfig superio_conf;
+} VT82C686BState;
+
+static void superio_ioport_writeb(void *opaque, hwaddr addr, uint64_t data,
+ unsigned size)
+{
+ int can_write;
+ SuperIOConfig *superio_conf = opaque;
+
+ DPRINTF("superio_ioport_writeb address 0x%x val 0x%x\n", addr, data);
+ if (addr == 0x3f0) {
+ superio_conf->index = data & 0xff;
+ } else {
+ /* 0x3f1 */
+ switch (superio_conf->index) {
+ case 0x00 ... 0xdf:
+ case 0xe4:
+ case 0xe5:
+ case 0xe9 ... 0xed:
+ case 0xf3:
+ case 0xf5:
+ case 0xf7:
+ case 0xf9 ... 0xfb:
+ case 0xfd ... 0xff:
+ can_write = 0;
+ break;
+ default:
+ can_write = 1;
+
+ if (can_write) {
+ switch (superio_conf->index) {
+ case 0xe7:
+ if ((data & 0xff) != 0xfe) {
+ DPRINTF("chage uart 1 base. unsupported yet\n");
+ }
+ break;
+ case 0xe8:
+ if ((data & 0xff) != 0xbe) {
+ DPRINTF("chage uart 2 base. unsupported yet\n");
+ }
+ break;
+
+ default:
+ superio_conf->config[superio_conf->index] = data & 0xff;
+ }
+ }
+ }
+ superio_conf->config[superio_conf->index] = data & 0xff;
+ }
+}
+
+static uint64_t superio_ioport_readb(void *opaque, hwaddr addr, unsigned size)
+{
+ SuperIOConfig *superio_conf = opaque;
+
+ DPRINTF("superio_ioport_readb address 0x%x\n", addr);
+ return (superio_conf->config[superio_conf->index]);
+}
+
+static const MemoryRegionOps superio_ops = {
+ .read = superio_ioport_readb,
+ .write = superio_ioport_writeb,
+ .endianness = DEVICE_NATIVE_ENDIAN,
+ .impl = {
+ .min_access_size = 1,
+ .max_access_size = 1,
+ },
+};
+
+static void vt82c686b_reset(void * opaque)
+{
+ PCIDevice *d = opaque;
+ uint8_t *pci_conf = d->config;
+ VT82C686BState *vt82c = DO_UPCAST(VT82C686BState, dev, d);
+
+ pci_set_long(pci_conf + PCI_CAPABILITY_LIST, 0x000000c0);
+ pci_set_word(pci_conf + PCI_COMMAND, PCI_COMMAND_IO | PCI_COMMAND_MEMORY |
+ PCI_COMMAND_MASTER | PCI_COMMAND_SPECIAL);
+ pci_set_word(pci_conf + PCI_STATUS, PCI_STATUS_DEVSEL_MEDIUM);
+
+ pci_conf[0x48] = 0x01; /* Miscellaneous Control 3 */
+ pci_conf[0x4a] = 0x04; /* IDE interrupt Routing */
+ pci_conf[0x4f] = 0x03; /* DMA/Master Mem Access Control 3 */
+ pci_conf[0x50] = 0x2d; /* PnP DMA Request Control */
+ pci_conf[0x59] = 0x04;
+ pci_conf[0x5a] = 0x04; /* KBC/RTC Control*/
+ pci_conf[0x5f] = 0x04;
+ pci_conf[0x77] = 0x10; /* GPIO Control 1/2/3/4 */
+
+ vt82c->superio_conf.config[0xe0] = 0x3c;
+ vt82c->superio_conf.config[0xe2] = 0x03;
+ vt82c->superio_conf.config[0xe3] = 0xfc;
+ vt82c->superio_conf.config[0xe6] = 0xde;
+ vt82c->superio_conf.config[0xe7] = 0xfe;
+ vt82c->superio_conf.config[0xe8] = 0xbe;
+}
+
+/* write config pci function0 registers. PCI-ISA bridge */
+static void vt82c686b_write_config(PCIDevice * d, uint32_t address,
+ uint32_t val, int len)
+{
+ VT82C686BState *vt686 = DO_UPCAST(VT82C686BState, dev, d);
+
+ DPRINTF("vt82c686b_write_config address 0x%x val 0x%x len 0x%x\n",
+ address, val, len);
+
+ pci_default_write_config(d, address, val, len);
+ if (address == 0x85) { /* enable or disable super IO configure */
+ memory_region_set_enabled(&vt686->superio, val & 0x2);
+ }
+}
+
+#define ACPI_DBG_IO_ADDR 0xb044
+
+typedef struct VT686PMState {
+ PCIDevice dev;
+ MemoryRegion io;
+ ACPIREGS ar;
+ APMState apm;
+ PMSMBus smb;
+ uint32_t smb_io_base;
+} VT686PMState;
+
+typedef struct VT686AC97State {
+ PCIDevice dev;
+} VT686AC97State;
+
+typedef struct VT686MC97State {
+ PCIDevice dev;
+} VT686MC97State;
+
+static void pm_update_sci(VT686PMState *s)
+{
+ int sci_level, pmsts;
+
+ pmsts = acpi_pm1_evt_get_sts(&s->ar);
+ sci_level = (((pmsts & s->ar.pm1.evt.en) &
+ (ACPI_BITMASK_RT_CLOCK_ENABLE |
+ ACPI_BITMASK_POWER_BUTTON_ENABLE |
+ ACPI_BITMASK_GLOBAL_LOCK_ENABLE |
+ ACPI_BITMASK_TIMER_ENABLE)) != 0);
+ qemu_set_irq(s->dev.irq[0], sci_level);
+ /* schedule a timer interruption if needed */
+ acpi_pm_tmr_update(&s->ar, (s->ar.pm1.evt.en & ACPI_BITMASK_TIMER_ENABLE) &&
+ !(pmsts & ACPI_BITMASK_TIMER_STATUS));
+}
+
+static void pm_tmr_timer(ACPIREGS *ar)
+{
+ VT686PMState *s = container_of(ar, VT686PMState, ar);
+ pm_update_sci(s);
+}
+
+static void pm_io_space_update(VT686PMState *s)
+{
+ uint32_t pm_io_base;
+
+ pm_io_base = pci_get_long(s->dev.config + 0x40);
+ pm_io_base &= 0xffc0;
+
+ memory_region_transaction_begin();
+ memory_region_set_enabled(&s->io, s->dev.config[0x80] & 1);
+ memory_region_set_address(&s->io, pm_io_base);
+ memory_region_transaction_commit();
+}
+
+static void pm_write_config(PCIDevice *d,
+ uint32_t address, uint32_t val, int len)
+{
+ DPRINTF("pm_write_config address 0x%x val 0x%x len 0x%x\n",
+ address, val, len);
+ pci_default_write_config(d, address, val, len);
+}
+
+static int vmstate_acpi_post_load(void *opaque, int version_id)
+{
+ VT686PMState *s = opaque;
+
+ pm_io_space_update(s);
+ return 0;
+}
+
+static const VMStateDescription vmstate_acpi = {
+ .name = "vt82c686b_pm",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .minimum_version_id_old = 1,
+ .post_load = vmstate_acpi_post_load,
+ .fields = (VMStateField []) {
+ VMSTATE_PCI_DEVICE(dev, VT686PMState),
+ VMSTATE_UINT16(ar.pm1.evt.sts, VT686PMState),
+ VMSTATE_UINT16(ar.pm1.evt.en, VT686PMState),
+ VMSTATE_UINT16(ar.pm1.cnt.cnt, VT686PMState),
+ VMSTATE_STRUCT(apm, VT686PMState, 0, vmstate_apm, APMState),
+ VMSTATE_TIMER(ar.tmr.timer, VT686PMState),
+ VMSTATE_INT64(ar.tmr.overflow_time, VT686PMState),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+/*
+ * TODO: vt82c686b_ac97_init() and vt82c686b_mc97_init()
+ * just register a PCI device now, functionalities will be implemented later.
+ */
+
+static int vt82c686b_ac97_initfn(PCIDevice *dev)
+{
+ VT686AC97State *s = DO_UPCAST(VT686AC97State, dev, dev);
+ uint8_t *pci_conf = s->dev.config;
+
+ pci_set_word(pci_conf + PCI_COMMAND, PCI_COMMAND_INVALIDATE |
+ PCI_COMMAND_PARITY);
+ pci_set_word(pci_conf + PCI_STATUS, PCI_STATUS_CAP_LIST |
+ PCI_STATUS_DEVSEL_MEDIUM);
+ pci_set_long(pci_conf + PCI_INTERRUPT_PIN, 0x03);
+
+ return 0;
+}
+
+void vt82c686b_ac97_init(PCIBus *bus, int devfn)
+{
+ PCIDevice *dev;
+
+ dev = pci_create(bus, devfn, "VT82C686B_AC97");
+ qdev_init_nofail(&dev->qdev);
+}
+
+static void via_ac97_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ PCIDeviceClass *k = PCI_DEVICE_CLASS(klass);
+
+ k->init = vt82c686b_ac97_initfn;
+ k->vendor_id = PCI_VENDOR_ID_VIA;
+ k->device_id = PCI_DEVICE_ID_VIA_AC97;
+ k->revision = 0x50;
+ k->class_id = PCI_CLASS_MULTIMEDIA_AUDIO;
+ set_bit(DEVICE_CATEGORY_SOUND, dc->categories);
+ dc->desc = "AC97";
+}
+
+static const TypeInfo via_ac97_info = {
+ .name = "VT82C686B_AC97",
+ .parent = TYPE_PCI_DEVICE,
+ .instance_size = sizeof(VT686AC97State),
+ .class_init = via_ac97_class_init,
+};
+
+static int vt82c686b_mc97_initfn(PCIDevice *dev)
+{
+ VT686MC97State *s = DO_UPCAST(VT686MC97State, dev, dev);
+ uint8_t *pci_conf = s->dev.config;
+
+ pci_set_word(pci_conf + PCI_COMMAND, PCI_COMMAND_INVALIDATE |
+ PCI_COMMAND_VGA_PALETTE);
+ pci_set_word(pci_conf + PCI_STATUS, PCI_STATUS_DEVSEL_MEDIUM);
+ pci_set_long(pci_conf + PCI_INTERRUPT_PIN, 0x03);
+
+ return 0;
+}
+
+void vt82c686b_mc97_init(PCIBus *bus, int devfn)
+{
+ PCIDevice *dev;
+
+ dev = pci_create(bus, devfn, "VT82C686B_MC97");
+ qdev_init_nofail(&dev->qdev);
+}
+
+static void via_mc97_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ PCIDeviceClass *k = PCI_DEVICE_CLASS(klass);
+
+ k->init = vt82c686b_mc97_initfn;
+ k->vendor_id = PCI_VENDOR_ID_VIA;
+ k->device_id = PCI_DEVICE_ID_VIA_MC97;
+ k->class_id = PCI_CLASS_COMMUNICATION_OTHER;
+ k->revision = 0x30;
+ set_bit(DEVICE_CATEGORY_NETWORK, dc->categories);
+ dc->desc = "MC97";
+}
+
+static const TypeInfo via_mc97_info = {
+ .name = "VT82C686B_MC97",
+ .parent = TYPE_PCI_DEVICE,
+ .instance_size = sizeof(VT686MC97State),
+ .class_init = via_mc97_class_init,
+};
+
+/* vt82c686 pm init */
+static int vt82c686b_pm_initfn(PCIDevice *dev)
+{
+ VT686PMState *s = DO_UPCAST(VT686PMState, dev, dev);
+ uint8_t *pci_conf;
+
+ pci_conf = s->dev.config;
+ pci_set_word(pci_conf + PCI_COMMAND, 0);
+ pci_set_word(pci_conf + PCI_STATUS, PCI_STATUS_FAST_BACK |
+ PCI_STATUS_DEVSEL_MEDIUM);
+
+ /* 0x48-0x4B is Power Management I/O Base */
+ pci_set_long(pci_conf + 0x48, 0x00000001);
+
+ /* SMB ports:0xeee0~0xeeef */
+ s->smb_io_base =((s->smb_io_base & 0xfff0) + 0x0);
+ pci_conf[0x90] = s->smb_io_base | 1;
+ pci_conf[0x91] = s->smb_io_base >> 8;
+ pci_conf[0xd2] = 0x90;
+ pm_smbus_init(&s->dev.qdev, &s->smb);
+ memory_region_add_subregion(get_system_io(), s->smb_io_base, &s->smb.io);
+
+ apm_init(dev, &s->apm, NULL, s);
+
+ memory_region_init(&s->io, OBJECT(dev), "vt82c686-pm", 64);
+ memory_region_set_enabled(&s->io, false);
+ memory_region_add_subregion(get_system_io(), 0, &s->io);
+
+ acpi_pm_tmr_init(&s->ar, pm_tmr_timer, &s->io);
+ acpi_pm1_evt_init(&s->ar, pm_tmr_timer, &s->io);
+ acpi_pm1_cnt_init(&s->ar, &s->io, 2);
+
+ return 0;
+}
+
+i2c_bus *vt82c686b_pm_init(PCIBus *bus, int devfn, uint32_t smb_io_base,
+ qemu_irq sci_irq)
+{
+ PCIDevice *dev;
+ VT686PMState *s;
+
+ dev = pci_create(bus, devfn, "VT82C686B_PM");
+ qdev_prop_set_uint32(&dev->qdev, "smb_io_base", smb_io_base);
+
+ s = DO_UPCAST(VT686PMState, dev, dev);
+
+ qdev_init_nofail(&dev->qdev);
+
+ return s->smb.smbus;
+}
+
+static Property via_pm_properties[] = {
+ DEFINE_PROP_UINT32("smb_io_base", VT686PMState, smb_io_base, 0),
+ DEFINE_PROP_END_OF_LIST(),
+};
+
+static void via_pm_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ PCIDeviceClass *k = PCI_DEVICE_CLASS(klass);
+
+ k->init = vt82c686b_pm_initfn;
+ k->config_write = pm_write_config;
+ k->vendor_id = PCI_VENDOR_ID_VIA;
+ k->device_id = PCI_DEVICE_ID_VIA_ACPI;
+ k->class_id = PCI_CLASS_BRIDGE_OTHER;
+ k->revision = 0x40;
+ dc->desc = "PM";
+ dc->vmsd = &vmstate_acpi;
+ set_bit(DEVICE_CATEGORY_BRIDGE, dc->categories);
+ dc->props = via_pm_properties;
+}
+
+static const TypeInfo via_pm_info = {
+ .name = "VT82C686B_PM",
+ .parent = TYPE_PCI_DEVICE,
+ .instance_size = sizeof(VT686PMState),
+ .class_init = via_pm_class_init,
+};
+
+static const VMStateDescription vmstate_via = {
+ .name = "vt82c686b",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .minimum_version_id_old = 1,
+ .fields = (VMStateField []) {
+ VMSTATE_PCI_DEVICE(dev, VT82C686BState),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+/* init the PCI-to-ISA bridge */
+static int vt82c686b_initfn(PCIDevice *d)
+{
+ VT82C686BState *vt82c = DO_UPCAST(VT82C686BState, dev, d);
+ uint8_t *pci_conf;
+ ISABus *isa_bus;
+ uint8_t *wmask;
+ int i;
+
+ isa_bus = isa_bus_new(&d->qdev, pci_address_space_io(d));
+
+ pci_conf = d->config;
+ pci_config_set_prog_interface(pci_conf, 0x0);
+
+ wmask = d->wmask;
+ for (i = 0x00; i < 0xff; i++) {
+ if (i<=0x03 || (i>=0x08 && i<=0x3f)) {
+ wmask[i] = 0x00;
+ }
+ }
+
+ memory_region_init_io(&vt82c->superio, OBJECT(d), &superio_ops,
+ &vt82c->superio_conf, "superio", 2);
+ memory_region_set_enabled(&vt82c->superio, false);
+ /* The floppy also uses 0x3f0 and 0x3f1.
+ * But we do not emulate a floppy, so just set it here. */
+ memory_region_add_subregion(isa_bus->address_space_io, 0x3f0,
+ &vt82c->superio);
+
+ qemu_register_reset(vt82c686b_reset, d);
+
+ return 0;
+}
+
+ISABus *vt82c686b_init(PCIBus *bus, int devfn)
+{
+ PCIDevice *d;
+
+ d = pci_create_simple_multifunction(bus, devfn, true, "VT82C686B");
+
+ return ISA_BUS(qdev_get_child_bus(DEVICE(d), "isa.0"));
+}
+
+static void via_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ PCIDeviceClass *k = PCI_DEVICE_CLASS(klass);
+
+ k->init = vt82c686b_initfn;
+ k->config_write = vt82c686b_write_config;
+ k->vendor_id = PCI_VENDOR_ID_VIA;
+ k->device_id = PCI_DEVICE_ID_VIA_ISA_BRIDGE;
+ k->class_id = PCI_CLASS_BRIDGE_ISA;
+ k->revision = 0x40;
+ dc->desc = "ISA bridge";
+ dc->no_user = 1;
+ dc->vmsd = &vmstate_via;
+}
+
+static const TypeInfo via_info = {
+ .name = "VT82C686B",
+ .parent = TYPE_PCI_DEVICE,
+ .instance_size = sizeof(VT82C686BState),
+ .class_init = via_class_init,
+};
+
+static void vt82c686b_register_types(void)
+{
+ type_register_static(&via_ac97_info);
+ type_register_static(&via_mc97_info);
+ type_register_static(&via_pm_info);
+ type_register_static(&via_info);
+}
+
+type_init(vt82c686b_register_types)
diff --git a/hw/isa_mmio.c b/hw/isa_mmio.c
deleted file mode 100644
index 14053960c..000000000
--- a/hw/isa_mmio.c
+++ /dev/null
@@ -1,81 +0,0 @@
-/*
- * Memory mapped access to ISA IO space.
- *
- * Copyright (c) 2006 Fabrice Bellard
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
- * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
- * THE SOFTWARE.
- */
-
-#include "hw.h"
-#include "isa.h"
-#include "exec-memory.h"
-
-static void isa_mmio_writeb (void *opaque, hwaddr addr,
- uint32_t val)
-{
- cpu_outb(addr & IOPORTS_MASK, val);
-}
-
-static void isa_mmio_writew(void *opaque, hwaddr addr,
- uint32_t val)
-{
- cpu_outw(addr & IOPORTS_MASK, val);
-}
-
-static void isa_mmio_writel(void *opaque, hwaddr addr,
- uint32_t val)
-{
- cpu_outl(addr & IOPORTS_MASK, val);
-}
-
-static uint32_t isa_mmio_readb (void *opaque, hwaddr addr)
-{
- return cpu_inb(addr & IOPORTS_MASK);
-}
-
-static uint32_t isa_mmio_readw(void *opaque, hwaddr addr)
-{
- return cpu_inw(addr & IOPORTS_MASK);
-}
-
-static uint32_t isa_mmio_readl(void *opaque, hwaddr addr)
-{
- return cpu_inl(addr & IOPORTS_MASK);
-}
-
-static const MemoryRegionOps isa_mmio_ops = {
- .old_mmio = {
- .write = { isa_mmio_writeb, isa_mmio_writew, isa_mmio_writel },
- .read = { isa_mmio_readb, isa_mmio_readw, isa_mmio_readl, },
- },
- .endianness = DEVICE_LITTLE_ENDIAN,
-};
-
-void isa_mmio_setup(MemoryRegion *mr, hwaddr size)
-{
- memory_region_init_io(mr, &isa_mmio_ops, NULL, "isa-mmio", size);
-}
-
-void isa_mmio_init(hwaddr base, hwaddr size)
-{
- MemoryRegion *mr = g_malloc(sizeof(*mr));
-
- isa_mmio_setup(mr, size);
- memory_region_add_subregion(get_system_memory(), base, mr);
-}
diff --git a/hw/ivshmem.c b/hw/ivshmem.c
deleted file mode 100644
index f6dbb212f..000000000
--- a/hw/ivshmem.c
+++ /dev/null
@@ -1,821 +0,0 @@
-/*
- * Inter-VM Shared Memory PCI device.
- *
- * Author:
- * Cam Macdonell <cam@cs.ualberta.ca>
- *
- * Based On: cirrus_vga.c
- * Copyright (c) 2004 Fabrice Bellard
- * Copyright (c) 2004 Makoto Suzuki (suzu)
- *
- * and rtl8139.c
- * Copyright (c) 2006 Igor Kovalenko
- *
- * This code is licensed under the GNU GPL v2.
- *
- * Contributions after 2012-01-13 are licensed under the terms of the
- * GNU GPL, version 2 or (at your option) any later version.
- */
-#include "hw.h"
-#include "pc.h"
-#include "pci.h"
-#include "msix.h"
-#include "kvm.h"
-#include "migration.h"
-#include "qerror.h"
-#include "event_notifier.h"
-
-#include <sys/mman.h>
-#include <sys/types.h>
-
-#define IVSHMEM_IOEVENTFD 0
-#define IVSHMEM_MSI 1
-
-#define IVSHMEM_PEER 0
-#define IVSHMEM_MASTER 1
-
-#define IVSHMEM_REG_BAR_SIZE 0x100
-
-//#define DEBUG_IVSHMEM
-#ifdef DEBUG_IVSHMEM
-#define IVSHMEM_DPRINTF(fmt, ...) \
- do {printf("IVSHMEM: " fmt, ## __VA_ARGS__); } while (0)
-#else
-#define IVSHMEM_DPRINTF(fmt, ...)
-#endif
-
-typedef struct Peer {
- int nb_eventfds;
- EventNotifier *eventfds;
-} Peer;
-
-typedef struct EventfdEntry {
- PCIDevice *pdev;
- int vector;
-} EventfdEntry;
-
-typedef struct IVShmemState {
- PCIDevice dev;
- uint32_t intrmask;
- uint32_t intrstatus;
- uint32_t doorbell;
-
- CharDriverState **eventfd_chr;
- CharDriverState *server_chr;
- MemoryRegion ivshmem_mmio;
-
- /* We might need to register the BAR before we actually have the memory.
- * So prepare a container MemoryRegion for the BAR immediately and
- * add a subregion when we have the memory.
- */
- MemoryRegion bar;
- MemoryRegion ivshmem;
- uint64_t ivshmem_size; /* size of shared memory region */
- uint32_t ivshmem_attr;
- uint32_t ivshmem_64bit;
- int shm_fd; /* shared memory file descriptor */
-
- Peer *peers;
- int nb_peers; /* how many guests we have space for */
- int max_peer; /* maximum numbered peer */
-
- int vm_id;
- uint32_t vectors;
- uint32_t features;
- EventfdEntry *eventfd_table;
-
- Error *migration_blocker;
-
- char * shmobj;
- char * sizearg;
- char * role;
- int role_val; /* scalar to avoid multiple string comparisons */
-} IVShmemState;
-
-/* registers for the Inter-VM shared memory device */
-enum ivshmem_registers {
- INTRMASK = 0,
- INTRSTATUS = 4,
- IVPOSITION = 8,
- DOORBELL = 12,
-};
-
-static inline uint32_t ivshmem_has_feature(IVShmemState *ivs,
- unsigned int feature) {
- return (ivs->features & (1 << feature));
-}
-
-static inline bool is_power_of_two(uint64_t x) {
- return (x & (x - 1)) == 0;
-}
-
-/* accessing registers - based on rtl8139 */
-static void ivshmem_update_irq(IVShmemState *s, int val)
-{
- int isr;
- isr = (s->intrstatus & s->intrmask) & 0xffffffff;
-
- /* don't print ISR resets */
- if (isr) {
- IVSHMEM_DPRINTF("Set IRQ to %d (%04x %04x)\n",
- isr ? 1 : 0, s->intrstatus, s->intrmask);
- }
-
- qemu_set_irq(s->dev.irq[0], (isr != 0));
-}
-
-static void ivshmem_IntrMask_write(IVShmemState *s, uint32_t val)
-{
- IVSHMEM_DPRINTF("IntrMask write(w) val = 0x%04x\n", val);
-
- s->intrmask = val;
-
- ivshmem_update_irq(s, val);
-}
-
-static uint32_t ivshmem_IntrMask_read(IVShmemState *s)
-{
- uint32_t ret = s->intrmask;
-
- IVSHMEM_DPRINTF("intrmask read(w) val = 0x%04x\n", ret);
-
- return ret;
-}
-
-static void ivshmem_IntrStatus_write(IVShmemState *s, uint32_t val)
-{
- IVSHMEM_DPRINTF("IntrStatus write(w) val = 0x%04x\n", val);
-
- s->intrstatus = val;
-
- ivshmem_update_irq(s, val);
-}
-
-static uint32_t ivshmem_IntrStatus_read(IVShmemState *s)
-{
- uint32_t ret = s->intrstatus;
-
- /* reading ISR clears all interrupts */
- s->intrstatus = 0;
-
- ivshmem_update_irq(s, 0);
-
- return ret;
-}
-
-static void ivshmem_io_write(void *opaque, hwaddr addr,
- uint64_t val, unsigned size)
-{
- IVShmemState *s = opaque;
-
- uint16_t dest = val >> 16;
- uint16_t vector = val & 0xff;
-
- addr &= 0xfc;
-
- IVSHMEM_DPRINTF("writing to addr " TARGET_FMT_plx "\n", addr);
- switch (addr)
- {
- case INTRMASK:
- ivshmem_IntrMask_write(s, val);
- break;
-
- case INTRSTATUS:
- ivshmem_IntrStatus_write(s, val);
- break;
-
- case DOORBELL:
- /* check that dest VM ID is reasonable */
- if (dest > s->max_peer) {
- IVSHMEM_DPRINTF("Invalid destination VM ID (%d)\n", dest);
- break;
- }
-
- /* check doorbell range */
- if (vector < s->peers[dest].nb_eventfds) {
- IVSHMEM_DPRINTF("Notifying VM %d on vector %d\n", dest, vector);
- event_notifier_set(&s->peers[dest].eventfds[vector]);
- }
- break;
- default:
- IVSHMEM_DPRINTF("Invalid VM Doorbell VM %d\n", dest);
- }
-}
-
-static uint64_t ivshmem_io_read(void *opaque, hwaddr addr,
- unsigned size)
-{
-
- IVShmemState *s = opaque;
- uint32_t ret;
-
- switch (addr)
- {
- case INTRMASK:
- ret = ivshmem_IntrMask_read(s);
- break;
-
- case INTRSTATUS:
- ret = ivshmem_IntrStatus_read(s);
- break;
-
- case IVPOSITION:
- /* return my VM ID if the memory is mapped */
- if (s->shm_fd > 0) {
- ret = s->vm_id;
- } else {
- ret = -1;
- }
- break;
-
- default:
- IVSHMEM_DPRINTF("why are we reading " TARGET_FMT_plx "\n", addr);
- ret = 0;
- }
-
- return ret;
-}
-
-static const MemoryRegionOps ivshmem_mmio_ops = {
- .read = ivshmem_io_read,
- .write = ivshmem_io_write,
- .endianness = DEVICE_NATIVE_ENDIAN,
- .impl = {
- .min_access_size = 4,
- .max_access_size = 4,
- },
-};
-
-static void ivshmem_receive(void *opaque, const uint8_t *buf, int size)
-{
- IVShmemState *s = opaque;
-
- ivshmem_IntrStatus_write(s, *buf);
-
- IVSHMEM_DPRINTF("ivshmem_receive 0x%02x\n", *buf);
-}
-
-static int ivshmem_can_receive(void * opaque)
-{
- return 8;
-}
-
-static void ivshmem_event(void *opaque, int event)
-{
- IVSHMEM_DPRINTF("ivshmem_event %d\n", event);
-}
-
-static void fake_irqfd(void *opaque, const uint8_t *buf, int size) {
-
- EventfdEntry *entry = opaque;
- PCIDevice *pdev = entry->pdev;
-
- IVSHMEM_DPRINTF("interrupt on vector %p %d\n", pdev, entry->vector);
- msix_notify(pdev, entry->vector);
-}
-
-static CharDriverState* create_eventfd_chr_device(void * opaque, EventNotifier *n,
- int vector)
-{
- /* create a event character device based on the passed eventfd */
- IVShmemState *s = opaque;
- CharDriverState * chr;
- int eventfd = event_notifier_get_fd(n);
-
- chr = qemu_chr_open_eventfd(eventfd);
-
- if (chr == NULL) {
- fprintf(stderr, "creating eventfd for eventfd %d failed\n", eventfd);
- exit(-1);
- }
-
- /* if MSI is supported we need multiple interrupts */
- if (ivshmem_has_feature(s, IVSHMEM_MSI)) {
- s->eventfd_table[vector].pdev = &s->dev;
- s->eventfd_table[vector].vector = vector;
-
- qemu_chr_add_handlers(chr, ivshmem_can_receive, fake_irqfd,
- ivshmem_event, &s->eventfd_table[vector]);
- } else {
- qemu_chr_add_handlers(chr, ivshmem_can_receive, ivshmem_receive,
- ivshmem_event, s);
- }
-
- return chr;
-
-}
-
-static int check_shm_size(IVShmemState *s, int fd) {
- /* check that the guest isn't going to try and map more memory than the
- * the object has allocated return -1 to indicate error */
-
- struct stat buf;
-
- fstat(fd, &buf);
-
- if (s->ivshmem_size > buf.st_size) {
- fprintf(stderr,
- "IVSHMEM ERROR: Requested memory size greater"
- " than shared object size (%" PRIu64 " > %" PRIu64")\n",
- s->ivshmem_size, (uint64_t)buf.st_size);
- return -1;
- } else {
- return 0;
- }
-}
-
-/* create the shared memory BAR when we are not using the server, so we can
- * create the BAR and map the memory immediately */
-static void create_shared_memory_BAR(IVShmemState *s, int fd) {
-
- void * ptr;
-
- s->shm_fd = fd;
-
- ptr = mmap(0, s->ivshmem_size, PROT_READ|PROT_WRITE, MAP_SHARED, fd, 0);
-
- memory_region_init_ram_ptr(&s->ivshmem, "ivshmem.bar2",
- s->ivshmem_size, ptr);
- vmstate_register_ram(&s->ivshmem, &s->dev.qdev);
- memory_region_add_subregion(&s->bar, 0, &s->ivshmem);
-
- /* region for shared memory */
- pci_register_bar(&s->dev, 2, s->ivshmem_attr, &s->bar);
-}
-
-static void ivshmem_add_eventfd(IVShmemState *s, int posn, int i)
-{
- memory_region_add_eventfd(&s->ivshmem_mmio,
- DOORBELL,
- 4,
- true,
- (posn << 16) | i,
- &s->peers[posn].eventfds[i]);
-}
-
-static void ivshmem_del_eventfd(IVShmemState *s, int posn, int i)
-{
- memory_region_del_eventfd(&s->ivshmem_mmio,
- DOORBELL,
- 4,
- true,
- (posn << 16) | i,
- &s->peers[posn].eventfds[i]);
-}
-
-static void close_guest_eventfds(IVShmemState *s, int posn)
-{
- int i, guest_curr_max;
-
- if (!ivshmem_has_feature(s, IVSHMEM_IOEVENTFD)) {
- return;
- }
-
- guest_curr_max = s->peers[posn].nb_eventfds;
-
- memory_region_transaction_begin();
- for (i = 0; i < guest_curr_max; i++) {
- ivshmem_del_eventfd(s, posn, i);
- }
- memory_region_transaction_commit();
- for (i = 0; i < guest_curr_max; i++) {
- event_notifier_cleanup(&s->peers[posn].eventfds[i]);
- }
-
- g_free(s->peers[posn].eventfds);
- s->peers[posn].nb_eventfds = 0;
-}
-
-/* this function increase the dynamic storage need to store data about other
- * guests */
-static void increase_dynamic_storage(IVShmemState *s, int new_min_size) {
-
- int j, old_nb_alloc;
-
- old_nb_alloc = s->nb_peers;
-
- while (new_min_size >= s->nb_peers)
- s->nb_peers = s->nb_peers * 2;
-
- IVSHMEM_DPRINTF("bumping storage to %d guests\n", s->nb_peers);
- s->peers = g_realloc(s->peers, s->nb_peers * sizeof(Peer));
-
- /* zero out new pointers */
- for (j = old_nb_alloc; j < s->nb_peers; j++) {
- s->peers[j].eventfds = NULL;
- s->peers[j].nb_eventfds = 0;
- }
-}
-
-static void ivshmem_read(void *opaque, const uint8_t * buf, int flags)
-{
- IVShmemState *s = opaque;
- int incoming_fd, tmp_fd;
- int guest_max_eventfd;
- long incoming_posn;
-
- memcpy(&incoming_posn, buf, sizeof(long));
- /* pick off s->server_chr->msgfd and store it, posn should accompany msg */
- tmp_fd = qemu_chr_fe_get_msgfd(s->server_chr);
- IVSHMEM_DPRINTF("posn is %ld, fd is %d\n", incoming_posn, tmp_fd);
-
- /* make sure we have enough space for this guest */
- if (incoming_posn >= s->nb_peers) {
- increase_dynamic_storage(s, incoming_posn);
- }
-
- if (tmp_fd == -1) {
- /* if posn is positive and unseen before then this is our posn*/
- if ((incoming_posn >= 0) &&
- (s->peers[incoming_posn].eventfds == NULL)) {
- /* receive our posn */
- s->vm_id = incoming_posn;
- return;
- } else {
- /* otherwise an fd == -1 means an existing guest has gone away */
- IVSHMEM_DPRINTF("posn %ld has gone away\n", incoming_posn);
- close_guest_eventfds(s, incoming_posn);
- return;
- }
- }
-
- /* because of the implementation of get_msgfd, we need a dup */
- incoming_fd = dup(tmp_fd);
-
- if (incoming_fd == -1) {
- fprintf(stderr, "could not allocate file descriptor %s\n",
- strerror(errno));
- return;
- }
-
- /* if the position is -1, then it's shared memory region fd */
- if (incoming_posn == -1) {
-
- void * map_ptr;
-
- s->max_peer = 0;
-
- if (check_shm_size(s, incoming_fd) == -1) {
- exit(-1);
- }
-
- /* mmap the region and map into the BAR2 */
- map_ptr = mmap(0, s->ivshmem_size, PROT_READ|PROT_WRITE, MAP_SHARED,
- incoming_fd, 0);
- memory_region_init_ram_ptr(&s->ivshmem,
- "ivshmem.bar2", s->ivshmem_size, map_ptr);
- vmstate_register_ram(&s->ivshmem, &s->dev.qdev);
-
- IVSHMEM_DPRINTF("guest h/w addr = %" PRIu64 ", size = %" PRIu64 "\n",
- s->ivshmem_offset, s->ivshmem_size);
-
- memory_region_add_subregion(&s->bar, 0, &s->ivshmem);
-
- /* only store the fd if it is successfully mapped */
- s->shm_fd = incoming_fd;
-
- return;
- }
-
- /* each guest has an array of eventfds, and we keep track of how many
- * guests for each VM */
- guest_max_eventfd = s->peers[incoming_posn].nb_eventfds;
-
- if (guest_max_eventfd == 0) {
- /* one eventfd per MSI vector */
- s->peers[incoming_posn].eventfds = g_new(EventNotifier, s->vectors);
- }
-
- /* this is an eventfd for a particular guest VM */
- IVSHMEM_DPRINTF("eventfds[%ld][%d] = %d\n", incoming_posn,
- guest_max_eventfd, incoming_fd);
- event_notifier_init_fd(&s->peers[incoming_posn].eventfds[guest_max_eventfd],
- incoming_fd);
-
- /* increment count for particular guest */
- s->peers[incoming_posn].nb_eventfds++;
-
- /* keep track of the maximum VM ID */
- if (incoming_posn > s->max_peer) {
- s->max_peer = incoming_posn;
- }
-
- if (incoming_posn == s->vm_id) {
- s->eventfd_chr[guest_max_eventfd] = create_eventfd_chr_device(s,
- &s->peers[s->vm_id].eventfds[guest_max_eventfd],
- guest_max_eventfd);
- }
-
- if (ivshmem_has_feature(s, IVSHMEM_IOEVENTFD)) {
- ivshmem_add_eventfd(s, incoming_posn, guest_max_eventfd);
- }
-}
-
-/* Select the MSI-X vectors used by device.
- * ivshmem maps events to vectors statically, so
- * we just enable all vectors on init and after reset. */
-static void ivshmem_use_msix(IVShmemState * s)
-{
- int i;
-
- if (!msix_present(&s->dev)) {
- return;
- }
-
- for (i = 0; i < s->vectors; i++) {
- msix_vector_use(&s->dev, i);
- }
-}
-
-static void ivshmem_reset(DeviceState *d)
-{
- IVShmemState *s = DO_UPCAST(IVShmemState, dev.qdev, d);
-
- s->intrstatus = 0;
- ivshmem_use_msix(s);
-}
-
-static uint64_t ivshmem_get_size(IVShmemState * s) {
-
- uint64_t value;
- char *ptr;
-
- value = strtoull(s->sizearg, &ptr, 10);
- switch (*ptr) {
- case 0: case 'M': case 'm':
- value <<= 20;
- break;
- case 'G': case 'g':
- value <<= 30;
- break;
- default:
- fprintf(stderr, "qemu: invalid ram size: %s\n", s->sizearg);
- exit(1);
- }
-
- /* BARs must be a power of 2 */
- if (!is_power_of_two(value)) {
- fprintf(stderr, "ivshmem: size must be power of 2\n");
- exit(1);
- }
-
- return value;
-}
-
-static void ivshmem_setup_msi(IVShmemState * s)
-{
- if (msix_init_exclusive_bar(&s->dev, s->vectors, 1)) {
- IVSHMEM_DPRINTF("msix initialization failed\n");
- exit(1);
- }
-
- IVSHMEM_DPRINTF("msix initialized (%d vectors)\n", s->vectors);
-
- /* allocate QEMU char devices for receiving interrupts */
- s->eventfd_table = g_malloc0(s->vectors * sizeof(EventfdEntry));
-
- ivshmem_use_msix(s);
-}
-
-static void ivshmem_save(QEMUFile* f, void *opaque)
-{
- IVShmemState *proxy = opaque;
-
- IVSHMEM_DPRINTF("ivshmem_save\n");
- pci_device_save(&proxy->dev, f);
-
- if (ivshmem_has_feature(proxy, IVSHMEM_MSI)) {
- msix_save(&proxy->dev, f);
- } else {
- qemu_put_be32(f, proxy->intrstatus);
- qemu_put_be32(f, proxy->intrmask);
- }
-
-}
-
-static int ivshmem_load(QEMUFile* f, void *opaque, int version_id)
-{
- IVSHMEM_DPRINTF("ivshmem_load\n");
-
- IVShmemState *proxy = opaque;
- int ret;
-
- if (version_id > 0) {
- return -EINVAL;
- }
-
- if (proxy->role_val == IVSHMEM_PEER) {
- fprintf(stderr, "ivshmem: 'peer' devices are not migratable\n");
- return -EINVAL;
- }
-
- ret = pci_device_load(&proxy->dev, f);
- if (ret) {
- return ret;
- }
-
- if (ivshmem_has_feature(proxy, IVSHMEM_MSI)) {
- msix_load(&proxy->dev, f);
- ivshmem_use_msix(proxy);
- } else {
- proxy->intrstatus = qemu_get_be32(f);
- proxy->intrmask = qemu_get_be32(f);
- }
-
- return 0;
-}
-
-static void ivshmem_write_config(PCIDevice *pci_dev, uint32_t address,
- uint32_t val, int len)
-{
- pci_default_write_config(pci_dev, address, val, len);
- msix_write_config(pci_dev, address, val, len);
-}
-
-static int pci_ivshmem_init(PCIDevice *dev)
-{
- IVShmemState *s = DO_UPCAST(IVShmemState, dev, dev);
- uint8_t *pci_conf;
-
- if (s->sizearg == NULL)
- s->ivshmem_size = 4 << 20; /* 4 MB default */
- else {
- s->ivshmem_size = ivshmem_get_size(s);
- }
-
- register_savevm(&s->dev.qdev, "ivshmem", 0, 0, ivshmem_save, ivshmem_load,
- dev);
-
- /* IRQFD requires MSI */
- if (ivshmem_has_feature(s, IVSHMEM_IOEVENTFD) &&
- !ivshmem_has_feature(s, IVSHMEM_MSI)) {
- fprintf(stderr, "ivshmem: ioeventfd/irqfd requires MSI\n");
- exit(1);
- }
-
- /* check that role is reasonable */
- if (s->role) {
- if (strncmp(s->role, "peer", 5) == 0) {
- s->role_val = IVSHMEM_PEER;
- } else if (strncmp(s->role, "master", 7) == 0) {
- s->role_val = IVSHMEM_MASTER;
- } else {
- fprintf(stderr, "ivshmem: 'role' must be 'peer' or 'master'\n");
- exit(1);
- }
- } else {
- s->role_val = IVSHMEM_MASTER; /* default */
- }
-
- if (s->role_val == IVSHMEM_PEER) {
- error_set(&s->migration_blocker, QERR_DEVICE_FEATURE_BLOCKS_MIGRATION,
- "peer mode", "ivshmem");
- migrate_add_blocker(s->migration_blocker);
- }
-
- pci_conf = s->dev.config;
- pci_conf[PCI_COMMAND] = PCI_COMMAND_IO | PCI_COMMAND_MEMORY;
-
- pci_config_set_interrupt_pin(pci_conf, 1);
-
- s->shm_fd = 0;
-
- memory_region_init_io(&s->ivshmem_mmio, &ivshmem_mmio_ops, s,
- "ivshmem-mmio", IVSHMEM_REG_BAR_SIZE);
-
- /* region for registers*/
- pci_register_bar(&s->dev, 0, PCI_BASE_ADDRESS_SPACE_MEMORY,
- &s->ivshmem_mmio);
-
- memory_region_init(&s->bar, "ivshmem-bar2-container", s->ivshmem_size);
- s->ivshmem_attr = PCI_BASE_ADDRESS_SPACE_MEMORY |
- PCI_BASE_ADDRESS_MEM_PREFETCH;
- if (s->ivshmem_64bit) {
- s->ivshmem_attr |= PCI_BASE_ADDRESS_MEM_TYPE_64;
- }
-
- if ((s->server_chr != NULL) &&
- (strncmp(s->server_chr->filename, "unix:", 5) == 0)) {
- /* if we get a UNIX socket as the parameter we will talk
- * to the ivshmem server to receive the memory region */
-
- if (s->shmobj != NULL) {
- fprintf(stderr, "WARNING: do not specify both 'chardev' "
- "and 'shm' with ivshmem\n");
- }
-
- IVSHMEM_DPRINTF("using shared memory server (socket = %s)\n",
- s->server_chr->filename);
-
- if (ivshmem_has_feature(s, IVSHMEM_MSI)) {
- ivshmem_setup_msi(s);
- }
-
- /* we allocate enough space for 16 guests and grow as needed */
- s->nb_peers = 16;
- s->vm_id = -1;
-
- /* allocate/initialize space for interrupt handling */
- s->peers = g_malloc0(s->nb_peers * sizeof(Peer));
-
- pci_register_bar(&s->dev, 2, s->ivshmem_attr, &s->bar);
-
- s->eventfd_chr = g_malloc0(s->vectors * sizeof(CharDriverState *));
-
- qemu_chr_add_handlers(s->server_chr, ivshmem_can_receive, ivshmem_read,
- ivshmem_event, s);
- } else {
- /* just map the file immediately, we're not using a server */
- int fd;
-
- if (s->shmobj == NULL) {
- fprintf(stderr, "Must specify 'chardev' or 'shm' to ivshmem\n");
- }
-
- IVSHMEM_DPRINTF("using shm_open (shm object = %s)\n", s->shmobj);
-
- /* try opening with O_EXCL and if it succeeds zero the memory
- * by truncating to 0 */
- if ((fd = shm_open(s->shmobj, O_CREAT|O_RDWR|O_EXCL,
- S_IRWXU|S_IRWXG|S_IRWXO)) > 0) {
- /* truncate file to length PCI device's memory */
- if (ftruncate(fd, s->ivshmem_size) != 0) {
- fprintf(stderr, "ivshmem: could not truncate shared file\n");
- }
-
- } else if ((fd = shm_open(s->shmobj, O_CREAT|O_RDWR,
- S_IRWXU|S_IRWXG|S_IRWXO)) < 0) {
- fprintf(stderr, "ivshmem: could not open shared file\n");
- exit(-1);
-
- }
-
- if (check_shm_size(s, fd) == -1) {
- exit(-1);
- }
-
- create_shared_memory_BAR(s, fd);
-
- }
-
- s->dev.config_write = ivshmem_write_config;
-
- return 0;
-}
-
-static void pci_ivshmem_uninit(PCIDevice *dev)
-{
- IVShmemState *s = DO_UPCAST(IVShmemState, dev, dev);
-
- if (s->migration_blocker) {
- migrate_del_blocker(s->migration_blocker);
- error_free(s->migration_blocker);
- }
-
- memory_region_destroy(&s->ivshmem_mmio);
- memory_region_del_subregion(&s->bar, &s->ivshmem);
- vmstate_unregister_ram(&s->ivshmem, &s->dev.qdev);
- memory_region_destroy(&s->ivshmem);
- memory_region_destroy(&s->bar);
- unregister_savevm(&dev->qdev, "ivshmem", s);
-}
-
-static Property ivshmem_properties[] = {
- DEFINE_PROP_CHR("chardev", IVShmemState, server_chr),
- DEFINE_PROP_STRING("size", IVShmemState, sizearg),
- DEFINE_PROP_UINT32("vectors", IVShmemState, vectors, 1),
- DEFINE_PROP_BIT("ioeventfd", IVShmemState, features, IVSHMEM_IOEVENTFD, false),
- DEFINE_PROP_BIT("msi", IVShmemState, features, IVSHMEM_MSI, true),
- DEFINE_PROP_STRING("shm", IVShmemState, shmobj),
- DEFINE_PROP_STRING("role", IVShmemState, role),
- DEFINE_PROP_UINT32("use64", IVShmemState, ivshmem_64bit, 1),
- DEFINE_PROP_END_OF_LIST(),
-};
-
-static void ivshmem_class_init(ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS(klass);
- PCIDeviceClass *k = PCI_DEVICE_CLASS(klass);
-
- k->init = pci_ivshmem_init;
- k->exit = pci_ivshmem_uninit;
- k->vendor_id = PCI_VENDOR_ID_REDHAT_QUMRANET;
- k->device_id = 0x1110;
- k->class_id = PCI_CLASS_MEMORY_RAM;
- dc->reset = ivshmem_reset;
- dc->props = ivshmem_properties;
-}
-
-static TypeInfo ivshmem_info = {
- .name = "ivshmem",
- .parent = TYPE_PCI_DEVICE,
- .instance_size = sizeof(IVShmemState),
- .class_init = ivshmem_class_init,
-};
-
-static void ivshmem_register_types(void)
-{
- type_register_static(&ivshmem_info);
-}
-
-type_init(ivshmem_register_types)
diff --git a/hw/jazz_led.c b/hw/jazz_led.c
deleted file mode 100644
index 640e75ef2..000000000
--- a/hw/jazz_led.c
+++ /dev/null
@@ -1,291 +0,0 @@
-/*
- * QEMU JAZZ LED emulator.
- *
- * Copyright (c) 2007-2012 Herve Poussineau
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
- * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
- * THE SOFTWARE.
- */
-
-#include "console.h"
-#include "pixel_ops.h"
-#include "trace.h"
-#include "sysbus.h"
-
-typedef enum {
- REDRAW_NONE = 0, REDRAW_SEGMENTS = 1, REDRAW_BACKGROUND = 2,
-} screen_state_t;
-
-typedef struct LedState {
- SysBusDevice busdev;
- MemoryRegion iomem;
- uint8_t segments;
- DisplayState *ds;
- screen_state_t state;
-} LedState;
-
-static uint64_t jazz_led_read(void *opaque, hwaddr addr,
- unsigned int size)
-{
- LedState *s = opaque;
- uint8_t val;
-
- val = s->segments;
- trace_jazz_led_read(addr, val);
-
- return val;
-}
-
-static void jazz_led_write(void *opaque, hwaddr addr,
- uint64_t val, unsigned int size)
-{
- LedState *s = opaque;
- uint8_t new_val = val & 0xff;
-
- trace_jazz_led_write(addr, new_val);
-
- s->segments = new_val;
- s->state |= REDRAW_SEGMENTS;
-}
-
-static const MemoryRegionOps led_ops = {
- .read = jazz_led_read,
- .write = jazz_led_write,
- .endianness = DEVICE_NATIVE_ENDIAN,
- .impl.min_access_size = 1,
- .impl.max_access_size = 1,
-};
-
-/***********************************************************/
-/* jazz_led display */
-
-static void draw_horizontal_line(DisplayState *ds, int posy, int posx1, int posx2, uint32_t color)
-{
- uint8_t *d;
- int x, bpp;
-
- bpp = (ds_get_bits_per_pixel(ds) + 7) >> 3;
- d = ds_get_data(ds) + ds_get_linesize(ds) * posy + bpp * posx1;
- switch(bpp) {
- case 1:
- for (x = posx1; x <= posx2; x++) {
- *((uint8_t *)d) = color;
- d++;
- }
- break;
- case 2:
- for (x = posx1; x <= posx2; x++) {
- *((uint16_t *)d) = color;
- d += 2;
- }
- break;
- case 4:
- for (x = posx1; x <= posx2; x++) {
- *((uint32_t *)d) = color;
- d += 4;
- }
- break;
- }
-}
-
-static void draw_vertical_line(DisplayState *ds, int posx, int posy1, int posy2, uint32_t color)
-{
- uint8_t *d;
- int y, bpp;
-
- bpp = (ds_get_bits_per_pixel(ds) + 7) >> 3;
- d = ds_get_data(ds) + ds_get_linesize(ds) * posy1 + bpp * posx;
- switch(bpp) {
- case 1:
- for (y = posy1; y <= posy2; y++) {
- *((uint8_t *)d) = color;
- d += ds_get_linesize(ds);
- }
- break;
- case 2:
- for (y = posy1; y <= posy2; y++) {
- *((uint16_t *)d) = color;
- d += ds_get_linesize(ds);
- }
- break;
- case 4:
- for (y = posy1; y <= posy2; y++) {
- *((uint32_t *)d) = color;
- d += ds_get_linesize(ds);
- }
- break;
- }
-}
-
-static void jazz_led_update_display(void *opaque)
-{
- LedState *s = opaque;
- DisplayState *ds = s->ds;
- uint8_t *d1;
- uint32_t color_segment, color_led;
- int y, bpp;
-
- if (s->state & REDRAW_BACKGROUND) {
- /* clear screen */
- bpp = (ds_get_bits_per_pixel(ds) + 7) >> 3;
- d1 = ds_get_data(ds);
- for (y = 0; y < ds_get_height(ds); y++) {
- memset(d1, 0x00, ds_get_width(ds) * bpp);
- d1 += ds_get_linesize(ds);
- }
- }
-
- if (s->state & REDRAW_SEGMENTS) {
- /* set colors according to bpp */
- switch (ds_get_bits_per_pixel(ds)) {
- case 8:
- color_segment = rgb_to_pixel8(0xaa, 0xaa, 0xaa);
- color_led = rgb_to_pixel8(0x00, 0xff, 0x00);
- break;
- case 15:
- color_segment = rgb_to_pixel15(0xaa, 0xaa, 0xaa);
- color_led = rgb_to_pixel15(0x00, 0xff, 0x00);
- break;
- case 16:
- color_segment = rgb_to_pixel16(0xaa, 0xaa, 0xaa);
- color_led = rgb_to_pixel16(0x00, 0xff, 0x00);
- case 24:
- color_segment = rgb_to_pixel24(0xaa, 0xaa, 0xaa);
- color_led = rgb_to_pixel24(0x00, 0xff, 0x00);
- break;
- case 32:
- color_segment = rgb_to_pixel32(0xaa, 0xaa, 0xaa);
- color_led = rgb_to_pixel32(0x00, 0xff, 0x00);
- break;
- default:
- return;
- }
-
- /* display segments */
- draw_horizontal_line(ds, 40, 10, 40, (s->segments & 0x02) ? color_segment : 0);
- draw_vertical_line(ds, 10, 10, 40, (s->segments & 0x04) ? color_segment : 0);
- draw_vertical_line(ds, 10, 40, 70, (s->segments & 0x08) ? color_segment : 0);
- draw_horizontal_line(ds, 70, 10, 40, (s->segments & 0x10) ? color_segment : 0);
- draw_vertical_line(ds, 40, 40, 70, (s->segments & 0x20) ? color_segment : 0);
- draw_vertical_line(ds, 40, 10, 40, (s->segments & 0x40) ? color_segment : 0);
- draw_horizontal_line(ds, 10, 10, 40, (s->segments & 0x80) ? color_segment : 0);
-
- /* display led */
- if (!(s->segments & 0x01))
- color_led = 0; /* black */
- draw_horizontal_line(ds, 68, 50, 50, color_led);
- draw_horizontal_line(ds, 69, 49, 51, color_led);
- draw_horizontal_line(ds, 70, 48, 52, color_led);
- draw_horizontal_line(ds, 71, 49, 51, color_led);
- draw_horizontal_line(ds, 72, 50, 50, color_led);
- }
-
- s->state = REDRAW_NONE;
- dpy_gfx_update(ds, 0, 0, ds_get_width(ds), ds_get_height(ds));
-}
-
-static void jazz_led_invalidate_display(void *opaque)
-{
- LedState *s = opaque;
- s->state |= REDRAW_SEGMENTS | REDRAW_BACKGROUND;
-}
-
-static void jazz_led_text_update(void *opaque, console_ch_t *chardata)
-{
- LedState *s = opaque;
- char buf[2];
-
- dpy_text_cursor(s->ds, -1, -1);
- qemu_console_resize(s->ds, 2, 1);
-
- /* TODO: draw the segments */
- snprintf(buf, 2, "%02hhx\n", s->segments);
- console_write_ch(chardata++, 0x00200100 | buf[0]);
- console_write_ch(chardata++, 0x00200100 | buf[1]);
-
- dpy_text_update(s->ds, 0, 0, 2, 1);
-}
-
-static int jazz_led_post_load(void *opaque, int version_id)
-{
- /* force refresh */
- jazz_led_invalidate_display(opaque);
-
- return 0;
-}
-
-static const VMStateDescription vmstate_jazz_led = {
- .name = "jazz-led",
- .version_id = 0,
- .minimum_version_id = 0,
- .minimum_version_id_old = 0,
- .post_load = jazz_led_post_load,
- .fields = (VMStateField[]) {
- VMSTATE_UINT8(segments, LedState),
- VMSTATE_END_OF_LIST()
- }
-};
-
-static int jazz_led_init(SysBusDevice *dev)
-{
- LedState *s = FROM_SYSBUS(LedState, dev);
-
- memory_region_init_io(&s->iomem, &led_ops, s, "led", 1);
- sysbus_init_mmio(dev, &s->iomem);
-
- s->ds = graphic_console_init(jazz_led_update_display,
- jazz_led_invalidate_display,
- NULL,
- jazz_led_text_update, s);
-
- return 0;
-}
-
-static void jazz_led_reset(DeviceState *d)
-{
- LedState *s = DO_UPCAST(LedState, busdev.qdev, d);
-
- s->segments = 0;
- s->state = REDRAW_SEGMENTS | REDRAW_BACKGROUND;
- qemu_console_resize(s->ds, 60, 80);
-}
-
-static void jazz_led_class_init(ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS(klass);
- SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
-
- k->init = jazz_led_init;
- dc->desc = "Jazz LED display",
- dc->vmsd = &vmstate_jazz_led;
- dc->reset = jazz_led_reset;
-}
-
-static TypeInfo jazz_led_info = {
- .name = "jazz-led",
- .parent = TYPE_SYS_BUS_DEVICE,
- .instance_size = sizeof(LedState),
- .class_init = jazz_led_class_init,
-};
-
-static void jazz_led_register(void)
-{
- type_register_static(&jazz_led_info);
-}
-
-type_init(jazz_led_register);
diff --git a/hw/kvm/Makefile.objs b/hw/kvm/Makefile.objs
deleted file mode 100644
index f620d7ff8..000000000
--- a/hw/kvm/Makefile.objs
+++ /dev/null
@@ -1 +0,0 @@
-obj-$(CONFIG_KVM) += clock.o apic.o i8259.o ioapic.o i8254.o pci-assign.o
diff --git a/hw/kvm/apic.c b/hw/kvm/apic.c
deleted file mode 100644
index 8b65d513d..000000000
--- a/hw/kvm/apic.c
+++ /dev/null
@@ -1,209 +0,0 @@
-/*
- * KVM in-kernel APIC support
- *
- * Copyright (c) 2011 Siemens AG
- *
- * Authors:
- * Jan Kiszka <jan.kiszka@siemens.com>
- *
- * This work is licensed under the terms of the GNU GPL version 2.
- * See the COPYING file in the top-level directory.
- */
-#include "hw/apic_internal.h"
-#include "hw/msi.h"
-#include "kvm.h"
-
-static inline void kvm_apic_set_reg(struct kvm_lapic_state *kapic,
- int reg_id, uint32_t val)
-{
- *((uint32_t *)(kapic->regs + (reg_id << 4))) = val;
-}
-
-static inline uint32_t kvm_apic_get_reg(struct kvm_lapic_state *kapic,
- int reg_id)
-{
- return *((uint32_t *)(kapic->regs + (reg_id << 4)));
-}
-
-void kvm_put_apic_state(DeviceState *d, struct kvm_lapic_state *kapic)
-{
- APICCommonState *s = DO_UPCAST(APICCommonState, busdev.qdev, d);
- int i;
-
- memset(kapic, 0, sizeof(*kapic));
- kvm_apic_set_reg(kapic, 0x2, s->id << 24);
- kvm_apic_set_reg(kapic, 0x8, s->tpr);
- kvm_apic_set_reg(kapic, 0xd, s->log_dest << 24);
- kvm_apic_set_reg(kapic, 0xe, s->dest_mode << 28 | 0x0fffffff);
- kvm_apic_set_reg(kapic, 0xf, s->spurious_vec);
- for (i = 0; i < 8; i++) {
- kvm_apic_set_reg(kapic, 0x10 + i, s->isr[i]);
- kvm_apic_set_reg(kapic, 0x18 + i, s->tmr[i]);
- kvm_apic_set_reg(kapic, 0x20 + i, s->irr[i]);
- }
- kvm_apic_set_reg(kapic, 0x28, s->esr);
- kvm_apic_set_reg(kapic, 0x30, s->icr[0]);
- kvm_apic_set_reg(kapic, 0x31, s->icr[1]);
- for (i = 0; i < APIC_LVT_NB; i++) {
- kvm_apic_set_reg(kapic, 0x32 + i, s->lvt[i]);
- }
- kvm_apic_set_reg(kapic, 0x38, s->initial_count);
- kvm_apic_set_reg(kapic, 0x3e, s->divide_conf);
-}
-
-void kvm_get_apic_state(DeviceState *d, struct kvm_lapic_state *kapic)
-{
- APICCommonState *s = DO_UPCAST(APICCommonState, busdev.qdev, d);
- int i, v;
-
- s->id = kvm_apic_get_reg(kapic, 0x2) >> 24;
- s->tpr = kvm_apic_get_reg(kapic, 0x8);
- s->arb_id = kvm_apic_get_reg(kapic, 0x9);
- s->log_dest = kvm_apic_get_reg(kapic, 0xd) >> 24;
- s->dest_mode = kvm_apic_get_reg(kapic, 0xe) >> 28;
- s->spurious_vec = kvm_apic_get_reg(kapic, 0xf);
- for (i = 0; i < 8; i++) {
- s->isr[i] = kvm_apic_get_reg(kapic, 0x10 + i);
- s->tmr[i] = kvm_apic_get_reg(kapic, 0x18 + i);
- s->irr[i] = kvm_apic_get_reg(kapic, 0x20 + i);
- }
- s->esr = kvm_apic_get_reg(kapic, 0x28);
- s->icr[0] = kvm_apic_get_reg(kapic, 0x30);
- s->icr[1] = kvm_apic_get_reg(kapic, 0x31);
- for (i = 0; i < APIC_LVT_NB; i++) {
- s->lvt[i] = kvm_apic_get_reg(kapic, 0x32 + i);
- }
- s->initial_count = kvm_apic_get_reg(kapic, 0x38);
- s->divide_conf = kvm_apic_get_reg(kapic, 0x3e);
-
- v = (s->divide_conf & 3) | ((s->divide_conf >> 1) & 4);
- s->count_shift = (v + 1) & 7;
-
- s->initial_count_load_time = qemu_get_clock_ns(vm_clock);
- apic_next_timer(s, s->initial_count_load_time);
-}
-
-static void kvm_apic_set_base(APICCommonState *s, uint64_t val)
-{
- s->apicbase = val;
-}
-
-static void kvm_apic_set_tpr(APICCommonState *s, uint8_t val)
-{
- s->tpr = (val & 0x0f) << 4;
-}
-
-static uint8_t kvm_apic_get_tpr(APICCommonState *s)
-{
- return s->tpr >> 4;
-}
-
-static void kvm_apic_enable_tpr_reporting(APICCommonState *s, bool enable)
-{
- struct kvm_tpr_access_ctl ctl = {
- .enabled = enable
- };
-
- kvm_vcpu_ioctl(&s->cpu->env, KVM_TPR_ACCESS_REPORTING, &ctl);
-}
-
-static void kvm_apic_vapic_base_update(APICCommonState *s)
-{
- struct kvm_vapic_addr vapid_addr = {
- .vapic_addr = s->vapic_paddr,
- };
- int ret;
-
- ret = kvm_vcpu_ioctl(&s->cpu->env, KVM_SET_VAPIC_ADDR, &vapid_addr);
- if (ret < 0) {
- fprintf(stderr, "KVM: setting VAPIC address failed (%s)\n",
- strerror(-ret));
- abort();
- }
-}
-
-static void do_inject_external_nmi(void *data)
-{
- APICCommonState *s = data;
- CPUX86State *env = &s->cpu->env;
- uint32_t lvt;
- int ret;
-
- cpu_synchronize_state(env);
-
- lvt = s->lvt[APIC_LVT_LINT1];
- if (!(lvt & APIC_LVT_MASKED) && ((lvt >> 8) & 7) == APIC_DM_NMI) {
- ret = kvm_vcpu_ioctl(env, KVM_NMI);
- if (ret < 0) {
- fprintf(stderr, "KVM: injection failed, NMI lost (%s)\n",
- strerror(-ret));
- }
- }
-}
-
-static void kvm_apic_external_nmi(APICCommonState *s)
-{
- run_on_cpu(CPU(s->cpu), do_inject_external_nmi, s);
-}
-
-static uint64_t kvm_apic_mem_read(void *opaque, hwaddr addr,
- unsigned size)
-{
- return ~(uint64_t)0;
-}
-
-static void kvm_apic_mem_write(void *opaque, hwaddr addr,
- uint64_t data, unsigned size)
-{
- MSIMessage msg = { .address = addr, .data = data };
- int ret;
-
- ret = kvm_irqchip_send_msi(kvm_state, msg);
- if (ret < 0) {
- fprintf(stderr, "KVM: injection failed, MSI lost (%s)\n",
- strerror(-ret));
- }
-}
-
-static const MemoryRegionOps kvm_apic_io_ops = {
- .read = kvm_apic_mem_read,
- .write = kvm_apic_mem_write,
- .endianness = DEVICE_NATIVE_ENDIAN,
-};
-
-static void kvm_apic_init(APICCommonState *s)
-{
- memory_region_init_io(&s->io_memory, &kvm_apic_io_ops, s, "kvm-apic-msi",
- MSI_SPACE_SIZE);
-
- if (kvm_has_gsi_routing()) {
- msi_supported = true;
- }
-}
-
-static void kvm_apic_class_init(ObjectClass *klass, void *data)
-{
- APICCommonClass *k = APIC_COMMON_CLASS(klass);
-
- k->init = kvm_apic_init;
- k->set_base = kvm_apic_set_base;
- k->set_tpr = kvm_apic_set_tpr;
- k->get_tpr = kvm_apic_get_tpr;
- k->enable_tpr_reporting = kvm_apic_enable_tpr_reporting;
- k->vapic_base_update = kvm_apic_vapic_base_update;
- k->external_nmi = kvm_apic_external_nmi;
-}
-
-static TypeInfo kvm_apic_info = {
- .name = "kvm-apic",
- .parent = TYPE_APIC_COMMON,
- .instance_size = sizeof(APICCommonState),
- .class_init = kvm_apic_class_init,
-};
-
-static void kvm_apic_register_types(void)
-{
- type_register_static(&kvm_apic_info);
-}
-
-type_init(kvm_apic_register_types)
diff --git a/hw/kvm/clock.c b/hw/kvm/clock.c
deleted file mode 100644
index 824b97839..000000000
--- a/hw/kvm/clock.c
+++ /dev/null
@@ -1,143 +0,0 @@
-/*
- * QEMU KVM support, paravirtual clock device
- *
- * Copyright (C) 2011 Siemens AG
- *
- * Authors:
- * Jan Kiszka <jan.kiszka@siemens.com>
- *
- * This work is licensed under the terms of the GNU GPL version 2.
- * See the COPYING file in the top-level directory.
- *
- * Contributions after 2012-01-13 are licensed under the terms of the
- * GNU GPL, version 2 or (at your option) any later version.
- */
-
-#include "qemu-common.h"
-#include "sysemu.h"
-#include "kvm.h"
-#include "hw/sysbus.h"
-#include "hw/kvm/clock.h"
-
-#include <linux/kvm.h>
-#include <linux/kvm_para.h>
-
-typedef struct KVMClockState {
- SysBusDevice busdev;
- uint64_t clock;
- bool clock_valid;
-} KVMClockState;
-
-static void kvmclock_pre_save(void *opaque)
-{
- KVMClockState *s = opaque;
- struct kvm_clock_data data;
- int ret;
-
- if (s->clock_valid) {
- return;
- }
- ret = kvm_vm_ioctl(kvm_state, KVM_GET_CLOCK, &data);
- if (ret < 0) {
- fprintf(stderr, "KVM_GET_CLOCK failed: %s\n", strerror(ret));
- data.clock = 0;
- }
- s->clock = data.clock;
- /*
- * If the VM is stopped, declare the clock state valid to avoid re-reading
- * it on next vmsave (which would return a different value). Will be reset
- * when the VM is continued.
- */
- s->clock_valid = !runstate_is_running();
-}
-
-static int kvmclock_post_load(void *opaque, int version_id)
-{
- KVMClockState *s = opaque;
- struct kvm_clock_data data;
-
- data.clock = s->clock;
- data.flags = 0;
- return kvm_vm_ioctl(kvm_state, KVM_SET_CLOCK, &data);
-}
-
-static void kvmclock_vm_state_change(void *opaque, int running,
- RunState state)
-{
- KVMClockState *s = opaque;
- CPUArchState *penv = first_cpu;
- int cap_clock_ctrl = kvm_check_extension(kvm_state, KVM_CAP_KVMCLOCK_CTRL);
- int ret;
-
- if (running) {
- s->clock_valid = false;
-
- if (!cap_clock_ctrl) {
- return;
- }
- for (penv = first_cpu; penv != NULL; penv = penv->next_cpu) {
- ret = kvm_vcpu_ioctl(penv, KVM_KVMCLOCK_CTRL, 0);
- if (ret) {
- if (ret != -EINVAL) {
- fprintf(stderr, "%s: %s\n", __func__, strerror(-ret));
- }
- return;
- }
- }
- }
-}
-
-static int kvmclock_init(SysBusDevice *dev)
-{
- KVMClockState *s = FROM_SYSBUS(KVMClockState, dev);
-
- qemu_add_vm_change_state_handler(kvmclock_vm_state_change, s);
- return 0;
-}
-
-static const VMStateDescription kvmclock_vmsd = {
- .name = "kvmclock",
- .version_id = 1,
- .minimum_version_id = 1,
- .minimum_version_id_old = 1,
- .pre_save = kvmclock_pre_save,
- .post_load = kvmclock_post_load,
- .fields = (VMStateField[]) {
- VMSTATE_UINT64(clock, KVMClockState),
- VMSTATE_END_OF_LIST()
- }
-};
-
-static void kvmclock_class_init(ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS(klass);
- SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
-
- k->init = kvmclock_init;
- dc->no_user = 1;
- dc->vmsd = &kvmclock_vmsd;
-}
-
-static TypeInfo kvmclock_info = {
- .name = "kvmclock",
- .parent = TYPE_SYS_BUS_DEVICE,
- .instance_size = sizeof(KVMClockState),
- .class_init = kvmclock_class_init,
-};
-
-/* Note: Must be called after VCPU initialization. */
-void kvmclock_create(void)
-{
- if (kvm_enabled() &&
- first_cpu->cpuid_kvm_features & ((1ULL << KVM_FEATURE_CLOCKSOURCE) |
- (1ULL << KVM_FEATURE_CLOCKSOURCE2))) {
- sysbus_create_simple("kvmclock", -1, NULL);
- }
-}
-
-static void kvmclock_register_types(void)
-{
- type_register_static(&kvmclock_info);
-}
-
-type_init(kvmclock_register_types)
diff --git a/hw/kvm/clock.h b/hw/kvm/clock.h
deleted file mode 100644
index 252ea1346..000000000
--- a/hw/kvm/clock.h
+++ /dev/null
@@ -1,24 +0,0 @@
-/*
- * QEMU KVM support, paravirtual clock device
- *
- * Copyright (C) 2011 Siemens AG
- *
- * Authors:
- * Jan Kiszka <jan.kiszka@siemens.com>
- *
- * This work is licensed under the terms of the GNU GPL version 2.
- * See the COPYING file in the top-level directory.
- *
- */
-
-#ifdef CONFIG_KVM
-
-void kvmclock_create(void);
-
-#else /* CONFIG_KVM */
-
-static inline void kvmclock_create(void)
-{
-}
-
-#endif /* !CONFIG_KVM */
diff --git a/hw/kvm/i8254.c b/hw/kvm/i8254.c
deleted file mode 100644
index 53d13e312..000000000
--- a/hw/kvm/i8254.c
+++ /dev/null
@@ -1,317 +0,0 @@
-/*
- * KVM in-kernel PIT (i8254) support
- *
- * Copyright (c) 2003-2004 Fabrice Bellard
- * Copyright (c) 2012 Jan Kiszka, Siemens AG
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
- * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
- * THE SOFTWARE.
- */
-#include "qemu-timer.h"
-#include "sysemu.h"
-#include "hw/i8254.h"
-#include "hw/i8254_internal.h"
-#include "kvm.h"
-
-#define KVM_PIT_REINJECT_BIT 0
-
-#define CALIBRATION_ROUNDS 3
-
-typedef struct KVMPITState {
- PITCommonState pit;
- LostTickPolicy lost_tick_policy;
- bool vm_stopped;
- int64_t kernel_clock_offset;
-} KVMPITState;
-
-static int64_t abs64(int64_t v)
-{
- return v < 0 ? -v : v;
-}
-
-static void kvm_pit_update_clock_offset(KVMPITState *s)
-{
- int64_t offset, clock_offset;
- struct timespec ts;
- int i;
-
- /*
- * Measure the delta between CLOCK_MONOTONIC, the base used for
- * kvm_pit_channel_state::count_load_time, and vm_clock. Take the
- * minimum of several samples to filter out scheduling noise.
- */
- clock_offset = INT64_MAX;
- for (i = 0; i < CALIBRATION_ROUNDS; i++) {
- offset = qemu_get_clock_ns(vm_clock);
- clock_gettime(CLOCK_MONOTONIC, &ts);
- offset -= ts.tv_nsec;
- offset -= (int64_t)ts.tv_sec * 1000000000;
- if (abs64(offset) < abs64(clock_offset)) {
- clock_offset = offset;
- }
- }
- s->kernel_clock_offset = clock_offset;
-}
-
-static void kvm_pit_get(PITCommonState *pit)
-{
- KVMPITState *s = DO_UPCAST(KVMPITState, pit, pit);
- struct kvm_pit_state2 kpit;
- struct kvm_pit_channel_state *kchan;
- struct PITChannelState *sc;
- int i, ret;
-
- /* No need to re-read the state if VM is stopped. */
- if (s->vm_stopped) {
- return;
- }
-
- if (kvm_has_pit_state2()) {
- ret = kvm_vm_ioctl(kvm_state, KVM_GET_PIT2, &kpit);
- if (ret < 0) {
- fprintf(stderr, "KVM_GET_PIT2 failed: %s\n", strerror(ret));
- abort();
- }
- pit->channels[0].irq_disabled = kpit.flags & KVM_PIT_FLAGS_HPET_LEGACY;
- } else {
- /*
- * kvm_pit_state2 is superset of kvm_pit_state struct,
- * so we can use it for KVM_GET_PIT as well.
- */
- ret = kvm_vm_ioctl(kvm_state, KVM_GET_PIT, &kpit);
- if (ret < 0) {
- fprintf(stderr, "KVM_GET_PIT failed: %s\n", strerror(ret));
- abort();
- }
- }
- for (i = 0; i < 3; i++) {
- kchan = &kpit.channels[i];
- sc = &pit->channels[i];
- sc->count = kchan->count;
- sc->latched_count = kchan->latched_count;
- sc->count_latched = kchan->count_latched;
- sc->status_latched = kchan->status_latched;
- sc->status = kchan->status;
- sc->read_state = kchan->read_state;
- sc->write_state = kchan->write_state;
- sc->write_latch = kchan->write_latch;
- sc->rw_mode = kchan->rw_mode;
- sc->mode = kchan->mode;
- sc->bcd = kchan->bcd;
- sc->gate = kchan->gate;
- sc->count_load_time = kchan->count_load_time + s->kernel_clock_offset;
- }
-
- sc = &pit->channels[0];
- sc->next_transition_time =
- pit_get_next_transition_time(sc, sc->count_load_time);
-}
-
-static void kvm_pit_put(PITCommonState *pit)
-{
- KVMPITState *s = DO_UPCAST(KVMPITState, pit, pit);
- struct kvm_pit_state2 kpit;
- struct kvm_pit_channel_state *kchan;
- struct PITChannelState *sc;
- int i, ret;
-
- /* The offset keeps changing as long as the VM is stopped. */
- if (s->vm_stopped) {
- kvm_pit_update_clock_offset(s);
- }
-
- kpit.flags = pit->channels[0].irq_disabled ? KVM_PIT_FLAGS_HPET_LEGACY : 0;
- for (i = 0; i < 3; i++) {
- kchan = &kpit.channels[i];
- sc = &pit->channels[i];
- kchan->count = sc->count;
- kchan->latched_count = sc->latched_count;
- kchan->count_latched = sc->count_latched;
- kchan->status_latched = sc->status_latched;
- kchan->status = sc->status;
- kchan->read_state = sc->read_state;
- kchan->write_state = sc->write_state;
- kchan->write_latch = sc->write_latch;
- kchan->rw_mode = sc->rw_mode;
- kchan->mode = sc->mode;
- kchan->bcd = sc->bcd;
- kchan->gate = sc->gate;
- kchan->count_load_time = sc->count_load_time - s->kernel_clock_offset;
- }
-
- ret = kvm_vm_ioctl(kvm_state,
- kvm_has_pit_state2() ? KVM_SET_PIT2 : KVM_SET_PIT,
- &kpit);
- if (ret < 0) {
- fprintf(stderr, "%s failed: %s\n",
- kvm_has_pit_state2() ? "KVM_SET_PIT2" : "KVM_SET_PIT",
- strerror(ret));
- abort();
- }
-}
-
-static void kvm_pit_set_gate(PITCommonState *s, PITChannelState *sc, int val)
-{
- kvm_pit_get(s);
-
- switch (sc->mode) {
- default:
- case 0:
- case 4:
- /* XXX: just disable/enable counting */
- break;
- case 1:
- case 2:
- case 3:
- case 5:
- if (sc->gate < val) {
- /* restart counting on rising edge */
- sc->count_load_time = qemu_get_clock_ns(vm_clock);
- }
- break;
- }
- sc->gate = val;
-
- kvm_pit_put(s);
-}
-
-static void kvm_pit_get_channel_info(PITCommonState *s, PITChannelState *sc,
- PITChannelInfo *info)
-{
- kvm_pit_get(s);
-
- pit_get_channel_info_common(s, sc, info);
-}
-
-static void kvm_pit_reset(DeviceState *dev)
-{
- PITCommonState *s = DO_UPCAST(PITCommonState, dev.qdev, dev);
-
- pit_reset_common(s);
-
- kvm_pit_put(s);
-}
-
-static void kvm_pit_irq_control(void *opaque, int n, int enable)
-{
- PITCommonState *pit = opaque;
- PITChannelState *s = &pit->channels[0];
-
- kvm_pit_get(pit);
-
- s->irq_disabled = !enable;
-
- kvm_pit_put(pit);
-}
-
-static void kvm_pit_vm_state_change(void *opaque, int running,
- RunState state)
-{
- KVMPITState *s = opaque;
-
- if (running) {
- kvm_pit_update_clock_offset(s);
- s->vm_stopped = false;
- } else {
- kvm_pit_update_clock_offset(s);
- kvm_pit_get(&s->pit);
- s->vm_stopped = true;
- }
-}
-
-static int kvm_pit_initfn(PITCommonState *pit)
-{
- KVMPITState *s = DO_UPCAST(KVMPITState, pit, pit);
- struct kvm_pit_config config = {
- .flags = 0,
- };
- int ret;
-
- if (kvm_check_extension(kvm_state, KVM_CAP_PIT2)) {
- ret = kvm_vm_ioctl(kvm_state, KVM_CREATE_PIT2, &config);
- } else {
- ret = kvm_vm_ioctl(kvm_state, KVM_CREATE_PIT);
- }
- if (ret < 0) {
- fprintf(stderr, "Create kernel PIC irqchip failed: %s\n",
- strerror(ret));
- return ret;
- }
- switch (s->lost_tick_policy) {
- case LOST_TICK_DELAY:
- break; /* enabled by default */
- case LOST_TICK_DISCARD:
- if (kvm_check_extension(kvm_state, KVM_CAP_REINJECT_CONTROL)) {
- struct kvm_reinject_control control = { .pit_reinject = 0 };
-
- ret = kvm_vm_ioctl(kvm_state, KVM_REINJECT_CONTROL, &control);
- if (ret < 0) {
- fprintf(stderr,
- "Can't disable in-kernel PIT reinjection: %s\n",
- strerror(ret));
- return ret;
- }
- }
- break;
- default:
- return -EINVAL;
- }
-
- memory_region_init_reservation(&pit->ioports, "kvm-pit", 4);
-
- qdev_init_gpio_in(&pit->dev.qdev, kvm_pit_irq_control, 1);
-
- qemu_add_vm_change_state_handler(kvm_pit_vm_state_change, s);
-
- return 0;
-}
-
-static Property kvm_pit_properties[] = {
- DEFINE_PROP_HEX32("iobase", KVMPITState, pit.iobase, -1),
- DEFINE_PROP_LOSTTICKPOLICY("lost_tick_policy", KVMPITState,
- lost_tick_policy, LOST_TICK_DELAY),
- DEFINE_PROP_END_OF_LIST(),
-};
-
-static void kvm_pit_class_init(ObjectClass *klass, void *data)
-{
- PITCommonClass *k = PIT_COMMON_CLASS(klass);
- DeviceClass *dc = DEVICE_CLASS(klass);
-
- k->init = kvm_pit_initfn;
- k->set_channel_gate = kvm_pit_set_gate;
- k->get_channel_info = kvm_pit_get_channel_info;
- k->pre_save = kvm_pit_get;
- k->post_load = kvm_pit_put;
- dc->reset = kvm_pit_reset;
- dc->props = kvm_pit_properties;
-}
-
-static TypeInfo kvm_pit_info = {
- .name = "kvm-pit",
- .parent = TYPE_PIT_COMMON,
- .instance_size = sizeof(KVMPITState),
- .class_init = kvm_pit_class_init,
-};
-
-static void kvm_pit_register(void)
-{
- type_register_static(&kvm_pit_info);
-}
-
-type_init(kvm_pit_register)
diff --git a/hw/kvm/i8259.c b/hw/kvm/i8259.c
deleted file mode 100644
index 1e24cd4f3..000000000
--- a/hw/kvm/i8259.c
+++ /dev/null
@@ -1,138 +0,0 @@
-/*
- * KVM in-kernel PIC (i8259) support
- *
- * Copyright (c) 2011 Siemens AG
- *
- * Authors:
- * Jan Kiszka <jan.kiszka@siemens.com>
- *
- * This work is licensed under the terms of the GNU GPL version 2.
- * See the COPYING file in the top-level directory.
- */
-#include "hw/i8259_internal.h"
-#include "hw/apic_internal.h"
-#include "kvm.h"
-
-static void kvm_pic_get(PICCommonState *s)
-{
- struct kvm_irqchip chip;
- struct kvm_pic_state *kpic;
- int ret;
-
- chip.chip_id = s->master ? KVM_IRQCHIP_PIC_MASTER : KVM_IRQCHIP_PIC_SLAVE;
- ret = kvm_vm_ioctl(kvm_state, KVM_GET_IRQCHIP, &chip);
- if (ret < 0) {
- fprintf(stderr, "KVM_GET_IRQCHIP failed: %s\n", strerror(ret));
- abort();
- }
-
- kpic = &chip.chip.pic;
-
- s->last_irr = kpic->last_irr;
- s->irr = kpic->irr;
- s->imr = kpic->imr;
- s->isr = kpic->isr;
- s->priority_add = kpic->priority_add;
- s->irq_base = kpic->irq_base;
- s->read_reg_select = kpic->read_reg_select;
- s->poll = kpic->poll;
- s->special_mask = kpic->special_mask;
- s->init_state = kpic->init_state;
- s->auto_eoi = kpic->auto_eoi;
- s->rotate_on_auto_eoi = kpic->rotate_on_auto_eoi;
- s->special_fully_nested_mode = kpic->special_fully_nested_mode;
- s->init4 = kpic->init4;
- s->elcr = kpic->elcr;
- s->elcr_mask = kpic->elcr_mask;
-}
-
-static void kvm_pic_put(PICCommonState *s)
-{
- struct kvm_irqchip chip;
- struct kvm_pic_state *kpic;
- int ret;
-
- chip.chip_id = s->master ? KVM_IRQCHIP_PIC_MASTER : KVM_IRQCHIP_PIC_SLAVE;
-
- kpic = &chip.chip.pic;
-
- kpic->last_irr = s->last_irr;
- kpic->irr = s->irr;
- kpic->imr = s->imr;
- kpic->isr = s->isr;
- kpic->priority_add = s->priority_add;
- kpic->irq_base = s->irq_base;
- kpic->read_reg_select = s->read_reg_select;
- kpic->poll = s->poll;
- kpic->special_mask = s->special_mask;
- kpic->init_state = s->init_state;
- kpic->auto_eoi = s->auto_eoi;
- kpic->rotate_on_auto_eoi = s->rotate_on_auto_eoi;
- kpic->special_fully_nested_mode = s->special_fully_nested_mode;
- kpic->init4 = s->init4;
- kpic->elcr = s->elcr;
- kpic->elcr_mask = s->elcr_mask;
-
- ret = kvm_vm_ioctl(kvm_state, KVM_SET_IRQCHIP, &chip);
- if (ret < 0) {
- fprintf(stderr, "KVM_GET_IRQCHIP failed: %s\n", strerror(ret));
- abort();
- }
-}
-
-static void kvm_pic_reset(DeviceState *dev)
-{
- PICCommonState *s = DO_UPCAST(PICCommonState, dev.qdev, dev);
-
- s->elcr = 0;
- pic_reset_common(s);
-
- kvm_pic_put(s);
-}
-
-static void kvm_pic_set_irq(void *opaque, int irq, int level)
-{
- int delivered;
-
- delivered = kvm_set_irq(kvm_state, irq, level);
- apic_report_irq_delivered(delivered);
-}
-
-static void kvm_pic_init(PICCommonState *s)
-{
- memory_region_init_reservation(&s->base_io, "kvm-pic", 2);
- memory_region_init_reservation(&s->elcr_io, "kvm-elcr", 1);
-}
-
-qemu_irq *kvm_i8259_init(ISABus *bus)
-{
- i8259_init_chip("kvm-i8259", bus, true);
- i8259_init_chip("kvm-i8259", bus, false);
-
- return qemu_allocate_irqs(kvm_pic_set_irq, NULL, ISA_NUM_IRQS);
-}
-
-static void kvm_i8259_class_init(ObjectClass *klass, void *data)
-{
- PICCommonClass *k = PIC_COMMON_CLASS(klass);
- DeviceClass *dc = DEVICE_CLASS(klass);
-
- dc->reset = kvm_pic_reset;
- k->init = kvm_pic_init;
- k->pre_save = kvm_pic_get;
- k->post_load = kvm_pic_put;
-}
-
-static TypeInfo kvm_i8259_info = {
- .name = "kvm-i8259",
- .parent = TYPE_PIC_COMMON,
- .instance_size = sizeof(PICCommonState),
- .class_init = kvm_i8259_class_init,
-};
-
-static void kvm_pic_register_types(void)
-{
- type_register_static(&kvm_i8259_info);
-}
-
-type_init(kvm_pic_register_types)
diff --git a/hw/kvm/ioapic.c b/hw/kvm/ioapic.c
deleted file mode 100644
index f95c15759..000000000
--- a/hw/kvm/ioapic.c
+++ /dev/null
@@ -1,165 +0,0 @@
-/*
- * KVM in-kernel IOPIC support
- *
- * Copyright (c) 2011 Siemens AG
- *
- * Authors:
- * Jan Kiszka <jan.kiszka@siemens.com>
- *
- * This work is licensed under the terms of the GNU GPL version 2.
- * See the COPYING file in the top-level directory.
- */
-
-#include "hw/pc.h"
-#include "hw/ioapic_internal.h"
-#include "hw/apic_internal.h"
-#include "kvm.h"
-
-/* PC Utility function */
-void kvm_pc_setup_irq_routing(bool pci_enabled)
-{
- KVMState *s = kvm_state;
- int i;
-
- if (kvm_check_extension(s, KVM_CAP_IRQ_ROUTING)) {
- for (i = 0; i < 8; ++i) {
- if (i == 2) {
- continue;
- }
- kvm_irqchip_add_irq_route(s, i, KVM_IRQCHIP_PIC_MASTER, i);
- }
- for (i = 8; i < 16; ++i) {
- kvm_irqchip_add_irq_route(s, i, KVM_IRQCHIP_PIC_SLAVE, i - 8);
- }
- if (pci_enabled) {
- for (i = 0; i < 24; ++i) {
- if (i == 0) {
- kvm_irqchip_add_irq_route(s, i, KVM_IRQCHIP_IOAPIC, 2);
- } else if (i != 2) {
- kvm_irqchip_add_irq_route(s, i, KVM_IRQCHIP_IOAPIC, i);
- }
- }
- }
- }
-}
-
-void kvm_pc_gsi_handler(void *opaque, int n, int level)
-{
- GSIState *s = opaque;
-
- if (n < ISA_NUM_IRQS) {
- /* Kernel will forward to both PIC and IOAPIC */
- qemu_set_irq(s->i8259_irq[n], level);
- } else {
- qemu_set_irq(s->ioapic_irq[n], level);
- }
-}
-
-typedef struct KVMIOAPICState KVMIOAPICState;
-
-struct KVMIOAPICState {
- IOAPICCommonState ioapic;
- uint32_t kvm_gsi_base;
-};
-
-static void kvm_ioapic_get(IOAPICCommonState *s)
-{
- struct kvm_irqchip chip;
- struct kvm_ioapic_state *kioapic;
- int ret, i;
-
- chip.chip_id = KVM_IRQCHIP_IOAPIC;
- ret = kvm_vm_ioctl(kvm_state, KVM_GET_IRQCHIP, &chip);
- if (ret < 0) {
- fprintf(stderr, "KVM_GET_IRQCHIP failed: %s\n", strerror(ret));
- abort();
- }
-
- kioapic = &chip.chip.ioapic;
-
- s->id = kioapic->id;
- s->ioregsel = kioapic->ioregsel;
- s->irr = kioapic->irr;
- for (i = 0; i < IOAPIC_NUM_PINS; i++) {
- s->ioredtbl[i] = kioapic->redirtbl[i].bits;
- }
-}
-
-static void kvm_ioapic_put(IOAPICCommonState *s)
-{
- struct kvm_irqchip chip;
- struct kvm_ioapic_state *kioapic;
- int ret, i;
-
- chip.chip_id = KVM_IRQCHIP_IOAPIC;
- kioapic = &chip.chip.ioapic;
-
- kioapic->id = s->id;
- kioapic->ioregsel = s->ioregsel;
- kioapic->base_address = s->busdev.mmio[0].addr;
- kioapic->irr = s->irr;
- for (i = 0; i < IOAPIC_NUM_PINS; i++) {
- kioapic->redirtbl[i].bits = s->ioredtbl[i];
- }
-
- ret = kvm_vm_ioctl(kvm_state, KVM_SET_IRQCHIP, &chip);
- if (ret < 0) {
- fprintf(stderr, "KVM_GET_IRQCHIP failed: %s\n", strerror(ret));
- abort();
- }
-}
-
-static void kvm_ioapic_reset(DeviceState *dev)
-{
- IOAPICCommonState *s = DO_UPCAST(IOAPICCommonState, busdev.qdev, dev);
-
- ioapic_reset_common(dev);
- kvm_ioapic_put(s);
-}
-
-static void kvm_ioapic_set_irq(void *opaque, int irq, int level)
-{
- KVMIOAPICState *s = opaque;
- int delivered;
-
- delivered = kvm_set_irq(kvm_state, s->kvm_gsi_base + irq, level);
- apic_report_irq_delivered(delivered);
-}
-
-static void kvm_ioapic_init(IOAPICCommonState *s, int instance_no)
-{
- memory_region_init_reservation(&s->io_memory, "kvm-ioapic", 0x1000);
-
- qdev_init_gpio_in(&s->busdev.qdev, kvm_ioapic_set_irq, IOAPIC_NUM_PINS);
-}
-
-static Property kvm_ioapic_properties[] = {
- DEFINE_PROP_UINT32("gsi_base", KVMIOAPICState, kvm_gsi_base, 0),
- DEFINE_PROP_END_OF_LIST()
-};
-
-static void kvm_ioapic_class_init(ObjectClass *klass, void *data)
-{
- IOAPICCommonClass *k = IOAPIC_COMMON_CLASS(klass);
- DeviceClass *dc = DEVICE_CLASS(klass);
-
- k->init = kvm_ioapic_init;
- k->pre_save = kvm_ioapic_get;
- k->post_load = kvm_ioapic_put;
- dc->reset = kvm_ioapic_reset;
- dc->props = kvm_ioapic_properties;
-}
-
-static TypeInfo kvm_ioapic_info = {
- .name = "kvm-ioapic",
- .parent = TYPE_IOAPIC_COMMON,
- .instance_size = sizeof(KVMIOAPICState),
- .class_init = kvm_ioapic_class_init,
-};
-
-static void kvm_ioapic_register_types(void)
-{
- type_register_static(&kvm_ioapic_info);
-}
-
-type_init(kvm_ioapic_register_types)
diff --git a/hw/kvm/pci-assign.c b/hw/kvm/pci-assign.c
deleted file mode 100644
index e80dad009..000000000
--- a/hw/kvm/pci-assign.c
+++ /dev/null
@@ -1,1905 +0,0 @@
-/*
- * Copyright (c) 2007, Neocleus Corporation.
- *
- * This work is licensed under the terms of the GNU GPL, version 2. See
- * the COPYING file in the top-level directory.
- *
- *
- * Assign a PCI device from the host to a guest VM.
- *
- * This implementation uses the classic device assignment interface of KVM
- * and is only available on x86 hosts. It is expected to be obsoleted by VFIO
- * based device assignment.
- *
- * Adapted for KVM (qemu-kvm) by Qumranet. QEMU version was based on qemu-kvm
- * revision 4144fe9d48. See its repository for the history.
- *
- * Copyright (c) 2007, Neocleus, Alex Novik (alex@neocleus.com)
- * Copyright (c) 2007, Neocleus, Guy Zana (guy@neocleus.com)
- * Copyright (C) 2008, Qumranet, Amit Shah (amit.shah@qumranet.com)
- * Copyright (C) 2008, Red Hat, Amit Shah (amit.shah@redhat.com)
- * Copyright (C) 2008, IBM, Muli Ben-Yehuda (muli@il.ibm.com)
- */
-#include <stdio.h>
-#include <unistd.h>
-#include <sys/io.h>
-#include <sys/mman.h>
-#include <sys/types.h>
-#include <sys/stat.h>
-#include "hw/hw.h"
-#include "hw/pc.h"
-#include "qemu-error.h"
-#include "console.h"
-#include "hw/loader.h"
-#include "monitor.h"
-#include "range.h"
-#include "sysemu.h"
-#include "hw/pci.h"
-#include "hw/msi.h"
-#include "kvm_i386.h"
-
-#define MSIX_PAGE_SIZE 0x1000
-
-/* From linux/ioport.h */
-#define IORESOURCE_IO 0x00000100 /* Resource type */
-#define IORESOURCE_MEM 0x00000200
-#define IORESOURCE_IRQ 0x00000400
-#define IORESOURCE_DMA 0x00000800
-#define IORESOURCE_PREFETCH 0x00002000 /* No side effects */
-
-//#define DEVICE_ASSIGNMENT_DEBUG
-
-#ifdef DEVICE_ASSIGNMENT_DEBUG
-#define DEBUG(fmt, ...) \
- do { \
- fprintf(stderr, "%s: " fmt, __func__ , __VA_ARGS__); \
- } while (0)
-#else
-#define DEBUG(fmt, ...)
-#endif
-
-typedef struct PCIRegion {
- int type; /* Memory or port I/O */
- int valid;
- uint64_t base_addr;
- uint64_t size; /* size of the region */
- int resource_fd;
-} PCIRegion;
-
-typedef struct PCIDevRegions {
- uint8_t bus, dev, func; /* Bus inside domain, device and function */
- int irq; /* IRQ number */
- uint16_t region_number; /* number of active regions */
-
- /* Port I/O or MMIO Regions */
- PCIRegion regions[PCI_NUM_REGIONS - 1];
- int config_fd;
-} PCIDevRegions;
-
-typedef struct AssignedDevRegion {
- MemoryRegion container;
- MemoryRegion real_iomem;
- union {
- uint8_t *r_virtbase; /* mmapped access address for memory regions */
- uint32_t r_baseport; /* the base guest port for I/O regions */
- } u;
- pcibus_t e_size; /* emulated size of region in bytes */
- pcibus_t r_size; /* real size of region in bytes */
- PCIRegion *region;
-} AssignedDevRegion;
-
-#define ASSIGNED_DEVICE_PREFER_MSI_BIT 0
-#define ASSIGNED_DEVICE_SHARE_INTX_BIT 1
-
-#define ASSIGNED_DEVICE_PREFER_MSI_MASK (1 << ASSIGNED_DEVICE_PREFER_MSI_BIT)
-#define ASSIGNED_DEVICE_SHARE_INTX_MASK (1 << ASSIGNED_DEVICE_SHARE_INTX_BIT)
-
-typedef struct MSIXTableEntry {
- uint32_t addr_lo;
- uint32_t addr_hi;
- uint32_t data;
- uint32_t ctrl;
-} MSIXTableEntry;
-
-typedef enum AssignedIRQType {
- ASSIGNED_IRQ_NONE = 0,
- ASSIGNED_IRQ_INTX_HOST_INTX,
- ASSIGNED_IRQ_INTX_HOST_MSI,
- ASSIGNED_IRQ_MSI,
- ASSIGNED_IRQ_MSIX
-} AssignedIRQType;
-
-typedef struct AssignedDevice {
- PCIDevice dev;
- PCIHostDeviceAddress host;
- uint32_t dev_id;
- uint32_t features;
- int intpin;
- AssignedDevRegion v_addrs[PCI_NUM_REGIONS - 1];
- PCIDevRegions real_device;
- PCIINTxRoute intx_route;
- AssignedIRQType assigned_irq_type;
- struct {
-#define ASSIGNED_DEVICE_CAP_MSI (1 << 0)
-#define ASSIGNED_DEVICE_CAP_MSIX (1 << 1)
- uint32_t available;
-#define ASSIGNED_DEVICE_MSI_ENABLED (1 << 0)
-#define ASSIGNED_DEVICE_MSIX_ENABLED (1 << 1)
-#define ASSIGNED_DEVICE_MSIX_MASKED (1 << 2)
- uint32_t state;
- } cap;
- uint8_t emulate_config_read[PCI_CONFIG_SPACE_SIZE];
- uint8_t emulate_config_write[PCI_CONFIG_SPACE_SIZE];
- int msi_virq_nr;
- int *msi_virq;
- MSIXTableEntry *msix_table;
- hwaddr msix_table_addr;
- uint16_t msix_max;
- MemoryRegion mmio;
- char *configfd_name;
- int32_t bootindex;
-} AssignedDevice;
-
-static void assigned_dev_update_irq_routing(PCIDevice *dev);
-
-static void assigned_dev_load_option_rom(AssignedDevice *dev);
-
-static void assigned_dev_unregister_msix_mmio(AssignedDevice *dev);
-
-static uint64_t assigned_dev_ioport_rw(AssignedDevRegion *dev_region,
- hwaddr addr, int size,
- uint64_t *data)
-{
- uint64_t val = 0;
- int fd = dev_region->region->resource_fd;
-
- if (fd >= 0) {
- if (data) {
- DEBUG("pwrite data=%" PRIx64 ", size=%d, e_phys=" TARGET_FMT_plx
- ", addr="TARGET_FMT_plx"\n", *data, size, addr, addr);
- if (pwrite(fd, data, size, addr) != size) {
- error_report("%s - pwrite failed %s",
- __func__, strerror(errno));
- }
- } else {
- if (pread(fd, &val, size, addr) != size) {
- error_report("%s - pread failed %s",
- __func__, strerror(errno));
- val = (1UL << (size * 8)) - 1;
- }
- DEBUG("pread val=%" PRIx64 ", size=%d, e_phys=" TARGET_FMT_plx
- ", addr=" TARGET_FMT_plx "\n", val, size, addr, addr);
- }
- } else {
- uint32_t port = addr + dev_region->u.r_baseport;
-
- if (data) {
- DEBUG("out data=%" PRIx64 ", size=%d, e_phys=" TARGET_FMT_plx
- ", host=%x\n", *data, size, addr, port);
- switch (size) {
- case 1:
- outb(*data, port);
- break;
- case 2:
- outw(*data, port);
- break;
- case 4:
- outl(*data, port);
- break;
- }
- } else {
- switch (size) {
- case 1:
- val = inb(port);
- break;
- case 2:
- val = inw(port);
- break;
- case 4:
- val = inl(port);
- break;
- }
- DEBUG("in data=%" PRIx64 ", size=%d, e_phys=" TARGET_FMT_plx
- ", host=%x\n", val, size, addr, port);
- }
- }
- return val;
-}
-
-static void assigned_dev_ioport_write(void *opaque, hwaddr addr,
- uint64_t data, unsigned size)
-{
- assigned_dev_ioport_rw(opaque, addr, size, &data);
-}
-
-static uint64_t assigned_dev_ioport_read(void *opaque,
- hwaddr addr, unsigned size)
-{
- return assigned_dev_ioport_rw(opaque, addr, size, NULL);
-}
-
-static uint32_t slow_bar_readb(void *opaque, hwaddr addr)
-{
- AssignedDevRegion *d = opaque;
- uint8_t *in = d->u.r_virtbase + addr;
- uint32_t r;
-
- r = *in;
- DEBUG("slow_bar_readl addr=0x" TARGET_FMT_plx " val=0x%08x\n", addr, r);
-
- return r;
-}
-
-static uint32_t slow_bar_readw(void *opaque, hwaddr addr)
-{
- AssignedDevRegion *d = opaque;
- uint16_t *in = (uint16_t *)(d->u.r_virtbase + addr);
- uint32_t r;
-
- r = *in;
- DEBUG("slow_bar_readl addr=0x" TARGET_FMT_plx " val=0x%08x\n", addr, r);
-
- return r;
-}
-
-static uint32_t slow_bar_readl(void *opaque, hwaddr addr)
-{
- AssignedDevRegion *d = opaque;
- uint32_t *in = (uint32_t *)(d->u.r_virtbase + addr);
- uint32_t r;
-
- r = *in;
- DEBUG("slow_bar_readl addr=0x" TARGET_FMT_plx " val=0x%08x\n", addr, r);
-
- return r;
-}
-
-static void slow_bar_writeb(void *opaque, hwaddr addr, uint32_t val)
-{
- AssignedDevRegion *d = opaque;
- uint8_t *out = d->u.r_virtbase + addr;
-
- DEBUG("slow_bar_writeb addr=0x" TARGET_FMT_plx " val=0x%02x\n", addr, val);
- *out = val;
-}
-
-static void slow_bar_writew(void *opaque, hwaddr addr, uint32_t val)
-{
- AssignedDevRegion *d = opaque;
- uint16_t *out = (uint16_t *)(d->u.r_virtbase + addr);
-
- DEBUG("slow_bar_writew addr=0x" TARGET_FMT_plx " val=0x%04x\n", addr, val);
- *out = val;
-}
-
-static void slow_bar_writel(void *opaque, hwaddr addr, uint32_t val)
-{
- AssignedDevRegion *d = opaque;
- uint32_t *out = (uint32_t *)(d->u.r_virtbase + addr);
-
- DEBUG("slow_bar_writel addr=0x" TARGET_FMT_plx " val=0x%08x\n", addr, val);
- *out = val;
-}
-
-static const MemoryRegionOps slow_bar_ops = {
- .old_mmio = {
- .read = { slow_bar_readb, slow_bar_readw, slow_bar_readl, },
- .write = { slow_bar_writeb, slow_bar_writew, slow_bar_writel, },
- },
- .endianness = DEVICE_NATIVE_ENDIAN,
-};
-
-static void assigned_dev_iomem_setup(PCIDevice *pci_dev, int region_num,
- pcibus_t e_size)
-{
- AssignedDevice *r_dev = DO_UPCAST(AssignedDevice, dev, pci_dev);
- AssignedDevRegion *region = &r_dev->v_addrs[region_num];
- PCIRegion *real_region = &r_dev->real_device.regions[region_num];
-
- if (e_size > 0) {
- memory_region_init(&region->container, "assigned-dev-container",
- e_size);
- memory_region_add_subregion(&region->container, 0, &region->real_iomem);
-
- /* deal with MSI-X MMIO page */
- if (real_region->base_addr <= r_dev->msix_table_addr &&
- real_region->base_addr + real_region->size >
- r_dev->msix_table_addr) {
- uint64_t offset = r_dev->msix_table_addr - real_region->base_addr;
-
- memory_region_add_subregion_overlap(&region->container,
- offset,
- &r_dev->mmio,
- 1);
- }
- }
-}
-
-static const MemoryRegionOps assigned_dev_ioport_ops = {
- .read = assigned_dev_ioport_read,
- .write = assigned_dev_ioport_write,
- .endianness = DEVICE_NATIVE_ENDIAN,
-};
-
-static void assigned_dev_ioport_setup(PCIDevice *pci_dev, int region_num,
- pcibus_t size)
-{
- AssignedDevice *r_dev = DO_UPCAST(AssignedDevice, dev, pci_dev);
- AssignedDevRegion *region = &r_dev->v_addrs[region_num];
-
- region->e_size = size;
- memory_region_init(&region->container, "assigned-dev-container", size);
- memory_region_init_io(&region->real_iomem, &assigned_dev_ioport_ops,
- r_dev->v_addrs + region_num,
- "assigned-dev-iomem", size);
- memory_region_add_subregion(&region->container, 0, &region->real_iomem);
-}
-
-static uint32_t assigned_dev_pci_read(PCIDevice *d, int pos, int len)
-{
- AssignedDevice *pci_dev = DO_UPCAST(AssignedDevice, dev, d);
- uint32_t val;
- ssize_t ret;
- int fd = pci_dev->real_device.config_fd;
-
-again:
- ret = pread(fd, &val, len, pos);
- if (ret != len) {
- if ((ret < 0) && (errno == EINTR || errno == EAGAIN)) {
- goto again;
- }
-
- hw_error("pci read failed, ret = %zd errno = %d\n", ret, errno);
- }
-
- return val;
-}
-
-static uint8_t assigned_dev_pci_read_byte(PCIDevice *d, int pos)
-{
- return (uint8_t)assigned_dev_pci_read(d, pos, 1);
-}
-
-static void assigned_dev_pci_write(PCIDevice *d, int pos, uint32_t val, int len)
-{
- AssignedDevice *pci_dev = DO_UPCAST(AssignedDevice, dev, d);
- ssize_t ret;
- int fd = pci_dev->real_device.config_fd;
-
-again:
- ret = pwrite(fd, &val, len, pos);
- if (ret != len) {
- if ((ret < 0) && (errno == EINTR || errno == EAGAIN)) {
- goto again;
- }
-
- hw_error("pci write failed, ret = %zd errno = %d\n", ret, errno);
- }
-}
-
-static void assigned_dev_emulate_config_read(AssignedDevice *dev,
- uint32_t offset, uint32_t len)
-{
- memset(dev->emulate_config_read + offset, 0xff, len);
-}
-
-static void assigned_dev_direct_config_read(AssignedDevice *dev,
- uint32_t offset, uint32_t len)
-{
- memset(dev->emulate_config_read + offset, 0, len);
-}
-
-static void assigned_dev_direct_config_write(AssignedDevice *dev,
- uint32_t offset, uint32_t len)
-{
- memset(dev->emulate_config_write + offset, 0, len);
-}
-
-static uint8_t pci_find_cap_offset(PCIDevice *d, uint8_t cap, uint8_t start)
-{
- int id;
- int max_cap = 48;
- int pos = start ? start : PCI_CAPABILITY_LIST;
- int status;
-
- status = assigned_dev_pci_read_byte(d, PCI_STATUS);
- if ((status & PCI_STATUS_CAP_LIST) == 0) {
- return 0;
- }
-
- while (max_cap--) {
- pos = assigned_dev_pci_read_byte(d, pos);
- if (pos < 0x40) {
- break;
- }
-
- pos &= ~3;
- id = assigned_dev_pci_read_byte(d, pos + PCI_CAP_LIST_ID);
-
- if (id == 0xff) {
- break;
- }
- if (id == cap) {
- return pos;
- }
-
- pos += PCI_CAP_LIST_NEXT;
- }
- return 0;
-}
-
-static int assigned_dev_register_regions(PCIRegion *io_regions,
- unsigned long regions_num,
- AssignedDevice *pci_dev)
-{
- uint32_t i;
- PCIRegion *cur_region = io_regions;
-
- for (i = 0; i < regions_num; i++, cur_region++) {
- if (!cur_region->valid) {
- continue;
- }
-
- /* handle memory io regions */
- if (cur_region->type & IORESOURCE_MEM) {
- int t = cur_region->type & IORESOURCE_PREFETCH
- ? PCI_BASE_ADDRESS_MEM_PREFETCH
- : PCI_BASE_ADDRESS_SPACE_MEMORY;
-
- /* map physical memory */
- pci_dev->v_addrs[i].u.r_virtbase = mmap(NULL, cur_region->size,
- PROT_WRITE | PROT_READ,
- MAP_SHARED,
- cur_region->resource_fd,
- (off_t)0);
-
- if (pci_dev->v_addrs[i].u.r_virtbase == MAP_FAILED) {
- pci_dev->v_addrs[i].u.r_virtbase = NULL;
- error_report("%s: Error: Couldn't mmap 0x%" PRIx64 "!",
- __func__, cur_region->base_addr);
- return -1;
- }
-
- pci_dev->v_addrs[i].r_size = cur_region->size;
- pci_dev->v_addrs[i].e_size = 0;
-
- /* add offset */
- pci_dev->v_addrs[i].u.r_virtbase +=
- (cur_region->base_addr & 0xFFF);
-
- if (cur_region->size & 0xFFF) {
- error_report("PCI region %d at address 0x%" PRIx64 " has "
- "size 0x%" PRIx64 ", which is not a multiple of "
- "4K. You might experience some performance hit "
- "due to that.",
- i, cur_region->base_addr, cur_region->size);
- memory_region_init_io(&pci_dev->v_addrs[i].real_iomem,
- &slow_bar_ops, &pci_dev->v_addrs[i],
- "assigned-dev-slow-bar",
- cur_region->size);
- } else {
- void *virtbase = pci_dev->v_addrs[i].u.r_virtbase;
- char name[32];
- snprintf(name, sizeof(name), "%s.bar%d",
- object_get_typename(OBJECT(pci_dev)), i);
- memory_region_init_ram_ptr(&pci_dev->v_addrs[i].real_iomem,
- name, cur_region->size,
- virtbase);
- vmstate_register_ram(&pci_dev->v_addrs[i].real_iomem,
- &pci_dev->dev.qdev);
- }
-
- assigned_dev_iomem_setup(&pci_dev->dev, i, cur_region->size);
- pci_register_bar((PCIDevice *) pci_dev, i, t,
- &pci_dev->v_addrs[i].container);
- continue;
- } else {
- /* handle port io regions */
- uint32_t val;
- int ret;
-
- /* Test kernel support for ioport resource read/write. Old
- * kernels return EIO. New kernels only allow 1/2/4 byte reads
- * so should return EINVAL for a 3 byte read */
- ret = pread(pci_dev->v_addrs[i].region->resource_fd, &val, 3, 0);
- if (ret >= 0) {
- error_report("Unexpected return from I/O port read: %d", ret);
- abort();
- } else if (errno != EINVAL) {
- error_report("Kernel doesn't support ioport resource "
- "access, hiding this region.");
- close(pci_dev->v_addrs[i].region->resource_fd);
- cur_region->valid = 0;
- continue;
- }
-
- pci_dev->v_addrs[i].u.r_baseport = cur_region->base_addr;
- pci_dev->v_addrs[i].r_size = cur_region->size;
- pci_dev->v_addrs[i].e_size = 0;
-
- assigned_dev_ioport_setup(&pci_dev->dev, i, cur_region->size);
- pci_register_bar((PCIDevice *) pci_dev, i,
- PCI_BASE_ADDRESS_SPACE_IO,
- &pci_dev->v_addrs[i].container);
- }
- }
-
- /* success */
- return 0;
-}
-
-static int get_real_id(const char *devpath, const char *idname, uint16_t *val)
-{
- FILE *f;
- char name[128];
- long id;
-
- snprintf(name, sizeof(name), "%s%s", devpath, idname);
- f = fopen(name, "r");
- if (f == NULL) {
- error_report("%s: %s: %m", __func__, name);
- return -1;
- }
- if (fscanf(f, "%li\n", &id) == 1) {
- *val = id;
- } else {
- return -1;
- }
- fclose(f);
-
- return 0;
-}
-
-static int get_real_vendor_id(const char *devpath, uint16_t *val)
-{
- return get_real_id(devpath, "vendor", val);
-}
-
-static int get_real_device_id(const char *devpath, uint16_t *val)
-{
- return get_real_id(devpath, "device", val);
-}
-
-static int get_real_device(AssignedDevice *pci_dev, uint16_t r_seg,
- uint8_t r_bus, uint8_t r_dev, uint8_t r_func)
-{
- char dir[128], name[128];
- int fd, r = 0, v;
- FILE *f;
- uint64_t start, end, size, flags;
- uint16_t id;
- PCIRegion *rp;
- PCIDevRegions *dev = &pci_dev->real_device;
-
- dev->region_number = 0;
-
- snprintf(dir, sizeof(dir), "/sys/bus/pci/devices/%04x:%02x:%02x.%x/",
- r_seg, r_bus, r_dev, r_func);
-
- snprintf(name, sizeof(name), "%sconfig", dir);
-
- if (pci_dev->configfd_name && *pci_dev->configfd_name) {
- dev->config_fd = monitor_handle_fd_param(cur_mon, pci_dev->configfd_name);
- if (dev->config_fd < 0) {
- return 1;
- }
- } else {
- dev->config_fd = open(name, O_RDWR);
-
- if (dev->config_fd == -1) {
- error_report("%s: %s: %m", __func__, name);
- return 1;
- }
- }
-again:
- r = read(dev->config_fd, pci_dev->dev.config,
- pci_config_size(&pci_dev->dev));
- if (r < 0) {
- if (errno == EINTR || errno == EAGAIN) {
- goto again;
- }
- error_report("%s: read failed, errno = %d", __func__, errno);
- }
-
- /* Restore or clear multifunction, this is always controlled by qemu */
- if (pci_dev->dev.cap_present & QEMU_PCI_CAP_MULTIFUNCTION) {
- pci_dev->dev.config[PCI_HEADER_TYPE] |= PCI_HEADER_TYPE_MULTI_FUNCTION;
- } else {
- pci_dev->dev.config[PCI_HEADER_TYPE] &= ~PCI_HEADER_TYPE_MULTI_FUNCTION;
- }
-
- /* Clear host resource mapping info. If we choose not to register a
- * BAR, such as might be the case with the option ROM, we can get
- * confusing, unwritable, residual addresses from the host here. */
- memset(&pci_dev->dev.config[PCI_BASE_ADDRESS_0], 0, 24);
- memset(&pci_dev->dev.config[PCI_ROM_ADDRESS], 0, 4);
-
- snprintf(name, sizeof(name), "%sresource", dir);
-
- f = fopen(name, "r");
- if (f == NULL) {
- error_report("%s: %s: %m", __func__, name);
- return 1;
- }
-
- for (r = 0; r < PCI_ROM_SLOT; r++) {
- if (fscanf(f, "%" SCNi64 " %" SCNi64 " %" SCNi64 "\n",
- &start, &end, &flags) != 3) {
- break;
- }
-
- rp = dev->regions + r;
- rp->valid = 0;
- rp->resource_fd = -1;
- size = end - start + 1;
- flags &= IORESOURCE_IO | IORESOURCE_MEM | IORESOURCE_PREFETCH;
- if (size == 0 || (flags & ~IORESOURCE_PREFETCH) == 0) {
- continue;
- }
- if (flags & IORESOURCE_MEM) {
- flags &= ~IORESOURCE_IO;
- } else {
- flags &= ~IORESOURCE_PREFETCH;
- }
- snprintf(name, sizeof(name), "%sresource%d", dir, r);
- fd = open(name, O_RDWR);
- if (fd == -1) {
- continue;
- }
- rp->resource_fd = fd;
-
- rp->type = flags;
- rp->valid = 1;
- rp->base_addr = start;
- rp->size = size;
- pci_dev->v_addrs[r].region = rp;
- DEBUG("region %d size %" PRIu64 " start 0x%" PRIx64
- " type %d resource_fd %d\n",
- r, rp->size, start, rp->type, rp->resource_fd);
- }
-
- fclose(f);
-
- /* read and fill vendor ID */
- v = get_real_vendor_id(dir, &id);
- if (v) {
- return 1;
- }
- pci_dev->dev.config[0] = id & 0xff;
- pci_dev->dev.config[1] = (id & 0xff00) >> 8;
-
- /* read and fill device ID */
- v = get_real_device_id(dir, &id);
- if (v) {
- return 1;
- }
- pci_dev->dev.config[2] = id & 0xff;
- pci_dev->dev.config[3] = (id & 0xff00) >> 8;
-
- pci_word_test_and_clear_mask(pci_dev->emulate_config_write + PCI_COMMAND,
- PCI_COMMAND_MASTER | PCI_COMMAND_INTX_DISABLE);
-
- dev->region_number = r;
- return 0;
-}
-
-static void free_msi_virqs(AssignedDevice *dev)
-{
- int i;
-
- for (i = 0; i < dev->msi_virq_nr; i++) {
- if (dev->msi_virq[i] >= 0) {
- kvm_irqchip_release_virq(kvm_state, dev->msi_virq[i]);
- dev->msi_virq[i] = -1;
- }
- }
- g_free(dev->msi_virq);
- dev->msi_virq = NULL;
- dev->msi_virq_nr = 0;
-}
-
-static void free_assigned_device(AssignedDevice *dev)
-{
- int i;
-
- if (dev->cap.available & ASSIGNED_DEVICE_CAP_MSIX) {
- assigned_dev_unregister_msix_mmio(dev);
- }
- for (i = 0; i < dev->real_device.region_number; i++) {
- PCIRegion *pci_region = &dev->real_device.regions[i];
- AssignedDevRegion *region = &dev->v_addrs[i];
-
- if (!pci_region->valid) {
- continue;
- }
- if (pci_region->type & IORESOURCE_IO) {
- if (region->u.r_baseport) {
- memory_region_del_subregion(&region->container,
- &region->real_iomem);
- memory_region_destroy(&region->real_iomem);
- memory_region_destroy(&region->container);
- }
- } else if (pci_region->type & IORESOURCE_MEM) {
- if (region->u.r_virtbase) {
- memory_region_del_subregion(&region->container,
- &region->real_iomem);
-
- /* Remove MSI-X table subregion */
- if (pci_region->base_addr <= dev->msix_table_addr &&
- pci_region->base_addr + pci_region->size >
- dev->msix_table_addr) {
- memory_region_del_subregion(&region->container,
- &dev->mmio);
- }
-
- memory_region_destroy(&region->real_iomem);
- memory_region_destroy(&region->container);
- if (munmap(region->u.r_virtbase,
- (pci_region->size + 0xFFF) & 0xFFFFF000)) {
- error_report("Failed to unmap assigned device region: %s",
- strerror(errno));
- }
- }
- }
- if (pci_region->resource_fd >= 0) {
- close(pci_region->resource_fd);
- }
- }
-
- if (dev->real_device.config_fd >= 0) {
- close(dev->real_device.config_fd);
- }
-
- free_msi_virqs(dev);
-}
-
-static void assign_failed_examine(AssignedDevice *dev)
-{
- char name[PATH_MAX], dir[PATH_MAX], driver[PATH_MAX] = {}, *ns;
- uint16_t vendor_id, device_id;
- int r;
-
- snprintf(dir, sizeof(dir), "/sys/bus/pci/devices/%04x:%02x:%02x.%01x/",
- dev->host.domain, dev->host.bus, dev->host.slot,
- dev->host.function);
-
- snprintf(name, sizeof(name), "%sdriver", dir);
-
- r = readlink(name, driver, sizeof(driver));
- if ((r <= 0) || r >= sizeof(driver)) {
- goto fail;
- }
-
- ns = strrchr(driver, '/');
- if (!ns) {
- goto fail;
- }
-
- ns++;
-
- if (get_real_vendor_id(dir, &vendor_id) ||
- get_real_device_id(dir, &device_id)) {
- goto fail;
- }
-
- error_report("*** The driver '%s' is occupying your device "
- "%04x:%02x:%02x.%x.",
- ns, dev->host.domain, dev->host.bus, dev->host.slot,
- dev->host.function);
- error_report("***");
- error_report("*** You can try the following commands to free it:");
- error_report("***");
- error_report("*** $ echo \"%04x %04x\" > /sys/bus/pci/drivers/pci-stub/"
- "new_id", vendor_id, device_id);
- error_report("*** $ echo \"%04x:%02x:%02x.%x\" > /sys/bus/pci/drivers/"
- "%s/unbind",
- dev->host.domain, dev->host.bus, dev->host.slot,
- dev->host.function, ns);
- error_report("*** $ echo \"%04x:%02x:%02x.%x\" > /sys/bus/pci/drivers/"
- "pci-stub/bind",
- dev->host.domain, dev->host.bus, dev->host.slot,
- dev->host.function);
- error_report("*** $ echo \"%04x %04x\" > /sys/bus/pci/drivers/pci-stub"
- "/remove_id", vendor_id, device_id);
- error_report("***");
-
- return;
-
-fail:
- error_report("Couldn't find out why.");
-}
-
-static int assign_device(AssignedDevice *dev)
-{
- uint32_t flags = KVM_DEV_ASSIGN_ENABLE_IOMMU;
- int r;
-
- /* Only pass non-zero PCI segment to capable module */
- if (!kvm_check_extension(kvm_state, KVM_CAP_PCI_SEGMENT) &&
- dev->host.domain) {
- error_report("Can't assign device inside non-zero PCI segment "
- "as this KVM module doesn't support it.");
- return -ENODEV;
- }
-
- if (!kvm_check_extension(kvm_state, KVM_CAP_IOMMU)) {
- error_report("No IOMMU found. Unable to assign device \"%s\"",
- dev->dev.qdev.id);
- return -ENODEV;
- }
-
- if (dev->features & ASSIGNED_DEVICE_SHARE_INTX_MASK &&
- kvm_has_intx_set_mask()) {
- flags |= KVM_DEV_ASSIGN_PCI_2_3;
- }
-
- r = kvm_device_pci_assign(kvm_state, &dev->host, flags, &dev->dev_id);
- if (r < 0) {
- error_report("Failed to assign device \"%s\" : %s",
- dev->dev.qdev.id, strerror(-r));
-
- switch (r) {
- case -EBUSY:
- assign_failed_examine(dev);
- break;
- default:
- break;
- }
- }
- return r;
-}
-
-static bool check_irqchip_in_kernel(void)
-{
- if (kvm_irqchip_in_kernel()) {
- return true;
- }
- error_report("pci-assign: error: requires KVM with in-kernel irqchip "
- "enabled");
- return false;
-}
-
-static int assign_intx(AssignedDevice *dev)
-{
- AssignedIRQType new_type;
- PCIINTxRoute intx_route;
- bool intx_host_msi;
- int r;
-
- /* Interrupt PIN 0 means don't use INTx */
- if (assigned_dev_pci_read_byte(&dev->dev, PCI_INTERRUPT_PIN) == 0) {
- pci_device_set_intx_routing_notifier(&dev->dev, NULL);
- return 0;
- }
-
- if (!check_irqchip_in_kernel()) {
- return -ENOTSUP;
- }
-
- pci_device_set_intx_routing_notifier(&dev->dev,
- assigned_dev_update_irq_routing);
-
- intx_route = pci_device_route_intx_to_irq(&dev->dev, dev->intpin);
- assert(intx_route.mode != PCI_INTX_INVERTED);
-
- if (!pci_intx_route_changed(&dev->intx_route, &intx_route)) {
- return 0;
- }
-
- switch (dev->assigned_irq_type) {
- case ASSIGNED_IRQ_INTX_HOST_INTX:
- case ASSIGNED_IRQ_INTX_HOST_MSI:
- intx_host_msi = dev->assigned_irq_type == ASSIGNED_IRQ_INTX_HOST_MSI;
- r = kvm_device_intx_deassign(kvm_state, dev->dev_id, intx_host_msi);
- break;
- case ASSIGNED_IRQ_MSI:
- r = kvm_device_msi_deassign(kvm_state, dev->dev_id);
- break;
- case ASSIGNED_IRQ_MSIX:
- r = kvm_device_msix_deassign(kvm_state, dev->dev_id);
- break;
- default:
- r = 0;
- break;
- }
- if (r) {
- perror("assign_intx: deassignment of previous interrupt failed");
- }
- dev->assigned_irq_type = ASSIGNED_IRQ_NONE;
-
- if (intx_route.mode == PCI_INTX_DISABLED) {
- dev->intx_route = intx_route;
- return 0;
- }
-
-retry:
- if (dev->features & ASSIGNED_DEVICE_PREFER_MSI_MASK &&
- dev->cap.available & ASSIGNED_DEVICE_CAP_MSI) {
- intx_host_msi = true;
- new_type = ASSIGNED_IRQ_INTX_HOST_MSI;
- } else {
- intx_host_msi = false;
- new_type = ASSIGNED_IRQ_INTX_HOST_INTX;
- }
-
- r = kvm_device_intx_assign(kvm_state, dev->dev_id, intx_host_msi,
- intx_route.irq);
- if (r < 0) {
- if (r == -EIO && !(dev->features & ASSIGNED_DEVICE_PREFER_MSI_MASK) &&
- dev->cap.available & ASSIGNED_DEVICE_CAP_MSI) {
- /* Retry with host-side MSI. There might be an IRQ conflict and
- * either the kernel or the device doesn't support sharing. */
- error_report("Host-side INTx sharing not supported, "
- "using MSI instead.\n"
- "Some devices do not to work properly in this mode.");
- dev->features |= ASSIGNED_DEVICE_PREFER_MSI_MASK;
- goto retry;
- }
- error_report("Failed to assign irq for \"%s\": %s",
- dev->dev.qdev.id, strerror(-r));
- error_report("Perhaps you are assigning a device "
- "that shares an IRQ with another device?");
- return r;
- }
-
- dev->intx_route = intx_route;
- dev->assigned_irq_type = new_type;
- return r;
-}
-
-static void deassign_device(AssignedDevice *dev)
-{
- int r;
-
- r = kvm_device_pci_deassign(kvm_state, dev->dev_id);
- assert(r == 0);
-}
-
-/* The pci config space got updated. Check if irq numbers have changed
- * for our devices
- */
-static void assigned_dev_update_irq_routing(PCIDevice *dev)
-{
- AssignedDevice *assigned_dev = DO_UPCAST(AssignedDevice, dev, dev);
- Error *err = NULL;
- int r;
-
- r = assign_intx(assigned_dev);
- if (r < 0) {
- qdev_unplug(&dev->qdev, &err);
- assert(!err);
- }
-}
-
-static void assigned_dev_update_msi(PCIDevice *pci_dev)
-{
- AssignedDevice *assigned_dev = DO_UPCAST(AssignedDevice, dev, pci_dev);
- uint8_t ctrl_byte = pci_get_byte(pci_dev->config + pci_dev->msi_cap +
- PCI_MSI_FLAGS);
- int r;
-
- /* Some guests gratuitously disable MSI even if they're not using it,
- * try to catch this by only deassigning irqs if the guest is using
- * MSI or intends to start. */
- if (assigned_dev->assigned_irq_type == ASSIGNED_IRQ_MSI ||
- (ctrl_byte & PCI_MSI_FLAGS_ENABLE)) {
- r = kvm_device_msi_deassign(kvm_state, assigned_dev->dev_id);
- /* -ENXIO means no assigned irq */
- if (r && r != -ENXIO) {
- perror("assigned_dev_update_msi: deassign irq");
- }
-
- free_msi_virqs(assigned_dev);
-
- assigned_dev->assigned_irq_type = ASSIGNED_IRQ_NONE;
- pci_device_set_intx_routing_notifier(pci_dev, NULL);
- }
-
- if (ctrl_byte & PCI_MSI_FLAGS_ENABLE) {
- MSIMessage msg = msi_get_message(pci_dev, 0);
- int virq;
-
- virq = kvm_irqchip_add_msi_route(kvm_state, msg);
- if (virq < 0) {
- perror("assigned_dev_update_msi: kvm_irqchip_add_msi_route");
- return;
- }
-
- assigned_dev->msi_virq = g_malloc(sizeof(*assigned_dev->msi_virq));
- assigned_dev->msi_virq_nr = 1;
- assigned_dev->msi_virq[0] = virq;
- if (kvm_device_msi_assign(kvm_state, assigned_dev->dev_id, virq) < 0) {
- perror("assigned_dev_update_msi: kvm_device_msi_assign");
- }
-
- assigned_dev->intx_route.mode = PCI_INTX_DISABLED;
- assigned_dev->intx_route.irq = -1;
- assigned_dev->assigned_irq_type = ASSIGNED_IRQ_MSI;
- } else {
- assign_intx(assigned_dev);
- }
-}
-
-static bool assigned_dev_msix_masked(MSIXTableEntry *entry)
-{
- return (entry->ctrl & cpu_to_le32(0x1)) != 0;
-}
-
-static int assigned_dev_update_msix_mmio(PCIDevice *pci_dev)
-{
- AssignedDevice *adev = DO_UPCAST(AssignedDevice, dev, pci_dev);
- uint16_t entries_nr = 0;
- int i, r = 0;
- MSIXTableEntry *entry = adev->msix_table;
- MSIMessage msg;
-
- /* Get the usable entry number for allocating */
- for (i = 0; i < adev->msix_max; i++, entry++) {
- if (assigned_dev_msix_masked(entry)) {
- continue;
- }
- entries_nr++;
- }
-
- DEBUG("MSI-X entries: %d\n", entries_nr);
-
- /* It's valid to enable MSI-X with all entries masked */
- if (!entries_nr) {
- return 0;
- }
-
- r = kvm_device_msix_init_vectors(kvm_state, adev->dev_id, entries_nr);
- if (r != 0) {
- error_report("fail to set MSI-X entry number for MSIX! %s",
- strerror(-r));
- return r;
- }
-
- free_msi_virqs(adev);
-
- adev->msi_virq_nr = adev->msix_max;
- adev->msi_virq = g_malloc(adev->msix_max * sizeof(*adev->msi_virq));
-
- entry = adev->msix_table;
- for (i = 0; i < adev->msix_max; i++, entry++) {
- adev->msi_virq[i] = -1;
-
- if (assigned_dev_msix_masked(entry)) {
- continue;
- }
-
- msg.address = entry->addr_lo | ((uint64_t)entry->addr_hi << 32);
- msg.data = entry->data;
- r = kvm_irqchip_add_msi_route(kvm_state, msg);
- if (r < 0) {
- return r;
- }
- adev->msi_virq[i] = r;
-
- DEBUG("MSI-X vector %d, gsi %d, addr %08x_%08x, data %08x\n", i,
- r, entry->addr_hi, entry->addr_lo, entry->data);
-
- r = kvm_device_msix_set_vector(kvm_state, adev->dev_id, i,
- adev->msi_virq[i]);
- if (r) {
- error_report("fail to set MSI-X entry! %s", strerror(-r));
- break;
- }
- }
-
- return r;
-}
-
-static void assigned_dev_update_msix(PCIDevice *pci_dev)
-{
- AssignedDevice *assigned_dev = DO_UPCAST(AssignedDevice, dev, pci_dev);
- uint16_t ctrl_word = pci_get_word(pci_dev->config + pci_dev->msix_cap +
- PCI_MSIX_FLAGS);
- int r;
-
- /* Some guests gratuitously disable MSIX even if they're not using it,
- * try to catch this by only deassigning irqs if the guest is using
- * MSIX or intends to start. */
- if ((assigned_dev->assigned_irq_type == ASSIGNED_IRQ_MSIX) ||
- (ctrl_word & PCI_MSIX_FLAGS_ENABLE)) {
- r = kvm_device_msix_deassign(kvm_state, assigned_dev->dev_id);
- /* -ENXIO means no assigned irq */
- if (r && r != -ENXIO) {
- perror("assigned_dev_update_msix: deassign irq");
- }
-
- free_msi_virqs(assigned_dev);
-
- assigned_dev->assigned_irq_type = ASSIGNED_IRQ_NONE;
- pci_device_set_intx_routing_notifier(pci_dev, NULL);
- }
-
- if (ctrl_word & PCI_MSIX_FLAGS_ENABLE) {
- if (assigned_dev_update_msix_mmio(pci_dev) < 0) {
- perror("assigned_dev_update_msix_mmio");
- return;
- }
-
- if (assigned_dev->msi_virq_nr > 0) {
- if (kvm_device_msix_assign(kvm_state, assigned_dev->dev_id) < 0) {
- perror("assigned_dev_enable_msix: assign irq");
- return;
- }
- }
- assigned_dev->intx_route.mode = PCI_INTX_DISABLED;
- assigned_dev->intx_route.irq = -1;
- assigned_dev->assigned_irq_type = ASSIGNED_IRQ_MSIX;
- } else {
- assign_intx(assigned_dev);
- }
-}
-
-static uint32_t assigned_dev_pci_read_config(PCIDevice *pci_dev,
- uint32_t address, int len)
-{
- AssignedDevice *assigned_dev = DO_UPCAST(AssignedDevice, dev, pci_dev);
- uint32_t virt_val = pci_default_read_config(pci_dev, address, len);
- uint32_t real_val, emulate_mask, full_emulation_mask;
-
- emulate_mask = 0;
- memcpy(&emulate_mask, assigned_dev->emulate_config_read + address, len);
- emulate_mask = le32_to_cpu(emulate_mask);
-
- full_emulation_mask = 0xffffffff >> (32 - len * 8);
-
- if (emulate_mask != full_emulation_mask) {
- real_val = assigned_dev_pci_read(pci_dev, address, len);
- return (virt_val & emulate_mask) | (real_val & ~emulate_mask);
- } else {
- return virt_val;
- }
-}
-
-static void assigned_dev_pci_write_config(PCIDevice *pci_dev, uint32_t address,
- uint32_t val, int len)
-{
- AssignedDevice *assigned_dev = DO_UPCAST(AssignedDevice, dev, pci_dev);
- uint16_t old_cmd = pci_get_word(pci_dev->config + PCI_COMMAND);
- uint32_t emulate_mask, full_emulation_mask;
- int ret;
-
- pci_default_write_config(pci_dev, address, val, len);
-
- if (kvm_has_intx_set_mask() &&
- range_covers_byte(address, len, PCI_COMMAND + 1)) {
- bool intx_masked = (pci_get_word(pci_dev->config + PCI_COMMAND) &
- PCI_COMMAND_INTX_DISABLE);
-
- if (intx_masked != !!(old_cmd & PCI_COMMAND_INTX_DISABLE)) {
- ret = kvm_device_intx_set_mask(kvm_state, assigned_dev->dev_id,
- intx_masked);
- if (ret) {
- perror("assigned_dev_pci_write_config: set intx mask");
- }
- }
- }
- if (assigned_dev->cap.available & ASSIGNED_DEVICE_CAP_MSI) {
- if (range_covers_byte(address, len,
- pci_dev->msi_cap + PCI_MSI_FLAGS)) {
- assigned_dev_update_msi(pci_dev);
- }
- }
- if (assigned_dev->cap.available & ASSIGNED_DEVICE_CAP_MSIX) {
- if (range_covers_byte(address, len,
- pci_dev->msix_cap + PCI_MSIX_FLAGS + 1)) {
- assigned_dev_update_msix(pci_dev);
- }
- }
-
- emulate_mask = 0;
- memcpy(&emulate_mask, assigned_dev->emulate_config_write + address, len);
- emulate_mask = le32_to_cpu(emulate_mask);
-
- full_emulation_mask = 0xffffffff >> (32 - len * 8);
-
- if (emulate_mask != full_emulation_mask) {
- if (emulate_mask) {
- val &= ~emulate_mask;
- val |= assigned_dev_pci_read(pci_dev, address, len) & emulate_mask;
- }
- assigned_dev_pci_write(pci_dev, address, val, len);
- }
-}
-
-static void assigned_dev_setup_cap_read(AssignedDevice *dev, uint32_t offset,
- uint32_t len)
-{
- assigned_dev_direct_config_read(dev, offset, len);
- assigned_dev_emulate_config_read(dev, offset + PCI_CAP_LIST_NEXT, 1);
-}
-
-static int assigned_device_pci_cap_init(PCIDevice *pci_dev)
-{
- AssignedDevice *dev = DO_UPCAST(AssignedDevice, dev, pci_dev);
- PCIRegion *pci_region = dev->real_device.regions;
- int ret, pos;
-
- /* Clear initial capabilities pointer and status copied from hw */
- pci_set_byte(pci_dev->config + PCI_CAPABILITY_LIST, 0);
- pci_set_word(pci_dev->config + PCI_STATUS,
- pci_get_word(pci_dev->config + PCI_STATUS) &
- ~PCI_STATUS_CAP_LIST);
-
- /* Expose MSI capability
- * MSI capability is the 1st capability in capability config */
- pos = pci_find_cap_offset(pci_dev, PCI_CAP_ID_MSI, 0);
- if (pos != 0 && kvm_check_extension(kvm_state, KVM_CAP_ASSIGN_DEV_IRQ)) {
- if (!check_irqchip_in_kernel()) {
- return -ENOTSUP;
- }
- dev->cap.available |= ASSIGNED_DEVICE_CAP_MSI;
- /* Only 32-bit/no-mask currently supported */
- ret = pci_add_capability(pci_dev, PCI_CAP_ID_MSI, pos, 10);
- if (ret < 0) {
- return ret;
- }
- pci_dev->msi_cap = pos;
-
- pci_set_word(pci_dev->config + pos + PCI_MSI_FLAGS,
- pci_get_word(pci_dev->config + pos + PCI_MSI_FLAGS) &
- PCI_MSI_FLAGS_QMASK);
- pci_set_long(pci_dev->config + pos + PCI_MSI_ADDRESS_LO, 0);
- pci_set_word(pci_dev->config + pos + PCI_MSI_DATA_32, 0);
-
- /* Set writable fields */
- pci_set_word(pci_dev->wmask + pos + PCI_MSI_FLAGS,
- PCI_MSI_FLAGS_QSIZE | PCI_MSI_FLAGS_ENABLE);
- pci_set_long(pci_dev->wmask + pos + PCI_MSI_ADDRESS_LO, 0xfffffffc);
- pci_set_word(pci_dev->wmask + pos + PCI_MSI_DATA_32, 0xffff);
- }
- /* Expose MSI-X capability */
- pos = pci_find_cap_offset(pci_dev, PCI_CAP_ID_MSIX, 0);
- if (pos != 0 && kvm_device_msix_supported(kvm_state)) {
- int bar_nr;
- uint32_t msix_table_entry;
-
- if (!check_irqchip_in_kernel()) {
- return -ENOTSUP;
- }
- dev->cap.available |= ASSIGNED_DEVICE_CAP_MSIX;
- ret = pci_add_capability(pci_dev, PCI_CAP_ID_MSIX, pos, 12);
- if (ret < 0) {
- return ret;
- }
- pci_dev->msix_cap = pos;
-
- pci_set_word(pci_dev->config + pos + PCI_MSIX_FLAGS,
- pci_get_word(pci_dev->config + pos + PCI_MSIX_FLAGS) &
- PCI_MSIX_FLAGS_QSIZE);
-
- /* Only enable and function mask bits are writable */
- pci_set_word(pci_dev->wmask + pos + PCI_MSIX_FLAGS,
- PCI_MSIX_FLAGS_ENABLE | PCI_MSIX_FLAGS_MASKALL);
-
- msix_table_entry = pci_get_long(pci_dev->config + pos + PCI_MSIX_TABLE);
- bar_nr = msix_table_entry & PCI_MSIX_FLAGS_BIRMASK;
- msix_table_entry &= ~PCI_MSIX_FLAGS_BIRMASK;
- dev->msix_table_addr = pci_region[bar_nr].base_addr + msix_table_entry;
- dev->msix_max = pci_get_word(pci_dev->config + pos + PCI_MSIX_FLAGS);
- dev->msix_max &= PCI_MSIX_FLAGS_QSIZE;
- dev->msix_max += 1;
- }
-
- /* Minimal PM support, nothing writable, device appears to NAK changes */
- pos = pci_find_cap_offset(pci_dev, PCI_CAP_ID_PM, 0);
- if (pos) {
- uint16_t pmc;
-
- ret = pci_add_capability(pci_dev, PCI_CAP_ID_PM, pos, PCI_PM_SIZEOF);
- if (ret < 0) {
- return ret;
- }
-
- assigned_dev_setup_cap_read(dev, pos, PCI_PM_SIZEOF);
-
- pmc = pci_get_word(pci_dev->config + pos + PCI_CAP_FLAGS);
- pmc &= (PCI_PM_CAP_VER_MASK | PCI_PM_CAP_DSI);
- pci_set_word(pci_dev->config + pos + PCI_CAP_FLAGS, pmc);
-
- /* assign_device will bring the device up to D0, so we don't need
- * to worry about doing that ourselves here. */
- pci_set_word(pci_dev->config + pos + PCI_PM_CTRL,
- PCI_PM_CTRL_NO_SOFT_RESET);
-
- pci_set_byte(pci_dev->config + pos + PCI_PM_PPB_EXTENSIONS, 0);
- pci_set_byte(pci_dev->config + pos + PCI_PM_DATA_REGISTER, 0);
- }
-
- pos = pci_find_cap_offset(pci_dev, PCI_CAP_ID_EXP, 0);
- if (pos) {
- uint8_t version, size = 0;
- uint16_t type, devctl, lnksta;
- uint32_t devcap, lnkcap;
-
- version = pci_get_byte(pci_dev->config + pos + PCI_EXP_FLAGS);
- version &= PCI_EXP_FLAGS_VERS;
- if (version == 1) {
- size = 0x14;
- } else if (version == 2) {
- /*
- * Check for non-std size, accept reduced size to 0x34,
- * which is what bcm5761 implemented, violating the
- * PCIe v3.0 spec that regs should exist and be read as 0,
- * not optionally provided and shorten the struct size.
- */
- size = MIN(0x3c, PCI_CONFIG_SPACE_SIZE - pos);
- if (size < 0x34) {
- error_report("%s: Invalid size PCIe cap-id 0x%x",
- __func__, PCI_CAP_ID_EXP);
- return -EINVAL;
- } else if (size != 0x3c) {
- error_report("WARNING, %s: PCIe cap-id 0x%x has "
- "non-standard size 0x%x; std size should be 0x3c",
- __func__, PCI_CAP_ID_EXP, size);
- }
- } else if (version == 0) {
- uint16_t vid, did;
- vid = pci_get_word(pci_dev->config + PCI_VENDOR_ID);
- did = pci_get_word(pci_dev->config + PCI_DEVICE_ID);
- if (vid == PCI_VENDOR_ID_INTEL && did == 0x10ed) {
- /*
- * quirk for Intel 82599 VF with invalid PCIe capability
- * version, should really be version 2 (same as PF)
- */
- size = 0x3c;
- }
- }
-
- if (size == 0) {
- error_report("%s: Unsupported PCI express capability version %d",
- __func__, version);
- return -EINVAL;
- }
-
- ret = pci_add_capability(pci_dev, PCI_CAP_ID_EXP, pos, size);
- if (ret < 0) {
- return ret;
- }
-
- assigned_dev_setup_cap_read(dev, pos, size);
-
- type = pci_get_word(pci_dev->config + pos + PCI_EXP_FLAGS);
- type = (type & PCI_EXP_FLAGS_TYPE) >> 4;
- if (type != PCI_EXP_TYPE_ENDPOINT &&
- type != PCI_EXP_TYPE_LEG_END && type != PCI_EXP_TYPE_RC_END) {
- error_report("Device assignment only supports endpoint assignment,"
- " device type %d", type);
- return -EINVAL;
- }
-
- /* capabilities, pass existing read-only copy
- * PCI_EXP_FLAGS_IRQ: updated by hardware, should be direct read */
-
- /* device capabilities: hide FLR */
- devcap = pci_get_long(pci_dev->config + pos + PCI_EXP_DEVCAP);
- devcap &= ~PCI_EXP_DEVCAP_FLR;
- pci_set_long(pci_dev->config + pos + PCI_EXP_DEVCAP, devcap);
-
- /* device control: clear all error reporting enable bits, leaving
- * only a few host values. Note, these are
- * all writable, but not passed to hw.
- */
- devctl = pci_get_word(pci_dev->config + pos + PCI_EXP_DEVCTL);
- devctl = (devctl & (PCI_EXP_DEVCTL_READRQ | PCI_EXP_DEVCTL_PAYLOAD)) |
- PCI_EXP_DEVCTL_RELAX_EN | PCI_EXP_DEVCTL_NOSNOOP_EN;
- pci_set_word(pci_dev->config + pos + PCI_EXP_DEVCTL, devctl);
- devctl = PCI_EXP_DEVCTL_BCR_FLR | PCI_EXP_DEVCTL_AUX_PME;
- pci_set_word(pci_dev->wmask + pos + PCI_EXP_DEVCTL, ~devctl);
-
- /* Clear device status */
- pci_set_word(pci_dev->config + pos + PCI_EXP_DEVSTA, 0);
-
- /* Link capabilities, expose links and latencues, clear reporting */
- lnkcap = pci_get_long(pci_dev->config + pos + PCI_EXP_LNKCAP);
- lnkcap &= (PCI_EXP_LNKCAP_SLS | PCI_EXP_LNKCAP_MLW |
- PCI_EXP_LNKCAP_ASPMS | PCI_EXP_LNKCAP_L0SEL |
- PCI_EXP_LNKCAP_L1EL);
- pci_set_long(pci_dev->config + pos + PCI_EXP_LNKCAP, lnkcap);
-
- /* Link control, pass existing read-only copy. Should be writable? */
-
- /* Link status, only expose current speed and width */
- lnksta = pci_get_word(pci_dev->config + pos + PCI_EXP_LNKSTA);
- lnksta &= (PCI_EXP_LNKSTA_CLS | PCI_EXP_LNKSTA_NLW);
- pci_set_word(pci_dev->config + pos + PCI_EXP_LNKSTA, lnksta);
-
- if (version >= 2) {
- /* Slot capabilities, control, status - not needed for endpoints */
- pci_set_long(pci_dev->config + pos + PCI_EXP_SLTCAP, 0);
- pci_set_word(pci_dev->config + pos + PCI_EXP_SLTCTL, 0);
- pci_set_word(pci_dev->config + pos + PCI_EXP_SLTSTA, 0);
-
- /* Root control, capabilities, status - not needed for endpoints */
- pci_set_word(pci_dev->config + pos + PCI_EXP_RTCTL, 0);
- pci_set_word(pci_dev->config + pos + PCI_EXP_RTCAP, 0);
- pci_set_long(pci_dev->config + pos + PCI_EXP_RTSTA, 0);
-
- /* Device capabilities/control 2, pass existing read-only copy */
- /* Link control 2, pass existing read-only copy */
- }
- }
-
- pos = pci_find_cap_offset(pci_dev, PCI_CAP_ID_PCIX, 0);
- if (pos) {
- uint16_t cmd;
- uint32_t status;
-
- /* Only expose the minimum, 8 byte capability */
- ret = pci_add_capability(pci_dev, PCI_CAP_ID_PCIX, pos, 8);
- if (ret < 0) {
- return ret;
- }
-
- assigned_dev_setup_cap_read(dev, pos, 8);
-
- /* Command register, clear upper bits, including extended modes */
- cmd = pci_get_word(pci_dev->config + pos + PCI_X_CMD);
- cmd &= (PCI_X_CMD_DPERR_E | PCI_X_CMD_ERO | PCI_X_CMD_MAX_READ |
- PCI_X_CMD_MAX_SPLIT);
- pci_set_word(pci_dev->config + pos + PCI_X_CMD, cmd);
-
- /* Status register, update with emulated PCI bus location, clear
- * error bits, leave the rest. */
- status = pci_get_long(pci_dev->config + pos + PCI_X_STATUS);
- status &= ~(PCI_X_STATUS_BUS | PCI_X_STATUS_DEVFN);
- status |= (pci_bus_num(pci_dev->bus) << 8) | pci_dev->devfn;
- status &= ~(PCI_X_STATUS_SPL_DISC | PCI_X_STATUS_UNX_SPL |
- PCI_X_STATUS_SPL_ERR);
- pci_set_long(pci_dev->config + pos + PCI_X_STATUS, status);
- }
-
- pos = pci_find_cap_offset(pci_dev, PCI_CAP_ID_VPD, 0);
- if (pos) {
- /* Direct R/W passthrough */
- ret = pci_add_capability(pci_dev, PCI_CAP_ID_VPD, pos, 8);
- if (ret < 0) {
- return ret;
- }
-
- assigned_dev_setup_cap_read(dev, pos, 8);
-
- /* direct write for cap content */
- assigned_dev_direct_config_write(dev, pos + 2, 6);
- }
-
- /* Devices can have multiple vendor capabilities, get them all */
- for (pos = 0; (pos = pci_find_cap_offset(pci_dev, PCI_CAP_ID_VNDR, pos));
- pos += PCI_CAP_LIST_NEXT) {
- uint8_t len = pci_get_byte(pci_dev->config + pos + PCI_CAP_FLAGS);
- /* Direct R/W passthrough */
- ret = pci_add_capability(pci_dev, PCI_CAP_ID_VNDR, pos, len);
- if (ret < 0) {
- return ret;
- }
-
- assigned_dev_setup_cap_read(dev, pos, len);
-
- /* direct write for cap content */
- assigned_dev_direct_config_write(dev, pos + 2, len - 2);
- }
-
- /* If real and virtual capability list status bits differ, virtualize the
- * access. */
- if ((pci_get_word(pci_dev->config + PCI_STATUS) & PCI_STATUS_CAP_LIST) !=
- (assigned_dev_pci_read_byte(pci_dev, PCI_STATUS) &
- PCI_STATUS_CAP_LIST)) {
- dev->emulate_config_read[PCI_STATUS] |= PCI_STATUS_CAP_LIST;
- }
-
- return 0;
-}
-
-static uint64_t
-assigned_dev_msix_mmio_read(void *opaque, hwaddr addr,
- unsigned size)
-{
- AssignedDevice *adev = opaque;
- uint64_t val;
-
- memcpy(&val, (void *)((uint8_t *)adev->msix_table + addr), size);
-
- return val;
-}
-
-static void assigned_dev_msix_mmio_write(void *opaque, hwaddr addr,
- uint64_t val, unsigned size)
-{
- AssignedDevice *adev = opaque;
- PCIDevice *pdev = &adev->dev;
- uint16_t ctrl;
- MSIXTableEntry orig;
- int i = addr >> 4;
-
- if (i >= adev->msix_max) {
- return; /* Drop write */
- }
-
- ctrl = pci_get_word(pdev->config + pdev->msix_cap + PCI_MSIX_FLAGS);
-
- DEBUG("write to MSI-X table offset 0x%lx, val 0x%lx\n", addr, val);
-
- if (ctrl & PCI_MSIX_FLAGS_ENABLE) {
- orig = adev->msix_table[i];
- }
-
- memcpy((uint8_t *)adev->msix_table + addr, &val, size);
-
- if (ctrl & PCI_MSIX_FLAGS_ENABLE) {
- MSIXTableEntry *entry = &adev->msix_table[i];
-
- if (!assigned_dev_msix_masked(&orig) &&
- assigned_dev_msix_masked(entry)) {
- /*
- * Vector masked, disable it
- *
- * XXX It's not clear if we can or should actually attempt
- * to mask or disable the interrupt. KVM doesn't have
- * support for pending bits and kvm_assign_set_msix_entry
- * doesn't modify the device hardware mask. Interrupts
- * while masked are simply not injected to the guest, so
- * are lost. Can we get away with always injecting an
- * interrupt on unmask?
- */
- } else if (assigned_dev_msix_masked(&orig) &&
- !assigned_dev_msix_masked(entry)) {
- /* Vector unmasked */
- if (i >= adev->msi_virq_nr || adev->msi_virq[i] < 0) {
- /* Previously unassigned vector, start from scratch */
- assigned_dev_update_msix(pdev);
- return;
- } else {
- /* Update an existing, previously masked vector */
- MSIMessage msg;
- int ret;
-
- msg.address = entry->addr_lo |
- ((uint64_t)entry->addr_hi << 32);
- msg.data = entry->data;
-
- ret = kvm_irqchip_update_msi_route(kvm_state,
- adev->msi_virq[i], msg);
- if (ret) {
- error_report("Error updating irq routing entry (%d)", ret);
- }
- }
- }
- }
-}
-
-static const MemoryRegionOps assigned_dev_msix_mmio_ops = {
- .read = assigned_dev_msix_mmio_read,
- .write = assigned_dev_msix_mmio_write,
- .endianness = DEVICE_NATIVE_ENDIAN,
- .valid = {
- .min_access_size = 4,
- .max_access_size = 8,
- },
- .impl = {
- .min_access_size = 4,
- .max_access_size = 8,
- },
-};
-
-static void assigned_dev_msix_reset(AssignedDevice *dev)
-{
- MSIXTableEntry *entry;
- int i;
-
- if (!dev->msix_table) {
- return;
- }
-
- memset(dev->msix_table, 0, MSIX_PAGE_SIZE);
-
- for (i = 0, entry = dev->msix_table; i < dev->msix_max; i++, entry++) {
- entry->ctrl = cpu_to_le32(0x1); /* Masked */
- }
-}
-
-static int assigned_dev_register_msix_mmio(AssignedDevice *dev)
-{
- dev->msix_table = mmap(NULL, MSIX_PAGE_SIZE, PROT_READ|PROT_WRITE,
- MAP_ANONYMOUS|MAP_PRIVATE, 0, 0);
- if (dev->msix_table == MAP_FAILED) {
- error_report("fail allocate msix_table! %s", strerror(errno));
- return -EFAULT;
- }
-
- assigned_dev_msix_reset(dev);
-
- memory_region_init_io(&dev->mmio, &assigned_dev_msix_mmio_ops, dev,
- "assigned-dev-msix", MSIX_PAGE_SIZE);
- return 0;
-}
-
-static void assigned_dev_unregister_msix_mmio(AssignedDevice *dev)
-{
- if (!dev->msix_table) {
- return;
- }
-
- memory_region_destroy(&dev->mmio);
-
- if (munmap(dev->msix_table, MSIX_PAGE_SIZE) == -1) {
- error_report("error unmapping msix_table! %s", strerror(errno));
- }
- dev->msix_table = NULL;
-}
-
-static const VMStateDescription vmstate_assigned_device = {
- .name = "pci-assign",
- .unmigratable = 1,
-};
-
-static void reset_assigned_device(DeviceState *dev)
-{
- PCIDevice *pci_dev = DO_UPCAST(PCIDevice, qdev, dev);
- AssignedDevice *adev = DO_UPCAST(AssignedDevice, dev, pci_dev);
- char reset_file[64];
- const char reset[] = "1";
- int fd, ret;
-
- /*
- * If a guest is reset without being shutdown, MSI/MSI-X can still
- * be running. We want to return the device to a known state on
- * reset, so disable those here. We especially do not want MSI-X
- * enabled since it lives in MMIO space, which is about to get
- * disabled.
- */
- if (adev->assigned_irq_type == ASSIGNED_IRQ_MSIX) {
- uint16_t ctrl = pci_get_word(pci_dev->config +
- pci_dev->msix_cap + PCI_MSIX_FLAGS);
-
- pci_set_word(pci_dev->config + pci_dev->msix_cap + PCI_MSIX_FLAGS,
- ctrl & ~PCI_MSIX_FLAGS_ENABLE);
- assigned_dev_update_msix(pci_dev);
- } else if (adev->assigned_irq_type == ASSIGNED_IRQ_MSI) {
- uint8_t ctrl = pci_get_byte(pci_dev->config +
- pci_dev->msi_cap + PCI_MSI_FLAGS);
-
- pci_set_byte(pci_dev->config + pci_dev->msi_cap + PCI_MSI_FLAGS,
- ctrl & ~PCI_MSI_FLAGS_ENABLE);
- assigned_dev_update_msi(pci_dev);
- }
-
- snprintf(reset_file, sizeof(reset_file),
- "/sys/bus/pci/devices/%04x:%02x:%02x.%01x/reset",
- adev->host.domain, adev->host.bus, adev->host.slot,
- adev->host.function);
-
- /*
- * Issue a device reset via pci-sysfs. Note that we use write(2) here
- * and ignore the return value because some kernels have a bug that
- * returns 0 rather than bytes written on success, sending us into an
- * infinite retry loop using other write mechanisms.
- */
- fd = open(reset_file, O_WRONLY);
- if (fd != -1) {
- ret = write(fd, reset, strlen(reset));
- (void)ret;
- close(fd);
- }
-
- /*
- * When a 0 is written to the bus master register, the device is logically
- * disconnected from the PCI bus. This avoids further DMA transfers.
- */
- assigned_dev_pci_write_config(pci_dev, PCI_COMMAND, 0, 1);
-}
-
-static int assigned_initfn(struct PCIDevice *pci_dev)
-{
- AssignedDevice *dev = DO_UPCAST(AssignedDevice, dev, pci_dev);
- uint8_t e_intx;
- int r;
-
- if (!kvm_enabled()) {
- error_report("pci-assign: error: requires KVM support");
- return -1;
- }
-
- if (!dev->host.domain && !dev->host.bus && !dev->host.slot &&
- !dev->host.function) {
- error_report("pci-assign: error: no host device specified");
- return -1;
- }
-
- /*
- * Set up basic config space access control. Will be further refined during
- * device initialization.
- */
- assigned_dev_emulate_config_read(dev, 0, PCI_CONFIG_SPACE_SIZE);
- assigned_dev_direct_config_read(dev, PCI_STATUS, 2);
- assigned_dev_direct_config_read(dev, PCI_REVISION_ID, 1);
- assigned_dev_direct_config_read(dev, PCI_CLASS_PROG, 3);
- assigned_dev_direct_config_read(dev, PCI_CACHE_LINE_SIZE, 1);
- assigned_dev_direct_config_read(dev, PCI_LATENCY_TIMER, 1);
- assigned_dev_direct_config_read(dev, PCI_BIST, 1);
- assigned_dev_direct_config_read(dev, PCI_CARDBUS_CIS, 4);
- assigned_dev_direct_config_read(dev, PCI_SUBSYSTEM_VENDOR_ID, 2);
- assigned_dev_direct_config_read(dev, PCI_SUBSYSTEM_ID, 2);
- assigned_dev_direct_config_read(dev, PCI_CAPABILITY_LIST + 1, 7);
- assigned_dev_direct_config_read(dev, PCI_MIN_GNT, 1);
- assigned_dev_direct_config_read(dev, PCI_MAX_LAT, 1);
- memcpy(dev->emulate_config_write, dev->emulate_config_read,
- sizeof(dev->emulate_config_read));
-
- if (get_real_device(dev, dev->host.domain, dev->host.bus,
- dev->host.slot, dev->host.function)) {
- error_report("pci-assign: Error: Couldn't get real device (%s)!",
- dev->dev.qdev.id);
- goto out;
- }
-
- if (assigned_device_pci_cap_init(pci_dev) < 0) {
- goto out;
- }
-
- /* intercept MSI-X entry page in the MMIO */
- if (dev->cap.available & ASSIGNED_DEVICE_CAP_MSIX) {
- if (assigned_dev_register_msix_mmio(dev)) {
- goto out;
- }
- }
-
- /* handle real device's MMIO/PIO BARs */
- if (assigned_dev_register_regions(dev->real_device.regions,
- dev->real_device.region_number,
- dev)) {
- goto out;
- }
-
- /* handle interrupt routing */
- e_intx = dev->dev.config[PCI_INTERRUPT_PIN] - 1;
- dev->intpin = e_intx;
- dev->intx_route.mode = PCI_INTX_DISABLED;
- dev->intx_route.irq = -1;
-
- /* assign device to guest */
- r = assign_device(dev);
- if (r < 0) {
- goto out;
- }
-
- /* assign legacy INTx to the device */
- r = assign_intx(dev);
- if (r < 0) {
- goto assigned_out;
- }
-
- assigned_dev_load_option_rom(dev);
-
- add_boot_device_path(dev->bootindex, &pci_dev->qdev, NULL);
-
- return 0;
-
-assigned_out:
- deassign_device(dev);
-out:
- free_assigned_device(dev);
- return -1;
-}
-
-static void assigned_exitfn(struct PCIDevice *pci_dev)
-{
- AssignedDevice *dev = DO_UPCAST(AssignedDevice, dev, pci_dev);
-
- deassign_device(dev);
- free_assigned_device(dev);
-}
-
-static Property assigned_dev_properties[] = {
- DEFINE_PROP_PCI_HOST_DEVADDR("host", AssignedDevice, host),
- DEFINE_PROP_BIT("prefer_msi", AssignedDevice, features,
- ASSIGNED_DEVICE_PREFER_MSI_BIT, false),
- DEFINE_PROP_BIT("share_intx", AssignedDevice, features,
- ASSIGNED_DEVICE_SHARE_INTX_BIT, true),
- DEFINE_PROP_INT32("bootindex", AssignedDevice, bootindex, -1),
- DEFINE_PROP_STRING("configfd", AssignedDevice, configfd_name),
- DEFINE_PROP_END_OF_LIST(),
-};
-
-static void assign_class_init(ObjectClass *klass, void *data)
-{
- PCIDeviceClass *k = PCI_DEVICE_CLASS(klass);
- DeviceClass *dc = DEVICE_CLASS(klass);
-
- k->init = assigned_initfn;
- k->exit = assigned_exitfn;
- k->config_read = assigned_dev_pci_read_config;
- k->config_write = assigned_dev_pci_write_config;
- dc->props = assigned_dev_properties;
- dc->vmsd = &vmstate_assigned_device;
- dc->reset = reset_assigned_device;
- dc->desc = "KVM-based PCI passthrough";
-}
-
-static const TypeInfo assign_info = {
- .name = "kvm-pci-assign",
- .parent = TYPE_PCI_DEVICE,
- .instance_size = sizeof(AssignedDevice),
- .class_init = assign_class_init,
-};
-
-static void assign_register_types(void)
-{
- type_register_static(&assign_info);
-}
-
-type_init(assign_register_types)
-
-/*
- * Scan the assigned devices for the devices that have an option ROM, and then
- * load the corresponding ROM data to RAM. If an error occurs while loading an
- * option ROM, we just ignore that option ROM and continue with the next one.
- */
-static void assigned_dev_load_option_rom(AssignedDevice *dev)
-{
- char name[32], rom_file[64];
- FILE *fp;
- uint8_t val;
- struct stat st;
- void *ptr;
-
- /* If loading ROM from file, pci handles it */
- if (dev->dev.romfile || !dev->dev.rom_bar) {
- return;
- }
-
- snprintf(rom_file, sizeof(rom_file),
- "/sys/bus/pci/devices/%04x:%02x:%02x.%01x/rom",
- dev->host.domain, dev->host.bus, dev->host.slot,
- dev->host.function);
-
- if (stat(rom_file, &st)) {
- return;
- }
-
- if (access(rom_file, F_OK)) {
- error_report("pci-assign: Insufficient privileges for %s", rom_file);
- return;
- }
-
- /* Write "1" to the ROM file to enable it */
- fp = fopen(rom_file, "r+");
- if (fp == NULL) {
- return;
- }
- val = 1;
- if (fwrite(&val, 1, 1, fp) != 1) {
- goto close_rom;
- }
- fseek(fp, 0, SEEK_SET);
-
- snprintf(name, sizeof(name), "%s.rom",
- object_get_typename(OBJECT(dev)));
- memory_region_init_ram(&dev->dev.rom, name, st.st_size);
- vmstate_register_ram(&dev->dev.rom, &dev->dev.qdev);
- ptr = memory_region_get_ram_ptr(&dev->dev.rom);
- memset(ptr, 0xff, st.st_size);
-
- if (!fread(ptr, 1, st.st_size, fp)) {
- error_report("pci-assign: Cannot read from host %s\n"
- "\tDevice option ROM contents are probably invalid "
- "(check dmesg).\n\tSkip option ROM probe with rombar=0, "
- "or load from file with romfile=", rom_file);
- memory_region_destroy(&dev->dev.rom);
- goto close_rom;
- }
-
- pci_register_bar(&dev->dev, PCI_ROM_SLOT, 0, &dev->dev.rom);
- dev->dev.has_rom = true;
-close_rom:
- /* Write "0" to disable ROM */
- fseek(fp, 0, SEEK_SET);
- val = 0;
- if (!fwrite(&val, 1, 1, fp)) {
- DEBUG("%s\n", "Failed to disable pci-sysfs rom file");
- }
- fclose(fp);
-}
diff --git a/hw/kvmvapic.c b/hw/kvmvapic.c
deleted file mode 100644
index e04c4011d..000000000
--- a/hw/kvmvapic.c
+++ /dev/null
@@ -1,821 +0,0 @@
-/*
- * TPR optimization for 32-bit Windows guests (XP and Server 2003)
- *
- * Copyright (C) 2007-2008 Qumranet Technologies
- * Copyright (C) 2012 Jan Kiszka, Siemens AG
- *
- * This work is licensed under the terms of the GNU GPL version 2, or
- * (at your option) any later version. See the COPYING file in the
- * top-level directory.
- */
-#include "sysemu.h"
-#include "cpus.h"
-#include "kvm.h"
-#include "apic_internal.h"
-
-#define APIC_DEFAULT_ADDRESS 0xfee00000
-
-#define VAPIC_IO_PORT 0x7e
-
-#define VAPIC_CPU_SHIFT 7
-
-#define ROM_BLOCK_SIZE 512
-#define ROM_BLOCK_MASK (~(ROM_BLOCK_SIZE - 1))
-
-typedef enum VAPICMode {
- VAPIC_INACTIVE = 0,
- VAPIC_ACTIVE = 1,
- VAPIC_STANDBY = 2,
-} VAPICMode;
-
-typedef struct VAPICHandlers {
- uint32_t set_tpr;
- uint32_t set_tpr_eax;
- uint32_t get_tpr[8];
- uint32_t get_tpr_stack;
-} QEMU_PACKED VAPICHandlers;
-
-typedef struct GuestROMState {
- char signature[8];
- uint32_t vaddr;
- uint32_t fixup_start;
- uint32_t fixup_end;
- uint32_t vapic_vaddr;
- uint32_t vapic_size;
- uint32_t vcpu_shift;
- uint32_t real_tpr_addr;
- VAPICHandlers up;
- VAPICHandlers mp;
-} QEMU_PACKED GuestROMState;
-
-typedef struct VAPICROMState {
- SysBusDevice busdev;
- MemoryRegion io;
- MemoryRegion rom;
- uint32_t state;
- uint32_t rom_state_paddr;
- uint32_t rom_state_vaddr;
- uint32_t vapic_paddr;
- uint32_t real_tpr_addr;
- GuestROMState rom_state;
- size_t rom_size;
- bool rom_mapped_writable;
-} VAPICROMState;
-
-#define TPR_INSTR_ABS_MODRM 0x1
-#define TPR_INSTR_MATCH_MODRM_REG 0x2
-
-typedef struct TPRInstruction {
- uint8_t opcode;
- uint8_t modrm_reg;
- unsigned int flags;
- TPRAccess access;
- size_t length;
- off_t addr_offset;
-} TPRInstruction;
-
-/* must be sorted by length, shortest first */
-static const TPRInstruction tpr_instr[] = {
- { /* mov abs to eax */
- .opcode = 0xa1,
- .access = TPR_ACCESS_READ,
- .length = 5,
- .addr_offset = 1,
- },
- { /* mov eax to abs */
- .opcode = 0xa3,
- .access = TPR_ACCESS_WRITE,
- .length = 5,
- .addr_offset = 1,
- },
- { /* mov r32 to r/m32 */
- .opcode = 0x89,
- .flags = TPR_INSTR_ABS_MODRM,
- .access = TPR_ACCESS_WRITE,
- .length = 6,
- .addr_offset = 2,
- },
- { /* mov r/m32 to r32 */
- .opcode = 0x8b,
- .flags = TPR_INSTR_ABS_MODRM,
- .access = TPR_ACCESS_READ,
- .length = 6,
- .addr_offset = 2,
- },
- { /* push r/m32 */
- .opcode = 0xff,
- .modrm_reg = 6,
- .flags = TPR_INSTR_ABS_MODRM | TPR_INSTR_MATCH_MODRM_REG,
- .access = TPR_ACCESS_READ,
- .length = 6,
- .addr_offset = 2,
- },
- { /* mov imm32, r/m32 (c7/0) */
- .opcode = 0xc7,
- .modrm_reg = 0,
- .flags = TPR_INSTR_ABS_MODRM | TPR_INSTR_MATCH_MODRM_REG,
- .access = TPR_ACCESS_WRITE,
- .length = 10,
- .addr_offset = 2,
- },
-};
-
-static void read_guest_rom_state(VAPICROMState *s)
-{
- cpu_physical_memory_rw(s->rom_state_paddr, (void *)&s->rom_state,
- sizeof(GuestROMState), 0);
-}
-
-static void write_guest_rom_state(VAPICROMState *s)
-{
- cpu_physical_memory_rw(s->rom_state_paddr, (void *)&s->rom_state,
- sizeof(GuestROMState), 1);
-}
-
-static void update_guest_rom_state(VAPICROMState *s)
-{
- read_guest_rom_state(s);
-
- s->rom_state.real_tpr_addr = cpu_to_le32(s->real_tpr_addr);
- s->rom_state.vcpu_shift = cpu_to_le32(VAPIC_CPU_SHIFT);
-
- write_guest_rom_state(s);
-}
-
-static int find_real_tpr_addr(VAPICROMState *s, CPUX86State *env)
-{
- hwaddr paddr;
- target_ulong addr;
-
- if (s->state == VAPIC_ACTIVE) {
- return 0;
- }
- /*
- * If there is no prior TPR access instruction we could analyze (which is
- * the case after resume from hibernation), we need to scan the possible
- * virtual address space for the APIC mapping.
- */
- for (addr = 0xfffff000; addr >= 0x80000000; addr -= TARGET_PAGE_SIZE) {
- paddr = cpu_get_phys_page_debug(env, addr);
- if (paddr != APIC_DEFAULT_ADDRESS) {
- continue;
- }
- s->real_tpr_addr = addr + 0x80;
- update_guest_rom_state(s);
- return 0;
- }
- return -1;
-}
-
-static uint8_t modrm_reg(uint8_t modrm)
-{
- return (modrm >> 3) & 7;
-}
-
-static bool is_abs_modrm(uint8_t modrm)
-{
- return (modrm & 0xc7) == 0x05;
-}
-
-static bool opcode_matches(uint8_t *opcode, const TPRInstruction *instr)
-{
- return opcode[0] == instr->opcode &&
- (!(instr->flags & TPR_INSTR_ABS_MODRM) || is_abs_modrm(opcode[1])) &&
- (!(instr->flags & TPR_INSTR_MATCH_MODRM_REG) ||
- modrm_reg(opcode[1]) == instr->modrm_reg);
-}
-
-static int evaluate_tpr_instruction(VAPICROMState *s, CPUX86State *env,
- target_ulong *pip, TPRAccess access)
-{
- const TPRInstruction *instr;
- target_ulong ip = *pip;
- uint8_t opcode[2];
- uint32_t real_tpr_addr;
- int i;
-
- if ((ip & 0xf0000000ULL) != 0x80000000ULL &&
- (ip & 0xf0000000ULL) != 0xe0000000ULL) {
- return -1;
- }
-
- /*
- * Early Windows 2003 SMP initialization contains a
- *
- * mov imm32, r/m32
- *
- * instruction that is patched by TPR optimization. The problem is that
- * RSP, used by the patched instruction, is zero, so the guest gets a
- * double fault and dies.
- */
- if (env->regs[R_ESP] == 0) {
- return -1;
- }
-
- if (kvm_enabled() && !kvm_irqchip_in_kernel()) {
- /*
- * KVM without kernel-based TPR access reporting will pass an IP that
- * points after the accessing instruction. So we need to look backward
- * to find the reason.
- */
- for (i = 0; i < ARRAY_SIZE(tpr_instr); i++) {
- instr = &tpr_instr[i];
- if (instr->access != access) {
- continue;
- }
- if (cpu_memory_rw_debug(env, ip - instr->length, opcode,
- sizeof(opcode), 0) < 0) {
- return -1;
- }
- if (opcode_matches(opcode, instr)) {
- ip -= instr->length;
- goto instruction_ok;
- }
- }
- return -1;
- } else {
- if (cpu_memory_rw_debug(env, ip, opcode, sizeof(opcode), 0) < 0) {
- return -1;
- }
- for (i = 0; i < ARRAY_SIZE(tpr_instr); i++) {
- instr = &tpr_instr[i];
- if (opcode_matches(opcode, instr)) {
- goto instruction_ok;
- }
- }
- return -1;
- }
-
-instruction_ok:
- /*
- * Grab the virtual TPR address from the instruction
- * and update the cached values.
- */
- if (cpu_memory_rw_debug(env, ip + instr->addr_offset,
- (void *)&real_tpr_addr,
- sizeof(real_tpr_addr), 0) < 0) {
- return -1;
- }
- real_tpr_addr = le32_to_cpu(real_tpr_addr);
- if ((real_tpr_addr & 0xfff) != 0x80) {
- return -1;
- }
- s->real_tpr_addr = real_tpr_addr;
- update_guest_rom_state(s);
-
- *pip = ip;
- return 0;
-}
-
-static int update_rom_mapping(VAPICROMState *s, CPUX86State *env, target_ulong ip)
-{
- hwaddr paddr;
- uint32_t rom_state_vaddr;
- uint32_t pos, patch, offset;
-
- /* nothing to do if already activated */
- if (s->state == VAPIC_ACTIVE) {
- return 0;
- }
-
- /* bail out if ROM init code was not executed (missing ROM?) */
- if (s->state == VAPIC_INACTIVE) {
- return -1;
- }
-
- /* find out virtual address of the ROM */
- rom_state_vaddr = s->rom_state_paddr + (ip & 0xf0000000);
- paddr = cpu_get_phys_page_debug(env, rom_state_vaddr);
- if (paddr == -1) {
- return -1;
- }
- paddr += rom_state_vaddr & ~TARGET_PAGE_MASK;
- if (paddr != s->rom_state_paddr) {
- return -1;
- }
- read_guest_rom_state(s);
- if (memcmp(s->rom_state.signature, "kvm aPiC", 8) != 0) {
- return -1;
- }
- s->rom_state_vaddr = rom_state_vaddr;
-
- /* fixup addresses in ROM if needed */
- if (rom_state_vaddr == le32_to_cpu(s->rom_state.vaddr)) {
- return 0;
- }
- for (pos = le32_to_cpu(s->rom_state.fixup_start);
- pos < le32_to_cpu(s->rom_state.fixup_end);
- pos += 4) {
- cpu_physical_memory_rw(paddr + pos - s->rom_state.vaddr,
- (void *)&offset, sizeof(offset), 0);
- offset = le32_to_cpu(offset);
- cpu_physical_memory_rw(paddr + offset, (void *)&patch,
- sizeof(patch), 0);
- patch = le32_to_cpu(patch);
- patch += rom_state_vaddr - le32_to_cpu(s->rom_state.vaddr);
- patch = cpu_to_le32(patch);
- cpu_physical_memory_rw(paddr + offset, (void *)&patch,
- sizeof(patch), 1);
- }
- read_guest_rom_state(s);
- s->vapic_paddr = paddr + le32_to_cpu(s->rom_state.vapic_vaddr) -
- le32_to_cpu(s->rom_state.vaddr);
-
- return 0;
-}
-
-/*
- * Tries to read the unique processor number from the Kernel Processor Control
- * Region (KPCR) of 32-bit Windows XP and Server 2003. Returns -1 if the KPCR
- * cannot be accessed or is considered invalid. This also ensures that we are
- * not patching the wrong guest.
- */
-static int get_kpcr_number(CPUX86State *env)
-{
- struct kpcr {
- uint8_t fill1[0x1c];
- uint32_t self;
- uint8_t fill2[0x31];
- uint8_t number;
- } QEMU_PACKED kpcr;
-
- if (cpu_memory_rw_debug(env, env->segs[R_FS].base,
- (void *)&kpcr, sizeof(kpcr), 0) < 0 ||
- kpcr.self != env->segs[R_FS].base) {
- return -1;
- }
- return kpcr.number;
-}
-
-static int vapic_enable(VAPICROMState *s, CPUX86State *env)
-{
- int cpu_number = get_kpcr_number(env);
- hwaddr vapic_paddr;
- static const uint8_t enabled = 1;
-
- if (cpu_number < 0) {
- return -1;
- }
- vapic_paddr = s->vapic_paddr +
- (((hwaddr)cpu_number) << VAPIC_CPU_SHIFT);
- cpu_physical_memory_rw(vapic_paddr + offsetof(VAPICState, enabled),
- (void *)&enabled, sizeof(enabled), 1);
- apic_enable_vapic(env->apic_state, vapic_paddr);
-
- s->state = VAPIC_ACTIVE;
-
- return 0;
-}
-
-static void patch_byte(CPUX86State *env, target_ulong addr, uint8_t byte)
-{
- cpu_memory_rw_debug(env, addr, &byte, 1, 1);
-}
-
-static void patch_call(VAPICROMState *s, CPUX86State *env, target_ulong ip,
- uint32_t target)
-{
- uint32_t offset;
-
- offset = cpu_to_le32(target - ip - 5);
- patch_byte(env, ip, 0xe8); /* call near */
- cpu_memory_rw_debug(env, ip + 1, (void *)&offset, sizeof(offset), 1);
-}
-
-static void patch_instruction(VAPICROMState *s, CPUX86State *env, target_ulong ip)
-{
- VAPICHandlers *handlers;
- uint8_t opcode[2];
- uint32_t imm32;
- TranslationBlock *current_tb;
- target_ulong current_pc = 0;
- target_ulong current_cs_base = 0;
- int current_flags = 0;
-
- if (smp_cpus == 1) {
- handlers = &s->rom_state.up;
- } else {
- handlers = &s->rom_state.mp;
- }
-
- if (!kvm_enabled()) {
- current_tb = tb_find_pc(env->mem_io_pc);
- cpu_restore_state(current_tb, env, env->mem_io_pc);
- cpu_get_tb_cpu_state(env, &current_pc, &current_cs_base,
- &current_flags);
- }
-
- pause_all_vcpus();
-
- cpu_memory_rw_debug(env, ip, opcode, sizeof(opcode), 0);
-
- switch (opcode[0]) {
- case 0x89: /* mov r32 to r/m32 */
- patch_byte(env, ip, 0x50 + modrm_reg(opcode[1])); /* push reg */
- patch_call(s, env, ip + 1, handlers->set_tpr);
- break;
- case 0x8b: /* mov r/m32 to r32 */
- patch_byte(env, ip, 0x90);
- patch_call(s, env, ip + 1, handlers->get_tpr[modrm_reg(opcode[1])]);
- break;
- case 0xa1: /* mov abs to eax */
- patch_call(s, env, ip, handlers->get_tpr[0]);
- break;
- case 0xa3: /* mov eax to abs */
- patch_call(s, env, ip, handlers->set_tpr_eax);
- break;
- case 0xc7: /* mov imm32, r/m32 (c7/0) */
- patch_byte(env, ip, 0x68); /* push imm32 */
- cpu_memory_rw_debug(env, ip + 6, (void *)&imm32, sizeof(imm32), 0);
- cpu_memory_rw_debug(env, ip + 1, (void *)&imm32, sizeof(imm32), 1);
- patch_call(s, env, ip + 5, handlers->set_tpr);
- break;
- case 0xff: /* push r/m32 */
- patch_byte(env, ip, 0x50); /* push eax */
- patch_call(s, env, ip + 1, handlers->get_tpr_stack);
- break;
- default:
- abort();
- }
-
- resume_all_vcpus();
-
- if (!kvm_enabled()) {
- env->current_tb = NULL;
- tb_gen_code(env, current_pc, current_cs_base, current_flags, 1);
- cpu_resume_from_signal(env, NULL);
- }
-}
-
-void vapic_report_tpr_access(DeviceState *dev, void *cpu, target_ulong ip,
- TPRAccess access)
-{
- VAPICROMState *s = DO_UPCAST(VAPICROMState, busdev.qdev, dev);
- CPUX86State *env = cpu;
-
- cpu_synchronize_state(env);
-
- if (evaluate_tpr_instruction(s, env, &ip, access) < 0) {
- if (s->state == VAPIC_ACTIVE) {
- vapic_enable(s, env);
- }
- return;
- }
- if (update_rom_mapping(s, env, ip) < 0) {
- return;
- }
- if (vapic_enable(s, env) < 0) {
- return;
- }
- patch_instruction(s, env, ip);
-}
-
-typedef struct VAPICEnableTPRReporting {
- DeviceState *apic;
- bool enable;
-} VAPICEnableTPRReporting;
-
-static void vapic_do_enable_tpr_reporting(void *data)
-{
- VAPICEnableTPRReporting *info = data;
-
- apic_enable_tpr_access_reporting(info->apic, info->enable);
-}
-
-static void vapic_enable_tpr_reporting(bool enable)
-{
- VAPICEnableTPRReporting info = {
- .enable = enable,
- };
- X86CPU *cpu;
- CPUX86State *env;
-
- for (env = first_cpu; env != NULL; env = env->next_cpu) {
- cpu = x86_env_get_cpu(env);
- info.apic = env->apic_state;
- run_on_cpu(CPU(cpu), vapic_do_enable_tpr_reporting, &info);
- }
-}
-
-static void vapic_reset(DeviceState *dev)
-{
- VAPICROMState *s = DO_UPCAST(VAPICROMState, busdev.qdev, dev);
-
- if (s->state == VAPIC_ACTIVE) {
- s->state = VAPIC_STANDBY;
- }
- vapic_enable_tpr_reporting(false);
-}
-
-/*
- * Set the IRQ polling hypercalls to the supported variant:
- * - vmcall if using KVM in-kernel irqchip
- * - 32-bit VAPIC port write otherwise
- */
-static int patch_hypercalls(VAPICROMState *s)
-{
- hwaddr rom_paddr = s->rom_state_paddr & ROM_BLOCK_MASK;
- static const uint8_t vmcall_pattern[] = { /* vmcall */
- 0xb8, 0x1, 0, 0, 0, 0xf, 0x1, 0xc1
- };
- static const uint8_t outl_pattern[] = { /* nop; outl %eax,0x7e */
- 0xb8, 0x1, 0, 0, 0, 0x90, 0xe7, 0x7e
- };
- uint8_t alternates[2];
- const uint8_t *pattern;
- const uint8_t *patch;
- int patches = 0;
- off_t pos;
- uint8_t *rom;
-
- rom = g_malloc(s->rom_size);
- cpu_physical_memory_rw(rom_paddr, rom, s->rom_size, 0);
-
- for (pos = 0; pos < s->rom_size - sizeof(vmcall_pattern); pos++) {
- if (kvm_irqchip_in_kernel()) {
- pattern = outl_pattern;
- alternates[0] = outl_pattern[7];
- alternates[1] = outl_pattern[7];
- patch = &vmcall_pattern[5];
- } else {
- pattern = vmcall_pattern;
- alternates[0] = vmcall_pattern[7];
- alternates[1] = 0xd9; /* AMD's VMMCALL */
- patch = &outl_pattern[5];
- }
- if (memcmp(rom + pos, pattern, 7) == 0 &&
- (rom[pos + 7] == alternates[0] || rom[pos + 7] == alternates[1])) {
- cpu_physical_memory_rw(rom_paddr + pos + 5, (uint8_t *)patch,
- 3, 1);
- /*
- * Don't flush the tb here. Under ordinary conditions, the patched
- * calls are miles away from the current IP. Under malicious
- * conditions, the guest could trick us to crash.
- */
- }
- }
-
- g_free(rom);
-
- if (patches != 0 && patches != 2) {
- return -1;
- }
-
- return 0;
-}
-
-/*
- * For TCG mode or the time KVM honors read-only memory regions, we need to
- * enable write access to the option ROM so that variables can be updated by
- * the guest.
- */
-static void vapic_map_rom_writable(VAPICROMState *s)
-{
- hwaddr rom_paddr = s->rom_state_paddr & ROM_BLOCK_MASK;
- MemoryRegionSection section;
- MemoryRegion *as;
- size_t rom_size;
- uint8_t *ram;
-
- as = sysbus_address_space(&s->busdev);
-
- if (s->rom_mapped_writable) {
- memory_region_del_subregion(as, &s->rom);
- memory_region_destroy(&s->rom);
- }
-
- /* grab RAM memory region (region @rom_paddr may still be pc.rom) */
- section = memory_region_find(as, 0, 1);
-
- /* read ROM size from RAM region */
- ram = memory_region_get_ram_ptr(section.mr);
- rom_size = ram[rom_paddr + 2] * ROM_BLOCK_SIZE;
- s->rom_size = rom_size;
-
- /* We need to round to avoid creating subpages
- * from which we cannot run code. */
- rom_size += rom_paddr & ~TARGET_PAGE_MASK;
- rom_paddr &= TARGET_PAGE_MASK;
- rom_size = TARGET_PAGE_ALIGN(rom_size);
-
- memory_region_init_alias(&s->rom, "kvmvapic-rom", section.mr, rom_paddr,
- rom_size);
- memory_region_add_subregion_overlap(as, rom_paddr, &s->rom, 1000);
- s->rom_mapped_writable = true;
-}
-
-static int vapic_prepare(VAPICROMState *s)
-{
- vapic_map_rom_writable(s);
-
- if (patch_hypercalls(s) < 0) {
- return -1;
- }
-
- vapic_enable_tpr_reporting(true);
-
- return 0;
-}
-
-static void vapic_write(void *opaque, hwaddr addr, uint64_t data,
- unsigned int size)
-{
- CPUX86State *env = cpu_single_env;
- hwaddr rom_paddr;
- VAPICROMState *s = opaque;
-
- cpu_synchronize_state(env);
-
- /*
- * The VAPIC supports two PIO-based hypercalls, both via port 0x7E.
- * o 16-bit write access:
- * Reports the option ROM initialization to the hypervisor. Written
- * value is the offset of the state structure in the ROM.
- * o 8-bit write access:
- * Reactivates the VAPIC after a guest hibernation, i.e. after the
- * option ROM content has been re-initialized by a guest power cycle.
- * o 32-bit write access:
- * Poll for pending IRQs, considering the current VAPIC state.
- */
- switch (size) {
- case 2:
- if (s->state == VAPIC_INACTIVE) {
- rom_paddr = (env->segs[R_CS].base + env->eip) & ROM_BLOCK_MASK;
- s->rom_state_paddr = rom_paddr + data;
-
- s->state = VAPIC_STANDBY;
- }
- if (vapic_prepare(s) < 0) {
- s->state = VAPIC_INACTIVE;
- break;
- }
- break;
- case 1:
- if (kvm_enabled()) {
- /*
- * Disable triggering instruction in ROM by writing a NOP.
- *
- * We cannot do this in TCG mode as the reported IP is not
- * accurate.
- */
- pause_all_vcpus();
- patch_byte(env, env->eip - 2, 0x66);
- patch_byte(env, env->eip - 1, 0x90);
- resume_all_vcpus();
- }
-
- if (s->state == VAPIC_ACTIVE) {
- break;
- }
- if (update_rom_mapping(s, env, env->eip) < 0) {
- break;
- }
- if (find_real_tpr_addr(s, env) < 0) {
- break;
- }
- vapic_enable(s, env);
- break;
- default:
- case 4:
- if (!kvm_irqchip_in_kernel()) {
- apic_poll_irq(env->apic_state);
- }
- break;
- }
-}
-
-static const MemoryRegionOps vapic_ops = {
- .write = vapic_write,
- .endianness = DEVICE_NATIVE_ENDIAN,
-};
-
-static int vapic_init(SysBusDevice *dev)
-{
- VAPICROMState *s = FROM_SYSBUS(VAPICROMState, dev);
-
- memory_region_init_io(&s->io, &vapic_ops, s, "kvmvapic", 2);
- sysbus_add_io(dev, VAPIC_IO_PORT, &s->io);
- sysbus_init_ioports(dev, VAPIC_IO_PORT, 2);
-
- option_rom[nb_option_roms].name = "kvmvapic.bin";
- option_rom[nb_option_roms].bootindex = -1;
- nb_option_roms++;
-
- return 0;
-}
-
-static void do_vapic_enable(void *data)
-{
- VAPICROMState *s = data;
-
- vapic_enable(s, first_cpu);
-}
-
-static int vapic_post_load(void *opaque, int version_id)
-{
- VAPICROMState *s = opaque;
- uint8_t *zero;
-
- /*
- * The old implementation of qemu-kvm did not provide the state
- * VAPIC_STANDBY. Reconstruct it.
- */
- if (s->state == VAPIC_INACTIVE && s->rom_state_paddr != 0) {
- s->state = VAPIC_STANDBY;
- }
-
- if (s->state != VAPIC_INACTIVE) {
- if (vapic_prepare(s) < 0) {
- return -1;
- }
- }
- if (s->state == VAPIC_ACTIVE) {
- if (smp_cpus == 1) {
- run_on_cpu(ENV_GET_CPU(first_cpu), do_vapic_enable, s);
- } else {
- zero = g_malloc0(s->rom_state.vapic_size);
- cpu_physical_memory_rw(s->vapic_paddr, zero,
- s->rom_state.vapic_size, 1);
- g_free(zero);
- }
- }
-
- return 0;
-}
-
-static const VMStateDescription vmstate_handlers = {
- .name = "kvmvapic-handlers",
- .version_id = 1,
- .minimum_version_id = 1,
- .minimum_version_id_old = 1,
- .fields = (VMStateField[]) {
- VMSTATE_UINT32(set_tpr, VAPICHandlers),
- VMSTATE_UINT32(set_tpr_eax, VAPICHandlers),
- VMSTATE_UINT32_ARRAY(get_tpr, VAPICHandlers, 8),
- VMSTATE_UINT32(get_tpr_stack, VAPICHandlers),
- VMSTATE_END_OF_LIST()
- }
-};
-
-static const VMStateDescription vmstate_guest_rom = {
- .name = "kvmvapic-guest-rom",
- .version_id = 1,
- .minimum_version_id = 1,
- .minimum_version_id_old = 1,
- .fields = (VMStateField[]) {
- VMSTATE_UNUSED(8), /* signature */
- VMSTATE_UINT32(vaddr, GuestROMState),
- VMSTATE_UINT32(fixup_start, GuestROMState),
- VMSTATE_UINT32(fixup_end, GuestROMState),
- VMSTATE_UINT32(vapic_vaddr, GuestROMState),
- VMSTATE_UINT32(vapic_size, GuestROMState),
- VMSTATE_UINT32(vcpu_shift, GuestROMState),
- VMSTATE_UINT32(real_tpr_addr, GuestROMState),
- VMSTATE_STRUCT(up, GuestROMState, 0, vmstate_handlers, VAPICHandlers),
- VMSTATE_STRUCT(mp, GuestROMState, 0, vmstate_handlers, VAPICHandlers),
- VMSTATE_END_OF_LIST()
- }
-};
-
-static const VMStateDescription vmstate_vapic = {
- .name = "kvm-tpr-opt", /* compatible with qemu-kvm VAPIC */
- .version_id = 1,
- .minimum_version_id = 1,
- .minimum_version_id_old = 1,
- .post_load = vapic_post_load,
- .fields = (VMStateField[]) {
- VMSTATE_STRUCT(rom_state, VAPICROMState, 0, vmstate_guest_rom,
- GuestROMState),
- VMSTATE_UINT32(state, VAPICROMState),
- VMSTATE_UINT32(real_tpr_addr, VAPICROMState),
- VMSTATE_UINT32(rom_state_vaddr, VAPICROMState),
- VMSTATE_UINT32(vapic_paddr, VAPICROMState),
- VMSTATE_UINT32(rom_state_paddr, VAPICROMState),
- VMSTATE_END_OF_LIST()
- }
-};
-
-static void vapic_class_init(ObjectClass *klass, void *data)
-{
- SysBusDeviceClass *sc = SYS_BUS_DEVICE_CLASS(klass);
- DeviceClass *dc = DEVICE_CLASS(klass);
-
- dc->no_user = 1;
- dc->reset = vapic_reset;
- dc->vmsd = &vmstate_vapic;
- sc->init = vapic_init;
-}
-
-static TypeInfo vapic_type = {
- .name = "kvmvapic",
- .parent = TYPE_SYS_BUS_DEVICE,
- .instance_size = sizeof(VAPICROMState),
- .class_init = vapic_class_init,
-};
-
-static void vapic_register(void)
-{
- type_register_static(&vapic_type);
-}
-
-type_init(vapic_register);
diff --git a/hw/kzm.c b/hw/kzm.c
deleted file mode 100644
index 687daf3b2..000000000
--- a/hw/kzm.c
+++ /dev/null
@@ -1,156 +0,0 @@
-/*
- * KZM Board System emulation.
- *
- * Copyright (c) 2008 OKL and 2011 NICTA
- * Written by Hans at OK-Labs
- * Updated by Peter Chubb.
- *
- * This code is licensed under the GPL, version 2 or later.
- * See the file `COPYING' in the top level directory.
- *
- * It (partially) emulates a Kyoto Microcomputer
- * KZM-ARM11-01 evaluation board, with a Freescale
- * i.MX31 SoC
- */
-
-#include "sysbus.h"
-#include "exec-memory.h"
-#include "hw.h"
-#include "arm-misc.h"
-#include "devices.h"
-#include "net.h"
-#include "sysemu.h"
-#include "boards.h"
-#include "serial.h"
-#include "imx.h"
-
- /* Memory map for Kzm Emulation Baseboard:
- * 0x00000000-0x00003fff 16k secure ROM IGNORED
- * 0x00004000-0x00407fff Reserved IGNORED
- * 0x00404000-0x00407fff ROM IGNORED
- * 0x00408000-0x0fffffff Reserved IGNORED
- * 0x10000000-0x1fffbfff RAM aliasing IGNORED
- * 0x1fffc000-0x1fffffff RAM EMULATED
- * 0x20000000-0x2fffffff Reserved IGNORED
- * 0x30000000-0x7fffffff I.MX31 Internal Register Space
- * 0x43f00000 IO_AREA0
- * 0x43f90000 UART1 EMULATED
- * 0x43f94000 UART2 EMULATED
- * 0x68000000 AVIC EMULATED
- * 0x53f80000 CCM EMULATED
- * 0x53f94000 PIT 1 EMULATED
- * 0x53f98000 PIT 2 EMULATED
- * 0x53f90000 GPT EMULATED
- * 0x80000000-0x87ffffff RAM EMULATED
- * 0x88000000-0x8fffffff RAM Aliasing EMULATED
- * 0xa0000000-0xafffffff NAND Flash IGNORED
- * 0xb0000000-0xb3ffffff Unavailable IGNORED
- * 0xb4000000-0xb4000fff 8-bit free space IGNORED
- * 0xb4001000-0xb400100f Board control IGNORED
- * 0xb4001003 DIP switch
- * 0xb4001010-0xb400101f 7-segment LED IGNORED
- * 0xb4001020-0xb400102f LED IGNORED
- * 0xb4001030-0xb400103f LED IGNORED
- * 0xb4001040-0xb400104f FPGA, UART EMULATED
- * 0xb4001050-0xb400105f FPGA, UART EMULATED
- * 0xb4001060-0xb40fffff FPGA IGNORED
- * 0xb6000000-0xb61fffff LAN controller EMULATED
- * 0xb6200000-0xb62fffff FPGA NAND Controller IGNORED
- * 0xb6300000-0xb7ffffff Free IGNORED
- * 0xb8000000-0xb8004fff Memory control registers IGNORED
- * 0xc0000000-0xc3ffffff PCMCIA/CF IGNORED
- * 0xc4000000-0xffffffff Reserved IGNORED
- */
-
-#define KZM_RAMADDRESS (0x80000000)
-#define KZM_FPGA (0xb4001040)
-
-static struct arm_boot_info kzm_binfo = {
- .loader_start = KZM_RAMADDRESS,
- .board_id = 1722,
-};
-
-static void kzm_init(QEMUMachineInitArgs *args)
-{
- ram_addr_t ram_size = args->ram_size;
- const char *cpu_model = args->cpu_model;
- const char *kernel_filename = args->kernel_filename;
- const char *kernel_cmdline = args->kernel_cmdline;
- const char *initrd_filename = args->initrd_filename;
- ARMCPU *cpu;
- MemoryRegion *address_space_mem = get_system_memory();
- MemoryRegion *ram = g_new(MemoryRegion, 1);
- MemoryRegion *sram = g_new(MemoryRegion, 1);
- MemoryRegion *ram_alias = g_new(MemoryRegion, 1);
- qemu_irq *cpu_pic;
- DeviceState *dev;
- DeviceState *ccm;
-
- if (!cpu_model) {
- cpu_model = "arm1136";
- }
-
- cpu = cpu_arm_init(cpu_model);
- if (!cpu) {
- fprintf(stderr, "Unable to find CPU definition\n");
- exit(1);
- }
-
- /* On a real system, the first 16k is a `secure boot rom' */
-
- memory_region_init_ram(ram, "kzm.ram", ram_size);
- vmstate_register_ram_global(ram);
- memory_region_add_subregion(address_space_mem, KZM_RAMADDRESS, ram);
-
- memory_region_init_alias(ram_alias, "ram.alias", ram, 0, ram_size);
- memory_region_add_subregion(address_space_mem, 0x88000000, ram_alias);
-
- memory_region_init_ram(sram, "kzm.sram", 0x4000);
- memory_region_add_subregion(address_space_mem, 0x1FFFC000, sram);
-
- cpu_pic = arm_pic_init_cpu(cpu);
- dev = sysbus_create_varargs("imx_avic", 0x68000000,
- cpu_pic[ARM_PIC_CPU_IRQ],
- cpu_pic[ARM_PIC_CPU_FIQ], NULL);
-
-
- imx_serial_create(0, 0x43f90000, qdev_get_gpio_in(dev, 45));
- imx_serial_create(1, 0x43f94000, qdev_get_gpio_in(dev, 32));
-
- ccm = sysbus_create_simple("imx_ccm", 0x53f80000, NULL);
-
- imx_timerp_create(0x53f94000, qdev_get_gpio_in(dev, 28), ccm);
- imx_timerp_create(0x53f98000, qdev_get_gpio_in(dev, 27), ccm);
- imx_timerg_create(0x53f90000, qdev_get_gpio_in(dev, 29), ccm);
-
- if (nd_table[0].used) {
- lan9118_init(&nd_table[0], 0xb6000000, qdev_get_gpio_in(dev, 52));
- }
-
- if (serial_hds[2]) { /* touchscreen */
- serial_mm_init(address_space_mem, KZM_FPGA+0x10, 0,
- qdev_get_gpio_in(dev, 52),
- 14745600, serial_hds[2],
- DEVICE_NATIVE_ENDIAN);
- }
-
- kzm_binfo.ram_size = ram_size;
- kzm_binfo.kernel_filename = kernel_filename;
- kzm_binfo.kernel_cmdline = kernel_cmdline;
- kzm_binfo.initrd_filename = initrd_filename;
- kzm_binfo.nb_cpus = 1;
- arm_load_kernel(cpu, &kzm_binfo);
-}
-
-static QEMUMachine kzm_machine = {
- .name = "kzm",
- .desc = "ARM KZM Emulation Baseboard (ARM1136)",
- .init = kzm_init,
-};
-
-static void kzm_machine_init(void)
-{
- qemu_register_machine(&kzm_machine);
-}
-
-machine_init(kzm_machine_init)
diff --git a/hw/lan9118.c b/hw/lan9118.c
deleted file mode 100644
index f724e1c30..000000000
--- a/hw/lan9118.c
+++ /dev/null
@@ -1,1399 +0,0 @@
-/*
- * SMSC LAN9118 Ethernet interface emulation
- *
- * Copyright (c) 2009 CodeSourcery, LLC.
- * Written by Paul Brook
- *
- * This code is licensed under the GNU GPL v2
- *
- * Contributions after 2012-01-13 are licensed under the terms of the
- * GNU GPL, version 2 or (at your option) any later version.
- */
-
-#include "sysbus.h"
-#include "net.h"
-#include "devices.h"
-#include "sysemu.h"
-#include "ptimer.h"
-/* For crc32 */
-#include <zlib.h>
-
-//#define DEBUG_LAN9118
-
-#ifdef DEBUG_LAN9118
-#define DPRINTF(fmt, ...) \
-do { printf("lan9118: " fmt , ## __VA_ARGS__); } while (0)
-#define BADF(fmt, ...) \
-do { hw_error("lan9118: error: " fmt , ## __VA_ARGS__);} while (0)
-#else
-#define DPRINTF(fmt, ...) do {} while(0)
-#define BADF(fmt, ...) \
-do { fprintf(stderr, "lan9118: error: " fmt , ## __VA_ARGS__);} while (0)
-#endif
-
-#define CSR_ID_REV 0x50
-#define CSR_IRQ_CFG 0x54
-#define CSR_INT_STS 0x58
-#define CSR_INT_EN 0x5c
-#define CSR_BYTE_TEST 0x64
-#define CSR_FIFO_INT 0x68
-#define CSR_RX_CFG 0x6c
-#define CSR_TX_CFG 0x70
-#define CSR_HW_CFG 0x74
-#define CSR_RX_DP_CTRL 0x78
-#define CSR_RX_FIFO_INF 0x7c
-#define CSR_TX_FIFO_INF 0x80
-#define CSR_PMT_CTRL 0x84
-#define CSR_GPIO_CFG 0x88
-#define CSR_GPT_CFG 0x8c
-#define CSR_GPT_CNT 0x90
-#define CSR_WORD_SWAP 0x98
-#define CSR_FREE_RUN 0x9c
-#define CSR_RX_DROP 0xa0
-#define CSR_MAC_CSR_CMD 0xa4
-#define CSR_MAC_CSR_DATA 0xa8
-#define CSR_AFC_CFG 0xac
-#define CSR_E2P_CMD 0xb0
-#define CSR_E2P_DATA 0xb4
-
-/* IRQ_CFG */
-#define IRQ_INT 0x00001000
-#define IRQ_EN 0x00000100
-#define IRQ_POL 0x00000010
-#define IRQ_TYPE 0x00000001
-
-/* INT_STS/INT_EN */
-#define SW_INT 0x80000000
-#define TXSTOP_INT 0x02000000
-#define RXSTOP_INT 0x01000000
-#define RXDFH_INT 0x00800000
-#define TX_IOC_INT 0x00200000
-#define RXD_INT 0x00100000
-#define GPT_INT 0x00080000
-#define PHY_INT 0x00040000
-#define PME_INT 0x00020000
-#define TXSO_INT 0x00010000
-#define RWT_INT 0x00008000
-#define RXE_INT 0x00004000
-#define TXE_INT 0x00002000
-#define TDFU_INT 0x00000800
-#define TDFO_INT 0x00000400
-#define TDFA_INT 0x00000200
-#define TSFF_INT 0x00000100
-#define TSFL_INT 0x00000080
-#define RXDF_INT 0x00000040
-#define RDFL_INT 0x00000020
-#define RSFF_INT 0x00000010
-#define RSFL_INT 0x00000008
-#define GPIO2_INT 0x00000004
-#define GPIO1_INT 0x00000002
-#define GPIO0_INT 0x00000001
-#define RESERVED_INT 0x7c001000
-
-#define MAC_CR 1
-#define MAC_ADDRH 2
-#define MAC_ADDRL 3
-#define MAC_HASHH 4
-#define MAC_HASHL 5
-#define MAC_MII_ACC 6
-#define MAC_MII_DATA 7
-#define MAC_FLOW 8
-#define MAC_VLAN1 9 /* TODO */
-#define MAC_VLAN2 10 /* TODO */
-#define MAC_WUFF 11 /* TODO */
-#define MAC_WUCSR 12 /* TODO */
-
-#define MAC_CR_RXALL 0x80000000
-#define MAC_CR_RCVOWN 0x00800000
-#define MAC_CR_LOOPBK 0x00200000
-#define MAC_CR_FDPX 0x00100000
-#define MAC_CR_MCPAS 0x00080000
-#define MAC_CR_PRMS 0x00040000
-#define MAC_CR_INVFILT 0x00020000
-#define MAC_CR_PASSBAD 0x00010000
-#define MAC_CR_HO 0x00008000
-#define MAC_CR_HPFILT 0x00002000
-#define MAC_CR_LCOLL 0x00001000
-#define MAC_CR_BCAST 0x00000800
-#define MAC_CR_DISRTY 0x00000400
-#define MAC_CR_PADSTR 0x00000100
-#define MAC_CR_BOLMT 0x000000c0
-#define MAC_CR_DFCHK 0x00000020
-#define MAC_CR_TXEN 0x00000008
-#define MAC_CR_RXEN 0x00000004
-#define MAC_CR_RESERVED 0x7f404213
-
-#define PHY_INT_ENERGYON 0x80
-#define PHY_INT_AUTONEG_COMPLETE 0x40
-#define PHY_INT_FAULT 0x20
-#define PHY_INT_DOWN 0x10
-#define PHY_INT_AUTONEG_LP 0x08
-#define PHY_INT_PARFAULT 0x04
-#define PHY_INT_AUTONEG_PAGE 0x02
-
-#define GPT_TIMER_EN 0x20000000
-
-enum tx_state {
- TX_IDLE,
- TX_B,
- TX_DATA
-};
-
-typedef struct {
- /* state is a tx_state but we can't put enums in VMStateDescriptions. */
- uint32_t state;
- uint32_t cmd_a;
- uint32_t cmd_b;
- int32_t buffer_size;
- int32_t offset;
- int32_t pad;
- int32_t fifo_used;
- int32_t len;
- uint8_t data[2048];
-} LAN9118Packet;
-
-static const VMStateDescription vmstate_lan9118_packet = {
- .name = "lan9118_packet",
- .version_id = 1,
- .minimum_version_id = 1,
- .fields = (VMStateField[]) {
- VMSTATE_UINT32(state, LAN9118Packet),
- VMSTATE_UINT32(cmd_a, LAN9118Packet),
- VMSTATE_UINT32(cmd_b, LAN9118Packet),
- VMSTATE_INT32(buffer_size, LAN9118Packet),
- VMSTATE_INT32(offset, LAN9118Packet),
- VMSTATE_INT32(pad, LAN9118Packet),
- VMSTATE_INT32(fifo_used, LAN9118Packet),
- VMSTATE_INT32(len, LAN9118Packet),
- VMSTATE_UINT8_ARRAY(data, LAN9118Packet, 2048),
- VMSTATE_END_OF_LIST()
- }
-};
-
-typedef struct {
- SysBusDevice busdev;
- NICState *nic;
- NICConf conf;
- qemu_irq irq;
- MemoryRegion mmio;
- ptimer_state *timer;
-
- uint32_t irq_cfg;
- uint32_t int_sts;
- uint32_t int_en;
- uint32_t fifo_int;
- uint32_t rx_cfg;
- uint32_t tx_cfg;
- uint32_t hw_cfg;
- uint32_t pmt_ctrl;
- uint32_t gpio_cfg;
- uint32_t gpt_cfg;
- uint32_t word_swap;
- uint32_t free_timer_start;
- uint32_t mac_cmd;
- uint32_t mac_data;
- uint32_t afc_cfg;
- uint32_t e2p_cmd;
- uint32_t e2p_data;
-
- uint32_t mac_cr;
- uint32_t mac_hashh;
- uint32_t mac_hashl;
- uint32_t mac_mii_acc;
- uint32_t mac_mii_data;
- uint32_t mac_flow;
-
- uint32_t phy_status;
- uint32_t phy_control;
- uint32_t phy_advertise;
- uint32_t phy_int;
- uint32_t phy_int_mask;
-
- int32_t eeprom_writable;
- uint8_t eeprom[128];
-
- int32_t tx_fifo_size;
- LAN9118Packet *txp;
- LAN9118Packet tx_packet;
-
- int32_t tx_status_fifo_used;
- int32_t tx_status_fifo_head;
- uint32_t tx_status_fifo[512];
-
- int32_t rx_status_fifo_size;
- int32_t rx_status_fifo_used;
- int32_t rx_status_fifo_head;
- uint32_t rx_status_fifo[896];
- int32_t rx_fifo_size;
- int32_t rx_fifo_used;
- int32_t rx_fifo_head;
- uint32_t rx_fifo[3360];
- int32_t rx_packet_size_head;
- int32_t rx_packet_size_tail;
- int32_t rx_packet_size[1024];
-
- int32_t rxp_offset;
- int32_t rxp_size;
- int32_t rxp_pad;
-
- uint32_t write_word_prev_offset;
- uint32_t write_word_n;
- uint16_t write_word_l;
- uint16_t write_word_h;
- uint32_t read_word_prev_offset;
- uint32_t read_word_n;
- uint32_t read_long;
-
- uint32_t mode_16bit;
-} lan9118_state;
-
-static const VMStateDescription vmstate_lan9118 = {
- .name = "lan9118",
- .version_id = 2,
- .minimum_version_id = 1,
- .fields = (VMStateField[]) {
- VMSTATE_PTIMER(timer, lan9118_state),
- VMSTATE_UINT32(irq_cfg, lan9118_state),
- VMSTATE_UINT32(int_sts, lan9118_state),
- VMSTATE_UINT32(int_en, lan9118_state),
- VMSTATE_UINT32(fifo_int, lan9118_state),
- VMSTATE_UINT32(rx_cfg, lan9118_state),
- VMSTATE_UINT32(tx_cfg, lan9118_state),
- VMSTATE_UINT32(hw_cfg, lan9118_state),
- VMSTATE_UINT32(pmt_ctrl, lan9118_state),
- VMSTATE_UINT32(gpio_cfg, lan9118_state),
- VMSTATE_UINT32(gpt_cfg, lan9118_state),
- VMSTATE_UINT32(word_swap, lan9118_state),
- VMSTATE_UINT32(free_timer_start, lan9118_state),
- VMSTATE_UINT32(mac_cmd, lan9118_state),
- VMSTATE_UINT32(mac_data, lan9118_state),
- VMSTATE_UINT32(afc_cfg, lan9118_state),
- VMSTATE_UINT32(e2p_cmd, lan9118_state),
- VMSTATE_UINT32(e2p_data, lan9118_state),
- VMSTATE_UINT32(mac_cr, lan9118_state),
- VMSTATE_UINT32(mac_hashh, lan9118_state),
- VMSTATE_UINT32(mac_hashl, lan9118_state),
- VMSTATE_UINT32(mac_mii_acc, lan9118_state),
- VMSTATE_UINT32(mac_mii_data, lan9118_state),
- VMSTATE_UINT32(mac_flow, lan9118_state),
- VMSTATE_UINT32(phy_status, lan9118_state),
- VMSTATE_UINT32(phy_control, lan9118_state),
- VMSTATE_UINT32(phy_advertise, lan9118_state),
- VMSTATE_UINT32(phy_int, lan9118_state),
- VMSTATE_UINT32(phy_int_mask, lan9118_state),
- VMSTATE_INT32(eeprom_writable, lan9118_state),
- VMSTATE_UINT8_ARRAY(eeprom, lan9118_state, 128),
- VMSTATE_INT32(tx_fifo_size, lan9118_state),
- /* txp always points at tx_packet so need not be saved */
- VMSTATE_STRUCT(tx_packet, lan9118_state, 0,
- vmstate_lan9118_packet, LAN9118Packet),
- VMSTATE_INT32(tx_status_fifo_used, lan9118_state),
- VMSTATE_INT32(tx_status_fifo_head, lan9118_state),
- VMSTATE_UINT32_ARRAY(tx_status_fifo, lan9118_state, 512),
- VMSTATE_INT32(rx_status_fifo_size, lan9118_state),
- VMSTATE_INT32(rx_status_fifo_used, lan9118_state),
- VMSTATE_INT32(rx_status_fifo_head, lan9118_state),
- VMSTATE_UINT32_ARRAY(rx_status_fifo, lan9118_state, 896),
- VMSTATE_INT32(rx_fifo_size, lan9118_state),
- VMSTATE_INT32(rx_fifo_used, lan9118_state),
- VMSTATE_INT32(rx_fifo_head, lan9118_state),
- VMSTATE_UINT32_ARRAY(rx_fifo, lan9118_state, 3360),
- VMSTATE_INT32(rx_packet_size_head, lan9118_state),
- VMSTATE_INT32(rx_packet_size_tail, lan9118_state),
- VMSTATE_INT32_ARRAY(rx_packet_size, lan9118_state, 1024),
- VMSTATE_INT32(rxp_offset, lan9118_state),
- VMSTATE_INT32(rxp_size, lan9118_state),
- VMSTATE_INT32(rxp_pad, lan9118_state),
- VMSTATE_UINT32_V(write_word_prev_offset, lan9118_state, 2),
- VMSTATE_UINT32_V(write_word_n, lan9118_state, 2),
- VMSTATE_UINT16_V(write_word_l, lan9118_state, 2),
- VMSTATE_UINT16_V(write_word_h, lan9118_state, 2),
- VMSTATE_UINT32_V(read_word_prev_offset, lan9118_state, 2),
- VMSTATE_UINT32_V(read_word_n, lan9118_state, 2),
- VMSTATE_UINT32_V(read_long, lan9118_state, 2),
- VMSTATE_UINT32_V(mode_16bit, lan9118_state, 2),
- VMSTATE_END_OF_LIST()
- }
-};
-
-static void lan9118_update(lan9118_state *s)
-{
- int level;
-
- /* TODO: Implement FIFO level IRQs. */
- level = (s->int_sts & s->int_en) != 0;
- if (level) {
- s->irq_cfg |= IRQ_INT;
- } else {
- s->irq_cfg &= ~IRQ_INT;
- }
- if ((s->irq_cfg & IRQ_EN) == 0) {
- level = 0;
- }
- if ((s->irq_cfg & (IRQ_TYPE | IRQ_POL)) != (IRQ_TYPE | IRQ_POL)) {
- /* Interrupt is active low unless we're configured as
- * active-high polarity, push-pull type.
- */
- level = !level;
- }
- qemu_set_irq(s->irq, level);
-}
-
-static void lan9118_mac_changed(lan9118_state *s)
-{
- qemu_format_nic_info_str(&s->nic->nc, s->conf.macaddr.a);
-}
-
-static void lan9118_reload_eeprom(lan9118_state *s)
-{
- int i;
- if (s->eeprom[0] != 0xa5) {
- s->e2p_cmd &= ~0x10;
- DPRINTF("MACADDR load failed\n");
- return;
- }
- for (i = 0; i < 6; i++) {
- s->conf.macaddr.a[i] = s->eeprom[i + 1];
- }
- s->e2p_cmd |= 0x10;
- DPRINTF("MACADDR loaded from eeprom\n");
- lan9118_mac_changed(s);
-}
-
-static void phy_update_irq(lan9118_state *s)
-{
- if (s->phy_int & s->phy_int_mask) {
- s->int_sts |= PHY_INT;
- } else {
- s->int_sts &= ~PHY_INT;
- }
- lan9118_update(s);
-}
-
-static void phy_update_link(lan9118_state *s)
-{
- /* Autonegotiation status mirrors link status. */
- if (s->nic->nc.link_down) {
- s->phy_status &= ~0x0024;
- s->phy_int |= PHY_INT_DOWN;
- } else {
- s->phy_status |= 0x0024;
- s->phy_int |= PHY_INT_ENERGYON;
- s->phy_int |= PHY_INT_AUTONEG_COMPLETE;
- }
- phy_update_irq(s);
-}
-
-static void lan9118_set_link(NetClientState *nc)
-{
- phy_update_link(DO_UPCAST(NICState, nc, nc)->opaque);
-}
-
-static void phy_reset(lan9118_state *s)
-{
- s->phy_status = 0x7809;
- s->phy_control = 0x3000;
- s->phy_advertise = 0x01e1;
- s->phy_int_mask = 0;
- s->phy_int = 0;
- phy_update_link(s);
-}
-
-static void lan9118_reset(DeviceState *d)
-{
- lan9118_state *s = FROM_SYSBUS(lan9118_state, sysbus_from_qdev(d));
- s->irq_cfg &= (IRQ_TYPE | IRQ_POL);
- s->int_sts = 0;
- s->int_en = 0;
- s->fifo_int = 0x48000000;
- s->rx_cfg = 0;
- s->tx_cfg = 0;
- s->hw_cfg = s->mode_16bit ? 0x00050000 : 0x00050004;
- s->pmt_ctrl &= 0x45;
- s->gpio_cfg = 0;
- s->txp->fifo_used = 0;
- s->txp->state = TX_IDLE;
- s->txp->cmd_a = 0xffffffffu;
- s->txp->cmd_b = 0xffffffffu;
- s->txp->len = 0;
- s->txp->fifo_used = 0;
- s->tx_fifo_size = 4608;
- s->tx_status_fifo_used = 0;
- s->rx_status_fifo_size = 704;
- s->rx_fifo_size = 2640;
- s->rx_fifo_used = 0;
- s->rx_status_fifo_size = 176;
- s->rx_status_fifo_used = 0;
- s->rxp_offset = 0;
- s->rxp_size = 0;
- s->rxp_pad = 0;
- s->rx_packet_size_tail = s->rx_packet_size_head;
- s->rx_packet_size[s->rx_packet_size_head] = 0;
- s->mac_cmd = 0;
- s->mac_data = 0;
- s->afc_cfg = 0;
- s->e2p_cmd = 0;
- s->e2p_data = 0;
- s->free_timer_start = qemu_get_clock_ns(vm_clock) / 40;
-
- ptimer_stop(s->timer);
- ptimer_set_count(s->timer, 0xffff);
- s->gpt_cfg = 0xffff;
-
- s->mac_cr = MAC_CR_PRMS;
- s->mac_hashh = 0;
- s->mac_hashl = 0;
- s->mac_mii_acc = 0;
- s->mac_mii_data = 0;
- s->mac_flow = 0;
-
- s->read_word_n = 0;
- s->write_word_n = 0;
-
- phy_reset(s);
-
- s->eeprom_writable = 0;
- lan9118_reload_eeprom(s);
-}
-
-static int lan9118_can_receive(NetClientState *nc)
-{
- return 1;
-}
-
-static void rx_fifo_push(lan9118_state *s, uint32_t val)
-{
- int fifo_pos;
- fifo_pos = s->rx_fifo_head + s->rx_fifo_used;
- if (fifo_pos >= s->rx_fifo_size)
- fifo_pos -= s->rx_fifo_size;
- s->rx_fifo[fifo_pos] = val;
- s->rx_fifo_used++;
-}
-
-/* Return nonzero if the packet is accepted by the filter. */
-static int lan9118_filter(lan9118_state *s, const uint8_t *addr)
-{
- int multicast;
- uint32_t hash;
-
- if (s->mac_cr & MAC_CR_PRMS) {
- return 1;
- }
- if (addr[0] == 0xff && addr[1] == 0xff && addr[2] == 0xff &&
- addr[3] == 0xff && addr[4] == 0xff && addr[5] == 0xff) {
- return (s->mac_cr & MAC_CR_BCAST) == 0;
- }
-
- multicast = addr[0] & 1;
- if (multicast &&s->mac_cr & MAC_CR_MCPAS) {
- return 1;
- }
- if (multicast ? (s->mac_cr & MAC_CR_HPFILT) == 0
- : (s->mac_cr & MAC_CR_HO) == 0) {
- /* Exact matching. */
- hash = memcmp(addr, s->conf.macaddr.a, 6);
- if (s->mac_cr & MAC_CR_INVFILT) {
- return hash != 0;
- } else {
- return hash == 0;
- }
- } else {
- /* Hash matching */
- hash = compute_mcast_idx(addr);
- if (hash & 0x20) {
- return (s->mac_hashh >> (hash & 0x1f)) & 1;
- } else {
- return (s->mac_hashl >> (hash & 0x1f)) & 1;
- }
- }
-}
-
-static ssize_t lan9118_receive(NetClientState *nc, const uint8_t *buf,
- size_t size)
-{
- lan9118_state *s = DO_UPCAST(NICState, nc, nc)->opaque;
- int fifo_len;
- int offset;
- int src_pos;
- int n;
- int filter;
- uint32_t val;
- uint32_t crc;
- uint32_t status;
-
- if ((s->mac_cr & MAC_CR_RXEN) == 0) {
- return -1;
- }
-
- if (size >= 2048 || size < 14) {
- return -1;
- }
-
- /* TODO: Implement FIFO overflow notification. */
- if (s->rx_status_fifo_used == s->rx_status_fifo_size) {
- return -1;
- }
-
- filter = lan9118_filter(s, buf);
- if (!filter && (s->mac_cr & MAC_CR_RXALL) == 0) {
- return size;
- }
-
- offset = (s->rx_cfg >> 8) & 0x1f;
- n = offset & 3;
- fifo_len = (size + n + 3) >> 2;
- /* Add a word for the CRC. */
- fifo_len++;
- if (s->rx_fifo_size - s->rx_fifo_used < fifo_len) {
- return -1;
- }
-
- DPRINTF("Got packet len:%d fifo:%d filter:%s\n",
- (int)size, fifo_len, filter ? "pass" : "fail");
- val = 0;
- crc = bswap32(crc32(~0, buf, size));
- for (src_pos = 0; src_pos < size; src_pos++) {
- val = (val >> 8) | ((uint32_t)buf[src_pos] << 24);
- n++;
- if (n == 4) {
- n = 0;
- rx_fifo_push(s, val);
- val = 0;
- }
- }
- if (n) {
- val >>= ((4 - n) * 8);
- val |= crc << (n * 8);
- rx_fifo_push(s, val);
- val = crc >> ((4 - n) * 8);
- rx_fifo_push(s, val);
- } else {
- rx_fifo_push(s, crc);
- }
- n = s->rx_status_fifo_head + s->rx_status_fifo_used;
- if (n >= s->rx_status_fifo_size) {
- n -= s->rx_status_fifo_size;
- }
- s->rx_packet_size[s->rx_packet_size_tail] = fifo_len;
- s->rx_packet_size_tail = (s->rx_packet_size_tail + 1023) & 1023;
- s->rx_status_fifo_used++;
-
- status = (size + 4) << 16;
- if (buf[0] == 0xff && buf[1] == 0xff && buf[2] == 0xff &&
- buf[3] == 0xff && buf[4] == 0xff && buf[5] == 0xff) {
- status |= 0x00002000;
- } else if (buf[0] & 1) {
- status |= 0x00000400;
- }
- if (!filter) {
- status |= 0x40000000;
- }
- s->rx_status_fifo[n] = status;
-
- if (s->rx_status_fifo_used > (s->fifo_int & 0xff)) {
- s->int_sts |= RSFL_INT;
- }
- lan9118_update(s);
-
- return size;
-}
-
-static uint32_t rx_fifo_pop(lan9118_state *s)
-{
- int n;
- uint32_t val;
-
- if (s->rxp_size == 0 && s->rxp_pad == 0) {
- s->rxp_size = s->rx_packet_size[s->rx_packet_size_head];
- s->rx_packet_size[s->rx_packet_size_head] = 0;
- if (s->rxp_size != 0) {
- s->rx_packet_size_head = (s->rx_packet_size_head + 1023) & 1023;
- s->rxp_offset = (s->rx_cfg >> 10) & 7;
- n = s->rxp_offset + s->rxp_size;
- switch (s->rx_cfg >> 30) {
- case 1:
- n = (-n) & 3;
- break;
- case 2:
- n = (-n) & 7;
- break;
- default:
- n = 0;
- break;
- }
- s->rxp_pad = n;
- DPRINTF("Pop packet size:%d offset:%d pad: %d\n",
- s->rxp_size, s->rxp_offset, s->rxp_pad);
- }
- }
- if (s->rxp_offset > 0) {
- s->rxp_offset--;
- val = 0;
- } else if (s->rxp_size > 0) {
- s->rxp_size--;
- val = s->rx_fifo[s->rx_fifo_head++];
- if (s->rx_fifo_head >= s->rx_fifo_size) {
- s->rx_fifo_head -= s->rx_fifo_size;
- }
- s->rx_fifo_used--;
- } else if (s->rxp_pad > 0) {
- s->rxp_pad--;
- val = 0;
- } else {
- DPRINTF("RX underflow\n");
- s->int_sts |= RXE_INT;
- val = 0;
- }
- lan9118_update(s);
- return val;
-}
-
-static void do_tx_packet(lan9118_state *s)
-{
- int n;
- uint32_t status;
-
- /* FIXME: Honor TX disable, and allow queueing of packets. */
- if (s->phy_control & 0x4000) {
- /* This assumes the receive routine doesn't touch the VLANClient. */
- lan9118_receive(&s->nic->nc, s->txp->data, s->txp->len);
- } else {
- qemu_send_packet(&s->nic->nc, s->txp->data, s->txp->len);
- }
- s->txp->fifo_used = 0;
-
- if (s->tx_status_fifo_used == 512) {
- /* Status FIFO full */
- return;
- }
- /* Add entry to status FIFO. */
- status = s->txp->cmd_b & 0xffff0000u;
- DPRINTF("Sent packet tag:%04x len %d\n", status >> 16, s->txp->len);
- n = (s->tx_status_fifo_head + s->tx_status_fifo_used) & 511;
- s->tx_status_fifo[n] = status;
- s->tx_status_fifo_used++;
- if (s->tx_status_fifo_used == 512) {
- s->int_sts |= TSFF_INT;
- /* TODO: Stop transmission. */
- }
-}
-
-static uint32_t rx_status_fifo_pop(lan9118_state *s)
-{
- uint32_t val;
-
- val = s->rx_status_fifo[s->rx_status_fifo_head];
- if (s->rx_status_fifo_used != 0) {
- s->rx_status_fifo_used--;
- s->rx_status_fifo_head++;
- if (s->rx_status_fifo_head >= s->rx_status_fifo_size) {
- s->rx_status_fifo_head -= s->rx_status_fifo_size;
- }
- /* ??? What value should be returned when the FIFO is empty? */
- DPRINTF("RX status pop 0x%08x\n", val);
- }
- return val;
-}
-
-static uint32_t tx_status_fifo_pop(lan9118_state *s)
-{
- uint32_t val;
-
- val = s->tx_status_fifo[s->tx_status_fifo_head];
- if (s->tx_status_fifo_used != 0) {
- s->tx_status_fifo_used--;
- s->tx_status_fifo_head = (s->tx_status_fifo_head + 1) & 511;
- /* ??? What value should be returned when the FIFO is empty? */
- }
- return val;
-}
-
-static void tx_fifo_push(lan9118_state *s, uint32_t val)
-{
- int n;
-
- if (s->txp->fifo_used == s->tx_fifo_size) {
- s->int_sts |= TDFO_INT;
- return;
- }
- switch (s->txp->state) {
- case TX_IDLE:
- s->txp->cmd_a = val & 0x831f37ff;
- s->txp->fifo_used++;
- s->txp->state = TX_B;
- break;
- case TX_B:
- if (s->txp->cmd_a & 0x2000) {
- /* First segment */
- s->txp->cmd_b = val;
- s->txp->fifo_used++;
- s->txp->buffer_size = s->txp->cmd_a & 0x7ff;
- s->txp->offset = (s->txp->cmd_a >> 16) & 0x1f;
- /* End alignment does not include command words. */
- n = (s->txp->buffer_size + s->txp->offset + 3) >> 2;
- switch ((n >> 24) & 3) {
- case 1:
- n = (-n) & 3;
- break;
- case 2:
- n = (-n) & 7;
- break;
- default:
- n = 0;
- }
- s->txp->pad = n;
- s->txp->len = 0;
- }
- DPRINTF("Block len:%d offset:%d pad:%d cmd %08x\n",
- s->txp->buffer_size, s->txp->offset, s->txp->pad,
- s->txp->cmd_a);
- s->txp->state = TX_DATA;
- break;
- case TX_DATA:
- if (s->txp->offset >= 4) {
- s->txp->offset -= 4;
- break;
- }
- if (s->txp->buffer_size <= 0 && s->txp->pad != 0) {
- s->txp->pad--;
- } else {
- n = 4;
- while (s->txp->offset) {
- val >>= 8;
- n--;
- s->txp->offset--;
- }
- /* Documentation is somewhat unclear on the ordering of bytes
- in FIFO words. Empirical results show it to be little-endian.
- */
- /* TODO: FIFO overflow checking. */
- while (n--) {
- s->txp->data[s->txp->len] = val & 0xff;
- s->txp->len++;
- val >>= 8;
- s->txp->buffer_size--;
- }
- s->txp->fifo_used++;
- }
- if (s->txp->buffer_size <= 0 && s->txp->pad == 0) {
- if (s->txp->cmd_a & 0x1000) {
- do_tx_packet(s);
- }
- if (s->txp->cmd_a & 0x80000000) {
- s->int_sts |= TX_IOC_INT;
- }
- s->txp->state = TX_IDLE;
- }
- break;
- }
-}
-
-static uint32_t do_phy_read(lan9118_state *s, int reg)
-{
- uint32_t val;
-
- switch (reg) {
- case 0: /* Basic Control */
- return s->phy_control;
- case 1: /* Basic Status */
- return s->phy_status;
- case 2: /* ID1 */
- return 0x0007;
- case 3: /* ID2 */
- return 0xc0d1;
- case 4: /* Auto-neg advertisement */
- return s->phy_advertise;
- case 5: /* Auto-neg Link Partner Ability */
- return 0x0f71;
- case 6: /* Auto-neg Expansion */
- return 1;
- /* TODO 17, 18, 27, 29, 30, 31 */
- case 29: /* Interrupt source. */
- val = s->phy_int;
- s->phy_int = 0;
- phy_update_irq(s);
- return val;
- case 30: /* Interrupt mask */
- return s->phy_int_mask;
- default:
- BADF("PHY read reg %d\n", reg);
- return 0;
- }
-}
-
-static void do_phy_write(lan9118_state *s, int reg, uint32_t val)
-{
- switch (reg) {
- case 0: /* Basic Control */
- if (val & 0x8000) {
- phy_reset(s);
- break;
- }
- s->phy_control = val & 0x7980;
- /* Complete autonegotiation immediately. */
- if (val & 0x1000) {
- s->phy_status |= 0x0020;
- }
- break;
- case 4: /* Auto-neg advertisement */
- s->phy_advertise = (val & 0x2d7f) | 0x80;
- break;
- /* TODO 17, 18, 27, 31 */
- case 30: /* Interrupt mask */
- s->phy_int_mask = val & 0xff;
- phy_update_irq(s);
- break;
- default:
- BADF("PHY write reg %d = 0x%04x\n", reg, val);
- }
-}
-
-static void do_mac_write(lan9118_state *s, int reg, uint32_t val)
-{
- switch (reg) {
- case MAC_CR:
- if ((s->mac_cr & MAC_CR_RXEN) != 0 && (val & MAC_CR_RXEN) == 0) {
- s->int_sts |= RXSTOP_INT;
- }
- s->mac_cr = val & ~MAC_CR_RESERVED;
- DPRINTF("MAC_CR: %08x\n", val);
- break;
- case MAC_ADDRH:
- s->conf.macaddr.a[4] = val & 0xff;
- s->conf.macaddr.a[5] = (val >> 8) & 0xff;
- lan9118_mac_changed(s);
- break;
- case MAC_ADDRL:
- s->conf.macaddr.a[0] = val & 0xff;
- s->conf.macaddr.a[1] = (val >> 8) & 0xff;
- s->conf.macaddr.a[2] = (val >> 16) & 0xff;
- s->conf.macaddr.a[3] = (val >> 24) & 0xff;
- lan9118_mac_changed(s);
- break;
- case MAC_HASHH:
- s->mac_hashh = val;
- break;
- case MAC_HASHL:
- s->mac_hashl = val;
- break;
- case MAC_MII_ACC:
- s->mac_mii_acc = val & 0xffc2;
- if (val & 2) {
- DPRINTF("PHY write %d = 0x%04x\n",
- (val >> 6) & 0x1f, s->mac_mii_data);
- do_phy_write(s, (val >> 6) & 0x1f, s->mac_mii_data);
- } else {
- s->mac_mii_data = do_phy_read(s, (val >> 6) & 0x1f);
- DPRINTF("PHY read %d = 0x%04x\n",
- (val >> 6) & 0x1f, s->mac_mii_data);
- }
- break;
- case MAC_MII_DATA:
- s->mac_mii_data = val & 0xffff;
- break;
- case MAC_FLOW:
- s->mac_flow = val & 0xffff0000;
- break;
- case MAC_VLAN1:
- /* Writing to this register changes a condition for
- * FrameTooLong bit in rx_status. Since we do not set
- * FrameTooLong anyway, just ignore write to this.
- */
- break;
- default:
- hw_error("lan9118: Unimplemented MAC register write: %d = 0x%x\n",
- s->mac_cmd & 0xf, val);
- }
-}
-
-static uint32_t do_mac_read(lan9118_state *s, int reg)
-{
- switch (reg) {
- case MAC_CR:
- return s->mac_cr;
- case MAC_ADDRH:
- return s->conf.macaddr.a[4] | (s->conf.macaddr.a[5] << 8);
- case MAC_ADDRL:
- return s->conf.macaddr.a[0] | (s->conf.macaddr.a[1] << 8)
- | (s->conf.macaddr.a[2] << 16) | (s->conf.macaddr.a[3] << 24);
- case MAC_HASHH:
- return s->mac_hashh;
- break;
- case MAC_HASHL:
- return s->mac_hashl;
- break;
- case MAC_MII_ACC:
- return s->mac_mii_acc;
- case MAC_MII_DATA:
- return s->mac_mii_data;
- case MAC_FLOW:
- return s->mac_flow;
- default:
- hw_error("lan9118: Unimplemented MAC register read: %d\n",
- s->mac_cmd & 0xf);
- }
-}
-
-static void lan9118_eeprom_cmd(lan9118_state *s, int cmd, int addr)
-{
- s->e2p_cmd = (s->e2p_cmd & 0x10) | (cmd << 28) | addr;
- switch (cmd) {
- case 0:
- s->e2p_data = s->eeprom[addr];
- DPRINTF("EEPROM Read %d = 0x%02x\n", addr, s->e2p_data);
- break;
- case 1:
- s->eeprom_writable = 0;
- DPRINTF("EEPROM Write Disable\n");
- break;
- case 2: /* EWEN */
- s->eeprom_writable = 1;
- DPRINTF("EEPROM Write Enable\n");
- break;
- case 3: /* WRITE */
- if (s->eeprom_writable) {
- s->eeprom[addr] &= s->e2p_data;
- DPRINTF("EEPROM Write %d = 0x%02x\n", addr, s->e2p_data);
- } else {
- DPRINTF("EEPROM Write %d (ignored)\n", addr);
- }
- break;
- case 4: /* WRAL */
- if (s->eeprom_writable) {
- for (addr = 0; addr < 128; addr++) {
- s->eeprom[addr] &= s->e2p_data;
- }
- DPRINTF("EEPROM Write All 0x%02x\n", s->e2p_data);
- } else {
- DPRINTF("EEPROM Write All (ignored)\n");
- }
- break;
- case 5: /* ERASE */
- if (s->eeprom_writable) {
- s->eeprom[addr] = 0xff;
- DPRINTF("EEPROM Erase %d\n", addr);
- } else {
- DPRINTF("EEPROM Erase %d (ignored)\n", addr);
- }
- break;
- case 6: /* ERAL */
- if (s->eeprom_writable) {
- memset(s->eeprom, 0xff, 128);
- DPRINTF("EEPROM Erase All\n");
- } else {
- DPRINTF("EEPROM Erase All (ignored)\n");
- }
- break;
- case 7: /* RELOAD */
- lan9118_reload_eeprom(s);
- break;
- }
-}
-
-static void lan9118_tick(void *opaque)
-{
- lan9118_state *s = (lan9118_state *)opaque;
- if (s->int_en & GPT_INT) {
- s->int_sts |= GPT_INT;
- }
- lan9118_update(s);
-}
-
-static void lan9118_writel(void *opaque, hwaddr offset,
- uint64_t val, unsigned size)
-{
- lan9118_state *s = (lan9118_state *)opaque;
- offset &= 0xff;
-
- //DPRINTF("Write reg 0x%02x = 0x%08x\n", (int)offset, val);
- if (offset >= 0x20 && offset < 0x40) {
- /* TX FIFO */
- tx_fifo_push(s, val);
- return;
- }
- switch (offset) {
- case CSR_IRQ_CFG:
- /* TODO: Implement interrupt deassertion intervals. */
- val &= (IRQ_EN | IRQ_POL | IRQ_TYPE);
- s->irq_cfg = (s->irq_cfg & IRQ_INT) | val;
- break;
- case CSR_INT_STS:
- s->int_sts &= ~val;
- break;
- case CSR_INT_EN:
- s->int_en = val & ~RESERVED_INT;
- s->int_sts |= val & SW_INT;
- break;
- case CSR_FIFO_INT:
- DPRINTF("FIFO INT levels %08x\n", val);
- s->fifo_int = val;
- break;
- case CSR_RX_CFG:
- if (val & 0x8000) {
- /* RX_DUMP */
- s->rx_fifo_used = 0;
- s->rx_status_fifo_used = 0;
- s->rx_packet_size_tail = s->rx_packet_size_head;
- s->rx_packet_size[s->rx_packet_size_head] = 0;
- }
- s->rx_cfg = val & 0xcfff1ff0;
- break;
- case CSR_TX_CFG:
- if (val & 0x8000) {
- s->tx_status_fifo_used = 0;
- }
- if (val & 0x4000) {
- s->txp->state = TX_IDLE;
- s->txp->fifo_used = 0;
- s->txp->cmd_a = 0xffffffff;
- }
- s->tx_cfg = val & 6;
- break;
- case CSR_HW_CFG:
- if (val & 1) {
- /* SRST */
- lan9118_reset(&s->busdev.qdev);
- } else {
- s->hw_cfg = (val & 0x003f300) | (s->hw_cfg & 0x4);
- }
- break;
- case CSR_RX_DP_CTRL:
- if (val & 0x80000000) {
- /* Skip forward to next packet. */
- s->rxp_pad = 0;
- s->rxp_offset = 0;
- if (s->rxp_size == 0) {
- /* Pop a word to start the next packet. */
- rx_fifo_pop(s);
- s->rxp_pad = 0;
- s->rxp_offset = 0;
- }
- s->rx_fifo_head += s->rxp_size;
- if (s->rx_fifo_head >= s->rx_fifo_size) {
- s->rx_fifo_head -= s->rx_fifo_size;
- }
- }
- break;
- case CSR_PMT_CTRL:
- if (val & 0x400) {
- phy_reset(s);
- }
- s->pmt_ctrl &= ~0x34e;
- s->pmt_ctrl |= (val & 0x34e);
- break;
- case CSR_GPIO_CFG:
- /* Probably just enabling LEDs. */
- s->gpio_cfg = val & 0x7777071f;
- break;
- case CSR_GPT_CFG:
- if ((s->gpt_cfg ^ val) & GPT_TIMER_EN) {
- if (val & GPT_TIMER_EN) {
- ptimer_set_count(s->timer, val & 0xffff);
- ptimer_run(s->timer, 0);
- } else {
- ptimer_stop(s->timer);
- ptimer_set_count(s->timer, 0xffff);
- }
- }
- s->gpt_cfg = val & (GPT_TIMER_EN | 0xffff);
- break;
- case CSR_WORD_SWAP:
- /* Ignored because we're in 32-bit mode. */
- s->word_swap = val;
- break;
- case CSR_MAC_CSR_CMD:
- s->mac_cmd = val & 0x4000000f;
- if (val & 0x80000000) {
- if (val & 0x40000000) {
- s->mac_data = do_mac_read(s, val & 0xf);
- DPRINTF("MAC read %d = 0x%08x\n", val & 0xf, s->mac_data);
- } else {
- DPRINTF("MAC write %d = 0x%08x\n", val & 0xf, s->mac_data);
- do_mac_write(s, val & 0xf, s->mac_data);
- }
- }
- break;
- case CSR_MAC_CSR_DATA:
- s->mac_data = val;
- break;
- case CSR_AFC_CFG:
- s->afc_cfg = val & 0x00ffffff;
- break;
- case CSR_E2P_CMD:
- lan9118_eeprom_cmd(s, (val >> 28) & 7, val & 0x7f);
- break;
- case CSR_E2P_DATA:
- s->e2p_data = val & 0xff;
- break;
-
- default:
- hw_error("lan9118_write: Bad reg 0x%x = %x\n", (int)offset, (int)val);
- break;
- }
- lan9118_update(s);
-}
-
-static void lan9118_writew(void *opaque, hwaddr offset,
- uint32_t val)
-{
- lan9118_state *s = (lan9118_state *)opaque;
- offset &= 0xff;
-
- if (s->write_word_prev_offset != (offset & ~0x3)) {
- /* New offset, reset word counter */
- s->write_word_n = 0;
- s->write_word_prev_offset = offset & ~0x3;
- }
-
- if (offset & 0x2) {
- s->write_word_h = val;
- } else {
- s->write_word_l = val;
- }
-
- //DPRINTF("Writew reg 0x%02x = 0x%08x\n", (int)offset, val);
- s->write_word_n++;
- if (s->write_word_n == 2) {
- s->write_word_n = 0;
- lan9118_writel(s, offset & ~3, s->write_word_l +
- (s->write_word_h << 16), 4);
- }
-}
-
-static void lan9118_16bit_mode_write(void *opaque, hwaddr offset,
- uint64_t val, unsigned size)
-{
- switch (size) {
- case 2:
- lan9118_writew(opaque, offset, (uint32_t)val);
- return;
- case 4:
- lan9118_writel(opaque, offset, val, size);
- return;
- }
-
- hw_error("lan9118_write: Bad size 0x%x\n", size);
-}
-
-static uint64_t lan9118_readl(void *opaque, hwaddr offset,
- unsigned size)
-{
- lan9118_state *s = (lan9118_state *)opaque;
-
- //DPRINTF("Read reg 0x%02x\n", (int)offset);
- if (offset < 0x20) {
- /* RX FIFO */
- return rx_fifo_pop(s);
- }
- switch (offset) {
- case 0x40:
- return rx_status_fifo_pop(s);
- case 0x44:
- return s->rx_status_fifo[s->tx_status_fifo_head];
- case 0x48:
- return tx_status_fifo_pop(s);
- case 0x4c:
- return s->tx_status_fifo[s->tx_status_fifo_head];
- case CSR_ID_REV:
- return 0x01180001;
- case CSR_IRQ_CFG:
- return s->irq_cfg;
- case CSR_INT_STS:
- return s->int_sts;
- case CSR_INT_EN:
- return s->int_en;
- case CSR_BYTE_TEST:
- return 0x87654321;
- case CSR_FIFO_INT:
- return s->fifo_int;
- case CSR_RX_CFG:
- return s->rx_cfg;
- case CSR_TX_CFG:
- return s->tx_cfg;
- case CSR_HW_CFG:
- return s->hw_cfg;
- case CSR_RX_DP_CTRL:
- return 0;
- case CSR_RX_FIFO_INF:
- return (s->rx_status_fifo_used << 16) | (s->rx_fifo_used << 2);
- case CSR_TX_FIFO_INF:
- return (s->tx_status_fifo_used << 16)
- | (s->tx_fifo_size - s->txp->fifo_used);
- case CSR_PMT_CTRL:
- return s->pmt_ctrl;
- case CSR_GPIO_CFG:
- return s->gpio_cfg;
- case CSR_GPT_CFG:
- return s->gpt_cfg;
- case CSR_GPT_CNT:
- return ptimer_get_count(s->timer);
- case CSR_WORD_SWAP:
- return s->word_swap;
- case CSR_FREE_RUN:
- return (qemu_get_clock_ns(vm_clock) / 40) - s->free_timer_start;
- case CSR_RX_DROP:
- /* TODO: Implement dropped frames counter. */
- return 0;
- case CSR_MAC_CSR_CMD:
- return s->mac_cmd;
- case CSR_MAC_CSR_DATA:
- return s->mac_data;
- case CSR_AFC_CFG:
- return s->afc_cfg;
- case CSR_E2P_CMD:
- return s->e2p_cmd;
- case CSR_E2P_DATA:
- return s->e2p_data;
- }
- hw_error("lan9118_read: Bad reg 0x%x\n", (int)offset);
- return 0;
-}
-
-static uint32_t lan9118_readw(void *opaque, hwaddr offset)
-{
- lan9118_state *s = (lan9118_state *)opaque;
- uint32_t val;
-
- if (s->read_word_prev_offset != (offset & ~0x3)) {
- /* New offset, reset word counter */
- s->read_word_n = 0;
- s->read_word_prev_offset = offset & ~0x3;
- }
-
- s->read_word_n++;
- if (s->read_word_n == 1) {
- s->read_long = lan9118_readl(s, offset & ~3, 4);
- } else {
- s->read_word_n = 0;
- }
-
- if (offset & 2) {
- val = s->read_long >> 16;
- } else {
- val = s->read_long & 0xFFFF;
- }
-
- //DPRINTF("Readw reg 0x%02x, val 0x%x\n", (int)offset, val);
- return val;
-}
-
-static uint64_t lan9118_16bit_mode_read(void *opaque, hwaddr offset,
- unsigned size)
-{
- switch (size) {
- case 2:
- return lan9118_readw(opaque, offset);
- case 4:
- return lan9118_readl(opaque, offset, size);
- }
-
- hw_error("lan9118_read: Bad size 0x%x\n", size);
- return 0;
-}
-
-static const MemoryRegionOps lan9118_mem_ops = {
- .read = lan9118_readl,
- .write = lan9118_writel,
- .endianness = DEVICE_NATIVE_ENDIAN,
-};
-
-static const MemoryRegionOps lan9118_16bit_mem_ops = {
- .read = lan9118_16bit_mode_read,
- .write = lan9118_16bit_mode_write,
- .endianness = DEVICE_NATIVE_ENDIAN,
-};
-
-static void lan9118_cleanup(NetClientState *nc)
-{
- lan9118_state *s = DO_UPCAST(NICState, nc, nc)->opaque;
-
- s->nic = NULL;
-}
-
-static NetClientInfo net_lan9118_info = {
- .type = NET_CLIENT_OPTIONS_KIND_NIC,
- .size = sizeof(NICState),
- .can_receive = lan9118_can_receive,
- .receive = lan9118_receive,
- .cleanup = lan9118_cleanup,
- .link_status_changed = lan9118_set_link,
-};
-
-static int lan9118_init1(SysBusDevice *dev)
-{
- lan9118_state *s = FROM_SYSBUS(lan9118_state, dev);
- QEMUBH *bh;
- int i;
- const MemoryRegionOps *mem_ops =
- s->mode_16bit ? &lan9118_16bit_mem_ops : &lan9118_mem_ops;
-
- memory_region_init_io(&s->mmio, mem_ops, s, "lan9118-mmio", 0x100);
- sysbus_init_mmio(dev, &s->mmio);
- sysbus_init_irq(dev, &s->irq);
- qemu_macaddr_default_if_unset(&s->conf.macaddr);
-
- s->nic = qemu_new_nic(&net_lan9118_info, &s->conf,
- object_get_typename(OBJECT(dev)), dev->qdev.id, s);
- qemu_format_nic_info_str(&s->nic->nc, s->conf.macaddr.a);
- s->eeprom[0] = 0xa5;
- for (i = 0; i < 6; i++) {
- s->eeprom[i + 1] = s->conf.macaddr.a[i];
- }
- s->pmt_ctrl = 1;
- s->txp = &s->tx_packet;
-
- bh = qemu_bh_new(lan9118_tick, s);
- s->timer = ptimer_init(bh);
- ptimer_set_freq(s->timer, 10000);
- ptimer_set_limit(s->timer, 0xffff, 1);
-
- return 0;
-}
-
-static Property lan9118_properties[] = {
- DEFINE_NIC_PROPERTIES(lan9118_state, conf),
- DEFINE_PROP_UINT32("mode_16bit", lan9118_state, mode_16bit, 0),
- DEFINE_PROP_END_OF_LIST(),
-};
-
-static void lan9118_class_init(ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS(klass);
- SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
-
- k->init = lan9118_init1;
- dc->reset = lan9118_reset;
- dc->props = lan9118_properties;
- dc->vmsd = &vmstate_lan9118;
-}
-
-static TypeInfo lan9118_info = {
- .name = "lan9118",
- .parent = TYPE_SYS_BUS_DEVICE,
- .instance_size = sizeof(lan9118_state),
- .class_init = lan9118_class_init,
-};
-
-static void lan9118_register_types(void)
-{
- type_register_static(&lan9118_info);
-}
-
-/* Legacy helper function. Should go away when machine config files are
- implemented. */
-void lan9118_init(NICInfo *nd, uint32_t base, qemu_irq irq)
-{
- DeviceState *dev;
- SysBusDevice *s;
-
- qemu_check_nic_model(nd, "lan9118");
- dev = qdev_create(NULL, "lan9118");
- qdev_set_nic_properties(dev, nd);
- qdev_init_nofail(dev);
- s = sysbus_from_qdev(dev);
- sysbus_mmio_map(s, 0, base);
- sysbus_connect_irq(s, 0, irq);
-}
-
-type_init(lan9118_register_types)
diff --git a/hw/lance.c b/hw/lance.c
deleted file mode 100644
index a3e6dd91d..000000000
--- a/hw/lance.c
+++ /dev/null
@@ -1,170 +0,0 @@
-/*
- * QEMU AMD PC-Net II (Am79C970A) emulation
- *
- * Copyright (c) 2004 Antony T Curtis
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
- * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
- * THE SOFTWARE.
- */
-
-/* This software was written to be compatible with the specification:
- * AMD Am79C970A PCnet-PCI II Ethernet Controller Data-Sheet
- * AMD Publication# 19436 Rev:E Amendment/0 Issue Date: June 2000
- */
-
-/*
- * On Sparc32, this is the Lance (Am7990) part of chip STP2000 (Master I/O), also
- * produced as NCR89C100. See
- * http://www.ibiblio.org/pub/historic-linux/early-ports/Sparc/NCR/NCR89C100.txt
- * and
- * http://www.ibiblio.org/pub/historic-linux/early-ports/Sparc/NCR/NCR92C990.txt
- */
-
-#include "sysbus.h"
-#include "net.h"
-#include "qemu-timer.h"
-#include "qemu_socket.h"
-#include "sun4m.h"
-#include "pcnet.h"
-#include "trace.h"
-
-typedef struct {
- SysBusDevice busdev;
- PCNetState state;
-} SysBusPCNetState;
-
-static void parent_lance_reset(void *opaque, int irq, int level)
-{
- SysBusPCNetState *d = opaque;
- if (level)
- pcnet_h_reset(&d->state);
-}
-
-static void lance_mem_write(void *opaque, hwaddr addr,
- uint64_t val, unsigned size)
-{
- SysBusPCNetState *d = opaque;
-
- trace_lance_mem_writew(addr, val & 0xffff);
- pcnet_ioport_writew(&d->state, addr, val & 0xffff);
-}
-
-static uint64_t lance_mem_read(void *opaque, hwaddr addr,
- unsigned size)
-{
- SysBusPCNetState *d = opaque;
- uint32_t val;
-
- val = pcnet_ioport_readw(&d->state, addr);
- trace_lance_mem_readw(addr, val & 0xffff);
- return val & 0xffff;
-}
-
-static const MemoryRegionOps lance_mem_ops = {
- .read = lance_mem_read,
- .write = lance_mem_write,
- .endianness = DEVICE_NATIVE_ENDIAN,
- .valid = {
- .min_access_size = 2,
- .max_access_size = 2,
- },
-};
-
-static void lance_cleanup(NetClientState *nc)
-{
- PCNetState *d = DO_UPCAST(NICState, nc, nc)->opaque;
-
- pcnet_common_cleanup(d);
-}
-
-static NetClientInfo net_lance_info = {
- .type = NET_CLIENT_OPTIONS_KIND_NIC,
- .size = sizeof(NICState),
- .can_receive = pcnet_can_receive,
- .receive = pcnet_receive,
- .link_status_changed = pcnet_set_link_status,
- .cleanup = lance_cleanup,
-};
-
-static const VMStateDescription vmstate_lance = {
- .name = "pcnet",
- .version_id = 3,
- .minimum_version_id = 2,
- .minimum_version_id_old = 2,
- .fields = (VMStateField []) {
- VMSTATE_STRUCT(state, SysBusPCNetState, 0, vmstate_pcnet, PCNetState),
- VMSTATE_END_OF_LIST()
- }
-};
-
-static int lance_init(SysBusDevice *dev)
-{
- SysBusPCNetState *d = FROM_SYSBUS(SysBusPCNetState, dev);
- PCNetState *s = &d->state;
-
- memory_region_init_io(&s->mmio, &lance_mem_ops, d, "lance-mmio", 4);
-
- qdev_init_gpio_in(&dev->qdev, parent_lance_reset, 1);
-
- sysbus_init_mmio(dev, &s->mmio);
-
- sysbus_init_irq(dev, &s->irq);
-
- s->phys_mem_read = ledma_memory_read;
- s->phys_mem_write = ledma_memory_write;
- return pcnet_common_init(&dev->qdev, s, &net_lance_info);
-}
-
-static void lance_reset(DeviceState *dev)
-{
- SysBusPCNetState *d = DO_UPCAST(SysBusPCNetState, busdev.qdev, dev);
-
- pcnet_h_reset(&d->state);
-}
-
-static Property lance_properties[] = {
- DEFINE_PROP_PTR("dma", SysBusPCNetState, state.dma_opaque),
- DEFINE_NIC_PROPERTIES(SysBusPCNetState, state.conf),
- DEFINE_PROP_END_OF_LIST(),
-};
-
-static void lance_class_init(ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS(klass);
- SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
-
- k->init = lance_init;
- dc->fw_name = "ethernet";
- dc->reset = lance_reset;
- dc->vmsd = &vmstate_lance;
- dc->props = lance_properties;
-}
-
-static TypeInfo lance_info = {
- .name = "lance",
- .parent = TYPE_SYS_BUS_DEVICE,
- .instance_size = sizeof(SysBusPCNetState),
- .class_init = lance_class_init,
-};
-
-static void lance_register_types(void)
-{
- type_register_static(&lance_info);
-}
-
-type_init(lance_register_types)
diff --git a/hw/leon3.c b/hw/leon3.c
deleted file mode 100644
index 774273828..000000000
--- a/hw/leon3.c
+++ /dev/null
@@ -1,223 +0,0 @@
-/*
- * QEMU Leon3 System Emulator
- *
- * Copyright (c) 2010-2011 AdaCore
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
- * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
- * THE SOFTWARE.
- */
-#include "hw.h"
-#include "qemu-timer.h"
-#include "ptimer.h"
-#include "qemu-char.h"
-#include "sysemu.h"
-#include "boards.h"
-#include "loader.h"
-#include "elf.h"
-#include "trace.h"
-#include "exec-memory.h"
-
-#include "grlib.h"
-
-/* Default system clock. */
-#define CPU_CLK (40 * 1000 * 1000)
-
-#define PROM_FILENAME "u-boot.bin"
-
-#define MAX_PILS 16
-
-typedef struct ResetData {
- SPARCCPU *cpu;
- uint32_t entry; /* save kernel entry in case of reset */
-} ResetData;
-
-static void main_cpu_reset(void *opaque)
-{
- ResetData *s = (ResetData *)opaque;
- CPUSPARCState *env = &s->cpu->env;
-
- cpu_reset(CPU(s->cpu));
-
- env->halted = 0;
- env->pc = s->entry;
- env->npc = s->entry + 4;
-}
-
-void leon3_irq_ack(void *irq_manager, int intno)
-{
- grlib_irqmp_ack((DeviceState *)irq_manager, intno);
-}
-
-static void leon3_set_pil_in(void *opaque, uint32_t pil_in)
-{
- CPUSPARCState *env = (CPUSPARCState *)opaque;
-
- assert(env != NULL);
-
- env->pil_in = pil_in;
-
- if (env->pil_in && (env->interrupt_index == 0 ||
- (env->interrupt_index & ~15) == TT_EXTINT)) {
- unsigned int i;
-
- for (i = 15; i > 0; i--) {
- if (env->pil_in & (1 << i)) {
- int old_interrupt = env->interrupt_index;
-
- env->interrupt_index = TT_EXTINT | i;
- if (old_interrupt != env->interrupt_index) {
- trace_leon3_set_irq(i);
- cpu_interrupt(env, CPU_INTERRUPT_HARD);
- }
- break;
- }
- }
- } else if (!env->pil_in && (env->interrupt_index & ~15) == TT_EXTINT) {
- trace_leon3_reset_irq(env->interrupt_index & 15);
- env->interrupt_index = 0;
- cpu_reset_interrupt(env, CPU_INTERRUPT_HARD);
- }
-}
-
-static void leon3_generic_hw_init(QEMUMachineInitArgs *args)
-{
- ram_addr_t ram_size = args->ram_size;
- const char *cpu_model = args->cpu_model;
- const char *kernel_filename = args->kernel_filename;
- SPARCCPU *cpu;
- CPUSPARCState *env;
- MemoryRegion *address_space_mem = get_system_memory();
- MemoryRegion *ram = g_new(MemoryRegion, 1);
- MemoryRegion *prom = g_new(MemoryRegion, 1);
- int ret;
- char *filename;
- qemu_irq *cpu_irqs = NULL;
- int bios_size;
- int prom_size;
- ResetData *reset_info;
-
- /* Init CPU */
- if (!cpu_model) {
- cpu_model = "LEON3";
- }
-
- cpu = cpu_sparc_init(cpu_model);
- if (cpu == NULL) {
- fprintf(stderr, "qemu: Unable to find Sparc CPU definition\n");
- exit(1);
- }
- env = &cpu->env;
-
- cpu_sparc_set_id(env, 0);
-
- /* Reset data */
- reset_info = g_malloc0(sizeof(ResetData));
- reset_info->cpu = cpu;
- qemu_register_reset(main_cpu_reset, reset_info);
-
- /* Allocate IRQ manager */
- grlib_irqmp_create(0x80000200, env, &cpu_irqs, MAX_PILS, &leon3_set_pil_in);
-
- env->qemu_irq_ack = leon3_irq_manager;
-
- /* Allocate RAM */
- if ((uint64_t)ram_size > (1UL << 30)) {
- fprintf(stderr,
- "qemu: Too much memory for this machine: %d, maximum 1G\n",
- (unsigned int)(ram_size / (1024 * 1024)));
- exit(1);
- }
-
- memory_region_init_ram(ram, "leon3.ram", ram_size);
- vmstate_register_ram_global(ram);
- memory_region_add_subregion(address_space_mem, 0x40000000, ram);
-
- /* Allocate BIOS */
- prom_size = 8 * 1024 * 1024; /* 8Mb */
- memory_region_init_ram(prom, "Leon3.bios", prom_size);
- vmstate_register_ram_global(prom);
- memory_region_set_readonly(prom, true);
- memory_region_add_subregion(address_space_mem, 0x00000000, prom);
-
- /* Load boot prom */
- if (bios_name == NULL) {
- bios_name = PROM_FILENAME;
- }
- filename = qemu_find_file(QEMU_FILE_TYPE_BIOS, bios_name);
-
- bios_size = get_image_size(filename);
-
- if (bios_size > prom_size) {
- fprintf(stderr, "qemu: could not load prom '%s': file too big\n",
- filename);
- exit(1);
- }
-
- if (bios_size > 0) {
- ret = load_image_targphys(filename, 0x00000000, bios_size);
- if (ret < 0 || ret > prom_size) {
- fprintf(stderr, "qemu: could not load prom '%s'\n", filename);
- exit(1);
- }
- } else if (kernel_filename == NULL) {
- fprintf(stderr, "Can't read bios image %s\n", filename);
- exit(1);
- }
-
- /* Can directly load an application. */
- if (kernel_filename != NULL) {
- long kernel_size;
- uint64_t entry;
-
- kernel_size = load_elf(kernel_filename, NULL, NULL, &entry, NULL, NULL,
- 1 /* big endian */, ELF_MACHINE, 0);
- if (kernel_size < 0) {
- fprintf(stderr, "qemu: could not load kernel '%s'\n",
- kernel_filename);
- exit(1);
- }
- if (bios_size <= 0) {
- /* If there is no bios/monitor, start the application. */
- env->pc = entry;
- env->npc = entry + 4;
- reset_info->entry = entry;
- }
- }
-
- /* Allocate timers */
- grlib_gptimer_create(0x80000300, 2, CPU_CLK, cpu_irqs, 6);
-
- /* Allocate uart */
- if (serial_hds[0]) {
- grlib_apbuart_create(0x80000100, serial_hds[0], cpu_irqs[3]);
- }
-}
-
-static QEMUMachine leon3_generic_machine = {
- .name = "leon3_generic",
- .desc = "Leon-3 generic",
- .init = leon3_generic_hw_init,
- .use_scsi = 0,
-};
-
-static void leon3_machine_init(void)
-{
- qemu_register_machine(&leon3_generic_machine);
-}
-
-machine_init(leon3_machine_init);
diff --git a/hw/lm32.h b/hw/lm32.h
deleted file mode 100644
index 0a676329f..000000000
--- a/hw/lm32.h
+++ /dev/null
@@ -1,25 +0,0 @@
-
-#include "qemu-common.h"
-
-static inline DeviceState *lm32_pic_init(qemu_irq cpu_irq)
-{
- DeviceState *dev;
- SysBusDevice *d;
-
- dev = qdev_create(NULL, "lm32-pic");
- qdev_init_nofail(dev);
- d = sysbus_from_qdev(dev);
- sysbus_connect_irq(d, 0, cpu_irq);
-
- return dev;
-}
-
-static inline DeviceState *lm32_juart_init(void)
-{
- DeviceState *dev;
-
- dev = qdev_create(NULL, "lm32-juart");
- qdev_init_nofail(dev);
-
- return dev;
-}
diff --git a/hw/lm32/Makefile.objs b/hw/lm32/Makefile.objs
index 4e1843c11..ea6418ae5 100644
--- a/hw/lm32/Makefile.objs
+++ b/hw/lm32/Makefile.objs
@@ -1,23 +1,3 @@
# LM32 boards
obj-y += lm32_boards.o
obj-y += milkymist.o
-
-# LM32 peripherals
-obj-y += lm32_pic.o
-obj-y += lm32_juart.o
-obj-y += lm32_timer.o
-obj-y += lm32_uart.o
-obj-y += lm32_sys.o
-obj-y += milkymist-ac97.o
-obj-y += milkymist-hpdmc.o
-obj-y += milkymist-memcard.o
-obj-y += milkymist-minimac2.o
-obj-y += milkymist-pfpu.o
-obj-y += milkymist-softusb.o
-obj-y += milkymist-sysctl.o
-obj-$(CONFIG_OPENGL) += milkymist-tmu2.o
-obj-y += milkymist-uart.o
-obj-y += milkymist-vgafb.o
-obj-y += framebuffer.o
-
-obj-y := $(addprefix ../,$(obj-y))
diff --git a/hw/lm32/lm32.h b/hw/lm32/lm32.h
new file mode 100644
index 000000000..18aa6fdc1
--- /dev/null
+++ b/hw/lm32/lm32.h
@@ -0,0 +1,29 @@
+#ifndef HW_LM32_H
+#define HW_LM32_H 1
+
+#include "hw/char/lm32_juart.h"
+
+static inline DeviceState *lm32_pic_init(qemu_irq cpu_irq)
+{
+ DeviceState *dev;
+ SysBusDevice *d;
+
+ dev = qdev_create(NULL, "lm32-pic");
+ qdev_init_nofail(dev);
+ d = SYS_BUS_DEVICE(dev);
+ sysbus_connect_irq(d, 0, cpu_irq);
+
+ return dev;
+}
+
+static inline DeviceState *lm32_juart_init(void)
+{
+ DeviceState *dev;
+
+ dev = qdev_create(NULL, TYPE_LM32_JUART);
+ qdev_init_nofail(dev);
+
+ return dev;
+}
+
+#endif
diff --git a/hw/lm32/lm32_boards.c b/hw/lm32/lm32_boards.c
new file mode 100644
index 000000000..62003b858
--- /dev/null
+++ b/hw/lm32/lm32_boards.c
@@ -0,0 +1,309 @@
+/*
+ * QEMU models for LatticeMico32 uclinux and evr32 boards.
+ *
+ * Copyright (c) 2010 Michael Walle <michael@walle.cc>
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "hw/sysbus.h"
+#include "hw/hw.h"
+#include "hw/block/flash.h"
+#include "hw/devices.h"
+#include "hw/boards.h"
+#include "hw/loader.h"
+#include "sysemu/blockdev.h"
+#include "elf.h"
+#include "lm32_hwsetup.h"
+#include "lm32.h"
+#include "exec/address-spaces.h"
+
+typedef struct {
+ LM32CPU *cpu;
+ hwaddr bootstrap_pc;
+ hwaddr flash_base;
+ hwaddr hwsetup_base;
+ hwaddr initrd_base;
+ size_t initrd_size;
+ hwaddr cmdline_base;
+} ResetInfo;
+
+static void cpu_irq_handler(void *opaque, int irq, int level)
+{
+ LM32CPU *cpu = opaque;
+ CPUState *cs = CPU(cpu);
+
+ if (level) {
+ cpu_interrupt(cs, CPU_INTERRUPT_HARD);
+ } else {
+ cpu_reset_interrupt(cs, CPU_INTERRUPT_HARD);
+ }
+}
+
+static void main_cpu_reset(void *opaque)
+{
+ ResetInfo *reset_info = opaque;
+ CPULM32State *env = &reset_info->cpu->env;
+
+ cpu_reset(CPU(reset_info->cpu));
+
+ /* init defaults */
+ env->pc = (uint32_t)reset_info->bootstrap_pc;
+ env->regs[R_R1] = (uint32_t)reset_info->hwsetup_base;
+ env->regs[R_R2] = (uint32_t)reset_info->cmdline_base;
+ env->regs[R_R3] = (uint32_t)reset_info->initrd_base;
+ env->regs[R_R4] = (uint32_t)(reset_info->initrd_base +
+ reset_info->initrd_size);
+ env->eba = reset_info->flash_base;
+ env->deba = reset_info->flash_base;
+}
+
+static void lm32_evr_init(QEMUMachineInitArgs *args)
+{
+ const char *cpu_model = args->cpu_model;
+ const char *kernel_filename = args->kernel_filename;
+ LM32CPU *cpu;
+ CPULM32State *env;
+ DriveInfo *dinfo;
+ MemoryRegion *address_space_mem = get_system_memory();
+ MemoryRegion *phys_ram = g_new(MemoryRegion, 1);
+ qemu_irq *cpu_irq, irq[32];
+ ResetInfo *reset_info;
+ int i;
+
+ /* memory map */
+ hwaddr flash_base = 0x04000000;
+ size_t flash_sector_size = 256 * 1024;
+ size_t flash_size = 32 * 1024 * 1024;
+ hwaddr ram_base = 0x08000000;
+ size_t ram_size = 64 * 1024 * 1024;
+ hwaddr timer0_base = 0x80002000;
+ hwaddr uart0_base = 0x80006000;
+ hwaddr timer1_base = 0x8000a000;
+ int uart0_irq = 0;
+ int timer0_irq = 1;
+ int timer1_irq = 3;
+
+ reset_info = g_malloc0(sizeof(ResetInfo));
+
+ if (cpu_model == NULL) {
+ cpu_model = "lm32-full";
+ }
+ cpu = cpu_lm32_init(cpu_model);
+ env = &cpu->env;
+ reset_info->cpu = cpu;
+
+ reset_info->flash_base = flash_base;
+
+ memory_region_init_ram(phys_ram, NULL, "lm32_evr.sdram", ram_size);
+ vmstate_register_ram_global(phys_ram);
+ memory_region_add_subregion(address_space_mem, ram_base, phys_ram);
+
+ dinfo = drive_get(IF_PFLASH, 0, 0);
+ /* Spansion S29NS128P */
+ pflash_cfi02_register(flash_base, NULL, "lm32_evr.flash", flash_size,
+ dinfo ? dinfo->bdrv : NULL, flash_sector_size,
+ flash_size / flash_sector_size, 1, 2,
+ 0x01, 0x7e, 0x43, 0x00, 0x555, 0x2aa, 1);
+
+ /* create irq lines */
+ cpu_irq = qemu_allocate_irqs(cpu_irq_handler, cpu, 1);
+ env->pic_state = lm32_pic_init(*cpu_irq);
+ for (i = 0; i < 32; i++) {
+ irq[i] = qdev_get_gpio_in(env->pic_state, i);
+ }
+
+ sysbus_create_simple("lm32-uart", uart0_base, irq[uart0_irq]);
+ sysbus_create_simple("lm32-timer", timer0_base, irq[timer0_irq]);
+ sysbus_create_simple("lm32-timer", timer1_base, irq[timer1_irq]);
+
+ /* make sure juart isn't the first chardev */
+ env->juart_state = lm32_juart_init();
+
+ reset_info->bootstrap_pc = flash_base;
+
+ if (kernel_filename) {
+ uint64_t entry;
+ int kernel_size;
+
+ kernel_size = load_elf(kernel_filename, NULL, NULL, &entry, NULL, NULL,
+ 1, ELF_MACHINE, 0);
+ reset_info->bootstrap_pc = entry;
+
+ if (kernel_size < 0) {
+ kernel_size = load_image_targphys(kernel_filename, ram_base,
+ ram_size);
+ reset_info->bootstrap_pc = ram_base;
+ }
+
+ if (kernel_size < 0) {
+ fprintf(stderr, "qemu: could not load kernel '%s'\n",
+ kernel_filename);
+ exit(1);
+ }
+ }
+
+ qemu_register_reset(main_cpu_reset, reset_info);
+}
+
+static void lm32_uclinux_init(QEMUMachineInitArgs *args)
+{
+ const char *cpu_model = args->cpu_model;
+ const char *kernel_filename = args->kernel_filename;
+ const char *kernel_cmdline = args->kernel_cmdline;
+ const char *initrd_filename = args->initrd_filename;
+ LM32CPU *cpu;
+ CPULM32State *env;
+ DriveInfo *dinfo;
+ MemoryRegion *address_space_mem = get_system_memory();
+ MemoryRegion *phys_ram = g_new(MemoryRegion, 1);
+ qemu_irq *cpu_irq, irq[32];
+ HWSetup *hw;
+ ResetInfo *reset_info;
+ int i;
+
+ /* memory map */
+ hwaddr flash_base = 0x04000000;
+ size_t flash_sector_size = 256 * 1024;
+ size_t flash_size = 32 * 1024 * 1024;
+ hwaddr ram_base = 0x08000000;
+ size_t ram_size = 64 * 1024 * 1024;
+ hwaddr uart0_base = 0x80000000;
+ hwaddr timer0_base = 0x80002000;
+ hwaddr timer1_base = 0x80010000;
+ hwaddr timer2_base = 0x80012000;
+ int uart0_irq = 0;
+ int timer0_irq = 1;
+ int timer1_irq = 20;
+ int timer2_irq = 21;
+ hwaddr hwsetup_base = 0x0bffe000;
+ hwaddr cmdline_base = 0x0bfff000;
+ hwaddr initrd_base = 0x08400000;
+ size_t initrd_max = 0x01000000;
+
+ reset_info = g_malloc0(sizeof(ResetInfo));
+
+ if (cpu_model == NULL) {
+ cpu_model = "lm32-full";
+ }
+ cpu = cpu_lm32_init(cpu_model);
+ env = &cpu->env;
+ reset_info->cpu = cpu;
+
+ reset_info->flash_base = flash_base;
+
+ memory_region_init_ram(phys_ram, NULL, "lm32_uclinux.sdram", ram_size);
+ vmstate_register_ram_global(phys_ram);
+ memory_region_add_subregion(address_space_mem, ram_base, phys_ram);
+
+ dinfo = drive_get(IF_PFLASH, 0, 0);
+ /* Spansion S29NS128P */
+ pflash_cfi02_register(flash_base, NULL, "lm32_uclinux.flash", flash_size,
+ dinfo ? dinfo->bdrv : NULL, flash_sector_size,
+ flash_size / flash_sector_size, 1, 2,
+ 0x01, 0x7e, 0x43, 0x00, 0x555, 0x2aa, 1);
+
+ /* create irq lines */
+ cpu_irq = qemu_allocate_irqs(cpu_irq_handler, env, 1);
+ env->pic_state = lm32_pic_init(*cpu_irq);
+ for (i = 0; i < 32; i++) {
+ irq[i] = qdev_get_gpio_in(env->pic_state, i);
+ }
+
+ sysbus_create_simple("lm32-uart", uart0_base, irq[uart0_irq]);
+ sysbus_create_simple("lm32-timer", timer0_base, irq[timer0_irq]);
+ sysbus_create_simple("lm32-timer", timer1_base, irq[timer1_irq]);
+ sysbus_create_simple("lm32-timer", timer2_base, irq[timer2_irq]);
+
+ /* make sure juart isn't the first chardev */
+ env->juart_state = lm32_juart_init();
+
+ reset_info->bootstrap_pc = flash_base;
+
+ if (kernel_filename) {
+ uint64_t entry;
+ int kernel_size;
+
+ kernel_size = load_elf(kernel_filename, NULL, NULL, &entry, NULL, NULL,
+ 1, ELF_MACHINE, 0);
+ reset_info->bootstrap_pc = entry;
+
+ if (kernel_size < 0) {
+ kernel_size = load_image_targphys(kernel_filename, ram_base,
+ ram_size);
+ reset_info->bootstrap_pc = ram_base;
+ }
+
+ if (kernel_size < 0) {
+ fprintf(stderr, "qemu: could not load kernel '%s'\n",
+ kernel_filename);
+ exit(1);
+ }
+ }
+
+ /* generate a rom with the hardware description */
+ hw = hwsetup_init();
+ hwsetup_add_cpu(hw, "LM32", 75000000);
+ hwsetup_add_flash(hw, "flash", flash_base, flash_size);
+ hwsetup_add_ddr_sdram(hw, "ddr_sdram", ram_base, ram_size);
+ hwsetup_add_timer(hw, "timer0", timer0_base, timer0_irq);
+ hwsetup_add_timer(hw, "timer1_dev_only", timer1_base, timer1_irq);
+ hwsetup_add_timer(hw, "timer2_dev_only", timer2_base, timer2_irq);
+ hwsetup_add_uart(hw, "uart", uart0_base, uart0_irq);
+ hwsetup_add_trailer(hw);
+ hwsetup_create_rom(hw, hwsetup_base);
+ hwsetup_free(hw);
+
+ reset_info->hwsetup_base = hwsetup_base;
+
+ if (kernel_cmdline && strlen(kernel_cmdline)) {
+ pstrcpy_targphys("cmdline", cmdline_base, TARGET_PAGE_SIZE,
+ kernel_cmdline);
+ reset_info->cmdline_base = cmdline_base;
+ }
+
+ if (initrd_filename) {
+ size_t initrd_size;
+ initrd_size = load_image_targphys(initrd_filename, initrd_base,
+ initrd_max);
+ reset_info->initrd_base = initrd_base;
+ reset_info->initrd_size = initrd_size;
+ }
+
+ qemu_register_reset(main_cpu_reset, reset_info);
+}
+
+static QEMUMachine lm32_evr_machine = {
+ .name = "lm32-evr",
+ .desc = "LatticeMico32 EVR32 eval system",
+ .init = lm32_evr_init,
+ .is_default = 1,
+ DEFAULT_MACHINE_OPTIONS,
+};
+
+static QEMUMachine lm32_uclinux_machine = {
+ .name = "lm32-uclinux",
+ .desc = "lm32 platform for uClinux and u-boot by Theobroma Systems",
+ .init = lm32_uclinux_init,
+ .is_default = 0,
+ DEFAULT_MACHINE_OPTIONS,
+};
+
+static void lm32_machine_init(void)
+{
+ qemu_register_machine(&lm32_uclinux_machine);
+ qemu_register_machine(&lm32_evr_machine);
+}
+
+machine_init(lm32_machine_init);
diff --git a/hw/lm32/lm32_hwsetup.h b/hw/lm32/lm32_hwsetup.h
new file mode 100644
index 000000000..3449bd8df
--- /dev/null
+++ b/hw/lm32/lm32_hwsetup.h
@@ -0,0 +1,178 @@
+/*
+ * LatticeMico32 hwsetup helper functions.
+ *
+ * Copyright (c) 2010 Michael Walle <michael@walle.cc>
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+/*
+ * These are helper functions for creating the hardware description blob used
+ * in the Theobroma's uClinux port.
+ */
+
+#ifndef QEMU_HW_LM32_HWSETUP_H
+#define QEMU_HW_LM32_HWSETUP_H
+
+#include "qemu-common.h"
+#include "hw/loader.h"
+
+typedef struct {
+ void *data;
+ void *ptr;
+} HWSetup;
+
+enum hwsetup_tag {
+ HWSETUP_TAG_EOL = 0,
+ HWSETUP_TAG_CPU = 1,
+ HWSETUP_TAG_ASRAM = 2,
+ HWSETUP_TAG_FLASH = 3,
+ HWSETUP_TAG_SDRAM = 4,
+ HWSETUP_TAG_OCM = 5,
+ HWSETUP_TAG_DDR_SDRAM = 6,
+ HWSETUP_TAG_DDR2_SDRAM = 7,
+ HWSETUP_TAG_TIMER = 8,
+ HWSETUP_TAG_UART = 9,
+ HWSETUP_TAG_GPIO = 10,
+ HWSETUP_TAG_TRISPEEDMAC = 11,
+ HWSETUP_TAG_I2CM = 12,
+ HWSETUP_TAG_LEDS = 13,
+ HWSETUP_TAG_7SEG = 14,
+ HWSETUP_TAG_SPI_S = 15,
+ HWSETUP_TAG_SPI_M = 16,
+};
+
+static inline HWSetup *hwsetup_init(void)
+{
+ HWSetup *hw;
+
+ hw = g_malloc(sizeof(HWSetup));
+ hw->data = g_malloc0(TARGET_PAGE_SIZE);
+ hw->ptr = hw->data;
+
+ return hw;
+}
+
+static inline void hwsetup_free(HWSetup *hw)
+{
+ g_free(hw->data);
+ g_free(hw);
+}
+
+static inline void hwsetup_create_rom(HWSetup *hw,
+ hwaddr base)
+{
+ rom_add_blob("hwsetup", hw->data, TARGET_PAGE_SIZE, base);
+}
+
+static inline void hwsetup_add_u8(HWSetup *hw, uint8_t u)
+{
+ stb_p(hw->ptr, u);
+ hw->ptr += 1;
+}
+
+static inline void hwsetup_add_u32(HWSetup *hw, uint32_t u)
+{
+ stl_p(hw->ptr, u);
+ hw->ptr += 4;
+}
+
+static inline void hwsetup_add_tag(HWSetup *hw, enum hwsetup_tag t)
+{
+ stl_p(hw->ptr, t);
+ hw->ptr += 4;
+}
+
+static inline void hwsetup_add_str(HWSetup *hw, const char *str)
+{
+ pstrcpy(hw->ptr, 32, str);
+ hw->ptr += 32;
+}
+
+static inline void hwsetup_add_trailer(HWSetup *hw)
+{
+ hwsetup_add_u32(hw, 8); /* size */
+ hwsetup_add_tag(hw, HWSETUP_TAG_EOL);
+}
+
+static inline void hwsetup_add_cpu(HWSetup *hw,
+ const char *name, uint32_t frequency)
+{
+ hwsetup_add_u32(hw, 44); /* size */
+ hwsetup_add_tag(hw, HWSETUP_TAG_CPU);
+ hwsetup_add_str(hw, name);
+ hwsetup_add_u32(hw, frequency);
+}
+
+static inline void hwsetup_add_flash(HWSetup *hw,
+ const char *name, uint32_t base, uint32_t size)
+{
+ hwsetup_add_u32(hw, 52); /* size */
+ hwsetup_add_tag(hw, HWSETUP_TAG_FLASH);
+ hwsetup_add_str(hw, name);
+ hwsetup_add_u32(hw, base);
+ hwsetup_add_u32(hw, size);
+ hwsetup_add_u8(hw, 8); /* read latency */
+ hwsetup_add_u8(hw, 8); /* write latency */
+ hwsetup_add_u8(hw, 25); /* address width */
+ hwsetup_add_u8(hw, 32); /* data width */
+}
+
+static inline void hwsetup_add_ddr_sdram(HWSetup *hw,
+ const char *name, uint32_t base, uint32_t size)
+{
+ hwsetup_add_u32(hw, 48); /* size */
+ hwsetup_add_tag(hw, HWSETUP_TAG_DDR_SDRAM);
+ hwsetup_add_str(hw, name);
+ hwsetup_add_u32(hw, base);
+ hwsetup_add_u32(hw, size);
+}
+
+static inline void hwsetup_add_timer(HWSetup *hw,
+ const char *name, uint32_t base, uint32_t irq)
+{
+ hwsetup_add_u32(hw, 56); /* size */
+ hwsetup_add_tag(hw, HWSETUP_TAG_TIMER);
+ hwsetup_add_str(hw, name);
+ hwsetup_add_u32(hw, base);
+ hwsetup_add_u8(hw, 1); /* wr_tickcount */
+ hwsetup_add_u8(hw, 1); /* rd_tickcount */
+ hwsetup_add_u8(hw, 1); /* start_stop_control */
+ hwsetup_add_u8(hw, 32); /* counter_width */
+ hwsetup_add_u32(hw, 20); /* reload_ticks */
+ hwsetup_add_u8(hw, irq);
+ hwsetup_add_u8(hw, 0); /* padding */
+ hwsetup_add_u8(hw, 0); /* padding */
+ hwsetup_add_u8(hw, 0); /* padding */
+}
+
+static inline void hwsetup_add_uart(HWSetup *hw,
+ const char *name, uint32_t base, uint32_t irq)
+{
+ hwsetup_add_u32(hw, 56); /* size */
+ hwsetup_add_tag(hw, HWSETUP_TAG_UART);
+ hwsetup_add_str(hw, name);
+ hwsetup_add_u32(hw, base);
+ hwsetup_add_u32(hw, 115200); /* baudrate */
+ hwsetup_add_u8(hw, 8); /* databits */
+ hwsetup_add_u8(hw, 1); /* stopbits */
+ hwsetup_add_u8(hw, 1); /* use_interrupt */
+ hwsetup_add_u8(hw, 1); /* block_on_transmit */
+ hwsetup_add_u8(hw, 1); /* block_on_receive */
+ hwsetup_add_u8(hw, 4); /* rx_buffer_size */
+ hwsetup_add_u8(hw, 4); /* tx_buffer_size */
+ hwsetup_add_u8(hw, irq);
+}
+
+#endif /* QEMU_HW_LM32_HWSETUP_H */
diff --git a/hw/lm32/milkymist-hw.h b/hw/lm32/milkymist-hw.h
new file mode 100644
index 000000000..5317ce6e2
--- /dev/null
+++ b/hw/lm32/milkymist-hw.h
@@ -0,0 +1,207 @@
+#ifndef QEMU_HW_MILKYMIST_H
+#define QEMU_HW_MILKYMIST_H
+
+#include "hw/qdev.h"
+#include "net/net.h"
+
+static inline DeviceState *milkymist_uart_create(hwaddr base,
+ qemu_irq irq)
+{
+ DeviceState *dev;
+
+ dev = qdev_create(NULL, "milkymist-uart");
+ qdev_init_nofail(dev);
+ sysbus_mmio_map(SYS_BUS_DEVICE(dev), 0, base);
+ sysbus_connect_irq(SYS_BUS_DEVICE(dev), 0, irq);
+
+ return dev;
+}
+
+static inline DeviceState *milkymist_hpdmc_create(hwaddr base)
+{
+ DeviceState *dev;
+
+ dev = qdev_create(NULL, "milkymist-hpdmc");
+ qdev_init_nofail(dev);
+ sysbus_mmio_map(SYS_BUS_DEVICE(dev), 0, base);
+
+ return dev;
+}
+
+static inline DeviceState *milkymist_memcard_create(hwaddr base)
+{
+ DeviceState *dev;
+
+ dev = qdev_create(NULL, "milkymist-memcard");
+ qdev_init_nofail(dev);
+ sysbus_mmio_map(SYS_BUS_DEVICE(dev), 0, base);
+
+ return dev;
+}
+
+static inline DeviceState *milkymist_vgafb_create(hwaddr base,
+ uint32_t fb_offset, uint32_t fb_mask)
+{
+ DeviceState *dev;
+
+ dev = qdev_create(NULL, "milkymist-vgafb");
+ qdev_prop_set_uint32(dev, "fb_offset", fb_offset);
+ qdev_prop_set_uint32(dev, "fb_mask", fb_mask);
+ qdev_init_nofail(dev);
+ sysbus_mmio_map(SYS_BUS_DEVICE(dev), 0, base);
+
+ return dev;
+}
+
+static inline DeviceState *milkymist_sysctl_create(hwaddr base,
+ qemu_irq gpio_irq, qemu_irq timer0_irq, qemu_irq timer1_irq,
+ uint32_t freq_hz, uint32_t system_id, uint32_t capabilities,
+ uint32_t gpio_strappings)
+{
+ DeviceState *dev;
+
+ dev = qdev_create(NULL, "milkymist-sysctl");
+ qdev_prop_set_uint32(dev, "frequency", freq_hz);
+ qdev_prop_set_uint32(dev, "systemid", system_id);
+ qdev_prop_set_uint32(dev, "capabilities", capabilities);
+ qdev_prop_set_uint32(dev, "gpio_strappings", gpio_strappings);
+ qdev_init_nofail(dev);
+ sysbus_mmio_map(SYS_BUS_DEVICE(dev), 0, base);
+ sysbus_connect_irq(SYS_BUS_DEVICE(dev), 0, gpio_irq);
+ sysbus_connect_irq(SYS_BUS_DEVICE(dev), 1, timer0_irq);
+ sysbus_connect_irq(SYS_BUS_DEVICE(dev), 2, timer1_irq);
+
+ return dev;
+}
+
+static inline DeviceState *milkymist_pfpu_create(hwaddr base,
+ qemu_irq irq)
+{
+ DeviceState *dev;
+
+ dev = qdev_create(NULL, "milkymist-pfpu");
+ qdev_init_nofail(dev);
+ sysbus_mmio_map(SYS_BUS_DEVICE(dev), 0, base);
+ sysbus_connect_irq(SYS_BUS_DEVICE(dev), 0, irq);
+ return dev;
+}
+
+#ifdef CONFIG_GLX
+#include <X11/Xlib.h>
+#include <GL/glx.h>
+static const int glx_fbconfig_attr[] = {
+ GLX_GREEN_SIZE, 5,
+ GLX_GREEN_SIZE, 6,
+ GLX_BLUE_SIZE, 5,
+ None
+};
+#endif
+
+static inline DeviceState *milkymist_tmu2_create(hwaddr base,
+ qemu_irq irq)
+{
+#ifdef CONFIG_GLX
+ DeviceState *dev;
+ Display *d;
+ GLXFBConfig *configs;
+ int nelements;
+ int ver_major, ver_minor;
+
+ if (display_type == DT_NOGRAPHIC) {
+ return NULL;
+ }
+
+ /* check that GLX will work */
+ d = XOpenDisplay(NULL);
+ if (d == NULL) {
+ return NULL;
+ }
+
+ if (!glXQueryVersion(d, &ver_major, &ver_minor)) {
+ /* Yeah, sometimes getting the GLX version can fail.
+ * Isn't X beautiful? */
+ XCloseDisplay(d);
+ return NULL;
+ }
+
+ if ((ver_major < 1) || ((ver_major == 1) && (ver_minor < 3))) {
+ printf("Your GLX version is %d.%d,"
+ "but TMU emulation needs at least 1.3. TMU disabled.\n",
+ ver_major, ver_minor);
+ XCloseDisplay(d);
+ return NULL;
+ }
+
+ configs = glXChooseFBConfig(d, 0, glx_fbconfig_attr, &nelements);
+ if (configs == NULL) {
+ XCloseDisplay(d);
+ return NULL;
+ }
+
+ XFree(configs);
+ XCloseDisplay(d);
+
+ dev = qdev_create(NULL, "milkymist-tmu2");
+ qdev_init_nofail(dev);
+ sysbus_mmio_map(SYS_BUS_DEVICE(dev), 0, base);
+ sysbus_connect_irq(SYS_BUS_DEVICE(dev), 0, irq);
+
+ return dev;
+#else
+ return NULL;
+#endif
+}
+
+static inline DeviceState *milkymist_ac97_create(hwaddr base,
+ qemu_irq crrequest_irq, qemu_irq crreply_irq, qemu_irq dmar_irq,
+ qemu_irq dmaw_irq)
+{
+ DeviceState *dev;
+
+ dev = qdev_create(NULL, "milkymist-ac97");
+ qdev_init_nofail(dev);
+ sysbus_mmio_map(SYS_BUS_DEVICE(dev), 0, base);
+ sysbus_connect_irq(SYS_BUS_DEVICE(dev), 0, crrequest_irq);
+ sysbus_connect_irq(SYS_BUS_DEVICE(dev), 1, crreply_irq);
+ sysbus_connect_irq(SYS_BUS_DEVICE(dev), 2, dmar_irq);
+ sysbus_connect_irq(SYS_BUS_DEVICE(dev), 3, dmaw_irq);
+
+ return dev;
+}
+
+static inline DeviceState *milkymist_minimac2_create(hwaddr base,
+ hwaddr buffers_base, qemu_irq rx_irq, qemu_irq tx_irq)
+{
+ DeviceState *dev;
+
+ qemu_check_nic_model(&nd_table[0], "minimac2");
+ dev = qdev_create(NULL, "milkymist-minimac2");
+ qdev_set_nic_properties(dev, &nd_table[0]);
+ qdev_init_nofail(dev);
+ sysbus_mmio_map(SYS_BUS_DEVICE(dev), 0, base);
+ sysbus_mmio_map(SYS_BUS_DEVICE(dev), 1, buffers_base);
+ sysbus_connect_irq(SYS_BUS_DEVICE(dev), 0, rx_irq);
+ sysbus_connect_irq(SYS_BUS_DEVICE(dev), 1, tx_irq);
+
+ return dev;
+}
+
+static inline DeviceState *milkymist_softusb_create(hwaddr base,
+ qemu_irq irq, uint32_t pmem_base, uint32_t pmem_size,
+ uint32_t dmem_base, uint32_t dmem_size)
+{
+ DeviceState *dev;
+
+ dev = qdev_create(NULL, "milkymist-softusb");
+ qdev_prop_set_uint32(dev, "pmem_size", pmem_size);
+ qdev_prop_set_uint32(dev, "dmem_size", dmem_size);
+ qdev_init_nofail(dev);
+ sysbus_mmio_map(SYS_BUS_DEVICE(dev), 0, base);
+ sysbus_mmio_map(SYS_BUS_DEVICE(dev), 1, pmem_base);
+ sysbus_mmio_map(SYS_BUS_DEVICE(dev), 2, dmem_base);
+ sysbus_connect_irq(SYS_BUS_DEVICE(dev), 0, irq);
+
+ return dev;
+}
+
+#endif /* QEMU_HW_MILKYMIST_H */
diff --git a/hw/lm32/milkymist.c b/hw/lm32/milkymist.c
new file mode 100644
index 000000000..7ceedb814
--- /dev/null
+++ b/hw/lm32/milkymist.c
@@ -0,0 +1,219 @@
+/*
+ * QEMU model for the Milkymist board.
+ *
+ * Copyright (c) 2010 Michael Walle <michael@walle.cc>
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "hw/sysbus.h"
+#include "hw/hw.h"
+#include "hw/block/flash.h"
+#include "sysemu/sysemu.h"
+#include "hw/devices.h"
+#include "hw/boards.h"
+#include "hw/loader.h"
+#include "elf.h"
+#include "sysemu/blockdev.h"
+#include "milkymist-hw.h"
+#include "lm32.h"
+#include "exec/address-spaces.h"
+
+#define BIOS_FILENAME "mmone-bios.bin"
+#define BIOS_OFFSET 0x00860000
+#define BIOS_SIZE (512*1024)
+#define KERNEL_LOAD_ADDR 0x40000000
+
+typedef struct {
+ LM32CPU *cpu;
+ hwaddr bootstrap_pc;
+ hwaddr flash_base;
+ hwaddr initrd_base;
+ size_t initrd_size;
+ hwaddr cmdline_base;
+} ResetInfo;
+
+static void cpu_irq_handler(void *opaque, int irq, int level)
+{
+ LM32CPU *cpu = opaque;
+ CPUState *cs = CPU(cpu);
+
+ if (level) {
+ cpu_interrupt(cs, CPU_INTERRUPT_HARD);
+ } else {
+ cpu_reset_interrupt(cs, CPU_INTERRUPT_HARD);
+ }
+}
+
+static void main_cpu_reset(void *opaque)
+{
+ ResetInfo *reset_info = opaque;
+ CPULM32State *env = &reset_info->cpu->env;
+
+ cpu_reset(CPU(reset_info->cpu));
+
+ /* init defaults */
+ env->pc = reset_info->bootstrap_pc;
+ env->regs[R_R1] = reset_info->cmdline_base;
+ env->regs[R_R2] = reset_info->initrd_base;
+ env->regs[R_R3] = reset_info->initrd_base + reset_info->initrd_size;
+ env->eba = reset_info->flash_base;
+ env->deba = reset_info->flash_base;
+}
+
+static void
+milkymist_init(QEMUMachineInitArgs *args)
+{
+ const char *cpu_model = args->cpu_model;
+ const char *kernel_filename = args->kernel_filename;
+ const char *kernel_cmdline = args->kernel_cmdline;
+ const char *initrd_filename = args->initrd_filename;
+ LM32CPU *cpu;
+ CPULM32State *env;
+ int kernel_size;
+ DriveInfo *dinfo;
+ MemoryRegion *address_space_mem = get_system_memory();
+ MemoryRegion *phys_sdram = g_new(MemoryRegion, 1);
+ qemu_irq irq[32], *cpu_irq;
+ int i;
+ char *bios_filename;
+ ResetInfo *reset_info;
+
+ /* memory map */
+ hwaddr flash_base = 0x00000000;
+ size_t flash_sector_size = 128 * 1024;
+ size_t flash_size = 32 * 1024 * 1024;
+ hwaddr sdram_base = 0x40000000;
+ size_t sdram_size = 128 * 1024 * 1024;
+
+ hwaddr initrd_base = sdram_base + 0x1002000;
+ hwaddr cmdline_base = sdram_base + 0x1000000;
+ size_t initrd_max = sdram_size - 0x1002000;
+
+ reset_info = g_malloc0(sizeof(ResetInfo));
+
+ if (cpu_model == NULL) {
+ cpu_model = "lm32-full";
+ }
+ cpu = cpu_lm32_init(cpu_model);
+ env = &cpu->env;
+ reset_info->cpu = cpu;
+
+ cpu_lm32_set_phys_msb_ignore(env, 1);
+
+ memory_region_init_ram(phys_sdram, NULL, "milkymist.sdram", sdram_size);
+ vmstate_register_ram_global(phys_sdram);
+ memory_region_add_subregion(address_space_mem, sdram_base, phys_sdram);
+
+ dinfo = drive_get(IF_PFLASH, 0, 0);
+ /* Numonyx JS28F256J3F105 */
+ pflash_cfi01_register(flash_base, NULL, "milkymist.flash", flash_size,
+ dinfo ? dinfo->bdrv : NULL, flash_sector_size,
+ flash_size / flash_sector_size, 2,
+ 0x00, 0x89, 0x00, 0x1d, 1);
+
+ /* create irq lines */
+ cpu_irq = qemu_allocate_irqs(cpu_irq_handler, cpu, 1);
+ env->pic_state = lm32_pic_init(*cpu_irq);
+ for (i = 0; i < 32; i++) {
+ irq[i] = qdev_get_gpio_in(env->pic_state, i);
+ }
+
+ /* load bios rom */
+ if (bios_name == NULL) {
+ bios_name = BIOS_FILENAME;
+ }
+ bios_filename = qemu_find_file(QEMU_FILE_TYPE_BIOS, bios_name);
+
+ if (bios_filename) {
+ load_image_targphys(bios_filename, BIOS_OFFSET, BIOS_SIZE);
+ }
+
+ reset_info->bootstrap_pc = BIOS_OFFSET;
+
+ /* if no kernel is given no valid bios rom is a fatal error */
+ if (!kernel_filename && !dinfo && !bios_filename) {
+ fprintf(stderr, "qemu: could not load Milkymist One bios '%s'\n",
+ bios_name);
+ exit(1);
+ }
+
+ milkymist_uart_create(0x60000000, irq[0]);
+ milkymist_sysctl_create(0x60001000, irq[1], irq[2], irq[3],
+ 80000000, 0x10014d31, 0x0000041f, 0x00000001);
+ milkymist_hpdmc_create(0x60002000);
+ milkymist_vgafb_create(0x60003000, 0x40000000, 0x0fffffff);
+ milkymist_memcard_create(0x60004000);
+ milkymist_ac97_create(0x60005000, irq[4], irq[5], irq[6], irq[7]);
+ milkymist_pfpu_create(0x60006000, irq[8]);
+ milkymist_tmu2_create(0x60007000, irq[9]);
+ milkymist_minimac2_create(0x60008000, 0x30000000, irq[10], irq[11]);
+ milkymist_softusb_create(0x6000f000, irq[15],
+ 0x20000000, 0x1000, 0x20020000, 0x2000);
+
+ /* make sure juart isn't the first chardev */
+ env->juart_state = lm32_juart_init();
+
+ if (kernel_filename) {
+ uint64_t entry;
+
+ /* Boots a kernel elf binary. */
+ kernel_size = load_elf(kernel_filename, NULL, NULL, &entry, NULL, NULL,
+ 1, ELF_MACHINE, 0);
+ reset_info->bootstrap_pc = entry;
+
+ if (kernel_size < 0) {
+ kernel_size = load_image_targphys(kernel_filename, sdram_base,
+ sdram_size);
+ reset_info->bootstrap_pc = sdram_base;
+ }
+
+ if (kernel_size < 0) {
+ fprintf(stderr, "qemu: could not load kernel '%s'\n",
+ kernel_filename);
+ exit(1);
+ }
+ }
+
+ if (kernel_cmdline && strlen(kernel_cmdline)) {
+ pstrcpy_targphys("cmdline", cmdline_base, TARGET_PAGE_SIZE,
+ kernel_cmdline);
+ reset_info->cmdline_base = (uint32_t)cmdline_base;
+ }
+
+ if (initrd_filename) {
+ size_t initrd_size;
+ initrd_size = load_image_targphys(initrd_filename, initrd_base,
+ initrd_max);
+ reset_info->initrd_base = (uint32_t)initrd_base;
+ reset_info->initrd_size = (uint32_t)initrd_size;
+ }
+
+ qemu_register_reset(main_cpu_reset, reset_info);
+}
+
+static QEMUMachine milkymist_machine = {
+ .name = "milkymist",
+ .desc = "Milkymist One",
+ .init = milkymist_init,
+ .is_default = 0,
+ DEFAULT_MACHINE_OPTIONS,
+};
+
+static void milkymist_machine_init(void)
+{
+ qemu_register_machine(&milkymist_machine);
+}
+
+machine_init(milkymist_machine_init);
diff --git a/hw/lm32_boards.c b/hw/lm32_boards.c
deleted file mode 100644
index 772cb8b05..000000000
--- a/hw/lm32_boards.c
+++ /dev/null
@@ -1,307 +0,0 @@
-/*
- * QEMU models for LatticeMico32 uclinux and evr32 boards.
- *
- * Copyright (c) 2010 Michael Walle <michael@walle.cc>
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, see <http://www.gnu.org/licenses/>.
- */
-
-#include "sysbus.h"
-#include "hw.h"
-#include "net.h"
-#include "flash.h"
-#include "devices.h"
-#include "boards.h"
-#include "loader.h"
-#include "blockdev.h"
-#include "elf.h"
-#include "lm32_hwsetup.h"
-#include "lm32.h"
-#include "exec-memory.h"
-
-typedef struct {
- LM32CPU *cpu;
- hwaddr bootstrap_pc;
- hwaddr flash_base;
- hwaddr hwsetup_base;
- hwaddr initrd_base;
- size_t initrd_size;
- hwaddr cmdline_base;
-} ResetInfo;
-
-static void cpu_irq_handler(void *opaque, int irq, int level)
-{
- CPULM32State *env = opaque;
-
- if (level) {
- cpu_interrupt(env, CPU_INTERRUPT_HARD);
- } else {
- cpu_reset_interrupt(env, CPU_INTERRUPT_HARD);
- }
-}
-
-static void main_cpu_reset(void *opaque)
-{
- ResetInfo *reset_info = opaque;
- CPULM32State *env = &reset_info->cpu->env;
-
- cpu_reset(CPU(reset_info->cpu));
-
- /* init defaults */
- env->pc = (uint32_t)reset_info->bootstrap_pc;
- env->regs[R_R1] = (uint32_t)reset_info->hwsetup_base;
- env->regs[R_R2] = (uint32_t)reset_info->cmdline_base;
- env->regs[R_R3] = (uint32_t)reset_info->initrd_base;
- env->regs[R_R4] = (uint32_t)(reset_info->initrd_base +
- reset_info->initrd_size);
- env->eba = reset_info->flash_base;
- env->deba = reset_info->flash_base;
-}
-
-static void lm32_evr_init(QEMUMachineInitArgs *args)
-{
- const char *cpu_model = args->cpu_model;
- const char *kernel_filename = args->kernel_filename;
- LM32CPU *cpu;
- CPULM32State *env;
- DriveInfo *dinfo;
- MemoryRegion *address_space_mem = get_system_memory();
- MemoryRegion *phys_ram = g_new(MemoryRegion, 1);
- qemu_irq *cpu_irq, irq[32];
- ResetInfo *reset_info;
- int i;
-
- /* memory map */
- hwaddr flash_base = 0x04000000;
- size_t flash_sector_size = 256 * 1024;
- size_t flash_size = 32 * 1024 * 1024;
- hwaddr ram_base = 0x08000000;
- size_t ram_size = 64 * 1024 * 1024;
- hwaddr timer0_base = 0x80002000;
- hwaddr uart0_base = 0x80006000;
- hwaddr timer1_base = 0x8000a000;
- int uart0_irq = 0;
- int timer0_irq = 1;
- int timer1_irq = 3;
-
- reset_info = g_malloc0(sizeof(ResetInfo));
-
- if (cpu_model == NULL) {
- cpu_model = "lm32-full";
- }
- cpu = cpu_lm32_init(cpu_model);
- env = &cpu->env;
- reset_info->cpu = cpu;
-
- reset_info->flash_base = flash_base;
-
- memory_region_init_ram(phys_ram, "lm32_evr.sdram", ram_size);
- vmstate_register_ram_global(phys_ram);
- memory_region_add_subregion(address_space_mem, ram_base, phys_ram);
-
- dinfo = drive_get(IF_PFLASH, 0, 0);
- /* Spansion S29NS128P */
- pflash_cfi02_register(flash_base, NULL, "lm32_evr.flash", flash_size,
- dinfo ? dinfo->bdrv : NULL, flash_sector_size,
- flash_size / flash_sector_size, 1, 2,
- 0x01, 0x7e, 0x43, 0x00, 0x555, 0x2aa, 1);
-
- /* create irq lines */
- cpu_irq = qemu_allocate_irqs(cpu_irq_handler, env, 1);
- env->pic_state = lm32_pic_init(*cpu_irq);
- for (i = 0; i < 32; i++) {
- irq[i] = qdev_get_gpio_in(env->pic_state, i);
- }
-
- sysbus_create_simple("lm32-uart", uart0_base, irq[uart0_irq]);
- sysbus_create_simple("lm32-timer", timer0_base, irq[timer0_irq]);
- sysbus_create_simple("lm32-timer", timer1_base, irq[timer1_irq]);
-
- /* make sure juart isn't the first chardev */
- env->juart_state = lm32_juart_init();
-
- reset_info->bootstrap_pc = flash_base;
-
- if (kernel_filename) {
- uint64_t entry;
- int kernel_size;
-
- kernel_size = load_elf(kernel_filename, NULL, NULL, &entry, NULL, NULL,
- 1, ELF_MACHINE, 0);
- reset_info->bootstrap_pc = entry;
-
- if (kernel_size < 0) {
- kernel_size = load_image_targphys(kernel_filename, ram_base,
- ram_size);
- reset_info->bootstrap_pc = ram_base;
- }
-
- if (kernel_size < 0) {
- fprintf(stderr, "qemu: could not load kernel '%s'\n",
- kernel_filename);
- exit(1);
- }
- }
-
- qemu_register_reset(main_cpu_reset, reset_info);
-}
-
-static void lm32_uclinux_init(QEMUMachineInitArgs *args)
-{
- const char *cpu_model = args->cpu_model;
- const char *kernel_filename = args->kernel_filename;
- const char *kernel_cmdline = args->kernel_cmdline;
- const char *initrd_filename = args->initrd_filename;
- LM32CPU *cpu;
- CPULM32State *env;
- DriveInfo *dinfo;
- MemoryRegion *address_space_mem = get_system_memory();
- MemoryRegion *phys_ram = g_new(MemoryRegion, 1);
- qemu_irq *cpu_irq, irq[32];
- HWSetup *hw;
- ResetInfo *reset_info;
- int i;
-
- /* memory map */
- hwaddr flash_base = 0x04000000;
- size_t flash_sector_size = 256 * 1024;
- size_t flash_size = 32 * 1024 * 1024;
- hwaddr ram_base = 0x08000000;
- size_t ram_size = 64 * 1024 * 1024;
- hwaddr uart0_base = 0x80000000;
- hwaddr timer0_base = 0x80002000;
- hwaddr timer1_base = 0x80010000;
- hwaddr timer2_base = 0x80012000;
- int uart0_irq = 0;
- int timer0_irq = 1;
- int timer1_irq = 20;
- int timer2_irq = 21;
- hwaddr hwsetup_base = 0x0bffe000;
- hwaddr cmdline_base = 0x0bfff000;
- hwaddr initrd_base = 0x08400000;
- size_t initrd_max = 0x01000000;
-
- reset_info = g_malloc0(sizeof(ResetInfo));
-
- if (cpu_model == NULL) {
- cpu_model = "lm32-full";
- }
- cpu = cpu_lm32_init(cpu_model);
- env = &cpu->env;
- reset_info->cpu = cpu;
-
- reset_info->flash_base = flash_base;
-
- memory_region_init_ram(phys_ram, "lm32_uclinux.sdram", ram_size);
- vmstate_register_ram_global(phys_ram);
- memory_region_add_subregion(address_space_mem, ram_base, phys_ram);
-
- dinfo = drive_get(IF_PFLASH, 0, 0);
- /* Spansion S29NS128P */
- pflash_cfi02_register(flash_base, NULL, "lm32_uclinux.flash", flash_size,
- dinfo ? dinfo->bdrv : NULL, flash_sector_size,
- flash_size / flash_sector_size, 1, 2,
- 0x01, 0x7e, 0x43, 0x00, 0x555, 0x2aa, 1);
-
- /* create irq lines */
- cpu_irq = qemu_allocate_irqs(cpu_irq_handler, env, 1);
- env->pic_state = lm32_pic_init(*cpu_irq);
- for (i = 0; i < 32; i++) {
- irq[i] = qdev_get_gpio_in(env->pic_state, i);
- }
-
- sysbus_create_simple("lm32-uart", uart0_base, irq[uart0_irq]);
- sysbus_create_simple("lm32-timer", timer0_base, irq[timer0_irq]);
- sysbus_create_simple("lm32-timer", timer1_base, irq[timer1_irq]);
- sysbus_create_simple("lm32-timer", timer2_base, irq[timer2_irq]);
-
- /* make sure juart isn't the first chardev */
- env->juart_state = lm32_juart_init();
-
- reset_info->bootstrap_pc = flash_base;
-
- if (kernel_filename) {
- uint64_t entry;
- int kernel_size;
-
- kernel_size = load_elf(kernel_filename, NULL, NULL, &entry, NULL, NULL,
- 1, ELF_MACHINE, 0);
- reset_info->bootstrap_pc = entry;
-
- if (kernel_size < 0) {
- kernel_size = load_image_targphys(kernel_filename, ram_base,
- ram_size);
- reset_info->bootstrap_pc = ram_base;
- }
-
- if (kernel_size < 0) {
- fprintf(stderr, "qemu: could not load kernel '%s'\n",
- kernel_filename);
- exit(1);
- }
- }
-
- /* generate a rom with the hardware description */
- hw = hwsetup_init();
- hwsetup_add_cpu(hw, "LM32", 75000000);
- hwsetup_add_flash(hw, "flash", flash_base, flash_size);
- hwsetup_add_ddr_sdram(hw, "ddr_sdram", ram_base, ram_size);
- hwsetup_add_timer(hw, "timer0", timer0_base, timer0_irq);
- hwsetup_add_timer(hw, "timer1_dev_only", timer1_base, timer1_irq);
- hwsetup_add_timer(hw, "timer2_dev_only", timer2_base, timer2_irq);
- hwsetup_add_uart(hw, "uart", uart0_base, uart0_irq);
- hwsetup_add_trailer(hw);
- hwsetup_create_rom(hw, hwsetup_base);
- hwsetup_free(hw);
-
- reset_info->hwsetup_base = hwsetup_base;
-
- if (kernel_cmdline && strlen(kernel_cmdline)) {
- pstrcpy_targphys("cmdline", cmdline_base, TARGET_PAGE_SIZE,
- kernel_cmdline);
- reset_info->cmdline_base = cmdline_base;
- }
-
- if (initrd_filename) {
- size_t initrd_size;
- initrd_size = load_image_targphys(initrd_filename, initrd_base,
- initrd_max);
- reset_info->initrd_base = initrd_base;
- reset_info->initrd_size = initrd_size;
- }
-
- qemu_register_reset(main_cpu_reset, reset_info);
-}
-
-static QEMUMachine lm32_evr_machine = {
- .name = "lm32-evr",
- .desc = "LatticeMico32 EVR32 eval system",
- .init = lm32_evr_init,
- .is_default = 1
-};
-
-static QEMUMachine lm32_uclinux_machine = {
- .name = "lm32-uclinux",
- .desc = "lm32 platform for uClinux and u-boot by Theobroma Systems",
- .init = lm32_uclinux_init,
- .is_default = 0
-};
-
-static void lm32_machine_init(void)
-{
- qemu_register_machine(&lm32_uclinux_machine);
- qemu_register_machine(&lm32_evr_machine);
-}
-
-machine_init(lm32_machine_init);
diff --git a/hw/lm32_hwsetup.h b/hw/lm32_hwsetup.h
deleted file mode 100644
index 853e9abc7..000000000
--- a/hw/lm32_hwsetup.h
+++ /dev/null
@@ -1,178 +0,0 @@
-/*
- * LatticeMico32 hwsetup helper functions.
- *
- * Copyright (c) 2010 Michael Walle <michael@walle.cc>
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, see <http://www.gnu.org/licenses/>.
- */
-
-/*
- * These are helper functions for creating the hardware description blob used
- * in the Theobroma's uClinux port.
- */
-
-#ifndef QEMU_HW_LM32_HWSETUP_H
-#define QEMU_HW_LM32_HWSETUP_H
-
-#include "qemu-common.h"
-#include "loader.h"
-
-typedef struct {
- void *data;
- void *ptr;
-} HWSetup;
-
-enum hwsetup_tag {
- HWSETUP_TAG_EOL = 0,
- HWSETUP_TAG_CPU = 1,
- HWSETUP_TAG_ASRAM = 2,
- HWSETUP_TAG_FLASH = 3,
- HWSETUP_TAG_SDRAM = 4,
- HWSETUP_TAG_OCM = 5,
- HWSETUP_TAG_DDR_SDRAM = 6,
- HWSETUP_TAG_DDR2_SDRAM = 7,
- HWSETUP_TAG_TIMER = 8,
- HWSETUP_TAG_UART = 9,
- HWSETUP_TAG_GPIO = 10,
- HWSETUP_TAG_TRISPEEDMAC = 11,
- HWSETUP_TAG_I2CM = 12,
- HWSETUP_TAG_LEDS = 13,
- HWSETUP_TAG_7SEG = 14,
- HWSETUP_TAG_SPI_S = 15,
- HWSETUP_TAG_SPI_M = 16,
-};
-
-static inline HWSetup *hwsetup_init(void)
-{
- HWSetup *hw;
-
- hw = g_malloc(sizeof(HWSetup));
- hw->data = g_malloc0(TARGET_PAGE_SIZE);
- hw->ptr = hw->data;
-
- return hw;
-}
-
-static inline void hwsetup_free(HWSetup *hw)
-{
- g_free(hw->data);
- g_free(hw);
-}
-
-static inline void hwsetup_create_rom(HWSetup *hw,
- hwaddr base)
-{
- rom_add_blob("hwsetup", hw->data, TARGET_PAGE_SIZE, base);
-}
-
-static inline void hwsetup_add_u8(HWSetup *hw, uint8_t u)
-{
- stb_p(hw->ptr, u);
- hw->ptr += 1;
-}
-
-static inline void hwsetup_add_u32(HWSetup *hw, uint32_t u)
-{
- stl_p(hw->ptr, u);
- hw->ptr += 4;
-}
-
-static inline void hwsetup_add_tag(HWSetup *hw, enum hwsetup_tag t)
-{
- stl_p(hw->ptr, t);
- hw->ptr += 4;
-}
-
-static inline void hwsetup_add_str(HWSetup *hw, const char *str)
-{
- pstrcpy(hw->ptr, 32, str);
- hw->ptr += 32;
-}
-
-static inline void hwsetup_add_trailer(HWSetup *hw)
-{
- hwsetup_add_u32(hw, 8); /* size */
- hwsetup_add_tag(hw, HWSETUP_TAG_EOL);
-}
-
-static inline void hwsetup_add_cpu(HWSetup *hw,
- const char *name, uint32_t frequency)
-{
- hwsetup_add_u32(hw, 44); /* size */
- hwsetup_add_tag(hw, HWSETUP_TAG_CPU);
- hwsetup_add_str(hw, name);
- hwsetup_add_u32(hw, frequency);
-}
-
-static inline void hwsetup_add_flash(HWSetup *hw,
- const char *name, uint32_t base, uint32_t size)
-{
- hwsetup_add_u32(hw, 52); /* size */
- hwsetup_add_tag(hw, HWSETUP_TAG_FLASH);
- hwsetup_add_str(hw, name);
- hwsetup_add_u32(hw, base);
- hwsetup_add_u32(hw, size);
- hwsetup_add_u8(hw, 8); /* read latency */
- hwsetup_add_u8(hw, 8); /* write latency */
- hwsetup_add_u8(hw, 25); /* address width */
- hwsetup_add_u8(hw, 32); /* data width */
-}
-
-static inline void hwsetup_add_ddr_sdram(HWSetup *hw,
- const char *name, uint32_t base, uint32_t size)
-{
- hwsetup_add_u32(hw, 48); /* size */
- hwsetup_add_tag(hw, HWSETUP_TAG_DDR_SDRAM);
- hwsetup_add_str(hw, name);
- hwsetup_add_u32(hw, base);
- hwsetup_add_u32(hw, size);
-}
-
-static inline void hwsetup_add_timer(HWSetup *hw,
- const char *name, uint32_t base, uint32_t irq)
-{
- hwsetup_add_u32(hw, 56); /* size */
- hwsetup_add_tag(hw, HWSETUP_TAG_TIMER);
- hwsetup_add_str(hw, name);
- hwsetup_add_u32(hw, base);
- hwsetup_add_u8(hw, 1); /* wr_tickcount */
- hwsetup_add_u8(hw, 1); /* rd_tickcount */
- hwsetup_add_u8(hw, 1); /* start_stop_control */
- hwsetup_add_u8(hw, 32); /* counter_width */
- hwsetup_add_u32(hw, 20); /* reload_ticks */
- hwsetup_add_u8(hw, irq);
- hwsetup_add_u8(hw, 0); /* padding */
- hwsetup_add_u8(hw, 0); /* padding */
- hwsetup_add_u8(hw, 0); /* padding */
-}
-
-static inline void hwsetup_add_uart(HWSetup *hw,
- const char *name, uint32_t base, uint32_t irq)
-{
- hwsetup_add_u32(hw, 56); /* size */
- hwsetup_add_tag(hw, HWSETUP_TAG_UART);
- hwsetup_add_str(hw, name);
- hwsetup_add_u32(hw, base);
- hwsetup_add_u32(hw, 115200); /* baudrate */
- hwsetup_add_u8(hw, 8); /* databits */
- hwsetup_add_u8(hw, 1); /* stopbits */
- hwsetup_add_u8(hw, 1); /* use_interrupt */
- hwsetup_add_u8(hw, 1); /* block_on_transmit */
- hwsetup_add_u8(hw, 1); /* block_on_receive */
- hwsetup_add_u8(hw, 4); /* rx_buffer_size */
- hwsetup_add_u8(hw, 4); /* tx_buffer_size */
- hwsetup_add_u8(hw, irq);
-}
-
-#endif /* QEMU_HW_LM32_HWSETUP_H */
diff --git a/hw/lm32_juart.c b/hw/lm32_juart.c
deleted file mode 100644
index f07ed3977..000000000
--- a/hw/lm32_juart.c
+++ /dev/null
@@ -1,159 +0,0 @@
-/*
- * LatticeMico32 JTAG UART model.
- *
- * Copyright (c) 2010 Michael Walle <michael@walle.cc>
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, see <http://www.gnu.org/licenses/>.
- */
-
-#include "hw.h"
-#include "sysbus.h"
-#include "trace.h"
-#include "qemu-char.h"
-
-#include "lm32_juart.h"
-
-enum {
- LM32_JUART_MIN_SAVE_VERSION = 0,
- LM32_JUART_CURRENT_SAVE_VERSION = 0,
- LM32_JUART_MAX_SAVE_VERSION = 0,
-};
-
-enum {
- JTX_FULL = (1<<8),
-};
-
-enum {
- JRX_FULL = (1<<8),
-};
-
-struct LM32JuartState {
- SysBusDevice busdev;
- CharDriverState *chr;
-
- uint32_t jtx;
- uint32_t jrx;
-};
-typedef struct LM32JuartState LM32JuartState;
-
-uint32_t lm32_juart_get_jtx(DeviceState *d)
-{
- LM32JuartState *s = container_of(d, LM32JuartState, busdev.qdev);
-
- trace_lm32_juart_get_jtx(s->jtx);
- return s->jtx;
-}
-
-uint32_t lm32_juart_get_jrx(DeviceState *d)
-{
- LM32JuartState *s = container_of(d, LM32JuartState, busdev.qdev);
-
- trace_lm32_juart_get_jrx(s->jrx);
- return s->jrx;
-}
-
-void lm32_juart_set_jtx(DeviceState *d, uint32_t jtx)
-{
- LM32JuartState *s = container_of(d, LM32JuartState, busdev.qdev);
- unsigned char ch = jtx & 0xff;
-
- trace_lm32_juart_set_jtx(s->jtx);
-
- s->jtx = jtx;
- if (s->chr) {
- qemu_chr_fe_write(s->chr, &ch, 1);
- }
-}
-
-void lm32_juart_set_jrx(DeviceState *d, uint32_t jtx)
-{
- LM32JuartState *s = container_of(d, LM32JuartState, busdev.qdev);
-
- trace_lm32_juart_set_jrx(s->jrx);
- s->jrx &= ~JRX_FULL;
-}
-
-static void juart_rx(void *opaque, const uint8_t *buf, int size)
-{
- LM32JuartState *s = opaque;
-
- s->jrx = *buf | JRX_FULL;
-}
-
-static int juart_can_rx(void *opaque)
-{
- LM32JuartState *s = opaque;
-
- return !(s->jrx & JRX_FULL);
-}
-
-static void juart_event(void *opaque, int event)
-{
-}
-
-static void juart_reset(DeviceState *d)
-{
- LM32JuartState *s = container_of(d, LM32JuartState, busdev.qdev);
-
- s->jtx = 0;
- s->jrx = 0;
-}
-
-static int lm32_juart_init(SysBusDevice *dev)
-{
- LM32JuartState *s = FROM_SYSBUS(typeof(*s), dev);
-
- s->chr = qemu_char_get_next_serial();
- if (s->chr) {
- qemu_chr_add_handlers(s->chr, juart_can_rx, juart_rx, juart_event, s);
- }
-
- return 0;
-}
-
-static const VMStateDescription vmstate_lm32_juart = {
- .name = "lm32-juart",
- .version_id = 1,
- .minimum_version_id = 1,
- .minimum_version_id_old = 1,
- .fields = (VMStateField[]) {
- VMSTATE_UINT32(jtx, LM32JuartState),
- VMSTATE_UINT32(jrx, LM32JuartState),
- VMSTATE_END_OF_LIST()
- }
-};
-
-static void lm32_juart_class_init(ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS(klass);
- SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
-
- k->init = lm32_juart_init;
- dc->reset = juart_reset;
- dc->vmsd = &vmstate_lm32_juart;
-}
-
-static TypeInfo lm32_juart_info = {
- .name = "lm32-juart",
- .parent = TYPE_SYS_BUS_DEVICE,
- .instance_size = sizeof(LM32JuartState),
- .class_init = lm32_juart_class_init,
-};
-
-static void lm32_juart_register_types(void)
-{
- type_register_static(&lm32_juart_info);
-}
-
-type_init(lm32_juart_register_types)
diff --git a/hw/lm32_juart.h b/hw/lm32_juart.h
deleted file mode 100644
index 67fc5866e..000000000
--- a/hw/lm32_juart.h
+++ /dev/null
@@ -1,11 +0,0 @@
-#ifndef QEMU_HW_LM32_JUART_H
-#define QEMU_HW_LM32_JUART_H
-
-#include "qemu-common.h"
-
-uint32_t lm32_juart_get_jtx(DeviceState *d);
-uint32_t lm32_juart_get_jrx(DeviceState *d);
-void lm32_juart_set_jtx(DeviceState *d, uint32_t jtx);
-void lm32_juart_set_jrx(DeviceState *d, uint32_t jrx);
-
-#endif /* QEMU_HW_LM32_JUART_H */
diff --git a/hw/lm32_pic.c b/hw/lm32_pic.c
deleted file mode 100644
index 32f65db7f..000000000
--- a/hw/lm32_pic.c
+++ /dev/null
@@ -1,199 +0,0 @@
-/*
- * LatticeMico32 CPU interrupt controller logic.
- *
- * Copyright (c) 2010 Michael Walle <michael@walle.cc>
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, see <http://www.gnu.org/licenses/>.
- */
-
-#include <assert.h>
-
-#include "hw.h"
-#include "pc.h"
-#include "monitor.h"
-#include "sysbus.h"
-#include "trace.h"
-#include "lm32_pic.h"
-
-struct LM32PicState {
- SysBusDevice busdev;
- qemu_irq parent_irq;
- uint32_t im; /* interrupt mask */
- uint32_t ip; /* interrupt pending */
- uint32_t irq_state;
-
- /* statistics */
- uint32_t stats_irq_count[32];
-};
-typedef struct LM32PicState LM32PicState;
-
-static LM32PicState *pic;
-void lm32_do_pic_info(Monitor *mon)
-{
- if (pic == NULL) {
- return;
- }
-
- monitor_printf(mon, "lm32-pic: im=%08x ip=%08x irq_state=%08x\n",
- pic->im, pic->ip, pic->irq_state);
-}
-
-void lm32_irq_info(Monitor *mon)
-{
- int i;
- uint32_t count;
-
- if (pic == NULL) {
- return;
- }
-
- monitor_printf(mon, "IRQ statistics:\n");
- for (i = 0; i < 32; i++) {
- count = pic->stats_irq_count[i];
- if (count > 0) {
- monitor_printf(mon, "%2d: %u\n", i, count);
- }
- }
-}
-
-static void update_irq(LM32PicState *s)
-{
- s->ip |= s->irq_state;
-
- if (s->ip & s->im) {
- trace_lm32_pic_raise_irq();
- qemu_irq_raise(s->parent_irq);
- } else {
- trace_lm32_pic_lower_irq();
- qemu_irq_lower(s->parent_irq);
- }
-}
-
-static void irq_handler(void *opaque, int irq, int level)
-{
- LM32PicState *s = opaque;
-
- assert(irq < 32);
- trace_lm32_pic_interrupt(irq, level);
-
- if (level) {
- s->irq_state |= (1 << irq);
- s->stats_irq_count[irq]++;
- } else {
- s->irq_state &= ~(1 << irq);
- }
-
- update_irq(s);
-}
-
-void lm32_pic_set_im(DeviceState *d, uint32_t im)
-{
- LM32PicState *s = container_of(d, LM32PicState, busdev.qdev);
-
- trace_lm32_pic_set_im(im);
- s->im = im;
-
- update_irq(s);
-}
-
-void lm32_pic_set_ip(DeviceState *d, uint32_t ip)
-{
- LM32PicState *s = container_of(d, LM32PicState, busdev.qdev);
-
- trace_lm32_pic_set_ip(ip);
-
- /* ack interrupt */
- s->ip &= ~ip;
-
- update_irq(s);
-}
-
-uint32_t lm32_pic_get_im(DeviceState *d)
-{
- LM32PicState *s = container_of(d, LM32PicState, busdev.qdev);
-
- trace_lm32_pic_get_im(s->im);
- return s->im;
-}
-
-uint32_t lm32_pic_get_ip(DeviceState *d)
-{
- LM32PicState *s = container_of(d, LM32PicState, busdev.qdev);
-
- trace_lm32_pic_get_ip(s->ip);
- return s->ip;
-}
-
-static void pic_reset(DeviceState *d)
-{
- LM32PicState *s = container_of(d, LM32PicState, busdev.qdev);
- int i;
-
- s->im = 0;
- s->ip = 0;
- s->irq_state = 0;
- for (i = 0; i < 32; i++) {
- s->stats_irq_count[i] = 0;
- }
-}
-
-static int lm32_pic_init(SysBusDevice *dev)
-{
- LM32PicState *s = FROM_SYSBUS(typeof(*s), dev);
-
- qdev_init_gpio_in(&dev->qdev, irq_handler, 32);
- sysbus_init_irq(dev, &s->parent_irq);
-
- pic = s;
-
- return 0;
-}
-
-static const VMStateDescription vmstate_lm32_pic = {
- .name = "lm32-pic",
- .version_id = 1,
- .minimum_version_id = 1,
- .minimum_version_id_old = 1,
- .fields = (VMStateField[]) {
- VMSTATE_UINT32(im, LM32PicState),
- VMSTATE_UINT32(ip, LM32PicState),
- VMSTATE_UINT32(irq_state, LM32PicState),
- VMSTATE_UINT32_ARRAY(stats_irq_count, LM32PicState, 32),
- VMSTATE_END_OF_LIST()
- }
-};
-
-static void lm32_pic_class_init(ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS(klass);
- SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
-
- k->init = lm32_pic_init;
- dc->reset = pic_reset;
- dc->vmsd = &vmstate_lm32_pic;
-}
-
-static TypeInfo lm32_pic_info = {
- .name = "lm32-pic",
- .parent = TYPE_SYS_BUS_DEVICE,
- .instance_size = sizeof(LM32PicState),
- .class_init = lm32_pic_class_init,
-};
-
-static void lm32_pic_register_types(void)
-{
- type_register_static(&lm32_pic_info);
-}
-
-type_init(lm32_pic_register_types)
diff --git a/hw/lm32_pic.h b/hw/lm32_pic.h
deleted file mode 100644
index 14456f37c..000000000
--- a/hw/lm32_pic.h
+++ /dev/null
@@ -1,14 +0,0 @@
-#ifndef QEMU_HW_LM32_PIC_H
-#define QEMU_HW_LM32_PIC_H
-
-#include "qemu-common.h"
-
-uint32_t lm32_pic_get_ip(DeviceState *d);
-uint32_t lm32_pic_get_im(DeviceState *d);
-void lm32_pic_set_ip(DeviceState *d, uint32_t ip);
-void lm32_pic_set_im(DeviceState *d, uint32_t im);
-
-void lm32_do_pic_info(Monitor *mon);
-void lm32_irq_info(Monitor *mon);
-
-#endif /* QEMU_HW_LM32_PIC_H */
diff --git a/hw/lm32_sys.c b/hw/lm32_sys.c
deleted file mode 100644
index a7887d14f..000000000
--- a/hw/lm32_sys.c
+++ /dev/null
@@ -1,172 +0,0 @@
-/*
- * QEMU model of the LatticeMico32 system control block.
- *
- * Copyright (c) 2010 Michael Walle <michael@walle.cc>
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, see <http://www.gnu.org/licenses/>.
- */
-
-/*
- * This model is mainly intended for testing purposes and doesn't fit to any
- * real hardware. On the one hand it provides a control register (R_CTRL) on
- * the other hand it supports the lm32 tests.
- *
- * A write to the control register causes a system shutdown.
- * Tests first write the pointer to a test name to the test name register
- * (R_TESTNAME) and then write a zero to the pass/fail register (R_PASSFAIL) if
- * the test is passed or any non-zero value to it if the test is failed.
- */
-
-#include "hw.h"
-#include "sysbus.h"
-#include "trace.h"
-#include "qemu-log.h"
-#include "qemu-error.h"
-#include "sysemu.h"
-#include "qemu-log.h"
-
-enum {
- R_CTRL = 0,
- R_PASSFAIL,
- R_TESTNAME,
- R_MAX
-};
-
-#define MAX_TESTNAME_LEN 16
-
-struct LM32SysState {
- SysBusDevice busdev;
- MemoryRegion iomem;
- uint32_t base;
- uint32_t regs[R_MAX];
- uint8_t testname[MAX_TESTNAME_LEN];
-};
-typedef struct LM32SysState LM32SysState;
-
-static void copy_testname(LM32SysState *s)
-{
- cpu_physical_memory_read(s->regs[R_TESTNAME], s->testname,
- MAX_TESTNAME_LEN);
- s->testname[MAX_TESTNAME_LEN - 1] = '\0';
-}
-
-static void sys_write(void *opaque, hwaddr addr,
- uint64_t value, unsigned size)
-{
- LM32SysState *s = opaque;
- char *testname;
-
- trace_lm32_sys_memory_write(addr, value);
-
- addr >>= 2;
- switch (addr) {
- case R_CTRL:
- qemu_system_shutdown_request();
- break;
- case R_PASSFAIL:
- s->regs[addr] = value;
- testname = (char *)s->testname;
- qemu_log("TC %-16s %s\n", testname, (value) ? "FAILED" : "OK");
- break;
- case R_TESTNAME:
- s->regs[addr] = value;
- copy_testname(s);
- break;
-
- default:
- error_report("lm32_sys: write access to unknown register 0x"
- TARGET_FMT_plx, addr << 2);
- break;
- }
-}
-
-static bool sys_ops_accepts(void *opaque, hwaddr addr,
- unsigned size, bool is_write)
-{
- return is_write && size == 4;
-}
-
-static const MemoryRegionOps sys_ops = {
- .write = sys_write,
- .valid.accepts = sys_ops_accepts,
- .endianness = DEVICE_NATIVE_ENDIAN,
-};
-
-static void sys_reset(DeviceState *d)
-{
- LM32SysState *s = container_of(d, LM32SysState, busdev.qdev);
- int i;
-
- for (i = 0; i < R_MAX; i++) {
- s->regs[i] = 0;
- }
- memset(s->testname, 0, MAX_TESTNAME_LEN);
-}
-
-static int lm32_sys_init(SysBusDevice *dev)
-{
- LM32SysState *s = FROM_SYSBUS(typeof(*s), dev);
-
- memory_region_init_io(&s->iomem, &sys_ops , s, "sys", R_MAX * 4);
- sysbus_init_mmio(dev, &s->iomem);
-
- /* Note: This device is not created in the board initialization,
- * instead it has to be added with the -device parameter. Therefore,
- * the device maps itself. */
- sysbus_mmio_map(dev, 0, s->base);
-
- return 0;
-}
-
-static const VMStateDescription vmstate_lm32_sys = {
- .name = "lm32-sys",
- .version_id = 1,
- .minimum_version_id = 1,
- .minimum_version_id_old = 1,
- .fields = (VMStateField[]) {
- VMSTATE_UINT32_ARRAY(regs, LM32SysState, R_MAX),
- VMSTATE_BUFFER(testname, LM32SysState),
- VMSTATE_END_OF_LIST()
- }
-};
-
-static Property lm32_sys_properties[] = {
- DEFINE_PROP_UINT32("base", LM32SysState, base, 0xffff0000),
- DEFINE_PROP_END_OF_LIST(),
-};
-
-static void lm32_sys_class_init(ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS(klass);
- SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
-
- k->init = lm32_sys_init;
- dc->reset = sys_reset;
- dc->vmsd = &vmstate_lm32_sys;
- dc->props = lm32_sys_properties;
-}
-
-static TypeInfo lm32_sys_info = {
- .name = "lm32-sys",
- .parent = TYPE_SYS_BUS_DEVICE,
- .instance_size = sizeof(LM32SysState),
- .class_init = lm32_sys_class_init,
-};
-
-static void lm32_sys_register_types(void)
-{
- type_register_static(&lm32_sys_info);
-}
-
-type_init(lm32_sys_register_types)
diff --git a/hw/lm32_timer.c b/hw/lm32_timer.c
deleted file mode 100644
index a8be9cc16..000000000
--- a/hw/lm32_timer.c
+++ /dev/null
@@ -1,230 +0,0 @@
-/*
- * QEMU model of the LatticeMico32 timer block.
- *
- * Copyright (c) 2010 Michael Walle <michael@walle.cc>
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, see <http://www.gnu.org/licenses/>.
- *
- *
- * Specification available at:
- * http://www.latticesemi.com/documents/mico32timer.pdf
- */
-
-#include "hw.h"
-#include "sysbus.h"
-#include "trace.h"
-#include "qemu-timer.h"
-#include "ptimer.h"
-#include "qemu-error.h"
-
-#define DEFAULT_FREQUENCY (50*1000000)
-
-enum {
- R_SR = 0,
- R_CR,
- R_PERIOD,
- R_SNAPSHOT,
- R_MAX
-};
-
-enum {
- SR_TO = (1 << 0),
- SR_RUN = (1 << 1),
-};
-
-enum {
- CR_ITO = (1 << 0),
- CR_CONT = (1 << 1),
- CR_START = (1 << 2),
- CR_STOP = (1 << 3),
-};
-
-struct LM32TimerState {
- SysBusDevice busdev;
- MemoryRegion iomem;
-
- QEMUBH *bh;
- ptimer_state *ptimer;
-
- qemu_irq irq;
- uint32_t freq_hz;
-
- uint32_t regs[R_MAX];
-};
-typedef struct LM32TimerState LM32TimerState;
-
-static void timer_update_irq(LM32TimerState *s)
-{
- int state = (s->regs[R_SR] & SR_TO) && (s->regs[R_CR] & CR_ITO);
-
- trace_lm32_timer_irq_state(state);
- qemu_set_irq(s->irq, state);
-}
-
-static uint64_t timer_read(void *opaque, hwaddr addr, unsigned size)
-{
- LM32TimerState *s = opaque;
- uint32_t r = 0;
-
- addr >>= 2;
- switch (addr) {
- case R_SR:
- case R_CR:
- case R_PERIOD:
- r = s->regs[addr];
- break;
- case R_SNAPSHOT:
- r = (uint32_t)ptimer_get_count(s->ptimer);
- break;
- default:
- error_report("lm32_timer: read access to unknown register 0x"
- TARGET_FMT_plx, addr << 2);
- break;
- }
-
- trace_lm32_timer_memory_read(addr << 2, r);
- return r;
-}
-
-static void timer_write(void *opaque, hwaddr addr,
- uint64_t value, unsigned size)
-{
- LM32TimerState *s = opaque;
-
- trace_lm32_timer_memory_write(addr, value);
-
- addr >>= 2;
- switch (addr) {
- case R_SR:
- s->regs[R_SR] &= ~SR_TO;
- break;
- case R_CR:
- s->regs[R_CR] = value;
- if (s->regs[R_CR] & CR_START) {
- ptimer_run(s->ptimer, 1);
- }
- if (s->regs[R_CR] & CR_STOP) {
- ptimer_stop(s->ptimer);
- }
- break;
- case R_PERIOD:
- s->regs[R_PERIOD] = value;
- ptimer_set_count(s->ptimer, value);
- break;
- case R_SNAPSHOT:
- error_report("lm32_timer: write access to read only register 0x"
- TARGET_FMT_plx, addr << 2);
- break;
- default:
- error_report("lm32_timer: write access to unknown register 0x"
- TARGET_FMT_plx, addr << 2);
- break;
- }
- timer_update_irq(s);
-}
-
-static const MemoryRegionOps timer_ops = {
- .read = timer_read,
- .write = timer_write,
- .endianness = DEVICE_NATIVE_ENDIAN,
- .valid = {
- .min_access_size = 4,
- .max_access_size = 4,
- },
-};
-
-static void timer_hit(void *opaque)
-{
- LM32TimerState *s = opaque;
-
- trace_lm32_timer_hit();
-
- s->regs[R_SR] |= SR_TO;
-
- if (s->regs[R_CR] & CR_CONT) {
- ptimer_set_count(s->ptimer, s->regs[R_PERIOD]);
- ptimer_run(s->ptimer, 1);
- }
- timer_update_irq(s);
-}
-
-static void timer_reset(DeviceState *d)
-{
- LM32TimerState *s = container_of(d, LM32TimerState, busdev.qdev);
- int i;
-
- for (i = 0; i < R_MAX; i++) {
- s->regs[i] = 0;
- }
- ptimer_stop(s->ptimer);
-}
-
-static int lm32_timer_init(SysBusDevice *dev)
-{
- LM32TimerState *s = FROM_SYSBUS(typeof(*s), dev);
-
- sysbus_init_irq(dev, &s->irq);
-
- s->bh = qemu_bh_new(timer_hit, s);
- s->ptimer = ptimer_init(s->bh);
- ptimer_set_freq(s->ptimer, s->freq_hz);
-
- memory_region_init_io(&s->iomem, &timer_ops, s, "timer", R_MAX * 4);
- sysbus_init_mmio(dev, &s->iomem);
-
- return 0;
-}
-
-static const VMStateDescription vmstate_lm32_timer = {
- .name = "lm32-timer",
- .version_id = 1,
- .minimum_version_id = 1,
- .minimum_version_id_old = 1,
- .fields = (VMStateField[]) {
- VMSTATE_PTIMER(ptimer, LM32TimerState),
- VMSTATE_UINT32(freq_hz, LM32TimerState),
- VMSTATE_UINT32_ARRAY(regs, LM32TimerState, R_MAX),
- VMSTATE_END_OF_LIST()
- }
-};
-
-static Property lm32_timer_properties[] = {
- DEFINE_PROP_UINT32("frequency", LM32TimerState, freq_hz, DEFAULT_FREQUENCY),
- DEFINE_PROP_END_OF_LIST(),
-};
-
-static void lm32_timer_class_init(ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS(klass);
- SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
-
- k->init = lm32_timer_init;
- dc->reset = timer_reset;
- dc->vmsd = &vmstate_lm32_timer;
- dc->props = lm32_timer_properties;
-}
-
-static TypeInfo lm32_timer_info = {
- .name = "lm32-timer",
- .parent = TYPE_SYS_BUS_DEVICE,
- .instance_size = sizeof(LM32TimerState),
- .class_init = lm32_timer_class_init,
-};
-
-static void lm32_timer_register_types(void)
-{
- type_register_static(&lm32_timer_info);
-}
-
-type_init(lm32_timer_register_types)
diff --git a/hw/lm32_uart.c b/hw/lm32_uart.c
deleted file mode 100644
index adb928756..000000000
--- a/hw/lm32_uart.c
+++ /dev/null
@@ -1,296 +0,0 @@
-/*
- * QEMU model of the LatticeMico32 UART block.
- *
- * Copyright (c) 2010 Michael Walle <michael@walle.cc>
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, see <http://www.gnu.org/licenses/>.
- *
- *
- * Specification available at:
- * http://www.latticesemi.com/documents/mico32uart.pdf
- */
-
-
-#include "hw.h"
-#include "sysbus.h"
-#include "trace.h"
-#include "qemu-char.h"
-#include "qemu-error.h"
-
-enum {
- R_RXTX = 0,
- R_IER,
- R_IIR,
- R_LCR,
- R_MCR,
- R_LSR,
- R_MSR,
- R_DIV,
- R_MAX
-};
-
-enum {
- IER_RBRI = (1<<0),
- IER_THRI = (1<<1),
- IER_RLSI = (1<<2),
- IER_MSI = (1<<3),
-};
-
-enum {
- IIR_STAT = (1<<0),
- IIR_ID0 = (1<<1),
- IIR_ID1 = (1<<2),
-};
-
-enum {
- LCR_WLS0 = (1<<0),
- LCR_WLS1 = (1<<1),
- LCR_STB = (1<<2),
- LCR_PEN = (1<<3),
- LCR_EPS = (1<<4),
- LCR_SP = (1<<5),
- LCR_SB = (1<<6),
-};
-
-enum {
- MCR_DTR = (1<<0),
- MCR_RTS = (1<<1),
-};
-
-enum {
- LSR_DR = (1<<0),
- LSR_OE = (1<<1),
- LSR_PE = (1<<2),
- LSR_FE = (1<<3),
- LSR_BI = (1<<4),
- LSR_THRE = (1<<5),
- LSR_TEMT = (1<<6),
-};
-
-enum {
- MSR_DCTS = (1<<0),
- MSR_DDSR = (1<<1),
- MSR_TERI = (1<<2),
- MSR_DDCD = (1<<3),
- MSR_CTS = (1<<4),
- MSR_DSR = (1<<5),
- MSR_RI = (1<<6),
- MSR_DCD = (1<<7),
-};
-
-struct LM32UartState {
- SysBusDevice busdev;
- MemoryRegion iomem;
- CharDriverState *chr;
- qemu_irq irq;
-
- uint32_t regs[R_MAX];
-};
-typedef struct LM32UartState LM32UartState;
-
-static void uart_update_irq(LM32UartState *s)
-{
- unsigned int irq;
-
- if ((s->regs[R_LSR] & (LSR_OE | LSR_PE | LSR_FE | LSR_BI))
- && (s->regs[R_IER] & IER_RLSI)) {
- irq = 1;
- s->regs[R_IIR] = IIR_ID1 | IIR_ID0;
- } else if ((s->regs[R_LSR] & LSR_DR) && (s->regs[R_IER] & IER_RBRI)) {
- irq = 1;
- s->regs[R_IIR] = IIR_ID1;
- } else if ((s->regs[R_LSR] & LSR_THRE) && (s->regs[R_IER] & IER_THRI)) {
- irq = 1;
- s->regs[R_IIR] = IIR_ID0;
- } else if ((s->regs[R_MSR] & 0x0f) && (s->regs[R_IER] & IER_MSI)) {
- irq = 1;
- s->regs[R_IIR] = 0;
- } else {
- irq = 0;
- s->regs[R_IIR] = IIR_STAT;
- }
-
- trace_lm32_uart_irq_state(irq);
- qemu_set_irq(s->irq, irq);
-}
-
-static uint64_t uart_read(void *opaque, hwaddr addr,
- unsigned size)
-{
- LM32UartState *s = opaque;
- uint32_t r = 0;
-
- addr >>= 2;
- switch (addr) {
- case R_RXTX:
- r = s->regs[R_RXTX];
- s->regs[R_LSR] &= ~LSR_DR;
- uart_update_irq(s);
- break;
- case R_IIR:
- case R_LSR:
- case R_MSR:
- r = s->regs[addr];
- break;
- case R_IER:
- case R_LCR:
- case R_MCR:
- case R_DIV:
- error_report("lm32_uart: read access to write only register 0x"
- TARGET_FMT_plx, addr << 2);
- break;
- default:
- error_report("lm32_uart: read access to unknown register 0x"
- TARGET_FMT_plx, addr << 2);
- break;
- }
-
- trace_lm32_uart_memory_read(addr << 2, r);
- return r;
-}
-
-static void uart_write(void *opaque, hwaddr addr,
- uint64_t value, unsigned size)
-{
- LM32UartState *s = opaque;
- unsigned char ch = value;
-
- trace_lm32_uart_memory_write(addr, value);
-
- addr >>= 2;
- switch (addr) {
- case R_RXTX:
- if (s->chr) {
- qemu_chr_fe_write(s->chr, &ch, 1);
- }
- break;
- case R_IER:
- case R_LCR:
- case R_MCR:
- case R_DIV:
- s->regs[addr] = value;
- break;
- case R_IIR:
- case R_LSR:
- case R_MSR:
- error_report("lm32_uart: write access to read only register 0x"
- TARGET_FMT_plx, addr << 2);
- break;
- default:
- error_report("lm32_uart: write access to unknown register 0x"
- TARGET_FMT_plx, addr << 2);
- break;
- }
- uart_update_irq(s);
-}
-
-static const MemoryRegionOps uart_ops = {
- .read = uart_read,
- .write = uart_write,
- .endianness = DEVICE_NATIVE_ENDIAN,
- .valid = {
- .min_access_size = 4,
- .max_access_size = 4,
- },
-};
-
-static void uart_rx(void *opaque, const uint8_t *buf, int size)
-{
- LM32UartState *s = opaque;
-
- if (s->regs[R_LSR] & LSR_DR) {
- s->regs[R_LSR] |= LSR_OE;
- }
-
- s->regs[R_LSR] |= LSR_DR;
- s->regs[R_RXTX] = *buf;
-
- uart_update_irq(s);
-}
-
-static int uart_can_rx(void *opaque)
-{
- LM32UartState *s = opaque;
-
- return !(s->regs[R_LSR] & LSR_DR);
-}
-
-static void uart_event(void *opaque, int event)
-{
-}
-
-static void uart_reset(DeviceState *d)
-{
- LM32UartState *s = container_of(d, LM32UartState, busdev.qdev);
- int i;
-
- for (i = 0; i < R_MAX; i++) {
- s->regs[i] = 0;
- }
-
- /* defaults */
- s->regs[R_LSR] = LSR_THRE | LSR_TEMT;
-}
-
-static int lm32_uart_init(SysBusDevice *dev)
-{
- LM32UartState *s = FROM_SYSBUS(typeof(*s), dev);
-
- sysbus_init_irq(dev, &s->irq);
-
- memory_region_init_io(&s->iomem, &uart_ops, s, "uart", R_MAX * 4);
- sysbus_init_mmio(dev, &s->iomem);
-
- s->chr = qemu_char_get_next_serial();
- if (s->chr) {
- qemu_chr_add_handlers(s->chr, uart_can_rx, uart_rx, uart_event, s);
- }
-
- return 0;
-}
-
-static const VMStateDescription vmstate_lm32_uart = {
- .name = "lm32-uart",
- .version_id = 1,
- .minimum_version_id = 1,
- .minimum_version_id_old = 1,
- .fields = (VMStateField[]) {
- VMSTATE_UINT32_ARRAY(regs, LM32UartState, R_MAX),
- VMSTATE_END_OF_LIST()
- }
-};
-
-static void lm32_uart_class_init(ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS(klass);
- SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
-
- k->init = lm32_uart_init;
- dc->reset = uart_reset;
- dc->vmsd = &vmstate_lm32_uart;
-}
-
-static TypeInfo lm32_uart_info = {
- .name = "lm32-uart",
- .parent = TYPE_SYS_BUS_DEVICE,
- .instance_size = sizeof(LM32UartState),
- .class_init = lm32_uart_class_init,
-};
-
-static void lm32_uart_register_types(void)
-{
- type_register_static(&lm32_uart_info);
-}
-
-type_init(lm32_uart_register_types)
diff --git a/hw/lm4549.c b/hw/lm4549.c
deleted file mode 100644
index b3c2d5f25..000000000
--- a/hw/lm4549.c
+++ /dev/null
@@ -1,336 +0,0 @@
-/*
- * LM4549 Audio Codec Interface
- *
- * Copyright (c) 2011
- * Written by Mathieu Sonet - www.elasticsheep.com
- *
- * This code is licensed under the GPL.
- *
- * *****************************************************************
- *
- * This driver emulates the LM4549 codec.
- *
- * It supports only one playback voice and no record voice.
- */
-
-#include "hw.h"
-#include "audio/audio.h"
-#include "lm4549.h"
-
-#if 0
-#define LM4549_DEBUG 1
-#endif
-
-#if 0
-#define LM4549_DUMP_DAC_INPUT 1
-#endif
-
-#ifdef LM4549_DEBUG
-#define DPRINTF(fmt, ...) \
-do { printf("lm4549: " fmt , ## __VA_ARGS__); } while (0)
-#else
-#define DPRINTF(fmt, ...) do {} while (0)
-#endif
-
-#if defined(LM4549_DUMP_DAC_INPUT)
-#include <stdio.h>
-static FILE *fp_dac_input;
-#endif
-
-/* LM4549 register list */
-enum {
- LM4549_Reset = 0x00,
- LM4549_Master_Volume = 0x02,
- LM4549_Line_Out_Volume = 0x04,
- LM4549_Master_Volume_Mono = 0x06,
- LM4549_PC_Beep_Volume = 0x0A,
- LM4549_Phone_Volume = 0x0C,
- LM4549_Mic_Volume = 0x0E,
- LM4549_Line_In_Volume = 0x10,
- LM4549_CD_Volume = 0x12,
- LM4549_Video_Volume = 0x14,
- LM4549_Aux_Volume = 0x16,
- LM4549_PCM_Out_Volume = 0x18,
- LM4549_Record_Select = 0x1A,
- LM4549_Record_Gain = 0x1C,
- LM4549_General_Purpose = 0x20,
- LM4549_3D_Control = 0x22,
- LM4549_Powerdown_Ctrl_Stat = 0x26,
- LM4549_Ext_Audio_ID = 0x28,
- LM4549_Ext_Audio_Stat_Ctrl = 0x2A,
- LM4549_PCM_Front_DAC_Rate = 0x2C,
- LM4549_PCM_ADC_Rate = 0x32,
- LM4549_Vendor_ID1 = 0x7C,
- LM4549_Vendor_ID2 = 0x7E
-};
-
-static void lm4549_reset(lm4549_state *s)
-{
- uint16_t *regfile = s->regfile;
-
- regfile[LM4549_Reset] = 0x0d50;
- regfile[LM4549_Master_Volume] = 0x8008;
- regfile[LM4549_Line_Out_Volume] = 0x8000;
- regfile[LM4549_Master_Volume_Mono] = 0x8000;
- regfile[LM4549_PC_Beep_Volume] = 0x0000;
- regfile[LM4549_Phone_Volume] = 0x8008;
- regfile[LM4549_Mic_Volume] = 0x8008;
- regfile[LM4549_Line_In_Volume] = 0x8808;
- regfile[LM4549_CD_Volume] = 0x8808;
- regfile[LM4549_Video_Volume] = 0x8808;
- regfile[LM4549_Aux_Volume] = 0x8808;
- regfile[LM4549_PCM_Out_Volume] = 0x8808;
- regfile[LM4549_Record_Select] = 0x0000;
- regfile[LM4549_Record_Gain] = 0x8000;
- regfile[LM4549_General_Purpose] = 0x0000;
- regfile[LM4549_3D_Control] = 0x0101;
- regfile[LM4549_Powerdown_Ctrl_Stat] = 0x000f;
- regfile[LM4549_Ext_Audio_ID] = 0x0001;
- regfile[LM4549_Ext_Audio_Stat_Ctrl] = 0x0000;
- regfile[LM4549_PCM_Front_DAC_Rate] = 0xbb80;
- regfile[LM4549_PCM_ADC_Rate] = 0xbb80;
- regfile[LM4549_Vendor_ID1] = 0x4e53;
- regfile[LM4549_Vendor_ID2] = 0x4331;
-}
-
-static void lm4549_audio_transfer(lm4549_state *s)
-{
- uint32_t written_bytes, written_samples;
- uint32_t i;
-
- /* Activate the voice */
- AUD_set_active_out(s->voice, 1);
- s->voice_is_active = 1;
-
- /* Try to write the buffer content */
- written_bytes = AUD_write(s->voice, s->buffer,
- s->buffer_level * sizeof(uint16_t));
- written_samples = written_bytes >> 1;
-
-#if defined(LM4549_DUMP_DAC_INPUT)
- fwrite(s->buffer, sizeof(uint8_t), written_bytes, fp_dac_input);
-#endif
-
- s->buffer_level -= written_samples;
-
- if (s->buffer_level > 0) {
- /* Move the data back to the start of the buffer */
- for (i = 0; i < s->buffer_level; i++) {
- s->buffer[i] = s->buffer[i + written_samples];
- }
- }
-}
-
-static void lm4549_audio_out_callback(void *opaque, int free)
-{
- lm4549_state *s = (lm4549_state *)opaque;
- static uint32_t prev_buffer_level;
-
-#ifdef LM4549_DEBUG
- int size = AUD_get_buffer_size_out(s->voice);
- DPRINTF("audio_out_callback size = %i free = %i\n", size, free);
-#endif
-
- /* Detect that no data are consumed
- => disable the voice */
- if (s->buffer_level == prev_buffer_level) {
- AUD_set_active_out(s->voice, 0);
- s->voice_is_active = 0;
- }
- prev_buffer_level = s->buffer_level;
-
- /* Check if a buffer transfer is pending */
- if (s->buffer_level == LM4549_BUFFER_SIZE) {
- lm4549_audio_transfer(s);
-
- /* Request more data */
- if (s->data_req_cb != NULL) {
- (s->data_req_cb)(s->opaque);
- }
- }
-}
-
-uint32_t lm4549_read(lm4549_state *s, hwaddr offset)
-{
- uint16_t *regfile = s->regfile;
- uint32_t value = 0;
-
- /* Read the stored value */
- assert(offset < 128);
- value = regfile[offset];
-
- DPRINTF("read [0x%02x] = 0x%04x\n", offset, value);
-
- return value;
-}
-
-void lm4549_write(lm4549_state *s,
- hwaddr offset, uint32_t value)
-{
- uint16_t *regfile = s->regfile;
-
- assert(offset < 128);
- DPRINTF("write [0x%02x] = 0x%04x\n", offset, value);
-
- switch (offset) {
- case LM4549_Reset:
- lm4549_reset(s);
- break;
-
- case LM4549_PCM_Front_DAC_Rate:
- regfile[LM4549_PCM_Front_DAC_Rate] = value;
- DPRINTF("DAC rate change = %i\n", value);
-
- /* Re-open a voice with the new sample rate */
- struct audsettings as;
- as.freq = value;
- as.nchannels = 2;
- as.fmt = AUD_FMT_S16;
- as.endianness = 0;
-
- s->voice = AUD_open_out(
- &s->card,
- s->voice,
- "lm4549.out",
- s,
- lm4549_audio_out_callback,
- &as
- );
- break;
-
- case LM4549_Powerdown_Ctrl_Stat:
- value &= ~0xf;
- value |= regfile[LM4549_Powerdown_Ctrl_Stat] & 0xf;
- regfile[LM4549_Powerdown_Ctrl_Stat] = value;
- break;
-
- case LM4549_Ext_Audio_ID:
- case LM4549_Vendor_ID1:
- case LM4549_Vendor_ID2:
- DPRINTF("Write to read-only register 0x%x\n", (int)offset);
- break;
-
- default:
- /* Store the new value */
- regfile[offset] = value;
- break;
- }
-}
-
-uint32_t lm4549_write_samples(lm4549_state *s, uint32_t left, uint32_t right)
-{
- /* The left and right samples are in 20-bit resolution.
- The LM4549 has 18-bit resolution and only uses the bits [19:2].
- This model supports 16-bit playback.
- */
-
- if (s->buffer_level > LM4549_BUFFER_SIZE - 2) {
- DPRINTF("write_sample Buffer full\n");
- return 0;
- }
-
- /* Store 16-bit samples in the buffer */
- s->buffer[s->buffer_level++] = (left >> 4);
- s->buffer[s->buffer_level++] = (right >> 4);
-
- if (s->buffer_level == LM4549_BUFFER_SIZE) {
- /* Trigger the transfer of the buffer to the audio host */
- lm4549_audio_transfer(s);
- }
-
- return 1;
-}
-
-static int lm4549_post_load(void *opaque, int version_id)
-{
- lm4549_state *s = (lm4549_state *)opaque;
- uint16_t *regfile = s->regfile;
-
- /* Re-open a voice with the current sample rate */
- uint32_t freq = regfile[LM4549_PCM_Front_DAC_Rate];
-
- DPRINTF("post_load freq = %i\n", freq);
- DPRINTF("post_load voice_is_active = %i\n", s->voice_is_active);
-
- struct audsettings as;
- as.freq = freq;
- as.nchannels = 2;
- as.fmt = AUD_FMT_S16;
- as.endianness = 0;
-
- s->voice = AUD_open_out(
- &s->card,
- s->voice,
- "lm4549.out",
- s,
- lm4549_audio_out_callback,
- &as
- );
-
- /* Request data */
- if (s->voice_is_active == 1) {
- lm4549_audio_out_callback(s, AUD_get_buffer_size_out(s->voice));
- }
-
- return 0;
-}
-
-void lm4549_init(lm4549_state *s, lm4549_callback data_req_cb, void* opaque)
-{
- struct audsettings as;
-
- /* Store the callback and opaque pointer */
- s->data_req_cb = data_req_cb;
- s->opaque = opaque;
-
- /* Init the registers */
- lm4549_reset(s);
-
- /* Register an audio card */
- AUD_register_card("lm4549", &s->card);
-
- /* Open a default voice */
- as.freq = 48000;
- as.nchannels = 2;
- as.fmt = AUD_FMT_S16;
- as.endianness = 0;
-
- s->voice = AUD_open_out(
- &s->card,
- s->voice,
- "lm4549.out",
- s,
- lm4549_audio_out_callback,
- &as
- );
-
- AUD_set_volume_out(s->voice, 0, 255, 255);
-
- s->voice_is_active = 0;
-
- /* Reset the input buffer */
- memset(s->buffer, 0x00, sizeof(s->buffer));
- s->buffer_level = 0;
-
-#if defined(LM4549_DUMP_DAC_INPUT)
- fp_dac_input = fopen("lm4549_dac_input.pcm", "wb");
- if (!fp_dac_input) {
- hw_error("Unable to open lm4549_dac_input.pcm for writing\n");
- }
-#endif
-}
-
-const VMStateDescription vmstate_lm4549_state = {
- .name = "lm4549_state",
- .version_id = 1,
- .minimum_version_id = 1,
- .minimum_version_id_old = 1,
- .post_load = &lm4549_post_load,
- .fields = (VMStateField[]) {
- VMSTATE_UINT32(voice_is_active, lm4549_state),
- VMSTATE_UINT16_ARRAY(regfile, lm4549_state, 128),
- VMSTATE_UINT16_ARRAY(buffer, lm4549_state, LM4549_BUFFER_SIZE),
- VMSTATE_UINT32(buffer_level, lm4549_state),
- VMSTATE_END_OF_LIST()
- }
-};
diff --git a/hw/lm832x.c b/hw/lm832x.c
deleted file mode 100644
index 8e09f9bcc..000000000
--- a/hw/lm832x.c
+++ /dev/null
@@ -1,521 +0,0 @@
-/*
- * National Semiconductor LM8322/8323 GPIO keyboard & PWM chips.
- *
- * Copyright (C) 2008 Nokia Corporation
- * Written by Andrzej Zaborowski <andrew@openedhand.com>
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License as
- * published by the Free Software Foundation; either version 2 or
- * (at your option) version 3 of the License.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, see <http://www.gnu.org/licenses/>.
- */
-
-#include "hw.h"
-#include "i2c.h"
-#include "qemu-timer.h"
-#include "console.h"
-
-typedef struct {
- I2CSlave i2c;
- uint8_t i2c_dir;
- uint8_t i2c_cycle;
- uint8_t reg;
-
- qemu_irq nirq;
- uint16_t model;
-
- struct {
- qemu_irq out[2];
- int in[2][2];
- } mux;
-
- uint8_t config;
- uint8_t status;
- uint8_t acttime;
- uint8_t error;
- uint8_t clock;
-
- struct {
- uint16_t pull;
- uint16_t mask;
- uint16_t dir;
- uint16_t level;
- qemu_irq out[16];
- } gpio;
-
- struct {
- uint8_t dbnctime;
- uint8_t size;
- uint8_t start;
- uint8_t len;
- uint8_t fifo[16];
- } kbd;
-
- struct {
- uint16_t file[256];
- uint8_t faddr;
- uint8_t addr[3];
- QEMUTimer *tm[3];
- } pwm;
-} LM823KbdState;
-
-#define INT_KEYPAD (1 << 0)
-#define INT_ERROR (1 << 3)
-#define INT_NOINIT (1 << 4)
-#define INT_PWMEND(n) (1 << (5 + n))
-
-#define ERR_BADPAR (1 << 0)
-#define ERR_CMDUNK (1 << 1)
-#define ERR_KEYOVR (1 << 2)
-#define ERR_FIFOOVR (1 << 6)
-
-static void lm_kbd_irq_update(LM823KbdState *s)
-{
- qemu_set_irq(s->nirq, !s->status);
-}
-
-static void lm_kbd_gpio_update(LM823KbdState *s)
-{
-}
-
-static void lm_kbd_reset(LM823KbdState *s)
-{
- s->config = 0x80;
- s->status = INT_NOINIT;
- s->acttime = 125;
- s->kbd.dbnctime = 3;
- s->kbd.size = 0x33;
- s->clock = 0x08;
-
- lm_kbd_irq_update(s);
- lm_kbd_gpio_update(s);
-}
-
-static void lm_kbd_error(LM823KbdState *s, int err)
-{
- s->error |= err;
- s->status |= INT_ERROR;
- lm_kbd_irq_update(s);
-}
-
-static void lm_kbd_pwm_tick(LM823KbdState *s, int line)
-{
-}
-
-static void lm_kbd_pwm_start(LM823KbdState *s, int line)
-{
- lm_kbd_pwm_tick(s, line);
-}
-
-static void lm_kbd_pwm0_tick(void *opaque)
-{
- lm_kbd_pwm_tick(opaque, 0);
-}
-static void lm_kbd_pwm1_tick(void *opaque)
-{
- lm_kbd_pwm_tick(opaque, 1);
-}
-static void lm_kbd_pwm2_tick(void *opaque)
-{
- lm_kbd_pwm_tick(opaque, 2);
-}
-
-enum {
- LM832x_CMD_READ_ID = 0x80, /* Read chip ID. */
- LM832x_CMD_WRITE_CFG = 0x81, /* Set configuration item. */
- LM832x_CMD_READ_INT = 0x82, /* Get interrupt status. */
- LM832x_CMD_RESET = 0x83, /* Reset, same as external one */
- LM823x_CMD_WRITE_PULL_DOWN = 0x84, /* Select GPIO pull-up/down. */
- LM832x_CMD_WRITE_PORT_SEL = 0x85, /* Select GPIO in/out. */
- LM832x_CMD_WRITE_PORT_STATE = 0x86, /* Set GPIO pull-up/down. */
- LM832x_CMD_READ_PORT_SEL = 0x87, /* Get GPIO in/out. */
- LM832x_CMD_READ_PORT_STATE = 0x88, /* Get GPIO pull-up/down. */
- LM832x_CMD_READ_FIFO = 0x89, /* Read byte from FIFO. */
- LM832x_CMD_RPT_READ_FIFO = 0x8a, /* Read FIFO (no increment). */
- LM832x_CMD_SET_ACTIVE = 0x8b, /* Set active time. */
- LM832x_CMD_READ_ERROR = 0x8c, /* Get error status. */
- LM832x_CMD_READ_ROTATOR = 0x8e, /* Read rotator status. */
- LM832x_CMD_SET_DEBOUNCE = 0x8f, /* Set debouncing time. */
- LM832x_CMD_SET_KEY_SIZE = 0x90, /* Set keypad size. */
- LM832x_CMD_READ_KEY_SIZE = 0x91, /* Get keypad size. */
- LM832x_CMD_READ_CFG = 0x92, /* Get configuration item. */
- LM832x_CMD_WRITE_CLOCK = 0x93, /* Set clock config. */
- LM832x_CMD_READ_CLOCK = 0x94, /* Get clock config. */
- LM832x_CMD_PWM_WRITE = 0x95, /* Write PWM script. */
- LM832x_CMD_PWM_START = 0x96, /* Start PWM engine. */
- LM832x_CMD_PWM_STOP = 0x97, /* Stop PWM engine. */
- LM832x_GENERAL_ERROR = 0xff, /* There was one error.
- Previously was represented by -1
- This is not a command */
-};
-
-#define LM832x_MAX_KPX 8
-#define LM832x_MAX_KPY 12
-
-static uint8_t lm_kbd_read(LM823KbdState *s, int reg, int byte)
-{
- int ret;
-
- switch (reg) {
- case LM832x_CMD_READ_ID:
- ret = 0x0400;
- break;
-
- case LM832x_CMD_READ_INT:
- ret = s->status;
- if (!(s->status & INT_NOINIT)) {
- s->status = 0;
- lm_kbd_irq_update(s);
- }
- break;
-
- case LM832x_CMD_READ_PORT_SEL:
- ret = s->gpio.dir;
- break;
- case LM832x_CMD_READ_PORT_STATE:
- ret = s->gpio.mask;
- break;
-
- case LM832x_CMD_READ_FIFO:
- if (s->kbd.len <= 1)
- return 0x00;
-
- /* Example response from the two commands after a INT_KEYPAD
- * interrupt caused by the key 0x3c being pressed:
- * RPT_READ_FIFO: 55 bc 00 4e ff 0a 50 08 00 29 d9 08 01 c9 01
- * READ_FIFO: bc 00 00 4e ff 0a 50 08 00 29 d9 08 01 c9 01
- * RPT_READ_FIFO: bc 00 00 4e ff 0a 50 08 00 29 d9 08 01 c9 01
- *
- * 55 is the code of the key release event serviced in the previous
- * interrupt handling.
- *
- * TODO: find out whether the FIFO is advanced a single character
- * before reading every byte or the whole size of the FIFO at the
- * last LM832x_CMD_READ_FIFO. This affects LM832x_CMD_RPT_READ_FIFO
- * output in cases where there are more than one event in the FIFO.
- * Assume 0xbc and 0x3c events are in the FIFO:
- * RPT_READ_FIFO: 55 bc 3c 00 4e ff 0a 50 08 00 29 d9 08 01 c9
- * READ_FIFO: bc 3c 00 00 4e ff 0a 50 08 00 29 d9 08 01 c9
- * Does RPT_READ_FIFO now return 0xbc and 0x3c or only 0x3c?
- */
- s->kbd.start ++;
- s->kbd.start &= sizeof(s->kbd.fifo) - 1;
- s->kbd.len --;
-
- return s->kbd.fifo[s->kbd.start];
- case LM832x_CMD_RPT_READ_FIFO:
- if (byte >= s->kbd.len)
- return 0x00;
-
- return s->kbd.fifo[(s->kbd.start + byte) & (sizeof(s->kbd.fifo) - 1)];
-
- case LM832x_CMD_READ_ERROR:
- return s->error;
-
- case LM832x_CMD_READ_ROTATOR:
- return 0;
-
- case LM832x_CMD_READ_KEY_SIZE:
- return s->kbd.size;
-
- case LM832x_CMD_READ_CFG:
- return s->config & 0xf;
-
- case LM832x_CMD_READ_CLOCK:
- return (s->clock & 0xfc) | 2;
-
- default:
- lm_kbd_error(s, ERR_CMDUNK);
- fprintf(stderr, "%s: unknown command %02x\n", __FUNCTION__, reg);
- return 0x00;
- }
-
- return ret >> (byte << 3);
-}
-
-static void lm_kbd_write(LM823KbdState *s, int reg, int byte, uint8_t value)
-{
- switch (reg) {
- case LM832x_CMD_WRITE_CFG:
- s->config = value;
- /* This must be done whenever s->mux.in is updated (never). */
- if ((s->config >> 1) & 1) /* MUX1EN */
- qemu_set_irq(s->mux.out[0], s->mux.in[0][(s->config >> 0) & 1]);
- if ((s->config >> 3) & 1) /* MUX2EN */
- qemu_set_irq(s->mux.out[0], s->mux.in[0][(s->config >> 2) & 1]);
- /* TODO: check that this is issued only following the chip reset
- * and not in the middle of operation and that it is followed by
- * the GPIO ports re-resablishing through WRITE_PORT_SEL and
- * WRITE_PORT_STATE (using a timer perhaps) and otherwise output
- * warnings. */
- s->status = 0;
- lm_kbd_irq_update(s);
- s->kbd.len = 0;
- s->kbd.start = 0;
- s->reg = LM832x_GENERAL_ERROR;
- break;
-
- case LM832x_CMD_RESET:
- if (value == 0xaa)
- lm_kbd_reset(s);
- else
- lm_kbd_error(s, ERR_BADPAR);
- s->reg = LM832x_GENERAL_ERROR;
- break;
-
- case LM823x_CMD_WRITE_PULL_DOWN:
- if (!byte)
- s->gpio.pull = value;
- else {
- s->gpio.pull |= value << 8;
- lm_kbd_gpio_update(s);
- s->reg = LM832x_GENERAL_ERROR;
- }
- break;
- case LM832x_CMD_WRITE_PORT_SEL:
- if (!byte)
- s->gpio.dir = value;
- else {
- s->gpio.dir |= value << 8;
- lm_kbd_gpio_update(s);
- s->reg = LM832x_GENERAL_ERROR;
- }
- break;
- case LM832x_CMD_WRITE_PORT_STATE:
- if (!byte)
- s->gpio.mask = value;
- else {
- s->gpio.mask |= value << 8;
- lm_kbd_gpio_update(s);
- s->reg = LM832x_GENERAL_ERROR;
- }
- break;
-
- case LM832x_CMD_SET_ACTIVE:
- s->acttime = value;
- s->reg = LM832x_GENERAL_ERROR;
- break;
-
- case LM832x_CMD_SET_DEBOUNCE:
- s->kbd.dbnctime = value;
- s->reg = LM832x_GENERAL_ERROR;
- if (!value)
- lm_kbd_error(s, ERR_BADPAR);
- break;
-
- case LM832x_CMD_SET_KEY_SIZE:
- s->kbd.size = value;
- s->reg = LM832x_GENERAL_ERROR;
- if (
- (value & 0xf) < 3 || (value & 0xf) > LM832x_MAX_KPY ||
- (value >> 4) < 3 || (value >> 4) > LM832x_MAX_KPX)
- lm_kbd_error(s, ERR_BADPAR);
- break;
-
- case LM832x_CMD_WRITE_CLOCK:
- s->clock = value;
- s->reg = LM832x_GENERAL_ERROR;
- if ((value & 3) && (value & 3) != 3) {
- lm_kbd_error(s, ERR_BADPAR);
- fprintf(stderr, "%s: invalid clock setting in RCPWM\n",
- __FUNCTION__);
- }
- /* TODO: Validate that the command is only issued once */
- break;
-
- case LM832x_CMD_PWM_WRITE:
- if (byte == 0) {
- if (!(value & 3) || (value >> 2) > 59) {
- lm_kbd_error(s, ERR_BADPAR);
- s->reg = LM832x_GENERAL_ERROR;
- break;
- }
-
- s->pwm.faddr = value;
- s->pwm.file[s->pwm.faddr] = 0;
- } else if (byte == 1) {
- s->pwm.file[s->pwm.faddr] |= value << 8;
- } else if (byte == 2) {
- s->pwm.file[s->pwm.faddr] |= value << 0;
- s->reg = LM832x_GENERAL_ERROR;
- }
- break;
- case LM832x_CMD_PWM_START:
- s->reg = LM832x_GENERAL_ERROR;
- if (!(value & 3) || (value >> 2) > 59) {
- lm_kbd_error(s, ERR_BADPAR);
- break;
- }
-
- s->pwm.addr[(value & 3) - 1] = value >> 2;
- lm_kbd_pwm_start(s, (value & 3) - 1);
- break;
- case LM832x_CMD_PWM_STOP:
- s->reg = LM832x_GENERAL_ERROR;
- if (!(value & 3)) {
- lm_kbd_error(s, ERR_BADPAR);
- break;
- }
-
- qemu_del_timer(s->pwm.tm[(value & 3) - 1]);
- break;
-
- case LM832x_GENERAL_ERROR:
- lm_kbd_error(s, ERR_BADPAR);
- break;
- default:
- lm_kbd_error(s, ERR_CMDUNK);
- fprintf(stderr, "%s: unknown command %02x\n", __FUNCTION__, reg);
- break;
- }
-}
-
-static void lm_i2c_event(I2CSlave *i2c, enum i2c_event event)
-{
- LM823KbdState *s = FROM_I2C_SLAVE(LM823KbdState, i2c);
-
- switch (event) {
- case I2C_START_RECV:
- case I2C_START_SEND:
- s->i2c_cycle = 0;
- s->i2c_dir = (event == I2C_START_SEND);
- break;
-
- default:
- break;
- }
-}
-
-static int lm_i2c_rx(I2CSlave *i2c)
-{
- LM823KbdState *s = FROM_I2C_SLAVE(LM823KbdState, i2c);
-
- return lm_kbd_read(s, s->reg, s->i2c_cycle ++);
-}
-
-static int lm_i2c_tx(I2CSlave *i2c, uint8_t data)
-{
- LM823KbdState *s = (LM823KbdState *) i2c;
-
- if (!s->i2c_cycle)
- s->reg = data;
- else
- lm_kbd_write(s, s->reg, s->i2c_cycle - 1, data);
- s->i2c_cycle ++;
-
- return 0;
-}
-
-static int lm_kbd_post_load(void *opaque, int version_id)
-{
- LM823KbdState *s = opaque;
-
- lm_kbd_irq_update(s);
- lm_kbd_gpio_update(s);
-
- return 0;
-}
-
-static const VMStateDescription vmstate_lm_kbd = {
- .name = "LM8323",
- .version_id = 0,
- .minimum_version_id = 0,
- .minimum_version_id_old = 0,
- .post_load = lm_kbd_post_load,
- .fields = (VMStateField []) {
- VMSTATE_I2C_SLAVE(i2c, LM823KbdState),
- VMSTATE_UINT8(i2c_dir, LM823KbdState),
- VMSTATE_UINT8(i2c_cycle, LM823KbdState),
- VMSTATE_UINT8(reg, LM823KbdState),
- VMSTATE_UINT8(config, LM823KbdState),
- VMSTATE_UINT8(status, LM823KbdState),
- VMSTATE_UINT8(acttime, LM823KbdState),
- VMSTATE_UINT8(error, LM823KbdState),
- VMSTATE_UINT8(clock, LM823KbdState),
- VMSTATE_UINT16(gpio.pull, LM823KbdState),
- VMSTATE_UINT16(gpio.mask, LM823KbdState),
- VMSTATE_UINT16(gpio.dir, LM823KbdState),
- VMSTATE_UINT16(gpio.level, LM823KbdState),
- VMSTATE_UINT8(kbd.dbnctime, LM823KbdState),
- VMSTATE_UINT8(kbd.size, LM823KbdState),
- VMSTATE_UINT8(kbd.start, LM823KbdState),
- VMSTATE_UINT8(kbd.len, LM823KbdState),
- VMSTATE_BUFFER(kbd.fifo, LM823KbdState),
- VMSTATE_UINT16_ARRAY(pwm.file, LM823KbdState, 256),
- VMSTATE_UINT8(pwm.faddr, LM823KbdState),
- VMSTATE_BUFFER(pwm.addr, LM823KbdState),
- VMSTATE_TIMER_ARRAY(pwm.tm, LM823KbdState, 3),
- VMSTATE_END_OF_LIST()
- }
-};
-
-
-static int lm8323_init(I2CSlave *i2c)
-{
- LM823KbdState *s = FROM_I2C_SLAVE(LM823KbdState, i2c);
-
- s->model = 0x8323;
- s->pwm.tm[0] = qemu_new_timer_ns(vm_clock, lm_kbd_pwm0_tick, s);
- s->pwm.tm[1] = qemu_new_timer_ns(vm_clock, lm_kbd_pwm1_tick, s);
- s->pwm.tm[2] = qemu_new_timer_ns(vm_clock, lm_kbd_pwm2_tick, s);
- qdev_init_gpio_out(&i2c->qdev, &s->nirq, 1);
-
- lm_kbd_reset(s);
-
- qemu_register_reset((void *) lm_kbd_reset, s);
- return 0;
-}
-
-void lm832x_key_event(DeviceState *dev, int key, int state)
-{
- LM823KbdState *s = FROM_I2C_SLAVE(LM823KbdState, I2C_SLAVE_FROM_QDEV(dev));
-
- if ((s->status & INT_ERROR) && (s->error & ERR_FIFOOVR))
- return;
-
- if (s->kbd.len >= sizeof(s->kbd.fifo)) {
- lm_kbd_error(s, ERR_FIFOOVR);
- return;
- }
-
- s->kbd.fifo[(s->kbd.start + s->kbd.len ++) & (sizeof(s->kbd.fifo) - 1)] =
- key | (state << 7);
-
- /* We never set ERR_KEYOVR because we support multiple keys fine. */
- s->status |= INT_KEYPAD;
- lm_kbd_irq_update(s);
-}
-
-static void lm8323_class_init(ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS(klass);
- I2CSlaveClass *k = I2C_SLAVE_CLASS(klass);
-
- k->init = lm8323_init;
- k->event = lm_i2c_event;
- k->recv = lm_i2c_rx;
- k->send = lm_i2c_tx;
- dc->vmsd = &vmstate_lm_kbd;
-}
-
-static TypeInfo lm8323_info = {
- .name = "lm8323",
- .parent = TYPE_I2C_SLAVE,
- .instance_size = sizeof(LM823KbdState),
- .class_init = lm8323_class_init,
-};
-
-static void lm832x_register_types(void)
-{
- type_register_static(&lm8323_info);
-}
-
-type_init(lm832x_register_types)
diff --git a/hw/loader.c b/hw/loader.c
deleted file mode 100644
index ba01ca663..000000000
--- a/hw/loader.c
+++ /dev/null
@@ -1,801 +0,0 @@
-/*
- * QEMU Executable loader
- *
- * Copyright (c) 2006 Fabrice Bellard
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
- * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
- * THE SOFTWARE.
- *
- * Gunzip functionality in this file is derived from u-boot:
- *
- * (C) Copyright 2008 Semihalf
- *
- * (C) Copyright 2000-2005
- * Wolfgang Denk, DENX Software Engineering, wd@denx.de.
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License as
- * published by the Free Software Foundation; either version 2 of
- * the License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, see <http://www.gnu.org/licenses/>.
- */
-
-#include "hw.h"
-#include "disas.h"
-#include "monitor.h"
-#include "sysemu.h"
-#include "uboot_image.h"
-#include "loader.h"
-#include "fw_cfg.h"
-#include "memory.h"
-#include "exec-memory.h"
-
-#include <zlib.h>
-
-static int roms_loaded;
-
-/* return the size or -1 if error */
-int get_image_size(const char *filename)
-{
- int fd, size;
- fd = open(filename, O_RDONLY | O_BINARY);
- if (fd < 0)
- return -1;
- size = lseek(fd, 0, SEEK_END);
- close(fd);
- return size;
-}
-
-/* return the size or -1 if error */
-/* deprecated, because caller does not specify buffer size! */
-int load_image(const char *filename, uint8_t *addr)
-{
- int fd, size;
- fd = open(filename, O_RDONLY | O_BINARY);
- if (fd < 0)
- return -1;
- size = lseek(fd, 0, SEEK_END);
- lseek(fd, 0, SEEK_SET);
- if (read(fd, addr, size) != size) {
- close(fd);
- return -1;
- }
- close(fd);
- return size;
-}
-
-/* read()-like version */
-ssize_t read_targphys(const char *name,
- int fd, hwaddr dst_addr, size_t nbytes)
-{
- uint8_t *buf;
- ssize_t did;
-
- buf = g_malloc(nbytes);
- did = read(fd, buf, nbytes);
- if (did > 0)
- rom_add_blob_fixed("read", buf, did, dst_addr);
- g_free(buf);
- return did;
-}
-
-/* return the size or -1 if error */
-int load_image_targphys(const char *filename,
- hwaddr addr, uint64_t max_sz)
-{
- int size;
-
- size = get_image_size(filename);
- if (size > max_sz) {
- return -1;
- }
- if (size > 0) {
- rom_add_file_fixed(filename, addr, -1);
- }
- return size;
-}
-
-void pstrcpy_targphys(const char *name, hwaddr dest, int buf_size,
- const char *source)
-{
- const char *nulp;
- char *ptr;
-
- if (buf_size <= 0) return;
- nulp = memchr(source, 0, buf_size);
- if (nulp) {
- rom_add_blob_fixed(name, source, (nulp - source) + 1, dest);
- } else {
- rom_add_blob_fixed(name, source, buf_size, dest);
- ptr = rom_ptr(dest + buf_size - 1);
- *ptr = 0;
- }
-}
-
-/* A.OUT loader */
-
-struct exec
-{
- uint32_t a_info; /* Use macros N_MAGIC, etc for access */
- uint32_t a_text; /* length of text, in bytes */
- uint32_t a_data; /* length of data, in bytes */
- uint32_t a_bss; /* length of uninitialized data area, in bytes */
- uint32_t a_syms; /* length of symbol table data in file, in bytes */
- uint32_t a_entry; /* start address */
- uint32_t a_trsize; /* length of relocation info for text, in bytes */
- uint32_t a_drsize; /* length of relocation info for data, in bytes */
-};
-
-static void bswap_ahdr(struct exec *e)
-{
- bswap32s(&e->a_info);
- bswap32s(&e->a_text);
- bswap32s(&e->a_data);
- bswap32s(&e->a_bss);
- bswap32s(&e->a_syms);
- bswap32s(&e->a_entry);
- bswap32s(&e->a_trsize);
- bswap32s(&e->a_drsize);
-}
-
-#define N_MAGIC(exec) ((exec).a_info & 0xffff)
-#define OMAGIC 0407
-#define NMAGIC 0410
-#define ZMAGIC 0413
-#define QMAGIC 0314
-#define _N_HDROFF(x) (1024 - sizeof (struct exec))
-#define N_TXTOFF(x) \
- (N_MAGIC(x) == ZMAGIC ? _N_HDROFF((x)) + sizeof (struct exec) : \
- (N_MAGIC(x) == QMAGIC ? 0 : sizeof (struct exec)))
-#define N_TXTADDR(x, target_page_size) (N_MAGIC(x) == QMAGIC ? target_page_size : 0)
-#define _N_SEGMENT_ROUND(x, target_page_size) (((x) + target_page_size - 1) & ~(target_page_size - 1))
-
-#define _N_TXTENDADDR(x, target_page_size) (N_TXTADDR(x, target_page_size)+(x).a_text)
-
-#define N_DATADDR(x, target_page_size) \
- (N_MAGIC(x)==OMAGIC? (_N_TXTENDADDR(x, target_page_size)) \
- : (_N_SEGMENT_ROUND (_N_TXTENDADDR(x, target_page_size), target_page_size)))
-
-
-int load_aout(const char *filename, hwaddr addr, int max_sz,
- int bswap_needed, hwaddr target_page_size)
-{
- int fd;
- ssize_t size, ret;
- struct exec e;
- uint32_t magic;
-
- fd = open(filename, O_RDONLY | O_BINARY);
- if (fd < 0)
- return -1;
-
- size = read(fd, &e, sizeof(e));
- if (size < 0)
- goto fail;
-
- if (bswap_needed) {
- bswap_ahdr(&e);
- }
-
- magic = N_MAGIC(e);
- switch (magic) {
- case ZMAGIC:
- case QMAGIC:
- case OMAGIC:
- if (e.a_text + e.a_data > max_sz)
- goto fail;
- lseek(fd, N_TXTOFF(e), SEEK_SET);
- size = read_targphys(filename, fd, addr, e.a_text + e.a_data);
- if (size < 0)
- goto fail;
- break;
- case NMAGIC:
- if (N_DATADDR(e, target_page_size) + e.a_data > max_sz)
- goto fail;
- lseek(fd, N_TXTOFF(e), SEEK_SET);
- size = read_targphys(filename, fd, addr, e.a_text);
- if (size < 0)
- goto fail;
- ret = read_targphys(filename, fd, addr + N_DATADDR(e, target_page_size),
- e.a_data);
- if (ret < 0)
- goto fail;
- size += ret;
- break;
- default:
- goto fail;
- }
- close(fd);
- return size;
- fail:
- close(fd);
- return -1;
-}
-
-/* ELF loader */
-
-static void *load_at(int fd, int offset, int size)
-{
- void *ptr;
- if (lseek(fd, offset, SEEK_SET) < 0)
- return NULL;
- ptr = g_malloc(size);
- if (read(fd, ptr, size) != size) {
- g_free(ptr);
- return NULL;
- }
- return ptr;
-}
-
-#ifdef ELF_CLASS
-#undef ELF_CLASS
-#endif
-
-#define ELF_CLASS ELFCLASS32
-#include "elf.h"
-
-#define SZ 32
-#define elf_word uint32_t
-#define elf_sword int32_t
-#define bswapSZs bswap32s
-#include "elf_ops.h"
-
-#undef elfhdr
-#undef elf_phdr
-#undef elf_shdr
-#undef elf_sym
-#undef elf_note
-#undef elf_word
-#undef elf_sword
-#undef bswapSZs
-#undef SZ
-#define elfhdr elf64_hdr
-#define elf_phdr elf64_phdr
-#define elf_note elf64_note
-#define elf_shdr elf64_shdr
-#define elf_sym elf64_sym
-#define elf_word uint64_t
-#define elf_sword int64_t
-#define bswapSZs bswap64s
-#define SZ 64
-#include "elf_ops.h"
-
-/* return < 0 if error, otherwise the number of bytes loaded in memory */
-int load_elf(const char *filename, uint64_t (*translate_fn)(void *, uint64_t),
- void *translate_opaque, uint64_t *pentry, uint64_t *lowaddr,
- uint64_t *highaddr, int big_endian, int elf_machine, int clear_lsb)
-{
- int fd, data_order, target_data_order, must_swab, ret;
- uint8_t e_ident[EI_NIDENT];
-
- fd = open(filename, O_RDONLY | O_BINARY);
- if (fd < 0) {
- perror(filename);
- return -1;
- }
- if (read(fd, e_ident, sizeof(e_ident)) != sizeof(e_ident))
- goto fail;
- if (e_ident[0] != ELFMAG0 ||
- e_ident[1] != ELFMAG1 ||
- e_ident[2] != ELFMAG2 ||
- e_ident[3] != ELFMAG3)
- goto fail;
-#ifdef HOST_WORDS_BIGENDIAN
- data_order = ELFDATA2MSB;
-#else
- data_order = ELFDATA2LSB;
-#endif
- must_swab = data_order != e_ident[EI_DATA];
- if (big_endian) {
- target_data_order = ELFDATA2MSB;
- } else {
- target_data_order = ELFDATA2LSB;
- }
-
- if (target_data_order != e_ident[EI_DATA]) {
- goto fail;
- }
-
- lseek(fd, 0, SEEK_SET);
- if (e_ident[EI_CLASS] == ELFCLASS64) {
- ret = load_elf64(filename, fd, translate_fn, translate_opaque, must_swab,
- pentry, lowaddr, highaddr, elf_machine, clear_lsb);
- } else {
- ret = load_elf32(filename, fd, translate_fn, translate_opaque, must_swab,
- pentry, lowaddr, highaddr, elf_machine, clear_lsb);
- }
-
- close(fd);
- return ret;
-
- fail:
- close(fd);
- return -1;
-}
-
-static void bswap_uboot_header(uboot_image_header_t *hdr)
-{
-#ifndef HOST_WORDS_BIGENDIAN
- bswap32s(&hdr->ih_magic);
- bswap32s(&hdr->ih_hcrc);
- bswap32s(&hdr->ih_time);
- bswap32s(&hdr->ih_size);
- bswap32s(&hdr->ih_load);
- bswap32s(&hdr->ih_ep);
- bswap32s(&hdr->ih_dcrc);
-#endif
-}
-
-
-#define ZALLOC_ALIGNMENT 16
-
-static void *zalloc(void *x, unsigned items, unsigned size)
-{
- void *p;
-
- size *= items;
- size = (size + ZALLOC_ALIGNMENT - 1) & ~(ZALLOC_ALIGNMENT - 1);
-
- p = g_malloc(size);
-
- return (p);
-}
-
-static void zfree(void *x, void *addr)
-{
- g_free(addr);
-}
-
-
-#define HEAD_CRC 2
-#define EXTRA_FIELD 4
-#define ORIG_NAME 8
-#define COMMENT 0x10
-#define RESERVED 0xe0
-
-#define DEFLATED 8
-
-/* This is the usual maximum in uboot, so if a uImage overflows this, it would
- * overflow on real hardware too. */
-#define UBOOT_MAX_GUNZIP_BYTES (64 << 20)
-
-static ssize_t gunzip(void *dst, size_t dstlen, uint8_t *src,
- size_t srclen)
-{
- z_stream s;
- ssize_t dstbytes;
- int r, i, flags;
-
- /* skip header */
- i = 10;
- flags = src[3];
- if (src[2] != DEFLATED || (flags & RESERVED) != 0) {
- puts ("Error: Bad gzipped data\n");
- return -1;
- }
- if ((flags & EXTRA_FIELD) != 0)
- i = 12 + src[10] + (src[11] << 8);
- if ((flags & ORIG_NAME) != 0)
- while (src[i++] != 0)
- ;
- if ((flags & COMMENT) != 0)
- while (src[i++] != 0)
- ;
- if ((flags & HEAD_CRC) != 0)
- i += 2;
- if (i >= srclen) {
- puts ("Error: gunzip out of data in header\n");
- return -1;
- }
-
- s.zalloc = zalloc;
- s.zfree = zfree;
-
- r = inflateInit2(&s, -MAX_WBITS);
- if (r != Z_OK) {
- printf ("Error: inflateInit2() returned %d\n", r);
- return (-1);
- }
- s.next_in = src + i;
- s.avail_in = srclen - i;
- s.next_out = dst;
- s.avail_out = dstlen;
- r = inflate(&s, Z_FINISH);
- if (r != Z_OK && r != Z_STREAM_END) {
- printf ("Error: inflate() returned %d\n", r);
- return -1;
- }
- dstbytes = s.next_out - (unsigned char *) dst;
- inflateEnd(&s);
-
- return dstbytes;
-}
-
-/* Load a U-Boot image. */
-int load_uimage(const char *filename, hwaddr *ep,
- hwaddr *loadaddr, int *is_linux)
-{
- int fd;
- int size;
- uboot_image_header_t h;
- uboot_image_header_t *hdr = &h;
- uint8_t *data = NULL;
- int ret = -1;
-
- fd = open(filename, O_RDONLY | O_BINARY);
- if (fd < 0)
- return -1;
-
- size = read(fd, hdr, sizeof(uboot_image_header_t));
- if (size < 0)
- goto out;
-
- bswap_uboot_header(hdr);
-
- if (hdr->ih_magic != IH_MAGIC)
- goto out;
-
- /* TODO: Implement other image types. */
- if (hdr->ih_type != IH_TYPE_KERNEL) {
- fprintf(stderr, "Can only load u-boot image type \"kernel\"\n");
- goto out;
- }
-
- switch (hdr->ih_comp) {
- case IH_COMP_NONE:
- case IH_COMP_GZIP:
- break;
- default:
- fprintf(stderr,
- "Unable to load u-boot images with compression type %d\n",
- hdr->ih_comp);
- goto out;
- }
-
- /* TODO: Check CPU type. */
- if (is_linux) {
- if (hdr->ih_os == IH_OS_LINUX)
- *is_linux = 1;
- else
- *is_linux = 0;
- }
-
- *ep = hdr->ih_ep;
- data = g_malloc(hdr->ih_size);
-
- if (read(fd, data, hdr->ih_size) != hdr->ih_size) {
- fprintf(stderr, "Error reading file\n");
- goto out;
- }
-
- if (hdr->ih_comp == IH_COMP_GZIP) {
- uint8_t *compressed_data;
- size_t max_bytes;
- ssize_t bytes;
-
- compressed_data = data;
- max_bytes = UBOOT_MAX_GUNZIP_BYTES;
- data = g_malloc(max_bytes);
-
- bytes = gunzip(data, max_bytes, compressed_data, hdr->ih_size);
- g_free(compressed_data);
- if (bytes < 0) {
- fprintf(stderr, "Unable to decompress gzipped image!\n");
- goto out;
- }
- hdr->ih_size = bytes;
- }
-
- rom_add_blob_fixed(filename, data, hdr->ih_size, hdr->ih_load);
-
- if (loadaddr)
- *loadaddr = hdr->ih_load;
-
- ret = hdr->ih_size;
-
-out:
- if (data)
- g_free(data);
- close(fd);
- return ret;
-}
-
-/*
- * Functions for reboot-persistent memory regions.
- * - used for vga bios and option roms.
- * - also linux kernel (-kernel / -initrd).
- */
-
-typedef struct Rom Rom;
-
-struct Rom {
- char *name;
- char *path;
- size_t romsize;
- uint8_t *data;
- int isrom;
- char *fw_dir;
- char *fw_file;
-
- hwaddr addr;
- QTAILQ_ENTRY(Rom) next;
-};
-
-static FWCfgState *fw_cfg;
-static QTAILQ_HEAD(, Rom) roms = QTAILQ_HEAD_INITIALIZER(roms);
-
-static void rom_insert(Rom *rom)
-{
- Rom *item;
-
- if (roms_loaded) {
- hw_error ("ROM images must be loaded at startup\n");
- }
-
- /* list is ordered by load address */
- QTAILQ_FOREACH(item, &roms, next) {
- if (rom->addr >= item->addr)
- continue;
- QTAILQ_INSERT_BEFORE(item, rom, next);
- return;
- }
- QTAILQ_INSERT_TAIL(&roms, rom, next);
-}
-
-int rom_add_file(const char *file, const char *fw_dir,
- hwaddr addr, int32_t bootindex)
-{
- Rom *rom;
- int rc, fd = -1;
- char devpath[100];
-
- rom = g_malloc0(sizeof(*rom));
- rom->name = g_strdup(file);
- rom->path = qemu_find_file(QEMU_FILE_TYPE_BIOS, rom->name);
- if (rom->path == NULL) {
- rom->path = g_strdup(file);
- }
-
- fd = open(rom->path, O_RDONLY | O_BINARY);
- if (fd == -1) {
- fprintf(stderr, "Could not open option rom '%s': %s\n",
- rom->path, strerror(errno));
- goto err;
- }
-
- if (fw_dir) {
- rom->fw_dir = g_strdup(fw_dir);
- rom->fw_file = g_strdup(file);
- }
- rom->addr = addr;
- rom->romsize = lseek(fd, 0, SEEK_END);
- rom->data = g_malloc0(rom->romsize);
- lseek(fd, 0, SEEK_SET);
- rc = read(fd, rom->data, rom->romsize);
- if (rc != rom->romsize) {
- fprintf(stderr, "rom: file %-20s: read error: rc=%d (expected %zd)\n",
- rom->name, rc, rom->romsize);
- goto err;
- }
- close(fd);
- rom_insert(rom);
- if (rom->fw_file && fw_cfg) {
- const char *basename;
- char fw_file_name[56];
-
- basename = strrchr(rom->fw_file, '/');
- if (basename) {
- basename++;
- } else {
- basename = rom->fw_file;
- }
- snprintf(fw_file_name, sizeof(fw_file_name), "%s/%s", rom->fw_dir,
- basename);
- fw_cfg_add_file(fw_cfg, fw_file_name, rom->data, rom->romsize);
- snprintf(devpath, sizeof(devpath), "/rom@%s", fw_file_name);
- } else {
- snprintf(devpath, sizeof(devpath), "/rom@" TARGET_FMT_plx, addr);
- }
-
- add_boot_device_path(bootindex, NULL, devpath);
- return 0;
-
-err:
- if (fd != -1)
- close(fd);
- g_free(rom->data);
- g_free(rom->path);
- g_free(rom->name);
- g_free(rom);
- return -1;
-}
-
-int rom_add_blob(const char *name, const void *blob, size_t len,
- hwaddr addr)
-{
- Rom *rom;
-
- rom = g_malloc0(sizeof(*rom));
- rom->name = g_strdup(name);
- rom->addr = addr;
- rom->romsize = len;
- rom->data = g_malloc0(rom->romsize);
- memcpy(rom->data, blob, len);
- rom_insert(rom);
- return 0;
-}
-
-int rom_add_vga(const char *file)
-{
- return rom_add_file(file, "vgaroms", 0, -1);
-}
-
-int rom_add_option(const char *file, int32_t bootindex)
-{
- return rom_add_file(file, "genroms", 0, bootindex);
-}
-
-static void rom_reset(void *unused)
-{
- Rom *rom;
-
- QTAILQ_FOREACH(rom, &roms, next) {
- if (rom->fw_file) {
- continue;
- }
- if (rom->data == NULL) {
- continue;
- }
- cpu_physical_memory_write_rom(rom->addr, rom->data, rom->romsize);
- if (rom->isrom) {
- /* rom needs to be written only once */
- g_free(rom->data);
- rom->data = NULL;
- }
- }
-}
-
-int rom_load_all(void)
-{
- hwaddr addr = 0;
- MemoryRegionSection section;
- Rom *rom;
-
- QTAILQ_FOREACH(rom, &roms, next) {
- if (rom->fw_file) {
- continue;
- }
- if (addr > rom->addr) {
- fprintf(stderr, "rom: requested regions overlap "
- "(rom %s. free=0x" TARGET_FMT_plx
- ", addr=0x" TARGET_FMT_plx ")\n",
- rom->name, addr, rom->addr);
- return -1;
- }
- addr = rom->addr;
- addr += rom->romsize;
- section = memory_region_find(get_system_memory(), rom->addr, 1);
- rom->isrom = section.size && memory_region_is_rom(section.mr);
- }
- qemu_register_reset(rom_reset, NULL);
- roms_loaded = 1;
- return 0;
-}
-
-void rom_set_fw(void *f)
-{
- fw_cfg = f;
-}
-
-static Rom *find_rom(hwaddr addr)
-{
- Rom *rom;
-
- QTAILQ_FOREACH(rom, &roms, next) {
- if (rom->fw_file) {
- continue;
- }
- if (rom->addr > addr) {
- continue;
- }
- if (rom->addr + rom->romsize < addr) {
- continue;
- }
- return rom;
- }
- return NULL;
-}
-
-/*
- * Copies memory from registered ROMs to dest. Any memory that is contained in
- * a ROM between addr and addr + size is copied. Note that this can involve
- * multiple ROMs, which need not start at addr and need not end at addr + size.
- */
-int rom_copy(uint8_t *dest, hwaddr addr, size_t size)
-{
- hwaddr end = addr + size;
- uint8_t *s, *d = dest;
- size_t l = 0;
- Rom *rom;
-
- QTAILQ_FOREACH(rom, &roms, next) {
- if (rom->fw_file) {
- continue;
- }
- if (rom->addr + rom->romsize < addr) {
- continue;
- }
- if (rom->addr > end) {
- break;
- }
- if (!rom->data) {
- continue;
- }
-
- d = dest + (rom->addr - addr);
- s = rom->data;
- l = rom->romsize;
-
- if ((d + l) > (dest + size)) {
- l = dest - d;
- }
-
- memcpy(d, s, l);
- }
-
- return (d + l) - dest;
-}
-
-void *rom_ptr(hwaddr addr)
-{
- Rom *rom;
-
- rom = find_rom(addr);
- if (!rom || !rom->data)
- return NULL;
- return rom->data + (addr - rom->addr);
-}
-
-void do_info_roms(Monitor *mon)
-{
- Rom *rom;
-
- QTAILQ_FOREACH(rom, &roms, next) {
- if (!rom->fw_file) {
- monitor_printf(mon, "addr=" TARGET_FMT_plx
- " size=0x%06zx mem=%s name=\"%s\"\n",
- rom->addr, rom->romsize,
- rom->isrom ? "rom" : "ram",
- rom->name);
- } else {
- monitor_printf(mon, "fw=%s/%s"
- " size=0x%06zx name=\"%s\"\n",
- rom->fw_dir,
- rom->fw_file,
- rom->romsize,
- rom->name);
- }
- }
-}
diff --git a/hw/loader.h b/hw/loader.h
deleted file mode 100644
index 26480ad8d..000000000
--- a/hw/loader.h
+++ /dev/null
@@ -1,49 +0,0 @@
-#ifndef LOADER_H
-#define LOADER_H
-
-/* loader.c */
-int get_image_size(const char *filename);
-int load_image(const char *filename, uint8_t *addr); /* deprecated */
-int load_image_targphys(const char *filename, hwaddr,
- uint64_t max_sz);
-int load_elf(const char *filename, uint64_t (*translate_fn)(void *, uint64_t),
- void *translate_opaque, uint64_t *pentry, uint64_t *lowaddr,
- uint64_t *highaddr, int big_endian, int elf_machine,
- int clear_lsb);
-int load_aout(const char *filename, hwaddr addr, int max_sz,
- int bswap_needed, hwaddr target_page_size);
-int load_uimage(const char *filename, hwaddr *ep,
- hwaddr *loadaddr, int *is_linux);
-
-ssize_t read_targphys(const char *name,
- int fd, hwaddr dst_addr, size_t nbytes);
-void pstrcpy_targphys(const char *name,
- hwaddr dest, int buf_size,
- const char *source);
-
-
-int rom_add_file(const char *file, const char *fw_dir,
- hwaddr addr, int32_t bootindex);
-int rom_add_blob(const char *name, const void *blob, size_t len,
- hwaddr addr);
-int rom_load_all(void);
-void rom_set_fw(void *f);
-int rom_copy(uint8_t *dest, hwaddr addr, size_t size);
-void *rom_ptr(hwaddr addr);
-void do_info_roms(Monitor *mon);
-
-#define rom_add_file_fixed(_f, _a, _i) \
- rom_add_file(_f, NULL, _a, _i)
-#define rom_add_blob_fixed(_f, _b, _l, _a) \
- rom_add_blob(_f, _b, _l, _a)
-
-#define PC_ROM_MIN_VGA 0xc0000
-#define PC_ROM_MIN_OPTION 0xc8000
-#define PC_ROM_MAX 0xe0000
-#define PC_ROM_ALIGN 0x800
-#define PC_ROM_SIZE (PC_ROM_MAX - PC_ROM_MIN_VGA)
-
-int rom_add_vga(const char *file);
-int rom_add_option(const char *file, int32_t bootindex);
-
-#endif
diff --git a/hw/lpc_ich9.c b/hw/lpc_ich9.c
deleted file mode 100644
index 2fc83a496..000000000
--- a/hw/lpc_ich9.c
+++ /dev/null
@@ -1,525 +0,0 @@
-/*
- * Copyright (c) 2006 Fabrice Bellard
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
- * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
- * THE SOFTWARE.
- */
-/*
- * QEMU ICH9 Emulation
- *
- * Copyright (c) 2009, 2010, 2011
- * Isaku Yamahata <yamahata at valinux co jp>
- * VA Linux Systems Japan K.K.
- * Copyright (C) 2012 Jason Baron <jbaron@redhat.com>
- *
- * This is based on piix_pci.c, but heavily modified.
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, see <http://www.gnu.org/licenses/>
- */
-
-#include "qemu-common.h"
-#include "hw.h"
-#include "range.h"
-#include "isa.h"
-#include "sysbus.h"
-#include "pc.h"
-#include "apm.h"
-#include "ioapic.h"
-#include "pci.h"
-#include "pcie_host.h"
-#include "pci_bridge.h"
-#include "ich9.h"
-#include "acpi.h"
-#include "acpi_ich9.h"
-#include "pam.h"
-#include "pci_internals.h"
-#include "exec-memory.h"
-
-static int ich9_lpc_sci_irq(ICH9LPCState *lpc);
-
-/*****************************************************************************/
-/* ICH9 LPC PCI to ISA bridge */
-
-static void ich9_lpc_reset(DeviceState *qdev);
-
-/* chipset configuration register
- * to access chipset configuration registers, pci_[sg]et_{byte, word, long}
- * are used.
- * Although it's not pci configuration space, it's little endian as Intel.
- */
-
-static void ich9_cc_update_ir(uint8_t irr[PCI_NUM_PINS], uint16_t ir)
-{
- int intx;
- for (intx = 0; intx < PCI_NUM_PINS; intx++) {
- irr[intx] = (ir >> (intx * ICH9_CC_DIR_SHIFT)) & ICH9_CC_DIR_MASK;
- }
-}
-
-static void ich9_cc_update(ICH9LPCState *lpc)
-{
- int slot;
- int pci_intx;
-
- const int reg_offsets[] = {
- ICH9_CC_D25IR,
- ICH9_CC_D26IR,
- ICH9_CC_D27IR,
- ICH9_CC_D28IR,
- ICH9_CC_D29IR,
- ICH9_CC_D30IR,
- ICH9_CC_D31IR,
- };
- const int *offset;
-
- /* D{25 - 31}IR, but D30IR is read only to 0. */
- for (slot = 25, offset = reg_offsets; slot < 32; slot++, offset++) {
- if (slot == 30) {
- continue;
- }
- ich9_cc_update_ir(lpc->irr[slot],
- pci_get_word(lpc->chip_config + *offset));
- }
-
- /*
- * D30: DMI2PCI bridge
- * It is arbitrarily decided how INTx lines of PCI devicesbehind the bridge
- * are connected to pirq lines. Our choice is PIRQ[E-H].
- * INT[A-D] are connected to PIRQ[E-H]
- */
- for (pci_intx = 0; pci_intx < PCI_NUM_PINS; pci_intx++) {
- lpc->irr[30][pci_intx] = pci_intx + 4;
- }
-}
-
-static void ich9_cc_init(ICH9LPCState *lpc)
-{
- int slot;
- int intx;
-
- /* the default irq routing is arbitrary as long as it matches with
- * acpi irq routing table.
- * The one that is incompatible with piix_pci(= bochs) one is
- * intentionally chosen to let the users know that the different
- * board is used.
- *
- * int[A-D] -> pirq[E-F]
- * avoid pirq A-D because they are used for pci express port
- */
- for (slot = 0; slot < PCI_SLOT_MAX; slot++) {
- for (intx = 0; intx < PCI_NUM_PINS; intx++) {
- lpc->irr[slot][intx] = (slot + intx) % 4 + 4;
- }
- }
- ich9_cc_update(lpc);
-}
-
-static void ich9_cc_reset(ICH9LPCState *lpc)
-{
- uint8_t *c = lpc->chip_config;
-
- memset(lpc->chip_config, 0, sizeof(lpc->chip_config));
-
- pci_set_long(c + ICH9_CC_D31IR, ICH9_CC_DIR_DEFAULT);
- pci_set_long(c + ICH9_CC_D30IR, ICH9_CC_D30IR_DEFAULT);
- pci_set_long(c + ICH9_CC_D29IR, ICH9_CC_DIR_DEFAULT);
- pci_set_long(c + ICH9_CC_D28IR, ICH9_CC_DIR_DEFAULT);
- pci_set_long(c + ICH9_CC_D27IR, ICH9_CC_DIR_DEFAULT);
- pci_set_long(c + ICH9_CC_D26IR, ICH9_CC_DIR_DEFAULT);
- pci_set_long(c + ICH9_CC_D25IR, ICH9_CC_DIR_DEFAULT);
-
- ich9_cc_update(lpc);
-}
-
-static void ich9_cc_addr_len(uint64_t *addr, unsigned *len)
-{
- *addr &= ICH9_CC_ADDR_MASK;
- if (*addr + *len >= ICH9_CC_SIZE) {
- *len = ICH9_CC_SIZE - *addr;
- }
-}
-
-/* val: little endian */
-static void ich9_cc_write(void *opaque, hwaddr addr,
- uint64_t val, unsigned len)
-{
- ICH9LPCState *lpc = (ICH9LPCState *)opaque;
-
- ich9_cc_addr_len(&addr, &len);
- memcpy(lpc->chip_config + addr, &val, len);
- ich9_cc_update(lpc);
-}
-
-/* return value: little endian */
-static uint64_t ich9_cc_read(void *opaque, hwaddr addr,
- unsigned len)
-{
- ICH9LPCState *lpc = (ICH9LPCState *)opaque;
-
- uint32_t val = 0;
- ich9_cc_addr_len(&addr, &len);
- memcpy(&val, lpc->chip_config + addr, len);
- return val;
-}
-
-/* IRQ routing */
-/* */
-static void ich9_lpc_rout(uint8_t pirq_rout, int *pic_irq, int *pic_dis)
-{
- *pic_irq = pirq_rout & ICH9_LPC_PIRQ_ROUT_MASK;
- *pic_dis = pirq_rout & ICH9_LPC_PIRQ_ROUT_IRQEN;
-}
-
-static void ich9_lpc_pic_irq(ICH9LPCState *lpc, int pirq_num,
- int *pic_irq, int *pic_dis)
-{
- switch (pirq_num) {
- case 0 ... 3: /* A-D */
- ich9_lpc_rout(lpc->d.config[ICH9_LPC_PIRQA_ROUT + pirq_num],
- pic_irq, pic_dis);
- return;
- case 4 ... 7: /* E-H */
- ich9_lpc_rout(lpc->d.config[ICH9_LPC_PIRQE_ROUT + (pirq_num - 4)],
- pic_irq, pic_dis);
- return;
- default:
- break;
- }
- abort();
-}
-
-/* pic_irq: i8254 irq 0-15 */
-static void ich9_lpc_update_pic(ICH9LPCState *lpc, int pic_irq)
-{
- int i, pic_level;
-
- /* The pic level is the logical OR of all the PCI irqs mapped to it */
- pic_level = 0;
- for (i = 0; i < ICH9_LPC_NB_PIRQS; i++) {
- int tmp_irq;
- int tmp_dis;
- ich9_lpc_pic_irq(lpc, i, &tmp_irq, &tmp_dis);
- if (!tmp_dis && pic_irq == tmp_irq) {
- pic_level |= pci_bus_get_irq_level(lpc->d.bus, i);
- }
- }
- if (pic_irq == ich9_lpc_sci_irq(lpc)) {
- pic_level |= lpc->sci_level;
- }
-
- qemu_set_irq(lpc->pic[pic_irq], pic_level);
-}
-
-/* pirq: pirq[A-H] 0-7*/
-static void ich9_lpc_update_by_pirq(ICH9LPCState *lpc, int pirq)
-{
- int pic_irq;
- int pic_dis;
-
- ich9_lpc_pic_irq(lpc, pirq, &pic_irq, &pic_dis);
- assert(pic_irq < ICH9_LPC_PIC_NUM_PINS);
- if (pic_dis) {
- return;
- }
-
- ich9_lpc_update_pic(lpc, pic_irq);
-}
-
-/* APIC mode: GSIx: PIRQ[A-H] -> GSI 16, ... no pirq shares same APIC pins. */
-static int ich9_pirq_to_gsi(int pirq)
-{
- return pirq + ICH9_LPC_PIC_NUM_PINS;
-}
-
-static int ich9_gsi_to_pirq(int gsi)
-{
- return gsi - ICH9_LPC_PIC_NUM_PINS;
-}
-
-static void ich9_lpc_update_apic(ICH9LPCState *lpc, int gsi)
-{
- int level = 0;
-
- if (gsi >= ICH9_LPC_PIC_NUM_PINS) {
- level |= pci_bus_get_irq_level(lpc->d.bus, ich9_gsi_to_pirq(gsi));
- }
- if (gsi == ich9_lpc_sci_irq(lpc)) {
- level |= lpc->sci_level;
- }
-
- qemu_set_irq(lpc->ioapic[gsi], level);
-}
-
-void ich9_lpc_set_irq(void *opaque, int pirq, int level)
-{
- ICH9LPCState *lpc = opaque;
-
- assert(0 <= pirq);
- assert(pirq < ICH9_LPC_NB_PIRQS);
-
- ich9_lpc_update_apic(lpc, ich9_pirq_to_gsi(pirq));
- ich9_lpc_update_by_pirq(lpc, pirq);
-}
-
-/* return the pirq number (PIRQ[A-H]:0-7) corresponding to
- * a given device irq pin.
- */
-int ich9_lpc_map_irq(PCIDevice *pci_dev, int intx)
-{
- BusState *bus = qdev_get_parent_bus(&pci_dev->qdev);
- PCIBus *pci_bus = PCI_BUS(bus);
- PCIDevice *lpc_pdev =
- pci_bus->devices[PCI_DEVFN(ICH9_LPC_DEV, ICH9_LPC_FUNC)];
- ICH9LPCState *lpc = ICH9_LPC_DEVICE(lpc_pdev);
-
- return lpc->irr[PCI_SLOT(pci_dev->devfn)][intx];
-}
-
-static int ich9_lpc_sci_irq(ICH9LPCState *lpc)
-{
- switch (lpc->d.config[ICH9_LPC_ACPI_CTRL] &
- ICH9_LPC_ACPI_CTRL_SCI_IRQ_SEL_MASK) {
- case ICH9_LPC_ACPI_CTRL_9:
- return 9;
- case ICH9_LPC_ACPI_CTRL_10:
- return 10;
- case ICH9_LPC_ACPI_CTRL_11:
- return 11;
- case ICH9_LPC_ACPI_CTRL_20:
- return 20;
- case ICH9_LPC_ACPI_CTRL_21:
- return 21;
- default:
- /* reserved */
- break;
- }
- return -1;
-}
-
-static void ich9_set_sci(void *opaque, int irq_num, int level)
-{
- ICH9LPCState *lpc = opaque;
- int irq;
-
- assert(irq_num == 0);
- level = !!level;
- if (level == lpc->sci_level) {
- return;
- }
- lpc->sci_level = level;
-
- irq = ich9_lpc_sci_irq(lpc);
- if (irq < 0) {
- return;
- }
-
- ich9_lpc_update_apic(lpc, irq);
- if (irq < ICH9_LPC_PIC_NUM_PINS) {
- ich9_lpc_update_pic(lpc, irq);
- }
-}
-
-void ich9_lpc_pm_init(PCIDevice *lpc_pci, qemu_irq cmos_s3)
-{
- ICH9LPCState *lpc = ICH9_LPC_DEVICE(lpc_pci);
- qemu_irq *sci_irq;
-
- sci_irq = qemu_allocate_irqs(ich9_set_sci, lpc, 1);
- ich9_pm_init(&lpc->pm, sci_irq[0], cmos_s3);
-
- ich9_lpc_reset(&lpc->d.qdev);
-}
-
-/* APM */
-
-static void ich9_apm_ctrl_changed(uint32_t val, void *arg)
-{
- ICH9LPCState *lpc = arg;
-
- /* ACPI specs 3.0, 4.7.2.5 */
- acpi_pm1_cnt_update(&lpc->pm.acpi_regs,
- val == ICH9_APM_ACPI_ENABLE,
- val == ICH9_APM_ACPI_DISABLE);
-
- /* SMI_EN = PMBASE + 30. SMI control and enable register */
- if (lpc->pm.smi_en & ICH9_PMIO_SMI_EN_APMC_EN) {
- cpu_interrupt(first_cpu, CPU_INTERRUPT_SMI);
- }
-}
-
-/* config:PMBASE */
-static void
-ich9_lpc_pmbase_update(ICH9LPCState *lpc)
-{
- uint32_t pm_io_base = pci_get_long(lpc->d.config + ICH9_LPC_PMBASE);
- pm_io_base &= ICH9_LPC_PMBASE_BASE_ADDRESS_MASK;
-
- ich9_pm_iospace_update(&lpc->pm, pm_io_base);
-}
-
-/* config:RBCA */
-static void ich9_lpc_rcba_update(ICH9LPCState *lpc, uint32_t rbca_old)
-{
- uint32_t rbca = pci_get_long(lpc->d.config + ICH9_LPC_RCBA);
-
- if (rbca_old & ICH9_LPC_RCBA_EN) {
- memory_region_del_subregion(get_system_memory(), &lpc->rbca_mem);
- }
- if (rbca & ICH9_LPC_RCBA_EN) {
- memory_region_add_subregion_overlap(get_system_memory(),
- rbca & ICH9_LPC_RCBA_BA_MASK,
- &lpc->rbca_mem, 1);
- }
-}
-
-static int ich9_lpc_post_load(void *opaque, int version_id)
-{
- ICH9LPCState *lpc = opaque;
-
- ich9_lpc_pmbase_update(lpc);
- ich9_lpc_rcba_update(lpc, 0 /* disabled ICH9_LPC_RBCA_EN */);
- return 0;
-}
-
-static void ich9_lpc_config_write(PCIDevice *d,
- uint32_t addr, uint32_t val, int len)
-{
- ICH9LPCState *lpc = ICH9_LPC_DEVICE(d);
- uint32_t rbca_old = pci_get_long(d->config + ICH9_LPC_RCBA);
-
- pci_default_write_config(d, addr, val, len);
- if (ranges_overlap(addr, len, ICH9_LPC_PMBASE, 4)) {
- ich9_lpc_pmbase_update(lpc);
- }
- if (ranges_overlap(addr, len, ICH9_LPC_RCBA, 4)) {
- ich9_lpc_rcba_update(lpc, rbca_old);
- }
-}
-
-static void ich9_lpc_reset(DeviceState *qdev)
-{
- PCIDevice *d = PCI_DEVICE(qdev);
- ICH9LPCState *lpc = ICH9_LPC_DEVICE(d);
- uint32_t rbca_old = pci_get_long(d->config + ICH9_LPC_RCBA);
- int i;
-
- for (i = 0; i < 4; i++) {
- pci_set_byte(d->config + ICH9_LPC_PIRQA_ROUT + i,
- ICH9_LPC_PIRQ_ROUT_DEFAULT);
- }
- for (i = 0; i < 4; i++) {
- pci_set_byte(d->config + ICH9_LPC_PIRQE_ROUT + i,
- ICH9_LPC_PIRQ_ROUT_DEFAULT);
- }
- pci_set_byte(d->config + ICH9_LPC_ACPI_CTRL, ICH9_LPC_ACPI_CTRL_DEFAULT);
-
- pci_set_long(d->config + ICH9_LPC_PMBASE, ICH9_LPC_PMBASE_DEFAULT);
- pci_set_long(d->config + ICH9_LPC_RCBA, ICH9_LPC_RCBA_DEFAULT);
-
- ich9_cc_reset(lpc);
-
- ich9_lpc_pmbase_update(lpc);
- ich9_lpc_rcba_update(lpc, rbca_old);
-
- lpc->sci_level = 0;
-}
-
-static const MemoryRegionOps rbca_mmio_ops = {
- .read = ich9_cc_read,
- .write = ich9_cc_write,
- .endianness = DEVICE_LITTLE_ENDIAN,
-};
-
-static int ich9_lpc_initfn(PCIDevice *d)
-{
- ICH9LPCState *lpc = ICH9_LPC_DEVICE(d);
- ISABus *isa_bus;
-
- isa_bus = isa_bus_new(&d->qdev, get_system_io());
-
- pci_set_long(d->wmask + ICH9_LPC_PMBASE,
- ICH9_LPC_PMBASE_BASE_ADDRESS_MASK);
-
- memory_region_init_io(&lpc->rbca_mem, &rbca_mmio_ops, lpc,
- "lpc-rbca-mmio", ICH9_CC_SIZE);
-
- lpc->isa_bus = isa_bus;
-
- ich9_cc_init(lpc);
- apm_init(&lpc->apm, ich9_apm_ctrl_changed, lpc);
- return 0;
-}
-
-static const VMStateDescription vmstate_ich9_lpc = {
- .name = "ICH9LPC",
- .version_id = 1,
- .minimum_version_id = 1,
- .minimum_version_id_old = 1,
- .post_load = ich9_lpc_post_load,
- .fields = (VMStateField[]) {
- VMSTATE_PCI_DEVICE(d, ICH9LPCState),
- VMSTATE_STRUCT(apm, ICH9LPCState, 0, vmstate_apm, APMState),
- VMSTATE_STRUCT(pm, ICH9LPCState, 0, vmstate_ich9_pm, ICH9LPCPMRegs),
- VMSTATE_UINT8_ARRAY(chip_config, ICH9LPCState, ICH9_CC_SIZE),
- VMSTATE_UINT32(sci_level, ICH9LPCState),
- VMSTATE_END_OF_LIST()
- }
-};
-
-static void ich9_lpc_class_init(ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS(klass);
- PCIDeviceClass *k = PCI_DEVICE_CLASS(klass);
-
- dc->reset = ich9_lpc_reset;
- k->init = ich9_lpc_initfn;
- dc->vmsd = &vmstate_ich9_lpc;
- dc->no_user = 1;
- k->config_write = ich9_lpc_config_write;
- dc->desc = "ICH9 LPC bridge";
- k->vendor_id = PCI_VENDOR_ID_INTEL;
- k->device_id = PCI_DEVICE_ID_INTEL_ICH9_8;
- k->revision = ICH9_A2_LPC_REVISION;
- k->class_id = PCI_CLASS_BRIDGE_ISA;
-
-}
-
-static const TypeInfo ich9_lpc_info = {
- .name = TYPE_ICH9_LPC_DEVICE,
- .parent = TYPE_PCI_DEVICE,
- .instance_size = sizeof(struct ICH9LPCState),
- .class_init = ich9_lpc_class_init,
-};
-
-static void ich9_lpc_register(void)
-{
- type_register_static(&ich9_lpc_info);
-}
-
-type_init(ich9_lpc_register);
diff --git a/hw/lsi53c895a.c b/hw/lsi53c895a.c
deleted file mode 100644
index 04f2faef4..000000000
--- a/hw/lsi53c895a.c
+++ /dev/null
@@ -1,2141 +0,0 @@
-/*
- * QEMU LSI53C895A SCSI Host Bus Adapter emulation
- *
- * Copyright (c) 2006 CodeSourcery.
- * Written by Paul Brook
- *
- * This code is licensed under the LGPL.
- */
-
-/* ??? Need to check if the {read,write}[wl] routines work properly on
- big-endian targets. */
-
-#include <assert.h>
-
-#include "hw.h"
-#include "pci.h"
-#include "scsi.h"
-#include "dma.h"
-
-//#define DEBUG_LSI
-//#define DEBUG_LSI_REG
-
-#ifdef DEBUG_LSI
-#define DPRINTF(fmt, ...) \
-do { printf("lsi_scsi: " fmt , ## __VA_ARGS__); } while (0)
-#define BADF(fmt, ...) \
-do { fprintf(stderr, "lsi_scsi: error: " fmt , ## __VA_ARGS__); exit(1);} while (0)
-#else
-#define DPRINTF(fmt, ...) do {} while(0)
-#define BADF(fmt, ...) \
-do { fprintf(stderr, "lsi_scsi: error: " fmt , ## __VA_ARGS__);} while (0)
-#endif
-
-#define LSI_MAX_DEVS 7
-
-#define LSI_SCNTL0_TRG 0x01
-#define LSI_SCNTL0_AAP 0x02
-#define LSI_SCNTL0_EPC 0x08
-#define LSI_SCNTL0_WATN 0x10
-#define LSI_SCNTL0_START 0x20
-
-#define LSI_SCNTL1_SST 0x01
-#define LSI_SCNTL1_IARB 0x02
-#define LSI_SCNTL1_AESP 0x04
-#define LSI_SCNTL1_RST 0x08
-#define LSI_SCNTL1_CON 0x10
-#define LSI_SCNTL1_DHP 0x20
-#define LSI_SCNTL1_ADB 0x40
-#define LSI_SCNTL1_EXC 0x80
-
-#define LSI_SCNTL2_WSR 0x01
-#define LSI_SCNTL2_VUE0 0x02
-#define LSI_SCNTL2_VUE1 0x04
-#define LSI_SCNTL2_WSS 0x08
-#define LSI_SCNTL2_SLPHBEN 0x10
-#define LSI_SCNTL2_SLPMD 0x20
-#define LSI_SCNTL2_CHM 0x40
-#define LSI_SCNTL2_SDU 0x80
-
-#define LSI_ISTAT0_DIP 0x01
-#define LSI_ISTAT0_SIP 0x02
-#define LSI_ISTAT0_INTF 0x04
-#define LSI_ISTAT0_CON 0x08
-#define LSI_ISTAT0_SEM 0x10
-#define LSI_ISTAT0_SIGP 0x20
-#define LSI_ISTAT0_SRST 0x40
-#define LSI_ISTAT0_ABRT 0x80
-
-#define LSI_ISTAT1_SI 0x01
-#define LSI_ISTAT1_SRUN 0x02
-#define LSI_ISTAT1_FLSH 0x04
-
-#define LSI_SSTAT0_SDP0 0x01
-#define LSI_SSTAT0_RST 0x02
-#define LSI_SSTAT0_WOA 0x04
-#define LSI_SSTAT0_LOA 0x08
-#define LSI_SSTAT0_AIP 0x10
-#define LSI_SSTAT0_OLF 0x20
-#define LSI_SSTAT0_ORF 0x40
-#define LSI_SSTAT0_ILF 0x80
-
-#define LSI_SIST0_PAR 0x01
-#define LSI_SIST0_RST 0x02
-#define LSI_SIST0_UDC 0x04
-#define LSI_SIST0_SGE 0x08
-#define LSI_SIST0_RSL 0x10
-#define LSI_SIST0_SEL 0x20
-#define LSI_SIST0_CMP 0x40
-#define LSI_SIST0_MA 0x80
-
-#define LSI_SIST1_HTH 0x01
-#define LSI_SIST1_GEN 0x02
-#define LSI_SIST1_STO 0x04
-#define LSI_SIST1_SBMC 0x10
-
-#define LSI_SOCL_IO 0x01
-#define LSI_SOCL_CD 0x02
-#define LSI_SOCL_MSG 0x04
-#define LSI_SOCL_ATN 0x08
-#define LSI_SOCL_SEL 0x10
-#define LSI_SOCL_BSY 0x20
-#define LSI_SOCL_ACK 0x40
-#define LSI_SOCL_REQ 0x80
-
-#define LSI_DSTAT_IID 0x01
-#define LSI_DSTAT_SIR 0x04
-#define LSI_DSTAT_SSI 0x08
-#define LSI_DSTAT_ABRT 0x10
-#define LSI_DSTAT_BF 0x20
-#define LSI_DSTAT_MDPE 0x40
-#define LSI_DSTAT_DFE 0x80
-
-#define LSI_DCNTL_COM 0x01
-#define LSI_DCNTL_IRQD 0x02
-#define LSI_DCNTL_STD 0x04
-#define LSI_DCNTL_IRQM 0x08
-#define LSI_DCNTL_SSM 0x10
-#define LSI_DCNTL_PFEN 0x20
-#define LSI_DCNTL_PFF 0x40
-#define LSI_DCNTL_CLSE 0x80
-
-#define LSI_DMODE_MAN 0x01
-#define LSI_DMODE_BOF 0x02
-#define LSI_DMODE_ERMP 0x04
-#define LSI_DMODE_ERL 0x08
-#define LSI_DMODE_DIOM 0x10
-#define LSI_DMODE_SIOM 0x20
-
-#define LSI_CTEST2_DACK 0x01
-#define LSI_CTEST2_DREQ 0x02
-#define LSI_CTEST2_TEOP 0x04
-#define LSI_CTEST2_PCICIE 0x08
-#define LSI_CTEST2_CM 0x10
-#define LSI_CTEST2_CIO 0x20
-#define LSI_CTEST2_SIGP 0x40
-#define LSI_CTEST2_DDIR 0x80
-
-#define LSI_CTEST5_BL2 0x04
-#define LSI_CTEST5_DDIR 0x08
-#define LSI_CTEST5_MASR 0x10
-#define LSI_CTEST5_DFSN 0x20
-#define LSI_CTEST5_BBCK 0x40
-#define LSI_CTEST5_ADCK 0x80
-
-#define LSI_CCNTL0_DILS 0x01
-#define LSI_CCNTL0_DISFC 0x10
-#define LSI_CCNTL0_ENNDJ 0x20
-#define LSI_CCNTL0_PMJCTL 0x40
-#define LSI_CCNTL0_ENPMJ 0x80
-
-#define LSI_CCNTL1_EN64DBMV 0x01
-#define LSI_CCNTL1_EN64TIBMV 0x02
-#define LSI_CCNTL1_64TIMOD 0x04
-#define LSI_CCNTL1_DDAC 0x08
-#define LSI_CCNTL1_ZMOD 0x80
-
-/* Enable Response to Reselection */
-#define LSI_SCID_RRE 0x60
-
-#define LSI_CCNTL1_40BIT (LSI_CCNTL1_EN64TIBMV|LSI_CCNTL1_64TIMOD)
-
-#define PHASE_DO 0
-#define PHASE_DI 1
-#define PHASE_CMD 2
-#define PHASE_ST 3
-#define PHASE_MO 6
-#define PHASE_MI 7
-#define PHASE_MASK 7
-
-/* Maximum length of MSG IN data. */
-#define LSI_MAX_MSGIN_LEN 8
-
-/* Flag set if this is a tagged command. */
-#define LSI_TAG_VALID (1 << 16)
-
-typedef struct lsi_request {
- SCSIRequest *req;
- uint32_t tag;
- uint32_t dma_len;
- uint8_t *dma_buf;
- uint32_t pending;
- int out;
- QTAILQ_ENTRY(lsi_request) next;
-} lsi_request;
-
-typedef struct {
- PCIDevice dev;
- MemoryRegion mmio_io;
- MemoryRegion ram_io;
- MemoryRegion io_io;
-
- int carry; /* ??? Should this be an a visible register somewhere? */
- int status;
- /* Action to take at the end of a MSG IN phase.
- 0 = COMMAND, 1 = disconnect, 2 = DATA OUT, 3 = DATA IN. */
- int msg_action;
- int msg_len;
- uint8_t msg[LSI_MAX_MSGIN_LEN];
- /* 0 if SCRIPTS are running or stopped.
- * 1 if a Wait Reselect instruction has been issued.
- * 2 if processing DMA from lsi_execute_script.
- * 3 if a DMA operation is in progress. */
- int waiting;
- SCSIBus bus;
- int current_lun;
- /* The tag is a combination of the device ID and the SCSI tag. */
- uint32_t select_tag;
- int command_complete;
- QTAILQ_HEAD(, lsi_request) queue;
- lsi_request *current;
-
- uint32_t dsa;
- uint32_t temp;
- uint32_t dnad;
- uint32_t dbc;
- uint8_t istat0;
- uint8_t istat1;
- uint8_t dcmd;
- uint8_t dstat;
- uint8_t dien;
- uint8_t sist0;
- uint8_t sist1;
- uint8_t sien0;
- uint8_t sien1;
- uint8_t mbox0;
- uint8_t mbox1;
- uint8_t dfifo;
- uint8_t ctest2;
- uint8_t ctest3;
- uint8_t ctest4;
- uint8_t ctest5;
- uint8_t ccntl0;
- uint8_t ccntl1;
- uint32_t dsp;
- uint32_t dsps;
- uint8_t dmode;
- uint8_t dcntl;
- uint8_t scntl0;
- uint8_t scntl1;
- uint8_t scntl2;
- uint8_t scntl3;
- uint8_t sstat0;
- uint8_t sstat1;
- uint8_t scid;
- uint8_t sxfer;
- uint8_t socl;
- uint8_t sdid;
- uint8_t ssid;
- uint8_t sfbr;
- uint8_t stest1;
- uint8_t stest2;
- uint8_t stest3;
- uint8_t sidl;
- uint8_t stime0;
- uint8_t respid0;
- uint8_t respid1;
- uint32_t mmrs;
- uint32_t mmws;
- uint32_t sfs;
- uint32_t drs;
- uint32_t sbms;
- uint32_t dbms;
- uint32_t dnad64;
- uint32_t pmjad1;
- uint32_t pmjad2;
- uint32_t rbc;
- uint32_t ua;
- uint32_t ia;
- uint32_t sbc;
- uint32_t csbc;
- uint32_t scratch[18]; /* SCRATCHA-SCRATCHR */
- uint8_t sbr;
-
- /* Script ram is stored as 32-bit words in host byteorder. */
- uint32_t script_ram[2048];
-} LSIState;
-
-static inline int lsi_irq_on_rsl(LSIState *s)
-{
- return (s->sien0 & LSI_SIST0_RSL) && (s->scid & LSI_SCID_RRE);
-}
-
-static void lsi_soft_reset(LSIState *s)
-{
- DPRINTF("Reset\n");
- s->carry = 0;
-
- s->msg_action = 0;
- s->msg_len = 0;
- s->waiting = 0;
- s->dsa = 0;
- s->dnad = 0;
- s->dbc = 0;
- s->temp = 0;
- memset(s->scratch, 0, sizeof(s->scratch));
- s->istat0 = 0;
- s->istat1 = 0;
- s->dcmd = 0x40;
- s->dstat = LSI_DSTAT_DFE;
- s->dien = 0;
- s->sist0 = 0;
- s->sist1 = 0;
- s->sien0 = 0;
- s->sien1 = 0;
- s->mbox0 = 0;
- s->mbox1 = 0;
- s->dfifo = 0;
- s->ctest2 = LSI_CTEST2_DACK;
- s->ctest3 = 0;
- s->ctest4 = 0;
- s->ctest5 = 0;
- s->ccntl0 = 0;
- s->ccntl1 = 0;
- s->dsp = 0;
- s->dsps = 0;
- s->dmode = 0;
- s->dcntl = 0;
- s->scntl0 = 0xc0;
- s->scntl1 = 0;
- s->scntl2 = 0;
- s->scntl3 = 0;
- s->sstat0 = 0;
- s->sstat1 = 0;
- s->scid = 7;
- s->sxfer = 0;
- s->socl = 0;
- s->sdid = 0;
- s->ssid = 0;
- s->stest1 = 0;
- s->stest2 = 0;
- s->stest3 = 0;
- s->sidl = 0;
- s->stime0 = 0;
- s->respid0 = 0x80;
- s->respid1 = 0;
- s->mmrs = 0;
- s->mmws = 0;
- s->sfs = 0;
- s->drs = 0;
- s->sbms = 0;
- s->dbms = 0;
- s->dnad64 = 0;
- s->pmjad1 = 0;
- s->pmjad2 = 0;
- s->rbc = 0;
- s->ua = 0;
- s->ia = 0;
- s->sbc = 0;
- s->csbc = 0;
- s->sbr = 0;
- assert(QTAILQ_EMPTY(&s->queue));
- assert(!s->current);
-}
-
-static int lsi_dma_40bit(LSIState *s)
-{
- if ((s->ccntl1 & LSI_CCNTL1_40BIT) == LSI_CCNTL1_40BIT)
- return 1;
- return 0;
-}
-
-static int lsi_dma_ti64bit(LSIState *s)
-{
- if ((s->ccntl1 & LSI_CCNTL1_EN64TIBMV) == LSI_CCNTL1_EN64TIBMV)
- return 1;
- return 0;
-}
-
-static int lsi_dma_64bit(LSIState *s)
-{
- if ((s->ccntl1 & LSI_CCNTL1_EN64DBMV) == LSI_CCNTL1_EN64DBMV)
- return 1;
- return 0;
-}
-
-static uint8_t lsi_reg_readb(LSIState *s, int offset);
-static void lsi_reg_writeb(LSIState *s, int offset, uint8_t val);
-static void lsi_execute_script(LSIState *s);
-static void lsi_reselect(LSIState *s, lsi_request *p);
-
-static inline uint32_t read_dword(LSIState *s, uint32_t addr)
-{
- uint32_t buf;
-
- pci_dma_read(&s->dev, addr, &buf, 4);
- return cpu_to_le32(buf);
-}
-
-static void lsi_stop_script(LSIState *s)
-{
- s->istat1 &= ~LSI_ISTAT1_SRUN;
-}
-
-static void lsi_update_irq(LSIState *s)
-{
- int level;
- static int last_level;
- lsi_request *p;
-
- /* It's unclear whether the DIP/SIP bits should be cleared when the
- Interrupt Status Registers are cleared or when istat0 is read.
- We currently do the formwer, which seems to work. */
- level = 0;
- if (s->dstat) {
- if (s->dstat & s->dien)
- level = 1;
- s->istat0 |= LSI_ISTAT0_DIP;
- } else {
- s->istat0 &= ~LSI_ISTAT0_DIP;
- }
-
- if (s->sist0 || s->sist1) {
- if ((s->sist0 & s->sien0) || (s->sist1 & s->sien1))
- level = 1;
- s->istat0 |= LSI_ISTAT0_SIP;
- } else {
- s->istat0 &= ~LSI_ISTAT0_SIP;
- }
- if (s->istat0 & LSI_ISTAT0_INTF)
- level = 1;
-
- if (level != last_level) {
- DPRINTF("Update IRQ level %d dstat %02x sist %02x%02x\n",
- level, s->dstat, s->sist1, s->sist0);
- last_level = level;
- }
- qemu_set_irq(s->dev.irq[0], level);
-
- if (!level && lsi_irq_on_rsl(s) && !(s->scntl1 & LSI_SCNTL1_CON)) {
- DPRINTF("Handled IRQs & disconnected, looking for pending "
- "processes\n");
- QTAILQ_FOREACH(p, &s->queue, next) {
- if (p->pending) {
- lsi_reselect(s, p);
- break;
- }
- }
- }
-}
-
-/* Stop SCRIPTS execution and raise a SCSI interrupt. */
-static void lsi_script_scsi_interrupt(LSIState *s, int stat0, int stat1)
-{
- uint32_t mask0;
- uint32_t mask1;
-
- DPRINTF("SCSI Interrupt 0x%02x%02x prev 0x%02x%02x\n",
- stat1, stat0, s->sist1, s->sist0);
- s->sist0 |= stat0;
- s->sist1 |= stat1;
- /* Stop processor on fatal or unmasked interrupt. As a special hack
- we don't stop processing when raising STO. Instead continue
- execution and stop at the next insn that accesses the SCSI bus. */
- mask0 = s->sien0 | ~(LSI_SIST0_CMP | LSI_SIST0_SEL | LSI_SIST0_RSL);
- mask1 = s->sien1 | ~(LSI_SIST1_GEN | LSI_SIST1_HTH);
- mask1 &= ~LSI_SIST1_STO;
- if (s->sist0 & mask0 || s->sist1 & mask1) {
- lsi_stop_script(s);
- }
- lsi_update_irq(s);
-}
-
-/* Stop SCRIPTS execution and raise a DMA interrupt. */
-static void lsi_script_dma_interrupt(LSIState *s, int stat)
-{
- DPRINTF("DMA Interrupt 0x%x prev 0x%x\n", stat, s->dstat);
- s->dstat |= stat;
- lsi_update_irq(s);
- lsi_stop_script(s);
-}
-
-static inline void lsi_set_phase(LSIState *s, int phase)
-{
- s->sstat1 = (s->sstat1 & ~PHASE_MASK) | phase;
-}
-
-static void lsi_bad_phase(LSIState *s, int out, int new_phase)
-{
- /* Trigger a phase mismatch. */
- if (s->ccntl0 & LSI_CCNTL0_ENPMJ) {
- if ((s->ccntl0 & LSI_CCNTL0_PMJCTL)) {
- s->dsp = out ? s->pmjad1 : s->pmjad2;
- } else {
- s->dsp = (s->scntl2 & LSI_SCNTL2_WSR ? s->pmjad2 : s->pmjad1);
- }
- DPRINTF("Data phase mismatch jump to %08x\n", s->dsp);
- } else {
- DPRINTF("Phase mismatch interrupt\n");
- lsi_script_scsi_interrupt(s, LSI_SIST0_MA, 0);
- lsi_stop_script(s);
- }
- lsi_set_phase(s, new_phase);
-}
-
-
-/* Resume SCRIPTS execution after a DMA operation. */
-static void lsi_resume_script(LSIState *s)
-{
- if (s->waiting != 2) {
- s->waiting = 0;
- lsi_execute_script(s);
- } else {
- s->waiting = 0;
- }
-}
-
-static void lsi_disconnect(LSIState *s)
-{
- s->scntl1 &= ~LSI_SCNTL1_CON;
- s->sstat1 &= ~PHASE_MASK;
-}
-
-static void lsi_bad_selection(LSIState *s, uint32_t id)
-{
- DPRINTF("Selected absent target %d\n", id);
- lsi_script_scsi_interrupt(s, 0, LSI_SIST1_STO);
- lsi_disconnect(s);
-}
-
-/* Initiate a SCSI layer data transfer. */
-static void lsi_do_dma(LSIState *s, int out)
-{
- uint32_t count;
- dma_addr_t addr;
- SCSIDevice *dev;
-
- assert(s->current);
- if (!s->current->dma_len) {
- /* Wait until data is available. */
- DPRINTF("DMA no data available\n");
- return;
- }
-
- dev = s->current->req->dev;
- assert(dev);
-
- count = s->dbc;
- if (count > s->current->dma_len)
- count = s->current->dma_len;
-
- addr = s->dnad;
- /* both 40 and Table Indirect 64-bit DMAs store upper bits in dnad64 */
- if (lsi_dma_40bit(s) || lsi_dma_ti64bit(s))
- addr |= ((uint64_t)s->dnad64 << 32);
- else if (s->dbms)
- addr |= ((uint64_t)s->dbms << 32);
- else if (s->sbms)
- addr |= ((uint64_t)s->sbms << 32);
-
- DPRINTF("DMA addr=0x" DMA_ADDR_FMT " len=%d\n", addr, count);
- s->csbc += count;
- s->dnad += count;
- s->dbc -= count;
- if (s->current->dma_buf == NULL) {
- s->current->dma_buf = scsi_req_get_buf(s->current->req);
- }
- /* ??? Set SFBR to first data byte. */
- if (out) {
- pci_dma_read(&s->dev, addr, s->current->dma_buf, count);
- } else {
- pci_dma_write(&s->dev, addr, s->current->dma_buf, count);
- }
- s->current->dma_len -= count;
- if (s->current->dma_len == 0) {
- s->current->dma_buf = NULL;
- scsi_req_continue(s->current->req);
- } else {
- s->current->dma_buf += count;
- lsi_resume_script(s);
- }
-}
-
-
-/* Add a command to the queue. */
-static void lsi_queue_command(LSIState *s)
-{
- lsi_request *p = s->current;
-
- DPRINTF("Queueing tag=0x%x\n", p->tag);
- assert(s->current != NULL);
- assert(s->current->dma_len == 0);
- QTAILQ_INSERT_TAIL(&s->queue, s->current, next);
- s->current = NULL;
-
- p->pending = 0;
- p->out = (s->sstat1 & PHASE_MASK) == PHASE_DO;
-}
-
-/* Queue a byte for a MSG IN phase. */
-static void lsi_add_msg_byte(LSIState *s, uint8_t data)
-{
- if (s->msg_len >= LSI_MAX_MSGIN_LEN) {
- BADF("MSG IN data too long\n");
- } else {
- DPRINTF("MSG IN 0x%02x\n", data);
- s->msg[s->msg_len++] = data;
- }
-}
-
-/* Perform reselection to continue a command. */
-static void lsi_reselect(LSIState *s, lsi_request *p)
-{
- int id;
-
- assert(s->current == NULL);
- QTAILQ_REMOVE(&s->queue, p, next);
- s->current = p;
-
- id = (p->tag >> 8) & 0xf;
- s->ssid = id | 0x80;
- /* LSI53C700 Family Compatibility, see LSI53C895A 4-73 */
- if (!(s->dcntl & LSI_DCNTL_COM)) {
- s->sfbr = 1 << (id & 0x7);
- }
- DPRINTF("Reselected target %d\n", id);
- s->scntl1 |= LSI_SCNTL1_CON;
- lsi_set_phase(s, PHASE_MI);
- s->msg_action = p->out ? 2 : 3;
- s->current->dma_len = p->pending;
- lsi_add_msg_byte(s, 0x80);
- if (s->current->tag & LSI_TAG_VALID) {
- lsi_add_msg_byte(s, 0x20);
- lsi_add_msg_byte(s, p->tag & 0xff);
- }
-
- if (lsi_irq_on_rsl(s)) {
- lsi_script_scsi_interrupt(s, LSI_SIST0_RSL, 0);
- }
-}
-
-static lsi_request *lsi_find_by_tag(LSIState *s, uint32_t tag)
-{
- lsi_request *p;
-
- QTAILQ_FOREACH(p, &s->queue, next) {
- if (p->tag == tag) {
- return p;
- }
- }
-
- return NULL;
-}
-
-static void lsi_request_free(LSIState *s, lsi_request *p)
-{
- if (p == s->current) {
- s->current = NULL;
- } else {
- QTAILQ_REMOVE(&s->queue, p, next);
- }
- g_free(p);
-}
-
-static void lsi_request_cancelled(SCSIRequest *req)
-{
- LSIState *s = DO_UPCAST(LSIState, dev.qdev, req->bus->qbus.parent);
- lsi_request *p = req->hba_private;
-
- req->hba_private = NULL;
- lsi_request_free(s, p);
- scsi_req_unref(req);
-}
-
-/* Record that data is available for a queued command. Returns zero if
- the device was reselected, nonzero if the IO is deferred. */
-static int lsi_queue_req(LSIState *s, SCSIRequest *req, uint32_t len)
-{
- lsi_request *p = req->hba_private;
-
- if (p->pending) {
- BADF("Multiple IO pending for request %p\n", p);
- }
- p->pending = len;
- /* Reselect if waiting for it, or if reselection triggers an IRQ
- and the bus is free.
- Since no interrupt stacking is implemented in the emulation, it
- is also required that there are no pending interrupts waiting
- for service from the device driver. */
- if (s->waiting == 1 ||
- (lsi_irq_on_rsl(s) && !(s->scntl1 & LSI_SCNTL1_CON) &&
- !(s->istat0 & (LSI_ISTAT0_SIP | LSI_ISTAT0_DIP)))) {
- /* Reselect device. */
- lsi_reselect(s, p);
- return 0;
- } else {
- DPRINTF("Queueing IO tag=0x%x\n", p->tag);
- p->pending = len;
- return 1;
- }
-}
-
- /* Callback to indicate that the SCSI layer has completed a command. */
-static void lsi_command_complete(SCSIRequest *req, uint32_t status, size_t resid)
-{
- LSIState *s = DO_UPCAST(LSIState, dev.qdev, req->bus->qbus.parent);
- int out;
-
- out = (s->sstat1 & PHASE_MASK) == PHASE_DO;
- DPRINTF("Command complete status=%d\n", (int)status);
- s->status = status;
- s->command_complete = 2;
- if (s->waiting && s->dbc != 0) {
- /* Raise phase mismatch for short transfers. */
- lsi_bad_phase(s, out, PHASE_ST);
- } else {
- lsi_set_phase(s, PHASE_ST);
- }
-
- if (req->hba_private == s->current) {
- req->hba_private = NULL;
- lsi_request_free(s, s->current);
- scsi_req_unref(req);
- }
- lsi_resume_script(s);
-}
-
- /* Callback to indicate that the SCSI layer has completed a transfer. */
-static void lsi_transfer_data(SCSIRequest *req, uint32_t len)
-{
- LSIState *s = DO_UPCAST(LSIState, dev.qdev, req->bus->qbus.parent);
- int out;
-
- assert(req->hba_private);
- if (s->waiting == 1 || req->hba_private != s->current ||
- (lsi_irq_on_rsl(s) && !(s->scntl1 & LSI_SCNTL1_CON))) {
- if (lsi_queue_req(s, req, len)) {
- return;
- }
- }
-
- out = (s->sstat1 & PHASE_MASK) == PHASE_DO;
-
- /* host adapter (re)connected */
- DPRINTF("Data ready tag=0x%x len=%d\n", req->tag, len);
- s->current->dma_len = len;
- s->command_complete = 1;
- if (s->waiting) {
- if (s->waiting == 1 || s->dbc == 0) {
- lsi_resume_script(s);
- } else {
- lsi_do_dma(s, out);
- }
- }
-}
-
-static void lsi_do_command(LSIState *s)
-{
- SCSIDevice *dev;
- uint8_t buf[16];
- uint32_t id;
- int n;
-
- DPRINTF("Send command len=%d\n", s->dbc);
- if (s->dbc > 16)
- s->dbc = 16;
- pci_dma_read(&s->dev, s->dnad, buf, s->dbc);
- s->sfbr = buf[0];
- s->command_complete = 0;
-
- id = (s->select_tag >> 8) & 0xf;
- dev = scsi_device_find(&s->bus, 0, id, s->current_lun);
- if (!dev) {
- lsi_bad_selection(s, id);
- return;
- }
-
- assert(s->current == NULL);
- s->current = g_malloc0(sizeof(lsi_request));
- s->current->tag = s->select_tag;
- s->current->req = scsi_req_new(dev, s->current->tag, s->current_lun, buf,
- s->current);
-
- n = scsi_req_enqueue(s->current->req);
- if (n) {
- if (n > 0) {
- lsi_set_phase(s, PHASE_DI);
- } else if (n < 0) {
- lsi_set_phase(s, PHASE_DO);
- }
- scsi_req_continue(s->current->req);
- }
- if (!s->command_complete) {
- if (n) {
- /* Command did not complete immediately so disconnect. */
- lsi_add_msg_byte(s, 2); /* SAVE DATA POINTER */
- lsi_add_msg_byte(s, 4); /* DISCONNECT */
- /* wait data */
- lsi_set_phase(s, PHASE_MI);
- s->msg_action = 1;
- lsi_queue_command(s);
- } else {
- /* wait command complete */
- lsi_set_phase(s, PHASE_DI);
- }
- }
-}
-
-static void lsi_do_status(LSIState *s)
-{
- uint8_t status;
- DPRINTF("Get status len=%d status=%d\n", s->dbc, s->status);
- if (s->dbc != 1)
- BADF("Bad Status move\n");
- s->dbc = 1;
- status = s->status;
- s->sfbr = status;
- pci_dma_write(&s->dev, s->dnad, &status, 1);
- lsi_set_phase(s, PHASE_MI);
- s->msg_action = 1;
- lsi_add_msg_byte(s, 0); /* COMMAND COMPLETE */
-}
-
-static void lsi_do_msgin(LSIState *s)
-{
- int len;
- DPRINTF("Message in len=%d/%d\n", s->dbc, s->msg_len);
- s->sfbr = s->msg[0];
- len = s->msg_len;
- if (len > s->dbc)
- len = s->dbc;
- pci_dma_write(&s->dev, s->dnad, s->msg, len);
- /* Linux drivers rely on the last byte being in the SIDL. */
- s->sidl = s->msg[len - 1];
- s->msg_len -= len;
- if (s->msg_len) {
- memmove(s->msg, s->msg + len, s->msg_len);
- } else {
- /* ??? Check if ATN (not yet implemented) is asserted and maybe
- switch to PHASE_MO. */
- switch (s->msg_action) {
- case 0:
- lsi_set_phase(s, PHASE_CMD);
- break;
- case 1:
- lsi_disconnect(s);
- break;
- case 2:
- lsi_set_phase(s, PHASE_DO);
- break;
- case 3:
- lsi_set_phase(s, PHASE_DI);
- break;
- default:
- abort();
- }
- }
-}
-
-/* Read the next byte during a MSGOUT phase. */
-static uint8_t lsi_get_msgbyte(LSIState *s)
-{
- uint8_t data;
- pci_dma_read(&s->dev, s->dnad, &data, 1);
- s->dnad++;
- s->dbc--;
- return data;
-}
-
-/* Skip the next n bytes during a MSGOUT phase. */
-static void lsi_skip_msgbytes(LSIState *s, unsigned int n)
-{
- s->dnad += n;
- s->dbc -= n;
-}
-
-static void lsi_do_msgout(LSIState *s)
-{
- uint8_t msg;
- int len;
- uint32_t current_tag;
- lsi_request *current_req, *p, *p_next;
-
- if (s->current) {
- current_tag = s->current->tag;
- current_req = s->current;
- } else {
- current_tag = s->select_tag;
- current_req = lsi_find_by_tag(s, current_tag);
- }
-
- DPRINTF("MSG out len=%d\n", s->dbc);
- while (s->dbc) {
- msg = lsi_get_msgbyte(s);
- s->sfbr = msg;
-
- switch (msg) {
- case 0x04:
- DPRINTF("MSG: Disconnect\n");
- lsi_disconnect(s);
- break;
- case 0x08:
- DPRINTF("MSG: No Operation\n");
- lsi_set_phase(s, PHASE_CMD);
- break;
- case 0x01:
- len = lsi_get_msgbyte(s);
- msg = lsi_get_msgbyte(s);
- (void)len; /* avoid a warning about unused variable*/
- DPRINTF("Extended message 0x%x (len %d)\n", msg, len);
- switch (msg) {
- case 1:
- DPRINTF("SDTR (ignored)\n");
- lsi_skip_msgbytes(s, 2);
- break;
- case 3:
- DPRINTF("WDTR (ignored)\n");
- lsi_skip_msgbytes(s, 1);
- break;
- default:
- goto bad;
- }
- break;
- case 0x20: /* SIMPLE queue */
- s->select_tag |= lsi_get_msgbyte(s) | LSI_TAG_VALID;
- DPRINTF("SIMPLE queue tag=0x%x\n", s->select_tag & 0xff);
- break;
- case 0x21: /* HEAD of queue */
- BADF("HEAD queue not implemented\n");
- s->select_tag |= lsi_get_msgbyte(s) | LSI_TAG_VALID;
- break;
- case 0x22: /* ORDERED queue */
- BADF("ORDERED queue not implemented\n");
- s->select_tag |= lsi_get_msgbyte(s) | LSI_TAG_VALID;
- break;
- case 0x0d:
- /* The ABORT TAG message clears the current I/O process only. */
- DPRINTF("MSG: ABORT TAG tag=0x%x\n", current_tag);
- if (current_req) {
- scsi_req_cancel(current_req->req);
- }
- lsi_disconnect(s);
- break;
- case 0x06:
- case 0x0e:
- case 0x0c:
- /* The ABORT message clears all I/O processes for the selecting
- initiator on the specified logical unit of the target. */
- if (msg == 0x06) {
- DPRINTF("MSG: ABORT tag=0x%x\n", current_tag);
- }
- /* The CLEAR QUEUE message clears all I/O processes for all
- initiators on the specified logical unit of the target. */
- if (msg == 0x0e) {
- DPRINTF("MSG: CLEAR QUEUE tag=0x%x\n", current_tag);
- }
- /* The BUS DEVICE RESET message clears all I/O processes for all
- initiators on all logical units of the target. */
- if (msg == 0x0c) {
- DPRINTF("MSG: BUS DEVICE RESET tag=0x%x\n", current_tag);
- }
-
- /* clear the current I/O process */
- if (s->current) {
- scsi_req_cancel(s->current->req);
- }
-
- /* As the current implemented devices scsi_disk and scsi_generic
- only support one LUN, we don't need to keep track of LUNs.
- Clearing I/O processes for other initiators could be possible
- for scsi_generic by sending a SG_SCSI_RESET to the /dev/sgX
- device, but this is currently not implemented (and seems not
- to be really necessary). So let's simply clear all queued
- commands for the current device: */
- QTAILQ_FOREACH_SAFE(p, &s->queue, next, p_next) {
- if ((p->tag & 0x0000ff00) == (current_tag & 0x0000ff00)) {
- scsi_req_cancel(p->req);
- }
- }
-
- lsi_disconnect(s);
- break;
- default:
- if ((msg & 0x80) == 0) {
- goto bad;
- }
- s->current_lun = msg & 7;
- DPRINTF("Select LUN %d\n", s->current_lun);
- lsi_set_phase(s, PHASE_CMD);
- break;
- }
- }
- return;
-bad:
- BADF("Unimplemented message 0x%02x\n", msg);
- lsi_set_phase(s, PHASE_MI);
- lsi_add_msg_byte(s, 7); /* MESSAGE REJECT */
- s->msg_action = 0;
-}
-
-/* Sign extend a 24-bit value. */
-static inline int32_t sxt24(int32_t n)
-{
- return (n << 8) >> 8;
-}
-
-#define LSI_BUF_SIZE 4096
-static void lsi_memcpy(LSIState *s, uint32_t dest, uint32_t src, int count)
-{
- int n;
- uint8_t buf[LSI_BUF_SIZE];
-
- DPRINTF("memcpy dest 0x%08x src 0x%08x count %d\n", dest, src, count);
- while (count) {
- n = (count > LSI_BUF_SIZE) ? LSI_BUF_SIZE : count;
- pci_dma_read(&s->dev, src, buf, n);
- pci_dma_write(&s->dev, dest, buf, n);
- src += n;
- dest += n;
- count -= n;
- }
-}
-
-static void lsi_wait_reselect(LSIState *s)
-{
- lsi_request *p;
-
- DPRINTF("Wait Reselect\n");
-
- QTAILQ_FOREACH(p, &s->queue, next) {
- if (p->pending) {
- lsi_reselect(s, p);
- break;
- }
- }
- if (s->current == NULL) {
- s->waiting = 1;
- }
-}
-
-static void lsi_execute_script(LSIState *s)
-{
- uint32_t insn;
- uint32_t addr, addr_high;
- int opcode;
- int insn_processed = 0;
-
- s->istat1 |= LSI_ISTAT1_SRUN;
-again:
- insn_processed++;
- insn = read_dword(s, s->dsp);
- if (!insn) {
- /* If we receive an empty opcode increment the DSP by 4 bytes
- instead of 8 and execute the next opcode at that location */
- s->dsp += 4;
- goto again;
- }
- addr = read_dword(s, s->dsp + 4);
- addr_high = 0;
- DPRINTF("SCRIPTS dsp=%08x opcode %08x arg %08x\n", s->dsp, insn, addr);
- s->dsps = addr;
- s->dcmd = insn >> 24;
- s->dsp += 8;
- switch (insn >> 30) {
- case 0: /* Block move. */
- if (s->sist1 & LSI_SIST1_STO) {
- DPRINTF("Delayed select timeout\n");
- lsi_stop_script(s);
- break;
- }
- s->dbc = insn & 0xffffff;
- s->rbc = s->dbc;
- /* ??? Set ESA. */
- s->ia = s->dsp - 8;
- if (insn & (1 << 29)) {
- /* Indirect addressing. */
- addr = read_dword(s, addr);
- } else if (insn & (1 << 28)) {
- uint32_t buf[2];
- int32_t offset;
- /* Table indirect addressing. */
-
- /* 32-bit Table indirect */
- offset = sxt24(addr);
- pci_dma_read(&s->dev, s->dsa + offset, buf, 8);
- /* byte count is stored in bits 0:23 only */
- s->dbc = cpu_to_le32(buf[0]) & 0xffffff;
- s->rbc = s->dbc;
- addr = cpu_to_le32(buf[1]);
-
- /* 40-bit DMA, upper addr bits [39:32] stored in first DWORD of
- * table, bits [31:24] */
- if (lsi_dma_40bit(s))
- addr_high = cpu_to_le32(buf[0]) >> 24;
- else if (lsi_dma_ti64bit(s)) {
- int selector = (cpu_to_le32(buf[0]) >> 24) & 0x1f;
- switch (selector) {
- case 0 ... 0x0f:
- /* offset index into scratch registers since
- * TI64 mode can use registers C to R */
- addr_high = s->scratch[2 + selector];
- break;
- case 0x10:
- addr_high = s->mmrs;
- break;
- case 0x11:
- addr_high = s->mmws;
- break;
- case 0x12:
- addr_high = s->sfs;
- break;
- case 0x13:
- addr_high = s->drs;
- break;
- case 0x14:
- addr_high = s->sbms;
- break;
- case 0x15:
- addr_high = s->dbms;
- break;
- default:
- BADF("Illegal selector specified (0x%x > 0x15)"
- " for 64-bit DMA block move", selector);
- break;
- }
- }
- } else if (lsi_dma_64bit(s)) {
- /* fetch a 3rd dword if 64-bit direct move is enabled and
- only if we're not doing table indirect or indirect addressing */
- s->dbms = read_dword(s, s->dsp);
- s->dsp += 4;
- s->ia = s->dsp - 12;
- }
- if ((s->sstat1 & PHASE_MASK) != ((insn >> 24) & 7)) {
- DPRINTF("Wrong phase got %d expected %d\n",
- s->sstat1 & PHASE_MASK, (insn >> 24) & 7);
- lsi_script_scsi_interrupt(s, LSI_SIST0_MA, 0);
- break;
- }
- s->dnad = addr;
- s->dnad64 = addr_high;
- switch (s->sstat1 & 0x7) {
- case PHASE_DO:
- s->waiting = 2;
- lsi_do_dma(s, 1);
- if (s->waiting)
- s->waiting = 3;
- break;
- case PHASE_DI:
- s->waiting = 2;
- lsi_do_dma(s, 0);
- if (s->waiting)
- s->waiting = 3;
- break;
- case PHASE_CMD:
- lsi_do_command(s);
- break;
- case PHASE_ST:
- lsi_do_status(s);
- break;
- case PHASE_MO:
- lsi_do_msgout(s);
- break;
- case PHASE_MI:
- lsi_do_msgin(s);
- break;
- default:
- BADF("Unimplemented phase %d\n", s->sstat1 & PHASE_MASK);
- exit(1);
- }
- s->dfifo = s->dbc & 0xff;
- s->ctest5 = (s->ctest5 & 0xfc) | ((s->dbc >> 8) & 3);
- s->sbc = s->dbc;
- s->rbc -= s->dbc;
- s->ua = addr + s->dbc;
- break;
-
- case 1: /* IO or Read/Write instruction. */
- opcode = (insn >> 27) & 7;
- if (opcode < 5) {
- uint32_t id;
-
- if (insn & (1 << 25)) {
- id = read_dword(s, s->dsa + sxt24(insn));
- } else {
- id = insn;
- }
- id = (id >> 16) & 0xf;
- if (insn & (1 << 26)) {
- addr = s->dsp + sxt24(addr);
- }
- s->dnad = addr;
- switch (opcode) {
- case 0: /* Select */
- s->sdid = id;
- if (s->scntl1 & LSI_SCNTL1_CON) {
- DPRINTF("Already reselected, jumping to alternative address\n");
- s->dsp = s->dnad;
- break;
- }
- s->sstat0 |= LSI_SSTAT0_WOA;
- s->scntl1 &= ~LSI_SCNTL1_IARB;
- if (!scsi_device_find(&s->bus, 0, id, 0)) {
- lsi_bad_selection(s, id);
- break;
- }
- DPRINTF("Selected target %d%s\n",
- id, insn & (1 << 3) ? " ATN" : "");
- /* ??? Linux drivers compain when this is set. Maybe
- it only applies in low-level mode (unimplemented).
- lsi_script_scsi_interrupt(s, LSI_SIST0_CMP, 0); */
- s->select_tag = id << 8;
- s->scntl1 |= LSI_SCNTL1_CON;
- if (insn & (1 << 3)) {
- s->socl |= LSI_SOCL_ATN;
- }
- lsi_set_phase(s, PHASE_MO);
- break;
- case 1: /* Disconnect */
- DPRINTF("Wait Disconnect\n");
- s->scntl1 &= ~LSI_SCNTL1_CON;
- break;
- case 2: /* Wait Reselect */
- if (!lsi_irq_on_rsl(s)) {
- lsi_wait_reselect(s);
- }
- break;
- case 3: /* Set */
- DPRINTF("Set%s%s%s%s\n",
- insn & (1 << 3) ? " ATN" : "",
- insn & (1 << 6) ? " ACK" : "",
- insn & (1 << 9) ? " TM" : "",
- insn & (1 << 10) ? " CC" : "");
- if (insn & (1 << 3)) {
- s->socl |= LSI_SOCL_ATN;
- lsi_set_phase(s, PHASE_MO);
- }
- if (insn & (1 << 9)) {
- BADF("Target mode not implemented\n");
- exit(1);
- }
- if (insn & (1 << 10))
- s->carry = 1;
- break;
- case 4: /* Clear */
- DPRINTF("Clear%s%s%s%s\n",
- insn & (1 << 3) ? " ATN" : "",
- insn & (1 << 6) ? " ACK" : "",
- insn & (1 << 9) ? " TM" : "",
- insn & (1 << 10) ? " CC" : "");
- if (insn & (1 << 3)) {
- s->socl &= ~LSI_SOCL_ATN;
- }
- if (insn & (1 << 10))
- s->carry = 0;
- break;
- }
- } else {
- uint8_t op0;
- uint8_t op1;
- uint8_t data8;
- int reg;
- int operator;
-#ifdef DEBUG_LSI
- static const char *opcode_names[3] =
- {"Write", "Read", "Read-Modify-Write"};
- static const char *operator_names[8] =
- {"MOV", "SHL", "OR", "XOR", "AND", "SHR", "ADD", "ADC"};
-#endif
-
- reg = ((insn >> 16) & 0x7f) | (insn & 0x80);
- data8 = (insn >> 8) & 0xff;
- opcode = (insn >> 27) & 7;
- operator = (insn >> 24) & 7;
- DPRINTF("%s reg 0x%x %s data8=0x%02x sfbr=0x%02x%s\n",
- opcode_names[opcode - 5], reg,
- operator_names[operator], data8, s->sfbr,
- (insn & (1 << 23)) ? " SFBR" : "");
- op0 = op1 = 0;
- switch (opcode) {
- case 5: /* From SFBR */
- op0 = s->sfbr;
- op1 = data8;
- break;
- case 6: /* To SFBR */
- if (operator)
- op0 = lsi_reg_readb(s, reg);
- op1 = data8;
- break;
- case 7: /* Read-modify-write */
- if (operator)
- op0 = lsi_reg_readb(s, reg);
- if (insn & (1 << 23)) {
- op1 = s->sfbr;
- } else {
- op1 = data8;
- }
- break;
- }
-
- switch (operator) {
- case 0: /* move */
- op0 = op1;
- break;
- case 1: /* Shift left */
- op1 = op0 >> 7;
- op0 = (op0 << 1) | s->carry;
- s->carry = op1;
- break;
- case 2: /* OR */
- op0 |= op1;
- break;
- case 3: /* XOR */
- op0 ^= op1;
- break;
- case 4: /* AND */
- op0 &= op1;
- break;
- case 5: /* SHR */
- op1 = op0 & 1;
- op0 = (op0 >> 1) | (s->carry << 7);
- s->carry = op1;
- break;
- case 6: /* ADD */
- op0 += op1;
- s->carry = op0 < op1;
- break;
- case 7: /* ADC */
- op0 += op1 + s->carry;
- if (s->carry)
- s->carry = op0 <= op1;
- else
- s->carry = op0 < op1;
- break;
- }
-
- switch (opcode) {
- case 5: /* From SFBR */
- case 7: /* Read-modify-write */
- lsi_reg_writeb(s, reg, op0);
- break;
- case 6: /* To SFBR */
- s->sfbr = op0;
- break;
- }
- }
- break;
-
- case 2: /* Transfer Control. */
- {
- int cond;
- int jmp;
-
- if ((insn & 0x002e0000) == 0) {
- DPRINTF("NOP\n");
- break;
- }
- if (s->sist1 & LSI_SIST1_STO) {
- DPRINTF("Delayed select timeout\n");
- lsi_stop_script(s);
- break;
- }
- cond = jmp = (insn & (1 << 19)) != 0;
- if (cond == jmp && (insn & (1 << 21))) {
- DPRINTF("Compare carry %d\n", s->carry == jmp);
- cond = s->carry != 0;
- }
- if (cond == jmp && (insn & (1 << 17))) {
- DPRINTF("Compare phase %d %c= %d\n",
- (s->sstat1 & PHASE_MASK),
- jmp ? '=' : '!',
- ((insn >> 24) & 7));
- cond = (s->sstat1 & PHASE_MASK) == ((insn >> 24) & 7);
- }
- if (cond == jmp && (insn & (1 << 18))) {
- uint8_t mask;
-
- mask = (~insn >> 8) & 0xff;
- DPRINTF("Compare data 0x%x & 0x%x %c= 0x%x\n",
- s->sfbr, mask, jmp ? '=' : '!', insn & mask);
- cond = (s->sfbr & mask) == (insn & mask);
- }
- if (cond == jmp) {
- if (insn & (1 << 23)) {
- /* Relative address. */
- addr = s->dsp + sxt24(addr);
- }
- switch ((insn >> 27) & 7) {
- case 0: /* Jump */
- DPRINTF("Jump to 0x%08x\n", addr);
- s->dsp = addr;
- break;
- case 1: /* Call */
- DPRINTF("Call 0x%08x\n", addr);
- s->temp = s->dsp;
- s->dsp = addr;
- break;
- case 2: /* Return */
- DPRINTF("Return to 0x%08x\n", s->temp);
- s->dsp = s->temp;
- break;
- case 3: /* Interrupt */
- DPRINTF("Interrupt 0x%08x\n", s->dsps);
- if ((insn & (1 << 20)) != 0) {
- s->istat0 |= LSI_ISTAT0_INTF;
- lsi_update_irq(s);
- } else {
- lsi_script_dma_interrupt(s, LSI_DSTAT_SIR);
- }
- break;
- default:
- DPRINTF("Illegal transfer control\n");
- lsi_script_dma_interrupt(s, LSI_DSTAT_IID);
- break;
- }
- } else {
- DPRINTF("Control condition failed\n");
- }
- }
- break;
-
- case 3:
- if ((insn & (1 << 29)) == 0) {
- /* Memory move. */
- uint32_t dest;
- /* ??? The docs imply the destination address is loaded into
- the TEMP register. However the Linux drivers rely on
- the value being presrved. */
- dest = read_dword(s, s->dsp);
- s->dsp += 4;
- lsi_memcpy(s, dest, addr, insn & 0xffffff);
- } else {
- uint8_t data[7];
- int reg;
- int n;
- int i;
-
- if (insn & (1 << 28)) {
- addr = s->dsa + sxt24(addr);
- }
- n = (insn & 7);
- reg = (insn >> 16) & 0xff;
- if (insn & (1 << 24)) {
- pci_dma_read(&s->dev, addr, data, n);
- DPRINTF("Load reg 0x%x size %d addr 0x%08x = %08x\n", reg, n,
- addr, *(int *)data);
- for (i = 0; i < n; i++) {
- lsi_reg_writeb(s, reg + i, data[i]);
- }
- } else {
- DPRINTF("Store reg 0x%x size %d addr 0x%08x\n", reg, n, addr);
- for (i = 0; i < n; i++) {
- data[i] = lsi_reg_readb(s, reg + i);
- }
- pci_dma_write(&s->dev, addr, data, n);
- }
- }
- }
- if (insn_processed > 10000 && !s->waiting) {
- /* Some windows drivers make the device spin waiting for a memory
- location to change. If we have been executed a lot of code then
- assume this is the case and force an unexpected device disconnect.
- This is apparently sufficient to beat the drivers into submission.
- */
- if (!(s->sien0 & LSI_SIST0_UDC))
- fprintf(stderr, "inf. loop with UDC masked\n");
- lsi_script_scsi_interrupt(s, LSI_SIST0_UDC, 0);
- lsi_disconnect(s);
- } else if (s->istat1 & LSI_ISTAT1_SRUN && !s->waiting) {
- if (s->dcntl & LSI_DCNTL_SSM) {
- lsi_script_dma_interrupt(s, LSI_DSTAT_SSI);
- } else {
- goto again;
- }
- }
- DPRINTF("SCRIPTS execution stopped\n");
-}
-
-static uint8_t lsi_reg_readb(LSIState *s, int offset)
-{
- uint8_t tmp;
-#define CASE_GET_REG24(name, addr) \
- case addr: return s->name & 0xff; \
- case addr + 1: return (s->name >> 8) & 0xff; \
- case addr + 2: return (s->name >> 16) & 0xff;
-
-#define CASE_GET_REG32(name, addr) \
- case addr: return s->name & 0xff; \
- case addr + 1: return (s->name >> 8) & 0xff; \
- case addr + 2: return (s->name >> 16) & 0xff; \
- case addr + 3: return (s->name >> 24) & 0xff;
-
-#ifdef DEBUG_LSI_REG
- DPRINTF("Read reg %x\n", offset);
-#endif
- switch (offset) {
- case 0x00: /* SCNTL0 */
- return s->scntl0;
- case 0x01: /* SCNTL1 */
- return s->scntl1;
- case 0x02: /* SCNTL2 */
- return s->scntl2;
- case 0x03: /* SCNTL3 */
- return s->scntl3;
- case 0x04: /* SCID */
- return s->scid;
- case 0x05: /* SXFER */
- return s->sxfer;
- case 0x06: /* SDID */
- return s->sdid;
- case 0x07: /* GPREG0 */
- return 0x7f;
- case 0x08: /* Revision ID */
- return 0x00;
- case 0xa: /* SSID */
- return s->ssid;
- case 0xb: /* SBCL */
- /* ??? This is not correct. However it's (hopefully) only
- used for diagnostics, so should be ok. */
- return 0;
- case 0xc: /* DSTAT */
- tmp = s->dstat | 0x80;
- if ((s->istat0 & LSI_ISTAT0_INTF) == 0)
- s->dstat = 0;
- lsi_update_irq(s);
- return tmp;
- case 0x0d: /* SSTAT0 */
- return s->sstat0;
- case 0x0e: /* SSTAT1 */
- return s->sstat1;
- case 0x0f: /* SSTAT2 */
- return s->scntl1 & LSI_SCNTL1_CON ? 0 : 2;
- CASE_GET_REG32(dsa, 0x10)
- case 0x14: /* ISTAT0 */
- return s->istat0;
- case 0x15: /* ISTAT1 */
- return s->istat1;
- case 0x16: /* MBOX0 */
- return s->mbox0;
- case 0x17: /* MBOX1 */
- return s->mbox1;
- case 0x18: /* CTEST0 */
- return 0xff;
- case 0x19: /* CTEST1 */
- return 0;
- case 0x1a: /* CTEST2 */
- tmp = s->ctest2 | LSI_CTEST2_DACK | LSI_CTEST2_CM;
- if (s->istat0 & LSI_ISTAT0_SIGP) {
- s->istat0 &= ~LSI_ISTAT0_SIGP;
- tmp |= LSI_CTEST2_SIGP;
- }
- return tmp;
- case 0x1b: /* CTEST3 */
- return s->ctest3;
- CASE_GET_REG32(temp, 0x1c)
- case 0x20: /* DFIFO */
- return 0;
- case 0x21: /* CTEST4 */
- return s->ctest4;
- case 0x22: /* CTEST5 */
- return s->ctest5;
- case 0x23: /* CTEST6 */
- return 0;
- CASE_GET_REG24(dbc, 0x24)
- case 0x27: /* DCMD */
- return s->dcmd;
- CASE_GET_REG32(dnad, 0x28)
- CASE_GET_REG32(dsp, 0x2c)
- CASE_GET_REG32(dsps, 0x30)
- CASE_GET_REG32(scratch[0], 0x34)
- case 0x38: /* DMODE */
- return s->dmode;
- case 0x39: /* DIEN */
- return s->dien;
- case 0x3a: /* SBR */
- return s->sbr;
- case 0x3b: /* DCNTL */
- return s->dcntl;
- case 0x40: /* SIEN0 */
- return s->sien0;
- case 0x41: /* SIEN1 */
- return s->sien1;
- case 0x42: /* SIST0 */
- tmp = s->sist0;
- s->sist0 = 0;
- lsi_update_irq(s);
- return tmp;
- case 0x43: /* SIST1 */
- tmp = s->sist1;
- s->sist1 = 0;
- lsi_update_irq(s);
- return tmp;
- case 0x46: /* MACNTL */
- return 0x0f;
- case 0x47: /* GPCNTL0 */
- return 0x0f;
- case 0x48: /* STIME0 */
- return s->stime0;
- case 0x4a: /* RESPID0 */
- return s->respid0;
- case 0x4b: /* RESPID1 */
- return s->respid1;
- case 0x4d: /* STEST1 */
- return s->stest1;
- case 0x4e: /* STEST2 */
- return s->stest2;
- case 0x4f: /* STEST3 */
- return s->stest3;
- case 0x50: /* SIDL */
- /* This is needed by the linux drivers. We currently only update it
- during the MSG IN phase. */
- return s->sidl;
- case 0x52: /* STEST4 */
- return 0xe0;
- case 0x56: /* CCNTL0 */
- return s->ccntl0;
- case 0x57: /* CCNTL1 */
- return s->ccntl1;
- case 0x58: /* SBDL */
- /* Some drivers peek at the data bus during the MSG IN phase. */
- if ((s->sstat1 & PHASE_MASK) == PHASE_MI)
- return s->msg[0];
- return 0;
- case 0x59: /* SBDL high */
- return 0;
- CASE_GET_REG32(mmrs, 0xa0)
- CASE_GET_REG32(mmws, 0xa4)
- CASE_GET_REG32(sfs, 0xa8)
- CASE_GET_REG32(drs, 0xac)
- CASE_GET_REG32(sbms, 0xb0)
- CASE_GET_REG32(dbms, 0xb4)
- CASE_GET_REG32(dnad64, 0xb8)
- CASE_GET_REG32(pmjad1, 0xc0)
- CASE_GET_REG32(pmjad2, 0xc4)
- CASE_GET_REG32(rbc, 0xc8)
- CASE_GET_REG32(ua, 0xcc)
- CASE_GET_REG32(ia, 0xd4)
- CASE_GET_REG32(sbc, 0xd8)
- CASE_GET_REG32(csbc, 0xdc)
- }
- if (offset >= 0x5c && offset < 0xa0) {
- int n;
- int shift;
- n = (offset - 0x58) >> 2;
- shift = (offset & 3) * 8;
- return (s->scratch[n] >> shift) & 0xff;
- }
- BADF("readb 0x%x\n", offset);
- exit(1);
-#undef CASE_GET_REG24
-#undef CASE_GET_REG32
-}
-
-static void lsi_reg_writeb(LSIState *s, int offset, uint8_t val)
-{
-#define CASE_SET_REG24(name, addr) \
- case addr : s->name &= 0xffffff00; s->name |= val; break; \
- case addr + 1: s->name &= 0xffff00ff; s->name |= val << 8; break; \
- case addr + 2: s->name &= 0xff00ffff; s->name |= val << 16; break;
-
-#define CASE_SET_REG32(name, addr) \
- case addr : s->name &= 0xffffff00; s->name |= val; break; \
- case addr + 1: s->name &= 0xffff00ff; s->name |= val << 8; break; \
- case addr + 2: s->name &= 0xff00ffff; s->name |= val << 16; break; \
- case addr + 3: s->name &= 0x00ffffff; s->name |= val << 24; break;
-
-#ifdef DEBUG_LSI_REG
- DPRINTF("Write reg %x = %02x\n", offset, val);
-#endif
- switch (offset) {
- case 0x00: /* SCNTL0 */
- s->scntl0 = val;
- if (val & LSI_SCNTL0_START) {
- BADF("Start sequence not implemented\n");
- }
- break;
- case 0x01: /* SCNTL1 */
- s->scntl1 = val & ~LSI_SCNTL1_SST;
- if (val & LSI_SCNTL1_IARB) {
- BADF("Immediate Arbritration not implemented\n");
- }
- if (val & LSI_SCNTL1_RST) {
- if (!(s->sstat0 & LSI_SSTAT0_RST)) {
- BusChild *kid;
-
- QTAILQ_FOREACH(kid, &s->bus.qbus.children, sibling) {
- DeviceState *dev = kid->child;
- device_reset(dev);
- }
- s->sstat0 |= LSI_SSTAT0_RST;
- lsi_script_scsi_interrupt(s, LSI_SIST0_RST, 0);
- }
- } else {
- s->sstat0 &= ~LSI_SSTAT0_RST;
- }
- break;
- case 0x02: /* SCNTL2 */
- val &= ~(LSI_SCNTL2_WSR | LSI_SCNTL2_WSS);
- s->scntl2 = val;
- break;
- case 0x03: /* SCNTL3 */
- s->scntl3 = val;
- break;
- case 0x04: /* SCID */
- s->scid = val;
- break;
- case 0x05: /* SXFER */
- s->sxfer = val;
- break;
- case 0x06: /* SDID */
- if ((val & 0xf) != (s->ssid & 0xf))
- BADF("Destination ID does not match SSID\n");
- s->sdid = val & 0xf;
- break;
- case 0x07: /* GPREG0 */
- break;
- case 0x08: /* SFBR */
- /* The CPU is not allowed to write to this register. However the
- SCRIPTS register move instructions are. */
- s->sfbr = val;
- break;
- case 0x0a: case 0x0b:
- /* Openserver writes to these readonly registers on startup */
- return;
- case 0x0c: case 0x0d: case 0x0e: case 0x0f:
- /* Linux writes to these readonly registers on startup. */
- return;
- CASE_SET_REG32(dsa, 0x10)
- case 0x14: /* ISTAT0 */
- s->istat0 = (s->istat0 & 0x0f) | (val & 0xf0);
- if (val & LSI_ISTAT0_ABRT) {
- lsi_script_dma_interrupt(s, LSI_DSTAT_ABRT);
- }
- if (val & LSI_ISTAT0_INTF) {
- s->istat0 &= ~LSI_ISTAT0_INTF;
- lsi_update_irq(s);
- }
- if (s->waiting == 1 && val & LSI_ISTAT0_SIGP) {
- DPRINTF("Woken by SIGP\n");
- s->waiting = 0;
- s->dsp = s->dnad;
- lsi_execute_script(s);
- }
- if (val & LSI_ISTAT0_SRST) {
- qdev_reset_all(&s->dev.qdev);
- }
- break;
- case 0x16: /* MBOX0 */
- s->mbox0 = val;
- break;
- case 0x17: /* MBOX1 */
- s->mbox1 = val;
- break;
- case 0x1a: /* CTEST2 */
- s->ctest2 = val & LSI_CTEST2_PCICIE;
- break;
- case 0x1b: /* CTEST3 */
- s->ctest3 = val & 0x0f;
- break;
- CASE_SET_REG32(temp, 0x1c)
- case 0x21: /* CTEST4 */
- if (val & 7) {
- BADF("Unimplemented CTEST4-FBL 0x%x\n", val);
- }
- s->ctest4 = val;
- break;
- case 0x22: /* CTEST5 */
- if (val & (LSI_CTEST5_ADCK | LSI_CTEST5_BBCK)) {
- BADF("CTEST5 DMA increment not implemented\n");
- }
- s->ctest5 = val;
- break;
- CASE_SET_REG24(dbc, 0x24)
- CASE_SET_REG32(dnad, 0x28)
- case 0x2c: /* DSP[0:7] */
- s->dsp &= 0xffffff00;
- s->dsp |= val;
- break;
- case 0x2d: /* DSP[8:15] */
- s->dsp &= 0xffff00ff;
- s->dsp |= val << 8;
- break;
- case 0x2e: /* DSP[16:23] */
- s->dsp &= 0xff00ffff;
- s->dsp |= val << 16;
- break;
- case 0x2f: /* DSP[24:31] */
- s->dsp &= 0x00ffffff;
- s->dsp |= val << 24;
- if ((s->dmode & LSI_DMODE_MAN) == 0
- && (s->istat1 & LSI_ISTAT1_SRUN) == 0)
- lsi_execute_script(s);
- break;
- CASE_SET_REG32(dsps, 0x30)
- CASE_SET_REG32(scratch[0], 0x34)
- case 0x38: /* DMODE */
- if (val & (LSI_DMODE_SIOM | LSI_DMODE_DIOM)) {
- BADF("IO mappings not implemented\n");
- }
- s->dmode = val;
- break;
- case 0x39: /* DIEN */
- s->dien = val;
- lsi_update_irq(s);
- break;
- case 0x3a: /* SBR */
- s->sbr = val;
- break;
- case 0x3b: /* DCNTL */
- s->dcntl = val & ~(LSI_DCNTL_PFF | LSI_DCNTL_STD);
- if ((val & LSI_DCNTL_STD) && (s->istat1 & LSI_ISTAT1_SRUN) == 0)
- lsi_execute_script(s);
- break;
- case 0x40: /* SIEN0 */
- s->sien0 = val;
- lsi_update_irq(s);
- break;
- case 0x41: /* SIEN1 */
- s->sien1 = val;
- lsi_update_irq(s);
- break;
- case 0x47: /* GPCNTL0 */
- break;
- case 0x48: /* STIME0 */
- s->stime0 = val;
- break;
- case 0x49: /* STIME1 */
- if (val & 0xf) {
- DPRINTF("General purpose timer not implemented\n");
- /* ??? Raising the interrupt immediately seems to be sufficient
- to keep the FreeBSD driver happy. */
- lsi_script_scsi_interrupt(s, 0, LSI_SIST1_GEN);
- }
- break;
- case 0x4a: /* RESPID0 */
- s->respid0 = val;
- break;
- case 0x4b: /* RESPID1 */
- s->respid1 = val;
- break;
- case 0x4d: /* STEST1 */
- s->stest1 = val;
- break;
- case 0x4e: /* STEST2 */
- if (val & 1) {
- BADF("Low level mode not implemented\n");
- }
- s->stest2 = val;
- break;
- case 0x4f: /* STEST3 */
- if (val & 0x41) {
- BADF("SCSI FIFO test mode not implemented\n");
- }
- s->stest3 = val;
- break;
- case 0x56: /* CCNTL0 */
- s->ccntl0 = val;
- break;
- case 0x57: /* CCNTL1 */
- s->ccntl1 = val;
- break;
- CASE_SET_REG32(mmrs, 0xa0)
- CASE_SET_REG32(mmws, 0xa4)
- CASE_SET_REG32(sfs, 0xa8)
- CASE_SET_REG32(drs, 0xac)
- CASE_SET_REG32(sbms, 0xb0)
- CASE_SET_REG32(dbms, 0xb4)
- CASE_SET_REG32(dnad64, 0xb8)
- CASE_SET_REG32(pmjad1, 0xc0)
- CASE_SET_REG32(pmjad2, 0xc4)
- CASE_SET_REG32(rbc, 0xc8)
- CASE_SET_REG32(ua, 0xcc)
- CASE_SET_REG32(ia, 0xd4)
- CASE_SET_REG32(sbc, 0xd8)
- CASE_SET_REG32(csbc, 0xdc)
- default:
- if (offset >= 0x5c && offset < 0xa0) {
- int n;
- int shift;
- n = (offset - 0x58) >> 2;
- shift = (offset & 3) * 8;
- s->scratch[n] &= ~(0xff << shift);
- s->scratch[n] |= (val & 0xff) << shift;
- } else {
- BADF("Unhandled writeb 0x%x = 0x%x\n", offset, val);
- }
- }
-#undef CASE_SET_REG24
-#undef CASE_SET_REG32
-}
-
-static void lsi_mmio_write(void *opaque, hwaddr addr,
- uint64_t val, unsigned size)
-{
- LSIState *s = opaque;
-
- lsi_reg_writeb(s, addr & 0xff, val);
-}
-
-static uint64_t lsi_mmio_read(void *opaque, hwaddr addr,
- unsigned size)
-{
- LSIState *s = opaque;
-
- return lsi_reg_readb(s, addr & 0xff);
-}
-
-static const MemoryRegionOps lsi_mmio_ops = {
- .read = lsi_mmio_read,
- .write = lsi_mmio_write,
- .endianness = DEVICE_NATIVE_ENDIAN,
- .impl = {
- .min_access_size = 1,
- .max_access_size = 1,
- },
-};
-
-static void lsi_ram_write(void *opaque, hwaddr addr,
- uint64_t val, unsigned size)
-{
- LSIState *s = opaque;
- uint32_t newval;
- uint32_t mask;
- int shift;
-
- newval = s->script_ram[addr >> 2];
- shift = (addr & 3) * 8;
- mask = ((uint64_t)1 << (size * 8)) - 1;
- newval &= ~(mask << shift);
- newval |= val << shift;
- s->script_ram[addr >> 2] = newval;
-}
-
-static uint64_t lsi_ram_read(void *opaque, hwaddr addr,
- unsigned size)
-{
- LSIState *s = opaque;
- uint32_t val;
- uint32_t mask;
-
- val = s->script_ram[addr >> 2];
- mask = ((uint64_t)1 << (size * 8)) - 1;
- val >>= (addr & 3) * 8;
- return val & mask;
-}
-
-static const MemoryRegionOps lsi_ram_ops = {
- .read = lsi_ram_read,
- .write = lsi_ram_write,
- .endianness = DEVICE_NATIVE_ENDIAN,
-};
-
-static uint64_t lsi_io_read(void *opaque, hwaddr addr,
- unsigned size)
-{
- LSIState *s = opaque;
- return lsi_reg_readb(s, addr & 0xff);
-}
-
-static void lsi_io_write(void *opaque, hwaddr addr,
- uint64_t val, unsigned size)
-{
- LSIState *s = opaque;
- lsi_reg_writeb(s, addr & 0xff, val);
-}
-
-static const MemoryRegionOps lsi_io_ops = {
- .read = lsi_io_read,
- .write = lsi_io_write,
- .endianness = DEVICE_NATIVE_ENDIAN,
- .impl = {
- .min_access_size = 1,
- .max_access_size = 1,
- },
-};
-
-static void lsi_scsi_reset(DeviceState *dev)
-{
- LSIState *s = DO_UPCAST(LSIState, dev.qdev, dev);
-
- lsi_soft_reset(s);
-}
-
-static void lsi_pre_save(void *opaque)
-{
- LSIState *s = opaque;
-
- if (s->current) {
- assert(s->current->dma_buf == NULL);
- assert(s->current->dma_len == 0);
- }
- assert(QTAILQ_EMPTY(&s->queue));
-}
-
-static const VMStateDescription vmstate_lsi_scsi = {
- .name = "lsiscsi",
- .version_id = 0,
- .minimum_version_id = 0,
- .minimum_version_id_old = 0,
- .pre_save = lsi_pre_save,
- .fields = (VMStateField []) {
- VMSTATE_PCI_DEVICE(dev, LSIState),
-
- VMSTATE_INT32(carry, LSIState),
- VMSTATE_INT32(status, LSIState),
- VMSTATE_INT32(msg_action, LSIState),
- VMSTATE_INT32(msg_len, LSIState),
- VMSTATE_BUFFER(msg, LSIState),
- VMSTATE_INT32(waiting, LSIState),
-
- VMSTATE_UINT32(dsa, LSIState),
- VMSTATE_UINT32(temp, LSIState),
- VMSTATE_UINT32(dnad, LSIState),
- VMSTATE_UINT32(dbc, LSIState),
- VMSTATE_UINT8(istat0, LSIState),
- VMSTATE_UINT8(istat1, LSIState),
- VMSTATE_UINT8(dcmd, LSIState),
- VMSTATE_UINT8(dstat, LSIState),
- VMSTATE_UINT8(dien, LSIState),
- VMSTATE_UINT8(sist0, LSIState),
- VMSTATE_UINT8(sist1, LSIState),
- VMSTATE_UINT8(sien0, LSIState),
- VMSTATE_UINT8(sien1, LSIState),
- VMSTATE_UINT8(mbox0, LSIState),
- VMSTATE_UINT8(mbox1, LSIState),
- VMSTATE_UINT8(dfifo, LSIState),
- VMSTATE_UINT8(ctest2, LSIState),
- VMSTATE_UINT8(ctest3, LSIState),
- VMSTATE_UINT8(ctest4, LSIState),
- VMSTATE_UINT8(ctest5, LSIState),
- VMSTATE_UINT8(ccntl0, LSIState),
- VMSTATE_UINT8(ccntl1, LSIState),
- VMSTATE_UINT32(dsp, LSIState),
- VMSTATE_UINT32(dsps, LSIState),
- VMSTATE_UINT8(dmode, LSIState),
- VMSTATE_UINT8(dcntl, LSIState),
- VMSTATE_UINT8(scntl0, LSIState),
- VMSTATE_UINT8(scntl1, LSIState),
- VMSTATE_UINT8(scntl2, LSIState),
- VMSTATE_UINT8(scntl3, LSIState),
- VMSTATE_UINT8(sstat0, LSIState),
- VMSTATE_UINT8(sstat1, LSIState),
- VMSTATE_UINT8(scid, LSIState),
- VMSTATE_UINT8(sxfer, LSIState),
- VMSTATE_UINT8(socl, LSIState),
- VMSTATE_UINT8(sdid, LSIState),
- VMSTATE_UINT8(ssid, LSIState),
- VMSTATE_UINT8(sfbr, LSIState),
- VMSTATE_UINT8(stest1, LSIState),
- VMSTATE_UINT8(stest2, LSIState),
- VMSTATE_UINT8(stest3, LSIState),
- VMSTATE_UINT8(sidl, LSIState),
- VMSTATE_UINT8(stime0, LSIState),
- VMSTATE_UINT8(respid0, LSIState),
- VMSTATE_UINT8(respid1, LSIState),
- VMSTATE_UINT32(mmrs, LSIState),
- VMSTATE_UINT32(mmws, LSIState),
- VMSTATE_UINT32(sfs, LSIState),
- VMSTATE_UINT32(drs, LSIState),
- VMSTATE_UINT32(sbms, LSIState),
- VMSTATE_UINT32(dbms, LSIState),
- VMSTATE_UINT32(dnad64, LSIState),
- VMSTATE_UINT32(pmjad1, LSIState),
- VMSTATE_UINT32(pmjad2, LSIState),
- VMSTATE_UINT32(rbc, LSIState),
- VMSTATE_UINT32(ua, LSIState),
- VMSTATE_UINT32(ia, LSIState),
- VMSTATE_UINT32(sbc, LSIState),
- VMSTATE_UINT32(csbc, LSIState),
- VMSTATE_BUFFER_UNSAFE(scratch, LSIState, 0, 18 * sizeof(uint32_t)),
- VMSTATE_UINT8(sbr, LSIState),
-
- VMSTATE_BUFFER_UNSAFE(script_ram, LSIState, 0, 2048 * sizeof(uint32_t)),
- VMSTATE_END_OF_LIST()
- }
-};
-
-static void lsi_scsi_uninit(PCIDevice *d)
-{
- LSIState *s = DO_UPCAST(LSIState, dev, d);
-
- memory_region_destroy(&s->mmio_io);
- memory_region_destroy(&s->ram_io);
- memory_region_destroy(&s->io_io);
-}
-
-static const struct SCSIBusInfo lsi_scsi_info = {
- .tcq = true,
- .max_target = LSI_MAX_DEVS,
- .max_lun = 0, /* LUN support is buggy */
-
- .transfer_data = lsi_transfer_data,
- .complete = lsi_command_complete,
- .cancel = lsi_request_cancelled
-};
-
-static int lsi_scsi_init(PCIDevice *dev)
-{
- LSIState *s = DO_UPCAST(LSIState, dev, dev);
- uint8_t *pci_conf;
-
- pci_conf = s->dev.config;
-
- /* PCI latency timer = 255 */
- pci_conf[PCI_LATENCY_TIMER] = 0xff;
- /* Interrupt pin A */
- pci_conf[PCI_INTERRUPT_PIN] = 0x01;
-
- memory_region_init_io(&s->mmio_io, &lsi_mmio_ops, s, "lsi-mmio", 0x400);
- memory_region_init_io(&s->ram_io, &lsi_ram_ops, s, "lsi-ram", 0x2000);
- memory_region_init_io(&s->io_io, &lsi_io_ops, s, "lsi-io", 256);
-
- pci_register_bar(&s->dev, 0, PCI_BASE_ADDRESS_SPACE_IO, &s->io_io);
- pci_register_bar(&s->dev, 1, 0, &s->mmio_io);
- pci_register_bar(&s->dev, 2, PCI_BASE_ADDRESS_SPACE_MEMORY, &s->ram_io);
- QTAILQ_INIT(&s->queue);
-
- scsi_bus_new(&s->bus, &dev->qdev, &lsi_scsi_info);
- if (!dev->qdev.hotplugged) {
- return scsi_bus_legacy_handle_cmdline(&s->bus);
- }
- return 0;
-}
-
-static void lsi_class_init(ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS(klass);
- PCIDeviceClass *k = PCI_DEVICE_CLASS(klass);
-
- k->init = lsi_scsi_init;
- k->exit = lsi_scsi_uninit;
- k->vendor_id = PCI_VENDOR_ID_LSI_LOGIC;
- k->device_id = PCI_DEVICE_ID_LSI_53C895A;
- k->class_id = PCI_CLASS_STORAGE_SCSI;
- k->subsystem_id = 0x1000;
- dc->reset = lsi_scsi_reset;
- dc->vmsd = &vmstate_lsi_scsi;
-}
-
-static TypeInfo lsi_info = {
- .name = "lsi53c895a",
- .parent = TYPE_PCI_DEVICE,
- .instance_size = sizeof(LSIState),
- .class_init = lsi_class_init,
-};
-
-static void lsi53c895a_register_types(void)
-{
- type_register_static(&lsi_info);
-}
-
-type_init(lsi53c895a_register_types)
diff --git a/hw/m25p80.c b/hw/m25p80.c
deleted file mode 100644
index 3895e7395..000000000
--- a/hw/m25p80.c
+++ /dev/null
@@ -1,651 +0,0 @@
-/*
- * ST M25P80 emulator. Emulate all SPI flash devices based on the m25p80 command
- * set. Known devices table current as of Jun/2012 and taken from linux.
- * See drivers/mtd/devices/m25p80.c.
- *
- * Copyright (C) 2011 Edgar E. Iglesias <edgar.iglesias@gmail.com>
- * Copyright (C) 2012 Peter A. G. Crosthwaite <peter.crosthwaite@petalogix.com>
- * Copyright (C) 2012 PetaLogix
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License as
- * published by the Free Software Foundation; either version 2 or
- * (at your option) a later version of the License.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, see <http://www.gnu.org/licenses/>.
- */
-
-#include "hw.h"
-#include "blockdev.h"
-#include "ssi.h"
-#include "devices.h"
-
-#ifdef M25P80_ERR_DEBUG
-#define DB_PRINT(...) do { \
- fprintf(stderr, ": %s: ", __func__); \
- fprintf(stderr, ## __VA_ARGS__); \
- } while (0);
-#else
- #define DB_PRINT(...)
-#endif
-
-/* Fields for FlashPartInfo->flags */
-
-/* erase capabilities */
-#define ER_4K 1
-#define ER_32K 2
-/* set to allow the page program command to write 0s back to 1. Useful for
- * modelling EEPROM with SPI flash command set
- */
-#define WR_1 0x100
-
-typedef struct FlashPartInfo {
- const char *part_name;
- /* jedec code. (jedec >> 16) & 0xff is the 1st byte, >> 8 the 2nd etc */
- uint32_t jedec;
- /* extended jedec code */
- uint16_t ext_jedec;
- /* there is confusion between manufacturers as to what a sector is. In this
- * device model, a "sector" is the size that is erased by the ERASE_SECTOR
- * command (opcode 0xd8).
- */
- uint32_t sector_size;
- uint32_t n_sectors;
- uint32_t page_size;
- uint8_t flags;
-} FlashPartInfo;
-
-/* adapted from linux */
-
-#define INFO(_part_name, _jedec, _ext_jedec, _sector_size, _n_sectors, _flags)\
- .part_name = (_part_name),\
- .jedec = (_jedec),\
- .ext_jedec = (_ext_jedec),\
- .sector_size = (_sector_size),\
- .n_sectors = (_n_sectors),\
- .page_size = 256,\
- .flags = (_flags),\
-
-#define JEDEC_NUMONYX 0x20
-#define JEDEC_WINBOND 0xEF
-#define JEDEC_SPANSION 0x01
-
-static const FlashPartInfo known_devices[] = {
- /* Atmel -- some are (confusingly) marketed as "DataFlash" */
- { INFO("at25fs010", 0x1f6601, 0, 32 << 10, 4, ER_4K) },
- { INFO("at25fs040", 0x1f6604, 0, 64 << 10, 8, ER_4K) },
-
- { INFO("at25df041a", 0x1f4401, 0, 64 << 10, 8, ER_4K) },
- { INFO("at25df321a", 0x1f4701, 0, 64 << 10, 64, ER_4K) },
- { INFO("at25df641", 0x1f4800, 0, 64 << 10, 128, ER_4K) },
-
- { INFO("at26f004", 0x1f0400, 0, 64 << 10, 8, ER_4K) },
- { INFO("at26df081a", 0x1f4501, 0, 64 << 10, 16, ER_4K) },
- { INFO("at26df161a", 0x1f4601, 0, 64 << 10, 32, ER_4K) },
- { INFO("at26df321", 0x1f4700, 0, 64 << 10, 64, ER_4K) },
-
- /* EON -- en25xxx */
- { INFO("en25f32", 0x1c3116, 0, 64 << 10, 64, ER_4K) },
- { INFO("en25p32", 0x1c2016, 0, 64 << 10, 64, 0) },
- { INFO("en25q32b", 0x1c3016, 0, 64 << 10, 64, 0) },
- { INFO("en25p64", 0x1c2017, 0, 64 << 10, 128, 0) },
-
- /* Intel/Numonyx -- xxxs33b */
- { INFO("160s33b", 0x898911, 0, 64 << 10, 32, 0) },
- { INFO("320s33b", 0x898912, 0, 64 << 10, 64, 0) },
- { INFO("640s33b", 0x898913, 0, 64 << 10, 128, 0) },
-
- /* Macronix */
- { INFO("mx25l4005a", 0xc22013, 0, 64 << 10, 8, ER_4K) },
- { INFO("mx25l8005", 0xc22014, 0, 64 << 10, 16, 0) },
- { INFO("mx25l1606e", 0xc22015, 0, 64 << 10, 32, ER_4K) },
- { INFO("mx25l3205d", 0xc22016, 0, 64 << 10, 64, 0) },
- { INFO("mx25l6405d", 0xc22017, 0, 64 << 10, 128, 0) },
- { INFO("mx25l12805d", 0xc22018, 0, 64 << 10, 256, 0) },
- { INFO("mx25l12855e", 0xc22618, 0, 64 << 10, 256, 0) },
- { INFO("mx25l25635e", 0xc22019, 0, 64 << 10, 512, 0) },
- { INFO("mx25l25655e", 0xc22619, 0, 64 << 10, 512, 0) },
-
- /* Spansion -- single (large) sector size only, at least
- * for the chips listed here (without boot sectors).
- */
- { INFO("s25sl004a", 0x010212, 0, 64 << 10, 8, 0) },
- { INFO("s25sl008a", 0x010213, 0, 64 << 10, 16, 0) },
- { INFO("s25sl016a", 0x010214, 0, 64 << 10, 32, 0) },
- { INFO("s25sl032a", 0x010215, 0, 64 << 10, 64, 0) },
- { INFO("s25sl032p", 0x010215, 0x4d00, 64 << 10, 64, ER_4K) },
- { INFO("s25sl064a", 0x010216, 0, 64 << 10, 128, 0) },
- { INFO("s25fl256s0", 0x010219, 0x4d00, 256 << 10, 128, 0) },
- { INFO("s25fl256s1", 0x010219, 0x4d01, 64 << 10, 512, 0) },
- { INFO("s25fl512s", 0x010220, 0x4d00, 256 << 10, 256, 0) },
- { INFO("s70fl01gs", 0x010221, 0x4d00, 256 << 10, 256, 0) },
- { INFO("s25sl12800", 0x012018, 0x0300, 256 << 10, 64, 0) },
- { INFO("s25sl12801", 0x012018, 0x0301, 64 << 10, 256, 0) },
- { INFO("s25fl129p0", 0x012018, 0x4d00, 256 << 10, 64, 0) },
- { INFO("s25fl129p1", 0x012018, 0x4d01, 64 << 10, 256, 0) },
- { INFO("s25fl016k", 0xef4015, 0, 64 << 10, 32, ER_4K | ER_32K) },
- { INFO("s25fl064k", 0xef4017, 0, 64 << 10, 128, ER_4K | ER_32K) },
-
- /* SST -- large erase sizes are "overlays", "sectors" are 4<< 10 */
- { INFO("sst25vf040b", 0xbf258d, 0, 64 << 10, 8, ER_4K) },
- { INFO("sst25vf080b", 0xbf258e, 0, 64 << 10, 16, ER_4K) },
- { INFO("sst25vf016b", 0xbf2541, 0, 64 << 10, 32, ER_4K) },
- { INFO("sst25vf032b", 0xbf254a, 0, 64 << 10, 64, ER_4K) },
- { INFO("sst25wf512", 0xbf2501, 0, 64 << 10, 1, ER_4K) },
- { INFO("sst25wf010", 0xbf2502, 0, 64 << 10, 2, ER_4K) },
- { INFO("sst25wf020", 0xbf2503, 0, 64 << 10, 4, ER_4K) },
- { INFO("sst25wf040", 0xbf2504, 0, 64 << 10, 8, ER_4K) },
-
- /* ST Microelectronics -- newer production may have feature updates */
- { INFO("m25p05", 0x202010, 0, 32 << 10, 2, 0) },
- { INFO("m25p10", 0x202011, 0, 32 << 10, 4, 0) },
- { INFO("m25p20", 0x202012, 0, 64 << 10, 4, 0) },
- { INFO("m25p40", 0x202013, 0, 64 << 10, 8, 0) },
- { INFO("m25p80", 0x202014, 0, 64 << 10, 16, 0) },
- { INFO("m25p16", 0x202015, 0, 64 << 10, 32, 0) },
- { INFO("m25p32", 0x202016, 0, 64 << 10, 64, 0) },
- { INFO("m25p64", 0x202017, 0, 64 << 10, 128, 0) },
- { INFO("m25p128", 0x202018, 0, 256 << 10, 64, 0) },
-
- { INFO("m45pe10", 0x204011, 0, 64 << 10, 2, 0) },
- { INFO("m45pe80", 0x204014, 0, 64 << 10, 16, 0) },
- { INFO("m45pe16", 0x204015, 0, 64 << 10, 32, 0) },
-
- { INFO("m25pe80", 0x208014, 0, 64 << 10, 16, 0) },
- { INFO("m25pe16", 0x208015, 0, 64 << 10, 32, ER_4K) },
-
- { INFO("m25px32", 0x207116, 0, 64 << 10, 64, ER_4K) },
- { INFO("m25px32-s0", 0x207316, 0, 64 << 10, 64, ER_4K) },
- { INFO("m25px32-s1", 0x206316, 0, 64 << 10, 64, ER_4K) },
- { INFO("m25px64", 0x207117, 0, 64 << 10, 128, 0) },
-
- /* Winbond -- w25x "blocks" are 64k, "sectors" are 4KiB */
- { INFO("w25x10", 0xef3011, 0, 64 << 10, 2, ER_4K) },
- { INFO("w25x20", 0xef3012, 0, 64 << 10, 4, ER_4K) },
- { INFO("w25x40", 0xef3013, 0, 64 << 10, 8, ER_4K) },
- { INFO("w25x80", 0xef3014, 0, 64 << 10, 16, ER_4K) },
- { INFO("w25x16", 0xef3015, 0, 64 << 10, 32, ER_4K) },
- { INFO("w25x32", 0xef3016, 0, 64 << 10, 64, ER_4K) },
- { INFO("w25q32", 0xef4016, 0, 64 << 10, 64, ER_4K) },
- { INFO("w25x64", 0xef3017, 0, 64 << 10, 128, ER_4K) },
- { INFO("w25q64", 0xef4017, 0, 64 << 10, 128, ER_4K) },
-
- /* Numonyx -- n25q128 */
- { INFO("n25q128", 0x20ba18, 0, 64 << 10, 256, 0) },
-
- { },
-};
-
-typedef enum {
- NOP = 0,
- WRDI = 0x4,
- RDSR = 0x5,
- WREN = 0x6,
- JEDEC_READ = 0x9f,
- BULK_ERASE = 0xc7,
-
- READ = 0x3,
- FAST_READ = 0xb,
- DOR = 0x3b,
- QOR = 0x6b,
- DIOR = 0xbb,
- QIOR = 0xeb,
-
- PP = 0x2,
- DPP = 0xa2,
- QPP = 0x32,
-
- ERASE_4K = 0x20,
- ERASE_32K = 0x52,
- ERASE_SECTOR = 0xd8,
-} FlashCMD;
-
-typedef enum {
- STATE_IDLE,
- STATE_PAGE_PROGRAM,
- STATE_READ,
- STATE_COLLECTING_DATA,
- STATE_READING_DATA,
-} CMDState;
-
-typedef struct Flash {
- SSISlave ssidev;
- uint32_t r;
-
- BlockDriverState *bdrv;
-
- uint8_t *storage;
- uint32_t size;
- int page_size;
-
- uint8_t state;
- uint8_t data[16];
- uint32_t len;
- uint32_t pos;
- uint8_t needed_bytes;
- uint8_t cmd_in_progress;
- uint64_t cur_addr;
- bool write_enable;
-
- int64_t dirty_page;
-
- char *part_name;
- const FlashPartInfo *pi;
-
-} Flash;
-
-static void bdrv_sync_complete(void *opaque, int ret)
-{
- /* do nothing. Masters do not directly interact with the backing store,
- * only the working copy so no mutexing required.
- */
-}
-
-static void flash_sync_page(Flash *s, int page)
-{
- if (s->bdrv) {
- int bdrv_sector, nb_sectors;
- QEMUIOVector iov;
-
- bdrv_sector = (page * s->pi->page_size) / BDRV_SECTOR_SIZE;
- nb_sectors = DIV_ROUND_UP(s->pi->page_size, BDRV_SECTOR_SIZE);
- qemu_iovec_init(&iov, 1);
- qemu_iovec_add(&iov, s->storage + bdrv_sector * BDRV_SECTOR_SIZE,
- nb_sectors * BDRV_SECTOR_SIZE);
- bdrv_aio_writev(s->bdrv, bdrv_sector, &iov, nb_sectors,
- bdrv_sync_complete, NULL);
- }
-}
-
-static inline void flash_sync_area(Flash *s, int64_t off, int64_t len)
-{
- int64_t start, end, nb_sectors;
- QEMUIOVector iov;
-
- if (!s->bdrv) {
- return;
- }
-
- assert(!(len % BDRV_SECTOR_SIZE));
- start = off / BDRV_SECTOR_SIZE;
- end = (off + len) / BDRV_SECTOR_SIZE;
- nb_sectors = end - start;
- qemu_iovec_init(&iov, 1);
- qemu_iovec_add(&iov, s->storage + (start * BDRV_SECTOR_SIZE),
- nb_sectors * BDRV_SECTOR_SIZE);
- bdrv_aio_writev(s->bdrv, start, &iov, nb_sectors, bdrv_sync_complete, NULL);
-}
-
-static void flash_erase(Flash *s, int offset, FlashCMD cmd)
-{
- uint32_t len;
- uint8_t capa_to_assert = 0;
-
- switch (cmd) {
- case ERASE_4K:
- len = 4 << 10;
- capa_to_assert = ER_4K;
- break;
- case ERASE_32K:
- len = 32 << 10;
- capa_to_assert = ER_32K;
- break;
- case ERASE_SECTOR:
- len = s->pi->sector_size;
- break;
- case BULK_ERASE:
- len = s->size;
- break;
- default:
- abort();
- }
-
- DB_PRINT("offset = %#x, len = %d\n", offset, len);
- if ((s->pi->flags & capa_to_assert) != capa_to_assert) {
- hw_error("m25p80: %dk erase size not supported by device\n", len);
- }
-
- if (!s->write_enable) {
- DB_PRINT("erase with write protect!\n");
- return;
- }
- memset(s->storage + offset, 0xff, len);
- flash_sync_area(s, offset, len);
-}
-
-static inline void flash_sync_dirty(Flash *s, int64_t newpage)
-{
- if (s->dirty_page >= 0 && s->dirty_page != newpage) {
- flash_sync_page(s, s->dirty_page);
- s->dirty_page = newpage;
- }
-}
-
-static inline
-void flash_write8(Flash *s, uint64_t addr, uint8_t data)
-{
- int64_t page = addr / s->pi->page_size;
- uint8_t prev = s->storage[s->cur_addr];
-
- if (!s->write_enable) {
- DB_PRINT("write with write protect!\n");
- }
-
- if ((prev ^ data) & data) {
- DB_PRINT("programming zero to one! addr=%lx %x -> %x\n",
- addr, prev, data);
- }
-
- if (s->pi->flags & WR_1) {
- s->storage[s->cur_addr] = data;
- } else {
- s->storage[s->cur_addr] &= data;
- }
-
- flash_sync_dirty(s, page);
- s->dirty_page = page;
-}
-
-static void complete_collecting_data(Flash *s)
-{
- s->cur_addr = s->data[0] << 16;
- s->cur_addr |= s->data[1] << 8;
- s->cur_addr |= s->data[2];
-
- switch (s->cmd_in_progress) {
- case DPP:
- case QPP:
- case PP:
- s->state = STATE_PAGE_PROGRAM;
- break;
- case READ:
- case FAST_READ:
- case DOR:
- case QOR:
- case DIOR:
- case QIOR:
- s->state = STATE_READ;
- break;
- case ERASE_4K:
- case ERASE_32K:
- case ERASE_SECTOR:
- flash_erase(s, s->cur_addr, s->cmd_in_progress);
- break;
- default:
- break;
- }
-}
-
-static void decode_new_cmd(Flash *s, uint32_t value)
-{
- s->cmd_in_progress = value;
- DB_PRINT("decoded new command:%x\n", value);
-
- switch (value) {
-
- case ERASE_4K:
- case ERASE_32K:
- case ERASE_SECTOR:
- case READ:
- case DPP:
- case QPP:
- case PP:
- s->needed_bytes = 3;
- s->pos = 0;
- s->len = 0;
- s->state = STATE_COLLECTING_DATA;
- break;
-
- case FAST_READ:
- case DOR:
- case QOR:
- s->needed_bytes = 4;
- s->pos = 0;
- s->len = 0;
- s->state = STATE_COLLECTING_DATA;
- break;
-
- case DIOR:
- switch ((s->pi->jedec >> 16) & 0xFF) {
- case JEDEC_WINBOND:
- case JEDEC_SPANSION:
- s->needed_bytes = 4;
- break;
- case JEDEC_NUMONYX:
- default:
- s->needed_bytes = 5;
- }
- s->pos = 0;
- s->len = 0;
- s->state = STATE_COLLECTING_DATA;
- break;
-
- case QIOR:
- switch ((s->pi->jedec >> 16) & 0xFF) {
- case JEDEC_WINBOND:
- case JEDEC_SPANSION:
- s->needed_bytes = 6;
- break;
- case JEDEC_NUMONYX:
- default:
- s->needed_bytes = 8;
- }
- s->pos = 0;
- s->len = 0;
- s->state = STATE_COLLECTING_DATA;
- break;
-
- case WRDI:
- s->write_enable = false;
- break;
- case WREN:
- s->write_enable = true;
- break;
-
- case RDSR:
- s->data[0] = (!!s->write_enable) << 1;
- s->pos = 0;
- s->len = 1;
- s->state = STATE_READING_DATA;
- break;
-
- case JEDEC_READ:
- DB_PRINT("populated jedec code\n");
- s->data[0] = (s->pi->jedec >> 16) & 0xff;
- s->data[1] = (s->pi->jedec >> 8) & 0xff;
- s->data[2] = s->pi->jedec & 0xff;
- if (s->pi->ext_jedec) {
- s->data[3] = (s->pi->ext_jedec >> 8) & 0xff;
- s->data[4] = s->pi->ext_jedec & 0xff;
- s->len = 5;
- } else {
- s->len = 3;
- }
- s->pos = 0;
- s->state = STATE_READING_DATA;
- break;
-
- case BULK_ERASE:
- if (s->write_enable) {
- DB_PRINT("chip erase\n");
- flash_erase(s, 0, BULK_ERASE);
- } else {
- DB_PRINT("chip erase with write protect!\n");
- }
- break;
- case NOP:
- break;
- default:
- DB_PRINT("Unknown cmd %x\n", value);
- break;
- }
-}
-
-static int m25p80_cs(SSISlave *ss, bool select)
-{
- Flash *s = FROM_SSI_SLAVE(Flash, ss);
-
- if (select) {
- s->len = 0;
- s->pos = 0;
- s->state = STATE_IDLE;
- flash_sync_dirty(s, -1);
- }
-
- DB_PRINT("%sselect\n", select ? "de" : "");
-
- return 0;
-}
-
-static uint32_t m25p80_transfer8(SSISlave *ss, uint32_t tx)
-{
- Flash *s = FROM_SSI_SLAVE(Flash, ss);
- uint32_t r = 0;
-
- switch (s->state) {
-
- case STATE_PAGE_PROGRAM:
- DB_PRINT("page program cur_addr=%lx data=%x\n", s->cur_addr,
- (uint8_t)tx);
- flash_write8(s, s->cur_addr, (uint8_t)tx);
- s->cur_addr++;
- break;
-
- case STATE_READ:
- r = s->storage[s->cur_addr];
- DB_PRINT("READ 0x%lx=%x\n", s->cur_addr, r);
- s->cur_addr = (s->cur_addr + 1) % s->size;
- break;
-
- case STATE_COLLECTING_DATA:
- s->data[s->len] = (uint8_t)tx;
- s->len++;
-
- if (s->len == s->needed_bytes) {
- complete_collecting_data(s);
- }
- break;
-
- case STATE_READING_DATA:
- r = s->data[s->pos];
- s->pos++;
- if (s->pos == s->len) {
- s->pos = 0;
- s->state = STATE_IDLE;
- }
- break;
-
- default:
- case STATE_IDLE:
- decode_new_cmd(s, (uint8_t)tx);
- break;
- }
-
- return r;
-}
-
-static int m25p80_init(SSISlave *ss)
-{
- DriveInfo *dinfo;
- Flash *s = FROM_SSI_SLAVE(Flash, ss);
- const FlashPartInfo *i;
-
- if (!s->part_name) { /* default to actual m25p80 if no partname given */
- s->part_name = (char *)"m25p80";
- }
-
- i = known_devices;
- for (i = known_devices;; i++) {
- assert(i);
- if (!i->part_name) {
- fprintf(stderr, "Unknown SPI flash part: \"%s\"\n", s->part_name);
- return 1;
- } else if (!strcmp(i->part_name, s->part_name)) {
- s->pi = i;
- break;
- }
- }
-
- s->size = s->pi->sector_size * s->pi->n_sectors;
- s->dirty_page = -1;
- s->storage = qemu_blockalign(s->bdrv, s->size);
-
- dinfo = drive_get_next(IF_MTD);
-
- if (dinfo && dinfo->bdrv) {
- DB_PRINT("Binding to IF_MTD drive\n");
- s->bdrv = dinfo->bdrv;
- /* FIXME: Move to late init */
- if (bdrv_read(s->bdrv, 0, s->storage, DIV_ROUND_UP(s->size,
- BDRV_SECTOR_SIZE))) {
- fprintf(stderr, "Failed to initialize SPI flash!\n");
- return 1;
- }
- } else {
- memset(s->storage, 0xFF, s->size);
- }
-
- return 0;
-}
-
-static void m25p80_pre_save(void *opaque)
-{
- flash_sync_dirty((Flash *)opaque, -1);
-}
-
-static const VMStateDescription vmstate_m25p80 = {
- .name = "xilinx_spi",
- .version_id = 1,
- .minimum_version_id = 1,
- .minimum_version_id_old = 1,
- .pre_save = m25p80_pre_save,
- .fields = (VMStateField[]) {
- VMSTATE_UINT8(state, Flash),
- VMSTATE_UINT8_ARRAY(data, Flash, 16),
- VMSTATE_UINT32(len, Flash),
- VMSTATE_UINT32(pos, Flash),
- VMSTATE_UINT8(needed_bytes, Flash),
- VMSTATE_UINT8(cmd_in_progress, Flash),
- VMSTATE_UINT64(cur_addr, Flash),
- VMSTATE_BOOL(write_enable, Flash),
- VMSTATE_END_OF_LIST()
- }
-};
-
-static Property m25p80_properties[] = {
- DEFINE_PROP_STRING("partname", Flash, part_name),
- DEFINE_PROP_END_OF_LIST(),
-};
-
-static void m25p80_class_init(ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS(klass);
- SSISlaveClass *k = SSI_SLAVE_CLASS(klass);
-
- k->init = m25p80_init;
- k->transfer = m25p80_transfer8;
- k->set_cs = m25p80_cs;
- k->cs_polarity = SSI_CS_LOW;
- dc->props = m25p80_properties;
- dc->vmsd = &vmstate_m25p80;
-}
-
-static const TypeInfo m25p80_info = {
- .name = "m25p80",
- .parent = TYPE_SSI_SLAVE,
- .instance_size = sizeof(Flash),
- .class_init = m25p80_class_init,
-};
-
-static void m25p80_register_types(void)
-{
- type_register_static(&m25p80_info);
-}
-
-type_init(m25p80_register_types)
diff --git a/hw/m48t59.c b/hw/m48t59.c
deleted file mode 100644
index 7da7e7c82..000000000
--- a/hw/m48t59.c
+++ /dev/null
@@ -1,778 +0,0 @@
-/*
- * QEMU M48T59 and M48T08 NVRAM emulation for PPC PREP and Sparc platforms
- *
- * Copyright (c) 2003-2005, 2007 Jocelyn Mayer
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
- * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
- * THE SOFTWARE.
- */
-#include "hw.h"
-#include "nvram.h"
-#include "qemu-timer.h"
-#include "sysemu.h"
-#include "sysbus.h"
-#include "isa.h"
-#include "exec-memory.h"
-
-//#define DEBUG_NVRAM
-
-#if defined(DEBUG_NVRAM)
-#define NVRAM_PRINTF(fmt, ...) do { printf(fmt , ## __VA_ARGS__); } while (0)
-#else
-#define NVRAM_PRINTF(fmt, ...) do { } while (0)
-#endif
-
-/*
- * The M48T02, M48T08 and M48T59 chips are very similar. The newer '59 has
- * alarm and a watchdog timer and related control registers. In the
- * PPC platform there is also a nvram lock function.
- */
-
-/*
- * Chipset docs:
- * http://www.st.com/stonline/products/literature/ds/2410/m48t02.pdf
- * http://www.st.com/stonline/products/literature/ds/2411/m48t08.pdf
- * http://www.st.com/stonline/products/literature/od/7001/m48t59y.pdf
- */
-
-struct M48t59State {
- /* Hardware parameters */
- qemu_irq IRQ;
- MemoryRegion iomem;
- uint32_t io_base;
- uint32_t size;
- /* RTC management */
- time_t time_offset;
- time_t stop_time;
- /* Alarm & watchdog */
- struct tm alarm;
- struct QEMUTimer *alrm_timer;
- struct QEMUTimer *wd_timer;
- /* NVRAM storage */
- uint8_t *buffer;
- /* Model parameters */
- uint32_t model; /* 2 = m48t02, 8 = m48t08, 59 = m48t59 */
- /* NVRAM storage */
- uint16_t addr;
- uint8_t lock;
-};
-
-typedef struct M48t59ISAState {
- ISADevice busdev;
- M48t59State state;
- MemoryRegion io;
-} M48t59ISAState;
-
-typedef struct M48t59SysBusState {
- SysBusDevice busdev;
- M48t59State state;
- MemoryRegion io;
-} M48t59SysBusState;
-
-/* Fake timer functions */
-
-/* Alarm management */
-static void alarm_cb (void *opaque)
-{
- struct tm tm;
- uint64_t next_time;
- M48t59State *NVRAM = opaque;
-
- qemu_set_irq(NVRAM->IRQ, 1);
- if ((NVRAM->buffer[0x1FF5] & 0x80) == 0 &&
- (NVRAM->buffer[0x1FF4] & 0x80) == 0 &&
- (NVRAM->buffer[0x1FF3] & 0x80) == 0 &&
- (NVRAM->buffer[0x1FF2] & 0x80) == 0) {
- /* Repeat once a month */
- qemu_get_timedate(&tm, NVRAM->time_offset);
- tm.tm_mon++;
- if (tm.tm_mon == 13) {
- tm.tm_mon = 1;
- tm.tm_year++;
- }
- next_time = qemu_timedate_diff(&tm) - NVRAM->time_offset;
- } else if ((NVRAM->buffer[0x1FF5] & 0x80) != 0 &&
- (NVRAM->buffer[0x1FF4] & 0x80) == 0 &&
- (NVRAM->buffer[0x1FF3] & 0x80) == 0 &&
- (NVRAM->buffer[0x1FF2] & 0x80) == 0) {
- /* Repeat once a day */
- next_time = 24 * 60 * 60;
- } else if ((NVRAM->buffer[0x1FF5] & 0x80) != 0 &&
- (NVRAM->buffer[0x1FF4] & 0x80) != 0 &&
- (NVRAM->buffer[0x1FF3] & 0x80) == 0 &&
- (NVRAM->buffer[0x1FF2] & 0x80) == 0) {
- /* Repeat once an hour */
- next_time = 60 * 60;
- } else if ((NVRAM->buffer[0x1FF5] & 0x80) != 0 &&
- (NVRAM->buffer[0x1FF4] & 0x80) != 0 &&
- (NVRAM->buffer[0x1FF3] & 0x80) != 0 &&
- (NVRAM->buffer[0x1FF2] & 0x80) == 0) {
- /* Repeat once a minute */
- next_time = 60;
- } else {
- /* Repeat once a second */
- next_time = 1;
- }
- qemu_mod_timer(NVRAM->alrm_timer, qemu_get_clock_ns(rtc_clock) +
- next_time * 1000);
- qemu_set_irq(NVRAM->IRQ, 0);
-}
-
-static void set_alarm(M48t59State *NVRAM)
-{
- int diff;
- if (NVRAM->alrm_timer != NULL) {
- qemu_del_timer(NVRAM->alrm_timer);
- diff = qemu_timedate_diff(&NVRAM->alarm) - NVRAM->time_offset;
- if (diff > 0)
- qemu_mod_timer(NVRAM->alrm_timer, diff * 1000);
- }
-}
-
-/* RTC management helpers */
-static inline void get_time(M48t59State *NVRAM, struct tm *tm)
-{
- qemu_get_timedate(tm, NVRAM->time_offset);
-}
-
-static void set_time(M48t59State *NVRAM, struct tm *tm)
-{
- NVRAM->time_offset = qemu_timedate_diff(tm);
- set_alarm(NVRAM);
-}
-
-/* Watchdog management */
-static void watchdog_cb (void *opaque)
-{
- M48t59State *NVRAM = opaque;
-
- NVRAM->buffer[0x1FF0] |= 0x80;
- if (NVRAM->buffer[0x1FF7] & 0x80) {
- NVRAM->buffer[0x1FF7] = 0x00;
- NVRAM->buffer[0x1FFC] &= ~0x40;
- /* May it be a hw CPU Reset instead ? */
- qemu_system_reset_request();
- } else {
- qemu_set_irq(NVRAM->IRQ, 1);
- qemu_set_irq(NVRAM->IRQ, 0);
- }
-}
-
-static void set_up_watchdog(M48t59State *NVRAM, uint8_t value)
-{
- uint64_t interval; /* in 1/16 seconds */
-
- NVRAM->buffer[0x1FF0] &= ~0x80;
- if (NVRAM->wd_timer != NULL) {
- qemu_del_timer(NVRAM->wd_timer);
- if (value != 0) {
- interval = (1 << (2 * (value & 0x03))) * ((value >> 2) & 0x1F);
- qemu_mod_timer(NVRAM->wd_timer, ((uint64_t)time(NULL) * 1000) +
- ((interval * 1000) >> 4));
- }
- }
-}
-
-/* Direct access to NVRAM */
-void m48t59_write (void *opaque, uint32_t addr, uint32_t val)
-{
- M48t59State *NVRAM = opaque;
- struct tm tm;
- int tmp;
-
- if (addr > 0x1FF8 && addr < 0x2000)
- NVRAM_PRINTF("%s: 0x%08x => 0x%08x\n", __func__, addr, val);
-
- /* check for NVRAM access */
- if ((NVRAM->model == 2 && addr < 0x7f8) ||
- (NVRAM->model == 8 && addr < 0x1ff8) ||
- (NVRAM->model == 59 && addr < 0x1ff0)) {
- goto do_write;
- }
-
- /* TOD access */
- switch (addr) {
- case 0x1FF0:
- /* flags register : read-only */
- break;
- case 0x1FF1:
- /* unused */
- break;
- case 0x1FF2:
- /* alarm seconds */
- tmp = from_bcd(val & 0x7F);
- if (tmp >= 0 && tmp <= 59) {
- NVRAM->alarm.tm_sec = tmp;
- NVRAM->buffer[0x1FF2] = val;
- set_alarm(NVRAM);
- }
- break;
- case 0x1FF3:
- /* alarm minutes */
- tmp = from_bcd(val & 0x7F);
- if (tmp >= 0 && tmp <= 59) {
- NVRAM->alarm.tm_min = tmp;
- NVRAM->buffer[0x1FF3] = val;
- set_alarm(NVRAM);
- }
- break;
- case 0x1FF4:
- /* alarm hours */
- tmp = from_bcd(val & 0x3F);
- if (tmp >= 0 && tmp <= 23) {
- NVRAM->alarm.tm_hour = tmp;
- NVRAM->buffer[0x1FF4] = val;
- set_alarm(NVRAM);
- }
- break;
- case 0x1FF5:
- /* alarm date */
- tmp = from_bcd(val & 0x3F);
- if (tmp != 0) {
- NVRAM->alarm.tm_mday = tmp;
- NVRAM->buffer[0x1FF5] = val;
- set_alarm(NVRAM);
- }
- break;
- case 0x1FF6:
- /* interrupts */
- NVRAM->buffer[0x1FF6] = val;
- break;
- case 0x1FF7:
- /* watchdog */
- NVRAM->buffer[0x1FF7] = val;
- set_up_watchdog(NVRAM, val);
- break;
- case 0x1FF8:
- case 0x07F8:
- /* control */
- NVRAM->buffer[addr] = (val & ~0xA0) | 0x90;
- break;
- case 0x1FF9:
- case 0x07F9:
- /* seconds (BCD) */
- tmp = from_bcd(val & 0x7F);
- if (tmp >= 0 && tmp <= 59) {
- get_time(NVRAM, &tm);
- tm.tm_sec = tmp;
- set_time(NVRAM, &tm);
- }
- if ((val & 0x80) ^ (NVRAM->buffer[addr] & 0x80)) {
- if (val & 0x80) {
- NVRAM->stop_time = time(NULL);
- } else {
- NVRAM->time_offset += NVRAM->stop_time - time(NULL);
- NVRAM->stop_time = 0;
- }
- }
- NVRAM->buffer[addr] = val & 0x80;
- break;
- case 0x1FFA:
- case 0x07FA:
- /* minutes (BCD) */
- tmp = from_bcd(val & 0x7F);
- if (tmp >= 0 && tmp <= 59) {
- get_time(NVRAM, &tm);
- tm.tm_min = tmp;
- set_time(NVRAM, &tm);
- }
- break;
- case 0x1FFB:
- case 0x07FB:
- /* hours (BCD) */
- tmp = from_bcd(val & 0x3F);
- if (tmp >= 0 && tmp <= 23) {
- get_time(NVRAM, &tm);
- tm.tm_hour = tmp;
- set_time(NVRAM, &tm);
- }
- break;
- case 0x1FFC:
- case 0x07FC:
- /* day of the week / century */
- tmp = from_bcd(val & 0x07);
- get_time(NVRAM, &tm);
- tm.tm_wday = tmp;
- set_time(NVRAM, &tm);
- NVRAM->buffer[addr] = val & 0x40;
- break;
- case 0x1FFD:
- case 0x07FD:
- /* date (BCD) */
- tmp = from_bcd(val & 0x3F);
- if (tmp != 0) {
- get_time(NVRAM, &tm);
- tm.tm_mday = tmp;
- set_time(NVRAM, &tm);
- }
- break;
- case 0x1FFE:
- case 0x07FE:
- /* month */
- tmp = from_bcd(val & 0x1F);
- if (tmp >= 1 && tmp <= 12) {
- get_time(NVRAM, &tm);
- tm.tm_mon = tmp - 1;
- set_time(NVRAM, &tm);
- }
- break;
- case 0x1FFF:
- case 0x07FF:
- /* year */
- tmp = from_bcd(val);
- if (tmp >= 0 && tmp <= 99) {
- get_time(NVRAM, &tm);
- if (NVRAM->model == 8) {
- tm.tm_year = from_bcd(val) + 68; // Base year is 1968
- } else {
- tm.tm_year = from_bcd(val);
- }
- set_time(NVRAM, &tm);
- }
- break;
- default:
- /* Check lock registers state */
- if (addr >= 0x20 && addr <= 0x2F && (NVRAM->lock & 1))
- break;
- if (addr >= 0x30 && addr <= 0x3F && (NVRAM->lock & 2))
- break;
- do_write:
- if (addr < NVRAM->size) {
- NVRAM->buffer[addr] = val & 0xFF;
- }
- break;
- }
-}
-
-uint32_t m48t59_read (void *opaque, uint32_t addr)
-{
- M48t59State *NVRAM = opaque;
- struct tm tm;
- uint32_t retval = 0xFF;
-
- /* check for NVRAM access */
- if ((NVRAM->model == 2 && addr < 0x078f) ||
- (NVRAM->model == 8 && addr < 0x1ff8) ||
- (NVRAM->model == 59 && addr < 0x1ff0)) {
- goto do_read;
- }
-
- /* TOD access */
- switch (addr) {
- case 0x1FF0:
- /* flags register */
- goto do_read;
- case 0x1FF1:
- /* unused */
- retval = 0;
- break;
- case 0x1FF2:
- /* alarm seconds */
- goto do_read;
- case 0x1FF3:
- /* alarm minutes */
- goto do_read;
- case 0x1FF4:
- /* alarm hours */
- goto do_read;
- case 0x1FF5:
- /* alarm date */
- goto do_read;
- case 0x1FF6:
- /* interrupts */
- goto do_read;
- case 0x1FF7:
- /* A read resets the watchdog */
- set_up_watchdog(NVRAM, NVRAM->buffer[0x1FF7]);
- goto do_read;
- case 0x1FF8:
- case 0x07F8:
- /* control */
- goto do_read;
- case 0x1FF9:
- case 0x07F9:
- /* seconds (BCD) */
- get_time(NVRAM, &tm);
- retval = (NVRAM->buffer[addr] & 0x80) | to_bcd(tm.tm_sec);
- break;
- case 0x1FFA:
- case 0x07FA:
- /* minutes (BCD) */
- get_time(NVRAM, &tm);
- retval = to_bcd(tm.tm_min);
- break;
- case 0x1FFB:
- case 0x07FB:
- /* hours (BCD) */
- get_time(NVRAM, &tm);
- retval = to_bcd(tm.tm_hour);
- break;
- case 0x1FFC:
- case 0x07FC:
- /* day of the week / century */
- get_time(NVRAM, &tm);
- retval = NVRAM->buffer[addr] | tm.tm_wday;
- break;
- case 0x1FFD:
- case 0x07FD:
- /* date */
- get_time(NVRAM, &tm);
- retval = to_bcd(tm.tm_mday);
- break;
- case 0x1FFE:
- case 0x07FE:
- /* month */
- get_time(NVRAM, &tm);
- retval = to_bcd(tm.tm_mon + 1);
- break;
- case 0x1FFF:
- case 0x07FF:
- /* year */
- get_time(NVRAM, &tm);
- if (NVRAM->model == 8) {
- retval = to_bcd(tm.tm_year - 68); // Base year is 1968
- } else {
- retval = to_bcd(tm.tm_year);
- }
- break;
- default:
- /* Check lock registers state */
- if (addr >= 0x20 && addr <= 0x2F && (NVRAM->lock & 1))
- break;
- if (addr >= 0x30 && addr <= 0x3F && (NVRAM->lock & 2))
- break;
- do_read:
- if (addr < NVRAM->size) {
- retval = NVRAM->buffer[addr];
- }
- break;
- }
- if (addr > 0x1FF9 && addr < 0x2000)
- NVRAM_PRINTF("%s: 0x%08x <= 0x%08x\n", __func__, addr, retval);
-
- return retval;
-}
-
-void m48t59_toggle_lock (void *opaque, int lock)
-{
- M48t59State *NVRAM = opaque;
-
- NVRAM->lock ^= 1 << lock;
-}
-
-/* IO access to NVRAM */
-static void NVRAM_writeb(void *opaque, hwaddr addr, uint64_t val,
- unsigned size)
-{
- M48t59State *NVRAM = opaque;
-
- NVRAM_PRINTF("%s: 0x%08x => 0x%08x\n", __func__, addr, val);
- switch (addr) {
- case 0:
- NVRAM->addr &= ~0x00FF;
- NVRAM->addr |= val;
- break;
- case 1:
- NVRAM->addr &= ~0xFF00;
- NVRAM->addr |= val << 8;
- break;
- case 3:
- m48t59_write(NVRAM, NVRAM->addr, val);
- NVRAM->addr = 0x0000;
- break;
- default:
- break;
- }
-}
-
-static uint64_t NVRAM_readb(void *opaque, hwaddr addr, unsigned size)
-{
- M48t59State *NVRAM = opaque;
- uint32_t retval;
-
- switch (addr) {
- case 3:
- retval = m48t59_read(NVRAM, NVRAM->addr);
- break;
- default:
- retval = -1;
- break;
- }
- NVRAM_PRINTF("%s: 0x%08x <= 0x%08x\n", __func__, addr, retval);
-
- return retval;
-}
-
-static void nvram_writeb (void *opaque, hwaddr addr, uint32_t value)
-{
- M48t59State *NVRAM = opaque;
-
- m48t59_write(NVRAM, addr, value & 0xff);
-}
-
-static void nvram_writew (void *opaque, hwaddr addr, uint32_t value)
-{
- M48t59State *NVRAM = opaque;
-
- m48t59_write(NVRAM, addr, (value >> 8) & 0xff);
- m48t59_write(NVRAM, addr + 1, value & 0xff);
-}
-
-static void nvram_writel (void *opaque, hwaddr addr, uint32_t value)
-{
- M48t59State *NVRAM = opaque;
-
- m48t59_write(NVRAM, addr, (value >> 24) & 0xff);
- m48t59_write(NVRAM, addr + 1, (value >> 16) & 0xff);
- m48t59_write(NVRAM, addr + 2, (value >> 8) & 0xff);
- m48t59_write(NVRAM, addr + 3, value & 0xff);
-}
-
-static uint32_t nvram_readb (void *opaque, hwaddr addr)
-{
- M48t59State *NVRAM = opaque;
- uint32_t retval;
-
- retval = m48t59_read(NVRAM, addr);
- return retval;
-}
-
-static uint32_t nvram_readw (void *opaque, hwaddr addr)
-{
- M48t59State *NVRAM = opaque;
- uint32_t retval;
-
- retval = m48t59_read(NVRAM, addr) << 8;
- retval |= m48t59_read(NVRAM, addr + 1);
- return retval;
-}
-
-static uint32_t nvram_readl (void *opaque, hwaddr addr)
-{
- M48t59State *NVRAM = opaque;
- uint32_t retval;
-
- retval = m48t59_read(NVRAM, addr) << 24;
- retval |= m48t59_read(NVRAM, addr + 1) << 16;
- retval |= m48t59_read(NVRAM, addr + 2) << 8;
- retval |= m48t59_read(NVRAM, addr + 3);
- return retval;
-}
-
-static const MemoryRegionOps nvram_ops = {
- .old_mmio = {
- .read = { nvram_readb, nvram_readw, nvram_readl, },
- .write = { nvram_writeb, nvram_writew, nvram_writel, },
- },
- .endianness = DEVICE_NATIVE_ENDIAN,
-};
-
-static const VMStateDescription vmstate_m48t59 = {
- .name = "m48t59",
- .version_id = 1,
- .minimum_version_id = 1,
- .minimum_version_id_old = 1,
- .fields = (VMStateField[]) {
- VMSTATE_UINT8(lock, M48t59State),
- VMSTATE_UINT16(addr, M48t59State),
- VMSTATE_VBUFFER_UINT32(buffer, M48t59State, 0, NULL, 0, size),
- VMSTATE_END_OF_LIST()
- }
-};
-
-static void m48t59_reset_common(M48t59State *NVRAM)
-{
- NVRAM->addr = 0;
- NVRAM->lock = 0;
- if (NVRAM->alrm_timer != NULL)
- qemu_del_timer(NVRAM->alrm_timer);
-
- if (NVRAM->wd_timer != NULL)
- qemu_del_timer(NVRAM->wd_timer);
-}
-
-static void m48t59_reset_isa(DeviceState *d)
-{
- M48t59ISAState *isa = container_of(d, M48t59ISAState, busdev.qdev);
- M48t59State *NVRAM = &isa->state;
-
- m48t59_reset_common(NVRAM);
-}
-
-static void m48t59_reset_sysbus(DeviceState *d)
-{
- M48t59SysBusState *sys = container_of(d, M48t59SysBusState, busdev.qdev);
- M48t59State *NVRAM = &sys->state;
-
- m48t59_reset_common(NVRAM);
-}
-
-static const MemoryRegionOps m48t59_io_ops = {
- .read = NVRAM_readb,
- .write = NVRAM_writeb,
- .impl = {
- .min_access_size = 1,
- .max_access_size = 1,
- },
- .endianness = DEVICE_LITTLE_ENDIAN,
-};
-
-/* Initialisation routine */
-M48t59State *m48t59_init(qemu_irq IRQ, hwaddr mem_base,
- uint32_t io_base, uint16_t size, int model)
-{
- DeviceState *dev;
- SysBusDevice *s;
- M48t59SysBusState *d;
- M48t59State *state;
-
- dev = qdev_create(NULL, "m48t59");
- qdev_prop_set_uint32(dev, "model", model);
- qdev_prop_set_uint32(dev, "size", size);
- qdev_prop_set_uint32(dev, "io_base", io_base);
- qdev_init_nofail(dev);
- s = sysbus_from_qdev(dev);
- d = FROM_SYSBUS(M48t59SysBusState, s);
- state = &d->state;
- sysbus_connect_irq(s, 0, IRQ);
- memory_region_init_io(&d->io, &m48t59_io_ops, state, "m48t59", 4);
- if (io_base != 0) {
- memory_region_add_subregion(get_system_io(), io_base, &d->io);
- }
- if (mem_base != 0) {
- sysbus_mmio_map(s, 0, mem_base);
- }
-
- return state;
-}
-
-M48t59State *m48t59_init_isa(ISABus *bus, uint32_t io_base, uint16_t size,
- int model)
-{
- M48t59ISAState *d;
- ISADevice *dev;
- M48t59State *s;
-
- dev = isa_create(bus, "m48t59_isa");
- qdev_prop_set_uint32(&dev->qdev, "model", model);
- qdev_prop_set_uint32(&dev->qdev, "size", size);
- qdev_prop_set_uint32(&dev->qdev, "io_base", io_base);
- qdev_init_nofail(&dev->qdev);
- d = DO_UPCAST(M48t59ISAState, busdev, dev);
- s = &d->state;
-
- memory_region_init_io(&d->io, &m48t59_io_ops, s, "m48t59", 4);
- if (io_base != 0) {
- isa_register_ioport(dev, &d->io, io_base);
- }
-
- return s;
-}
-
-static void m48t59_init_common(M48t59State *s)
-{
- s->buffer = g_malloc0(s->size);
- if (s->model == 59) {
- s->alrm_timer = qemu_new_timer_ns(rtc_clock, &alarm_cb, s);
- s->wd_timer = qemu_new_timer_ns(vm_clock, &watchdog_cb, s);
- }
- qemu_get_timedate(&s->alarm, 0);
-
- vmstate_register(NULL, -1, &vmstate_m48t59, s);
-}
-
-static int m48t59_init_isa1(ISADevice *dev)
-{
- M48t59ISAState *d = DO_UPCAST(M48t59ISAState, busdev, dev);
- M48t59State *s = &d->state;
-
- isa_init_irq(dev, &s->IRQ, 8);
- m48t59_init_common(s);
-
- return 0;
-}
-
-static int m48t59_init1(SysBusDevice *dev)
-{
- M48t59SysBusState *d = FROM_SYSBUS(M48t59SysBusState, dev);
- M48t59State *s = &d->state;
-
- sysbus_init_irq(dev, &s->IRQ);
-
- memory_region_init_io(&s->iomem, &nvram_ops, s, "m48t59.nvram", s->size);
- sysbus_init_mmio(dev, &s->iomem);
- m48t59_init_common(s);
-
- return 0;
-}
-
-static Property m48t59_isa_properties[] = {
- DEFINE_PROP_UINT32("size", M48t59ISAState, state.size, -1),
- DEFINE_PROP_UINT32("model", M48t59ISAState, state.model, -1),
- DEFINE_PROP_HEX32( "io_base", M48t59ISAState, state.io_base, 0),
- DEFINE_PROP_END_OF_LIST(),
-};
-
-static void m48t59_init_class_isa1(ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS(klass);
- ISADeviceClass *ic = ISA_DEVICE_CLASS(klass);
- ic->init = m48t59_init_isa1;
- dc->no_user = 1;
- dc->reset = m48t59_reset_isa;
- dc->props = m48t59_isa_properties;
-}
-
-static TypeInfo m48t59_isa_info = {
- .name = "m48t59_isa",
- .parent = TYPE_ISA_DEVICE,
- .instance_size = sizeof(M48t59ISAState),
- .class_init = m48t59_init_class_isa1,
-};
-
-static Property m48t59_properties[] = {
- DEFINE_PROP_UINT32("size", M48t59SysBusState, state.size, -1),
- DEFINE_PROP_UINT32("model", M48t59SysBusState, state.model, -1),
- DEFINE_PROP_HEX32( "io_base", M48t59SysBusState, state.io_base, 0),
- DEFINE_PROP_END_OF_LIST(),
-};
-
-static void m48t59_class_init(ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS(klass);
- SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
-
- k->init = m48t59_init1;
- dc->reset = m48t59_reset_sysbus;
- dc->props = m48t59_properties;
-}
-
-static TypeInfo m48t59_info = {
- .name = "m48t59",
- .parent = TYPE_SYS_BUS_DEVICE,
- .instance_size = sizeof(M48t59SysBusState),
- .class_init = m48t59_class_init,
-};
-
-static void m48t59_register_types(void)
-{
- type_register_static(&m48t59_info);
- type_register_static(&m48t59_isa_info);
-}
-
-type_init(m48t59_register_types)
diff --git a/hw/m68k/Makefile.objs b/hw/m68k/Makefile.objs
index 93b6d25ba..c4352e783 100644
--- a/hw/m68k/Makefile.objs
+++ b/hw/m68k/Makefile.objs
@@ -1,4 +1,4 @@
-obj-y = an5206.o mcf5206.o mcf_uart.o mcf_intc.o mcf5208.o mcf_fec.o
+obj-y += an5206.o mcf5208.o
obj-y += dummy_m68k.o
-obj-y := $(addprefix ../,$(obj-y))
+obj-y += mcf5206.o mcf_intc.o
diff --git a/hw/m68k/an5206.c b/hw/m68k/an5206.c
new file mode 100644
index 000000000..0c03a87ab
--- /dev/null
+++ b/hw/m68k/an5206.c
@@ -0,0 +1,100 @@
+/*
+ * Arnewsh 5206 ColdFire system emulation.
+ *
+ * Copyright (c) 2007 CodeSourcery.
+ *
+ * This code is licensed under the GPL
+ */
+
+#include "hw/hw.h"
+#include "hw/m68k/mcf.h"
+#include "hw/boards.h"
+#include "hw/loader.h"
+#include "elf.h"
+#include "exec/address-spaces.h"
+
+#define KERNEL_LOAD_ADDR 0x10000
+#define AN5206_MBAR_ADDR 0x10000000
+#define AN5206_RAMBAR_ADDR 0x20000000
+
+/* Board init. */
+
+static void an5206_init(QEMUMachineInitArgs *args)
+{
+ ram_addr_t ram_size = args->ram_size;
+ const char *cpu_model = args->cpu_model;
+ const char *kernel_filename = args->kernel_filename;
+ M68kCPU *cpu;
+ CPUM68KState *env;
+ int kernel_size;
+ uint64_t elf_entry;
+ hwaddr entry;
+ MemoryRegion *address_space_mem = get_system_memory();
+ MemoryRegion *ram = g_new(MemoryRegion, 1);
+ MemoryRegion *sram = g_new(MemoryRegion, 1);
+
+ if (!cpu_model) {
+ cpu_model = "m5206";
+ }
+ cpu = cpu_m68k_init(cpu_model);
+ if (!cpu) {
+ hw_error("Unable to find m68k CPU definition\n");
+ }
+ env = &cpu->env;
+
+ /* Initialize CPU registers. */
+ env->vbr = 0;
+ /* TODO: allow changing MBAR and RAMBAR. */
+ env->mbar = AN5206_MBAR_ADDR | 1;
+ env->rambar0 = AN5206_RAMBAR_ADDR | 1;
+
+ /* DRAM at address zero */
+ memory_region_init_ram(ram, NULL, "an5206.ram", ram_size);
+ vmstate_register_ram_global(ram);
+ memory_region_add_subregion(address_space_mem, 0, ram);
+
+ /* Internal SRAM. */
+ memory_region_init_ram(sram, NULL, "an5206.sram", 512);
+ vmstate_register_ram_global(sram);
+ memory_region_add_subregion(address_space_mem, AN5206_RAMBAR_ADDR, sram);
+
+ mcf5206_init(address_space_mem, AN5206_MBAR_ADDR, cpu);
+
+ /* Load kernel. */
+ if (!kernel_filename) {
+ fprintf(stderr, "Kernel image must be specified\n");
+ exit(1);
+ }
+
+ kernel_size = load_elf(kernel_filename, NULL, NULL, &elf_entry,
+ NULL, NULL, 1, ELF_MACHINE, 0);
+ entry = elf_entry;
+ if (kernel_size < 0) {
+ kernel_size = load_uimage(kernel_filename, &entry, NULL, NULL);
+ }
+ if (kernel_size < 0) {
+ kernel_size = load_image_targphys(kernel_filename, KERNEL_LOAD_ADDR,
+ ram_size - KERNEL_LOAD_ADDR);
+ entry = KERNEL_LOAD_ADDR;
+ }
+ if (kernel_size < 0) {
+ fprintf(stderr, "qemu: could not load kernel '%s'\n", kernel_filename);
+ exit(1);
+ }
+
+ env->pc = entry;
+}
+
+static QEMUMachine an5206_machine = {
+ .name = "an5206",
+ .desc = "Arnewsh 5206",
+ .init = an5206_init,
+ DEFAULT_MACHINE_OPTIONS,
+};
+
+static void an5206_machine_init(void)
+{
+ qemu_register_machine(&an5206_machine);
+}
+
+machine_init(an5206_machine_init);
diff --git a/hw/m68k/dummy_m68k.c b/hw/m68k/dummy_m68k.c
new file mode 100644
index 000000000..f4ed7c6cc
--- /dev/null
+++ b/hw/m68k/dummy_m68k.c
@@ -0,0 +1,84 @@
+/*
+ * Dummy board with just RAM and CPU for use as an ISS.
+ *
+ * Copyright (c) 2007 CodeSourcery.
+ *
+ * This code is licensed under the GPL
+ */
+
+#include "hw/hw.h"
+#include "hw/boards.h"
+#include "hw/loader.h"
+#include "elf.h"
+#include "exec/address-spaces.h"
+
+#define KERNEL_LOAD_ADDR 0x10000
+
+/* Board init. */
+
+static void dummy_m68k_init(QEMUMachineInitArgs *args)
+{
+ ram_addr_t ram_size = args->ram_size;
+ const char *cpu_model = args->cpu_model;
+ const char *kernel_filename = args->kernel_filename;
+ CPUM68KState *env;
+ MemoryRegion *address_space_mem = get_system_memory();
+ MemoryRegion *ram = g_new(MemoryRegion, 1);
+ int kernel_size;
+ uint64_t elf_entry;
+ hwaddr entry;
+
+ if (!cpu_model)
+ cpu_model = "cfv4e";
+ env = cpu_init(cpu_model);
+ if (!env) {
+ fprintf(stderr, "Unable to find m68k CPU definition\n");
+ exit(1);
+ }
+
+ /* Initialize CPU registers. */
+ env->vbr = 0;
+
+ /* RAM at address zero */
+ memory_region_init_ram(ram, NULL, "dummy_m68k.ram", ram_size);
+ vmstate_register_ram_global(ram);
+ memory_region_add_subregion(address_space_mem, 0, ram);
+
+ /* Load kernel. */
+ if (kernel_filename) {
+ kernel_size = load_elf(kernel_filename, NULL, NULL, &elf_entry,
+ NULL, NULL, 1, ELF_MACHINE, 0);
+ entry = elf_entry;
+ if (kernel_size < 0) {
+ kernel_size = load_uimage(kernel_filename, &entry, NULL, NULL);
+ }
+ if (kernel_size < 0) {
+ kernel_size = load_image_targphys(kernel_filename,
+ KERNEL_LOAD_ADDR,
+ ram_size - KERNEL_LOAD_ADDR);
+ entry = KERNEL_LOAD_ADDR;
+ }
+ if (kernel_size < 0) {
+ fprintf(stderr, "qemu: could not load kernel '%s'\n",
+ kernel_filename);
+ exit(1);
+ }
+ } else {
+ entry = 0;
+ }
+ env->pc = entry;
+}
+
+static QEMUMachine dummy_m68k_machine = {
+ .name = "dummy",
+ .desc = "Dummy board",
+ .init = dummy_m68k_init,
+ DEFAULT_MACHINE_OPTIONS,
+};
+
+static void dummy_m68k_machine_init(void)
+{
+ qemu_register_machine(&dummy_m68k_machine);
+}
+
+machine_init(dummy_m68k_machine_init);
diff --git a/hw/m68k/mcf5206.c b/hw/m68k/mcf5206.c
new file mode 100644
index 000000000..1727a4685
--- /dev/null
+++ b/hw/m68k/mcf5206.c
@@ -0,0 +1,548 @@
+/*
+ * Motorola ColdFire MCF5206 SoC embedded peripheral emulation.
+ *
+ * Copyright (c) 2007 CodeSourcery.
+ *
+ * This code is licensed under the GPL
+ */
+#include "hw/hw.h"
+#include "hw/m68k/mcf.h"
+#include "qemu/timer.h"
+#include "hw/ptimer.h"
+#include "sysemu/sysemu.h"
+#include "exec/address-spaces.h"
+
+/* General purpose timer module. */
+typedef struct {
+ uint16_t tmr;
+ uint16_t trr;
+ uint16_t tcr;
+ uint16_t ter;
+ ptimer_state *timer;
+ qemu_irq irq;
+ int irq_state;
+} m5206_timer_state;
+
+#define TMR_RST 0x01
+#define TMR_CLK 0x06
+#define TMR_FRR 0x08
+#define TMR_ORI 0x10
+#define TMR_OM 0x20
+#define TMR_CE 0xc0
+
+#define TER_CAP 0x01
+#define TER_REF 0x02
+
+static void m5206_timer_update(m5206_timer_state *s)
+{
+ if ((s->tmr & TMR_ORI) != 0 && (s->ter & TER_REF))
+ qemu_irq_raise(s->irq);
+ else
+ qemu_irq_lower(s->irq);
+}
+
+static void m5206_timer_reset(m5206_timer_state *s)
+{
+ s->tmr = 0;
+ s->trr = 0;
+}
+
+static void m5206_timer_recalibrate(m5206_timer_state *s)
+{
+ int prescale;
+ int mode;
+
+ ptimer_stop(s->timer);
+
+ if ((s->tmr & TMR_RST) == 0)
+ return;
+
+ prescale = (s->tmr >> 8) + 1;
+ mode = (s->tmr >> 1) & 3;
+ if (mode == 2)
+ prescale *= 16;
+
+ if (mode == 3 || mode == 0)
+ hw_error("m5206_timer: mode %d not implemented\n", mode);
+ if ((s->tmr & TMR_FRR) == 0)
+ hw_error("m5206_timer: free running mode not implemented\n");
+
+ /* Assume 66MHz system clock. */
+ ptimer_set_freq(s->timer, 66000000 / prescale);
+
+ ptimer_set_limit(s->timer, s->trr, 0);
+
+ ptimer_run(s->timer, 0);
+}
+
+static void m5206_timer_trigger(void *opaque)
+{
+ m5206_timer_state *s = (m5206_timer_state *)opaque;
+ s->ter |= TER_REF;
+ m5206_timer_update(s);
+}
+
+static uint32_t m5206_timer_read(m5206_timer_state *s, uint32_t addr)
+{
+ switch (addr) {
+ case 0:
+ return s->tmr;
+ case 4:
+ return s->trr;
+ case 8:
+ return s->tcr;
+ case 0xc:
+ return s->trr - ptimer_get_count(s->timer);
+ case 0x11:
+ return s->ter;
+ default:
+ return 0;
+ }
+}
+
+static void m5206_timer_write(m5206_timer_state *s, uint32_t addr, uint32_t val)
+{
+ switch (addr) {
+ case 0:
+ if ((s->tmr & TMR_RST) != 0 && (val & TMR_RST) == 0) {
+ m5206_timer_reset(s);
+ }
+ s->tmr = val;
+ m5206_timer_recalibrate(s);
+ break;
+ case 4:
+ s->trr = val;
+ m5206_timer_recalibrate(s);
+ break;
+ case 8:
+ s->tcr = val;
+ break;
+ case 0xc:
+ ptimer_set_count(s->timer, val);
+ break;
+ case 0x11:
+ s->ter &= ~val;
+ break;
+ default:
+ break;
+ }
+ m5206_timer_update(s);
+}
+
+static m5206_timer_state *m5206_timer_init(qemu_irq irq)
+{
+ m5206_timer_state *s;
+ QEMUBH *bh;
+
+ s = (m5206_timer_state *)g_malloc0(sizeof(m5206_timer_state));
+ bh = qemu_bh_new(m5206_timer_trigger, s);
+ s->timer = ptimer_init(bh);
+ s->irq = irq;
+ m5206_timer_reset(s);
+ return s;
+}
+
+/* System Integration Module. */
+
+typedef struct {
+ M68kCPU *cpu;
+ MemoryRegion iomem;
+ m5206_timer_state *timer[2];
+ void *uart[2];
+ uint8_t scr;
+ uint8_t icr[14];
+ uint16_t imr; /* 1 == interrupt is masked. */
+ uint16_t ipr;
+ uint8_t rsr;
+ uint8_t swivr;
+ uint8_t par;
+ /* Include the UART vector registers here. */
+ uint8_t uivr[2];
+} m5206_mbar_state;
+
+/* Interrupt controller. */
+
+static int m5206_find_pending_irq(m5206_mbar_state *s)
+{
+ int level;
+ int vector;
+ uint16_t active;
+ int i;
+
+ level = 0;
+ vector = 0;
+ active = s->ipr & ~s->imr;
+ if (!active)
+ return 0;
+
+ for (i = 1; i < 14; i++) {
+ if (active & (1 << i)) {
+ if ((s->icr[i] & 0x1f) > level) {
+ level = s->icr[i] & 0x1f;
+ vector = i;
+ }
+ }
+ }
+
+ if (level < 4)
+ vector = 0;
+
+ return vector;
+}
+
+static void m5206_mbar_update(m5206_mbar_state *s)
+{
+ int irq;
+ int vector;
+ int level;
+
+ irq = m5206_find_pending_irq(s);
+ if (irq) {
+ int tmp;
+ tmp = s->icr[irq];
+ level = (tmp >> 2) & 7;
+ if (tmp & 0x80) {
+ /* Autovector. */
+ vector = 24 + level;
+ } else {
+ switch (irq) {
+ case 8: /* SWT */
+ vector = s->swivr;
+ break;
+ case 12: /* UART1 */
+ vector = s->uivr[0];
+ break;
+ case 13: /* UART2 */
+ vector = s->uivr[1];
+ break;
+ default:
+ /* Unknown vector. */
+ fprintf(stderr, "Unhandled vector for IRQ %d\n", irq);
+ vector = 0xf;
+ break;
+ }
+ }
+ } else {
+ level = 0;
+ vector = 0;
+ }
+ m68k_set_irq_level(s->cpu, level, vector);
+}
+
+static void m5206_mbar_set_irq(void *opaque, int irq, int level)
+{
+ m5206_mbar_state *s = (m5206_mbar_state *)opaque;
+ if (level) {
+ s->ipr |= 1 << irq;
+ } else {
+ s->ipr &= ~(1 << irq);
+ }
+ m5206_mbar_update(s);
+}
+
+/* System Integration Module. */
+
+static void m5206_mbar_reset(m5206_mbar_state *s)
+{
+ s->scr = 0xc0;
+ s->icr[1] = 0x04;
+ s->icr[2] = 0x08;
+ s->icr[3] = 0x0c;
+ s->icr[4] = 0x10;
+ s->icr[5] = 0x14;
+ s->icr[6] = 0x18;
+ s->icr[7] = 0x1c;
+ s->icr[8] = 0x1c;
+ s->icr[9] = 0x80;
+ s->icr[10] = 0x80;
+ s->icr[11] = 0x80;
+ s->icr[12] = 0x00;
+ s->icr[13] = 0x00;
+ s->imr = 0x3ffe;
+ s->rsr = 0x80;
+ s->swivr = 0x0f;
+ s->par = 0;
+}
+
+static uint64_t m5206_mbar_read(m5206_mbar_state *s,
+ uint64_t offset, unsigned size)
+{
+ if (offset >= 0x100 && offset < 0x120) {
+ return m5206_timer_read(s->timer[0], offset - 0x100);
+ } else if (offset >= 0x120 && offset < 0x140) {
+ return m5206_timer_read(s->timer[1], offset - 0x120);
+ } else if (offset >= 0x140 && offset < 0x160) {
+ return mcf_uart_read(s->uart[0], offset - 0x140, size);
+ } else if (offset >= 0x180 && offset < 0x1a0) {
+ return mcf_uart_read(s->uart[1], offset - 0x180, size);
+ }
+ switch (offset) {
+ case 0x03: return s->scr;
+ case 0x14 ... 0x20: return s->icr[offset - 0x13];
+ case 0x36: return s->imr;
+ case 0x3a: return s->ipr;
+ case 0x40: return s->rsr;
+ case 0x41: return 0;
+ case 0x42: return s->swivr;
+ case 0x50:
+ /* DRAM mask register. */
+ /* FIXME: currently hardcoded to 128Mb. */
+ {
+ uint32_t mask = ~0;
+ while (mask > ram_size)
+ mask >>= 1;
+ return mask & 0x0ffe0000;
+ }
+ case 0x5c: return 1; /* DRAM bank 1 empty. */
+ case 0xcb: return s->par;
+ case 0x170: return s->uivr[0];
+ case 0x1b0: return s->uivr[1];
+ }
+ hw_error("Bad MBAR read offset 0x%x", (int)offset);
+ return 0;
+}
+
+static void m5206_mbar_write(m5206_mbar_state *s, uint32_t offset,
+ uint64_t value, unsigned size)
+{
+ if (offset >= 0x100 && offset < 0x120) {
+ m5206_timer_write(s->timer[0], offset - 0x100, value);
+ return;
+ } else if (offset >= 0x120 && offset < 0x140) {
+ m5206_timer_write(s->timer[1], offset - 0x120, value);
+ return;
+ } else if (offset >= 0x140 && offset < 0x160) {
+ mcf_uart_write(s->uart[0], offset - 0x140, value, size);
+ return;
+ } else if (offset >= 0x180 && offset < 0x1a0) {
+ mcf_uart_write(s->uart[1], offset - 0x180, value, size);
+ return;
+ }
+ switch (offset) {
+ case 0x03:
+ s->scr = value;
+ break;
+ case 0x14 ... 0x20:
+ s->icr[offset - 0x13] = value;
+ m5206_mbar_update(s);
+ break;
+ case 0x36:
+ s->imr = value;
+ m5206_mbar_update(s);
+ break;
+ case 0x40:
+ s->rsr &= ~value;
+ break;
+ case 0x41:
+ /* TODO: implement watchdog. */
+ break;
+ case 0x42:
+ s->swivr = value;
+ break;
+ case 0xcb:
+ s->par = value;
+ break;
+ case 0x170:
+ s->uivr[0] = value;
+ break;
+ case 0x178: case 0x17c: case 0x1c8: case 0x1bc:
+ /* Not implemented: UART Output port bits. */
+ break;
+ case 0x1b0:
+ s->uivr[1] = value;
+ break;
+ default:
+ hw_error("Bad MBAR write offset 0x%x", (int)offset);
+ break;
+ }
+}
+
+/* Internal peripherals use a variety of register widths.
+ This lookup table allows a single routine to handle all of them. */
+static const uint8_t m5206_mbar_width[] =
+{
+ /* 000-040 */ 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 2, 2, 2, 2,
+ /* 040-080 */ 1, 2, 2, 2, 4, 1, 2, 4, 1, 2, 4, 2, 2, 4, 2, 2,
+ /* 080-0c0 */ 4, 2, 2, 4, 2, 2, 4, 2, 2, 4, 2, 2, 4, 2, 2, 4,
+ /* 0c0-100 */ 2, 2, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+ /* 100-140 */ 2, 2, 2, 2, 1, 0, 0, 0, 2, 2, 2, 2, 1, 0, 0, 0,
+ /* 140-180 */ 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
+ /* 180-1c0 */ 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
+ /* 1c0-200 */ 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
+};
+
+static uint32_t m5206_mbar_readw(void *opaque, hwaddr offset);
+static uint32_t m5206_mbar_readl(void *opaque, hwaddr offset);
+
+static uint32_t m5206_mbar_readb(void *opaque, hwaddr offset)
+{
+ m5206_mbar_state *s = (m5206_mbar_state *)opaque;
+ offset &= 0x3ff;
+ if (offset >= 0x200) {
+ hw_error("Bad MBAR read offset 0x%x", (int)offset);
+ }
+ if (m5206_mbar_width[offset >> 2] > 1) {
+ uint16_t val;
+ val = m5206_mbar_readw(opaque, offset & ~1);
+ if ((offset & 1) == 0) {
+ val >>= 8;
+ }
+ return val & 0xff;
+ }
+ return m5206_mbar_read(s, offset, 1);
+}
+
+static uint32_t m5206_mbar_readw(void *opaque, hwaddr offset)
+{
+ m5206_mbar_state *s = (m5206_mbar_state *)opaque;
+ int width;
+ offset &= 0x3ff;
+ if (offset >= 0x200) {
+ hw_error("Bad MBAR read offset 0x%x", (int)offset);
+ }
+ width = m5206_mbar_width[offset >> 2];
+ if (width > 2) {
+ uint32_t val;
+ val = m5206_mbar_readl(opaque, offset & ~3);
+ if ((offset & 3) == 0)
+ val >>= 16;
+ return val & 0xffff;
+ } else if (width < 2) {
+ uint16_t val;
+ val = m5206_mbar_readb(opaque, offset) << 8;
+ val |= m5206_mbar_readb(opaque, offset + 1);
+ return val;
+ }
+ return m5206_mbar_read(s, offset, 2);
+}
+
+static uint32_t m5206_mbar_readl(void *opaque, hwaddr offset)
+{
+ m5206_mbar_state *s = (m5206_mbar_state *)opaque;
+ int width;
+ offset &= 0x3ff;
+ if (offset >= 0x200) {
+ hw_error("Bad MBAR read offset 0x%x", (int)offset);
+ }
+ width = m5206_mbar_width[offset >> 2];
+ if (width < 4) {
+ uint32_t val;
+ val = m5206_mbar_readw(opaque, offset) << 16;
+ val |= m5206_mbar_readw(opaque, offset + 2);
+ return val;
+ }
+ return m5206_mbar_read(s, offset, 4);
+}
+
+static void m5206_mbar_writew(void *opaque, hwaddr offset,
+ uint32_t value);
+static void m5206_mbar_writel(void *opaque, hwaddr offset,
+ uint32_t value);
+
+static void m5206_mbar_writeb(void *opaque, hwaddr offset,
+ uint32_t value)
+{
+ m5206_mbar_state *s = (m5206_mbar_state *)opaque;
+ int width;
+ offset &= 0x3ff;
+ if (offset >= 0x200) {
+ hw_error("Bad MBAR write offset 0x%x", (int)offset);
+ }
+ width = m5206_mbar_width[offset >> 2];
+ if (width > 1) {
+ uint32_t tmp;
+ tmp = m5206_mbar_readw(opaque, offset & ~1);
+ if (offset & 1) {
+ tmp = (tmp & 0xff00) | value;
+ } else {
+ tmp = (tmp & 0x00ff) | (value << 8);
+ }
+ m5206_mbar_writew(opaque, offset & ~1, tmp);
+ return;
+ }
+ m5206_mbar_write(s, offset, value, 1);
+}
+
+static void m5206_mbar_writew(void *opaque, hwaddr offset,
+ uint32_t value)
+{
+ m5206_mbar_state *s = (m5206_mbar_state *)opaque;
+ int width;
+ offset &= 0x3ff;
+ if (offset >= 0x200) {
+ hw_error("Bad MBAR write offset 0x%x", (int)offset);
+ }
+ width = m5206_mbar_width[offset >> 2];
+ if (width > 2) {
+ uint32_t tmp;
+ tmp = m5206_mbar_readl(opaque, offset & ~3);
+ if (offset & 3) {
+ tmp = (tmp & 0xffff0000) | value;
+ } else {
+ tmp = (tmp & 0x0000ffff) | (value << 16);
+ }
+ m5206_mbar_writel(opaque, offset & ~3, tmp);
+ return;
+ } else if (width < 2) {
+ m5206_mbar_writeb(opaque, offset, value >> 8);
+ m5206_mbar_writeb(opaque, offset + 1, value & 0xff);
+ return;
+ }
+ m5206_mbar_write(s, offset, value, 2);
+}
+
+static void m5206_mbar_writel(void *opaque, hwaddr offset,
+ uint32_t value)
+{
+ m5206_mbar_state *s = (m5206_mbar_state *)opaque;
+ int width;
+ offset &= 0x3ff;
+ if (offset >= 0x200) {
+ hw_error("Bad MBAR write offset 0x%x", (int)offset);
+ }
+ width = m5206_mbar_width[offset >> 2];
+ if (width < 4) {
+ m5206_mbar_writew(opaque, offset, value >> 16);
+ m5206_mbar_writew(opaque, offset + 2, value & 0xffff);
+ return;
+ }
+ m5206_mbar_write(s, offset, value, 4);
+}
+
+static const MemoryRegionOps m5206_mbar_ops = {
+ .old_mmio = {
+ .read = {
+ m5206_mbar_readb,
+ m5206_mbar_readw,
+ m5206_mbar_readl,
+ },
+ .write = {
+ m5206_mbar_writeb,
+ m5206_mbar_writew,
+ m5206_mbar_writel,
+ },
+ },
+ .endianness = DEVICE_NATIVE_ENDIAN,
+};
+
+qemu_irq *mcf5206_init(MemoryRegion *sysmem, uint32_t base, M68kCPU *cpu)
+{
+ m5206_mbar_state *s;
+ qemu_irq *pic;
+
+ s = (m5206_mbar_state *)g_malloc0(sizeof(m5206_mbar_state));
+
+ memory_region_init_io(&s->iomem, NULL, &m5206_mbar_ops, s,
+ "mbar", 0x00001000);
+ memory_region_add_subregion(sysmem, base, &s->iomem);
+
+ pic = qemu_allocate_irqs(m5206_mbar_set_irq, s, 14);
+ s->timer[0] = m5206_timer_init(pic[9]);
+ s->timer[1] = m5206_timer_init(pic[10]);
+ s->uart[0] = mcf_uart_init(pic[12], serial_hds[0]);
+ s->uart[1] = mcf_uart_init(pic[13], serial_hds[1]);
+ s->cpu = cpu;
+
+ m5206_mbar_reset(s);
+ return pic;
+}
diff --git a/hw/m68k/mcf5208.c b/hw/m68k/mcf5208.c
new file mode 100644
index 000000000..9cf000f4c
--- /dev/null
+++ b/hw/m68k/mcf5208.c
@@ -0,0 +1,306 @@
+/*
+ * Motorola ColdFire MCF5208 SoC emulation.
+ *
+ * Copyright (c) 2007 CodeSourcery.
+ *
+ * This code is licensed under the GPL
+ */
+#include "hw/hw.h"
+#include "hw/m68k/mcf.h"
+#include "qemu/timer.h"
+#include "hw/ptimer.h"
+#include "sysemu/sysemu.h"
+#include "net/net.h"
+#include "hw/boards.h"
+#include "hw/loader.h"
+#include "elf.h"
+#include "exec/address-spaces.h"
+
+#define SYS_FREQ 66000000
+
+#define PCSR_EN 0x0001
+#define PCSR_RLD 0x0002
+#define PCSR_PIF 0x0004
+#define PCSR_PIE 0x0008
+#define PCSR_OVW 0x0010
+#define PCSR_DBG 0x0020
+#define PCSR_DOZE 0x0040
+#define PCSR_PRE_SHIFT 8
+#define PCSR_PRE_MASK 0x0f00
+
+typedef struct {
+ MemoryRegion iomem;
+ qemu_irq irq;
+ ptimer_state *timer;
+ uint16_t pcsr;
+ uint16_t pmr;
+ uint16_t pcntr;
+} m5208_timer_state;
+
+static void m5208_timer_update(m5208_timer_state *s)
+{
+ if ((s->pcsr & (PCSR_PIE | PCSR_PIF)) == (PCSR_PIE | PCSR_PIF))
+ qemu_irq_raise(s->irq);
+ else
+ qemu_irq_lower(s->irq);
+}
+
+static void m5208_timer_write(void *opaque, hwaddr offset,
+ uint64_t value, unsigned size)
+{
+ m5208_timer_state *s = (m5208_timer_state *)opaque;
+ int prescale;
+ int limit;
+ switch (offset) {
+ case 0:
+ /* The PIF bit is set-to-clear. */
+ if (value & PCSR_PIF) {
+ s->pcsr &= ~PCSR_PIF;
+ value &= ~PCSR_PIF;
+ }
+ /* Avoid frobbing the timer if we're just twiddling IRQ bits. */
+ if (((s->pcsr ^ value) & ~PCSR_PIE) == 0) {
+ s->pcsr = value;
+ m5208_timer_update(s);
+ return;
+ }
+
+ if (s->pcsr & PCSR_EN)
+ ptimer_stop(s->timer);
+
+ s->pcsr = value;
+
+ prescale = 1 << ((s->pcsr & PCSR_PRE_MASK) >> PCSR_PRE_SHIFT);
+ ptimer_set_freq(s->timer, (SYS_FREQ / 2) / prescale);
+ if (s->pcsr & PCSR_RLD)
+ limit = s->pmr;
+ else
+ limit = 0xffff;
+ ptimer_set_limit(s->timer, limit, 0);
+
+ if (s->pcsr & PCSR_EN)
+ ptimer_run(s->timer, 0);
+ break;
+ case 2:
+ s->pmr = value;
+ s->pcsr &= ~PCSR_PIF;
+ if ((s->pcsr & PCSR_RLD) == 0) {
+ if (s->pcsr & PCSR_OVW)
+ ptimer_set_count(s->timer, value);
+ } else {
+ ptimer_set_limit(s->timer, value, s->pcsr & PCSR_OVW);
+ }
+ break;
+ case 4:
+ break;
+ default:
+ hw_error("m5208_timer_write: Bad offset 0x%x\n", (int)offset);
+ break;
+ }
+ m5208_timer_update(s);
+}
+
+static void m5208_timer_trigger(void *opaque)
+{
+ m5208_timer_state *s = (m5208_timer_state *)opaque;
+ s->pcsr |= PCSR_PIF;
+ m5208_timer_update(s);
+}
+
+static uint64_t m5208_timer_read(void *opaque, hwaddr addr,
+ unsigned size)
+{
+ m5208_timer_state *s = (m5208_timer_state *)opaque;
+ switch (addr) {
+ case 0:
+ return s->pcsr;
+ case 2:
+ return s->pmr;
+ case 4:
+ return ptimer_get_count(s->timer);
+ default:
+ hw_error("m5208_timer_read: Bad offset 0x%x\n", (int)addr);
+ return 0;
+ }
+}
+
+static const MemoryRegionOps m5208_timer_ops = {
+ .read = m5208_timer_read,
+ .write = m5208_timer_write,
+ .endianness = DEVICE_NATIVE_ENDIAN,
+};
+
+static uint64_t m5208_sys_read(void *opaque, hwaddr addr,
+ unsigned size)
+{
+ switch (addr) {
+ case 0x110: /* SDCS0 */
+ {
+ int n;
+ for (n = 0; n < 32; n++) {
+ if (ram_size < (2u << n))
+ break;
+ }
+ return (n - 1) | 0x40000000;
+ }
+ case 0x114: /* SDCS1 */
+ return 0;
+
+ default:
+ hw_error("m5208_sys_read: Bad offset 0x%x\n", (int)addr);
+ return 0;
+ }
+}
+
+static void m5208_sys_write(void *opaque, hwaddr addr,
+ uint64_t value, unsigned size)
+{
+ hw_error("m5208_sys_write: Bad offset 0x%x\n", (int)addr);
+}
+
+static const MemoryRegionOps m5208_sys_ops = {
+ .read = m5208_sys_read,
+ .write = m5208_sys_write,
+ .endianness = DEVICE_NATIVE_ENDIAN,
+};
+
+static void mcf5208_sys_init(MemoryRegion *address_space, qemu_irq *pic)
+{
+ MemoryRegion *iomem = g_new(MemoryRegion, 1);
+ m5208_timer_state *s;
+ QEMUBH *bh;
+ int i;
+
+ /* SDRAMC. */
+ memory_region_init_io(iomem, NULL, &m5208_sys_ops, NULL, "m5208-sys", 0x00004000);
+ memory_region_add_subregion(address_space, 0xfc0a8000, iomem);
+ /* Timers. */
+ for (i = 0; i < 2; i++) {
+ s = (m5208_timer_state *)g_malloc0(sizeof(m5208_timer_state));
+ bh = qemu_bh_new(m5208_timer_trigger, s);
+ s->timer = ptimer_init(bh);
+ memory_region_init_io(&s->iomem, NULL, &m5208_timer_ops, s,
+ "m5208-timer", 0x00004000);
+ memory_region_add_subregion(address_space, 0xfc080000 + 0x4000 * i,
+ &s->iomem);
+ s->irq = pic[4 + i];
+ }
+}
+
+static void mcf5208evb_init(QEMUMachineInitArgs *args)
+{
+ ram_addr_t ram_size = args->ram_size;
+ const char *cpu_model = args->cpu_model;
+ const char *kernel_filename = args->kernel_filename;
+ M68kCPU *cpu;
+ CPUM68KState *env;
+ int kernel_size;
+ uint64_t elf_entry;
+ hwaddr entry;
+ qemu_irq *pic;
+ MemoryRegion *address_space_mem = get_system_memory();
+ MemoryRegion *ram = g_new(MemoryRegion, 1);
+ MemoryRegion *sram = g_new(MemoryRegion, 1);
+
+ if (!cpu_model) {
+ cpu_model = "m5208";
+ }
+ cpu = cpu_m68k_init(cpu_model);
+ if (!cpu) {
+ fprintf(stderr, "Unable to find m68k CPU definition\n");
+ exit(1);
+ }
+ env = &cpu->env;
+
+ /* Initialize CPU registers. */
+ env->vbr = 0;
+ /* TODO: Configure BARs. */
+
+ /* DRAM at 0x40000000 */
+ memory_region_init_ram(ram, NULL, "mcf5208.ram", ram_size);
+ vmstate_register_ram_global(ram);
+ memory_region_add_subregion(address_space_mem, 0x40000000, ram);
+
+ /* Internal SRAM. */
+ memory_region_init_ram(sram, NULL, "mcf5208.sram", 16384);
+ vmstate_register_ram_global(sram);
+ memory_region_add_subregion(address_space_mem, 0x80000000, sram);
+
+ /* Internal peripherals. */
+ pic = mcf_intc_init(address_space_mem, 0xfc048000, cpu);
+
+ mcf_uart_mm_init(address_space_mem, 0xfc060000, pic[26], serial_hds[0]);
+ mcf_uart_mm_init(address_space_mem, 0xfc064000, pic[27], serial_hds[1]);
+ mcf_uart_mm_init(address_space_mem, 0xfc068000, pic[28], serial_hds[2]);
+
+ mcf5208_sys_init(address_space_mem, pic);
+
+ if (nb_nics > 1) {
+ fprintf(stderr, "Too many NICs\n");
+ exit(1);
+ }
+ if (nd_table[0].used)
+ mcf_fec_init(address_space_mem, &nd_table[0],
+ 0xfc030000, pic + 36);
+
+ /* 0xfc000000 SCM. */
+ /* 0xfc004000 XBS. */
+ /* 0xfc008000 FlexBus CS. */
+ /* 0xfc030000 FEC. */
+ /* 0xfc040000 SCM + Power management. */
+ /* 0xfc044000 eDMA. */
+ /* 0xfc048000 INTC. */
+ /* 0xfc058000 I2C. */
+ /* 0xfc05c000 QSPI. */
+ /* 0xfc060000 UART0. */
+ /* 0xfc064000 UART0. */
+ /* 0xfc068000 UART0. */
+ /* 0xfc070000 DMA timers. */
+ /* 0xfc080000 PIT0. */
+ /* 0xfc084000 PIT1. */
+ /* 0xfc088000 EPORT. */
+ /* 0xfc08c000 Watchdog. */
+ /* 0xfc090000 clock module. */
+ /* 0xfc0a0000 CCM + reset. */
+ /* 0xfc0a4000 GPIO. */
+ /* 0xfc0a8000 SDRAM controller. */
+
+ /* Load kernel. */
+ if (!kernel_filename) {
+ fprintf(stderr, "Kernel image must be specified\n");
+ exit(1);
+ }
+
+ kernel_size = load_elf(kernel_filename, NULL, NULL, &elf_entry,
+ NULL, NULL, 1, ELF_MACHINE, 0);
+ entry = elf_entry;
+ if (kernel_size < 0) {
+ kernel_size = load_uimage(kernel_filename, &entry, NULL, NULL);
+ }
+ if (kernel_size < 0) {
+ kernel_size = load_image_targphys(kernel_filename, 0x40000000,
+ ram_size);
+ entry = 0x40000000;
+ }
+ if (kernel_size < 0) {
+ fprintf(stderr, "qemu: could not load kernel '%s'\n", kernel_filename);
+ exit(1);
+ }
+
+ env->pc = entry;
+}
+
+static QEMUMachine mcf5208evb_machine = {
+ .name = "mcf5208evb",
+ .desc = "MCF5206EVB",
+ .init = mcf5208evb_init,
+ .is_default = 1,
+ DEFAULT_MACHINE_OPTIONS,
+};
+
+static void mcf5208evb_machine_init(void)
+{
+ qemu_register_machine(&mcf5208evb_machine);
+}
+
+machine_init(mcf5208evb_machine_init);
diff --git a/hw/m68k/mcf_intc.c b/hw/m68k/mcf_intc.c
new file mode 100644
index 000000000..621423c3e
--- /dev/null
+++ b/hw/m68k/mcf_intc.c
@@ -0,0 +1,154 @@
+/*
+ * ColdFire Interrupt Controller emulation.
+ *
+ * Copyright (c) 2007 CodeSourcery.
+ *
+ * This code is licensed under the GPL
+ */
+#include "hw/hw.h"
+#include "hw/m68k/mcf.h"
+#include "exec/address-spaces.h"
+
+typedef struct {
+ MemoryRegion iomem;
+ uint64_t ipr;
+ uint64_t imr;
+ uint64_t ifr;
+ uint64_t enabled;
+ uint8_t icr[64];
+ M68kCPU *cpu;
+ int active_vector;
+} mcf_intc_state;
+
+static void mcf_intc_update(mcf_intc_state *s)
+{
+ uint64_t active;
+ int i;
+ int best;
+ int best_level;
+
+ active = (s->ipr | s->ifr) & s->enabled & ~s->imr;
+ best_level = 0;
+ best = 64;
+ if (active) {
+ for (i = 0; i < 64; i++) {
+ if ((active & 1) != 0 && s->icr[i] >= best_level) {
+ best_level = s->icr[i];
+ best = i;
+ }
+ active >>= 1;
+ }
+ }
+ s->active_vector = ((best == 64) ? 24 : (best + 64));
+ m68k_set_irq_level(s->cpu, best_level, s->active_vector);
+}
+
+static uint64_t mcf_intc_read(void *opaque, hwaddr addr,
+ unsigned size)
+{
+ int offset;
+ mcf_intc_state *s = (mcf_intc_state *)opaque;
+ offset = addr & 0xff;
+ if (offset >= 0x40 && offset < 0x80) {
+ return s->icr[offset - 0x40];
+ }
+ switch (offset) {
+ case 0x00:
+ return (uint32_t)(s->ipr >> 32);
+ case 0x04:
+ return (uint32_t)s->ipr;
+ case 0x08:
+ return (uint32_t)(s->imr >> 32);
+ case 0x0c:
+ return (uint32_t)s->imr;
+ case 0x10:
+ return (uint32_t)(s->ifr >> 32);
+ case 0x14:
+ return (uint32_t)s->ifr;
+ case 0xe0: /* SWIACK. */
+ return s->active_vector;
+ case 0xe1: case 0xe2: case 0xe3: case 0xe4:
+ case 0xe5: case 0xe6: case 0xe7:
+ /* LnIACK */
+ hw_error("mcf_intc_read: LnIACK not implemented\n");
+ default:
+ return 0;
+ }
+}
+
+static void mcf_intc_write(void *opaque, hwaddr addr,
+ uint64_t val, unsigned size)
+{
+ int offset;
+ mcf_intc_state *s = (mcf_intc_state *)opaque;
+ offset = addr & 0xff;
+ if (offset >= 0x40 && offset < 0x80) {
+ int n = offset - 0x40;
+ s->icr[n] = val;
+ if (val == 0)
+ s->enabled &= ~(1ull << n);
+ else
+ s->enabled |= (1ull << n);
+ mcf_intc_update(s);
+ return;
+ }
+ switch (offset) {
+ case 0x00: case 0x04:
+ /* Ignore IPR writes. */
+ return;
+ case 0x08:
+ s->imr = (s->imr & 0xffffffff) | ((uint64_t)val << 32);
+ break;
+ case 0x0c:
+ s->imr = (s->imr & 0xffffffff00000000ull) | (uint32_t)val;
+ break;
+ default:
+ hw_error("mcf_intc_write: Bad write offset %d\n", offset);
+ break;
+ }
+ mcf_intc_update(s);
+}
+
+static void mcf_intc_set_irq(void *opaque, int irq, int level)
+{
+ mcf_intc_state *s = (mcf_intc_state *)opaque;
+ if (irq >= 64)
+ return;
+ if (level)
+ s->ipr |= 1ull << irq;
+ else
+ s->ipr &= ~(1ull << irq);
+ mcf_intc_update(s);
+}
+
+static void mcf_intc_reset(mcf_intc_state *s)
+{
+ s->imr = ~0ull;
+ s->ipr = 0;
+ s->ifr = 0;
+ s->enabled = 0;
+ memset(s->icr, 0, 64);
+ s->active_vector = 24;
+}
+
+static const MemoryRegionOps mcf_intc_ops = {
+ .read = mcf_intc_read,
+ .write = mcf_intc_write,
+ .endianness = DEVICE_NATIVE_ENDIAN,
+};
+
+qemu_irq *mcf_intc_init(MemoryRegion *sysmem,
+ hwaddr base,
+ M68kCPU *cpu)
+{
+ mcf_intc_state *s;
+
+ s = g_malloc0(sizeof(mcf_intc_state));
+ s->cpu = cpu;
+ mcf_intc_reset(s);
+
+ memory_region_init_io(&s->iomem, NULL, &mcf_intc_ops, s, "mcf", 0x100);
+ memory_region_add_subregion(sysmem, base, &s->iomem);
+
+ return qemu_allocate_irqs(mcf_intc_set_irq, s, 64);
+}
diff --git a/hw/mac_dbdma.c b/hw/mac_dbdma.c
deleted file mode 100644
index e551156af..000000000
--- a/hw/mac_dbdma.c
+++ /dev/null
@@ -1,854 +0,0 @@
-/*
- * PowerMac descriptor-based DMA emulation
- *
- * Copyright (c) 2005-2007 Fabrice Bellard
- * Copyright (c) 2007 Jocelyn Mayer
- * Copyright (c) 2009 Laurent Vivier
- *
- * some parts from linux-2.6.28, arch/powerpc/include/asm/dbdma.h
- *
- * Definitions for using the Apple Descriptor-Based DMA controller
- * in Power Macintosh computers.
- *
- * Copyright (C) 1996 Paul Mackerras.
- *
- * some parts from mol 0.9.71
- *
- * Descriptor based DMA emulation
- *
- * Copyright (C) 1998-2004 Samuel Rydh (samuel@ibrium.se)
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
- * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
- * THE SOFTWARE.
- */
-#include "hw.h"
-#include "isa.h"
-#include "mac_dbdma.h"
-
-/* debug DBDMA */
-//#define DEBUG_DBDMA
-
-#ifdef DEBUG_DBDMA
-#define DBDMA_DPRINTF(fmt, ...) \
- do { printf("DBDMA: " fmt , ## __VA_ARGS__); } while (0)
-#else
-#define DBDMA_DPRINTF(fmt, ...)
-#endif
-
-/*
- */
-
-/*
- * DBDMA control/status registers. All little-endian.
- */
-
-#define DBDMA_CONTROL 0x00
-#define DBDMA_STATUS 0x01
-#define DBDMA_CMDPTR_HI 0x02
-#define DBDMA_CMDPTR_LO 0x03
-#define DBDMA_INTR_SEL 0x04
-#define DBDMA_BRANCH_SEL 0x05
-#define DBDMA_WAIT_SEL 0x06
-#define DBDMA_XFER_MODE 0x07
-#define DBDMA_DATA2PTR_HI 0x08
-#define DBDMA_DATA2PTR_LO 0x09
-#define DBDMA_RES1 0x0A
-#define DBDMA_ADDRESS_HI 0x0B
-#define DBDMA_BRANCH_ADDR_HI 0x0C
-#define DBDMA_RES2 0x0D
-#define DBDMA_RES3 0x0E
-#define DBDMA_RES4 0x0F
-
-#define DBDMA_REGS 16
-#define DBDMA_SIZE (DBDMA_REGS * sizeof(uint32_t))
-
-#define DBDMA_CHANNEL_SHIFT 7
-#define DBDMA_CHANNEL_SIZE (1 << DBDMA_CHANNEL_SHIFT)
-
-#define DBDMA_CHANNELS (0x1000 >> DBDMA_CHANNEL_SHIFT)
-
-/* Bits in control and status registers */
-
-#define RUN 0x8000
-#define PAUSE 0x4000
-#define FLUSH 0x2000
-#define WAKE 0x1000
-#define DEAD 0x0800
-#define ACTIVE 0x0400
-#define BT 0x0100
-#define DEVSTAT 0x00ff
-
-/*
- * DBDMA command structure. These fields are all little-endian!
- */
-
-typedef struct dbdma_cmd {
- uint16_t req_count; /* requested byte transfer count */
- uint16_t command; /* command word (has bit-fields) */
- uint32_t phy_addr; /* physical data address */
- uint32_t cmd_dep; /* command-dependent field */
- uint16_t res_count; /* residual count after completion */
- uint16_t xfer_status; /* transfer status */
-} dbdma_cmd;
-
-/* DBDMA command values in command field */
-
-#define COMMAND_MASK 0xf000
-#define OUTPUT_MORE 0x0000 /* transfer memory data to stream */
-#define OUTPUT_LAST 0x1000 /* ditto followed by end marker */
-#define INPUT_MORE 0x2000 /* transfer stream data to memory */
-#define INPUT_LAST 0x3000 /* ditto, expect end marker */
-#define STORE_WORD 0x4000 /* write word (4 bytes) to device reg */
-#define LOAD_WORD 0x5000 /* read word (4 bytes) from device reg */
-#define DBDMA_NOP 0x6000 /* do nothing */
-#define DBDMA_STOP 0x7000 /* suspend processing */
-
-/* Key values in command field */
-
-#define KEY_MASK 0x0700
-#define KEY_STREAM0 0x0000 /* usual data stream */
-#define KEY_STREAM1 0x0100 /* control/status stream */
-#define KEY_STREAM2 0x0200 /* device-dependent stream */
-#define KEY_STREAM3 0x0300 /* device-dependent stream */
-#define KEY_STREAM4 0x0400 /* reserved */
-#define KEY_REGS 0x0500 /* device register space */
-#define KEY_SYSTEM 0x0600 /* system memory-mapped space */
-#define KEY_DEVICE 0x0700 /* device memory-mapped space */
-
-/* Interrupt control values in command field */
-
-#define INTR_MASK 0x0030
-#define INTR_NEVER 0x0000 /* don't interrupt */
-#define INTR_IFSET 0x0010 /* intr if condition bit is 1 */
-#define INTR_IFCLR 0x0020 /* intr if condition bit is 0 */
-#define INTR_ALWAYS 0x0030 /* always interrupt */
-
-/* Branch control values in command field */
-
-#define BR_MASK 0x000c
-#define BR_NEVER 0x0000 /* don't branch */
-#define BR_IFSET 0x0004 /* branch if condition bit is 1 */
-#define BR_IFCLR 0x0008 /* branch if condition bit is 0 */
-#define BR_ALWAYS 0x000c /* always branch */
-
-/* Wait control values in command field */
-
-#define WAIT_MASK 0x0003
-#define WAIT_NEVER 0x0000 /* don't wait */
-#define WAIT_IFSET 0x0001 /* wait if condition bit is 1 */
-#define WAIT_IFCLR 0x0002 /* wait if condition bit is 0 */
-#define WAIT_ALWAYS 0x0003 /* always wait */
-
-typedef struct DBDMA_channel {
- int channel;
- uint32_t regs[DBDMA_REGS];
- qemu_irq irq;
- DBDMA_io io;
- DBDMA_rw rw;
- DBDMA_flush flush;
- dbdma_cmd current;
- int processing;
-} DBDMA_channel;
-
-typedef struct {
- MemoryRegion mem;
- DBDMA_channel channels[DBDMA_CHANNELS];
-} DBDMAState;
-
-#ifdef DEBUG_DBDMA
-static void dump_dbdma_cmd(dbdma_cmd *cmd)
-{
- printf("dbdma_cmd %p\n", cmd);
- printf(" req_count 0x%04x\n", le16_to_cpu(cmd->req_count));
- printf(" command 0x%04x\n", le16_to_cpu(cmd->command));
- printf(" phy_addr 0x%08x\n", le32_to_cpu(cmd->phy_addr));
- printf(" cmd_dep 0x%08x\n", le32_to_cpu(cmd->cmd_dep));
- printf(" res_count 0x%04x\n", le16_to_cpu(cmd->res_count));
- printf(" xfer_status 0x%04x\n", le16_to_cpu(cmd->xfer_status));
-}
-#else
-static void dump_dbdma_cmd(dbdma_cmd *cmd)
-{
-}
-#endif
-static void dbdma_cmdptr_load(DBDMA_channel *ch)
-{
- DBDMA_DPRINTF("dbdma_cmdptr_load 0x%08x\n",
- ch->regs[DBDMA_CMDPTR_LO]);
- cpu_physical_memory_read(ch->regs[DBDMA_CMDPTR_LO],
- (uint8_t*)&ch->current, sizeof(dbdma_cmd));
-}
-
-static void dbdma_cmdptr_save(DBDMA_channel *ch)
-{
- DBDMA_DPRINTF("dbdma_cmdptr_save 0x%08x\n",
- ch->regs[DBDMA_CMDPTR_LO]);
- DBDMA_DPRINTF("xfer_status 0x%08x res_count 0x%04x\n",
- le16_to_cpu(ch->current.xfer_status),
- le16_to_cpu(ch->current.res_count));
- cpu_physical_memory_write(ch->regs[DBDMA_CMDPTR_LO],
- (uint8_t*)&ch->current, sizeof(dbdma_cmd));
-}
-
-static void kill_channel(DBDMA_channel *ch)
-{
- DBDMA_DPRINTF("kill_channel\n");
-
- ch->regs[DBDMA_STATUS] |= DEAD;
- ch->regs[DBDMA_STATUS] &= ~ACTIVE;
-
- qemu_irq_raise(ch->irq);
-}
-
-static void conditional_interrupt(DBDMA_channel *ch)
-{
- dbdma_cmd *current = &ch->current;
- uint16_t intr;
- uint16_t sel_mask, sel_value;
- uint32_t status;
- int cond;
-
- DBDMA_DPRINTF("conditional_interrupt\n");
-
- intr = le16_to_cpu(current->command) & INTR_MASK;
-
- switch(intr) {
- case INTR_NEVER: /* don't interrupt */
- return;
- case INTR_ALWAYS: /* always interrupt */
- qemu_irq_raise(ch->irq);
- return;
- }
-
- status = ch->regs[DBDMA_STATUS] & DEVSTAT;
-
- sel_mask = (ch->regs[DBDMA_INTR_SEL] >> 16) & 0x0f;
- sel_value = ch->regs[DBDMA_INTR_SEL] & 0x0f;
-
- cond = (status & sel_mask) == (sel_value & sel_mask);
-
- switch(intr) {
- case INTR_IFSET: /* intr if condition bit is 1 */
- if (cond)
- qemu_irq_raise(ch->irq);
- return;
- case INTR_IFCLR: /* intr if condition bit is 0 */
- if (!cond)
- qemu_irq_raise(ch->irq);
- return;
- }
-}
-
-static int conditional_wait(DBDMA_channel *ch)
-{
- dbdma_cmd *current = &ch->current;
- uint16_t wait;
- uint16_t sel_mask, sel_value;
- uint32_t status;
- int cond;
-
- DBDMA_DPRINTF("conditional_wait\n");
-
- wait = le16_to_cpu(current->command) & WAIT_MASK;
-
- switch(wait) {
- case WAIT_NEVER: /* don't wait */
- return 0;
- case WAIT_ALWAYS: /* always wait */
- return 1;
- }
-
- status = ch->regs[DBDMA_STATUS] & DEVSTAT;
-
- sel_mask = (ch->regs[DBDMA_WAIT_SEL] >> 16) & 0x0f;
- sel_value = ch->regs[DBDMA_WAIT_SEL] & 0x0f;
-
- cond = (status & sel_mask) == (sel_value & sel_mask);
-
- switch(wait) {
- case WAIT_IFSET: /* wait if condition bit is 1 */
- if (cond)
- return 1;
- return 0;
- case WAIT_IFCLR: /* wait if condition bit is 0 */
- if (!cond)
- return 1;
- return 0;
- }
- return 0;
-}
-
-static void next(DBDMA_channel *ch)
-{
- uint32_t cp;
-
- ch->regs[DBDMA_STATUS] &= ~BT;
-
- cp = ch->regs[DBDMA_CMDPTR_LO];
- ch->regs[DBDMA_CMDPTR_LO] = cp + sizeof(dbdma_cmd);
- dbdma_cmdptr_load(ch);
-}
-
-static void branch(DBDMA_channel *ch)
-{
- dbdma_cmd *current = &ch->current;
-
- ch->regs[DBDMA_CMDPTR_LO] = current->cmd_dep;
- ch->regs[DBDMA_STATUS] |= BT;
- dbdma_cmdptr_load(ch);
-}
-
-static void conditional_branch(DBDMA_channel *ch)
-{
- dbdma_cmd *current = &ch->current;
- uint16_t br;
- uint16_t sel_mask, sel_value;
- uint32_t status;
- int cond;
-
- DBDMA_DPRINTF("conditional_branch\n");
-
- /* check if we must branch */
-
- br = le16_to_cpu(current->command) & BR_MASK;
-
- switch(br) {
- case BR_NEVER: /* don't branch */
- next(ch);
- return;
- case BR_ALWAYS: /* always branch */
- branch(ch);
- return;
- }
-
- status = ch->regs[DBDMA_STATUS] & DEVSTAT;
-
- sel_mask = (ch->regs[DBDMA_BRANCH_SEL] >> 16) & 0x0f;
- sel_value = ch->regs[DBDMA_BRANCH_SEL] & 0x0f;
-
- cond = (status & sel_mask) == (sel_value & sel_mask);
-
- switch(br) {
- case BR_IFSET: /* branch if condition bit is 1 */
- if (cond)
- branch(ch);
- else
- next(ch);
- return;
- case BR_IFCLR: /* branch if condition bit is 0 */
- if (!cond)
- branch(ch);
- else
- next(ch);
- return;
- }
-}
-
-static QEMUBH *dbdma_bh;
-static void channel_run(DBDMA_channel *ch);
-
-static void dbdma_end(DBDMA_io *io)
-{
- DBDMA_channel *ch = io->channel;
- dbdma_cmd *current = &ch->current;
-
- if (conditional_wait(ch))
- goto wait;
-
- current->xfer_status = cpu_to_le16(ch->regs[DBDMA_STATUS]);
- current->res_count = cpu_to_le16(io->len);
- dbdma_cmdptr_save(ch);
- if (io->is_last)
- ch->regs[DBDMA_STATUS] &= ~FLUSH;
-
- conditional_interrupt(ch);
- conditional_branch(ch);
-
-wait:
- ch->processing = 0;
- if ((ch->regs[DBDMA_STATUS] & RUN) &&
- (ch->regs[DBDMA_STATUS] & ACTIVE))
- channel_run(ch);
-}
-
-static void start_output(DBDMA_channel *ch, int key, uint32_t addr,
- uint16_t req_count, int is_last)
-{
- DBDMA_DPRINTF("start_output\n");
-
- /* KEY_REGS, KEY_DEVICE and KEY_STREAM
- * are not implemented in the mac-io chip
- */
-
- DBDMA_DPRINTF("addr 0x%x key 0x%x\n", addr, key);
- if (!addr || key > KEY_STREAM3) {
- kill_channel(ch);
- return;
- }
-
- ch->io.addr = addr;
- ch->io.len = req_count;
- ch->io.is_last = is_last;
- ch->io.dma_end = dbdma_end;
- ch->io.is_dma_out = 1;
- ch->processing = 1;
- if (ch->rw) {
- ch->rw(&ch->io);
- }
-}
-
-static void start_input(DBDMA_channel *ch, int key, uint32_t addr,
- uint16_t req_count, int is_last)
-{
- DBDMA_DPRINTF("start_input\n");
-
- /* KEY_REGS, KEY_DEVICE and KEY_STREAM
- * are not implemented in the mac-io chip
- */
-
- if (!addr || key > KEY_STREAM3) {
- kill_channel(ch);
- return;
- }
-
- ch->io.addr = addr;
- ch->io.len = req_count;
- ch->io.is_last = is_last;
- ch->io.dma_end = dbdma_end;
- ch->io.is_dma_out = 0;
- ch->processing = 1;
- if (ch->rw) {
- ch->rw(&ch->io);
- }
-}
-
-static void load_word(DBDMA_channel *ch, int key, uint32_t addr,
- uint16_t len)
-{
- dbdma_cmd *current = &ch->current;
- uint32_t val;
-
- DBDMA_DPRINTF("load_word\n");
-
- /* only implements KEY_SYSTEM */
-
- if (key != KEY_SYSTEM) {
- printf("DBDMA: LOAD_WORD, unimplemented key %x\n", key);
- kill_channel(ch);
- return;
- }
-
- cpu_physical_memory_read(addr, (uint8_t*)&val, len);
-
- if (len == 2)
- val = (val << 16) | (current->cmd_dep & 0x0000ffff);
- else if (len == 1)
- val = (val << 24) | (current->cmd_dep & 0x00ffffff);
-
- current->cmd_dep = val;
-
- if (conditional_wait(ch))
- goto wait;
-
- current->xfer_status = cpu_to_le16(ch->regs[DBDMA_STATUS]);
- dbdma_cmdptr_save(ch);
- ch->regs[DBDMA_STATUS] &= ~FLUSH;
-
- conditional_interrupt(ch);
- next(ch);
-
-wait:
- qemu_bh_schedule(dbdma_bh);
-}
-
-static void store_word(DBDMA_channel *ch, int key, uint32_t addr,
- uint16_t len)
-{
- dbdma_cmd *current = &ch->current;
- uint32_t val;
-
- DBDMA_DPRINTF("store_word\n");
-
- /* only implements KEY_SYSTEM */
-
- if (key != KEY_SYSTEM) {
- printf("DBDMA: STORE_WORD, unimplemented key %x\n", key);
- kill_channel(ch);
- return;
- }
-
- val = current->cmd_dep;
- if (len == 2)
- val >>= 16;
- else if (len == 1)
- val >>= 24;
-
- cpu_physical_memory_write(addr, (uint8_t*)&val, len);
-
- if (conditional_wait(ch))
- goto wait;
-
- current->xfer_status = cpu_to_le16(ch->regs[DBDMA_STATUS]);
- dbdma_cmdptr_save(ch);
- ch->regs[DBDMA_STATUS] &= ~FLUSH;
-
- conditional_interrupt(ch);
- next(ch);
-
-wait:
- qemu_bh_schedule(dbdma_bh);
-}
-
-static void nop(DBDMA_channel *ch)
-{
- dbdma_cmd *current = &ch->current;
-
- if (conditional_wait(ch))
- goto wait;
-
- current->xfer_status = cpu_to_le16(ch->regs[DBDMA_STATUS]);
- dbdma_cmdptr_save(ch);
-
- conditional_interrupt(ch);
- conditional_branch(ch);
-
-wait:
- qemu_bh_schedule(dbdma_bh);
-}
-
-static void stop(DBDMA_channel *ch)
-{
- ch->regs[DBDMA_STATUS] &= ~(ACTIVE|DEAD|FLUSH);
-
- /* the stop command does not increment command pointer */
-}
-
-static void channel_run(DBDMA_channel *ch)
-{
- dbdma_cmd *current = &ch->current;
- uint16_t cmd, key;
- uint16_t req_count;
- uint32_t phy_addr;
-
- DBDMA_DPRINTF("channel_run\n");
- dump_dbdma_cmd(current);
-
- /* clear WAKE flag at command fetch */
-
- ch->regs[DBDMA_STATUS] &= ~WAKE;
-
- cmd = le16_to_cpu(current->command) & COMMAND_MASK;
-
- switch (cmd) {
- case DBDMA_NOP:
- nop(ch);
- return;
-
- case DBDMA_STOP:
- stop(ch);
- return;
- }
-
- key = le16_to_cpu(current->command) & 0x0700;
- req_count = le16_to_cpu(current->req_count);
- phy_addr = le32_to_cpu(current->phy_addr);
-
- if (key == KEY_STREAM4) {
- printf("command %x, invalid key 4\n", cmd);
- kill_channel(ch);
- return;
- }
-
- switch (cmd) {
- case OUTPUT_MORE:
- start_output(ch, key, phy_addr, req_count, 0);
- return;
-
- case OUTPUT_LAST:
- start_output(ch, key, phy_addr, req_count, 1);
- return;
-
- case INPUT_MORE:
- start_input(ch, key, phy_addr, req_count, 0);
- return;
-
- case INPUT_LAST:
- start_input(ch, key, phy_addr, req_count, 1);
- return;
- }
-
- if (key < KEY_REGS) {
- printf("command %x, invalid key %x\n", cmd, key);
- key = KEY_SYSTEM;
- }
-
- /* for LOAD_WORD and STORE_WORD, req_count is on 3 bits
- * and BRANCH is invalid
- */
-
- req_count = req_count & 0x0007;
- if (req_count & 0x4) {
- req_count = 4;
- phy_addr &= ~3;
- } else if (req_count & 0x2) {
- req_count = 2;
- phy_addr &= ~1;
- } else
- req_count = 1;
-
- switch (cmd) {
- case LOAD_WORD:
- load_word(ch, key, phy_addr, req_count);
- return;
-
- case STORE_WORD:
- store_word(ch, key, phy_addr, req_count);
- return;
- }
-}
-
-static void DBDMA_run(DBDMAState *s)
-{
- int channel;
-
- for (channel = 0; channel < DBDMA_CHANNELS; channel++) {
- DBDMA_channel *ch = &s->channels[channel];
- uint32_t status = ch->regs[DBDMA_STATUS];
- if (!ch->processing && (status & RUN) && (status & ACTIVE)) {
- channel_run(ch);
- }
- }
-}
-
-static void DBDMA_run_bh(void *opaque)
-{
- DBDMAState *s = opaque;
-
- DBDMA_DPRINTF("DBDMA_run_bh\n");
-
- DBDMA_run(s);
-}
-
-void DBDMA_register_channel(void *dbdma, int nchan, qemu_irq irq,
- DBDMA_rw rw, DBDMA_flush flush,
- void *opaque)
-{
- DBDMAState *s = dbdma;
- DBDMA_channel *ch = &s->channels[nchan];
-
- DBDMA_DPRINTF("DBDMA_register_channel 0x%x\n", nchan);
-
- ch->irq = irq;
- ch->channel = nchan;
- ch->rw = rw;
- ch->flush = flush;
- ch->io.opaque = opaque;
- ch->io.channel = ch;
-}
-
-static void
-dbdma_control_write(DBDMA_channel *ch)
-{
- uint16_t mask, value;
- uint32_t status;
-
- mask = (ch->regs[DBDMA_CONTROL] >> 16) & 0xffff;
- value = ch->regs[DBDMA_CONTROL] & 0xffff;
-
- value &= (RUN | PAUSE | FLUSH | WAKE | DEVSTAT);
-
- status = ch->regs[DBDMA_STATUS];
-
- status = (value & mask) | (status & ~mask);
-
- if (status & WAKE)
- status |= ACTIVE;
- if (status & RUN) {
- status |= ACTIVE;
- status &= ~DEAD;
- }
- if (status & PAUSE)
- status &= ~ACTIVE;
- if ((ch->regs[DBDMA_STATUS] & RUN) && !(status & RUN)) {
- /* RUN is cleared */
- status &= ~(ACTIVE|DEAD);
- }
-
- DBDMA_DPRINTF(" status 0x%08x\n", status);
-
- ch->regs[DBDMA_STATUS] = status;
-
- if (status & ACTIVE)
- qemu_bh_schedule(dbdma_bh);
- if ((status & FLUSH) && ch->flush)
- ch->flush(&ch->io);
-}
-
-static void dbdma_write(void *opaque, hwaddr addr,
- uint64_t value, unsigned size)
-{
- int channel = addr >> DBDMA_CHANNEL_SHIFT;
- DBDMAState *s = opaque;
- DBDMA_channel *ch = &s->channels[channel];
- int reg = (addr - (channel << DBDMA_CHANNEL_SHIFT)) >> 2;
-
- DBDMA_DPRINTF("writel 0x" TARGET_FMT_plx " <= 0x%08x\n", addr, value);
- DBDMA_DPRINTF("channel 0x%x reg 0x%x\n",
- (uint32_t)addr >> DBDMA_CHANNEL_SHIFT, reg);
-
- /* cmdptr cannot be modified if channel is RUN or ACTIVE */
-
- if (reg == DBDMA_CMDPTR_LO &&
- (ch->regs[DBDMA_STATUS] & (RUN | ACTIVE)))
- return;
-
- ch->regs[reg] = value;
-
- switch(reg) {
- case DBDMA_CONTROL:
- dbdma_control_write(ch);
- break;
- case DBDMA_CMDPTR_LO:
- /* 16-byte aligned */
- ch->regs[DBDMA_CMDPTR_LO] &= ~0xf;
- dbdma_cmdptr_load(ch);
- break;
- case DBDMA_STATUS:
- case DBDMA_INTR_SEL:
- case DBDMA_BRANCH_SEL:
- case DBDMA_WAIT_SEL:
- /* nothing to do */
- break;
- case DBDMA_XFER_MODE:
- case DBDMA_CMDPTR_HI:
- case DBDMA_DATA2PTR_HI:
- case DBDMA_DATA2PTR_LO:
- case DBDMA_ADDRESS_HI:
- case DBDMA_BRANCH_ADDR_HI:
- case DBDMA_RES1:
- case DBDMA_RES2:
- case DBDMA_RES3:
- case DBDMA_RES4:
- /* unused */
- break;
- }
-}
-
-static uint64_t dbdma_read(void *opaque, hwaddr addr,
- unsigned size)
-{
- uint32_t value;
- int channel = addr >> DBDMA_CHANNEL_SHIFT;
- DBDMAState *s = opaque;
- DBDMA_channel *ch = &s->channels[channel];
- int reg = (addr - (channel << DBDMA_CHANNEL_SHIFT)) >> 2;
-
- value = ch->regs[reg];
-
- DBDMA_DPRINTF("readl 0x" TARGET_FMT_plx " => 0x%08x\n", addr, value);
- DBDMA_DPRINTF("channel 0x%x reg 0x%x\n",
- (uint32_t)addr >> DBDMA_CHANNEL_SHIFT, reg);
-
- switch(reg) {
- case DBDMA_CONTROL:
- value = 0;
- break;
- case DBDMA_STATUS:
- case DBDMA_CMDPTR_LO:
- case DBDMA_INTR_SEL:
- case DBDMA_BRANCH_SEL:
- case DBDMA_WAIT_SEL:
- /* nothing to do */
- break;
- case DBDMA_XFER_MODE:
- case DBDMA_CMDPTR_HI:
- case DBDMA_DATA2PTR_HI:
- case DBDMA_DATA2PTR_LO:
- case DBDMA_ADDRESS_HI:
- case DBDMA_BRANCH_ADDR_HI:
- /* unused */
- value = 0;
- break;
- case DBDMA_RES1:
- case DBDMA_RES2:
- case DBDMA_RES3:
- case DBDMA_RES4:
- /* reserved */
- break;
- }
-
- return value;
-}
-
-static const MemoryRegionOps dbdma_ops = {
- .read = dbdma_read,
- .write = dbdma_write,
- .endianness = DEVICE_LITTLE_ENDIAN,
- .valid = {
- .min_access_size = 4,
- .max_access_size = 4,
- },
-};
-
-static const VMStateDescription vmstate_dbdma_channel = {
- .name = "dbdma_channel",
- .version_id = 0,
- .minimum_version_id = 0,
- .minimum_version_id_old = 0,
- .fields = (VMStateField[]) {
- VMSTATE_UINT32_ARRAY(regs, struct DBDMA_channel, DBDMA_REGS),
- VMSTATE_END_OF_LIST()
- }
-};
-
-static const VMStateDescription vmstate_dbdma = {
- .name = "dbdma",
- .version_id = 2,
- .minimum_version_id = 2,
- .minimum_version_id_old = 2,
- .fields = (VMStateField[]) {
- VMSTATE_STRUCT_ARRAY(channels, DBDMAState, DBDMA_CHANNELS, 1,
- vmstate_dbdma_channel, DBDMA_channel),
- VMSTATE_END_OF_LIST()
- }
-};
-
-static void dbdma_reset(void *opaque)
-{
- DBDMAState *s = opaque;
- int i;
-
- for (i = 0; i < DBDMA_CHANNELS; i++)
- memset(s->channels[i].regs, 0, DBDMA_SIZE);
-}
-
-void* DBDMA_init (MemoryRegion **dbdma_mem)
-{
- DBDMAState *s;
-
- s = g_malloc0(sizeof(DBDMAState));
-
- memory_region_init_io(&s->mem, &dbdma_ops, s, "dbdma", 0x1000);
- *dbdma_mem = &s->mem;
- vmstate_register(NULL, -1, &vmstate_dbdma, s);
- qemu_register_reset(dbdma_reset, s);
-
- dbdma_bh = qemu_bh_new(DBDMA_run_bh, s);
-
- return s;
-}
diff --git a/hw/mac_dbdma.h b/hw/mac_dbdma.h
deleted file mode 100644
index bfdb0ddc6..000000000
--- a/hw/mac_dbdma.h
+++ /dev/null
@@ -1,44 +0,0 @@
-/*
- * Copyright (c) 2009 Laurent Vivier
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
- * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
- * THE SOFTWARE.
- */
-
-#include "memory.h"
-
-typedef struct DBDMA_io DBDMA_io;
-
-typedef void (*DBDMA_flush)(DBDMA_io *io);
-typedef void (*DBDMA_rw)(DBDMA_io *io);
-typedef void (*DBDMA_end)(DBDMA_io *io);
-struct DBDMA_io {
- void *opaque;
- void *channel;
- hwaddr addr;
- int len;
- int is_last;
- int is_dma_out;
- DBDMA_end dma_end;
-};
-
-
-void DBDMA_register_channel(void *dbdma, int nchan, qemu_irq irq,
- DBDMA_rw rw, DBDMA_flush flush,
- void *opaque);
-void* DBDMA_init (MemoryRegion **dbdma_mem);
diff --git a/hw/mac_nvram.c b/hw/mac_nvram.c
deleted file mode 100644
index a0d14dd3c..000000000
--- a/hw/mac_nvram.c
+++ /dev/null
@@ -1,178 +0,0 @@
-/*
- * PowerMac NVRAM emulation
- *
- * Copyright (c) 2005-2007 Fabrice Bellard
- * Copyright (c) 2007 Jocelyn Mayer
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
- * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
- * THE SOFTWARE.
- */
-#include "hw.h"
-#include "firmware_abi.h"
-#include "sysemu.h"
-#include "ppc_mac.h"
-
-/* debug NVR */
-//#define DEBUG_NVR
-
-#ifdef DEBUG_NVR
-#define NVR_DPRINTF(fmt, ...) \
- do { printf("NVR: " fmt , ## __VA_ARGS__); } while (0)
-#else
-#define NVR_DPRINTF(fmt, ...)
-#endif
-
-struct MacIONVRAMState {
- uint32_t size;
- MemoryRegion mem;
- unsigned int it_shift;
- uint8_t *data;
-};
-
-#define DEF_SYSTEM_SIZE 0xc10
-
-/* Direct access to NVRAM */
-uint32_t macio_nvram_read (void *opaque, uint32_t addr)
-{
- MacIONVRAMState *s = opaque;
- uint32_t ret;
-
- if (addr < s->size)
- ret = s->data[addr];
- else
- ret = -1;
- NVR_DPRINTF("read addr %04x val %x\n", addr, ret);
-
- return ret;
-}
-
-void macio_nvram_write (void *opaque, uint32_t addr, uint32_t val)
-{
- MacIONVRAMState *s = opaque;
-
- NVR_DPRINTF("write addr %04x val %x\n", addr, val);
- if (addr < s->size)
- s->data[addr] = val;
-}
-
-/* macio style NVRAM device */
-static void macio_nvram_writeb(void *opaque, hwaddr addr,
- uint64_t value, unsigned size)
-{
- MacIONVRAMState *s = opaque;
-
- addr = (addr >> s->it_shift) & (s->size - 1);
- s->data[addr] = value;
- NVR_DPRINTF("writeb addr %04x val %x\n", (int)addr, value);
-}
-
-static uint64_t macio_nvram_readb(void *opaque, hwaddr addr,
- unsigned size)
-{
- MacIONVRAMState *s = opaque;
- uint32_t value;
-
- addr = (addr >> s->it_shift) & (s->size - 1);
- value = s->data[addr];
- NVR_DPRINTF("readb addr %04x val %x\n", (int)addr, value);
-
- return value;
-}
-
-static const MemoryRegionOps macio_nvram_ops = {
- .read = macio_nvram_readb,
- .write = macio_nvram_writeb,
- .endianness = DEVICE_NATIVE_ENDIAN,
-};
-
-static const VMStateDescription vmstate_macio_nvram = {
- .name = "macio_nvram",
- .version_id = 1,
- .minimum_version_id = 1,
- .minimum_version_id_old = 1,
- .fields = (VMStateField[]) {
- VMSTATE_VBUFFER_UINT32(data, MacIONVRAMState, 0, NULL, 0, size),
- VMSTATE_END_OF_LIST()
- }
-};
-
-
-static void macio_nvram_reset(void *opaque)
-{
-}
-
-MacIONVRAMState *macio_nvram_init (hwaddr size,
- unsigned int it_shift)
-{
- MacIONVRAMState *s;
-
- s = g_malloc0(sizeof(MacIONVRAMState));
- s->data = g_malloc0(size);
- s->size = size;
- s->it_shift = it_shift;
-
- memory_region_init_io(&s->mem, &macio_nvram_ops, s, "macio-nvram",
- size << it_shift);
- vmstate_register(NULL, -1, &vmstate_macio_nvram, s);
- qemu_register_reset(macio_nvram_reset, s);
-
- return s;
-}
-
-void macio_nvram_setup_bar(MacIONVRAMState *s, MemoryRegion *bar,
- hwaddr mem_base)
-{
- memory_region_add_subregion(bar, mem_base, &s->mem);
-}
-
-/* Set up a system OpenBIOS NVRAM partition */
-void pmac_format_nvram_partition (MacIONVRAMState *nvr, int len)
-{
- unsigned int i;
- uint32_t start = 0, end;
- struct OpenBIOS_nvpart_v1 *part_header;
-
- // OpenBIOS nvram variables
- // Variable partition
- part_header = (struct OpenBIOS_nvpart_v1 *)nvr->data;
- part_header->signature = OPENBIOS_PART_SYSTEM;
- pstrcpy(part_header->name, sizeof(part_header->name), "system");
-
- end = start + sizeof(struct OpenBIOS_nvpart_v1);
- for (i = 0; i < nb_prom_envs; i++)
- end = OpenBIOS_set_var(nvr->data, end, prom_envs[i]);
-
- // End marker
- nvr->data[end++] = '\0';
-
- end = start + ((end - start + 15) & ~15);
- /* XXX: OpenBIOS is not able to grow up a partition. Leave some space for
- new variables. */
- if (end < DEF_SYSTEM_SIZE)
- end = DEF_SYSTEM_SIZE;
- OpenBIOS_finish_partition(part_header, end - start);
-
- // free partition
- start = end;
- part_header = (struct OpenBIOS_nvpart_v1 *)&nvr->data[start];
- part_header->signature = OPENBIOS_PART_FREE;
- pstrcpy(part_header->name, sizeof(part_header->name), "free");
-
- end = len;
- OpenBIOS_finish_partition(part_header, end - start);
-}
diff --git a/hw/macio.c b/hw/macio.c
deleted file mode 100644
index eb15b890b..000000000
--- a/hw/macio.c
+++ /dev/null
@@ -1,140 +0,0 @@
-/*
- * PowerMac MacIO device emulation
- *
- * Copyright (c) 2005-2007 Fabrice Bellard
- * Copyright (c) 2007 Jocelyn Mayer
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
- * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
- * THE SOFTWARE.
- */
-#include "hw.h"
-#include "ppc_mac.h"
-#include "pci.h"
-#include "escc.h"
-
-typedef struct MacIOState
-{
- PCIDevice parent;
- int is_oldworld;
- MemoryRegion bar;
- MemoryRegion *pic_mem;
- MemoryRegion *dbdma_mem;
- MemoryRegion *cuda_mem;
- MemoryRegion *escc_mem;
- void *nvram;
- int nb_ide;
- MemoryRegion *ide_mem[4];
-} MacIOState;
-
-static void macio_bar_setup(MacIOState *macio_state)
-{
- int i;
- MemoryRegion *bar = &macio_state->bar;
-
- memory_region_init(bar, "macio", 0x80000);
- if (macio_state->pic_mem) {
- if (macio_state->is_oldworld) {
- /* Heathrow PIC */
- memory_region_add_subregion(bar, 0x00000, macio_state->pic_mem);
- } else {
- /* OpenPIC */
- memory_region_add_subregion(bar, 0x40000, macio_state->pic_mem);
- }
- }
- if (macio_state->dbdma_mem) {
- memory_region_add_subregion(bar, 0x08000, macio_state->dbdma_mem);
- }
- if (macio_state->escc_mem) {
- memory_region_add_subregion(bar, 0x13000, macio_state->escc_mem);
- }
- if (macio_state->cuda_mem) {
- memory_region_add_subregion(bar, 0x16000, macio_state->cuda_mem);
- }
- for (i = 0; i < macio_state->nb_ide; i++) {
- if (macio_state->ide_mem[i]) {
- memory_region_add_subregion(bar, 0x1f000 + (i * 0x1000),
- macio_state->ide_mem[i]);
- }
- }
- if (macio_state->nvram != NULL)
- macio_nvram_setup_bar(macio_state->nvram, bar, 0x60000);
-}
-
-static int macio_initfn(PCIDevice *d)
-{
- d->config[0x3d] = 0x01; // interrupt on pin 1
- return 0;
-}
-
-static void macio_class_init(ObjectClass *klass, void *data)
-{
- PCIDeviceClass *k = PCI_DEVICE_CLASS(klass);
-
- k->init = macio_initfn;
- k->vendor_id = PCI_VENDOR_ID_APPLE;
- k->class_id = PCI_CLASS_OTHERS << 8;
-}
-
-static TypeInfo macio_info = {
- .name = "macio",
- .parent = TYPE_PCI_DEVICE,
- .instance_size = sizeof(MacIOState),
- .class_init = macio_class_init,
-};
-
-static void macio_register_types(void)
-{
- type_register_static(&macio_info);
-}
-
-type_init(macio_register_types)
-
-void macio_init (PCIBus *bus, int device_id, int is_oldworld,
- MemoryRegion *pic_mem, MemoryRegion *dbdma_mem,
- MemoryRegion *cuda_mem, void *nvram,
- int nb_ide, MemoryRegion **ide_mem,
- MemoryRegion *escc_mem)
-{
- PCIDevice *d;
- MacIOState *macio_state;
- int i;
-
- d = pci_create_simple(bus, -1, "macio");
-
- macio_state = DO_UPCAST(MacIOState, parent, d);
- macio_state->is_oldworld = is_oldworld;
- macio_state->pic_mem = pic_mem;
- macio_state->dbdma_mem = dbdma_mem;
- macio_state->cuda_mem = cuda_mem;
- macio_state->escc_mem = escc_mem;
- macio_state->nvram = nvram;
- if (nb_ide > 4)
- nb_ide = 4;
- macio_state->nb_ide = nb_ide;
- for (i = 0; i < nb_ide; i++)
- macio_state->ide_mem[i] = ide_mem[i];
- for (; i < 4; i++)
- macio_state->ide_mem[i] = NULL;
- /* Note: this code is strongly inspirated from the corresponding code
- in PearPC */
-
- pci_config_set_device_id(d->config, device_id);
-
- macio_bar_setup(macio_state);
- pci_register_bar(d, 0, PCI_BASE_ADDRESS_SPACE_MEMORY, &macio_state->bar);
-}
diff --git a/hw/mainstone.c b/hw/mainstone.c
deleted file mode 100644
index 5bbecb730..000000000
--- a/hw/mainstone.c
+++ /dev/null
@@ -1,189 +0,0 @@
-/*
- * PXA270-based Intel Mainstone platforms.
- *
- * Copyright (c) 2007 by Armin Kuster <akuster@kama-aina.net> or
- * <akuster@mvista.com>
- *
- * Code based on spitz platform by Andrzej Zaborowski <balrog@zabor.org>
- *
- * This code is licensed under the GNU GPL v2.
- *
- * Contributions after 2012-01-13 are licensed under the terms of the
- * GNU GPL, version 2 or (at your option) any later version.
- */
-#include "hw.h"
-#include "pxa.h"
-#include "arm-misc.h"
-#include "net.h"
-#include "devices.h"
-#include "boards.h"
-#include "flash.h"
-#include "blockdev.h"
-#include "sysbus.h"
-#include "exec-memory.h"
-
-/* Device addresses */
-#define MST_FPGA_PHYS 0x08000000
-#define MST_ETH_PHYS 0x10000300
-#define MST_FLASH_0 0x00000000
-#define MST_FLASH_1 0x04000000
-
-/* IRQ definitions */
-#define MMC_IRQ 0
-#define USIM_IRQ 1
-#define USBC_IRQ 2
-#define ETHERNET_IRQ 3
-#define AC97_IRQ 4
-#define PEN_IRQ 5
-#define MSINS_IRQ 6
-#define EXBRD_IRQ 7
-#define S0_CD_IRQ 9
-#define S0_STSCHG_IRQ 10
-#define S0_IRQ 11
-#define S1_CD_IRQ 13
-#define S1_STSCHG_IRQ 14
-#define S1_IRQ 15
-
-static struct keymap map[0xE0] = {
- [0 ... 0xDF] = { -1, -1 },
- [0x1e] = {0,0}, /* a */
- [0x30] = {0,1}, /* b */
- [0x2e] = {0,2}, /* c */
- [0x20] = {0,3}, /* d */
- [0x12] = {0,4}, /* e */
- [0x21] = {0,5}, /* f */
- [0x22] = {1,0}, /* g */
- [0x23] = {1,1}, /* h */
- [0x17] = {1,2}, /* i */
- [0x24] = {1,3}, /* j */
- [0x25] = {1,4}, /* k */
- [0x26] = {1,5}, /* l */
- [0x32] = {2,0}, /* m */
- [0x31] = {2,1}, /* n */
- [0x18] = {2,2}, /* o */
- [0x19] = {2,3}, /* p */
- [0x10] = {2,4}, /* q */
- [0x13] = {2,5}, /* r */
- [0x1f] = {3,0}, /* s */
- [0x14] = {3,1}, /* t */
- [0x16] = {3,2}, /* u */
- [0x2f] = {3,3}, /* v */
- [0x11] = {3,4}, /* w */
- [0x2d] = {3,5}, /* x */
- [0x15] = {4,2}, /* y */
- [0x2c] = {4,3}, /* z */
- [0xc7] = {5,0}, /* Home */
- [0x2a] = {5,1}, /* shift */
- [0x39] = {5,2}, /* space */
- [0x39] = {5,3}, /* space */
- [0x1c] = {5,5}, /* enter */
- [0xc8] = {6,0}, /* up */
- [0xd0] = {6,1}, /* down */
- [0xcb] = {6,2}, /* left */
- [0xcd] = {6,3}, /* right */
-};
-
-enum mainstone_model_e { mainstone };
-
-#define MAINSTONE_RAM 0x04000000
-#define MAINSTONE_ROM 0x00800000
-#define MAINSTONE_FLASH 0x02000000
-
-static struct arm_boot_info mainstone_binfo = {
- .loader_start = PXA2XX_SDRAM_BASE,
- .ram_size = 0x04000000,
-};
-
-static void mainstone_common_init(MemoryRegion *address_space_mem,
- QEMUMachineInitArgs *args,
- enum mainstone_model_e model, int arm_id)
-{
- uint32_t sector_len = 256 * 1024;
- hwaddr mainstone_flash_base[] = { MST_FLASH_0, MST_FLASH_1 };
- PXA2xxState *mpu;
- DeviceState *mst_irq;
- DriveInfo *dinfo;
- int i;
- int be;
- MemoryRegion *rom = g_new(MemoryRegion, 1);
- const char *cpu_model = args->cpu_model;
-
- if (!cpu_model)
- cpu_model = "pxa270-c5";
-
- /* Setup CPU & memory */
- mpu = pxa270_init(address_space_mem, mainstone_binfo.ram_size, cpu_model);
- memory_region_init_ram(rom, "mainstone.rom", MAINSTONE_ROM);
- vmstate_register_ram_global(rom);
- memory_region_set_readonly(rom, true);
- memory_region_add_subregion(address_space_mem, 0, rom);
-
-#ifdef TARGET_WORDS_BIGENDIAN
- be = 1;
-#else
- be = 0;
-#endif
- /* There are two 32MiB flash devices on the board */
- for (i = 0; i < 2; i ++) {
- dinfo = drive_get(IF_PFLASH, 0, i);
- if (!dinfo) {
- fprintf(stderr, "Two flash images must be given with the "
- "'pflash' parameter\n");
- exit(1);
- }
-
- if (!pflash_cfi01_register(mainstone_flash_base[i], NULL,
- i ? "mainstone.flash1" : "mainstone.flash0",
- MAINSTONE_FLASH,
- dinfo->bdrv, sector_len,
- MAINSTONE_FLASH / sector_len, 4, 0, 0, 0, 0,
- be)) {
- fprintf(stderr, "qemu: Error registering flash memory.\n");
- exit(1);
- }
- }
-
- mst_irq = sysbus_create_simple("mainstone-fpga", MST_FPGA_PHYS,
- qdev_get_gpio_in(mpu->gpio, 0));
-
- /* setup keypad */
- printf("map addr %p\n", &map);
- pxa27x_register_keypad(mpu->kp, map, 0xe0);
-
- /* MMC/SD host */
- pxa2xx_mmci_handlers(mpu->mmc, NULL, qdev_get_gpio_in(mst_irq, MMC_IRQ));
-
- pxa2xx_pcmcia_set_irq_cb(mpu->pcmcia[0],
- qdev_get_gpio_in(mst_irq, S0_IRQ),
- qdev_get_gpio_in(mst_irq, S0_CD_IRQ));
- pxa2xx_pcmcia_set_irq_cb(mpu->pcmcia[1],
- qdev_get_gpio_in(mst_irq, S1_IRQ),
- qdev_get_gpio_in(mst_irq, S1_CD_IRQ));
-
- smc91c111_init(&nd_table[0], MST_ETH_PHYS,
- qdev_get_gpio_in(mst_irq, ETHERNET_IRQ));
-
- mainstone_binfo.kernel_filename = args->kernel_filename;
- mainstone_binfo.kernel_cmdline = args->kernel_cmdline;
- mainstone_binfo.initrd_filename = args->initrd_filename;
- mainstone_binfo.board_id = arm_id;
- arm_load_kernel(mpu->cpu, &mainstone_binfo);
-}
-
-static void mainstone_init(QEMUMachineInitArgs *args)
-{
- mainstone_common_init(get_system_memory(), args, mainstone, 0x196);
-}
-
-static QEMUMachine mainstone2_machine = {
- .name = "mainstone",
- .desc = "Mainstone II (PXA27x)",
- .init = mainstone_init,
-};
-
-static void mainstone_machine_init(void)
-{
- qemu_register_machine(&mainstone2_machine);
-}
-
-machine_init(mainstone_machine_init);
diff --git a/hw/marvell_88w8618_audio.c b/hw/marvell_88w8618_audio.c
deleted file mode 100644
index de16cfa09..000000000
--- a/hw/marvell_88w8618_audio.c
+++ /dev/null
@@ -1,303 +0,0 @@
-/*
- * Marvell 88w8618 audio emulation extracted from
- * Marvell MV88w8618 / Freecom MusicPal emulation.
- *
- * Copyright (c) 2008 Jan Kiszka
- *
- * This code is licensed under the GNU GPL v2.
- *
- * Contributions after 2012-01-13 are licensed under the terms of the
- * GNU GPL, version 2 or (at your option) any later version.
- */
-#include "sysbus.h"
-#include "hw.h"
-#include "i2c.h"
-#include "sysbus.h"
-#include "audio/audio.h"
-
-#define MP_AUDIO_SIZE 0x00001000
-
-/* Audio register offsets */
-#define MP_AUDIO_PLAYBACK_MODE 0x00
-#define MP_AUDIO_CLOCK_DIV 0x18
-#define MP_AUDIO_IRQ_STATUS 0x20
-#define MP_AUDIO_IRQ_ENABLE 0x24
-#define MP_AUDIO_TX_START_LO 0x28
-#define MP_AUDIO_TX_THRESHOLD 0x2C
-#define MP_AUDIO_TX_STATUS 0x38
-#define MP_AUDIO_TX_START_HI 0x40
-
-/* Status register and IRQ enable bits */
-#define MP_AUDIO_TX_HALF (1 << 6)
-#define MP_AUDIO_TX_FULL (1 << 7)
-
-/* Playback mode bits */
-#define MP_AUDIO_16BIT_SAMPLE (1 << 0)
-#define MP_AUDIO_PLAYBACK_EN (1 << 7)
-#define MP_AUDIO_CLOCK_24MHZ (1 << 9)
-#define MP_AUDIO_MONO (1 << 14)
-
-typedef struct mv88w8618_audio_state {
- SysBusDevice busdev;
- MemoryRegion iomem;
- qemu_irq irq;
- uint32_t playback_mode;
- uint32_t status;
- uint32_t irq_enable;
- uint32_t phys_buf;
- uint32_t target_buffer;
- uint32_t threshold;
- uint32_t play_pos;
- uint32_t last_free;
- uint32_t clock_div;
- void *wm;
-} mv88w8618_audio_state;
-
-static void mv88w8618_audio_callback(void *opaque, int free_out, int free_in)
-{
- mv88w8618_audio_state *s = opaque;
- int16_t *codec_buffer;
- int8_t buf[4096];
- int8_t *mem_buffer;
- int pos, block_size;
-
- if (!(s->playback_mode & MP_AUDIO_PLAYBACK_EN)) {
- return;
- }
- if (s->playback_mode & MP_AUDIO_16BIT_SAMPLE) {
- free_out <<= 1;
- }
- if (!(s->playback_mode & MP_AUDIO_MONO)) {
- free_out <<= 1;
- }
- block_size = s->threshold / 2;
- if (free_out - s->last_free < block_size) {
- return;
- }
- if (block_size > 4096) {
- return;
- }
- cpu_physical_memory_read(s->target_buffer + s->play_pos, (void *)buf,
- block_size);
- mem_buffer = buf;
- if (s->playback_mode & MP_AUDIO_16BIT_SAMPLE) {
- if (s->playback_mode & MP_AUDIO_MONO) {
- codec_buffer = wm8750_dac_buffer(s->wm, block_size >> 1);
- for (pos = 0; pos < block_size; pos += 2) {
- *codec_buffer++ = *(int16_t *)mem_buffer;
- *codec_buffer++ = *(int16_t *)mem_buffer;
- mem_buffer += 2;
- }
- } else {
- memcpy(wm8750_dac_buffer(s->wm, block_size >> 2),
- (uint32_t *)mem_buffer, block_size);
- }
- } else {
- if (s->playback_mode & MP_AUDIO_MONO) {
- codec_buffer = wm8750_dac_buffer(s->wm, block_size);
- for (pos = 0; pos < block_size; pos++) {
- *codec_buffer++ = cpu_to_le16(256 * *mem_buffer);
- *codec_buffer++ = cpu_to_le16(256 * *mem_buffer++);
- }
- } else {
- codec_buffer = wm8750_dac_buffer(s->wm, block_size >> 1);
- for (pos = 0; pos < block_size; pos += 2) {
- *codec_buffer++ = cpu_to_le16(256 * *mem_buffer++);
- *codec_buffer++ = cpu_to_le16(256 * *mem_buffer++);
- }
- }
- }
- wm8750_dac_commit(s->wm);
-
- s->last_free = free_out - block_size;
-
- if (s->play_pos == 0) {
- s->status |= MP_AUDIO_TX_HALF;
- s->play_pos = block_size;
- } else {
- s->status |= MP_AUDIO_TX_FULL;
- s->play_pos = 0;
- }
-
- if (s->status & s->irq_enable) {
- qemu_irq_raise(s->irq);
- }
-}
-
-static void mv88w8618_audio_clock_update(mv88w8618_audio_state *s)
-{
- int rate;
-
- if (s->playback_mode & MP_AUDIO_CLOCK_24MHZ) {
- rate = 24576000 / 64; /* 24.576MHz */
- } else {
- rate = 11289600 / 64; /* 11.2896MHz */
- }
- rate /= ((s->clock_div >> 8) & 0xff) + 1;
-
- wm8750_set_bclk_in(s->wm, rate);
-}
-
-static uint64_t mv88w8618_audio_read(void *opaque, hwaddr offset,
- unsigned size)
-{
- mv88w8618_audio_state *s = opaque;
-
- switch (offset) {
- case MP_AUDIO_PLAYBACK_MODE:
- return s->playback_mode;
-
- case MP_AUDIO_CLOCK_DIV:
- return s->clock_div;
-
- case MP_AUDIO_IRQ_STATUS:
- return s->status;
-
- case MP_AUDIO_IRQ_ENABLE:
- return s->irq_enable;
-
- case MP_AUDIO_TX_STATUS:
- return s->play_pos >> 2;
-
- default:
- return 0;
- }
-}
-
-static void mv88w8618_audio_write(void *opaque, hwaddr offset,
- uint64_t value, unsigned size)
-{
- mv88w8618_audio_state *s = opaque;
-
- switch (offset) {
- case MP_AUDIO_PLAYBACK_MODE:
- if (value & MP_AUDIO_PLAYBACK_EN &&
- !(s->playback_mode & MP_AUDIO_PLAYBACK_EN)) {
- s->status = 0;
- s->last_free = 0;
- s->play_pos = 0;
- }
- s->playback_mode = value;
- mv88w8618_audio_clock_update(s);
- break;
-
- case MP_AUDIO_CLOCK_DIV:
- s->clock_div = value;
- s->last_free = 0;
- s->play_pos = 0;
- mv88w8618_audio_clock_update(s);
- break;
-
- case MP_AUDIO_IRQ_STATUS:
- s->status &= ~value;
- break;
-
- case MP_AUDIO_IRQ_ENABLE:
- s->irq_enable = value;
- if (s->status & s->irq_enable) {
- qemu_irq_raise(s->irq);
- }
- break;
-
- case MP_AUDIO_TX_START_LO:
- s->phys_buf = (s->phys_buf & 0xFFFF0000) | (value & 0xFFFF);
- s->target_buffer = s->phys_buf;
- s->play_pos = 0;
- s->last_free = 0;
- break;
-
- case MP_AUDIO_TX_THRESHOLD:
- s->threshold = (value + 1) * 4;
- break;
-
- case MP_AUDIO_TX_START_HI:
- s->phys_buf = (s->phys_buf & 0xFFFF) | (value << 16);
- s->target_buffer = s->phys_buf;
- s->play_pos = 0;
- s->last_free = 0;
- break;
- }
-}
-
-static void mv88w8618_audio_reset(DeviceState *d)
-{
- mv88w8618_audio_state *s = FROM_SYSBUS(mv88w8618_audio_state,
- sysbus_from_qdev(d));
-
- s->playback_mode = 0;
- s->status = 0;
- s->irq_enable = 0;
- s->clock_div = 0;
- s->threshold = 0;
- s->phys_buf = 0;
-}
-
-static const MemoryRegionOps mv88w8618_audio_ops = {
- .read = mv88w8618_audio_read,
- .write = mv88w8618_audio_write,
- .endianness = DEVICE_NATIVE_ENDIAN,
-};
-
-static int mv88w8618_audio_init(SysBusDevice *dev)
-{
- mv88w8618_audio_state *s = FROM_SYSBUS(mv88w8618_audio_state, dev);
-
- sysbus_init_irq(dev, &s->irq);
-
- wm8750_data_req_set(s->wm, mv88w8618_audio_callback, s);
-
- memory_region_init_io(&s->iomem, &mv88w8618_audio_ops, s,
- "audio", MP_AUDIO_SIZE);
- sysbus_init_mmio(dev, &s->iomem);
-
- return 0;
-}
-
-static const VMStateDescription mv88w8618_audio_vmsd = {
- .name = "mv88w8618_audio",
- .version_id = 1,
- .minimum_version_id = 1,
- .minimum_version_id_old = 1,
- .fields = (VMStateField[]) {
- VMSTATE_UINT32(playback_mode, mv88w8618_audio_state),
- VMSTATE_UINT32(status, mv88w8618_audio_state),
- VMSTATE_UINT32(irq_enable, mv88w8618_audio_state),
- VMSTATE_UINT32(phys_buf, mv88w8618_audio_state),
- VMSTATE_UINT32(target_buffer, mv88w8618_audio_state),
- VMSTATE_UINT32(threshold, mv88w8618_audio_state),
- VMSTATE_UINT32(play_pos, mv88w8618_audio_state),
- VMSTATE_UINT32(last_free, mv88w8618_audio_state),
- VMSTATE_UINT32(clock_div, mv88w8618_audio_state),
- VMSTATE_END_OF_LIST()
- }
-};
-
-static Property mv88w8618_audio_properties[] = {
- DEFINE_PROP_PTR("wm8750", mv88w8618_audio_state, wm),
- {/* end of list */},
-};
-
-static void mv88w8618_audio_class_init(ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS(klass);
- SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
-
- k->init = mv88w8618_audio_init;
- dc->reset = mv88w8618_audio_reset;
- dc->vmsd = &mv88w8618_audio_vmsd;
- dc->props = mv88w8618_audio_properties;
-}
-
-static TypeInfo mv88w8618_audio_info = {
- .name = "mv88w8618_audio",
- .parent = TYPE_SYS_BUS_DEVICE,
- .instance_size = sizeof(mv88w8618_audio_state),
- .class_init = mv88w8618_audio_class_init,
-};
-
-static void mv88w8618_register_types(void)
-{
- type_register_static(&mv88w8618_audio_info);
-}
-
-type_init(mv88w8618_register_types)
diff --git a/hw/max111x.c b/hw/max111x.c
deleted file mode 100644
index 67640f109..000000000
--- a/hw/max111x.c
+++ /dev/null
@@ -1,193 +0,0 @@
-/*
- * Maxim MAX1110/1111 ADC chip emulation.
- *
- * Copyright (c) 2006 Openedhand Ltd.
- * Written by Andrzej Zaborowski <balrog@zabor.org>
- *
- * This code is licensed under the GNU GPLv2.
- *
- * Contributions after 2012-01-13 are licensed under the terms of the
- * GNU GPL, version 2 or (at your option) any later version.
- */
-
-#include "ssi.h"
-
-typedef struct {
- SSISlave ssidev;
- qemu_irq interrupt;
- uint8_t tb1, rb2, rb3;
- int cycle;
-
- uint8_t input[8];
- int inputs, com;
-} MAX111xState;
-
-/* Control-byte bitfields */
-#define CB_PD0 (1 << 0)
-#define CB_PD1 (1 << 1)
-#define CB_SGL (1 << 2)
-#define CB_UNI (1 << 3)
-#define CB_SEL0 (1 << 4)
-#define CB_SEL1 (1 << 5)
-#define CB_SEL2 (1 << 6)
-#define CB_START (1 << 7)
-
-#define CHANNEL_NUM(v, b0, b1, b2) \
- ((((v) >> (2 + (b0))) & 4) | \
- (((v) >> (3 + (b1))) & 2) | \
- (((v) >> (4 + (b2))) & 1))
-
-static uint32_t max111x_read(MAX111xState *s)
-{
- if (!s->tb1)
- return 0;
-
- switch (s->cycle ++) {
- case 1:
- return s->rb2;
- case 2:
- return s->rb3;
- }
-
- return 0;
-}
-
-/* Interpret a control-byte */
-static void max111x_write(MAX111xState *s, uint32_t value)
-{
- int measure, chan;
-
- /* Ignore the value if START bit is zero */
- if (!(value & CB_START))
- return;
-
- s->cycle = 0;
-
- if (!(value & CB_PD1)) {
- s->tb1 = 0;
- return;
- }
-
- s->tb1 = value;
-
- if (s->inputs == 8)
- chan = CHANNEL_NUM(value, 1, 0, 2);
- else
- chan = CHANNEL_NUM(value & ~CB_SEL0, 0, 1, 2);
-
- if (value & CB_SGL)
- measure = s->input[chan] - s->com;
- else
- measure = s->input[chan] - s->input[chan ^ 1];
-
- if (!(value & CB_UNI))
- measure ^= 0x80;
-
- s->rb2 = (measure >> 2) & 0x3f;
- s->rb3 = (measure << 6) & 0xc0;
-
- /* FIXME: When should the IRQ be lowered? */
- qemu_irq_raise(s->interrupt);
-}
-
-static uint32_t max111x_transfer(SSISlave *dev, uint32_t value)
-{
- MAX111xState *s = FROM_SSI_SLAVE(MAX111xState, dev);
- max111x_write(s, value);
- return max111x_read(s);
-}
-
-static const VMStateDescription vmstate_max111x = {
- .name = "max111x",
- .version_id = 1,
- .minimum_version_id = 1,
- .minimum_version_id_old = 1,
- .fields = (VMStateField[]) {
- VMSTATE_SSI_SLAVE(ssidev, MAX111xState),
- VMSTATE_UINT8(tb1, MAX111xState),
- VMSTATE_UINT8(rb2, MAX111xState),
- VMSTATE_UINT8(rb3, MAX111xState),
- VMSTATE_INT32_EQUAL(inputs, MAX111xState),
- VMSTATE_INT32(com, MAX111xState),
- VMSTATE_ARRAY_INT32_UNSAFE(input, MAX111xState, inputs,
- vmstate_info_uint8, uint8_t),
- VMSTATE_END_OF_LIST()
- }
-};
-
-static int max111x_init(SSISlave *dev, int inputs)
-{
- MAX111xState *s = FROM_SSI_SLAVE(MAX111xState, dev);
-
- qdev_init_gpio_out(&dev->qdev, &s->interrupt, 1);
-
- s->inputs = inputs;
- /* TODO: add a user interface for setting these */
- s->input[0] = 0xf0;
- s->input[1] = 0xe0;
- s->input[2] = 0xd0;
- s->input[3] = 0xc0;
- s->input[4] = 0xb0;
- s->input[5] = 0xa0;
- s->input[6] = 0x90;
- s->input[7] = 0x80;
- s->com = 0;
-
- vmstate_register(&dev->qdev, -1, &vmstate_max111x, s);
- return 0;
-}
-
-static int max1110_init(SSISlave *dev)
-{
- return max111x_init(dev, 8);
-}
-
-static int max1111_init(SSISlave *dev)
-{
- return max111x_init(dev, 4);
-}
-
-void max111x_set_input(DeviceState *dev, int line, uint8_t value)
-{
- MAX111xState *s = FROM_SSI_SLAVE(MAX111xState, SSI_SLAVE_FROM_QDEV(dev));
- assert(line >= 0 && line < s->inputs);
- s->input[line] = value;
-}
-
-static void max1110_class_init(ObjectClass *klass, void *data)
-{
- SSISlaveClass *k = SSI_SLAVE_CLASS(klass);
-
- k->init = max1110_init;
- k->transfer = max111x_transfer;
-}
-
-static TypeInfo max1110_info = {
- .name = "max1110",
- .parent = TYPE_SSI_SLAVE,
- .instance_size = sizeof(MAX111xState),
- .class_init = max1110_class_init,
-};
-
-static void max1111_class_init(ObjectClass *klass, void *data)
-{
- SSISlaveClass *k = SSI_SLAVE_CLASS(klass);
-
- k->init = max1111_init;
- k->transfer = max111x_transfer;
-}
-
-static TypeInfo max1111_info = {
- .name = "max1111",
- .parent = TYPE_SSI_SLAVE,
- .instance_size = sizeof(MAX111xState),
- .class_init = max1111_class_init,
-};
-
-static void max111x_register_types(void)
-{
- type_register_static(&max1110_info);
- type_register_static(&max1111_info);
-}
-
-type_init(max111x_register_types)
diff --git a/hw/max7310.c b/hw/max7310.c
deleted file mode 100644
index 1ed18ba87..000000000
--- a/hw/max7310.c
+++ /dev/null
@@ -1,213 +0,0 @@
-/*
- * MAX7310 8-port GPIO expansion chip.
- *
- * Copyright (c) 2006 Openedhand Ltd.
- * Written by Andrzej Zaborowski <balrog@zabor.org>
- *
- * This file is licensed under GNU GPL.
- */
-
-#include "i2c.h"
-
-typedef struct {
- I2CSlave i2c;
- int i2c_command_byte;
- int len;
-
- uint8_t level;
- uint8_t direction;
- uint8_t polarity;
- uint8_t status;
- uint8_t command;
- qemu_irq handler[8];
- qemu_irq *gpio_in;
-} MAX7310State;
-
-static void max7310_reset(DeviceState *dev)
-{
- MAX7310State *s = FROM_I2C_SLAVE(MAX7310State, I2C_SLAVE_FROM_QDEV(dev));
- s->level &= s->direction;
- s->direction = 0xff;
- s->polarity = 0xf0;
- s->status = 0x01;
- s->command = 0x00;
-}
-
-static int max7310_rx(I2CSlave *i2c)
-{
- MAX7310State *s = (MAX7310State *) i2c;
-
- switch (s->command) {
- case 0x00: /* Input port */
- return s->level ^ s->polarity;
- break;
-
- case 0x01: /* Output port */
- return s->level & ~s->direction;
- break;
-
- case 0x02: /* Polarity inversion */
- return s->polarity;
-
- case 0x03: /* Configuration */
- return s->direction;
-
- case 0x04: /* Timeout */
- return s->status;
- break;
-
- case 0xff: /* Reserved */
- return 0xff;
-
- default:
-#ifdef VERBOSE
- printf("%s: unknown register %02x\n", __FUNCTION__, s->command);
-#endif
- break;
- }
- return 0xff;
-}
-
-static int max7310_tx(I2CSlave *i2c, uint8_t data)
-{
- MAX7310State *s = (MAX7310State *) i2c;
- uint8_t diff;
- int line;
-
- if (s->len ++ > 1) {
-#ifdef VERBOSE
- printf("%s: message too long (%i bytes)\n", __FUNCTION__, s->len);
-#endif
- return 1;
- }
-
- if (s->i2c_command_byte) {
- s->command = data;
- s->i2c_command_byte = 0;
- return 0;
- }
-
- switch (s->command) {
- case 0x01: /* Output port */
- for (diff = (data ^ s->level) & ~s->direction; diff;
- diff &= ~(1 << line)) {
- line = ffs(diff) - 1;
- if (s->handler[line])
- qemu_set_irq(s->handler[line], (data >> line) & 1);
- }
- s->level = (s->level & s->direction) | (data & ~s->direction);
- break;
-
- case 0x02: /* Polarity inversion */
- s->polarity = data;
- break;
-
- case 0x03: /* Configuration */
- s->level &= ~(s->direction ^ data);
- s->direction = data;
- break;
-
- case 0x04: /* Timeout */
- s->status = data;
- break;
-
- case 0x00: /* Input port - ignore writes */
- break;
- default:
-#ifdef VERBOSE
- printf("%s: unknown register %02x\n", __FUNCTION__, s->command);
-#endif
- return 1;
- }
-
- return 0;
-}
-
-static void max7310_event(I2CSlave *i2c, enum i2c_event event)
-{
- MAX7310State *s = (MAX7310State *) i2c;
- s->len = 0;
-
- switch (event) {
- case I2C_START_SEND:
- s->i2c_command_byte = 1;
- break;
- case I2C_FINISH:
-#ifdef VERBOSE
- if (s->len == 1)
- printf("%s: message too short (%i bytes)\n", __FUNCTION__, s->len);
-#endif
- break;
- default:
- break;
- }
-}
-
-static const VMStateDescription vmstate_max7310 = {
- .name = "max7310",
- .version_id = 0,
- .minimum_version_id = 0,
- .minimum_version_id_old = 0,
- .fields = (VMStateField []) {
- VMSTATE_INT32(i2c_command_byte, MAX7310State),
- VMSTATE_INT32(len, MAX7310State),
- VMSTATE_UINT8(level, MAX7310State),
- VMSTATE_UINT8(direction, MAX7310State),
- VMSTATE_UINT8(polarity, MAX7310State),
- VMSTATE_UINT8(status, MAX7310State),
- VMSTATE_UINT8(command, MAX7310State),
- VMSTATE_I2C_SLAVE(i2c, MAX7310State),
- VMSTATE_END_OF_LIST()
- }
-};
-
-static void max7310_gpio_set(void *opaque, int line, int level)
-{
- MAX7310State *s = (MAX7310State *) opaque;
- if (line >= ARRAY_SIZE(s->handler) || line < 0)
- hw_error("bad GPIO line");
-
- if (level)
- s->level |= s->direction & (1 << line);
- else
- s->level &= ~(s->direction & (1 << line));
-}
-
-/* MAX7310 is SMBus-compatible (can be used with only SMBus protocols),
- * but also accepts sequences that are not SMBus so return an I2C device. */
-static int max7310_init(I2CSlave *i2c)
-{
- MAX7310State *s = FROM_I2C_SLAVE(MAX7310State, i2c);
-
- qdev_init_gpio_in(&i2c->qdev, max7310_gpio_set, 8);
- qdev_init_gpio_out(&i2c->qdev, s->handler, 8);
-
- return 0;
-}
-
-static void max7310_class_init(ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS(klass);
- I2CSlaveClass *k = I2C_SLAVE_CLASS(klass);
-
- k->init = max7310_init;
- k->event = max7310_event;
- k->recv = max7310_rx;
- k->send = max7310_tx;
- dc->reset = max7310_reset;
- dc->vmsd = &vmstate_max7310;
-}
-
-static TypeInfo max7310_info = {
- .name = "max7310",
- .parent = TYPE_I2C_SLAVE,
- .instance_size = sizeof(MAX7310State),
- .class_init = max7310_class_init,
-};
-
-static void max7310_register_types(void)
-{
- type_register_static(&max7310_info);
-}
-
-type_init(max7310_register_types)
diff --git a/hw/mc146818rtc.c b/hw/mc146818rtc.c
deleted file mode 100644
index c79fca7d6..000000000
--- a/hw/mc146818rtc.c
+++ /dev/null
@@ -1,913 +0,0 @@
-/*
- * QEMU MC146818 RTC emulation
- *
- * Copyright (c) 2003-2004 Fabrice Bellard
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
- * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
- * THE SOFTWARE.
- */
-#include "hw.h"
-#include "qemu-timer.h"
-#include "sysemu.h"
-#include "mc146818rtc.h"
-#include "qapi/qapi-visit-core.h"
-
-#ifdef TARGET_I386
-#include "apic.h"
-#endif
-
-//#define DEBUG_CMOS
-//#define DEBUG_COALESCED
-
-#ifdef DEBUG_CMOS
-# define CMOS_DPRINTF(format, ...) printf(format, ## __VA_ARGS__)
-#else
-# define CMOS_DPRINTF(format, ...) do { } while (0)
-#endif
-
-#ifdef DEBUG_COALESCED
-# define DPRINTF_C(format, ...) printf(format, ## __VA_ARGS__)
-#else
-# define DPRINTF_C(format, ...) do { } while (0)
-#endif
-
-#define NSEC_PER_SEC 1000000000LL
-#define SEC_PER_MIN 60
-#define MIN_PER_HOUR 60
-#define SEC_PER_HOUR 3600
-#define HOUR_PER_DAY 24
-#define SEC_PER_DAY 86400
-
-#define RTC_REINJECT_ON_ACK_COUNT 20
-#define RTC_CLOCK_RATE 32768
-#define UIP_HOLD_LENGTH (8 * NSEC_PER_SEC / 32768)
-
-typedef struct RTCState {
- ISADevice dev;
- MemoryRegion io;
- uint8_t cmos_data[128];
- uint8_t cmos_index;
- int32_t base_year;
- uint64_t base_rtc;
- uint64_t last_update;
- int64_t offset;
- qemu_irq irq;
- qemu_irq sqw_irq;
- int it_shift;
- /* periodic timer */
- QEMUTimer *periodic_timer;
- int64_t next_periodic_time;
- /* update-ended timer */
- QEMUTimer *update_timer;
- uint64_t next_alarm_time;
- uint16_t irq_reinject_on_ack_count;
- uint32_t irq_coalesced;
- uint32_t period;
- QEMUTimer *coalesced_timer;
- Notifier clock_reset_notifier;
- LostTickPolicy lost_tick_policy;
- Notifier suspend_notifier;
-} RTCState;
-
-static void rtc_set_time(RTCState *s);
-static void rtc_update_time(RTCState *s);
-static void rtc_set_cmos(RTCState *s, const struct tm *tm);
-static inline int rtc_from_bcd(RTCState *s, int a);
-static uint64_t get_next_alarm(RTCState *s);
-
-static inline bool rtc_running(RTCState *s)
-{
- return (!(s->cmos_data[RTC_REG_B] & REG_B_SET) &&
- (s->cmos_data[RTC_REG_A] & 0x70) <= 0x20);
-}
-
-static uint64_t get_guest_rtc_ns(RTCState *s)
-{
- uint64_t guest_rtc;
- uint64_t guest_clock = qemu_get_clock_ns(rtc_clock);
-
- guest_rtc = s->base_rtc * NSEC_PER_SEC
- + guest_clock - s->last_update + s->offset;
- return guest_rtc;
-}
-
-#ifdef TARGET_I386
-static void rtc_coalesced_timer_update(RTCState *s)
-{
- if (s->irq_coalesced == 0) {
- qemu_del_timer(s->coalesced_timer);
- } else {
- /* divide each RTC interval to 2 - 8 smaller intervals */
- int c = MIN(s->irq_coalesced, 7) + 1;
- int64_t next_clock = qemu_get_clock_ns(rtc_clock) +
- muldiv64(s->period / c, get_ticks_per_sec(), RTC_CLOCK_RATE);
- qemu_mod_timer(s->coalesced_timer, next_clock);
- }
-}
-
-static void rtc_coalesced_timer(void *opaque)
-{
- RTCState *s = opaque;
-
- if (s->irq_coalesced != 0) {
- apic_reset_irq_delivered();
- s->cmos_data[RTC_REG_C] |= 0xc0;
- DPRINTF_C("cmos: injecting from timer\n");
- qemu_irq_raise(s->irq);
- if (apic_get_irq_delivered()) {
- s->irq_coalesced--;
- DPRINTF_C("cmos: coalesced irqs decreased to %d\n",
- s->irq_coalesced);
- }
- }
-
- rtc_coalesced_timer_update(s);
-}
-#endif
-
-/* handle periodic timer */
-static void periodic_timer_update(RTCState *s, int64_t current_time)
-{
- int period_code, period;
- int64_t cur_clock, next_irq_clock;
-
- period_code = s->cmos_data[RTC_REG_A] & 0x0f;
- if (period_code != 0
- && ((s->cmos_data[RTC_REG_B] & REG_B_PIE)
- || ((s->cmos_data[RTC_REG_B] & REG_B_SQWE) && s->sqw_irq))) {
- if (period_code <= 2)
- period_code += 7;
- /* period in 32 Khz cycles */
- period = 1 << (period_code - 1);
-#ifdef TARGET_I386
- if (period != s->period) {
- s->irq_coalesced = (s->irq_coalesced * s->period) / period;
- DPRINTF_C("cmos: coalesced irqs scaled to %d\n", s->irq_coalesced);
- }
- s->period = period;
-#endif
- /* compute 32 khz clock */
- cur_clock = muldiv64(current_time, RTC_CLOCK_RATE, get_ticks_per_sec());
- next_irq_clock = (cur_clock & ~(period - 1)) + period;
- s->next_periodic_time =
- muldiv64(next_irq_clock, get_ticks_per_sec(), RTC_CLOCK_RATE) + 1;
- qemu_mod_timer(s->periodic_timer, s->next_periodic_time);
- } else {
-#ifdef TARGET_I386
- s->irq_coalesced = 0;
-#endif
- qemu_del_timer(s->periodic_timer);
- }
-}
-
-static void rtc_periodic_timer(void *opaque)
-{
- RTCState *s = opaque;
-
- periodic_timer_update(s, s->next_periodic_time);
- s->cmos_data[RTC_REG_C] |= REG_C_PF;
- if (s->cmos_data[RTC_REG_B] & REG_B_PIE) {
- s->cmos_data[RTC_REG_C] |= REG_C_IRQF;
-#ifdef TARGET_I386
- if (s->lost_tick_policy == LOST_TICK_SLEW) {
- if (s->irq_reinject_on_ack_count >= RTC_REINJECT_ON_ACK_COUNT)
- s->irq_reinject_on_ack_count = 0;
- apic_reset_irq_delivered();
- qemu_irq_raise(s->irq);
- if (!apic_get_irq_delivered()) {
- s->irq_coalesced++;
- rtc_coalesced_timer_update(s);
- DPRINTF_C("cmos: coalesced irqs increased to %d\n",
- s->irq_coalesced);
- }
- } else
-#endif
- qemu_irq_raise(s->irq);
- }
- if (s->cmos_data[RTC_REG_B] & REG_B_SQWE) {
- /* Not square wave at all but we don't want 2048Hz interrupts!
- Must be seen as a pulse. */
- qemu_irq_raise(s->sqw_irq);
- }
-}
-
-/* handle update-ended timer */
-static void check_update_timer(RTCState *s)
-{
- uint64_t next_update_time;
- uint64_t guest_nsec;
- int next_alarm_sec;
-
- /* From the data sheet: "Holding the dividers in reset prevents
- * interrupts from operating, while setting the SET bit allows"
- * them to occur. However, it will prevent an alarm interrupt
- * from occurring, because the time of day is not updated.
- */
- if ((s->cmos_data[RTC_REG_A] & 0x60) == 0x60) {
- qemu_del_timer(s->update_timer);
- return;
- }
- if ((s->cmos_data[RTC_REG_C] & REG_C_UF) &&
- (s->cmos_data[RTC_REG_B] & REG_B_SET)) {
- qemu_del_timer(s->update_timer);
- return;
- }
- if ((s->cmos_data[RTC_REG_C] & REG_C_UF) &&
- (s->cmos_data[RTC_REG_C] & REG_C_AF)) {
- qemu_del_timer(s->update_timer);
- return;
- }
-
- guest_nsec = get_guest_rtc_ns(s) % NSEC_PER_SEC;
- /* if UF is clear, reprogram to next second */
- next_update_time = qemu_get_clock_ns(rtc_clock)
- + NSEC_PER_SEC - guest_nsec;
-
- /* Compute time of next alarm. One second is already accounted
- * for in next_update_time.
- */
- next_alarm_sec = get_next_alarm(s);
- s->next_alarm_time = next_update_time + (next_alarm_sec - 1) * NSEC_PER_SEC;
-
- if (s->cmos_data[RTC_REG_C] & REG_C_UF) {
- /* UF is set, but AF is clear. Program the timer to target
- * the alarm time. */
- next_update_time = s->next_alarm_time;
- }
- if (next_update_time != qemu_timer_expire_time_ns(s->update_timer)) {
- qemu_mod_timer(s->update_timer, next_update_time);
- }
-}
-
-static inline uint8_t convert_hour(RTCState *s, uint8_t hour)
-{
- if (!(s->cmos_data[RTC_REG_B] & REG_B_24H)) {
- hour %= 12;
- if (s->cmos_data[RTC_HOURS] & 0x80) {
- hour += 12;
- }
- }
- return hour;
-}
-
-static uint64_t get_next_alarm(RTCState *s)
-{
- int32_t alarm_sec, alarm_min, alarm_hour, cur_hour, cur_min, cur_sec;
- int32_t hour, min, sec;
-
- rtc_update_time(s);
-
- alarm_sec = rtc_from_bcd(s, s->cmos_data[RTC_SECONDS_ALARM]);
- alarm_min = rtc_from_bcd(s, s->cmos_data[RTC_MINUTES_ALARM]);
- alarm_hour = rtc_from_bcd(s, s->cmos_data[RTC_HOURS_ALARM]);
- alarm_hour = alarm_hour == -1 ? -1 : convert_hour(s, alarm_hour);
-
- cur_sec = rtc_from_bcd(s, s->cmos_data[RTC_SECONDS]);
- cur_min = rtc_from_bcd(s, s->cmos_data[RTC_MINUTES]);
- cur_hour = rtc_from_bcd(s, s->cmos_data[RTC_HOURS]);
- cur_hour = convert_hour(s, cur_hour);
-
- if (alarm_hour == -1) {
- alarm_hour = cur_hour;
- if (alarm_min == -1) {
- alarm_min = cur_min;
- if (alarm_sec == -1) {
- alarm_sec = cur_sec + 1;
- } else if (cur_sec > alarm_sec) {
- alarm_min++;
- }
- } else if (cur_min == alarm_min) {
- if (alarm_sec == -1) {
- alarm_sec = cur_sec + 1;
- } else {
- if (cur_sec > alarm_sec) {
- alarm_hour++;
- }
- }
- if (alarm_sec == SEC_PER_MIN) {
- /* wrap to next hour, minutes is not in don't care mode */
- alarm_sec = 0;
- alarm_hour++;
- }
- } else if (cur_min > alarm_min) {
- alarm_hour++;
- }
- } else if (cur_hour == alarm_hour) {
- if (alarm_min == -1) {
- alarm_min = cur_min;
- if (alarm_sec == -1) {
- alarm_sec = cur_sec + 1;
- } else if (cur_sec > alarm_sec) {
- alarm_min++;
- }
-
- if (alarm_sec == SEC_PER_MIN) {
- alarm_sec = 0;
- alarm_min++;
- }
- /* wrap to next day, hour is not in don't care mode */
- alarm_min %= MIN_PER_HOUR;
- } else if (cur_min == alarm_min) {
- if (alarm_sec == -1) {
- alarm_sec = cur_sec + 1;
- }
- /* wrap to next day, hours+minutes not in don't care mode */
- alarm_sec %= SEC_PER_MIN;
- }
- }
-
- /* values that are still don't care fire at the next min/sec */
- if (alarm_min == -1) {
- alarm_min = 0;
- }
- if (alarm_sec == -1) {
- alarm_sec = 0;
- }
-
- /* keep values in range */
- if (alarm_sec == SEC_PER_MIN) {
- alarm_sec = 0;
- alarm_min++;
- }
- if (alarm_min == MIN_PER_HOUR) {
- alarm_min = 0;
- alarm_hour++;
- }
- alarm_hour %= HOUR_PER_DAY;
-
- hour = alarm_hour - cur_hour;
- min = hour * MIN_PER_HOUR + alarm_min - cur_min;
- sec = min * SEC_PER_MIN + alarm_sec - cur_sec;
- return sec <= 0 ? sec + SEC_PER_DAY : sec;
-}
-
-static void rtc_update_timer(void *opaque)
-{
- RTCState *s = opaque;
- int32_t irqs = REG_C_UF;
- int32_t new_irqs;
-
- assert((s->cmos_data[RTC_REG_A] & 0x60) != 0x60);
-
- /* UIP might have been latched, update time and clear it. */
- rtc_update_time(s);
- s->cmos_data[RTC_REG_A] &= ~REG_A_UIP;
-
- if (qemu_get_clock_ns(rtc_clock) >= s->next_alarm_time) {
- irqs |= REG_C_AF;
- if (s->cmos_data[RTC_REG_B] & REG_B_AIE) {
- qemu_system_wakeup_request(QEMU_WAKEUP_REASON_RTC);
- }
- }
-
- new_irqs = irqs & ~s->cmos_data[RTC_REG_C];
- s->cmos_data[RTC_REG_C] |= irqs;
- if ((new_irqs & s->cmos_data[RTC_REG_B]) != 0) {
- s->cmos_data[RTC_REG_C] |= REG_C_IRQF;
- qemu_irq_raise(s->irq);
- }
- check_update_timer(s);
-}
-
-static void cmos_ioport_write(void *opaque, hwaddr addr,
- uint64_t data, unsigned size)
-{
- RTCState *s = opaque;
-
- if ((addr & 1) == 0) {
- s->cmos_index = data & 0x7f;
- } else {
- CMOS_DPRINTF("cmos: write index=0x%02x val=0x%02x\n",
- s->cmos_index, data);
- switch(s->cmos_index) {
- case RTC_SECONDS_ALARM:
- case RTC_MINUTES_ALARM:
- case RTC_HOURS_ALARM:
- s->cmos_data[s->cmos_index] = data;
- check_update_timer(s);
- break;
- case RTC_IBM_PS2_CENTURY_BYTE:
- s->cmos_index = RTC_CENTURY;
- /* fall through */
- case RTC_CENTURY:
- case RTC_SECONDS:
- case RTC_MINUTES:
- case RTC_HOURS:
- case RTC_DAY_OF_WEEK:
- case RTC_DAY_OF_MONTH:
- case RTC_MONTH:
- case RTC_YEAR:
- s->cmos_data[s->cmos_index] = data;
- /* if in set mode, do not update the time */
- if (rtc_running(s)) {
- rtc_set_time(s);
- check_update_timer(s);
- }
- break;
- case RTC_REG_A:
- if ((data & 0x60) == 0x60) {
- if (rtc_running(s)) {
- rtc_update_time(s);
- }
- /* What happens to UIP when divider reset is enabled is
- * unclear from the datasheet. Shouldn't matter much
- * though.
- */
- s->cmos_data[RTC_REG_A] &= ~REG_A_UIP;
- } else if (((s->cmos_data[RTC_REG_A] & 0x60) == 0x60) &&
- (data & 0x70) <= 0x20) {
- /* when the divider reset is removed, the first update cycle
- * begins one-half second later*/
- if (!(s->cmos_data[RTC_REG_B] & REG_B_SET)) {
- s->offset = 500000000;
- rtc_set_time(s);
- }
- s->cmos_data[RTC_REG_A] &= ~REG_A_UIP;
- }
- /* UIP bit is read only */
- s->cmos_data[RTC_REG_A] = (data & ~REG_A_UIP) |
- (s->cmos_data[RTC_REG_A] & REG_A_UIP);
- periodic_timer_update(s, qemu_get_clock_ns(rtc_clock));
- check_update_timer(s);
- break;
- case RTC_REG_B:
- if (data & REG_B_SET) {
- /* update cmos to when the rtc was stopping */
- if (rtc_running(s)) {
- rtc_update_time(s);
- }
- /* set mode: reset UIP mode */
- s->cmos_data[RTC_REG_A] &= ~REG_A_UIP;
- data &= ~REG_B_UIE;
- } else {
- /* if disabling set mode, update the time */
- if ((s->cmos_data[RTC_REG_B] & REG_B_SET) &&
- (s->cmos_data[RTC_REG_A] & 0x70) <= 0x20) {
- s->offset = get_guest_rtc_ns(s) % NSEC_PER_SEC;
- rtc_set_time(s);
- }
- }
- /* if an interrupt flag is already set when the interrupt
- * becomes enabled, raise an interrupt immediately. */
- if (data & s->cmos_data[RTC_REG_C] & REG_C_MASK) {
- s->cmos_data[RTC_REG_C] |= REG_C_IRQF;
- qemu_irq_raise(s->irq);
- } else {
- s->cmos_data[RTC_REG_C] &= ~REG_C_IRQF;
- qemu_irq_lower(s->irq);
- }
- s->cmos_data[RTC_REG_B] = data;
- periodic_timer_update(s, qemu_get_clock_ns(rtc_clock));
- check_update_timer(s);
- break;
- case RTC_REG_C:
- case RTC_REG_D:
- /* cannot write to them */
- break;
- default:
- s->cmos_data[s->cmos_index] = data;
- break;
- }
- }
-}
-
-static inline int rtc_to_bcd(RTCState *s, int a)
-{
- if (s->cmos_data[RTC_REG_B] & REG_B_DM) {
- return a;
- } else {
- return ((a / 10) << 4) | (a % 10);
- }
-}
-
-static inline int rtc_from_bcd(RTCState *s, int a)
-{
- if ((a & 0xc0) == 0xc0) {
- return -1;
- }
- if (s->cmos_data[RTC_REG_B] & REG_B_DM) {
- return a;
- } else {
- return ((a >> 4) * 10) + (a & 0x0f);
- }
-}
-
-static void rtc_get_time(RTCState *s, struct tm *tm)
-{
- tm->tm_sec = rtc_from_bcd(s, s->cmos_data[RTC_SECONDS]);
- tm->tm_min = rtc_from_bcd(s, s->cmos_data[RTC_MINUTES]);
- tm->tm_hour = rtc_from_bcd(s, s->cmos_data[RTC_HOURS] & 0x7f);
- if (!(s->cmos_data[RTC_REG_B] & REG_B_24H)) {
- tm->tm_hour %= 12;
- if (s->cmos_data[RTC_HOURS] & 0x80) {
- tm->tm_hour += 12;
- }
- }
- tm->tm_wday = rtc_from_bcd(s, s->cmos_data[RTC_DAY_OF_WEEK]) - 1;
- tm->tm_mday = rtc_from_bcd(s, s->cmos_data[RTC_DAY_OF_MONTH]);
- tm->tm_mon = rtc_from_bcd(s, s->cmos_data[RTC_MONTH]) - 1;
- tm->tm_year =
- rtc_from_bcd(s, s->cmos_data[RTC_YEAR]) + s->base_year +
- rtc_from_bcd(s, s->cmos_data[RTC_CENTURY]) * 100 - 1900;
-}
-
-static void rtc_set_time(RTCState *s)
-{
- struct tm tm;
-
- rtc_get_time(s, &tm);
- s->base_rtc = mktimegm(&tm);
- s->last_update = qemu_get_clock_ns(rtc_clock);
-
- rtc_change_mon_event(&tm);
-}
-
-static void rtc_set_cmos(RTCState *s, const struct tm *tm)
-{
- int year;
-
- s->cmos_data[RTC_SECONDS] = rtc_to_bcd(s, tm->tm_sec);
- s->cmos_data[RTC_MINUTES] = rtc_to_bcd(s, tm->tm_min);
- if (s->cmos_data[RTC_REG_B] & REG_B_24H) {
- /* 24 hour format */
- s->cmos_data[RTC_HOURS] = rtc_to_bcd(s, tm->tm_hour);
- } else {
- /* 12 hour format */
- int h = (tm->tm_hour % 12) ? tm->tm_hour % 12 : 12;
- s->cmos_data[RTC_HOURS] = rtc_to_bcd(s, h);
- if (tm->tm_hour >= 12)
- s->cmos_data[RTC_HOURS] |= 0x80;
- }
- s->cmos_data[RTC_DAY_OF_WEEK] = rtc_to_bcd(s, tm->tm_wday + 1);
- s->cmos_data[RTC_DAY_OF_MONTH] = rtc_to_bcd(s, tm->tm_mday);
- s->cmos_data[RTC_MONTH] = rtc_to_bcd(s, tm->tm_mon + 1);
- year = tm->tm_year + 1900 - s->base_year;
- s->cmos_data[RTC_YEAR] = rtc_to_bcd(s, year % 100);
- s->cmos_data[RTC_CENTURY] = rtc_to_bcd(s, year / 100);
-}
-
-static void rtc_update_time(RTCState *s)
-{
- struct tm ret;
- time_t guest_sec;
- int64_t guest_nsec;
-
- guest_nsec = get_guest_rtc_ns(s);
- guest_sec = guest_nsec / NSEC_PER_SEC;
- gmtime_r(&guest_sec, &ret);
-
- /* Is SET flag of Register B disabled? */
- if ((s->cmos_data[RTC_REG_B] & REG_B_SET) == 0) {
- rtc_set_cmos(s, &ret);
- }
-}
-
-static int update_in_progress(RTCState *s)
-{
- int64_t guest_nsec;
-
- if (!rtc_running(s)) {
- return 0;
- }
- if (qemu_timer_pending(s->update_timer)) {
- int64_t next_update_time = qemu_timer_expire_time_ns(s->update_timer);
- /* Latch UIP until the timer expires. */
- if (qemu_get_clock_ns(rtc_clock) >= (next_update_time - UIP_HOLD_LENGTH)) {
- s->cmos_data[RTC_REG_A] |= REG_A_UIP;
- return 1;
- }
- }
-
- guest_nsec = get_guest_rtc_ns(s);
- /* UIP bit will be set at last 244us of every second. */
- if ((guest_nsec % NSEC_PER_SEC) >= (NSEC_PER_SEC - UIP_HOLD_LENGTH)) {
- return 1;
- }
- return 0;
-}
-
-static uint64_t cmos_ioport_read(void *opaque, hwaddr addr,
- unsigned size)
-{
- RTCState *s = opaque;
- int ret;
- if ((addr & 1) == 0) {
- return 0xff;
- } else {
- switch(s->cmos_index) {
- case RTC_IBM_PS2_CENTURY_BYTE:
- s->cmos_index = RTC_CENTURY;
- /* fall through */
- case RTC_CENTURY:
- case RTC_SECONDS:
- case RTC_MINUTES:
- case RTC_HOURS:
- case RTC_DAY_OF_WEEK:
- case RTC_DAY_OF_MONTH:
- case RTC_MONTH:
- case RTC_YEAR:
- /* if not in set mode, calibrate cmos before
- * reading*/
- if (rtc_running(s)) {
- rtc_update_time(s);
- }
- ret = s->cmos_data[s->cmos_index];
- break;
- case RTC_REG_A:
- if (update_in_progress(s)) {
- s->cmos_data[s->cmos_index] |= REG_A_UIP;
- } else {
- s->cmos_data[s->cmos_index] &= ~REG_A_UIP;
- }
- ret = s->cmos_data[s->cmos_index];
- break;
- case RTC_REG_C:
- ret = s->cmos_data[s->cmos_index];
- qemu_irq_lower(s->irq);
- s->cmos_data[RTC_REG_C] = 0x00;
- if (ret & (REG_C_UF | REG_C_AF)) {
- check_update_timer(s);
- }
-#ifdef TARGET_I386
- if(s->irq_coalesced &&
- (s->cmos_data[RTC_REG_B] & REG_B_PIE) &&
- s->irq_reinject_on_ack_count < RTC_REINJECT_ON_ACK_COUNT) {
- s->irq_reinject_on_ack_count++;
- s->cmos_data[RTC_REG_C] |= REG_C_IRQF | REG_C_PF;
- apic_reset_irq_delivered();
- DPRINTF_C("cmos: injecting on ack\n");
- qemu_irq_raise(s->irq);
- if (apic_get_irq_delivered()) {
- s->irq_coalesced--;
- DPRINTF_C("cmos: coalesced irqs decreased to %d\n",
- s->irq_coalesced);
- }
- }
-#endif
- break;
- default:
- ret = s->cmos_data[s->cmos_index];
- break;
- }
- CMOS_DPRINTF("cmos: read index=0x%02x val=0x%02x\n",
- s->cmos_index, ret);
- return ret;
- }
-}
-
-void rtc_set_memory(ISADevice *dev, int addr, int val)
-{
- RTCState *s = DO_UPCAST(RTCState, dev, dev);
- if (addr >= 0 && addr <= 127)
- s->cmos_data[addr] = val;
-}
-
-static void rtc_set_date_from_host(ISADevice *dev)
-{
- RTCState *s = DO_UPCAST(RTCState, dev, dev);
- struct tm tm;
-
- qemu_get_timedate(&tm, 0);
-
- s->base_rtc = mktimegm(&tm);
- s->last_update = qemu_get_clock_ns(rtc_clock);
- s->offset = 0;
-
- /* set the CMOS date */
- rtc_set_cmos(s, &tm);
-}
-
-static int rtc_post_load(void *opaque, int version_id)
-{
- RTCState *s = opaque;
-
- if (version_id <= 2) {
- rtc_set_time(s);
- s->offset = 0;
- check_update_timer(s);
- }
-
-#ifdef TARGET_I386
- if (version_id >= 2) {
- if (s->lost_tick_policy == LOST_TICK_SLEW) {
- rtc_coalesced_timer_update(s);
- }
- }
-#endif
- return 0;
-}
-
-static const VMStateDescription vmstate_rtc = {
- .name = "mc146818rtc",
- .version_id = 3,
- .minimum_version_id = 1,
- .minimum_version_id_old = 1,
- .post_load = rtc_post_load,
- .fields = (VMStateField []) {
- VMSTATE_BUFFER(cmos_data, RTCState),
- VMSTATE_UINT8(cmos_index, RTCState),
- VMSTATE_UNUSED(7*4),
- VMSTATE_TIMER(periodic_timer, RTCState),
- VMSTATE_INT64(next_periodic_time, RTCState),
- VMSTATE_UNUSED(3*8),
- VMSTATE_UINT32_V(irq_coalesced, RTCState, 2),
- VMSTATE_UINT32_V(period, RTCState, 2),
- VMSTATE_UINT64_V(base_rtc, RTCState, 3),
- VMSTATE_UINT64_V(last_update, RTCState, 3),
- VMSTATE_INT64_V(offset, RTCState, 3),
- VMSTATE_TIMER_V(update_timer, RTCState, 3),
- VMSTATE_UINT64_V(next_alarm_time, RTCState, 3),
- VMSTATE_END_OF_LIST()
- }
-};
-
-static void rtc_notify_clock_reset(Notifier *notifier, void *data)
-{
- RTCState *s = container_of(notifier, RTCState, clock_reset_notifier);
- int64_t now = *(int64_t *)data;
-
- rtc_set_date_from_host(&s->dev);
- periodic_timer_update(s, now);
- check_update_timer(s);
-#ifdef TARGET_I386
- if (s->lost_tick_policy == LOST_TICK_SLEW) {
- rtc_coalesced_timer_update(s);
- }
-#endif
-}
-
-/* set CMOS shutdown status register (index 0xF) as S3_resume(0xFE)
- BIOS will read it and start S3 resume at POST Entry */
-static void rtc_notify_suspend(Notifier *notifier, void *data)
-{
- RTCState *s = container_of(notifier, RTCState, suspend_notifier);
- rtc_set_memory(&s->dev, 0xF, 0xFE);
-}
-
-static void rtc_reset(void *opaque)
-{
- RTCState *s = opaque;
-
- s->cmos_data[RTC_REG_B] &= ~(REG_B_PIE | REG_B_AIE | REG_B_SQWE);
- s->cmos_data[RTC_REG_C] &= ~(REG_C_UF | REG_C_IRQF | REG_C_PF | REG_C_AF);
- check_update_timer(s);
-
- qemu_irq_lower(s->irq);
-
-#ifdef TARGET_I386
- if (s->lost_tick_policy == LOST_TICK_SLEW) {
- s->irq_coalesced = 0;
- }
-#endif
-}
-
-static const MemoryRegionOps cmos_ops = {
- .read = cmos_ioport_read,
- .write = cmos_ioport_write,
- .impl = {
- .min_access_size = 1,
- .max_access_size = 1,
- },
- .endianness = DEVICE_LITTLE_ENDIAN,
-};
-
-static void rtc_get_date(Object *obj, Visitor *v, void *opaque,
- const char *name, Error **errp)
-{
- ISADevice *isa = ISA_DEVICE(obj);
- RTCState *s = DO_UPCAST(RTCState, dev, isa);
- struct tm current_tm;
-
- rtc_update_time(s);
- rtc_get_time(s, &current_tm);
- visit_start_struct(v, NULL, "struct tm", name, 0, errp);
- visit_type_int32(v, &current_tm.tm_year, "tm_year", errp);
- visit_type_int32(v, &current_tm.tm_mon, "tm_mon", errp);
- visit_type_int32(v, &current_tm.tm_mday, "tm_mday", errp);
- visit_type_int32(v, &current_tm.tm_hour, "tm_hour", errp);
- visit_type_int32(v, &current_tm.tm_min, "tm_min", errp);
- visit_type_int32(v, &current_tm.tm_sec, "tm_sec", errp);
- visit_end_struct(v, errp);
-}
-
-static int rtc_initfn(ISADevice *dev)
-{
- RTCState *s = DO_UPCAST(RTCState, dev, dev);
- int base = 0x70;
-
- s->cmos_data[RTC_REG_A] = 0x26;
- s->cmos_data[RTC_REG_B] = 0x02;
- s->cmos_data[RTC_REG_C] = 0x00;
- s->cmos_data[RTC_REG_D] = 0x80;
-
- /* This is for historical reasons. The default base year qdev property
- * was set to 2000 for most machine types before the century byte was
- * implemented.
- *
- * This if statement means that the century byte will be always 0
- * (at least until 2079...) for base_year = 1980, but will be set
- * correctly for base_year = 2000.
- */
- if (s->base_year == 2000) {
- s->base_year = 0;
- }
-
- rtc_set_date_from_host(dev);
-
-#ifdef TARGET_I386
- switch (s->lost_tick_policy) {
- case LOST_TICK_SLEW:
- s->coalesced_timer =
- qemu_new_timer_ns(rtc_clock, rtc_coalesced_timer, s);
- break;
- case LOST_TICK_DISCARD:
- break;
- default:
- return -EINVAL;
- }
-#endif
-
- s->periodic_timer = qemu_new_timer_ns(rtc_clock, rtc_periodic_timer, s);
- s->update_timer = qemu_new_timer_ns(rtc_clock, rtc_update_timer, s);
- check_update_timer(s);
-
- s->clock_reset_notifier.notify = rtc_notify_clock_reset;
- qemu_register_clock_reset_notifier(rtc_clock, &s->clock_reset_notifier);
-
- s->suspend_notifier.notify = rtc_notify_suspend;
- qemu_register_suspend_notifier(&s->suspend_notifier);
-
- memory_region_init_io(&s->io, &cmos_ops, s, "rtc", 2);
- isa_register_ioport(dev, &s->io, base);
-
- qdev_set_legacy_instance_id(&dev->qdev, base, 3);
- qemu_register_reset(rtc_reset, s);
-
- object_property_add(OBJECT(s), "date", "struct tm",
- rtc_get_date, NULL, NULL, s, NULL);
-
- return 0;
-}
-
-ISADevice *rtc_init(ISABus *bus, int base_year, qemu_irq intercept_irq)
-{
- ISADevice *dev;
- RTCState *s;
-
- dev = isa_create(bus, "mc146818rtc");
- s = DO_UPCAST(RTCState, dev, dev);
- qdev_prop_set_int32(&dev->qdev, "base_year", base_year);
- qdev_init_nofail(&dev->qdev);
- if (intercept_irq) {
- s->irq = intercept_irq;
- } else {
- isa_init_irq(dev, &s->irq, RTC_ISA_IRQ);
- }
- return dev;
-}
-
-static Property mc146818rtc_properties[] = {
- DEFINE_PROP_INT32("base_year", RTCState, base_year, 1980),
- DEFINE_PROP_LOSTTICKPOLICY("lost_tick_policy", RTCState,
- lost_tick_policy, LOST_TICK_DISCARD),
- DEFINE_PROP_END_OF_LIST(),
-};
-
-static void rtc_class_initfn(ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS(klass);
- ISADeviceClass *ic = ISA_DEVICE_CLASS(klass);
- ic->init = rtc_initfn;
- dc->no_user = 1;
- dc->vmsd = &vmstate_rtc;
- dc->props = mc146818rtc_properties;
-}
-
-static TypeInfo mc146818rtc_info = {
- .name = "mc146818rtc",
- .parent = TYPE_ISA_DEVICE,
- .instance_size = sizeof(RTCState),
- .class_init = rtc_class_initfn,
-};
-
-static void mc146818rtc_register_types(void)
-{
- type_register_static(&mc146818rtc_info);
-}
-
-type_init(mc146818rtc_register_types)
diff --git a/hw/mc146818rtc.h b/hw/mc146818rtc.h
deleted file mode 100644
index f286b6a12..000000000
--- a/hw/mc146818rtc.h
+++ /dev/null
@@ -1,11 +0,0 @@
-#ifndef MC146818RTC_H
-#define MC146818RTC_H
-
-#include "isa.h"
-#include "mc146818rtc_regs.h"
-
-ISADevice *rtc_init(ISABus *bus, int base_year, qemu_irq intercept_irq);
-void rtc_set_memory(ISADevice *dev, int addr, int val);
-void rtc_set_date(ISADevice *dev, const struct tm *tm);
-
-#endif /* !MC146818RTC_H */
diff --git a/hw/mc146818rtc_regs.h b/hw/mc146818rtc_regs.h
deleted file mode 100644
index ccdee42b3..000000000
--- a/hw/mc146818rtc_regs.h
+++ /dev/null
@@ -1,67 +0,0 @@
-/*
- * QEMU MC146818 RTC emulation
- *
- * Copyright (c) 2003-2004 Fabrice Bellard
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
- * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
- * THE SOFTWARE.
- */
-#ifndef RTC_REGS_H
-#define RTC_REGS_H
-
-#define RTC_ISA_IRQ 8
-
-#define RTC_SECONDS 0
-#define RTC_SECONDS_ALARM 1
-#define RTC_MINUTES 2
-#define RTC_MINUTES_ALARM 3
-#define RTC_HOURS 4
-#define RTC_HOURS_ALARM 5
-#define RTC_ALARM_DONT_CARE 0xC0
-
-#define RTC_DAY_OF_WEEK 6
-#define RTC_DAY_OF_MONTH 7
-#define RTC_MONTH 8
-#define RTC_YEAR 9
-
-#define RTC_REG_A 10
-#define RTC_REG_B 11
-#define RTC_REG_C 12
-#define RTC_REG_D 13
-
-/* PC cmos mappings */
-#define RTC_CENTURY 0x32
-#define RTC_IBM_PS2_CENTURY_BYTE 0x37
-
-#define REG_A_UIP 0x80
-
-#define REG_B_SET 0x80
-#define REG_B_PIE 0x40
-#define REG_B_AIE 0x20
-#define REG_B_UIE 0x10
-#define REG_B_SQWE 0x08
-#define REG_B_DM 0x04
-#define REG_B_24H 0x02
-
-#define REG_C_UF 0x10
-#define REG_C_IRQF 0x80
-#define REG_C_PF 0x40
-#define REG_C_AF 0x20
-#define REG_C_MASK 0x70
-
-#endif
diff --git a/hw/mcf.h b/hw/mcf.h
deleted file mode 100644
index f929910f0..000000000
--- a/hw/mcf.h
+++ /dev/null
@@ -1,30 +0,0 @@
-#ifndef HW_MCF_H
-#define HW_MCF_H
-/* Motorola ColdFire device prototypes. */
-
-struct MemoryRegion;
-
-/* mcf_uart.c */
-uint64_t mcf_uart_read(void *opaque, hwaddr addr,
- unsigned size);
-void mcf_uart_write(void *opaque, hwaddr addr,
- uint64_t val, unsigned size);
-void *mcf_uart_init(qemu_irq irq, CharDriverState *chr);
-void mcf_uart_mm_init(struct MemoryRegion *sysmem,
- hwaddr base,
- qemu_irq irq, CharDriverState *chr);
-
-/* mcf_intc.c */
-qemu_irq *mcf_intc_init(struct MemoryRegion *sysmem,
- hwaddr base,
- CPUM68KState *env);
-
-/* mcf_fec.c */
-void mcf_fec_init(struct MemoryRegion *sysmem, NICInfo *nd,
- hwaddr base, qemu_irq *irq);
-
-/* mcf5206.c */
-qemu_irq *mcf5206_init(struct MemoryRegion *sysmem,
- uint32_t base, CPUM68KState *env);
-
-#endif
diff --git a/hw/mcf5206.c b/hw/mcf5206.c
deleted file mode 100644
index 510d77047..000000000
--- a/hw/mcf5206.c
+++ /dev/null
@@ -1,548 +0,0 @@
-/*
- * Motorola ColdFire MCF5206 SoC embedded peripheral emulation.
- *
- * Copyright (c) 2007 CodeSourcery.
- *
- * This code is licensed under the GPL
- */
-#include "hw.h"
-#include "mcf.h"
-#include "qemu-timer.h"
-#include "ptimer.h"
-#include "sysemu.h"
-#include "exec-memory.h"
-
-/* General purpose timer module. */
-typedef struct {
- uint16_t tmr;
- uint16_t trr;
- uint16_t tcr;
- uint16_t ter;
- ptimer_state *timer;
- qemu_irq irq;
- int irq_state;
-} m5206_timer_state;
-
-#define TMR_RST 0x01
-#define TMR_CLK 0x06
-#define TMR_FRR 0x08
-#define TMR_ORI 0x10
-#define TMR_OM 0x20
-#define TMR_CE 0xc0
-
-#define TER_CAP 0x01
-#define TER_REF 0x02
-
-static void m5206_timer_update(m5206_timer_state *s)
-{
- if ((s->tmr & TMR_ORI) != 0 && (s->ter & TER_REF))
- qemu_irq_raise(s->irq);
- else
- qemu_irq_lower(s->irq);
-}
-
-static void m5206_timer_reset(m5206_timer_state *s)
-{
- s->tmr = 0;
- s->trr = 0;
-}
-
-static void m5206_timer_recalibrate(m5206_timer_state *s)
-{
- int prescale;
- int mode;
-
- ptimer_stop(s->timer);
-
- if ((s->tmr & TMR_RST) == 0)
- return;
-
- prescale = (s->tmr >> 8) + 1;
- mode = (s->tmr >> 1) & 3;
- if (mode == 2)
- prescale *= 16;
-
- if (mode == 3 || mode == 0)
- hw_error("m5206_timer: mode %d not implemented\n", mode);
- if ((s->tmr & TMR_FRR) == 0)
- hw_error("m5206_timer: free running mode not implemented\n");
-
- /* Assume 66MHz system clock. */
- ptimer_set_freq(s->timer, 66000000 / prescale);
-
- ptimer_set_limit(s->timer, s->trr, 0);
-
- ptimer_run(s->timer, 0);
-}
-
-static void m5206_timer_trigger(void *opaque)
-{
- m5206_timer_state *s = (m5206_timer_state *)opaque;
- s->ter |= TER_REF;
- m5206_timer_update(s);
-}
-
-static uint32_t m5206_timer_read(m5206_timer_state *s, uint32_t addr)
-{
- switch (addr) {
- case 0:
- return s->tmr;
- case 4:
- return s->trr;
- case 8:
- return s->tcr;
- case 0xc:
- return s->trr - ptimer_get_count(s->timer);
- case 0x11:
- return s->ter;
- default:
- return 0;
- }
-}
-
-static void m5206_timer_write(m5206_timer_state *s, uint32_t addr, uint32_t val)
-{
- switch (addr) {
- case 0:
- if ((s->tmr & TMR_RST) != 0 && (val & TMR_RST) == 0) {
- m5206_timer_reset(s);
- }
- s->tmr = val;
- m5206_timer_recalibrate(s);
- break;
- case 4:
- s->trr = val;
- m5206_timer_recalibrate(s);
- break;
- case 8:
- s->tcr = val;
- break;
- case 0xc:
- ptimer_set_count(s->timer, val);
- break;
- case 0x11:
- s->ter &= ~val;
- break;
- default:
- break;
- }
- m5206_timer_update(s);
-}
-
-static m5206_timer_state *m5206_timer_init(qemu_irq irq)
-{
- m5206_timer_state *s;
- QEMUBH *bh;
-
- s = (m5206_timer_state *)g_malloc0(sizeof(m5206_timer_state));
- bh = qemu_bh_new(m5206_timer_trigger, s);
- s->timer = ptimer_init(bh);
- s->irq = irq;
- m5206_timer_reset(s);
- return s;
-}
-
-/* System Integration Module. */
-
-typedef struct {
- CPUM68KState *env;
- MemoryRegion iomem;
- m5206_timer_state *timer[2];
- void *uart[2];
- uint8_t scr;
- uint8_t icr[14];
- uint16_t imr; /* 1 == interrupt is masked. */
- uint16_t ipr;
- uint8_t rsr;
- uint8_t swivr;
- uint8_t par;
- /* Include the UART vector registers here. */
- uint8_t uivr[2];
-} m5206_mbar_state;
-
-/* Interrupt controller. */
-
-static int m5206_find_pending_irq(m5206_mbar_state *s)
-{
- int level;
- int vector;
- uint16_t active;
- int i;
-
- level = 0;
- vector = 0;
- active = s->ipr & ~s->imr;
- if (!active)
- return 0;
-
- for (i = 1; i < 14; i++) {
- if (active & (1 << i)) {
- if ((s->icr[i] & 0x1f) > level) {
- level = s->icr[i] & 0x1f;
- vector = i;
- }
- }
- }
-
- if (level < 4)
- vector = 0;
-
- return vector;
-}
-
-static void m5206_mbar_update(m5206_mbar_state *s)
-{
- int irq;
- int vector;
- int level;
-
- irq = m5206_find_pending_irq(s);
- if (irq) {
- int tmp;
- tmp = s->icr[irq];
- level = (tmp >> 2) & 7;
- if (tmp & 0x80) {
- /* Autovector. */
- vector = 24 + level;
- } else {
- switch (irq) {
- case 8: /* SWT */
- vector = s->swivr;
- break;
- case 12: /* UART1 */
- vector = s->uivr[0];
- break;
- case 13: /* UART2 */
- vector = s->uivr[1];
- break;
- default:
- /* Unknown vector. */
- fprintf(stderr, "Unhandled vector for IRQ %d\n", irq);
- vector = 0xf;
- break;
- }
- }
- } else {
- level = 0;
- vector = 0;
- }
- m68k_set_irq_level(s->env, level, vector);
-}
-
-static void m5206_mbar_set_irq(void *opaque, int irq, int level)
-{
- m5206_mbar_state *s = (m5206_mbar_state *)opaque;
- if (level) {
- s->ipr |= 1 << irq;
- } else {
- s->ipr &= ~(1 << irq);
- }
- m5206_mbar_update(s);
-}
-
-/* System Integration Module. */
-
-static void m5206_mbar_reset(m5206_mbar_state *s)
-{
- s->scr = 0xc0;
- s->icr[1] = 0x04;
- s->icr[2] = 0x08;
- s->icr[3] = 0x0c;
- s->icr[4] = 0x10;
- s->icr[5] = 0x14;
- s->icr[6] = 0x18;
- s->icr[7] = 0x1c;
- s->icr[8] = 0x1c;
- s->icr[9] = 0x80;
- s->icr[10] = 0x80;
- s->icr[11] = 0x80;
- s->icr[12] = 0x00;
- s->icr[13] = 0x00;
- s->imr = 0x3ffe;
- s->rsr = 0x80;
- s->swivr = 0x0f;
- s->par = 0;
-}
-
-static uint64_t m5206_mbar_read(m5206_mbar_state *s,
- uint64_t offset, unsigned size)
-{
- if (offset >= 0x100 && offset < 0x120) {
- return m5206_timer_read(s->timer[0], offset - 0x100);
- } else if (offset >= 0x120 && offset < 0x140) {
- return m5206_timer_read(s->timer[1], offset - 0x120);
- } else if (offset >= 0x140 && offset < 0x160) {
- return mcf_uart_read(s->uart[0], offset - 0x140, size);
- } else if (offset >= 0x180 && offset < 0x1a0) {
- return mcf_uart_read(s->uart[1], offset - 0x180, size);
- }
- switch (offset) {
- case 0x03: return s->scr;
- case 0x14 ... 0x20: return s->icr[offset - 0x13];
- case 0x36: return s->imr;
- case 0x3a: return s->ipr;
- case 0x40: return s->rsr;
- case 0x41: return 0;
- case 0x42: return s->swivr;
- case 0x50:
- /* DRAM mask register. */
- /* FIXME: currently hardcoded to 128Mb. */
- {
- uint32_t mask = ~0;
- while (mask > ram_size)
- mask >>= 1;
- return mask & 0x0ffe0000;
- }
- case 0x5c: return 1; /* DRAM bank 1 empty. */
- case 0xcb: return s->par;
- case 0x170: return s->uivr[0];
- case 0x1b0: return s->uivr[1];
- }
- hw_error("Bad MBAR read offset 0x%x", (int)offset);
- return 0;
-}
-
-static void m5206_mbar_write(m5206_mbar_state *s, uint32_t offset,
- uint64_t value, unsigned size)
-{
- if (offset >= 0x100 && offset < 0x120) {
- m5206_timer_write(s->timer[0], offset - 0x100, value);
- return;
- } else if (offset >= 0x120 && offset < 0x140) {
- m5206_timer_write(s->timer[1], offset - 0x120, value);
- return;
- } else if (offset >= 0x140 && offset < 0x160) {
- mcf_uart_write(s->uart[0], offset - 0x140, value, size);
- return;
- } else if (offset >= 0x180 && offset < 0x1a0) {
- mcf_uart_write(s->uart[1], offset - 0x180, value, size);
- return;
- }
- switch (offset) {
- case 0x03:
- s->scr = value;
- break;
- case 0x14 ... 0x20:
- s->icr[offset - 0x13] = value;
- m5206_mbar_update(s);
- break;
- case 0x36:
- s->imr = value;
- m5206_mbar_update(s);
- break;
- case 0x40:
- s->rsr &= ~value;
- break;
- case 0x41:
- /* TODO: implement watchdog. */
- break;
- case 0x42:
- s->swivr = value;
- break;
- case 0xcb:
- s->par = value;
- break;
- case 0x170:
- s->uivr[0] = value;
- break;
- case 0x178: case 0x17c: case 0x1c8: case 0x1bc:
- /* Not implemented: UART Output port bits. */
- break;
- case 0x1b0:
- s->uivr[1] = value;
- break;
- default:
- hw_error("Bad MBAR write offset 0x%x", (int)offset);
- break;
- }
-}
-
-/* Internal peripherals use a variety of register widths.
- This lookup table allows a single routine to handle all of them. */
-static const int m5206_mbar_width[] =
-{
- /* 000-040 */ 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 2, 2, 2, 2,
- /* 040-080 */ 1, 2, 2, 2, 4, 1, 2, 4, 1, 2, 4, 2, 2, 4, 2, 2,
- /* 080-0c0 */ 4, 2, 2, 4, 2, 2, 4, 2, 2, 4, 2, 2, 4, 2, 2, 4,
- /* 0c0-100 */ 2, 2, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
- /* 100-140 */ 2, 2, 2, 2, 1, 0, 0, 0, 2, 2, 2, 2, 1, 0, 0, 0,
- /* 140-180 */ 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
- /* 180-1c0 */ 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
- /* 1c0-200 */ 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
-};
-
-static uint32_t m5206_mbar_readw(void *opaque, hwaddr offset);
-static uint32_t m5206_mbar_readl(void *opaque, hwaddr offset);
-
-static uint32_t m5206_mbar_readb(void *opaque, hwaddr offset)
-{
- m5206_mbar_state *s = (m5206_mbar_state *)opaque;
- offset &= 0x3ff;
- if (offset >= 0x200) {
- hw_error("Bad MBAR read offset 0x%x", (int)offset);
- }
- if (m5206_mbar_width[offset >> 2] > 1) {
- uint16_t val;
- val = m5206_mbar_readw(opaque, offset & ~1);
- if ((offset & 1) == 0) {
- val >>= 8;
- }
- return val & 0xff;
- }
- return m5206_mbar_read(s, offset, 1);
-}
-
-static uint32_t m5206_mbar_readw(void *opaque, hwaddr offset)
-{
- m5206_mbar_state *s = (m5206_mbar_state *)opaque;
- int width;
- offset &= 0x3ff;
- if (offset >= 0x200) {
- hw_error("Bad MBAR read offset 0x%x", (int)offset);
- }
- width = m5206_mbar_width[offset >> 2];
- if (width > 2) {
- uint32_t val;
- val = m5206_mbar_readl(opaque, offset & ~3);
- if ((offset & 3) == 0)
- val >>= 16;
- return val & 0xffff;
- } else if (width < 2) {
- uint16_t val;
- val = m5206_mbar_readb(opaque, offset) << 8;
- val |= m5206_mbar_readb(opaque, offset + 1);
- return val;
- }
- return m5206_mbar_read(s, offset, 2);
-}
-
-static uint32_t m5206_mbar_readl(void *opaque, hwaddr offset)
-{
- m5206_mbar_state *s = (m5206_mbar_state *)opaque;
- int width;
- offset &= 0x3ff;
- if (offset >= 0x200) {
- hw_error("Bad MBAR read offset 0x%x", (int)offset);
- }
- width = m5206_mbar_width[offset >> 2];
- if (width < 4) {
- uint32_t val;
- val = m5206_mbar_readw(opaque, offset) << 16;
- val |= m5206_mbar_readw(opaque, offset + 2);
- return val;
- }
- return m5206_mbar_read(s, offset, 4);
-}
-
-static void m5206_mbar_writew(void *opaque, hwaddr offset,
- uint32_t value);
-static void m5206_mbar_writel(void *opaque, hwaddr offset,
- uint32_t value);
-
-static void m5206_mbar_writeb(void *opaque, hwaddr offset,
- uint32_t value)
-{
- m5206_mbar_state *s = (m5206_mbar_state *)opaque;
- int width;
- offset &= 0x3ff;
- if (offset >= 0x200) {
- hw_error("Bad MBAR write offset 0x%x", (int)offset);
- }
- width = m5206_mbar_width[offset >> 2];
- if (width > 1) {
- uint32_t tmp;
- tmp = m5206_mbar_readw(opaque, offset & ~1);
- if (offset & 1) {
- tmp = (tmp & 0xff00) | value;
- } else {
- tmp = (tmp & 0x00ff) | (value << 8);
- }
- m5206_mbar_writew(opaque, offset & ~1, tmp);
- return;
- }
- m5206_mbar_write(s, offset, value, 1);
-}
-
-static void m5206_mbar_writew(void *opaque, hwaddr offset,
- uint32_t value)
-{
- m5206_mbar_state *s = (m5206_mbar_state *)opaque;
- int width;
- offset &= 0x3ff;
- if (offset >= 0x200) {
- hw_error("Bad MBAR write offset 0x%x", (int)offset);
- }
- width = m5206_mbar_width[offset >> 2];
- if (width > 2) {
- uint32_t tmp;
- tmp = m5206_mbar_readl(opaque, offset & ~3);
- if (offset & 3) {
- tmp = (tmp & 0xffff0000) | value;
- } else {
- tmp = (tmp & 0x0000ffff) | (value << 16);
- }
- m5206_mbar_writel(opaque, offset & ~3, tmp);
- return;
- } else if (width < 2) {
- m5206_mbar_writeb(opaque, offset, value >> 8);
- m5206_mbar_writeb(opaque, offset + 1, value & 0xff);
- return;
- }
- m5206_mbar_write(s, offset, value, 2);
-}
-
-static void m5206_mbar_writel(void *opaque, hwaddr offset,
- uint32_t value)
-{
- m5206_mbar_state *s = (m5206_mbar_state *)opaque;
- int width;
- offset &= 0x3ff;
- if (offset >= 0x200) {
- hw_error("Bad MBAR write offset 0x%x", (int)offset);
- }
- width = m5206_mbar_width[offset >> 2];
- if (width < 4) {
- m5206_mbar_writew(opaque, offset, value >> 16);
- m5206_mbar_writew(opaque, offset + 2, value & 0xffff);
- return;
- }
- m5206_mbar_write(s, offset, value, 4);
-}
-
-static const MemoryRegionOps m5206_mbar_ops = {
- .old_mmio = {
- .read = {
- m5206_mbar_readb,
- m5206_mbar_readw,
- m5206_mbar_readl,
- },
- .write = {
- m5206_mbar_writeb,
- m5206_mbar_writew,
- m5206_mbar_writel,
- },
- },
- .endianness = DEVICE_NATIVE_ENDIAN,
-};
-
-qemu_irq *mcf5206_init(MemoryRegion *sysmem, uint32_t base, CPUM68KState *env)
-{
- m5206_mbar_state *s;
- qemu_irq *pic;
-
- s = (m5206_mbar_state *)g_malloc0(sizeof(m5206_mbar_state));
-
- memory_region_init_io(&s->iomem, &m5206_mbar_ops, s,
- "mbar", 0x00001000);
- memory_region_add_subregion(sysmem, base, &s->iomem);
-
- pic = qemu_allocate_irqs(m5206_mbar_set_irq, s, 14);
- s->timer[0] = m5206_timer_init(pic[9]);
- s->timer[1] = m5206_timer_init(pic[10]);
- s->uart[0] = mcf_uart_init(pic[12], serial_hds[0]);
- s->uart[1] = mcf_uart_init(pic[13], serial_hds[1]);
- s->env = env;
-
- m5206_mbar_reset(s);
- return pic;
-}
diff --git a/hw/mcf5208.c b/hw/mcf5208.c
deleted file mode 100644
index b1db54937..000000000
--- a/hw/mcf5208.c
+++ /dev/null
@@ -1,302 +0,0 @@
-/*
- * Motorola ColdFire MCF5208 SoC emulation.
- *
- * Copyright (c) 2007 CodeSourcery.
- *
- * This code is licensed under the GPL
- */
-#include "hw.h"
-#include "mcf.h"
-#include "qemu-timer.h"
-#include "ptimer.h"
-#include "sysemu.h"
-#include "net.h"
-#include "boards.h"
-#include "loader.h"
-#include "elf.h"
-#include "exec-memory.h"
-
-#define SYS_FREQ 66000000
-
-#define PCSR_EN 0x0001
-#define PCSR_RLD 0x0002
-#define PCSR_PIF 0x0004
-#define PCSR_PIE 0x0008
-#define PCSR_OVW 0x0010
-#define PCSR_DBG 0x0020
-#define PCSR_DOZE 0x0040
-#define PCSR_PRE_SHIFT 8
-#define PCSR_PRE_MASK 0x0f00
-
-typedef struct {
- MemoryRegion iomem;
- qemu_irq irq;
- ptimer_state *timer;
- uint16_t pcsr;
- uint16_t pmr;
- uint16_t pcntr;
-} m5208_timer_state;
-
-static void m5208_timer_update(m5208_timer_state *s)
-{
- if ((s->pcsr & (PCSR_PIE | PCSR_PIF)) == (PCSR_PIE | PCSR_PIF))
- qemu_irq_raise(s->irq);
- else
- qemu_irq_lower(s->irq);
-}
-
-static void m5208_timer_write(void *opaque, hwaddr offset,
- uint64_t value, unsigned size)
-{
- m5208_timer_state *s = (m5208_timer_state *)opaque;
- int prescale;
- int limit;
- switch (offset) {
- case 0:
- /* The PIF bit is set-to-clear. */
- if (value & PCSR_PIF) {
- s->pcsr &= ~PCSR_PIF;
- value &= ~PCSR_PIF;
- }
- /* Avoid frobbing the timer if we're just twiddling IRQ bits. */
- if (((s->pcsr ^ value) & ~PCSR_PIE) == 0) {
- s->pcsr = value;
- m5208_timer_update(s);
- return;
- }
-
- if (s->pcsr & PCSR_EN)
- ptimer_stop(s->timer);
-
- s->pcsr = value;
-
- prescale = 1 << ((s->pcsr & PCSR_PRE_MASK) >> PCSR_PRE_SHIFT);
- ptimer_set_freq(s->timer, (SYS_FREQ / 2) / prescale);
- if (s->pcsr & PCSR_RLD)
- limit = s->pmr;
- else
- limit = 0xffff;
- ptimer_set_limit(s->timer, limit, 0);
-
- if (s->pcsr & PCSR_EN)
- ptimer_run(s->timer, 0);
- break;
- case 2:
- s->pmr = value;
- s->pcsr &= ~PCSR_PIF;
- if ((s->pcsr & PCSR_RLD) == 0) {
- if (s->pcsr & PCSR_OVW)
- ptimer_set_count(s->timer, value);
- } else {
- ptimer_set_limit(s->timer, value, s->pcsr & PCSR_OVW);
- }
- break;
- case 4:
- break;
- default:
- hw_error("m5208_timer_write: Bad offset 0x%x\n", (int)offset);
- break;
- }
- m5208_timer_update(s);
-}
-
-static void m5208_timer_trigger(void *opaque)
-{
- m5208_timer_state *s = (m5208_timer_state *)opaque;
- s->pcsr |= PCSR_PIF;
- m5208_timer_update(s);
-}
-
-static uint64_t m5208_timer_read(void *opaque, hwaddr addr,
- unsigned size)
-{
- m5208_timer_state *s = (m5208_timer_state *)opaque;
- switch (addr) {
- case 0:
- return s->pcsr;
- case 2:
- return s->pmr;
- case 4:
- return ptimer_get_count(s->timer);
- default:
- hw_error("m5208_timer_read: Bad offset 0x%x\n", (int)addr);
- return 0;
- }
-}
-
-static const MemoryRegionOps m5208_timer_ops = {
- .read = m5208_timer_read,
- .write = m5208_timer_write,
- .endianness = DEVICE_NATIVE_ENDIAN,
-};
-
-static uint64_t m5208_sys_read(void *opaque, hwaddr addr,
- unsigned size)
-{
- switch (addr) {
- case 0x110: /* SDCS0 */
- {
- int n;
- for (n = 0; n < 32; n++) {
- if (ram_size < (2u << n))
- break;
- }
- return (n - 1) | 0x40000000;
- }
- case 0x114: /* SDCS1 */
- return 0;
-
- default:
- hw_error("m5208_sys_read: Bad offset 0x%x\n", (int)addr);
- return 0;
- }
-}
-
-static void m5208_sys_write(void *opaque, hwaddr addr,
- uint64_t value, unsigned size)
-{
- hw_error("m5208_sys_write: Bad offset 0x%x\n", (int)addr);
-}
-
-static const MemoryRegionOps m5208_sys_ops = {
- .read = m5208_sys_read,
- .write = m5208_sys_write,
- .endianness = DEVICE_NATIVE_ENDIAN,
-};
-
-static void mcf5208_sys_init(MemoryRegion *address_space, qemu_irq *pic)
-{
- MemoryRegion *iomem = g_new(MemoryRegion, 1);
- m5208_timer_state *s;
- QEMUBH *bh;
- int i;
-
- /* SDRAMC. */
- memory_region_init_io(iomem, &m5208_sys_ops, NULL, "m5208-sys", 0x00004000);
- memory_region_add_subregion(address_space, 0xfc0a8000, iomem);
- /* Timers. */
- for (i = 0; i < 2; i++) {
- s = (m5208_timer_state *)g_malloc0(sizeof(m5208_timer_state));
- bh = qemu_bh_new(m5208_timer_trigger, s);
- s->timer = ptimer_init(bh);
- memory_region_init_io(&s->iomem, &m5208_timer_ops, s,
- "m5208-timer", 0x00004000);
- memory_region_add_subregion(address_space, 0xfc080000 + 0x4000 * i,
- &s->iomem);
- s->irq = pic[4 + i];
- }
-}
-
-static void mcf5208evb_init(QEMUMachineInitArgs *args)
-{
- ram_addr_t ram_size = args->ram_size;
- const char *cpu_model = args->cpu_model;
- const char *kernel_filename = args->kernel_filename;
- CPUM68KState *env;
- int kernel_size;
- uint64_t elf_entry;
- hwaddr entry;
- qemu_irq *pic;
- MemoryRegion *address_space_mem = get_system_memory();
- MemoryRegion *ram = g_new(MemoryRegion, 1);
- MemoryRegion *sram = g_new(MemoryRegion, 1);
-
- if (!cpu_model)
- cpu_model = "m5208";
- env = cpu_init(cpu_model);
- if (!env) {
- fprintf(stderr, "Unable to find m68k CPU definition\n");
- exit(1);
- }
-
- /* Initialize CPU registers. */
- env->vbr = 0;
- /* TODO: Configure BARs. */
-
- /* DRAM at 0x40000000 */
- memory_region_init_ram(ram, "mcf5208.ram", ram_size);
- vmstate_register_ram_global(ram);
- memory_region_add_subregion(address_space_mem, 0x40000000, ram);
-
- /* Internal SRAM. */
- memory_region_init_ram(sram, "mcf5208.sram", 16384);
- vmstate_register_ram_global(sram);
- memory_region_add_subregion(address_space_mem, 0x80000000, sram);
-
- /* Internal peripherals. */
- pic = mcf_intc_init(address_space_mem, 0xfc048000, env);
-
- mcf_uart_mm_init(address_space_mem, 0xfc060000, pic[26], serial_hds[0]);
- mcf_uart_mm_init(address_space_mem, 0xfc064000, pic[27], serial_hds[1]);
- mcf_uart_mm_init(address_space_mem, 0xfc068000, pic[28], serial_hds[2]);
-
- mcf5208_sys_init(address_space_mem, pic);
-
- if (nb_nics > 1) {
- fprintf(stderr, "Too many NICs\n");
- exit(1);
- }
- if (nd_table[0].used)
- mcf_fec_init(address_space_mem, &nd_table[0],
- 0xfc030000, pic + 36);
-
- /* 0xfc000000 SCM. */
- /* 0xfc004000 XBS. */
- /* 0xfc008000 FlexBus CS. */
- /* 0xfc030000 FEC. */
- /* 0xfc040000 SCM + Power management. */
- /* 0xfc044000 eDMA. */
- /* 0xfc048000 INTC. */
- /* 0xfc058000 I2C. */
- /* 0xfc05c000 QSPI. */
- /* 0xfc060000 UART0. */
- /* 0xfc064000 UART0. */
- /* 0xfc068000 UART0. */
- /* 0xfc070000 DMA timers. */
- /* 0xfc080000 PIT0. */
- /* 0xfc084000 PIT1. */
- /* 0xfc088000 EPORT. */
- /* 0xfc08c000 Watchdog. */
- /* 0xfc090000 clock module. */
- /* 0xfc0a0000 CCM + reset. */
- /* 0xfc0a4000 GPIO. */
- /* 0xfc0a8000 SDRAM controller. */
-
- /* Load kernel. */
- if (!kernel_filename) {
- fprintf(stderr, "Kernel image must be specified\n");
- exit(1);
- }
-
- kernel_size = load_elf(kernel_filename, NULL, NULL, &elf_entry,
- NULL, NULL, 1, ELF_MACHINE, 0);
- entry = elf_entry;
- if (kernel_size < 0) {
- kernel_size = load_uimage(kernel_filename, &entry, NULL, NULL);
- }
- if (kernel_size < 0) {
- kernel_size = load_image_targphys(kernel_filename, 0x40000000,
- ram_size);
- entry = 0x40000000;
- }
- if (kernel_size < 0) {
- fprintf(stderr, "qemu: could not load kernel '%s'\n", kernel_filename);
- exit(1);
- }
-
- env->pc = entry;
-}
-
-static QEMUMachine mcf5208evb_machine = {
- .name = "mcf5208evb",
- .desc = "MCF5206EVB",
- .init = mcf5208evb_init,
- .is_default = 1,
-};
-
-static void mcf5208evb_machine_init(void)
-{
- qemu_register_machine(&mcf5208evb_machine);
-}
-
-machine_init(mcf5208evb_machine_init);
diff --git a/hw/mcf_fec.c b/hw/mcf_fec.c
deleted file mode 100644
index 1ed193c5d..000000000
--- a/hw/mcf_fec.c
+++ /dev/null
@@ -1,480 +0,0 @@
-/*
- * ColdFire Fast Ethernet Controller emulation.
- *
- * Copyright (c) 2007 CodeSourcery.
- *
- * This code is licensed under the GPL
- */
-#include "hw.h"
-#include "net.h"
-#include "mcf.h"
-/* For crc32 */
-#include <zlib.h>
-#include "exec-memory.h"
-
-//#define DEBUG_FEC 1
-
-#ifdef DEBUG_FEC
-#define DPRINTF(fmt, ...) \
-do { printf("mcf_fec: " fmt , ## __VA_ARGS__); } while (0)
-#else
-#define DPRINTF(fmt, ...) do {} while(0)
-#endif
-
-#define FEC_MAX_FRAME_SIZE 2032
-
-typedef struct {
- MemoryRegion *sysmem;
- MemoryRegion iomem;
- qemu_irq *irq;
- NICState *nic;
- NICConf conf;
- uint32_t irq_state;
- uint32_t eir;
- uint32_t eimr;
- int rx_enabled;
- uint32_t rx_descriptor;
- uint32_t tx_descriptor;
- uint32_t ecr;
- uint32_t mmfr;
- uint32_t mscr;
- uint32_t rcr;
- uint32_t tcr;
- uint32_t tfwr;
- uint32_t rfsr;
- uint32_t erdsr;
- uint32_t etdsr;
- uint32_t emrbr;
-} mcf_fec_state;
-
-#define FEC_INT_HB 0x80000000
-#define FEC_INT_BABR 0x40000000
-#define FEC_INT_BABT 0x20000000
-#define FEC_INT_GRA 0x10000000
-#define FEC_INT_TXF 0x08000000
-#define FEC_INT_TXB 0x04000000
-#define FEC_INT_RXF 0x02000000
-#define FEC_INT_RXB 0x01000000
-#define FEC_INT_MII 0x00800000
-#define FEC_INT_EB 0x00400000
-#define FEC_INT_LC 0x00200000
-#define FEC_INT_RL 0x00100000
-#define FEC_INT_UN 0x00080000
-
-#define FEC_EN 2
-#define FEC_RESET 1
-
-/* Map interrupt flags onto IRQ lines. */
-#define FEC_NUM_IRQ 13
-static const uint32_t mcf_fec_irq_map[FEC_NUM_IRQ] = {
- FEC_INT_TXF,
- FEC_INT_TXB,
- FEC_INT_UN,
- FEC_INT_RL,
- FEC_INT_RXF,
- FEC_INT_RXB,
- FEC_INT_MII,
- FEC_INT_LC,
- FEC_INT_HB,
- FEC_INT_GRA,
- FEC_INT_EB,
- FEC_INT_BABT,
- FEC_INT_BABR
-};
-
-/* Buffer Descriptor. */
-typedef struct {
- uint16_t flags;
- uint16_t length;
- uint32_t data;
-} mcf_fec_bd;
-
-#define FEC_BD_R 0x8000
-#define FEC_BD_E 0x8000
-#define FEC_BD_O1 0x4000
-#define FEC_BD_W 0x2000
-#define FEC_BD_O2 0x1000
-#define FEC_BD_L 0x0800
-#define FEC_BD_TC 0x0400
-#define FEC_BD_ABC 0x0200
-#define FEC_BD_M 0x0100
-#define FEC_BD_BC 0x0080
-#define FEC_BD_MC 0x0040
-#define FEC_BD_LG 0x0020
-#define FEC_BD_NO 0x0010
-#define FEC_BD_CR 0x0004
-#define FEC_BD_OV 0x0002
-#define FEC_BD_TR 0x0001
-
-static void mcf_fec_read_bd(mcf_fec_bd *bd, uint32_t addr)
-{
- cpu_physical_memory_read(addr, (uint8_t *)bd, sizeof(*bd));
- be16_to_cpus(&bd->flags);
- be16_to_cpus(&bd->length);
- be32_to_cpus(&bd->data);
-}
-
-static void mcf_fec_write_bd(mcf_fec_bd *bd, uint32_t addr)
-{
- mcf_fec_bd tmp;
- tmp.flags = cpu_to_be16(bd->flags);
- tmp.length = cpu_to_be16(bd->length);
- tmp.data = cpu_to_be32(bd->data);
- cpu_physical_memory_write(addr, (uint8_t *)&tmp, sizeof(tmp));
-}
-
-static void mcf_fec_update(mcf_fec_state *s)
-{
- uint32_t active;
- uint32_t changed;
- uint32_t mask;
- int i;
-
- active = s->eir & s->eimr;
- changed = active ^s->irq_state;
- for (i = 0; i < FEC_NUM_IRQ; i++) {
- mask = mcf_fec_irq_map[i];
- if (changed & mask) {
- DPRINTF("IRQ %d = %d\n", i, (active & mask) != 0);
- qemu_set_irq(s->irq[i], (active & mask) != 0);
- }
- }
- s->irq_state = active;
-}
-
-static void mcf_fec_do_tx(mcf_fec_state *s)
-{
- uint32_t addr;
- mcf_fec_bd bd;
- int frame_size;
- int len;
- uint8_t frame[FEC_MAX_FRAME_SIZE];
- uint8_t *ptr;
-
- DPRINTF("do_tx\n");
- ptr = frame;
- frame_size = 0;
- addr = s->tx_descriptor;
- while (1) {
- mcf_fec_read_bd(&bd, addr);
- DPRINTF("tx_bd %x flags %04x len %d data %08x\n",
- addr, bd.flags, bd.length, bd.data);
- if ((bd.flags & FEC_BD_R) == 0) {
- /* Run out of descriptors to transmit. */
- break;
- }
- len = bd.length;
- if (frame_size + len > FEC_MAX_FRAME_SIZE) {
- len = FEC_MAX_FRAME_SIZE - frame_size;
- s->eir |= FEC_INT_BABT;
- }
- cpu_physical_memory_read(bd.data, ptr, len);
- ptr += len;
- frame_size += len;
- if (bd.flags & FEC_BD_L) {
- /* Last buffer in frame. */
- DPRINTF("Sending packet\n");
- qemu_send_packet(&s->nic->nc, frame, len);
- ptr = frame;
- frame_size = 0;
- s->eir |= FEC_INT_TXF;
- }
- s->eir |= FEC_INT_TXB;
- bd.flags &= ~FEC_BD_R;
- /* Write back the modified descriptor. */
- mcf_fec_write_bd(&bd, addr);
- /* Advance to the next descriptor. */
- if ((bd.flags & FEC_BD_W) != 0) {
- addr = s->etdsr;
- } else {
- addr += 8;
- }
- }
- s->tx_descriptor = addr;
-}
-
-static void mcf_fec_enable_rx(mcf_fec_state *s)
-{
- mcf_fec_bd bd;
-
- mcf_fec_read_bd(&bd, s->rx_descriptor);
- s->rx_enabled = ((bd.flags & FEC_BD_E) != 0);
- if (!s->rx_enabled)
- DPRINTF("RX buffer full\n");
-}
-
-static void mcf_fec_reset(mcf_fec_state *s)
-{
- s->eir = 0;
- s->eimr = 0;
- s->rx_enabled = 0;
- s->ecr = 0;
- s->mscr = 0;
- s->rcr = 0x05ee0001;
- s->tcr = 0;
- s->tfwr = 0;
- s->rfsr = 0x500;
-}
-
-static uint64_t mcf_fec_read(void *opaque, hwaddr addr,
- unsigned size)
-{
- mcf_fec_state *s = (mcf_fec_state *)opaque;
- switch (addr & 0x3ff) {
- case 0x004: return s->eir;
- case 0x008: return s->eimr;
- case 0x010: return s->rx_enabled ? (1 << 24) : 0; /* RDAR */
- case 0x014: return 0; /* TDAR */
- case 0x024: return s->ecr;
- case 0x040: return s->mmfr;
- case 0x044: return s->mscr;
- case 0x064: return 0; /* MIBC */
- case 0x084: return s->rcr;
- case 0x0c4: return s->tcr;
- case 0x0e4: /* PALR */
- return (s->conf.macaddr.a[0] << 24) | (s->conf.macaddr.a[1] << 16)
- | (s->conf.macaddr.a[2] << 8) | s->conf.macaddr.a[3];
- break;
- case 0x0e8: /* PAUR */
- return (s->conf.macaddr.a[4] << 24) | (s->conf.macaddr.a[5] << 16) | 0x8808;
- case 0x0ec: return 0x10000; /* OPD */
- case 0x118: return 0;
- case 0x11c: return 0;
- case 0x120: return 0;
- case 0x124: return 0;
- case 0x144: return s->tfwr;
- case 0x14c: return 0x600;
- case 0x150: return s->rfsr;
- case 0x180: return s->erdsr;
- case 0x184: return s->etdsr;
- case 0x188: return s->emrbr;
- default:
- hw_error("mcf_fec_read: Bad address 0x%x\n", (int)addr);
- return 0;
- }
-}
-
-static void mcf_fec_write(void *opaque, hwaddr addr,
- uint64_t value, unsigned size)
-{
- mcf_fec_state *s = (mcf_fec_state *)opaque;
- switch (addr & 0x3ff) {
- case 0x004:
- s->eir &= ~value;
- break;
- case 0x008:
- s->eimr = value;
- break;
- case 0x010: /* RDAR */
- if ((s->ecr & FEC_EN) && !s->rx_enabled) {
- DPRINTF("RX enable\n");
- mcf_fec_enable_rx(s);
- }
- break;
- case 0x014: /* TDAR */
- if (s->ecr & FEC_EN) {
- mcf_fec_do_tx(s);
- }
- break;
- case 0x024:
- s->ecr = value;
- if (value & FEC_RESET) {
- DPRINTF("Reset\n");
- mcf_fec_reset(s);
- }
- if ((s->ecr & FEC_EN) == 0) {
- s->rx_enabled = 0;
- }
- break;
- case 0x040:
- /* TODO: Implement MII. */
- s->mmfr = value;
- break;
- case 0x044:
- s->mscr = value & 0xfe;
- break;
- case 0x064:
- /* TODO: Implement MIB. */
- break;
- case 0x084:
- s->rcr = value & 0x07ff003f;
- /* TODO: Implement LOOP mode. */
- break;
- case 0x0c4: /* TCR */
- /* We transmit immediately, so raise GRA immediately. */
- s->tcr = value;
- if (value & 1)
- s->eir |= FEC_INT_GRA;
- break;
- case 0x0e4: /* PALR */
- s->conf.macaddr.a[0] = value >> 24;
- s->conf.macaddr.a[1] = value >> 16;
- s->conf.macaddr.a[2] = value >> 8;
- s->conf.macaddr.a[3] = value;
- break;
- case 0x0e8: /* PAUR */
- s->conf.macaddr.a[4] = value >> 24;
- s->conf.macaddr.a[5] = value >> 16;
- break;
- case 0x0ec:
- /* OPD */
- break;
- case 0x118:
- case 0x11c:
- case 0x120:
- case 0x124:
- /* TODO: implement MAC hash filtering. */
- break;
- case 0x144:
- s->tfwr = value & 3;
- break;
- case 0x14c:
- /* FRBR writes ignored. */
- break;
- case 0x150:
- s->rfsr = (value & 0x3fc) | 0x400;
- break;
- case 0x180:
- s->erdsr = value & ~3;
- s->rx_descriptor = s->erdsr;
- break;
- case 0x184:
- s->etdsr = value & ~3;
- s->tx_descriptor = s->etdsr;
- break;
- case 0x188:
- s->emrbr = value & 0x7f0;
- break;
- default:
- hw_error("mcf_fec_write Bad address 0x%x\n", (int)addr);
- }
- mcf_fec_update(s);
-}
-
-static int mcf_fec_can_receive(NetClientState *nc)
-{
- mcf_fec_state *s = DO_UPCAST(NICState, nc, nc)->opaque;
- return s->rx_enabled;
-}
-
-static ssize_t mcf_fec_receive(NetClientState *nc, const uint8_t *buf, size_t size)
-{
- mcf_fec_state *s = DO_UPCAST(NICState, nc, nc)->opaque;
- mcf_fec_bd bd;
- uint32_t flags = 0;
- uint32_t addr;
- uint32_t crc;
- uint32_t buf_addr;
- uint8_t *crc_ptr;
- unsigned int buf_len;
-
- DPRINTF("do_rx len %d\n", size);
- if (!s->rx_enabled) {
- fprintf(stderr, "mcf_fec_receive: Unexpected packet\n");
- }
- /* 4 bytes for the CRC. */
- size += 4;
- crc = cpu_to_be32(crc32(~0, buf, size));
- crc_ptr = (uint8_t *)&crc;
- /* Huge frames are truncted. */
- if (size > FEC_MAX_FRAME_SIZE) {
- size = FEC_MAX_FRAME_SIZE;
- flags |= FEC_BD_TR | FEC_BD_LG;
- }
- /* Frames larger than the user limit just set error flags. */
- if (size > (s->rcr >> 16)) {
- flags |= FEC_BD_LG;
- }
- addr = s->rx_descriptor;
- while (size > 0) {
- mcf_fec_read_bd(&bd, addr);
- if ((bd.flags & FEC_BD_E) == 0) {
- /* No descriptors available. Bail out. */
- /* FIXME: This is wrong. We should probably either save the
- remainder for when more RX buffers are available, or
- flag an error. */
- fprintf(stderr, "mcf_fec: Lost end of frame\n");
- break;
- }
- buf_len = (size <= s->emrbr) ? size: s->emrbr;
- bd.length = buf_len;
- size -= buf_len;
- DPRINTF("rx_bd %x length %d\n", addr, bd.length);
- /* The last 4 bytes are the CRC. */
- if (size < 4)
- buf_len += size - 4;
- buf_addr = bd.data;
- cpu_physical_memory_write(buf_addr, buf, buf_len);
- buf += buf_len;
- if (size < 4) {
- cpu_physical_memory_write(buf_addr + buf_len, crc_ptr, 4 - size);
- crc_ptr += 4 - size;
- }
- bd.flags &= ~FEC_BD_E;
- if (size == 0) {
- /* Last buffer in frame. */
- bd.flags |= flags | FEC_BD_L;
- DPRINTF("rx frame flags %04x\n", bd.flags);
- s->eir |= FEC_INT_RXF;
- } else {
- s->eir |= FEC_INT_RXB;
- }
- mcf_fec_write_bd(&bd, addr);
- /* Advance to the next descriptor. */
- if ((bd.flags & FEC_BD_W) != 0) {
- addr = s->erdsr;
- } else {
- addr += 8;
- }
- }
- s->rx_descriptor = addr;
- mcf_fec_enable_rx(s);
- mcf_fec_update(s);
- return size;
-}
-
-static const MemoryRegionOps mcf_fec_ops = {
- .read = mcf_fec_read,
- .write = mcf_fec_write,
- .endianness = DEVICE_NATIVE_ENDIAN,
-};
-
-static void mcf_fec_cleanup(NetClientState *nc)
-{
- mcf_fec_state *s = DO_UPCAST(NICState, nc, nc)->opaque;
-
- memory_region_del_subregion(s->sysmem, &s->iomem);
- memory_region_destroy(&s->iomem);
-
- g_free(s);
-}
-
-static NetClientInfo net_mcf_fec_info = {
- .type = NET_CLIENT_OPTIONS_KIND_NIC,
- .size = sizeof(NICState),
- .can_receive = mcf_fec_can_receive,
- .receive = mcf_fec_receive,
- .cleanup = mcf_fec_cleanup,
-};
-
-void mcf_fec_init(MemoryRegion *sysmem, NICInfo *nd,
- hwaddr base, qemu_irq *irq)
-{
- mcf_fec_state *s;
-
- qemu_check_nic_model(nd, "mcf_fec");
-
- s = (mcf_fec_state *)g_malloc0(sizeof(mcf_fec_state));
- s->sysmem = sysmem;
- s->irq = irq;
-
- memory_region_init_io(&s->iomem, &mcf_fec_ops, s, "fec", 0x400);
- memory_region_add_subregion(sysmem, base, &s->iomem);
-
- s->conf.macaddr = nd->macaddr;
- s->conf.peer = nd->netdev;
-
- s->nic = qemu_new_nic(&net_mcf_fec_info, &s->conf, nd->model, nd->name, s);
-
- qemu_format_nic_info_str(&s->nic->nc, s->conf.macaddr.a);
-}
diff --git a/hw/mcf_intc.c b/hw/mcf_intc.c
deleted file mode 100644
index 6ef6dac93..000000000
--- a/hw/mcf_intc.c
+++ /dev/null
@@ -1,154 +0,0 @@
-/*
- * ColdFire Interrupt Controller emulation.
- *
- * Copyright (c) 2007 CodeSourcery.
- *
- * This code is licensed under the GPL
- */
-#include "hw.h"
-#include "mcf.h"
-#include "exec-memory.h"
-
-typedef struct {
- MemoryRegion iomem;
- uint64_t ipr;
- uint64_t imr;
- uint64_t ifr;
- uint64_t enabled;
- uint8_t icr[64];
- CPUM68KState *env;
- int active_vector;
-} mcf_intc_state;
-
-static void mcf_intc_update(mcf_intc_state *s)
-{
- uint64_t active;
- int i;
- int best;
- int best_level;
-
- active = (s->ipr | s->ifr) & s->enabled & ~s->imr;
- best_level = 0;
- best = 64;
- if (active) {
- for (i = 0; i < 64; i++) {
- if ((active & 1) != 0 && s->icr[i] >= best_level) {
- best_level = s->icr[i];
- best = i;
- }
- active >>= 1;
- }
- }
- s->active_vector = ((best == 64) ? 24 : (best + 64));
- m68k_set_irq_level(s->env, best_level, s->active_vector);
-}
-
-static uint64_t mcf_intc_read(void *opaque, hwaddr addr,
- unsigned size)
-{
- int offset;
- mcf_intc_state *s = (mcf_intc_state *)opaque;
- offset = addr & 0xff;
- if (offset >= 0x40 && offset < 0x80) {
- return s->icr[offset - 0x40];
- }
- switch (offset) {
- case 0x00:
- return (uint32_t)(s->ipr >> 32);
- case 0x04:
- return (uint32_t)s->ipr;
- case 0x08:
- return (uint32_t)(s->imr >> 32);
- case 0x0c:
- return (uint32_t)s->imr;
- case 0x10:
- return (uint32_t)(s->ifr >> 32);
- case 0x14:
- return (uint32_t)s->ifr;
- case 0xe0: /* SWIACK. */
- return s->active_vector;
- case 0xe1: case 0xe2: case 0xe3: case 0xe4:
- case 0xe5: case 0xe6: case 0xe7:
- /* LnIACK */
- hw_error("mcf_intc_read: LnIACK not implemented\n");
- default:
- return 0;
- }
-}
-
-static void mcf_intc_write(void *opaque, hwaddr addr,
- uint64_t val, unsigned size)
-{
- int offset;
- mcf_intc_state *s = (mcf_intc_state *)opaque;
- offset = addr & 0xff;
- if (offset >= 0x40 && offset < 0x80) {
- int n = offset - 0x40;
- s->icr[n] = val;
- if (val == 0)
- s->enabled &= ~(1ull << n);
- else
- s->enabled |= (1ull << n);
- mcf_intc_update(s);
- return;
- }
- switch (offset) {
- case 0x00: case 0x04:
- /* Ignore IPR writes. */
- return;
- case 0x08:
- s->imr = (s->imr & 0xffffffff) | ((uint64_t)val << 32);
- break;
- case 0x0c:
- s->imr = (s->imr & 0xffffffff00000000ull) | (uint32_t)val;
- break;
- default:
- hw_error("mcf_intc_write: Bad write offset %d\n", offset);
- break;
- }
- mcf_intc_update(s);
-}
-
-static void mcf_intc_set_irq(void *opaque, int irq, int level)
-{
- mcf_intc_state *s = (mcf_intc_state *)opaque;
- if (irq >= 64)
- return;
- if (level)
- s->ipr |= 1ull << irq;
- else
- s->ipr &= ~(1ull << irq);
- mcf_intc_update(s);
-}
-
-static void mcf_intc_reset(mcf_intc_state *s)
-{
- s->imr = ~0ull;
- s->ipr = 0;
- s->ifr = 0;
- s->enabled = 0;
- memset(s->icr, 0, 64);
- s->active_vector = 24;
-}
-
-static const MemoryRegionOps mcf_intc_ops = {
- .read = mcf_intc_read,
- .write = mcf_intc_write,
- .endianness = DEVICE_NATIVE_ENDIAN,
-};
-
-qemu_irq *mcf_intc_init(MemoryRegion *sysmem,
- hwaddr base,
- CPUM68KState *env)
-{
- mcf_intc_state *s;
-
- s = g_malloc0(sizeof(mcf_intc_state));
- s->env = env;
- mcf_intc_reset(s);
-
- memory_region_init_io(&s->iomem, &mcf_intc_ops, s, "mcf", 0x100);
- memory_region_add_subregion(sysmem, base, &s->iomem);
-
- return qemu_allocate_irqs(mcf_intc_set_irq, s, 64);
-}
diff --git a/hw/mcf_uart.c b/hw/mcf_uart.c
deleted file mode 100644
index d1655f8f2..000000000
--- a/hw/mcf_uart.c
+++ /dev/null
@@ -1,306 +0,0 @@
-/*
- * ColdFire UART emulation.
- *
- * Copyright (c) 2007 CodeSourcery.
- *
- * This code is licensed under the GPL
- */
-#include "hw.h"
-#include "mcf.h"
-#include "qemu-char.h"
-#include "exec-memory.h"
-
-typedef struct {
- MemoryRegion iomem;
- uint8_t mr[2];
- uint8_t sr;
- uint8_t isr;
- uint8_t imr;
- uint8_t bg1;
- uint8_t bg2;
- uint8_t fifo[4];
- uint8_t tb;
- int current_mr;
- int fifo_len;
- int tx_enabled;
- int rx_enabled;
- qemu_irq irq;
- CharDriverState *chr;
-} mcf_uart_state;
-
-/* UART Status Register bits. */
-#define MCF_UART_RxRDY 0x01
-#define MCF_UART_FFULL 0x02
-#define MCF_UART_TxRDY 0x04
-#define MCF_UART_TxEMP 0x08
-#define MCF_UART_OE 0x10
-#define MCF_UART_PE 0x20
-#define MCF_UART_FE 0x40
-#define MCF_UART_RB 0x80
-
-/* Interrupt flags. */
-#define MCF_UART_TxINT 0x01
-#define MCF_UART_RxINT 0x02
-#define MCF_UART_DBINT 0x04
-#define MCF_UART_COSINT 0x80
-
-/* UMR1 flags. */
-#define MCF_UART_BC0 0x01
-#define MCF_UART_BC1 0x02
-#define MCF_UART_PT 0x04
-#define MCF_UART_PM0 0x08
-#define MCF_UART_PM1 0x10
-#define MCF_UART_ERR 0x20
-#define MCF_UART_RxIRQ 0x40
-#define MCF_UART_RxRTS 0x80
-
-static void mcf_uart_update(mcf_uart_state *s)
-{
- s->isr &= ~(MCF_UART_TxINT | MCF_UART_RxINT);
- if (s->sr & MCF_UART_TxRDY)
- s->isr |= MCF_UART_TxINT;
- if ((s->sr & ((s->mr[0] & MCF_UART_RxIRQ)
- ? MCF_UART_FFULL : MCF_UART_RxRDY)) != 0)
- s->isr |= MCF_UART_RxINT;
-
- qemu_set_irq(s->irq, (s->isr & s->imr) != 0);
-}
-
-uint64_t mcf_uart_read(void *opaque, hwaddr addr,
- unsigned size)
-{
- mcf_uart_state *s = (mcf_uart_state *)opaque;
- switch (addr & 0x3f) {
- case 0x00:
- return s->mr[s->current_mr];
- case 0x04:
- return s->sr;
- case 0x0c:
- {
- uint8_t val;
- int i;
-
- if (s->fifo_len == 0)
- return 0;
-
- val = s->fifo[0];
- s->fifo_len--;
- for (i = 0; i < s->fifo_len; i++)
- s->fifo[i] = s->fifo[i + 1];
- s->sr &= ~MCF_UART_FFULL;
- if (s->fifo_len == 0)
- s->sr &= ~MCF_UART_RxRDY;
- mcf_uart_update(s);
- qemu_chr_accept_input(s->chr);
- return val;
- }
- case 0x10:
- /* TODO: Implement IPCR. */
- return 0;
- case 0x14:
- return s->isr;
- case 0x18:
- return s->bg1;
- case 0x1c:
- return s->bg2;
- default:
- return 0;
- }
-}
-
-/* Update TxRDY flag and set data if present and enabled. */
-static void mcf_uart_do_tx(mcf_uart_state *s)
-{
- if (s->tx_enabled && (s->sr & MCF_UART_TxEMP) == 0) {
- if (s->chr)
- qemu_chr_fe_write(s->chr, (unsigned char *)&s->tb, 1);
- s->sr |= MCF_UART_TxEMP;
- }
- if (s->tx_enabled) {
- s->sr |= MCF_UART_TxRDY;
- } else {
- s->sr &= ~MCF_UART_TxRDY;
- }
-}
-
-static void mcf_do_command(mcf_uart_state *s, uint8_t cmd)
-{
- /* Misc command. */
- switch ((cmd >> 4) & 3) {
- case 0: /* No-op. */
- break;
- case 1: /* Reset mode register pointer. */
- s->current_mr = 0;
- break;
- case 2: /* Reset receiver. */
- s->rx_enabled = 0;
- s->fifo_len = 0;
- s->sr &= ~(MCF_UART_RxRDY | MCF_UART_FFULL);
- break;
- case 3: /* Reset transmitter. */
- s->tx_enabled = 0;
- s->sr |= MCF_UART_TxEMP;
- s->sr &= ~MCF_UART_TxRDY;
- break;
- case 4: /* Reset error status. */
- break;
- case 5: /* Reset break-change interrupt. */
- s->isr &= ~MCF_UART_DBINT;
- break;
- case 6: /* Start break. */
- case 7: /* Stop break. */
- break;
- }
-
- /* Transmitter command. */
- switch ((cmd >> 2) & 3) {
- case 0: /* No-op. */
- break;
- case 1: /* Enable. */
- s->tx_enabled = 1;
- mcf_uart_do_tx(s);
- break;
- case 2: /* Disable. */
- s->tx_enabled = 0;
- mcf_uart_do_tx(s);
- break;
- case 3: /* Reserved. */
- fprintf(stderr, "mcf_uart: Bad TX command\n");
- break;
- }
-
- /* Receiver command. */
- switch (cmd & 3) {
- case 0: /* No-op. */
- break;
- case 1: /* Enable. */
- s->rx_enabled = 1;
- break;
- case 2:
- s->rx_enabled = 0;
- break;
- case 3: /* Reserved. */
- fprintf(stderr, "mcf_uart: Bad RX command\n");
- break;
- }
-}
-
-void mcf_uart_write(void *opaque, hwaddr addr,
- uint64_t val, unsigned size)
-{
- mcf_uart_state *s = (mcf_uart_state *)opaque;
- switch (addr & 0x3f) {
- case 0x00:
- s->mr[s->current_mr] = val;
- s->current_mr = 1;
- break;
- case 0x04:
- /* CSR is ignored. */
- break;
- case 0x08: /* Command Register. */
- mcf_do_command(s, val);
- break;
- case 0x0c: /* Transmit Buffer. */
- s->sr &= ~MCF_UART_TxEMP;
- s->tb = val;
- mcf_uart_do_tx(s);
- break;
- case 0x10:
- /* ACR is ignored. */
- break;
- case 0x14:
- s->imr = val;
- break;
- default:
- break;
- }
- mcf_uart_update(s);
-}
-
-static void mcf_uart_reset(mcf_uart_state *s)
-{
- s->fifo_len = 0;
- s->mr[0] = 0;
- s->mr[1] = 0;
- s->sr = MCF_UART_TxEMP;
- s->tx_enabled = 0;
- s->rx_enabled = 0;
- s->isr = 0;
- s->imr = 0;
-}
-
-static void mcf_uart_push_byte(mcf_uart_state *s, uint8_t data)
-{
- /* Break events overwrite the last byte if the fifo is full. */
- if (s->fifo_len == 4)
- s->fifo_len--;
-
- s->fifo[s->fifo_len] = data;
- s->fifo_len++;
- s->sr |= MCF_UART_RxRDY;
- if (s->fifo_len == 4)
- s->sr |= MCF_UART_FFULL;
-
- mcf_uart_update(s);
-}
-
-static void mcf_uart_event(void *opaque, int event)
-{
- mcf_uart_state *s = (mcf_uart_state *)opaque;
-
- switch (event) {
- case CHR_EVENT_BREAK:
- s->isr |= MCF_UART_DBINT;
- mcf_uart_push_byte(s, 0);
- break;
- default:
- break;
- }
-}
-
-static int mcf_uart_can_receive(void *opaque)
-{
- mcf_uart_state *s = (mcf_uart_state *)opaque;
-
- return s->rx_enabled && (s->sr & MCF_UART_FFULL) == 0;
-}
-
-static void mcf_uart_receive(void *opaque, const uint8_t *buf, int size)
-{
- mcf_uart_state *s = (mcf_uart_state *)opaque;
-
- mcf_uart_push_byte(s, buf[0]);
-}
-
-void *mcf_uart_init(qemu_irq irq, CharDriverState *chr)
-{
- mcf_uart_state *s;
-
- s = g_malloc0(sizeof(mcf_uart_state));
- s->chr = chr;
- s->irq = irq;
- if (chr) {
- qemu_chr_add_handlers(chr, mcf_uart_can_receive, mcf_uart_receive,
- mcf_uart_event, s);
- }
- mcf_uart_reset(s);
- return s;
-}
-
-static const MemoryRegionOps mcf_uart_ops = {
- .read = mcf_uart_read,
- .write = mcf_uart_write,
- .endianness = DEVICE_NATIVE_ENDIAN,
-};
-
-void mcf_uart_mm_init(MemoryRegion *sysmem,
- hwaddr base,
- qemu_irq irq,
- CharDriverState *chr)
-{
- mcf_uart_state *s;
-
- s = mcf_uart_init(irq, chr);
- memory_region_init_io(&s->iomem, &mcf_uart_ops, s, "uart", 0x40);
- memory_region_add_subregion(sysmem, base, &s->iomem);
-}
diff --git a/hw/megasas.c b/hw/megasas.c
deleted file mode 100644
index 61b652792..000000000
--- a/hw/megasas.c
+++ /dev/null
@@ -1,2213 +0,0 @@
-/*
- * QEMU MegaRAID SAS 8708EM2 Host Bus Adapter emulation
- * Based on the linux driver code at drivers/scsi/megaraid
- *
- * Copyright (c) 2009-2012 Hannes Reinecke, SUSE Labs
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, see <http://www.gnu.org/licenses/>.
- */
-
-#include "hw.h"
-#include "pci.h"
-#include "dma.h"
-#include "msix.h"
-#include "iov.h"
-#include "scsi.h"
-#include "scsi-defs.h"
-#include "trace.h"
-
-#include "mfi.h"
-
-#define MEGASAS_VERSION "1.70"
-#define MEGASAS_MAX_FRAMES 2048 /* Firmware limit at 65535 */
-#define MEGASAS_DEFAULT_FRAMES 1000 /* Windows requires this */
-#define MEGASAS_MAX_SGE 128 /* Firmware limit */
-#define MEGASAS_DEFAULT_SGE 80
-#define MEGASAS_MAX_SECTORS 0xFFFF /* No real limit */
-#define MEGASAS_MAX_ARRAYS 128
-
-#define MEGASAS_HBA_SERIAL "QEMU123456"
-#define NAA_LOCALLY_ASSIGNED_ID 0x3ULL
-#define IEEE_COMPANY_LOCALLY_ASSIGNED 0x525400
-
-#define MEGASAS_FLAG_USE_JBOD 0
-#define MEGASAS_MASK_USE_JBOD (1 << MEGASAS_FLAG_USE_JBOD)
-#define MEGASAS_FLAG_USE_MSIX 1
-#define MEGASAS_MASK_USE_MSIX (1 << MEGASAS_FLAG_USE_MSIX)
-#define MEGASAS_FLAG_USE_QUEUE64 2
-#define MEGASAS_MASK_USE_QUEUE64 (1 << MEGASAS_FLAG_USE_QUEUE64)
-
-static const char *mfi_frame_desc[] = {
- "MFI init", "LD Read", "LD Write", "LD SCSI", "PD SCSI",
- "MFI Doorbell", "MFI Abort", "MFI SMP", "MFI Stop"};
-
-typedef struct MegasasCmd {
- uint32_t index;
- uint16_t flags;
- uint16_t count;
- uint64_t context;
-
- hwaddr pa;
- hwaddr pa_size;
- union mfi_frame *frame;
- SCSIRequest *req;
- QEMUSGList qsg;
- void *iov_buf;
- size_t iov_size;
- size_t iov_offset;
- struct MegasasState *state;
-} MegasasCmd;
-
-typedef struct MegasasState {
- PCIDevice dev;
- MemoryRegion mmio_io;
- MemoryRegion port_io;
- MemoryRegion queue_io;
- uint32_t frame_hi;
-
- int fw_state;
- uint32_t fw_sge;
- uint32_t fw_cmds;
- uint32_t flags;
- int fw_luns;
- int intr_mask;
- int doorbell;
- int busy;
-
- MegasasCmd *event_cmd;
- int event_locale;
- int event_class;
- int event_count;
- int shutdown_event;
- int boot_event;
-
- uint64_t sas_addr;
- char *hba_serial;
-
- uint64_t reply_queue_pa;
- void *reply_queue;
- int reply_queue_len;
- int reply_queue_head;
- int reply_queue_tail;
- uint64_t consumer_pa;
- uint64_t producer_pa;
-
- MegasasCmd frames[MEGASAS_MAX_FRAMES];
-
- SCSIBus bus;
-} MegasasState;
-
-#define MEGASAS_INTR_DISABLED_MASK 0xFFFFFFFF
-
-static bool megasas_intr_enabled(MegasasState *s)
-{
- if ((s->intr_mask & MEGASAS_INTR_DISABLED_MASK) !=
- MEGASAS_INTR_DISABLED_MASK) {
- return true;
- }
- return false;
-}
-
-static bool megasas_use_queue64(MegasasState *s)
-{
- return s->flags & MEGASAS_MASK_USE_QUEUE64;
-}
-
-static bool megasas_use_msix(MegasasState *s)
-{
- return s->flags & MEGASAS_MASK_USE_MSIX;
-}
-
-static bool megasas_is_jbod(MegasasState *s)
-{
- return s->flags & MEGASAS_MASK_USE_JBOD;
-}
-
-static void megasas_frame_set_cmd_status(unsigned long frame, uint8_t v)
-{
- stb_phys(frame + offsetof(struct mfi_frame_header, cmd_status), v);
-}
-
-static void megasas_frame_set_scsi_status(unsigned long frame, uint8_t v)
-{
- stb_phys(frame + offsetof(struct mfi_frame_header, scsi_status), v);
-}
-
-/*
- * Context is considered opaque, but the HBA firmware is running
- * in little endian mode. So convert it to little endian, too.
- */
-static uint64_t megasas_frame_get_context(unsigned long frame)
-{
- return ldq_le_phys(frame + offsetof(struct mfi_frame_header, context));
-}
-
-static bool megasas_frame_is_ieee_sgl(MegasasCmd *cmd)
-{
- return cmd->flags & MFI_FRAME_IEEE_SGL;
-}
-
-static bool megasas_frame_is_sgl64(MegasasCmd *cmd)
-{
- return cmd->flags & MFI_FRAME_SGL64;
-}
-
-static bool megasas_frame_is_sense64(MegasasCmd *cmd)
-{
- return cmd->flags & MFI_FRAME_SENSE64;
-}
-
-static uint64_t megasas_sgl_get_addr(MegasasCmd *cmd,
- union mfi_sgl *sgl)
-{
- uint64_t addr;
-
- if (megasas_frame_is_ieee_sgl(cmd)) {
- addr = le64_to_cpu(sgl->sg_skinny->addr);
- } else if (megasas_frame_is_sgl64(cmd)) {
- addr = le64_to_cpu(sgl->sg64->addr);
- } else {
- addr = le32_to_cpu(sgl->sg32->addr);
- }
- return addr;
-}
-
-static uint32_t megasas_sgl_get_len(MegasasCmd *cmd,
- union mfi_sgl *sgl)
-{
- uint32_t len;
-
- if (megasas_frame_is_ieee_sgl(cmd)) {
- len = le32_to_cpu(sgl->sg_skinny->len);
- } else if (megasas_frame_is_sgl64(cmd)) {
- len = le32_to_cpu(sgl->sg64->len);
- } else {
- len = le32_to_cpu(sgl->sg32->len);
- }
- return len;
-}
-
-static union mfi_sgl *megasas_sgl_next(MegasasCmd *cmd,
- union mfi_sgl *sgl)
-{
- uint8_t *next = (uint8_t *)sgl;
-
- if (megasas_frame_is_ieee_sgl(cmd)) {
- next += sizeof(struct mfi_sg_skinny);
- } else if (megasas_frame_is_sgl64(cmd)) {
- next += sizeof(struct mfi_sg64);
- } else {
- next += sizeof(struct mfi_sg32);
- }
-
- if (next >= (uint8_t *)cmd->frame + cmd->pa_size) {
- return NULL;
- }
- return (union mfi_sgl *)next;
-}
-
-static void megasas_soft_reset(MegasasState *s);
-
-static int megasas_map_sgl(MegasasState *s, MegasasCmd *cmd, union mfi_sgl *sgl)
-{
- int i;
- int iov_count = 0;
- size_t iov_size = 0;
-
- cmd->flags = le16_to_cpu(cmd->frame->header.flags);
- iov_count = cmd->frame->header.sge_count;
- if (iov_count > MEGASAS_MAX_SGE) {
- trace_megasas_iovec_sgl_overflow(cmd->index, iov_count,
- MEGASAS_MAX_SGE);
- return iov_count;
- }
- qemu_sglist_init(&cmd->qsg, iov_count, pci_dma_context(&s->dev));
- for (i = 0; i < iov_count; i++) {
- dma_addr_t iov_pa, iov_size_p;
-
- if (!sgl) {
- trace_megasas_iovec_sgl_underflow(cmd->index, i);
- goto unmap;
- }
- iov_pa = megasas_sgl_get_addr(cmd, sgl);
- iov_size_p = megasas_sgl_get_len(cmd, sgl);
- if (!iov_pa || !iov_size_p) {
- trace_megasas_iovec_sgl_invalid(cmd->index, i,
- iov_pa, iov_size_p);
- goto unmap;
- }
- qemu_sglist_add(&cmd->qsg, iov_pa, iov_size_p);
- sgl = megasas_sgl_next(cmd, sgl);
- iov_size += (size_t)iov_size_p;
- }
- if (cmd->iov_size > iov_size) {
- trace_megasas_iovec_overflow(cmd->index, iov_size, cmd->iov_size);
- } else if (cmd->iov_size < iov_size) {
- trace_megasas_iovec_underflow(cmd->iov_size, iov_size, cmd->iov_size);
- }
- cmd->iov_offset = 0;
- return 0;
-unmap:
- qemu_sglist_destroy(&cmd->qsg);
- return iov_count - i;
-}
-
-static void megasas_unmap_sgl(MegasasCmd *cmd)
-{
- qemu_sglist_destroy(&cmd->qsg);
- cmd->iov_offset = 0;
-}
-
-/*
- * passthrough sense and io sense are at the same offset
- */
-static int megasas_build_sense(MegasasCmd *cmd, uint8_t *sense_ptr,
- uint8_t sense_len)
-{
- uint32_t pa_hi = 0, pa_lo;
- hwaddr pa;
-
- if (sense_len > cmd->frame->header.sense_len) {
- sense_len = cmd->frame->header.sense_len;
- }
- if (sense_len) {
- pa_lo = le32_to_cpu(cmd->frame->pass.sense_addr_lo);
- if (megasas_frame_is_sense64(cmd)) {
- pa_hi = le32_to_cpu(cmd->frame->pass.sense_addr_hi);
- }
- pa = ((uint64_t) pa_hi << 32) | pa_lo;
- cpu_physical_memory_write(pa, sense_ptr, sense_len);
- cmd->frame->header.sense_len = sense_len;
- }
- return sense_len;
-}
-
-static void megasas_write_sense(MegasasCmd *cmd, SCSISense sense)
-{
- uint8_t sense_buf[SCSI_SENSE_BUF_SIZE];
- uint8_t sense_len = 18;
-
- memset(sense_buf, 0, sense_len);
- sense_buf[0] = 0xf0;
- sense_buf[2] = sense.key;
- sense_buf[7] = 10;
- sense_buf[12] = sense.asc;
- sense_buf[13] = sense.ascq;
- megasas_build_sense(cmd, sense_buf, sense_len);
-}
-
-static void megasas_copy_sense(MegasasCmd *cmd)
-{
- uint8_t sense_buf[SCSI_SENSE_BUF_SIZE];
- uint8_t sense_len;
-
- sense_len = scsi_req_get_sense(cmd->req, sense_buf,
- SCSI_SENSE_BUF_SIZE);
- megasas_build_sense(cmd, sense_buf, sense_len);
-}
-
-/*
- * Format an INQUIRY CDB
- */
-static int megasas_setup_inquiry(uint8_t *cdb, int pg, int len)
-{
- memset(cdb, 0, 6);
- cdb[0] = INQUIRY;
- if (pg > 0) {
- cdb[1] = 0x1;
- cdb[2] = pg;
- }
- cdb[3] = (len >> 8) & 0xff;
- cdb[4] = (len & 0xff);
- return len;
-}
-
-/*
- * Encode lba and len into a READ_16/WRITE_16 CDB
- */
-static void megasas_encode_lba(uint8_t *cdb, uint64_t lba,
- uint32_t len, bool is_write)
-{
- memset(cdb, 0x0, 16);
- if (is_write) {
- cdb[0] = WRITE_16;
- } else {
- cdb[0] = READ_16;
- }
- cdb[2] = (lba >> 56) & 0xff;
- cdb[3] = (lba >> 48) & 0xff;
- cdb[4] = (lba >> 40) & 0xff;
- cdb[5] = (lba >> 32) & 0xff;
- cdb[6] = (lba >> 24) & 0xff;
- cdb[7] = (lba >> 16) & 0xff;
- cdb[8] = (lba >> 8) & 0xff;
- cdb[9] = (lba) & 0xff;
- cdb[10] = (len >> 24) & 0xff;
- cdb[11] = (len >> 16) & 0xff;
- cdb[12] = (len >> 8) & 0xff;
- cdb[13] = (len) & 0xff;
-}
-
-/*
- * Utility functions
- */
-static uint64_t megasas_fw_time(void)
-{
- struct tm curtime;
- uint64_t bcd_time;
-
- qemu_get_timedate(&curtime, 0);
- bcd_time = ((uint64_t)curtime.tm_sec & 0xff) << 48 |
- ((uint64_t)curtime.tm_min & 0xff) << 40 |
- ((uint64_t)curtime.tm_hour & 0xff) << 32 |
- ((uint64_t)curtime.tm_mday & 0xff) << 24 |
- ((uint64_t)curtime.tm_mon & 0xff) << 16 |
- ((uint64_t)(curtime.tm_year + 1900) & 0xffff);
-
- return bcd_time;
-}
-
-/*
- * Default disk sata address
- * 0x1221 is the magic number as
- * present in real hardware,
- * so use it here, too.
- */
-static uint64_t megasas_get_sata_addr(uint16_t id)
-{
- uint64_t addr = (0x1221ULL << 48);
- return addr & (id << 24);
-}
-
-/*
- * Frame handling
- */
-static int megasas_next_index(MegasasState *s, int index, int limit)
-{
- index++;
- if (index == limit) {
- index = 0;
- }
- return index;
-}
-
-static MegasasCmd *megasas_lookup_frame(MegasasState *s,
- hwaddr frame)
-{
- MegasasCmd *cmd = NULL;
- int num = 0, index;
-
- index = s->reply_queue_head;
-
- while (num < s->fw_cmds) {
- if (s->frames[index].pa && s->frames[index].pa == frame) {
- cmd = &s->frames[index];
- break;
- }
- index = megasas_next_index(s, index, s->fw_cmds);
- num++;
- }
-
- return cmd;
-}
-
-static MegasasCmd *megasas_next_frame(MegasasState *s,
- hwaddr frame)
-{
- MegasasCmd *cmd = NULL;
- int num = 0, index;
-
- cmd = megasas_lookup_frame(s, frame);
- if (cmd) {
- trace_megasas_qf_found(cmd->index, cmd->pa);
- return cmd;
- }
- index = s->reply_queue_head;
- num = 0;
- while (num < s->fw_cmds) {
- if (!s->frames[index].pa) {
- cmd = &s->frames[index];
- break;
- }
- index = megasas_next_index(s, index, s->fw_cmds);
- num++;
- }
- if (!cmd) {
- trace_megasas_qf_failed(frame);
- }
- trace_megasas_qf_new(index, cmd);
- return cmd;
-}
-
-static MegasasCmd *megasas_enqueue_frame(MegasasState *s,
- hwaddr frame, uint64_t context, int count)
-{
- MegasasCmd *cmd = NULL;
- int frame_size = MFI_FRAME_SIZE * 16;
- hwaddr frame_size_p = frame_size;
-
- cmd = megasas_next_frame(s, frame);
- /* All frames busy */
- if (!cmd) {
- return NULL;
- }
- if (!cmd->pa) {
- cmd->pa = frame;
- /* Map all possible frames */
- cmd->frame = cpu_physical_memory_map(frame, &frame_size_p, 0);
- if (frame_size_p != frame_size) {
- trace_megasas_qf_map_failed(cmd->index, (unsigned long)frame);
- if (cmd->frame) {
- cpu_physical_memory_unmap(cmd->frame, frame_size_p, 0, 0);
- cmd->frame = NULL;
- cmd->pa = 0;
- }
- s->event_count++;
- return NULL;
- }
- cmd->pa_size = frame_size_p;
- cmd->context = context;
- if (!megasas_use_queue64(s)) {
- cmd->context &= (uint64_t)0xFFFFFFFF;
- }
- }
- cmd->count = count;
- s->busy++;
-
- trace_megasas_qf_enqueue(cmd->index, cmd->count, cmd->context,
- s->reply_queue_head, s->busy);
-
- return cmd;
-}
-
-static void megasas_complete_frame(MegasasState *s, uint64_t context)
-{
- int tail, queue_offset;
-
- /* Decrement busy count */
- s->busy--;
-
- if (s->reply_queue_pa) {
- /*
- * Put command on the reply queue.
- * Context is opaque, but emulation is running in
- * little endian. So convert it.
- */
- tail = s->reply_queue_head;
- if (megasas_use_queue64(s)) {
- queue_offset = tail * sizeof(uint64_t);
- stq_le_phys(s->reply_queue_pa + queue_offset, context);
- } else {
- queue_offset = tail * sizeof(uint32_t);
- stl_le_phys(s->reply_queue_pa + queue_offset, context);
- }
- s->reply_queue_head = megasas_next_index(s, tail, s->fw_cmds);
- trace_megasas_qf_complete(context, tail, queue_offset,
- s->busy, s->doorbell);
- }
-
- if (megasas_intr_enabled(s)) {
- /* Notify HBA */
- s->doorbell++;
- if (s->doorbell == 1) {
- if (msix_enabled(&s->dev)) {
- trace_megasas_msix_raise(0);
- msix_notify(&s->dev, 0);
- } else {
- trace_megasas_irq_raise();
- qemu_irq_raise(s->dev.irq[0]);
- }
- }
- } else {
- trace_megasas_qf_complete_noirq(context);
- }
-}
-
-static void megasas_reset_frames(MegasasState *s)
-{
- int i;
- MegasasCmd *cmd;
-
- for (i = 0; i < s->fw_cmds; i++) {
- cmd = &s->frames[i];
- if (cmd->pa) {
- cpu_physical_memory_unmap(cmd->frame, cmd->pa_size, 0, 0);
- cmd->frame = NULL;
- cmd->pa = 0;
- }
- }
-}
-
-static void megasas_abort_command(MegasasCmd *cmd)
-{
- if (cmd->req) {
- scsi_req_cancel(cmd->req);
- cmd->req = NULL;
- }
-}
-
-static int megasas_init_firmware(MegasasState *s, MegasasCmd *cmd)
-{
- uint32_t pa_hi, pa_lo;
- hwaddr iq_pa, initq_size;
- struct mfi_init_qinfo *initq;
- uint32_t flags;
- int ret = MFI_STAT_OK;
-
- pa_lo = le32_to_cpu(cmd->frame->init.qinfo_new_addr_lo);
- pa_hi = le32_to_cpu(cmd->frame->init.qinfo_new_addr_hi);
- iq_pa = (((uint64_t) pa_hi << 32) | pa_lo);
- trace_megasas_init_firmware((uint64_t)iq_pa);
- initq_size = sizeof(*initq);
- initq = cpu_physical_memory_map(iq_pa, &initq_size, 0);
- if (!initq || initq_size != sizeof(*initq)) {
- trace_megasas_initq_map_failed(cmd->index);
- s->event_count++;
- ret = MFI_STAT_MEMORY_NOT_AVAILABLE;
- goto out;
- }
- s->reply_queue_len = le32_to_cpu(initq->rq_entries) & 0xFFFF;
- if (s->reply_queue_len > s->fw_cmds) {
- trace_megasas_initq_mismatch(s->reply_queue_len, s->fw_cmds);
- s->event_count++;
- ret = MFI_STAT_INVALID_PARAMETER;
- goto out;
- }
- pa_lo = le32_to_cpu(initq->rq_addr_lo);
- pa_hi = le32_to_cpu(initq->rq_addr_hi);
- s->reply_queue_pa = ((uint64_t) pa_hi << 32) | pa_lo;
- pa_lo = le32_to_cpu(initq->ci_addr_lo);
- pa_hi = le32_to_cpu(initq->ci_addr_hi);
- s->consumer_pa = ((uint64_t) pa_hi << 32) | pa_lo;
- pa_lo = le32_to_cpu(initq->pi_addr_lo);
- pa_hi = le32_to_cpu(initq->pi_addr_hi);
- s->producer_pa = ((uint64_t) pa_hi << 32) | pa_lo;
- s->reply_queue_head = ldl_le_phys(s->producer_pa);
- s->reply_queue_tail = ldl_le_phys(s->consumer_pa);
- flags = le32_to_cpu(initq->flags);
- if (flags & MFI_QUEUE_FLAG_CONTEXT64) {
- s->flags |= MEGASAS_MASK_USE_QUEUE64;
- }
- trace_megasas_init_queue((unsigned long)s->reply_queue_pa,
- s->reply_queue_len, s->reply_queue_head,
- s->reply_queue_tail, flags);
- megasas_reset_frames(s);
- s->fw_state = MFI_FWSTATE_OPERATIONAL;
-out:
- if (initq) {
- cpu_physical_memory_unmap(initq, initq_size, 0, 0);
- }
- return ret;
-}
-
-static int megasas_map_dcmd(MegasasState *s, MegasasCmd *cmd)
-{
- dma_addr_t iov_pa, iov_size;
-
- cmd->flags = le16_to_cpu(cmd->frame->header.flags);
- if (!cmd->frame->header.sge_count) {
- trace_megasas_dcmd_zero_sge(cmd->index);
- cmd->iov_size = 0;
- return 0;
- } else if (cmd->frame->header.sge_count > 1) {
- trace_megasas_dcmd_invalid_sge(cmd->index,
- cmd->frame->header.sge_count);
- cmd->iov_size = 0;
- return -1;
- }
- iov_pa = megasas_sgl_get_addr(cmd, &cmd->frame->dcmd.sgl);
- iov_size = megasas_sgl_get_len(cmd, &cmd->frame->dcmd.sgl);
- qemu_sglist_init(&cmd->qsg, 1, pci_dma_context(&s->dev));
- qemu_sglist_add(&cmd->qsg, iov_pa, iov_size);
- cmd->iov_size = iov_size;
- return cmd->iov_size;
-}
-
-static void megasas_finish_dcmd(MegasasCmd *cmd, uint32_t iov_size)
-{
- trace_megasas_finish_dcmd(cmd->index, iov_size);
-
- if (cmd->frame->header.sge_count) {
- qemu_sglist_destroy(&cmd->qsg);
- }
- if (iov_size > cmd->iov_size) {
- if (megasas_frame_is_ieee_sgl(cmd)) {
- cmd->frame->dcmd.sgl.sg_skinny->len = cpu_to_le32(iov_size);
- } else if (megasas_frame_is_sgl64(cmd)) {
- cmd->frame->dcmd.sgl.sg64->len = cpu_to_le32(iov_size);
- } else {
- cmd->frame->dcmd.sgl.sg32->len = cpu_to_le32(iov_size);
- }
- }
- cmd->iov_size = 0;
-}
-
-static int megasas_ctrl_get_info(MegasasState *s, MegasasCmd *cmd)
-{
- struct mfi_ctrl_info info;
- size_t dcmd_size = sizeof(info);
- BusChild *kid;
- int num_ld_disks = 0;
- uint16_t sdev_id;
-
- memset(&info, 0x0, cmd->iov_size);
- if (cmd->iov_size < dcmd_size) {
- trace_megasas_dcmd_invalid_xfer_len(cmd->index, cmd->iov_size,
- dcmd_size);
- return MFI_STAT_INVALID_PARAMETER;
- }
-
- info.pci.vendor = cpu_to_le16(PCI_VENDOR_ID_LSI_LOGIC);
- info.pci.device = cpu_to_le16(PCI_DEVICE_ID_LSI_SAS1078);
- info.pci.subvendor = cpu_to_le16(PCI_VENDOR_ID_LSI_LOGIC);
- info.pci.subdevice = cpu_to_le16(0x1013);
-
- /*
- * For some reason the firmware supports
- * only up to 8 device ports.
- * Despite supporting a far larger number
- * of devices for the physical devices.
- * So just display the first 8 devices
- * in the device port list, independent
- * of how many logical devices are actually
- * present.
- */
- info.host.type = MFI_INFO_HOST_PCIE;
- info.device.type = MFI_INFO_DEV_SAS3G;
- info.device.port_count = 8;
- QTAILQ_FOREACH(kid, &s->bus.qbus.children, sibling) {
- SCSIDevice *sdev = DO_UPCAST(SCSIDevice, qdev, kid->child);
-
- if (num_ld_disks < 8) {
- sdev_id = ((sdev->id & 0xFF) >> 8) | (sdev->lun & 0xFF);
- info.device.port_addr[num_ld_disks] =
- cpu_to_le64(megasas_get_sata_addr(sdev_id));
- }
- num_ld_disks++;
- }
-
- memcpy(info.product_name, "MegaRAID SAS 8708EM2", 20);
- snprintf(info.serial_number, 32, "%s", s->hba_serial);
- snprintf(info.package_version, 0x60, "%s-QEMU", QEMU_VERSION);
- memcpy(info.image_component[0].name, "APP", 3);
- memcpy(info.image_component[0].version, MEGASAS_VERSION "-QEMU", 9);
- memcpy(info.image_component[0].build_date, __DATE__, 11);
- memcpy(info.image_component[0].build_time, __TIME__, 8);
- info.image_component_count = 1;
- if (s->dev.has_rom) {
- uint8_t biosver[32];
- uint8_t *ptr;
-
- ptr = memory_region_get_ram_ptr(&s->dev.rom);
- memcpy(biosver, ptr + 0x41, 31);
- qemu_put_ram_ptr(ptr);
- memcpy(info.image_component[1].name, "BIOS", 4);
- memcpy(info.image_component[1].version, biosver,
- strlen((const char *)biosver));
- info.image_component_count++;
- }
- info.current_fw_time = cpu_to_le32(megasas_fw_time());
- info.max_arms = 32;
- info.max_spans = 8;
- info.max_arrays = MEGASAS_MAX_ARRAYS;
- info.max_lds = s->fw_luns;
- info.max_cmds = cpu_to_le16(s->fw_cmds);
- info.max_sg_elements = cpu_to_le16(s->fw_sge);
- info.max_request_size = cpu_to_le32(MEGASAS_MAX_SECTORS);
- info.lds_present = cpu_to_le16(num_ld_disks);
- info.pd_present = cpu_to_le16(num_ld_disks);
- info.pd_disks_present = cpu_to_le16(num_ld_disks);
- info.hw_present = cpu_to_le32(MFI_INFO_HW_NVRAM |
- MFI_INFO_HW_MEM |
- MFI_INFO_HW_FLASH);
- info.memory_size = cpu_to_le16(512);
- info.nvram_size = cpu_to_le16(32);
- info.flash_size = cpu_to_le16(16);
- info.raid_levels = cpu_to_le32(MFI_INFO_RAID_0);
- info.adapter_ops = cpu_to_le32(MFI_INFO_AOPS_RBLD_RATE |
- MFI_INFO_AOPS_SELF_DIAGNOSTIC |
- MFI_INFO_AOPS_MIXED_ARRAY);
- info.ld_ops = cpu_to_le32(MFI_INFO_LDOPS_DISK_CACHE_POLICY |
- MFI_INFO_LDOPS_ACCESS_POLICY |
- MFI_INFO_LDOPS_IO_POLICY |
- MFI_INFO_LDOPS_WRITE_POLICY |
- MFI_INFO_LDOPS_READ_POLICY);
- info.max_strips_per_io = cpu_to_le16(s->fw_sge);
- info.stripe_sz_ops.min = 3;
- info.stripe_sz_ops.max = ffs(MEGASAS_MAX_SECTORS + 1) - 1;
- info.properties.pred_fail_poll_interval = cpu_to_le16(300);
- info.properties.intr_throttle_cnt = cpu_to_le16(16);
- info.properties.intr_throttle_timeout = cpu_to_le16(50);
- info.properties.rebuild_rate = 30;
- info.properties.patrol_read_rate = 30;
- info.properties.bgi_rate = 30;
- info.properties.cc_rate = 30;
- info.properties.recon_rate = 30;
- info.properties.cache_flush_interval = 4;
- info.properties.spinup_drv_cnt = 2;
- info.properties.spinup_delay = 6;
- info.properties.ecc_bucket_size = 15;
- info.properties.ecc_bucket_leak_rate = cpu_to_le16(1440);
- info.properties.expose_encl_devices = 1;
- info.properties.OnOffProperties = cpu_to_le32(MFI_CTRL_PROP_EnableJBOD);
- info.pd_ops = cpu_to_le32(MFI_INFO_PDOPS_FORCE_ONLINE |
- MFI_INFO_PDOPS_FORCE_OFFLINE);
- info.pd_mix_support = cpu_to_le32(MFI_INFO_PDMIX_SAS |
- MFI_INFO_PDMIX_SATA |
- MFI_INFO_PDMIX_LD);
-
- cmd->iov_size -= dma_buf_read((uint8_t *)&info, dcmd_size, &cmd->qsg);
- return MFI_STAT_OK;
-}
-
-static int megasas_mfc_get_defaults(MegasasState *s, MegasasCmd *cmd)
-{
- struct mfi_defaults info;
- size_t dcmd_size = sizeof(struct mfi_defaults);
-
- memset(&info, 0x0, dcmd_size);
- if (cmd->iov_size < dcmd_size) {
- trace_megasas_dcmd_invalid_xfer_len(cmd->index, cmd->iov_size,
- dcmd_size);
- return MFI_STAT_INVALID_PARAMETER;
- }
-
- info.sas_addr = cpu_to_le64(s->sas_addr);
- info.stripe_size = 3;
- info.flush_time = 4;
- info.background_rate = 30;
- info.allow_mix_in_enclosure = 1;
- info.allow_mix_in_ld = 1;
- info.direct_pd_mapping = 1;
- /* Enable for BIOS support */
- info.bios_enumerate_lds = 1;
- info.disable_ctrl_r = 1;
- info.expose_enclosure_devices = 1;
- info.disable_preboot_cli = 1;
- info.cluster_disable = 1;
-
- cmd->iov_size -= dma_buf_read((uint8_t *)&info, dcmd_size, &cmd->qsg);
- return MFI_STAT_OK;
-}
-
-static int megasas_dcmd_get_bios_info(MegasasState *s, MegasasCmd *cmd)
-{
- struct mfi_bios_data info;
- size_t dcmd_size = sizeof(info);
-
- memset(&info, 0x0, dcmd_size);
- if (cmd->iov_size < dcmd_size) {
- trace_megasas_dcmd_invalid_xfer_len(cmd->index, cmd->iov_size,
- dcmd_size);
- return MFI_STAT_INVALID_PARAMETER;
- }
- info.continue_on_error = 1;
- info.verbose = 1;
- if (megasas_is_jbod(s)) {
- info.expose_all_drives = 1;
- }
-
- cmd->iov_size -= dma_buf_read((uint8_t *)&info, dcmd_size, &cmd->qsg);
- return MFI_STAT_OK;
-}
-
-static int megasas_dcmd_get_fw_time(MegasasState *s, MegasasCmd *cmd)
-{
- uint64_t fw_time;
- size_t dcmd_size = sizeof(fw_time);
-
- fw_time = cpu_to_le64(megasas_fw_time());
-
- cmd->iov_size -= dma_buf_read((uint8_t *)&fw_time, dcmd_size, &cmd->qsg);
- return MFI_STAT_OK;
-}
-
-static int megasas_dcmd_set_fw_time(MegasasState *s, MegasasCmd *cmd)
-{
- uint64_t fw_time;
-
- /* This is a dummy; setting of firmware time is not allowed */
- memcpy(&fw_time, cmd->frame->dcmd.mbox, sizeof(fw_time));
-
- trace_megasas_dcmd_set_fw_time(cmd->index, fw_time);
- fw_time = cpu_to_le64(megasas_fw_time());
- return MFI_STAT_OK;
-}
-
-static int megasas_event_info(MegasasState *s, MegasasCmd *cmd)
-{
- struct mfi_evt_log_state info;
- size_t dcmd_size = sizeof(info);
-
- memset(&info, 0, dcmd_size);
-
- info.newest_seq_num = cpu_to_le32(s->event_count);
- info.shutdown_seq_num = cpu_to_le32(s->shutdown_event);
- info.boot_seq_num = cpu_to_le32(s->boot_event);
-
- cmd->iov_size -= dma_buf_read((uint8_t *)&info, dcmd_size, &cmd->qsg);
- return MFI_STAT_OK;
-}
-
-static int megasas_event_wait(MegasasState *s, MegasasCmd *cmd)
-{
- union mfi_evt event;
-
- if (cmd->iov_size < sizeof(struct mfi_evt_detail)) {
- trace_megasas_dcmd_invalid_xfer_len(cmd->index, cmd->iov_size,
- sizeof(struct mfi_evt_detail));
- return MFI_STAT_INVALID_PARAMETER;
- }
- s->event_count = cpu_to_le32(cmd->frame->dcmd.mbox[0]);
- event.word = cpu_to_le32(cmd->frame->dcmd.mbox[4]);
- s->event_locale = event.members.locale;
- s->event_class = event.members.class;
- s->event_cmd = cmd;
- /* Decrease busy count; event frame doesn't count here */
- s->busy--;
- cmd->iov_size = sizeof(struct mfi_evt_detail);
- return MFI_STAT_INVALID_STATUS;
-}
-
-static int megasas_dcmd_pd_get_list(MegasasState *s, MegasasCmd *cmd)
-{
- struct mfi_pd_list info;
- size_t dcmd_size = sizeof(info);
- BusChild *kid;
- uint32_t offset, dcmd_limit, num_pd_disks = 0, max_pd_disks;
- uint16_t sdev_id;
-
- memset(&info, 0, dcmd_size);
- offset = 8;
- dcmd_limit = offset + sizeof(struct mfi_pd_address);
- if (cmd->iov_size < dcmd_limit) {
- trace_megasas_dcmd_invalid_xfer_len(cmd->index, cmd->iov_size,
- dcmd_limit);
- return MFI_STAT_INVALID_PARAMETER;
- }
-
- max_pd_disks = (cmd->iov_size - offset) / sizeof(struct mfi_pd_address);
- if (max_pd_disks > s->fw_luns) {
- max_pd_disks = s->fw_luns;
- }
-
- QTAILQ_FOREACH(kid, &s->bus.qbus.children, sibling) {
- SCSIDevice *sdev = DO_UPCAST(SCSIDevice, qdev, kid->child);
-
- sdev_id = ((sdev->id & 0xFF) >> 8) | (sdev->lun & 0xFF);
- info.addr[num_pd_disks].device_id = cpu_to_le16(sdev_id);
- info.addr[num_pd_disks].encl_device_id = 0xFFFF;
- info.addr[num_pd_disks].encl_index = 0;
- info.addr[num_pd_disks].slot_number = (sdev->id & 0xFF);
- info.addr[num_pd_disks].scsi_dev_type = sdev->type;
- info.addr[num_pd_disks].connect_port_bitmap = 0x1;
- info.addr[num_pd_disks].sas_addr[0] =
- cpu_to_le64(megasas_get_sata_addr(sdev_id));
- num_pd_disks++;
- offset += sizeof(struct mfi_pd_address);
- }
- trace_megasas_dcmd_pd_get_list(cmd->index, num_pd_disks,
- max_pd_disks, offset);
-
- info.size = cpu_to_le32(offset);
- info.count = cpu_to_le32(num_pd_disks);
-
- cmd->iov_size -= dma_buf_read((uint8_t *)&info, offset, &cmd->qsg);
- return MFI_STAT_OK;
-}
-
-static int megasas_dcmd_pd_list_query(MegasasState *s, MegasasCmd *cmd)
-{
- uint16_t flags;
-
- /* mbox0 contains flags */
- flags = le16_to_cpu(cmd->frame->dcmd.mbox[0]);
- trace_megasas_dcmd_pd_list_query(cmd->index, flags);
- if (flags == MR_PD_QUERY_TYPE_ALL ||
- megasas_is_jbod(s)) {
- return megasas_dcmd_pd_get_list(s, cmd);
- }
-
- return MFI_STAT_OK;
-}
-
-static int megasas_pd_get_info_submit(SCSIDevice *sdev, int lun,
- MegasasCmd *cmd)
-{
- struct mfi_pd_info *info = cmd->iov_buf;
- size_t dcmd_size = sizeof(struct mfi_pd_info);
- BlockConf *conf = &sdev->conf;
- uint64_t pd_size;
- uint16_t sdev_id = ((sdev->id & 0xFF) >> 8) | (lun & 0xFF);
- uint8_t cmdbuf[6];
- SCSIRequest *req;
- size_t len, resid;
-
- if (!cmd->iov_buf) {
- cmd->iov_buf = g_malloc(dcmd_size);
- memset(cmd->iov_buf, 0, dcmd_size);
- info = cmd->iov_buf;
- info->inquiry_data[0] = 0x7f; /* Force PQual 0x3, PType 0x1f */
- info->vpd_page83[0] = 0x7f;
- megasas_setup_inquiry(cmdbuf, 0, sizeof(info->inquiry_data));
- req = scsi_req_new(sdev, cmd->index, lun, cmdbuf, cmd);
- if (!req) {
- trace_megasas_dcmd_req_alloc_failed(cmd->index,
- "PD get info std inquiry");
- g_free(cmd->iov_buf);
- cmd->iov_buf = NULL;
- return MFI_STAT_FLASH_ALLOC_FAIL;
- }
- trace_megasas_dcmd_internal_submit(cmd->index,
- "PD get info std inquiry", lun);
- len = scsi_req_enqueue(req);
- if (len > 0) {
- cmd->iov_size = len;
- scsi_req_continue(req);
- }
- return MFI_STAT_INVALID_STATUS;
- } else if (info->inquiry_data[0] != 0x7f && info->vpd_page83[0] == 0x7f) {
- megasas_setup_inquiry(cmdbuf, 0x83, sizeof(info->vpd_page83));
- req = scsi_req_new(sdev, cmd->index, lun, cmdbuf, cmd);
- if (!req) {
- trace_megasas_dcmd_req_alloc_failed(cmd->index,
- "PD get info vpd inquiry");
- return MFI_STAT_FLASH_ALLOC_FAIL;
- }
- trace_megasas_dcmd_internal_submit(cmd->index,
- "PD get info vpd inquiry", lun);
- len = scsi_req_enqueue(req);
- if (len > 0) {
- cmd->iov_size = len;
- scsi_req_continue(req);
- }
- return MFI_STAT_INVALID_STATUS;
- }
- /* Finished, set FW state */
- if ((info->inquiry_data[0] >> 5) == 0) {
- if (megasas_is_jbod(cmd->state)) {
- info->fw_state = cpu_to_le16(MFI_PD_STATE_SYSTEM);
- } else {
- info->fw_state = cpu_to_le16(MFI_PD_STATE_ONLINE);
- }
- } else {
- info->fw_state = cpu_to_le16(MFI_PD_STATE_OFFLINE);
- }
-
- info->ref.v.device_id = cpu_to_le16(sdev_id);
- info->state.ddf.pd_type = cpu_to_le16(MFI_PD_DDF_TYPE_IN_VD|
- MFI_PD_DDF_TYPE_INTF_SAS);
- bdrv_get_geometry(conf->bs, &pd_size);
- info->raw_size = cpu_to_le64(pd_size);
- info->non_coerced_size = cpu_to_le64(pd_size);
- info->coerced_size = cpu_to_le64(pd_size);
- info->encl_device_id = 0xFFFF;
- info->slot_number = (sdev->id & 0xFF);
- info->path_info.count = 1;
- info->path_info.sas_addr[0] =
- cpu_to_le64(megasas_get_sata_addr(sdev_id));
- info->connected_port_bitmap = 0x1;
- info->device_speed = 1;
- info->link_speed = 1;
- resid = dma_buf_read(cmd->iov_buf, dcmd_size, &cmd->qsg);
- g_free(cmd->iov_buf);
- cmd->iov_size = dcmd_size - resid;
- cmd->iov_buf = NULL;
- return MFI_STAT_OK;
-}
-
-static int megasas_dcmd_pd_get_info(MegasasState *s, MegasasCmd *cmd)
-{
- size_t dcmd_size = sizeof(struct mfi_pd_info);
- uint16_t pd_id;
- SCSIDevice *sdev = NULL;
- int retval = MFI_STAT_DEVICE_NOT_FOUND;
-
- if (cmd->iov_size < dcmd_size) {
- return MFI_STAT_INVALID_PARAMETER;
- }
-
- /* mbox0 has the ID */
- pd_id = le16_to_cpu(cmd->frame->dcmd.mbox[0]);
- sdev = scsi_device_find(&s->bus, 0, pd_id, 0);
- trace_megasas_dcmd_pd_get_info(cmd->index, pd_id);
-
- if (sdev) {
- /* Submit inquiry */
- retval = megasas_pd_get_info_submit(sdev, pd_id, cmd);
- }
-
- return retval;
-}
-
-static int megasas_dcmd_ld_get_list(MegasasState *s, MegasasCmd *cmd)
-{
- struct mfi_ld_list info;
- size_t dcmd_size = sizeof(info), resid;
- uint32_t num_ld_disks = 0, max_ld_disks = s->fw_luns;
- uint64_t ld_size;
- BusChild *kid;
-
- memset(&info, 0, dcmd_size);
- if (cmd->iov_size < dcmd_size) {
- trace_megasas_dcmd_invalid_xfer_len(cmd->index, cmd->iov_size,
- dcmd_size);
- return MFI_STAT_INVALID_PARAMETER;
- }
-
- if (megasas_is_jbod(s)) {
- max_ld_disks = 0;
- }
- QTAILQ_FOREACH(kid, &s->bus.qbus.children, sibling) {
- SCSIDevice *sdev = DO_UPCAST(SCSIDevice, qdev, kid->child);
- BlockConf *conf = &sdev->conf;
-
- if (num_ld_disks >= max_ld_disks) {
- break;
- }
- /* Logical device size is in blocks */
- bdrv_get_geometry(conf->bs, &ld_size);
- info.ld_list[num_ld_disks].ld.v.target_id = sdev->id;
- info.ld_list[num_ld_disks].ld.v.lun_id = sdev->lun;
- info.ld_list[num_ld_disks].state = MFI_LD_STATE_OPTIMAL;
- info.ld_list[num_ld_disks].size = cpu_to_le64(ld_size);
- num_ld_disks++;
- }
- info.ld_count = cpu_to_le32(num_ld_disks);
- trace_megasas_dcmd_ld_get_list(cmd->index, num_ld_disks, max_ld_disks);
-
- resid = dma_buf_read((uint8_t *)&info, dcmd_size, &cmd->qsg);
- cmd->iov_size = dcmd_size - resid;
- return MFI_STAT_OK;
-}
-
-static int megasas_ld_get_info_submit(SCSIDevice *sdev, int lun,
- MegasasCmd *cmd)
-{
- struct mfi_ld_info *info = cmd->iov_buf;
- size_t dcmd_size = sizeof(struct mfi_ld_info);
- uint8_t cdb[6];
- SCSIRequest *req;
- ssize_t len, resid;
- BlockConf *conf = &sdev->conf;
- uint16_t sdev_id = ((sdev->id & 0xFF) >> 8) | (lun & 0xFF);
- uint64_t ld_size;
-
- if (!cmd->iov_buf) {
- cmd->iov_buf = g_malloc(dcmd_size);
- memset(cmd->iov_buf, 0x0, dcmd_size);
- info = cmd->iov_buf;
- megasas_setup_inquiry(cdb, 0x83, sizeof(info->vpd_page83));
- req = scsi_req_new(sdev, cmd->index, lun, cdb, cmd);
- if (!req) {
- trace_megasas_dcmd_req_alloc_failed(cmd->index,
- "LD get info vpd inquiry");
- g_free(cmd->iov_buf);
- cmd->iov_buf = NULL;
- return MFI_STAT_FLASH_ALLOC_FAIL;
- }
- trace_megasas_dcmd_internal_submit(cmd->index,
- "LD get info vpd inquiry", lun);
- len = scsi_req_enqueue(req);
- if (len > 0) {
- cmd->iov_size = len;
- scsi_req_continue(req);
- }
- return MFI_STAT_INVALID_STATUS;
- }
-
- info->ld_config.params.state = MFI_LD_STATE_OPTIMAL;
- info->ld_config.properties.ld.v.target_id = lun;
- info->ld_config.params.stripe_size = 3;
- info->ld_config.params.num_drives = 1;
- info->ld_config.params.is_consistent = 1;
- /* Logical device size is in blocks */
- bdrv_get_geometry(conf->bs, &ld_size);
- info->size = cpu_to_le64(ld_size);
- memset(info->ld_config.span, 0, sizeof(info->ld_config.span));
- info->ld_config.span[0].start_block = 0;
- info->ld_config.span[0].num_blocks = info->size;
- info->ld_config.span[0].array_ref = cpu_to_le16(sdev_id);
-
- resid = dma_buf_read(cmd->iov_buf, dcmd_size, &cmd->qsg);
- g_free(cmd->iov_buf);
- cmd->iov_size = dcmd_size - resid;
- cmd->iov_buf = NULL;
- return MFI_STAT_OK;
-}
-
-static int megasas_dcmd_ld_get_info(MegasasState *s, MegasasCmd *cmd)
-{
- struct mfi_ld_info info;
- size_t dcmd_size = sizeof(info);
- uint16_t ld_id;
- uint32_t max_ld_disks = s->fw_luns;
- SCSIDevice *sdev = NULL;
- int retval = MFI_STAT_DEVICE_NOT_FOUND;
-
- if (cmd->iov_size < dcmd_size) {
- return MFI_STAT_INVALID_PARAMETER;
- }
-
- /* mbox0 has the ID */
- ld_id = le16_to_cpu(cmd->frame->dcmd.mbox[0]);
- trace_megasas_dcmd_ld_get_info(cmd->index, ld_id);
-
- if (megasas_is_jbod(s)) {
- return MFI_STAT_DEVICE_NOT_FOUND;
- }
-
- if (ld_id < max_ld_disks) {
- sdev = scsi_device_find(&s->bus, 0, ld_id, 0);
- }
-
- if (sdev) {
- retval = megasas_ld_get_info_submit(sdev, ld_id, cmd);
- }
-
- return retval;
-}
-
-static int megasas_dcmd_cfg_read(MegasasState *s, MegasasCmd *cmd)
-{
- uint8_t data[4096];
- struct mfi_config_data *info;
- int num_pd_disks = 0, array_offset, ld_offset;
- BusChild *kid;
-
- if (cmd->iov_size > 4096) {
- return MFI_STAT_INVALID_PARAMETER;
- }
-
- QTAILQ_FOREACH(kid, &s->bus.qbus.children, sibling) {
- num_pd_disks++;
- }
- info = (struct mfi_config_data *)&data;
- /*
- * Array mapping:
- * - One array per SCSI device
- * - One logical drive per SCSI device
- * spanning the entire device
- */
- info->array_count = num_pd_disks;
- info->array_size = sizeof(struct mfi_array) * num_pd_disks;
- info->log_drv_count = num_pd_disks;
- info->log_drv_size = sizeof(struct mfi_ld_config) * num_pd_disks;
- info->spares_count = 0;
- info->spares_size = sizeof(struct mfi_spare);
- info->size = sizeof(struct mfi_config_data) + info->array_size +
- info->log_drv_size;
- if (info->size > 4096) {
- return MFI_STAT_INVALID_PARAMETER;
- }
-
- array_offset = sizeof(struct mfi_config_data);
- ld_offset = array_offset + sizeof(struct mfi_array) * num_pd_disks;
-
- QTAILQ_FOREACH(kid, &s->bus.qbus.children, sibling) {
- SCSIDevice *sdev = DO_UPCAST(SCSIDevice, qdev, kid->child);
- BlockConf *conf = &sdev->conf;
- uint16_t sdev_id = ((sdev->id & 0xFF) >> 8) | (sdev->lun & 0xFF);
- struct mfi_array *array;
- struct mfi_ld_config *ld;
- uint64_t pd_size;
- int i;
-
- array = (struct mfi_array *)(data + array_offset);
- bdrv_get_geometry(conf->bs, &pd_size);
- array->size = cpu_to_le64(pd_size);
- array->num_drives = 1;
- array->array_ref = cpu_to_le16(sdev_id);
- array->pd[0].ref.v.device_id = cpu_to_le16(sdev_id);
- array->pd[0].ref.v.seq_num = 0;
- array->pd[0].fw_state = MFI_PD_STATE_ONLINE;
- array->pd[0].encl.pd = 0xFF;
- array->pd[0].encl.slot = (sdev->id & 0xFF);
- for (i = 1; i < MFI_MAX_ROW_SIZE; i++) {
- array->pd[i].ref.v.device_id = 0xFFFF;
- array->pd[i].ref.v.seq_num = 0;
- array->pd[i].fw_state = MFI_PD_STATE_UNCONFIGURED_GOOD;
- array->pd[i].encl.pd = 0xFF;
- array->pd[i].encl.slot = 0xFF;
- }
- array_offset += sizeof(struct mfi_array);
- ld = (struct mfi_ld_config *)(data + ld_offset);
- memset(ld, 0, sizeof(struct mfi_ld_config));
- ld->properties.ld.v.target_id = (sdev->id & 0xFF);
- ld->properties.default_cache_policy = MR_LD_CACHE_READ_AHEAD |
- MR_LD_CACHE_READ_ADAPTIVE;
- ld->properties.current_cache_policy = MR_LD_CACHE_READ_AHEAD |
- MR_LD_CACHE_READ_ADAPTIVE;
- ld->params.state = MFI_LD_STATE_OPTIMAL;
- ld->params.stripe_size = 3;
- ld->params.num_drives = 1;
- ld->params.span_depth = 1;
- ld->params.is_consistent = 1;
- ld->span[0].start_block = 0;
- ld->span[0].num_blocks = cpu_to_le64(pd_size);
- ld->span[0].array_ref = cpu_to_le16(sdev_id);
- ld_offset += sizeof(struct mfi_ld_config);
- }
-
- cmd->iov_size -= dma_buf_read((uint8_t *)data, info->size, &cmd->qsg);
- return MFI_STAT_OK;
-}
-
-static int megasas_dcmd_get_properties(MegasasState *s, MegasasCmd *cmd)
-{
- struct mfi_ctrl_props info;
- size_t dcmd_size = sizeof(info);
-
- memset(&info, 0x0, dcmd_size);
- if (cmd->iov_size < dcmd_size) {
- trace_megasas_dcmd_invalid_xfer_len(cmd->index, cmd->iov_size,
- dcmd_size);
- return MFI_STAT_INVALID_PARAMETER;
- }
- info.pred_fail_poll_interval = cpu_to_le16(300);
- info.intr_throttle_cnt = cpu_to_le16(16);
- info.intr_throttle_timeout = cpu_to_le16(50);
- info.rebuild_rate = 30;
- info.patrol_read_rate = 30;
- info.bgi_rate = 30;
- info.cc_rate = 30;
- info.recon_rate = 30;
- info.cache_flush_interval = 4;
- info.spinup_drv_cnt = 2;
- info.spinup_delay = 6;
- info.ecc_bucket_size = 15;
- info.ecc_bucket_leak_rate = cpu_to_le16(1440);
- info.expose_encl_devices = 1;
-
- cmd->iov_size -= dma_buf_read((uint8_t *)&info, dcmd_size, &cmd->qsg);
- return MFI_STAT_OK;
-}
-
-static int megasas_cache_flush(MegasasState *s, MegasasCmd *cmd)
-{
- bdrv_drain_all();
- return MFI_STAT_OK;
-}
-
-static int megasas_ctrl_shutdown(MegasasState *s, MegasasCmd *cmd)
-{
- s->fw_state = MFI_FWSTATE_READY;
- return MFI_STAT_OK;
-}
-
-static int megasas_cluster_reset_ld(MegasasState *s, MegasasCmd *cmd)
-{
- return MFI_STAT_INVALID_DCMD;
-}
-
-static int megasas_dcmd_set_properties(MegasasState *s, MegasasCmd *cmd)
-{
- struct mfi_ctrl_props info;
- size_t dcmd_size = sizeof(info);
-
- if (cmd->iov_size < dcmd_size) {
- trace_megasas_dcmd_invalid_xfer_len(cmd->index, cmd->iov_size,
- dcmd_size);
- return MFI_STAT_INVALID_PARAMETER;
- }
- dma_buf_write((uint8_t *)&info, cmd->iov_size, &cmd->qsg);
- trace_megasas_dcmd_unsupported(cmd->index, cmd->iov_size);
- return MFI_STAT_OK;
-}
-
-static int megasas_dcmd_dummy(MegasasState *s, MegasasCmd *cmd)
-{
- trace_megasas_dcmd_dummy(cmd->index, cmd->iov_size);
- return MFI_STAT_OK;
-}
-
-static const struct dcmd_cmd_tbl_t {
- int opcode;
- const char *desc;
- int (*func)(MegasasState *s, MegasasCmd *cmd);
-} dcmd_cmd_tbl[] = {
- { MFI_DCMD_CTRL_MFI_HOST_MEM_ALLOC, "CTRL_HOST_MEM_ALLOC",
- megasas_dcmd_dummy },
- { MFI_DCMD_CTRL_GET_INFO, "CTRL_GET_INFO",
- megasas_ctrl_get_info },
- { MFI_DCMD_CTRL_GET_PROPERTIES, "CTRL_GET_PROPERTIES",
- megasas_dcmd_get_properties },
- { MFI_DCMD_CTRL_SET_PROPERTIES, "CTRL_SET_PROPERTIES",
- megasas_dcmd_set_properties },
- { MFI_DCMD_CTRL_ALARM_GET, "CTRL_ALARM_GET",
- megasas_dcmd_dummy },
- { MFI_DCMD_CTRL_ALARM_ENABLE, "CTRL_ALARM_ENABLE",
- megasas_dcmd_dummy },
- { MFI_DCMD_CTRL_ALARM_DISABLE, "CTRL_ALARM_DISABLE",
- megasas_dcmd_dummy },
- { MFI_DCMD_CTRL_ALARM_SILENCE, "CTRL_ALARM_SILENCE",
- megasas_dcmd_dummy },
- { MFI_DCMD_CTRL_ALARM_TEST, "CTRL_ALARM_TEST",
- megasas_dcmd_dummy },
- { MFI_DCMD_CTRL_EVENT_GETINFO, "CTRL_EVENT_GETINFO",
- megasas_event_info },
- { MFI_DCMD_CTRL_EVENT_GET, "CTRL_EVENT_GET",
- megasas_dcmd_dummy },
- { MFI_DCMD_CTRL_EVENT_WAIT, "CTRL_EVENT_WAIT",
- megasas_event_wait },
- { MFI_DCMD_CTRL_SHUTDOWN, "CTRL_SHUTDOWN",
- megasas_ctrl_shutdown },
- { MFI_DCMD_HIBERNATE_STANDBY, "CTRL_STANDBY",
- megasas_dcmd_dummy },
- { MFI_DCMD_CTRL_GET_TIME, "CTRL_GET_TIME",
- megasas_dcmd_get_fw_time },
- { MFI_DCMD_CTRL_SET_TIME, "CTRL_SET_TIME",
- megasas_dcmd_set_fw_time },
- { MFI_DCMD_CTRL_BIOS_DATA_GET, "CTRL_BIOS_DATA_GET",
- megasas_dcmd_get_bios_info },
- { MFI_DCMD_CTRL_FACTORY_DEFAULTS, "CTRL_FACTORY_DEFAULTS",
- megasas_dcmd_dummy },
- { MFI_DCMD_CTRL_MFC_DEFAULTS_GET, "CTRL_MFC_DEFAULTS_GET",
- megasas_mfc_get_defaults },
- { MFI_DCMD_CTRL_MFC_DEFAULTS_SET, "CTRL_MFC_DEFAULTS_SET",
- megasas_dcmd_dummy },
- { MFI_DCMD_CTRL_CACHE_FLUSH, "CTRL_CACHE_FLUSH",
- megasas_cache_flush },
- { MFI_DCMD_PD_GET_LIST, "PD_GET_LIST",
- megasas_dcmd_pd_get_list },
- { MFI_DCMD_PD_LIST_QUERY, "PD_LIST_QUERY",
- megasas_dcmd_pd_list_query },
- { MFI_DCMD_PD_GET_INFO, "PD_GET_INFO",
- megasas_dcmd_pd_get_info },
- { MFI_DCMD_PD_STATE_SET, "PD_STATE_SET",
- megasas_dcmd_dummy },
- { MFI_DCMD_PD_REBUILD, "PD_REBUILD",
- megasas_dcmd_dummy },
- { MFI_DCMD_PD_BLINK, "PD_BLINK",
- megasas_dcmd_dummy },
- { MFI_DCMD_PD_UNBLINK, "PD_UNBLINK",
- megasas_dcmd_dummy },
- { MFI_DCMD_LD_GET_LIST, "LD_GET_LIST",
- megasas_dcmd_ld_get_list},
- { MFI_DCMD_LD_GET_INFO, "LD_GET_INFO",
- megasas_dcmd_ld_get_info },
- { MFI_DCMD_LD_GET_PROP, "LD_GET_PROP",
- megasas_dcmd_dummy },
- { MFI_DCMD_LD_SET_PROP, "LD_SET_PROP",
- megasas_dcmd_dummy },
- { MFI_DCMD_LD_DELETE, "LD_DELETE",
- megasas_dcmd_dummy },
- { MFI_DCMD_CFG_READ, "CFG_READ",
- megasas_dcmd_cfg_read },
- { MFI_DCMD_CFG_ADD, "CFG_ADD",
- megasas_dcmd_dummy },
- { MFI_DCMD_CFG_CLEAR, "CFG_CLEAR",
- megasas_dcmd_dummy },
- { MFI_DCMD_CFG_FOREIGN_READ, "CFG_FOREIGN_READ",
- megasas_dcmd_dummy },
- { MFI_DCMD_CFG_FOREIGN_IMPORT, "CFG_FOREIGN_IMPORT",
- megasas_dcmd_dummy },
- { MFI_DCMD_BBU_STATUS, "BBU_STATUS",
- megasas_dcmd_dummy },
- { MFI_DCMD_BBU_CAPACITY_INFO, "BBU_CAPACITY_INFO",
- megasas_dcmd_dummy },
- { MFI_DCMD_BBU_DESIGN_INFO, "BBU_DESIGN_INFO",
- megasas_dcmd_dummy },
- { MFI_DCMD_BBU_PROP_GET, "BBU_PROP_GET",
- megasas_dcmd_dummy },
- { MFI_DCMD_CLUSTER, "CLUSTER",
- megasas_dcmd_dummy },
- { MFI_DCMD_CLUSTER_RESET_ALL, "CLUSTER_RESET_ALL",
- megasas_dcmd_dummy },
- { MFI_DCMD_CLUSTER_RESET_LD, "CLUSTER_RESET_LD",
- megasas_cluster_reset_ld },
- { -1, NULL, NULL }
-};
-
-static int megasas_handle_dcmd(MegasasState *s, MegasasCmd *cmd)
-{
- int opcode, len;
- int retval = 0;
- const struct dcmd_cmd_tbl_t *cmdptr = dcmd_cmd_tbl;
-
- opcode = le32_to_cpu(cmd->frame->dcmd.opcode);
- trace_megasas_handle_dcmd(cmd->index, opcode);
- len = megasas_map_dcmd(s, cmd);
- if (len < 0) {
- return MFI_STAT_MEMORY_NOT_AVAILABLE;
- }
- while (cmdptr->opcode != -1 && cmdptr->opcode != opcode) {
- cmdptr++;
- }
- if (cmdptr->opcode == -1) {
- trace_megasas_dcmd_unhandled(cmd->index, opcode, len);
- retval = megasas_dcmd_dummy(s, cmd);
- } else {
- trace_megasas_dcmd_enter(cmd->index, cmdptr->desc, len);
- retval = cmdptr->func(s, cmd);
- }
- if (retval != MFI_STAT_INVALID_STATUS) {
- megasas_finish_dcmd(cmd, len);
- }
- return retval;
-}
-
-static int megasas_finish_internal_dcmd(MegasasCmd *cmd,
- SCSIRequest *req)
-{
- int opcode;
- int retval = MFI_STAT_OK;
- int lun = req->lun;
-
- opcode = le32_to_cpu(cmd->frame->dcmd.opcode);
- scsi_req_unref(req);
- trace_megasas_dcmd_internal_finish(cmd->index, opcode, lun);
- switch (opcode) {
- case MFI_DCMD_PD_GET_INFO:
- retval = megasas_pd_get_info_submit(req->dev, lun, cmd);
- break;
- case MFI_DCMD_LD_GET_INFO:
- retval = megasas_ld_get_info_submit(req->dev, lun, cmd);
- break;
- default:
- trace_megasas_dcmd_internal_invalid(cmd->index, opcode);
- retval = MFI_STAT_INVALID_DCMD;
- break;
- }
- if (retval != MFI_STAT_INVALID_STATUS) {
- megasas_finish_dcmd(cmd, cmd->iov_size);
- }
- return retval;
-}
-
-static int megasas_enqueue_req(MegasasCmd *cmd, bool is_write)
-{
- int len;
-
- len = scsi_req_enqueue(cmd->req);
- if (len < 0) {
- len = -len;
- }
- if (len > 0) {
- if (len > cmd->iov_size) {
- if (is_write) {
- trace_megasas_iov_write_overflow(cmd->index, len,
- cmd->iov_size);
- } else {
- trace_megasas_iov_read_overflow(cmd->index, len,
- cmd->iov_size);
- }
- }
- if (len < cmd->iov_size) {
- if (is_write) {
- trace_megasas_iov_write_underflow(cmd->index, len,
- cmd->iov_size);
- } else {
- trace_megasas_iov_read_underflow(cmd->index, len,
- cmd->iov_size);
- }
- cmd->iov_size = len;
- }
- scsi_req_continue(cmd->req);
- }
- return len;
-}
-
-static int megasas_handle_scsi(MegasasState *s, MegasasCmd *cmd,
- bool is_logical)
-{
- uint8_t *cdb;
- int len;
- bool is_write;
- struct SCSIDevice *sdev = NULL;
-
- cdb = cmd->frame->pass.cdb;
-
- if (cmd->frame->header.target_id < s->fw_luns) {
- sdev = scsi_device_find(&s->bus, 0, cmd->frame->header.target_id,
- cmd->frame->header.lun_id);
- }
- cmd->iov_size = le32_to_cpu(cmd->frame->header.data_len);
- trace_megasas_handle_scsi(mfi_frame_desc[cmd->frame->header.frame_cmd],
- is_logical, cmd->frame->header.target_id,
- cmd->frame->header.lun_id, sdev, cmd->iov_size);
-
- if (!sdev || (megasas_is_jbod(s) && is_logical)) {
- trace_megasas_scsi_target_not_present(
- mfi_frame_desc[cmd->frame->header.frame_cmd], is_logical,
- cmd->frame->header.target_id, cmd->frame->header.lun_id);
- return MFI_STAT_DEVICE_NOT_FOUND;
- }
-
- if (cmd->frame->header.cdb_len > 16) {
- trace_megasas_scsi_invalid_cdb_len(
- mfi_frame_desc[cmd->frame->header.frame_cmd], is_logical,
- cmd->frame->header.target_id, cmd->frame->header.lun_id,
- cmd->frame->header.cdb_len);
- megasas_write_sense(cmd, SENSE_CODE(INVALID_OPCODE));
- cmd->frame->header.scsi_status = CHECK_CONDITION;
- s->event_count++;
- return MFI_STAT_SCSI_DONE_WITH_ERROR;
- }
-
- if (megasas_map_sgl(s, cmd, &cmd->frame->pass.sgl)) {
- megasas_write_sense(cmd, SENSE_CODE(TARGET_FAILURE));
- cmd->frame->header.scsi_status = CHECK_CONDITION;
- s->event_count++;
- return MFI_STAT_SCSI_DONE_WITH_ERROR;
- }
-
- cmd->req = scsi_req_new(sdev, cmd->index,
- cmd->frame->header.lun_id, cdb, cmd);
- if (!cmd->req) {
- trace_megasas_scsi_req_alloc_failed(
- mfi_frame_desc[cmd->frame->header.frame_cmd],
- cmd->frame->header.target_id, cmd->frame->header.lun_id);
- megasas_write_sense(cmd, SENSE_CODE(NO_SENSE));
- cmd->frame->header.scsi_status = BUSY;
- s->event_count++;
- return MFI_STAT_SCSI_DONE_WITH_ERROR;
- }
-
- is_write = (cmd->req->cmd.mode == SCSI_XFER_TO_DEV);
- len = megasas_enqueue_req(cmd, is_write);
- if (len > 0) {
- if (is_write) {
- trace_megasas_scsi_write_start(cmd->index, len);
- } else {
- trace_megasas_scsi_read_start(cmd->index, len);
- }
- } else {
- trace_megasas_scsi_nodata(cmd->index);
- }
- return MFI_STAT_INVALID_STATUS;
-}
-
-static int megasas_handle_io(MegasasState *s, MegasasCmd *cmd)
-{
- uint32_t lba_count, lba_start_hi, lba_start_lo;
- uint64_t lba_start;
- bool is_write = (cmd->frame->header.frame_cmd == MFI_CMD_LD_WRITE);
- uint8_t cdb[16];
- int len;
- struct SCSIDevice *sdev = NULL;
-
- lba_count = le32_to_cpu(cmd->frame->io.header.data_len);
- lba_start_lo = le32_to_cpu(cmd->frame->io.lba_lo);
- lba_start_hi = le32_to_cpu(cmd->frame->io.lba_hi);
- lba_start = ((uint64_t)lba_start_hi << 32) | lba_start_lo;
-
- if (cmd->frame->header.target_id < s->fw_luns) {
- sdev = scsi_device_find(&s->bus, 0, cmd->frame->header.target_id,
- cmd->frame->header.lun_id);
- }
-
- trace_megasas_handle_io(cmd->index,
- mfi_frame_desc[cmd->frame->header.frame_cmd],
- cmd->frame->header.target_id,
- cmd->frame->header.lun_id,
- (unsigned long)lba_start, (unsigned long)lba_count);
- if (!sdev) {
- trace_megasas_io_target_not_present(cmd->index,
- mfi_frame_desc[cmd->frame->header.frame_cmd],
- cmd->frame->header.target_id, cmd->frame->header.lun_id);
- return MFI_STAT_DEVICE_NOT_FOUND;
- }
-
- if (cmd->frame->header.cdb_len > 16) {
- trace_megasas_scsi_invalid_cdb_len(
- mfi_frame_desc[cmd->frame->header.frame_cmd], 1,
- cmd->frame->header.target_id, cmd->frame->header.lun_id,
- cmd->frame->header.cdb_len);
- megasas_write_sense(cmd, SENSE_CODE(INVALID_OPCODE));
- cmd->frame->header.scsi_status = CHECK_CONDITION;
- s->event_count++;
- return MFI_STAT_SCSI_DONE_WITH_ERROR;
- }
-
- cmd->iov_size = lba_count * sdev->blocksize;
- if (megasas_map_sgl(s, cmd, &cmd->frame->io.sgl)) {
- megasas_write_sense(cmd, SENSE_CODE(TARGET_FAILURE));
- cmd->frame->header.scsi_status = CHECK_CONDITION;
- s->event_count++;
- return MFI_STAT_SCSI_DONE_WITH_ERROR;
- }
-
- megasas_encode_lba(cdb, lba_start, lba_count, is_write);
- cmd->req = scsi_req_new(sdev, cmd->index,
- cmd->frame->header.lun_id, cdb, cmd);
- if (!cmd->req) {
- trace_megasas_scsi_req_alloc_failed(
- mfi_frame_desc[cmd->frame->header.frame_cmd],
- cmd->frame->header.target_id, cmd->frame->header.lun_id);
- megasas_write_sense(cmd, SENSE_CODE(NO_SENSE));
- cmd->frame->header.scsi_status = BUSY;
- s->event_count++;
- return MFI_STAT_SCSI_DONE_WITH_ERROR;
- }
- len = megasas_enqueue_req(cmd, is_write);
- if (len > 0) {
- if (is_write) {
- trace_megasas_io_write_start(cmd->index, lba_start, lba_count, len);
- } else {
- trace_megasas_io_read_start(cmd->index, lba_start, lba_count, len);
- }
- }
- return MFI_STAT_INVALID_STATUS;
-}
-
-static int megasas_finish_internal_command(MegasasCmd *cmd,
- SCSIRequest *req, size_t resid)
-{
- int retval = MFI_STAT_INVALID_CMD;
-
- if (cmd->frame->header.frame_cmd == MFI_CMD_DCMD) {
- cmd->iov_size -= resid;
- retval = megasas_finish_internal_dcmd(cmd, req);
- }
- return retval;
-}
-
-static QEMUSGList *megasas_get_sg_list(SCSIRequest *req)
-{
- MegasasCmd *cmd = req->hba_private;
-
- if (cmd->frame->header.frame_cmd == MFI_CMD_DCMD) {
- return NULL;
- } else {
- return &cmd->qsg;
- }
-}
-
-static void megasas_xfer_complete(SCSIRequest *req, uint32_t len)
-{
- MegasasCmd *cmd = req->hba_private;
- uint8_t *buf;
- uint32_t opcode;
-
- trace_megasas_io_complete(cmd->index, len);
-
- if (cmd->frame->header.frame_cmd != MFI_CMD_DCMD) {
- scsi_req_continue(req);
- return;
- }
-
- buf = scsi_req_get_buf(req);
- opcode = le32_to_cpu(cmd->frame->dcmd.opcode);
- if (opcode == MFI_DCMD_PD_GET_INFO && cmd->iov_buf) {
- struct mfi_pd_info *info = cmd->iov_buf;
-
- if (info->inquiry_data[0] == 0x7f) {
- memset(info->inquiry_data, 0, sizeof(info->inquiry_data));
- memcpy(info->inquiry_data, buf, len);
- } else if (info->vpd_page83[0] == 0x7f) {
- memset(info->vpd_page83, 0, sizeof(info->vpd_page83));
- memcpy(info->vpd_page83, buf, len);
- }
- scsi_req_continue(req);
- } else if (opcode == MFI_DCMD_LD_GET_INFO) {
- struct mfi_ld_info *info = cmd->iov_buf;
-
- if (cmd->iov_buf) {
- memcpy(info->vpd_page83, buf, sizeof(info->vpd_page83));
- scsi_req_continue(req);
- }
- }
-}
-
-static void megasas_command_complete(SCSIRequest *req, uint32_t status,
- size_t resid)
-{
- MegasasCmd *cmd = req->hba_private;
- uint8_t cmd_status = MFI_STAT_OK;
-
- trace_megasas_command_complete(cmd->index, status, resid);
-
- if (cmd->req != req) {
- /*
- * Internal command complete
- */
- cmd_status = megasas_finish_internal_command(cmd, req, resid);
- if (cmd_status == MFI_STAT_INVALID_STATUS) {
- return;
- }
- } else {
- req->status = status;
- trace_megasas_scsi_complete(cmd->index, req->status,
- cmd->iov_size, req->cmd.xfer);
- if (req->status != GOOD) {
- cmd_status = MFI_STAT_SCSI_DONE_WITH_ERROR;
- }
- if (req->status == CHECK_CONDITION) {
- megasas_copy_sense(cmd);
- }
-
- megasas_unmap_sgl(cmd);
- cmd->frame->header.scsi_status = req->status;
- scsi_req_unref(cmd->req);
- cmd->req = NULL;
- }
- cmd->frame->header.cmd_status = cmd_status;
- megasas_complete_frame(cmd->state, cmd->context);
-}
-
-static void megasas_command_cancel(SCSIRequest *req)
-{
- MegasasCmd *cmd = req->hba_private;
-
- if (cmd) {
- megasas_abort_command(cmd);
- } else {
- scsi_req_unref(req);
- }
-}
-
-static int megasas_handle_abort(MegasasState *s, MegasasCmd *cmd)
-{
- uint64_t abort_ctx = le64_to_cpu(cmd->frame->abort.abort_context);
- hwaddr abort_addr, addr_hi, addr_lo;
- MegasasCmd *abort_cmd;
-
- addr_hi = le32_to_cpu(cmd->frame->abort.abort_mfi_addr_hi);
- addr_lo = le32_to_cpu(cmd->frame->abort.abort_mfi_addr_lo);
- abort_addr = ((uint64_t)addr_hi << 32) | addr_lo;
-
- abort_cmd = megasas_lookup_frame(s, abort_addr);
- if (!abort_cmd) {
- trace_megasas_abort_no_cmd(cmd->index, abort_ctx);
- s->event_count++;
- return MFI_STAT_OK;
- }
- if (!megasas_use_queue64(s)) {
- abort_ctx &= (uint64_t)0xFFFFFFFF;
- }
- if (abort_cmd->context != abort_ctx) {
- trace_megasas_abort_invalid_context(cmd->index, abort_cmd->index,
- abort_cmd->context);
- s->event_count++;
- return MFI_STAT_ABORT_NOT_POSSIBLE;
- }
- trace_megasas_abort_frame(cmd->index, abort_cmd->index);
- megasas_abort_command(abort_cmd);
- if (!s->event_cmd || abort_cmd != s->event_cmd) {
- s->event_cmd = NULL;
- }
- s->event_count++;
- return MFI_STAT_OK;
-}
-
-static void megasas_handle_frame(MegasasState *s, uint64_t frame_addr,
- uint32_t frame_count)
-{
- uint8_t frame_status = MFI_STAT_INVALID_CMD;
- uint64_t frame_context;
- MegasasCmd *cmd;
-
- /*
- * Always read 64bit context, top bits will be
- * masked out if required in megasas_enqueue_frame()
- */
- frame_context = megasas_frame_get_context(frame_addr);
-
- cmd = megasas_enqueue_frame(s, frame_addr, frame_context, frame_count);
- if (!cmd) {
- /* reply queue full */
- trace_megasas_frame_busy(frame_addr);
- megasas_frame_set_scsi_status(frame_addr, BUSY);
- megasas_frame_set_cmd_status(frame_addr, MFI_STAT_SCSI_DONE_WITH_ERROR);
- megasas_complete_frame(s, frame_context);
- s->event_count++;
- return;
- }
- switch (cmd->frame->header.frame_cmd) {
- case MFI_CMD_INIT:
- frame_status = megasas_init_firmware(s, cmd);
- break;
- case MFI_CMD_DCMD:
- frame_status = megasas_handle_dcmd(s, cmd);
- break;
- case MFI_CMD_ABORT:
- frame_status = megasas_handle_abort(s, cmd);
- break;
- case MFI_CMD_PD_SCSI_IO:
- frame_status = megasas_handle_scsi(s, cmd, 0);
- break;
- case MFI_CMD_LD_SCSI_IO:
- frame_status = megasas_handle_scsi(s, cmd, 1);
- break;
- case MFI_CMD_LD_READ:
- case MFI_CMD_LD_WRITE:
- frame_status = megasas_handle_io(s, cmd);
- break;
- default:
- trace_megasas_unhandled_frame_cmd(cmd->index,
- cmd->frame->header.frame_cmd);
- s->event_count++;
- break;
- }
- if (frame_status != MFI_STAT_INVALID_STATUS) {
- if (cmd->frame) {
- cmd->frame->header.cmd_status = frame_status;
- } else {
- megasas_frame_set_cmd_status(frame_addr, frame_status);
- }
- megasas_complete_frame(s, cmd->context);
- }
-}
-
-static uint64_t megasas_mmio_read(void *opaque, hwaddr addr,
- unsigned size)
-{
- MegasasState *s = opaque;
- uint32_t retval = 0;
-
- switch (addr) {
- case MFI_IDB:
- retval = 0;
- break;
- case MFI_OMSG0:
- case MFI_OSP0:
- retval = (megasas_use_msix(s) ? MFI_FWSTATE_MSIX_SUPPORTED : 0) |
- (s->fw_state & MFI_FWSTATE_MASK) |
- ((s->fw_sge & 0xff) << 16) |
- (s->fw_cmds & 0xFFFF);
- break;
- case MFI_OSTS:
- if (megasas_intr_enabled(s) && s->doorbell) {
- retval = MFI_1078_RM | 1;
- }
- break;
- case MFI_OMSK:
- retval = s->intr_mask;
- break;
- case MFI_ODCR0:
- retval = s->doorbell;
- break;
- default:
- trace_megasas_mmio_invalid_readl(addr);
- break;
- }
- trace_megasas_mmio_readl(addr, retval);
- return retval;
-}
-
-static void megasas_mmio_write(void *opaque, hwaddr addr,
- uint64_t val, unsigned size)
-{
- MegasasState *s = opaque;
- uint64_t frame_addr;
- uint32_t frame_count;
- int i;
-
- trace_megasas_mmio_writel(addr, val);
- switch (addr) {
- case MFI_IDB:
- if (val & MFI_FWINIT_ABORT) {
- /* Abort all pending cmds */
- for (i = 0; i < s->fw_cmds; i++) {
- megasas_abort_command(&s->frames[i]);
- }
- }
- if (val & MFI_FWINIT_READY) {
- /* move to FW READY */
- megasas_soft_reset(s);
- }
- if (val & MFI_FWINIT_MFIMODE) {
- /* discard MFIs */
- }
- break;
- case MFI_OMSK:
- s->intr_mask = val;
- if (!megasas_intr_enabled(s) && !msix_enabled(&s->dev)) {
- trace_megasas_irq_lower();
- qemu_irq_lower(s->dev.irq[0]);
- }
- if (megasas_intr_enabled(s)) {
- trace_megasas_intr_enabled();
- } else {
- trace_megasas_intr_disabled();
- }
- break;
- case MFI_ODCR0:
- s->doorbell = 0;
- if (s->producer_pa && megasas_intr_enabled(s)) {
- /* Update reply queue pointer */
- trace_megasas_qf_update(s->reply_queue_head, s->busy);
- stl_le_phys(s->producer_pa, s->reply_queue_head);
- if (!msix_enabled(&s->dev)) {
- trace_megasas_irq_lower();
- qemu_irq_lower(s->dev.irq[0]);
- }
- }
- break;
- case MFI_IQPH:
- /* Received high 32 bits of a 64 bit MFI frame address */
- s->frame_hi = val;
- break;
- case MFI_IQPL:
- /* Received low 32 bits of a 64 bit MFI frame address */
- case MFI_IQP:
- /* Received 32 bit MFI frame address */
- frame_addr = (val & ~0x1F);
- /* Add possible 64 bit offset */
- frame_addr |= ((uint64_t)s->frame_hi << 32);
- s->frame_hi = 0;
- frame_count = (val >> 1) & 0xF;
- megasas_handle_frame(s, frame_addr, frame_count);
- break;
- default:
- trace_megasas_mmio_invalid_writel(addr, val);
- break;
- }
-}
-
-static const MemoryRegionOps megasas_mmio_ops = {
- .read = megasas_mmio_read,
- .write = megasas_mmio_write,
- .endianness = DEVICE_LITTLE_ENDIAN,
- .impl = {
- .min_access_size = 8,
- .max_access_size = 8,
- }
-};
-
-static uint64_t megasas_port_read(void *opaque, hwaddr addr,
- unsigned size)
-{
- return megasas_mmio_read(opaque, addr & 0xff, size);
-}
-
-static void megasas_port_write(void *opaque, hwaddr addr,
- uint64_t val, unsigned size)
-{
- megasas_mmio_write(opaque, addr & 0xff, val, size);
-}
-
-static const MemoryRegionOps megasas_port_ops = {
- .read = megasas_port_read,
- .write = megasas_port_write,
- .endianness = DEVICE_LITTLE_ENDIAN,
- .impl = {
- .min_access_size = 4,
- .max_access_size = 4,
- }
-};
-
-static uint64_t megasas_queue_read(void *opaque, hwaddr addr,
- unsigned size)
-{
- return 0;
-}
-
-static const MemoryRegionOps megasas_queue_ops = {
- .read = megasas_queue_read,
- .endianness = DEVICE_LITTLE_ENDIAN,
- .impl = {
- .min_access_size = 8,
- .max_access_size = 8,
- }
-};
-
-static void megasas_soft_reset(MegasasState *s)
-{
- int i;
- MegasasCmd *cmd;
-
- trace_megasas_reset();
- for (i = 0; i < s->fw_cmds; i++) {
- cmd = &s->frames[i];
- megasas_abort_command(cmd);
- }
- megasas_reset_frames(s);
- s->reply_queue_len = s->fw_cmds;
- s->reply_queue_pa = 0;
- s->consumer_pa = 0;
- s->producer_pa = 0;
- s->fw_state = MFI_FWSTATE_READY;
- s->doorbell = 0;
- s->intr_mask = MEGASAS_INTR_DISABLED_MASK;
- s->frame_hi = 0;
- s->flags &= ~MEGASAS_MASK_USE_QUEUE64;
- s->event_count++;
- s->boot_event = s->event_count;
-}
-
-static void megasas_scsi_reset(DeviceState *dev)
-{
- MegasasState *s = DO_UPCAST(MegasasState, dev.qdev, dev);
-
- megasas_soft_reset(s);
-}
-
-static const VMStateDescription vmstate_megasas = {
- .name = "megasas",
- .version_id = 0,
- .minimum_version_id = 0,
- .minimum_version_id_old = 0,
- .fields = (VMStateField[]) {
- VMSTATE_PCI_DEVICE(dev, MegasasState),
-
- VMSTATE_INT32(fw_state, MegasasState),
- VMSTATE_INT32(intr_mask, MegasasState),
- VMSTATE_INT32(doorbell, MegasasState),
- VMSTATE_UINT64(reply_queue_pa, MegasasState),
- VMSTATE_UINT64(consumer_pa, MegasasState),
- VMSTATE_UINT64(producer_pa, MegasasState),
- VMSTATE_END_OF_LIST()
- }
-};
-
-static void megasas_scsi_uninit(PCIDevice *d)
-{
- MegasasState *s = DO_UPCAST(MegasasState, dev, d);
-
-#ifdef USE_MSIX
- msix_uninit(&s->dev, &s->mmio_io);
-#endif
- memory_region_destroy(&s->mmio_io);
- memory_region_destroy(&s->port_io);
- memory_region_destroy(&s->queue_io);
-}
-
-static const struct SCSIBusInfo megasas_scsi_info = {
- .tcq = true,
- .max_target = MFI_MAX_LD,
- .max_lun = 255,
-
- .transfer_data = megasas_xfer_complete,
- .get_sg_list = megasas_get_sg_list,
- .complete = megasas_command_complete,
- .cancel = megasas_command_cancel,
-};
-
-static int megasas_scsi_init(PCIDevice *dev)
-{
- MegasasState *s = DO_UPCAST(MegasasState, dev, dev);
- uint8_t *pci_conf;
- int i, bar_type;
-
- pci_conf = s->dev.config;
-
- /* PCI latency timer = 0 */
- pci_conf[PCI_LATENCY_TIMER] = 0;
- /* Interrupt pin 1 */
- pci_conf[PCI_INTERRUPT_PIN] = 0x01;
-
- memory_region_init_io(&s->mmio_io, &megasas_mmio_ops, s,
- "megasas-mmio", 0x4000);
- memory_region_init_io(&s->port_io, &megasas_port_ops, s,
- "megasas-io", 256);
- memory_region_init_io(&s->queue_io, &megasas_queue_ops, s,
- "megasas-queue", 0x40000);
-
-#ifdef USE_MSIX
- /* MSI-X support is currently broken */
- if (megasas_use_msix(s) &&
- msix_init(&s->dev, 15, &s->mmio_io, 0, 0x2000)) {
- s->flags &= ~MEGASAS_MASK_USE_MSIX;
- }
-#else
- s->flags &= ~MEGASAS_MASK_USE_MSIX;
-#endif
-
- bar_type = PCI_BASE_ADDRESS_SPACE_MEMORY | PCI_BASE_ADDRESS_MEM_TYPE_64;
- pci_register_bar(&s->dev, 0, bar_type, &s->mmio_io);
- pci_register_bar(&s->dev, 2, PCI_BASE_ADDRESS_SPACE_IO, &s->port_io);
- pci_register_bar(&s->dev, 3, bar_type, &s->queue_io);
-
- if (megasas_use_msix(s)) {
- msix_vector_use(&s->dev, 0);
- }
-
- if (!s->sas_addr) {
- s->sas_addr = ((NAA_LOCALLY_ASSIGNED_ID << 24) |
- IEEE_COMPANY_LOCALLY_ASSIGNED) << 36;
- s->sas_addr |= (pci_bus_num(dev->bus) << 16);
- s->sas_addr |= (PCI_SLOT(dev->devfn) << 8);
- s->sas_addr |= PCI_FUNC(dev->devfn);
- }
- if (!s->hba_serial) {
- s->hba_serial = g_strdup(MEGASAS_HBA_SERIAL);
- }
- if (s->fw_sge >= MEGASAS_MAX_SGE - MFI_PASS_FRAME_SIZE) {
- s->fw_sge = MEGASAS_MAX_SGE - MFI_PASS_FRAME_SIZE;
- } else if (s->fw_sge >= 128 - MFI_PASS_FRAME_SIZE) {
- s->fw_sge = 128 - MFI_PASS_FRAME_SIZE;
- } else {
- s->fw_sge = 64 - MFI_PASS_FRAME_SIZE;
- }
- if (s->fw_cmds > MEGASAS_MAX_FRAMES) {
- s->fw_cmds = MEGASAS_MAX_FRAMES;
- }
- trace_megasas_init(s->fw_sge, s->fw_cmds,
- megasas_use_msix(s) ? "MSI-X" : "INTx",
- megasas_is_jbod(s) ? "jbod" : "raid");
- s->fw_luns = (MFI_MAX_LD > MAX_SCSI_DEVS) ?
- MAX_SCSI_DEVS : MFI_MAX_LD;
- s->producer_pa = 0;
- s->consumer_pa = 0;
- for (i = 0; i < s->fw_cmds; i++) {
- s->frames[i].index = i;
- s->frames[i].context = -1;
- s->frames[i].pa = 0;
- s->frames[i].state = s;
- }
-
- scsi_bus_new(&s->bus, &dev->qdev, &megasas_scsi_info);
- scsi_bus_legacy_handle_cmdline(&s->bus);
- return 0;
-}
-
-static Property megasas_properties[] = {
- DEFINE_PROP_UINT32("max_sge", MegasasState, fw_sge,
- MEGASAS_DEFAULT_SGE),
- DEFINE_PROP_UINT32("max_cmds", MegasasState, fw_cmds,
- MEGASAS_DEFAULT_FRAMES),
- DEFINE_PROP_STRING("hba_serial", MegasasState, hba_serial),
- DEFINE_PROP_HEX64("sas_address", MegasasState, sas_addr, 0),
-#ifdef USE_MSIX
- DEFINE_PROP_BIT("use_msix", MegasasState, flags,
- MEGASAS_FLAG_USE_MSIX, false),
-#endif
- DEFINE_PROP_BIT("use_jbod", MegasasState, flags,
- MEGASAS_FLAG_USE_JBOD, false),
- DEFINE_PROP_END_OF_LIST(),
-};
-
-static void megasas_class_init(ObjectClass *oc, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS(oc);
- PCIDeviceClass *pc = PCI_DEVICE_CLASS(oc);
-
- pc->init = megasas_scsi_init;
- pc->exit = megasas_scsi_uninit;
- pc->vendor_id = PCI_VENDOR_ID_LSI_LOGIC;
- pc->device_id = PCI_DEVICE_ID_LSI_SAS1078;
- pc->subsystem_vendor_id = PCI_VENDOR_ID_LSI_LOGIC;
- pc->subsystem_id = 0x1013;
- pc->class_id = PCI_CLASS_STORAGE_RAID;
- dc->props = megasas_properties;
- dc->reset = megasas_scsi_reset;
- dc->vmsd = &vmstate_megasas;
- dc->desc = "LSI MegaRAID SAS 1078";
-}
-
-static const TypeInfo megasas_info = {
- .name = "megasas",
- .parent = TYPE_PCI_DEVICE,
- .instance_size = sizeof(MegasasState),
- .class_init = megasas_class_init,
-};
-
-static void megasas_register_types(void)
-{
- type_register_static(&megasas_info);
-}
-
-type_init(megasas_register_types)
diff --git a/hw/microblaze/Makefile.objs b/hw/microblaze/Makefile.objs
index 3028e651c..c65e2aabf 100644
--- a/hw/microblaze/Makefile.objs
+++ b/hw/microblaze/Makefile.objs
@@ -1,10 +1,4 @@
-obj-y = petalogix_s3adsp1800_mmu.o
+obj-y += petalogix_s3adsp1800_mmu.o
obj-y += petalogix_ml605_mmu.o
-obj-y += microblaze_boot.o
-obj-y += xilinx_spi.o
-
-obj-y += microblaze_pic_cpu.o
-obj-y += xilinx_ethlite.o
-obj-$(CONFIG_FDT) += ../device_tree.o
-
-obj-y := $(addprefix ../,$(obj-y))
+obj-y += boot.o
+obj-y += pic_cpu.o
diff --git a/hw/microblaze/boot.c b/hw/microblaze/boot.c
new file mode 100644
index 000000000..5b057f788
--- /dev/null
+++ b/hw/microblaze/boot.c
@@ -0,0 +1,164 @@
+/*
+ * Microblaze kernel loader
+ *
+ * Copyright (c) 2012 Peter Crosthwaite <peter.crosthwaite@petalogix.com>
+ * Copyright (c) 2012 PetaLogix
+ * Copyright (c) 2009 Edgar E. Iglesias.
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+#include "qemu/option.h"
+#include "qemu/config-file.h"
+#include "qemu-common.h"
+#include "sysemu/device_tree.h"
+#include "sysemu/sysemu.h"
+#include "hw/loader.h"
+#include "elf.h"
+
+#include "boot.h"
+
+static struct
+{
+ void (*machine_cpu_reset)(MicroBlazeCPU *);
+ uint32_t bootstrap_pc;
+ uint32_t cmdline;
+ uint32_t fdt;
+} boot_info;
+
+static void main_cpu_reset(void *opaque)
+{
+ MicroBlazeCPU *cpu = opaque;
+ CPUMBState *env = &cpu->env;
+
+ cpu_reset(CPU(cpu));
+ env->regs[5] = boot_info.cmdline;
+ env->regs[7] = boot_info.fdt;
+ env->sregs[SR_PC] = boot_info.bootstrap_pc;
+ if (boot_info.machine_cpu_reset) {
+ boot_info.machine_cpu_reset(cpu);
+ }
+}
+
+static int microblaze_load_dtb(hwaddr addr,
+ uint32_t ramsize,
+ const char *kernel_cmdline,
+ const char *dtb_filename)
+{
+ int fdt_size;
+ void *fdt = NULL;
+ int r;
+
+ if (dtb_filename) {
+ fdt = load_device_tree(dtb_filename, &fdt_size);
+ }
+ if (!fdt) {
+ return 0;
+ }
+
+ if (kernel_cmdline) {
+ r = qemu_devtree_setprop_string(fdt, "/chosen", "bootargs",
+ kernel_cmdline);
+ if (r < 0) {
+ fprintf(stderr, "couldn't set /chosen/bootargs\n");
+ }
+ }
+
+ cpu_physical_memory_write(addr, fdt, fdt_size);
+ return fdt_size;
+}
+
+static uint64_t translate_kernel_address(void *opaque, uint64_t addr)
+{
+ return addr - 0x30000000LL;
+}
+
+void microblaze_load_kernel(MicroBlazeCPU *cpu, hwaddr ddr_base,
+ uint32_t ramsize, const char *dtb_filename,
+ void (*machine_cpu_reset)(MicroBlazeCPU *))
+{
+ QemuOpts *machine_opts;
+ const char *kernel_filename;
+ const char *kernel_cmdline;
+ const char *dtb_arg;
+
+ machine_opts = qemu_get_machine_opts();
+ kernel_filename = qemu_opt_get(machine_opts, "kernel");
+ kernel_cmdline = qemu_opt_get(machine_opts, "append");
+ dtb_arg = qemu_opt_get(machine_opts, "dtb");
+ if (dtb_arg) { /* Preference a -dtb argument */
+ dtb_filename = dtb_arg;
+ } else { /* default to pcbios dtb as passed by machine_init */
+ dtb_filename = qemu_find_file(QEMU_FILE_TYPE_BIOS, dtb_filename);
+ }
+
+ boot_info.machine_cpu_reset = machine_cpu_reset;
+ qemu_register_reset(main_cpu_reset, cpu);
+
+ if (kernel_filename) {
+ int kernel_size;
+ uint64_t entry, low, high;
+ uint32_t base32;
+ int big_endian = 0;
+
+#ifdef TARGET_WORDS_BIGENDIAN
+ big_endian = 1;
+#endif
+
+ /* Boots a kernel elf binary. */
+ kernel_size = load_elf(kernel_filename, NULL, NULL,
+ &entry, &low, &high,
+ big_endian, ELF_MACHINE, 0);
+ base32 = entry;
+ if (base32 == 0xc0000000) {
+ kernel_size = load_elf(kernel_filename, translate_kernel_address,
+ NULL, &entry, NULL, NULL,
+ big_endian, ELF_MACHINE, 0);
+ }
+ /* Always boot into physical ram. */
+ boot_info.bootstrap_pc = ddr_base + (entry & 0x0fffffff);
+
+ /* If it wasn't an ELF image, try an u-boot image. */
+ if (kernel_size < 0) {
+ hwaddr uentry, loadaddr;
+
+ kernel_size = load_uimage(kernel_filename, &uentry, &loadaddr, 0);
+ boot_info.bootstrap_pc = uentry;
+ high = (loadaddr + kernel_size + 3) & ~3;
+ }
+
+ /* Not an ELF image nor an u-boot image, try a RAW image. */
+ if (kernel_size < 0) {
+ kernel_size = load_image_targphys(kernel_filename, ddr_base,
+ ram_size);
+ boot_info.bootstrap_pc = ddr_base;
+ high = (ddr_base + kernel_size + 3) & ~3;
+ }
+
+ boot_info.cmdline = high + 4096;
+ if (kernel_cmdline && strlen(kernel_cmdline)) {
+ pstrcpy_targphys("cmdline", boot_info.cmdline, 256, kernel_cmdline);
+ }
+ /* Provide a device-tree. */
+ boot_info.fdt = boot_info.cmdline + 4096;
+ microblaze_load_dtb(boot_info.fdt, ram_size, kernel_cmdline,
+ dtb_filename);
+ }
+
+}
diff --git a/hw/microblaze/boot.h b/hw/microblaze/boot.h
new file mode 100644
index 000000000..b14ef2b99
--- /dev/null
+++ b/hw/microblaze/boot.h
@@ -0,0 +1,10 @@
+#ifndef __MICROBLAZE_BOOT__
+#define __MICROBLAZE_BOOT__
+
+#include "hw/hw.h"
+
+void microblaze_load_kernel(MicroBlazeCPU *cpu, hwaddr ddr_base,
+ uint32_t ramsize, const char *dtb_filename,
+ void (*machine_cpu_reset)(MicroBlazeCPU *));
+
+#endif /* __MICROBLAZE_BOOT __ */
diff --git a/hw/microblaze/petalogix_ml605_mmu.c b/hw/microblaze/petalogix_ml605_mmu.c
new file mode 100644
index 000000000..989da25de
--- /dev/null
+++ b/hw/microblaze/petalogix_ml605_mmu.c
@@ -0,0 +1,197 @@
+/*
+ * Model of Petalogix linux reference design targeting Xilinx Spartan ml605
+ * board.
+ *
+ * Copyright (c) 2011 Michal Simek <monstr@monstr.eu>
+ * Copyright (c) 2011 PetaLogix
+ * Copyright (c) 2009 Edgar E. Iglesias.
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+#include "hw/sysbus.h"
+#include "hw/hw.h"
+#include "net/net.h"
+#include "hw/block/flash.h"
+#include "sysemu/sysemu.h"
+#include "hw/devices.h"
+#include "hw/boards.h"
+#include "hw/xilinx.h"
+#include "sysemu/blockdev.h"
+#include "hw/char/serial.h"
+#include "exec/address-spaces.h"
+#include "hw/ssi.h"
+
+#include "boot.h"
+#include "pic_cpu.h"
+
+#include "hw/stream.h"
+
+#define LMB_BRAM_SIZE (128 * 1024)
+#define FLASH_SIZE (32 * 1024 * 1024)
+
+#define BINARY_DEVICE_TREE_FILE "petalogix-ml605.dtb"
+
+#define NUM_SPI_FLASHES 4
+
+#define MEMORY_BASEADDR 0x50000000
+#define FLASH_BASEADDR 0x86000000
+#define INTC_BASEADDR 0x81800000
+#define TIMER_BASEADDR 0x83c00000
+#define UART16550_BASEADDR 0x83e00000
+#define AXIENET_BASEADDR 0x82780000
+#define AXIDMA_BASEADDR 0x84600000
+
+static void machine_cpu_reset(MicroBlazeCPU *cpu)
+{
+ CPUMBState *env = &cpu->env;
+
+ env->pvr.regs[10] = 0x0e000000; /* virtex 6 */
+ /* setup pvr to match kernel setting */
+ env->pvr.regs[5] |= PVR5_DCACHE_WRITEBACK_MASK;
+ env->pvr.regs[0] |= PVR0_USE_FPU_MASK | PVR0_ENDI;
+ env->pvr.regs[0] = (env->pvr.regs[0] & ~PVR0_VERSION_MASK) | (0x14 << 8);
+ env->pvr.regs[2] ^= PVR2_USE_FPU2_MASK;
+ env->pvr.regs[4] = 0xc56b8000;
+ env->pvr.regs[5] = 0xc56be000;
+}
+
+static void
+petalogix_ml605_init(QEMUMachineInitArgs *args)
+{
+ ram_addr_t ram_size = args->ram_size;
+ const char *cpu_model = args->cpu_model;
+ MemoryRegion *address_space_mem = get_system_memory();
+ DeviceState *dev, *dma, *eth0;
+ Object *ds, *cs;
+ MicroBlazeCPU *cpu;
+ SysBusDevice *busdev;
+ CPUMBState *env;
+ DriveInfo *dinfo;
+ int i;
+ hwaddr ddr_base = MEMORY_BASEADDR;
+ MemoryRegion *phys_lmb_bram = g_new(MemoryRegion, 1);
+ MemoryRegion *phys_ram = g_new(MemoryRegion, 1);
+ qemu_irq irq[32], *cpu_irq;
+
+ /* init CPUs */
+ if (cpu_model == NULL) {
+ cpu_model = "microblaze";
+ }
+ cpu = cpu_mb_init(cpu_model);
+ env = &cpu->env;
+
+ /* Attach emulated BRAM through the LMB. */
+ memory_region_init_ram(phys_lmb_bram, NULL, "petalogix_ml605.lmb_bram",
+ LMB_BRAM_SIZE);
+ vmstate_register_ram_global(phys_lmb_bram);
+ memory_region_add_subregion(address_space_mem, 0x00000000, phys_lmb_bram);
+
+ memory_region_init_ram(phys_ram, NULL, "petalogix_ml605.ram", ram_size);
+ vmstate_register_ram_global(phys_ram);
+ memory_region_add_subregion(address_space_mem, ddr_base, phys_ram);
+
+ dinfo = drive_get(IF_PFLASH, 0, 0);
+ /* 5th parameter 2 means bank-width
+ * 10th paremeter 0 means little-endian */
+ pflash_cfi01_register(FLASH_BASEADDR,
+ NULL, "petalogix_ml605.flash", FLASH_SIZE,
+ dinfo ? dinfo->bdrv : NULL, (64 * 1024),
+ FLASH_SIZE >> 16,
+ 2, 0x89, 0x18, 0x0000, 0x0, 0);
+
+
+ cpu_irq = microblaze_pic_init_cpu(env);
+ dev = xilinx_intc_create(INTC_BASEADDR, cpu_irq[0], 4);
+ for (i = 0; i < 32; i++) {
+ irq[i] = qdev_get_gpio_in(dev, i);
+ }
+
+ serial_mm_init(address_space_mem, UART16550_BASEADDR + 0x1000, 2,
+ irq[5], 115200, serial_hds[0], DEVICE_LITTLE_ENDIAN);
+
+ /* 2 timers at irq 2 @ 100 Mhz. */
+ xilinx_timer_create(TIMER_BASEADDR, irq[2], 0, 100 * 1000000);
+
+ /* axi ethernet and dma initialization. */
+ qemu_check_nic_model(&nd_table[0], "xlnx.axi-ethernet");
+ eth0 = qdev_create(NULL, "xlnx.axi-ethernet");
+ dma = qdev_create(NULL, "xlnx.axi-dma");
+
+ /* FIXME: attach to the sysbus instead */
+ object_property_add_child(qdev_get_machine(), "xilinx-eth", OBJECT(eth0),
+ NULL);
+ object_property_add_child(qdev_get_machine(), "xilinx-dma", OBJECT(dma),
+ NULL);
+
+ ds = object_property_get_link(OBJECT(dma),
+ "axistream-connected-target", NULL);
+ cs = object_property_get_link(OBJECT(dma),
+ "axistream-control-connected-target", NULL);
+ xilinx_axiethernet_init(eth0, &nd_table[0], STREAM_SLAVE(ds),
+ STREAM_SLAVE(cs), 0x82780000, irq[3], 0x1000,
+ 0x1000);
+
+ ds = object_property_get_link(OBJECT(eth0),
+ "axistream-connected-target", NULL);
+ cs = object_property_get_link(OBJECT(eth0),
+ "axistream-control-connected-target", NULL);
+ xilinx_axidma_init(dma, STREAM_SLAVE(ds), STREAM_SLAVE(cs), 0x84600000,
+ irq[1], irq[0], 100 * 1000000);
+
+ {
+ SSIBus *spi;
+
+ dev = qdev_create(NULL, "xlnx.xps-spi");
+ qdev_prop_set_uint8(dev, "num-ss-bits", NUM_SPI_FLASHES);
+ qdev_init_nofail(dev);
+ busdev = SYS_BUS_DEVICE(dev);
+ sysbus_mmio_map(busdev, 0, 0x40a00000);
+ sysbus_connect_irq(busdev, 0, irq[4]);
+
+ spi = (SSIBus *)qdev_get_child_bus(dev, "spi");
+
+ for (i = 0; i < NUM_SPI_FLASHES; i++) {
+ qemu_irq cs_line;
+
+ dev = ssi_create_slave(spi, "n25q128");
+ cs_line = qdev_get_gpio_in(dev, 0);
+ sysbus_connect_irq(busdev, i+1, cs_line);
+ }
+ }
+
+ microblaze_load_kernel(cpu, ddr_base, ram_size, BINARY_DEVICE_TREE_FILE,
+ machine_cpu_reset);
+
+}
+
+static QEMUMachine petalogix_ml605_machine = {
+ .name = "petalogix-ml605",
+ .desc = "PetaLogix linux refdesign for xilinx ml605 little endian",
+ .init = petalogix_ml605_init,
+ .is_default = 0,
+ DEFAULT_MACHINE_OPTIONS,
+};
+
+static void petalogix_ml605_machine_init(void)
+{
+ qemu_register_machine(&petalogix_ml605_machine);
+}
+
+machine_init(petalogix_ml605_machine_init);
diff --git a/hw/microblaze/petalogix_s3adsp1800_mmu.c b/hw/microblaze/petalogix_s3adsp1800_mmu.c
new file mode 100644
index 000000000..a46149443
--- /dev/null
+++ b/hw/microblaze/petalogix_s3adsp1800_mmu.c
@@ -0,0 +1,127 @@
+/*
+ * Model of Petalogix linux reference design targeting Xilinx Spartan 3ADSP-1800
+ * boards.
+ *
+ * Copyright (c) 2009 Edgar E. Iglesias.
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+#include "hw/sysbus.h"
+#include "hw/hw.h"
+#include "net/net.h"
+#include "hw/block/flash.h"
+#include "sysemu/sysemu.h"
+#include "hw/devices.h"
+#include "hw/boards.h"
+#include "hw/xilinx.h"
+#include "sysemu/blockdev.h"
+#include "exec/address-spaces.h"
+
+#include "boot.h"
+#include "pic_cpu.h"
+
+#define LMB_BRAM_SIZE (128 * 1024)
+#define FLASH_SIZE (16 * 1024 * 1024)
+
+#define BINARY_DEVICE_TREE_FILE "petalogix-s3adsp1800.dtb"
+
+#define MEMORY_BASEADDR 0x90000000
+#define FLASH_BASEADDR 0xa0000000
+#define INTC_BASEADDR 0x81800000
+#define TIMER_BASEADDR 0x83c00000
+#define UARTLITE_BASEADDR 0x84000000
+#define ETHLITE_BASEADDR 0x81000000
+
+static void machine_cpu_reset(MicroBlazeCPU *cpu)
+{
+ CPUMBState *env = &cpu->env;
+
+ env->pvr.regs[10] = 0x0c000000; /* spartan 3a dsp family. */
+}
+
+static void
+petalogix_s3adsp1800_init(QEMUMachineInitArgs *args)
+{
+ ram_addr_t ram_size = args->ram_size;
+ const char *cpu_model = args->cpu_model;
+ DeviceState *dev;
+ MicroBlazeCPU *cpu;
+ CPUMBState *env;
+ DriveInfo *dinfo;
+ int i;
+ hwaddr ddr_base = MEMORY_BASEADDR;
+ MemoryRegion *phys_lmb_bram = g_new(MemoryRegion, 1);
+ MemoryRegion *phys_ram = g_new(MemoryRegion, 1);
+ qemu_irq irq[32], *cpu_irq;
+ MemoryRegion *sysmem = get_system_memory();
+
+ /* init CPUs */
+ if (cpu_model == NULL) {
+ cpu_model = "microblaze";
+ }
+ cpu = cpu_mb_init(cpu_model);
+ env = &cpu->env;
+
+ /* Attach emulated BRAM through the LMB. */
+ memory_region_init_ram(phys_lmb_bram, NULL,
+ "petalogix_s3adsp1800.lmb_bram", LMB_BRAM_SIZE);
+ vmstate_register_ram_global(phys_lmb_bram);
+ memory_region_add_subregion(sysmem, 0x00000000, phys_lmb_bram);
+
+ memory_region_init_ram(phys_ram, NULL, "petalogix_s3adsp1800.ram", ram_size);
+ vmstate_register_ram_global(phys_ram);
+ memory_region_add_subregion(sysmem, ddr_base, phys_ram);
+
+ dinfo = drive_get(IF_PFLASH, 0, 0);
+ pflash_cfi01_register(FLASH_BASEADDR,
+ NULL, "petalogix_s3adsp1800.flash", FLASH_SIZE,
+ dinfo ? dinfo->bdrv : NULL, (64 * 1024),
+ FLASH_SIZE >> 16,
+ 1, 0x89, 0x18, 0x0000, 0x0, 1);
+
+ cpu_irq = microblaze_pic_init_cpu(env);
+ dev = xilinx_intc_create(INTC_BASEADDR, cpu_irq[0], 0xA);
+ for (i = 0; i < 32; i++) {
+ irq[i] = qdev_get_gpio_in(dev, i);
+ }
+
+ sysbus_create_simple("xlnx.xps-uartlite", UARTLITE_BASEADDR, irq[3]);
+ /* 2 timers at irq 2 @ 62 Mhz. */
+ xilinx_timer_create(TIMER_BASEADDR, irq[0], 0, 62 * 1000000);
+ xilinx_ethlite_create(&nd_table[0], ETHLITE_BASEADDR, irq[1], 0, 0);
+
+ microblaze_load_kernel(cpu, ddr_base, ram_size,
+ BINARY_DEVICE_TREE_FILE, machine_cpu_reset);
+}
+
+static QEMUMachine petalogix_s3adsp1800_machine = {
+ .name = "petalogix-s3adsp1800",
+ .desc = "PetaLogix linux refdesign for xilinx Spartan 3ADSP1800",
+ .init = petalogix_s3adsp1800_init,
+ .is_default = 1,
+ DEFAULT_MACHINE_OPTIONS,
+};
+
+static void petalogix_s3adsp1800_machine_init(void)
+{
+ qemu_register_machine(&petalogix_s3adsp1800_machine);
+}
+
+machine_init(petalogix_s3adsp1800_machine_init);
diff --git a/hw/microblaze/pic_cpu.c b/hw/microblaze/pic_cpu.c
new file mode 100644
index 000000000..16902f788
--- /dev/null
+++ b/hw/microblaze/pic_cpu.c
@@ -0,0 +1,47 @@
+/*
+ * QEMU MicroBlaze CPU interrupt wrapper logic.
+ *
+ * Copyright (c) 2009 Edgar E. Iglesias, Axis Communications AB.
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+#include "hw/hw.h"
+#include "pic_cpu.h"
+
+#define D(x)
+
+static void microblaze_pic_cpu_handler(void *opaque, int irq, int level)
+{
+ MicroBlazeCPU *cpu = opaque;
+ CPUState *cs = CPU(cpu);
+ int type = irq ? CPU_INTERRUPT_NMI : CPU_INTERRUPT_HARD;
+
+ if (level) {
+ cpu_interrupt(cs, type);
+ } else {
+ cpu_reset_interrupt(cs, type);
+ }
+}
+
+qemu_irq *microblaze_pic_init_cpu(CPUMBState *env)
+{
+ return qemu_allocate_irqs(microblaze_pic_cpu_handler, mb_env_get_cpu(env),
+ 2);
+}
diff --git a/hw/microblaze_pic_cpu.h b/hw/microblaze/pic_cpu.h
index 43090a48e..43090a48e 100644
--- a/hw/microblaze_pic_cpu.h
+++ b/hw/microblaze/pic_cpu.h
diff --git a/hw/microblaze_boot.c b/hw/microblaze_boot.c
deleted file mode 100644
index 02c349c18..000000000
--- a/hw/microblaze_boot.c
+++ /dev/null
@@ -1,177 +0,0 @@
-/*
- * Microblaze kernel loader
- *
- * Copyright (c) 2012 Peter Crosthwaite <peter.crosthwaite@petalogix.com>
- * Copyright (c) 2012 PetaLogix
- * Copyright (c) 2009 Edgar E. Iglesias.
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
- * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
- * THE SOFTWARE.
- */
-
-#include "qemu-option.h"
-#include "qemu-config.h"
-#include "qemu-common.h"
-#include "device_tree.h"
-#include "loader.h"
-#include "elf.h"
-
-#include "microblaze_boot.h"
-
-static struct
-{
- void (*machine_cpu_reset)(MicroBlazeCPU *);
- uint32_t bootstrap_pc;
- uint32_t cmdline;
- uint32_t fdt;
-} boot_info;
-
-static void main_cpu_reset(void *opaque)
-{
- MicroBlazeCPU *cpu = opaque;
- CPUMBState *env = &cpu->env;
-
- cpu_reset(CPU(cpu));
- env->regs[5] = boot_info.cmdline;
- env->regs[7] = boot_info.fdt;
- env->sregs[SR_PC] = boot_info.bootstrap_pc;
- if (boot_info.machine_cpu_reset) {
- boot_info.machine_cpu_reset(cpu);
- }
-}
-
-static int microblaze_load_dtb(hwaddr addr,
- uint32_t ramsize,
- const char *kernel_cmdline,
- const char *dtb_filename)
-{
- int fdt_size;
-#ifdef CONFIG_FDT
- void *fdt = NULL;
- int r;
-
- if (dtb_filename) {
- fdt = load_device_tree(dtb_filename, &fdt_size);
- }
- if (!fdt) {
- return 0;
- }
-
- if (kernel_cmdline) {
- r = qemu_devtree_setprop_string(fdt, "/chosen", "bootargs",
- kernel_cmdline);
- if (r < 0) {
- fprintf(stderr, "couldn't set /chosen/bootargs\n");
- }
- }
-
- cpu_physical_memory_write(addr, (void *)fdt, fdt_size);
-#else
- /* We lack libfdt so we cannot manipulate the fdt. Just pass on the blob
- to the kernel. */
- if (dtb_filename) {
- fdt_size = load_image_targphys(dtb_filename, addr, 0x10000);
- }
- if (kernel_cmdline) {
- fprintf(stderr,
- "Warning: missing libfdt, cannot pass cmdline to kernel!\n");
- }
-#endif
- return fdt_size;
-}
-
-static uint64_t translate_kernel_address(void *opaque, uint64_t addr)
-{
- return addr - 0x30000000LL;
-}
-
-void microblaze_load_kernel(MicroBlazeCPU *cpu, hwaddr ddr_base,
- uint32_t ramsize, const char *dtb_filename,
- void (*machine_cpu_reset)(MicroBlazeCPU *))
-{
- QemuOpts *machine_opts;
- const char *kernel_filename = NULL;
- const char *kernel_cmdline = NULL;
-
- machine_opts = qemu_opts_find(qemu_find_opts("machine"), 0);
- if (machine_opts) {
- const char *dtb_arg;
- kernel_filename = qemu_opt_get(machine_opts, "kernel");
- kernel_cmdline = qemu_opt_get(machine_opts, "append");
- dtb_arg = qemu_opt_get(machine_opts, "dtb");
- if (dtb_arg) { /* Preference a -dtb argument */
- dtb_filename = dtb_arg;
- } else { /* default to pcbios dtb as passed by machine_init */
- dtb_filename = qemu_find_file(QEMU_FILE_TYPE_BIOS, dtb_filename);
- }
- }
-
- boot_info.machine_cpu_reset = machine_cpu_reset;
- qemu_register_reset(main_cpu_reset, cpu);
-
- if (kernel_filename) {
- int kernel_size;
- uint64_t entry, low, high;
- uint32_t base32;
- int big_endian = 0;
-
-#ifdef TARGET_WORDS_BIGENDIAN
- big_endian = 1;
-#endif
-
- /* Boots a kernel elf binary. */
- kernel_size = load_elf(kernel_filename, NULL, NULL,
- &entry, &low, &high,
- big_endian, ELF_MACHINE, 0);
- base32 = entry;
- if (base32 == 0xc0000000) {
- kernel_size = load_elf(kernel_filename, translate_kernel_address,
- NULL, &entry, NULL, NULL,
- big_endian, ELF_MACHINE, 0);
- }
- /* Always boot into physical ram. */
- boot_info.bootstrap_pc = ddr_base + (entry & 0x0fffffff);
-
- /* If it wasn't an ELF image, try an u-boot image. */
- if (kernel_size < 0) {
- hwaddr uentry, loadaddr;
-
- kernel_size = load_uimage(kernel_filename, &uentry, &loadaddr, 0);
- boot_info.bootstrap_pc = uentry;
- high = (loadaddr + kernel_size + 3) & ~3;
- }
-
- /* Not an ELF image nor an u-boot image, try a RAW image. */
- if (kernel_size < 0) {
- kernel_size = load_image_targphys(kernel_filename, ddr_base,
- ram_size);
- boot_info.bootstrap_pc = ddr_base;
- high = (ddr_base + kernel_size + 3) & ~3;
- }
-
- boot_info.cmdline = high + 4096;
- if (kernel_cmdline && strlen(kernel_cmdline)) {
- pstrcpy_targphys("cmdline", boot_info.cmdline, 256, kernel_cmdline);
- }
- /* Provide a device-tree. */
- boot_info.fdt = boot_info.cmdline + 4096;
- microblaze_load_dtb(boot_info.fdt, ram_size, kernel_cmdline,
- dtb_filename);
- }
-
-}
diff --git a/hw/microblaze_boot.h b/hw/microblaze_boot.h
deleted file mode 100644
index c1cf836b9..000000000
--- a/hw/microblaze_boot.h
+++ /dev/null
@@ -1,10 +0,0 @@
-#ifndef __MICROBLAZE_BOOT__
-#define __MICROBLAZE_BOOT__
-
-#include "hw.h"
-
-void microblaze_load_kernel(MicroBlazeCPU *cpu, hwaddr ddr_base,
- uint32_t ramsize, const char *dtb_filename,
- void (*machine_cpu_reset)(MicroBlazeCPU *));
-
-#endif /* __MICROBLAZE_BOOT __ */
diff --git a/hw/microblaze_pic_cpu.c b/hw/microblaze_pic_cpu.c
deleted file mode 100644
index ff36a526f..000000000
--- a/hw/microblaze_pic_cpu.c
+++ /dev/null
@@ -1,44 +0,0 @@
-/*
- * QEMU MicroBlaze CPU interrupt wrapper logic.
- *
- * Copyright (c) 2009 Edgar E. Iglesias, Axis Communications AB.
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
- * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
- * THE SOFTWARE.
- */
-
-#include "hw.h"
-#include "microblaze_pic_cpu.h"
-
-#define D(x)
-
-static void microblaze_pic_cpu_handler(void *opaque, int irq, int level)
-{
- CPUMBState *env = (CPUMBState *)opaque;
- int type = irq ? CPU_INTERRUPT_NMI : CPU_INTERRUPT_HARD;
-
- if (level)
- cpu_interrupt(env, type);
- else
- cpu_reset_interrupt(env, type);
-}
-
-qemu_irq *microblaze_pic_init_cpu(CPUMBState *env)
-{
- return qemu_allocate_irqs(microblaze_pic_cpu_handler, env, 2);
-}
diff --git a/hw/milkymist-ac97.c b/hw/milkymist-ac97.c
deleted file mode 100644
index d87656c9a..000000000
--- a/hw/milkymist-ac97.c
+++ /dev/null
@@ -1,344 +0,0 @@
-/*
- * QEMU model of the Milkymist System Controller.
- *
- * Copyright (c) 2010 Michael Walle <michael@walle.cc>
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, see <http://www.gnu.org/licenses/>.
- *
- *
- * Specification available at:
- * http://www.milkymist.org/socdoc/ac97.pdf
- */
-
-#include "hw.h"
-#include "sysbus.h"
-#include "trace.h"
-#include "audio/audio.h"
-#include "qemu-error.h"
-
-enum {
- R_AC97_CTRL = 0,
- R_AC97_ADDR,
- R_AC97_DATAOUT,
- R_AC97_DATAIN,
- R_D_CTRL,
- R_D_ADDR,
- R_D_REMAINING,
- R_RESERVED,
- R_U_CTRL,
- R_U_ADDR,
- R_U_REMAINING,
- R_MAX
-};
-
-enum {
- AC97_CTRL_RQEN = (1<<0),
- AC97_CTRL_WRITE = (1<<1),
-};
-
-enum {
- CTRL_EN = (1<<0),
-};
-
-struct MilkymistAC97State {
- SysBusDevice busdev;
- MemoryRegion regs_region;
-
- QEMUSoundCard card;
- SWVoiceIn *voice_in;
- SWVoiceOut *voice_out;
-
- uint32_t regs[R_MAX];
-
- qemu_irq crrequest_irq;
- qemu_irq crreply_irq;
- qemu_irq dmar_irq;
- qemu_irq dmaw_irq;
-};
-typedef struct MilkymistAC97State MilkymistAC97State;
-
-static void update_voices(MilkymistAC97State *s)
-{
- if (s->regs[R_D_CTRL] & CTRL_EN) {
- AUD_set_active_out(s->voice_out, 1);
- } else {
- AUD_set_active_out(s->voice_out, 0);
- }
-
- if (s->regs[R_U_CTRL] & CTRL_EN) {
- AUD_set_active_in(s->voice_in, 1);
- } else {
- AUD_set_active_in(s->voice_in, 0);
- }
-}
-
-static uint64_t ac97_read(void *opaque, hwaddr addr,
- unsigned size)
-{
- MilkymistAC97State *s = opaque;
- uint32_t r = 0;
-
- addr >>= 2;
- switch (addr) {
- case R_AC97_CTRL:
- case R_AC97_ADDR:
- case R_AC97_DATAOUT:
- case R_AC97_DATAIN:
- case R_D_CTRL:
- case R_D_ADDR:
- case R_D_REMAINING:
- case R_U_CTRL:
- case R_U_ADDR:
- case R_U_REMAINING:
- r = s->regs[addr];
- break;
-
- default:
- error_report("milkymist_ac97: read access to unknown register 0x"
- TARGET_FMT_plx, addr << 2);
- break;
- }
-
- trace_milkymist_ac97_memory_read(addr << 2, r);
-
- return r;
-}
-
-static void ac97_write(void *opaque, hwaddr addr, uint64_t value,
- unsigned size)
-{
- MilkymistAC97State *s = opaque;
-
- trace_milkymist_ac97_memory_write(addr, value);
-
- addr >>= 2;
- switch (addr) {
- case R_AC97_CTRL:
- /* always raise an IRQ according to the direction */
- if (value & AC97_CTRL_RQEN) {
- if (value & AC97_CTRL_WRITE) {
- trace_milkymist_ac97_pulse_irq_crrequest();
- qemu_irq_pulse(s->crrequest_irq);
- } else {
- trace_milkymist_ac97_pulse_irq_crreply();
- qemu_irq_pulse(s->crreply_irq);
- }
- }
-
- /* RQEN is self clearing */
- s->regs[addr] = value & ~AC97_CTRL_RQEN;
- break;
- case R_D_CTRL:
- case R_U_CTRL:
- s->regs[addr] = value;
- update_voices(s);
- break;
- case R_AC97_ADDR:
- case R_AC97_DATAOUT:
- case R_AC97_DATAIN:
- case R_D_ADDR:
- case R_D_REMAINING:
- case R_U_ADDR:
- case R_U_REMAINING:
- s->regs[addr] = value;
- break;
-
- default:
- error_report("milkymist_ac97: write access to unknown register 0x"
- TARGET_FMT_plx, addr);
- break;
- }
-
-}
-
-static const MemoryRegionOps ac97_mmio_ops = {
- .read = ac97_read,
- .write = ac97_write,
- .valid = {
- .min_access_size = 4,
- .max_access_size = 4,
- },
- .endianness = DEVICE_NATIVE_ENDIAN,
-};
-
-static void ac97_in_cb(void *opaque, int avail_b)
-{
- MilkymistAC97State *s = opaque;
- uint8_t buf[4096];
- uint32_t remaining = s->regs[R_U_REMAINING];
- int temp = audio_MIN(remaining, avail_b);
- uint32_t addr = s->regs[R_U_ADDR];
- int transferred = 0;
-
- trace_milkymist_ac97_in_cb(avail_b, remaining);
-
- /* prevent from raising an IRQ */
- if (temp == 0) {
- return;
- }
-
- while (temp) {
- int acquired, to_copy;
-
- to_copy = audio_MIN(temp, sizeof(buf));
- acquired = AUD_read(s->voice_in, buf, to_copy);
- if (!acquired) {
- break;
- }
-
- cpu_physical_memory_write(addr, buf, acquired);
-
- temp -= acquired;
- addr += acquired;
- transferred += acquired;
- }
-
- trace_milkymist_ac97_in_cb_transferred(transferred);
-
- s->regs[R_U_ADDR] = addr;
- s->regs[R_U_REMAINING] -= transferred;
-
- if ((s->regs[R_U_CTRL] & CTRL_EN) && (s->regs[R_U_REMAINING] == 0)) {
- trace_milkymist_ac97_pulse_irq_dmaw();
- qemu_irq_pulse(s->dmaw_irq);
- }
-}
-
-static void ac97_out_cb(void *opaque, int free_b)
-{
- MilkymistAC97State *s = opaque;
- uint8_t buf[4096];
- uint32_t remaining = s->regs[R_D_REMAINING];
- int temp = audio_MIN(remaining, free_b);
- uint32_t addr = s->regs[R_D_ADDR];
- int transferred = 0;
-
- trace_milkymist_ac97_out_cb(free_b, remaining);
-
- /* prevent from raising an IRQ */
- if (temp == 0) {
- return;
- }
-
- while (temp) {
- int copied, to_copy;
-
- to_copy = audio_MIN(temp, sizeof(buf));
- cpu_physical_memory_read(addr, buf, to_copy);
- copied = AUD_write(s->voice_out, buf, to_copy);
- if (!copied) {
- break;
- }
- temp -= copied;
- addr += copied;
- transferred += copied;
- }
-
- trace_milkymist_ac97_out_cb_transferred(transferred);
-
- s->regs[R_D_ADDR] = addr;
- s->regs[R_D_REMAINING] -= transferred;
-
- if ((s->regs[R_D_CTRL] & CTRL_EN) && (s->regs[R_D_REMAINING] == 0)) {
- trace_milkymist_ac97_pulse_irq_dmar();
- qemu_irq_pulse(s->dmar_irq);
- }
-}
-
-static void milkymist_ac97_reset(DeviceState *d)
-{
- MilkymistAC97State *s = container_of(d, MilkymistAC97State, busdev.qdev);
- int i;
-
- for (i = 0; i < R_MAX; i++) {
- s->regs[i] = 0;
- }
-
- AUD_set_active_in(s->voice_in, 0);
- AUD_set_active_out(s->voice_out, 0);
-}
-
-static int ac97_post_load(void *opaque, int version_id)
-{
- MilkymistAC97State *s = opaque;
-
- update_voices(s);
-
- return 0;
-}
-
-static int milkymist_ac97_init(SysBusDevice *dev)
-{
- MilkymistAC97State *s = FROM_SYSBUS(typeof(*s), dev);
-
- struct audsettings as;
- sysbus_init_irq(dev, &s->crrequest_irq);
- sysbus_init_irq(dev, &s->crreply_irq);
- sysbus_init_irq(dev, &s->dmar_irq);
- sysbus_init_irq(dev, &s->dmaw_irq);
-
- AUD_register_card("Milkymist AC'97", &s->card);
-
- as.freq = 48000;
- as.nchannels = 2;
- as.fmt = AUD_FMT_S16;
- as.endianness = 1;
-
- s->voice_in = AUD_open_in(&s->card, s->voice_in,
- "mm_ac97.in", s, ac97_in_cb, &as);
- s->voice_out = AUD_open_out(&s->card, s->voice_out,
- "mm_ac97.out", s, ac97_out_cb, &as);
-
- memory_region_init_io(&s->regs_region, &ac97_mmio_ops, s,
- "milkymist-ac97", R_MAX * 4);
- sysbus_init_mmio(dev, &s->regs_region);
-
- return 0;
-}
-
-static const VMStateDescription vmstate_milkymist_ac97 = {
- .name = "milkymist-ac97",
- .version_id = 1,
- .minimum_version_id = 1,
- .minimum_version_id_old = 1,
- .post_load = ac97_post_load,
- .fields = (VMStateField[]) {
- VMSTATE_UINT32_ARRAY(regs, MilkymistAC97State, R_MAX),
- VMSTATE_END_OF_LIST()
- }
-};
-
-static void milkymist_ac97_class_init(ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS(klass);
- SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
-
- k->init = milkymist_ac97_init;
- dc->reset = milkymist_ac97_reset;
- dc->vmsd = &vmstate_milkymist_ac97;
-}
-
-static TypeInfo milkymist_ac97_info = {
- .name = "milkymist-ac97",
- .parent = TYPE_SYS_BUS_DEVICE,
- .instance_size = sizeof(MilkymistAC97State),
- .class_init = milkymist_ac97_class_init,
-};
-
-static void milkymist_ac97_register_types(void)
-{
- type_register_static(&milkymist_ac97_info);
-}
-
-type_init(milkymist_ac97_register_types)
diff --git a/hw/milkymist-hpdmc.c b/hw/milkymist-hpdmc.c
deleted file mode 100644
index 5d120a497..000000000
--- a/hw/milkymist-hpdmc.c
+++ /dev/null
@@ -1,170 +0,0 @@
-/*
- * QEMU model of the Milkymist High Performance Dynamic Memory Controller.
- *
- * Copyright (c) 2010 Michael Walle <michael@walle.cc>
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, see <http://www.gnu.org/licenses/>.
- *
- *
- * Specification available at:
- * http://www.milkymist.org/socdoc/hpdmc.pdf
- */
-
-#include "hw.h"
-#include "sysbus.h"
-#include "trace.h"
-#include "qemu-error.h"
-
-enum {
- R_SYSTEM = 0,
- R_BYPASS,
- R_TIMING,
- R_IODELAY,
- R_MAX
-};
-
-enum {
- IODELAY_DQSDELAY_RDY = (1<<5),
- IODELAY_PLL1_LOCKED = (1<<6),
- IODELAY_PLL2_LOCKED = (1<<7),
-};
-
-struct MilkymistHpdmcState {
- SysBusDevice busdev;
- MemoryRegion regs_region;
-
- uint32_t regs[R_MAX];
-};
-typedef struct MilkymistHpdmcState MilkymistHpdmcState;
-
-static uint64_t hpdmc_read(void *opaque, hwaddr addr,
- unsigned size)
-{
- MilkymistHpdmcState *s = opaque;
- uint32_t r = 0;
-
- addr >>= 2;
- switch (addr) {
- case R_SYSTEM:
- case R_BYPASS:
- case R_TIMING:
- case R_IODELAY:
- r = s->regs[addr];
- break;
-
- default:
- error_report("milkymist_hpdmc: read access to unknown register 0x"
- TARGET_FMT_plx, addr << 2);
- break;
- }
-
- trace_milkymist_hpdmc_memory_read(addr << 2, r);
-
- return r;
-}
-
-static void hpdmc_write(void *opaque, hwaddr addr, uint64_t value,
- unsigned size)
-{
- MilkymistHpdmcState *s = opaque;
-
- trace_milkymist_hpdmc_memory_write(addr, value);
-
- addr >>= 2;
- switch (addr) {
- case R_SYSTEM:
- case R_BYPASS:
- case R_TIMING:
- s->regs[addr] = value;
- break;
- case R_IODELAY:
- /* ignore writes */
- break;
-
- default:
- error_report("milkymist_hpdmc: write access to unknown register 0x"
- TARGET_FMT_plx, addr << 2);
- break;
- }
-}
-
-static const MemoryRegionOps hpdmc_mmio_ops = {
- .read = hpdmc_read,
- .write = hpdmc_write,
- .valid = {
- .min_access_size = 4,
- .max_access_size = 4,
- },
- .endianness = DEVICE_NATIVE_ENDIAN,
-};
-
-static void milkymist_hpdmc_reset(DeviceState *d)
-{
- MilkymistHpdmcState *s = container_of(d, MilkymistHpdmcState, busdev.qdev);
- int i;
-
- for (i = 0; i < R_MAX; i++) {
- s->regs[i] = 0;
- }
-
- /* defaults */
- s->regs[R_IODELAY] = IODELAY_DQSDELAY_RDY | IODELAY_PLL1_LOCKED
- | IODELAY_PLL2_LOCKED;
-}
-
-static int milkymist_hpdmc_init(SysBusDevice *dev)
-{
- MilkymistHpdmcState *s = FROM_SYSBUS(typeof(*s), dev);
-
- memory_region_init_io(&s->regs_region, &hpdmc_mmio_ops, s,
- "milkymist-hpdmc", R_MAX * 4);
- sysbus_init_mmio(dev, &s->regs_region);
-
- return 0;
-}
-
-static const VMStateDescription vmstate_milkymist_hpdmc = {
- .name = "milkymist-hpdmc",
- .version_id = 1,
- .minimum_version_id = 1,
- .minimum_version_id_old = 1,
- .fields = (VMStateField[]) {
- VMSTATE_UINT32_ARRAY(regs, MilkymistHpdmcState, R_MAX),
- VMSTATE_END_OF_LIST()
- }
-};
-
-static void milkymist_hpdmc_class_init(ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS(klass);
- SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
-
- k->init = milkymist_hpdmc_init;
- dc->reset = milkymist_hpdmc_reset;
- dc->vmsd = &vmstate_milkymist_hpdmc;
-}
-
-static TypeInfo milkymist_hpdmc_info = {
- .name = "milkymist-hpdmc",
- .parent = TYPE_SYS_BUS_DEVICE,
- .instance_size = sizeof(MilkymistHpdmcState),
- .class_init = milkymist_hpdmc_class_init,
-};
-
-static void milkymist_hpdmc_register_types(void)
-{
- type_register_static(&milkymist_hpdmc_info);
-}
-
-type_init(milkymist_hpdmc_register_types)
diff --git a/hw/milkymist-hw.h b/hw/milkymist-hw.h
deleted file mode 100644
index 96b2a7f86..000000000
--- a/hw/milkymist-hw.h
+++ /dev/null
@@ -1,223 +0,0 @@
-#ifndef QEMU_HW_MILKYMIST_H
-#define QEMU_HW_MILKYMIST_H
-
-#include "qdev.h"
-#include "qdev-addr.h"
-
-static inline DeviceState *milkymist_uart_create(hwaddr base,
- qemu_irq irq)
-{
- DeviceState *dev;
-
- dev = qdev_create(NULL, "milkymist-uart");
- qdev_init_nofail(dev);
- sysbus_mmio_map(sysbus_from_qdev(dev), 0, base);
- sysbus_connect_irq(sysbus_from_qdev(dev), 0, irq);
-
- return dev;
-}
-
-static inline DeviceState *milkymist_hpdmc_create(hwaddr base)
-{
- DeviceState *dev;
-
- dev = qdev_create(NULL, "milkymist-hpdmc");
- qdev_init_nofail(dev);
- sysbus_mmio_map(sysbus_from_qdev(dev), 0, base);
-
- return dev;
-}
-
-static inline DeviceState *milkymist_memcard_create(hwaddr base)
-{
- DeviceState *dev;
-
- dev = qdev_create(NULL, "milkymist-memcard");
- qdev_init_nofail(dev);
- sysbus_mmio_map(sysbus_from_qdev(dev), 0, base);
-
- return dev;
-}
-
-static inline DeviceState *milkymist_vgafb_create(hwaddr base,
- uint32_t fb_offset, uint32_t fb_mask)
-{
- DeviceState *dev;
-
- dev = qdev_create(NULL, "milkymist-vgafb");
- qdev_prop_set_uint32(dev, "fb_offset", fb_offset);
- qdev_prop_set_uint32(dev, "fb_mask", fb_mask);
- qdev_init_nofail(dev);
- sysbus_mmio_map(sysbus_from_qdev(dev), 0, base);
-
- return dev;
-}
-
-static inline DeviceState *milkymist_sysctl_create(hwaddr base,
- qemu_irq gpio_irq, qemu_irq timer0_irq, qemu_irq timer1_irq,
- uint32_t freq_hz, uint32_t system_id, uint32_t capabilities,
- uint32_t gpio_strappings)
-{
- DeviceState *dev;
-
- dev = qdev_create(NULL, "milkymist-sysctl");
- qdev_prop_set_uint32(dev, "frequency", freq_hz);
- qdev_prop_set_uint32(dev, "systemid", system_id);
- qdev_prop_set_uint32(dev, "capabilities", capabilities);
- qdev_prop_set_uint32(dev, "gpio_strappings", gpio_strappings);
- qdev_init_nofail(dev);
- sysbus_mmio_map(sysbus_from_qdev(dev), 0, base);
- sysbus_connect_irq(sysbus_from_qdev(dev), 0, gpio_irq);
- sysbus_connect_irq(sysbus_from_qdev(dev), 1, timer0_irq);
- sysbus_connect_irq(sysbus_from_qdev(dev), 2, timer1_irq);
-
- return dev;
-}
-
-static inline DeviceState *milkymist_pfpu_create(hwaddr base,
- qemu_irq irq)
-{
- DeviceState *dev;
-
- dev = qdev_create(NULL, "milkymist-pfpu");
- qdev_init_nofail(dev);
- sysbus_mmio_map(sysbus_from_qdev(dev), 0, base);
- sysbus_connect_irq(sysbus_from_qdev(dev), 0, irq);
- return dev;
-}
-
-#ifdef CONFIG_OPENGL
-#include <X11/Xlib.h>
-#include <GL/glx.h>
-static const int glx_fbconfig_attr[] = {
- GLX_GREEN_SIZE, 5,
- GLX_GREEN_SIZE, 6,
- GLX_BLUE_SIZE, 5,
- None
-};
-#endif
-
-static inline DeviceState *milkymist_tmu2_create(hwaddr base,
- qemu_irq irq)
-{
-#ifdef CONFIG_OPENGL
- DeviceState *dev;
- Display *d;
- GLXFBConfig *configs;
- int nelements;
- int ver_major, ver_minor;
-
- if (display_type == DT_NOGRAPHIC) {
- return NULL;
- }
-
- /* check that GLX will work */
- d = XOpenDisplay(NULL);
- if (d == NULL) {
- return NULL;
- }
-
- if (!glXQueryVersion(d, &ver_major, &ver_minor)) {
- /* Yeah, sometimes getting the GLX version can fail.
- * Isn't X beautiful? */
- XCloseDisplay(d);
- return NULL;
- }
-
- if ((ver_major < 1) || ((ver_major == 1) && (ver_minor < 3))) {
- printf("Your GLX version is %d.%d,"
- "but TMU emulation needs at least 1.3. TMU disabled.\n",
- ver_major, ver_minor);
- XCloseDisplay(d);
- return NULL;
- }
-
- configs = glXChooseFBConfig(d, 0, glx_fbconfig_attr, &nelements);
- if (configs == NULL) {
- XCloseDisplay(d);
- return NULL;
- }
-
- XFree(configs);
- XCloseDisplay(d);
-
- dev = qdev_create(NULL, "milkymist-tmu2");
- qdev_init_nofail(dev);
- sysbus_mmio_map(sysbus_from_qdev(dev), 0, base);
- sysbus_connect_irq(sysbus_from_qdev(dev), 0, irq);
-
- return dev;
-#else
- return NULL;
-#endif
-}
-
-static inline DeviceState *milkymist_ac97_create(hwaddr base,
- qemu_irq crrequest_irq, qemu_irq crreply_irq, qemu_irq dmar_irq,
- qemu_irq dmaw_irq)
-{
- DeviceState *dev;
-
- dev = qdev_create(NULL, "milkymist-ac97");
- qdev_init_nofail(dev);
- sysbus_mmio_map(sysbus_from_qdev(dev), 0, base);
- sysbus_connect_irq(sysbus_from_qdev(dev), 0, crrequest_irq);
- sysbus_connect_irq(sysbus_from_qdev(dev), 1, crreply_irq);
- sysbus_connect_irq(sysbus_from_qdev(dev), 2, dmar_irq);
- sysbus_connect_irq(sysbus_from_qdev(dev), 3, dmaw_irq);
-
- return dev;
-}
-
-static inline DeviceState *milkymist_minimac_create(hwaddr base,
- qemu_irq rx_irq, qemu_irq tx_irq)
-{
- DeviceState *dev;
-
- qemu_check_nic_model(&nd_table[0], "minimac");
- dev = qdev_create(NULL, "milkymist-minimac");
- qdev_set_nic_properties(dev, &nd_table[0]);
- qdev_init_nofail(dev);
- sysbus_mmio_map(sysbus_from_qdev(dev), 0, base);
- sysbus_connect_irq(sysbus_from_qdev(dev), 0, rx_irq);
- sysbus_connect_irq(sysbus_from_qdev(dev), 1, tx_irq);
-
- return dev;
-}
-
-static inline DeviceState *milkymist_minimac2_create(hwaddr base,
- hwaddr buffers_base, qemu_irq rx_irq, qemu_irq tx_irq)
-{
- DeviceState *dev;
-
- qemu_check_nic_model(&nd_table[0], "minimac2");
- dev = qdev_create(NULL, "milkymist-minimac2");
- qdev_prop_set_taddr(dev, "buffers_base", buffers_base);
- qdev_set_nic_properties(dev, &nd_table[0]);
- qdev_init_nofail(dev);
- sysbus_mmio_map(sysbus_from_qdev(dev), 0, base);
- sysbus_connect_irq(sysbus_from_qdev(dev), 0, rx_irq);
- sysbus_connect_irq(sysbus_from_qdev(dev), 1, tx_irq);
-
- return dev;
-}
-
-static inline DeviceState *milkymist_softusb_create(hwaddr base,
- qemu_irq irq, uint32_t pmem_base, uint32_t pmem_size,
- uint32_t dmem_base, uint32_t dmem_size)
-{
- DeviceState *dev;
-
- dev = qdev_create(NULL, "milkymist-softusb");
- qdev_prop_set_uint32(dev, "pmem_base", pmem_base);
- qdev_prop_set_uint32(dev, "pmem_size", pmem_size);
- qdev_prop_set_uint32(dev, "dmem_base", dmem_base);
- qdev_prop_set_uint32(dev, "dmem_size", dmem_size);
- qdev_init_nofail(dev);
- sysbus_mmio_map(sysbus_from_qdev(dev), 0, base);
- sysbus_connect_irq(sysbus_from_qdev(dev), 0, irq);
-
- return dev;
-}
-
-#endif /* QEMU_HW_MILKYMIST_H */
diff --git a/hw/milkymist-memcard.c b/hw/milkymist-memcard.c
deleted file mode 100644
index ca5df5629..000000000
--- a/hw/milkymist-memcard.c
+++ /dev/null
@@ -1,303 +0,0 @@
-/*
- * QEMU model of the Milkymist SD Card Controller.
- *
- * Copyright (c) 2010 Michael Walle <michael@walle.cc>
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, see <http://www.gnu.org/licenses/>.
- *
- *
- * Specification available at:
- * http://www.milkymist.org/socdoc/memcard.pdf
- */
-
-#include "hw.h"
-#include "sysbus.h"
-#include "sysemu.h"
-#include "trace.h"
-#include "qemu-error.h"
-#include "blockdev.h"
-#include "sd.h"
-
-enum {
- ENABLE_CMD_TX = (1<<0),
- ENABLE_CMD_RX = (1<<1),
- ENABLE_DAT_TX = (1<<2),
- ENABLE_DAT_RX = (1<<3),
-};
-
-enum {
- PENDING_CMD_TX = (1<<0),
- PENDING_CMD_RX = (1<<1),
- PENDING_DAT_TX = (1<<2),
- PENDING_DAT_RX = (1<<3),
-};
-
-enum {
- START_CMD_TX = (1<<0),
- START_DAT_RX = (1<<1),
-};
-
-enum {
- R_CLK2XDIV = 0,
- R_ENABLE,
- R_PENDING,
- R_START,
- R_CMD,
- R_DAT,
- R_MAX
-};
-
-struct MilkymistMemcardState {
- SysBusDevice busdev;
- MemoryRegion regs_region;
- SDState *card;
-
- int command_write_ptr;
- int response_read_ptr;
- int response_len;
- int ignore_next_cmd;
- int enabled;
- uint8_t command[6];
- uint8_t response[17];
- uint32_t regs[R_MAX];
-};
-typedef struct MilkymistMemcardState MilkymistMemcardState;
-
-static void update_pending_bits(MilkymistMemcardState *s)
-{
- /* transmits are instantaneous, thus tx pending bits are never set */
- s->regs[R_PENDING] = 0;
- /* if rx is enabled the corresponding pending bits are always set */
- if (s->regs[R_ENABLE] & ENABLE_CMD_RX) {
- s->regs[R_PENDING] |= PENDING_CMD_RX;
- }
- if (s->regs[R_ENABLE] & ENABLE_DAT_RX) {
- s->regs[R_PENDING] |= PENDING_DAT_RX;
- }
-}
-
-static void memcard_sd_command(MilkymistMemcardState *s)
-{
- SDRequest req;
-
- req.cmd = s->command[0] & 0x3f;
- req.arg = (s->command[1] << 24) | (s->command[2] << 16)
- | (s->command[3] << 8) | s->command[4];
- req.crc = s->command[5];
-
- s->response[0] = req.cmd;
- s->response_len = sd_do_command(s->card, &req, s->response+1);
- s->response_read_ptr = 0;
-
- if (s->response_len == 16) {
- /* R2 response */
- s->response[0] = 0x3f;
- s->response_len += 1;
- } else if (s->response_len == 4) {
- /* no crc calculation, insert dummy byte */
- s->response[5] = 0;
- s->response_len += 2;
- }
-
- if (req.cmd == 0) {
- /* next write is a dummy byte to clock the initialization of the sd
- * card */
- s->ignore_next_cmd = 1;
- }
-}
-
-static uint64_t memcard_read(void *opaque, hwaddr addr,
- unsigned size)
-{
- MilkymistMemcardState *s = opaque;
- uint32_t r = 0;
-
- addr >>= 2;
- switch (addr) {
- case R_CMD:
- if (!s->enabled) {
- r = 0xff;
- } else {
- r = s->response[s->response_read_ptr++];
- if (s->response_read_ptr > s->response_len) {
- error_report("milkymist_memcard: "
- "read more cmd bytes than available. Clipping.");
- s->response_read_ptr = 0;
- }
- }
- break;
- case R_DAT:
- if (!s->enabled) {
- r = 0xffffffff;
- } else {
- r = 0;
- r |= sd_read_data(s->card) << 24;
- r |= sd_read_data(s->card) << 16;
- r |= sd_read_data(s->card) << 8;
- r |= sd_read_data(s->card);
- }
- break;
- case R_CLK2XDIV:
- case R_ENABLE:
- case R_PENDING:
- case R_START:
- r = s->regs[addr];
- break;
-
- default:
- error_report("milkymist_memcard: read access to unknown register 0x"
- TARGET_FMT_plx, addr << 2);
- break;
- }
-
- trace_milkymist_memcard_memory_read(addr << 2, r);
-
- return r;
-}
-
-static void memcard_write(void *opaque, hwaddr addr, uint64_t value,
- unsigned size)
-{
- MilkymistMemcardState *s = opaque;
-
- trace_milkymist_memcard_memory_write(addr, value);
-
- addr >>= 2;
- switch (addr) {
- case R_PENDING:
- /* clear rx pending bits */
- s->regs[R_PENDING] &= ~(value & (PENDING_CMD_RX | PENDING_DAT_RX));
- update_pending_bits(s);
- break;
- case R_CMD:
- if (!s->enabled) {
- break;
- }
- if (s->ignore_next_cmd) {
- s->ignore_next_cmd = 0;
- break;
- }
- s->command[s->command_write_ptr] = value & 0xff;
- s->command_write_ptr = (s->command_write_ptr + 1) % 6;
- if (s->command_write_ptr == 0) {
- memcard_sd_command(s);
- }
- break;
- case R_DAT:
- if (!s->enabled) {
- break;
- }
- sd_write_data(s->card, (value >> 24) & 0xff);
- sd_write_data(s->card, (value >> 16) & 0xff);
- sd_write_data(s->card, (value >> 8) & 0xff);
- sd_write_data(s->card, value & 0xff);
- break;
- case R_ENABLE:
- s->regs[addr] = value;
- update_pending_bits(s);
- break;
- case R_CLK2XDIV:
- case R_START:
- s->regs[addr] = value;
- break;
-
- default:
- error_report("milkymist_memcard: write access to unknown register 0x"
- TARGET_FMT_plx, addr << 2);
- break;
- }
-}
-
-static const MemoryRegionOps memcard_mmio_ops = {
- .read = memcard_read,
- .write = memcard_write,
- .valid = {
- .min_access_size = 4,
- .max_access_size = 4,
- },
- .endianness = DEVICE_NATIVE_ENDIAN,
-};
-
-static void milkymist_memcard_reset(DeviceState *d)
-{
- MilkymistMemcardState *s =
- container_of(d, MilkymistMemcardState, busdev.qdev);
- int i;
-
- s->command_write_ptr = 0;
- s->response_read_ptr = 0;
- s->response_len = 0;
-
- for (i = 0; i < R_MAX; i++) {
- s->regs[i] = 0;
- }
-}
-
-static int milkymist_memcard_init(SysBusDevice *dev)
-{
- MilkymistMemcardState *s = FROM_SYSBUS(typeof(*s), dev);
- DriveInfo *dinfo;
-
- dinfo = drive_get_next(IF_SD);
- s->card = sd_init(dinfo ? dinfo->bdrv : NULL, 0);
- s->enabled = dinfo ? bdrv_is_inserted(dinfo->bdrv) : 0;
-
- memory_region_init_io(&s->regs_region, &memcard_mmio_ops, s,
- "milkymist-memcard", R_MAX * 4);
- sysbus_init_mmio(dev, &s->regs_region);
-
- return 0;
-}
-
-static const VMStateDescription vmstate_milkymist_memcard = {
- .name = "milkymist-memcard",
- .version_id = 1,
- .minimum_version_id = 1,
- .minimum_version_id_old = 1,
- .fields = (VMStateField[]) {
- VMSTATE_INT32(command_write_ptr, MilkymistMemcardState),
- VMSTATE_INT32(response_read_ptr, MilkymistMemcardState),
- VMSTATE_INT32(response_len, MilkymistMemcardState),
- VMSTATE_INT32(ignore_next_cmd, MilkymistMemcardState),
- VMSTATE_INT32(enabled, MilkymistMemcardState),
- VMSTATE_UINT8_ARRAY(command, MilkymistMemcardState, 6),
- VMSTATE_UINT8_ARRAY(response, MilkymistMemcardState, 17),
- VMSTATE_UINT32_ARRAY(regs, MilkymistMemcardState, R_MAX),
- VMSTATE_END_OF_LIST()
- }
-};
-
-static void milkymist_memcard_class_init(ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS(klass);
- SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
-
- k->init = milkymist_memcard_init;
- dc->reset = milkymist_memcard_reset;
- dc->vmsd = &vmstate_milkymist_memcard;
-}
-
-static TypeInfo milkymist_memcard_info = {
- .name = "milkymist-memcard",
- .parent = TYPE_SYS_BUS_DEVICE,
- .instance_size = sizeof(MilkymistMemcardState),
- .class_init = milkymist_memcard_class_init,
-};
-
-static void milkymist_memcard_register_types(void)
-{
- type_register_static(&milkymist_memcard_info);
-}
-
-type_init(milkymist_memcard_register_types)
diff --git a/hw/milkymist-minimac2.c b/hw/milkymist-minimac2.c
deleted file mode 100644
index b204e5f89..000000000
--- a/hw/milkymist-minimac2.c
+++ /dev/null
@@ -1,550 +0,0 @@
-/*
- * QEMU model of the Milkymist minimac2 block.
- *
- * Copyright (c) 2011 Michael Walle <michael@walle.cc>
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, see <http://www.gnu.org/licenses/>.
- *
- *
- * Specification available at:
- * not available yet
- *
- */
-
-#include "hw.h"
-#include "sysbus.h"
-#include "trace.h"
-#include "net.h"
-#include "qemu-error.h"
-#include "qdev-addr.h"
-
-#include <zlib.h>
-
-enum {
- R_SETUP = 0,
- R_MDIO,
- R_STATE0,
- R_COUNT0,
- R_STATE1,
- R_COUNT1,
- R_TXCOUNT,
- R_MAX
-};
-
-enum {
- SETUP_PHY_RST = (1<<0),
-};
-
-enum {
- MDIO_DO = (1<<0),
- MDIO_DI = (1<<1),
- MDIO_OE = (1<<2),
- MDIO_CLK = (1<<3),
-};
-
-enum {
- STATE_EMPTY = 0,
- STATE_LOADED = 1,
- STATE_PENDING = 2,
-};
-
-enum {
- MDIO_OP_WRITE = 1,
- MDIO_OP_READ = 2,
-};
-
-enum mdio_state {
- MDIO_STATE_IDLE,
- MDIO_STATE_READING,
- MDIO_STATE_WRITING,
-};
-
-enum {
- R_PHY_ID1 = 2,
- R_PHY_ID2 = 3,
- R_PHY_MAX = 32
-};
-
-#define MINIMAC2_MTU 1530
-#define MINIMAC2_BUFFER_SIZE 2048
-
-struct MilkymistMinimac2MdioState {
- int last_clk;
- int count;
- uint32_t data;
- uint16_t data_out;
- int state;
-
- uint8_t phy_addr;
- uint8_t reg_addr;
-};
-typedef struct MilkymistMinimac2MdioState MilkymistMinimac2MdioState;
-
-struct MilkymistMinimac2State {
- SysBusDevice busdev;
- NICState *nic;
- NICConf conf;
- char *phy_model;
- hwaddr buffers_base;
- MemoryRegion buffers;
- MemoryRegion regs_region;
-
- qemu_irq rx_irq;
- qemu_irq tx_irq;
-
- uint32_t regs[R_MAX];
-
- MilkymistMinimac2MdioState mdio;
-
- uint16_t phy_regs[R_PHY_MAX];
-
- uint8_t *rx0_buf;
- uint8_t *rx1_buf;
- uint8_t *tx_buf;
-};
-typedef struct MilkymistMinimac2State MilkymistMinimac2State;
-
-static const uint8_t preamble_sfd[] = {
- 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0xd5
-};
-
-static void minimac2_mdio_write_reg(MilkymistMinimac2State *s,
- uint8_t phy_addr, uint8_t reg_addr, uint16_t value)
-{
- trace_milkymist_minimac2_mdio_write(phy_addr, reg_addr, value);
-
- /* nop */
-}
-
-static uint16_t minimac2_mdio_read_reg(MilkymistMinimac2State *s,
- uint8_t phy_addr, uint8_t reg_addr)
-{
- uint16_t r = s->phy_regs[reg_addr];
-
- trace_milkymist_minimac2_mdio_read(phy_addr, reg_addr, r);
-
- return r;
-}
-
-static void minimac2_update_mdio(MilkymistMinimac2State *s)
-{
- MilkymistMinimac2MdioState *m = &s->mdio;
-
- /* detect rising clk edge */
- if (m->last_clk == 0 && (s->regs[R_MDIO] & MDIO_CLK)) {
- /* shift data in */
- int bit = ((s->regs[R_MDIO] & MDIO_DO)
- && (s->regs[R_MDIO] & MDIO_OE)) ? 1 : 0;
- m->data = (m->data << 1) | bit;
-
- /* check for sync */
- if (m->data == 0xffffffff) {
- m->count = 32;
- }
-
- if (m->count == 16) {
- uint8_t start = (m->data >> 14) & 0x3;
- uint8_t op = (m->data >> 12) & 0x3;
- uint8_t ta = (m->data) & 0x3;
-
- if (start == 1 && op == MDIO_OP_WRITE && ta == 2) {
- m->state = MDIO_STATE_WRITING;
- } else if (start == 1 && op == MDIO_OP_READ && (ta & 1) == 0) {
- m->state = MDIO_STATE_READING;
- } else {
- m->state = MDIO_STATE_IDLE;
- }
-
- if (m->state != MDIO_STATE_IDLE) {
- m->phy_addr = (m->data >> 7) & 0x1f;
- m->reg_addr = (m->data >> 2) & 0x1f;
- }
-
- if (m->state == MDIO_STATE_READING) {
- m->data_out = minimac2_mdio_read_reg(s, m->phy_addr,
- m->reg_addr);
- }
- }
-
- if (m->count < 16 && m->state == MDIO_STATE_READING) {
- int bit = (m->data_out & 0x8000) ? 1 : 0;
- m->data_out <<= 1;
-
- if (bit) {
- s->regs[R_MDIO] |= MDIO_DI;
- } else {
- s->regs[R_MDIO] &= ~MDIO_DI;
- }
- }
-
- if (m->count == 0 && m->state) {
- if (m->state == MDIO_STATE_WRITING) {
- uint16_t data = m->data & 0xffff;
- minimac2_mdio_write_reg(s, m->phy_addr, m->reg_addr, data);
- }
- m->state = MDIO_STATE_IDLE;
- }
- m->count--;
- }
-
- m->last_clk = (s->regs[R_MDIO] & MDIO_CLK) ? 1 : 0;
-}
-
-static size_t assemble_frame(uint8_t *buf, size_t size,
- const uint8_t *payload, size_t payload_size)
-{
- uint32_t crc;
-
- if (size < payload_size + 12) {
- error_report("milkymist_minimac2: received too big ethernet frame");
- return 0;
- }
-
- /* prepend preamble and sfd */
- memcpy(buf, preamble_sfd, 8);
-
- /* now copy the payload */
- memcpy(buf + 8, payload, payload_size);
-
- /* pad frame if needed */
- if (payload_size < 60) {
- memset(buf + payload_size + 8, 0, 60 - payload_size);
- payload_size = 60;
- }
-
- /* append fcs */
- crc = cpu_to_le32(crc32(0, buf + 8, payload_size));
- memcpy(buf + payload_size + 8, &crc, 4);
-
- return payload_size + 12;
-}
-
-static void minimac2_tx(MilkymistMinimac2State *s)
-{
- uint32_t txcount = s->regs[R_TXCOUNT];
- uint8_t *buf = s->tx_buf;
-
- if (txcount < 64) {
- error_report("milkymist_minimac2: ethernet frame too small (%u < %u)",
- txcount, 64);
- goto err;
- }
-
- if (txcount > MINIMAC2_MTU) {
- error_report("milkymist_minimac2: MTU exceeded (%u > %u)",
- txcount, MINIMAC2_MTU);
- goto err;
- }
-
- if (memcmp(buf, preamble_sfd, 8) != 0) {
- error_report("milkymist_minimac2: frame doesn't contain the preamble "
- "and/or the SFD (%02x %02x %02x %02x %02x %02x %02x %02x)",
- buf[0], buf[1], buf[2], buf[3], buf[4], buf[5], buf[6], buf[7]);
- goto err;
- }
-
- trace_milkymist_minimac2_tx_frame(txcount - 12);
-
- /* send packet, skipping preamble and sfd */
- qemu_send_packet_raw(&s->nic->nc, buf + 8, txcount - 12);
-
- s->regs[R_TXCOUNT] = 0;
-
-err:
- trace_milkymist_minimac2_pulse_irq_tx();
- qemu_irq_pulse(s->tx_irq);
-}
-
-static void update_rx_interrupt(MilkymistMinimac2State *s)
-{
- if (s->regs[R_STATE0] == STATE_PENDING
- || s->regs[R_STATE1] == STATE_PENDING) {
- trace_milkymist_minimac2_raise_irq_rx();
- qemu_irq_raise(s->rx_irq);
- } else {
- trace_milkymist_minimac2_lower_irq_rx();
- qemu_irq_lower(s->rx_irq);
- }
-}
-
-static ssize_t minimac2_rx(NetClientState *nc, const uint8_t *buf, size_t size)
-{
- MilkymistMinimac2State *s = DO_UPCAST(NICState, nc, nc)->opaque;
-
- uint32_t r_count;
- uint32_t r_state;
- uint8_t *rx_buf;
-
- size_t frame_size;
-
- trace_milkymist_minimac2_rx_frame(buf, size);
-
- /* choose appropriate slot */
- if (s->regs[R_STATE0] == STATE_LOADED) {
- r_count = R_COUNT0;
- r_state = R_STATE0;
- rx_buf = s->rx0_buf;
- } else if (s->regs[R_STATE1] == STATE_LOADED) {
- r_count = R_COUNT1;
- r_state = R_STATE1;
- rx_buf = s->rx1_buf;
- } else {
- trace_milkymist_minimac2_drop_rx_frame(buf);
- return size;
- }
-
- /* assemble frame */
- frame_size = assemble_frame(rx_buf, MINIMAC2_BUFFER_SIZE, buf, size);
-
- if (frame_size == 0) {
- return size;
- }
-
- trace_milkymist_minimac2_rx_transfer(rx_buf, frame_size);
-
- /* update slot */
- s->regs[r_count] = frame_size;
- s->regs[r_state] = STATE_PENDING;
-
- update_rx_interrupt(s);
-
- return size;
-}
-
-static uint64_t
-minimac2_read(void *opaque, hwaddr addr, unsigned size)
-{
- MilkymistMinimac2State *s = opaque;
- uint32_t r = 0;
-
- addr >>= 2;
- switch (addr) {
- case R_SETUP:
- case R_MDIO:
- case R_STATE0:
- case R_COUNT0:
- case R_STATE1:
- case R_COUNT1:
- case R_TXCOUNT:
- r = s->regs[addr];
- break;
-
- default:
- error_report("milkymist_minimac2: read access to unknown register 0x"
- TARGET_FMT_plx, addr << 2);
- break;
- }
-
- trace_milkymist_minimac2_memory_read(addr << 2, r);
-
- return r;
-}
-
-static void
-minimac2_write(void *opaque, hwaddr addr, uint64_t value,
- unsigned size)
-{
- MilkymistMinimac2State *s = opaque;
-
- trace_milkymist_minimac2_memory_read(addr, value);
-
- addr >>= 2;
- switch (addr) {
- case R_MDIO:
- {
- /* MDIO_DI is read only */
- int mdio_di = (s->regs[R_MDIO] & MDIO_DI);
- s->regs[R_MDIO] = value;
- if (mdio_di) {
- s->regs[R_MDIO] |= mdio_di;
- } else {
- s->regs[R_MDIO] &= ~mdio_di;
- }
-
- minimac2_update_mdio(s);
- } break;
- case R_TXCOUNT:
- s->regs[addr] = value;
- if (value > 0) {
- minimac2_tx(s);
- }
- break;
- case R_STATE0:
- case R_STATE1:
- s->regs[addr] = value;
- update_rx_interrupt(s);
- break;
- case R_SETUP:
- case R_COUNT0:
- case R_COUNT1:
- s->regs[addr] = value;
- break;
-
- default:
- error_report("milkymist_minimac2: write access to unknown register 0x"
- TARGET_FMT_plx, addr << 2);
- break;
- }
-}
-
-static const MemoryRegionOps minimac2_ops = {
- .read = minimac2_read,
- .write = minimac2_write,
- .valid = {
- .min_access_size = 4,
- .max_access_size = 4,
- },
- .endianness = DEVICE_NATIVE_ENDIAN,
-};
-
-static int minimac2_can_rx(NetClientState *nc)
-{
- MilkymistMinimac2State *s = DO_UPCAST(NICState, nc, nc)->opaque;
-
- if (s->regs[R_STATE0] == STATE_LOADED) {
- return 1;
- }
- if (s->regs[R_STATE1] == STATE_LOADED) {
- return 1;
- }
-
- return 0;
-}
-
-static void minimac2_cleanup(NetClientState *nc)
-{
- MilkymistMinimac2State *s = DO_UPCAST(NICState, nc, nc)->opaque;
-
- s->nic = NULL;
-}
-
-static void milkymist_minimac2_reset(DeviceState *d)
-{
- MilkymistMinimac2State *s =
- container_of(d, MilkymistMinimac2State, busdev.qdev);
- int i;
-
- for (i = 0; i < R_MAX; i++) {
- s->regs[i] = 0;
- }
- for (i = 0; i < R_PHY_MAX; i++) {
- s->phy_regs[i] = 0;
- }
-
- /* defaults */
- s->phy_regs[R_PHY_ID1] = 0x0022; /* Micrel KSZ8001L */
- s->phy_regs[R_PHY_ID2] = 0x161a;
-}
-
-static NetClientInfo net_milkymist_minimac2_info = {
- .type = NET_CLIENT_OPTIONS_KIND_NIC,
- .size = sizeof(NICState),
- .can_receive = minimac2_can_rx,
- .receive = minimac2_rx,
- .cleanup = minimac2_cleanup,
-};
-
-static int milkymist_minimac2_init(SysBusDevice *dev)
-{
- MilkymistMinimac2State *s = FROM_SYSBUS(typeof(*s), dev);
- size_t buffers_size = TARGET_PAGE_ALIGN(3 * MINIMAC2_BUFFER_SIZE);
-
- sysbus_init_irq(dev, &s->rx_irq);
- sysbus_init_irq(dev, &s->tx_irq);
-
- memory_region_init_io(&s->regs_region, &minimac2_ops, s,
- "milkymist-minimac2", R_MAX * 4);
- sysbus_init_mmio(dev, &s->regs_region);
-
- /* register buffers memory */
- memory_region_init_ram(&s->buffers, "milkymist-minimac2.buffers",
- buffers_size);
- vmstate_register_ram_global(&s->buffers);
- s->rx0_buf = memory_region_get_ram_ptr(&s->buffers);
- s->rx1_buf = s->rx0_buf + MINIMAC2_BUFFER_SIZE;
- s->tx_buf = s->rx1_buf + MINIMAC2_BUFFER_SIZE;
-
- sysbus_add_memory(dev, s->buffers_base, &s->buffers);
-
- qemu_macaddr_default_if_unset(&s->conf.macaddr);
- s->nic = qemu_new_nic(&net_milkymist_minimac2_info, &s->conf,
- object_get_typename(OBJECT(dev)), dev->qdev.id, s);
- qemu_format_nic_info_str(&s->nic->nc, s->conf.macaddr.a);
-
- return 0;
-}
-
-static const VMStateDescription vmstate_milkymist_minimac2_mdio = {
- .name = "milkymist-minimac2-mdio",
- .version_id = 1,
- .minimum_version_id = 1,
- .minimum_version_id_old = 1,
- .fields = (VMStateField[]) {
- VMSTATE_INT32(last_clk, MilkymistMinimac2MdioState),
- VMSTATE_INT32(count, MilkymistMinimac2MdioState),
- VMSTATE_UINT32(data, MilkymistMinimac2MdioState),
- VMSTATE_UINT16(data_out, MilkymistMinimac2MdioState),
- VMSTATE_INT32(state, MilkymistMinimac2MdioState),
- VMSTATE_UINT8(phy_addr, MilkymistMinimac2MdioState),
- VMSTATE_UINT8(reg_addr, MilkymistMinimac2MdioState),
- VMSTATE_END_OF_LIST()
- }
-};
-
-static const VMStateDescription vmstate_milkymist_minimac2 = {
- .name = "milkymist-minimac2",
- .version_id = 1,
- .minimum_version_id = 1,
- .minimum_version_id_old = 1,
- .fields = (VMStateField[]) {
- VMSTATE_UINT32_ARRAY(regs, MilkymistMinimac2State, R_MAX),
- VMSTATE_UINT16_ARRAY(phy_regs, MilkymistMinimac2State, R_PHY_MAX),
- VMSTATE_STRUCT(mdio, MilkymistMinimac2State, 0,
- vmstate_milkymist_minimac2_mdio, MilkymistMinimac2MdioState),
- VMSTATE_END_OF_LIST()
- }
-};
-
-static Property milkymist_minimac2_properties[] = {
- DEFINE_PROP_TADDR("buffers_base", MilkymistMinimac2State,
- buffers_base, 0),
- DEFINE_NIC_PROPERTIES(MilkymistMinimac2State, conf),
- DEFINE_PROP_STRING("phy_model", MilkymistMinimac2State, phy_model),
- DEFINE_PROP_END_OF_LIST(),
-};
-
-static void milkymist_minimac2_class_init(ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS(klass);
- SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
-
- k->init = milkymist_minimac2_init;
- dc->reset = milkymist_minimac2_reset;
- dc->vmsd = &vmstate_milkymist_minimac2;
- dc->props = milkymist_minimac2_properties;
-}
-
-static TypeInfo milkymist_minimac2_info = {
- .name = "milkymist-minimac2",
- .parent = TYPE_SYS_BUS_DEVICE,
- .instance_size = sizeof(MilkymistMinimac2State),
- .class_init = milkymist_minimac2_class_init,
-};
-
-static void milkymist_minimac2_register_types(void)
-{
- type_register_static(&milkymist_minimac2_info);
-}
-
-type_init(milkymist_minimac2_register_types)
diff --git a/hw/milkymist-pfpu.c b/hw/milkymist-pfpu.c
deleted file mode 100644
index 450bab921..000000000
--- a/hw/milkymist-pfpu.c
+++ /dev/null
@@ -1,544 +0,0 @@
-/*
- * QEMU model of the Milkymist programmable FPU.
- *
- * Copyright (c) 2010 Michael Walle <michael@walle.cc>
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, see <http://www.gnu.org/licenses/>.
- *
- *
- * Specification available at:
- * http://www.milkymist.org/socdoc/pfpu.pdf
- *
- */
-
-#include "hw.h"
-#include "sysbus.h"
-#include "trace.h"
-#include "qemu-log.h"
-#include "qemu-error.h"
-#include <math.h>
-
-/* #define TRACE_EXEC */
-
-#ifdef TRACE_EXEC
-# define D_EXEC(x) x
-#else
-# define D_EXEC(x)
-#endif
-
-enum {
- R_CTL = 0,
- R_MESHBASE,
- R_HMESHLAST,
- R_VMESHLAST,
- R_CODEPAGE,
- R_VERTICES,
- R_COLLISIONS,
- R_STRAYWRITES,
- R_LASTDMA,
- R_PC,
- R_DREGBASE,
- R_CODEBASE,
- R_MAX
-};
-
-enum {
- CTL_START_BUSY = (1<<0),
-};
-
-enum {
- OP_NOP = 0,
- OP_FADD,
- OP_FSUB,
- OP_FMUL,
- OP_FABS,
- OP_F2I,
- OP_I2F,
- OP_VECTOUT,
- OP_SIN,
- OP_COS,
- OP_ABOVE,
- OP_EQUAL,
- OP_COPY,
- OP_IF,
- OP_TSIGN,
- OP_QUAKE,
-};
-
-enum {
- GPR_X = 0,
- GPR_Y = 1,
- GPR_FLAGS = 2,
-};
-
-enum {
- LATENCY_FADD = 5,
- LATENCY_FSUB = 5,
- LATENCY_FMUL = 7,
- LATENCY_FABS = 2,
- LATENCY_F2I = 2,
- LATENCY_I2F = 3,
- LATENCY_VECTOUT = 0,
- LATENCY_SIN = 4,
- LATENCY_COS = 4,
- LATENCY_ABOVE = 2,
- LATENCY_EQUAL = 2,
- LATENCY_COPY = 2,
- LATENCY_IF = 2,
- LATENCY_TSIGN = 2,
- LATENCY_QUAKE = 2,
- MAX_LATENCY = 7
-};
-
-#define GPR_BEGIN 0x100
-#define GPR_END 0x17f
-#define MICROCODE_BEGIN 0x200
-#define MICROCODE_END 0x3ff
-#define MICROCODE_WORDS 2048
-
-#define REINTERPRET_CAST(type, val) (*((type *)&(val)))
-
-#ifdef TRACE_EXEC
-static const char *opcode_to_str[] = {
- "NOP", "FADD", "FSUB", "FMUL", "FABS", "F2I", "I2F", "VECTOUT",
- "SIN", "COS", "ABOVE", "EQUAL", "COPY", "IF", "TSIGN", "QUAKE",
-};
-#endif
-
-struct MilkymistPFPUState {
- SysBusDevice busdev;
- MemoryRegion regs_region;
- CharDriverState *chr;
- qemu_irq irq;
-
- uint32_t regs[R_MAX];
- uint32_t gp_regs[128];
- uint32_t microcode[MICROCODE_WORDS];
-
- int output_queue_pos;
- uint32_t output_queue[MAX_LATENCY];
-};
-typedef struct MilkymistPFPUState MilkymistPFPUState;
-
-static inline hwaddr
-get_dma_address(uint32_t base, uint32_t x, uint32_t y)
-{
- return base + 8 * (128 * y + x);
-}
-
-static inline void
-output_queue_insert(MilkymistPFPUState *s, uint32_t val, int pos)
-{
- s->output_queue[(s->output_queue_pos + pos) % MAX_LATENCY] = val;
-}
-
-static inline uint32_t
-output_queue_remove(MilkymistPFPUState *s)
-{
- return s->output_queue[s->output_queue_pos];
-}
-
-static inline void
-output_queue_advance(MilkymistPFPUState *s)
-{
- s->output_queue[s->output_queue_pos] = 0;
- s->output_queue_pos = (s->output_queue_pos + 1) % MAX_LATENCY;
-}
-
-static int pfpu_decode_insn(MilkymistPFPUState *s)
-{
- uint32_t pc = s->regs[R_PC];
- uint32_t insn = s->microcode[pc];
- uint32_t reg_a = (insn >> 18) & 0x7f;
- uint32_t reg_b = (insn >> 11) & 0x7f;
- uint32_t op = (insn >> 7) & 0xf;
- uint32_t reg_d = insn & 0x7f;
- uint32_t r = 0;
- int latency = 0;
-
- switch (op) {
- case OP_NOP:
- break;
- case OP_FADD:
- {
- float a = REINTERPRET_CAST(float, s->gp_regs[reg_a]);
- float b = REINTERPRET_CAST(float, s->gp_regs[reg_b]);
- float t = a + b;
- r = REINTERPRET_CAST(uint32_t, t);
- latency = LATENCY_FADD;
- D_EXEC(qemu_log("ADD a=%f b=%f t=%f, r=%08x\n", a, b, t, r));
- } break;
- case OP_FSUB:
- {
- float a = REINTERPRET_CAST(float, s->gp_regs[reg_a]);
- float b = REINTERPRET_CAST(float, s->gp_regs[reg_b]);
- float t = a - b;
- r = REINTERPRET_CAST(uint32_t, t);
- latency = LATENCY_FSUB;
- D_EXEC(qemu_log("SUB a=%f b=%f t=%f, r=%08x\n", a, b, t, r));
- } break;
- case OP_FMUL:
- {
- float a = REINTERPRET_CAST(float, s->gp_regs[reg_a]);
- float b = REINTERPRET_CAST(float, s->gp_regs[reg_b]);
- float t = a * b;
- r = REINTERPRET_CAST(uint32_t, t);
- latency = LATENCY_FMUL;
- D_EXEC(qemu_log("MUL a=%f b=%f t=%f, r=%08x\n", a, b, t, r));
- } break;
- case OP_FABS:
- {
- float a = REINTERPRET_CAST(float, s->gp_regs[reg_a]);
- float t = fabsf(a);
- r = REINTERPRET_CAST(uint32_t, t);
- latency = LATENCY_FABS;
- D_EXEC(qemu_log("ABS a=%f t=%f, r=%08x\n", a, t, r));
- } break;
- case OP_F2I:
- {
- float a = REINTERPRET_CAST(float, s->gp_regs[reg_a]);
- int32_t t = a;
- r = REINTERPRET_CAST(uint32_t, t);
- latency = LATENCY_F2I;
- D_EXEC(qemu_log("F2I a=%f t=%d, r=%08x\n", a, t, r));
- } break;
- case OP_I2F:
- {
- int32_t a = REINTERPRET_CAST(int32_t, s->gp_regs[reg_a]);
- float t = a;
- r = REINTERPRET_CAST(uint32_t, t);
- latency = LATENCY_I2F;
- D_EXEC(qemu_log("I2F a=%08x t=%f, r=%08x\n", a, t, r));
- } break;
- case OP_VECTOUT:
- {
- uint32_t a = cpu_to_be32(s->gp_regs[reg_a]);
- uint32_t b = cpu_to_be32(s->gp_regs[reg_b]);
- hwaddr dma_ptr =
- get_dma_address(s->regs[R_MESHBASE],
- s->gp_regs[GPR_X], s->gp_regs[GPR_Y]);
- cpu_physical_memory_write(dma_ptr, (uint8_t *)&a, 4);
- cpu_physical_memory_write(dma_ptr + 4, (uint8_t *)&b, 4);
- s->regs[R_LASTDMA] = dma_ptr + 4;
- D_EXEC(qemu_log("VECTOUT a=%08x b=%08x dma=%08x\n", a, b, dma_ptr));
- trace_milkymist_pfpu_vectout(a, b, dma_ptr);
- } break;
- case OP_SIN:
- {
- int32_t a = REINTERPRET_CAST(int32_t, s->gp_regs[reg_a]);
- float t = sinf(a * (1.0f / (M_PI * 4096.0f)));
- r = REINTERPRET_CAST(uint32_t, t);
- latency = LATENCY_SIN;
- D_EXEC(qemu_log("SIN a=%d t=%f, r=%08x\n", a, t, r));
- } break;
- case OP_COS:
- {
- int32_t a = REINTERPRET_CAST(int32_t, s->gp_regs[reg_a]);
- float t = cosf(a * (1.0f / (M_PI * 4096.0f)));
- r = REINTERPRET_CAST(uint32_t, t);
- latency = LATENCY_COS;
- D_EXEC(qemu_log("COS a=%d t=%f, r=%08x\n", a, t, r));
- } break;
- case OP_ABOVE:
- {
- float a = REINTERPRET_CAST(float, s->gp_regs[reg_a]);
- float b = REINTERPRET_CAST(float, s->gp_regs[reg_b]);
- float t = (a > b) ? 1.0f : 0.0f;
- r = REINTERPRET_CAST(uint32_t, t);
- latency = LATENCY_ABOVE;
- D_EXEC(qemu_log("ABOVE a=%f b=%f t=%f, r=%08x\n", a, b, t, r));
- } break;
- case OP_EQUAL:
- {
- float a = REINTERPRET_CAST(float, s->gp_regs[reg_a]);
- float b = REINTERPRET_CAST(float, s->gp_regs[reg_b]);
- float t = (a == b) ? 1.0f : 0.0f;
- r = REINTERPRET_CAST(uint32_t, t);
- latency = LATENCY_EQUAL;
- D_EXEC(qemu_log("EQUAL a=%f b=%f t=%f, r=%08x\n", a, b, t, r));
- } break;
- case OP_COPY:
- {
- r = s->gp_regs[reg_a];
- latency = LATENCY_COPY;
- D_EXEC(qemu_log("COPY"));
- } break;
- case OP_IF:
- {
- float a = REINTERPRET_CAST(float, s->gp_regs[reg_a]);
- float b = REINTERPRET_CAST(float, s->gp_regs[reg_b]);
- uint32_t f = s->gp_regs[GPR_FLAGS];
- float t = (f != 0) ? a : b;
- r = REINTERPRET_CAST(uint32_t, t);
- latency = LATENCY_IF;
- D_EXEC(qemu_log("IF f=%u a=%f b=%f t=%f, r=%08x\n", f, a, b, t, r));
- } break;
- case OP_TSIGN:
- {
- float a = REINTERPRET_CAST(float, s->gp_regs[reg_a]);
- float b = REINTERPRET_CAST(float, s->gp_regs[reg_b]);
- float t = (b < 0) ? -a : a;
- r = REINTERPRET_CAST(uint32_t, t);
- latency = LATENCY_TSIGN;
- D_EXEC(qemu_log("TSIGN a=%f b=%f t=%f, r=%08x\n", a, b, t, r));
- } break;
- case OP_QUAKE:
- {
- uint32_t a = s->gp_regs[reg_a];
- r = 0x5f3759df - (a >> 1);
- latency = LATENCY_QUAKE;
- D_EXEC(qemu_log("QUAKE a=%d r=%08x\n", a, r));
- } break;
-
- default:
- error_report("milkymist_pfpu: unknown opcode %d", op);
- break;
- }
-
- if (!reg_d) {
- D_EXEC(qemu_log("%04d %8s R%03d, R%03d <L=%d, E=%04d>\n",
- s->regs[R_PC], opcode_to_str[op], reg_a, reg_b, latency,
- s->regs[R_PC] + latency));
- } else {
- D_EXEC(qemu_log("%04d %8s R%03d, R%03d <L=%d, E=%04d> -> R%03d\n",
- s->regs[R_PC], opcode_to_str[op], reg_a, reg_b, latency,
- s->regs[R_PC] + latency, reg_d));
- }
-
- if (op == OP_VECTOUT) {
- return 0;
- }
-
- /* store output for this cycle */
- if (reg_d) {
- uint32_t val = output_queue_remove(s);
- D_EXEC(qemu_log("R%03d <- 0x%08x\n", reg_d, val));
- s->gp_regs[reg_d] = val;
- }
-
- output_queue_advance(s);
-
- /* store op output */
- if (op != OP_NOP) {
- output_queue_insert(s, r, latency-1);
- }
-
- /* advance PC */
- s->regs[R_PC]++;
-
- return 1;
-};
-
-static void pfpu_start(MilkymistPFPUState *s)
-{
- int x, y;
- int i;
-
- for (y = 0; y <= s->regs[R_VMESHLAST]; y++) {
- for (x = 0; x <= s->regs[R_HMESHLAST]; x++) {
- D_EXEC(qemu_log("\nprocessing x=%d y=%d\n", x, y));
-
- /* set current position */
- s->gp_regs[GPR_X] = x;
- s->gp_regs[GPR_Y] = y;
-
- /* run microcode on this position */
- i = 0;
- while (pfpu_decode_insn(s)) {
- /* decode at most MICROCODE_WORDS instructions */
- if (i++ >= MICROCODE_WORDS) {
- error_report("milkymist_pfpu: too many instructions "
- "executed in microcode. No VECTOUT?");
- break;
- }
- }
-
- /* reset pc for next run */
- s->regs[R_PC] = 0;
- }
- }
-
- s->regs[R_VERTICES] = x * y;
-
- trace_milkymist_pfpu_pulse_irq();
- qemu_irq_pulse(s->irq);
-}
-
-static inline int get_microcode_address(MilkymistPFPUState *s, uint32_t addr)
-{
- return (512 * s->regs[R_CODEPAGE]) + addr - MICROCODE_BEGIN;
-}
-
-static uint64_t pfpu_read(void *opaque, hwaddr addr,
- unsigned size)
-{
- MilkymistPFPUState *s = opaque;
- uint32_t r = 0;
-
- addr >>= 2;
- switch (addr) {
- case R_CTL:
- case R_MESHBASE:
- case R_HMESHLAST:
- case R_VMESHLAST:
- case R_CODEPAGE:
- case R_VERTICES:
- case R_COLLISIONS:
- case R_STRAYWRITES:
- case R_LASTDMA:
- case R_PC:
- case R_DREGBASE:
- case R_CODEBASE:
- r = s->regs[addr];
- break;
- case GPR_BEGIN ... GPR_END:
- r = s->gp_regs[addr - GPR_BEGIN];
- break;
- case MICROCODE_BEGIN ... MICROCODE_END:
- r = s->microcode[get_microcode_address(s, addr)];
- break;
-
- default:
- error_report("milkymist_pfpu: read access to unknown register 0x"
- TARGET_FMT_plx, addr << 2);
- break;
- }
-
- trace_milkymist_pfpu_memory_read(addr << 2, r);
-
- return r;
-}
-
-static void pfpu_write(void *opaque, hwaddr addr, uint64_t value,
- unsigned size)
-{
- MilkymistPFPUState *s = opaque;
-
- trace_milkymist_pfpu_memory_write(addr, value);
-
- addr >>= 2;
- switch (addr) {
- case R_CTL:
- if (value & CTL_START_BUSY) {
- pfpu_start(s);
- }
- break;
- case R_MESHBASE:
- case R_HMESHLAST:
- case R_VMESHLAST:
- case R_CODEPAGE:
- case R_VERTICES:
- case R_COLLISIONS:
- case R_STRAYWRITES:
- case R_LASTDMA:
- case R_PC:
- case R_DREGBASE:
- case R_CODEBASE:
- s->regs[addr] = value;
- break;
- case GPR_BEGIN ... GPR_END:
- s->gp_regs[addr - GPR_BEGIN] = value;
- break;
- case MICROCODE_BEGIN ... MICROCODE_END:
- s->microcode[get_microcode_address(s, addr)] = value;
- break;
-
- default:
- error_report("milkymist_pfpu: write access to unknown register 0x"
- TARGET_FMT_plx, addr << 2);
- break;
- }
-}
-
-static const MemoryRegionOps pfpu_mmio_ops = {
- .read = pfpu_read,
- .write = pfpu_write,
- .valid = {
- .min_access_size = 4,
- .max_access_size = 4,
- },
- .endianness = DEVICE_NATIVE_ENDIAN,
-};
-
-static void milkymist_pfpu_reset(DeviceState *d)
-{
- MilkymistPFPUState *s = container_of(d, MilkymistPFPUState, busdev.qdev);
- int i;
-
- for (i = 0; i < R_MAX; i++) {
- s->regs[i] = 0;
- }
- for (i = 0; i < 128; i++) {
- s->gp_regs[i] = 0;
- }
- for (i = 0; i < MICROCODE_WORDS; i++) {
- s->microcode[i] = 0;
- }
- s->output_queue_pos = 0;
- for (i = 0; i < MAX_LATENCY; i++) {
- s->output_queue[i] = 0;
- }
-}
-
-static int milkymist_pfpu_init(SysBusDevice *dev)
-{
- MilkymistPFPUState *s = FROM_SYSBUS(typeof(*s), dev);
-
- sysbus_init_irq(dev, &s->irq);
-
- memory_region_init_io(&s->regs_region, &pfpu_mmio_ops, s,
- "milkymist-pfpu", MICROCODE_END * 4);
- sysbus_init_mmio(dev, &s->regs_region);
-
- return 0;
-}
-
-static const VMStateDescription vmstate_milkymist_pfpu = {
- .name = "milkymist-pfpu",
- .version_id = 1,
- .minimum_version_id = 1,
- .minimum_version_id_old = 1,
- .fields = (VMStateField[]) {
- VMSTATE_UINT32_ARRAY(regs, MilkymistPFPUState, R_MAX),
- VMSTATE_UINT32_ARRAY(gp_regs, MilkymistPFPUState, 128),
- VMSTATE_UINT32_ARRAY(microcode, MilkymistPFPUState, MICROCODE_WORDS),
- VMSTATE_INT32(output_queue_pos, MilkymistPFPUState),
- VMSTATE_UINT32_ARRAY(output_queue, MilkymistPFPUState, MAX_LATENCY),
- VMSTATE_END_OF_LIST()
- }
-};
-
-static void milkymist_pfpu_class_init(ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS(klass);
- SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
-
- k->init = milkymist_pfpu_init;
- dc->reset = milkymist_pfpu_reset;
- dc->vmsd = &vmstate_milkymist_pfpu;
-}
-
-static TypeInfo milkymist_pfpu_info = {
- .name = "milkymist-pfpu",
- .parent = TYPE_SYS_BUS_DEVICE,
- .instance_size = sizeof(MilkymistPFPUState),
- .class_init = milkymist_pfpu_class_init,
-};
-
-static void milkymist_pfpu_register_types(void)
-{
- type_register_static(&milkymist_pfpu_info);
-}
-
-type_init(milkymist_pfpu_register_types)
diff --git a/hw/milkymist-softusb.c b/hw/milkymist-softusb.c
deleted file mode 100644
index b162b88db..000000000
--- a/hw/milkymist-softusb.c
+++ /dev/null
@@ -1,331 +0,0 @@
-/*
- * QEMU model of the Milkymist SoftUSB block.
- *
- * Copyright (c) 2010 Michael Walle <michael@walle.cc>
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, see <http://www.gnu.org/licenses/>.
- *
- *
- * Specification available at:
- * not available yet
- */
-
-#include "hw.h"
-#include "sysbus.h"
-#include "trace.h"
-#include "console.h"
-#include "hid.h"
-#include "qemu-error.h"
-
-enum {
- R_CTRL = 0,
- R_MAX
-};
-
-enum {
- CTRL_RESET = (1<<0),
-};
-
-#define COMLOC_DEBUG_PRODUCE 0x1000
-#define COMLOC_DEBUG_BASE 0x1001
-#define COMLOC_MEVT_PRODUCE 0x1101
-#define COMLOC_MEVT_BASE 0x1102
-#define COMLOC_KEVT_PRODUCE 0x1142
-#define COMLOC_KEVT_BASE 0x1143
-
-struct MilkymistSoftUsbState {
- SysBusDevice busdev;
- HIDState hid_kbd;
- HIDState hid_mouse;
-
- MemoryRegion regs_region;
- MemoryRegion pmem;
- MemoryRegion dmem;
- qemu_irq irq;
-
- /* device properties */
- uint32_t pmem_base;
- uint32_t pmem_size;
- uint32_t dmem_base;
- uint32_t dmem_size;
-
- /* device registers */
- uint32_t regs[R_MAX];
-
- /* mouse state */
- uint8_t mouse_hid_buffer[4];
-
- /* keyboard state */
- uint8_t kbd_hid_buffer[8];
-};
-typedef struct MilkymistSoftUsbState MilkymistSoftUsbState;
-
-static uint64_t softusb_read(void *opaque, hwaddr addr,
- unsigned size)
-{
- MilkymistSoftUsbState *s = opaque;
- uint32_t r = 0;
-
- addr >>= 2;
- switch (addr) {
- case R_CTRL:
- r = s->regs[addr];
- break;
-
- default:
- error_report("milkymist_softusb: read access to unknown register 0x"
- TARGET_FMT_plx, addr << 2);
- break;
- }
-
- trace_milkymist_softusb_memory_read(addr << 2, r);
-
- return r;
-}
-
-static void
-softusb_write(void *opaque, hwaddr addr, uint64_t value,
- unsigned size)
-{
- MilkymistSoftUsbState *s = opaque;
-
- trace_milkymist_softusb_memory_write(addr, value);
-
- addr >>= 2;
- switch (addr) {
- case R_CTRL:
- s->regs[addr] = value;
- break;
-
- default:
- error_report("milkymist_softusb: write access to unknown register 0x"
- TARGET_FMT_plx, addr << 2);
- break;
- }
-}
-
-static const MemoryRegionOps softusb_mmio_ops = {
- .read = softusb_read,
- .write = softusb_write,
- .endianness = DEVICE_NATIVE_ENDIAN,
- .valid = {
- .min_access_size = 4,
- .max_access_size = 4,
- },
-};
-
-static inline void softusb_read_dmem(MilkymistSoftUsbState *s,
- uint32_t offset, uint8_t *buf, uint32_t len)
-{
- if (offset + len >= s->dmem_size) {
- error_report("milkymist_softusb: read dmem out of bounds "
- "at offset 0x%x, len %d", offset, len);
- return;
- }
-
- cpu_physical_memory_read(s->dmem_base + offset, buf, len);
-}
-
-static inline void softusb_write_dmem(MilkymistSoftUsbState *s,
- uint32_t offset, uint8_t *buf, uint32_t len)
-{
- if (offset + len >= s->dmem_size) {
- error_report("milkymist_softusb: write dmem out of bounds "
- "at offset 0x%x, len %d", offset, len);
- return;
- }
-
- cpu_physical_memory_write(s->dmem_base + offset, buf, len);
-}
-
-static inline void softusb_read_pmem(MilkymistSoftUsbState *s,
- uint32_t offset, uint8_t *buf, uint32_t len)
-{
- if (offset + len >= s->pmem_size) {
- error_report("milkymist_softusb: read pmem out of bounds "
- "at offset 0x%x, len %d", offset, len);
- return;
- }
-
- cpu_physical_memory_read(s->pmem_base + offset, buf, len);
-}
-
-static inline void softusb_write_pmem(MilkymistSoftUsbState *s,
- uint32_t offset, uint8_t *buf, uint32_t len)
-{
- if (offset + len >= s->pmem_size) {
- error_report("milkymist_softusb: write pmem out of bounds "
- "at offset 0x%x, len %d", offset, len);
- return;
- }
-
- cpu_physical_memory_write(s->pmem_base + offset, buf, len);
-}
-
-static void softusb_mouse_changed(MilkymistSoftUsbState *s)
-{
- uint8_t m;
-
- softusb_read_dmem(s, COMLOC_MEVT_PRODUCE, &m, 1);
- trace_milkymist_softusb_mevt(m);
- softusb_write_dmem(s, COMLOC_MEVT_BASE + 4 * m, s->mouse_hid_buffer, 4);
- m = (m + 1) & 0xf;
- softusb_write_dmem(s, COMLOC_MEVT_PRODUCE, &m, 1);
-
- trace_milkymist_softusb_pulse_irq();
- qemu_irq_pulse(s->irq);
-}
-
-static void softusb_kbd_changed(MilkymistSoftUsbState *s)
-{
- uint8_t m;
-
- softusb_read_dmem(s, COMLOC_KEVT_PRODUCE, &m, 1);
- trace_milkymist_softusb_kevt(m);
- softusb_write_dmem(s, COMLOC_KEVT_BASE + 8 * m, s->kbd_hid_buffer, 8);
- m = (m + 1) & 0x7;
- softusb_write_dmem(s, COMLOC_KEVT_PRODUCE, &m, 1);
-
- trace_milkymist_softusb_pulse_irq();
- qemu_irq_pulse(s->irq);
-}
-
-static void softusb_kbd_hid_datain(HIDState *hs)
-{
- MilkymistSoftUsbState *s = container_of(hs, MilkymistSoftUsbState, hid_kbd);
- int len;
-
- /* if device is in reset, do nothing */
- if (s->regs[R_CTRL] & CTRL_RESET) {
- return;
- }
-
- len = hid_keyboard_poll(hs, s->kbd_hid_buffer, sizeof(s->kbd_hid_buffer));
-
- if (len == 8) {
- softusb_kbd_changed(s);
- }
-}
-
-static void softusb_mouse_hid_datain(HIDState *hs)
-{
- MilkymistSoftUsbState *s =
- container_of(hs, MilkymistSoftUsbState, hid_mouse);
- int len;
-
- /* if device is in reset, do nothing */
- if (s->regs[R_CTRL] & CTRL_RESET) {
- return;
- }
-
- len = hid_pointer_poll(hs, s->mouse_hid_buffer,
- sizeof(s->mouse_hid_buffer));
-
- if (len == 4) {
- softusb_mouse_changed(s);
- }
-}
-
-static void milkymist_softusb_reset(DeviceState *d)
-{
- MilkymistSoftUsbState *s =
- container_of(d, MilkymistSoftUsbState, busdev.qdev);
- int i;
-
- for (i = 0; i < R_MAX; i++) {
- s->regs[i] = 0;
- }
- memset(s->kbd_hid_buffer, 0, sizeof(s->kbd_hid_buffer));
- memset(s->mouse_hid_buffer, 0, sizeof(s->mouse_hid_buffer));
-
- hid_reset(&s->hid_kbd);
- hid_reset(&s->hid_mouse);
-
- /* defaults */
- s->regs[R_CTRL] = CTRL_RESET;
-}
-
-static int milkymist_softusb_init(SysBusDevice *dev)
-{
- MilkymistSoftUsbState *s = FROM_SYSBUS(typeof(*s), dev);
-
- sysbus_init_irq(dev, &s->irq);
-
- memory_region_init_io(&s->regs_region, &softusb_mmio_ops, s,
- "milkymist-softusb", R_MAX * 4);
- sysbus_init_mmio(dev, &s->regs_region);
-
- /* register pmem and dmem */
- memory_region_init_ram(&s->pmem, "milkymist-softusb.pmem",
- s->pmem_size);
- vmstate_register_ram_global(&s->pmem);
- sysbus_add_memory(dev, s->pmem_base, &s->pmem);
- memory_region_init_ram(&s->dmem, "milkymist-softusb.dmem",
- s->dmem_size);
- vmstate_register_ram_global(&s->dmem);
- sysbus_add_memory(dev, s->dmem_base, &s->dmem);
-
- hid_init(&s->hid_kbd, HID_KEYBOARD, softusb_kbd_hid_datain);
- hid_init(&s->hid_mouse, HID_MOUSE, softusb_mouse_hid_datain);
-
- return 0;
-}
-
-static const VMStateDescription vmstate_milkymist_softusb = {
- .name = "milkymist-softusb",
- .version_id = 1,
- .minimum_version_id = 1,
- .minimum_version_id_old = 1,
- .fields = (VMStateField[]) {
- VMSTATE_UINT32_ARRAY(regs, MilkymistSoftUsbState, R_MAX),
- VMSTATE_HID_KEYBOARD_DEVICE(hid_kbd, MilkymistSoftUsbState),
- VMSTATE_HID_POINTER_DEVICE(hid_mouse, MilkymistSoftUsbState),
- VMSTATE_BUFFER(kbd_hid_buffer, MilkymistSoftUsbState),
- VMSTATE_BUFFER(mouse_hid_buffer, MilkymistSoftUsbState),
- VMSTATE_END_OF_LIST()
- }
-};
-
-static Property milkymist_softusb_properties[] = {
- DEFINE_PROP_UINT32("pmem_base", MilkymistSoftUsbState, pmem_base, 0xa0000000),
- DEFINE_PROP_UINT32("pmem_size", MilkymistSoftUsbState, pmem_size, 0x00001000),
- DEFINE_PROP_UINT32("dmem_base", MilkymistSoftUsbState, dmem_base, 0xa0020000),
- DEFINE_PROP_UINT32("dmem_size", MilkymistSoftUsbState, dmem_size, 0x00002000),
- DEFINE_PROP_END_OF_LIST(),
-};
-
-static void milkymist_softusb_class_init(ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS(klass);
- SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
-
- k->init = milkymist_softusb_init;
- dc->reset = milkymist_softusb_reset;
- dc->vmsd = &vmstate_milkymist_softusb;
- dc->props = milkymist_softusb_properties;
-}
-
-static TypeInfo milkymist_softusb_info = {
- .name = "milkymist-softusb",
- .parent = TYPE_SYS_BUS_DEVICE,
- .instance_size = sizeof(MilkymistSoftUsbState),
- .class_init = milkymist_softusb_class_init,
-};
-
-static void milkymist_softusb_register_types(void)
-{
- type_register_static(&milkymist_softusb_info);
-}
-
-type_init(milkymist_softusb_register_types)
diff --git a/hw/milkymist-sysctl.c b/hw/milkymist-sysctl.c
deleted file mode 100644
index f951ef9ca..000000000
--- a/hw/milkymist-sysctl.c
+++ /dev/null
@@ -1,338 +0,0 @@
-/*
- * QEMU model of the Milkymist System Controller.
- *
- * Copyright (c) 2010-2012 Michael Walle <michael@walle.cc>
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, see <http://www.gnu.org/licenses/>.
- *
- *
- * Specification available at:
- * http://www.milkymist.org/socdoc/sysctl.pdf
- */
-
-#include "hw.h"
-#include "sysbus.h"
-#include "sysemu.h"
-#include "trace.h"
-#include "qemu-timer.h"
-#include "ptimer.h"
-#include "qemu-error.h"
-
-enum {
- CTRL_ENABLE = (1<<0),
- CTRL_AUTORESTART = (1<<1),
-};
-
-enum {
- ICAP_READY = (1<<0),
-};
-
-enum {
- R_GPIO_IN = 0,
- R_GPIO_OUT,
- R_GPIO_INTEN,
- R_TIMER0_CONTROL = 4,
- R_TIMER0_COMPARE,
- R_TIMER0_COUNTER,
- R_TIMER1_CONTROL = 8,
- R_TIMER1_COMPARE,
- R_TIMER1_COUNTER,
- R_ICAP = 16,
- R_DBG_SCRATCHPAD = 20,
- R_DBG_WRITE_LOCK,
- R_CLK_FREQUENCY = 29,
- R_CAPABILITIES,
- R_SYSTEM_ID,
- R_MAX
-};
-
-struct MilkymistSysctlState {
- SysBusDevice busdev;
- MemoryRegion regs_region;
-
- QEMUBH *bh0;
- QEMUBH *bh1;
- ptimer_state *ptimer0;
- ptimer_state *ptimer1;
-
- uint32_t freq_hz;
- uint32_t capabilities;
- uint32_t systemid;
- uint32_t strappings;
-
- uint32_t regs[R_MAX];
-
- qemu_irq gpio_irq;
- qemu_irq timer0_irq;
- qemu_irq timer1_irq;
-};
-typedef struct MilkymistSysctlState MilkymistSysctlState;
-
-static void sysctl_icap_write(MilkymistSysctlState *s, uint32_t value)
-{
- trace_milkymist_sysctl_icap_write(value);
- switch (value & 0xffff) {
- case 0x000e:
- qemu_system_shutdown_request();
- break;
- }
-}
-
-static uint64_t sysctl_read(void *opaque, hwaddr addr,
- unsigned size)
-{
- MilkymistSysctlState *s = opaque;
- uint32_t r = 0;
-
- addr >>= 2;
- switch (addr) {
- case R_TIMER0_COUNTER:
- r = (uint32_t)ptimer_get_count(s->ptimer0);
- /* milkymist timer counts up */
- r = s->regs[R_TIMER0_COMPARE] - r;
- break;
- case R_TIMER1_COUNTER:
- r = (uint32_t)ptimer_get_count(s->ptimer1);
- /* milkymist timer counts up */
- r = s->regs[R_TIMER1_COMPARE] - r;
- break;
- case R_GPIO_IN:
- case R_GPIO_OUT:
- case R_GPIO_INTEN:
- case R_TIMER0_CONTROL:
- case R_TIMER0_COMPARE:
- case R_TIMER1_CONTROL:
- case R_TIMER1_COMPARE:
- case R_ICAP:
- case R_DBG_SCRATCHPAD:
- case R_DBG_WRITE_LOCK:
- case R_CLK_FREQUENCY:
- case R_CAPABILITIES:
- case R_SYSTEM_ID:
- r = s->regs[addr];
- break;
-
- default:
- error_report("milkymist_sysctl: read access to unknown register 0x"
- TARGET_FMT_plx, addr << 2);
- break;
- }
-
- trace_milkymist_sysctl_memory_read(addr << 2, r);
-
- return r;
-}
-
-static void sysctl_write(void *opaque, hwaddr addr, uint64_t value,
- unsigned size)
-{
- MilkymistSysctlState *s = opaque;
-
- trace_milkymist_sysctl_memory_write(addr, value);
-
- addr >>= 2;
- switch (addr) {
- case R_GPIO_OUT:
- case R_GPIO_INTEN:
- case R_TIMER0_COUNTER:
- case R_TIMER1_COUNTER:
- case R_DBG_SCRATCHPAD:
- s->regs[addr] = value;
- break;
- case R_TIMER0_COMPARE:
- ptimer_set_limit(s->ptimer0, value, 0);
- s->regs[addr] = value;
- break;
- case R_TIMER1_COMPARE:
- ptimer_set_limit(s->ptimer1, value, 0);
- s->regs[addr] = value;
- break;
- case R_TIMER0_CONTROL:
- s->regs[addr] = value;
- if (s->regs[R_TIMER0_CONTROL] & CTRL_ENABLE) {
- trace_milkymist_sysctl_start_timer0();
- ptimer_set_count(s->ptimer0,
- s->regs[R_TIMER0_COMPARE] - s->regs[R_TIMER0_COUNTER]);
- ptimer_run(s->ptimer0, 0);
- } else {
- trace_milkymist_sysctl_stop_timer0();
- ptimer_stop(s->ptimer0);
- }
- break;
- case R_TIMER1_CONTROL:
- s->regs[addr] = value;
- if (s->regs[R_TIMER1_CONTROL] & CTRL_ENABLE) {
- trace_milkymist_sysctl_start_timer1();
- ptimer_set_count(s->ptimer1,
- s->regs[R_TIMER1_COMPARE] - s->regs[R_TIMER1_COUNTER]);
- ptimer_run(s->ptimer1, 0);
- } else {
- trace_milkymist_sysctl_stop_timer1();
- ptimer_stop(s->ptimer1);
- }
- break;
- case R_ICAP:
- sysctl_icap_write(s, value);
- break;
- case R_DBG_WRITE_LOCK:
- s->regs[addr] = 1;
- break;
- case R_SYSTEM_ID:
- qemu_system_reset_request();
- break;
-
- case R_GPIO_IN:
- case R_CLK_FREQUENCY:
- case R_CAPABILITIES:
- error_report("milkymist_sysctl: write to read-only register 0x"
- TARGET_FMT_plx, addr << 2);
- break;
-
- default:
- error_report("milkymist_sysctl: write access to unknown register 0x"
- TARGET_FMT_plx, addr << 2);
- break;
- }
-}
-
-static const MemoryRegionOps sysctl_mmio_ops = {
- .read = sysctl_read,
- .write = sysctl_write,
- .valid = {
- .min_access_size = 4,
- .max_access_size = 4,
- },
- .endianness = DEVICE_NATIVE_ENDIAN,
-};
-
-static void timer0_hit(void *opaque)
-{
- MilkymistSysctlState *s = opaque;
-
- if (!(s->regs[R_TIMER0_CONTROL] & CTRL_AUTORESTART)) {
- s->regs[R_TIMER0_CONTROL] &= ~CTRL_ENABLE;
- trace_milkymist_sysctl_stop_timer0();
- ptimer_stop(s->ptimer0);
- }
-
- trace_milkymist_sysctl_pulse_irq_timer0();
- qemu_irq_pulse(s->timer0_irq);
-}
-
-static void timer1_hit(void *opaque)
-{
- MilkymistSysctlState *s = opaque;
-
- if (!(s->regs[R_TIMER1_CONTROL] & CTRL_AUTORESTART)) {
- s->regs[R_TIMER1_CONTROL] &= ~CTRL_ENABLE;
- trace_milkymist_sysctl_stop_timer1();
- ptimer_stop(s->ptimer1);
- }
-
- trace_milkymist_sysctl_pulse_irq_timer1();
- qemu_irq_pulse(s->timer1_irq);
-}
-
-static void milkymist_sysctl_reset(DeviceState *d)
-{
- MilkymistSysctlState *s =
- container_of(d, MilkymistSysctlState, busdev.qdev);
- int i;
-
- for (i = 0; i < R_MAX; i++) {
- s->regs[i] = 0;
- }
-
- ptimer_stop(s->ptimer0);
- ptimer_stop(s->ptimer1);
-
- /* defaults */
- s->regs[R_ICAP] = ICAP_READY;
- s->regs[R_SYSTEM_ID] = s->systemid;
- s->regs[R_CLK_FREQUENCY] = s->freq_hz;
- s->regs[R_CAPABILITIES] = s->capabilities;
- s->regs[R_GPIO_IN] = s->strappings;
-}
-
-static int milkymist_sysctl_init(SysBusDevice *dev)
-{
- MilkymistSysctlState *s = FROM_SYSBUS(typeof(*s), dev);
-
- sysbus_init_irq(dev, &s->gpio_irq);
- sysbus_init_irq(dev, &s->timer0_irq);
- sysbus_init_irq(dev, &s->timer1_irq);
-
- s->bh0 = qemu_bh_new(timer0_hit, s);
- s->bh1 = qemu_bh_new(timer1_hit, s);
- s->ptimer0 = ptimer_init(s->bh0);
- s->ptimer1 = ptimer_init(s->bh1);
- ptimer_set_freq(s->ptimer0, s->freq_hz);
- ptimer_set_freq(s->ptimer1, s->freq_hz);
-
- memory_region_init_io(&s->regs_region, &sysctl_mmio_ops, s,
- "milkymist-sysctl", R_MAX * 4);
- sysbus_init_mmio(dev, &s->regs_region);
-
- return 0;
-}
-
-static const VMStateDescription vmstate_milkymist_sysctl = {
- .name = "milkymist-sysctl",
- .version_id = 1,
- .minimum_version_id = 1,
- .minimum_version_id_old = 1,
- .fields = (VMStateField[]) {
- VMSTATE_UINT32_ARRAY(regs, MilkymistSysctlState, R_MAX),
- VMSTATE_PTIMER(ptimer0, MilkymistSysctlState),
- VMSTATE_PTIMER(ptimer1, MilkymistSysctlState),
- VMSTATE_END_OF_LIST()
- }
-};
-
-static Property milkymist_sysctl_properties[] = {
- DEFINE_PROP_UINT32("frequency", MilkymistSysctlState,
- freq_hz, 80000000),
- DEFINE_PROP_UINT32("capabilities", MilkymistSysctlState,
- capabilities, 0x00000000),
- DEFINE_PROP_UINT32("systemid", MilkymistSysctlState,
- systemid, 0x10014d31),
- DEFINE_PROP_UINT32("gpio_strappings", MilkymistSysctlState,
- strappings, 0x00000001),
- DEFINE_PROP_END_OF_LIST(),
-};
-
-static void milkymist_sysctl_class_init(ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS(klass);
- SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
-
- k->init = milkymist_sysctl_init;
- dc->reset = milkymist_sysctl_reset;
- dc->vmsd = &vmstate_milkymist_sysctl;
- dc->props = milkymist_sysctl_properties;
-}
-
-static TypeInfo milkymist_sysctl_info = {
- .name = "milkymist-sysctl",
- .parent = TYPE_SYS_BUS_DEVICE,
- .instance_size = sizeof(MilkymistSysctlState),
- .class_init = milkymist_sysctl_class_init,
-};
-
-static void milkymist_sysctl_register_types(void)
-{
- type_register_static(&milkymist_sysctl_info);
-}
-
-type_init(milkymist_sysctl_register_types)
diff --git a/hw/milkymist-tmu2.c b/hw/milkymist-tmu2.c
deleted file mode 100644
index 3f9a684ed..000000000
--- a/hw/milkymist-tmu2.c
+++ /dev/null
@@ -1,490 +0,0 @@
-/*
- * QEMU model of the Milkymist texture mapping unit.
- *
- * Copyright (c) 2010 Michael Walle <michael@walle.cc>
- * Copyright (c) 2010 Sebastien Bourdeauducq
- * <sebastien.bourdeauducq@lekernel.net>
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, see <http://www.gnu.org/licenses/>.
- *
- *
- * Specification available at:
- * http://www.milkymist.org/socdoc/tmu2.pdf
- *
- */
-
-#include "hw.h"
-#include "sysbus.h"
-#include "trace.h"
-#include "qemu-error.h"
-
-#include <X11/Xlib.h>
-#include <GL/gl.h>
-#include <GL/glx.h>
-
-enum {
- R_CTL = 0,
- R_HMESHLAST,
- R_VMESHLAST,
- R_BRIGHTNESS,
- R_CHROMAKEY,
- R_VERTICESADDR,
- R_TEXFBUF,
- R_TEXHRES,
- R_TEXVRES,
- R_TEXHMASK,
- R_TEXVMASK,
- R_DSTFBUF,
- R_DSTHRES,
- R_DSTVRES,
- R_DSTHOFFSET,
- R_DSTVOFFSET,
- R_DSTSQUAREW,
- R_DSTSQUAREH,
- R_ALPHA,
- R_MAX
-};
-
-enum {
- CTL_START_BUSY = (1<<0),
- CTL_CHROMAKEY = (1<<1),
-};
-
-enum {
- MAX_BRIGHTNESS = 63,
- MAX_ALPHA = 63,
-};
-
-enum {
- MESH_MAXSIZE = 128,
-};
-
-struct vertex {
- int x;
- int y;
-} QEMU_PACKED;
-
-struct MilkymistTMU2State {
- SysBusDevice busdev;
- MemoryRegion regs_region;
- CharDriverState *chr;
- qemu_irq irq;
-
- uint32_t regs[R_MAX];
-
- Display *dpy;
- GLXFBConfig glx_fb_config;
- GLXContext glx_context;
-};
-typedef struct MilkymistTMU2State MilkymistTMU2State;
-
-static const int glx_fbconfig_attr[] = {
- GLX_GREEN_SIZE, 5,
- GLX_GREEN_SIZE, 6,
- GLX_BLUE_SIZE, 5,
- None
-};
-
-static int tmu2_glx_init(MilkymistTMU2State *s)
-{
- GLXFBConfig *configs;
- int nelements;
-
- s->dpy = XOpenDisplay(NULL); /* FIXME: call XCloseDisplay() */
- if (s->dpy == NULL) {
- return 1;
- }
-
- configs = glXChooseFBConfig(s->dpy, 0, glx_fbconfig_attr, &nelements);
- if (configs == NULL) {
- return 1;
- }
-
- s->glx_fb_config = *configs;
- XFree(configs);
-
- /* FIXME: call glXDestroyContext() */
- s->glx_context = glXCreateNewContext(s->dpy, s->glx_fb_config,
- GLX_RGBA_TYPE, NULL, 1);
- if (s->glx_context == NULL) {
- return 1;
- }
-
- return 0;
-}
-
-static void tmu2_gl_map(struct vertex *mesh, int texhres, int texvres,
- int hmeshlast, int vmeshlast, int ho, int vo, int sw, int sh)
-{
- int x, y;
- int x0, y0, x1, y1;
- int u0, v0, u1, v1, u2, v2, u3, v3;
- double xscale = 1.0 / ((double)(64 * texhres));
- double yscale = 1.0 / ((double)(64 * texvres));
-
- glLoadIdentity();
- glTranslatef(ho, vo, 0);
- glEnable(GL_TEXTURE_2D);
- glBegin(GL_QUADS);
-
- for (y = 0; y < vmeshlast; y++) {
- y0 = y * sh;
- y1 = y0 + sh;
- for (x = 0; x < hmeshlast; x++) {
- x0 = x * sw;
- x1 = x0 + sw;
-
- u0 = be32_to_cpu(mesh[MESH_MAXSIZE * y + x].x);
- v0 = be32_to_cpu(mesh[MESH_MAXSIZE * y + x].y);
- u1 = be32_to_cpu(mesh[MESH_MAXSIZE * y + x + 1].x);
- v1 = be32_to_cpu(mesh[MESH_MAXSIZE * y + x + 1].y);
- u2 = be32_to_cpu(mesh[MESH_MAXSIZE * (y + 1) + x + 1].x);
- v2 = be32_to_cpu(mesh[MESH_MAXSIZE * (y + 1) + x + 1].y);
- u3 = be32_to_cpu(mesh[MESH_MAXSIZE * (y + 1) + x].x);
- v3 = be32_to_cpu(mesh[MESH_MAXSIZE * (y + 1) + x].y);
-
- glTexCoord2d(((double)u0) * xscale, ((double)v0) * yscale);
- glVertex3i(x0, y0, 0);
- glTexCoord2d(((double)u1) * xscale, ((double)v1) * yscale);
- glVertex3i(x1, y0, 0);
- glTexCoord2d(((double)u2) * xscale, ((double)v2) * yscale);
- glVertex3i(x1, y1, 0);
- glTexCoord2d(((double)u3) * xscale, ((double)v3) * yscale);
- glVertex3i(x0, y1, 0);
- }
- }
-
- glEnd();
-}
-
-static void tmu2_start(MilkymistTMU2State *s)
-{
- int pbuffer_attrib[6] = {
- GLX_PBUFFER_WIDTH,
- 0,
- GLX_PBUFFER_HEIGHT,
- 0,
- GLX_PRESERVED_CONTENTS,
- True
- };
-
- GLXPbuffer pbuffer;
- GLuint texture;
- void *fb;
- hwaddr fb_len;
- void *mesh;
- hwaddr mesh_len;
- float m;
-
- trace_milkymist_tmu2_start();
-
- /* Create and set up a suitable OpenGL context */
- pbuffer_attrib[1] = s->regs[R_DSTHRES];
- pbuffer_attrib[3] = s->regs[R_DSTVRES];
- pbuffer = glXCreatePbuffer(s->dpy, s->glx_fb_config, pbuffer_attrib);
- glXMakeContextCurrent(s->dpy, pbuffer, pbuffer, s->glx_context);
-
- /* Fixup endianness. TODO: would it work on BE hosts? */
- glPixelStorei(GL_UNPACK_SWAP_BYTES, 1);
- glPixelStorei(GL_PACK_SWAP_BYTES, 1);
-
- /* Row alignment */
- glPixelStorei(GL_UNPACK_ALIGNMENT, 2);
- glPixelStorei(GL_PACK_ALIGNMENT, 2);
-
- /* Read the QEMU source framebuffer into an OpenGL texture */
- glGenTextures(1, &texture);
- glBindTexture(GL_TEXTURE_2D, texture);
- fb_len = 2*s->regs[R_TEXHRES]*s->regs[R_TEXVRES];
- fb = cpu_physical_memory_map(s->regs[R_TEXFBUF], &fb_len, 0);
- if (fb == NULL) {
- glDeleteTextures(1, &texture);
- glXMakeContextCurrent(s->dpy, None, None, NULL);
- glXDestroyPbuffer(s->dpy, pbuffer);
- return;
- }
- glTexImage2D(GL_TEXTURE_2D, 0, 3, s->regs[R_TEXHRES], s->regs[R_TEXVRES],
- 0, GL_RGB, GL_UNSIGNED_SHORT_5_6_5, fb);
- cpu_physical_memory_unmap(fb, fb_len, 0, fb_len);
-
- /* Set up texturing options */
- /* WARNING:
- * Many cases of TMU2 masking are not supported by OpenGL.
- * We only implement the most common ones:
- * - full bilinear filtering vs. nearest texel
- * - texture clamping vs. texture wrapping
- */
- if ((s->regs[R_TEXHMASK] & 0x3f) > 0x20) {
- glTexParameteri(GL_TEXTURE_2D, GL_TEXTURE_MIN_FILTER, GL_LINEAR);
- glTexParameteri(GL_TEXTURE_2D, GL_TEXTURE_MAG_FILTER, GL_LINEAR);
- } else {
- glTexParameteri(GL_TEXTURE_2D, GL_TEXTURE_MIN_FILTER, GL_NEAREST);
- glTexParameteri(GL_TEXTURE_2D, GL_TEXTURE_MAG_FILTER, GL_NEAREST);
- }
- if ((s->regs[R_TEXHMASK] >> 6) & s->regs[R_TEXHRES]) {
- glTexParameteri(GL_TEXTURE_2D, GL_TEXTURE_WRAP_S, GL_CLAMP);
- } else {
- glTexParameteri(GL_TEXTURE_2D, GL_TEXTURE_WRAP_S, GL_REPEAT);
- }
- if ((s->regs[R_TEXVMASK] >> 6) & s->regs[R_TEXVRES]) {
- glTexParameteri(GL_TEXTURE_2D, GL_TEXTURE_WRAP_T, GL_CLAMP);
- } else {
- glTexParameteri(GL_TEXTURE_2D, GL_TEXTURE_WRAP_T, GL_REPEAT);
- }
-
- /* Translucency and decay */
- glEnable(GL_BLEND);
- glBlendFunc(GL_SRC_ALPHA, GL_ONE_MINUS_SRC_ALPHA);
- m = (float)(s->regs[R_BRIGHTNESS] + 1) / 64.0f;
- glColor4f(m, m, m, (float)(s->regs[R_ALPHA] + 1) / 64.0f);
-
- /* Read the QEMU dest. framebuffer into the OpenGL framebuffer */
- fb_len = 2 * s->regs[R_DSTHRES] * s->regs[R_DSTVRES];
- fb = cpu_physical_memory_map(s->regs[R_DSTFBUF], &fb_len, 0);
- if (fb == NULL) {
- glDeleteTextures(1, &texture);
- glXMakeContextCurrent(s->dpy, None, None, NULL);
- glXDestroyPbuffer(s->dpy, pbuffer);
- return;
- }
-
- glDrawPixels(s->regs[R_DSTHRES], s->regs[R_DSTVRES], GL_RGB,
- GL_UNSIGNED_SHORT_5_6_5, fb);
- cpu_physical_memory_unmap(fb, fb_len, 0, fb_len);
- glViewport(0, 0, s->regs[R_DSTHRES], s->regs[R_DSTVRES]);
- glMatrixMode(GL_PROJECTION);
- glLoadIdentity();
- glOrtho(0.0, s->regs[R_DSTHRES], 0.0, s->regs[R_DSTVRES], -1.0, 1.0);
- glMatrixMode(GL_MODELVIEW);
-
- /* Map the texture */
- mesh_len = MESH_MAXSIZE*MESH_MAXSIZE*sizeof(struct vertex);
- mesh = cpu_physical_memory_map(s->regs[R_VERTICESADDR], &mesh_len, 0);
- if (mesh == NULL) {
- glDeleteTextures(1, &texture);
- glXMakeContextCurrent(s->dpy, None, None, NULL);
- glXDestroyPbuffer(s->dpy, pbuffer);
- return;
- }
-
- tmu2_gl_map((struct vertex *)mesh,
- s->regs[R_TEXHRES], s->regs[R_TEXVRES],
- s->regs[R_HMESHLAST], s->regs[R_VMESHLAST],
- s->regs[R_DSTHOFFSET], s->regs[R_DSTVOFFSET],
- s->regs[R_DSTSQUAREW], s->regs[R_DSTSQUAREH]);
- cpu_physical_memory_unmap(mesh, mesh_len, 0, mesh_len);
-
- /* Write back the OpenGL framebuffer to the QEMU framebuffer */
- fb_len = 2 * s->regs[R_DSTHRES] * s->regs[R_DSTVRES];
- fb = cpu_physical_memory_map(s->regs[R_DSTFBUF], &fb_len, 1);
- if (fb == NULL) {
- glDeleteTextures(1, &texture);
- glXMakeContextCurrent(s->dpy, None, None, NULL);
- glXDestroyPbuffer(s->dpy, pbuffer);
- return;
- }
-
- glReadPixels(0, 0, s->regs[R_DSTHRES], s->regs[R_DSTVRES], GL_RGB,
- GL_UNSIGNED_SHORT_5_6_5, fb);
- cpu_physical_memory_unmap(fb, fb_len, 1, fb_len);
-
- /* Free OpenGL allocs */
- glDeleteTextures(1, &texture);
- glXMakeContextCurrent(s->dpy, None, None, NULL);
- glXDestroyPbuffer(s->dpy, pbuffer);
-
- s->regs[R_CTL] &= ~CTL_START_BUSY;
-
- trace_milkymist_tmu2_pulse_irq();
- qemu_irq_pulse(s->irq);
-}
-
-static uint64_t tmu2_read(void *opaque, hwaddr addr,
- unsigned size)
-{
- MilkymistTMU2State *s = opaque;
- uint32_t r = 0;
-
- addr >>= 2;
- switch (addr) {
- case R_CTL:
- case R_HMESHLAST:
- case R_VMESHLAST:
- case R_BRIGHTNESS:
- case R_CHROMAKEY:
- case R_VERTICESADDR:
- case R_TEXFBUF:
- case R_TEXHRES:
- case R_TEXVRES:
- case R_TEXHMASK:
- case R_TEXVMASK:
- case R_DSTFBUF:
- case R_DSTHRES:
- case R_DSTVRES:
- case R_DSTHOFFSET:
- case R_DSTVOFFSET:
- case R_DSTSQUAREW:
- case R_DSTSQUAREH:
- case R_ALPHA:
- r = s->regs[addr];
- break;
-
- default:
- error_report("milkymist_tmu2: read access to unknown register 0x"
- TARGET_FMT_plx, addr << 2);
- break;
- }
-
- trace_milkymist_tmu2_memory_read(addr << 2, r);
-
- return r;
-}
-
-static void tmu2_check_registers(MilkymistTMU2State *s)
-{
- if (s->regs[R_BRIGHTNESS] > MAX_BRIGHTNESS) {
- error_report("milkymist_tmu2: max brightness is %d", MAX_BRIGHTNESS);
- }
-
- if (s->regs[R_ALPHA] > MAX_ALPHA) {
- error_report("milkymist_tmu2: max alpha is %d", MAX_ALPHA);
- }
-
- if (s->regs[R_VERTICESADDR] & 0x07) {
- error_report("milkymist_tmu2: vertex mesh address has to be 64-bit "
- "aligned");
- }
-
- if (s->regs[R_TEXFBUF] & 0x01) {
- error_report("milkymist_tmu2: texture buffer address has to be "
- "16-bit aligned");
- }
-}
-
-static void tmu2_write(void *opaque, hwaddr addr, uint64_t value,
- unsigned size)
-{
- MilkymistTMU2State *s = opaque;
-
- trace_milkymist_tmu2_memory_write(addr, value);
-
- addr >>= 2;
- switch (addr) {
- case R_CTL:
- s->regs[addr] = value;
- if (value & CTL_START_BUSY) {
- tmu2_start(s);
- }
- break;
- case R_BRIGHTNESS:
- case R_HMESHLAST:
- case R_VMESHLAST:
- case R_CHROMAKEY:
- case R_VERTICESADDR:
- case R_TEXFBUF:
- case R_TEXHRES:
- case R_TEXVRES:
- case R_TEXHMASK:
- case R_TEXVMASK:
- case R_DSTFBUF:
- case R_DSTHRES:
- case R_DSTVRES:
- case R_DSTHOFFSET:
- case R_DSTVOFFSET:
- case R_DSTSQUAREW:
- case R_DSTSQUAREH:
- case R_ALPHA:
- s->regs[addr] = value;
- break;
-
- default:
- error_report("milkymist_tmu2: write access to unknown register 0x"
- TARGET_FMT_plx, addr << 2);
- break;
- }
-
- tmu2_check_registers(s);
-}
-
-static const MemoryRegionOps tmu2_mmio_ops = {
- .read = tmu2_read,
- .write = tmu2_write,
- .valid = {
- .min_access_size = 4,
- .max_access_size = 4,
- },
- .endianness = DEVICE_NATIVE_ENDIAN,
-};
-
-static void milkymist_tmu2_reset(DeviceState *d)
-{
- MilkymistTMU2State *s = container_of(d, MilkymistTMU2State, busdev.qdev);
- int i;
-
- for (i = 0; i < R_MAX; i++) {
- s->regs[i] = 0;
- }
-}
-
-static int milkymist_tmu2_init(SysBusDevice *dev)
-{
- MilkymistTMU2State *s = FROM_SYSBUS(typeof(*s), dev);
-
- if (tmu2_glx_init(s)) {
- return 1;
- }
-
- sysbus_init_irq(dev, &s->irq);
-
- memory_region_init_io(&s->regs_region, &tmu2_mmio_ops, s,
- "milkymist-tmu2", R_MAX * 4);
- sysbus_init_mmio(dev, &s->regs_region);
-
- return 0;
-}
-
-static const VMStateDescription vmstate_milkymist_tmu2 = {
- .name = "milkymist-tmu2",
- .version_id = 1,
- .minimum_version_id = 1,
- .minimum_version_id_old = 1,
- .fields = (VMStateField[]) {
- VMSTATE_UINT32_ARRAY(regs, MilkymistTMU2State, R_MAX),
- VMSTATE_END_OF_LIST()
- }
-};
-
-static void milkymist_tmu2_class_init(ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS(klass);
- SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
-
- k->init = milkymist_tmu2_init;
- dc->reset = milkymist_tmu2_reset;
- dc->vmsd = &vmstate_milkymist_tmu2;
-}
-
-static TypeInfo milkymist_tmu2_info = {
- .name = "milkymist-tmu2",
- .parent = TYPE_SYS_BUS_DEVICE,
- .instance_size = sizeof(MilkymistTMU2State),
- .class_init = milkymist_tmu2_class_init,
-};
-
-static void milkymist_tmu2_register_types(void)
-{
- type_register_static(&milkymist_tmu2_info);
-}
-
-type_init(milkymist_tmu2_register_types)
diff --git a/hw/milkymist-uart.c b/hw/milkymist-uart.c
deleted file mode 100644
index aefa8c7f1..000000000
--- a/hw/milkymist-uart.c
+++ /dev/null
@@ -1,243 +0,0 @@
-/*
- * QEMU model of the Milkymist UART block.
- *
- * Copyright (c) 2010 Michael Walle <michael@walle.cc>
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, see <http://www.gnu.org/licenses/>.
- *
- *
- * Specification available at:
- * http://www.milkymist.org/socdoc/uart.pdf
- */
-
-#include "hw.h"
-#include "sysbus.h"
-#include "trace.h"
-#include "qemu-char.h"
-#include "qemu-error.h"
-
-enum {
- R_RXTX = 0,
- R_DIV,
- R_STAT,
- R_CTRL,
- R_DBG,
- R_MAX
-};
-
-enum {
- STAT_THRE = (1<<0),
- STAT_RX_EVT = (1<<1),
- STAT_TX_EVT = (1<<2),
-};
-
-enum {
- CTRL_RX_IRQ_EN = (1<<0),
- CTRL_TX_IRQ_EN = (1<<1),
- CTRL_THRU_EN = (1<<2),
-};
-
-enum {
- DBG_BREAK_EN = (1<<0),
-};
-
-struct MilkymistUartState {
- SysBusDevice busdev;
- MemoryRegion regs_region;
- CharDriverState *chr;
- qemu_irq irq;
-
- uint32_t regs[R_MAX];
-};
-typedef struct MilkymistUartState MilkymistUartState;
-
-static void uart_update_irq(MilkymistUartState *s)
-{
- int rx_event = s->regs[R_STAT] & STAT_RX_EVT;
- int tx_event = s->regs[R_STAT] & STAT_TX_EVT;
- int rx_irq_en = s->regs[R_CTRL] & CTRL_RX_IRQ_EN;
- int tx_irq_en = s->regs[R_CTRL] & CTRL_TX_IRQ_EN;
-
- if ((rx_irq_en && rx_event) || (tx_irq_en && tx_event)) {
- trace_milkymist_uart_raise_irq();
- qemu_irq_raise(s->irq);
- } else {
- trace_milkymist_uart_lower_irq();
- qemu_irq_lower(s->irq);
- }
-}
-
-static uint64_t uart_read(void *opaque, hwaddr addr,
- unsigned size)
-{
- MilkymistUartState *s = opaque;
- uint32_t r = 0;
-
- addr >>= 2;
- switch (addr) {
- case R_RXTX:
- r = s->regs[addr];
- break;
- case R_DIV:
- case R_STAT:
- case R_CTRL:
- case R_DBG:
- r = s->regs[addr];
- break;
-
- default:
- error_report("milkymist_uart: read access to unknown register 0x"
- TARGET_FMT_plx, addr << 2);
- break;
- }
-
- trace_milkymist_uart_memory_read(addr << 2, r);
-
- return r;
-}
-
-static void uart_write(void *opaque, hwaddr addr, uint64_t value,
- unsigned size)
-{
- MilkymistUartState *s = opaque;
- unsigned char ch = value;
-
- trace_milkymist_uart_memory_write(addr, value);
-
- addr >>= 2;
- switch (addr) {
- case R_RXTX:
- if (s->chr) {
- qemu_chr_fe_write(s->chr, &ch, 1);
- }
- s->regs[R_STAT] |= STAT_TX_EVT;
- break;
- case R_DIV:
- case R_CTRL:
- case R_DBG:
- s->regs[addr] = value;
- break;
-
- case R_STAT:
- /* write one to clear bits */
- s->regs[addr] &= ~(value & (STAT_RX_EVT | STAT_TX_EVT));
- break;
-
- default:
- error_report("milkymist_uart: write access to unknown register 0x"
- TARGET_FMT_plx, addr << 2);
- break;
- }
-
- uart_update_irq(s);
-}
-
-static const MemoryRegionOps uart_mmio_ops = {
- .read = uart_read,
- .write = uart_write,
- .valid = {
- .min_access_size = 4,
- .max_access_size = 4,
- },
- .endianness = DEVICE_NATIVE_ENDIAN,
-};
-
-static void uart_rx(void *opaque, const uint8_t *buf, int size)
-{
- MilkymistUartState *s = opaque;
-
- assert(!(s->regs[R_STAT] & STAT_RX_EVT));
-
- s->regs[R_STAT] |= STAT_RX_EVT;
- s->regs[R_RXTX] = *buf;
-
- uart_update_irq(s);
-}
-
-static int uart_can_rx(void *opaque)
-{
- MilkymistUartState *s = opaque;
-
- return !(s->regs[R_STAT] & STAT_RX_EVT);
-}
-
-static void uart_event(void *opaque, int event)
-{
-}
-
-static void milkymist_uart_reset(DeviceState *d)
-{
- MilkymistUartState *s = container_of(d, MilkymistUartState, busdev.qdev);
- int i;
-
- for (i = 0; i < R_MAX; i++) {
- s->regs[i] = 0;
- }
-
- /* THRE is always set */
- s->regs[R_STAT] = STAT_THRE;
-}
-
-static int milkymist_uart_init(SysBusDevice *dev)
-{
- MilkymistUartState *s = FROM_SYSBUS(typeof(*s), dev);
-
- sysbus_init_irq(dev, &s->irq);
-
- memory_region_init_io(&s->regs_region, &uart_mmio_ops, s,
- "milkymist-uart", R_MAX * 4);
- sysbus_init_mmio(dev, &s->regs_region);
-
- s->chr = qemu_char_get_next_serial();
- if (s->chr) {
- qemu_chr_add_handlers(s->chr, uart_can_rx, uart_rx, uart_event, s);
- }
-
- return 0;
-}
-
-static const VMStateDescription vmstate_milkymist_uart = {
- .name = "milkymist-uart",
- .version_id = 1,
- .minimum_version_id = 1,
- .minimum_version_id_old = 1,
- .fields = (VMStateField[]) {
- VMSTATE_UINT32_ARRAY(regs, MilkymistUartState, R_MAX),
- VMSTATE_END_OF_LIST()
- }
-};
-
-static void milkymist_uart_class_init(ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS(klass);
- SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
-
- k->init = milkymist_uart_init;
- dc->reset = milkymist_uart_reset;
- dc->vmsd = &vmstate_milkymist_uart;
-}
-
-static TypeInfo milkymist_uart_info = {
- .name = "milkymist-uart",
- .parent = TYPE_SYS_BUS_DEVICE,
- .instance_size = sizeof(MilkymistUartState),
- .class_init = milkymist_uart_class_init,
-};
-
-static void milkymist_uart_register_types(void)
-{
- type_register_static(&milkymist_uart_info);
-}
-
-type_init(milkymist_uart_register_types)
diff --git a/hw/milkymist-vgafb.c b/hw/milkymist-vgafb.c
deleted file mode 100644
index 833881cc6..000000000
--- a/hw/milkymist-vgafb.c
+++ /dev/null
@@ -1,334 +0,0 @@
-
-/*
- * QEMU model of the Milkymist VGA framebuffer.
- *
- * Copyright (c) 2010-2012 Michael Walle <michael@walle.cc>
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, see <http://www.gnu.org/licenses/>.
- *
- *
- * Specification available at:
- * http://www.milkymist.org/socdoc/vgafb.pdf
- */
-
-#include "hw.h"
-#include "sysbus.h"
-#include "trace.h"
-#include "console.h"
-#include "framebuffer.h"
-#include "pixel_ops.h"
-#include "qemu-error.h"
-
-#define BITS 8
-#include "milkymist-vgafb_template.h"
-#define BITS 15
-#include "milkymist-vgafb_template.h"
-#define BITS 16
-#include "milkymist-vgafb_template.h"
-#define BITS 24
-#include "milkymist-vgafb_template.h"
-#define BITS 32
-#include "milkymist-vgafb_template.h"
-
-enum {
- R_CTRL = 0,
- R_HRES,
- R_HSYNC_START,
- R_HSYNC_END,
- R_HSCAN,
- R_VRES,
- R_VSYNC_START,
- R_VSYNC_END,
- R_VSCAN,
- R_BASEADDRESS,
- R_BASEADDRESS_ACT,
- R_BURST_COUNT,
- R_DDC,
- R_SOURCE_CLOCK,
- R_MAX
-};
-
-enum {
- CTRL_RESET = (1<<0),
-};
-
-struct MilkymistVgafbState {
- SysBusDevice busdev;
- MemoryRegion regs_region;
- DisplayState *ds;
-
- int invalidate;
- uint32_t fb_offset;
- uint32_t fb_mask;
-
- uint32_t regs[R_MAX];
-};
-typedef struct MilkymistVgafbState MilkymistVgafbState;
-
-static int vgafb_enabled(MilkymistVgafbState *s)
-{
- return !(s->regs[R_CTRL] & CTRL_RESET);
-}
-
-static void vgafb_update_display(void *opaque)
-{
- MilkymistVgafbState *s = opaque;
- int first = 0;
- int last = 0;
- drawfn fn;
-
- if (!vgafb_enabled(s)) {
- return;
- }
-
- int dest_width = s->regs[R_HRES];
-
- switch (ds_get_bits_per_pixel(s->ds)) {
- case 0:
- return;
- case 8:
- fn = draw_line_8;
- break;
- case 15:
- fn = draw_line_15;
- dest_width *= 2;
- break;
- case 16:
- fn = draw_line_16;
- dest_width *= 2;
- break;
- case 24:
- fn = draw_line_24;
- dest_width *= 3;
- break;
- case 32:
- fn = draw_line_32;
- dest_width *= 4;
- break;
- default:
- hw_error("milkymist_vgafb: bad color depth\n");
- break;
- }
-
- framebuffer_update_display(s->ds, sysbus_address_space(&s->busdev),
- s->regs[R_BASEADDRESS] + s->fb_offset,
- s->regs[R_HRES],
- s->regs[R_VRES],
- s->regs[R_HRES] * 2,
- dest_width,
- 0,
- s->invalidate,
- fn,
- NULL,
- &first, &last);
-
- if (first >= 0) {
- dpy_gfx_update(s->ds, 0, first, s->regs[R_HRES], last - first + 1);
- }
- s->invalidate = 0;
-}
-
-static void vgafb_invalidate_display(void *opaque)
-{
- MilkymistVgafbState *s = opaque;
- s->invalidate = 1;
-}
-
-static void vgafb_resize(MilkymistVgafbState *s)
-{
- if (!vgafb_enabled(s)) {
- return;
- }
-
- qemu_console_resize(s->ds, s->regs[R_HRES], s->regs[R_VRES]);
- s->invalidate = 1;
-}
-
-static uint64_t vgafb_read(void *opaque, hwaddr addr,
- unsigned size)
-{
- MilkymistVgafbState *s = opaque;
- uint32_t r = 0;
-
- addr >>= 2;
- switch (addr) {
- case R_CTRL:
- case R_HRES:
- case R_HSYNC_START:
- case R_HSYNC_END:
- case R_HSCAN:
- case R_VRES:
- case R_VSYNC_START:
- case R_VSYNC_END:
- case R_VSCAN:
- case R_BASEADDRESS:
- case R_BURST_COUNT:
- case R_DDC:
- case R_SOURCE_CLOCK:
- r = s->regs[addr];
- break;
- case R_BASEADDRESS_ACT:
- r = s->regs[R_BASEADDRESS];
- break;
-
- default:
- error_report("milkymist_vgafb: read access to unknown register 0x"
- TARGET_FMT_plx, addr << 2);
- break;
- }
-
- trace_milkymist_vgafb_memory_read(addr << 2, r);
-
- return r;
-}
-
-static void vgafb_write(void *opaque, hwaddr addr, uint64_t value,
- unsigned size)
-{
- MilkymistVgafbState *s = opaque;
-
- trace_milkymist_vgafb_memory_write(addr, value);
-
- addr >>= 2;
- switch (addr) {
- case R_CTRL:
- s->regs[addr] = value;
- vgafb_resize(s);
- break;
- case R_HSYNC_START:
- case R_HSYNC_END:
- case R_HSCAN:
- case R_VSYNC_START:
- case R_VSYNC_END:
- case R_VSCAN:
- case R_BURST_COUNT:
- case R_DDC:
- case R_SOURCE_CLOCK:
- s->regs[addr] = value;
- break;
- case R_BASEADDRESS:
- if (value & 0x1f) {
- error_report("milkymist_vgafb: framebuffer base address have to "
- "be 32 byte aligned");
- break;
- }
- s->regs[addr] = value & s->fb_mask;
- s->invalidate = 1;
- break;
- case R_HRES:
- case R_VRES:
- s->regs[addr] = value;
- vgafb_resize(s);
- break;
- case R_BASEADDRESS_ACT:
- error_report("milkymist_vgafb: write to read-only register 0x"
- TARGET_FMT_plx, addr << 2);
- break;
-
- default:
- error_report("milkymist_vgafb: write access to unknown register 0x"
- TARGET_FMT_plx, addr << 2);
- break;
- }
-}
-
-static const MemoryRegionOps vgafb_mmio_ops = {
- .read = vgafb_read,
- .write = vgafb_write,
- .valid = {
- .min_access_size = 4,
- .max_access_size = 4,
- },
- .endianness = DEVICE_NATIVE_ENDIAN,
-};
-
-static void milkymist_vgafb_reset(DeviceState *d)
-{
- MilkymistVgafbState *s = container_of(d, MilkymistVgafbState, busdev.qdev);
- int i;
-
- for (i = 0; i < R_MAX; i++) {
- s->regs[i] = 0;
- }
-
- /* defaults */
- s->regs[R_CTRL] = CTRL_RESET;
- s->regs[R_HRES] = 640;
- s->regs[R_VRES] = 480;
- s->regs[R_BASEADDRESS] = 0;
-}
-
-static int milkymist_vgafb_init(SysBusDevice *dev)
-{
- MilkymistVgafbState *s = FROM_SYSBUS(typeof(*s), dev);
-
- memory_region_init_io(&s->regs_region, &vgafb_mmio_ops, s,
- "milkymist-vgafb", R_MAX * 4);
- sysbus_init_mmio(dev, &s->regs_region);
-
- s->ds = graphic_console_init(vgafb_update_display,
- vgafb_invalidate_display,
- NULL, NULL, s);
-
- return 0;
-}
-
-static int vgafb_post_load(void *opaque, int version_id)
-{
- vgafb_invalidate_display(opaque);
- return 0;
-}
-
-static const VMStateDescription vmstate_milkymist_vgafb = {
- .name = "milkymist-vgafb",
- .version_id = 1,
- .minimum_version_id = 1,
- .minimum_version_id_old = 1,
- .post_load = vgafb_post_load,
- .fields = (VMStateField[]) {
- VMSTATE_UINT32_ARRAY(regs, MilkymistVgafbState, R_MAX),
- VMSTATE_END_OF_LIST()
- }
-};
-
-static Property milkymist_vgafb_properties[] = {
- DEFINE_PROP_UINT32("fb_offset", MilkymistVgafbState, fb_offset, 0x0),
- DEFINE_PROP_UINT32("fb_mask", MilkymistVgafbState, fb_mask, 0xffffffff),
- DEFINE_PROP_END_OF_LIST(),
-};
-
-static void milkymist_vgafb_class_init(ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS(klass);
- SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
-
- k->init = milkymist_vgafb_init;
- dc->reset = milkymist_vgafb_reset;
- dc->vmsd = &vmstate_milkymist_vgafb;
- dc->props = milkymist_vgafb_properties;
-}
-
-static TypeInfo milkymist_vgafb_info = {
- .name = "milkymist-vgafb",
- .parent = TYPE_SYS_BUS_DEVICE,
- .instance_size = sizeof(MilkymistVgafbState),
- .class_init = milkymist_vgafb_class_init,
-};
-
-static void milkymist_vgafb_register_types(void)
-{
- type_register_static(&milkymist_vgafb_info);
-}
-
-type_init(milkymist_vgafb_register_types)
diff --git a/hw/milkymist-vgafb_template.h b/hw/milkymist-vgafb_template.h
deleted file mode 100644
index 1d33ee8b5..000000000
--- a/hw/milkymist-vgafb_template.h
+++ /dev/null
@@ -1,74 +0,0 @@
-/*
- * QEMU model of the Milkymist VGA framebuffer.
- *
- * Copyright (c) 2010 Michael Walle <michael@walle.cc>
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, see <http://www.gnu.org/licenses/>.
- *
- */
-
-#if BITS == 8
-#define COPY_PIXEL(to, r, g, b) \
- do { \
- *to = rgb_to_pixel8(r, g, b); \
- to += 1; \
- } while (0)
-#elif BITS == 15
-#define COPY_PIXEL(to, r, g, b) \
- do { \
- *(uint16_t *)to = rgb_to_pixel15(r, g, b); \
- to += 2; \
- } while (0)
-#elif BITS == 16
-#define COPY_PIXEL(to, r, g, b) \
- do { \
- *(uint16_t *)to = rgb_to_pixel16(r, g, b); \
- to += 2; \
- } while (0)
-#elif BITS == 24
-#define COPY_PIXEL(to, r, g, b) \
- do { \
- uint32_t tmp = rgb_to_pixel24(r, g, b); \
- *(to++) = tmp & 0xff; \
- *(to++) = (tmp >> 8) & 0xff; \
- *(to++) = (tmp >> 16) & 0xff; \
- } while (0)
-#elif BITS == 32
-#define COPY_PIXEL(to, r, g, b) \
- do { \
- *(uint32_t *)to = rgb_to_pixel32(r, g, b); \
- to += 4; \
- } while (0)
-#else
-#error unknown bit depth
-#endif
-
-static void glue(draw_line_, BITS)(void *opaque, uint8_t *d, const uint8_t *s,
- int width, int deststep)
-{
- uint16_t rgb565;
- uint8_t r, g, b;
-
- while (width--) {
- rgb565 = lduw_raw(s);
- r = ((rgb565 >> 11) & 0x1f) << 3;
- g = ((rgb565 >> 5) & 0x3f) << 2;
- b = ((rgb565 >> 0) & 0x1f) << 3;
- COPY_PIXEL(d, r, g, b);
- s += 2;
- }
-}
-
-#undef BITS
-#undef COPY_PIXEL
diff --git a/hw/milkymist.c b/hw/milkymist.c
deleted file mode 100644
index 4c8111a74..000000000
--- a/hw/milkymist.c
+++ /dev/null
@@ -1,218 +0,0 @@
-/*
- * QEMU model for the Milkymist board.
- *
- * Copyright (c) 2010 Michael Walle <michael@walle.cc>
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, see <http://www.gnu.org/licenses/>.
- */
-
-#include "sysbus.h"
-#include "hw.h"
-#include "net.h"
-#include "flash.h"
-#include "sysemu.h"
-#include "devices.h"
-#include "boards.h"
-#include "loader.h"
-#include "elf.h"
-#include "blockdev.h"
-#include "milkymist-hw.h"
-#include "lm32.h"
-#include "exec-memory.h"
-
-#define BIOS_FILENAME "mmone-bios.bin"
-#define BIOS_OFFSET 0x00860000
-#define BIOS_SIZE (512*1024)
-#define KERNEL_LOAD_ADDR 0x40000000
-
-typedef struct {
- LM32CPU *cpu;
- hwaddr bootstrap_pc;
- hwaddr flash_base;
- hwaddr initrd_base;
- size_t initrd_size;
- hwaddr cmdline_base;
-} ResetInfo;
-
-static void cpu_irq_handler(void *opaque, int irq, int level)
-{
- CPULM32State *env = opaque;
-
- if (level) {
- cpu_interrupt(env, CPU_INTERRUPT_HARD);
- } else {
- cpu_reset_interrupt(env, CPU_INTERRUPT_HARD);
- }
-}
-
-static void main_cpu_reset(void *opaque)
-{
- ResetInfo *reset_info = opaque;
- CPULM32State *env = &reset_info->cpu->env;
-
- cpu_reset(CPU(reset_info->cpu));
-
- /* init defaults */
- env->pc = reset_info->bootstrap_pc;
- env->regs[R_R1] = reset_info->cmdline_base;
- env->regs[R_R2] = reset_info->initrd_base;
- env->regs[R_R3] = reset_info->initrd_base + reset_info->initrd_size;
- env->eba = reset_info->flash_base;
- env->deba = reset_info->flash_base;
-}
-
-static void
-milkymist_init(QEMUMachineInitArgs *args)
-{
- const char *cpu_model = args->cpu_model;
- const char *kernel_filename = args->kernel_filename;
- const char *kernel_cmdline = args->kernel_cmdline;
- const char *initrd_filename = args->initrd_filename;
- LM32CPU *cpu;
- CPULM32State *env;
- int kernel_size;
- DriveInfo *dinfo;
- MemoryRegion *address_space_mem = get_system_memory();
- MemoryRegion *phys_sdram = g_new(MemoryRegion, 1);
- qemu_irq irq[32], *cpu_irq;
- int i;
- char *bios_filename;
- ResetInfo *reset_info;
-
- /* memory map */
- hwaddr flash_base = 0x00000000;
- size_t flash_sector_size = 128 * 1024;
- size_t flash_size = 32 * 1024 * 1024;
- hwaddr sdram_base = 0x40000000;
- size_t sdram_size = 128 * 1024 * 1024;
-
- hwaddr initrd_base = sdram_base + 0x1002000;
- hwaddr cmdline_base = sdram_base + 0x1000000;
- size_t initrd_max = sdram_size - 0x1002000;
-
- reset_info = g_malloc0(sizeof(ResetInfo));
-
- if (cpu_model == NULL) {
- cpu_model = "lm32-full";
- }
- cpu = cpu_lm32_init(cpu_model);
- env = &cpu->env;
- reset_info->cpu = cpu;
-
- cpu_lm32_set_phys_msb_ignore(env, 1);
-
- memory_region_init_ram(phys_sdram, "milkymist.sdram", sdram_size);
- vmstate_register_ram_global(phys_sdram);
- memory_region_add_subregion(address_space_mem, sdram_base, phys_sdram);
-
- dinfo = drive_get(IF_PFLASH, 0, 0);
- /* Numonyx JS28F256J3F105 */
- pflash_cfi01_register(flash_base, NULL, "milkymist.flash", flash_size,
- dinfo ? dinfo->bdrv : NULL, flash_sector_size,
- flash_size / flash_sector_size, 2,
- 0x00, 0x89, 0x00, 0x1d, 1);
-
- /* create irq lines */
- cpu_irq = qemu_allocate_irqs(cpu_irq_handler, env, 1);
- env->pic_state = lm32_pic_init(*cpu_irq);
- for (i = 0; i < 32; i++) {
- irq[i] = qdev_get_gpio_in(env->pic_state, i);
- }
-
- /* load bios rom */
- if (bios_name == NULL) {
- bios_name = BIOS_FILENAME;
- }
- bios_filename = qemu_find_file(QEMU_FILE_TYPE_BIOS, bios_name);
-
- if (bios_filename) {
- load_image_targphys(bios_filename, BIOS_OFFSET, BIOS_SIZE);
- }
-
- reset_info->bootstrap_pc = BIOS_OFFSET;
-
- /* if no kernel is given no valid bios rom is a fatal error */
- if (!kernel_filename && !dinfo && !bios_filename) {
- fprintf(stderr, "qemu: could not load Milkymist One bios '%s'\n",
- bios_name);
- exit(1);
- }
-
- milkymist_uart_create(0x60000000, irq[0]);
- milkymist_sysctl_create(0x60001000, irq[1], irq[2], irq[3],
- 80000000, 0x10014d31, 0x0000041f, 0x00000001);
- milkymist_hpdmc_create(0x60002000);
- milkymist_vgafb_create(0x60003000, 0x40000000, 0x0fffffff);
- milkymist_memcard_create(0x60004000);
- milkymist_ac97_create(0x60005000, irq[4], irq[5], irq[6], irq[7]);
- milkymist_pfpu_create(0x60006000, irq[8]);
- milkymist_tmu2_create(0x60007000, irq[9]);
- milkymist_minimac2_create(0x60008000, 0x30000000, irq[10], irq[11]);
- milkymist_softusb_create(0x6000f000, irq[15],
- 0x20000000, 0x1000, 0x20020000, 0x2000);
-
- /* make sure juart isn't the first chardev */
- env->juart_state = lm32_juart_init();
-
- if (kernel_filename) {
- uint64_t entry;
-
- /* Boots a kernel elf binary. */
- kernel_size = load_elf(kernel_filename, NULL, NULL, &entry, NULL, NULL,
- 1, ELF_MACHINE, 0);
- reset_info->bootstrap_pc = entry;
-
- if (kernel_size < 0) {
- kernel_size = load_image_targphys(kernel_filename, sdram_base,
- sdram_size);
- reset_info->bootstrap_pc = sdram_base;
- }
-
- if (kernel_size < 0) {
- fprintf(stderr, "qemu: could not load kernel '%s'\n",
- kernel_filename);
- exit(1);
- }
- }
-
- if (kernel_cmdline && strlen(kernel_cmdline)) {
- pstrcpy_targphys("cmdline", cmdline_base, TARGET_PAGE_SIZE,
- kernel_cmdline);
- reset_info->cmdline_base = (uint32_t)cmdline_base;
- }
-
- if (initrd_filename) {
- size_t initrd_size;
- initrd_size = load_image_targphys(initrd_filename, initrd_base,
- initrd_max);
- reset_info->initrd_base = (uint32_t)initrd_base;
- reset_info->initrd_size = (uint32_t)initrd_size;
- }
-
- qemu_register_reset(main_cpu_reset, reset_info);
-}
-
-static QEMUMachine milkymist_machine = {
- .name = "milkymist",
- .desc = "Milkymist One",
- .init = milkymist_init,
- .is_default = 0
-};
-
-static void milkymist_machine_init(void)
-{
- qemu_register_machine(&milkymist_machine);
-}
-
-machine_init(milkymist_machine_init);
diff --git a/hw/mips-bios.h b/hw/mips-bios.h
deleted file mode 100644
index b4b88ac43..000000000
--- a/hw/mips-bios.h
+++ /dev/null
@@ -1,8 +0,0 @@
-#include "cpu.h"
-
-#define BIOS_SIZE (4 * 1024 * 1024)
-#ifdef TARGET_WORDS_BIGENDIAN
-#define BIOS_FILENAME "mips_bios.bin"
-#else
-#define BIOS_FILENAME "mipsel_bios.bin"
-#endif
diff --git a/hw/mips.h b/hw/mips.h
deleted file mode 100644
index f7e9b7e2c..000000000
--- a/hw/mips.h
+++ /dev/null
@@ -1,29 +0,0 @@
-#ifndef HW_MIPS_H
-#define HW_MIPS_H
-/* Definitions for mips board emulation. */
-
-#include "memory.h"
-
-/* gt64xxx.c */
-PCIBus *gt64120_register(qemu_irq *pic);
-
-/* bonito.c */
-PCIBus *bonito_init(qemu_irq *pic);
-
-/* rc4030.c */
-typedef struct rc4030DMAState *rc4030_dma;
-void rc4030_dma_memory_rw(void *opaque, hwaddr addr, uint8_t *buf, int len, int is_write);
-void rc4030_dma_read(void *dma, uint8_t *buf, int len);
-void rc4030_dma_write(void *dma, uint8_t *buf, int len);
-
-void *rc4030_init(qemu_irq timer, qemu_irq jazz_bus,
- qemu_irq **irqs, rc4030_dma **dmas,
- MemoryRegion *sysmem);
-
-/* dp8393x.c */
-void dp83932_init(NICInfo *nd, hwaddr base, int it_shift,
- MemoryRegion *address_space,
- qemu_irq irq, void* mem_opaque,
- void (*memory_rw)(void *opaque, hwaddr addr, uint8_t *buf, int len, int is_write));
-
-#endif
diff --git a/hw/mips/Makefile.objs b/hw/mips/Makefile.objs
index 29a5d0db0..0a652f852 100644
--- a/hw/mips/Makefile.objs
+++ b/hw/mips/Makefile.objs
@@ -1,6 +1,4 @@
-obj-y = mips_r4k.o mips_jazz.o mips_malta.o mips_mipssim.o
-obj-y += mips_addr.o mips_timer.o mips_int.o
-obj-y += gt64xxx.o mc146818rtc.o
-obj-$(CONFIG_FULONG) += bonito.o vt82c686.o mips_fulong2e.o
-
-obj-y := $(addprefix ../,$(obj-y))
+obj-y += mips_r4k.o mips_jazz.o mips_malta.o mips_mipssim.o
+obj-y += addr.o cputimer.o mips_int.o
+obj-$(CONFIG_FULONG) += mips_fulong2e.o
+obj-y += gt64xxx_pci.o
diff --git a/hw/mips/addr.c b/hw/mips/addr.c
new file mode 100644
index 000000000..99488f1d2
--- /dev/null
+++ b/hw/mips/addr.c
@@ -0,0 +1,34 @@
+/*
+ * QEMU MIPS address translation support
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+#include "hw/hw.h"
+#include "hw/mips/cpudevs.h"
+
+uint64_t cpu_mips_kseg0_to_phys(void *opaque, uint64_t addr)
+{
+ return addr & 0x7fffffffll;
+}
+
+uint64_t cpu_mips_phys_to_kseg0(void *opaque, uint64_t addr)
+{
+ return addr | ~0x7fffffffll;
+}
diff --git a/hw/mips/cputimer.c b/hw/mips/cputimer.c
new file mode 100644
index 000000000..e0266bf15
--- /dev/null
+++ b/hw/mips/cputimer.c
@@ -0,0 +1,147 @@
+/*
+ * QEMU MIPS timer support
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+#include "hw/hw.h"
+#include "hw/mips/cpudevs.h"
+#include "qemu/timer.h"
+
+#define TIMER_FREQ 100 * 1000 * 1000
+
+/* XXX: do not use a global */
+uint32_t cpu_mips_get_random (CPUMIPSState *env)
+{
+ static uint32_t lfsr = 1;
+ static uint32_t prev_idx = 0;
+ uint32_t idx;
+ /* Don't return same value twice, so get another value */
+ do {
+ lfsr = (lfsr >> 1) ^ (-(lfsr & 1u) & 0xd0000001u);
+ idx = lfsr % (env->tlb->nb_tlb - env->CP0_Wired) + env->CP0_Wired;
+ } while (idx == prev_idx);
+ prev_idx = idx;
+ return idx;
+}
+
+/* MIPS R4K timer */
+static void cpu_mips_timer_update(CPUMIPSState *env)
+{
+ uint64_t now, next;
+ uint32_t wait;
+
+ now = qemu_get_clock_ns(vm_clock);
+ wait = env->CP0_Compare - env->CP0_Count -
+ (uint32_t)muldiv64(now, TIMER_FREQ, get_ticks_per_sec());
+ next = now + muldiv64(wait, get_ticks_per_sec(), TIMER_FREQ);
+ qemu_mod_timer(env->timer, next);
+}
+
+/* Expire the timer. */
+static void cpu_mips_timer_expire(CPUMIPSState *env)
+{
+ cpu_mips_timer_update(env);
+ if (env->insn_flags & ISA_MIPS32R2) {
+ env->CP0_Cause |= 1 << CP0Ca_TI;
+ }
+ qemu_irq_raise(env->irq[(env->CP0_IntCtl >> CP0IntCtl_IPTI) & 0x7]);
+}
+
+uint32_t cpu_mips_get_count (CPUMIPSState *env)
+{
+ if (env->CP0_Cause & (1 << CP0Ca_DC)) {
+ return env->CP0_Count;
+ } else {
+ uint64_t now;
+
+ now = qemu_get_clock_ns(vm_clock);
+ if (qemu_timer_pending(env->timer)
+ && qemu_timer_expired(env->timer, now)) {
+ /* The timer has already expired. */
+ cpu_mips_timer_expire(env);
+ }
+
+ return env->CP0_Count +
+ (uint32_t)muldiv64(now, TIMER_FREQ, get_ticks_per_sec());
+ }
+}
+
+void cpu_mips_store_count (CPUMIPSState *env, uint32_t count)
+{
+ if (env->CP0_Cause & (1 << CP0Ca_DC))
+ env->CP0_Count = count;
+ else {
+ /* Store new count register */
+ env->CP0_Count =
+ count - (uint32_t)muldiv64(qemu_get_clock_ns(vm_clock),
+ TIMER_FREQ, get_ticks_per_sec());
+ /* Update timer timer */
+ cpu_mips_timer_update(env);
+ }
+}
+
+void cpu_mips_store_compare (CPUMIPSState *env, uint32_t value)
+{
+ env->CP0_Compare = value;
+ if (!(env->CP0_Cause & (1 << CP0Ca_DC)))
+ cpu_mips_timer_update(env);
+ if (env->insn_flags & ISA_MIPS32R2)
+ env->CP0_Cause &= ~(1 << CP0Ca_TI);
+ qemu_irq_lower(env->irq[(env->CP0_IntCtl >> CP0IntCtl_IPTI) & 0x7]);
+}
+
+void cpu_mips_start_count(CPUMIPSState *env)
+{
+ cpu_mips_store_count(env, env->CP0_Count);
+}
+
+void cpu_mips_stop_count(CPUMIPSState *env)
+{
+ /* Store the current value */
+ env->CP0_Count += (uint32_t)muldiv64(qemu_get_clock_ns(vm_clock),
+ TIMER_FREQ, get_ticks_per_sec());
+}
+
+static void mips_timer_cb (void *opaque)
+{
+ CPUMIPSState *env;
+
+ env = opaque;
+#if 0
+ qemu_log("%s\n", __func__);
+#endif
+
+ if (env->CP0_Cause & (1 << CP0Ca_DC))
+ return;
+
+ /* ??? This callback should occur when the counter is exactly equal to
+ the comparator value. Offset the count by one to avoid immediately
+ retriggering the callback before any virtual time has passed. */
+ env->CP0_Count++;
+ cpu_mips_timer_expire(env);
+ env->CP0_Count--;
+}
+
+void cpu_mips_clock_init (CPUMIPSState *env)
+{
+ env->timer = qemu_new_timer_ns(vm_clock, &mips_timer_cb, env);
+ env->CP0_Compare = 0;
+ cpu_mips_store_count(env, 1);
+}
diff --git a/hw/mips/gt64xxx_pci.c b/hw/mips/gt64xxx_pci.c
new file mode 100644
index 000000000..3da2e6709
--- /dev/null
+++ b/hw/mips/gt64xxx_pci.c
@@ -0,0 +1,1189 @@
+/*
+ * QEMU GT64120 PCI host
+ *
+ * Copyright (c) 2006,2007 Aurelien Jarno
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+#include "hw/hw.h"
+#include "hw/mips/mips.h"
+#include "hw/pci/pci.h"
+#include "hw/pci/pci_host.h"
+#include "hw/i386/pc.h"
+#include "exec/address-spaces.h"
+
+//#define DEBUG
+
+#ifdef DEBUG
+#define DPRINTF(fmt, ...) fprintf(stderr, "%s: " fmt, __FUNCTION__, ##__VA_ARGS__)
+#else
+#define DPRINTF(fmt, ...)
+#endif
+
+#define GT_REGS (0x1000 >> 2)
+
+/* CPU Configuration */
+#define GT_CPU (0x000 >> 2)
+#define GT_MULTI (0x120 >> 2)
+
+/* CPU Address Decode */
+#define GT_SCS10LD (0x008 >> 2)
+#define GT_SCS10HD (0x010 >> 2)
+#define GT_SCS32LD (0x018 >> 2)
+#define GT_SCS32HD (0x020 >> 2)
+#define GT_CS20LD (0x028 >> 2)
+#define GT_CS20HD (0x030 >> 2)
+#define GT_CS3BOOTLD (0x038 >> 2)
+#define GT_CS3BOOTHD (0x040 >> 2)
+#define GT_PCI0IOLD (0x048 >> 2)
+#define GT_PCI0IOHD (0x050 >> 2)
+#define GT_PCI0M0LD (0x058 >> 2)
+#define GT_PCI0M0HD (0x060 >> 2)
+#define GT_PCI0M1LD (0x080 >> 2)
+#define GT_PCI0M1HD (0x088 >> 2)
+#define GT_PCI1IOLD (0x090 >> 2)
+#define GT_PCI1IOHD (0x098 >> 2)
+#define GT_PCI1M0LD (0x0a0 >> 2)
+#define GT_PCI1M0HD (0x0a8 >> 2)
+#define GT_PCI1M1LD (0x0b0 >> 2)
+#define GT_PCI1M1HD (0x0b8 >> 2)
+#define GT_ISD (0x068 >> 2)
+
+#define GT_SCS10AR (0x0d0 >> 2)
+#define GT_SCS32AR (0x0d8 >> 2)
+#define GT_CS20R (0x0e0 >> 2)
+#define GT_CS3BOOTR (0x0e8 >> 2)
+
+#define GT_PCI0IOREMAP (0x0f0 >> 2)
+#define GT_PCI0M0REMAP (0x0f8 >> 2)
+#define GT_PCI0M1REMAP (0x100 >> 2)
+#define GT_PCI1IOREMAP (0x108 >> 2)
+#define GT_PCI1M0REMAP (0x110 >> 2)
+#define GT_PCI1M1REMAP (0x118 >> 2)
+
+/* CPU Error Report */
+#define GT_CPUERR_ADDRLO (0x070 >> 2)
+#define GT_CPUERR_ADDRHI (0x078 >> 2)
+#define GT_CPUERR_DATALO (0x128 >> 2) /* GT-64120A only */
+#define GT_CPUERR_DATAHI (0x130 >> 2) /* GT-64120A only */
+#define GT_CPUERR_PARITY (0x138 >> 2) /* GT-64120A only */
+
+/* CPU Sync Barrier */
+#define GT_PCI0SYNC (0x0c0 >> 2)
+#define GT_PCI1SYNC (0x0c8 >> 2)
+
+/* SDRAM and Device Address Decode */
+#define GT_SCS0LD (0x400 >> 2)
+#define GT_SCS0HD (0x404 >> 2)
+#define GT_SCS1LD (0x408 >> 2)
+#define GT_SCS1HD (0x40c >> 2)
+#define GT_SCS2LD (0x410 >> 2)
+#define GT_SCS2HD (0x414 >> 2)
+#define GT_SCS3LD (0x418 >> 2)
+#define GT_SCS3HD (0x41c >> 2)
+#define GT_CS0LD (0x420 >> 2)
+#define GT_CS0HD (0x424 >> 2)
+#define GT_CS1LD (0x428 >> 2)
+#define GT_CS1HD (0x42c >> 2)
+#define GT_CS2LD (0x430 >> 2)
+#define GT_CS2HD (0x434 >> 2)
+#define GT_CS3LD (0x438 >> 2)
+#define GT_CS3HD (0x43c >> 2)
+#define GT_BOOTLD (0x440 >> 2)
+#define GT_BOOTHD (0x444 >> 2)
+#define GT_ADERR (0x470 >> 2)
+
+/* SDRAM Configuration */
+#define GT_SDRAM_CFG (0x448 >> 2)
+#define GT_SDRAM_OPMODE (0x474 >> 2)
+#define GT_SDRAM_BM (0x478 >> 2)
+#define GT_SDRAM_ADDRDECODE (0x47c >> 2)
+
+/* SDRAM Parameters */
+#define GT_SDRAM_B0 (0x44c >> 2)
+#define GT_SDRAM_B1 (0x450 >> 2)
+#define GT_SDRAM_B2 (0x454 >> 2)
+#define GT_SDRAM_B3 (0x458 >> 2)
+
+/* Device Parameters */
+#define GT_DEV_B0 (0x45c >> 2)
+#define GT_DEV_B1 (0x460 >> 2)
+#define GT_DEV_B2 (0x464 >> 2)
+#define GT_DEV_B3 (0x468 >> 2)
+#define GT_DEV_BOOT (0x46c >> 2)
+
+/* ECC */
+#define GT_ECC_ERRDATALO (0x480 >> 2) /* GT-64120A only */
+#define GT_ECC_ERRDATAHI (0x484 >> 2) /* GT-64120A only */
+#define GT_ECC_MEM (0x488 >> 2) /* GT-64120A only */
+#define GT_ECC_CALC (0x48c >> 2) /* GT-64120A only */
+#define GT_ECC_ERRADDR (0x490 >> 2) /* GT-64120A only */
+
+/* DMA Record */
+#define GT_DMA0_CNT (0x800 >> 2)
+#define GT_DMA1_CNT (0x804 >> 2)
+#define GT_DMA2_CNT (0x808 >> 2)
+#define GT_DMA3_CNT (0x80c >> 2)
+#define GT_DMA0_SA (0x810 >> 2)
+#define GT_DMA1_SA (0x814 >> 2)
+#define GT_DMA2_SA (0x818 >> 2)
+#define GT_DMA3_SA (0x81c >> 2)
+#define GT_DMA0_DA (0x820 >> 2)
+#define GT_DMA1_DA (0x824 >> 2)
+#define GT_DMA2_DA (0x828 >> 2)
+#define GT_DMA3_DA (0x82c >> 2)
+#define GT_DMA0_NEXT (0x830 >> 2)
+#define GT_DMA1_NEXT (0x834 >> 2)
+#define GT_DMA2_NEXT (0x838 >> 2)
+#define GT_DMA3_NEXT (0x83c >> 2)
+#define GT_DMA0_CUR (0x870 >> 2)
+#define GT_DMA1_CUR (0x874 >> 2)
+#define GT_DMA2_CUR (0x878 >> 2)
+#define GT_DMA3_CUR (0x87c >> 2)
+
+/* DMA Channel Control */
+#define GT_DMA0_CTRL (0x840 >> 2)
+#define GT_DMA1_CTRL (0x844 >> 2)
+#define GT_DMA2_CTRL (0x848 >> 2)
+#define GT_DMA3_CTRL (0x84c >> 2)
+
+/* DMA Arbiter */
+#define GT_DMA_ARB (0x860 >> 2)
+
+/* Timer/Counter */
+#define GT_TC0 (0x850 >> 2)
+#define GT_TC1 (0x854 >> 2)
+#define GT_TC2 (0x858 >> 2)
+#define GT_TC3 (0x85c >> 2)
+#define GT_TC_CONTROL (0x864 >> 2)
+
+/* PCI Internal */
+#define GT_PCI0_CMD (0xc00 >> 2)
+#define GT_PCI0_TOR (0xc04 >> 2)
+#define GT_PCI0_BS_SCS10 (0xc08 >> 2)
+#define GT_PCI0_BS_SCS32 (0xc0c >> 2)
+#define GT_PCI0_BS_CS20 (0xc10 >> 2)
+#define GT_PCI0_BS_CS3BT (0xc14 >> 2)
+#define GT_PCI1_IACK (0xc30 >> 2)
+#define GT_PCI0_IACK (0xc34 >> 2)
+#define GT_PCI0_BARE (0xc3c >> 2)
+#define GT_PCI0_PREFMBR (0xc40 >> 2)
+#define GT_PCI0_SCS10_BAR (0xc48 >> 2)
+#define GT_PCI0_SCS32_BAR (0xc4c >> 2)
+#define GT_PCI0_CS20_BAR (0xc50 >> 2)
+#define GT_PCI0_CS3BT_BAR (0xc54 >> 2)
+#define GT_PCI0_SSCS10_BAR (0xc58 >> 2)
+#define GT_PCI0_SSCS32_BAR (0xc5c >> 2)
+#define GT_PCI0_SCS3BT_BAR (0xc64 >> 2)
+#define GT_PCI1_CMD (0xc80 >> 2)
+#define GT_PCI1_TOR (0xc84 >> 2)
+#define GT_PCI1_BS_SCS10 (0xc88 >> 2)
+#define GT_PCI1_BS_SCS32 (0xc8c >> 2)
+#define GT_PCI1_BS_CS20 (0xc90 >> 2)
+#define GT_PCI1_BS_CS3BT (0xc94 >> 2)
+#define GT_PCI1_BARE (0xcbc >> 2)
+#define GT_PCI1_PREFMBR (0xcc0 >> 2)
+#define GT_PCI1_SCS10_BAR (0xcc8 >> 2)
+#define GT_PCI1_SCS32_BAR (0xccc >> 2)
+#define GT_PCI1_CS20_BAR (0xcd0 >> 2)
+#define GT_PCI1_CS3BT_BAR (0xcd4 >> 2)
+#define GT_PCI1_SSCS10_BAR (0xcd8 >> 2)
+#define GT_PCI1_SSCS32_BAR (0xcdc >> 2)
+#define GT_PCI1_SCS3BT_BAR (0xce4 >> 2)
+#define GT_PCI1_CFGADDR (0xcf0 >> 2)
+#define GT_PCI1_CFGDATA (0xcf4 >> 2)
+#define GT_PCI0_CFGADDR (0xcf8 >> 2)
+#define GT_PCI0_CFGDATA (0xcfc >> 2)
+
+/* Interrupts */
+#define GT_INTRCAUSE (0xc18 >> 2)
+#define GT_INTRMASK (0xc1c >> 2)
+#define GT_PCI0_ICMASK (0xc24 >> 2)
+#define GT_PCI0_SERR0MASK (0xc28 >> 2)
+#define GT_CPU_INTSEL (0xc70 >> 2)
+#define GT_PCI0_INTSEL (0xc74 >> 2)
+#define GT_HINTRCAUSE (0xc98 >> 2)
+#define GT_HINTRMASK (0xc9c >> 2)
+#define GT_PCI0_HICMASK (0xca4 >> 2)
+#define GT_PCI1_SERR1MASK (0xca8 >> 2)
+
+#define PCI_MAPPING_ENTRY(regname) \
+ hwaddr regname ##_start; \
+ hwaddr regname ##_length; \
+ MemoryRegion regname ##_mem
+
+#define TYPE_GT64120_PCI_HOST_BRIDGE "gt64120"
+
+#define GT64120_PCI_HOST_BRIDGE(obj) \
+ OBJECT_CHECK(GT64120State, (obj), TYPE_GT64120_PCI_HOST_BRIDGE)
+
+typedef struct GT64120State {
+ PCIHostState parent_obj;
+
+ uint32_t regs[GT_REGS];
+ PCI_MAPPING_ENTRY(PCI0IO);
+ PCI_MAPPING_ENTRY(ISD);
+} GT64120State;
+
+/* Adjust range to avoid touching space which isn't mappable via PCI */
+/* XXX: Hardcoded values for Malta: 0x1e000000 - 0x1f100000
+ 0x1fc00000 - 0x1fd00000 */
+static void check_reserved_space (hwaddr *start,
+ hwaddr *length)
+{
+ hwaddr begin = *start;
+ hwaddr end = *start + *length;
+
+ if (end >= 0x1e000000LL && end < 0x1f100000LL)
+ end = 0x1e000000LL;
+ if (begin >= 0x1e000000LL && begin < 0x1f100000LL)
+ begin = 0x1f100000LL;
+ if (end >= 0x1fc00000LL && end < 0x1fd00000LL)
+ end = 0x1fc00000LL;
+ if (begin >= 0x1fc00000LL && begin < 0x1fd00000LL)
+ begin = 0x1fd00000LL;
+ /* XXX: This is broken when a reserved range splits the requested range */
+ if (end >= 0x1f100000LL && begin < 0x1e000000LL)
+ end = 0x1e000000LL;
+ if (end >= 0x1fd00000LL && begin < 0x1fc00000LL)
+ end = 0x1fc00000LL;
+
+ *start = begin;
+ *length = end - begin;
+}
+
+static void gt64120_isd_mapping(GT64120State *s)
+{
+ hwaddr start = s->regs[GT_ISD] << 21;
+ hwaddr length = 0x1000;
+
+ if (s->ISD_length) {
+ memory_region_del_subregion(get_system_memory(), &s->ISD_mem);
+ }
+ check_reserved_space(&start, &length);
+ length = 0x1000;
+ /* Map new address */
+ DPRINTF("ISD: "TARGET_FMT_plx"@"TARGET_FMT_plx
+ " -> "TARGET_FMT_plx"@"TARGET_FMT_plx"\n",
+ s->ISD_length, s->ISD_start, length, start);
+ s->ISD_start = start;
+ s->ISD_length = length;
+ memory_region_add_subregion(get_system_memory(), s->ISD_start, &s->ISD_mem);
+}
+
+static void gt64120_pci_mapping(GT64120State *s)
+{
+ /* Update IO mapping */
+ if ((s->regs[GT_PCI0IOLD] & 0x7f) <= s->regs[GT_PCI0IOHD])
+ {
+ /* Unmap old IO address */
+ if (s->PCI0IO_length)
+ {
+ memory_region_del_subregion(get_system_memory(), &s->PCI0IO_mem);
+ memory_region_destroy(&s->PCI0IO_mem);
+ }
+ /* Map new IO address */
+ s->PCI0IO_start = s->regs[GT_PCI0IOLD] << 21;
+ s->PCI0IO_length = ((s->regs[GT_PCI0IOHD] + 1) - (s->regs[GT_PCI0IOLD] & 0x7f)) << 21;
+ isa_mem_base = s->PCI0IO_start;
+ if (s->PCI0IO_length) {
+ memory_region_init_alias(&s->PCI0IO_mem, OBJECT(s), "isa_mmio",
+ get_system_io(), 0, s->PCI0IO_length);
+ memory_region_add_subregion(get_system_memory(), s->PCI0IO_start,
+ &s->PCI0IO_mem);
+ }
+ }
+}
+
+static void gt64120_writel (void *opaque, hwaddr addr,
+ uint64_t val, unsigned size)
+{
+ GT64120State *s = opaque;
+ PCIHostState *phb = PCI_HOST_BRIDGE(s);
+ uint32_t saddr;
+
+ if (!(s->regs[GT_CPU] & 0x00001000))
+ val = bswap32(val);
+
+ saddr = (addr & 0xfff) >> 2;
+ switch (saddr) {
+
+ /* CPU Configuration */
+ case GT_CPU:
+ s->regs[GT_CPU] = val;
+ break;
+ case GT_MULTI:
+ /* Read-only register as only one GT64xxx is present on the CPU bus */
+ break;
+
+ /* CPU Address Decode */
+ case GT_PCI0IOLD:
+ s->regs[GT_PCI0IOLD] = val & 0x00007fff;
+ s->regs[GT_PCI0IOREMAP] = val & 0x000007ff;
+ gt64120_pci_mapping(s);
+ break;
+ case GT_PCI0M0LD:
+ s->regs[GT_PCI0M0LD] = val & 0x00007fff;
+ s->regs[GT_PCI0M0REMAP] = val & 0x000007ff;
+ break;
+ case GT_PCI0M1LD:
+ s->regs[GT_PCI0M1LD] = val & 0x00007fff;
+ s->regs[GT_PCI0M1REMAP] = val & 0x000007ff;
+ break;
+ case GT_PCI1IOLD:
+ s->regs[GT_PCI1IOLD] = val & 0x00007fff;
+ s->regs[GT_PCI1IOREMAP] = val & 0x000007ff;
+ break;
+ case GT_PCI1M0LD:
+ s->regs[GT_PCI1M0LD] = val & 0x00007fff;
+ s->regs[GT_PCI1M0REMAP] = val & 0x000007ff;
+ break;
+ case GT_PCI1M1LD:
+ s->regs[GT_PCI1M1LD] = val & 0x00007fff;
+ s->regs[GT_PCI1M1REMAP] = val & 0x000007ff;
+ break;
+ case GT_PCI0IOHD:
+ s->regs[saddr] = val & 0x0000007f;
+ gt64120_pci_mapping(s);
+ break;
+ case GT_PCI0M0HD:
+ case GT_PCI0M1HD:
+ case GT_PCI1IOHD:
+ case GT_PCI1M0HD:
+ case GT_PCI1M1HD:
+ s->regs[saddr] = val & 0x0000007f;
+ break;
+ case GT_ISD:
+ s->regs[saddr] = val & 0x00007fff;
+ gt64120_isd_mapping(s);
+ break;
+
+ case GT_PCI0IOREMAP:
+ case GT_PCI0M0REMAP:
+ case GT_PCI0M1REMAP:
+ case GT_PCI1IOREMAP:
+ case GT_PCI1M0REMAP:
+ case GT_PCI1M1REMAP:
+ s->regs[saddr] = val & 0x000007ff;
+ break;
+
+ /* CPU Error Report */
+ case GT_CPUERR_ADDRLO:
+ case GT_CPUERR_ADDRHI:
+ case GT_CPUERR_DATALO:
+ case GT_CPUERR_DATAHI:
+ case GT_CPUERR_PARITY:
+ /* Read-only registers, do nothing */
+ break;
+
+ /* CPU Sync Barrier */
+ case GT_PCI0SYNC:
+ case GT_PCI1SYNC:
+ /* Read-only registers, do nothing */
+ break;
+
+ /* SDRAM and Device Address Decode */
+ case GT_SCS0LD:
+ case GT_SCS0HD:
+ case GT_SCS1LD:
+ case GT_SCS1HD:
+ case GT_SCS2LD:
+ case GT_SCS2HD:
+ case GT_SCS3LD:
+ case GT_SCS3HD:
+ case GT_CS0LD:
+ case GT_CS0HD:
+ case GT_CS1LD:
+ case GT_CS1HD:
+ case GT_CS2LD:
+ case GT_CS2HD:
+ case GT_CS3LD:
+ case GT_CS3HD:
+ case GT_BOOTLD:
+ case GT_BOOTHD:
+ case GT_ADERR:
+ /* SDRAM Configuration */
+ case GT_SDRAM_CFG:
+ case GT_SDRAM_OPMODE:
+ case GT_SDRAM_BM:
+ case GT_SDRAM_ADDRDECODE:
+ /* Accept and ignore SDRAM interleave configuration */
+ s->regs[saddr] = val;
+ break;
+
+ /* Device Parameters */
+ case GT_DEV_B0:
+ case GT_DEV_B1:
+ case GT_DEV_B2:
+ case GT_DEV_B3:
+ case GT_DEV_BOOT:
+ /* Not implemented */
+ DPRINTF ("Unimplemented device register offset 0x%x\n", saddr << 2);
+ break;
+
+ /* ECC */
+ case GT_ECC_ERRDATALO:
+ case GT_ECC_ERRDATAHI:
+ case GT_ECC_MEM:
+ case GT_ECC_CALC:
+ case GT_ECC_ERRADDR:
+ /* Read-only registers, do nothing */
+ break;
+
+ /* DMA Record */
+ case GT_DMA0_CNT:
+ case GT_DMA1_CNT:
+ case GT_DMA2_CNT:
+ case GT_DMA3_CNT:
+ case GT_DMA0_SA:
+ case GT_DMA1_SA:
+ case GT_DMA2_SA:
+ case GT_DMA3_SA:
+ case GT_DMA0_DA:
+ case GT_DMA1_DA:
+ case GT_DMA2_DA:
+ case GT_DMA3_DA:
+ case GT_DMA0_NEXT:
+ case GT_DMA1_NEXT:
+ case GT_DMA2_NEXT:
+ case GT_DMA3_NEXT:
+ case GT_DMA0_CUR:
+ case GT_DMA1_CUR:
+ case GT_DMA2_CUR:
+ case GT_DMA3_CUR:
+ /* Not implemented */
+ DPRINTF ("Unimplemented DMA register offset 0x%x\n", saddr << 2);
+ break;
+
+ /* DMA Channel Control */
+ case GT_DMA0_CTRL:
+ case GT_DMA1_CTRL:
+ case GT_DMA2_CTRL:
+ case GT_DMA3_CTRL:
+ /* Not implemented */
+ DPRINTF ("Unimplemented DMA register offset 0x%x\n", saddr << 2);
+ break;
+
+ /* DMA Arbiter */
+ case GT_DMA_ARB:
+ /* Not implemented */
+ DPRINTF ("Unimplemented DMA register offset 0x%x\n", saddr << 2);
+ break;
+
+ /* Timer/Counter */
+ case GT_TC0:
+ case GT_TC1:
+ case GT_TC2:
+ case GT_TC3:
+ case GT_TC_CONTROL:
+ /* Not implemented */
+ DPRINTF ("Unimplemented timer register offset 0x%x\n", saddr << 2);
+ break;
+
+ /* PCI Internal */
+ case GT_PCI0_CMD:
+ case GT_PCI1_CMD:
+ s->regs[saddr] = val & 0x0401fc0f;
+ break;
+ case GT_PCI0_TOR:
+ case GT_PCI0_BS_SCS10:
+ case GT_PCI0_BS_SCS32:
+ case GT_PCI0_BS_CS20:
+ case GT_PCI0_BS_CS3BT:
+ case GT_PCI1_IACK:
+ case GT_PCI0_IACK:
+ case GT_PCI0_BARE:
+ case GT_PCI0_PREFMBR:
+ case GT_PCI0_SCS10_BAR:
+ case GT_PCI0_SCS32_BAR:
+ case GT_PCI0_CS20_BAR:
+ case GT_PCI0_CS3BT_BAR:
+ case GT_PCI0_SSCS10_BAR:
+ case GT_PCI0_SSCS32_BAR:
+ case GT_PCI0_SCS3BT_BAR:
+ case GT_PCI1_TOR:
+ case GT_PCI1_BS_SCS10:
+ case GT_PCI1_BS_SCS32:
+ case GT_PCI1_BS_CS20:
+ case GT_PCI1_BS_CS3BT:
+ case GT_PCI1_BARE:
+ case GT_PCI1_PREFMBR:
+ case GT_PCI1_SCS10_BAR:
+ case GT_PCI1_SCS32_BAR:
+ case GT_PCI1_CS20_BAR:
+ case GT_PCI1_CS3BT_BAR:
+ case GT_PCI1_SSCS10_BAR:
+ case GT_PCI1_SSCS32_BAR:
+ case GT_PCI1_SCS3BT_BAR:
+ case GT_PCI1_CFGADDR:
+ case GT_PCI1_CFGDATA:
+ /* not implemented */
+ break;
+ case GT_PCI0_CFGADDR:
+ phb->config_reg = val & 0x80fffffc;
+ break;
+ case GT_PCI0_CFGDATA:
+ if (!(s->regs[GT_PCI0_CMD] & 1) && (phb->config_reg & 0x00fff800)) {
+ val = bswap32(val);
+ }
+ if (phb->config_reg & (1u << 31)) {
+ pci_data_write(phb->bus, phb->config_reg, val, 4);
+ }
+ break;
+
+ /* Interrupts */
+ case GT_INTRCAUSE:
+ /* not really implemented */
+ s->regs[saddr] = ~(~(s->regs[saddr]) | ~(val & 0xfffffffe));
+ s->regs[saddr] |= !!(s->regs[saddr] & 0xfffffffe);
+ DPRINTF("INTRCAUSE %" PRIx64 "\n", val);
+ break;
+ case GT_INTRMASK:
+ s->regs[saddr] = val & 0x3c3ffffe;
+ DPRINTF("INTRMASK %" PRIx64 "\n", val);
+ break;
+ case GT_PCI0_ICMASK:
+ s->regs[saddr] = val & 0x03fffffe;
+ DPRINTF("ICMASK %" PRIx64 "\n", val);
+ break;
+ case GT_PCI0_SERR0MASK:
+ s->regs[saddr] = val & 0x0000003f;
+ DPRINTF("SERR0MASK %" PRIx64 "\n", val);
+ break;
+
+ /* Reserved when only PCI_0 is configured. */
+ case GT_HINTRCAUSE:
+ case GT_CPU_INTSEL:
+ case GT_PCI0_INTSEL:
+ case GT_HINTRMASK:
+ case GT_PCI0_HICMASK:
+ case GT_PCI1_SERR1MASK:
+ /* not implemented */
+ break;
+
+ /* SDRAM Parameters */
+ case GT_SDRAM_B0:
+ case GT_SDRAM_B1:
+ case GT_SDRAM_B2:
+ case GT_SDRAM_B3:
+ /* We don't simulate electrical parameters of the SDRAM.
+ Accept, but ignore the values. */
+ s->regs[saddr] = val;
+ break;
+
+ default:
+ DPRINTF ("Bad register offset 0x%x\n", (int)addr);
+ break;
+ }
+}
+
+static uint64_t gt64120_readl (void *opaque,
+ hwaddr addr, unsigned size)
+{
+ GT64120State *s = opaque;
+ PCIHostState *phb = PCI_HOST_BRIDGE(s);
+ uint32_t val;
+ uint32_t saddr;
+
+ saddr = (addr & 0xfff) >> 2;
+ switch (saddr) {
+
+ /* CPU Configuration */
+ case GT_MULTI:
+ /* Only one GT64xxx is present on the CPU bus, return
+ the initial value */
+ val = s->regs[saddr];
+ break;
+
+ /* CPU Error Report */
+ case GT_CPUERR_ADDRLO:
+ case GT_CPUERR_ADDRHI:
+ case GT_CPUERR_DATALO:
+ case GT_CPUERR_DATAHI:
+ case GT_CPUERR_PARITY:
+ /* Emulated memory has no error, always return the initial
+ values */
+ val = s->regs[saddr];
+ break;
+
+ /* CPU Sync Barrier */
+ case GT_PCI0SYNC:
+ case GT_PCI1SYNC:
+ /* Reading those register should empty all FIFO on the PCI
+ bus, which are not emulated. The return value should be
+ a random value that should be ignored. */
+ val = 0xc000ffee;
+ break;
+
+ /* ECC */
+ case GT_ECC_ERRDATALO:
+ case GT_ECC_ERRDATAHI:
+ case GT_ECC_MEM:
+ case GT_ECC_CALC:
+ case GT_ECC_ERRADDR:
+ /* Emulated memory has no error, always return the initial
+ values */
+ val = s->regs[saddr];
+ break;
+
+ case GT_CPU:
+ case GT_SCS10LD:
+ case GT_SCS10HD:
+ case GT_SCS32LD:
+ case GT_SCS32HD:
+ case GT_CS20LD:
+ case GT_CS20HD:
+ case GT_CS3BOOTLD:
+ case GT_CS3BOOTHD:
+ case GT_SCS10AR:
+ case GT_SCS32AR:
+ case GT_CS20R:
+ case GT_CS3BOOTR:
+ case GT_PCI0IOLD:
+ case GT_PCI0M0LD:
+ case GT_PCI0M1LD:
+ case GT_PCI1IOLD:
+ case GT_PCI1M0LD:
+ case GT_PCI1M1LD:
+ case GT_PCI0IOHD:
+ case GT_PCI0M0HD:
+ case GT_PCI0M1HD:
+ case GT_PCI1IOHD:
+ case GT_PCI1M0HD:
+ case GT_PCI1M1HD:
+ case GT_PCI0IOREMAP:
+ case GT_PCI0M0REMAP:
+ case GT_PCI0M1REMAP:
+ case GT_PCI1IOREMAP:
+ case GT_PCI1M0REMAP:
+ case GT_PCI1M1REMAP:
+ case GT_ISD:
+ val = s->regs[saddr];
+ break;
+ case GT_PCI0_IACK:
+ /* Read the IRQ number */
+ val = pic_read_irq(isa_pic);
+ break;
+
+ /* SDRAM and Device Address Decode */
+ case GT_SCS0LD:
+ case GT_SCS0HD:
+ case GT_SCS1LD:
+ case GT_SCS1HD:
+ case GT_SCS2LD:
+ case GT_SCS2HD:
+ case GT_SCS3LD:
+ case GT_SCS3HD:
+ case GT_CS0LD:
+ case GT_CS0HD:
+ case GT_CS1LD:
+ case GT_CS1HD:
+ case GT_CS2LD:
+ case GT_CS2HD:
+ case GT_CS3LD:
+ case GT_CS3HD:
+ case GT_BOOTLD:
+ case GT_BOOTHD:
+ case GT_ADERR:
+ val = s->regs[saddr];
+ break;
+
+ /* SDRAM Configuration */
+ case GT_SDRAM_CFG:
+ case GT_SDRAM_OPMODE:
+ case GT_SDRAM_BM:
+ case GT_SDRAM_ADDRDECODE:
+ val = s->regs[saddr];
+ break;
+
+ /* SDRAM Parameters */
+ case GT_SDRAM_B0:
+ case GT_SDRAM_B1:
+ case GT_SDRAM_B2:
+ case GT_SDRAM_B3:
+ /* We don't simulate electrical parameters of the SDRAM.
+ Just return the last written value. */
+ val = s->regs[saddr];
+ break;
+
+ /* Device Parameters */
+ case GT_DEV_B0:
+ case GT_DEV_B1:
+ case GT_DEV_B2:
+ case GT_DEV_B3:
+ case GT_DEV_BOOT:
+ val = s->regs[saddr];
+ break;
+
+ /* DMA Record */
+ case GT_DMA0_CNT:
+ case GT_DMA1_CNT:
+ case GT_DMA2_CNT:
+ case GT_DMA3_CNT:
+ case GT_DMA0_SA:
+ case GT_DMA1_SA:
+ case GT_DMA2_SA:
+ case GT_DMA3_SA:
+ case GT_DMA0_DA:
+ case GT_DMA1_DA:
+ case GT_DMA2_DA:
+ case GT_DMA3_DA:
+ case GT_DMA0_NEXT:
+ case GT_DMA1_NEXT:
+ case GT_DMA2_NEXT:
+ case GT_DMA3_NEXT:
+ case GT_DMA0_CUR:
+ case GT_DMA1_CUR:
+ case GT_DMA2_CUR:
+ case GT_DMA3_CUR:
+ val = s->regs[saddr];
+ break;
+
+ /* DMA Channel Control */
+ case GT_DMA0_CTRL:
+ case GT_DMA1_CTRL:
+ case GT_DMA2_CTRL:
+ case GT_DMA3_CTRL:
+ val = s->regs[saddr];
+ break;
+
+ /* DMA Arbiter */
+ case GT_DMA_ARB:
+ val = s->regs[saddr];
+ break;
+
+ /* Timer/Counter */
+ case GT_TC0:
+ case GT_TC1:
+ case GT_TC2:
+ case GT_TC3:
+ case GT_TC_CONTROL:
+ val = s->regs[saddr];
+ break;
+
+ /* PCI Internal */
+ case GT_PCI0_CFGADDR:
+ val = phb->config_reg;
+ break;
+ case GT_PCI0_CFGDATA:
+ if (!(phb->config_reg & (1 << 31))) {
+ val = 0xffffffff;
+ } else {
+ val = pci_data_read(phb->bus, phb->config_reg, 4);
+ }
+ if (!(s->regs[GT_PCI0_CMD] & 1) && (phb->config_reg & 0x00fff800)) {
+ val = bswap32(val);
+ }
+ break;
+
+ case GT_PCI0_CMD:
+ case GT_PCI0_TOR:
+ case GT_PCI0_BS_SCS10:
+ case GT_PCI0_BS_SCS32:
+ case GT_PCI0_BS_CS20:
+ case GT_PCI0_BS_CS3BT:
+ case GT_PCI1_IACK:
+ case GT_PCI0_BARE:
+ case GT_PCI0_PREFMBR:
+ case GT_PCI0_SCS10_BAR:
+ case GT_PCI0_SCS32_BAR:
+ case GT_PCI0_CS20_BAR:
+ case GT_PCI0_CS3BT_BAR:
+ case GT_PCI0_SSCS10_BAR:
+ case GT_PCI0_SSCS32_BAR:
+ case GT_PCI0_SCS3BT_BAR:
+ case GT_PCI1_CMD:
+ case GT_PCI1_TOR:
+ case GT_PCI1_BS_SCS10:
+ case GT_PCI1_BS_SCS32:
+ case GT_PCI1_BS_CS20:
+ case GT_PCI1_BS_CS3BT:
+ case GT_PCI1_BARE:
+ case GT_PCI1_PREFMBR:
+ case GT_PCI1_SCS10_BAR:
+ case GT_PCI1_SCS32_BAR:
+ case GT_PCI1_CS20_BAR:
+ case GT_PCI1_CS3BT_BAR:
+ case GT_PCI1_SSCS10_BAR:
+ case GT_PCI1_SSCS32_BAR:
+ case GT_PCI1_SCS3BT_BAR:
+ case GT_PCI1_CFGADDR:
+ case GT_PCI1_CFGDATA:
+ val = s->regs[saddr];
+ break;
+
+ /* Interrupts */
+ case GT_INTRCAUSE:
+ val = s->regs[saddr];
+ DPRINTF("INTRCAUSE %x\n", val);
+ break;
+ case GT_INTRMASK:
+ val = s->regs[saddr];
+ DPRINTF("INTRMASK %x\n", val);
+ break;
+ case GT_PCI0_ICMASK:
+ val = s->regs[saddr];
+ DPRINTF("ICMASK %x\n", val);
+ break;
+ case GT_PCI0_SERR0MASK:
+ val = s->regs[saddr];
+ DPRINTF("SERR0MASK %x\n", val);
+ break;
+
+ /* Reserved when only PCI_0 is configured. */
+ case GT_HINTRCAUSE:
+ case GT_CPU_INTSEL:
+ case GT_PCI0_INTSEL:
+ case GT_HINTRMASK:
+ case GT_PCI0_HICMASK:
+ case GT_PCI1_SERR1MASK:
+ val = s->regs[saddr];
+ break;
+
+ default:
+ val = s->regs[saddr];
+ DPRINTF ("Bad register offset 0x%x\n", (int)addr);
+ break;
+ }
+
+ if (!(s->regs[GT_CPU] & 0x00001000))
+ val = bswap32(val);
+
+ return val;
+}
+
+static const MemoryRegionOps isd_mem_ops = {
+ .read = gt64120_readl,
+ .write = gt64120_writel,
+ .endianness = DEVICE_NATIVE_ENDIAN,
+};
+
+static int gt64120_pci_map_irq(PCIDevice *pci_dev, int irq_num)
+{
+ int slot;
+
+ slot = (pci_dev->devfn >> 3);
+
+ switch (slot) {
+ /* PIIX4 USB */
+ case 10:
+ return 3;
+ /* AMD 79C973 Ethernet */
+ case 11:
+ return 1;
+ /* Crystal 4281 Sound */
+ case 12:
+ return 2;
+ /* PCI slot 1 to 4 */
+ case 18 ... 21:
+ return ((slot - 18) + irq_num) & 0x03;
+ /* Unknown device, don't do any translation */
+ default:
+ return irq_num;
+ }
+}
+
+static int pci_irq_levels[4];
+
+static void gt64120_pci_set_irq(void *opaque, int irq_num, int level)
+{
+ int i, pic_irq, pic_level;
+ qemu_irq *pic = opaque;
+
+ pci_irq_levels[irq_num] = level;
+
+ /* now we change the pic irq level according to the piix irq mappings */
+ /* XXX: optimize */
+ pic_irq = piix4_dev->config[0x60 + irq_num];
+ if (pic_irq < 16) {
+ /* The pic level is the logical OR of all the PCI irqs mapped
+ to it */
+ pic_level = 0;
+ for (i = 0; i < 4; i++) {
+ if (pic_irq == piix4_dev->config[0x60 + i])
+ pic_level |= pci_irq_levels[i];
+ }
+ qemu_set_irq(pic[pic_irq], pic_level);
+ }
+}
+
+
+static void gt64120_reset(void *opaque)
+{
+ GT64120State *s = opaque;
+
+ /* FIXME: Malta specific hw assumptions ahead */
+
+ /* CPU Configuration */
+#ifdef TARGET_WORDS_BIGENDIAN
+ s->regs[GT_CPU] = 0x00000000;
+#else
+ s->regs[GT_CPU] = 0x00001000;
+#endif
+ s->regs[GT_MULTI] = 0x00000003;
+
+ /* CPU Address decode */
+ s->regs[GT_SCS10LD] = 0x00000000;
+ s->regs[GT_SCS10HD] = 0x00000007;
+ s->regs[GT_SCS32LD] = 0x00000008;
+ s->regs[GT_SCS32HD] = 0x0000000f;
+ s->regs[GT_CS20LD] = 0x000000e0;
+ s->regs[GT_CS20HD] = 0x00000070;
+ s->regs[GT_CS3BOOTLD] = 0x000000f8;
+ s->regs[GT_CS3BOOTHD] = 0x0000007f;
+
+ s->regs[GT_PCI0IOLD] = 0x00000080;
+ s->regs[GT_PCI0IOHD] = 0x0000000f;
+ s->regs[GT_PCI0M0LD] = 0x00000090;
+ s->regs[GT_PCI0M0HD] = 0x0000001f;
+ s->regs[GT_ISD] = 0x000000a0;
+ s->regs[GT_PCI0M1LD] = 0x00000790;
+ s->regs[GT_PCI0M1HD] = 0x0000001f;
+ s->regs[GT_PCI1IOLD] = 0x00000100;
+ s->regs[GT_PCI1IOHD] = 0x0000000f;
+ s->regs[GT_PCI1M0LD] = 0x00000110;
+ s->regs[GT_PCI1M0HD] = 0x0000001f;
+ s->regs[GT_PCI1M1LD] = 0x00000120;
+ s->regs[GT_PCI1M1HD] = 0x0000002f;
+
+ s->regs[GT_SCS10AR] = 0x00000000;
+ s->regs[GT_SCS32AR] = 0x00000008;
+ s->regs[GT_CS20R] = 0x000000e0;
+ s->regs[GT_CS3BOOTR] = 0x000000f8;
+
+ s->regs[GT_PCI0IOREMAP] = 0x00000080;
+ s->regs[GT_PCI0M0REMAP] = 0x00000090;
+ s->regs[GT_PCI0M1REMAP] = 0x00000790;
+ s->regs[GT_PCI1IOREMAP] = 0x00000100;
+ s->regs[GT_PCI1M0REMAP] = 0x00000110;
+ s->regs[GT_PCI1M1REMAP] = 0x00000120;
+
+ /* CPU Error Report */
+ s->regs[GT_CPUERR_ADDRLO] = 0x00000000;
+ s->regs[GT_CPUERR_ADDRHI] = 0x00000000;
+ s->regs[GT_CPUERR_DATALO] = 0xffffffff;
+ s->regs[GT_CPUERR_DATAHI] = 0xffffffff;
+ s->regs[GT_CPUERR_PARITY] = 0x000000ff;
+
+ /* CPU Sync Barrier */
+ s->regs[GT_PCI0SYNC] = 0x00000000;
+ s->regs[GT_PCI1SYNC] = 0x00000000;
+
+ /* SDRAM and Device Address Decode */
+ s->regs[GT_SCS0LD] = 0x00000000;
+ s->regs[GT_SCS0HD] = 0x00000007;
+ s->regs[GT_SCS1LD] = 0x00000008;
+ s->regs[GT_SCS1HD] = 0x0000000f;
+ s->regs[GT_SCS2LD] = 0x00000010;
+ s->regs[GT_SCS2HD] = 0x00000017;
+ s->regs[GT_SCS3LD] = 0x00000018;
+ s->regs[GT_SCS3HD] = 0x0000001f;
+ s->regs[GT_CS0LD] = 0x000000c0;
+ s->regs[GT_CS0HD] = 0x000000c7;
+ s->regs[GT_CS1LD] = 0x000000c8;
+ s->regs[GT_CS1HD] = 0x000000cf;
+ s->regs[GT_CS2LD] = 0x000000d0;
+ s->regs[GT_CS2HD] = 0x000000df;
+ s->regs[GT_CS3LD] = 0x000000f0;
+ s->regs[GT_CS3HD] = 0x000000fb;
+ s->regs[GT_BOOTLD] = 0x000000fc;
+ s->regs[GT_BOOTHD] = 0x000000ff;
+ s->regs[GT_ADERR] = 0xffffffff;
+
+ /* SDRAM Configuration */
+ s->regs[GT_SDRAM_CFG] = 0x00000200;
+ s->regs[GT_SDRAM_OPMODE] = 0x00000000;
+ s->regs[GT_SDRAM_BM] = 0x00000007;
+ s->regs[GT_SDRAM_ADDRDECODE] = 0x00000002;
+
+ /* SDRAM Parameters */
+ s->regs[GT_SDRAM_B0] = 0x00000005;
+ s->regs[GT_SDRAM_B1] = 0x00000005;
+ s->regs[GT_SDRAM_B2] = 0x00000005;
+ s->regs[GT_SDRAM_B3] = 0x00000005;
+
+ /* ECC */
+ s->regs[GT_ECC_ERRDATALO] = 0x00000000;
+ s->regs[GT_ECC_ERRDATAHI] = 0x00000000;
+ s->regs[GT_ECC_MEM] = 0x00000000;
+ s->regs[GT_ECC_CALC] = 0x00000000;
+ s->regs[GT_ECC_ERRADDR] = 0x00000000;
+
+ /* Device Parameters */
+ s->regs[GT_DEV_B0] = 0x386fffff;
+ s->regs[GT_DEV_B1] = 0x386fffff;
+ s->regs[GT_DEV_B2] = 0x386fffff;
+ s->regs[GT_DEV_B3] = 0x386fffff;
+ s->regs[GT_DEV_BOOT] = 0x146fffff;
+
+ /* DMA registers are all zeroed at reset */
+
+ /* Timer/Counter */
+ s->regs[GT_TC0] = 0xffffffff;
+ s->regs[GT_TC1] = 0x00ffffff;
+ s->regs[GT_TC2] = 0x00ffffff;
+ s->regs[GT_TC3] = 0x00ffffff;
+ s->regs[GT_TC_CONTROL] = 0x00000000;
+
+ /* PCI Internal */
+#ifdef TARGET_WORDS_BIGENDIAN
+ s->regs[GT_PCI0_CMD] = 0x00000000;
+#else
+ s->regs[GT_PCI0_CMD] = 0x00010001;
+#endif
+ s->regs[GT_PCI0_TOR] = 0x0000070f;
+ s->regs[GT_PCI0_BS_SCS10] = 0x00fff000;
+ s->regs[GT_PCI0_BS_SCS32] = 0x00fff000;
+ s->regs[GT_PCI0_BS_CS20] = 0x01fff000;
+ s->regs[GT_PCI0_BS_CS3BT] = 0x00fff000;
+ s->regs[GT_PCI1_IACK] = 0x00000000;
+ s->regs[GT_PCI0_IACK] = 0x00000000;
+ s->regs[GT_PCI0_BARE] = 0x0000000f;
+ s->regs[GT_PCI0_PREFMBR] = 0x00000040;
+ s->regs[GT_PCI0_SCS10_BAR] = 0x00000000;
+ s->regs[GT_PCI0_SCS32_BAR] = 0x01000000;
+ s->regs[GT_PCI0_CS20_BAR] = 0x1c000000;
+ s->regs[GT_PCI0_CS3BT_BAR] = 0x1f000000;
+ s->regs[GT_PCI0_SSCS10_BAR] = 0x00000000;
+ s->regs[GT_PCI0_SSCS32_BAR] = 0x01000000;
+ s->regs[GT_PCI0_SCS3BT_BAR] = 0x1f000000;
+#ifdef TARGET_WORDS_BIGENDIAN
+ s->regs[GT_PCI1_CMD] = 0x00000000;
+#else
+ s->regs[GT_PCI1_CMD] = 0x00010001;
+#endif
+ s->regs[GT_PCI1_TOR] = 0x0000070f;
+ s->regs[GT_PCI1_BS_SCS10] = 0x00fff000;
+ s->regs[GT_PCI1_BS_SCS32] = 0x00fff000;
+ s->regs[GT_PCI1_BS_CS20] = 0x01fff000;
+ s->regs[GT_PCI1_BS_CS3BT] = 0x00fff000;
+ s->regs[GT_PCI1_BARE] = 0x0000000f;
+ s->regs[GT_PCI1_PREFMBR] = 0x00000040;
+ s->regs[GT_PCI1_SCS10_BAR] = 0x00000000;
+ s->regs[GT_PCI1_SCS32_BAR] = 0x01000000;
+ s->regs[GT_PCI1_CS20_BAR] = 0x1c000000;
+ s->regs[GT_PCI1_CS3BT_BAR] = 0x1f000000;
+ s->regs[GT_PCI1_SSCS10_BAR] = 0x00000000;
+ s->regs[GT_PCI1_SSCS32_BAR] = 0x01000000;
+ s->regs[GT_PCI1_SCS3BT_BAR] = 0x1f000000;
+ s->regs[GT_PCI1_CFGADDR] = 0x00000000;
+ s->regs[GT_PCI1_CFGDATA] = 0x00000000;
+ s->regs[GT_PCI0_CFGADDR] = 0x00000000;
+
+ /* Interrupt registers are all zeroed at reset */
+
+ gt64120_isd_mapping(s);
+ gt64120_pci_mapping(s);
+}
+
+PCIBus *gt64120_register(qemu_irq *pic)
+{
+ GT64120State *d;
+ PCIHostState *phb;
+ DeviceState *dev;
+
+ dev = qdev_create(NULL, TYPE_GT64120_PCI_HOST_BRIDGE);
+ qdev_init_nofail(dev);
+ d = GT64120_PCI_HOST_BRIDGE(dev);
+ phb = PCI_HOST_BRIDGE(dev);
+ phb->bus = pci_register_bus(dev, "pci",
+ gt64120_pci_set_irq, gt64120_pci_map_irq,
+ pic,
+ get_system_memory(),
+ get_system_io(),
+ PCI_DEVFN(18, 0), 4, TYPE_PCI_BUS);
+ memory_region_init_io(&d->ISD_mem, OBJECT(dev), &isd_mem_ops, d, "isd-mem", 0x1000);
+
+ pci_create_simple(phb->bus, PCI_DEVFN(0, 0), "gt64120_pci");
+ return phb->bus;
+}
+
+static int gt64120_init(SysBusDevice *dev)
+{
+ GT64120State *s;
+
+ s = GT64120_PCI_HOST_BRIDGE(dev);
+
+ /* FIXME: This value is computed from registers during reset, but some
+ devices (e.g. VGA card) need to know it when they are registered.
+ This also mean that changing the register to change the mapping
+ does not fully work. */
+ isa_mem_base = 0x10000000;
+ qemu_register_reset(gt64120_reset, s);
+ return 0;
+}
+
+static int gt64120_pci_init(PCIDevice *d)
+{
+ /* FIXME: Malta specific hw assumptions ahead */
+ pci_set_word(d->config + PCI_COMMAND, 0);
+ pci_set_word(d->config + PCI_STATUS,
+ PCI_STATUS_FAST_BACK | PCI_STATUS_DEVSEL_MEDIUM);
+ pci_config_set_prog_interface(d->config, 0);
+ pci_set_long(d->config + PCI_BASE_ADDRESS_0, 0x00000008);
+ pci_set_long(d->config + PCI_BASE_ADDRESS_1, 0x01000008);
+ pci_set_long(d->config + PCI_BASE_ADDRESS_2, 0x1c000000);
+ pci_set_long(d->config + PCI_BASE_ADDRESS_3, 0x1f000000);
+ pci_set_long(d->config + PCI_BASE_ADDRESS_4, 0x14000000);
+ pci_set_long(d->config + PCI_BASE_ADDRESS_5, 0x14000001);
+ pci_set_byte(d->config + 0x3d, 0x01);
+
+ return 0;
+}
+
+static void gt64120_pci_class_init(ObjectClass *klass, void *data)
+{
+ PCIDeviceClass *k = PCI_DEVICE_CLASS(klass);
+
+ k->init = gt64120_pci_init;
+ k->vendor_id = PCI_VENDOR_ID_MARVELL;
+ k->device_id = PCI_DEVICE_ID_MARVELL_GT6412X;
+ k->revision = 0x10;
+ k->class_id = PCI_CLASS_BRIDGE_HOST;
+}
+
+static const TypeInfo gt64120_pci_info = {
+ .name = "gt64120_pci",
+ .parent = TYPE_PCI_DEVICE,
+ .instance_size = sizeof(PCIDevice),
+ .class_init = gt64120_pci_class_init,
+};
+
+static void gt64120_class_init(ObjectClass *klass, void *data)
+{
+ SysBusDeviceClass *sdc = SYS_BUS_DEVICE_CLASS(klass);
+
+ sdc->init = gt64120_init;
+}
+
+static const TypeInfo gt64120_info = {
+ .name = TYPE_GT64120_PCI_HOST_BRIDGE,
+ .parent = TYPE_PCI_HOST_BRIDGE,
+ .instance_size = sizeof(GT64120State),
+ .class_init = gt64120_class_init,
+};
+
+static void gt64120_pci_register_types(void)
+{
+ type_register_static(&gt64120_info);
+ type_register_static(&gt64120_pci_info);
+}
+
+type_init(gt64120_pci_register_types)
diff --git a/hw/mips/mips_fulong2e.c b/hw/mips/mips_fulong2e.c
new file mode 100644
index 000000000..e8d5dd098
--- /dev/null
+++ b/hw/mips/mips_fulong2e.c
@@ -0,0 +1,414 @@
+/*
+ * QEMU fulong 2e mini pc support
+ *
+ * Copyright (c) 2008 yajin (yajin@vm-kernel.org)
+ * Copyright (c) 2009 chenming (chenming@rdc.faw.com.cn)
+ * Copyright (c) 2010 Huacai Chen (zltjiangshi@gmail.com)
+ * This code is licensed under the GNU GPL v2.
+ *
+ * Contributions after 2012-01-13 are licensed under the terms of the
+ * GNU GPL, version 2 or (at your option) any later version.
+ */
+
+/*
+ * Fulong 2e mini pc is based on ICT/ST Loongson 2e CPU (MIPS III like, 800MHz)
+ * http://www.linux-mips.org/wiki/Fulong
+ *
+ * Loongson 2e user manual:
+ * http://www.loongsondeveloper.com/doc/Loongson2EUserGuide.pdf
+ */
+
+#include "hw/hw.h"
+#include "hw/i386/pc.h"
+#include "hw/char/serial.h"
+#include "hw/block/fdc.h"
+#include "net/net.h"
+#include "hw/boards.h"
+#include "hw/i2c/smbus.h"
+#include "block/block.h"
+#include "hw/block/flash.h"
+#include "hw/mips/mips.h"
+#include "hw/mips/cpudevs.h"
+#include "hw/pci/pci.h"
+#include "sysemu/char.h"
+#include "sysemu/sysemu.h"
+#include "audio/audio.h"
+#include "qemu/log.h"
+#include "hw/loader.h"
+#include "hw/mips/bios.h"
+#include "hw/ide.h"
+#include "elf.h"
+#include "hw/isa/vt82c686.h"
+#include "hw/timer/mc146818rtc.h"
+#include "hw/timer/i8254.h"
+#include "sysemu/blockdev.h"
+#include "exec/address-spaces.h"
+#include "sysemu/qtest.h"
+#include "qemu/error-report.h"
+
+#define DEBUG_FULONG2E_INIT
+
+#define ENVP_ADDR 0x80002000l
+#define ENVP_NB_ENTRIES 16
+#define ENVP_ENTRY_SIZE 256
+
+#define MAX_IDE_BUS 2
+
+/*
+ * PMON is not part of qemu and released with BSD license, anyone
+ * who want to build a pmon binary please first git-clone the source
+ * from the git repository at:
+ * http://www.loongson.cn/support/git/pmon
+ * Then follow the "Compile Guide" available at:
+ * http://dev.lemote.com/code/pmon
+ *
+ * Notes:
+ * 1, don't use the source at http://dev.lemote.com/http_git/pmon.git
+ * 2, use "Bonito2edev" to replace "dir_corresponding_to_your_target_hardware"
+ * in the "Compile Guide".
+ */
+#define FULONG_BIOSNAME "pmon_fulong2e.bin"
+
+/* PCI SLOT in fulong 2e */
+#define FULONG2E_VIA_SLOT 5
+#define FULONG2E_ATI_SLOT 6
+#define FULONG2E_RTL8139_SLOT 7
+
+static ISADevice *pit;
+
+static struct _loaderparams {
+ int ram_size;
+ const char *kernel_filename;
+ const char *kernel_cmdline;
+ const char *initrd_filename;
+} loaderparams;
+
+static void GCC_FMT_ATTR(3, 4) prom_set(uint32_t* prom_buf, int index,
+ const char *string, ...)
+{
+ va_list ap;
+ int32_t table_addr;
+
+ if (index >= ENVP_NB_ENTRIES)
+ return;
+
+ if (string == NULL) {
+ prom_buf[index] = 0;
+ return;
+ }
+
+ table_addr = sizeof(int32_t) * ENVP_NB_ENTRIES + index * ENVP_ENTRY_SIZE;
+ prom_buf[index] = tswap32(ENVP_ADDR + table_addr);
+
+ va_start(ap, string);
+ vsnprintf((char *)prom_buf + table_addr, ENVP_ENTRY_SIZE, string, ap);
+ va_end(ap);
+}
+
+static int64_t load_kernel (CPUMIPSState *env)
+{
+ int64_t kernel_entry, kernel_low, kernel_high;
+ int index = 0;
+ long initrd_size;
+ ram_addr_t initrd_offset;
+ uint32_t *prom_buf;
+ long prom_size;
+
+ if (load_elf(loaderparams.kernel_filename, cpu_mips_kseg0_to_phys, NULL,
+ (uint64_t *)&kernel_entry, (uint64_t *)&kernel_low,
+ (uint64_t *)&kernel_high, 0, ELF_MACHINE, 1) < 0) {
+ fprintf(stderr, "qemu: could not load kernel '%s'\n",
+ loaderparams.kernel_filename);
+ exit(1);
+ }
+
+ /* load initrd */
+ initrd_size = 0;
+ initrd_offset = 0;
+ if (loaderparams.initrd_filename) {
+ initrd_size = get_image_size (loaderparams.initrd_filename);
+ if (initrd_size > 0) {
+ initrd_offset = (kernel_high + ~INITRD_PAGE_MASK) & INITRD_PAGE_MASK;
+ if (initrd_offset + initrd_size > ram_size) {
+ fprintf(stderr,
+ "qemu: memory too small for initial ram disk '%s'\n",
+ loaderparams.initrd_filename);
+ exit(1);
+ }
+ initrd_size = load_image_targphys(loaderparams.initrd_filename,
+ initrd_offset, ram_size - initrd_offset);
+ }
+ if (initrd_size == (target_ulong) -1) {
+ fprintf(stderr, "qemu: could not load initial ram disk '%s'\n",
+ loaderparams.initrd_filename);
+ exit(1);
+ }
+ }
+
+ /* Setup prom parameters. */
+ prom_size = ENVP_NB_ENTRIES * (sizeof(int32_t) + ENVP_ENTRY_SIZE);
+ prom_buf = g_malloc(prom_size);
+
+ prom_set(prom_buf, index++, "%s", loaderparams.kernel_filename);
+ if (initrd_size > 0) {
+ prom_set(prom_buf, index++, "rd_start=0x%" PRIx64 " rd_size=%li %s",
+ cpu_mips_phys_to_kseg0(NULL, initrd_offset), initrd_size,
+ loaderparams.kernel_cmdline);
+ } else {
+ prom_set(prom_buf, index++, "%s", loaderparams.kernel_cmdline);
+ }
+
+ /* Setup minimum environment variables */
+ prom_set(prom_buf, index++, "busclock=33000000");
+ prom_set(prom_buf, index++, "cpuclock=100000000");
+ prom_set(prom_buf, index++, "memsize=%i", loaderparams.ram_size/1024/1024);
+ prom_set(prom_buf, index++, "modetty0=38400n8r");
+ prom_set(prom_buf, index++, NULL);
+
+ rom_add_blob_fixed("prom", prom_buf, prom_size,
+ cpu_mips_kseg0_to_phys(NULL, ENVP_ADDR));
+
+ return kernel_entry;
+}
+
+static void write_bootloader (CPUMIPSState *env, uint8_t *base, int64_t kernel_addr)
+{
+ uint32_t *p;
+
+ /* Small bootloader */
+ p = (uint32_t *) base;
+
+ stl_raw(p++, 0x0bf00010); /* j 0x1fc00040 */
+ stl_raw(p++, 0x00000000); /* nop */
+
+ /* Second part of the bootloader */
+ p = (uint32_t *) (base + 0x040);
+
+ stl_raw(p++, 0x3c040000); /* lui a0, 0 */
+ stl_raw(p++, 0x34840002); /* ori a0, a0, 2 */
+ stl_raw(p++, 0x3c050000 | ((ENVP_ADDR >> 16) & 0xffff)); /* lui a1, high(ENVP_ADDR) */
+ stl_raw(p++, 0x34a50000 | (ENVP_ADDR & 0xffff)); /* ori a1, a0, low(ENVP_ADDR) */
+ stl_raw(p++, 0x3c060000 | (((ENVP_ADDR + 8) >> 16) & 0xffff)); /* lui a2, high(ENVP_ADDR + 8) */
+ stl_raw(p++, 0x34c60000 | ((ENVP_ADDR + 8) & 0xffff)); /* ori a2, a2, low(ENVP_ADDR + 8) */
+ stl_raw(p++, 0x3c070000 | (loaderparams.ram_size >> 16)); /* lui a3, high(env->ram_size) */
+ stl_raw(p++, 0x34e70000 | (loaderparams.ram_size & 0xffff)); /* ori a3, a3, low(env->ram_size) */
+ stl_raw(p++, 0x3c1f0000 | ((kernel_addr >> 16) & 0xffff)); /* lui ra, high(kernel_addr) */;
+ stl_raw(p++, 0x37ff0000 | (kernel_addr & 0xffff)); /* ori ra, ra, low(kernel_addr) */
+ stl_raw(p++, 0x03e00008); /* jr ra */
+ stl_raw(p++, 0x00000000); /* nop */
+}
+
+
+static void main_cpu_reset(void *opaque)
+{
+ MIPSCPU *cpu = opaque;
+ CPUMIPSState *env = &cpu->env;
+
+ cpu_reset(CPU(cpu));
+ /* TODO: 2E reset stuff */
+ if (loaderparams.kernel_filename) {
+ env->CP0_Status &= ~((1 << CP0St_BEV) | (1 << CP0St_ERL));
+ }
+}
+
+uint8_t eeprom_spd[0x80] = {
+ 0x80,0x08,0x07,0x0d,0x09,0x02,0x40,0x00,0x04,0x70,
+ 0x70,0x00,0x82,0x10,0x00,0x01,0x0e,0x04,0x0c,0x01,
+ 0x02,0x20,0x80,0x75,0x70,0x00,0x00,0x50,0x3c,0x50,
+ 0x2d,0x20,0xb0,0xb0,0x50,0x50,0x00,0x00,0x00,0x00,
+ 0x00,0x41,0x48,0x3c,0x32,0x75,0x00,0x00,0x00,0x00,
+ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+ 0x00,0x00,0x00,0x9c,0x7b,0x07,0x00,0x00,0x00,0x00,
+ 0x00,0x00,0x00,0x00,0x48,0x42,0x35,0x34,0x41,0x32,
+ 0x35,0x36,0x38,0x4b,0x4e,0x2d,0x41,0x37,0x35,0x42,
+ 0x20,0x30,0x20
+};
+
+/* Audio support */
+static void audio_init (PCIBus *pci_bus)
+{
+ vt82c686b_ac97_init(pci_bus, PCI_DEVFN(FULONG2E_VIA_SLOT, 5));
+ vt82c686b_mc97_init(pci_bus, PCI_DEVFN(FULONG2E_VIA_SLOT, 6));
+}
+
+/* Network support */
+static void network_init (PCIBus *pci_bus)
+{
+ int i;
+
+ for(i = 0; i < nb_nics; i++) {
+ NICInfo *nd = &nd_table[i];
+ const char *default_devaddr = NULL;
+
+ if (i == 0 && (!nd->model || strcmp(nd->model, "rtl8139") == 0)) {
+ /* The fulong board has a RTL8139 card using PCI SLOT 7 */
+ default_devaddr = "07";
+ }
+
+ pci_nic_init_nofail(nd, pci_bus, "rtl8139", default_devaddr);
+ }
+}
+
+static void cpu_request_exit(void *opaque, int irq, int level)
+{
+ CPUState *cpu = current_cpu;
+
+ if (cpu && level) {
+ cpu_exit(cpu);
+ }
+}
+
+static void mips_fulong2e_init(QEMUMachineInitArgs *args)
+{
+ ram_addr_t ram_size = args->ram_size;
+ const char *cpu_model = args->cpu_model;
+ const char *kernel_filename = args->kernel_filename;
+ const char *kernel_cmdline = args->kernel_cmdline;
+ const char *initrd_filename = args->initrd_filename;
+ char *filename;
+ MemoryRegion *address_space_mem = get_system_memory();
+ MemoryRegion *ram = g_new(MemoryRegion, 1);
+ MemoryRegion *bios = g_new(MemoryRegion, 1);
+ long bios_size;
+ int64_t kernel_entry;
+ qemu_irq *i8259;
+ qemu_irq *cpu_exit_irq;
+ PCIBus *pci_bus;
+ ISABus *isa_bus;
+ i2c_bus *smbus;
+ int i;
+ DriveInfo *hd[MAX_IDE_BUS * MAX_IDE_DEVS];
+ MIPSCPU *cpu;
+ CPUMIPSState *env;
+
+ /* init CPUs */
+ if (cpu_model == NULL) {
+ cpu_model = "Loongson-2E";
+ }
+ cpu = cpu_mips_init(cpu_model);
+ if (cpu == NULL) {
+ fprintf(stderr, "Unable to find CPU definition\n");
+ exit(1);
+ }
+ env = &cpu->env;
+
+ qemu_register_reset(main_cpu_reset, cpu);
+
+ /* fulong 2e has 256M ram. */
+ ram_size = 256 * 1024 * 1024;
+
+ /* fulong 2e has a 1M flash.Winbond W39L040AP70Z */
+ bios_size = 1024 * 1024;
+
+ /* allocate RAM */
+ memory_region_init_ram(ram, NULL, "fulong2e.ram", ram_size);
+ vmstate_register_ram_global(ram);
+ memory_region_init_ram(bios, NULL, "fulong2e.bios", bios_size);
+ vmstate_register_ram_global(bios);
+ memory_region_set_readonly(bios, true);
+
+ memory_region_add_subregion(address_space_mem, 0, ram);
+ memory_region_add_subregion(address_space_mem, 0x1fc00000LL, bios);
+
+ /* We do not support flash operation, just loading pmon.bin as raw BIOS.
+ * Please use -L to set the BIOS path and -bios to set bios name. */
+
+ if (kernel_filename) {
+ loaderparams.ram_size = ram_size;
+ loaderparams.kernel_filename = kernel_filename;
+ loaderparams.kernel_cmdline = kernel_cmdline;
+ loaderparams.initrd_filename = initrd_filename;
+ kernel_entry = load_kernel (env);
+ write_bootloader(env, memory_region_get_ram_ptr(bios), kernel_entry);
+ } else {
+ if (bios_name == NULL) {
+ bios_name = FULONG_BIOSNAME;
+ }
+ filename = qemu_find_file(QEMU_FILE_TYPE_BIOS, bios_name);
+ if (filename) {
+ bios_size = load_image_targphys(filename, 0x1fc00000LL,
+ BIOS_SIZE);
+ g_free(filename);
+ } else {
+ bios_size = -1;
+ }
+
+ if ((bios_size < 0 || bios_size > BIOS_SIZE) &&
+ !kernel_filename && !qtest_enabled()) {
+ error_report("Could not load MIPS bios '%s'", bios_name);
+ exit(1);
+ }
+ }
+
+ /* Init internal devices */
+ cpu_mips_irq_init_cpu(env);
+ cpu_mips_clock_init(env);
+
+ /* North bridge, Bonito --> IP2 */
+ pci_bus = bonito_init((qemu_irq *)&(env->irq[2]));
+
+ /* South bridge */
+ ide_drive_get(hd, MAX_IDE_BUS);
+
+ isa_bus = vt82c686b_init(pci_bus, PCI_DEVFN(FULONG2E_VIA_SLOT, 0));
+ if (!isa_bus) {
+ fprintf(stderr, "vt82c686b_init error\n");
+ exit(1);
+ }
+
+ /* Interrupt controller */
+ /* The 8259 -> IP5 */
+ i8259 = i8259_init(isa_bus, env->irq[5]);
+ isa_bus_irqs(isa_bus, i8259);
+
+ vt82c686b_ide_init(pci_bus, hd, PCI_DEVFN(FULONG2E_VIA_SLOT, 1));
+ pci_create_simple(pci_bus, PCI_DEVFN(FULONG2E_VIA_SLOT, 2),
+ "vt82c686b-usb-uhci");
+ pci_create_simple(pci_bus, PCI_DEVFN(FULONG2E_VIA_SLOT, 3),
+ "vt82c686b-usb-uhci");
+
+ smbus = vt82c686b_pm_init(pci_bus, PCI_DEVFN(FULONG2E_VIA_SLOT, 4),
+ 0xeee1, NULL);
+ /* TODO: Populate SPD eeprom data. */
+ smbus_eeprom_init(smbus, 1, eeprom_spd, sizeof(eeprom_spd));
+
+ /* init other devices */
+ pit = pit_init(isa_bus, 0x40, 0, NULL);
+ cpu_exit_irq = qemu_allocate_irqs(cpu_request_exit, NULL, 1);
+ DMA_init(0, cpu_exit_irq);
+
+ /* Super I/O */
+ isa_create_simple(isa_bus, "i8042");
+
+ rtc_init(isa_bus, 2000, NULL);
+
+ for(i = 0; i < MAX_SERIAL_PORTS; i++) {
+ if (serial_hds[i]) {
+ serial_isa_init(isa_bus, i, serial_hds[i]);
+ }
+ }
+
+ if (parallel_hds[0]) {
+ parallel_init(isa_bus, 0, parallel_hds[0]);
+ }
+
+ /* Sound card */
+ audio_init(pci_bus);
+ /* Network card */
+ network_init(pci_bus);
+}
+
+static QEMUMachine mips_fulong2e_machine = {
+ .name = "fulong2e",
+ .desc = "Fulong 2e mini pc",
+ .init = mips_fulong2e_init,
+ DEFAULT_MACHINE_OPTIONS,
+};
+
+static void mips_fulong2e_machine_init(void)
+{
+ qemu_register_machine(&mips_fulong2e_machine);
+}
+
+machine_init(mips_fulong2e_machine_init);
diff --git a/hw/mips/mips_int.c b/hw/mips/mips_int.c
new file mode 100644
index 000000000..7dbd24d3d
--- /dev/null
+++ b/hw/mips/mips_int.c
@@ -0,0 +1,67 @@
+/*
+ * QEMU MIPS interrupt support
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+#include "hw/hw.h"
+#include "hw/mips/cpudevs.h"
+#include "cpu.h"
+
+static void cpu_mips_irq_request(void *opaque, int irq, int level)
+{
+ MIPSCPU *cpu = opaque;
+ CPUMIPSState *env = &cpu->env;
+ CPUState *cs = CPU(cpu);
+
+ if (irq < 0 || irq > 7)
+ return;
+
+ if (level) {
+ env->CP0_Cause |= 1 << (irq + CP0Ca_IP);
+ } else {
+ env->CP0_Cause &= ~(1 << (irq + CP0Ca_IP));
+ }
+
+ if (env->CP0_Cause & CP0Ca_IP_mask) {
+ cpu_interrupt(cs, CPU_INTERRUPT_HARD);
+ } else {
+ cpu_reset_interrupt(cs, CPU_INTERRUPT_HARD);
+ }
+}
+
+void cpu_mips_irq_init_cpu(CPUMIPSState *env)
+{
+ qemu_irq *qi;
+ int i;
+
+ qi = qemu_allocate_irqs(cpu_mips_irq_request, mips_env_get_cpu(env), 8);
+ for (i = 0; i < 8; i++) {
+ env->irq[i] = qi[i];
+ }
+}
+
+void cpu_mips_soft_irq(CPUMIPSState *env, int irq, int level)
+{
+ if (irq < 0 || irq > 2) {
+ return;
+ }
+
+ qemu_set_irq(env->irq[irq], level);
+}
diff --git a/hw/mips/mips_jazz.c b/hw/mips/mips_jazz.c
new file mode 100644
index 000000000..d748ded7e
--- /dev/null
+++ b/hw/mips/mips_jazz.c
@@ -0,0 +1,347 @@
+/*
+ * QEMU MIPS Jazz support
+ *
+ * Copyright (c) 2007-2008 Hervé Poussineau
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+#include "hw/hw.h"
+#include "hw/mips/mips.h"
+#include "hw/mips/cpudevs.h"
+#include "hw/i386/pc.h"
+#include "hw/char/serial.h"
+#include "hw/isa/isa.h"
+#include "hw/block/fdc.h"
+#include "sysemu/sysemu.h"
+#include "sysemu/arch_init.h"
+#include "hw/boards.h"
+#include "net/net.h"
+#include "hw/scsi/esp.h"
+#include "hw/mips/bios.h"
+#include "hw/loader.h"
+#include "hw/timer/mc146818rtc.h"
+#include "hw/timer/i8254.h"
+#include "hw/audio/pcspk.h"
+#include "sysemu/blockdev.h"
+#include "hw/sysbus.h"
+#include "exec/address-spaces.h"
+#include "sysemu/qtest.h"
+#include "qemu/error-report.h"
+
+enum jazz_model_e
+{
+ JAZZ_MAGNUM,
+ JAZZ_PICA61,
+};
+
+static void main_cpu_reset(void *opaque)
+{
+ MIPSCPU *cpu = opaque;
+
+ cpu_reset(CPU(cpu));
+}
+
+static uint64_t rtc_read(void *opaque, hwaddr addr, unsigned size)
+{
+ return cpu_inw(0x71);
+}
+
+static void rtc_write(void *opaque, hwaddr addr,
+ uint64_t val, unsigned size)
+{
+ cpu_outw(0x71, val & 0xff);
+}
+
+static const MemoryRegionOps rtc_ops = {
+ .read = rtc_read,
+ .write = rtc_write,
+ .endianness = DEVICE_NATIVE_ENDIAN,
+};
+
+static uint64_t dma_dummy_read(void *opaque, hwaddr addr,
+ unsigned size)
+{
+ /* Nothing to do. That is only to ensure that
+ * the current DMA acknowledge cycle is completed. */
+ return 0xff;
+}
+
+static void dma_dummy_write(void *opaque, hwaddr addr,
+ uint64_t val, unsigned size)
+{
+ /* Nothing to do. That is only to ensure that
+ * the current DMA acknowledge cycle is completed. */
+}
+
+static const MemoryRegionOps dma_dummy_ops = {
+ .read = dma_dummy_read,
+ .write = dma_dummy_write,
+ .endianness = DEVICE_NATIVE_ENDIAN,
+};
+
+#define MAGNUM_BIOS_SIZE_MAX 0x7e000
+#define MAGNUM_BIOS_SIZE (BIOS_SIZE < MAGNUM_BIOS_SIZE_MAX ? BIOS_SIZE : MAGNUM_BIOS_SIZE_MAX)
+
+static void cpu_request_exit(void *opaque, int irq, int level)
+{
+ CPUState *cpu = current_cpu;
+
+ if (cpu && level) {
+ cpu_exit(cpu);
+ }
+}
+
+static void mips_jazz_init(MemoryRegion *address_space,
+ MemoryRegion *address_space_io,
+ ram_addr_t ram_size,
+ const char *cpu_model,
+ enum jazz_model_e jazz_model)
+{
+ char *filename;
+ int bios_size, n;
+ MIPSCPU *cpu;
+ CPUMIPSState *env;
+ qemu_irq *rc4030, *i8259;
+ rc4030_dma *dmas;
+ void* rc4030_opaque;
+ MemoryRegion *isa = g_new(MemoryRegion, 1);
+ MemoryRegion *rtc = g_new(MemoryRegion, 1);
+ MemoryRegion *i8042 = g_new(MemoryRegion, 1);
+ MemoryRegion *dma_dummy = g_new(MemoryRegion, 1);
+ NICInfo *nd;
+ DeviceState *dev;
+ SysBusDevice *sysbus;
+ ISABus *isa_bus;
+ ISADevice *pit;
+ DriveInfo *fds[MAX_FD];
+ qemu_irq esp_reset, dma_enable;
+ qemu_irq *cpu_exit_irq;
+ MemoryRegion *ram = g_new(MemoryRegion, 1);
+ MemoryRegion *bios = g_new(MemoryRegion, 1);
+ MemoryRegion *bios2 = g_new(MemoryRegion, 1);
+
+ /* init CPUs */
+ if (cpu_model == NULL) {
+#ifdef TARGET_MIPS64
+ cpu_model = "R4000";
+#else
+ /* FIXME: All wrong, this maybe should be R3000 for the older JAZZs. */
+ cpu_model = "24Kf";
+#endif
+ }
+ cpu = cpu_mips_init(cpu_model);
+ if (cpu == NULL) {
+ fprintf(stderr, "Unable to find CPU definition\n");
+ exit(1);
+ }
+ env = &cpu->env;
+ qemu_register_reset(main_cpu_reset, cpu);
+
+ /* allocate RAM */
+ memory_region_init_ram(ram, NULL, "mips_jazz.ram", ram_size);
+ vmstate_register_ram_global(ram);
+ memory_region_add_subregion(address_space, 0, ram);
+
+ memory_region_init_ram(bios, NULL, "mips_jazz.bios", MAGNUM_BIOS_SIZE);
+ vmstate_register_ram_global(bios);
+ memory_region_set_readonly(bios, true);
+ memory_region_init_alias(bios2, NULL, "mips_jazz.bios", bios,
+ 0, MAGNUM_BIOS_SIZE);
+ memory_region_add_subregion(address_space, 0x1fc00000LL, bios);
+ memory_region_add_subregion(address_space, 0xfff00000LL, bios2);
+
+ /* load the BIOS image. */
+ if (bios_name == NULL)
+ bios_name = BIOS_FILENAME;
+ filename = qemu_find_file(QEMU_FILE_TYPE_BIOS, bios_name);
+ if (filename) {
+ bios_size = load_image_targphys(filename, 0xfff00000LL,
+ MAGNUM_BIOS_SIZE);
+ g_free(filename);
+ } else {
+ bios_size = -1;
+ }
+ if ((bios_size < 0 || bios_size > MAGNUM_BIOS_SIZE) && !qtest_enabled()) {
+ error_report("Could not load MIPS bios '%s'", bios_name);
+ exit(1);
+ }
+
+ /* Init CPU internal devices */
+ cpu_mips_irq_init_cpu(env);
+ cpu_mips_clock_init(env);
+
+ /* Chipset */
+ rc4030_opaque = rc4030_init(env->irq[6], env->irq[3], &rc4030, &dmas,
+ address_space);
+ memory_region_init_io(dma_dummy, NULL, &dma_dummy_ops, NULL, "dummy_dma", 0x1000);
+ memory_region_add_subregion(address_space, 0x8000d000, dma_dummy);
+
+ /* ISA devices */
+ isa_bus = isa_bus_new(NULL, address_space_io);
+ i8259 = i8259_init(isa_bus, env->irq[4]);
+ isa_bus_irqs(isa_bus, i8259);
+ cpu_exit_irq = qemu_allocate_irqs(cpu_request_exit, NULL, 1);
+ DMA_init(0, cpu_exit_irq);
+ pit = pit_init(isa_bus, 0x40, 0, NULL);
+ pcspk_init(isa_bus, pit);
+
+ /* ISA IO space at 0x90000000 */
+ memory_region_init_alias(isa, NULL, "isa_mmio",
+ get_system_io(), 0, 0x01000000);
+ memory_region_add_subregion(address_space, 0x90000000, isa);
+ isa_mem_base = 0x11000000;
+
+ /* Video card */
+ switch (jazz_model) {
+ case JAZZ_MAGNUM:
+ dev = qdev_create(NULL, "sysbus-g364");
+ qdev_init_nofail(dev);
+ sysbus = SYS_BUS_DEVICE(dev);
+ sysbus_mmio_map(sysbus, 0, 0x60080000);
+ sysbus_mmio_map(sysbus, 1, 0x40000000);
+ sysbus_connect_irq(sysbus, 0, rc4030[3]);
+ {
+ /* Simple ROM, so user doesn't have to provide one */
+ MemoryRegion *rom_mr = g_new(MemoryRegion, 1);
+ memory_region_init_ram(rom_mr, NULL, "g364fb.rom", 0x80000);
+ vmstate_register_ram_global(rom_mr);
+ memory_region_set_readonly(rom_mr, true);
+ uint8_t *rom = memory_region_get_ram_ptr(rom_mr);
+ memory_region_add_subregion(address_space, 0x60000000, rom_mr);
+ rom[0] = 0x10; /* Mips G364 */
+ }
+ break;
+ case JAZZ_PICA61:
+ isa_vga_mm_init(0x40000000, 0x60000000, 0, get_system_memory());
+ break;
+ default:
+ break;
+ }
+
+ /* Network controller */
+ for (n = 0; n < nb_nics; n++) {
+ nd = &nd_table[n];
+ if (!nd->model)
+ nd->model = g_strdup("dp83932");
+ if (strcmp(nd->model, "dp83932") == 0) {
+ dp83932_init(nd, 0x80001000, 2, get_system_memory(), rc4030[4],
+ rc4030_opaque, rc4030_dma_memory_rw);
+ break;
+ } else if (is_help_option(nd->model)) {
+ fprintf(stderr, "qemu: Supported NICs: dp83932\n");
+ exit(1);
+ } else {
+ fprintf(stderr, "qemu: Unsupported NIC: %s\n", nd->model);
+ exit(1);
+ }
+ }
+
+ /* SCSI adapter */
+ esp_init(0x80002000, 0,
+ rc4030_dma_read, rc4030_dma_write, dmas[0],
+ rc4030[5], &esp_reset, &dma_enable);
+
+ /* Floppy */
+ if (drive_get_max_bus(IF_FLOPPY) >= MAX_FD) {
+ fprintf(stderr, "qemu: too many floppy drives\n");
+ exit(1);
+ }
+ for (n = 0; n < MAX_FD; n++) {
+ fds[n] = drive_get(IF_FLOPPY, 0, n);
+ }
+ fdctrl_init_sysbus(rc4030[1], 0, 0x80003000, fds);
+
+ /* Real time clock */
+ rtc_init(isa_bus, 1980, NULL);
+ memory_region_init_io(rtc, NULL, &rtc_ops, NULL, "rtc", 0x1000);
+ memory_region_add_subregion(address_space, 0x80004000, rtc);
+
+ /* Keyboard (i8042) */
+ i8042_mm_init(rc4030[6], rc4030[7], i8042, 0x1000, 0x1);
+ memory_region_add_subregion(address_space, 0x80005000, i8042);
+
+ /* Serial ports */
+ if (serial_hds[0]) {
+ serial_mm_init(address_space, 0x80006000, 0, rc4030[8], 8000000/16,
+ serial_hds[0], DEVICE_NATIVE_ENDIAN);
+ }
+ if (serial_hds[1]) {
+ serial_mm_init(address_space, 0x80007000, 0, rc4030[9], 8000000/16,
+ serial_hds[1], DEVICE_NATIVE_ENDIAN);
+ }
+
+ /* Parallel port */
+ if (parallel_hds[0])
+ parallel_mm_init(address_space, 0x80008000, 0, rc4030[0],
+ parallel_hds[0]);
+
+ /* FIXME: missing Jazz sound at 0x8000c000, rc4030[2] */
+
+ /* NVRAM */
+ dev = qdev_create(NULL, "ds1225y");
+ qdev_init_nofail(dev);
+ sysbus = SYS_BUS_DEVICE(dev);
+ sysbus_mmio_map(sysbus, 0, 0x80009000);
+
+ /* LED indicator */
+ sysbus_create_simple("jazz-led", 0x8000f000, NULL);
+}
+
+static
+void mips_magnum_init(QEMUMachineInitArgs *args)
+{
+ ram_addr_t ram_size = args->ram_size;
+ const char *cpu_model = args->cpu_model;
+ mips_jazz_init(get_system_memory(), get_system_io(),
+ ram_size, cpu_model, JAZZ_MAGNUM);
+}
+
+static
+void mips_pica61_init(QEMUMachineInitArgs *args)
+{
+ ram_addr_t ram_size = args->ram_size;
+ const char *cpu_model = args->cpu_model;
+ mips_jazz_init(get_system_memory(), get_system_io(),
+ ram_size, cpu_model, JAZZ_PICA61);
+}
+
+static QEMUMachine mips_magnum_machine = {
+ .name = "magnum",
+ .desc = "MIPS Magnum",
+ .init = mips_magnum_init,
+ .block_default_type = IF_SCSI,
+ DEFAULT_MACHINE_OPTIONS,
+};
+
+static QEMUMachine mips_pica61_machine = {
+ .name = "pica61",
+ .desc = "Acer Pica 61",
+ .init = mips_pica61_init,
+ .block_default_type = IF_SCSI,
+ DEFAULT_MACHINE_OPTIONS,
+};
+
+static void mips_jazz_machine_init(void)
+{
+ qemu_register_machine(&mips_magnum_machine);
+ qemu_register_machine(&mips_pica61_machine);
+}
+
+machine_init(mips_jazz_machine_init);
diff --git a/hw/mips/mips_malta.c b/hw/mips/mips_malta.c
new file mode 100644
index 000000000..f8d064cec
--- /dev/null
+++ b/hw/mips/mips_malta.c
@@ -0,0 +1,1153 @@
+/*
+ * QEMU Malta board support
+ *
+ * Copyright (c) 2006 Aurelien Jarno
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+#include "hw/hw.h"
+#include "hw/i386/pc.h"
+#include "hw/char/serial.h"
+#include "hw/block/fdc.h"
+#include "net/net.h"
+#include "hw/boards.h"
+#include "hw/i2c/smbus.h"
+#include "block/block.h"
+#include "hw/block/flash.h"
+#include "hw/mips/mips.h"
+#include "hw/mips/cpudevs.h"
+#include "hw/pci/pci.h"
+#include "sysemu/char.h"
+#include "sysemu/sysemu.h"
+#include "sysemu/arch_init.h"
+#include "qemu/log.h"
+#include "hw/mips/bios.h"
+#include "hw/ide.h"
+#include "hw/loader.h"
+#include "elf.h"
+#include "hw/timer/mc146818rtc.h"
+#include "hw/timer/i8254.h"
+#include "sysemu/blockdev.h"
+#include "exec/address-spaces.h"
+#include "hw/sysbus.h" /* SysBusDevice */
+#include "qemu/host-utils.h"
+#include "sysemu/qtest.h"
+#include "qemu/error-report.h"
+#include "hw/empty_slot.h"
+
+//#define DEBUG_BOARD_INIT
+
+#define ENVP_ADDR 0x80002000l
+#define ENVP_NB_ENTRIES 16
+#define ENVP_ENTRY_SIZE 256
+
+/* Hardware addresses */
+#define FLASH_ADDRESS 0x1e000000ULL
+#define FPGA_ADDRESS 0x1f000000ULL
+#define RESET_ADDRESS 0x1fc00000ULL
+
+#define FLASH_SIZE 0x400000
+
+#define MAX_IDE_BUS 2
+
+typedef struct {
+ MemoryRegion iomem;
+ MemoryRegion iomem_lo; /* 0 - 0x900 */
+ MemoryRegion iomem_hi; /* 0xa00 - 0x100000 */
+ uint32_t leds;
+ uint32_t brk;
+ uint32_t gpout;
+ uint32_t i2cin;
+ uint32_t i2coe;
+ uint32_t i2cout;
+ uint32_t i2csel;
+ CharDriverState *display;
+ char display_text[9];
+ SerialState *uart;
+} MaltaFPGAState;
+
+#define TYPE_MIPS_MALTA "mips-malta"
+#define MIPS_MALTA(obj) OBJECT_CHECK(MaltaState, (obj), TYPE_MIPS_MALTA)
+
+typedef struct {
+ SysBusDevice parent_obj;
+
+ qemu_irq *i8259;
+} MaltaState;
+
+static ISADevice *pit;
+
+static struct _loaderparams {
+ int ram_size;
+ const char *kernel_filename;
+ const char *kernel_cmdline;
+ const char *initrd_filename;
+} loaderparams;
+
+/* Malta FPGA */
+static void malta_fpga_update_display(void *opaque)
+{
+ char leds_text[9];
+ int i;
+ MaltaFPGAState *s = opaque;
+
+ for (i = 7 ; i >= 0 ; i--) {
+ if (s->leds & (1 << i))
+ leds_text[i] = '#';
+ else
+ leds_text[i] = ' ';
+ }
+ leds_text[8] = '\0';
+
+ qemu_chr_fe_printf(s->display, "\e[H\n\n|\e[32m%-8.8s\e[00m|\r\n", leds_text);
+ qemu_chr_fe_printf(s->display, "\n\n\n\n|\e[31m%-8.8s\e[00m|", s->display_text);
+}
+
+/*
+ * EEPROM 24C01 / 24C02 emulation.
+ *
+ * Emulation for serial EEPROMs:
+ * 24C01 - 1024 bit (128 x 8)
+ * 24C02 - 2048 bit (256 x 8)
+ *
+ * Typical device names include Microchip 24C02SC or SGS Thomson ST24C02.
+ */
+
+//~ #define DEBUG
+
+#if defined(DEBUG)
+# define logout(fmt, ...) fprintf(stderr, "MALTA\t%-24s" fmt, __func__, ## __VA_ARGS__)
+#else
+# define logout(fmt, ...) ((void)0)
+#endif
+
+struct _eeprom24c0x_t {
+ uint8_t tick;
+ uint8_t address;
+ uint8_t command;
+ uint8_t ack;
+ uint8_t scl;
+ uint8_t sda;
+ uint8_t data;
+ //~ uint16_t size;
+ uint8_t contents[256];
+};
+
+typedef struct _eeprom24c0x_t eeprom24c0x_t;
+
+static eeprom24c0x_t spd_eeprom = {
+ .contents = {
+ /* 00000000: */ 0x80,0x08,0xFF,0x0D,0x0A,0xFF,0x40,0x00,
+ /* 00000008: */ 0x01,0x75,0x54,0x00,0x82,0x08,0x00,0x01,
+ /* 00000010: */ 0x8F,0x04,0x02,0x01,0x01,0x00,0x00,0x00,
+ /* 00000018: */ 0x00,0x00,0x00,0x14,0x0F,0x14,0x2D,0xFF,
+ /* 00000020: */ 0x15,0x08,0x15,0x08,0x00,0x00,0x00,0x00,
+ /* 00000028: */ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+ /* 00000030: */ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+ /* 00000038: */ 0x00,0x00,0x00,0x00,0x00,0x00,0x12,0xD0,
+ /* 00000040: */ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+ /* 00000048: */ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+ /* 00000050: */ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+ /* 00000058: */ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+ /* 00000060: */ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+ /* 00000068: */ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+ /* 00000070: */ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+ /* 00000078: */ 0x00,0x00,0x00,0x00,0x00,0x00,0x64,0xF4,
+ },
+};
+
+static void generate_eeprom_spd(uint8_t *eeprom, ram_addr_t ram_size)
+{
+ enum { SDR = 0x4, DDR2 = 0x8 } type;
+ uint8_t *spd = spd_eeprom.contents;
+ uint8_t nbanks = 0;
+ uint16_t density = 0;
+ int i;
+
+ /* work in terms of MB */
+ ram_size >>= 20;
+
+ while ((ram_size >= 4) && (nbanks <= 2)) {
+ int sz_log2 = MIN(31 - clz32(ram_size), 14);
+ nbanks++;
+ density |= 1 << (sz_log2 - 2);
+ ram_size -= 1 << sz_log2;
+ }
+
+ /* split to 2 banks if possible */
+ if ((nbanks == 1) && (density > 1)) {
+ nbanks++;
+ density >>= 1;
+ }
+
+ if (density & 0xff00) {
+ density = (density & 0xe0) | ((density >> 8) & 0x1f);
+ type = DDR2;
+ } else if (!(density & 0x1f)) {
+ type = DDR2;
+ } else {
+ type = SDR;
+ }
+
+ if (ram_size) {
+ fprintf(stderr, "Warning: SPD cannot represent final %dMB"
+ " of SDRAM\n", (int)ram_size);
+ }
+
+ /* fill in SPD memory information */
+ spd[2] = type;
+ spd[5] = nbanks;
+ spd[31] = density;
+
+ /* checksum */
+ spd[63] = 0;
+ for (i = 0; i < 63; i++) {
+ spd[63] += spd[i];
+ }
+
+ /* copy for SMBUS */
+ memcpy(eeprom, spd, sizeof(spd_eeprom.contents));
+}
+
+static void generate_eeprom_serial(uint8_t *eeprom)
+{
+ int i, pos = 0;
+ uint8_t mac[6] = { 0x00 };
+ uint8_t sn[5] = { 0x01, 0x23, 0x45, 0x67, 0x89 };
+
+ /* version */
+ eeprom[pos++] = 0x01;
+
+ /* count */
+ eeprom[pos++] = 0x02;
+
+ /* MAC address */
+ eeprom[pos++] = 0x01; /* MAC */
+ eeprom[pos++] = 0x06; /* length */
+ memcpy(&eeprom[pos], mac, sizeof(mac));
+ pos += sizeof(mac);
+
+ /* serial number */
+ eeprom[pos++] = 0x02; /* serial */
+ eeprom[pos++] = 0x05; /* length */
+ memcpy(&eeprom[pos], sn, sizeof(sn));
+ pos += sizeof(sn);
+
+ /* checksum */
+ eeprom[pos] = 0;
+ for (i = 0; i < pos; i++) {
+ eeprom[pos] += eeprom[i];
+ }
+}
+
+static uint8_t eeprom24c0x_read(eeprom24c0x_t *eeprom)
+{
+ logout("%u: scl = %u, sda = %u, data = 0x%02x\n",
+ eeprom->tick, eeprom->scl, eeprom->sda, eeprom->data);
+ return eeprom->sda;
+}
+
+static void eeprom24c0x_write(eeprom24c0x_t *eeprom, int scl, int sda)
+{
+ if (eeprom->scl && scl && (eeprom->sda != sda)) {
+ logout("%u: scl = %u->%u, sda = %u->%u i2c %s\n",
+ eeprom->tick, eeprom->scl, scl, eeprom->sda, sda,
+ sda ? "stop" : "start");
+ if (!sda) {
+ eeprom->tick = 1;
+ eeprom->command = 0;
+ }
+ } else if (eeprom->tick == 0 && !eeprom->ack) {
+ /* Waiting for start. */
+ logout("%u: scl = %u->%u, sda = %u->%u wait for i2c start\n",
+ eeprom->tick, eeprom->scl, scl, eeprom->sda, sda);
+ } else if (!eeprom->scl && scl) {
+ logout("%u: scl = %u->%u, sda = %u->%u trigger bit\n",
+ eeprom->tick, eeprom->scl, scl, eeprom->sda, sda);
+ if (eeprom->ack) {
+ logout("\ti2c ack bit = 0\n");
+ sda = 0;
+ eeprom->ack = 0;
+ } else if (eeprom->sda == sda) {
+ uint8_t bit = (sda != 0);
+ logout("\ti2c bit = %d\n", bit);
+ if (eeprom->tick < 9) {
+ eeprom->command <<= 1;
+ eeprom->command += bit;
+ eeprom->tick++;
+ if (eeprom->tick == 9) {
+ logout("\tcommand 0x%04x, %s\n", eeprom->command,
+ bit ? "read" : "write");
+ eeprom->ack = 1;
+ }
+ } else if (eeprom->tick < 17) {
+ if (eeprom->command & 1) {
+ sda = ((eeprom->data & 0x80) != 0);
+ }
+ eeprom->address <<= 1;
+ eeprom->address += bit;
+ eeprom->tick++;
+ eeprom->data <<= 1;
+ if (eeprom->tick == 17) {
+ eeprom->data = eeprom->contents[eeprom->address];
+ logout("\taddress 0x%04x, data 0x%02x\n",
+ eeprom->address, eeprom->data);
+ eeprom->ack = 1;
+ eeprom->tick = 0;
+ }
+ } else if (eeprom->tick >= 17) {
+ sda = 0;
+ }
+ } else {
+ logout("\tsda changed with raising scl\n");
+ }
+ } else {
+ logout("%u: scl = %u->%u, sda = %u->%u\n", eeprom->tick, eeprom->scl,
+ scl, eeprom->sda, sda);
+ }
+ eeprom->scl = scl;
+ eeprom->sda = sda;
+}
+
+static uint64_t malta_fpga_read(void *opaque, hwaddr addr,
+ unsigned size)
+{
+ MaltaFPGAState *s = opaque;
+ uint32_t val = 0;
+ uint32_t saddr;
+
+ saddr = (addr & 0xfffff);
+
+ switch (saddr) {
+
+ /* SWITCH Register */
+ case 0x00200:
+ val = 0x00000000; /* All switches closed */
+ break;
+
+ /* STATUS Register */
+ case 0x00208:
+#ifdef TARGET_WORDS_BIGENDIAN
+ val = 0x00000012;
+#else
+ val = 0x00000010;
+#endif
+ break;
+
+ /* JMPRS Register */
+ case 0x00210:
+ val = 0x00;
+ break;
+
+ /* LEDBAR Register */
+ case 0x00408:
+ val = s->leds;
+ break;
+
+ /* BRKRES Register */
+ case 0x00508:
+ val = s->brk;
+ break;
+
+ /* UART Registers are handled directly by the serial device */
+
+ /* GPOUT Register */
+ case 0x00a00:
+ val = s->gpout;
+ break;
+
+ /* XXX: implement a real I2C controller */
+
+ /* GPINP Register */
+ case 0x00a08:
+ /* IN = OUT until a real I2C control is implemented */
+ if (s->i2csel)
+ val = s->i2cout;
+ else
+ val = 0x00;
+ break;
+
+ /* I2CINP Register */
+ case 0x00b00:
+ val = ((s->i2cin & ~1) | eeprom24c0x_read(&spd_eeprom));
+ break;
+
+ /* I2COE Register */
+ case 0x00b08:
+ val = s->i2coe;
+ break;
+
+ /* I2COUT Register */
+ case 0x00b10:
+ val = s->i2cout;
+ break;
+
+ /* I2CSEL Register */
+ case 0x00b18:
+ val = s->i2csel;
+ break;
+
+ default:
+#if 0
+ printf ("malta_fpga_read: Bad register offset 0x" TARGET_FMT_lx "\n",
+ addr);
+#endif
+ break;
+ }
+ return val;
+}
+
+static void malta_fpga_write(void *opaque, hwaddr addr,
+ uint64_t val, unsigned size)
+{
+ MaltaFPGAState *s = opaque;
+ uint32_t saddr;
+
+ saddr = (addr & 0xfffff);
+
+ switch (saddr) {
+
+ /* SWITCH Register */
+ case 0x00200:
+ break;
+
+ /* JMPRS Register */
+ case 0x00210:
+ break;
+
+ /* LEDBAR Register */
+ case 0x00408:
+ s->leds = val & 0xff;
+ malta_fpga_update_display(s);
+ break;
+
+ /* ASCIIWORD Register */
+ case 0x00410:
+ snprintf(s->display_text, 9, "%08X", (uint32_t)val);
+ malta_fpga_update_display(s);
+ break;
+
+ /* ASCIIPOS0 to ASCIIPOS7 Registers */
+ case 0x00418:
+ case 0x00420:
+ case 0x00428:
+ case 0x00430:
+ case 0x00438:
+ case 0x00440:
+ case 0x00448:
+ case 0x00450:
+ s->display_text[(saddr - 0x00418) >> 3] = (char) val;
+ malta_fpga_update_display(s);
+ break;
+
+ /* SOFTRES Register */
+ case 0x00500:
+ if (val == 0x42)
+ qemu_system_reset_request ();
+ break;
+
+ /* BRKRES Register */
+ case 0x00508:
+ s->brk = val & 0xff;
+ break;
+
+ /* UART Registers are handled directly by the serial device */
+
+ /* GPOUT Register */
+ case 0x00a00:
+ s->gpout = val & 0xff;
+ break;
+
+ /* I2COE Register */
+ case 0x00b08:
+ s->i2coe = val & 0x03;
+ break;
+
+ /* I2COUT Register */
+ case 0x00b10:
+ eeprom24c0x_write(&spd_eeprom, val & 0x02, val & 0x01);
+ s->i2cout = val;
+ break;
+
+ /* I2CSEL Register */
+ case 0x00b18:
+ s->i2csel = val & 0x01;
+ break;
+
+ default:
+#if 0
+ printf ("malta_fpga_write: Bad register offset 0x" TARGET_FMT_lx "\n",
+ addr);
+#endif
+ break;
+ }
+}
+
+static const MemoryRegionOps malta_fpga_ops = {
+ .read = malta_fpga_read,
+ .write = malta_fpga_write,
+ .endianness = DEVICE_NATIVE_ENDIAN,
+};
+
+static void malta_fpga_reset(void *opaque)
+{
+ MaltaFPGAState *s = opaque;
+
+ s->leds = 0x00;
+ s->brk = 0x0a;
+ s->gpout = 0x00;
+ s->i2cin = 0x3;
+ s->i2coe = 0x0;
+ s->i2cout = 0x3;
+ s->i2csel = 0x1;
+
+ s->display_text[8] = '\0';
+ snprintf(s->display_text, 9, " ");
+}
+
+static void malta_fpga_led_init(CharDriverState *chr)
+{
+ qemu_chr_fe_printf(chr, "\e[HMalta LEDBAR\r\n");
+ qemu_chr_fe_printf(chr, "+--------+\r\n");
+ qemu_chr_fe_printf(chr, "+ +\r\n");
+ qemu_chr_fe_printf(chr, "+--------+\r\n");
+ qemu_chr_fe_printf(chr, "\n");
+ qemu_chr_fe_printf(chr, "Malta ASCII\r\n");
+ qemu_chr_fe_printf(chr, "+--------+\r\n");
+ qemu_chr_fe_printf(chr, "+ +\r\n");
+ qemu_chr_fe_printf(chr, "+--------+\r\n");
+}
+
+static MaltaFPGAState *malta_fpga_init(MemoryRegion *address_space,
+ hwaddr base, qemu_irq uart_irq, CharDriverState *uart_chr)
+{
+ MaltaFPGAState *s;
+
+ s = (MaltaFPGAState *)g_malloc0(sizeof(MaltaFPGAState));
+
+ memory_region_init_io(&s->iomem, NULL, &malta_fpga_ops, s,
+ "malta-fpga", 0x100000);
+ memory_region_init_alias(&s->iomem_lo, NULL, "malta-fpga",
+ &s->iomem, 0, 0x900);
+ memory_region_init_alias(&s->iomem_hi, NULL, "malta-fpga",
+ &s->iomem, 0xa00, 0x10000-0xa00);
+
+ memory_region_add_subregion(address_space, base, &s->iomem_lo);
+ memory_region_add_subregion(address_space, base + 0xa00, &s->iomem_hi);
+
+ s->display = qemu_chr_new("fpga", "vc:320x200", malta_fpga_led_init);
+
+ s->uart = serial_mm_init(address_space, base + 0x900, 3, uart_irq,
+ 230400, uart_chr, DEVICE_NATIVE_ENDIAN);
+
+ malta_fpga_reset(s);
+ qemu_register_reset(malta_fpga_reset, s);
+
+ return s;
+}
+
+/* Network support */
+static void network_init(PCIBus *pci_bus)
+{
+ int i;
+
+ for(i = 0; i < nb_nics; i++) {
+ NICInfo *nd = &nd_table[i];
+ const char *default_devaddr = NULL;
+
+ if (i == 0 && (!nd->model || strcmp(nd->model, "pcnet") == 0))
+ /* The malta board has a PCNet card using PCI SLOT 11 */
+ default_devaddr = "0b";
+
+ pci_nic_init_nofail(nd, pci_bus, "pcnet", default_devaddr);
+ }
+}
+
+/* ROM and pseudo bootloader
+
+ The following code implements a very very simple bootloader. It first
+ loads the registers a0 to a3 to the values expected by the OS, and
+ then jump at the kernel address.
+
+ The bootloader should pass the locations of the kernel arguments and
+ environment variables tables. Those tables contain the 32-bit address
+ of NULL terminated strings. The environment variables table should be
+ terminated by a NULL address.
+
+ For a simpler implementation, the number of kernel arguments is fixed
+ to two (the name of the kernel and the command line), and the two
+ tables are actually the same one.
+
+ The registers a0 to a3 should contain the following values:
+ a0 - number of kernel arguments
+ a1 - 32-bit address of the kernel arguments table
+ a2 - 32-bit address of the environment variables table
+ a3 - RAM size in bytes
+*/
+
+static void write_bootloader (CPUMIPSState *env, uint8_t *base,
+ int64_t kernel_entry)
+{
+ uint32_t *p;
+
+ /* Small bootloader */
+ p = (uint32_t *)base;
+ stl_raw(p++, 0x0bf00160); /* j 0x1fc00580 */
+ stl_raw(p++, 0x00000000); /* nop */
+
+ /* YAMON service vector */
+ stl_raw(base + 0x500, 0xbfc00580); /* start: */
+ stl_raw(base + 0x504, 0xbfc0083c); /* print_count: */
+ stl_raw(base + 0x520, 0xbfc00580); /* start: */
+ stl_raw(base + 0x52c, 0xbfc00800); /* flush_cache: */
+ stl_raw(base + 0x534, 0xbfc00808); /* print: */
+ stl_raw(base + 0x538, 0xbfc00800); /* reg_cpu_isr: */
+ stl_raw(base + 0x53c, 0xbfc00800); /* unred_cpu_isr: */
+ stl_raw(base + 0x540, 0xbfc00800); /* reg_ic_isr: */
+ stl_raw(base + 0x544, 0xbfc00800); /* unred_ic_isr: */
+ stl_raw(base + 0x548, 0xbfc00800); /* reg_esr: */
+ stl_raw(base + 0x54c, 0xbfc00800); /* unreg_esr: */
+ stl_raw(base + 0x550, 0xbfc00800); /* getchar: */
+ stl_raw(base + 0x554, 0xbfc00800); /* syscon_read: */
+
+
+ /* Second part of the bootloader */
+ p = (uint32_t *) (base + 0x580);
+ stl_raw(p++, 0x24040002); /* addiu a0, zero, 2 */
+ stl_raw(p++, 0x3c1d0000 | (((ENVP_ADDR - 64) >> 16) & 0xffff)); /* lui sp, high(ENVP_ADDR) */
+ stl_raw(p++, 0x37bd0000 | ((ENVP_ADDR - 64) & 0xffff)); /* ori sp, sp, low(ENVP_ADDR) */
+ stl_raw(p++, 0x3c050000 | ((ENVP_ADDR >> 16) & 0xffff)); /* lui a1, high(ENVP_ADDR) */
+ stl_raw(p++, 0x34a50000 | (ENVP_ADDR & 0xffff)); /* ori a1, a1, low(ENVP_ADDR) */
+ stl_raw(p++, 0x3c060000 | (((ENVP_ADDR + 8) >> 16) & 0xffff)); /* lui a2, high(ENVP_ADDR + 8) */
+ stl_raw(p++, 0x34c60000 | ((ENVP_ADDR + 8) & 0xffff)); /* ori a2, a2, low(ENVP_ADDR + 8) */
+ stl_raw(p++, 0x3c070000 | (loaderparams.ram_size >> 16)); /* lui a3, high(ram_size) */
+ stl_raw(p++, 0x34e70000 | (loaderparams.ram_size & 0xffff)); /* ori a3, a3, low(ram_size) */
+
+ /* Load BAR registers as done by YAMON */
+ stl_raw(p++, 0x3c09b400); /* lui t1, 0xb400 */
+
+#ifdef TARGET_WORDS_BIGENDIAN
+ stl_raw(p++, 0x3c08df00); /* lui t0, 0xdf00 */
+#else
+ stl_raw(p++, 0x340800df); /* ori t0, r0, 0x00df */
+#endif
+ stl_raw(p++, 0xad280068); /* sw t0, 0x0068(t1) */
+
+ stl_raw(p++, 0x3c09bbe0); /* lui t1, 0xbbe0 */
+
+#ifdef TARGET_WORDS_BIGENDIAN
+ stl_raw(p++, 0x3c08c000); /* lui t0, 0xc000 */
+#else
+ stl_raw(p++, 0x340800c0); /* ori t0, r0, 0x00c0 */
+#endif
+ stl_raw(p++, 0xad280048); /* sw t0, 0x0048(t1) */
+#ifdef TARGET_WORDS_BIGENDIAN
+ stl_raw(p++, 0x3c084000); /* lui t0, 0x4000 */
+#else
+ stl_raw(p++, 0x34080040); /* ori t0, r0, 0x0040 */
+#endif
+ stl_raw(p++, 0xad280050); /* sw t0, 0x0050(t1) */
+
+#ifdef TARGET_WORDS_BIGENDIAN
+ stl_raw(p++, 0x3c088000); /* lui t0, 0x8000 */
+#else
+ stl_raw(p++, 0x34080080); /* ori t0, r0, 0x0080 */
+#endif
+ stl_raw(p++, 0xad280058); /* sw t0, 0x0058(t1) */
+#ifdef TARGET_WORDS_BIGENDIAN
+ stl_raw(p++, 0x3c083f00); /* lui t0, 0x3f00 */
+#else
+ stl_raw(p++, 0x3408003f); /* ori t0, r0, 0x003f */
+#endif
+ stl_raw(p++, 0xad280060); /* sw t0, 0x0060(t1) */
+
+#ifdef TARGET_WORDS_BIGENDIAN
+ stl_raw(p++, 0x3c08c100); /* lui t0, 0xc100 */
+#else
+ stl_raw(p++, 0x340800c1); /* ori t0, r0, 0x00c1 */
+#endif
+ stl_raw(p++, 0xad280080); /* sw t0, 0x0080(t1) */
+#ifdef TARGET_WORDS_BIGENDIAN
+ stl_raw(p++, 0x3c085e00); /* lui t0, 0x5e00 */
+#else
+ stl_raw(p++, 0x3408005e); /* ori t0, r0, 0x005e */
+#endif
+ stl_raw(p++, 0xad280088); /* sw t0, 0x0088(t1) */
+
+ /* Jump to kernel code */
+ stl_raw(p++, 0x3c1f0000 | ((kernel_entry >> 16) & 0xffff)); /* lui ra, high(kernel_entry) */
+ stl_raw(p++, 0x37ff0000 | (kernel_entry & 0xffff)); /* ori ra, ra, low(kernel_entry) */
+ stl_raw(p++, 0x03e00008); /* jr ra */
+ stl_raw(p++, 0x00000000); /* nop */
+
+ /* YAMON subroutines */
+ p = (uint32_t *) (base + 0x800);
+ stl_raw(p++, 0x03e00008); /* jr ra */
+ stl_raw(p++, 0x24020000); /* li v0,0 */
+ /* 808 YAMON print */
+ stl_raw(p++, 0x03e06821); /* move t5,ra */
+ stl_raw(p++, 0x00805821); /* move t3,a0 */
+ stl_raw(p++, 0x00a05021); /* move t2,a1 */
+ stl_raw(p++, 0x91440000); /* lbu a0,0(t2) */
+ stl_raw(p++, 0x254a0001); /* addiu t2,t2,1 */
+ stl_raw(p++, 0x10800005); /* beqz a0,834 */
+ stl_raw(p++, 0x00000000); /* nop */
+ stl_raw(p++, 0x0ff0021c); /* jal 870 */
+ stl_raw(p++, 0x00000000); /* nop */
+ stl_raw(p++, 0x08000205); /* j 814 */
+ stl_raw(p++, 0x00000000); /* nop */
+ stl_raw(p++, 0x01a00008); /* jr t5 */
+ stl_raw(p++, 0x01602021); /* move a0,t3 */
+ /* 0x83c YAMON print_count */
+ stl_raw(p++, 0x03e06821); /* move t5,ra */
+ stl_raw(p++, 0x00805821); /* move t3,a0 */
+ stl_raw(p++, 0x00a05021); /* move t2,a1 */
+ stl_raw(p++, 0x00c06021); /* move t4,a2 */
+ stl_raw(p++, 0x91440000); /* lbu a0,0(t2) */
+ stl_raw(p++, 0x0ff0021c); /* jal 870 */
+ stl_raw(p++, 0x00000000); /* nop */
+ stl_raw(p++, 0x254a0001); /* addiu t2,t2,1 */
+ stl_raw(p++, 0x258cffff); /* addiu t4,t4,-1 */
+ stl_raw(p++, 0x1580fffa); /* bnez t4,84c */
+ stl_raw(p++, 0x00000000); /* nop */
+ stl_raw(p++, 0x01a00008); /* jr t5 */
+ stl_raw(p++, 0x01602021); /* move a0,t3 */
+ /* 0x870 */
+ stl_raw(p++, 0x3c08b800); /* lui t0,0xb400 */
+ stl_raw(p++, 0x350803f8); /* ori t0,t0,0x3f8 */
+ stl_raw(p++, 0x91090005); /* lbu t1,5(t0) */
+ stl_raw(p++, 0x00000000); /* nop */
+ stl_raw(p++, 0x31290040); /* andi t1,t1,0x40 */
+ stl_raw(p++, 0x1120fffc); /* beqz t1,878 <outch+0x8> */
+ stl_raw(p++, 0x00000000); /* nop */
+ stl_raw(p++, 0x03e00008); /* jr ra */
+ stl_raw(p++, 0xa1040000); /* sb a0,0(t0) */
+
+}
+
+static void GCC_FMT_ATTR(3, 4) prom_set(uint32_t* prom_buf, int index,
+ const char *string, ...)
+{
+ va_list ap;
+ int32_t table_addr;
+
+ if (index >= ENVP_NB_ENTRIES)
+ return;
+
+ if (string == NULL) {
+ prom_buf[index] = 0;
+ return;
+ }
+
+ table_addr = sizeof(int32_t) * ENVP_NB_ENTRIES + index * ENVP_ENTRY_SIZE;
+ prom_buf[index] = tswap32(ENVP_ADDR + table_addr);
+
+ va_start(ap, string);
+ vsnprintf((char *)prom_buf + table_addr, ENVP_ENTRY_SIZE, string, ap);
+ va_end(ap);
+}
+
+/* Kernel */
+static int64_t load_kernel (void)
+{
+ int64_t kernel_entry, kernel_high;
+ long initrd_size;
+ ram_addr_t initrd_offset;
+ int big_endian;
+ uint32_t *prom_buf;
+ long prom_size;
+ int prom_index = 0;
+
+#ifdef TARGET_WORDS_BIGENDIAN
+ big_endian = 1;
+#else
+ big_endian = 0;
+#endif
+
+ if (load_elf(loaderparams.kernel_filename, cpu_mips_kseg0_to_phys, NULL,
+ (uint64_t *)&kernel_entry, NULL, (uint64_t *)&kernel_high,
+ big_endian, ELF_MACHINE, 1) < 0) {
+ fprintf(stderr, "qemu: could not load kernel '%s'\n",
+ loaderparams.kernel_filename);
+ exit(1);
+ }
+
+ /* load initrd */
+ initrd_size = 0;
+ initrd_offset = 0;
+ if (loaderparams.initrd_filename) {
+ initrd_size = get_image_size (loaderparams.initrd_filename);
+ if (initrd_size > 0) {
+ initrd_offset = (kernel_high + ~INITRD_PAGE_MASK) & INITRD_PAGE_MASK;
+ if (initrd_offset + initrd_size > ram_size) {
+ fprintf(stderr,
+ "qemu: memory too small for initial ram disk '%s'\n",
+ loaderparams.initrd_filename);
+ exit(1);
+ }
+ initrd_size = load_image_targphys(loaderparams.initrd_filename,
+ initrd_offset,
+ ram_size - initrd_offset);
+ }
+ if (initrd_size == (target_ulong) -1) {
+ fprintf(stderr, "qemu: could not load initial ram disk '%s'\n",
+ loaderparams.initrd_filename);
+ exit(1);
+ }
+ }
+
+ /* Setup prom parameters. */
+ prom_size = ENVP_NB_ENTRIES * (sizeof(int32_t) + ENVP_ENTRY_SIZE);
+ prom_buf = g_malloc(prom_size);
+
+ prom_set(prom_buf, prom_index++, "%s", loaderparams.kernel_filename);
+ if (initrd_size > 0) {
+ prom_set(prom_buf, prom_index++, "rd_start=0x%" PRIx64 " rd_size=%li %s",
+ cpu_mips_phys_to_kseg0(NULL, initrd_offset), initrd_size,
+ loaderparams.kernel_cmdline);
+ } else {
+ prom_set(prom_buf, prom_index++, "%s", loaderparams.kernel_cmdline);
+ }
+
+ prom_set(prom_buf, prom_index++, "memsize");
+ prom_set(prom_buf, prom_index++, "%i", loaderparams.ram_size);
+ prom_set(prom_buf, prom_index++, "modetty0");
+ prom_set(prom_buf, prom_index++, "38400n8r");
+ prom_set(prom_buf, prom_index++, NULL);
+
+ rom_add_blob_fixed("prom", prom_buf, prom_size,
+ cpu_mips_kseg0_to_phys(NULL, ENVP_ADDR));
+
+ return kernel_entry;
+}
+
+static void malta_mips_config(MIPSCPU *cpu)
+{
+ CPUMIPSState *env = &cpu->env;
+ CPUState *cs = CPU(cpu);
+
+ env->mvp->CP0_MVPConf0 |= ((smp_cpus - 1) << CP0MVPC0_PVPE) |
+ ((smp_cpus * cs->nr_threads - 1) << CP0MVPC0_PTC);
+}
+
+static void main_cpu_reset(void *opaque)
+{
+ MIPSCPU *cpu = opaque;
+ CPUMIPSState *env = &cpu->env;
+
+ cpu_reset(CPU(cpu));
+
+ /* The bootloader does not need to be rewritten as it is located in a
+ read only location. The kernel location and the arguments table
+ location does not change. */
+ if (loaderparams.kernel_filename) {
+ env->CP0_Status &= ~((1 << CP0St_BEV) | (1 << CP0St_ERL));
+ }
+
+ malta_mips_config(cpu);
+}
+
+static void cpu_request_exit(void *opaque, int irq, int level)
+{
+ CPUState *cpu = current_cpu;
+
+ if (cpu && level) {
+ cpu_exit(cpu);
+ }
+}
+
+static
+void mips_malta_init(QEMUMachineInitArgs *args)
+{
+ ram_addr_t ram_size = args->ram_size;
+ const char *cpu_model = args->cpu_model;
+ const char *kernel_filename = args->kernel_filename;
+ const char *kernel_cmdline = args->kernel_cmdline;
+ const char *initrd_filename = args->initrd_filename;
+ char *filename;
+ pflash_t *fl;
+ MemoryRegion *system_memory = get_system_memory();
+ MemoryRegion *ram = g_new(MemoryRegion, 1);
+ MemoryRegion *bios, *bios_copy = g_new(MemoryRegion, 1);
+ target_long bios_size = FLASH_SIZE;
+ const size_t smbus_eeprom_size = 8 * 256;
+ uint8_t *smbus_eeprom_buf = g_malloc0(smbus_eeprom_size);
+ int64_t kernel_entry;
+ PCIBus *pci_bus;
+ ISABus *isa_bus;
+ MIPSCPU *cpu;
+ CPUMIPSState *env;
+ qemu_irq *isa_irq;
+ qemu_irq *cpu_exit_irq;
+ int piix4_devfn;
+ i2c_bus *smbus;
+ int i;
+ DriveInfo *dinfo;
+ DriveInfo *hd[MAX_IDE_BUS * MAX_IDE_DEVS];
+ DriveInfo *fd[MAX_FD];
+ int fl_idx = 0;
+ int fl_sectors = bios_size >> 16;
+ int be;
+
+ DeviceState *dev = qdev_create(NULL, TYPE_MIPS_MALTA);
+ MaltaState *s = MIPS_MALTA(dev);
+
+ /* The whole address space decoded by the GT-64120A doesn't generate
+ exception when accessing invalid memory. Create an empty slot to
+ emulate this feature. */
+ empty_slot_init(0, 0x20000000);
+
+ qdev_init_nofail(dev);
+
+ /* Make sure the first 3 serial ports are associated with a device. */
+ for(i = 0; i < 3; i++) {
+ if (!serial_hds[i]) {
+ char label[32];
+ snprintf(label, sizeof(label), "serial%d", i);
+ serial_hds[i] = qemu_chr_new(label, "null", NULL);
+ }
+ }
+
+ /* init CPUs */
+ if (cpu_model == NULL) {
+#ifdef TARGET_MIPS64
+ cpu_model = "20Kc";
+#else
+ cpu_model = "24Kf";
+#endif
+ }
+
+ for (i = 0; i < smp_cpus; i++) {
+ cpu = cpu_mips_init(cpu_model);
+ if (cpu == NULL) {
+ fprintf(stderr, "Unable to find CPU definition\n");
+ exit(1);
+ }
+ env = &cpu->env;
+
+ /* Init internal devices */
+ cpu_mips_irq_init_cpu(env);
+ cpu_mips_clock_init(env);
+ qemu_register_reset(main_cpu_reset, cpu);
+ }
+ cpu = MIPS_CPU(first_cpu);
+ env = &cpu->env;
+
+ /* allocate RAM */
+ if (ram_size > (256 << 20)) {
+ fprintf(stderr,
+ "qemu: Too much memory for this machine: %d MB, maximum 256 MB\n",
+ ((unsigned int)ram_size / (1 << 20)));
+ exit(1);
+ }
+ memory_region_init_ram(ram, NULL, "mips_malta.ram", ram_size);
+ vmstate_register_ram_global(ram);
+ memory_region_add_subregion(system_memory, 0, ram);
+
+ /* generate SPD EEPROM data */
+ generate_eeprom_spd(&smbus_eeprom_buf[0 * 256], ram_size);
+ generate_eeprom_serial(&smbus_eeprom_buf[6 * 256]);
+
+#ifdef TARGET_WORDS_BIGENDIAN
+ be = 1;
+#else
+ be = 0;
+#endif
+ /* FPGA */
+ /* The CBUS UART is attached to the MIPS CPU INT2 pin, ie interrupt 4 */
+ malta_fpga_init(system_memory, FPGA_ADDRESS, env->irq[4], serial_hds[2]);
+
+ /* Load firmware in flash / BIOS. */
+ dinfo = drive_get(IF_PFLASH, 0, fl_idx);
+#ifdef DEBUG_BOARD_INIT
+ if (dinfo) {
+ printf("Register parallel flash %d size " TARGET_FMT_lx " at "
+ "addr %08llx '%s' %x\n",
+ fl_idx, bios_size, FLASH_ADDRESS,
+ bdrv_get_device_name(dinfo->bdrv), fl_sectors);
+ }
+#endif
+ fl = pflash_cfi01_register(FLASH_ADDRESS, NULL, "mips_malta.bios",
+ BIOS_SIZE, dinfo ? dinfo->bdrv : NULL,
+ 65536, fl_sectors,
+ 4, 0x0000, 0x0000, 0x0000, 0x0000, be);
+ bios = pflash_cfi01_get_memory(fl);
+ fl_idx++;
+ if (kernel_filename) {
+ /* Write a small bootloader to the flash location. */
+ loaderparams.ram_size = ram_size;
+ loaderparams.kernel_filename = kernel_filename;
+ loaderparams.kernel_cmdline = kernel_cmdline;
+ loaderparams.initrd_filename = initrd_filename;
+ kernel_entry = load_kernel();
+ write_bootloader(env, memory_region_get_ram_ptr(bios), kernel_entry);
+ } else {
+ /* Load firmware from flash. */
+ if (!dinfo) {
+ /* Load a BIOS image. */
+ if (bios_name == NULL) {
+ bios_name = BIOS_FILENAME;
+ }
+ filename = qemu_find_file(QEMU_FILE_TYPE_BIOS, bios_name);
+ if (filename) {
+ bios_size = load_image_targphys(filename, FLASH_ADDRESS,
+ BIOS_SIZE);
+ g_free(filename);
+ } else {
+ bios_size = -1;
+ }
+ if ((bios_size < 0 || bios_size > BIOS_SIZE) &&
+ !kernel_filename && !qtest_enabled()) {
+ error_report("Could not load MIPS bios '%s', and no "
+ "-kernel argument was specified", bios_name);
+ exit(1);
+ }
+ }
+ /* In little endian mode the 32bit words in the bios are swapped,
+ a neat trick which allows bi-endian firmware. */
+#ifndef TARGET_WORDS_BIGENDIAN
+ {
+ uint32_t *end, *addr = rom_ptr(FLASH_ADDRESS);
+ if (!addr) {
+ addr = memory_region_get_ram_ptr(bios);
+ }
+ end = (void *)addr + MIN(bios_size, 0x3e0000);
+ while (addr < end) {
+ bswap32s(addr);
+ addr++;
+ }
+ }
+#endif
+ }
+
+ /*
+ * Map the BIOS at a 2nd physical location, as on the real board.
+ * Copy it so that we can patch in the MIPS revision, which cannot be
+ * handled by an overlapping region as the resulting ROM code subpage
+ * regions are not executable.
+ */
+ memory_region_init_ram(bios_copy, NULL, "bios.1fc", BIOS_SIZE);
+ if (!rom_copy(memory_region_get_ram_ptr(bios_copy),
+ FLASH_ADDRESS, BIOS_SIZE)) {
+ memcpy(memory_region_get_ram_ptr(bios_copy),
+ memory_region_get_ram_ptr(bios), BIOS_SIZE);
+ }
+ memory_region_set_readonly(bios_copy, true);
+ memory_region_add_subregion(system_memory, RESET_ADDRESS, bios_copy);
+
+ /* Board ID = 0x420 (Malta Board with CoreLV) */
+ stl_p(memory_region_get_ram_ptr(bios_copy) + 0x10, 0x00000420);
+
+ /* Init internal devices */
+ cpu_mips_irq_init_cpu(env);
+ cpu_mips_clock_init(env);
+
+ /*
+ * We have a circular dependency problem: pci_bus depends on isa_irq,
+ * isa_irq is provided by i8259, i8259 depends on ISA, ISA depends
+ * on piix4, and piix4 depends on pci_bus. To stop the cycle we have
+ * qemu_irq_proxy() adds an extra bit of indirection, allowing us
+ * to resolve the isa_irq -> i8259 dependency after i8259 is initialized.
+ */
+ isa_irq = qemu_irq_proxy(&s->i8259, 16);
+
+ /* Northbridge */
+ pci_bus = gt64120_register(isa_irq);
+
+ /* Southbridge */
+ ide_drive_get(hd, MAX_IDE_BUS);
+
+ piix4_devfn = piix4_init(pci_bus, &isa_bus, 80);
+
+ /* Interrupt controller */
+ /* The 8259 is attached to the MIPS CPU INT0 pin, ie interrupt 2 */
+ s->i8259 = i8259_init(isa_bus, env->irq[2]);
+
+ isa_bus_irqs(isa_bus, s->i8259);
+ pci_piix4_ide_init(pci_bus, hd, piix4_devfn + 1);
+ pci_create_simple(pci_bus, piix4_devfn + 2, "piix4-usb-uhci");
+ smbus = piix4_pm_init(pci_bus, piix4_devfn + 3, 0x1100,
+ isa_get_irq(NULL, 9), NULL, 0, NULL);
+ smbus_eeprom_init(smbus, 8, smbus_eeprom_buf, smbus_eeprom_size);
+ g_free(smbus_eeprom_buf);
+ pit = pit_init(isa_bus, 0x40, 0, NULL);
+ cpu_exit_irq = qemu_allocate_irqs(cpu_request_exit, NULL, 1);
+ DMA_init(0, cpu_exit_irq);
+
+ /* Super I/O */
+ isa_create_simple(isa_bus, "i8042");
+
+ rtc_init(isa_bus, 2000, NULL);
+ serial_isa_init(isa_bus, 0, serial_hds[0]);
+ serial_isa_init(isa_bus, 1, serial_hds[1]);
+ if (parallel_hds[0])
+ parallel_init(isa_bus, 0, parallel_hds[0]);
+ for(i = 0; i < MAX_FD; i++) {
+ fd[i] = drive_get(IF_FLOPPY, 0, i);
+ }
+ fdctrl_init_isa(isa_bus, fd);
+
+ /* Network card */
+ network_init(pci_bus);
+
+ /* Optional PCI video card */
+ pci_vga_init(pci_bus);
+}
+
+static int mips_malta_sysbus_device_init(SysBusDevice *sysbusdev)
+{
+ return 0;
+}
+
+static void mips_malta_class_init(ObjectClass *klass, void *data)
+{
+ SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
+
+ k->init = mips_malta_sysbus_device_init;
+}
+
+static const TypeInfo mips_malta_device = {
+ .name = TYPE_MIPS_MALTA,
+ .parent = TYPE_SYS_BUS_DEVICE,
+ .instance_size = sizeof(MaltaState),
+ .class_init = mips_malta_class_init,
+};
+
+static QEMUMachine mips_malta_machine = {
+ .name = "malta",
+ .desc = "MIPS Malta Core LV",
+ .init = mips_malta_init,
+ .max_cpus = 16,
+ .is_default = 1,
+ DEFAULT_MACHINE_OPTIONS,
+};
+
+static void mips_malta_register_types(void)
+{
+ type_register_static(&mips_malta_device);
+}
+
+static void mips_malta_machine_init(void)
+{
+ qemu_register_machine(&mips_malta_machine);
+}
+
+type_init(mips_malta_register_types)
+machine_init(mips_malta_machine_init);
diff --git a/hw/mips/mips_mipssim.c b/hw/mips/mips_mipssim.c
new file mode 100644
index 000000000..297f01e26
--- /dev/null
+++ b/hw/mips/mips_mipssim.c
@@ -0,0 +1,243 @@
+/*
+ * QEMU/mipssim emulation
+ *
+ * Emulates a very simple machine model similar to the one used by the
+ * proprietary MIPS emulator.
+ *
+ * Copyright (c) 2007 Thiemo Seufer
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+#include "hw/hw.h"
+#include "hw/mips/mips.h"
+#include "hw/mips/cpudevs.h"
+#include "hw/char/serial.h"
+#include "hw/isa/isa.h"
+#include "net/net.h"
+#include "sysemu/sysemu.h"
+#include "hw/boards.h"
+#include "hw/mips/bios.h"
+#include "hw/loader.h"
+#include "elf.h"
+#include "hw/sysbus.h"
+#include "exec/address-spaces.h"
+#include "qemu/error-report.h"
+
+static struct _loaderparams {
+ int ram_size;
+ const char *kernel_filename;
+ const char *kernel_cmdline;
+ const char *initrd_filename;
+} loaderparams;
+
+typedef struct ResetData {
+ MIPSCPU *cpu;
+ uint64_t vector;
+} ResetData;
+
+static int64_t load_kernel(void)
+{
+ int64_t entry, kernel_high;
+ long kernel_size;
+ long initrd_size;
+ ram_addr_t initrd_offset;
+ int big_endian;
+
+#ifdef TARGET_WORDS_BIGENDIAN
+ big_endian = 1;
+#else
+ big_endian = 0;
+#endif
+
+ kernel_size = load_elf(loaderparams.kernel_filename, cpu_mips_kseg0_to_phys,
+ NULL, (uint64_t *)&entry, NULL,
+ (uint64_t *)&kernel_high, big_endian,
+ ELF_MACHINE, 1);
+ if (kernel_size >= 0) {
+ if ((entry & ~0x7fffffffULL) == 0x80000000)
+ entry = (int32_t)entry;
+ } else {
+ fprintf(stderr, "qemu: could not load kernel '%s'\n",
+ loaderparams.kernel_filename);
+ exit(1);
+ }
+
+ /* load initrd */
+ initrd_size = 0;
+ initrd_offset = 0;
+ if (loaderparams.initrd_filename) {
+ initrd_size = get_image_size (loaderparams.initrd_filename);
+ if (initrd_size > 0) {
+ initrd_offset = (kernel_high + ~INITRD_PAGE_MASK) & INITRD_PAGE_MASK;
+ if (initrd_offset + initrd_size > loaderparams.ram_size) {
+ fprintf(stderr,
+ "qemu: memory too small for initial ram disk '%s'\n",
+ loaderparams.initrd_filename);
+ exit(1);
+ }
+ initrd_size = load_image_targphys(loaderparams.initrd_filename,
+ initrd_offset, loaderparams.ram_size - initrd_offset);
+ }
+ if (initrd_size == (target_ulong) -1) {
+ fprintf(stderr, "qemu: could not load initial ram disk '%s'\n",
+ loaderparams.initrd_filename);
+ exit(1);
+ }
+ }
+ return entry;
+}
+
+static void main_cpu_reset(void *opaque)
+{
+ ResetData *s = (ResetData *)opaque;
+ CPUMIPSState *env = &s->cpu->env;
+
+ cpu_reset(CPU(s->cpu));
+ env->active_tc.PC = s->vector & ~(target_ulong)1;
+ if (s->vector & 1) {
+ env->hflags |= MIPS_HFLAG_M16;
+ }
+}
+
+static void mipsnet_init(int base, qemu_irq irq, NICInfo *nd)
+{
+ DeviceState *dev;
+ SysBusDevice *s;
+
+ dev = qdev_create(NULL, "mipsnet");
+ qdev_set_nic_properties(dev, nd);
+ qdev_init_nofail(dev);
+
+ s = SYS_BUS_DEVICE(dev);
+ sysbus_connect_irq(s, 0, irq);
+ memory_region_add_subregion(get_system_io(),
+ base,
+ sysbus_mmio_get_region(s, 0));
+}
+
+static void
+mips_mipssim_init(QEMUMachineInitArgs *args)
+{
+ ram_addr_t ram_size = args->ram_size;
+ const char *cpu_model = args->cpu_model;
+ const char *kernel_filename = args->kernel_filename;
+ const char *kernel_cmdline = args->kernel_cmdline;
+ const char *initrd_filename = args->initrd_filename;
+ char *filename;
+ MemoryRegion *address_space_mem = get_system_memory();
+ MemoryRegion *isa = g_new(MemoryRegion, 1);
+ MemoryRegion *ram = g_new(MemoryRegion, 1);
+ MemoryRegion *bios = g_new(MemoryRegion, 1);
+ MIPSCPU *cpu;
+ CPUMIPSState *env;
+ ResetData *reset_info;
+ int bios_size;
+
+ /* Init CPUs. */
+ if (cpu_model == NULL) {
+#ifdef TARGET_MIPS64
+ cpu_model = "5Kf";
+#else
+ cpu_model = "24Kf";
+#endif
+ }
+ cpu = cpu_mips_init(cpu_model);
+ if (cpu == NULL) {
+ fprintf(stderr, "Unable to find CPU definition\n");
+ exit(1);
+ }
+ env = &cpu->env;
+
+ reset_info = g_malloc0(sizeof(ResetData));
+ reset_info->cpu = cpu;
+ reset_info->vector = env->active_tc.PC;
+ qemu_register_reset(main_cpu_reset, reset_info);
+
+ /* Allocate RAM. */
+ memory_region_init_ram(ram, NULL, "mips_mipssim.ram", ram_size);
+ vmstate_register_ram_global(ram);
+ memory_region_init_ram(bios, NULL, "mips_mipssim.bios", BIOS_SIZE);
+ vmstate_register_ram_global(bios);
+ memory_region_set_readonly(bios, true);
+
+ memory_region_add_subregion(address_space_mem, 0, ram);
+
+ /* Map the BIOS / boot exception handler. */
+ memory_region_add_subregion(address_space_mem, 0x1fc00000LL, bios);
+ /* Load a BIOS / boot exception handler image. */
+ if (bios_name == NULL)
+ bios_name = BIOS_FILENAME;
+ filename = qemu_find_file(QEMU_FILE_TYPE_BIOS, bios_name);
+ if (filename) {
+ bios_size = load_image_targphys(filename, 0x1fc00000LL, BIOS_SIZE);
+ g_free(filename);
+ } else {
+ bios_size = -1;
+ }
+ if ((bios_size < 0 || bios_size > BIOS_SIZE) && !kernel_filename) {
+ /* Bail out if we have neither a kernel image nor boot vector code. */
+ error_report("Could not load MIPS bios '%s', and no "
+ "-kernel argument was specified", filename);
+ exit(1);
+ } else {
+ /* We have a boot vector start address. */
+ env->active_tc.PC = (target_long)(int32_t)0xbfc00000;
+ }
+
+ if (kernel_filename) {
+ loaderparams.ram_size = ram_size;
+ loaderparams.kernel_filename = kernel_filename;
+ loaderparams.kernel_cmdline = kernel_cmdline;
+ loaderparams.initrd_filename = initrd_filename;
+ reset_info->vector = load_kernel();
+ }
+
+ /* Init CPU internal devices. */
+ cpu_mips_irq_init_cpu(env);
+ cpu_mips_clock_init(env);
+
+ /* Register 64 KB of ISA IO space at 0x1fd00000. */
+ memory_region_init_alias(isa, NULL, "isa_mmio",
+ get_system_io(), 0, 0x00010000);
+ memory_region_add_subregion(get_system_memory(), 0x1fd00000, isa);
+
+ /* A single 16450 sits at offset 0x3f8. It is attached to
+ MIPS CPU INT2, which is interrupt 4. */
+ if (serial_hds[0])
+ serial_init(0x3f8, env->irq[4], 115200, serial_hds[0],
+ get_system_io());
+
+ if (nd_table[0].used)
+ /* MIPSnet uses the MIPS CPU INT0, which is interrupt 2. */
+ mipsnet_init(0x4200, env->irq[2], &nd_table[0]);
+}
+
+static QEMUMachine mips_mipssim_machine = {
+ .name = "mipssim",
+ .desc = "MIPS MIPSsim platform",
+ .init = mips_mipssim_init,
+ DEFAULT_MACHINE_OPTIONS,
+};
+
+static void mips_mipssim_machine_init(void)
+{
+ qemu_register_machine(&mips_mipssim_machine);
+}
+
+machine_init(mips_mipssim_machine_init);
diff --git a/hw/mips/mips_r4k.c b/hw/mips/mips_r4k.c
new file mode 100644
index 000000000..044f232de
--- /dev/null
+++ b/hw/mips/mips_r4k.c
@@ -0,0 +1,317 @@
+/*
+ * QEMU/MIPS pseudo-board
+ *
+ * emulates a simple machine with ISA-like bus.
+ * ISA IO space mapped to the 0x14000000 (PHYS) and
+ * ISA memory at the 0x10000000 (PHYS, 16Mb in size).
+ * All peripherial devices are attached to this "bus" with
+ * the standard PC ISA addresses.
+*/
+#include "hw/hw.h"
+#include "hw/mips/mips.h"
+#include "hw/mips/cpudevs.h"
+#include "hw/i386/pc.h"
+#include "hw/char/serial.h"
+#include "hw/isa/isa.h"
+#include "net/net.h"
+#include "sysemu/sysemu.h"
+#include "hw/boards.h"
+#include "hw/block/flash.h"
+#include "qemu/log.h"
+#include "hw/mips/bios.h"
+#include "hw/ide.h"
+#include "hw/loader.h"
+#include "elf.h"
+#include "hw/timer/mc146818rtc.h"
+#include "hw/timer/i8254.h"
+#include "sysemu/blockdev.h"
+#include "exec/address-spaces.h"
+#include "sysemu/qtest.h"
+
+#define MAX_IDE_BUS 2
+
+static const int ide_iobase[2] = { 0x1f0, 0x170 };
+static const int ide_iobase2[2] = { 0x3f6, 0x376 };
+static const int ide_irq[2] = { 14, 15 };
+
+static ISADevice *pit; /* PIT i8254 */
+
+/* i8254 PIT is attached to the IRQ0 at PIC i8259 */
+
+static struct _loaderparams {
+ int ram_size;
+ const char *kernel_filename;
+ const char *kernel_cmdline;
+ const char *initrd_filename;
+} loaderparams;
+
+static void mips_qemu_write (void *opaque, hwaddr addr,
+ uint64_t val, unsigned size)
+{
+ if ((addr & 0xffff) == 0 && val == 42)
+ qemu_system_reset_request ();
+ else if ((addr & 0xffff) == 4 && val == 42)
+ qemu_system_shutdown_request ();
+}
+
+static uint64_t mips_qemu_read (void *opaque, hwaddr addr,
+ unsigned size)
+{
+ return 0;
+}
+
+static const MemoryRegionOps mips_qemu_ops = {
+ .read = mips_qemu_read,
+ .write = mips_qemu_write,
+ .endianness = DEVICE_NATIVE_ENDIAN,
+};
+
+typedef struct ResetData {
+ MIPSCPU *cpu;
+ uint64_t vector;
+} ResetData;
+
+static int64_t load_kernel(void)
+{
+ int64_t entry, kernel_high;
+ long kernel_size, initrd_size, params_size;
+ ram_addr_t initrd_offset;
+ uint32_t *params_buf;
+ int big_endian;
+
+#ifdef TARGET_WORDS_BIGENDIAN
+ big_endian = 1;
+#else
+ big_endian = 0;
+#endif
+ kernel_size = load_elf(loaderparams.kernel_filename, cpu_mips_kseg0_to_phys,
+ NULL, (uint64_t *)&entry, NULL,
+ (uint64_t *)&kernel_high, big_endian,
+ ELF_MACHINE, 1);
+ if (kernel_size >= 0) {
+ if ((entry & ~0x7fffffffULL) == 0x80000000)
+ entry = (int32_t)entry;
+ } else {
+ fprintf(stderr, "qemu: could not load kernel '%s'\n",
+ loaderparams.kernel_filename);
+ exit(1);
+ }
+
+ /* load initrd */
+ initrd_size = 0;
+ initrd_offset = 0;
+ if (loaderparams.initrd_filename) {
+ initrd_size = get_image_size (loaderparams.initrd_filename);
+ if (initrd_size > 0) {
+ initrd_offset = (kernel_high + ~INITRD_PAGE_MASK) & INITRD_PAGE_MASK;
+ if (initrd_offset + initrd_size > ram_size) {
+ fprintf(stderr,
+ "qemu: memory too small for initial ram disk '%s'\n",
+ loaderparams.initrd_filename);
+ exit(1);
+ }
+ initrd_size = load_image_targphys(loaderparams.initrd_filename,
+ initrd_offset,
+ ram_size - initrd_offset);
+ }
+ if (initrd_size == (target_ulong) -1) {
+ fprintf(stderr, "qemu: could not load initial ram disk '%s'\n",
+ loaderparams.initrd_filename);
+ exit(1);
+ }
+ }
+
+ /* Store command line. */
+ params_size = 264;
+ params_buf = g_malloc(params_size);
+
+ params_buf[0] = tswap32(ram_size);
+ params_buf[1] = tswap32(0x12345678);
+
+ if (initrd_size > 0) {
+ snprintf((char *)params_buf + 8, 256, "rd_start=0x%" PRIx64 " rd_size=%li %s",
+ cpu_mips_phys_to_kseg0(NULL, initrd_offset),
+ initrd_size, loaderparams.kernel_cmdline);
+ } else {
+ snprintf((char *)params_buf + 8, 256, "%s", loaderparams.kernel_cmdline);
+ }
+
+ rom_add_blob_fixed("params", params_buf, params_size,
+ (16 << 20) - 264);
+
+ return entry;
+}
+
+static void main_cpu_reset(void *opaque)
+{
+ ResetData *s = (ResetData *)opaque;
+ CPUMIPSState *env = &s->cpu->env;
+
+ cpu_reset(CPU(s->cpu));
+ env->active_tc.PC = s->vector;
+}
+
+static const int sector_len = 32 * 1024;
+static
+void mips_r4k_init(QEMUMachineInitArgs *args)
+{
+ ram_addr_t ram_size = args->ram_size;
+ const char *cpu_model = args->cpu_model;
+ const char *kernel_filename = args->kernel_filename;
+ const char *kernel_cmdline = args->kernel_cmdline;
+ const char *initrd_filename = args->initrd_filename;
+ char *filename;
+ MemoryRegion *address_space_mem = get_system_memory();
+ MemoryRegion *ram = g_new(MemoryRegion, 1);
+ MemoryRegion *bios;
+ MemoryRegion *iomem = g_new(MemoryRegion, 1);
+ MemoryRegion *isa = g_new(MemoryRegion, 1);
+ int bios_size;
+ MIPSCPU *cpu;
+ CPUMIPSState *env;
+ ResetData *reset_info;
+ int i;
+ qemu_irq *i8259;
+ ISABus *isa_bus;
+ DriveInfo *hd[MAX_IDE_BUS * MAX_IDE_DEVS];
+ DriveInfo *dinfo;
+ int be;
+
+ /* init CPUs */
+ if (cpu_model == NULL) {
+#ifdef TARGET_MIPS64
+ cpu_model = "R4000";
+#else
+ cpu_model = "24Kf";
+#endif
+ }
+ cpu = cpu_mips_init(cpu_model);
+ if (cpu == NULL) {
+ fprintf(stderr, "Unable to find CPU definition\n");
+ exit(1);
+ }
+ env = &cpu->env;
+
+ reset_info = g_malloc0(sizeof(ResetData));
+ reset_info->cpu = cpu;
+ reset_info->vector = env->active_tc.PC;
+ qemu_register_reset(main_cpu_reset, reset_info);
+
+ /* allocate RAM */
+ if (ram_size > (256 << 20)) {
+ fprintf(stderr,
+ "qemu: Too much memory for this machine: %d MB, maximum 256 MB\n",
+ ((unsigned int)ram_size / (1 << 20)));
+ exit(1);
+ }
+ memory_region_init_ram(ram, NULL, "mips_r4k.ram", ram_size);
+ vmstate_register_ram_global(ram);
+
+ memory_region_add_subregion(address_space_mem, 0, ram);
+
+ memory_region_init_io(iomem, NULL, &mips_qemu_ops, NULL, "mips-qemu", 0x10000);
+ memory_region_add_subregion(address_space_mem, 0x1fbf0000, iomem);
+
+ /* Try to load a BIOS image. If this fails, we continue regardless,
+ but initialize the hardware ourselves. When a kernel gets
+ preloaded we also initialize the hardware, since the BIOS wasn't
+ run. */
+ if (bios_name == NULL)
+ bios_name = BIOS_FILENAME;
+ filename = qemu_find_file(QEMU_FILE_TYPE_BIOS, bios_name);
+ if (filename) {
+ bios_size = get_image_size(filename);
+ } else {
+ bios_size = -1;
+ }
+#ifdef TARGET_WORDS_BIGENDIAN
+ be = 1;
+#else
+ be = 0;
+#endif
+ if ((bios_size > 0) && (bios_size <= BIOS_SIZE)) {
+ bios = g_new(MemoryRegion, 1);
+ memory_region_init_ram(bios, NULL, "mips_r4k.bios", BIOS_SIZE);
+ vmstate_register_ram_global(bios);
+ memory_region_set_readonly(bios, true);
+ memory_region_add_subregion(get_system_memory(), 0x1fc00000, bios);
+
+ load_image_targphys(filename, 0x1fc00000, BIOS_SIZE);
+ } else if ((dinfo = drive_get(IF_PFLASH, 0, 0)) != NULL) {
+ uint32_t mips_rom = 0x00400000;
+ if (!pflash_cfi01_register(0x1fc00000, NULL, "mips_r4k.bios", mips_rom,
+ dinfo->bdrv, sector_len,
+ mips_rom / sector_len,
+ 4, 0, 0, 0, 0, be)) {
+ fprintf(stderr, "qemu: Error registering flash memory.\n");
+ }
+ } else if (!qtest_enabled()) {
+ /* not fatal */
+ fprintf(stderr, "qemu: Warning, could not load MIPS bios '%s'\n",
+ bios_name);
+ }
+ if (filename) {
+ g_free(filename);
+ }
+
+ if (kernel_filename) {
+ loaderparams.ram_size = ram_size;
+ loaderparams.kernel_filename = kernel_filename;
+ loaderparams.kernel_cmdline = kernel_cmdline;
+ loaderparams.initrd_filename = initrd_filename;
+ reset_info->vector = load_kernel();
+ }
+
+ /* Init CPU internal devices */
+ cpu_mips_irq_init_cpu(env);
+ cpu_mips_clock_init(env);
+
+ /* The PIC is attached to the MIPS CPU INT0 pin */
+ isa_bus = isa_bus_new(NULL, get_system_io());
+ i8259 = i8259_init(isa_bus, env->irq[2]);
+ isa_bus_irqs(isa_bus, i8259);
+
+ rtc_init(isa_bus, 2000, NULL);
+
+ /* Register 64 KB of ISA IO space at 0x14000000 */
+ memory_region_init_alias(isa, NULL, "isa_mmio",
+ get_system_io(), 0, 0x00010000);
+ memory_region_add_subregion(get_system_memory(), 0x14000000, isa);
+
+ isa_mem_base = 0x10000000;
+
+ pit = pit_init(isa_bus, 0x40, 0, NULL);
+
+ for(i = 0; i < MAX_SERIAL_PORTS; i++) {
+ if (serial_hds[i]) {
+ serial_isa_init(isa_bus, i, serial_hds[i]);
+ }
+ }
+
+ isa_vga_init(isa_bus);
+
+ if (nd_table[0].used)
+ isa_ne2000_init(isa_bus, 0x300, 9, &nd_table[0]);
+
+ ide_drive_get(hd, MAX_IDE_BUS);
+ for(i = 0; i < MAX_IDE_BUS; i++)
+ isa_ide_init(isa_bus, ide_iobase[i], ide_iobase2[i], ide_irq[i],
+ hd[MAX_IDE_DEVS * i],
+ hd[MAX_IDE_DEVS * i + 1]);
+
+ isa_create_simple(isa_bus, "i8042");
+}
+
+static QEMUMachine mips_machine = {
+ .name = "mips",
+ .desc = "mips r4k platform",
+ .init = mips_r4k_init,
+ DEFAULT_MACHINE_OPTIONS,
+};
+
+static void mips_machine_init(void)
+{
+ qemu_register_machine(&mips_machine);
+}
+
+machine_init(mips_machine_init);
diff --git a/hw/mips_addr.c b/hw/mips_addr.c
deleted file mode 100644
index aa1c7d84d..000000000
--- a/hw/mips_addr.c
+++ /dev/null
@@ -1,34 +0,0 @@
-/*
- * QEMU MIPS address translation support
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
- * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
- * THE SOFTWARE.
- */
-
-#include "hw.h"
-#include "mips_cpudevs.h"
-
-uint64_t cpu_mips_kseg0_to_phys(void *opaque, uint64_t addr)
-{
- return addr & 0x7fffffffll;
-}
-
-uint64_t cpu_mips_phys_to_kseg0(void *opaque, uint64_t addr)
-{
- return addr | ~0x7fffffffll;
-}
diff --git a/hw/mips_cpudevs.h b/hw/mips_cpudevs.h
deleted file mode 100644
index 6bea24bf1..000000000
--- a/hw/mips_cpudevs.h
+++ /dev/null
@@ -1,15 +0,0 @@
-#ifndef HW_MIPS_CPUDEVS_H
-#define HW_MIPS_CPUDEVS_H
-/* Definitions for MIPS CPU internal devices. */
-
-/* mips_addr.c */
-uint64_t cpu_mips_kseg0_to_phys(void *opaque, uint64_t addr);
-uint64_t cpu_mips_phys_to_kseg0(void *opaque, uint64_t addr);
-
-/* mips_int.c */
-void cpu_mips_irq_init_cpu(CPUMIPSState *env);
-
-/* mips_timer.c */
-void cpu_mips_clock_init(CPUMIPSState *);
-
-#endif
diff --git a/hw/mips_fulong2e.c b/hw/mips_fulong2e.c
deleted file mode 100644
index 5fcf900e0..000000000
--- a/hw/mips_fulong2e.c
+++ /dev/null
@@ -1,410 +0,0 @@
-/*
- * QEMU fulong 2e mini pc support
- *
- * Copyright (c) 2008 yajin (yajin@vm-kernel.org)
- * Copyright (c) 2009 chenming (chenming@rdc.faw.com.cn)
- * Copyright (c) 2010 Huacai Chen (zltjiangshi@gmail.com)
- * This code is licensed under the GNU GPL v2.
- *
- * Contributions after 2012-01-13 are licensed under the terms of the
- * GNU GPL, version 2 or (at your option) any later version.
- */
-
-/*
- * Fulong 2e mini pc is based on ICT/ST Loongson 2e CPU (MIPS III like, 800MHz)
- * http://www.linux-mips.org/wiki/Fulong
- *
- * Loongson 2e user manual:
- * http://www.loongsondeveloper.com/doc/Loongson2EUserGuide.pdf
- */
-
-#include "hw.h"
-#include "pc.h"
-#include "serial.h"
-#include "fdc.h"
-#include "net.h"
-#include "boards.h"
-#include "smbus.h"
-#include "block.h"
-#include "flash.h"
-#include "mips.h"
-#include "mips_cpudevs.h"
-#include "pci.h"
-#include "qemu-char.h"
-#include "sysemu.h"
-#include "audio/audio.h"
-#include "qemu-log.h"
-#include "loader.h"
-#include "mips-bios.h"
-#include "ide.h"
-#include "elf.h"
-#include "vt82c686.h"
-#include "mc146818rtc.h"
-#include "i8254.h"
-#include "blockdev.h"
-#include "exec-memory.h"
-
-#define DEBUG_FULONG2E_INIT
-
-#define ENVP_ADDR 0x80002000l
-#define ENVP_NB_ENTRIES 16
-#define ENVP_ENTRY_SIZE 256
-
-#define MAX_IDE_BUS 2
-
-/*
- * PMON is not part of qemu and released with BSD license, anyone
- * who want to build a pmon binary please first git-clone the source
- * from the git repository at:
- * http://www.loongson.cn/support/git/pmon
- * Then follow the "Compile Guide" available at:
- * http://dev.lemote.com/code/pmon
- *
- * Notes:
- * 1, don't use the source at http://dev.lemote.com/http_git/pmon.git
- * 2, use "Bonito2edev" to replace "dir_corresponding_to_your_target_hardware"
- * in the "Compile Guide".
- */
-#define FULONG_BIOSNAME "pmon_fulong2e.bin"
-
-/* PCI SLOT in fulong 2e */
-#define FULONG2E_VIA_SLOT 5
-#define FULONG2E_ATI_SLOT 6
-#define FULONG2E_RTL8139_SLOT 7
-
-static ISADevice *pit;
-
-static struct _loaderparams {
- int ram_size;
- const char *kernel_filename;
- const char *kernel_cmdline;
- const char *initrd_filename;
-} loaderparams;
-
-static void GCC_FMT_ATTR(3, 4) prom_set(uint32_t* prom_buf, int index,
- const char *string, ...)
-{
- va_list ap;
- int32_t table_addr;
-
- if (index >= ENVP_NB_ENTRIES)
- return;
-
- if (string == NULL) {
- prom_buf[index] = 0;
- return;
- }
-
- table_addr = sizeof(int32_t) * ENVP_NB_ENTRIES + index * ENVP_ENTRY_SIZE;
- prom_buf[index] = tswap32(ENVP_ADDR + table_addr);
-
- va_start(ap, string);
- vsnprintf((char *)prom_buf + table_addr, ENVP_ENTRY_SIZE, string, ap);
- va_end(ap);
-}
-
-static int64_t load_kernel (CPUMIPSState *env)
-{
- int64_t kernel_entry, kernel_low, kernel_high;
- int index = 0;
- long initrd_size;
- ram_addr_t initrd_offset;
- uint32_t *prom_buf;
- long prom_size;
-
- if (load_elf(loaderparams.kernel_filename, cpu_mips_kseg0_to_phys, NULL,
- (uint64_t *)&kernel_entry, (uint64_t *)&kernel_low,
- (uint64_t *)&kernel_high, 0, ELF_MACHINE, 1) < 0) {
- fprintf(stderr, "qemu: could not load kernel '%s'\n",
- loaderparams.kernel_filename);
- exit(1);
- }
-
- /* load initrd */
- initrd_size = 0;
- initrd_offset = 0;
- if (loaderparams.initrd_filename) {
- initrd_size = get_image_size (loaderparams.initrd_filename);
- if (initrd_size > 0) {
- initrd_offset = (kernel_high + ~TARGET_PAGE_MASK) & TARGET_PAGE_MASK;
- if (initrd_offset + initrd_size > ram_size) {
- fprintf(stderr,
- "qemu: memory too small for initial ram disk '%s'\n",
- loaderparams.initrd_filename);
- exit(1);
- }
- initrd_size = load_image_targphys(loaderparams.initrd_filename,
- initrd_offset, ram_size - initrd_offset);
- }
- if (initrd_size == (target_ulong) -1) {
- fprintf(stderr, "qemu: could not load initial ram disk '%s'\n",
- loaderparams.initrd_filename);
- exit(1);
- }
- }
-
- /* Setup prom parameters. */
- prom_size = ENVP_NB_ENTRIES * (sizeof(int32_t) + ENVP_ENTRY_SIZE);
- prom_buf = g_malloc(prom_size);
-
- prom_set(prom_buf, index++, "%s", loaderparams.kernel_filename);
- if (initrd_size > 0) {
- prom_set(prom_buf, index++, "rd_start=0x%" PRIx64 " rd_size=%li %s",
- cpu_mips_phys_to_kseg0(NULL, initrd_offset), initrd_size,
- loaderparams.kernel_cmdline);
- } else {
- prom_set(prom_buf, index++, "%s", loaderparams.kernel_cmdline);
- }
-
- /* Setup minimum environment variables */
- prom_set(prom_buf, index++, "busclock=33000000");
- prom_set(prom_buf, index++, "cpuclock=100000000");
- prom_set(prom_buf, index++, "memsize=%i", loaderparams.ram_size/1024/1024);
- prom_set(prom_buf, index++, "modetty0=38400n8r");
- prom_set(prom_buf, index++, NULL);
-
- rom_add_blob_fixed("prom", prom_buf, prom_size,
- cpu_mips_kseg0_to_phys(NULL, ENVP_ADDR));
-
- return kernel_entry;
-}
-
-static void write_bootloader (CPUMIPSState *env, uint8_t *base, int64_t kernel_addr)
-{
- uint32_t *p;
-
- /* Small bootloader */
- p = (uint32_t *) base;
-
- stl_raw(p++, 0x0bf00010); /* j 0x1fc00040 */
- stl_raw(p++, 0x00000000); /* nop */
-
- /* Second part of the bootloader */
- p = (uint32_t *) (base + 0x040);
-
- stl_raw(p++, 0x3c040000); /* lui a0, 0 */
- stl_raw(p++, 0x34840002); /* ori a0, a0, 2 */
- stl_raw(p++, 0x3c050000 | ((ENVP_ADDR >> 16) & 0xffff)); /* lui a1, high(ENVP_ADDR) */
- stl_raw(p++, 0x34a50000 | (ENVP_ADDR & 0xffff)); /* ori a1, a0, low(ENVP_ADDR) */
- stl_raw(p++, 0x3c060000 | (((ENVP_ADDR + 8) >> 16) & 0xffff)); /* lui a2, high(ENVP_ADDR + 8) */
- stl_raw(p++, 0x34c60000 | ((ENVP_ADDR + 8) & 0xffff)); /* ori a2, a2, low(ENVP_ADDR + 8) */
- stl_raw(p++, 0x3c070000 | (loaderparams.ram_size >> 16)); /* lui a3, high(env->ram_size) */
- stl_raw(p++, 0x34e70000 | (loaderparams.ram_size & 0xffff)); /* ori a3, a3, low(env->ram_size) */
- stl_raw(p++, 0x3c1f0000 | ((kernel_addr >> 16) & 0xffff)); /* lui ra, high(kernel_addr) */;
- stl_raw(p++, 0x37ff0000 | (kernel_addr & 0xffff)); /* ori ra, ra, low(kernel_addr) */
- stl_raw(p++, 0x03e00008); /* jr ra */
- stl_raw(p++, 0x00000000); /* nop */
-}
-
-
-static void main_cpu_reset(void *opaque)
-{
- MIPSCPU *cpu = opaque;
- CPUMIPSState *env = &cpu->env;
-
- cpu_reset(CPU(cpu));
- /* TODO: 2E reset stuff */
- if (loaderparams.kernel_filename) {
- env->CP0_Status &= ~((1 << CP0St_BEV) | (1 << CP0St_ERL));
- }
-}
-
-uint8_t eeprom_spd[0x80] = {
- 0x80,0x08,0x07,0x0d,0x09,0x02,0x40,0x00,0x04,0x70,
- 0x70,0x00,0x82,0x10,0x00,0x01,0x0e,0x04,0x0c,0x01,
- 0x02,0x20,0x80,0x75,0x70,0x00,0x00,0x50,0x3c,0x50,
- 0x2d,0x20,0xb0,0xb0,0x50,0x50,0x00,0x00,0x00,0x00,
- 0x00,0x41,0x48,0x3c,0x32,0x75,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x9c,0x7b,0x07,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x48,0x42,0x35,0x34,0x41,0x32,
- 0x35,0x36,0x38,0x4b,0x4e,0x2d,0x41,0x37,0x35,0x42,
- 0x20,0x30,0x20
-};
-
-/* Audio support */
-static void audio_init (PCIBus *pci_bus)
-{
- vt82c686b_ac97_init(pci_bus, PCI_DEVFN(FULONG2E_VIA_SLOT, 5));
- vt82c686b_mc97_init(pci_bus, PCI_DEVFN(FULONG2E_VIA_SLOT, 6));
-}
-
-/* Network support */
-static void network_init (void)
-{
- int i;
-
- for(i = 0; i < nb_nics; i++) {
- NICInfo *nd = &nd_table[i];
- const char *default_devaddr = NULL;
-
- if (i == 0 && (!nd->model || strcmp(nd->model, "rtl8139") == 0)) {
- /* The fulong board has a RTL8139 card using PCI SLOT 7 */
- default_devaddr = "07";
- }
-
- pci_nic_init_nofail(nd, "rtl8139", default_devaddr);
- }
-}
-
-static void cpu_request_exit(void *opaque, int irq, int level)
-{
- CPUMIPSState *env = cpu_single_env;
-
- if (env && level) {
- cpu_exit(env);
- }
-}
-
-static void mips_fulong2e_init(QEMUMachineInitArgs *args)
-{
- ram_addr_t ram_size = args->ram_size;
- const char *cpu_model = args->cpu_model;
- const char *kernel_filename = args->kernel_filename;
- const char *kernel_cmdline = args->kernel_cmdline;
- const char *initrd_filename = args->initrd_filename;
- char *filename;
- MemoryRegion *address_space_mem = get_system_memory();
- MemoryRegion *ram = g_new(MemoryRegion, 1);
- MemoryRegion *bios = g_new(MemoryRegion, 1);
- long bios_size;
- int64_t kernel_entry;
- qemu_irq *i8259;
- qemu_irq *cpu_exit_irq;
- PCIBus *pci_bus;
- ISABus *isa_bus;
- i2c_bus *smbus;
- int i;
- DriveInfo *hd[MAX_IDE_BUS * MAX_IDE_DEVS];
- MIPSCPU *cpu;
- CPUMIPSState *env;
-
- /* init CPUs */
- if (cpu_model == NULL) {
- cpu_model = "Loongson-2E";
- }
- cpu = cpu_mips_init(cpu_model);
- if (cpu == NULL) {
- fprintf(stderr, "Unable to find CPU definition\n");
- exit(1);
- }
- env = &cpu->env;
-
- qemu_register_reset(main_cpu_reset, cpu);
-
- /* fulong 2e has 256M ram. */
- ram_size = 256 * 1024 * 1024;
-
- /* fulong 2e has a 1M flash.Winbond W39L040AP70Z */
- bios_size = 1024 * 1024;
-
- /* allocate RAM */
- memory_region_init_ram(ram, "fulong2e.ram", ram_size);
- vmstate_register_ram_global(ram);
- memory_region_init_ram(bios, "fulong2e.bios", bios_size);
- vmstate_register_ram_global(bios);
- memory_region_set_readonly(bios, true);
-
- memory_region_add_subregion(address_space_mem, 0, ram);
- memory_region_add_subregion(address_space_mem, 0x1fc00000LL, bios);
-
- /* We do not support flash operation, just loading pmon.bin as raw BIOS.
- * Please use -L to set the BIOS path and -bios to set bios name. */
-
- if (kernel_filename) {
- loaderparams.ram_size = ram_size;
- loaderparams.kernel_filename = kernel_filename;
- loaderparams.kernel_cmdline = kernel_cmdline;
- loaderparams.initrd_filename = initrd_filename;
- kernel_entry = load_kernel (env);
- write_bootloader(env, memory_region_get_ram_ptr(bios), kernel_entry);
- } else {
- if (bios_name == NULL) {
- bios_name = FULONG_BIOSNAME;
- }
- filename = qemu_find_file(QEMU_FILE_TYPE_BIOS, bios_name);
- if (filename) {
- bios_size = load_image_targphys(filename, 0x1fc00000LL,
- BIOS_SIZE);
- g_free(filename);
- } else {
- bios_size = -1;
- }
-
- if ((bios_size < 0 || bios_size > BIOS_SIZE) && !kernel_filename) {
- fprintf(stderr, "qemu: Could not load MIPS bios '%s'\n", bios_name);
- exit(1);
- }
- }
-
- /* Init internal devices */
- cpu_mips_irq_init_cpu(env);
- cpu_mips_clock_init(env);
-
- /* North bridge, Bonito --> IP2 */
- pci_bus = bonito_init((qemu_irq *)&(env->irq[2]));
-
- /* South bridge */
- ide_drive_get(hd, MAX_IDE_BUS);
-
- isa_bus = vt82c686b_init(pci_bus, PCI_DEVFN(FULONG2E_VIA_SLOT, 0));
- if (!isa_bus) {
- fprintf(stderr, "vt82c686b_init error\n");
- exit(1);
- }
-
- /* Interrupt controller */
- /* The 8259 -> IP5 */
- i8259 = i8259_init(isa_bus, env->irq[5]);
- isa_bus_irqs(isa_bus, i8259);
-
- vt82c686b_ide_init(pci_bus, hd, PCI_DEVFN(FULONG2E_VIA_SLOT, 1));
- pci_create_simple(pci_bus, PCI_DEVFN(FULONG2E_VIA_SLOT, 2),
- "vt82c686b-usb-uhci");
- pci_create_simple(pci_bus, PCI_DEVFN(FULONG2E_VIA_SLOT, 3),
- "vt82c686b-usb-uhci");
-
- smbus = vt82c686b_pm_init(pci_bus, PCI_DEVFN(FULONG2E_VIA_SLOT, 4),
- 0xeee1, NULL);
- /* TODO: Populate SPD eeprom data. */
- smbus_eeprom_init(smbus, 1, eeprom_spd, sizeof(eeprom_spd));
-
- /* init other devices */
- pit = pit_init(isa_bus, 0x40, 0, NULL);
- cpu_exit_irq = qemu_allocate_irqs(cpu_request_exit, NULL, 1);
- DMA_init(0, cpu_exit_irq);
-
- /* Super I/O */
- isa_create_simple(isa_bus, "i8042");
-
- rtc_init(isa_bus, 2000, NULL);
-
- for(i = 0; i < MAX_SERIAL_PORTS; i++) {
- if (serial_hds[i]) {
- serial_isa_init(isa_bus, i, serial_hds[i]);
- }
- }
-
- if (parallel_hds[0]) {
- parallel_init(isa_bus, 0, parallel_hds[0]);
- }
-
- /* Sound card */
- audio_init(pci_bus);
- /* Network card */
- network_init();
-}
-
-static QEMUMachine mips_fulong2e_machine = {
- .name = "fulong2e",
- .desc = "Fulong 2e mini pc",
- .init = mips_fulong2e_init,
-};
-
-static void mips_fulong2e_machine_init(void)
-{
- qemu_register_machine(&mips_fulong2e_machine);
-}
-
-machine_init(mips_fulong2e_machine_init);
diff --git a/hw/mips_int.c b/hw/mips_int.c
deleted file mode 100644
index 6423fd0bd..000000000
--- a/hw/mips_int.c
+++ /dev/null
@@ -1,65 +0,0 @@
-/*
- * QEMU MIPS interrupt support
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
- * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
- * THE SOFTWARE.
- */
-
-#include "hw.h"
-#include "mips_cpudevs.h"
-#include "cpu.h"
-
-static void cpu_mips_irq_request(void *opaque, int irq, int level)
-{
- CPUMIPSState *env = (CPUMIPSState *)opaque;
-
- if (irq < 0 || irq > 7)
- return;
-
- if (level) {
- env->CP0_Cause |= 1 << (irq + CP0Ca_IP);
- } else {
- env->CP0_Cause &= ~(1 << (irq + CP0Ca_IP));
- }
-
- if (env->CP0_Cause & CP0Ca_IP_mask) {
- cpu_interrupt(env, CPU_INTERRUPT_HARD);
- } else {
- cpu_reset_interrupt(env, CPU_INTERRUPT_HARD);
- }
-}
-
-void cpu_mips_irq_init_cpu(CPUMIPSState *env)
-{
- qemu_irq *qi;
- int i;
-
- qi = qemu_allocate_irqs(cpu_mips_irq_request, env, 8);
- for (i = 0; i < 8; i++) {
- env->irq[i] = qi[i];
- }
-}
-
-void cpu_mips_soft_irq(CPUMIPSState *env, int irq, int level)
-{
- if (irq < 0 || irq > 2) {
- return;
- }
-
- qemu_set_irq(env->irq[irq], level);
-}
diff --git a/hw/mips_jazz.c b/hw/mips_jazz.c
deleted file mode 100644
index 084742724..000000000
--- a/hw/mips_jazz.c
+++ /dev/null
@@ -1,343 +0,0 @@
-/*
- * QEMU MIPS Jazz support
- *
- * Copyright (c) 2007-2008 Hervé Poussineau
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
- * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
- * THE SOFTWARE.
- */
-
-#include "hw.h"
-#include "mips.h"
-#include "mips_cpudevs.h"
-#include "pc.h"
-#include "serial.h"
-#include "isa.h"
-#include "fdc.h"
-#include "sysemu.h"
-#include "arch_init.h"
-#include "boards.h"
-#include "net.h"
-#include "esp.h"
-#include "mips-bios.h"
-#include "loader.h"
-#include "mc146818rtc.h"
-#include "i8254.h"
-#include "pcspk.h"
-#include "blockdev.h"
-#include "sysbus.h"
-#include "exec-memory.h"
-
-enum jazz_model_e
-{
- JAZZ_MAGNUM,
- JAZZ_PICA61,
-};
-
-static void main_cpu_reset(void *opaque)
-{
- MIPSCPU *cpu = opaque;
-
- cpu_reset(CPU(cpu));
-}
-
-static uint64_t rtc_read(void *opaque, hwaddr addr, unsigned size)
-{
- return cpu_inw(0x71);
-}
-
-static void rtc_write(void *opaque, hwaddr addr,
- uint64_t val, unsigned size)
-{
- cpu_outw(0x71, val & 0xff);
-}
-
-static const MemoryRegionOps rtc_ops = {
- .read = rtc_read,
- .write = rtc_write,
- .endianness = DEVICE_NATIVE_ENDIAN,
-};
-
-static uint64_t dma_dummy_read(void *opaque, hwaddr addr,
- unsigned size)
-{
- /* Nothing to do. That is only to ensure that
- * the current DMA acknowledge cycle is completed. */
- return 0xff;
-}
-
-static void dma_dummy_write(void *opaque, hwaddr addr,
- uint64_t val, unsigned size)
-{
- /* Nothing to do. That is only to ensure that
- * the current DMA acknowledge cycle is completed. */
-}
-
-static const MemoryRegionOps dma_dummy_ops = {
- .read = dma_dummy_read,
- .write = dma_dummy_write,
- .endianness = DEVICE_NATIVE_ENDIAN,
-};
-
-#define MAGNUM_BIOS_SIZE_MAX 0x7e000
-#define MAGNUM_BIOS_SIZE (BIOS_SIZE < MAGNUM_BIOS_SIZE_MAX ? BIOS_SIZE : MAGNUM_BIOS_SIZE_MAX)
-
-static void cpu_request_exit(void *opaque, int irq, int level)
-{
- CPUMIPSState *env = cpu_single_env;
-
- if (env && level) {
- cpu_exit(env);
- }
-}
-
-static void mips_jazz_init(MemoryRegion *address_space,
- MemoryRegion *address_space_io,
- ram_addr_t ram_size,
- const char *cpu_model,
- enum jazz_model_e jazz_model)
-{
- char *filename;
- int bios_size, n;
- MIPSCPU *cpu;
- CPUMIPSState *env;
- qemu_irq *rc4030, *i8259;
- rc4030_dma *dmas;
- void* rc4030_opaque;
- MemoryRegion *rtc = g_new(MemoryRegion, 1);
- MemoryRegion *i8042 = g_new(MemoryRegion, 1);
- MemoryRegion *dma_dummy = g_new(MemoryRegion, 1);
- NICInfo *nd;
- DeviceState *dev;
- SysBusDevice *sysbus;
- ISABus *isa_bus;
- ISADevice *pit;
- DriveInfo *fds[MAX_FD];
- qemu_irq esp_reset, dma_enable;
- qemu_irq *cpu_exit_irq;
- MemoryRegion *ram = g_new(MemoryRegion, 1);
- MemoryRegion *bios = g_new(MemoryRegion, 1);
- MemoryRegion *bios2 = g_new(MemoryRegion, 1);
-
- /* init CPUs */
- if (cpu_model == NULL) {
-#ifdef TARGET_MIPS64
- cpu_model = "R4000";
-#else
- /* FIXME: All wrong, this maybe should be R3000 for the older JAZZs. */
- cpu_model = "24Kf";
-#endif
- }
- cpu = cpu_mips_init(cpu_model);
- if (cpu == NULL) {
- fprintf(stderr, "Unable to find CPU definition\n");
- exit(1);
- }
- env = &cpu->env;
- qemu_register_reset(main_cpu_reset, cpu);
-
- /* allocate RAM */
- memory_region_init_ram(ram, "mips_jazz.ram", ram_size);
- vmstate_register_ram_global(ram);
- memory_region_add_subregion(address_space, 0, ram);
-
- memory_region_init_ram(bios, "mips_jazz.bios", MAGNUM_BIOS_SIZE);
- vmstate_register_ram_global(bios);
- memory_region_set_readonly(bios, true);
- memory_region_init_alias(bios2, "mips_jazz.bios", bios,
- 0, MAGNUM_BIOS_SIZE);
- memory_region_add_subregion(address_space, 0x1fc00000LL, bios);
- memory_region_add_subregion(address_space, 0xfff00000LL, bios2);
-
- /* load the BIOS image. */
- if (bios_name == NULL)
- bios_name = BIOS_FILENAME;
- filename = qemu_find_file(QEMU_FILE_TYPE_BIOS, bios_name);
- if (filename) {
- bios_size = load_image_targphys(filename, 0xfff00000LL,
- MAGNUM_BIOS_SIZE);
- g_free(filename);
- } else {
- bios_size = -1;
- }
- if (bios_size < 0 || bios_size > MAGNUM_BIOS_SIZE) {
- fprintf(stderr, "qemu: Could not load MIPS bios '%s'\n",
- bios_name);
- exit(1);
- }
-
- /* Init CPU internal devices */
- cpu_mips_irq_init_cpu(env);
- cpu_mips_clock_init(env);
-
- /* Chipset */
- rc4030_opaque = rc4030_init(env->irq[6], env->irq[3], &rc4030, &dmas,
- address_space);
- memory_region_init_io(dma_dummy, &dma_dummy_ops, NULL, "dummy_dma", 0x1000);
- memory_region_add_subregion(address_space, 0x8000d000, dma_dummy);
-
- /* ISA devices */
- isa_bus = isa_bus_new(NULL, address_space_io);
- i8259 = i8259_init(isa_bus, env->irq[4]);
- isa_bus_irqs(isa_bus, i8259);
- cpu_exit_irq = qemu_allocate_irqs(cpu_request_exit, NULL, 1);
- DMA_init(0, cpu_exit_irq);
- pit = pit_init(isa_bus, 0x40, 0, NULL);
- pcspk_init(isa_bus, pit);
-
- /* ISA IO space at 0x90000000 */
- isa_mmio_init(0x90000000, 0x01000000);
- isa_mem_base = 0x11000000;
-
- /* Video card */
- switch (jazz_model) {
- case JAZZ_MAGNUM:
- dev = qdev_create(NULL, "sysbus-g364");
- qdev_init_nofail(dev);
- sysbus = sysbus_from_qdev(dev);
- sysbus_mmio_map(sysbus, 0, 0x60080000);
- sysbus_mmio_map(sysbus, 1, 0x40000000);
- sysbus_connect_irq(sysbus, 0, rc4030[3]);
- {
- /* Simple ROM, so user doesn't have to provide one */
- MemoryRegion *rom_mr = g_new(MemoryRegion, 1);
- memory_region_init_ram(rom_mr, "g364fb.rom", 0x80000);
- vmstate_register_ram_global(rom_mr);
- memory_region_set_readonly(rom_mr, true);
- uint8_t *rom = memory_region_get_ram_ptr(rom_mr);
- memory_region_add_subregion(address_space, 0x60000000, rom_mr);
- rom[0] = 0x10; /* Mips G364 */
- }
- break;
- case JAZZ_PICA61:
- isa_vga_mm_init(0x40000000, 0x60000000, 0, get_system_memory());
- break;
- default:
- break;
- }
-
- /* Network controller */
- for (n = 0; n < nb_nics; n++) {
- nd = &nd_table[n];
- if (!nd->model)
- nd->model = g_strdup("dp83932");
- if (strcmp(nd->model, "dp83932") == 0) {
- dp83932_init(nd, 0x80001000, 2, get_system_memory(), rc4030[4],
- rc4030_opaque, rc4030_dma_memory_rw);
- break;
- } else if (is_help_option(nd->model)) {
- fprintf(stderr, "qemu: Supported NICs: dp83932\n");
- exit(1);
- } else {
- fprintf(stderr, "qemu: Unsupported NIC: %s\n", nd->model);
- exit(1);
- }
- }
-
- /* SCSI adapter */
- esp_init(0x80002000, 0,
- rc4030_dma_read, rc4030_dma_write, dmas[0],
- rc4030[5], &esp_reset, &dma_enable);
-
- /* Floppy */
- if (drive_get_max_bus(IF_FLOPPY) >= MAX_FD) {
- fprintf(stderr, "qemu: too many floppy drives\n");
- exit(1);
- }
- for (n = 0; n < MAX_FD; n++) {
- fds[n] = drive_get(IF_FLOPPY, 0, n);
- }
- fdctrl_init_sysbus(rc4030[1], 0, 0x80003000, fds);
-
- /* Real time clock */
- rtc_init(isa_bus, 1980, NULL);
- memory_region_init_io(rtc, &rtc_ops, NULL, "rtc", 0x1000);
- memory_region_add_subregion(address_space, 0x80004000, rtc);
-
- /* Keyboard (i8042) */
- i8042_mm_init(rc4030[6], rc4030[7], i8042, 0x1000, 0x1);
- memory_region_add_subregion(address_space, 0x80005000, i8042);
-
- /* Serial ports */
- if (serial_hds[0]) {
- serial_mm_init(address_space, 0x80006000, 0, rc4030[8], 8000000/16,
- serial_hds[0], DEVICE_NATIVE_ENDIAN);
- }
- if (serial_hds[1]) {
- serial_mm_init(address_space, 0x80007000, 0, rc4030[9], 8000000/16,
- serial_hds[1], DEVICE_NATIVE_ENDIAN);
- }
-
- /* Parallel port */
- if (parallel_hds[0])
- parallel_mm_init(address_space, 0x80008000, 0, rc4030[0],
- parallel_hds[0]);
-
- /* Sound card */
- /* FIXME: missing Jazz sound at 0x8000c000, rc4030[2] */
- audio_init(isa_bus, NULL);
-
- /* NVRAM */
- dev = qdev_create(NULL, "ds1225y");
- qdev_init_nofail(dev);
- sysbus = sysbus_from_qdev(dev);
- sysbus_mmio_map(sysbus, 0, 0x80009000);
-
- /* LED indicator */
- sysbus_create_simple("jazz-led", 0x8000f000, NULL);
-}
-
-static
-void mips_magnum_init(QEMUMachineInitArgs *args)
-{
- ram_addr_t ram_size = args->ram_size;
- const char *cpu_model = args->cpu_model;
- mips_jazz_init(get_system_memory(), get_system_io(),
- ram_size, cpu_model, JAZZ_MAGNUM);
-}
-
-static
-void mips_pica61_init(QEMUMachineInitArgs *args)
-{
- ram_addr_t ram_size = args->ram_size;
- const char *cpu_model = args->cpu_model;
- mips_jazz_init(get_system_memory(), get_system_io(),
- ram_size, cpu_model, JAZZ_PICA61);
-}
-
-static QEMUMachine mips_magnum_machine = {
- .name = "magnum",
- .desc = "MIPS Magnum",
- .init = mips_magnum_init,
- .use_scsi = 1,
-};
-
-static QEMUMachine mips_pica61_machine = {
- .name = "pica61",
- .desc = "Acer Pica 61",
- .init = mips_pica61_init,
- .use_scsi = 1,
-};
-
-static void mips_jazz_machine_init(void)
-{
- qemu_register_machine(&mips_magnum_machine);
- qemu_register_machine(&mips_pica61_machine);
-}
-
-machine_init(mips_jazz_machine_init);
diff --git a/hw/mips_malta.c b/hw/mips_malta.c
deleted file mode 100644
index 4d2464a02..000000000
--- a/hw/mips_malta.c
+++ /dev/null
@@ -1,1033 +0,0 @@
-/*
- * QEMU Malta board support
- *
- * Copyright (c) 2006 Aurelien Jarno
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
- * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
- * THE SOFTWARE.
- */
-
-#include "hw.h"
-#include "pc.h"
-#include "serial.h"
-#include "fdc.h"
-#include "net.h"
-#include "boards.h"
-#include "smbus.h"
-#include "block.h"
-#include "flash.h"
-#include "mips.h"
-#include "mips_cpudevs.h"
-#include "pci.h"
-#include "qemu-char.h"
-#include "sysemu.h"
-#include "arch_init.h"
-#include "boards.h"
-#include "qemu-log.h"
-#include "mips-bios.h"
-#include "ide.h"
-#include "loader.h"
-#include "elf.h"
-#include "mc146818rtc.h"
-#include "i8254.h"
-#include "blockdev.h"
-#include "exec-memory.h"
-#include "sysbus.h" /* SysBusDevice */
-
-//#define DEBUG_BOARD_INIT
-
-#define ENVP_ADDR 0x80002000l
-#define ENVP_NB_ENTRIES 16
-#define ENVP_ENTRY_SIZE 256
-
-/* Hardware addresses */
-#define FLASH_ADDRESS 0x1e000000ULL
-#define FPGA_ADDRESS 0x1f000000ULL
-#define RESET_ADDRESS 0x1fc00000ULL
-
-#define FLASH_SIZE 0x400000
-
-#define MAX_IDE_BUS 2
-
-typedef struct {
- MemoryRegion iomem;
- MemoryRegion iomem_lo; /* 0 - 0x900 */
- MemoryRegion iomem_hi; /* 0xa00 - 0x100000 */
- uint32_t leds;
- uint32_t brk;
- uint32_t gpout;
- uint32_t i2cin;
- uint32_t i2coe;
- uint32_t i2cout;
- uint32_t i2csel;
- CharDriverState *display;
- char display_text[9];
- SerialState *uart;
-} MaltaFPGAState;
-
-typedef struct {
- SysBusDevice busdev;
- qemu_irq *i8259;
-} MaltaState;
-
-static ISADevice *pit;
-
-static struct _loaderparams {
- int ram_size;
- const char *kernel_filename;
- const char *kernel_cmdline;
- const char *initrd_filename;
-} loaderparams;
-
-/* Malta FPGA */
-static void malta_fpga_update_display(void *opaque)
-{
- char leds_text[9];
- int i;
- MaltaFPGAState *s = opaque;
-
- for (i = 7 ; i >= 0 ; i--) {
- if (s->leds & (1 << i))
- leds_text[i] = '#';
- else
- leds_text[i] = ' ';
- }
- leds_text[8] = '\0';
-
- qemu_chr_fe_printf(s->display, "\e[H\n\n|\e[32m%-8.8s\e[00m|\r\n", leds_text);
- qemu_chr_fe_printf(s->display, "\n\n\n\n|\e[31m%-8.8s\e[00m|", s->display_text);
-}
-
-/*
- * EEPROM 24C01 / 24C02 emulation.
- *
- * Emulation for serial EEPROMs:
- * 24C01 - 1024 bit (128 x 8)
- * 24C02 - 2048 bit (256 x 8)
- *
- * Typical device names include Microchip 24C02SC or SGS Thomson ST24C02.
- */
-
-//~ #define DEBUG
-
-#if defined(DEBUG)
-# define logout(fmt, ...) fprintf(stderr, "MALTA\t%-24s" fmt, __func__, ## __VA_ARGS__)
-#else
-# define logout(fmt, ...) ((void)0)
-#endif
-
-struct _eeprom24c0x_t {
- uint8_t tick;
- uint8_t address;
- uint8_t command;
- uint8_t ack;
- uint8_t scl;
- uint8_t sda;
- uint8_t data;
- //~ uint16_t size;
- uint8_t contents[256];
-};
-
-typedef struct _eeprom24c0x_t eeprom24c0x_t;
-
-static eeprom24c0x_t eeprom = {
- .contents = {
- /* 00000000: */ 0x80,0x08,0x04,0x0D,0x0A,0x01,0x40,0x00,
- /* 00000008: */ 0x01,0x75,0x54,0x00,0x82,0x08,0x00,0x01,
- /* 00000010: */ 0x8F,0x04,0x02,0x01,0x01,0x00,0x0E,0x00,
- /* 00000018: */ 0x00,0x00,0x00,0x14,0x0F,0x14,0x2D,0x40,
- /* 00000020: */ 0x15,0x08,0x15,0x08,0x00,0x00,0x00,0x00,
- /* 00000028: */ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- /* 00000030: */ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- /* 00000038: */ 0x00,0x00,0x00,0x00,0x00,0x00,0x12,0xD0,
- /* 00000040: */ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- /* 00000048: */ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- /* 00000050: */ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- /* 00000058: */ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- /* 00000060: */ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- /* 00000068: */ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- /* 00000070: */ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- /* 00000078: */ 0x00,0x00,0x00,0x00,0x00,0x00,0x64,0xF4,
- },
-};
-
-static uint8_t eeprom24c0x_read(void)
-{
- logout("%u: scl = %u, sda = %u, data = 0x%02x\n",
- eeprom.tick, eeprom.scl, eeprom.sda, eeprom.data);
- return eeprom.sda;
-}
-
-static void eeprom24c0x_write(int scl, int sda)
-{
- if (eeprom.scl && scl && (eeprom.sda != sda)) {
- logout("%u: scl = %u->%u, sda = %u->%u i2c %s\n",
- eeprom.tick, eeprom.scl, scl, eeprom.sda, sda, sda ? "stop" : "start");
- if (!sda) {
- eeprom.tick = 1;
- eeprom.command = 0;
- }
- } else if (eeprom.tick == 0 && !eeprom.ack) {
- /* Waiting for start. */
- logout("%u: scl = %u->%u, sda = %u->%u wait for i2c start\n",
- eeprom.tick, eeprom.scl, scl, eeprom.sda, sda);
- } else if (!eeprom.scl && scl) {
- logout("%u: scl = %u->%u, sda = %u->%u trigger bit\n",
- eeprom.tick, eeprom.scl, scl, eeprom.sda, sda);
- if (eeprom.ack) {
- logout("\ti2c ack bit = 0\n");
- sda = 0;
- eeprom.ack = 0;
- } else if (eeprom.sda == sda) {
- uint8_t bit = (sda != 0);
- logout("\ti2c bit = %d\n", bit);
- if (eeprom.tick < 9) {
- eeprom.command <<= 1;
- eeprom.command += bit;
- eeprom.tick++;
- if (eeprom.tick == 9) {
- logout("\tcommand 0x%04x, %s\n", eeprom.command, bit ? "read" : "write");
- eeprom.ack = 1;
- }
- } else if (eeprom.tick < 17) {
- if (eeprom.command & 1) {
- sda = ((eeprom.data & 0x80) != 0);
- }
- eeprom.address <<= 1;
- eeprom.address += bit;
- eeprom.tick++;
- eeprom.data <<= 1;
- if (eeprom.tick == 17) {
- eeprom.data = eeprom.contents[eeprom.address];
- logout("\taddress 0x%04x, data 0x%02x\n", eeprom.address, eeprom.data);
- eeprom.ack = 1;
- eeprom.tick = 0;
- }
- } else if (eeprom.tick >= 17) {
- sda = 0;
- }
- } else {
- logout("\tsda changed with raising scl\n");
- }
- } else {
- logout("%u: scl = %u->%u, sda = %u->%u\n", eeprom.tick, eeprom.scl, scl, eeprom.sda, sda);
- }
- eeprom.scl = scl;
- eeprom.sda = sda;
-}
-
-static uint64_t malta_fpga_read(void *opaque, hwaddr addr,
- unsigned size)
-{
- MaltaFPGAState *s = opaque;
- uint32_t val = 0;
- uint32_t saddr;
-
- saddr = (addr & 0xfffff);
-
- switch (saddr) {
-
- /* SWITCH Register */
- case 0x00200:
- val = 0x00000000; /* All switches closed */
- break;
-
- /* STATUS Register */
- case 0x00208:
-#ifdef TARGET_WORDS_BIGENDIAN
- val = 0x00000012;
-#else
- val = 0x00000010;
-#endif
- break;
-
- /* JMPRS Register */
- case 0x00210:
- val = 0x00;
- break;
-
- /* LEDBAR Register */
- case 0x00408:
- val = s->leds;
- break;
-
- /* BRKRES Register */
- case 0x00508:
- val = s->brk;
- break;
-
- /* UART Registers are handled directly by the serial device */
-
- /* GPOUT Register */
- case 0x00a00:
- val = s->gpout;
- break;
-
- /* XXX: implement a real I2C controller */
-
- /* GPINP Register */
- case 0x00a08:
- /* IN = OUT until a real I2C control is implemented */
- if (s->i2csel)
- val = s->i2cout;
- else
- val = 0x00;
- break;
-
- /* I2CINP Register */
- case 0x00b00:
- val = ((s->i2cin & ~1) | eeprom24c0x_read());
- break;
-
- /* I2COE Register */
- case 0x00b08:
- val = s->i2coe;
- break;
-
- /* I2COUT Register */
- case 0x00b10:
- val = s->i2cout;
- break;
-
- /* I2CSEL Register */
- case 0x00b18:
- val = s->i2csel;
- break;
-
- default:
-#if 0
- printf ("malta_fpga_read: Bad register offset 0x" TARGET_FMT_lx "\n",
- addr);
-#endif
- break;
- }
- return val;
-}
-
-static void malta_fpga_write(void *opaque, hwaddr addr,
- uint64_t val, unsigned size)
-{
- MaltaFPGAState *s = opaque;
- uint32_t saddr;
-
- saddr = (addr & 0xfffff);
-
- switch (saddr) {
-
- /* SWITCH Register */
- case 0x00200:
- break;
-
- /* JMPRS Register */
- case 0x00210:
- break;
-
- /* LEDBAR Register */
- case 0x00408:
- s->leds = val & 0xff;
- malta_fpga_update_display(s);
- break;
-
- /* ASCIIWORD Register */
- case 0x00410:
- snprintf(s->display_text, 9, "%08X", (uint32_t)val);
- malta_fpga_update_display(s);
- break;
-
- /* ASCIIPOS0 to ASCIIPOS7 Registers */
- case 0x00418:
- case 0x00420:
- case 0x00428:
- case 0x00430:
- case 0x00438:
- case 0x00440:
- case 0x00448:
- case 0x00450:
- s->display_text[(saddr - 0x00418) >> 3] = (char) val;
- malta_fpga_update_display(s);
- break;
-
- /* SOFTRES Register */
- case 0x00500:
- if (val == 0x42)
- qemu_system_reset_request ();
- break;
-
- /* BRKRES Register */
- case 0x00508:
- s->brk = val & 0xff;
- break;
-
- /* UART Registers are handled directly by the serial device */
-
- /* GPOUT Register */
- case 0x00a00:
- s->gpout = val & 0xff;
- break;
-
- /* I2COE Register */
- case 0x00b08:
- s->i2coe = val & 0x03;
- break;
-
- /* I2COUT Register */
- case 0x00b10:
- eeprom24c0x_write(val & 0x02, val & 0x01);
- s->i2cout = val;
- break;
-
- /* I2CSEL Register */
- case 0x00b18:
- s->i2csel = val & 0x01;
- break;
-
- default:
-#if 0
- printf ("malta_fpga_write: Bad register offset 0x" TARGET_FMT_lx "\n",
- addr);
-#endif
- break;
- }
-}
-
-static const MemoryRegionOps malta_fpga_ops = {
- .read = malta_fpga_read,
- .write = malta_fpga_write,
- .endianness = DEVICE_NATIVE_ENDIAN,
-};
-
-static void malta_fpga_reset(void *opaque)
-{
- MaltaFPGAState *s = opaque;
-
- s->leds = 0x00;
- s->brk = 0x0a;
- s->gpout = 0x00;
- s->i2cin = 0x3;
- s->i2coe = 0x0;
- s->i2cout = 0x3;
- s->i2csel = 0x1;
-
- s->display_text[8] = '\0';
- snprintf(s->display_text, 9, " ");
-}
-
-static void malta_fpga_led_init(CharDriverState *chr)
-{
- qemu_chr_fe_printf(chr, "\e[HMalta LEDBAR\r\n");
- qemu_chr_fe_printf(chr, "+--------+\r\n");
- qemu_chr_fe_printf(chr, "+ +\r\n");
- qemu_chr_fe_printf(chr, "+--------+\r\n");
- qemu_chr_fe_printf(chr, "\n");
- qemu_chr_fe_printf(chr, "Malta ASCII\r\n");
- qemu_chr_fe_printf(chr, "+--------+\r\n");
- qemu_chr_fe_printf(chr, "+ +\r\n");
- qemu_chr_fe_printf(chr, "+--------+\r\n");
-}
-
-static MaltaFPGAState *malta_fpga_init(MemoryRegion *address_space,
- hwaddr base, qemu_irq uart_irq, CharDriverState *uart_chr)
-{
- MaltaFPGAState *s;
-
- s = (MaltaFPGAState *)g_malloc0(sizeof(MaltaFPGAState));
-
- memory_region_init_io(&s->iomem, &malta_fpga_ops, s,
- "malta-fpga", 0x100000);
- memory_region_init_alias(&s->iomem_lo, "malta-fpga",
- &s->iomem, 0, 0x900);
- memory_region_init_alias(&s->iomem_hi, "malta-fpga",
- &s->iomem, 0xa00, 0x10000-0xa00);
-
- memory_region_add_subregion(address_space, base, &s->iomem_lo);
- memory_region_add_subregion(address_space, base + 0xa00, &s->iomem_hi);
-
- s->display = qemu_chr_new("fpga", "vc:320x200", malta_fpga_led_init);
-
- s->uart = serial_mm_init(address_space, base + 0x900, 3, uart_irq,
- 230400, uart_chr, DEVICE_NATIVE_ENDIAN);
-
- malta_fpga_reset(s);
- qemu_register_reset(malta_fpga_reset, s);
-
- return s;
-}
-
-/* Network support */
-static void network_init(void)
-{
- int i;
-
- for(i = 0; i < nb_nics; i++) {
- NICInfo *nd = &nd_table[i];
- const char *default_devaddr = NULL;
-
- if (i == 0 && (!nd->model || strcmp(nd->model, "pcnet") == 0))
- /* The malta board has a PCNet card using PCI SLOT 11 */
- default_devaddr = "0b";
-
- pci_nic_init_nofail(nd, "pcnet", default_devaddr);
- }
-}
-
-/* ROM and pseudo bootloader
-
- The following code implements a very very simple bootloader. It first
- loads the registers a0 to a3 to the values expected by the OS, and
- then jump at the kernel address.
-
- The bootloader should pass the locations of the kernel arguments and
- environment variables tables. Those tables contain the 32-bit address
- of NULL terminated strings. The environment variables table should be
- terminated by a NULL address.
-
- For a simpler implementation, the number of kernel arguments is fixed
- to two (the name of the kernel and the command line), and the two
- tables are actually the same one.
-
- The registers a0 to a3 should contain the following values:
- a0 - number of kernel arguments
- a1 - 32-bit address of the kernel arguments table
- a2 - 32-bit address of the environment variables table
- a3 - RAM size in bytes
-*/
-
-static void write_bootloader (CPUMIPSState *env, uint8_t *base,
- int64_t kernel_entry)
-{
- uint32_t *p;
-
- /* Small bootloader */
- p = (uint32_t *)base;
- stl_raw(p++, 0x0bf00160); /* j 0x1fc00580 */
- stl_raw(p++, 0x00000000); /* nop */
-
- /* YAMON service vector */
- stl_raw(base + 0x500, 0xbfc00580); /* start: */
- stl_raw(base + 0x504, 0xbfc0083c); /* print_count: */
- stl_raw(base + 0x520, 0xbfc00580); /* start: */
- stl_raw(base + 0x52c, 0xbfc00800); /* flush_cache: */
- stl_raw(base + 0x534, 0xbfc00808); /* print: */
- stl_raw(base + 0x538, 0xbfc00800); /* reg_cpu_isr: */
- stl_raw(base + 0x53c, 0xbfc00800); /* unred_cpu_isr: */
- stl_raw(base + 0x540, 0xbfc00800); /* reg_ic_isr: */
- stl_raw(base + 0x544, 0xbfc00800); /* unred_ic_isr: */
- stl_raw(base + 0x548, 0xbfc00800); /* reg_esr: */
- stl_raw(base + 0x54c, 0xbfc00800); /* unreg_esr: */
- stl_raw(base + 0x550, 0xbfc00800); /* getchar: */
- stl_raw(base + 0x554, 0xbfc00800); /* syscon_read: */
-
-
- /* Second part of the bootloader */
- p = (uint32_t *) (base + 0x580);
- stl_raw(p++, 0x24040002); /* addiu a0, zero, 2 */
- stl_raw(p++, 0x3c1d0000 | (((ENVP_ADDR - 64) >> 16) & 0xffff)); /* lui sp, high(ENVP_ADDR) */
- stl_raw(p++, 0x37bd0000 | ((ENVP_ADDR - 64) & 0xffff)); /* ori sp, sp, low(ENVP_ADDR) */
- stl_raw(p++, 0x3c050000 | ((ENVP_ADDR >> 16) & 0xffff)); /* lui a1, high(ENVP_ADDR) */
- stl_raw(p++, 0x34a50000 | (ENVP_ADDR & 0xffff)); /* ori a1, a1, low(ENVP_ADDR) */
- stl_raw(p++, 0x3c060000 | (((ENVP_ADDR + 8) >> 16) & 0xffff)); /* lui a2, high(ENVP_ADDR + 8) */
- stl_raw(p++, 0x34c60000 | ((ENVP_ADDR + 8) & 0xffff)); /* ori a2, a2, low(ENVP_ADDR + 8) */
- stl_raw(p++, 0x3c070000 | (loaderparams.ram_size >> 16)); /* lui a3, high(ram_size) */
- stl_raw(p++, 0x34e70000 | (loaderparams.ram_size & 0xffff)); /* ori a3, a3, low(ram_size) */
-
- /* Load BAR registers as done by YAMON */
- stl_raw(p++, 0x3c09b400); /* lui t1, 0xb400 */
-
-#ifdef TARGET_WORDS_BIGENDIAN
- stl_raw(p++, 0x3c08df00); /* lui t0, 0xdf00 */
-#else
- stl_raw(p++, 0x340800df); /* ori t0, r0, 0x00df */
-#endif
- stl_raw(p++, 0xad280068); /* sw t0, 0x0068(t1) */
-
- stl_raw(p++, 0x3c09bbe0); /* lui t1, 0xbbe0 */
-
-#ifdef TARGET_WORDS_BIGENDIAN
- stl_raw(p++, 0x3c08c000); /* lui t0, 0xc000 */
-#else
- stl_raw(p++, 0x340800c0); /* ori t0, r0, 0x00c0 */
-#endif
- stl_raw(p++, 0xad280048); /* sw t0, 0x0048(t1) */
-#ifdef TARGET_WORDS_BIGENDIAN
- stl_raw(p++, 0x3c084000); /* lui t0, 0x4000 */
-#else
- stl_raw(p++, 0x34080040); /* ori t0, r0, 0x0040 */
-#endif
- stl_raw(p++, 0xad280050); /* sw t0, 0x0050(t1) */
-
-#ifdef TARGET_WORDS_BIGENDIAN
- stl_raw(p++, 0x3c088000); /* lui t0, 0x8000 */
-#else
- stl_raw(p++, 0x34080080); /* ori t0, r0, 0x0080 */
-#endif
- stl_raw(p++, 0xad280058); /* sw t0, 0x0058(t1) */
-#ifdef TARGET_WORDS_BIGENDIAN
- stl_raw(p++, 0x3c083f00); /* lui t0, 0x3f00 */
-#else
- stl_raw(p++, 0x3408003f); /* ori t0, r0, 0x003f */
-#endif
- stl_raw(p++, 0xad280060); /* sw t0, 0x0060(t1) */
-
-#ifdef TARGET_WORDS_BIGENDIAN
- stl_raw(p++, 0x3c08c100); /* lui t0, 0xc100 */
-#else
- stl_raw(p++, 0x340800c1); /* ori t0, r0, 0x00c1 */
-#endif
- stl_raw(p++, 0xad280080); /* sw t0, 0x0080(t1) */
-#ifdef TARGET_WORDS_BIGENDIAN
- stl_raw(p++, 0x3c085e00); /* lui t0, 0x5e00 */
-#else
- stl_raw(p++, 0x3408005e); /* ori t0, r0, 0x005e */
-#endif
- stl_raw(p++, 0xad280088); /* sw t0, 0x0088(t1) */
-
- /* Jump to kernel code */
- stl_raw(p++, 0x3c1f0000 | ((kernel_entry >> 16) & 0xffff)); /* lui ra, high(kernel_entry) */
- stl_raw(p++, 0x37ff0000 | (kernel_entry & 0xffff)); /* ori ra, ra, low(kernel_entry) */
- stl_raw(p++, 0x03e00008); /* jr ra */
- stl_raw(p++, 0x00000000); /* nop */
-
- /* YAMON subroutines */
- p = (uint32_t *) (base + 0x800);
- stl_raw(p++, 0x03e00008); /* jr ra */
- stl_raw(p++, 0x24020000); /* li v0,0 */
- /* 808 YAMON print */
- stl_raw(p++, 0x03e06821); /* move t5,ra */
- stl_raw(p++, 0x00805821); /* move t3,a0 */
- stl_raw(p++, 0x00a05021); /* move t2,a1 */
- stl_raw(p++, 0x91440000); /* lbu a0,0(t2) */
- stl_raw(p++, 0x254a0001); /* addiu t2,t2,1 */
- stl_raw(p++, 0x10800005); /* beqz a0,834 */
- stl_raw(p++, 0x00000000); /* nop */
- stl_raw(p++, 0x0ff0021c); /* jal 870 */
- stl_raw(p++, 0x00000000); /* nop */
- stl_raw(p++, 0x08000205); /* j 814 */
- stl_raw(p++, 0x00000000); /* nop */
- stl_raw(p++, 0x01a00008); /* jr t5 */
- stl_raw(p++, 0x01602021); /* move a0,t3 */
- /* 0x83c YAMON print_count */
- stl_raw(p++, 0x03e06821); /* move t5,ra */
- stl_raw(p++, 0x00805821); /* move t3,a0 */
- stl_raw(p++, 0x00a05021); /* move t2,a1 */
- stl_raw(p++, 0x00c06021); /* move t4,a2 */
- stl_raw(p++, 0x91440000); /* lbu a0,0(t2) */
- stl_raw(p++, 0x0ff0021c); /* jal 870 */
- stl_raw(p++, 0x00000000); /* nop */
- stl_raw(p++, 0x254a0001); /* addiu t2,t2,1 */
- stl_raw(p++, 0x258cffff); /* addiu t4,t4,-1 */
- stl_raw(p++, 0x1580fffa); /* bnez t4,84c */
- stl_raw(p++, 0x00000000); /* nop */
- stl_raw(p++, 0x01a00008); /* jr t5 */
- stl_raw(p++, 0x01602021); /* move a0,t3 */
- /* 0x870 */
- stl_raw(p++, 0x3c08b800); /* lui t0,0xb400 */
- stl_raw(p++, 0x350803f8); /* ori t0,t0,0x3f8 */
- stl_raw(p++, 0x91090005); /* lbu t1,5(t0) */
- stl_raw(p++, 0x00000000); /* nop */
- stl_raw(p++, 0x31290040); /* andi t1,t1,0x40 */
- stl_raw(p++, 0x1120fffc); /* beqz t1,878 <outch+0x8> */
- stl_raw(p++, 0x00000000); /* nop */
- stl_raw(p++, 0x03e00008); /* jr ra */
- stl_raw(p++, 0xa1040000); /* sb a0,0(t0) */
-
-}
-
-static void GCC_FMT_ATTR(3, 4) prom_set(uint32_t* prom_buf, int index,
- const char *string, ...)
-{
- va_list ap;
- int32_t table_addr;
-
- if (index >= ENVP_NB_ENTRIES)
- return;
-
- if (string == NULL) {
- prom_buf[index] = 0;
- return;
- }
-
- table_addr = sizeof(int32_t) * ENVP_NB_ENTRIES + index * ENVP_ENTRY_SIZE;
- prom_buf[index] = tswap32(ENVP_ADDR + table_addr);
-
- va_start(ap, string);
- vsnprintf((char *)prom_buf + table_addr, ENVP_ENTRY_SIZE, string, ap);
- va_end(ap);
-}
-
-/* Kernel */
-static int64_t load_kernel (void)
-{
- int64_t kernel_entry, kernel_high;
- long initrd_size;
- ram_addr_t initrd_offset;
- int big_endian;
- uint32_t *prom_buf;
- long prom_size;
- int prom_index = 0;
-
-#ifdef TARGET_WORDS_BIGENDIAN
- big_endian = 1;
-#else
- big_endian = 0;
-#endif
-
- if (load_elf(loaderparams.kernel_filename, cpu_mips_kseg0_to_phys, NULL,
- (uint64_t *)&kernel_entry, NULL, (uint64_t *)&kernel_high,
- big_endian, ELF_MACHINE, 1) < 0) {
- fprintf(stderr, "qemu: could not load kernel '%s'\n",
- loaderparams.kernel_filename);
- exit(1);
- }
-
- /* load initrd */
- initrd_size = 0;
- initrd_offset = 0;
- if (loaderparams.initrd_filename) {
- initrd_size = get_image_size (loaderparams.initrd_filename);
- if (initrd_size > 0) {
- initrd_offset = (kernel_high + ~TARGET_PAGE_MASK) & TARGET_PAGE_MASK;
- if (initrd_offset + initrd_size > ram_size) {
- fprintf(stderr,
- "qemu: memory too small for initial ram disk '%s'\n",
- loaderparams.initrd_filename);
- exit(1);
- }
- initrd_size = load_image_targphys(loaderparams.initrd_filename,
- initrd_offset,
- ram_size - initrd_offset);
- }
- if (initrd_size == (target_ulong) -1) {
- fprintf(stderr, "qemu: could not load initial ram disk '%s'\n",
- loaderparams.initrd_filename);
- exit(1);
- }
- }
-
- /* Setup prom parameters. */
- prom_size = ENVP_NB_ENTRIES * (sizeof(int32_t) + ENVP_ENTRY_SIZE);
- prom_buf = g_malloc(prom_size);
-
- prom_set(prom_buf, prom_index++, "%s", loaderparams.kernel_filename);
- if (initrd_size > 0) {
- prom_set(prom_buf, prom_index++, "rd_start=0x%" PRIx64 " rd_size=%li %s",
- cpu_mips_phys_to_kseg0(NULL, initrd_offset), initrd_size,
- loaderparams.kernel_cmdline);
- } else {
- prom_set(prom_buf, prom_index++, "%s", loaderparams.kernel_cmdline);
- }
-
- prom_set(prom_buf, prom_index++, "memsize");
- prom_set(prom_buf, prom_index++, "%i", loaderparams.ram_size);
- prom_set(prom_buf, prom_index++, "modetty0");
- prom_set(prom_buf, prom_index++, "38400n8r");
- prom_set(prom_buf, prom_index++, NULL);
-
- rom_add_blob_fixed("prom", prom_buf, prom_size,
- cpu_mips_kseg0_to_phys(NULL, ENVP_ADDR));
-
- return kernel_entry;
-}
-
-static void malta_mips_config(CPUMIPSState *env)
-{
- env->mvp->CP0_MVPConf0 |= ((smp_cpus - 1) << CP0MVPC0_PVPE) |
- ((smp_cpus * env->nr_threads - 1) << CP0MVPC0_PTC);
-}
-
-static void main_cpu_reset(void *opaque)
-{
- MIPSCPU *cpu = opaque;
- CPUMIPSState *env = &cpu->env;
-
- cpu_reset(CPU(cpu));
-
- /* The bootloader does not need to be rewritten as it is located in a
- read only location. The kernel location and the arguments table
- location does not change. */
- if (loaderparams.kernel_filename) {
- env->CP0_Status &= ~((1 << CP0St_BEV) | (1 << CP0St_ERL));
- }
-
- malta_mips_config(env);
-}
-
-static void cpu_request_exit(void *opaque, int irq, int level)
-{
- CPUMIPSState *env = cpu_single_env;
-
- if (env && level) {
- cpu_exit(env);
- }
-}
-
-static
-void mips_malta_init(QEMUMachineInitArgs *args)
-{
- ram_addr_t ram_size = args->ram_size;
- const char *cpu_model = args->cpu_model;
- const char *kernel_filename = args->kernel_filename;
- const char *kernel_cmdline = args->kernel_cmdline;
- const char *initrd_filename = args->initrd_filename;
- char *filename;
- pflash_t *fl;
- MemoryRegion *system_memory = get_system_memory();
- MemoryRegion *ram = g_new(MemoryRegion, 1);
- MemoryRegion *bios, *bios_alias = g_new(MemoryRegion, 1);
- target_long bios_size = FLASH_SIZE;
- int64_t kernel_entry;
- PCIBus *pci_bus;
- ISABus *isa_bus;
- MIPSCPU *cpu;
- CPUMIPSState *env;
- qemu_irq *isa_irq;
- qemu_irq *cpu_exit_irq;
- int piix4_devfn;
- i2c_bus *smbus;
- int i;
- DriveInfo *dinfo;
- DriveInfo *hd[MAX_IDE_BUS * MAX_IDE_DEVS];
- DriveInfo *fd[MAX_FD];
- int fl_idx = 0;
- int fl_sectors = bios_size >> 16;
- int be;
-
- DeviceState *dev = qdev_create(NULL, "mips-malta");
- MaltaState *s = DO_UPCAST(MaltaState, busdev.qdev, dev);
-
- qdev_init_nofail(dev);
-
- /* Make sure the first 3 serial ports are associated with a device. */
- for(i = 0; i < 3; i++) {
- if (!serial_hds[i]) {
- char label[32];
- snprintf(label, sizeof(label), "serial%d", i);
- serial_hds[i] = qemu_chr_new(label, "null", NULL);
- }
- }
-
- /* init CPUs */
- if (cpu_model == NULL) {
-#ifdef TARGET_MIPS64
- cpu_model = "20Kc";
-#else
- cpu_model = "24Kf";
-#endif
- }
-
- for (i = 0; i < smp_cpus; i++) {
- cpu = cpu_mips_init(cpu_model);
- if (cpu == NULL) {
- fprintf(stderr, "Unable to find CPU definition\n");
- exit(1);
- }
- env = &cpu->env;
-
- /* Init internal devices */
- cpu_mips_irq_init_cpu(env);
- cpu_mips_clock_init(env);
- qemu_register_reset(main_cpu_reset, cpu);
- }
- env = first_cpu;
-
- /* allocate RAM */
- if (ram_size > (256 << 20)) {
- fprintf(stderr,
- "qemu: Too much memory for this machine: %d MB, maximum 256 MB\n",
- ((unsigned int)ram_size / (1 << 20)));
- exit(1);
- }
- memory_region_init_ram(ram, "mips_malta.ram", ram_size);
- vmstate_register_ram_global(ram);
- memory_region_add_subregion(system_memory, 0, ram);
-
-#ifdef TARGET_WORDS_BIGENDIAN
- be = 1;
-#else
- be = 0;
-#endif
- /* FPGA */
- /* The CBUS UART is attached to the MIPS CPU INT2 pin, ie interrupt 4 */
- malta_fpga_init(system_memory, FPGA_ADDRESS, env->irq[4], serial_hds[2]);
-
- /* Load firmware in flash / BIOS. */
- dinfo = drive_get(IF_PFLASH, 0, fl_idx);
-#ifdef DEBUG_BOARD_INIT
- if (dinfo) {
- printf("Register parallel flash %d size " TARGET_FMT_lx " at "
- "addr %08llx '%s' %x\n",
- fl_idx, bios_size, FLASH_ADDRESS,
- bdrv_get_device_name(dinfo->bdrv), fl_sectors);
- }
-#endif
- fl = pflash_cfi01_register(FLASH_ADDRESS, NULL, "mips_malta.bios",
- BIOS_SIZE, dinfo ? dinfo->bdrv : NULL,
- 65536, fl_sectors,
- 4, 0x0000, 0x0000, 0x0000, 0x0000, be);
- bios = pflash_cfi01_get_memory(fl);
- fl_idx++;
- if (kernel_filename) {
- /* Write a small bootloader to the flash location. */
- loaderparams.ram_size = ram_size;
- loaderparams.kernel_filename = kernel_filename;
- loaderparams.kernel_cmdline = kernel_cmdline;
- loaderparams.initrd_filename = initrd_filename;
- kernel_entry = load_kernel();
- write_bootloader(env, memory_region_get_ram_ptr(bios), kernel_entry);
- } else {
- /* Load firmware from flash. */
- if (!dinfo) {
- /* Load a BIOS image. */
- if (bios_name == NULL) {
- bios_name = BIOS_FILENAME;
- }
- filename = qemu_find_file(QEMU_FILE_TYPE_BIOS, bios_name);
- if (filename) {
- bios_size = load_image_targphys(filename, FLASH_ADDRESS,
- BIOS_SIZE);
- g_free(filename);
- } else {
- bios_size = -1;
- }
- if ((bios_size < 0 || bios_size > BIOS_SIZE) && !kernel_filename) {
- fprintf(stderr,
- "qemu: Could not load MIPS bios '%s', and no -kernel argument was specified\n",
- bios_name);
- exit(1);
- }
- }
- /* In little endian mode the 32bit words in the bios are swapped,
- a neat trick which allows bi-endian firmware. */
-#ifndef TARGET_WORDS_BIGENDIAN
- {
- uint32_t *addr = memory_region_get_ram_ptr(bios);
- uint32_t *end = addr + bios_size;
- while (addr < end) {
- bswap32s(addr);
- addr++;
- }
- }
-#endif
- }
-
- /* Map the BIOS at a 2nd physical location, as on the real board. */
- memory_region_init_alias(bios_alias, "bios.1fc", bios, 0, BIOS_SIZE);
- memory_region_add_subregion(system_memory, RESET_ADDRESS, bios_alias);
-
- /* Board ID = 0x420 (Malta Board with CoreLV)
- XXX: theoretically 0x1e000010 should map to flash and 0x1fc00010 should
- map to the board ID. */
- stl_p(memory_region_get_ram_ptr(bios) + 0x10, 0x00000420);
-
- /* Init internal devices */
- cpu_mips_irq_init_cpu(env);
- cpu_mips_clock_init(env);
-
- /*
- * We have a circular dependency problem: pci_bus depends on isa_irq,
- * isa_irq is provided by i8259, i8259 depends on ISA, ISA depends
- * on piix4, and piix4 depends on pci_bus. To stop the cycle we have
- * qemu_irq_proxy() adds an extra bit of indirection, allowing us
- * to resolve the isa_irq -> i8259 dependency after i8259 is initialized.
- */
- isa_irq = qemu_irq_proxy(&s->i8259, 16);
-
- /* Northbridge */
- pci_bus = gt64120_register(isa_irq);
-
- /* Southbridge */
- ide_drive_get(hd, MAX_IDE_BUS);
-
- piix4_devfn = piix4_init(pci_bus, &isa_bus, 80);
-
- /* Interrupt controller */
- /* The 8259 is attached to the MIPS CPU INT0 pin, ie interrupt 2 */
- s->i8259 = i8259_init(isa_bus, env->irq[2]);
-
- isa_bus_irqs(isa_bus, s->i8259);
- pci_piix4_ide_init(pci_bus, hd, piix4_devfn + 1);
- pci_create_simple(pci_bus, piix4_devfn + 2, "piix4-usb-uhci");
- smbus = piix4_pm_init(pci_bus, piix4_devfn + 3, 0x1100,
- isa_get_irq(NULL, 9), NULL, 0, NULL);
- /* TODO: Populate SPD eeprom data. */
- smbus_eeprom_init(smbus, 8, NULL, 0);
- pit = pit_init(isa_bus, 0x40, 0, NULL);
- cpu_exit_irq = qemu_allocate_irqs(cpu_request_exit, NULL, 1);
- DMA_init(0, cpu_exit_irq);
-
- /* Super I/O */
- isa_create_simple(isa_bus, "i8042");
-
- rtc_init(isa_bus, 2000, NULL);
- serial_isa_init(isa_bus, 0, serial_hds[0]);
- serial_isa_init(isa_bus, 1, serial_hds[1]);
- if (parallel_hds[0])
- parallel_init(isa_bus, 0, parallel_hds[0]);
- for(i = 0; i < MAX_FD; i++) {
- fd[i] = drive_get(IF_FLOPPY, 0, i);
- }
- fdctrl_init_isa(isa_bus, fd);
-
- /* Sound card */
- audio_init(isa_bus, pci_bus);
-
- /* Network card */
- network_init();
-
- /* Optional PCI video card */
- pci_vga_init(pci_bus);
-}
-
-static int mips_malta_sysbus_device_init(SysBusDevice *sysbusdev)
-{
- return 0;
-}
-
-static void mips_malta_class_init(ObjectClass *klass, void *data)
-{
- SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
-
- k->init = mips_malta_sysbus_device_init;
-}
-
-static TypeInfo mips_malta_device = {
- .name = "mips-malta",
- .parent = TYPE_SYS_BUS_DEVICE,
- .instance_size = sizeof(MaltaState),
- .class_init = mips_malta_class_init,
-};
-
-static QEMUMachine mips_malta_machine = {
- .name = "malta",
- .desc = "MIPS Malta Core LV",
- .init = mips_malta_init,
- .max_cpus = 16,
- .is_default = 1,
-};
-
-static void mips_malta_register_types(void)
-{
- type_register_static(&mips_malta_device);
-}
-
-static void mips_malta_machine_init(void)
-{
- qemu_register_machine(&mips_malta_machine);
-}
-
-type_init(mips_malta_register_types)
-machine_init(mips_malta_machine_init);
diff --git a/hw/mips_mipssim.c b/hw/mips_mipssim.c
deleted file mode 100644
index a95a3c1f1..000000000
--- a/hw/mips_mipssim.c
+++ /dev/null
@@ -1,238 +0,0 @@
-/*
- * QEMU/mipssim emulation
- *
- * Emulates a very simple machine model similar to the one used by the
- * proprietary MIPS emulator.
- *
- * Copyright (c) 2007 Thiemo Seufer
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
- * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
- * THE SOFTWARE.
- */
-#include "hw.h"
-#include "mips.h"
-#include "mips_cpudevs.h"
-#include "serial.h"
-#include "isa.h"
-#include "net.h"
-#include "sysemu.h"
-#include "boards.h"
-#include "mips-bios.h"
-#include "loader.h"
-#include "elf.h"
-#include "sysbus.h"
-#include "exec-memory.h"
-
-static struct _loaderparams {
- int ram_size;
- const char *kernel_filename;
- const char *kernel_cmdline;
- const char *initrd_filename;
-} loaderparams;
-
-typedef struct ResetData {
- MIPSCPU *cpu;
- uint64_t vector;
-} ResetData;
-
-static int64_t load_kernel(void)
-{
- int64_t entry, kernel_high;
- long kernel_size;
- long initrd_size;
- ram_addr_t initrd_offset;
- int big_endian;
-
-#ifdef TARGET_WORDS_BIGENDIAN
- big_endian = 1;
-#else
- big_endian = 0;
-#endif
-
- kernel_size = load_elf(loaderparams.kernel_filename, cpu_mips_kseg0_to_phys,
- NULL, (uint64_t *)&entry, NULL,
- (uint64_t *)&kernel_high, big_endian,
- ELF_MACHINE, 1);
- if (kernel_size >= 0) {
- if ((entry & ~0x7fffffffULL) == 0x80000000)
- entry = (int32_t)entry;
- } else {
- fprintf(stderr, "qemu: could not load kernel '%s'\n",
- loaderparams.kernel_filename);
- exit(1);
- }
-
- /* load initrd */
- initrd_size = 0;
- initrd_offset = 0;
- if (loaderparams.initrd_filename) {
- initrd_size = get_image_size (loaderparams.initrd_filename);
- if (initrd_size > 0) {
- initrd_offset = (kernel_high + ~TARGET_PAGE_MASK) & TARGET_PAGE_MASK;
- if (initrd_offset + initrd_size > loaderparams.ram_size) {
- fprintf(stderr,
- "qemu: memory too small for initial ram disk '%s'\n",
- loaderparams.initrd_filename);
- exit(1);
- }
- initrd_size = load_image_targphys(loaderparams.initrd_filename,
- initrd_offset, loaderparams.ram_size - initrd_offset);
- }
- if (initrd_size == (target_ulong) -1) {
- fprintf(stderr, "qemu: could not load initial ram disk '%s'\n",
- loaderparams.initrd_filename);
- exit(1);
- }
- }
- return entry;
-}
-
-static void main_cpu_reset(void *opaque)
-{
- ResetData *s = (ResetData *)opaque;
- CPUMIPSState *env = &s->cpu->env;
-
- cpu_reset(CPU(s->cpu));
- env->active_tc.PC = s->vector & ~(target_ulong)1;
- if (s->vector & 1) {
- env->hflags |= MIPS_HFLAG_M16;
- }
-}
-
-static void mipsnet_init(int base, qemu_irq irq, NICInfo *nd)
-{
- DeviceState *dev;
- SysBusDevice *s;
-
- dev = qdev_create(NULL, "mipsnet");
- qdev_set_nic_properties(dev, nd);
- qdev_init_nofail(dev);
-
- s = sysbus_from_qdev(dev);
- sysbus_connect_irq(s, 0, irq);
- memory_region_add_subregion(get_system_io(),
- base,
- sysbus_mmio_get_region(s, 0));
-}
-
-static void
-mips_mipssim_init(QEMUMachineInitArgs *args)
-{
- ram_addr_t ram_size = args->ram_size;
- const char *cpu_model = args->cpu_model;
- const char *kernel_filename = args->kernel_filename;
- const char *kernel_cmdline = args->kernel_cmdline;
- const char *initrd_filename = args->initrd_filename;
- char *filename;
- MemoryRegion *address_space_mem = get_system_memory();
- MemoryRegion *ram = g_new(MemoryRegion, 1);
- MemoryRegion *bios = g_new(MemoryRegion, 1);
- MIPSCPU *cpu;
- CPUMIPSState *env;
- ResetData *reset_info;
- int bios_size;
-
- /* Init CPUs. */
- if (cpu_model == NULL) {
-#ifdef TARGET_MIPS64
- cpu_model = "5Kf";
-#else
- cpu_model = "24Kf";
-#endif
- }
- cpu = cpu_mips_init(cpu_model);
- if (cpu == NULL) {
- fprintf(stderr, "Unable to find CPU definition\n");
- exit(1);
- }
- env = &cpu->env;
-
- reset_info = g_malloc0(sizeof(ResetData));
- reset_info->cpu = cpu;
- reset_info->vector = env->active_tc.PC;
- qemu_register_reset(main_cpu_reset, reset_info);
-
- /* Allocate RAM. */
- memory_region_init_ram(ram, "mips_mipssim.ram", ram_size);
- vmstate_register_ram_global(ram);
- memory_region_init_ram(bios, "mips_mipssim.bios", BIOS_SIZE);
- vmstate_register_ram_global(bios);
- memory_region_set_readonly(bios, true);
-
- memory_region_add_subregion(address_space_mem, 0, ram);
-
- /* Map the BIOS / boot exception handler. */
- memory_region_add_subregion(address_space_mem, 0x1fc00000LL, bios);
- /* Load a BIOS / boot exception handler image. */
- if (bios_name == NULL)
- bios_name = BIOS_FILENAME;
- filename = qemu_find_file(QEMU_FILE_TYPE_BIOS, bios_name);
- if (filename) {
- bios_size = load_image_targphys(filename, 0x1fc00000LL, BIOS_SIZE);
- g_free(filename);
- } else {
- bios_size = -1;
- }
- if ((bios_size < 0 || bios_size > BIOS_SIZE) && !kernel_filename) {
- /* Bail out if we have neither a kernel image nor boot vector code. */
- fprintf(stderr,
- "qemu: Could not load MIPS bios '%s', and no -kernel argument was specified\n",
- filename);
- exit(1);
- } else {
- /* We have a boot vector start address. */
- env->active_tc.PC = (target_long)(int32_t)0xbfc00000;
- }
-
- if (kernel_filename) {
- loaderparams.ram_size = ram_size;
- loaderparams.kernel_filename = kernel_filename;
- loaderparams.kernel_cmdline = kernel_cmdline;
- loaderparams.initrd_filename = initrd_filename;
- reset_info->vector = load_kernel();
- }
-
- /* Init CPU internal devices. */
- cpu_mips_irq_init_cpu(env);
- cpu_mips_clock_init(env);
-
- /* Register 64 KB of ISA IO space at 0x1fd00000. */
- isa_mmio_init(0x1fd00000, 0x00010000);
-
- /* A single 16450 sits at offset 0x3f8. It is attached to
- MIPS CPU INT2, which is interrupt 4. */
- if (serial_hds[0])
- serial_init(0x3f8, env->irq[4], 115200, serial_hds[0]);
-
- if (nd_table[0].used)
- /* MIPSnet uses the MIPS CPU INT0, which is interrupt 2. */
- mipsnet_init(0x4200, env->irq[2], &nd_table[0]);
-}
-
-static QEMUMachine mips_mipssim_machine = {
- .name = "mipssim",
- .desc = "MIPS MIPSsim platform",
- .init = mips_mipssim_init,
-};
-
-static void mips_mipssim_machine_init(void)
-{
- qemu_register_machine(&mips_mipssim_machine);
-}
-
-machine_init(mips_mipssim_machine_init);
diff --git a/hw/mips_r4k.c b/hw/mips_r4k.c
deleted file mode 100644
index 325098a43..000000000
--- a/hw/mips_r4k.c
+++ /dev/null
@@ -1,312 +0,0 @@
-/*
- * QEMU/MIPS pseudo-board
- *
- * emulates a simple machine with ISA-like bus.
- * ISA IO space mapped to the 0x14000000 (PHYS) and
- * ISA memory at the 0x10000000 (PHYS, 16Mb in size).
- * All peripherial devices are attached to this "bus" with
- * the standard PC ISA addresses.
-*/
-#include "hw.h"
-#include "mips.h"
-#include "mips_cpudevs.h"
-#include "pc.h"
-#include "serial.h"
-#include "isa.h"
-#include "net.h"
-#include "sysemu.h"
-#include "boards.h"
-#include "flash.h"
-#include "qemu-log.h"
-#include "mips-bios.h"
-#include "ide.h"
-#include "loader.h"
-#include "elf.h"
-#include "mc146818rtc.h"
-#include "i8254.h"
-#include "blockdev.h"
-#include "exec-memory.h"
-
-#define MAX_IDE_BUS 2
-
-static const int ide_iobase[2] = { 0x1f0, 0x170 };
-static const int ide_iobase2[2] = { 0x3f6, 0x376 };
-static const int ide_irq[2] = { 14, 15 };
-
-static ISADevice *pit; /* PIT i8254 */
-
-/* i8254 PIT is attached to the IRQ0 at PIC i8259 */
-
-static struct _loaderparams {
- int ram_size;
- const char *kernel_filename;
- const char *kernel_cmdline;
- const char *initrd_filename;
-} loaderparams;
-
-static void mips_qemu_write (void *opaque, hwaddr addr,
- uint64_t val, unsigned size)
-{
- if ((addr & 0xffff) == 0 && val == 42)
- qemu_system_reset_request ();
- else if ((addr & 0xffff) == 4 && val == 42)
- qemu_system_shutdown_request ();
-}
-
-static uint64_t mips_qemu_read (void *opaque, hwaddr addr,
- unsigned size)
-{
- return 0;
-}
-
-static const MemoryRegionOps mips_qemu_ops = {
- .read = mips_qemu_read,
- .write = mips_qemu_write,
- .endianness = DEVICE_NATIVE_ENDIAN,
-};
-
-typedef struct ResetData {
- MIPSCPU *cpu;
- uint64_t vector;
-} ResetData;
-
-static int64_t load_kernel(void)
-{
- int64_t entry, kernel_high;
- long kernel_size, initrd_size, params_size;
- ram_addr_t initrd_offset;
- uint32_t *params_buf;
- int big_endian;
-
-#ifdef TARGET_WORDS_BIGENDIAN
- big_endian = 1;
-#else
- big_endian = 0;
-#endif
- kernel_size = load_elf(loaderparams.kernel_filename, cpu_mips_kseg0_to_phys,
- NULL, (uint64_t *)&entry, NULL,
- (uint64_t *)&kernel_high, big_endian,
- ELF_MACHINE, 1);
- if (kernel_size >= 0) {
- if ((entry & ~0x7fffffffULL) == 0x80000000)
- entry = (int32_t)entry;
- } else {
- fprintf(stderr, "qemu: could not load kernel '%s'\n",
- loaderparams.kernel_filename);
- exit(1);
- }
-
- /* load initrd */
- initrd_size = 0;
- initrd_offset = 0;
- if (loaderparams.initrd_filename) {
- initrd_size = get_image_size (loaderparams.initrd_filename);
- if (initrd_size > 0) {
- initrd_offset = (kernel_high + ~TARGET_PAGE_MASK) & TARGET_PAGE_MASK;
- if (initrd_offset + initrd_size > ram_size) {
- fprintf(stderr,
- "qemu: memory too small for initial ram disk '%s'\n",
- loaderparams.initrd_filename);
- exit(1);
- }
- initrd_size = load_image_targphys(loaderparams.initrd_filename,
- initrd_offset,
- ram_size - initrd_offset);
- }
- if (initrd_size == (target_ulong) -1) {
- fprintf(stderr, "qemu: could not load initial ram disk '%s'\n",
- loaderparams.initrd_filename);
- exit(1);
- }
- }
-
- /* Store command line. */
- params_size = 264;
- params_buf = g_malloc(params_size);
-
- params_buf[0] = tswap32(ram_size);
- params_buf[1] = tswap32(0x12345678);
-
- if (initrd_size > 0) {
- snprintf((char *)params_buf + 8, 256, "rd_start=0x%" PRIx64 " rd_size=%li %s",
- cpu_mips_phys_to_kseg0(NULL, initrd_offset),
- initrd_size, loaderparams.kernel_cmdline);
- } else {
- snprintf((char *)params_buf + 8, 256, "%s", loaderparams.kernel_cmdline);
- }
-
- rom_add_blob_fixed("params", params_buf, params_size,
- (16 << 20) - 264);
-
- return entry;
-}
-
-static void main_cpu_reset(void *opaque)
-{
- ResetData *s = (ResetData *)opaque;
- CPUMIPSState *env = &s->cpu->env;
-
- cpu_reset(CPU(s->cpu));
- env->active_tc.PC = s->vector;
-}
-
-static const int sector_len = 32 * 1024;
-static
-void mips_r4k_init(QEMUMachineInitArgs *args)
-{
- ram_addr_t ram_size = args->ram_size;
- const char *cpu_model = args->cpu_model;
- const char *kernel_filename = args->kernel_filename;
- const char *kernel_cmdline = args->kernel_cmdline;
- const char *initrd_filename = args->initrd_filename;
- char *filename;
- MemoryRegion *address_space_mem = get_system_memory();
- MemoryRegion *ram = g_new(MemoryRegion, 1);
- MemoryRegion *bios;
- MemoryRegion *iomem = g_new(MemoryRegion, 1);
- int bios_size;
- MIPSCPU *cpu;
- CPUMIPSState *env;
- ResetData *reset_info;
- int i;
- qemu_irq *i8259;
- ISABus *isa_bus;
- DriveInfo *hd[MAX_IDE_BUS * MAX_IDE_DEVS];
- DriveInfo *dinfo;
- int be;
-
- /* init CPUs */
- if (cpu_model == NULL) {
-#ifdef TARGET_MIPS64
- cpu_model = "R4000";
-#else
- cpu_model = "24Kf";
-#endif
- }
- cpu = cpu_mips_init(cpu_model);
- if (cpu == NULL) {
- fprintf(stderr, "Unable to find CPU definition\n");
- exit(1);
- }
- env = &cpu->env;
-
- reset_info = g_malloc0(sizeof(ResetData));
- reset_info->cpu = cpu;
- reset_info->vector = env->active_tc.PC;
- qemu_register_reset(main_cpu_reset, reset_info);
-
- /* allocate RAM */
- if (ram_size > (256 << 20)) {
- fprintf(stderr,
- "qemu: Too much memory for this machine: %d MB, maximum 256 MB\n",
- ((unsigned int)ram_size / (1 << 20)));
- exit(1);
- }
- memory_region_init_ram(ram, "mips_r4k.ram", ram_size);
- vmstate_register_ram_global(ram);
-
- memory_region_add_subregion(address_space_mem, 0, ram);
-
- memory_region_init_io(iomem, &mips_qemu_ops, NULL, "mips-qemu", 0x10000);
- memory_region_add_subregion(address_space_mem, 0x1fbf0000, iomem);
-
- /* Try to load a BIOS image. If this fails, we continue regardless,
- but initialize the hardware ourselves. When a kernel gets
- preloaded we also initialize the hardware, since the BIOS wasn't
- run. */
- if (bios_name == NULL)
- bios_name = BIOS_FILENAME;
- filename = qemu_find_file(QEMU_FILE_TYPE_BIOS, bios_name);
- if (filename) {
- bios_size = get_image_size(filename);
- } else {
- bios_size = -1;
- }
-#ifdef TARGET_WORDS_BIGENDIAN
- be = 1;
-#else
- be = 0;
-#endif
- if ((bios_size > 0) && (bios_size <= BIOS_SIZE)) {
- bios = g_new(MemoryRegion, 1);
- memory_region_init_ram(bios, "mips_r4k.bios", BIOS_SIZE);
- vmstate_register_ram_global(bios);
- memory_region_set_readonly(bios, true);
- memory_region_add_subregion(get_system_memory(), 0x1fc00000, bios);
-
- load_image_targphys(filename, 0x1fc00000, BIOS_SIZE);
- } else if ((dinfo = drive_get(IF_PFLASH, 0, 0)) != NULL) {
- uint32_t mips_rom = 0x00400000;
- if (!pflash_cfi01_register(0x1fc00000, NULL, "mips_r4k.bios", mips_rom,
- dinfo->bdrv, sector_len,
- mips_rom / sector_len,
- 4, 0, 0, 0, 0, be)) {
- fprintf(stderr, "qemu: Error registering flash memory.\n");
- }
- }
- else {
- /* not fatal */
- fprintf(stderr, "qemu: Warning, could not load MIPS bios '%s'\n",
- bios_name);
- }
- if (filename) {
- g_free(filename);
- }
-
- if (kernel_filename) {
- loaderparams.ram_size = ram_size;
- loaderparams.kernel_filename = kernel_filename;
- loaderparams.kernel_cmdline = kernel_cmdline;
- loaderparams.initrd_filename = initrd_filename;
- reset_info->vector = load_kernel();
- }
-
- /* Init CPU internal devices */
- cpu_mips_irq_init_cpu(env);
- cpu_mips_clock_init(env);
-
- /* The PIC is attached to the MIPS CPU INT0 pin */
- isa_bus = isa_bus_new(NULL, get_system_io());
- i8259 = i8259_init(isa_bus, env->irq[2]);
- isa_bus_irqs(isa_bus, i8259);
-
- rtc_init(isa_bus, 2000, NULL);
-
- /* Register 64 KB of ISA IO space at 0x14000000 */
- isa_mmio_init(0x14000000, 0x00010000);
- isa_mem_base = 0x10000000;
-
- pit = pit_init(isa_bus, 0x40, 0, NULL);
-
- for(i = 0; i < MAX_SERIAL_PORTS; i++) {
- if (serial_hds[i]) {
- serial_isa_init(isa_bus, i, serial_hds[i]);
- }
- }
-
- isa_vga_init(isa_bus);
-
- if (nd_table[0].used)
- isa_ne2000_init(isa_bus, 0x300, 9, &nd_table[0]);
-
- ide_drive_get(hd, MAX_IDE_BUS);
- for(i = 0; i < MAX_IDE_BUS; i++)
- isa_ide_init(isa_bus, ide_iobase[i], ide_iobase2[i], ide_irq[i],
- hd[MAX_IDE_DEVS * i],
- hd[MAX_IDE_DEVS * i + 1]);
-
- isa_create_simple(isa_bus, "i8042");
-}
-
-static QEMUMachine mips_machine = {
- .name = "mips",
- .desc = "mips r4k platform",
- .init = mips_r4k_init,
-};
-
-static void mips_machine_init(void)
-{
- qemu_register_machine(&mips_machine);
-}
-
-machine_init(mips_machine_init);
diff --git a/hw/mips_timer.c b/hw/mips_timer.c
deleted file mode 100644
index 7aa9004a0..000000000
--- a/hw/mips_timer.c
+++ /dev/null
@@ -1,147 +0,0 @@
-/*
- * QEMU MIPS timer support
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
- * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
- * THE SOFTWARE.
- */
-
-#include "hw.h"
-#include "mips_cpudevs.h"
-#include "qemu-timer.h"
-
-#define TIMER_FREQ 100 * 1000 * 1000
-
-/* XXX: do not use a global */
-uint32_t cpu_mips_get_random (CPUMIPSState *env)
-{
- static uint32_t lfsr = 1;
- static uint32_t prev_idx = 0;
- uint32_t idx;
- /* Don't return same value twice, so get another value */
- do {
- lfsr = (lfsr >> 1) ^ (-(lfsr & 1u) & 0xd0000001u);
- idx = lfsr % (env->tlb->nb_tlb - env->CP0_Wired) + env->CP0_Wired;
- } while (idx == prev_idx);
- prev_idx = idx;
- return idx;
-}
-
-/* MIPS R4K timer */
-static void cpu_mips_timer_update(CPUMIPSState *env)
-{
- uint64_t now, next;
- uint32_t wait;
-
- now = qemu_get_clock_ns(vm_clock);
- wait = env->CP0_Compare - env->CP0_Count -
- (uint32_t)muldiv64(now, TIMER_FREQ, get_ticks_per_sec());
- next = now + muldiv64(wait, get_ticks_per_sec(), TIMER_FREQ);
- qemu_mod_timer(env->timer, next);
-}
-
-/* Expire the timer. */
-static void cpu_mips_timer_expire(CPUMIPSState *env)
-{
- cpu_mips_timer_update(env);
- if (env->insn_flags & ISA_MIPS32R2) {
- env->CP0_Cause |= 1 << CP0Ca_TI;
- }
- qemu_irq_raise(env->irq[(env->CP0_IntCtl >> CP0IntCtl_IPTI) & 0x7]);
-}
-
-uint32_t cpu_mips_get_count (CPUMIPSState *env)
-{
- if (env->CP0_Cause & (1 << CP0Ca_DC)) {
- return env->CP0_Count;
- } else {
- uint64_t now;
-
- now = qemu_get_clock_ns(vm_clock);
- if (qemu_timer_pending(env->timer)
- && qemu_timer_expired(env->timer, now)) {
- /* The timer has already expired. */
- cpu_mips_timer_expire(env);
- }
-
- return env->CP0_Count +
- (uint32_t)muldiv64(now, TIMER_FREQ, get_ticks_per_sec());
- }
-}
-
-void cpu_mips_store_count (CPUMIPSState *env, uint32_t count)
-{
- if (env->CP0_Cause & (1 << CP0Ca_DC))
- env->CP0_Count = count;
- else {
- /* Store new count register */
- env->CP0_Count =
- count - (uint32_t)muldiv64(qemu_get_clock_ns(vm_clock),
- TIMER_FREQ, get_ticks_per_sec());
- /* Update timer timer */
- cpu_mips_timer_update(env);
- }
-}
-
-void cpu_mips_store_compare (CPUMIPSState *env, uint32_t value)
-{
- env->CP0_Compare = value;
- if (!(env->CP0_Cause & (1 << CP0Ca_DC)))
- cpu_mips_timer_update(env);
- if (env->insn_flags & ISA_MIPS32R2)
- env->CP0_Cause &= ~(1 << CP0Ca_TI);
- qemu_irq_lower(env->irq[(env->CP0_IntCtl >> CP0IntCtl_IPTI) & 0x7]);
-}
-
-void cpu_mips_start_count(CPUMIPSState *env)
-{
- cpu_mips_store_count(env, env->CP0_Count);
-}
-
-void cpu_mips_stop_count(CPUMIPSState *env)
-{
- /* Store the current value */
- env->CP0_Count += (uint32_t)muldiv64(qemu_get_clock_ns(vm_clock),
- TIMER_FREQ, get_ticks_per_sec());
-}
-
-static void mips_timer_cb (void *opaque)
-{
- CPUMIPSState *env;
-
- env = opaque;
-#if 0
- qemu_log("%s\n", __func__);
-#endif
-
- if (env->CP0_Cause & (1 << CP0Ca_DC))
- return;
-
- /* ??? This callback should occur when the counter is exactly equal to
- the comparator value. Offset the count by one to avoid immediately
- retriggering the callback before any virtual time has passed. */
- env->CP0_Count++;
- cpu_mips_timer_expire(env);
- env->CP0_Count--;
-}
-
-void cpu_mips_clock_init (CPUMIPSState *env)
-{
- env->timer = qemu_new_timer_ns(vm_clock, &mips_timer_cb, env);
- env->CP0_Compare = 0;
- cpu_mips_store_count(env, 1);
-}
diff --git a/hw/mipsnet.c b/hw/mipsnet.c
deleted file mode 100644
index bece332c4..000000000
--- a/hw/mipsnet.c
+++ /dev/null
@@ -1,284 +0,0 @@
-#include "hw.h"
-#include "net.h"
-#include "trace.h"
-#include "sysbus.h"
-
-/* MIPSnet register offsets */
-
-#define MIPSNET_DEV_ID 0x00
-#define MIPSNET_BUSY 0x08
-#define MIPSNET_RX_DATA_COUNT 0x0c
-#define MIPSNET_TX_DATA_COUNT 0x10
-#define MIPSNET_INT_CTL 0x14
-# define MIPSNET_INTCTL_TXDONE 0x00000001
-# define MIPSNET_INTCTL_RXDONE 0x00000002
-# define MIPSNET_INTCTL_TESTBIT 0x80000000
-#define MIPSNET_INTERRUPT_INFO 0x18
-#define MIPSNET_RX_DATA_BUFFER 0x1c
-#define MIPSNET_TX_DATA_BUFFER 0x20
-
-#define MAX_ETH_FRAME_SIZE 1514
-
-typedef struct MIPSnetState {
- SysBusDevice busdev;
-
- uint32_t busy;
- uint32_t rx_count;
- uint32_t rx_read;
- uint32_t tx_count;
- uint32_t tx_written;
- uint32_t intctl;
- uint8_t rx_buffer[MAX_ETH_FRAME_SIZE];
- uint8_t tx_buffer[MAX_ETH_FRAME_SIZE];
- MemoryRegion io;
- qemu_irq irq;
- NICState *nic;
- NICConf conf;
-} MIPSnetState;
-
-static void mipsnet_reset(MIPSnetState *s)
-{
- s->busy = 1;
- s->rx_count = 0;
- s->rx_read = 0;
- s->tx_count = 0;
- s->tx_written = 0;
- s->intctl = 0;
- memset(s->rx_buffer, 0, MAX_ETH_FRAME_SIZE);
- memset(s->tx_buffer, 0, MAX_ETH_FRAME_SIZE);
-}
-
-static void mipsnet_update_irq(MIPSnetState *s)
-{
- int isr = !!s->intctl;
- trace_mipsnet_irq(isr, s->intctl);
- qemu_set_irq(s->irq, isr);
-}
-
-static int mipsnet_buffer_full(MIPSnetState *s)
-{
- if (s->rx_count >= MAX_ETH_FRAME_SIZE)
- return 1;
- return 0;
-}
-
-static int mipsnet_can_receive(NetClientState *nc)
-{
- MIPSnetState *s = DO_UPCAST(NICState, nc, nc)->opaque;
-
- if (s->busy)
- return 0;
- return !mipsnet_buffer_full(s);
-}
-
-static ssize_t mipsnet_receive(NetClientState *nc, const uint8_t *buf, size_t size)
-{
- MIPSnetState *s = DO_UPCAST(NICState, nc, nc)->opaque;
-
- trace_mipsnet_receive(size);
- if (!mipsnet_can_receive(nc))
- return -1;
-
- s->busy = 1;
-
- /* Just accept everything. */
-
- /* Write packet data. */
- memcpy(s->rx_buffer, buf, size);
-
- s->rx_count = size;
- s->rx_read = 0;
-
- /* Now we can signal we have received something. */
- s->intctl |= MIPSNET_INTCTL_RXDONE;
- mipsnet_update_irq(s);
-
- return size;
-}
-
-static uint64_t mipsnet_ioport_read(void *opaque, hwaddr addr,
- unsigned int size)
-{
- MIPSnetState *s = opaque;
- int ret = 0;
-
- addr &= 0x3f;
- switch (addr) {
- case MIPSNET_DEV_ID:
- ret = be32_to_cpu(0x4d495053); /* MIPS */
- break;
- case MIPSNET_DEV_ID + 4:
- ret = be32_to_cpu(0x4e455430); /* NET0 */
- break;
- case MIPSNET_BUSY:
- ret = s->busy;
- break;
- case MIPSNET_RX_DATA_COUNT:
- ret = s->rx_count;
- break;
- case MIPSNET_TX_DATA_COUNT:
- ret = s->tx_count;
- break;
- case MIPSNET_INT_CTL:
- ret = s->intctl;
- s->intctl &= ~MIPSNET_INTCTL_TESTBIT;
- break;
- case MIPSNET_INTERRUPT_INFO:
- /* XXX: This seems to be a per-VPE interrupt number. */
- ret = 0;
- break;
- case MIPSNET_RX_DATA_BUFFER:
- if (s->rx_count) {
- s->rx_count--;
- ret = s->rx_buffer[s->rx_read++];
- }
- break;
- /* Reads as zero. */
- case MIPSNET_TX_DATA_BUFFER:
- default:
- break;
- }
- trace_mipsnet_read(addr, ret);
- return ret;
-}
-
-static void mipsnet_ioport_write(void *opaque, hwaddr addr,
- uint64_t val, unsigned int size)
-{
- MIPSnetState *s = opaque;
-
- addr &= 0x3f;
- trace_mipsnet_write(addr, val);
- switch (addr) {
- case MIPSNET_TX_DATA_COUNT:
- s->tx_count = (val <= MAX_ETH_FRAME_SIZE) ? val : 0;
- s->tx_written = 0;
- break;
- case MIPSNET_INT_CTL:
- if (val & MIPSNET_INTCTL_TXDONE) {
- s->intctl &= ~MIPSNET_INTCTL_TXDONE;
- } else if (val & MIPSNET_INTCTL_RXDONE) {
- s->intctl &= ~MIPSNET_INTCTL_RXDONE;
- } else if (val & MIPSNET_INTCTL_TESTBIT) {
- mipsnet_reset(s);
- s->intctl |= MIPSNET_INTCTL_TESTBIT;
- } else if (!val) {
- /* ACK testbit interrupt, flag was cleared on read. */
- }
- s->busy = !!s->intctl;
- mipsnet_update_irq(s);
- break;
- case MIPSNET_TX_DATA_BUFFER:
- s->tx_buffer[s->tx_written++] = val;
- if (s->tx_written == s->tx_count) {
- /* Send buffer. */
- trace_mipsnet_send(s->tx_count);
- qemu_send_packet(&s->nic->nc, s->tx_buffer, s->tx_count);
- s->tx_count = s->tx_written = 0;
- s->intctl |= MIPSNET_INTCTL_TXDONE;
- s->busy = 1;
- mipsnet_update_irq(s);
- }
- break;
- /* Read-only registers */
- case MIPSNET_DEV_ID:
- case MIPSNET_BUSY:
- case MIPSNET_RX_DATA_COUNT:
- case MIPSNET_INTERRUPT_INFO:
- case MIPSNET_RX_DATA_BUFFER:
- default:
- break;
- }
-}
-
-static const VMStateDescription vmstate_mipsnet = {
- .name = "mipsnet",
- .version_id = 0,
- .minimum_version_id = 0,
- .minimum_version_id_old = 0,
- .fields = (VMStateField[]) {
- VMSTATE_UINT32(busy, MIPSnetState),
- VMSTATE_UINT32(rx_count, MIPSnetState),
- VMSTATE_UINT32(rx_read, MIPSnetState),
- VMSTATE_UINT32(tx_count, MIPSnetState),
- VMSTATE_UINT32(tx_written, MIPSnetState),
- VMSTATE_UINT32(intctl, MIPSnetState),
- VMSTATE_BUFFER(rx_buffer, MIPSnetState),
- VMSTATE_BUFFER(tx_buffer, MIPSnetState),
- VMSTATE_END_OF_LIST()
- }
-};
-
-static void mipsnet_cleanup(NetClientState *nc)
-{
- MIPSnetState *s = DO_UPCAST(NICState, nc, nc)->opaque;
-
- s->nic = NULL;
-}
-
-static NetClientInfo net_mipsnet_info = {
- .type = NET_CLIENT_OPTIONS_KIND_NIC,
- .size = sizeof(NICState),
- .can_receive = mipsnet_can_receive,
- .receive = mipsnet_receive,
- .cleanup = mipsnet_cleanup,
-};
-
-static const MemoryRegionOps mipsnet_ioport_ops = {
- .read = mipsnet_ioport_read,
- .write = mipsnet_ioport_write,
- .impl.min_access_size = 1,
- .impl.max_access_size = 4,
-};
-
-static int mipsnet_sysbus_init(SysBusDevice *dev)
-{
- MIPSnetState *s = DO_UPCAST(MIPSnetState, busdev, dev);
-
- memory_region_init_io(&s->io, &mipsnet_ioport_ops, s, "mipsnet-io", 36);
- sysbus_init_mmio(dev, &s->io);
- sysbus_init_irq(dev, &s->irq);
-
- s->nic = qemu_new_nic(&net_mipsnet_info, &s->conf,
- object_get_typename(OBJECT(dev)), dev->qdev.id, s);
- qemu_format_nic_info_str(&s->nic->nc, s->conf.macaddr.a);
-
- return 0;
-}
-
-static void mipsnet_sysbus_reset(DeviceState *dev)
-{
- MIPSnetState *s = DO_UPCAST(MIPSnetState, busdev.qdev, dev);
- mipsnet_reset(s);
-}
-
-static Property mipsnet_properties[] = {
- DEFINE_NIC_PROPERTIES(MIPSnetState, conf),
- DEFINE_PROP_END_OF_LIST(),
-};
-
-static void mipsnet_class_init(ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS(klass);
- SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
-
- k->init = mipsnet_sysbus_init;
- dc->desc = "MIPS Simulator network device";
- dc->reset = mipsnet_sysbus_reset;
- dc->vmsd = &vmstate_mipsnet;
- dc->props = mipsnet_properties;
-}
-
-static TypeInfo mipsnet_info = {
- .name = "mipsnet",
- .parent = TYPE_SYS_BUS_DEVICE,
- .instance_size = sizeof(MIPSnetState),
- .class_init = mipsnet_class_init,
-};
-
-static void mipsnet_register_types(void)
-{
- type_register_static(&mipsnet_info);
-}
-
-type_init(mipsnet_register_types)
diff --git a/hw/misc/Makefile.objs b/hw/misc/Makefile.objs
new file mode 100644
index 000000000..2578e2939
--- /dev/null
+++ b/hw/misc/Makefile.objs
@@ -0,0 +1,43 @@
+common-obj-$(CONFIG_APPLESMC) += applesmc.o
+common-obj-$(CONFIG_MAX111X) += max111x.o
+common-obj-$(CONFIG_TMP105) += tmp105.o
+common-obj-$(CONFIG_ISA_DEBUG) += debugexit.o
+common-obj-$(CONFIG_SGA) += sga.o
+common-obj-$(CONFIG_ISA_TESTDEV) += pc-testdev.o
+common-obj-$(CONFIG_PCI_TESTDEV) += pci-testdev.o
+
+obj-$(CONFIG_VMPORT) += vmport.o
+
+# ARM devices
+common-obj-$(CONFIG_PL310) += arm_l2x0.o
+
+# PKUnity SoC devices
+common-obj-$(CONFIG_PUV3) += puv3_pm.o
+
+common-obj-$(CONFIG_MACIO) += macio/
+
+ifeq ($(CONFIG_PCI), y)
+obj-$(CONFIG_KVM) += ivshmem.o
+obj-$(CONFIG_LINUX) += vfio.o
+endif
+
+obj-$(CONFIG_REALVIEW) += arm_sysctl.o
+obj-$(CONFIG_A9SCU) += a9scu.o
+obj-$(CONFIG_NSERIES) += cbus.o
+obj-$(CONFIG_ECCMEMCTL) += eccmemctl.o
+obj-$(CONFIG_EXYNOS4) += exynos4210_pmu.o
+obj-$(CONFIG_IMX) += imx_ccm.o
+obj-$(CONFIG_LM32) += lm32_sys.o
+obj-$(CONFIG_MILKYMIST) += milkymist-hpdmc.o
+obj-$(CONFIG_MILKYMIST) += milkymist-pfpu.o
+obj-$(CONFIG_MAINSTONE) += mst_fpga.o
+obj-$(CONFIG_OMAP) += omap_clk.o
+obj-$(CONFIG_OMAP) += omap_gpmc.o
+obj-$(CONFIG_OMAP) += omap_l4.o
+obj-$(CONFIG_OMAP) += omap_sdrc.o
+obj-$(CONFIG_OMAP) += omap_tap.o
+obj-$(CONFIG_PXA2XX) += pxa2xx_pcmcia.o
+obj-$(CONFIG_SLAVIO) += slavio_misc.o
+obj-$(CONFIG_ZYNQ) += zynq_slcr.o
+
+obj-$(CONFIG_PVPANIC) += pvpanic.o
diff --git a/hw/misc/a9scu.c b/hw/misc/a9scu.c
new file mode 100644
index 000000000..601b5733f
--- /dev/null
+++ b/hw/misc/a9scu.c
@@ -0,0 +1,165 @@
+/*
+ * Cortex-A9MPCore Snoop Control Unit (SCU) emulation.
+ *
+ * Copyright (c) 2009 CodeSourcery.
+ * Copyright (c) 2011 Linaro Limited.
+ * Written by Paul Brook, Peter Maydell.
+ *
+ * This code is licensed under the GPL.
+ */
+
+#include "hw/sysbus.h"
+
+/* A9MP private memory region. */
+
+typedef struct A9SCUState {
+ SysBusDevice busdev;
+ MemoryRegion iomem;
+ uint32_t control;
+ uint32_t status;
+ uint32_t num_cpu;
+} A9SCUState;
+
+#define TYPE_A9_SCU "a9-scu"
+#define A9_SCU(obj) OBJECT_CHECK(A9SCUState, (obj), TYPE_A9_SCU)
+
+static uint64_t a9_scu_read(void *opaque, hwaddr offset,
+ unsigned size)
+{
+ A9SCUState *s = (A9SCUState *)opaque;
+ switch (offset) {
+ case 0x00: /* Control */
+ return s->control;
+ case 0x04: /* Configuration */
+ return (((1 << s->num_cpu) - 1) << 4) | (s->num_cpu - 1);
+ case 0x08: /* CPU Power Status */
+ return s->status;
+ case 0x09: /* CPU status. */
+ return s->status >> 8;
+ case 0x0a: /* CPU status. */
+ return s->status >> 16;
+ case 0x0b: /* CPU status. */
+ return s->status >> 24;
+ case 0x0c: /* Invalidate All Registers In Secure State */
+ return 0;
+ case 0x40: /* Filtering Start Address Register */
+ case 0x44: /* Filtering End Address Register */
+ /* RAZ/WI, like an implementation with only one AXI master */
+ return 0;
+ case 0x50: /* SCU Access Control Register */
+ case 0x54: /* SCU Non-secure Access Control Register */
+ /* unimplemented, fall through */
+ default:
+ return 0;
+ }
+}
+
+static void a9_scu_write(void *opaque, hwaddr offset,
+ uint64_t value, unsigned size)
+{
+ A9SCUState *s = (A9SCUState *)opaque;
+ uint32_t mask;
+ uint32_t shift;
+ switch (size) {
+ case 1:
+ mask = 0xff;
+ break;
+ case 2:
+ mask = 0xffff;
+ break;
+ case 4:
+ mask = 0xffffffff;
+ break;
+ default:
+ fprintf(stderr, "Invalid size %u in write to a9 scu register %x\n",
+ size, (unsigned)offset);
+ return;
+ }
+
+ switch (offset) {
+ case 0x00: /* Control */
+ s->control = value & 1;
+ break;
+ case 0x4: /* Configuration: RO */
+ break;
+ case 0x08: case 0x09: case 0x0A: case 0x0B: /* Power Control */
+ shift = (offset - 0x8) * 8;
+ s->status &= ~(mask << shift);
+ s->status |= ((value & mask) << shift);
+ break;
+ case 0x0c: /* Invalidate All Registers In Secure State */
+ /* no-op as we do not implement caches */
+ break;
+ case 0x40: /* Filtering Start Address Register */
+ case 0x44: /* Filtering End Address Register */
+ /* RAZ/WI, like an implementation with only one AXI master */
+ break;
+ case 0x50: /* SCU Access Control Register */
+ case 0x54: /* SCU Non-secure Access Control Register */
+ /* unimplemented, fall through */
+ default:
+ break;
+ }
+}
+
+static const MemoryRegionOps a9_scu_ops = {
+ .read = a9_scu_read,
+ .write = a9_scu_write,
+ .endianness = DEVICE_NATIVE_ENDIAN,
+};
+
+static void a9_scu_reset(DeviceState *dev)
+{
+ A9SCUState *s = A9_SCU(dev);
+ s->control = 0;
+}
+
+static void a9_scu_realize(DeviceState *dev, Error ** errp)
+{
+ A9SCUState *s = A9_SCU(dev);
+ SysBusDevice *sbd = SYS_BUS_DEVICE(dev);
+
+ memory_region_init_io(&s->iomem, OBJECT(dev), &a9_scu_ops, s,
+ "a9-scu", 0x100);
+ sysbus_init_mmio(sbd, &s->iomem);
+}
+
+static const VMStateDescription vmstate_a9_scu = {
+ .name = "a9-scu",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .fields = (VMStateField[]) {
+ VMSTATE_UINT32(control, A9SCUState),
+ VMSTATE_UINT32(status, A9SCUState),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+static Property a9_scu_properties[] = {
+ DEFINE_PROP_UINT32("num-cpu", A9SCUState, num_cpu, 1),
+ DEFINE_PROP_END_OF_LIST(),
+};
+
+static void a9_scu_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+
+ dc->realize = a9_scu_realize;
+ dc->props = a9_scu_properties;
+ dc->vmsd = &vmstate_a9_scu;
+ dc->reset = a9_scu_reset;
+}
+
+static const TypeInfo a9_scu_info = {
+ .name = TYPE_A9_SCU,
+ .parent = TYPE_SYS_BUS_DEVICE,
+ .instance_size = sizeof(A9SCUState),
+ .class_init = a9_scu_class_init,
+};
+
+static void a9mp_register_types(void)
+{
+ type_register_static(&a9_scu_info);
+}
+
+type_init(a9mp_register_types)
diff --git a/hw/misc/applesmc.c b/hw/misc/applesmc.c
new file mode 100644
index 000000000..1e8d183e7
--- /dev/null
+++ b/hw/misc/applesmc.c
@@ -0,0 +1,281 @@
+/*
+ * Apple SMC controller
+ *
+ * Copyright (c) 2007 Alexander Graf
+ *
+ * Authors: Alexander Graf <agraf@suse.de>
+ * Susanne Graf <suse@csgraf.de>
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, see <http://www.gnu.org/licenses/>.
+ *
+ * *****************************************************************
+ *
+ * In all Intel-based Apple hardware there is an SMC chip to control the
+ * backlight, fans and several other generic device parameters. It also
+ * contains the magic keys used to dongle Mac OS X to the device.
+ *
+ * This driver was mostly created by looking at the Linux AppleSMC driver
+ * implementation and does not support IRQ.
+ *
+ */
+
+#include "hw/hw.h"
+#include "hw/isa/isa.h"
+#include "ui/console.h"
+#include "qemu/timer.h"
+
+/* #define DEBUG_SMC */
+
+#define APPLESMC_DEFAULT_IOBASE 0x300
+/* data port used by Apple SMC */
+#define APPLESMC_DATA_PORT 0x0
+/* command/status port used by Apple SMC */
+#define APPLESMC_CMD_PORT 0x4
+#define APPLESMC_NR_PORTS 32
+#define APPLESMC_MAX_DATA_LENGTH 32
+
+#define APPLESMC_READ_CMD 0x10
+#define APPLESMC_WRITE_CMD 0x11
+#define APPLESMC_GET_KEY_BY_INDEX_CMD 0x12
+#define APPLESMC_GET_KEY_TYPE_CMD 0x13
+
+#ifdef DEBUG_SMC
+#define smc_debug(...) fprintf(stderr, "AppleSMC: " __VA_ARGS__)
+#else
+#define smc_debug(...) do { } while(0)
+#endif
+
+static char default_osk[64] = "This is a dummy key. Enter the real key "
+ "using the -osk parameter";
+
+struct AppleSMCData {
+ uint8_t len;
+ const char *key;
+ const char *data;
+ QLIST_ENTRY(AppleSMCData) node;
+};
+
+#define TYPE_APPLE_SMC "isa-applesmc"
+#define APPLE_SMC(obj) OBJECT_CHECK(AppleSMCState, (obj), TYPE_APPLE_SMC)
+
+typedef struct AppleSMCState AppleSMCState;
+struct AppleSMCState {
+ ISADevice parent_obj;
+
+ MemoryRegion io_data;
+ MemoryRegion io_cmd;
+ uint32_t iobase;
+ uint8_t cmd;
+ uint8_t status;
+ uint8_t key[4];
+ uint8_t read_pos;
+ uint8_t data_len;
+ uint8_t data_pos;
+ uint8_t data[255];
+ uint8_t charactic[4];
+ char *osk;
+ QLIST_HEAD(, AppleSMCData) data_def;
+};
+
+static void applesmc_io_cmd_write(void *opaque, hwaddr addr, uint64_t val,
+ unsigned size)
+{
+ AppleSMCState *s = opaque;
+
+ smc_debug("CMD Write B: %#x = %#x\n", addr, val);
+ switch(val) {
+ case APPLESMC_READ_CMD:
+ s->status = 0x0c;
+ break;
+ }
+ s->cmd = val;
+ s->read_pos = 0;
+ s->data_pos = 0;
+}
+
+static void applesmc_fill_data(AppleSMCState *s)
+{
+ struct AppleSMCData *d;
+
+ QLIST_FOREACH(d, &s->data_def, node) {
+ if (!memcmp(d->key, s->key, 4)) {
+ smc_debug("Key matched (%s Len=%d Data=%s)\n", d->key,
+ d->len, d->data);
+ memcpy(s->data, d->data, d->len);
+ return;
+ }
+ }
+}
+
+static void applesmc_io_data_write(void *opaque, hwaddr addr, uint64_t val,
+ unsigned size)
+{
+ AppleSMCState *s = opaque;
+
+ smc_debug("DATA Write B: %#x = %#x\n", addr, val);
+ switch(s->cmd) {
+ case APPLESMC_READ_CMD:
+ if(s->read_pos < 4) {
+ s->key[s->read_pos] = val;
+ s->status = 0x04;
+ } else if(s->read_pos == 4) {
+ s->data_len = val;
+ s->status = 0x05;
+ s->data_pos = 0;
+ smc_debug("Key = %c%c%c%c Len = %d\n", s->key[0],
+ s->key[1], s->key[2], s->key[3], val);
+ applesmc_fill_data(s);
+ }
+ s->read_pos++;
+ break;
+ }
+}
+
+static uint64_t applesmc_io_data_read(void *opaque, hwaddr addr1,
+ unsigned size)
+{
+ AppleSMCState *s = opaque;
+ uint8_t retval = 0;
+
+ switch(s->cmd) {
+ case APPLESMC_READ_CMD:
+ if(s->data_pos < s->data_len) {
+ retval = s->data[s->data_pos];
+ smc_debug("READ_DATA[%d] = %#hhx\n", s->data_pos,
+ retval);
+ s->data_pos++;
+ if(s->data_pos == s->data_len) {
+ s->status = 0x00;
+ smc_debug("EOF\n");
+ } else
+ s->status = 0x05;
+ }
+ }
+ smc_debug("DATA Read b: %#x = %#x\n", addr1, retval);
+
+ return retval;
+}
+
+static uint64_t applesmc_io_cmd_read(void *opaque, hwaddr addr1, unsigned size)
+{
+ AppleSMCState *s = opaque;
+
+ smc_debug("CMD Read B: %#x\n", addr1);
+ return s->status;
+}
+
+static void applesmc_add_key(AppleSMCState *s, const char *key,
+ int len, const char *data)
+{
+ struct AppleSMCData *def;
+
+ def = g_malloc0(sizeof(struct AppleSMCData));
+ def->key = key;
+ def->len = len;
+ def->data = data;
+
+ QLIST_INSERT_HEAD(&s->data_def, def, node);
+}
+
+static void qdev_applesmc_isa_reset(DeviceState *dev)
+{
+ AppleSMCState *s = APPLE_SMC(dev);
+ struct AppleSMCData *d, *next;
+
+ /* Remove existing entries */
+ QLIST_FOREACH_SAFE(d, &s->data_def, node, next) {
+ QLIST_REMOVE(d, node);
+ }
+
+ applesmc_add_key(s, "REV ", 6, "\x01\x13\x0f\x00\x00\x03");
+ applesmc_add_key(s, "OSK0", 32, s->osk);
+ applesmc_add_key(s, "OSK1", 32, s->osk + 32);
+ applesmc_add_key(s, "NATJ", 1, "\0");
+ applesmc_add_key(s, "MSSP", 1, "\0");
+ applesmc_add_key(s, "MSSD", 1, "\0x3");
+}
+
+static const MemoryRegionOps applesmc_data_io_ops = {
+ .write = applesmc_io_data_write,
+ .read = applesmc_io_data_read,
+ .endianness = DEVICE_NATIVE_ENDIAN,
+ .impl = {
+ .min_access_size = 1,
+ .max_access_size = 1,
+ },
+};
+
+static const MemoryRegionOps applesmc_cmd_io_ops = {
+ .write = applesmc_io_cmd_write,
+ .read = applesmc_io_cmd_read,
+ .endianness = DEVICE_NATIVE_ENDIAN,
+ .impl = {
+ .min_access_size = 1,
+ .max_access_size = 1,
+ },
+};
+
+static void applesmc_isa_realize(DeviceState *dev, Error **errp)
+{
+ AppleSMCState *s = APPLE_SMC(dev);
+
+ memory_region_init_io(&s->io_data, OBJECT(s), &applesmc_data_io_ops, s,
+ "applesmc-data", 4);
+ isa_register_ioport(&s->parent_obj, &s->io_data,
+ s->iobase + APPLESMC_DATA_PORT);
+
+ memory_region_init_io(&s->io_cmd, OBJECT(s), &applesmc_cmd_io_ops, s,
+ "applesmc-cmd", 4);
+ isa_register_ioport(&s->parent_obj, &s->io_cmd,
+ s->iobase + APPLESMC_CMD_PORT);
+
+ if (!s->osk || (strlen(s->osk) != 64)) {
+ fprintf(stderr, "WARNING: Using AppleSMC with invalid key\n");
+ s->osk = default_osk;
+ }
+
+ QLIST_INIT(&s->data_def);
+ qdev_applesmc_isa_reset(dev);
+}
+
+static Property applesmc_isa_properties[] = {
+ DEFINE_PROP_HEX32("iobase", AppleSMCState, iobase,
+ APPLESMC_DEFAULT_IOBASE),
+ DEFINE_PROP_STRING("osk", AppleSMCState, osk),
+ DEFINE_PROP_END_OF_LIST(),
+};
+
+static void qdev_applesmc_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+
+ dc->realize = applesmc_isa_realize;
+ dc->reset = qdev_applesmc_isa_reset;
+ dc->props = applesmc_isa_properties;
+ set_bit(DEVICE_CATEGORY_MISC, dc->categories);
+}
+
+static const TypeInfo applesmc_isa_info = {
+ .name = TYPE_APPLE_SMC,
+ .parent = TYPE_ISA_DEVICE,
+ .instance_size = sizeof(AppleSMCState),
+ .class_init = qdev_applesmc_class_init,
+};
+
+static void applesmc_register_types(void)
+{
+ type_register_static(&applesmc_isa_info);
+}
+
+type_init(applesmc_register_types)
diff --git a/hw/misc/arm_l2x0.c b/hw/misc/arm_l2x0.c
new file mode 100644
index 000000000..8e192cdf8
--- /dev/null
+++ b/hw/misc/arm_l2x0.c
@@ -0,0 +1,199 @@
+/*
+ * ARM dummy L210, L220, PL310 cache controller.
+ *
+ * Copyright (c) 2010-2012 Calxeda
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms and conditions of the GNU General Public License,
+ * version 2 or any later version, as published by the Free Software
+ * Foundation.
+ *
+ * This program is distributed in the hope it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
+ * more details.
+ *
+ * You should have received a copy of the GNU General Public License along with
+ * this program. If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+#include "hw/sysbus.h"
+
+/* L2C-310 r3p2 */
+#define CACHE_ID 0x410000c8
+
+#define TYPE_ARM_L2X0 "l2x0"
+#define ARM_L2X0(obj) OBJECT_CHECK(L2x0State, (obj), TYPE_ARM_L2X0)
+
+typedef struct L2x0State {
+ SysBusDevice parent_obj;
+
+ MemoryRegion iomem;
+ uint32_t cache_type;
+ uint32_t ctrl;
+ uint32_t aux_ctrl;
+ uint32_t data_ctrl;
+ uint32_t tag_ctrl;
+ uint32_t filter_start;
+ uint32_t filter_end;
+} L2x0State;
+
+static const VMStateDescription vmstate_l2x0 = {
+ .name = "l2x0",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .fields = (VMStateField[]) {
+ VMSTATE_UINT32(ctrl, L2x0State),
+ VMSTATE_UINT32(aux_ctrl, L2x0State),
+ VMSTATE_UINT32(data_ctrl, L2x0State),
+ VMSTATE_UINT32(tag_ctrl, L2x0State),
+ VMSTATE_UINT32(filter_start, L2x0State),
+ VMSTATE_UINT32(filter_end, L2x0State),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+
+static uint64_t l2x0_priv_read(void *opaque, hwaddr offset,
+ unsigned size)
+{
+ uint32_t cache_data;
+ L2x0State *s = (L2x0State *)opaque;
+ offset &= 0xfff;
+ if (offset >= 0x730 && offset < 0x800) {
+ return 0; /* cache ops complete */
+ }
+ switch (offset) {
+ case 0:
+ return CACHE_ID;
+ case 0x4:
+ /* aux_ctrl values affect cache_type values */
+ cache_data = (s->aux_ctrl & (7 << 17)) >> 15;
+ cache_data |= (s->aux_ctrl & (1 << 16)) >> 16;
+ return s->cache_type |= (cache_data << 18) | (cache_data << 6);
+ case 0x100:
+ return s->ctrl;
+ case 0x104:
+ return s->aux_ctrl;
+ case 0x108:
+ return s->tag_ctrl;
+ case 0x10C:
+ return s->data_ctrl;
+ case 0xC00:
+ return s->filter_start;
+ case 0xC04:
+ return s->filter_end;
+ case 0xF40:
+ return 0;
+ case 0xF60:
+ return 0;
+ case 0xF80:
+ return 0;
+ default:
+ qemu_log_mask(LOG_GUEST_ERROR,
+ "l2x0_priv_read: Bad offset %x\n", (int)offset);
+ break;
+ }
+ return 0;
+}
+
+static void l2x0_priv_write(void *opaque, hwaddr offset,
+ uint64_t value, unsigned size)
+{
+ L2x0State *s = (L2x0State *)opaque;
+ offset &= 0xfff;
+ if (offset >= 0x730 && offset < 0x800) {
+ /* ignore */
+ return;
+ }
+ switch (offset) {
+ case 0x100:
+ s->ctrl = value & 1;
+ break;
+ case 0x104:
+ s->aux_ctrl = value;
+ break;
+ case 0x108:
+ s->tag_ctrl = value;
+ break;
+ case 0x10C:
+ s->data_ctrl = value;
+ break;
+ case 0xC00:
+ s->filter_start = value;
+ break;
+ case 0xC04:
+ s->filter_end = value;
+ break;
+ case 0xF40:
+ return;
+ case 0xF60:
+ return;
+ case 0xF80:
+ return;
+ default:
+ qemu_log_mask(LOG_GUEST_ERROR,
+ "l2x0_priv_write: Bad offset %x\n", (int)offset);
+ break;
+ }
+}
+
+static void l2x0_priv_reset(DeviceState *dev)
+{
+ L2x0State *s = ARM_L2X0(dev);
+
+ s->ctrl = 0;
+ s->aux_ctrl = 0x02020000;
+ s->tag_ctrl = 0;
+ s->data_ctrl = 0;
+ s->filter_start = 0;
+ s->filter_end = 0;
+}
+
+static const MemoryRegionOps l2x0_mem_ops = {
+ .read = l2x0_priv_read,
+ .write = l2x0_priv_write,
+ .endianness = DEVICE_NATIVE_ENDIAN,
+ };
+
+static int l2x0_priv_init(SysBusDevice *dev)
+{
+ L2x0State *s = ARM_L2X0(dev);
+
+ memory_region_init_io(&s->iomem, OBJECT(dev), &l2x0_mem_ops, s,
+ "l2x0_cc", 0x1000);
+ sysbus_init_mmio(dev, &s->iomem);
+ return 0;
+}
+
+static Property l2x0_properties[] = {
+ DEFINE_PROP_UINT32("cache-type", L2x0State, cache_type, 0x1c100100),
+ DEFINE_PROP_END_OF_LIST(),
+};
+
+static void l2x0_class_init(ObjectClass *klass, void *data)
+{
+ SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
+ DeviceClass *dc = DEVICE_CLASS(klass);
+
+ k->init = l2x0_priv_init;
+ dc->vmsd = &vmstate_l2x0;
+ dc->no_user = 1;
+ dc->props = l2x0_properties;
+ dc->reset = l2x0_priv_reset;
+}
+
+static const TypeInfo l2x0_info = {
+ .name = TYPE_ARM_L2X0,
+ .parent = TYPE_SYS_BUS_DEVICE,
+ .instance_size = sizeof(L2x0State),
+ .class_init = l2x0_class_init,
+};
+
+static void l2x0_register_types(void)
+{
+ type_register_static(&l2x0_info);
+}
+
+type_init(l2x0_register_types)
diff --git a/hw/misc/arm_sysctl.c b/hw/misc/arm_sysctl.c
new file mode 100644
index 000000000..4a911d4f8
--- /dev/null
+++ b/hw/misc/arm_sysctl.c
@@ -0,0 +1,656 @@
+/*
+ * Status and system control registers for ARM RealView/Versatile boards.
+ *
+ * Copyright (c) 2006-2007 CodeSourcery.
+ * Written by Paul Brook
+ *
+ * This code is licensed under the GPL.
+ */
+
+#include "hw/hw.h"
+#include "qemu/timer.h"
+#include "qemu/bitops.h"
+#include "hw/sysbus.h"
+#include "hw/arm/primecell.h"
+#include "sysemu/sysemu.h"
+
+#define LOCK_VALUE 0xa05f
+
+#define TYPE_ARM_SYSCTL "realview_sysctl"
+#define ARM_SYSCTL(obj) \
+ OBJECT_CHECK(arm_sysctl_state, (obj), TYPE_ARM_SYSCTL)
+
+typedef struct {
+ SysBusDevice parent_obj;
+
+ MemoryRegion iomem;
+ qemu_irq pl110_mux_ctrl;
+
+ uint32_t sys_id;
+ uint32_t leds;
+ uint16_t lockval;
+ uint32_t cfgdata1;
+ uint32_t cfgdata2;
+ uint32_t flags;
+ uint32_t nvflags;
+ uint32_t resetlevel;
+ uint32_t proc_id;
+ uint32_t sys_mci;
+ uint32_t sys_cfgdata;
+ uint32_t sys_cfgctrl;
+ uint32_t sys_cfgstat;
+ uint32_t sys_clcd;
+ uint32_t mb_clock[6];
+ uint32_t *db_clock;
+ uint32_t db_num_vsensors;
+ uint32_t *db_voltage;
+ uint32_t db_num_clocks;
+ uint32_t *db_clock_reset;
+} arm_sysctl_state;
+
+static const VMStateDescription vmstate_arm_sysctl = {
+ .name = "realview_sysctl",
+ .version_id = 4,
+ .minimum_version_id = 1,
+ .fields = (VMStateField[]) {
+ VMSTATE_UINT32(leds, arm_sysctl_state),
+ VMSTATE_UINT16(lockval, arm_sysctl_state),
+ VMSTATE_UINT32(cfgdata1, arm_sysctl_state),
+ VMSTATE_UINT32(cfgdata2, arm_sysctl_state),
+ VMSTATE_UINT32(flags, arm_sysctl_state),
+ VMSTATE_UINT32(nvflags, arm_sysctl_state),
+ VMSTATE_UINT32(resetlevel, arm_sysctl_state),
+ VMSTATE_UINT32_V(sys_mci, arm_sysctl_state, 2),
+ VMSTATE_UINT32_V(sys_cfgdata, arm_sysctl_state, 2),
+ VMSTATE_UINT32_V(sys_cfgctrl, arm_sysctl_state, 2),
+ VMSTATE_UINT32_V(sys_cfgstat, arm_sysctl_state, 2),
+ VMSTATE_UINT32_V(sys_clcd, arm_sysctl_state, 3),
+ VMSTATE_UINT32_ARRAY_V(mb_clock, arm_sysctl_state, 6, 4),
+ VMSTATE_VARRAY_UINT32(db_clock, arm_sysctl_state, db_num_clocks,
+ 4, vmstate_info_uint32, uint32_t),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+/* The PB926 actually uses a different format for
+ * its SYS_ID register. Fortunately the bits which are
+ * board type on later boards are distinct.
+ */
+#define BOARD_ID_PB926 0x100
+#define BOARD_ID_EB 0x140
+#define BOARD_ID_PBA8 0x178
+#define BOARD_ID_PBX 0x182
+#define BOARD_ID_VEXPRESS 0x190
+
+static int board_id(arm_sysctl_state *s)
+{
+ /* Extract the board ID field from the SYS_ID register value */
+ return (s->sys_id >> 16) & 0xfff;
+}
+
+static void arm_sysctl_reset(DeviceState *d)
+{
+ arm_sysctl_state *s = ARM_SYSCTL(d);
+ int i;
+
+ s->leds = 0;
+ s->lockval = 0;
+ s->cfgdata1 = 0;
+ s->cfgdata2 = 0;
+ s->flags = 0;
+ s->resetlevel = 0;
+ /* Motherboard oscillators (in Hz) */
+ s->mb_clock[0] = 50000000; /* Static memory clock: 50MHz */
+ s->mb_clock[1] = 23750000; /* motherboard CLCD clock: 23.75MHz */
+ s->mb_clock[2] = 24000000; /* IO FPGA peripheral clock: 24MHz */
+ s->mb_clock[3] = 24000000; /* IO FPGA reserved clock: 24MHz */
+ s->mb_clock[4] = 24000000; /* System bus global clock: 24MHz */
+ s->mb_clock[5] = 24000000; /* IO FPGA reserved clock: 24MHz */
+ /* Daughterboard oscillators: reset from property values */
+ for (i = 0; i < s->db_num_clocks; i++) {
+ s->db_clock[i] = s->db_clock_reset[i];
+ }
+ if (board_id(s) == BOARD_ID_VEXPRESS) {
+ /* On VExpress this register will RAZ/WI */
+ s->sys_clcd = 0;
+ } else {
+ /* All others: CLCDID 0x1f, indicating VGA */
+ s->sys_clcd = 0x1f00;
+ }
+}
+
+static uint64_t arm_sysctl_read(void *opaque, hwaddr offset,
+ unsigned size)
+{
+ arm_sysctl_state *s = (arm_sysctl_state *)opaque;
+
+ switch (offset) {
+ case 0x00: /* ID */
+ return s->sys_id;
+ case 0x04: /* SW */
+ /* General purpose hardware switches.
+ We don't have a useful way of exposing these to the user. */
+ return 0;
+ case 0x08: /* LED */
+ return s->leds;
+ case 0x20: /* LOCK */
+ return s->lockval;
+ case 0x0c: /* OSC0 */
+ case 0x10: /* OSC1 */
+ case 0x14: /* OSC2 */
+ case 0x18: /* OSC3 */
+ case 0x1c: /* OSC4 */
+ case 0x24: /* 100HZ */
+ /* ??? Implement these. */
+ return 0;
+ case 0x28: /* CFGDATA1 */
+ return s->cfgdata1;
+ case 0x2c: /* CFGDATA2 */
+ return s->cfgdata2;
+ case 0x30: /* FLAGS */
+ return s->flags;
+ case 0x38: /* NVFLAGS */
+ return s->nvflags;
+ case 0x40: /* RESETCTL */
+ if (board_id(s) == BOARD_ID_VEXPRESS) {
+ /* reserved: RAZ/WI */
+ return 0;
+ }
+ return s->resetlevel;
+ case 0x44: /* PCICTL */
+ return 1;
+ case 0x48: /* MCI */
+ return s->sys_mci;
+ case 0x4c: /* FLASH */
+ return 0;
+ case 0x50: /* CLCD */
+ return s->sys_clcd;
+ case 0x54: /* CLCDSER */
+ return 0;
+ case 0x58: /* BOOTCS */
+ return 0;
+ case 0x5c: /* 24MHz */
+ return muldiv64(qemu_get_clock_ns(vm_clock), 24000000, get_ticks_per_sec());
+ case 0x60: /* MISC */
+ return 0;
+ case 0x84: /* PROCID0 */
+ return s->proc_id;
+ case 0x88: /* PROCID1 */
+ return 0xff000000;
+ case 0x64: /* DMAPSR0 */
+ case 0x68: /* DMAPSR1 */
+ case 0x6c: /* DMAPSR2 */
+ case 0x70: /* IOSEL */
+ case 0x74: /* PLDCTL */
+ case 0x80: /* BUSID */
+ case 0x8c: /* OSCRESET0 */
+ case 0x90: /* OSCRESET1 */
+ case 0x94: /* OSCRESET2 */
+ case 0x98: /* OSCRESET3 */
+ case 0x9c: /* OSCRESET4 */
+ case 0xc0: /* SYS_TEST_OSC0 */
+ case 0xc4: /* SYS_TEST_OSC1 */
+ case 0xc8: /* SYS_TEST_OSC2 */
+ case 0xcc: /* SYS_TEST_OSC3 */
+ case 0xd0: /* SYS_TEST_OSC4 */
+ return 0;
+ case 0xa0: /* SYS_CFGDATA */
+ if (board_id(s) != BOARD_ID_VEXPRESS) {
+ goto bad_reg;
+ }
+ return s->sys_cfgdata;
+ case 0xa4: /* SYS_CFGCTRL */
+ if (board_id(s) != BOARD_ID_VEXPRESS) {
+ goto bad_reg;
+ }
+ return s->sys_cfgctrl;
+ case 0xa8: /* SYS_CFGSTAT */
+ if (board_id(s) != BOARD_ID_VEXPRESS) {
+ goto bad_reg;
+ }
+ return s->sys_cfgstat;
+ default:
+ bad_reg:
+ qemu_log_mask(LOG_GUEST_ERROR,
+ "arm_sysctl_read: Bad register offset 0x%x\n",
+ (int)offset);
+ return 0;
+ }
+}
+
+/* SYS_CFGCTRL functions */
+#define SYS_CFG_OSC 1
+#define SYS_CFG_VOLT 2
+#define SYS_CFG_AMP 3
+#define SYS_CFG_TEMP 4
+#define SYS_CFG_RESET 5
+#define SYS_CFG_SCC 6
+#define SYS_CFG_MUXFPGA 7
+#define SYS_CFG_SHUTDOWN 8
+#define SYS_CFG_REBOOT 9
+#define SYS_CFG_DVIMODE 11
+#define SYS_CFG_POWER 12
+#define SYS_CFG_ENERGY 13
+
+/* SYS_CFGCTRL site field values */
+#define SYS_CFG_SITE_MB 0
+#define SYS_CFG_SITE_DB1 1
+#define SYS_CFG_SITE_DB2 2
+
+/**
+ * vexpress_cfgctrl_read:
+ * @s: arm_sysctl_state pointer
+ * @dcc, @function, @site, @position, @device: split out values from
+ * SYS_CFGCTRL register
+ * @val: pointer to where to put the read data on success
+ *
+ * Handle a VExpress SYS_CFGCTRL register read. On success, return true and
+ * write the read value to *val. On failure, return false (and val may
+ * or may not be written to).
+ */
+static bool vexpress_cfgctrl_read(arm_sysctl_state *s, unsigned int dcc,
+ unsigned int function, unsigned int site,
+ unsigned int position, unsigned int device,
+ uint32_t *val)
+{
+ /* We don't support anything other than DCC 0, board stack position 0
+ * or sites other than motherboard/daughterboard:
+ */
+ if (dcc != 0 || position != 0 ||
+ (site != SYS_CFG_SITE_MB && site != SYS_CFG_SITE_DB1)) {
+ goto cfgctrl_unimp;
+ }
+
+ switch (function) {
+ case SYS_CFG_VOLT:
+ if (site == SYS_CFG_SITE_DB1 && device < s->db_num_vsensors) {
+ *val = s->db_voltage[device];
+ return true;
+ }
+ if (site == SYS_CFG_SITE_MB && device == 0) {
+ /* There is only one motherboard voltage sensor:
+ * VIO : 3.3V : bus voltage between mother and daughterboard
+ */
+ *val = 3300000;
+ return true;
+ }
+ break;
+ case SYS_CFG_OSC:
+ if (site == SYS_CFG_SITE_MB && device < sizeof(s->mb_clock)) {
+ /* motherboard clock */
+ *val = s->mb_clock[device];
+ return true;
+ }
+ if (site == SYS_CFG_SITE_DB1 && device < s->db_num_clocks) {
+ /* daughterboard clock */
+ *val = s->db_clock[device];
+ return true;
+ }
+ break;
+ default:
+ break;
+ }
+
+cfgctrl_unimp:
+ qemu_log_mask(LOG_UNIMP,
+ "arm_sysctl: Unimplemented SYS_CFGCTRL read of function "
+ "0x%x DCC 0x%x site 0x%x position 0x%x device 0x%x\n",
+ function, dcc, site, position, device);
+ return false;
+}
+
+/**
+ * vexpress_cfgctrl_write:
+ * @s: arm_sysctl_state pointer
+ * @dcc, @function, @site, @position, @device: split out values from
+ * SYS_CFGCTRL register
+ * @val: data to write
+ *
+ * Handle a VExpress SYS_CFGCTRL register write. On success, return true.
+ * On failure, return false.
+ */
+static bool vexpress_cfgctrl_write(arm_sysctl_state *s, unsigned int dcc,
+ unsigned int function, unsigned int site,
+ unsigned int position, unsigned int device,
+ uint32_t val)
+{
+ /* We don't support anything other than DCC 0, board stack position 0
+ * or sites other than motherboard/daughterboard:
+ */
+ if (dcc != 0 || position != 0 ||
+ (site != SYS_CFG_SITE_MB && site != SYS_CFG_SITE_DB1)) {
+ goto cfgctrl_unimp;
+ }
+
+ switch (function) {
+ case SYS_CFG_OSC:
+ if (site == SYS_CFG_SITE_MB && device < sizeof(s->mb_clock)) {
+ /* motherboard clock */
+ s->mb_clock[device] = val;
+ return true;
+ }
+ if (site == SYS_CFG_SITE_DB1 && device < s->db_num_clocks) {
+ /* daughterboard clock */
+ s->db_clock[device] = val;
+ return true;
+ }
+ break;
+ case SYS_CFG_MUXFPGA:
+ if (site == SYS_CFG_SITE_MB && device == 0) {
+ /* Select whether video output comes from motherboard
+ * or daughterboard: log and ignore as QEMU doesn't
+ * support this.
+ */
+ qemu_log_mask(LOG_UNIMP, "arm_sysctl: selection of video output "
+ "not supported, ignoring\n");
+ return true;
+ }
+ break;
+ case SYS_CFG_SHUTDOWN:
+ if (site == SYS_CFG_SITE_MB && device == 0) {
+ qemu_system_shutdown_request();
+ return true;
+ }
+ break;
+ case SYS_CFG_REBOOT:
+ if (site == SYS_CFG_SITE_MB && device == 0) {
+ qemu_system_reset_request();
+ return true;
+ }
+ break;
+ case SYS_CFG_DVIMODE:
+ if (site == SYS_CFG_SITE_MB && device == 0) {
+ /* Selecting DVI mode is meaningless for QEMU: we will
+ * always display the output correctly according to the
+ * pixel height/width programmed into the CLCD controller.
+ */
+ return true;
+ }
+ default:
+ break;
+ }
+
+cfgctrl_unimp:
+ qemu_log_mask(LOG_UNIMP,
+ "arm_sysctl: Unimplemented SYS_CFGCTRL write of function "
+ "0x%x DCC 0x%x site 0x%x position 0x%x device 0x%x\n",
+ function, dcc, site, position, device);
+ return false;
+}
+
+static void arm_sysctl_write(void *opaque, hwaddr offset,
+ uint64_t val, unsigned size)
+{
+ arm_sysctl_state *s = (arm_sysctl_state *)opaque;
+
+ switch (offset) {
+ case 0x08: /* LED */
+ s->leds = val;
+ break;
+ case 0x0c: /* OSC0 */
+ case 0x10: /* OSC1 */
+ case 0x14: /* OSC2 */
+ case 0x18: /* OSC3 */
+ case 0x1c: /* OSC4 */
+ /* ??? */
+ break;
+ case 0x20: /* LOCK */
+ if (val == LOCK_VALUE)
+ s->lockval = val;
+ else
+ s->lockval = val & 0x7fff;
+ break;
+ case 0x28: /* CFGDATA1 */
+ /* ??? Need to implement this. */
+ s->cfgdata1 = val;
+ break;
+ case 0x2c: /* CFGDATA2 */
+ /* ??? Need to implement this. */
+ s->cfgdata2 = val;
+ break;
+ case 0x30: /* FLAGSSET */
+ s->flags |= val;
+ break;
+ case 0x34: /* FLAGSCLR */
+ s->flags &= ~val;
+ break;
+ case 0x38: /* NVFLAGSSET */
+ s->nvflags |= val;
+ break;
+ case 0x3c: /* NVFLAGSCLR */
+ s->nvflags &= ~val;
+ break;
+ case 0x40: /* RESETCTL */
+ switch (board_id(s)) {
+ case BOARD_ID_PB926:
+ if (s->lockval == LOCK_VALUE) {
+ s->resetlevel = val;
+ if (val & 0x100) {
+ qemu_system_reset_request();
+ }
+ }
+ break;
+ case BOARD_ID_PBX:
+ case BOARD_ID_PBA8:
+ if (s->lockval == LOCK_VALUE) {
+ s->resetlevel = val;
+ if (val & 0x04) {
+ qemu_system_reset_request();
+ }
+ }
+ break;
+ case BOARD_ID_VEXPRESS:
+ case BOARD_ID_EB:
+ default:
+ /* reserved: RAZ/WI */
+ break;
+ }
+ break;
+ case 0x44: /* PCICTL */
+ /* nothing to do. */
+ break;
+ case 0x4c: /* FLASH */
+ break;
+ case 0x50: /* CLCD */
+ switch (board_id(s)) {
+ case BOARD_ID_PB926:
+ /* On 926 bits 13:8 are R/O, bits 1:0 control
+ * the mux that defines how to interpret the PL110
+ * graphics format, and other bits are r/w but we
+ * don't implement them to do anything.
+ */
+ s->sys_clcd &= 0x3f00;
+ s->sys_clcd |= val & ~0x3f00;
+ qemu_set_irq(s->pl110_mux_ctrl, val & 3);
+ break;
+ case BOARD_ID_EB:
+ /* The EB is the same except that there is no mux since
+ * the EB has a PL111.
+ */
+ s->sys_clcd &= 0x3f00;
+ s->sys_clcd |= val & ~0x3f00;
+ break;
+ case BOARD_ID_PBA8:
+ case BOARD_ID_PBX:
+ /* On PBA8 and PBX bit 7 is r/w and all other bits
+ * are either r/o or RAZ/WI.
+ */
+ s->sys_clcd &= (1 << 7);
+ s->sys_clcd |= val & ~(1 << 7);
+ break;
+ case BOARD_ID_VEXPRESS:
+ default:
+ /* On VExpress this register is unimplemented and will RAZ/WI */
+ break;
+ }
+ break;
+ case 0x54: /* CLCDSER */
+ case 0x64: /* DMAPSR0 */
+ case 0x68: /* DMAPSR1 */
+ case 0x6c: /* DMAPSR2 */
+ case 0x70: /* IOSEL */
+ case 0x74: /* PLDCTL */
+ case 0x80: /* BUSID */
+ case 0x84: /* PROCID0 */
+ case 0x88: /* PROCID1 */
+ case 0x8c: /* OSCRESET0 */
+ case 0x90: /* OSCRESET1 */
+ case 0x94: /* OSCRESET2 */
+ case 0x98: /* OSCRESET3 */
+ case 0x9c: /* OSCRESET4 */
+ break;
+ case 0xa0: /* SYS_CFGDATA */
+ if (board_id(s) != BOARD_ID_VEXPRESS) {
+ goto bad_reg;
+ }
+ s->sys_cfgdata = val;
+ return;
+ case 0xa4: /* SYS_CFGCTRL */
+ if (board_id(s) != BOARD_ID_VEXPRESS) {
+ goto bad_reg;
+ }
+ /* Undefined bits [19:18] are RAZ/WI, and writing to
+ * the start bit just triggers the action; it always reads
+ * as zero.
+ */
+ s->sys_cfgctrl = val & ~((3 << 18) | (1 << 31));
+ if (val & (1 << 31)) {
+ /* Start bit set -- actually do something */
+ unsigned int dcc = extract32(s->sys_cfgctrl, 26, 4);
+ unsigned int function = extract32(s->sys_cfgctrl, 20, 6);
+ unsigned int site = extract32(s->sys_cfgctrl, 16, 2);
+ unsigned int position = extract32(s->sys_cfgctrl, 12, 4);
+ unsigned int device = extract32(s->sys_cfgctrl, 0, 12);
+ s->sys_cfgstat = 1; /* complete */
+ if (s->sys_cfgctrl & (1 << 30)) {
+ if (!vexpress_cfgctrl_write(s, dcc, function, site, position,
+ device, s->sys_cfgdata)) {
+ s->sys_cfgstat |= 2; /* error */
+ }
+ } else {
+ uint32_t val;
+ if (!vexpress_cfgctrl_read(s, dcc, function, site, position,
+ device, &val)) {
+ s->sys_cfgstat |= 2; /* error */
+ } else {
+ s->sys_cfgdata = val;
+ }
+ }
+ }
+ s->sys_cfgctrl &= ~(1 << 31);
+ return;
+ case 0xa8: /* SYS_CFGSTAT */
+ if (board_id(s) != BOARD_ID_VEXPRESS) {
+ goto bad_reg;
+ }
+ s->sys_cfgstat = val & 3;
+ return;
+ default:
+ bad_reg:
+ qemu_log_mask(LOG_GUEST_ERROR,
+ "arm_sysctl_write: Bad register offset 0x%x\n",
+ (int)offset);
+ return;
+ }
+}
+
+static const MemoryRegionOps arm_sysctl_ops = {
+ .read = arm_sysctl_read,
+ .write = arm_sysctl_write,
+ .endianness = DEVICE_NATIVE_ENDIAN,
+};
+
+static void arm_sysctl_gpio_set(void *opaque, int line, int level)
+{
+ arm_sysctl_state *s = (arm_sysctl_state *)opaque;
+ switch (line) {
+ case ARM_SYSCTL_GPIO_MMC_WPROT:
+ {
+ /* For PB926 and EB write-protect is bit 2 of SYS_MCI;
+ * for all later boards it is bit 1.
+ */
+ int bit = 2;
+ if ((board_id(s) == BOARD_ID_PB926) || (board_id(s) == BOARD_ID_EB)) {
+ bit = 4;
+ }
+ s->sys_mci &= ~bit;
+ if (level) {
+ s->sys_mci |= bit;
+ }
+ break;
+ }
+ case ARM_SYSCTL_GPIO_MMC_CARDIN:
+ s->sys_mci &= ~1;
+ if (level) {
+ s->sys_mci |= 1;
+ }
+ break;
+ }
+}
+
+static void arm_sysctl_init(Object *obj)
+{
+ DeviceState *dev = DEVICE(obj);
+ SysBusDevice *sd = SYS_BUS_DEVICE(obj);
+ arm_sysctl_state *s = ARM_SYSCTL(obj);
+
+ memory_region_init_io(&s->iomem, OBJECT(dev), &arm_sysctl_ops, s,
+ "arm-sysctl", 0x1000);
+ sysbus_init_mmio(sd, &s->iomem);
+ qdev_init_gpio_in(dev, arm_sysctl_gpio_set, 2);
+ qdev_init_gpio_out(dev, &s->pl110_mux_ctrl, 1);
+}
+
+static void arm_sysctl_realize(DeviceState *d, Error **errp)
+{
+ arm_sysctl_state *s = ARM_SYSCTL(d);
+
+ s->db_clock = g_new0(uint32_t, s->db_num_clocks);
+}
+
+static void arm_sysctl_finalize(Object *obj)
+{
+ arm_sysctl_state *s = ARM_SYSCTL(obj);
+
+ g_free(s->db_voltage);
+ g_free(s->db_clock);
+ g_free(s->db_clock_reset);
+}
+
+static Property arm_sysctl_properties[] = {
+ DEFINE_PROP_UINT32("sys_id", arm_sysctl_state, sys_id, 0),
+ DEFINE_PROP_UINT32("proc_id", arm_sysctl_state, proc_id, 0),
+ /* Daughterboard power supply voltages (as reported via SYS_CFG) */
+ DEFINE_PROP_ARRAY("db-voltage", arm_sysctl_state, db_num_vsensors,
+ db_voltage, qdev_prop_uint32, uint32_t),
+ /* Daughterboard clock reset values (as reported via SYS_CFG) */
+ DEFINE_PROP_ARRAY("db-clock", arm_sysctl_state, db_num_clocks,
+ db_clock_reset, qdev_prop_uint32, uint32_t),
+ DEFINE_PROP_END_OF_LIST(),
+};
+
+static void arm_sysctl_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+
+ dc->realize = arm_sysctl_realize;
+ dc->reset = arm_sysctl_reset;
+ dc->vmsd = &vmstate_arm_sysctl;
+ dc->props = arm_sysctl_properties;
+}
+
+static const TypeInfo arm_sysctl_info = {
+ .name = TYPE_ARM_SYSCTL,
+ .parent = TYPE_SYS_BUS_DEVICE,
+ .instance_size = sizeof(arm_sysctl_state),
+ .instance_init = arm_sysctl_init,
+ .instance_finalize = arm_sysctl_finalize,
+ .class_init = arm_sysctl_class_init,
+};
+
+static void arm_sysctl_register_types(void)
+{
+ type_register_static(&arm_sysctl_info);
+}
+
+type_init(arm_sysctl_register_types)
diff --git a/hw/misc/cbus.c b/hw/misc/cbus.c
new file mode 100644
index 000000000..29b467b61
--- /dev/null
+++ b/hw/misc/cbus.c
@@ -0,0 +1,618 @@
+/*
+ * CBUS three-pin bus and the Retu / Betty / Tahvo / Vilma / Avilma /
+ * Hinku / Vinku / Ahne / Pihi chips used in various Nokia platforms.
+ * Based on reverse-engineering of a linux driver.
+ *
+ * Copyright (C) 2008 Nokia Corporation
+ * Written by Andrzej Zaborowski <andrew@openedhand.com>
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License as
+ * published by the Free Software Foundation; either version 2 or
+ * (at your option) version 3 of the License.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "qemu-common.h"
+#include "hw/irq.h"
+#include "hw/devices.h"
+#include "sysemu/sysemu.h"
+
+//#define DEBUG
+
+typedef struct {
+ void *opaque;
+ void (*io)(void *opaque, int rw, int reg, uint16_t *val);
+ int addr;
+} CBusSlave;
+
+typedef struct {
+ CBus cbus;
+
+ int sel;
+ int dat;
+ int clk;
+ int bit;
+ int dir;
+ uint16_t val;
+ qemu_irq dat_out;
+
+ int addr;
+ int reg;
+ int rw;
+ enum {
+ cbus_address,
+ cbus_value,
+ } cycle;
+
+ CBusSlave *slave[8];
+} CBusPriv;
+
+static void cbus_io(CBusPriv *s)
+{
+ if (s->slave[s->addr])
+ s->slave[s->addr]->io(s->slave[s->addr]->opaque,
+ s->rw, s->reg, &s->val);
+ else
+ hw_error("%s: bad slave address %i\n", __FUNCTION__, s->addr);
+}
+
+static void cbus_cycle(CBusPriv *s)
+{
+ switch (s->cycle) {
+ case cbus_address:
+ s->addr = (s->val >> 6) & 7;
+ s->rw = (s->val >> 5) & 1;
+ s->reg = (s->val >> 0) & 0x1f;
+
+ s->cycle = cbus_value;
+ s->bit = 15;
+ s->dir = !s->rw;
+ s->val = 0;
+
+ if (s->rw)
+ cbus_io(s);
+ break;
+
+ case cbus_value:
+ if (!s->rw)
+ cbus_io(s);
+
+ s->cycle = cbus_address;
+ s->bit = 8;
+ s->dir = 1;
+ s->val = 0;
+ break;
+ }
+}
+
+static void cbus_clk(void *opaque, int line, int level)
+{
+ CBusPriv *s = (CBusPriv *) opaque;
+
+ if (!s->sel && level && !s->clk) {
+ if (s->dir)
+ s->val |= s->dat << (s->bit --);
+ else
+ qemu_set_irq(s->dat_out, (s->val >> (s->bit --)) & 1);
+
+ if (s->bit < 0)
+ cbus_cycle(s);
+ }
+
+ s->clk = level;
+}
+
+static void cbus_dat(void *opaque, int line, int level)
+{
+ CBusPriv *s = (CBusPriv *) opaque;
+
+ s->dat = level;
+}
+
+static void cbus_sel(void *opaque, int line, int level)
+{
+ CBusPriv *s = (CBusPriv *) opaque;
+
+ if (!level) {
+ s->dir = 1;
+ s->bit = 8;
+ s->val = 0;
+ }
+
+ s->sel = level;
+}
+
+CBus *cbus_init(qemu_irq dat)
+{
+ CBusPriv *s = (CBusPriv *) g_malloc0(sizeof(*s));
+
+ s->dat_out = dat;
+ s->cbus.clk = qemu_allocate_irqs(cbus_clk, s, 1)[0];
+ s->cbus.dat = qemu_allocate_irqs(cbus_dat, s, 1)[0];
+ s->cbus.sel = qemu_allocate_irqs(cbus_sel, s, 1)[0];
+
+ s->sel = 1;
+ s->clk = 0;
+ s->dat = 0;
+
+ return &s->cbus;
+}
+
+void cbus_attach(CBus *bus, void *slave_opaque)
+{
+ CBusSlave *slave = (CBusSlave *) slave_opaque;
+ CBusPriv *s = (CBusPriv *) bus;
+
+ s->slave[slave->addr] = slave;
+}
+
+/* Retu/Vilma */
+typedef struct {
+ uint16_t irqst;
+ uint16_t irqen;
+ uint16_t cc[2];
+ int channel;
+ uint16_t result[16];
+ uint16_t sample;
+ uint16_t status;
+
+ struct {
+ uint16_t cal;
+ } rtc;
+
+ int is_vilma;
+ qemu_irq irq;
+ CBusSlave cbus;
+} CBusRetu;
+
+static void retu_interrupt_update(CBusRetu *s)
+{
+ qemu_set_irq(s->irq, s->irqst & ~s->irqen);
+}
+
+#define RETU_REG_ASICR 0x00 /* (RO) ASIC ID & revision */
+#define RETU_REG_IDR 0x01 /* (T) Interrupt ID */
+#define RETU_REG_IMR 0x02 /* (RW) Interrupt mask */
+#define RETU_REG_RTCDSR 0x03 /* (RW) RTC seconds register */
+#define RETU_REG_RTCHMR 0x04 /* (RO) RTC hours and minutes reg */
+#define RETU_REG_RTCHMAR 0x05 /* (RW) RTC hours and minutes set reg */
+#define RETU_REG_RTCCALR 0x06 /* (RW) RTC calibration register */
+#define RETU_REG_ADCR 0x08 /* (RW) ADC result register */
+#define RETU_REG_ADCSCR 0x09 /* (RW) ADC sample control register */
+#define RETU_REG_AFCR 0x0a /* (RW) AFC register */
+#define RETU_REG_ANTIFR 0x0b /* (RW) AntiF register */
+#define RETU_REG_CALIBR 0x0c /* (RW) CalibR register*/
+#define RETU_REG_CCR1 0x0d /* (RW) Common control register 1 */
+#define RETU_REG_CCR2 0x0e /* (RW) Common control register 2 */
+#define RETU_REG_RCTRL_CLR 0x0f /* (T) Regulator clear register */
+#define RETU_REG_RCTRL_SET 0x10 /* (T) Regulator set register */
+#define RETU_REG_TXCR 0x11 /* (RW) TxC register */
+#define RETU_REG_STATUS 0x16 /* (RO) Status register */
+#define RETU_REG_WATCHDOG 0x17 /* (RW) Watchdog register */
+#define RETU_REG_AUDTXR 0x18 /* (RW) Audio Codec Tx register */
+#define RETU_REG_AUDPAR 0x19 /* (RW) AudioPA register */
+#define RETU_REG_AUDRXR1 0x1a /* (RW) Audio receive register 1 */
+#define RETU_REG_AUDRXR2 0x1b /* (RW) Audio receive register 2 */
+#define RETU_REG_SGR1 0x1c /* (RW) */
+#define RETU_REG_SCR1 0x1d /* (RW) */
+#define RETU_REG_SGR2 0x1e /* (RW) */
+#define RETU_REG_SCR2 0x1f /* (RW) */
+
+/* Retu Interrupt sources */
+enum {
+ retu_int_pwr = 0, /* Power button */
+ retu_int_char = 1, /* Charger */
+ retu_int_rtcs = 2, /* Seconds */
+ retu_int_rtcm = 3, /* Minutes */
+ retu_int_rtcd = 4, /* Days */
+ retu_int_rtca = 5, /* Alarm */
+ retu_int_hook = 6, /* Hook */
+ retu_int_head = 7, /* Headset */
+ retu_int_adcs = 8, /* ADC sample */
+};
+
+/* Retu ADC channel wiring */
+enum {
+ retu_adc_bsi = 1, /* BSI */
+ retu_adc_batt_temp = 2, /* Battery temperature */
+ retu_adc_chg_volt = 3, /* Charger voltage */
+ retu_adc_head_det = 4, /* Headset detection */
+ retu_adc_hook_det = 5, /* Hook detection */
+ retu_adc_rf_gp = 6, /* RF GP */
+ retu_adc_tx_det = 7, /* Wideband Tx detection */
+ retu_adc_batt_volt = 8, /* Battery voltage */
+ retu_adc_sens = 10, /* Light sensor */
+ retu_adc_sens_temp = 11, /* Light sensor temperature */
+ retu_adc_bbatt_volt = 12, /* Backup battery voltage */
+ retu_adc_self_temp = 13, /* RETU temperature */
+};
+
+static inline uint16_t retu_read(CBusRetu *s, int reg)
+{
+#ifdef DEBUG
+ printf("RETU read at %02x\n", reg);
+#endif
+
+ switch (reg) {
+ case RETU_REG_ASICR:
+ return 0x0215 | (s->is_vilma << 7);
+
+ case RETU_REG_IDR: /* TODO: Or is this ffs(s->irqst)? */
+ return s->irqst;
+
+ case RETU_REG_IMR:
+ return s->irqen;
+
+ case RETU_REG_RTCDSR:
+ case RETU_REG_RTCHMR:
+ case RETU_REG_RTCHMAR:
+ /* TODO */
+ return 0x0000;
+
+ case RETU_REG_RTCCALR:
+ return s->rtc.cal;
+
+ case RETU_REG_ADCR:
+ return (s->channel << 10) | s->result[s->channel];
+ case RETU_REG_ADCSCR:
+ return s->sample;
+
+ case RETU_REG_AFCR:
+ case RETU_REG_ANTIFR:
+ case RETU_REG_CALIBR:
+ /* TODO */
+ return 0x0000;
+
+ case RETU_REG_CCR1:
+ return s->cc[0];
+ case RETU_REG_CCR2:
+ return s->cc[1];
+
+ case RETU_REG_RCTRL_CLR:
+ case RETU_REG_RCTRL_SET:
+ case RETU_REG_TXCR:
+ /* TODO */
+ return 0x0000;
+
+ case RETU_REG_STATUS:
+ return s->status;
+
+ case RETU_REG_WATCHDOG:
+ case RETU_REG_AUDTXR:
+ case RETU_REG_AUDPAR:
+ case RETU_REG_AUDRXR1:
+ case RETU_REG_AUDRXR2:
+ case RETU_REG_SGR1:
+ case RETU_REG_SCR1:
+ case RETU_REG_SGR2:
+ case RETU_REG_SCR2:
+ /* TODO */
+ return 0x0000;
+
+ default:
+ hw_error("%s: bad register %02x\n", __FUNCTION__, reg);
+ }
+}
+
+static inline void retu_write(CBusRetu *s, int reg, uint16_t val)
+{
+#ifdef DEBUG
+ printf("RETU write of %04x at %02x\n", val, reg);
+#endif
+
+ switch (reg) {
+ case RETU_REG_IDR:
+ s->irqst ^= val;
+ retu_interrupt_update(s);
+ break;
+
+ case RETU_REG_IMR:
+ s->irqen = val;
+ retu_interrupt_update(s);
+ break;
+
+ case RETU_REG_RTCDSR:
+ case RETU_REG_RTCHMAR:
+ /* TODO */
+ break;
+
+ case RETU_REG_RTCCALR:
+ s->rtc.cal = val;
+ break;
+
+ case RETU_REG_ADCR:
+ s->channel = (val >> 10) & 0xf;
+ s->irqst |= 1 << retu_int_adcs;
+ retu_interrupt_update(s);
+ break;
+ case RETU_REG_ADCSCR:
+ s->sample &= ~val;
+ break;
+
+ case RETU_REG_AFCR:
+ case RETU_REG_ANTIFR:
+ case RETU_REG_CALIBR:
+
+ case RETU_REG_CCR1:
+ s->cc[0] = val;
+ break;
+ case RETU_REG_CCR2:
+ s->cc[1] = val;
+ break;
+
+ case RETU_REG_RCTRL_CLR:
+ case RETU_REG_RCTRL_SET:
+ /* TODO */
+ break;
+
+ case RETU_REG_WATCHDOG:
+ if (val == 0 && (s->cc[0] & 2))
+ qemu_system_shutdown_request();
+ break;
+
+ case RETU_REG_TXCR:
+ case RETU_REG_AUDTXR:
+ case RETU_REG_AUDPAR:
+ case RETU_REG_AUDRXR1:
+ case RETU_REG_AUDRXR2:
+ case RETU_REG_SGR1:
+ case RETU_REG_SCR1:
+ case RETU_REG_SGR2:
+ case RETU_REG_SCR2:
+ /* TODO */
+ break;
+
+ default:
+ hw_error("%s: bad register %02x\n", __FUNCTION__, reg);
+ }
+}
+
+static void retu_io(void *opaque, int rw, int reg, uint16_t *val)
+{
+ CBusRetu *s = (CBusRetu *) opaque;
+
+ if (rw)
+ *val = retu_read(s, reg);
+ else
+ retu_write(s, reg, *val);
+}
+
+void *retu_init(qemu_irq irq, int vilma)
+{
+ CBusRetu *s = (CBusRetu *) g_malloc0(sizeof(*s));
+
+ s->irq = irq;
+ s->irqen = 0xffff;
+ s->irqst = 0x0000;
+ s->status = 0x0020;
+ s->is_vilma = !!vilma;
+ s->rtc.cal = 0x01;
+ s->result[retu_adc_bsi] = 0x3c2;
+ s->result[retu_adc_batt_temp] = 0x0fc;
+ s->result[retu_adc_chg_volt] = 0x165;
+ s->result[retu_adc_head_det] = 123;
+ s->result[retu_adc_hook_det] = 1023;
+ s->result[retu_adc_rf_gp] = 0x11;
+ s->result[retu_adc_tx_det] = 0x11;
+ s->result[retu_adc_batt_volt] = 0x250;
+ s->result[retu_adc_sens] = 2;
+ s->result[retu_adc_sens_temp] = 0x11;
+ s->result[retu_adc_bbatt_volt] = 0x3d0;
+ s->result[retu_adc_self_temp] = 0x330;
+
+ s->cbus.opaque = s;
+ s->cbus.io = retu_io;
+ s->cbus.addr = 1;
+
+ return &s->cbus;
+}
+
+void retu_key_event(void *retu, int state)
+{
+ CBusSlave *slave = (CBusSlave *) retu;
+ CBusRetu *s = (CBusRetu *) slave->opaque;
+
+ s->irqst |= 1 << retu_int_pwr;
+ retu_interrupt_update(s);
+
+ if (state)
+ s->status &= ~(1 << 5);
+ else
+ s->status |= 1 << 5;
+}
+
+#if 0
+static void retu_head_event(void *retu, int state)
+{
+ CBusSlave *slave = (CBusSlave *) retu;
+ CBusRetu *s = (CBusRetu *) slave->opaque;
+
+ if ((s->cc[0] & 0x500) == 0x500) { /* TODO: Which bits? */
+ /* TODO: reissue the interrupt every 100ms or so. */
+ s->irqst |= 1 << retu_int_head;
+ retu_interrupt_update(s);
+ }
+
+ if (state)
+ s->result[retu_adc_head_det] = 50;
+ else
+ s->result[retu_adc_head_det] = 123;
+}
+
+static void retu_hook_event(void *retu, int state)
+{
+ CBusSlave *slave = (CBusSlave *) retu;
+ CBusRetu *s = (CBusRetu *) slave->opaque;
+
+ if ((s->cc[0] & 0x500) == 0x500) {
+ /* TODO: reissue the interrupt every 100ms or so. */
+ s->irqst |= 1 << retu_int_hook;
+ retu_interrupt_update(s);
+ }
+
+ if (state)
+ s->result[retu_adc_hook_det] = 50;
+ else
+ s->result[retu_adc_hook_det] = 123;
+}
+#endif
+
+/* Tahvo/Betty */
+typedef struct {
+ uint16_t irqst;
+ uint16_t irqen;
+ uint8_t charger;
+ uint8_t backlight;
+ uint16_t usbr;
+ uint16_t power;
+
+ int is_betty;
+ qemu_irq irq;
+ CBusSlave cbus;
+} CBusTahvo;
+
+static void tahvo_interrupt_update(CBusTahvo *s)
+{
+ qemu_set_irq(s->irq, s->irqst & ~s->irqen);
+}
+
+#define TAHVO_REG_ASICR 0x00 /* (RO) ASIC ID & revision */
+#define TAHVO_REG_IDR 0x01 /* (T) Interrupt ID */
+#define TAHVO_REG_IDSR 0x02 /* (RO) Interrupt status */
+#define TAHVO_REG_IMR 0x03 /* (RW) Interrupt mask */
+#define TAHVO_REG_CHAPWMR 0x04 /* (RW) Charger PWM */
+#define TAHVO_REG_LEDPWMR 0x05 /* (RW) LED PWM */
+#define TAHVO_REG_USBR 0x06 /* (RW) USB control */
+#define TAHVO_REG_RCR 0x07 /* (RW) Some kind of power management */
+#define TAHVO_REG_CCR1 0x08 /* (RW) Common control register 1 */
+#define TAHVO_REG_CCR2 0x09 /* (RW) Common control register 2 */
+#define TAHVO_REG_TESTR1 0x0a /* (RW) Test register 1 */
+#define TAHVO_REG_TESTR2 0x0b /* (RW) Test register 2 */
+#define TAHVO_REG_NOPR 0x0c /* (RW) Number of periods */
+#define TAHVO_REG_FRR 0x0d /* (RO) FR */
+
+static inline uint16_t tahvo_read(CBusTahvo *s, int reg)
+{
+#ifdef DEBUG
+ printf("TAHVO read at %02x\n", reg);
+#endif
+
+ switch (reg) {
+ case TAHVO_REG_ASICR:
+ return 0x0021 | (s->is_betty ? 0x0b00 : 0x0300); /* 22 in N810 */
+
+ case TAHVO_REG_IDR:
+ case TAHVO_REG_IDSR: /* XXX: what does this do? */
+ return s->irqst;
+
+ case TAHVO_REG_IMR:
+ return s->irqen;
+
+ case TAHVO_REG_CHAPWMR:
+ return s->charger;
+
+ case TAHVO_REG_LEDPWMR:
+ return s->backlight;
+
+ case TAHVO_REG_USBR:
+ return s->usbr;
+
+ case TAHVO_REG_RCR:
+ return s->power;
+
+ case TAHVO_REG_CCR1:
+ case TAHVO_REG_CCR2:
+ case TAHVO_REG_TESTR1:
+ case TAHVO_REG_TESTR2:
+ case TAHVO_REG_NOPR:
+ case TAHVO_REG_FRR:
+ return 0x0000;
+
+ default:
+ hw_error("%s: bad register %02x\n", __FUNCTION__, reg);
+ }
+}
+
+static inline void tahvo_write(CBusTahvo *s, int reg, uint16_t val)
+{
+#ifdef DEBUG
+ printf("TAHVO write of %04x at %02x\n", val, reg);
+#endif
+
+ switch (reg) {
+ case TAHVO_REG_IDR:
+ s->irqst ^= val;
+ tahvo_interrupt_update(s);
+ break;
+
+ case TAHVO_REG_IMR:
+ s->irqen = val;
+ tahvo_interrupt_update(s);
+ break;
+
+ case TAHVO_REG_CHAPWMR:
+ s->charger = val;
+ break;
+
+ case TAHVO_REG_LEDPWMR:
+ if (s->backlight != (val & 0x7f)) {
+ s->backlight = val & 0x7f;
+ printf("%s: LCD backlight now at %i / 127\n",
+ __FUNCTION__, s->backlight);
+ }
+ break;
+
+ case TAHVO_REG_USBR:
+ s->usbr = val;
+ break;
+
+ case TAHVO_REG_RCR:
+ s->power = val;
+ break;
+
+ case TAHVO_REG_CCR1:
+ case TAHVO_REG_CCR2:
+ case TAHVO_REG_TESTR1:
+ case TAHVO_REG_TESTR2:
+ case TAHVO_REG_NOPR:
+ case TAHVO_REG_FRR:
+ break;
+
+ default:
+ hw_error("%s: bad register %02x\n", __FUNCTION__, reg);
+ }
+}
+
+static void tahvo_io(void *opaque, int rw, int reg, uint16_t *val)
+{
+ CBusTahvo *s = (CBusTahvo *) opaque;
+
+ if (rw)
+ *val = tahvo_read(s, reg);
+ else
+ tahvo_write(s, reg, *val);
+}
+
+void *tahvo_init(qemu_irq irq, int betty)
+{
+ CBusTahvo *s = (CBusTahvo *) g_malloc0(sizeof(*s));
+
+ s->irq = irq;
+ s->irqen = 0xffff;
+ s->irqst = 0x0000;
+ s->is_betty = !!betty;
+
+ s->cbus.opaque = s;
+ s->cbus.io = tahvo_io;
+ s->cbus.addr = 2;
+
+ return &s->cbus;
+}
diff --git a/hw/misc/debugexit.c b/hw/misc/debugexit.c
new file mode 100644
index 000000000..9db568001
--- /dev/null
+++ b/hw/misc/debugexit.c
@@ -0,0 +1,76 @@
+/*
+ * debug exit port emulation
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License as
+ * published by the Free Software Foundation; either version 2 or
+ * (at your option) any later version.
+ */
+
+#include "hw/hw.h"
+#include "hw/isa/isa.h"
+
+#define TYPE_ISA_DEBUG_EXIT_DEVICE "isa-debug-exit"
+#define ISA_DEBUG_EXIT_DEVICE(obj) \
+ OBJECT_CHECK(ISADebugExitState, (obj), TYPE_ISA_DEBUG_EXIT_DEVICE)
+
+typedef struct ISADebugExitState {
+ ISADevice parent_obj;
+
+ uint32_t iobase;
+ uint32_t iosize;
+ MemoryRegion io;
+} ISADebugExitState;
+
+static void debug_exit_write(void *opaque, hwaddr addr, uint64_t val,
+ unsigned width)
+{
+ exit((val << 1) | 1);
+}
+
+static const MemoryRegionOps debug_exit_ops = {
+ .write = debug_exit_write,
+ .valid.min_access_size = 1,
+ .valid.max_access_size = 4,
+ .endianness = DEVICE_LITTLE_ENDIAN,
+};
+
+static void debug_exit_realizefn(DeviceState *d, Error **errp)
+{
+ ISADevice *dev = ISA_DEVICE(d);
+ ISADebugExitState *isa = ISA_DEBUG_EXIT_DEVICE(d);
+
+ memory_region_init_io(&isa->io, OBJECT(dev), &debug_exit_ops, isa,
+ TYPE_ISA_DEBUG_EXIT_DEVICE, isa->iosize);
+ memory_region_add_subregion(isa_address_space_io(dev),
+ isa->iobase, &isa->io);
+}
+
+static Property debug_exit_properties[] = {
+ DEFINE_PROP_HEX32("iobase", ISADebugExitState, iobase, 0x501),
+ DEFINE_PROP_HEX32("iosize", ISADebugExitState, iosize, 0x02),
+ DEFINE_PROP_END_OF_LIST(),
+};
+
+static void debug_exit_class_initfn(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+
+ dc->realize = debug_exit_realizefn;
+ dc->props = debug_exit_properties;
+ set_bit(DEVICE_CATEGORY_MISC, dc->categories);
+}
+
+static const TypeInfo debug_exit_info = {
+ .name = TYPE_ISA_DEBUG_EXIT_DEVICE,
+ .parent = TYPE_ISA_DEVICE,
+ .instance_size = sizeof(ISADebugExitState),
+ .class_init = debug_exit_class_initfn,
+};
+
+static void debug_exit_register_types(void)
+{
+ type_register_static(&debug_exit_info);
+}
+
+type_init(debug_exit_register_types)
diff --git a/hw/misc/eccmemctl.c b/hw/misc/eccmemctl.c
new file mode 100644
index 000000000..96a69d4e5
--- /dev/null
+++ b/hw/misc/eccmemctl.c
@@ -0,0 +1,345 @@
+/*
+ * QEMU Sparc Sun4m ECC memory controller emulation
+ *
+ * Copyright (c) 2007 Robert Reif
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+#include "hw/sysbus.h"
+#include "trace.h"
+
+/* There are 3 versions of this chip used in SMP sun4m systems:
+ * MCC (version 0, implementation 0) SS-600MP
+ * EMC (version 0, implementation 1) SS-10
+ * SMC (version 0, implementation 2) SS-10SX and SS-20
+ *
+ * Chipset docs:
+ * "Sun-4M System Architecture (revision 2.0) by Chuck Narad", 950-1373-01,
+ * http://mediacast.sun.com/users/Barton808/media/Sun4M_SystemArchitecture_edited2.pdf
+ */
+
+#define ECC_MCC 0x00000000
+#define ECC_EMC 0x10000000
+#define ECC_SMC 0x20000000
+
+/* Register indexes */
+#define ECC_MER 0 /* Memory Enable Register */
+#define ECC_MDR 1 /* Memory Delay Register */
+#define ECC_MFSR 2 /* Memory Fault Status Register */
+#define ECC_VCR 3 /* Video Configuration Register */
+#define ECC_MFAR0 4 /* Memory Fault Address Register 0 */
+#define ECC_MFAR1 5 /* Memory Fault Address Register 1 */
+#define ECC_DR 6 /* Diagnostic Register */
+#define ECC_ECR0 7 /* Event Count Register 0 */
+#define ECC_ECR1 8 /* Event Count Register 1 */
+
+/* ECC fault control register */
+#define ECC_MER_EE 0x00000001 /* Enable ECC checking */
+#define ECC_MER_EI 0x00000002 /* Enable Interrupts on
+ correctable errors */
+#define ECC_MER_MRR0 0x00000004 /* SIMM 0 */
+#define ECC_MER_MRR1 0x00000008 /* SIMM 1 */
+#define ECC_MER_MRR2 0x00000010 /* SIMM 2 */
+#define ECC_MER_MRR3 0x00000020 /* SIMM 3 */
+#define ECC_MER_MRR4 0x00000040 /* SIMM 4 */
+#define ECC_MER_MRR5 0x00000080 /* SIMM 5 */
+#define ECC_MER_MRR6 0x00000100 /* SIMM 6 */
+#define ECC_MER_MRR7 0x00000200 /* SIMM 7 */
+#define ECC_MER_REU 0x00000100 /* Memory Refresh Enable (600MP) */
+#define ECC_MER_MRR 0x000003fc /* MRR mask */
+#define ECC_MER_A 0x00000400 /* Memory controller addr map select */
+#define ECC_MER_DCI 0x00000800 /* Disables Coherent Invalidate ACK */
+#define ECC_MER_VER 0x0f000000 /* Version */
+#define ECC_MER_IMPL 0xf0000000 /* Implementation */
+#define ECC_MER_MASK_0 0x00000103 /* Version 0 (MCC) mask */
+#define ECC_MER_MASK_1 0x00000bff /* Version 1 (EMC) mask */
+#define ECC_MER_MASK_2 0x00000bff /* Version 2 (SMC) mask */
+
+/* ECC memory delay register */
+#define ECC_MDR_RRI 0x000003ff /* Refresh Request Interval */
+#define ECC_MDR_MI 0x00001c00 /* MIH Delay */
+#define ECC_MDR_CI 0x0000e000 /* Coherent Invalidate Delay */
+#define ECC_MDR_MDL 0x001f0000 /* MBus Master arbitration delay */
+#define ECC_MDR_MDH 0x03e00000 /* MBus Master arbitration delay */
+#define ECC_MDR_GAD 0x7c000000 /* Graphics Arbitration Delay */
+#define ECC_MDR_RSC 0x80000000 /* Refresh load control */
+#define ECC_MDR_MASK 0x7fffffff
+
+/* ECC fault status register */
+#define ECC_MFSR_CE 0x00000001 /* Correctable error */
+#define ECC_MFSR_BS 0x00000002 /* C2 graphics bad slot access */
+#define ECC_MFSR_TO 0x00000004 /* Timeout on write */
+#define ECC_MFSR_UE 0x00000008 /* Uncorrectable error */
+#define ECC_MFSR_DW 0x000000f0 /* Index of double word in block */
+#define ECC_MFSR_SYND 0x0000ff00 /* Syndrome for correctable error */
+#define ECC_MFSR_ME 0x00010000 /* Multiple errors */
+#define ECC_MFSR_C2ERR 0x00020000 /* C2 graphics error */
+
+/* ECC fault address register 0 */
+#define ECC_MFAR0_PADDR 0x0000000f /* PA[32-35] */
+#define ECC_MFAR0_TYPE 0x000000f0 /* Transaction type */
+#define ECC_MFAR0_SIZE 0x00000700 /* Transaction size */
+#define ECC_MFAR0_CACHE 0x00000800 /* Mapped cacheable */
+#define ECC_MFAR0_LOCK 0x00001000 /* Error occurred in atomic cycle */
+#define ECC_MFAR0_BMODE 0x00002000 /* Boot mode */
+#define ECC_MFAR0_VADDR 0x003fc000 /* VA[12-19] (superset bits) */
+#define ECC_MFAR0_S 0x08000000 /* Supervisor mode */
+#define ECC_MFARO_MID 0xf0000000 /* Module ID */
+
+/* ECC diagnostic register */
+#define ECC_DR_CBX 0x00000001
+#define ECC_DR_CB0 0x00000002
+#define ECC_DR_CB1 0x00000004
+#define ECC_DR_CB2 0x00000008
+#define ECC_DR_CB4 0x00000010
+#define ECC_DR_CB8 0x00000020
+#define ECC_DR_CB16 0x00000040
+#define ECC_DR_CB32 0x00000080
+#define ECC_DR_DMODE 0x00000c00
+
+#define ECC_NREGS 9
+#define ECC_SIZE (ECC_NREGS * sizeof(uint32_t))
+
+#define ECC_DIAG_SIZE 4
+#define ECC_DIAG_MASK (ECC_DIAG_SIZE - 1)
+
+#define TYPE_ECC_MEMCTL "eccmemctl"
+#define ECC_MEMCTL(obj) OBJECT_CHECK(ECCState, (obj), TYPE_ECC_MEMCTL)
+
+typedef struct ECCState {
+ SysBusDevice parent_obj;
+
+ MemoryRegion iomem, iomem_diag;
+ qemu_irq irq;
+ uint32_t regs[ECC_NREGS];
+ uint8_t diag[ECC_DIAG_SIZE];
+ uint32_t version;
+} ECCState;
+
+static void ecc_mem_write(void *opaque, hwaddr addr, uint64_t val,
+ unsigned size)
+{
+ ECCState *s = opaque;
+
+ switch (addr >> 2) {
+ case ECC_MER:
+ if (s->version == ECC_MCC)
+ s->regs[ECC_MER] = (val & ECC_MER_MASK_0);
+ else if (s->version == ECC_EMC)
+ s->regs[ECC_MER] = s->version | (val & ECC_MER_MASK_1);
+ else if (s->version == ECC_SMC)
+ s->regs[ECC_MER] = s->version | (val & ECC_MER_MASK_2);
+ trace_ecc_mem_writel_mer(val);
+ break;
+ case ECC_MDR:
+ s->regs[ECC_MDR] = val & ECC_MDR_MASK;
+ trace_ecc_mem_writel_mdr(val);
+ break;
+ case ECC_MFSR:
+ s->regs[ECC_MFSR] = val;
+ qemu_irq_lower(s->irq);
+ trace_ecc_mem_writel_mfsr(val);
+ break;
+ case ECC_VCR:
+ s->regs[ECC_VCR] = val;
+ trace_ecc_mem_writel_vcr(val);
+ break;
+ case ECC_DR:
+ s->regs[ECC_DR] = val;
+ trace_ecc_mem_writel_dr(val);
+ break;
+ case ECC_ECR0:
+ s->regs[ECC_ECR0] = val;
+ trace_ecc_mem_writel_ecr0(val);
+ break;
+ case ECC_ECR1:
+ s->regs[ECC_ECR0] = val;
+ trace_ecc_mem_writel_ecr1(val);
+ break;
+ }
+}
+
+static uint64_t ecc_mem_read(void *opaque, hwaddr addr,
+ unsigned size)
+{
+ ECCState *s = opaque;
+ uint32_t ret = 0;
+
+ switch (addr >> 2) {
+ case ECC_MER:
+ ret = s->regs[ECC_MER];
+ trace_ecc_mem_readl_mer(ret);
+ break;
+ case ECC_MDR:
+ ret = s->regs[ECC_MDR];
+ trace_ecc_mem_readl_mdr(ret);
+ break;
+ case ECC_MFSR:
+ ret = s->regs[ECC_MFSR];
+ trace_ecc_mem_readl_mfsr(ret);
+ break;
+ case ECC_VCR:
+ ret = s->regs[ECC_VCR];
+ trace_ecc_mem_readl_vcr(ret);
+ break;
+ case ECC_MFAR0:
+ ret = s->regs[ECC_MFAR0];
+ trace_ecc_mem_readl_mfar0(ret);
+ break;
+ case ECC_MFAR1:
+ ret = s->regs[ECC_MFAR1];
+ trace_ecc_mem_readl_mfar1(ret);
+ break;
+ case ECC_DR:
+ ret = s->regs[ECC_DR];
+ trace_ecc_mem_readl_dr(ret);
+ break;
+ case ECC_ECR0:
+ ret = s->regs[ECC_ECR0];
+ trace_ecc_mem_readl_ecr0(ret);
+ break;
+ case ECC_ECR1:
+ ret = s->regs[ECC_ECR0];
+ trace_ecc_mem_readl_ecr1(ret);
+ break;
+ }
+ return ret;
+}
+
+static const MemoryRegionOps ecc_mem_ops = {
+ .read = ecc_mem_read,
+ .write = ecc_mem_write,
+ .endianness = DEVICE_NATIVE_ENDIAN,
+ .valid = {
+ .min_access_size = 4,
+ .max_access_size = 4,
+ },
+};
+
+static void ecc_diag_mem_write(void *opaque, hwaddr addr,
+ uint64_t val, unsigned size)
+{
+ ECCState *s = opaque;
+
+ trace_ecc_diag_mem_writeb(addr, val);
+ s->diag[addr & ECC_DIAG_MASK] = val;
+}
+
+static uint64_t ecc_diag_mem_read(void *opaque, hwaddr addr,
+ unsigned size)
+{
+ ECCState *s = opaque;
+ uint32_t ret = s->diag[(int)addr];
+
+ trace_ecc_diag_mem_readb(addr, ret);
+ return ret;
+}
+
+static const MemoryRegionOps ecc_diag_mem_ops = {
+ .read = ecc_diag_mem_read,
+ .write = ecc_diag_mem_write,
+ .endianness = DEVICE_NATIVE_ENDIAN,
+ .valid = {
+ .min_access_size = 1,
+ .max_access_size = 1,
+ },
+};
+
+static const VMStateDescription vmstate_ecc = {
+ .name ="ECC",
+ .version_id = 3,
+ .minimum_version_id = 3,
+ .minimum_version_id_old = 3,
+ .fields = (VMStateField []) {
+ VMSTATE_UINT32_ARRAY(regs, ECCState, ECC_NREGS),
+ VMSTATE_BUFFER(diag, ECCState),
+ VMSTATE_UINT32(version, ECCState),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+static void ecc_reset(DeviceState *d)
+{
+ ECCState *s = ECC_MEMCTL(d);
+
+ if (s->version == ECC_MCC) {
+ s->regs[ECC_MER] &= ECC_MER_REU;
+ } else {
+ s->regs[ECC_MER] &= (ECC_MER_VER | ECC_MER_IMPL | ECC_MER_MRR |
+ ECC_MER_DCI);
+ }
+ s->regs[ECC_MDR] = 0x20;
+ s->regs[ECC_MFSR] = 0;
+ s->regs[ECC_VCR] = 0;
+ s->regs[ECC_MFAR0] = 0x07c00000;
+ s->regs[ECC_MFAR1] = 0;
+ s->regs[ECC_DR] = 0;
+ s->regs[ECC_ECR0] = 0;
+ s->regs[ECC_ECR1] = 0;
+}
+
+static int ecc_init1(SysBusDevice *dev)
+{
+ ECCState *s = ECC_MEMCTL(dev);
+
+ sysbus_init_irq(dev, &s->irq);
+ s->regs[0] = s->version;
+ memory_region_init_io(&s->iomem, OBJECT(dev), &ecc_mem_ops, s, "ecc", ECC_SIZE);
+ sysbus_init_mmio(dev, &s->iomem);
+
+ if (s->version == ECC_MCC) { // SS-600MP only
+ memory_region_init_io(&s->iomem_diag, OBJECT(dev), &ecc_diag_mem_ops, s,
+ "ecc.diag", ECC_DIAG_SIZE);
+ sysbus_init_mmio(dev, &s->iomem_diag);
+ }
+
+ return 0;
+}
+
+static Property ecc_properties[] = {
+ DEFINE_PROP_HEX32("version", ECCState, version, -1),
+ DEFINE_PROP_END_OF_LIST(),
+};
+
+static void ecc_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
+
+ k->init = ecc_init1;
+ dc->reset = ecc_reset;
+ dc->vmsd = &vmstate_ecc;
+ dc->props = ecc_properties;
+}
+
+static const TypeInfo ecc_info = {
+ .name = TYPE_ECC_MEMCTL,
+ .parent = TYPE_SYS_BUS_DEVICE,
+ .instance_size = sizeof(ECCState),
+ .class_init = ecc_class_init,
+};
+
+
+static void ecc_register_types(void)
+{
+ type_register_static(&ecc_info);
+}
+
+type_init(ecc_register_types)
diff --git a/hw/misc/exynos4210_pmu.c b/hw/misc/exynos4210_pmu.c
new file mode 100644
index 000000000..cbf0795c0
--- /dev/null
+++ b/hw/misc/exynos4210_pmu.c
@@ -0,0 +1,503 @@
+/*
+ * Exynos4210 Power Management Unit (PMU) Emulation
+ *
+ * Copyright (C) 2011 Samsung Electronics Co Ltd.
+ * Maksim Kozlov <m.kozlov@samsung.com>
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+/*
+ * This model implements PMU registers just as a bulk of memory. Currently,
+ * the only reason this device exists is that secondary CPU boot loader
+ * uses PMU INFORM5 register as a holding pen.
+ */
+
+#include "hw/sysbus.h"
+
+#ifndef DEBUG_PMU
+#define DEBUG_PMU 0
+#endif
+
+#ifndef DEBUG_PMU_EXTEND
+#define DEBUG_PMU_EXTEND 0
+#endif
+
+#if DEBUG_PMU
+#define PRINT_DEBUG(fmt, args...) \
+ do { \
+ fprintf(stderr, " [%s:%d] "fmt, __func__, __LINE__, ##args); \
+ } while (0)
+
+#if DEBUG_PMU_EXTEND
+#define PRINT_DEBUG_EXTEND(fmt, args...) \
+ do { \
+ fprintf(stderr, " [%s:%d] "fmt, __func__, __LINE__, ##args); \
+ } while (0)
+#else
+#define PRINT_DEBUG_EXTEND(fmt, args...) do {} while (0)
+#endif /* EXTEND */
+
+#else
+#define PRINT_DEBUG(fmt, args...) do {} while (0)
+#define PRINT_DEBUG_EXTEND(fmt, args...) do {} while (0)
+#endif
+
+/*
+ * Offsets for PMU registers
+ */
+#define OM_STAT 0x0000 /* OM status register */
+#define RTC_CLKO_SEL 0x000C /* Controls RTCCLKOUT */
+#define GNSS_RTC_OUT_CTRL 0x0010 /* Controls GNSS_RTC_OUT */
+/* Decides whether system-level low-power mode is used. */
+#define SYSTEM_POWER_DOWN_CTRL 0x0200
+/* Sets control options for CENTRAL_SEQ */
+#define SYSTEM_POWER_DOWN_OPTION 0x0208
+#define SWRESET 0x0400 /* Generate software reset */
+#define RST_STAT 0x0404 /* Reset status register */
+#define WAKEUP_STAT 0x0600 /* Wakeup status register */
+#define EINT_WAKEUP_MASK 0x0604 /* Configure External INTerrupt mask */
+#define WAKEUP_MASK 0x0608 /* Configure wakeup source mask */
+#define HDMI_PHY_CONTROL 0x0700 /* HDMI PHY control register */
+#define USBDEVICE_PHY_CONTROL 0x0704 /* USB Device PHY control register */
+#define USBHOST_PHY_CONTROL 0x0708 /* USB HOST PHY control register */
+#define DAC_PHY_CONTROL 0x070C /* DAC control register */
+#define MIPI_PHY0_CONTROL 0x0710 /* MIPI PHY control register */
+#define MIPI_PHY1_CONTROL 0x0714 /* MIPI PHY control register */
+#define ADC_PHY_CONTROL 0x0718 /* TS-ADC control register */
+#define PCIe_PHY_CONTROL 0x071C /* TS-PCIe control register */
+#define SATA_PHY_CONTROL 0x0720 /* TS-SATA control register */
+#define INFORM0 0x0800 /* Information register 0 */
+#define INFORM1 0x0804 /* Information register 1 */
+#define INFORM2 0x0808 /* Information register 2 */
+#define INFORM3 0x080C /* Information register 3 */
+#define INFORM4 0x0810 /* Information register 4 */
+#define INFORM5 0x0814 /* Information register 5 */
+#define INFORM6 0x0818 /* Information register 6 */
+#define INFORM7 0x081C /* Information register 7 */
+#define PMU_DEBUG 0x0A00 /* PMU debug register */
+/* Registers to set system-level low-power option */
+#define ARM_CORE0_SYS_PWR_REG 0x1000
+#define ARM_CORE1_SYS_PWR_REG 0x1010
+#define ARM_COMMON_SYS_PWR_REG 0x1080
+#define ARM_CPU_L2_0_SYS_PWR_REG 0x10C0
+#define ARM_CPU_L2_1_SYS_PWR_REG 0x10C4
+#define CMU_ACLKSTOP_SYS_PWR_REG 0x1100
+#define CMU_SCLKSTOP_SYS_PWR_REG 0x1104
+#define CMU_RESET_SYS_PWR_REG 0x110C
+#define APLL_SYSCLK_SYS_PWR_REG 0x1120
+#define MPLL_SYSCLK_SYS_PWR_REG 0x1124
+#define VPLL_SYSCLK_SYS_PWR_REG 0x1128
+#define EPLL_SYSCLK_SYS_PWR_REG 0x112C
+#define CMU_CLKSTOP_GPS_ALIVE_SYS_PWR_REG 0x1138
+#define CMU_RESET_GPS_ALIVE_SYS_PWR_REG 0x113C
+#define CMU_CLKSTOP_CAM_SYS_PWR_REG 0x1140
+#define CMU_CLKSTOP_TV_SYS_PWR_REG 0x1144
+#define CMU_CLKSTOP_MFC_SYS_PWR_REG 0x1148
+#define CMU_CLKSTOP_G3D_SYS_PWR_REG 0x114C
+#define CMU_CLKSTOP_LCD0_SYS_PWR_REG 0x1150
+#define CMU_CLKSTOP_LCD1_SYS_PWR_REG 0x1154
+#define CMU_CLKSTOP_MAUDIO_SYS_PWR_REG 0x1158
+#define CMU_CLKSTOP_GPS_SYS_PWR_REG 0x115C
+#define CMU_RESET_CAM_SYS_PWR_REG 0x1160
+#define CMU_RESET_TV_SYS_PWR_REG 0x1164
+#define CMU_RESET_MFC_SYS_PWR_REG 0x1168
+#define CMU_RESET_G3D_SYS_PWR_REG 0x116C
+#define CMU_RESET_LCD0_SYS_PWR_REG 0x1170
+#define CMU_RESET_LCD1_SYS_PWR_REG 0x1174
+#define CMU_RESET_MAUDIO_SYS_PWR_REG 0x1178
+#define CMU_RESET_GPS_SYS_PWR_REG 0x117C
+#define TOP_BUS_SYS_PWR_REG 0x1180
+#define TOP_RETENTION_SYS_PWR_REG 0x1184
+#define TOP_PWR_SYS_PWR_REG 0x1188
+#define LOGIC_RESET_SYS_PWR_REG 0x11A0
+#define OneNANDXL_MEM_SYS_PWR_REG 0x11C0
+#define MODEMIF_MEM_SYS_PWR_REG 0x11C4
+#define USBDEVICE_MEM_SYS_PWR_REG 0x11CC
+#define SDMMC_MEM_SYS_PWR_REG 0x11D0
+#define CSSYS_MEM_SYS_PWR_REG 0x11D4
+#define SECSS_MEM_SYS_PWR_REG 0x11D8
+#define PCIe_MEM_SYS_PWR_REG 0x11E0
+#define SATA_MEM_SYS_PWR_REG 0x11E4
+#define PAD_RETENTION_DRAM_SYS_PWR_REG 0x1200
+#define PAD_RETENTION_MAUDIO_SYS_PWR_REG 0x1204
+#define PAD_RETENTION_GPIO_SYS_PWR_REG 0x1220
+#define PAD_RETENTION_UART_SYS_PWR_REG 0x1224
+#define PAD_RETENTION_MMCA_SYS_PWR_REG 0x1228
+#define PAD_RETENTION_MMCB_SYS_PWR_REG 0x122C
+#define PAD_RETENTION_EBIA_SYS_PWR_REG 0x1230
+#define PAD_RETENTION_EBIB_SYS_PWR_REG 0x1234
+#define PAD_ISOLATION_SYS_PWR_REG 0x1240
+#define PAD_ALV_SEL_SYS_PWR_REG 0x1260
+#define XUSBXTI_SYS_PWR_REG 0x1280
+#define XXTI_SYS_PWR_REG 0x1284
+#define EXT_REGULATOR_SYS_PWR_REG 0x12C0
+#define GPIO_MODE_SYS_PWR_REG 0x1300
+#define GPIO_MODE_MAUDIO_SYS_PWR_REG 0x1340
+#define CAM_SYS_PWR_REG 0x1380
+#define TV_SYS_PWR_REG 0x1384
+#define MFC_SYS_PWR_REG 0x1388
+#define G3D_SYS_PWR_REG 0x138C
+#define LCD0_SYS_PWR_REG 0x1390
+#define LCD1_SYS_PWR_REG 0x1394
+#define MAUDIO_SYS_PWR_REG 0x1398
+#define GPS_SYS_PWR_REG 0x139C
+#define GPS_ALIVE_SYS_PWR_REG 0x13A0
+#define ARM_CORE0_CONFIGURATION 0x2000 /* Configure power mode of ARM_CORE0 */
+#define ARM_CORE0_STATUS 0x2004 /* Check power mode of ARM_CORE0 */
+#define ARM_CORE0_OPTION 0x2008 /* Sets control options for ARM_CORE0 */
+#define ARM_CORE1_CONFIGURATION 0x2080 /* Configure power mode of ARM_CORE1 */
+#define ARM_CORE1_STATUS 0x2084 /* Check power mode of ARM_CORE1 */
+#define ARM_CORE1_OPTION 0x2088 /* Sets control options for ARM_CORE0 */
+#define ARM_COMMON_OPTION 0x2408 /* Sets control options for ARM_COMMON */
+/* Configure power mode of ARM_CPU_L2_0 */
+#define ARM_CPU_L2_0_CONFIGURATION 0x2600
+#define ARM_CPU_L2_0_STATUS 0x2604 /* Check power mode of ARM_CPU_L2_0 */
+/* Configure power mode of ARM_CPU_L2_1 */
+#define ARM_CPU_L2_1_CONFIGURATION 0x2620
+#define ARM_CPU_L2_1_STATUS 0x2624 /* Check power mode of ARM_CPU_L2_1 */
+/* Sets control options for PAD_RETENTION_MAUDIO */
+#define PAD_RETENTION_MAUDIO_OPTION 0x3028
+/* Sets control options for PAD_RETENTION_GPIO */
+#define PAD_RETENTION_GPIO_OPTION 0x3108
+/* Sets control options for PAD_RETENTION_UART */
+#define PAD_RETENTION_UART_OPTION 0x3128
+/* Sets control options for PAD_RETENTION_MMCA */
+#define PAD_RETENTION_MMCA_OPTION 0x3148
+/* Sets control options for PAD_RETENTION_MMCB */
+#define PAD_RETENTION_MMCB_OPTION 0x3168
+/* Sets control options for PAD_RETENTION_EBIA */
+#define PAD_RETENTION_EBIA_OPTION 0x3188
+/* Sets control options for PAD_RETENTION_EBIB */
+#define PAD_RETENTION_EBIB_OPTION 0x31A8
+#define PS_HOLD_CONTROL 0x330C /* PS_HOLD control register */
+#define XUSBXTI_CONFIGURATION 0x3400 /* Configure the pad of XUSBXTI */
+#define XUSBXTI_STATUS 0x3404 /* Check the pad of XUSBXTI */
+/* Sets time required for XUSBXTI to be stabilized */
+#define XUSBXTI_DURATION 0x341C
+#define XXTI_CONFIGURATION 0x3420 /* Configure the pad of XXTI */
+#define XXTI_STATUS 0x3424 /* Check the pad of XXTI */
+/* Sets time required for XXTI to be stabilized */
+#define XXTI_DURATION 0x343C
+/* Sets time required for EXT_REGULATOR to be stabilized */
+#define EXT_REGULATOR_DURATION 0x361C
+#define CAM_CONFIGURATION 0x3C00 /* Configure power mode of CAM */
+#define CAM_STATUS 0x3C04 /* Check power mode of CAM */
+#define CAM_OPTION 0x3C08 /* Sets control options for CAM */
+#define TV_CONFIGURATION 0x3C20 /* Configure power mode of TV */
+#define TV_STATUS 0x3C24 /* Check power mode of TV */
+#define TV_OPTION 0x3C28 /* Sets control options for TV */
+#define MFC_CONFIGURATION 0x3C40 /* Configure power mode of MFC */
+#define MFC_STATUS 0x3C44 /* Check power mode of MFC */
+#define MFC_OPTION 0x3C48 /* Sets control options for MFC */
+#define G3D_CONFIGURATION 0x3C60 /* Configure power mode of G3D */
+#define G3D_STATUS 0x3C64 /* Check power mode of G3D */
+#define G3D_OPTION 0x3C68 /* Sets control options for G3D */
+#define LCD0_CONFIGURATION 0x3C80 /* Configure power mode of LCD0 */
+#define LCD0_STATUS 0x3C84 /* Check power mode of LCD0 */
+#define LCD0_OPTION 0x3C88 /* Sets control options for LCD0 */
+#define LCD1_CONFIGURATION 0x3CA0 /* Configure power mode of LCD1 */
+#define LCD1_STATUS 0x3CA4 /* Check power mode of LCD1 */
+#define LCD1_OPTION 0x3CA8 /* Sets control options for LCD1 */
+#define GPS_CONFIGURATION 0x3CE0 /* Configure power mode of GPS */
+#define GPS_STATUS 0x3CE4 /* Check power mode of GPS */
+#define GPS_OPTION 0x3CE8 /* Sets control options for GPS */
+#define GPS_ALIVE_CONFIGURATION 0x3D00 /* Configure power mode of GPS */
+#define GPS_ALIVE_STATUS 0x3D04 /* Check power mode of GPS */
+#define GPS_ALIVE_OPTION 0x3D08 /* Sets control options for GPS */
+
+#define EXYNOS4210_PMU_REGS_MEM_SIZE 0x3d0c
+
+typedef struct Exynos4210PmuReg {
+ const char *name; /* for debug only */
+ uint32_t offset;
+ uint32_t reset_value;
+} Exynos4210PmuReg;
+
+static const Exynos4210PmuReg exynos4210_pmu_regs[] = {
+ {"OM_STAT", OM_STAT, 0x00000000},
+ {"RTC_CLKO_SEL", RTC_CLKO_SEL, 0x00000000},
+ {"GNSS_RTC_OUT_CTRL", GNSS_RTC_OUT_CTRL, 0x00000001},
+ {"SYSTEM_POWER_DOWN_CTRL", SYSTEM_POWER_DOWN_CTRL, 0x00010000},
+ {"SYSTEM_POWER_DOWN_OPTION", SYSTEM_POWER_DOWN_OPTION, 0x03030000},
+ {"SWRESET", SWRESET, 0x00000000},
+ {"RST_STAT", RST_STAT, 0x00000000},
+ {"WAKEUP_STAT", WAKEUP_STAT, 0x00000000},
+ {"EINT_WAKEUP_MASK", EINT_WAKEUP_MASK, 0x00000000},
+ {"WAKEUP_MASK", WAKEUP_MASK, 0x00000000},
+ {"HDMI_PHY_CONTROL", HDMI_PHY_CONTROL, 0x00960000},
+ {"USBDEVICE_PHY_CONTROL", USBDEVICE_PHY_CONTROL, 0x00000000},
+ {"USBHOST_PHY_CONTROL", USBHOST_PHY_CONTROL, 0x00000000},
+ {"DAC_PHY_CONTROL", DAC_PHY_CONTROL, 0x00000000},
+ {"MIPI_PHY0_CONTROL", MIPI_PHY0_CONTROL, 0x00000000},
+ {"MIPI_PHY1_CONTROL", MIPI_PHY1_CONTROL, 0x00000000},
+ {"ADC_PHY_CONTROL", ADC_PHY_CONTROL, 0x00000001},
+ {"PCIe_PHY_CONTROL", PCIe_PHY_CONTROL, 0x00000000},
+ {"SATA_PHY_CONTROL", SATA_PHY_CONTROL, 0x00000000},
+ {"INFORM0", INFORM0, 0x00000000},
+ {"INFORM1", INFORM1, 0x00000000},
+ {"INFORM2", INFORM2, 0x00000000},
+ {"INFORM3", INFORM3, 0x00000000},
+ {"INFORM4", INFORM4, 0x00000000},
+ {"INFORM5", INFORM5, 0x00000000},
+ {"INFORM6", INFORM6, 0x00000000},
+ {"INFORM7", INFORM7, 0x00000000},
+ {"PMU_DEBUG", PMU_DEBUG, 0x00000000},
+ {"ARM_CORE0_SYS_PWR_REG", ARM_CORE0_SYS_PWR_REG, 0xFFFFFFFF},
+ {"ARM_CORE1_SYS_PWR_REG", ARM_CORE1_SYS_PWR_REG, 0xFFFFFFFF},
+ {"ARM_COMMON_SYS_PWR_REG", ARM_COMMON_SYS_PWR_REG, 0xFFFFFFFF},
+ {"ARM_CPU_L2_0_SYS_PWR_REG", ARM_CPU_L2_0_SYS_PWR_REG, 0xFFFFFFFF},
+ {"ARM_CPU_L2_1_SYS_PWR_REG", ARM_CPU_L2_1_SYS_PWR_REG, 0xFFFFFFFF},
+ {"CMU_ACLKSTOP_SYS_PWR_REG", CMU_ACLKSTOP_SYS_PWR_REG, 0xFFFFFFFF},
+ {"CMU_SCLKSTOP_SYS_PWR_REG", CMU_SCLKSTOP_SYS_PWR_REG, 0xFFFFFFFF},
+ {"CMU_RESET_SYS_PWR_REG", CMU_RESET_SYS_PWR_REG, 0xFFFFFFFF},
+ {"APLL_SYSCLK_SYS_PWR_REG", APLL_SYSCLK_SYS_PWR_REG, 0xFFFFFFFF},
+ {"MPLL_SYSCLK_SYS_PWR_REG", MPLL_SYSCLK_SYS_PWR_REG, 0xFFFFFFFF},
+ {"VPLL_SYSCLK_SYS_PWR_REG", VPLL_SYSCLK_SYS_PWR_REG, 0xFFFFFFFF},
+ {"EPLL_SYSCLK_SYS_PWR_REG", EPLL_SYSCLK_SYS_PWR_REG, 0xFFFFFFFF},
+ {"CMU_CLKSTOP_GPS_ALIVE_SYS_PWR_REG", CMU_CLKSTOP_GPS_ALIVE_SYS_PWR_REG,
+ 0xFFFFFFFF},
+ {"CMU_RESET_GPS_ALIVE_SYS_PWR_REG", CMU_RESET_GPS_ALIVE_SYS_PWR_REG,
+ 0xFFFFFFFF},
+ {"CMU_CLKSTOP_CAM_SYS_PWR_REG", CMU_CLKSTOP_CAM_SYS_PWR_REG, 0xFFFFFFFF},
+ {"CMU_CLKSTOP_TV_SYS_PWR_REG", CMU_CLKSTOP_TV_SYS_PWR_REG, 0xFFFFFFFF},
+ {"CMU_CLKSTOP_MFC_SYS_PWR_REG", CMU_CLKSTOP_MFC_SYS_PWR_REG, 0xFFFFFFFF},
+ {"CMU_CLKSTOP_G3D_SYS_PWR_REG", CMU_CLKSTOP_G3D_SYS_PWR_REG, 0xFFFFFFFF},
+ {"CMU_CLKSTOP_LCD0_SYS_PWR_REG", CMU_CLKSTOP_LCD0_SYS_PWR_REG, 0xFFFFFFFF},
+ {"CMU_CLKSTOP_LCD1_SYS_PWR_REG", CMU_CLKSTOP_LCD1_SYS_PWR_REG, 0xFFFFFFFF},
+ {"CMU_CLKSTOP_MAUDIO_SYS_PWR_REG", CMU_CLKSTOP_MAUDIO_SYS_PWR_REG,
+ 0xFFFFFFFF},
+ {"CMU_CLKSTOP_GPS_SYS_PWR_REG", CMU_CLKSTOP_GPS_SYS_PWR_REG, 0xFFFFFFFF},
+ {"CMU_RESET_CAM_SYS_PWR_REG", CMU_RESET_CAM_SYS_PWR_REG, 0xFFFFFFFF},
+ {"CMU_RESET_TV_SYS_PWR_REG", CMU_RESET_TV_SYS_PWR_REG, 0xFFFFFFFF},
+ {"CMU_RESET_MFC_SYS_PWR_REG", CMU_RESET_MFC_SYS_PWR_REG, 0xFFFFFFFF},
+ {"CMU_RESET_G3D_SYS_PWR_REG", CMU_RESET_G3D_SYS_PWR_REG, 0xFFFFFFFF},
+ {"CMU_RESET_LCD0_SYS_PWR_REG", CMU_RESET_LCD0_SYS_PWR_REG, 0xFFFFFFFF},
+ {"CMU_RESET_LCD1_SYS_PWR_REG", CMU_RESET_LCD1_SYS_PWR_REG, 0xFFFFFFFF},
+ {"CMU_RESET_MAUDIO_SYS_PWR_REG", CMU_RESET_MAUDIO_SYS_PWR_REG, 0xFFFFFFFF},
+ {"CMU_RESET_GPS_SYS_PWR_REG", CMU_RESET_GPS_SYS_PWR_REG, 0xFFFFFFFF},
+ {"TOP_BUS_SYS_PWR_REG", TOP_BUS_SYS_PWR_REG, 0xFFFFFFFF},
+ {"TOP_RETENTION_SYS_PWR_REG", TOP_RETENTION_SYS_PWR_REG, 0xFFFFFFFF},
+ {"TOP_PWR_SYS_PWR_REG", TOP_PWR_SYS_PWR_REG, 0xFFFFFFFF},
+ {"LOGIC_RESET_SYS_PWR_REG", LOGIC_RESET_SYS_PWR_REG, 0xFFFFFFFF},
+ {"OneNANDXL_MEM_SYS_PWR_REG", OneNANDXL_MEM_SYS_PWR_REG, 0xFFFFFFFF},
+ {"MODEMIF_MEM_SYS_PWR_REG", MODEMIF_MEM_SYS_PWR_REG, 0xFFFFFFFF},
+ {"USBDEVICE_MEM_SYS_PWR_REG", USBDEVICE_MEM_SYS_PWR_REG, 0xFFFFFFFF},
+ {"SDMMC_MEM_SYS_PWR_REG", SDMMC_MEM_SYS_PWR_REG, 0xFFFFFFFF},
+ {"CSSYS_MEM_SYS_PWR_REG", CSSYS_MEM_SYS_PWR_REG, 0xFFFFFFFF},
+ {"SECSS_MEM_SYS_PWR_REG", SECSS_MEM_SYS_PWR_REG, 0xFFFFFFFF},
+ {"PCIe_MEM_SYS_PWR_REG", PCIe_MEM_SYS_PWR_REG, 0xFFFFFFFF},
+ {"SATA_MEM_SYS_PWR_REG", SATA_MEM_SYS_PWR_REG, 0xFFFFFFFF},
+ {"PAD_RETENTION_DRAM_SYS_PWR_REG", PAD_RETENTION_DRAM_SYS_PWR_REG,
+ 0xFFFFFFFF},
+ {"PAD_RETENTION_MAUDIO_SYS_PWR_REG", PAD_RETENTION_MAUDIO_SYS_PWR_REG,
+ 0xFFFFFFFF},
+ {"PAD_RETENTION_GPIO_SYS_PWR_REG", PAD_RETENTION_GPIO_SYS_PWR_REG,
+ 0xFFFFFFFF},
+ {"PAD_RETENTION_UART_SYS_PWR_REG", PAD_RETENTION_UART_SYS_PWR_REG,
+ 0xFFFFFFFF},
+ {"PAD_RETENTION_MMCA_SYS_PWR_REG", PAD_RETENTION_MMCA_SYS_PWR_REG,
+ 0xFFFFFFFF},
+ {"PAD_RETENTION_MMCB_SYS_PWR_REG", PAD_RETENTION_MMCB_SYS_PWR_REG,
+ 0xFFFFFFFF},
+ {"PAD_RETENTION_EBIA_SYS_PWR_REG", PAD_RETENTION_EBIA_SYS_PWR_REG,
+ 0xFFFFFFFF},
+ {"PAD_RETENTION_EBIB_SYS_PWR_REG", PAD_RETENTION_EBIB_SYS_PWR_REG,
+ 0xFFFFFFFF},
+ {"PAD_ISOLATION_SYS_PWR_REG", PAD_ISOLATION_SYS_PWR_REG, 0xFFFFFFFF},
+ {"PAD_ALV_SEL_SYS_PWR_REG", PAD_ALV_SEL_SYS_PWR_REG, 0xFFFFFFFF},
+ {"XUSBXTI_SYS_PWR_REG", XUSBXTI_SYS_PWR_REG, 0xFFFFFFFF},
+ {"XXTI_SYS_PWR_REG", XXTI_SYS_PWR_REG, 0xFFFFFFFF},
+ {"EXT_REGULATOR_SYS_PWR_REG", EXT_REGULATOR_SYS_PWR_REG, 0xFFFFFFFF},
+ {"GPIO_MODE_SYS_PWR_REG", GPIO_MODE_SYS_PWR_REG, 0xFFFFFFFF},
+ {"GPIO_MODE_MAUDIO_SYS_PWR_REG", GPIO_MODE_MAUDIO_SYS_PWR_REG, 0xFFFFFFFF},
+ {"CAM_SYS_PWR_REG", CAM_SYS_PWR_REG, 0xFFFFFFFF},
+ {"TV_SYS_PWR_REG", TV_SYS_PWR_REG, 0xFFFFFFFF},
+ {"MFC_SYS_PWR_REG", MFC_SYS_PWR_REG, 0xFFFFFFFF},
+ {"G3D_SYS_PWR_REG", G3D_SYS_PWR_REG, 0xFFFFFFFF},
+ {"LCD0_SYS_PWR_REG", LCD0_SYS_PWR_REG, 0xFFFFFFFF},
+ {"LCD1_SYS_PWR_REG", LCD1_SYS_PWR_REG, 0xFFFFFFFF},
+ {"MAUDIO_SYS_PWR_REG", MAUDIO_SYS_PWR_REG, 0xFFFFFFFF},
+ {"GPS_SYS_PWR_REG", GPS_SYS_PWR_REG, 0xFFFFFFFF},
+ {"GPS_ALIVE_SYS_PWR_REG", GPS_ALIVE_SYS_PWR_REG, 0xFFFFFFFF},
+ {"ARM_CORE0_CONFIGURATION", ARM_CORE0_CONFIGURATION, 0x00000003},
+ {"ARM_CORE0_STATUS", ARM_CORE0_STATUS, 0x00030003},
+ {"ARM_CORE0_OPTION", ARM_CORE0_OPTION, 0x01010001},
+ {"ARM_CORE1_CONFIGURATION", ARM_CORE1_CONFIGURATION, 0x00000003},
+ {"ARM_CORE1_STATUS", ARM_CORE1_STATUS, 0x00030003},
+ {"ARM_CORE1_OPTION", ARM_CORE1_OPTION, 0x01010001},
+ {"ARM_COMMON_OPTION", ARM_COMMON_OPTION, 0x00000001},
+ {"ARM_CPU_L2_0_CONFIGURATION", ARM_CPU_L2_0_CONFIGURATION, 0x00000003},
+ {"ARM_CPU_L2_0_STATUS", ARM_CPU_L2_0_STATUS, 0x00000003},
+ {"ARM_CPU_L2_1_CONFIGURATION", ARM_CPU_L2_1_CONFIGURATION, 0x00000003},
+ {"ARM_CPU_L2_1_STATUS", ARM_CPU_L2_1_STATUS, 0x00000003},
+ {"PAD_RETENTION_MAUDIO_OPTION", PAD_RETENTION_MAUDIO_OPTION, 0x00000000},
+ {"PAD_RETENTION_GPIO_OPTION", PAD_RETENTION_GPIO_OPTION, 0x00000000},
+ {"PAD_RETENTION_UART_OPTION", PAD_RETENTION_UART_OPTION, 0x00000000},
+ {"PAD_RETENTION_MMCA_OPTION", PAD_RETENTION_MMCA_OPTION, 0x00000000},
+ {"PAD_RETENTION_MMCB_OPTION", PAD_RETENTION_MMCB_OPTION, 0x00000000},
+ {"PAD_RETENTION_EBIA_OPTION", PAD_RETENTION_EBIA_OPTION, 0x00000000},
+ {"PAD_RETENTION_EBIB_OPTION", PAD_RETENTION_EBIB_OPTION, 0x00000000},
+ {"PS_HOLD_CONTROL", PS_HOLD_CONTROL, 0x00005200},
+ {"XUSBXTI_CONFIGURATION", XUSBXTI_CONFIGURATION, 0x00000001},
+ {"XUSBXTI_STATUS", XUSBXTI_STATUS, 0x00000001},
+ {"XUSBXTI_DURATION", XUSBXTI_DURATION, 0xFFF00000},
+ {"XXTI_CONFIGURATION", XXTI_CONFIGURATION, 0x00000001},
+ {"XXTI_STATUS", XXTI_STATUS, 0x00000001},
+ {"XXTI_DURATION", XXTI_DURATION, 0xFFF00000},
+ {"EXT_REGULATOR_DURATION", EXT_REGULATOR_DURATION, 0xFFF03FFF},
+ {"CAM_CONFIGURATION", CAM_CONFIGURATION, 0x00000007},
+ {"CAM_STATUS", CAM_STATUS, 0x00060007},
+ {"CAM_OPTION", CAM_OPTION, 0x00000001},
+ {"TV_CONFIGURATION", TV_CONFIGURATION, 0x00000007},
+ {"TV_STATUS", TV_STATUS, 0x00060007},
+ {"TV_OPTION", TV_OPTION, 0x00000001},
+ {"MFC_CONFIGURATION", MFC_CONFIGURATION, 0x00000007},
+ {"MFC_STATUS", MFC_STATUS, 0x00060007},
+ {"MFC_OPTION", MFC_OPTION, 0x00000001},
+ {"G3D_CONFIGURATION", G3D_CONFIGURATION, 0x00000007},
+ {"G3D_STATUS", G3D_STATUS, 0x00060007},
+ {"G3D_OPTION", G3D_OPTION, 0x00000001},
+ {"LCD0_CONFIGURATION", LCD0_CONFIGURATION, 0x00000007},
+ {"LCD0_STATUS", LCD0_STATUS, 0x00060007},
+ {"LCD0_OPTION", LCD0_OPTION, 0x00000001},
+ {"LCD1_CONFIGURATION", LCD1_CONFIGURATION, 0x00000007},
+ {"LCD1_STATUS", LCD1_STATUS, 0x00060007},
+ {"LCD1_OPTION", LCD1_OPTION, 0x00000001},
+ {"GPS_CONFIGURATION", GPS_CONFIGURATION, 0x00000007},
+ {"GPS_STATUS", GPS_STATUS, 0x00060007},
+ {"GPS_OPTION", GPS_OPTION, 0x00000001},
+ {"GPS_ALIVE_CONFIGURATION", GPS_ALIVE_CONFIGURATION, 0x00000007},
+ {"GPS_ALIVE_STATUS", GPS_ALIVE_STATUS, 0x00060007},
+ {"GPS_ALIVE_OPTION", GPS_ALIVE_OPTION, 0x00000001},
+};
+
+#define PMU_NUM_OF_REGISTERS \
+ (sizeof(exynos4210_pmu_regs) / sizeof(Exynos4210PmuReg))
+
+#define TYPE_EXYNOS4210_PMU "exynos4210.pmu"
+#define EXYNOS4210_PMU(obj) \
+ OBJECT_CHECK(Exynos4210PmuState, (obj), TYPE_EXYNOS4210_PMU)
+
+typedef struct Exynos4210PmuState {
+ SysBusDevice parent_obj;
+
+ MemoryRegion iomem;
+ uint32_t reg[PMU_NUM_OF_REGISTERS];
+} Exynos4210PmuState;
+
+static uint64_t exynos4210_pmu_read(void *opaque, hwaddr offset,
+ unsigned size)
+{
+ Exynos4210PmuState *s = (Exynos4210PmuState *)opaque;
+ unsigned i;
+ const Exynos4210PmuReg *reg_p = exynos4210_pmu_regs;
+
+ for (i = 0; i < PMU_NUM_OF_REGISTERS; i++) {
+ if (reg_p->offset == offset) {
+ PRINT_DEBUG_EXTEND("%s [0x%04x] -> 0x%04x\n", reg_p->name,
+ (uint32_t)offset, s->reg[i]);
+ return s->reg[i];
+ }
+ reg_p++;
+ }
+ PRINT_DEBUG("QEMU PMU ERROR: bad read offset 0x%04x\n", (uint32_t)offset);
+ return 0;
+}
+
+static void exynos4210_pmu_write(void *opaque, hwaddr offset,
+ uint64_t val, unsigned size)
+{
+ Exynos4210PmuState *s = (Exynos4210PmuState *)opaque;
+ unsigned i;
+ const Exynos4210PmuReg *reg_p = exynos4210_pmu_regs;
+
+ for (i = 0; i < PMU_NUM_OF_REGISTERS; i++) {
+ if (reg_p->offset == offset) {
+ PRINT_DEBUG_EXTEND("%s <0x%04x> <- 0x%04x\n", reg_p->name,
+ (uint32_t)offset, (uint32_t)val);
+ s->reg[i] = val;
+ return;
+ }
+ reg_p++;
+ }
+ PRINT_DEBUG("QEMU PMU ERROR: bad write offset 0x%04x\n", (uint32_t)offset);
+}
+
+static const MemoryRegionOps exynos4210_pmu_ops = {
+ .read = exynos4210_pmu_read,
+ .write = exynos4210_pmu_write,
+ .endianness = DEVICE_NATIVE_ENDIAN,
+ .valid = {
+ .min_access_size = 4,
+ .max_access_size = 4,
+ .unaligned = false
+ }
+};
+
+static void exynos4210_pmu_reset(DeviceState *dev)
+{
+ Exynos4210PmuState *s = EXYNOS4210_PMU(dev);
+ unsigned i;
+
+ /* Set default values for registers */
+ for (i = 0; i < PMU_NUM_OF_REGISTERS; i++) {
+ s->reg[i] = exynos4210_pmu_regs[i].reset_value;
+ }
+}
+
+static int exynos4210_pmu_init(SysBusDevice *dev)
+{
+ Exynos4210PmuState *s = EXYNOS4210_PMU(dev);
+
+ /* memory mapping */
+ memory_region_init_io(&s->iomem, OBJECT(dev), &exynos4210_pmu_ops, s,
+ "exynos4210.pmu", EXYNOS4210_PMU_REGS_MEM_SIZE);
+ sysbus_init_mmio(dev, &s->iomem);
+ return 0;
+}
+
+static const VMStateDescription exynos4210_pmu_vmstate = {
+ .name = "exynos4210.pmu",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .fields = (VMStateField[]) {
+ VMSTATE_UINT32_ARRAY(reg, Exynos4210PmuState, PMU_NUM_OF_REGISTERS),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+static void exynos4210_pmu_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
+
+ k->init = exynos4210_pmu_init;
+ dc->reset = exynos4210_pmu_reset;
+ dc->vmsd = &exynos4210_pmu_vmstate;
+}
+
+static const TypeInfo exynos4210_pmu_info = {
+ .name = TYPE_EXYNOS4210_PMU,
+ .parent = TYPE_SYS_BUS_DEVICE,
+ .instance_size = sizeof(Exynos4210PmuState),
+ .class_init = exynos4210_pmu_class_init,
+};
+
+static void exynos4210_pmu_register(void)
+{
+ type_register_static(&exynos4210_pmu_info);
+}
+
+type_init(exynos4210_pmu_register)
diff --git a/hw/misc/imx_ccm.c b/hw/misc/imx_ccm.c
new file mode 100644
index 000000000..63e33a41d
--- /dev/null
+++ b/hw/misc/imx_ccm.c
@@ -0,0 +1,326 @@
+/*
+ * IMX31 Clock Control Module
+ *
+ * Copyright (C) 2012 NICTA
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or later.
+ * See the COPYING file in the top-level directory.
+ *
+ * To get the timer frequencies right, we need to emulate at least part of
+ * the CCM.
+ */
+
+#include "hw/hw.h"
+#include "hw/sysbus.h"
+#include "sysemu/sysemu.h"
+#include "hw/arm/imx.h"
+
+#define CKIH_FREQ 26000000 /* 26MHz crystal input */
+#define CKIL_FREQ 32768 /* nominal 32khz clock */
+
+
+//#define DEBUG_CCM 1
+#ifdef DEBUG_CCM
+#define DPRINTF(fmt, args...) \
+do { printf("imx_ccm: " fmt , ##args); } while (0)
+#else
+#define DPRINTF(fmt, args...) do {} while (0)
+#endif
+
+static int imx_ccm_post_load(void *opaque, int version_id);
+
+#define TYPE_IMX_CCM "imx_ccm"
+#define IMX_CCM(obj) OBJECT_CHECK(IMXCCMState, (obj), TYPE_IMX_CCM)
+
+typedef struct IMXCCMState {
+ SysBusDevice parent_obj;
+
+ MemoryRegion iomem;
+
+ uint32_t ccmr;
+ uint32_t pdr0;
+ uint32_t pdr1;
+ uint32_t mpctl;
+ uint32_t spctl;
+ uint32_t cgr[3];
+ uint32_t pmcr0;
+ uint32_t pmcr1;
+
+ /* Frequencies precalculated on register changes */
+ uint32_t pll_refclk_freq;
+ uint32_t mcu_clk_freq;
+ uint32_t hsp_clk_freq;
+ uint32_t ipg_clk_freq;
+} IMXCCMState;
+
+static const VMStateDescription vmstate_imx_ccm = {
+ .name = "imx-ccm",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .minimum_version_id_old = 1,
+ .fields = (VMStateField[]) {
+ VMSTATE_UINT32(ccmr, IMXCCMState),
+ VMSTATE_UINT32(pdr0, IMXCCMState),
+ VMSTATE_UINT32(pdr1, IMXCCMState),
+ VMSTATE_UINT32(mpctl, IMXCCMState),
+ VMSTATE_UINT32(spctl, IMXCCMState),
+ VMSTATE_UINT32_ARRAY(cgr, IMXCCMState, 3),
+ VMSTATE_UINT32(pmcr0, IMXCCMState),
+ VMSTATE_UINT32(pmcr1, IMXCCMState),
+ VMSTATE_UINT32(pll_refclk_freq, IMXCCMState),
+ },
+ .post_load = imx_ccm_post_load,
+};
+
+/* CCMR */
+#define CCMR_FPME (1<<0)
+#define CCMR_MPE (1<<3)
+#define CCMR_MDS (1<<7)
+#define CCMR_FPMF (1<<26)
+#define CCMR_PRCS (3<<1)
+
+/* PDR0 */
+#define PDR0_MCU_PODF_SHIFT (0)
+#define PDR0_MCU_PODF_MASK (0x7)
+#define PDR0_MAX_PODF_SHIFT (3)
+#define PDR0_MAX_PODF_MASK (0x7)
+#define PDR0_IPG_PODF_SHIFT (6)
+#define PDR0_IPG_PODF_MASK (0x3)
+#define PDR0_NFC_PODF_SHIFT (8)
+#define PDR0_NFC_PODF_MASK (0x7)
+#define PDR0_HSP_PODF_SHIFT (11)
+#define PDR0_HSP_PODF_MASK (0x7)
+#define PDR0_PER_PODF_SHIFT (16)
+#define PDR0_PER_PODF_MASK (0x1f)
+#define PDR0_CSI_PODF_SHIFT (23)
+#define PDR0_CSI_PODF_MASK (0x1ff)
+
+#define EXTRACT(value, name) (((value) >> PDR0_##name##_PODF_SHIFT) \
+ & PDR0_##name##_PODF_MASK)
+#define INSERT(value, name) (((value) & PDR0_##name##_PODF_MASK) << \
+ PDR0_##name##_PODF_SHIFT)
+/* PLL control registers */
+#define PD(v) (((v) >> 26) & 0xf)
+#define MFD(v) (((v) >> 16) & 0x3ff)
+#define MFI(v) (((v) >> 10) & 0xf);
+#define MFN(v) ((v) & 0x3ff)
+
+#define PLL_PD(x) (((x) & 0xf) << 26)
+#define PLL_MFD(x) (((x) & 0x3ff) << 16)
+#define PLL_MFI(x) (((x) & 0xf) << 10)
+#define PLL_MFN(x) (((x) & 0x3ff) << 0)
+
+uint32_t imx_clock_frequency(DeviceState *dev, IMXClk clock)
+{
+ IMXCCMState *s = IMX_CCM(dev);
+
+ switch (clock) {
+ case NOCLK:
+ return 0;
+ case MCU:
+ return s->mcu_clk_freq;
+ case HSP:
+ return s->hsp_clk_freq;
+ case IPG:
+ return s->ipg_clk_freq;
+ case CLK_32k:
+ return CKIL_FREQ;
+ }
+ return 0;
+}
+
+/*
+ * Calculate PLL output frequency
+ */
+static uint32_t calc_pll(uint32_t pllreg, uint32_t base_freq)
+{
+ int32_t mfn = MFN(pllreg); /* Numerator */
+ uint32_t mfi = MFI(pllreg); /* Integer part */
+ uint32_t mfd = 1 + MFD(pllreg); /* Denominator */
+ uint32_t pd = 1 + PD(pllreg); /* Pre-divider */
+
+ if (mfi < 5) {
+ mfi = 5;
+ }
+ /* mfn is 10-bit signed twos-complement */
+ mfn <<= 32 - 10;
+ mfn >>= 32 - 10;
+
+ return ((2 * (base_freq >> 10) * (mfi * mfd + mfn)) /
+ (mfd * pd)) << 10;
+}
+
+static void update_clocks(IMXCCMState *s)
+{
+ /*
+ * If we ever emulate more clocks, this should switch to a data-driven
+ * approach
+ */
+
+ if ((s->ccmr & CCMR_PRCS) == 2) {
+ s->pll_refclk_freq = CKIL_FREQ * 1024;
+ } else {
+ s->pll_refclk_freq = CKIH_FREQ;
+ }
+
+ /* ipg_clk_arm aka MCU clock */
+ if ((s->ccmr & CCMR_MDS) || !(s->ccmr & CCMR_MPE)) {
+ s->mcu_clk_freq = s->pll_refclk_freq;
+ } else {
+ s->mcu_clk_freq = calc_pll(s->mpctl, s->pll_refclk_freq);
+ }
+
+ /* High-speed clock */
+ s->hsp_clk_freq = s->mcu_clk_freq / (1 + EXTRACT(s->pdr0, HSP));
+ s->ipg_clk_freq = s->hsp_clk_freq / (1 + EXTRACT(s->pdr0, IPG));
+
+ DPRINTF("Clocks: mcu %uMHz, HSP %uMHz, IPG %uHz\n",
+ s->mcu_clk_freq / 1000000,
+ s->hsp_clk_freq / 1000000,
+ s->ipg_clk_freq);
+}
+
+static void imx_ccm_reset(DeviceState *dev)
+{
+ IMXCCMState *s = IMX_CCM(dev);
+
+ s->ccmr = 0x074b0b7b;
+ s->pdr0 = 0xff870b48;
+ s->pdr1 = 0x49fcfe7f;
+ s->mpctl = PLL_PD(1) | PLL_MFD(0) | PLL_MFI(6) | PLL_MFN(0);
+ s->cgr[0] = s->cgr[1] = s->cgr[2] = 0xffffffff;
+ s->spctl = PLL_PD(1) | PLL_MFD(4) | PLL_MFI(0xc) | PLL_MFN(1);
+ s->pmcr0 = 0x80209828;
+
+ update_clocks(s);
+}
+
+static uint64_t imx_ccm_read(void *opaque, hwaddr offset,
+ unsigned size)
+{
+ IMXCCMState *s = (IMXCCMState *)opaque;
+
+ DPRINTF("read(offset=%x)", offset >> 2);
+ switch (offset >> 2) {
+ case 0: /* CCMR */
+ DPRINTF(" ccmr = 0x%x\n", s->ccmr);
+ return s->ccmr;
+ case 1:
+ DPRINTF(" pdr0 = 0x%x\n", s->pdr0);
+ return s->pdr0;
+ case 2:
+ DPRINTF(" pdr1 = 0x%x\n", s->pdr1);
+ return s->pdr1;
+ case 4:
+ DPRINTF(" mpctl = 0x%x\n", s->mpctl);
+ return s->mpctl;
+ case 6:
+ DPRINTF(" spctl = 0x%x\n", s->spctl);
+ return s->spctl;
+ case 8:
+ DPRINTF(" cgr0 = 0x%x\n", s->cgr[0]);
+ return s->cgr[0];
+ case 9:
+ DPRINTF(" cgr1 = 0x%x\n", s->cgr[1]);
+ return s->cgr[1];
+ case 10:
+ DPRINTF(" cgr2 = 0x%x\n", s->cgr[2]);
+ return s->cgr[2];
+ case 18: /* LTR1 */
+ return 0x00004040;
+ case 23:
+ DPRINTF(" pcmr0 = 0x%x\n", s->pmcr0);
+ return s->pmcr0;
+ }
+ DPRINTF(" return 0\n");
+ return 0;
+}
+
+static void imx_ccm_write(void *opaque, hwaddr offset,
+ uint64_t value, unsigned size)
+{
+ IMXCCMState *s = (IMXCCMState *)opaque;
+
+ DPRINTF("write(offset=%x, value = %x)\n",
+ offset >> 2, (unsigned int)value);
+ switch (offset >> 2) {
+ case 0:
+ s->ccmr = CCMR_FPMF | (value & 0x3b6fdfff);
+ break;
+ case 1:
+ s->pdr0 = value & 0xff9f3fff;
+ break;
+ case 2:
+ s->pdr1 = value;
+ break;
+ case 4:
+ s->mpctl = value & 0xbfff3fff;
+ break;
+ case 6:
+ s->spctl = value & 0xbfff3fff;
+ break;
+ case 8:
+ s->cgr[0] = value;
+ return;
+ case 9:
+ s->cgr[1] = value;
+ return;
+ case 10:
+ s->cgr[2] = value;
+ return;
+
+ default:
+ return;
+ }
+ update_clocks(s);
+}
+
+static const struct MemoryRegionOps imx_ccm_ops = {
+ .read = imx_ccm_read,
+ .write = imx_ccm_write,
+ .endianness = DEVICE_NATIVE_ENDIAN,
+};
+
+static int imx_ccm_init(SysBusDevice *dev)
+{
+ IMXCCMState *s = IMX_CCM(dev);
+
+ memory_region_init_io(&s->iomem, OBJECT(dev), &imx_ccm_ops, s,
+ "imx_ccm", 0x1000);
+ sysbus_init_mmio(dev, &s->iomem);
+
+ return 0;
+}
+
+static int imx_ccm_post_load(void *opaque, int version_id)
+{
+ IMXCCMState *s = (IMXCCMState *)opaque;
+
+ update_clocks(s);
+ return 0;
+}
+
+static void imx_ccm_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ SysBusDeviceClass *sbc = SYS_BUS_DEVICE_CLASS(klass);
+
+ sbc->init = imx_ccm_init;
+ dc->reset = imx_ccm_reset;
+ dc->vmsd = &vmstate_imx_ccm;
+ dc->desc = "i.MX Clock Control Module";
+}
+
+static const TypeInfo imx_ccm_info = {
+ .name = TYPE_IMX_CCM,
+ .parent = TYPE_SYS_BUS_DEVICE,
+ .instance_size = sizeof(IMXCCMState),
+ .class_init = imx_ccm_class_init,
+};
+
+static void imx_ccm_register_types(void)
+{
+ type_register_static(&imx_ccm_info);
+}
+
+type_init(imx_ccm_register_types)
diff --git a/hw/misc/ivshmem.c b/hw/misc/ivshmem.c
new file mode 100644
index 000000000..2838866f4
--- /dev/null
+++ b/hw/misc/ivshmem.c
@@ -0,0 +1,839 @@
+/*
+ * Inter-VM Shared Memory PCI device.
+ *
+ * Author:
+ * Cam Macdonell <cam@cs.ualberta.ca>
+ *
+ * Based On: cirrus_vga.c
+ * Copyright (c) 2004 Fabrice Bellard
+ * Copyright (c) 2004 Makoto Suzuki (suzu)
+ *
+ * and rtl8139.c
+ * Copyright (c) 2006 Igor Kovalenko
+ *
+ * This code is licensed under the GNU GPL v2.
+ *
+ * Contributions after 2012-01-13 are licensed under the terms of the
+ * GNU GPL, version 2 or (at your option) any later version.
+ */
+#include "hw/hw.h"
+#include "hw/i386/pc.h"
+#include "hw/pci/pci.h"
+#include "hw/pci/msix.h"
+#include "sysemu/kvm.h"
+#include "migration/migration.h"
+#include "qapi/qmp/qerror.h"
+#include "qemu/event_notifier.h"
+#include "sysemu/char.h"
+
+#include <sys/mman.h>
+#include <sys/types.h>
+
+#define PCI_VENDOR_ID_IVSHMEM PCI_VENDOR_ID_REDHAT_QUMRANET
+#define PCI_DEVICE_ID_IVSHMEM 0x1110
+
+#define IVSHMEM_IOEVENTFD 0
+#define IVSHMEM_MSI 1
+
+#define IVSHMEM_PEER 0
+#define IVSHMEM_MASTER 1
+
+#define IVSHMEM_REG_BAR_SIZE 0x100
+
+//#define DEBUG_IVSHMEM
+#ifdef DEBUG_IVSHMEM
+#define IVSHMEM_DPRINTF(fmt, ...) \
+ do {printf("IVSHMEM: " fmt, ## __VA_ARGS__); } while (0)
+#else
+#define IVSHMEM_DPRINTF(fmt, ...)
+#endif
+
+#define TYPE_IVSHMEM "ivshmem"
+#define IVSHMEM(obj) \
+ OBJECT_CHECK(IVShmemState, (obj), TYPE_IVSHMEM)
+
+typedef struct Peer {
+ int nb_eventfds;
+ EventNotifier *eventfds;
+} Peer;
+
+typedef struct EventfdEntry {
+ PCIDevice *pdev;
+ int vector;
+} EventfdEntry;
+
+typedef struct IVShmemState {
+ /*< private >*/
+ PCIDevice parent_obj;
+ /*< public >*/
+
+ uint32_t intrmask;
+ uint32_t intrstatus;
+ uint32_t doorbell;
+
+ CharDriverState **eventfd_chr;
+ CharDriverState *server_chr;
+ MemoryRegion ivshmem_mmio;
+
+ /* We might need to register the BAR before we actually have the memory.
+ * So prepare a container MemoryRegion for the BAR immediately and
+ * add a subregion when we have the memory.
+ */
+ MemoryRegion bar;
+ MemoryRegion ivshmem;
+ uint64_t ivshmem_size; /* size of shared memory region */
+ uint32_t ivshmem_attr;
+ uint32_t ivshmem_64bit;
+ int shm_fd; /* shared memory file descriptor */
+
+ Peer *peers;
+ int nb_peers; /* how many guests we have space for */
+ int max_peer; /* maximum numbered peer */
+
+ int vm_id;
+ uint32_t vectors;
+ uint32_t features;
+ EventfdEntry *eventfd_table;
+
+ Error *migration_blocker;
+
+ char * shmobj;
+ char * sizearg;
+ char * role;
+ int role_val; /* scalar to avoid multiple string comparisons */
+} IVShmemState;
+
+/* registers for the Inter-VM shared memory device */
+enum ivshmem_registers {
+ INTRMASK = 0,
+ INTRSTATUS = 4,
+ IVPOSITION = 8,
+ DOORBELL = 12,
+};
+
+static inline uint32_t ivshmem_has_feature(IVShmemState *ivs,
+ unsigned int feature) {
+ return (ivs->features & (1 << feature));
+}
+
+static inline bool is_power_of_two(uint64_t x) {
+ return (x & (x - 1)) == 0;
+}
+
+/* accessing registers - based on rtl8139 */
+static void ivshmem_update_irq(IVShmemState *s, int val)
+{
+ PCIDevice *d = PCI_DEVICE(s);
+ int isr;
+ isr = (s->intrstatus & s->intrmask) & 0xffffffff;
+
+ /* don't print ISR resets */
+ if (isr) {
+ IVSHMEM_DPRINTF("Set IRQ to %d (%04x %04x)\n",
+ isr ? 1 : 0, s->intrstatus, s->intrmask);
+ }
+
+ qemu_set_irq(d->irq[0], (isr != 0));
+}
+
+static void ivshmem_IntrMask_write(IVShmemState *s, uint32_t val)
+{
+ IVSHMEM_DPRINTF("IntrMask write(w) val = 0x%04x\n", val);
+
+ s->intrmask = val;
+
+ ivshmem_update_irq(s, val);
+}
+
+static uint32_t ivshmem_IntrMask_read(IVShmemState *s)
+{
+ uint32_t ret = s->intrmask;
+
+ IVSHMEM_DPRINTF("intrmask read(w) val = 0x%04x\n", ret);
+
+ return ret;
+}
+
+static void ivshmem_IntrStatus_write(IVShmemState *s, uint32_t val)
+{
+ IVSHMEM_DPRINTF("IntrStatus write(w) val = 0x%04x\n", val);
+
+ s->intrstatus = val;
+
+ ivshmem_update_irq(s, val);
+}
+
+static uint32_t ivshmem_IntrStatus_read(IVShmemState *s)
+{
+ uint32_t ret = s->intrstatus;
+
+ /* reading ISR clears all interrupts */
+ s->intrstatus = 0;
+
+ ivshmem_update_irq(s, 0);
+
+ return ret;
+}
+
+static void ivshmem_io_write(void *opaque, hwaddr addr,
+ uint64_t val, unsigned size)
+{
+ IVShmemState *s = opaque;
+
+ uint16_t dest = val >> 16;
+ uint16_t vector = val & 0xff;
+
+ addr &= 0xfc;
+
+ IVSHMEM_DPRINTF("writing to addr " TARGET_FMT_plx "\n", addr);
+ switch (addr)
+ {
+ case INTRMASK:
+ ivshmem_IntrMask_write(s, val);
+ break;
+
+ case INTRSTATUS:
+ ivshmem_IntrStatus_write(s, val);
+ break;
+
+ case DOORBELL:
+ /* check that dest VM ID is reasonable */
+ if (dest > s->max_peer) {
+ IVSHMEM_DPRINTF("Invalid destination VM ID (%d)\n", dest);
+ break;
+ }
+
+ /* check doorbell range */
+ if (vector < s->peers[dest].nb_eventfds) {
+ IVSHMEM_DPRINTF("Notifying VM %d on vector %d\n", dest, vector);
+ event_notifier_set(&s->peers[dest].eventfds[vector]);
+ }
+ break;
+ default:
+ IVSHMEM_DPRINTF("Invalid VM Doorbell VM %d\n", dest);
+ }
+}
+
+static uint64_t ivshmem_io_read(void *opaque, hwaddr addr,
+ unsigned size)
+{
+
+ IVShmemState *s = opaque;
+ uint32_t ret;
+
+ switch (addr)
+ {
+ case INTRMASK:
+ ret = ivshmem_IntrMask_read(s);
+ break;
+
+ case INTRSTATUS:
+ ret = ivshmem_IntrStatus_read(s);
+ break;
+
+ case IVPOSITION:
+ /* return my VM ID if the memory is mapped */
+ if (s->shm_fd > 0) {
+ ret = s->vm_id;
+ } else {
+ ret = -1;
+ }
+ break;
+
+ default:
+ IVSHMEM_DPRINTF("why are we reading " TARGET_FMT_plx "\n", addr);
+ ret = 0;
+ }
+
+ return ret;
+}
+
+static const MemoryRegionOps ivshmem_mmio_ops = {
+ .read = ivshmem_io_read,
+ .write = ivshmem_io_write,
+ .endianness = DEVICE_NATIVE_ENDIAN,
+ .impl = {
+ .min_access_size = 4,
+ .max_access_size = 4,
+ },
+};
+
+static void ivshmem_receive(void *opaque, const uint8_t *buf, int size)
+{
+ IVShmemState *s = opaque;
+
+ ivshmem_IntrStatus_write(s, *buf);
+
+ IVSHMEM_DPRINTF("ivshmem_receive 0x%02x\n", *buf);
+}
+
+static int ivshmem_can_receive(void * opaque)
+{
+ return 8;
+}
+
+static void ivshmem_event(void *opaque, int event)
+{
+ IVSHMEM_DPRINTF("ivshmem_event %d\n", event);
+}
+
+static void fake_irqfd(void *opaque, const uint8_t *buf, int size) {
+
+ EventfdEntry *entry = opaque;
+ PCIDevice *pdev = entry->pdev;
+
+ IVSHMEM_DPRINTF("interrupt on vector %p %d\n", pdev, entry->vector);
+ msix_notify(pdev, entry->vector);
+}
+
+static CharDriverState* create_eventfd_chr_device(void * opaque, EventNotifier *n,
+ int vector)
+{
+ /* create a event character device based on the passed eventfd */
+ IVShmemState *s = opaque;
+ CharDriverState * chr;
+ int eventfd = event_notifier_get_fd(n);
+
+ chr = qemu_chr_open_eventfd(eventfd);
+
+ if (chr == NULL) {
+ fprintf(stderr, "creating eventfd for eventfd %d failed\n", eventfd);
+ exit(-1);
+ }
+ qemu_chr_fe_claim_no_fail(chr);
+
+ /* if MSI is supported we need multiple interrupts */
+ if (ivshmem_has_feature(s, IVSHMEM_MSI)) {
+ s->eventfd_table[vector].pdev = PCI_DEVICE(s);
+ s->eventfd_table[vector].vector = vector;
+
+ qemu_chr_add_handlers(chr, ivshmem_can_receive, fake_irqfd,
+ ivshmem_event, &s->eventfd_table[vector]);
+ } else {
+ qemu_chr_add_handlers(chr, ivshmem_can_receive, ivshmem_receive,
+ ivshmem_event, s);
+ }
+
+ return chr;
+
+}
+
+static int check_shm_size(IVShmemState *s, int fd) {
+ /* check that the guest isn't going to try and map more memory than the
+ * the object has allocated return -1 to indicate error */
+
+ struct stat buf;
+
+ fstat(fd, &buf);
+
+ if (s->ivshmem_size > buf.st_size) {
+ fprintf(stderr,
+ "IVSHMEM ERROR: Requested memory size greater"
+ " than shared object size (%" PRIu64 " > %" PRIu64")\n",
+ s->ivshmem_size, (uint64_t)buf.st_size);
+ return -1;
+ } else {
+ return 0;
+ }
+}
+
+/* create the shared memory BAR when we are not using the server, so we can
+ * create the BAR and map the memory immediately */
+static void create_shared_memory_BAR(IVShmemState *s, int fd) {
+
+ void * ptr;
+
+ s->shm_fd = fd;
+
+ ptr = mmap(0, s->ivshmem_size, PROT_READ|PROT_WRITE, MAP_SHARED, fd, 0);
+
+ memory_region_init_ram_ptr(&s->ivshmem, OBJECT(s), "ivshmem.bar2",
+ s->ivshmem_size, ptr);
+ vmstate_register_ram(&s->ivshmem, DEVICE(s));
+ memory_region_add_subregion(&s->bar, 0, &s->ivshmem);
+
+ /* region for shared memory */
+ pci_register_bar(PCI_DEVICE(s), 2, s->ivshmem_attr, &s->bar);
+}
+
+static void ivshmem_add_eventfd(IVShmemState *s, int posn, int i)
+{
+ memory_region_add_eventfd(&s->ivshmem_mmio,
+ DOORBELL,
+ 4,
+ true,
+ (posn << 16) | i,
+ &s->peers[posn].eventfds[i]);
+}
+
+static void ivshmem_del_eventfd(IVShmemState *s, int posn, int i)
+{
+ memory_region_del_eventfd(&s->ivshmem_mmio,
+ DOORBELL,
+ 4,
+ true,
+ (posn << 16) | i,
+ &s->peers[posn].eventfds[i]);
+}
+
+static void close_guest_eventfds(IVShmemState *s, int posn)
+{
+ int i, guest_curr_max;
+
+ if (!ivshmem_has_feature(s, IVSHMEM_IOEVENTFD)) {
+ return;
+ }
+
+ guest_curr_max = s->peers[posn].nb_eventfds;
+
+ memory_region_transaction_begin();
+ for (i = 0; i < guest_curr_max; i++) {
+ ivshmem_del_eventfd(s, posn, i);
+ }
+ memory_region_transaction_commit();
+ for (i = 0; i < guest_curr_max; i++) {
+ event_notifier_cleanup(&s->peers[posn].eventfds[i]);
+ }
+
+ g_free(s->peers[posn].eventfds);
+ s->peers[posn].nb_eventfds = 0;
+}
+
+/* this function increase the dynamic storage need to store data about other
+ * guests */
+static void increase_dynamic_storage(IVShmemState *s, int new_min_size) {
+
+ int j, old_nb_alloc;
+
+ old_nb_alloc = s->nb_peers;
+
+ while (new_min_size >= s->nb_peers)
+ s->nb_peers = s->nb_peers * 2;
+
+ IVSHMEM_DPRINTF("bumping storage to %d guests\n", s->nb_peers);
+ s->peers = g_realloc(s->peers, s->nb_peers * sizeof(Peer));
+
+ /* zero out new pointers */
+ for (j = old_nb_alloc; j < s->nb_peers; j++) {
+ s->peers[j].eventfds = NULL;
+ s->peers[j].nb_eventfds = 0;
+ }
+}
+
+static void ivshmem_read(void *opaque, const uint8_t * buf, int flags)
+{
+ IVShmemState *s = opaque;
+ int incoming_fd, tmp_fd;
+ int guest_max_eventfd;
+ long incoming_posn;
+
+ memcpy(&incoming_posn, buf, sizeof(long));
+ /* pick off s->server_chr->msgfd and store it, posn should accompany msg */
+ tmp_fd = qemu_chr_fe_get_msgfd(s->server_chr);
+ IVSHMEM_DPRINTF("posn is %ld, fd is %d\n", incoming_posn, tmp_fd);
+
+ /* make sure we have enough space for this guest */
+ if (incoming_posn >= s->nb_peers) {
+ increase_dynamic_storage(s, incoming_posn);
+ }
+
+ if (tmp_fd == -1) {
+ /* if posn is positive and unseen before then this is our posn*/
+ if ((incoming_posn >= 0) &&
+ (s->peers[incoming_posn].eventfds == NULL)) {
+ /* receive our posn */
+ s->vm_id = incoming_posn;
+ return;
+ } else {
+ /* otherwise an fd == -1 means an existing guest has gone away */
+ IVSHMEM_DPRINTF("posn %ld has gone away\n", incoming_posn);
+ close_guest_eventfds(s, incoming_posn);
+ return;
+ }
+ }
+
+ /* because of the implementation of get_msgfd, we need a dup */
+ incoming_fd = dup(tmp_fd);
+
+ if (incoming_fd == -1) {
+ fprintf(stderr, "could not allocate file descriptor %s\n",
+ strerror(errno));
+ return;
+ }
+
+ /* if the position is -1, then it's shared memory region fd */
+ if (incoming_posn == -1) {
+
+ void * map_ptr;
+
+ s->max_peer = 0;
+
+ if (check_shm_size(s, incoming_fd) == -1) {
+ exit(-1);
+ }
+
+ /* mmap the region and map into the BAR2 */
+ map_ptr = mmap(0, s->ivshmem_size, PROT_READ|PROT_WRITE, MAP_SHARED,
+ incoming_fd, 0);
+ memory_region_init_ram_ptr(&s->ivshmem, OBJECT(s),
+ "ivshmem.bar2", s->ivshmem_size, map_ptr);
+ vmstate_register_ram(&s->ivshmem, DEVICE(s));
+
+ IVSHMEM_DPRINTF("guest h/w addr = %" PRIu64 ", size = %" PRIu64 "\n",
+ s->ivshmem_offset, s->ivshmem_size);
+
+ memory_region_add_subregion(&s->bar, 0, &s->ivshmem);
+
+ /* only store the fd if it is successfully mapped */
+ s->shm_fd = incoming_fd;
+
+ return;
+ }
+
+ /* each guest has an array of eventfds, and we keep track of how many
+ * guests for each VM */
+ guest_max_eventfd = s->peers[incoming_posn].nb_eventfds;
+
+ if (guest_max_eventfd == 0) {
+ /* one eventfd per MSI vector */
+ s->peers[incoming_posn].eventfds = g_new(EventNotifier, s->vectors);
+ }
+
+ /* this is an eventfd for a particular guest VM */
+ IVSHMEM_DPRINTF("eventfds[%ld][%d] = %d\n", incoming_posn,
+ guest_max_eventfd, incoming_fd);
+ event_notifier_init_fd(&s->peers[incoming_posn].eventfds[guest_max_eventfd],
+ incoming_fd);
+
+ /* increment count for particular guest */
+ s->peers[incoming_posn].nb_eventfds++;
+
+ /* keep track of the maximum VM ID */
+ if (incoming_posn > s->max_peer) {
+ s->max_peer = incoming_posn;
+ }
+
+ if (incoming_posn == s->vm_id) {
+ s->eventfd_chr[guest_max_eventfd] = create_eventfd_chr_device(s,
+ &s->peers[s->vm_id].eventfds[guest_max_eventfd],
+ guest_max_eventfd);
+ }
+
+ if (ivshmem_has_feature(s, IVSHMEM_IOEVENTFD)) {
+ ivshmem_add_eventfd(s, incoming_posn, guest_max_eventfd);
+ }
+}
+
+/* Select the MSI-X vectors used by device.
+ * ivshmem maps events to vectors statically, so
+ * we just enable all vectors on init and after reset. */
+static void ivshmem_use_msix(IVShmemState * s)
+{
+ PCIDevice *d = PCI_DEVICE(s);
+ int i;
+
+ if (!msix_present(d)) {
+ return;
+ }
+
+ for (i = 0; i < s->vectors; i++) {
+ msix_vector_use(d, i);
+ }
+}
+
+static void ivshmem_reset(DeviceState *d)
+{
+ IVShmemState *s = IVSHMEM(d);
+
+ s->intrstatus = 0;
+ ivshmem_use_msix(s);
+}
+
+static uint64_t ivshmem_get_size(IVShmemState * s) {
+
+ uint64_t value;
+ char *ptr;
+
+ value = strtoull(s->sizearg, &ptr, 10);
+ switch (*ptr) {
+ case 0: case 'M': case 'm':
+ value <<= 20;
+ break;
+ case 'G': case 'g':
+ value <<= 30;
+ break;
+ default:
+ fprintf(stderr, "qemu: invalid ram size: %s\n", s->sizearg);
+ exit(1);
+ }
+
+ /* BARs must be a power of 2 */
+ if (!is_power_of_two(value)) {
+ fprintf(stderr, "ivshmem: size must be power of 2\n");
+ exit(1);
+ }
+
+ return value;
+}
+
+static void ivshmem_setup_msi(IVShmemState * s)
+{
+ if (msix_init_exclusive_bar(PCI_DEVICE(s), s->vectors, 1)) {
+ IVSHMEM_DPRINTF("msix initialization failed\n");
+ exit(1);
+ }
+
+ IVSHMEM_DPRINTF("msix initialized (%d vectors)\n", s->vectors);
+
+ /* allocate QEMU char devices for receiving interrupts */
+ s->eventfd_table = g_malloc0(s->vectors * sizeof(EventfdEntry));
+
+ ivshmem_use_msix(s);
+}
+
+static void ivshmem_save(QEMUFile* f, void *opaque)
+{
+ IVShmemState *proxy = opaque;
+ PCIDevice *pci_dev = PCI_DEVICE(proxy);
+
+ IVSHMEM_DPRINTF("ivshmem_save\n");
+ pci_device_save(pci_dev, f);
+
+ if (ivshmem_has_feature(proxy, IVSHMEM_MSI)) {
+ msix_save(pci_dev, f);
+ } else {
+ qemu_put_be32(f, proxy->intrstatus);
+ qemu_put_be32(f, proxy->intrmask);
+ }
+
+}
+
+static int ivshmem_load(QEMUFile* f, void *opaque, int version_id)
+{
+ IVSHMEM_DPRINTF("ivshmem_load\n");
+
+ IVShmemState *proxy = opaque;
+ PCIDevice *pci_dev = PCI_DEVICE(proxy);
+ int ret;
+
+ if (version_id > 0) {
+ return -EINVAL;
+ }
+
+ if (proxy->role_val == IVSHMEM_PEER) {
+ fprintf(stderr, "ivshmem: 'peer' devices are not migratable\n");
+ return -EINVAL;
+ }
+
+ ret = pci_device_load(pci_dev, f);
+ if (ret) {
+ return ret;
+ }
+
+ if (ivshmem_has_feature(proxy, IVSHMEM_MSI)) {
+ msix_load(pci_dev, f);
+ ivshmem_use_msix(proxy);
+ } else {
+ proxy->intrstatus = qemu_get_be32(f);
+ proxy->intrmask = qemu_get_be32(f);
+ }
+
+ return 0;
+}
+
+static void ivshmem_write_config(PCIDevice *pci_dev, uint32_t address,
+ uint32_t val, int len)
+{
+ pci_default_write_config(pci_dev, address, val, len);
+ msix_write_config(pci_dev, address, val, len);
+}
+
+static int pci_ivshmem_init(PCIDevice *dev)
+{
+ IVShmemState *s = IVSHMEM(dev);
+ uint8_t *pci_conf;
+
+ if (s->sizearg == NULL)
+ s->ivshmem_size = 4 << 20; /* 4 MB default */
+ else {
+ s->ivshmem_size = ivshmem_get_size(s);
+ }
+
+ register_savevm(DEVICE(dev), "ivshmem", 0, 0, ivshmem_save, ivshmem_load,
+ dev);
+
+ /* IRQFD requires MSI */
+ if (ivshmem_has_feature(s, IVSHMEM_IOEVENTFD) &&
+ !ivshmem_has_feature(s, IVSHMEM_MSI)) {
+ fprintf(stderr, "ivshmem: ioeventfd/irqfd requires MSI\n");
+ exit(1);
+ }
+
+ /* check that role is reasonable */
+ if (s->role) {
+ if (strncmp(s->role, "peer", 5) == 0) {
+ s->role_val = IVSHMEM_PEER;
+ } else if (strncmp(s->role, "master", 7) == 0) {
+ s->role_val = IVSHMEM_MASTER;
+ } else {
+ fprintf(stderr, "ivshmem: 'role' must be 'peer' or 'master'\n");
+ exit(1);
+ }
+ } else {
+ s->role_val = IVSHMEM_MASTER; /* default */
+ }
+
+ if (s->role_val == IVSHMEM_PEER) {
+ error_set(&s->migration_blocker, QERR_DEVICE_FEATURE_BLOCKS_MIGRATION,
+ "peer mode", "ivshmem");
+ migrate_add_blocker(s->migration_blocker);
+ }
+
+ pci_conf = dev->config;
+ pci_conf[PCI_COMMAND] = PCI_COMMAND_IO | PCI_COMMAND_MEMORY;
+
+ pci_config_set_interrupt_pin(pci_conf, 1);
+
+ s->shm_fd = 0;
+
+ memory_region_init_io(&s->ivshmem_mmio, OBJECT(s), &ivshmem_mmio_ops, s,
+ "ivshmem-mmio", IVSHMEM_REG_BAR_SIZE);
+
+ /* region for registers*/
+ pci_register_bar(dev, 0, PCI_BASE_ADDRESS_SPACE_MEMORY,
+ &s->ivshmem_mmio);
+
+ memory_region_init(&s->bar, OBJECT(s), "ivshmem-bar2-container", s->ivshmem_size);
+ s->ivshmem_attr = PCI_BASE_ADDRESS_SPACE_MEMORY |
+ PCI_BASE_ADDRESS_MEM_PREFETCH;
+ if (s->ivshmem_64bit) {
+ s->ivshmem_attr |= PCI_BASE_ADDRESS_MEM_TYPE_64;
+ }
+
+ if ((s->server_chr != NULL) &&
+ (strncmp(s->server_chr->filename, "unix:", 5) == 0)) {
+ /* if we get a UNIX socket as the parameter we will talk
+ * to the ivshmem server to receive the memory region */
+
+ if (s->shmobj != NULL) {
+ fprintf(stderr, "WARNING: do not specify both 'chardev' "
+ "and 'shm' with ivshmem\n");
+ }
+
+ IVSHMEM_DPRINTF("using shared memory server (socket = %s)\n",
+ s->server_chr->filename);
+
+ if (ivshmem_has_feature(s, IVSHMEM_MSI)) {
+ ivshmem_setup_msi(s);
+ }
+
+ /* we allocate enough space for 16 guests and grow as needed */
+ s->nb_peers = 16;
+ s->vm_id = -1;
+
+ /* allocate/initialize space for interrupt handling */
+ s->peers = g_malloc0(s->nb_peers * sizeof(Peer));
+
+ pci_register_bar(dev, 2, s->ivshmem_attr, &s->bar);
+
+ s->eventfd_chr = g_malloc0(s->vectors * sizeof(CharDriverState *));
+
+ qemu_chr_add_handlers(s->server_chr, ivshmem_can_receive, ivshmem_read,
+ ivshmem_event, s);
+ } else {
+ /* just map the file immediately, we're not using a server */
+ int fd;
+
+ if (s->shmobj == NULL) {
+ fprintf(stderr, "Must specify 'chardev' or 'shm' to ivshmem\n");
+ exit(1);
+ }
+
+ IVSHMEM_DPRINTF("using shm_open (shm object = %s)\n", s->shmobj);
+
+ /* try opening with O_EXCL and if it succeeds zero the memory
+ * by truncating to 0 */
+ if ((fd = shm_open(s->shmobj, O_CREAT|O_RDWR|O_EXCL,
+ S_IRWXU|S_IRWXG|S_IRWXO)) > 0) {
+ /* truncate file to length PCI device's memory */
+ if (ftruncate(fd, s->ivshmem_size) != 0) {
+ fprintf(stderr, "ivshmem: could not truncate shared file\n");
+ }
+
+ } else if ((fd = shm_open(s->shmobj, O_CREAT|O_RDWR,
+ S_IRWXU|S_IRWXG|S_IRWXO)) < 0) {
+ fprintf(stderr, "ivshmem: could not open shared file\n");
+ exit(-1);
+
+ }
+
+ if (check_shm_size(s, fd) == -1) {
+ exit(-1);
+ }
+
+ create_shared_memory_BAR(s, fd);
+
+ }
+
+ dev->config_write = ivshmem_write_config;
+
+ return 0;
+}
+
+static void pci_ivshmem_uninit(PCIDevice *dev)
+{
+ IVShmemState *s = IVSHMEM(dev);
+
+ if (s->migration_blocker) {
+ migrate_del_blocker(s->migration_blocker);
+ error_free(s->migration_blocker);
+ }
+
+ memory_region_destroy(&s->ivshmem_mmio);
+ memory_region_del_subregion(&s->bar, &s->ivshmem);
+ vmstate_unregister_ram(&s->ivshmem, DEVICE(dev));
+ memory_region_destroy(&s->ivshmem);
+ memory_region_destroy(&s->bar);
+ unregister_savevm(DEVICE(dev), "ivshmem", s);
+}
+
+static Property ivshmem_properties[] = {
+ DEFINE_PROP_CHR("chardev", IVShmemState, server_chr),
+ DEFINE_PROP_STRING("size", IVShmemState, sizearg),
+ DEFINE_PROP_UINT32("vectors", IVShmemState, vectors, 1),
+ DEFINE_PROP_BIT("ioeventfd", IVShmemState, features, IVSHMEM_IOEVENTFD, false),
+ DEFINE_PROP_BIT("msi", IVShmemState, features, IVSHMEM_MSI, true),
+ DEFINE_PROP_STRING("shm", IVShmemState, shmobj),
+ DEFINE_PROP_STRING("role", IVShmemState, role),
+ DEFINE_PROP_UINT32("use64", IVShmemState, ivshmem_64bit, 1),
+ DEFINE_PROP_END_OF_LIST(),
+};
+
+static void ivshmem_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ PCIDeviceClass *k = PCI_DEVICE_CLASS(klass);
+
+ k->init = pci_ivshmem_init;
+ k->exit = pci_ivshmem_uninit;
+ k->vendor_id = PCI_VENDOR_ID_IVSHMEM;
+ k->device_id = PCI_DEVICE_ID_IVSHMEM;
+ k->class_id = PCI_CLASS_MEMORY_RAM;
+ dc->reset = ivshmem_reset;
+ dc->props = ivshmem_properties;
+ set_bit(DEVICE_CATEGORY_MISC, dc->categories);
+}
+
+static const TypeInfo ivshmem_info = {
+ .name = TYPE_IVSHMEM,
+ .parent = TYPE_PCI_DEVICE,
+ .instance_size = sizeof(IVShmemState),
+ .class_init = ivshmem_class_init,
+};
+
+static void ivshmem_register_types(void)
+{
+ type_register_static(&ivshmem_info);
+}
+
+type_init(ivshmem_register_types)
diff --git a/hw/misc/lm32_sys.c b/hw/misc/lm32_sys.c
new file mode 100644
index 000000000..9bdb78162
--- /dev/null
+++ b/hw/misc/lm32_sys.c
@@ -0,0 +1,176 @@
+/*
+ * QEMU model of the LatticeMico32 system control block.
+ *
+ * Copyright (c) 2010 Michael Walle <michael@walle.cc>
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+/*
+ * This model is mainly intended for testing purposes and doesn't fit to any
+ * real hardware. On the one hand it provides a control register (R_CTRL) on
+ * the other hand it supports the lm32 tests.
+ *
+ * A write to the control register causes a system shutdown.
+ * Tests first write the pointer to a test name to the test name register
+ * (R_TESTNAME) and then write a zero to the pass/fail register (R_PASSFAIL) if
+ * the test is passed or any non-zero value to it if the test is failed.
+ */
+
+#include "hw/hw.h"
+#include "hw/sysbus.h"
+#include "trace.h"
+#include "qemu/log.h"
+#include "qemu/error-report.h"
+#include "sysemu/sysemu.h"
+
+enum {
+ R_CTRL = 0,
+ R_PASSFAIL,
+ R_TESTNAME,
+ R_MAX
+};
+
+#define MAX_TESTNAME_LEN 16
+
+#define TYPE_LM32_SYS "lm32-sys"
+#define LM32_SYS(obj) OBJECT_CHECK(LM32SysState, (obj), TYPE_LM32_SYS)
+
+struct LM32SysState {
+ SysBusDevice parent_obj;
+
+ MemoryRegion iomem;
+ uint32_t base;
+ uint32_t regs[R_MAX];
+ uint8_t testname[MAX_TESTNAME_LEN];
+};
+typedef struct LM32SysState LM32SysState;
+
+static void copy_testname(LM32SysState *s)
+{
+ cpu_physical_memory_read(s->regs[R_TESTNAME], s->testname,
+ MAX_TESTNAME_LEN);
+ s->testname[MAX_TESTNAME_LEN - 1] = '\0';
+}
+
+static void sys_write(void *opaque, hwaddr addr,
+ uint64_t value, unsigned size)
+{
+ LM32SysState *s = opaque;
+ char *testname;
+
+ trace_lm32_sys_memory_write(addr, value);
+
+ addr >>= 2;
+ switch (addr) {
+ case R_CTRL:
+ qemu_system_shutdown_request();
+ break;
+ case R_PASSFAIL:
+ s->regs[addr] = value;
+ testname = (char *)s->testname;
+ qemu_log("TC %-16s %s\n", testname, (value) ? "FAILED" : "OK");
+ break;
+ case R_TESTNAME:
+ s->regs[addr] = value;
+ copy_testname(s);
+ break;
+
+ default:
+ error_report("lm32_sys: write access to unknown register 0x"
+ TARGET_FMT_plx, addr << 2);
+ break;
+ }
+}
+
+static bool sys_ops_accepts(void *opaque, hwaddr addr,
+ unsigned size, bool is_write)
+{
+ return is_write && size == 4;
+}
+
+static const MemoryRegionOps sys_ops = {
+ .write = sys_write,
+ .valid.accepts = sys_ops_accepts,
+ .endianness = DEVICE_NATIVE_ENDIAN,
+};
+
+static void sys_reset(DeviceState *d)
+{
+ LM32SysState *s = LM32_SYS(d);
+ int i;
+
+ for (i = 0; i < R_MAX; i++) {
+ s->regs[i] = 0;
+ }
+ memset(s->testname, 0, MAX_TESTNAME_LEN);
+}
+
+static int lm32_sys_init(SysBusDevice *dev)
+{
+ LM32SysState *s = LM32_SYS(dev);
+
+ memory_region_init_io(&s->iomem, OBJECT(dev), &sys_ops , s,
+ "sys", R_MAX * 4);
+ sysbus_init_mmio(dev, &s->iomem);
+
+ /* Note: This device is not created in the board initialization,
+ * instead it has to be added with the -device parameter. Therefore,
+ * the device maps itself. */
+ sysbus_mmio_map(dev, 0, s->base);
+
+ return 0;
+}
+
+static const VMStateDescription vmstate_lm32_sys = {
+ .name = "lm32-sys",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .minimum_version_id_old = 1,
+ .fields = (VMStateField[]) {
+ VMSTATE_UINT32_ARRAY(regs, LM32SysState, R_MAX),
+ VMSTATE_BUFFER(testname, LM32SysState),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+static Property lm32_sys_properties[] = {
+ DEFINE_PROP_UINT32("base", LM32SysState, base, 0xffff0000),
+ DEFINE_PROP_END_OF_LIST(),
+};
+
+static void lm32_sys_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
+
+ k->init = lm32_sys_init;
+ dc->reset = sys_reset;
+ dc->vmsd = &vmstate_lm32_sys;
+ dc->props = lm32_sys_properties;
+}
+
+static const TypeInfo lm32_sys_info = {
+ .name = TYPE_LM32_SYS,
+ .parent = TYPE_SYS_BUS_DEVICE,
+ .instance_size = sizeof(LM32SysState),
+ .class_init = lm32_sys_class_init,
+};
+
+static void lm32_sys_register_types(void)
+{
+ type_register_static(&lm32_sys_info);
+}
+
+type_init(lm32_sys_register_types)
diff --git a/hw/misc/macio/Makefile.objs b/hw/misc/macio/Makefile.objs
new file mode 100644
index 000000000..ef7ac249e
--- /dev/null
+++ b/hw/misc/macio/Makefile.objs
@@ -0,0 +1,3 @@
+common-obj-y += macio.o
+common-obj-$(CONFIG_CUDA) += cuda.o
+common-obj-$(CONFIG_MAC_DBDMA) += mac_dbdma.o
diff --git a/hw/misc/macio/cuda.c b/hw/misc/macio/cuda.c
new file mode 100644
index 000000000..c0fd7da11
--- /dev/null
+++ b/hw/misc/macio/cuda.c
@@ -0,0 +1,740 @@
+/*
+ * QEMU PowerMac CUDA device support
+ *
+ * Copyright (c) 2004-2007 Fabrice Bellard
+ * Copyright (c) 2007 Jocelyn Mayer
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+#include "hw/hw.h"
+#include "hw/ppc/mac.h"
+#include "hw/input/adb.h"
+#include "qemu/timer.h"
+#include "sysemu/sysemu.h"
+
+/* XXX: implement all timer modes */
+
+/* debug CUDA */
+//#define DEBUG_CUDA
+
+/* debug CUDA packets */
+//#define DEBUG_CUDA_PACKET
+
+#ifdef DEBUG_CUDA
+#define CUDA_DPRINTF(fmt, ...) \
+ do { printf("CUDA: " fmt , ## __VA_ARGS__); } while (0)
+#else
+#define CUDA_DPRINTF(fmt, ...)
+#endif
+
+/* Bits in B data register: all active low */
+#define TREQ 0x08 /* Transfer request (input) */
+#define TACK 0x10 /* Transfer acknowledge (output) */
+#define TIP 0x20 /* Transfer in progress (output) */
+
+/* Bits in ACR */
+#define SR_CTRL 0x1c /* Shift register control bits */
+#define SR_EXT 0x0c /* Shift on external clock */
+#define SR_OUT 0x10 /* Shift out if 1 */
+
+/* Bits in IFR and IER */
+#define IER_SET 0x80 /* set bits in IER */
+#define IER_CLR 0 /* clear bits in IER */
+#define SR_INT 0x04 /* Shift register full/empty */
+#define T1_INT 0x40 /* Timer 1 interrupt */
+#define T2_INT 0x20 /* Timer 2 interrupt */
+
+/* Bits in ACR */
+#define T1MODE 0xc0 /* Timer 1 mode */
+#define T1MODE_CONT 0x40 /* continuous interrupts */
+
+/* commands (1st byte) */
+#define ADB_PACKET 0
+#define CUDA_PACKET 1
+#define ERROR_PACKET 2
+#define TIMER_PACKET 3
+#define POWER_PACKET 4
+#define MACIIC_PACKET 5
+#define PMU_PACKET 6
+
+
+/* CUDA commands (2nd byte) */
+#define CUDA_WARM_START 0x0
+#define CUDA_AUTOPOLL 0x1
+#define CUDA_GET_6805_ADDR 0x2
+#define CUDA_GET_TIME 0x3
+#define CUDA_GET_PRAM 0x7
+#define CUDA_SET_6805_ADDR 0x8
+#define CUDA_SET_TIME 0x9
+#define CUDA_POWERDOWN 0xa
+#define CUDA_POWERUP_TIME 0xb
+#define CUDA_SET_PRAM 0xc
+#define CUDA_MS_RESET 0xd
+#define CUDA_SEND_DFAC 0xe
+#define CUDA_BATTERY_SWAP_SENSE 0x10
+#define CUDA_RESET_SYSTEM 0x11
+#define CUDA_SET_IPL 0x12
+#define CUDA_FILE_SERVER_FLAG 0x13
+#define CUDA_SET_AUTO_RATE 0x14
+#define CUDA_GET_AUTO_RATE 0x16
+#define CUDA_SET_DEVICE_LIST 0x19
+#define CUDA_GET_DEVICE_LIST 0x1a
+#define CUDA_SET_ONE_SECOND_MODE 0x1b
+#define CUDA_SET_POWER_MESSAGES 0x21
+#define CUDA_GET_SET_IIC 0x22
+#define CUDA_WAKEUP 0x23
+#define CUDA_TIMER_TICKLE 0x24
+#define CUDA_COMBINED_FORMAT_IIC 0x25
+
+#define CUDA_TIMER_FREQ (4700000 / 6)
+#define CUDA_ADB_POLL_FREQ 50
+
+/* CUDA returns time_t's offset from Jan 1, 1904, not 1970 */
+#define RTC_OFFSET 2082844800
+
+static void cuda_update(CUDAState *s);
+static void cuda_receive_packet_from_host(CUDAState *s,
+ const uint8_t *data, int len);
+static void cuda_timer_update(CUDAState *s, CUDATimer *ti,
+ int64_t current_time);
+
+static void cuda_update_irq(CUDAState *s)
+{
+ if (s->ifr & s->ier & (SR_INT | T1_INT)) {
+ qemu_irq_raise(s->irq);
+ } else {
+ qemu_irq_lower(s->irq);
+ }
+}
+
+static unsigned int get_counter(CUDATimer *s)
+{
+ int64_t d;
+ unsigned int counter;
+
+ d = muldiv64(qemu_get_clock_ns(vm_clock) - s->load_time,
+ CUDA_TIMER_FREQ, get_ticks_per_sec());
+ if (s->index == 0) {
+ /* the timer goes down from latch to -1 (period of latch + 2) */
+ if (d <= (s->counter_value + 1)) {
+ counter = (s->counter_value - d) & 0xffff;
+ } else {
+ counter = (d - (s->counter_value + 1)) % (s->latch + 2);
+ counter = (s->latch - counter) & 0xffff;
+ }
+ } else {
+ counter = (s->counter_value - d) & 0xffff;
+ }
+ return counter;
+}
+
+static void set_counter(CUDAState *s, CUDATimer *ti, unsigned int val)
+{
+ CUDA_DPRINTF("T%d.counter=%d\n", 1 + (ti->timer == NULL), val);
+ ti->load_time = qemu_get_clock_ns(vm_clock);
+ ti->counter_value = val;
+ cuda_timer_update(s, ti, ti->load_time);
+}
+
+static int64_t get_next_irq_time(CUDATimer *s, int64_t current_time)
+{
+ int64_t d, next_time;
+ unsigned int counter;
+
+ /* current counter value */
+ d = muldiv64(current_time - s->load_time,
+ CUDA_TIMER_FREQ, get_ticks_per_sec());
+ /* the timer goes down from latch to -1 (period of latch + 2) */
+ if (d <= (s->counter_value + 1)) {
+ counter = (s->counter_value - d) & 0xffff;
+ } else {
+ counter = (d - (s->counter_value + 1)) % (s->latch + 2);
+ counter = (s->latch - counter) & 0xffff;
+ }
+
+ /* Note: we consider the irq is raised on 0 */
+ if (counter == 0xffff) {
+ next_time = d + s->latch + 1;
+ } else if (counter == 0) {
+ next_time = d + s->latch + 2;
+ } else {
+ next_time = d + counter;
+ }
+ CUDA_DPRINTF("latch=%d counter=%" PRId64 " delta_next=%" PRId64 "\n",
+ s->latch, d, next_time - d);
+ next_time = muldiv64(next_time, get_ticks_per_sec(), CUDA_TIMER_FREQ) +
+ s->load_time;
+ if (next_time <= current_time)
+ next_time = current_time + 1;
+ return next_time;
+}
+
+static void cuda_timer_update(CUDAState *s, CUDATimer *ti,
+ int64_t current_time)
+{
+ if (!ti->timer)
+ return;
+ if ((s->acr & T1MODE) != T1MODE_CONT) {
+ qemu_del_timer(ti->timer);
+ } else {
+ ti->next_irq_time = get_next_irq_time(ti, current_time);
+ qemu_mod_timer(ti->timer, ti->next_irq_time);
+ }
+}
+
+static void cuda_timer1(void *opaque)
+{
+ CUDAState *s = opaque;
+ CUDATimer *ti = &s->timers[0];
+
+ cuda_timer_update(s, ti, ti->next_irq_time);
+ s->ifr |= T1_INT;
+ cuda_update_irq(s);
+}
+
+static uint32_t cuda_readb(void *opaque, hwaddr addr)
+{
+ CUDAState *s = opaque;
+ uint32_t val;
+
+ addr = (addr >> 9) & 0xf;
+ switch(addr) {
+ case 0:
+ val = s->b;
+ break;
+ case 1:
+ val = s->a;
+ break;
+ case 2:
+ val = s->dirb;
+ break;
+ case 3:
+ val = s->dira;
+ break;
+ case 4:
+ val = get_counter(&s->timers[0]) & 0xff;
+ s->ifr &= ~T1_INT;
+ cuda_update_irq(s);
+ break;
+ case 5:
+ val = get_counter(&s->timers[0]) >> 8;
+ cuda_update_irq(s);
+ break;
+ case 6:
+ val = s->timers[0].latch & 0xff;
+ break;
+ case 7:
+ /* XXX: check this */
+ val = (s->timers[0].latch >> 8) & 0xff;
+ break;
+ case 8:
+ val = get_counter(&s->timers[1]) & 0xff;
+ s->ifr &= ~T2_INT;
+ break;
+ case 9:
+ val = get_counter(&s->timers[1]) >> 8;
+ break;
+ case 10:
+ val = s->sr;
+ s->ifr &= ~SR_INT;
+ cuda_update_irq(s);
+ break;
+ case 11:
+ val = s->acr;
+ break;
+ case 12:
+ val = s->pcr;
+ break;
+ case 13:
+ val = s->ifr;
+ if (s->ifr & s->ier)
+ val |= 0x80;
+ break;
+ case 14:
+ val = s->ier | 0x80;
+ break;
+ default:
+ case 15:
+ val = s->anh;
+ break;
+ }
+ if (addr != 13 || val != 0) {
+ CUDA_DPRINTF("read: reg=0x%x val=%02x\n", (int)addr, val);
+ }
+
+ return val;
+}
+
+static void cuda_writeb(void *opaque, hwaddr addr, uint32_t val)
+{
+ CUDAState *s = opaque;
+
+ addr = (addr >> 9) & 0xf;
+ CUDA_DPRINTF("write: reg=0x%x val=%02x\n", (int)addr, val);
+
+ switch(addr) {
+ case 0:
+ s->b = val;
+ cuda_update(s);
+ break;
+ case 1:
+ s->a = val;
+ break;
+ case 2:
+ s->dirb = val;
+ break;
+ case 3:
+ s->dira = val;
+ break;
+ case 4:
+ s->timers[0].latch = (s->timers[0].latch & 0xff00) | val;
+ cuda_timer_update(s, &s->timers[0], qemu_get_clock_ns(vm_clock));
+ break;
+ case 5:
+ s->timers[0].latch = (s->timers[0].latch & 0xff) | (val << 8);
+ s->ifr &= ~T1_INT;
+ set_counter(s, &s->timers[0], s->timers[0].latch);
+ break;
+ case 6:
+ s->timers[0].latch = (s->timers[0].latch & 0xff00) | val;
+ cuda_timer_update(s, &s->timers[0], qemu_get_clock_ns(vm_clock));
+ break;
+ case 7:
+ s->timers[0].latch = (s->timers[0].latch & 0xff) | (val << 8);
+ s->ifr &= ~T1_INT;
+ cuda_timer_update(s, &s->timers[0], qemu_get_clock_ns(vm_clock));
+ break;
+ case 8:
+ s->timers[1].latch = val;
+ set_counter(s, &s->timers[1], val);
+ break;
+ case 9:
+ set_counter(s, &s->timers[1], (val << 8) | s->timers[1].latch);
+ break;
+ case 10:
+ s->sr = val;
+ break;
+ case 11:
+ s->acr = val;
+ cuda_timer_update(s, &s->timers[0], qemu_get_clock_ns(vm_clock));
+ cuda_update(s);
+ break;
+ case 12:
+ s->pcr = val;
+ break;
+ case 13:
+ /* reset bits */
+ s->ifr &= ~val;
+ cuda_update_irq(s);
+ break;
+ case 14:
+ if (val & IER_SET) {
+ /* set bits */
+ s->ier |= val & 0x7f;
+ } else {
+ /* reset bits */
+ s->ier &= ~val;
+ }
+ cuda_update_irq(s);
+ break;
+ default:
+ case 15:
+ s->anh = val;
+ break;
+ }
+}
+
+/* NOTE: TIP and TREQ are negated */
+static void cuda_update(CUDAState *s)
+{
+ int packet_received, len;
+
+ packet_received = 0;
+ if (!(s->b & TIP)) {
+ /* transfer requested from host */
+
+ if (s->acr & SR_OUT) {
+ /* data output */
+ if ((s->b & (TACK | TIP)) != (s->last_b & (TACK | TIP))) {
+ if (s->data_out_index < sizeof(s->data_out)) {
+ CUDA_DPRINTF("send: %02x\n", s->sr);
+ s->data_out[s->data_out_index++] = s->sr;
+ s->ifr |= SR_INT;
+ cuda_update_irq(s);
+ }
+ }
+ } else {
+ if (s->data_in_index < s->data_in_size) {
+ /* data input */
+ if ((s->b & (TACK | TIP)) != (s->last_b & (TACK | TIP))) {
+ s->sr = s->data_in[s->data_in_index++];
+ CUDA_DPRINTF("recv: %02x\n", s->sr);
+ /* indicate end of transfer */
+ if (s->data_in_index >= s->data_in_size) {
+ s->b = (s->b | TREQ);
+ }
+ s->ifr |= SR_INT;
+ cuda_update_irq(s);
+ }
+ }
+ }
+ } else {
+ /* no transfer requested: handle sync case */
+ if ((s->last_b & TIP) && (s->b & TACK) != (s->last_b & TACK)) {
+ /* update TREQ state each time TACK change state */
+ if (s->b & TACK)
+ s->b = (s->b | TREQ);
+ else
+ s->b = (s->b & ~TREQ);
+ s->ifr |= SR_INT;
+ cuda_update_irq(s);
+ } else {
+ if (!(s->last_b & TIP)) {
+ /* handle end of host to cuda transfer */
+ packet_received = (s->data_out_index > 0);
+ /* always an IRQ at the end of transfer */
+ s->ifr |= SR_INT;
+ cuda_update_irq(s);
+ }
+ /* signal if there is data to read */
+ if (s->data_in_index < s->data_in_size) {
+ s->b = (s->b & ~TREQ);
+ }
+ }
+ }
+
+ s->last_acr = s->acr;
+ s->last_b = s->b;
+
+ /* NOTE: cuda_receive_packet_from_host() can call cuda_update()
+ recursively */
+ if (packet_received) {
+ len = s->data_out_index;
+ s->data_out_index = 0;
+ cuda_receive_packet_from_host(s, s->data_out, len);
+ }
+}
+
+static void cuda_send_packet_to_host(CUDAState *s,
+ const uint8_t *data, int len)
+{
+#ifdef DEBUG_CUDA_PACKET
+ {
+ int i;
+ printf("cuda_send_packet_to_host:\n");
+ for(i = 0; i < len; i++)
+ printf(" %02x", data[i]);
+ printf("\n");
+ }
+#endif
+ memcpy(s->data_in, data, len);
+ s->data_in_size = len;
+ s->data_in_index = 0;
+ cuda_update(s);
+ s->ifr |= SR_INT;
+ cuda_update_irq(s);
+}
+
+static void cuda_adb_poll(void *opaque)
+{
+ CUDAState *s = opaque;
+ uint8_t obuf[ADB_MAX_OUT_LEN + 2];
+ int olen;
+
+ olen = adb_poll(&s->adb_bus, obuf + 2);
+ if (olen > 0) {
+ obuf[0] = ADB_PACKET;
+ obuf[1] = 0x40; /* polled data */
+ cuda_send_packet_to_host(s, obuf, olen + 2);
+ }
+ qemu_mod_timer(s->adb_poll_timer,
+ qemu_get_clock_ns(vm_clock) +
+ (get_ticks_per_sec() / CUDA_ADB_POLL_FREQ));
+}
+
+static void cuda_receive_packet(CUDAState *s,
+ const uint8_t *data, int len)
+{
+ uint8_t obuf[16];
+ int autopoll;
+ uint32_t ti;
+
+ switch(data[0]) {
+ case CUDA_AUTOPOLL:
+ autopoll = (data[1] != 0);
+ if (autopoll != s->autopoll) {
+ s->autopoll = autopoll;
+ if (autopoll) {
+ qemu_mod_timer(s->adb_poll_timer,
+ qemu_get_clock_ns(vm_clock) +
+ (get_ticks_per_sec() / CUDA_ADB_POLL_FREQ));
+ } else {
+ qemu_del_timer(s->adb_poll_timer);
+ }
+ }
+ obuf[0] = CUDA_PACKET;
+ obuf[1] = data[1];
+ cuda_send_packet_to_host(s, obuf, 2);
+ break;
+ case CUDA_SET_TIME:
+ ti = (((uint32_t)data[1]) << 24) + (((uint32_t)data[2]) << 16) + (((uint32_t)data[3]) << 8) + data[4];
+ s->tick_offset = ti - (qemu_get_clock_ns(vm_clock) / get_ticks_per_sec());
+ obuf[0] = CUDA_PACKET;
+ obuf[1] = 0;
+ obuf[2] = 0;
+ cuda_send_packet_to_host(s, obuf, 3);
+ break;
+ case CUDA_GET_TIME:
+ ti = s->tick_offset + (qemu_get_clock_ns(vm_clock) / get_ticks_per_sec());
+ obuf[0] = CUDA_PACKET;
+ obuf[1] = 0;
+ obuf[2] = 0;
+ obuf[3] = ti >> 24;
+ obuf[4] = ti >> 16;
+ obuf[5] = ti >> 8;
+ obuf[6] = ti;
+ cuda_send_packet_to_host(s, obuf, 7);
+ break;
+ case CUDA_FILE_SERVER_FLAG:
+ case CUDA_SET_DEVICE_LIST:
+ case CUDA_SET_AUTO_RATE:
+ case CUDA_SET_POWER_MESSAGES:
+ obuf[0] = CUDA_PACKET;
+ obuf[1] = 0;
+ cuda_send_packet_to_host(s, obuf, 2);
+ break;
+ case CUDA_POWERDOWN:
+ obuf[0] = CUDA_PACKET;
+ obuf[1] = 0;
+ cuda_send_packet_to_host(s, obuf, 2);
+ qemu_system_shutdown_request();
+ break;
+ case CUDA_RESET_SYSTEM:
+ obuf[0] = CUDA_PACKET;
+ obuf[1] = 0;
+ cuda_send_packet_to_host(s, obuf, 2);
+ qemu_system_reset_request();
+ break;
+ default:
+ break;
+ }
+}
+
+static void cuda_receive_packet_from_host(CUDAState *s,
+ const uint8_t *data, int len)
+{
+#ifdef DEBUG_CUDA_PACKET
+ {
+ int i;
+ printf("cuda_receive_packet_from_host:\n");
+ for(i = 0; i < len; i++)
+ printf(" %02x", data[i]);
+ printf("\n");
+ }
+#endif
+ switch(data[0]) {
+ case ADB_PACKET:
+ {
+ uint8_t obuf[ADB_MAX_OUT_LEN + 2];
+ int olen;
+ olen = adb_request(&s->adb_bus, obuf + 2, data + 1, len - 1);
+ if (olen > 0) {
+ obuf[0] = ADB_PACKET;
+ obuf[1] = 0x00;
+ } else {
+ /* error */
+ obuf[0] = ADB_PACKET;
+ obuf[1] = -olen;
+ olen = 0;
+ }
+ cuda_send_packet_to_host(s, obuf, olen + 2);
+ }
+ break;
+ case CUDA_PACKET:
+ cuda_receive_packet(s, data + 1, len - 1);
+ break;
+ }
+}
+
+static void cuda_writew (void *opaque, hwaddr addr, uint32_t value)
+{
+}
+
+static void cuda_writel (void *opaque, hwaddr addr, uint32_t value)
+{
+}
+
+static uint32_t cuda_readw (void *opaque, hwaddr addr)
+{
+ return 0;
+}
+
+static uint32_t cuda_readl (void *opaque, hwaddr addr)
+{
+ return 0;
+}
+
+static const MemoryRegionOps cuda_ops = {
+ .old_mmio = {
+ .write = {
+ cuda_writeb,
+ cuda_writew,
+ cuda_writel,
+ },
+ .read = {
+ cuda_readb,
+ cuda_readw,
+ cuda_readl,
+ },
+ },
+ .endianness = DEVICE_NATIVE_ENDIAN,
+};
+
+static bool cuda_timer_exist(void *opaque, int version_id)
+{
+ CUDATimer *s = opaque;
+
+ return s->timer != NULL;
+}
+
+static const VMStateDescription vmstate_cuda_timer = {
+ .name = "cuda_timer",
+ .version_id = 0,
+ .minimum_version_id = 0,
+ .minimum_version_id_old = 0,
+ .fields = (VMStateField[]) {
+ VMSTATE_UINT16(latch, CUDATimer),
+ VMSTATE_UINT16(counter_value, CUDATimer),
+ VMSTATE_INT64(load_time, CUDATimer),
+ VMSTATE_INT64(next_irq_time, CUDATimer),
+ VMSTATE_TIMER_TEST(timer, CUDATimer, cuda_timer_exist),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+static const VMStateDescription vmstate_cuda = {
+ .name = "cuda",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .minimum_version_id_old = 1,
+ .fields = (VMStateField[]) {
+ VMSTATE_UINT8(a, CUDAState),
+ VMSTATE_UINT8(b, CUDAState),
+ VMSTATE_UINT8(dira, CUDAState),
+ VMSTATE_UINT8(dirb, CUDAState),
+ VMSTATE_UINT8(sr, CUDAState),
+ VMSTATE_UINT8(acr, CUDAState),
+ VMSTATE_UINT8(pcr, CUDAState),
+ VMSTATE_UINT8(ifr, CUDAState),
+ VMSTATE_UINT8(ier, CUDAState),
+ VMSTATE_UINT8(anh, CUDAState),
+ VMSTATE_INT32(data_in_size, CUDAState),
+ VMSTATE_INT32(data_in_index, CUDAState),
+ VMSTATE_INT32(data_out_index, CUDAState),
+ VMSTATE_UINT8(autopoll, CUDAState),
+ VMSTATE_BUFFER(data_in, CUDAState),
+ VMSTATE_BUFFER(data_out, CUDAState),
+ VMSTATE_UINT32(tick_offset, CUDAState),
+ VMSTATE_STRUCT_ARRAY(timers, CUDAState, 2, 1,
+ vmstate_cuda_timer, CUDATimer),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+static void cuda_reset(DeviceState *dev)
+{
+ CUDAState *s = CUDA(dev);
+
+ s->b = 0;
+ s->a = 0;
+ s->dirb = 0;
+ s->dira = 0;
+ s->sr = 0;
+ s->acr = 0;
+ s->pcr = 0;
+ s->ifr = 0;
+ s->ier = 0;
+ // s->ier = T1_INT | SR_INT;
+ s->anh = 0;
+ s->data_in_size = 0;
+ s->data_in_index = 0;
+ s->data_out_index = 0;
+ s->autopoll = 0;
+
+ s->timers[0].latch = 0xffff;
+ set_counter(s, &s->timers[0], 0xffff);
+
+ s->timers[1].latch = 0;
+ set_counter(s, &s->timers[1], 0xffff);
+}
+
+static void cuda_realizefn(DeviceState *dev, Error **errp)
+{
+ CUDAState *s = CUDA(dev);
+ struct tm tm;
+
+ s->timers[0].timer = qemu_new_timer_ns(vm_clock, cuda_timer1, s);
+
+ qemu_get_timedate(&tm, 0);
+ s->tick_offset = (uint32_t)mktimegm(&tm) + RTC_OFFSET;
+
+ s->adb_poll_timer = qemu_new_timer_ns(vm_clock, cuda_adb_poll, s);
+}
+
+static void cuda_initfn(Object *obj)
+{
+ SysBusDevice *d = SYS_BUS_DEVICE(obj);
+ CUDAState *s = CUDA(obj);
+ int i;
+
+ memory_region_init_io(&s->mem, NULL, &cuda_ops, s, "cuda", 0x2000);
+ sysbus_init_mmio(d, &s->mem);
+ sysbus_init_irq(d, &s->irq);
+
+ for (i = 0; i < ARRAY_SIZE(s->timers); i++) {
+ s->timers[i].index = i;
+ }
+
+ qbus_create_inplace((BusState *)&s->adb_bus, TYPE_ADB_BUS, DEVICE(obj),
+ "adb.0");
+}
+
+static void cuda_class_init(ObjectClass *oc, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(oc);
+
+ dc->realize = cuda_realizefn;
+ dc->reset = cuda_reset;
+ dc->vmsd = &vmstate_cuda;
+}
+
+static const TypeInfo cuda_type_info = {
+ .name = TYPE_CUDA,
+ .parent = TYPE_SYS_BUS_DEVICE,
+ .instance_size = sizeof(CUDAState),
+ .instance_init = cuda_initfn,
+ .class_init = cuda_class_init,
+};
+
+static void cuda_register_types(void)
+{
+ type_register_static(&cuda_type_info);
+}
+
+type_init(cuda_register_types)
diff --git a/hw/misc/macio/mac_dbdma.c b/hw/misc/macio/mac_dbdma.c
new file mode 100644
index 000000000..f47a73618
--- /dev/null
+++ b/hw/misc/macio/mac_dbdma.c
@@ -0,0 +1,764 @@
+/*
+ * PowerMac descriptor-based DMA emulation
+ *
+ * Copyright (c) 2005-2007 Fabrice Bellard
+ * Copyright (c) 2007 Jocelyn Mayer
+ * Copyright (c) 2009 Laurent Vivier
+ *
+ * some parts from linux-2.6.28, arch/powerpc/include/asm/dbdma.h
+ *
+ * Definitions for using the Apple Descriptor-Based DMA controller
+ * in Power Macintosh computers.
+ *
+ * Copyright (C) 1996 Paul Mackerras.
+ *
+ * some parts from mol 0.9.71
+ *
+ * Descriptor based DMA emulation
+ *
+ * Copyright (C) 1998-2004 Samuel Rydh (samuel@ibrium.se)
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+#include "hw/hw.h"
+#include "hw/isa/isa.h"
+#include "hw/ppc/mac_dbdma.h"
+#include "qemu/main-loop.h"
+
+/* debug DBDMA */
+//#define DEBUG_DBDMA
+
+#ifdef DEBUG_DBDMA
+#define DBDMA_DPRINTF(fmt, ...) \
+ do { printf("DBDMA: " fmt , ## __VA_ARGS__); } while (0)
+#else
+#define DBDMA_DPRINTF(fmt, ...)
+#endif
+
+/*
+ */
+
+static DBDMAState *dbdma_from_ch(DBDMA_channel *ch)
+{
+ return container_of(ch, DBDMAState, channels[ch->channel]);
+}
+
+#ifdef DEBUG_DBDMA
+static void dump_dbdma_cmd(dbdma_cmd *cmd)
+{
+ printf("dbdma_cmd %p\n", cmd);
+ printf(" req_count 0x%04x\n", le16_to_cpu(cmd->req_count));
+ printf(" command 0x%04x\n", le16_to_cpu(cmd->command));
+ printf(" phy_addr 0x%08x\n", le32_to_cpu(cmd->phy_addr));
+ printf(" cmd_dep 0x%08x\n", le32_to_cpu(cmd->cmd_dep));
+ printf(" res_count 0x%04x\n", le16_to_cpu(cmd->res_count));
+ printf(" xfer_status 0x%04x\n", le16_to_cpu(cmd->xfer_status));
+}
+#else
+static void dump_dbdma_cmd(dbdma_cmd *cmd)
+{
+}
+#endif
+static void dbdma_cmdptr_load(DBDMA_channel *ch)
+{
+ DBDMA_DPRINTF("dbdma_cmdptr_load 0x%08x\n",
+ ch->regs[DBDMA_CMDPTR_LO]);
+ cpu_physical_memory_read(ch->regs[DBDMA_CMDPTR_LO],
+ &ch->current, sizeof(dbdma_cmd));
+}
+
+static void dbdma_cmdptr_save(DBDMA_channel *ch)
+{
+ DBDMA_DPRINTF("dbdma_cmdptr_save 0x%08x\n",
+ ch->regs[DBDMA_CMDPTR_LO]);
+ DBDMA_DPRINTF("xfer_status 0x%08x res_count 0x%04x\n",
+ le16_to_cpu(ch->current.xfer_status),
+ le16_to_cpu(ch->current.res_count));
+ cpu_physical_memory_write(ch->regs[DBDMA_CMDPTR_LO],
+ &ch->current, sizeof(dbdma_cmd));
+}
+
+static void kill_channel(DBDMA_channel *ch)
+{
+ DBDMA_DPRINTF("kill_channel\n");
+
+ ch->regs[DBDMA_STATUS] |= DEAD;
+ ch->regs[DBDMA_STATUS] &= ~ACTIVE;
+
+ qemu_irq_raise(ch->irq);
+}
+
+static void conditional_interrupt(DBDMA_channel *ch)
+{
+ dbdma_cmd *current = &ch->current;
+ uint16_t intr;
+ uint16_t sel_mask, sel_value;
+ uint32_t status;
+ int cond;
+
+ DBDMA_DPRINTF("%s\n", __func__);
+
+ intr = le16_to_cpu(current->command) & INTR_MASK;
+
+ switch(intr) {
+ case INTR_NEVER: /* don't interrupt */
+ return;
+ case INTR_ALWAYS: /* always interrupt */
+ qemu_irq_raise(ch->irq);
+ DBDMA_DPRINTF("%s: raise\n", __func__);
+ return;
+ }
+
+ status = ch->regs[DBDMA_STATUS] & DEVSTAT;
+
+ sel_mask = (ch->regs[DBDMA_INTR_SEL] >> 16) & 0x0f;
+ sel_value = ch->regs[DBDMA_INTR_SEL] & 0x0f;
+
+ cond = (status & sel_mask) == (sel_value & sel_mask);
+
+ switch(intr) {
+ case INTR_IFSET: /* intr if condition bit is 1 */
+ if (cond) {
+ qemu_irq_raise(ch->irq);
+ DBDMA_DPRINTF("%s: raise\n", __func__);
+ }
+ return;
+ case INTR_IFCLR: /* intr if condition bit is 0 */
+ if (!cond) {
+ qemu_irq_raise(ch->irq);
+ DBDMA_DPRINTF("%s: raise\n", __func__);
+ }
+ return;
+ }
+}
+
+static int conditional_wait(DBDMA_channel *ch)
+{
+ dbdma_cmd *current = &ch->current;
+ uint16_t wait;
+ uint16_t sel_mask, sel_value;
+ uint32_t status;
+ int cond;
+
+ DBDMA_DPRINTF("conditional_wait\n");
+
+ wait = le16_to_cpu(current->command) & WAIT_MASK;
+
+ switch(wait) {
+ case WAIT_NEVER: /* don't wait */
+ return 0;
+ case WAIT_ALWAYS: /* always wait */
+ return 1;
+ }
+
+ status = ch->regs[DBDMA_STATUS] & DEVSTAT;
+
+ sel_mask = (ch->regs[DBDMA_WAIT_SEL] >> 16) & 0x0f;
+ sel_value = ch->regs[DBDMA_WAIT_SEL] & 0x0f;
+
+ cond = (status & sel_mask) == (sel_value & sel_mask);
+
+ switch(wait) {
+ case WAIT_IFSET: /* wait if condition bit is 1 */
+ if (cond)
+ return 1;
+ return 0;
+ case WAIT_IFCLR: /* wait if condition bit is 0 */
+ if (!cond)
+ return 1;
+ return 0;
+ }
+ return 0;
+}
+
+static void next(DBDMA_channel *ch)
+{
+ uint32_t cp;
+
+ ch->regs[DBDMA_STATUS] &= ~BT;
+
+ cp = ch->regs[DBDMA_CMDPTR_LO];
+ ch->regs[DBDMA_CMDPTR_LO] = cp + sizeof(dbdma_cmd);
+ dbdma_cmdptr_load(ch);
+}
+
+static void branch(DBDMA_channel *ch)
+{
+ dbdma_cmd *current = &ch->current;
+
+ ch->regs[DBDMA_CMDPTR_LO] = current->cmd_dep;
+ ch->regs[DBDMA_STATUS] |= BT;
+ dbdma_cmdptr_load(ch);
+}
+
+static void conditional_branch(DBDMA_channel *ch)
+{
+ dbdma_cmd *current = &ch->current;
+ uint16_t br;
+ uint16_t sel_mask, sel_value;
+ uint32_t status;
+ int cond;
+
+ DBDMA_DPRINTF("conditional_branch\n");
+
+ /* check if we must branch */
+
+ br = le16_to_cpu(current->command) & BR_MASK;
+
+ switch(br) {
+ case BR_NEVER: /* don't branch */
+ next(ch);
+ return;
+ case BR_ALWAYS: /* always branch */
+ branch(ch);
+ return;
+ }
+
+ status = ch->regs[DBDMA_STATUS] & DEVSTAT;
+
+ sel_mask = (ch->regs[DBDMA_BRANCH_SEL] >> 16) & 0x0f;
+ sel_value = ch->regs[DBDMA_BRANCH_SEL] & 0x0f;
+
+ cond = (status & sel_mask) == (sel_value & sel_mask);
+
+ switch(br) {
+ case BR_IFSET: /* branch if condition bit is 1 */
+ if (cond)
+ branch(ch);
+ else
+ next(ch);
+ return;
+ case BR_IFCLR: /* branch if condition bit is 0 */
+ if (!cond)
+ branch(ch);
+ else
+ next(ch);
+ return;
+ }
+}
+
+static void channel_run(DBDMA_channel *ch);
+
+static void dbdma_end(DBDMA_io *io)
+{
+ DBDMA_channel *ch = io->channel;
+ dbdma_cmd *current = &ch->current;
+
+ DBDMA_DPRINTF("%s\n", __func__);
+
+ if (conditional_wait(ch))
+ goto wait;
+
+ current->xfer_status = cpu_to_le16(ch->regs[DBDMA_STATUS]);
+ current->res_count = cpu_to_le16(io->len);
+ dbdma_cmdptr_save(ch);
+ if (io->is_last)
+ ch->regs[DBDMA_STATUS] &= ~FLUSH;
+
+ conditional_interrupt(ch);
+ conditional_branch(ch);
+
+wait:
+ /* Indicate that we're ready for a new DMA round */
+ ch->io.processing = false;
+
+ if ((ch->regs[DBDMA_STATUS] & RUN) &&
+ (ch->regs[DBDMA_STATUS] & ACTIVE))
+ channel_run(ch);
+}
+
+static void start_output(DBDMA_channel *ch, int key, uint32_t addr,
+ uint16_t req_count, int is_last)
+{
+ DBDMA_DPRINTF("start_output\n");
+
+ /* KEY_REGS, KEY_DEVICE and KEY_STREAM
+ * are not implemented in the mac-io chip
+ */
+
+ DBDMA_DPRINTF("addr 0x%x key 0x%x\n", addr, key);
+ if (!addr || key > KEY_STREAM3) {
+ kill_channel(ch);
+ return;
+ }
+
+ ch->io.addr = addr;
+ ch->io.len = req_count;
+ ch->io.is_last = is_last;
+ ch->io.dma_end = dbdma_end;
+ ch->io.is_dma_out = 1;
+ ch->io.processing = true;
+ if (ch->rw) {
+ ch->rw(&ch->io);
+ }
+}
+
+static void start_input(DBDMA_channel *ch, int key, uint32_t addr,
+ uint16_t req_count, int is_last)
+{
+ DBDMA_DPRINTF("start_input\n");
+
+ /* KEY_REGS, KEY_DEVICE and KEY_STREAM
+ * are not implemented in the mac-io chip
+ */
+
+ DBDMA_DPRINTF("addr 0x%x key 0x%x\n", addr, key);
+ if (!addr || key > KEY_STREAM3) {
+ kill_channel(ch);
+ return;
+ }
+
+ ch->io.addr = addr;
+ ch->io.len = req_count;
+ ch->io.is_last = is_last;
+ ch->io.dma_end = dbdma_end;
+ ch->io.is_dma_out = 0;
+ ch->io.processing = true;
+ if (ch->rw) {
+ ch->rw(&ch->io);
+ }
+}
+
+static void load_word(DBDMA_channel *ch, int key, uint32_t addr,
+ uint16_t len)
+{
+ dbdma_cmd *current = &ch->current;
+ uint32_t val;
+
+ DBDMA_DPRINTF("load_word\n");
+
+ /* only implements KEY_SYSTEM */
+
+ if (key != KEY_SYSTEM) {
+ printf("DBDMA: LOAD_WORD, unimplemented key %x\n", key);
+ kill_channel(ch);
+ return;
+ }
+
+ cpu_physical_memory_read(addr, &val, len);
+
+ if (len == 2)
+ val = (val << 16) | (current->cmd_dep & 0x0000ffff);
+ else if (len == 1)
+ val = (val << 24) | (current->cmd_dep & 0x00ffffff);
+
+ current->cmd_dep = val;
+
+ if (conditional_wait(ch))
+ goto wait;
+
+ current->xfer_status = cpu_to_le16(ch->regs[DBDMA_STATUS]);
+ dbdma_cmdptr_save(ch);
+ ch->regs[DBDMA_STATUS] &= ~FLUSH;
+
+ conditional_interrupt(ch);
+ next(ch);
+
+wait:
+ DBDMA_kick(dbdma_from_ch(ch));
+}
+
+static void store_word(DBDMA_channel *ch, int key, uint32_t addr,
+ uint16_t len)
+{
+ dbdma_cmd *current = &ch->current;
+ uint32_t val;
+
+ DBDMA_DPRINTF("store_word\n");
+
+ /* only implements KEY_SYSTEM */
+
+ if (key != KEY_SYSTEM) {
+ printf("DBDMA: STORE_WORD, unimplemented key %x\n", key);
+ kill_channel(ch);
+ return;
+ }
+
+ val = current->cmd_dep;
+ if (len == 2)
+ val >>= 16;
+ else if (len == 1)
+ val >>= 24;
+
+ cpu_physical_memory_write(addr, &val, len);
+
+ if (conditional_wait(ch))
+ goto wait;
+
+ current->xfer_status = cpu_to_le16(ch->regs[DBDMA_STATUS]);
+ dbdma_cmdptr_save(ch);
+ ch->regs[DBDMA_STATUS] &= ~FLUSH;
+
+ conditional_interrupt(ch);
+ next(ch);
+
+wait:
+ DBDMA_kick(dbdma_from_ch(ch));
+}
+
+static void nop(DBDMA_channel *ch)
+{
+ dbdma_cmd *current = &ch->current;
+
+ if (conditional_wait(ch))
+ goto wait;
+
+ current->xfer_status = cpu_to_le16(ch->regs[DBDMA_STATUS]);
+ dbdma_cmdptr_save(ch);
+
+ conditional_interrupt(ch);
+ conditional_branch(ch);
+
+wait:
+ DBDMA_kick(dbdma_from_ch(ch));
+}
+
+static void stop(DBDMA_channel *ch)
+{
+ ch->regs[DBDMA_STATUS] &= ~(ACTIVE|DEAD|FLUSH);
+
+ /* the stop command does not increment command pointer */
+}
+
+static void channel_run(DBDMA_channel *ch)
+{
+ dbdma_cmd *current = &ch->current;
+ uint16_t cmd, key;
+ uint16_t req_count;
+ uint32_t phy_addr;
+
+ DBDMA_DPRINTF("channel_run\n");
+ dump_dbdma_cmd(current);
+
+ /* clear WAKE flag at command fetch */
+
+ ch->regs[DBDMA_STATUS] &= ~WAKE;
+
+ cmd = le16_to_cpu(current->command) & COMMAND_MASK;
+
+ switch (cmd) {
+ case DBDMA_NOP:
+ nop(ch);
+ return;
+
+ case DBDMA_STOP:
+ stop(ch);
+ return;
+ }
+
+ key = le16_to_cpu(current->command) & 0x0700;
+ req_count = le16_to_cpu(current->req_count);
+ phy_addr = le32_to_cpu(current->phy_addr);
+
+ if (key == KEY_STREAM4) {
+ printf("command %x, invalid key 4\n", cmd);
+ kill_channel(ch);
+ return;
+ }
+
+ switch (cmd) {
+ case OUTPUT_MORE:
+ start_output(ch, key, phy_addr, req_count, 0);
+ return;
+
+ case OUTPUT_LAST:
+ start_output(ch, key, phy_addr, req_count, 1);
+ return;
+
+ case INPUT_MORE:
+ start_input(ch, key, phy_addr, req_count, 0);
+ return;
+
+ case INPUT_LAST:
+ start_input(ch, key, phy_addr, req_count, 1);
+ return;
+ }
+
+ if (key < KEY_REGS) {
+ printf("command %x, invalid key %x\n", cmd, key);
+ key = KEY_SYSTEM;
+ }
+
+ /* for LOAD_WORD and STORE_WORD, req_count is on 3 bits
+ * and BRANCH is invalid
+ */
+
+ req_count = req_count & 0x0007;
+ if (req_count & 0x4) {
+ req_count = 4;
+ phy_addr &= ~3;
+ } else if (req_count & 0x2) {
+ req_count = 2;
+ phy_addr &= ~1;
+ } else
+ req_count = 1;
+
+ switch (cmd) {
+ case LOAD_WORD:
+ load_word(ch, key, phy_addr, req_count);
+ return;
+
+ case STORE_WORD:
+ store_word(ch, key, phy_addr, req_count);
+ return;
+ }
+}
+
+static void DBDMA_run(DBDMAState *s)
+{
+ int channel;
+
+ for (channel = 0; channel < DBDMA_CHANNELS; channel++) {
+ DBDMA_channel *ch = &s->channels[channel];
+ uint32_t status = ch->regs[DBDMA_STATUS];
+ if (!ch->io.processing && (status & RUN) && (status & ACTIVE)) {
+ channel_run(ch);
+ }
+ }
+}
+
+static void DBDMA_run_bh(void *opaque)
+{
+ DBDMAState *s = opaque;
+
+ DBDMA_DPRINTF("DBDMA_run_bh\n");
+
+ DBDMA_run(s);
+}
+
+void DBDMA_kick(DBDMAState *dbdma)
+{
+ qemu_bh_schedule(dbdma->bh);
+}
+
+void DBDMA_register_channel(void *dbdma, int nchan, qemu_irq irq,
+ DBDMA_rw rw, DBDMA_flush flush,
+ void *opaque)
+{
+ DBDMAState *s = dbdma;
+ DBDMA_channel *ch = &s->channels[nchan];
+
+ DBDMA_DPRINTF("DBDMA_register_channel 0x%x\n", nchan);
+
+ ch->irq = irq;
+ ch->channel = nchan;
+ ch->rw = rw;
+ ch->flush = flush;
+ ch->io.opaque = opaque;
+ ch->io.channel = ch;
+}
+
+static void
+dbdma_control_write(DBDMA_channel *ch)
+{
+ uint16_t mask, value;
+ uint32_t status;
+
+ mask = (ch->regs[DBDMA_CONTROL] >> 16) & 0xffff;
+ value = ch->regs[DBDMA_CONTROL] & 0xffff;
+
+ value &= (RUN | PAUSE | FLUSH | WAKE | DEVSTAT);
+
+ status = ch->regs[DBDMA_STATUS];
+
+ status = (value & mask) | (status & ~mask);
+
+ if (status & WAKE)
+ status |= ACTIVE;
+ if (status & RUN) {
+ status |= ACTIVE;
+ status &= ~DEAD;
+ }
+ if (status & PAUSE)
+ status &= ~ACTIVE;
+ if ((ch->regs[DBDMA_STATUS] & RUN) && !(status & RUN)) {
+ /* RUN is cleared */
+ status &= ~(ACTIVE|DEAD);
+ if ((status & FLUSH) && ch->flush) {
+ ch->flush(&ch->io);
+ status &= ~FLUSH;
+ }
+ }
+
+ DBDMA_DPRINTF(" status 0x%08x\n", status);
+
+ ch->regs[DBDMA_STATUS] = status;
+
+ if (status & ACTIVE) {
+ DBDMA_kick(dbdma_from_ch(ch));
+ }
+ if ((status & FLUSH) && ch->flush) {
+ ch->flush(&ch->io);
+ }
+}
+
+static void dbdma_write(void *opaque, hwaddr addr,
+ uint64_t value, unsigned size)
+{
+ int channel = addr >> DBDMA_CHANNEL_SHIFT;
+ DBDMAState *s = opaque;
+ DBDMA_channel *ch = &s->channels[channel];
+ int reg = (addr - (channel << DBDMA_CHANNEL_SHIFT)) >> 2;
+
+ DBDMA_DPRINTF("writel 0x" TARGET_FMT_plx " <= 0x%08"PRIx64"\n",
+ addr, value);
+ DBDMA_DPRINTF("channel 0x%x reg 0x%x\n",
+ (uint32_t)addr >> DBDMA_CHANNEL_SHIFT, reg);
+
+ /* cmdptr cannot be modified if channel is ACTIVE */
+
+ if (reg == DBDMA_CMDPTR_LO && (ch->regs[DBDMA_STATUS] & ACTIVE)) {
+ return;
+ }
+
+ ch->regs[reg] = value;
+
+ switch(reg) {
+ case DBDMA_CONTROL:
+ dbdma_control_write(ch);
+ break;
+ case DBDMA_CMDPTR_LO:
+ /* 16-byte aligned */
+ ch->regs[DBDMA_CMDPTR_LO] &= ~0xf;
+ dbdma_cmdptr_load(ch);
+ break;
+ case DBDMA_STATUS:
+ case DBDMA_INTR_SEL:
+ case DBDMA_BRANCH_SEL:
+ case DBDMA_WAIT_SEL:
+ /* nothing to do */
+ break;
+ case DBDMA_XFER_MODE:
+ case DBDMA_CMDPTR_HI:
+ case DBDMA_DATA2PTR_HI:
+ case DBDMA_DATA2PTR_LO:
+ case DBDMA_ADDRESS_HI:
+ case DBDMA_BRANCH_ADDR_HI:
+ case DBDMA_RES1:
+ case DBDMA_RES2:
+ case DBDMA_RES3:
+ case DBDMA_RES4:
+ /* unused */
+ break;
+ }
+}
+
+static uint64_t dbdma_read(void *opaque, hwaddr addr,
+ unsigned size)
+{
+ uint32_t value;
+ int channel = addr >> DBDMA_CHANNEL_SHIFT;
+ DBDMAState *s = opaque;
+ DBDMA_channel *ch = &s->channels[channel];
+ int reg = (addr - (channel << DBDMA_CHANNEL_SHIFT)) >> 2;
+
+ value = ch->regs[reg];
+
+ DBDMA_DPRINTF("readl 0x" TARGET_FMT_plx " => 0x%08x\n", addr, value);
+ DBDMA_DPRINTF("channel 0x%x reg 0x%x\n",
+ (uint32_t)addr >> DBDMA_CHANNEL_SHIFT, reg);
+
+ switch(reg) {
+ case DBDMA_CONTROL:
+ value = 0;
+ break;
+ case DBDMA_STATUS:
+ case DBDMA_CMDPTR_LO:
+ case DBDMA_INTR_SEL:
+ case DBDMA_BRANCH_SEL:
+ case DBDMA_WAIT_SEL:
+ /* nothing to do */
+ break;
+ case DBDMA_XFER_MODE:
+ case DBDMA_CMDPTR_HI:
+ case DBDMA_DATA2PTR_HI:
+ case DBDMA_DATA2PTR_LO:
+ case DBDMA_ADDRESS_HI:
+ case DBDMA_BRANCH_ADDR_HI:
+ /* unused */
+ value = 0;
+ break;
+ case DBDMA_RES1:
+ case DBDMA_RES2:
+ case DBDMA_RES3:
+ case DBDMA_RES4:
+ /* reserved */
+ break;
+ }
+
+ return value;
+}
+
+static const MemoryRegionOps dbdma_ops = {
+ .read = dbdma_read,
+ .write = dbdma_write,
+ .endianness = DEVICE_LITTLE_ENDIAN,
+ .valid = {
+ .min_access_size = 4,
+ .max_access_size = 4,
+ },
+};
+
+static const VMStateDescription vmstate_dbdma_channel = {
+ .name = "dbdma_channel",
+ .version_id = 0,
+ .minimum_version_id = 0,
+ .minimum_version_id_old = 0,
+ .fields = (VMStateField[]) {
+ VMSTATE_UINT32_ARRAY(regs, struct DBDMA_channel, DBDMA_REGS),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+static const VMStateDescription vmstate_dbdma = {
+ .name = "dbdma",
+ .version_id = 2,
+ .minimum_version_id = 2,
+ .minimum_version_id_old = 2,
+ .fields = (VMStateField[]) {
+ VMSTATE_STRUCT_ARRAY(channels, DBDMAState, DBDMA_CHANNELS, 1,
+ vmstate_dbdma_channel, DBDMA_channel),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+static void dbdma_reset(void *opaque)
+{
+ DBDMAState *s = opaque;
+ int i;
+
+ for (i = 0; i < DBDMA_CHANNELS; i++)
+ memset(s->channels[i].regs, 0, DBDMA_SIZE);
+}
+
+void* DBDMA_init (MemoryRegion **dbdma_mem)
+{
+ DBDMAState *s;
+
+ s = g_malloc0(sizeof(DBDMAState));
+
+ memory_region_init_io(&s->mem, NULL, &dbdma_ops, s, "dbdma", 0x1000);
+ *dbdma_mem = &s->mem;
+ vmstate_register(NULL, -1, &vmstate_dbdma, s);
+ qemu_register_reset(dbdma_reset, s);
+
+ s->bh = qemu_bh_new(DBDMA_run_bh, s);
+
+ return s;
+}
diff --git a/hw/misc/macio/macio.c b/hw/misc/macio/macio.c
new file mode 100644
index 000000000..c0d0bf728
--- /dev/null
+++ b/hw/misc/macio/macio.c
@@ -0,0 +1,402 @@
+/*
+ * PowerMac MacIO device emulation
+ *
+ * Copyright (c) 2005-2007 Fabrice Bellard
+ * Copyright (c) 2007 Jocelyn Mayer
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+#include "hw/hw.h"
+#include "hw/ppc/mac.h"
+#include "hw/pci/pci.h"
+#include "hw/ppc/mac_dbdma.h"
+#include "hw/char/escc.h"
+
+#define TYPE_MACIO "macio"
+#define MACIO(obj) OBJECT_CHECK(MacIOState, (obj), TYPE_MACIO)
+
+typedef struct MacIOState
+{
+ /*< private >*/
+ PCIDevice parent;
+ /*< public >*/
+
+ MemoryRegion bar;
+ CUDAState cuda;
+ void *dbdma;
+ MemoryRegion *pic_mem;
+ MemoryRegion *escc_mem;
+} MacIOState;
+
+#define OLDWORLD_MACIO(obj) \
+ OBJECT_CHECK(OldWorldMacIOState, (obj), TYPE_OLDWORLD_MACIO)
+
+typedef struct OldWorldMacIOState {
+ /*< private >*/
+ MacIOState parent_obj;
+ /*< public >*/
+
+ qemu_irq irqs[5];
+
+ MacIONVRAMState nvram;
+ MACIOIDEState ide[2];
+} OldWorldMacIOState;
+
+#define NEWWORLD_MACIO(obj) \
+ OBJECT_CHECK(NewWorldMacIOState, (obj), TYPE_NEWWORLD_MACIO)
+
+typedef struct NewWorldMacIOState {
+ /*< private >*/
+ MacIOState parent_obj;
+ /*< public >*/
+ qemu_irq irqs[5];
+ MACIOIDEState ide[2];
+} NewWorldMacIOState;
+
+/*
+ * The mac-io has two interfaces to the ESCC. One is called "escc-legacy",
+ * while the other one is the normal, current ESCC interface.
+ *
+ * The magic below creates memory aliases to spawn the escc-legacy device
+ * purely by rerouting the respective registers to our escc region. This
+ * works because the only difference between the two memory regions is the
+ * register layout, not their semantics.
+ *
+ * Reference: ftp://ftp.software.ibm.com/rs6000/technology/spec/chrp/inwork/CHRP_IORef_1.0.pdf
+ */
+static void macio_escc_legacy_setup(MacIOState *macio_state)
+{
+ MemoryRegion *escc_legacy = g_new(MemoryRegion, 1);
+ MemoryRegion *bar = &macio_state->bar;
+ int i;
+ static const int maps[] = {
+ 0x00, 0x00,
+ 0x02, 0x20,
+ 0x04, 0x10,
+ 0x06, 0x30,
+ 0x08, 0x40,
+ 0x0A, 0x50,
+ 0x60, 0x60,
+ 0x70, 0x70,
+ 0x80, 0x70,
+ 0x90, 0x80,
+ 0xA0, 0x90,
+ 0xB0, 0xA0,
+ 0xC0, 0xB0,
+ 0xD0, 0xC0,
+ 0xE0, 0xD0,
+ 0xF0, 0xE0,
+ };
+
+ memory_region_init(escc_legacy, NULL, "escc-legacy", 256);
+ for (i = 0; i < ARRAY_SIZE(maps); i += 2) {
+ MemoryRegion *port = g_new(MemoryRegion, 1);
+ memory_region_init_alias(port, NULL, "escc-legacy-port",
+ macio_state->escc_mem, maps[i+1], 0x2);
+ memory_region_add_subregion(escc_legacy, maps[i], port);
+ }
+
+ memory_region_add_subregion(bar, 0x12000, escc_legacy);
+}
+
+static void macio_bar_setup(MacIOState *macio_state)
+{
+ MemoryRegion *bar = &macio_state->bar;
+
+ if (macio_state->escc_mem) {
+ memory_region_add_subregion(bar, 0x13000, macio_state->escc_mem);
+ macio_escc_legacy_setup(macio_state);
+ }
+}
+
+static int macio_common_initfn(PCIDevice *d)
+{
+ MacIOState *s = MACIO(d);
+ SysBusDevice *sysbus_dev;
+ int ret;
+
+ d->config[0x3d] = 0x01; // interrupt on pin 1
+
+ ret = qdev_init(DEVICE(&s->cuda));
+ if (ret < 0) {
+ return ret;
+ }
+ sysbus_dev = SYS_BUS_DEVICE(&s->cuda);
+ memory_region_add_subregion(&s->bar, 0x16000,
+ sysbus_mmio_get_region(sysbus_dev, 0));
+
+ macio_bar_setup(s);
+ pci_register_bar(d, 0, PCI_BASE_ADDRESS_SPACE_MEMORY, &s->bar);
+
+ return 0;
+}
+
+static int macio_initfn_ide(MacIOState *s, MACIOIDEState *ide, qemu_irq irq0,
+ qemu_irq irq1, int dmaid)
+{
+ SysBusDevice *sysbus_dev;
+
+ sysbus_dev = SYS_BUS_DEVICE(ide);
+ sysbus_connect_irq(sysbus_dev, 0, irq0);
+ sysbus_connect_irq(sysbus_dev, 1, irq1);
+ macio_ide_register_dma(ide, s->dbdma, dmaid);
+ return qdev_init(DEVICE(ide));
+}
+
+static int macio_oldworld_initfn(PCIDevice *d)
+{
+ MacIOState *s = MACIO(d);
+ OldWorldMacIOState *os = OLDWORLD_MACIO(d);
+ SysBusDevice *sysbus_dev;
+ int i;
+ int cur_irq = 0;
+ int ret = macio_common_initfn(d);
+ if (ret < 0) {
+ return ret;
+ }
+
+ sysbus_dev = SYS_BUS_DEVICE(&s->cuda);
+ sysbus_connect_irq(sysbus_dev, 0, os->irqs[cur_irq++]);
+
+ ret = qdev_init(DEVICE(&os->nvram));
+ if (ret < 0) {
+ return ret;
+ }
+ sysbus_dev = SYS_BUS_DEVICE(&os->nvram);
+ memory_region_add_subregion(&s->bar, 0x60000,
+ sysbus_mmio_get_region(sysbus_dev, 0));
+ pmac_format_nvram_partition(&os->nvram, os->nvram.size);
+
+ if (s->pic_mem) {
+ /* Heathrow PIC */
+ memory_region_add_subregion(&s->bar, 0x00000, s->pic_mem);
+ }
+
+ /* IDE buses */
+ for (i = 0; i < ARRAY_SIZE(os->ide); i++) {
+ qemu_irq irq0 = os->irqs[cur_irq++];
+ qemu_irq irq1 = os->irqs[cur_irq++];
+
+ ret = macio_initfn_ide(s, &os->ide[i], irq0, irq1, 0x16 + (i * 4));
+ if (ret < 0) {
+ return ret;
+ }
+ }
+
+ return 0;
+}
+
+static void macio_init_ide(MacIOState *s, MACIOIDEState *ide, int index)
+{
+ gchar *name;
+
+ object_initialize(ide, TYPE_MACIO_IDE);
+ qdev_set_parent_bus(DEVICE(ide), sysbus_get_default());
+ memory_region_add_subregion(&s->bar, 0x1f000 + ((index + 1) * 0x1000),
+ &ide->mem);
+ name = g_strdup_printf("ide[%i]", index);
+ object_property_add_child(OBJECT(s), name, OBJECT(ide), NULL);
+ g_free(name);
+}
+
+static void macio_oldworld_init(Object *obj)
+{
+ MacIOState *s = MACIO(obj);
+ OldWorldMacIOState *os = OLDWORLD_MACIO(obj);
+ DeviceState *dev;
+ int i;
+
+ qdev_init_gpio_out(DEVICE(obj), os->irqs, ARRAY_SIZE(os->irqs));
+
+ object_initialize(&os->nvram, TYPE_MACIO_NVRAM);
+ dev = DEVICE(&os->nvram);
+ qdev_prop_set_uint32(dev, "size", 0x2000);
+ qdev_prop_set_uint32(dev, "it_shift", 4);
+
+ for (i = 0; i < 2; i++) {
+ macio_init_ide(s, &os->ide[i], i);
+ }
+}
+
+static void timer_write(void *opaque, hwaddr addr, uint64_t value,
+ unsigned size)
+{
+}
+
+static uint64_t timer_read(void *opaque, hwaddr addr, unsigned size)
+{
+ uint32_t value = 0;
+
+ switch (addr) {
+ case 0x38:
+ value = qemu_get_clock_ns(vm_clock);
+ break;
+ case 0x3c:
+ value = qemu_get_clock_ns(vm_clock) >> 32;
+ break;
+ }
+
+ return value;
+}
+
+static const MemoryRegionOps timer_ops = {
+ .read = timer_read,
+ .write = timer_write,
+ .endianness = DEVICE_NATIVE_ENDIAN,
+};
+
+static int macio_newworld_initfn(PCIDevice *d)
+{
+ MacIOState *s = MACIO(d);
+ NewWorldMacIOState *ns = NEWWORLD_MACIO(d);
+ SysBusDevice *sysbus_dev;
+ MemoryRegion *timer_memory = g_new(MemoryRegion, 1);
+ int i;
+ int cur_irq = 0;
+ int ret = macio_common_initfn(d);
+ if (ret < 0) {
+ return ret;
+ }
+
+ sysbus_dev = SYS_BUS_DEVICE(&s->cuda);
+ sysbus_connect_irq(sysbus_dev, 0, ns->irqs[cur_irq++]);
+
+ if (s->pic_mem) {
+ /* OpenPIC */
+ memory_region_add_subregion(&s->bar, 0x40000, s->pic_mem);
+ }
+
+ /* IDE buses */
+ for (i = 0; i < ARRAY_SIZE(ns->ide); i++) {
+ qemu_irq irq0 = ns->irqs[cur_irq++];
+ qemu_irq irq1 = ns->irqs[cur_irq++];
+
+ ret = macio_initfn_ide(s, &ns->ide[i], irq0, irq1, 0x16 + (i * 4));
+ if (ret < 0) {
+ return ret;
+ }
+ }
+
+ /* Timer */
+ memory_region_init_io(timer_memory, OBJECT(s), &timer_ops, NULL, "timer",
+ 0x1000);
+ memory_region_add_subregion(&s->bar, 0x15000, timer_memory);
+
+ return 0;
+}
+
+static void macio_newworld_init(Object *obj)
+{
+ MacIOState *s = MACIO(obj);
+ NewWorldMacIOState *ns = NEWWORLD_MACIO(obj);
+ int i;
+
+ qdev_init_gpio_out(DEVICE(obj), ns->irqs, ARRAY_SIZE(ns->irqs));
+
+ for (i = 0; i < 2; i++) {
+ macio_init_ide(s, &ns->ide[i], i);
+ }
+}
+
+static void macio_instance_init(Object *obj)
+{
+ MacIOState *s = MACIO(obj);
+ MemoryRegion *dbdma_mem;
+
+ memory_region_init(&s->bar, NULL, "macio", 0x80000);
+
+ object_initialize(&s->cuda, TYPE_CUDA);
+ qdev_set_parent_bus(DEVICE(&s->cuda), sysbus_get_default());
+ object_property_add_child(obj, "cuda", OBJECT(&s->cuda), NULL);
+
+ s->dbdma = DBDMA_init(&dbdma_mem);
+ memory_region_add_subregion(&s->bar, 0x08000, dbdma_mem);
+}
+
+static void macio_oldworld_class_init(ObjectClass *oc, void *data)
+{
+ PCIDeviceClass *pdc = PCI_DEVICE_CLASS(oc);
+
+ pdc->init = macio_oldworld_initfn;
+ pdc->device_id = PCI_DEVICE_ID_APPLE_343S1201;
+}
+
+static void macio_newworld_class_init(ObjectClass *oc, void *data)
+{
+ PCIDeviceClass *pdc = PCI_DEVICE_CLASS(oc);
+
+ pdc->init = macio_newworld_initfn;
+ pdc->device_id = PCI_DEVICE_ID_APPLE_UNI_N_KEYL;
+}
+
+static void macio_class_init(ObjectClass *klass, void *data)
+{
+ PCIDeviceClass *k = PCI_DEVICE_CLASS(klass);
+
+ k->vendor_id = PCI_VENDOR_ID_APPLE;
+ k->class_id = PCI_CLASS_OTHERS << 8;
+}
+
+static const TypeInfo macio_oldworld_type_info = {
+ .name = TYPE_OLDWORLD_MACIO,
+ .parent = TYPE_MACIO,
+ .instance_size = sizeof(OldWorldMacIOState),
+ .instance_init = macio_oldworld_init,
+ .class_init = macio_oldworld_class_init,
+};
+
+static const TypeInfo macio_newworld_type_info = {
+ .name = TYPE_NEWWORLD_MACIO,
+ .parent = TYPE_MACIO,
+ .instance_size = sizeof(NewWorldMacIOState),
+ .instance_init = macio_newworld_init,
+ .class_init = macio_newworld_class_init,
+};
+
+static const TypeInfo macio_type_info = {
+ .name = TYPE_MACIO,
+ .parent = TYPE_PCI_DEVICE,
+ .instance_size = sizeof(MacIOState),
+ .instance_init = macio_instance_init,
+ .abstract = true,
+ .class_init = macio_class_init,
+};
+
+static void macio_register_types(void)
+{
+ type_register_static(&macio_type_info);
+ type_register_static(&macio_oldworld_type_info);
+ type_register_static(&macio_newworld_type_info);
+}
+
+type_init(macio_register_types)
+
+void macio_init(PCIDevice *d,
+ MemoryRegion *pic_mem,
+ MemoryRegion *escc_mem)
+{
+ MacIOState *macio_state = MACIO(d);
+
+ macio_state->pic_mem = pic_mem;
+ macio_state->escc_mem = escc_mem;
+ /* Note: this code is strongly inspirated from the corresponding code
+ in PearPC */
+
+ qdev_init_nofail(DEVICE(d));
+}
diff --git a/hw/misc/max111x.c b/hw/misc/max111x.c
new file mode 100644
index 000000000..d477ecdb2
--- /dev/null
+++ b/hw/misc/max111x.c
@@ -0,0 +1,193 @@
+/*
+ * Maxim MAX1110/1111 ADC chip emulation.
+ *
+ * Copyright (c) 2006 Openedhand Ltd.
+ * Written by Andrzej Zaborowski <balrog@zabor.org>
+ *
+ * This code is licensed under the GNU GPLv2.
+ *
+ * Contributions after 2012-01-13 are licensed under the terms of the
+ * GNU GPL, version 2 or (at your option) any later version.
+ */
+
+#include "hw/ssi.h"
+
+typedef struct {
+ SSISlave ssidev;
+ qemu_irq interrupt;
+ uint8_t tb1, rb2, rb3;
+ int cycle;
+
+ uint8_t input[8];
+ int inputs, com;
+} MAX111xState;
+
+/* Control-byte bitfields */
+#define CB_PD0 (1 << 0)
+#define CB_PD1 (1 << 1)
+#define CB_SGL (1 << 2)
+#define CB_UNI (1 << 3)
+#define CB_SEL0 (1 << 4)
+#define CB_SEL1 (1 << 5)
+#define CB_SEL2 (1 << 6)
+#define CB_START (1 << 7)
+
+#define CHANNEL_NUM(v, b0, b1, b2) \
+ ((((v) >> (2 + (b0))) & 4) | \
+ (((v) >> (3 + (b1))) & 2) | \
+ (((v) >> (4 + (b2))) & 1))
+
+static uint32_t max111x_read(MAX111xState *s)
+{
+ if (!s->tb1)
+ return 0;
+
+ switch (s->cycle ++) {
+ case 1:
+ return s->rb2;
+ case 2:
+ return s->rb3;
+ }
+
+ return 0;
+}
+
+/* Interpret a control-byte */
+static void max111x_write(MAX111xState *s, uint32_t value)
+{
+ int measure, chan;
+
+ /* Ignore the value if START bit is zero */
+ if (!(value & CB_START))
+ return;
+
+ s->cycle = 0;
+
+ if (!(value & CB_PD1)) {
+ s->tb1 = 0;
+ return;
+ }
+
+ s->tb1 = value;
+
+ if (s->inputs == 8)
+ chan = CHANNEL_NUM(value, 1, 0, 2);
+ else
+ chan = CHANNEL_NUM(value & ~CB_SEL0, 0, 1, 2);
+
+ if (value & CB_SGL)
+ measure = s->input[chan] - s->com;
+ else
+ measure = s->input[chan] - s->input[chan ^ 1];
+
+ if (!(value & CB_UNI))
+ measure ^= 0x80;
+
+ s->rb2 = (measure >> 2) & 0x3f;
+ s->rb3 = (measure << 6) & 0xc0;
+
+ /* FIXME: When should the IRQ be lowered? */
+ qemu_irq_raise(s->interrupt);
+}
+
+static uint32_t max111x_transfer(SSISlave *dev, uint32_t value)
+{
+ MAX111xState *s = FROM_SSI_SLAVE(MAX111xState, dev);
+ max111x_write(s, value);
+ return max111x_read(s);
+}
+
+static const VMStateDescription vmstate_max111x = {
+ .name = "max111x",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .minimum_version_id_old = 1,
+ .fields = (VMStateField[]) {
+ VMSTATE_SSI_SLAVE(ssidev, MAX111xState),
+ VMSTATE_UINT8(tb1, MAX111xState),
+ VMSTATE_UINT8(rb2, MAX111xState),
+ VMSTATE_UINT8(rb3, MAX111xState),
+ VMSTATE_INT32_EQUAL(inputs, MAX111xState),
+ VMSTATE_INT32(com, MAX111xState),
+ VMSTATE_ARRAY_INT32_UNSAFE(input, MAX111xState, inputs,
+ vmstate_info_uint8, uint8_t),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+static int max111x_init(SSISlave *dev, int inputs)
+{
+ MAX111xState *s = FROM_SSI_SLAVE(MAX111xState, dev);
+
+ qdev_init_gpio_out(&dev->qdev, &s->interrupt, 1);
+
+ s->inputs = inputs;
+ /* TODO: add a user interface for setting these */
+ s->input[0] = 0xf0;
+ s->input[1] = 0xe0;
+ s->input[2] = 0xd0;
+ s->input[3] = 0xc0;
+ s->input[4] = 0xb0;
+ s->input[5] = 0xa0;
+ s->input[6] = 0x90;
+ s->input[7] = 0x80;
+ s->com = 0;
+
+ vmstate_register(&dev->qdev, -1, &vmstate_max111x, s);
+ return 0;
+}
+
+static int max1110_init(SSISlave *dev)
+{
+ return max111x_init(dev, 8);
+}
+
+static int max1111_init(SSISlave *dev)
+{
+ return max111x_init(dev, 4);
+}
+
+void max111x_set_input(DeviceState *dev, int line, uint8_t value)
+{
+ MAX111xState *s = FROM_SSI_SLAVE(MAX111xState, SSI_SLAVE_FROM_QDEV(dev));
+ assert(line >= 0 && line < s->inputs);
+ s->input[line] = value;
+}
+
+static void max1110_class_init(ObjectClass *klass, void *data)
+{
+ SSISlaveClass *k = SSI_SLAVE_CLASS(klass);
+
+ k->init = max1110_init;
+ k->transfer = max111x_transfer;
+}
+
+static const TypeInfo max1110_info = {
+ .name = "max1110",
+ .parent = TYPE_SSI_SLAVE,
+ .instance_size = sizeof(MAX111xState),
+ .class_init = max1110_class_init,
+};
+
+static void max1111_class_init(ObjectClass *klass, void *data)
+{
+ SSISlaveClass *k = SSI_SLAVE_CLASS(klass);
+
+ k->init = max1111_init;
+ k->transfer = max111x_transfer;
+}
+
+static const TypeInfo max1111_info = {
+ .name = "max1111",
+ .parent = TYPE_SSI_SLAVE,
+ .instance_size = sizeof(MAX111xState),
+ .class_init = max1111_class_init,
+};
+
+static void max111x_register_types(void)
+{
+ type_register_static(&max1110_info);
+ type_register_static(&max1111_info);
+}
+
+type_init(max111x_register_types)
diff --git a/hw/misc/milkymist-hpdmc.c b/hw/misc/milkymist-hpdmc.c
new file mode 100644
index 000000000..aef135e57
--- /dev/null
+++ b/hw/misc/milkymist-hpdmc.c
@@ -0,0 +1,175 @@
+/*
+ * QEMU model of the Milkymist High Performance Dynamic Memory Controller.
+ *
+ * Copyright (c) 2010 Michael Walle <michael@walle.cc>
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, see <http://www.gnu.org/licenses/>.
+ *
+ *
+ * Specification available at:
+ * http://www.milkymist.org/socdoc/hpdmc.pdf
+ */
+
+#include "hw/hw.h"
+#include "hw/sysbus.h"
+#include "trace.h"
+#include "qemu/error-report.h"
+
+enum {
+ R_SYSTEM = 0,
+ R_BYPASS,
+ R_TIMING,
+ R_IODELAY,
+ R_MAX
+};
+
+enum {
+ IODELAY_DQSDELAY_RDY = (1<<5),
+ IODELAY_PLL1_LOCKED = (1<<6),
+ IODELAY_PLL2_LOCKED = (1<<7),
+};
+
+#define TYPE_MILKYMIST_HPDMC "milkymist-hpdmc"
+#define MILKYMIST_HPDMC(obj) \
+ OBJECT_CHECK(MilkymistHpdmcState, (obj), TYPE_MILKYMIST_HPDMC)
+
+struct MilkymistHpdmcState {
+ SysBusDevice parent_obj;
+
+ MemoryRegion regs_region;
+
+ uint32_t regs[R_MAX];
+};
+typedef struct MilkymistHpdmcState MilkymistHpdmcState;
+
+static uint64_t hpdmc_read(void *opaque, hwaddr addr,
+ unsigned size)
+{
+ MilkymistHpdmcState *s = opaque;
+ uint32_t r = 0;
+
+ addr >>= 2;
+ switch (addr) {
+ case R_SYSTEM:
+ case R_BYPASS:
+ case R_TIMING:
+ case R_IODELAY:
+ r = s->regs[addr];
+ break;
+
+ default:
+ error_report("milkymist_hpdmc: read access to unknown register 0x"
+ TARGET_FMT_plx, addr << 2);
+ break;
+ }
+
+ trace_milkymist_hpdmc_memory_read(addr << 2, r);
+
+ return r;
+}
+
+static void hpdmc_write(void *opaque, hwaddr addr, uint64_t value,
+ unsigned size)
+{
+ MilkymistHpdmcState *s = opaque;
+
+ trace_milkymist_hpdmc_memory_write(addr, value);
+
+ addr >>= 2;
+ switch (addr) {
+ case R_SYSTEM:
+ case R_BYPASS:
+ case R_TIMING:
+ s->regs[addr] = value;
+ break;
+ case R_IODELAY:
+ /* ignore writes */
+ break;
+
+ default:
+ error_report("milkymist_hpdmc: write access to unknown register 0x"
+ TARGET_FMT_plx, addr << 2);
+ break;
+ }
+}
+
+static const MemoryRegionOps hpdmc_mmio_ops = {
+ .read = hpdmc_read,
+ .write = hpdmc_write,
+ .valid = {
+ .min_access_size = 4,
+ .max_access_size = 4,
+ },
+ .endianness = DEVICE_NATIVE_ENDIAN,
+};
+
+static void milkymist_hpdmc_reset(DeviceState *d)
+{
+ MilkymistHpdmcState *s = MILKYMIST_HPDMC(d);
+ int i;
+
+ for (i = 0; i < R_MAX; i++) {
+ s->regs[i] = 0;
+ }
+
+ /* defaults */
+ s->regs[R_IODELAY] = IODELAY_DQSDELAY_RDY | IODELAY_PLL1_LOCKED
+ | IODELAY_PLL2_LOCKED;
+}
+
+static int milkymist_hpdmc_init(SysBusDevice *dev)
+{
+ MilkymistHpdmcState *s = MILKYMIST_HPDMC(dev);
+
+ memory_region_init_io(&s->regs_region, OBJECT(dev), &hpdmc_mmio_ops, s,
+ "milkymist-hpdmc", R_MAX * 4);
+ sysbus_init_mmio(dev, &s->regs_region);
+
+ return 0;
+}
+
+static const VMStateDescription vmstate_milkymist_hpdmc = {
+ .name = "milkymist-hpdmc",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .minimum_version_id_old = 1,
+ .fields = (VMStateField[]) {
+ VMSTATE_UINT32_ARRAY(regs, MilkymistHpdmcState, R_MAX),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+static void milkymist_hpdmc_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
+
+ k->init = milkymist_hpdmc_init;
+ dc->reset = milkymist_hpdmc_reset;
+ dc->vmsd = &vmstate_milkymist_hpdmc;
+}
+
+static const TypeInfo milkymist_hpdmc_info = {
+ .name = TYPE_MILKYMIST_HPDMC,
+ .parent = TYPE_SYS_BUS_DEVICE,
+ .instance_size = sizeof(MilkymistHpdmcState),
+ .class_init = milkymist_hpdmc_class_init,
+};
+
+static void milkymist_hpdmc_register_types(void)
+{
+ type_register_static(&milkymist_hpdmc_info);
+}
+
+type_init(milkymist_hpdmc_register_types)
diff --git a/hw/misc/milkymist-pfpu.c b/hw/misc/milkymist-pfpu.c
new file mode 100644
index 000000000..b3b2143d5
--- /dev/null
+++ b/hw/misc/milkymist-pfpu.c
@@ -0,0 +1,549 @@
+/*
+ * QEMU model of the Milkymist programmable FPU.
+ *
+ * Copyright (c) 2010 Michael Walle <michael@walle.cc>
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, see <http://www.gnu.org/licenses/>.
+ *
+ *
+ * Specification available at:
+ * http://www.milkymist.org/socdoc/pfpu.pdf
+ *
+ */
+
+#include "hw/hw.h"
+#include "hw/sysbus.h"
+#include "trace.h"
+#include "qemu/log.h"
+#include "qemu/error-report.h"
+#include <math.h>
+
+/* #define TRACE_EXEC */
+
+#ifdef TRACE_EXEC
+# define D_EXEC(x) x
+#else
+# define D_EXEC(x)
+#endif
+
+enum {
+ R_CTL = 0,
+ R_MESHBASE,
+ R_HMESHLAST,
+ R_VMESHLAST,
+ R_CODEPAGE,
+ R_VERTICES,
+ R_COLLISIONS,
+ R_STRAYWRITES,
+ R_LASTDMA,
+ R_PC,
+ R_DREGBASE,
+ R_CODEBASE,
+ R_MAX
+};
+
+enum {
+ CTL_START_BUSY = (1<<0),
+};
+
+enum {
+ OP_NOP = 0,
+ OP_FADD,
+ OP_FSUB,
+ OP_FMUL,
+ OP_FABS,
+ OP_F2I,
+ OP_I2F,
+ OP_VECTOUT,
+ OP_SIN,
+ OP_COS,
+ OP_ABOVE,
+ OP_EQUAL,
+ OP_COPY,
+ OP_IF,
+ OP_TSIGN,
+ OP_QUAKE,
+};
+
+enum {
+ GPR_X = 0,
+ GPR_Y = 1,
+ GPR_FLAGS = 2,
+};
+
+enum {
+ LATENCY_FADD = 5,
+ LATENCY_FSUB = 5,
+ LATENCY_FMUL = 7,
+ LATENCY_FABS = 2,
+ LATENCY_F2I = 2,
+ LATENCY_I2F = 3,
+ LATENCY_VECTOUT = 0,
+ LATENCY_SIN = 4,
+ LATENCY_COS = 4,
+ LATENCY_ABOVE = 2,
+ LATENCY_EQUAL = 2,
+ LATENCY_COPY = 2,
+ LATENCY_IF = 2,
+ LATENCY_TSIGN = 2,
+ LATENCY_QUAKE = 2,
+ MAX_LATENCY = 7
+};
+
+#define GPR_BEGIN 0x100
+#define GPR_END 0x17f
+#define MICROCODE_BEGIN 0x200
+#define MICROCODE_END 0x3ff
+#define MICROCODE_WORDS 2048
+
+#define REINTERPRET_CAST(type, val) (*((type *)&(val)))
+
+#ifdef TRACE_EXEC
+static const char *opcode_to_str[] = {
+ "NOP", "FADD", "FSUB", "FMUL", "FABS", "F2I", "I2F", "VECTOUT",
+ "SIN", "COS", "ABOVE", "EQUAL", "COPY", "IF", "TSIGN", "QUAKE",
+};
+#endif
+
+#define TYPE_MILKYMIST_PFPU "milkymist-pfpu"
+#define MILKYMIST_PFPU(obj) \
+ OBJECT_CHECK(MilkymistPFPUState, (obj), TYPE_MILKYMIST_PFPU)
+
+struct MilkymistPFPUState {
+ SysBusDevice parent_obj;
+
+ MemoryRegion regs_region;
+ CharDriverState *chr;
+ qemu_irq irq;
+
+ uint32_t regs[R_MAX];
+ uint32_t gp_regs[128];
+ uint32_t microcode[MICROCODE_WORDS];
+
+ int output_queue_pos;
+ uint32_t output_queue[MAX_LATENCY];
+};
+typedef struct MilkymistPFPUState MilkymistPFPUState;
+
+static inline hwaddr
+get_dma_address(uint32_t base, uint32_t x, uint32_t y)
+{
+ return base + 8 * (128 * y + x);
+}
+
+static inline void
+output_queue_insert(MilkymistPFPUState *s, uint32_t val, int pos)
+{
+ s->output_queue[(s->output_queue_pos + pos) % MAX_LATENCY] = val;
+}
+
+static inline uint32_t
+output_queue_remove(MilkymistPFPUState *s)
+{
+ return s->output_queue[s->output_queue_pos];
+}
+
+static inline void
+output_queue_advance(MilkymistPFPUState *s)
+{
+ s->output_queue[s->output_queue_pos] = 0;
+ s->output_queue_pos = (s->output_queue_pos + 1) % MAX_LATENCY;
+}
+
+static int pfpu_decode_insn(MilkymistPFPUState *s)
+{
+ uint32_t pc = s->regs[R_PC];
+ uint32_t insn = s->microcode[pc];
+ uint32_t reg_a = (insn >> 18) & 0x7f;
+ uint32_t reg_b = (insn >> 11) & 0x7f;
+ uint32_t op = (insn >> 7) & 0xf;
+ uint32_t reg_d = insn & 0x7f;
+ uint32_t r = 0;
+ int latency = 0;
+
+ switch (op) {
+ case OP_NOP:
+ break;
+ case OP_FADD:
+ {
+ float a = REINTERPRET_CAST(float, s->gp_regs[reg_a]);
+ float b = REINTERPRET_CAST(float, s->gp_regs[reg_b]);
+ float t = a + b;
+ r = REINTERPRET_CAST(uint32_t, t);
+ latency = LATENCY_FADD;
+ D_EXEC(qemu_log("ADD a=%f b=%f t=%f, r=%08x\n", a, b, t, r));
+ } break;
+ case OP_FSUB:
+ {
+ float a = REINTERPRET_CAST(float, s->gp_regs[reg_a]);
+ float b = REINTERPRET_CAST(float, s->gp_regs[reg_b]);
+ float t = a - b;
+ r = REINTERPRET_CAST(uint32_t, t);
+ latency = LATENCY_FSUB;
+ D_EXEC(qemu_log("SUB a=%f b=%f t=%f, r=%08x\n", a, b, t, r));
+ } break;
+ case OP_FMUL:
+ {
+ float a = REINTERPRET_CAST(float, s->gp_regs[reg_a]);
+ float b = REINTERPRET_CAST(float, s->gp_regs[reg_b]);
+ float t = a * b;
+ r = REINTERPRET_CAST(uint32_t, t);
+ latency = LATENCY_FMUL;
+ D_EXEC(qemu_log("MUL a=%f b=%f t=%f, r=%08x\n", a, b, t, r));
+ } break;
+ case OP_FABS:
+ {
+ float a = REINTERPRET_CAST(float, s->gp_regs[reg_a]);
+ float t = fabsf(a);
+ r = REINTERPRET_CAST(uint32_t, t);
+ latency = LATENCY_FABS;
+ D_EXEC(qemu_log("ABS a=%f t=%f, r=%08x\n", a, t, r));
+ } break;
+ case OP_F2I:
+ {
+ float a = REINTERPRET_CAST(float, s->gp_regs[reg_a]);
+ int32_t t = a;
+ r = REINTERPRET_CAST(uint32_t, t);
+ latency = LATENCY_F2I;
+ D_EXEC(qemu_log("F2I a=%f t=%d, r=%08x\n", a, t, r));
+ } break;
+ case OP_I2F:
+ {
+ int32_t a = REINTERPRET_CAST(int32_t, s->gp_regs[reg_a]);
+ float t = a;
+ r = REINTERPRET_CAST(uint32_t, t);
+ latency = LATENCY_I2F;
+ D_EXEC(qemu_log("I2F a=%08x t=%f, r=%08x\n", a, t, r));
+ } break;
+ case OP_VECTOUT:
+ {
+ uint32_t a = cpu_to_be32(s->gp_regs[reg_a]);
+ uint32_t b = cpu_to_be32(s->gp_regs[reg_b]);
+ hwaddr dma_ptr =
+ get_dma_address(s->regs[R_MESHBASE],
+ s->gp_regs[GPR_X], s->gp_regs[GPR_Y]);
+ cpu_physical_memory_write(dma_ptr, &a, 4);
+ cpu_physical_memory_write(dma_ptr + 4, &b, 4);
+ s->regs[R_LASTDMA] = dma_ptr + 4;
+ D_EXEC(qemu_log("VECTOUT a=%08x b=%08x dma=%08x\n", a, b, dma_ptr));
+ trace_milkymist_pfpu_vectout(a, b, dma_ptr);
+ } break;
+ case OP_SIN:
+ {
+ int32_t a = REINTERPRET_CAST(int32_t, s->gp_regs[reg_a]);
+ float t = sinf(a * (1.0f / (M_PI * 4096.0f)));
+ r = REINTERPRET_CAST(uint32_t, t);
+ latency = LATENCY_SIN;
+ D_EXEC(qemu_log("SIN a=%d t=%f, r=%08x\n", a, t, r));
+ } break;
+ case OP_COS:
+ {
+ int32_t a = REINTERPRET_CAST(int32_t, s->gp_regs[reg_a]);
+ float t = cosf(a * (1.0f / (M_PI * 4096.0f)));
+ r = REINTERPRET_CAST(uint32_t, t);
+ latency = LATENCY_COS;
+ D_EXEC(qemu_log("COS a=%d t=%f, r=%08x\n", a, t, r));
+ } break;
+ case OP_ABOVE:
+ {
+ float a = REINTERPRET_CAST(float, s->gp_regs[reg_a]);
+ float b = REINTERPRET_CAST(float, s->gp_regs[reg_b]);
+ float t = (a > b) ? 1.0f : 0.0f;
+ r = REINTERPRET_CAST(uint32_t, t);
+ latency = LATENCY_ABOVE;
+ D_EXEC(qemu_log("ABOVE a=%f b=%f t=%f, r=%08x\n", a, b, t, r));
+ } break;
+ case OP_EQUAL:
+ {
+ float a = REINTERPRET_CAST(float, s->gp_regs[reg_a]);
+ float b = REINTERPRET_CAST(float, s->gp_regs[reg_b]);
+ float t = (a == b) ? 1.0f : 0.0f;
+ r = REINTERPRET_CAST(uint32_t, t);
+ latency = LATENCY_EQUAL;
+ D_EXEC(qemu_log("EQUAL a=%f b=%f t=%f, r=%08x\n", a, b, t, r));
+ } break;
+ case OP_COPY:
+ {
+ r = s->gp_regs[reg_a];
+ latency = LATENCY_COPY;
+ D_EXEC(qemu_log("COPY"));
+ } break;
+ case OP_IF:
+ {
+ float a = REINTERPRET_CAST(float, s->gp_regs[reg_a]);
+ float b = REINTERPRET_CAST(float, s->gp_regs[reg_b]);
+ uint32_t f = s->gp_regs[GPR_FLAGS];
+ float t = (f != 0) ? a : b;
+ r = REINTERPRET_CAST(uint32_t, t);
+ latency = LATENCY_IF;
+ D_EXEC(qemu_log("IF f=%u a=%f b=%f t=%f, r=%08x\n", f, a, b, t, r));
+ } break;
+ case OP_TSIGN:
+ {
+ float a = REINTERPRET_CAST(float, s->gp_regs[reg_a]);
+ float b = REINTERPRET_CAST(float, s->gp_regs[reg_b]);
+ float t = (b < 0) ? -a : a;
+ r = REINTERPRET_CAST(uint32_t, t);
+ latency = LATENCY_TSIGN;
+ D_EXEC(qemu_log("TSIGN a=%f b=%f t=%f, r=%08x\n", a, b, t, r));
+ } break;
+ case OP_QUAKE:
+ {
+ uint32_t a = s->gp_regs[reg_a];
+ r = 0x5f3759df - (a >> 1);
+ latency = LATENCY_QUAKE;
+ D_EXEC(qemu_log("QUAKE a=%d r=%08x\n", a, r));
+ } break;
+
+ default:
+ error_report("milkymist_pfpu: unknown opcode %d", op);
+ break;
+ }
+
+ if (!reg_d) {
+ D_EXEC(qemu_log("%04d %8s R%03d, R%03d <L=%d, E=%04d>\n",
+ s->regs[R_PC], opcode_to_str[op], reg_a, reg_b, latency,
+ s->regs[R_PC] + latency));
+ } else {
+ D_EXEC(qemu_log("%04d %8s R%03d, R%03d <L=%d, E=%04d> -> R%03d\n",
+ s->regs[R_PC], opcode_to_str[op], reg_a, reg_b, latency,
+ s->regs[R_PC] + latency, reg_d));
+ }
+
+ if (op == OP_VECTOUT) {
+ return 0;
+ }
+
+ /* store output for this cycle */
+ if (reg_d) {
+ uint32_t val = output_queue_remove(s);
+ D_EXEC(qemu_log("R%03d <- 0x%08x\n", reg_d, val));
+ s->gp_regs[reg_d] = val;
+ }
+
+ output_queue_advance(s);
+
+ /* store op output */
+ if (op != OP_NOP) {
+ output_queue_insert(s, r, latency-1);
+ }
+
+ /* advance PC */
+ s->regs[R_PC]++;
+
+ return 1;
+};
+
+static void pfpu_start(MilkymistPFPUState *s)
+{
+ int x, y;
+ int i;
+
+ for (y = 0; y <= s->regs[R_VMESHLAST]; y++) {
+ for (x = 0; x <= s->regs[R_HMESHLAST]; x++) {
+ D_EXEC(qemu_log("\nprocessing x=%d y=%d\n", x, y));
+
+ /* set current position */
+ s->gp_regs[GPR_X] = x;
+ s->gp_regs[GPR_Y] = y;
+
+ /* run microcode on this position */
+ i = 0;
+ while (pfpu_decode_insn(s)) {
+ /* decode at most MICROCODE_WORDS instructions */
+ if (i++ >= MICROCODE_WORDS) {
+ error_report("milkymist_pfpu: too many instructions "
+ "executed in microcode. No VECTOUT?");
+ break;
+ }
+ }
+
+ /* reset pc for next run */
+ s->regs[R_PC] = 0;
+ }
+ }
+
+ s->regs[R_VERTICES] = x * y;
+
+ trace_milkymist_pfpu_pulse_irq();
+ qemu_irq_pulse(s->irq);
+}
+
+static inline int get_microcode_address(MilkymistPFPUState *s, uint32_t addr)
+{
+ return (512 * s->regs[R_CODEPAGE]) + addr - MICROCODE_BEGIN;
+}
+
+static uint64_t pfpu_read(void *opaque, hwaddr addr,
+ unsigned size)
+{
+ MilkymistPFPUState *s = opaque;
+ uint32_t r = 0;
+
+ addr >>= 2;
+ switch (addr) {
+ case R_CTL:
+ case R_MESHBASE:
+ case R_HMESHLAST:
+ case R_VMESHLAST:
+ case R_CODEPAGE:
+ case R_VERTICES:
+ case R_COLLISIONS:
+ case R_STRAYWRITES:
+ case R_LASTDMA:
+ case R_PC:
+ case R_DREGBASE:
+ case R_CODEBASE:
+ r = s->regs[addr];
+ break;
+ case GPR_BEGIN ... GPR_END:
+ r = s->gp_regs[addr - GPR_BEGIN];
+ break;
+ case MICROCODE_BEGIN ... MICROCODE_END:
+ r = s->microcode[get_microcode_address(s, addr)];
+ break;
+
+ default:
+ error_report("milkymist_pfpu: read access to unknown register 0x"
+ TARGET_FMT_plx, addr << 2);
+ break;
+ }
+
+ trace_milkymist_pfpu_memory_read(addr << 2, r);
+
+ return r;
+}
+
+static void pfpu_write(void *opaque, hwaddr addr, uint64_t value,
+ unsigned size)
+{
+ MilkymistPFPUState *s = opaque;
+
+ trace_milkymist_pfpu_memory_write(addr, value);
+
+ addr >>= 2;
+ switch (addr) {
+ case R_CTL:
+ if (value & CTL_START_BUSY) {
+ pfpu_start(s);
+ }
+ break;
+ case R_MESHBASE:
+ case R_HMESHLAST:
+ case R_VMESHLAST:
+ case R_CODEPAGE:
+ case R_VERTICES:
+ case R_COLLISIONS:
+ case R_STRAYWRITES:
+ case R_LASTDMA:
+ case R_PC:
+ case R_DREGBASE:
+ case R_CODEBASE:
+ s->regs[addr] = value;
+ break;
+ case GPR_BEGIN ... GPR_END:
+ s->gp_regs[addr - GPR_BEGIN] = value;
+ break;
+ case MICROCODE_BEGIN ... MICROCODE_END:
+ s->microcode[get_microcode_address(s, addr)] = value;
+ break;
+
+ default:
+ error_report("milkymist_pfpu: write access to unknown register 0x"
+ TARGET_FMT_plx, addr << 2);
+ break;
+ }
+}
+
+static const MemoryRegionOps pfpu_mmio_ops = {
+ .read = pfpu_read,
+ .write = pfpu_write,
+ .valid = {
+ .min_access_size = 4,
+ .max_access_size = 4,
+ },
+ .endianness = DEVICE_NATIVE_ENDIAN,
+};
+
+static void milkymist_pfpu_reset(DeviceState *d)
+{
+ MilkymistPFPUState *s = MILKYMIST_PFPU(d);
+ int i;
+
+ for (i = 0; i < R_MAX; i++) {
+ s->regs[i] = 0;
+ }
+ for (i = 0; i < 128; i++) {
+ s->gp_regs[i] = 0;
+ }
+ for (i = 0; i < MICROCODE_WORDS; i++) {
+ s->microcode[i] = 0;
+ }
+ s->output_queue_pos = 0;
+ for (i = 0; i < MAX_LATENCY; i++) {
+ s->output_queue[i] = 0;
+ }
+}
+
+static int milkymist_pfpu_init(SysBusDevice *dev)
+{
+ MilkymistPFPUState *s = MILKYMIST_PFPU(dev);
+
+ sysbus_init_irq(dev, &s->irq);
+
+ memory_region_init_io(&s->regs_region, OBJECT(dev), &pfpu_mmio_ops, s,
+ "milkymist-pfpu", MICROCODE_END * 4);
+ sysbus_init_mmio(dev, &s->regs_region);
+
+ return 0;
+}
+
+static const VMStateDescription vmstate_milkymist_pfpu = {
+ .name = "milkymist-pfpu",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .minimum_version_id_old = 1,
+ .fields = (VMStateField[]) {
+ VMSTATE_UINT32_ARRAY(regs, MilkymistPFPUState, R_MAX),
+ VMSTATE_UINT32_ARRAY(gp_regs, MilkymistPFPUState, 128),
+ VMSTATE_UINT32_ARRAY(microcode, MilkymistPFPUState, MICROCODE_WORDS),
+ VMSTATE_INT32(output_queue_pos, MilkymistPFPUState),
+ VMSTATE_UINT32_ARRAY(output_queue, MilkymistPFPUState, MAX_LATENCY),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+static void milkymist_pfpu_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
+
+ k->init = milkymist_pfpu_init;
+ dc->reset = milkymist_pfpu_reset;
+ dc->vmsd = &vmstate_milkymist_pfpu;
+}
+
+static const TypeInfo milkymist_pfpu_info = {
+ .name = TYPE_MILKYMIST_PFPU,
+ .parent = TYPE_SYS_BUS_DEVICE,
+ .instance_size = sizeof(MilkymistPFPUState),
+ .class_init = milkymist_pfpu_class_init,
+};
+
+static void milkymist_pfpu_register_types(void)
+{
+ type_register_static(&milkymist_pfpu_info);
+}
+
+type_init(milkymist_pfpu_register_types)
diff --git a/hw/misc/mst_fpga.c b/hw/misc/mst_fpga.c
new file mode 100644
index 000000000..c96810fec
--- /dev/null
+++ b/hw/misc/mst_fpga.c
@@ -0,0 +1,267 @@
+/*
+ * PXA270-based Intel Mainstone platforms.
+ * FPGA driver
+ *
+ * Copyright (c) 2007 by Armin Kuster <akuster@kama-aina.net> or
+ * <akuster@mvista.com>
+ *
+ * This code is licensed under the GNU GPL v2.
+ *
+ * Contributions after 2012-01-13 are licensed under the terms of the
+ * GNU GPL, version 2 or (at your option) any later version.
+ */
+#include "hw/hw.h"
+#include "hw/sysbus.h"
+
+/* Mainstone FPGA for extern irqs */
+#define FPGA_GPIO_PIN 0
+#define MST_NUM_IRQS 16
+#define MST_LEDDAT1 0x10
+#define MST_LEDDAT2 0x14
+#define MST_LEDCTRL 0x40
+#define MST_GPSWR 0x60
+#define MST_MSCWR1 0x80
+#define MST_MSCWR2 0x84
+#define MST_MSCWR3 0x88
+#define MST_MSCRD 0x90
+#define MST_INTMSKENA 0xc0
+#define MST_INTSETCLR 0xd0
+#define MST_PCMCIA0 0xe0
+#define MST_PCMCIA1 0xe4
+
+#define MST_PCMCIAx_READY (1 << 10)
+#define MST_PCMCIAx_nCD (1 << 5)
+
+#define MST_PCMCIA_CD0_IRQ 9
+#define MST_PCMCIA_CD1_IRQ 13
+
+#define TYPE_MAINSTONE_FPGA "mainstone-fpga"
+#define MAINSTONE_FPGA(obj) \
+ OBJECT_CHECK(mst_irq_state, (obj), TYPE_MAINSTONE_FPGA)
+
+typedef struct mst_irq_state{
+ SysBusDevice parent_obj;
+
+ MemoryRegion iomem;
+
+ qemu_irq parent;
+
+ uint32_t prev_level;
+ uint32_t leddat1;
+ uint32_t leddat2;
+ uint32_t ledctrl;
+ uint32_t gpswr;
+ uint32_t mscwr1;
+ uint32_t mscwr2;
+ uint32_t mscwr3;
+ uint32_t mscrd;
+ uint32_t intmskena;
+ uint32_t intsetclr;
+ uint32_t pcmcia0;
+ uint32_t pcmcia1;
+}mst_irq_state;
+
+static void
+mst_fpga_set_irq(void *opaque, int irq, int level)
+{
+ mst_irq_state *s = (mst_irq_state *)opaque;
+ uint32_t oldint = s->intsetclr & s->intmskena;
+
+ if (level)
+ s->prev_level |= 1u << irq;
+ else
+ s->prev_level &= ~(1u << irq);
+
+ switch(irq) {
+ case MST_PCMCIA_CD0_IRQ:
+ if (level)
+ s->pcmcia0 &= ~MST_PCMCIAx_nCD;
+ else
+ s->pcmcia0 |= MST_PCMCIAx_nCD;
+ break;
+ case MST_PCMCIA_CD1_IRQ:
+ if (level)
+ s->pcmcia1 &= ~MST_PCMCIAx_nCD;
+ else
+ s->pcmcia1 |= MST_PCMCIAx_nCD;
+ break;
+ }
+
+ if ((s->intmskena & (1u << irq)) && level)
+ s->intsetclr |= 1u << irq;
+
+ if (oldint != (s->intsetclr & s->intmskena))
+ qemu_set_irq(s->parent, s->intsetclr & s->intmskena);
+}
+
+
+static uint64_t
+mst_fpga_readb(void *opaque, hwaddr addr, unsigned size)
+{
+ mst_irq_state *s = (mst_irq_state *) opaque;
+
+ switch (addr) {
+ case MST_LEDDAT1:
+ return s->leddat1;
+ case MST_LEDDAT2:
+ return s->leddat2;
+ case MST_LEDCTRL:
+ return s->ledctrl;
+ case MST_GPSWR:
+ return s->gpswr;
+ case MST_MSCWR1:
+ return s->mscwr1;
+ case MST_MSCWR2:
+ return s->mscwr2;
+ case MST_MSCWR3:
+ return s->mscwr3;
+ case MST_MSCRD:
+ return s->mscrd;
+ case MST_INTMSKENA:
+ return s->intmskena;
+ case MST_INTSETCLR:
+ return s->intsetclr;
+ case MST_PCMCIA0:
+ return s->pcmcia0;
+ case MST_PCMCIA1:
+ return s->pcmcia1;
+ default:
+ printf("Mainstone - mst_fpga_readb: Bad register offset "
+ "0x" TARGET_FMT_plx "\n", addr);
+ }
+ return 0;
+}
+
+static void
+mst_fpga_writeb(void *opaque, hwaddr addr, uint64_t value,
+ unsigned size)
+{
+ mst_irq_state *s = (mst_irq_state *) opaque;
+ value &= 0xffffffff;
+
+ switch (addr) {
+ case MST_LEDDAT1:
+ s->leddat1 = value;
+ break;
+ case MST_LEDDAT2:
+ s->leddat2 = value;
+ break;
+ case MST_LEDCTRL:
+ s->ledctrl = value;
+ break;
+ case MST_GPSWR:
+ s->gpswr = value;
+ break;
+ case MST_MSCWR1:
+ s->mscwr1 = value;
+ break;
+ case MST_MSCWR2:
+ s->mscwr2 = value;
+ break;
+ case MST_MSCWR3:
+ s->mscwr3 = value;
+ break;
+ case MST_MSCRD:
+ s->mscrd = value;
+ break;
+ case MST_INTMSKENA: /* Mask interrupt */
+ s->intmskena = (value & 0xFEEFF);
+ qemu_set_irq(s->parent, s->intsetclr & s->intmskena);
+ break;
+ case MST_INTSETCLR: /* clear or set interrupt */
+ s->intsetclr = (value & 0xFEEFF);
+ qemu_set_irq(s->parent, s->intsetclr & s->intmskena);
+ break;
+ /* For PCMCIAx allow the to change only power and reset */
+ case MST_PCMCIA0:
+ s->pcmcia0 = (value & 0x1f) | (s->pcmcia0 & ~0x1f);
+ break;
+ case MST_PCMCIA1:
+ s->pcmcia1 = (value & 0x1f) | (s->pcmcia1 & ~0x1f);
+ break;
+ default:
+ printf("Mainstone - mst_fpga_writeb: Bad register offset "
+ "0x" TARGET_FMT_plx "\n", addr);
+ }
+}
+
+static const MemoryRegionOps mst_fpga_ops = {
+ .read = mst_fpga_readb,
+ .write = mst_fpga_writeb,
+ .endianness = DEVICE_NATIVE_ENDIAN,
+};
+
+static int mst_fpga_post_load(void *opaque, int version_id)
+{
+ mst_irq_state *s = (mst_irq_state *) opaque;
+
+ qemu_set_irq(s->parent, s->intsetclr & s->intmskena);
+ return 0;
+}
+
+static int mst_fpga_init(SysBusDevice *sbd)
+{
+ DeviceState *dev = DEVICE(sbd);
+ mst_irq_state *s = MAINSTONE_FPGA(dev);
+
+ s->pcmcia0 = MST_PCMCIAx_READY | MST_PCMCIAx_nCD;
+ s->pcmcia1 = MST_PCMCIAx_READY | MST_PCMCIAx_nCD;
+
+ sysbus_init_irq(sbd, &s->parent);
+
+ /* alloc the external 16 irqs */
+ qdev_init_gpio_in(dev, mst_fpga_set_irq, MST_NUM_IRQS);
+
+ memory_region_init_io(&s->iomem, OBJECT(s), &mst_fpga_ops, s,
+ "fpga", 0x00100000);
+ sysbus_init_mmio(sbd, &s->iomem);
+ return 0;
+}
+
+static VMStateDescription vmstate_mst_fpga_regs = {
+ .name = "mainstone_fpga",
+ .version_id = 0,
+ .minimum_version_id = 0,
+ .minimum_version_id_old = 0,
+ .post_load = mst_fpga_post_load,
+ .fields = (VMStateField []) {
+ VMSTATE_UINT32(prev_level, mst_irq_state),
+ VMSTATE_UINT32(leddat1, mst_irq_state),
+ VMSTATE_UINT32(leddat2, mst_irq_state),
+ VMSTATE_UINT32(ledctrl, mst_irq_state),
+ VMSTATE_UINT32(gpswr, mst_irq_state),
+ VMSTATE_UINT32(mscwr1, mst_irq_state),
+ VMSTATE_UINT32(mscwr2, mst_irq_state),
+ VMSTATE_UINT32(mscwr3, mst_irq_state),
+ VMSTATE_UINT32(mscrd, mst_irq_state),
+ VMSTATE_UINT32(intmskena, mst_irq_state),
+ VMSTATE_UINT32(intsetclr, mst_irq_state),
+ VMSTATE_UINT32(pcmcia0, mst_irq_state),
+ VMSTATE_UINT32(pcmcia1, mst_irq_state),
+ VMSTATE_END_OF_LIST(),
+ },
+};
+
+static void mst_fpga_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
+
+ k->init = mst_fpga_init;
+ dc->desc = "Mainstone II FPGA";
+ dc->vmsd = &vmstate_mst_fpga_regs;
+}
+
+static const TypeInfo mst_fpga_info = {
+ .name = TYPE_MAINSTONE_FPGA,
+ .parent = TYPE_SYS_BUS_DEVICE,
+ .instance_size = sizeof(mst_irq_state),
+ .class_init = mst_fpga_class_init,
+};
+
+static void mst_fpga_register_types(void)
+{
+ type_register_static(&mst_fpga_info);
+}
+
+type_init(mst_fpga_register_types)
diff --git a/hw/misc/omap_clk.c b/hw/misc/omap_clk.c
new file mode 100644
index 000000000..80a3c50e1
--- /dev/null
+++ b/hw/misc/omap_clk.c
@@ -0,0 +1,1264 @@
+/*
+ * OMAP clocks.
+ *
+ * Copyright (C) 2006-2008 Andrzej Zaborowski <balrog@zabor.org>
+ *
+ * Clocks data comes in part from arch/arm/mach-omap1/clock.h in Linux.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License as
+ * published by the Free Software Foundation; either version 2 of
+ * the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+#include "hw/hw.h"
+#include "hw/arm/omap.h"
+
+struct clk {
+ const char *name;
+ const char *alias;
+ struct clk *parent;
+ struct clk *child1;
+ struct clk *sibling;
+#define ALWAYS_ENABLED (1 << 0)
+#define CLOCK_IN_OMAP310 (1 << 10)
+#define CLOCK_IN_OMAP730 (1 << 11)
+#define CLOCK_IN_OMAP1510 (1 << 12)
+#define CLOCK_IN_OMAP16XX (1 << 13)
+#define CLOCK_IN_OMAP242X (1 << 14)
+#define CLOCK_IN_OMAP243X (1 << 15)
+#define CLOCK_IN_OMAP343X (1 << 16)
+ uint32_t flags;
+ int id;
+
+ int running; /* Is currently ticking */
+ int enabled; /* Is enabled, regardless of its input clk */
+ unsigned long rate; /* Current rate (if .running) */
+ unsigned int divisor; /* Rate relative to input (if .enabled) */
+ unsigned int multiplier; /* Rate relative to input (if .enabled) */
+ qemu_irq users[16]; /* Who to notify on change */
+ int usecount; /* Automatically idle when unused */
+};
+
+static struct clk xtal_osc12m = {
+ .name = "xtal_osc_12m",
+ .rate = 12000000,
+ .flags = CLOCK_IN_OMAP1510 | CLOCK_IN_OMAP16XX | CLOCK_IN_OMAP310,
+};
+
+static struct clk xtal_osc32k = {
+ .name = "xtal_osc_32k",
+ .rate = 32768,
+ .flags = CLOCK_IN_OMAP1510 | CLOCK_IN_OMAP16XX | CLOCK_IN_OMAP310 |
+ CLOCK_IN_OMAP242X | CLOCK_IN_OMAP243X,
+};
+
+static struct clk ck_ref = {
+ .name = "ck_ref",
+ .alias = "clkin",
+ .parent = &xtal_osc12m,
+ .flags = CLOCK_IN_OMAP1510 | CLOCK_IN_OMAP16XX | CLOCK_IN_OMAP310 |
+ ALWAYS_ENABLED,
+};
+
+/* If a dpll is disabled it becomes a bypass, child clocks don't stop */
+static struct clk dpll1 = {
+ .name = "dpll1",
+ .parent = &ck_ref,
+ .flags = CLOCK_IN_OMAP1510 | CLOCK_IN_OMAP16XX | CLOCK_IN_OMAP310 |
+ ALWAYS_ENABLED,
+};
+
+static struct clk dpll2 = {
+ .name = "dpll2",
+ .parent = &ck_ref,
+ .flags = CLOCK_IN_OMAP310 | ALWAYS_ENABLED,
+};
+
+static struct clk dpll3 = {
+ .name = "dpll3",
+ .parent = &ck_ref,
+ .flags = CLOCK_IN_OMAP310 | ALWAYS_ENABLED,
+};
+
+static struct clk dpll4 = {
+ .name = "dpll4",
+ .parent = &ck_ref,
+ .multiplier = 4,
+ .flags = CLOCK_IN_OMAP1510 | CLOCK_IN_OMAP16XX | CLOCK_IN_OMAP310,
+};
+
+static struct clk apll = {
+ .name = "apll",
+ .parent = &ck_ref,
+ .multiplier = 48,
+ .divisor = 12,
+ .flags = CLOCK_IN_OMAP1510 | CLOCK_IN_OMAP16XX | CLOCK_IN_OMAP310,
+};
+
+static struct clk ck_48m = {
+ .name = "ck_48m",
+ .parent = &dpll4, /* either dpll4 or apll */
+ .flags = CLOCK_IN_OMAP1510 | CLOCK_IN_OMAP16XX | CLOCK_IN_OMAP310,
+};
+
+static struct clk ck_dpll1out = {
+ .name = "ck_dpll1out",
+ .parent = &dpll1,
+ .flags = CLOCK_IN_OMAP16XX,
+};
+
+static struct clk sossi_ck = {
+ .name = "ck_sossi",
+ .parent = &ck_dpll1out,
+ .flags = CLOCK_IN_OMAP16XX,
+};
+
+static struct clk clkm1 = {
+ .name = "clkm1",
+ .alias = "ck_gen1",
+ .parent = &dpll1,
+ .flags = CLOCK_IN_OMAP1510 | CLOCK_IN_OMAP16XX | CLOCK_IN_OMAP310 |
+ ALWAYS_ENABLED,
+};
+
+static struct clk clkm2 = {
+ .name = "clkm2",
+ .alias = "ck_gen2",
+ .parent = &dpll1,
+ .flags = CLOCK_IN_OMAP1510 | CLOCK_IN_OMAP16XX | CLOCK_IN_OMAP310 |
+ ALWAYS_ENABLED,
+};
+
+static struct clk clkm3 = {
+ .name = "clkm3",
+ .alias = "ck_gen3",
+ .parent = &dpll1, /* either dpll1 or ck_ref */
+ .flags = CLOCK_IN_OMAP1510 | CLOCK_IN_OMAP16XX | CLOCK_IN_OMAP310 |
+ ALWAYS_ENABLED,
+};
+
+static struct clk arm_ck = {
+ .name = "arm_ck",
+ .alias = "mpu_ck",
+ .parent = &clkm1,
+ .flags = CLOCK_IN_OMAP1510 | CLOCK_IN_OMAP16XX | CLOCK_IN_OMAP310 |
+ ALWAYS_ENABLED,
+};
+
+static struct clk armper_ck = {
+ .name = "armper_ck",
+ .alias = "mpuper_ck",
+ .parent = &clkm1,
+ .flags = CLOCK_IN_OMAP1510 | CLOCK_IN_OMAP16XX | CLOCK_IN_OMAP310,
+};
+
+static struct clk arm_gpio_ck = {
+ .name = "arm_gpio_ck",
+ .alias = "mpu_gpio_ck",
+ .parent = &clkm1,
+ .divisor = 1,
+ .flags = CLOCK_IN_OMAP1510 | CLOCK_IN_OMAP310,
+};
+
+static struct clk armxor_ck = {
+ .name = "armxor_ck",
+ .alias = "mpuxor_ck",
+ .parent = &ck_ref,
+ .flags = CLOCK_IN_OMAP1510 | CLOCK_IN_OMAP16XX | CLOCK_IN_OMAP310,
+};
+
+static struct clk armtim_ck = {
+ .name = "armtim_ck",
+ .alias = "mputim_ck",
+ .parent = &ck_ref, /* either CLKIN or DPLL1 */
+ .flags = CLOCK_IN_OMAP1510 | CLOCK_IN_OMAP16XX | CLOCK_IN_OMAP310,
+};
+
+static struct clk armwdt_ck = {
+ .name = "armwdt_ck",
+ .alias = "mpuwd_ck",
+ .parent = &clkm1,
+ .divisor = 14,
+ .flags = CLOCK_IN_OMAP1510 | CLOCK_IN_OMAP16XX | CLOCK_IN_OMAP310 |
+ ALWAYS_ENABLED,
+};
+
+static struct clk arminth_ck16xx = {
+ .name = "arminth_ck",
+ .parent = &arm_ck,
+ .flags = CLOCK_IN_OMAP16XX | ALWAYS_ENABLED,
+ /* Note: On 16xx the frequency can be divided by 2 by programming
+ * ARM_CKCTL:ARM_INTHCK_SEL(14) to 1
+ *
+ * 1510 version is in TC clocks.
+ */
+};
+
+static struct clk dsp_ck = {
+ .name = "dsp_ck",
+ .parent = &clkm2,
+ .flags = CLOCK_IN_OMAP310 | CLOCK_IN_OMAP1510 | CLOCK_IN_OMAP16XX,
+};
+
+static struct clk dspmmu_ck = {
+ .name = "dspmmu_ck",
+ .parent = &clkm2,
+ .flags = CLOCK_IN_OMAP310 | CLOCK_IN_OMAP1510 | CLOCK_IN_OMAP16XX |
+ ALWAYS_ENABLED,
+};
+
+static struct clk dspper_ck = {
+ .name = "dspper_ck",
+ .parent = &clkm2,
+ .flags = CLOCK_IN_OMAP310 | CLOCK_IN_OMAP1510 | CLOCK_IN_OMAP16XX,
+};
+
+static struct clk dspxor_ck = {
+ .name = "dspxor_ck",
+ .parent = &ck_ref,
+ .flags = CLOCK_IN_OMAP310 | CLOCK_IN_OMAP1510 | CLOCK_IN_OMAP16XX,
+};
+
+static struct clk dsptim_ck = {
+ .name = "dsptim_ck",
+ .parent = &ck_ref,
+ .flags = CLOCK_IN_OMAP310 | CLOCK_IN_OMAP1510 | CLOCK_IN_OMAP16XX,
+};
+
+static struct clk tc_ck = {
+ .name = "tc_ck",
+ .parent = &clkm3,
+ .flags = CLOCK_IN_OMAP1510 | CLOCK_IN_OMAP16XX |
+ CLOCK_IN_OMAP730 | CLOCK_IN_OMAP310 |
+ ALWAYS_ENABLED,
+};
+
+static struct clk arminth_ck15xx = {
+ .name = "arminth_ck",
+ .parent = &tc_ck,
+ .flags = CLOCK_IN_OMAP1510 | CLOCK_IN_OMAP310 | ALWAYS_ENABLED,
+ /* Note: On 1510 the frequency follows TC_CK
+ *
+ * 16xx version is in MPU clocks.
+ */
+};
+
+static struct clk tipb_ck = {
+ /* No-idle controlled by "tc_ck" */
+ .name = "tipb_ck",
+ .parent = &tc_ck,
+ .flags = CLOCK_IN_OMAP1510 | CLOCK_IN_OMAP310 | ALWAYS_ENABLED,
+};
+
+static struct clk l3_ocpi_ck = {
+ /* No-idle controlled by "tc_ck" */
+ .name = "l3_ocpi_ck",
+ .parent = &tc_ck,
+ .flags = CLOCK_IN_OMAP16XX,
+};
+
+static struct clk tc1_ck = {
+ .name = "tc1_ck",
+ .parent = &tc_ck,
+ .flags = CLOCK_IN_OMAP16XX,
+};
+
+static struct clk tc2_ck = {
+ .name = "tc2_ck",
+ .parent = &tc_ck,
+ .flags = CLOCK_IN_OMAP16XX,
+};
+
+static struct clk dma_ck = {
+ /* No-idle controlled by "tc_ck" */
+ .name = "dma_ck",
+ .parent = &tc_ck,
+ .flags = CLOCK_IN_OMAP1510 | CLOCK_IN_OMAP16XX | CLOCK_IN_OMAP310 |
+ ALWAYS_ENABLED,
+};
+
+static struct clk dma_lcdfree_ck = {
+ .name = "dma_lcdfree_ck",
+ .parent = &tc_ck,
+ .flags = CLOCK_IN_OMAP16XX | ALWAYS_ENABLED,
+};
+
+static struct clk api_ck = {
+ .name = "api_ck",
+ .alias = "mpui_ck",
+ .parent = &tc_ck,
+ .flags = CLOCK_IN_OMAP1510 | CLOCK_IN_OMAP16XX | CLOCK_IN_OMAP310,
+};
+
+static struct clk lb_ck = {
+ .name = "lb_ck",
+ .parent = &tc_ck,
+ .flags = CLOCK_IN_OMAP1510 | CLOCK_IN_OMAP310,
+};
+
+static struct clk lbfree_ck = {
+ .name = "lbfree_ck",
+ .parent = &tc_ck,
+ .flags = CLOCK_IN_OMAP1510 | CLOCK_IN_OMAP310,
+};
+
+static struct clk hsab_ck = {
+ .name = "hsab_ck",
+ .parent = &tc_ck,
+ .flags = CLOCK_IN_OMAP1510 | CLOCK_IN_OMAP310,
+};
+
+static struct clk rhea1_ck = {
+ .name = "rhea1_ck",
+ .parent = &tc_ck,
+ .flags = CLOCK_IN_OMAP16XX | ALWAYS_ENABLED,
+};
+
+static struct clk rhea2_ck = {
+ .name = "rhea2_ck",
+ .parent = &tc_ck,
+ .flags = CLOCK_IN_OMAP16XX | ALWAYS_ENABLED,
+};
+
+static struct clk lcd_ck_16xx = {
+ .name = "lcd_ck",
+ .parent = &clkm3,
+ .flags = CLOCK_IN_OMAP16XX | CLOCK_IN_OMAP730,
+};
+
+static struct clk lcd_ck_1510 = {
+ .name = "lcd_ck",
+ .parent = &clkm3,
+ .flags = CLOCK_IN_OMAP1510 | CLOCK_IN_OMAP310,
+};
+
+static struct clk uart1_1510 = {
+ .name = "uart1_ck",
+ /* Direct from ULPD, no real parent */
+ .parent = &armper_ck, /* either armper_ck or dpll4 */
+ .rate = 12000000,
+ .flags = CLOCK_IN_OMAP1510 | CLOCK_IN_OMAP310 | ALWAYS_ENABLED,
+};
+
+static struct clk uart1_16xx = {
+ .name = "uart1_ck",
+ /* Direct from ULPD, no real parent */
+ .parent = &armper_ck,
+ .rate = 48000000,
+ .flags = CLOCK_IN_OMAP16XX,
+};
+
+static struct clk uart2_ck = {
+ .name = "uart2_ck",
+ /* Direct from ULPD, no real parent */
+ .parent = &armper_ck, /* either armper_ck or dpll4 */
+ .rate = 12000000,
+ .flags = CLOCK_IN_OMAP1510 | CLOCK_IN_OMAP16XX | CLOCK_IN_OMAP310 |
+ ALWAYS_ENABLED,
+};
+
+static struct clk uart3_1510 = {
+ .name = "uart3_ck",
+ /* Direct from ULPD, no real parent */
+ .parent = &armper_ck, /* either armper_ck or dpll4 */
+ .rate = 12000000,
+ .flags = CLOCK_IN_OMAP1510 | CLOCK_IN_OMAP310 | ALWAYS_ENABLED,
+};
+
+static struct clk uart3_16xx = {
+ .name = "uart3_ck",
+ /* Direct from ULPD, no real parent */
+ .parent = &armper_ck,
+ .rate = 48000000,
+ .flags = CLOCK_IN_OMAP16XX,
+};
+
+static struct clk usb_clk0 = { /* 6 MHz output on W4_USB_CLK0 */
+ .name = "usb_clk0",
+ .alias = "usb.clko",
+ /* Direct from ULPD, no parent */
+ .rate = 6000000,
+ .flags = CLOCK_IN_OMAP1510 | CLOCK_IN_OMAP16XX | CLOCK_IN_OMAP310,
+};
+
+static struct clk usb_hhc_ck1510 = {
+ .name = "usb_hhc_ck",
+ /* Direct from ULPD, no parent */
+ .rate = 48000000, /* Actually 2 clocks, 12MHz and 48MHz */
+ .flags = CLOCK_IN_OMAP1510 | CLOCK_IN_OMAP310,
+};
+
+static struct clk usb_hhc_ck16xx = {
+ .name = "usb_hhc_ck",
+ /* Direct from ULPD, no parent */
+ .rate = 48000000,
+ /* OTG_SYSCON_2.OTG_PADEN == 0 (not 1510-compatible) */
+ .flags = CLOCK_IN_OMAP16XX,
+};
+
+static struct clk usb_w2fc_mclk = {
+ .name = "usb_w2fc_mclk",
+ .alias = "usb_w2fc_ck",
+ .parent = &ck_48m,
+ .rate = 48000000,
+ .flags = CLOCK_IN_OMAP310 | CLOCK_IN_OMAP1510 | CLOCK_IN_OMAP16XX,
+};
+
+static struct clk mclk_1510 = {
+ .name = "mclk",
+ /* Direct from ULPD, no parent. May be enabled by ext hardware. */
+ .rate = 12000000,
+ .flags = CLOCK_IN_OMAP1510,
+};
+
+static struct clk bclk_310 = {
+ .name = "bt_mclk_out", /* Alias midi_mclk_out? */
+ .parent = &armper_ck,
+ .flags = CLOCK_IN_OMAP310,
+};
+
+static struct clk mclk_310 = {
+ .name = "com_mclk_out",
+ .parent = &armper_ck,
+ .flags = CLOCK_IN_OMAP310,
+};
+
+static struct clk mclk_16xx = {
+ .name = "mclk",
+ /* Direct from ULPD, no parent. May be enabled by ext hardware. */
+ .flags = CLOCK_IN_OMAP16XX,
+};
+
+static struct clk bclk_1510 = {
+ .name = "bclk",
+ /* Direct from ULPD, no parent. May be enabled by ext hardware. */
+ .rate = 12000000,
+ .flags = CLOCK_IN_OMAP1510,
+};
+
+static struct clk bclk_16xx = {
+ .name = "bclk",
+ /* Direct from ULPD, no parent. May be enabled by ext hardware. */
+ .flags = CLOCK_IN_OMAP16XX,
+};
+
+static struct clk mmc1_ck = {
+ .name = "mmc_ck",
+ .id = 1,
+ /* Functional clock is direct from ULPD, interface clock is ARMPER */
+ .parent = &armper_ck, /* either armper_ck or dpll4 */
+ .rate = 48000000,
+ .flags = CLOCK_IN_OMAP1510 | CLOCK_IN_OMAP16XX | CLOCK_IN_OMAP310,
+};
+
+static struct clk mmc2_ck = {
+ .name = "mmc_ck",
+ .id = 2,
+ /* Functional clock is direct from ULPD, interface clock is ARMPER */
+ .parent = &armper_ck,
+ .rate = 48000000,
+ .flags = CLOCK_IN_OMAP16XX,
+};
+
+static struct clk cam_mclk = {
+ .name = "cam.mclk",
+ .flags = CLOCK_IN_OMAP310 | CLOCK_IN_OMAP1510 | CLOCK_IN_OMAP16XX,
+ .rate = 12000000,
+};
+
+static struct clk cam_exclk = {
+ .name = "cam.exclk",
+ .flags = CLOCK_IN_OMAP310 | CLOCK_IN_OMAP1510 | CLOCK_IN_OMAP16XX,
+ /* Either 12M from cam.mclk or 48M from dpll4 */
+ .parent = &cam_mclk,
+};
+
+static struct clk cam_lclk = {
+ .name = "cam.lclk",
+ .flags = CLOCK_IN_OMAP310 | CLOCK_IN_OMAP1510 | CLOCK_IN_OMAP16XX,
+};
+
+static struct clk i2c_fck = {
+ .name = "i2c_fck",
+ .id = 1,
+ .flags = CLOCK_IN_OMAP310 | CLOCK_IN_OMAP1510 | CLOCK_IN_OMAP16XX |
+ ALWAYS_ENABLED,
+ .parent = &armxor_ck,
+};
+
+static struct clk i2c_ick = {
+ .name = "i2c_ick",
+ .id = 1,
+ .flags = CLOCK_IN_OMAP16XX | ALWAYS_ENABLED,
+ .parent = &armper_ck,
+};
+
+static struct clk clk32k = {
+ .name = "clk32-kHz",
+ .flags = CLOCK_IN_OMAP310 | CLOCK_IN_OMAP1510 | CLOCK_IN_OMAP16XX |
+ CLOCK_IN_OMAP242X | CLOCK_IN_OMAP243X | ALWAYS_ENABLED,
+ .parent = &xtal_osc32k,
+};
+
+static struct clk ref_clk = {
+ .name = "ref_clk",
+ .flags = CLOCK_IN_OMAP242X | CLOCK_IN_OMAP243X | ALWAYS_ENABLED,
+ .rate = 12000000, /* 12 MHz or 13 MHz or 19.2 MHz */
+ /*.parent = sys.xtalin */
+};
+
+static struct clk apll_96m = {
+ .name = "apll_96m",
+ .flags = CLOCK_IN_OMAP242X | CLOCK_IN_OMAP243X | ALWAYS_ENABLED,
+ .rate = 96000000,
+ /*.parent = ref_clk */
+};
+
+static struct clk apll_54m = {
+ .name = "apll_54m",
+ .flags = CLOCK_IN_OMAP242X | CLOCK_IN_OMAP243X | ALWAYS_ENABLED,
+ .rate = 54000000,
+ /*.parent = ref_clk */
+};
+
+static struct clk sys_clk = {
+ .name = "sys_clk",
+ .flags = CLOCK_IN_OMAP242X | CLOCK_IN_OMAP243X | ALWAYS_ENABLED,
+ .rate = 32768,
+ /*.parent = sys.xtalin */
+};
+
+static struct clk sleep_clk = {
+ .name = "sleep_clk",
+ .flags = CLOCK_IN_OMAP242X | CLOCK_IN_OMAP243X | ALWAYS_ENABLED,
+ .rate = 32768,
+ /*.parent = sys.xtalin */
+};
+
+static struct clk dpll_ck = {
+ .name = "dpll",
+ .flags = CLOCK_IN_OMAP242X | CLOCK_IN_OMAP243X | ALWAYS_ENABLED,
+ .parent = &ref_clk,
+};
+
+static struct clk dpll_x2_ck = {
+ .name = "dpll_x2",
+ .flags = CLOCK_IN_OMAP242X | CLOCK_IN_OMAP243X | ALWAYS_ENABLED,
+ .parent = &ref_clk,
+};
+
+static struct clk wdt1_sys_clk = {
+ .name = "wdt1_sys_clk",
+ .flags = CLOCK_IN_OMAP242X | CLOCK_IN_OMAP243X | ALWAYS_ENABLED,
+ .rate = 32768,
+ /*.parent = sys.xtalin */
+};
+
+static struct clk func_96m_clk = {
+ .name = "func_96m_clk",
+ .flags = CLOCK_IN_OMAP242X | CLOCK_IN_OMAP243X,
+ .divisor = 1,
+ .parent = &apll_96m,
+};
+
+static struct clk func_48m_clk = {
+ .name = "func_48m_clk",
+ .flags = CLOCK_IN_OMAP242X | CLOCK_IN_OMAP243X,
+ .divisor = 2,
+ .parent = &apll_96m,
+};
+
+static struct clk func_12m_clk = {
+ .name = "func_12m_clk",
+ .flags = CLOCK_IN_OMAP242X | CLOCK_IN_OMAP243X,
+ .divisor = 8,
+ .parent = &apll_96m,
+};
+
+static struct clk func_54m_clk = {
+ .name = "func_54m_clk",
+ .flags = CLOCK_IN_OMAP242X,
+ .divisor = 1,
+ .parent = &apll_54m,
+};
+
+static struct clk sys_clkout = {
+ .name = "clkout",
+ .flags = CLOCK_IN_OMAP242X | CLOCK_IN_OMAP243X,
+ .parent = &sys_clk,
+};
+
+static struct clk sys_clkout2 = {
+ .name = "clkout2",
+ .flags = CLOCK_IN_OMAP242X | CLOCK_IN_OMAP243X,
+ .parent = &sys_clk,
+};
+
+static struct clk core_clk = {
+ .name = "core_clk",
+ .flags = CLOCK_IN_OMAP242X | CLOCK_IN_OMAP243X,
+ .parent = &dpll_x2_ck, /* Switchable between dpll_ck and clk32k */
+};
+
+static struct clk l3_clk = {
+ .name = "l3_clk",
+ .flags = CLOCK_IN_OMAP242X | CLOCK_IN_OMAP243X,
+ .parent = &core_clk,
+};
+
+static struct clk core_l4_iclk = {
+ .name = "core_l4_iclk",
+ .flags = CLOCK_IN_OMAP242X | CLOCK_IN_OMAP243X,
+ .parent = &l3_clk,
+};
+
+static struct clk wu_l4_iclk = {
+ .name = "wu_l4_iclk",
+ .flags = CLOCK_IN_OMAP242X | CLOCK_IN_OMAP243X,
+ .parent = &l3_clk,
+};
+
+static struct clk core_l3_iclk = {
+ .name = "core_l3_iclk",
+ .flags = CLOCK_IN_OMAP242X | CLOCK_IN_OMAP243X,
+ .parent = &core_clk,
+};
+
+static struct clk core_l4_usb_clk = {
+ .name = "core_l4_usb_clk",
+ .flags = CLOCK_IN_OMAP242X | CLOCK_IN_OMAP243X,
+ .parent = &l3_clk,
+};
+
+static struct clk wu_gpt1_clk = {
+ .name = "wu_gpt1_clk",
+ .flags = CLOCK_IN_OMAP242X | CLOCK_IN_OMAP243X,
+ .parent = &sys_clk,
+};
+
+static struct clk wu_32k_clk = {
+ .name = "wu_32k_clk",
+ .flags = CLOCK_IN_OMAP242X | CLOCK_IN_OMAP243X,
+ .parent = &sys_clk,
+};
+
+static struct clk uart1_fclk = {
+ .name = "uart1_fclk",
+ .flags = CLOCK_IN_OMAP242X | CLOCK_IN_OMAP243X,
+ .parent = &func_48m_clk,
+};
+
+static struct clk uart1_iclk = {
+ .name = "uart1_iclk",
+ .flags = CLOCK_IN_OMAP242X | CLOCK_IN_OMAP243X,
+ .parent = &core_l4_iclk,
+};
+
+static struct clk uart2_fclk = {
+ .name = "uart2_fclk",
+ .flags = CLOCK_IN_OMAP242X | CLOCK_IN_OMAP243X,
+ .parent = &func_48m_clk,
+};
+
+static struct clk uart2_iclk = {
+ .name = "uart2_iclk",
+ .flags = CLOCK_IN_OMAP242X | CLOCK_IN_OMAP243X,
+ .parent = &core_l4_iclk,
+};
+
+static struct clk uart3_fclk = {
+ .name = "uart3_fclk",
+ .flags = CLOCK_IN_OMAP242X | CLOCK_IN_OMAP243X,
+ .parent = &func_48m_clk,
+};
+
+static struct clk uart3_iclk = {
+ .name = "uart3_iclk",
+ .flags = CLOCK_IN_OMAP242X | CLOCK_IN_OMAP243X,
+ .parent = &core_l4_iclk,
+};
+
+static struct clk mpu_fclk = {
+ .name = "mpu_fclk",
+ .flags = CLOCK_IN_OMAP242X | CLOCK_IN_OMAP243X,
+ .parent = &core_clk,
+};
+
+static struct clk mpu_iclk = {
+ .name = "mpu_iclk",
+ .flags = CLOCK_IN_OMAP242X | CLOCK_IN_OMAP243X,
+ .parent = &core_clk,
+};
+
+static struct clk int_m_fclk = {
+ .name = "int_m_fclk",
+ .alias = "mpu_intc_fclk",
+ .flags = CLOCK_IN_OMAP242X | CLOCK_IN_OMAP243X,
+ .parent = &core_clk,
+};
+
+static struct clk int_m_iclk = {
+ .name = "int_m_iclk",
+ .alias = "mpu_intc_iclk",
+ .flags = CLOCK_IN_OMAP242X | CLOCK_IN_OMAP243X,
+ .parent = &core_clk,
+};
+
+static struct clk core_gpt2_clk = {
+ .name = "core_gpt2_clk",
+ .flags = CLOCK_IN_OMAP242X | CLOCK_IN_OMAP243X,
+ .parent = &sys_clk,
+};
+
+static struct clk core_gpt3_clk = {
+ .name = "core_gpt3_clk",
+ .flags = CLOCK_IN_OMAP242X | CLOCK_IN_OMAP243X,
+ .parent = &sys_clk,
+};
+
+static struct clk core_gpt4_clk = {
+ .name = "core_gpt4_clk",
+ .flags = CLOCK_IN_OMAP242X | CLOCK_IN_OMAP243X,
+ .parent = &sys_clk,
+};
+
+static struct clk core_gpt5_clk = {
+ .name = "core_gpt5_clk",
+ .flags = CLOCK_IN_OMAP242X | CLOCK_IN_OMAP243X,
+ .parent = &sys_clk,
+};
+
+static struct clk core_gpt6_clk = {
+ .name = "core_gpt6_clk",
+ .flags = CLOCK_IN_OMAP242X | CLOCK_IN_OMAP243X,
+ .parent = &sys_clk,
+};
+
+static struct clk core_gpt7_clk = {
+ .name = "core_gpt7_clk",
+ .flags = CLOCK_IN_OMAP242X | CLOCK_IN_OMAP243X,
+ .parent = &sys_clk,
+};
+
+static struct clk core_gpt8_clk = {
+ .name = "core_gpt8_clk",
+ .flags = CLOCK_IN_OMAP242X | CLOCK_IN_OMAP243X,
+ .parent = &sys_clk,
+};
+
+static struct clk core_gpt9_clk = {
+ .name = "core_gpt9_clk",
+ .flags = CLOCK_IN_OMAP242X | CLOCK_IN_OMAP243X,
+ .parent = &sys_clk,
+};
+
+static struct clk core_gpt10_clk = {
+ .name = "core_gpt10_clk",
+ .flags = CLOCK_IN_OMAP242X | CLOCK_IN_OMAP243X,
+ .parent = &sys_clk,
+};
+
+static struct clk core_gpt11_clk = {
+ .name = "core_gpt11_clk",
+ .flags = CLOCK_IN_OMAP242X | CLOCK_IN_OMAP243X,
+ .parent = &sys_clk,
+};
+
+static struct clk core_gpt12_clk = {
+ .name = "core_gpt12_clk",
+ .flags = CLOCK_IN_OMAP242X | CLOCK_IN_OMAP243X,
+ .parent = &sys_clk,
+};
+
+static struct clk mcbsp1_clk = {
+ .name = "mcbsp1_cg",
+ .flags = CLOCK_IN_OMAP242X | CLOCK_IN_OMAP243X,
+ .divisor = 2,
+ .parent = &func_96m_clk,
+};
+
+static struct clk mcbsp2_clk = {
+ .name = "mcbsp2_cg",
+ .flags = CLOCK_IN_OMAP242X | CLOCK_IN_OMAP243X,
+ .divisor = 2,
+ .parent = &func_96m_clk,
+};
+
+static struct clk emul_clk = {
+ .name = "emul_ck",
+ .flags = CLOCK_IN_OMAP242X | CLOCK_IN_OMAP243X,
+ .parent = &func_54m_clk,
+};
+
+static struct clk sdma_fclk = {
+ .name = "sdma_fclk",
+ .flags = CLOCK_IN_OMAP242X | CLOCK_IN_OMAP243X,
+ .parent = &l3_clk,
+};
+
+static struct clk sdma_iclk = {
+ .name = "sdma_iclk",
+ .flags = CLOCK_IN_OMAP242X | CLOCK_IN_OMAP243X,
+ .parent = &core_l3_iclk, /* core_l4_iclk for the configuration port */
+};
+
+static struct clk i2c1_fclk = {
+ .name = "i2c1.fclk",
+ .flags = CLOCK_IN_OMAP242X | CLOCK_IN_OMAP243X,
+ .parent = &func_12m_clk,
+ .divisor = 1,
+};
+
+static struct clk i2c1_iclk = {
+ .name = "i2c1.iclk",
+ .flags = CLOCK_IN_OMAP242X | CLOCK_IN_OMAP243X,
+ .parent = &core_l4_iclk,
+};
+
+static struct clk i2c2_fclk = {
+ .name = "i2c2.fclk",
+ .flags = CLOCK_IN_OMAP242X | CLOCK_IN_OMAP243X,
+ .parent = &func_12m_clk,
+ .divisor = 1,
+};
+
+static struct clk i2c2_iclk = {
+ .name = "i2c2.iclk",
+ .flags = CLOCK_IN_OMAP242X | CLOCK_IN_OMAP243X,
+ .parent = &core_l4_iclk,
+};
+
+static struct clk gpio_dbclk[5] = {
+ {
+ .name = "gpio1_dbclk",
+ .flags = CLOCK_IN_OMAP242X | CLOCK_IN_OMAP243X,
+ .parent = &wu_32k_clk,
+ }, {
+ .name = "gpio2_dbclk",
+ .flags = CLOCK_IN_OMAP242X | CLOCK_IN_OMAP243X,
+ .parent = &wu_32k_clk,
+ }, {
+ .name = "gpio3_dbclk",
+ .flags = CLOCK_IN_OMAP242X | CLOCK_IN_OMAP243X,
+ .parent = &wu_32k_clk,
+ }, {
+ .name = "gpio4_dbclk",
+ .flags = CLOCK_IN_OMAP242X | CLOCK_IN_OMAP243X,
+ .parent = &wu_32k_clk,
+ }, {
+ .name = "gpio5_dbclk",
+ .flags = CLOCK_IN_OMAP243X,
+ .parent = &wu_32k_clk,
+ },
+};
+
+static struct clk gpio_iclk = {
+ .name = "gpio_iclk",
+ .flags = CLOCK_IN_OMAP242X | CLOCK_IN_OMAP243X,
+ .parent = &wu_l4_iclk,
+};
+
+static struct clk mmc_fck = {
+ .name = "mmc_fclk",
+ .flags = CLOCK_IN_OMAP242X,
+ .parent = &func_96m_clk,
+};
+
+static struct clk mmc_ick = {
+ .name = "mmc_iclk",
+ .flags = CLOCK_IN_OMAP242X,
+ .parent = &core_l4_iclk,
+};
+
+static struct clk spi_fclk[3] = {
+ {
+ .name = "spi1_fclk",
+ .flags = CLOCK_IN_OMAP242X | CLOCK_IN_OMAP243X,
+ .parent = &func_48m_clk,
+ }, {
+ .name = "spi2_fclk",
+ .flags = CLOCK_IN_OMAP242X | CLOCK_IN_OMAP243X,
+ .parent = &func_48m_clk,
+ }, {
+ .name = "spi3_fclk",
+ .flags = CLOCK_IN_OMAP243X,
+ .parent = &func_48m_clk,
+ },
+};
+
+static struct clk dss_clk[2] = {
+ {
+ .name = "dss_clk1",
+ .flags = CLOCK_IN_OMAP242X | CLOCK_IN_OMAP243X,
+ .parent = &core_clk,
+ }, {
+ .name = "dss_clk2",
+ .flags = CLOCK_IN_OMAP242X | CLOCK_IN_OMAP243X,
+ .parent = &sys_clk,
+ },
+};
+
+static struct clk dss_54m_clk = {
+ .name = "dss_54m_clk",
+ .flags = CLOCK_IN_OMAP242X | CLOCK_IN_OMAP243X,
+ .parent = &func_54m_clk,
+};
+
+static struct clk dss_l3_iclk = {
+ .name = "dss_l3_iclk",
+ .flags = CLOCK_IN_OMAP242X | CLOCK_IN_OMAP243X,
+ .parent = &core_l3_iclk,
+};
+
+static struct clk dss_l4_iclk = {
+ .name = "dss_l4_iclk",
+ .flags = CLOCK_IN_OMAP242X | CLOCK_IN_OMAP243X,
+ .parent = &core_l4_iclk,
+};
+
+static struct clk spi_iclk[3] = {
+ {
+ .name = "spi1_iclk",
+ .flags = CLOCK_IN_OMAP242X | CLOCK_IN_OMAP243X,
+ .parent = &core_l4_iclk,
+ }, {
+ .name = "spi2_iclk",
+ .flags = CLOCK_IN_OMAP242X | CLOCK_IN_OMAP243X,
+ .parent = &core_l4_iclk,
+ }, {
+ .name = "spi3_iclk",
+ .flags = CLOCK_IN_OMAP243X,
+ .parent = &core_l4_iclk,
+ },
+};
+
+static struct clk omapctrl_clk = {
+ .name = "omapctrl_iclk",
+ .flags = CLOCK_IN_OMAP242X | CLOCK_IN_OMAP243X,
+ /* XXX Should be in WKUP domain */
+ .parent = &core_l4_iclk,
+};
+
+static struct clk *onchip_clks[] = {
+ /* OMAP 1 */
+
+ /* non-ULPD clocks */
+ &xtal_osc12m,
+ &xtal_osc32k,
+ &ck_ref,
+ &dpll1,
+ &dpll2,
+ &dpll3,
+ &dpll4,
+ &apll,
+ &ck_48m,
+ /* CK_GEN1 clocks */
+ &clkm1,
+ &ck_dpll1out,
+ &sossi_ck,
+ &arm_ck,
+ &armper_ck,
+ &arm_gpio_ck,
+ &armxor_ck,
+ &armtim_ck,
+ &armwdt_ck,
+ &arminth_ck15xx, &arminth_ck16xx,
+ /* CK_GEN2 clocks */
+ &clkm2,
+ &dsp_ck,
+ &dspmmu_ck,
+ &dspper_ck,
+ &dspxor_ck,
+ &dsptim_ck,
+ /* CK_GEN3 clocks */
+ &clkm3,
+ &tc_ck,
+ &tipb_ck,
+ &l3_ocpi_ck,
+ &tc1_ck,
+ &tc2_ck,
+ &dma_ck,
+ &dma_lcdfree_ck,
+ &api_ck,
+ &lb_ck,
+ &lbfree_ck,
+ &hsab_ck,
+ &rhea1_ck,
+ &rhea2_ck,
+ &lcd_ck_16xx,
+ &lcd_ck_1510,
+ /* ULPD clocks */
+ &uart1_1510,
+ &uart1_16xx,
+ &uart2_ck,
+ &uart3_1510,
+ &uart3_16xx,
+ &usb_clk0,
+ &usb_hhc_ck1510, &usb_hhc_ck16xx,
+ &mclk_1510, &mclk_16xx, &mclk_310,
+ &bclk_1510, &bclk_16xx, &bclk_310,
+ &mmc1_ck,
+ &mmc2_ck,
+ &cam_mclk,
+ &cam_exclk,
+ &cam_lclk,
+ &clk32k,
+ &usb_w2fc_mclk,
+ /* Virtual clocks */
+ &i2c_fck,
+ &i2c_ick,
+
+ /* OMAP 2 */
+
+ &ref_clk,
+ &apll_96m,
+ &apll_54m,
+ &sys_clk,
+ &sleep_clk,
+ &dpll_ck,
+ &dpll_x2_ck,
+ &wdt1_sys_clk,
+ &func_96m_clk,
+ &func_48m_clk,
+ &func_12m_clk,
+ &func_54m_clk,
+ &sys_clkout,
+ &sys_clkout2,
+ &core_clk,
+ &l3_clk,
+ &core_l4_iclk,
+ &wu_l4_iclk,
+ &core_l3_iclk,
+ &core_l4_usb_clk,
+ &wu_gpt1_clk,
+ &wu_32k_clk,
+ &uart1_fclk,
+ &uart1_iclk,
+ &uart2_fclk,
+ &uart2_iclk,
+ &uart3_fclk,
+ &uart3_iclk,
+ &mpu_fclk,
+ &mpu_iclk,
+ &int_m_fclk,
+ &int_m_iclk,
+ &core_gpt2_clk,
+ &core_gpt3_clk,
+ &core_gpt4_clk,
+ &core_gpt5_clk,
+ &core_gpt6_clk,
+ &core_gpt7_clk,
+ &core_gpt8_clk,
+ &core_gpt9_clk,
+ &core_gpt10_clk,
+ &core_gpt11_clk,
+ &core_gpt12_clk,
+ &mcbsp1_clk,
+ &mcbsp2_clk,
+ &emul_clk,
+ &sdma_fclk,
+ &sdma_iclk,
+ &i2c1_fclk,
+ &i2c1_iclk,
+ &i2c2_fclk,
+ &i2c2_iclk,
+ &gpio_dbclk[0],
+ &gpio_dbclk[1],
+ &gpio_dbclk[2],
+ &gpio_dbclk[3],
+ &gpio_iclk,
+ &mmc_fck,
+ &mmc_ick,
+ &spi_fclk[0],
+ &spi_iclk[0],
+ &spi_fclk[1],
+ &spi_iclk[1],
+ &spi_fclk[2],
+ &spi_iclk[2],
+ &dss_clk[0],
+ &dss_clk[1],
+ &dss_54m_clk,
+ &dss_l3_iclk,
+ &dss_l4_iclk,
+ &omapctrl_clk,
+
+ NULL
+};
+
+void omap_clk_adduser(struct clk *clk, qemu_irq user)
+{
+ qemu_irq *i;
+
+ for (i = clk->users; *i; i ++);
+ *i = user;
+}
+
+struct clk *omap_findclk(struct omap_mpu_state_s *mpu, const char *name)
+{
+ struct clk *i;
+
+ for (i = mpu->clks; i->name; i ++)
+ if (!strcmp(i->name, name) || (i->alias && !strcmp(i->alias, name)))
+ return i;
+ hw_error("%s: %s not found\n", __FUNCTION__, name);
+}
+
+void omap_clk_get(struct clk *clk)
+{
+ clk->usecount ++;
+}
+
+void omap_clk_put(struct clk *clk)
+{
+ if (!(clk->usecount --))
+ hw_error("%s: %s is not in use\n", __FUNCTION__, clk->name);
+}
+
+static void omap_clk_update(struct clk *clk)
+{
+ int parent, running;
+ qemu_irq *user;
+ struct clk *i;
+
+ if (clk->parent)
+ parent = clk->parent->running;
+ else
+ parent = 1;
+
+ running = parent && (clk->enabled ||
+ ((clk->flags & ALWAYS_ENABLED) && clk->usecount));
+ if (clk->running != running) {
+ clk->running = running;
+ for (user = clk->users; *user; user ++)
+ qemu_set_irq(*user, running);
+ for (i = clk->child1; i; i = i->sibling)
+ omap_clk_update(i);
+ }
+}
+
+static void omap_clk_rate_update_full(struct clk *clk, unsigned long int rate,
+ unsigned long int div, unsigned long int mult)
+{
+ struct clk *i;
+ qemu_irq *user;
+
+ clk->rate = muldiv64(rate, mult, div);
+ if (clk->running)
+ for (user = clk->users; *user; user ++)
+ qemu_irq_raise(*user);
+ for (i = clk->child1; i; i = i->sibling)
+ omap_clk_rate_update_full(i, rate,
+ div * i->divisor, mult * i->multiplier);
+}
+
+static void omap_clk_rate_update(struct clk *clk)
+{
+ struct clk *i;
+ unsigned long int div, mult = div = 1;
+
+ for (i = clk; i->parent; i = i->parent) {
+ div *= i->divisor;
+ mult *= i->multiplier;
+ }
+
+ omap_clk_rate_update_full(clk, i->rate, div, mult);
+}
+
+void omap_clk_reparent(struct clk *clk, struct clk *parent)
+{
+ struct clk **p;
+
+ if (clk->parent) {
+ for (p = &clk->parent->child1; *p != clk; p = &(*p)->sibling);
+ *p = clk->sibling;
+ }
+
+ clk->parent = parent;
+ if (parent) {
+ clk->sibling = parent->child1;
+ parent->child1 = clk;
+ omap_clk_update(clk);
+ omap_clk_rate_update(clk);
+ } else
+ clk->sibling = NULL;
+}
+
+void omap_clk_onoff(struct clk *clk, int on)
+{
+ clk->enabled = on;
+ omap_clk_update(clk);
+}
+
+void omap_clk_canidle(struct clk *clk, int can)
+{
+ if (can)
+ omap_clk_put(clk);
+ else
+ omap_clk_get(clk);
+}
+
+void omap_clk_setrate(struct clk *clk, int divide, int multiply)
+{
+ clk->divisor = divide;
+ clk->multiplier = multiply;
+ omap_clk_rate_update(clk);
+}
+
+int64_t omap_clk_getrate(omap_clk clk)
+{
+ return clk->rate;
+}
+
+void omap_clk_init(struct omap_mpu_state_s *mpu)
+{
+ struct clk **i, *j, *k;
+ int count;
+ int flag;
+
+ if (cpu_is_omap310(mpu))
+ flag = CLOCK_IN_OMAP310;
+ else if (cpu_is_omap1510(mpu))
+ flag = CLOCK_IN_OMAP1510;
+ else if (cpu_is_omap2410(mpu) || cpu_is_omap2420(mpu))
+ flag = CLOCK_IN_OMAP242X;
+ else if (cpu_is_omap2430(mpu))
+ flag = CLOCK_IN_OMAP243X;
+ else if (cpu_is_omap3430(mpu))
+ flag = CLOCK_IN_OMAP243X;
+ else
+ return;
+
+ for (i = onchip_clks, count = 0; *i; i ++)
+ if ((*i)->flags & flag)
+ count ++;
+ mpu->clks = (struct clk *) g_malloc0(sizeof(struct clk) * (count + 1));
+ for (i = onchip_clks, j = mpu->clks; *i; i ++)
+ if ((*i)->flags & flag) {
+ memcpy(j, *i, sizeof(struct clk));
+ for (k = mpu->clks; k < j; k ++)
+ if (j->parent && !strcmp(j->parent->name, k->name)) {
+ j->parent = k;
+ j->sibling = k->child1;
+ k->child1 = j;
+ } else if (k->parent && !strcmp(k->parent->name, j->name)) {
+ k->parent = j;
+ k->sibling = j->child1;
+ j->child1 = k;
+ }
+ j->divisor = j->divisor ?: 1;
+ j->multiplier = j->multiplier ?: 1;
+ j ++;
+ }
+ for (j = mpu->clks; count --; j ++) {
+ omap_clk_update(j);
+ omap_clk_rate_update(j);
+ }
+}
diff --git a/hw/misc/omap_gpmc.c b/hw/misc/omap_gpmc.c
new file mode 100644
index 000000000..204727412
--- /dev/null
+++ b/hw/misc/omap_gpmc.c
@@ -0,0 +1,894 @@
+/*
+ * TI OMAP general purpose memory controller emulation.
+ *
+ * Copyright (C) 2007-2009 Nokia Corporation
+ * Original code written by Andrzej Zaborowski <andrew@openedhand.com>
+ * Enhancements for OMAP3 and NAND support written by Juha Riihimäki
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License as
+ * published by the Free Software Foundation; either version 2 or
+ * (at your option) any later version of the License.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+#include "hw/hw.h"
+#include "hw/block/flash.h"
+#include "hw/arm/omap.h"
+#include "exec/memory.h"
+#include "exec/address-spaces.h"
+
+/* General-Purpose Memory Controller */
+struct omap_gpmc_s {
+ qemu_irq irq;
+ qemu_irq drq;
+ MemoryRegion iomem;
+ int accept_256;
+
+ uint8_t revision;
+ uint8_t sysconfig;
+ uint16_t irqst;
+ uint16_t irqen;
+ uint16_t lastirq;
+ uint16_t timeout;
+ uint16_t config;
+ struct omap_gpmc_cs_file_s {
+ uint32_t config[7];
+ MemoryRegion *iomem;
+ MemoryRegion container;
+ MemoryRegion nandiomem;
+ DeviceState *dev;
+ } cs_file[8];
+ int ecc_cs;
+ int ecc_ptr;
+ uint32_t ecc_cfg;
+ ECCState ecc[9];
+ struct prefetch {
+ uint32_t config1; /* GPMC_PREFETCH_CONFIG1 */
+ uint32_t transfercount; /* GPMC_PREFETCH_CONFIG2:TRANSFERCOUNT */
+ int startengine; /* GPMC_PREFETCH_CONTROL:STARTENGINE */
+ int fifopointer; /* GPMC_PREFETCH_STATUS:FIFOPOINTER */
+ int count; /* GPMC_PREFETCH_STATUS:COUNTVALUE */
+ MemoryRegion iomem;
+ uint8_t fifo[64];
+ } prefetch;
+};
+
+#define OMAP_GPMC_8BIT 0
+#define OMAP_GPMC_16BIT 1
+#define OMAP_GPMC_NOR 0
+#define OMAP_GPMC_NAND 2
+
+static int omap_gpmc_devtype(struct omap_gpmc_cs_file_s *f)
+{
+ return (f->config[0] >> 10) & 3;
+}
+
+static int omap_gpmc_devsize(struct omap_gpmc_cs_file_s *f)
+{
+ /* devsize field is really 2 bits but we ignore the high
+ * bit to ensure consistent behaviour if the guest sets
+ * it (values 2 and 3 are reserved in the TRM)
+ */
+ return (f->config[0] >> 12) & 1;
+}
+
+/* Extract the chip-select value from the prefetch config1 register */
+static int prefetch_cs(uint32_t config1)
+{
+ return (config1 >> 24) & 7;
+}
+
+static int prefetch_threshold(uint32_t config1)
+{
+ return (config1 >> 8) & 0x7f;
+}
+
+static void omap_gpmc_int_update(struct omap_gpmc_s *s)
+{
+ /* The TRM is a bit unclear, but it seems to say that
+ * the TERMINALCOUNTSTATUS bit is set only on the
+ * transition when the prefetch engine goes from
+ * active to inactive, whereas the FIFOEVENTSTATUS
+ * bit is held high as long as the fifo has at
+ * least THRESHOLD bytes available.
+ * So we do the latter here, but TERMINALCOUNTSTATUS
+ * is set elsewhere.
+ */
+ if (s->prefetch.fifopointer >= prefetch_threshold(s->prefetch.config1)) {
+ s->irqst |= 1;
+ }
+ if ((s->irqen & s->irqst) != s->lastirq) {
+ s->lastirq = s->irqen & s->irqst;
+ qemu_set_irq(s->irq, s->lastirq);
+ }
+}
+
+static void omap_gpmc_dma_update(struct omap_gpmc_s *s, int value)
+{
+ if (s->prefetch.config1 & 4) {
+ qemu_set_irq(s->drq, value);
+ }
+}
+
+/* Access functions for when a NAND-like device is mapped into memory:
+ * all addresses in the region behave like accesses to the relevant
+ * GPMC_NAND_DATA_i register (which is actually implemented to call these)
+ */
+static uint64_t omap_nand_read(void *opaque, hwaddr addr,
+ unsigned size)
+{
+ struct omap_gpmc_cs_file_s *f = (struct omap_gpmc_cs_file_s *)opaque;
+ uint64_t v;
+ nand_setpins(f->dev, 0, 0, 0, 1, 0);
+ switch (omap_gpmc_devsize(f)) {
+ case OMAP_GPMC_8BIT:
+ v = nand_getio(f->dev);
+ if (size == 1) {
+ return v;
+ }
+ v |= (nand_getio(f->dev) << 8);
+ if (size == 2) {
+ return v;
+ }
+ v |= (nand_getio(f->dev) << 16);
+ v |= (nand_getio(f->dev) << 24);
+ return v;
+ case OMAP_GPMC_16BIT:
+ v = nand_getio(f->dev);
+ if (size == 1) {
+ /* 8 bit read from 16 bit device : probably a guest bug */
+ return v & 0xff;
+ }
+ if (size == 2) {
+ return v;
+ }
+ v |= (nand_getio(f->dev) << 16);
+ return v;
+ default:
+ abort();
+ }
+}
+
+static void omap_nand_setio(DeviceState *dev, uint64_t value,
+ int nandsize, int size)
+{
+ /* Write the specified value to the NAND device, respecting
+ * both size of the NAND device and size of the write access.
+ */
+ switch (nandsize) {
+ case OMAP_GPMC_8BIT:
+ switch (size) {
+ case 1:
+ nand_setio(dev, value & 0xff);
+ break;
+ case 2:
+ nand_setio(dev, value & 0xff);
+ nand_setio(dev, (value >> 8) & 0xff);
+ break;
+ case 4:
+ default:
+ nand_setio(dev, value & 0xff);
+ nand_setio(dev, (value >> 8) & 0xff);
+ nand_setio(dev, (value >> 16) & 0xff);
+ nand_setio(dev, (value >> 24) & 0xff);
+ break;
+ }
+ break;
+ case OMAP_GPMC_16BIT:
+ switch (size) {
+ case 1:
+ /* writing to a 16bit device with 8bit access is probably a guest
+ * bug; pass the value through anyway.
+ */
+ case 2:
+ nand_setio(dev, value & 0xffff);
+ break;
+ case 4:
+ default:
+ nand_setio(dev, value & 0xffff);
+ nand_setio(dev, (value >> 16) & 0xffff);
+ break;
+ }
+ break;
+ }
+}
+
+static void omap_nand_write(void *opaque, hwaddr addr,
+ uint64_t value, unsigned size)
+{
+ struct omap_gpmc_cs_file_s *f = (struct omap_gpmc_cs_file_s *)opaque;
+ nand_setpins(f->dev, 0, 0, 0, 1, 0);
+ omap_nand_setio(f->dev, value, omap_gpmc_devsize(f), size);
+}
+
+static const MemoryRegionOps omap_nand_ops = {
+ .read = omap_nand_read,
+ .write = omap_nand_write,
+ .endianness = DEVICE_NATIVE_ENDIAN,
+};
+
+static void fill_prefetch_fifo(struct omap_gpmc_s *s)
+{
+ /* Fill the prefetch FIFO by reading data from NAND.
+ * We do this synchronously, unlike the hardware which
+ * will do this asynchronously. We refill when the
+ * FIFO has THRESHOLD bytes free, and we always refill
+ * as much data as possible starting at the top end
+ * of the FIFO.
+ * (We have to refill at THRESHOLD rather than waiting
+ * for the FIFO to empty to allow for the case where
+ * the FIFO size isn't an exact multiple of THRESHOLD
+ * and we're doing DMA transfers.)
+ * This means we never need to handle wrap-around in
+ * the fifo-reading code, and the next byte of data
+ * to read is always fifo[63 - fifopointer].
+ */
+ int fptr;
+ int cs = prefetch_cs(s->prefetch.config1);
+ int is16bit = (((s->cs_file[cs].config[0] >> 12) & 3) != 0);
+ int bytes;
+ /* Don't believe the bit of the OMAP TRM that says that COUNTVALUE
+ * and TRANSFERCOUNT are in units of 16 bit words for 16 bit NAND.
+ * Instead believe the bit that says it is always a byte count.
+ */
+ bytes = 64 - s->prefetch.fifopointer;
+ if (bytes > s->prefetch.count) {
+ bytes = s->prefetch.count;
+ }
+ s->prefetch.count -= bytes;
+ s->prefetch.fifopointer += bytes;
+ fptr = 64 - s->prefetch.fifopointer;
+ /* Move the existing data in the FIFO so it sits just
+ * before what we're about to read in
+ */
+ while (fptr < (64 - bytes)) {
+ s->prefetch.fifo[fptr] = s->prefetch.fifo[fptr + bytes];
+ fptr++;
+ }
+ while (fptr < 64) {
+ if (is16bit) {
+ uint32_t v = omap_nand_read(&s->cs_file[cs], 0, 2);
+ s->prefetch.fifo[fptr++] = v & 0xff;
+ s->prefetch.fifo[fptr++] = (v >> 8) & 0xff;
+ } else {
+ s->prefetch.fifo[fptr++] = omap_nand_read(&s->cs_file[cs], 0, 1);
+ }
+ }
+ if (s->prefetch.startengine && (s->prefetch.count == 0)) {
+ /* This was the final transfer: raise TERMINALCOUNTSTATUS */
+ s->irqst |= 2;
+ s->prefetch.startengine = 0;
+ }
+ /* If there are any bytes in the FIFO at this point then
+ * we must raise a DMA request (either this is a final part
+ * transfer, or we filled the FIFO in which case we certainly
+ * have THRESHOLD bytes available)
+ */
+ if (s->prefetch.fifopointer != 0) {
+ omap_gpmc_dma_update(s, 1);
+ }
+ omap_gpmc_int_update(s);
+}
+
+/* Access functions for a NAND-like device when the prefetch/postwrite
+ * engine is enabled -- all addresses in the region behave alike:
+ * data is read or written to the FIFO.
+ */
+static uint64_t omap_gpmc_prefetch_read(void *opaque, hwaddr addr,
+ unsigned size)
+{
+ struct omap_gpmc_s *s = (struct omap_gpmc_s *) opaque;
+ uint32_t data;
+ if (s->prefetch.config1 & 1) {
+ /* The TRM doesn't define the behaviour if you read from the
+ * FIFO when the prefetch engine is in write mode. We choose
+ * to always return zero.
+ */
+ return 0;
+ }
+ /* Note that trying to read an empty fifo repeats the last byte */
+ if (s->prefetch.fifopointer) {
+ s->prefetch.fifopointer--;
+ }
+ data = s->prefetch.fifo[63 - s->prefetch.fifopointer];
+ if (s->prefetch.fifopointer ==
+ (64 - prefetch_threshold(s->prefetch.config1))) {
+ /* We've drained THRESHOLD bytes now. So deassert the
+ * DMA request, then refill the FIFO (which will probably
+ * assert it again.)
+ */
+ omap_gpmc_dma_update(s, 0);
+ fill_prefetch_fifo(s);
+ }
+ omap_gpmc_int_update(s);
+ return data;
+}
+
+static void omap_gpmc_prefetch_write(void *opaque, hwaddr addr,
+ uint64_t value, unsigned size)
+{
+ struct omap_gpmc_s *s = (struct omap_gpmc_s *) opaque;
+ int cs = prefetch_cs(s->prefetch.config1);
+ if ((s->prefetch.config1 & 1) == 0) {
+ /* The TRM doesn't define the behaviour of writing to the
+ * FIFO when the prefetch engine is in read mode. We
+ * choose to ignore the write.
+ */
+ return;
+ }
+ if (s->prefetch.count == 0) {
+ /* The TRM doesn't define the behaviour of writing to the
+ * FIFO if the transfer is complete. We choose to ignore.
+ */
+ return;
+ }
+ /* The only reason we do any data buffering in postwrite
+ * mode is if we are talking to a 16 bit NAND device, in
+ * which case we need to buffer the first byte of the
+ * 16 bit word until the other byte arrives.
+ */
+ int is16bit = (((s->cs_file[cs].config[0] >> 12) & 3) != 0);
+ if (is16bit) {
+ /* fifopointer alternates between 64 (waiting for first
+ * byte of word) and 63 (waiting for second byte)
+ */
+ if (s->prefetch.fifopointer == 64) {
+ s->prefetch.fifo[0] = value;
+ s->prefetch.fifopointer--;
+ } else {
+ value = (value << 8) | s->prefetch.fifo[0];
+ omap_nand_write(&s->cs_file[cs], 0, value, 2);
+ s->prefetch.count--;
+ s->prefetch.fifopointer = 64;
+ }
+ } else {
+ /* Just write the byte : fifopointer remains 64 at all times */
+ omap_nand_write(&s->cs_file[cs], 0, value, 1);
+ s->prefetch.count--;
+ }
+ if (s->prefetch.count == 0) {
+ /* Final transfer: raise TERMINALCOUNTSTATUS */
+ s->irqst |= 2;
+ s->prefetch.startengine = 0;
+ }
+ omap_gpmc_int_update(s);
+}
+
+static const MemoryRegionOps omap_prefetch_ops = {
+ .read = omap_gpmc_prefetch_read,
+ .write = omap_gpmc_prefetch_write,
+ .endianness = DEVICE_NATIVE_ENDIAN,
+ .impl.min_access_size = 1,
+ .impl.max_access_size = 1,
+};
+
+static MemoryRegion *omap_gpmc_cs_memregion(struct omap_gpmc_s *s, int cs)
+{
+ /* Return the MemoryRegion* to map/unmap for this chipselect */
+ struct omap_gpmc_cs_file_s *f = &s->cs_file[cs];
+ if (omap_gpmc_devtype(f) == OMAP_GPMC_NOR) {
+ return f->iomem;
+ }
+ if ((s->prefetch.config1 & 0x80) &&
+ (prefetch_cs(s->prefetch.config1) == cs)) {
+ /* The prefetch engine is enabled for this CS: map the FIFO */
+ return &s->prefetch.iomem;
+ }
+ return &f->nandiomem;
+}
+
+static void omap_gpmc_cs_map(struct omap_gpmc_s *s, int cs)
+{
+ struct omap_gpmc_cs_file_s *f = &s->cs_file[cs];
+ uint32_t mask = (f->config[6] >> 8) & 0xf;
+ uint32_t base = f->config[6] & 0x3f;
+ uint32_t size;
+
+ if (!f->iomem && !f->dev) {
+ return;
+ }
+
+ if (!(f->config[6] & (1 << 6))) {
+ /* Do nothing unless CSVALID */
+ return;
+ }
+
+ /* TODO: check for overlapping regions and report access errors */
+ if (mask != 0x8 && mask != 0xc && mask != 0xe && mask != 0xf
+ && !(s->accept_256 && !mask)) {
+ fprintf(stderr, "%s: invalid chip-select mask address (0x%x)\n",
+ __func__, mask);
+ }
+
+ base <<= 24;
+ size = (0x0fffffff & ~(mask << 24)) + 1;
+ /* TODO: rather than setting the size of the mapping (which should be
+ * constant), the mask should cause wrapping of the address space, so
+ * that the same memory becomes accessible at every <i>size</i> bytes
+ * starting from <i>base</i>. */
+ memory_region_init(&f->container, NULL, "omap-gpmc-file", size);
+ memory_region_add_subregion(&f->container, 0,
+ omap_gpmc_cs_memregion(s, cs));
+ memory_region_add_subregion(get_system_memory(), base,
+ &f->container);
+}
+
+static void omap_gpmc_cs_unmap(struct omap_gpmc_s *s, int cs)
+{
+ struct omap_gpmc_cs_file_s *f = &s->cs_file[cs];
+ if (!(f->config[6] & (1 << 6))) {
+ /* Do nothing unless CSVALID */
+ return;
+ }
+ if (!f->iomem && !f->dev) {
+ return;
+ }
+ memory_region_del_subregion(get_system_memory(), &f->container);
+ memory_region_del_subregion(&f->container, omap_gpmc_cs_memregion(s, cs));
+ memory_region_destroy(&f->container);
+}
+
+void omap_gpmc_reset(struct omap_gpmc_s *s)
+{
+ int i;
+
+ s->sysconfig = 0;
+ s->irqst = 0;
+ s->irqen = 0;
+ omap_gpmc_int_update(s);
+ for (i = 0; i < 8; i++) {
+ /* This has to happen before we change any of the config
+ * used to determine which memory regions are mapped or unmapped.
+ */
+ omap_gpmc_cs_unmap(s, i);
+ }
+ s->timeout = 0;
+ s->config = 0xa00;
+ s->prefetch.config1 = 0x00004000;
+ s->prefetch.transfercount = 0x00000000;
+ s->prefetch.startengine = 0;
+ s->prefetch.fifopointer = 0;
+ s->prefetch.count = 0;
+ for (i = 0; i < 8; i ++) {
+ s->cs_file[i].config[1] = 0x101001;
+ s->cs_file[i].config[2] = 0x020201;
+ s->cs_file[i].config[3] = 0x10031003;
+ s->cs_file[i].config[4] = 0x10f1111;
+ s->cs_file[i].config[5] = 0;
+ s->cs_file[i].config[6] = 0xf00 | (i ? 0 : 1 << 6);
+
+ s->cs_file[i].config[6] = 0xf00;
+ /* In theory we could probe attached devices for some CFG1
+ * bits here, but we just retain them across resets as they
+ * were set initially by omap_gpmc_attach().
+ */
+ if (i == 0) {
+ s->cs_file[i].config[0] &= 0x00433e00;
+ s->cs_file[i].config[6] |= 1 << 6; /* CSVALID */
+ omap_gpmc_cs_map(s, i);
+ } else {
+ s->cs_file[i].config[0] &= 0x00403c00;
+ }
+ }
+ s->ecc_cs = 0;
+ s->ecc_ptr = 0;
+ s->ecc_cfg = 0x3fcff000;
+ for (i = 0; i < 9; i ++)
+ ecc_reset(&s->ecc[i]);
+}
+
+static int gpmc_wordaccess_only(hwaddr addr)
+{
+ /* Return true if the register offset is to a register that
+ * only permits word width accesses.
+ * Non-word accesses are only OK for GPMC_NAND_DATA/ADDRESS/COMMAND
+ * for any chipselect.
+ */
+ if (addr >= 0x60 && addr <= 0x1d4) {
+ int cs = (addr - 0x60) / 0x30;
+ addr -= cs * 0x30;
+ if (addr >= 0x7c && addr < 0x88) {
+ /* GPMC_NAND_COMMAND, GPMC_NAND_ADDRESS, GPMC_NAND_DATA */
+ return 0;
+ }
+ }
+ return 1;
+}
+
+static uint64_t omap_gpmc_read(void *opaque, hwaddr addr,
+ unsigned size)
+{
+ struct omap_gpmc_s *s = (struct omap_gpmc_s *) opaque;
+ int cs;
+ struct omap_gpmc_cs_file_s *f;
+
+ if (size != 4 && gpmc_wordaccess_only(addr)) {
+ return omap_badwidth_read32(opaque, addr);
+ }
+
+ switch (addr) {
+ case 0x000: /* GPMC_REVISION */
+ return s->revision;
+
+ case 0x010: /* GPMC_SYSCONFIG */
+ return s->sysconfig;
+
+ case 0x014: /* GPMC_SYSSTATUS */
+ return 1; /* RESETDONE */
+
+ case 0x018: /* GPMC_IRQSTATUS */
+ return s->irqst;
+
+ case 0x01c: /* GPMC_IRQENABLE */
+ return s->irqen;
+
+ case 0x040: /* GPMC_TIMEOUT_CONTROL */
+ return s->timeout;
+
+ case 0x044: /* GPMC_ERR_ADDRESS */
+ case 0x048: /* GPMC_ERR_TYPE */
+ return 0;
+
+ case 0x050: /* GPMC_CONFIG */
+ return s->config;
+
+ case 0x054: /* GPMC_STATUS */
+ return 0x001;
+
+ case 0x060 ... 0x1d4:
+ cs = (addr - 0x060) / 0x30;
+ addr -= cs * 0x30;
+ f = s->cs_file + cs;
+ switch (addr) {
+ case 0x60: /* GPMC_CONFIG1 */
+ return f->config[0];
+ case 0x64: /* GPMC_CONFIG2 */
+ return f->config[1];
+ case 0x68: /* GPMC_CONFIG3 */
+ return f->config[2];
+ case 0x6c: /* GPMC_CONFIG4 */
+ return f->config[3];
+ case 0x70: /* GPMC_CONFIG5 */
+ return f->config[4];
+ case 0x74: /* GPMC_CONFIG6 */
+ return f->config[5];
+ case 0x78: /* GPMC_CONFIG7 */
+ return f->config[6];
+ case 0x84 ... 0x87: /* GPMC_NAND_DATA */
+ if (omap_gpmc_devtype(f) == OMAP_GPMC_NAND) {
+ return omap_nand_read(f, 0, size);
+ }
+ return 0;
+ }
+ break;
+
+ case 0x1e0: /* GPMC_PREFETCH_CONFIG1 */
+ return s->prefetch.config1;
+ case 0x1e4: /* GPMC_PREFETCH_CONFIG2 */
+ return s->prefetch.transfercount;
+ case 0x1ec: /* GPMC_PREFETCH_CONTROL */
+ return s->prefetch.startengine;
+ case 0x1f0: /* GPMC_PREFETCH_STATUS */
+ /* NB: The OMAP3 TRM is inconsistent about whether the GPMC
+ * FIFOTHRESHOLDSTATUS bit should be set when
+ * FIFOPOINTER > FIFOTHRESHOLD or when it is >= FIFOTHRESHOLD.
+ * Apparently the underlying functional spec from which the TRM was
+ * created states that the behaviour is ">=", and this also
+ * makes more conceptual sense.
+ */
+ return (s->prefetch.fifopointer << 24) |
+ ((s->prefetch.fifopointer >=
+ ((s->prefetch.config1 >> 8) & 0x7f) ? 1 : 0) << 16) |
+ s->prefetch.count;
+
+ case 0x1f4: /* GPMC_ECC_CONFIG */
+ return s->ecc_cs;
+ case 0x1f8: /* GPMC_ECC_CONTROL */
+ return s->ecc_ptr;
+ case 0x1fc: /* GPMC_ECC_SIZE_CONFIG */
+ return s->ecc_cfg;
+ case 0x200 ... 0x220: /* GPMC_ECC_RESULT */
+ cs = (addr & 0x1f) >> 2;
+ /* TODO: check correctness */
+ return
+ ((s->ecc[cs].cp & 0x07) << 0) |
+ ((s->ecc[cs].cp & 0x38) << 13) |
+ ((s->ecc[cs].lp[0] & 0x1ff) << 3) |
+ ((s->ecc[cs].lp[1] & 0x1ff) << 19);
+
+ case 0x230: /* GPMC_TESTMODE_CTRL */
+ return 0;
+ case 0x234: /* GPMC_PSA_LSB */
+ case 0x238: /* GPMC_PSA_MSB */
+ return 0x00000000;
+ }
+
+ OMAP_BAD_REG(addr);
+ return 0;
+}
+
+static void omap_gpmc_write(void *opaque, hwaddr addr,
+ uint64_t value, unsigned size)
+{
+ struct omap_gpmc_s *s = (struct omap_gpmc_s *) opaque;
+ int cs;
+ struct omap_gpmc_cs_file_s *f;
+
+ if (size != 4 && gpmc_wordaccess_only(addr)) {
+ return omap_badwidth_write32(opaque, addr, value);
+ }
+
+ switch (addr) {
+ case 0x000: /* GPMC_REVISION */
+ case 0x014: /* GPMC_SYSSTATUS */
+ case 0x054: /* GPMC_STATUS */
+ case 0x1f0: /* GPMC_PREFETCH_STATUS */
+ case 0x200 ... 0x220: /* GPMC_ECC_RESULT */
+ case 0x234: /* GPMC_PSA_LSB */
+ case 0x238: /* GPMC_PSA_MSB */
+ OMAP_RO_REG(addr);
+ break;
+
+ case 0x010: /* GPMC_SYSCONFIG */
+ if ((value >> 3) == 0x3)
+ fprintf(stderr, "%s: bad SDRAM idle mode %"PRIi64"\n",
+ __FUNCTION__, value >> 3);
+ if (value & 2)
+ omap_gpmc_reset(s);
+ s->sysconfig = value & 0x19;
+ break;
+
+ case 0x018: /* GPMC_IRQSTATUS */
+ s->irqst &= ~value;
+ omap_gpmc_int_update(s);
+ break;
+
+ case 0x01c: /* GPMC_IRQENABLE */
+ s->irqen = value & 0xf03;
+ omap_gpmc_int_update(s);
+ break;
+
+ case 0x040: /* GPMC_TIMEOUT_CONTROL */
+ s->timeout = value & 0x1ff1;
+ break;
+
+ case 0x044: /* GPMC_ERR_ADDRESS */
+ case 0x048: /* GPMC_ERR_TYPE */
+ break;
+
+ case 0x050: /* GPMC_CONFIG */
+ s->config = value & 0xf13;
+ break;
+
+ case 0x060 ... 0x1d4:
+ cs = (addr - 0x060) / 0x30;
+ addr -= cs * 0x30;
+ f = s->cs_file + cs;
+ switch (addr) {
+ case 0x60: /* GPMC_CONFIG1 */
+ f->config[0] = value & 0xffef3e13;
+ break;
+ case 0x64: /* GPMC_CONFIG2 */
+ f->config[1] = value & 0x001f1f8f;
+ break;
+ case 0x68: /* GPMC_CONFIG3 */
+ f->config[2] = value & 0x001f1f8f;
+ break;
+ case 0x6c: /* GPMC_CONFIG4 */
+ f->config[3] = value & 0x1f8f1f8f;
+ break;
+ case 0x70: /* GPMC_CONFIG5 */
+ f->config[4] = value & 0x0f1f1f1f;
+ break;
+ case 0x74: /* GPMC_CONFIG6 */
+ f->config[5] = value & 0x00000fcf;
+ break;
+ case 0x78: /* GPMC_CONFIG7 */
+ if ((f->config[6] ^ value) & 0xf7f) {
+ omap_gpmc_cs_unmap(s, cs);
+ f->config[6] = value & 0x00000f7f;
+ omap_gpmc_cs_map(s, cs);
+ }
+ break;
+ case 0x7c ... 0x7f: /* GPMC_NAND_COMMAND */
+ if (omap_gpmc_devtype(f) == OMAP_GPMC_NAND) {
+ nand_setpins(f->dev, 1, 0, 0, 1, 0); /* CLE */
+ omap_nand_setio(f->dev, value, omap_gpmc_devsize(f), size);
+ }
+ break;
+ case 0x80 ... 0x83: /* GPMC_NAND_ADDRESS */
+ if (omap_gpmc_devtype(f) == OMAP_GPMC_NAND) {
+ nand_setpins(f->dev, 0, 1, 0, 1, 0); /* ALE */
+ omap_nand_setio(f->dev, value, omap_gpmc_devsize(f), size);
+ }
+ break;
+ case 0x84 ... 0x87: /* GPMC_NAND_DATA */
+ if (omap_gpmc_devtype(f) == OMAP_GPMC_NAND) {
+ omap_nand_write(f, 0, value, size);
+ }
+ break;
+ default:
+ goto bad_reg;
+ }
+ break;
+
+ case 0x1e0: /* GPMC_PREFETCH_CONFIG1 */
+ if (!s->prefetch.startengine) {
+ uint32_t newconfig1 = value & 0x7f8f7fbf;
+ uint32_t changed;
+ changed = newconfig1 ^ s->prefetch.config1;
+ if (changed & (0x80 | 0x7000000)) {
+ /* Turning the engine on or off, or mapping it somewhere else.
+ * cs_map() and cs_unmap() check the prefetch config and
+ * overall CSVALID bits, so it is sufficient to unmap-and-map
+ * both the old cs and the new one. Note that we adhere to
+ * the "unmap/change config/map" order (and not unmap twice
+ * if newcs == oldcs), otherwise we'll try to delete the wrong
+ * memory region.
+ */
+ int oldcs = prefetch_cs(s->prefetch.config1);
+ int newcs = prefetch_cs(newconfig1);
+ omap_gpmc_cs_unmap(s, oldcs);
+ if (oldcs != newcs) {
+ omap_gpmc_cs_unmap(s, newcs);
+ }
+ s->prefetch.config1 = newconfig1;
+ omap_gpmc_cs_map(s, oldcs);
+ if (oldcs != newcs) {
+ omap_gpmc_cs_map(s, newcs);
+ }
+ } else {
+ s->prefetch.config1 = newconfig1;
+ }
+ }
+ break;
+
+ case 0x1e4: /* GPMC_PREFETCH_CONFIG2 */
+ if (!s->prefetch.startengine) {
+ s->prefetch.transfercount = value & 0x3fff;
+ }
+ break;
+
+ case 0x1ec: /* GPMC_PREFETCH_CONTROL */
+ if (s->prefetch.startengine != (value & 1)) {
+ s->prefetch.startengine = value & 1;
+ if (s->prefetch.startengine) {
+ /* Prefetch engine start */
+ s->prefetch.count = s->prefetch.transfercount;
+ if (s->prefetch.config1 & 1) {
+ /* Write */
+ s->prefetch.fifopointer = 64;
+ } else {
+ /* Read */
+ s->prefetch.fifopointer = 0;
+ fill_prefetch_fifo(s);
+ }
+ } else {
+ /* Prefetch engine forcibly stopped. The TRM
+ * doesn't define the behaviour if you do this.
+ * We clear the prefetch count, which means that
+ * we permit no more writes, and don't read any
+ * more data from NAND. The CPU can still drain
+ * the FIFO of unread data.
+ */
+ s->prefetch.count = 0;
+ }
+ omap_gpmc_int_update(s);
+ }
+ break;
+
+ case 0x1f4: /* GPMC_ECC_CONFIG */
+ s->ecc_cs = 0x8f;
+ break;
+ case 0x1f8: /* GPMC_ECC_CONTROL */
+ if (value & (1 << 8))
+ for (cs = 0; cs < 9; cs ++)
+ ecc_reset(&s->ecc[cs]);
+ s->ecc_ptr = value & 0xf;
+ if (s->ecc_ptr == 0 || s->ecc_ptr > 9) {
+ s->ecc_ptr = 0;
+ s->ecc_cs &= ~1;
+ }
+ break;
+ case 0x1fc: /* GPMC_ECC_SIZE_CONFIG */
+ s->ecc_cfg = value & 0x3fcff1ff;
+ break;
+ case 0x230: /* GPMC_TESTMODE_CTRL */
+ if (value & 7)
+ fprintf(stderr, "%s: test mode enable attempt\n", __FUNCTION__);
+ break;
+
+ default:
+ bad_reg:
+ OMAP_BAD_REG(addr);
+ return;
+ }
+}
+
+static const MemoryRegionOps omap_gpmc_ops = {
+ .read = omap_gpmc_read,
+ .write = omap_gpmc_write,
+ .endianness = DEVICE_NATIVE_ENDIAN,
+};
+
+struct omap_gpmc_s *omap_gpmc_init(struct omap_mpu_state_s *mpu,
+ hwaddr base,
+ qemu_irq irq, qemu_irq drq)
+{
+ int cs;
+ struct omap_gpmc_s *s = (struct omap_gpmc_s *)
+ g_malloc0(sizeof(struct omap_gpmc_s));
+
+ memory_region_init_io(&s->iomem, NULL, &omap_gpmc_ops, s, "omap-gpmc", 0x1000);
+ memory_region_add_subregion(get_system_memory(), base, &s->iomem);
+
+ s->irq = irq;
+ s->drq = drq;
+ s->accept_256 = cpu_is_omap3630(mpu);
+ s->revision = cpu_class_omap3(mpu) ? 0x50 : 0x20;
+ s->lastirq = 0;
+ omap_gpmc_reset(s);
+
+ /* We have to register a different IO memory handler for each
+ * chip select region in case a NAND device is mapped there. We
+ * make the region the worst-case size of 256MB and rely on the
+ * container memory region in cs_map to chop it down to the actual
+ * guest-requested size.
+ */
+ for (cs = 0; cs < 8; cs++) {
+ memory_region_init_io(&s->cs_file[cs].nandiomem, NULL,
+ &omap_nand_ops,
+ &s->cs_file[cs],
+ "omap-nand",
+ 256 * 1024 * 1024);
+ }
+
+ memory_region_init_io(&s->prefetch.iomem, NULL, &omap_prefetch_ops, s,
+ "omap-gpmc-prefetch", 256 * 1024 * 1024);
+ return s;
+}
+
+void omap_gpmc_attach(struct omap_gpmc_s *s, int cs, MemoryRegion *iomem)
+{
+ struct omap_gpmc_cs_file_s *f;
+ assert(iomem);
+
+ if (cs < 0 || cs >= 8) {
+ fprintf(stderr, "%s: bad chip-select %i\n", __FUNCTION__, cs);
+ exit(-1);
+ }
+ f = &s->cs_file[cs];
+
+ omap_gpmc_cs_unmap(s, cs);
+ f->config[0] &= ~(0xf << 10);
+ f->iomem = iomem;
+ omap_gpmc_cs_map(s, cs);
+}
+
+void omap_gpmc_attach_nand(struct omap_gpmc_s *s, int cs, DeviceState *nand)
+{
+ struct omap_gpmc_cs_file_s *f;
+ assert(nand);
+
+ if (cs < 0 || cs >= 8) {
+ fprintf(stderr, "%s: bad chip-select %i\n", __func__, cs);
+ exit(-1);
+ }
+ f = &s->cs_file[cs];
+
+ omap_gpmc_cs_unmap(s, cs);
+ f->config[0] &= ~(0xf << 10);
+ f->config[0] |= (OMAP_GPMC_NAND << 10);
+ f->dev = nand;
+ if (nand_getbuswidth(f->dev) == 16) {
+ f->config[0] |= OMAP_GPMC_16BIT << 12;
+ }
+ omap_gpmc_cs_map(s, cs);
+}
diff --git a/hw/misc/omap_l4.c b/hw/misc/omap_l4.c
new file mode 100644
index 000000000..f2372500c
--- /dev/null
+++ b/hw/misc/omap_l4.c
@@ -0,0 +1,162 @@
+/*
+ * TI OMAP L4 interconnect emulation.
+ *
+ * Copyright (C) 2007-2009 Nokia Corporation
+ * Written by Andrzej Zaborowski <andrew@openedhand.com>
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License as
+ * published by the Free Software Foundation; either version 2 or
+ * (at your option) any later version of the License.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+#include "hw/hw.h"
+#include "hw/arm/omap.h"
+
+struct omap_l4_s {
+ MemoryRegion *address_space;
+ hwaddr base;
+ int ta_num;
+ struct omap_target_agent_s ta[0];
+};
+
+struct omap_l4_s *omap_l4_init(MemoryRegion *address_space,
+ hwaddr base, int ta_num)
+{
+ struct omap_l4_s *bus = g_malloc0(
+ sizeof(*bus) + ta_num * sizeof(*bus->ta));
+
+ bus->address_space = address_space;
+ bus->ta_num = ta_num;
+ bus->base = base;
+
+ return bus;
+}
+
+hwaddr omap_l4_region_base(struct omap_target_agent_s *ta,
+ int region)
+{
+ return ta->bus->base + ta->start[region].offset;
+}
+
+hwaddr omap_l4_region_size(struct omap_target_agent_s *ta,
+ int region)
+{
+ return ta->start[region].size;
+}
+
+static uint64_t omap_l4ta_read(void *opaque, hwaddr addr,
+ unsigned size)
+{
+ struct omap_target_agent_s *s = (struct omap_target_agent_s *) opaque;
+
+ if (size != 2) {
+ return omap_badwidth_read16(opaque, addr);
+ }
+
+ switch (addr) {
+ case 0x00: /* COMPONENT */
+ return s->component;
+
+ case 0x20: /* AGENT_CONTROL */
+ return s->control;
+
+ case 0x28: /* AGENT_STATUS */
+ return s->status;
+ }
+
+ OMAP_BAD_REG(addr);
+ return 0;
+}
+
+static void omap_l4ta_write(void *opaque, hwaddr addr,
+ uint64_t value, unsigned size)
+{
+ struct omap_target_agent_s *s = (struct omap_target_agent_s *) opaque;
+
+ if (size != 4) {
+ return omap_badwidth_write32(opaque, addr, value);
+ }
+
+ switch (addr) {
+ case 0x00: /* COMPONENT */
+ case 0x28: /* AGENT_STATUS */
+ OMAP_RO_REG(addr);
+ break;
+
+ case 0x20: /* AGENT_CONTROL */
+ s->control = value & 0x01000700;
+ if (value & 1) /* OCP_RESET */
+ s->status &= ~1; /* REQ_TIMEOUT */
+ break;
+
+ default:
+ OMAP_BAD_REG(addr);
+ }
+}
+
+static const MemoryRegionOps omap_l4ta_ops = {
+ .read = omap_l4ta_read,
+ .write = omap_l4ta_write,
+ .endianness = DEVICE_NATIVE_ENDIAN,
+};
+
+struct omap_target_agent_s *omap_l4ta_get(struct omap_l4_s *bus,
+ const struct omap_l4_region_s *regions,
+ const struct omap_l4_agent_info_s *agents,
+ int cs)
+{
+ int i;
+ struct omap_target_agent_s *ta = NULL;
+ const struct omap_l4_agent_info_s *info = NULL;
+
+ for (i = 0; i < bus->ta_num; i ++)
+ if (agents[i].ta == cs) {
+ ta = &bus->ta[i];
+ info = &agents[i];
+ break;
+ }
+ if (!ta) {
+ fprintf(stderr, "%s: bad target agent (%i)\n", __FUNCTION__, cs);
+ exit(-1);
+ }
+
+ ta->bus = bus;
+ ta->start = &regions[info->region];
+ ta->regions = info->regions;
+
+ ta->component = ('Q' << 24) | ('E' << 16) | ('M' << 8) | ('U' << 0);
+ ta->status = 0x00000000;
+ ta->control = 0x00000200; /* XXX 01000200 for L4TAO */
+
+ memory_region_init_io(&ta->iomem, NULL, &omap_l4ta_ops, ta, "omap.l4ta",
+ omap_l4_region_size(ta, info->ta_region));
+ omap_l4_attach(ta, info->ta_region, &ta->iomem);
+
+ return ta;
+}
+
+hwaddr omap_l4_attach(struct omap_target_agent_s *ta,
+ int region, MemoryRegion *mr)
+{
+ hwaddr base;
+
+ if (region < 0 || region >= ta->regions) {
+ fprintf(stderr, "%s: bad io region (%i)\n", __FUNCTION__, region);
+ exit(-1);
+ }
+
+ base = ta->bus->base + ta->start[region].offset;
+ if (mr) {
+ memory_region_add_subregion(ta->bus->address_space, base, mr);
+ }
+
+ return base;
+}
diff --git a/hw/misc/omap_sdrc.c b/hw/misc/omap_sdrc.c
new file mode 100644
index 000000000..ed62caf03
--- /dev/null
+++ b/hw/misc/omap_sdrc.c
@@ -0,0 +1,168 @@
+/*
+ * TI OMAP SDRAM controller emulation.
+ *
+ * Copyright (C) 2007-2008 Nokia Corporation
+ * Written by Andrzej Zaborowski <andrew@openedhand.com>
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License as
+ * published by the Free Software Foundation; either version 2 or
+ * (at your option) any later version of the License.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+#include "hw/hw.h"
+#include "hw/arm/omap.h"
+
+/* SDRAM Controller Subsystem */
+struct omap_sdrc_s {
+ MemoryRegion iomem;
+ uint8_t config;
+};
+
+void omap_sdrc_reset(struct omap_sdrc_s *s)
+{
+ s->config = 0x10;
+}
+
+static uint64_t omap_sdrc_read(void *opaque, hwaddr addr,
+ unsigned size)
+{
+ struct omap_sdrc_s *s = (struct omap_sdrc_s *) opaque;
+
+ if (size != 4) {
+ return omap_badwidth_read32(opaque, addr);
+ }
+
+ switch (addr) {
+ case 0x00: /* SDRC_REVISION */
+ return 0x20;
+
+ case 0x10: /* SDRC_SYSCONFIG */
+ return s->config;
+
+ case 0x14: /* SDRC_SYSSTATUS */
+ return 1; /* RESETDONE */
+
+ case 0x40: /* SDRC_CS_CFG */
+ case 0x44: /* SDRC_SHARING */
+ case 0x48: /* SDRC_ERR_ADDR */
+ case 0x4c: /* SDRC_ERR_TYPE */
+ case 0x60: /* SDRC_DLLA_SCTRL */
+ case 0x64: /* SDRC_DLLA_STATUS */
+ case 0x68: /* SDRC_DLLB_CTRL */
+ case 0x6c: /* SDRC_DLLB_STATUS */
+ case 0x70: /* SDRC_POWER */
+ case 0x80: /* SDRC_MCFG_0 */
+ case 0x84: /* SDRC_MR_0 */
+ case 0x88: /* SDRC_EMR1_0 */
+ case 0x8c: /* SDRC_EMR2_0 */
+ case 0x90: /* SDRC_EMR3_0 */
+ case 0x94: /* SDRC_DCDL1_CTRL */
+ case 0x98: /* SDRC_DCDL2_CTRL */
+ case 0x9c: /* SDRC_ACTIM_CTRLA_0 */
+ case 0xa0: /* SDRC_ACTIM_CTRLB_0 */
+ case 0xa4: /* SDRC_RFR_CTRL_0 */
+ case 0xa8: /* SDRC_MANUAL_0 */
+ case 0xb0: /* SDRC_MCFG_1 */
+ case 0xb4: /* SDRC_MR_1 */
+ case 0xb8: /* SDRC_EMR1_1 */
+ case 0xbc: /* SDRC_EMR2_1 */
+ case 0xc0: /* SDRC_EMR3_1 */
+ case 0xc4: /* SDRC_ACTIM_CTRLA_1 */
+ case 0xc8: /* SDRC_ACTIM_CTRLB_1 */
+ case 0xd4: /* SDRC_RFR_CTRL_1 */
+ case 0xd8: /* SDRC_MANUAL_1 */
+ return 0x00;
+ }
+
+ OMAP_BAD_REG(addr);
+ return 0;
+}
+
+static void omap_sdrc_write(void *opaque, hwaddr addr,
+ uint64_t value, unsigned size)
+{
+ struct omap_sdrc_s *s = (struct omap_sdrc_s *) opaque;
+
+ if (size != 4) {
+ return omap_badwidth_write32(opaque, addr, value);
+ }
+
+ switch (addr) {
+ case 0x00: /* SDRC_REVISION */
+ case 0x14: /* SDRC_SYSSTATUS */
+ case 0x48: /* SDRC_ERR_ADDR */
+ case 0x64: /* SDRC_DLLA_STATUS */
+ case 0x6c: /* SDRC_DLLB_STATUS */
+ OMAP_RO_REG(addr);
+ return;
+
+ case 0x10: /* SDRC_SYSCONFIG */
+ if ((value >> 3) != 0x2)
+ fprintf(stderr, "%s: bad SDRAM idle mode %i\n",
+ __FUNCTION__, (unsigned)value >> 3);
+ if (value & 2)
+ omap_sdrc_reset(s);
+ s->config = value & 0x18;
+ break;
+
+ case 0x40: /* SDRC_CS_CFG */
+ case 0x44: /* SDRC_SHARING */
+ case 0x4c: /* SDRC_ERR_TYPE */
+ case 0x60: /* SDRC_DLLA_SCTRL */
+ case 0x68: /* SDRC_DLLB_CTRL */
+ case 0x70: /* SDRC_POWER */
+ case 0x80: /* SDRC_MCFG_0 */
+ case 0x84: /* SDRC_MR_0 */
+ case 0x88: /* SDRC_EMR1_0 */
+ case 0x8c: /* SDRC_EMR2_0 */
+ case 0x90: /* SDRC_EMR3_0 */
+ case 0x94: /* SDRC_DCDL1_CTRL */
+ case 0x98: /* SDRC_DCDL2_CTRL */
+ case 0x9c: /* SDRC_ACTIM_CTRLA_0 */
+ case 0xa0: /* SDRC_ACTIM_CTRLB_0 */
+ case 0xa4: /* SDRC_RFR_CTRL_0 */
+ case 0xa8: /* SDRC_MANUAL_0 */
+ case 0xb0: /* SDRC_MCFG_1 */
+ case 0xb4: /* SDRC_MR_1 */
+ case 0xb8: /* SDRC_EMR1_1 */
+ case 0xbc: /* SDRC_EMR2_1 */
+ case 0xc0: /* SDRC_EMR3_1 */
+ case 0xc4: /* SDRC_ACTIM_CTRLA_1 */
+ case 0xc8: /* SDRC_ACTIM_CTRLB_1 */
+ case 0xd4: /* SDRC_RFR_CTRL_1 */
+ case 0xd8: /* SDRC_MANUAL_1 */
+ break;
+
+ default:
+ OMAP_BAD_REG(addr);
+ return;
+ }
+}
+
+static const MemoryRegionOps omap_sdrc_ops = {
+ .read = omap_sdrc_read,
+ .write = omap_sdrc_write,
+ .endianness = DEVICE_NATIVE_ENDIAN,
+};
+
+struct omap_sdrc_s *omap_sdrc_init(MemoryRegion *sysmem,
+ hwaddr base)
+{
+ struct omap_sdrc_s *s = (struct omap_sdrc_s *)
+ g_malloc0(sizeof(struct omap_sdrc_s));
+
+ omap_sdrc_reset(s);
+
+ memory_region_init_io(&s->iomem, NULL, &omap_sdrc_ops, s, "omap.sdrc", 0x1000);
+ memory_region_add_subregion(sysmem, base, &s->iomem);
+
+ return s;
+}
diff --git a/hw/misc/omap_tap.c b/hw/misc/omap_tap.c
new file mode 100644
index 000000000..9d2b71014
--- /dev/null
+++ b/hw/misc/omap_tap.c
@@ -0,0 +1,116 @@
+/*
+ * TI OMAP TEST-Chip-level TAP emulation.
+ *
+ * Copyright (C) 2007-2008 Nokia Corporation
+ * Written by Andrzej Zaborowski <andrew@openedhand.com>
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License as
+ * published by the Free Software Foundation; either version 2 or
+ * (at your option) any later version of the License.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "hw/hw.h"
+#include "hw/arm/omap.h"
+
+/* TEST-Chip-level TAP */
+static uint64_t omap_tap_read(void *opaque, hwaddr addr,
+ unsigned size)
+{
+ struct omap_mpu_state_s *s = (struct omap_mpu_state_s *) opaque;
+
+ if (size != 4) {
+ return omap_badwidth_read32(opaque, addr);
+ }
+
+ switch (addr) {
+ case 0x204: /* IDCODE_reg */
+ switch (s->mpu_model) {
+ case omap2420:
+ case omap2422:
+ case omap2423:
+ return 0x5b5d902f; /* ES 2.2 */
+ case omap2430:
+ return 0x5b68a02f; /* ES 2.2 */
+ case omap3430:
+ return 0x1b7ae02f; /* ES 2 */
+ default:
+ hw_error("%s: Bad mpu model\n", __FUNCTION__);
+ }
+
+ case 0x208: /* PRODUCTION_ID_reg for OMAP2 */
+ case 0x210: /* PRODUCTION_ID_reg for OMAP3 */
+ switch (s->mpu_model) {
+ case omap2420:
+ return 0x000254f0; /* POP ESHS2.1.1 in N91/93/95, ES2 in N800 */
+ case omap2422:
+ return 0x000400f0;
+ case omap2423:
+ return 0x000800f0;
+ case omap2430:
+ return 0x000000f0;
+ case omap3430:
+ return 0x000000f0;
+ default:
+ hw_error("%s: Bad mpu model\n", __FUNCTION__);
+ }
+
+ case 0x20c:
+ switch (s->mpu_model) {
+ case omap2420:
+ case omap2422:
+ case omap2423:
+ return 0xcafeb5d9; /* ES 2.2 */
+ case omap2430:
+ return 0xcafeb68a; /* ES 2.2 */
+ case omap3430:
+ return 0xcafeb7ae; /* ES 2 */
+ default:
+ hw_error("%s: Bad mpu model\n", __FUNCTION__);
+ }
+
+ case 0x218: /* DIE_ID_reg */
+ return ('Q' << 24) | ('E' << 16) | ('M' << 8) | ('U' << 0);
+ case 0x21c: /* DIE_ID_reg */
+ return 0x54 << 24;
+ case 0x220: /* DIE_ID_reg */
+ return ('Q' << 24) | ('E' << 16) | ('M' << 8) | ('U' << 0);
+ case 0x224: /* DIE_ID_reg */
+ return ('Q' << 24) | ('E' << 16) | ('M' << 8) | ('U' << 0);
+ }
+
+ OMAP_BAD_REG(addr);
+ return 0;
+}
+
+static void omap_tap_write(void *opaque, hwaddr addr,
+ uint64_t value, unsigned size)
+{
+ if (size != 4) {
+ return omap_badwidth_write32(opaque, addr, value);
+ }
+
+ OMAP_BAD_REG(addr);
+}
+
+static const MemoryRegionOps omap_tap_ops = {
+ .read = omap_tap_read,
+ .write = omap_tap_write,
+ .endianness = DEVICE_NATIVE_ENDIAN,
+};
+
+void omap_tap_init(struct omap_target_agent_s *ta,
+ struct omap_mpu_state_s *mpu)
+{
+ memory_region_init_io(&mpu->tap_iomem, NULL, &omap_tap_ops, mpu, "omap.tap",
+ omap_l4_region_size(ta, 0));
+ omap_l4_attach(ta, 0, &mpu->tap_iomem);
+}
diff --git a/hw/misc/pc-testdev.c b/hw/misc/pc-testdev.c
new file mode 100644
index 000000000..18e94e07b
--- /dev/null
+++ b/hw/misc/pc-testdev.c
@@ -0,0 +1,207 @@
+/*
+ * QEMU x86 ISA testdev
+ *
+ * Copyright (c) 2012 Avi Kivity, Gerd Hoffmann, Marcelo Tosatti
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+/*
+ * This device is used to test KVM features specific to the x86 port, such
+ * as emulation, power management, interrupt routing, among others. It's meant
+ * to be used like:
+ *
+ * qemu-system-x86_64 -device pc-testdev -serial stdio \
+ * -device isa-debug-exit,iobase=0xf4,iosize=0x4 \
+ * -kernel /home/lmr/Code/virt-test.git/kvm/unittests/msr.flat
+ *
+ * Where msr.flat is one of the KVM unittests, present on a separate repo,
+ * git://git.kernel.org/pub/scm/virt/kvm/kvm-unit-tests.git
+*/
+
+#include "config-host.h"
+#if defined(CONFIG_POSIX)
+#include <sys/mman.h>
+#endif
+#include "hw/hw.h"
+#include "hw/qdev.h"
+#include "hw/isa/isa.h"
+
+#define IOMEM_LEN 0x10000
+
+typedef struct PCTestdev {
+ ISADevice parent_obj;
+
+ MemoryRegion ioport;
+ MemoryRegion ioport_byte;
+ MemoryRegion flush;
+ MemoryRegion irq;
+ MemoryRegion iomem;
+ uint32_t ioport_data;
+ char iomem_buf[IOMEM_LEN];
+} PCTestdev;
+
+#define TYPE_TESTDEV "pc-testdev"
+#define TESTDEV(obj) \
+ OBJECT_CHECK(PCTestdev, (obj), TYPE_TESTDEV)
+
+static void test_irq_line(void *opaque, hwaddr addr, uint64_t data,
+ unsigned len)
+{
+ PCTestdev *dev = opaque;
+ ISADevice *isa = ISA_DEVICE(dev);
+
+ qemu_set_irq(isa_get_irq(isa, addr), !!data);
+}
+
+static const MemoryRegionOps test_irq_ops = {
+ .write = test_irq_line,
+ .valid.min_access_size = 1,
+ .valid.max_access_size = 1,
+ .endianness = DEVICE_LITTLE_ENDIAN,
+};
+
+static void test_ioport_write(void *opaque, hwaddr addr, uint64_t data,
+ unsigned len)
+{
+ PCTestdev *dev = opaque;
+ int bits = len * 8;
+ int start_bit = (addr & 3) * 8;
+ uint32_t mask = ((uint32_t)-1 >> (32 - bits)) << start_bit;
+ dev->ioport_data &= ~mask;
+ dev->ioport_data |= data << start_bit;
+}
+
+static uint64_t test_ioport_read(void *opaque, hwaddr addr, unsigned len)
+{
+ PCTestdev *dev = opaque;
+ int bits = len * 8;
+ int start_bit = (addr & 3) * 8;
+ uint32_t mask = ((uint32_t)-1 >> (32 - bits)) << start_bit;
+ return (dev->ioport_data & mask) >> start_bit;
+}
+
+static const MemoryRegionOps test_ioport_ops = {
+ .read = test_ioport_read,
+ .write = test_ioport_write,
+ .endianness = DEVICE_LITTLE_ENDIAN,
+};
+
+static const MemoryRegionOps test_ioport_byte_ops = {
+ .read = test_ioport_read,
+ .write = test_ioport_write,
+ .valid.min_access_size = 1,
+ .valid.max_access_size = 4,
+ .impl.min_access_size = 1,
+ .impl.max_access_size = 1,
+ .endianness = DEVICE_LITTLE_ENDIAN,
+};
+
+static void test_flush_page(void *opaque, hwaddr addr, uint64_t data,
+ unsigned len)
+{
+ hwaddr page = 4096;
+ void *a = cpu_physical_memory_map(data & ~0xffful, &page, 0);
+
+ /* We might not be able to get the full page, only mprotect what we actually
+ have mapped */
+#if defined(CONFIG_POSIX)
+ mprotect(a, page, PROT_NONE);
+ mprotect(a, page, PROT_READ|PROT_WRITE);
+#endif
+ cpu_physical_memory_unmap(a, page, 0, 0);
+}
+
+static const MemoryRegionOps test_flush_ops = {
+ .write = test_flush_page,
+ .valid.min_access_size = 4,
+ .valid.max_access_size = 4,
+ .endianness = DEVICE_LITTLE_ENDIAN,
+};
+
+static uint64_t test_iomem_read(void *opaque, hwaddr addr, unsigned len)
+{
+ PCTestdev *dev = opaque;
+ uint64_t ret = 0;
+ memcpy(&ret, &dev->iomem_buf[addr], len);
+
+ return ret;
+}
+
+static void test_iomem_write(void *opaque, hwaddr addr, uint64_t val,
+ unsigned len)
+{
+ PCTestdev *dev = opaque;
+ memcpy(&dev->iomem_buf[addr], &val, len);
+ dev->iomem_buf[addr] = val;
+}
+
+static const MemoryRegionOps test_iomem_ops = {
+ .read = test_iomem_read,
+ .write = test_iomem_write,
+ .endianness = DEVICE_LITTLE_ENDIAN,
+};
+
+static void testdev_realizefn(DeviceState *d, Error **errp)
+{
+ ISADevice *isa = ISA_DEVICE(d);
+ PCTestdev *dev = TESTDEV(d);
+ MemoryRegion *mem = isa_address_space(isa);
+ MemoryRegion *io = isa_address_space_io(isa);
+
+ memory_region_init_io(&dev->ioport, OBJECT(dev), &test_ioport_ops, dev,
+ "pc-testdev-ioport", 4);
+ memory_region_init_io(&dev->ioport_byte, OBJECT(dev),
+ &test_ioport_byte_ops, dev,
+ "pc-testdev-ioport-byte", 4);
+ memory_region_init_io(&dev->flush, OBJECT(dev), &test_flush_ops, dev,
+ "pc-testdev-flush-page", 4);
+ memory_region_init_io(&dev->irq, OBJECT(dev), &test_irq_ops, dev,
+ "pc-testdev-irq-line", 24);
+ memory_region_init_io(&dev->iomem, OBJECT(dev), &test_iomem_ops, dev,
+ "pc-testdev-iomem", IOMEM_LEN);
+
+ memory_region_add_subregion(io, 0xe0, &dev->ioport);
+ memory_region_add_subregion(io, 0xe4, &dev->flush);
+ memory_region_add_subregion(io, 0xe8, &dev->ioport_byte);
+ memory_region_add_subregion(io, 0x2000, &dev->irq);
+ memory_region_add_subregion(mem, 0xff000000, &dev->iomem);
+}
+
+static void testdev_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+
+ set_bit(DEVICE_CATEGORY_MISC, dc->categories);
+ dc->realize = testdev_realizefn;
+}
+
+static const TypeInfo testdev_info = {
+ .name = TYPE_TESTDEV,
+ .parent = TYPE_ISA_DEVICE,
+ .instance_size = sizeof(PCTestdev),
+ .class_init = testdev_class_init,
+};
+
+static void testdev_register_types(void)
+{
+ type_register_static(&testdev_info);
+}
+
+type_init(testdev_register_types)
diff --git a/hw/misc/pci-testdev.c b/hw/misc/pci-testdev.c
new file mode 100644
index 000000000..ca53b3f50
--- /dev/null
+++ b/hw/misc/pci-testdev.c
@@ -0,0 +1,334 @@
+/*
+ * QEMU PCI test device
+ *
+ * Copyright (c) 2012 Red Hat Inc.
+ * Author: Michael S. Tsirkin <mst@redhat.com>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+#include "hw/hw.h"
+#include "hw/pci/pci.h"
+#include "qemu/event_notifier.h"
+#include "qemu/osdep.h"
+
+typedef struct PCITestDevHdr {
+ uint8_t test;
+ uint8_t width;
+ uint8_t pad0[2];
+ uint32_t offset;
+ uint8_t data;
+ uint8_t pad1[3];
+ uint32_t count;
+ uint8_t name[];
+} PCITestDevHdr;
+
+typedef struct IOTest {
+ MemoryRegion *mr;
+ EventNotifier notifier;
+ bool hasnotifier;
+ unsigned size;
+ bool match_data;
+ PCITestDevHdr *hdr;
+ unsigned bufsize;
+} IOTest;
+
+#define IOTEST_DATAMATCH 0xFA
+#define IOTEST_NOMATCH 0xCE
+
+#define IOTEST_IOSIZE 128
+#define IOTEST_MEMSIZE 2048
+
+static const char *iotest_test[] = {
+ "no-eventfd",
+ "wildcard-eventfd",
+ "datamatch-eventfd"
+};
+
+static const char *iotest_type[] = {
+ "mmio",
+ "portio"
+};
+
+#define IOTEST_TEST(i) (iotest_test[((i) % ARRAY_SIZE(iotest_test))])
+#define IOTEST_TYPE(i) (iotest_type[((i) / ARRAY_SIZE(iotest_test))])
+#define IOTEST_MAX_TEST (ARRAY_SIZE(iotest_test))
+#define IOTEST_MAX_TYPE (ARRAY_SIZE(iotest_type))
+#define IOTEST_MAX (IOTEST_MAX_TEST * IOTEST_MAX_TYPE)
+
+enum {
+ IOTEST_ACCESS_NAME,
+ IOTEST_ACCESS_DATA,
+ IOTEST_ACCESS_MAX,
+};
+
+#define IOTEST_ACCESS_TYPE uint8_t
+#define IOTEST_ACCESS_WIDTH (sizeof(uint8_t))
+
+typedef struct PCITestDevState {
+ /*< private >*/
+ PCIDevice parent_obj;
+ /*< public >*/
+
+ MemoryRegion mmio;
+ MemoryRegion portio;
+ IOTest *tests;
+ int current;
+} PCITestDevState;
+
+#define TYPE_PCI_TEST_DEV "pci-testdev"
+
+#define PCI_TEST_DEV(obj) \
+ OBJECT_CHECK(PCITestDevState, (obj), TYPE_PCI_TEST_DEV)
+
+#define IOTEST_IS_MEM(i) (strcmp(IOTEST_TYPE(i), "portio"))
+#define IOTEST_REGION(d, i) (IOTEST_IS_MEM(i) ? &(d)->mmio : &(d)->portio)
+#define IOTEST_SIZE(i) (IOTEST_IS_MEM(i) ? IOTEST_MEMSIZE : IOTEST_IOSIZE)
+#define IOTEST_PCI_BAR(i) (IOTEST_IS_MEM(i) ? PCI_BASE_ADDRESS_SPACE_MEMORY : \
+ PCI_BASE_ADDRESS_SPACE_IO)
+
+static int pci_testdev_start(IOTest *test)
+{
+ test->hdr->count = 0;
+ if (!test->hasnotifier) {
+ return 0;
+ }
+ event_notifier_test_and_clear(&test->notifier);
+ memory_region_add_eventfd(test->mr,
+ le32_to_cpu(test->hdr->offset),
+ test->size,
+ test->match_data,
+ test->hdr->data,
+ &test->notifier);
+ return 0;
+}
+
+static void pci_testdev_stop(IOTest *test)
+{
+ if (!test->hasnotifier) {
+ return;
+ }
+ memory_region_del_eventfd(test->mr,
+ le32_to_cpu(test->hdr->offset),
+ test->size,
+ test->match_data,
+ test->hdr->data,
+ &test->notifier);
+}
+
+static void
+pci_testdev_reset(PCITestDevState *d)
+{
+ if (d->current == -1) {
+ return;
+ }
+ pci_testdev_stop(&d->tests[d->current]);
+ d->current = -1;
+}
+
+static void pci_testdev_inc(IOTest *test, unsigned inc)
+{
+ uint32_t c = le32_to_cpu(test->hdr->count);
+ test->hdr->count = cpu_to_le32(c + inc);
+}
+
+static void
+pci_testdev_write(void *opaque, hwaddr addr, uint64_t val,
+ unsigned size, int type)
+{
+ PCITestDevState *d = opaque;
+ IOTest *test;
+ int t, r;
+
+ if (addr == offsetof(PCITestDevHdr, test)) {
+ pci_testdev_reset(d);
+ if (val >= IOTEST_MAX_TEST) {
+ return;
+ }
+ t = type * IOTEST_MAX_TEST + val;
+ r = pci_testdev_start(&d->tests[t]);
+ if (r < 0) {
+ return;
+ }
+ d->current = t;
+ return;
+ }
+ if (d->current < 0) {
+ return;
+ }
+ test = &d->tests[d->current];
+ if (addr != le32_to_cpu(test->hdr->offset)) {
+ return;
+ }
+ if (test->match_data && test->size != size) {
+ return;
+ }
+ if (test->match_data && val != test->hdr->data) {
+ return;
+ }
+ pci_testdev_inc(test, 1);
+}
+
+static uint64_t
+pci_testdev_read(void *opaque, hwaddr addr, unsigned size)
+{
+ PCITestDevState *d = opaque;
+ const char *buf;
+ IOTest *test;
+ if (d->current < 0) {
+ return 0;
+ }
+ test = &d->tests[d->current];
+ buf = (const char *)test->hdr;
+ if (addr + size >= test->bufsize) {
+ return 0;
+ }
+ if (test->hasnotifier) {
+ event_notifier_test_and_clear(&test->notifier);
+ }
+ return buf[addr];
+}
+
+static void
+pci_testdev_mmio_write(void *opaque, hwaddr addr, uint64_t val,
+ unsigned size)
+{
+ pci_testdev_write(opaque, addr, val, size, 0);
+}
+
+static void
+pci_testdev_pio_write(void *opaque, hwaddr addr, uint64_t val,
+ unsigned size)
+{
+ pci_testdev_write(opaque, addr, val, size, 1);
+}
+
+static const MemoryRegionOps pci_testdev_mmio_ops = {
+ .read = pci_testdev_read,
+ .write = pci_testdev_mmio_write,
+ .endianness = DEVICE_LITTLE_ENDIAN,
+ .impl = {
+ .min_access_size = 1,
+ .max_access_size = 1,
+ },
+};
+
+static const MemoryRegionOps pci_testdev_pio_ops = {
+ .read = pci_testdev_read,
+ .write = pci_testdev_pio_write,
+ .endianness = DEVICE_LITTLE_ENDIAN,
+ .impl = {
+ .min_access_size = 1,
+ .max_access_size = 1,
+ },
+};
+
+static int pci_testdev_init(PCIDevice *pci_dev)
+{
+ PCITestDevState *d = PCI_TEST_DEV(pci_dev);
+ uint8_t *pci_conf;
+ char *name;
+ int r, i;
+
+ pci_conf = pci_dev->config;
+
+ pci_conf[PCI_INTERRUPT_PIN] = 0; /* no interrupt pin */
+
+ memory_region_init_io(&d->mmio, OBJECT(d), &pci_testdev_mmio_ops, d,
+ "pci-testdev-mmio", IOTEST_MEMSIZE * 2);
+ memory_region_init_io(&d->portio, OBJECT(d), &pci_testdev_pio_ops, d,
+ "pci-testdev-portio", IOTEST_IOSIZE * 2);
+ pci_register_bar(pci_dev, 0, PCI_BASE_ADDRESS_SPACE_MEMORY, &d->mmio);
+ pci_register_bar(pci_dev, 1, PCI_BASE_ADDRESS_SPACE_IO, &d->portio);
+
+ d->current = -1;
+ d->tests = g_malloc0(IOTEST_MAX * sizeof *d->tests);
+ for (i = 0; i < IOTEST_MAX; ++i) {
+ IOTest *test = &d->tests[i];
+ name = g_strdup_printf("%s-%s", IOTEST_TYPE(i), IOTEST_TEST(i));
+ test->bufsize = sizeof(PCITestDevHdr) + strlen(name) + 1;
+ test->hdr = g_malloc0(test->bufsize);
+ memcpy(test->hdr->name, name, strlen(name) + 1);
+ g_free(name);
+ test->hdr->offset = cpu_to_le32(IOTEST_SIZE(i) + i * IOTEST_ACCESS_WIDTH);
+ test->size = IOTEST_ACCESS_WIDTH;
+ test->match_data = strcmp(IOTEST_TEST(i), "wildcard-eventfd");
+ test->hdr->test = i;
+ test->hdr->data = test->match_data ? IOTEST_DATAMATCH : IOTEST_NOMATCH;
+ test->hdr->width = IOTEST_ACCESS_WIDTH;
+ test->mr = IOTEST_REGION(d, i);
+ if (!strcmp(IOTEST_TEST(i), "no-eventfd")) {
+ test->hasnotifier = false;
+ continue;
+ }
+ r = event_notifier_init(&test->notifier, 0);
+ assert(r >= 0);
+ test->hasnotifier = true;
+ }
+
+ return 0;
+}
+
+static void
+pci_testdev_uninit(PCIDevice *dev)
+{
+ PCITestDevState *d = PCI_TEST_DEV(dev);
+ int i;
+
+ pci_testdev_reset(d);
+ for (i = 0; i < IOTEST_MAX; ++i) {
+ if (d->tests[i].hasnotifier) {
+ event_notifier_cleanup(&d->tests[i].notifier);
+ }
+ g_free(d->tests[i].hdr);
+ }
+ g_free(d->tests);
+ memory_region_destroy(&d->mmio);
+ memory_region_destroy(&d->portio);
+}
+
+static void qdev_pci_testdev_reset(DeviceState *dev)
+{
+ PCITestDevState *d = PCI_TEST_DEV(dev);
+ pci_testdev_reset(d);
+}
+
+static void pci_testdev_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ PCIDeviceClass *k = PCI_DEVICE_CLASS(klass);
+
+ k->init = pci_testdev_init;
+ k->exit = pci_testdev_uninit;
+ k->vendor_id = PCI_VENDOR_ID_REDHAT;
+ k->device_id = PCI_DEVICE_ID_REDHAT_TEST;
+ k->revision = 0x00;
+ k->class_id = PCI_CLASS_OTHERS;
+ dc->desc = "PCI Test Device";
+ set_bit(DEVICE_CATEGORY_MISC, dc->categories);
+ dc->reset = qdev_pci_testdev_reset;
+}
+
+static const TypeInfo pci_testdev_info = {
+ .name = TYPE_PCI_TEST_DEV,
+ .parent = TYPE_PCI_DEVICE,
+ .instance_size = sizeof(PCITestDevState),
+ .class_init = pci_testdev_class_init,
+};
+
+static void pci_testdev_register_types(void)
+{
+ type_register_static(&pci_testdev_info);
+}
+
+type_init(pci_testdev_register_types)
diff --git a/hw/misc/puv3_pm.c b/hw/misc/puv3_pm.c
new file mode 100644
index 000000000..37f23695d
--- /dev/null
+++ b/hw/misc/puv3_pm.c
@@ -0,0 +1,153 @@
+/*
+ * Power Management device simulation in PKUnity SoC
+ *
+ * Copyright (C) 2010-2012 Guan Xuetao
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation, or any later version.
+ * See the COPYING file in the top-level directory.
+ */
+#include "hw/hw.h"
+#include "hw/sysbus.h"
+
+#undef DEBUG_PUV3
+#include "hw/unicore32/puv3.h"
+
+#define TYPE_PUV3_PM "puv3_pm"
+#define PUV3_PM(obj) OBJECT_CHECK(PUV3PMState, (obj), TYPE_PUV3_PM)
+
+typedef struct PUV3PMState {
+ SysBusDevice parent_obj;
+
+ MemoryRegion iomem;
+
+ uint32_t reg_PMCR;
+ uint32_t reg_PCGR;
+ uint32_t reg_PLL_SYS_CFG;
+ uint32_t reg_PLL_DDR_CFG;
+ uint32_t reg_PLL_VGA_CFG;
+ uint32_t reg_DIVCFG;
+} PUV3PMState;
+
+static uint64_t puv3_pm_read(void *opaque, hwaddr offset,
+ unsigned size)
+{
+ PUV3PMState *s = opaque;
+ uint32_t ret = 0;
+
+ switch (offset) {
+ case 0x14:
+ ret = s->reg_PCGR;
+ break;
+ case 0x18:
+ ret = s->reg_PLL_SYS_CFG;
+ break;
+ case 0x1c:
+ ret = s->reg_PLL_DDR_CFG;
+ break;
+ case 0x20:
+ ret = s->reg_PLL_VGA_CFG;
+ break;
+ case 0x24:
+ ret = s->reg_DIVCFG;
+ break;
+ case 0x28: /* PLL SYS STATUS */
+ ret = 0x00002401;
+ break;
+ case 0x2c: /* PLL DDR STATUS */
+ ret = 0x00100c00;
+ break;
+ case 0x30: /* PLL VGA STATUS */
+ ret = 0x00003801;
+ break;
+ case 0x34: /* DIV STATUS */
+ ret = 0x22f52015;
+ break;
+ case 0x38: /* SW RESET */
+ ret = 0x0;
+ break;
+ case 0x44: /* PLL DFC DONE */
+ ret = 0x7;
+ break;
+ default:
+ DPRINTF("Bad offset 0x%x\n", offset);
+ }
+ DPRINTF("offset 0x%x, value 0x%x\n", offset, ret);
+
+ return ret;
+}
+
+static void puv3_pm_write(void *opaque, hwaddr offset,
+ uint64_t value, unsigned size)
+{
+ PUV3PMState *s = opaque;
+
+ switch (offset) {
+ case 0x0:
+ s->reg_PMCR = value;
+ break;
+ case 0x14:
+ s->reg_PCGR = value;
+ break;
+ case 0x18:
+ s->reg_PLL_SYS_CFG = value;
+ break;
+ case 0x1c:
+ s->reg_PLL_DDR_CFG = value;
+ break;
+ case 0x20:
+ s->reg_PLL_VGA_CFG = value;
+ break;
+ case 0x24:
+ case 0x38:
+ break;
+ default:
+ DPRINTF("Bad offset 0x%x\n", offset);
+ }
+ DPRINTF("offset 0x%x, value 0x%x\n", offset, value);
+}
+
+static const MemoryRegionOps puv3_pm_ops = {
+ .read = puv3_pm_read,
+ .write = puv3_pm_write,
+ .impl = {
+ .min_access_size = 4,
+ .max_access_size = 4,
+ },
+ .endianness = DEVICE_NATIVE_ENDIAN,
+};
+
+static int puv3_pm_init(SysBusDevice *dev)
+{
+ PUV3PMState *s = PUV3_PM(dev);
+
+ s->reg_PCGR = 0x0;
+
+ memory_region_init_io(&s->iomem, OBJECT(s), &puv3_pm_ops, s, "puv3_pm",
+ PUV3_REGS_OFFSET);
+ sysbus_init_mmio(dev, &s->iomem);
+
+ return 0;
+}
+
+static void puv3_pm_class_init(ObjectClass *klass, void *data)
+{
+ SysBusDeviceClass *sdc = SYS_BUS_DEVICE_CLASS(klass);
+
+ sdc->init = puv3_pm_init;
+}
+
+static const TypeInfo puv3_pm_info = {
+ .name = TYPE_PUV3_PM,
+ .parent = TYPE_SYS_BUS_DEVICE,
+ .instance_size = sizeof(PUV3PMState),
+ .class_init = puv3_pm_class_init,
+};
+
+static void puv3_pm_register_type(void)
+{
+ type_register_static(&puv3_pm_info);
+}
+
+type_init(puv3_pm_register_type)
diff --git a/hw/misc/pvpanic.c b/hw/misc/pvpanic.c
new file mode 100644
index 000000000..b64e3bb7b
--- /dev/null
+++ b/hw/misc/pvpanic.c
@@ -0,0 +1,147 @@
+/*
+ * QEMU simulated pvpanic device.
+ *
+ * Copyright Fujitsu, Corp. 2013
+ *
+ * Authors:
+ * Wen Congyang <wency@cn.fujitsu.com>
+ * Hu Tao <hutao@cn.fujitsu.com>
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or later.
+ * See the COPYING file in the top-level directory.
+ *
+ */
+
+#include "qapi/qmp/qobject.h"
+#include "qapi/qmp/qjson.h"
+#include "monitor/monitor.h"
+#include "sysemu/sysemu.h"
+#include "qemu/log.h"
+
+#include "hw/nvram/fw_cfg.h"
+#include "hw/i386/pc.h"
+
+/* The bit of supported pv event */
+#define PVPANIC_F_PANICKED 0
+
+/* The pv event value */
+#define PVPANIC_PANICKED (1 << PVPANIC_F_PANICKED)
+
+#define TYPE_ISA_PVPANIC_DEVICE "pvpanic"
+#define ISA_PVPANIC_DEVICE(obj) \
+ OBJECT_CHECK(PVPanicState, (obj), TYPE_ISA_PVPANIC_DEVICE)
+
+static void panicked_mon_event(const char *action)
+{
+ QObject *data;
+
+ data = qobject_from_jsonf("{ 'action': %s }", action);
+ monitor_protocol_event(QEVENT_GUEST_PANICKED, data);
+ qobject_decref(data);
+}
+
+static void handle_event(int event)
+{
+ static bool logged;
+
+ if (event & ~PVPANIC_PANICKED && !logged) {
+ qemu_log_mask(LOG_GUEST_ERROR, "pvpanic: unknown event %#x.\n", event);
+ logged = true;
+ }
+
+ if (event & PVPANIC_PANICKED) {
+ panicked_mon_event("pause");
+ vm_stop(RUN_STATE_GUEST_PANICKED);
+ return;
+ }
+}
+
+#include "hw/isa/isa.h"
+
+typedef struct PVPanicState {
+ ISADevice parent_obj;
+
+ MemoryRegion io;
+ uint16_t ioport;
+} PVPanicState;
+
+/* return supported events on read */
+static uint64_t pvpanic_ioport_read(void *opaque, hwaddr addr, unsigned size)
+{
+ return PVPANIC_PANICKED;
+}
+
+static void pvpanic_ioport_write(void *opaque, hwaddr addr, uint64_t val,
+ unsigned size)
+{
+ handle_event(val);
+}
+
+static const MemoryRegionOps pvpanic_ops = {
+ .read = pvpanic_ioport_read,
+ .write = pvpanic_ioport_write,
+ .impl = {
+ .min_access_size = 1,
+ .max_access_size = 1,
+ },
+};
+
+static void pvpanic_isa_initfn(Object *obj)
+{
+ PVPanicState *s = ISA_PVPANIC_DEVICE(obj);
+
+ memory_region_init_io(&s->io, OBJECT(s), &pvpanic_ops, s, "pvpanic", 1);
+}
+
+static void pvpanic_isa_realizefn(DeviceState *dev, Error **errp)
+{
+ ISADevice *d = ISA_DEVICE(dev);
+ PVPanicState *s = ISA_PVPANIC_DEVICE(dev);
+ FWCfgState *fw_cfg = fw_cfg_find();
+ uint16_t *pvpanic_port;
+
+ if (!fw_cfg) {
+ return;
+ }
+
+ pvpanic_port = g_malloc(sizeof(*pvpanic_port));
+ *pvpanic_port = cpu_to_le16(s->ioport);
+ fw_cfg_add_file(fw_cfg, "etc/pvpanic-port", pvpanic_port,
+ sizeof(*pvpanic_port));
+
+ isa_register_ioport(d, &s->io, s->ioport);
+}
+
+void pvpanic_init(ISABus *bus)
+{
+ isa_create_simple(bus, TYPE_ISA_PVPANIC_DEVICE);
+}
+
+static Property pvpanic_isa_properties[] = {
+ DEFINE_PROP_UINT16("ioport", PVPanicState, ioport, 0x505),
+ DEFINE_PROP_END_OF_LIST(),
+};
+
+static void pvpanic_isa_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+
+ dc->realize = pvpanic_isa_realizefn;
+ dc->props = pvpanic_isa_properties;
+ set_bit(DEVICE_CATEGORY_MISC, dc->categories);
+}
+
+static TypeInfo pvpanic_isa_info = {
+ .name = TYPE_ISA_PVPANIC_DEVICE,
+ .parent = TYPE_ISA_DEVICE,
+ .instance_size = sizeof(PVPanicState),
+ .instance_init = pvpanic_isa_initfn,
+ .class_init = pvpanic_isa_class_init,
+};
+
+static void pvpanic_register_types(void)
+{
+ type_register_static(&pvpanic_isa_info);
+}
+
+type_init(pvpanic_register_types)
diff --git a/hw/misc/pxa2xx_pcmcia.c b/hw/misc/pxa2xx_pcmcia.c
new file mode 100644
index 000000000..ef71a2af7
--- /dev/null
+++ b/hw/misc/pxa2xx_pcmcia.c
@@ -0,0 +1,207 @@
+/*
+ * Intel XScale PXA255/270 PC Card and CompactFlash Interface.
+ *
+ * Copyright (c) 2006 Openedhand Ltd.
+ * Written by Andrzej Zaborowski <balrog@zabor.org>
+ *
+ * This code is licensed under the GPLv2.
+ *
+ * Contributions after 2012-01-13 are licensed under the terms of the
+ * GNU GPL, version 2 or (at your option) any later version.
+ */
+
+#include "hw/hw.h"
+#include "hw/pcmcia.h"
+#include "hw/arm/pxa.h"
+
+
+struct PXA2xxPCMCIAState {
+ PCMCIASocket slot;
+ PCMCIACardState *card;
+ MemoryRegion common_iomem;
+ MemoryRegion attr_iomem;
+ MemoryRegion iomem;
+
+ qemu_irq irq;
+ qemu_irq cd_irq;
+};
+
+static uint64_t pxa2xx_pcmcia_common_read(void *opaque,
+ hwaddr offset, unsigned size)
+{
+ PXA2xxPCMCIAState *s = (PXA2xxPCMCIAState *) opaque;
+
+ if (s->slot.attached) {
+ return s->card->common_read(s->card->state, offset);
+ }
+
+ return 0;
+}
+
+static void pxa2xx_pcmcia_common_write(void *opaque, hwaddr offset,
+ uint64_t value, unsigned size)
+{
+ PXA2xxPCMCIAState *s = (PXA2xxPCMCIAState *) opaque;
+
+ if (s->slot.attached) {
+ s->card->common_write(s->card->state, offset, value);
+ }
+}
+
+static uint64_t pxa2xx_pcmcia_attr_read(void *opaque,
+ hwaddr offset, unsigned size)
+{
+ PXA2xxPCMCIAState *s = (PXA2xxPCMCIAState *) opaque;
+
+ if (s->slot.attached) {
+ return s->card->attr_read(s->card->state, offset);
+ }
+
+ return 0;
+}
+
+static void pxa2xx_pcmcia_attr_write(void *opaque, hwaddr offset,
+ uint64_t value, unsigned size)
+{
+ PXA2xxPCMCIAState *s = (PXA2xxPCMCIAState *) opaque;
+
+ if (s->slot.attached) {
+ s->card->attr_write(s->card->state, offset, value);
+ }
+}
+
+static uint64_t pxa2xx_pcmcia_io_read(void *opaque,
+ hwaddr offset, unsigned size)
+{
+ PXA2xxPCMCIAState *s = (PXA2xxPCMCIAState *) opaque;
+
+ if (s->slot.attached) {
+ return s->card->io_read(s->card->state, offset);
+ }
+
+ return 0;
+}
+
+static void pxa2xx_pcmcia_io_write(void *opaque, hwaddr offset,
+ uint64_t value, unsigned size)
+{
+ PXA2xxPCMCIAState *s = (PXA2xxPCMCIAState *) opaque;
+
+ if (s->slot.attached) {
+ s->card->io_write(s->card->state, offset, value);
+ }
+}
+
+static const MemoryRegionOps pxa2xx_pcmcia_common_ops = {
+ .read = pxa2xx_pcmcia_common_read,
+ .write = pxa2xx_pcmcia_common_write,
+ .endianness = DEVICE_NATIVE_ENDIAN
+};
+
+static const MemoryRegionOps pxa2xx_pcmcia_attr_ops = {
+ .read = pxa2xx_pcmcia_attr_read,
+ .write = pxa2xx_pcmcia_attr_write,
+ .endianness = DEVICE_NATIVE_ENDIAN
+};
+
+static const MemoryRegionOps pxa2xx_pcmcia_io_ops = {
+ .read = pxa2xx_pcmcia_io_read,
+ .write = pxa2xx_pcmcia_io_write,
+ .endianness = DEVICE_NATIVE_ENDIAN
+};
+
+static void pxa2xx_pcmcia_set_irq(void *opaque, int line, int level)
+{
+ PXA2xxPCMCIAState *s = (PXA2xxPCMCIAState *) opaque;
+ if (!s->irq)
+ return;
+
+ qemu_set_irq(s->irq, level);
+}
+
+PXA2xxPCMCIAState *pxa2xx_pcmcia_init(MemoryRegion *sysmem,
+ hwaddr base)
+{
+ PXA2xxPCMCIAState *s;
+
+ s = (PXA2xxPCMCIAState *)
+ g_malloc0(sizeof(PXA2xxPCMCIAState));
+
+ /* Socket I/O Memory Space */
+ memory_region_init_io(&s->iomem, NULL, &pxa2xx_pcmcia_io_ops, s,
+ "pxa2xx-pcmcia-io", 0x04000000);
+ memory_region_add_subregion(sysmem, base | 0x00000000,
+ &s->iomem);
+
+ /* Then next 64 MB is reserved */
+
+ /* Socket Attribute Memory Space */
+ memory_region_init_io(&s->attr_iomem, NULL, &pxa2xx_pcmcia_attr_ops, s,
+ "pxa2xx-pcmcia-attribute", 0x04000000);
+ memory_region_add_subregion(sysmem, base | 0x08000000,
+ &s->attr_iomem);
+
+ /* Socket Common Memory Space */
+ memory_region_init_io(&s->common_iomem, NULL, &pxa2xx_pcmcia_common_ops, s,
+ "pxa2xx-pcmcia-common", 0x04000000);
+ memory_region_add_subregion(sysmem, base | 0x0c000000,
+ &s->common_iomem);
+
+ if (base == 0x30000000)
+ s->slot.slot_string = "PXA PC Card Socket 1";
+ else
+ s->slot.slot_string = "PXA PC Card Socket 0";
+ s->slot.irq = qemu_allocate_irqs(pxa2xx_pcmcia_set_irq, s, 1)[0];
+ pcmcia_socket_register(&s->slot);
+
+ return s;
+}
+
+/* Insert a new card into a slot */
+int pxa2xx_pcmcia_attach(void *opaque, PCMCIACardState *card)
+{
+ PXA2xxPCMCIAState *s = (PXA2xxPCMCIAState *) opaque;
+ if (s->slot.attached)
+ return -EEXIST;
+
+ if (s->cd_irq) {
+ qemu_irq_raise(s->cd_irq);
+ }
+
+ s->card = card;
+
+ s->slot.attached = 1;
+ s->card->slot = &s->slot;
+ s->card->attach(s->card->state);
+
+ return 0;
+}
+
+/* Eject card from the slot */
+int pxa2xx_pcmcia_dettach(void *opaque)
+{
+ PXA2xxPCMCIAState *s = (PXA2xxPCMCIAState *) opaque;
+ if (!s->slot.attached)
+ return -ENOENT;
+
+ s->card->detach(s->card->state);
+ s->card->slot = NULL;
+ s->card = NULL;
+
+ s->slot.attached = 0;
+
+ if (s->irq)
+ qemu_irq_lower(s->irq);
+ if (s->cd_irq)
+ qemu_irq_lower(s->cd_irq);
+
+ return 0;
+}
+
+/* Who to notify on card events */
+void pxa2xx_pcmcia_set_irq_cb(void *opaque, qemu_irq irq, qemu_irq cd_irq)
+{
+ PXA2xxPCMCIAState *s = (PXA2xxPCMCIAState *) opaque;
+ s->irq = irq;
+ s->cd_irq = cd_irq;
+}
diff --git a/hw/misc/sga.c b/hw/misc/sga.c
new file mode 100644
index 000000000..83d2fd9d3
--- /dev/null
+++ b/hw/misc/sga.c
@@ -0,0 +1,67 @@
+/*
+ * QEMU dummy ISA device for loading sgabios option rom.
+ *
+ * Copyright (c) 2011 Glauber Costa, Red Hat Inc.
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ *
+ * sgabios code originally available at code.google.com/p/sgabios
+ *
+ */
+#include "hw/pci/pci.h"
+#include "hw/i386/pc.h"
+#include "hw/loader.h"
+#include "sysemu/sysemu.h"
+
+#define SGABIOS_FILENAME "sgabios.bin"
+
+#define TYPE_SGA "sga"
+#define SGA(obj) OBJECT_CHECK(ISASGAState, (obj), TYPE_SGA)
+
+typedef struct ISASGAState {
+ ISADevice parent_obj;
+} ISASGAState;
+
+static void sga_realizefn(DeviceState *dev, Error **errp)
+{
+ rom_add_vga(SGABIOS_FILENAME);
+}
+
+static void sga_class_initfn(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+
+ set_bit(DEVICE_CATEGORY_DISPLAY, dc->categories);
+ dc->realize = sga_realizefn;
+ dc->desc = "Serial Graphics Adapter";
+}
+
+static const TypeInfo sga_info = {
+ .name = TYPE_SGA,
+ .parent = TYPE_ISA_DEVICE,
+ .instance_size = sizeof(ISASGAState),
+ .class_init = sga_class_initfn,
+};
+
+static void sga_register_types(void)
+{
+ type_register_static(&sga_info);
+}
+
+type_init(sga_register_types)
diff --git a/hw/misc/slavio_misc.c b/hw/misc/slavio_misc.c
new file mode 100644
index 000000000..767544eca
--- /dev/null
+++ b/hw/misc/slavio_misc.c
@@ -0,0 +1,517 @@
+/*
+ * QEMU Sparc SLAVIO aux io port emulation
+ *
+ * Copyright (c) 2005 Fabrice Bellard
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+#include "sysemu/sysemu.h"
+#include "hw/sysbus.h"
+#include "trace.h"
+
+/*
+ * This is the auxio port, chip control and system control part of
+ * chip STP2001 (Slave I/O), also produced as NCR89C105. See
+ * http://www.ibiblio.org/pub/historic-linux/early-ports/Sparc/NCR/NCR89C105.txt
+ *
+ * This also includes the PMC CPU idle controller.
+ */
+
+#define TYPE_SLAVIO_MISC "slavio_misc"
+#define SLAVIO_MISC(obj) OBJECT_CHECK(MiscState, (obj), TYPE_SLAVIO_MISC)
+
+typedef struct MiscState {
+ SysBusDevice parent_obj;
+
+ MemoryRegion cfg_iomem;
+ MemoryRegion diag_iomem;
+ MemoryRegion mdm_iomem;
+ MemoryRegion led_iomem;
+ MemoryRegion sysctrl_iomem;
+ MemoryRegion aux1_iomem;
+ MemoryRegion aux2_iomem;
+ qemu_irq irq;
+ qemu_irq fdc_tc;
+ uint32_t dummy;
+ uint8_t config;
+ uint8_t aux1, aux2;
+ uint8_t diag, mctrl;
+ uint8_t sysctrl;
+ uint16_t leds;
+} MiscState;
+
+#define TYPE_APC "apc"
+#define APC(obj) OBJECT_CHECK(APCState, (obj), TYPE_APC)
+
+typedef struct APCState {
+ SysBusDevice parent_obj;
+
+ MemoryRegion iomem;
+ qemu_irq cpu_halt;
+} APCState;
+
+#define MISC_SIZE 1
+#define SYSCTRL_SIZE 4
+
+#define AUX1_TC 0x02
+
+#define AUX2_PWROFF 0x01
+#define AUX2_PWRINTCLR 0x02
+#define AUX2_PWRFAIL 0x20
+
+#define CFG_PWRINTEN 0x08
+
+#define SYS_RESET 0x01
+#define SYS_RESETSTAT 0x02
+
+static void slavio_misc_update_irq(void *opaque)
+{
+ MiscState *s = opaque;
+
+ if ((s->aux2 & AUX2_PWRFAIL) && (s->config & CFG_PWRINTEN)) {
+ trace_slavio_misc_update_irq_raise();
+ qemu_irq_raise(s->irq);
+ } else {
+ trace_slavio_misc_update_irq_lower();
+ qemu_irq_lower(s->irq);
+ }
+}
+
+static void slavio_misc_reset(DeviceState *d)
+{
+ MiscState *s = SLAVIO_MISC(d);
+
+ // Diagnostic and system control registers not cleared in reset
+ s->config = s->aux1 = s->aux2 = s->mctrl = 0;
+}
+
+static void slavio_set_power_fail(void *opaque, int irq, int power_failing)
+{
+ MiscState *s = opaque;
+
+ trace_slavio_set_power_fail(power_failing, s->config);
+ if (power_failing && (s->config & CFG_PWRINTEN)) {
+ s->aux2 |= AUX2_PWRFAIL;
+ } else {
+ s->aux2 &= ~AUX2_PWRFAIL;
+ }
+ slavio_misc_update_irq(s);
+}
+
+static void slavio_cfg_mem_writeb(void *opaque, hwaddr addr,
+ uint64_t val, unsigned size)
+{
+ MiscState *s = opaque;
+
+ trace_slavio_cfg_mem_writeb(val & 0xff);
+ s->config = val & 0xff;
+ slavio_misc_update_irq(s);
+}
+
+static uint64_t slavio_cfg_mem_readb(void *opaque, hwaddr addr,
+ unsigned size)
+{
+ MiscState *s = opaque;
+ uint32_t ret = 0;
+
+ ret = s->config;
+ trace_slavio_cfg_mem_readb(ret);
+ return ret;
+}
+
+static const MemoryRegionOps slavio_cfg_mem_ops = {
+ .read = slavio_cfg_mem_readb,
+ .write = slavio_cfg_mem_writeb,
+ .endianness = DEVICE_NATIVE_ENDIAN,
+ .valid = {
+ .min_access_size = 1,
+ .max_access_size = 1,
+ },
+};
+
+static void slavio_diag_mem_writeb(void *opaque, hwaddr addr,
+ uint64_t val, unsigned size)
+{
+ MiscState *s = opaque;
+
+ trace_slavio_diag_mem_writeb(val & 0xff);
+ s->diag = val & 0xff;
+}
+
+static uint64_t slavio_diag_mem_readb(void *opaque, hwaddr addr,
+ unsigned size)
+{
+ MiscState *s = opaque;
+ uint32_t ret = 0;
+
+ ret = s->diag;
+ trace_slavio_diag_mem_readb(ret);
+ return ret;
+}
+
+static const MemoryRegionOps slavio_diag_mem_ops = {
+ .read = slavio_diag_mem_readb,
+ .write = slavio_diag_mem_writeb,
+ .endianness = DEVICE_NATIVE_ENDIAN,
+ .valid = {
+ .min_access_size = 1,
+ .max_access_size = 1,
+ },
+};
+
+static void slavio_mdm_mem_writeb(void *opaque, hwaddr addr,
+ uint64_t val, unsigned size)
+{
+ MiscState *s = opaque;
+
+ trace_slavio_mdm_mem_writeb(val & 0xff);
+ s->mctrl = val & 0xff;
+}
+
+static uint64_t slavio_mdm_mem_readb(void *opaque, hwaddr addr,
+ unsigned size)
+{
+ MiscState *s = opaque;
+ uint32_t ret = 0;
+
+ ret = s->mctrl;
+ trace_slavio_mdm_mem_readb(ret);
+ return ret;
+}
+
+static const MemoryRegionOps slavio_mdm_mem_ops = {
+ .read = slavio_mdm_mem_readb,
+ .write = slavio_mdm_mem_writeb,
+ .endianness = DEVICE_NATIVE_ENDIAN,
+ .valid = {
+ .min_access_size = 1,
+ .max_access_size = 1,
+ },
+};
+
+static void slavio_aux1_mem_writeb(void *opaque, hwaddr addr,
+ uint64_t val, unsigned size)
+{
+ MiscState *s = opaque;
+
+ trace_slavio_aux1_mem_writeb(val & 0xff);
+ if (val & AUX1_TC) {
+ // Send a pulse to floppy terminal count line
+ if (s->fdc_tc) {
+ qemu_irq_raise(s->fdc_tc);
+ qemu_irq_lower(s->fdc_tc);
+ }
+ val &= ~AUX1_TC;
+ }
+ s->aux1 = val & 0xff;
+}
+
+static uint64_t slavio_aux1_mem_readb(void *opaque, hwaddr addr,
+ unsigned size)
+{
+ MiscState *s = opaque;
+ uint32_t ret = 0;
+
+ ret = s->aux1;
+ trace_slavio_aux1_mem_readb(ret);
+ return ret;
+}
+
+static const MemoryRegionOps slavio_aux1_mem_ops = {
+ .read = slavio_aux1_mem_readb,
+ .write = slavio_aux1_mem_writeb,
+ .endianness = DEVICE_NATIVE_ENDIAN,
+ .valid = {
+ .min_access_size = 1,
+ .max_access_size = 1,
+ },
+};
+
+static void slavio_aux2_mem_writeb(void *opaque, hwaddr addr,
+ uint64_t val, unsigned size)
+{
+ MiscState *s = opaque;
+
+ val &= AUX2_PWRINTCLR | AUX2_PWROFF;
+ trace_slavio_aux2_mem_writeb(val & 0xff);
+ val |= s->aux2 & AUX2_PWRFAIL;
+ if (val & AUX2_PWRINTCLR) // Clear Power Fail int
+ val &= AUX2_PWROFF;
+ s->aux2 = val;
+ if (val & AUX2_PWROFF)
+ qemu_system_shutdown_request();
+ slavio_misc_update_irq(s);
+}
+
+static uint64_t slavio_aux2_mem_readb(void *opaque, hwaddr addr,
+ unsigned size)
+{
+ MiscState *s = opaque;
+ uint32_t ret = 0;
+
+ ret = s->aux2;
+ trace_slavio_aux2_mem_readb(ret);
+ return ret;
+}
+
+static const MemoryRegionOps slavio_aux2_mem_ops = {
+ .read = slavio_aux2_mem_readb,
+ .write = slavio_aux2_mem_writeb,
+ .endianness = DEVICE_NATIVE_ENDIAN,
+ .valid = {
+ .min_access_size = 1,
+ .max_access_size = 1,
+ },
+};
+
+static void apc_mem_writeb(void *opaque, hwaddr addr,
+ uint64_t val, unsigned size)
+{
+ APCState *s = opaque;
+
+ trace_apc_mem_writeb(val & 0xff);
+ qemu_irq_raise(s->cpu_halt);
+}
+
+static uint64_t apc_mem_readb(void *opaque, hwaddr addr,
+ unsigned size)
+{
+ uint32_t ret = 0;
+
+ trace_apc_mem_readb(ret);
+ return ret;
+}
+
+static const MemoryRegionOps apc_mem_ops = {
+ .read = apc_mem_readb,
+ .write = apc_mem_writeb,
+ .endianness = DEVICE_NATIVE_ENDIAN,
+ .valid = {
+ .min_access_size = 1,
+ .max_access_size = 1,
+ }
+};
+
+static uint64_t slavio_sysctrl_mem_readl(void *opaque, hwaddr addr,
+ unsigned size)
+{
+ MiscState *s = opaque;
+ uint32_t ret = 0;
+
+ switch (addr) {
+ case 0:
+ ret = s->sysctrl;
+ break;
+ default:
+ break;
+ }
+ trace_slavio_sysctrl_mem_readl(ret);
+ return ret;
+}
+
+static void slavio_sysctrl_mem_writel(void *opaque, hwaddr addr,
+ uint64_t val, unsigned size)
+{
+ MiscState *s = opaque;
+
+ trace_slavio_sysctrl_mem_writel(val);
+ switch (addr) {
+ case 0:
+ if (val & SYS_RESET) {
+ s->sysctrl = SYS_RESETSTAT;
+ qemu_system_reset_request();
+ }
+ break;
+ default:
+ break;
+ }
+}
+
+static const MemoryRegionOps slavio_sysctrl_mem_ops = {
+ .read = slavio_sysctrl_mem_readl,
+ .write = slavio_sysctrl_mem_writel,
+ .endianness = DEVICE_NATIVE_ENDIAN,
+ .valid = {
+ .min_access_size = 4,
+ .max_access_size = 4,
+ },
+};
+
+static uint64_t slavio_led_mem_readw(void *opaque, hwaddr addr,
+ unsigned size)
+{
+ MiscState *s = opaque;
+ uint32_t ret = 0;
+
+ switch (addr) {
+ case 0:
+ ret = s->leds;
+ break;
+ default:
+ break;
+ }
+ trace_slavio_led_mem_readw(ret);
+ return ret;
+}
+
+static void slavio_led_mem_writew(void *opaque, hwaddr addr,
+ uint64_t val, unsigned size)
+{
+ MiscState *s = opaque;
+
+ trace_slavio_led_mem_writew(val & 0xffff);
+ switch (addr) {
+ case 0:
+ s->leds = val;
+ break;
+ default:
+ break;
+ }
+}
+
+static const MemoryRegionOps slavio_led_mem_ops = {
+ .read = slavio_led_mem_readw,
+ .write = slavio_led_mem_writew,
+ .endianness = DEVICE_NATIVE_ENDIAN,
+ .valid = {
+ .min_access_size = 2,
+ .max_access_size = 2,
+ },
+};
+
+static const VMStateDescription vmstate_misc = {
+ .name ="slavio_misc",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .minimum_version_id_old = 1,
+ .fields = (VMStateField []) {
+ VMSTATE_UINT32(dummy, MiscState),
+ VMSTATE_UINT8(config, MiscState),
+ VMSTATE_UINT8(aux1, MiscState),
+ VMSTATE_UINT8(aux2, MiscState),
+ VMSTATE_UINT8(diag, MiscState),
+ VMSTATE_UINT8(mctrl, MiscState),
+ VMSTATE_UINT8(sysctrl, MiscState),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+static int apc_init1(SysBusDevice *dev)
+{
+ APCState *s = APC(dev);
+
+ sysbus_init_irq(dev, &s->cpu_halt);
+
+ /* Power management (APC) XXX: not a Slavio device */
+ memory_region_init_io(&s->iomem, OBJECT(s), &apc_mem_ops, s,
+ "apc", MISC_SIZE);
+ sysbus_init_mmio(dev, &s->iomem);
+ return 0;
+}
+
+static int slavio_misc_init1(SysBusDevice *sbd)
+{
+ DeviceState *dev = DEVICE(sbd);
+ MiscState *s = SLAVIO_MISC(dev);
+
+ sysbus_init_irq(sbd, &s->irq);
+ sysbus_init_irq(sbd, &s->fdc_tc);
+
+ /* 8 bit registers */
+ /* Slavio control */
+ memory_region_init_io(&s->cfg_iomem, OBJECT(s), &slavio_cfg_mem_ops, s,
+ "configuration", MISC_SIZE);
+ sysbus_init_mmio(sbd, &s->cfg_iomem);
+
+ /* Diagnostics */
+ memory_region_init_io(&s->diag_iomem, OBJECT(s), &slavio_diag_mem_ops, s,
+ "diagnostic", MISC_SIZE);
+ sysbus_init_mmio(sbd, &s->diag_iomem);
+
+ /* Modem control */
+ memory_region_init_io(&s->mdm_iomem, OBJECT(s), &slavio_mdm_mem_ops, s,
+ "modem", MISC_SIZE);
+ sysbus_init_mmio(sbd, &s->mdm_iomem);
+
+ /* 16 bit registers */
+ /* ss600mp diag LEDs */
+ memory_region_init_io(&s->led_iomem, OBJECT(s), &slavio_led_mem_ops, s,
+ "leds", MISC_SIZE);
+ sysbus_init_mmio(sbd, &s->led_iomem);
+
+ /* 32 bit registers */
+ /* System control */
+ memory_region_init_io(&s->sysctrl_iomem, OBJECT(s), &slavio_sysctrl_mem_ops, s,
+ "system-control", MISC_SIZE);
+ sysbus_init_mmio(sbd, &s->sysctrl_iomem);
+
+ /* AUX 1 (Misc System Functions) */
+ memory_region_init_io(&s->aux1_iomem, OBJECT(s), &slavio_aux1_mem_ops, s,
+ "misc-system-functions", MISC_SIZE);
+ sysbus_init_mmio(sbd, &s->aux1_iomem);
+
+ /* AUX 2 (Software Powerdown Control) */
+ memory_region_init_io(&s->aux2_iomem, OBJECT(s), &slavio_aux2_mem_ops, s,
+ "software-powerdown-control", MISC_SIZE);
+ sysbus_init_mmio(sbd, &s->aux2_iomem);
+
+ qdev_init_gpio_in(dev, slavio_set_power_fail, 1);
+
+ return 0;
+}
+
+static void slavio_misc_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
+
+ k->init = slavio_misc_init1;
+ dc->reset = slavio_misc_reset;
+ dc->vmsd = &vmstate_misc;
+}
+
+static const TypeInfo slavio_misc_info = {
+ .name = TYPE_SLAVIO_MISC,
+ .parent = TYPE_SYS_BUS_DEVICE,
+ .instance_size = sizeof(MiscState),
+ .class_init = slavio_misc_class_init,
+};
+
+static void apc_class_init(ObjectClass *klass, void *data)
+{
+ SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
+
+ k->init = apc_init1;
+}
+
+static const TypeInfo apc_info = {
+ .name = TYPE_APC,
+ .parent = TYPE_SYS_BUS_DEVICE,
+ .instance_size = sizeof(MiscState),
+ .class_init = apc_class_init,
+};
+
+static void slavio_misc_register_types(void)
+{
+ type_register_static(&slavio_misc_info);
+ type_register_static(&apc_info);
+}
+
+type_init(slavio_misc_register_types)
diff --git a/hw/misc/tmp105.c b/hw/misc/tmp105.c
new file mode 100644
index 000000000..155e03df8
--- /dev/null
+++ b/hw/misc/tmp105.c
@@ -0,0 +1,269 @@
+/*
+ * Texas Instruments TMP105 temperature sensor.
+ *
+ * Copyright (C) 2008 Nokia Corporation
+ * Written by Andrzej Zaborowski <andrew@openedhand.com>
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License as
+ * published by the Free Software Foundation; either version 2 or
+ * (at your option) version 3 of the License.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "hw/hw.h"
+#include "hw/i2c/i2c.h"
+#include "tmp105.h"
+#include "qapi/visitor.h"
+
+static void tmp105_interrupt_update(TMP105State *s)
+{
+ qemu_set_irq(s->pin, s->alarm ^ ((~s->config >> 2) & 1)); /* POL */
+}
+
+static void tmp105_alarm_update(TMP105State *s)
+{
+ if ((s->config >> 0) & 1) { /* SD */
+ if ((s->config >> 7) & 1) /* OS */
+ s->config &= ~(1 << 7); /* OS */
+ else
+ return;
+ }
+
+ if ((s->config >> 1) & 1) { /* TM */
+ if (s->temperature >= s->limit[1])
+ s->alarm = 1;
+ else if (s->temperature < s->limit[0])
+ s->alarm = 1;
+ } else {
+ if (s->temperature >= s->limit[1])
+ s->alarm = 1;
+ else if (s->temperature < s->limit[0])
+ s->alarm = 0;
+ }
+
+ tmp105_interrupt_update(s);
+}
+
+static void tmp105_get_temperature(Object *obj, Visitor *v, void *opaque,
+ const char *name, Error **errp)
+{
+ TMP105State *s = TMP105(obj);
+ int64_t value = s->temperature;
+
+ visit_type_int(v, &value, name, errp);
+}
+
+/* Units are 0.001 centigrades relative to 0 C. */
+static void tmp105_set_temperature(Object *obj, Visitor *v, void *opaque,
+ const char *name, Error **errp)
+{
+ TMP105State *s = TMP105(obj);
+ int64_t temp;
+
+ visit_type_int(v, &temp, name, errp);
+ if (error_is_set(errp)) {
+ return;
+ }
+ if (temp >= 128000 || temp < -128000) {
+ error_setg(errp, "value %" PRId64 ".%03" PRIu64 " °C is out of range",
+ temp / 1000, temp % 1000);
+ return;
+ }
+
+ s->temperature = ((int16_t) (temp * 0x800 / 128000)) << 4;
+
+ tmp105_alarm_update(s);
+}
+
+static const int tmp105_faultq[4] = { 1, 2, 4, 6 };
+
+static void tmp105_read(TMP105State *s)
+{
+ s->len = 0;
+
+ if ((s->config >> 1) & 1) { /* TM */
+ s->alarm = 0;
+ tmp105_interrupt_update(s);
+ }
+
+ switch (s->pointer & 3) {
+ case TMP105_REG_TEMPERATURE:
+ s->buf[s->len ++] = (((uint16_t) s->temperature) >> 8);
+ s->buf[s->len ++] = (((uint16_t) s->temperature) >> 0) &
+ (0xf0 << ((~s->config >> 5) & 3)); /* R */
+ break;
+
+ case TMP105_REG_CONFIG:
+ s->buf[s->len ++] = s->config;
+ break;
+
+ case TMP105_REG_T_LOW:
+ s->buf[s->len ++] = ((uint16_t) s->limit[0]) >> 8;
+ s->buf[s->len ++] = ((uint16_t) s->limit[0]) >> 0;
+ break;
+
+ case TMP105_REG_T_HIGH:
+ s->buf[s->len ++] = ((uint16_t) s->limit[1]) >> 8;
+ s->buf[s->len ++] = ((uint16_t) s->limit[1]) >> 0;
+ break;
+ }
+}
+
+static void tmp105_write(TMP105State *s)
+{
+ switch (s->pointer & 3) {
+ case TMP105_REG_TEMPERATURE:
+ break;
+
+ case TMP105_REG_CONFIG:
+ if (s->buf[0] & ~s->config & (1 << 0)) /* SD */
+ printf("%s: TMP105 shutdown\n", __FUNCTION__);
+ s->config = s->buf[0];
+ s->faults = tmp105_faultq[(s->config >> 3) & 3]; /* F */
+ tmp105_alarm_update(s);
+ break;
+
+ case TMP105_REG_T_LOW:
+ case TMP105_REG_T_HIGH:
+ if (s->len >= 3)
+ s->limit[s->pointer & 1] = (int16_t)
+ ((((uint16_t) s->buf[0]) << 8) | s->buf[1]);
+ tmp105_alarm_update(s);
+ break;
+ }
+}
+
+static int tmp105_rx(I2CSlave *i2c)
+{
+ TMP105State *s = TMP105(i2c);
+
+ if (s->len < 2) {
+ return s->buf[s->len ++];
+ } else {
+ return 0xff;
+ }
+}
+
+static int tmp105_tx(I2CSlave *i2c, uint8_t data)
+{
+ TMP105State *s = TMP105(i2c);
+
+ if (s->len == 0) {
+ s->pointer = data;
+ s->len++;
+ } else {
+ if (s->len <= 2) {
+ s->buf[s->len - 1] = data;
+ }
+ s->len++;
+ tmp105_write(s);
+ }
+
+ return 0;
+}
+
+static void tmp105_event(I2CSlave *i2c, enum i2c_event event)
+{
+ TMP105State *s = TMP105(i2c);
+
+ if (event == I2C_START_RECV) {
+ tmp105_read(s);
+ }
+
+ s->len = 0;
+}
+
+static int tmp105_post_load(void *opaque, int version_id)
+{
+ TMP105State *s = opaque;
+
+ s->faults = tmp105_faultq[(s->config >> 3) & 3]; /* F */
+
+ tmp105_interrupt_update(s);
+ return 0;
+}
+
+static const VMStateDescription vmstate_tmp105 = {
+ .name = "TMP105",
+ .version_id = 0,
+ .minimum_version_id = 0,
+ .minimum_version_id_old = 0,
+ .post_load = tmp105_post_load,
+ .fields = (VMStateField []) {
+ VMSTATE_UINT8(len, TMP105State),
+ VMSTATE_UINT8_ARRAY(buf, TMP105State, 2),
+ VMSTATE_UINT8(pointer, TMP105State),
+ VMSTATE_UINT8(config, TMP105State),
+ VMSTATE_INT16(temperature, TMP105State),
+ VMSTATE_INT16_ARRAY(limit, TMP105State, 2),
+ VMSTATE_UINT8(alarm, TMP105State),
+ VMSTATE_I2C_SLAVE(i2c, TMP105State),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+static void tmp105_reset(I2CSlave *i2c)
+{
+ TMP105State *s = TMP105(i2c);
+
+ s->temperature = 0;
+ s->pointer = 0;
+ s->config = 0;
+ s->faults = tmp105_faultq[(s->config >> 3) & 3];
+ s->alarm = 0;
+
+ tmp105_interrupt_update(s);
+}
+
+static int tmp105_init(I2CSlave *i2c)
+{
+ TMP105State *s = TMP105(i2c);
+
+ qdev_init_gpio_out(&i2c->qdev, &s->pin, 1);
+
+ tmp105_reset(&s->i2c);
+
+ return 0;
+}
+
+static void tmp105_initfn(Object *obj)
+{
+ object_property_add(obj, "temperature", "int",
+ tmp105_get_temperature,
+ tmp105_set_temperature, NULL, NULL, NULL);
+}
+
+static void tmp105_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ I2CSlaveClass *k = I2C_SLAVE_CLASS(klass);
+
+ k->init = tmp105_init;
+ k->event = tmp105_event;
+ k->recv = tmp105_rx;
+ k->send = tmp105_tx;
+ dc->vmsd = &vmstate_tmp105;
+}
+
+static const TypeInfo tmp105_info = {
+ .name = TYPE_TMP105,
+ .parent = TYPE_I2C_SLAVE,
+ .instance_size = sizeof(TMP105State),
+ .instance_init = tmp105_initfn,
+ .class_init = tmp105_class_init,
+};
+
+static void tmp105_register_types(void)
+{
+ type_register_static(&tmp105_info);
+}
+
+type_init(tmp105_register_types)
diff --git a/hw/misc/tmp105.h b/hw/misc/tmp105.h
new file mode 100644
index 000000000..9ba05ecc9
--- /dev/null
+++ b/hw/misc/tmp105.h
@@ -0,0 +1,47 @@
+/*
+ * Texas Instruments TMP105 Temperature Sensor
+ *
+ * Browse the data sheet:
+ *
+ * http://www.ti.com/lit/gpn/tmp105
+ *
+ * Copyright (C) 2012 Alex Horn <alex.horn@cs.ox.ac.uk>
+ * Copyright (C) 2008-2012 Andrzej Zaborowski <balrogg@gmail.com>
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or
+ * later. See the COPYING file in the top-level directory.
+ */
+#ifndef QEMU_TMP105_H
+#define QEMU_TMP105_H
+
+#include "hw/i2c/i2c.h"
+#include "hw/misc/tmp105_regs.h"
+
+#define TYPE_TMP105 "tmp105"
+#define TMP105(obj) OBJECT_CHECK(TMP105State, (obj), TYPE_TMP105)
+
+/**
+ * TMP105State:
+ * @config: Bits 5 and 6 (value 32 and 64) determine the precision of the
+ * temperature. See Table 8 in the data sheet.
+ *
+ * @see_also: http://www.ti.com/lit/gpn/tmp105
+ */
+typedef struct TMP105State {
+ /*< private >*/
+ I2CSlave i2c;
+ /*< public >*/
+
+ uint8_t len;
+ uint8_t buf[2];
+ qemu_irq pin;
+
+ uint8_t pointer;
+ uint8_t config;
+ int16_t temperature;
+ int16_t limit[2];
+ int faults;
+ uint8_t alarm;
+} TMP105State;
+
+#endif
diff --git a/hw/misc/vfio.c b/hw/misc/vfio.c
new file mode 100644
index 000000000..017e69352
--- /dev/null
+++ b/hw/misc/vfio.c
@@ -0,0 +1,3322 @@
+/*
+ * vfio based device assignment support
+ *
+ * Copyright Red Hat, Inc. 2012
+ *
+ * Authors:
+ * Alex Williamson <alex.williamson@redhat.com>
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2. See
+ * the COPYING file in the top-level directory.
+ *
+ * Based on qemu-kvm device-assignment:
+ * Adapted for KVM by Qumranet.
+ * Copyright (c) 2007, Neocleus, Alex Novik (alex@neocleus.com)
+ * Copyright (c) 2007, Neocleus, Guy Zana (guy@neocleus.com)
+ * Copyright (C) 2008, Qumranet, Amit Shah (amit.shah@qumranet.com)
+ * Copyright (C) 2008, Red Hat, Amit Shah (amit.shah@redhat.com)
+ * Copyright (C) 2008, IBM, Muli Ben-Yehuda (muli@il.ibm.com)
+ */
+
+#include <dirent.h>
+#include <linux/vfio.h>
+#include <sys/ioctl.h>
+#include <sys/mman.h>
+#include <sys/stat.h>
+#include <sys/types.h>
+#include <unistd.h>
+
+#include "config.h"
+#include "exec/address-spaces.h"
+#include "exec/memory.h"
+#include "hw/pci/msi.h"
+#include "hw/pci/msix.h"
+#include "hw/pci/pci.h"
+#include "qemu-common.h"
+#include "qemu/error-report.h"
+#include "qemu/event_notifier.h"
+#include "qemu/queue.h"
+#include "qemu/range.h"
+#include "sysemu/kvm.h"
+#include "sysemu/sysemu.h"
+
+/* #define DEBUG_VFIO */
+#ifdef DEBUG_VFIO
+#define DPRINTF(fmt, ...) \
+ do { fprintf(stderr, "vfio: " fmt, ## __VA_ARGS__); } while (0)
+#else
+#define DPRINTF(fmt, ...) \
+ do { } while (0)
+#endif
+
+/* Extra debugging, trap acceleration paths for more logging */
+#define VFIO_ALLOW_MMAP 1
+#define VFIO_ALLOW_KVM_INTX 1
+
+struct VFIODevice;
+
+typedef struct VFIOQuirk {
+ MemoryRegion mem;
+ struct VFIODevice *vdev;
+ QLIST_ENTRY(VFIOQuirk) next;
+ struct {
+ uint32_t base_offset:TARGET_PAGE_BITS;
+ uint32_t address_offset:TARGET_PAGE_BITS;
+ uint32_t address_size:3;
+ uint32_t bar:3;
+
+ uint32_t address_match;
+ uint32_t address_mask;
+
+ uint32_t address_val:TARGET_PAGE_BITS;
+ uint32_t data_offset:TARGET_PAGE_BITS;
+ uint32_t data_size:3;
+
+ uint8_t flags;
+ uint8_t read_flags;
+ uint8_t write_flags;
+ } data;
+} VFIOQuirk;
+
+typedef struct VFIOBAR {
+ off_t fd_offset; /* offset of BAR within device fd */
+ int fd; /* device fd, allows us to pass VFIOBAR as opaque data */
+ MemoryRegion mem; /* slow, read/write access */
+ MemoryRegion mmap_mem; /* direct mapped access */
+ void *mmap;
+ size_t size;
+ uint32_t flags; /* VFIO region flags (rd/wr/mmap) */
+ uint8_t nr; /* cache the BAR number for debug */
+ bool ioport;
+ bool mem64;
+ QLIST_HEAD(, VFIOQuirk) quirks;
+} VFIOBAR;
+
+typedef struct VFIOVGARegion {
+ MemoryRegion mem;
+ off_t offset;
+ int nr;
+ QLIST_HEAD(, VFIOQuirk) quirks;
+} VFIOVGARegion;
+
+typedef struct VFIOVGA {
+ off_t fd_offset;
+ int fd;
+ VFIOVGARegion region[QEMU_PCI_VGA_NUM_REGIONS];
+} VFIOVGA;
+
+typedef struct VFIOINTx {
+ bool pending; /* interrupt pending */
+ bool kvm_accel; /* set when QEMU bypass through KVM enabled */
+ uint8_t pin; /* which pin to pull for qemu_set_irq */
+ EventNotifier interrupt; /* eventfd triggered on interrupt */
+ EventNotifier unmask; /* eventfd for unmask on QEMU bypass */
+ PCIINTxRoute route; /* routing info for QEMU bypass */
+ uint32_t mmap_timeout; /* delay to re-enable mmaps after interrupt */
+ QEMUTimer *mmap_timer; /* enable mmaps after periods w/o interrupts */
+} VFIOINTx;
+
+typedef struct VFIOMSIVector {
+ EventNotifier interrupt; /* eventfd triggered on interrupt */
+ struct VFIODevice *vdev; /* back pointer to device */
+ int virq; /* KVM irqchip route for QEMU bypass */
+ bool use;
+} VFIOMSIVector;
+
+enum {
+ VFIO_INT_NONE = 0,
+ VFIO_INT_INTx = 1,
+ VFIO_INT_MSI = 2,
+ VFIO_INT_MSIX = 3,
+};
+
+struct VFIOGroup;
+
+typedef struct VFIOContainer {
+ int fd; /* /dev/vfio/vfio, empowered by the attached groups */
+ struct {
+ /* enable abstraction to support various iommu backends */
+ union {
+ MemoryListener listener; /* Used by type1 iommu */
+ };
+ void (*release)(struct VFIOContainer *);
+ } iommu_data;
+ QLIST_HEAD(, VFIOGroup) group_list;
+ QLIST_ENTRY(VFIOContainer) next;
+} VFIOContainer;
+
+/* Cache of MSI-X setup plus extra mmap and memory region for split BAR map */
+typedef struct VFIOMSIXInfo {
+ uint8_t table_bar;
+ uint8_t pba_bar;
+ uint16_t entries;
+ uint32_t table_offset;
+ uint32_t pba_offset;
+ MemoryRegion mmap_mem;
+ void *mmap;
+} VFIOMSIXInfo;
+
+typedef struct VFIODevice {
+ PCIDevice pdev;
+ int fd;
+ VFIOINTx intx;
+ unsigned int config_size;
+ uint8_t *emulated_config_bits; /* QEMU emulated bits, little-endian */
+ off_t config_offset; /* Offset of config space region within device fd */
+ unsigned int rom_size;
+ off_t rom_offset; /* Offset of ROM region within device fd */
+ int msi_cap_size;
+ VFIOMSIVector *msi_vectors;
+ VFIOMSIXInfo *msix;
+ int nr_vectors; /* Number of MSI/MSIX vectors currently in use */
+ int interrupt; /* Current interrupt type */
+ VFIOBAR bars[PCI_NUM_REGIONS - 1]; /* No ROM */
+ VFIOVGA vga; /* 0xa0000, 0x3b0, 0x3c0 */
+ PCIHostDeviceAddress host;
+ QLIST_ENTRY(VFIODevice) next;
+ struct VFIOGroup *group;
+ EventNotifier err_notifier;
+ uint32_t features;
+#define VFIO_FEATURE_ENABLE_VGA_BIT 0
+#define VFIO_FEATURE_ENABLE_VGA (1 << VFIO_FEATURE_ENABLE_VGA_BIT)
+ int32_t bootindex;
+ uint8_t pm_cap;
+ bool reset_works;
+ bool has_vga;
+ bool pci_aer;
+} VFIODevice;
+
+typedef struct VFIOGroup {
+ int fd;
+ int groupid;
+ VFIOContainer *container;
+ QLIST_HEAD(, VFIODevice) device_list;
+ QLIST_ENTRY(VFIOGroup) next;
+ QLIST_ENTRY(VFIOGroup) container_next;
+} VFIOGroup;
+
+#define MSIX_CAP_LENGTH 12
+
+static QLIST_HEAD(, VFIOContainer)
+ container_list = QLIST_HEAD_INITIALIZER(container_list);
+
+static QLIST_HEAD(, VFIOGroup)
+ group_list = QLIST_HEAD_INITIALIZER(group_list);
+
+static void vfio_disable_interrupts(VFIODevice *vdev);
+static uint32_t vfio_pci_read_config(PCIDevice *pdev, uint32_t addr, int len);
+static void vfio_pci_write_config(PCIDevice *pdev, uint32_t addr,
+ uint32_t val, int len);
+static void vfio_mmap_set_enabled(VFIODevice *vdev, bool enabled);
+
+/*
+ * Common VFIO interrupt disable
+ */
+static void vfio_disable_irqindex(VFIODevice *vdev, int index)
+{
+ struct vfio_irq_set irq_set = {
+ .argsz = sizeof(irq_set),
+ .flags = VFIO_IRQ_SET_DATA_NONE | VFIO_IRQ_SET_ACTION_TRIGGER,
+ .index = index,
+ .start = 0,
+ .count = 0,
+ };
+
+ ioctl(vdev->fd, VFIO_DEVICE_SET_IRQS, &irq_set);
+}
+
+/*
+ * INTx
+ */
+static void vfio_unmask_intx(VFIODevice *vdev)
+{
+ struct vfio_irq_set irq_set = {
+ .argsz = sizeof(irq_set),
+ .flags = VFIO_IRQ_SET_DATA_NONE | VFIO_IRQ_SET_ACTION_UNMASK,
+ .index = VFIO_PCI_INTX_IRQ_INDEX,
+ .start = 0,
+ .count = 1,
+ };
+
+ ioctl(vdev->fd, VFIO_DEVICE_SET_IRQS, &irq_set);
+}
+
+#ifdef CONFIG_KVM /* Unused outside of CONFIG_KVM code */
+static void vfio_mask_intx(VFIODevice *vdev)
+{
+ struct vfio_irq_set irq_set = {
+ .argsz = sizeof(irq_set),
+ .flags = VFIO_IRQ_SET_DATA_NONE | VFIO_IRQ_SET_ACTION_MASK,
+ .index = VFIO_PCI_INTX_IRQ_INDEX,
+ .start = 0,
+ .count = 1,
+ };
+
+ ioctl(vdev->fd, VFIO_DEVICE_SET_IRQS, &irq_set);
+}
+#endif
+
+/*
+ * Disabling BAR mmaping can be slow, but toggling it around INTx can
+ * also be a huge overhead. We try to get the best of both worlds by
+ * waiting until an interrupt to disable mmaps (subsequent transitions
+ * to the same state are effectively no overhead). If the interrupt has
+ * been serviced and the time gap is long enough, we re-enable mmaps for
+ * performance. This works well for things like graphics cards, which
+ * may not use their interrupt at all and are penalized to an unusable
+ * level by read/write BAR traps. Other devices, like NICs, have more
+ * regular interrupts and see much better latency by staying in non-mmap
+ * mode. We therefore set the default mmap_timeout such that a ping
+ * is just enough to keep the mmap disabled. Users can experiment with
+ * other options with the x-intx-mmap-timeout-ms parameter (a value of
+ * zero disables the timer).
+ */
+static void vfio_intx_mmap_enable(void *opaque)
+{
+ VFIODevice *vdev = opaque;
+
+ if (vdev->intx.pending) {
+ qemu_mod_timer(vdev->intx.mmap_timer,
+ qemu_get_clock_ms(vm_clock) + vdev->intx.mmap_timeout);
+ return;
+ }
+
+ vfio_mmap_set_enabled(vdev, true);
+}
+
+static void vfio_intx_interrupt(void *opaque)
+{
+ VFIODevice *vdev = opaque;
+
+ if (!event_notifier_test_and_clear(&vdev->intx.interrupt)) {
+ return;
+ }
+
+ DPRINTF("%s(%04x:%02x:%02x.%x) Pin %c\n", __func__, vdev->host.domain,
+ vdev->host.bus, vdev->host.slot, vdev->host.function,
+ 'A' + vdev->intx.pin);
+
+ vdev->intx.pending = true;
+ qemu_set_irq(vdev->pdev.irq[vdev->intx.pin], 1);
+ vfio_mmap_set_enabled(vdev, false);
+ if (vdev->intx.mmap_timeout) {
+ qemu_mod_timer(vdev->intx.mmap_timer,
+ qemu_get_clock_ms(vm_clock) + vdev->intx.mmap_timeout);
+ }
+}
+
+static void vfio_eoi(VFIODevice *vdev)
+{
+ if (!vdev->intx.pending) {
+ return;
+ }
+
+ DPRINTF("%s(%04x:%02x:%02x.%x) EOI\n", __func__, vdev->host.domain,
+ vdev->host.bus, vdev->host.slot, vdev->host.function);
+
+ vdev->intx.pending = false;
+ qemu_set_irq(vdev->pdev.irq[vdev->intx.pin], 0);
+ vfio_unmask_intx(vdev);
+}
+
+static void vfio_enable_intx_kvm(VFIODevice *vdev)
+{
+#ifdef CONFIG_KVM
+ struct kvm_irqfd irqfd = {
+ .fd = event_notifier_get_fd(&vdev->intx.interrupt),
+ .gsi = vdev->intx.route.irq,
+ .flags = KVM_IRQFD_FLAG_RESAMPLE,
+ };
+ struct vfio_irq_set *irq_set;
+ int ret, argsz;
+ int32_t *pfd;
+
+ if (!VFIO_ALLOW_KVM_INTX || !kvm_irqfds_enabled() ||
+ vdev->intx.route.mode != PCI_INTX_ENABLED ||
+ !kvm_check_extension(kvm_state, KVM_CAP_IRQFD_RESAMPLE)) {
+ return;
+ }
+
+ /* Get to a known interrupt state */
+ qemu_set_fd_handler(irqfd.fd, NULL, NULL, vdev);
+ vfio_mask_intx(vdev);
+ vdev->intx.pending = false;
+ qemu_set_irq(vdev->pdev.irq[vdev->intx.pin], 0);
+
+ /* Get an eventfd for resample/unmask */
+ if (event_notifier_init(&vdev->intx.unmask, 0)) {
+ error_report("vfio: Error: event_notifier_init failed eoi");
+ goto fail;
+ }
+
+ /* KVM triggers it, VFIO listens for it */
+ irqfd.resamplefd = event_notifier_get_fd(&vdev->intx.unmask);
+
+ if (kvm_vm_ioctl(kvm_state, KVM_IRQFD, &irqfd)) {
+ error_report("vfio: Error: Failed to setup resample irqfd: %m");
+ goto fail_irqfd;
+ }
+
+ argsz = sizeof(*irq_set) + sizeof(*pfd);
+
+ irq_set = g_malloc0(argsz);
+ irq_set->argsz = argsz;
+ irq_set->flags = VFIO_IRQ_SET_DATA_EVENTFD | VFIO_IRQ_SET_ACTION_UNMASK;
+ irq_set->index = VFIO_PCI_INTX_IRQ_INDEX;
+ irq_set->start = 0;
+ irq_set->count = 1;
+ pfd = (int32_t *)&irq_set->data;
+
+ *pfd = irqfd.resamplefd;
+
+ ret = ioctl(vdev->fd, VFIO_DEVICE_SET_IRQS, irq_set);
+ g_free(irq_set);
+ if (ret) {
+ error_report("vfio: Error: Failed to setup INTx unmask fd: %m");
+ goto fail_vfio;
+ }
+
+ /* Let'em rip */
+ vfio_unmask_intx(vdev);
+
+ vdev->intx.kvm_accel = true;
+
+ DPRINTF("%s(%04x:%02x:%02x.%x) KVM INTx accel enabled\n",
+ __func__, vdev->host.domain, vdev->host.bus,
+ vdev->host.slot, vdev->host.function);
+
+ return;
+
+fail_vfio:
+ irqfd.flags = KVM_IRQFD_FLAG_DEASSIGN;
+ kvm_vm_ioctl(kvm_state, KVM_IRQFD, &irqfd);
+fail_irqfd:
+ event_notifier_cleanup(&vdev->intx.unmask);
+fail:
+ qemu_set_fd_handler(irqfd.fd, vfio_intx_interrupt, NULL, vdev);
+ vfio_unmask_intx(vdev);
+#endif
+}
+
+static void vfio_disable_intx_kvm(VFIODevice *vdev)
+{
+#ifdef CONFIG_KVM
+ struct kvm_irqfd irqfd = {
+ .fd = event_notifier_get_fd(&vdev->intx.interrupt),
+ .gsi = vdev->intx.route.irq,
+ .flags = KVM_IRQFD_FLAG_DEASSIGN,
+ };
+
+ if (!vdev->intx.kvm_accel) {
+ return;
+ }
+
+ /*
+ * Get to a known state, hardware masked, QEMU ready to accept new
+ * interrupts, QEMU IRQ de-asserted.
+ */
+ vfio_mask_intx(vdev);
+ vdev->intx.pending = false;
+ qemu_set_irq(vdev->pdev.irq[vdev->intx.pin], 0);
+
+ /* Tell KVM to stop listening for an INTx irqfd */
+ if (kvm_vm_ioctl(kvm_state, KVM_IRQFD, &irqfd)) {
+ error_report("vfio: Error: Failed to disable INTx irqfd: %m");
+ }
+
+ /* We only need to close the eventfd for VFIO to cleanup the kernel side */
+ event_notifier_cleanup(&vdev->intx.unmask);
+
+ /* QEMU starts listening for interrupt events. */
+ qemu_set_fd_handler(irqfd.fd, vfio_intx_interrupt, NULL, vdev);
+
+ vdev->intx.kvm_accel = false;
+
+ /* If we've missed an event, let it re-fire through QEMU */
+ vfio_unmask_intx(vdev);
+
+ DPRINTF("%s(%04x:%02x:%02x.%x) KVM INTx accel disabled\n",
+ __func__, vdev->host.domain, vdev->host.bus,
+ vdev->host.slot, vdev->host.function);
+#endif
+}
+
+static void vfio_update_irq(PCIDevice *pdev)
+{
+ VFIODevice *vdev = DO_UPCAST(VFIODevice, pdev, pdev);
+ PCIINTxRoute route;
+
+ if (vdev->interrupt != VFIO_INT_INTx) {
+ return;
+ }
+
+ route = pci_device_route_intx_to_irq(&vdev->pdev, vdev->intx.pin);
+
+ if (!pci_intx_route_changed(&vdev->intx.route, &route)) {
+ return; /* Nothing changed */
+ }
+
+ DPRINTF("%s(%04x:%02x:%02x.%x) IRQ moved %d -> %d\n", __func__,
+ vdev->host.domain, vdev->host.bus, vdev->host.slot,
+ vdev->host.function, vdev->intx.route.irq, route.irq);
+
+ vfio_disable_intx_kvm(vdev);
+
+ vdev->intx.route = route;
+
+ if (route.mode != PCI_INTX_ENABLED) {
+ return;
+ }
+
+ vfio_enable_intx_kvm(vdev);
+
+ /* Re-enable the interrupt in cased we missed an EOI */
+ vfio_eoi(vdev);
+}
+
+static int vfio_enable_intx(VFIODevice *vdev)
+{
+ uint8_t pin = vfio_pci_read_config(&vdev->pdev, PCI_INTERRUPT_PIN, 1);
+ int ret, argsz;
+ struct vfio_irq_set *irq_set;
+ int32_t *pfd;
+
+ if (!pin) {
+ return 0;
+ }
+
+ vfio_disable_interrupts(vdev);
+
+ vdev->intx.pin = pin - 1; /* Pin A (1) -> irq[0] */
+
+#ifdef CONFIG_KVM
+ /*
+ * Only conditional to avoid generating error messages on platforms
+ * where we won't actually use the result anyway.
+ */
+ if (kvm_irqfds_enabled() &&
+ kvm_check_extension(kvm_state, KVM_CAP_IRQFD_RESAMPLE)) {
+ vdev->intx.route = pci_device_route_intx_to_irq(&vdev->pdev,
+ vdev->intx.pin);
+ }
+#endif
+
+ ret = event_notifier_init(&vdev->intx.interrupt, 0);
+ if (ret) {
+ error_report("vfio: Error: event_notifier_init failed");
+ return ret;
+ }
+
+ argsz = sizeof(*irq_set) + sizeof(*pfd);
+
+ irq_set = g_malloc0(argsz);
+ irq_set->argsz = argsz;
+ irq_set->flags = VFIO_IRQ_SET_DATA_EVENTFD | VFIO_IRQ_SET_ACTION_TRIGGER;
+ irq_set->index = VFIO_PCI_INTX_IRQ_INDEX;
+ irq_set->start = 0;
+ irq_set->count = 1;
+ pfd = (int32_t *)&irq_set->data;
+
+ *pfd = event_notifier_get_fd(&vdev->intx.interrupt);
+ qemu_set_fd_handler(*pfd, vfio_intx_interrupt, NULL, vdev);
+
+ ret = ioctl(vdev->fd, VFIO_DEVICE_SET_IRQS, irq_set);
+ g_free(irq_set);
+ if (ret) {
+ error_report("vfio: Error: Failed to setup INTx fd: %m");
+ qemu_set_fd_handler(*pfd, NULL, NULL, vdev);
+ event_notifier_cleanup(&vdev->intx.interrupt);
+ return -errno;
+ }
+
+ vfio_enable_intx_kvm(vdev);
+
+ vdev->interrupt = VFIO_INT_INTx;
+
+ DPRINTF("%s(%04x:%02x:%02x.%x)\n", __func__, vdev->host.domain,
+ vdev->host.bus, vdev->host.slot, vdev->host.function);
+
+ return 0;
+}
+
+static void vfio_disable_intx(VFIODevice *vdev)
+{
+ int fd;
+
+ qemu_del_timer(vdev->intx.mmap_timer);
+ vfio_disable_intx_kvm(vdev);
+ vfio_disable_irqindex(vdev, VFIO_PCI_INTX_IRQ_INDEX);
+ vdev->intx.pending = false;
+ qemu_set_irq(vdev->pdev.irq[vdev->intx.pin], 0);
+ vfio_mmap_set_enabled(vdev, true);
+
+ fd = event_notifier_get_fd(&vdev->intx.interrupt);
+ qemu_set_fd_handler(fd, NULL, NULL, vdev);
+ event_notifier_cleanup(&vdev->intx.interrupt);
+
+ vdev->interrupt = VFIO_INT_NONE;
+
+ DPRINTF("%s(%04x:%02x:%02x.%x)\n", __func__, vdev->host.domain,
+ vdev->host.bus, vdev->host.slot, vdev->host.function);
+}
+
+/*
+ * MSI/X
+ */
+static void vfio_msi_interrupt(void *opaque)
+{
+ VFIOMSIVector *vector = opaque;
+ VFIODevice *vdev = vector->vdev;
+ int nr = vector - vdev->msi_vectors;
+
+ if (!event_notifier_test_and_clear(&vector->interrupt)) {
+ return;
+ }
+
+ DPRINTF("%s(%04x:%02x:%02x.%x) vector %d\n", __func__,
+ vdev->host.domain, vdev->host.bus, vdev->host.slot,
+ vdev->host.function, nr);
+
+ if (vdev->interrupt == VFIO_INT_MSIX) {
+ msix_notify(&vdev->pdev, nr);
+ } else if (vdev->interrupt == VFIO_INT_MSI) {
+ msi_notify(&vdev->pdev, nr);
+ } else {
+ error_report("vfio: MSI interrupt receieved, but not enabled?");
+ }
+}
+
+static int vfio_enable_vectors(VFIODevice *vdev, bool msix)
+{
+ struct vfio_irq_set *irq_set;
+ int ret = 0, i, argsz;
+ int32_t *fds;
+
+ argsz = sizeof(*irq_set) + (vdev->nr_vectors * sizeof(*fds));
+
+ irq_set = g_malloc0(argsz);
+ irq_set->argsz = argsz;
+ irq_set->flags = VFIO_IRQ_SET_DATA_EVENTFD | VFIO_IRQ_SET_ACTION_TRIGGER;
+ irq_set->index = msix ? VFIO_PCI_MSIX_IRQ_INDEX : VFIO_PCI_MSI_IRQ_INDEX;
+ irq_set->start = 0;
+ irq_set->count = vdev->nr_vectors;
+ fds = (int32_t *)&irq_set->data;
+
+ for (i = 0; i < vdev->nr_vectors; i++) {
+ if (!vdev->msi_vectors[i].use) {
+ fds[i] = -1;
+ continue;
+ }
+
+ fds[i] = event_notifier_get_fd(&vdev->msi_vectors[i].interrupt);
+ }
+
+ ret = ioctl(vdev->fd, VFIO_DEVICE_SET_IRQS, irq_set);
+
+ g_free(irq_set);
+
+ return ret;
+}
+
+static int vfio_msix_vector_do_use(PCIDevice *pdev, unsigned int nr,
+ MSIMessage *msg, IOHandler *handler)
+{
+ VFIODevice *vdev = DO_UPCAST(VFIODevice, pdev, pdev);
+ VFIOMSIVector *vector;
+ int ret;
+
+ DPRINTF("%s(%04x:%02x:%02x.%x) vector %d used\n", __func__,
+ vdev->host.domain, vdev->host.bus, vdev->host.slot,
+ vdev->host.function, nr);
+
+ vector = &vdev->msi_vectors[nr];
+ vector->vdev = vdev;
+ vector->use = true;
+
+ msix_vector_use(pdev, nr);
+
+ if (event_notifier_init(&vector->interrupt, 0)) {
+ error_report("vfio: Error: event_notifier_init failed");
+ }
+
+ /*
+ * Attempt to enable route through KVM irqchip,
+ * default to userspace handling if unavailable.
+ */
+ vector->virq = msg ? kvm_irqchip_add_msi_route(kvm_state, *msg) : -1;
+ if (vector->virq < 0 ||
+ kvm_irqchip_add_irqfd_notifier(kvm_state, &vector->interrupt,
+ vector->virq) < 0) {
+ if (vector->virq >= 0) {
+ kvm_irqchip_release_virq(kvm_state, vector->virq);
+ vector->virq = -1;
+ }
+ qemu_set_fd_handler(event_notifier_get_fd(&vector->interrupt),
+ handler, NULL, vector);
+ }
+
+ /*
+ * We don't want to have the host allocate all possible MSI vectors
+ * for a device if they're not in use, so we shutdown and incrementally
+ * increase them as needed.
+ */
+ if (vdev->nr_vectors < nr + 1) {
+ vfio_disable_irqindex(vdev, VFIO_PCI_MSIX_IRQ_INDEX);
+ vdev->nr_vectors = nr + 1;
+ ret = vfio_enable_vectors(vdev, true);
+ if (ret) {
+ error_report("vfio: failed to enable vectors, %d", ret);
+ }
+ } else {
+ int argsz;
+ struct vfio_irq_set *irq_set;
+ int32_t *pfd;
+
+ argsz = sizeof(*irq_set) + sizeof(*pfd);
+
+ irq_set = g_malloc0(argsz);
+ irq_set->argsz = argsz;
+ irq_set->flags = VFIO_IRQ_SET_DATA_EVENTFD |
+ VFIO_IRQ_SET_ACTION_TRIGGER;
+ irq_set->index = VFIO_PCI_MSIX_IRQ_INDEX;
+ irq_set->start = nr;
+ irq_set->count = 1;
+ pfd = (int32_t *)&irq_set->data;
+
+ *pfd = event_notifier_get_fd(&vector->interrupt);
+
+ ret = ioctl(vdev->fd, VFIO_DEVICE_SET_IRQS, irq_set);
+ g_free(irq_set);
+ if (ret) {
+ error_report("vfio: failed to modify vector, %d", ret);
+ }
+ }
+
+ return 0;
+}
+
+static int vfio_msix_vector_use(PCIDevice *pdev,
+ unsigned int nr, MSIMessage msg)
+{
+ return vfio_msix_vector_do_use(pdev, nr, &msg, vfio_msi_interrupt);
+}
+
+static void vfio_msix_vector_release(PCIDevice *pdev, unsigned int nr)
+{
+ VFIODevice *vdev = DO_UPCAST(VFIODevice, pdev, pdev);
+ VFIOMSIVector *vector = &vdev->msi_vectors[nr];
+ int argsz;
+ struct vfio_irq_set *irq_set;
+ int32_t *pfd;
+
+ DPRINTF("%s(%04x:%02x:%02x.%x) vector %d released\n", __func__,
+ vdev->host.domain, vdev->host.bus, vdev->host.slot,
+ vdev->host.function, nr);
+
+ /*
+ * XXX What's the right thing to do here? This turns off the interrupt
+ * completely, but do we really just want to switch the interrupt to
+ * bouncing through userspace and let msix.c drop it? Not sure.
+ */
+ msix_vector_unuse(pdev, nr);
+
+ argsz = sizeof(*irq_set) + sizeof(*pfd);
+
+ irq_set = g_malloc0(argsz);
+ irq_set->argsz = argsz;
+ irq_set->flags = VFIO_IRQ_SET_DATA_EVENTFD |
+ VFIO_IRQ_SET_ACTION_TRIGGER;
+ irq_set->index = VFIO_PCI_MSIX_IRQ_INDEX;
+ irq_set->start = nr;
+ irq_set->count = 1;
+ pfd = (int32_t *)&irq_set->data;
+
+ *pfd = -1;
+
+ ioctl(vdev->fd, VFIO_DEVICE_SET_IRQS, irq_set);
+
+ g_free(irq_set);
+
+ if (vector->virq < 0) {
+ qemu_set_fd_handler(event_notifier_get_fd(&vector->interrupt),
+ NULL, NULL, NULL);
+ } else {
+ kvm_irqchip_remove_irqfd_notifier(kvm_state, &vector->interrupt,
+ vector->virq);
+ kvm_irqchip_release_virq(kvm_state, vector->virq);
+ vector->virq = -1;
+ }
+
+ event_notifier_cleanup(&vector->interrupt);
+ vector->use = false;
+}
+
+static void vfio_enable_msix(VFIODevice *vdev)
+{
+ vfio_disable_interrupts(vdev);
+
+ vdev->msi_vectors = g_malloc0(vdev->msix->entries * sizeof(VFIOMSIVector));
+
+ vdev->interrupt = VFIO_INT_MSIX;
+
+ /*
+ * Some communication channels between VF & PF or PF & fw rely on the
+ * physical state of the device and expect that enabling MSI-X from the
+ * guest enables the same on the host. When our guest is Linux, the
+ * guest driver call to pci_enable_msix() sets the enabling bit in the
+ * MSI-X capability, but leaves the vector table masked. We therefore
+ * can't rely on a vector_use callback (from request_irq() in the guest)
+ * to switch the physical device into MSI-X mode because that may come a
+ * long time after pci_enable_msix(). This code enables vector 0 with
+ * triggering to userspace, then immediately release the vector, leaving
+ * the physical device with no vectors enabled, but MSI-X enabled, just
+ * like the guest view.
+ */
+ vfio_msix_vector_do_use(&vdev->pdev, 0, NULL, NULL);
+ vfio_msix_vector_release(&vdev->pdev, 0);
+
+ if (msix_set_vector_notifiers(&vdev->pdev, vfio_msix_vector_use,
+ vfio_msix_vector_release, NULL)) {
+ error_report("vfio: msix_set_vector_notifiers failed");
+ }
+
+ DPRINTF("%s(%04x:%02x:%02x.%x)\n", __func__, vdev->host.domain,
+ vdev->host.bus, vdev->host.slot, vdev->host.function);
+}
+
+static void vfio_enable_msi(VFIODevice *vdev)
+{
+ int ret, i;
+
+ vfio_disable_interrupts(vdev);
+
+ vdev->nr_vectors = msi_nr_vectors_allocated(&vdev->pdev);
+retry:
+ vdev->msi_vectors = g_malloc0(vdev->nr_vectors * sizeof(VFIOMSIVector));
+
+ for (i = 0; i < vdev->nr_vectors; i++) {
+ MSIMessage msg;
+ VFIOMSIVector *vector = &vdev->msi_vectors[i];
+
+ vector->vdev = vdev;
+ vector->use = true;
+
+ if (event_notifier_init(&vector->interrupt, 0)) {
+ error_report("vfio: Error: event_notifier_init failed");
+ }
+
+ msg = msi_get_message(&vdev->pdev, i);
+
+ /*
+ * Attempt to enable route through KVM irqchip,
+ * default to userspace handling if unavailable.
+ */
+ vector->virq = kvm_irqchip_add_msi_route(kvm_state, msg);
+ if (vector->virq < 0 ||
+ kvm_irqchip_add_irqfd_notifier(kvm_state, &vector->interrupt,
+ vector->virq) < 0) {
+ qemu_set_fd_handler(event_notifier_get_fd(&vector->interrupt),
+ vfio_msi_interrupt, NULL, vector);
+ }
+ }
+
+ ret = vfio_enable_vectors(vdev, false);
+ if (ret) {
+ if (ret < 0) {
+ error_report("vfio: Error: Failed to setup MSI fds: %m");
+ } else if (ret != vdev->nr_vectors) {
+ error_report("vfio: Error: Failed to enable %d "
+ "MSI vectors, retry with %d", vdev->nr_vectors, ret);
+ }
+
+ for (i = 0; i < vdev->nr_vectors; i++) {
+ VFIOMSIVector *vector = &vdev->msi_vectors[i];
+ if (vector->virq >= 0) {
+ kvm_irqchip_remove_irqfd_notifier(kvm_state, &vector->interrupt,
+ vector->virq);
+ kvm_irqchip_release_virq(kvm_state, vector->virq);
+ vector->virq = -1;
+ } else {
+ qemu_set_fd_handler(event_notifier_get_fd(&vector->interrupt),
+ NULL, NULL, NULL);
+ }
+ event_notifier_cleanup(&vector->interrupt);
+ }
+
+ g_free(vdev->msi_vectors);
+
+ if (ret > 0 && ret != vdev->nr_vectors) {
+ vdev->nr_vectors = ret;
+ goto retry;
+ }
+ vdev->nr_vectors = 0;
+
+ return;
+ }
+
+ vdev->interrupt = VFIO_INT_MSI;
+
+ DPRINTF("%s(%04x:%02x:%02x.%x) Enabled %d MSI vectors\n", __func__,
+ vdev->host.domain, vdev->host.bus, vdev->host.slot,
+ vdev->host.function, vdev->nr_vectors);
+}
+
+static void vfio_disable_msi_common(VFIODevice *vdev)
+{
+ g_free(vdev->msi_vectors);
+ vdev->msi_vectors = NULL;
+ vdev->nr_vectors = 0;
+ vdev->interrupt = VFIO_INT_NONE;
+
+ vfio_enable_intx(vdev);
+}
+
+static void vfio_disable_msix(VFIODevice *vdev)
+{
+ msix_unset_vector_notifiers(&vdev->pdev);
+
+ if (vdev->nr_vectors) {
+ vfio_disable_irqindex(vdev, VFIO_PCI_MSIX_IRQ_INDEX);
+ }
+
+ vfio_disable_msi_common(vdev);
+
+ DPRINTF("%s(%04x:%02x:%02x.%x)\n", __func__, vdev->host.domain,
+ vdev->host.bus, vdev->host.slot, vdev->host.function);
+}
+
+static void vfio_disable_msi(VFIODevice *vdev)
+{
+ int i;
+
+ vfio_disable_irqindex(vdev, VFIO_PCI_MSI_IRQ_INDEX);
+
+ for (i = 0; i < vdev->nr_vectors; i++) {
+ VFIOMSIVector *vector = &vdev->msi_vectors[i];
+
+ if (!vector->use) {
+ continue;
+ }
+
+ if (vector->virq >= 0) {
+ kvm_irqchip_remove_irqfd_notifier(kvm_state,
+ &vector->interrupt, vector->virq);
+ kvm_irqchip_release_virq(kvm_state, vector->virq);
+ vector->virq = -1;
+ } else {
+ qemu_set_fd_handler(event_notifier_get_fd(&vector->interrupt),
+ NULL, NULL, NULL);
+ }
+
+ event_notifier_cleanup(&vector->interrupt);
+ }
+
+ vfio_disable_msi_common(vdev);
+
+ DPRINTF("%s(%04x:%02x:%02x.%x)\n", __func__, vdev->host.domain,
+ vdev->host.bus, vdev->host.slot, vdev->host.function);
+}
+
+/*
+ * IO Port/MMIO - Beware of the endians, VFIO is always little endian
+ */
+static void vfio_bar_write(void *opaque, hwaddr addr,
+ uint64_t data, unsigned size)
+{
+ VFIOBAR *bar = opaque;
+ union {
+ uint8_t byte;
+ uint16_t word;
+ uint32_t dword;
+ uint64_t qword;
+ } buf;
+
+ switch (size) {
+ case 1:
+ buf.byte = data;
+ break;
+ case 2:
+ buf.word = cpu_to_le16(data);
+ break;
+ case 4:
+ buf.dword = cpu_to_le32(data);
+ break;
+ default:
+ hw_error("vfio: unsupported write size, %d bytes\n", size);
+ break;
+ }
+
+ if (pwrite(bar->fd, &buf, size, bar->fd_offset + addr) != size) {
+ error_report("%s(,0x%"HWADDR_PRIx", 0x%"PRIx64", %d) failed: %m",
+ __func__, addr, data, size);
+ }
+
+#ifdef DEBUG_VFIO
+ {
+ VFIODevice *vdev = container_of(bar, VFIODevice, bars[bar->nr]);
+
+ DPRINTF("%s(%04x:%02x:%02x.%x:BAR%d+0x%"HWADDR_PRIx", 0x%"PRIx64
+ ", %d)\n", __func__, vdev->host.domain, vdev->host.bus,
+ vdev->host.slot, vdev->host.function, bar->nr, addr,
+ data, size);
+ }
+#endif
+
+ /*
+ * A read or write to a BAR always signals an INTx EOI. This will
+ * do nothing if not pending (including not in INTx mode). We assume
+ * that a BAR access is in response to an interrupt and that BAR
+ * accesses will service the interrupt. Unfortunately, we don't know
+ * which access will service the interrupt, so we're potentially
+ * getting quite a few host interrupts per guest interrupt.
+ */
+ vfio_eoi(container_of(bar, VFIODevice, bars[bar->nr]));
+}
+
+static uint64_t vfio_bar_read(void *opaque,
+ hwaddr addr, unsigned size)
+{
+ VFIOBAR *bar = opaque;
+ union {
+ uint8_t byte;
+ uint16_t word;
+ uint32_t dword;
+ uint64_t qword;
+ } buf;
+ uint64_t data = 0;
+
+ if (pread(bar->fd, &buf, size, bar->fd_offset + addr) != size) {
+ error_report("%s(,0x%"HWADDR_PRIx", %d) failed: %m",
+ __func__, addr, size);
+ return (uint64_t)-1;
+ }
+
+ switch (size) {
+ case 1:
+ data = buf.byte;
+ break;
+ case 2:
+ data = le16_to_cpu(buf.word);
+ break;
+ case 4:
+ data = le32_to_cpu(buf.dword);
+ break;
+ default:
+ hw_error("vfio: unsupported read size, %d bytes\n", size);
+ break;
+ }
+
+#ifdef DEBUG_VFIO
+ {
+ VFIODevice *vdev = container_of(bar, VFIODevice, bars[bar->nr]);
+
+ DPRINTF("%s(%04x:%02x:%02x.%x:BAR%d+0x%"HWADDR_PRIx
+ ", %d) = 0x%"PRIx64"\n", __func__, vdev->host.domain,
+ vdev->host.bus, vdev->host.slot, vdev->host.function,
+ bar->nr, addr, size, data);
+ }
+#endif
+
+ /* Same as write above */
+ vfio_eoi(container_of(bar, VFIODevice, bars[bar->nr]));
+
+ return data;
+}
+
+static const MemoryRegionOps vfio_bar_ops = {
+ .read = vfio_bar_read,
+ .write = vfio_bar_write,
+ .endianness = DEVICE_LITTLE_ENDIAN,
+};
+
+static void vfio_vga_write(void *opaque, hwaddr addr,
+ uint64_t data, unsigned size)
+{
+ VFIOVGARegion *region = opaque;
+ VFIOVGA *vga = container_of(region, VFIOVGA, region[region->nr]);
+ union {
+ uint8_t byte;
+ uint16_t word;
+ uint32_t dword;
+ uint64_t qword;
+ } buf;
+ off_t offset = vga->fd_offset + region->offset + addr;
+
+ switch (size) {
+ case 1:
+ buf.byte = data;
+ break;
+ case 2:
+ buf.word = cpu_to_le16(data);
+ break;
+ case 4:
+ buf.dword = cpu_to_le32(data);
+ break;
+ default:
+ hw_error("vfio: unsupported write size, %d bytes\n", size);
+ break;
+ }
+
+ if (pwrite(vga->fd, &buf, size, offset) != size) {
+ error_report("%s(,0x%"HWADDR_PRIx", 0x%"PRIx64", %d) failed: %m",
+ __func__, region->offset + addr, data, size);
+ }
+
+ DPRINTF("%s(0x%"HWADDR_PRIx", 0x%"PRIx64", %d)\n",
+ __func__, region->offset + addr, data, size);
+}
+
+static uint64_t vfio_vga_read(void *opaque, hwaddr addr, unsigned size)
+{
+ VFIOVGARegion *region = opaque;
+ VFIOVGA *vga = container_of(region, VFIOVGA, region[region->nr]);
+ union {
+ uint8_t byte;
+ uint16_t word;
+ uint32_t dword;
+ uint64_t qword;
+ } buf;
+ uint64_t data = 0;
+ off_t offset = vga->fd_offset + region->offset + addr;
+
+ if (pread(vga->fd, &buf, size, offset) != size) {
+ error_report("%s(,0x%"HWADDR_PRIx", %d) failed: %m",
+ __func__, region->offset + addr, size);
+ return (uint64_t)-1;
+ }
+
+ switch (size) {
+ case 1:
+ data = buf.byte;
+ break;
+ case 2:
+ data = le16_to_cpu(buf.word);
+ break;
+ case 4:
+ data = le32_to_cpu(buf.dword);
+ break;
+ default:
+ hw_error("vfio: unsupported read size, %d bytes\n", size);
+ break;
+ }
+
+ DPRINTF("%s(0x%"HWADDR_PRIx", %d) = 0x%"PRIx64"\n",
+ __func__, region->offset + addr, size, data);
+
+ return data;
+}
+
+static const MemoryRegionOps vfio_vga_ops = {
+ .read = vfio_vga_read,
+ .write = vfio_vga_write,
+ .endianness = DEVICE_LITTLE_ENDIAN,
+};
+
+/*
+ * Device specific quirks
+ */
+
+/* Is range1 fully contained within range2? */
+static bool vfio_range_contained(uint64_t first1, uint64_t len1,
+ uint64_t first2, uint64_t len2) {
+ return (first1 >= first2 && first1 + len1 <= first2 + len2);
+}
+
+static bool vfio_flags_enabled(uint8_t flags, uint8_t mask)
+{
+ return (mask && (flags & mask) == mask);
+}
+
+static uint64_t vfio_generic_window_quirk_read(void *opaque,
+ hwaddr addr, unsigned size)
+{
+ VFIOQuirk *quirk = opaque;
+ VFIODevice *vdev = quirk->vdev;
+ uint64_t data;
+
+ if (vfio_flags_enabled(quirk->data.flags, quirk->data.read_flags) &&
+ ranges_overlap(addr, size,
+ quirk->data.data_offset, quirk->data.data_size)) {
+ hwaddr offset = addr - quirk->data.data_offset;
+
+ if (!vfio_range_contained(addr, size, quirk->data.data_offset,
+ quirk->data.data_size)) {
+ hw_error("%s: window data read not fully contained: %s\n",
+ __func__, memory_region_name(&quirk->mem));
+ }
+
+ data = vfio_pci_read_config(&vdev->pdev,
+ quirk->data.address_val + offset, size);
+
+ DPRINTF("%s read(%04x:%02x:%02x.%x:BAR%d+0x%"HWADDR_PRIx", %d) = 0x%"
+ PRIx64"\n", memory_region_name(&quirk->mem), vdev->host.domain,
+ vdev->host.bus, vdev->host.slot, vdev->host.function,
+ quirk->data.bar, addr, size, data);
+ } else {
+ data = vfio_bar_read(&vdev->bars[quirk->data.bar],
+ addr + quirk->data.base_offset, size);
+ }
+
+ return data;
+}
+
+static void vfio_generic_window_quirk_write(void *opaque, hwaddr addr,
+ uint64_t data, unsigned size)
+{
+ VFIOQuirk *quirk = opaque;
+ VFIODevice *vdev = quirk->vdev;
+
+ if (ranges_overlap(addr, size,
+ quirk->data.address_offset, quirk->data.address_size)) {
+
+ if (addr != quirk->data.address_offset) {
+ hw_error("%s: offset write into address window: %s\n",
+ __func__, memory_region_name(&quirk->mem));
+ }
+
+ if ((data & ~quirk->data.address_mask) == quirk->data.address_match) {
+ quirk->data.flags |= quirk->data.write_flags |
+ quirk->data.read_flags;
+ quirk->data.address_val = data & quirk->data.address_mask;
+ } else {
+ quirk->data.flags &= ~(quirk->data.write_flags |
+ quirk->data.read_flags);
+ }
+ }
+
+ if (vfio_flags_enabled(quirk->data.flags, quirk->data.write_flags) &&
+ ranges_overlap(addr, size,
+ quirk->data.data_offset, quirk->data.data_size)) {
+ hwaddr offset = addr - quirk->data.data_offset;
+
+ if (!vfio_range_contained(addr, size, quirk->data.data_offset,
+ quirk->data.data_size)) {
+ hw_error("%s: window data write not fully contained: %s\n",
+ __func__, memory_region_name(&quirk->mem));
+ }
+
+ vfio_pci_write_config(&vdev->pdev,
+ quirk->data.address_val + offset, data, size);
+ DPRINTF("%s write(%04x:%02x:%02x.%x:BAR%d+0x%"HWADDR_PRIx", 0x%"
+ PRIx64", %d)\n", memory_region_name(&quirk->mem),
+ vdev->host.domain, vdev->host.bus, vdev->host.slot,
+ vdev->host.function, quirk->data.bar, addr, data, size);
+ return;
+ }
+
+ vfio_bar_write(&vdev->bars[quirk->data.bar],
+ addr + quirk->data.base_offset, data, size);
+}
+
+static const MemoryRegionOps vfio_generic_window_quirk = {
+ .read = vfio_generic_window_quirk_read,
+ .write = vfio_generic_window_quirk_write,
+ .endianness = DEVICE_LITTLE_ENDIAN,
+};
+
+static uint64_t vfio_generic_quirk_read(void *opaque,
+ hwaddr addr, unsigned size)
+{
+ VFIOQuirk *quirk = opaque;
+ VFIODevice *vdev = quirk->vdev;
+ hwaddr base = quirk->data.address_match & TARGET_PAGE_MASK;
+ hwaddr offset = quirk->data.address_match & ~TARGET_PAGE_MASK;
+ uint64_t data;
+
+ if (vfio_flags_enabled(quirk->data.flags, quirk->data.read_flags) &&
+ ranges_overlap(addr, size, offset, quirk->data.address_mask + 1)) {
+ if (!vfio_range_contained(addr, size, offset,
+ quirk->data.address_mask + 1)) {
+ hw_error("%s: read not fully contained: %s\n",
+ __func__, memory_region_name(&quirk->mem));
+ }
+
+ data = vfio_pci_read_config(&vdev->pdev, addr - offset, size);
+
+ DPRINTF("%s read(%04x:%02x:%02x.%x:BAR%d+0x%"HWADDR_PRIx", %d) = 0x%"
+ PRIx64"\n", memory_region_name(&quirk->mem), vdev->host.domain,
+ vdev->host.bus, vdev->host.slot, vdev->host.function,
+ quirk->data.bar, addr + base, size, data);
+ } else {
+ data = vfio_bar_read(&vdev->bars[quirk->data.bar], addr + base, size);
+ }
+
+ return data;
+}
+
+static void vfio_generic_quirk_write(void *opaque, hwaddr addr,
+ uint64_t data, unsigned size)
+{
+ VFIOQuirk *quirk = opaque;
+ VFIODevice *vdev = quirk->vdev;
+ hwaddr base = quirk->data.address_match & TARGET_PAGE_MASK;
+ hwaddr offset = quirk->data.address_match & ~TARGET_PAGE_MASK;
+
+ if (vfio_flags_enabled(quirk->data.flags, quirk->data.write_flags) &&
+ ranges_overlap(addr, size, offset, quirk->data.address_mask + 1)) {
+ if (!vfio_range_contained(addr, size, offset,
+ quirk->data.address_mask + 1)) {
+ hw_error("%s: write not fully contained: %s\n",
+ __func__, memory_region_name(&quirk->mem));
+ }
+
+ vfio_pci_write_config(&vdev->pdev, addr - offset, data, size);
+
+ DPRINTF("%s write(%04x:%02x:%02x.%x:BAR%d+0x%"HWADDR_PRIx", 0x%"
+ PRIx64", %d)\n", memory_region_name(&quirk->mem),
+ vdev->host.domain, vdev->host.bus, vdev->host.slot,
+ vdev->host.function, quirk->data.bar, addr + base, data, size);
+ } else {
+ vfio_bar_write(&vdev->bars[quirk->data.bar], addr + base, data, size);
+ }
+}
+
+static const MemoryRegionOps vfio_generic_quirk = {
+ .read = vfio_generic_quirk_read,
+ .write = vfio_generic_quirk_write,
+ .endianness = DEVICE_LITTLE_ENDIAN,
+};
+
+#define PCI_VENDOR_ID_ATI 0x1002
+
+/*
+ * Radeon HD cards (HD5450 & HD7850) report the upper byte of the I/O port BAR
+ * through VGA register 0x3c3. On newer cards, the I/O port BAR is always
+ * BAR4 (older cards like the X550 used BAR1, but we don't care to support
+ * those). Note that on bare metal, a read of 0x3c3 doesn't always return the
+ * I/O port BAR address. Originally this was coded to return the virtual BAR
+ * address only if the physical register read returns the actual BAR address,
+ * but users have reported greater success if we return the virtual address
+ * unconditionally.
+ */
+static uint64_t vfio_ati_3c3_quirk_read(void *opaque,
+ hwaddr addr, unsigned size)
+{
+ VFIOQuirk *quirk = opaque;
+ VFIODevice *vdev = quirk->vdev;
+ uint64_t data = vfio_pci_read_config(&vdev->pdev,
+ PCI_BASE_ADDRESS_0 + (4 * 4) + 1,
+ size);
+ DPRINTF("%s(0x3c3, 1) = 0x%"PRIx64"\n", __func__, data);
+
+ return data;
+}
+
+static const MemoryRegionOps vfio_ati_3c3_quirk = {
+ .read = vfio_ati_3c3_quirk_read,
+ .endianness = DEVICE_LITTLE_ENDIAN,
+};
+
+static void vfio_vga_probe_ati_3c3_quirk(VFIODevice *vdev)
+{
+ PCIDevice *pdev = &vdev->pdev;
+ VFIOQuirk *quirk;
+
+ if (pci_get_word(pdev->config + PCI_VENDOR_ID) != PCI_VENDOR_ID_ATI) {
+ return;
+ }
+
+ /*
+ * As long as the BAR is >= 256 bytes it will be aligned such that the
+ * lower byte is always zero. Filter out anything else, if it exists.
+ */
+ if (!vdev->bars[4].ioport || vdev->bars[4].size < 256) {
+ return;
+ }
+
+ quirk = g_malloc0(sizeof(*quirk));
+ quirk->vdev = vdev;
+
+ memory_region_init_io(&quirk->mem, OBJECT(vdev), &vfio_ati_3c3_quirk, quirk,
+ "vfio-ati-3c3-quirk", 1);
+ memory_region_add_subregion(&vdev->vga.region[QEMU_PCI_VGA_IO_HI].mem,
+ 3 /* offset 3 bytes from 0x3c0 */, &quirk->mem);
+
+ QLIST_INSERT_HEAD(&vdev->vga.region[QEMU_PCI_VGA_IO_HI].quirks,
+ quirk, next);
+
+ DPRINTF("Enabled ATI/AMD quirk 0x3c3 BAR4for device %04x:%02x:%02x.%x\n",
+ vdev->host.domain, vdev->host.bus, vdev->host.slot,
+ vdev->host.function);
+}
+
+/*
+ * Newer ATI/AMD devices, including HD5450 and HD7850, have a window to PCI
+ * config space through MMIO BAR2 at offset 0x4000. Nothing seems to access
+ * the MMIO space directly, but a window to this space is provided through
+ * I/O port BAR4. Offset 0x0 is the address register and offset 0x4 is the
+ * data register. When the address is programmed to a range of 0x4000-0x4fff
+ * PCI configuration space is available. Experimentation seems to indicate
+ * that only read-only access is provided, but we drop writes when the window
+ * is enabled to config space nonetheless.
+ */
+static void vfio_probe_ati_bar4_window_quirk(VFIODevice *vdev, int nr)
+{
+ PCIDevice *pdev = &vdev->pdev;
+ VFIOQuirk *quirk;
+
+ if (!vdev->has_vga || nr != 4 ||
+ pci_get_word(pdev->config + PCI_VENDOR_ID) != PCI_VENDOR_ID_ATI) {
+ return;
+ }
+
+ quirk = g_malloc0(sizeof(*quirk));
+ quirk->vdev = vdev;
+ quirk->data.address_size = 4;
+ quirk->data.data_offset = 4;
+ quirk->data.data_size = 4;
+ quirk->data.address_match = 0x4000;
+ quirk->data.address_mask = PCIE_CONFIG_SPACE_SIZE - 1;
+ quirk->data.bar = nr;
+ quirk->data.read_flags = quirk->data.write_flags = 1;
+
+ memory_region_init_io(&quirk->mem, OBJECT(vdev),
+ &vfio_generic_window_quirk, quirk,
+ "vfio-ati-bar4-window-quirk", 8);
+ memory_region_add_subregion_overlap(&vdev->bars[nr].mem,
+ quirk->data.base_offset, &quirk->mem, 1);
+
+ QLIST_INSERT_HEAD(&vdev->bars[nr].quirks, quirk, next);
+
+ DPRINTF("Enabled ATI/AMD BAR4 window quirk for device %04x:%02x:%02x.%x\n",
+ vdev->host.domain, vdev->host.bus, vdev->host.slot,
+ vdev->host.function);
+}
+
+/*
+ * Trap the BAR2 MMIO window to config space as well.
+ */
+static void vfio_probe_ati_bar2_4000_quirk(VFIODevice *vdev, int nr)
+{
+ PCIDevice *pdev = &vdev->pdev;
+ VFIOQuirk *quirk;
+
+ /* Only enable on newer devices where BAR2 is 64bit */
+ if (!vdev->has_vga || nr != 2 || !vdev->bars[2].mem64 ||
+ pci_get_word(pdev->config + PCI_VENDOR_ID) != PCI_VENDOR_ID_ATI) {
+ return;
+ }
+
+ quirk = g_malloc0(sizeof(*quirk));
+ quirk->vdev = vdev;
+ quirk->data.flags = quirk->data.read_flags = quirk->data.write_flags = 1;
+ quirk->data.address_match = 0x4000;
+ quirk->data.address_mask = PCIE_CONFIG_SPACE_SIZE - 1;
+ quirk->data.bar = nr;
+
+ memory_region_init_io(&quirk->mem, OBJECT(vdev), &vfio_generic_quirk, quirk,
+ "vfio-ati-bar2-4000-quirk",
+ TARGET_PAGE_ALIGN(quirk->data.address_mask + 1));
+ memory_region_add_subregion_overlap(&vdev->bars[nr].mem,
+ quirk->data.address_match & TARGET_PAGE_MASK,
+ &quirk->mem, 1);
+
+ QLIST_INSERT_HEAD(&vdev->bars[nr].quirks, quirk, next);
+
+ DPRINTF("Enabled ATI/AMD BAR2 0x4000 quirk for device %04x:%02x:%02x.%x\n",
+ vdev->host.domain, vdev->host.bus, vdev->host.slot,
+ vdev->host.function);
+}
+
+/*
+ * Older ATI/AMD cards like the X550 have a similar window to that above.
+ * I/O port BAR1 provides a window to a mirror of PCI config space located
+ * in BAR2 at offset 0xf00. We don't care to support such older cards, but
+ * note it for future reference.
+ */
+
+#define PCI_VENDOR_ID_NVIDIA 0x10de
+
+/*
+ * Nvidia has several different methods to get to config space, the
+ * nouveu project has several of these documented here:
+ * https://github.com/pathscale/envytools/tree/master/hwdocs
+ *
+ * The first quirk is actually not documented in envytools and is found
+ * on 10de:01d1 (NVIDIA Corporation G72 [GeForce 7300 LE]). This is an
+ * NV46 chipset. The backdoor uses the legacy VGA I/O ports to access
+ * the mirror of PCI config space found at BAR0 offset 0x1800. The access
+ * sequence first writes 0x338 to I/O port 0x3d4. The target offset is
+ * then written to 0x3d0. Finally 0x538 is written for a read and 0x738
+ * is written for a write to 0x3d4. The BAR0 offset is then accessible
+ * through 0x3d0. This quirk doesn't seem to be necessary on newer cards
+ * that use the I/O port BAR5 window but it doesn't hurt to leave it.
+ */
+enum {
+ NV_3D0_NONE = 0,
+ NV_3D0_SELECT,
+ NV_3D0_WINDOW,
+ NV_3D0_READ,
+ NV_3D0_WRITE,
+};
+
+static uint64_t vfio_nvidia_3d0_quirk_read(void *opaque,
+ hwaddr addr, unsigned size)
+{
+ VFIOQuirk *quirk = opaque;
+ VFIODevice *vdev = quirk->vdev;
+ PCIDevice *pdev = &vdev->pdev;
+ uint64_t data = vfio_vga_read(&vdev->vga.region[QEMU_PCI_VGA_IO_HI],
+ addr + quirk->data.base_offset, size);
+
+ if (quirk->data.flags == NV_3D0_READ && addr == quirk->data.data_offset) {
+ data = vfio_pci_read_config(pdev, quirk->data.address_val, size);
+ DPRINTF("%s(0x3d0, %d) = 0x%"PRIx64"\n", __func__, size, data);
+ }
+
+ quirk->data.flags = NV_3D0_NONE;
+
+ return data;
+}
+
+static void vfio_nvidia_3d0_quirk_write(void *opaque, hwaddr addr,
+ uint64_t data, unsigned size)
+{
+ VFIOQuirk *quirk = opaque;
+ VFIODevice *vdev = quirk->vdev;
+ PCIDevice *pdev = &vdev->pdev;
+
+ switch (quirk->data.flags) {
+ case NV_3D0_NONE:
+ if (addr == quirk->data.address_offset && data == 0x338) {
+ quirk->data.flags = NV_3D0_SELECT;
+ }
+ break;
+ case NV_3D0_SELECT:
+ quirk->data.flags = NV_3D0_NONE;
+ if (addr == quirk->data.data_offset &&
+ (data & ~quirk->data.address_mask) == quirk->data.address_match) {
+ quirk->data.flags = NV_3D0_WINDOW;
+ quirk->data.address_val = data & quirk->data.address_mask;
+ }
+ break;
+ case NV_3D0_WINDOW:
+ quirk->data.flags = NV_3D0_NONE;
+ if (addr == quirk->data.address_offset) {
+ if (data == 0x538) {
+ quirk->data.flags = NV_3D0_READ;
+ } else if (data == 0x738) {
+ quirk->data.flags = NV_3D0_WRITE;
+ }
+ }
+ break;
+ case NV_3D0_WRITE:
+ quirk->data.flags = NV_3D0_NONE;
+ if (addr == quirk->data.data_offset) {
+ vfio_pci_write_config(pdev, quirk->data.address_val, data, size);
+ DPRINTF("%s(0x3d0, 0x%"PRIx64", %d)\n", __func__, data, size);
+ return;
+ }
+ break;
+ }
+
+ vfio_vga_write(&vdev->vga.region[QEMU_PCI_VGA_IO_HI],
+ addr + quirk->data.base_offset, data, size);
+}
+
+static const MemoryRegionOps vfio_nvidia_3d0_quirk = {
+ .read = vfio_nvidia_3d0_quirk_read,
+ .write = vfio_nvidia_3d0_quirk_write,
+ .endianness = DEVICE_LITTLE_ENDIAN,
+};
+
+static void vfio_vga_probe_nvidia_3d0_quirk(VFIODevice *vdev)
+{
+ PCIDevice *pdev = &vdev->pdev;
+ VFIOQuirk *quirk;
+
+ if (pci_get_word(pdev->config + PCI_VENDOR_ID) != PCI_VENDOR_ID_NVIDIA ||
+ !vdev->bars[1].size) {
+ return;
+ }
+
+ quirk = g_malloc0(sizeof(*quirk));
+ quirk->vdev = vdev;
+ quirk->data.base_offset = 0x10;
+ quirk->data.address_offset = 4;
+ quirk->data.address_size = 2;
+ quirk->data.address_match = 0x1800;
+ quirk->data.address_mask = PCI_CONFIG_SPACE_SIZE - 1;
+ quirk->data.data_offset = 0;
+ quirk->data.data_size = 4;
+
+ memory_region_init_io(&quirk->mem, OBJECT(vdev), &vfio_nvidia_3d0_quirk,
+ quirk, "vfio-nvidia-3d0-quirk", 6);
+ memory_region_add_subregion(&vdev->vga.region[QEMU_PCI_VGA_IO_HI].mem,
+ quirk->data.base_offset, &quirk->mem);
+
+ QLIST_INSERT_HEAD(&vdev->vga.region[QEMU_PCI_VGA_IO_HI].quirks,
+ quirk, next);
+
+ DPRINTF("Enabled NVIDIA VGA 0x3d0 quirk for device %04x:%02x:%02x.%x\n",
+ vdev->host.domain, vdev->host.bus, vdev->host.slot,
+ vdev->host.function);
+}
+
+/*
+ * The second quirk is documented in envytools. The I/O port BAR5 is just
+ * a set of address/data ports to the MMIO BARs. The BAR we care about is
+ * again BAR0. This backdoor is apparently a bit newer than the one above
+ * so we need to not only trap 256 bytes @0x1800, but all of PCI config
+ * space, including extended space is available at the 4k @0x88000.
+ */
+enum {
+ NV_BAR5_ADDRESS = 0x1,
+ NV_BAR5_ENABLE = 0x2,
+ NV_BAR5_MASTER = 0x4,
+ NV_BAR5_VALID = 0x7,
+};
+
+static void vfio_nvidia_bar5_window_quirk_write(void *opaque, hwaddr addr,
+ uint64_t data, unsigned size)
+{
+ VFIOQuirk *quirk = opaque;
+
+ switch (addr) {
+ case 0x0:
+ if (data & 0x1) {
+ quirk->data.flags |= NV_BAR5_MASTER;
+ } else {
+ quirk->data.flags &= ~NV_BAR5_MASTER;
+ }
+ break;
+ case 0x4:
+ if (data & 0x1) {
+ quirk->data.flags |= NV_BAR5_ENABLE;
+ } else {
+ quirk->data.flags &= ~NV_BAR5_ENABLE;
+ }
+ break;
+ case 0x8:
+ if (quirk->data.flags & NV_BAR5_MASTER) {
+ if ((data & ~0xfff) == 0x88000) {
+ quirk->data.flags |= NV_BAR5_ADDRESS;
+ quirk->data.address_val = data & 0xfff;
+ } else if ((data & ~0xff) == 0x1800) {
+ quirk->data.flags |= NV_BAR5_ADDRESS;
+ quirk->data.address_val = data & 0xff;
+ } else {
+ quirk->data.flags &= ~NV_BAR5_ADDRESS;
+ }
+ }
+ break;
+ }
+
+ vfio_generic_window_quirk_write(opaque, addr, data, size);
+}
+
+static const MemoryRegionOps vfio_nvidia_bar5_window_quirk = {
+ .read = vfio_generic_window_quirk_read,
+ .write = vfio_nvidia_bar5_window_quirk_write,
+ .valid.min_access_size = 4,
+ .endianness = DEVICE_LITTLE_ENDIAN,
+};
+
+static void vfio_probe_nvidia_bar5_window_quirk(VFIODevice *vdev, int nr)
+{
+ PCIDevice *pdev = &vdev->pdev;
+ VFIOQuirk *quirk;
+
+ if (!vdev->has_vga || nr != 5 ||
+ pci_get_word(pdev->config + PCI_VENDOR_ID) != PCI_VENDOR_ID_NVIDIA) {
+ return;
+ }
+
+ quirk = g_malloc0(sizeof(*quirk));
+ quirk->vdev = vdev;
+ quirk->data.read_flags = quirk->data.write_flags = NV_BAR5_VALID;
+ quirk->data.address_offset = 0x8;
+ quirk->data.address_size = 0; /* actually 4, but avoids generic code */
+ quirk->data.data_offset = 0xc;
+ quirk->data.data_size = 4;
+ quirk->data.bar = nr;
+
+ memory_region_init_io(&quirk->mem, OBJECT(vdev),
+ &vfio_nvidia_bar5_window_quirk, quirk,
+ "vfio-nvidia-bar5-window-quirk", 16);
+ memory_region_add_subregion_overlap(&vdev->bars[nr].mem, 0, &quirk->mem, 1);
+
+ QLIST_INSERT_HEAD(&vdev->bars[nr].quirks, quirk, next);
+
+ DPRINTF("Enabled NVIDIA BAR5 window quirk for device %04x:%02x:%02x.%x\n",
+ vdev->host.domain, vdev->host.bus, vdev->host.slot,
+ vdev->host.function);
+}
+
+/*
+ * Finally, BAR0 itself. We want to redirect any accesses to either
+ * 0x1800 or 0x88000 through the PCI config space access functions.
+ *
+ * NB - quirk at a page granularity or else they don't seem to work when
+ * BARs are mmap'd
+ *
+ * Here's offset 0x88000...
+ */
+static void vfio_probe_nvidia_bar0_88000_quirk(VFIODevice *vdev, int nr)
+{
+ PCIDevice *pdev = &vdev->pdev;
+ VFIOQuirk *quirk;
+
+ if (!vdev->has_vga || nr != 0 ||
+ pci_get_word(pdev->config + PCI_VENDOR_ID) != PCI_VENDOR_ID_NVIDIA) {
+ return;
+ }
+
+ quirk = g_malloc0(sizeof(*quirk));
+ quirk->vdev = vdev;
+ quirk->data.flags = quirk->data.read_flags = quirk->data.write_flags = 1;
+ quirk->data.address_match = 0x88000;
+ quirk->data.address_mask = PCIE_CONFIG_SPACE_SIZE - 1;
+ quirk->data.bar = nr;
+
+ memory_region_init_io(&quirk->mem, OBJECT(vdev), &vfio_generic_quirk,
+ quirk, "vfio-nvidia-bar0-88000-quirk",
+ TARGET_PAGE_ALIGN(quirk->data.address_mask + 1));
+ memory_region_add_subregion_overlap(&vdev->bars[nr].mem,
+ quirk->data.address_match & TARGET_PAGE_MASK,
+ &quirk->mem, 1);
+
+ QLIST_INSERT_HEAD(&vdev->bars[nr].quirks, quirk, next);
+
+ DPRINTF("Enabled NVIDIA BAR0 0x88000 quirk for device %04x:%02x:%02x.%x\n",
+ vdev->host.domain, vdev->host.bus, vdev->host.slot,
+ vdev->host.function);
+}
+
+/*
+ * And here's the same for BAR0 offset 0x1800...
+ */
+static void vfio_probe_nvidia_bar0_1800_quirk(VFIODevice *vdev, int nr)
+{
+ PCIDevice *pdev = &vdev->pdev;
+ VFIOQuirk *quirk;
+
+ if (!vdev->has_vga || nr != 0 ||
+ pci_get_word(pdev->config + PCI_VENDOR_ID) != PCI_VENDOR_ID_NVIDIA) {
+ return;
+ }
+
+ /* Log the chipset ID */
+ DPRINTF("Nvidia NV%02x\n",
+ (unsigned int)(vfio_bar_read(&vdev->bars[0], 0, 4) >> 20) & 0xff);
+
+ quirk = g_malloc0(sizeof(*quirk));
+ quirk->vdev = vdev;
+ quirk->data.flags = quirk->data.read_flags = quirk->data.write_flags = 1;
+ quirk->data.address_match = 0x1800;
+ quirk->data.address_mask = PCI_CONFIG_SPACE_SIZE - 1;
+ quirk->data.bar = nr;
+
+ memory_region_init_io(&quirk->mem, OBJECT(vdev), &vfio_generic_quirk, quirk,
+ "vfio-nvidia-bar0-1800-quirk",
+ TARGET_PAGE_ALIGN(quirk->data.address_mask + 1));
+ memory_region_add_subregion_overlap(&vdev->bars[nr].mem,
+ quirk->data.address_match & TARGET_PAGE_MASK,
+ &quirk->mem, 1);
+
+ QLIST_INSERT_HEAD(&vdev->bars[nr].quirks, quirk, next);
+
+ DPRINTF("Enabled NVIDIA BAR0 0x1800 quirk for device %04x:%02x:%02x.%x\n",
+ vdev->host.domain, vdev->host.bus, vdev->host.slot,
+ vdev->host.function);
+}
+
+/*
+ * TODO - Some Nvidia devices provide config access to their companion HDA
+ * device and even to their parent bridge via these config space mirrors.
+ * Add quirks for those regions.
+ */
+
+/*
+ * Common quirk probe entry points.
+ */
+static void vfio_vga_quirk_setup(VFIODevice *vdev)
+{
+ vfio_vga_probe_ati_3c3_quirk(vdev);
+ vfio_vga_probe_nvidia_3d0_quirk(vdev);
+}
+
+static void vfio_vga_quirk_teardown(VFIODevice *vdev)
+{
+ int i;
+
+ for (i = 0; i < ARRAY_SIZE(vdev->vga.region); i++) {
+ while (!QLIST_EMPTY(&vdev->vga.region[i].quirks)) {
+ VFIOQuirk *quirk = QLIST_FIRST(&vdev->vga.region[i].quirks);
+ memory_region_del_subregion(&vdev->vga.region[i].mem, &quirk->mem);
+ QLIST_REMOVE(quirk, next);
+ g_free(quirk);
+ }
+ }
+}
+
+static void vfio_bar_quirk_setup(VFIODevice *vdev, int nr)
+{
+ vfio_probe_ati_bar4_window_quirk(vdev, nr);
+ vfio_probe_ati_bar2_4000_quirk(vdev, nr);
+ vfio_probe_nvidia_bar5_window_quirk(vdev, nr);
+ vfio_probe_nvidia_bar0_88000_quirk(vdev, nr);
+ vfio_probe_nvidia_bar0_1800_quirk(vdev, nr);
+}
+
+static void vfio_bar_quirk_teardown(VFIODevice *vdev, int nr)
+{
+ VFIOBAR *bar = &vdev->bars[nr];
+
+ while (!QLIST_EMPTY(&bar->quirks)) {
+ VFIOQuirk *quirk = QLIST_FIRST(&bar->quirks);
+ memory_region_del_subregion(&bar->mem, &quirk->mem);
+ QLIST_REMOVE(quirk, next);
+ g_free(quirk);
+ }
+}
+
+/*
+ * PCI config space
+ */
+static uint32_t vfio_pci_read_config(PCIDevice *pdev, uint32_t addr, int len)
+{
+ VFIODevice *vdev = DO_UPCAST(VFIODevice, pdev, pdev);
+ uint32_t emu_bits = 0, emu_val = 0, phys_val = 0, val;
+
+ memcpy(&emu_bits, vdev->emulated_config_bits + addr, len);
+ emu_bits = le32_to_cpu(emu_bits);
+
+ if (emu_bits) {
+ emu_val = pci_default_read_config(pdev, addr, len);
+ }
+
+ if (~emu_bits & (0xffffffffU >> (32 - len * 8))) {
+ ssize_t ret;
+
+ ret = pread(vdev->fd, &phys_val, len, vdev->config_offset + addr);
+ if (ret != len) {
+ error_report("%s(%04x:%02x:%02x.%x, 0x%x, 0x%x) failed: %m",
+ __func__, vdev->host.domain, vdev->host.bus,
+ vdev->host.slot, vdev->host.function, addr, len);
+ return -errno;
+ }
+ phys_val = le32_to_cpu(phys_val);
+ }
+
+ val = (emu_val & emu_bits) | (phys_val & ~emu_bits);
+
+ DPRINTF("%s(%04x:%02x:%02x.%x, @0x%x, len=0x%x) %x\n", __func__,
+ vdev->host.domain, vdev->host.bus, vdev->host.slot,
+ vdev->host.function, addr, len, val);
+
+ return val;
+}
+
+static void vfio_pci_write_config(PCIDevice *pdev, uint32_t addr,
+ uint32_t val, int len)
+{
+ VFIODevice *vdev = DO_UPCAST(VFIODevice, pdev, pdev);
+ uint32_t val_le = cpu_to_le32(val);
+
+ DPRINTF("%s(%04x:%02x:%02x.%x, @0x%x, 0x%x, len=0x%x)\n", __func__,
+ vdev->host.domain, vdev->host.bus, vdev->host.slot,
+ vdev->host.function, addr, val, len);
+
+ /* Write everything to VFIO, let it filter out what we can't write */
+ if (pwrite(vdev->fd, &val_le, len, vdev->config_offset + addr) != len) {
+ error_report("%s(%04x:%02x:%02x.%x, 0x%x, 0x%x, 0x%x) failed: %m",
+ __func__, vdev->host.domain, vdev->host.bus,
+ vdev->host.slot, vdev->host.function, addr, val, len);
+ }
+
+ /* MSI/MSI-X Enabling/Disabling */
+ if (pdev->cap_present & QEMU_PCI_CAP_MSI &&
+ ranges_overlap(addr, len, pdev->msi_cap, vdev->msi_cap_size)) {
+ int is_enabled, was_enabled = msi_enabled(pdev);
+
+ pci_default_write_config(pdev, addr, val, len);
+
+ is_enabled = msi_enabled(pdev);
+
+ if (!was_enabled && is_enabled) {
+ vfio_enable_msi(vdev);
+ } else if (was_enabled && !is_enabled) {
+ vfio_disable_msi(vdev);
+ }
+ } else if (pdev->cap_present & QEMU_PCI_CAP_MSIX &&
+ ranges_overlap(addr, len, pdev->msix_cap, MSIX_CAP_LENGTH)) {
+ int is_enabled, was_enabled = msix_enabled(pdev);
+
+ pci_default_write_config(pdev, addr, val, len);
+
+ is_enabled = msix_enabled(pdev);
+
+ if (!was_enabled && is_enabled) {
+ vfio_enable_msix(vdev);
+ } else if (was_enabled && !is_enabled) {
+ vfio_disable_msix(vdev);
+ }
+ } else {
+ /* Write everything to QEMU to keep emulated bits correct */
+ pci_default_write_config(pdev, addr, val, len);
+ }
+}
+
+/*
+ * DMA - Mapping and unmapping for the "type1" IOMMU interface used on x86
+ */
+static int vfio_dma_unmap(VFIOContainer *container,
+ hwaddr iova, ram_addr_t size)
+{
+ struct vfio_iommu_type1_dma_unmap unmap = {
+ .argsz = sizeof(unmap),
+ .flags = 0,
+ .iova = iova,
+ .size = size,
+ };
+
+ if (ioctl(container->fd, VFIO_IOMMU_UNMAP_DMA, &unmap)) {
+ DPRINTF("VFIO_UNMAP_DMA: %d\n", -errno);
+ return -errno;
+ }
+
+ return 0;
+}
+
+static int vfio_dma_map(VFIOContainer *container, hwaddr iova,
+ ram_addr_t size, void *vaddr, bool readonly)
+{
+ struct vfio_iommu_type1_dma_map map = {
+ .argsz = sizeof(map),
+ .flags = VFIO_DMA_MAP_FLAG_READ,
+ .vaddr = (__u64)(uintptr_t)vaddr,
+ .iova = iova,
+ .size = size,
+ };
+
+ if (!readonly) {
+ map.flags |= VFIO_DMA_MAP_FLAG_WRITE;
+ }
+
+ /*
+ * Try the mapping, if it fails with EBUSY, unmap the region and try
+ * again. This shouldn't be necessary, but we sometimes see it in
+ * the the VGA ROM space.
+ */
+ if (ioctl(container->fd, VFIO_IOMMU_MAP_DMA, &map) == 0 ||
+ (errno == EBUSY && vfio_dma_unmap(container, iova, size) == 0 &&
+ ioctl(container->fd, VFIO_IOMMU_MAP_DMA, &map) == 0)) {
+ return 0;
+ }
+
+ DPRINTF("VFIO_MAP_DMA: %d\n", -errno);
+ return -errno;
+}
+
+static bool vfio_listener_skipped_section(MemoryRegionSection *section)
+{
+ return !memory_region_is_ram(section->mr);
+}
+
+static void vfio_listener_region_add(MemoryListener *listener,
+ MemoryRegionSection *section)
+{
+ VFIOContainer *container = container_of(listener, VFIOContainer,
+ iommu_data.listener);
+ hwaddr iova, end;
+ void *vaddr;
+ int ret;
+
+ assert(!memory_region_is_iommu(section->mr));
+
+ if (vfio_listener_skipped_section(section)) {
+ DPRINTF("SKIPPING region_add %"HWADDR_PRIx" - %"PRIx64"\n",
+ section->offset_within_address_space,
+ section->offset_within_address_space + section->size - 1);
+ return;
+ }
+
+ if (unlikely((section->offset_within_address_space & ~TARGET_PAGE_MASK) !=
+ (section->offset_within_region & ~TARGET_PAGE_MASK))) {
+ error_report("%s received unaligned region", __func__);
+ return;
+ }
+
+ iova = TARGET_PAGE_ALIGN(section->offset_within_address_space);
+ end = (section->offset_within_address_space + int128_get64(section->size)) &
+ TARGET_PAGE_MASK;
+
+ if (iova >= end) {
+ return;
+ }
+
+ vaddr = memory_region_get_ram_ptr(section->mr) +
+ section->offset_within_region +
+ (iova - section->offset_within_address_space);
+
+ DPRINTF("region_add %"HWADDR_PRIx" - %"HWADDR_PRIx" [%p]\n",
+ iova, end - 1, vaddr);
+
+ memory_region_ref(section->mr);
+ ret = vfio_dma_map(container, iova, end - iova, vaddr, section->readonly);
+ if (ret) {
+ error_report("vfio_dma_map(%p, 0x%"HWADDR_PRIx", "
+ "0x%"HWADDR_PRIx", %p) = %d (%m)",
+ container, iova, end - iova, vaddr, ret);
+ }
+}
+
+static void vfio_listener_region_del(MemoryListener *listener,
+ MemoryRegionSection *section)
+{
+ VFIOContainer *container = container_of(listener, VFIOContainer,
+ iommu_data.listener);
+ hwaddr iova, end;
+ int ret;
+
+ if (vfio_listener_skipped_section(section)) {
+ DPRINTF("SKIPPING region_del %"HWADDR_PRIx" - %"PRIx64"\n",
+ section->offset_within_address_space,
+ section->offset_within_address_space + section->size - 1);
+ return;
+ }
+
+ if (unlikely((section->offset_within_address_space & ~TARGET_PAGE_MASK) !=
+ (section->offset_within_region & ~TARGET_PAGE_MASK))) {
+ error_report("%s received unaligned region", __func__);
+ return;
+ }
+
+ iova = TARGET_PAGE_ALIGN(section->offset_within_address_space);
+ end = (section->offset_within_address_space + int128_get64(section->size)) &
+ TARGET_PAGE_MASK;
+
+ if (iova >= end) {
+ return;
+ }
+
+ DPRINTF("region_del %"HWADDR_PRIx" - %"HWADDR_PRIx"\n",
+ iova, end - 1);
+
+ ret = vfio_dma_unmap(container, iova, end - iova);
+ memory_region_unref(section->mr);
+ if (ret) {
+ error_report("vfio_dma_unmap(%p, 0x%"HWADDR_PRIx", "
+ "0x%"HWADDR_PRIx") = %d (%m)",
+ container, iova, end - iova, ret);
+ }
+}
+
+static MemoryListener vfio_memory_listener = {
+ .region_add = vfio_listener_region_add,
+ .region_del = vfio_listener_region_del,
+};
+
+static void vfio_listener_release(VFIOContainer *container)
+{
+ memory_listener_unregister(&container->iommu_data.listener);
+}
+
+/*
+ * Interrupt setup
+ */
+static void vfio_disable_interrupts(VFIODevice *vdev)
+{
+ switch (vdev->interrupt) {
+ case VFIO_INT_INTx:
+ vfio_disable_intx(vdev);
+ break;
+ case VFIO_INT_MSI:
+ vfio_disable_msi(vdev);
+ break;
+ case VFIO_INT_MSIX:
+ vfio_disable_msix(vdev);
+ break;
+ }
+}
+
+static int vfio_setup_msi(VFIODevice *vdev, int pos)
+{
+ uint16_t ctrl;
+ bool msi_64bit, msi_maskbit;
+ int ret, entries;
+
+ if (pread(vdev->fd, &ctrl, sizeof(ctrl),
+ vdev->config_offset + pos + PCI_CAP_FLAGS) != sizeof(ctrl)) {
+ return -errno;
+ }
+ ctrl = le16_to_cpu(ctrl);
+
+ msi_64bit = !!(ctrl & PCI_MSI_FLAGS_64BIT);
+ msi_maskbit = !!(ctrl & PCI_MSI_FLAGS_MASKBIT);
+ entries = 1 << ((ctrl & PCI_MSI_FLAGS_QMASK) >> 1);
+
+ DPRINTF("%04x:%02x:%02x.%x PCI MSI CAP @0x%x\n", vdev->host.domain,
+ vdev->host.bus, vdev->host.slot, vdev->host.function, pos);
+
+ ret = msi_init(&vdev->pdev, pos, entries, msi_64bit, msi_maskbit);
+ if (ret < 0) {
+ if (ret == -ENOTSUP) {
+ return 0;
+ }
+ error_report("vfio: msi_init failed");
+ return ret;
+ }
+ vdev->msi_cap_size = 0xa + (msi_maskbit ? 0xa : 0) + (msi_64bit ? 0x4 : 0);
+
+ return 0;
+}
+
+/*
+ * We don't have any control over how pci_add_capability() inserts
+ * capabilities into the chain. In order to setup MSI-X we need a
+ * MemoryRegion for the BAR. In order to setup the BAR and not
+ * attempt to mmap the MSI-X table area, which VFIO won't allow, we
+ * need to first look for where the MSI-X table lives. So we
+ * unfortunately split MSI-X setup across two functions.
+ */
+static int vfio_early_setup_msix(VFIODevice *vdev)
+{
+ uint8_t pos;
+ uint16_t ctrl;
+ uint32_t table, pba;
+
+ pos = pci_find_capability(&vdev->pdev, PCI_CAP_ID_MSIX);
+ if (!pos) {
+ return 0;
+ }
+
+ if (pread(vdev->fd, &ctrl, sizeof(ctrl),
+ vdev->config_offset + pos + PCI_CAP_FLAGS) != sizeof(ctrl)) {
+ return -errno;
+ }
+
+ if (pread(vdev->fd, &table, sizeof(table),
+ vdev->config_offset + pos + PCI_MSIX_TABLE) != sizeof(table)) {
+ return -errno;
+ }
+
+ if (pread(vdev->fd, &pba, sizeof(pba),
+ vdev->config_offset + pos + PCI_MSIX_PBA) != sizeof(pba)) {
+ return -errno;
+ }
+
+ ctrl = le16_to_cpu(ctrl);
+ table = le32_to_cpu(table);
+ pba = le32_to_cpu(pba);
+
+ vdev->msix = g_malloc0(sizeof(*(vdev->msix)));
+ vdev->msix->table_bar = table & PCI_MSIX_FLAGS_BIRMASK;
+ vdev->msix->table_offset = table & ~PCI_MSIX_FLAGS_BIRMASK;
+ vdev->msix->pba_bar = pba & PCI_MSIX_FLAGS_BIRMASK;
+ vdev->msix->pba_offset = pba & ~PCI_MSIX_FLAGS_BIRMASK;
+ vdev->msix->entries = (ctrl & PCI_MSIX_FLAGS_QSIZE) + 1;
+
+ DPRINTF("%04x:%02x:%02x.%x "
+ "PCI MSI-X CAP @0x%x, BAR %d, offset 0x%x, entries %d\n",
+ vdev->host.domain, vdev->host.bus, vdev->host.slot,
+ vdev->host.function, pos, vdev->msix->table_bar,
+ vdev->msix->table_offset, vdev->msix->entries);
+
+ return 0;
+}
+
+static int vfio_setup_msix(VFIODevice *vdev, int pos)
+{
+ int ret;
+
+ ret = msix_init(&vdev->pdev, vdev->msix->entries,
+ &vdev->bars[vdev->msix->table_bar].mem,
+ vdev->msix->table_bar, vdev->msix->table_offset,
+ &vdev->bars[vdev->msix->pba_bar].mem,
+ vdev->msix->pba_bar, vdev->msix->pba_offset, pos);
+ if (ret < 0) {
+ if (ret == -ENOTSUP) {
+ return 0;
+ }
+ error_report("vfio: msix_init failed");
+ return ret;
+ }
+
+ return 0;
+}
+
+static void vfio_teardown_msi(VFIODevice *vdev)
+{
+ msi_uninit(&vdev->pdev);
+
+ if (vdev->msix) {
+ msix_uninit(&vdev->pdev, &vdev->bars[vdev->msix->table_bar].mem,
+ &vdev->bars[vdev->msix->pba_bar].mem);
+ }
+}
+
+/*
+ * Resource setup
+ */
+static void vfio_mmap_set_enabled(VFIODevice *vdev, bool enabled)
+{
+ int i;
+
+ for (i = 0; i < PCI_ROM_SLOT; i++) {
+ VFIOBAR *bar = &vdev->bars[i];
+
+ if (!bar->size) {
+ continue;
+ }
+
+ memory_region_set_enabled(&bar->mmap_mem, enabled);
+ if (vdev->msix && vdev->msix->table_bar == i) {
+ memory_region_set_enabled(&vdev->msix->mmap_mem, enabled);
+ }
+ }
+}
+
+static void vfio_unmap_bar(VFIODevice *vdev, int nr)
+{
+ VFIOBAR *bar = &vdev->bars[nr];
+
+ if (!bar->size) {
+ return;
+ }
+
+ vfio_bar_quirk_teardown(vdev, nr);
+
+ memory_region_del_subregion(&bar->mem, &bar->mmap_mem);
+ munmap(bar->mmap, memory_region_size(&bar->mmap_mem));
+
+ if (vdev->msix && vdev->msix->table_bar == nr) {
+ memory_region_del_subregion(&bar->mem, &vdev->msix->mmap_mem);
+ munmap(vdev->msix->mmap, memory_region_size(&vdev->msix->mmap_mem));
+ }
+
+ memory_region_destroy(&bar->mem);
+}
+
+static int vfio_mmap_bar(VFIODevice *vdev, VFIOBAR *bar,
+ MemoryRegion *mem, MemoryRegion *submem,
+ void **map, size_t size, off_t offset,
+ const char *name)
+{
+ int ret = 0;
+
+ if (VFIO_ALLOW_MMAP && size && bar->flags & VFIO_REGION_INFO_FLAG_MMAP) {
+ int prot = 0;
+
+ if (bar->flags & VFIO_REGION_INFO_FLAG_READ) {
+ prot |= PROT_READ;
+ }
+
+ if (bar->flags & VFIO_REGION_INFO_FLAG_WRITE) {
+ prot |= PROT_WRITE;
+ }
+
+ *map = mmap(NULL, size, prot, MAP_SHARED,
+ bar->fd, bar->fd_offset + offset);
+ if (*map == MAP_FAILED) {
+ *map = NULL;
+ ret = -errno;
+ goto empty_region;
+ }
+
+ memory_region_init_ram_ptr(submem, OBJECT(vdev), name, size, *map);
+ } else {
+empty_region:
+ /* Create a zero sized sub-region to make cleanup easy. */
+ memory_region_init(submem, OBJECT(vdev), name, 0);
+ }
+
+ memory_region_add_subregion(mem, offset, submem);
+
+ return ret;
+}
+
+static void vfio_map_bar(VFIODevice *vdev, int nr)
+{
+ VFIOBAR *bar = &vdev->bars[nr];
+ unsigned size = bar->size;
+ char name[64];
+ uint32_t pci_bar;
+ uint8_t type;
+ int ret;
+
+ /* Skip both unimplemented BARs and the upper half of 64bit BARS. */
+ if (!size) {
+ return;
+ }
+
+ snprintf(name, sizeof(name), "VFIO %04x:%02x:%02x.%x BAR %d",
+ vdev->host.domain, vdev->host.bus, vdev->host.slot,
+ vdev->host.function, nr);
+
+ /* Determine what type of BAR this is for registration */
+ ret = pread(vdev->fd, &pci_bar, sizeof(pci_bar),
+ vdev->config_offset + PCI_BASE_ADDRESS_0 + (4 * nr));
+ if (ret != sizeof(pci_bar)) {
+ error_report("vfio: Failed to read BAR %d (%m)", nr);
+ return;
+ }
+
+ pci_bar = le32_to_cpu(pci_bar);
+ bar->ioport = (pci_bar & PCI_BASE_ADDRESS_SPACE_IO);
+ bar->mem64 = bar->ioport ? 0 : (pci_bar & PCI_BASE_ADDRESS_MEM_TYPE_64);
+ type = pci_bar & (bar->ioport ? ~PCI_BASE_ADDRESS_IO_MASK :
+ ~PCI_BASE_ADDRESS_MEM_MASK);
+
+ /* A "slow" read/write mapping underlies all BARs */
+ memory_region_init_io(&bar->mem, OBJECT(vdev), &vfio_bar_ops,
+ bar, name, size);
+ pci_register_bar(&vdev->pdev, nr, type, &bar->mem);
+
+ /*
+ * We can't mmap areas overlapping the MSIX vector table, so we
+ * potentially insert a direct-mapped subregion before and after it.
+ */
+ if (vdev->msix && vdev->msix->table_bar == nr) {
+ size = vdev->msix->table_offset & TARGET_PAGE_MASK;
+ }
+
+ strncat(name, " mmap", sizeof(name) - strlen(name) - 1);
+ if (vfio_mmap_bar(vdev, bar, &bar->mem,
+ &bar->mmap_mem, &bar->mmap, size, 0, name)) {
+ error_report("%s unsupported. Performance may be slow", name);
+ }
+
+ if (vdev->msix && vdev->msix->table_bar == nr) {
+ unsigned start;
+
+ start = TARGET_PAGE_ALIGN(vdev->msix->table_offset +
+ (vdev->msix->entries * PCI_MSIX_ENTRY_SIZE));
+
+ size = start < bar->size ? bar->size - start : 0;
+ strncat(name, " msix-hi", sizeof(name) - strlen(name) - 1);
+ /* VFIOMSIXInfo contains another MemoryRegion for this mapping */
+ if (vfio_mmap_bar(vdev, bar, &bar->mem, &vdev->msix->mmap_mem,
+ &vdev->msix->mmap, size, start, name)) {
+ error_report("%s unsupported. Performance may be slow", name);
+ }
+ }
+
+ vfio_bar_quirk_setup(vdev, nr);
+}
+
+static void vfio_map_bars(VFIODevice *vdev)
+{
+ int i;
+
+ for (i = 0; i < PCI_ROM_SLOT; i++) {
+ vfio_map_bar(vdev, i);
+ }
+
+ if (vdev->has_vga) {
+ memory_region_init_io(&vdev->vga.region[QEMU_PCI_VGA_MEM].mem,
+ OBJECT(vdev), &vfio_vga_ops,
+ &vdev->vga.region[QEMU_PCI_VGA_MEM],
+ "vfio-vga-mmio@0xa0000",
+ QEMU_PCI_VGA_MEM_SIZE);
+ memory_region_init_io(&vdev->vga.region[QEMU_PCI_VGA_IO_LO].mem,
+ OBJECT(vdev), &vfio_vga_ops,
+ &vdev->vga.region[QEMU_PCI_VGA_IO_LO],
+ "vfio-vga-io@0x3b0",
+ QEMU_PCI_VGA_IO_LO_SIZE);
+ memory_region_init_io(&vdev->vga.region[QEMU_PCI_VGA_IO_HI].mem,
+ OBJECT(vdev), &vfio_vga_ops,
+ &vdev->vga.region[QEMU_PCI_VGA_IO_HI],
+ "vfio-vga-io@0x3c0",
+ QEMU_PCI_VGA_IO_HI_SIZE);
+
+ pci_register_vga(&vdev->pdev, &vdev->vga.region[QEMU_PCI_VGA_MEM].mem,
+ &vdev->vga.region[QEMU_PCI_VGA_IO_LO].mem,
+ &vdev->vga.region[QEMU_PCI_VGA_IO_HI].mem);
+ vfio_vga_quirk_setup(vdev);
+ }
+}
+
+static void vfio_unmap_bars(VFIODevice *vdev)
+{
+ int i;
+
+ for (i = 0; i < PCI_ROM_SLOT; i++) {
+ vfio_unmap_bar(vdev, i);
+ }
+
+ if (vdev->has_vga) {
+ vfio_vga_quirk_teardown(vdev);
+ pci_unregister_vga(&vdev->pdev);
+ memory_region_destroy(&vdev->vga.region[QEMU_PCI_VGA_MEM].mem);
+ memory_region_destroy(&vdev->vga.region[QEMU_PCI_VGA_IO_LO].mem);
+ memory_region_destroy(&vdev->vga.region[QEMU_PCI_VGA_IO_HI].mem);
+ }
+}
+
+/*
+ * General setup
+ */
+static uint8_t vfio_std_cap_max_size(PCIDevice *pdev, uint8_t pos)
+{
+ uint8_t tmp, next = 0xff;
+
+ for (tmp = pdev->config[PCI_CAPABILITY_LIST]; tmp;
+ tmp = pdev->config[tmp + 1]) {
+ if (tmp > pos && tmp < next) {
+ next = tmp;
+ }
+ }
+
+ return next - pos;
+}
+
+static void vfio_set_word_bits(uint8_t *buf, uint16_t val, uint16_t mask)
+{
+ pci_set_word(buf, (pci_get_word(buf) & ~mask) | val);
+}
+
+static void vfio_add_emulated_word(VFIODevice *vdev, int pos,
+ uint16_t val, uint16_t mask)
+{
+ vfio_set_word_bits(vdev->pdev.config + pos, val, mask);
+ vfio_set_word_bits(vdev->pdev.wmask + pos, ~mask, mask);
+ vfio_set_word_bits(vdev->emulated_config_bits + pos, mask, mask);
+}
+
+static void vfio_set_long_bits(uint8_t *buf, uint32_t val, uint32_t mask)
+{
+ pci_set_long(buf, (pci_get_long(buf) & ~mask) | val);
+}
+
+static void vfio_add_emulated_long(VFIODevice *vdev, int pos,
+ uint32_t val, uint32_t mask)
+{
+ vfio_set_long_bits(vdev->pdev.config + pos, val, mask);
+ vfio_set_long_bits(vdev->pdev.wmask + pos, ~mask, mask);
+ vfio_set_long_bits(vdev->emulated_config_bits + pos, mask, mask);
+}
+
+static int vfio_setup_pcie_cap(VFIODevice *vdev, int pos, uint8_t size)
+{
+ uint16_t flags;
+ uint8_t type;
+
+ flags = pci_get_word(vdev->pdev.config + pos + PCI_CAP_FLAGS);
+ type = (flags & PCI_EXP_FLAGS_TYPE) >> 4;
+
+ if (type != PCI_EXP_TYPE_ENDPOINT &&
+ type != PCI_EXP_TYPE_LEG_END &&
+ type != PCI_EXP_TYPE_RC_END) {
+
+ error_report("vfio: Assignment of PCIe type 0x%x "
+ "devices is not currently supported", type);
+ return -EINVAL;
+ }
+
+ if (!pci_bus_is_express(vdev->pdev.bus)) {
+ /*
+ * Use express capability as-is on PCI bus. It doesn't make much
+ * sense to even expose, but some drivers (ex. tg3) depend on it
+ * and guests don't seem to be particular about it. We'll need
+ * to revist this or force express devices to express buses if we
+ * ever expose an IOMMU to the guest.
+ */
+ } else if (pci_bus_is_root(vdev->pdev.bus)) {
+ /*
+ * On a Root Complex bus Endpoints become Root Complex Integrated
+ * Endpoints, which changes the type and clears the LNK & LNK2 fields.
+ */
+ if (type == PCI_EXP_TYPE_ENDPOINT) {
+ vfio_add_emulated_word(vdev, pos + PCI_CAP_FLAGS,
+ PCI_EXP_TYPE_RC_END << 4,
+ PCI_EXP_FLAGS_TYPE);
+
+ /* Link Capabilities, Status, and Control goes away */
+ if (size > PCI_EXP_LNKCTL) {
+ vfio_add_emulated_long(vdev, pos + PCI_EXP_LNKCAP, 0, ~0);
+ vfio_add_emulated_word(vdev, pos + PCI_EXP_LNKCTL, 0, ~0);
+ vfio_add_emulated_word(vdev, pos + PCI_EXP_LNKSTA, 0, ~0);
+
+#ifndef PCI_EXP_LNKCAP2
+#define PCI_EXP_LNKCAP2 44
+#endif
+#ifndef PCI_EXP_LNKSTA2
+#define PCI_EXP_LNKSTA2 50
+#endif
+ /* Link 2 Capabilities, Status, and Control goes away */
+ if (size > PCI_EXP_LNKCAP2) {
+ vfio_add_emulated_long(vdev, pos + PCI_EXP_LNKCAP2, 0, ~0);
+ vfio_add_emulated_word(vdev, pos + PCI_EXP_LNKCTL2, 0, ~0);
+ vfio_add_emulated_word(vdev, pos + PCI_EXP_LNKSTA2, 0, ~0);
+ }
+ }
+
+ } else if (type == PCI_EXP_TYPE_LEG_END) {
+ /*
+ * Legacy endpoints don't belong on the root complex. Windows
+ * seems to be happier with devices if we skip the capability.
+ */
+ return 0;
+ }
+
+ } else {
+ /*
+ * Convert Root Complex Integrated Endpoints to regular endpoints.
+ * These devices don't support LNK/LNK2 capabilities, so make them up.
+ */
+ if (type == PCI_EXP_TYPE_RC_END) {
+ vfio_add_emulated_word(vdev, pos + PCI_CAP_FLAGS,
+ PCI_EXP_TYPE_ENDPOINT << 4,
+ PCI_EXP_FLAGS_TYPE);
+ vfio_add_emulated_long(vdev, pos + PCI_EXP_LNKCAP,
+ PCI_EXP_LNK_MLW_1 | PCI_EXP_LNK_LS_25, ~0);
+ vfio_add_emulated_word(vdev, pos + PCI_EXP_LNKCTL, 0, ~0);
+ }
+
+ /* Mark the Link Status bits as emulated to allow virtual negotiation */
+ vfio_add_emulated_word(vdev, pos + PCI_EXP_LNKSTA,
+ pci_get_word(vdev->pdev.config + pos +
+ PCI_EXP_LNKSTA),
+ PCI_EXP_LNKCAP_MLW | PCI_EXP_LNKCAP_SLS);
+ }
+
+ pos = pci_add_capability(&vdev->pdev, PCI_CAP_ID_EXP, pos, size);
+ if (pos >= 0) {
+ vdev->pdev.exp.exp_cap = pos;
+ }
+
+ return pos;
+}
+
+static int vfio_add_std_cap(VFIODevice *vdev, uint8_t pos)
+{
+ PCIDevice *pdev = &vdev->pdev;
+ uint8_t cap_id, next, size;
+ int ret;
+
+ cap_id = pdev->config[pos];
+ next = pdev->config[pos + 1];
+
+ /*
+ * If it becomes important to configure capabilities to their actual
+ * size, use this as the default when it's something we don't recognize.
+ * Since QEMU doesn't actually handle many of the config accesses,
+ * exact size doesn't seem worthwhile.
+ */
+ size = vfio_std_cap_max_size(pdev, pos);
+
+ /*
+ * pci_add_capability always inserts the new capability at the head
+ * of the chain. Therefore to end up with a chain that matches the
+ * physical device, we insert from the end by making this recursive.
+ * This is also why we pre-caclulate size above as cached config space
+ * will be changed as we unwind the stack.
+ */
+ if (next) {
+ ret = vfio_add_std_cap(vdev, next);
+ if (ret) {
+ return ret;
+ }
+ } else {
+ /* Begin the rebuild, use QEMU emulated list bits */
+ pdev->config[PCI_CAPABILITY_LIST] = 0;
+ vdev->emulated_config_bits[PCI_CAPABILITY_LIST] = 0xff;
+ vdev->emulated_config_bits[PCI_STATUS] |= PCI_STATUS_CAP_LIST;
+ }
+
+ /* Use emulated next pointer to allow dropping caps */
+ pci_set_byte(vdev->emulated_config_bits + pos + 1, 0xff);
+
+ switch (cap_id) {
+ case PCI_CAP_ID_MSI:
+ ret = vfio_setup_msi(vdev, pos);
+ break;
+ case PCI_CAP_ID_EXP:
+ ret = vfio_setup_pcie_cap(vdev, pos, size);
+ break;
+ case PCI_CAP_ID_MSIX:
+ ret = vfio_setup_msix(vdev, pos);
+ break;
+ case PCI_CAP_ID_PM:
+ vdev->pm_cap = pos;
+ default:
+ ret = pci_add_capability(pdev, cap_id, pos, size);
+ break;
+ }
+
+ if (ret < 0) {
+ error_report("vfio: %04x:%02x:%02x.%x Error adding PCI capability "
+ "0x%x[0x%x]@0x%x: %d", vdev->host.domain,
+ vdev->host.bus, vdev->host.slot, vdev->host.function,
+ cap_id, size, pos, ret);
+ return ret;
+ }
+
+ return 0;
+}
+
+static int vfio_add_capabilities(VFIODevice *vdev)
+{
+ PCIDevice *pdev = &vdev->pdev;
+
+ if (!(pdev->config[PCI_STATUS] & PCI_STATUS_CAP_LIST) ||
+ !pdev->config[PCI_CAPABILITY_LIST]) {
+ return 0; /* Nothing to add */
+ }
+
+ return vfio_add_std_cap(vdev, pdev->config[PCI_CAPABILITY_LIST]);
+}
+
+static int vfio_load_rom(VFIODevice *vdev)
+{
+ uint64_t size = vdev->rom_size;
+ char name[32];
+ off_t off = 0, voff = vdev->rom_offset;
+ ssize_t bytes;
+ void *ptr;
+
+ /* If loading ROM from file, pci handles it */
+ if (vdev->pdev.romfile || !vdev->pdev.rom_bar || !size) {
+ return 0;
+ }
+
+ DPRINTF("%s(%04x:%02x:%02x.%x)\n", __func__, vdev->host.domain,
+ vdev->host.bus, vdev->host.slot, vdev->host.function);
+
+ snprintf(name, sizeof(name), "vfio[%04x:%02x:%02x.%x].rom",
+ vdev->host.domain, vdev->host.bus, vdev->host.slot,
+ vdev->host.function);
+ memory_region_init_ram(&vdev->pdev.rom, OBJECT(vdev), name, size);
+ ptr = memory_region_get_ram_ptr(&vdev->pdev.rom);
+ memset(ptr, 0xff, size);
+
+ while (size) {
+ bytes = pread(vdev->fd, ptr + off, size, voff + off);
+ if (bytes == 0) {
+ break; /* expect that we could get back less than the ROM BAR */
+ } else if (bytes > 0) {
+ off += bytes;
+ size -= bytes;
+ } else {
+ if (errno == EINTR || errno == EAGAIN) {
+ continue;
+ }
+ error_report("vfio: Error reading device ROM: %m");
+ memory_region_destroy(&vdev->pdev.rom);
+ return -errno;
+ }
+ }
+
+ pci_register_bar(&vdev->pdev, PCI_ROM_SLOT, 0, &vdev->pdev.rom);
+ vdev->pdev.has_rom = true;
+ return 0;
+}
+
+static int vfio_connect_container(VFIOGroup *group)
+{
+ VFIOContainer *container;
+ int ret, fd;
+
+ if (group->container) {
+ return 0;
+ }
+
+ QLIST_FOREACH(container, &container_list, next) {
+ if (!ioctl(group->fd, VFIO_GROUP_SET_CONTAINER, &container->fd)) {
+ group->container = container;
+ QLIST_INSERT_HEAD(&container->group_list, group, container_next);
+ return 0;
+ }
+ }
+
+ fd = qemu_open("/dev/vfio/vfio", O_RDWR);
+ if (fd < 0) {
+ error_report("vfio: failed to open /dev/vfio/vfio: %m");
+ return -errno;
+ }
+
+ ret = ioctl(fd, VFIO_GET_API_VERSION);
+ if (ret != VFIO_API_VERSION) {
+ error_report("vfio: supported vfio version: %d, "
+ "reported version: %d", VFIO_API_VERSION, ret);
+ close(fd);
+ return -EINVAL;
+ }
+
+ container = g_malloc0(sizeof(*container));
+ container->fd = fd;
+
+ if (ioctl(fd, VFIO_CHECK_EXTENSION, VFIO_TYPE1_IOMMU)) {
+ ret = ioctl(group->fd, VFIO_GROUP_SET_CONTAINER, &fd);
+ if (ret) {
+ error_report("vfio: failed to set group container: %m");
+ g_free(container);
+ close(fd);
+ return -errno;
+ }
+
+ ret = ioctl(fd, VFIO_SET_IOMMU, VFIO_TYPE1_IOMMU);
+ if (ret) {
+ error_report("vfio: failed to set iommu for container: %m");
+ g_free(container);
+ close(fd);
+ return -errno;
+ }
+
+ container->iommu_data.listener = vfio_memory_listener;
+ container->iommu_data.release = vfio_listener_release;
+
+ memory_listener_register(&container->iommu_data.listener, &address_space_memory);
+ } else {
+ error_report("vfio: No available IOMMU models");
+ g_free(container);
+ close(fd);
+ return -EINVAL;
+ }
+
+ QLIST_INIT(&container->group_list);
+ QLIST_INSERT_HEAD(&container_list, container, next);
+
+ group->container = container;
+ QLIST_INSERT_HEAD(&container->group_list, group, container_next);
+
+ return 0;
+}
+
+static void vfio_disconnect_container(VFIOGroup *group)
+{
+ VFIOContainer *container = group->container;
+
+ if (ioctl(group->fd, VFIO_GROUP_UNSET_CONTAINER, &container->fd)) {
+ error_report("vfio: error disconnecting group %d from container",
+ group->groupid);
+ }
+
+ QLIST_REMOVE(group, container_next);
+ group->container = NULL;
+
+ if (QLIST_EMPTY(&container->group_list)) {
+ if (container->iommu_data.release) {
+ container->iommu_data.release(container);
+ }
+ QLIST_REMOVE(container, next);
+ DPRINTF("vfio_disconnect_container: close container->fd\n");
+ close(container->fd);
+ g_free(container);
+ }
+}
+
+static VFIOGroup *vfio_get_group(int groupid)
+{
+ VFIOGroup *group;
+ char path[32];
+ struct vfio_group_status status = { .argsz = sizeof(status) };
+
+ QLIST_FOREACH(group, &group_list, next) {
+ if (group->groupid == groupid) {
+ return group;
+ }
+ }
+
+ group = g_malloc0(sizeof(*group));
+
+ snprintf(path, sizeof(path), "/dev/vfio/%d", groupid);
+ group->fd = qemu_open(path, O_RDWR);
+ if (group->fd < 0) {
+ error_report("vfio: error opening %s: %m", path);
+ g_free(group);
+ return NULL;
+ }
+
+ if (ioctl(group->fd, VFIO_GROUP_GET_STATUS, &status)) {
+ error_report("vfio: error getting group status: %m");
+ close(group->fd);
+ g_free(group);
+ return NULL;
+ }
+
+ if (!(status.flags & VFIO_GROUP_FLAGS_VIABLE)) {
+ error_report("vfio: error, group %d is not viable, please ensure "
+ "all devices within the iommu_group are bound to their "
+ "vfio bus driver.", groupid);
+ close(group->fd);
+ g_free(group);
+ return NULL;
+ }
+
+ group->groupid = groupid;
+ QLIST_INIT(&group->device_list);
+
+ if (vfio_connect_container(group)) {
+ error_report("vfio: failed to setup container for group %d", groupid);
+ close(group->fd);
+ g_free(group);
+ return NULL;
+ }
+
+ QLIST_INSERT_HEAD(&group_list, group, next);
+
+ return group;
+}
+
+static void vfio_put_group(VFIOGroup *group)
+{
+ if (!QLIST_EMPTY(&group->device_list)) {
+ return;
+ }
+
+ vfio_disconnect_container(group);
+ QLIST_REMOVE(group, next);
+ DPRINTF("vfio_put_group: close group->fd\n");
+ close(group->fd);
+ g_free(group);
+}
+
+static int vfio_get_device(VFIOGroup *group, const char *name, VFIODevice *vdev)
+{
+ struct vfio_device_info dev_info = { .argsz = sizeof(dev_info) };
+ struct vfio_region_info reg_info = { .argsz = sizeof(reg_info) };
+ struct vfio_irq_info irq_info = { .argsz = sizeof(irq_info) };
+ int ret, i;
+
+ ret = ioctl(group->fd, VFIO_GROUP_GET_DEVICE_FD, name);
+ if (ret < 0) {
+ error_report("vfio: error getting device %s from group %d: %m",
+ name, group->groupid);
+ error_printf("Verify all devices in group %d are bound to vfio-pci "
+ "or pci-stub and not already in use\n", group->groupid);
+ return ret;
+ }
+
+ vdev->fd = ret;
+ vdev->group = group;
+ QLIST_INSERT_HEAD(&group->device_list, vdev, next);
+
+ /* Sanity check device */
+ ret = ioctl(vdev->fd, VFIO_DEVICE_GET_INFO, &dev_info);
+ if (ret) {
+ error_report("vfio: error getting device info: %m");
+ goto error;
+ }
+
+ DPRINTF("Device %s flags: %u, regions: %u, irgs: %u\n", name,
+ dev_info.flags, dev_info.num_regions, dev_info.num_irqs);
+
+ if (!(dev_info.flags & VFIO_DEVICE_FLAGS_PCI)) {
+ error_report("vfio: Um, this isn't a PCI device");
+ goto error;
+ }
+
+ vdev->reset_works = !!(dev_info.flags & VFIO_DEVICE_FLAGS_RESET);
+ if (!vdev->reset_works) {
+ error_report("Warning, device %s does not support reset", name);
+ }
+
+ if (dev_info.num_regions < VFIO_PCI_CONFIG_REGION_INDEX + 1) {
+ error_report("vfio: unexpected number of io regions %u",
+ dev_info.num_regions);
+ goto error;
+ }
+
+ if (dev_info.num_irqs < VFIO_PCI_MSIX_IRQ_INDEX + 1) {
+ error_report("vfio: unexpected number of irqs %u", dev_info.num_irqs);
+ goto error;
+ }
+
+ for (i = VFIO_PCI_BAR0_REGION_INDEX; i < VFIO_PCI_ROM_REGION_INDEX; i++) {
+ reg_info.index = i;
+
+ ret = ioctl(vdev->fd, VFIO_DEVICE_GET_REGION_INFO, &reg_info);
+ if (ret) {
+ error_report("vfio: Error getting region %d info: %m", i);
+ goto error;
+ }
+
+ DPRINTF("Device %s region %d:\n", name, i);
+ DPRINTF(" size: 0x%lx, offset: 0x%lx, flags: 0x%lx\n",
+ (unsigned long)reg_info.size, (unsigned long)reg_info.offset,
+ (unsigned long)reg_info.flags);
+
+ vdev->bars[i].flags = reg_info.flags;
+ vdev->bars[i].size = reg_info.size;
+ vdev->bars[i].fd_offset = reg_info.offset;
+ vdev->bars[i].fd = vdev->fd;
+ vdev->bars[i].nr = i;
+ QLIST_INIT(&vdev->bars[i].quirks);
+ }
+
+ reg_info.index = VFIO_PCI_ROM_REGION_INDEX;
+
+ ret = ioctl(vdev->fd, VFIO_DEVICE_GET_REGION_INFO, &reg_info);
+ if (ret) {
+ error_report("vfio: Error getting ROM info: %m");
+ goto error;
+ }
+
+ DPRINTF("Device %s ROM:\n", name);
+ DPRINTF(" size: 0x%lx, offset: 0x%lx, flags: 0x%lx\n",
+ (unsigned long)reg_info.size, (unsigned long)reg_info.offset,
+ (unsigned long)reg_info.flags);
+
+ vdev->rom_size = reg_info.size;
+ vdev->rom_offset = reg_info.offset;
+
+ reg_info.index = VFIO_PCI_CONFIG_REGION_INDEX;
+
+ ret = ioctl(vdev->fd, VFIO_DEVICE_GET_REGION_INFO, &reg_info);
+ if (ret) {
+ error_report("vfio: Error getting config info: %m");
+ goto error;
+ }
+
+ DPRINTF("Device %s config:\n", name);
+ DPRINTF(" size: 0x%lx, offset: 0x%lx, flags: 0x%lx\n",
+ (unsigned long)reg_info.size, (unsigned long)reg_info.offset,
+ (unsigned long)reg_info.flags);
+
+ vdev->config_size = reg_info.size;
+ if (vdev->config_size == PCI_CONFIG_SPACE_SIZE) {
+ vdev->pdev.cap_present &= ~QEMU_PCI_CAP_EXPRESS;
+ }
+ vdev->config_offset = reg_info.offset;
+
+ if ((vdev->features & VFIO_FEATURE_ENABLE_VGA) &&
+ dev_info.num_regions > VFIO_PCI_VGA_REGION_INDEX) {
+ struct vfio_region_info vga_info = {
+ .argsz = sizeof(vga_info),
+ .index = VFIO_PCI_VGA_REGION_INDEX,
+ };
+
+ ret = ioctl(vdev->fd, VFIO_DEVICE_GET_REGION_INFO, &vga_info);
+ if (ret) {
+ error_report(
+ "vfio: Device does not support requested feature x-vga");
+ goto error;
+ }
+
+ if (!(vga_info.flags & VFIO_REGION_INFO_FLAG_READ) ||
+ !(vga_info.flags & VFIO_REGION_INFO_FLAG_WRITE) ||
+ vga_info.size < 0xbffff + 1) {
+ error_report("vfio: Unexpected VGA info, flags 0x%lx, size 0x%lx",
+ (unsigned long)vga_info.flags,
+ (unsigned long)vga_info.size);
+ goto error;
+ }
+
+ vdev->vga.fd_offset = vga_info.offset;
+ vdev->vga.fd = vdev->fd;
+
+ vdev->vga.region[QEMU_PCI_VGA_MEM].offset = QEMU_PCI_VGA_MEM_BASE;
+ vdev->vga.region[QEMU_PCI_VGA_MEM].nr = QEMU_PCI_VGA_MEM;
+ QLIST_INIT(&vdev->vga.region[QEMU_PCI_VGA_MEM].quirks);
+
+ vdev->vga.region[QEMU_PCI_VGA_IO_LO].offset = QEMU_PCI_VGA_IO_LO_BASE;
+ vdev->vga.region[QEMU_PCI_VGA_IO_LO].nr = QEMU_PCI_VGA_IO_LO;
+ QLIST_INIT(&vdev->vga.region[QEMU_PCI_VGA_IO_LO].quirks);
+
+ vdev->vga.region[QEMU_PCI_VGA_IO_HI].offset = QEMU_PCI_VGA_IO_HI_BASE;
+ vdev->vga.region[QEMU_PCI_VGA_IO_HI].nr = QEMU_PCI_VGA_IO_HI;
+ QLIST_INIT(&vdev->vga.region[QEMU_PCI_VGA_IO_HI].quirks);
+
+ vdev->has_vga = true;
+ }
+ irq_info.index = VFIO_PCI_ERR_IRQ_INDEX;
+
+ ret = ioctl(vdev->fd, VFIO_DEVICE_GET_IRQ_INFO, &irq_info);
+ if (ret) {
+ /* This can fail for an old kernel or legacy PCI dev */
+ DPRINTF("VFIO_DEVICE_GET_IRQ_INFO failure ret=%d\n", ret);
+ ret = 0;
+ } else if (irq_info.count == 1) {
+ vdev->pci_aer = true;
+ } else {
+ error_report("vfio: Warning: "
+ "Could not enable error recovery for the device\n");
+ }
+
+error:
+ if (ret) {
+ QLIST_REMOVE(vdev, next);
+ vdev->group = NULL;
+ close(vdev->fd);
+ }
+ return ret;
+}
+
+static void vfio_put_device(VFIODevice *vdev)
+{
+ QLIST_REMOVE(vdev, next);
+ vdev->group = NULL;
+ DPRINTF("vfio_put_device: close vdev->fd\n");
+ close(vdev->fd);
+ if (vdev->msix) {
+ g_free(vdev->msix);
+ vdev->msix = NULL;
+ }
+}
+
+static void vfio_err_notifier_handler(void *opaque)
+{
+ VFIODevice *vdev = opaque;
+
+ if (!event_notifier_test_and_clear(&vdev->err_notifier)) {
+ return;
+ }
+
+ /*
+ * TBD. Retrieve the error details and decide what action
+ * needs to be taken. One of the actions could be to pass
+ * the error to the guest and have the guest driver recover
+ * from the error. This requires that PCIe capabilities be
+ * exposed to the guest. For now, we just terminate the
+ * guest to contain the error.
+ */
+
+ error_report("%s (%04x:%02x:%02x.%x)"
+ "Unrecoverable error detected...\n"
+ "Please collect any data possible and then kill the guest",
+ __func__, vdev->host.domain, vdev->host.bus,
+ vdev->host.slot, vdev->host.function);
+
+ vm_stop(RUN_STATE_IO_ERROR);
+}
+
+/*
+ * Registers error notifier for devices supporting error recovery.
+ * If we encounter a failure in this function, we report an error
+ * and continue after disabling error recovery support for the
+ * device.
+ */
+static void vfio_register_err_notifier(VFIODevice *vdev)
+{
+ int ret;
+ int argsz;
+ struct vfio_irq_set *irq_set;
+ int32_t *pfd;
+
+ if (!vdev->pci_aer) {
+ return;
+ }
+
+ if (event_notifier_init(&vdev->err_notifier, 0)) {
+ error_report("vfio: Warning: "
+ "Unable to init event notifier for error detection\n");
+ vdev->pci_aer = false;
+ return;
+ }
+
+ argsz = sizeof(*irq_set) + sizeof(*pfd);
+
+ irq_set = g_malloc0(argsz);
+ irq_set->argsz = argsz;
+ irq_set->flags = VFIO_IRQ_SET_DATA_EVENTFD |
+ VFIO_IRQ_SET_ACTION_TRIGGER;
+ irq_set->index = VFIO_PCI_ERR_IRQ_INDEX;
+ irq_set->start = 0;
+ irq_set->count = 1;
+ pfd = (int32_t *)&irq_set->data;
+
+ *pfd = event_notifier_get_fd(&vdev->err_notifier);
+ qemu_set_fd_handler(*pfd, vfio_err_notifier_handler, NULL, vdev);
+
+ ret = ioctl(vdev->fd, VFIO_DEVICE_SET_IRQS, irq_set);
+ if (ret) {
+ error_report("vfio: Failed to set up error notification\n");
+ qemu_set_fd_handler(*pfd, NULL, NULL, vdev);
+ event_notifier_cleanup(&vdev->err_notifier);
+ vdev->pci_aer = false;
+ }
+ g_free(irq_set);
+}
+
+static void vfio_unregister_err_notifier(VFIODevice *vdev)
+{
+ int argsz;
+ struct vfio_irq_set *irq_set;
+ int32_t *pfd;
+ int ret;
+
+ if (!vdev->pci_aer) {
+ return;
+ }
+
+ argsz = sizeof(*irq_set) + sizeof(*pfd);
+
+ irq_set = g_malloc0(argsz);
+ irq_set->argsz = argsz;
+ irq_set->flags = VFIO_IRQ_SET_DATA_EVENTFD |
+ VFIO_IRQ_SET_ACTION_TRIGGER;
+ irq_set->index = VFIO_PCI_ERR_IRQ_INDEX;
+ irq_set->start = 0;
+ irq_set->count = 1;
+ pfd = (int32_t *)&irq_set->data;
+ *pfd = -1;
+
+ ret = ioctl(vdev->fd, VFIO_DEVICE_SET_IRQS, irq_set);
+ if (ret) {
+ error_report("vfio: Failed to de-assign error fd: %d\n", ret);
+ }
+ g_free(irq_set);
+ qemu_set_fd_handler(event_notifier_get_fd(&vdev->err_notifier),
+ NULL, NULL, vdev);
+ event_notifier_cleanup(&vdev->err_notifier);
+}
+
+static int vfio_initfn(PCIDevice *pdev)
+{
+ VFIODevice *pvdev, *vdev = DO_UPCAST(VFIODevice, pdev, pdev);
+ VFIOGroup *group;
+ char path[PATH_MAX], iommu_group_path[PATH_MAX], *group_name;
+ ssize_t len;
+ struct stat st;
+ int groupid;
+ int ret;
+
+ /* Check that the host device exists */
+ snprintf(path, sizeof(path),
+ "/sys/bus/pci/devices/%04x:%02x:%02x.%01x/",
+ vdev->host.domain, vdev->host.bus, vdev->host.slot,
+ vdev->host.function);
+ if (stat(path, &st) < 0) {
+ error_report("vfio: error: no such host device: %s", path);
+ return -errno;
+ }
+
+ strncat(path, "iommu_group", sizeof(path) - strlen(path) - 1);
+
+ len = readlink(path, iommu_group_path, PATH_MAX);
+ if (len <= 0) {
+ error_report("vfio: error no iommu_group for device");
+ return -errno;
+ }
+
+ iommu_group_path[len] = 0;
+ group_name = basename(iommu_group_path);
+
+ if (sscanf(group_name, "%d", &groupid) != 1) {
+ error_report("vfio: error reading %s: %m", path);
+ return -errno;
+ }
+
+ DPRINTF("%s(%04x:%02x:%02x.%x) group %d\n", __func__, vdev->host.domain,
+ vdev->host.bus, vdev->host.slot, vdev->host.function, groupid);
+
+ group = vfio_get_group(groupid);
+ if (!group) {
+ error_report("vfio: failed to get group %d", groupid);
+ return -ENOENT;
+ }
+
+ snprintf(path, sizeof(path), "%04x:%02x:%02x.%01x",
+ vdev->host.domain, vdev->host.bus, vdev->host.slot,
+ vdev->host.function);
+
+ QLIST_FOREACH(pvdev, &group->device_list, next) {
+ if (pvdev->host.domain == vdev->host.domain &&
+ pvdev->host.bus == vdev->host.bus &&
+ pvdev->host.slot == vdev->host.slot &&
+ pvdev->host.function == vdev->host.function) {
+
+ error_report("vfio: error: device %s is already attached", path);
+ vfio_put_group(group);
+ return -EBUSY;
+ }
+ }
+
+ ret = vfio_get_device(group, path, vdev);
+ if (ret) {
+ error_report("vfio: failed to get device %s", path);
+ vfio_put_group(group);
+ return ret;
+ }
+
+ /* Get a copy of config space */
+ ret = pread(vdev->fd, vdev->pdev.config,
+ MIN(pci_config_size(&vdev->pdev), vdev->config_size),
+ vdev->config_offset);
+ if (ret < (int)MIN(pci_config_size(&vdev->pdev), vdev->config_size)) {
+ ret = ret < 0 ? -errno : -EFAULT;
+ error_report("vfio: Failed to read device config space");
+ goto out_put;
+ }
+
+ /* vfio emulates a lot for us, but some bits need extra love */
+ vdev->emulated_config_bits = g_malloc0(vdev->config_size);
+
+ /* QEMU can choose to expose the ROM or not */
+ memset(vdev->emulated_config_bits + PCI_ROM_ADDRESS, 0xff, 4);
+
+ /* QEMU can change multi-function devices to single function, or reverse */
+ vdev->emulated_config_bits[PCI_HEADER_TYPE] =
+ PCI_HEADER_TYPE_MULTI_FUNCTION;
+
+ /*
+ * Clear host resource mapping info. If we choose not to register a
+ * BAR, such as might be the case with the option ROM, we can get
+ * confusing, unwritable, residual addresses from the host here.
+ */
+ memset(&vdev->pdev.config[PCI_BASE_ADDRESS_0], 0, 24);
+ memset(&vdev->pdev.config[PCI_ROM_ADDRESS], 0, 4);
+
+ vfio_load_rom(vdev);
+
+ ret = vfio_early_setup_msix(vdev);
+ if (ret) {
+ goto out_put;
+ }
+
+ vfio_map_bars(vdev);
+
+ ret = vfio_add_capabilities(vdev);
+ if (ret) {
+ goto out_teardown;
+ }
+
+ /* QEMU emulates all of MSI & MSIX */
+ if (pdev->cap_present & QEMU_PCI_CAP_MSIX) {
+ memset(vdev->emulated_config_bits + pdev->msix_cap, 0xff,
+ MSIX_CAP_LENGTH);
+ }
+
+ if (pdev->cap_present & QEMU_PCI_CAP_MSI) {
+ memset(vdev->emulated_config_bits + pdev->msi_cap, 0xff,
+ vdev->msi_cap_size);
+ }
+
+ if (vfio_pci_read_config(&vdev->pdev, PCI_INTERRUPT_PIN, 1)) {
+ vdev->intx.mmap_timer = qemu_new_timer_ms(vm_clock,
+ vfio_intx_mmap_enable, vdev);
+ pci_device_set_intx_routing_notifier(&vdev->pdev, vfio_update_irq);
+ ret = vfio_enable_intx(vdev);
+ if (ret) {
+ goto out_teardown;
+ }
+ }
+
+ add_boot_device_path(vdev->bootindex, &pdev->qdev, NULL);
+ vfio_register_err_notifier(vdev);
+
+ return 0;
+
+out_teardown:
+ pci_device_set_intx_routing_notifier(&vdev->pdev, NULL);
+ vfio_teardown_msi(vdev);
+ vfio_unmap_bars(vdev);
+out_put:
+ g_free(vdev->emulated_config_bits);
+ vfio_put_device(vdev);
+ vfio_put_group(group);
+ return ret;
+}
+
+static void vfio_exitfn(PCIDevice *pdev)
+{
+ VFIODevice *vdev = DO_UPCAST(VFIODevice, pdev, pdev);
+ VFIOGroup *group = vdev->group;
+
+ vfio_unregister_err_notifier(vdev);
+ pci_device_set_intx_routing_notifier(&vdev->pdev, NULL);
+ vfio_disable_interrupts(vdev);
+ if (vdev->intx.mmap_timer) {
+ qemu_free_timer(vdev->intx.mmap_timer);
+ }
+ vfio_teardown_msi(vdev);
+ vfio_unmap_bars(vdev);
+ g_free(vdev->emulated_config_bits);
+ vfio_put_device(vdev);
+ vfio_put_group(group);
+}
+
+static void vfio_pci_reset(DeviceState *dev)
+{
+ PCIDevice *pdev = DO_UPCAST(PCIDevice, qdev, dev);
+ VFIODevice *vdev = DO_UPCAST(VFIODevice, pdev, pdev);
+ uint16_t cmd;
+
+ DPRINTF("%s(%04x:%02x:%02x.%x)\n", __func__, vdev->host.domain,
+ vdev->host.bus, vdev->host.slot, vdev->host.function);
+
+ vfio_disable_interrupts(vdev);
+
+ /* Make sure the device is in D0 */
+ if (vdev->pm_cap) {
+ uint16_t pmcsr;
+ uint8_t state;
+
+ pmcsr = vfio_pci_read_config(pdev, vdev->pm_cap + PCI_PM_CTRL, 2);
+ state = pmcsr & PCI_PM_CTRL_STATE_MASK;
+ if (state) {
+ pmcsr &= ~PCI_PM_CTRL_STATE_MASK;
+ vfio_pci_write_config(pdev, vdev->pm_cap + PCI_PM_CTRL, pmcsr, 2);
+ /* vfio handles the necessary delay here */
+ pmcsr = vfio_pci_read_config(pdev, vdev->pm_cap + PCI_PM_CTRL, 2);
+ state = pmcsr & PCI_PM_CTRL_STATE_MASK;
+ if (state) {
+ error_report("vfio: Unable to power on device, stuck in D%d\n",
+ state);
+ }
+ }
+ }
+
+ /*
+ * Stop any ongoing DMA by disconecting I/O, MMIO, and bus master.
+ * Also put INTx Disable in known state.
+ */
+ cmd = vfio_pci_read_config(pdev, PCI_COMMAND, 2);
+ cmd &= ~(PCI_COMMAND_IO | PCI_COMMAND_MEMORY | PCI_COMMAND_MASTER |
+ PCI_COMMAND_INTX_DISABLE);
+ vfio_pci_write_config(pdev, PCI_COMMAND, cmd, 2);
+
+ if (vdev->reset_works) {
+ if (ioctl(vdev->fd, VFIO_DEVICE_RESET)) {
+ error_report("vfio: Error unable to reset physical device "
+ "(%04x:%02x:%02x.%x): %m", vdev->host.domain,
+ vdev->host.bus, vdev->host.slot, vdev->host.function);
+ }
+ }
+
+ vfio_enable_intx(vdev);
+}
+
+static Property vfio_pci_dev_properties[] = {
+ DEFINE_PROP_PCI_HOST_DEVADDR("host", VFIODevice, host),
+ DEFINE_PROP_UINT32("x-intx-mmap-timeout-ms", VFIODevice,
+ intx.mmap_timeout, 1100),
+ DEFINE_PROP_BIT("x-vga", VFIODevice, features,
+ VFIO_FEATURE_ENABLE_VGA_BIT, false),
+ DEFINE_PROP_INT32("bootindex", VFIODevice, bootindex, -1),
+ /*
+ * TODO - support passed fds... is this necessary?
+ * DEFINE_PROP_STRING("vfiofd", VFIODevice, vfiofd_name),
+ * DEFINE_PROP_STRING("vfiogroupfd, VFIODevice, vfiogroupfd_name),
+ */
+ DEFINE_PROP_END_OF_LIST(),
+};
+
+static const VMStateDescription vfio_pci_vmstate = {
+ .name = "vfio-pci",
+ .unmigratable = 1,
+};
+
+static void vfio_pci_dev_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ PCIDeviceClass *pdc = PCI_DEVICE_CLASS(klass);
+
+ dc->reset = vfio_pci_reset;
+ dc->props = vfio_pci_dev_properties;
+ dc->vmsd = &vfio_pci_vmstate;
+ dc->desc = "VFIO-based PCI device assignment";
+ set_bit(DEVICE_CATEGORY_MISC, dc->categories);
+ pdc->init = vfio_initfn;
+ pdc->exit = vfio_exitfn;
+ pdc->config_read = vfio_pci_read_config;
+ pdc->config_write = vfio_pci_write_config;
+ pdc->is_express = 1; /* We might be */
+}
+
+static const TypeInfo vfio_pci_dev_info = {
+ .name = "vfio-pci",
+ .parent = TYPE_PCI_DEVICE,
+ .instance_size = sizeof(VFIODevice),
+ .class_init = vfio_pci_dev_class_init,
+};
+
+static void register_vfio_pci_dev_type(void)
+{
+ type_register_static(&vfio_pci_dev_info);
+}
+
+type_init(register_vfio_pci_dev_type)
diff --git a/hw/misc/vmport.c b/hw/misc/vmport.c
new file mode 100644
index 000000000..0b5a5644e
--- /dev/null
+++ b/hw/misc/vmport.c
@@ -0,0 +1,180 @@
+/*
+ * QEMU VMPort emulation
+ *
+ * Copyright (C) 2007 Hervé Poussineau
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+#include "hw/hw.h"
+#include "hw/isa/isa.h"
+#include "hw/i386/pc.h"
+#include "sysemu/kvm.h"
+#include "hw/qdev.h"
+
+//#define VMPORT_DEBUG
+
+#define VMPORT_CMD_GETVERSION 0x0a
+#define VMPORT_CMD_GETRAMSIZE 0x14
+
+#define VMPORT_ENTRIES 0x2c
+#define VMPORT_MAGIC 0x564D5868
+
+#define TYPE_VMPORT "vmport"
+#define VMPORT(obj) OBJECT_CHECK(VMPortState, (obj), TYPE_VMPORT)
+
+typedef struct VMPortState
+{
+ ISADevice parent_obj;
+
+ MemoryRegion io;
+ VMPortReadFunc *func[VMPORT_ENTRIES];
+ void *opaque[VMPORT_ENTRIES];
+} VMPortState;
+
+static VMPortState *port_state;
+
+void vmport_register(unsigned char command, VMPortReadFunc *func, void *opaque)
+{
+ if (command >= VMPORT_ENTRIES)
+ return;
+
+ port_state->func[command] = func;
+ port_state->opaque[command] = opaque;
+}
+
+static uint64_t vmport_ioport_read(void *opaque, hwaddr addr,
+ unsigned size)
+{
+ VMPortState *s = opaque;
+ CPUState *cs = current_cpu;
+ X86CPU *cpu = X86_CPU(cs);
+ CPUX86State *env = &cpu->env;
+ unsigned char command;
+ uint32_t eax;
+
+ cpu_synchronize_state(cs);
+
+ eax = env->regs[R_EAX];
+ if (eax != VMPORT_MAGIC)
+ return eax;
+
+ command = env->regs[R_ECX];
+ if (command >= VMPORT_ENTRIES)
+ return eax;
+ if (!s->func[command])
+ {
+#ifdef VMPORT_DEBUG
+ fprintf(stderr, "vmport: unknown command %x\n", command);
+#endif
+ return eax;
+ }
+
+ return s->func[command](s->opaque[command], addr);
+}
+
+static void vmport_ioport_write(void *opaque, hwaddr addr,
+ uint64_t val, unsigned size)
+{
+ X86CPU *cpu = X86_CPU(current_cpu);
+
+ cpu->env.regs[R_EAX] = vmport_ioport_read(opaque, addr, 4);
+}
+
+static uint32_t vmport_cmd_get_version(void *opaque, uint32_t addr)
+{
+ X86CPU *cpu = X86_CPU(current_cpu);
+
+ cpu->env.regs[R_EBX] = VMPORT_MAGIC;
+ return 6;
+}
+
+static uint32_t vmport_cmd_ram_size(void *opaque, uint32_t addr)
+{
+ X86CPU *cpu = X86_CPU(current_cpu);
+
+ cpu->env.regs[R_EBX] = 0x1177;
+ return ram_size;
+}
+
+/* vmmouse helpers */
+void vmmouse_get_data(uint32_t *data)
+{
+ X86CPU *cpu = X86_CPU(current_cpu);
+ CPUX86State *env = &cpu->env;
+
+ data[0] = env->regs[R_EAX]; data[1] = env->regs[R_EBX];
+ data[2] = env->regs[R_ECX]; data[3] = env->regs[R_EDX];
+ data[4] = env->regs[R_ESI]; data[5] = env->regs[R_EDI];
+}
+
+void vmmouse_set_data(const uint32_t *data)
+{
+ X86CPU *cpu = X86_CPU(current_cpu);
+ CPUX86State *env = &cpu->env;
+
+ env->regs[R_EAX] = data[0]; env->regs[R_EBX] = data[1];
+ env->regs[R_ECX] = data[2]; env->regs[R_EDX] = data[3];
+ env->regs[R_ESI] = data[4]; env->regs[R_EDI] = data[5];
+}
+
+static const MemoryRegionOps vmport_ops = {
+ .read = vmport_ioport_read,
+ .write = vmport_ioport_write,
+ .impl = {
+ .min_access_size = 4,
+ .max_access_size = 4,
+ },
+ .endianness = DEVICE_LITTLE_ENDIAN,
+};
+
+static void vmport_realizefn(DeviceState *dev, Error **errp)
+{
+ ISADevice *isadev = ISA_DEVICE(dev);
+ VMPortState *s = VMPORT(dev);
+
+ memory_region_init_io(&s->io, OBJECT(s), &vmport_ops, s, "vmport", 1);
+ isa_register_ioport(isadev, &s->io, 0x5658);
+
+ port_state = s;
+ /* Register some generic port commands */
+ vmport_register(VMPORT_CMD_GETVERSION, vmport_cmd_get_version, NULL);
+ vmport_register(VMPORT_CMD_GETRAMSIZE, vmport_cmd_ram_size, NULL);
+}
+
+static void vmport_class_initfn(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+
+ dc->realize = vmport_realizefn;
+ dc->no_user = 1;
+}
+
+static const TypeInfo vmport_info = {
+ .name = TYPE_VMPORT,
+ .parent = TYPE_ISA_DEVICE,
+ .instance_size = sizeof(VMPortState),
+ .class_init = vmport_class_initfn,
+};
+
+static void vmport_register_types(void)
+{
+ type_register_static(&vmport_info);
+}
+
+type_init(vmport_register_types)
diff --git a/hw/misc/zynq_slcr.c b/hw/misc/zynq_slcr.c
new file mode 100644
index 000000000..e42a5b04a
--- /dev/null
+++ b/hw/misc/zynq_slcr.c
@@ -0,0 +1,539 @@
+/*
+ * Status and system control registers for Xilinx Zynq Platform
+ *
+ * Copyright (c) 2011 Michal Simek <monstr@monstr.eu>
+ * Copyright (c) 2012 PetaLogix Pty Ltd.
+ * Based on hw/arm_sysctl.c, written by Paul Brook
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version
+ * 2 of the License, or (at your option) any later version.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "hw/hw.h"
+#include "qemu/timer.h"
+#include "hw/sysbus.h"
+#include "sysemu/sysemu.h"
+
+#ifdef ZYNQ_ARM_SLCR_ERR_DEBUG
+#define DB_PRINT(...) do { \
+ fprintf(stderr, ": %s: ", __func__); \
+ fprintf(stderr, ## __VA_ARGS__); \
+ } while (0);
+#else
+ #define DB_PRINT(...)
+#endif
+
+#define XILINX_LOCK_KEY 0x767b
+#define XILINX_UNLOCK_KEY 0xdf0d
+
+typedef enum {
+ ARM_PLL_CTRL,
+ DDR_PLL_CTRL,
+ IO_PLL_CTRL,
+ PLL_STATUS,
+ ARM_PPL_CFG,
+ DDR_PLL_CFG,
+ IO_PLL_CFG,
+ PLL_BG_CTRL,
+ PLL_MAX
+} PLLValues;
+
+typedef enum {
+ ARM_CLK_CTRL,
+ DDR_CLK_CTRL,
+ DCI_CLK_CTRL,
+ APER_CLK_CTRL,
+ USB0_CLK_CTRL,
+ USB1_CLK_CTRL,
+ GEM0_RCLK_CTRL,
+ GEM1_RCLK_CTRL,
+ GEM0_CLK_CTRL,
+ GEM1_CLK_CTRL,
+ SMC_CLK_CTRL,
+ LQSPI_CLK_CTRL,
+ SDIO_CLK_CTRL,
+ UART_CLK_CTRL,
+ SPI_CLK_CTRL,
+ CAN_CLK_CTRL,
+ CAN_MIOCLK_CTRL,
+ DBG_CLK_CTRL,
+ PCAP_CLK_CTRL,
+ TOPSW_CLK_CTRL,
+ CLK_MAX
+} ClkValues;
+
+typedef enum {
+ CLK_CTRL,
+ THR_CTRL,
+ THR_CNT,
+ THR_STA,
+ FPGA_MAX
+} FPGAValues;
+
+typedef enum {
+ SYNC_CTRL,
+ SYNC_STATUS,
+ BANDGAP_TRIP,
+ CC_TEST,
+ PLL_PREDIVISOR,
+ CLK_621_TRUE,
+ PICTURE_DBG,
+ PICTURE_DBG_UCNT,
+ PICTURE_DBG_LCNT,
+ MISC_MAX
+} MiscValues;
+
+typedef enum {
+ PSS,
+ DDDR,
+ DMAC = 3,
+ USB,
+ GEM,
+ SDIO,
+ SPI,
+ CAN,
+ I2C,
+ UART,
+ GPIO,
+ LQSPI,
+ SMC,
+ OCM,
+ DEVCI,
+ FPGA,
+ A9_CPU,
+ RS_AWDT,
+ RST_REASON,
+ RST_REASON_CLR,
+ REBOOT_STATUS,
+ BOOT_MODE,
+ RESET_MAX
+} ResetValues;
+
+#define TYPE_ZYNQ_SLCR "xilinx,zynq_slcr"
+#define ZYNQ_SLCR(obj) OBJECT_CHECK(ZynqSLCRState, (obj), TYPE_ZYNQ_SLCR)
+
+typedef struct ZynqSLCRState {
+ SysBusDevice parent_obj;
+
+ MemoryRegion iomem;
+
+ union {
+ struct {
+ uint16_t scl;
+ uint16_t lockval;
+ uint32_t pll[PLL_MAX]; /* 0x100 - 0x11C */
+ uint32_t clk[CLK_MAX]; /* 0x120 - 0x16C */
+ uint32_t fpga[4][FPGA_MAX]; /* 0x170 - 0x1AC */
+ uint32_t misc[MISC_MAX]; /* 0x1B0 - 0x1D8 */
+ uint32_t reset[RESET_MAX]; /* 0x200 - 0x25C */
+ uint32_t apu_ctrl; /* 0x300 */
+ uint32_t wdt_clk_sel; /* 0x304 */
+ uint32_t tz_ocm[3]; /* 0x400 - 0x408 */
+ uint32_t tz_ddr; /* 0x430 */
+ uint32_t tz_dma[3]; /* 0x440 - 0x448 */
+ uint32_t tz_misc[3]; /* 0x450 - 0x458 */
+ uint32_t tz_fpga[2]; /* 0x484 - 0x488 */
+ uint32_t dbg_ctrl; /* 0x500 */
+ uint32_t pss_idcode; /* 0x530 */
+ uint32_t ddr[8]; /* 0x600 - 0x620 - 0x604-missing */
+ uint32_t mio[54]; /* 0x700 - 0x7D4 */
+ uint32_t mio_func[4]; /* 0x800 - 0x810 */
+ uint32_t sd[2]; /* 0x830 - 0x834 */
+ uint32_t lvl_shftr_en; /* 0x900 */
+ uint32_t ocm_cfg; /* 0x910 */
+ uint32_t cpu_ram[8]; /* 0xA00 - 0xA1C */
+ uint32_t iou[7]; /* 0xA30 - 0xA48 */
+ uint32_t dmac_ram; /* 0xA50 */
+ uint32_t afi[4][3]; /* 0xA60 - 0xA8C */
+ uint32_t ocm[3]; /* 0xA90 - 0xA98 */
+ uint32_t devci_ram; /* 0xAA0 */
+ uint32_t csg_ram; /* 0xAB0 */
+ uint32_t gpiob[12]; /* 0xB00 - 0xB2C */
+ uint32_t ddriob[14]; /* 0xB40 - 0xB74 */
+ };
+ uint8_t data[0x1000];
+ };
+} ZynqSLCRState;
+
+static void zynq_slcr_reset(DeviceState *d)
+{
+ ZynqSLCRState *s = ZYNQ_SLCR(d);
+ int i;
+
+ DB_PRINT("RESET\n");
+
+ s->lockval = 1;
+ /* 0x100 - 0x11C */
+ s->pll[ARM_PLL_CTRL] = 0x0001A008;
+ s->pll[DDR_PLL_CTRL] = 0x0001A008;
+ s->pll[IO_PLL_CTRL] = 0x0001A008;
+ s->pll[PLL_STATUS] = 0x0000003F;
+ s->pll[ARM_PPL_CFG] = 0x00014000;
+ s->pll[DDR_PLL_CFG] = 0x00014000;
+ s->pll[IO_PLL_CFG] = 0x00014000;
+
+ /* 0x120 - 0x16C */
+ s->clk[ARM_CLK_CTRL] = 0x1F000400;
+ s->clk[DDR_CLK_CTRL] = 0x18400003;
+ s->clk[DCI_CLK_CTRL] = 0x01E03201;
+ s->clk[APER_CLK_CTRL] = 0x01FFCCCD;
+ s->clk[USB0_CLK_CTRL] = s->clk[USB1_CLK_CTRL] = 0x00101941;
+ s->clk[GEM0_RCLK_CTRL] = s->clk[GEM1_RCLK_CTRL] = 0x00000001;
+ s->clk[GEM0_CLK_CTRL] = s->clk[GEM1_CLK_CTRL] = 0x00003C01;
+ s->clk[SMC_CLK_CTRL] = 0x00003C01;
+ s->clk[LQSPI_CLK_CTRL] = 0x00002821;
+ s->clk[SDIO_CLK_CTRL] = 0x00001E03;
+ s->clk[UART_CLK_CTRL] = 0x00003F03;
+ s->clk[SPI_CLK_CTRL] = 0x00003F03;
+ s->clk[CAN_CLK_CTRL] = 0x00501903;
+ s->clk[DBG_CLK_CTRL] = 0x00000F03;
+ s->clk[PCAP_CLK_CTRL] = 0x00000F01;
+
+ /* 0x170 - 0x1AC */
+ s->fpga[0][CLK_CTRL] = s->fpga[1][CLK_CTRL] = s->fpga[2][CLK_CTRL] =
+ s->fpga[3][CLK_CTRL] = 0x00101800;
+ s->fpga[0][THR_STA] = s->fpga[1][THR_STA] = s->fpga[2][THR_STA] =
+ s->fpga[3][THR_STA] = 0x00010000;
+
+ /* 0x1B0 - 0x1D8 */
+ s->misc[BANDGAP_TRIP] = 0x0000001F;
+ s->misc[PLL_PREDIVISOR] = 0x00000001;
+ s->misc[CLK_621_TRUE] = 0x00000001;
+
+ /* 0x200 - 0x25C */
+ s->reset[FPGA] = 0x01F33F0F;
+ s->reset[RST_REASON] = 0x00000040;
+
+ /* 0x700 - 0x7D4 */
+ for (i = 0; i < 54; i++) {
+ s->mio[i] = 0x00001601;
+ }
+ for (i = 2; i <= 8; i++) {
+ s->mio[i] = 0x00000601;
+ }
+
+ /* MIO_MST_TRI0, MIO_MST_TRI1 */
+ s->mio_func[2] = s->mio_func[3] = 0xFFFFFFFF;
+
+ s->cpu_ram[0] = s->cpu_ram[1] = s->cpu_ram[3] =
+ s->cpu_ram[4] = s->cpu_ram[7] = 0x00010101;
+ s->cpu_ram[2] = s->cpu_ram[5] = 0x01010101;
+ s->cpu_ram[6] = 0x00000001;
+
+ s->iou[0] = s->iou[1] = s->iou[2] = s->iou[3] = 0x09090909;
+ s->iou[4] = s->iou[5] = 0x00090909;
+ s->iou[6] = 0x00000909;
+
+ s->dmac_ram = 0x00000009;
+
+ s->afi[0][0] = s->afi[0][1] = 0x09090909;
+ s->afi[1][0] = s->afi[1][1] = 0x09090909;
+ s->afi[2][0] = s->afi[2][1] = 0x09090909;
+ s->afi[3][0] = s->afi[3][1] = 0x09090909;
+ s->afi[0][2] = s->afi[1][2] = s->afi[2][2] = s->afi[3][2] = 0x00000909;
+
+ s->ocm[0] = 0x01010101;
+ s->ocm[1] = s->ocm[2] = 0x09090909;
+
+ s->devci_ram = 0x00000909;
+ s->csg_ram = 0x00000001;
+
+ s->ddriob[0] = s->ddriob[1] = s->ddriob[2] = s->ddriob[3] = 0x00000e00;
+ s->ddriob[4] = s->ddriob[5] = s->ddriob[6] = 0x00000e00;
+ s->ddriob[12] = 0x00000021;
+}
+
+static inline uint32_t zynq_slcr_read_imp(void *opaque,
+ hwaddr offset)
+{
+ ZynqSLCRState *s = (ZynqSLCRState *)opaque;
+
+ switch (offset) {
+ case 0x0: /* SCL */
+ return s->scl;
+ case 0x4: /* LOCK */
+ case 0x8: /* UNLOCK */
+ DB_PRINT("Reading SCLR_LOCK/UNLOCK is not enabled\n");
+ return 0;
+ case 0x0C: /* LOCKSTA */
+ return s->lockval;
+ case 0x100 ... 0x11C:
+ return s->pll[(offset - 0x100) / 4];
+ case 0x120 ... 0x16C:
+ return s->clk[(offset - 0x120) / 4];
+ case 0x170 ... 0x1AC:
+ return s->fpga[0][(offset - 0x170) / 4];
+ case 0x1B0 ... 0x1D8:
+ return s->misc[(offset - 0x1B0) / 4];
+ case 0x200 ... 0x258:
+ return s->reset[(offset - 0x200) / 4];
+ case 0x25c:
+ return 1;
+ case 0x300:
+ return s->apu_ctrl;
+ case 0x304:
+ return s->wdt_clk_sel;
+ case 0x400 ... 0x408:
+ return s->tz_ocm[(offset - 0x400) / 4];
+ case 0x430:
+ return s->tz_ddr;
+ case 0x440 ... 0x448:
+ return s->tz_dma[(offset - 0x440) / 4];
+ case 0x450 ... 0x458:
+ return s->tz_misc[(offset - 0x450) / 4];
+ case 0x484 ... 0x488:
+ return s->tz_fpga[(offset - 0x484) / 4];
+ case 0x500:
+ return s->dbg_ctrl;
+ case 0x530:
+ return s->pss_idcode;
+ case 0x600 ... 0x620:
+ if (offset == 0x604) {
+ goto bad_reg;
+ }
+ return s->ddr[(offset - 0x600) / 4];
+ case 0x700 ... 0x7D4:
+ return s->mio[(offset - 0x700) / 4];
+ case 0x800 ... 0x810:
+ return s->mio_func[(offset - 0x800) / 4];
+ case 0x830 ... 0x834:
+ return s->sd[(offset - 0x830) / 4];
+ case 0x900:
+ return s->lvl_shftr_en;
+ case 0x910:
+ return s->ocm_cfg;
+ case 0xA00 ... 0xA1C:
+ return s->cpu_ram[(offset - 0xA00) / 4];
+ case 0xA30 ... 0xA48:
+ return s->iou[(offset - 0xA30) / 4];
+ case 0xA50:
+ return s->dmac_ram;
+ case 0xA60 ... 0xA8C:
+ return s->afi[0][(offset - 0xA60) / 4];
+ case 0xA90 ... 0xA98:
+ return s->ocm[(offset - 0xA90) / 4];
+ case 0xAA0:
+ return s->devci_ram;
+ case 0xAB0:
+ return s->csg_ram;
+ case 0xB00 ... 0xB2C:
+ return s->gpiob[(offset - 0xB00) / 4];
+ case 0xB40 ... 0xB74:
+ return s->ddriob[(offset - 0xB40) / 4];
+ default:
+ bad_reg:
+ DB_PRINT("Bad register offset 0x%x\n", (int)offset);
+ return 0;
+ }
+}
+
+static uint64_t zynq_slcr_read(void *opaque, hwaddr offset,
+ unsigned size)
+{
+ uint32_t ret = zynq_slcr_read_imp(opaque, offset);
+
+ DB_PRINT("addr: %08x data: %08x\n", (unsigned)offset, (unsigned)ret);
+ return ret;
+}
+
+static void zynq_slcr_write(void *opaque, hwaddr offset,
+ uint64_t val, unsigned size)
+{
+ ZynqSLCRState *s = (ZynqSLCRState *)opaque;
+
+ DB_PRINT("offset: %08x data: %08x\n", (unsigned)offset, (unsigned)val);
+
+ switch (offset) {
+ case 0x00: /* SCL */
+ s->scl = val & 0x1;
+ return;
+ case 0x4: /* SLCR_LOCK */
+ if ((val & 0xFFFF) == XILINX_LOCK_KEY) {
+ DB_PRINT("XILINX LOCK 0xF8000000 + 0x%x <= 0x%x\n", (int)offset,
+ (unsigned)val & 0xFFFF);
+ s->lockval = 1;
+ } else {
+ DB_PRINT("WRONG XILINX LOCK KEY 0xF8000000 + 0x%x <= 0x%x\n",
+ (int)offset, (unsigned)val & 0xFFFF);
+ }
+ return;
+ case 0x8: /* SLCR_UNLOCK */
+ if ((val & 0xFFFF) == XILINX_UNLOCK_KEY) {
+ DB_PRINT("XILINX UNLOCK 0xF8000000 + 0x%x <= 0x%x\n", (int)offset,
+ (unsigned)val & 0xFFFF);
+ s->lockval = 0;
+ } else {
+ DB_PRINT("WRONG XILINX UNLOCK KEY 0xF8000000 + 0x%x <= 0x%x\n",
+ (int)offset, (unsigned)val & 0xFFFF);
+ }
+ return;
+ case 0xc: /* LOCKSTA */
+ DB_PRINT("Writing SCLR_LOCKSTA is not enabled\n");
+ return;
+ }
+
+ if (!s->lockval) {
+ switch (offset) {
+ case 0x100 ... 0x11C:
+ if (offset == 0x10C) {
+ goto bad_reg;
+ }
+ s->pll[(offset - 0x100) / 4] = val;
+ break;
+ case 0x120 ... 0x16C:
+ s->clk[(offset - 0x120) / 4] = val;
+ break;
+ case 0x170 ... 0x1AC:
+ s->fpga[0][(offset - 0x170) / 4] = val;
+ break;
+ case 0x1B0 ... 0x1D8:
+ s->misc[(offset - 0x1B0) / 4] = val;
+ break;
+ case 0x200 ... 0x25C:
+ if (offset == 0x250) {
+ goto bad_reg;
+ }
+ s->reset[(offset - 0x200) / 4] = val;
+ break;
+ case 0x300:
+ s->apu_ctrl = val;
+ break;
+ case 0x304:
+ s->wdt_clk_sel = val;
+ break;
+ case 0x400 ... 0x408:
+ s->tz_ocm[(offset - 0x400) / 4] = val;
+ break;
+ case 0x430:
+ s->tz_ddr = val;
+ break;
+ case 0x440 ... 0x448:
+ s->tz_dma[(offset - 0x440) / 4] = val;
+ break;
+ case 0x450 ... 0x458:
+ s->tz_misc[(offset - 0x450) / 4] = val;
+ break;
+ case 0x484 ... 0x488:
+ s->tz_fpga[(offset - 0x484) / 4] = val;
+ break;
+ case 0x500:
+ s->dbg_ctrl = val;
+ break;
+ case 0x530:
+ s->pss_idcode = val;
+ break;
+ case 0x600 ... 0x620:
+ if (offset == 0x604) {
+ goto bad_reg;
+ }
+ s->ddr[(offset - 0x600) / 4] = val;
+ break;
+ case 0x700 ... 0x7D4:
+ s->mio[(offset - 0x700) / 4] = val;
+ break;
+ case 0x800 ... 0x810:
+ s->mio_func[(offset - 0x800) / 4] = val;
+ break;
+ case 0x830 ... 0x834:
+ s->sd[(offset - 0x830) / 4] = val;
+ break;
+ case 0x900:
+ s->lvl_shftr_en = val;
+ break;
+ case 0x910:
+ break;
+ case 0xA00 ... 0xA1C:
+ s->cpu_ram[(offset - 0xA00) / 4] = val;
+ break;
+ case 0xA30 ... 0xA48:
+ s->iou[(offset - 0xA30) / 4] = val;
+ break;
+ case 0xA50:
+ s->dmac_ram = val;
+ break;
+ case 0xA60 ... 0xA8C:
+ s->afi[0][(offset - 0xA60) / 4] = val;
+ break;
+ case 0xA90:
+ s->ocm[0] = val;
+ break;
+ case 0xAA0:
+ s->devci_ram = val;
+ break;
+ case 0xAB0:
+ s->csg_ram = val;
+ break;
+ case 0xB00 ... 0xB2C:
+ if (offset == 0xB20 || offset == 0xB2C) {
+ goto bad_reg;
+ }
+ s->gpiob[(offset - 0xB00) / 4] = val;
+ break;
+ case 0xB40 ... 0xB74:
+ s->ddriob[(offset - 0xB40) / 4] = val;
+ break;
+ default:
+ bad_reg:
+ DB_PRINT("Bad register write %x <= %08x\n", (int)offset,
+ (unsigned)val);
+ }
+ } else {
+ DB_PRINT("SCLR registers are locked. Unlock them first\n");
+ }
+}
+
+static const MemoryRegionOps slcr_ops = {
+ .read = zynq_slcr_read,
+ .write = zynq_slcr_write,
+ .endianness = DEVICE_NATIVE_ENDIAN,
+};
+
+static int zynq_slcr_init(SysBusDevice *dev)
+{
+ ZynqSLCRState *s = ZYNQ_SLCR(dev);
+
+ memory_region_init_io(&s->iomem, OBJECT(s), &slcr_ops, s, "slcr", 0x1000);
+ sysbus_init_mmio(dev, &s->iomem);
+
+ return 0;
+}
+
+static const VMStateDescription vmstate_zynq_slcr = {
+ .name = "zynq_slcr",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .minimum_version_id_old = 1,
+ .fields = (VMStateField[]) {
+ VMSTATE_UINT8_ARRAY(data, ZynqSLCRState, 0x1000),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+static void zynq_slcr_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ SysBusDeviceClass *sdc = SYS_BUS_DEVICE_CLASS(klass);
+
+ sdc->init = zynq_slcr_init;
+ dc->vmsd = &vmstate_zynq_slcr;
+ dc->reset = zynq_slcr_reset;
+}
+
+static const TypeInfo zynq_slcr_info = {
+ .class_init = zynq_slcr_class_init,
+ .name = TYPE_ZYNQ_SLCR,
+ .parent = TYPE_SYS_BUS_DEVICE,
+ .instance_size = sizeof(ZynqSLCRState),
+};
+
+static void zynq_slcr_register_types(void)
+{
+ type_register_static(&zynq_slcr_info);
+}
+
+type_init(zynq_slcr_register_types)
diff --git a/hw/moxie/Makefile.objs b/hw/moxie/Makefile.objs
new file mode 100644
index 000000000..bfc90012f
--- /dev/null
+++ b/hw/moxie/Makefile.objs
@@ -0,0 +1,2 @@
+# moxie boards
+obj-y += moxiesim.o
diff --git a/hw/moxie/moxiesim.c b/hw/moxie/moxiesim.c
new file mode 100644
index 000000000..ef4f3a84d
--- /dev/null
+++ b/hw/moxie/moxiesim.c
@@ -0,0 +1,174 @@
+/*
+ * QEMU/moxiesim emulation
+ *
+ * Emulates a very simple machine model similar to the one used by the
+ * GDB moxie simulator.
+ *
+ * Copyright (c) 2008, 2009, 2010, 2013 Anthony Green
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+#include "hw/sysbus.h"
+#include "hw/hw.h"
+#include "hw/i386/pc.h"
+#include "hw/isa/isa.h"
+#include "net/net.h"
+#include "sysemu/sysemu.h"
+#include "hw/boards.h"
+#include "hw/loader.h"
+#include "hw/char/serial.h"
+#include "exec/address-spaces.h"
+
+#define PHYS_MEM_BASE 0x80000000
+
+typedef struct {
+ uint64_t ram_size;
+ const char *kernel_filename;
+ const char *kernel_cmdline;
+ const char *initrd_filename;
+} LoaderParams;
+
+static void load_kernel(MoxieCPU *cpu, LoaderParams *loader_params)
+{
+ uint64_t entry, kernel_low, kernel_high;
+ long kernel_size;
+ long initrd_size;
+ ram_addr_t initrd_offset;
+
+ kernel_size = load_elf(loader_params->kernel_filename, NULL, NULL,
+ &entry, &kernel_low, &kernel_high, 1,
+ ELF_MACHINE, 0);
+
+ if (!kernel_size) {
+ fprintf(stderr, "qemu: could not load kernel '%s'\n",
+ loader_params->kernel_filename);
+ exit(1);
+ }
+
+ /* load initrd */
+ initrd_size = 0;
+ initrd_offset = 0;
+ if (loader_params->initrd_filename) {
+ initrd_size = get_image_size(loader_params->initrd_filename);
+ if (initrd_size > 0) {
+ initrd_offset = (kernel_high + ~TARGET_PAGE_MASK)
+ & TARGET_PAGE_MASK;
+ if (initrd_offset + initrd_size > loader_params->ram_size) {
+ fprintf(stderr,
+ "qemu: memory too small for initial ram disk '%s'\n",
+ loader_params->initrd_filename);
+ exit(1);
+ }
+ initrd_size = load_image_targphys(loader_params->initrd_filename,
+ initrd_offset,
+ ram_size);
+ }
+ if (initrd_size == (target_ulong)-1) {
+ fprintf(stderr, "qemu: could not load initial ram disk '%s'\n",
+ loader_params->initrd_filename);
+ exit(1);
+ }
+ }
+}
+
+static void main_cpu_reset(void *opaque)
+{
+ MoxieCPU *cpu = opaque;
+
+ cpu_reset(CPU(cpu));
+}
+
+static inline DeviceState *
+moxie_intc_create(hwaddr base, qemu_irq irq, int kind_of_intr)
+{
+ DeviceState *dev;
+
+ dev = qdev_create(NULL, "moxie,intc");
+ qdev_prop_set_uint32(dev, "kind-of-intr", kind_of_intr);
+ qdev_init_nofail(dev);
+ sysbus_mmio_map(SYS_BUS_DEVICE(dev), 0, base);
+ sysbus_connect_irq(SYS_BUS_DEVICE(dev), 0, irq);
+ return dev;
+}
+
+static void moxiesim_init(QEMUMachineInitArgs *args)
+{
+ MoxieCPU *cpu = NULL;
+ ram_addr_t ram_size = args->ram_size;
+ const char *cpu_model = args->cpu_model;
+ const char *kernel_filename = args->kernel_filename;
+ const char *kernel_cmdline = args->kernel_cmdline;
+ const char *initrd_filename = args->initrd_filename;
+ CPUMoxieState *env;
+ MemoryRegion *address_space_mem = get_system_memory();
+ MemoryRegion *ram = g_new(MemoryRegion, 1);
+ MemoryRegion *rom = g_new(MemoryRegion, 1);
+ hwaddr ram_base = 0x200000;
+ LoaderParams loader_params;
+
+ /* Init CPUs. */
+ if (cpu_model == NULL) {
+ cpu_model = "MoxieLite-moxie-cpu";
+ }
+ cpu = cpu_moxie_init(cpu_model);
+ if (!cpu) {
+ fprintf(stderr, "Unable to find CPU definition\n");
+ exit(1);
+ }
+ env = &cpu->env;
+
+ qemu_register_reset(main_cpu_reset, cpu);
+
+ /* Allocate RAM. */
+ memory_region_init_ram(ram, NULL, "moxiesim.ram", ram_size);
+ vmstate_register_ram_global(ram);
+ memory_region_add_subregion(address_space_mem, ram_base, ram);
+
+ memory_region_init_ram(rom, NULL, "moxie.rom", 128*0x1000);
+ vmstate_register_ram_global(rom);
+ memory_region_add_subregion(get_system_memory(), 0x1000, rom);
+
+ if (kernel_filename) {
+ loader_params.ram_size = ram_size;
+ loader_params.kernel_filename = kernel_filename;
+ loader_params.kernel_cmdline = kernel_cmdline;
+ loader_params.initrd_filename = initrd_filename;
+ load_kernel(cpu, &loader_params);
+ }
+
+ /* A single 16450 sits at offset 0x3f8. */
+ if (serial_hds[0]) {
+ serial_mm_init(address_space_mem, 0x3f8, 0, env->irq[4],
+ 8000000/16, serial_hds[0], DEVICE_LITTLE_ENDIAN);
+ }
+}
+
+static QEMUMachine moxiesim_machine = {
+ .name = "moxiesim",
+ .desc = "Moxie simulator platform",
+ .init = moxiesim_init,
+ .is_default = 1,
+};
+
+static void moxie_machine_init(void)
+{
+ qemu_register_machine(&moxiesim_machine);
+}
+
+machine_init(moxie_machine_init)
diff --git a/hw/mpc8544_guts.c b/hw/mpc8544_guts.c
deleted file mode 100644
index 873cb8cbf..000000000
--- a/hw/mpc8544_guts.c
+++ /dev/null
@@ -1,143 +0,0 @@
-/*
- * QEMU PowerPC MPC8544 global util pseudo-device
- *
- * Copyright (C) 2011 Freescale Semiconductor, Inc. All rights reserved.
- *
- * Author: Alexander Graf, <alex@csgraf.de>
- *
- * This is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * *****************************************************************
- *
- * The documentation for this device is noted in the MPC8544 documentation,
- * file name "MPC8544ERM.pdf". You can easily find it on the web.
- *
- */
-
-#include "hw.h"
-#include "sysemu.h"
-#include "sysbus.h"
-
-#define MPC8544_GUTS_MMIO_SIZE 0x1000
-#define MPC8544_GUTS_RSTCR_RESET 0x02
-
-#define MPC8544_GUTS_ADDR_PORPLLSR 0x00
-#define MPC8544_GUTS_ADDR_PORBMSR 0x04
-#define MPC8544_GUTS_ADDR_PORIMPSCR 0x08
-#define MPC8544_GUTS_ADDR_PORDEVSR 0x0C
-#define MPC8544_GUTS_ADDR_PORDBGMSR 0x10
-#define MPC8544_GUTS_ADDR_PORDEVSR2 0x14
-#define MPC8544_GUTS_ADDR_GPPORCR 0x20
-#define MPC8544_GUTS_ADDR_GPIOCR 0x30
-#define MPC8544_GUTS_ADDR_GPOUTDR 0x40
-#define MPC8544_GUTS_ADDR_GPINDR 0x50
-#define MPC8544_GUTS_ADDR_PMUXCR 0x60
-#define MPC8544_GUTS_ADDR_DEVDISR 0x70
-#define MPC8544_GUTS_ADDR_POWMGTCSR 0x80
-#define MPC8544_GUTS_ADDR_MCPSUMR 0x90
-#define MPC8544_GUTS_ADDR_RSTRSCR 0x94
-#define MPC8544_GUTS_ADDR_PVR 0xA0
-#define MPC8544_GUTS_ADDR_SVR 0xA4
-#define MPC8544_GUTS_ADDR_RSTCR 0xB0
-#define MPC8544_GUTS_ADDR_IOVSELSR 0xC0
-#define MPC8544_GUTS_ADDR_DDRCSR 0xB20
-#define MPC8544_GUTS_ADDR_DDRCDR 0xB24
-#define MPC8544_GUTS_ADDR_DDRCLKDR 0xB28
-#define MPC8544_GUTS_ADDR_CLKOCR 0xE00
-#define MPC8544_GUTS_ADDR_SRDS1CR1 0xF04
-#define MPC8544_GUTS_ADDR_SRDS2CR1 0xF10
-#define MPC8544_GUTS_ADDR_SRDS2CR3 0xF18
-
-struct GutsState {
- SysBusDevice busdev;
- MemoryRegion iomem;
-};
-
-typedef struct GutsState GutsState;
-
-static uint64_t mpc8544_guts_read(void *opaque, hwaddr addr,
- unsigned size)
-{
- uint32_t value = 0;
- CPUPPCState *env = cpu_single_env;
-
- addr &= MPC8544_GUTS_MMIO_SIZE - 1;
- switch (addr) {
- case MPC8544_GUTS_ADDR_PVR:
- value = env->spr[SPR_PVR];
- break;
- case MPC8544_GUTS_ADDR_SVR:
- value = env->spr[SPR_E500_SVR];
- break;
- default:
- fprintf(stderr, "guts: Unknown register read: %x\n", (int)addr);
- break;
- }
-
- return value;
-}
-
-static void mpc8544_guts_write(void *opaque, hwaddr addr,
- uint64_t value, unsigned size)
-{
- addr &= MPC8544_GUTS_MMIO_SIZE - 1;
-
- switch (addr) {
- case MPC8544_GUTS_ADDR_RSTCR:
- if (value & MPC8544_GUTS_RSTCR_RESET) {
- qemu_system_reset_request();
- }
- break;
- default:
- fprintf(stderr, "guts: Unknown register write: %x = %x\n",
- (int)addr, (unsigned)value);
- break;
- }
-}
-
-static const MemoryRegionOps mpc8544_guts_ops = {
- .read = mpc8544_guts_read,
- .write = mpc8544_guts_write,
- .endianness = DEVICE_BIG_ENDIAN,
- .valid = {
- .min_access_size = 4,
- .max_access_size = 4,
- },
-};
-
-static int mpc8544_guts_initfn(SysBusDevice *dev)
-{
- GutsState *s;
-
- s = FROM_SYSBUS(GutsState, sysbus_from_qdev(dev));
-
- memory_region_init_io(&s->iomem, &mpc8544_guts_ops, s,
- "mpc6544.guts", MPC8544_GUTS_MMIO_SIZE);
- sysbus_init_mmio(dev, &s->iomem);
-
- return 0;
-}
-
-static void mpc8544_guts_class_init(ObjectClass *klass, void *data)
-{
- SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
-
- k->init = mpc8544_guts_initfn;
-}
-
-static TypeInfo mpc8544_guts_info = {
- .name = "mpc8544-guts",
- .parent = TYPE_SYS_BUS_DEVICE,
- .instance_size = sizeof(GutsState),
- .class_init = mpc8544_guts_class_init,
-};
-
-static void mpc8544_guts_register_types(void)
-{
- type_register_static(&mpc8544_guts_info);
-}
-
-type_init(mpc8544_guts_register_types)
diff --git a/hw/msi.c b/hw/msi.c
deleted file mode 100644
index 33037a80e..000000000
--- a/hw/msi.c
+++ /dev/null
@@ -1,395 +0,0 @@
-/*
- * msi.c
- *
- * Copyright (c) 2010 Isaku Yamahata <yamahata at valinux co jp>
- * VA Linux Systems Japan K.K.
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
-
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
-
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, see <http://www.gnu.org/licenses/>.
- */
-
-#include "msi.h"
-#include "range.h"
-
-/* Eventually those constants should go to Linux pci_regs.h */
-#define PCI_MSI_PENDING_32 0x10
-#define PCI_MSI_PENDING_64 0x14
-
-/* PCI_MSI_ADDRESS_LO */
-#define PCI_MSI_ADDRESS_LO_MASK (~0x3)
-
-/* If we get rid of cap allocator, we won't need those. */
-#define PCI_MSI_32_SIZEOF 0x0a
-#define PCI_MSI_64_SIZEOF 0x0e
-#define PCI_MSI_32M_SIZEOF 0x14
-#define PCI_MSI_64M_SIZEOF 0x18
-
-#define PCI_MSI_VECTORS_MAX 32
-
-/* Flag for interrupt controller to declare MSI/MSI-X support */
-bool msi_supported;
-
-/* If we get rid of cap allocator, we won't need this. */
-static inline uint8_t msi_cap_sizeof(uint16_t flags)
-{
- switch (flags & (PCI_MSI_FLAGS_MASKBIT | PCI_MSI_FLAGS_64BIT)) {
- case PCI_MSI_FLAGS_MASKBIT | PCI_MSI_FLAGS_64BIT:
- return PCI_MSI_64M_SIZEOF;
- case PCI_MSI_FLAGS_64BIT:
- return PCI_MSI_64_SIZEOF;
- case PCI_MSI_FLAGS_MASKBIT:
- return PCI_MSI_32M_SIZEOF;
- case 0:
- return PCI_MSI_32_SIZEOF;
- default:
- abort();
- break;
- }
- return 0;
-}
-
-//#define MSI_DEBUG
-
-#ifdef MSI_DEBUG
-# define MSI_DPRINTF(fmt, ...) \
- fprintf(stderr, "%s:%d " fmt, __func__, __LINE__, ## __VA_ARGS__)
-#else
-# define MSI_DPRINTF(fmt, ...) do { } while (0)
-#endif
-#define MSI_DEV_PRINTF(dev, fmt, ...) \
- MSI_DPRINTF("%s:%x " fmt, (dev)->name, (dev)->devfn, ## __VA_ARGS__)
-
-static inline unsigned int msi_nr_vectors(uint16_t flags)
-{
- return 1U <<
- ((flags & PCI_MSI_FLAGS_QSIZE) >> (ffs(PCI_MSI_FLAGS_QSIZE) - 1));
-}
-
-static inline uint8_t msi_flags_off(const PCIDevice* dev)
-{
- return dev->msi_cap + PCI_MSI_FLAGS;
-}
-
-static inline uint8_t msi_address_lo_off(const PCIDevice* dev)
-{
- return dev->msi_cap + PCI_MSI_ADDRESS_LO;
-}
-
-static inline uint8_t msi_address_hi_off(const PCIDevice* dev)
-{
- return dev->msi_cap + PCI_MSI_ADDRESS_HI;
-}
-
-static inline uint8_t msi_data_off(const PCIDevice* dev, bool msi64bit)
-{
- return dev->msi_cap + (msi64bit ? PCI_MSI_DATA_64 : PCI_MSI_DATA_32);
-}
-
-static inline uint8_t msi_mask_off(const PCIDevice* dev, bool msi64bit)
-{
- return dev->msi_cap + (msi64bit ? PCI_MSI_MASK_64 : PCI_MSI_MASK_32);
-}
-
-static inline uint8_t msi_pending_off(const PCIDevice* dev, bool msi64bit)
-{
- return dev->msi_cap + (msi64bit ? PCI_MSI_PENDING_64 : PCI_MSI_PENDING_32);
-}
-
-/*
- * Special API for POWER to configure the vectors through
- * a side channel. Should never be used by devices.
- */
-void msi_set_message(PCIDevice *dev, MSIMessage msg)
-{
- uint16_t flags = pci_get_word(dev->config + msi_flags_off(dev));
- bool msi64bit = flags & PCI_MSI_FLAGS_64BIT;
-
- if (msi64bit) {
- pci_set_quad(dev->config + msi_address_lo_off(dev), msg.address);
- } else {
- pci_set_long(dev->config + msi_address_lo_off(dev), msg.address);
- }
- pci_set_word(dev->config + msi_data_off(dev, msi64bit), msg.data);
-}
-
-MSIMessage msi_get_message(PCIDevice *dev, unsigned int vector)
-{
- uint16_t flags = pci_get_word(dev->config + msi_flags_off(dev));
- bool msi64bit = flags & PCI_MSI_FLAGS_64BIT;
- unsigned int nr_vectors = msi_nr_vectors(flags);
- MSIMessage msg;
-
- assert(vector < nr_vectors);
-
- if (msi64bit) {
- msg.address = pci_get_quad(dev->config + msi_address_lo_off(dev));
- } else {
- msg.address = pci_get_long(dev->config + msi_address_lo_off(dev));
- }
-
- /* upper bit 31:16 is zero */
- msg.data = pci_get_word(dev->config + msi_data_off(dev, msi64bit));
- if (nr_vectors > 1) {
- msg.data &= ~(nr_vectors - 1);
- msg.data |= vector;
- }
-
- return msg;
-}
-
-bool msi_enabled(const PCIDevice *dev)
-{
- return msi_present(dev) &&
- (pci_get_word(dev->config + msi_flags_off(dev)) &
- PCI_MSI_FLAGS_ENABLE);
-}
-
-int msi_init(struct PCIDevice *dev, uint8_t offset,
- unsigned int nr_vectors, bool msi64bit, bool msi_per_vector_mask)
-{
- unsigned int vectors_order;
- uint16_t flags;
- uint8_t cap_size;
- int config_offset;
-
- if (!msi_supported) {
- return -ENOTSUP;
- }
-
- MSI_DEV_PRINTF(dev,
- "init offset: 0x%"PRIx8" vector: %"PRId8
- " 64bit %d mask %d\n",
- offset, nr_vectors, msi64bit, msi_per_vector_mask);
-
- assert(!(nr_vectors & (nr_vectors - 1))); /* power of 2 */
- assert(nr_vectors > 0);
- assert(nr_vectors <= PCI_MSI_VECTORS_MAX);
- /* the nr of MSI vectors is up to 32 */
- vectors_order = ffs(nr_vectors) - 1;
-
- flags = vectors_order << (ffs(PCI_MSI_FLAGS_QMASK) - 1);
- if (msi64bit) {
- flags |= PCI_MSI_FLAGS_64BIT;
- }
- if (msi_per_vector_mask) {
- flags |= PCI_MSI_FLAGS_MASKBIT;
- }
-
- cap_size = msi_cap_sizeof(flags);
- config_offset = pci_add_capability(dev, PCI_CAP_ID_MSI, offset, cap_size);
- if (config_offset < 0) {
- return config_offset;
- }
-
- dev->msi_cap = config_offset;
- dev->cap_present |= QEMU_PCI_CAP_MSI;
-
- pci_set_word(dev->config + msi_flags_off(dev), flags);
- pci_set_word(dev->wmask + msi_flags_off(dev),
- PCI_MSI_FLAGS_QSIZE | PCI_MSI_FLAGS_ENABLE);
- pci_set_long(dev->wmask + msi_address_lo_off(dev),
- PCI_MSI_ADDRESS_LO_MASK);
- if (msi64bit) {
- pci_set_long(dev->wmask + msi_address_hi_off(dev), 0xffffffff);
- }
- pci_set_word(dev->wmask + msi_data_off(dev, msi64bit), 0xffff);
-
- if (msi_per_vector_mask) {
- /* Make mask bits 0 to nr_vectors - 1 writable. */
- pci_set_long(dev->wmask + msi_mask_off(dev, msi64bit),
- 0xffffffff >> (PCI_MSI_VECTORS_MAX - nr_vectors));
- }
- return config_offset;
-}
-
-void msi_uninit(struct PCIDevice *dev)
-{
- uint16_t flags;
- uint8_t cap_size;
-
- if (!msi_present(dev)) {
- return;
- }
- flags = pci_get_word(dev->config + msi_flags_off(dev));
- cap_size = msi_cap_sizeof(flags);
- pci_del_capability(dev, PCI_CAP_ID_MSI, cap_size);
- dev->cap_present &= ~QEMU_PCI_CAP_MSI;
-
- MSI_DEV_PRINTF(dev, "uninit\n");
-}
-
-void msi_reset(PCIDevice *dev)
-{
- uint16_t flags;
- bool msi64bit;
-
- if (!msi_present(dev)) {
- return;
- }
-
- flags = pci_get_word(dev->config + msi_flags_off(dev));
- flags &= ~(PCI_MSI_FLAGS_QSIZE | PCI_MSI_FLAGS_ENABLE);
- msi64bit = flags & PCI_MSI_FLAGS_64BIT;
-
- pci_set_word(dev->config + msi_flags_off(dev), flags);
- pci_set_long(dev->config + msi_address_lo_off(dev), 0);
- if (msi64bit) {
- pci_set_long(dev->config + msi_address_hi_off(dev), 0);
- }
- pci_set_word(dev->config + msi_data_off(dev, msi64bit), 0);
- if (flags & PCI_MSI_FLAGS_MASKBIT) {
- pci_set_long(dev->config + msi_mask_off(dev, msi64bit), 0);
- pci_set_long(dev->config + msi_pending_off(dev, msi64bit), 0);
- }
- MSI_DEV_PRINTF(dev, "reset\n");
-}
-
-static bool msi_is_masked(const PCIDevice *dev, unsigned int vector)
-{
- uint16_t flags = pci_get_word(dev->config + msi_flags_off(dev));
- uint32_t mask;
- assert(vector < PCI_MSI_VECTORS_MAX);
-
- if (!(flags & PCI_MSI_FLAGS_MASKBIT)) {
- return false;
- }
-
- mask = pci_get_long(dev->config +
- msi_mask_off(dev, flags & PCI_MSI_FLAGS_64BIT));
- return mask & (1U << vector);
-}
-
-void msi_notify(PCIDevice *dev, unsigned int vector)
-{
- uint16_t flags = pci_get_word(dev->config + msi_flags_off(dev));
- bool msi64bit = flags & PCI_MSI_FLAGS_64BIT;
- unsigned int nr_vectors = msi_nr_vectors(flags);
- MSIMessage msg;
-
- assert(vector < nr_vectors);
- if (msi_is_masked(dev, vector)) {
- assert(flags & PCI_MSI_FLAGS_MASKBIT);
- pci_long_test_and_set_mask(
- dev->config + msi_pending_off(dev, msi64bit), 1U << vector);
- MSI_DEV_PRINTF(dev, "pending vector 0x%x\n", vector);
- return;
- }
-
- msg = msi_get_message(dev, vector);
-
- MSI_DEV_PRINTF(dev,
- "notify vector 0x%x"
- " address: 0x%"PRIx64" data: 0x%"PRIx32"\n",
- vector, msg.address, msg.data);
- stl_le_phys(msg.address, msg.data);
-}
-
-/* Normally called by pci_default_write_config(). */
-void msi_write_config(PCIDevice *dev, uint32_t addr, uint32_t val, int len)
-{
- uint16_t flags = pci_get_word(dev->config + msi_flags_off(dev));
- bool msi64bit = flags & PCI_MSI_FLAGS_64BIT;
- bool msi_per_vector_mask = flags & PCI_MSI_FLAGS_MASKBIT;
- unsigned int nr_vectors;
- uint8_t log_num_vecs;
- uint8_t log_max_vecs;
- unsigned int vector;
- uint32_t pending;
-
- if (!msi_present(dev) ||
- !ranges_overlap(addr, len, dev->msi_cap, msi_cap_sizeof(flags))) {
- return;
- }
-
-#ifdef MSI_DEBUG
- MSI_DEV_PRINTF(dev, "addr 0x%"PRIx32" val 0x%"PRIx32" len %d\n",
- addr, val, len);
- MSI_DEV_PRINTF(dev, "ctrl: 0x%"PRIx16" address: 0x%"PRIx32,
- flags,
- pci_get_long(dev->config + msi_address_lo_off(dev)));
- if (msi64bit) {
- fprintf(stderr, " address-hi: 0x%"PRIx32,
- pci_get_long(dev->config + msi_address_hi_off(dev)));
- }
- fprintf(stderr, " data: 0x%"PRIx16,
- pci_get_word(dev->config + msi_data_off(dev, msi64bit)));
- if (flags & PCI_MSI_FLAGS_MASKBIT) {
- fprintf(stderr, " mask 0x%"PRIx32" pending 0x%"PRIx32,
- pci_get_long(dev->config + msi_mask_off(dev, msi64bit)),
- pci_get_long(dev->config + msi_pending_off(dev, msi64bit)));
- }
- fprintf(stderr, "\n");
-#endif
-
- if (!(flags & PCI_MSI_FLAGS_ENABLE)) {
- return;
- }
-
- /*
- * Now MSI is enabled, clear INTx# interrupts.
- * the driver is prohibited from writing enable bit to mask
- * a service request. But the guest OS could do this.
- * So we just discard the interrupts as moderate fallback.
- *
- * 6.8.3.3. Enabling Operation
- * While enabled for MSI or MSI-X operation, a function is prohibited
- * from using its INTx# pin (if implemented) to request
- * service (MSI, MSI-X, and INTx# are mutually exclusive).
- */
- pci_device_deassert_intx(dev);
-
- /*
- * nr_vectors might be set bigger than capable. So clamp it.
- * This is not legal by spec, so we can do anything we like,
- * just don't crash the host
- */
- log_num_vecs =
- (flags & PCI_MSI_FLAGS_QSIZE) >> (ffs(PCI_MSI_FLAGS_QSIZE) - 1);
- log_max_vecs =
- (flags & PCI_MSI_FLAGS_QMASK) >> (ffs(PCI_MSI_FLAGS_QMASK) - 1);
- if (log_num_vecs > log_max_vecs) {
- flags &= ~PCI_MSI_FLAGS_QSIZE;
- flags |= log_max_vecs << (ffs(PCI_MSI_FLAGS_QSIZE) - 1);
- pci_set_word(dev->config + msi_flags_off(dev), flags);
- }
-
- if (!msi_per_vector_mask) {
- /* if per vector masking isn't supported,
- there is no pending interrupt. */
- return;
- }
-
- nr_vectors = msi_nr_vectors(flags);
-
- /* This will discard pending interrupts, if any. */
- pending = pci_get_long(dev->config + msi_pending_off(dev, msi64bit));
- pending &= 0xffffffff >> (PCI_MSI_VECTORS_MAX - nr_vectors);
- pci_set_long(dev->config + msi_pending_off(dev, msi64bit), pending);
-
- /* deliver pending interrupts which are unmasked */
- for (vector = 0; vector < nr_vectors; ++vector) {
- if (msi_is_masked(dev, vector) || !(pending & (1U << vector))) {
- continue;
- }
-
- pci_long_test_and_clear_mask(
- dev->config + msi_pending_off(dev, msi64bit), 1U << vector);
- msi_notify(dev, vector);
- }
-}
-
-unsigned int msi_nr_vectors_allocated(const PCIDevice *dev)
-{
- uint16_t flags = pci_get_word(dev->config + msi_flags_off(dev));
- return msi_nr_vectors(flags);
-}
diff --git a/hw/msi.h b/hw/msi.h
deleted file mode 100644
index 150b09a19..000000000
--- a/hw/msi.h
+++ /dev/null
@@ -1,50 +0,0 @@
-/*
- * msi.h
- *
- * Copyright (c) 2010 Isaku Yamahata <yamahata at valinux co jp>
- * VA Linux Systems Japan K.K.
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
-
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
-
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, see <http://www.gnu.org/licenses/>.
- */
-
-#ifndef QEMU_MSI_H
-#define QEMU_MSI_H
-
-#include "qemu-common.h"
-#include "pci.h"
-
-struct MSIMessage {
- uint64_t address;
- uint32_t data;
-};
-
-extern bool msi_supported;
-
-void msi_set_message(PCIDevice *dev, MSIMessage msg);
-MSIMessage msi_get_message(PCIDevice *dev, unsigned int vector);
-bool msi_enabled(const PCIDevice *dev);
-int msi_init(struct PCIDevice *dev, uint8_t offset,
- unsigned int nr_vectors, bool msi64bit, bool msi_per_vector_mask);
-void msi_uninit(struct PCIDevice *dev);
-void msi_reset(PCIDevice *dev);
-void msi_notify(PCIDevice *dev, unsigned int vector);
-void msi_write_config(PCIDevice *dev, uint32_t addr, uint32_t val, int len);
-unsigned int msi_nr_vectors_allocated(const PCIDevice *dev);
-
-static inline bool msi_present(const PCIDevice *dev)
-{
- return dev->cap_present & QEMU_PCI_CAP_MSI;
-}
-
-#endif /* QEMU_MSI_H */
diff --git a/hw/msix.c b/hw/msix.c
deleted file mode 100644
index 136ef0937..000000000
--- a/hw/msix.c
+++ /dev/null
@@ -1,562 +0,0 @@
-/*
- * MSI-X device support
- *
- * This module includes support for MSI-X in pci devices.
- *
- * Author: Michael S. Tsirkin <mst@redhat.com>
- *
- * Copyright (c) 2009, Red Hat Inc, Michael S. Tsirkin (mst@redhat.com)
- *
- * This work is licensed under the terms of the GNU GPL, version 2. See
- * the COPYING file in the top-level directory.
- *
- * Contributions after 2012-01-13 are licensed under the terms of the
- * GNU GPL, version 2 or (at your option) any later version.
- */
-
-#include "hw.h"
-#include "msi.h"
-#include "msix.h"
-#include "pci.h"
-#include "range.h"
-
-#define MSIX_CAP_LENGTH 12
-
-/* MSI enable bit and maskall bit are in byte 1 in FLAGS register */
-#define MSIX_CONTROL_OFFSET (PCI_MSIX_FLAGS + 1)
-#define MSIX_ENABLE_MASK (PCI_MSIX_FLAGS_ENABLE >> 8)
-#define MSIX_MASKALL_MASK (PCI_MSIX_FLAGS_MASKALL >> 8)
-
-static MSIMessage msix_get_message(PCIDevice *dev, unsigned vector)
-{
- uint8_t *table_entry = dev->msix_table + vector * PCI_MSIX_ENTRY_SIZE;
- MSIMessage msg;
-
- msg.address = pci_get_quad(table_entry + PCI_MSIX_ENTRY_LOWER_ADDR);
- msg.data = pci_get_long(table_entry + PCI_MSIX_ENTRY_DATA);
- return msg;
-}
-
-/*
- * Special API for POWER to configure the vectors through
- * a side channel. Should never be used by devices.
- */
-void msix_set_message(PCIDevice *dev, int vector, struct MSIMessage msg)
-{
- uint8_t *table_entry = dev->msix_table + vector * PCI_MSIX_ENTRY_SIZE;
-
- pci_set_quad(table_entry + PCI_MSIX_ENTRY_LOWER_ADDR, msg.address);
- pci_set_long(table_entry + PCI_MSIX_ENTRY_DATA, msg.data);
- table_entry[PCI_MSIX_ENTRY_VECTOR_CTRL] &= ~PCI_MSIX_ENTRY_CTRL_MASKBIT;
-}
-
-static uint8_t msix_pending_mask(int vector)
-{
- return 1 << (vector % 8);
-}
-
-static uint8_t *msix_pending_byte(PCIDevice *dev, int vector)
-{
- return dev->msix_pba + vector / 8;
-}
-
-static int msix_is_pending(PCIDevice *dev, int vector)
-{
- return *msix_pending_byte(dev, vector) & msix_pending_mask(vector);
-}
-
-static void msix_set_pending(PCIDevice *dev, int vector)
-{
- *msix_pending_byte(dev, vector) |= msix_pending_mask(vector);
-}
-
-static void msix_clr_pending(PCIDevice *dev, int vector)
-{
- *msix_pending_byte(dev, vector) &= ~msix_pending_mask(vector);
-}
-
-static bool msix_vector_masked(PCIDevice *dev, int vector, bool fmask)
-{
- unsigned offset = vector * PCI_MSIX_ENTRY_SIZE + PCI_MSIX_ENTRY_VECTOR_CTRL;
- return fmask || dev->msix_table[offset] & PCI_MSIX_ENTRY_CTRL_MASKBIT;
-}
-
-static bool msix_is_masked(PCIDevice *dev, int vector)
-{
- return msix_vector_masked(dev, vector, dev->msix_function_masked);
-}
-
-static void msix_fire_vector_notifier(PCIDevice *dev,
- unsigned int vector, bool is_masked)
-{
- MSIMessage msg;
- int ret;
-
- if (!dev->msix_vector_use_notifier) {
- return;
- }
- if (is_masked) {
- dev->msix_vector_release_notifier(dev, vector);
- } else {
- msg = msix_get_message(dev, vector);
- ret = dev->msix_vector_use_notifier(dev, vector, msg);
- assert(ret >= 0);
- }
-}
-
-static void msix_handle_mask_update(PCIDevice *dev, int vector, bool was_masked)
-{
- bool is_masked = msix_is_masked(dev, vector);
-
- if (is_masked == was_masked) {
- return;
- }
-
- msix_fire_vector_notifier(dev, vector, is_masked);
-
- if (!is_masked && msix_is_pending(dev, vector)) {
- msix_clr_pending(dev, vector);
- msix_notify(dev, vector);
- }
-}
-
-static void msix_update_function_masked(PCIDevice *dev)
-{
- dev->msix_function_masked = !msix_enabled(dev) ||
- (dev->config[dev->msix_cap + MSIX_CONTROL_OFFSET] & MSIX_MASKALL_MASK);
-}
-
-/* Handle MSI-X capability config write. */
-void msix_write_config(PCIDevice *dev, uint32_t addr,
- uint32_t val, int len)
-{
- unsigned enable_pos = dev->msix_cap + MSIX_CONTROL_OFFSET;
- int vector;
- bool was_masked;
-
- if (!msix_present(dev) || !range_covers_byte(addr, len, enable_pos)) {
- return;
- }
-
- was_masked = dev->msix_function_masked;
- msix_update_function_masked(dev);
-
- if (!msix_enabled(dev)) {
- return;
- }
-
- pci_device_deassert_intx(dev);
-
- if (dev->msix_function_masked == was_masked) {
- return;
- }
-
- for (vector = 0; vector < dev->msix_entries_nr; ++vector) {
- msix_handle_mask_update(dev, vector,
- msix_vector_masked(dev, vector, was_masked));
- }
-}
-
-static uint64_t msix_table_mmio_read(void *opaque, hwaddr addr,
- unsigned size)
-{
- PCIDevice *dev = opaque;
-
- return pci_get_long(dev->msix_table + addr);
-}
-
-static void msix_table_mmio_write(void *opaque, hwaddr addr,
- uint64_t val, unsigned size)
-{
- PCIDevice *dev = opaque;
- int vector = addr / PCI_MSIX_ENTRY_SIZE;
- bool was_masked;
-
- was_masked = msix_is_masked(dev, vector);
- pci_set_long(dev->msix_table + addr, val);
- msix_handle_mask_update(dev, vector, was_masked);
-}
-
-static const MemoryRegionOps msix_table_mmio_ops = {
- .read = msix_table_mmio_read,
- .write = msix_table_mmio_write,
- /* TODO: MSIX should be LITTLE_ENDIAN. */
- .endianness = DEVICE_NATIVE_ENDIAN,
- .valid = {
- .min_access_size = 4,
- .max_access_size = 4,
- },
-};
-
-static uint64_t msix_pba_mmio_read(void *opaque, hwaddr addr,
- unsigned size)
-{
- PCIDevice *dev = opaque;
-
- return pci_get_long(dev->msix_pba + addr);
-}
-
-static const MemoryRegionOps msix_pba_mmio_ops = {
- .read = msix_pba_mmio_read,
- /* TODO: MSIX should be LITTLE_ENDIAN. */
- .endianness = DEVICE_NATIVE_ENDIAN,
- .valid = {
- .min_access_size = 4,
- .max_access_size = 4,
- },
-};
-
-static void msix_mask_all(struct PCIDevice *dev, unsigned nentries)
-{
- int vector;
-
- for (vector = 0; vector < nentries; ++vector) {
- unsigned offset =
- vector * PCI_MSIX_ENTRY_SIZE + PCI_MSIX_ENTRY_VECTOR_CTRL;
- bool was_masked = msix_is_masked(dev, vector);
-
- dev->msix_table[offset] |= PCI_MSIX_ENTRY_CTRL_MASKBIT;
- msix_handle_mask_update(dev, vector, was_masked);
- }
-}
-
-/* Initialize the MSI-X structures */
-int msix_init(struct PCIDevice *dev, unsigned short nentries,
- MemoryRegion *table_bar, uint8_t table_bar_nr,
- unsigned table_offset, MemoryRegion *pba_bar,
- uint8_t pba_bar_nr, unsigned pba_offset, uint8_t cap_pos)
-{
- int cap;
- unsigned table_size, pba_size;
- uint8_t *config;
-
- /* Nothing to do if MSI is not supported by interrupt controller */
- if (!msi_supported) {
- return -ENOTSUP;
- }
-
- if (nentries < 1 || nentries > PCI_MSIX_FLAGS_QSIZE + 1) {
- return -EINVAL;
- }
-
- table_size = nentries * PCI_MSIX_ENTRY_SIZE;
- pba_size = QEMU_ALIGN_UP(nentries, 64) / 8;
-
- /* Sanity test: table & pba don't overlap, fit within BARs, min aligned */
- if ((table_bar_nr == pba_bar_nr &&
- ranges_overlap(table_offset, table_size, pba_offset, pba_size)) ||
- table_offset + table_size > memory_region_size(table_bar) ||
- pba_offset + pba_size > memory_region_size(pba_bar) ||
- (table_offset | pba_offset) & PCI_MSIX_FLAGS_BIRMASK) {
- return -EINVAL;
- }
-
- cap = pci_add_capability(dev, PCI_CAP_ID_MSIX, cap_pos, MSIX_CAP_LENGTH);
- if (cap < 0) {
- return cap;
- }
-
- dev->msix_cap = cap;
- dev->cap_present |= QEMU_PCI_CAP_MSIX;
- config = dev->config + cap;
-
- pci_set_word(config + PCI_MSIX_FLAGS, nentries - 1);
- dev->msix_entries_nr = nentries;
- dev->msix_function_masked = true;
-
- pci_set_long(config + PCI_MSIX_TABLE, table_offset | table_bar_nr);
- pci_set_long(config + PCI_MSIX_PBA, pba_offset | pba_bar_nr);
-
- /* Make flags bit writable. */
- dev->wmask[cap + MSIX_CONTROL_OFFSET] |= MSIX_ENABLE_MASK |
- MSIX_MASKALL_MASK;
-
- dev->msix_table = g_malloc0(table_size);
- dev->msix_pba = g_malloc0(pba_size);
- dev->msix_entry_used = g_malloc0(nentries * sizeof *dev->msix_entry_used);
-
- msix_mask_all(dev, nentries);
-
- memory_region_init_io(&dev->msix_table_mmio, &msix_table_mmio_ops, dev,
- "msix-table", table_size);
- memory_region_add_subregion(table_bar, table_offset, &dev->msix_table_mmio);
- memory_region_init_io(&dev->msix_pba_mmio, &msix_pba_mmio_ops, dev,
- "msix-pba", pba_size);
- memory_region_add_subregion(pba_bar, pba_offset, &dev->msix_pba_mmio);
-
- return 0;
-}
-
-int msix_init_exclusive_bar(PCIDevice *dev, unsigned short nentries,
- uint8_t bar_nr)
-{
- int ret;
- char *name;
-
- /*
- * Migration compatibility dictates that this remains a 4k
- * BAR with the vector table in the lower half and PBA in
- * the upper half. Do not use these elsewhere!
- */
-#define MSIX_EXCLUSIVE_BAR_SIZE 4096
-#define MSIX_EXCLUSIVE_BAR_TABLE_OFFSET 0
-#define MSIX_EXCLUSIVE_BAR_PBA_OFFSET (MSIX_EXCLUSIVE_BAR_SIZE / 2)
-#define MSIX_EXCLUSIVE_CAP_OFFSET 0
-
- if (nentries * PCI_MSIX_ENTRY_SIZE > MSIX_EXCLUSIVE_BAR_PBA_OFFSET) {
- return -EINVAL;
- }
-
- name = g_strdup_printf("%s-msix", dev->name);
- memory_region_init(&dev->msix_exclusive_bar, name, MSIX_EXCLUSIVE_BAR_SIZE);
- g_free(name);
-
- ret = msix_init(dev, nentries, &dev->msix_exclusive_bar, bar_nr,
- MSIX_EXCLUSIVE_BAR_TABLE_OFFSET, &dev->msix_exclusive_bar,
- bar_nr, MSIX_EXCLUSIVE_BAR_PBA_OFFSET,
- MSIX_EXCLUSIVE_CAP_OFFSET);
- if (ret) {
- memory_region_destroy(&dev->msix_exclusive_bar);
- return ret;
- }
-
- pci_register_bar(dev, bar_nr, PCI_BASE_ADDRESS_SPACE_MEMORY,
- &dev->msix_exclusive_bar);
-
- return 0;
-}
-
-static void msix_free_irq_entries(PCIDevice *dev)
-{
- int vector;
-
- for (vector = 0; vector < dev->msix_entries_nr; ++vector) {
- dev->msix_entry_used[vector] = 0;
- msix_clr_pending(dev, vector);
- }
-}
-
-static void msix_clear_all_vectors(PCIDevice *dev)
-{
- int vector;
-
- for (vector = 0; vector < dev->msix_entries_nr; ++vector) {
- msix_clr_pending(dev, vector);
- }
-}
-
-/* Clean up resources for the device. */
-void msix_uninit(PCIDevice *dev, MemoryRegion *table_bar, MemoryRegion *pba_bar)
-{
- if (!msix_present(dev)) {
- return;
- }
- pci_del_capability(dev, PCI_CAP_ID_MSIX, MSIX_CAP_LENGTH);
- dev->msix_cap = 0;
- msix_free_irq_entries(dev);
- dev->msix_entries_nr = 0;
- memory_region_del_subregion(pba_bar, &dev->msix_pba_mmio);
- memory_region_destroy(&dev->msix_pba_mmio);
- g_free(dev->msix_pba);
- dev->msix_pba = NULL;
- memory_region_del_subregion(table_bar, &dev->msix_table_mmio);
- memory_region_destroy(&dev->msix_table_mmio);
- g_free(dev->msix_table);
- dev->msix_table = NULL;
- g_free(dev->msix_entry_used);
- dev->msix_entry_used = NULL;
- dev->cap_present &= ~QEMU_PCI_CAP_MSIX;
-}
-
-void msix_uninit_exclusive_bar(PCIDevice *dev)
-{
- if (msix_present(dev)) {
- msix_uninit(dev, &dev->msix_exclusive_bar, &dev->msix_exclusive_bar);
- memory_region_destroy(&dev->msix_exclusive_bar);
- }
-}
-
-void msix_save(PCIDevice *dev, QEMUFile *f)
-{
- unsigned n = dev->msix_entries_nr;
-
- if (!msix_present(dev)) {
- return;
- }
-
- qemu_put_buffer(f, dev->msix_table, n * PCI_MSIX_ENTRY_SIZE);
- qemu_put_buffer(f, dev->msix_pba, (n + 7) / 8);
-}
-
-/* Should be called after restoring the config space. */
-void msix_load(PCIDevice *dev, QEMUFile *f)
-{
- unsigned n = dev->msix_entries_nr;
- unsigned int vector;
-
- if (!msix_present(dev)) {
- return;
- }
-
- msix_clear_all_vectors(dev);
- qemu_get_buffer(f, dev->msix_table, n * PCI_MSIX_ENTRY_SIZE);
- qemu_get_buffer(f, dev->msix_pba, (n + 7) / 8);
- msix_update_function_masked(dev);
-
- for (vector = 0; vector < n; vector++) {
- msix_handle_mask_update(dev, vector, true);
- }
-}
-
-/* Does device support MSI-X? */
-int msix_present(PCIDevice *dev)
-{
- return dev->cap_present & QEMU_PCI_CAP_MSIX;
-}
-
-/* Is MSI-X enabled? */
-int msix_enabled(PCIDevice *dev)
-{
- return (dev->cap_present & QEMU_PCI_CAP_MSIX) &&
- (dev->config[dev->msix_cap + MSIX_CONTROL_OFFSET] &
- MSIX_ENABLE_MASK);
-}
-
-/* Send an MSI-X message */
-void msix_notify(PCIDevice *dev, unsigned vector)
-{
- MSIMessage msg;
-
- if (vector >= dev->msix_entries_nr || !dev->msix_entry_used[vector])
- return;
- if (msix_is_masked(dev, vector)) {
- msix_set_pending(dev, vector);
- return;
- }
-
- msg = msix_get_message(dev, vector);
-
- stl_le_phys(msg.address, msg.data);
-}
-
-void msix_reset(PCIDevice *dev)
-{
- if (!msix_present(dev)) {
- return;
- }
- msix_clear_all_vectors(dev);
- dev->config[dev->msix_cap + MSIX_CONTROL_OFFSET] &=
- ~dev->wmask[dev->msix_cap + MSIX_CONTROL_OFFSET];
- memset(dev->msix_table, 0, dev->msix_entries_nr * PCI_MSIX_ENTRY_SIZE);
- memset(dev->msix_pba, 0, QEMU_ALIGN_UP(dev->msix_entries_nr, 64) / 8);
- msix_mask_all(dev, dev->msix_entries_nr);
-}
-
-/* PCI spec suggests that devices make it possible for software to configure
- * less vectors than supported by the device, but does not specify a standard
- * mechanism for devices to do so.
- *
- * We support this by asking devices to declare vectors software is going to
- * actually use, and checking this on the notification path. Devices that
- * don't want to follow the spec suggestion can declare all vectors as used. */
-
-/* Mark vector as used. */
-int msix_vector_use(PCIDevice *dev, unsigned vector)
-{
- if (vector >= dev->msix_entries_nr)
- return -EINVAL;
- dev->msix_entry_used[vector]++;
- return 0;
-}
-
-/* Mark vector as unused. */
-void msix_vector_unuse(PCIDevice *dev, unsigned vector)
-{
- if (vector >= dev->msix_entries_nr || !dev->msix_entry_used[vector]) {
- return;
- }
- if (--dev->msix_entry_used[vector]) {
- return;
- }
- msix_clr_pending(dev, vector);
-}
-
-void msix_unuse_all_vectors(PCIDevice *dev)
-{
- if (!msix_present(dev)) {
- return;
- }
- msix_free_irq_entries(dev);
-}
-
-unsigned int msix_nr_vectors_allocated(const PCIDevice *dev)
-{
- return dev->msix_entries_nr;
-}
-
-static int msix_set_notifier_for_vector(PCIDevice *dev, unsigned int vector)
-{
- MSIMessage msg;
-
- if (msix_is_masked(dev, vector)) {
- return 0;
- }
- msg = msix_get_message(dev, vector);
- return dev->msix_vector_use_notifier(dev, vector, msg);
-}
-
-static void msix_unset_notifier_for_vector(PCIDevice *dev, unsigned int vector)
-{
- if (msix_is_masked(dev, vector)) {
- return;
- }
- dev->msix_vector_release_notifier(dev, vector);
-}
-
-int msix_set_vector_notifiers(PCIDevice *dev,
- MSIVectorUseNotifier use_notifier,
- MSIVectorReleaseNotifier release_notifier)
-{
- int vector, ret;
-
- assert(use_notifier && release_notifier);
-
- dev->msix_vector_use_notifier = use_notifier;
- dev->msix_vector_release_notifier = release_notifier;
-
- if ((dev->config[dev->msix_cap + MSIX_CONTROL_OFFSET] &
- (MSIX_ENABLE_MASK | MSIX_MASKALL_MASK)) == MSIX_ENABLE_MASK) {
- for (vector = 0; vector < dev->msix_entries_nr; vector++) {
- ret = msix_set_notifier_for_vector(dev, vector);
- if (ret < 0) {
- goto undo;
- }
- }
- }
- return 0;
-
-undo:
- while (--vector >= 0) {
- msix_unset_notifier_for_vector(dev, vector);
- }
- dev->msix_vector_use_notifier = NULL;
- dev->msix_vector_release_notifier = NULL;
- return ret;
-}
-
-void msix_unset_vector_notifiers(PCIDevice *dev)
-{
- int vector;
-
- assert(dev->msix_vector_use_notifier &&
- dev->msix_vector_release_notifier);
-
- if ((dev->config[dev->msix_cap + MSIX_CONTROL_OFFSET] &
- (MSIX_ENABLE_MASK | MSIX_MASKALL_MASK)) == MSIX_ENABLE_MASK) {
- for (vector = 0; vector < dev->msix_entries_nr; vector++) {
- msix_unset_notifier_for_vector(dev, vector);
- }
- }
- dev->msix_vector_use_notifier = NULL;
- dev->msix_vector_release_notifier = NULL;
-}
diff --git a/hw/msix.h b/hw/msix.h
deleted file mode 100644
index 15211cb59..000000000
--- a/hw/msix.h
+++ /dev/null
@@ -1,41 +0,0 @@
-#ifndef QEMU_MSIX_H
-#define QEMU_MSIX_H
-
-#include "qemu-common.h"
-#include "pci.h"
-
-void msix_set_message(PCIDevice *dev, int vector, MSIMessage msg);
-int msix_init(PCIDevice *dev, unsigned short nentries,
- MemoryRegion *table_bar, uint8_t table_bar_nr,
- unsigned table_offset, MemoryRegion *pba_bar,
- uint8_t pba_bar_nr, unsigned pba_offset, uint8_t cap_pos);
-int msix_init_exclusive_bar(PCIDevice *dev, unsigned short nentries,
- uint8_t bar_nr);
-
-void msix_write_config(PCIDevice *dev, uint32_t address, uint32_t val, int len);
-
-void msix_uninit(PCIDevice *dev, MemoryRegion *table_bar,
- MemoryRegion *pba_bar);
-void msix_uninit_exclusive_bar(PCIDevice *dev);
-
-unsigned int msix_nr_vectors_allocated(const PCIDevice *dev);
-
-void msix_save(PCIDevice *dev, QEMUFile *f);
-void msix_load(PCIDevice *dev, QEMUFile *f);
-
-int msix_enabled(PCIDevice *dev);
-int msix_present(PCIDevice *dev);
-
-int msix_vector_use(PCIDevice *dev, unsigned vector);
-void msix_vector_unuse(PCIDevice *dev, unsigned vector);
-void msix_unuse_all_vectors(PCIDevice *dev);
-
-void msix_notify(PCIDevice *dev, unsigned vector);
-
-void msix_reset(PCIDevice *dev);
-
-int msix_set_vector_notifiers(PCIDevice *dev,
- MSIVectorUseNotifier use_notifier,
- MSIVectorReleaseNotifier release_notifier);
-void msix_unset_vector_notifiers(PCIDevice *dev);
-#endif
diff --git a/hw/msmouse.c b/hw/msmouse.c
deleted file mode 100644
index 9c492a463..000000000
--- a/hw/msmouse.c
+++ /dev/null
@@ -1,78 +0,0 @@
-/*
- * QEMU Microsoft serial mouse emulation
- *
- * Copyright (c) 2008 Lubomir Rintel
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
- * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
- * THE SOFTWARE.
- */
-#include <stdlib.h>
-#include "../qemu-common.h"
-#include "../qemu-char.h"
-#include "../console.h"
-#include "msmouse.h"
-
-#define MSMOUSE_LO6(n) ((n) & 0x3f)
-#define MSMOUSE_HI2(n) (((n) & 0xc0) >> 6)
-
-static void msmouse_event(void *opaque,
- int dx, int dy, int dz, int buttons_state)
-{
- CharDriverState *chr = (CharDriverState *)opaque;
-
- unsigned char bytes[4] = { 0x40, 0x00, 0x00, 0x00 };
-
- /* Movement deltas */
- bytes[0] |= (MSMOUSE_HI2(dy) << 2) | MSMOUSE_HI2(dx);
- bytes[1] |= MSMOUSE_LO6(dx);
- bytes[2] |= MSMOUSE_LO6(dy);
-
- /* Buttons */
- bytes[0] |= (buttons_state & 0x01 ? 0x20 : 0x00);
- bytes[0] |= (buttons_state & 0x02 ? 0x10 : 0x00);
- bytes[3] |= (buttons_state & 0x04 ? 0x20 : 0x00);
-
- /* We always send the packet of, so that we do not have to keep track
- of previous state of the middle button. This can potentially confuse
- some very old drivers for two button mice though. */
- qemu_chr_be_write(chr, bytes, 4);
-}
-
-static int msmouse_chr_write (struct CharDriverState *s, const uint8_t *buf, int len)
-{
- /* Ignore writes to mouse port */
- return len;
-}
-
-static void msmouse_chr_close (struct CharDriverState *chr)
-{
- g_free (chr);
-}
-
-CharDriverState *qemu_chr_open_msmouse(QemuOpts *opts)
-{
- CharDriverState *chr;
-
- chr = g_malloc0(sizeof(CharDriverState));
- chr->chr_write = msmouse_chr_write;
- chr->chr_close = msmouse_chr_close;
-
- qemu_add_mouse_event_handler(msmouse_event, chr, 0, "QEMU Microsoft Mouse");
-
- return chr;
-}
diff --git a/hw/msmouse.h b/hw/msmouse.h
deleted file mode 100644
index 456cb2142..000000000
--- a/hw/msmouse.h
+++ /dev/null
@@ -1,2 +0,0 @@
-/* msmouse.c */
-CharDriverState *qemu_chr_open_msmouse(QemuOpts *opts);
diff --git a/hw/mst_fpga.c b/hw/mst_fpga.c
deleted file mode 100644
index fb4b739c7..000000000
--- a/hw/mst_fpga.c
+++ /dev/null
@@ -1,263 +0,0 @@
-/*
- * PXA270-based Intel Mainstone platforms.
- * FPGA driver
- *
- * Copyright (c) 2007 by Armin Kuster <akuster@kama-aina.net> or
- * <akuster@mvista.com>
- *
- * This code is licensed under the GNU GPL v2.
- *
- * Contributions after 2012-01-13 are licensed under the terms of the
- * GNU GPL, version 2 or (at your option) any later version.
- */
-#include "hw.h"
-#include "sysbus.h"
-
-/* Mainstone FPGA for extern irqs */
-#define FPGA_GPIO_PIN 0
-#define MST_NUM_IRQS 16
-#define MST_LEDDAT1 0x10
-#define MST_LEDDAT2 0x14
-#define MST_LEDCTRL 0x40
-#define MST_GPSWR 0x60
-#define MST_MSCWR1 0x80
-#define MST_MSCWR2 0x84
-#define MST_MSCWR3 0x88
-#define MST_MSCRD 0x90
-#define MST_INTMSKENA 0xc0
-#define MST_INTSETCLR 0xd0
-#define MST_PCMCIA0 0xe0
-#define MST_PCMCIA1 0xe4
-
-#define MST_PCMCIAx_READY (1 << 10)
-#define MST_PCMCIAx_nCD (1 << 5)
-
-#define MST_PCMCIA_CD0_IRQ 9
-#define MST_PCMCIA_CD1_IRQ 13
-
-typedef struct mst_irq_state{
- SysBusDevice busdev;
- MemoryRegion iomem;
-
- qemu_irq parent;
-
- uint32_t prev_level;
- uint32_t leddat1;
- uint32_t leddat2;
- uint32_t ledctrl;
- uint32_t gpswr;
- uint32_t mscwr1;
- uint32_t mscwr2;
- uint32_t mscwr3;
- uint32_t mscrd;
- uint32_t intmskena;
- uint32_t intsetclr;
- uint32_t pcmcia0;
- uint32_t pcmcia1;
-}mst_irq_state;
-
-static void
-mst_fpga_set_irq(void *opaque, int irq, int level)
-{
- mst_irq_state *s = (mst_irq_state *)opaque;
- uint32_t oldint = s->intsetclr & s->intmskena;
-
- if (level)
- s->prev_level |= 1u << irq;
- else
- s->prev_level &= ~(1u << irq);
-
- switch(irq) {
- case MST_PCMCIA_CD0_IRQ:
- if (level)
- s->pcmcia0 &= ~MST_PCMCIAx_nCD;
- else
- s->pcmcia0 |= MST_PCMCIAx_nCD;
- break;
- case MST_PCMCIA_CD1_IRQ:
- if (level)
- s->pcmcia1 &= ~MST_PCMCIAx_nCD;
- else
- s->pcmcia1 |= MST_PCMCIAx_nCD;
- break;
- }
-
- if ((s->intmskena & (1u << irq)) && level)
- s->intsetclr |= 1u << irq;
-
- if (oldint != (s->intsetclr & s->intmskena))
- qemu_set_irq(s->parent, s->intsetclr & s->intmskena);
-}
-
-
-static uint64_t
-mst_fpga_readb(void *opaque, hwaddr addr, unsigned size)
-{
- mst_irq_state *s = (mst_irq_state *) opaque;
-
- switch (addr) {
- case MST_LEDDAT1:
- return s->leddat1;
- case MST_LEDDAT2:
- return s->leddat2;
- case MST_LEDCTRL:
- return s->ledctrl;
- case MST_GPSWR:
- return s->gpswr;
- case MST_MSCWR1:
- return s->mscwr1;
- case MST_MSCWR2:
- return s->mscwr2;
- case MST_MSCWR3:
- return s->mscwr3;
- case MST_MSCRD:
- return s->mscrd;
- case MST_INTMSKENA:
- return s->intmskena;
- case MST_INTSETCLR:
- return s->intsetclr;
- case MST_PCMCIA0:
- return s->pcmcia0;
- case MST_PCMCIA1:
- return s->pcmcia1;
- default:
- printf("Mainstone - mst_fpga_readb: Bad register offset "
- "0x" TARGET_FMT_plx "\n", addr);
- }
- return 0;
-}
-
-static void
-mst_fpga_writeb(void *opaque, hwaddr addr, uint64_t value,
- unsigned size)
-{
- mst_irq_state *s = (mst_irq_state *) opaque;
- value &= 0xffffffff;
-
- switch (addr) {
- case MST_LEDDAT1:
- s->leddat1 = value;
- break;
- case MST_LEDDAT2:
- s->leddat2 = value;
- break;
- case MST_LEDCTRL:
- s->ledctrl = value;
- break;
- case MST_GPSWR:
- s->gpswr = value;
- break;
- case MST_MSCWR1:
- s->mscwr1 = value;
- break;
- case MST_MSCWR2:
- s->mscwr2 = value;
- break;
- case MST_MSCWR3:
- s->mscwr3 = value;
- break;
- case MST_MSCRD:
- s->mscrd = value;
- break;
- case MST_INTMSKENA: /* Mask interrupt */
- s->intmskena = (value & 0xFEEFF);
- qemu_set_irq(s->parent, s->intsetclr & s->intmskena);
- break;
- case MST_INTSETCLR: /* clear or set interrupt */
- s->intsetclr = (value & 0xFEEFF);
- qemu_set_irq(s->parent, s->intsetclr & s->intmskena);
- break;
- /* For PCMCIAx allow the to change only power and reset */
- case MST_PCMCIA0:
- s->pcmcia0 = (value & 0x1f) | (s->pcmcia0 & ~0x1f);
- break;
- case MST_PCMCIA1:
- s->pcmcia1 = (value & 0x1f) | (s->pcmcia1 & ~0x1f);
- break;
- default:
- printf("Mainstone - mst_fpga_writeb: Bad register offset "
- "0x" TARGET_FMT_plx "\n", addr);
- }
-}
-
-static const MemoryRegionOps mst_fpga_ops = {
- .read = mst_fpga_readb,
- .write = mst_fpga_writeb,
- .endianness = DEVICE_NATIVE_ENDIAN,
-};
-
-static int mst_fpga_post_load(void *opaque, int version_id)
-{
- mst_irq_state *s = (mst_irq_state *) opaque;
-
- qemu_set_irq(s->parent, s->intsetclr & s->intmskena);
- return 0;
-}
-
-static int mst_fpga_init(SysBusDevice *dev)
-{
- mst_irq_state *s;
-
- s = FROM_SYSBUS(mst_irq_state, dev);
-
- s->pcmcia0 = MST_PCMCIAx_READY | MST_PCMCIAx_nCD;
- s->pcmcia1 = MST_PCMCIAx_READY | MST_PCMCIAx_nCD;
-
- sysbus_init_irq(dev, &s->parent);
-
- /* alloc the external 16 irqs */
- qdev_init_gpio_in(&dev->qdev, mst_fpga_set_irq, MST_NUM_IRQS);
-
- memory_region_init_io(&s->iomem, &mst_fpga_ops, s,
- "fpga", 0x00100000);
- sysbus_init_mmio(dev, &s->iomem);
- return 0;
-}
-
-static VMStateDescription vmstate_mst_fpga_regs = {
- .name = "mainstone_fpga",
- .version_id = 0,
- .minimum_version_id = 0,
- .minimum_version_id_old = 0,
- .post_load = mst_fpga_post_load,
- .fields = (VMStateField []) {
- VMSTATE_UINT32(prev_level, mst_irq_state),
- VMSTATE_UINT32(leddat1, mst_irq_state),
- VMSTATE_UINT32(leddat2, mst_irq_state),
- VMSTATE_UINT32(ledctrl, mst_irq_state),
- VMSTATE_UINT32(gpswr, mst_irq_state),
- VMSTATE_UINT32(mscwr1, mst_irq_state),
- VMSTATE_UINT32(mscwr2, mst_irq_state),
- VMSTATE_UINT32(mscwr3, mst_irq_state),
- VMSTATE_UINT32(mscrd, mst_irq_state),
- VMSTATE_UINT32(intmskena, mst_irq_state),
- VMSTATE_UINT32(intsetclr, mst_irq_state),
- VMSTATE_UINT32(pcmcia0, mst_irq_state),
- VMSTATE_UINT32(pcmcia1, mst_irq_state),
- VMSTATE_END_OF_LIST(),
- },
-};
-
-static void mst_fpga_class_init(ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS(klass);
- SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
-
- k->init = mst_fpga_init;
- dc->desc = "Mainstone II FPGA";
- dc->vmsd = &vmstate_mst_fpga_regs;
-}
-
-static TypeInfo mst_fpga_info = {
- .name = "mainstone-fpga",
- .parent = TYPE_SYS_BUS_DEVICE,
- .instance_size = sizeof(mst_irq_state),
- .class_init = mst_fpga_class_init,
-};
-
-static void mst_fpga_register_types(void)
-{
- type_register_static(&mst_fpga_info);
-}
-
-type_init(mst_fpga_register_types)
diff --git a/hw/multiboot.c b/hw/multiboot.c
deleted file mode 100644
index 09ec5b253..000000000
--- a/hw/multiboot.c
+++ /dev/null
@@ -1,349 +0,0 @@
-/*
- * QEMU PC System Emulator
- *
- * Copyright (c) 2003-2004 Fabrice Bellard
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
- * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
- * THE SOFTWARE.
- */
-
-#include "hw.h"
-#include "fw_cfg.h"
-#include "multiboot.h"
-#include "loader.h"
-#include "elf.h"
-#include "sysemu.h"
-
-/* Show multiboot debug output */
-//#define DEBUG_MULTIBOOT
-
-#ifdef DEBUG_MULTIBOOT
-#define mb_debug(a...) fprintf(stderr, ## a)
-#else
-#define mb_debug(a...)
-#endif
-
-#define MULTIBOOT_STRUCT_ADDR 0x9000
-
-#if MULTIBOOT_STRUCT_ADDR > 0xf0000
-#error multiboot struct needs to fit in 16 bit real mode
-#endif
-
-enum {
- /* Multiboot info */
- MBI_FLAGS = 0,
- MBI_MEM_LOWER = 4,
- MBI_MEM_UPPER = 8,
- MBI_BOOT_DEVICE = 12,
- MBI_CMDLINE = 16,
- MBI_MODS_COUNT = 20,
- MBI_MODS_ADDR = 24,
- MBI_MMAP_ADDR = 48,
-
- MBI_SIZE = 88,
-
- /* Multiboot modules */
- MB_MOD_START = 0,
- MB_MOD_END = 4,
- MB_MOD_CMDLINE = 8,
-
- MB_MOD_SIZE = 16,
-
- /* Region offsets */
- ADDR_E820_MAP = MULTIBOOT_STRUCT_ADDR + 0,
- ADDR_MBI = ADDR_E820_MAP + 0x500,
-
- /* Multiboot flags */
- MULTIBOOT_FLAGS_MEMORY = 1 << 0,
- MULTIBOOT_FLAGS_BOOT_DEVICE = 1 << 1,
- MULTIBOOT_FLAGS_CMDLINE = 1 << 2,
- MULTIBOOT_FLAGS_MODULES = 1 << 3,
- MULTIBOOT_FLAGS_MMAP = 1 << 6,
-};
-
-typedef struct {
- /* buffer holding kernel, cmdlines and mb_infos */
- void *mb_buf;
- /* address in target */
- hwaddr mb_buf_phys;
- /* size of mb_buf in bytes */
- unsigned mb_buf_size;
- /* offset of mb-info's in bytes */
- hwaddr offset_mbinfo;
- /* offset in buffer for cmdlines in bytes */
- hwaddr offset_cmdlines;
- /* offset of modules in bytes */
- hwaddr offset_mods;
- /* available slots for mb modules infos */
- int mb_mods_avail;
- /* currently used slots of mb modules */
- int mb_mods_count;
-} MultibootState;
-
-static uint32_t mb_add_cmdline(MultibootState *s, const char *cmdline)
-{
- hwaddr p = s->offset_cmdlines;
- char *b = (char *)s->mb_buf + p;
-
- get_opt_value(b, strlen(cmdline) + 1, cmdline);
- s->offset_cmdlines += strlen(b) + 1;
- return s->mb_buf_phys + p;
-}
-
-static void mb_add_mod(MultibootState *s,
- hwaddr start, hwaddr end,
- hwaddr cmdline_phys)
-{
- char *p;
- assert(s->mb_mods_count < s->mb_mods_avail);
-
- p = (char *)s->mb_buf + s->offset_mbinfo + MB_MOD_SIZE * s->mb_mods_count;
-
- stl_p(p + MB_MOD_START, start);
- stl_p(p + MB_MOD_END, end);
- stl_p(p + MB_MOD_CMDLINE, cmdline_phys);
-
- mb_debug("mod%02d: "TARGET_FMT_plx" - "TARGET_FMT_plx"\n",
- s->mb_mods_count, start, end);
-
- s->mb_mods_count++;
-}
-
-int load_multiboot(void *fw_cfg,
- FILE *f,
- const char *kernel_filename,
- const char *initrd_filename,
- const char *kernel_cmdline,
- int kernel_file_size,
- uint8_t *header)
-{
- int i, is_multiboot = 0;
- uint32_t flags = 0;
- uint32_t mh_entry_addr;
- uint32_t mh_load_addr;
- uint32_t mb_kernel_size;
- MultibootState mbs;
- uint8_t bootinfo[MBI_SIZE];
- uint8_t *mb_bootinfo_data;
-
- /* Ok, let's see if it is a multiboot image.
- The header is 12x32bit long, so the latest entry may be 8192 - 48. */
- for (i = 0; i < (8192 - 48); i += 4) {
- if (ldl_p(header+i) == 0x1BADB002) {
- uint32_t checksum = ldl_p(header+i+8);
- flags = ldl_p(header+i+4);
- checksum += flags;
- checksum += (uint32_t)0x1BADB002;
- if (!checksum) {
- is_multiboot = 1;
- break;
- }
- }
- }
-
- if (!is_multiboot)
- return 0; /* no multiboot */
-
- mb_debug("qemu: I believe we found a multiboot image!\n");
- memset(bootinfo, 0, sizeof(bootinfo));
- memset(&mbs, 0, sizeof(mbs));
-
- if (flags & 0x00000004) { /* MULTIBOOT_HEADER_HAS_VBE */
- fprintf(stderr, "qemu: multiboot knows VBE. we don't.\n");
- }
- if (!(flags & 0x00010000)) { /* MULTIBOOT_HEADER_HAS_ADDR */
- uint64_t elf_entry;
- uint64_t elf_low, elf_high;
- int kernel_size;
- fclose(f);
-
- if (((struct elf64_hdr*)header)->e_machine == EM_X86_64) {
- fprintf(stderr, "Cannot load x86-64 image, give a 32bit one.\n");
- exit(1);
- }
-
- kernel_size = load_elf(kernel_filename, NULL, NULL, &elf_entry,
- &elf_low, &elf_high, 0, ELF_MACHINE, 0);
- if (kernel_size < 0) {
- fprintf(stderr, "Error while loading elf kernel\n");
- exit(1);
- }
- mh_load_addr = elf_low;
- mb_kernel_size = elf_high - elf_low;
- mh_entry_addr = elf_entry;
-
- mbs.mb_buf = g_malloc(mb_kernel_size);
- if (rom_copy(mbs.mb_buf, mh_load_addr, mb_kernel_size) != mb_kernel_size) {
- fprintf(stderr, "Error while fetching elf kernel from rom\n");
- exit(1);
- }
-
- mb_debug("qemu: loading multiboot-elf kernel (%#x bytes) with entry %#zx\n",
- mb_kernel_size, (size_t)mh_entry_addr);
- } else {
- /* Valid if mh_flags sets MULTIBOOT_HEADER_HAS_ADDR. */
- uint32_t mh_header_addr = ldl_p(header+i+12);
- uint32_t mh_load_end_addr = ldl_p(header+i+20);
- uint32_t mh_bss_end_addr = ldl_p(header+i+24);
- mh_load_addr = ldl_p(header+i+16);
- uint32_t mb_kernel_text_offset = i - (mh_header_addr - mh_load_addr);
- uint32_t mb_load_size = 0;
- mh_entry_addr = ldl_p(header+i+28);
-
- if (mh_load_end_addr) {
- mb_kernel_size = mh_bss_end_addr - mh_load_addr;
- mb_load_size = mh_load_end_addr - mh_load_addr;
- } else {
- mb_kernel_size = kernel_file_size - mb_kernel_text_offset;
- mb_load_size = mb_kernel_size;
- }
-
- /* Valid if mh_flags sets MULTIBOOT_HEADER_HAS_VBE.
- uint32_t mh_mode_type = ldl_p(header+i+32);
- uint32_t mh_width = ldl_p(header+i+36);
- uint32_t mh_height = ldl_p(header+i+40);
- uint32_t mh_depth = ldl_p(header+i+44); */
-
- mb_debug("multiboot: mh_header_addr = %#x\n", mh_header_addr);
- mb_debug("multiboot: mh_load_addr = %#x\n", mh_load_addr);
- mb_debug("multiboot: mh_load_end_addr = %#x\n", mh_load_end_addr);
- mb_debug("multiboot: mh_bss_end_addr = %#x\n", mh_bss_end_addr);
- mb_debug("qemu: loading multiboot kernel (%#x bytes) at %#x\n",
- mb_load_size, mh_load_addr);
-
- mbs.mb_buf = g_malloc(mb_kernel_size);
- fseek(f, mb_kernel_text_offset, SEEK_SET);
- if (fread(mbs.mb_buf, 1, mb_load_size, f) != mb_load_size) {
- fprintf(stderr, "fread() failed\n");
- exit(1);
- }
- memset(mbs.mb_buf + mb_load_size, 0, mb_kernel_size - mb_load_size);
- fclose(f);
- }
-
- mbs.mb_buf_phys = mh_load_addr;
-
- mbs.mb_buf_size = TARGET_PAGE_ALIGN(mb_kernel_size);
- mbs.offset_mbinfo = mbs.mb_buf_size;
-
- /* Calculate space for cmdlines and mb_mods */
- mbs.mb_buf_size += strlen(kernel_filename) + 1;
- mbs.mb_buf_size += strlen(kernel_cmdline) + 1;
- if (initrd_filename) {
- const char *r = initrd_filename;
- mbs.mb_buf_size += strlen(r) + 1;
- mbs.mb_mods_avail = 1;
- while (*(r = get_opt_value(NULL, 0, r))) {
- mbs.mb_mods_avail++;
- r++;
- }
- mbs.mb_buf_size += MB_MOD_SIZE * mbs.mb_mods_avail;
- }
-
- mbs.mb_buf_size = TARGET_PAGE_ALIGN(mbs.mb_buf_size);
-
- /* enlarge mb_buf to hold cmdlines and mb-info structs */
- mbs.mb_buf = g_realloc(mbs.mb_buf, mbs.mb_buf_size);
- mbs.offset_cmdlines = mbs.offset_mbinfo + mbs.mb_mods_avail * MB_MOD_SIZE;
-
- if (initrd_filename) {
- char *next_initrd, not_last;
-
- mbs.offset_mods = mbs.mb_buf_size;
-
- do {
- char *next_space;
- int mb_mod_length;
- uint32_t offs = mbs.mb_buf_size;
-
- next_initrd = (char *)get_opt_value(NULL, 0, initrd_filename);
- not_last = *next_initrd;
- *next_initrd = '\0';
- /* if a space comes after the module filename, treat everything
- after that as parameters */
- hwaddr c = mb_add_cmdline(&mbs, initrd_filename);
- if ((next_space = strchr(initrd_filename, ' ')))
- *next_space = '\0';
- mb_debug("multiboot loading module: %s\n", initrd_filename);
- mb_mod_length = get_image_size(initrd_filename);
- if (mb_mod_length < 0) {
- fprintf(stderr, "Failed to open file '%s'\n", initrd_filename);
- exit(1);
- }
-
- mbs.mb_buf_size = TARGET_PAGE_ALIGN(mb_mod_length + mbs.mb_buf_size);
- mbs.mb_buf = g_realloc(mbs.mb_buf, mbs.mb_buf_size);
-
- load_image(initrd_filename, (unsigned char *)mbs.mb_buf + offs);
- mb_add_mod(&mbs, mbs.mb_buf_phys + offs,
- mbs.mb_buf_phys + offs + mb_mod_length, c);
-
- mb_debug("mod_start: %p\nmod_end: %p\n cmdline: "TARGET_FMT_plx"\n",
- (char *)mbs.mb_buf + offs,
- (char *)mbs.mb_buf + offs + mb_mod_length, c);
- initrd_filename = next_initrd+1;
- } while (not_last);
- }
-
- /* Commandline support */
- char kcmdline[strlen(kernel_filename) + strlen(kernel_cmdline) + 2];
- snprintf(kcmdline, sizeof(kcmdline), "%s %s",
- kernel_filename, kernel_cmdline);
- stl_p(bootinfo + MBI_CMDLINE, mb_add_cmdline(&mbs, kcmdline));
-
- stl_p(bootinfo + MBI_MODS_ADDR, mbs.mb_buf_phys + mbs.offset_mbinfo);
- stl_p(bootinfo + MBI_MODS_COUNT, mbs.mb_mods_count); /* mods_count */
-
- /* the kernel is where we want it to be now */
- stl_p(bootinfo + MBI_FLAGS, MULTIBOOT_FLAGS_MEMORY
- | MULTIBOOT_FLAGS_BOOT_DEVICE
- | MULTIBOOT_FLAGS_CMDLINE
- | MULTIBOOT_FLAGS_MODULES
- | MULTIBOOT_FLAGS_MMAP);
- stl_p(bootinfo + MBI_MEM_LOWER, 640);
- stl_p(bootinfo + MBI_MEM_UPPER, (ram_size / 1024) - 1024);
- stl_p(bootinfo + MBI_BOOT_DEVICE, 0x8000ffff); /* XXX: use the -boot switch? */
- stl_p(bootinfo + MBI_MMAP_ADDR, ADDR_E820_MAP);
-
- mb_debug("multiboot: mh_entry_addr = %#x\n", mh_entry_addr);
- mb_debug(" mb_buf_phys = "TARGET_FMT_plx"\n", mbs.mb_buf_phys);
- mb_debug(" mod_start = "TARGET_FMT_plx"\n", mbs.mb_buf_phys + mbs.offset_mods);
- mb_debug(" mb_mods_count = %d\n", mbs.mb_mods_count);
-
- /* save bootinfo off the stack */
- mb_bootinfo_data = g_malloc(sizeof(bootinfo));
- memcpy(mb_bootinfo_data, bootinfo, sizeof(bootinfo));
-
- /* Pass variables to option rom */
- fw_cfg_add_i32(fw_cfg, FW_CFG_KERNEL_ENTRY, mh_entry_addr);
- fw_cfg_add_i32(fw_cfg, FW_CFG_KERNEL_ADDR, mh_load_addr);
- fw_cfg_add_i32(fw_cfg, FW_CFG_KERNEL_SIZE, mbs.mb_buf_size);
- fw_cfg_add_bytes(fw_cfg, FW_CFG_KERNEL_DATA,
- mbs.mb_buf, mbs.mb_buf_size);
-
- fw_cfg_add_i32(fw_cfg, FW_CFG_INITRD_ADDR, ADDR_MBI);
- fw_cfg_add_i32(fw_cfg, FW_CFG_INITRD_SIZE, sizeof(bootinfo));
- fw_cfg_add_bytes(fw_cfg, FW_CFG_INITRD_DATA, mb_bootinfo_data,
- sizeof(bootinfo));
-
- option_rom[nb_option_roms].name = "multiboot.bin";
- option_rom[nb_option_roms].bootindex = 0;
- nb_option_roms++;
-
- return 1; /* yes, we are multiboot */
-}
diff --git a/hw/multiboot.h b/hw/multiboot.h
deleted file mode 100644
index 98fb1b776..000000000
--- a/hw/multiboot.h
+++ /dev/null
@@ -1,12 +0,0 @@
-#ifndef QEMU_MULTIBOOT_H
-#define QEMU_MULTIBOOT_H
-
-int load_multiboot(void *fw_cfg,
- FILE *f,
- const char *kernel_filename,
- const char *initrd_filename,
- const char *kernel_cmdline,
- int kernel_file_size,
- uint8_t *header);
-
-#endif
diff --git a/hw/musicpal.c b/hw/musicpal.c
deleted file mode 100644
index e0c57c84e..000000000
--- a/hw/musicpal.c
+++ /dev/null
@@ -1,1697 +0,0 @@
-/*
- * Marvell MV88W8618 / Freecom MusicPal emulation.
- *
- * Copyright (c) 2008 Jan Kiszka
- *
- * This code is licensed under the GNU GPL v2.
- *
- * Contributions after 2012-01-13 are licensed under the terms of the
- * GNU GPL, version 2 or (at your option) any later version.
- */
-
-#include "sysbus.h"
-#include "arm-misc.h"
-#include "devices.h"
-#include "net.h"
-#include "sysemu.h"
-#include "boards.h"
-#include "serial.h"
-#include "qemu-timer.h"
-#include "ptimer.h"
-#include "block.h"
-#include "flash.h"
-#include "console.h"
-#include "i2c.h"
-#include "blockdev.h"
-#include "exec-memory.h"
-
-#define MP_MISC_BASE 0x80002000
-#define MP_MISC_SIZE 0x00001000
-
-#define MP_ETH_BASE 0x80008000
-#define MP_ETH_SIZE 0x00001000
-
-#define MP_WLAN_BASE 0x8000C000
-#define MP_WLAN_SIZE 0x00000800
-
-#define MP_UART1_BASE 0x8000C840
-#define MP_UART2_BASE 0x8000C940
-
-#define MP_GPIO_BASE 0x8000D000
-#define MP_GPIO_SIZE 0x00001000
-
-#define MP_FLASHCFG_BASE 0x90006000
-#define MP_FLASHCFG_SIZE 0x00001000
-
-#define MP_AUDIO_BASE 0x90007000
-
-#define MP_PIC_BASE 0x90008000
-#define MP_PIC_SIZE 0x00001000
-
-#define MP_PIT_BASE 0x90009000
-#define MP_PIT_SIZE 0x00001000
-
-#define MP_LCD_BASE 0x9000c000
-#define MP_LCD_SIZE 0x00001000
-
-#define MP_SRAM_BASE 0xC0000000
-#define MP_SRAM_SIZE 0x00020000
-
-#define MP_RAM_DEFAULT_SIZE 32*1024*1024
-#define MP_FLASH_SIZE_MAX 32*1024*1024
-
-#define MP_TIMER1_IRQ 4
-#define MP_TIMER2_IRQ 5
-#define MP_TIMER3_IRQ 6
-#define MP_TIMER4_IRQ 7
-#define MP_EHCI_IRQ 8
-#define MP_ETH_IRQ 9
-#define MP_UART1_IRQ 11
-#define MP_UART2_IRQ 11
-#define MP_GPIO_IRQ 12
-#define MP_RTC_IRQ 28
-#define MP_AUDIO_IRQ 30
-
-/* Wolfson 8750 I2C address */
-#define MP_WM_ADDR 0x1A
-
-/* Ethernet register offsets */
-#define MP_ETH_SMIR 0x010
-#define MP_ETH_PCXR 0x408
-#define MP_ETH_SDCMR 0x448
-#define MP_ETH_ICR 0x450
-#define MP_ETH_IMR 0x458
-#define MP_ETH_FRDP0 0x480
-#define MP_ETH_FRDP1 0x484
-#define MP_ETH_FRDP2 0x488
-#define MP_ETH_FRDP3 0x48C
-#define MP_ETH_CRDP0 0x4A0
-#define MP_ETH_CRDP1 0x4A4
-#define MP_ETH_CRDP2 0x4A8
-#define MP_ETH_CRDP3 0x4AC
-#define MP_ETH_CTDP0 0x4E0
-#define MP_ETH_CTDP1 0x4E4
-#define MP_ETH_CTDP2 0x4E8
-#define MP_ETH_CTDP3 0x4EC
-
-/* MII PHY access */
-#define MP_ETH_SMIR_DATA 0x0000FFFF
-#define MP_ETH_SMIR_ADDR 0x03FF0000
-#define MP_ETH_SMIR_OPCODE (1 << 26) /* Read value */
-#define MP_ETH_SMIR_RDVALID (1 << 27)
-
-/* PHY registers */
-#define MP_ETH_PHY1_BMSR 0x00210000
-#define MP_ETH_PHY1_PHYSID1 0x00410000
-#define MP_ETH_PHY1_PHYSID2 0x00610000
-
-#define MP_PHY_BMSR_LINK 0x0004
-#define MP_PHY_BMSR_AUTONEG 0x0008
-
-#define MP_PHY_88E3015 0x01410E20
-
-/* TX descriptor status */
-#define MP_ETH_TX_OWN (1 << 31)
-
-/* RX descriptor status */
-#define MP_ETH_RX_OWN (1 << 31)
-
-/* Interrupt cause/mask bits */
-#define MP_ETH_IRQ_RX_BIT 0
-#define MP_ETH_IRQ_RX (1 << MP_ETH_IRQ_RX_BIT)
-#define MP_ETH_IRQ_TXHI_BIT 2
-#define MP_ETH_IRQ_TXLO_BIT 3
-
-/* Port config bits */
-#define MP_ETH_PCXR_2BSM_BIT 28 /* 2-byte incoming suffix */
-
-/* SDMA command bits */
-#define MP_ETH_CMD_TXHI (1 << 23)
-#define MP_ETH_CMD_TXLO (1 << 22)
-
-typedef struct mv88w8618_tx_desc {
- uint32_t cmdstat;
- uint16_t res;
- uint16_t bytes;
- uint32_t buffer;
- uint32_t next;
-} mv88w8618_tx_desc;
-
-typedef struct mv88w8618_rx_desc {
- uint32_t cmdstat;
- uint16_t bytes;
- uint16_t buffer_size;
- uint32_t buffer;
- uint32_t next;
-} mv88w8618_rx_desc;
-
-typedef struct mv88w8618_eth_state {
- SysBusDevice busdev;
- MemoryRegion iomem;
- qemu_irq irq;
- uint32_t smir;
- uint32_t icr;
- uint32_t imr;
- int mmio_index;
- uint32_t vlan_header;
- uint32_t tx_queue[2];
- uint32_t rx_queue[4];
- uint32_t frx_queue[4];
- uint32_t cur_rx[4];
- NICState *nic;
- NICConf conf;
-} mv88w8618_eth_state;
-
-static void eth_rx_desc_put(uint32_t addr, mv88w8618_rx_desc *desc)
-{
- cpu_to_le32s(&desc->cmdstat);
- cpu_to_le16s(&desc->bytes);
- cpu_to_le16s(&desc->buffer_size);
- cpu_to_le32s(&desc->buffer);
- cpu_to_le32s(&desc->next);
- cpu_physical_memory_write(addr, (void *)desc, sizeof(*desc));
-}
-
-static void eth_rx_desc_get(uint32_t addr, mv88w8618_rx_desc *desc)
-{
- cpu_physical_memory_read(addr, (void *)desc, sizeof(*desc));
- le32_to_cpus(&desc->cmdstat);
- le16_to_cpus(&desc->bytes);
- le16_to_cpus(&desc->buffer_size);
- le32_to_cpus(&desc->buffer);
- le32_to_cpus(&desc->next);
-}
-
-static int eth_can_receive(NetClientState *nc)
-{
- return 1;
-}
-
-static ssize_t eth_receive(NetClientState *nc, const uint8_t *buf, size_t size)
-{
- mv88w8618_eth_state *s = DO_UPCAST(NICState, nc, nc)->opaque;
- uint32_t desc_addr;
- mv88w8618_rx_desc desc;
- int i;
-
- for (i = 0; i < 4; i++) {
- desc_addr = s->cur_rx[i];
- if (!desc_addr) {
- continue;
- }
- do {
- eth_rx_desc_get(desc_addr, &desc);
- if ((desc.cmdstat & MP_ETH_RX_OWN) && desc.buffer_size >= size) {
- cpu_physical_memory_write(desc.buffer + s->vlan_header,
- buf, size);
- desc.bytes = size + s->vlan_header;
- desc.cmdstat &= ~MP_ETH_RX_OWN;
- s->cur_rx[i] = desc.next;
-
- s->icr |= MP_ETH_IRQ_RX;
- if (s->icr & s->imr) {
- qemu_irq_raise(s->irq);
- }
- eth_rx_desc_put(desc_addr, &desc);
- return size;
- }
- desc_addr = desc.next;
- } while (desc_addr != s->rx_queue[i]);
- }
- return size;
-}
-
-static void eth_tx_desc_put(uint32_t addr, mv88w8618_tx_desc *desc)
-{
- cpu_to_le32s(&desc->cmdstat);
- cpu_to_le16s(&desc->res);
- cpu_to_le16s(&desc->bytes);
- cpu_to_le32s(&desc->buffer);
- cpu_to_le32s(&desc->next);
- cpu_physical_memory_write(addr, (void *)desc, sizeof(*desc));
-}
-
-static void eth_tx_desc_get(uint32_t addr, mv88w8618_tx_desc *desc)
-{
- cpu_physical_memory_read(addr, (void *)desc, sizeof(*desc));
- le32_to_cpus(&desc->cmdstat);
- le16_to_cpus(&desc->res);
- le16_to_cpus(&desc->bytes);
- le32_to_cpus(&desc->buffer);
- le32_to_cpus(&desc->next);
-}
-
-static void eth_send(mv88w8618_eth_state *s, int queue_index)
-{
- uint32_t desc_addr = s->tx_queue[queue_index];
- mv88w8618_tx_desc desc;
- uint32_t next_desc;
- uint8_t buf[2048];
- int len;
-
- do {
- eth_tx_desc_get(desc_addr, &desc);
- next_desc = desc.next;
- if (desc.cmdstat & MP_ETH_TX_OWN) {
- len = desc.bytes;
- if (len < 2048) {
- cpu_physical_memory_read(desc.buffer, buf, len);
- qemu_send_packet(&s->nic->nc, buf, len);
- }
- desc.cmdstat &= ~MP_ETH_TX_OWN;
- s->icr |= 1 << (MP_ETH_IRQ_TXLO_BIT - queue_index);
- eth_tx_desc_put(desc_addr, &desc);
- }
- desc_addr = next_desc;
- } while (desc_addr != s->tx_queue[queue_index]);
-}
-
-static uint64_t mv88w8618_eth_read(void *opaque, hwaddr offset,
- unsigned size)
-{
- mv88w8618_eth_state *s = opaque;
-
- switch (offset) {
- case MP_ETH_SMIR:
- if (s->smir & MP_ETH_SMIR_OPCODE) {
- switch (s->smir & MP_ETH_SMIR_ADDR) {
- case MP_ETH_PHY1_BMSR:
- return MP_PHY_BMSR_LINK | MP_PHY_BMSR_AUTONEG |
- MP_ETH_SMIR_RDVALID;
- case MP_ETH_PHY1_PHYSID1:
- return (MP_PHY_88E3015 >> 16) | MP_ETH_SMIR_RDVALID;
- case MP_ETH_PHY1_PHYSID2:
- return (MP_PHY_88E3015 & 0xFFFF) | MP_ETH_SMIR_RDVALID;
- default:
- return MP_ETH_SMIR_RDVALID;
- }
- }
- return 0;
-
- case MP_ETH_ICR:
- return s->icr;
-
- case MP_ETH_IMR:
- return s->imr;
-
- case MP_ETH_FRDP0 ... MP_ETH_FRDP3:
- return s->frx_queue[(offset - MP_ETH_FRDP0)/4];
-
- case MP_ETH_CRDP0 ... MP_ETH_CRDP3:
- return s->rx_queue[(offset - MP_ETH_CRDP0)/4];
-
- case MP_ETH_CTDP0 ... MP_ETH_CTDP3:
- return s->tx_queue[(offset - MP_ETH_CTDP0)/4];
-
- default:
- return 0;
- }
-}
-
-static void mv88w8618_eth_write(void *opaque, hwaddr offset,
- uint64_t value, unsigned size)
-{
- mv88w8618_eth_state *s = opaque;
-
- switch (offset) {
- case MP_ETH_SMIR:
- s->smir = value;
- break;
-
- case MP_ETH_PCXR:
- s->vlan_header = ((value >> MP_ETH_PCXR_2BSM_BIT) & 1) * 2;
- break;
-
- case MP_ETH_SDCMR:
- if (value & MP_ETH_CMD_TXHI) {
- eth_send(s, 1);
- }
- if (value & MP_ETH_CMD_TXLO) {
- eth_send(s, 0);
- }
- if (value & (MP_ETH_CMD_TXHI | MP_ETH_CMD_TXLO) && s->icr & s->imr) {
- qemu_irq_raise(s->irq);
- }
- break;
-
- case MP_ETH_ICR:
- s->icr &= value;
- break;
-
- case MP_ETH_IMR:
- s->imr = value;
- if (s->icr & s->imr) {
- qemu_irq_raise(s->irq);
- }
- break;
-
- case MP_ETH_FRDP0 ... MP_ETH_FRDP3:
- s->frx_queue[(offset - MP_ETH_FRDP0)/4] = value;
- break;
-
- case MP_ETH_CRDP0 ... MP_ETH_CRDP3:
- s->rx_queue[(offset - MP_ETH_CRDP0)/4] =
- s->cur_rx[(offset - MP_ETH_CRDP0)/4] = value;
- break;
-
- case MP_ETH_CTDP0 ... MP_ETH_CTDP3:
- s->tx_queue[(offset - MP_ETH_CTDP0)/4] = value;
- break;
- }
-}
-
-static const MemoryRegionOps mv88w8618_eth_ops = {
- .read = mv88w8618_eth_read,
- .write = mv88w8618_eth_write,
- .endianness = DEVICE_NATIVE_ENDIAN,
-};
-
-static void eth_cleanup(NetClientState *nc)
-{
- mv88w8618_eth_state *s = DO_UPCAST(NICState, nc, nc)->opaque;
-
- s->nic = NULL;
-}
-
-static NetClientInfo net_mv88w8618_info = {
- .type = NET_CLIENT_OPTIONS_KIND_NIC,
- .size = sizeof(NICState),
- .can_receive = eth_can_receive,
- .receive = eth_receive,
- .cleanup = eth_cleanup,
-};
-
-static int mv88w8618_eth_init(SysBusDevice *dev)
-{
- mv88w8618_eth_state *s = FROM_SYSBUS(mv88w8618_eth_state, dev);
-
- sysbus_init_irq(dev, &s->irq);
- s->nic = qemu_new_nic(&net_mv88w8618_info, &s->conf,
- object_get_typename(OBJECT(dev)), dev->qdev.id, s);
- memory_region_init_io(&s->iomem, &mv88w8618_eth_ops, s, "mv88w8618-eth",
- MP_ETH_SIZE);
- sysbus_init_mmio(dev, &s->iomem);
- return 0;
-}
-
-static const VMStateDescription mv88w8618_eth_vmsd = {
- .name = "mv88w8618_eth",
- .version_id = 1,
- .minimum_version_id = 1,
- .minimum_version_id_old = 1,
- .fields = (VMStateField[]) {
- VMSTATE_UINT32(smir, mv88w8618_eth_state),
- VMSTATE_UINT32(icr, mv88w8618_eth_state),
- VMSTATE_UINT32(imr, mv88w8618_eth_state),
- VMSTATE_UINT32(vlan_header, mv88w8618_eth_state),
- VMSTATE_UINT32_ARRAY(tx_queue, mv88w8618_eth_state, 2),
- VMSTATE_UINT32_ARRAY(rx_queue, mv88w8618_eth_state, 4),
- VMSTATE_UINT32_ARRAY(frx_queue, mv88w8618_eth_state, 4),
- VMSTATE_UINT32_ARRAY(cur_rx, mv88w8618_eth_state, 4),
- VMSTATE_END_OF_LIST()
- }
-};
-
-static Property mv88w8618_eth_properties[] = {
- DEFINE_NIC_PROPERTIES(mv88w8618_eth_state, conf),
- DEFINE_PROP_END_OF_LIST(),
-};
-
-static void mv88w8618_eth_class_init(ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS(klass);
- SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
-
- k->init = mv88w8618_eth_init;
- dc->vmsd = &mv88w8618_eth_vmsd;
- dc->props = mv88w8618_eth_properties;
-}
-
-static TypeInfo mv88w8618_eth_info = {
- .name = "mv88w8618_eth",
- .parent = TYPE_SYS_BUS_DEVICE,
- .instance_size = sizeof(mv88w8618_eth_state),
- .class_init = mv88w8618_eth_class_init,
-};
-
-/* LCD register offsets */
-#define MP_LCD_IRQCTRL 0x180
-#define MP_LCD_IRQSTAT 0x184
-#define MP_LCD_SPICTRL 0x1ac
-#define MP_LCD_INST 0x1bc
-#define MP_LCD_DATA 0x1c0
-
-/* Mode magics */
-#define MP_LCD_SPI_DATA 0x00100011
-#define MP_LCD_SPI_CMD 0x00104011
-#define MP_LCD_SPI_INVALID 0x00000000
-
-/* Commmands */
-#define MP_LCD_INST_SETPAGE0 0xB0
-/* ... */
-#define MP_LCD_INST_SETPAGE7 0xB7
-
-#define MP_LCD_TEXTCOLOR 0xe0e0ff /* RRGGBB */
-
-typedef struct musicpal_lcd_state {
- SysBusDevice busdev;
- MemoryRegion iomem;
- uint32_t brightness;
- uint32_t mode;
- uint32_t irqctrl;
- uint32_t page;
- uint32_t page_off;
- DisplayState *ds;
- uint8_t video_ram[128*64/8];
-} musicpal_lcd_state;
-
-static uint8_t scale_lcd_color(musicpal_lcd_state *s, uint8_t col)
-{
- switch (s->brightness) {
- case 7:
- return col;
- case 0:
- return 0;
- default:
- return (col * s->brightness) / 7;
- }
-}
-
-#define SET_LCD_PIXEL(depth, type) \
-static inline void glue(set_lcd_pixel, depth) \
- (musicpal_lcd_state *s, int x, int y, type col) \
-{ \
- int dx, dy; \
- type *pixel = &((type *) ds_get_data(s->ds))[(y * 128 * 3 + x) * 3]; \
-\
- for (dy = 0; dy < 3; dy++, pixel += 127 * 3) \
- for (dx = 0; dx < 3; dx++, pixel++) \
- *pixel = col; \
-}
-SET_LCD_PIXEL(8, uint8_t)
-SET_LCD_PIXEL(16, uint16_t)
-SET_LCD_PIXEL(32, uint32_t)
-
-#include "pixel_ops.h"
-
-static void lcd_refresh(void *opaque)
-{
- musicpal_lcd_state *s = opaque;
- int x, y, col;
-
- switch (ds_get_bits_per_pixel(s->ds)) {
- case 0:
- return;
-#define LCD_REFRESH(depth, func) \
- case depth: \
- col = func(scale_lcd_color(s, (MP_LCD_TEXTCOLOR >> 16) & 0xff), \
- scale_lcd_color(s, (MP_LCD_TEXTCOLOR >> 8) & 0xff), \
- scale_lcd_color(s, MP_LCD_TEXTCOLOR & 0xff)); \
- for (x = 0; x < 128; x++) { \
- for (y = 0; y < 64; y++) { \
- if (s->video_ram[x + (y/8)*128] & (1 << (y % 8))) { \
- glue(set_lcd_pixel, depth)(s, x, y, col); \
- } else { \
- glue(set_lcd_pixel, depth)(s, x, y, 0); \
- } \
- } \
- } \
- break;
- LCD_REFRESH(8, rgb_to_pixel8)
- LCD_REFRESH(16, rgb_to_pixel16)
- LCD_REFRESH(32, (is_surface_bgr(s->ds->surface) ?
- rgb_to_pixel32bgr : rgb_to_pixel32))
- default:
- hw_error("unsupported colour depth %i\n",
- ds_get_bits_per_pixel(s->ds));
- }
-
- dpy_gfx_update(s->ds, 0, 0, 128*3, 64*3);
-}
-
-static void lcd_invalidate(void *opaque)
-{
-}
-
-static void musicpal_lcd_gpio_brigthness_in(void *opaque, int irq, int level)
-{
- musicpal_lcd_state *s = opaque;
- s->brightness &= ~(1 << irq);
- s->brightness |= level << irq;
-}
-
-static uint64_t musicpal_lcd_read(void *opaque, hwaddr offset,
- unsigned size)
-{
- musicpal_lcd_state *s = opaque;
-
- switch (offset) {
- case MP_LCD_IRQCTRL:
- return s->irqctrl;
-
- default:
- return 0;
- }
-}
-
-static void musicpal_lcd_write(void *opaque, hwaddr offset,
- uint64_t value, unsigned size)
-{
- musicpal_lcd_state *s = opaque;
-
- switch (offset) {
- case MP_LCD_IRQCTRL:
- s->irqctrl = value;
- break;
-
- case MP_LCD_SPICTRL:
- if (value == MP_LCD_SPI_DATA || value == MP_LCD_SPI_CMD) {
- s->mode = value;
- } else {
- s->mode = MP_LCD_SPI_INVALID;
- }
- break;
-
- case MP_LCD_INST:
- if (value >= MP_LCD_INST_SETPAGE0 && value <= MP_LCD_INST_SETPAGE7) {
- s->page = value - MP_LCD_INST_SETPAGE0;
- s->page_off = 0;
- }
- break;
-
- case MP_LCD_DATA:
- if (s->mode == MP_LCD_SPI_CMD) {
- if (value >= MP_LCD_INST_SETPAGE0 &&
- value <= MP_LCD_INST_SETPAGE7) {
- s->page = value - MP_LCD_INST_SETPAGE0;
- s->page_off = 0;
- }
- } else if (s->mode == MP_LCD_SPI_DATA) {
- s->video_ram[s->page*128 + s->page_off] = value;
- s->page_off = (s->page_off + 1) & 127;
- }
- break;
- }
-}
-
-static const MemoryRegionOps musicpal_lcd_ops = {
- .read = musicpal_lcd_read,
- .write = musicpal_lcd_write,
- .endianness = DEVICE_NATIVE_ENDIAN,
-};
-
-static int musicpal_lcd_init(SysBusDevice *dev)
-{
- musicpal_lcd_state *s = FROM_SYSBUS(musicpal_lcd_state, dev);
-
- s->brightness = 7;
-
- memory_region_init_io(&s->iomem, &musicpal_lcd_ops, s,
- "musicpal-lcd", MP_LCD_SIZE);
- sysbus_init_mmio(dev, &s->iomem);
-
- s->ds = graphic_console_init(lcd_refresh, lcd_invalidate,
- NULL, NULL, s);
- qemu_console_resize(s->ds, 128*3, 64*3);
-
- qdev_init_gpio_in(&dev->qdev, musicpal_lcd_gpio_brigthness_in, 3);
-
- return 0;
-}
-
-static const VMStateDescription musicpal_lcd_vmsd = {
- .name = "musicpal_lcd",
- .version_id = 1,
- .minimum_version_id = 1,
- .minimum_version_id_old = 1,
- .fields = (VMStateField[]) {
- VMSTATE_UINT32(brightness, musicpal_lcd_state),
- VMSTATE_UINT32(mode, musicpal_lcd_state),
- VMSTATE_UINT32(irqctrl, musicpal_lcd_state),
- VMSTATE_UINT32(page, musicpal_lcd_state),
- VMSTATE_UINT32(page_off, musicpal_lcd_state),
- VMSTATE_BUFFER(video_ram, musicpal_lcd_state),
- VMSTATE_END_OF_LIST()
- }
-};
-
-static void musicpal_lcd_class_init(ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS(klass);
- SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
-
- k->init = musicpal_lcd_init;
- dc->vmsd = &musicpal_lcd_vmsd;
-}
-
-static TypeInfo musicpal_lcd_info = {
- .name = "musicpal_lcd",
- .parent = TYPE_SYS_BUS_DEVICE,
- .instance_size = sizeof(musicpal_lcd_state),
- .class_init = musicpal_lcd_class_init,
-};
-
-/* PIC register offsets */
-#define MP_PIC_STATUS 0x00
-#define MP_PIC_ENABLE_SET 0x08
-#define MP_PIC_ENABLE_CLR 0x0C
-
-typedef struct mv88w8618_pic_state
-{
- SysBusDevice busdev;
- MemoryRegion iomem;
- uint32_t level;
- uint32_t enabled;
- qemu_irq parent_irq;
-} mv88w8618_pic_state;
-
-static void mv88w8618_pic_update(mv88w8618_pic_state *s)
-{
- qemu_set_irq(s->parent_irq, (s->level & s->enabled));
-}
-
-static void mv88w8618_pic_set_irq(void *opaque, int irq, int level)
-{
- mv88w8618_pic_state *s = opaque;
-
- if (level) {
- s->level |= 1 << irq;
- } else {
- s->level &= ~(1 << irq);
- }
- mv88w8618_pic_update(s);
-}
-
-static uint64_t mv88w8618_pic_read(void *opaque, hwaddr offset,
- unsigned size)
-{
- mv88w8618_pic_state *s = opaque;
-
- switch (offset) {
- case MP_PIC_STATUS:
- return s->level & s->enabled;
-
- default:
- return 0;
- }
-}
-
-static void mv88w8618_pic_write(void *opaque, hwaddr offset,
- uint64_t value, unsigned size)
-{
- mv88w8618_pic_state *s = opaque;
-
- switch (offset) {
- case MP_PIC_ENABLE_SET:
- s->enabled |= value;
- break;
-
- case MP_PIC_ENABLE_CLR:
- s->enabled &= ~value;
- s->level &= ~value;
- break;
- }
- mv88w8618_pic_update(s);
-}
-
-static void mv88w8618_pic_reset(DeviceState *d)
-{
- mv88w8618_pic_state *s = FROM_SYSBUS(mv88w8618_pic_state,
- sysbus_from_qdev(d));
-
- s->level = 0;
- s->enabled = 0;
-}
-
-static const MemoryRegionOps mv88w8618_pic_ops = {
- .read = mv88w8618_pic_read,
- .write = mv88w8618_pic_write,
- .endianness = DEVICE_NATIVE_ENDIAN,
-};
-
-static int mv88w8618_pic_init(SysBusDevice *dev)
-{
- mv88w8618_pic_state *s = FROM_SYSBUS(mv88w8618_pic_state, dev);
-
- qdev_init_gpio_in(&dev->qdev, mv88w8618_pic_set_irq, 32);
- sysbus_init_irq(dev, &s->parent_irq);
- memory_region_init_io(&s->iomem, &mv88w8618_pic_ops, s,
- "musicpal-pic", MP_PIC_SIZE);
- sysbus_init_mmio(dev, &s->iomem);
- return 0;
-}
-
-static const VMStateDescription mv88w8618_pic_vmsd = {
- .name = "mv88w8618_pic",
- .version_id = 1,
- .minimum_version_id = 1,
- .minimum_version_id_old = 1,
- .fields = (VMStateField[]) {
- VMSTATE_UINT32(level, mv88w8618_pic_state),
- VMSTATE_UINT32(enabled, mv88w8618_pic_state),
- VMSTATE_END_OF_LIST()
- }
-};
-
-static void mv88w8618_pic_class_init(ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS(klass);
- SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
-
- k->init = mv88w8618_pic_init;
- dc->reset = mv88w8618_pic_reset;
- dc->vmsd = &mv88w8618_pic_vmsd;
-}
-
-static TypeInfo mv88w8618_pic_info = {
- .name = "mv88w8618_pic",
- .parent = TYPE_SYS_BUS_DEVICE,
- .instance_size = sizeof(mv88w8618_pic_state),
- .class_init = mv88w8618_pic_class_init,
-};
-
-/* PIT register offsets */
-#define MP_PIT_TIMER1_LENGTH 0x00
-/* ... */
-#define MP_PIT_TIMER4_LENGTH 0x0C
-#define MP_PIT_CONTROL 0x10
-#define MP_PIT_TIMER1_VALUE 0x14
-/* ... */
-#define MP_PIT_TIMER4_VALUE 0x20
-#define MP_BOARD_RESET 0x34
-
-/* Magic board reset value (probably some watchdog behind it) */
-#define MP_BOARD_RESET_MAGIC 0x10000
-
-typedef struct mv88w8618_timer_state {
- ptimer_state *ptimer;
- uint32_t limit;
- int freq;
- qemu_irq irq;
-} mv88w8618_timer_state;
-
-typedef struct mv88w8618_pit_state {
- SysBusDevice busdev;
- MemoryRegion iomem;
- mv88w8618_timer_state timer[4];
-} mv88w8618_pit_state;
-
-static void mv88w8618_timer_tick(void *opaque)
-{
- mv88w8618_timer_state *s = opaque;
-
- qemu_irq_raise(s->irq);
-}
-
-static void mv88w8618_timer_init(SysBusDevice *dev, mv88w8618_timer_state *s,
- uint32_t freq)
-{
- QEMUBH *bh;
-
- sysbus_init_irq(dev, &s->irq);
- s->freq = freq;
-
- bh = qemu_bh_new(mv88w8618_timer_tick, s);
- s->ptimer = ptimer_init(bh);
-}
-
-static uint64_t mv88w8618_pit_read(void *opaque, hwaddr offset,
- unsigned size)
-{
- mv88w8618_pit_state *s = opaque;
- mv88w8618_timer_state *t;
-
- switch (offset) {
- case MP_PIT_TIMER1_VALUE ... MP_PIT_TIMER4_VALUE:
- t = &s->timer[(offset-MP_PIT_TIMER1_VALUE) >> 2];
- return ptimer_get_count(t->ptimer);
-
- default:
- return 0;
- }
-}
-
-static void mv88w8618_pit_write(void *opaque, hwaddr offset,
- uint64_t value, unsigned size)
-{
- mv88w8618_pit_state *s = opaque;
- mv88w8618_timer_state *t;
- int i;
-
- switch (offset) {
- case MP_PIT_TIMER1_LENGTH ... MP_PIT_TIMER4_LENGTH:
- t = &s->timer[offset >> 2];
- t->limit = value;
- if (t->limit > 0) {
- ptimer_set_limit(t->ptimer, t->limit, 1);
- } else {
- ptimer_stop(t->ptimer);
- }
- break;
-
- case MP_PIT_CONTROL:
- for (i = 0; i < 4; i++) {
- t = &s->timer[i];
- if (value & 0xf && t->limit > 0) {
- ptimer_set_limit(t->ptimer, t->limit, 0);
- ptimer_set_freq(t->ptimer, t->freq);
- ptimer_run(t->ptimer, 0);
- } else {
- ptimer_stop(t->ptimer);
- }
- value >>= 4;
- }
- break;
-
- case MP_BOARD_RESET:
- if (value == MP_BOARD_RESET_MAGIC) {
- qemu_system_reset_request();
- }
- break;
- }
-}
-
-static void mv88w8618_pit_reset(DeviceState *d)
-{
- mv88w8618_pit_state *s = FROM_SYSBUS(mv88w8618_pit_state,
- sysbus_from_qdev(d));
- int i;
-
- for (i = 0; i < 4; i++) {
- ptimer_stop(s->timer[i].ptimer);
- s->timer[i].limit = 0;
- }
-}
-
-static const MemoryRegionOps mv88w8618_pit_ops = {
- .read = mv88w8618_pit_read,
- .write = mv88w8618_pit_write,
- .endianness = DEVICE_NATIVE_ENDIAN,
-};
-
-static int mv88w8618_pit_init(SysBusDevice *dev)
-{
- mv88w8618_pit_state *s = FROM_SYSBUS(mv88w8618_pit_state, dev);
- int i;
-
- /* Letting them all run at 1 MHz is likely just a pragmatic
- * simplification. */
- for (i = 0; i < 4; i++) {
- mv88w8618_timer_init(dev, &s->timer[i], 1000000);
- }
-
- memory_region_init_io(&s->iomem, &mv88w8618_pit_ops, s,
- "musicpal-pit", MP_PIT_SIZE);
- sysbus_init_mmio(dev, &s->iomem);
- return 0;
-}
-
-static const VMStateDescription mv88w8618_timer_vmsd = {
- .name = "timer",
- .version_id = 1,
- .minimum_version_id = 1,
- .minimum_version_id_old = 1,
- .fields = (VMStateField[]) {
- VMSTATE_PTIMER(ptimer, mv88w8618_timer_state),
- VMSTATE_UINT32(limit, mv88w8618_timer_state),
- VMSTATE_END_OF_LIST()
- }
-};
-
-static const VMStateDescription mv88w8618_pit_vmsd = {
- .name = "mv88w8618_pit",
- .version_id = 1,
- .minimum_version_id = 1,
- .minimum_version_id_old = 1,
- .fields = (VMStateField[]) {
- VMSTATE_STRUCT_ARRAY(timer, mv88w8618_pit_state, 4, 1,
- mv88w8618_timer_vmsd, mv88w8618_timer_state),
- VMSTATE_END_OF_LIST()
- }
-};
-
-static void mv88w8618_pit_class_init(ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS(klass);
- SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
-
- k->init = mv88w8618_pit_init;
- dc->reset = mv88w8618_pit_reset;
- dc->vmsd = &mv88w8618_pit_vmsd;
-}
-
-static TypeInfo mv88w8618_pit_info = {
- .name = "mv88w8618_pit",
- .parent = TYPE_SYS_BUS_DEVICE,
- .instance_size = sizeof(mv88w8618_pit_state),
- .class_init = mv88w8618_pit_class_init,
-};
-
-/* Flash config register offsets */
-#define MP_FLASHCFG_CFGR0 0x04
-
-typedef struct mv88w8618_flashcfg_state {
- SysBusDevice busdev;
- MemoryRegion iomem;
- uint32_t cfgr0;
-} mv88w8618_flashcfg_state;
-
-static uint64_t mv88w8618_flashcfg_read(void *opaque,
- hwaddr offset,
- unsigned size)
-{
- mv88w8618_flashcfg_state *s = opaque;
-
- switch (offset) {
- case MP_FLASHCFG_CFGR0:
- return s->cfgr0;
-
- default:
- return 0;
- }
-}
-
-static void mv88w8618_flashcfg_write(void *opaque, hwaddr offset,
- uint64_t value, unsigned size)
-{
- mv88w8618_flashcfg_state *s = opaque;
-
- switch (offset) {
- case MP_FLASHCFG_CFGR0:
- s->cfgr0 = value;
- break;
- }
-}
-
-static const MemoryRegionOps mv88w8618_flashcfg_ops = {
- .read = mv88w8618_flashcfg_read,
- .write = mv88w8618_flashcfg_write,
- .endianness = DEVICE_NATIVE_ENDIAN,
-};
-
-static int mv88w8618_flashcfg_init(SysBusDevice *dev)
-{
- mv88w8618_flashcfg_state *s = FROM_SYSBUS(mv88w8618_flashcfg_state, dev);
-
- s->cfgr0 = 0xfffe4285; /* Default as set by U-Boot for 8 MB flash */
- memory_region_init_io(&s->iomem, &mv88w8618_flashcfg_ops, s,
- "musicpal-flashcfg", MP_FLASHCFG_SIZE);
- sysbus_init_mmio(dev, &s->iomem);
- return 0;
-}
-
-static const VMStateDescription mv88w8618_flashcfg_vmsd = {
- .name = "mv88w8618_flashcfg",
- .version_id = 1,
- .minimum_version_id = 1,
- .minimum_version_id_old = 1,
- .fields = (VMStateField[]) {
- VMSTATE_UINT32(cfgr0, mv88w8618_flashcfg_state),
- VMSTATE_END_OF_LIST()
- }
-};
-
-static void mv88w8618_flashcfg_class_init(ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS(klass);
- SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
-
- k->init = mv88w8618_flashcfg_init;
- dc->vmsd = &mv88w8618_flashcfg_vmsd;
-}
-
-static TypeInfo mv88w8618_flashcfg_info = {
- .name = "mv88w8618_flashcfg",
- .parent = TYPE_SYS_BUS_DEVICE,
- .instance_size = sizeof(mv88w8618_flashcfg_state),
- .class_init = mv88w8618_flashcfg_class_init,
-};
-
-/* Misc register offsets */
-#define MP_MISC_BOARD_REVISION 0x18
-
-#define MP_BOARD_REVISION 0x31
-
-static uint64_t musicpal_misc_read(void *opaque, hwaddr offset,
- unsigned size)
-{
- switch (offset) {
- case MP_MISC_BOARD_REVISION:
- return MP_BOARD_REVISION;
-
- default:
- return 0;
- }
-}
-
-static void musicpal_misc_write(void *opaque, hwaddr offset,
- uint64_t value, unsigned size)
-{
-}
-
-static const MemoryRegionOps musicpal_misc_ops = {
- .read = musicpal_misc_read,
- .write = musicpal_misc_write,
- .endianness = DEVICE_NATIVE_ENDIAN,
-};
-
-static void musicpal_misc_init(SysBusDevice *dev)
-{
- MemoryRegion *iomem = g_new(MemoryRegion, 1);
-
- memory_region_init_io(iomem, &musicpal_misc_ops, NULL,
- "musicpal-misc", MP_MISC_SIZE);
- sysbus_add_memory(dev, MP_MISC_BASE, iomem);
-}
-
-/* WLAN register offsets */
-#define MP_WLAN_MAGIC1 0x11c
-#define MP_WLAN_MAGIC2 0x124
-
-static uint64_t mv88w8618_wlan_read(void *opaque, hwaddr offset,
- unsigned size)
-{
- switch (offset) {
- /* Workaround to allow loading the binary-only wlandrv.ko crap
- * from the original Freecom firmware. */
- case MP_WLAN_MAGIC1:
- return ~3;
- case MP_WLAN_MAGIC2:
- return -1;
-
- default:
- return 0;
- }
-}
-
-static void mv88w8618_wlan_write(void *opaque, hwaddr offset,
- uint64_t value, unsigned size)
-{
-}
-
-static const MemoryRegionOps mv88w8618_wlan_ops = {
- .read = mv88w8618_wlan_read,
- .write =mv88w8618_wlan_write,
- .endianness = DEVICE_NATIVE_ENDIAN,
-};
-
-static int mv88w8618_wlan_init(SysBusDevice *dev)
-{
- MemoryRegion *iomem = g_new(MemoryRegion, 1);
-
- memory_region_init_io(iomem, &mv88w8618_wlan_ops, NULL,
- "musicpal-wlan", MP_WLAN_SIZE);
- sysbus_init_mmio(dev, iomem);
- return 0;
-}
-
-/* GPIO register offsets */
-#define MP_GPIO_OE_LO 0x008
-#define MP_GPIO_OUT_LO 0x00c
-#define MP_GPIO_IN_LO 0x010
-#define MP_GPIO_IER_LO 0x014
-#define MP_GPIO_IMR_LO 0x018
-#define MP_GPIO_ISR_LO 0x020
-#define MP_GPIO_OE_HI 0x508
-#define MP_GPIO_OUT_HI 0x50c
-#define MP_GPIO_IN_HI 0x510
-#define MP_GPIO_IER_HI 0x514
-#define MP_GPIO_IMR_HI 0x518
-#define MP_GPIO_ISR_HI 0x520
-
-/* GPIO bits & masks */
-#define MP_GPIO_LCD_BRIGHTNESS 0x00070000
-#define MP_GPIO_I2C_DATA_BIT 29
-#define MP_GPIO_I2C_CLOCK_BIT 30
-
-/* LCD brightness bits in GPIO_OE_HI */
-#define MP_OE_LCD_BRIGHTNESS 0x0007
-
-typedef struct musicpal_gpio_state {
- SysBusDevice busdev;
- MemoryRegion iomem;
- uint32_t lcd_brightness;
- uint32_t out_state;
- uint32_t in_state;
- uint32_t ier;
- uint32_t imr;
- uint32_t isr;
- qemu_irq irq;
- qemu_irq out[5]; /* 3 brightness out + 2 lcd (data and clock ) */
-} musicpal_gpio_state;
-
-static void musicpal_gpio_brightness_update(musicpal_gpio_state *s) {
- int i;
- uint32_t brightness;
-
- /* compute brightness ratio */
- switch (s->lcd_brightness) {
- case 0x00000007:
- brightness = 0;
- break;
-
- case 0x00020000:
- brightness = 1;
- break;
-
- case 0x00020001:
- brightness = 2;
- break;
-
- case 0x00040000:
- brightness = 3;
- break;
-
- case 0x00010006:
- brightness = 4;
- break;
-
- case 0x00020005:
- brightness = 5;
- break;
-
- case 0x00040003:
- brightness = 6;
- break;
-
- case 0x00030004:
- default:
- brightness = 7;
- }
-
- /* set lcd brightness GPIOs */
- for (i = 0; i <= 2; i++) {
- qemu_set_irq(s->out[i], (brightness >> i) & 1);
- }
-}
-
-static void musicpal_gpio_pin_event(void *opaque, int pin, int level)
-{
- musicpal_gpio_state *s = opaque;
- uint32_t mask = 1 << pin;
- uint32_t delta = level << pin;
- uint32_t old = s->in_state & mask;
-
- s->in_state &= ~mask;
- s->in_state |= delta;
-
- if ((old ^ delta) &&
- ((level && (s->imr & mask)) || (!level && (s->ier & mask)))) {
- s->isr = mask;
- qemu_irq_raise(s->irq);
- }
-}
-
-static uint64_t musicpal_gpio_read(void *opaque, hwaddr offset,
- unsigned size)
-{
- musicpal_gpio_state *s = opaque;
-
- switch (offset) {
- case MP_GPIO_OE_HI: /* used for LCD brightness control */
- return s->lcd_brightness & MP_OE_LCD_BRIGHTNESS;
-
- case MP_GPIO_OUT_LO:
- return s->out_state & 0xFFFF;
- case MP_GPIO_OUT_HI:
- return s->out_state >> 16;
-
- case MP_GPIO_IN_LO:
- return s->in_state & 0xFFFF;
- case MP_GPIO_IN_HI:
- return s->in_state >> 16;
-
- case MP_GPIO_IER_LO:
- return s->ier & 0xFFFF;
- case MP_GPIO_IER_HI:
- return s->ier >> 16;
-
- case MP_GPIO_IMR_LO:
- return s->imr & 0xFFFF;
- case MP_GPIO_IMR_HI:
- return s->imr >> 16;
-
- case MP_GPIO_ISR_LO:
- return s->isr & 0xFFFF;
- case MP_GPIO_ISR_HI:
- return s->isr >> 16;
-
- default:
- return 0;
- }
-}
-
-static void musicpal_gpio_write(void *opaque, hwaddr offset,
- uint64_t value, unsigned size)
-{
- musicpal_gpio_state *s = opaque;
- switch (offset) {
- case MP_GPIO_OE_HI: /* used for LCD brightness control */
- s->lcd_brightness = (s->lcd_brightness & MP_GPIO_LCD_BRIGHTNESS) |
- (value & MP_OE_LCD_BRIGHTNESS);
- musicpal_gpio_brightness_update(s);
- break;
-
- case MP_GPIO_OUT_LO:
- s->out_state = (s->out_state & 0xFFFF0000) | (value & 0xFFFF);
- break;
- case MP_GPIO_OUT_HI:
- s->out_state = (s->out_state & 0xFFFF) | (value << 16);
- s->lcd_brightness = (s->lcd_brightness & 0xFFFF) |
- (s->out_state & MP_GPIO_LCD_BRIGHTNESS);
- musicpal_gpio_brightness_update(s);
- qemu_set_irq(s->out[3], (s->out_state >> MP_GPIO_I2C_DATA_BIT) & 1);
- qemu_set_irq(s->out[4], (s->out_state >> MP_GPIO_I2C_CLOCK_BIT) & 1);
- break;
-
- case MP_GPIO_IER_LO:
- s->ier = (s->ier & 0xFFFF0000) | (value & 0xFFFF);
- break;
- case MP_GPIO_IER_HI:
- s->ier = (s->ier & 0xFFFF) | (value << 16);
- break;
-
- case MP_GPIO_IMR_LO:
- s->imr = (s->imr & 0xFFFF0000) | (value & 0xFFFF);
- break;
- case MP_GPIO_IMR_HI:
- s->imr = (s->imr & 0xFFFF) | (value << 16);
- break;
- }
-}
-
-static const MemoryRegionOps musicpal_gpio_ops = {
- .read = musicpal_gpio_read,
- .write = musicpal_gpio_write,
- .endianness = DEVICE_NATIVE_ENDIAN,
-};
-
-static void musicpal_gpio_reset(DeviceState *d)
-{
- musicpal_gpio_state *s = FROM_SYSBUS(musicpal_gpio_state,
- sysbus_from_qdev(d));
-
- s->lcd_brightness = 0;
- s->out_state = 0;
- s->in_state = 0xffffffff;
- s->ier = 0;
- s->imr = 0;
- s->isr = 0;
-}
-
-static int musicpal_gpio_init(SysBusDevice *dev)
-{
- musicpal_gpio_state *s = FROM_SYSBUS(musicpal_gpio_state, dev);
-
- sysbus_init_irq(dev, &s->irq);
-
- memory_region_init_io(&s->iomem, &musicpal_gpio_ops, s,
- "musicpal-gpio", MP_GPIO_SIZE);
- sysbus_init_mmio(dev, &s->iomem);
-
- qdev_init_gpio_out(&dev->qdev, s->out, ARRAY_SIZE(s->out));
-
- qdev_init_gpio_in(&dev->qdev, musicpal_gpio_pin_event, 32);
-
- return 0;
-}
-
-static const VMStateDescription musicpal_gpio_vmsd = {
- .name = "musicpal_gpio",
- .version_id = 1,
- .minimum_version_id = 1,
- .minimum_version_id_old = 1,
- .fields = (VMStateField[]) {
- VMSTATE_UINT32(lcd_brightness, musicpal_gpio_state),
- VMSTATE_UINT32(out_state, musicpal_gpio_state),
- VMSTATE_UINT32(in_state, musicpal_gpio_state),
- VMSTATE_UINT32(ier, musicpal_gpio_state),
- VMSTATE_UINT32(imr, musicpal_gpio_state),
- VMSTATE_UINT32(isr, musicpal_gpio_state),
- VMSTATE_END_OF_LIST()
- }
-};
-
-static void musicpal_gpio_class_init(ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS(klass);
- SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
-
- k->init = musicpal_gpio_init;
- dc->reset = musicpal_gpio_reset;
- dc->vmsd = &musicpal_gpio_vmsd;
-}
-
-static TypeInfo musicpal_gpio_info = {
- .name = "musicpal_gpio",
- .parent = TYPE_SYS_BUS_DEVICE,
- .instance_size = sizeof(musicpal_gpio_state),
- .class_init = musicpal_gpio_class_init,
-};
-
-/* Keyboard codes & masks */
-#define KEY_RELEASED 0x80
-#define KEY_CODE 0x7f
-
-#define KEYCODE_TAB 0x0f
-#define KEYCODE_ENTER 0x1c
-#define KEYCODE_F 0x21
-#define KEYCODE_M 0x32
-
-#define KEYCODE_EXTENDED 0xe0
-#define KEYCODE_UP 0x48
-#define KEYCODE_DOWN 0x50
-#define KEYCODE_LEFT 0x4b
-#define KEYCODE_RIGHT 0x4d
-
-#define MP_KEY_WHEEL_VOL (1 << 0)
-#define MP_KEY_WHEEL_VOL_INV (1 << 1)
-#define MP_KEY_WHEEL_NAV (1 << 2)
-#define MP_KEY_WHEEL_NAV_INV (1 << 3)
-#define MP_KEY_BTN_FAVORITS (1 << 4)
-#define MP_KEY_BTN_MENU (1 << 5)
-#define MP_KEY_BTN_VOLUME (1 << 6)
-#define MP_KEY_BTN_NAVIGATION (1 << 7)
-
-typedef struct musicpal_key_state {
- SysBusDevice busdev;
- MemoryRegion iomem;
- uint32_t kbd_extended;
- uint32_t pressed_keys;
- qemu_irq out[8];
-} musicpal_key_state;
-
-static void musicpal_key_event(void *opaque, int keycode)
-{
- musicpal_key_state *s = opaque;
- uint32_t event = 0;
- int i;
-
- if (keycode == KEYCODE_EXTENDED) {
- s->kbd_extended = 1;
- return;
- }
-
- if (s->kbd_extended) {
- switch (keycode & KEY_CODE) {
- case KEYCODE_UP:
- event = MP_KEY_WHEEL_NAV | MP_KEY_WHEEL_NAV_INV;
- break;
-
- case KEYCODE_DOWN:
- event = MP_KEY_WHEEL_NAV;
- break;
-
- case KEYCODE_LEFT:
- event = MP_KEY_WHEEL_VOL | MP_KEY_WHEEL_VOL_INV;
- break;
-
- case KEYCODE_RIGHT:
- event = MP_KEY_WHEEL_VOL;
- break;
- }
- } else {
- switch (keycode & KEY_CODE) {
- case KEYCODE_F:
- event = MP_KEY_BTN_FAVORITS;
- break;
-
- case KEYCODE_TAB:
- event = MP_KEY_BTN_VOLUME;
- break;
-
- case KEYCODE_ENTER:
- event = MP_KEY_BTN_NAVIGATION;
- break;
-
- case KEYCODE_M:
- event = MP_KEY_BTN_MENU;
- break;
- }
- /* Do not repeat already pressed buttons */
- if (!(keycode & KEY_RELEASED) && (s->pressed_keys & event)) {
- event = 0;
- }
- }
-
- if (event) {
- /* Raise GPIO pin first if repeating a key */
- if (!(keycode & KEY_RELEASED) && (s->pressed_keys & event)) {
- for (i = 0; i <= 7; i++) {
- if (event & (1 << i)) {
- qemu_set_irq(s->out[i], 1);
- }
- }
- }
- for (i = 0; i <= 7; i++) {
- if (event & (1 << i)) {
- qemu_set_irq(s->out[i], !!(keycode & KEY_RELEASED));
- }
- }
- if (keycode & KEY_RELEASED) {
- s->pressed_keys &= ~event;
- } else {
- s->pressed_keys |= event;
- }
- }
-
- s->kbd_extended = 0;
-}
-
-static int musicpal_key_init(SysBusDevice *dev)
-{
- musicpal_key_state *s = FROM_SYSBUS(musicpal_key_state, dev);
-
- memory_region_init(&s->iomem, "dummy", 0);
- sysbus_init_mmio(dev, &s->iomem);
-
- s->kbd_extended = 0;
- s->pressed_keys = 0;
-
- qdev_init_gpio_out(&dev->qdev, s->out, ARRAY_SIZE(s->out));
-
- qemu_add_kbd_event_handler(musicpal_key_event, s);
-
- return 0;
-}
-
-static const VMStateDescription musicpal_key_vmsd = {
- .name = "musicpal_key",
- .version_id = 1,
- .minimum_version_id = 1,
- .minimum_version_id_old = 1,
- .fields = (VMStateField[]) {
- VMSTATE_UINT32(kbd_extended, musicpal_key_state),
- VMSTATE_UINT32(pressed_keys, musicpal_key_state),
- VMSTATE_END_OF_LIST()
- }
-};
-
-static void musicpal_key_class_init(ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS(klass);
- SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
-
- k->init = musicpal_key_init;
- dc->vmsd = &musicpal_key_vmsd;
-}
-
-static TypeInfo musicpal_key_info = {
- .name = "musicpal_key",
- .parent = TYPE_SYS_BUS_DEVICE,
- .instance_size = sizeof(musicpal_key_state),
- .class_init = musicpal_key_class_init,
-};
-
-static struct arm_boot_info musicpal_binfo = {
- .loader_start = 0x0,
- .board_id = 0x20e,
-};
-
-static void musicpal_init(QEMUMachineInitArgs *args)
-{
- const char *cpu_model = args->cpu_model;
- const char *kernel_filename = args->kernel_filename;
- const char *kernel_cmdline = args->kernel_cmdline;
- const char *initrd_filename = args->initrd_filename;
- ARMCPU *cpu;
- qemu_irq *cpu_pic;
- qemu_irq pic[32];
- DeviceState *dev;
- DeviceState *i2c_dev;
- DeviceState *lcd_dev;
- DeviceState *key_dev;
- DeviceState *wm8750_dev;
- SysBusDevice *s;
- i2c_bus *i2c;
- int i;
- unsigned long flash_size;
- DriveInfo *dinfo;
- MemoryRegion *address_space_mem = get_system_memory();
- MemoryRegion *ram = g_new(MemoryRegion, 1);
- MemoryRegion *sram = g_new(MemoryRegion, 1);
-
- if (!cpu_model) {
- cpu_model = "arm926";
- }
- cpu = cpu_arm_init(cpu_model);
- if (!cpu) {
- fprintf(stderr, "Unable to find CPU definition\n");
- exit(1);
- }
- cpu_pic = arm_pic_init_cpu(cpu);
-
- /* For now we use a fixed - the original - RAM size */
- memory_region_init_ram(ram, "musicpal.ram", MP_RAM_DEFAULT_SIZE);
- vmstate_register_ram_global(ram);
- memory_region_add_subregion(address_space_mem, 0, ram);
-
- memory_region_init_ram(sram, "musicpal.sram", MP_SRAM_SIZE);
- vmstate_register_ram_global(sram);
- memory_region_add_subregion(address_space_mem, MP_SRAM_BASE, sram);
-
- dev = sysbus_create_simple("mv88w8618_pic", MP_PIC_BASE,
- cpu_pic[ARM_PIC_CPU_IRQ]);
- for (i = 0; i < 32; i++) {
- pic[i] = qdev_get_gpio_in(dev, i);
- }
- sysbus_create_varargs("mv88w8618_pit", MP_PIT_BASE, pic[MP_TIMER1_IRQ],
- pic[MP_TIMER2_IRQ], pic[MP_TIMER3_IRQ],
- pic[MP_TIMER4_IRQ], NULL);
-
- if (serial_hds[0]) {
- serial_mm_init(address_space_mem, MP_UART1_BASE, 2, pic[MP_UART1_IRQ],
- 1825000, serial_hds[0], DEVICE_NATIVE_ENDIAN);
- }
- if (serial_hds[1]) {
- serial_mm_init(address_space_mem, MP_UART2_BASE, 2, pic[MP_UART2_IRQ],
- 1825000, serial_hds[1], DEVICE_NATIVE_ENDIAN);
- }
-
- /* Register flash */
- dinfo = drive_get(IF_PFLASH, 0, 0);
- if (dinfo) {
- flash_size = bdrv_getlength(dinfo->bdrv);
- if (flash_size != 8*1024*1024 && flash_size != 16*1024*1024 &&
- flash_size != 32*1024*1024) {
- fprintf(stderr, "Invalid flash image size\n");
- exit(1);
- }
-
- /*
- * The original U-Boot accesses the flash at 0xFE000000 instead of
- * 0xFF800000 (if there is 8 MB flash). So remap flash access if the
- * image is smaller than 32 MB.
- */
-#ifdef TARGET_WORDS_BIGENDIAN
- pflash_cfi02_register(0x100000000ULL-MP_FLASH_SIZE_MAX, NULL,
- "musicpal.flash", flash_size,
- dinfo->bdrv, 0x10000,
- (flash_size + 0xffff) >> 16,
- MP_FLASH_SIZE_MAX / flash_size,
- 2, 0x00BF, 0x236D, 0x0000, 0x0000,
- 0x5555, 0x2AAA, 1);
-#else
- pflash_cfi02_register(0x100000000ULL-MP_FLASH_SIZE_MAX, NULL,
- "musicpal.flash", flash_size,
- dinfo->bdrv, 0x10000,
- (flash_size + 0xffff) >> 16,
- MP_FLASH_SIZE_MAX / flash_size,
- 2, 0x00BF, 0x236D, 0x0000, 0x0000,
- 0x5555, 0x2AAA, 0);
-#endif
-
- }
- sysbus_create_simple("mv88w8618_flashcfg", MP_FLASHCFG_BASE, NULL);
-
- qemu_check_nic_model(&nd_table[0], "mv88w8618");
- dev = qdev_create(NULL, "mv88w8618_eth");
- qdev_set_nic_properties(dev, &nd_table[0]);
- qdev_init_nofail(dev);
- sysbus_mmio_map(sysbus_from_qdev(dev), 0, MP_ETH_BASE);
- sysbus_connect_irq(sysbus_from_qdev(dev), 0, pic[MP_ETH_IRQ]);
-
- sysbus_create_simple("mv88w8618_wlan", MP_WLAN_BASE, NULL);
-
- musicpal_misc_init(sysbus_from_qdev(dev));
-
- dev = sysbus_create_simple("musicpal_gpio", MP_GPIO_BASE, pic[MP_GPIO_IRQ]);
- i2c_dev = sysbus_create_simple("gpio_i2c", -1, NULL);
- i2c = (i2c_bus *)qdev_get_child_bus(i2c_dev, "i2c");
-
- lcd_dev = sysbus_create_simple("musicpal_lcd", MP_LCD_BASE, NULL);
- key_dev = sysbus_create_simple("musicpal_key", -1, NULL);
-
- /* I2C read data */
- qdev_connect_gpio_out(i2c_dev, 0,
- qdev_get_gpio_in(dev, MP_GPIO_I2C_DATA_BIT));
- /* I2C data */
- qdev_connect_gpio_out(dev, 3, qdev_get_gpio_in(i2c_dev, 0));
- /* I2C clock */
- qdev_connect_gpio_out(dev, 4, qdev_get_gpio_in(i2c_dev, 1));
-
- for (i = 0; i < 3; i++) {
- qdev_connect_gpio_out(dev, i, qdev_get_gpio_in(lcd_dev, i));
- }
- for (i = 0; i < 4; i++) {
- qdev_connect_gpio_out(key_dev, i, qdev_get_gpio_in(dev, i + 8));
- }
- for (i = 4; i < 8; i++) {
- qdev_connect_gpio_out(key_dev, i, qdev_get_gpio_in(dev, i + 15));
- }
-
- wm8750_dev = i2c_create_slave(i2c, "wm8750", MP_WM_ADDR);
- dev = qdev_create(NULL, "mv88w8618_audio");
- s = sysbus_from_qdev(dev);
- qdev_prop_set_ptr(dev, "wm8750", wm8750_dev);
- qdev_init_nofail(dev);
- sysbus_mmio_map(s, 0, MP_AUDIO_BASE);
- sysbus_connect_irq(s, 0, pic[MP_AUDIO_IRQ]);
-
- musicpal_binfo.ram_size = MP_RAM_DEFAULT_SIZE;
- musicpal_binfo.kernel_filename = kernel_filename;
- musicpal_binfo.kernel_cmdline = kernel_cmdline;
- musicpal_binfo.initrd_filename = initrd_filename;
- arm_load_kernel(cpu, &musicpal_binfo);
-}
-
-static QEMUMachine musicpal_machine = {
- .name = "musicpal",
- .desc = "Marvell 88w8618 / MusicPal (ARM926EJ-S)",
- .init = musicpal_init,
-};
-
-static void musicpal_machine_init(void)
-{
- qemu_register_machine(&musicpal_machine);
-}
-
-machine_init(musicpal_machine_init);
-
-static void mv88w8618_wlan_class_init(ObjectClass *klass, void *data)
-{
- SysBusDeviceClass *sdc = SYS_BUS_DEVICE_CLASS(klass);
-
- sdc->init = mv88w8618_wlan_init;
-}
-
-static TypeInfo mv88w8618_wlan_info = {
- .name = "mv88w8618_wlan",
- .parent = TYPE_SYS_BUS_DEVICE,
- .instance_size = sizeof(SysBusDevice),
- .class_init = mv88w8618_wlan_class_init,
-};
-
-static void musicpal_register_types(void)
-{
- type_register_static(&mv88w8618_pic_info);
- type_register_static(&mv88w8618_pit_info);
- type_register_static(&mv88w8618_flashcfg_info);
- type_register_static(&mv88w8618_eth_info);
- type_register_static(&mv88w8618_wlan_info);
- type_register_static(&musicpal_lcd_info);
- type_register_static(&musicpal_gpio_info);
- type_register_static(&musicpal_key_info);
-}
-
-type_init(musicpal_register_types)
diff --git a/hw/nand.c b/hw/nand.c
deleted file mode 100644
index 01f3adaee..000000000
--- a/hw/nand.c
+++ /dev/null
@@ -1,789 +0,0 @@
-/*
- * Flash NAND memory emulation. Based on "16M x 8 Bit NAND Flash
- * Memory" datasheet for the KM29U128AT / K9F2808U0A chips from
- * Samsung Electronic.
- *
- * Copyright (c) 2006 Openedhand Ltd.
- * Written by Andrzej Zaborowski <balrog@zabor.org>
- *
- * Support for additional features based on "MT29F2G16ABCWP 2Gx16"
- * datasheet from Micron Technology and "NAND02G-B2C" datasheet
- * from ST Microelectronics.
- *
- * This code is licensed under the GNU GPL v2.
- *
- * Contributions after 2012-01-13 are licensed under the terms of the
- * GNU GPL, version 2 or (at your option) any later version.
- */
-
-#ifndef NAND_IO
-
-# include "hw.h"
-# include "flash.h"
-# include "blockdev.h"
-# include "sysbus.h"
-#include "qemu-error.h"
-
-# define NAND_CMD_READ0 0x00
-# define NAND_CMD_READ1 0x01
-# define NAND_CMD_READ2 0x50
-# define NAND_CMD_LPREAD2 0x30
-# define NAND_CMD_NOSERIALREAD2 0x35
-# define NAND_CMD_RANDOMREAD1 0x05
-# define NAND_CMD_RANDOMREAD2 0xe0
-# define NAND_CMD_READID 0x90
-# define NAND_CMD_RESET 0xff
-# define NAND_CMD_PAGEPROGRAM1 0x80
-# define NAND_CMD_PAGEPROGRAM2 0x10
-# define NAND_CMD_CACHEPROGRAM2 0x15
-# define NAND_CMD_BLOCKERASE1 0x60
-# define NAND_CMD_BLOCKERASE2 0xd0
-# define NAND_CMD_READSTATUS 0x70
-# define NAND_CMD_COPYBACKPRG1 0x85
-
-# define NAND_IOSTATUS_ERROR (1 << 0)
-# define NAND_IOSTATUS_PLANE0 (1 << 1)
-# define NAND_IOSTATUS_PLANE1 (1 << 2)
-# define NAND_IOSTATUS_PLANE2 (1 << 3)
-# define NAND_IOSTATUS_PLANE3 (1 << 4)
-# define NAND_IOSTATUS_BUSY (1 << 6)
-# define NAND_IOSTATUS_UNPROTCT (1 << 7)
-
-# define MAX_PAGE 0x800
-# define MAX_OOB 0x40
-
-typedef struct NANDFlashState NANDFlashState;
-struct NANDFlashState {
- SysBusDevice busdev;
- uint8_t manf_id, chip_id;
- uint8_t buswidth; /* in BYTES */
- int size, pages;
- int page_shift, oob_shift, erase_shift, addr_shift;
- uint8_t *storage;
- BlockDriverState *bdrv;
- int mem_oob;
-
- uint8_t cle, ale, ce, wp, gnd;
-
- uint8_t io[MAX_PAGE + MAX_OOB + 0x400];
- uint8_t *ioaddr;
- int iolen;
-
- uint32_t cmd;
- uint64_t addr;
- int addrlen;
- int status;
- int offset;
-
- void (*blk_write)(NANDFlashState *s);
- void (*blk_erase)(NANDFlashState *s);
- void (*blk_load)(NANDFlashState *s, uint64_t addr, int offset);
-
- uint32_t ioaddr_vmstate;
-};
-
-static void mem_and(uint8_t *dest, const uint8_t *src, size_t n)
-{
- /* Like memcpy() but we logical-AND the data into the destination */
- int i;
- for (i = 0; i < n; i++) {
- dest[i] &= src[i];
- }
-}
-
-# define NAND_NO_AUTOINCR 0x00000001
-# define NAND_BUSWIDTH_16 0x00000002
-# define NAND_NO_PADDING 0x00000004
-# define NAND_CACHEPRG 0x00000008
-# define NAND_COPYBACK 0x00000010
-# define NAND_IS_AND 0x00000020
-# define NAND_4PAGE_ARRAY 0x00000040
-# define NAND_NO_READRDY 0x00000100
-# define NAND_SAMSUNG_LP (NAND_NO_PADDING | NAND_COPYBACK)
-
-# define NAND_IO
-
-# define PAGE(addr) ((addr) >> ADDR_SHIFT)
-# define PAGE_START(page) (PAGE(page) * (PAGE_SIZE + OOB_SIZE))
-# define PAGE_MASK ((1 << ADDR_SHIFT) - 1)
-# define OOB_SHIFT (PAGE_SHIFT - 5)
-# define OOB_SIZE (1 << OOB_SHIFT)
-# define SECTOR(addr) ((addr) >> (9 + ADDR_SHIFT - PAGE_SHIFT))
-# define SECTOR_OFFSET(addr) ((addr) & ((511 >> PAGE_SHIFT) << 8))
-
-# define PAGE_SIZE 256
-# define PAGE_SHIFT 8
-# define PAGE_SECTORS 1
-# define ADDR_SHIFT 8
-# include "nand.c"
-# define PAGE_SIZE 512
-# define PAGE_SHIFT 9
-# define PAGE_SECTORS 1
-# define ADDR_SHIFT 8
-# include "nand.c"
-# define PAGE_SIZE 2048
-# define PAGE_SHIFT 11
-# define PAGE_SECTORS 4
-# define ADDR_SHIFT 16
-# include "nand.c"
-
-/* Information based on Linux drivers/mtd/nand/nand_ids.c */
-static const struct {
- int size;
- int width;
- int page_shift;
- int erase_shift;
- uint32_t options;
-} nand_flash_ids[0x100] = {
- [0 ... 0xff] = { 0 },
-
- [0x6e] = { 1, 8, 8, 4, 0 },
- [0x64] = { 2, 8, 8, 4, 0 },
- [0x6b] = { 4, 8, 9, 4, 0 },
- [0xe8] = { 1, 8, 8, 4, 0 },
- [0xec] = { 1, 8, 8, 4, 0 },
- [0xea] = { 2, 8, 8, 4, 0 },
- [0xd5] = { 4, 8, 9, 4, 0 },
- [0xe3] = { 4, 8, 9, 4, 0 },
- [0xe5] = { 4, 8, 9, 4, 0 },
- [0xd6] = { 8, 8, 9, 4, 0 },
-
- [0x39] = { 8, 8, 9, 4, 0 },
- [0xe6] = { 8, 8, 9, 4, 0 },
- [0x49] = { 8, 16, 9, 4, NAND_BUSWIDTH_16 },
- [0x59] = { 8, 16, 9, 4, NAND_BUSWIDTH_16 },
-
- [0x33] = { 16, 8, 9, 5, 0 },
- [0x73] = { 16, 8, 9, 5, 0 },
- [0x43] = { 16, 16, 9, 5, NAND_BUSWIDTH_16 },
- [0x53] = { 16, 16, 9, 5, NAND_BUSWIDTH_16 },
-
- [0x35] = { 32, 8, 9, 5, 0 },
- [0x75] = { 32, 8, 9, 5, 0 },
- [0x45] = { 32, 16, 9, 5, NAND_BUSWIDTH_16 },
- [0x55] = { 32, 16, 9, 5, NAND_BUSWIDTH_16 },
-
- [0x36] = { 64, 8, 9, 5, 0 },
- [0x76] = { 64, 8, 9, 5, 0 },
- [0x46] = { 64, 16, 9, 5, NAND_BUSWIDTH_16 },
- [0x56] = { 64, 16, 9, 5, NAND_BUSWIDTH_16 },
-
- [0x78] = { 128, 8, 9, 5, 0 },
- [0x39] = { 128, 8, 9, 5, 0 },
- [0x79] = { 128, 8, 9, 5, 0 },
- [0x72] = { 128, 16, 9, 5, NAND_BUSWIDTH_16 },
- [0x49] = { 128, 16, 9, 5, NAND_BUSWIDTH_16 },
- [0x74] = { 128, 16, 9, 5, NAND_BUSWIDTH_16 },
- [0x59] = { 128, 16, 9, 5, NAND_BUSWIDTH_16 },
-
- [0x71] = { 256, 8, 9, 5, 0 },
-
- /*
- * These are the new chips with large page size. The pagesize and the
- * erasesize is determined from the extended id bytes
- */
-# define LP_OPTIONS (NAND_SAMSUNG_LP | NAND_NO_READRDY | NAND_NO_AUTOINCR)
-# define LP_OPTIONS16 (LP_OPTIONS | NAND_BUSWIDTH_16)
-
- /* 512 Megabit */
- [0xa2] = { 64, 8, 0, 0, LP_OPTIONS },
- [0xf2] = { 64, 8, 0, 0, LP_OPTIONS },
- [0xb2] = { 64, 16, 0, 0, LP_OPTIONS16 },
- [0xc2] = { 64, 16, 0, 0, LP_OPTIONS16 },
-
- /* 1 Gigabit */
- [0xa1] = { 128, 8, 0, 0, LP_OPTIONS },
- [0xf1] = { 128, 8, 0, 0, LP_OPTIONS },
- [0xb1] = { 128, 16, 0, 0, LP_OPTIONS16 },
- [0xc1] = { 128, 16, 0, 0, LP_OPTIONS16 },
-
- /* 2 Gigabit */
- [0xaa] = { 256, 8, 0, 0, LP_OPTIONS },
- [0xda] = { 256, 8, 0, 0, LP_OPTIONS },
- [0xba] = { 256, 16, 0, 0, LP_OPTIONS16 },
- [0xca] = { 256, 16, 0, 0, LP_OPTIONS16 },
-
- /* 4 Gigabit */
- [0xac] = { 512, 8, 0, 0, LP_OPTIONS },
- [0xdc] = { 512, 8, 0, 0, LP_OPTIONS },
- [0xbc] = { 512, 16, 0, 0, LP_OPTIONS16 },
- [0xcc] = { 512, 16, 0, 0, LP_OPTIONS16 },
-
- /* 8 Gigabit */
- [0xa3] = { 1024, 8, 0, 0, LP_OPTIONS },
- [0xd3] = { 1024, 8, 0, 0, LP_OPTIONS },
- [0xb3] = { 1024, 16, 0, 0, LP_OPTIONS16 },
- [0xc3] = { 1024, 16, 0, 0, LP_OPTIONS16 },
-
- /* 16 Gigabit */
- [0xa5] = { 2048, 8, 0, 0, LP_OPTIONS },
- [0xd5] = { 2048, 8, 0, 0, LP_OPTIONS },
- [0xb5] = { 2048, 16, 0, 0, LP_OPTIONS16 },
- [0xc5] = { 2048, 16, 0, 0, LP_OPTIONS16 },
-};
-
-static void nand_reset(DeviceState *dev)
-{
- NANDFlashState *s = FROM_SYSBUS(NANDFlashState, sysbus_from_qdev(dev));
- s->cmd = NAND_CMD_READ0;
- s->addr = 0;
- s->addrlen = 0;
- s->iolen = 0;
- s->offset = 0;
- s->status &= NAND_IOSTATUS_UNPROTCT;
-}
-
-static inline void nand_pushio_byte(NANDFlashState *s, uint8_t value)
-{
- s->ioaddr[s->iolen++] = value;
- for (value = s->buswidth; --value;) {
- s->ioaddr[s->iolen++] = 0;
- }
-}
-
-static void nand_command(NANDFlashState *s)
-{
- unsigned int offset;
- switch (s->cmd) {
- case NAND_CMD_READ0:
- s->iolen = 0;
- break;
-
- case NAND_CMD_READID:
- s->ioaddr = s->io;
- s->iolen = 0;
- nand_pushio_byte(s, s->manf_id);
- nand_pushio_byte(s, s->chip_id);
- nand_pushio_byte(s, 'Q'); /* Don't-care byte (often 0xa5) */
- if (nand_flash_ids[s->chip_id].options & NAND_SAMSUNG_LP) {
- /* Page Size, Block Size, Spare Size; bit 6 indicates
- * 8 vs 16 bit width NAND.
- */
- nand_pushio_byte(s, (s->buswidth == 2) ? 0x55 : 0x15);
- } else {
- nand_pushio_byte(s, 0xc0); /* Multi-plane */
- }
- break;
-
- case NAND_CMD_RANDOMREAD2:
- case NAND_CMD_NOSERIALREAD2:
- if (!(nand_flash_ids[s->chip_id].options & NAND_SAMSUNG_LP))
- break;
- offset = s->addr & ((1 << s->addr_shift) - 1);
- s->blk_load(s, s->addr, offset);
- if (s->gnd)
- s->iolen = (1 << s->page_shift) - offset;
- else
- s->iolen = (1 << s->page_shift) + (1 << s->oob_shift) - offset;
- break;
-
- case NAND_CMD_RESET:
- nand_reset(&s->busdev.qdev);
- break;
-
- case NAND_CMD_PAGEPROGRAM1:
- s->ioaddr = s->io;
- s->iolen = 0;
- break;
-
- case NAND_CMD_PAGEPROGRAM2:
- if (s->wp) {
- s->blk_write(s);
- }
- break;
-
- case NAND_CMD_BLOCKERASE1:
- break;
-
- case NAND_CMD_BLOCKERASE2:
- if (nand_flash_ids[s->chip_id].options & NAND_SAMSUNG_LP)
- s->addr <<= 16;
- else
- s->addr <<= 8;
-
- if (s->wp) {
- s->blk_erase(s);
- }
- break;
-
- case NAND_CMD_READSTATUS:
- s->ioaddr = s->io;
- s->iolen = 0;
- nand_pushio_byte(s, s->status);
- break;
-
- default:
- printf("%s: Unknown NAND command 0x%02x\n", __FUNCTION__, s->cmd);
- }
-}
-
-static void nand_pre_save(void *opaque)
-{
- NANDFlashState *s = opaque;
-
- s->ioaddr_vmstate = s->ioaddr - s->io;
-}
-
-static int nand_post_load(void *opaque, int version_id)
-{
- NANDFlashState *s = opaque;
-
- if (s->ioaddr_vmstate > sizeof(s->io)) {
- return -EINVAL;
- }
- s->ioaddr = s->io + s->ioaddr_vmstate;
-
- return 0;
-}
-
-static const VMStateDescription vmstate_nand = {
- .name = "nand",
- .version_id = 1,
- .minimum_version_id = 1,
- .minimum_version_id_old = 1,
- .pre_save = nand_pre_save,
- .post_load = nand_post_load,
- .fields = (VMStateField[]) {
- VMSTATE_UINT8(cle, NANDFlashState),
- VMSTATE_UINT8(ale, NANDFlashState),
- VMSTATE_UINT8(ce, NANDFlashState),
- VMSTATE_UINT8(wp, NANDFlashState),
- VMSTATE_UINT8(gnd, NANDFlashState),
- VMSTATE_BUFFER(io, NANDFlashState),
- VMSTATE_UINT32(ioaddr_vmstate, NANDFlashState),
- VMSTATE_INT32(iolen, NANDFlashState),
- VMSTATE_UINT32(cmd, NANDFlashState),
- VMSTATE_UINT64(addr, NANDFlashState),
- VMSTATE_INT32(addrlen, NANDFlashState),
- VMSTATE_INT32(status, NANDFlashState),
- VMSTATE_INT32(offset, NANDFlashState),
- /* XXX: do we want to save s->storage too? */
- VMSTATE_END_OF_LIST()
- }
-};
-
-static int nand_device_init(SysBusDevice *dev)
-{
- int pagesize;
- NANDFlashState *s = FROM_SYSBUS(NANDFlashState, dev);
-
- s->buswidth = nand_flash_ids[s->chip_id].width >> 3;
- s->size = nand_flash_ids[s->chip_id].size << 20;
- if (nand_flash_ids[s->chip_id].options & NAND_SAMSUNG_LP) {
- s->page_shift = 11;
- s->erase_shift = 6;
- } else {
- s->page_shift = nand_flash_ids[s->chip_id].page_shift;
- s->erase_shift = nand_flash_ids[s->chip_id].erase_shift;
- }
-
- switch (1 << s->page_shift) {
- case 256:
- nand_init_256(s);
- break;
- case 512:
- nand_init_512(s);
- break;
- case 2048:
- nand_init_2048(s);
- break;
- default:
- error_report("Unsupported NAND block size");
- return -1;
- }
-
- pagesize = 1 << s->oob_shift;
- s->mem_oob = 1;
- if (s->bdrv) {
- if (bdrv_is_read_only(s->bdrv)) {
- error_report("Can't use a read-only drive");
- return -1;
- }
- if (bdrv_getlength(s->bdrv) >=
- (s->pages << s->page_shift) + (s->pages << s->oob_shift)) {
- pagesize = 0;
- s->mem_oob = 0;
- }
- } else {
- pagesize += 1 << s->page_shift;
- }
- if (pagesize) {
- s->storage = (uint8_t *) memset(g_malloc(s->pages * pagesize),
- 0xff, s->pages * pagesize);
- }
- /* Give s->ioaddr a sane value in case we save state before it is used. */
- s->ioaddr = s->io;
-
- return 0;
-}
-
-static Property nand_properties[] = {
- DEFINE_PROP_UINT8("manufacturer_id", NANDFlashState, manf_id, 0),
- DEFINE_PROP_UINT8("chip_id", NANDFlashState, chip_id, 0),
- DEFINE_PROP_DRIVE("drive", NANDFlashState, bdrv),
- DEFINE_PROP_END_OF_LIST(),
-};
-
-static void nand_class_init(ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS(klass);
- SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
-
- k->init = nand_device_init;
- dc->reset = nand_reset;
- dc->vmsd = &vmstate_nand;
- dc->props = nand_properties;
-}
-
-static TypeInfo nand_info = {
- .name = "nand",
- .parent = TYPE_SYS_BUS_DEVICE,
- .instance_size = sizeof(NANDFlashState),
- .class_init = nand_class_init,
-};
-
-static void nand_register_types(void)
-{
- type_register_static(&nand_info);
-}
-
-/*
- * Chip inputs are CLE, ALE, CE, WP, GND and eight I/O pins. Chip
- * outputs are R/B and eight I/O pins.
- *
- * CE, WP and R/B are active low.
- */
-void nand_setpins(DeviceState *dev, uint8_t cle, uint8_t ale,
- uint8_t ce, uint8_t wp, uint8_t gnd)
-{
- NANDFlashState *s = (NANDFlashState *) dev;
- s->cle = cle;
- s->ale = ale;
- s->ce = ce;
- s->wp = wp;
- s->gnd = gnd;
- if (wp)
- s->status |= NAND_IOSTATUS_UNPROTCT;
- else
- s->status &= ~NAND_IOSTATUS_UNPROTCT;
-}
-
-void nand_getpins(DeviceState *dev, int *rb)
-{
- *rb = 1;
-}
-
-void nand_setio(DeviceState *dev, uint32_t value)
-{
- int i;
- NANDFlashState *s = (NANDFlashState *) dev;
- if (!s->ce && s->cle) {
- if (nand_flash_ids[s->chip_id].options & NAND_SAMSUNG_LP) {
- if (s->cmd == NAND_CMD_READ0 && value == NAND_CMD_LPREAD2)
- return;
- if (value == NAND_CMD_RANDOMREAD1) {
- s->addr &= ~((1 << s->addr_shift) - 1);
- s->addrlen = 0;
- return;
- }
- }
- if (value == NAND_CMD_READ0)
- s->offset = 0;
- else if (value == NAND_CMD_READ1) {
- s->offset = 0x100;
- value = NAND_CMD_READ0;
- }
- else if (value == NAND_CMD_READ2) {
- s->offset = 1 << s->page_shift;
- value = NAND_CMD_READ0;
- }
-
- s->cmd = value;
-
- if (s->cmd == NAND_CMD_READSTATUS ||
- s->cmd == NAND_CMD_PAGEPROGRAM2 ||
- s->cmd == NAND_CMD_BLOCKERASE1 ||
- s->cmd == NAND_CMD_BLOCKERASE2 ||
- s->cmd == NAND_CMD_NOSERIALREAD2 ||
- s->cmd == NAND_CMD_RANDOMREAD2 ||
- s->cmd == NAND_CMD_RESET)
- nand_command(s);
-
- if (s->cmd != NAND_CMD_RANDOMREAD2) {
- s->addrlen = 0;
- }
- }
-
- if (s->ale) {
- unsigned int shift = s->addrlen * 8;
- unsigned int mask = ~(0xff << shift);
- unsigned int v = value << shift;
-
- s->addr = (s->addr & mask) | v;
- s->addrlen ++;
-
- switch (s->addrlen) {
- case 1:
- if (s->cmd == NAND_CMD_READID) {
- nand_command(s);
- }
- break;
- case 2: /* fix cache address as a byte address */
- s->addr <<= (s->buswidth - 1);
- break;
- case 3:
- if (!(nand_flash_ids[s->chip_id].options & NAND_SAMSUNG_LP) &&
- (s->cmd == NAND_CMD_READ0 ||
- s->cmd == NAND_CMD_PAGEPROGRAM1)) {
- nand_command(s);
- }
- break;
- case 4:
- if ((nand_flash_ids[s->chip_id].options & NAND_SAMSUNG_LP) &&
- nand_flash_ids[s->chip_id].size < 256 && /* 1Gb or less */
- (s->cmd == NAND_CMD_READ0 ||
- s->cmd == NAND_CMD_PAGEPROGRAM1)) {
- nand_command(s);
- }
- break;
- case 5:
- if ((nand_flash_ids[s->chip_id].options & NAND_SAMSUNG_LP) &&
- nand_flash_ids[s->chip_id].size >= 256 && /* 2Gb or more */
- (s->cmd == NAND_CMD_READ0 ||
- s->cmd == NAND_CMD_PAGEPROGRAM1)) {
- nand_command(s);
- }
- break;
- default:
- break;
- }
- }
-
- if (!s->cle && !s->ale && s->cmd == NAND_CMD_PAGEPROGRAM1) {
- if (s->iolen < (1 << s->page_shift) + (1 << s->oob_shift)) {
- for (i = s->buswidth; i--; value >>= 8) {
- s->io[s->iolen ++] = (uint8_t) (value & 0xff);
- }
- }
- } else if (!s->cle && !s->ale && s->cmd == NAND_CMD_COPYBACKPRG1) {
- if ((s->addr & ((1 << s->addr_shift) - 1)) <
- (1 << s->page_shift) + (1 << s->oob_shift)) {
- for (i = s->buswidth; i--; s->addr++, value >>= 8) {
- s->io[s->iolen + (s->addr & ((1 << s->addr_shift) - 1))] =
- (uint8_t) (value & 0xff);
- }
- }
- }
-}
-
-uint32_t nand_getio(DeviceState *dev)
-{
- int offset;
- uint32_t x = 0;
- NANDFlashState *s = (NANDFlashState *) dev;
-
- /* Allow sequential reading */
- if (!s->iolen && s->cmd == NAND_CMD_READ0) {
- offset = (int) (s->addr & ((1 << s->addr_shift) - 1)) + s->offset;
- s->offset = 0;
-
- s->blk_load(s, s->addr, offset);
- if (s->gnd)
- s->iolen = (1 << s->page_shift) - offset;
- else
- s->iolen = (1 << s->page_shift) + (1 << s->oob_shift) - offset;
- }
-
- if (s->ce || s->iolen <= 0)
- return 0;
-
- for (offset = s->buswidth; offset--;) {
- x |= s->ioaddr[offset] << (offset << 3);
- }
- /* after receiving READ STATUS command all subsequent reads will
- * return the status register value until another command is issued
- */
- if (s->cmd != NAND_CMD_READSTATUS) {
- s->addr += s->buswidth;
- s->ioaddr += s->buswidth;
- s->iolen -= s->buswidth;
- }
- return x;
-}
-
-uint32_t nand_getbuswidth(DeviceState *dev)
-{
- NANDFlashState *s = (NANDFlashState *) dev;
- return s->buswidth << 3;
-}
-
-DeviceState *nand_init(BlockDriverState *bdrv, int manf_id, int chip_id)
-{
- DeviceState *dev;
-
- if (nand_flash_ids[chip_id].size == 0) {
- hw_error("%s: Unsupported NAND chip ID.\n", __FUNCTION__);
- }
- dev = qdev_create(NULL, "nand");
- qdev_prop_set_uint8(dev, "manufacturer_id", manf_id);
- qdev_prop_set_uint8(dev, "chip_id", chip_id);
- if (bdrv) {
- qdev_prop_set_drive_nofail(dev, "drive", bdrv);
- }
-
- qdev_init_nofail(dev);
- return dev;
-}
-
-type_init(nand_register_types)
-
-#else
-
-/* Program a single page */
-static void glue(nand_blk_write_, PAGE_SIZE)(NANDFlashState *s)
-{
- uint64_t off, page, sector, soff;
- uint8_t iobuf[(PAGE_SECTORS + 2) * 0x200];
- if (PAGE(s->addr) >= s->pages)
- return;
-
- if (!s->bdrv) {
- mem_and(s->storage + PAGE_START(s->addr) + (s->addr & PAGE_MASK) +
- s->offset, s->io, s->iolen);
- } else if (s->mem_oob) {
- sector = SECTOR(s->addr);
- off = (s->addr & PAGE_MASK) + s->offset;
- soff = SECTOR_OFFSET(s->addr);
- if (bdrv_read(s->bdrv, sector, iobuf, PAGE_SECTORS) < 0) {
- printf("%s: read error in sector %" PRIu64 "\n", __func__, sector);
- return;
- }
-
- mem_and(iobuf + (soff | off), s->io, MIN(s->iolen, PAGE_SIZE - off));
- if (off + s->iolen > PAGE_SIZE) {
- page = PAGE(s->addr);
- mem_and(s->storage + (page << OOB_SHIFT), s->io + PAGE_SIZE - off,
- MIN(OOB_SIZE, off + s->iolen - PAGE_SIZE));
- }
-
- if (bdrv_write(s->bdrv, sector, iobuf, PAGE_SECTORS) < 0) {
- printf("%s: write error in sector %" PRIu64 "\n", __func__, sector);
- }
- } else {
- off = PAGE_START(s->addr) + (s->addr & PAGE_MASK) + s->offset;
- sector = off >> 9;
- soff = off & 0x1ff;
- if (bdrv_read(s->bdrv, sector, iobuf, PAGE_SECTORS + 2) < 0) {
- printf("%s: read error in sector %" PRIu64 "\n", __func__, sector);
- return;
- }
-
- mem_and(iobuf + soff, s->io, s->iolen);
-
- if (bdrv_write(s->bdrv, sector, iobuf, PAGE_SECTORS + 2) < 0) {
- printf("%s: write error in sector %" PRIu64 "\n", __func__, sector);
- }
- }
- s->offset = 0;
-}
-
-/* Erase a single block */
-static void glue(nand_blk_erase_, PAGE_SIZE)(NANDFlashState *s)
-{
- uint64_t i, page, addr;
- uint8_t iobuf[0x200] = { [0 ... 0x1ff] = 0xff, };
- addr = s->addr & ~((1 << (ADDR_SHIFT + s->erase_shift)) - 1);
-
- if (PAGE(addr) >= s->pages)
- return;
-
- if (!s->bdrv) {
- memset(s->storage + PAGE_START(addr),
- 0xff, (PAGE_SIZE + OOB_SIZE) << s->erase_shift);
- } else if (s->mem_oob) {
- memset(s->storage + (PAGE(addr) << OOB_SHIFT),
- 0xff, OOB_SIZE << s->erase_shift);
- i = SECTOR(addr);
- page = SECTOR(addr + (ADDR_SHIFT + s->erase_shift));
- for (; i < page; i ++)
- if (bdrv_write(s->bdrv, i, iobuf, 1) < 0) {
- printf("%s: write error in sector %" PRIu64 "\n", __func__, i);
- }
- } else {
- addr = PAGE_START(addr);
- page = addr >> 9;
- if (bdrv_read(s->bdrv, page, iobuf, 1) < 0) {
- printf("%s: read error in sector %" PRIu64 "\n", __func__, page);
- }
- memset(iobuf + (addr & 0x1ff), 0xff, (~addr & 0x1ff) + 1);
- if (bdrv_write(s->bdrv, page, iobuf, 1) < 0) {
- printf("%s: write error in sector %" PRIu64 "\n", __func__, page);
- }
-
- memset(iobuf, 0xff, 0x200);
- i = (addr & ~0x1ff) + 0x200;
- for (addr += ((PAGE_SIZE + OOB_SIZE) << s->erase_shift) - 0x200;
- i < addr; i += 0x200)
- if (bdrv_write(s->bdrv, i >> 9, iobuf, 1) < 0) {
- printf("%s: write error in sector %" PRIu64 "\n",
- __func__, i >> 9);
- }
-
- page = i >> 9;
- if (bdrv_read(s->bdrv, page, iobuf, 1) < 0) {
- printf("%s: read error in sector %" PRIu64 "\n", __func__, page);
- }
- memset(iobuf, 0xff, ((addr - 1) & 0x1ff) + 1);
- if (bdrv_write(s->bdrv, page, iobuf, 1) < 0) {
- printf("%s: write error in sector %" PRIu64 "\n", __func__, page);
- }
- }
-}
-
-static void glue(nand_blk_load_, PAGE_SIZE)(NANDFlashState *s,
- uint64_t addr, int offset)
-{
- if (PAGE(addr) >= s->pages)
- return;
-
- if (s->bdrv) {
- if (s->mem_oob) {
- if (bdrv_read(s->bdrv, SECTOR(addr), s->io, PAGE_SECTORS) < 0) {
- printf("%s: read error in sector %" PRIu64 "\n",
- __func__, SECTOR(addr));
- }
- memcpy(s->io + SECTOR_OFFSET(s->addr) + PAGE_SIZE,
- s->storage + (PAGE(s->addr) << OOB_SHIFT),
- OOB_SIZE);
- s->ioaddr = s->io + SECTOR_OFFSET(s->addr) + offset;
- } else {
- if (bdrv_read(s->bdrv, PAGE_START(addr) >> 9,
- s->io, (PAGE_SECTORS + 2)) < 0) {
- printf("%s: read error in sector %" PRIu64 "\n",
- __func__, PAGE_START(addr) >> 9);
- }
- s->ioaddr = s->io + (PAGE_START(addr) & 0x1ff) + offset;
- }
- } else {
- memcpy(s->io, s->storage + PAGE_START(s->addr) +
- offset, PAGE_SIZE + OOB_SIZE - offset);
- s->ioaddr = s->io;
- }
-}
-
-static void glue(nand_init_, PAGE_SIZE)(NANDFlashState *s)
-{
- s->oob_shift = PAGE_SHIFT - 5;
- s->pages = s->size >> PAGE_SHIFT;
- s->addr_shift = ADDR_SHIFT;
-
- s->blk_erase = glue(nand_blk_erase_, PAGE_SIZE);
- s->blk_write = glue(nand_blk_write_, PAGE_SIZE);
- s->blk_load = glue(nand_blk_load_, PAGE_SIZE);
-}
-
-# undef PAGE_SIZE
-# undef PAGE_SHIFT
-# undef PAGE_SECTORS
-# undef ADDR_SHIFT
-#endif /* NAND_IO */
diff --git a/hw/ne2000-isa.c b/hw/ne2000-isa.c
deleted file mode 100644
index 69982a9ab..000000000
--- a/hw/ne2000-isa.c
+++ /dev/null
@@ -1,112 +0,0 @@
-/*
- * QEMU NE2000 emulation -- isa bus windup
- *
- * Copyright (c) 2003-2004 Fabrice Bellard
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
- * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
- * THE SOFTWARE.
- */
-#include "hw.h"
-#include "pc.h"
-#include "isa.h"
-#include "qdev.h"
-#include "net.h"
-#include "ne2000.h"
-#include "exec-memory.h"
-
-typedef struct ISANE2000State {
- ISADevice dev;
- uint32_t iobase;
- uint32_t isairq;
- NE2000State ne2000;
-} ISANE2000State;
-
-static void isa_ne2000_cleanup(NetClientState *nc)
-{
- NE2000State *s = DO_UPCAST(NICState, nc, nc)->opaque;
-
- s->nic = NULL;
-}
-
-static NetClientInfo net_ne2000_isa_info = {
- .type = NET_CLIENT_OPTIONS_KIND_NIC,
- .size = sizeof(NICState),
- .can_receive = ne2000_can_receive,
- .receive = ne2000_receive,
- .cleanup = isa_ne2000_cleanup,
-};
-
-static const VMStateDescription vmstate_isa_ne2000 = {
- .name = "ne2000",
- .version_id = 2,
- .minimum_version_id = 0,
- .minimum_version_id_old = 0,
- .fields = (VMStateField []) {
- VMSTATE_STRUCT(ne2000, ISANE2000State, 0, vmstate_ne2000, NE2000State),
- VMSTATE_END_OF_LIST()
- }
-};
-
-static int isa_ne2000_initfn(ISADevice *dev)
-{
- ISANE2000State *isa = DO_UPCAST(ISANE2000State, dev, dev);
- NE2000State *s = &isa->ne2000;
-
- ne2000_setup_io(s, 0x20);
- isa_register_ioport(dev, &s->io, isa->iobase);
-
- isa_init_irq(dev, &s->irq, isa->isairq);
-
- qemu_macaddr_default_if_unset(&s->c.macaddr);
- ne2000_reset(s);
-
- s->nic = qemu_new_nic(&net_ne2000_isa_info, &s->c,
- object_get_typename(OBJECT(dev)), dev->qdev.id, s);
- qemu_format_nic_info_str(&s->nic->nc, s->c.macaddr.a);
-
- return 0;
-}
-
-static Property ne2000_isa_properties[] = {
- DEFINE_PROP_HEX32("iobase", ISANE2000State, iobase, 0x300),
- DEFINE_PROP_UINT32("irq", ISANE2000State, isairq, 9),
- DEFINE_NIC_PROPERTIES(ISANE2000State, ne2000.c),
- DEFINE_PROP_END_OF_LIST(),
-};
-
-static void isa_ne2000_class_initfn(ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS(klass);
- ISADeviceClass *ic = ISA_DEVICE_CLASS(klass);
- ic->init = isa_ne2000_initfn;
- dc->props = ne2000_isa_properties;
-}
-
-static TypeInfo ne2000_isa_info = {
- .name = "ne2k_isa",
- .parent = TYPE_ISA_DEVICE,
- .instance_size = sizeof(ISANE2000State),
- .class_init = isa_ne2000_class_initfn,
-};
-
-static void ne2000_isa_register_types(void)
-{
- type_register_static(&ne2000_isa_info);
-}
-
-type_init(ne2000_isa_register_types)
diff --git a/hw/ne2000.c b/hw/ne2000.c
deleted file mode 100644
index d3dd9a6f2..000000000
--- a/hw/ne2000.c
+++ /dev/null
@@ -1,788 +0,0 @@
-/*
- * QEMU NE2000 emulation
- *
- * Copyright (c) 2003-2004 Fabrice Bellard
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
- * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
- * THE SOFTWARE.
- */
-#include "hw.h"
-#include "pci.h"
-#include "net.h"
-#include "ne2000.h"
-#include "loader.h"
-#include "sysemu.h"
-
-/* debug NE2000 card */
-//#define DEBUG_NE2000
-
-#define MAX_ETH_FRAME_SIZE 1514
-
-#define E8390_CMD 0x00 /* The command register (for all pages) */
-/* Page 0 register offsets. */
-#define EN0_CLDALO 0x01 /* Low byte of current local dma addr RD */
-#define EN0_STARTPG 0x01 /* Starting page of ring bfr WR */
-#define EN0_CLDAHI 0x02 /* High byte of current local dma addr RD */
-#define EN0_STOPPG 0x02 /* Ending page +1 of ring bfr WR */
-#define EN0_BOUNDARY 0x03 /* Boundary page of ring bfr RD WR */
-#define EN0_TSR 0x04 /* Transmit status reg RD */
-#define EN0_TPSR 0x04 /* Transmit starting page WR */
-#define EN0_NCR 0x05 /* Number of collision reg RD */
-#define EN0_TCNTLO 0x05 /* Low byte of tx byte count WR */
-#define EN0_FIFO 0x06 /* FIFO RD */
-#define EN0_TCNTHI 0x06 /* High byte of tx byte count WR */
-#define EN0_ISR 0x07 /* Interrupt status reg RD WR */
-#define EN0_CRDALO 0x08 /* low byte of current remote dma address RD */
-#define EN0_RSARLO 0x08 /* Remote start address reg 0 */
-#define EN0_CRDAHI 0x09 /* high byte, current remote dma address RD */
-#define EN0_RSARHI 0x09 /* Remote start address reg 1 */
-#define EN0_RCNTLO 0x0a /* Remote byte count reg WR */
-#define EN0_RTL8029ID0 0x0a /* Realtek ID byte #1 RD */
-#define EN0_RCNTHI 0x0b /* Remote byte count reg WR */
-#define EN0_RTL8029ID1 0x0b /* Realtek ID byte #2 RD */
-#define EN0_RSR 0x0c /* rx status reg RD */
-#define EN0_RXCR 0x0c /* RX configuration reg WR */
-#define EN0_TXCR 0x0d /* TX configuration reg WR */
-#define EN0_COUNTER0 0x0d /* Rcv alignment error counter RD */
-#define EN0_DCFG 0x0e /* Data configuration reg WR */
-#define EN0_COUNTER1 0x0e /* Rcv CRC error counter RD */
-#define EN0_IMR 0x0f /* Interrupt mask reg WR */
-#define EN0_COUNTER2 0x0f /* Rcv missed frame error counter RD */
-
-#define EN1_PHYS 0x11
-#define EN1_CURPAG 0x17
-#define EN1_MULT 0x18
-
-#define EN2_STARTPG 0x21 /* Starting page of ring bfr RD */
-#define EN2_STOPPG 0x22 /* Ending page +1 of ring bfr RD */
-
-#define EN3_CONFIG0 0x33
-#define EN3_CONFIG1 0x34
-#define EN3_CONFIG2 0x35
-#define EN3_CONFIG3 0x36
-
-/* Register accessed at EN_CMD, the 8390 base addr. */
-#define E8390_STOP 0x01 /* Stop and reset the chip */
-#define E8390_START 0x02 /* Start the chip, clear reset */
-#define E8390_TRANS 0x04 /* Transmit a frame */
-#define E8390_RREAD 0x08 /* Remote read */
-#define E8390_RWRITE 0x10 /* Remote write */
-#define E8390_NODMA 0x20 /* Remote DMA */
-#define E8390_PAGE0 0x00 /* Select page chip registers */
-#define E8390_PAGE1 0x40 /* using the two high-order bits */
-#define E8390_PAGE2 0x80 /* Page 3 is invalid. */
-
-/* Bits in EN0_ISR - Interrupt status register */
-#define ENISR_RX 0x01 /* Receiver, no error */
-#define ENISR_TX 0x02 /* Transmitter, no error */
-#define ENISR_RX_ERR 0x04 /* Receiver, with error */
-#define ENISR_TX_ERR 0x08 /* Transmitter, with error */
-#define ENISR_OVER 0x10 /* Receiver overwrote the ring */
-#define ENISR_COUNTERS 0x20 /* Counters need emptying */
-#define ENISR_RDC 0x40 /* remote dma complete */
-#define ENISR_RESET 0x80 /* Reset completed */
-#define ENISR_ALL 0x3f /* Interrupts we will enable */
-
-/* Bits in received packet status byte and EN0_RSR*/
-#define ENRSR_RXOK 0x01 /* Received a good packet */
-#define ENRSR_CRC 0x02 /* CRC error */
-#define ENRSR_FAE 0x04 /* frame alignment error */
-#define ENRSR_FO 0x08 /* FIFO overrun */
-#define ENRSR_MPA 0x10 /* missed pkt */
-#define ENRSR_PHY 0x20 /* physical/multicast address */
-#define ENRSR_DIS 0x40 /* receiver disable. set in monitor mode */
-#define ENRSR_DEF 0x80 /* deferring */
-
-/* Transmitted packet status, EN0_TSR. */
-#define ENTSR_PTX 0x01 /* Packet transmitted without error */
-#define ENTSR_ND 0x02 /* The transmit wasn't deferred. */
-#define ENTSR_COL 0x04 /* The transmit collided at least once. */
-#define ENTSR_ABT 0x08 /* The transmit collided 16 times, and was deferred. */
-#define ENTSR_CRS 0x10 /* The carrier sense was lost. */
-#define ENTSR_FU 0x20 /* A "FIFO underrun" occurred during transmit. */
-#define ENTSR_CDH 0x40 /* The collision detect "heartbeat" signal was lost. */
-#define ENTSR_OWC 0x80 /* There was an out-of-window collision. */
-
-typedef struct PCINE2000State {
- PCIDevice dev;
- NE2000State ne2000;
-} PCINE2000State;
-
-void ne2000_reset(NE2000State *s)
-{
- int i;
-
- s->isr = ENISR_RESET;
- memcpy(s->mem, &s->c.macaddr, 6);
- s->mem[14] = 0x57;
- s->mem[15] = 0x57;
-
- /* duplicate prom data */
- for(i = 15;i >= 0; i--) {
- s->mem[2 * i] = s->mem[i];
- s->mem[2 * i + 1] = s->mem[i];
- }
-}
-
-static void ne2000_update_irq(NE2000State *s)
-{
- int isr;
- isr = (s->isr & s->imr) & 0x7f;
-#if defined(DEBUG_NE2000)
- printf("NE2000: Set IRQ to %d (%02x %02x)\n",
- isr ? 1 : 0, s->isr, s->imr);
-#endif
- qemu_set_irq(s->irq, (isr != 0));
-}
-
-static int ne2000_buffer_full(NE2000State *s)
-{
- int avail, index, boundary;
-
- index = s->curpag << 8;
- boundary = s->boundary << 8;
- if (index < boundary)
- avail = boundary - index;
- else
- avail = (s->stop - s->start) - (index - boundary);
- if (avail < (MAX_ETH_FRAME_SIZE + 4))
- return 1;
- return 0;
-}
-
-int ne2000_can_receive(NetClientState *nc)
-{
- NE2000State *s = DO_UPCAST(NICState, nc, nc)->opaque;
-
- if (s->cmd & E8390_STOP)
- return 1;
- return !ne2000_buffer_full(s);
-}
-
-#define MIN_BUF_SIZE 60
-
-ssize_t ne2000_receive(NetClientState *nc, const uint8_t *buf, size_t size_)
-{
- NE2000State *s = DO_UPCAST(NICState, nc, nc)->opaque;
- int size = size_;
- uint8_t *p;
- unsigned int total_len, next, avail, len, index, mcast_idx;
- uint8_t buf1[60];
- static const uint8_t broadcast_macaddr[6] =
- { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
-
-#if defined(DEBUG_NE2000)
- printf("NE2000: received len=%d\n", size);
-#endif
-
- if (s->cmd & E8390_STOP || ne2000_buffer_full(s))
- return -1;
-
- /* XXX: check this */
- if (s->rxcr & 0x10) {
- /* promiscuous: receive all */
- } else {
- if (!memcmp(buf, broadcast_macaddr, 6)) {
- /* broadcast address */
- if (!(s->rxcr & 0x04))
- return size;
- } else if (buf[0] & 0x01) {
- /* multicast */
- if (!(s->rxcr & 0x08))
- return size;
- mcast_idx = compute_mcast_idx(buf);
- if (!(s->mult[mcast_idx >> 3] & (1 << (mcast_idx & 7))))
- return size;
- } else if (s->mem[0] == buf[0] &&
- s->mem[2] == buf[1] &&
- s->mem[4] == buf[2] &&
- s->mem[6] == buf[3] &&
- s->mem[8] == buf[4] &&
- s->mem[10] == buf[5]) {
- /* match */
- } else {
- return size;
- }
- }
-
-
- /* if too small buffer, then expand it */
- if (size < MIN_BUF_SIZE) {
- memcpy(buf1, buf, size);
- memset(buf1 + size, 0, MIN_BUF_SIZE - size);
- buf = buf1;
- size = MIN_BUF_SIZE;
- }
-
- index = s->curpag << 8;
- /* 4 bytes for header */
- total_len = size + 4;
- /* address for next packet (4 bytes for CRC) */
- next = index + ((total_len + 4 + 255) & ~0xff);
- if (next >= s->stop)
- next -= (s->stop - s->start);
- /* prepare packet header */
- p = s->mem + index;
- s->rsr = ENRSR_RXOK; /* receive status */
- /* XXX: check this */
- if (buf[0] & 0x01)
- s->rsr |= ENRSR_PHY;
- p[0] = s->rsr;
- p[1] = next >> 8;
- p[2] = total_len;
- p[3] = total_len >> 8;
- index += 4;
-
- /* write packet data */
- while (size > 0) {
- if (index <= s->stop)
- avail = s->stop - index;
- else
- avail = 0;
- len = size;
- if (len > avail)
- len = avail;
- memcpy(s->mem + index, buf, len);
- buf += len;
- index += len;
- if (index == s->stop)
- index = s->start;
- size -= len;
- }
- s->curpag = next >> 8;
-
- /* now we can signal we have received something */
- s->isr |= ENISR_RX;
- ne2000_update_irq(s);
-
- return size_;
-}
-
-static void ne2000_ioport_write(void *opaque, uint32_t addr, uint32_t val)
-{
- NE2000State *s = opaque;
- int offset, page, index;
-
- addr &= 0xf;
-#ifdef DEBUG_NE2000
- printf("NE2000: write addr=0x%x val=0x%02x\n", addr, val);
-#endif
- if (addr == E8390_CMD) {
- /* control register */
- s->cmd = val;
- if (!(val & E8390_STOP)) { /* START bit makes no sense on RTL8029... */
- s->isr &= ~ENISR_RESET;
- /* test specific case: zero length transfer */
- if ((val & (E8390_RREAD | E8390_RWRITE)) &&
- s->rcnt == 0) {
- s->isr |= ENISR_RDC;
- ne2000_update_irq(s);
- }
- if (val & E8390_TRANS) {
- index = (s->tpsr << 8);
- /* XXX: next 2 lines are a hack to make netware 3.11 work */
- if (index >= NE2000_PMEM_END)
- index -= NE2000_PMEM_SIZE;
- /* fail safe: check range on the transmitted length */
- if (index + s->tcnt <= NE2000_PMEM_END) {
- qemu_send_packet(&s->nic->nc, s->mem + index, s->tcnt);
- }
- /* signal end of transfer */
- s->tsr = ENTSR_PTX;
- s->isr |= ENISR_TX;
- s->cmd &= ~E8390_TRANS;
- ne2000_update_irq(s);
- }
- }
- } else {
- page = s->cmd >> 6;
- offset = addr | (page << 4);
- switch(offset) {
- case EN0_STARTPG:
- s->start = val << 8;
- break;
- case EN0_STOPPG:
- s->stop = val << 8;
- break;
- case EN0_BOUNDARY:
- s->boundary = val;
- break;
- case EN0_IMR:
- s->imr = val;
- ne2000_update_irq(s);
- break;
- case EN0_TPSR:
- s->tpsr = val;
- break;
- case EN0_TCNTLO:
- s->tcnt = (s->tcnt & 0xff00) | val;
- break;
- case EN0_TCNTHI:
- s->tcnt = (s->tcnt & 0x00ff) | (val << 8);
- break;
- case EN0_RSARLO:
- s->rsar = (s->rsar & 0xff00) | val;
- break;
- case EN0_RSARHI:
- s->rsar = (s->rsar & 0x00ff) | (val << 8);
- break;
- case EN0_RCNTLO:
- s->rcnt = (s->rcnt & 0xff00) | val;
- break;
- case EN0_RCNTHI:
- s->rcnt = (s->rcnt & 0x00ff) | (val << 8);
- break;
- case EN0_RXCR:
- s->rxcr = val;
- break;
- case EN0_DCFG:
- s->dcfg = val;
- break;
- case EN0_ISR:
- s->isr &= ~(val & 0x7f);
- ne2000_update_irq(s);
- break;
- case EN1_PHYS ... EN1_PHYS + 5:
- s->phys[offset - EN1_PHYS] = val;
- break;
- case EN1_CURPAG:
- s->curpag = val;
- break;
- case EN1_MULT ... EN1_MULT + 7:
- s->mult[offset - EN1_MULT] = val;
- break;
- }
- }
-}
-
-static uint32_t ne2000_ioport_read(void *opaque, uint32_t addr)
-{
- NE2000State *s = opaque;
- int offset, page, ret;
-
- addr &= 0xf;
- if (addr == E8390_CMD) {
- ret = s->cmd;
- } else {
- page = s->cmd >> 6;
- offset = addr | (page << 4);
- switch(offset) {
- case EN0_TSR:
- ret = s->tsr;
- break;
- case EN0_BOUNDARY:
- ret = s->boundary;
- break;
- case EN0_ISR:
- ret = s->isr;
- break;
- case EN0_RSARLO:
- ret = s->rsar & 0x00ff;
- break;
- case EN0_RSARHI:
- ret = s->rsar >> 8;
- break;
- case EN1_PHYS ... EN1_PHYS + 5:
- ret = s->phys[offset - EN1_PHYS];
- break;
- case EN1_CURPAG:
- ret = s->curpag;
- break;
- case EN1_MULT ... EN1_MULT + 7:
- ret = s->mult[offset - EN1_MULT];
- break;
- case EN0_RSR:
- ret = s->rsr;
- break;
- case EN2_STARTPG:
- ret = s->start >> 8;
- break;
- case EN2_STOPPG:
- ret = s->stop >> 8;
- break;
- case EN0_RTL8029ID0:
- ret = 0x50;
- break;
- case EN0_RTL8029ID1:
- ret = 0x43;
- break;
- case EN3_CONFIG0:
- ret = 0; /* 10baseT media */
- break;
- case EN3_CONFIG2:
- ret = 0x40; /* 10baseT active */
- break;
- case EN3_CONFIG3:
- ret = 0x40; /* Full duplex */
- break;
- default:
- ret = 0x00;
- break;
- }
- }
-#ifdef DEBUG_NE2000
- printf("NE2000: read addr=0x%x val=%02x\n", addr, ret);
-#endif
- return ret;
-}
-
-static inline void ne2000_mem_writeb(NE2000State *s, uint32_t addr,
- uint32_t val)
-{
- if (addr < 32 ||
- (addr >= NE2000_PMEM_START && addr < NE2000_MEM_SIZE)) {
- s->mem[addr] = val;
- }
-}
-
-static inline void ne2000_mem_writew(NE2000State *s, uint32_t addr,
- uint32_t val)
-{
- addr &= ~1; /* XXX: check exact behaviour if not even */
- if (addr < 32 ||
- (addr >= NE2000_PMEM_START && addr < NE2000_MEM_SIZE)) {
- *(uint16_t *)(s->mem + addr) = cpu_to_le16(val);
- }
-}
-
-static inline void ne2000_mem_writel(NE2000State *s, uint32_t addr,
- uint32_t val)
-{
- addr &= ~1; /* XXX: check exact behaviour if not even */
- if (addr < 32 ||
- (addr >= NE2000_PMEM_START && addr < NE2000_MEM_SIZE)) {
- cpu_to_le32wu((uint32_t *)(s->mem + addr), val);
- }
-}
-
-static inline uint32_t ne2000_mem_readb(NE2000State *s, uint32_t addr)
-{
- if (addr < 32 ||
- (addr >= NE2000_PMEM_START && addr < NE2000_MEM_SIZE)) {
- return s->mem[addr];
- } else {
- return 0xff;
- }
-}
-
-static inline uint32_t ne2000_mem_readw(NE2000State *s, uint32_t addr)
-{
- addr &= ~1; /* XXX: check exact behaviour if not even */
- if (addr < 32 ||
- (addr >= NE2000_PMEM_START && addr < NE2000_MEM_SIZE)) {
- return le16_to_cpu(*(uint16_t *)(s->mem + addr));
- } else {
- return 0xffff;
- }
-}
-
-static inline uint32_t ne2000_mem_readl(NE2000State *s, uint32_t addr)
-{
- addr &= ~1; /* XXX: check exact behaviour if not even */
- if (addr < 32 ||
- (addr >= NE2000_PMEM_START && addr < NE2000_MEM_SIZE)) {
- return le32_to_cpupu((uint32_t *)(s->mem + addr));
- } else {
- return 0xffffffff;
- }
-}
-
-static inline void ne2000_dma_update(NE2000State *s, int len)
-{
- s->rsar += len;
- /* wrap */
- /* XXX: check what to do if rsar > stop */
- if (s->rsar == s->stop)
- s->rsar = s->start;
-
- if (s->rcnt <= len) {
- s->rcnt = 0;
- /* signal end of transfer */
- s->isr |= ENISR_RDC;
- ne2000_update_irq(s);
- } else {
- s->rcnt -= len;
- }
-}
-
-static void ne2000_asic_ioport_write(void *opaque, uint32_t addr, uint32_t val)
-{
- NE2000State *s = opaque;
-
-#ifdef DEBUG_NE2000
- printf("NE2000: asic write val=0x%04x\n", val);
-#endif
- if (s->rcnt == 0)
- return;
- if (s->dcfg & 0x01) {
- /* 16 bit access */
- ne2000_mem_writew(s, s->rsar, val);
- ne2000_dma_update(s, 2);
- } else {
- /* 8 bit access */
- ne2000_mem_writeb(s, s->rsar, val);
- ne2000_dma_update(s, 1);
- }
-}
-
-static uint32_t ne2000_asic_ioport_read(void *opaque, uint32_t addr)
-{
- NE2000State *s = opaque;
- int ret;
-
- if (s->dcfg & 0x01) {
- /* 16 bit access */
- ret = ne2000_mem_readw(s, s->rsar);
- ne2000_dma_update(s, 2);
- } else {
- /* 8 bit access */
- ret = ne2000_mem_readb(s, s->rsar);
- ne2000_dma_update(s, 1);
- }
-#ifdef DEBUG_NE2000
- printf("NE2000: asic read val=0x%04x\n", ret);
-#endif
- return ret;
-}
-
-static void ne2000_asic_ioport_writel(void *opaque, uint32_t addr, uint32_t val)
-{
- NE2000State *s = opaque;
-
-#ifdef DEBUG_NE2000
- printf("NE2000: asic writel val=0x%04x\n", val);
-#endif
- if (s->rcnt == 0)
- return;
- /* 32 bit access */
- ne2000_mem_writel(s, s->rsar, val);
- ne2000_dma_update(s, 4);
-}
-
-static uint32_t ne2000_asic_ioport_readl(void *opaque, uint32_t addr)
-{
- NE2000State *s = opaque;
- int ret;
-
- /* 32 bit access */
- ret = ne2000_mem_readl(s, s->rsar);
- ne2000_dma_update(s, 4);
-#ifdef DEBUG_NE2000
- printf("NE2000: asic readl val=0x%04x\n", ret);
-#endif
- return ret;
-}
-
-static void ne2000_reset_ioport_write(void *opaque, uint32_t addr, uint32_t val)
-{
- /* nothing to do (end of reset pulse) */
-}
-
-static uint32_t ne2000_reset_ioport_read(void *opaque, uint32_t addr)
-{
- NE2000State *s = opaque;
- ne2000_reset(s);
- return 0;
-}
-
-static int ne2000_post_load(void* opaque, int version_id)
-{
- NE2000State* s = opaque;
-
- if (version_id < 2) {
- s->rxcr = 0x0c;
- }
- return 0;
-}
-
-const VMStateDescription vmstate_ne2000 = {
- .name = "ne2000",
- .version_id = 2,
- .minimum_version_id = 0,
- .minimum_version_id_old = 0,
- .post_load = ne2000_post_load,
- .fields = (VMStateField []) {
- VMSTATE_UINT8_V(rxcr, NE2000State, 2),
- VMSTATE_UINT8(cmd, NE2000State),
- VMSTATE_UINT32(start, NE2000State),
- VMSTATE_UINT32(stop, NE2000State),
- VMSTATE_UINT8(boundary, NE2000State),
- VMSTATE_UINT8(tsr, NE2000State),
- VMSTATE_UINT8(tpsr, NE2000State),
- VMSTATE_UINT16(tcnt, NE2000State),
- VMSTATE_UINT16(rcnt, NE2000State),
- VMSTATE_UINT32(rsar, NE2000State),
- VMSTATE_UINT8(rsr, NE2000State),
- VMSTATE_UINT8(isr, NE2000State),
- VMSTATE_UINT8(dcfg, NE2000State),
- VMSTATE_UINT8(imr, NE2000State),
- VMSTATE_BUFFER(phys, NE2000State),
- VMSTATE_UINT8(curpag, NE2000State),
- VMSTATE_BUFFER(mult, NE2000State),
- VMSTATE_UNUSED(4), /* was irq */
- VMSTATE_BUFFER(mem, NE2000State),
- VMSTATE_END_OF_LIST()
- }
-};
-
-static const VMStateDescription vmstate_pci_ne2000 = {
- .name = "ne2000",
- .version_id = 3,
- .minimum_version_id = 3,
- .minimum_version_id_old = 3,
- .fields = (VMStateField []) {
- VMSTATE_PCI_DEVICE(dev, PCINE2000State),
- VMSTATE_STRUCT(ne2000, PCINE2000State, 0, vmstate_ne2000, NE2000State),
- VMSTATE_END_OF_LIST()
- }
-};
-
-static uint64_t ne2000_read(void *opaque, hwaddr addr,
- unsigned size)
-{
- NE2000State *s = opaque;
-
- if (addr < 0x10 && size == 1) {
- return ne2000_ioport_read(s, addr);
- } else if (addr == 0x10) {
- if (size <= 2) {
- return ne2000_asic_ioport_read(s, addr);
- } else {
- return ne2000_asic_ioport_readl(s, addr);
- }
- } else if (addr == 0x1f && size == 1) {
- return ne2000_reset_ioport_read(s, addr);
- }
- return ((uint64_t)1 << (size * 8)) - 1;
-}
-
-static void ne2000_write(void *opaque, hwaddr addr,
- uint64_t data, unsigned size)
-{
- NE2000State *s = opaque;
-
- if (addr < 0x10 && size == 1) {
- ne2000_ioport_write(s, addr, data);
- } else if (addr == 0x10) {
- if (size <= 2) {
- ne2000_asic_ioport_write(s, addr, data);
- } else {
- ne2000_asic_ioport_writel(s, addr, data);
- }
- } else if (addr == 0x1f && size == 1) {
- ne2000_reset_ioport_write(s, addr, data);
- }
-}
-
-static const MemoryRegionOps ne2000_ops = {
- .read = ne2000_read,
- .write = ne2000_write,
- .endianness = DEVICE_NATIVE_ENDIAN,
-};
-
-/***********************************************************/
-/* PCI NE2000 definitions */
-
-void ne2000_setup_io(NE2000State *s, unsigned size)
-{
- memory_region_init_io(&s->io, &ne2000_ops, s, "ne2000", size);
-}
-
-static void ne2000_cleanup(NetClientState *nc)
-{
- NE2000State *s = DO_UPCAST(NICState, nc, nc)->opaque;
-
- s->nic = NULL;
-}
-
-static NetClientInfo net_ne2000_info = {
- .type = NET_CLIENT_OPTIONS_KIND_NIC,
- .size = sizeof(NICState),
- .can_receive = ne2000_can_receive,
- .receive = ne2000_receive,
- .cleanup = ne2000_cleanup,
-};
-
-static int pci_ne2000_init(PCIDevice *pci_dev)
-{
- PCINE2000State *d = DO_UPCAST(PCINE2000State, dev, pci_dev);
- NE2000State *s;
- uint8_t *pci_conf;
-
- pci_conf = d->dev.config;
- pci_conf[PCI_INTERRUPT_PIN] = 1; /* interrupt pin A */
-
- s = &d->ne2000;
- ne2000_setup_io(s, 0x100);
- pci_register_bar(&d->dev, 0, PCI_BASE_ADDRESS_SPACE_IO, &s->io);
- s->irq = d->dev.irq[0];
-
- qemu_macaddr_default_if_unset(&s->c.macaddr);
- ne2000_reset(s);
-
- s->nic = qemu_new_nic(&net_ne2000_info, &s->c,
- object_get_typename(OBJECT(pci_dev)), pci_dev->qdev.id, s);
- qemu_format_nic_info_str(&s->nic->nc, s->c.macaddr.a);
-
- add_boot_device_path(s->c.bootindex, &pci_dev->qdev, "/ethernet-phy@0");
-
- return 0;
-}
-
-static void pci_ne2000_exit(PCIDevice *pci_dev)
-{
- PCINE2000State *d = DO_UPCAST(PCINE2000State, dev, pci_dev);
- NE2000State *s = &d->ne2000;
-
- memory_region_destroy(&s->io);
- qemu_del_net_client(&s->nic->nc);
-}
-
-static Property ne2000_properties[] = {
- DEFINE_NIC_PROPERTIES(PCINE2000State, ne2000.c),
- DEFINE_PROP_END_OF_LIST(),
-};
-
-static void ne2000_class_init(ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS(klass);
- PCIDeviceClass *k = PCI_DEVICE_CLASS(klass);
-
- k->init = pci_ne2000_init;
- k->exit = pci_ne2000_exit;
- k->romfile = "pxe-ne2k_pci.rom",
- k->vendor_id = PCI_VENDOR_ID_REALTEK;
- k->device_id = PCI_DEVICE_ID_REALTEK_8029;
- k->class_id = PCI_CLASS_NETWORK_ETHERNET;
- dc->vmsd = &vmstate_pci_ne2000;
- dc->props = ne2000_properties;
-}
-
-static TypeInfo ne2000_info = {
- .name = "ne2k_pci",
- .parent = TYPE_PCI_DEVICE,
- .instance_size = sizeof(PCINE2000State),
- .class_init = ne2000_class_init,
-};
-
-static void ne2000_register_types(void)
-{
- type_register_static(&ne2000_info);
-}
-
-type_init(ne2000_register_types)
diff --git a/hw/ne2000.h b/hw/ne2000.h
deleted file mode 100644
index 1e7ab073e..000000000
--- a/hw/ne2000.h
+++ /dev/null
@@ -1,35 +0,0 @@
-#define NE2000_PMEM_SIZE (32*1024)
-#define NE2000_PMEM_START (16*1024)
-#define NE2000_PMEM_END (NE2000_PMEM_SIZE+NE2000_PMEM_START)
-#define NE2000_MEM_SIZE NE2000_PMEM_END
-
-typedef struct NE2000State {
- MemoryRegion io;
- uint8_t cmd;
- uint32_t start;
- uint32_t stop;
- uint8_t boundary;
- uint8_t tsr;
- uint8_t tpsr;
- uint16_t tcnt;
- uint16_t rcnt;
- uint32_t rsar;
- uint8_t rsr;
- uint8_t rxcr;
- uint8_t isr;
- uint8_t dcfg;
- uint8_t imr;
- uint8_t phys[6]; /* mac address */
- uint8_t curpag;
- uint8_t mult[8]; /* multicast mask array */
- qemu_irq irq;
- NICState *nic;
- NICConf c;
- uint8_t mem[NE2000_MEM_SIZE];
-} NE2000State;
-
-void ne2000_setup_io(NE2000State *s, unsigned size);
-extern const VMStateDescription vmstate_ne2000;
-void ne2000_reset(NE2000State *s);
-int ne2000_can_receive(NetClientState *nc);
-ssize_t ne2000_receive(NetClientState *nc, const uint8_t *buf, size_t size_);
diff --git a/hw/net/Makefile.objs b/hw/net/Makefile.objs
new file mode 100644
index 000000000..951cca3a4
--- /dev/null
+++ b/hw/net/Makefile.objs
@@ -0,0 +1,33 @@
+common-obj-$(CONFIG_DP8393X) += dp8393x.o
+common-obj-$(CONFIG_XEN_BACKEND) += xen_nic.o
+
+# PCI network cards
+common-obj-$(CONFIG_NE2000_PCI) += ne2000.o
+common-obj-$(CONFIG_EEPRO100_PCI) += eepro100.o
+common-obj-$(CONFIG_PCNET_PCI) += pcnet-pci.o
+common-obj-$(CONFIG_PCNET_COMMON) += pcnet.o
+common-obj-$(CONFIG_E1000_PCI) += e1000.o
+common-obj-$(CONFIG_RTL8139_PCI) += rtl8139.o
+common-obj-$(CONFIG_VMXNET3_PCI) += vmxnet_tx_pkt.o vmxnet_rx_pkt.o
+common-obj-$(CONFIG_VMXNET3_PCI) += vmxnet3.o
+
+common-obj-$(CONFIG_SMC91C111) += smc91c111.o
+common-obj-$(CONFIG_LAN9118) += lan9118.o
+common-obj-$(CONFIG_NE2000_ISA) += ne2000-isa.o
+common-obj-$(CONFIG_OPENCORES_ETH) += opencores_eth.o
+common-obj-$(CONFIG_XGMAC) += xgmac.o
+common-obj-$(CONFIG_MIPSNET) += mipsnet.o
+common-obj-$(CONFIG_XILINX_AXI) += xilinx_axienet.o
+
+common-obj-$(CONFIG_CADENCE) += cadence_gem.o
+common-obj-$(CONFIG_STELLARIS_ENET) += stellaris_enet.o
+common-obj-$(CONFIG_LANCE) += lance.o
+
+obj-$(CONFIG_ETRAXFS) += etraxfs_eth.o
+obj-$(CONFIG_COLDFIRE) += mcf_fec.o
+obj-$(CONFIG_MILKYMIST) += milkymist-minimac2.o
+obj-$(CONFIG_PSERIES) += spapr_llan.o
+obj-$(CONFIG_XILINX_ETHLITE) += xilinx_ethlite.o
+
+obj-$(CONFIG_VIRTIO) += virtio-net.o
+obj-y += vhost_net.o
diff --git a/hw/net/cadence_gem.c b/hw/net/cadence_gem.c
new file mode 100644
index 000000000..4a355bbbe
--- /dev/null
+++ b/hw/net/cadence_gem.c
@@ -0,0 +1,1224 @@
+/*
+ * QEMU Xilinx GEM emulation
+ *
+ * Copyright (c) 2011 Xilinx, Inc.
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+#include <zlib.h> /* For crc32 */
+
+#include "hw/sysbus.h"
+#include "net/net.h"
+#include "net/checksum.h"
+
+#ifdef CADENCE_GEM_ERR_DEBUG
+#define DB_PRINT(...) do { \
+ fprintf(stderr, ": %s: ", __func__); \
+ fprintf(stderr, ## __VA_ARGS__); \
+ } while (0);
+#else
+ #define DB_PRINT(...)
+#endif
+
+#define GEM_NWCTRL (0x00000000/4) /* Network Control reg */
+#define GEM_NWCFG (0x00000004/4) /* Network Config reg */
+#define GEM_NWSTATUS (0x00000008/4) /* Network Status reg */
+#define GEM_USERIO (0x0000000C/4) /* User IO reg */
+#define GEM_DMACFG (0x00000010/4) /* DMA Control reg */
+#define GEM_TXSTATUS (0x00000014/4) /* TX Status reg */
+#define GEM_RXQBASE (0x00000018/4) /* RX Q Base address reg */
+#define GEM_TXQBASE (0x0000001C/4) /* TX Q Base address reg */
+#define GEM_RXSTATUS (0x00000020/4) /* RX Status reg */
+#define GEM_ISR (0x00000024/4) /* Interrupt Status reg */
+#define GEM_IER (0x00000028/4) /* Interrupt Enable reg */
+#define GEM_IDR (0x0000002C/4) /* Interrupt Disable reg */
+#define GEM_IMR (0x00000030/4) /* Interrupt Mask reg */
+#define GEM_PHYMNTNC (0x00000034/4) /* Phy Maintaince reg */
+#define GEM_RXPAUSE (0x00000038/4) /* RX Pause Time reg */
+#define GEM_TXPAUSE (0x0000003C/4) /* TX Pause Time reg */
+#define GEM_TXPARTIALSF (0x00000040/4) /* TX Partial Store and Forward */
+#define GEM_RXPARTIALSF (0x00000044/4) /* RX Partial Store and Forward */
+#define GEM_HASHLO (0x00000080/4) /* Hash Low address reg */
+#define GEM_HASHHI (0x00000084/4) /* Hash High address reg */
+#define GEM_SPADDR1LO (0x00000088/4) /* Specific addr 1 low reg */
+#define GEM_SPADDR1HI (0x0000008C/4) /* Specific addr 1 high reg */
+#define GEM_SPADDR2LO (0x00000090/4) /* Specific addr 2 low reg */
+#define GEM_SPADDR2HI (0x00000094/4) /* Specific addr 2 high reg */
+#define GEM_SPADDR3LO (0x00000098/4) /* Specific addr 3 low reg */
+#define GEM_SPADDR3HI (0x0000009C/4) /* Specific addr 3 high reg */
+#define GEM_SPADDR4LO (0x000000A0/4) /* Specific addr 4 low reg */
+#define GEM_SPADDR4HI (0x000000A4/4) /* Specific addr 4 high reg */
+#define GEM_TIDMATCH1 (0x000000A8/4) /* Type ID1 Match reg */
+#define GEM_TIDMATCH2 (0x000000AC/4) /* Type ID2 Match reg */
+#define GEM_TIDMATCH3 (0x000000B0/4) /* Type ID3 Match reg */
+#define GEM_TIDMATCH4 (0x000000B4/4) /* Type ID4 Match reg */
+#define GEM_WOLAN (0x000000B8/4) /* Wake on LAN reg */
+#define GEM_IPGSTRETCH (0x000000BC/4) /* IPG Stretch reg */
+#define GEM_SVLAN (0x000000C0/4) /* Stacked VLAN reg */
+#define GEM_MODID (0x000000FC/4) /* Module ID reg */
+#define GEM_OCTTXLO (0x00000100/4) /* Octects transmitted Low reg */
+#define GEM_OCTTXHI (0x00000104/4) /* Octects transmitted High reg */
+#define GEM_TXCNT (0x00000108/4) /* Error-free Frames transmitted */
+#define GEM_TXBCNT (0x0000010C/4) /* Error-free Broadcast Frames */
+#define GEM_TXMCNT (0x00000110/4) /* Error-free Multicast Frame */
+#define GEM_TXPAUSECNT (0x00000114/4) /* Pause Frames Transmitted */
+#define GEM_TX64CNT (0x00000118/4) /* Error-free 64 TX */
+#define GEM_TX65CNT (0x0000011C/4) /* Error-free 65-127 TX */
+#define GEM_TX128CNT (0x00000120/4) /* Error-free 128-255 TX */
+#define GEM_TX256CNT (0x00000124/4) /* Error-free 256-511 */
+#define GEM_TX512CNT (0x00000128/4) /* Error-free 512-1023 TX */
+#define GEM_TX1024CNT (0x0000012C/4) /* Error-free 1024-1518 TX */
+#define GEM_TX1519CNT (0x00000130/4) /* Error-free larger than 1519 TX */
+#define GEM_TXURUNCNT (0x00000134/4) /* TX under run error counter */
+#define GEM_SINGLECOLLCNT (0x00000138/4) /* Single Collision Frames */
+#define GEM_MULTCOLLCNT (0x0000013C/4) /* Multiple Collision Frames */
+#define GEM_EXCESSCOLLCNT (0x00000140/4) /* Excessive Collision Frames */
+#define GEM_LATECOLLCNT (0x00000144/4) /* Late Collision Frames */
+#define GEM_DEFERTXCNT (0x00000148/4) /* Deferred Transmission Frames */
+#define GEM_CSENSECNT (0x0000014C/4) /* Carrier Sense Error Counter */
+#define GEM_OCTRXLO (0x00000150/4) /* Octects Received register Low */
+#define GEM_OCTRXHI (0x00000154/4) /* Octects Received register High */
+#define GEM_RXCNT (0x00000158/4) /* Error-free Frames Received */
+#define GEM_RXBROADCNT (0x0000015C/4) /* Error-free Broadcast Frames RX */
+#define GEM_RXMULTICNT (0x00000160/4) /* Error-free Multicast Frames RX */
+#define GEM_RXPAUSECNT (0x00000164/4) /* Pause Frames Received Counter */
+#define GEM_RX64CNT (0x00000168/4) /* Error-free 64 byte Frames RX */
+#define GEM_RX65CNT (0x0000016C/4) /* Error-free 65-127B Frames RX */
+#define GEM_RX128CNT (0x00000170/4) /* Error-free 128-255B Frames RX */
+#define GEM_RX256CNT (0x00000174/4) /* Error-free 256-512B Frames RX */
+#define GEM_RX512CNT (0x00000178/4) /* Error-free 512-1023B Frames RX */
+#define GEM_RX1024CNT (0x0000017C/4) /* Error-free 1024-1518B Frames RX */
+#define GEM_RX1519CNT (0x00000180/4) /* Error-free 1519-max Frames RX */
+#define GEM_RXUNDERCNT (0x00000184/4) /* Undersize Frames Received */
+#define GEM_RXOVERCNT (0x00000188/4) /* Oversize Frames Received */
+#define GEM_RXJABCNT (0x0000018C/4) /* Jabbers Received Counter */
+#define GEM_RXFCSCNT (0x00000190/4) /* Frame Check seq. Error Counter */
+#define GEM_RXLENERRCNT (0x00000194/4) /* Length Field Error Counter */
+#define GEM_RXSYMERRCNT (0x00000198/4) /* Symbol Error Counter */
+#define GEM_RXALIGNERRCNT (0x0000019C/4) /* Alignment Error Counter */
+#define GEM_RXRSCERRCNT (0x000001A0/4) /* Receive Resource Error Counter */
+#define GEM_RXORUNCNT (0x000001A4/4) /* Receive Overrun Counter */
+#define GEM_RXIPCSERRCNT (0x000001A8/4) /* IP header Checksum Error Counter */
+#define GEM_RXTCPCCNT (0x000001AC/4) /* TCP Checksum Error Counter */
+#define GEM_RXUDPCCNT (0x000001B0/4) /* UDP Checksum Error Counter */
+
+#define GEM_1588S (0x000001D0/4) /* 1588 Timer Seconds */
+#define GEM_1588NS (0x000001D4/4) /* 1588 Timer Nanoseconds */
+#define GEM_1588ADJ (0x000001D8/4) /* 1588 Timer Adjust */
+#define GEM_1588INC (0x000001DC/4) /* 1588 Timer Increment */
+#define GEM_PTPETXS (0x000001E0/4) /* PTP Event Frame Transmitted (s) */
+#define GEM_PTPETXNS (0x000001E4/4) /* PTP Event Frame Transmitted (ns) */
+#define GEM_PTPERXS (0x000001E8/4) /* PTP Event Frame Received (s) */
+#define GEM_PTPERXNS (0x000001EC/4) /* PTP Event Frame Received (ns) */
+#define GEM_PTPPTXS (0x000001E0/4) /* PTP Peer Frame Transmitted (s) */
+#define GEM_PTPPTXNS (0x000001E4/4) /* PTP Peer Frame Transmitted (ns) */
+#define GEM_PTPPRXS (0x000001E8/4) /* PTP Peer Frame Received (s) */
+#define GEM_PTPPRXNS (0x000001EC/4) /* PTP Peer Frame Received (ns) */
+
+/* Design Configuration Registers */
+#define GEM_DESCONF (0x00000280/4)
+#define GEM_DESCONF2 (0x00000284/4)
+#define GEM_DESCONF3 (0x00000288/4)
+#define GEM_DESCONF4 (0x0000028C/4)
+#define GEM_DESCONF5 (0x00000290/4)
+#define GEM_DESCONF6 (0x00000294/4)
+#define GEM_DESCONF7 (0x00000298/4)
+
+#define GEM_MAXREG (0x00000640/4) /* Last valid GEM address */
+
+/*****************************************/
+#define GEM_NWCTRL_TXSTART 0x00000200 /* Transmit Enable */
+#define GEM_NWCTRL_TXENA 0x00000008 /* Transmit Enable */
+#define GEM_NWCTRL_RXENA 0x00000004 /* Receive Enable */
+#define GEM_NWCTRL_LOCALLOOP 0x00000002 /* Local Loopback */
+
+#define GEM_NWCFG_STRIP_FCS 0x00020000 /* Strip FCS field */
+#define GEM_NWCFG_LERR_DISC 0x00010000 /* Discard RX frames with lenth err */
+#define GEM_NWCFG_BUFF_OFST_M 0x0000C000 /* Receive buffer offset mask */
+#define GEM_NWCFG_BUFF_OFST_S 14 /* Receive buffer offset shift */
+#define GEM_NWCFG_UCAST_HASH 0x00000080 /* accept unicast if hash match */
+#define GEM_NWCFG_MCAST_HASH 0x00000040 /* accept multicast if hash match */
+#define GEM_NWCFG_BCAST_REJ 0x00000020 /* Reject broadcast packets */
+#define GEM_NWCFG_PROMISC 0x00000010 /* Accept all packets */
+
+#define GEM_DMACFG_RBUFSZ_M 0x007F0000 /* DMA RX Buffer Size mask */
+#define GEM_DMACFG_RBUFSZ_S 16 /* DMA RX Buffer Size shift */
+#define GEM_DMACFG_RBUFSZ_MUL 64 /* DMA RX Buffer Size multiplier */
+#define GEM_DMACFG_TXCSUM_OFFL 0x00000800 /* Transmit checksum offload */
+
+#define GEM_TXSTATUS_TXCMPL 0x00000020 /* Transmit Complete */
+#define GEM_TXSTATUS_USED 0x00000001 /* sw owned descriptor encountered */
+
+#define GEM_RXSTATUS_FRMRCVD 0x00000002 /* Frame received */
+#define GEM_RXSTATUS_NOBUF 0x00000001 /* Buffer unavailable */
+
+/* GEM_ISR GEM_IER GEM_IDR GEM_IMR */
+#define GEM_INT_TXCMPL 0x00000080 /* Transmit Complete */
+#define GEM_INT_TXUSED 0x00000008
+#define GEM_INT_RXUSED 0x00000004
+#define GEM_INT_RXCMPL 0x00000002
+
+#define GEM_PHYMNTNC_OP_R 0x20000000 /* read operation */
+#define GEM_PHYMNTNC_OP_W 0x10000000 /* write operation */
+#define GEM_PHYMNTNC_ADDR 0x0F800000 /* Address bits */
+#define GEM_PHYMNTNC_ADDR_SHFT 23
+#define GEM_PHYMNTNC_REG 0x007C0000 /* register bits */
+#define GEM_PHYMNTNC_REG_SHIFT 18
+
+/* Marvell PHY definitions */
+#define BOARD_PHY_ADDRESS 23 /* PHY address we will emulate a device at */
+
+#define PHY_REG_CONTROL 0
+#define PHY_REG_STATUS 1
+#define PHY_REG_PHYID1 2
+#define PHY_REG_PHYID2 3
+#define PHY_REG_ANEGADV 4
+#define PHY_REG_LINKPABIL 5
+#define PHY_REG_ANEGEXP 6
+#define PHY_REG_NEXTP 7
+#define PHY_REG_LINKPNEXTP 8
+#define PHY_REG_100BTCTRL 9
+#define PHY_REG_1000BTSTAT 10
+#define PHY_REG_EXTSTAT 15
+#define PHY_REG_PHYSPCFC_CTL 16
+#define PHY_REG_PHYSPCFC_ST 17
+#define PHY_REG_INT_EN 18
+#define PHY_REG_INT_ST 19
+#define PHY_REG_EXT_PHYSPCFC_CTL 20
+#define PHY_REG_RXERR 21
+#define PHY_REG_EACD 22
+#define PHY_REG_LED 24
+#define PHY_REG_LED_OVRD 25
+#define PHY_REG_EXT_PHYSPCFC_CTL2 26
+#define PHY_REG_EXT_PHYSPCFC_ST 27
+#define PHY_REG_CABLE_DIAG 28
+
+#define PHY_REG_CONTROL_RST 0x8000
+#define PHY_REG_CONTROL_LOOP 0x4000
+#define PHY_REG_CONTROL_ANEG 0x1000
+
+#define PHY_REG_STATUS_LINK 0x0004
+#define PHY_REG_STATUS_ANEGCMPL 0x0020
+
+#define PHY_REG_INT_ST_ANEGCMPL 0x0800
+#define PHY_REG_INT_ST_LINKC 0x0400
+#define PHY_REG_INT_ST_ENERGY 0x0010
+
+/***********************************************************************/
+#define GEM_RX_REJECT 1
+#define GEM_RX_ACCEPT 0
+
+/***********************************************************************/
+
+#define DESC_1_USED 0x80000000
+#define DESC_1_LENGTH 0x00001FFF
+
+#define DESC_1_TX_WRAP 0x40000000
+#define DESC_1_TX_LAST 0x00008000
+
+#define DESC_0_RX_WRAP 0x00000002
+#define DESC_0_RX_OWNERSHIP 0x00000001
+
+#define DESC_1_RX_SOF 0x00004000
+#define DESC_1_RX_EOF 0x00008000
+
+static inline unsigned tx_desc_get_buffer(unsigned *desc)
+{
+ return desc[0];
+}
+
+static inline unsigned tx_desc_get_used(unsigned *desc)
+{
+ return (desc[1] & DESC_1_USED) ? 1 : 0;
+}
+
+static inline void tx_desc_set_used(unsigned *desc)
+{
+ desc[1] |= DESC_1_USED;
+}
+
+static inline unsigned tx_desc_get_wrap(unsigned *desc)
+{
+ return (desc[1] & DESC_1_TX_WRAP) ? 1 : 0;
+}
+
+static inline unsigned tx_desc_get_last(unsigned *desc)
+{
+ return (desc[1] & DESC_1_TX_LAST) ? 1 : 0;
+}
+
+static inline unsigned tx_desc_get_length(unsigned *desc)
+{
+ return desc[1] & DESC_1_LENGTH;
+}
+
+static inline void print_gem_tx_desc(unsigned *desc)
+{
+ DB_PRINT("TXDESC:\n");
+ DB_PRINT("bufaddr: 0x%08x\n", *desc);
+ DB_PRINT("used_hw: %d\n", tx_desc_get_used(desc));
+ DB_PRINT("wrap: %d\n", tx_desc_get_wrap(desc));
+ DB_PRINT("last: %d\n", tx_desc_get_last(desc));
+ DB_PRINT("length: %d\n", tx_desc_get_length(desc));
+}
+
+static inline unsigned rx_desc_get_buffer(unsigned *desc)
+{
+ return desc[0] & ~0x3UL;
+}
+
+static inline unsigned rx_desc_get_wrap(unsigned *desc)
+{
+ return desc[0] & DESC_0_RX_WRAP ? 1 : 0;
+}
+
+static inline unsigned rx_desc_get_ownership(unsigned *desc)
+{
+ return desc[0] & DESC_0_RX_OWNERSHIP ? 1 : 0;
+}
+
+static inline void rx_desc_set_ownership(unsigned *desc)
+{
+ desc[0] |= DESC_0_RX_OWNERSHIP;
+}
+
+static inline void rx_desc_set_sof(unsigned *desc)
+{
+ desc[1] |= DESC_1_RX_SOF;
+}
+
+static inline void rx_desc_set_eof(unsigned *desc)
+{
+ desc[1] |= DESC_1_RX_EOF;
+}
+
+static inline void rx_desc_set_length(unsigned *desc, unsigned len)
+{
+ desc[1] &= ~DESC_1_LENGTH;
+ desc[1] |= len;
+}
+
+#define TYPE_CADENCE_GEM "cadence_gem"
+#define GEM(obj) OBJECT_CHECK(GemState, (obj), TYPE_CADENCE_GEM)
+
+typedef struct GemState {
+ SysBusDevice parent_obj;
+
+ MemoryRegion iomem;
+ NICState *nic;
+ NICConf conf;
+ qemu_irq irq;
+
+ /* GEM registers backing store */
+ uint32_t regs[GEM_MAXREG];
+ /* Mask of register bits which are write only */
+ uint32_t regs_wo[GEM_MAXREG];
+ /* Mask of register bits which are read only */
+ uint32_t regs_ro[GEM_MAXREG];
+ /* Mask of register bits which are clear on read */
+ uint32_t regs_rtc[GEM_MAXREG];
+ /* Mask of register bits which are write 1 to clear */
+ uint32_t regs_w1c[GEM_MAXREG];
+
+ /* PHY registers backing store */
+ uint16_t phy_regs[32];
+
+ uint8_t phy_loop; /* Are we in phy loopback? */
+
+ /* The current DMA descriptor pointers */
+ uint32_t rx_desc_addr;
+ uint32_t tx_desc_addr;
+
+} GemState;
+
+/* The broadcast MAC address: 0xFFFFFFFFFFFF */
+const uint8_t broadcast_addr[] = { 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF };
+
+/*
+ * gem_init_register_masks:
+ * One time initialization.
+ * Set masks to identify which register bits have magical clear properties
+ */
+static void gem_init_register_masks(GemState *s)
+{
+ /* Mask of register bits which are read only*/
+ memset(&s->regs_ro[0], 0, sizeof(s->regs_ro));
+ s->regs_ro[GEM_NWCTRL] = 0xFFF80000;
+ s->regs_ro[GEM_NWSTATUS] = 0xFFFFFFFF;
+ s->regs_ro[GEM_DMACFG] = 0xFE00F000;
+ s->regs_ro[GEM_TXSTATUS] = 0xFFFFFE08;
+ s->regs_ro[GEM_RXQBASE] = 0x00000003;
+ s->regs_ro[GEM_TXQBASE] = 0x00000003;
+ s->regs_ro[GEM_RXSTATUS] = 0xFFFFFFF0;
+ s->regs_ro[GEM_ISR] = 0xFFFFFFFF;
+ s->regs_ro[GEM_IMR] = 0xFFFFFFFF;
+ s->regs_ro[GEM_MODID] = 0xFFFFFFFF;
+
+ /* Mask of register bits which are clear on read */
+ memset(&s->regs_rtc[0], 0, sizeof(s->regs_rtc));
+ s->regs_rtc[GEM_ISR] = 0xFFFFFFFF;
+
+ /* Mask of register bits which are write 1 to clear */
+ memset(&s->regs_w1c[0], 0, sizeof(s->regs_w1c));
+ s->regs_w1c[GEM_TXSTATUS] = 0x000001F7;
+ s->regs_w1c[GEM_RXSTATUS] = 0x0000000F;
+
+ /* Mask of register bits which are write only */
+ memset(&s->regs_wo[0], 0, sizeof(s->regs_wo));
+ s->regs_wo[GEM_NWCTRL] = 0x00073E60;
+ s->regs_wo[GEM_IER] = 0x07FFFFFF;
+ s->regs_wo[GEM_IDR] = 0x07FFFFFF;
+}
+
+/*
+ * phy_update_link:
+ * Make the emulated PHY link state match the QEMU "interface" state.
+ */
+static void phy_update_link(GemState *s)
+{
+ DB_PRINT("down %d\n", qemu_get_queue(s->nic)->link_down);
+
+ /* Autonegotiation status mirrors link status. */
+ if (qemu_get_queue(s->nic)->link_down) {
+ s->phy_regs[PHY_REG_STATUS] &= ~(PHY_REG_STATUS_ANEGCMPL |
+ PHY_REG_STATUS_LINK);
+ s->phy_regs[PHY_REG_INT_ST] |= PHY_REG_INT_ST_LINKC;
+ } else {
+ s->phy_regs[PHY_REG_STATUS] |= (PHY_REG_STATUS_ANEGCMPL |
+ PHY_REG_STATUS_LINK);
+ s->phy_regs[PHY_REG_INT_ST] |= (PHY_REG_INT_ST_LINKC |
+ PHY_REG_INT_ST_ANEGCMPL |
+ PHY_REG_INT_ST_ENERGY);
+ }
+}
+
+static int gem_can_receive(NetClientState *nc)
+{
+ GemState *s;
+
+ s = qemu_get_nic_opaque(nc);
+
+ DB_PRINT("\n");
+
+ /* Do nothing if receive is not enabled. */
+ if (!(s->regs[GEM_NWCTRL] & GEM_NWCTRL_RXENA)) {
+ return 0;
+ }
+
+ return 1;
+}
+
+/*
+ * gem_update_int_status:
+ * Raise or lower interrupt based on current status.
+ */
+static void gem_update_int_status(GemState *s)
+{
+ if (s->regs[GEM_ISR]) {
+ DB_PRINT("asserting int. (0x%08x)\n", s->regs[GEM_ISR]);
+ qemu_set_irq(s->irq, 1);
+ }
+}
+
+/*
+ * gem_receive_updatestats:
+ * Increment receive statistics.
+ */
+static void gem_receive_updatestats(GemState *s, const uint8_t *packet,
+ unsigned bytes)
+{
+ uint64_t octets;
+
+ /* Total octets (bytes) received */
+ octets = ((uint64_t)(s->regs[GEM_OCTRXLO]) << 32) |
+ s->regs[GEM_OCTRXHI];
+ octets += bytes;
+ s->regs[GEM_OCTRXLO] = octets >> 32;
+ s->regs[GEM_OCTRXHI] = octets;
+
+ /* Error-free Frames received */
+ s->regs[GEM_RXCNT]++;
+
+ /* Error-free Broadcast Frames counter */
+ if (!memcmp(packet, broadcast_addr, 6)) {
+ s->regs[GEM_RXBROADCNT]++;
+ }
+
+ /* Error-free Multicast Frames counter */
+ if (packet[0] == 0x01) {
+ s->regs[GEM_RXMULTICNT]++;
+ }
+
+ if (bytes <= 64) {
+ s->regs[GEM_RX64CNT]++;
+ } else if (bytes <= 127) {
+ s->regs[GEM_RX65CNT]++;
+ } else if (bytes <= 255) {
+ s->regs[GEM_RX128CNT]++;
+ } else if (bytes <= 511) {
+ s->regs[GEM_RX256CNT]++;
+ } else if (bytes <= 1023) {
+ s->regs[GEM_RX512CNT]++;
+ } else if (bytes <= 1518) {
+ s->regs[GEM_RX1024CNT]++;
+ } else {
+ s->regs[GEM_RX1519CNT]++;
+ }
+}
+
+/*
+ * Get the MAC Address bit from the specified position
+ */
+static unsigned get_bit(const uint8_t *mac, unsigned bit)
+{
+ unsigned byte;
+
+ byte = mac[bit / 8];
+ byte >>= (bit & 0x7);
+ byte &= 1;
+
+ return byte;
+}
+
+/*
+ * Calculate a GEM MAC Address hash index
+ */
+static unsigned calc_mac_hash(const uint8_t *mac)
+{
+ int index_bit, mac_bit;
+ unsigned hash_index;
+
+ hash_index = 0;
+ mac_bit = 5;
+ for (index_bit = 5; index_bit >= 0; index_bit--) {
+ hash_index |= (get_bit(mac, mac_bit) ^
+ get_bit(mac, mac_bit + 6) ^
+ get_bit(mac, mac_bit + 12) ^
+ get_bit(mac, mac_bit + 18) ^
+ get_bit(mac, mac_bit + 24) ^
+ get_bit(mac, mac_bit + 30) ^
+ get_bit(mac, mac_bit + 36) ^
+ get_bit(mac, mac_bit + 42)) << index_bit;
+ mac_bit--;
+ }
+
+ return hash_index;
+}
+
+/*
+ * gem_mac_address_filter:
+ * Accept or reject this destination address?
+ * Returns:
+ * GEM_RX_REJECT: reject
+ * GEM_RX_ACCEPT: accept
+ */
+static int gem_mac_address_filter(GemState *s, const uint8_t *packet)
+{
+ uint8_t *gem_spaddr;
+ int i;
+
+ /* Promiscuous mode? */
+ if (s->regs[GEM_NWCFG] & GEM_NWCFG_PROMISC) {
+ return GEM_RX_ACCEPT;
+ }
+
+ if (!memcmp(packet, broadcast_addr, 6)) {
+ /* Reject broadcast packets? */
+ if (s->regs[GEM_NWCFG] & GEM_NWCFG_BCAST_REJ) {
+ return GEM_RX_REJECT;
+ }
+ return GEM_RX_ACCEPT;
+ }
+
+ /* Accept packets -w- hash match? */
+ if ((packet[0] == 0x01 && (s->regs[GEM_NWCFG] & GEM_NWCFG_MCAST_HASH)) ||
+ (packet[0] != 0x01 && (s->regs[GEM_NWCFG] & GEM_NWCFG_UCAST_HASH))) {
+ unsigned hash_index;
+
+ hash_index = calc_mac_hash(packet);
+ if (hash_index < 32) {
+ if (s->regs[GEM_HASHLO] & (1<<hash_index)) {
+ return GEM_RX_ACCEPT;
+ }
+ } else {
+ hash_index -= 32;
+ if (s->regs[GEM_HASHHI] & (1<<hash_index)) {
+ return GEM_RX_ACCEPT;
+ }
+ }
+ }
+
+ /* Check all 4 specific addresses */
+ gem_spaddr = (uint8_t *)&(s->regs[GEM_SPADDR1LO]);
+ for (i = 0; i < 4; i++) {
+ if (!memcmp(packet, gem_spaddr, 6)) {
+ return GEM_RX_ACCEPT;
+ }
+
+ gem_spaddr += 8;
+ }
+
+ /* No address match; reject the packet */
+ return GEM_RX_REJECT;
+}
+
+/*
+ * gem_receive:
+ * Fit a packet handed to us by QEMU into the receive descriptor ring.
+ */
+static ssize_t gem_receive(NetClientState *nc, const uint8_t *buf, size_t size)
+{
+ unsigned desc[2];
+ hwaddr packet_desc_addr, last_desc_addr;
+ GemState *s;
+ unsigned rxbufsize, bytes_to_copy;
+ unsigned rxbuf_offset;
+ uint8_t rxbuf[2048];
+ uint8_t *rxbuf_ptr;
+
+ s = qemu_get_nic_opaque(nc);
+
+ /* Do nothing if receive is not enabled. */
+ if (!gem_can_receive(nc)) {
+ return -1;
+ }
+
+ /* Is this destination MAC address "for us" ? */
+ if (gem_mac_address_filter(s, buf) == GEM_RX_REJECT) {
+ return -1;
+ }
+
+ /* Discard packets with receive length error enabled ? */
+ if (s->regs[GEM_NWCFG] & GEM_NWCFG_LERR_DISC) {
+ unsigned type_len;
+
+ /* Fish the ethertype / length field out of the RX packet */
+ type_len = buf[12] << 8 | buf[13];
+ /* It is a length field, not an ethertype */
+ if (type_len < 0x600) {
+ if (size < type_len) {
+ /* discard */
+ return -1;
+ }
+ }
+ }
+
+ /*
+ * Determine configured receive buffer offset (probably 0)
+ */
+ rxbuf_offset = (s->regs[GEM_NWCFG] & GEM_NWCFG_BUFF_OFST_M) >>
+ GEM_NWCFG_BUFF_OFST_S;
+
+ /* The configure size of each receive buffer. Determines how many
+ * buffers needed to hold this packet.
+ */
+ rxbufsize = ((s->regs[GEM_DMACFG] & GEM_DMACFG_RBUFSZ_M) >>
+ GEM_DMACFG_RBUFSZ_S) * GEM_DMACFG_RBUFSZ_MUL;
+ bytes_to_copy = size;
+
+ /* Strip of FCS field ? (usually yes) */
+ if (s->regs[GEM_NWCFG] & GEM_NWCFG_STRIP_FCS) {
+ rxbuf_ptr = (void *)buf;
+ } else {
+ unsigned crc_val;
+ int crc_offset;
+
+ /* The application wants the FCS field, which QEMU does not provide.
+ * We must try and caclculate one.
+ */
+
+ memcpy(rxbuf, buf, size);
+ memset(rxbuf + size, 0, sizeof(rxbuf) - size);
+ rxbuf_ptr = rxbuf;
+ crc_val = cpu_to_le32(crc32(0, rxbuf, MAX(size, 60)));
+ if (size < 60) {
+ crc_offset = 60;
+ } else {
+ crc_offset = size;
+ }
+ memcpy(rxbuf + crc_offset, &crc_val, sizeof(crc_val));
+
+ bytes_to_copy += 4;
+ size += 4;
+ }
+
+ /* Pad to minimum length */
+ if (size < 64) {
+ size = 64;
+ }
+
+ DB_PRINT("config bufsize: %d packet size: %ld\n", rxbufsize, size);
+
+ packet_desc_addr = s->rx_desc_addr;
+ while (1) {
+ DB_PRINT("read descriptor 0x%x\n", (unsigned)packet_desc_addr);
+ /* read current descriptor */
+ cpu_physical_memory_read(packet_desc_addr,
+ (uint8_t *)&desc[0], sizeof(desc));
+
+ /* Descriptor owned by software ? */
+ if (rx_desc_get_ownership(desc) == 1) {
+ DB_PRINT("descriptor 0x%x owned by sw.\n",
+ (unsigned)packet_desc_addr);
+ s->regs[GEM_RXSTATUS] |= GEM_RXSTATUS_NOBUF;
+ s->regs[GEM_ISR] |= GEM_INT_RXUSED & ~(s->regs[GEM_IMR]);
+ /* Handle interrupt consequences */
+ gem_update_int_status(s);
+ return -1;
+ }
+
+ DB_PRINT("copy %d bytes to 0x%x\n", MIN(bytes_to_copy, rxbufsize),
+ rx_desc_get_buffer(desc));
+
+ /*
+ * Let's have QEMU lend a helping hand.
+ */
+ if (rx_desc_get_buffer(desc) == 0) {
+ DB_PRINT("Invalid RX buffer (NULL) for descriptor 0x%x\n",
+ (unsigned)packet_desc_addr);
+ break;
+ }
+
+ /* Copy packet data to emulated DMA buffer */
+ cpu_physical_memory_write(rx_desc_get_buffer(desc) + rxbuf_offset,
+ rxbuf_ptr, MIN(bytes_to_copy, rxbufsize));
+ bytes_to_copy -= MIN(bytes_to_copy, rxbufsize);
+ rxbuf_ptr += MIN(bytes_to_copy, rxbufsize);
+ if (bytes_to_copy == 0) {
+ break;
+ }
+
+ /* Next descriptor */
+ if (rx_desc_get_wrap(desc)) {
+ packet_desc_addr = s->regs[GEM_RXQBASE];
+ } else {
+ packet_desc_addr += 8;
+ }
+ }
+
+ DB_PRINT("set length: %ld, EOF on descriptor 0x%x\n", size,
+ (unsigned)packet_desc_addr);
+
+ /* Update last descriptor with EOF and total length */
+ rx_desc_set_eof(desc);
+ rx_desc_set_length(desc, size);
+ cpu_physical_memory_write(packet_desc_addr,
+ (uint8_t *)&desc[0], sizeof(desc));
+
+ /* Advance RX packet descriptor Q */
+ last_desc_addr = packet_desc_addr;
+ packet_desc_addr = s->rx_desc_addr;
+ s->rx_desc_addr = last_desc_addr;
+ if (rx_desc_get_wrap(desc)) {
+ s->rx_desc_addr = s->regs[GEM_RXQBASE];
+ DB_PRINT("wrapping RX descriptor list\n");
+ } else {
+ DB_PRINT("incrementing RX descriptor list\n");
+ s->rx_desc_addr += 8;
+ }
+
+ DB_PRINT("set SOF, OWN on descriptor 0x%08x\n", (unsigned)packet_desc_addr);
+
+ /* Count it */
+ gem_receive_updatestats(s, buf, size);
+
+ /* Update first descriptor (which could also be the last) */
+ /* read descriptor */
+ cpu_physical_memory_read(packet_desc_addr,
+ (uint8_t *)&desc[0], sizeof(desc));
+ rx_desc_set_sof(desc);
+ rx_desc_set_ownership(desc);
+ cpu_physical_memory_write(packet_desc_addr,
+ (uint8_t *)&desc[0], sizeof(desc));
+
+ s->regs[GEM_RXSTATUS] |= GEM_RXSTATUS_FRMRCVD;
+ s->regs[GEM_ISR] |= GEM_INT_RXCMPL & ~(s->regs[GEM_IMR]);
+
+ /* Handle interrupt consequences */
+ gem_update_int_status(s);
+
+ return size;
+}
+
+/*
+ * gem_transmit_updatestats:
+ * Increment transmit statistics.
+ */
+static void gem_transmit_updatestats(GemState *s, const uint8_t *packet,
+ unsigned bytes)
+{
+ uint64_t octets;
+
+ /* Total octets (bytes) transmitted */
+ octets = ((uint64_t)(s->regs[GEM_OCTTXLO]) << 32) |
+ s->regs[GEM_OCTTXHI];
+ octets += bytes;
+ s->regs[GEM_OCTTXLO] = octets >> 32;
+ s->regs[GEM_OCTTXHI] = octets;
+
+ /* Error-free Frames transmitted */
+ s->regs[GEM_TXCNT]++;
+
+ /* Error-free Broadcast Frames counter */
+ if (!memcmp(packet, broadcast_addr, 6)) {
+ s->regs[GEM_TXBCNT]++;
+ }
+
+ /* Error-free Multicast Frames counter */
+ if (packet[0] == 0x01) {
+ s->regs[GEM_TXMCNT]++;
+ }
+
+ if (bytes <= 64) {
+ s->regs[GEM_TX64CNT]++;
+ } else if (bytes <= 127) {
+ s->regs[GEM_TX65CNT]++;
+ } else if (bytes <= 255) {
+ s->regs[GEM_TX128CNT]++;
+ } else if (bytes <= 511) {
+ s->regs[GEM_TX256CNT]++;
+ } else if (bytes <= 1023) {
+ s->regs[GEM_TX512CNT]++;
+ } else if (bytes <= 1518) {
+ s->regs[GEM_TX1024CNT]++;
+ } else {
+ s->regs[GEM_TX1519CNT]++;
+ }
+}
+
+/*
+ * gem_transmit:
+ * Fish packets out of the descriptor ring and feed them to QEMU
+ */
+static void gem_transmit(GemState *s)
+{
+ unsigned desc[2];
+ hwaddr packet_desc_addr;
+ uint8_t tx_packet[2048];
+ uint8_t *p;
+ unsigned total_bytes;
+
+ /* Do nothing if transmit is not enabled. */
+ if (!(s->regs[GEM_NWCTRL] & GEM_NWCTRL_TXENA)) {
+ return;
+ }
+
+ DB_PRINT("\n");
+
+ /* The packet we will hand off to qemu.
+ * Packets scattered across multiple descriptors are gathered to this
+ * one contiguous buffer first.
+ */
+ p = tx_packet;
+ total_bytes = 0;
+
+ /* read current descriptor */
+ packet_desc_addr = s->tx_desc_addr;
+ cpu_physical_memory_read(packet_desc_addr,
+ (uint8_t *)&desc[0], sizeof(desc));
+ /* Handle all descriptors owned by hardware */
+ while (tx_desc_get_used(desc) == 0) {
+
+ /* Do nothing if transmit is not enabled. */
+ if (!(s->regs[GEM_NWCTRL] & GEM_NWCTRL_TXENA)) {
+ return;
+ }
+ print_gem_tx_desc(desc);
+
+ /* The real hardware would eat this (and possibly crash).
+ * For QEMU let's lend a helping hand.
+ */
+ if ((tx_desc_get_buffer(desc) == 0) ||
+ (tx_desc_get_length(desc) == 0)) {
+ DB_PRINT("Invalid TX descriptor @ 0x%x\n",
+ (unsigned)packet_desc_addr);
+ break;
+ }
+
+ /* Gather this fragment of the packet from "dma memory" to our contig.
+ * buffer.
+ */
+ cpu_physical_memory_read(tx_desc_get_buffer(desc), p,
+ tx_desc_get_length(desc));
+ p += tx_desc_get_length(desc);
+ total_bytes += tx_desc_get_length(desc);
+
+ /* Last descriptor for this packet; hand the whole thing off */
+ if (tx_desc_get_last(desc)) {
+ /* Modify the 1st descriptor of this packet to be owned by
+ * the processor.
+ */
+ cpu_physical_memory_read(s->tx_desc_addr,
+ (uint8_t *)&desc[0], sizeof(desc));
+ tx_desc_set_used(desc);
+ cpu_physical_memory_write(s->tx_desc_addr,
+ (uint8_t *)&desc[0], sizeof(desc));
+ /* Advance the hardare current descriptor past this packet */
+ if (tx_desc_get_wrap(desc)) {
+ s->tx_desc_addr = s->regs[GEM_TXQBASE];
+ } else {
+ s->tx_desc_addr = packet_desc_addr + 8;
+ }
+ DB_PRINT("TX descriptor next: 0x%08x\n", s->tx_desc_addr);
+
+ s->regs[GEM_TXSTATUS] |= GEM_TXSTATUS_TXCMPL;
+ s->regs[GEM_ISR] |= GEM_INT_TXCMPL & ~(s->regs[GEM_IMR]);
+
+ /* Handle interrupt consequences */
+ gem_update_int_status(s);
+
+ /* Is checksum offload enabled? */
+ if (s->regs[GEM_DMACFG] & GEM_DMACFG_TXCSUM_OFFL) {
+ net_checksum_calculate(tx_packet, total_bytes);
+ }
+
+ /* Update MAC statistics */
+ gem_transmit_updatestats(s, tx_packet, total_bytes);
+
+ /* Send the packet somewhere */
+ if (s->phy_loop) {
+ gem_receive(qemu_get_queue(s->nic), tx_packet, total_bytes);
+ } else {
+ qemu_send_packet(qemu_get_queue(s->nic), tx_packet,
+ total_bytes);
+ }
+
+ /* Prepare for next packet */
+ p = tx_packet;
+ total_bytes = 0;
+ }
+
+ /* read next descriptor */
+ if (tx_desc_get_wrap(desc)) {
+ packet_desc_addr = s->regs[GEM_TXQBASE];
+ } else {
+ packet_desc_addr += 8;
+ }
+ cpu_physical_memory_read(packet_desc_addr,
+ (uint8_t *)&desc[0], sizeof(desc));
+ }
+
+ if (tx_desc_get_used(desc)) {
+ s->regs[GEM_TXSTATUS] |= GEM_TXSTATUS_USED;
+ s->regs[GEM_ISR] |= GEM_INT_TXUSED & ~(s->regs[GEM_IMR]);
+ gem_update_int_status(s);
+ }
+}
+
+static void gem_phy_reset(GemState *s)
+{
+ memset(&s->phy_regs[0], 0, sizeof(s->phy_regs));
+ s->phy_regs[PHY_REG_CONTROL] = 0x1140;
+ s->phy_regs[PHY_REG_STATUS] = 0x7969;
+ s->phy_regs[PHY_REG_PHYID1] = 0x0141;
+ s->phy_regs[PHY_REG_PHYID2] = 0x0CC2;
+ s->phy_regs[PHY_REG_ANEGADV] = 0x01E1;
+ s->phy_regs[PHY_REG_LINKPABIL] = 0xCDE1;
+ s->phy_regs[PHY_REG_ANEGEXP] = 0x000F;
+ s->phy_regs[PHY_REG_NEXTP] = 0x2001;
+ s->phy_regs[PHY_REG_LINKPNEXTP] = 0x40E6;
+ s->phy_regs[PHY_REG_100BTCTRL] = 0x0300;
+ s->phy_regs[PHY_REG_1000BTSTAT] = 0x7C00;
+ s->phy_regs[PHY_REG_EXTSTAT] = 0x3000;
+ s->phy_regs[PHY_REG_PHYSPCFC_CTL] = 0x0078;
+ s->phy_regs[PHY_REG_PHYSPCFC_ST] = 0xBC00;
+ s->phy_regs[PHY_REG_EXT_PHYSPCFC_CTL] = 0x0C60;
+ s->phy_regs[PHY_REG_LED] = 0x4100;
+ s->phy_regs[PHY_REG_EXT_PHYSPCFC_CTL2] = 0x000A;
+ s->phy_regs[PHY_REG_EXT_PHYSPCFC_ST] = 0x848B;
+
+ phy_update_link(s);
+}
+
+static void gem_reset(DeviceState *d)
+{
+ GemState *s = GEM(d);
+
+ DB_PRINT("\n");
+
+ /* Set post reset register values */
+ memset(&s->regs[0], 0, sizeof(s->regs));
+ s->regs[GEM_NWCFG] = 0x00080000;
+ s->regs[GEM_NWSTATUS] = 0x00000006;
+ s->regs[GEM_DMACFG] = 0x00020784;
+ s->regs[GEM_IMR] = 0x07ffffff;
+ s->regs[GEM_TXPAUSE] = 0x0000ffff;
+ s->regs[GEM_TXPARTIALSF] = 0x000003ff;
+ s->regs[GEM_RXPARTIALSF] = 0x000003ff;
+ s->regs[GEM_MODID] = 0x00020118;
+ s->regs[GEM_DESCONF] = 0x02500111;
+ s->regs[GEM_DESCONF2] = 0x2ab13fff;
+ s->regs[GEM_DESCONF5] = 0x002f2145;
+ s->regs[GEM_DESCONF6] = 0x00000200;
+
+ gem_phy_reset(s);
+
+ gem_update_int_status(s);
+}
+
+static uint16_t gem_phy_read(GemState *s, unsigned reg_num)
+{
+ DB_PRINT("reg: %d value: 0x%04x\n", reg_num, s->phy_regs[reg_num]);
+ return s->phy_regs[reg_num];
+}
+
+static void gem_phy_write(GemState *s, unsigned reg_num, uint16_t val)
+{
+ DB_PRINT("reg: %d value: 0x%04x\n", reg_num, val);
+
+ switch (reg_num) {
+ case PHY_REG_CONTROL:
+ if (val & PHY_REG_CONTROL_RST) {
+ /* Phy reset */
+ gem_phy_reset(s);
+ val &= ~(PHY_REG_CONTROL_RST | PHY_REG_CONTROL_LOOP);
+ s->phy_loop = 0;
+ }
+ if (val & PHY_REG_CONTROL_ANEG) {
+ /* Complete autonegotiation immediately */
+ val &= ~PHY_REG_CONTROL_ANEG;
+ s->phy_regs[PHY_REG_STATUS] |= PHY_REG_STATUS_ANEGCMPL;
+ }
+ if (val & PHY_REG_CONTROL_LOOP) {
+ DB_PRINT("PHY placed in loopback\n");
+ s->phy_loop = 1;
+ } else {
+ s->phy_loop = 0;
+ }
+ break;
+ }
+ s->phy_regs[reg_num] = val;
+}
+
+/*
+ * gem_read32:
+ * Read a GEM register.
+ */
+static uint64_t gem_read(void *opaque, hwaddr offset, unsigned size)
+{
+ GemState *s;
+ uint32_t retval;
+
+ s = (GemState *)opaque;
+
+ offset >>= 2;
+ retval = s->regs[offset];
+
+ DB_PRINT("offset: 0x%04x read: 0x%08x\n", (unsigned)offset*4, retval);
+
+ switch (offset) {
+ case GEM_ISR:
+ DB_PRINT("lowering irq on ISR read\n");
+ qemu_set_irq(s->irq, 0);
+ break;
+ case GEM_PHYMNTNC:
+ if (retval & GEM_PHYMNTNC_OP_R) {
+ uint32_t phy_addr, reg_num;
+
+ phy_addr = (retval & GEM_PHYMNTNC_ADDR) >> GEM_PHYMNTNC_ADDR_SHFT;
+ if (phy_addr == BOARD_PHY_ADDRESS) {
+ reg_num = (retval & GEM_PHYMNTNC_REG) >> GEM_PHYMNTNC_REG_SHIFT;
+ retval &= 0xFFFF0000;
+ retval |= gem_phy_read(s, reg_num);
+ } else {
+ retval |= 0xFFFF; /* No device at this address */
+ }
+ }
+ break;
+ }
+
+ /* Squash read to clear bits */
+ s->regs[offset] &= ~(s->regs_rtc[offset]);
+
+ /* Do not provide write only bits */
+ retval &= ~(s->regs_wo[offset]);
+
+ DB_PRINT("0x%08x\n", retval);
+ return retval;
+}
+
+/*
+ * gem_write32:
+ * Write a GEM register.
+ */
+static void gem_write(void *opaque, hwaddr offset, uint64_t val,
+ unsigned size)
+{
+ GemState *s = (GemState *)opaque;
+ uint32_t readonly;
+
+ DB_PRINT("offset: 0x%04x write: 0x%08x ", (unsigned)offset, (unsigned)val);
+ offset >>= 2;
+
+ /* Squash bits which are read only in write value */
+ val &= ~(s->regs_ro[offset]);
+ /* Preserve (only) bits which are read only in register */
+ readonly = s->regs[offset];
+ readonly &= s->regs_ro[offset];
+
+ /* Squash bits which are write 1 to clear */
+ val &= ~(s->regs_w1c[offset] & val);
+
+ /* Copy register write to backing store */
+ s->regs[offset] = val | readonly;
+
+ /* Handle register write side effects */
+ switch (offset) {
+ case GEM_NWCTRL:
+ if (val & GEM_NWCTRL_TXSTART) {
+ gem_transmit(s);
+ }
+ if (!(val & GEM_NWCTRL_TXENA)) {
+ /* Reset to start of Q when transmit disabled. */
+ s->tx_desc_addr = s->regs[GEM_TXQBASE];
+ }
+ if (val & GEM_NWCTRL_RXENA) {
+ qemu_flush_queued_packets(qemu_get_queue(s->nic));
+ }
+ break;
+
+ case GEM_TXSTATUS:
+ gem_update_int_status(s);
+ break;
+ case GEM_RXQBASE:
+ s->rx_desc_addr = val;
+ break;
+ case GEM_TXQBASE:
+ s->tx_desc_addr = val;
+ break;
+ case GEM_RXSTATUS:
+ gem_update_int_status(s);
+ break;
+ case GEM_IER:
+ s->regs[GEM_IMR] &= ~val;
+ gem_update_int_status(s);
+ break;
+ case GEM_IDR:
+ s->regs[GEM_IMR] |= val;
+ gem_update_int_status(s);
+ break;
+ case GEM_PHYMNTNC:
+ if (val & GEM_PHYMNTNC_OP_W) {
+ uint32_t phy_addr, reg_num;
+
+ phy_addr = (val & GEM_PHYMNTNC_ADDR) >> GEM_PHYMNTNC_ADDR_SHFT;
+ if (phy_addr == BOARD_PHY_ADDRESS) {
+ reg_num = (val & GEM_PHYMNTNC_REG) >> GEM_PHYMNTNC_REG_SHIFT;
+ gem_phy_write(s, reg_num, val);
+ }
+ }
+ break;
+ }
+
+ DB_PRINT("newval: 0x%08x\n", s->regs[offset]);
+}
+
+static const MemoryRegionOps gem_ops = {
+ .read = gem_read,
+ .write = gem_write,
+ .endianness = DEVICE_LITTLE_ENDIAN,
+};
+
+static void gem_cleanup(NetClientState *nc)
+{
+ GemState *s = qemu_get_nic_opaque(nc);
+
+ DB_PRINT("\n");
+ s->nic = NULL;
+}
+
+static void gem_set_link(NetClientState *nc)
+{
+ DB_PRINT("\n");
+ phy_update_link(qemu_get_nic_opaque(nc));
+}
+
+static NetClientInfo net_gem_info = {
+ .type = NET_CLIENT_OPTIONS_KIND_NIC,
+ .size = sizeof(NICState),
+ .can_receive = gem_can_receive,
+ .receive = gem_receive,
+ .cleanup = gem_cleanup,
+ .link_status_changed = gem_set_link,
+};
+
+static int gem_init(SysBusDevice *sbd)
+{
+ DeviceState *dev = DEVICE(sbd);
+ GemState *s = GEM(dev);
+
+ DB_PRINT("\n");
+
+ gem_init_register_masks(s);
+ memory_region_init_io(&s->iomem, OBJECT(s), &gem_ops, s,
+ "enet", sizeof(s->regs));
+ sysbus_init_mmio(sbd, &s->iomem);
+ sysbus_init_irq(sbd, &s->irq);
+ qemu_macaddr_default_if_unset(&s->conf.macaddr);
+
+ s->nic = qemu_new_nic(&net_gem_info, &s->conf,
+ object_get_typename(OBJECT(dev)), dev->id, s);
+
+ return 0;
+}
+
+static const VMStateDescription vmstate_cadence_gem = {
+ .name = "cadence_gem",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .minimum_version_id_old = 1,
+ .fields = (VMStateField[]) {
+ VMSTATE_UINT32_ARRAY(regs, GemState, GEM_MAXREG),
+ VMSTATE_UINT16_ARRAY(phy_regs, GemState, 32),
+ VMSTATE_UINT8(phy_loop, GemState),
+ VMSTATE_UINT32(rx_desc_addr, GemState),
+ VMSTATE_UINT32(tx_desc_addr, GemState),
+ }
+};
+
+static Property gem_properties[] = {
+ DEFINE_NIC_PROPERTIES(GemState, conf),
+ DEFINE_PROP_END_OF_LIST(),
+};
+
+static void gem_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ SysBusDeviceClass *sdc = SYS_BUS_DEVICE_CLASS(klass);
+
+ sdc->init = gem_init;
+ dc->props = gem_properties;
+ dc->vmsd = &vmstate_cadence_gem;
+ dc->reset = gem_reset;
+}
+
+static const TypeInfo gem_info = {
+ .name = TYPE_CADENCE_GEM,
+ .parent = TYPE_SYS_BUS_DEVICE,
+ .instance_size = sizeof(GemState),
+ .class_init = gem_class_init,
+};
+
+static void gem_register_types(void)
+{
+ type_register_static(&gem_info);
+}
+
+type_init(gem_register_types)
diff --git a/hw/net/dp8393x.c b/hw/net/dp8393x.c
new file mode 100644
index 000000000..049aa704c
--- /dev/null
+++ b/hw/net/dp8393x.c
@@ -0,0 +1,914 @@
+/*
+ * QEMU NS SONIC DP8393x netcard
+ *
+ * Copyright (c) 2008-2009 Herve Poussineau
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License as
+ * published by the Free Software Foundation; either version 2 of
+ * the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "hw/hw.h"
+#include "qemu/timer.h"
+#include "net/net.h"
+#include "hw/mips/mips.h"
+
+//#define DEBUG_SONIC
+
+/* Calculate CRCs properly on Rx packets */
+#define SONIC_CALCULATE_RXCRC
+
+#if defined(SONIC_CALCULATE_RXCRC)
+/* For crc32 */
+#include <zlib.h>
+#endif
+
+#ifdef DEBUG_SONIC
+#define DPRINTF(fmt, ...) \
+do { printf("sonic: " fmt , ## __VA_ARGS__); } while (0)
+static const char* reg_names[] = {
+ "CR", "DCR", "RCR", "TCR", "IMR", "ISR", "UTDA", "CTDA",
+ "TPS", "TFC", "TSA0", "TSA1", "TFS", "URDA", "CRDA", "CRBA0",
+ "CRBA1", "RBWC0", "RBWC1", "EOBC", "URRA", "RSA", "REA", "RRP",
+ "RWP", "TRBA0", "TRBA1", "0x1b", "0x1c", "0x1d", "0x1e", "LLFA",
+ "TTDA", "CEP", "CAP2", "CAP1", "CAP0", "CE", "CDP", "CDC",
+ "SR", "WT0", "WT1", "RSC", "CRCT", "FAET", "MPT", "MDT",
+ "0x30", "0x31", "0x32", "0x33", "0x34", "0x35", "0x36", "0x37",
+ "0x38", "0x39", "0x3a", "0x3b", "0x3c", "0x3d", "0x3e", "DCR2" };
+#else
+#define DPRINTF(fmt, ...) do {} while (0)
+#endif
+
+#define SONIC_ERROR(fmt, ...) \
+do { printf("sonic ERROR: %s: " fmt, __func__ , ## __VA_ARGS__); } while (0)
+
+#define SONIC_CR 0x00
+#define SONIC_DCR 0x01
+#define SONIC_RCR 0x02
+#define SONIC_TCR 0x03
+#define SONIC_IMR 0x04
+#define SONIC_ISR 0x05
+#define SONIC_UTDA 0x06
+#define SONIC_CTDA 0x07
+#define SONIC_TPS 0x08
+#define SONIC_TFC 0x09
+#define SONIC_TSA0 0x0a
+#define SONIC_TSA1 0x0b
+#define SONIC_TFS 0x0c
+#define SONIC_URDA 0x0d
+#define SONIC_CRDA 0x0e
+#define SONIC_CRBA0 0x0f
+#define SONIC_CRBA1 0x10
+#define SONIC_RBWC0 0x11
+#define SONIC_RBWC1 0x12
+#define SONIC_EOBC 0x13
+#define SONIC_URRA 0x14
+#define SONIC_RSA 0x15
+#define SONIC_REA 0x16
+#define SONIC_RRP 0x17
+#define SONIC_RWP 0x18
+#define SONIC_TRBA0 0x19
+#define SONIC_TRBA1 0x1a
+#define SONIC_LLFA 0x1f
+#define SONIC_TTDA 0x20
+#define SONIC_CEP 0x21
+#define SONIC_CAP2 0x22
+#define SONIC_CAP1 0x23
+#define SONIC_CAP0 0x24
+#define SONIC_CE 0x25
+#define SONIC_CDP 0x26
+#define SONIC_CDC 0x27
+#define SONIC_SR 0x28
+#define SONIC_WT0 0x29
+#define SONIC_WT1 0x2a
+#define SONIC_RSC 0x2b
+#define SONIC_CRCT 0x2c
+#define SONIC_FAET 0x2d
+#define SONIC_MPT 0x2e
+#define SONIC_MDT 0x2f
+#define SONIC_DCR2 0x3f
+
+#define SONIC_CR_HTX 0x0001
+#define SONIC_CR_TXP 0x0002
+#define SONIC_CR_RXDIS 0x0004
+#define SONIC_CR_RXEN 0x0008
+#define SONIC_CR_STP 0x0010
+#define SONIC_CR_ST 0x0020
+#define SONIC_CR_RST 0x0080
+#define SONIC_CR_RRRA 0x0100
+#define SONIC_CR_LCAM 0x0200
+#define SONIC_CR_MASK 0x03bf
+
+#define SONIC_DCR_DW 0x0020
+#define SONIC_DCR_LBR 0x2000
+#define SONIC_DCR_EXBUS 0x8000
+
+#define SONIC_RCR_PRX 0x0001
+#define SONIC_RCR_LBK 0x0002
+#define SONIC_RCR_FAER 0x0004
+#define SONIC_RCR_CRCR 0x0008
+#define SONIC_RCR_CRS 0x0020
+#define SONIC_RCR_LPKT 0x0040
+#define SONIC_RCR_BC 0x0080
+#define SONIC_RCR_MC 0x0100
+#define SONIC_RCR_LB0 0x0200
+#define SONIC_RCR_LB1 0x0400
+#define SONIC_RCR_AMC 0x0800
+#define SONIC_RCR_PRO 0x1000
+#define SONIC_RCR_BRD 0x2000
+#define SONIC_RCR_RNT 0x4000
+
+#define SONIC_TCR_PTX 0x0001
+#define SONIC_TCR_BCM 0x0002
+#define SONIC_TCR_FU 0x0004
+#define SONIC_TCR_EXC 0x0040
+#define SONIC_TCR_CRSL 0x0080
+#define SONIC_TCR_NCRS 0x0100
+#define SONIC_TCR_EXD 0x0400
+#define SONIC_TCR_CRCI 0x2000
+#define SONIC_TCR_PINT 0x8000
+
+#define SONIC_ISR_RBE 0x0020
+#define SONIC_ISR_RDE 0x0040
+#define SONIC_ISR_TC 0x0080
+#define SONIC_ISR_TXDN 0x0200
+#define SONIC_ISR_PKTRX 0x0400
+#define SONIC_ISR_PINT 0x0800
+#define SONIC_ISR_LCD 0x1000
+
+typedef struct dp8393xState {
+ /* Hardware */
+ int it_shift;
+ qemu_irq irq;
+#ifdef DEBUG_SONIC
+ int irq_level;
+#endif
+ QEMUTimer *watchdog;
+ int64_t wt_last_update;
+ NICConf conf;
+ NICState *nic;
+ MemoryRegion *address_space;
+ MemoryRegion mmio;
+
+ /* Registers */
+ uint8_t cam[16][6];
+ uint16_t regs[0x40];
+
+ /* Temporaries */
+ uint8_t tx_buffer[0x10000];
+ int loopback_packet;
+
+ /* Memory access */
+ void (*memory_rw)(void *opaque, hwaddr addr, uint8_t *buf, int len, int is_write);
+ void* mem_opaque;
+} dp8393xState;
+
+static void dp8393x_update_irq(dp8393xState *s)
+{
+ int level = (s->regs[SONIC_IMR] & s->regs[SONIC_ISR]) ? 1 : 0;
+
+#ifdef DEBUG_SONIC
+ if (level != s->irq_level) {
+ s->irq_level = level;
+ if (level) {
+ DPRINTF("raise irq, isr is 0x%04x\n", s->regs[SONIC_ISR]);
+ } else {
+ DPRINTF("lower irq\n");
+ }
+ }
+#endif
+
+ qemu_set_irq(s->irq, level);
+}
+
+static void do_load_cam(dp8393xState *s)
+{
+ uint16_t data[8];
+ int width, size;
+ uint16_t index = 0;
+
+ width = (s->regs[SONIC_DCR] & SONIC_DCR_DW) ? 2 : 1;
+ size = sizeof(uint16_t) * 4 * width;
+
+ while (s->regs[SONIC_CDC] & 0x1f) {
+ /* Fill current entry */
+ s->memory_rw(s->mem_opaque,
+ (s->regs[SONIC_URRA] << 16) | s->regs[SONIC_CDP],
+ (uint8_t *)data, size, 0);
+ s->cam[index][0] = data[1 * width] & 0xff;
+ s->cam[index][1] = data[1 * width] >> 8;
+ s->cam[index][2] = data[2 * width] & 0xff;
+ s->cam[index][3] = data[2 * width] >> 8;
+ s->cam[index][4] = data[3 * width] & 0xff;
+ s->cam[index][5] = data[3 * width] >> 8;
+ DPRINTF("load cam[%d] with %02x%02x%02x%02x%02x%02x\n", index,
+ s->cam[index][0], s->cam[index][1], s->cam[index][2],
+ s->cam[index][3], s->cam[index][4], s->cam[index][5]);
+ /* Move to next entry */
+ s->regs[SONIC_CDC]--;
+ s->regs[SONIC_CDP] += size;
+ index++;
+ }
+
+ /* Read CAM enable */
+ s->memory_rw(s->mem_opaque,
+ (s->regs[SONIC_URRA] << 16) | s->regs[SONIC_CDP],
+ (uint8_t *)data, size, 0);
+ s->regs[SONIC_CE] = data[0 * width];
+ DPRINTF("load cam done. cam enable mask 0x%04x\n", s->regs[SONIC_CE]);
+
+ /* Done */
+ s->regs[SONIC_CR] &= ~SONIC_CR_LCAM;
+ s->regs[SONIC_ISR] |= SONIC_ISR_LCD;
+ dp8393x_update_irq(s);
+}
+
+static void do_read_rra(dp8393xState *s)
+{
+ uint16_t data[8];
+ int width, size;
+
+ /* Read memory */
+ width = (s->regs[SONIC_DCR] & SONIC_DCR_DW) ? 2 : 1;
+ size = sizeof(uint16_t) * 4 * width;
+ s->memory_rw(s->mem_opaque,
+ (s->regs[SONIC_URRA] << 16) | s->regs[SONIC_RRP],
+ (uint8_t *)data, size, 0);
+
+ /* Update SONIC registers */
+ s->regs[SONIC_CRBA0] = data[0 * width];
+ s->regs[SONIC_CRBA1] = data[1 * width];
+ s->regs[SONIC_RBWC0] = data[2 * width];
+ s->regs[SONIC_RBWC1] = data[3 * width];
+ DPRINTF("CRBA0/1: 0x%04x/0x%04x, RBWC0/1: 0x%04x/0x%04x\n",
+ s->regs[SONIC_CRBA0], s->regs[SONIC_CRBA1],
+ s->regs[SONIC_RBWC0], s->regs[SONIC_RBWC1]);
+
+ /* Go to next entry */
+ s->regs[SONIC_RRP] += size;
+
+ /* Handle wrap */
+ if (s->regs[SONIC_RRP] == s->regs[SONIC_REA]) {
+ s->regs[SONIC_RRP] = s->regs[SONIC_RSA];
+ }
+
+ /* Check resource exhaustion */
+ if (s->regs[SONIC_RRP] == s->regs[SONIC_RWP])
+ {
+ s->regs[SONIC_ISR] |= SONIC_ISR_RBE;
+ dp8393x_update_irq(s);
+ }
+
+ /* Done */
+ s->regs[SONIC_CR] &= ~SONIC_CR_RRRA;
+}
+
+static void do_software_reset(dp8393xState *s)
+{
+ qemu_del_timer(s->watchdog);
+
+ s->regs[SONIC_CR] &= ~(SONIC_CR_LCAM | SONIC_CR_RRRA | SONIC_CR_TXP | SONIC_CR_HTX);
+ s->regs[SONIC_CR] |= SONIC_CR_RST | SONIC_CR_RXDIS;
+}
+
+static void set_next_tick(dp8393xState *s)
+{
+ uint32_t ticks;
+ int64_t delay;
+
+ if (s->regs[SONIC_CR] & SONIC_CR_STP) {
+ qemu_del_timer(s->watchdog);
+ return;
+ }
+
+ ticks = s->regs[SONIC_WT1] << 16 | s->regs[SONIC_WT0];
+ s->wt_last_update = qemu_get_clock_ns(vm_clock);
+ delay = get_ticks_per_sec() * ticks / 5000000;
+ qemu_mod_timer(s->watchdog, s->wt_last_update + delay);
+}
+
+static void update_wt_regs(dp8393xState *s)
+{
+ int64_t elapsed;
+ uint32_t val;
+
+ if (s->regs[SONIC_CR] & SONIC_CR_STP) {
+ qemu_del_timer(s->watchdog);
+ return;
+ }
+
+ elapsed = s->wt_last_update - qemu_get_clock_ns(vm_clock);
+ val = s->regs[SONIC_WT1] << 16 | s->regs[SONIC_WT0];
+ val -= elapsed / 5000000;
+ s->regs[SONIC_WT1] = (val >> 16) & 0xffff;
+ s->regs[SONIC_WT0] = (val >> 0) & 0xffff;
+ set_next_tick(s);
+
+}
+
+static void do_start_timer(dp8393xState *s)
+{
+ s->regs[SONIC_CR] &= ~SONIC_CR_STP;
+ set_next_tick(s);
+}
+
+static void do_stop_timer(dp8393xState *s)
+{
+ s->regs[SONIC_CR] &= ~SONIC_CR_ST;
+ update_wt_regs(s);
+}
+
+static void do_receiver_enable(dp8393xState *s)
+{
+ s->regs[SONIC_CR] &= ~SONIC_CR_RXDIS;
+}
+
+static void do_receiver_disable(dp8393xState *s)
+{
+ s->regs[SONIC_CR] &= ~SONIC_CR_RXEN;
+}
+
+static void do_transmit_packets(dp8393xState *s)
+{
+ NetClientState *nc = qemu_get_queue(s->nic);
+ uint16_t data[12];
+ int width, size;
+ int tx_len, len;
+ uint16_t i;
+
+ width = (s->regs[SONIC_DCR] & SONIC_DCR_DW) ? 2 : 1;
+
+ while (1) {
+ /* Read memory */
+ DPRINTF("Transmit packet at %08x\n",
+ (s->regs[SONIC_UTDA] << 16) | s->regs[SONIC_CTDA]);
+ size = sizeof(uint16_t) * 6 * width;
+ s->regs[SONIC_TTDA] = s->regs[SONIC_CTDA];
+ s->memory_rw(s->mem_opaque,
+ ((s->regs[SONIC_UTDA] << 16) | s->regs[SONIC_TTDA]) + sizeof(uint16_t) * width,
+ (uint8_t *)data, size, 0);
+ tx_len = 0;
+
+ /* Update registers */
+ s->regs[SONIC_TCR] = data[0 * width] & 0xf000;
+ s->regs[SONIC_TPS] = data[1 * width];
+ s->regs[SONIC_TFC] = data[2 * width];
+ s->regs[SONIC_TSA0] = data[3 * width];
+ s->regs[SONIC_TSA1] = data[4 * width];
+ s->regs[SONIC_TFS] = data[5 * width];
+
+ /* Handle programmable interrupt */
+ if (s->regs[SONIC_TCR] & SONIC_TCR_PINT) {
+ s->regs[SONIC_ISR] |= SONIC_ISR_PINT;
+ } else {
+ s->regs[SONIC_ISR] &= ~SONIC_ISR_PINT;
+ }
+
+ for (i = 0; i < s->regs[SONIC_TFC]; ) {
+ /* Append fragment */
+ len = s->regs[SONIC_TFS];
+ if (tx_len + len > sizeof(s->tx_buffer)) {
+ len = sizeof(s->tx_buffer) - tx_len;
+ }
+ s->memory_rw(s->mem_opaque,
+ (s->regs[SONIC_TSA1] << 16) | s->regs[SONIC_TSA0],
+ &s->tx_buffer[tx_len], len, 0);
+ tx_len += len;
+
+ i++;
+ if (i != s->regs[SONIC_TFC]) {
+ /* Read next fragment details */
+ size = sizeof(uint16_t) * 3 * width;
+ s->memory_rw(s->mem_opaque,
+ ((s->regs[SONIC_UTDA] << 16) | s->regs[SONIC_TTDA]) + sizeof(uint16_t) * (4 + 3 * i) * width,
+ (uint8_t *)data, size, 0);
+ s->regs[SONIC_TSA0] = data[0 * width];
+ s->regs[SONIC_TSA1] = data[1 * width];
+ s->regs[SONIC_TFS] = data[2 * width];
+ }
+ }
+
+ /* Handle Ethernet checksum */
+ if (!(s->regs[SONIC_TCR] & SONIC_TCR_CRCI)) {
+ /* Don't append FCS there, to look like slirp packets
+ * which don't have one */
+ } else {
+ /* Remove existing FCS */
+ tx_len -= 4;
+ }
+
+ if (s->regs[SONIC_RCR] & (SONIC_RCR_LB1 | SONIC_RCR_LB0)) {
+ /* Loopback */
+ s->regs[SONIC_TCR] |= SONIC_TCR_CRSL;
+ if (nc->info->can_receive(nc)) {
+ s->loopback_packet = 1;
+ nc->info->receive(nc, s->tx_buffer, tx_len);
+ }
+ } else {
+ /* Transmit packet */
+ qemu_send_packet(nc, s->tx_buffer, tx_len);
+ }
+ s->regs[SONIC_TCR] |= SONIC_TCR_PTX;
+
+ /* Write status */
+ data[0 * width] = s->regs[SONIC_TCR] & 0x0fff; /* status */
+ size = sizeof(uint16_t) * width;
+ s->memory_rw(s->mem_opaque,
+ (s->regs[SONIC_UTDA] << 16) | s->regs[SONIC_TTDA],
+ (uint8_t *)data, size, 1);
+
+ if (!(s->regs[SONIC_CR] & SONIC_CR_HTX)) {
+ /* Read footer of packet */
+ size = sizeof(uint16_t) * width;
+ s->memory_rw(s->mem_opaque,
+ ((s->regs[SONIC_UTDA] << 16) | s->regs[SONIC_TTDA]) + sizeof(uint16_t) * (4 + 3 * s->regs[SONIC_TFC]) * width,
+ (uint8_t *)data, size, 0);
+ s->regs[SONIC_CTDA] = data[0 * width] & ~0x1;
+ if (data[0 * width] & 0x1) {
+ /* EOL detected */
+ break;
+ }
+ }
+ }
+
+ /* Done */
+ s->regs[SONIC_CR] &= ~SONIC_CR_TXP;
+ s->regs[SONIC_ISR] |= SONIC_ISR_TXDN;
+ dp8393x_update_irq(s);
+}
+
+static void do_halt_transmission(dp8393xState *s)
+{
+ /* Nothing to do */
+}
+
+static void do_command(dp8393xState *s, uint16_t command)
+{
+ if ((s->regs[SONIC_CR] & SONIC_CR_RST) && !(command & SONIC_CR_RST)) {
+ s->regs[SONIC_CR] &= ~SONIC_CR_RST;
+ return;
+ }
+
+ s->regs[SONIC_CR] |= (command & SONIC_CR_MASK);
+
+ if (command & SONIC_CR_HTX)
+ do_halt_transmission(s);
+ if (command & SONIC_CR_TXP)
+ do_transmit_packets(s);
+ if (command & SONIC_CR_RXDIS)
+ do_receiver_disable(s);
+ if (command & SONIC_CR_RXEN)
+ do_receiver_enable(s);
+ if (command & SONIC_CR_STP)
+ do_stop_timer(s);
+ if (command & SONIC_CR_ST)
+ do_start_timer(s);
+ if (command & SONIC_CR_RST)
+ do_software_reset(s);
+ if (command & SONIC_CR_RRRA)
+ do_read_rra(s);
+ if (command & SONIC_CR_LCAM)
+ do_load_cam(s);
+}
+
+static uint16_t read_register(dp8393xState *s, int reg)
+{
+ uint16_t val = 0;
+
+ switch (reg) {
+ /* Update data before reading it */
+ case SONIC_WT0:
+ case SONIC_WT1:
+ update_wt_regs(s);
+ val = s->regs[reg];
+ break;
+ /* Accept read to some registers only when in reset mode */
+ case SONIC_CAP2:
+ case SONIC_CAP1:
+ case SONIC_CAP0:
+ if (s->regs[SONIC_CR] & SONIC_CR_RST) {
+ val = s->cam[s->regs[SONIC_CEP] & 0xf][2* (SONIC_CAP0 - reg) + 1] << 8;
+ val |= s->cam[s->regs[SONIC_CEP] & 0xf][2* (SONIC_CAP0 - reg)];
+ }
+ break;
+ /* All other registers have no special contrainst */
+ default:
+ val = s->regs[reg];
+ }
+
+ DPRINTF("read 0x%04x from reg %s\n", val, reg_names[reg]);
+
+ return val;
+}
+
+static void write_register(dp8393xState *s, int reg, uint16_t val)
+{
+ DPRINTF("write 0x%04x to reg %s\n", val, reg_names[reg]);
+
+ switch (reg) {
+ /* Command register */
+ case SONIC_CR:
+ do_command(s, val);
+ break;
+ /* Prevent write to read-only registers */
+ case SONIC_CAP2:
+ case SONIC_CAP1:
+ case SONIC_CAP0:
+ case SONIC_SR:
+ case SONIC_MDT:
+ DPRINTF("writing to reg %d invalid\n", reg);
+ break;
+ /* Accept write to some registers only when in reset mode */
+ case SONIC_DCR:
+ if (s->regs[SONIC_CR] & SONIC_CR_RST) {
+ s->regs[reg] = val & 0xbfff;
+ } else {
+ DPRINTF("writing to DCR invalid\n");
+ }
+ break;
+ case SONIC_DCR2:
+ if (s->regs[SONIC_CR] & SONIC_CR_RST) {
+ s->regs[reg] = val & 0xf017;
+ } else {
+ DPRINTF("writing to DCR2 invalid\n");
+ }
+ break;
+ /* 12 lower bytes are Read Only */
+ case SONIC_TCR:
+ s->regs[reg] = val & 0xf000;
+ break;
+ /* 9 lower bytes are Read Only */
+ case SONIC_RCR:
+ s->regs[reg] = val & 0xffe0;
+ break;
+ /* Ignore most significant bit */
+ case SONIC_IMR:
+ s->regs[reg] = val & 0x7fff;
+ dp8393x_update_irq(s);
+ break;
+ /* Clear bits by writing 1 to them */
+ case SONIC_ISR:
+ val &= s->regs[reg];
+ s->regs[reg] &= ~val;
+ if (val & SONIC_ISR_RBE) {
+ do_read_rra(s);
+ }
+ dp8393x_update_irq(s);
+ break;
+ /* Ignore least significant bit */
+ case SONIC_RSA:
+ case SONIC_REA:
+ case SONIC_RRP:
+ case SONIC_RWP:
+ s->regs[reg] = val & 0xfffe;
+ break;
+ /* Invert written value for some registers */
+ case SONIC_CRCT:
+ case SONIC_FAET:
+ case SONIC_MPT:
+ s->regs[reg] = val ^ 0xffff;
+ break;
+ /* All other registers have no special contrainst */
+ default:
+ s->regs[reg] = val;
+ }
+
+ if (reg == SONIC_WT0 || reg == SONIC_WT1) {
+ set_next_tick(s);
+ }
+}
+
+static void dp8393x_watchdog(void *opaque)
+{
+ dp8393xState *s = opaque;
+
+ if (s->regs[SONIC_CR] & SONIC_CR_STP) {
+ return;
+ }
+
+ s->regs[SONIC_WT1] = 0xffff;
+ s->regs[SONIC_WT0] = 0xffff;
+ set_next_tick(s);
+
+ /* Signal underflow */
+ s->regs[SONIC_ISR] |= SONIC_ISR_TC;
+ dp8393x_update_irq(s);
+}
+
+static uint32_t dp8393x_readw(void *opaque, hwaddr addr)
+{
+ dp8393xState *s = opaque;
+ int reg;
+
+ if ((addr & ((1 << s->it_shift) - 1)) != 0) {
+ return 0;
+ }
+
+ reg = addr >> s->it_shift;
+ return read_register(s, reg);
+}
+
+static uint32_t dp8393x_readb(void *opaque, hwaddr addr)
+{
+ uint16_t v = dp8393x_readw(opaque, addr & ~0x1);
+ return (v >> (8 * (addr & 0x1))) & 0xff;
+}
+
+static uint32_t dp8393x_readl(void *opaque, hwaddr addr)
+{
+ uint32_t v;
+ v = dp8393x_readw(opaque, addr);
+ v |= dp8393x_readw(opaque, addr + 2) << 16;
+ return v;
+}
+
+static void dp8393x_writew(void *opaque, hwaddr addr, uint32_t val)
+{
+ dp8393xState *s = opaque;
+ int reg;
+
+ if ((addr & ((1 << s->it_shift) - 1)) != 0) {
+ return;
+ }
+
+ reg = addr >> s->it_shift;
+
+ write_register(s, reg, (uint16_t)val);
+}
+
+static void dp8393x_writeb(void *opaque, hwaddr addr, uint32_t val)
+{
+ uint16_t old_val = dp8393x_readw(opaque, addr & ~0x1);
+
+ switch (addr & 3) {
+ case 0:
+ val = val | (old_val & 0xff00);
+ break;
+ case 1:
+ val = (val << 8) | (old_val & 0x00ff);
+ break;
+ }
+ dp8393x_writew(opaque, addr & ~0x1, val);
+}
+
+static void dp8393x_writel(void *opaque, hwaddr addr, uint32_t val)
+{
+ dp8393x_writew(opaque, addr, val & 0xffff);
+ dp8393x_writew(opaque, addr + 2, (val >> 16) & 0xffff);
+}
+
+static const MemoryRegionOps dp8393x_ops = {
+ .old_mmio = {
+ .read = { dp8393x_readb, dp8393x_readw, dp8393x_readl, },
+ .write = { dp8393x_writeb, dp8393x_writew, dp8393x_writel, },
+ },
+ .endianness = DEVICE_NATIVE_ENDIAN,
+};
+
+static int nic_can_receive(NetClientState *nc)
+{
+ dp8393xState *s = qemu_get_nic_opaque(nc);
+
+ if (!(s->regs[SONIC_CR] & SONIC_CR_RXEN))
+ return 0;
+ if (s->regs[SONIC_ISR] & SONIC_ISR_RBE)
+ return 0;
+ return 1;
+}
+
+static int receive_filter(dp8393xState *s, const uint8_t * buf, int size)
+{
+ static const uint8_t bcast[] = {0xff, 0xff, 0xff, 0xff, 0xff, 0xff};
+ int i;
+
+ /* Check for runt packet (remember that checksum is not there) */
+ if (size < 64 - 4) {
+ return (s->regs[SONIC_RCR] & SONIC_RCR_RNT) ? 0 : -1;
+ }
+
+ /* Check promiscuous mode */
+ if ((s->regs[SONIC_RCR] & SONIC_RCR_PRO) && (buf[0] & 1) == 0) {
+ return 0;
+ }
+
+ /* Check multicast packets */
+ if ((s->regs[SONIC_RCR] & SONIC_RCR_AMC) && (buf[0] & 1) == 1) {
+ return SONIC_RCR_MC;
+ }
+
+ /* Check broadcast */
+ if ((s->regs[SONIC_RCR] & SONIC_RCR_BRD) && !memcmp(buf, bcast, sizeof(bcast))) {
+ return SONIC_RCR_BC;
+ }
+
+ /* Check CAM */
+ for (i = 0; i < 16; i++) {
+ if (s->regs[SONIC_CE] & (1 << i)) {
+ /* Entry enabled */
+ if (!memcmp(buf, s->cam[i], sizeof(s->cam[i]))) {
+ return 0;
+ }
+ }
+ }
+
+ return -1;
+}
+
+static ssize_t nic_receive(NetClientState *nc, const uint8_t * buf, size_t size)
+{
+ dp8393xState *s = qemu_get_nic_opaque(nc);
+ uint16_t data[10];
+ int packet_type;
+ uint32_t available, address;
+ int width, rx_len = size;
+ uint32_t checksum;
+
+ width = (s->regs[SONIC_DCR] & SONIC_DCR_DW) ? 2 : 1;
+
+ s->regs[SONIC_RCR] &= ~(SONIC_RCR_PRX | SONIC_RCR_LBK | SONIC_RCR_FAER |
+ SONIC_RCR_CRCR | SONIC_RCR_LPKT | SONIC_RCR_BC | SONIC_RCR_MC);
+
+ packet_type = receive_filter(s, buf, size);
+ if (packet_type < 0) {
+ DPRINTF("packet not for netcard\n");
+ return -1;
+ }
+
+ /* XXX: Check byte ordering */
+
+ /* Check for EOL */
+ if (s->regs[SONIC_LLFA] & 0x1) {
+ /* Are we still in resource exhaustion? */
+ size = sizeof(uint16_t) * 1 * width;
+ address = ((s->regs[SONIC_URDA] << 16) | s->regs[SONIC_CRDA]) + sizeof(uint16_t) * 5 * width;
+ s->memory_rw(s->mem_opaque, address, (uint8_t*)data, size, 0);
+ if (data[0 * width] & 0x1) {
+ /* Still EOL ; stop reception */
+ return -1;
+ } else {
+ s->regs[SONIC_CRDA] = s->regs[SONIC_LLFA];
+ }
+ }
+
+ /* Save current position */
+ s->regs[SONIC_TRBA1] = s->regs[SONIC_CRBA1];
+ s->regs[SONIC_TRBA0] = s->regs[SONIC_CRBA0];
+
+ /* Calculate the ethernet checksum */
+#ifdef SONIC_CALCULATE_RXCRC
+ checksum = cpu_to_le32(crc32(0, buf, rx_len));
+#else
+ checksum = 0;
+#endif
+
+ /* Put packet into RBA */
+ DPRINTF("Receive packet at %08x\n", (s->regs[SONIC_CRBA1] << 16) | s->regs[SONIC_CRBA0]);
+ address = (s->regs[SONIC_CRBA1] << 16) | s->regs[SONIC_CRBA0];
+ s->memory_rw(s->mem_opaque, address, (uint8_t*)buf, rx_len, 1);
+ address += rx_len;
+ s->memory_rw(s->mem_opaque, address, (uint8_t*)&checksum, 4, 1);
+ rx_len += 4;
+ s->regs[SONIC_CRBA1] = address >> 16;
+ s->regs[SONIC_CRBA0] = address & 0xffff;
+ available = (s->regs[SONIC_RBWC1] << 16) | s->regs[SONIC_RBWC0];
+ available -= rx_len / 2;
+ s->regs[SONIC_RBWC1] = available >> 16;
+ s->regs[SONIC_RBWC0] = available & 0xffff;
+
+ /* Update status */
+ if (((s->regs[SONIC_RBWC1] << 16) | s->regs[SONIC_RBWC0]) < s->regs[SONIC_EOBC]) {
+ s->regs[SONIC_RCR] |= SONIC_RCR_LPKT;
+ }
+ s->regs[SONIC_RCR] |= packet_type;
+ s->regs[SONIC_RCR] |= SONIC_RCR_PRX;
+ if (s->loopback_packet) {
+ s->regs[SONIC_RCR] |= SONIC_RCR_LBK;
+ s->loopback_packet = 0;
+ }
+
+ /* Write status to memory */
+ DPRINTF("Write status at %08x\n", (s->regs[SONIC_URDA] << 16) | s->regs[SONIC_CRDA]);
+ data[0 * width] = s->regs[SONIC_RCR]; /* status */
+ data[1 * width] = rx_len; /* byte count */
+ data[2 * width] = s->regs[SONIC_TRBA0]; /* pkt_ptr0 */
+ data[3 * width] = s->regs[SONIC_TRBA1]; /* pkt_ptr1 */
+ data[4 * width] = s->regs[SONIC_RSC]; /* seq_no */
+ size = sizeof(uint16_t) * 5 * width;
+ s->memory_rw(s->mem_opaque, (s->regs[SONIC_URDA] << 16) | s->regs[SONIC_CRDA], (uint8_t *)data, size, 1);
+
+ /* Move to next descriptor */
+ size = sizeof(uint16_t) * width;
+ s->memory_rw(s->mem_opaque,
+ ((s->regs[SONIC_URDA] << 16) | s->regs[SONIC_CRDA]) + sizeof(uint16_t) * 5 * width,
+ (uint8_t *)data, size, 0);
+ s->regs[SONIC_LLFA] = data[0 * width];
+ if (s->regs[SONIC_LLFA] & 0x1) {
+ /* EOL detected */
+ s->regs[SONIC_ISR] |= SONIC_ISR_RDE;
+ } else {
+ data[0 * width] = 0; /* in_use */
+ s->memory_rw(s->mem_opaque,
+ ((s->regs[SONIC_URDA] << 16) | s->regs[SONIC_CRDA]) + sizeof(uint16_t) * 6 * width,
+ (uint8_t *)data, size, 1);
+ s->regs[SONIC_CRDA] = s->regs[SONIC_LLFA];
+ s->regs[SONIC_ISR] |= SONIC_ISR_PKTRX;
+ s->regs[SONIC_RSC] = (s->regs[SONIC_RSC] & 0xff00) | (((s->regs[SONIC_RSC] & 0x00ff) + 1) & 0x00ff);
+
+ if (s->regs[SONIC_RCR] & SONIC_RCR_LPKT) {
+ /* Read next RRA */
+ do_read_rra(s);
+ }
+ }
+
+ /* Done */
+ dp8393x_update_irq(s);
+
+ return size;
+}
+
+static void nic_reset(void *opaque)
+{
+ dp8393xState *s = opaque;
+ qemu_del_timer(s->watchdog);
+
+ s->regs[SONIC_CR] = SONIC_CR_RST | SONIC_CR_STP | SONIC_CR_RXDIS;
+ s->regs[SONIC_DCR] &= ~(SONIC_DCR_EXBUS | SONIC_DCR_LBR);
+ s->regs[SONIC_RCR] &= ~(SONIC_RCR_LB0 | SONIC_RCR_LB1 | SONIC_RCR_BRD | SONIC_RCR_RNT);
+ s->regs[SONIC_TCR] |= SONIC_TCR_NCRS | SONIC_TCR_PTX;
+ s->regs[SONIC_TCR] &= ~SONIC_TCR_BCM;
+ s->regs[SONIC_IMR] = 0;
+ s->regs[SONIC_ISR] = 0;
+ s->regs[SONIC_DCR2] = 0;
+ s->regs[SONIC_EOBC] = 0x02F8;
+ s->regs[SONIC_RSC] = 0;
+ s->regs[SONIC_CE] = 0;
+ s->regs[SONIC_RSC] = 0;
+
+ /* Network cable is connected */
+ s->regs[SONIC_RCR] |= SONIC_RCR_CRS;
+
+ dp8393x_update_irq(s);
+}
+
+static void nic_cleanup(NetClientState *nc)
+{
+ dp8393xState *s = qemu_get_nic_opaque(nc);
+
+ memory_region_del_subregion(s->address_space, &s->mmio);
+ memory_region_destroy(&s->mmio);
+
+ qemu_del_timer(s->watchdog);
+ qemu_free_timer(s->watchdog);
+
+ g_free(s);
+}
+
+static NetClientInfo net_dp83932_info = {
+ .type = NET_CLIENT_OPTIONS_KIND_NIC,
+ .size = sizeof(NICState),
+ .can_receive = nic_can_receive,
+ .receive = nic_receive,
+ .cleanup = nic_cleanup,
+};
+
+void dp83932_init(NICInfo *nd, hwaddr base, int it_shift,
+ MemoryRegion *address_space,
+ qemu_irq irq, void* mem_opaque,
+ void (*memory_rw)(void *opaque, hwaddr addr, uint8_t *buf, int len, int is_write))
+{
+ dp8393xState *s;
+
+ qemu_check_nic_model(nd, "dp83932");
+
+ s = g_malloc0(sizeof(dp8393xState));
+
+ s->address_space = address_space;
+ s->mem_opaque = mem_opaque;
+ s->memory_rw = memory_rw;
+ s->it_shift = it_shift;
+ s->irq = irq;
+ s->watchdog = qemu_new_timer_ns(vm_clock, dp8393x_watchdog, s);
+ s->regs[SONIC_SR] = 0x0004; /* only revision recognized by Linux */
+
+ s->conf.macaddr = nd->macaddr;
+ s->conf.peers.ncs[0] = nd->netdev;
+
+ s->nic = qemu_new_nic(&net_dp83932_info, &s->conf, nd->model, nd->name, s);
+
+ qemu_format_nic_info_str(qemu_get_queue(s->nic), s->conf.macaddr.a);
+ qemu_register_reset(nic_reset, s);
+ nic_reset(s);
+
+ memory_region_init_io(&s->mmio, NULL, &dp8393x_ops, s,
+ "dp8393x", 0x40 << it_shift);
+ memory_region_add_subregion(address_space, base, &s->mmio);
+}
diff --git a/hw/net/e1000.c b/hw/net/e1000.c
new file mode 100644
index 000000000..fdb1f890b
--- /dev/null
+++ b/hw/net/e1000.c
@@ -0,0 +1,1422 @@
+/*
+ * QEMU e1000 emulation
+ *
+ * Software developer's manual:
+ * http://download.intel.com/design/network/manuals/8254x_GBe_SDM.pdf
+ *
+ * Nir Peleg, Tutis Systems Ltd. for Qumranet Inc.
+ * Copyright (c) 2008 Qumranet
+ * Based on work done by:
+ * Copyright (c) 2007 Dan Aloni
+ * Copyright (c) 2004 Antony T Curtis
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+
+#include "hw/hw.h"
+#include "hw/pci/pci.h"
+#include "net/net.h"
+#include "net/checksum.h"
+#include "hw/loader.h"
+#include "sysemu/sysemu.h"
+#include "sysemu/dma.h"
+
+#include "e1000_regs.h"
+
+#define E1000_DEBUG
+
+#ifdef E1000_DEBUG
+enum {
+ DEBUG_GENERAL, DEBUG_IO, DEBUG_MMIO, DEBUG_INTERRUPT,
+ DEBUG_RX, DEBUG_TX, DEBUG_MDIC, DEBUG_EEPROM,
+ DEBUG_UNKNOWN, DEBUG_TXSUM, DEBUG_TXERR, DEBUG_RXERR,
+ DEBUG_RXFILTER, DEBUG_PHY, DEBUG_NOTYET,
+};
+#define DBGBIT(x) (1<<DEBUG_##x)
+static int debugflags = DBGBIT(TXERR) | DBGBIT(GENERAL);
+
+#define DBGOUT(what, fmt, ...) do { \
+ if (debugflags & DBGBIT(what)) \
+ fprintf(stderr, "e1000: " fmt, ## __VA_ARGS__); \
+ } while (0)
+#else
+#define DBGOUT(what, fmt, ...) do {} while (0)
+#endif
+
+#define IOPORT_SIZE 0x40
+#define PNPMMIO_SIZE 0x20000
+#define MIN_BUF_SIZE 60 /* Min. octets in an ethernet frame sans FCS */
+
+/* this is the size past which hardware will drop packets when setting LPE=0 */
+#define MAXIMUM_ETHERNET_VLAN_SIZE 1522
+/* this is the size past which hardware will drop packets when setting LPE=1 */
+#define MAXIMUM_ETHERNET_LPE_SIZE 16384
+
+/*
+ * HW models:
+ * E1000_DEV_ID_82540EM works with Windows and Linux
+ * E1000_DEV_ID_82573L OK with windoze and Linux 2.6.22,
+ * appears to perform better than 82540EM, but breaks with Linux 2.6.18
+ * E1000_DEV_ID_82544GC_COPPER appears to work; not well tested
+ * Others never tested
+ */
+enum { E1000_DEVID = E1000_DEV_ID_82540EM };
+
+/*
+ * May need to specify additional MAC-to-PHY entries --
+ * Intel's Windows driver refuses to initialize unless they match
+ */
+enum {
+ PHY_ID2_INIT = E1000_DEVID == E1000_DEV_ID_82573L ? 0xcc2 :
+ E1000_DEVID == E1000_DEV_ID_82544GC_COPPER ? 0xc30 :
+ /* default to E1000_DEV_ID_82540EM */ 0xc20
+};
+
+typedef struct E1000State_st {
+ /*< private >*/
+ PCIDevice parent_obj;
+ /*< public >*/
+
+ NICState *nic;
+ NICConf conf;
+ MemoryRegion mmio;
+ MemoryRegion io;
+
+ uint32_t mac_reg[0x8000];
+ uint16_t phy_reg[0x20];
+ uint16_t eeprom_data[64];
+
+ uint32_t rxbuf_size;
+ uint32_t rxbuf_min_shift;
+ struct e1000_tx {
+ unsigned char header[256];
+ unsigned char vlan_header[4];
+ /* Fields vlan and data must not be reordered or separated. */
+ unsigned char vlan[4];
+ unsigned char data[0x10000];
+ uint16_t size;
+ unsigned char sum_needed;
+ unsigned char vlan_needed;
+ uint8_t ipcss;
+ uint8_t ipcso;
+ uint16_t ipcse;
+ uint8_t tucss;
+ uint8_t tucso;
+ uint16_t tucse;
+ uint8_t hdr_len;
+ uint16_t mss;
+ uint32_t paylen;
+ uint16_t tso_frames;
+ char tse;
+ int8_t ip;
+ int8_t tcp;
+ char cptse; // current packet tse bit
+ } tx;
+
+ struct {
+ uint32_t val_in; // shifted in from guest driver
+ uint16_t bitnum_in;
+ uint16_t bitnum_out;
+ uint16_t reading;
+ uint32_t old_eecd;
+ } eecd_state;
+
+ QEMUTimer *autoneg_timer;
+
+/* Compatibility flags for migration to/from qemu 1.3.0 and older */
+#define E1000_FLAG_AUTONEG_BIT 0
+#define E1000_FLAG_AUTONEG (1 << E1000_FLAG_AUTONEG_BIT)
+ uint32_t compat_flags;
+} E1000State;
+
+#define TYPE_E1000 "e1000"
+
+#define E1000(obj) \
+ OBJECT_CHECK(E1000State, (obj), TYPE_E1000)
+
+#define defreg(x) x = (E1000_##x>>2)
+enum {
+ defreg(CTRL), defreg(EECD), defreg(EERD), defreg(GPRC),
+ defreg(GPTC), defreg(ICR), defreg(ICS), defreg(IMC),
+ defreg(IMS), defreg(LEDCTL), defreg(MANC), defreg(MDIC),
+ defreg(MPC), defreg(PBA), defreg(RCTL), defreg(RDBAH),
+ defreg(RDBAL), defreg(RDH), defreg(RDLEN), defreg(RDT),
+ defreg(STATUS), defreg(SWSM), defreg(TCTL), defreg(TDBAH),
+ defreg(TDBAL), defreg(TDH), defreg(TDLEN), defreg(TDT),
+ defreg(TORH), defreg(TORL), defreg(TOTH), defreg(TOTL),
+ defreg(TPR), defreg(TPT), defreg(TXDCTL), defreg(WUFC),
+ defreg(RA), defreg(MTA), defreg(CRCERRS),defreg(VFTA),
+ defreg(VET),
+};
+
+static void
+e1000_link_down(E1000State *s)
+{
+ s->mac_reg[STATUS] &= ~E1000_STATUS_LU;
+ s->phy_reg[PHY_STATUS] &= ~MII_SR_LINK_STATUS;
+}
+
+static void
+e1000_link_up(E1000State *s)
+{
+ s->mac_reg[STATUS] |= E1000_STATUS_LU;
+ s->phy_reg[PHY_STATUS] |= MII_SR_LINK_STATUS;
+}
+
+static void
+set_phy_ctrl(E1000State *s, int index, uint16_t val)
+{
+ /*
+ * QEMU 1.3 does not support link auto-negotiation emulation, so if we
+ * migrate during auto negotiation, after migration the link will be
+ * down.
+ */
+ if (!(s->compat_flags & E1000_FLAG_AUTONEG)) {
+ return;
+ }
+ if ((val & MII_CR_AUTO_NEG_EN) && (val & MII_CR_RESTART_AUTO_NEG)) {
+ e1000_link_down(s);
+ s->phy_reg[PHY_STATUS] &= ~MII_SR_AUTONEG_COMPLETE;
+ DBGOUT(PHY, "Start link auto negotiation\n");
+ qemu_mod_timer(s->autoneg_timer, qemu_get_clock_ms(vm_clock) + 500);
+ }
+}
+
+static void
+e1000_autoneg_timer(void *opaque)
+{
+ E1000State *s = opaque;
+ if (!qemu_get_queue(s->nic)->link_down) {
+ e1000_link_up(s);
+ }
+ s->phy_reg[PHY_STATUS] |= MII_SR_AUTONEG_COMPLETE;
+ DBGOUT(PHY, "Auto negotiation is completed\n");
+}
+
+static void (*phyreg_writeops[])(E1000State *, int, uint16_t) = {
+ [PHY_CTRL] = set_phy_ctrl,
+};
+
+enum { NPHYWRITEOPS = ARRAY_SIZE(phyreg_writeops) };
+
+enum { PHY_R = 1, PHY_W = 2, PHY_RW = PHY_R | PHY_W };
+static const char phy_regcap[0x20] = {
+ [PHY_STATUS] = PHY_R, [M88E1000_EXT_PHY_SPEC_CTRL] = PHY_RW,
+ [PHY_ID1] = PHY_R, [M88E1000_PHY_SPEC_CTRL] = PHY_RW,
+ [PHY_CTRL] = PHY_RW, [PHY_1000T_CTRL] = PHY_RW,
+ [PHY_LP_ABILITY] = PHY_R, [PHY_1000T_STATUS] = PHY_R,
+ [PHY_AUTONEG_ADV] = PHY_RW, [M88E1000_RX_ERR_CNTR] = PHY_R,
+ [PHY_ID2] = PHY_R, [M88E1000_PHY_SPEC_STATUS] = PHY_R
+};
+
+static const uint16_t phy_reg_init[] = {
+ [PHY_CTRL] = 0x1140,
+ [PHY_STATUS] = 0x794d, /* link initially up with not completed autoneg */
+ [PHY_ID1] = 0x141, [PHY_ID2] = PHY_ID2_INIT,
+ [PHY_1000T_CTRL] = 0x0e00, [M88E1000_PHY_SPEC_CTRL] = 0x360,
+ [M88E1000_EXT_PHY_SPEC_CTRL] = 0x0d60, [PHY_AUTONEG_ADV] = 0xde1,
+ [PHY_LP_ABILITY] = 0x1e0, [PHY_1000T_STATUS] = 0x3c00,
+ [M88E1000_PHY_SPEC_STATUS] = 0xac00,
+};
+
+static const uint32_t mac_reg_init[] = {
+ [PBA] = 0x00100030,
+ [LEDCTL] = 0x602,
+ [CTRL] = E1000_CTRL_SWDPIN2 | E1000_CTRL_SWDPIN0 |
+ E1000_CTRL_SPD_1000 | E1000_CTRL_SLU,
+ [STATUS] = 0x80000000 | E1000_STATUS_GIO_MASTER_ENABLE |
+ E1000_STATUS_ASDV | E1000_STATUS_MTXCKOK |
+ E1000_STATUS_SPEED_1000 | E1000_STATUS_FD |
+ E1000_STATUS_LU,
+ [MANC] = E1000_MANC_EN_MNG2HOST | E1000_MANC_RCV_TCO_EN |
+ E1000_MANC_ARP_EN | E1000_MANC_0298_EN |
+ E1000_MANC_RMCP_EN,
+};
+
+static void
+set_interrupt_cause(E1000State *s, int index, uint32_t val)
+{
+ PCIDevice *d = PCI_DEVICE(s);
+
+ if (val && (E1000_DEVID >= E1000_DEV_ID_82547EI_MOBILE)) {
+ /* Only for 8257x */
+ val |= E1000_ICR_INT_ASSERTED;
+ }
+ s->mac_reg[ICR] = val;
+
+ /*
+ * Make sure ICR and ICS registers have the same value.
+ * The spec says that the ICS register is write-only. However in practice,
+ * on real hardware ICS is readable, and for reads it has the same value as
+ * ICR (except that ICS does not have the clear on read behaviour of ICR).
+ *
+ * The VxWorks PRO/1000 driver uses this behaviour.
+ */
+ s->mac_reg[ICS] = val;
+
+ qemu_set_irq(d->irq[0], (s->mac_reg[IMS] & s->mac_reg[ICR]) != 0);
+}
+
+static void
+set_ics(E1000State *s, int index, uint32_t val)
+{
+ DBGOUT(INTERRUPT, "set_ics %x, ICR %x, IMR %x\n", val, s->mac_reg[ICR],
+ s->mac_reg[IMS]);
+ set_interrupt_cause(s, 0, val | s->mac_reg[ICR]);
+}
+
+static int
+rxbufsize(uint32_t v)
+{
+ v &= E1000_RCTL_BSEX | E1000_RCTL_SZ_16384 | E1000_RCTL_SZ_8192 |
+ E1000_RCTL_SZ_4096 | E1000_RCTL_SZ_2048 | E1000_RCTL_SZ_1024 |
+ E1000_RCTL_SZ_512 | E1000_RCTL_SZ_256;
+ switch (v) {
+ case E1000_RCTL_BSEX | E1000_RCTL_SZ_16384:
+ return 16384;
+ case E1000_RCTL_BSEX | E1000_RCTL_SZ_8192:
+ return 8192;
+ case E1000_RCTL_BSEX | E1000_RCTL_SZ_4096:
+ return 4096;
+ case E1000_RCTL_SZ_1024:
+ return 1024;
+ case E1000_RCTL_SZ_512:
+ return 512;
+ case E1000_RCTL_SZ_256:
+ return 256;
+ }
+ return 2048;
+}
+
+static void e1000_reset(void *opaque)
+{
+ E1000State *d = opaque;
+ uint8_t *macaddr = d->conf.macaddr.a;
+ int i;
+
+ qemu_del_timer(d->autoneg_timer);
+ memset(d->phy_reg, 0, sizeof d->phy_reg);
+ memmove(d->phy_reg, phy_reg_init, sizeof phy_reg_init);
+ memset(d->mac_reg, 0, sizeof d->mac_reg);
+ memmove(d->mac_reg, mac_reg_init, sizeof mac_reg_init);
+ d->rxbuf_min_shift = 1;
+ memset(&d->tx, 0, sizeof d->tx);
+
+ if (qemu_get_queue(d->nic)->link_down) {
+ e1000_link_down(d);
+ }
+
+ /* Some guests expect pre-initialized RAH/RAL (AddrValid flag + MACaddr) */
+ d->mac_reg[RA] = 0;
+ d->mac_reg[RA + 1] = E1000_RAH_AV;
+ for (i = 0; i < 4; i++) {
+ d->mac_reg[RA] |= macaddr[i] << (8 * i);
+ d->mac_reg[RA + 1] |= (i < 2) ? macaddr[i + 4] << (8 * i) : 0;
+ }
+}
+
+static void
+set_ctrl(E1000State *s, int index, uint32_t val)
+{
+ /* RST is self clearing */
+ s->mac_reg[CTRL] = val & ~E1000_CTRL_RST;
+}
+
+static void
+set_rx_control(E1000State *s, int index, uint32_t val)
+{
+ s->mac_reg[RCTL] = val;
+ s->rxbuf_size = rxbufsize(val);
+ s->rxbuf_min_shift = ((val / E1000_RCTL_RDMTS_QUAT) & 3) + 1;
+ DBGOUT(RX, "RCTL: %d, mac_reg[RCTL] = 0x%x\n", s->mac_reg[RDT],
+ s->mac_reg[RCTL]);
+ qemu_flush_queued_packets(qemu_get_queue(s->nic));
+}
+
+static void
+set_mdic(E1000State *s, int index, uint32_t val)
+{
+ uint32_t data = val & E1000_MDIC_DATA_MASK;
+ uint32_t addr = ((val & E1000_MDIC_REG_MASK) >> E1000_MDIC_REG_SHIFT);
+
+ if ((val & E1000_MDIC_PHY_MASK) >> E1000_MDIC_PHY_SHIFT != 1) // phy #
+ val = s->mac_reg[MDIC] | E1000_MDIC_ERROR;
+ else if (val & E1000_MDIC_OP_READ) {
+ DBGOUT(MDIC, "MDIC read reg 0x%x\n", addr);
+ if (!(phy_regcap[addr] & PHY_R)) {
+ DBGOUT(MDIC, "MDIC read reg %x unhandled\n", addr);
+ val |= E1000_MDIC_ERROR;
+ } else
+ val = (val ^ data) | s->phy_reg[addr];
+ } else if (val & E1000_MDIC_OP_WRITE) {
+ DBGOUT(MDIC, "MDIC write reg 0x%x, value 0x%x\n", addr, data);
+ if (!(phy_regcap[addr] & PHY_W)) {
+ DBGOUT(MDIC, "MDIC write reg %x unhandled\n", addr);
+ val |= E1000_MDIC_ERROR;
+ } else {
+ if (addr < NPHYWRITEOPS && phyreg_writeops[addr]) {
+ phyreg_writeops[addr](s, index, data);
+ }
+ s->phy_reg[addr] = data;
+ }
+ }
+ s->mac_reg[MDIC] = val | E1000_MDIC_READY;
+
+ if (val & E1000_MDIC_INT_EN) {
+ set_ics(s, 0, E1000_ICR_MDAC);
+ }
+}
+
+static uint32_t
+get_eecd(E1000State *s, int index)
+{
+ uint32_t ret = E1000_EECD_PRES|E1000_EECD_GNT | s->eecd_state.old_eecd;
+
+ DBGOUT(EEPROM, "reading eeprom bit %d (reading %d)\n",
+ s->eecd_state.bitnum_out, s->eecd_state.reading);
+ if (!s->eecd_state.reading ||
+ ((s->eeprom_data[(s->eecd_state.bitnum_out >> 4) & 0x3f] >>
+ ((s->eecd_state.bitnum_out & 0xf) ^ 0xf))) & 1)
+ ret |= E1000_EECD_DO;
+ return ret;
+}
+
+static void
+set_eecd(E1000State *s, int index, uint32_t val)
+{
+ uint32_t oldval = s->eecd_state.old_eecd;
+
+ s->eecd_state.old_eecd = val & (E1000_EECD_SK | E1000_EECD_CS |
+ E1000_EECD_DI|E1000_EECD_FWE_MASK|E1000_EECD_REQ);
+ if (!(E1000_EECD_CS & val)) // CS inactive; nothing to do
+ return;
+ if (E1000_EECD_CS & (val ^ oldval)) { // CS rise edge; reset state
+ s->eecd_state.val_in = 0;
+ s->eecd_state.bitnum_in = 0;
+ s->eecd_state.bitnum_out = 0;
+ s->eecd_state.reading = 0;
+ }
+ if (!(E1000_EECD_SK & (val ^ oldval))) // no clock edge
+ return;
+ if (!(E1000_EECD_SK & val)) { // falling edge
+ s->eecd_state.bitnum_out++;
+ return;
+ }
+ s->eecd_state.val_in <<= 1;
+ if (val & E1000_EECD_DI)
+ s->eecd_state.val_in |= 1;
+ if (++s->eecd_state.bitnum_in == 9 && !s->eecd_state.reading) {
+ s->eecd_state.bitnum_out = ((s->eecd_state.val_in & 0x3f)<<4)-1;
+ s->eecd_state.reading = (((s->eecd_state.val_in >> 6) & 7) ==
+ EEPROM_READ_OPCODE_MICROWIRE);
+ }
+ DBGOUT(EEPROM, "eeprom bitnum in %d out %d, reading %d\n",
+ s->eecd_state.bitnum_in, s->eecd_state.bitnum_out,
+ s->eecd_state.reading);
+}
+
+static uint32_t
+flash_eerd_read(E1000State *s, int x)
+{
+ unsigned int index, r = s->mac_reg[EERD] & ~E1000_EEPROM_RW_REG_START;
+
+ if ((s->mac_reg[EERD] & E1000_EEPROM_RW_REG_START) == 0)
+ return (s->mac_reg[EERD]);
+
+ if ((index = r >> E1000_EEPROM_RW_ADDR_SHIFT) > EEPROM_CHECKSUM_REG)
+ return (E1000_EEPROM_RW_REG_DONE | r);
+
+ return ((s->eeprom_data[index] << E1000_EEPROM_RW_REG_DATA) |
+ E1000_EEPROM_RW_REG_DONE | r);
+}
+
+static void
+putsum(uint8_t *data, uint32_t n, uint32_t sloc, uint32_t css, uint32_t cse)
+{
+ uint32_t sum;
+
+ if (cse && cse < n)
+ n = cse + 1;
+ if (sloc < n-1) {
+ sum = net_checksum_add(n-css, data+css);
+ cpu_to_be16wu((uint16_t *)(data + sloc),
+ net_checksum_finish(sum));
+ }
+}
+
+static inline int
+vlan_enabled(E1000State *s)
+{
+ return ((s->mac_reg[CTRL] & E1000_CTRL_VME) != 0);
+}
+
+static inline int
+vlan_rx_filter_enabled(E1000State *s)
+{
+ return ((s->mac_reg[RCTL] & E1000_RCTL_VFE) != 0);
+}
+
+static inline int
+is_vlan_packet(E1000State *s, const uint8_t *buf)
+{
+ return (be16_to_cpup((uint16_t *)(buf + 12)) ==
+ le16_to_cpup((uint16_t *)(s->mac_reg + VET)));
+}
+
+static inline int
+is_vlan_txd(uint32_t txd_lower)
+{
+ return ((txd_lower & E1000_TXD_CMD_VLE) != 0);
+}
+
+/* FCS aka Ethernet CRC-32. We don't get it from backends and can't
+ * fill it in, just pad descriptor length by 4 bytes unless guest
+ * told us to strip it off the packet. */
+static inline int
+fcs_len(E1000State *s)
+{
+ return (s->mac_reg[RCTL] & E1000_RCTL_SECRC) ? 0 : 4;
+}
+
+static void
+e1000_send_packet(E1000State *s, const uint8_t *buf, int size)
+{
+ NetClientState *nc = qemu_get_queue(s->nic);
+ if (s->phy_reg[PHY_CTRL] & MII_CR_LOOPBACK) {
+ nc->info->receive(nc, buf, size);
+ } else {
+ qemu_send_packet(nc, buf, size);
+ }
+}
+
+static void
+xmit_seg(E1000State *s)
+{
+ uint16_t len, *sp;
+ unsigned int frames = s->tx.tso_frames, css, sofar, n;
+ struct e1000_tx *tp = &s->tx;
+
+ if (tp->tse && tp->cptse) {
+ css = tp->ipcss;
+ DBGOUT(TXSUM, "frames %d size %d ipcss %d\n",
+ frames, tp->size, css);
+ if (tp->ip) { // IPv4
+ cpu_to_be16wu((uint16_t *)(tp->data+css+2),
+ tp->size - css);
+ cpu_to_be16wu((uint16_t *)(tp->data+css+4),
+ be16_to_cpup((uint16_t *)(tp->data+css+4))+frames);
+ } else // IPv6
+ cpu_to_be16wu((uint16_t *)(tp->data+css+4),
+ tp->size - css);
+ css = tp->tucss;
+ len = tp->size - css;
+ DBGOUT(TXSUM, "tcp %d tucss %d len %d\n", tp->tcp, css, len);
+ if (tp->tcp) {
+ sofar = frames * tp->mss;
+ cpu_to_be32wu((uint32_t *)(tp->data+css+4), // seq
+ be32_to_cpupu((uint32_t *)(tp->data+css+4))+sofar);
+ if (tp->paylen - sofar > tp->mss)
+ tp->data[css + 13] &= ~9; // PSH, FIN
+ } else // UDP
+ cpu_to_be16wu((uint16_t *)(tp->data+css+4), len);
+ if (tp->sum_needed & E1000_TXD_POPTS_TXSM) {
+ unsigned int phsum;
+ // add pseudo-header length before checksum calculation
+ sp = (uint16_t *)(tp->data + tp->tucso);
+ phsum = be16_to_cpup(sp) + len;
+ phsum = (phsum >> 16) + (phsum & 0xffff);
+ cpu_to_be16wu(sp, phsum);
+ }
+ tp->tso_frames++;
+ }
+
+ if (tp->sum_needed & E1000_TXD_POPTS_TXSM)
+ putsum(tp->data, tp->size, tp->tucso, tp->tucss, tp->tucse);
+ if (tp->sum_needed & E1000_TXD_POPTS_IXSM)
+ putsum(tp->data, tp->size, tp->ipcso, tp->ipcss, tp->ipcse);
+ if (tp->vlan_needed) {
+ memmove(tp->vlan, tp->data, 4);
+ memmove(tp->data, tp->data + 4, 8);
+ memcpy(tp->data + 8, tp->vlan_header, 4);
+ e1000_send_packet(s, tp->vlan, tp->size + 4);
+ } else
+ e1000_send_packet(s, tp->data, tp->size);
+ s->mac_reg[TPT]++;
+ s->mac_reg[GPTC]++;
+ n = s->mac_reg[TOTL];
+ if ((s->mac_reg[TOTL] += s->tx.size) < n)
+ s->mac_reg[TOTH]++;
+}
+
+static void
+process_tx_desc(E1000State *s, struct e1000_tx_desc *dp)
+{
+ PCIDevice *d = PCI_DEVICE(s);
+ uint32_t txd_lower = le32_to_cpu(dp->lower.data);
+ uint32_t dtype = txd_lower & (E1000_TXD_CMD_DEXT | E1000_TXD_DTYP_D);
+ unsigned int split_size = txd_lower & 0xffff, bytes, sz, op;
+ unsigned int msh = 0xfffff;
+ uint64_t addr;
+ struct e1000_context_desc *xp = (struct e1000_context_desc *)dp;
+ struct e1000_tx *tp = &s->tx;
+
+ if (dtype == E1000_TXD_CMD_DEXT) { // context descriptor
+ op = le32_to_cpu(xp->cmd_and_length);
+ tp->ipcss = xp->lower_setup.ip_fields.ipcss;
+ tp->ipcso = xp->lower_setup.ip_fields.ipcso;
+ tp->ipcse = le16_to_cpu(xp->lower_setup.ip_fields.ipcse);
+ tp->tucss = xp->upper_setup.tcp_fields.tucss;
+ tp->tucso = xp->upper_setup.tcp_fields.tucso;
+ tp->tucse = le16_to_cpu(xp->upper_setup.tcp_fields.tucse);
+ tp->paylen = op & 0xfffff;
+ tp->hdr_len = xp->tcp_seg_setup.fields.hdr_len;
+ tp->mss = le16_to_cpu(xp->tcp_seg_setup.fields.mss);
+ tp->ip = (op & E1000_TXD_CMD_IP) ? 1 : 0;
+ tp->tcp = (op & E1000_TXD_CMD_TCP) ? 1 : 0;
+ tp->tse = (op & E1000_TXD_CMD_TSE) ? 1 : 0;
+ tp->tso_frames = 0;
+ if (tp->tucso == 0) { // this is probably wrong
+ DBGOUT(TXSUM, "TCP/UDP: cso 0!\n");
+ tp->tucso = tp->tucss + (tp->tcp ? 16 : 6);
+ }
+ return;
+ } else if (dtype == (E1000_TXD_CMD_DEXT | E1000_TXD_DTYP_D)) {
+ // data descriptor
+ if (tp->size == 0) {
+ tp->sum_needed = le32_to_cpu(dp->upper.data) >> 8;
+ }
+ tp->cptse = ( txd_lower & E1000_TXD_CMD_TSE ) ? 1 : 0;
+ } else {
+ // legacy descriptor
+ tp->cptse = 0;
+ }
+
+ if (vlan_enabled(s) && is_vlan_txd(txd_lower) &&
+ (tp->cptse || txd_lower & E1000_TXD_CMD_EOP)) {
+ tp->vlan_needed = 1;
+ cpu_to_be16wu((uint16_t *)(tp->vlan_header),
+ le16_to_cpup((uint16_t *)(s->mac_reg + VET)));
+ cpu_to_be16wu((uint16_t *)(tp->vlan_header + 2),
+ le16_to_cpu(dp->upper.fields.special));
+ }
+
+ addr = le64_to_cpu(dp->buffer_addr);
+ if (tp->tse && tp->cptse) {
+ msh = tp->hdr_len + tp->mss;
+ do {
+ bytes = split_size;
+ if (tp->size + bytes > msh)
+ bytes = msh - tp->size;
+
+ bytes = MIN(sizeof(tp->data) - tp->size, bytes);
+ pci_dma_read(d, addr, tp->data + tp->size, bytes);
+ sz = tp->size + bytes;
+ if (sz >= tp->hdr_len && tp->size < tp->hdr_len) {
+ memmove(tp->header, tp->data, tp->hdr_len);
+ }
+ tp->size = sz;
+ addr += bytes;
+ if (sz == msh) {
+ xmit_seg(s);
+ memmove(tp->data, tp->header, tp->hdr_len);
+ tp->size = tp->hdr_len;
+ }
+ } while (split_size -= bytes);
+ } else if (!tp->tse && tp->cptse) {
+ // context descriptor TSE is not set, while data descriptor TSE is set
+ DBGOUT(TXERR, "TCP segmentation error\n");
+ } else {
+ split_size = MIN(sizeof(tp->data) - tp->size, split_size);
+ pci_dma_read(d, addr, tp->data + tp->size, split_size);
+ tp->size += split_size;
+ }
+
+ if (!(txd_lower & E1000_TXD_CMD_EOP))
+ return;
+ if (!(tp->tse && tp->cptse && tp->size < tp->hdr_len)) {
+ xmit_seg(s);
+ }
+ tp->tso_frames = 0;
+ tp->sum_needed = 0;
+ tp->vlan_needed = 0;
+ tp->size = 0;
+ tp->cptse = 0;
+}
+
+static uint32_t
+txdesc_writeback(E1000State *s, dma_addr_t base, struct e1000_tx_desc *dp)
+{
+ PCIDevice *d = PCI_DEVICE(s);
+ uint32_t txd_upper, txd_lower = le32_to_cpu(dp->lower.data);
+
+ if (!(txd_lower & (E1000_TXD_CMD_RS|E1000_TXD_CMD_RPS)))
+ return 0;
+ txd_upper = (le32_to_cpu(dp->upper.data) | E1000_TXD_STAT_DD) &
+ ~(E1000_TXD_STAT_EC | E1000_TXD_STAT_LC | E1000_TXD_STAT_TU);
+ dp->upper.data = cpu_to_le32(txd_upper);
+ pci_dma_write(d, base + ((char *)&dp->upper - (char *)dp),
+ &dp->upper, sizeof(dp->upper));
+ return E1000_ICR_TXDW;
+}
+
+static uint64_t tx_desc_base(E1000State *s)
+{
+ uint64_t bah = s->mac_reg[TDBAH];
+ uint64_t bal = s->mac_reg[TDBAL] & ~0xf;
+
+ return (bah << 32) + bal;
+}
+
+static void
+start_xmit(E1000State *s)
+{
+ PCIDevice *d = PCI_DEVICE(s);
+ dma_addr_t base;
+ struct e1000_tx_desc desc;
+ uint32_t tdh_start = s->mac_reg[TDH], cause = E1000_ICS_TXQE;
+
+ if (!(s->mac_reg[TCTL] & E1000_TCTL_EN)) {
+ DBGOUT(TX, "tx disabled\n");
+ return;
+ }
+
+ while (s->mac_reg[TDH] != s->mac_reg[TDT]) {
+ base = tx_desc_base(s) +
+ sizeof(struct e1000_tx_desc) * s->mac_reg[TDH];
+ pci_dma_read(d, base, &desc, sizeof(desc));
+
+ DBGOUT(TX, "index %d: %p : %x %x\n", s->mac_reg[TDH],
+ (void *)(intptr_t)desc.buffer_addr, desc.lower.data,
+ desc.upper.data);
+
+ process_tx_desc(s, &desc);
+ cause |= txdesc_writeback(s, base, &desc);
+
+ if (++s->mac_reg[TDH] * sizeof(desc) >= s->mac_reg[TDLEN])
+ s->mac_reg[TDH] = 0;
+ /*
+ * the following could happen only if guest sw assigns
+ * bogus values to TDT/TDLEN.
+ * there's nothing too intelligent we could do about this.
+ */
+ if (s->mac_reg[TDH] == tdh_start) {
+ DBGOUT(TXERR, "TDH wraparound @%x, TDT %x, TDLEN %x\n",
+ tdh_start, s->mac_reg[TDT], s->mac_reg[TDLEN]);
+ break;
+ }
+ }
+ set_ics(s, 0, cause);
+}
+
+static int
+receive_filter(E1000State *s, const uint8_t *buf, int size)
+{
+ static const uint8_t bcast[] = {0xff, 0xff, 0xff, 0xff, 0xff, 0xff};
+ static const int mta_shift[] = {4, 3, 2, 0};
+ uint32_t f, rctl = s->mac_reg[RCTL], ra[2], *rp;
+
+ if (is_vlan_packet(s, buf) && vlan_rx_filter_enabled(s)) {
+ uint16_t vid = be16_to_cpup((uint16_t *)(buf + 14));
+ uint32_t vfta = le32_to_cpup((uint32_t *)(s->mac_reg + VFTA) +
+ ((vid >> 5) & 0x7f));
+ if ((vfta & (1 << (vid & 0x1f))) == 0)
+ return 0;
+ }
+
+ if (rctl & E1000_RCTL_UPE) // promiscuous
+ return 1;
+
+ if ((buf[0] & 1) && (rctl & E1000_RCTL_MPE)) // promiscuous mcast
+ return 1;
+
+ if ((rctl & E1000_RCTL_BAM) && !memcmp(buf, bcast, sizeof bcast))
+ return 1;
+
+ for (rp = s->mac_reg + RA; rp < s->mac_reg + RA + 32; rp += 2) {
+ if (!(rp[1] & E1000_RAH_AV))
+ continue;
+ ra[0] = cpu_to_le32(rp[0]);
+ ra[1] = cpu_to_le32(rp[1]);
+ if (!memcmp(buf, (uint8_t *)ra, 6)) {
+ DBGOUT(RXFILTER,
+ "unicast match[%d]: %02x:%02x:%02x:%02x:%02x:%02x\n",
+ (int)(rp - s->mac_reg - RA)/2,
+ buf[0], buf[1], buf[2], buf[3], buf[4], buf[5]);
+ return 1;
+ }
+ }
+ DBGOUT(RXFILTER, "unicast mismatch: %02x:%02x:%02x:%02x:%02x:%02x\n",
+ buf[0], buf[1], buf[2], buf[3], buf[4], buf[5]);
+
+ f = mta_shift[(rctl >> E1000_RCTL_MO_SHIFT) & 3];
+ f = (((buf[5] << 8) | buf[4]) >> f) & 0xfff;
+ if (s->mac_reg[MTA + (f >> 5)] & (1 << (f & 0x1f)))
+ return 1;
+ DBGOUT(RXFILTER,
+ "dropping, inexact filter mismatch: %02x:%02x:%02x:%02x:%02x:%02x MO %d MTA[%d] %x\n",
+ buf[0], buf[1], buf[2], buf[3], buf[4], buf[5],
+ (rctl >> E1000_RCTL_MO_SHIFT) & 3, f >> 5,
+ s->mac_reg[MTA + (f >> 5)]);
+
+ return 0;
+}
+
+static void
+e1000_set_link_status(NetClientState *nc)
+{
+ E1000State *s = qemu_get_nic_opaque(nc);
+ uint32_t old_status = s->mac_reg[STATUS];
+
+ if (nc->link_down) {
+ e1000_link_down(s);
+ } else {
+ e1000_link_up(s);
+ }
+
+ if (s->mac_reg[STATUS] != old_status)
+ set_ics(s, 0, E1000_ICR_LSC);
+}
+
+static bool e1000_has_rxbufs(E1000State *s, size_t total_size)
+{
+ int bufs;
+ /* Fast-path short packets */
+ if (total_size <= s->rxbuf_size) {
+ return s->mac_reg[RDH] != s->mac_reg[RDT];
+ }
+ if (s->mac_reg[RDH] < s->mac_reg[RDT]) {
+ bufs = s->mac_reg[RDT] - s->mac_reg[RDH];
+ } else if (s->mac_reg[RDH] > s->mac_reg[RDT]) {
+ bufs = s->mac_reg[RDLEN] / sizeof(struct e1000_rx_desc) +
+ s->mac_reg[RDT] - s->mac_reg[RDH];
+ } else {
+ return false;
+ }
+ return total_size <= bufs * s->rxbuf_size;
+}
+
+static int
+e1000_can_receive(NetClientState *nc)
+{
+ E1000State *s = qemu_get_nic_opaque(nc);
+
+ return (s->mac_reg[STATUS] & E1000_STATUS_LU) &&
+ (s->mac_reg[RCTL] & E1000_RCTL_EN) && e1000_has_rxbufs(s, 1);
+}
+
+static uint64_t rx_desc_base(E1000State *s)
+{
+ uint64_t bah = s->mac_reg[RDBAH];
+ uint64_t bal = s->mac_reg[RDBAL] & ~0xf;
+
+ return (bah << 32) + bal;
+}
+
+static ssize_t
+e1000_receive(NetClientState *nc, const uint8_t *buf, size_t size)
+{
+ E1000State *s = qemu_get_nic_opaque(nc);
+ PCIDevice *d = PCI_DEVICE(s);
+ struct e1000_rx_desc desc;
+ dma_addr_t base;
+ unsigned int n, rdt;
+ uint32_t rdh_start;
+ uint16_t vlan_special = 0;
+ uint8_t vlan_status = 0, vlan_offset = 0;
+ uint8_t min_buf[MIN_BUF_SIZE];
+ size_t desc_offset;
+ size_t desc_size;
+ size_t total_size;
+
+ if (!(s->mac_reg[STATUS] & E1000_STATUS_LU)) {
+ return -1;
+ }
+
+ if (!(s->mac_reg[RCTL] & E1000_RCTL_EN)) {
+ return -1;
+ }
+
+ /* Pad to minimum Ethernet frame length */
+ if (size < sizeof(min_buf)) {
+ memcpy(min_buf, buf, size);
+ memset(&min_buf[size], 0, sizeof(min_buf) - size);
+ buf = min_buf;
+ size = sizeof(min_buf);
+ }
+
+ /* Discard oversized packets if !LPE and !SBP. */
+ if ((size > MAXIMUM_ETHERNET_LPE_SIZE ||
+ (size > MAXIMUM_ETHERNET_VLAN_SIZE
+ && !(s->mac_reg[RCTL] & E1000_RCTL_LPE)))
+ && !(s->mac_reg[RCTL] & E1000_RCTL_SBP)) {
+ return size;
+ }
+
+ if (!receive_filter(s, buf, size))
+ return size;
+
+ if (vlan_enabled(s) && is_vlan_packet(s, buf)) {
+ vlan_special = cpu_to_le16(be16_to_cpup((uint16_t *)(buf + 14)));
+ memmove((uint8_t *)buf + 4, buf, 12);
+ vlan_status = E1000_RXD_STAT_VP;
+ vlan_offset = 4;
+ size -= 4;
+ }
+
+ rdh_start = s->mac_reg[RDH];
+ desc_offset = 0;
+ total_size = size + fcs_len(s);
+ if (!e1000_has_rxbufs(s, total_size)) {
+ set_ics(s, 0, E1000_ICS_RXO);
+ return -1;
+ }
+ do {
+ desc_size = total_size - desc_offset;
+ if (desc_size > s->rxbuf_size) {
+ desc_size = s->rxbuf_size;
+ }
+ base = rx_desc_base(s) + sizeof(desc) * s->mac_reg[RDH];
+ pci_dma_read(d, base, &desc, sizeof(desc));
+ desc.special = vlan_special;
+ desc.status |= (vlan_status | E1000_RXD_STAT_DD);
+ if (desc.buffer_addr) {
+ if (desc_offset < size) {
+ size_t copy_size = size - desc_offset;
+ if (copy_size > s->rxbuf_size) {
+ copy_size = s->rxbuf_size;
+ }
+ pci_dma_write(d, le64_to_cpu(desc.buffer_addr),
+ buf + desc_offset + vlan_offset, copy_size);
+ }
+ desc_offset += desc_size;
+ desc.length = cpu_to_le16(desc_size);
+ if (desc_offset >= total_size) {
+ desc.status |= E1000_RXD_STAT_EOP | E1000_RXD_STAT_IXSM;
+ } else {
+ /* Guest zeroing out status is not a hardware requirement.
+ Clear EOP in case guest didn't do it. */
+ desc.status &= ~E1000_RXD_STAT_EOP;
+ }
+ } else { // as per intel docs; skip descriptors with null buf addr
+ DBGOUT(RX, "Null RX descriptor!!\n");
+ }
+ pci_dma_write(d, base, &desc, sizeof(desc));
+
+ if (++s->mac_reg[RDH] * sizeof(desc) >= s->mac_reg[RDLEN])
+ s->mac_reg[RDH] = 0;
+ /* see comment in start_xmit; same here */
+ if (s->mac_reg[RDH] == rdh_start) {
+ DBGOUT(RXERR, "RDH wraparound @%x, RDT %x, RDLEN %x\n",
+ rdh_start, s->mac_reg[RDT], s->mac_reg[RDLEN]);
+ set_ics(s, 0, E1000_ICS_RXO);
+ return -1;
+ }
+ } while (desc_offset < total_size);
+
+ s->mac_reg[GPRC]++;
+ s->mac_reg[TPR]++;
+ /* TOR - Total Octets Received:
+ * This register includes bytes received in a packet from the <Destination
+ * Address> field through the <CRC> field, inclusively.
+ */
+ n = s->mac_reg[TORL] + size + /* Always include FCS length. */ 4;
+ if (n < s->mac_reg[TORL])
+ s->mac_reg[TORH]++;
+ s->mac_reg[TORL] = n;
+
+ n = E1000_ICS_RXT0;
+ if ((rdt = s->mac_reg[RDT]) < s->mac_reg[RDH])
+ rdt += s->mac_reg[RDLEN] / sizeof(desc);
+ if (((rdt - s->mac_reg[RDH]) * sizeof(desc)) <= s->mac_reg[RDLEN] >>
+ s->rxbuf_min_shift)
+ n |= E1000_ICS_RXDMT0;
+
+ set_ics(s, 0, n);
+
+ return size;
+}
+
+static uint32_t
+mac_readreg(E1000State *s, int index)
+{
+ return s->mac_reg[index];
+}
+
+static uint32_t
+mac_icr_read(E1000State *s, int index)
+{
+ uint32_t ret = s->mac_reg[ICR];
+
+ DBGOUT(INTERRUPT, "ICR read: %x\n", ret);
+ set_interrupt_cause(s, 0, 0);
+ return ret;
+}
+
+static uint32_t
+mac_read_clr4(E1000State *s, int index)
+{
+ uint32_t ret = s->mac_reg[index];
+
+ s->mac_reg[index] = 0;
+ return ret;
+}
+
+static uint32_t
+mac_read_clr8(E1000State *s, int index)
+{
+ uint32_t ret = s->mac_reg[index];
+
+ s->mac_reg[index] = 0;
+ s->mac_reg[index-1] = 0;
+ return ret;
+}
+
+static void
+mac_writereg(E1000State *s, int index, uint32_t val)
+{
+ s->mac_reg[index] = val;
+}
+
+static void
+set_rdt(E1000State *s, int index, uint32_t val)
+{
+ s->mac_reg[index] = val & 0xffff;
+ if (e1000_has_rxbufs(s, 1)) {
+ qemu_flush_queued_packets(qemu_get_queue(s->nic));
+ }
+}
+
+static void
+set_16bit(E1000State *s, int index, uint32_t val)
+{
+ s->mac_reg[index] = val & 0xffff;
+}
+
+static void
+set_dlen(E1000State *s, int index, uint32_t val)
+{
+ s->mac_reg[index] = val & 0xfff80;
+}
+
+static void
+set_tctl(E1000State *s, int index, uint32_t val)
+{
+ s->mac_reg[index] = val;
+ s->mac_reg[TDT] &= 0xffff;
+ start_xmit(s);
+}
+
+static void
+set_icr(E1000State *s, int index, uint32_t val)
+{
+ DBGOUT(INTERRUPT, "set_icr %x\n", val);
+ set_interrupt_cause(s, 0, s->mac_reg[ICR] & ~val);
+}
+
+static void
+set_imc(E1000State *s, int index, uint32_t val)
+{
+ s->mac_reg[IMS] &= ~val;
+ set_ics(s, 0, 0);
+}
+
+static void
+set_ims(E1000State *s, int index, uint32_t val)
+{
+ s->mac_reg[IMS] |= val;
+ set_ics(s, 0, 0);
+}
+
+#define getreg(x) [x] = mac_readreg
+static uint32_t (*macreg_readops[])(E1000State *, int) = {
+ getreg(PBA), getreg(RCTL), getreg(TDH), getreg(TXDCTL),
+ getreg(WUFC), getreg(TDT), getreg(CTRL), getreg(LEDCTL),
+ getreg(MANC), getreg(MDIC), getreg(SWSM), getreg(STATUS),
+ getreg(TORL), getreg(TOTL), getreg(IMS), getreg(TCTL),
+ getreg(RDH), getreg(RDT), getreg(VET), getreg(ICS),
+ getreg(TDBAL), getreg(TDBAH), getreg(RDBAH), getreg(RDBAL),
+ getreg(TDLEN), getreg(RDLEN),
+
+ [TOTH] = mac_read_clr8, [TORH] = mac_read_clr8, [GPRC] = mac_read_clr4,
+ [GPTC] = mac_read_clr4, [TPR] = mac_read_clr4, [TPT] = mac_read_clr4,
+ [ICR] = mac_icr_read, [EECD] = get_eecd, [EERD] = flash_eerd_read,
+ [CRCERRS ... MPC] = &mac_readreg,
+ [RA ... RA+31] = &mac_readreg,
+ [MTA ... MTA+127] = &mac_readreg,
+ [VFTA ... VFTA+127] = &mac_readreg,
+};
+enum { NREADOPS = ARRAY_SIZE(macreg_readops) };
+
+#define putreg(x) [x] = mac_writereg
+static void (*macreg_writeops[])(E1000State *, int, uint32_t) = {
+ putreg(PBA), putreg(EERD), putreg(SWSM), putreg(WUFC),
+ putreg(TDBAL), putreg(TDBAH), putreg(TXDCTL), putreg(RDBAH),
+ putreg(RDBAL), putreg(LEDCTL), putreg(VET),
+ [TDLEN] = set_dlen, [RDLEN] = set_dlen, [TCTL] = set_tctl,
+ [TDT] = set_tctl, [MDIC] = set_mdic, [ICS] = set_ics,
+ [TDH] = set_16bit, [RDH] = set_16bit, [RDT] = set_rdt,
+ [IMC] = set_imc, [IMS] = set_ims, [ICR] = set_icr,
+ [EECD] = set_eecd, [RCTL] = set_rx_control, [CTRL] = set_ctrl,
+ [RA ... RA+31] = &mac_writereg,
+ [MTA ... MTA+127] = &mac_writereg,
+ [VFTA ... VFTA+127] = &mac_writereg,
+};
+
+enum { NWRITEOPS = ARRAY_SIZE(macreg_writeops) };
+
+static void
+e1000_mmio_write(void *opaque, hwaddr addr, uint64_t val,
+ unsigned size)
+{
+ E1000State *s = opaque;
+ unsigned int index = (addr & 0x1ffff) >> 2;
+
+ if (index < NWRITEOPS && macreg_writeops[index]) {
+ macreg_writeops[index](s, index, val);
+ } else if (index < NREADOPS && macreg_readops[index]) {
+ DBGOUT(MMIO, "e1000_mmio_writel RO %x: 0x%04"PRIx64"\n", index<<2, val);
+ } else {
+ DBGOUT(UNKNOWN, "MMIO unknown write addr=0x%08x,val=0x%08"PRIx64"\n",
+ index<<2, val);
+ }
+}
+
+static uint64_t
+e1000_mmio_read(void *opaque, hwaddr addr, unsigned size)
+{
+ E1000State *s = opaque;
+ unsigned int index = (addr & 0x1ffff) >> 2;
+
+ if (index < NREADOPS && macreg_readops[index])
+ {
+ return macreg_readops[index](s, index);
+ }
+ DBGOUT(UNKNOWN, "MMIO unknown read addr=0x%08x\n", index<<2);
+ return 0;
+}
+
+static const MemoryRegionOps e1000_mmio_ops = {
+ .read = e1000_mmio_read,
+ .write = e1000_mmio_write,
+ .endianness = DEVICE_LITTLE_ENDIAN,
+ .impl = {
+ .min_access_size = 4,
+ .max_access_size = 4,
+ },
+};
+
+static uint64_t e1000_io_read(void *opaque, hwaddr addr,
+ unsigned size)
+{
+ E1000State *s = opaque;
+
+ (void)s;
+ return 0;
+}
+
+static void e1000_io_write(void *opaque, hwaddr addr,
+ uint64_t val, unsigned size)
+{
+ E1000State *s = opaque;
+
+ (void)s;
+}
+
+static const MemoryRegionOps e1000_io_ops = {
+ .read = e1000_io_read,
+ .write = e1000_io_write,
+ .endianness = DEVICE_LITTLE_ENDIAN,
+};
+
+static bool is_version_1(void *opaque, int version_id)
+{
+ return version_id == 1;
+}
+
+static void e1000_pre_save(void *opaque)
+{
+ E1000State *s = opaque;
+ NetClientState *nc = qemu_get_queue(s->nic);
+
+ if (!(s->compat_flags & E1000_FLAG_AUTONEG)) {
+ return;
+ }
+
+ /*
+ * If link is down and auto-negotiation is ongoing, complete
+ * auto-negotiation immediately. This allows is to look at
+ * MII_SR_AUTONEG_COMPLETE to infer link status on load.
+ */
+ if (nc->link_down &&
+ s->phy_reg[PHY_CTRL] & MII_CR_AUTO_NEG_EN &&
+ s->phy_reg[PHY_CTRL] & MII_CR_RESTART_AUTO_NEG) {
+ s->phy_reg[PHY_STATUS] |= MII_SR_AUTONEG_COMPLETE;
+ }
+}
+
+static int e1000_post_load(void *opaque, int version_id)
+{
+ E1000State *s = opaque;
+ NetClientState *nc = qemu_get_queue(s->nic);
+
+ /* nc.link_down can't be migrated, so infer link_down according
+ * to link status bit in mac_reg[STATUS].
+ * Alternatively, restart link negotiation if it was in progress. */
+ nc->link_down = (s->mac_reg[STATUS] & E1000_STATUS_LU) == 0;
+
+ if (!(s->compat_flags & E1000_FLAG_AUTONEG)) {
+ return 0;
+ }
+
+ if (s->phy_reg[PHY_CTRL] & MII_CR_AUTO_NEG_EN &&
+ s->phy_reg[PHY_CTRL] & MII_CR_RESTART_AUTO_NEG &&
+ !(s->phy_reg[PHY_STATUS] & MII_SR_AUTONEG_COMPLETE)) {
+ nc->link_down = false;
+ qemu_mod_timer(s->autoneg_timer, qemu_get_clock_ms(vm_clock) + 500);
+ }
+
+ return 0;
+}
+
+static const VMStateDescription vmstate_e1000 = {
+ .name = "e1000",
+ .version_id = 2,
+ .minimum_version_id = 1,
+ .minimum_version_id_old = 1,
+ .pre_save = e1000_pre_save,
+ .post_load = e1000_post_load,
+ .fields = (VMStateField []) {
+ VMSTATE_PCI_DEVICE(parent_obj, E1000State),
+ VMSTATE_UNUSED_TEST(is_version_1, 4), /* was instance id */
+ VMSTATE_UNUSED(4), /* Was mmio_base. */
+ VMSTATE_UINT32(rxbuf_size, E1000State),
+ VMSTATE_UINT32(rxbuf_min_shift, E1000State),
+ VMSTATE_UINT32(eecd_state.val_in, E1000State),
+ VMSTATE_UINT16(eecd_state.bitnum_in, E1000State),
+ VMSTATE_UINT16(eecd_state.bitnum_out, E1000State),
+ VMSTATE_UINT16(eecd_state.reading, E1000State),
+ VMSTATE_UINT32(eecd_state.old_eecd, E1000State),
+ VMSTATE_UINT8(tx.ipcss, E1000State),
+ VMSTATE_UINT8(tx.ipcso, E1000State),
+ VMSTATE_UINT16(tx.ipcse, E1000State),
+ VMSTATE_UINT8(tx.tucss, E1000State),
+ VMSTATE_UINT8(tx.tucso, E1000State),
+ VMSTATE_UINT16(tx.tucse, E1000State),
+ VMSTATE_UINT32(tx.paylen, E1000State),
+ VMSTATE_UINT8(tx.hdr_len, E1000State),
+ VMSTATE_UINT16(tx.mss, E1000State),
+ VMSTATE_UINT16(tx.size, E1000State),
+ VMSTATE_UINT16(tx.tso_frames, E1000State),
+ VMSTATE_UINT8(tx.sum_needed, E1000State),
+ VMSTATE_INT8(tx.ip, E1000State),
+ VMSTATE_INT8(tx.tcp, E1000State),
+ VMSTATE_BUFFER(tx.header, E1000State),
+ VMSTATE_BUFFER(tx.data, E1000State),
+ VMSTATE_UINT16_ARRAY(eeprom_data, E1000State, 64),
+ VMSTATE_UINT16_ARRAY(phy_reg, E1000State, 0x20),
+ VMSTATE_UINT32(mac_reg[CTRL], E1000State),
+ VMSTATE_UINT32(mac_reg[EECD], E1000State),
+ VMSTATE_UINT32(mac_reg[EERD], E1000State),
+ VMSTATE_UINT32(mac_reg[GPRC], E1000State),
+ VMSTATE_UINT32(mac_reg[GPTC], E1000State),
+ VMSTATE_UINT32(mac_reg[ICR], E1000State),
+ VMSTATE_UINT32(mac_reg[ICS], E1000State),
+ VMSTATE_UINT32(mac_reg[IMC], E1000State),
+ VMSTATE_UINT32(mac_reg[IMS], E1000State),
+ VMSTATE_UINT32(mac_reg[LEDCTL], E1000State),
+ VMSTATE_UINT32(mac_reg[MANC], E1000State),
+ VMSTATE_UINT32(mac_reg[MDIC], E1000State),
+ VMSTATE_UINT32(mac_reg[MPC], E1000State),
+ VMSTATE_UINT32(mac_reg[PBA], E1000State),
+ VMSTATE_UINT32(mac_reg[RCTL], E1000State),
+ VMSTATE_UINT32(mac_reg[RDBAH], E1000State),
+ VMSTATE_UINT32(mac_reg[RDBAL], E1000State),
+ VMSTATE_UINT32(mac_reg[RDH], E1000State),
+ VMSTATE_UINT32(mac_reg[RDLEN], E1000State),
+ VMSTATE_UINT32(mac_reg[RDT], E1000State),
+ VMSTATE_UINT32(mac_reg[STATUS], E1000State),
+ VMSTATE_UINT32(mac_reg[SWSM], E1000State),
+ VMSTATE_UINT32(mac_reg[TCTL], E1000State),
+ VMSTATE_UINT32(mac_reg[TDBAH], E1000State),
+ VMSTATE_UINT32(mac_reg[TDBAL], E1000State),
+ VMSTATE_UINT32(mac_reg[TDH], E1000State),
+ VMSTATE_UINT32(mac_reg[TDLEN], E1000State),
+ VMSTATE_UINT32(mac_reg[TDT], E1000State),
+ VMSTATE_UINT32(mac_reg[TORH], E1000State),
+ VMSTATE_UINT32(mac_reg[TORL], E1000State),
+ VMSTATE_UINT32(mac_reg[TOTH], E1000State),
+ VMSTATE_UINT32(mac_reg[TOTL], E1000State),
+ VMSTATE_UINT32(mac_reg[TPR], E1000State),
+ VMSTATE_UINT32(mac_reg[TPT], E1000State),
+ VMSTATE_UINT32(mac_reg[TXDCTL], E1000State),
+ VMSTATE_UINT32(mac_reg[WUFC], E1000State),
+ VMSTATE_UINT32(mac_reg[VET], E1000State),
+ VMSTATE_UINT32_SUB_ARRAY(mac_reg, E1000State, RA, 32),
+ VMSTATE_UINT32_SUB_ARRAY(mac_reg, E1000State, MTA, 128),
+ VMSTATE_UINT32_SUB_ARRAY(mac_reg, E1000State, VFTA, 128),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+static const uint16_t e1000_eeprom_template[64] = {
+ 0x0000, 0x0000, 0x0000, 0x0000, 0xffff, 0x0000, 0x0000, 0x0000,
+ 0x3000, 0x1000, 0x6403, E1000_DEVID, 0x8086, E1000_DEVID, 0x8086, 0x3040,
+ 0x0008, 0x2000, 0x7e14, 0x0048, 0x1000, 0x00d8, 0x0000, 0x2700,
+ 0x6cc9, 0x3150, 0x0722, 0x040b, 0x0984, 0x0000, 0xc000, 0x0706,
+ 0x1008, 0x0000, 0x0f04, 0x7fff, 0x4d01, 0xffff, 0xffff, 0xffff,
+ 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff,
+ 0x0100, 0x4000, 0x121c, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff,
+ 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0x0000,
+};
+
+/* PCI interface */
+
+static void
+e1000_mmio_setup(E1000State *d)
+{
+ int i;
+ const uint32_t excluded_regs[] = {
+ E1000_MDIC, E1000_ICR, E1000_ICS, E1000_IMS,
+ E1000_IMC, E1000_TCTL, E1000_TDT, PNPMMIO_SIZE
+ };
+
+ memory_region_init_io(&d->mmio, OBJECT(d), &e1000_mmio_ops, d,
+ "e1000-mmio", PNPMMIO_SIZE);
+ memory_region_add_coalescing(&d->mmio, 0, excluded_regs[0]);
+ for (i = 0; excluded_regs[i] != PNPMMIO_SIZE; i++)
+ memory_region_add_coalescing(&d->mmio, excluded_regs[i] + 4,
+ excluded_regs[i+1] - excluded_regs[i] - 4);
+ memory_region_init_io(&d->io, OBJECT(d), &e1000_io_ops, d, "e1000-io", IOPORT_SIZE);
+}
+
+static void
+e1000_cleanup(NetClientState *nc)
+{
+ E1000State *s = qemu_get_nic_opaque(nc);
+
+ s->nic = NULL;
+}
+
+static void
+pci_e1000_uninit(PCIDevice *dev)
+{
+ E1000State *d = E1000(dev);
+
+ qemu_del_timer(d->autoneg_timer);
+ qemu_free_timer(d->autoneg_timer);
+ memory_region_destroy(&d->mmio);
+ memory_region_destroy(&d->io);
+ qemu_del_nic(d->nic);
+}
+
+static NetClientInfo net_e1000_info = {
+ .type = NET_CLIENT_OPTIONS_KIND_NIC,
+ .size = sizeof(NICState),
+ .can_receive = e1000_can_receive,
+ .receive = e1000_receive,
+ .cleanup = e1000_cleanup,
+ .link_status_changed = e1000_set_link_status,
+};
+
+static int pci_e1000_init(PCIDevice *pci_dev)
+{
+ DeviceState *dev = DEVICE(pci_dev);
+ E1000State *d = E1000(pci_dev);
+ uint8_t *pci_conf;
+ uint16_t checksum = 0;
+ int i;
+ uint8_t *macaddr;
+
+ pci_conf = pci_dev->config;
+
+ /* TODO: RST# value should be 0, PCI spec 6.2.4 */
+ pci_conf[PCI_CACHE_LINE_SIZE] = 0x10;
+
+ pci_conf[PCI_INTERRUPT_PIN] = 1; /* interrupt pin A */
+
+ e1000_mmio_setup(d);
+
+ pci_register_bar(pci_dev, 0, PCI_BASE_ADDRESS_SPACE_MEMORY, &d->mmio);
+
+ pci_register_bar(pci_dev, 1, PCI_BASE_ADDRESS_SPACE_IO, &d->io);
+
+ memmove(d->eeprom_data, e1000_eeprom_template,
+ sizeof e1000_eeprom_template);
+ qemu_macaddr_default_if_unset(&d->conf.macaddr);
+ macaddr = d->conf.macaddr.a;
+ for (i = 0; i < 3; i++)
+ d->eeprom_data[i] = (macaddr[2*i+1]<<8) | macaddr[2*i];
+ for (i = 0; i < EEPROM_CHECKSUM_REG; i++)
+ checksum += d->eeprom_data[i];
+ checksum = (uint16_t) EEPROM_SUM - checksum;
+ d->eeprom_data[EEPROM_CHECKSUM_REG] = checksum;
+
+ d->nic = qemu_new_nic(&net_e1000_info, &d->conf,
+ object_get_typename(OBJECT(d)), dev->id, d);
+
+ qemu_format_nic_info_str(qemu_get_queue(d->nic), macaddr);
+
+ add_boot_device_path(d->conf.bootindex, dev, "/ethernet-phy@0");
+
+ d->autoneg_timer = qemu_new_timer_ms(vm_clock, e1000_autoneg_timer, d);
+
+ return 0;
+}
+
+static void qdev_e1000_reset(DeviceState *dev)
+{
+ E1000State *d = E1000(dev);
+ e1000_reset(d);
+}
+
+static Property e1000_properties[] = {
+ DEFINE_NIC_PROPERTIES(E1000State, conf),
+ DEFINE_PROP_BIT("autonegotiation", E1000State,
+ compat_flags, E1000_FLAG_AUTONEG_BIT, true),
+ DEFINE_PROP_END_OF_LIST(),
+};
+
+static void e1000_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ PCIDeviceClass *k = PCI_DEVICE_CLASS(klass);
+
+ k->init = pci_e1000_init;
+ k->exit = pci_e1000_uninit;
+ k->romfile = "efi-e1000.rom";
+ k->vendor_id = PCI_VENDOR_ID_INTEL;
+ k->device_id = E1000_DEVID;
+ k->revision = 0x03;
+ k->class_id = PCI_CLASS_NETWORK_ETHERNET;
+ set_bit(DEVICE_CATEGORY_NETWORK, dc->categories);
+ dc->desc = "Intel Gigabit Ethernet";
+ dc->reset = qdev_e1000_reset;
+ dc->vmsd = &vmstate_e1000;
+ dc->props = e1000_properties;
+}
+
+static const TypeInfo e1000_info = {
+ .name = TYPE_E1000,
+ .parent = TYPE_PCI_DEVICE,
+ .instance_size = sizeof(E1000State),
+ .class_init = e1000_class_init,
+};
+
+static void e1000_register_types(void)
+{
+ type_register_static(&e1000_info);
+}
+
+type_init(e1000_register_types)
diff --git a/hw/e1000_hw.h b/hw/net/e1000_regs.h
index c9cb79e64..c9cb79e64 100644
--- a/hw/e1000_hw.h
+++ b/hw/net/e1000_regs.h
diff --git a/hw/net/eepro100.c b/hw/net/eepro100.c
new file mode 100644
index 000000000..ffa60d5c9
--- /dev/null
+++ b/hw/net/eepro100.c
@@ -0,0 +1,2116 @@
+/*
+ * QEMU i8255x (PRO100) emulation
+ *
+ * Copyright (C) 2006-2011 Stefan Weil
+ *
+ * Portions of the code are copies from grub / etherboot eepro100.c
+ * and linux e100.c.
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 2 of the License, or
+ * (at your option) version 3 or any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ *
+ * Tested features (i82559):
+ * PXE boot (i386 guest, i386 / mips / mipsel / ppc host) ok
+ * Linux networking (i386) ok
+ *
+ * Untested:
+ * Windows networking
+ *
+ * References:
+ *
+ * Intel 8255x 10/100 Mbps Ethernet Controller Family
+ * Open Source Software Developer Manual
+ *
+ * TODO:
+ * * PHY emulation should be separated from nic emulation.
+ * Most nic emulations could share the same phy code.
+ * * i82550 is untested. It is programmed like the i82559.
+ * * i82562 is untested. It is programmed like the i82559.
+ * * Power management (i82558 and later) is not implemented.
+ * * Wake-on-LAN is not implemented.
+ */
+
+#include <stddef.h> /* offsetof */
+#include "hw/hw.h"
+#include "hw/pci/pci.h"
+#include "net/net.h"
+#include "hw/nvram/eeprom93xx.h"
+#include "sysemu/sysemu.h"
+#include "sysemu/dma.h"
+#include "qemu/bitops.h"
+
+/* QEMU sends frames smaller than 60 bytes to ethernet nics.
+ * Such frames are rejected by real nics and their emulations.
+ * To avoid this behaviour, other nic emulations pad received
+ * frames. The following definition enables this padding for
+ * eepro100, too. We keep the define around in case it might
+ * become useful the future if the core networking is ever
+ * changed to pad short packets itself. */
+#define CONFIG_PAD_RECEIVED_FRAMES
+
+#define KiB 1024
+
+/* Debug EEPRO100 card. */
+#if 0
+# define DEBUG_EEPRO100
+#endif
+
+#ifdef DEBUG_EEPRO100
+#define logout(fmt, ...) fprintf(stderr, "EE100\t%-24s" fmt, __func__, ## __VA_ARGS__)
+#else
+#define logout(fmt, ...) ((void)0)
+#endif
+
+/* Set flags to 0 to disable debug output. */
+#define INT 1 /* interrupt related actions */
+#define MDI 1 /* mdi related actions */
+#define OTHER 1
+#define RXTX 1
+#define EEPROM 1 /* eeprom related actions */
+
+#define TRACE(flag, command) ((flag) ? (command) : (void)0)
+
+#define missing(text) fprintf(stderr, "eepro100: feature is missing in this emulation: " text "\n")
+
+#define MAX_ETH_FRAME_SIZE 1514
+
+/* This driver supports several different devices which are declared here. */
+#define i82550 0x82550
+#define i82551 0x82551
+#define i82557A 0x82557a
+#define i82557B 0x82557b
+#define i82557C 0x82557c
+#define i82558A 0x82558a
+#define i82558B 0x82558b
+#define i82559A 0x82559a
+#define i82559B 0x82559b
+#define i82559C 0x82559c
+#define i82559ER 0x82559e
+#define i82562 0x82562
+#define i82801 0x82801
+
+/* Use 64 word EEPROM. TODO: could be a runtime option. */
+#define EEPROM_SIZE 64
+
+#define PCI_MEM_SIZE (4 * KiB)
+#define PCI_IO_SIZE 64
+#define PCI_FLASH_SIZE (128 * KiB)
+
+#define BITS(n, m) (((0xffffffffU << (31 - n)) >> (31 - n + m)) << m)
+
+/* The SCB accepts the following controls for the Tx and Rx units: */
+#define CU_NOP 0x0000 /* No operation. */
+#define CU_START 0x0010 /* CU start. */
+#define CU_RESUME 0x0020 /* CU resume. */
+#define CU_STATSADDR 0x0040 /* Load dump counters address. */
+#define CU_SHOWSTATS 0x0050 /* Dump statistical counters. */
+#define CU_CMD_BASE 0x0060 /* Load CU base address. */
+#define CU_DUMPSTATS 0x0070 /* Dump and reset statistical counters. */
+#define CU_SRESUME 0x00a0 /* CU static resume. */
+
+#define RU_NOP 0x0000
+#define RX_START 0x0001
+#define RX_RESUME 0x0002
+#define RU_ABORT 0x0004
+#define RX_ADDR_LOAD 0x0006
+#define RX_RESUMENR 0x0007
+#define INT_MASK 0x0100
+#define DRVR_INT 0x0200 /* Driver generated interrupt. */
+
+typedef struct {
+ const char *name;
+ const char *desc;
+ uint16_t device_id;
+ uint8_t revision;
+ uint16_t subsystem_vendor_id;
+ uint16_t subsystem_id;
+
+ uint32_t device;
+ uint8_t stats_size;
+ bool has_extended_tcb_support;
+ bool power_management;
+} E100PCIDeviceInfo;
+
+/* Offsets to the various registers.
+ All accesses need not be longword aligned. */
+typedef enum {
+ SCBStatus = 0, /* Status Word. */
+ SCBAck = 1,
+ SCBCmd = 2, /* Rx/Command Unit command and status. */
+ SCBIntmask = 3,
+ SCBPointer = 4, /* General purpose pointer. */
+ SCBPort = 8, /* Misc. commands and operands. */
+ SCBflash = 12, /* Flash memory control. */
+ SCBeeprom = 14, /* EEPROM control. */
+ SCBCtrlMDI = 16, /* MDI interface control. */
+ SCBEarlyRx = 20, /* Early receive byte count. */
+ SCBFlow = 24, /* Flow Control. */
+ SCBpmdr = 27, /* Power Management Driver. */
+ SCBgctrl = 28, /* General Control. */
+ SCBgstat = 29, /* General Status. */
+} E100RegisterOffset;
+
+/* A speedo3 transmit buffer descriptor with two buffers... */
+typedef struct {
+ uint16_t status;
+ uint16_t command;
+ uint32_t link; /* void * */
+ uint32_t tbd_array_addr; /* transmit buffer descriptor array address. */
+ uint16_t tcb_bytes; /* transmit command block byte count (in lower 14 bits */
+ uint8_t tx_threshold; /* transmit threshold */
+ uint8_t tbd_count; /* TBD number */
+#if 0
+ /* This constitutes two "TBD" entries: hdr and data */
+ uint32_t tx_buf_addr0; /* void *, header of frame to be transmitted. */
+ int32_t tx_buf_size0; /* Length of Tx hdr. */
+ uint32_t tx_buf_addr1; /* void *, data to be transmitted. */
+ int32_t tx_buf_size1; /* Length of Tx data. */
+#endif
+} eepro100_tx_t;
+
+/* Receive frame descriptor. */
+typedef struct {
+ int16_t status;
+ uint16_t command;
+ uint32_t link; /* struct RxFD * */
+ uint32_t rx_buf_addr; /* void * */
+ uint16_t count;
+ uint16_t size;
+ /* Ethernet frame data follows. */
+} eepro100_rx_t;
+
+typedef enum {
+ COMMAND_EL = BIT(15),
+ COMMAND_S = BIT(14),
+ COMMAND_I = BIT(13),
+ COMMAND_NC = BIT(4),
+ COMMAND_SF = BIT(3),
+ COMMAND_CMD = BITS(2, 0),
+} scb_command_bit;
+
+typedef enum {
+ STATUS_C = BIT(15),
+ STATUS_OK = BIT(13),
+} scb_status_bit;
+
+typedef struct {
+ uint32_t tx_good_frames, tx_max_collisions, tx_late_collisions,
+ tx_underruns, tx_lost_crs, tx_deferred, tx_single_collisions,
+ tx_multiple_collisions, tx_total_collisions;
+ uint32_t rx_good_frames, rx_crc_errors, rx_alignment_errors,
+ rx_resource_errors, rx_overrun_errors, rx_cdt_errors,
+ rx_short_frame_errors;
+ uint32_t fc_xmt_pause, fc_rcv_pause, fc_rcv_unsupported;
+ uint16_t xmt_tco_frames, rcv_tco_frames;
+ /* TODO: i82559 has six reserved statistics but a total of 24 dwords. */
+ uint32_t reserved[4];
+} eepro100_stats_t;
+
+typedef enum {
+ cu_idle = 0,
+ cu_suspended = 1,
+ cu_active = 2,
+ cu_lpq_active = 2,
+ cu_hqp_active = 3
+} cu_state_t;
+
+typedef enum {
+ ru_idle = 0,
+ ru_suspended = 1,
+ ru_no_resources = 2,
+ ru_ready = 4
+} ru_state_t;
+
+typedef struct {
+ PCIDevice dev;
+ /* Hash register (multicast mask array, multiple individual addresses). */
+ uint8_t mult[8];
+ MemoryRegion mmio_bar;
+ MemoryRegion io_bar;
+ MemoryRegion flash_bar;
+ NICState *nic;
+ NICConf conf;
+ uint8_t scb_stat; /* SCB stat/ack byte */
+ uint8_t int_stat; /* PCI interrupt status */
+ /* region must not be saved by nic_save. */
+ uint16_t mdimem[32];
+ eeprom_t *eeprom;
+ uint32_t device; /* device variant */
+ /* (cu_base + cu_offset) address the next command block in the command block list. */
+ uint32_t cu_base; /* CU base address */
+ uint32_t cu_offset; /* CU address offset */
+ /* (ru_base + ru_offset) address the RFD in the Receive Frame Area. */
+ uint32_t ru_base; /* RU base address */
+ uint32_t ru_offset; /* RU address offset */
+ uint32_t statsaddr; /* pointer to eepro100_stats_t */
+
+ /* Temporary status information (no need to save these values),
+ * used while processing CU commands. */
+ eepro100_tx_t tx; /* transmit buffer descriptor */
+ uint32_t cb_address; /* = cu_base + cu_offset */
+
+ /* Statistical counters. Also used for wake-up packet (i82559). */
+ eepro100_stats_t statistics;
+
+ /* Data in mem is always in the byte order of the controller (le).
+ * It must be dword aligned to allow direct access to 32 bit values. */
+ uint8_t mem[PCI_MEM_SIZE] __attribute__((aligned(8)));
+
+ /* Configuration bytes. */
+ uint8_t configuration[22];
+
+ /* vmstate for each particular nic */
+ VMStateDescription *vmstate;
+
+ /* Quasi static device properties (no need to save them). */
+ uint16_t stats_size;
+ bool has_extended_tcb_support;
+} EEPRO100State;
+
+/* Word indices in EEPROM. */
+typedef enum {
+ EEPROM_CNFG_MDIX = 0x03,
+ EEPROM_ID = 0x05,
+ EEPROM_PHY_ID = 0x06,
+ EEPROM_VENDOR_ID = 0x0c,
+ EEPROM_CONFIG_ASF = 0x0d,
+ EEPROM_DEVICE_ID = 0x23,
+ EEPROM_SMBUS_ADDR = 0x90,
+} EEPROMOffset;
+
+/* Bit values for EEPROM ID word. */
+typedef enum {
+ EEPROM_ID_MDM = BIT(0), /* Modem */
+ EEPROM_ID_STB = BIT(1), /* Standby Enable */
+ EEPROM_ID_WMR = BIT(2), /* ??? */
+ EEPROM_ID_WOL = BIT(5), /* Wake on LAN */
+ EEPROM_ID_DPD = BIT(6), /* Deep Power Down */
+ EEPROM_ID_ALT = BIT(7), /* */
+ /* BITS(10, 8) device revision */
+ EEPROM_ID_BD = BIT(11), /* boot disable */
+ EEPROM_ID_ID = BIT(13), /* id bit */
+ /* BITS(15, 14) signature */
+ EEPROM_ID_VALID = BIT(14), /* signature for valid eeprom */
+} eeprom_id_bit;
+
+/* Default values for MDI (PHY) registers */
+static const uint16_t eepro100_mdi_default[] = {
+ /* MDI Registers 0 - 6, 7 */
+ 0x3000, 0x780d, 0x02a8, 0x0154, 0x05e1, 0x0000, 0x0000, 0x0000,
+ /* MDI Registers 8 - 15 */
+ 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000,
+ /* MDI Registers 16 - 31 */
+ 0x0003, 0x0000, 0x0001, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000,
+ 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000,
+};
+
+/* Readonly mask for MDI (PHY) registers */
+static const uint16_t eepro100_mdi_mask[] = {
+ 0x0000, 0xffff, 0xffff, 0xffff, 0xc01f, 0xffff, 0xffff, 0x0000,
+ 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000,
+ 0x0fff, 0x0000, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff,
+ 0xffff, 0xffff, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000,
+};
+
+#define POLYNOMIAL 0x04c11db6
+
+static E100PCIDeviceInfo *eepro100_get_class(EEPRO100State *s);
+
+/* From FreeBSD (locally modified). */
+static unsigned e100_compute_mcast_idx(const uint8_t *ep)
+{
+ uint32_t crc;
+ int carry, i, j;
+ uint8_t b;
+
+ crc = 0xffffffff;
+ for (i = 0; i < 6; i++) {
+ b = *ep++;
+ for (j = 0; j < 8; j++) {
+ carry = ((crc & 0x80000000L) ? 1 : 0) ^ (b & 0x01);
+ crc <<= 1;
+ b >>= 1;
+ if (carry) {
+ crc = ((crc ^ POLYNOMIAL) | carry);
+ }
+ }
+ }
+ return (crc & BITS(7, 2)) >> 2;
+}
+
+/* Read a 16 bit control/status (CSR) register. */
+static uint16_t e100_read_reg2(EEPRO100State *s, E100RegisterOffset addr)
+{
+ assert(!((uintptr_t)&s->mem[addr] & 1));
+ return le16_to_cpup((uint16_t *)&s->mem[addr]);
+}
+
+/* Read a 32 bit control/status (CSR) register. */
+static uint32_t e100_read_reg4(EEPRO100State *s, E100RegisterOffset addr)
+{
+ assert(!((uintptr_t)&s->mem[addr] & 3));
+ return le32_to_cpup((uint32_t *)&s->mem[addr]);
+}
+
+/* Write a 16 bit control/status (CSR) register. */
+static void e100_write_reg2(EEPRO100State *s, E100RegisterOffset addr,
+ uint16_t val)
+{
+ assert(!((uintptr_t)&s->mem[addr] & 1));
+ cpu_to_le16w((uint16_t *)&s->mem[addr], val);
+}
+
+/* Read a 32 bit control/status (CSR) register. */
+static void e100_write_reg4(EEPRO100State *s, E100RegisterOffset addr,
+ uint32_t val)
+{
+ assert(!((uintptr_t)&s->mem[addr] & 3));
+ cpu_to_le32w((uint32_t *)&s->mem[addr], val);
+}
+
+#if defined(DEBUG_EEPRO100)
+static const char *nic_dump(const uint8_t * buf, unsigned size)
+{
+ static char dump[3 * 16 + 1];
+ char *p = &dump[0];
+ if (size > 16) {
+ size = 16;
+ }
+ while (size-- > 0) {
+ p += sprintf(p, " %02x", *buf++);
+ }
+ return dump;
+}
+#endif /* DEBUG_EEPRO100 */
+
+enum scb_stat_ack {
+ stat_ack_not_ours = 0x00,
+ stat_ack_sw_gen = 0x04,
+ stat_ack_rnr = 0x10,
+ stat_ack_cu_idle = 0x20,
+ stat_ack_frame_rx = 0x40,
+ stat_ack_cu_cmd_done = 0x80,
+ stat_ack_not_present = 0xFF,
+ stat_ack_rx = (stat_ack_sw_gen | stat_ack_rnr | stat_ack_frame_rx),
+ stat_ack_tx = (stat_ack_cu_idle | stat_ack_cu_cmd_done),
+};
+
+static void disable_interrupt(EEPRO100State * s)
+{
+ if (s->int_stat) {
+ TRACE(INT, logout("interrupt disabled\n"));
+ qemu_irq_lower(s->dev.irq[0]);
+ s->int_stat = 0;
+ }
+}
+
+static void enable_interrupt(EEPRO100State * s)
+{
+ if (!s->int_stat) {
+ TRACE(INT, logout("interrupt enabled\n"));
+ qemu_irq_raise(s->dev.irq[0]);
+ s->int_stat = 1;
+ }
+}
+
+static void eepro100_acknowledge(EEPRO100State * s)
+{
+ s->scb_stat &= ~s->mem[SCBAck];
+ s->mem[SCBAck] = s->scb_stat;
+ if (s->scb_stat == 0) {
+ disable_interrupt(s);
+ }
+}
+
+static void eepro100_interrupt(EEPRO100State * s, uint8_t status)
+{
+ uint8_t mask = ~s->mem[SCBIntmask];
+ s->mem[SCBAck] |= status;
+ status = s->scb_stat = s->mem[SCBAck];
+ status &= (mask | 0x0f);
+#if 0
+ status &= (~s->mem[SCBIntmask] | 0x0xf);
+#endif
+ if (status && (mask & 0x01)) {
+ /* SCB mask and SCB Bit M do not disable interrupt. */
+ enable_interrupt(s);
+ } else if (s->int_stat) {
+ disable_interrupt(s);
+ }
+}
+
+static void eepro100_cx_interrupt(EEPRO100State * s)
+{
+ /* CU completed action command. */
+ /* Transmit not ok (82557 only, not in emulation). */
+ eepro100_interrupt(s, 0x80);
+}
+
+static void eepro100_cna_interrupt(EEPRO100State * s)
+{
+ /* CU left the active state. */
+ eepro100_interrupt(s, 0x20);
+}
+
+static void eepro100_fr_interrupt(EEPRO100State * s)
+{
+ /* RU received a complete frame. */
+ eepro100_interrupt(s, 0x40);
+}
+
+static void eepro100_rnr_interrupt(EEPRO100State * s)
+{
+ /* RU is not ready. */
+ eepro100_interrupt(s, 0x10);
+}
+
+static void eepro100_mdi_interrupt(EEPRO100State * s)
+{
+ /* MDI completed read or write cycle. */
+ eepro100_interrupt(s, 0x08);
+}
+
+static void eepro100_swi_interrupt(EEPRO100State * s)
+{
+ /* Software has requested an interrupt. */
+ eepro100_interrupt(s, 0x04);
+}
+
+#if 0
+static void eepro100_fcp_interrupt(EEPRO100State * s)
+{
+ /* Flow control pause interrupt (82558 and later). */
+ eepro100_interrupt(s, 0x01);
+}
+#endif
+
+static void e100_pci_reset(EEPRO100State * s)
+{
+ E100PCIDeviceInfo *info = eepro100_get_class(s);
+ uint32_t device = s->device;
+ uint8_t *pci_conf = s->dev.config;
+
+ TRACE(OTHER, logout("%p\n", s));
+
+ /* PCI Status */
+ pci_set_word(pci_conf + PCI_STATUS, PCI_STATUS_DEVSEL_MEDIUM |
+ PCI_STATUS_FAST_BACK);
+ /* PCI Latency Timer */
+ pci_set_byte(pci_conf + PCI_LATENCY_TIMER, 0x20); /* latency timer = 32 clocks */
+ /* Capability Pointer is set by PCI framework. */
+ /* Interrupt Line */
+ /* Interrupt Pin */
+ pci_set_byte(pci_conf + PCI_INTERRUPT_PIN, 1); /* interrupt pin A */
+ /* Minimum Grant */
+ pci_set_byte(pci_conf + PCI_MIN_GNT, 0x08);
+ /* Maximum Latency */
+ pci_set_byte(pci_conf + PCI_MAX_LAT, 0x18);
+
+ s->stats_size = info->stats_size;
+ s->has_extended_tcb_support = info->has_extended_tcb_support;
+
+ switch (device) {
+ case i82550:
+ case i82551:
+ case i82557A:
+ case i82557B:
+ case i82557C:
+ case i82558A:
+ case i82558B:
+ case i82559A:
+ case i82559B:
+ case i82559ER:
+ case i82562:
+ case i82801:
+ case i82559C:
+ break;
+ default:
+ logout("Device %X is undefined!\n", device);
+ }
+
+ /* Standard TxCB. */
+ s->configuration[6] |= BIT(4);
+
+ /* Standard statistical counters. */
+ s->configuration[6] |= BIT(5);
+
+ if (s->stats_size == 80) {
+ /* TODO: check TCO Statistical Counters bit. Documentation not clear. */
+ if (s->configuration[6] & BIT(2)) {
+ /* TCO statistical counters. */
+ assert(s->configuration[6] & BIT(5));
+ } else {
+ if (s->configuration[6] & BIT(5)) {
+ /* No extended statistical counters, i82557 compatible. */
+ s->stats_size = 64;
+ } else {
+ /* i82558 compatible. */
+ s->stats_size = 76;
+ }
+ }
+ } else {
+ if (s->configuration[6] & BIT(5)) {
+ /* No extended statistical counters. */
+ s->stats_size = 64;
+ }
+ }
+ assert(s->stats_size > 0 && s->stats_size <= sizeof(s->statistics));
+
+ if (info->power_management) {
+ /* Power Management Capabilities */
+ int cfg_offset = 0xdc;
+ int r = pci_add_capability(&s->dev, PCI_CAP_ID_PM,
+ cfg_offset, PCI_PM_SIZEOF);
+ assert(r >= 0);
+ pci_set_word(pci_conf + cfg_offset + PCI_PM_PMC, 0x7e21);
+#if 0 /* TODO: replace dummy code for power management emulation. */
+ /* TODO: Power Management Control / Status. */
+ pci_set_word(pci_conf + cfg_offset + PCI_PM_CTRL, 0x0000);
+ /* TODO: Ethernet Power Consumption Registers (i82559 and later). */
+ pci_set_byte(pci_conf + cfg_offset + PCI_PM_PPB_EXTENSIONS, 0x0000);
+#endif
+ }
+
+#if EEPROM_SIZE > 0
+ if (device == i82557C || device == i82558B || device == i82559C) {
+ /*
+ TODO: get vendor id from EEPROM for i82557C or later.
+ TODO: get device id from EEPROM for i82557C or later.
+ TODO: status bit 4 can be disabled by EEPROM for i82558, i82559.
+ TODO: header type is determined by EEPROM for i82559.
+ TODO: get subsystem id from EEPROM for i82557C or later.
+ TODO: get subsystem vendor id from EEPROM for i82557C or later.
+ TODO: exp. rom baddr depends on a bit in EEPROM for i82558 or later.
+ TODO: capability pointer depends on EEPROM for i82558.
+ */
+ logout("Get device id and revision from EEPROM!!!\n");
+ }
+#endif /* EEPROM_SIZE > 0 */
+}
+
+static void nic_selective_reset(EEPRO100State * s)
+{
+ size_t i;
+ uint16_t *eeprom_contents = eeprom93xx_data(s->eeprom);
+#if 0
+ eeprom93xx_reset(s->eeprom);
+#endif
+ memcpy(eeprom_contents, s->conf.macaddr.a, 6);
+ eeprom_contents[EEPROM_ID] = EEPROM_ID_VALID;
+ if (s->device == i82557B || s->device == i82557C)
+ eeprom_contents[5] = 0x0100;
+ eeprom_contents[EEPROM_PHY_ID] = 1;
+ uint16_t sum = 0;
+ for (i = 0; i < EEPROM_SIZE - 1; i++) {
+ sum += eeprom_contents[i];
+ }
+ eeprom_contents[EEPROM_SIZE - 1] = 0xbaba - sum;
+ TRACE(EEPROM, logout("checksum=0x%04x\n", eeprom_contents[EEPROM_SIZE - 1]));
+
+ memset(s->mem, 0, sizeof(s->mem));
+ e100_write_reg4(s, SCBCtrlMDI, BIT(21));
+
+ assert(sizeof(s->mdimem) == sizeof(eepro100_mdi_default));
+ memcpy(&s->mdimem[0], &eepro100_mdi_default[0], sizeof(s->mdimem));
+}
+
+static void nic_reset(void *opaque)
+{
+ EEPRO100State *s = opaque;
+ TRACE(OTHER, logout("%p\n", s));
+ /* TODO: Clearing of hash register for selective reset, too? */
+ memset(&s->mult[0], 0, sizeof(s->mult));
+ nic_selective_reset(s);
+}
+
+#if defined(DEBUG_EEPRO100)
+static const char * const e100_reg[PCI_IO_SIZE / 4] = {
+ "Command/Status",
+ "General Pointer",
+ "Port",
+ "EEPROM/Flash Control",
+ "MDI Control",
+ "Receive DMA Byte Count",
+ "Flow Control",
+ "General Status/Control"
+};
+
+static char *regname(uint32_t addr)
+{
+ static char buf[32];
+ if (addr < PCI_IO_SIZE) {
+ const char *r = e100_reg[addr / 4];
+ if (r != 0) {
+ snprintf(buf, sizeof(buf), "%s+%u", r, addr % 4);
+ } else {
+ snprintf(buf, sizeof(buf), "0x%02x", addr);
+ }
+ } else {
+ snprintf(buf, sizeof(buf), "??? 0x%08x", addr);
+ }
+ return buf;
+}
+#endif /* DEBUG_EEPRO100 */
+
+/*****************************************************************************
+ *
+ * Command emulation.
+ *
+ ****************************************************************************/
+
+#if 0
+static uint16_t eepro100_read_command(EEPRO100State * s)
+{
+ uint16_t val = 0xffff;
+ TRACE(OTHER, logout("val=0x%04x\n", val));
+ return val;
+}
+#endif
+
+/* Commands that can be put in a command list entry. */
+enum commands {
+ CmdNOp = 0,
+ CmdIASetup = 1,
+ CmdConfigure = 2,
+ CmdMulticastList = 3,
+ CmdTx = 4,
+ CmdTDR = 5, /* load microcode */
+ CmdDump = 6,
+ CmdDiagnose = 7,
+
+ /* And some extra flags: */
+ CmdSuspend = 0x4000, /* Suspend after completion. */
+ CmdIntr = 0x2000, /* Interrupt after completion. */
+ CmdTxFlex = 0x0008, /* Use "Flexible mode" for CmdTx command. */
+};
+
+static cu_state_t get_cu_state(EEPRO100State * s)
+{
+ return ((s->mem[SCBStatus] & BITS(7, 6)) >> 6);
+}
+
+static void set_cu_state(EEPRO100State * s, cu_state_t state)
+{
+ s->mem[SCBStatus] = (s->mem[SCBStatus] & ~BITS(7, 6)) + (state << 6);
+}
+
+static ru_state_t get_ru_state(EEPRO100State * s)
+{
+ return ((s->mem[SCBStatus] & BITS(5, 2)) >> 2);
+}
+
+static void set_ru_state(EEPRO100State * s, ru_state_t state)
+{
+ s->mem[SCBStatus] = (s->mem[SCBStatus] & ~BITS(5, 2)) + (state << 2);
+}
+
+static void dump_statistics(EEPRO100State * s)
+{
+ /* Dump statistical data. Most data is never changed by the emulation
+ * and always 0, so we first just copy the whole block and then those
+ * values which really matter.
+ * Number of data should check configuration!!!
+ */
+ pci_dma_write(&s->dev, s->statsaddr, &s->statistics, s->stats_size);
+ stl_le_pci_dma(&s->dev, s->statsaddr + 0,
+ s->statistics.tx_good_frames);
+ stl_le_pci_dma(&s->dev, s->statsaddr + 36,
+ s->statistics.rx_good_frames);
+ stl_le_pci_dma(&s->dev, s->statsaddr + 48,
+ s->statistics.rx_resource_errors);
+ stl_le_pci_dma(&s->dev, s->statsaddr + 60,
+ s->statistics.rx_short_frame_errors);
+#if 0
+ stw_le_pci_dma(&s->dev, s->statsaddr + 76, s->statistics.xmt_tco_frames);
+ stw_le_pci_dma(&s->dev, s->statsaddr + 78, s->statistics.rcv_tco_frames);
+ missing("CU dump statistical counters");
+#endif
+}
+
+static void read_cb(EEPRO100State *s)
+{
+ pci_dma_read(&s->dev, s->cb_address, &s->tx, sizeof(s->tx));
+ s->tx.status = le16_to_cpu(s->tx.status);
+ s->tx.command = le16_to_cpu(s->tx.command);
+ s->tx.link = le32_to_cpu(s->tx.link);
+ s->tx.tbd_array_addr = le32_to_cpu(s->tx.tbd_array_addr);
+ s->tx.tcb_bytes = le16_to_cpu(s->tx.tcb_bytes);
+}
+
+static void tx_command(EEPRO100State *s)
+{
+ uint32_t tbd_array = le32_to_cpu(s->tx.tbd_array_addr);
+ uint16_t tcb_bytes = (le16_to_cpu(s->tx.tcb_bytes) & 0x3fff);
+ /* Sends larger than MAX_ETH_FRAME_SIZE are allowed, up to 2600 bytes. */
+ uint8_t buf[2600];
+ uint16_t size = 0;
+ uint32_t tbd_address = s->cb_address + 0x10;
+ TRACE(RXTX, logout
+ ("transmit, TBD array address 0x%08x, TCB byte count 0x%04x, TBD count %u\n",
+ tbd_array, tcb_bytes, s->tx.tbd_count));
+
+ if (tcb_bytes > 2600) {
+ logout("TCB byte count too large, using 2600\n");
+ tcb_bytes = 2600;
+ }
+ if (!((tcb_bytes > 0) || (tbd_array != 0xffffffff))) {
+ logout
+ ("illegal values of TBD array address and TCB byte count!\n");
+ }
+ assert(tcb_bytes <= sizeof(buf));
+ while (size < tcb_bytes) {
+ uint32_t tx_buffer_address = ldl_le_pci_dma(&s->dev, tbd_address);
+ uint16_t tx_buffer_size = lduw_le_pci_dma(&s->dev, tbd_address + 4);
+#if 0
+ uint16_t tx_buffer_el = lduw_le_pci_dma(&s->dev, tbd_address + 6);
+#endif
+ tbd_address += 8;
+ TRACE(RXTX, logout
+ ("TBD (simplified mode): buffer address 0x%08x, size 0x%04x\n",
+ tx_buffer_address, tx_buffer_size));
+ tx_buffer_size = MIN(tx_buffer_size, sizeof(buf) - size);
+ pci_dma_read(&s->dev, tx_buffer_address, &buf[size], tx_buffer_size);
+ size += tx_buffer_size;
+ }
+ if (tbd_array == 0xffffffff) {
+ /* Simplified mode. Was already handled by code above. */
+ } else {
+ /* Flexible mode. */
+ uint8_t tbd_count = 0;
+ if (s->has_extended_tcb_support && !(s->configuration[6] & BIT(4))) {
+ /* Extended Flexible TCB. */
+ for (; tbd_count < 2; tbd_count++) {
+ uint32_t tx_buffer_address = ldl_le_pci_dma(&s->dev,
+ tbd_address);
+ uint16_t tx_buffer_size = lduw_le_pci_dma(&s->dev,
+ tbd_address + 4);
+ uint16_t tx_buffer_el = lduw_le_pci_dma(&s->dev,
+ tbd_address + 6);
+ tbd_address += 8;
+ TRACE(RXTX, logout
+ ("TBD (extended flexible mode): buffer address 0x%08x, size 0x%04x\n",
+ tx_buffer_address, tx_buffer_size));
+ tx_buffer_size = MIN(tx_buffer_size, sizeof(buf) - size);
+ pci_dma_read(&s->dev, tx_buffer_address,
+ &buf[size], tx_buffer_size);
+ size += tx_buffer_size;
+ if (tx_buffer_el & 1) {
+ break;
+ }
+ }
+ }
+ tbd_address = tbd_array;
+ for (; tbd_count < s->tx.tbd_count; tbd_count++) {
+ uint32_t tx_buffer_address = ldl_le_pci_dma(&s->dev, tbd_address);
+ uint16_t tx_buffer_size = lduw_le_pci_dma(&s->dev, tbd_address + 4);
+ uint16_t tx_buffer_el = lduw_le_pci_dma(&s->dev, tbd_address + 6);
+ tbd_address += 8;
+ TRACE(RXTX, logout
+ ("TBD (flexible mode): buffer address 0x%08x, size 0x%04x\n",
+ tx_buffer_address, tx_buffer_size));
+ tx_buffer_size = MIN(tx_buffer_size, sizeof(buf) - size);
+ pci_dma_read(&s->dev, tx_buffer_address,
+ &buf[size], tx_buffer_size);
+ size += tx_buffer_size;
+ if (tx_buffer_el & 1) {
+ break;
+ }
+ }
+ }
+ TRACE(RXTX, logout("%p sending frame, len=%d,%s\n", s, size, nic_dump(buf, size)));
+ qemu_send_packet(qemu_get_queue(s->nic), buf, size);
+ s->statistics.tx_good_frames++;
+ /* Transmit with bad status would raise an CX/TNO interrupt.
+ * (82557 only). Emulation never has bad status. */
+#if 0
+ eepro100_cx_interrupt(s);
+#endif
+}
+
+static void set_multicast_list(EEPRO100State *s)
+{
+ uint16_t multicast_count = s->tx.tbd_array_addr & BITS(13, 0);
+ uint16_t i;
+ memset(&s->mult[0], 0, sizeof(s->mult));
+ TRACE(OTHER, logout("multicast list, multicast count = %u\n", multicast_count));
+ for (i = 0; i < multicast_count; i += 6) {
+ uint8_t multicast_addr[6];
+ pci_dma_read(&s->dev, s->cb_address + 10 + i, multicast_addr, 6);
+ TRACE(OTHER, logout("multicast entry %s\n", nic_dump(multicast_addr, 6)));
+ unsigned mcast_idx = e100_compute_mcast_idx(multicast_addr);
+ assert(mcast_idx < 64);
+ s->mult[mcast_idx >> 3] |= (1 << (mcast_idx & 7));
+ }
+}
+
+static void action_command(EEPRO100State *s)
+{
+ for (;;) {
+ bool bit_el;
+ bool bit_s;
+ bool bit_i;
+ bool bit_nc;
+ uint16_t ok_status = STATUS_OK;
+ s->cb_address = s->cu_base + s->cu_offset;
+ read_cb(s);
+ bit_el = ((s->tx.command & COMMAND_EL) != 0);
+ bit_s = ((s->tx.command & COMMAND_S) != 0);
+ bit_i = ((s->tx.command & COMMAND_I) != 0);
+ bit_nc = ((s->tx.command & COMMAND_NC) != 0);
+#if 0
+ bool bit_sf = ((s->tx.command & COMMAND_SF) != 0);
+#endif
+ s->cu_offset = s->tx.link;
+ TRACE(OTHER,
+ logout("val=(cu start), status=0x%04x, command=0x%04x, link=0x%08x\n",
+ s->tx.status, s->tx.command, s->tx.link));
+ switch (s->tx.command & COMMAND_CMD) {
+ case CmdNOp:
+ /* Do nothing. */
+ break;
+ case CmdIASetup:
+ pci_dma_read(&s->dev, s->cb_address + 8, &s->conf.macaddr.a[0], 6);
+ TRACE(OTHER, logout("macaddr: %s\n", nic_dump(&s->conf.macaddr.a[0], 6)));
+ break;
+ case CmdConfigure:
+ pci_dma_read(&s->dev, s->cb_address + 8,
+ &s->configuration[0], sizeof(s->configuration));
+ TRACE(OTHER, logout("configuration: %s\n",
+ nic_dump(&s->configuration[0], 16)));
+ TRACE(OTHER, logout("configuration: %s\n",
+ nic_dump(&s->configuration[16],
+ ARRAY_SIZE(s->configuration) - 16)));
+ if (s->configuration[20] & BIT(6)) {
+ TRACE(OTHER, logout("Multiple IA bit\n"));
+ }
+ break;
+ case CmdMulticastList:
+ set_multicast_list(s);
+ break;
+ case CmdTx:
+ if (bit_nc) {
+ missing("CmdTx: NC = 0");
+ ok_status = 0;
+ break;
+ }
+ tx_command(s);
+ break;
+ case CmdTDR:
+ TRACE(OTHER, logout("load microcode\n"));
+ /* Starting with offset 8, the command contains
+ * 64 dwords microcode which we just ignore here. */
+ break;
+ case CmdDiagnose:
+ TRACE(OTHER, logout("diagnose\n"));
+ /* Make sure error flag is not set. */
+ s->tx.status = 0;
+ break;
+ default:
+ missing("undefined command");
+ ok_status = 0;
+ break;
+ }
+ /* Write new status. */
+ stw_le_pci_dma(&s->dev, s->cb_address,
+ s->tx.status | ok_status | STATUS_C);
+ if (bit_i) {
+ /* CU completed action. */
+ eepro100_cx_interrupt(s);
+ }
+ if (bit_el) {
+ /* CU becomes idle. Terminate command loop. */
+ set_cu_state(s, cu_idle);
+ eepro100_cna_interrupt(s);
+ break;
+ } else if (bit_s) {
+ /* CU becomes suspended. Terminate command loop. */
+ set_cu_state(s, cu_suspended);
+ eepro100_cna_interrupt(s);
+ break;
+ } else {
+ /* More entries in list. */
+ TRACE(OTHER, logout("CU list with at least one more entry\n"));
+ }
+ }
+ TRACE(OTHER, logout("CU list empty\n"));
+ /* List is empty. Now CU is idle or suspended. */
+}
+
+static void eepro100_cu_command(EEPRO100State * s, uint8_t val)
+{
+ cu_state_t cu_state;
+ switch (val) {
+ case CU_NOP:
+ /* No operation. */
+ break;
+ case CU_START:
+ cu_state = get_cu_state(s);
+ if (cu_state != cu_idle && cu_state != cu_suspended) {
+ /* Intel documentation says that CU must be idle or suspended
+ * for the CU start command. */
+ logout("unexpected CU state is %u\n", cu_state);
+ }
+ set_cu_state(s, cu_active);
+ s->cu_offset = e100_read_reg4(s, SCBPointer);
+ action_command(s);
+ break;
+ case CU_RESUME:
+ if (get_cu_state(s) != cu_suspended) {
+ logout("bad CU resume from CU state %u\n", get_cu_state(s));
+ /* Workaround for bad Linux eepro100 driver which resumes
+ * from idle state. */
+#if 0
+ missing("cu resume");
+#endif
+ set_cu_state(s, cu_suspended);
+ }
+ if (get_cu_state(s) == cu_suspended) {
+ TRACE(OTHER, logout("CU resuming\n"));
+ set_cu_state(s, cu_active);
+ action_command(s);
+ }
+ break;
+ case CU_STATSADDR:
+ /* Load dump counters address. */
+ s->statsaddr = e100_read_reg4(s, SCBPointer);
+ TRACE(OTHER, logout("val=0x%02x (dump counters address)\n", val));
+ if (s->statsaddr & 3) {
+ /* Memory must be Dword aligned. */
+ logout("unaligned dump counters address\n");
+ /* Handling of misaligned addresses is undefined.
+ * Here we align the address by ignoring the lower bits. */
+ /* TODO: Test unaligned dump counter address on real hardware. */
+ s->statsaddr &= ~3;
+ }
+ break;
+ case CU_SHOWSTATS:
+ /* Dump statistical counters. */
+ TRACE(OTHER, logout("val=0x%02x (dump stats)\n", val));
+ dump_statistics(s);
+ stl_le_pci_dma(&s->dev, s->statsaddr + s->stats_size, 0xa005);
+ break;
+ case CU_CMD_BASE:
+ /* Load CU base. */
+ TRACE(OTHER, logout("val=0x%02x (CU base address)\n", val));
+ s->cu_base = e100_read_reg4(s, SCBPointer);
+ break;
+ case CU_DUMPSTATS:
+ /* Dump and reset statistical counters. */
+ TRACE(OTHER, logout("val=0x%02x (dump stats and reset)\n", val));
+ dump_statistics(s);
+ stl_le_pci_dma(&s->dev, s->statsaddr + s->stats_size, 0xa007);
+ memset(&s->statistics, 0, sizeof(s->statistics));
+ break;
+ case CU_SRESUME:
+ /* CU static resume. */
+ missing("CU static resume");
+ break;
+ default:
+ missing("Undefined CU command");
+ }
+}
+
+static void eepro100_ru_command(EEPRO100State * s, uint8_t val)
+{
+ switch (val) {
+ case RU_NOP:
+ /* No operation. */
+ break;
+ case RX_START:
+ /* RU start. */
+ if (get_ru_state(s) != ru_idle) {
+ logout("RU state is %u, should be %u\n", get_ru_state(s), ru_idle);
+#if 0
+ assert(!"wrong RU state");
+#endif
+ }
+ set_ru_state(s, ru_ready);
+ s->ru_offset = e100_read_reg4(s, SCBPointer);
+ qemu_flush_queued_packets(qemu_get_queue(s->nic));
+ TRACE(OTHER, logout("val=0x%02x (rx start)\n", val));
+ break;
+ case RX_RESUME:
+ /* Restart RU. */
+ if (get_ru_state(s) != ru_suspended) {
+ logout("RU state is %u, should be %u\n", get_ru_state(s),
+ ru_suspended);
+#if 0
+ assert(!"wrong RU state");
+#endif
+ }
+ set_ru_state(s, ru_ready);
+ break;
+ case RU_ABORT:
+ /* RU abort. */
+ if (get_ru_state(s) == ru_ready) {
+ eepro100_rnr_interrupt(s);
+ }
+ set_ru_state(s, ru_idle);
+ break;
+ case RX_ADDR_LOAD:
+ /* Load RU base. */
+ TRACE(OTHER, logout("val=0x%02x (RU base address)\n", val));
+ s->ru_base = e100_read_reg4(s, SCBPointer);
+ break;
+ default:
+ logout("val=0x%02x (undefined RU command)\n", val);
+ missing("Undefined SU command");
+ }
+}
+
+static void eepro100_write_command(EEPRO100State * s, uint8_t val)
+{
+ eepro100_ru_command(s, val & 0x0f);
+ eepro100_cu_command(s, val & 0xf0);
+ if ((val) == 0) {
+ TRACE(OTHER, logout("val=0x%02x\n", val));
+ }
+ /* Clear command byte after command was accepted. */
+ s->mem[SCBCmd] = 0;
+}
+
+/*****************************************************************************
+ *
+ * EEPROM emulation.
+ *
+ ****************************************************************************/
+
+#define EEPROM_CS 0x02
+#define EEPROM_SK 0x01
+#define EEPROM_DI 0x04
+#define EEPROM_DO 0x08
+
+static uint16_t eepro100_read_eeprom(EEPRO100State * s)
+{
+ uint16_t val = e100_read_reg2(s, SCBeeprom);
+ if (eeprom93xx_read(s->eeprom)) {
+ val |= EEPROM_DO;
+ } else {
+ val &= ~EEPROM_DO;
+ }
+ TRACE(EEPROM, logout("val=0x%04x\n", val));
+ return val;
+}
+
+static void eepro100_write_eeprom(eeprom_t * eeprom, uint8_t val)
+{
+ TRACE(EEPROM, logout("val=0x%02x\n", val));
+
+ /* mask unwritable bits */
+#if 0
+ val = SET_MASKED(val, 0x31, eeprom->value);
+#endif
+
+ int eecs = ((val & EEPROM_CS) != 0);
+ int eesk = ((val & EEPROM_SK) != 0);
+ int eedi = ((val & EEPROM_DI) != 0);
+ eeprom93xx_write(eeprom, eecs, eesk, eedi);
+}
+
+/*****************************************************************************
+ *
+ * MDI emulation.
+ *
+ ****************************************************************************/
+
+#if defined(DEBUG_EEPRO100)
+static const char * const mdi_op_name[] = {
+ "opcode 0",
+ "write",
+ "read",
+ "opcode 3"
+};
+
+static const char * const mdi_reg_name[] = {
+ "Control",
+ "Status",
+ "PHY Identification (Word 1)",
+ "PHY Identification (Word 2)",
+ "Auto-Negotiation Advertisement",
+ "Auto-Negotiation Link Partner Ability",
+ "Auto-Negotiation Expansion"
+};
+
+static const char *reg2name(uint8_t reg)
+{
+ static char buffer[10];
+ const char *p = buffer;
+ if (reg < ARRAY_SIZE(mdi_reg_name)) {
+ p = mdi_reg_name[reg];
+ } else {
+ snprintf(buffer, sizeof(buffer), "reg=0x%02x", reg);
+ }
+ return p;
+}
+#endif /* DEBUG_EEPRO100 */
+
+static uint32_t eepro100_read_mdi(EEPRO100State * s)
+{
+ uint32_t val = e100_read_reg4(s, SCBCtrlMDI);
+
+#ifdef DEBUG_EEPRO100
+ uint8_t raiseint = (val & BIT(29)) >> 29;
+ uint8_t opcode = (val & BITS(27, 26)) >> 26;
+ uint8_t phy = (val & BITS(25, 21)) >> 21;
+ uint8_t reg = (val & BITS(20, 16)) >> 16;
+ uint16_t data = (val & BITS(15, 0));
+#endif
+ /* Emulation takes no time to finish MDI transaction. */
+ val |= BIT(28);
+ TRACE(MDI, logout("val=0x%08x (int=%u, %s, phy=%u, %s, data=0x%04x\n",
+ val, raiseint, mdi_op_name[opcode], phy,
+ reg2name(reg), data));
+ return val;
+}
+
+static void eepro100_write_mdi(EEPRO100State *s)
+{
+ uint32_t val = e100_read_reg4(s, SCBCtrlMDI);
+ uint8_t raiseint = (val & BIT(29)) >> 29;
+ uint8_t opcode = (val & BITS(27, 26)) >> 26;
+ uint8_t phy = (val & BITS(25, 21)) >> 21;
+ uint8_t reg = (val & BITS(20, 16)) >> 16;
+ uint16_t data = (val & BITS(15, 0));
+ TRACE(MDI, logout("val=0x%08x (int=%u, %s, phy=%u, %s, data=0x%04x\n",
+ val, raiseint, mdi_op_name[opcode], phy, reg2name(reg), data));
+ if (phy != 1) {
+ /* Unsupported PHY address. */
+#if 0
+ logout("phy must be 1 but is %u\n", phy);
+#endif
+ data = 0;
+ } else if (opcode != 1 && opcode != 2) {
+ /* Unsupported opcode. */
+ logout("opcode must be 1 or 2 but is %u\n", opcode);
+ data = 0;
+ } else if (reg > 6) {
+ /* Unsupported register. */
+ logout("register must be 0...6 but is %u\n", reg);
+ data = 0;
+ } else {
+ TRACE(MDI, logout("val=0x%08x (int=%u, %s, phy=%u, %s, data=0x%04x\n",
+ val, raiseint, mdi_op_name[opcode], phy,
+ reg2name(reg), data));
+ if (opcode == 1) {
+ /* MDI write */
+ switch (reg) {
+ case 0: /* Control Register */
+ if (data & 0x8000) {
+ /* Reset status and control registers to default. */
+ s->mdimem[0] = eepro100_mdi_default[0];
+ s->mdimem[1] = eepro100_mdi_default[1];
+ data = s->mdimem[reg];
+ } else {
+ /* Restart Auto Configuration = Normal Operation */
+ data &= ~0x0200;
+ }
+ break;
+ case 1: /* Status Register */
+ missing("not writable");
+ data = s->mdimem[reg];
+ break;
+ case 2: /* PHY Identification Register (Word 1) */
+ case 3: /* PHY Identification Register (Word 2) */
+ missing("not implemented");
+ break;
+ case 4: /* Auto-Negotiation Advertisement Register */
+ case 5: /* Auto-Negotiation Link Partner Ability Register */
+ break;
+ case 6: /* Auto-Negotiation Expansion Register */
+ default:
+ missing("not implemented");
+ }
+ s->mdimem[reg] = data;
+ } else if (opcode == 2) {
+ /* MDI read */
+ switch (reg) {
+ case 0: /* Control Register */
+ if (data & 0x8000) {
+ /* Reset status and control registers to default. */
+ s->mdimem[0] = eepro100_mdi_default[0];
+ s->mdimem[1] = eepro100_mdi_default[1];
+ }
+ break;
+ case 1: /* Status Register */
+ s->mdimem[reg] |= 0x0020;
+ break;
+ case 2: /* PHY Identification Register (Word 1) */
+ case 3: /* PHY Identification Register (Word 2) */
+ case 4: /* Auto-Negotiation Advertisement Register */
+ break;
+ case 5: /* Auto-Negotiation Link Partner Ability Register */
+ s->mdimem[reg] = 0x41fe;
+ break;
+ case 6: /* Auto-Negotiation Expansion Register */
+ s->mdimem[reg] = 0x0001;
+ break;
+ }
+ data = s->mdimem[reg];
+ }
+ /* Emulation takes no time to finish MDI transaction.
+ * Set MDI bit in SCB status register. */
+ s->mem[SCBAck] |= 0x08;
+ val |= BIT(28);
+ if (raiseint) {
+ eepro100_mdi_interrupt(s);
+ }
+ }
+ val = (val & 0xffff0000) + data;
+ e100_write_reg4(s, SCBCtrlMDI, val);
+}
+
+/*****************************************************************************
+ *
+ * Port emulation.
+ *
+ ****************************************************************************/
+
+#define PORT_SOFTWARE_RESET 0
+#define PORT_SELFTEST 1
+#define PORT_SELECTIVE_RESET 2
+#define PORT_DUMP 3
+#define PORT_SELECTION_MASK 3
+
+typedef struct {
+ uint32_t st_sign; /* Self Test Signature */
+ uint32_t st_result; /* Self Test Results */
+} eepro100_selftest_t;
+
+static uint32_t eepro100_read_port(EEPRO100State * s)
+{
+ return 0;
+}
+
+static void eepro100_write_port(EEPRO100State *s)
+{
+ uint32_t val = e100_read_reg4(s, SCBPort);
+ uint32_t address = (val & ~PORT_SELECTION_MASK);
+ uint8_t selection = (val & PORT_SELECTION_MASK);
+ switch (selection) {
+ case PORT_SOFTWARE_RESET:
+ nic_reset(s);
+ break;
+ case PORT_SELFTEST:
+ TRACE(OTHER, logout("selftest address=0x%08x\n", address));
+ eepro100_selftest_t data;
+ pci_dma_read(&s->dev, address, (uint8_t *) &data, sizeof(data));
+ data.st_sign = 0xffffffff;
+ data.st_result = 0;
+ pci_dma_write(&s->dev, address, (uint8_t *) &data, sizeof(data));
+ break;
+ case PORT_SELECTIVE_RESET:
+ TRACE(OTHER, logout("selective reset, selftest address=0x%08x\n", address));
+ nic_selective_reset(s);
+ break;
+ default:
+ logout("val=0x%08x\n", val);
+ missing("unknown port selection");
+ }
+}
+
+/*****************************************************************************
+ *
+ * General hardware emulation.
+ *
+ ****************************************************************************/
+
+static uint8_t eepro100_read1(EEPRO100State * s, uint32_t addr)
+{
+ uint8_t val = 0;
+ if (addr <= sizeof(s->mem) - sizeof(val)) {
+ val = s->mem[addr];
+ }
+
+ switch (addr) {
+ case SCBStatus:
+ case SCBAck:
+ TRACE(OTHER, logout("addr=%s val=0x%02x\n", regname(addr), val));
+ break;
+ case SCBCmd:
+ TRACE(OTHER, logout("addr=%s val=0x%02x\n", regname(addr), val));
+#if 0
+ val = eepro100_read_command(s);
+#endif
+ break;
+ case SCBIntmask:
+ TRACE(OTHER, logout("addr=%s val=0x%02x\n", regname(addr), val));
+ break;
+ case SCBPort + 3:
+ TRACE(OTHER, logout("addr=%s val=0x%02x\n", regname(addr), val));
+ break;
+ case SCBeeprom:
+ val = eepro100_read_eeprom(s);
+ break;
+ case SCBCtrlMDI:
+ case SCBCtrlMDI + 1:
+ case SCBCtrlMDI + 2:
+ case SCBCtrlMDI + 3:
+ val = (uint8_t)(eepro100_read_mdi(s) >> (8 * (addr & 3)));
+ TRACE(OTHER, logout("addr=%s val=0x%02x\n", regname(addr), val));
+ break;
+ case SCBpmdr: /* Power Management Driver Register */
+ val = 0;
+ TRACE(OTHER, logout("addr=%s val=0x%02x\n", regname(addr), val));
+ break;
+ case SCBgctrl: /* General Control Register */
+ TRACE(OTHER, logout("addr=%s val=0x%02x\n", regname(addr), val));
+ break;
+ case SCBgstat: /* General Status Register */
+ /* 100 Mbps full duplex, valid link */
+ val = 0x07;
+ TRACE(OTHER, logout("addr=General Status val=%02x\n", val));
+ break;
+ default:
+ logout("addr=%s val=0x%02x\n", regname(addr), val);
+ missing("unknown byte read");
+ }
+ return val;
+}
+
+static uint16_t eepro100_read2(EEPRO100State * s, uint32_t addr)
+{
+ uint16_t val = 0;
+ if (addr <= sizeof(s->mem) - sizeof(val)) {
+ val = e100_read_reg2(s, addr);
+ }
+
+ switch (addr) {
+ case SCBStatus:
+ case SCBCmd:
+ TRACE(OTHER, logout("addr=%s val=0x%04x\n", regname(addr), val));
+ break;
+ case SCBeeprom:
+ val = eepro100_read_eeprom(s);
+ TRACE(OTHER, logout("addr=%s val=0x%04x\n", regname(addr), val));
+ break;
+ case SCBCtrlMDI:
+ case SCBCtrlMDI + 2:
+ val = (uint16_t)(eepro100_read_mdi(s) >> (8 * (addr & 3)));
+ TRACE(OTHER, logout("addr=%s val=0x%04x\n", regname(addr), val));
+ break;
+ default:
+ logout("addr=%s val=0x%04x\n", regname(addr), val);
+ missing("unknown word read");
+ }
+ return val;
+}
+
+static uint32_t eepro100_read4(EEPRO100State * s, uint32_t addr)
+{
+ uint32_t val = 0;
+ if (addr <= sizeof(s->mem) - sizeof(val)) {
+ val = e100_read_reg4(s, addr);
+ }
+
+ switch (addr) {
+ case SCBStatus:
+ TRACE(OTHER, logout("addr=%s val=0x%08x\n", regname(addr), val));
+ break;
+ case SCBPointer:
+ TRACE(OTHER, logout("addr=%s val=0x%08x\n", regname(addr), val));
+ break;
+ case SCBPort:
+ val = eepro100_read_port(s);
+ TRACE(OTHER, logout("addr=%s val=0x%08x\n", regname(addr), val));
+ break;
+ case SCBflash:
+ val = eepro100_read_eeprom(s);
+ TRACE(OTHER, logout("addr=%s val=0x%08x\n", regname(addr), val));
+ break;
+ case SCBCtrlMDI:
+ val = eepro100_read_mdi(s);
+ break;
+ default:
+ logout("addr=%s val=0x%08x\n", regname(addr), val);
+ missing("unknown longword read");
+ }
+ return val;
+}
+
+static void eepro100_write1(EEPRO100State * s, uint32_t addr, uint8_t val)
+{
+ /* SCBStatus is readonly. */
+ if (addr > SCBStatus && addr <= sizeof(s->mem) - sizeof(val)) {
+ s->mem[addr] = val;
+ }
+
+ switch (addr) {
+ case SCBStatus:
+ TRACE(OTHER, logout("addr=%s val=0x%02x\n", regname(addr), val));
+ break;
+ case SCBAck:
+ TRACE(OTHER, logout("addr=%s val=0x%02x\n", regname(addr), val));
+ eepro100_acknowledge(s);
+ break;
+ case SCBCmd:
+ TRACE(OTHER, logout("addr=%s val=0x%02x\n", regname(addr), val));
+ eepro100_write_command(s, val);
+ break;
+ case SCBIntmask:
+ TRACE(OTHER, logout("addr=%s val=0x%02x\n", regname(addr), val));
+ if (val & BIT(1)) {
+ eepro100_swi_interrupt(s);
+ }
+ eepro100_interrupt(s, 0);
+ break;
+ case SCBPointer:
+ case SCBPointer + 1:
+ case SCBPointer + 2:
+ case SCBPointer + 3:
+ TRACE(OTHER, logout("addr=%s val=0x%02x\n", regname(addr), val));
+ break;
+ case SCBPort:
+ case SCBPort + 1:
+ case SCBPort + 2:
+ TRACE(OTHER, logout("addr=%s val=0x%02x\n", regname(addr), val));
+ break;
+ case SCBPort + 3:
+ TRACE(OTHER, logout("addr=%s val=0x%02x\n", regname(addr), val));
+ eepro100_write_port(s);
+ break;
+ case SCBFlow: /* does not exist on 82557 */
+ case SCBFlow + 1:
+ case SCBFlow + 2:
+ case SCBpmdr: /* does not exist on 82557 */
+ TRACE(OTHER, logout("addr=%s val=0x%02x\n", regname(addr), val));
+ break;
+ case SCBeeprom:
+ TRACE(OTHER, logout("addr=%s val=0x%02x\n", regname(addr), val));
+ eepro100_write_eeprom(s->eeprom, val);
+ break;
+ case SCBCtrlMDI:
+ case SCBCtrlMDI + 1:
+ case SCBCtrlMDI + 2:
+ TRACE(OTHER, logout("addr=%s val=0x%02x\n", regname(addr), val));
+ break;
+ case SCBCtrlMDI + 3:
+ TRACE(OTHER, logout("addr=%s val=0x%02x\n", regname(addr), val));
+ eepro100_write_mdi(s);
+ break;
+ default:
+ logout("addr=%s val=0x%02x\n", regname(addr), val);
+ missing("unknown byte write");
+ }
+}
+
+static void eepro100_write2(EEPRO100State * s, uint32_t addr, uint16_t val)
+{
+ /* SCBStatus is readonly. */
+ if (addr > SCBStatus && addr <= sizeof(s->mem) - sizeof(val)) {
+ e100_write_reg2(s, addr, val);
+ }
+
+ switch (addr) {
+ case SCBStatus:
+ TRACE(OTHER, logout("addr=%s val=0x%04x\n", regname(addr), val));
+ s->mem[SCBAck] = (val >> 8);
+ eepro100_acknowledge(s);
+ break;
+ case SCBCmd:
+ TRACE(OTHER, logout("addr=%s val=0x%04x\n", regname(addr), val));
+ eepro100_write_command(s, val);
+ eepro100_write1(s, SCBIntmask, val >> 8);
+ break;
+ case SCBPointer:
+ case SCBPointer + 2:
+ TRACE(OTHER, logout("addr=%s val=0x%04x\n", regname(addr), val));
+ break;
+ case SCBPort:
+ TRACE(OTHER, logout("addr=%s val=0x%04x\n", regname(addr), val));
+ break;
+ case SCBPort + 2:
+ TRACE(OTHER, logout("addr=%s val=0x%04x\n", regname(addr), val));
+ eepro100_write_port(s);
+ break;
+ case SCBeeprom:
+ TRACE(OTHER, logout("addr=%s val=0x%04x\n", regname(addr), val));
+ eepro100_write_eeprom(s->eeprom, val);
+ break;
+ case SCBCtrlMDI:
+ TRACE(OTHER, logout("addr=%s val=0x%04x\n", regname(addr), val));
+ break;
+ case SCBCtrlMDI + 2:
+ TRACE(OTHER, logout("addr=%s val=0x%04x\n", regname(addr), val));
+ eepro100_write_mdi(s);
+ break;
+ default:
+ logout("addr=%s val=0x%04x\n", regname(addr), val);
+ missing("unknown word write");
+ }
+}
+
+static void eepro100_write4(EEPRO100State * s, uint32_t addr, uint32_t val)
+{
+ if (addr <= sizeof(s->mem) - sizeof(val)) {
+ e100_write_reg4(s, addr, val);
+ }
+
+ switch (addr) {
+ case SCBPointer:
+ TRACE(OTHER, logout("addr=%s val=0x%08x\n", regname(addr), val));
+ break;
+ case SCBPort:
+ TRACE(OTHER, logout("addr=%s val=0x%08x\n", regname(addr), val));
+ eepro100_write_port(s);
+ break;
+ case SCBflash:
+ TRACE(OTHER, logout("addr=%s val=0x%08x\n", regname(addr), val));
+ val = val >> 16;
+ eepro100_write_eeprom(s->eeprom, val);
+ break;
+ case SCBCtrlMDI:
+ TRACE(OTHER, logout("addr=%s val=0x%08x\n", regname(addr), val));
+ eepro100_write_mdi(s);
+ break;
+ default:
+ logout("addr=%s val=0x%08x\n", regname(addr), val);
+ missing("unknown longword write");
+ }
+}
+
+static uint64_t eepro100_read(void *opaque, hwaddr addr,
+ unsigned size)
+{
+ EEPRO100State *s = opaque;
+
+ switch (size) {
+ case 1: return eepro100_read1(s, addr);
+ case 2: return eepro100_read2(s, addr);
+ case 4: return eepro100_read4(s, addr);
+ default: abort();
+ }
+}
+
+static void eepro100_write(void *opaque, hwaddr addr,
+ uint64_t data, unsigned size)
+{
+ EEPRO100State *s = opaque;
+
+ switch (size) {
+ case 1:
+ eepro100_write1(s, addr, data);
+ break;
+ case 2:
+ eepro100_write2(s, addr, data);
+ break;
+ case 4:
+ eepro100_write4(s, addr, data);
+ break;
+ default:
+ abort();
+ }
+}
+
+static const MemoryRegionOps eepro100_ops = {
+ .read = eepro100_read,
+ .write = eepro100_write,
+ .endianness = DEVICE_LITTLE_ENDIAN,
+};
+
+static int nic_can_receive(NetClientState *nc)
+{
+ EEPRO100State *s = qemu_get_nic_opaque(nc);
+ TRACE(RXTX, logout("%p\n", s));
+ return get_ru_state(s) == ru_ready;
+#if 0
+ return !eepro100_buffer_full(s);
+#endif
+}
+
+static ssize_t nic_receive(NetClientState *nc, const uint8_t * buf, size_t size)
+{
+ /* TODO:
+ * - Magic packets should set bit 30 in power management driver register.
+ * - Interesting packets should set bit 29 in power management driver register.
+ */
+ EEPRO100State *s = qemu_get_nic_opaque(nc);
+ uint16_t rfd_status = 0xa000;
+#if defined(CONFIG_PAD_RECEIVED_FRAMES)
+ uint8_t min_buf[60];
+#endif
+ static const uint8_t broadcast_macaddr[6] =
+ { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
+
+#if defined(CONFIG_PAD_RECEIVED_FRAMES)
+ /* Pad to minimum Ethernet frame length */
+ if (size < sizeof(min_buf)) {
+ memcpy(min_buf, buf, size);
+ memset(&min_buf[size], 0, sizeof(min_buf) - size);
+ buf = min_buf;
+ size = sizeof(min_buf);
+ }
+#endif
+
+ if (s->configuration[8] & 0x80) {
+ /* CSMA is disabled. */
+ logout("%p received while CSMA is disabled\n", s);
+ return -1;
+#if !defined(CONFIG_PAD_RECEIVED_FRAMES)
+ } else if (size < 64 && (s->configuration[7] & BIT(0))) {
+ /* Short frame and configuration byte 7/0 (discard short receive) set:
+ * Short frame is discarded */
+ logout("%p received short frame (%zu byte)\n", s, size);
+ s->statistics.rx_short_frame_errors++;
+ return -1;
+#endif
+ } else if ((size > MAX_ETH_FRAME_SIZE + 4) && !(s->configuration[18] & BIT(3))) {
+ /* Long frame and configuration byte 18/3 (long receive ok) not set:
+ * Long frames are discarded. */
+ logout("%p received long frame (%zu byte), ignored\n", s, size);
+ return -1;
+ } else if (memcmp(buf, s->conf.macaddr.a, 6) == 0) { /* !!! */
+ /* Frame matches individual address. */
+ /* TODO: check configuration byte 15/4 (ignore U/L). */
+ TRACE(RXTX, logout("%p received frame for me, len=%zu\n", s, size));
+ } else if (memcmp(buf, broadcast_macaddr, 6) == 0) {
+ /* Broadcast frame. */
+ TRACE(RXTX, logout("%p received broadcast, len=%zu\n", s, size));
+ rfd_status |= 0x0002;
+ } else if (buf[0] & 0x01) {
+ /* Multicast frame. */
+ TRACE(RXTX, logout("%p received multicast, len=%zu,%s\n", s, size, nic_dump(buf, size)));
+ if (s->configuration[21] & BIT(3)) {
+ /* Multicast all bit is set, receive all multicast frames. */
+ } else {
+ unsigned mcast_idx = e100_compute_mcast_idx(buf);
+ assert(mcast_idx < 64);
+ if (s->mult[mcast_idx >> 3] & (1 << (mcast_idx & 7))) {
+ /* Multicast frame is allowed in hash table. */
+ } else if (s->configuration[15] & BIT(0)) {
+ /* Promiscuous: receive all. */
+ rfd_status |= 0x0004;
+ } else {
+ TRACE(RXTX, logout("%p multicast ignored\n", s));
+ return -1;
+ }
+ }
+ /* TODO: Next not for promiscuous mode? */
+ rfd_status |= 0x0002;
+ } else if (s->configuration[15] & BIT(0)) {
+ /* Promiscuous: receive all. */
+ TRACE(RXTX, logout("%p received frame in promiscuous mode, len=%zu\n", s, size));
+ rfd_status |= 0x0004;
+ } else if (s->configuration[20] & BIT(6)) {
+ /* Multiple IA bit set. */
+ unsigned mcast_idx = compute_mcast_idx(buf);
+ assert(mcast_idx < 64);
+ if (s->mult[mcast_idx >> 3] & (1 << (mcast_idx & 7))) {
+ TRACE(RXTX, logout("%p accepted, multiple IA bit set\n", s));
+ } else {
+ TRACE(RXTX, logout("%p frame ignored, multiple IA bit set\n", s));
+ return -1;
+ }
+ } else {
+ TRACE(RXTX, logout("%p received frame, ignored, len=%zu,%s\n", s, size,
+ nic_dump(buf, size)));
+ return size;
+ }
+
+ if (get_ru_state(s) != ru_ready) {
+ /* No resources available. */
+ logout("no resources, state=%u\n", get_ru_state(s));
+ /* TODO: RNR interrupt only at first failed frame? */
+ eepro100_rnr_interrupt(s);
+ s->statistics.rx_resource_errors++;
+#if 0
+ assert(!"no resources");
+#endif
+ return -1;
+ }
+ /* !!! */
+ eepro100_rx_t rx;
+ pci_dma_read(&s->dev, s->ru_base + s->ru_offset,
+ &rx, sizeof(eepro100_rx_t));
+ uint16_t rfd_command = le16_to_cpu(rx.command);
+ uint16_t rfd_size = le16_to_cpu(rx.size);
+
+ if (size > rfd_size) {
+ logout("Receive buffer (%" PRId16 " bytes) too small for data "
+ "(%zu bytes); data truncated\n", rfd_size, size);
+ size = rfd_size;
+ }
+#if !defined(CONFIG_PAD_RECEIVED_FRAMES)
+ if (size < 64) {
+ rfd_status |= 0x0080;
+ }
+#endif
+ TRACE(OTHER, logout("command 0x%04x, link 0x%08x, addr 0x%08x, size %u\n",
+ rfd_command, rx.link, rx.rx_buf_addr, rfd_size));
+ stw_le_pci_dma(&s->dev, s->ru_base + s->ru_offset +
+ offsetof(eepro100_rx_t, status), rfd_status);
+ stw_le_pci_dma(&s->dev, s->ru_base + s->ru_offset +
+ offsetof(eepro100_rx_t, count), size);
+ /* Early receive interrupt not supported. */
+#if 0
+ eepro100_er_interrupt(s);
+#endif
+ /* Receive CRC Transfer not supported. */
+ if (s->configuration[18] & BIT(2)) {
+ missing("Receive CRC Transfer");
+ return -1;
+ }
+ /* TODO: check stripping enable bit. */
+#if 0
+ assert(!(s->configuration[17] & BIT(0)));
+#endif
+ pci_dma_write(&s->dev, s->ru_base + s->ru_offset +
+ sizeof(eepro100_rx_t), buf, size);
+ s->statistics.rx_good_frames++;
+ eepro100_fr_interrupt(s);
+ s->ru_offset = le32_to_cpu(rx.link);
+ if (rfd_command & COMMAND_EL) {
+ /* EL bit is set, so this was the last frame. */
+ logout("receive: Running out of frames\n");
+ set_ru_state(s, ru_no_resources);
+ eepro100_rnr_interrupt(s);
+ }
+ if (rfd_command & COMMAND_S) {
+ /* S bit is set. */
+ set_ru_state(s, ru_suspended);
+ }
+ return size;
+}
+
+static const VMStateDescription vmstate_eepro100 = {
+ .version_id = 3,
+ .minimum_version_id = 2,
+ .minimum_version_id_old = 2,
+ .fields = (VMStateField []) {
+ VMSTATE_PCI_DEVICE(dev, EEPRO100State),
+ VMSTATE_UNUSED(32),
+ VMSTATE_BUFFER(mult, EEPRO100State),
+ VMSTATE_BUFFER(mem, EEPRO100State),
+ /* Save all members of struct between scb_stat and mem. */
+ VMSTATE_UINT8(scb_stat, EEPRO100State),
+ VMSTATE_UINT8(int_stat, EEPRO100State),
+ VMSTATE_UNUSED(3*4),
+ VMSTATE_MACADDR(conf.macaddr, EEPRO100State),
+ VMSTATE_UNUSED(19*4),
+ VMSTATE_UINT16_ARRAY(mdimem, EEPRO100State, 32),
+ /* The eeprom should be saved and restored by its own routines. */
+ VMSTATE_UINT32(device, EEPRO100State),
+ /* TODO check device. */
+ VMSTATE_UINT32(cu_base, EEPRO100State),
+ VMSTATE_UINT32(cu_offset, EEPRO100State),
+ VMSTATE_UINT32(ru_base, EEPRO100State),
+ VMSTATE_UINT32(ru_offset, EEPRO100State),
+ VMSTATE_UINT32(statsaddr, EEPRO100State),
+ /* Save eepro100_stats_t statistics. */
+ VMSTATE_UINT32(statistics.tx_good_frames, EEPRO100State),
+ VMSTATE_UINT32(statistics.tx_max_collisions, EEPRO100State),
+ VMSTATE_UINT32(statistics.tx_late_collisions, EEPRO100State),
+ VMSTATE_UINT32(statistics.tx_underruns, EEPRO100State),
+ VMSTATE_UINT32(statistics.tx_lost_crs, EEPRO100State),
+ VMSTATE_UINT32(statistics.tx_deferred, EEPRO100State),
+ VMSTATE_UINT32(statistics.tx_single_collisions, EEPRO100State),
+ VMSTATE_UINT32(statistics.tx_multiple_collisions, EEPRO100State),
+ VMSTATE_UINT32(statistics.tx_total_collisions, EEPRO100State),
+ VMSTATE_UINT32(statistics.rx_good_frames, EEPRO100State),
+ VMSTATE_UINT32(statistics.rx_crc_errors, EEPRO100State),
+ VMSTATE_UINT32(statistics.rx_alignment_errors, EEPRO100State),
+ VMSTATE_UINT32(statistics.rx_resource_errors, EEPRO100State),
+ VMSTATE_UINT32(statistics.rx_overrun_errors, EEPRO100State),
+ VMSTATE_UINT32(statistics.rx_cdt_errors, EEPRO100State),
+ VMSTATE_UINT32(statistics.rx_short_frame_errors, EEPRO100State),
+ VMSTATE_UINT32(statistics.fc_xmt_pause, EEPRO100State),
+ VMSTATE_UINT32(statistics.fc_rcv_pause, EEPRO100State),
+ VMSTATE_UINT32(statistics.fc_rcv_unsupported, EEPRO100State),
+ VMSTATE_UINT16(statistics.xmt_tco_frames, EEPRO100State),
+ VMSTATE_UINT16(statistics.rcv_tco_frames, EEPRO100State),
+ /* Configuration bytes. */
+ VMSTATE_BUFFER(configuration, EEPRO100State),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+static void nic_cleanup(NetClientState *nc)
+{
+ EEPRO100State *s = qemu_get_nic_opaque(nc);
+
+ s->nic = NULL;
+}
+
+static void pci_nic_uninit(PCIDevice *pci_dev)
+{
+ EEPRO100State *s = DO_UPCAST(EEPRO100State, dev, pci_dev);
+
+ memory_region_destroy(&s->mmio_bar);
+ memory_region_destroy(&s->io_bar);
+ memory_region_destroy(&s->flash_bar);
+ vmstate_unregister(&pci_dev->qdev, s->vmstate, s);
+ eeprom93xx_free(&pci_dev->qdev, s->eeprom);
+ qemu_del_nic(s->nic);
+}
+
+static NetClientInfo net_eepro100_info = {
+ .type = NET_CLIENT_OPTIONS_KIND_NIC,
+ .size = sizeof(NICState),
+ .can_receive = nic_can_receive,
+ .receive = nic_receive,
+ .cleanup = nic_cleanup,
+};
+
+static int e100_nic_init(PCIDevice *pci_dev)
+{
+ EEPRO100State *s = DO_UPCAST(EEPRO100State, dev, pci_dev);
+ E100PCIDeviceInfo *info = eepro100_get_class(s);
+
+ TRACE(OTHER, logout("\n"));
+
+ s->device = info->device;
+
+ e100_pci_reset(s);
+
+ /* Add 64 * 2 EEPROM. i82557 and i82558 support a 64 word EEPROM,
+ * i82559 and later support 64 or 256 word EEPROM. */
+ s->eeprom = eeprom93xx_new(&pci_dev->qdev, EEPROM_SIZE);
+
+ /* Handler for memory-mapped I/O */
+ memory_region_init_io(&s->mmio_bar, OBJECT(s), &eepro100_ops, s,
+ "eepro100-mmio", PCI_MEM_SIZE);
+ pci_register_bar(&s->dev, 0, PCI_BASE_ADDRESS_MEM_PREFETCH, &s->mmio_bar);
+ memory_region_init_io(&s->io_bar, OBJECT(s), &eepro100_ops, s,
+ "eepro100-io", PCI_IO_SIZE);
+ pci_register_bar(&s->dev, 1, PCI_BASE_ADDRESS_SPACE_IO, &s->io_bar);
+ /* FIXME: flash aliases to mmio?! */
+ memory_region_init_io(&s->flash_bar, OBJECT(s), &eepro100_ops, s,
+ "eepro100-flash", PCI_FLASH_SIZE);
+ pci_register_bar(&s->dev, 2, 0, &s->flash_bar);
+
+ qemu_macaddr_default_if_unset(&s->conf.macaddr);
+ logout("macaddr: %s\n", nic_dump(&s->conf.macaddr.a[0], 6));
+
+ nic_reset(s);
+
+ s->nic = qemu_new_nic(&net_eepro100_info, &s->conf,
+ object_get_typename(OBJECT(pci_dev)), pci_dev->qdev.id, s);
+
+ qemu_format_nic_info_str(qemu_get_queue(s->nic), s->conf.macaddr.a);
+ TRACE(OTHER, logout("%s\n", qemu_get_queue(s->nic)->info_str));
+
+ qemu_register_reset(nic_reset, s);
+
+ s->vmstate = g_malloc(sizeof(vmstate_eepro100));
+ memcpy(s->vmstate, &vmstate_eepro100, sizeof(vmstate_eepro100));
+ s->vmstate->name = qemu_get_queue(s->nic)->model;
+ vmstate_register(&pci_dev->qdev, -1, s->vmstate, s);
+
+ add_boot_device_path(s->conf.bootindex, &pci_dev->qdev, "/ethernet-phy@0");
+
+ return 0;
+}
+
+static E100PCIDeviceInfo e100_devices[] = {
+ {
+ .name = "i82550",
+ .desc = "Intel i82550 Ethernet",
+ .device = i82550,
+ /* TODO: check device id. */
+ .device_id = PCI_DEVICE_ID_INTEL_82551IT,
+ /* Revision ID: 0x0c, 0x0d, 0x0e. */
+ .revision = 0x0e,
+ /* TODO: check size of statistical counters. */
+ .stats_size = 80,
+ /* TODO: check extended tcb support. */
+ .has_extended_tcb_support = true,
+ .power_management = true,
+ },{
+ .name = "i82551",
+ .desc = "Intel i82551 Ethernet",
+ .device = i82551,
+ .device_id = PCI_DEVICE_ID_INTEL_82551IT,
+ /* Revision ID: 0x0f, 0x10. */
+ .revision = 0x0f,
+ /* TODO: check size of statistical counters. */
+ .stats_size = 80,
+ .has_extended_tcb_support = true,
+ .power_management = true,
+ },{
+ .name = "i82557a",
+ .desc = "Intel i82557A Ethernet",
+ .device = i82557A,
+ .device_id = PCI_DEVICE_ID_INTEL_82557,
+ .revision = 0x01,
+ .power_management = false,
+ },{
+ .name = "i82557b",
+ .desc = "Intel i82557B Ethernet",
+ .device = i82557B,
+ .device_id = PCI_DEVICE_ID_INTEL_82557,
+ .revision = 0x02,
+ .power_management = false,
+ },{
+ .name = "i82557c",
+ .desc = "Intel i82557C Ethernet",
+ .device = i82557C,
+ .device_id = PCI_DEVICE_ID_INTEL_82557,
+ .revision = 0x03,
+ .power_management = false,
+ },{
+ .name = "i82558a",
+ .desc = "Intel i82558A Ethernet",
+ .device = i82558A,
+ .device_id = PCI_DEVICE_ID_INTEL_82557,
+ .revision = 0x04,
+ .stats_size = 76,
+ .has_extended_tcb_support = true,
+ .power_management = true,
+ },{
+ .name = "i82558b",
+ .desc = "Intel i82558B Ethernet",
+ .device = i82558B,
+ .device_id = PCI_DEVICE_ID_INTEL_82557,
+ .revision = 0x05,
+ .stats_size = 76,
+ .has_extended_tcb_support = true,
+ .power_management = true,
+ },{
+ .name = "i82559a",
+ .desc = "Intel i82559A Ethernet",
+ .device = i82559A,
+ .device_id = PCI_DEVICE_ID_INTEL_82557,
+ .revision = 0x06,
+ .stats_size = 80,
+ .has_extended_tcb_support = true,
+ .power_management = true,
+ },{
+ .name = "i82559b",
+ .desc = "Intel i82559B Ethernet",
+ .device = i82559B,
+ .device_id = PCI_DEVICE_ID_INTEL_82557,
+ .revision = 0x07,
+ .stats_size = 80,
+ .has_extended_tcb_support = true,
+ .power_management = true,
+ },{
+ .name = "i82559c",
+ .desc = "Intel i82559C Ethernet",
+ .device = i82559C,
+ .device_id = PCI_DEVICE_ID_INTEL_82557,
+#if 0
+ .revision = 0x08,
+#endif
+ /* TODO: Windows wants revision id 0x0c. */
+ .revision = 0x0c,
+#if EEPROM_SIZE > 0
+ .subsystem_vendor_id = PCI_VENDOR_ID_INTEL,
+ .subsystem_id = 0x0040,
+#endif
+ .stats_size = 80,
+ .has_extended_tcb_support = true,
+ .power_management = true,
+ },{
+ .name = "i82559er",
+ .desc = "Intel i82559ER Ethernet",
+ .device = i82559ER,
+ .device_id = PCI_DEVICE_ID_INTEL_82551IT,
+ .revision = 0x09,
+ .stats_size = 80,
+ .has_extended_tcb_support = true,
+ .power_management = true,
+ },{
+ .name = "i82562",
+ .desc = "Intel i82562 Ethernet",
+ .device = i82562,
+ /* TODO: check device id. */
+ .device_id = PCI_DEVICE_ID_INTEL_82551IT,
+ /* TODO: wrong revision id. */
+ .revision = 0x0e,
+ .stats_size = 80,
+ .has_extended_tcb_support = true,
+ .power_management = true,
+ },{
+ /* Toshiba Tecra 8200. */
+ .name = "i82801",
+ .desc = "Intel i82801 Ethernet",
+ .device = i82801,
+ .device_id = 0x2449,
+ .revision = 0x03,
+ .stats_size = 80,
+ .has_extended_tcb_support = true,
+ .power_management = true,
+ }
+};
+
+static E100PCIDeviceInfo *eepro100_get_class_by_name(const char *typename)
+{
+ E100PCIDeviceInfo *info = NULL;
+ int i;
+
+ /* This is admittedly awkward but also temporary. QOM allows for
+ * parameterized typing and for subclassing both of which would suitable
+ * handle what's going on here. But class_data is already being used as
+ * a stop-gap hack to allow incremental qdev conversion so we cannot use it
+ * right now. Once we merge the final QOM series, we can come back here and
+ * do this in a much more elegant fashion.
+ */
+ for (i = 0; i < ARRAY_SIZE(e100_devices); i++) {
+ if (strcmp(e100_devices[i].name, typename) == 0) {
+ info = &e100_devices[i];
+ break;
+ }
+ }
+ assert(info != NULL);
+
+ return info;
+}
+
+static E100PCIDeviceInfo *eepro100_get_class(EEPRO100State *s)
+{
+ return eepro100_get_class_by_name(object_get_typename(OBJECT(s)));
+}
+
+static Property e100_properties[] = {
+ DEFINE_NIC_PROPERTIES(EEPRO100State, conf),
+ DEFINE_PROP_END_OF_LIST(),
+};
+
+static void eepro100_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ PCIDeviceClass *k = PCI_DEVICE_CLASS(klass);
+ E100PCIDeviceInfo *info;
+
+ info = eepro100_get_class_by_name(object_class_get_name(klass));
+
+ set_bit(DEVICE_CATEGORY_NETWORK, dc->categories);
+ dc->props = e100_properties;
+ dc->desc = info->desc;
+ k->vendor_id = PCI_VENDOR_ID_INTEL;
+ k->class_id = PCI_CLASS_NETWORK_ETHERNET;
+ k->romfile = "pxe-eepro100.rom";
+ k->init = e100_nic_init;
+ k->exit = pci_nic_uninit;
+ k->device_id = info->device_id;
+ k->revision = info->revision;
+ k->subsystem_vendor_id = info->subsystem_vendor_id;
+ k->subsystem_id = info->subsystem_id;
+}
+
+static void eepro100_register_types(void)
+{
+ size_t i;
+ for (i = 0; i < ARRAY_SIZE(e100_devices); i++) {
+ TypeInfo type_info = {};
+ E100PCIDeviceInfo *info = &e100_devices[i];
+
+ type_info.name = info->name;
+ type_info.parent = TYPE_PCI_DEVICE;
+ type_info.class_init = eepro100_class_init;
+ type_info.instance_size = sizeof(EEPRO100State);
+
+ type_register(&type_info);
+ }
+}
+
+type_init(eepro100_register_types)
diff --git a/hw/net/etraxfs_eth.c b/hw/net/etraxfs_eth.c
new file mode 100644
index 000000000..78ebbbca7
--- /dev/null
+++ b/hw/net/etraxfs_eth.c
@@ -0,0 +1,663 @@
+/*
+ * QEMU ETRAX Ethernet Controller.
+ *
+ * Copyright (c) 2008 Edgar E. Iglesias, Axis Communications AB.
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+#include <stdio.h>
+#include "hw/sysbus.h"
+#include "net/net.h"
+#include "hw/cris/etraxfs.h"
+
+#define D(x)
+
+/* Advertisement control register. */
+#define ADVERTISE_10HALF 0x0020 /* Try for 10mbps half-duplex */
+#define ADVERTISE_10FULL 0x0040 /* Try for 10mbps full-duplex */
+#define ADVERTISE_100HALF 0x0080 /* Try for 100mbps half-duplex */
+#define ADVERTISE_100FULL 0x0100 /* Try for 100mbps full-duplex */
+
+/*
+ * The MDIO extensions in the TDK PHY model were reversed engineered from the
+ * linux driver (PHYID and Diagnostics reg).
+ * TODO: Add friendly names for the register nums.
+ */
+struct qemu_phy
+{
+ uint32_t regs[32];
+
+ int link;
+
+ unsigned int (*read)(struct qemu_phy *phy, unsigned int req);
+ void (*write)(struct qemu_phy *phy, unsigned int req, unsigned int data);
+};
+
+static unsigned int tdk_read(struct qemu_phy *phy, unsigned int req)
+{
+ int regnum;
+ unsigned r = 0;
+
+ regnum = req & 0x1f;
+
+ switch (regnum) {
+ case 1:
+ if (!phy->link) {
+ break;
+ }
+ /* MR1. */
+ /* Speeds and modes. */
+ r |= (1 << 13) | (1 << 14);
+ r |= (1 << 11) | (1 << 12);
+ r |= (1 << 5); /* Autoneg complete. */
+ r |= (1 << 3); /* Autoneg able. */
+ r |= (1 << 2); /* link. */
+ break;
+ case 5:
+ /* Link partner ability.
+ We are kind; always agree with whatever best mode
+ the guest advertises. */
+ r = 1 << 14; /* Success. */
+ /* Copy advertised modes. */
+ r |= phy->regs[4] & (15 << 5);
+ /* Autoneg support. */
+ r |= 1;
+ break;
+ case 18:
+ {
+ /* Diagnostics reg. */
+ int duplex = 0;
+ int speed_100 = 0;
+
+ if (!phy->link) {
+ break;
+ }
+
+ /* Are we advertising 100 half or 100 duplex ? */
+ speed_100 = !!(phy->regs[4] & ADVERTISE_100HALF);
+ speed_100 |= !!(phy->regs[4] & ADVERTISE_100FULL);
+
+ /* Are we advertising 10 duplex or 100 duplex ? */
+ duplex = !!(phy->regs[4] & ADVERTISE_100FULL);
+ duplex |= !!(phy->regs[4] & ADVERTISE_10FULL);
+ r = (speed_100 << 10) | (duplex << 11);
+ }
+ break;
+
+ default:
+ r = phy->regs[regnum];
+ break;
+ }
+ D(printf("\n%s %x = reg[%d]\n", __func__, r, regnum));
+ return r;
+}
+
+static void
+tdk_write(struct qemu_phy *phy, unsigned int req, unsigned int data)
+{
+ int regnum;
+
+ regnum = req & 0x1f;
+ D(printf("%s reg[%d] = %x\n", __func__, regnum, data));
+ switch (regnum) {
+ default:
+ phy->regs[regnum] = data;
+ break;
+ }
+}
+
+static void
+tdk_init(struct qemu_phy *phy)
+{
+ phy->regs[0] = 0x3100;
+ /* PHY Id. */
+ phy->regs[2] = 0x0300;
+ phy->regs[3] = 0xe400;
+ /* Autonegotiation advertisement reg. */
+ phy->regs[4] = 0x01E1;
+ phy->link = 1;
+
+ phy->read = tdk_read;
+ phy->write = tdk_write;
+}
+
+struct qemu_mdio
+{
+ /* bus. */
+ int mdc;
+ int mdio;
+
+ /* decoder. */
+ enum {
+ PREAMBLE,
+ SOF,
+ OPC,
+ ADDR,
+ REQ,
+ TURNAROUND,
+ DATA
+ } state;
+ unsigned int drive;
+
+ unsigned int cnt;
+ unsigned int addr;
+ unsigned int opc;
+ unsigned int req;
+ unsigned int data;
+
+ struct qemu_phy *devs[32];
+};
+
+static void
+mdio_attach(struct qemu_mdio *bus, struct qemu_phy *phy, unsigned int addr)
+{
+ bus->devs[addr & 0x1f] = phy;
+}
+
+#ifdef USE_THIS_DEAD_CODE
+static void
+mdio_detach(struct qemu_mdio *bus, struct qemu_phy *phy, unsigned int addr)
+{
+ bus->devs[addr & 0x1f] = NULL;
+}
+#endif
+
+static void mdio_read_req(struct qemu_mdio *bus)
+{
+ struct qemu_phy *phy;
+
+ phy = bus->devs[bus->addr];
+ if (phy && phy->read) {
+ bus->data = phy->read(phy, bus->req);
+ } else {
+ bus->data = 0xffff;
+ }
+}
+
+static void mdio_write_req(struct qemu_mdio *bus)
+{
+ struct qemu_phy *phy;
+
+ phy = bus->devs[bus->addr];
+ if (phy && phy->write) {
+ phy->write(phy, bus->req, bus->data);
+ }
+}
+
+static void mdio_cycle(struct qemu_mdio *bus)
+{
+ bus->cnt++;
+
+ D(printf("mdc=%d mdio=%d state=%d cnt=%d drv=%d\n",
+ bus->mdc, bus->mdio, bus->state, bus->cnt, bus->drive));
+#if 0
+ if (bus->mdc) {
+ printf("%d", bus->mdio);
+ }
+#endif
+ switch (bus->state) {
+ case PREAMBLE:
+ if (bus->mdc) {
+ if (bus->cnt >= (32 * 2) && !bus->mdio) {
+ bus->cnt = 0;
+ bus->state = SOF;
+ bus->data = 0;
+ }
+ }
+ break;
+ case SOF:
+ if (bus->mdc) {
+ if (bus->mdio != 1) {
+ printf("WARNING: no SOF\n");
+ }
+ if (bus->cnt == 1*2) {
+ bus->cnt = 0;
+ bus->opc = 0;
+ bus->state = OPC;
+ }
+ }
+ break;
+ case OPC:
+ if (bus->mdc) {
+ bus->opc <<= 1;
+ bus->opc |= bus->mdio & 1;
+ if (bus->cnt == 2*2) {
+ bus->cnt = 0;
+ bus->addr = 0;
+ bus->state = ADDR;
+ }
+ }
+ break;
+ case ADDR:
+ if (bus->mdc) {
+ bus->addr <<= 1;
+ bus->addr |= bus->mdio & 1;
+
+ if (bus->cnt == 5*2) {
+ bus->cnt = 0;
+ bus->req = 0;
+ bus->state = REQ;
+ }
+ }
+ break;
+ case REQ:
+ if (bus->mdc) {
+ bus->req <<= 1;
+ bus->req |= bus->mdio & 1;
+ if (bus->cnt == 5*2) {
+ bus->cnt = 0;
+ bus->state = TURNAROUND;
+ }
+ }
+ break;
+ case TURNAROUND:
+ if (bus->mdc && bus->cnt == 2*2) {
+ bus->mdio = 0;
+ bus->cnt = 0;
+
+ if (bus->opc == 2) {
+ bus->drive = 1;
+ mdio_read_req(bus);
+ bus->mdio = bus->data & 1;
+ }
+ bus->state = DATA;
+ }
+ break;
+ case DATA:
+ if (!bus->mdc) {
+ if (bus->drive) {
+ bus->mdio = !!(bus->data & (1 << 15));
+ bus->data <<= 1;
+ }
+ } else {
+ if (!bus->drive) {
+ bus->data <<= 1;
+ bus->data |= bus->mdio;
+ }
+ if (bus->cnt == 16 * 2) {
+ bus->cnt = 0;
+ bus->state = PREAMBLE;
+ if (!bus->drive) {
+ mdio_write_req(bus);
+ }
+ bus->drive = 0;
+ }
+ }
+ break;
+ default:
+ break;
+ }
+}
+
+/* ETRAX-FS Ethernet MAC block starts here. */
+
+#define RW_MA0_LO 0x00
+#define RW_MA0_HI 0x01
+#define RW_MA1_LO 0x02
+#define RW_MA1_HI 0x03
+#define RW_GA_LO 0x04
+#define RW_GA_HI 0x05
+#define RW_GEN_CTRL 0x06
+#define RW_REC_CTRL 0x07
+#define RW_TR_CTRL 0x08
+#define RW_CLR_ERR 0x09
+#define RW_MGM_CTRL 0x0a
+#define R_STAT 0x0b
+#define FS_ETH_MAX_REGS 0x17
+
+#define TYPE_ETRAX_FS_ETH "etraxfs-eth"
+#define ETRAX_FS_ETH(obj) \
+ OBJECT_CHECK(ETRAXFSEthState, (obj), TYPE_ETRAX_FS_ETH)
+
+typedef struct ETRAXFSEthState
+{
+ SysBusDevice parent_obj;
+
+ MemoryRegion mmio;
+ NICState *nic;
+ NICConf conf;
+
+ /* Two addrs in the filter. */
+ uint8_t macaddr[2][6];
+ uint32_t regs[FS_ETH_MAX_REGS];
+
+ union {
+ void *vdma_out;
+ struct etraxfs_dma_client *dma_out;
+ };
+ union {
+ void *vdma_in;
+ struct etraxfs_dma_client *dma_in;
+ };
+
+ /* MDIO bus. */
+ struct qemu_mdio mdio_bus;
+ unsigned int phyaddr;
+ int duplex_mismatch;
+
+ /* PHY. */
+ struct qemu_phy phy;
+} ETRAXFSEthState;
+
+static void eth_validate_duplex(ETRAXFSEthState *eth)
+{
+ struct qemu_phy *phy;
+ unsigned int phy_duplex;
+ unsigned int mac_duplex;
+ int new_mm = 0;
+
+ phy = eth->mdio_bus.devs[eth->phyaddr];
+ phy_duplex = !!(phy->read(phy, 18) & (1 << 11));
+ mac_duplex = !!(eth->regs[RW_REC_CTRL] & 128);
+
+ if (mac_duplex != phy_duplex) {
+ new_mm = 1;
+ }
+
+ if (eth->regs[RW_GEN_CTRL] & 1) {
+ if (new_mm != eth->duplex_mismatch) {
+ if (new_mm) {
+ printf("HW: WARNING ETH duplex mismatch MAC=%d PHY=%d\n",
+ mac_duplex, phy_duplex);
+ } else {
+ printf("HW: ETH duplex ok.\n");
+ }
+ }
+ eth->duplex_mismatch = new_mm;
+ }
+}
+
+static uint64_t
+eth_read(void *opaque, hwaddr addr, unsigned int size)
+{
+ ETRAXFSEthState *eth = opaque;
+ uint32_t r = 0;
+
+ addr >>= 2;
+
+ switch (addr) {
+ case R_STAT:
+ r = eth->mdio_bus.mdio & 1;
+ break;
+ default:
+ r = eth->regs[addr];
+ D(printf("%s %x\n", __func__, addr * 4));
+ break;
+ }
+ return r;
+}
+
+static void eth_update_ma(ETRAXFSEthState *eth, int ma)
+{
+ int reg;
+ int i = 0;
+
+ ma &= 1;
+
+ reg = RW_MA0_LO;
+ if (ma) {
+ reg = RW_MA1_LO;
+ }
+
+ eth->macaddr[ma][i++] = eth->regs[reg];
+ eth->macaddr[ma][i++] = eth->regs[reg] >> 8;
+ eth->macaddr[ma][i++] = eth->regs[reg] >> 16;
+ eth->macaddr[ma][i++] = eth->regs[reg] >> 24;
+ eth->macaddr[ma][i++] = eth->regs[reg + 1];
+ eth->macaddr[ma][i] = eth->regs[reg + 1] >> 8;
+
+ D(printf("set mac%d=%x.%x.%x.%x.%x.%x\n", ma,
+ eth->macaddr[ma][0], eth->macaddr[ma][1],
+ eth->macaddr[ma][2], eth->macaddr[ma][3],
+ eth->macaddr[ma][4], eth->macaddr[ma][5]));
+}
+
+static void
+eth_write(void *opaque, hwaddr addr,
+ uint64_t val64, unsigned int size)
+{
+ ETRAXFSEthState *eth = opaque;
+ uint32_t value = val64;
+
+ addr >>= 2;
+ switch (addr) {
+ case RW_MA0_LO:
+ case RW_MA0_HI:
+ eth->regs[addr] = value;
+ eth_update_ma(eth, 0);
+ break;
+ case RW_MA1_LO:
+ case RW_MA1_HI:
+ eth->regs[addr] = value;
+ eth_update_ma(eth, 1);
+ break;
+
+ case RW_MGM_CTRL:
+ /* Attach an MDIO/PHY abstraction. */
+ if (value & 2) {
+ eth->mdio_bus.mdio = value & 1;
+ }
+ if (eth->mdio_bus.mdc != (value & 4)) {
+ mdio_cycle(&eth->mdio_bus);
+ eth_validate_duplex(eth);
+ }
+ eth->mdio_bus.mdc = !!(value & 4);
+ eth->regs[addr] = value;
+ break;
+
+ case RW_REC_CTRL:
+ eth->regs[addr] = value;
+ eth_validate_duplex(eth);
+ break;
+
+ default:
+ eth->regs[addr] = value;
+ D(printf("%s %x %x\n", __func__, addr, value));
+ break;
+ }
+}
+
+/* The ETRAX FS has a groupt address table (GAT) which works like a k=1 bloom
+ filter dropping group addresses we have not joined. The filter has 64
+ bits (m). The has function is a simple nible xor of the group addr. */
+static int eth_match_groupaddr(ETRAXFSEthState *eth, const unsigned char *sa)
+{
+ unsigned int hsh;
+ int m_individual = eth->regs[RW_REC_CTRL] & 4;
+ int match;
+
+ /* First bit on the wire of a MAC address signals multicast or
+ physical address. */
+ if (!m_individual && !(sa[0] & 1)) {
+ return 0;
+ }
+
+ /* Calculate the hash index for the GA registers. */
+ hsh = 0;
+ hsh ^= (*sa) & 0x3f;
+ hsh ^= ((*sa) >> 6) & 0x03;
+ ++sa;
+ hsh ^= ((*sa) << 2) & 0x03c;
+ hsh ^= ((*sa) >> 4) & 0xf;
+ ++sa;
+ hsh ^= ((*sa) << 4) & 0x30;
+ hsh ^= ((*sa) >> 2) & 0x3f;
+ ++sa;
+ hsh ^= (*sa) & 0x3f;
+ hsh ^= ((*sa) >> 6) & 0x03;
+ ++sa;
+ hsh ^= ((*sa) << 2) & 0x03c;
+ hsh ^= ((*sa) >> 4) & 0xf;
+ ++sa;
+ hsh ^= ((*sa) << 4) & 0x30;
+ hsh ^= ((*sa) >> 2) & 0x3f;
+
+ hsh &= 63;
+ if (hsh > 31) {
+ match = eth->regs[RW_GA_HI] & (1 << (hsh - 32));
+ } else {
+ match = eth->regs[RW_GA_LO] & (1 << hsh);
+ }
+ D(printf("hsh=%x ga=%x.%x mtch=%d\n", hsh,
+ eth->regs[RW_GA_HI], eth->regs[RW_GA_LO], match));
+ return match;
+}
+
+static int eth_can_receive(NetClientState *nc)
+{
+ return 1;
+}
+
+static ssize_t eth_receive(NetClientState *nc, const uint8_t *buf, size_t size)
+{
+ unsigned char sa_bcast[6] = {0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
+ ETRAXFSEthState *eth = qemu_get_nic_opaque(nc);
+ int use_ma0 = eth->regs[RW_REC_CTRL] & 1;
+ int use_ma1 = eth->regs[RW_REC_CTRL] & 2;
+ int r_bcast = eth->regs[RW_REC_CTRL] & 8;
+
+ if (size < 12) {
+ return -1;
+ }
+
+ D(printf("%x.%x.%x.%x.%x.%x ma=%d %d bc=%d\n",
+ buf[0], buf[1], buf[2], buf[3], buf[4], buf[5],
+ use_ma0, use_ma1, r_bcast));
+
+ /* Does the frame get through the address filters? */
+ if ((!use_ma0 || memcmp(buf, eth->macaddr[0], 6))
+ && (!use_ma1 || memcmp(buf, eth->macaddr[1], 6))
+ && (!r_bcast || memcmp(buf, sa_bcast, 6))
+ && !eth_match_groupaddr(eth, buf)) {
+ return size;
+ }
+
+ /* FIXME: Find another way to pass on the fake csum. */
+ etraxfs_dmac_input(eth->dma_in, (void *)buf, size + 4, 1);
+
+ return size;
+}
+
+static int eth_tx_push(void *opaque, unsigned char *buf, int len, bool eop)
+{
+ ETRAXFSEthState *eth = opaque;
+
+ D(printf("%s buf=%p len=%d\n", __func__, buf, len));
+ qemu_send_packet(qemu_get_queue(eth->nic), buf, len);
+ return len;
+}
+
+static void eth_set_link(NetClientState *nc)
+{
+ ETRAXFSEthState *eth = qemu_get_nic_opaque(nc);
+ D(printf("%s %d\n", __func__, nc->link_down));
+ eth->phy.link = !nc->link_down;
+}
+
+static const MemoryRegionOps eth_ops = {
+ .read = eth_read,
+ .write = eth_write,
+ .endianness = DEVICE_LITTLE_ENDIAN,
+ .valid = {
+ .min_access_size = 4,
+ .max_access_size = 4
+ }
+};
+
+static void eth_cleanup(NetClientState *nc)
+{
+ ETRAXFSEthState *eth = qemu_get_nic_opaque(nc);
+
+ /* Disconnect the client. */
+ eth->dma_out->client.push = NULL;
+ eth->dma_out->client.opaque = NULL;
+ eth->dma_in->client.opaque = NULL;
+ eth->dma_in->client.pull = NULL;
+ g_free(eth);
+}
+
+static NetClientInfo net_etraxfs_info = {
+ .type = NET_CLIENT_OPTIONS_KIND_NIC,
+ .size = sizeof(NICState),
+ .can_receive = eth_can_receive,
+ .receive = eth_receive,
+ .cleanup = eth_cleanup,
+ .link_status_changed = eth_set_link,
+};
+
+static int fs_eth_init(SysBusDevice *sbd)
+{
+ DeviceState *dev = DEVICE(sbd);
+ ETRAXFSEthState *s = ETRAX_FS_ETH(dev);
+
+ if (!s->dma_out || !s->dma_in) {
+ hw_error("Unconnected ETRAX-FS Ethernet MAC.\n");
+ }
+
+ s->dma_out->client.push = eth_tx_push;
+ s->dma_out->client.opaque = s;
+ s->dma_in->client.opaque = s;
+ s->dma_in->client.pull = NULL;
+
+ memory_region_init_io(&s->mmio, OBJECT(dev), &eth_ops, s,
+ "etraxfs-eth", 0x5c);
+ sysbus_init_mmio(sbd, &s->mmio);
+
+ qemu_macaddr_default_if_unset(&s->conf.macaddr);
+ s->nic = qemu_new_nic(&net_etraxfs_info, &s->conf,
+ object_get_typename(OBJECT(s)), dev->id, s);
+ qemu_format_nic_info_str(qemu_get_queue(s->nic), s->conf.macaddr.a);
+
+
+ tdk_init(&s->phy);
+ mdio_attach(&s->mdio_bus, &s->phy, s->phyaddr);
+ return 0;
+}
+
+static Property etraxfs_eth_properties[] = {
+ DEFINE_PROP_UINT32("phyaddr", ETRAXFSEthState, phyaddr, 1),
+ DEFINE_PROP_PTR("dma_out", ETRAXFSEthState, vdma_out),
+ DEFINE_PROP_PTR("dma_in", ETRAXFSEthState, vdma_in),
+ DEFINE_NIC_PROPERTIES(ETRAXFSEthState, conf),
+ DEFINE_PROP_END_OF_LIST(),
+};
+
+static void etraxfs_eth_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
+
+ k->init = fs_eth_init;
+ dc->props = etraxfs_eth_properties;
+}
+
+static const TypeInfo etraxfs_eth_info = {
+ .name = TYPE_ETRAX_FS_ETH,
+ .parent = TYPE_SYS_BUS_DEVICE,
+ .instance_size = sizeof(ETRAXFSEthState),
+ .class_init = etraxfs_eth_class_init,
+};
+
+static void etraxfs_eth_register_types(void)
+{
+ type_register_static(&etraxfs_eth_info);
+}
+
+type_init(etraxfs_eth_register_types)
diff --git a/hw/net/lan9118.c b/hw/net/lan9118.c
new file mode 100644
index 000000000..2c838f67d
--- /dev/null
+++ b/hw/net/lan9118.c
@@ -0,0 +1,1406 @@
+/*
+ * SMSC LAN9118 Ethernet interface emulation
+ *
+ * Copyright (c) 2009 CodeSourcery, LLC.
+ * Written by Paul Brook
+ *
+ * This code is licensed under the GNU GPL v2
+ *
+ * Contributions after 2012-01-13 are licensed under the terms of the
+ * GNU GPL, version 2 or (at your option) any later version.
+ */
+
+#include "hw/sysbus.h"
+#include "net/net.h"
+#include "hw/devices.h"
+#include "sysemu/sysemu.h"
+#include "hw/ptimer.h"
+/* For crc32 */
+#include <zlib.h>
+
+//#define DEBUG_LAN9118
+
+#ifdef DEBUG_LAN9118
+#define DPRINTF(fmt, ...) \
+do { printf("lan9118: " fmt , ## __VA_ARGS__); } while (0)
+#define BADF(fmt, ...) \
+do { hw_error("lan9118: error: " fmt , ## __VA_ARGS__);} while (0)
+#else
+#define DPRINTF(fmt, ...) do {} while(0)
+#define BADF(fmt, ...) \
+do { fprintf(stderr, "lan9118: error: " fmt , ## __VA_ARGS__);} while (0)
+#endif
+
+#define CSR_ID_REV 0x50
+#define CSR_IRQ_CFG 0x54
+#define CSR_INT_STS 0x58
+#define CSR_INT_EN 0x5c
+#define CSR_BYTE_TEST 0x64
+#define CSR_FIFO_INT 0x68
+#define CSR_RX_CFG 0x6c
+#define CSR_TX_CFG 0x70
+#define CSR_HW_CFG 0x74
+#define CSR_RX_DP_CTRL 0x78
+#define CSR_RX_FIFO_INF 0x7c
+#define CSR_TX_FIFO_INF 0x80
+#define CSR_PMT_CTRL 0x84
+#define CSR_GPIO_CFG 0x88
+#define CSR_GPT_CFG 0x8c
+#define CSR_GPT_CNT 0x90
+#define CSR_WORD_SWAP 0x98
+#define CSR_FREE_RUN 0x9c
+#define CSR_RX_DROP 0xa0
+#define CSR_MAC_CSR_CMD 0xa4
+#define CSR_MAC_CSR_DATA 0xa8
+#define CSR_AFC_CFG 0xac
+#define CSR_E2P_CMD 0xb0
+#define CSR_E2P_DATA 0xb4
+
+/* IRQ_CFG */
+#define IRQ_INT 0x00001000
+#define IRQ_EN 0x00000100
+#define IRQ_POL 0x00000010
+#define IRQ_TYPE 0x00000001
+
+/* INT_STS/INT_EN */
+#define SW_INT 0x80000000
+#define TXSTOP_INT 0x02000000
+#define RXSTOP_INT 0x01000000
+#define RXDFH_INT 0x00800000
+#define TX_IOC_INT 0x00200000
+#define RXD_INT 0x00100000
+#define GPT_INT 0x00080000
+#define PHY_INT 0x00040000
+#define PME_INT 0x00020000
+#define TXSO_INT 0x00010000
+#define RWT_INT 0x00008000
+#define RXE_INT 0x00004000
+#define TXE_INT 0x00002000
+#define TDFU_INT 0x00000800
+#define TDFO_INT 0x00000400
+#define TDFA_INT 0x00000200
+#define TSFF_INT 0x00000100
+#define TSFL_INT 0x00000080
+#define RXDF_INT 0x00000040
+#define RDFL_INT 0x00000020
+#define RSFF_INT 0x00000010
+#define RSFL_INT 0x00000008
+#define GPIO2_INT 0x00000004
+#define GPIO1_INT 0x00000002
+#define GPIO0_INT 0x00000001
+#define RESERVED_INT 0x7c001000
+
+#define MAC_CR 1
+#define MAC_ADDRH 2
+#define MAC_ADDRL 3
+#define MAC_HASHH 4
+#define MAC_HASHL 5
+#define MAC_MII_ACC 6
+#define MAC_MII_DATA 7
+#define MAC_FLOW 8
+#define MAC_VLAN1 9 /* TODO */
+#define MAC_VLAN2 10 /* TODO */
+#define MAC_WUFF 11 /* TODO */
+#define MAC_WUCSR 12 /* TODO */
+
+#define MAC_CR_RXALL 0x80000000
+#define MAC_CR_RCVOWN 0x00800000
+#define MAC_CR_LOOPBK 0x00200000
+#define MAC_CR_FDPX 0x00100000
+#define MAC_CR_MCPAS 0x00080000
+#define MAC_CR_PRMS 0x00040000
+#define MAC_CR_INVFILT 0x00020000
+#define MAC_CR_PASSBAD 0x00010000
+#define MAC_CR_HO 0x00008000
+#define MAC_CR_HPFILT 0x00002000
+#define MAC_CR_LCOLL 0x00001000
+#define MAC_CR_BCAST 0x00000800
+#define MAC_CR_DISRTY 0x00000400
+#define MAC_CR_PADSTR 0x00000100
+#define MAC_CR_BOLMT 0x000000c0
+#define MAC_CR_DFCHK 0x00000020
+#define MAC_CR_TXEN 0x00000008
+#define MAC_CR_RXEN 0x00000004
+#define MAC_CR_RESERVED 0x7f404213
+
+#define PHY_INT_ENERGYON 0x80
+#define PHY_INT_AUTONEG_COMPLETE 0x40
+#define PHY_INT_FAULT 0x20
+#define PHY_INT_DOWN 0x10
+#define PHY_INT_AUTONEG_LP 0x08
+#define PHY_INT_PARFAULT 0x04
+#define PHY_INT_AUTONEG_PAGE 0x02
+
+#define GPT_TIMER_EN 0x20000000
+
+enum tx_state {
+ TX_IDLE,
+ TX_B,
+ TX_DATA
+};
+
+typedef struct {
+ /* state is a tx_state but we can't put enums in VMStateDescriptions. */
+ uint32_t state;
+ uint32_t cmd_a;
+ uint32_t cmd_b;
+ int32_t buffer_size;
+ int32_t offset;
+ int32_t pad;
+ int32_t fifo_used;
+ int32_t len;
+ uint8_t data[2048];
+} LAN9118Packet;
+
+static const VMStateDescription vmstate_lan9118_packet = {
+ .name = "lan9118_packet",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .fields = (VMStateField[]) {
+ VMSTATE_UINT32(state, LAN9118Packet),
+ VMSTATE_UINT32(cmd_a, LAN9118Packet),
+ VMSTATE_UINT32(cmd_b, LAN9118Packet),
+ VMSTATE_INT32(buffer_size, LAN9118Packet),
+ VMSTATE_INT32(offset, LAN9118Packet),
+ VMSTATE_INT32(pad, LAN9118Packet),
+ VMSTATE_INT32(fifo_used, LAN9118Packet),
+ VMSTATE_INT32(len, LAN9118Packet),
+ VMSTATE_UINT8_ARRAY(data, LAN9118Packet, 2048),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+#define TYPE_LAN9118 "lan9118"
+#define LAN9118(obj) OBJECT_CHECK(lan9118_state, (obj), TYPE_LAN9118)
+
+typedef struct {
+ SysBusDevice parent_obj;
+
+ NICState *nic;
+ NICConf conf;
+ qemu_irq irq;
+ MemoryRegion mmio;
+ ptimer_state *timer;
+
+ uint32_t irq_cfg;
+ uint32_t int_sts;
+ uint32_t int_en;
+ uint32_t fifo_int;
+ uint32_t rx_cfg;
+ uint32_t tx_cfg;
+ uint32_t hw_cfg;
+ uint32_t pmt_ctrl;
+ uint32_t gpio_cfg;
+ uint32_t gpt_cfg;
+ uint32_t word_swap;
+ uint32_t free_timer_start;
+ uint32_t mac_cmd;
+ uint32_t mac_data;
+ uint32_t afc_cfg;
+ uint32_t e2p_cmd;
+ uint32_t e2p_data;
+
+ uint32_t mac_cr;
+ uint32_t mac_hashh;
+ uint32_t mac_hashl;
+ uint32_t mac_mii_acc;
+ uint32_t mac_mii_data;
+ uint32_t mac_flow;
+
+ uint32_t phy_status;
+ uint32_t phy_control;
+ uint32_t phy_advertise;
+ uint32_t phy_int;
+ uint32_t phy_int_mask;
+
+ int32_t eeprom_writable;
+ uint8_t eeprom[128];
+
+ int32_t tx_fifo_size;
+ LAN9118Packet *txp;
+ LAN9118Packet tx_packet;
+
+ int32_t tx_status_fifo_used;
+ int32_t tx_status_fifo_head;
+ uint32_t tx_status_fifo[512];
+
+ int32_t rx_status_fifo_size;
+ int32_t rx_status_fifo_used;
+ int32_t rx_status_fifo_head;
+ uint32_t rx_status_fifo[896];
+ int32_t rx_fifo_size;
+ int32_t rx_fifo_used;
+ int32_t rx_fifo_head;
+ uint32_t rx_fifo[3360];
+ int32_t rx_packet_size_head;
+ int32_t rx_packet_size_tail;
+ int32_t rx_packet_size[1024];
+
+ int32_t rxp_offset;
+ int32_t rxp_size;
+ int32_t rxp_pad;
+
+ uint32_t write_word_prev_offset;
+ uint32_t write_word_n;
+ uint16_t write_word_l;
+ uint16_t write_word_h;
+ uint32_t read_word_prev_offset;
+ uint32_t read_word_n;
+ uint32_t read_long;
+
+ uint32_t mode_16bit;
+} lan9118_state;
+
+static const VMStateDescription vmstate_lan9118 = {
+ .name = "lan9118",
+ .version_id = 2,
+ .minimum_version_id = 1,
+ .fields = (VMStateField[]) {
+ VMSTATE_PTIMER(timer, lan9118_state),
+ VMSTATE_UINT32(irq_cfg, lan9118_state),
+ VMSTATE_UINT32(int_sts, lan9118_state),
+ VMSTATE_UINT32(int_en, lan9118_state),
+ VMSTATE_UINT32(fifo_int, lan9118_state),
+ VMSTATE_UINT32(rx_cfg, lan9118_state),
+ VMSTATE_UINT32(tx_cfg, lan9118_state),
+ VMSTATE_UINT32(hw_cfg, lan9118_state),
+ VMSTATE_UINT32(pmt_ctrl, lan9118_state),
+ VMSTATE_UINT32(gpio_cfg, lan9118_state),
+ VMSTATE_UINT32(gpt_cfg, lan9118_state),
+ VMSTATE_UINT32(word_swap, lan9118_state),
+ VMSTATE_UINT32(free_timer_start, lan9118_state),
+ VMSTATE_UINT32(mac_cmd, lan9118_state),
+ VMSTATE_UINT32(mac_data, lan9118_state),
+ VMSTATE_UINT32(afc_cfg, lan9118_state),
+ VMSTATE_UINT32(e2p_cmd, lan9118_state),
+ VMSTATE_UINT32(e2p_data, lan9118_state),
+ VMSTATE_UINT32(mac_cr, lan9118_state),
+ VMSTATE_UINT32(mac_hashh, lan9118_state),
+ VMSTATE_UINT32(mac_hashl, lan9118_state),
+ VMSTATE_UINT32(mac_mii_acc, lan9118_state),
+ VMSTATE_UINT32(mac_mii_data, lan9118_state),
+ VMSTATE_UINT32(mac_flow, lan9118_state),
+ VMSTATE_UINT32(phy_status, lan9118_state),
+ VMSTATE_UINT32(phy_control, lan9118_state),
+ VMSTATE_UINT32(phy_advertise, lan9118_state),
+ VMSTATE_UINT32(phy_int, lan9118_state),
+ VMSTATE_UINT32(phy_int_mask, lan9118_state),
+ VMSTATE_INT32(eeprom_writable, lan9118_state),
+ VMSTATE_UINT8_ARRAY(eeprom, lan9118_state, 128),
+ VMSTATE_INT32(tx_fifo_size, lan9118_state),
+ /* txp always points at tx_packet so need not be saved */
+ VMSTATE_STRUCT(tx_packet, lan9118_state, 0,
+ vmstate_lan9118_packet, LAN9118Packet),
+ VMSTATE_INT32(tx_status_fifo_used, lan9118_state),
+ VMSTATE_INT32(tx_status_fifo_head, lan9118_state),
+ VMSTATE_UINT32_ARRAY(tx_status_fifo, lan9118_state, 512),
+ VMSTATE_INT32(rx_status_fifo_size, lan9118_state),
+ VMSTATE_INT32(rx_status_fifo_used, lan9118_state),
+ VMSTATE_INT32(rx_status_fifo_head, lan9118_state),
+ VMSTATE_UINT32_ARRAY(rx_status_fifo, lan9118_state, 896),
+ VMSTATE_INT32(rx_fifo_size, lan9118_state),
+ VMSTATE_INT32(rx_fifo_used, lan9118_state),
+ VMSTATE_INT32(rx_fifo_head, lan9118_state),
+ VMSTATE_UINT32_ARRAY(rx_fifo, lan9118_state, 3360),
+ VMSTATE_INT32(rx_packet_size_head, lan9118_state),
+ VMSTATE_INT32(rx_packet_size_tail, lan9118_state),
+ VMSTATE_INT32_ARRAY(rx_packet_size, lan9118_state, 1024),
+ VMSTATE_INT32(rxp_offset, lan9118_state),
+ VMSTATE_INT32(rxp_size, lan9118_state),
+ VMSTATE_INT32(rxp_pad, lan9118_state),
+ VMSTATE_UINT32_V(write_word_prev_offset, lan9118_state, 2),
+ VMSTATE_UINT32_V(write_word_n, lan9118_state, 2),
+ VMSTATE_UINT16_V(write_word_l, lan9118_state, 2),
+ VMSTATE_UINT16_V(write_word_h, lan9118_state, 2),
+ VMSTATE_UINT32_V(read_word_prev_offset, lan9118_state, 2),
+ VMSTATE_UINT32_V(read_word_n, lan9118_state, 2),
+ VMSTATE_UINT32_V(read_long, lan9118_state, 2),
+ VMSTATE_UINT32_V(mode_16bit, lan9118_state, 2),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+static void lan9118_update(lan9118_state *s)
+{
+ int level;
+
+ /* TODO: Implement FIFO level IRQs. */
+ level = (s->int_sts & s->int_en) != 0;
+ if (level) {
+ s->irq_cfg |= IRQ_INT;
+ } else {
+ s->irq_cfg &= ~IRQ_INT;
+ }
+ if ((s->irq_cfg & IRQ_EN) == 0) {
+ level = 0;
+ }
+ if ((s->irq_cfg & (IRQ_TYPE | IRQ_POL)) != (IRQ_TYPE | IRQ_POL)) {
+ /* Interrupt is active low unless we're configured as
+ * active-high polarity, push-pull type.
+ */
+ level = !level;
+ }
+ qemu_set_irq(s->irq, level);
+}
+
+static void lan9118_mac_changed(lan9118_state *s)
+{
+ qemu_format_nic_info_str(qemu_get_queue(s->nic), s->conf.macaddr.a);
+}
+
+static void lan9118_reload_eeprom(lan9118_state *s)
+{
+ int i;
+ if (s->eeprom[0] != 0xa5) {
+ s->e2p_cmd &= ~0x10;
+ DPRINTF("MACADDR load failed\n");
+ return;
+ }
+ for (i = 0; i < 6; i++) {
+ s->conf.macaddr.a[i] = s->eeprom[i + 1];
+ }
+ s->e2p_cmd |= 0x10;
+ DPRINTF("MACADDR loaded from eeprom\n");
+ lan9118_mac_changed(s);
+}
+
+static void phy_update_irq(lan9118_state *s)
+{
+ if (s->phy_int & s->phy_int_mask) {
+ s->int_sts |= PHY_INT;
+ } else {
+ s->int_sts &= ~PHY_INT;
+ }
+ lan9118_update(s);
+}
+
+static void phy_update_link(lan9118_state *s)
+{
+ /* Autonegotiation status mirrors link status. */
+ if (qemu_get_queue(s->nic)->link_down) {
+ s->phy_status &= ~0x0024;
+ s->phy_int |= PHY_INT_DOWN;
+ } else {
+ s->phy_status |= 0x0024;
+ s->phy_int |= PHY_INT_ENERGYON;
+ s->phy_int |= PHY_INT_AUTONEG_COMPLETE;
+ }
+ phy_update_irq(s);
+}
+
+static void lan9118_set_link(NetClientState *nc)
+{
+ phy_update_link(qemu_get_nic_opaque(nc));
+}
+
+static void phy_reset(lan9118_state *s)
+{
+ s->phy_status = 0x7809;
+ s->phy_control = 0x3000;
+ s->phy_advertise = 0x01e1;
+ s->phy_int_mask = 0;
+ s->phy_int = 0;
+ phy_update_link(s);
+}
+
+static void lan9118_reset(DeviceState *d)
+{
+ lan9118_state *s = LAN9118(d);
+
+ s->irq_cfg &= (IRQ_TYPE | IRQ_POL);
+ s->int_sts = 0;
+ s->int_en = 0;
+ s->fifo_int = 0x48000000;
+ s->rx_cfg = 0;
+ s->tx_cfg = 0;
+ s->hw_cfg = s->mode_16bit ? 0x00050000 : 0x00050004;
+ s->pmt_ctrl &= 0x45;
+ s->gpio_cfg = 0;
+ s->txp->fifo_used = 0;
+ s->txp->state = TX_IDLE;
+ s->txp->cmd_a = 0xffffffffu;
+ s->txp->cmd_b = 0xffffffffu;
+ s->txp->len = 0;
+ s->txp->fifo_used = 0;
+ s->tx_fifo_size = 4608;
+ s->tx_status_fifo_used = 0;
+ s->rx_status_fifo_size = 704;
+ s->rx_fifo_size = 2640;
+ s->rx_fifo_used = 0;
+ s->rx_status_fifo_size = 176;
+ s->rx_status_fifo_used = 0;
+ s->rxp_offset = 0;
+ s->rxp_size = 0;
+ s->rxp_pad = 0;
+ s->rx_packet_size_tail = s->rx_packet_size_head;
+ s->rx_packet_size[s->rx_packet_size_head] = 0;
+ s->mac_cmd = 0;
+ s->mac_data = 0;
+ s->afc_cfg = 0;
+ s->e2p_cmd = 0;
+ s->e2p_data = 0;
+ s->free_timer_start = qemu_get_clock_ns(vm_clock) / 40;
+
+ ptimer_stop(s->timer);
+ ptimer_set_count(s->timer, 0xffff);
+ s->gpt_cfg = 0xffff;
+
+ s->mac_cr = MAC_CR_PRMS;
+ s->mac_hashh = 0;
+ s->mac_hashl = 0;
+ s->mac_mii_acc = 0;
+ s->mac_mii_data = 0;
+ s->mac_flow = 0;
+
+ s->read_word_n = 0;
+ s->write_word_n = 0;
+
+ phy_reset(s);
+
+ s->eeprom_writable = 0;
+ lan9118_reload_eeprom(s);
+}
+
+static int lan9118_can_receive(NetClientState *nc)
+{
+ return 1;
+}
+
+static void rx_fifo_push(lan9118_state *s, uint32_t val)
+{
+ int fifo_pos;
+ fifo_pos = s->rx_fifo_head + s->rx_fifo_used;
+ if (fifo_pos >= s->rx_fifo_size)
+ fifo_pos -= s->rx_fifo_size;
+ s->rx_fifo[fifo_pos] = val;
+ s->rx_fifo_used++;
+}
+
+/* Return nonzero if the packet is accepted by the filter. */
+static int lan9118_filter(lan9118_state *s, const uint8_t *addr)
+{
+ int multicast;
+ uint32_t hash;
+
+ if (s->mac_cr & MAC_CR_PRMS) {
+ return 1;
+ }
+ if (addr[0] == 0xff && addr[1] == 0xff && addr[2] == 0xff &&
+ addr[3] == 0xff && addr[4] == 0xff && addr[5] == 0xff) {
+ return (s->mac_cr & MAC_CR_BCAST) == 0;
+ }
+
+ multicast = addr[0] & 1;
+ if (multicast &&s->mac_cr & MAC_CR_MCPAS) {
+ return 1;
+ }
+ if (multicast ? (s->mac_cr & MAC_CR_HPFILT) == 0
+ : (s->mac_cr & MAC_CR_HO) == 0) {
+ /* Exact matching. */
+ hash = memcmp(addr, s->conf.macaddr.a, 6);
+ if (s->mac_cr & MAC_CR_INVFILT) {
+ return hash != 0;
+ } else {
+ return hash == 0;
+ }
+ } else {
+ /* Hash matching */
+ hash = compute_mcast_idx(addr);
+ if (hash & 0x20) {
+ return (s->mac_hashh >> (hash & 0x1f)) & 1;
+ } else {
+ return (s->mac_hashl >> (hash & 0x1f)) & 1;
+ }
+ }
+}
+
+static ssize_t lan9118_receive(NetClientState *nc, const uint8_t *buf,
+ size_t size)
+{
+ lan9118_state *s = qemu_get_nic_opaque(nc);
+ int fifo_len;
+ int offset;
+ int src_pos;
+ int n;
+ int filter;
+ uint32_t val;
+ uint32_t crc;
+ uint32_t status;
+
+ if ((s->mac_cr & MAC_CR_RXEN) == 0) {
+ return -1;
+ }
+
+ if (size >= 2048 || size < 14) {
+ return -1;
+ }
+
+ /* TODO: Implement FIFO overflow notification. */
+ if (s->rx_status_fifo_used == s->rx_status_fifo_size) {
+ return -1;
+ }
+
+ filter = lan9118_filter(s, buf);
+ if (!filter && (s->mac_cr & MAC_CR_RXALL) == 0) {
+ return size;
+ }
+
+ offset = (s->rx_cfg >> 8) & 0x1f;
+ n = offset & 3;
+ fifo_len = (size + n + 3) >> 2;
+ /* Add a word for the CRC. */
+ fifo_len++;
+ if (s->rx_fifo_size - s->rx_fifo_used < fifo_len) {
+ return -1;
+ }
+
+ DPRINTF("Got packet len:%d fifo:%d filter:%s\n",
+ (int)size, fifo_len, filter ? "pass" : "fail");
+ val = 0;
+ crc = bswap32(crc32(~0, buf, size));
+ for (src_pos = 0; src_pos < size; src_pos++) {
+ val = (val >> 8) | ((uint32_t)buf[src_pos] << 24);
+ n++;
+ if (n == 4) {
+ n = 0;
+ rx_fifo_push(s, val);
+ val = 0;
+ }
+ }
+ if (n) {
+ val >>= ((4 - n) * 8);
+ val |= crc << (n * 8);
+ rx_fifo_push(s, val);
+ val = crc >> ((4 - n) * 8);
+ rx_fifo_push(s, val);
+ } else {
+ rx_fifo_push(s, crc);
+ }
+ n = s->rx_status_fifo_head + s->rx_status_fifo_used;
+ if (n >= s->rx_status_fifo_size) {
+ n -= s->rx_status_fifo_size;
+ }
+ s->rx_packet_size[s->rx_packet_size_tail] = fifo_len;
+ s->rx_packet_size_tail = (s->rx_packet_size_tail + 1023) & 1023;
+ s->rx_status_fifo_used++;
+
+ status = (size + 4) << 16;
+ if (buf[0] == 0xff && buf[1] == 0xff && buf[2] == 0xff &&
+ buf[3] == 0xff && buf[4] == 0xff && buf[5] == 0xff) {
+ status |= 0x00002000;
+ } else if (buf[0] & 1) {
+ status |= 0x00000400;
+ }
+ if (!filter) {
+ status |= 0x40000000;
+ }
+ s->rx_status_fifo[n] = status;
+
+ if (s->rx_status_fifo_used > (s->fifo_int & 0xff)) {
+ s->int_sts |= RSFL_INT;
+ }
+ lan9118_update(s);
+
+ return size;
+}
+
+static uint32_t rx_fifo_pop(lan9118_state *s)
+{
+ int n;
+ uint32_t val;
+
+ if (s->rxp_size == 0 && s->rxp_pad == 0) {
+ s->rxp_size = s->rx_packet_size[s->rx_packet_size_head];
+ s->rx_packet_size[s->rx_packet_size_head] = 0;
+ if (s->rxp_size != 0) {
+ s->rx_packet_size_head = (s->rx_packet_size_head + 1023) & 1023;
+ s->rxp_offset = (s->rx_cfg >> 10) & 7;
+ n = s->rxp_offset + s->rxp_size;
+ switch (s->rx_cfg >> 30) {
+ case 1:
+ n = (-n) & 3;
+ break;
+ case 2:
+ n = (-n) & 7;
+ break;
+ default:
+ n = 0;
+ break;
+ }
+ s->rxp_pad = n;
+ DPRINTF("Pop packet size:%d offset:%d pad: %d\n",
+ s->rxp_size, s->rxp_offset, s->rxp_pad);
+ }
+ }
+ if (s->rxp_offset > 0) {
+ s->rxp_offset--;
+ val = 0;
+ } else if (s->rxp_size > 0) {
+ s->rxp_size--;
+ val = s->rx_fifo[s->rx_fifo_head++];
+ if (s->rx_fifo_head >= s->rx_fifo_size) {
+ s->rx_fifo_head -= s->rx_fifo_size;
+ }
+ s->rx_fifo_used--;
+ } else if (s->rxp_pad > 0) {
+ s->rxp_pad--;
+ val = 0;
+ } else {
+ DPRINTF("RX underflow\n");
+ s->int_sts |= RXE_INT;
+ val = 0;
+ }
+ lan9118_update(s);
+ return val;
+}
+
+static void do_tx_packet(lan9118_state *s)
+{
+ int n;
+ uint32_t status;
+
+ /* FIXME: Honor TX disable, and allow queueing of packets. */
+ if (s->phy_control & 0x4000) {
+ /* This assumes the receive routine doesn't touch the VLANClient. */
+ lan9118_receive(qemu_get_queue(s->nic), s->txp->data, s->txp->len);
+ } else {
+ qemu_send_packet(qemu_get_queue(s->nic), s->txp->data, s->txp->len);
+ }
+ s->txp->fifo_used = 0;
+
+ if (s->tx_status_fifo_used == 512) {
+ /* Status FIFO full */
+ return;
+ }
+ /* Add entry to status FIFO. */
+ status = s->txp->cmd_b & 0xffff0000u;
+ DPRINTF("Sent packet tag:%04x len %d\n", status >> 16, s->txp->len);
+ n = (s->tx_status_fifo_head + s->tx_status_fifo_used) & 511;
+ s->tx_status_fifo[n] = status;
+ s->tx_status_fifo_used++;
+ if (s->tx_status_fifo_used == 512) {
+ s->int_sts |= TSFF_INT;
+ /* TODO: Stop transmission. */
+ }
+}
+
+static uint32_t rx_status_fifo_pop(lan9118_state *s)
+{
+ uint32_t val;
+
+ val = s->rx_status_fifo[s->rx_status_fifo_head];
+ if (s->rx_status_fifo_used != 0) {
+ s->rx_status_fifo_used--;
+ s->rx_status_fifo_head++;
+ if (s->rx_status_fifo_head >= s->rx_status_fifo_size) {
+ s->rx_status_fifo_head -= s->rx_status_fifo_size;
+ }
+ /* ??? What value should be returned when the FIFO is empty? */
+ DPRINTF("RX status pop 0x%08x\n", val);
+ }
+ return val;
+}
+
+static uint32_t tx_status_fifo_pop(lan9118_state *s)
+{
+ uint32_t val;
+
+ val = s->tx_status_fifo[s->tx_status_fifo_head];
+ if (s->tx_status_fifo_used != 0) {
+ s->tx_status_fifo_used--;
+ s->tx_status_fifo_head = (s->tx_status_fifo_head + 1) & 511;
+ /* ??? What value should be returned when the FIFO is empty? */
+ }
+ return val;
+}
+
+static void tx_fifo_push(lan9118_state *s, uint32_t val)
+{
+ int n;
+
+ if (s->txp->fifo_used == s->tx_fifo_size) {
+ s->int_sts |= TDFO_INT;
+ return;
+ }
+ switch (s->txp->state) {
+ case TX_IDLE:
+ s->txp->cmd_a = val & 0x831f37ff;
+ s->txp->fifo_used++;
+ s->txp->state = TX_B;
+ break;
+ case TX_B:
+ if (s->txp->cmd_a & 0x2000) {
+ /* First segment */
+ s->txp->cmd_b = val;
+ s->txp->fifo_used++;
+ s->txp->buffer_size = s->txp->cmd_a & 0x7ff;
+ s->txp->offset = (s->txp->cmd_a >> 16) & 0x1f;
+ /* End alignment does not include command words. */
+ n = (s->txp->buffer_size + s->txp->offset + 3) >> 2;
+ switch ((n >> 24) & 3) {
+ case 1:
+ n = (-n) & 3;
+ break;
+ case 2:
+ n = (-n) & 7;
+ break;
+ default:
+ n = 0;
+ }
+ s->txp->pad = n;
+ s->txp->len = 0;
+ }
+ DPRINTF("Block len:%d offset:%d pad:%d cmd %08x\n",
+ s->txp->buffer_size, s->txp->offset, s->txp->pad,
+ s->txp->cmd_a);
+ s->txp->state = TX_DATA;
+ break;
+ case TX_DATA:
+ if (s->txp->offset >= 4) {
+ s->txp->offset -= 4;
+ break;
+ }
+ if (s->txp->buffer_size <= 0 && s->txp->pad != 0) {
+ s->txp->pad--;
+ } else {
+ n = 4;
+ while (s->txp->offset) {
+ val >>= 8;
+ n--;
+ s->txp->offset--;
+ }
+ /* Documentation is somewhat unclear on the ordering of bytes
+ in FIFO words. Empirical results show it to be little-endian.
+ */
+ /* TODO: FIFO overflow checking. */
+ while (n--) {
+ s->txp->data[s->txp->len] = val & 0xff;
+ s->txp->len++;
+ val >>= 8;
+ s->txp->buffer_size--;
+ }
+ s->txp->fifo_used++;
+ }
+ if (s->txp->buffer_size <= 0 && s->txp->pad == 0) {
+ if (s->txp->cmd_a & 0x1000) {
+ do_tx_packet(s);
+ }
+ if (s->txp->cmd_a & 0x80000000) {
+ s->int_sts |= TX_IOC_INT;
+ }
+ s->txp->state = TX_IDLE;
+ }
+ break;
+ }
+}
+
+static uint32_t do_phy_read(lan9118_state *s, int reg)
+{
+ uint32_t val;
+
+ switch (reg) {
+ case 0: /* Basic Control */
+ return s->phy_control;
+ case 1: /* Basic Status */
+ return s->phy_status;
+ case 2: /* ID1 */
+ return 0x0007;
+ case 3: /* ID2 */
+ return 0xc0d1;
+ case 4: /* Auto-neg advertisement */
+ return s->phy_advertise;
+ case 5: /* Auto-neg Link Partner Ability */
+ return 0x0f71;
+ case 6: /* Auto-neg Expansion */
+ return 1;
+ /* TODO 17, 18, 27, 29, 30, 31 */
+ case 29: /* Interrupt source. */
+ val = s->phy_int;
+ s->phy_int = 0;
+ phy_update_irq(s);
+ return val;
+ case 30: /* Interrupt mask */
+ return s->phy_int_mask;
+ default:
+ BADF("PHY read reg %d\n", reg);
+ return 0;
+ }
+}
+
+static void do_phy_write(lan9118_state *s, int reg, uint32_t val)
+{
+ switch (reg) {
+ case 0: /* Basic Control */
+ if (val & 0x8000) {
+ phy_reset(s);
+ break;
+ }
+ s->phy_control = val & 0x7980;
+ /* Complete autonegotiation immediately. */
+ if (val & 0x1000) {
+ s->phy_status |= 0x0020;
+ }
+ break;
+ case 4: /* Auto-neg advertisement */
+ s->phy_advertise = (val & 0x2d7f) | 0x80;
+ break;
+ /* TODO 17, 18, 27, 31 */
+ case 30: /* Interrupt mask */
+ s->phy_int_mask = val & 0xff;
+ phy_update_irq(s);
+ break;
+ default:
+ BADF("PHY write reg %d = 0x%04x\n", reg, val);
+ }
+}
+
+static void do_mac_write(lan9118_state *s, int reg, uint32_t val)
+{
+ switch (reg) {
+ case MAC_CR:
+ if ((s->mac_cr & MAC_CR_RXEN) != 0 && (val & MAC_CR_RXEN) == 0) {
+ s->int_sts |= RXSTOP_INT;
+ }
+ s->mac_cr = val & ~MAC_CR_RESERVED;
+ DPRINTF("MAC_CR: %08x\n", val);
+ break;
+ case MAC_ADDRH:
+ s->conf.macaddr.a[4] = val & 0xff;
+ s->conf.macaddr.a[5] = (val >> 8) & 0xff;
+ lan9118_mac_changed(s);
+ break;
+ case MAC_ADDRL:
+ s->conf.macaddr.a[0] = val & 0xff;
+ s->conf.macaddr.a[1] = (val >> 8) & 0xff;
+ s->conf.macaddr.a[2] = (val >> 16) & 0xff;
+ s->conf.macaddr.a[3] = (val >> 24) & 0xff;
+ lan9118_mac_changed(s);
+ break;
+ case MAC_HASHH:
+ s->mac_hashh = val;
+ break;
+ case MAC_HASHL:
+ s->mac_hashl = val;
+ break;
+ case MAC_MII_ACC:
+ s->mac_mii_acc = val & 0xffc2;
+ if (val & 2) {
+ DPRINTF("PHY write %d = 0x%04x\n",
+ (val >> 6) & 0x1f, s->mac_mii_data);
+ do_phy_write(s, (val >> 6) & 0x1f, s->mac_mii_data);
+ } else {
+ s->mac_mii_data = do_phy_read(s, (val >> 6) & 0x1f);
+ DPRINTF("PHY read %d = 0x%04x\n",
+ (val >> 6) & 0x1f, s->mac_mii_data);
+ }
+ break;
+ case MAC_MII_DATA:
+ s->mac_mii_data = val & 0xffff;
+ break;
+ case MAC_FLOW:
+ s->mac_flow = val & 0xffff0000;
+ break;
+ case MAC_VLAN1:
+ /* Writing to this register changes a condition for
+ * FrameTooLong bit in rx_status. Since we do not set
+ * FrameTooLong anyway, just ignore write to this.
+ */
+ break;
+ default:
+ hw_error("lan9118: Unimplemented MAC register write: %d = 0x%x\n",
+ s->mac_cmd & 0xf, val);
+ }
+}
+
+static uint32_t do_mac_read(lan9118_state *s, int reg)
+{
+ switch (reg) {
+ case MAC_CR:
+ return s->mac_cr;
+ case MAC_ADDRH:
+ return s->conf.macaddr.a[4] | (s->conf.macaddr.a[5] << 8);
+ case MAC_ADDRL:
+ return s->conf.macaddr.a[0] | (s->conf.macaddr.a[1] << 8)
+ | (s->conf.macaddr.a[2] << 16) | (s->conf.macaddr.a[3] << 24);
+ case MAC_HASHH:
+ return s->mac_hashh;
+ break;
+ case MAC_HASHL:
+ return s->mac_hashl;
+ break;
+ case MAC_MII_ACC:
+ return s->mac_mii_acc;
+ case MAC_MII_DATA:
+ return s->mac_mii_data;
+ case MAC_FLOW:
+ return s->mac_flow;
+ default:
+ hw_error("lan9118: Unimplemented MAC register read: %d\n",
+ s->mac_cmd & 0xf);
+ }
+}
+
+static void lan9118_eeprom_cmd(lan9118_state *s, int cmd, int addr)
+{
+ s->e2p_cmd = (s->e2p_cmd & 0x10) | (cmd << 28) | addr;
+ switch (cmd) {
+ case 0:
+ s->e2p_data = s->eeprom[addr];
+ DPRINTF("EEPROM Read %d = 0x%02x\n", addr, s->e2p_data);
+ break;
+ case 1:
+ s->eeprom_writable = 0;
+ DPRINTF("EEPROM Write Disable\n");
+ break;
+ case 2: /* EWEN */
+ s->eeprom_writable = 1;
+ DPRINTF("EEPROM Write Enable\n");
+ break;
+ case 3: /* WRITE */
+ if (s->eeprom_writable) {
+ s->eeprom[addr] &= s->e2p_data;
+ DPRINTF("EEPROM Write %d = 0x%02x\n", addr, s->e2p_data);
+ } else {
+ DPRINTF("EEPROM Write %d (ignored)\n", addr);
+ }
+ break;
+ case 4: /* WRAL */
+ if (s->eeprom_writable) {
+ for (addr = 0; addr < 128; addr++) {
+ s->eeprom[addr] &= s->e2p_data;
+ }
+ DPRINTF("EEPROM Write All 0x%02x\n", s->e2p_data);
+ } else {
+ DPRINTF("EEPROM Write All (ignored)\n");
+ }
+ break;
+ case 5: /* ERASE */
+ if (s->eeprom_writable) {
+ s->eeprom[addr] = 0xff;
+ DPRINTF("EEPROM Erase %d\n", addr);
+ } else {
+ DPRINTF("EEPROM Erase %d (ignored)\n", addr);
+ }
+ break;
+ case 6: /* ERAL */
+ if (s->eeprom_writable) {
+ memset(s->eeprom, 0xff, 128);
+ DPRINTF("EEPROM Erase All\n");
+ } else {
+ DPRINTF("EEPROM Erase All (ignored)\n");
+ }
+ break;
+ case 7: /* RELOAD */
+ lan9118_reload_eeprom(s);
+ break;
+ }
+}
+
+static void lan9118_tick(void *opaque)
+{
+ lan9118_state *s = (lan9118_state *)opaque;
+ if (s->int_en & GPT_INT) {
+ s->int_sts |= GPT_INT;
+ }
+ lan9118_update(s);
+}
+
+static void lan9118_writel(void *opaque, hwaddr offset,
+ uint64_t val, unsigned size)
+{
+ lan9118_state *s = (lan9118_state *)opaque;
+ offset &= 0xff;
+
+ //DPRINTF("Write reg 0x%02x = 0x%08x\n", (int)offset, val);
+ if (offset >= 0x20 && offset < 0x40) {
+ /* TX FIFO */
+ tx_fifo_push(s, val);
+ return;
+ }
+ switch (offset) {
+ case CSR_IRQ_CFG:
+ /* TODO: Implement interrupt deassertion intervals. */
+ val &= (IRQ_EN | IRQ_POL | IRQ_TYPE);
+ s->irq_cfg = (s->irq_cfg & IRQ_INT) | val;
+ break;
+ case CSR_INT_STS:
+ s->int_sts &= ~val;
+ break;
+ case CSR_INT_EN:
+ s->int_en = val & ~RESERVED_INT;
+ s->int_sts |= val & SW_INT;
+ break;
+ case CSR_FIFO_INT:
+ DPRINTF("FIFO INT levels %08x\n", val);
+ s->fifo_int = val;
+ break;
+ case CSR_RX_CFG:
+ if (val & 0x8000) {
+ /* RX_DUMP */
+ s->rx_fifo_used = 0;
+ s->rx_status_fifo_used = 0;
+ s->rx_packet_size_tail = s->rx_packet_size_head;
+ s->rx_packet_size[s->rx_packet_size_head] = 0;
+ }
+ s->rx_cfg = val & 0xcfff1ff0;
+ break;
+ case CSR_TX_CFG:
+ if (val & 0x8000) {
+ s->tx_status_fifo_used = 0;
+ }
+ if (val & 0x4000) {
+ s->txp->state = TX_IDLE;
+ s->txp->fifo_used = 0;
+ s->txp->cmd_a = 0xffffffff;
+ }
+ s->tx_cfg = val & 6;
+ break;
+ case CSR_HW_CFG:
+ if (val & 1) {
+ /* SRST */
+ lan9118_reset(DEVICE(s));
+ } else {
+ s->hw_cfg = (val & 0x003f300) | (s->hw_cfg & 0x4);
+ }
+ break;
+ case CSR_RX_DP_CTRL:
+ if (val & 0x80000000) {
+ /* Skip forward to next packet. */
+ s->rxp_pad = 0;
+ s->rxp_offset = 0;
+ if (s->rxp_size == 0) {
+ /* Pop a word to start the next packet. */
+ rx_fifo_pop(s);
+ s->rxp_pad = 0;
+ s->rxp_offset = 0;
+ }
+ s->rx_fifo_head += s->rxp_size;
+ if (s->rx_fifo_head >= s->rx_fifo_size) {
+ s->rx_fifo_head -= s->rx_fifo_size;
+ }
+ }
+ break;
+ case CSR_PMT_CTRL:
+ if (val & 0x400) {
+ phy_reset(s);
+ }
+ s->pmt_ctrl &= ~0x34e;
+ s->pmt_ctrl |= (val & 0x34e);
+ break;
+ case CSR_GPIO_CFG:
+ /* Probably just enabling LEDs. */
+ s->gpio_cfg = val & 0x7777071f;
+ break;
+ case CSR_GPT_CFG:
+ if ((s->gpt_cfg ^ val) & GPT_TIMER_EN) {
+ if (val & GPT_TIMER_EN) {
+ ptimer_set_count(s->timer, val & 0xffff);
+ ptimer_run(s->timer, 0);
+ } else {
+ ptimer_stop(s->timer);
+ ptimer_set_count(s->timer, 0xffff);
+ }
+ }
+ s->gpt_cfg = val & (GPT_TIMER_EN | 0xffff);
+ break;
+ case CSR_WORD_SWAP:
+ /* Ignored because we're in 32-bit mode. */
+ s->word_swap = val;
+ break;
+ case CSR_MAC_CSR_CMD:
+ s->mac_cmd = val & 0x4000000f;
+ if (val & 0x80000000) {
+ if (val & 0x40000000) {
+ s->mac_data = do_mac_read(s, val & 0xf);
+ DPRINTF("MAC read %d = 0x%08x\n", val & 0xf, s->mac_data);
+ } else {
+ DPRINTF("MAC write %d = 0x%08x\n", val & 0xf, s->mac_data);
+ do_mac_write(s, val & 0xf, s->mac_data);
+ }
+ }
+ break;
+ case CSR_MAC_CSR_DATA:
+ s->mac_data = val;
+ break;
+ case CSR_AFC_CFG:
+ s->afc_cfg = val & 0x00ffffff;
+ break;
+ case CSR_E2P_CMD:
+ lan9118_eeprom_cmd(s, (val >> 28) & 7, val & 0x7f);
+ break;
+ case CSR_E2P_DATA:
+ s->e2p_data = val & 0xff;
+ break;
+
+ default:
+ hw_error("lan9118_write: Bad reg 0x%x = %x\n", (int)offset, (int)val);
+ break;
+ }
+ lan9118_update(s);
+}
+
+static void lan9118_writew(void *opaque, hwaddr offset,
+ uint32_t val)
+{
+ lan9118_state *s = (lan9118_state *)opaque;
+ offset &= 0xff;
+
+ if (s->write_word_prev_offset != (offset & ~0x3)) {
+ /* New offset, reset word counter */
+ s->write_word_n = 0;
+ s->write_word_prev_offset = offset & ~0x3;
+ }
+
+ if (offset & 0x2) {
+ s->write_word_h = val;
+ } else {
+ s->write_word_l = val;
+ }
+
+ //DPRINTF("Writew reg 0x%02x = 0x%08x\n", (int)offset, val);
+ s->write_word_n++;
+ if (s->write_word_n == 2) {
+ s->write_word_n = 0;
+ lan9118_writel(s, offset & ~3, s->write_word_l +
+ (s->write_word_h << 16), 4);
+ }
+}
+
+static void lan9118_16bit_mode_write(void *opaque, hwaddr offset,
+ uint64_t val, unsigned size)
+{
+ switch (size) {
+ case 2:
+ lan9118_writew(opaque, offset, (uint32_t)val);
+ return;
+ case 4:
+ lan9118_writel(opaque, offset, val, size);
+ return;
+ }
+
+ hw_error("lan9118_write: Bad size 0x%x\n", size);
+}
+
+static uint64_t lan9118_readl(void *opaque, hwaddr offset,
+ unsigned size)
+{
+ lan9118_state *s = (lan9118_state *)opaque;
+
+ //DPRINTF("Read reg 0x%02x\n", (int)offset);
+ if (offset < 0x20) {
+ /* RX FIFO */
+ return rx_fifo_pop(s);
+ }
+ switch (offset) {
+ case 0x40:
+ return rx_status_fifo_pop(s);
+ case 0x44:
+ return s->rx_status_fifo[s->tx_status_fifo_head];
+ case 0x48:
+ return tx_status_fifo_pop(s);
+ case 0x4c:
+ return s->tx_status_fifo[s->tx_status_fifo_head];
+ case CSR_ID_REV:
+ return 0x01180001;
+ case CSR_IRQ_CFG:
+ return s->irq_cfg;
+ case CSR_INT_STS:
+ return s->int_sts;
+ case CSR_INT_EN:
+ return s->int_en;
+ case CSR_BYTE_TEST:
+ return 0x87654321;
+ case CSR_FIFO_INT:
+ return s->fifo_int;
+ case CSR_RX_CFG:
+ return s->rx_cfg;
+ case CSR_TX_CFG:
+ return s->tx_cfg;
+ case CSR_HW_CFG:
+ return s->hw_cfg;
+ case CSR_RX_DP_CTRL:
+ return 0;
+ case CSR_RX_FIFO_INF:
+ return (s->rx_status_fifo_used << 16) | (s->rx_fifo_used << 2);
+ case CSR_TX_FIFO_INF:
+ return (s->tx_status_fifo_used << 16)
+ | (s->tx_fifo_size - s->txp->fifo_used);
+ case CSR_PMT_CTRL:
+ return s->pmt_ctrl;
+ case CSR_GPIO_CFG:
+ return s->gpio_cfg;
+ case CSR_GPT_CFG:
+ return s->gpt_cfg;
+ case CSR_GPT_CNT:
+ return ptimer_get_count(s->timer);
+ case CSR_WORD_SWAP:
+ return s->word_swap;
+ case CSR_FREE_RUN:
+ return (qemu_get_clock_ns(vm_clock) / 40) - s->free_timer_start;
+ case CSR_RX_DROP:
+ /* TODO: Implement dropped frames counter. */
+ return 0;
+ case CSR_MAC_CSR_CMD:
+ return s->mac_cmd;
+ case CSR_MAC_CSR_DATA:
+ return s->mac_data;
+ case CSR_AFC_CFG:
+ return s->afc_cfg;
+ case CSR_E2P_CMD:
+ return s->e2p_cmd;
+ case CSR_E2P_DATA:
+ return s->e2p_data;
+ }
+ hw_error("lan9118_read: Bad reg 0x%x\n", (int)offset);
+ return 0;
+}
+
+static uint32_t lan9118_readw(void *opaque, hwaddr offset)
+{
+ lan9118_state *s = (lan9118_state *)opaque;
+ uint32_t val;
+
+ if (s->read_word_prev_offset != (offset & ~0x3)) {
+ /* New offset, reset word counter */
+ s->read_word_n = 0;
+ s->read_word_prev_offset = offset & ~0x3;
+ }
+
+ s->read_word_n++;
+ if (s->read_word_n == 1) {
+ s->read_long = lan9118_readl(s, offset & ~3, 4);
+ } else {
+ s->read_word_n = 0;
+ }
+
+ if (offset & 2) {
+ val = s->read_long >> 16;
+ } else {
+ val = s->read_long & 0xFFFF;
+ }
+
+ //DPRINTF("Readw reg 0x%02x, val 0x%x\n", (int)offset, val);
+ return val;
+}
+
+static uint64_t lan9118_16bit_mode_read(void *opaque, hwaddr offset,
+ unsigned size)
+{
+ switch (size) {
+ case 2:
+ return lan9118_readw(opaque, offset);
+ case 4:
+ return lan9118_readl(opaque, offset, size);
+ }
+
+ hw_error("lan9118_read: Bad size 0x%x\n", size);
+ return 0;
+}
+
+static const MemoryRegionOps lan9118_mem_ops = {
+ .read = lan9118_readl,
+ .write = lan9118_writel,
+ .endianness = DEVICE_NATIVE_ENDIAN,
+};
+
+static const MemoryRegionOps lan9118_16bit_mem_ops = {
+ .read = lan9118_16bit_mode_read,
+ .write = lan9118_16bit_mode_write,
+ .endianness = DEVICE_NATIVE_ENDIAN,
+};
+
+static void lan9118_cleanup(NetClientState *nc)
+{
+ lan9118_state *s = qemu_get_nic_opaque(nc);
+
+ s->nic = NULL;
+}
+
+static NetClientInfo net_lan9118_info = {
+ .type = NET_CLIENT_OPTIONS_KIND_NIC,
+ .size = sizeof(NICState),
+ .can_receive = lan9118_can_receive,
+ .receive = lan9118_receive,
+ .cleanup = lan9118_cleanup,
+ .link_status_changed = lan9118_set_link,
+};
+
+static int lan9118_init1(SysBusDevice *sbd)
+{
+ DeviceState *dev = DEVICE(sbd);
+ lan9118_state *s = LAN9118(dev);
+ QEMUBH *bh;
+ int i;
+ const MemoryRegionOps *mem_ops =
+ s->mode_16bit ? &lan9118_16bit_mem_ops : &lan9118_mem_ops;
+
+ memory_region_init_io(&s->mmio, OBJECT(dev), mem_ops, s,
+ "lan9118-mmio", 0x100);
+ sysbus_init_mmio(sbd, &s->mmio);
+ sysbus_init_irq(sbd, &s->irq);
+ qemu_macaddr_default_if_unset(&s->conf.macaddr);
+
+ s->nic = qemu_new_nic(&net_lan9118_info, &s->conf,
+ object_get_typename(OBJECT(dev)), dev->id, s);
+ qemu_format_nic_info_str(qemu_get_queue(s->nic), s->conf.macaddr.a);
+ s->eeprom[0] = 0xa5;
+ for (i = 0; i < 6; i++) {
+ s->eeprom[i + 1] = s->conf.macaddr.a[i];
+ }
+ s->pmt_ctrl = 1;
+ s->txp = &s->tx_packet;
+
+ bh = qemu_bh_new(lan9118_tick, s);
+ s->timer = ptimer_init(bh);
+ ptimer_set_freq(s->timer, 10000);
+ ptimer_set_limit(s->timer, 0xffff, 1);
+
+ return 0;
+}
+
+static Property lan9118_properties[] = {
+ DEFINE_NIC_PROPERTIES(lan9118_state, conf),
+ DEFINE_PROP_UINT32("mode_16bit", lan9118_state, mode_16bit, 0),
+ DEFINE_PROP_END_OF_LIST(),
+};
+
+static void lan9118_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
+
+ k->init = lan9118_init1;
+ dc->reset = lan9118_reset;
+ dc->props = lan9118_properties;
+ dc->vmsd = &vmstate_lan9118;
+}
+
+static const TypeInfo lan9118_info = {
+ .name = TYPE_LAN9118,
+ .parent = TYPE_SYS_BUS_DEVICE,
+ .instance_size = sizeof(lan9118_state),
+ .class_init = lan9118_class_init,
+};
+
+static void lan9118_register_types(void)
+{
+ type_register_static(&lan9118_info);
+}
+
+/* Legacy helper function. Should go away when machine config files are
+ implemented. */
+void lan9118_init(NICInfo *nd, uint32_t base, qemu_irq irq)
+{
+ DeviceState *dev;
+ SysBusDevice *s;
+
+ qemu_check_nic_model(nd, "lan9118");
+ dev = qdev_create(NULL, TYPE_LAN9118);
+ qdev_set_nic_properties(dev, nd);
+ qdev_init_nofail(dev);
+ s = SYS_BUS_DEVICE(dev);
+ sysbus_mmio_map(s, 0, base);
+ sysbus_connect_irq(s, 0, irq);
+}
+
+type_init(lan9118_register_types)
diff --git a/hw/net/lance.c b/hw/net/lance.c
new file mode 100644
index 000000000..e339f029b
--- /dev/null
+++ b/hw/net/lance.c
@@ -0,0 +1,178 @@
+/*
+ * QEMU AMD PC-Net II (Am79C970A) emulation
+ *
+ * Copyright (c) 2004 Antony T Curtis
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+/* This software was written to be compatible with the specification:
+ * AMD Am79C970A PCnet-PCI II Ethernet Controller Data-Sheet
+ * AMD Publication# 19436 Rev:E Amendment/0 Issue Date: June 2000
+ */
+
+/*
+ * On Sparc32, this is the Lance (Am7990) part of chip STP2000 (Master I/O), also
+ * produced as NCR89C100. See
+ * http://www.ibiblio.org/pub/historic-linux/early-ports/Sparc/NCR/NCR89C100.txt
+ * and
+ * http://www.ibiblio.org/pub/historic-linux/early-ports/Sparc/NCR/NCR92C990.txt
+ */
+
+#include "hw/sysbus.h"
+#include "net/net.h"
+#include "qemu/timer.h"
+#include "qemu/sockets.h"
+#include "hw/sparc/sun4m.h"
+#include "pcnet.h"
+#include "trace.h"
+
+#define TYPE_LANCE "lance"
+#define SYSBUS_PCNET(obj) \
+ OBJECT_CHECK(SysBusPCNetState, (obj), TYPE_LANCE)
+
+typedef struct {
+ SysBusDevice parent_obj;
+
+ PCNetState state;
+} SysBusPCNetState;
+
+static void parent_lance_reset(void *opaque, int irq, int level)
+{
+ SysBusPCNetState *d = opaque;
+ if (level)
+ pcnet_h_reset(&d->state);
+}
+
+static void lance_mem_write(void *opaque, hwaddr addr,
+ uint64_t val, unsigned size)
+{
+ SysBusPCNetState *d = opaque;
+
+ trace_lance_mem_writew(addr, val & 0xffff);
+ pcnet_ioport_writew(&d->state, addr, val & 0xffff);
+}
+
+static uint64_t lance_mem_read(void *opaque, hwaddr addr,
+ unsigned size)
+{
+ SysBusPCNetState *d = opaque;
+ uint32_t val;
+
+ val = pcnet_ioport_readw(&d->state, addr);
+ trace_lance_mem_readw(addr, val & 0xffff);
+ return val & 0xffff;
+}
+
+static const MemoryRegionOps lance_mem_ops = {
+ .read = lance_mem_read,
+ .write = lance_mem_write,
+ .endianness = DEVICE_NATIVE_ENDIAN,
+ .valid = {
+ .min_access_size = 2,
+ .max_access_size = 2,
+ },
+};
+
+static void lance_cleanup(NetClientState *nc)
+{
+ PCNetState *d = qemu_get_nic_opaque(nc);
+
+ pcnet_common_cleanup(d);
+}
+
+static NetClientInfo net_lance_info = {
+ .type = NET_CLIENT_OPTIONS_KIND_NIC,
+ .size = sizeof(NICState),
+ .can_receive = pcnet_can_receive,
+ .receive = pcnet_receive,
+ .link_status_changed = pcnet_set_link_status,
+ .cleanup = lance_cleanup,
+};
+
+static const VMStateDescription vmstate_lance = {
+ .name = "pcnet",
+ .version_id = 3,
+ .minimum_version_id = 2,
+ .minimum_version_id_old = 2,
+ .fields = (VMStateField []) {
+ VMSTATE_STRUCT(state, SysBusPCNetState, 0, vmstate_pcnet, PCNetState),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+static int lance_init(SysBusDevice *sbd)
+{
+ DeviceState *dev = DEVICE(sbd);
+ SysBusPCNetState *d = SYSBUS_PCNET(dev);
+ PCNetState *s = &d->state;
+
+ memory_region_init_io(&s->mmio, OBJECT(d), &lance_mem_ops, d,
+ "lance-mmio", 4);
+
+ qdev_init_gpio_in(dev, parent_lance_reset, 1);
+
+ sysbus_init_mmio(sbd, &s->mmio);
+
+ sysbus_init_irq(sbd, &s->irq);
+
+ s->phys_mem_read = ledma_memory_read;
+ s->phys_mem_write = ledma_memory_write;
+ return pcnet_common_init(dev, s, &net_lance_info);
+}
+
+static void lance_reset(DeviceState *dev)
+{
+ SysBusPCNetState *d = SYSBUS_PCNET(dev);
+
+ pcnet_h_reset(&d->state);
+}
+
+static Property lance_properties[] = {
+ DEFINE_PROP_PTR("dma", SysBusPCNetState, state.dma_opaque),
+ DEFINE_NIC_PROPERTIES(SysBusPCNetState, state.conf),
+ DEFINE_PROP_END_OF_LIST(),
+};
+
+static void lance_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
+
+ k->init = lance_init;
+ set_bit(DEVICE_CATEGORY_NETWORK, dc->categories);
+ dc->fw_name = "ethernet";
+ dc->reset = lance_reset;
+ dc->vmsd = &vmstate_lance;
+ dc->props = lance_properties;
+}
+
+static const TypeInfo lance_info = {
+ .name = TYPE_LANCE,
+ .parent = TYPE_SYS_BUS_DEVICE,
+ .instance_size = sizeof(SysBusPCNetState),
+ .class_init = lance_class_init,
+};
+
+static void lance_register_types(void)
+{
+ type_register_static(&lance_info);
+}
+
+type_init(lance_register_types)
diff --git a/hw/net/mcf_fec.c b/hw/net/mcf_fec.c
new file mode 100644
index 000000000..4bff3de34
--- /dev/null
+++ b/hw/net/mcf_fec.c
@@ -0,0 +1,480 @@
+/*
+ * ColdFire Fast Ethernet Controller emulation.
+ *
+ * Copyright (c) 2007 CodeSourcery.
+ *
+ * This code is licensed under the GPL
+ */
+#include "hw/hw.h"
+#include "net/net.h"
+#include "hw/m68k/mcf.h"
+/* For crc32 */
+#include <zlib.h>
+#include "exec/address-spaces.h"
+
+//#define DEBUG_FEC 1
+
+#ifdef DEBUG_FEC
+#define DPRINTF(fmt, ...) \
+do { printf("mcf_fec: " fmt , ## __VA_ARGS__); } while (0)
+#else
+#define DPRINTF(fmt, ...) do {} while(0)
+#endif
+
+#define FEC_MAX_FRAME_SIZE 2032
+
+typedef struct {
+ MemoryRegion *sysmem;
+ MemoryRegion iomem;
+ qemu_irq *irq;
+ NICState *nic;
+ NICConf conf;
+ uint32_t irq_state;
+ uint32_t eir;
+ uint32_t eimr;
+ int rx_enabled;
+ uint32_t rx_descriptor;
+ uint32_t tx_descriptor;
+ uint32_t ecr;
+ uint32_t mmfr;
+ uint32_t mscr;
+ uint32_t rcr;
+ uint32_t tcr;
+ uint32_t tfwr;
+ uint32_t rfsr;
+ uint32_t erdsr;
+ uint32_t etdsr;
+ uint32_t emrbr;
+} mcf_fec_state;
+
+#define FEC_INT_HB 0x80000000
+#define FEC_INT_BABR 0x40000000
+#define FEC_INT_BABT 0x20000000
+#define FEC_INT_GRA 0x10000000
+#define FEC_INT_TXF 0x08000000
+#define FEC_INT_TXB 0x04000000
+#define FEC_INT_RXF 0x02000000
+#define FEC_INT_RXB 0x01000000
+#define FEC_INT_MII 0x00800000
+#define FEC_INT_EB 0x00400000
+#define FEC_INT_LC 0x00200000
+#define FEC_INT_RL 0x00100000
+#define FEC_INT_UN 0x00080000
+
+#define FEC_EN 2
+#define FEC_RESET 1
+
+/* Map interrupt flags onto IRQ lines. */
+#define FEC_NUM_IRQ 13
+static const uint32_t mcf_fec_irq_map[FEC_NUM_IRQ] = {
+ FEC_INT_TXF,
+ FEC_INT_TXB,
+ FEC_INT_UN,
+ FEC_INT_RL,
+ FEC_INT_RXF,
+ FEC_INT_RXB,
+ FEC_INT_MII,
+ FEC_INT_LC,
+ FEC_INT_HB,
+ FEC_INT_GRA,
+ FEC_INT_EB,
+ FEC_INT_BABT,
+ FEC_INT_BABR
+};
+
+/* Buffer Descriptor. */
+typedef struct {
+ uint16_t flags;
+ uint16_t length;
+ uint32_t data;
+} mcf_fec_bd;
+
+#define FEC_BD_R 0x8000
+#define FEC_BD_E 0x8000
+#define FEC_BD_O1 0x4000
+#define FEC_BD_W 0x2000
+#define FEC_BD_O2 0x1000
+#define FEC_BD_L 0x0800
+#define FEC_BD_TC 0x0400
+#define FEC_BD_ABC 0x0200
+#define FEC_BD_M 0x0100
+#define FEC_BD_BC 0x0080
+#define FEC_BD_MC 0x0040
+#define FEC_BD_LG 0x0020
+#define FEC_BD_NO 0x0010
+#define FEC_BD_CR 0x0004
+#define FEC_BD_OV 0x0002
+#define FEC_BD_TR 0x0001
+
+static void mcf_fec_read_bd(mcf_fec_bd *bd, uint32_t addr)
+{
+ cpu_physical_memory_read(addr, bd, sizeof(*bd));
+ be16_to_cpus(&bd->flags);
+ be16_to_cpus(&bd->length);
+ be32_to_cpus(&bd->data);
+}
+
+static void mcf_fec_write_bd(mcf_fec_bd *bd, uint32_t addr)
+{
+ mcf_fec_bd tmp;
+ tmp.flags = cpu_to_be16(bd->flags);
+ tmp.length = cpu_to_be16(bd->length);
+ tmp.data = cpu_to_be32(bd->data);
+ cpu_physical_memory_write(addr, &tmp, sizeof(tmp));
+}
+
+static void mcf_fec_update(mcf_fec_state *s)
+{
+ uint32_t active;
+ uint32_t changed;
+ uint32_t mask;
+ int i;
+
+ active = s->eir & s->eimr;
+ changed = active ^s->irq_state;
+ for (i = 0; i < FEC_NUM_IRQ; i++) {
+ mask = mcf_fec_irq_map[i];
+ if (changed & mask) {
+ DPRINTF("IRQ %d = %d\n", i, (active & mask) != 0);
+ qemu_set_irq(s->irq[i], (active & mask) != 0);
+ }
+ }
+ s->irq_state = active;
+}
+
+static void mcf_fec_do_tx(mcf_fec_state *s)
+{
+ uint32_t addr;
+ mcf_fec_bd bd;
+ int frame_size;
+ int len;
+ uint8_t frame[FEC_MAX_FRAME_SIZE];
+ uint8_t *ptr;
+
+ DPRINTF("do_tx\n");
+ ptr = frame;
+ frame_size = 0;
+ addr = s->tx_descriptor;
+ while (1) {
+ mcf_fec_read_bd(&bd, addr);
+ DPRINTF("tx_bd %x flags %04x len %d data %08x\n",
+ addr, bd.flags, bd.length, bd.data);
+ if ((bd.flags & FEC_BD_R) == 0) {
+ /* Run out of descriptors to transmit. */
+ break;
+ }
+ len = bd.length;
+ if (frame_size + len > FEC_MAX_FRAME_SIZE) {
+ len = FEC_MAX_FRAME_SIZE - frame_size;
+ s->eir |= FEC_INT_BABT;
+ }
+ cpu_physical_memory_read(bd.data, ptr, len);
+ ptr += len;
+ frame_size += len;
+ if (bd.flags & FEC_BD_L) {
+ /* Last buffer in frame. */
+ DPRINTF("Sending packet\n");
+ qemu_send_packet(qemu_get_queue(s->nic), frame, len);
+ ptr = frame;
+ frame_size = 0;
+ s->eir |= FEC_INT_TXF;
+ }
+ s->eir |= FEC_INT_TXB;
+ bd.flags &= ~FEC_BD_R;
+ /* Write back the modified descriptor. */
+ mcf_fec_write_bd(&bd, addr);
+ /* Advance to the next descriptor. */
+ if ((bd.flags & FEC_BD_W) != 0) {
+ addr = s->etdsr;
+ } else {
+ addr += 8;
+ }
+ }
+ s->tx_descriptor = addr;
+}
+
+static void mcf_fec_enable_rx(mcf_fec_state *s)
+{
+ mcf_fec_bd bd;
+
+ mcf_fec_read_bd(&bd, s->rx_descriptor);
+ s->rx_enabled = ((bd.flags & FEC_BD_E) != 0);
+ if (!s->rx_enabled)
+ DPRINTF("RX buffer full\n");
+}
+
+static void mcf_fec_reset(mcf_fec_state *s)
+{
+ s->eir = 0;
+ s->eimr = 0;
+ s->rx_enabled = 0;
+ s->ecr = 0;
+ s->mscr = 0;
+ s->rcr = 0x05ee0001;
+ s->tcr = 0;
+ s->tfwr = 0;
+ s->rfsr = 0x500;
+}
+
+static uint64_t mcf_fec_read(void *opaque, hwaddr addr,
+ unsigned size)
+{
+ mcf_fec_state *s = (mcf_fec_state *)opaque;
+ switch (addr & 0x3ff) {
+ case 0x004: return s->eir;
+ case 0x008: return s->eimr;
+ case 0x010: return s->rx_enabled ? (1 << 24) : 0; /* RDAR */
+ case 0x014: return 0; /* TDAR */
+ case 0x024: return s->ecr;
+ case 0x040: return s->mmfr;
+ case 0x044: return s->mscr;
+ case 0x064: return 0; /* MIBC */
+ case 0x084: return s->rcr;
+ case 0x0c4: return s->tcr;
+ case 0x0e4: /* PALR */
+ return (s->conf.macaddr.a[0] << 24) | (s->conf.macaddr.a[1] << 16)
+ | (s->conf.macaddr.a[2] << 8) | s->conf.macaddr.a[3];
+ break;
+ case 0x0e8: /* PAUR */
+ return (s->conf.macaddr.a[4] << 24) | (s->conf.macaddr.a[5] << 16) | 0x8808;
+ case 0x0ec: return 0x10000; /* OPD */
+ case 0x118: return 0;
+ case 0x11c: return 0;
+ case 0x120: return 0;
+ case 0x124: return 0;
+ case 0x144: return s->tfwr;
+ case 0x14c: return 0x600;
+ case 0x150: return s->rfsr;
+ case 0x180: return s->erdsr;
+ case 0x184: return s->etdsr;
+ case 0x188: return s->emrbr;
+ default:
+ hw_error("mcf_fec_read: Bad address 0x%x\n", (int)addr);
+ return 0;
+ }
+}
+
+static void mcf_fec_write(void *opaque, hwaddr addr,
+ uint64_t value, unsigned size)
+{
+ mcf_fec_state *s = (mcf_fec_state *)opaque;
+ switch (addr & 0x3ff) {
+ case 0x004:
+ s->eir &= ~value;
+ break;
+ case 0x008:
+ s->eimr = value;
+ break;
+ case 0x010: /* RDAR */
+ if ((s->ecr & FEC_EN) && !s->rx_enabled) {
+ DPRINTF("RX enable\n");
+ mcf_fec_enable_rx(s);
+ }
+ break;
+ case 0x014: /* TDAR */
+ if (s->ecr & FEC_EN) {
+ mcf_fec_do_tx(s);
+ }
+ break;
+ case 0x024:
+ s->ecr = value;
+ if (value & FEC_RESET) {
+ DPRINTF("Reset\n");
+ mcf_fec_reset(s);
+ }
+ if ((s->ecr & FEC_EN) == 0) {
+ s->rx_enabled = 0;
+ }
+ break;
+ case 0x040:
+ /* TODO: Implement MII. */
+ s->mmfr = value;
+ break;
+ case 0x044:
+ s->mscr = value & 0xfe;
+ break;
+ case 0x064:
+ /* TODO: Implement MIB. */
+ break;
+ case 0x084:
+ s->rcr = value & 0x07ff003f;
+ /* TODO: Implement LOOP mode. */
+ break;
+ case 0x0c4: /* TCR */
+ /* We transmit immediately, so raise GRA immediately. */
+ s->tcr = value;
+ if (value & 1)
+ s->eir |= FEC_INT_GRA;
+ break;
+ case 0x0e4: /* PALR */
+ s->conf.macaddr.a[0] = value >> 24;
+ s->conf.macaddr.a[1] = value >> 16;
+ s->conf.macaddr.a[2] = value >> 8;
+ s->conf.macaddr.a[3] = value;
+ break;
+ case 0x0e8: /* PAUR */
+ s->conf.macaddr.a[4] = value >> 24;
+ s->conf.macaddr.a[5] = value >> 16;
+ break;
+ case 0x0ec:
+ /* OPD */
+ break;
+ case 0x118:
+ case 0x11c:
+ case 0x120:
+ case 0x124:
+ /* TODO: implement MAC hash filtering. */
+ break;
+ case 0x144:
+ s->tfwr = value & 3;
+ break;
+ case 0x14c:
+ /* FRBR writes ignored. */
+ break;
+ case 0x150:
+ s->rfsr = (value & 0x3fc) | 0x400;
+ break;
+ case 0x180:
+ s->erdsr = value & ~3;
+ s->rx_descriptor = s->erdsr;
+ break;
+ case 0x184:
+ s->etdsr = value & ~3;
+ s->tx_descriptor = s->etdsr;
+ break;
+ case 0x188:
+ s->emrbr = value & 0x7f0;
+ break;
+ default:
+ hw_error("mcf_fec_write Bad address 0x%x\n", (int)addr);
+ }
+ mcf_fec_update(s);
+}
+
+static int mcf_fec_can_receive(NetClientState *nc)
+{
+ mcf_fec_state *s = qemu_get_nic_opaque(nc);
+ return s->rx_enabled;
+}
+
+static ssize_t mcf_fec_receive(NetClientState *nc, const uint8_t *buf, size_t size)
+{
+ mcf_fec_state *s = qemu_get_nic_opaque(nc);
+ mcf_fec_bd bd;
+ uint32_t flags = 0;
+ uint32_t addr;
+ uint32_t crc;
+ uint32_t buf_addr;
+ uint8_t *crc_ptr;
+ unsigned int buf_len;
+
+ DPRINTF("do_rx len %d\n", size);
+ if (!s->rx_enabled) {
+ fprintf(stderr, "mcf_fec_receive: Unexpected packet\n");
+ }
+ /* 4 bytes for the CRC. */
+ size += 4;
+ crc = cpu_to_be32(crc32(~0, buf, size));
+ crc_ptr = (uint8_t *)&crc;
+ /* Huge frames are truncted. */
+ if (size > FEC_MAX_FRAME_SIZE) {
+ size = FEC_MAX_FRAME_SIZE;
+ flags |= FEC_BD_TR | FEC_BD_LG;
+ }
+ /* Frames larger than the user limit just set error flags. */
+ if (size > (s->rcr >> 16)) {
+ flags |= FEC_BD_LG;
+ }
+ addr = s->rx_descriptor;
+ while (size > 0) {
+ mcf_fec_read_bd(&bd, addr);
+ if ((bd.flags & FEC_BD_E) == 0) {
+ /* No descriptors available. Bail out. */
+ /* FIXME: This is wrong. We should probably either save the
+ remainder for when more RX buffers are available, or
+ flag an error. */
+ fprintf(stderr, "mcf_fec: Lost end of frame\n");
+ break;
+ }
+ buf_len = (size <= s->emrbr) ? size: s->emrbr;
+ bd.length = buf_len;
+ size -= buf_len;
+ DPRINTF("rx_bd %x length %d\n", addr, bd.length);
+ /* The last 4 bytes are the CRC. */
+ if (size < 4)
+ buf_len += size - 4;
+ buf_addr = bd.data;
+ cpu_physical_memory_write(buf_addr, buf, buf_len);
+ buf += buf_len;
+ if (size < 4) {
+ cpu_physical_memory_write(buf_addr + buf_len, crc_ptr, 4 - size);
+ crc_ptr += 4 - size;
+ }
+ bd.flags &= ~FEC_BD_E;
+ if (size == 0) {
+ /* Last buffer in frame. */
+ bd.flags |= flags | FEC_BD_L;
+ DPRINTF("rx frame flags %04x\n", bd.flags);
+ s->eir |= FEC_INT_RXF;
+ } else {
+ s->eir |= FEC_INT_RXB;
+ }
+ mcf_fec_write_bd(&bd, addr);
+ /* Advance to the next descriptor. */
+ if ((bd.flags & FEC_BD_W) != 0) {
+ addr = s->erdsr;
+ } else {
+ addr += 8;
+ }
+ }
+ s->rx_descriptor = addr;
+ mcf_fec_enable_rx(s);
+ mcf_fec_update(s);
+ return size;
+}
+
+static const MemoryRegionOps mcf_fec_ops = {
+ .read = mcf_fec_read,
+ .write = mcf_fec_write,
+ .endianness = DEVICE_NATIVE_ENDIAN,
+};
+
+static void mcf_fec_cleanup(NetClientState *nc)
+{
+ mcf_fec_state *s = qemu_get_nic_opaque(nc);
+
+ memory_region_del_subregion(s->sysmem, &s->iomem);
+ memory_region_destroy(&s->iomem);
+
+ g_free(s);
+}
+
+static NetClientInfo net_mcf_fec_info = {
+ .type = NET_CLIENT_OPTIONS_KIND_NIC,
+ .size = sizeof(NICState),
+ .can_receive = mcf_fec_can_receive,
+ .receive = mcf_fec_receive,
+ .cleanup = mcf_fec_cleanup,
+};
+
+void mcf_fec_init(MemoryRegion *sysmem, NICInfo *nd,
+ hwaddr base, qemu_irq *irq)
+{
+ mcf_fec_state *s;
+
+ qemu_check_nic_model(nd, "mcf_fec");
+
+ s = (mcf_fec_state *)g_malloc0(sizeof(mcf_fec_state));
+ s->sysmem = sysmem;
+ s->irq = irq;
+
+ memory_region_init_io(&s->iomem, NULL, &mcf_fec_ops, s, "fec", 0x400);
+ memory_region_add_subregion(sysmem, base, &s->iomem);
+
+ s->conf.macaddr = nd->macaddr;
+ s->conf.peers.ncs[0] = nd->netdev;
+
+ s->nic = qemu_new_nic(&net_mcf_fec_info, &s->conf, nd->model, nd->name, s);
+
+ qemu_format_nic_info_str(qemu_get_queue(s->nic), s->conf.macaddr.a);
+}
diff --git a/hw/net/milkymist-minimac2.c b/hw/net/milkymist-minimac2.c
new file mode 100644
index 000000000..1e9237984
--- /dev/null
+++ b/hw/net/milkymist-minimac2.c
@@ -0,0 +1,551 @@
+/*
+ * QEMU model of the Milkymist minimac2 block.
+ *
+ * Copyright (c) 2011 Michael Walle <michael@walle.cc>
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, see <http://www.gnu.org/licenses/>.
+ *
+ *
+ * Specification available at:
+ * not available yet
+ *
+ */
+
+#include "hw/hw.h"
+#include "hw/sysbus.h"
+#include "trace.h"
+#include "net/net.h"
+#include "qemu/error-report.h"
+
+#include <zlib.h>
+
+enum {
+ R_SETUP = 0,
+ R_MDIO,
+ R_STATE0,
+ R_COUNT0,
+ R_STATE1,
+ R_COUNT1,
+ R_TXCOUNT,
+ R_MAX
+};
+
+enum {
+ SETUP_PHY_RST = (1<<0),
+};
+
+enum {
+ MDIO_DO = (1<<0),
+ MDIO_DI = (1<<1),
+ MDIO_OE = (1<<2),
+ MDIO_CLK = (1<<3),
+};
+
+enum {
+ STATE_EMPTY = 0,
+ STATE_LOADED = 1,
+ STATE_PENDING = 2,
+};
+
+enum {
+ MDIO_OP_WRITE = 1,
+ MDIO_OP_READ = 2,
+};
+
+enum mdio_state {
+ MDIO_STATE_IDLE,
+ MDIO_STATE_READING,
+ MDIO_STATE_WRITING,
+};
+
+enum {
+ R_PHY_ID1 = 2,
+ R_PHY_ID2 = 3,
+ R_PHY_MAX = 32
+};
+
+#define MINIMAC2_MTU 1530
+#define MINIMAC2_BUFFER_SIZE 2048
+
+struct MilkymistMinimac2MdioState {
+ int last_clk;
+ int count;
+ uint32_t data;
+ uint16_t data_out;
+ int state;
+
+ uint8_t phy_addr;
+ uint8_t reg_addr;
+};
+typedef struct MilkymistMinimac2MdioState MilkymistMinimac2MdioState;
+
+#define TYPE_MILKYMIST_MINIMAC2 "milkymist-minimac2"
+#define MILKYMIST_MINIMAC2(obj) \
+ OBJECT_CHECK(MilkymistMinimac2State, (obj), TYPE_MILKYMIST_MINIMAC2)
+
+struct MilkymistMinimac2State {
+ SysBusDevice parent_obj;
+
+ NICState *nic;
+ NICConf conf;
+ char *phy_model;
+ MemoryRegion buffers;
+ MemoryRegion regs_region;
+
+ qemu_irq rx_irq;
+ qemu_irq tx_irq;
+
+ uint32_t regs[R_MAX];
+
+ MilkymistMinimac2MdioState mdio;
+
+ uint16_t phy_regs[R_PHY_MAX];
+
+ uint8_t *rx0_buf;
+ uint8_t *rx1_buf;
+ uint8_t *tx_buf;
+};
+typedef struct MilkymistMinimac2State MilkymistMinimac2State;
+
+static const uint8_t preamble_sfd[] = {
+ 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0xd5
+};
+
+static void minimac2_mdio_write_reg(MilkymistMinimac2State *s,
+ uint8_t phy_addr, uint8_t reg_addr, uint16_t value)
+{
+ trace_milkymist_minimac2_mdio_write(phy_addr, reg_addr, value);
+
+ /* nop */
+}
+
+static uint16_t minimac2_mdio_read_reg(MilkymistMinimac2State *s,
+ uint8_t phy_addr, uint8_t reg_addr)
+{
+ uint16_t r = s->phy_regs[reg_addr];
+
+ trace_milkymist_minimac2_mdio_read(phy_addr, reg_addr, r);
+
+ return r;
+}
+
+static void minimac2_update_mdio(MilkymistMinimac2State *s)
+{
+ MilkymistMinimac2MdioState *m = &s->mdio;
+
+ /* detect rising clk edge */
+ if (m->last_clk == 0 && (s->regs[R_MDIO] & MDIO_CLK)) {
+ /* shift data in */
+ int bit = ((s->regs[R_MDIO] & MDIO_DO)
+ && (s->regs[R_MDIO] & MDIO_OE)) ? 1 : 0;
+ m->data = (m->data << 1) | bit;
+
+ /* check for sync */
+ if (m->data == 0xffffffff) {
+ m->count = 32;
+ }
+
+ if (m->count == 16) {
+ uint8_t start = (m->data >> 14) & 0x3;
+ uint8_t op = (m->data >> 12) & 0x3;
+ uint8_t ta = (m->data) & 0x3;
+
+ if (start == 1 && op == MDIO_OP_WRITE && ta == 2) {
+ m->state = MDIO_STATE_WRITING;
+ } else if (start == 1 && op == MDIO_OP_READ && (ta & 1) == 0) {
+ m->state = MDIO_STATE_READING;
+ } else {
+ m->state = MDIO_STATE_IDLE;
+ }
+
+ if (m->state != MDIO_STATE_IDLE) {
+ m->phy_addr = (m->data >> 7) & 0x1f;
+ m->reg_addr = (m->data >> 2) & 0x1f;
+ }
+
+ if (m->state == MDIO_STATE_READING) {
+ m->data_out = minimac2_mdio_read_reg(s, m->phy_addr,
+ m->reg_addr);
+ }
+ }
+
+ if (m->count < 16 && m->state == MDIO_STATE_READING) {
+ int bit = (m->data_out & 0x8000) ? 1 : 0;
+ m->data_out <<= 1;
+
+ if (bit) {
+ s->regs[R_MDIO] |= MDIO_DI;
+ } else {
+ s->regs[R_MDIO] &= ~MDIO_DI;
+ }
+ }
+
+ if (m->count == 0 && m->state) {
+ if (m->state == MDIO_STATE_WRITING) {
+ uint16_t data = m->data & 0xffff;
+ minimac2_mdio_write_reg(s, m->phy_addr, m->reg_addr, data);
+ }
+ m->state = MDIO_STATE_IDLE;
+ }
+ m->count--;
+ }
+
+ m->last_clk = (s->regs[R_MDIO] & MDIO_CLK) ? 1 : 0;
+}
+
+static size_t assemble_frame(uint8_t *buf, size_t size,
+ const uint8_t *payload, size_t payload_size)
+{
+ uint32_t crc;
+
+ if (size < payload_size + 12) {
+ error_report("milkymist_minimac2: received too big ethernet frame");
+ return 0;
+ }
+
+ /* prepend preamble and sfd */
+ memcpy(buf, preamble_sfd, 8);
+
+ /* now copy the payload */
+ memcpy(buf + 8, payload, payload_size);
+
+ /* pad frame if needed */
+ if (payload_size < 60) {
+ memset(buf + payload_size + 8, 0, 60 - payload_size);
+ payload_size = 60;
+ }
+
+ /* append fcs */
+ crc = cpu_to_le32(crc32(0, buf + 8, payload_size));
+ memcpy(buf + payload_size + 8, &crc, 4);
+
+ return payload_size + 12;
+}
+
+static void minimac2_tx(MilkymistMinimac2State *s)
+{
+ uint32_t txcount = s->regs[R_TXCOUNT];
+ uint8_t *buf = s->tx_buf;
+
+ if (txcount < 64) {
+ error_report("milkymist_minimac2: ethernet frame too small (%u < %u)",
+ txcount, 64);
+ goto err;
+ }
+
+ if (txcount > MINIMAC2_MTU) {
+ error_report("milkymist_minimac2: MTU exceeded (%u > %u)",
+ txcount, MINIMAC2_MTU);
+ goto err;
+ }
+
+ if (memcmp(buf, preamble_sfd, 8) != 0) {
+ error_report("milkymist_minimac2: frame doesn't contain the preamble "
+ "and/or the SFD (%02x %02x %02x %02x %02x %02x %02x %02x)",
+ buf[0], buf[1], buf[2], buf[3], buf[4], buf[5], buf[6], buf[7]);
+ goto err;
+ }
+
+ trace_milkymist_minimac2_tx_frame(txcount - 12);
+
+ /* send packet, skipping preamble and sfd */
+ qemu_send_packet_raw(qemu_get_queue(s->nic), buf + 8, txcount - 12);
+
+ s->regs[R_TXCOUNT] = 0;
+
+err:
+ trace_milkymist_minimac2_pulse_irq_tx();
+ qemu_irq_pulse(s->tx_irq);
+}
+
+static void update_rx_interrupt(MilkymistMinimac2State *s)
+{
+ if (s->regs[R_STATE0] == STATE_PENDING
+ || s->regs[R_STATE1] == STATE_PENDING) {
+ trace_milkymist_minimac2_raise_irq_rx();
+ qemu_irq_raise(s->rx_irq);
+ } else {
+ trace_milkymist_minimac2_lower_irq_rx();
+ qemu_irq_lower(s->rx_irq);
+ }
+}
+
+static ssize_t minimac2_rx(NetClientState *nc, const uint8_t *buf, size_t size)
+{
+ MilkymistMinimac2State *s = qemu_get_nic_opaque(nc);
+
+ uint32_t r_count;
+ uint32_t r_state;
+ uint8_t *rx_buf;
+
+ size_t frame_size;
+
+ trace_milkymist_minimac2_rx_frame(buf, size);
+
+ /* choose appropriate slot */
+ if (s->regs[R_STATE0] == STATE_LOADED) {
+ r_count = R_COUNT0;
+ r_state = R_STATE0;
+ rx_buf = s->rx0_buf;
+ } else if (s->regs[R_STATE1] == STATE_LOADED) {
+ r_count = R_COUNT1;
+ r_state = R_STATE1;
+ rx_buf = s->rx1_buf;
+ } else {
+ trace_milkymist_minimac2_drop_rx_frame(buf);
+ return size;
+ }
+
+ /* assemble frame */
+ frame_size = assemble_frame(rx_buf, MINIMAC2_BUFFER_SIZE, buf, size);
+
+ if (frame_size == 0) {
+ return size;
+ }
+
+ trace_milkymist_minimac2_rx_transfer(rx_buf, frame_size);
+
+ /* update slot */
+ s->regs[r_count] = frame_size;
+ s->regs[r_state] = STATE_PENDING;
+
+ update_rx_interrupt(s);
+
+ return size;
+}
+
+static uint64_t
+minimac2_read(void *opaque, hwaddr addr, unsigned size)
+{
+ MilkymistMinimac2State *s = opaque;
+ uint32_t r = 0;
+
+ addr >>= 2;
+ switch (addr) {
+ case R_SETUP:
+ case R_MDIO:
+ case R_STATE0:
+ case R_COUNT0:
+ case R_STATE1:
+ case R_COUNT1:
+ case R_TXCOUNT:
+ r = s->regs[addr];
+ break;
+
+ default:
+ error_report("milkymist_minimac2: read access to unknown register 0x"
+ TARGET_FMT_plx, addr << 2);
+ break;
+ }
+
+ trace_milkymist_minimac2_memory_read(addr << 2, r);
+
+ return r;
+}
+
+static void
+minimac2_write(void *opaque, hwaddr addr, uint64_t value,
+ unsigned size)
+{
+ MilkymistMinimac2State *s = opaque;
+
+ trace_milkymist_minimac2_memory_write(addr, value);
+
+ addr >>= 2;
+ switch (addr) {
+ case R_MDIO:
+ {
+ /* MDIO_DI is read only */
+ int mdio_di = (s->regs[R_MDIO] & MDIO_DI);
+ s->regs[R_MDIO] = value;
+ if (mdio_di) {
+ s->regs[R_MDIO] |= mdio_di;
+ } else {
+ s->regs[R_MDIO] &= ~mdio_di;
+ }
+
+ minimac2_update_mdio(s);
+ } break;
+ case R_TXCOUNT:
+ s->regs[addr] = value;
+ if (value > 0) {
+ minimac2_tx(s);
+ }
+ break;
+ case R_STATE0:
+ case R_STATE1:
+ s->regs[addr] = value;
+ update_rx_interrupt(s);
+ break;
+ case R_SETUP:
+ case R_COUNT0:
+ case R_COUNT1:
+ s->regs[addr] = value;
+ break;
+
+ default:
+ error_report("milkymist_minimac2: write access to unknown register 0x"
+ TARGET_FMT_plx, addr << 2);
+ break;
+ }
+}
+
+static const MemoryRegionOps minimac2_ops = {
+ .read = minimac2_read,
+ .write = minimac2_write,
+ .valid = {
+ .min_access_size = 4,
+ .max_access_size = 4,
+ },
+ .endianness = DEVICE_NATIVE_ENDIAN,
+};
+
+static int minimac2_can_rx(NetClientState *nc)
+{
+ MilkymistMinimac2State *s = qemu_get_nic_opaque(nc);
+
+ if (s->regs[R_STATE0] == STATE_LOADED) {
+ return 1;
+ }
+ if (s->regs[R_STATE1] == STATE_LOADED) {
+ return 1;
+ }
+
+ return 0;
+}
+
+static void minimac2_cleanup(NetClientState *nc)
+{
+ MilkymistMinimac2State *s = qemu_get_nic_opaque(nc);
+
+ s->nic = NULL;
+}
+
+static void milkymist_minimac2_reset(DeviceState *d)
+{
+ MilkymistMinimac2State *s = MILKYMIST_MINIMAC2(d);
+ int i;
+
+ for (i = 0; i < R_MAX; i++) {
+ s->regs[i] = 0;
+ }
+ for (i = 0; i < R_PHY_MAX; i++) {
+ s->phy_regs[i] = 0;
+ }
+
+ /* defaults */
+ s->phy_regs[R_PHY_ID1] = 0x0022; /* Micrel KSZ8001L */
+ s->phy_regs[R_PHY_ID2] = 0x161a;
+}
+
+static NetClientInfo net_milkymist_minimac2_info = {
+ .type = NET_CLIENT_OPTIONS_KIND_NIC,
+ .size = sizeof(NICState),
+ .can_receive = minimac2_can_rx,
+ .receive = minimac2_rx,
+ .cleanup = minimac2_cleanup,
+};
+
+static int milkymist_minimac2_init(SysBusDevice *sbd)
+{
+ DeviceState *dev = DEVICE(sbd);
+ MilkymistMinimac2State *s = MILKYMIST_MINIMAC2(dev);
+ size_t buffers_size = TARGET_PAGE_ALIGN(3 * MINIMAC2_BUFFER_SIZE);
+
+ sysbus_init_irq(sbd, &s->rx_irq);
+ sysbus_init_irq(sbd, &s->tx_irq);
+
+ memory_region_init_io(&s->regs_region, OBJECT(dev), &minimac2_ops, s,
+ "milkymist-minimac2", R_MAX * 4);
+ sysbus_init_mmio(sbd, &s->regs_region);
+
+ /* register buffers memory */
+ memory_region_init_ram(&s->buffers, OBJECT(dev), "milkymist-minimac2.buffers",
+ buffers_size);
+ vmstate_register_ram_global(&s->buffers);
+ s->rx0_buf = memory_region_get_ram_ptr(&s->buffers);
+ s->rx1_buf = s->rx0_buf + MINIMAC2_BUFFER_SIZE;
+ s->tx_buf = s->rx1_buf + MINIMAC2_BUFFER_SIZE;
+
+ sysbus_init_mmio(sbd, &s->buffers);
+
+ qemu_macaddr_default_if_unset(&s->conf.macaddr);
+ s->nic = qemu_new_nic(&net_milkymist_minimac2_info, &s->conf,
+ object_get_typename(OBJECT(dev)), dev->id, s);
+ qemu_format_nic_info_str(qemu_get_queue(s->nic), s->conf.macaddr.a);
+
+ return 0;
+}
+
+static const VMStateDescription vmstate_milkymist_minimac2_mdio = {
+ .name = "milkymist-minimac2-mdio",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .minimum_version_id_old = 1,
+ .fields = (VMStateField[]) {
+ VMSTATE_INT32(last_clk, MilkymistMinimac2MdioState),
+ VMSTATE_INT32(count, MilkymistMinimac2MdioState),
+ VMSTATE_UINT32(data, MilkymistMinimac2MdioState),
+ VMSTATE_UINT16(data_out, MilkymistMinimac2MdioState),
+ VMSTATE_INT32(state, MilkymistMinimac2MdioState),
+ VMSTATE_UINT8(phy_addr, MilkymistMinimac2MdioState),
+ VMSTATE_UINT8(reg_addr, MilkymistMinimac2MdioState),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+static const VMStateDescription vmstate_milkymist_minimac2 = {
+ .name = "milkymist-minimac2",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .minimum_version_id_old = 1,
+ .fields = (VMStateField[]) {
+ VMSTATE_UINT32_ARRAY(regs, MilkymistMinimac2State, R_MAX),
+ VMSTATE_UINT16_ARRAY(phy_regs, MilkymistMinimac2State, R_PHY_MAX),
+ VMSTATE_STRUCT(mdio, MilkymistMinimac2State, 0,
+ vmstate_milkymist_minimac2_mdio, MilkymistMinimac2MdioState),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+static Property milkymist_minimac2_properties[] = {
+ DEFINE_NIC_PROPERTIES(MilkymistMinimac2State, conf),
+ DEFINE_PROP_STRING("phy_model", MilkymistMinimac2State, phy_model),
+ DEFINE_PROP_END_OF_LIST(),
+};
+
+static void milkymist_minimac2_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
+
+ k->init = milkymist_minimac2_init;
+ dc->reset = milkymist_minimac2_reset;
+ dc->vmsd = &vmstate_milkymist_minimac2;
+ dc->props = milkymist_minimac2_properties;
+}
+
+static const TypeInfo milkymist_minimac2_info = {
+ .name = TYPE_MILKYMIST_MINIMAC2,
+ .parent = TYPE_SYS_BUS_DEVICE,
+ .instance_size = sizeof(MilkymistMinimac2State),
+ .class_init = milkymist_minimac2_class_init,
+};
+
+static void milkymist_minimac2_register_types(void)
+{
+ type_register_static(&milkymist_minimac2_info);
+}
+
+type_init(milkymist_minimac2_register_types)
diff --git a/hw/net/mipsnet.c b/hw/net/mipsnet.c
new file mode 100644
index 000000000..e421b867e
--- /dev/null
+++ b/hw/net/mipsnet.c
@@ -0,0 +1,290 @@
+#include "hw/hw.h"
+#include "net/net.h"
+#include "trace.h"
+#include "hw/sysbus.h"
+
+/* MIPSnet register offsets */
+
+#define MIPSNET_DEV_ID 0x00
+#define MIPSNET_BUSY 0x08
+#define MIPSNET_RX_DATA_COUNT 0x0c
+#define MIPSNET_TX_DATA_COUNT 0x10
+#define MIPSNET_INT_CTL 0x14
+# define MIPSNET_INTCTL_TXDONE 0x00000001
+# define MIPSNET_INTCTL_RXDONE 0x00000002
+# define MIPSNET_INTCTL_TESTBIT 0x80000000
+#define MIPSNET_INTERRUPT_INFO 0x18
+#define MIPSNET_RX_DATA_BUFFER 0x1c
+#define MIPSNET_TX_DATA_BUFFER 0x20
+
+#define MAX_ETH_FRAME_SIZE 1514
+
+#define TYPE_MIPS_NET "mipsnet"
+#define MIPS_NET(obj) OBJECT_CHECK(MIPSnetState, (obj), TYPE_MIPS_NET)
+
+typedef struct MIPSnetState {
+ SysBusDevice parent_obj;
+
+ uint32_t busy;
+ uint32_t rx_count;
+ uint32_t rx_read;
+ uint32_t tx_count;
+ uint32_t tx_written;
+ uint32_t intctl;
+ uint8_t rx_buffer[MAX_ETH_FRAME_SIZE];
+ uint8_t tx_buffer[MAX_ETH_FRAME_SIZE];
+ MemoryRegion io;
+ qemu_irq irq;
+ NICState *nic;
+ NICConf conf;
+} MIPSnetState;
+
+static void mipsnet_reset(MIPSnetState *s)
+{
+ s->busy = 1;
+ s->rx_count = 0;
+ s->rx_read = 0;
+ s->tx_count = 0;
+ s->tx_written = 0;
+ s->intctl = 0;
+ memset(s->rx_buffer, 0, MAX_ETH_FRAME_SIZE);
+ memset(s->tx_buffer, 0, MAX_ETH_FRAME_SIZE);
+}
+
+static void mipsnet_update_irq(MIPSnetState *s)
+{
+ int isr = !!s->intctl;
+ trace_mipsnet_irq(isr, s->intctl);
+ qemu_set_irq(s->irq, isr);
+}
+
+static int mipsnet_buffer_full(MIPSnetState *s)
+{
+ if (s->rx_count >= MAX_ETH_FRAME_SIZE)
+ return 1;
+ return 0;
+}
+
+static int mipsnet_can_receive(NetClientState *nc)
+{
+ MIPSnetState *s = qemu_get_nic_opaque(nc);
+
+ if (s->busy)
+ return 0;
+ return !mipsnet_buffer_full(s);
+}
+
+static ssize_t mipsnet_receive(NetClientState *nc, const uint8_t *buf, size_t size)
+{
+ MIPSnetState *s = qemu_get_nic_opaque(nc);
+
+ trace_mipsnet_receive(size);
+ if (!mipsnet_can_receive(nc))
+ return -1;
+
+ s->busy = 1;
+
+ /* Just accept everything. */
+
+ /* Write packet data. */
+ memcpy(s->rx_buffer, buf, size);
+
+ s->rx_count = size;
+ s->rx_read = 0;
+
+ /* Now we can signal we have received something. */
+ s->intctl |= MIPSNET_INTCTL_RXDONE;
+ mipsnet_update_irq(s);
+
+ return size;
+}
+
+static uint64_t mipsnet_ioport_read(void *opaque, hwaddr addr,
+ unsigned int size)
+{
+ MIPSnetState *s = opaque;
+ int ret = 0;
+
+ addr &= 0x3f;
+ switch (addr) {
+ case MIPSNET_DEV_ID:
+ ret = be32_to_cpu(0x4d495053); /* MIPS */
+ break;
+ case MIPSNET_DEV_ID + 4:
+ ret = be32_to_cpu(0x4e455430); /* NET0 */
+ break;
+ case MIPSNET_BUSY:
+ ret = s->busy;
+ break;
+ case MIPSNET_RX_DATA_COUNT:
+ ret = s->rx_count;
+ break;
+ case MIPSNET_TX_DATA_COUNT:
+ ret = s->tx_count;
+ break;
+ case MIPSNET_INT_CTL:
+ ret = s->intctl;
+ s->intctl &= ~MIPSNET_INTCTL_TESTBIT;
+ break;
+ case MIPSNET_INTERRUPT_INFO:
+ /* XXX: This seems to be a per-VPE interrupt number. */
+ ret = 0;
+ break;
+ case MIPSNET_RX_DATA_BUFFER:
+ if (s->rx_count) {
+ s->rx_count--;
+ ret = s->rx_buffer[s->rx_read++];
+ }
+ break;
+ /* Reads as zero. */
+ case MIPSNET_TX_DATA_BUFFER:
+ default:
+ break;
+ }
+ trace_mipsnet_read(addr, ret);
+ return ret;
+}
+
+static void mipsnet_ioport_write(void *opaque, hwaddr addr,
+ uint64_t val, unsigned int size)
+{
+ MIPSnetState *s = opaque;
+
+ addr &= 0x3f;
+ trace_mipsnet_write(addr, val);
+ switch (addr) {
+ case MIPSNET_TX_DATA_COUNT:
+ s->tx_count = (val <= MAX_ETH_FRAME_SIZE) ? val : 0;
+ s->tx_written = 0;
+ break;
+ case MIPSNET_INT_CTL:
+ if (val & MIPSNET_INTCTL_TXDONE) {
+ s->intctl &= ~MIPSNET_INTCTL_TXDONE;
+ } else if (val & MIPSNET_INTCTL_RXDONE) {
+ s->intctl &= ~MIPSNET_INTCTL_RXDONE;
+ } else if (val & MIPSNET_INTCTL_TESTBIT) {
+ mipsnet_reset(s);
+ s->intctl |= MIPSNET_INTCTL_TESTBIT;
+ } else if (!val) {
+ /* ACK testbit interrupt, flag was cleared on read. */
+ }
+ s->busy = !!s->intctl;
+ mipsnet_update_irq(s);
+ break;
+ case MIPSNET_TX_DATA_BUFFER:
+ s->tx_buffer[s->tx_written++] = val;
+ if (s->tx_written == s->tx_count) {
+ /* Send buffer. */
+ trace_mipsnet_send(s->tx_count);
+ qemu_send_packet(qemu_get_queue(s->nic), s->tx_buffer, s->tx_count);
+ s->tx_count = s->tx_written = 0;
+ s->intctl |= MIPSNET_INTCTL_TXDONE;
+ s->busy = 1;
+ mipsnet_update_irq(s);
+ }
+ break;
+ /* Read-only registers */
+ case MIPSNET_DEV_ID:
+ case MIPSNET_BUSY:
+ case MIPSNET_RX_DATA_COUNT:
+ case MIPSNET_INTERRUPT_INFO:
+ case MIPSNET_RX_DATA_BUFFER:
+ default:
+ break;
+ }
+}
+
+static const VMStateDescription vmstate_mipsnet = {
+ .name = "mipsnet",
+ .version_id = 0,
+ .minimum_version_id = 0,
+ .minimum_version_id_old = 0,
+ .fields = (VMStateField[]) {
+ VMSTATE_UINT32(busy, MIPSnetState),
+ VMSTATE_UINT32(rx_count, MIPSnetState),
+ VMSTATE_UINT32(rx_read, MIPSnetState),
+ VMSTATE_UINT32(tx_count, MIPSnetState),
+ VMSTATE_UINT32(tx_written, MIPSnetState),
+ VMSTATE_UINT32(intctl, MIPSnetState),
+ VMSTATE_BUFFER(rx_buffer, MIPSnetState),
+ VMSTATE_BUFFER(tx_buffer, MIPSnetState),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+static void mipsnet_cleanup(NetClientState *nc)
+{
+ MIPSnetState *s = qemu_get_nic_opaque(nc);
+
+ s->nic = NULL;
+}
+
+static NetClientInfo net_mipsnet_info = {
+ .type = NET_CLIENT_OPTIONS_KIND_NIC,
+ .size = sizeof(NICState),
+ .can_receive = mipsnet_can_receive,
+ .receive = mipsnet_receive,
+ .cleanup = mipsnet_cleanup,
+};
+
+static const MemoryRegionOps mipsnet_ioport_ops = {
+ .read = mipsnet_ioport_read,
+ .write = mipsnet_ioport_write,
+ .impl.min_access_size = 1,
+ .impl.max_access_size = 4,
+};
+
+static int mipsnet_sysbus_init(SysBusDevice *sbd)
+{
+ DeviceState *dev = DEVICE(sbd);
+ MIPSnetState *s = MIPS_NET(dev);
+
+ memory_region_init_io(&s->io, OBJECT(dev), &mipsnet_ioport_ops, s,
+ "mipsnet-io", 36);
+ sysbus_init_mmio(sbd, &s->io);
+ sysbus_init_irq(sbd, &s->irq);
+
+ s->nic = qemu_new_nic(&net_mipsnet_info, &s->conf,
+ object_get_typename(OBJECT(dev)), dev->id, s);
+ qemu_format_nic_info_str(qemu_get_queue(s->nic), s->conf.macaddr.a);
+
+ return 0;
+}
+
+static void mipsnet_sysbus_reset(DeviceState *dev)
+{
+ MIPSnetState *s = MIPS_NET(dev);
+ mipsnet_reset(s);
+}
+
+static Property mipsnet_properties[] = {
+ DEFINE_NIC_PROPERTIES(MIPSnetState, conf),
+ DEFINE_PROP_END_OF_LIST(),
+};
+
+static void mipsnet_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
+
+ k->init = mipsnet_sysbus_init;
+ set_bit(DEVICE_CATEGORY_NETWORK, dc->categories);
+ dc->desc = "MIPS Simulator network device";
+ dc->reset = mipsnet_sysbus_reset;
+ dc->vmsd = &vmstate_mipsnet;
+ dc->props = mipsnet_properties;
+}
+
+static const TypeInfo mipsnet_info = {
+ .name = TYPE_MIPS_NET,
+ .parent = TYPE_SYS_BUS_DEVICE,
+ .instance_size = sizeof(MIPSnetState),
+ .class_init = mipsnet_class_init,
+};
+
+static void mipsnet_register_types(void)
+{
+ type_register_static(&mipsnet_info);
+}
+
+type_init(mipsnet_register_types)
diff --git a/hw/net/ne2000-isa.c b/hw/net/ne2000-isa.c
new file mode 100644
index 000000000..26b83cef0
--- /dev/null
+++ b/hw/net/ne2000-isa.c
@@ -0,0 +1,116 @@
+/*
+ * QEMU NE2000 emulation -- isa bus windup
+ *
+ * Copyright (c) 2003-2004 Fabrice Bellard
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+#include "hw/hw.h"
+#include "hw/i386/pc.h"
+#include "hw/isa/isa.h"
+#include "hw/qdev.h"
+#include "net/net.h"
+#include "ne2000.h"
+#include "exec/address-spaces.h"
+
+#define TYPE_ISA_NE2000 "ne2k_isa"
+#define ISA_NE2000(obj) OBJECT_CHECK(ISANE2000State, (obj), TYPE_ISA_NE2000)
+
+typedef struct ISANE2000State {
+ ISADevice parent_obj;
+
+ uint32_t iobase;
+ uint32_t isairq;
+ NE2000State ne2000;
+} ISANE2000State;
+
+static void isa_ne2000_cleanup(NetClientState *nc)
+{
+ NE2000State *s = qemu_get_nic_opaque(nc);
+
+ s->nic = NULL;
+}
+
+static NetClientInfo net_ne2000_isa_info = {
+ .type = NET_CLIENT_OPTIONS_KIND_NIC,
+ .size = sizeof(NICState),
+ .can_receive = ne2000_can_receive,
+ .receive = ne2000_receive,
+ .cleanup = isa_ne2000_cleanup,
+};
+
+static const VMStateDescription vmstate_isa_ne2000 = {
+ .name = "ne2000",
+ .version_id = 2,
+ .minimum_version_id = 0,
+ .minimum_version_id_old = 0,
+ .fields = (VMStateField []) {
+ VMSTATE_STRUCT(ne2000, ISANE2000State, 0, vmstate_ne2000, NE2000State),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+static void isa_ne2000_realizefn(DeviceState *dev, Error **errp)
+{
+ ISADevice *isadev = ISA_DEVICE(dev);
+ ISANE2000State *isa = ISA_NE2000(dev);
+ NE2000State *s = &isa->ne2000;
+
+ ne2000_setup_io(s, DEVICE(isadev), 0x20);
+ isa_register_ioport(isadev, &s->io, isa->iobase);
+
+ isa_init_irq(isadev, &s->irq, isa->isairq);
+
+ qemu_macaddr_default_if_unset(&s->c.macaddr);
+ ne2000_reset(s);
+
+ s->nic = qemu_new_nic(&net_ne2000_isa_info, &s->c,
+ object_get_typename(OBJECT(dev)), dev->id, s);
+ qemu_format_nic_info_str(qemu_get_queue(s->nic), s->c.macaddr.a);
+}
+
+static Property ne2000_isa_properties[] = {
+ DEFINE_PROP_HEX32("iobase", ISANE2000State, iobase, 0x300),
+ DEFINE_PROP_UINT32("irq", ISANE2000State, isairq, 9),
+ DEFINE_NIC_PROPERTIES(ISANE2000State, ne2000.c),
+ DEFINE_PROP_END_OF_LIST(),
+};
+
+static void isa_ne2000_class_initfn(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+
+ dc->realize = isa_ne2000_realizefn;
+ dc->props = ne2000_isa_properties;
+ set_bit(DEVICE_CATEGORY_NETWORK, dc->categories);
+}
+
+static const TypeInfo ne2000_isa_info = {
+ .name = TYPE_ISA_NE2000,
+ .parent = TYPE_ISA_DEVICE,
+ .instance_size = sizeof(ISANE2000State),
+ .class_init = isa_ne2000_class_initfn,
+};
+
+static void ne2000_isa_register_types(void)
+{
+ type_register_static(&ne2000_isa_info);
+}
+
+type_init(ne2000_isa_register_types)
diff --git a/hw/net/ne2000.c b/hw/net/ne2000.c
new file mode 100644
index 000000000..31afd28c7
--- /dev/null
+++ b/hw/net/ne2000.c
@@ -0,0 +1,790 @@
+/*
+ * QEMU NE2000 emulation
+ *
+ * Copyright (c) 2003-2004 Fabrice Bellard
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+#include "hw/hw.h"
+#include "hw/pci/pci.h"
+#include "net/net.h"
+#include "ne2000.h"
+#include "hw/loader.h"
+#include "sysemu/sysemu.h"
+
+/* debug NE2000 card */
+//#define DEBUG_NE2000
+
+#define MAX_ETH_FRAME_SIZE 1514
+
+#define E8390_CMD 0x00 /* The command register (for all pages) */
+/* Page 0 register offsets. */
+#define EN0_CLDALO 0x01 /* Low byte of current local dma addr RD */
+#define EN0_STARTPG 0x01 /* Starting page of ring bfr WR */
+#define EN0_CLDAHI 0x02 /* High byte of current local dma addr RD */
+#define EN0_STOPPG 0x02 /* Ending page +1 of ring bfr WR */
+#define EN0_BOUNDARY 0x03 /* Boundary page of ring bfr RD WR */
+#define EN0_TSR 0x04 /* Transmit status reg RD */
+#define EN0_TPSR 0x04 /* Transmit starting page WR */
+#define EN0_NCR 0x05 /* Number of collision reg RD */
+#define EN0_TCNTLO 0x05 /* Low byte of tx byte count WR */
+#define EN0_FIFO 0x06 /* FIFO RD */
+#define EN0_TCNTHI 0x06 /* High byte of tx byte count WR */
+#define EN0_ISR 0x07 /* Interrupt status reg RD WR */
+#define EN0_CRDALO 0x08 /* low byte of current remote dma address RD */
+#define EN0_RSARLO 0x08 /* Remote start address reg 0 */
+#define EN0_CRDAHI 0x09 /* high byte, current remote dma address RD */
+#define EN0_RSARHI 0x09 /* Remote start address reg 1 */
+#define EN0_RCNTLO 0x0a /* Remote byte count reg WR */
+#define EN0_RTL8029ID0 0x0a /* Realtek ID byte #1 RD */
+#define EN0_RCNTHI 0x0b /* Remote byte count reg WR */
+#define EN0_RTL8029ID1 0x0b /* Realtek ID byte #2 RD */
+#define EN0_RSR 0x0c /* rx status reg RD */
+#define EN0_RXCR 0x0c /* RX configuration reg WR */
+#define EN0_TXCR 0x0d /* TX configuration reg WR */
+#define EN0_COUNTER0 0x0d /* Rcv alignment error counter RD */
+#define EN0_DCFG 0x0e /* Data configuration reg WR */
+#define EN0_COUNTER1 0x0e /* Rcv CRC error counter RD */
+#define EN0_IMR 0x0f /* Interrupt mask reg WR */
+#define EN0_COUNTER2 0x0f /* Rcv missed frame error counter RD */
+
+#define EN1_PHYS 0x11
+#define EN1_CURPAG 0x17
+#define EN1_MULT 0x18
+
+#define EN2_STARTPG 0x21 /* Starting page of ring bfr RD */
+#define EN2_STOPPG 0x22 /* Ending page +1 of ring bfr RD */
+
+#define EN3_CONFIG0 0x33
+#define EN3_CONFIG1 0x34
+#define EN3_CONFIG2 0x35
+#define EN3_CONFIG3 0x36
+
+/* Register accessed at EN_CMD, the 8390 base addr. */
+#define E8390_STOP 0x01 /* Stop and reset the chip */
+#define E8390_START 0x02 /* Start the chip, clear reset */
+#define E8390_TRANS 0x04 /* Transmit a frame */
+#define E8390_RREAD 0x08 /* Remote read */
+#define E8390_RWRITE 0x10 /* Remote write */
+#define E8390_NODMA 0x20 /* Remote DMA */
+#define E8390_PAGE0 0x00 /* Select page chip registers */
+#define E8390_PAGE1 0x40 /* using the two high-order bits */
+#define E8390_PAGE2 0x80 /* Page 3 is invalid. */
+
+/* Bits in EN0_ISR - Interrupt status register */
+#define ENISR_RX 0x01 /* Receiver, no error */
+#define ENISR_TX 0x02 /* Transmitter, no error */
+#define ENISR_RX_ERR 0x04 /* Receiver, with error */
+#define ENISR_TX_ERR 0x08 /* Transmitter, with error */
+#define ENISR_OVER 0x10 /* Receiver overwrote the ring */
+#define ENISR_COUNTERS 0x20 /* Counters need emptying */
+#define ENISR_RDC 0x40 /* remote dma complete */
+#define ENISR_RESET 0x80 /* Reset completed */
+#define ENISR_ALL 0x3f /* Interrupts we will enable */
+
+/* Bits in received packet status byte and EN0_RSR*/
+#define ENRSR_RXOK 0x01 /* Received a good packet */
+#define ENRSR_CRC 0x02 /* CRC error */
+#define ENRSR_FAE 0x04 /* frame alignment error */
+#define ENRSR_FO 0x08 /* FIFO overrun */
+#define ENRSR_MPA 0x10 /* missed pkt */
+#define ENRSR_PHY 0x20 /* physical/multicast address */
+#define ENRSR_DIS 0x40 /* receiver disable. set in monitor mode */
+#define ENRSR_DEF 0x80 /* deferring */
+
+/* Transmitted packet status, EN0_TSR. */
+#define ENTSR_PTX 0x01 /* Packet transmitted without error */
+#define ENTSR_ND 0x02 /* The transmit wasn't deferred. */
+#define ENTSR_COL 0x04 /* The transmit collided at least once. */
+#define ENTSR_ABT 0x08 /* The transmit collided 16 times, and was deferred. */
+#define ENTSR_CRS 0x10 /* The carrier sense was lost. */
+#define ENTSR_FU 0x20 /* A "FIFO underrun" occurred during transmit. */
+#define ENTSR_CDH 0x40 /* The collision detect "heartbeat" signal was lost. */
+#define ENTSR_OWC 0x80 /* There was an out-of-window collision. */
+
+typedef struct PCINE2000State {
+ PCIDevice dev;
+ NE2000State ne2000;
+} PCINE2000State;
+
+void ne2000_reset(NE2000State *s)
+{
+ int i;
+
+ s->isr = ENISR_RESET;
+ memcpy(s->mem, &s->c.macaddr, 6);
+ s->mem[14] = 0x57;
+ s->mem[15] = 0x57;
+
+ /* duplicate prom data */
+ for(i = 15;i >= 0; i--) {
+ s->mem[2 * i] = s->mem[i];
+ s->mem[2 * i + 1] = s->mem[i];
+ }
+}
+
+static void ne2000_update_irq(NE2000State *s)
+{
+ int isr;
+ isr = (s->isr & s->imr) & 0x7f;
+#if defined(DEBUG_NE2000)
+ printf("NE2000: Set IRQ to %d (%02x %02x)\n",
+ isr ? 1 : 0, s->isr, s->imr);
+#endif
+ qemu_set_irq(s->irq, (isr != 0));
+}
+
+static int ne2000_buffer_full(NE2000State *s)
+{
+ int avail, index, boundary;
+
+ index = s->curpag << 8;
+ boundary = s->boundary << 8;
+ if (index < boundary)
+ avail = boundary - index;
+ else
+ avail = (s->stop - s->start) - (index - boundary);
+ if (avail < (MAX_ETH_FRAME_SIZE + 4))
+ return 1;
+ return 0;
+}
+
+int ne2000_can_receive(NetClientState *nc)
+{
+ NE2000State *s = qemu_get_nic_opaque(nc);
+
+ if (s->cmd & E8390_STOP)
+ return 1;
+ return !ne2000_buffer_full(s);
+}
+
+#define MIN_BUF_SIZE 60
+
+ssize_t ne2000_receive(NetClientState *nc, const uint8_t *buf, size_t size_)
+{
+ NE2000State *s = qemu_get_nic_opaque(nc);
+ int size = size_;
+ uint8_t *p;
+ unsigned int total_len, next, avail, len, index, mcast_idx;
+ uint8_t buf1[60];
+ static const uint8_t broadcast_macaddr[6] =
+ { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
+
+#if defined(DEBUG_NE2000)
+ printf("NE2000: received len=%d\n", size);
+#endif
+
+ if (s->cmd & E8390_STOP || ne2000_buffer_full(s))
+ return -1;
+
+ /* XXX: check this */
+ if (s->rxcr & 0x10) {
+ /* promiscuous: receive all */
+ } else {
+ if (!memcmp(buf, broadcast_macaddr, 6)) {
+ /* broadcast address */
+ if (!(s->rxcr & 0x04))
+ return size;
+ } else if (buf[0] & 0x01) {
+ /* multicast */
+ if (!(s->rxcr & 0x08))
+ return size;
+ mcast_idx = compute_mcast_idx(buf);
+ if (!(s->mult[mcast_idx >> 3] & (1 << (mcast_idx & 7))))
+ return size;
+ } else if (s->mem[0] == buf[0] &&
+ s->mem[2] == buf[1] &&
+ s->mem[4] == buf[2] &&
+ s->mem[6] == buf[3] &&
+ s->mem[8] == buf[4] &&
+ s->mem[10] == buf[5]) {
+ /* match */
+ } else {
+ return size;
+ }
+ }
+
+
+ /* if too small buffer, then expand it */
+ if (size < MIN_BUF_SIZE) {
+ memcpy(buf1, buf, size);
+ memset(buf1 + size, 0, MIN_BUF_SIZE - size);
+ buf = buf1;
+ size = MIN_BUF_SIZE;
+ }
+
+ index = s->curpag << 8;
+ /* 4 bytes for header */
+ total_len = size + 4;
+ /* address for next packet (4 bytes for CRC) */
+ next = index + ((total_len + 4 + 255) & ~0xff);
+ if (next >= s->stop)
+ next -= (s->stop - s->start);
+ /* prepare packet header */
+ p = s->mem + index;
+ s->rsr = ENRSR_RXOK; /* receive status */
+ /* XXX: check this */
+ if (buf[0] & 0x01)
+ s->rsr |= ENRSR_PHY;
+ p[0] = s->rsr;
+ p[1] = next >> 8;
+ p[2] = total_len;
+ p[3] = total_len >> 8;
+ index += 4;
+
+ /* write packet data */
+ while (size > 0) {
+ if (index <= s->stop)
+ avail = s->stop - index;
+ else
+ avail = 0;
+ len = size;
+ if (len > avail)
+ len = avail;
+ memcpy(s->mem + index, buf, len);
+ buf += len;
+ index += len;
+ if (index == s->stop)
+ index = s->start;
+ size -= len;
+ }
+ s->curpag = next >> 8;
+
+ /* now we can signal we have received something */
+ s->isr |= ENISR_RX;
+ ne2000_update_irq(s);
+
+ return size_;
+}
+
+static void ne2000_ioport_write(void *opaque, uint32_t addr, uint32_t val)
+{
+ NE2000State *s = opaque;
+ int offset, page, index;
+
+ addr &= 0xf;
+#ifdef DEBUG_NE2000
+ printf("NE2000: write addr=0x%x val=0x%02x\n", addr, val);
+#endif
+ if (addr == E8390_CMD) {
+ /* control register */
+ s->cmd = val;
+ if (!(val & E8390_STOP)) { /* START bit makes no sense on RTL8029... */
+ s->isr &= ~ENISR_RESET;
+ /* test specific case: zero length transfer */
+ if ((val & (E8390_RREAD | E8390_RWRITE)) &&
+ s->rcnt == 0) {
+ s->isr |= ENISR_RDC;
+ ne2000_update_irq(s);
+ }
+ if (val & E8390_TRANS) {
+ index = (s->tpsr << 8);
+ /* XXX: next 2 lines are a hack to make netware 3.11 work */
+ if (index >= NE2000_PMEM_END)
+ index -= NE2000_PMEM_SIZE;
+ /* fail safe: check range on the transmitted length */
+ if (index + s->tcnt <= NE2000_PMEM_END) {
+ qemu_send_packet(qemu_get_queue(s->nic), s->mem + index,
+ s->tcnt);
+ }
+ /* signal end of transfer */
+ s->tsr = ENTSR_PTX;
+ s->isr |= ENISR_TX;
+ s->cmd &= ~E8390_TRANS;
+ ne2000_update_irq(s);
+ }
+ }
+ } else {
+ page = s->cmd >> 6;
+ offset = addr | (page << 4);
+ switch(offset) {
+ case EN0_STARTPG:
+ s->start = val << 8;
+ break;
+ case EN0_STOPPG:
+ s->stop = val << 8;
+ break;
+ case EN0_BOUNDARY:
+ s->boundary = val;
+ break;
+ case EN0_IMR:
+ s->imr = val;
+ ne2000_update_irq(s);
+ break;
+ case EN0_TPSR:
+ s->tpsr = val;
+ break;
+ case EN0_TCNTLO:
+ s->tcnt = (s->tcnt & 0xff00) | val;
+ break;
+ case EN0_TCNTHI:
+ s->tcnt = (s->tcnt & 0x00ff) | (val << 8);
+ break;
+ case EN0_RSARLO:
+ s->rsar = (s->rsar & 0xff00) | val;
+ break;
+ case EN0_RSARHI:
+ s->rsar = (s->rsar & 0x00ff) | (val << 8);
+ break;
+ case EN0_RCNTLO:
+ s->rcnt = (s->rcnt & 0xff00) | val;
+ break;
+ case EN0_RCNTHI:
+ s->rcnt = (s->rcnt & 0x00ff) | (val << 8);
+ break;
+ case EN0_RXCR:
+ s->rxcr = val;
+ break;
+ case EN0_DCFG:
+ s->dcfg = val;
+ break;
+ case EN0_ISR:
+ s->isr &= ~(val & 0x7f);
+ ne2000_update_irq(s);
+ break;
+ case EN1_PHYS ... EN1_PHYS + 5:
+ s->phys[offset - EN1_PHYS] = val;
+ break;
+ case EN1_CURPAG:
+ s->curpag = val;
+ break;
+ case EN1_MULT ... EN1_MULT + 7:
+ s->mult[offset - EN1_MULT] = val;
+ break;
+ }
+ }
+}
+
+static uint32_t ne2000_ioport_read(void *opaque, uint32_t addr)
+{
+ NE2000State *s = opaque;
+ int offset, page, ret;
+
+ addr &= 0xf;
+ if (addr == E8390_CMD) {
+ ret = s->cmd;
+ } else {
+ page = s->cmd >> 6;
+ offset = addr | (page << 4);
+ switch(offset) {
+ case EN0_TSR:
+ ret = s->tsr;
+ break;
+ case EN0_BOUNDARY:
+ ret = s->boundary;
+ break;
+ case EN0_ISR:
+ ret = s->isr;
+ break;
+ case EN0_RSARLO:
+ ret = s->rsar & 0x00ff;
+ break;
+ case EN0_RSARHI:
+ ret = s->rsar >> 8;
+ break;
+ case EN1_PHYS ... EN1_PHYS + 5:
+ ret = s->phys[offset - EN1_PHYS];
+ break;
+ case EN1_CURPAG:
+ ret = s->curpag;
+ break;
+ case EN1_MULT ... EN1_MULT + 7:
+ ret = s->mult[offset - EN1_MULT];
+ break;
+ case EN0_RSR:
+ ret = s->rsr;
+ break;
+ case EN2_STARTPG:
+ ret = s->start >> 8;
+ break;
+ case EN2_STOPPG:
+ ret = s->stop >> 8;
+ break;
+ case EN0_RTL8029ID0:
+ ret = 0x50;
+ break;
+ case EN0_RTL8029ID1:
+ ret = 0x43;
+ break;
+ case EN3_CONFIG0:
+ ret = 0; /* 10baseT media */
+ break;
+ case EN3_CONFIG2:
+ ret = 0x40; /* 10baseT active */
+ break;
+ case EN3_CONFIG3:
+ ret = 0x40; /* Full duplex */
+ break;
+ default:
+ ret = 0x00;
+ break;
+ }
+ }
+#ifdef DEBUG_NE2000
+ printf("NE2000: read addr=0x%x val=%02x\n", addr, ret);
+#endif
+ return ret;
+}
+
+static inline void ne2000_mem_writeb(NE2000State *s, uint32_t addr,
+ uint32_t val)
+{
+ if (addr < 32 ||
+ (addr >= NE2000_PMEM_START && addr < NE2000_MEM_SIZE)) {
+ s->mem[addr] = val;
+ }
+}
+
+static inline void ne2000_mem_writew(NE2000State *s, uint32_t addr,
+ uint32_t val)
+{
+ addr &= ~1; /* XXX: check exact behaviour if not even */
+ if (addr < 32 ||
+ (addr >= NE2000_PMEM_START && addr < NE2000_MEM_SIZE)) {
+ *(uint16_t *)(s->mem + addr) = cpu_to_le16(val);
+ }
+}
+
+static inline void ne2000_mem_writel(NE2000State *s, uint32_t addr,
+ uint32_t val)
+{
+ addr &= ~1; /* XXX: check exact behaviour if not even */
+ if (addr < 32 ||
+ (addr >= NE2000_PMEM_START && addr < NE2000_MEM_SIZE)) {
+ cpu_to_le32wu((uint32_t *)(s->mem + addr), val);
+ }
+}
+
+static inline uint32_t ne2000_mem_readb(NE2000State *s, uint32_t addr)
+{
+ if (addr < 32 ||
+ (addr >= NE2000_PMEM_START && addr < NE2000_MEM_SIZE)) {
+ return s->mem[addr];
+ } else {
+ return 0xff;
+ }
+}
+
+static inline uint32_t ne2000_mem_readw(NE2000State *s, uint32_t addr)
+{
+ addr &= ~1; /* XXX: check exact behaviour if not even */
+ if (addr < 32 ||
+ (addr >= NE2000_PMEM_START && addr < NE2000_MEM_SIZE)) {
+ return le16_to_cpu(*(uint16_t *)(s->mem + addr));
+ } else {
+ return 0xffff;
+ }
+}
+
+static inline uint32_t ne2000_mem_readl(NE2000State *s, uint32_t addr)
+{
+ addr &= ~1; /* XXX: check exact behaviour if not even */
+ if (addr < 32 ||
+ (addr >= NE2000_PMEM_START && addr < NE2000_MEM_SIZE)) {
+ return le32_to_cpupu((uint32_t *)(s->mem + addr));
+ } else {
+ return 0xffffffff;
+ }
+}
+
+static inline void ne2000_dma_update(NE2000State *s, int len)
+{
+ s->rsar += len;
+ /* wrap */
+ /* XXX: check what to do if rsar > stop */
+ if (s->rsar == s->stop)
+ s->rsar = s->start;
+
+ if (s->rcnt <= len) {
+ s->rcnt = 0;
+ /* signal end of transfer */
+ s->isr |= ENISR_RDC;
+ ne2000_update_irq(s);
+ } else {
+ s->rcnt -= len;
+ }
+}
+
+static void ne2000_asic_ioport_write(void *opaque, uint32_t addr, uint32_t val)
+{
+ NE2000State *s = opaque;
+
+#ifdef DEBUG_NE2000
+ printf("NE2000: asic write val=0x%04x\n", val);
+#endif
+ if (s->rcnt == 0)
+ return;
+ if (s->dcfg & 0x01) {
+ /* 16 bit access */
+ ne2000_mem_writew(s, s->rsar, val);
+ ne2000_dma_update(s, 2);
+ } else {
+ /* 8 bit access */
+ ne2000_mem_writeb(s, s->rsar, val);
+ ne2000_dma_update(s, 1);
+ }
+}
+
+static uint32_t ne2000_asic_ioport_read(void *opaque, uint32_t addr)
+{
+ NE2000State *s = opaque;
+ int ret;
+
+ if (s->dcfg & 0x01) {
+ /* 16 bit access */
+ ret = ne2000_mem_readw(s, s->rsar);
+ ne2000_dma_update(s, 2);
+ } else {
+ /* 8 bit access */
+ ret = ne2000_mem_readb(s, s->rsar);
+ ne2000_dma_update(s, 1);
+ }
+#ifdef DEBUG_NE2000
+ printf("NE2000: asic read val=0x%04x\n", ret);
+#endif
+ return ret;
+}
+
+static void ne2000_asic_ioport_writel(void *opaque, uint32_t addr, uint32_t val)
+{
+ NE2000State *s = opaque;
+
+#ifdef DEBUG_NE2000
+ printf("NE2000: asic writel val=0x%04x\n", val);
+#endif
+ if (s->rcnt == 0)
+ return;
+ /* 32 bit access */
+ ne2000_mem_writel(s, s->rsar, val);
+ ne2000_dma_update(s, 4);
+}
+
+static uint32_t ne2000_asic_ioport_readl(void *opaque, uint32_t addr)
+{
+ NE2000State *s = opaque;
+ int ret;
+
+ /* 32 bit access */
+ ret = ne2000_mem_readl(s, s->rsar);
+ ne2000_dma_update(s, 4);
+#ifdef DEBUG_NE2000
+ printf("NE2000: asic readl val=0x%04x\n", ret);
+#endif
+ return ret;
+}
+
+static void ne2000_reset_ioport_write(void *opaque, uint32_t addr, uint32_t val)
+{
+ /* nothing to do (end of reset pulse) */
+}
+
+static uint32_t ne2000_reset_ioport_read(void *opaque, uint32_t addr)
+{
+ NE2000State *s = opaque;
+ ne2000_reset(s);
+ return 0;
+}
+
+static int ne2000_post_load(void* opaque, int version_id)
+{
+ NE2000State* s = opaque;
+
+ if (version_id < 2) {
+ s->rxcr = 0x0c;
+ }
+ return 0;
+}
+
+const VMStateDescription vmstate_ne2000 = {
+ .name = "ne2000",
+ .version_id = 2,
+ .minimum_version_id = 0,
+ .minimum_version_id_old = 0,
+ .post_load = ne2000_post_load,
+ .fields = (VMStateField []) {
+ VMSTATE_UINT8_V(rxcr, NE2000State, 2),
+ VMSTATE_UINT8(cmd, NE2000State),
+ VMSTATE_UINT32(start, NE2000State),
+ VMSTATE_UINT32(stop, NE2000State),
+ VMSTATE_UINT8(boundary, NE2000State),
+ VMSTATE_UINT8(tsr, NE2000State),
+ VMSTATE_UINT8(tpsr, NE2000State),
+ VMSTATE_UINT16(tcnt, NE2000State),
+ VMSTATE_UINT16(rcnt, NE2000State),
+ VMSTATE_UINT32(rsar, NE2000State),
+ VMSTATE_UINT8(rsr, NE2000State),
+ VMSTATE_UINT8(isr, NE2000State),
+ VMSTATE_UINT8(dcfg, NE2000State),
+ VMSTATE_UINT8(imr, NE2000State),
+ VMSTATE_BUFFER(phys, NE2000State),
+ VMSTATE_UINT8(curpag, NE2000State),
+ VMSTATE_BUFFER(mult, NE2000State),
+ VMSTATE_UNUSED(4), /* was irq */
+ VMSTATE_BUFFER(mem, NE2000State),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+static const VMStateDescription vmstate_pci_ne2000 = {
+ .name = "ne2000",
+ .version_id = 3,
+ .minimum_version_id = 3,
+ .minimum_version_id_old = 3,
+ .fields = (VMStateField []) {
+ VMSTATE_PCI_DEVICE(dev, PCINE2000State),
+ VMSTATE_STRUCT(ne2000, PCINE2000State, 0, vmstate_ne2000, NE2000State),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+static uint64_t ne2000_read(void *opaque, hwaddr addr,
+ unsigned size)
+{
+ NE2000State *s = opaque;
+
+ if (addr < 0x10 && size == 1) {
+ return ne2000_ioport_read(s, addr);
+ } else if (addr == 0x10) {
+ if (size <= 2) {
+ return ne2000_asic_ioport_read(s, addr);
+ } else {
+ return ne2000_asic_ioport_readl(s, addr);
+ }
+ } else if (addr == 0x1f && size == 1) {
+ return ne2000_reset_ioport_read(s, addr);
+ }
+ return ((uint64_t)1 << (size * 8)) - 1;
+}
+
+static void ne2000_write(void *opaque, hwaddr addr,
+ uint64_t data, unsigned size)
+{
+ NE2000State *s = opaque;
+
+ if (addr < 0x10 && size == 1) {
+ ne2000_ioport_write(s, addr, data);
+ } else if (addr == 0x10) {
+ if (size <= 2) {
+ ne2000_asic_ioport_write(s, addr, data);
+ } else {
+ ne2000_asic_ioport_writel(s, addr, data);
+ }
+ } else if (addr == 0x1f && size == 1) {
+ ne2000_reset_ioport_write(s, addr, data);
+ }
+}
+
+static const MemoryRegionOps ne2000_ops = {
+ .read = ne2000_read,
+ .write = ne2000_write,
+ .endianness = DEVICE_NATIVE_ENDIAN,
+};
+
+/***********************************************************/
+/* PCI NE2000 definitions */
+
+void ne2000_setup_io(NE2000State *s, DeviceState *dev, unsigned size)
+{
+ memory_region_init_io(&s->io, OBJECT(dev), &ne2000_ops, s, "ne2000", size);
+}
+
+static void ne2000_cleanup(NetClientState *nc)
+{
+ NE2000State *s = qemu_get_nic_opaque(nc);
+
+ s->nic = NULL;
+}
+
+static NetClientInfo net_ne2000_info = {
+ .type = NET_CLIENT_OPTIONS_KIND_NIC,
+ .size = sizeof(NICState),
+ .can_receive = ne2000_can_receive,
+ .receive = ne2000_receive,
+ .cleanup = ne2000_cleanup,
+};
+
+static int pci_ne2000_init(PCIDevice *pci_dev)
+{
+ PCINE2000State *d = DO_UPCAST(PCINE2000State, dev, pci_dev);
+ NE2000State *s;
+ uint8_t *pci_conf;
+
+ pci_conf = d->dev.config;
+ pci_conf[PCI_INTERRUPT_PIN] = 1; /* interrupt pin A */
+
+ s = &d->ne2000;
+ ne2000_setup_io(s, DEVICE(pci_dev), 0x100);
+ pci_register_bar(&d->dev, 0, PCI_BASE_ADDRESS_SPACE_IO, &s->io);
+ s->irq = d->dev.irq[0];
+
+ qemu_macaddr_default_if_unset(&s->c.macaddr);
+ ne2000_reset(s);
+
+ s->nic = qemu_new_nic(&net_ne2000_info, &s->c,
+ object_get_typename(OBJECT(pci_dev)), pci_dev->qdev.id, s);
+ qemu_format_nic_info_str(qemu_get_queue(s->nic), s->c.macaddr.a);
+
+ add_boot_device_path(s->c.bootindex, &pci_dev->qdev, "/ethernet-phy@0");
+
+ return 0;
+}
+
+static void pci_ne2000_exit(PCIDevice *pci_dev)
+{
+ PCINE2000State *d = DO_UPCAST(PCINE2000State, dev, pci_dev);
+ NE2000State *s = &d->ne2000;
+
+ memory_region_destroy(&s->io);
+ qemu_del_nic(s->nic);
+}
+
+static Property ne2000_properties[] = {
+ DEFINE_NIC_PROPERTIES(PCINE2000State, ne2000.c),
+ DEFINE_PROP_END_OF_LIST(),
+};
+
+static void ne2000_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ PCIDeviceClass *k = PCI_DEVICE_CLASS(klass);
+
+ k->init = pci_ne2000_init;
+ k->exit = pci_ne2000_exit;
+ k->romfile = "efi-ne2k_pci.rom",
+ k->vendor_id = PCI_VENDOR_ID_REALTEK;
+ k->device_id = PCI_DEVICE_ID_REALTEK_8029;
+ k->class_id = PCI_CLASS_NETWORK_ETHERNET;
+ dc->vmsd = &vmstate_pci_ne2000;
+ dc->props = ne2000_properties;
+ set_bit(DEVICE_CATEGORY_NETWORK, dc->categories);
+}
+
+static const TypeInfo ne2000_info = {
+ .name = "ne2k_pci",
+ .parent = TYPE_PCI_DEVICE,
+ .instance_size = sizeof(PCINE2000State),
+ .class_init = ne2000_class_init,
+};
+
+static void ne2000_register_types(void)
+{
+ type_register_static(&ne2000_info);
+}
+
+type_init(ne2000_register_types)
diff --git a/hw/net/ne2000.h b/hw/net/ne2000.h
new file mode 100644
index 000000000..e500306aa
--- /dev/null
+++ b/hw/net/ne2000.h
@@ -0,0 +1,40 @@
+#ifndef HW_NE2000_H
+#define HW_NE2000_H 1
+
+#define NE2000_PMEM_SIZE (32*1024)
+#define NE2000_PMEM_START (16*1024)
+#define NE2000_PMEM_END (NE2000_PMEM_SIZE+NE2000_PMEM_START)
+#define NE2000_MEM_SIZE NE2000_PMEM_END
+
+typedef struct NE2000State {
+ MemoryRegion io;
+ uint8_t cmd;
+ uint32_t start;
+ uint32_t stop;
+ uint8_t boundary;
+ uint8_t tsr;
+ uint8_t tpsr;
+ uint16_t tcnt;
+ uint16_t rcnt;
+ uint32_t rsar;
+ uint8_t rsr;
+ uint8_t rxcr;
+ uint8_t isr;
+ uint8_t dcfg;
+ uint8_t imr;
+ uint8_t phys[6]; /* mac address */
+ uint8_t curpag;
+ uint8_t mult[8]; /* multicast mask array */
+ qemu_irq irq;
+ NICState *nic;
+ NICConf c;
+ uint8_t mem[NE2000_MEM_SIZE];
+} NE2000State;
+
+void ne2000_setup_io(NE2000State *s, DeviceState *dev, unsigned size);
+extern const VMStateDescription vmstate_ne2000;
+void ne2000_reset(NE2000State *s);
+int ne2000_can_receive(NetClientState *nc);
+ssize_t ne2000_receive(NetClientState *nc, const uint8_t *buf, size_t size_);
+
+#endif
diff --git a/hw/net/opencores_eth.c b/hw/net/opencores_eth.c
new file mode 100644
index 000000000..4118d54ac
--- /dev/null
+++ b/hw/net/opencores_eth.c
@@ -0,0 +1,740 @@
+/*
+ * OpenCores Ethernet MAC 10/100 + subset of
+ * National Semiconductors DP83848C 10/100 PHY
+ *
+ * http://opencores.org/svnget,ethmac?file=%2Ftrunk%2F%2Fdoc%2Feth_speci.pdf
+ * http://cache.national.com/ds/DP/DP83848C.pdf
+ *
+ * Copyright (c) 2011, Max Filippov, Open Source and Linux Lab.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * * Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * * Neither the name of the Open Source and Linux Lab nor the
+ * names of its contributors may be used to endorse or promote products
+ * derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "hw/hw.h"
+#include "hw/sysbus.h"
+#include "net/net.h"
+#include "sysemu/sysemu.h"
+#include "trace.h"
+
+/* RECSMALL is not used because it breaks tap networking in linux:
+ * incoming ARP responses are too short
+ */
+#undef USE_RECSMALL
+
+#define GET_FIELD(v, field) (((v) & (field)) >> (field ## _LBN))
+#define GET_REGBIT(s, reg, field) ((s)->regs[reg] & (reg ## _ ## field))
+#define GET_REGFIELD(s, reg, field) \
+ GET_FIELD((s)->regs[reg], reg ## _ ## field)
+
+#define SET_FIELD(v, field, data) \
+ ((v) = (((v) & ~(field)) | (((data) << (field ## _LBN)) & (field))))
+#define SET_REGFIELD(s, reg, field, data) \
+ SET_FIELD((s)->regs[reg], reg ## _ ## field, data)
+
+/* PHY MII registers */
+enum {
+ MII_BMCR,
+ MII_BMSR,
+ MII_PHYIDR1,
+ MII_PHYIDR2,
+ MII_ANAR,
+ MII_ANLPAR,
+ MII_REG_MAX = 16,
+};
+
+typedef struct Mii {
+ uint16_t regs[MII_REG_MAX];
+ bool link_ok;
+} Mii;
+
+static void mii_set_link(Mii *s, bool link_ok)
+{
+ if (link_ok) {
+ s->regs[MII_BMSR] |= 0x4;
+ s->regs[MII_ANLPAR] |= 0x01e1;
+ } else {
+ s->regs[MII_BMSR] &= ~0x4;
+ s->regs[MII_ANLPAR] &= 0x01ff;
+ }
+ s->link_ok = link_ok;
+}
+
+static void mii_reset(Mii *s)
+{
+ memset(s->regs, 0, sizeof(s->regs));
+ s->regs[MII_BMCR] = 0x1000;
+ s->regs[MII_BMSR] = 0x7848; /* no ext regs */
+ s->regs[MII_PHYIDR1] = 0x2000;
+ s->regs[MII_PHYIDR2] = 0x5c90;
+ s->regs[MII_ANAR] = 0x01e1;
+ mii_set_link(s, s->link_ok);
+}
+
+static void mii_ro(Mii *s, uint16_t v)
+{
+}
+
+static void mii_write_bmcr(Mii *s, uint16_t v)
+{
+ if (v & 0x8000) {
+ mii_reset(s);
+ } else {
+ s->regs[MII_BMCR] = v;
+ }
+}
+
+static void mii_write_host(Mii *s, unsigned idx, uint16_t v)
+{
+ static void (*reg_write[MII_REG_MAX])(Mii *s, uint16_t v) = {
+ [MII_BMCR] = mii_write_bmcr,
+ [MII_BMSR] = mii_ro,
+ [MII_PHYIDR1] = mii_ro,
+ [MII_PHYIDR2] = mii_ro,
+ };
+
+ if (idx < MII_REG_MAX) {
+ trace_open_eth_mii_write(idx, v);
+ if (reg_write[idx]) {
+ reg_write[idx](s, v);
+ } else {
+ s->regs[idx] = v;
+ }
+ }
+}
+
+static uint16_t mii_read_host(Mii *s, unsigned idx)
+{
+ trace_open_eth_mii_read(idx, s->regs[idx]);
+ return s->regs[idx];
+}
+
+/* OpenCores Ethernet registers */
+enum {
+ MODER,
+ INT_SOURCE,
+ INT_MASK,
+ IPGT,
+ IPGR1,
+ IPGR2,
+ PACKETLEN,
+ COLLCONF,
+ TX_BD_NUM,
+ CTRLMODER,
+ MIIMODER,
+ MIICOMMAND,
+ MIIADDRESS,
+ MIITX_DATA,
+ MIIRX_DATA,
+ MIISTATUS,
+ MAC_ADDR0,
+ MAC_ADDR1,
+ HASH0,
+ HASH1,
+ TXCTRL,
+ REG_MAX,
+};
+
+enum {
+ MODER_RECSMALL = 0x10000,
+ MODER_PAD = 0x8000,
+ MODER_HUGEN = 0x4000,
+ MODER_RST = 0x800,
+ MODER_LOOPBCK = 0x80,
+ MODER_PRO = 0x20,
+ MODER_IAM = 0x10,
+ MODER_BRO = 0x8,
+ MODER_TXEN = 0x2,
+ MODER_RXEN = 0x1,
+};
+
+enum {
+ INT_SOURCE_RXB = 0x4,
+ INT_SOURCE_TXB = 0x1,
+};
+
+enum {
+ PACKETLEN_MINFL = 0xffff0000,
+ PACKETLEN_MINFL_LBN = 16,
+ PACKETLEN_MAXFL = 0xffff,
+ PACKETLEN_MAXFL_LBN = 0,
+};
+
+enum {
+ MIICOMMAND_WCTRLDATA = 0x4,
+ MIICOMMAND_RSTAT = 0x2,
+ MIICOMMAND_SCANSTAT = 0x1,
+};
+
+enum {
+ MIIADDRESS_RGAD = 0x1f00,
+ MIIADDRESS_RGAD_LBN = 8,
+ MIIADDRESS_FIAD = 0x1f,
+ MIIADDRESS_FIAD_LBN = 0,
+};
+
+enum {
+ MIITX_DATA_CTRLDATA = 0xffff,
+ MIITX_DATA_CTRLDATA_LBN = 0,
+};
+
+enum {
+ MIIRX_DATA_PRSD = 0xffff,
+ MIIRX_DATA_PRSD_LBN = 0,
+};
+
+enum {
+ MIISTATUS_LINKFAIL = 0x1,
+ MIISTATUS_LINKFAIL_LBN = 0,
+};
+
+enum {
+ MAC_ADDR0_BYTE2 = 0xff000000,
+ MAC_ADDR0_BYTE2_LBN = 24,
+ MAC_ADDR0_BYTE3 = 0xff0000,
+ MAC_ADDR0_BYTE3_LBN = 16,
+ MAC_ADDR0_BYTE4 = 0xff00,
+ MAC_ADDR0_BYTE4_LBN = 8,
+ MAC_ADDR0_BYTE5 = 0xff,
+ MAC_ADDR0_BYTE5_LBN = 0,
+};
+
+enum {
+ MAC_ADDR1_BYTE0 = 0xff00,
+ MAC_ADDR1_BYTE0_LBN = 8,
+ MAC_ADDR1_BYTE1 = 0xff,
+ MAC_ADDR1_BYTE1_LBN = 0,
+};
+
+enum {
+ TXD_LEN = 0xffff0000,
+ TXD_LEN_LBN = 16,
+ TXD_RD = 0x8000,
+ TXD_IRQ = 0x4000,
+ TXD_WR = 0x2000,
+ TXD_PAD = 0x1000,
+ TXD_CRC = 0x800,
+ TXD_UR = 0x100,
+ TXD_RTRY = 0xf0,
+ TXD_RTRY_LBN = 4,
+ TXD_RL = 0x8,
+ TXD_LC = 0x4,
+ TXD_DF = 0x2,
+ TXD_CS = 0x1,
+};
+
+enum {
+ RXD_LEN = 0xffff0000,
+ RXD_LEN_LBN = 16,
+ RXD_E = 0x8000,
+ RXD_IRQ = 0x4000,
+ RXD_WRAP = 0x2000,
+ RXD_CF = 0x100,
+ RXD_M = 0x80,
+ RXD_OR = 0x40,
+ RXD_IS = 0x20,
+ RXD_DN = 0x10,
+ RXD_TL = 0x8,
+ RXD_SF = 0x4,
+ RXD_CRC = 0x2,
+ RXD_LC = 0x1,
+};
+
+typedef struct desc {
+ uint32_t len_flags;
+ uint32_t buf_ptr;
+} desc;
+
+#define DEFAULT_PHY 1
+
+#define TYPE_OPEN_ETH "open_eth"
+#define OPEN_ETH(obj) OBJECT_CHECK(OpenEthState, (obj), TYPE_OPEN_ETH)
+
+typedef struct OpenEthState {
+ SysBusDevice parent_obj;
+
+ NICState *nic;
+ NICConf conf;
+ MemoryRegion reg_io;
+ MemoryRegion desc_io;
+ qemu_irq irq;
+
+ Mii mii;
+ uint32_t regs[REG_MAX];
+ unsigned tx_desc;
+ unsigned rx_desc;
+ desc desc[128];
+} OpenEthState;
+
+static desc *rx_desc(OpenEthState *s)
+{
+ return s->desc + s->rx_desc;
+}
+
+static desc *tx_desc(OpenEthState *s)
+{
+ return s->desc + s->tx_desc;
+}
+
+static void open_eth_update_irq(OpenEthState *s,
+ uint32_t old, uint32_t new)
+{
+ if (!old != !new) {
+ trace_open_eth_update_irq(new);
+ qemu_set_irq(s->irq, new);
+ }
+}
+
+static void open_eth_int_source_write(OpenEthState *s,
+ uint32_t val)
+{
+ uint32_t old_val = s->regs[INT_SOURCE];
+
+ s->regs[INT_SOURCE] = val;
+ open_eth_update_irq(s, old_val & s->regs[INT_MASK],
+ s->regs[INT_SOURCE] & s->regs[INT_MASK]);
+}
+
+static void open_eth_set_link_status(NetClientState *nc)
+{
+ OpenEthState *s = qemu_get_nic_opaque(nc);
+
+ if (GET_REGBIT(s, MIICOMMAND, SCANSTAT)) {
+ SET_REGFIELD(s, MIISTATUS, LINKFAIL, nc->link_down);
+ }
+ mii_set_link(&s->mii, !nc->link_down);
+}
+
+static void open_eth_reset(void *opaque)
+{
+ OpenEthState *s = opaque;
+
+ memset(s->regs, 0, sizeof(s->regs));
+ s->regs[MODER] = 0xa000;
+ s->regs[IPGT] = 0x12;
+ s->regs[IPGR1] = 0xc;
+ s->regs[IPGR2] = 0x12;
+ s->regs[PACKETLEN] = 0x400600;
+ s->regs[COLLCONF] = 0xf003f;
+ s->regs[TX_BD_NUM] = 0x40;
+ s->regs[MIIMODER] = 0x64;
+
+ s->tx_desc = 0;
+ s->rx_desc = 0x40;
+
+ mii_reset(&s->mii);
+ open_eth_set_link_status(qemu_get_queue(s->nic));
+}
+
+static int open_eth_can_receive(NetClientState *nc)
+{
+ OpenEthState *s = qemu_get_nic_opaque(nc);
+
+ return GET_REGBIT(s, MODER, RXEN) &&
+ (s->regs[TX_BD_NUM] < 0x80) &&
+ (rx_desc(s)->len_flags & RXD_E);
+}
+
+static ssize_t open_eth_receive(NetClientState *nc,
+ const uint8_t *buf, size_t size)
+{
+ OpenEthState *s = qemu_get_nic_opaque(nc);
+ size_t maxfl = GET_REGFIELD(s, PACKETLEN, MAXFL);
+ size_t minfl = GET_REGFIELD(s, PACKETLEN, MINFL);
+ size_t fcsl = 4;
+ bool miss = true;
+
+ trace_open_eth_receive((unsigned)size);
+
+ if (size >= 6) {
+ static const uint8_t bcast_addr[] = {
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff
+ };
+ if (memcmp(buf, bcast_addr, sizeof(bcast_addr)) == 0) {
+ miss = GET_REGBIT(s, MODER, BRO);
+ } else if ((buf[0] & 0x1) || GET_REGBIT(s, MODER, IAM)) {
+ unsigned mcast_idx = compute_mcast_idx(buf);
+ miss = !(s->regs[HASH0 + mcast_idx / 32] &
+ (1 << (mcast_idx % 32)));
+ trace_open_eth_receive_mcast(
+ mcast_idx, s->regs[HASH0], s->regs[HASH1]);
+ } else {
+ miss = GET_REGFIELD(s, MAC_ADDR1, BYTE0) != buf[0] ||
+ GET_REGFIELD(s, MAC_ADDR1, BYTE1) != buf[1] ||
+ GET_REGFIELD(s, MAC_ADDR0, BYTE2) != buf[2] ||
+ GET_REGFIELD(s, MAC_ADDR0, BYTE3) != buf[3] ||
+ GET_REGFIELD(s, MAC_ADDR0, BYTE4) != buf[4] ||
+ GET_REGFIELD(s, MAC_ADDR0, BYTE5) != buf[5];
+ }
+ }
+
+ if (miss && !GET_REGBIT(s, MODER, PRO)) {
+ trace_open_eth_receive_reject();
+ return size;
+ }
+
+#ifdef USE_RECSMALL
+ if (GET_REGBIT(s, MODER, RECSMALL) || size >= minfl) {
+#else
+ {
+#endif
+ static const uint8_t zero[64] = {0};
+ desc *desc = rx_desc(s);
+ size_t copy_size = GET_REGBIT(s, MODER, HUGEN) ? 65536 : maxfl;
+
+ desc->len_flags &= ~(RXD_CF | RXD_M | RXD_OR |
+ RXD_IS | RXD_DN | RXD_TL | RXD_SF | RXD_CRC | RXD_LC);
+
+ if (copy_size > size) {
+ copy_size = size;
+ } else {
+ fcsl = 0;
+ }
+ if (miss) {
+ desc->len_flags |= RXD_M;
+ }
+ if (GET_REGBIT(s, MODER, HUGEN) && size > maxfl) {
+ desc->len_flags |= RXD_TL;
+ }
+#ifdef USE_RECSMALL
+ if (size < minfl) {
+ desc->len_flags |= RXD_SF;
+ }
+#endif
+
+ cpu_physical_memory_write(desc->buf_ptr, buf, copy_size);
+
+ if (GET_REGBIT(s, MODER, PAD) && copy_size < minfl) {
+ if (minfl - copy_size > fcsl) {
+ fcsl = 0;
+ } else {
+ fcsl -= minfl - copy_size;
+ }
+ while (copy_size < minfl) {
+ size_t zero_sz = minfl - copy_size < sizeof(zero) ?
+ minfl - copy_size : sizeof(zero);
+
+ cpu_physical_memory_write(desc->buf_ptr + copy_size,
+ zero, zero_sz);
+ copy_size += zero_sz;
+ }
+ }
+
+ /* There's no FCS in the frames handed to us by the QEMU, zero fill it.
+ * Don't do it if the frame is cut at the MAXFL or padded with 4 or
+ * more bytes to the MINFL.
+ */
+ cpu_physical_memory_write(desc->buf_ptr + copy_size, zero, fcsl);
+ copy_size += fcsl;
+
+ SET_FIELD(desc->len_flags, RXD_LEN, copy_size);
+
+ if ((desc->len_flags & RXD_WRAP) || s->rx_desc == 0x7f) {
+ s->rx_desc = s->regs[TX_BD_NUM];
+ } else {
+ ++s->rx_desc;
+ }
+ desc->len_flags &= ~RXD_E;
+
+ trace_open_eth_receive_desc(desc->buf_ptr, desc->len_flags);
+
+ if (desc->len_flags & RXD_IRQ) {
+ open_eth_int_source_write(s,
+ s->regs[INT_SOURCE] | INT_SOURCE_RXB);
+ }
+ }
+ return size;
+}
+
+static void open_eth_cleanup(NetClientState *nc)
+{
+}
+
+static NetClientInfo net_open_eth_info = {
+ .type = NET_CLIENT_OPTIONS_KIND_NIC,
+ .size = sizeof(NICState),
+ .can_receive = open_eth_can_receive,
+ .receive = open_eth_receive,
+ .cleanup = open_eth_cleanup,
+ .link_status_changed = open_eth_set_link_status,
+};
+
+static void open_eth_start_xmit(OpenEthState *s, desc *tx)
+{
+ uint8_t buf[65536];
+ unsigned len = GET_FIELD(tx->len_flags, TXD_LEN);
+ unsigned tx_len = len;
+
+ if ((tx->len_flags & TXD_PAD) &&
+ tx_len < GET_REGFIELD(s, PACKETLEN, MINFL)) {
+ tx_len = GET_REGFIELD(s, PACKETLEN, MINFL);
+ }
+ if (!GET_REGBIT(s, MODER, HUGEN) &&
+ tx_len > GET_REGFIELD(s, PACKETLEN, MAXFL)) {
+ tx_len = GET_REGFIELD(s, PACKETLEN, MAXFL);
+ }
+
+ trace_open_eth_start_xmit(tx->buf_ptr, len, tx_len);
+
+ if (len > tx_len) {
+ len = tx_len;
+ }
+ cpu_physical_memory_read(tx->buf_ptr, buf, len);
+ if (tx_len > len) {
+ memset(buf + len, 0, tx_len - len);
+ }
+ qemu_send_packet(qemu_get_queue(s->nic), buf, tx_len);
+
+ if (tx->len_flags & TXD_WR) {
+ s->tx_desc = 0;
+ } else {
+ ++s->tx_desc;
+ if (s->tx_desc >= s->regs[TX_BD_NUM]) {
+ s->tx_desc = 0;
+ }
+ }
+ tx->len_flags &= ~(TXD_RD | TXD_UR |
+ TXD_RTRY | TXD_RL | TXD_LC | TXD_DF | TXD_CS);
+ if (tx->len_flags & TXD_IRQ) {
+ open_eth_int_source_write(s, s->regs[INT_SOURCE] | INT_SOURCE_TXB);
+ }
+
+}
+
+static void open_eth_check_start_xmit(OpenEthState *s)
+{
+ desc *tx = tx_desc(s);
+ if (GET_REGBIT(s, MODER, TXEN) && s->regs[TX_BD_NUM] > 0 &&
+ (tx->len_flags & TXD_RD) &&
+ GET_FIELD(tx->len_flags, TXD_LEN) > 4) {
+ open_eth_start_xmit(s, tx);
+ }
+}
+
+static uint64_t open_eth_reg_read(void *opaque,
+ hwaddr addr, unsigned int size)
+{
+ static uint32_t (*reg_read[REG_MAX])(OpenEthState *s) = {
+ };
+ OpenEthState *s = opaque;
+ unsigned idx = addr / 4;
+ uint64_t v = 0;
+
+ if (idx < REG_MAX) {
+ if (reg_read[idx]) {
+ v = reg_read[idx](s);
+ } else {
+ v = s->regs[idx];
+ }
+ }
+ trace_open_eth_reg_read((uint32_t)addr, (uint32_t)v);
+ return v;
+}
+
+static void open_eth_ro(OpenEthState *s, uint32_t val)
+{
+}
+
+static void open_eth_moder_host_write(OpenEthState *s, uint32_t val)
+{
+ uint32_t set = val & ~s->regs[MODER];
+
+ if (set & MODER_RST) {
+ open_eth_reset(s);
+ }
+
+ s->regs[MODER] = val;
+
+ if (set & MODER_RXEN) {
+ s->rx_desc = s->regs[TX_BD_NUM];
+ }
+ if (set & MODER_TXEN) {
+ s->tx_desc = 0;
+ open_eth_check_start_xmit(s);
+ }
+}
+
+static void open_eth_int_source_host_write(OpenEthState *s, uint32_t val)
+{
+ uint32_t old = s->regs[INT_SOURCE];
+
+ s->regs[INT_SOURCE] &= ~val;
+ open_eth_update_irq(s, old & s->regs[INT_MASK],
+ s->regs[INT_SOURCE] & s->regs[INT_MASK]);
+}
+
+static void open_eth_int_mask_host_write(OpenEthState *s, uint32_t val)
+{
+ uint32_t old = s->regs[INT_MASK];
+
+ s->regs[INT_MASK] = val;
+ open_eth_update_irq(s, s->regs[INT_SOURCE] & old,
+ s->regs[INT_SOURCE] & s->regs[INT_MASK]);
+}
+
+static void open_eth_mii_command_host_write(OpenEthState *s, uint32_t val)
+{
+ unsigned fiad = GET_REGFIELD(s, MIIADDRESS, FIAD);
+ unsigned rgad = GET_REGFIELD(s, MIIADDRESS, RGAD);
+
+ if (val & MIICOMMAND_WCTRLDATA) {
+ if (fiad == DEFAULT_PHY) {
+ mii_write_host(&s->mii, rgad,
+ GET_REGFIELD(s, MIITX_DATA, CTRLDATA));
+ }
+ }
+ if (val & MIICOMMAND_RSTAT) {
+ if (fiad == DEFAULT_PHY) {
+ SET_REGFIELD(s, MIIRX_DATA, PRSD,
+ mii_read_host(&s->mii, rgad));
+ } else {
+ s->regs[MIIRX_DATA] = 0xffff;
+ }
+ SET_REGFIELD(s, MIISTATUS, LINKFAIL, qemu_get_queue(s->nic)->link_down);
+ }
+}
+
+static void open_eth_mii_tx_host_write(OpenEthState *s, uint32_t val)
+{
+ SET_REGFIELD(s, MIITX_DATA, CTRLDATA, val);
+ if (GET_REGFIELD(s, MIIADDRESS, FIAD) == DEFAULT_PHY) {
+ mii_write_host(&s->mii, GET_REGFIELD(s, MIIADDRESS, RGAD),
+ GET_REGFIELD(s, MIITX_DATA, CTRLDATA));
+ }
+}
+
+static void open_eth_reg_write(void *opaque,
+ hwaddr addr, uint64_t val, unsigned int size)
+{
+ static void (*reg_write[REG_MAX])(OpenEthState *s, uint32_t val) = {
+ [MODER] = open_eth_moder_host_write,
+ [INT_SOURCE] = open_eth_int_source_host_write,
+ [INT_MASK] = open_eth_int_mask_host_write,
+ [MIICOMMAND] = open_eth_mii_command_host_write,
+ [MIITX_DATA] = open_eth_mii_tx_host_write,
+ [MIISTATUS] = open_eth_ro,
+ };
+ OpenEthState *s = opaque;
+ unsigned idx = addr / 4;
+
+ if (idx < REG_MAX) {
+ trace_open_eth_reg_write((uint32_t)addr, (uint32_t)val);
+ if (reg_write[idx]) {
+ reg_write[idx](s, val);
+ } else {
+ s->regs[idx] = val;
+ }
+ }
+}
+
+static uint64_t open_eth_desc_read(void *opaque,
+ hwaddr addr, unsigned int size)
+{
+ OpenEthState *s = opaque;
+ uint64_t v = 0;
+
+ addr &= 0x3ff;
+ memcpy(&v, (uint8_t *)s->desc + addr, size);
+ trace_open_eth_desc_read((uint32_t)addr, (uint32_t)v);
+ return v;
+}
+
+static void open_eth_desc_write(void *opaque,
+ hwaddr addr, uint64_t val, unsigned int size)
+{
+ OpenEthState *s = opaque;
+
+ addr &= 0x3ff;
+ trace_open_eth_desc_write((uint32_t)addr, (uint32_t)val);
+ memcpy((uint8_t *)s->desc + addr, &val, size);
+ open_eth_check_start_xmit(s);
+}
+
+
+static const MemoryRegionOps open_eth_reg_ops = {
+ .read = open_eth_reg_read,
+ .write = open_eth_reg_write,
+};
+
+static const MemoryRegionOps open_eth_desc_ops = {
+ .read = open_eth_desc_read,
+ .write = open_eth_desc_write,
+};
+
+static int sysbus_open_eth_init(SysBusDevice *sbd)
+{
+ DeviceState *dev = DEVICE(sbd);
+ OpenEthState *s = OPEN_ETH(dev);
+
+ memory_region_init_io(&s->reg_io, OBJECT(dev), &open_eth_reg_ops, s,
+ "open_eth.regs", 0x54);
+ sysbus_init_mmio(sbd, &s->reg_io);
+
+ memory_region_init_io(&s->desc_io, OBJECT(dev), &open_eth_desc_ops, s,
+ "open_eth.desc", 0x400);
+ sysbus_init_mmio(sbd, &s->desc_io);
+
+ sysbus_init_irq(sbd, &s->irq);
+
+ s->nic = qemu_new_nic(&net_open_eth_info, &s->conf,
+ object_get_typename(OBJECT(s)), dev->id, s);
+ return 0;
+}
+
+static void qdev_open_eth_reset(DeviceState *dev)
+{
+ OpenEthState *d = OPEN_ETH(dev);
+
+ open_eth_reset(d);
+}
+
+static Property open_eth_properties[] = {
+ DEFINE_NIC_PROPERTIES(OpenEthState, conf),
+ DEFINE_PROP_END_OF_LIST(),
+};
+
+static void open_eth_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
+
+ k->init = sysbus_open_eth_init;
+ set_bit(DEVICE_CATEGORY_NETWORK, dc->categories);
+ dc->desc = "Opencores 10/100 Mbit Ethernet";
+ dc->reset = qdev_open_eth_reset;
+ dc->props = open_eth_properties;
+}
+
+static const TypeInfo open_eth_info = {
+ .name = TYPE_OPEN_ETH,
+ .parent = TYPE_SYS_BUS_DEVICE,
+ .instance_size = sizeof(OpenEthState),
+ .class_init = open_eth_class_init,
+};
+
+static void open_eth_register_types(void)
+{
+ type_register_static(&open_eth_info);
+}
+
+type_init(open_eth_register_types)
diff --git a/hw/net/pcnet-pci.c b/hw/net/pcnet-pci.c
new file mode 100644
index 000000000..2c2301c36
--- /dev/null
+++ b/hw/net/pcnet-pci.c
@@ -0,0 +1,384 @@
+/*
+ * QEMU AMD PC-Net II (Am79C970A) PCI emulation
+ *
+ * Copyright (c) 2004 Antony T Curtis
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+/* This software was written to be compatible with the specification:
+ * AMD Am79C970A PCnet-PCI II Ethernet Controller Data-Sheet
+ * AMD Publication# 19436 Rev:E Amendment/0 Issue Date: June 2000
+ */
+
+#include "hw/pci/pci.h"
+#include "net/net.h"
+#include "hw/loader.h"
+#include "qemu/timer.h"
+#include "sysemu/dma.h"
+
+#include "pcnet.h"
+
+//#define PCNET_DEBUG
+//#define PCNET_DEBUG_IO
+//#define PCNET_DEBUG_BCR
+//#define PCNET_DEBUG_CSR
+//#define PCNET_DEBUG_RMD
+//#define PCNET_DEBUG_TMD
+//#define PCNET_DEBUG_MATCH
+
+#define TYPE_PCI_PCNET "pcnet"
+
+#define PCI_PCNET(obj) \
+ OBJECT_CHECK(PCIPCNetState, (obj), TYPE_PCI_PCNET)
+
+typedef struct {
+ /*< private >*/
+ PCIDevice parent_obj;
+ /*< public >*/
+
+ PCNetState state;
+ MemoryRegion io_bar;
+} PCIPCNetState;
+
+static void pcnet_aprom_writeb(void *opaque, uint32_t addr, uint32_t val)
+{
+ PCNetState *s = opaque;
+#ifdef PCNET_DEBUG
+ printf("pcnet_aprom_writeb addr=0x%08x val=0x%02x\n", addr, val);
+#endif
+ if (BCR_APROMWE(s)) {
+ s->prom[addr & 15] = val;
+ }
+}
+
+static uint32_t pcnet_aprom_readb(void *opaque, uint32_t addr)
+{
+ PCNetState *s = opaque;
+ uint32_t val = s->prom[addr & 15];
+#ifdef PCNET_DEBUG
+ printf("pcnet_aprom_readb addr=0x%08x val=0x%02x\n", addr, val);
+#endif
+ return val;
+}
+
+static uint64_t pcnet_ioport_read(void *opaque, hwaddr addr,
+ unsigned size)
+{
+ PCNetState *d = opaque;
+
+ if (addr < 0x10) {
+ if (!BCR_DWIO(d) && size == 1) {
+ return pcnet_aprom_readb(d, addr);
+ } else if (!BCR_DWIO(d) && (addr & 1) == 0 && size == 2) {
+ return pcnet_aprom_readb(d, addr) |
+ (pcnet_aprom_readb(d, addr + 1) << 8);
+ } else if (BCR_DWIO(d) && (addr & 3) == 0 && size == 4) {
+ return pcnet_aprom_readb(d, addr) |
+ (pcnet_aprom_readb(d, addr + 1) << 8) |
+ (pcnet_aprom_readb(d, addr + 2) << 16) |
+ (pcnet_aprom_readb(d, addr + 3) << 24);
+ }
+ } else {
+ if (size == 2) {
+ return pcnet_ioport_readw(d, addr);
+ } else if (size == 4) {
+ return pcnet_ioport_readl(d, addr);
+ }
+ }
+ return ((uint64_t)1 << (size * 8)) - 1;
+}
+
+static void pcnet_ioport_write(void *opaque, hwaddr addr,
+ uint64_t data, unsigned size)
+{
+ PCNetState *d = opaque;
+
+ if (addr < 0x10) {
+ if (!BCR_DWIO(d) && size == 1) {
+ pcnet_aprom_writeb(d, addr, data);
+ } else if (!BCR_DWIO(d) && (addr & 1) == 0 && size == 2) {
+ pcnet_aprom_writeb(d, addr, data & 0xff);
+ pcnet_aprom_writeb(d, addr + 1, data >> 8);
+ } else if (BCR_DWIO(d) && (addr & 3) == 0 && size == 4) {
+ pcnet_aprom_writeb(d, addr, data & 0xff);
+ pcnet_aprom_writeb(d, addr + 1, (data >> 8) & 0xff);
+ pcnet_aprom_writeb(d, addr + 2, (data >> 16) & 0xff);
+ pcnet_aprom_writeb(d, addr + 3, data >> 24);
+ }
+ } else {
+ if (size == 2) {
+ pcnet_ioport_writew(d, addr, data);
+ } else if (size == 4) {
+ pcnet_ioport_writel(d, addr, data);
+ }
+ }
+}
+
+static const MemoryRegionOps pcnet_io_ops = {
+ .read = pcnet_ioport_read,
+ .write = pcnet_ioport_write,
+ .endianness = DEVICE_NATIVE_ENDIAN,
+};
+
+static void pcnet_mmio_writeb(void *opaque, hwaddr addr, uint32_t val)
+{
+ PCNetState *d = opaque;
+#ifdef PCNET_DEBUG_IO
+ printf("pcnet_mmio_writeb addr=0x" TARGET_FMT_plx" val=0x%02x\n", addr,
+ val);
+#endif
+ if (!(addr & 0x10))
+ pcnet_aprom_writeb(d, addr & 0x0f, val);
+}
+
+static uint32_t pcnet_mmio_readb(void *opaque, hwaddr addr)
+{
+ PCNetState *d = opaque;
+ uint32_t val = -1;
+ if (!(addr & 0x10))
+ val = pcnet_aprom_readb(d, addr & 0x0f);
+#ifdef PCNET_DEBUG_IO
+ printf("pcnet_mmio_readb addr=0x" TARGET_FMT_plx " val=0x%02x\n", addr,
+ val & 0xff);
+#endif
+ return val;
+}
+
+static void pcnet_mmio_writew(void *opaque, hwaddr addr, uint32_t val)
+{
+ PCNetState *d = opaque;
+#ifdef PCNET_DEBUG_IO
+ printf("pcnet_mmio_writew addr=0x" TARGET_FMT_plx " val=0x%04x\n", addr,
+ val);
+#endif
+ if (addr & 0x10)
+ pcnet_ioport_writew(d, addr & 0x0f, val);
+ else {
+ addr &= 0x0f;
+ pcnet_aprom_writeb(d, addr, val & 0xff);
+ pcnet_aprom_writeb(d, addr+1, (val & 0xff00) >> 8);
+ }
+}
+
+static uint32_t pcnet_mmio_readw(void *opaque, hwaddr addr)
+{
+ PCNetState *d = opaque;
+ uint32_t val = -1;
+ if (addr & 0x10)
+ val = pcnet_ioport_readw(d, addr & 0x0f);
+ else {
+ addr &= 0x0f;
+ val = pcnet_aprom_readb(d, addr+1);
+ val <<= 8;
+ val |= pcnet_aprom_readb(d, addr);
+ }
+#ifdef PCNET_DEBUG_IO
+ printf("pcnet_mmio_readw addr=0x" TARGET_FMT_plx" val = 0x%04x\n", addr,
+ val & 0xffff);
+#endif
+ return val;
+}
+
+static void pcnet_mmio_writel(void *opaque, hwaddr addr, uint32_t val)
+{
+ PCNetState *d = opaque;
+#ifdef PCNET_DEBUG_IO
+ printf("pcnet_mmio_writel addr=0x" TARGET_FMT_plx" val=0x%08x\n", addr,
+ val);
+#endif
+ if (addr & 0x10)
+ pcnet_ioport_writel(d, addr & 0x0f, val);
+ else {
+ addr &= 0x0f;
+ pcnet_aprom_writeb(d, addr, val & 0xff);
+ pcnet_aprom_writeb(d, addr+1, (val & 0xff00) >> 8);
+ pcnet_aprom_writeb(d, addr+2, (val & 0xff0000) >> 16);
+ pcnet_aprom_writeb(d, addr+3, (val & 0xff000000) >> 24);
+ }
+}
+
+static uint32_t pcnet_mmio_readl(void *opaque, hwaddr addr)
+{
+ PCNetState *d = opaque;
+ uint32_t val;
+ if (addr & 0x10)
+ val = pcnet_ioport_readl(d, addr & 0x0f);
+ else {
+ addr &= 0x0f;
+ val = pcnet_aprom_readb(d, addr+3);
+ val <<= 8;
+ val |= pcnet_aprom_readb(d, addr+2);
+ val <<= 8;
+ val |= pcnet_aprom_readb(d, addr+1);
+ val <<= 8;
+ val |= pcnet_aprom_readb(d, addr);
+ }
+#ifdef PCNET_DEBUG_IO
+ printf("pcnet_mmio_readl addr=0x" TARGET_FMT_plx " val=0x%08x\n", addr,
+ val);
+#endif
+ return val;
+}
+
+static const VMStateDescription vmstate_pci_pcnet = {
+ .name = "pcnet",
+ .version_id = 3,
+ .minimum_version_id = 2,
+ .minimum_version_id_old = 2,
+ .fields = (VMStateField []) {
+ VMSTATE_PCI_DEVICE(parent_obj, PCIPCNetState),
+ VMSTATE_STRUCT(state, PCIPCNetState, 0, vmstate_pcnet, PCNetState),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+/* PCI interface */
+
+static const MemoryRegionOps pcnet_mmio_ops = {
+ .old_mmio = {
+ .read = { pcnet_mmio_readb, pcnet_mmio_readw, pcnet_mmio_readl },
+ .write = { pcnet_mmio_writeb, pcnet_mmio_writew, pcnet_mmio_writel },
+ },
+ .endianness = DEVICE_NATIVE_ENDIAN,
+};
+
+static void pci_physical_memory_write(void *dma_opaque, hwaddr addr,
+ uint8_t *buf, int len, int do_bswap)
+{
+ pci_dma_write(dma_opaque, addr, buf, len);
+}
+
+static void pci_physical_memory_read(void *dma_opaque, hwaddr addr,
+ uint8_t *buf, int len, int do_bswap)
+{
+ pci_dma_read(dma_opaque, addr, buf, len);
+}
+
+static void pci_pcnet_cleanup(NetClientState *nc)
+{
+ PCNetState *d = qemu_get_nic_opaque(nc);
+
+ pcnet_common_cleanup(d);
+}
+
+static void pci_pcnet_uninit(PCIDevice *dev)
+{
+ PCIPCNetState *d = PCI_PCNET(dev);
+
+ memory_region_destroy(&d->state.mmio);
+ memory_region_destroy(&d->io_bar);
+ qemu_del_timer(d->state.poll_timer);
+ qemu_free_timer(d->state.poll_timer);
+ qemu_del_nic(d->state.nic);
+}
+
+static NetClientInfo net_pci_pcnet_info = {
+ .type = NET_CLIENT_OPTIONS_KIND_NIC,
+ .size = sizeof(NICState),
+ .can_receive = pcnet_can_receive,
+ .receive = pcnet_receive,
+ .link_status_changed = pcnet_set_link_status,
+ .cleanup = pci_pcnet_cleanup,
+};
+
+static int pci_pcnet_init(PCIDevice *pci_dev)
+{
+ PCIPCNetState *d = PCI_PCNET(pci_dev);
+ PCNetState *s = &d->state;
+ uint8_t *pci_conf;
+
+#if 0
+ printf("sizeof(RMD)=%d, sizeof(TMD)=%d\n",
+ sizeof(struct pcnet_RMD), sizeof(struct pcnet_TMD));
+#endif
+
+ pci_conf = pci_dev->config;
+
+ pci_set_word(pci_conf + PCI_STATUS,
+ PCI_STATUS_FAST_BACK | PCI_STATUS_DEVSEL_MEDIUM);
+
+ pci_set_word(pci_conf + PCI_SUBSYSTEM_VENDOR_ID, 0x0);
+ pci_set_word(pci_conf + PCI_SUBSYSTEM_ID, 0x0);
+
+ pci_conf[PCI_INTERRUPT_PIN] = 1; /* interrupt pin A */
+ pci_conf[PCI_MIN_GNT] = 0x06;
+ pci_conf[PCI_MAX_LAT] = 0xff;
+
+ /* Handler for memory-mapped I/O */
+ memory_region_init_io(&d->state.mmio, OBJECT(d), &pcnet_mmio_ops, s,
+ "pcnet-mmio", PCNET_PNPMMIO_SIZE);
+
+ memory_region_init_io(&d->io_bar, OBJECT(d), &pcnet_io_ops, s, "pcnet-io",
+ PCNET_IOPORT_SIZE);
+ pci_register_bar(pci_dev, 0, PCI_BASE_ADDRESS_SPACE_IO, &d->io_bar);
+
+ pci_register_bar(pci_dev, 1, 0, &s->mmio);
+
+ s->irq = pci_dev->irq[0];
+ s->phys_mem_read = pci_physical_memory_read;
+ s->phys_mem_write = pci_physical_memory_write;
+ s->dma_opaque = pci_dev;
+
+ return pcnet_common_init(DEVICE(pci_dev), s, &net_pci_pcnet_info);
+}
+
+static void pci_reset(DeviceState *dev)
+{
+ PCIPCNetState *d = PCI_PCNET(dev);
+
+ pcnet_h_reset(&d->state);
+}
+
+static Property pcnet_properties[] = {
+ DEFINE_NIC_PROPERTIES(PCIPCNetState, state.conf),
+ DEFINE_PROP_END_OF_LIST(),
+};
+
+static void pcnet_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ PCIDeviceClass *k = PCI_DEVICE_CLASS(klass);
+
+ k->init = pci_pcnet_init;
+ k->exit = pci_pcnet_uninit;
+ k->romfile = "efi-pcnet.rom",
+ k->vendor_id = PCI_VENDOR_ID_AMD;
+ k->device_id = PCI_DEVICE_ID_AMD_LANCE;
+ k->revision = 0x10;
+ k->class_id = PCI_CLASS_NETWORK_ETHERNET;
+ dc->reset = pci_reset;
+ dc->vmsd = &vmstate_pci_pcnet;
+ dc->props = pcnet_properties;
+ set_bit(DEVICE_CATEGORY_NETWORK, dc->categories);
+}
+
+static const TypeInfo pcnet_info = {
+ .name = TYPE_PCI_PCNET,
+ .parent = TYPE_PCI_DEVICE,
+ .instance_size = sizeof(PCIPCNetState),
+ .class_init = pcnet_class_init,
+};
+
+static void pci_pcnet_register_types(void)
+{
+ type_register_static(&pcnet_info);
+}
+
+type_init(pci_pcnet_register_types)
diff --git a/hw/net/pcnet.c b/hw/net/pcnet.c
new file mode 100644
index 000000000..63aa73a24
--- /dev/null
+++ b/hw/net/pcnet.c
@@ -0,0 +1,1772 @@
+/*
+ * QEMU AMD PC-Net II (Am79C970A) emulation
+ *
+ * Copyright (c) 2004 Antony T Curtis
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+/* This software was written to be compatible with the specification:
+ * AMD Am79C970A PCnet-PCI II Ethernet Controller Data-Sheet
+ * AMD Publication# 19436 Rev:E Amendment/0 Issue Date: June 2000
+ */
+
+/*
+ * On Sparc32, this is the Lance (Am7990) part of chip STP2000 (Master I/O), also
+ * produced as NCR89C100. See
+ * http://www.ibiblio.org/pub/historic-linux/early-ports/Sparc/NCR/NCR89C100.txt
+ * and
+ * http://www.ibiblio.org/pub/historic-linux/early-ports/Sparc/NCR/NCR92C990.txt
+ */
+
+#include "hw/qdev.h"
+#include "net/net.h"
+#include "qemu/timer.h"
+#include "qemu/sockets.h"
+#include "sysemu/sysemu.h"
+
+#include "pcnet.h"
+
+//#define PCNET_DEBUG
+//#define PCNET_DEBUG_IO
+//#define PCNET_DEBUG_BCR
+//#define PCNET_DEBUG_CSR
+//#define PCNET_DEBUG_RMD
+//#define PCNET_DEBUG_TMD
+//#define PCNET_DEBUG_MATCH
+
+
+struct qemu_ether_header {
+ uint8_t ether_dhost[6];
+ uint8_t ether_shost[6];
+ uint16_t ether_type;
+};
+
+#define CSR_INIT(S) !!(((S)->csr[0])&0x0001)
+#define CSR_STRT(S) !!(((S)->csr[0])&0x0002)
+#define CSR_STOP(S) !!(((S)->csr[0])&0x0004)
+#define CSR_TDMD(S) !!(((S)->csr[0])&0x0008)
+#define CSR_TXON(S) !!(((S)->csr[0])&0x0010)
+#define CSR_RXON(S) !!(((S)->csr[0])&0x0020)
+#define CSR_INEA(S) !!(((S)->csr[0])&0x0040)
+#define CSR_BSWP(S) !!(((S)->csr[3])&0x0004)
+#define CSR_LAPPEN(S) !!(((S)->csr[3])&0x0020)
+#define CSR_DXSUFLO(S) !!(((S)->csr[3])&0x0040)
+#define CSR_ASTRP_RCV(S) !!(((S)->csr[4])&0x0800)
+#define CSR_DPOLL(S) !!(((S)->csr[4])&0x1000)
+#define CSR_SPND(S) !!(((S)->csr[5])&0x0001)
+#define CSR_LTINTEN(S) !!(((S)->csr[5])&0x4000)
+#define CSR_TOKINTD(S) !!(((S)->csr[5])&0x8000)
+#define CSR_DRX(S) !!(((S)->csr[15])&0x0001)
+#define CSR_DTX(S) !!(((S)->csr[15])&0x0002)
+#define CSR_LOOP(S) !!(((S)->csr[15])&0x0004)
+#define CSR_DXMTFCS(S) !!(((S)->csr[15])&0x0008)
+#define CSR_INTL(S) !!(((S)->csr[15])&0x0040)
+#define CSR_DRCVPA(S) !!(((S)->csr[15])&0x2000)
+#define CSR_DRCVBC(S) !!(((S)->csr[15])&0x4000)
+#define CSR_PROM(S) !!(((S)->csr[15])&0x8000)
+
+#define CSR_CRBC(S) ((S)->csr[40])
+#define CSR_CRST(S) ((S)->csr[41])
+#define CSR_CXBC(S) ((S)->csr[42])
+#define CSR_CXST(S) ((S)->csr[43])
+#define CSR_NRBC(S) ((S)->csr[44])
+#define CSR_NRST(S) ((S)->csr[45])
+#define CSR_POLL(S) ((S)->csr[46])
+#define CSR_PINT(S) ((S)->csr[47])
+#define CSR_RCVRC(S) ((S)->csr[72])
+#define CSR_XMTRC(S) ((S)->csr[74])
+#define CSR_RCVRL(S) ((S)->csr[76])
+#define CSR_XMTRL(S) ((S)->csr[78])
+#define CSR_MISSC(S) ((S)->csr[112])
+
+#define CSR_IADR(S) ((S)->csr[ 1] | ((uint32_t)(S)->csr[ 2] << 16))
+#define CSR_CRBA(S) ((S)->csr[18] | ((uint32_t)(S)->csr[19] << 16))
+#define CSR_CXBA(S) ((S)->csr[20] | ((uint32_t)(S)->csr[21] << 16))
+#define CSR_NRBA(S) ((S)->csr[22] | ((uint32_t)(S)->csr[23] << 16))
+#define CSR_BADR(S) ((S)->csr[24] | ((uint32_t)(S)->csr[25] << 16))
+#define CSR_NRDA(S) ((S)->csr[26] | ((uint32_t)(S)->csr[27] << 16))
+#define CSR_CRDA(S) ((S)->csr[28] | ((uint32_t)(S)->csr[29] << 16))
+#define CSR_BADX(S) ((S)->csr[30] | ((uint32_t)(S)->csr[31] << 16))
+#define CSR_NXDA(S) ((S)->csr[32] | ((uint32_t)(S)->csr[33] << 16))
+#define CSR_CXDA(S) ((S)->csr[34] | ((uint32_t)(S)->csr[35] << 16))
+#define CSR_NNRD(S) ((S)->csr[36] | ((uint32_t)(S)->csr[37] << 16))
+#define CSR_NNXD(S) ((S)->csr[38] | ((uint32_t)(S)->csr[39] << 16))
+#define CSR_PXDA(S) ((S)->csr[60] | ((uint32_t)(S)->csr[61] << 16))
+#define CSR_NXBA(S) ((S)->csr[64] | ((uint32_t)(S)->csr[65] << 16))
+
+#define PHYSADDR(S,A) \
+ (BCR_SSIZE32(S) ? (A) : (A) | ((0xff00 & (uint32_t)(S)->csr[2])<<16))
+
+struct pcnet_initblk16 {
+ uint16_t mode;
+ uint16_t padr[3];
+ uint16_t ladrf[4];
+ uint32_t rdra;
+ uint32_t tdra;
+};
+
+struct pcnet_initblk32 {
+ uint16_t mode;
+ uint8_t rlen;
+ uint8_t tlen;
+ uint16_t padr[3];
+ uint16_t _res;
+ uint16_t ladrf[4];
+ uint32_t rdra;
+ uint32_t tdra;
+};
+
+struct pcnet_TMD {
+ uint32_t tbadr;
+ int16_t length;
+ int16_t status;
+ uint32_t misc;
+ uint32_t res;
+};
+
+#define TMDL_BCNT_MASK 0x0fff
+#define TMDL_BCNT_SH 0
+#define TMDL_ONES_MASK 0xf000
+#define TMDL_ONES_SH 12
+
+#define TMDS_BPE_MASK 0x0080
+#define TMDS_BPE_SH 7
+#define TMDS_ENP_MASK 0x0100
+#define TMDS_ENP_SH 8
+#define TMDS_STP_MASK 0x0200
+#define TMDS_STP_SH 9
+#define TMDS_DEF_MASK 0x0400
+#define TMDS_DEF_SH 10
+#define TMDS_ONE_MASK 0x0800
+#define TMDS_ONE_SH 11
+#define TMDS_LTINT_MASK 0x1000
+#define TMDS_LTINT_SH 12
+#define TMDS_NOFCS_MASK 0x2000
+#define TMDS_NOFCS_SH 13
+#define TMDS_ADDFCS_MASK TMDS_NOFCS_MASK
+#define TMDS_ADDFCS_SH TMDS_NOFCS_SH
+#define TMDS_ERR_MASK 0x4000
+#define TMDS_ERR_SH 14
+#define TMDS_OWN_MASK 0x8000
+#define TMDS_OWN_SH 15
+
+#define TMDM_TRC_MASK 0x0000000f
+#define TMDM_TRC_SH 0
+#define TMDM_TDR_MASK 0x03ff0000
+#define TMDM_TDR_SH 16
+#define TMDM_RTRY_MASK 0x04000000
+#define TMDM_RTRY_SH 26
+#define TMDM_LCAR_MASK 0x08000000
+#define TMDM_LCAR_SH 27
+#define TMDM_LCOL_MASK 0x10000000
+#define TMDM_LCOL_SH 28
+#define TMDM_EXDEF_MASK 0x20000000
+#define TMDM_EXDEF_SH 29
+#define TMDM_UFLO_MASK 0x40000000
+#define TMDM_UFLO_SH 30
+#define TMDM_BUFF_MASK 0x80000000
+#define TMDM_BUFF_SH 31
+
+struct pcnet_RMD {
+ uint32_t rbadr;
+ int16_t buf_length;
+ int16_t status;
+ uint32_t msg_length;
+ uint32_t res;
+};
+
+#define RMDL_BCNT_MASK 0x0fff
+#define RMDL_BCNT_SH 0
+#define RMDL_ONES_MASK 0xf000
+#define RMDL_ONES_SH 12
+
+#define RMDS_BAM_MASK 0x0010
+#define RMDS_BAM_SH 4
+#define RMDS_LFAM_MASK 0x0020
+#define RMDS_LFAM_SH 5
+#define RMDS_PAM_MASK 0x0040
+#define RMDS_PAM_SH 6
+#define RMDS_BPE_MASK 0x0080
+#define RMDS_BPE_SH 7
+#define RMDS_ENP_MASK 0x0100
+#define RMDS_ENP_SH 8
+#define RMDS_STP_MASK 0x0200
+#define RMDS_STP_SH 9
+#define RMDS_BUFF_MASK 0x0400
+#define RMDS_BUFF_SH 10
+#define RMDS_CRC_MASK 0x0800
+#define RMDS_CRC_SH 11
+#define RMDS_OFLO_MASK 0x1000
+#define RMDS_OFLO_SH 12
+#define RMDS_FRAM_MASK 0x2000
+#define RMDS_FRAM_SH 13
+#define RMDS_ERR_MASK 0x4000
+#define RMDS_ERR_SH 14
+#define RMDS_OWN_MASK 0x8000
+#define RMDS_OWN_SH 15
+
+#define RMDM_MCNT_MASK 0x00000fff
+#define RMDM_MCNT_SH 0
+#define RMDM_ZEROS_MASK 0x0000f000
+#define RMDM_ZEROS_SH 12
+#define RMDM_RPC_MASK 0x00ff0000
+#define RMDM_RPC_SH 16
+#define RMDM_RCC_MASK 0xff000000
+#define RMDM_RCC_SH 24
+
+#define SET_FIELD(regp, name, field, value) \
+ (*(regp) = (*(regp) & ~(name ## _ ## field ## _MASK)) \
+ | ((value) << name ## _ ## field ## _SH))
+
+#define GET_FIELD(reg, name, field) \
+ (((reg) & name ## _ ## field ## _MASK) >> name ## _ ## field ## _SH)
+
+#define PRINT_TMD(T) printf( \
+ "TMD0 : TBADR=0x%08x\n" \
+ "TMD1 : OWN=%d, ERR=%d, FCS=%d, LTI=%d, " \
+ "ONE=%d, DEF=%d, STP=%d, ENP=%d,\n" \
+ " BPE=%d, BCNT=%d\n" \
+ "TMD2 : BUF=%d, UFL=%d, EXD=%d, LCO=%d, " \
+ "LCA=%d, RTR=%d,\n" \
+ " TDR=%d, TRC=%d\n", \
+ (T)->tbadr, \
+ GET_FIELD((T)->status, TMDS, OWN), \
+ GET_FIELD((T)->status, TMDS, ERR), \
+ GET_FIELD((T)->status, TMDS, NOFCS), \
+ GET_FIELD((T)->status, TMDS, LTINT), \
+ GET_FIELD((T)->status, TMDS, ONE), \
+ GET_FIELD((T)->status, TMDS, DEF), \
+ GET_FIELD((T)->status, TMDS, STP), \
+ GET_FIELD((T)->status, TMDS, ENP), \
+ GET_FIELD((T)->status, TMDS, BPE), \
+ 4096-GET_FIELD((T)->length, TMDL, BCNT), \
+ GET_FIELD((T)->misc, TMDM, BUFF), \
+ GET_FIELD((T)->misc, TMDM, UFLO), \
+ GET_FIELD((T)->misc, TMDM, EXDEF), \
+ GET_FIELD((T)->misc, TMDM, LCOL), \
+ GET_FIELD((T)->misc, TMDM, LCAR), \
+ GET_FIELD((T)->misc, TMDM, RTRY), \
+ GET_FIELD((T)->misc, TMDM, TDR), \
+ GET_FIELD((T)->misc, TMDM, TRC))
+
+#define PRINT_RMD(R) printf( \
+ "RMD0 : RBADR=0x%08x\n" \
+ "RMD1 : OWN=%d, ERR=%d, FRAM=%d, OFLO=%d, " \
+ "CRC=%d, BUFF=%d, STP=%d, ENP=%d,\n " \
+ "BPE=%d, PAM=%d, LAFM=%d, BAM=%d, ONES=%d, BCNT=%d\n" \
+ "RMD2 : RCC=%d, RPC=%d, MCNT=%d, ZEROS=%d\n", \
+ (R)->rbadr, \
+ GET_FIELD((R)->status, RMDS, OWN), \
+ GET_FIELD((R)->status, RMDS, ERR), \
+ GET_FIELD((R)->status, RMDS, FRAM), \
+ GET_FIELD((R)->status, RMDS, OFLO), \
+ GET_FIELD((R)->status, RMDS, CRC), \
+ GET_FIELD((R)->status, RMDS, BUFF), \
+ GET_FIELD((R)->status, RMDS, STP), \
+ GET_FIELD((R)->status, RMDS, ENP), \
+ GET_FIELD((R)->status, RMDS, BPE), \
+ GET_FIELD((R)->status, RMDS, PAM), \
+ GET_FIELD((R)->status, RMDS, LFAM), \
+ GET_FIELD((R)->status, RMDS, BAM), \
+ GET_FIELD((R)->buf_length, RMDL, ONES), \
+ 4096-GET_FIELD((R)->buf_length, RMDL, BCNT), \
+ GET_FIELD((R)->msg_length, RMDM, RCC), \
+ GET_FIELD((R)->msg_length, RMDM, RPC), \
+ GET_FIELD((R)->msg_length, RMDM, MCNT), \
+ GET_FIELD((R)->msg_length, RMDM, ZEROS))
+
+static inline void pcnet_tmd_load(PCNetState *s, struct pcnet_TMD *tmd,
+ hwaddr addr)
+{
+ if (!BCR_SSIZE32(s)) {
+ struct {
+ uint32_t tbadr;
+ int16_t length;
+ int16_t status;
+ } xda;
+ s->phys_mem_read(s->dma_opaque, addr, (void *)&xda, sizeof(xda), 0);
+ tmd->tbadr = le32_to_cpu(xda.tbadr) & 0xffffff;
+ tmd->length = le16_to_cpu(xda.length);
+ tmd->status = (le32_to_cpu(xda.tbadr) >> 16) & 0xff00;
+ tmd->misc = le16_to_cpu(xda.status) << 16;
+ tmd->res = 0;
+ } else {
+ s->phys_mem_read(s->dma_opaque, addr, (void *)tmd, sizeof(*tmd), 0);
+ le32_to_cpus(&tmd->tbadr);
+ le16_to_cpus((uint16_t *)&tmd->length);
+ le16_to_cpus((uint16_t *)&tmd->status);
+ le32_to_cpus(&tmd->misc);
+ le32_to_cpus(&tmd->res);
+ if (BCR_SWSTYLE(s) == 3) {
+ uint32_t tmp = tmd->tbadr;
+ tmd->tbadr = tmd->misc;
+ tmd->misc = tmp;
+ }
+ }
+}
+
+static inline void pcnet_tmd_store(PCNetState *s, const struct pcnet_TMD *tmd,
+ hwaddr addr)
+{
+ if (!BCR_SSIZE32(s)) {
+ struct {
+ uint32_t tbadr;
+ int16_t length;
+ int16_t status;
+ } xda;
+ xda.tbadr = cpu_to_le32((tmd->tbadr & 0xffffff) |
+ ((tmd->status & 0xff00) << 16));
+ xda.length = cpu_to_le16(tmd->length);
+ xda.status = cpu_to_le16(tmd->misc >> 16);
+ s->phys_mem_write(s->dma_opaque, addr, (void *)&xda, sizeof(xda), 0);
+ } else {
+ struct {
+ uint32_t tbadr;
+ int16_t length;
+ int16_t status;
+ uint32_t misc;
+ uint32_t res;
+ } xda;
+ xda.tbadr = cpu_to_le32(tmd->tbadr);
+ xda.length = cpu_to_le16(tmd->length);
+ xda.status = cpu_to_le16(tmd->status);
+ xda.misc = cpu_to_le32(tmd->misc);
+ xda.res = cpu_to_le32(tmd->res);
+ if (BCR_SWSTYLE(s) == 3) {
+ uint32_t tmp = xda.tbadr;
+ xda.tbadr = xda.misc;
+ xda.misc = tmp;
+ }
+ s->phys_mem_write(s->dma_opaque, addr, (void *)&xda, sizeof(xda), 0);
+ }
+}
+
+static inline void pcnet_rmd_load(PCNetState *s, struct pcnet_RMD *rmd,
+ hwaddr addr)
+{
+ if (!BCR_SSIZE32(s)) {
+ struct {
+ uint32_t rbadr;
+ int16_t buf_length;
+ int16_t msg_length;
+ } rda;
+ s->phys_mem_read(s->dma_opaque, addr, (void *)&rda, sizeof(rda), 0);
+ rmd->rbadr = le32_to_cpu(rda.rbadr) & 0xffffff;
+ rmd->buf_length = le16_to_cpu(rda.buf_length);
+ rmd->status = (le32_to_cpu(rda.rbadr) >> 16) & 0xff00;
+ rmd->msg_length = le16_to_cpu(rda.msg_length);
+ rmd->res = 0;
+ } else {
+ s->phys_mem_read(s->dma_opaque, addr, (void *)rmd, sizeof(*rmd), 0);
+ le32_to_cpus(&rmd->rbadr);
+ le16_to_cpus((uint16_t *)&rmd->buf_length);
+ le16_to_cpus((uint16_t *)&rmd->status);
+ le32_to_cpus(&rmd->msg_length);
+ le32_to_cpus(&rmd->res);
+ if (BCR_SWSTYLE(s) == 3) {
+ uint32_t tmp = rmd->rbadr;
+ rmd->rbadr = rmd->msg_length;
+ rmd->msg_length = tmp;
+ }
+ }
+}
+
+static inline void pcnet_rmd_store(PCNetState *s, struct pcnet_RMD *rmd,
+ hwaddr addr)
+{
+ if (!BCR_SSIZE32(s)) {
+ struct {
+ uint32_t rbadr;
+ int16_t buf_length;
+ int16_t msg_length;
+ } rda;
+ rda.rbadr = cpu_to_le32((rmd->rbadr & 0xffffff) |
+ ((rmd->status & 0xff00) << 16));
+ rda.buf_length = cpu_to_le16(rmd->buf_length);
+ rda.msg_length = cpu_to_le16(rmd->msg_length);
+ s->phys_mem_write(s->dma_opaque, addr, (void *)&rda, sizeof(rda), 0);
+ } else {
+ struct {
+ uint32_t rbadr;
+ int16_t buf_length;
+ int16_t status;
+ uint32_t msg_length;
+ uint32_t res;
+ } rda;
+ rda.rbadr = cpu_to_le32(rmd->rbadr);
+ rda.buf_length = cpu_to_le16(rmd->buf_length);
+ rda.status = cpu_to_le16(rmd->status);
+ rda.msg_length = cpu_to_le32(rmd->msg_length);
+ rda.res = cpu_to_le32(rmd->res);
+ if (BCR_SWSTYLE(s) == 3) {
+ uint32_t tmp = rda.rbadr;
+ rda.rbadr = rda.msg_length;
+ rda.msg_length = tmp;
+ }
+ s->phys_mem_write(s->dma_opaque, addr, (void *)&rda, sizeof(rda), 0);
+ }
+}
+
+
+#define TMDLOAD(TMD,ADDR) pcnet_tmd_load(s,TMD,ADDR)
+
+#define TMDSTORE(TMD,ADDR) pcnet_tmd_store(s,TMD,ADDR)
+
+#define RMDLOAD(RMD,ADDR) pcnet_rmd_load(s,RMD,ADDR)
+
+#define RMDSTORE(RMD,ADDR) pcnet_rmd_store(s,RMD,ADDR)
+
+#if 1
+
+#define CHECK_RMD(ADDR,RES) do { \
+ struct pcnet_RMD rmd; \
+ RMDLOAD(&rmd,(ADDR)); \
+ (RES) |= (GET_FIELD(rmd.buf_length, RMDL, ONES) != 15) \
+ || (GET_FIELD(rmd.msg_length, RMDM, ZEROS) != 0); \
+} while (0)
+
+#define CHECK_TMD(ADDR,RES) do { \
+ struct pcnet_TMD tmd; \
+ TMDLOAD(&tmd,(ADDR)); \
+ (RES) |= (GET_FIELD(tmd.length, TMDL, ONES) != 15); \
+} while (0)
+
+#else
+
+#define CHECK_RMD(ADDR,RES) do { \
+ switch (BCR_SWSTYLE(s)) { \
+ case 0x00: \
+ do { \
+ uint16_t rda[4]; \
+ s->phys_mem_read(s->dma_opaque, (ADDR), \
+ (void *)&rda[0], sizeof(rda), 0); \
+ (RES) |= (rda[2] & 0xf000)!=0xf000; \
+ (RES) |= (rda[3] & 0xf000)!=0x0000; \
+ } while (0); \
+ break; \
+ case 0x01: \
+ case 0x02: \
+ do { \
+ uint32_t rda[4]; \
+ s->phys_mem_read(s->dma_opaque, (ADDR), \
+ (void *)&rda[0], sizeof(rda), 0); \
+ (RES) |= (rda[1] & 0x0000f000L)!=0x0000f000L; \
+ (RES) |= (rda[2] & 0x0000f000L)!=0x00000000L; \
+ } while (0); \
+ break; \
+ case 0x03: \
+ do { \
+ uint32_t rda[4]; \
+ s->phys_mem_read(s->dma_opaque, (ADDR), \
+ (void *)&rda[0], sizeof(rda), 0); \
+ (RES) |= (rda[0] & 0x0000f000L)!=0x00000000L; \
+ (RES) |= (rda[1] & 0x0000f000L)!=0x0000f000L; \
+ } while (0); \
+ break; \
+ } \
+} while (0)
+
+#define CHECK_TMD(ADDR,RES) do { \
+ switch (BCR_SWSTYLE(s)) { \
+ case 0x00: \
+ do { \
+ uint16_t xda[4]; \
+ s->phys_mem_read(s->dma_opaque, (ADDR), \
+ (void *)&xda[0], sizeof(xda), 0); \
+ (RES) |= (xda[2] & 0xf000)!=0xf000; \
+ } while (0); \
+ break; \
+ case 0x01: \
+ case 0x02: \
+ case 0x03: \
+ do { \
+ uint32_t xda[4]; \
+ s->phys_mem_read(s->dma_opaque, (ADDR), \
+ (void *)&xda[0], sizeof(xda), 0); \
+ (RES) |= (xda[1] & 0x0000f000L)!=0x0000f000L; \
+ } while (0); \
+ break; \
+ } \
+} while (0)
+
+#endif
+
+#define PRINT_PKTHDR(BUF) do { \
+ struct qemu_ether_header *hdr = (void *)(BUF); \
+ printf("packet dhost=%02x:%02x:%02x:%02x:%02x:%02x, " \
+ "shost=%02x:%02x:%02x:%02x:%02x:%02x, " \
+ "type=0x%04x\n", \
+ hdr->ether_dhost[0],hdr->ether_dhost[1],hdr->ether_dhost[2], \
+ hdr->ether_dhost[3],hdr->ether_dhost[4],hdr->ether_dhost[5], \
+ hdr->ether_shost[0],hdr->ether_shost[1],hdr->ether_shost[2], \
+ hdr->ether_shost[3],hdr->ether_shost[4],hdr->ether_shost[5], \
+ be16_to_cpu(hdr->ether_type)); \
+} while (0)
+
+#define MULTICAST_FILTER_LEN 8
+
+static inline uint32_t lnc_mchash(const uint8_t *ether_addr)
+{
+#define LNC_POLYNOMIAL 0xEDB88320UL
+ uint32_t crc = 0xFFFFFFFF;
+ int idx, bit;
+ uint8_t data;
+
+ for (idx = 0; idx < 6; idx++) {
+ for (data = *ether_addr++, bit = 0; bit < MULTICAST_FILTER_LEN; bit++) {
+ crc = (crc >> 1) ^ (((crc ^ data) & 1) ? LNC_POLYNOMIAL : 0);
+ data >>= 1;
+ }
+ }
+ return crc;
+#undef LNC_POLYNOMIAL
+}
+
+#define CRC(crc, ch) (crc = (crc >> 8) ^ crctab[(crc ^ (ch)) & 0xff])
+
+/* generated using the AUTODIN II polynomial
+ * x^32 + x^26 + x^23 + x^22 + x^16 +
+ * x^12 + x^11 + x^10 + x^8 + x^7 + x^5 + x^4 + x^2 + x^1 + 1
+ */
+static const uint32_t crctab[256] = {
+ 0x00000000, 0x77073096, 0xee0e612c, 0x990951ba,
+ 0x076dc419, 0x706af48f, 0xe963a535, 0x9e6495a3,
+ 0x0edb8832, 0x79dcb8a4, 0xe0d5e91e, 0x97d2d988,
+ 0x09b64c2b, 0x7eb17cbd, 0xe7b82d07, 0x90bf1d91,
+ 0x1db71064, 0x6ab020f2, 0xf3b97148, 0x84be41de,
+ 0x1adad47d, 0x6ddde4eb, 0xf4d4b551, 0x83d385c7,
+ 0x136c9856, 0x646ba8c0, 0xfd62f97a, 0x8a65c9ec,
+ 0x14015c4f, 0x63066cd9, 0xfa0f3d63, 0x8d080df5,
+ 0x3b6e20c8, 0x4c69105e, 0xd56041e4, 0xa2677172,
+ 0x3c03e4d1, 0x4b04d447, 0xd20d85fd, 0xa50ab56b,
+ 0x35b5a8fa, 0x42b2986c, 0xdbbbc9d6, 0xacbcf940,
+ 0x32d86ce3, 0x45df5c75, 0xdcd60dcf, 0xabd13d59,
+ 0x26d930ac, 0x51de003a, 0xc8d75180, 0xbfd06116,
+ 0x21b4f4b5, 0x56b3c423, 0xcfba9599, 0xb8bda50f,
+ 0x2802b89e, 0x5f058808, 0xc60cd9b2, 0xb10be924,
+ 0x2f6f7c87, 0x58684c11, 0xc1611dab, 0xb6662d3d,
+ 0x76dc4190, 0x01db7106, 0x98d220bc, 0xefd5102a,
+ 0x71b18589, 0x06b6b51f, 0x9fbfe4a5, 0xe8b8d433,
+ 0x7807c9a2, 0x0f00f934, 0x9609a88e, 0xe10e9818,
+ 0x7f6a0dbb, 0x086d3d2d, 0x91646c97, 0xe6635c01,
+ 0x6b6b51f4, 0x1c6c6162, 0x856530d8, 0xf262004e,
+ 0x6c0695ed, 0x1b01a57b, 0x8208f4c1, 0xf50fc457,
+ 0x65b0d9c6, 0x12b7e950, 0x8bbeb8ea, 0xfcb9887c,
+ 0x62dd1ddf, 0x15da2d49, 0x8cd37cf3, 0xfbd44c65,
+ 0x4db26158, 0x3ab551ce, 0xa3bc0074, 0xd4bb30e2,
+ 0x4adfa541, 0x3dd895d7, 0xa4d1c46d, 0xd3d6f4fb,
+ 0x4369e96a, 0x346ed9fc, 0xad678846, 0xda60b8d0,
+ 0x44042d73, 0x33031de5, 0xaa0a4c5f, 0xdd0d7cc9,
+ 0x5005713c, 0x270241aa, 0xbe0b1010, 0xc90c2086,
+ 0x5768b525, 0x206f85b3, 0xb966d409, 0xce61e49f,
+ 0x5edef90e, 0x29d9c998, 0xb0d09822, 0xc7d7a8b4,
+ 0x59b33d17, 0x2eb40d81, 0xb7bd5c3b, 0xc0ba6cad,
+ 0xedb88320, 0x9abfb3b6, 0x03b6e20c, 0x74b1d29a,
+ 0xead54739, 0x9dd277af, 0x04db2615, 0x73dc1683,
+ 0xe3630b12, 0x94643b84, 0x0d6d6a3e, 0x7a6a5aa8,
+ 0xe40ecf0b, 0x9309ff9d, 0x0a00ae27, 0x7d079eb1,
+ 0xf00f9344, 0x8708a3d2, 0x1e01f268, 0x6906c2fe,
+ 0xf762575d, 0x806567cb, 0x196c3671, 0x6e6b06e7,
+ 0xfed41b76, 0x89d32be0, 0x10da7a5a, 0x67dd4acc,
+ 0xf9b9df6f, 0x8ebeeff9, 0x17b7be43, 0x60b08ed5,
+ 0xd6d6a3e8, 0xa1d1937e, 0x38d8c2c4, 0x4fdff252,
+ 0xd1bb67f1, 0xa6bc5767, 0x3fb506dd, 0x48b2364b,
+ 0xd80d2bda, 0xaf0a1b4c, 0x36034af6, 0x41047a60,
+ 0xdf60efc3, 0xa867df55, 0x316e8eef, 0x4669be79,
+ 0xcb61b38c, 0xbc66831a, 0x256fd2a0, 0x5268e236,
+ 0xcc0c7795, 0xbb0b4703, 0x220216b9, 0x5505262f,
+ 0xc5ba3bbe, 0xb2bd0b28, 0x2bb45a92, 0x5cb36a04,
+ 0xc2d7ffa7, 0xb5d0cf31, 0x2cd99e8b, 0x5bdeae1d,
+ 0x9b64c2b0, 0xec63f226, 0x756aa39c, 0x026d930a,
+ 0x9c0906a9, 0xeb0e363f, 0x72076785, 0x05005713,
+ 0x95bf4a82, 0xe2b87a14, 0x7bb12bae, 0x0cb61b38,
+ 0x92d28e9b, 0xe5d5be0d, 0x7cdcefb7, 0x0bdbdf21,
+ 0x86d3d2d4, 0xf1d4e242, 0x68ddb3f8, 0x1fda836e,
+ 0x81be16cd, 0xf6b9265b, 0x6fb077e1, 0x18b74777,
+ 0x88085ae6, 0xff0f6a70, 0x66063bca, 0x11010b5c,
+ 0x8f659eff, 0xf862ae69, 0x616bffd3, 0x166ccf45,
+ 0xa00ae278, 0xd70dd2ee, 0x4e048354, 0x3903b3c2,
+ 0xa7672661, 0xd06016f7, 0x4969474d, 0x3e6e77db,
+ 0xaed16a4a, 0xd9d65adc, 0x40df0b66, 0x37d83bf0,
+ 0xa9bcae53, 0xdebb9ec5, 0x47b2cf7f, 0x30b5ffe9,
+ 0xbdbdf21c, 0xcabac28a, 0x53b39330, 0x24b4a3a6,
+ 0xbad03605, 0xcdd70693, 0x54de5729, 0x23d967bf,
+ 0xb3667a2e, 0xc4614ab8, 0x5d681b02, 0x2a6f2b94,
+ 0xb40bbe37, 0xc30c8ea1, 0x5a05df1b, 0x2d02ef8d,
+};
+
+static inline int padr_match(PCNetState *s, const uint8_t *buf, int size)
+{
+ struct qemu_ether_header *hdr = (void *)buf;
+ uint8_t padr[6] = {
+ s->csr[12] & 0xff, s->csr[12] >> 8,
+ s->csr[13] & 0xff, s->csr[13] >> 8,
+ s->csr[14] & 0xff, s->csr[14] >> 8
+ };
+ int result = (!CSR_DRCVPA(s)) && !memcmp(hdr->ether_dhost, padr, 6);
+#ifdef PCNET_DEBUG_MATCH
+ printf("packet dhost=%02x:%02x:%02x:%02x:%02x:%02x, "
+ "padr=%02x:%02x:%02x:%02x:%02x:%02x\n",
+ hdr->ether_dhost[0],hdr->ether_dhost[1],hdr->ether_dhost[2],
+ hdr->ether_dhost[3],hdr->ether_dhost[4],hdr->ether_dhost[5],
+ padr[0],padr[1],padr[2],padr[3],padr[4],padr[5]);
+ printf("padr_match result=%d\n", result);
+#endif
+ return result;
+}
+
+static inline int padr_bcast(PCNetState *s, const uint8_t *buf, int size)
+{
+ static const uint8_t BCAST[6] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
+ struct qemu_ether_header *hdr = (void *)buf;
+ int result = !CSR_DRCVBC(s) && !memcmp(hdr->ether_dhost, BCAST, 6);
+#ifdef PCNET_DEBUG_MATCH
+ printf("padr_bcast result=%d\n", result);
+#endif
+ return result;
+}
+
+static inline int ladr_match(PCNetState *s, const uint8_t *buf, int size)
+{
+ struct qemu_ether_header *hdr = (void *)buf;
+ if ((*(hdr->ether_dhost)&0x01) &&
+ ((uint64_t *)&s->csr[8])[0] != 0LL) {
+ uint8_t ladr[8] = {
+ s->csr[8] & 0xff, s->csr[8] >> 8,
+ s->csr[9] & 0xff, s->csr[9] >> 8,
+ s->csr[10] & 0xff, s->csr[10] >> 8,
+ s->csr[11] & 0xff, s->csr[11] >> 8
+ };
+ int index = lnc_mchash(hdr->ether_dhost) >> 26;
+ return !!(ladr[index >> 3] & (1 << (index & 7)));
+ }
+ return 0;
+}
+
+static inline hwaddr pcnet_rdra_addr(PCNetState *s, int idx)
+{
+ while (idx < 1) idx += CSR_RCVRL(s);
+ return s->rdra + ((CSR_RCVRL(s) - idx) * (BCR_SWSTYLE(s) ? 16 : 8));
+}
+
+static inline int64_t pcnet_get_next_poll_time(PCNetState *s, int64_t current_time)
+{
+ int64_t next_time = current_time +
+ muldiv64(65536 - (CSR_SPND(s) ? 0 : CSR_POLL(s)),
+ get_ticks_per_sec(), 33000000L);
+ if (next_time <= current_time)
+ next_time = current_time + 1;
+ return next_time;
+}
+
+static void pcnet_poll(PCNetState *s);
+static void pcnet_poll_timer(void *opaque);
+
+static uint32_t pcnet_csr_readw(PCNetState *s, uint32_t rap);
+static void pcnet_csr_writew(PCNetState *s, uint32_t rap, uint32_t new_value);
+static void pcnet_bcr_writew(PCNetState *s, uint32_t rap, uint32_t val);
+
+static void pcnet_s_reset(PCNetState *s)
+{
+#ifdef PCNET_DEBUG
+ printf("pcnet_s_reset\n");
+#endif
+
+ s->rdra = 0;
+ s->tdra = 0;
+ s->rap = 0;
+
+ s->bcr[BCR_BSBC] &= ~0x0080;
+
+ s->csr[0] = 0x0004;
+ s->csr[3] = 0x0000;
+ s->csr[4] = 0x0115;
+ s->csr[5] = 0x0000;
+ s->csr[6] = 0x0000;
+ s->csr[8] = 0;
+ s->csr[9] = 0;
+ s->csr[10] = 0;
+ s->csr[11] = 0;
+ s->csr[12] = le16_to_cpu(((uint16_t *)&s->prom[0])[0]);
+ s->csr[13] = le16_to_cpu(((uint16_t *)&s->prom[0])[1]);
+ s->csr[14] = le16_to_cpu(((uint16_t *)&s->prom[0])[2]);
+ s->csr[15] &= 0x21c4;
+ s->csr[72] = 1;
+ s->csr[74] = 1;
+ s->csr[76] = 1;
+ s->csr[78] = 1;
+ s->csr[80] = 0x1410;
+ s->csr[88] = 0x1003;
+ s->csr[89] = 0x0262;
+ s->csr[94] = 0x0000;
+ s->csr[100] = 0x0200;
+ s->csr[103] = 0x0105;
+ s->csr[103] = 0x0105;
+ s->csr[112] = 0x0000;
+ s->csr[114] = 0x0000;
+ s->csr[122] = 0x0000;
+ s->csr[124] = 0x0000;
+
+ s->tx_busy = 0;
+}
+
+static void pcnet_update_irq(PCNetState *s)
+{
+ int isr = 0;
+ s->csr[0] &= ~0x0080;
+
+#if 1
+ if (((s->csr[0] & ~s->csr[3]) & 0x5f00) ||
+ (((s->csr[4]>>1) & ~s->csr[4]) & 0x0115) ||
+ (((s->csr[5]>>1) & s->csr[5]) & 0x0048))
+#else
+ if ((!(s->csr[3] & 0x4000) && !!(s->csr[0] & 0x4000)) /* BABL */ ||
+ (!(s->csr[3] & 0x1000) && !!(s->csr[0] & 0x1000)) /* MISS */ ||
+ (!(s->csr[3] & 0x0100) && !!(s->csr[0] & 0x0100)) /* IDON */ ||
+ (!(s->csr[3] & 0x0200) && !!(s->csr[0] & 0x0200)) /* TINT */ ||
+ (!(s->csr[3] & 0x0400) && !!(s->csr[0] & 0x0400)) /* RINT */ ||
+ (!(s->csr[3] & 0x0800) && !!(s->csr[0] & 0x0800)) /* MERR */ ||
+ (!(s->csr[4] & 0x0001) && !!(s->csr[4] & 0x0002)) /* JAB */ ||
+ (!(s->csr[4] & 0x0004) && !!(s->csr[4] & 0x0008)) /* TXSTRT */ ||
+ (!(s->csr[4] & 0x0010) && !!(s->csr[4] & 0x0020)) /* RCVO */ ||
+ (!(s->csr[4] & 0x0100) && !!(s->csr[4] & 0x0200)) /* MFCO */ ||
+ (!!(s->csr[5] & 0x0040) && !!(s->csr[5] & 0x0080)) /* EXDINT */ ||
+ (!!(s->csr[5] & 0x0008) && !!(s->csr[5] & 0x0010)) /* MPINT */)
+#endif
+ {
+
+ isr = CSR_INEA(s);
+ s->csr[0] |= 0x0080;
+ }
+
+ if (!!(s->csr[4] & 0x0080) && CSR_INEA(s)) { /* UINT */
+ s->csr[4] &= ~0x0080;
+ s->csr[4] |= 0x0040;
+ s->csr[0] |= 0x0080;
+ isr = 1;
+#ifdef PCNET_DEBUG
+ printf("pcnet user int\n");
+#endif
+ }
+
+#if 1
+ if (((s->csr[5]>>1) & s->csr[5]) & 0x0500)
+#else
+ if ((!!(s->csr[5] & 0x0400) && !!(s->csr[5] & 0x0800)) /* SINT */ ||
+ (!!(s->csr[5] & 0x0100) && !!(s->csr[5] & 0x0200)) /* SLPINT */ )
+#endif
+ {
+ isr = 1;
+ s->csr[0] |= 0x0080;
+ }
+
+ if (isr != s->isr) {
+#ifdef PCNET_DEBUG
+ printf("pcnet: INTA=%d\n", isr);
+#endif
+ }
+ qemu_set_irq(s->irq, isr);
+ s->isr = isr;
+}
+
+static void pcnet_init(PCNetState *s)
+{
+ int rlen, tlen;
+ uint16_t padr[3], ladrf[4], mode;
+ uint32_t rdra, tdra;
+
+#ifdef PCNET_DEBUG
+ printf("pcnet_init init_addr=0x%08x\n", PHYSADDR(s,CSR_IADR(s)));
+#endif
+
+ if (BCR_SSIZE32(s)) {
+ struct pcnet_initblk32 initblk;
+ s->phys_mem_read(s->dma_opaque, PHYSADDR(s,CSR_IADR(s)),
+ (uint8_t *)&initblk, sizeof(initblk), 0);
+ mode = le16_to_cpu(initblk.mode);
+ rlen = initblk.rlen >> 4;
+ tlen = initblk.tlen >> 4;
+ ladrf[0] = le16_to_cpu(initblk.ladrf[0]);
+ ladrf[1] = le16_to_cpu(initblk.ladrf[1]);
+ ladrf[2] = le16_to_cpu(initblk.ladrf[2]);
+ ladrf[3] = le16_to_cpu(initblk.ladrf[3]);
+ padr[0] = le16_to_cpu(initblk.padr[0]);
+ padr[1] = le16_to_cpu(initblk.padr[1]);
+ padr[2] = le16_to_cpu(initblk.padr[2]);
+ rdra = le32_to_cpu(initblk.rdra);
+ tdra = le32_to_cpu(initblk.tdra);
+ } else {
+ struct pcnet_initblk16 initblk;
+ s->phys_mem_read(s->dma_opaque, PHYSADDR(s,CSR_IADR(s)),
+ (uint8_t *)&initblk, sizeof(initblk), 0);
+ mode = le16_to_cpu(initblk.mode);
+ ladrf[0] = le16_to_cpu(initblk.ladrf[0]);
+ ladrf[1] = le16_to_cpu(initblk.ladrf[1]);
+ ladrf[2] = le16_to_cpu(initblk.ladrf[2]);
+ ladrf[3] = le16_to_cpu(initblk.ladrf[3]);
+ padr[0] = le16_to_cpu(initblk.padr[0]);
+ padr[1] = le16_to_cpu(initblk.padr[1]);
+ padr[2] = le16_to_cpu(initblk.padr[2]);
+ rdra = le32_to_cpu(initblk.rdra);
+ tdra = le32_to_cpu(initblk.tdra);
+ rlen = rdra >> 29;
+ tlen = tdra >> 29;
+ rdra &= 0x00ffffff;
+ tdra &= 0x00ffffff;
+ }
+
+#if defined(PCNET_DEBUG)
+ printf("rlen=%d tlen=%d\n", rlen, tlen);
+#endif
+
+ CSR_RCVRL(s) = (rlen < 9) ? (1 << rlen) : 512;
+ CSR_XMTRL(s) = (tlen < 9) ? (1 << tlen) : 512;
+ s->csr[ 6] = (tlen << 12) | (rlen << 8);
+ s->csr[15] = mode;
+ s->csr[ 8] = ladrf[0];
+ s->csr[ 9] = ladrf[1];
+ s->csr[10] = ladrf[2];
+ s->csr[11] = ladrf[3];
+ s->csr[12] = padr[0];
+ s->csr[13] = padr[1];
+ s->csr[14] = padr[2];
+ s->rdra = PHYSADDR(s, rdra);
+ s->tdra = PHYSADDR(s, tdra);
+
+ CSR_RCVRC(s) = CSR_RCVRL(s);
+ CSR_XMTRC(s) = CSR_XMTRL(s);
+
+#ifdef PCNET_DEBUG
+ printf("pcnet ss32=%d rdra=0x%08x[%d] tdra=0x%08x[%d]\n",
+ BCR_SSIZE32(s),
+ s->rdra, CSR_RCVRL(s), s->tdra, CSR_XMTRL(s));
+#endif
+
+ s->csr[0] |= 0x0101;
+ s->csr[0] &= ~0x0004; /* clear STOP bit */
+
+ qemu_flush_queued_packets(qemu_get_queue(s->nic));
+}
+
+static void pcnet_start(PCNetState *s)
+{
+#ifdef PCNET_DEBUG
+ printf("pcnet_start\n");
+#endif
+
+ if (!CSR_DTX(s))
+ s->csr[0] |= 0x0010; /* set TXON */
+
+ if (!CSR_DRX(s))
+ s->csr[0] |= 0x0020; /* set RXON */
+
+ s->csr[0] &= ~0x0004; /* clear STOP bit */
+ s->csr[0] |= 0x0002;
+ pcnet_poll_timer(s);
+
+ qemu_flush_queued_packets(qemu_get_queue(s->nic));
+}
+
+static void pcnet_stop(PCNetState *s)
+{
+#ifdef PCNET_DEBUG
+ printf("pcnet_stop\n");
+#endif
+ s->csr[0] &= ~0xffeb;
+ s->csr[0] |= 0x0014;
+ s->csr[4] &= ~0x02c2;
+ s->csr[5] &= ~0x0011;
+ pcnet_poll_timer(s);
+}
+
+static void pcnet_rdte_poll(PCNetState *s)
+{
+ s->csr[28] = s->csr[29] = 0;
+ if (s->rdra) {
+ int bad = 0;
+#if 1
+ hwaddr crda = pcnet_rdra_addr(s, CSR_RCVRC(s));
+ hwaddr nrda = pcnet_rdra_addr(s, -1 + CSR_RCVRC(s));
+ hwaddr nnrd = pcnet_rdra_addr(s, -2 + CSR_RCVRC(s));
+#else
+ hwaddr crda = s->rdra +
+ (CSR_RCVRL(s) - CSR_RCVRC(s)) *
+ (BCR_SWSTYLE(s) ? 16 : 8 );
+ int nrdc = CSR_RCVRC(s)<=1 ? CSR_RCVRL(s) : CSR_RCVRC(s)-1;
+ hwaddr nrda = s->rdra +
+ (CSR_RCVRL(s) - nrdc) *
+ (BCR_SWSTYLE(s) ? 16 : 8 );
+ int nnrc = nrdc<=1 ? CSR_RCVRL(s) : nrdc-1;
+ hwaddr nnrd = s->rdra +
+ (CSR_RCVRL(s) - nnrc) *
+ (BCR_SWSTYLE(s) ? 16 : 8 );
+#endif
+
+ CHECK_RMD(crda, bad);
+ if (!bad) {
+ CHECK_RMD(nrda, bad);
+ if (bad || (nrda == crda)) nrda = 0;
+ CHECK_RMD(nnrd, bad);
+ if (bad || (nnrd == crda)) nnrd = 0;
+
+ s->csr[28] = crda & 0xffff;
+ s->csr[29] = crda >> 16;
+ s->csr[26] = nrda & 0xffff;
+ s->csr[27] = nrda >> 16;
+ s->csr[36] = nnrd & 0xffff;
+ s->csr[37] = nnrd >> 16;
+#ifdef PCNET_DEBUG
+ if (bad) {
+ printf("pcnet: BAD RMD RECORDS AFTER 0x" TARGET_FMT_plx "\n",
+ crda);
+ }
+ } else {
+ printf("pcnet: BAD RMD RDA=0x" TARGET_FMT_plx "\n",
+ crda);
+#endif
+ }
+ }
+
+ if (CSR_CRDA(s)) {
+ struct pcnet_RMD rmd;
+ RMDLOAD(&rmd, PHYSADDR(s,CSR_CRDA(s)));
+ CSR_CRBC(s) = GET_FIELD(rmd.buf_length, RMDL, BCNT);
+ CSR_CRST(s) = rmd.status;
+#ifdef PCNET_DEBUG_RMD_X
+ printf("CRDA=0x%08x CRST=0x%04x RCVRC=%d RMDL=0x%04x RMDS=0x%04x RMDM=0x%08x\n",
+ PHYSADDR(s,CSR_CRDA(s)), CSR_CRST(s), CSR_RCVRC(s),
+ rmd.buf_length, rmd.status, rmd.msg_length);
+ PRINT_RMD(&rmd);
+#endif
+ } else {
+ CSR_CRBC(s) = CSR_CRST(s) = 0;
+ }
+
+ if (CSR_NRDA(s)) {
+ struct pcnet_RMD rmd;
+ RMDLOAD(&rmd, PHYSADDR(s,CSR_NRDA(s)));
+ CSR_NRBC(s) = GET_FIELD(rmd.buf_length, RMDL, BCNT);
+ CSR_NRST(s) = rmd.status;
+ } else {
+ CSR_NRBC(s) = CSR_NRST(s) = 0;
+ }
+
+}
+
+static int pcnet_tdte_poll(PCNetState *s)
+{
+ s->csr[34] = s->csr[35] = 0;
+ if (s->tdra) {
+ hwaddr cxda = s->tdra +
+ (CSR_XMTRL(s) - CSR_XMTRC(s)) *
+ (BCR_SWSTYLE(s) ? 16 : 8);
+ int bad = 0;
+ CHECK_TMD(cxda, bad);
+ if (!bad) {
+ if (CSR_CXDA(s) != cxda) {
+ s->csr[60] = s->csr[34];
+ s->csr[61] = s->csr[35];
+ s->csr[62] = CSR_CXBC(s);
+ s->csr[63] = CSR_CXST(s);
+ }
+ s->csr[34] = cxda & 0xffff;
+ s->csr[35] = cxda >> 16;
+#ifdef PCNET_DEBUG_X
+ printf("pcnet: BAD TMD XDA=0x%08x\n", cxda);
+#endif
+ }
+ }
+
+ if (CSR_CXDA(s)) {
+ struct pcnet_TMD tmd;
+
+ TMDLOAD(&tmd, PHYSADDR(s,CSR_CXDA(s)));
+
+ CSR_CXBC(s) = GET_FIELD(tmd.length, TMDL, BCNT);
+ CSR_CXST(s) = tmd.status;
+ } else {
+ CSR_CXBC(s) = CSR_CXST(s) = 0;
+ }
+
+ return !!(CSR_CXST(s) & 0x8000);
+}
+
+int pcnet_can_receive(NetClientState *nc)
+{
+ PCNetState *s = qemu_get_nic_opaque(nc);
+ if (CSR_STOP(s) || CSR_SPND(s))
+ return 0;
+
+ return sizeof(s->buffer)-16;
+}
+
+#define MIN_BUF_SIZE 60
+
+ssize_t pcnet_receive(NetClientState *nc, const uint8_t *buf, size_t size_)
+{
+ PCNetState *s = qemu_get_nic_opaque(nc);
+ int is_padr = 0, is_bcast = 0, is_ladr = 0;
+ uint8_t buf1[60];
+ int remaining;
+ int crc_err = 0;
+ int size = size_;
+
+ if (CSR_DRX(s) || CSR_STOP(s) || CSR_SPND(s) || !size ||
+ (CSR_LOOP(s) && !s->looptest)) {
+ return -1;
+ }
+#ifdef PCNET_DEBUG
+ printf("pcnet_receive size=%d\n", size);
+#endif
+
+ /* if too small buffer, then expand it */
+ if (size < MIN_BUF_SIZE) {
+ memcpy(buf1, buf, size);
+ memset(buf1 + size, 0, MIN_BUF_SIZE - size);
+ buf = buf1;
+ size = MIN_BUF_SIZE;
+ }
+
+ if (CSR_PROM(s)
+ || (is_padr=padr_match(s, buf, size))
+ || (is_bcast=padr_bcast(s, buf, size))
+ || (is_ladr=ladr_match(s, buf, size))) {
+
+ pcnet_rdte_poll(s);
+
+ if (!(CSR_CRST(s) & 0x8000) && s->rdra) {
+ struct pcnet_RMD rmd;
+ int rcvrc = CSR_RCVRC(s)-1,i;
+ hwaddr nrda;
+ for (i = CSR_RCVRL(s)-1; i > 0; i--, rcvrc--) {
+ if (rcvrc <= 1)
+ rcvrc = CSR_RCVRL(s);
+ nrda = s->rdra +
+ (CSR_RCVRL(s) - rcvrc) *
+ (BCR_SWSTYLE(s) ? 16 : 8 );
+ RMDLOAD(&rmd, nrda);
+ if (GET_FIELD(rmd.status, RMDS, OWN)) {
+#ifdef PCNET_DEBUG_RMD
+ printf("pcnet - scan buffer: RCVRC=%d PREV_RCVRC=%d\n",
+ rcvrc, CSR_RCVRC(s));
+#endif
+ CSR_RCVRC(s) = rcvrc;
+ pcnet_rdte_poll(s);
+ break;
+ }
+ }
+ }
+
+ if (!(CSR_CRST(s) & 0x8000)) {
+#ifdef PCNET_DEBUG_RMD
+ printf("pcnet - no buffer: RCVRC=%d\n", CSR_RCVRC(s));
+#endif
+ s->csr[0] |= 0x1000; /* Set MISS flag */
+ CSR_MISSC(s)++;
+ } else {
+ uint8_t *src = s->buffer;
+ hwaddr crda = CSR_CRDA(s);
+ struct pcnet_RMD rmd;
+ int pktcount = 0;
+
+ if (!s->looptest) {
+ memcpy(src, buf, size);
+ /* no need to compute the CRC */
+ src[size] = 0;
+ src[size + 1] = 0;
+ src[size + 2] = 0;
+ src[size + 3] = 0;
+ size += 4;
+ } else if (s->looptest == PCNET_LOOPTEST_CRC ||
+ !CSR_DXMTFCS(s) || size < MIN_BUF_SIZE+4) {
+ uint32_t fcs = ~0;
+ uint8_t *p = src;
+
+ while (p != &src[size])
+ CRC(fcs, *p++);
+ *(uint32_t *)p = htonl(fcs);
+ size += 4;
+ } else {
+ uint32_t fcs = ~0;
+ uint8_t *p = src;
+
+ while (p != &src[size-4])
+ CRC(fcs, *p++);
+ crc_err = (*(uint32_t *)p != htonl(fcs));
+ }
+
+#ifdef PCNET_DEBUG_MATCH
+ PRINT_PKTHDR(buf);
+#endif
+
+ RMDLOAD(&rmd, PHYSADDR(s,crda));
+ /*if (!CSR_LAPPEN(s))*/
+ SET_FIELD(&rmd.status, RMDS, STP, 1);
+
+#define PCNET_RECV_STORE() do { \
+ int count = MIN(4096 - GET_FIELD(rmd.buf_length, RMDL, BCNT),remaining); \
+ hwaddr rbadr = PHYSADDR(s, rmd.rbadr); \
+ s->phys_mem_write(s->dma_opaque, rbadr, src, count, CSR_BSWP(s)); \
+ src += count; remaining -= count; \
+ SET_FIELD(&rmd.status, RMDS, OWN, 0); \
+ RMDSTORE(&rmd, PHYSADDR(s,crda)); \
+ pktcount++; \
+} while (0)
+
+ remaining = size;
+ PCNET_RECV_STORE();
+ if ((remaining > 0) && CSR_NRDA(s)) {
+ hwaddr nrda = CSR_NRDA(s);
+#ifdef PCNET_DEBUG_RMD
+ PRINT_RMD(&rmd);
+#endif
+ RMDLOAD(&rmd, PHYSADDR(s,nrda));
+ if (GET_FIELD(rmd.status, RMDS, OWN)) {
+ crda = nrda;
+ PCNET_RECV_STORE();
+#ifdef PCNET_DEBUG_RMD
+ PRINT_RMD(&rmd);
+#endif
+ if ((remaining > 0) && (nrda=CSR_NNRD(s))) {
+ RMDLOAD(&rmd, PHYSADDR(s,nrda));
+ if (GET_FIELD(rmd.status, RMDS, OWN)) {
+ crda = nrda;
+ PCNET_RECV_STORE();
+ }
+ }
+ }
+ }
+
+#undef PCNET_RECV_STORE
+
+ RMDLOAD(&rmd, PHYSADDR(s,crda));
+ if (remaining == 0) {
+ SET_FIELD(&rmd.msg_length, RMDM, MCNT, size);
+ SET_FIELD(&rmd.status, RMDS, ENP, 1);
+ SET_FIELD(&rmd.status, RMDS, PAM, !CSR_PROM(s) && is_padr);
+ SET_FIELD(&rmd.status, RMDS, LFAM, !CSR_PROM(s) && is_ladr);
+ SET_FIELD(&rmd.status, RMDS, BAM, !CSR_PROM(s) && is_bcast);
+ if (crc_err) {
+ SET_FIELD(&rmd.status, RMDS, CRC, 1);
+ SET_FIELD(&rmd.status, RMDS, ERR, 1);
+ }
+ } else {
+ SET_FIELD(&rmd.status, RMDS, OFLO, 1);
+ SET_FIELD(&rmd.status, RMDS, BUFF, 1);
+ SET_FIELD(&rmd.status, RMDS, ERR, 1);
+ }
+ RMDSTORE(&rmd, PHYSADDR(s,crda));
+ s->csr[0] |= 0x0400;
+
+#ifdef PCNET_DEBUG
+ printf("RCVRC=%d CRDA=0x%08x BLKS=%d\n",
+ CSR_RCVRC(s), PHYSADDR(s,CSR_CRDA(s)), pktcount);
+#endif
+#ifdef PCNET_DEBUG_RMD
+ PRINT_RMD(&rmd);
+#endif
+
+ while (pktcount--) {
+ if (CSR_RCVRC(s) <= 1)
+ CSR_RCVRC(s) = CSR_RCVRL(s);
+ else
+ CSR_RCVRC(s)--;
+ }
+
+ pcnet_rdte_poll(s);
+
+ }
+ }
+
+ pcnet_poll(s);
+ pcnet_update_irq(s);
+
+ return size_;
+}
+
+void pcnet_set_link_status(NetClientState *nc)
+{
+ PCNetState *d = qemu_get_nic_opaque(nc);
+
+ d->lnkst = nc->link_down ? 0 : 0x40;
+}
+
+static void pcnet_transmit(PCNetState *s)
+{
+ hwaddr xmit_cxda = 0;
+ int count = CSR_XMTRL(s)-1;
+ int add_crc = 0;
+
+ s->xmit_pos = -1;
+
+ if (!CSR_TXON(s)) {
+ s->csr[0] &= ~0x0008;
+ return;
+ }
+
+ s->tx_busy = 1;
+
+ txagain:
+ if (pcnet_tdte_poll(s)) {
+ struct pcnet_TMD tmd;
+
+ TMDLOAD(&tmd, PHYSADDR(s,CSR_CXDA(s)));
+
+#ifdef PCNET_DEBUG_TMD
+ printf(" TMDLOAD 0x%08x\n", PHYSADDR(s,CSR_CXDA(s)));
+ PRINT_TMD(&tmd);
+#endif
+ if (GET_FIELD(tmd.status, TMDS, STP)) {
+ s->xmit_pos = 0;
+ xmit_cxda = PHYSADDR(s,CSR_CXDA(s));
+ if (BCR_SWSTYLE(s) != 1)
+ add_crc = GET_FIELD(tmd.status, TMDS, ADDFCS);
+ }
+ if (s->lnkst == 0 &&
+ (!CSR_LOOP(s) || (!CSR_INTL(s) && !BCR_TMAULOOP(s)))) {
+ SET_FIELD(&tmd.misc, TMDM, LCAR, 1);
+ SET_FIELD(&tmd.status, TMDS, ERR, 1);
+ SET_FIELD(&tmd.status, TMDS, OWN, 0);
+ s->csr[0] |= 0xa000; /* ERR | CERR */
+ s->xmit_pos = -1;
+ goto txdone;
+ }
+ if (!GET_FIELD(tmd.status, TMDS, ENP)) {
+ int bcnt = 4096 - GET_FIELD(tmd.length, TMDL, BCNT);
+ s->phys_mem_read(s->dma_opaque, PHYSADDR(s, tmd.tbadr),
+ s->buffer + s->xmit_pos, bcnt, CSR_BSWP(s));
+ s->xmit_pos += bcnt;
+ } else if (s->xmit_pos >= 0) {
+ int bcnt = 4096 - GET_FIELD(tmd.length, TMDL, BCNT);
+ s->phys_mem_read(s->dma_opaque, PHYSADDR(s, tmd.tbadr),
+ s->buffer + s->xmit_pos, bcnt, CSR_BSWP(s));
+ s->xmit_pos += bcnt;
+#ifdef PCNET_DEBUG
+ printf("pcnet_transmit size=%d\n", s->xmit_pos);
+#endif
+ if (CSR_LOOP(s)) {
+ if (BCR_SWSTYLE(s) == 1)
+ add_crc = !GET_FIELD(tmd.status, TMDS, NOFCS);
+ s->looptest = add_crc ? PCNET_LOOPTEST_CRC : PCNET_LOOPTEST_NOCRC;
+ pcnet_receive(qemu_get_queue(s->nic), s->buffer, s->xmit_pos);
+ s->looptest = 0;
+ } else
+ if (s->nic)
+ qemu_send_packet(qemu_get_queue(s->nic), s->buffer,
+ s->xmit_pos);
+
+ s->csr[0] &= ~0x0008; /* clear TDMD */
+ s->csr[4] |= 0x0004; /* set TXSTRT */
+ s->xmit_pos = -1;
+ }
+
+ txdone:
+ SET_FIELD(&tmd.status, TMDS, OWN, 0);
+ TMDSTORE(&tmd, PHYSADDR(s,CSR_CXDA(s)));
+ if (!CSR_TOKINTD(s) || (CSR_LTINTEN(s) && GET_FIELD(tmd.status, TMDS, LTINT)))
+ s->csr[0] |= 0x0200; /* set TINT */
+
+ if (CSR_XMTRC(s)<=1)
+ CSR_XMTRC(s) = CSR_XMTRL(s);
+ else
+ CSR_XMTRC(s)--;
+ if (count--)
+ goto txagain;
+
+ } else
+ if (s->xmit_pos >= 0) {
+ struct pcnet_TMD tmd;
+ TMDLOAD(&tmd, xmit_cxda);
+ SET_FIELD(&tmd.misc, TMDM, BUFF, 1);
+ SET_FIELD(&tmd.misc, TMDM, UFLO, 1);
+ SET_FIELD(&tmd.status, TMDS, ERR, 1);
+ SET_FIELD(&tmd.status, TMDS, OWN, 0);
+ TMDSTORE(&tmd, xmit_cxda);
+ s->csr[0] |= 0x0200; /* set TINT */
+ if (!CSR_DXSUFLO(s)) {
+ s->csr[0] &= ~0x0010;
+ } else
+ if (count--)
+ goto txagain;
+ }
+
+ s->tx_busy = 0;
+}
+
+static void pcnet_poll(PCNetState *s)
+{
+ if (CSR_RXON(s)) {
+ pcnet_rdte_poll(s);
+ }
+
+ if (CSR_TDMD(s) ||
+ (CSR_TXON(s) && !CSR_DPOLL(s) && pcnet_tdte_poll(s)))
+ {
+ /* prevent recursion */
+ if (s->tx_busy)
+ return;
+
+ pcnet_transmit(s);
+ }
+}
+
+static void pcnet_poll_timer(void *opaque)
+{
+ PCNetState *s = opaque;
+
+ qemu_del_timer(s->poll_timer);
+
+ if (CSR_TDMD(s)) {
+ pcnet_transmit(s);
+ }
+
+ pcnet_update_irq(s);
+
+ if (!CSR_STOP(s) && !CSR_SPND(s) && !CSR_DPOLL(s)) {
+ uint64_t now = qemu_get_clock_ns(vm_clock) * 33;
+ if (!s->timer || !now)
+ s->timer = now;
+ else {
+ uint64_t t = now - s->timer + CSR_POLL(s);
+ if (t > 0xffffLL) {
+ pcnet_poll(s);
+ CSR_POLL(s) = CSR_PINT(s);
+ } else
+ CSR_POLL(s) = t;
+ }
+ qemu_mod_timer(s->poll_timer,
+ pcnet_get_next_poll_time(s,qemu_get_clock_ns(vm_clock)));
+ }
+}
+
+
+static void pcnet_csr_writew(PCNetState *s, uint32_t rap, uint32_t new_value)
+{
+ uint16_t val = new_value;
+#ifdef PCNET_DEBUG_CSR
+ printf("pcnet_csr_writew rap=%d val=0x%04x\n", rap, val);
+#endif
+ switch (rap) {
+ case 0:
+ s->csr[0] &= ~(val & 0x7f00); /* Clear any interrupt flags */
+
+ s->csr[0] = (s->csr[0] & ~0x0040) | (val & 0x0048);
+
+ val = (val & 0x007f) | (s->csr[0] & 0x7f00);
+
+ /* IFF STOP, STRT and INIT are set, clear STRT and INIT */
+ if ((val&7) == 7)
+ val &= ~3;
+
+ if (!CSR_STOP(s) && (val & 4))
+ pcnet_stop(s);
+
+ if (!CSR_INIT(s) && (val & 1))
+ pcnet_init(s);
+
+ if (!CSR_STRT(s) && (val & 2))
+ pcnet_start(s);
+
+ if (CSR_TDMD(s))
+ pcnet_transmit(s);
+
+ return;
+ case 1:
+ case 2:
+ case 8:
+ case 9:
+ case 10:
+ case 11:
+ case 12:
+ case 13:
+ case 14:
+ case 15:
+ case 18: /* CRBAL */
+ case 19: /* CRBAU */
+ case 20: /* CXBAL */
+ case 21: /* CXBAU */
+ case 22: /* NRBAU */
+ case 23: /* NRBAU */
+ case 24:
+ case 25:
+ case 26:
+ case 27:
+ case 28:
+ case 29:
+ case 30:
+ case 31:
+ case 32:
+ case 33:
+ case 34:
+ case 35:
+ case 36:
+ case 37:
+ case 38:
+ case 39:
+ case 40: /* CRBC */
+ case 41:
+ case 42: /* CXBC */
+ case 43:
+ case 44:
+ case 45:
+ case 46: /* POLL */
+ case 47: /* POLLINT */
+ case 72:
+ case 74:
+ case 76: /* RCVRL */
+ case 78: /* XMTRL */
+ case 112:
+ if (CSR_STOP(s) || CSR_SPND(s))
+ break;
+ return;
+ case 3:
+ break;
+ case 4:
+ s->csr[4] &= ~(val & 0x026a);
+ val &= ~0x026a; val |= s->csr[4] & 0x026a;
+ break;
+ case 5:
+ s->csr[5] &= ~(val & 0x0a90);
+ val &= ~0x0a90; val |= s->csr[5] & 0x0a90;
+ break;
+ case 16:
+ pcnet_csr_writew(s,1,val);
+ return;
+ case 17:
+ pcnet_csr_writew(s,2,val);
+ return;
+ case 58:
+ pcnet_bcr_writew(s,BCR_SWS,val);
+ break;
+ default:
+ return;
+ }
+ s->csr[rap] = val;
+}
+
+static uint32_t pcnet_csr_readw(PCNetState *s, uint32_t rap)
+{
+ uint32_t val;
+ switch (rap) {
+ case 0:
+ pcnet_update_irq(s);
+ val = s->csr[0];
+ val |= (val & 0x7800) ? 0x8000 : 0;
+ break;
+ case 16:
+ return pcnet_csr_readw(s,1);
+ case 17:
+ return pcnet_csr_readw(s,2);
+ case 58:
+ return pcnet_bcr_readw(s,BCR_SWS);
+ case 88:
+ val = s->csr[89];
+ val <<= 16;
+ val |= s->csr[88];
+ break;
+ default:
+ val = s->csr[rap];
+ }
+#ifdef PCNET_DEBUG_CSR
+ printf("pcnet_csr_readw rap=%d val=0x%04x\n", rap, val);
+#endif
+ return val;
+}
+
+static void pcnet_bcr_writew(PCNetState *s, uint32_t rap, uint32_t val)
+{
+ rap &= 127;
+#ifdef PCNET_DEBUG_BCR
+ printf("pcnet_bcr_writew rap=%d val=0x%04x\n", rap, val);
+#endif
+ switch (rap) {
+ case BCR_SWS:
+ if (!(CSR_STOP(s) || CSR_SPND(s)))
+ return;
+ val &= ~0x0300;
+ switch (val & 0x00ff) {
+ case 0:
+ val |= 0x0200;
+ break;
+ case 1:
+ val |= 0x0100;
+ break;
+ case 2:
+ case 3:
+ val |= 0x0300;
+ break;
+ default:
+ printf("Bad SWSTYLE=0x%02x\n", val & 0xff);
+ val = 0x0200;
+ break;
+ }
+#ifdef PCNET_DEBUG
+ printf("BCR_SWS=0x%04x\n", val);
+#endif
+ /* fall through */
+ case BCR_LNKST:
+ case BCR_LED1:
+ case BCR_LED2:
+ case BCR_LED3:
+ case BCR_MC:
+ case BCR_FDC:
+ case BCR_BSBC:
+ case BCR_EECAS:
+ case BCR_PLAT:
+ s->bcr[rap] = val;
+ break;
+ default:
+ break;
+ }
+}
+
+uint32_t pcnet_bcr_readw(PCNetState *s, uint32_t rap)
+{
+ uint32_t val;
+ rap &= 127;
+ switch (rap) {
+ case BCR_LNKST:
+ case BCR_LED1:
+ case BCR_LED2:
+ case BCR_LED3:
+ val = s->bcr[rap] & ~0x8000;
+ val |= (val & 0x017f & s->lnkst) ? 0x8000 : 0;
+ break;
+ default:
+ val = rap < 32 ? s->bcr[rap] : 0;
+ break;
+ }
+#ifdef PCNET_DEBUG_BCR
+ printf("pcnet_bcr_readw rap=%d val=0x%04x\n", rap, val);
+#endif
+ return val;
+}
+
+void pcnet_h_reset(void *opaque)
+{
+ PCNetState *s = opaque;
+
+ s->bcr[BCR_MSRDA] = 0x0005;
+ s->bcr[BCR_MSWRA] = 0x0005;
+ s->bcr[BCR_MC ] = 0x0002;
+ s->bcr[BCR_LNKST] = 0x00c0;
+ s->bcr[BCR_LED1 ] = 0x0084;
+ s->bcr[BCR_LED2 ] = 0x0088;
+ s->bcr[BCR_LED3 ] = 0x0090;
+ s->bcr[BCR_FDC ] = 0x0000;
+ s->bcr[BCR_BSBC ] = 0x9001;
+ s->bcr[BCR_EECAS] = 0x0002;
+ s->bcr[BCR_SWS ] = 0x0200;
+ s->bcr[BCR_PLAT ] = 0xff06;
+
+ pcnet_s_reset(s);
+ pcnet_update_irq(s);
+ pcnet_poll_timer(s);
+}
+
+void pcnet_ioport_writew(void *opaque, uint32_t addr, uint32_t val)
+{
+ PCNetState *s = opaque;
+ pcnet_poll_timer(s);
+#ifdef PCNET_DEBUG_IO
+ printf("pcnet_ioport_writew addr=0x%08x val=0x%04x\n", addr, val);
+#endif
+ if (!BCR_DWIO(s)) {
+ switch (addr & 0x0f) {
+ case 0x00: /* RDP */
+ pcnet_csr_writew(s, s->rap, val);
+ break;
+ case 0x02:
+ s->rap = val & 0x7f;
+ break;
+ case 0x06:
+ pcnet_bcr_writew(s, s->rap, val);
+ break;
+ }
+ }
+ pcnet_update_irq(s);
+}
+
+uint32_t pcnet_ioport_readw(void *opaque, uint32_t addr)
+{
+ PCNetState *s = opaque;
+ uint32_t val = -1;
+ pcnet_poll_timer(s);
+ if (!BCR_DWIO(s)) {
+ switch (addr & 0x0f) {
+ case 0x00: /* RDP */
+ val = pcnet_csr_readw(s, s->rap);
+ break;
+ case 0x02:
+ val = s->rap;
+ break;
+ case 0x04:
+ pcnet_s_reset(s);
+ val = 0;
+ break;
+ case 0x06:
+ val = pcnet_bcr_readw(s, s->rap);
+ break;
+ }
+ }
+ pcnet_update_irq(s);
+#ifdef PCNET_DEBUG_IO
+ printf("pcnet_ioport_readw addr=0x%08x val=0x%04x\n", addr, val & 0xffff);
+#endif
+ return val;
+}
+
+void pcnet_ioport_writel(void *opaque, uint32_t addr, uint32_t val)
+{
+ PCNetState *s = opaque;
+ pcnet_poll_timer(s);
+#ifdef PCNET_DEBUG_IO
+ printf("pcnet_ioport_writel addr=0x%08x val=0x%08x\n", addr, val);
+#endif
+ if (BCR_DWIO(s)) {
+ switch (addr & 0x0f) {
+ case 0x00: /* RDP */
+ pcnet_csr_writew(s, s->rap, val & 0xffff);
+ break;
+ case 0x04:
+ s->rap = val & 0x7f;
+ break;
+ case 0x0c:
+ pcnet_bcr_writew(s, s->rap, val & 0xffff);
+ break;
+ }
+ } else
+ if ((addr & 0x0f) == 0) {
+ /* switch device to dword i/o mode */
+ pcnet_bcr_writew(s, BCR_BSBC, pcnet_bcr_readw(s, BCR_BSBC) | 0x0080);
+#ifdef PCNET_DEBUG_IO
+ printf("device switched into dword i/o mode\n");
+#endif
+ }
+ pcnet_update_irq(s);
+}
+
+uint32_t pcnet_ioport_readl(void *opaque, uint32_t addr)
+{
+ PCNetState *s = opaque;
+ uint32_t val = -1;
+ pcnet_poll_timer(s);
+ if (BCR_DWIO(s)) {
+ switch (addr & 0x0f) {
+ case 0x00: /* RDP */
+ val = pcnet_csr_readw(s, s->rap);
+ break;
+ case 0x04:
+ val = s->rap;
+ break;
+ case 0x08:
+ pcnet_s_reset(s);
+ val = 0;
+ break;
+ case 0x0c:
+ val = pcnet_bcr_readw(s, s->rap);
+ break;
+ }
+ }
+ pcnet_update_irq(s);
+#ifdef PCNET_DEBUG_IO
+ printf("pcnet_ioport_readl addr=0x%08x val=0x%08x\n", addr, val);
+#endif
+ return val;
+}
+
+static bool is_version_2(void *opaque, int version_id)
+{
+ return version_id == 2;
+}
+
+const VMStateDescription vmstate_pcnet = {
+ .name = "pcnet",
+ .version_id = 3,
+ .minimum_version_id = 2,
+ .minimum_version_id_old = 2,
+ .fields = (VMStateField []) {
+ VMSTATE_INT32(rap, PCNetState),
+ VMSTATE_INT32(isr, PCNetState),
+ VMSTATE_INT32(lnkst, PCNetState),
+ VMSTATE_UINT32(rdra, PCNetState),
+ VMSTATE_UINT32(tdra, PCNetState),
+ VMSTATE_BUFFER(prom, PCNetState),
+ VMSTATE_UINT16_ARRAY(csr, PCNetState, 128),
+ VMSTATE_UINT16_ARRAY(bcr, PCNetState, 32),
+ VMSTATE_UINT64(timer, PCNetState),
+ VMSTATE_INT32(xmit_pos, PCNetState),
+ VMSTATE_BUFFER(buffer, PCNetState),
+ VMSTATE_UNUSED_TEST(is_version_2, 4),
+ VMSTATE_INT32(tx_busy, PCNetState),
+ VMSTATE_TIMER(poll_timer, PCNetState),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+void pcnet_common_cleanup(PCNetState *d)
+{
+ d->nic = NULL;
+}
+
+int pcnet_common_init(DeviceState *dev, PCNetState *s, NetClientInfo *info)
+{
+ int i;
+ uint16_t checksum;
+
+ s->poll_timer = qemu_new_timer_ns(vm_clock, pcnet_poll_timer, s);
+
+ qemu_macaddr_default_if_unset(&s->conf.macaddr);
+ s->nic = qemu_new_nic(info, &s->conf, object_get_typename(OBJECT(dev)), dev->id, s);
+ qemu_format_nic_info_str(qemu_get_queue(s->nic), s->conf.macaddr.a);
+
+ add_boot_device_path(s->conf.bootindex, dev, "/ethernet-phy@0");
+
+ /* Initialize the PROM */
+
+ /*
+ Datasheet: http://pdfdata.datasheetsite.com/web/24528/AM79C970A.pdf
+ page 95
+ */
+ memcpy(s->prom, s->conf.macaddr.a, 6);
+ /* Reserved Location: must be 00h */
+ s->prom[6] = s->prom[7] = 0x00;
+ /* Reserved Location: must be 00h */
+ s->prom[8] = 0x00;
+ /* Hardware ID: must be 11h if compatibility to AMD drivers is desired */
+ s->prom[9] = 0x11;
+ /* User programmable space, init with 0 */
+ s->prom[10] = s->prom[11] = 0x00;
+ /* LSByte of two-byte checksum, which is the sum of bytes 00h-0Bh
+ and bytes 0Eh and 0Fh, must therefore be initialized with 0! */
+ s->prom[12] = s->prom[13] = 0x00;
+ /* Must be ASCII W (57h) if compatibility to AMD
+ driver software is desired */
+ s->prom[14] = s->prom[15] = 0x57;
+
+ for (i = 0, checksum = 0; i < 16; i++) {
+ checksum += s->prom[i];
+ }
+ *(uint16_t *)&s->prom[12] = cpu_to_le16(checksum);
+
+ s->lnkst = 0x40; /* initial link state: up */
+
+ return 0;
+}
diff --git a/hw/net/pcnet.h b/hw/net/pcnet.h
new file mode 100644
index 000000000..9dee6f3e2
--- /dev/null
+++ b/hw/net/pcnet.h
@@ -0,0 +1,70 @@
+#ifndef HW_PCNET_H
+#define HW_PCNET_H 1
+
+#define PCNET_IOPORT_SIZE 0x20
+#define PCNET_PNPMMIO_SIZE 0x20
+
+#define PCNET_LOOPTEST_CRC 1
+#define PCNET_LOOPTEST_NOCRC 2
+
+#include "exec/memory.h"
+
+/* BUS CONFIGURATION REGISTERS */
+#define BCR_MSRDA 0
+#define BCR_MSWRA 1
+#define BCR_MC 2
+#define BCR_LNKST 4
+#define BCR_LED1 5
+#define BCR_LED2 6
+#define BCR_LED3 7
+#define BCR_FDC 9
+#define BCR_BSBC 18
+#define BCR_EECAS 19
+#define BCR_SWS 20
+#define BCR_PLAT 22
+
+#define BCR_TMAULOOP(S) !!((S)->bcr[BCR_MC ] & 0x4000)
+#define BCR_APROMWE(S) !!((S)->bcr[BCR_MC ] & 0x0100)
+#define BCR_DWIO(S) !!((S)->bcr[BCR_BSBC] & 0x0080)
+#define BCR_SSIZE32(S) !!((S)->bcr[BCR_SWS ] & 0x0100)
+#define BCR_SWSTYLE(S) ((S)->bcr[BCR_SWS ] & 0x00FF)
+
+typedef struct PCNetState_st PCNetState;
+
+struct PCNetState_st {
+ NICState *nic;
+ NICConf conf;
+ QEMUTimer *poll_timer;
+ int rap, isr, lnkst;
+ uint32_t rdra, tdra;
+ uint8_t prom[16];
+ uint16_t csr[128];
+ uint16_t bcr[32];
+ int xmit_pos;
+ uint64_t timer;
+ MemoryRegion mmio;
+ uint8_t buffer[4096];
+ qemu_irq irq;
+ void (*phys_mem_read)(void *dma_opaque, hwaddr addr,
+ uint8_t *buf, int len, int do_bswap);
+ void (*phys_mem_write)(void *dma_opaque, hwaddr addr,
+ uint8_t *buf, int len, int do_bswap);
+ void *dma_opaque;
+ int tx_busy;
+ int looptest;
+};
+
+void pcnet_h_reset(void *opaque);
+void pcnet_ioport_writew(void *opaque, uint32_t addr, uint32_t val);
+uint32_t pcnet_ioport_readw(void *opaque, uint32_t addr);
+void pcnet_ioport_writel(void *opaque, uint32_t addr, uint32_t val);
+uint32_t pcnet_ioport_readl(void *opaque, uint32_t addr);
+uint32_t pcnet_bcr_readw(PCNetState *s, uint32_t rap);
+int pcnet_can_receive(NetClientState *nc);
+ssize_t pcnet_receive(NetClientState *nc, const uint8_t *buf, size_t size_);
+void pcnet_set_link_status(NetClientState *nc);
+void pcnet_common_cleanup(PCNetState *d);
+int pcnet_common_init(DeviceState *dev, PCNetState *s, NetClientInfo *info);
+extern const VMStateDescription vmstate_pcnet;
+
+#endif
diff --git a/hw/net/rtl8139.c b/hw/net/rtl8139.c
new file mode 100644
index 000000000..ee3b6903a
--- /dev/null
+++ b/hw/net/rtl8139.c
@@ -0,0 +1,3581 @@
+/**
+ * QEMU RTL8139 emulation
+ *
+ * Copyright (c) 2006 Igor Kovalenko
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+
+ * Modifications:
+ * 2006-Jan-28 Mark Malakanov : TSAD and CSCR implementation (for Windows driver)
+ *
+ * 2006-Apr-28 Juergen Lock : EEPROM emulation changes for FreeBSD driver
+ * HW revision ID changes for FreeBSD driver
+ *
+ * 2006-Jul-01 Igor Kovalenko : Implemented loopback mode for FreeBSD driver
+ * Corrected packet transfer reassembly routine for 8139C+ mode
+ * Rearranged debugging print statements
+ * Implemented PCI timer interrupt (disabled by default)
+ * Implemented Tally Counters, increased VM load/save version
+ * Implemented IP/TCP/UDP checksum task offloading
+ *
+ * 2006-Jul-04 Igor Kovalenko : Implemented TCP segmentation offloading
+ * Fixed MTU=1500 for produced ethernet frames
+ *
+ * 2006-Jul-09 Igor Kovalenko : Fixed TCP header length calculation while processing
+ * segmentation offloading
+ * Removed slirp.h dependency
+ * Added rx/tx buffer reset when enabling rx/tx operation
+ *
+ * 2010-Feb-04 Frediano Ziglio: Rewrote timer support using QEMU timer only
+ * when strictly needed (required for for
+ * Darwin)
+ * 2011-Mar-22 Benjamin Poirier: Implemented VLAN offloading
+ */
+
+/* For crc32 */
+#include <zlib.h>
+
+#include "hw/hw.h"
+#include "hw/pci/pci.h"
+#include "sysemu/dma.h"
+#include "qemu/timer.h"
+#include "net/net.h"
+#include "hw/loader.h"
+#include "sysemu/sysemu.h"
+#include "qemu/iov.h"
+
+/* debug RTL8139 card */
+//#define DEBUG_RTL8139 1
+
+#define PCI_FREQUENCY 33000000L
+
+#define SET_MASKED(input, mask, curr) \
+ ( ( (input) & ~(mask) ) | ( (curr) & (mask) ) )
+
+/* arg % size for size which is a power of 2 */
+#define MOD2(input, size) \
+ ( ( input ) & ( size - 1 ) )
+
+#define ETHER_ADDR_LEN 6
+#define ETHER_TYPE_LEN 2
+#define ETH_HLEN (ETHER_ADDR_LEN * 2 + ETHER_TYPE_LEN)
+#define ETH_P_IP 0x0800 /* Internet Protocol packet */
+#define ETH_P_8021Q 0x8100 /* 802.1Q VLAN Extended Header */
+#define ETH_MTU 1500
+
+#define VLAN_TCI_LEN 2
+#define VLAN_HLEN (ETHER_TYPE_LEN + VLAN_TCI_LEN)
+
+#if defined (DEBUG_RTL8139)
+# define DPRINTF(fmt, ...) \
+ do { fprintf(stderr, "RTL8139: " fmt, ## __VA_ARGS__); } while (0)
+#else
+static inline GCC_FMT_ATTR(1, 2) int DPRINTF(const char *fmt, ...)
+{
+ return 0;
+}
+#endif
+
+#define TYPE_RTL8139 "rtl8139"
+
+#define RTL8139(obj) \
+ OBJECT_CHECK(RTL8139State, (obj), TYPE_RTL8139)
+
+/* Symbolic offsets to registers. */
+enum RTL8139_registers {
+ MAC0 = 0, /* Ethernet hardware address. */
+ MAR0 = 8, /* Multicast filter. */
+ TxStatus0 = 0x10,/* Transmit status (Four 32bit registers). C mode only */
+ /* Dump Tally Conter control register(64bit). C+ mode only */
+ TxAddr0 = 0x20, /* Tx descriptors (also four 32bit). */
+ RxBuf = 0x30,
+ ChipCmd = 0x37,
+ RxBufPtr = 0x38,
+ RxBufAddr = 0x3A,
+ IntrMask = 0x3C,
+ IntrStatus = 0x3E,
+ TxConfig = 0x40,
+ RxConfig = 0x44,
+ Timer = 0x48, /* A general-purpose counter. */
+ RxMissed = 0x4C, /* 24 bits valid, write clears. */
+ Cfg9346 = 0x50,
+ Config0 = 0x51,
+ Config1 = 0x52,
+ FlashReg = 0x54,
+ MediaStatus = 0x58,
+ Config3 = 0x59,
+ Config4 = 0x5A, /* absent on RTL-8139A */
+ HltClk = 0x5B,
+ MultiIntr = 0x5C,
+ PCIRevisionID = 0x5E,
+ TxSummary = 0x60, /* TSAD register. Transmit Status of All Descriptors*/
+ BasicModeCtrl = 0x62,
+ BasicModeStatus = 0x64,
+ NWayAdvert = 0x66,
+ NWayLPAR = 0x68,
+ NWayExpansion = 0x6A,
+ /* Undocumented registers, but required for proper operation. */
+ FIFOTMS = 0x70, /* FIFO Control and test. */
+ CSCR = 0x74, /* Chip Status and Configuration Register. */
+ PARA78 = 0x78,
+ PARA7c = 0x7c, /* Magic transceiver parameter register. */
+ Config5 = 0xD8, /* absent on RTL-8139A */
+ /* C+ mode */
+ TxPoll = 0xD9, /* Tell chip to check Tx descriptors for work */
+ RxMaxSize = 0xDA, /* Max size of an Rx packet (8169 only) */
+ CpCmd = 0xE0, /* C+ Command register (C+ mode only) */
+ IntrMitigate = 0xE2, /* rx/tx interrupt mitigation control */
+ RxRingAddrLO = 0xE4, /* 64-bit start addr of Rx ring */
+ RxRingAddrHI = 0xE8, /* 64-bit start addr of Rx ring */
+ TxThresh = 0xEC, /* Early Tx threshold */
+};
+
+enum ClearBitMasks {
+ MultiIntrClear = 0xF000,
+ ChipCmdClear = 0xE2,
+ Config1Clear = (1<<7)|(1<<6)|(1<<3)|(1<<2)|(1<<1),
+};
+
+enum ChipCmdBits {
+ CmdReset = 0x10,
+ CmdRxEnb = 0x08,
+ CmdTxEnb = 0x04,
+ RxBufEmpty = 0x01,
+};
+
+/* C+ mode */
+enum CplusCmdBits {
+ CPlusRxVLAN = 0x0040, /* enable receive VLAN detagging */
+ CPlusRxChkSum = 0x0020, /* enable receive checksum offloading */
+ CPlusRxEnb = 0x0002,
+ CPlusTxEnb = 0x0001,
+};
+
+/* Interrupt register bits, using my own meaningful names. */
+enum IntrStatusBits {
+ PCIErr = 0x8000,
+ PCSTimeout = 0x4000,
+ RxFIFOOver = 0x40,
+ RxUnderrun = 0x20, /* Packet Underrun / Link Change */
+ RxOverflow = 0x10,
+ TxErr = 0x08,
+ TxOK = 0x04,
+ RxErr = 0x02,
+ RxOK = 0x01,
+
+ RxAckBits = RxFIFOOver | RxOverflow | RxOK,
+};
+
+enum TxStatusBits {
+ TxHostOwns = 0x2000,
+ TxUnderrun = 0x4000,
+ TxStatOK = 0x8000,
+ TxOutOfWindow = 0x20000000,
+ TxAborted = 0x40000000,
+ TxCarrierLost = 0x80000000,
+};
+enum RxStatusBits {
+ RxMulticast = 0x8000,
+ RxPhysical = 0x4000,
+ RxBroadcast = 0x2000,
+ RxBadSymbol = 0x0020,
+ RxRunt = 0x0010,
+ RxTooLong = 0x0008,
+ RxCRCErr = 0x0004,
+ RxBadAlign = 0x0002,
+ RxStatusOK = 0x0001,
+};
+
+/* Bits in RxConfig. */
+enum rx_mode_bits {
+ AcceptErr = 0x20,
+ AcceptRunt = 0x10,
+ AcceptBroadcast = 0x08,
+ AcceptMulticast = 0x04,
+ AcceptMyPhys = 0x02,
+ AcceptAllPhys = 0x01,
+};
+
+/* Bits in TxConfig. */
+enum tx_config_bits {
+
+ /* Interframe Gap Time. Only TxIFG96 doesn't violate IEEE 802.3 */
+ TxIFGShift = 24,
+ TxIFG84 = (0 << TxIFGShift), /* 8.4us / 840ns (10 / 100Mbps) */
+ TxIFG88 = (1 << TxIFGShift), /* 8.8us / 880ns (10 / 100Mbps) */
+ TxIFG92 = (2 << TxIFGShift), /* 9.2us / 920ns (10 / 100Mbps) */
+ TxIFG96 = (3 << TxIFGShift), /* 9.6us / 960ns (10 / 100Mbps) */
+
+ TxLoopBack = (1 << 18) | (1 << 17), /* enable loopback test mode */
+ TxCRC = (1 << 16), /* DISABLE appending CRC to end of Tx packets */
+ TxClearAbt = (1 << 0), /* Clear abort (WO) */
+ TxDMAShift = 8, /* DMA burst value (0-7) is shifted this many bits */
+ TxRetryShift = 4, /* TXRR value (0-15) is shifted this many bits */
+
+ TxVersionMask = 0x7C800000, /* mask out version bits 30-26, 23 */
+};
+
+
+/* Transmit Status of All Descriptors (TSAD) Register */
+enum TSAD_bits {
+ TSAD_TOK3 = 1<<15, // TOK bit of Descriptor 3
+ TSAD_TOK2 = 1<<14, // TOK bit of Descriptor 2
+ TSAD_TOK1 = 1<<13, // TOK bit of Descriptor 1
+ TSAD_TOK0 = 1<<12, // TOK bit of Descriptor 0
+ TSAD_TUN3 = 1<<11, // TUN bit of Descriptor 3
+ TSAD_TUN2 = 1<<10, // TUN bit of Descriptor 2
+ TSAD_TUN1 = 1<<9, // TUN bit of Descriptor 1
+ TSAD_TUN0 = 1<<8, // TUN bit of Descriptor 0
+ TSAD_TABT3 = 1<<07, // TABT bit of Descriptor 3
+ TSAD_TABT2 = 1<<06, // TABT bit of Descriptor 2
+ TSAD_TABT1 = 1<<05, // TABT bit of Descriptor 1
+ TSAD_TABT0 = 1<<04, // TABT bit of Descriptor 0
+ TSAD_OWN3 = 1<<03, // OWN bit of Descriptor 3
+ TSAD_OWN2 = 1<<02, // OWN bit of Descriptor 2
+ TSAD_OWN1 = 1<<01, // OWN bit of Descriptor 1
+ TSAD_OWN0 = 1<<00, // OWN bit of Descriptor 0
+};
+
+
+/* Bits in Config1 */
+enum Config1Bits {
+ Cfg1_PM_Enable = 0x01,
+ Cfg1_VPD_Enable = 0x02,
+ Cfg1_PIO = 0x04,
+ Cfg1_MMIO = 0x08,
+ LWAKE = 0x10, /* not on 8139, 8139A */
+ Cfg1_Driver_Load = 0x20,
+ Cfg1_LED0 = 0x40,
+ Cfg1_LED1 = 0x80,
+ SLEEP = (1 << 1), /* only on 8139, 8139A */
+ PWRDN = (1 << 0), /* only on 8139, 8139A */
+};
+
+/* Bits in Config3 */
+enum Config3Bits {
+ Cfg3_FBtBEn = (1 << 0), /* 1 = Fast Back to Back */
+ Cfg3_FuncRegEn = (1 << 1), /* 1 = enable CardBus Function registers */
+ Cfg3_CLKRUN_En = (1 << 2), /* 1 = enable CLKRUN */
+ Cfg3_CardB_En = (1 << 3), /* 1 = enable CardBus registers */
+ Cfg3_LinkUp = (1 << 4), /* 1 = wake up on link up */
+ Cfg3_Magic = (1 << 5), /* 1 = wake up on Magic Packet (tm) */
+ Cfg3_PARM_En = (1 << 6), /* 0 = software can set twister parameters */
+ Cfg3_GNTSel = (1 << 7), /* 1 = delay 1 clock from PCI GNT signal */
+};
+
+/* Bits in Config4 */
+enum Config4Bits {
+ LWPTN = (1 << 2), /* not on 8139, 8139A */
+};
+
+/* Bits in Config5 */
+enum Config5Bits {
+ Cfg5_PME_STS = (1 << 0), /* 1 = PCI reset resets PME_Status */
+ Cfg5_LANWake = (1 << 1), /* 1 = enable LANWake signal */
+ Cfg5_LDPS = (1 << 2), /* 0 = save power when link is down */
+ Cfg5_FIFOAddrPtr = (1 << 3), /* Realtek internal SRAM testing */
+ Cfg5_UWF = (1 << 4), /* 1 = accept unicast wakeup frame */
+ Cfg5_MWF = (1 << 5), /* 1 = accept multicast wakeup frame */
+ Cfg5_BWF = (1 << 6), /* 1 = accept broadcast wakeup frame */
+};
+
+enum RxConfigBits {
+ /* rx fifo threshold */
+ RxCfgFIFOShift = 13,
+ RxCfgFIFONone = (7 << RxCfgFIFOShift),
+
+ /* Max DMA burst */
+ RxCfgDMAShift = 8,
+ RxCfgDMAUnlimited = (7 << RxCfgDMAShift),
+
+ /* rx ring buffer length */
+ RxCfgRcv8K = 0,
+ RxCfgRcv16K = (1 << 11),
+ RxCfgRcv32K = (1 << 12),
+ RxCfgRcv64K = (1 << 11) | (1 << 12),
+
+ /* Disable packet wrap at end of Rx buffer. (not possible with 64k) */
+ RxNoWrap = (1 << 7),
+};
+
+/* Twister tuning parameters from RealTek.
+ Completely undocumented, but required to tune bad links on some boards. */
+/*
+enum CSCRBits {
+ CSCR_LinkOKBit = 0x0400,
+ CSCR_LinkChangeBit = 0x0800,
+ CSCR_LinkStatusBits = 0x0f000,
+ CSCR_LinkDownOffCmd = 0x003c0,
+ CSCR_LinkDownCmd = 0x0f3c0,
+*/
+enum CSCRBits {
+ CSCR_Testfun = 1<<15, /* 1 = Auto-neg speeds up internal timer, WO, def 0 */
+ CSCR_LD = 1<<9, /* Active low TPI link disable signal. When low, TPI still transmits link pulses and TPI stays in good link state. def 1*/
+ CSCR_HEART_BIT = 1<<8, /* 1 = HEART BEAT enable, 0 = HEART BEAT disable. HEART BEAT function is only valid in 10Mbps mode. def 1*/
+ CSCR_JBEN = 1<<7, /* 1 = enable jabber function. 0 = disable jabber function, def 1*/
+ CSCR_F_LINK_100 = 1<<6, /* Used to login force good link in 100Mbps for diagnostic purposes. 1 = DISABLE, 0 = ENABLE. def 1*/
+ CSCR_F_Connect = 1<<5, /* Assertion of this bit forces the disconnect function to be bypassed. def 0*/
+ CSCR_Con_status = 1<<3, /* This bit indicates the status of the connection. 1 = valid connected link detected; 0 = disconnected link detected. RO def 0*/
+ CSCR_Con_status_En = 1<<2, /* Assertion of this bit configures LED1 pin to indicate connection status. def 0*/
+ CSCR_PASS_SCR = 1<<0, /* Bypass Scramble, def 0*/
+};
+
+enum Cfg9346Bits {
+ Cfg9346_Normal = 0x00,
+ Cfg9346_Autoload = 0x40,
+ Cfg9346_Programming = 0x80,
+ Cfg9346_ConfigWrite = 0xC0,
+};
+
+typedef enum {
+ CH_8139 = 0,
+ CH_8139_K,
+ CH_8139A,
+ CH_8139A_G,
+ CH_8139B,
+ CH_8130,
+ CH_8139C,
+ CH_8100,
+ CH_8100B_8139D,
+ CH_8101,
+} chip_t;
+
+enum chip_flags {
+ HasHltClk = (1 << 0),
+ HasLWake = (1 << 1),
+};
+
+#define HW_REVID(b30, b29, b28, b27, b26, b23, b22) \
+ (b30<<30 | b29<<29 | b28<<28 | b27<<27 | b26<<26 | b23<<23 | b22<<22)
+#define HW_REVID_MASK HW_REVID(1, 1, 1, 1, 1, 1, 1)
+
+#define RTL8139_PCI_REVID_8139 0x10
+#define RTL8139_PCI_REVID_8139CPLUS 0x20
+
+#define RTL8139_PCI_REVID RTL8139_PCI_REVID_8139CPLUS
+
+/* Size is 64 * 16bit words */
+#define EEPROM_9346_ADDR_BITS 6
+#define EEPROM_9346_SIZE (1 << EEPROM_9346_ADDR_BITS)
+#define EEPROM_9346_ADDR_MASK (EEPROM_9346_SIZE - 1)
+
+enum Chip9346Operation
+{
+ Chip9346_op_mask = 0xc0, /* 10 zzzzzz */
+ Chip9346_op_read = 0x80, /* 10 AAAAAA */
+ Chip9346_op_write = 0x40, /* 01 AAAAAA D(15)..D(0) */
+ Chip9346_op_ext_mask = 0xf0, /* 11 zzzzzz */
+ Chip9346_op_write_enable = 0x30, /* 00 11zzzz */
+ Chip9346_op_write_all = 0x10, /* 00 01zzzz */
+ Chip9346_op_write_disable = 0x00, /* 00 00zzzz */
+};
+
+enum Chip9346Mode
+{
+ Chip9346_none = 0,
+ Chip9346_enter_command_mode,
+ Chip9346_read_command,
+ Chip9346_data_read, /* from output register */
+ Chip9346_data_write, /* to input register, then to contents at specified address */
+ Chip9346_data_write_all, /* to input register, then filling contents */
+};
+
+typedef struct EEprom9346
+{
+ uint16_t contents[EEPROM_9346_SIZE];
+ int mode;
+ uint32_t tick;
+ uint8_t address;
+ uint16_t input;
+ uint16_t output;
+
+ uint8_t eecs;
+ uint8_t eesk;
+ uint8_t eedi;
+ uint8_t eedo;
+} EEprom9346;
+
+typedef struct RTL8139TallyCounters
+{
+ /* Tally counters */
+ uint64_t TxOk;
+ uint64_t RxOk;
+ uint64_t TxERR;
+ uint32_t RxERR;
+ uint16_t MissPkt;
+ uint16_t FAE;
+ uint32_t Tx1Col;
+ uint32_t TxMCol;
+ uint64_t RxOkPhy;
+ uint64_t RxOkBrd;
+ uint32_t RxOkMul;
+ uint16_t TxAbt;
+ uint16_t TxUndrn;
+} RTL8139TallyCounters;
+
+/* Clears all tally counters */
+static void RTL8139TallyCounters_clear(RTL8139TallyCounters* counters);
+
+typedef struct RTL8139State {
+ /*< private >*/
+ PCIDevice parent_obj;
+ /*< public >*/
+
+ uint8_t phys[8]; /* mac address */
+ uint8_t mult[8]; /* multicast mask array */
+
+ uint32_t TxStatus[4]; /* TxStatus0 in C mode*/ /* also DTCCR[0] and DTCCR[1] in C+ mode */
+ uint32_t TxAddr[4]; /* TxAddr0 */
+ uint32_t RxBuf; /* Receive buffer */
+ uint32_t RxBufferSize;/* internal variable, receive ring buffer size in C mode */
+ uint32_t RxBufPtr;
+ uint32_t RxBufAddr;
+
+ uint16_t IntrStatus;
+ uint16_t IntrMask;
+
+ uint32_t TxConfig;
+ uint32_t RxConfig;
+ uint32_t RxMissed;
+
+ uint16_t CSCR;
+
+ uint8_t Cfg9346;
+ uint8_t Config0;
+ uint8_t Config1;
+ uint8_t Config3;
+ uint8_t Config4;
+ uint8_t Config5;
+
+ uint8_t clock_enabled;
+ uint8_t bChipCmdState;
+
+ uint16_t MultiIntr;
+
+ uint16_t BasicModeCtrl;
+ uint16_t BasicModeStatus;
+ uint16_t NWayAdvert;
+ uint16_t NWayLPAR;
+ uint16_t NWayExpansion;
+
+ uint16_t CpCmd;
+ uint8_t TxThresh;
+
+ NICState *nic;
+ NICConf conf;
+
+ /* C ring mode */
+ uint32_t currTxDesc;
+
+ /* C+ mode */
+ uint32_t cplus_enabled;
+
+ uint32_t currCPlusRxDesc;
+ uint32_t currCPlusTxDesc;
+
+ uint32_t RxRingAddrLO;
+ uint32_t RxRingAddrHI;
+
+ EEprom9346 eeprom;
+
+ uint32_t TCTR;
+ uint32_t TimerInt;
+ int64_t TCTR_base;
+
+ /* Tally counters */
+ RTL8139TallyCounters tally_counters;
+
+ /* Non-persistent data */
+ uint8_t *cplus_txbuffer;
+ int cplus_txbuffer_len;
+ int cplus_txbuffer_offset;
+
+ /* PCI interrupt timer */
+ QEMUTimer *timer;
+ int64_t TimerExpire;
+
+ MemoryRegion bar_io;
+ MemoryRegion bar_mem;
+
+ /* Support migration to/from old versions */
+ int rtl8139_mmio_io_addr_dummy;
+} RTL8139State;
+
+/* Writes tally counters to memory via DMA */
+static void RTL8139TallyCounters_dma_write(RTL8139State *s, dma_addr_t tc_addr);
+
+static void rtl8139_set_next_tctr_time(RTL8139State *s, int64_t current_time);
+
+static void prom9346_decode_command(EEprom9346 *eeprom, uint8_t command)
+{
+ DPRINTF("eeprom command 0x%02x\n", command);
+
+ switch (command & Chip9346_op_mask)
+ {
+ case Chip9346_op_read:
+ {
+ eeprom->address = command & EEPROM_9346_ADDR_MASK;
+ eeprom->output = eeprom->contents[eeprom->address];
+ eeprom->eedo = 0;
+ eeprom->tick = 0;
+ eeprom->mode = Chip9346_data_read;
+ DPRINTF("eeprom read from address 0x%02x data=0x%04x\n",
+ eeprom->address, eeprom->output);
+ }
+ break;
+
+ case Chip9346_op_write:
+ {
+ eeprom->address = command & EEPROM_9346_ADDR_MASK;
+ eeprom->input = 0;
+ eeprom->tick = 0;
+ eeprom->mode = Chip9346_none; /* Chip9346_data_write */
+ DPRINTF("eeprom begin write to address 0x%02x\n",
+ eeprom->address);
+ }
+ break;
+ default:
+ eeprom->mode = Chip9346_none;
+ switch (command & Chip9346_op_ext_mask)
+ {
+ case Chip9346_op_write_enable:
+ DPRINTF("eeprom write enabled\n");
+ break;
+ case Chip9346_op_write_all:
+ DPRINTF("eeprom begin write all\n");
+ break;
+ case Chip9346_op_write_disable:
+ DPRINTF("eeprom write disabled\n");
+ break;
+ }
+ break;
+ }
+}
+
+static void prom9346_shift_clock(EEprom9346 *eeprom)
+{
+ int bit = eeprom->eedi?1:0;
+
+ ++ eeprom->tick;
+
+ DPRINTF("eeprom: tick %d eedi=%d eedo=%d\n", eeprom->tick, eeprom->eedi,
+ eeprom->eedo);
+
+ switch (eeprom->mode)
+ {
+ case Chip9346_enter_command_mode:
+ if (bit)
+ {
+ eeprom->mode = Chip9346_read_command;
+ eeprom->tick = 0;
+ eeprom->input = 0;
+ DPRINTF("eeprom: +++ synchronized, begin command read\n");
+ }
+ break;
+
+ case Chip9346_read_command:
+ eeprom->input = (eeprom->input << 1) | (bit & 1);
+ if (eeprom->tick == 8)
+ {
+ prom9346_decode_command(eeprom, eeprom->input & 0xff);
+ }
+ break;
+
+ case Chip9346_data_read:
+ eeprom->eedo = (eeprom->output & 0x8000)?1:0;
+ eeprom->output <<= 1;
+ if (eeprom->tick == 16)
+ {
+#if 1
+ // the FreeBSD drivers (rl and re) don't explicitly toggle
+ // CS between reads (or does setting Cfg9346 to 0 count too?),
+ // so we need to enter wait-for-command state here
+ eeprom->mode = Chip9346_enter_command_mode;
+ eeprom->input = 0;
+ eeprom->tick = 0;
+
+ DPRINTF("eeprom: +++ end of read, awaiting next command\n");
+#else
+ // original behaviour
+ ++eeprom->address;
+ eeprom->address &= EEPROM_9346_ADDR_MASK;
+ eeprom->output = eeprom->contents[eeprom->address];
+ eeprom->tick = 0;
+
+ DPRINTF("eeprom: +++ read next address 0x%02x data=0x%04x\n",
+ eeprom->address, eeprom->output);
+#endif
+ }
+ break;
+
+ case Chip9346_data_write:
+ eeprom->input = (eeprom->input << 1) | (bit & 1);
+ if (eeprom->tick == 16)
+ {
+ DPRINTF("eeprom write to address 0x%02x data=0x%04x\n",
+ eeprom->address, eeprom->input);
+
+ eeprom->contents[eeprom->address] = eeprom->input;
+ eeprom->mode = Chip9346_none; /* waiting for next command after CS cycle */
+ eeprom->tick = 0;
+ eeprom->input = 0;
+ }
+ break;
+
+ case Chip9346_data_write_all:
+ eeprom->input = (eeprom->input << 1) | (bit & 1);
+ if (eeprom->tick == 16)
+ {
+ int i;
+ for (i = 0; i < EEPROM_9346_SIZE; i++)
+ {
+ eeprom->contents[i] = eeprom->input;
+ }
+ DPRINTF("eeprom filled with data=0x%04x\n", eeprom->input);
+
+ eeprom->mode = Chip9346_enter_command_mode;
+ eeprom->tick = 0;
+ eeprom->input = 0;
+ }
+ break;
+
+ default:
+ break;
+ }
+}
+
+static int prom9346_get_wire(RTL8139State *s)
+{
+ EEprom9346 *eeprom = &s->eeprom;
+ if (!eeprom->eecs)
+ return 0;
+
+ return eeprom->eedo;
+}
+
+/* FIXME: This should be merged into/replaced by eeprom93xx.c. */
+static void prom9346_set_wire(RTL8139State *s, int eecs, int eesk, int eedi)
+{
+ EEprom9346 *eeprom = &s->eeprom;
+ uint8_t old_eecs = eeprom->eecs;
+ uint8_t old_eesk = eeprom->eesk;
+
+ eeprom->eecs = eecs;
+ eeprom->eesk = eesk;
+ eeprom->eedi = eedi;
+
+ DPRINTF("eeprom: +++ wires CS=%d SK=%d DI=%d DO=%d\n", eeprom->eecs,
+ eeprom->eesk, eeprom->eedi, eeprom->eedo);
+
+ if (!old_eecs && eecs)
+ {
+ /* Synchronize start */
+ eeprom->tick = 0;
+ eeprom->input = 0;
+ eeprom->output = 0;
+ eeprom->mode = Chip9346_enter_command_mode;
+
+ DPRINTF("=== eeprom: begin access, enter command mode\n");
+ }
+
+ if (!eecs)
+ {
+ DPRINTF("=== eeprom: end access\n");
+ return;
+ }
+
+ if (!old_eesk && eesk)
+ {
+ /* SK front rules */
+ prom9346_shift_clock(eeprom);
+ }
+}
+
+static void rtl8139_update_irq(RTL8139State *s)
+{
+ PCIDevice *d = PCI_DEVICE(s);
+ int isr;
+ isr = (s->IntrStatus & s->IntrMask) & 0xffff;
+
+ DPRINTF("Set IRQ to %d (%04x %04x)\n", isr ? 1 : 0, s->IntrStatus,
+ s->IntrMask);
+
+ qemu_set_irq(d->irq[0], (isr != 0));
+}
+
+static int rtl8139_RxWrap(RTL8139State *s)
+{
+ /* wrapping enabled; assume 1.5k more buffer space if size < 65536 */
+ return (s->RxConfig & (1 << 7));
+}
+
+static int rtl8139_receiver_enabled(RTL8139State *s)
+{
+ return s->bChipCmdState & CmdRxEnb;
+}
+
+static int rtl8139_transmitter_enabled(RTL8139State *s)
+{
+ return s->bChipCmdState & CmdTxEnb;
+}
+
+static int rtl8139_cp_receiver_enabled(RTL8139State *s)
+{
+ return s->CpCmd & CPlusRxEnb;
+}
+
+static int rtl8139_cp_transmitter_enabled(RTL8139State *s)
+{
+ return s->CpCmd & CPlusTxEnb;
+}
+
+static void rtl8139_write_buffer(RTL8139State *s, const void *buf, int size)
+{
+ PCIDevice *d = PCI_DEVICE(s);
+
+ if (s->RxBufAddr + size > s->RxBufferSize)
+ {
+ int wrapped = MOD2(s->RxBufAddr + size, s->RxBufferSize);
+
+ /* write packet data */
+ if (wrapped && !(s->RxBufferSize < 65536 && rtl8139_RxWrap(s)))
+ {
+ DPRINTF(">>> rx packet wrapped in buffer at %d\n", size - wrapped);
+
+ if (size > wrapped)
+ {
+ pci_dma_write(d, s->RxBuf + s->RxBufAddr,
+ buf, size-wrapped);
+ }
+
+ /* reset buffer pointer */
+ s->RxBufAddr = 0;
+
+ pci_dma_write(d, s->RxBuf + s->RxBufAddr,
+ buf + (size-wrapped), wrapped);
+
+ s->RxBufAddr = wrapped;
+
+ return;
+ }
+ }
+
+ /* non-wrapping path or overwrapping enabled */
+ pci_dma_write(d, s->RxBuf + s->RxBufAddr, buf, size);
+
+ s->RxBufAddr += size;
+}
+
+#define MIN_BUF_SIZE 60
+static inline dma_addr_t rtl8139_addr64(uint32_t low, uint32_t high)
+{
+ return low | ((uint64_t)high << 32);
+}
+
+/* Workaround for buggy guest driver such as linux who allocates rx
+ * rings after the receiver were enabled. */
+static bool rtl8139_cp_rx_valid(RTL8139State *s)
+{
+ return !(s->RxRingAddrLO == 0 && s->RxRingAddrHI == 0);
+}
+
+static int rtl8139_can_receive(NetClientState *nc)
+{
+ RTL8139State *s = qemu_get_nic_opaque(nc);
+ int avail;
+
+ /* Receive (drop) packets if card is disabled. */
+ if (!s->clock_enabled)
+ return 1;
+ if (!rtl8139_receiver_enabled(s))
+ return 1;
+
+ if (rtl8139_cp_receiver_enabled(s) && rtl8139_cp_rx_valid(s)) {
+ /* ??? Flow control not implemented in c+ mode.
+ This is a hack to work around slirp deficiencies anyway. */
+ return 1;
+ } else {
+ avail = MOD2(s->RxBufferSize + s->RxBufPtr - s->RxBufAddr,
+ s->RxBufferSize);
+ return (avail == 0 || avail >= 1514 || (s->IntrMask & RxOverflow));
+ }
+}
+
+static ssize_t rtl8139_do_receive(NetClientState *nc, const uint8_t *buf, size_t size_, int do_interrupt)
+{
+ RTL8139State *s = qemu_get_nic_opaque(nc);
+ PCIDevice *d = PCI_DEVICE(s);
+ /* size is the length of the buffer passed to the driver */
+ int size = size_;
+ const uint8_t *dot1q_buf = NULL;
+
+ uint32_t packet_header = 0;
+
+ uint8_t buf1[MIN_BUF_SIZE + VLAN_HLEN];
+ static const uint8_t broadcast_macaddr[6] =
+ { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
+
+ DPRINTF(">>> received len=%d\n", size);
+
+ /* test if board clock is stopped */
+ if (!s->clock_enabled)
+ {
+ DPRINTF("stopped ==========================\n");
+ return -1;
+ }
+
+ /* first check if receiver is enabled */
+
+ if (!rtl8139_receiver_enabled(s))
+ {
+ DPRINTF("receiver disabled ================\n");
+ return -1;
+ }
+
+ /* XXX: check this */
+ if (s->RxConfig & AcceptAllPhys) {
+ /* promiscuous: receive all */
+ DPRINTF(">>> packet received in promiscuous mode\n");
+
+ } else {
+ if (!memcmp(buf, broadcast_macaddr, 6)) {
+ /* broadcast address */
+ if (!(s->RxConfig & AcceptBroadcast))
+ {
+ DPRINTF(">>> broadcast packet rejected\n");
+
+ /* update tally counter */
+ ++s->tally_counters.RxERR;
+
+ return size;
+ }
+
+ packet_header |= RxBroadcast;
+
+ DPRINTF(">>> broadcast packet received\n");
+
+ /* update tally counter */
+ ++s->tally_counters.RxOkBrd;
+
+ } else if (buf[0] & 0x01) {
+ /* multicast */
+ if (!(s->RxConfig & AcceptMulticast))
+ {
+ DPRINTF(">>> multicast packet rejected\n");
+
+ /* update tally counter */
+ ++s->tally_counters.RxERR;
+
+ return size;
+ }
+
+ int mcast_idx = compute_mcast_idx(buf);
+
+ if (!(s->mult[mcast_idx >> 3] & (1 << (mcast_idx & 7))))
+ {
+ DPRINTF(">>> multicast address mismatch\n");
+
+ /* update tally counter */
+ ++s->tally_counters.RxERR;
+
+ return size;
+ }
+
+ packet_header |= RxMulticast;
+
+ DPRINTF(">>> multicast packet received\n");
+
+ /* update tally counter */
+ ++s->tally_counters.RxOkMul;
+
+ } else if (s->phys[0] == buf[0] &&
+ s->phys[1] == buf[1] &&
+ s->phys[2] == buf[2] &&
+ s->phys[3] == buf[3] &&
+ s->phys[4] == buf[4] &&
+ s->phys[5] == buf[5]) {
+ /* match */
+ if (!(s->RxConfig & AcceptMyPhys))
+ {
+ DPRINTF(">>> rejecting physical address matching packet\n");
+
+ /* update tally counter */
+ ++s->tally_counters.RxERR;
+
+ return size;
+ }
+
+ packet_header |= RxPhysical;
+
+ DPRINTF(">>> physical address matching packet received\n");
+
+ /* update tally counter */
+ ++s->tally_counters.RxOkPhy;
+
+ } else {
+
+ DPRINTF(">>> unknown packet\n");
+
+ /* update tally counter */
+ ++s->tally_counters.RxERR;
+
+ return size;
+ }
+ }
+
+ /* if too small buffer, then expand it
+ * Include some tailroom in case a vlan tag is later removed. */
+ if (size < MIN_BUF_SIZE + VLAN_HLEN) {
+ memcpy(buf1, buf, size);
+ memset(buf1 + size, 0, MIN_BUF_SIZE + VLAN_HLEN - size);
+ buf = buf1;
+ if (size < MIN_BUF_SIZE) {
+ size = MIN_BUF_SIZE;
+ }
+ }
+
+ if (rtl8139_cp_receiver_enabled(s))
+ {
+ if (!rtl8139_cp_rx_valid(s)) {
+ return size;
+ }
+
+ DPRINTF("in C+ Rx mode ================\n");
+
+ /* begin C+ receiver mode */
+
+/* w0 ownership flag */
+#define CP_RX_OWN (1<<31)
+/* w0 end of ring flag */
+#define CP_RX_EOR (1<<30)
+/* w0 bits 0...12 : buffer size */
+#define CP_RX_BUFFER_SIZE_MASK ((1<<13) - 1)
+/* w1 tag available flag */
+#define CP_RX_TAVA (1<<16)
+/* w1 bits 0...15 : VLAN tag */
+#define CP_RX_VLAN_TAG_MASK ((1<<16) - 1)
+/* w2 low 32bit of Rx buffer ptr */
+/* w3 high 32bit of Rx buffer ptr */
+
+ int descriptor = s->currCPlusRxDesc;
+ dma_addr_t cplus_rx_ring_desc;
+
+ cplus_rx_ring_desc = rtl8139_addr64(s->RxRingAddrLO, s->RxRingAddrHI);
+ cplus_rx_ring_desc += 16 * descriptor;
+
+ DPRINTF("+++ C+ mode reading RX descriptor %d from host memory at "
+ "%08x %08x = "DMA_ADDR_FMT"\n", descriptor, s->RxRingAddrHI,
+ s->RxRingAddrLO, cplus_rx_ring_desc);
+
+ uint32_t val, rxdw0,rxdw1,rxbufLO,rxbufHI;
+
+ pci_dma_read(d, cplus_rx_ring_desc, &val, 4);
+ rxdw0 = le32_to_cpu(val);
+ pci_dma_read(d, cplus_rx_ring_desc+4, &val, 4);
+ rxdw1 = le32_to_cpu(val);
+ pci_dma_read(d, cplus_rx_ring_desc+8, &val, 4);
+ rxbufLO = le32_to_cpu(val);
+ pci_dma_read(d, cplus_rx_ring_desc+12, &val, 4);
+ rxbufHI = le32_to_cpu(val);
+
+ DPRINTF("+++ C+ mode RX descriptor %d %08x %08x %08x %08x\n",
+ descriptor, rxdw0, rxdw1, rxbufLO, rxbufHI);
+
+ if (!(rxdw0 & CP_RX_OWN))
+ {
+ DPRINTF("C+ Rx mode : descriptor %d is owned by host\n",
+ descriptor);
+
+ s->IntrStatus |= RxOverflow;
+ ++s->RxMissed;
+
+ /* update tally counter */
+ ++s->tally_counters.RxERR;
+ ++s->tally_counters.MissPkt;
+
+ rtl8139_update_irq(s);
+ return size_;
+ }
+
+ uint32_t rx_space = rxdw0 & CP_RX_BUFFER_SIZE_MASK;
+
+ /* write VLAN info to descriptor variables. */
+ if (s->CpCmd & CPlusRxVLAN && be16_to_cpup((uint16_t *)
+ &buf[ETHER_ADDR_LEN * 2]) == ETH_P_8021Q) {
+ dot1q_buf = &buf[ETHER_ADDR_LEN * 2];
+ size -= VLAN_HLEN;
+ /* if too small buffer, use the tailroom added duing expansion */
+ if (size < MIN_BUF_SIZE) {
+ size = MIN_BUF_SIZE;
+ }
+
+ rxdw1 &= ~CP_RX_VLAN_TAG_MASK;
+ /* BE + ~le_to_cpu()~ + cpu_to_le() = BE */
+ rxdw1 |= CP_RX_TAVA | le16_to_cpup((uint16_t *)
+ &dot1q_buf[ETHER_TYPE_LEN]);
+
+ DPRINTF("C+ Rx mode : extracted vlan tag with tci: ""%u\n",
+ be16_to_cpup((uint16_t *)&dot1q_buf[ETHER_TYPE_LEN]));
+ } else {
+ /* reset VLAN tag flag */
+ rxdw1 &= ~CP_RX_TAVA;
+ }
+
+ /* TODO: scatter the packet over available receive ring descriptors space */
+
+ if (size+4 > rx_space)
+ {
+ DPRINTF("C+ Rx mode : descriptor %d size %d received %d + 4\n",
+ descriptor, rx_space, size);
+
+ s->IntrStatus |= RxOverflow;
+ ++s->RxMissed;
+
+ /* update tally counter */
+ ++s->tally_counters.RxERR;
+ ++s->tally_counters.MissPkt;
+
+ rtl8139_update_irq(s);
+ return size_;
+ }
+
+ dma_addr_t rx_addr = rtl8139_addr64(rxbufLO, rxbufHI);
+
+ /* receive/copy to target memory */
+ if (dot1q_buf) {
+ pci_dma_write(d, rx_addr, buf, 2 * ETHER_ADDR_LEN);
+ pci_dma_write(d, rx_addr + 2 * ETHER_ADDR_LEN,
+ buf + 2 * ETHER_ADDR_LEN + VLAN_HLEN,
+ size - 2 * ETHER_ADDR_LEN);
+ } else {
+ pci_dma_write(d, rx_addr, buf, size);
+ }
+
+ if (s->CpCmd & CPlusRxChkSum)
+ {
+ /* do some packet checksumming */
+ }
+
+ /* write checksum */
+ val = cpu_to_le32(crc32(0, buf, size_));
+ pci_dma_write(d, rx_addr+size, (uint8_t *)&val, 4);
+
+/* first segment of received packet flag */
+#define CP_RX_STATUS_FS (1<<29)
+/* last segment of received packet flag */
+#define CP_RX_STATUS_LS (1<<28)
+/* multicast packet flag */
+#define CP_RX_STATUS_MAR (1<<26)
+/* physical-matching packet flag */
+#define CP_RX_STATUS_PAM (1<<25)
+/* broadcast packet flag */
+#define CP_RX_STATUS_BAR (1<<24)
+/* runt packet flag */
+#define CP_RX_STATUS_RUNT (1<<19)
+/* crc error flag */
+#define CP_RX_STATUS_CRC (1<<18)
+/* IP checksum error flag */
+#define CP_RX_STATUS_IPF (1<<15)
+/* UDP checksum error flag */
+#define CP_RX_STATUS_UDPF (1<<14)
+/* TCP checksum error flag */
+#define CP_RX_STATUS_TCPF (1<<13)
+
+ /* transfer ownership to target */
+ rxdw0 &= ~CP_RX_OWN;
+
+ /* set first segment bit */
+ rxdw0 |= CP_RX_STATUS_FS;
+
+ /* set last segment bit */
+ rxdw0 |= CP_RX_STATUS_LS;
+
+ /* set received packet type flags */
+ if (packet_header & RxBroadcast)
+ rxdw0 |= CP_RX_STATUS_BAR;
+ if (packet_header & RxMulticast)
+ rxdw0 |= CP_RX_STATUS_MAR;
+ if (packet_header & RxPhysical)
+ rxdw0 |= CP_RX_STATUS_PAM;
+
+ /* set received size */
+ rxdw0 &= ~CP_RX_BUFFER_SIZE_MASK;
+ rxdw0 |= (size+4);
+
+ /* update ring data */
+ val = cpu_to_le32(rxdw0);
+ pci_dma_write(d, cplus_rx_ring_desc, (uint8_t *)&val, 4);
+ val = cpu_to_le32(rxdw1);
+ pci_dma_write(d, cplus_rx_ring_desc+4, (uint8_t *)&val, 4);
+
+ /* update tally counter */
+ ++s->tally_counters.RxOk;
+
+ /* seek to next Rx descriptor */
+ if (rxdw0 & CP_RX_EOR)
+ {
+ s->currCPlusRxDesc = 0;
+ }
+ else
+ {
+ ++s->currCPlusRxDesc;
+ }
+
+ DPRINTF("done C+ Rx mode ----------------\n");
+
+ }
+ else
+ {
+ DPRINTF("in ring Rx mode ================\n");
+
+ /* begin ring receiver mode */
+ int avail = MOD2(s->RxBufferSize + s->RxBufPtr - s->RxBufAddr, s->RxBufferSize);
+
+ /* if receiver buffer is empty then avail == 0 */
+
+ if (avail != 0 && size + 8 >= avail)
+ {
+ DPRINTF("rx overflow: rx buffer length %d head 0x%04x "
+ "read 0x%04x === available 0x%04x need 0x%04x\n",
+ s->RxBufferSize, s->RxBufAddr, s->RxBufPtr, avail, size + 8);
+
+ s->IntrStatus |= RxOverflow;
+ ++s->RxMissed;
+ rtl8139_update_irq(s);
+ return size_;
+ }
+
+ packet_header |= RxStatusOK;
+
+ packet_header |= (((size+4) << 16) & 0xffff0000);
+
+ /* write header */
+ uint32_t val = cpu_to_le32(packet_header);
+
+ rtl8139_write_buffer(s, (uint8_t *)&val, 4);
+
+ rtl8139_write_buffer(s, buf, size);
+
+ /* write checksum */
+ val = cpu_to_le32(crc32(0, buf, size));
+ rtl8139_write_buffer(s, (uint8_t *)&val, 4);
+
+ /* correct buffer write pointer */
+ s->RxBufAddr = MOD2((s->RxBufAddr + 3) & ~0x3, s->RxBufferSize);
+
+ /* now we can signal we have received something */
+
+ DPRINTF("received: rx buffer length %d head 0x%04x read 0x%04x\n",
+ s->RxBufferSize, s->RxBufAddr, s->RxBufPtr);
+ }
+
+ s->IntrStatus |= RxOK;
+
+ if (do_interrupt)
+ {
+ rtl8139_update_irq(s);
+ }
+
+ return size_;
+}
+
+static ssize_t rtl8139_receive(NetClientState *nc, const uint8_t *buf, size_t size)
+{
+ return rtl8139_do_receive(nc, buf, size, 1);
+}
+
+static void rtl8139_reset_rxring(RTL8139State *s, uint32_t bufferSize)
+{
+ s->RxBufferSize = bufferSize;
+ s->RxBufPtr = 0;
+ s->RxBufAddr = 0;
+}
+
+static void rtl8139_reset(DeviceState *d)
+{
+ RTL8139State *s = RTL8139(d);
+ int i;
+
+ /* restore MAC address */
+ memcpy(s->phys, s->conf.macaddr.a, 6);
+
+ /* reset interrupt mask */
+ s->IntrStatus = 0;
+ s->IntrMask = 0;
+
+ rtl8139_update_irq(s);
+
+ /* mark all status registers as owned by host */
+ for (i = 0; i < 4; ++i)
+ {
+ s->TxStatus[i] = TxHostOwns;
+ }
+
+ s->currTxDesc = 0;
+ s->currCPlusRxDesc = 0;
+ s->currCPlusTxDesc = 0;
+
+ s->RxRingAddrLO = 0;
+ s->RxRingAddrHI = 0;
+
+ s->RxBuf = 0;
+
+ rtl8139_reset_rxring(s, 8192);
+
+ /* ACK the reset */
+ s->TxConfig = 0;
+
+#if 0
+// s->TxConfig |= HW_REVID(1, 0, 0, 0, 0, 0, 0); // RTL-8139 HasHltClk
+ s->clock_enabled = 0;
+#else
+ s->TxConfig |= HW_REVID(1, 1, 1, 0, 1, 1, 0); // RTL-8139C+ HasLWake
+ s->clock_enabled = 1;
+#endif
+
+ s->bChipCmdState = CmdReset; /* RxBufEmpty bit is calculated on read from ChipCmd */;
+
+ /* set initial state data */
+ s->Config0 = 0x0; /* No boot ROM */
+ s->Config1 = 0xC; /* IO mapped and MEM mapped registers available */
+ s->Config3 = 0x1; /* fast back-to-back compatible */
+ s->Config5 = 0x0;
+
+ s->CSCR = CSCR_F_LINK_100 | CSCR_HEART_BIT | CSCR_LD;
+
+ s->CpCmd = 0x0; /* reset C+ mode */
+ s->cplus_enabled = 0;
+
+
+// s->BasicModeCtrl = 0x3100; // 100Mbps, full duplex, autonegotiation
+// s->BasicModeCtrl = 0x2100; // 100Mbps, full duplex
+ s->BasicModeCtrl = 0x1000; // autonegotiation
+
+ s->BasicModeStatus = 0x7809;
+ //s->BasicModeStatus |= 0x0040; /* UTP medium */
+ s->BasicModeStatus |= 0x0020; /* autonegotiation completed */
+ /* preserve link state */
+ s->BasicModeStatus |= qemu_get_queue(s->nic)->link_down ? 0 : 0x04;
+
+ s->NWayAdvert = 0x05e1; /* all modes, full duplex */
+ s->NWayLPAR = 0x05e1; /* all modes, full duplex */
+ s->NWayExpansion = 0x0001; /* autonegotiation supported */
+
+ /* also reset timer and disable timer interrupt */
+ s->TCTR = 0;
+ s->TimerInt = 0;
+ s->TCTR_base = 0;
+
+ /* reset tally counters */
+ RTL8139TallyCounters_clear(&s->tally_counters);
+}
+
+static void RTL8139TallyCounters_clear(RTL8139TallyCounters* counters)
+{
+ counters->TxOk = 0;
+ counters->RxOk = 0;
+ counters->TxERR = 0;
+ counters->RxERR = 0;
+ counters->MissPkt = 0;
+ counters->FAE = 0;
+ counters->Tx1Col = 0;
+ counters->TxMCol = 0;
+ counters->RxOkPhy = 0;
+ counters->RxOkBrd = 0;
+ counters->RxOkMul = 0;
+ counters->TxAbt = 0;
+ counters->TxUndrn = 0;
+}
+
+static void RTL8139TallyCounters_dma_write(RTL8139State *s, dma_addr_t tc_addr)
+{
+ PCIDevice *d = PCI_DEVICE(s);
+ RTL8139TallyCounters *tally_counters = &s->tally_counters;
+ uint16_t val16;
+ uint32_t val32;
+ uint64_t val64;
+
+ val64 = cpu_to_le64(tally_counters->TxOk);
+ pci_dma_write(d, tc_addr + 0, (uint8_t *)&val64, 8);
+
+ val64 = cpu_to_le64(tally_counters->RxOk);
+ pci_dma_write(d, tc_addr + 8, (uint8_t *)&val64, 8);
+
+ val64 = cpu_to_le64(tally_counters->TxERR);
+ pci_dma_write(d, tc_addr + 16, (uint8_t *)&val64, 8);
+
+ val32 = cpu_to_le32(tally_counters->RxERR);
+ pci_dma_write(d, tc_addr + 24, (uint8_t *)&val32, 4);
+
+ val16 = cpu_to_le16(tally_counters->MissPkt);
+ pci_dma_write(d, tc_addr + 28, (uint8_t *)&val16, 2);
+
+ val16 = cpu_to_le16(tally_counters->FAE);
+ pci_dma_write(d, tc_addr + 30, (uint8_t *)&val16, 2);
+
+ val32 = cpu_to_le32(tally_counters->Tx1Col);
+ pci_dma_write(d, tc_addr + 32, (uint8_t *)&val32, 4);
+
+ val32 = cpu_to_le32(tally_counters->TxMCol);
+ pci_dma_write(d, tc_addr + 36, (uint8_t *)&val32, 4);
+
+ val64 = cpu_to_le64(tally_counters->RxOkPhy);
+ pci_dma_write(d, tc_addr + 40, (uint8_t *)&val64, 8);
+
+ val64 = cpu_to_le64(tally_counters->RxOkBrd);
+ pci_dma_write(d, tc_addr + 48, (uint8_t *)&val64, 8);
+
+ val32 = cpu_to_le32(tally_counters->RxOkMul);
+ pci_dma_write(d, tc_addr + 56, (uint8_t *)&val32, 4);
+
+ val16 = cpu_to_le16(tally_counters->TxAbt);
+ pci_dma_write(d, tc_addr + 60, (uint8_t *)&val16, 2);
+
+ val16 = cpu_to_le16(tally_counters->TxUndrn);
+ pci_dma_write(d, tc_addr + 62, (uint8_t *)&val16, 2);
+}
+
+/* Loads values of tally counters from VM state file */
+
+static const VMStateDescription vmstate_tally_counters = {
+ .name = "tally_counters",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .minimum_version_id_old = 1,
+ .fields = (VMStateField []) {
+ VMSTATE_UINT64(TxOk, RTL8139TallyCounters),
+ VMSTATE_UINT64(RxOk, RTL8139TallyCounters),
+ VMSTATE_UINT64(TxERR, RTL8139TallyCounters),
+ VMSTATE_UINT32(RxERR, RTL8139TallyCounters),
+ VMSTATE_UINT16(MissPkt, RTL8139TallyCounters),
+ VMSTATE_UINT16(FAE, RTL8139TallyCounters),
+ VMSTATE_UINT32(Tx1Col, RTL8139TallyCounters),
+ VMSTATE_UINT32(TxMCol, RTL8139TallyCounters),
+ VMSTATE_UINT64(RxOkPhy, RTL8139TallyCounters),
+ VMSTATE_UINT64(RxOkBrd, RTL8139TallyCounters),
+ VMSTATE_UINT16(TxAbt, RTL8139TallyCounters),
+ VMSTATE_UINT16(TxUndrn, RTL8139TallyCounters),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+static void rtl8139_ChipCmd_write(RTL8139State *s, uint32_t val)
+{
+ DeviceState *d = DEVICE(s);
+
+ val &= 0xff;
+
+ DPRINTF("ChipCmd write val=0x%08x\n", val);
+
+ if (val & CmdReset)
+ {
+ DPRINTF("ChipCmd reset\n");
+ rtl8139_reset(d);
+ }
+ if (val & CmdRxEnb)
+ {
+ DPRINTF("ChipCmd enable receiver\n");
+
+ s->currCPlusRxDesc = 0;
+ }
+ if (val & CmdTxEnb)
+ {
+ DPRINTF("ChipCmd enable transmitter\n");
+
+ s->currCPlusTxDesc = 0;
+ }
+
+ /* mask unwritable bits */
+ val = SET_MASKED(val, 0xe3, s->bChipCmdState);
+
+ /* Deassert reset pin before next read */
+ val &= ~CmdReset;
+
+ s->bChipCmdState = val;
+}
+
+static int rtl8139_RxBufferEmpty(RTL8139State *s)
+{
+ int unread = MOD2(s->RxBufferSize + s->RxBufAddr - s->RxBufPtr, s->RxBufferSize);
+
+ if (unread != 0)
+ {
+ DPRINTF("receiver buffer data available 0x%04x\n", unread);
+ return 0;
+ }
+
+ DPRINTF("receiver buffer is empty\n");
+
+ return 1;
+}
+
+static uint32_t rtl8139_ChipCmd_read(RTL8139State *s)
+{
+ uint32_t ret = s->bChipCmdState;
+
+ if (rtl8139_RxBufferEmpty(s))
+ ret |= RxBufEmpty;
+
+ DPRINTF("ChipCmd read val=0x%04x\n", ret);
+
+ return ret;
+}
+
+static void rtl8139_CpCmd_write(RTL8139State *s, uint32_t val)
+{
+ val &= 0xffff;
+
+ DPRINTF("C+ command register write(w) val=0x%04x\n", val);
+
+ s->cplus_enabled = 1;
+
+ /* mask unwritable bits */
+ val = SET_MASKED(val, 0xff84, s->CpCmd);
+
+ s->CpCmd = val;
+}
+
+static uint32_t rtl8139_CpCmd_read(RTL8139State *s)
+{
+ uint32_t ret = s->CpCmd;
+
+ DPRINTF("C+ command register read(w) val=0x%04x\n", ret);
+
+ return ret;
+}
+
+static void rtl8139_IntrMitigate_write(RTL8139State *s, uint32_t val)
+{
+ DPRINTF("C+ IntrMitigate register write(w) val=0x%04x\n", val);
+}
+
+static uint32_t rtl8139_IntrMitigate_read(RTL8139State *s)
+{
+ uint32_t ret = 0;
+
+ DPRINTF("C+ IntrMitigate register read(w) val=0x%04x\n", ret);
+
+ return ret;
+}
+
+static int rtl8139_config_writable(RTL8139State *s)
+{
+ if ((s->Cfg9346 & Chip9346_op_mask) == Cfg9346_ConfigWrite)
+ {
+ return 1;
+ }
+
+ DPRINTF("Configuration registers are write-protected\n");
+
+ return 0;
+}
+
+static void rtl8139_BasicModeCtrl_write(RTL8139State *s, uint32_t val)
+{
+ val &= 0xffff;
+
+ DPRINTF("BasicModeCtrl register write(w) val=0x%04x\n", val);
+
+ /* mask unwritable bits */
+ uint32_t mask = 0x4cff;
+
+ if (1 || !rtl8139_config_writable(s))
+ {
+ /* Speed setting and autonegotiation enable bits are read-only */
+ mask |= 0x3000;
+ /* Duplex mode setting is read-only */
+ mask |= 0x0100;
+ }
+
+ val = SET_MASKED(val, mask, s->BasicModeCtrl);
+
+ s->BasicModeCtrl = val;
+}
+
+static uint32_t rtl8139_BasicModeCtrl_read(RTL8139State *s)
+{
+ uint32_t ret = s->BasicModeCtrl;
+
+ DPRINTF("BasicModeCtrl register read(w) val=0x%04x\n", ret);
+
+ return ret;
+}
+
+static void rtl8139_BasicModeStatus_write(RTL8139State *s, uint32_t val)
+{
+ val &= 0xffff;
+
+ DPRINTF("BasicModeStatus register write(w) val=0x%04x\n", val);
+
+ /* mask unwritable bits */
+ val = SET_MASKED(val, 0xff3f, s->BasicModeStatus);
+
+ s->BasicModeStatus = val;
+}
+
+static uint32_t rtl8139_BasicModeStatus_read(RTL8139State *s)
+{
+ uint32_t ret = s->BasicModeStatus;
+
+ DPRINTF("BasicModeStatus register read(w) val=0x%04x\n", ret);
+
+ return ret;
+}
+
+static void rtl8139_Cfg9346_write(RTL8139State *s, uint32_t val)
+{
+ DeviceState *d = DEVICE(s);
+
+ val &= 0xff;
+
+ DPRINTF("Cfg9346 write val=0x%02x\n", val);
+
+ /* mask unwritable bits */
+ val = SET_MASKED(val, 0x31, s->Cfg9346);
+
+ uint32_t opmode = val & 0xc0;
+ uint32_t eeprom_val = val & 0xf;
+
+ if (opmode == 0x80) {
+ /* eeprom access */
+ int eecs = (eeprom_val & 0x08)?1:0;
+ int eesk = (eeprom_val & 0x04)?1:0;
+ int eedi = (eeprom_val & 0x02)?1:0;
+ prom9346_set_wire(s, eecs, eesk, eedi);
+ } else if (opmode == 0x40) {
+ /* Reset. */
+ val = 0;
+ rtl8139_reset(d);
+ }
+
+ s->Cfg9346 = val;
+}
+
+static uint32_t rtl8139_Cfg9346_read(RTL8139State *s)
+{
+ uint32_t ret = s->Cfg9346;
+
+ uint32_t opmode = ret & 0xc0;
+
+ if (opmode == 0x80)
+ {
+ /* eeprom access */
+ int eedo = prom9346_get_wire(s);
+ if (eedo)
+ {
+ ret |= 0x01;
+ }
+ else
+ {
+ ret &= ~0x01;
+ }
+ }
+
+ DPRINTF("Cfg9346 read val=0x%02x\n", ret);
+
+ return ret;
+}
+
+static void rtl8139_Config0_write(RTL8139State *s, uint32_t val)
+{
+ val &= 0xff;
+
+ DPRINTF("Config0 write val=0x%02x\n", val);
+
+ if (!rtl8139_config_writable(s)) {
+ return;
+ }
+
+ /* mask unwritable bits */
+ val = SET_MASKED(val, 0xf8, s->Config0);
+
+ s->Config0 = val;
+}
+
+static uint32_t rtl8139_Config0_read(RTL8139State *s)
+{
+ uint32_t ret = s->Config0;
+
+ DPRINTF("Config0 read val=0x%02x\n", ret);
+
+ return ret;
+}
+
+static void rtl8139_Config1_write(RTL8139State *s, uint32_t val)
+{
+ val &= 0xff;
+
+ DPRINTF("Config1 write val=0x%02x\n", val);
+
+ if (!rtl8139_config_writable(s)) {
+ return;
+ }
+
+ /* mask unwritable bits */
+ val = SET_MASKED(val, 0xC, s->Config1);
+
+ s->Config1 = val;
+}
+
+static uint32_t rtl8139_Config1_read(RTL8139State *s)
+{
+ uint32_t ret = s->Config1;
+
+ DPRINTF("Config1 read val=0x%02x\n", ret);
+
+ return ret;
+}
+
+static void rtl8139_Config3_write(RTL8139State *s, uint32_t val)
+{
+ val &= 0xff;
+
+ DPRINTF("Config3 write val=0x%02x\n", val);
+
+ if (!rtl8139_config_writable(s)) {
+ return;
+ }
+
+ /* mask unwritable bits */
+ val = SET_MASKED(val, 0x8F, s->Config3);
+
+ s->Config3 = val;
+}
+
+static uint32_t rtl8139_Config3_read(RTL8139State *s)
+{
+ uint32_t ret = s->Config3;
+
+ DPRINTF("Config3 read val=0x%02x\n", ret);
+
+ return ret;
+}
+
+static void rtl8139_Config4_write(RTL8139State *s, uint32_t val)
+{
+ val &= 0xff;
+
+ DPRINTF("Config4 write val=0x%02x\n", val);
+
+ if (!rtl8139_config_writable(s)) {
+ return;
+ }
+
+ /* mask unwritable bits */
+ val = SET_MASKED(val, 0x0a, s->Config4);
+
+ s->Config4 = val;
+}
+
+static uint32_t rtl8139_Config4_read(RTL8139State *s)
+{
+ uint32_t ret = s->Config4;
+
+ DPRINTF("Config4 read val=0x%02x\n", ret);
+
+ return ret;
+}
+
+static void rtl8139_Config5_write(RTL8139State *s, uint32_t val)
+{
+ val &= 0xff;
+
+ DPRINTF("Config5 write val=0x%02x\n", val);
+
+ /* mask unwritable bits */
+ val = SET_MASKED(val, 0x80, s->Config5);
+
+ s->Config5 = val;
+}
+
+static uint32_t rtl8139_Config5_read(RTL8139State *s)
+{
+ uint32_t ret = s->Config5;
+
+ DPRINTF("Config5 read val=0x%02x\n", ret);
+
+ return ret;
+}
+
+static void rtl8139_TxConfig_write(RTL8139State *s, uint32_t val)
+{
+ if (!rtl8139_transmitter_enabled(s))
+ {
+ DPRINTF("transmitter disabled; no TxConfig write val=0x%08x\n", val);
+ return;
+ }
+
+ DPRINTF("TxConfig write val=0x%08x\n", val);
+
+ val = SET_MASKED(val, TxVersionMask | 0x8070f80f, s->TxConfig);
+
+ s->TxConfig = val;
+}
+
+static void rtl8139_TxConfig_writeb(RTL8139State *s, uint32_t val)
+{
+ DPRINTF("RTL8139C TxConfig via write(b) val=0x%02x\n", val);
+
+ uint32_t tc = s->TxConfig;
+ tc &= 0xFFFFFF00;
+ tc |= (val & 0x000000FF);
+ rtl8139_TxConfig_write(s, tc);
+}
+
+static uint32_t rtl8139_TxConfig_read(RTL8139State *s)
+{
+ uint32_t ret = s->TxConfig;
+
+ DPRINTF("TxConfig read val=0x%04x\n", ret);
+
+ return ret;
+}
+
+static void rtl8139_RxConfig_write(RTL8139State *s, uint32_t val)
+{
+ DPRINTF("RxConfig write val=0x%08x\n", val);
+
+ /* mask unwritable bits */
+ val = SET_MASKED(val, 0xf0fc0040, s->RxConfig);
+
+ s->RxConfig = val;
+
+ /* reset buffer size and read/write pointers */
+ rtl8139_reset_rxring(s, 8192 << ((s->RxConfig >> 11) & 0x3));
+
+ DPRINTF("RxConfig write reset buffer size to %d\n", s->RxBufferSize);
+}
+
+static uint32_t rtl8139_RxConfig_read(RTL8139State *s)
+{
+ uint32_t ret = s->RxConfig;
+
+ DPRINTF("RxConfig read val=0x%08x\n", ret);
+
+ return ret;
+}
+
+static void rtl8139_transfer_frame(RTL8139State *s, uint8_t *buf, int size,
+ int do_interrupt, const uint8_t *dot1q_buf)
+{
+ struct iovec *iov = NULL;
+
+ if (!size)
+ {
+ DPRINTF("+++ empty ethernet frame\n");
+ return;
+ }
+
+ if (dot1q_buf && size >= ETHER_ADDR_LEN * 2) {
+ iov = (struct iovec[3]) {
+ { .iov_base = buf, .iov_len = ETHER_ADDR_LEN * 2 },
+ { .iov_base = (void *) dot1q_buf, .iov_len = VLAN_HLEN },
+ { .iov_base = buf + ETHER_ADDR_LEN * 2,
+ .iov_len = size - ETHER_ADDR_LEN * 2 },
+ };
+ }
+
+ if (TxLoopBack == (s->TxConfig & TxLoopBack))
+ {
+ size_t buf2_size;
+ uint8_t *buf2;
+
+ if (iov) {
+ buf2_size = iov_size(iov, 3);
+ buf2 = g_malloc(buf2_size);
+ iov_to_buf(iov, 3, 0, buf2, buf2_size);
+ buf = buf2;
+ }
+
+ DPRINTF("+++ transmit loopback mode\n");
+ rtl8139_do_receive(qemu_get_queue(s->nic), buf, size, do_interrupt);
+
+ if (iov) {
+ g_free(buf2);
+ }
+ }
+ else
+ {
+ if (iov) {
+ qemu_sendv_packet(qemu_get_queue(s->nic), iov, 3);
+ } else {
+ qemu_send_packet(qemu_get_queue(s->nic), buf, size);
+ }
+ }
+}
+
+static int rtl8139_transmit_one(RTL8139State *s, int descriptor)
+{
+ if (!rtl8139_transmitter_enabled(s))
+ {
+ DPRINTF("+++ cannot transmit from descriptor %d: transmitter "
+ "disabled\n", descriptor);
+ return 0;
+ }
+
+ if (s->TxStatus[descriptor] & TxHostOwns)
+ {
+ DPRINTF("+++ cannot transmit from descriptor %d: owned by host "
+ "(%08x)\n", descriptor, s->TxStatus[descriptor]);
+ return 0;
+ }
+
+ DPRINTF("+++ transmitting from descriptor %d\n", descriptor);
+
+ PCIDevice *d = PCI_DEVICE(s);
+ int txsize = s->TxStatus[descriptor] & 0x1fff;
+ uint8_t txbuffer[0x2000];
+
+ DPRINTF("+++ transmit reading %d bytes from host memory at 0x%08x\n",
+ txsize, s->TxAddr[descriptor]);
+
+ pci_dma_read(d, s->TxAddr[descriptor], txbuffer, txsize);
+
+ /* Mark descriptor as transferred */
+ s->TxStatus[descriptor] |= TxHostOwns;
+ s->TxStatus[descriptor] |= TxStatOK;
+
+ rtl8139_transfer_frame(s, txbuffer, txsize, 0, NULL);
+
+ DPRINTF("+++ transmitted %d bytes from descriptor %d\n", txsize,
+ descriptor);
+
+ /* update interrupt */
+ s->IntrStatus |= TxOK;
+ rtl8139_update_irq(s);
+
+ return 1;
+}
+
+/* structures and macros for task offloading */
+typedef struct ip_header
+{
+ uint8_t ip_ver_len; /* version and header length */
+ uint8_t ip_tos; /* type of service */
+ uint16_t ip_len; /* total length */
+ uint16_t ip_id; /* identification */
+ uint16_t ip_off; /* fragment offset field */
+ uint8_t ip_ttl; /* time to live */
+ uint8_t ip_p; /* protocol */
+ uint16_t ip_sum; /* checksum */
+ uint32_t ip_src,ip_dst; /* source and dest address */
+} ip_header;
+
+#define IP_HEADER_VERSION_4 4
+#define IP_HEADER_VERSION(ip) ((ip->ip_ver_len >> 4)&0xf)
+#define IP_HEADER_LENGTH(ip) (((ip->ip_ver_len)&0xf) << 2)
+
+typedef struct tcp_header
+{
+ uint16_t th_sport; /* source port */
+ uint16_t th_dport; /* destination port */
+ uint32_t th_seq; /* sequence number */
+ uint32_t th_ack; /* acknowledgement number */
+ uint16_t th_offset_flags; /* data offset, reserved 6 bits, TCP protocol flags */
+ uint16_t th_win; /* window */
+ uint16_t th_sum; /* checksum */
+ uint16_t th_urp; /* urgent pointer */
+} tcp_header;
+
+typedef struct udp_header
+{
+ uint16_t uh_sport; /* source port */
+ uint16_t uh_dport; /* destination port */
+ uint16_t uh_ulen; /* udp length */
+ uint16_t uh_sum; /* udp checksum */
+} udp_header;
+
+typedef struct ip_pseudo_header
+{
+ uint32_t ip_src;
+ uint32_t ip_dst;
+ uint8_t zeros;
+ uint8_t ip_proto;
+ uint16_t ip_payload;
+} ip_pseudo_header;
+
+#define IP_PROTO_TCP 6
+#define IP_PROTO_UDP 17
+
+#define TCP_HEADER_DATA_OFFSET(tcp) (((be16_to_cpu(tcp->th_offset_flags) >> 12)&0xf) << 2)
+#define TCP_FLAGS_ONLY(flags) ((flags)&0x3f)
+#define TCP_HEADER_FLAGS(tcp) TCP_FLAGS_ONLY(be16_to_cpu(tcp->th_offset_flags))
+
+#define TCP_HEADER_CLEAR_FLAGS(tcp, off) ((tcp)->th_offset_flags &= cpu_to_be16(~TCP_FLAGS_ONLY(off)))
+
+#define TCP_FLAG_FIN 0x01
+#define TCP_FLAG_PUSH 0x08
+
+/* produces ones' complement sum of data */
+static uint16_t ones_complement_sum(uint8_t *data, size_t len)
+{
+ uint32_t result = 0;
+
+ for (; len > 1; data+=2, len-=2)
+ {
+ result += *(uint16_t*)data;
+ }
+
+ /* add the remainder byte */
+ if (len)
+ {
+ uint8_t odd[2] = {*data, 0};
+ result += *(uint16_t*)odd;
+ }
+
+ while (result>>16)
+ result = (result & 0xffff) + (result >> 16);
+
+ return result;
+}
+
+static uint16_t ip_checksum(void *data, size_t len)
+{
+ return ~ones_complement_sum((uint8_t*)data, len);
+}
+
+static int rtl8139_cplus_transmit_one(RTL8139State *s)
+{
+ if (!rtl8139_transmitter_enabled(s))
+ {
+ DPRINTF("+++ C+ mode: transmitter disabled\n");
+ return 0;
+ }
+
+ if (!rtl8139_cp_transmitter_enabled(s))
+ {
+ DPRINTF("+++ C+ mode: C+ transmitter disabled\n");
+ return 0 ;
+ }
+
+ PCIDevice *d = PCI_DEVICE(s);
+ int descriptor = s->currCPlusTxDesc;
+
+ dma_addr_t cplus_tx_ring_desc = rtl8139_addr64(s->TxAddr[0], s->TxAddr[1]);
+
+ /* Normal priority ring */
+ cplus_tx_ring_desc += 16 * descriptor;
+
+ DPRINTF("+++ C+ mode reading TX descriptor %d from host memory at "
+ "%08x %08x = 0x"DMA_ADDR_FMT"\n", descriptor, s->TxAddr[1],
+ s->TxAddr[0], cplus_tx_ring_desc);
+
+ uint32_t val, txdw0,txdw1,txbufLO,txbufHI;
+
+ pci_dma_read(d, cplus_tx_ring_desc, (uint8_t *)&val, 4);
+ txdw0 = le32_to_cpu(val);
+ pci_dma_read(d, cplus_tx_ring_desc+4, (uint8_t *)&val, 4);
+ txdw1 = le32_to_cpu(val);
+ pci_dma_read(d, cplus_tx_ring_desc+8, (uint8_t *)&val, 4);
+ txbufLO = le32_to_cpu(val);
+ pci_dma_read(d, cplus_tx_ring_desc+12, (uint8_t *)&val, 4);
+ txbufHI = le32_to_cpu(val);
+
+ DPRINTF("+++ C+ mode TX descriptor %d %08x %08x %08x %08x\n", descriptor,
+ txdw0, txdw1, txbufLO, txbufHI);
+
+/* w0 ownership flag */
+#define CP_TX_OWN (1<<31)
+/* w0 end of ring flag */
+#define CP_TX_EOR (1<<30)
+/* first segment of received packet flag */
+#define CP_TX_FS (1<<29)
+/* last segment of received packet flag */
+#define CP_TX_LS (1<<28)
+/* large send packet flag */
+#define CP_TX_LGSEN (1<<27)
+/* large send MSS mask, bits 16...25 */
+#define CP_TC_LGSEN_MSS_MASK ((1 << 12) - 1)
+
+/* IP checksum offload flag */
+#define CP_TX_IPCS (1<<18)
+/* UDP checksum offload flag */
+#define CP_TX_UDPCS (1<<17)
+/* TCP checksum offload flag */
+#define CP_TX_TCPCS (1<<16)
+
+/* w0 bits 0...15 : buffer size */
+#define CP_TX_BUFFER_SIZE (1<<16)
+#define CP_TX_BUFFER_SIZE_MASK (CP_TX_BUFFER_SIZE - 1)
+/* w1 add tag flag */
+#define CP_TX_TAGC (1<<17)
+/* w1 bits 0...15 : VLAN tag (big endian) */
+#define CP_TX_VLAN_TAG_MASK ((1<<16) - 1)
+/* w2 low 32bit of Rx buffer ptr */
+/* w3 high 32bit of Rx buffer ptr */
+
+/* set after transmission */
+/* FIFO underrun flag */
+#define CP_TX_STATUS_UNF (1<<25)
+/* transmit error summary flag, valid if set any of three below */
+#define CP_TX_STATUS_TES (1<<23)
+/* out-of-window collision flag */
+#define CP_TX_STATUS_OWC (1<<22)
+/* link failure flag */
+#define CP_TX_STATUS_LNKF (1<<21)
+/* excessive collisions flag */
+#define CP_TX_STATUS_EXC (1<<20)
+
+ if (!(txdw0 & CP_TX_OWN))
+ {
+ DPRINTF("C+ Tx mode : descriptor %d is owned by host\n", descriptor);
+ return 0 ;
+ }
+
+ DPRINTF("+++ C+ Tx mode : transmitting from descriptor %d\n", descriptor);
+
+ if (txdw0 & CP_TX_FS)
+ {
+ DPRINTF("+++ C+ Tx mode : descriptor %d is first segment "
+ "descriptor\n", descriptor);
+
+ /* reset internal buffer offset */
+ s->cplus_txbuffer_offset = 0;
+ }
+
+ int txsize = txdw0 & CP_TX_BUFFER_SIZE_MASK;
+ dma_addr_t tx_addr = rtl8139_addr64(txbufLO, txbufHI);
+
+ /* make sure we have enough space to assemble the packet */
+ if (!s->cplus_txbuffer)
+ {
+ s->cplus_txbuffer_len = CP_TX_BUFFER_SIZE;
+ s->cplus_txbuffer = g_malloc(s->cplus_txbuffer_len);
+ s->cplus_txbuffer_offset = 0;
+
+ DPRINTF("+++ C+ mode transmission buffer allocated space %d\n",
+ s->cplus_txbuffer_len);
+ }
+
+ if (s->cplus_txbuffer_offset + txsize >= s->cplus_txbuffer_len)
+ {
+ /* The spec didn't tell the maximum size, stick to CP_TX_BUFFER_SIZE */
+ txsize = s->cplus_txbuffer_len - s->cplus_txbuffer_offset;
+ DPRINTF("+++ C+ mode transmission buffer overrun, truncated descriptor"
+ "length to %d\n", txsize);
+ }
+
+ if (!s->cplus_txbuffer)
+ {
+ /* out of memory */
+
+ DPRINTF("+++ C+ mode transmiter failed to reallocate %d bytes\n",
+ s->cplus_txbuffer_len);
+
+ /* update tally counter */
+ ++s->tally_counters.TxERR;
+ ++s->tally_counters.TxAbt;
+
+ return 0;
+ }
+
+ /* append more data to the packet */
+
+ DPRINTF("+++ C+ mode transmit reading %d bytes from host memory at "
+ DMA_ADDR_FMT" to offset %d\n", txsize, tx_addr,
+ s->cplus_txbuffer_offset);
+
+ pci_dma_read(d, tx_addr,
+ s->cplus_txbuffer + s->cplus_txbuffer_offset, txsize);
+ s->cplus_txbuffer_offset += txsize;
+
+ /* seek to next Rx descriptor */
+ if (txdw0 & CP_TX_EOR)
+ {
+ s->currCPlusTxDesc = 0;
+ }
+ else
+ {
+ ++s->currCPlusTxDesc;
+ if (s->currCPlusTxDesc >= 64)
+ s->currCPlusTxDesc = 0;
+ }
+
+ /* transfer ownership to target */
+ txdw0 &= ~CP_RX_OWN;
+
+ /* reset error indicator bits */
+ txdw0 &= ~CP_TX_STATUS_UNF;
+ txdw0 &= ~CP_TX_STATUS_TES;
+ txdw0 &= ~CP_TX_STATUS_OWC;
+ txdw0 &= ~CP_TX_STATUS_LNKF;
+ txdw0 &= ~CP_TX_STATUS_EXC;
+
+ /* update ring data */
+ val = cpu_to_le32(txdw0);
+ pci_dma_write(d, cplus_tx_ring_desc, (uint8_t *)&val, 4);
+
+ /* Now decide if descriptor being processed is holding the last segment of packet */
+ if (txdw0 & CP_TX_LS)
+ {
+ uint8_t dot1q_buffer_space[VLAN_HLEN];
+ uint16_t *dot1q_buffer;
+
+ DPRINTF("+++ C+ Tx mode : descriptor %d is last segment descriptor\n",
+ descriptor);
+
+ /* can transfer fully assembled packet */
+
+ uint8_t *saved_buffer = s->cplus_txbuffer;
+ int saved_size = s->cplus_txbuffer_offset;
+ int saved_buffer_len = s->cplus_txbuffer_len;
+
+ /* create vlan tag */
+ if (txdw1 & CP_TX_TAGC) {
+ /* the vlan tag is in BE byte order in the descriptor
+ * BE + le_to_cpu() + ~swap()~ = cpu */
+ DPRINTF("+++ C+ Tx mode : inserting vlan tag with ""tci: %u\n",
+ bswap16(txdw1 & CP_TX_VLAN_TAG_MASK));
+
+ dot1q_buffer = (uint16_t *) dot1q_buffer_space;
+ dot1q_buffer[0] = cpu_to_be16(ETH_P_8021Q);
+ /* BE + le_to_cpu() + ~cpu_to_le()~ = BE */
+ dot1q_buffer[1] = cpu_to_le16(txdw1 & CP_TX_VLAN_TAG_MASK);
+ } else {
+ dot1q_buffer = NULL;
+ }
+
+ /* reset the card space to protect from recursive call */
+ s->cplus_txbuffer = NULL;
+ s->cplus_txbuffer_offset = 0;
+ s->cplus_txbuffer_len = 0;
+
+ if (txdw0 & (CP_TX_IPCS | CP_TX_UDPCS | CP_TX_TCPCS | CP_TX_LGSEN))
+ {
+ DPRINTF("+++ C+ mode offloaded task checksum\n");
+
+ /* ip packet header */
+ ip_header *ip = NULL;
+ int hlen = 0;
+ uint8_t ip_protocol = 0;
+ uint16_t ip_data_len = 0;
+
+ uint8_t *eth_payload_data = NULL;
+ size_t eth_payload_len = 0;
+
+ int proto = be16_to_cpu(*(uint16_t *)(saved_buffer + 12));
+ if (proto == ETH_P_IP)
+ {
+ DPRINTF("+++ C+ mode has IP packet\n");
+
+ /* not aligned */
+ eth_payload_data = saved_buffer + ETH_HLEN;
+ eth_payload_len = saved_size - ETH_HLEN;
+
+ ip = (ip_header*)eth_payload_data;
+
+ if (IP_HEADER_VERSION(ip) != IP_HEADER_VERSION_4) {
+ DPRINTF("+++ C+ mode packet has bad IP version %d "
+ "expected %d\n", IP_HEADER_VERSION(ip),
+ IP_HEADER_VERSION_4);
+ ip = NULL;
+ } else {
+ hlen = IP_HEADER_LENGTH(ip);
+ ip_protocol = ip->ip_p;
+ ip_data_len = be16_to_cpu(ip->ip_len) - hlen;
+ }
+ }
+
+ if (ip)
+ {
+ if (txdw0 & CP_TX_IPCS)
+ {
+ DPRINTF("+++ C+ mode need IP checksum\n");
+
+ if (hlen<sizeof(ip_header) || hlen>eth_payload_len) {/* min header length */
+ /* bad packet header len */
+ /* or packet too short */
+ }
+ else
+ {
+ ip->ip_sum = 0;
+ ip->ip_sum = ip_checksum(ip, hlen);
+ DPRINTF("+++ C+ mode IP header len=%d checksum=%04x\n",
+ hlen, ip->ip_sum);
+ }
+ }
+
+ if ((txdw0 & CP_TX_LGSEN) && ip_protocol == IP_PROTO_TCP)
+ {
+ int large_send_mss = (txdw0 >> 16) & CP_TC_LGSEN_MSS_MASK;
+
+ DPRINTF("+++ C+ mode offloaded task TSO MTU=%d IP data %d "
+ "frame data %d specified MSS=%d\n", ETH_MTU,
+ ip_data_len, saved_size - ETH_HLEN, large_send_mss);
+
+ int tcp_send_offset = 0;
+ int send_count = 0;
+
+ /* maximum IP header length is 60 bytes */
+ uint8_t saved_ip_header[60];
+
+ /* save IP header template; data area is used in tcp checksum calculation */
+ memcpy(saved_ip_header, eth_payload_data, hlen);
+
+ /* a placeholder for checksum calculation routine in tcp case */
+ uint8_t *data_to_checksum = eth_payload_data + hlen - 12;
+ // size_t data_to_checksum_len = eth_payload_len - hlen + 12;
+
+ /* pointer to TCP header */
+ tcp_header *p_tcp_hdr = (tcp_header*)(eth_payload_data + hlen);
+
+ int tcp_hlen = TCP_HEADER_DATA_OFFSET(p_tcp_hdr);
+
+ /* ETH_MTU = ip header len + tcp header len + payload */
+ int tcp_data_len = ip_data_len - tcp_hlen;
+ int tcp_chunk_size = ETH_MTU - hlen - tcp_hlen;
+
+ DPRINTF("+++ C+ mode TSO IP data len %d TCP hlen %d TCP "
+ "data len %d TCP chunk size %d\n", ip_data_len,
+ tcp_hlen, tcp_data_len, tcp_chunk_size);
+
+ /* note the cycle below overwrites IP header data,
+ but restores it from saved_ip_header before sending packet */
+
+ int is_last_frame = 0;
+
+ for (tcp_send_offset = 0; tcp_send_offset < tcp_data_len; tcp_send_offset += tcp_chunk_size)
+ {
+ uint16_t chunk_size = tcp_chunk_size;
+
+ /* check if this is the last frame */
+ if (tcp_send_offset + tcp_chunk_size >= tcp_data_len)
+ {
+ is_last_frame = 1;
+ chunk_size = tcp_data_len - tcp_send_offset;
+ }
+
+ DPRINTF("+++ C+ mode TSO TCP seqno %08x\n",
+ be32_to_cpu(p_tcp_hdr->th_seq));
+
+ /* add 4 TCP pseudoheader fields */
+ /* copy IP source and destination fields */
+ memcpy(data_to_checksum, saved_ip_header + 12, 8);
+
+ DPRINTF("+++ C+ mode TSO calculating TCP checksum for "
+ "packet with %d bytes data\n", tcp_hlen +
+ chunk_size);
+
+ if (tcp_send_offset)
+ {
+ memcpy((uint8_t*)p_tcp_hdr + tcp_hlen, (uint8_t*)p_tcp_hdr + tcp_hlen + tcp_send_offset, chunk_size);
+ }
+
+ /* keep PUSH and FIN flags only for the last frame */
+ if (!is_last_frame)
+ {
+ TCP_HEADER_CLEAR_FLAGS(p_tcp_hdr, TCP_FLAG_PUSH|TCP_FLAG_FIN);
+ }
+
+ /* recalculate TCP checksum */
+ ip_pseudo_header *p_tcpip_hdr = (ip_pseudo_header *)data_to_checksum;
+ p_tcpip_hdr->zeros = 0;
+ p_tcpip_hdr->ip_proto = IP_PROTO_TCP;
+ p_tcpip_hdr->ip_payload = cpu_to_be16(tcp_hlen + chunk_size);
+
+ p_tcp_hdr->th_sum = 0;
+
+ int tcp_checksum = ip_checksum(data_to_checksum, tcp_hlen + chunk_size + 12);
+ DPRINTF("+++ C+ mode TSO TCP checksum %04x\n",
+ tcp_checksum);
+
+ p_tcp_hdr->th_sum = tcp_checksum;
+
+ /* restore IP header */
+ memcpy(eth_payload_data, saved_ip_header, hlen);
+
+ /* set IP data length and recalculate IP checksum */
+ ip->ip_len = cpu_to_be16(hlen + tcp_hlen + chunk_size);
+
+ /* increment IP id for subsequent frames */
+ ip->ip_id = cpu_to_be16(tcp_send_offset/tcp_chunk_size + be16_to_cpu(ip->ip_id));
+
+ ip->ip_sum = 0;
+ ip->ip_sum = ip_checksum(eth_payload_data, hlen);
+ DPRINTF("+++ C+ mode TSO IP header len=%d "
+ "checksum=%04x\n", hlen, ip->ip_sum);
+
+ int tso_send_size = ETH_HLEN + hlen + tcp_hlen + chunk_size;
+ DPRINTF("+++ C+ mode TSO transferring packet size "
+ "%d\n", tso_send_size);
+ rtl8139_transfer_frame(s, saved_buffer, tso_send_size,
+ 0, (uint8_t *) dot1q_buffer);
+
+ /* add transferred count to TCP sequence number */
+ p_tcp_hdr->th_seq = cpu_to_be32(chunk_size + be32_to_cpu(p_tcp_hdr->th_seq));
+ ++send_count;
+ }
+
+ /* Stop sending this frame */
+ saved_size = 0;
+ }
+ else if (txdw0 & (CP_TX_TCPCS|CP_TX_UDPCS))
+ {
+ DPRINTF("+++ C+ mode need TCP or UDP checksum\n");
+
+ /* maximum IP header length is 60 bytes */
+ uint8_t saved_ip_header[60];
+ memcpy(saved_ip_header, eth_payload_data, hlen);
+
+ uint8_t *data_to_checksum = eth_payload_data + hlen - 12;
+ // size_t data_to_checksum_len = eth_payload_len - hlen + 12;
+
+ /* add 4 TCP pseudoheader fields */
+ /* copy IP source and destination fields */
+ memcpy(data_to_checksum, saved_ip_header + 12, 8);
+
+ if ((txdw0 & CP_TX_TCPCS) && ip_protocol == IP_PROTO_TCP)
+ {
+ DPRINTF("+++ C+ mode calculating TCP checksum for "
+ "packet with %d bytes data\n", ip_data_len);
+
+ ip_pseudo_header *p_tcpip_hdr = (ip_pseudo_header *)data_to_checksum;
+ p_tcpip_hdr->zeros = 0;
+ p_tcpip_hdr->ip_proto = IP_PROTO_TCP;
+ p_tcpip_hdr->ip_payload = cpu_to_be16(ip_data_len);
+
+ tcp_header* p_tcp_hdr = (tcp_header *) (data_to_checksum+12);
+
+ p_tcp_hdr->th_sum = 0;
+
+ int tcp_checksum = ip_checksum(data_to_checksum, ip_data_len + 12);
+ DPRINTF("+++ C+ mode TCP checksum %04x\n",
+ tcp_checksum);
+
+ p_tcp_hdr->th_sum = tcp_checksum;
+ }
+ else if ((txdw0 & CP_TX_UDPCS) && ip_protocol == IP_PROTO_UDP)
+ {
+ DPRINTF("+++ C+ mode calculating UDP checksum for "
+ "packet with %d bytes data\n", ip_data_len);
+
+ ip_pseudo_header *p_udpip_hdr = (ip_pseudo_header *)data_to_checksum;
+ p_udpip_hdr->zeros = 0;
+ p_udpip_hdr->ip_proto = IP_PROTO_UDP;
+ p_udpip_hdr->ip_payload = cpu_to_be16(ip_data_len);
+
+ udp_header *p_udp_hdr = (udp_header *) (data_to_checksum+12);
+
+ p_udp_hdr->uh_sum = 0;
+
+ int udp_checksum = ip_checksum(data_to_checksum, ip_data_len + 12);
+ DPRINTF("+++ C+ mode UDP checksum %04x\n",
+ udp_checksum);
+
+ p_udp_hdr->uh_sum = udp_checksum;
+ }
+
+ /* restore IP header */
+ memcpy(eth_payload_data, saved_ip_header, hlen);
+ }
+ }
+ }
+
+ /* update tally counter */
+ ++s->tally_counters.TxOk;
+
+ DPRINTF("+++ C+ mode transmitting %d bytes packet\n", saved_size);
+
+ rtl8139_transfer_frame(s, saved_buffer, saved_size, 1,
+ (uint8_t *) dot1q_buffer);
+
+ /* restore card space if there was no recursion and reset offset */
+ if (!s->cplus_txbuffer)
+ {
+ s->cplus_txbuffer = saved_buffer;
+ s->cplus_txbuffer_len = saved_buffer_len;
+ s->cplus_txbuffer_offset = 0;
+ }
+ else
+ {
+ g_free(saved_buffer);
+ }
+ }
+ else
+ {
+ DPRINTF("+++ C+ mode transmission continue to next descriptor\n");
+ }
+
+ return 1;
+}
+
+static void rtl8139_cplus_transmit(RTL8139State *s)
+{
+ int txcount = 0;
+
+ while (rtl8139_cplus_transmit_one(s))
+ {
+ ++txcount;
+ }
+
+ /* Mark transfer completed */
+ if (!txcount)
+ {
+ DPRINTF("C+ mode : transmitter queue stalled, current TxDesc = %d\n",
+ s->currCPlusTxDesc);
+ }
+ else
+ {
+ /* update interrupt status */
+ s->IntrStatus |= TxOK;
+ rtl8139_update_irq(s);
+ }
+}
+
+static void rtl8139_transmit(RTL8139State *s)
+{
+ int descriptor = s->currTxDesc, txcount = 0;
+
+ /*while*/
+ if (rtl8139_transmit_one(s, descriptor))
+ {
+ ++s->currTxDesc;
+ s->currTxDesc %= 4;
+ ++txcount;
+ }
+
+ /* Mark transfer completed */
+ if (!txcount)
+ {
+ DPRINTF("transmitter queue stalled, current TxDesc = %d\n",
+ s->currTxDesc);
+ }
+}
+
+static void rtl8139_TxStatus_write(RTL8139State *s, uint32_t txRegOffset, uint32_t val)
+{
+
+ int descriptor = txRegOffset/4;
+
+ /* handle C+ transmit mode register configuration */
+
+ if (s->cplus_enabled)
+ {
+ DPRINTF("RTL8139C+ DTCCR write offset=0x%x val=0x%08x "
+ "descriptor=%d\n", txRegOffset, val, descriptor);
+
+ /* handle Dump Tally Counters command */
+ s->TxStatus[descriptor] = val;
+
+ if (descriptor == 0 && (val & 0x8))
+ {
+ hwaddr tc_addr = rtl8139_addr64(s->TxStatus[0] & ~0x3f, s->TxStatus[1]);
+
+ /* dump tally counters to specified memory location */
+ RTL8139TallyCounters_dma_write(s, tc_addr);
+
+ /* mark dump completed */
+ s->TxStatus[0] &= ~0x8;
+ }
+
+ return;
+ }
+
+ DPRINTF("TxStatus write offset=0x%x val=0x%08x descriptor=%d\n",
+ txRegOffset, val, descriptor);
+
+ /* mask only reserved bits */
+ val &= ~0xff00c000; /* these bits are reset on write */
+ val = SET_MASKED(val, 0x00c00000, s->TxStatus[descriptor]);
+
+ s->TxStatus[descriptor] = val;
+
+ /* attempt to start transmission */
+ rtl8139_transmit(s);
+}
+
+static uint32_t rtl8139_TxStatus_TxAddr_read(RTL8139State *s, uint32_t regs[],
+ uint32_t base, uint8_t addr,
+ int size)
+{
+ uint32_t reg = (addr - base) / 4;
+ uint32_t offset = addr & 0x3;
+ uint32_t ret = 0;
+
+ if (addr & (size - 1)) {
+ DPRINTF("not implemented read for TxStatus/TxAddr "
+ "addr=0x%x size=0x%x\n", addr, size);
+ return ret;
+ }
+
+ switch (size) {
+ case 1: /* fall through */
+ case 2: /* fall through */
+ case 4:
+ ret = (regs[reg] >> offset * 8) & (((uint64_t)1 << (size * 8)) - 1);
+ DPRINTF("TxStatus/TxAddr[%d] read addr=0x%x size=0x%x val=0x%08x\n",
+ reg, addr, size, ret);
+ break;
+ default:
+ DPRINTF("unsupported size 0x%x of TxStatus/TxAddr reading\n", size);
+ break;
+ }
+
+ return ret;
+}
+
+static uint16_t rtl8139_TSAD_read(RTL8139State *s)
+{
+ uint16_t ret = 0;
+
+ /* Simulate TSAD, it is read only anyway */
+
+ ret = ((s->TxStatus[3] & TxStatOK )?TSAD_TOK3:0)
+ |((s->TxStatus[2] & TxStatOK )?TSAD_TOK2:0)
+ |((s->TxStatus[1] & TxStatOK )?TSAD_TOK1:0)
+ |((s->TxStatus[0] & TxStatOK )?TSAD_TOK0:0)
+
+ |((s->TxStatus[3] & TxUnderrun)?TSAD_TUN3:0)
+ |((s->TxStatus[2] & TxUnderrun)?TSAD_TUN2:0)
+ |((s->TxStatus[1] & TxUnderrun)?TSAD_TUN1:0)
+ |((s->TxStatus[0] & TxUnderrun)?TSAD_TUN0:0)
+
+ |((s->TxStatus[3] & TxAborted )?TSAD_TABT3:0)
+ |((s->TxStatus[2] & TxAborted )?TSAD_TABT2:0)
+ |((s->TxStatus[1] & TxAborted )?TSAD_TABT1:0)
+ |((s->TxStatus[0] & TxAborted )?TSAD_TABT0:0)
+
+ |((s->TxStatus[3] & TxHostOwns )?TSAD_OWN3:0)
+ |((s->TxStatus[2] & TxHostOwns )?TSAD_OWN2:0)
+ |((s->TxStatus[1] & TxHostOwns )?TSAD_OWN1:0)
+ |((s->TxStatus[0] & TxHostOwns )?TSAD_OWN0:0) ;
+
+
+ DPRINTF("TSAD read val=0x%04x\n", ret);
+
+ return ret;
+}
+
+static uint16_t rtl8139_CSCR_read(RTL8139State *s)
+{
+ uint16_t ret = s->CSCR;
+
+ DPRINTF("CSCR read val=0x%04x\n", ret);
+
+ return ret;
+}
+
+static void rtl8139_TxAddr_write(RTL8139State *s, uint32_t txAddrOffset, uint32_t val)
+{
+ DPRINTF("TxAddr write offset=0x%x val=0x%08x\n", txAddrOffset, val);
+
+ s->TxAddr[txAddrOffset/4] = val;
+}
+
+static uint32_t rtl8139_TxAddr_read(RTL8139State *s, uint32_t txAddrOffset)
+{
+ uint32_t ret = s->TxAddr[txAddrOffset/4];
+
+ DPRINTF("TxAddr read offset=0x%x val=0x%08x\n", txAddrOffset, ret);
+
+ return ret;
+}
+
+static void rtl8139_RxBufPtr_write(RTL8139State *s, uint32_t val)
+{
+ DPRINTF("RxBufPtr write val=0x%04x\n", val);
+
+ /* this value is off by 16 */
+ s->RxBufPtr = MOD2(val + 0x10, s->RxBufferSize);
+
+ /* more buffer space may be available so try to receive */
+ qemu_flush_queued_packets(qemu_get_queue(s->nic));
+
+ DPRINTF(" CAPR write: rx buffer length %d head 0x%04x read 0x%04x\n",
+ s->RxBufferSize, s->RxBufAddr, s->RxBufPtr);
+}
+
+static uint32_t rtl8139_RxBufPtr_read(RTL8139State *s)
+{
+ /* this value is off by 16 */
+ uint32_t ret = s->RxBufPtr - 0x10;
+
+ DPRINTF("RxBufPtr read val=0x%04x\n", ret);
+
+ return ret;
+}
+
+static uint32_t rtl8139_RxBufAddr_read(RTL8139State *s)
+{
+ /* this value is NOT off by 16 */
+ uint32_t ret = s->RxBufAddr;
+
+ DPRINTF("RxBufAddr read val=0x%04x\n", ret);
+
+ return ret;
+}
+
+static void rtl8139_RxBuf_write(RTL8139State *s, uint32_t val)
+{
+ DPRINTF("RxBuf write val=0x%08x\n", val);
+
+ s->RxBuf = val;
+
+ /* may need to reset rxring here */
+}
+
+static uint32_t rtl8139_RxBuf_read(RTL8139State *s)
+{
+ uint32_t ret = s->RxBuf;
+
+ DPRINTF("RxBuf read val=0x%08x\n", ret);
+
+ return ret;
+}
+
+static void rtl8139_IntrMask_write(RTL8139State *s, uint32_t val)
+{
+ DPRINTF("IntrMask write(w) val=0x%04x\n", val);
+
+ /* mask unwritable bits */
+ val = SET_MASKED(val, 0x1e00, s->IntrMask);
+
+ s->IntrMask = val;
+
+ rtl8139_set_next_tctr_time(s, qemu_get_clock_ns(vm_clock));
+ rtl8139_update_irq(s);
+
+}
+
+static uint32_t rtl8139_IntrMask_read(RTL8139State *s)
+{
+ uint32_t ret = s->IntrMask;
+
+ DPRINTF("IntrMask read(w) val=0x%04x\n", ret);
+
+ return ret;
+}
+
+static void rtl8139_IntrStatus_write(RTL8139State *s, uint32_t val)
+{
+ DPRINTF("IntrStatus write(w) val=0x%04x\n", val);
+
+#if 0
+
+ /* writing to ISR has no effect */
+
+ return;
+
+#else
+ uint16_t newStatus = s->IntrStatus & ~val;
+
+ /* mask unwritable bits */
+ newStatus = SET_MASKED(newStatus, 0x1e00, s->IntrStatus);
+
+ /* writing 1 to interrupt status register bit clears it */
+ s->IntrStatus = 0;
+ rtl8139_update_irq(s);
+
+ s->IntrStatus = newStatus;
+ /*
+ * Computing if we miss an interrupt here is not that correct but
+ * considered that we should have had already an interrupt
+ * and probably emulated is slower is better to assume this resetting was
+ * done before testing on previous rtl8139_update_irq lead to IRQ losing
+ */
+ rtl8139_set_next_tctr_time(s, qemu_get_clock_ns(vm_clock));
+ rtl8139_update_irq(s);
+
+#endif
+}
+
+static uint32_t rtl8139_IntrStatus_read(RTL8139State *s)
+{
+ rtl8139_set_next_tctr_time(s, qemu_get_clock_ns(vm_clock));
+
+ uint32_t ret = s->IntrStatus;
+
+ DPRINTF("IntrStatus read(w) val=0x%04x\n", ret);
+
+#if 0
+
+ /* reading ISR clears all interrupts */
+ s->IntrStatus = 0;
+
+ rtl8139_update_irq(s);
+
+#endif
+
+ return ret;
+}
+
+static void rtl8139_MultiIntr_write(RTL8139State *s, uint32_t val)
+{
+ DPRINTF("MultiIntr write(w) val=0x%04x\n", val);
+
+ /* mask unwritable bits */
+ val = SET_MASKED(val, 0xf000, s->MultiIntr);
+
+ s->MultiIntr = val;
+}
+
+static uint32_t rtl8139_MultiIntr_read(RTL8139State *s)
+{
+ uint32_t ret = s->MultiIntr;
+
+ DPRINTF("MultiIntr read(w) val=0x%04x\n", ret);
+
+ return ret;
+}
+
+static void rtl8139_io_writeb(void *opaque, uint8_t addr, uint32_t val)
+{
+ RTL8139State *s = opaque;
+
+ switch (addr)
+ {
+ case MAC0 ... MAC0+5:
+ s->phys[addr - MAC0] = val;
+ break;
+ case MAC0+6 ... MAC0+7:
+ /* reserved */
+ break;
+ case MAR0 ... MAR0+7:
+ s->mult[addr - MAR0] = val;
+ break;
+ case ChipCmd:
+ rtl8139_ChipCmd_write(s, val);
+ break;
+ case Cfg9346:
+ rtl8139_Cfg9346_write(s, val);
+ break;
+ case TxConfig: /* windows driver sometimes writes using byte-lenth call */
+ rtl8139_TxConfig_writeb(s, val);
+ break;
+ case Config0:
+ rtl8139_Config0_write(s, val);
+ break;
+ case Config1:
+ rtl8139_Config1_write(s, val);
+ break;
+ case Config3:
+ rtl8139_Config3_write(s, val);
+ break;
+ case Config4:
+ rtl8139_Config4_write(s, val);
+ break;
+ case Config5:
+ rtl8139_Config5_write(s, val);
+ break;
+ case MediaStatus:
+ /* ignore */
+ DPRINTF("not implemented write(b) to MediaStatus val=0x%02x\n",
+ val);
+ break;
+
+ case HltClk:
+ DPRINTF("HltClk write val=0x%08x\n", val);
+ if (val == 'R')
+ {
+ s->clock_enabled = 1;
+ }
+ else if (val == 'H')
+ {
+ s->clock_enabled = 0;
+ }
+ break;
+
+ case TxThresh:
+ DPRINTF("C+ TxThresh write(b) val=0x%02x\n", val);
+ s->TxThresh = val;
+ break;
+
+ case TxPoll:
+ DPRINTF("C+ TxPoll write(b) val=0x%02x\n", val);
+ if (val & (1 << 7))
+ {
+ DPRINTF("C+ TxPoll high priority transmission (not "
+ "implemented)\n");
+ //rtl8139_cplus_transmit(s);
+ }
+ if (val & (1 << 6))
+ {
+ DPRINTF("C+ TxPoll normal priority transmission\n");
+ rtl8139_cplus_transmit(s);
+ }
+
+ break;
+
+ default:
+ DPRINTF("not implemented write(b) addr=0x%x val=0x%02x\n", addr,
+ val);
+ break;
+ }
+}
+
+static void rtl8139_io_writew(void *opaque, uint8_t addr, uint32_t val)
+{
+ RTL8139State *s = opaque;
+
+ switch (addr)
+ {
+ case IntrMask:
+ rtl8139_IntrMask_write(s, val);
+ break;
+
+ case IntrStatus:
+ rtl8139_IntrStatus_write(s, val);
+ break;
+
+ case MultiIntr:
+ rtl8139_MultiIntr_write(s, val);
+ break;
+
+ case RxBufPtr:
+ rtl8139_RxBufPtr_write(s, val);
+ break;
+
+ case BasicModeCtrl:
+ rtl8139_BasicModeCtrl_write(s, val);
+ break;
+ case BasicModeStatus:
+ rtl8139_BasicModeStatus_write(s, val);
+ break;
+ case NWayAdvert:
+ DPRINTF("NWayAdvert write(w) val=0x%04x\n", val);
+ s->NWayAdvert = val;
+ break;
+ case NWayLPAR:
+ DPRINTF("forbidden NWayLPAR write(w) val=0x%04x\n", val);
+ break;
+ case NWayExpansion:
+ DPRINTF("NWayExpansion write(w) val=0x%04x\n", val);
+ s->NWayExpansion = val;
+ break;
+
+ case CpCmd:
+ rtl8139_CpCmd_write(s, val);
+ break;
+
+ case IntrMitigate:
+ rtl8139_IntrMitigate_write(s, val);
+ break;
+
+ default:
+ DPRINTF("ioport write(w) addr=0x%x val=0x%04x via write(b)\n",
+ addr, val);
+
+ rtl8139_io_writeb(opaque, addr, val & 0xff);
+ rtl8139_io_writeb(opaque, addr + 1, (val >> 8) & 0xff);
+ break;
+ }
+}
+
+static void rtl8139_set_next_tctr_time(RTL8139State *s, int64_t current_time)
+{
+ int64_t pci_time, next_time;
+ uint32_t low_pci;
+
+ DPRINTF("entered rtl8139_set_next_tctr_time\n");
+
+ if (s->TimerExpire && current_time >= s->TimerExpire) {
+ s->IntrStatus |= PCSTimeout;
+ rtl8139_update_irq(s);
+ }
+
+ /* Set QEMU timer only if needed that is
+ * - TimerInt <> 0 (we have a timer)
+ * - mask = 1 (we want an interrupt timer)
+ * - irq = 0 (irq is not already active)
+ * If any of above change we need to compute timer again
+ * Also we must check if timer is passed without QEMU timer
+ */
+ s->TimerExpire = 0;
+ if (!s->TimerInt) {
+ return;
+ }
+
+ pci_time = muldiv64(current_time - s->TCTR_base, PCI_FREQUENCY,
+ get_ticks_per_sec());
+ low_pci = pci_time & 0xffffffff;
+ pci_time = pci_time - low_pci + s->TimerInt;
+ if (low_pci >= s->TimerInt) {
+ pci_time += 0x100000000LL;
+ }
+ next_time = s->TCTR_base + muldiv64(pci_time, get_ticks_per_sec(),
+ PCI_FREQUENCY);
+ s->TimerExpire = next_time;
+
+ if ((s->IntrMask & PCSTimeout) != 0 && (s->IntrStatus & PCSTimeout) == 0) {
+ qemu_mod_timer(s->timer, next_time);
+ }
+}
+
+static void rtl8139_io_writel(void *opaque, uint8_t addr, uint32_t val)
+{
+ RTL8139State *s = opaque;
+
+ switch (addr)
+ {
+ case RxMissed:
+ DPRINTF("RxMissed clearing on write\n");
+ s->RxMissed = 0;
+ break;
+
+ case TxConfig:
+ rtl8139_TxConfig_write(s, val);
+ break;
+
+ case RxConfig:
+ rtl8139_RxConfig_write(s, val);
+ break;
+
+ case TxStatus0 ... TxStatus0+4*4-1:
+ rtl8139_TxStatus_write(s, addr-TxStatus0, val);
+ break;
+
+ case TxAddr0 ... TxAddr0+4*4-1:
+ rtl8139_TxAddr_write(s, addr-TxAddr0, val);
+ break;
+
+ case RxBuf:
+ rtl8139_RxBuf_write(s, val);
+ break;
+
+ case RxRingAddrLO:
+ DPRINTF("C+ RxRing low bits write val=0x%08x\n", val);
+ s->RxRingAddrLO = val;
+ break;
+
+ case RxRingAddrHI:
+ DPRINTF("C+ RxRing high bits write val=0x%08x\n", val);
+ s->RxRingAddrHI = val;
+ break;
+
+ case Timer:
+ DPRINTF("TCTR Timer reset on write\n");
+ s->TCTR_base = qemu_get_clock_ns(vm_clock);
+ rtl8139_set_next_tctr_time(s, s->TCTR_base);
+ break;
+
+ case FlashReg:
+ DPRINTF("FlashReg TimerInt write val=0x%08x\n", val);
+ if (s->TimerInt != val) {
+ s->TimerInt = val;
+ rtl8139_set_next_tctr_time(s, qemu_get_clock_ns(vm_clock));
+ }
+ break;
+
+ default:
+ DPRINTF("ioport write(l) addr=0x%x val=0x%08x via write(b)\n",
+ addr, val);
+ rtl8139_io_writeb(opaque, addr, val & 0xff);
+ rtl8139_io_writeb(opaque, addr + 1, (val >> 8) & 0xff);
+ rtl8139_io_writeb(opaque, addr + 2, (val >> 16) & 0xff);
+ rtl8139_io_writeb(opaque, addr + 3, (val >> 24) & 0xff);
+ break;
+ }
+}
+
+static uint32_t rtl8139_io_readb(void *opaque, uint8_t addr)
+{
+ RTL8139State *s = opaque;
+ int ret;
+
+ switch (addr)
+ {
+ case MAC0 ... MAC0+5:
+ ret = s->phys[addr - MAC0];
+ break;
+ case MAC0+6 ... MAC0+7:
+ ret = 0;
+ break;
+ case MAR0 ... MAR0+7:
+ ret = s->mult[addr - MAR0];
+ break;
+ case TxStatus0 ... TxStatus0+4*4-1:
+ ret = rtl8139_TxStatus_TxAddr_read(s, s->TxStatus, TxStatus0,
+ addr, 1);
+ break;
+ case ChipCmd:
+ ret = rtl8139_ChipCmd_read(s);
+ break;
+ case Cfg9346:
+ ret = rtl8139_Cfg9346_read(s);
+ break;
+ case Config0:
+ ret = rtl8139_Config0_read(s);
+ break;
+ case Config1:
+ ret = rtl8139_Config1_read(s);
+ break;
+ case Config3:
+ ret = rtl8139_Config3_read(s);
+ break;
+ case Config4:
+ ret = rtl8139_Config4_read(s);
+ break;
+ case Config5:
+ ret = rtl8139_Config5_read(s);
+ break;
+
+ case MediaStatus:
+ /* The LinkDown bit of MediaStatus is inverse with link status */
+ ret = 0xd0 | (~s->BasicModeStatus & 0x04);
+ DPRINTF("MediaStatus read 0x%x\n", ret);
+ break;
+
+ case HltClk:
+ ret = s->clock_enabled;
+ DPRINTF("HltClk read 0x%x\n", ret);
+ break;
+
+ case PCIRevisionID:
+ ret = RTL8139_PCI_REVID;
+ DPRINTF("PCI Revision ID read 0x%x\n", ret);
+ break;
+
+ case TxThresh:
+ ret = s->TxThresh;
+ DPRINTF("C+ TxThresh read(b) val=0x%02x\n", ret);
+ break;
+
+ case 0x43: /* Part of TxConfig register. Windows driver tries to read it */
+ ret = s->TxConfig >> 24;
+ DPRINTF("RTL8139C TxConfig at 0x43 read(b) val=0x%02x\n", ret);
+ break;
+
+ default:
+ DPRINTF("not implemented read(b) addr=0x%x\n", addr);
+ ret = 0;
+ break;
+ }
+
+ return ret;
+}
+
+static uint32_t rtl8139_io_readw(void *opaque, uint8_t addr)
+{
+ RTL8139State *s = opaque;
+ uint32_t ret;
+
+ switch (addr)
+ {
+ case TxAddr0 ... TxAddr0+4*4-1:
+ ret = rtl8139_TxStatus_TxAddr_read(s, s->TxAddr, TxAddr0, addr, 2);
+ break;
+ case IntrMask:
+ ret = rtl8139_IntrMask_read(s);
+ break;
+
+ case IntrStatus:
+ ret = rtl8139_IntrStatus_read(s);
+ break;
+
+ case MultiIntr:
+ ret = rtl8139_MultiIntr_read(s);
+ break;
+
+ case RxBufPtr:
+ ret = rtl8139_RxBufPtr_read(s);
+ break;
+
+ case RxBufAddr:
+ ret = rtl8139_RxBufAddr_read(s);
+ break;
+
+ case BasicModeCtrl:
+ ret = rtl8139_BasicModeCtrl_read(s);
+ break;
+ case BasicModeStatus:
+ ret = rtl8139_BasicModeStatus_read(s);
+ break;
+ case NWayAdvert:
+ ret = s->NWayAdvert;
+ DPRINTF("NWayAdvert read(w) val=0x%04x\n", ret);
+ break;
+ case NWayLPAR:
+ ret = s->NWayLPAR;
+ DPRINTF("NWayLPAR read(w) val=0x%04x\n", ret);
+ break;
+ case NWayExpansion:
+ ret = s->NWayExpansion;
+ DPRINTF("NWayExpansion read(w) val=0x%04x\n", ret);
+ break;
+
+ case CpCmd:
+ ret = rtl8139_CpCmd_read(s);
+ break;
+
+ case IntrMitigate:
+ ret = rtl8139_IntrMitigate_read(s);
+ break;
+
+ case TxSummary:
+ ret = rtl8139_TSAD_read(s);
+ break;
+
+ case CSCR:
+ ret = rtl8139_CSCR_read(s);
+ break;
+
+ default:
+ DPRINTF("ioport read(w) addr=0x%x via read(b)\n", addr);
+
+ ret = rtl8139_io_readb(opaque, addr);
+ ret |= rtl8139_io_readb(opaque, addr + 1) << 8;
+
+ DPRINTF("ioport read(w) addr=0x%x val=0x%04x\n", addr, ret);
+ break;
+ }
+
+ return ret;
+}
+
+static uint32_t rtl8139_io_readl(void *opaque, uint8_t addr)
+{
+ RTL8139State *s = opaque;
+ uint32_t ret;
+
+ switch (addr)
+ {
+ case RxMissed:
+ ret = s->RxMissed;
+
+ DPRINTF("RxMissed read val=0x%08x\n", ret);
+ break;
+
+ case TxConfig:
+ ret = rtl8139_TxConfig_read(s);
+ break;
+
+ case RxConfig:
+ ret = rtl8139_RxConfig_read(s);
+ break;
+
+ case TxStatus0 ... TxStatus0+4*4-1:
+ ret = rtl8139_TxStatus_TxAddr_read(s, s->TxStatus, TxStatus0,
+ addr, 4);
+ break;
+
+ case TxAddr0 ... TxAddr0+4*4-1:
+ ret = rtl8139_TxAddr_read(s, addr-TxAddr0);
+ break;
+
+ case RxBuf:
+ ret = rtl8139_RxBuf_read(s);
+ break;
+
+ case RxRingAddrLO:
+ ret = s->RxRingAddrLO;
+ DPRINTF("C+ RxRing low bits read val=0x%08x\n", ret);
+ break;
+
+ case RxRingAddrHI:
+ ret = s->RxRingAddrHI;
+ DPRINTF("C+ RxRing high bits read val=0x%08x\n", ret);
+ break;
+
+ case Timer:
+ ret = muldiv64(qemu_get_clock_ns(vm_clock) - s->TCTR_base,
+ PCI_FREQUENCY, get_ticks_per_sec());
+ DPRINTF("TCTR Timer read val=0x%08x\n", ret);
+ break;
+
+ case FlashReg:
+ ret = s->TimerInt;
+ DPRINTF("FlashReg TimerInt read val=0x%08x\n", ret);
+ break;
+
+ default:
+ DPRINTF("ioport read(l) addr=0x%x via read(b)\n", addr);
+
+ ret = rtl8139_io_readb(opaque, addr);
+ ret |= rtl8139_io_readb(opaque, addr + 1) << 8;
+ ret |= rtl8139_io_readb(opaque, addr + 2) << 16;
+ ret |= rtl8139_io_readb(opaque, addr + 3) << 24;
+
+ DPRINTF("read(l) addr=0x%x val=%08x\n", addr, ret);
+ break;
+ }
+
+ return ret;
+}
+
+/* */
+
+static void rtl8139_mmio_writeb(void *opaque, hwaddr addr, uint32_t val)
+{
+ rtl8139_io_writeb(opaque, addr & 0xFF, val);
+}
+
+static void rtl8139_mmio_writew(void *opaque, hwaddr addr, uint32_t val)
+{
+ rtl8139_io_writew(opaque, addr & 0xFF, val);
+}
+
+static void rtl8139_mmio_writel(void *opaque, hwaddr addr, uint32_t val)
+{
+ rtl8139_io_writel(opaque, addr & 0xFF, val);
+}
+
+static uint32_t rtl8139_mmio_readb(void *opaque, hwaddr addr)
+{
+ return rtl8139_io_readb(opaque, addr & 0xFF);
+}
+
+static uint32_t rtl8139_mmio_readw(void *opaque, hwaddr addr)
+{
+ uint32_t val = rtl8139_io_readw(opaque, addr & 0xFF);
+ return val;
+}
+
+static uint32_t rtl8139_mmio_readl(void *opaque, hwaddr addr)
+{
+ uint32_t val = rtl8139_io_readl(opaque, addr & 0xFF);
+ return val;
+}
+
+static int rtl8139_post_load(void *opaque, int version_id)
+{
+ RTL8139State* s = opaque;
+ rtl8139_set_next_tctr_time(s, qemu_get_clock_ns(vm_clock));
+ if (version_id < 4) {
+ s->cplus_enabled = s->CpCmd != 0;
+ }
+
+ /* nc.link_down can't be migrated, so infer link_down according
+ * to link status bit in BasicModeStatus */
+ qemu_get_queue(s->nic)->link_down = (s->BasicModeStatus & 0x04) == 0;
+
+ return 0;
+}
+
+static bool rtl8139_hotplug_ready_needed(void *opaque)
+{
+ return qdev_machine_modified();
+}
+
+static const VMStateDescription vmstate_rtl8139_hotplug_ready ={
+ .name = "rtl8139/hotplug_ready",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .minimum_version_id_old = 1,
+ .fields = (VMStateField []) {
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+static void rtl8139_pre_save(void *opaque)
+{
+ RTL8139State* s = opaque;
+ int64_t current_time = qemu_get_clock_ns(vm_clock);
+
+ /* set IntrStatus correctly */
+ rtl8139_set_next_tctr_time(s, current_time);
+ s->TCTR = muldiv64(current_time - s->TCTR_base, PCI_FREQUENCY,
+ get_ticks_per_sec());
+ s->rtl8139_mmio_io_addr_dummy = 0;
+}
+
+static const VMStateDescription vmstate_rtl8139 = {
+ .name = "rtl8139",
+ .version_id = 4,
+ .minimum_version_id = 3,
+ .minimum_version_id_old = 3,
+ .post_load = rtl8139_post_load,
+ .pre_save = rtl8139_pre_save,
+ .fields = (VMStateField []) {
+ VMSTATE_PCI_DEVICE(parent_obj, RTL8139State),
+ VMSTATE_PARTIAL_BUFFER(phys, RTL8139State, 6),
+ VMSTATE_BUFFER(mult, RTL8139State),
+ VMSTATE_UINT32_ARRAY(TxStatus, RTL8139State, 4),
+ VMSTATE_UINT32_ARRAY(TxAddr, RTL8139State, 4),
+
+ VMSTATE_UINT32(RxBuf, RTL8139State),
+ VMSTATE_UINT32(RxBufferSize, RTL8139State),
+ VMSTATE_UINT32(RxBufPtr, RTL8139State),
+ VMSTATE_UINT32(RxBufAddr, RTL8139State),
+
+ VMSTATE_UINT16(IntrStatus, RTL8139State),
+ VMSTATE_UINT16(IntrMask, RTL8139State),
+
+ VMSTATE_UINT32(TxConfig, RTL8139State),
+ VMSTATE_UINT32(RxConfig, RTL8139State),
+ VMSTATE_UINT32(RxMissed, RTL8139State),
+ VMSTATE_UINT16(CSCR, RTL8139State),
+
+ VMSTATE_UINT8(Cfg9346, RTL8139State),
+ VMSTATE_UINT8(Config0, RTL8139State),
+ VMSTATE_UINT8(Config1, RTL8139State),
+ VMSTATE_UINT8(Config3, RTL8139State),
+ VMSTATE_UINT8(Config4, RTL8139State),
+ VMSTATE_UINT8(Config5, RTL8139State),
+
+ VMSTATE_UINT8(clock_enabled, RTL8139State),
+ VMSTATE_UINT8(bChipCmdState, RTL8139State),
+
+ VMSTATE_UINT16(MultiIntr, RTL8139State),
+
+ VMSTATE_UINT16(BasicModeCtrl, RTL8139State),
+ VMSTATE_UINT16(BasicModeStatus, RTL8139State),
+ VMSTATE_UINT16(NWayAdvert, RTL8139State),
+ VMSTATE_UINT16(NWayLPAR, RTL8139State),
+ VMSTATE_UINT16(NWayExpansion, RTL8139State),
+
+ VMSTATE_UINT16(CpCmd, RTL8139State),
+ VMSTATE_UINT8(TxThresh, RTL8139State),
+
+ VMSTATE_UNUSED(4),
+ VMSTATE_MACADDR(conf.macaddr, RTL8139State),
+ VMSTATE_INT32(rtl8139_mmio_io_addr_dummy, RTL8139State),
+
+ VMSTATE_UINT32(currTxDesc, RTL8139State),
+ VMSTATE_UINT32(currCPlusRxDesc, RTL8139State),
+ VMSTATE_UINT32(currCPlusTxDesc, RTL8139State),
+ VMSTATE_UINT32(RxRingAddrLO, RTL8139State),
+ VMSTATE_UINT32(RxRingAddrHI, RTL8139State),
+
+ VMSTATE_UINT16_ARRAY(eeprom.contents, RTL8139State, EEPROM_9346_SIZE),
+ VMSTATE_INT32(eeprom.mode, RTL8139State),
+ VMSTATE_UINT32(eeprom.tick, RTL8139State),
+ VMSTATE_UINT8(eeprom.address, RTL8139State),
+ VMSTATE_UINT16(eeprom.input, RTL8139State),
+ VMSTATE_UINT16(eeprom.output, RTL8139State),
+
+ VMSTATE_UINT8(eeprom.eecs, RTL8139State),
+ VMSTATE_UINT8(eeprom.eesk, RTL8139State),
+ VMSTATE_UINT8(eeprom.eedi, RTL8139State),
+ VMSTATE_UINT8(eeprom.eedo, RTL8139State),
+
+ VMSTATE_UINT32(TCTR, RTL8139State),
+ VMSTATE_UINT32(TimerInt, RTL8139State),
+ VMSTATE_INT64(TCTR_base, RTL8139State),
+
+ VMSTATE_STRUCT(tally_counters, RTL8139State, 0,
+ vmstate_tally_counters, RTL8139TallyCounters),
+
+ VMSTATE_UINT32_V(cplus_enabled, RTL8139State, 4),
+ VMSTATE_END_OF_LIST()
+ },
+ .subsections = (VMStateSubsection []) {
+ {
+ .vmsd = &vmstate_rtl8139_hotplug_ready,
+ .needed = rtl8139_hotplug_ready_needed,
+ }, {
+ /* empty */
+ }
+ }
+};
+
+/***********************************************************/
+/* PCI RTL8139 definitions */
+
+static void rtl8139_ioport_write(void *opaque, hwaddr addr,
+ uint64_t val, unsigned size)
+{
+ switch (size) {
+ case 1:
+ rtl8139_io_writeb(opaque, addr, val);
+ break;
+ case 2:
+ rtl8139_io_writew(opaque, addr, val);
+ break;
+ case 4:
+ rtl8139_io_writel(opaque, addr, val);
+ break;
+ }
+}
+
+static uint64_t rtl8139_ioport_read(void *opaque, hwaddr addr,
+ unsigned size)
+{
+ switch (size) {
+ case 1:
+ return rtl8139_io_readb(opaque, addr);
+ case 2:
+ return rtl8139_io_readw(opaque, addr);
+ case 4:
+ return rtl8139_io_readl(opaque, addr);
+ }
+
+ return -1;
+}
+
+static const MemoryRegionOps rtl8139_io_ops = {
+ .read = rtl8139_ioport_read,
+ .write = rtl8139_ioport_write,
+ .impl = {
+ .min_access_size = 1,
+ .max_access_size = 4,
+ },
+ .endianness = DEVICE_LITTLE_ENDIAN,
+};
+
+static const MemoryRegionOps rtl8139_mmio_ops = {
+ .old_mmio = {
+ .read = {
+ rtl8139_mmio_readb,
+ rtl8139_mmio_readw,
+ rtl8139_mmio_readl,
+ },
+ .write = {
+ rtl8139_mmio_writeb,
+ rtl8139_mmio_writew,
+ rtl8139_mmio_writel,
+ },
+ },
+ .endianness = DEVICE_LITTLE_ENDIAN,
+};
+
+static void rtl8139_timer(void *opaque)
+{
+ RTL8139State *s = opaque;
+
+ if (!s->clock_enabled)
+ {
+ DPRINTF(">>> timer: clock is not running\n");
+ return;
+ }
+
+ s->IntrStatus |= PCSTimeout;
+ rtl8139_update_irq(s);
+ rtl8139_set_next_tctr_time(s, qemu_get_clock_ns(vm_clock));
+}
+
+static void rtl8139_cleanup(NetClientState *nc)
+{
+ RTL8139State *s = qemu_get_nic_opaque(nc);
+
+ s->nic = NULL;
+}
+
+static void pci_rtl8139_uninit(PCIDevice *dev)
+{
+ RTL8139State *s = RTL8139(dev);
+
+ memory_region_destroy(&s->bar_io);
+ memory_region_destroy(&s->bar_mem);
+ if (s->cplus_txbuffer) {
+ g_free(s->cplus_txbuffer);
+ s->cplus_txbuffer = NULL;
+ }
+ qemu_del_timer(s->timer);
+ qemu_free_timer(s->timer);
+ qemu_del_nic(s->nic);
+}
+
+static void rtl8139_set_link_status(NetClientState *nc)
+{
+ RTL8139State *s = qemu_get_nic_opaque(nc);
+
+ if (nc->link_down) {
+ s->BasicModeStatus &= ~0x04;
+ } else {
+ s->BasicModeStatus |= 0x04;
+ }
+
+ s->IntrStatus |= RxUnderrun;
+ rtl8139_update_irq(s);
+}
+
+static NetClientInfo net_rtl8139_info = {
+ .type = NET_CLIENT_OPTIONS_KIND_NIC,
+ .size = sizeof(NICState),
+ .can_receive = rtl8139_can_receive,
+ .receive = rtl8139_receive,
+ .cleanup = rtl8139_cleanup,
+ .link_status_changed = rtl8139_set_link_status,
+};
+
+static int pci_rtl8139_init(PCIDevice *dev)
+{
+ RTL8139State *s = RTL8139(dev);
+ DeviceState *d = DEVICE(dev);
+ uint8_t *pci_conf;
+
+ pci_conf = dev->config;
+ pci_conf[PCI_INTERRUPT_PIN] = 1; /* interrupt pin A */
+ /* TODO: start of capability list, but no capability
+ * list bit in status register, and offset 0xdc seems unused. */
+ pci_conf[PCI_CAPABILITY_LIST] = 0xdc;
+
+ memory_region_init_io(&s->bar_io, OBJECT(s), &rtl8139_io_ops, s,
+ "rtl8139", 0x100);
+ memory_region_init_io(&s->bar_mem, OBJECT(s), &rtl8139_mmio_ops, s,
+ "rtl8139", 0x100);
+ pci_register_bar(dev, 0, PCI_BASE_ADDRESS_SPACE_IO, &s->bar_io);
+ pci_register_bar(dev, 1, PCI_BASE_ADDRESS_SPACE_MEMORY, &s->bar_mem);
+
+ qemu_macaddr_default_if_unset(&s->conf.macaddr);
+
+ /* prepare eeprom */
+ s->eeprom.contents[0] = 0x8129;
+#if 1
+ /* PCI vendor and device ID should be mirrored here */
+ s->eeprom.contents[1] = PCI_VENDOR_ID_REALTEK;
+ s->eeprom.contents[2] = PCI_DEVICE_ID_REALTEK_8139;
+#endif
+ s->eeprom.contents[7] = s->conf.macaddr.a[0] | s->conf.macaddr.a[1] << 8;
+ s->eeprom.contents[8] = s->conf.macaddr.a[2] | s->conf.macaddr.a[3] << 8;
+ s->eeprom.contents[9] = s->conf.macaddr.a[4] | s->conf.macaddr.a[5] << 8;
+
+ s->nic = qemu_new_nic(&net_rtl8139_info, &s->conf,
+ object_get_typename(OBJECT(dev)), d->id, s);
+ qemu_format_nic_info_str(qemu_get_queue(s->nic), s->conf.macaddr.a);
+
+ s->cplus_txbuffer = NULL;
+ s->cplus_txbuffer_len = 0;
+ s->cplus_txbuffer_offset = 0;
+
+ s->TimerExpire = 0;
+ s->timer = qemu_new_timer_ns(vm_clock, rtl8139_timer, s);
+ rtl8139_set_next_tctr_time(s, qemu_get_clock_ns(vm_clock));
+
+ add_boot_device_path(s->conf.bootindex, d, "/ethernet-phy@0");
+
+ return 0;
+}
+
+static Property rtl8139_properties[] = {
+ DEFINE_NIC_PROPERTIES(RTL8139State, conf),
+ DEFINE_PROP_END_OF_LIST(),
+};
+
+static void rtl8139_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ PCIDeviceClass *k = PCI_DEVICE_CLASS(klass);
+
+ k->init = pci_rtl8139_init;
+ k->exit = pci_rtl8139_uninit;
+ k->romfile = "efi-rtl8139.rom";
+ k->vendor_id = PCI_VENDOR_ID_REALTEK;
+ k->device_id = PCI_DEVICE_ID_REALTEK_8139;
+ k->revision = RTL8139_PCI_REVID; /* >=0x20 is for 8139C+ */
+ k->class_id = PCI_CLASS_NETWORK_ETHERNET;
+ dc->reset = rtl8139_reset;
+ dc->vmsd = &vmstate_rtl8139;
+ dc->props = rtl8139_properties;
+ set_bit(DEVICE_CATEGORY_NETWORK, dc->categories);
+}
+
+static const TypeInfo rtl8139_info = {
+ .name = TYPE_RTL8139,
+ .parent = TYPE_PCI_DEVICE,
+ .instance_size = sizeof(RTL8139State),
+ .class_init = rtl8139_class_init,
+};
+
+static void rtl8139_register_types(void)
+{
+ type_register_static(&rtl8139_info);
+}
+
+type_init(rtl8139_register_types)
diff --git a/hw/net/smc91c111.c b/hw/net/smc91c111.c
new file mode 100644
index 000000000..f5963e2cb
--- /dev/null
+++ b/hw/net/smc91c111.c
@@ -0,0 +1,814 @@
+/*
+ * SMSC 91C111 Ethernet interface emulation
+ *
+ * Copyright (c) 2005 CodeSourcery, LLC.
+ * Written by Paul Brook
+ *
+ * This code is licensed under the GPL
+ */
+
+#include "hw/sysbus.h"
+#include "net/net.h"
+#include "hw/devices.h"
+/* For crc32 */
+#include <zlib.h>
+
+/* Number of 2k memory pages available. */
+#define NUM_PACKETS 4
+
+#define TYPE_SMC91C111 "smc91c111"
+#define SMC91C111(obj) OBJECT_CHECK(smc91c111_state, (obj), TYPE_SMC91C111)
+
+typedef struct {
+ SysBusDevice parent_obj;
+
+ NICState *nic;
+ NICConf conf;
+ uint16_t tcr;
+ uint16_t rcr;
+ uint16_t cr;
+ uint16_t ctr;
+ uint16_t gpr;
+ uint16_t ptr;
+ uint16_t ercv;
+ qemu_irq irq;
+ int bank;
+ int packet_num;
+ int tx_alloc;
+ /* Bitmask of allocated packets. */
+ int allocated;
+ int tx_fifo_len;
+ int tx_fifo[NUM_PACKETS];
+ int rx_fifo_len;
+ int rx_fifo[NUM_PACKETS];
+ int tx_fifo_done_len;
+ int tx_fifo_done[NUM_PACKETS];
+ /* Packet buffer memory. */
+ uint8_t data[NUM_PACKETS][2048];
+ uint8_t int_level;
+ uint8_t int_mask;
+ MemoryRegion mmio;
+} smc91c111_state;
+
+static const VMStateDescription vmstate_smc91c111 = {
+ .name = "smc91c111",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .fields = (VMStateField []) {
+ VMSTATE_UINT16(tcr, smc91c111_state),
+ VMSTATE_UINT16(rcr, smc91c111_state),
+ VMSTATE_UINT16(cr, smc91c111_state),
+ VMSTATE_UINT16(ctr, smc91c111_state),
+ VMSTATE_UINT16(gpr, smc91c111_state),
+ VMSTATE_UINT16(ptr, smc91c111_state),
+ VMSTATE_UINT16(ercv, smc91c111_state),
+ VMSTATE_INT32(bank, smc91c111_state),
+ VMSTATE_INT32(packet_num, smc91c111_state),
+ VMSTATE_INT32(tx_alloc, smc91c111_state),
+ VMSTATE_INT32(allocated, smc91c111_state),
+ VMSTATE_INT32(tx_fifo_len, smc91c111_state),
+ VMSTATE_INT32_ARRAY(tx_fifo, smc91c111_state, NUM_PACKETS),
+ VMSTATE_INT32(rx_fifo_len, smc91c111_state),
+ VMSTATE_INT32_ARRAY(rx_fifo, smc91c111_state, NUM_PACKETS),
+ VMSTATE_INT32(tx_fifo_done_len, smc91c111_state),
+ VMSTATE_INT32_ARRAY(tx_fifo_done, smc91c111_state, NUM_PACKETS),
+ VMSTATE_BUFFER_UNSAFE(data, smc91c111_state, 0, NUM_PACKETS * 2048),
+ VMSTATE_UINT8(int_level, smc91c111_state),
+ VMSTATE_UINT8(int_mask, smc91c111_state),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+#define RCR_SOFT_RST 0x8000
+#define RCR_STRIP_CRC 0x0200
+#define RCR_RXEN 0x0100
+
+#define TCR_EPH_LOOP 0x2000
+#define TCR_NOCRC 0x0100
+#define TCR_PAD_EN 0x0080
+#define TCR_FORCOL 0x0004
+#define TCR_LOOP 0x0002
+#define TCR_TXEN 0x0001
+
+#define INT_MD 0x80
+#define INT_ERCV 0x40
+#define INT_EPH 0x20
+#define INT_RX_OVRN 0x10
+#define INT_ALLOC 0x08
+#define INT_TX_EMPTY 0x04
+#define INT_TX 0x02
+#define INT_RCV 0x01
+
+#define CTR_AUTO_RELEASE 0x0800
+#define CTR_RELOAD 0x0002
+#define CTR_STORE 0x0001
+
+#define RS_ALGNERR 0x8000
+#define RS_BRODCAST 0x4000
+#define RS_BADCRC 0x2000
+#define RS_ODDFRAME 0x1000
+#define RS_TOOLONG 0x0800
+#define RS_TOOSHORT 0x0400
+#define RS_MULTICAST 0x0001
+
+/* Update interrupt status. */
+static void smc91c111_update(smc91c111_state *s)
+{
+ int level;
+
+ if (s->tx_fifo_len == 0)
+ s->int_level |= INT_TX_EMPTY;
+ if (s->tx_fifo_done_len != 0)
+ s->int_level |= INT_TX;
+ level = (s->int_level & s->int_mask) != 0;
+ qemu_set_irq(s->irq, level);
+}
+
+/* Try to allocate a packet. Returns 0x80 on failure. */
+static int smc91c111_allocate_packet(smc91c111_state *s)
+{
+ int i;
+ if (s->allocated == (1 << NUM_PACKETS) - 1) {
+ return 0x80;
+ }
+
+ for (i = 0; i < NUM_PACKETS; i++) {
+ if ((s->allocated & (1 << i)) == 0)
+ break;
+ }
+ s->allocated |= 1 << i;
+ return i;
+}
+
+
+/* Process a pending TX allocate. */
+static void smc91c111_tx_alloc(smc91c111_state *s)
+{
+ s->tx_alloc = smc91c111_allocate_packet(s);
+ if (s->tx_alloc == 0x80)
+ return;
+ s->int_level |= INT_ALLOC;
+ smc91c111_update(s);
+}
+
+/* Remove and item from the RX FIFO. */
+static void smc91c111_pop_rx_fifo(smc91c111_state *s)
+{
+ int i;
+
+ s->rx_fifo_len--;
+ if (s->rx_fifo_len) {
+ for (i = 0; i < s->rx_fifo_len; i++)
+ s->rx_fifo[i] = s->rx_fifo[i + 1];
+ s->int_level |= INT_RCV;
+ } else {
+ s->int_level &= ~INT_RCV;
+ }
+ smc91c111_update(s);
+}
+
+/* Remove an item from the TX completion FIFO. */
+static void smc91c111_pop_tx_fifo_done(smc91c111_state *s)
+{
+ int i;
+
+ if (s->tx_fifo_done_len == 0)
+ return;
+ s->tx_fifo_done_len--;
+ for (i = 0; i < s->tx_fifo_done_len; i++)
+ s->tx_fifo_done[i] = s->tx_fifo_done[i + 1];
+}
+
+/* Release the memory allocated to a packet. */
+static void smc91c111_release_packet(smc91c111_state *s, int packet)
+{
+ s->allocated &= ~(1 << packet);
+ if (s->tx_alloc == 0x80)
+ smc91c111_tx_alloc(s);
+}
+
+/* Flush the TX FIFO. */
+static void smc91c111_do_tx(smc91c111_state *s)
+{
+ int i;
+ int len;
+ int control;
+ int packetnum;
+ uint8_t *p;
+
+ if ((s->tcr & TCR_TXEN) == 0)
+ return;
+ if (s->tx_fifo_len == 0)
+ return;
+ for (i = 0; i < s->tx_fifo_len; i++) {
+ packetnum = s->tx_fifo[i];
+ p = &s->data[packetnum][0];
+ /* Set status word. */
+ *(p++) = 0x01;
+ *(p++) = 0x40;
+ len = *(p++);
+ len |= ((int)*(p++)) << 8;
+ len -= 6;
+ control = p[len + 1];
+ if (control & 0x20)
+ len++;
+ /* ??? This overwrites the data following the buffer.
+ Don't know what real hardware does. */
+ if (len < 64 && (s->tcr & TCR_PAD_EN)) {
+ memset(p + len, 0, 64 - len);
+ len = 64;
+ }
+#if 0
+ {
+ int add_crc;
+
+ /* The card is supposed to append the CRC to the frame.
+ However none of the other network traffic has the CRC
+ appended. Suspect this is low level ethernet detail we
+ don't need to worry about. */
+ add_crc = (control & 0x10) || (s->tcr & TCR_NOCRC) == 0;
+ if (add_crc) {
+ uint32_t crc;
+
+ crc = crc32(~0, p, len);
+ memcpy(p + len, &crc, 4);
+ len += 4;
+ }
+ }
+#endif
+ if (s->ctr & CTR_AUTO_RELEASE)
+ /* Race? */
+ smc91c111_release_packet(s, packetnum);
+ else if (s->tx_fifo_done_len < NUM_PACKETS)
+ s->tx_fifo_done[s->tx_fifo_done_len++] = packetnum;
+ qemu_send_packet(qemu_get_queue(s->nic), p, len);
+ }
+ s->tx_fifo_len = 0;
+ smc91c111_update(s);
+}
+
+/* Add a packet to the TX FIFO. */
+static void smc91c111_queue_tx(smc91c111_state *s, int packet)
+{
+ if (s->tx_fifo_len == NUM_PACKETS)
+ return;
+ s->tx_fifo[s->tx_fifo_len++] = packet;
+ smc91c111_do_tx(s);
+}
+
+static void smc91c111_reset(DeviceState *dev)
+{
+ smc91c111_state *s = SMC91C111(dev);
+
+ s->bank = 0;
+ s->tx_fifo_len = 0;
+ s->tx_fifo_done_len = 0;
+ s->rx_fifo_len = 0;
+ s->allocated = 0;
+ s->packet_num = 0;
+ s->tx_alloc = 0;
+ s->tcr = 0;
+ s->rcr = 0;
+ s->cr = 0xa0b1;
+ s->ctr = 0x1210;
+ s->ptr = 0;
+ s->ercv = 0x1f;
+ s->int_level = INT_TX_EMPTY;
+ s->int_mask = 0;
+ smc91c111_update(s);
+}
+
+#define SET_LOW(name, val) s->name = (s->name & 0xff00) | val
+#define SET_HIGH(name, val) s->name = (s->name & 0xff) | (val << 8)
+
+static void smc91c111_writeb(void *opaque, hwaddr offset,
+ uint32_t value)
+{
+ smc91c111_state *s = (smc91c111_state *)opaque;
+
+ offset = offset & 0xf;
+ if (offset == 14) {
+ s->bank = value;
+ return;
+ }
+ if (offset == 15)
+ return;
+ switch (s->bank) {
+ case 0:
+ switch (offset) {
+ case 0: /* TCR */
+ SET_LOW(tcr, value);
+ return;
+ case 1:
+ SET_HIGH(tcr, value);
+ return;
+ case 4: /* RCR */
+ SET_LOW(rcr, value);
+ return;
+ case 5:
+ SET_HIGH(rcr, value);
+ if (s->rcr & RCR_SOFT_RST) {
+ smc91c111_reset(DEVICE(s));
+ }
+ return;
+ case 10: case 11: /* RPCR */
+ /* Ignored */
+ return;
+ case 12: case 13: /* Reserved */
+ return;
+ }
+ break;
+
+ case 1:
+ switch (offset) {
+ case 0: /* CONFIG */
+ SET_LOW(cr, value);
+ return;
+ case 1:
+ SET_HIGH(cr,value);
+ return;
+ case 2: case 3: /* BASE */
+ case 4: case 5: case 6: case 7: case 8: case 9: /* IA */
+ /* Not implemented. */
+ return;
+ case 10: /* Genral Purpose */
+ SET_LOW(gpr, value);
+ return;
+ case 11:
+ SET_HIGH(gpr, value);
+ return;
+ case 12: /* Control */
+ if (value & 1)
+ fprintf(stderr, "smc91c111:EEPROM store not implemented\n");
+ if (value & 2)
+ fprintf(stderr, "smc91c111:EEPROM reload not implemented\n");
+ value &= ~3;
+ SET_LOW(ctr, value);
+ return;
+ case 13:
+ SET_HIGH(ctr, value);
+ return;
+ }
+ break;
+
+ case 2:
+ switch (offset) {
+ case 0: /* MMU Command */
+ switch (value >> 5) {
+ case 0: /* no-op */
+ break;
+ case 1: /* Allocate for TX. */
+ s->tx_alloc = 0x80;
+ s->int_level &= ~INT_ALLOC;
+ smc91c111_update(s);
+ smc91c111_tx_alloc(s);
+ break;
+ case 2: /* Reset MMU. */
+ s->allocated = 0;
+ s->tx_fifo_len = 0;
+ s->tx_fifo_done_len = 0;
+ s->rx_fifo_len = 0;
+ s->tx_alloc = 0;
+ break;
+ case 3: /* Remove from RX FIFO. */
+ smc91c111_pop_rx_fifo(s);
+ break;
+ case 4: /* Remove from RX FIFO and release. */
+ if (s->rx_fifo_len > 0) {
+ smc91c111_release_packet(s, s->rx_fifo[0]);
+ }
+ smc91c111_pop_rx_fifo(s);
+ break;
+ case 5: /* Release. */
+ smc91c111_release_packet(s, s->packet_num);
+ break;
+ case 6: /* Add to TX FIFO. */
+ smc91c111_queue_tx(s, s->packet_num);
+ break;
+ case 7: /* Reset TX FIFO. */
+ s->tx_fifo_len = 0;
+ s->tx_fifo_done_len = 0;
+ break;
+ }
+ return;
+ case 1:
+ /* Ignore. */
+ return;
+ case 2: /* Packet Number Register */
+ s->packet_num = value;
+ return;
+ case 3: case 4: case 5:
+ /* Should be readonly, but linux writes to them anyway. Ignore. */
+ return;
+ case 6: /* Pointer */
+ SET_LOW(ptr, value);
+ return;
+ case 7:
+ SET_HIGH(ptr, value);
+ return;
+ case 8: case 9: case 10: case 11: /* Data */
+ {
+ int p;
+ int n;
+
+ if (s->ptr & 0x8000)
+ n = s->rx_fifo[0];
+ else
+ n = s->packet_num;
+ p = s->ptr & 0x07ff;
+ if (s->ptr & 0x4000) {
+ s->ptr = (s->ptr & 0xf800) | ((s->ptr + 1) & 0x7ff);
+ } else {
+ p += (offset & 3);
+ }
+ s->data[n][p] = value;
+ }
+ return;
+ case 12: /* Interrupt ACK. */
+ s->int_level &= ~(value & 0xd6);
+ if (value & INT_TX)
+ smc91c111_pop_tx_fifo_done(s);
+ smc91c111_update(s);
+ return;
+ case 13: /* Interrupt mask. */
+ s->int_mask = value;
+ smc91c111_update(s);
+ return;
+ }
+ break;
+
+ case 3:
+ switch (offset) {
+ case 0: case 1: case 2: case 3: case 4: case 5: case 6: case 7:
+ /* Multicast table. */
+ /* Not implemented. */
+ return;
+ case 8: case 9: /* Management Interface. */
+ /* Not implemented. */
+ return;
+ case 12: /* Early receive. */
+ s->ercv = value & 0x1f;
+ return;
+ case 13:
+ /* Ignore. */
+ return;
+ }
+ break;
+ }
+ hw_error("smc91c111_write: Bad reg %d:%x\n", s->bank, (int)offset);
+}
+
+static uint32_t smc91c111_readb(void *opaque, hwaddr offset)
+{
+ smc91c111_state *s = (smc91c111_state *)opaque;
+
+ offset = offset & 0xf;
+ if (offset == 14) {
+ return s->bank;
+ }
+ if (offset == 15)
+ return 0x33;
+ switch (s->bank) {
+ case 0:
+ switch (offset) {
+ case 0: /* TCR */
+ return s->tcr & 0xff;
+ case 1:
+ return s->tcr >> 8;
+ case 2: /* EPH Status */
+ return 0;
+ case 3:
+ return 0x40;
+ case 4: /* RCR */
+ return s->rcr & 0xff;
+ case 5:
+ return s->rcr >> 8;
+ case 6: /* Counter */
+ case 7:
+ /* Not implemented. */
+ return 0;
+ case 8: /* Memory size. */
+ return NUM_PACKETS;
+ case 9: /* Free memory available. */
+ {
+ int i;
+ int n;
+ n = 0;
+ for (i = 0; i < NUM_PACKETS; i++) {
+ if (s->allocated & (1 << i))
+ n++;
+ }
+ return n;
+ }
+ case 10: case 11: /* RPCR */
+ /* Not implemented. */
+ return 0;
+ case 12: case 13: /* Reserved */
+ return 0;
+ }
+ break;
+
+ case 1:
+ switch (offset) {
+ case 0: /* CONFIG */
+ return s->cr & 0xff;
+ case 1:
+ return s->cr >> 8;
+ case 2: case 3: /* BASE */
+ /* Not implemented. */
+ return 0;
+ case 4: case 5: case 6: case 7: case 8: case 9: /* IA */
+ return s->conf.macaddr.a[offset - 4];
+ case 10: /* General Purpose */
+ return s->gpr & 0xff;
+ case 11:
+ return s->gpr >> 8;
+ case 12: /* Control */
+ return s->ctr & 0xff;
+ case 13:
+ return s->ctr >> 8;
+ }
+ break;
+
+ case 2:
+ switch (offset) {
+ case 0: case 1: /* MMUCR Busy bit. */
+ return 0;
+ case 2: /* Packet Number. */
+ return s->packet_num;
+ case 3: /* Allocation Result. */
+ return s->tx_alloc;
+ case 4: /* TX FIFO */
+ if (s->tx_fifo_done_len == 0)
+ return 0x80;
+ else
+ return s->tx_fifo_done[0];
+ case 5: /* RX FIFO */
+ if (s->rx_fifo_len == 0)
+ return 0x80;
+ else
+ return s->rx_fifo[0];
+ case 6: /* Pointer */
+ return s->ptr & 0xff;
+ case 7:
+ return (s->ptr >> 8) & 0xf7;
+ case 8: case 9: case 10: case 11: /* Data */
+ {
+ int p;
+ int n;
+
+ if (s->ptr & 0x8000)
+ n = s->rx_fifo[0];
+ else
+ n = s->packet_num;
+ p = s->ptr & 0x07ff;
+ if (s->ptr & 0x4000) {
+ s->ptr = (s->ptr & 0xf800) | ((s->ptr + 1) & 0x07ff);
+ } else {
+ p += (offset & 3);
+ }
+ return s->data[n][p];
+ }
+ case 12: /* Interrupt status. */
+ return s->int_level;
+ case 13: /* Interrupt mask. */
+ return s->int_mask;
+ }
+ break;
+
+ case 3:
+ switch (offset) {
+ case 0: case 1: case 2: case 3: case 4: case 5: case 6: case 7:
+ /* Multicast table. */
+ /* Not implemented. */
+ return 0;
+ case 8: /* Management Interface. */
+ /* Not implemented. */
+ return 0x30;
+ case 9:
+ return 0x33;
+ case 10: /* Revision. */
+ return 0x91;
+ case 11:
+ return 0x33;
+ case 12:
+ return s->ercv;
+ case 13:
+ return 0;
+ }
+ break;
+ }
+ hw_error("smc91c111_read: Bad reg %d:%x\n", s->bank, (int)offset);
+ return 0;
+}
+
+static void smc91c111_writew(void *opaque, hwaddr offset,
+ uint32_t value)
+{
+ smc91c111_writeb(opaque, offset, value & 0xff);
+ smc91c111_writeb(opaque, offset + 1, value >> 8);
+}
+
+static void smc91c111_writel(void *opaque, hwaddr offset,
+ uint32_t value)
+{
+ /* 32-bit writes to offset 0xc only actually write to the bank select
+ register (offset 0xe) */
+ if (offset != 0xc)
+ smc91c111_writew(opaque, offset, value & 0xffff);
+ smc91c111_writew(opaque, offset + 2, value >> 16);
+}
+
+static uint32_t smc91c111_readw(void *opaque, hwaddr offset)
+{
+ uint32_t val;
+ val = smc91c111_readb(opaque, offset);
+ val |= smc91c111_readb(opaque, offset + 1) << 8;
+ return val;
+}
+
+static uint32_t smc91c111_readl(void *opaque, hwaddr offset)
+{
+ uint32_t val;
+ val = smc91c111_readw(opaque, offset);
+ val |= smc91c111_readw(opaque, offset + 2) << 16;
+ return val;
+}
+
+static int smc91c111_can_receive(NetClientState *nc)
+{
+ smc91c111_state *s = qemu_get_nic_opaque(nc);
+
+ if ((s->rcr & RCR_RXEN) == 0 || (s->rcr & RCR_SOFT_RST))
+ return 1;
+ if (s->allocated == (1 << NUM_PACKETS) - 1)
+ return 0;
+ return 1;
+}
+
+static ssize_t smc91c111_receive(NetClientState *nc, const uint8_t *buf, size_t size)
+{
+ smc91c111_state *s = qemu_get_nic_opaque(nc);
+ int status;
+ int packetsize;
+ uint32_t crc;
+ int packetnum;
+ uint8_t *p;
+
+ if ((s->rcr & RCR_RXEN) == 0 || (s->rcr & RCR_SOFT_RST))
+ return -1;
+ /* Short packets are padded with zeros. Receiving a packet
+ < 64 bytes long is considered an error condition. */
+ if (size < 64)
+ packetsize = 64;
+ else
+ packetsize = (size & ~1);
+ packetsize += 6;
+ crc = (s->rcr & RCR_STRIP_CRC) == 0;
+ if (crc)
+ packetsize += 4;
+ /* TODO: Flag overrun and receive errors. */
+ if (packetsize > 2048)
+ return -1;
+ packetnum = smc91c111_allocate_packet(s);
+ if (packetnum == 0x80)
+ return -1;
+ s->rx_fifo[s->rx_fifo_len++] = packetnum;
+
+ p = &s->data[packetnum][0];
+ /* ??? Multicast packets? */
+ status = 0;
+ if (size > 1518)
+ status |= RS_TOOLONG;
+ if (size & 1)
+ status |= RS_ODDFRAME;
+ *(p++) = status & 0xff;
+ *(p++) = status >> 8;
+ *(p++) = packetsize & 0xff;
+ *(p++) = packetsize >> 8;
+ memcpy(p, buf, size & ~1);
+ p += (size & ~1);
+ /* Pad short packets. */
+ if (size < 64) {
+ int pad;
+
+ if (size & 1)
+ *(p++) = buf[size - 1];
+ pad = 64 - size;
+ memset(p, 0, pad);
+ p += pad;
+ size = 64;
+ }
+ /* It's not clear if the CRC should go before or after the last byte in
+ odd sized packets. Linux disables the CRC, so that's no help.
+ The pictures in the documentation show the CRC aligned on a 16-bit
+ boundary before the last odd byte, so that's what we do. */
+ if (crc) {
+ crc = crc32(~0, buf, size);
+ *(p++) = crc & 0xff; crc >>= 8;
+ *(p++) = crc & 0xff; crc >>= 8;
+ *(p++) = crc & 0xff; crc >>= 8;
+ *(p++) = crc & 0xff;
+ }
+ if (size & 1) {
+ *(p++) = buf[size - 1];
+ *p = 0x60;
+ } else {
+ *(p++) = 0;
+ *p = 0x40;
+ }
+ /* TODO: Raise early RX interrupt? */
+ s->int_level |= INT_RCV;
+ smc91c111_update(s);
+
+ return size;
+}
+
+static const MemoryRegionOps smc91c111_mem_ops = {
+ /* The special case for 32 bit writes to 0xc means we can't just
+ * set .impl.min/max_access_size to 1, unfortunately
+ */
+ .old_mmio = {
+ .read = { smc91c111_readb, smc91c111_readw, smc91c111_readl, },
+ .write = { smc91c111_writeb, smc91c111_writew, smc91c111_writel, },
+ },
+ .endianness = DEVICE_NATIVE_ENDIAN,
+};
+
+static void smc91c111_cleanup(NetClientState *nc)
+{
+ smc91c111_state *s = qemu_get_nic_opaque(nc);
+
+ s->nic = NULL;
+}
+
+static NetClientInfo net_smc91c111_info = {
+ .type = NET_CLIENT_OPTIONS_KIND_NIC,
+ .size = sizeof(NICState),
+ .can_receive = smc91c111_can_receive,
+ .receive = smc91c111_receive,
+ .cleanup = smc91c111_cleanup,
+};
+
+static int smc91c111_init1(SysBusDevice *sbd)
+{
+ DeviceState *dev = DEVICE(sbd);
+ smc91c111_state *s = SMC91C111(dev);
+
+ memory_region_init_io(&s->mmio, OBJECT(s), &smc91c111_mem_ops, s,
+ "smc91c111-mmio", 16);
+ sysbus_init_mmio(sbd, &s->mmio);
+ sysbus_init_irq(sbd, &s->irq);
+ qemu_macaddr_default_if_unset(&s->conf.macaddr);
+ s->nic = qemu_new_nic(&net_smc91c111_info, &s->conf,
+ object_get_typename(OBJECT(dev)), dev->id, s);
+ qemu_format_nic_info_str(qemu_get_queue(s->nic), s->conf.macaddr.a);
+ /* ??? Save/restore. */
+ return 0;
+}
+
+static Property smc91c111_properties[] = {
+ DEFINE_NIC_PROPERTIES(smc91c111_state, conf),
+ DEFINE_PROP_END_OF_LIST(),
+};
+
+static void smc91c111_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
+
+ k->init = smc91c111_init1;
+ dc->reset = smc91c111_reset;
+ dc->vmsd = &vmstate_smc91c111;
+ dc->props = smc91c111_properties;
+}
+
+static const TypeInfo smc91c111_info = {
+ .name = TYPE_SMC91C111,
+ .parent = TYPE_SYS_BUS_DEVICE,
+ .instance_size = sizeof(smc91c111_state),
+ .class_init = smc91c111_class_init,
+};
+
+static void smc91c111_register_types(void)
+{
+ type_register_static(&smc91c111_info);
+}
+
+/* Legacy helper function. Should go away when machine config files are
+ implemented. */
+void smc91c111_init(NICInfo *nd, uint32_t base, qemu_irq irq)
+{
+ DeviceState *dev;
+ SysBusDevice *s;
+
+ qemu_check_nic_model(nd, "smc91c111");
+ dev = qdev_create(NULL, TYPE_SMC91C111);
+ qdev_set_nic_properties(dev, nd);
+ qdev_init_nofail(dev);
+ s = SYS_BUS_DEVICE(dev);
+ sysbus_mmio_map(s, 0, base);
+ sysbus_connect_irq(s, 0, irq);
+}
+
+type_init(smc91c111_register_types)
diff --git a/hw/net/spapr_llan.c b/hw/net/spapr_llan.c
new file mode 100644
index 000000000..4ff04113d
--- /dev/null
+++ b/hw/net/spapr_llan.c
@@ -0,0 +1,557 @@
+/*
+ * QEMU PowerPC pSeries Logical Partition (aka sPAPR) hardware System Emulator
+ *
+ * PAPR Inter-VM Logical Lan, aka ibmveth
+ *
+ * Copyright (c) 2010,2011 David Gibson, IBM Corporation.
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ *
+ */
+#include "hw/hw.h"
+#include "net/net.h"
+#include "hw/qdev.h"
+#include "hw/ppc/spapr.h"
+#include "hw/ppc/spapr_vio.h"
+
+#include <libfdt.h>
+
+#define ETH_ALEN 6
+#define MAX_PACKET_SIZE 65536
+
+/*#define DEBUG*/
+
+#ifdef DEBUG
+#define DPRINTF(fmt...) do { fprintf(stderr, fmt); } while (0)
+#else
+#define DPRINTF(fmt...)
+#endif
+
+/*
+ * Virtual LAN device
+ */
+
+typedef uint64_t vlan_bd_t;
+
+#define VLAN_BD_VALID 0x8000000000000000ULL
+#define VLAN_BD_TOGGLE 0x4000000000000000ULL
+#define VLAN_BD_NO_CSUM 0x0200000000000000ULL
+#define VLAN_BD_CSUM_GOOD 0x0100000000000000ULL
+#define VLAN_BD_LEN_MASK 0x00ffffff00000000ULL
+#define VLAN_BD_LEN(bd) (((bd) & VLAN_BD_LEN_MASK) >> 32)
+#define VLAN_BD_ADDR_MASK 0x00000000ffffffffULL
+#define VLAN_BD_ADDR(bd) ((bd) & VLAN_BD_ADDR_MASK)
+
+#define VLAN_VALID_BD(addr, len) (VLAN_BD_VALID | \
+ (((len) << 32) & VLAN_BD_LEN_MASK) | \
+ (addr & VLAN_BD_ADDR_MASK))
+
+#define VLAN_RXQC_TOGGLE 0x80
+#define VLAN_RXQC_VALID 0x40
+#define VLAN_RXQC_NO_CSUM 0x02
+#define VLAN_RXQC_CSUM_GOOD 0x01
+
+#define VLAN_RQ_ALIGNMENT 16
+#define VLAN_RXQ_BD_OFF 0
+#define VLAN_FILTER_BD_OFF 8
+#define VLAN_RX_BDS_OFF 16
+#define VLAN_MAX_BUFS ((SPAPR_TCE_PAGE_SIZE - VLAN_RX_BDS_OFF) / 8)
+
+#define TYPE_VIO_SPAPR_VLAN_DEVICE "spapr-vlan"
+#define VIO_SPAPR_VLAN_DEVICE(obj) \
+ OBJECT_CHECK(VIOsPAPRVLANDevice, (obj), TYPE_VIO_SPAPR_VLAN_DEVICE)
+
+typedef struct VIOsPAPRVLANDevice {
+ VIOsPAPRDevice sdev;
+ NICConf nicconf;
+ NICState *nic;
+ bool isopen;
+ target_ulong buf_list;
+ uint32_t add_buf_ptr, use_buf_ptr, rx_bufs;
+ target_ulong rxq_ptr;
+} VIOsPAPRVLANDevice;
+
+static int spapr_vlan_can_receive(NetClientState *nc)
+{
+ VIOsPAPRVLANDevice *dev = qemu_get_nic_opaque(nc);
+
+ return (dev->isopen && dev->rx_bufs > 0);
+}
+
+static ssize_t spapr_vlan_receive(NetClientState *nc, const uint8_t *buf,
+ size_t size)
+{
+ VIOsPAPRVLANDevice *dev = qemu_get_nic_opaque(nc);
+ VIOsPAPRDevice *sdev = VIO_SPAPR_DEVICE(dev);
+ vlan_bd_t rxq_bd = vio_ldq(sdev, dev->buf_list + VLAN_RXQ_BD_OFF);
+ vlan_bd_t bd;
+ int buf_ptr = dev->use_buf_ptr;
+ uint64_t handle;
+ uint8_t control;
+
+ DPRINTF("spapr_vlan_receive() [%s] rx_bufs=%d\n", sdev->qdev.id,
+ dev->rx_bufs);
+
+ if (!dev->isopen) {
+ return -1;
+ }
+
+ if (!dev->rx_bufs) {
+ return -1;
+ }
+
+ do {
+ buf_ptr += 8;
+ if (buf_ptr >= SPAPR_TCE_PAGE_SIZE) {
+ buf_ptr = VLAN_RX_BDS_OFF;
+ }
+
+ bd = vio_ldq(sdev, dev->buf_list + buf_ptr);
+ DPRINTF("use_buf_ptr=%d bd=0x%016llx\n",
+ buf_ptr, (unsigned long long)bd);
+ } while ((!(bd & VLAN_BD_VALID) || (VLAN_BD_LEN(bd) < (size + 8)))
+ && (buf_ptr != dev->use_buf_ptr));
+
+ if (!(bd & VLAN_BD_VALID) || (VLAN_BD_LEN(bd) < (size + 8))) {
+ /* Failed to find a suitable buffer */
+ return -1;
+ }
+
+ /* Remove the buffer from the pool */
+ dev->rx_bufs--;
+ dev->use_buf_ptr = buf_ptr;
+ vio_stq(sdev, dev->buf_list + dev->use_buf_ptr, 0);
+
+ DPRINTF("Found buffer: ptr=%d num=%d\n", dev->use_buf_ptr, dev->rx_bufs);
+
+ /* Transfer the packet data */
+ if (spapr_vio_dma_write(sdev, VLAN_BD_ADDR(bd) + 8, buf, size) < 0) {
+ return -1;
+ }
+
+ DPRINTF("spapr_vlan_receive: DMA write completed\n");
+
+ /* Update the receive queue */
+ control = VLAN_RXQC_TOGGLE | VLAN_RXQC_VALID;
+ if (rxq_bd & VLAN_BD_TOGGLE) {
+ control ^= VLAN_RXQC_TOGGLE;
+ }
+
+ handle = vio_ldq(sdev, VLAN_BD_ADDR(bd));
+ vio_stq(sdev, VLAN_BD_ADDR(rxq_bd) + dev->rxq_ptr + 8, handle);
+ vio_stl(sdev, VLAN_BD_ADDR(rxq_bd) + dev->rxq_ptr + 4, size);
+ vio_sth(sdev, VLAN_BD_ADDR(rxq_bd) + dev->rxq_ptr + 2, 8);
+ vio_stb(sdev, VLAN_BD_ADDR(rxq_bd) + dev->rxq_ptr, control);
+
+ DPRINTF("wrote rxq entry (ptr=0x%llx): 0x%016llx 0x%016llx\n",
+ (unsigned long long)dev->rxq_ptr,
+ (unsigned long long)vio_ldq(sdev, VLAN_BD_ADDR(rxq_bd) +
+ dev->rxq_ptr),
+ (unsigned long long)vio_ldq(sdev, VLAN_BD_ADDR(rxq_bd) +
+ dev->rxq_ptr + 8));
+
+ dev->rxq_ptr += 16;
+ if (dev->rxq_ptr >= VLAN_BD_LEN(rxq_bd)) {
+ dev->rxq_ptr = 0;
+ vio_stq(sdev, dev->buf_list + VLAN_RXQ_BD_OFF, rxq_bd ^ VLAN_BD_TOGGLE);
+ }
+
+ if (sdev->signal_state & 1) {
+ qemu_irq_pulse(spapr_vio_qirq(sdev));
+ }
+
+ return size;
+}
+
+static void spapr_vlan_cleanup(NetClientState *nc)
+{
+ VIOsPAPRVLANDevice *dev = qemu_get_nic_opaque(nc);
+
+ dev->nic = NULL;
+}
+
+static NetClientInfo net_spapr_vlan_info = {
+ .type = NET_CLIENT_OPTIONS_KIND_NIC,
+ .size = sizeof(NICState),
+ .can_receive = spapr_vlan_can_receive,
+ .receive = spapr_vlan_receive,
+ .cleanup = spapr_vlan_cleanup,
+};
+
+static void spapr_vlan_reset(VIOsPAPRDevice *sdev)
+{
+ VIOsPAPRVLANDevice *dev = VIO_SPAPR_VLAN_DEVICE(sdev);
+
+ dev->buf_list = 0;
+ dev->rx_bufs = 0;
+ dev->isopen = 0;
+}
+
+static int spapr_vlan_init(VIOsPAPRDevice *sdev)
+{
+ VIOsPAPRVLANDevice *dev = VIO_SPAPR_VLAN_DEVICE(sdev);
+
+ qemu_macaddr_default_if_unset(&dev->nicconf.macaddr);
+
+ dev->nic = qemu_new_nic(&net_spapr_vlan_info, &dev->nicconf,
+ object_get_typename(OBJECT(sdev)), sdev->qdev.id, dev);
+ qemu_format_nic_info_str(qemu_get_queue(dev->nic), dev->nicconf.macaddr.a);
+
+ return 0;
+}
+
+void spapr_vlan_create(VIOsPAPRBus *bus, NICInfo *nd)
+{
+ DeviceState *dev;
+
+ dev = qdev_create(&bus->bus, "spapr-vlan");
+
+ qdev_set_nic_properties(dev, nd);
+
+ qdev_init_nofail(dev);
+}
+
+static int spapr_vlan_devnode(VIOsPAPRDevice *dev, void *fdt, int node_off)
+{
+ VIOsPAPRVLANDevice *vdev = VIO_SPAPR_VLAN_DEVICE(dev);
+ uint8_t padded_mac[8] = {0, 0};
+ int ret;
+
+ /* Some old phyp versions give the mac address in an 8-byte
+ * property. The kernel driver has an insane workaround for this;
+ * rather than doing the obvious thing and checking the property
+ * length, it checks whether the first byte has 0b10 in the low
+ * bits. If a correct 6-byte property has a different first byte
+ * the kernel will get the wrong mac address, overrunning its
+ * buffer in the process (read only, thank goodness).
+ *
+ * Here we workaround the kernel workaround by always supplying an
+ * 8-byte property, with the mac address in the last six bytes */
+ memcpy(&padded_mac[2], &vdev->nicconf.macaddr, ETH_ALEN);
+ ret = fdt_setprop(fdt, node_off, "local-mac-address",
+ padded_mac, sizeof(padded_mac));
+ if (ret < 0) {
+ return ret;
+ }
+
+ ret = fdt_setprop_cell(fdt, node_off, "ibm,mac-address-filters", 0);
+ if (ret < 0) {
+ return ret;
+ }
+
+ return 0;
+}
+
+static int check_bd(VIOsPAPRVLANDevice *dev, vlan_bd_t bd,
+ target_ulong alignment)
+{
+ if ((VLAN_BD_ADDR(bd) % alignment)
+ || (VLAN_BD_LEN(bd) % alignment)) {
+ return -1;
+ }
+
+ if (!spapr_vio_dma_valid(&dev->sdev, VLAN_BD_ADDR(bd),
+ VLAN_BD_LEN(bd), DMA_DIRECTION_FROM_DEVICE)
+ || !spapr_vio_dma_valid(&dev->sdev, VLAN_BD_ADDR(bd),
+ VLAN_BD_LEN(bd), DMA_DIRECTION_TO_DEVICE)) {
+ return -1;
+ }
+
+ return 0;
+}
+
+static target_ulong h_register_logical_lan(PowerPCCPU *cpu,
+ sPAPREnvironment *spapr,
+ target_ulong opcode,
+ target_ulong *args)
+{
+ target_ulong reg = args[0];
+ target_ulong buf_list = args[1];
+ target_ulong rec_queue = args[2];
+ target_ulong filter_list = args[3];
+ VIOsPAPRDevice *sdev = spapr_vio_find_by_reg(spapr->vio_bus, reg);
+ VIOsPAPRVLANDevice *dev = VIO_SPAPR_VLAN_DEVICE(sdev);
+ vlan_bd_t filter_list_bd;
+
+ if (!dev) {
+ return H_PARAMETER;
+ }
+
+ if (dev->isopen) {
+ hcall_dprintf("H_REGISTER_LOGICAL_LAN called twice without "
+ "H_FREE_LOGICAL_LAN\n");
+ return H_RESOURCE;
+ }
+
+ if (check_bd(dev, VLAN_VALID_BD(buf_list, SPAPR_TCE_PAGE_SIZE),
+ SPAPR_TCE_PAGE_SIZE) < 0) {
+ hcall_dprintf("Bad buf_list 0x" TARGET_FMT_lx "\n", buf_list);
+ return H_PARAMETER;
+ }
+
+ filter_list_bd = VLAN_VALID_BD(filter_list, SPAPR_TCE_PAGE_SIZE);
+ if (check_bd(dev, filter_list_bd, SPAPR_TCE_PAGE_SIZE) < 0) {
+ hcall_dprintf("Bad filter_list 0x" TARGET_FMT_lx "\n", filter_list);
+ return H_PARAMETER;
+ }
+
+ if (!(rec_queue & VLAN_BD_VALID)
+ || (check_bd(dev, rec_queue, VLAN_RQ_ALIGNMENT) < 0)) {
+ hcall_dprintf("Bad receive queue\n");
+ return H_PARAMETER;
+ }
+
+ dev->buf_list = buf_list;
+ sdev->signal_state = 0;
+
+ rec_queue &= ~VLAN_BD_TOGGLE;
+
+ /* Initialize the buffer list */
+ vio_stq(sdev, buf_list, rec_queue);
+ vio_stq(sdev, buf_list + 8, filter_list_bd);
+ spapr_vio_dma_set(sdev, buf_list + VLAN_RX_BDS_OFF, 0,
+ SPAPR_TCE_PAGE_SIZE - VLAN_RX_BDS_OFF);
+ dev->add_buf_ptr = VLAN_RX_BDS_OFF - 8;
+ dev->use_buf_ptr = VLAN_RX_BDS_OFF - 8;
+ dev->rx_bufs = 0;
+ dev->rxq_ptr = 0;
+
+ /* Initialize the receive queue */
+ spapr_vio_dma_set(sdev, VLAN_BD_ADDR(rec_queue), 0, VLAN_BD_LEN(rec_queue));
+
+ dev->isopen = 1;
+ qemu_flush_queued_packets(qemu_get_queue(dev->nic));
+
+ return H_SUCCESS;
+}
+
+
+static target_ulong h_free_logical_lan(PowerPCCPU *cpu, sPAPREnvironment *spapr,
+ target_ulong opcode, target_ulong *args)
+{
+ target_ulong reg = args[0];
+ VIOsPAPRDevice *sdev = spapr_vio_find_by_reg(spapr->vio_bus, reg);
+ VIOsPAPRVLANDevice *dev = VIO_SPAPR_VLAN_DEVICE(sdev);
+
+ if (!dev) {
+ return H_PARAMETER;
+ }
+
+ if (!dev->isopen) {
+ hcall_dprintf("H_FREE_LOGICAL_LAN called without "
+ "H_REGISTER_LOGICAL_LAN\n");
+ return H_RESOURCE;
+ }
+
+ spapr_vlan_reset(sdev);
+ return H_SUCCESS;
+}
+
+static target_ulong h_add_logical_lan_buffer(PowerPCCPU *cpu,
+ sPAPREnvironment *spapr,
+ target_ulong opcode,
+ target_ulong *args)
+{
+ target_ulong reg = args[0];
+ target_ulong buf = args[1];
+ VIOsPAPRDevice *sdev = spapr_vio_find_by_reg(spapr->vio_bus, reg);
+ VIOsPAPRVLANDevice *dev = VIO_SPAPR_VLAN_DEVICE(sdev);
+ vlan_bd_t bd;
+
+ DPRINTF("H_ADD_LOGICAL_LAN_BUFFER(0x" TARGET_FMT_lx
+ ", 0x" TARGET_FMT_lx ")\n", reg, buf);
+
+ if (!sdev) {
+ hcall_dprintf("Bad device\n");
+ return H_PARAMETER;
+ }
+
+ if ((check_bd(dev, buf, 4) < 0)
+ || (VLAN_BD_LEN(buf) < 16)) {
+ hcall_dprintf("Bad buffer enqueued\n");
+ return H_PARAMETER;
+ }
+
+ if (!dev->isopen || dev->rx_bufs >= VLAN_MAX_BUFS) {
+ return H_RESOURCE;
+ }
+
+ do {
+ dev->add_buf_ptr += 8;
+ if (dev->add_buf_ptr >= SPAPR_TCE_PAGE_SIZE) {
+ dev->add_buf_ptr = VLAN_RX_BDS_OFF;
+ }
+
+ bd = vio_ldq(sdev, dev->buf_list + dev->add_buf_ptr);
+ } while (bd & VLAN_BD_VALID);
+
+ vio_stq(sdev, dev->buf_list + dev->add_buf_ptr, buf);
+
+ dev->rx_bufs++;
+
+ DPRINTF("h_add_logical_lan_buffer(): Added buf ptr=%d rx_bufs=%d"
+ " bd=0x%016llx\n", dev->add_buf_ptr, dev->rx_bufs,
+ (unsigned long long)buf);
+
+ return H_SUCCESS;
+}
+
+static target_ulong h_send_logical_lan(PowerPCCPU *cpu, sPAPREnvironment *spapr,
+ target_ulong opcode, target_ulong *args)
+{
+ target_ulong reg = args[0];
+ target_ulong *bufs = args + 1;
+ target_ulong continue_token = args[7];
+ VIOsPAPRDevice *sdev = spapr_vio_find_by_reg(spapr->vio_bus, reg);
+ VIOsPAPRVLANDevice *dev = VIO_SPAPR_VLAN_DEVICE(sdev);
+ unsigned total_len;
+ uint8_t *lbuf, *p;
+ int i, nbufs;
+ int ret;
+
+ DPRINTF("H_SEND_LOGICAL_LAN(0x" TARGET_FMT_lx ", <bufs>, 0x"
+ TARGET_FMT_lx ")\n", reg, continue_token);
+
+ if (!sdev) {
+ return H_PARAMETER;
+ }
+
+ DPRINTF("rxbufs = %d\n", dev->rx_bufs);
+
+ if (!dev->isopen) {
+ return H_DROPPED;
+ }
+
+ if (continue_token) {
+ return H_HARDWARE; /* FIXME actually handle this */
+ }
+
+ total_len = 0;
+ for (i = 0; i < 6; i++) {
+ DPRINTF(" buf desc: 0x" TARGET_FMT_lx "\n", bufs[i]);
+ if (!(bufs[i] & VLAN_BD_VALID)) {
+ break;
+ }
+ total_len += VLAN_BD_LEN(bufs[i]);
+ }
+
+ nbufs = i;
+ DPRINTF("h_send_logical_lan() %d buffers, total length 0x%x\n",
+ nbufs, total_len);
+
+ if (total_len == 0) {
+ return H_SUCCESS;
+ }
+
+ if (total_len > MAX_PACKET_SIZE) {
+ /* Don't let the guest force too large an allocation */
+ return H_RESOURCE;
+ }
+
+ lbuf = alloca(total_len);
+ p = lbuf;
+ for (i = 0; i < nbufs; i++) {
+ ret = spapr_vio_dma_read(sdev, VLAN_BD_ADDR(bufs[i]),
+ p, VLAN_BD_LEN(bufs[i]));
+ if (ret < 0) {
+ return ret;
+ }
+
+ p += VLAN_BD_LEN(bufs[i]);
+ }
+
+ qemu_send_packet(qemu_get_queue(dev->nic), lbuf, total_len);
+
+ return H_SUCCESS;
+}
+
+static target_ulong h_multicast_ctrl(PowerPCCPU *cpu, sPAPREnvironment *spapr,
+ target_ulong opcode, target_ulong *args)
+{
+ target_ulong reg = args[0];
+ VIOsPAPRDevice *dev = spapr_vio_find_by_reg(spapr->vio_bus, reg);
+
+ if (!dev) {
+ return H_PARAMETER;
+ }
+
+ return H_SUCCESS;
+}
+
+static Property spapr_vlan_properties[] = {
+ DEFINE_SPAPR_PROPERTIES(VIOsPAPRVLANDevice, sdev),
+ DEFINE_NIC_PROPERTIES(VIOsPAPRVLANDevice, nicconf),
+ DEFINE_PROP_END_OF_LIST(),
+};
+
+static const VMStateDescription vmstate_spapr_llan = {
+ .name = "spapr_llan",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .minimum_version_id_old = 1,
+ .fields = (VMStateField []) {
+ VMSTATE_SPAPR_VIO(sdev, VIOsPAPRVLANDevice),
+ /* LLAN state */
+ VMSTATE_BOOL(isopen, VIOsPAPRVLANDevice),
+ VMSTATE_UINTTL(buf_list, VIOsPAPRVLANDevice),
+ VMSTATE_UINT32(add_buf_ptr, VIOsPAPRVLANDevice),
+ VMSTATE_UINT32(use_buf_ptr, VIOsPAPRVLANDevice),
+ VMSTATE_UINT32(rx_bufs, VIOsPAPRVLANDevice),
+ VMSTATE_UINTTL(rxq_ptr, VIOsPAPRVLANDevice),
+
+ VMSTATE_END_OF_LIST()
+ },
+};
+
+static void spapr_vlan_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ VIOsPAPRDeviceClass *k = VIO_SPAPR_DEVICE_CLASS(klass);
+
+ k->init = spapr_vlan_init;
+ k->reset = spapr_vlan_reset;
+ k->devnode = spapr_vlan_devnode;
+ k->dt_name = "l-lan";
+ k->dt_type = "network";
+ k->dt_compatible = "IBM,l-lan";
+ k->signal_mask = 0x1;
+ dc->props = spapr_vlan_properties;
+ k->rtce_window_size = 0x10000000;
+ dc->vmsd = &vmstate_spapr_llan;
+}
+
+static const TypeInfo spapr_vlan_info = {
+ .name = TYPE_VIO_SPAPR_VLAN_DEVICE,
+ .parent = TYPE_VIO_SPAPR_DEVICE,
+ .instance_size = sizeof(VIOsPAPRVLANDevice),
+ .class_init = spapr_vlan_class_init,
+};
+
+static void spapr_vlan_register_types(void)
+{
+ spapr_register_hypercall(H_REGISTER_LOGICAL_LAN, h_register_logical_lan);
+ spapr_register_hypercall(H_FREE_LOGICAL_LAN, h_free_logical_lan);
+ spapr_register_hypercall(H_SEND_LOGICAL_LAN, h_send_logical_lan);
+ spapr_register_hypercall(H_ADD_LOGICAL_LAN_BUFFER,
+ h_add_logical_lan_buffer);
+ spapr_register_hypercall(H_MULTICAST_CTRL, h_multicast_ctrl);
+ type_register_static(&spapr_vlan_info);
+}
+
+type_init(spapr_vlan_register_types)
diff --git a/hw/net/stellaris_enet.c b/hw/net/stellaris_enet.c
new file mode 100644
index 000000000..9dd77f757
--- /dev/null
+++ b/hw/net/stellaris_enet.c
@@ -0,0 +1,462 @@
+/*
+ * Luminary Micro Stellaris Ethernet Controller
+ *
+ * Copyright (c) 2007 CodeSourcery.
+ * Written by Paul Brook
+ *
+ * This code is licensed under the GPL.
+ */
+#include "hw/sysbus.h"
+#include "net/net.h"
+#include <zlib.h>
+
+//#define DEBUG_STELLARIS_ENET 1
+
+#ifdef DEBUG_STELLARIS_ENET
+#define DPRINTF(fmt, ...) \
+do { printf("stellaris_enet: " fmt , ## __VA_ARGS__); } while (0)
+#define BADF(fmt, ...) \
+do { fprintf(stderr, "stellaris_enet: error: " fmt , ## __VA_ARGS__); exit(1);} while (0)
+#else
+#define DPRINTF(fmt, ...) do {} while(0)
+#define BADF(fmt, ...) \
+do { fprintf(stderr, "stellaris_enet: error: " fmt , ## __VA_ARGS__);} while (0)
+#endif
+
+#define SE_INT_RX 0x01
+#define SE_INT_TXER 0x02
+#define SE_INT_TXEMP 0x04
+#define SE_INT_FOV 0x08
+#define SE_INT_RXER 0x10
+#define SE_INT_MD 0x20
+#define SE_INT_PHY 0x40
+
+#define SE_RCTL_RXEN 0x01
+#define SE_RCTL_AMUL 0x02
+#define SE_RCTL_PRMS 0x04
+#define SE_RCTL_BADCRC 0x08
+#define SE_RCTL_RSTFIFO 0x10
+
+#define SE_TCTL_TXEN 0x01
+#define SE_TCTL_PADEN 0x02
+#define SE_TCTL_CRC 0x04
+#define SE_TCTL_DUPLEX 0x08
+
+#define TYPE_STELLARIS_ENET "stellaris_enet"
+#define STELLARIS_ENET(obj) \
+ OBJECT_CHECK(stellaris_enet_state, (obj), TYPE_STELLARIS_ENET)
+
+typedef struct {
+ SysBusDevice parent_obj;
+
+ uint32_t ris;
+ uint32_t im;
+ uint32_t rctl;
+ uint32_t tctl;
+ uint32_t thr;
+ uint32_t mctl;
+ uint32_t mdv;
+ uint32_t mtxd;
+ uint32_t mrxd;
+ uint32_t np;
+ int tx_frame_len;
+ int tx_fifo_len;
+ uint8_t tx_fifo[2048];
+ /* Real hardware has a 2k fifo, which works out to be at most 31 packets.
+ We implement a full 31 packet fifo. */
+ struct {
+ uint8_t data[2048];
+ int len;
+ } rx[31];
+ uint8_t *rx_fifo;
+ int rx_fifo_len;
+ int next_packet;
+ NICState *nic;
+ NICConf conf;
+ qemu_irq irq;
+ MemoryRegion mmio;
+} stellaris_enet_state;
+
+static void stellaris_enet_update(stellaris_enet_state *s)
+{
+ qemu_set_irq(s->irq, (s->ris & s->im) != 0);
+}
+
+/* TODO: Implement MAC address filtering. */
+static ssize_t stellaris_enet_receive(NetClientState *nc, const uint8_t *buf, size_t size)
+{
+ stellaris_enet_state *s = qemu_get_nic_opaque(nc);
+ int n;
+ uint8_t *p;
+ uint32_t crc;
+
+ if ((s->rctl & SE_RCTL_RXEN) == 0)
+ return -1;
+ if (s->np >= 31) {
+ DPRINTF("Packet dropped\n");
+ return -1;
+ }
+
+ DPRINTF("Received packet len=%d\n", size);
+ n = s->next_packet + s->np;
+ if (n >= 31)
+ n -= 31;
+ s->np++;
+
+ s->rx[n].len = size + 6;
+ p = s->rx[n].data;
+ *(p++) = (size + 6);
+ *(p++) = (size + 6) >> 8;
+ memcpy (p, buf, size);
+ p += size;
+ crc = crc32(~0, buf, size);
+ *(p++) = crc;
+ *(p++) = crc >> 8;
+ *(p++) = crc >> 16;
+ *(p++) = crc >> 24;
+ /* Clear the remaining bytes in the last word. */
+ if ((size & 3) != 2) {
+ memset(p, 0, (6 - size) & 3);
+ }
+
+ s->ris |= SE_INT_RX;
+ stellaris_enet_update(s);
+
+ return size;
+}
+
+static int stellaris_enet_can_receive(NetClientState *nc)
+{
+ stellaris_enet_state *s = qemu_get_nic_opaque(nc);
+
+ if ((s->rctl & SE_RCTL_RXEN) == 0)
+ return 1;
+
+ return (s->np < 31);
+}
+
+static uint64_t stellaris_enet_read(void *opaque, hwaddr offset,
+ unsigned size)
+{
+ stellaris_enet_state *s = (stellaris_enet_state *)opaque;
+ uint32_t val;
+
+ switch (offset) {
+ case 0x00: /* RIS */
+ DPRINTF("IRQ status %02x\n", s->ris);
+ return s->ris;
+ case 0x04: /* IM */
+ return s->im;
+ case 0x08: /* RCTL */
+ return s->rctl;
+ case 0x0c: /* TCTL */
+ return s->tctl;
+ case 0x10: /* DATA */
+ if (s->rx_fifo_len == 0) {
+ if (s->np == 0) {
+ BADF("RX underflow\n");
+ return 0;
+ }
+ s->rx_fifo_len = s->rx[s->next_packet].len;
+ s->rx_fifo = s->rx[s->next_packet].data;
+ DPRINTF("RX FIFO start packet len=%d\n", s->rx_fifo_len);
+ }
+ val = s->rx_fifo[0] | (s->rx_fifo[1] << 8) | (s->rx_fifo[2] << 16)
+ | (s->rx_fifo[3] << 24);
+ s->rx_fifo += 4;
+ s->rx_fifo_len -= 4;
+ if (s->rx_fifo_len <= 0) {
+ s->rx_fifo_len = 0;
+ s->next_packet++;
+ if (s->next_packet >= 31)
+ s->next_packet = 0;
+ s->np--;
+ DPRINTF("RX done np=%d\n", s->np);
+ }
+ return val;
+ case 0x14: /* IA0 */
+ return s->conf.macaddr.a[0] | (s->conf.macaddr.a[1] << 8)
+ | (s->conf.macaddr.a[2] << 16) | (s->conf.macaddr.a[3] << 24);
+ case 0x18: /* IA1 */
+ return s->conf.macaddr.a[4] | (s->conf.macaddr.a[5] << 8);
+ case 0x1c: /* THR */
+ return s->thr;
+ case 0x20: /* MCTL */
+ return s->mctl;
+ case 0x24: /* MDV */
+ return s->mdv;
+ case 0x28: /* MADD */
+ return 0;
+ case 0x2c: /* MTXD */
+ return s->mtxd;
+ case 0x30: /* MRXD */
+ return s->mrxd;
+ case 0x34: /* NP */
+ return s->np;
+ case 0x38: /* TR */
+ return 0;
+ case 0x3c: /* Undocuented: Timestamp? */
+ return 0;
+ default:
+ hw_error("stellaris_enet_read: Bad offset %x\n", (int)offset);
+ return 0;
+ }
+}
+
+static void stellaris_enet_write(void *opaque, hwaddr offset,
+ uint64_t value, unsigned size)
+{
+ stellaris_enet_state *s = (stellaris_enet_state *)opaque;
+
+ switch (offset) {
+ case 0x00: /* IACK */
+ s->ris &= ~value;
+ DPRINTF("IRQ ack %02x/%02x\n", value, s->ris);
+ stellaris_enet_update(s);
+ /* Clearing TXER also resets the TX fifo. */
+ if (value & SE_INT_TXER)
+ s->tx_frame_len = -1;
+ break;
+ case 0x04: /* IM */
+ DPRINTF("IRQ mask %02x/%02x\n", value, s->ris);
+ s->im = value;
+ stellaris_enet_update(s);
+ break;
+ case 0x08: /* RCTL */
+ s->rctl = value;
+ if (value & SE_RCTL_RSTFIFO) {
+ s->rx_fifo_len = 0;
+ s->np = 0;
+ stellaris_enet_update(s);
+ }
+ break;
+ case 0x0c: /* TCTL */
+ s->tctl = value;
+ break;
+ case 0x10: /* DATA */
+ if (s->tx_frame_len == -1) {
+ s->tx_frame_len = value & 0xffff;
+ if (s->tx_frame_len > 2032) {
+ DPRINTF("TX frame too long (%d)\n", s->tx_frame_len);
+ s->tx_frame_len = 0;
+ s->ris |= SE_INT_TXER;
+ stellaris_enet_update(s);
+ } else {
+ DPRINTF("Start TX frame len=%d\n", s->tx_frame_len);
+ /* The value written does not include the ethernet header. */
+ s->tx_frame_len += 14;
+ if ((s->tctl & SE_TCTL_CRC) == 0)
+ s->tx_frame_len += 4;
+ s->tx_fifo_len = 0;
+ s->tx_fifo[s->tx_fifo_len++] = value >> 16;
+ s->tx_fifo[s->tx_fifo_len++] = value >> 24;
+ }
+ } else {
+ s->tx_fifo[s->tx_fifo_len++] = value;
+ s->tx_fifo[s->tx_fifo_len++] = value >> 8;
+ s->tx_fifo[s->tx_fifo_len++] = value >> 16;
+ s->tx_fifo[s->tx_fifo_len++] = value >> 24;
+ if (s->tx_fifo_len >= s->tx_frame_len) {
+ /* We don't implement explicit CRC, so just chop it off. */
+ if ((s->tctl & SE_TCTL_CRC) == 0)
+ s->tx_frame_len -= 4;
+ if ((s->tctl & SE_TCTL_PADEN) && s->tx_frame_len < 60) {
+ memset(&s->tx_fifo[s->tx_frame_len], 0, 60 - s->tx_frame_len);
+ s->tx_fifo_len = 60;
+ }
+ qemu_send_packet(qemu_get_queue(s->nic), s->tx_fifo,
+ s->tx_frame_len);
+ s->tx_frame_len = -1;
+ s->ris |= SE_INT_TXEMP;
+ stellaris_enet_update(s);
+ DPRINTF("Done TX\n");
+ }
+ }
+ break;
+ case 0x14: /* IA0 */
+ s->conf.macaddr.a[0] = value;
+ s->conf.macaddr.a[1] = value >> 8;
+ s->conf.macaddr.a[2] = value >> 16;
+ s->conf.macaddr.a[3] = value >> 24;
+ break;
+ case 0x18: /* IA1 */
+ s->conf.macaddr.a[4] = value;
+ s->conf.macaddr.a[5] = value >> 8;
+ break;
+ case 0x1c: /* THR */
+ s->thr = value;
+ break;
+ case 0x20: /* MCTL */
+ s->mctl = value;
+ break;
+ case 0x24: /* MDV */
+ s->mdv = value;
+ break;
+ case 0x28: /* MADD */
+ /* ignored. */
+ break;
+ case 0x2c: /* MTXD */
+ s->mtxd = value & 0xff;
+ break;
+ case 0x30: /* MRXD */
+ case 0x34: /* NP */
+ case 0x38: /* TR */
+ /* Ignored. */
+ case 0x3c: /* Undocuented: Timestamp? */
+ /* Ignored. */
+ break;
+ default:
+ hw_error("stellaris_enet_write: Bad offset %x\n", (int)offset);
+ }
+}
+
+static const MemoryRegionOps stellaris_enet_ops = {
+ .read = stellaris_enet_read,
+ .write = stellaris_enet_write,
+ .endianness = DEVICE_NATIVE_ENDIAN,
+};
+
+static void stellaris_enet_reset(stellaris_enet_state *s)
+{
+ s->mdv = 0x80;
+ s->rctl = SE_RCTL_BADCRC;
+ s->im = SE_INT_PHY | SE_INT_MD | SE_INT_RXER | SE_INT_FOV | SE_INT_TXEMP
+ | SE_INT_TXER | SE_INT_RX;
+ s->thr = 0x3f;
+ s->tx_frame_len = -1;
+}
+
+static void stellaris_enet_save(QEMUFile *f, void *opaque)
+{
+ stellaris_enet_state *s = (stellaris_enet_state *)opaque;
+ int i;
+
+ qemu_put_be32(f, s->ris);
+ qemu_put_be32(f, s->im);
+ qemu_put_be32(f, s->rctl);
+ qemu_put_be32(f, s->tctl);
+ qemu_put_be32(f, s->thr);
+ qemu_put_be32(f, s->mctl);
+ qemu_put_be32(f, s->mdv);
+ qemu_put_be32(f, s->mtxd);
+ qemu_put_be32(f, s->mrxd);
+ qemu_put_be32(f, s->np);
+ qemu_put_be32(f, s->tx_frame_len);
+ qemu_put_be32(f, s->tx_fifo_len);
+ qemu_put_buffer(f, s->tx_fifo, sizeof(s->tx_fifo));
+ for (i = 0; i < 31; i++) {
+ qemu_put_be32(f, s->rx[i].len);
+ qemu_put_buffer(f, s->rx[i].data, sizeof(s->rx[i].data));
+
+ }
+ qemu_put_be32(f, s->next_packet);
+ qemu_put_be32(f, s->rx_fifo - s->rx[s->next_packet].data);
+ qemu_put_be32(f, s->rx_fifo_len);
+}
+
+static int stellaris_enet_load(QEMUFile *f, void *opaque, int version_id)
+{
+ stellaris_enet_state *s = (stellaris_enet_state *)opaque;
+ int i;
+
+ if (version_id != 1)
+ return -EINVAL;
+
+ s->ris = qemu_get_be32(f);
+ s->im = qemu_get_be32(f);
+ s->rctl = qemu_get_be32(f);
+ s->tctl = qemu_get_be32(f);
+ s->thr = qemu_get_be32(f);
+ s->mctl = qemu_get_be32(f);
+ s->mdv = qemu_get_be32(f);
+ s->mtxd = qemu_get_be32(f);
+ s->mrxd = qemu_get_be32(f);
+ s->np = qemu_get_be32(f);
+ s->tx_frame_len = qemu_get_be32(f);
+ s->tx_fifo_len = qemu_get_be32(f);
+ qemu_get_buffer(f, s->tx_fifo, sizeof(s->tx_fifo));
+ for (i = 0; i < 31; i++) {
+ s->rx[i].len = qemu_get_be32(f);
+ qemu_get_buffer(f, s->rx[i].data, sizeof(s->rx[i].data));
+
+ }
+ s->next_packet = qemu_get_be32(f);
+ s->rx_fifo = s->rx[s->next_packet].data + qemu_get_be32(f);
+ s->rx_fifo_len = qemu_get_be32(f);
+
+ return 0;
+}
+
+static void stellaris_enet_cleanup(NetClientState *nc)
+{
+ stellaris_enet_state *s = qemu_get_nic_opaque(nc);
+
+ s->nic = NULL;
+}
+
+static NetClientInfo net_stellaris_enet_info = {
+ .type = NET_CLIENT_OPTIONS_KIND_NIC,
+ .size = sizeof(NICState),
+ .can_receive = stellaris_enet_can_receive,
+ .receive = stellaris_enet_receive,
+ .cleanup = stellaris_enet_cleanup,
+};
+
+static int stellaris_enet_init(SysBusDevice *sbd)
+{
+ DeviceState *dev = DEVICE(sbd);
+ stellaris_enet_state *s = STELLARIS_ENET(dev);
+
+ memory_region_init_io(&s->mmio, OBJECT(s), &stellaris_enet_ops, s,
+ "stellaris_enet", 0x1000);
+ sysbus_init_mmio(sbd, &s->mmio);
+ sysbus_init_irq(sbd, &s->irq);
+ qemu_macaddr_default_if_unset(&s->conf.macaddr);
+
+ s->nic = qemu_new_nic(&net_stellaris_enet_info, &s->conf,
+ object_get_typename(OBJECT(dev)), dev->id, s);
+ qemu_format_nic_info_str(qemu_get_queue(s->nic), s->conf.macaddr.a);
+
+ stellaris_enet_reset(s);
+ register_savevm(dev, "stellaris_enet", -1, 1,
+ stellaris_enet_save, stellaris_enet_load, s);
+ return 0;
+}
+
+static void stellaris_enet_unrealize(DeviceState *dev, Error **errp)
+{
+ stellaris_enet_state *s = STELLARIS_ENET(dev);
+
+ unregister_savevm(DEVICE(s), "stellaris_enet", s);
+
+ memory_region_destroy(&s->mmio);
+}
+
+static Property stellaris_enet_properties[] = {
+ DEFINE_NIC_PROPERTIES(stellaris_enet_state, conf),
+ DEFINE_PROP_END_OF_LIST(),
+};
+
+static void stellaris_enet_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
+
+ k->init = stellaris_enet_init;
+ dc->unrealize = stellaris_enet_unrealize;
+ dc->props = stellaris_enet_properties;
+}
+
+static const TypeInfo stellaris_enet_info = {
+ .name = TYPE_STELLARIS_ENET,
+ .parent = TYPE_SYS_BUS_DEVICE,
+ .instance_size = sizeof(stellaris_enet_state),
+ .class_init = stellaris_enet_class_init,
+};
+
+static void stellaris_enet_register_types(void)
+{
+ type_register_static(&stellaris_enet_info);
+}
+
+type_init(stellaris_enet_register_types)
diff --git a/hw/net/vhost_net.c b/hw/net/vhost_net.c
new file mode 100644
index 000000000..006576db3
--- /dev/null
+++ b/hw/net/vhost_net.c
@@ -0,0 +1,331 @@
+/*
+ * vhost-net support
+ *
+ * Copyright Red Hat, Inc. 2010
+ *
+ * Authors:
+ * Michael S. Tsirkin <mst@redhat.com>
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2. See
+ * the COPYING file in the top-level directory.
+ *
+ * Contributions after 2012-01-13 are licensed under the terms of the
+ * GNU GPL, version 2 or (at your option) any later version.
+ */
+
+#include "net/net.h"
+#include "net/tap.h"
+
+#include "hw/virtio/virtio-net.h"
+#include "net/vhost_net.h"
+#include "qemu/error-report.h"
+
+#include "config.h"
+
+#ifdef CONFIG_VHOST_NET
+#include <linux/vhost.h>
+#include <sys/socket.h>
+#include <linux/kvm.h>
+#include <fcntl.h>
+#include <sys/ioctl.h>
+#include <linux/virtio_ring.h>
+#include <netpacket/packet.h>
+#include <net/ethernet.h>
+#include <net/if.h>
+#include <netinet/in.h>
+
+#include <stdio.h>
+
+#include "hw/virtio/vhost.h"
+#include "hw/virtio/virtio-bus.h"
+
+struct vhost_net {
+ struct vhost_dev dev;
+ struct vhost_virtqueue vqs[2];
+ int backend;
+ NetClientState *nc;
+};
+
+unsigned vhost_net_get_features(struct vhost_net *net, unsigned features)
+{
+ /* Clear features not supported by host kernel. */
+ if (!(net->dev.features & (1 << VIRTIO_F_NOTIFY_ON_EMPTY))) {
+ features &= ~(1 << VIRTIO_F_NOTIFY_ON_EMPTY);
+ }
+ if (!(net->dev.features & (1 << VIRTIO_RING_F_INDIRECT_DESC))) {
+ features &= ~(1 << VIRTIO_RING_F_INDIRECT_DESC);
+ }
+ if (!(net->dev.features & (1 << VIRTIO_RING_F_EVENT_IDX))) {
+ features &= ~(1 << VIRTIO_RING_F_EVENT_IDX);
+ }
+ if (!(net->dev.features & (1 << VIRTIO_NET_F_MRG_RXBUF))) {
+ features &= ~(1 << VIRTIO_NET_F_MRG_RXBUF);
+ }
+ return features;
+}
+
+void vhost_net_ack_features(struct vhost_net *net, unsigned features)
+{
+ net->dev.acked_features = net->dev.backend_features;
+ if (features & (1 << VIRTIO_F_NOTIFY_ON_EMPTY)) {
+ net->dev.acked_features |= (1 << VIRTIO_F_NOTIFY_ON_EMPTY);
+ }
+ if (features & (1 << VIRTIO_RING_F_INDIRECT_DESC)) {
+ net->dev.acked_features |= (1 << VIRTIO_RING_F_INDIRECT_DESC);
+ }
+ if (features & (1 << VIRTIO_RING_F_EVENT_IDX)) {
+ net->dev.acked_features |= (1 << VIRTIO_RING_F_EVENT_IDX);
+ }
+ if (features & (1 << VIRTIO_NET_F_MRG_RXBUF)) {
+ net->dev.acked_features |= (1 << VIRTIO_NET_F_MRG_RXBUF);
+ }
+}
+
+static int vhost_net_get_fd(NetClientState *backend)
+{
+ switch (backend->info->type) {
+ case NET_CLIENT_OPTIONS_KIND_TAP:
+ return tap_get_fd(backend);
+ default:
+ fprintf(stderr, "vhost-net requires tap backend\n");
+ return -EBADFD;
+ }
+}
+
+struct vhost_net *vhost_net_init(NetClientState *backend, int devfd,
+ bool force)
+{
+ int r;
+ struct vhost_net *net = g_malloc(sizeof *net);
+ if (!backend) {
+ fprintf(stderr, "vhost-net requires backend to be setup\n");
+ goto fail;
+ }
+ r = vhost_net_get_fd(backend);
+ if (r < 0) {
+ goto fail;
+ }
+ net->nc = backend;
+ net->dev.backend_features = tap_has_vnet_hdr(backend) ? 0 :
+ (1 << VHOST_NET_F_VIRTIO_NET_HDR);
+ net->backend = r;
+
+ net->dev.nvqs = 2;
+ net->dev.vqs = net->vqs;
+
+ r = vhost_dev_init(&net->dev, devfd, "/dev/vhost-net", force);
+ if (r < 0) {
+ goto fail;
+ }
+ if (!tap_has_vnet_hdr_len(backend,
+ sizeof(struct virtio_net_hdr_mrg_rxbuf))) {
+ net->dev.features &= ~(1 << VIRTIO_NET_F_MRG_RXBUF);
+ }
+ if (~net->dev.features & net->dev.backend_features) {
+ fprintf(stderr, "vhost lacks feature mask %" PRIu64 " for backend\n",
+ (uint64_t)(~net->dev.features & net->dev.backend_features));
+ vhost_dev_cleanup(&net->dev);
+ goto fail;
+ }
+
+ /* Set sane init value. Override when guest acks. */
+ vhost_net_ack_features(net, 0);
+ return net;
+fail:
+ g_free(net);
+ return NULL;
+}
+
+bool vhost_net_query(VHostNetState *net, VirtIODevice *dev)
+{
+ return vhost_dev_query(&net->dev, dev);
+}
+
+static int vhost_net_start_one(struct vhost_net *net,
+ VirtIODevice *dev,
+ int vq_index)
+{
+ struct vhost_vring_file file = { };
+ int r;
+
+ if (net->dev.started) {
+ return 0;
+ }
+
+ net->dev.nvqs = 2;
+ net->dev.vqs = net->vqs;
+ net->dev.vq_index = vq_index;
+
+ r = vhost_dev_enable_notifiers(&net->dev, dev);
+ if (r < 0) {
+ goto fail_notifiers;
+ }
+
+ r = vhost_dev_start(&net->dev, dev);
+ if (r < 0) {
+ goto fail_start;
+ }
+
+ net->nc->info->poll(net->nc, false);
+ qemu_set_fd_handler(net->backend, NULL, NULL, NULL);
+ file.fd = net->backend;
+ for (file.index = 0; file.index < net->dev.nvqs; ++file.index) {
+ r = ioctl(net->dev.control, VHOST_NET_SET_BACKEND, &file);
+ if (r < 0) {
+ r = -errno;
+ goto fail;
+ }
+ }
+ return 0;
+fail:
+ file.fd = -1;
+ while (file.index-- > 0) {
+ int r = ioctl(net->dev.control, VHOST_NET_SET_BACKEND, &file);
+ assert(r >= 0);
+ }
+ net->nc->info->poll(net->nc, true);
+ vhost_dev_stop(&net->dev, dev);
+fail_start:
+ vhost_dev_disable_notifiers(&net->dev, dev);
+fail_notifiers:
+ return r;
+}
+
+static void vhost_net_stop_one(struct vhost_net *net,
+ VirtIODevice *dev)
+{
+ struct vhost_vring_file file = { .fd = -1 };
+
+ if (!net->dev.started) {
+ return;
+ }
+
+ for (file.index = 0; file.index < net->dev.nvqs; ++file.index) {
+ int r = ioctl(net->dev.control, VHOST_NET_SET_BACKEND, &file);
+ assert(r >= 0);
+ }
+ net->nc->info->poll(net->nc, true);
+ vhost_dev_stop(&net->dev, dev);
+ vhost_dev_disable_notifiers(&net->dev, dev);
+}
+
+int vhost_net_start(VirtIODevice *dev, NetClientState *ncs,
+ int total_queues)
+{
+ BusState *qbus = BUS(qdev_get_parent_bus(DEVICE(dev)));
+ VirtioBusState *vbus = VIRTIO_BUS(qbus);
+ VirtioBusClass *k = VIRTIO_BUS_GET_CLASS(vbus);
+ int r, i = 0;
+
+ if (!k->set_guest_notifiers) {
+ error_report("binding does not support guest notifiers");
+ r = -ENOSYS;
+ goto err;
+ }
+
+ for (i = 0; i < total_queues; i++) {
+ r = vhost_net_start_one(tap_get_vhost_net(ncs[i].peer), dev, i * 2);
+
+ if (r < 0) {
+ goto err;
+ }
+ }
+
+ r = k->set_guest_notifiers(qbus->parent, total_queues * 2, true);
+ if (r < 0) {
+ error_report("Error binding guest notifier: %d", -r);
+ goto err;
+ }
+
+ return 0;
+
+err:
+ while (--i >= 0) {
+ vhost_net_stop_one(tap_get_vhost_net(ncs[i].peer), dev);
+ }
+ return r;
+}
+
+void vhost_net_stop(VirtIODevice *dev, NetClientState *ncs,
+ int total_queues)
+{
+ BusState *qbus = BUS(qdev_get_parent_bus(DEVICE(dev)));
+ VirtioBusState *vbus = VIRTIO_BUS(qbus);
+ VirtioBusClass *k = VIRTIO_BUS_GET_CLASS(vbus);
+ int i, r;
+
+ r = k->set_guest_notifiers(qbus->parent, total_queues * 2, false);
+ if (r < 0) {
+ fprintf(stderr, "vhost guest notifier cleanup failed: %d\n", r);
+ fflush(stderr);
+ }
+ assert(r >= 0);
+
+ for (i = 0; i < total_queues; i++) {
+ vhost_net_stop_one(tap_get_vhost_net(ncs[i].peer), dev);
+ }
+}
+
+void vhost_net_cleanup(struct vhost_net *net)
+{
+ vhost_dev_cleanup(&net->dev);
+ g_free(net);
+}
+
+bool vhost_net_virtqueue_pending(VHostNetState *net, int idx)
+{
+ return vhost_virtqueue_pending(&net->dev, idx);
+}
+
+void vhost_net_virtqueue_mask(VHostNetState *net, VirtIODevice *dev,
+ int idx, bool mask)
+{
+ vhost_virtqueue_mask(&net->dev, dev, idx, mask);
+}
+#else
+struct vhost_net *vhost_net_init(NetClientState *backend, int devfd,
+ bool force)
+{
+ error_report("vhost-net support is not compiled in");
+ return NULL;
+}
+
+bool vhost_net_query(VHostNetState *net, VirtIODevice *dev)
+{
+ return false;
+}
+
+int vhost_net_start(VirtIODevice *dev,
+ NetClientState *ncs,
+ int total_queues)
+{
+ return -ENOSYS;
+}
+void vhost_net_stop(VirtIODevice *dev,
+ NetClientState *ncs,
+ int total_queues)
+{
+}
+
+void vhost_net_cleanup(struct vhost_net *net)
+{
+}
+
+unsigned vhost_net_get_features(struct vhost_net *net, unsigned features)
+{
+ return features;
+}
+void vhost_net_ack_features(struct vhost_net *net, unsigned features)
+{
+}
+
+bool vhost_net_virtqueue_pending(VHostNetState *net, int idx)
+{
+ return -ENOSYS;
+}
+
+void vhost_net_virtqueue_mask(VHostNetState *net, VirtIODevice *dev,
+ int idx, bool mask)
+{
+}
+#endif
diff --git a/hw/net/virtio-net.c b/hw/net/virtio-net.c
new file mode 100644
index 000000000..aa1880cb8
--- /dev/null
+++ b/hw/net/virtio-net.c
@@ -0,0 +1,1667 @@
+/*
+ * Virtio Network Device
+ *
+ * Copyright IBM, Corp. 2007
+ *
+ * Authors:
+ * Anthony Liguori <aliguori@us.ibm.com>
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2. See
+ * the COPYING file in the top-level directory.
+ *
+ */
+
+#include "qemu/iov.h"
+#include "hw/virtio/virtio.h"
+#include "net/net.h"
+#include "net/checksum.h"
+#include "net/tap.h"
+#include "qemu/error-report.h"
+#include "qemu/timer.h"
+#include "hw/virtio/virtio-net.h"
+#include "net/vhost_net.h"
+#include "hw/virtio/virtio-bus.h"
+#include "qapi/qmp/qjson.h"
+#include "monitor/monitor.h"
+
+#define VIRTIO_NET_VM_VERSION 11
+
+#define MAC_TABLE_ENTRIES 64
+#define MAX_VLAN (1 << 12) /* Per 802.1Q definition */
+
+/*
+ * Calculate the number of bytes up to and including the given 'field' of
+ * 'container'.
+ */
+#define endof(container, field) \
+ (offsetof(container, field) + sizeof(((container *)0)->field))
+
+typedef struct VirtIOFeature {
+ uint32_t flags;
+ size_t end;
+} VirtIOFeature;
+
+static VirtIOFeature feature_sizes[] = {
+ {.flags = 1 << VIRTIO_NET_F_MAC,
+ .end = endof(struct virtio_net_config, mac)},
+ {.flags = 1 << VIRTIO_NET_F_STATUS,
+ .end = endof(struct virtio_net_config, status)},
+ {.flags = 1 << VIRTIO_NET_F_MQ,
+ .end = endof(struct virtio_net_config, max_virtqueue_pairs)},
+ {}
+};
+
+static VirtIONetQueue *virtio_net_get_subqueue(NetClientState *nc)
+{
+ VirtIONet *n = qemu_get_nic_opaque(nc);
+
+ return &n->vqs[nc->queue_index];
+}
+
+static int vq2q(int queue_index)
+{
+ return queue_index / 2;
+}
+
+/* TODO
+ * - we could suppress RX interrupt if we were so inclined.
+ */
+
+static void virtio_net_get_config(VirtIODevice *vdev, uint8_t *config)
+{
+ VirtIONet *n = VIRTIO_NET(vdev);
+ struct virtio_net_config netcfg;
+
+ stw_p(&netcfg.status, n->status);
+ stw_p(&netcfg.max_virtqueue_pairs, n->max_queues);
+ memcpy(netcfg.mac, n->mac, ETH_ALEN);
+ memcpy(config, &netcfg, n->config_size);
+}
+
+static void virtio_net_set_config(VirtIODevice *vdev, const uint8_t *config)
+{
+ VirtIONet *n = VIRTIO_NET(vdev);
+ struct virtio_net_config netcfg = {};
+
+ memcpy(&netcfg, config, n->config_size);
+
+ if (!(vdev->guest_features >> VIRTIO_NET_F_CTRL_MAC_ADDR & 1) &&
+ memcmp(netcfg.mac, n->mac, ETH_ALEN)) {
+ memcpy(n->mac, netcfg.mac, ETH_ALEN);
+ qemu_format_nic_info_str(qemu_get_queue(n->nic), n->mac);
+ }
+}
+
+static bool virtio_net_started(VirtIONet *n, uint8_t status)
+{
+ VirtIODevice *vdev = VIRTIO_DEVICE(n);
+ return (status & VIRTIO_CONFIG_S_DRIVER_OK) &&
+ (n->status & VIRTIO_NET_S_LINK_UP) && vdev->vm_running;
+}
+
+static void virtio_net_vhost_status(VirtIONet *n, uint8_t status)
+{
+ VirtIODevice *vdev = VIRTIO_DEVICE(n);
+ NetClientState *nc = qemu_get_queue(n->nic);
+ int queues = n->multiqueue ? n->max_queues : 1;
+
+ if (!nc->peer) {
+ return;
+ }
+ if (nc->peer->info->type != NET_CLIENT_OPTIONS_KIND_TAP) {
+ return;
+ }
+
+ if (!tap_get_vhost_net(nc->peer)) {
+ return;
+ }
+
+ if (!!n->vhost_started ==
+ (virtio_net_started(n, status) && !nc->peer->link_down)) {
+ return;
+ }
+ if (!n->vhost_started) {
+ int r;
+ if (!vhost_net_query(tap_get_vhost_net(nc->peer), vdev)) {
+ return;
+ }
+ n->vhost_started = 1;
+ r = vhost_net_start(vdev, n->nic->ncs, queues);
+ if (r < 0) {
+ error_report("unable to start vhost net: %d: "
+ "falling back on userspace virtio", -r);
+ n->vhost_started = 0;
+ }
+ } else {
+ vhost_net_stop(vdev, n->nic->ncs, queues);
+ n->vhost_started = 0;
+ }
+}
+
+static void virtio_net_set_status(struct VirtIODevice *vdev, uint8_t status)
+{
+ VirtIONet *n = VIRTIO_NET(vdev);
+ VirtIONetQueue *q;
+ int i;
+ uint8_t queue_status;
+
+ virtio_net_vhost_status(n, status);
+
+ for (i = 0; i < n->max_queues; i++) {
+ q = &n->vqs[i];
+
+ if ((!n->multiqueue && i != 0) || i >= n->curr_queues) {
+ queue_status = 0;
+ } else {
+ queue_status = status;
+ }
+
+ if (!q->tx_waiting) {
+ continue;
+ }
+
+ if (virtio_net_started(n, queue_status) && !n->vhost_started) {
+ if (q->tx_timer) {
+ qemu_mod_timer(q->tx_timer,
+ qemu_get_clock_ns(vm_clock) + n->tx_timeout);
+ } else {
+ qemu_bh_schedule(q->tx_bh);
+ }
+ } else {
+ if (q->tx_timer) {
+ qemu_del_timer(q->tx_timer);
+ } else {
+ qemu_bh_cancel(q->tx_bh);
+ }
+ }
+ }
+}
+
+static void virtio_net_set_link_status(NetClientState *nc)
+{
+ VirtIONet *n = qemu_get_nic_opaque(nc);
+ VirtIODevice *vdev = VIRTIO_DEVICE(n);
+ uint16_t old_status = n->status;
+
+ if (nc->link_down)
+ n->status &= ~VIRTIO_NET_S_LINK_UP;
+ else
+ n->status |= VIRTIO_NET_S_LINK_UP;
+
+ if (n->status != old_status)
+ virtio_notify_config(vdev);
+
+ virtio_net_set_status(vdev, vdev->status);
+}
+
+static void rxfilter_notify(NetClientState *nc)
+{
+ QObject *event_data;
+ VirtIONet *n = qemu_get_nic_opaque(nc);
+
+ if (nc->rxfilter_notify_enabled) {
+ if (n->netclient_name) {
+ event_data = qobject_from_jsonf("{ 'name': %s, 'path': %s }",
+ n->netclient_name,
+ object_get_canonical_path(OBJECT(n->qdev)));
+ } else {
+ event_data = qobject_from_jsonf("{ 'path': %s }",
+ object_get_canonical_path(OBJECT(n->qdev)));
+ }
+ monitor_protocol_event(QEVENT_NIC_RX_FILTER_CHANGED, event_data);
+ qobject_decref(event_data);
+
+ /* disable event notification to avoid events flooding */
+ nc->rxfilter_notify_enabled = 0;
+ }
+}
+
+static char *mac_strdup_printf(const uint8_t *mac)
+{
+ return g_strdup_printf("%.2x:%.2x:%.2x:%.2x:%.2x:%.2x", mac[0],
+ mac[1], mac[2], mac[3], mac[4], mac[5]);
+}
+
+static RxFilterInfo *virtio_net_query_rxfilter(NetClientState *nc)
+{
+ VirtIONet *n = qemu_get_nic_opaque(nc);
+ RxFilterInfo *info;
+ strList *str_list, *entry;
+ intList *int_list, *int_entry;
+ int i, j;
+
+ info = g_malloc0(sizeof(*info));
+ info->name = g_strdup(nc->name);
+ info->promiscuous = n->promisc;
+
+ if (n->nouni) {
+ info->unicast = RX_STATE_NONE;
+ } else if (n->alluni) {
+ info->unicast = RX_STATE_ALL;
+ } else {
+ info->unicast = RX_STATE_NORMAL;
+ }
+
+ if (n->nomulti) {
+ info->multicast = RX_STATE_NONE;
+ } else if (n->allmulti) {
+ info->multicast = RX_STATE_ALL;
+ } else {
+ info->multicast = RX_STATE_NORMAL;
+ }
+
+ info->broadcast_allowed = n->nobcast;
+ info->multicast_overflow = n->mac_table.multi_overflow;
+ info->unicast_overflow = n->mac_table.uni_overflow;
+
+ info->main_mac = mac_strdup_printf(n->mac);
+
+ str_list = NULL;
+ for (i = 0; i < n->mac_table.first_multi; i++) {
+ entry = g_malloc0(sizeof(*entry));
+ entry->value = mac_strdup_printf(n->mac_table.macs + i * ETH_ALEN);
+ entry->next = str_list;
+ str_list = entry;
+ }
+ info->unicast_table = str_list;
+
+ str_list = NULL;
+ for (i = n->mac_table.first_multi; i < n->mac_table.in_use; i++) {
+ entry = g_malloc0(sizeof(*entry));
+ entry->value = mac_strdup_printf(n->mac_table.macs + i * ETH_ALEN);
+ entry->next = str_list;
+ str_list = entry;
+ }
+ info->multicast_table = str_list;
+
+ int_list = NULL;
+ for (i = 0; i < MAX_VLAN >> 5; i++) {
+ for (j = 0; n->vlans[i] && j < 0x1f; j++) {
+ if (n->vlans[i] & (1U << j)) {
+ int_entry = g_malloc0(sizeof(*int_entry));
+ int_entry->value = (i << 5) + j;
+ int_entry->next = int_list;
+ int_list = int_entry;
+ }
+ }
+ }
+ info->vlan_table = int_list;
+
+ /* enable event notification after query */
+ nc->rxfilter_notify_enabled = 1;
+
+ return info;
+}
+
+static void virtio_net_reset(VirtIODevice *vdev)
+{
+ VirtIONet *n = VIRTIO_NET(vdev);
+
+ /* Reset back to compatibility mode */
+ n->promisc = 1;
+ n->allmulti = 0;
+ n->alluni = 0;
+ n->nomulti = 0;
+ n->nouni = 0;
+ n->nobcast = 0;
+ /* multiqueue is disabled by default */
+ n->curr_queues = 1;
+
+ /* Flush any MAC and VLAN filter table state */
+ n->mac_table.in_use = 0;
+ n->mac_table.first_multi = 0;
+ n->mac_table.multi_overflow = 0;
+ n->mac_table.uni_overflow = 0;
+ memset(n->mac_table.macs, 0, MAC_TABLE_ENTRIES * ETH_ALEN);
+ memcpy(&n->mac[0], &n->nic->conf->macaddr, sizeof(n->mac));
+ memset(n->vlans, 0, MAX_VLAN >> 3);
+}
+
+static void peer_test_vnet_hdr(VirtIONet *n)
+{
+ NetClientState *nc = qemu_get_queue(n->nic);
+ if (!nc->peer) {
+ return;
+ }
+
+ if (nc->peer->info->type != NET_CLIENT_OPTIONS_KIND_TAP) {
+ return;
+ }
+
+ n->has_vnet_hdr = tap_has_vnet_hdr(nc->peer);
+}
+
+static int peer_has_vnet_hdr(VirtIONet *n)
+{
+ return n->has_vnet_hdr;
+}
+
+static int peer_has_ufo(VirtIONet *n)
+{
+ if (!peer_has_vnet_hdr(n))
+ return 0;
+
+ n->has_ufo = tap_has_ufo(qemu_get_queue(n->nic)->peer);
+
+ return n->has_ufo;
+}
+
+static void virtio_net_set_mrg_rx_bufs(VirtIONet *n, int mergeable_rx_bufs)
+{
+ int i;
+ NetClientState *nc;
+
+ n->mergeable_rx_bufs = mergeable_rx_bufs;
+
+ n->guest_hdr_len = n->mergeable_rx_bufs ?
+ sizeof(struct virtio_net_hdr_mrg_rxbuf) : sizeof(struct virtio_net_hdr);
+
+ for (i = 0; i < n->max_queues; i++) {
+ nc = qemu_get_subqueue(n->nic, i);
+
+ if (peer_has_vnet_hdr(n) &&
+ tap_has_vnet_hdr_len(nc->peer, n->guest_hdr_len)) {
+ tap_set_vnet_hdr_len(nc->peer, n->guest_hdr_len);
+ n->host_hdr_len = n->guest_hdr_len;
+ }
+ }
+}
+
+static int peer_attach(VirtIONet *n, int index)
+{
+ NetClientState *nc = qemu_get_subqueue(n->nic, index);
+
+ if (!nc->peer) {
+ return 0;
+ }
+
+ if (nc->peer->info->type != NET_CLIENT_OPTIONS_KIND_TAP) {
+ return 0;
+ }
+
+ return tap_enable(nc->peer);
+}
+
+static int peer_detach(VirtIONet *n, int index)
+{
+ NetClientState *nc = qemu_get_subqueue(n->nic, index);
+
+ if (!nc->peer) {
+ return 0;
+ }
+
+ if (nc->peer->info->type != NET_CLIENT_OPTIONS_KIND_TAP) {
+ return 0;
+ }
+
+ return tap_disable(nc->peer);
+}
+
+static void virtio_net_set_queues(VirtIONet *n)
+{
+ int i;
+
+ for (i = 0; i < n->max_queues; i++) {
+ if (i < n->curr_queues) {
+ assert(!peer_attach(n, i));
+ } else {
+ assert(!peer_detach(n, i));
+ }
+ }
+}
+
+static void virtio_net_set_multiqueue(VirtIONet *n, int multiqueue);
+
+static uint32_t virtio_net_get_features(VirtIODevice *vdev, uint32_t features)
+{
+ VirtIONet *n = VIRTIO_NET(vdev);
+ NetClientState *nc = qemu_get_queue(n->nic);
+
+ features |= (1 << VIRTIO_NET_F_MAC);
+
+ if (!peer_has_vnet_hdr(n)) {
+ features &= ~(0x1 << VIRTIO_NET_F_CSUM);
+ features &= ~(0x1 << VIRTIO_NET_F_HOST_TSO4);
+ features &= ~(0x1 << VIRTIO_NET_F_HOST_TSO6);
+ features &= ~(0x1 << VIRTIO_NET_F_HOST_ECN);
+
+ features &= ~(0x1 << VIRTIO_NET_F_GUEST_CSUM);
+ features &= ~(0x1 << VIRTIO_NET_F_GUEST_TSO4);
+ features &= ~(0x1 << VIRTIO_NET_F_GUEST_TSO6);
+ features &= ~(0x1 << VIRTIO_NET_F_GUEST_ECN);
+ }
+
+ if (!peer_has_vnet_hdr(n) || !peer_has_ufo(n)) {
+ features &= ~(0x1 << VIRTIO_NET_F_GUEST_UFO);
+ features &= ~(0x1 << VIRTIO_NET_F_HOST_UFO);
+ }
+
+ if (!nc->peer || nc->peer->info->type != NET_CLIENT_OPTIONS_KIND_TAP) {
+ return features;
+ }
+ if (!tap_get_vhost_net(nc->peer)) {
+ return features;
+ }
+ return vhost_net_get_features(tap_get_vhost_net(nc->peer), features);
+}
+
+static uint32_t virtio_net_bad_features(VirtIODevice *vdev)
+{
+ uint32_t features = 0;
+
+ /* Linux kernel 2.6.25. It understood MAC (as everyone must),
+ * but also these: */
+ features |= (1 << VIRTIO_NET_F_MAC);
+ features |= (1 << VIRTIO_NET_F_CSUM);
+ features |= (1 << VIRTIO_NET_F_HOST_TSO4);
+ features |= (1 << VIRTIO_NET_F_HOST_TSO6);
+ features |= (1 << VIRTIO_NET_F_HOST_ECN);
+
+ return features;
+}
+
+static void virtio_net_apply_guest_offloads(VirtIONet *n)
+{
+ tap_set_offload(qemu_get_subqueue(n->nic, 0)->peer,
+ !!(n->curr_guest_offloads & (1ULL << VIRTIO_NET_F_GUEST_CSUM)),
+ !!(n->curr_guest_offloads & (1ULL << VIRTIO_NET_F_GUEST_TSO4)),
+ !!(n->curr_guest_offloads & (1ULL << VIRTIO_NET_F_GUEST_TSO6)),
+ !!(n->curr_guest_offloads & (1ULL << VIRTIO_NET_F_GUEST_ECN)),
+ !!(n->curr_guest_offloads & (1ULL << VIRTIO_NET_F_GUEST_UFO)));
+}
+
+static uint64_t virtio_net_guest_offloads_by_features(uint32_t features)
+{
+ static const uint64_t guest_offloads_mask =
+ (1ULL << VIRTIO_NET_F_GUEST_CSUM) |
+ (1ULL << VIRTIO_NET_F_GUEST_TSO4) |
+ (1ULL << VIRTIO_NET_F_GUEST_TSO6) |
+ (1ULL << VIRTIO_NET_F_GUEST_ECN) |
+ (1ULL << VIRTIO_NET_F_GUEST_UFO);
+
+ return guest_offloads_mask & features;
+}
+
+static inline uint64_t virtio_net_supported_guest_offloads(VirtIONet *n)
+{
+ VirtIODevice *vdev = VIRTIO_DEVICE(n);
+ return virtio_net_guest_offloads_by_features(vdev->guest_features);
+}
+
+static void virtio_net_set_features(VirtIODevice *vdev, uint32_t features)
+{
+ VirtIONet *n = VIRTIO_NET(vdev);
+ int i;
+
+ virtio_net_set_multiqueue(n, !!(features & (1 << VIRTIO_NET_F_MQ)));
+
+ virtio_net_set_mrg_rx_bufs(n, !!(features & (1 << VIRTIO_NET_F_MRG_RXBUF)));
+
+ if (n->has_vnet_hdr) {
+ n->curr_guest_offloads =
+ virtio_net_guest_offloads_by_features(features);
+ virtio_net_apply_guest_offloads(n);
+ }
+
+ for (i = 0; i < n->max_queues; i++) {
+ NetClientState *nc = qemu_get_subqueue(n->nic, i);
+
+ if (!nc->peer || nc->peer->info->type != NET_CLIENT_OPTIONS_KIND_TAP) {
+ continue;
+ }
+ if (!tap_get_vhost_net(nc->peer)) {
+ continue;
+ }
+ vhost_net_ack_features(tap_get_vhost_net(nc->peer), features);
+ }
+}
+
+static int virtio_net_handle_rx_mode(VirtIONet *n, uint8_t cmd,
+ struct iovec *iov, unsigned int iov_cnt)
+{
+ uint8_t on;
+ size_t s;
+ NetClientState *nc = qemu_get_queue(n->nic);
+
+ s = iov_to_buf(iov, iov_cnt, 0, &on, sizeof(on));
+ if (s != sizeof(on)) {
+ return VIRTIO_NET_ERR;
+ }
+
+ if (cmd == VIRTIO_NET_CTRL_RX_PROMISC) {
+ n->promisc = on;
+ } else if (cmd == VIRTIO_NET_CTRL_RX_ALLMULTI) {
+ n->allmulti = on;
+ } else if (cmd == VIRTIO_NET_CTRL_RX_ALLUNI) {
+ n->alluni = on;
+ } else if (cmd == VIRTIO_NET_CTRL_RX_NOMULTI) {
+ n->nomulti = on;
+ } else if (cmd == VIRTIO_NET_CTRL_RX_NOUNI) {
+ n->nouni = on;
+ } else if (cmd == VIRTIO_NET_CTRL_RX_NOBCAST) {
+ n->nobcast = on;
+ } else {
+ return VIRTIO_NET_ERR;
+ }
+
+ rxfilter_notify(nc);
+
+ return VIRTIO_NET_OK;
+}
+
+static int virtio_net_handle_offloads(VirtIONet *n, uint8_t cmd,
+ struct iovec *iov, unsigned int iov_cnt)
+{
+ VirtIODevice *vdev = VIRTIO_DEVICE(n);
+ uint64_t offloads;
+ size_t s;
+
+ if (!((1 << VIRTIO_NET_F_CTRL_GUEST_OFFLOADS) & vdev->guest_features)) {
+ return VIRTIO_NET_ERR;
+ }
+
+ s = iov_to_buf(iov, iov_cnt, 0, &offloads, sizeof(offloads));
+ if (s != sizeof(offloads)) {
+ return VIRTIO_NET_ERR;
+ }
+
+ if (cmd == VIRTIO_NET_CTRL_GUEST_OFFLOADS_SET) {
+ uint64_t supported_offloads;
+
+ if (!n->has_vnet_hdr) {
+ return VIRTIO_NET_ERR;
+ }
+
+ supported_offloads = virtio_net_supported_guest_offloads(n);
+ if (offloads & ~supported_offloads) {
+ return VIRTIO_NET_ERR;
+ }
+
+ n->curr_guest_offloads = offloads;
+ virtio_net_apply_guest_offloads(n);
+
+ return VIRTIO_NET_OK;
+ } else {
+ return VIRTIO_NET_ERR;
+ }
+}
+
+static int virtio_net_handle_mac(VirtIONet *n, uint8_t cmd,
+ struct iovec *iov, unsigned int iov_cnt)
+{
+ struct virtio_net_ctrl_mac mac_data;
+ size_t s;
+ NetClientState *nc = qemu_get_queue(n->nic);
+
+ if (cmd == VIRTIO_NET_CTRL_MAC_ADDR_SET) {
+ if (iov_size(iov, iov_cnt) != sizeof(n->mac)) {
+ return VIRTIO_NET_ERR;
+ }
+ s = iov_to_buf(iov, iov_cnt, 0, &n->mac, sizeof(n->mac));
+ assert(s == sizeof(n->mac));
+ qemu_format_nic_info_str(qemu_get_queue(n->nic), n->mac);
+ rxfilter_notify(nc);
+
+ return VIRTIO_NET_OK;
+ }
+
+ if (cmd != VIRTIO_NET_CTRL_MAC_TABLE_SET) {
+ return VIRTIO_NET_ERR;
+ }
+
+ n->mac_table.in_use = 0;
+ n->mac_table.first_multi = 0;
+ n->mac_table.uni_overflow = 0;
+ n->mac_table.multi_overflow = 0;
+ memset(n->mac_table.macs, 0, MAC_TABLE_ENTRIES * ETH_ALEN);
+
+ s = iov_to_buf(iov, iov_cnt, 0, &mac_data.entries,
+ sizeof(mac_data.entries));
+ mac_data.entries = ldl_p(&mac_data.entries);
+ if (s != sizeof(mac_data.entries)) {
+ goto error;
+ }
+ iov_discard_front(&iov, &iov_cnt, s);
+
+ if (mac_data.entries * ETH_ALEN > iov_size(iov, iov_cnt)) {
+ goto error;
+ }
+
+ if (mac_data.entries <= MAC_TABLE_ENTRIES) {
+ s = iov_to_buf(iov, iov_cnt, 0, n->mac_table.macs,
+ mac_data.entries * ETH_ALEN);
+ if (s != mac_data.entries * ETH_ALEN) {
+ goto error;
+ }
+ n->mac_table.in_use += mac_data.entries;
+ } else {
+ n->mac_table.uni_overflow = 1;
+ }
+
+ iov_discard_front(&iov, &iov_cnt, mac_data.entries * ETH_ALEN);
+
+ n->mac_table.first_multi = n->mac_table.in_use;
+
+ s = iov_to_buf(iov, iov_cnt, 0, &mac_data.entries,
+ sizeof(mac_data.entries));
+ mac_data.entries = ldl_p(&mac_data.entries);
+ if (s != sizeof(mac_data.entries)) {
+ goto error;
+ }
+
+ iov_discard_front(&iov, &iov_cnt, s);
+
+ if (mac_data.entries * ETH_ALEN != iov_size(iov, iov_cnt)) {
+ goto error;
+ }
+
+ if (n->mac_table.in_use + mac_data.entries <= MAC_TABLE_ENTRIES) {
+ s = iov_to_buf(iov, iov_cnt, 0, n->mac_table.macs,
+ mac_data.entries * ETH_ALEN);
+ if (s != mac_data.entries * ETH_ALEN) {
+ goto error;
+ }
+ n->mac_table.in_use += mac_data.entries;
+ } else {
+ n->mac_table.multi_overflow = 1;
+ }
+
+ rxfilter_notify(nc);
+
+ return VIRTIO_NET_OK;
+
+error:
+ rxfilter_notify(nc);
+ return VIRTIO_NET_ERR;
+}
+
+static int virtio_net_handle_vlan_table(VirtIONet *n, uint8_t cmd,
+ struct iovec *iov, unsigned int iov_cnt)
+{
+ uint16_t vid;
+ size_t s;
+ NetClientState *nc = qemu_get_queue(n->nic);
+
+ s = iov_to_buf(iov, iov_cnt, 0, &vid, sizeof(vid));
+ vid = lduw_p(&vid);
+ if (s != sizeof(vid)) {
+ return VIRTIO_NET_ERR;
+ }
+
+ if (vid >= MAX_VLAN)
+ return VIRTIO_NET_ERR;
+
+ if (cmd == VIRTIO_NET_CTRL_VLAN_ADD)
+ n->vlans[vid >> 5] |= (1U << (vid & 0x1f));
+ else if (cmd == VIRTIO_NET_CTRL_VLAN_DEL)
+ n->vlans[vid >> 5] &= ~(1U << (vid & 0x1f));
+ else
+ return VIRTIO_NET_ERR;
+
+ rxfilter_notify(nc);
+
+ return VIRTIO_NET_OK;
+}
+
+static int virtio_net_handle_mq(VirtIONet *n, uint8_t cmd,
+ struct iovec *iov, unsigned int iov_cnt)
+{
+ VirtIODevice *vdev = VIRTIO_DEVICE(n);
+ struct virtio_net_ctrl_mq mq;
+ size_t s;
+ uint16_t queues;
+
+ s = iov_to_buf(iov, iov_cnt, 0, &mq, sizeof(mq));
+ if (s != sizeof(mq)) {
+ return VIRTIO_NET_ERR;
+ }
+
+ if (cmd != VIRTIO_NET_CTRL_MQ_VQ_PAIRS_SET) {
+ return VIRTIO_NET_ERR;
+ }
+
+ queues = lduw_p(&mq.virtqueue_pairs);
+
+ if (queues < VIRTIO_NET_CTRL_MQ_VQ_PAIRS_MIN ||
+ queues > VIRTIO_NET_CTRL_MQ_VQ_PAIRS_MAX ||
+ queues > n->max_queues ||
+ !n->multiqueue) {
+ return VIRTIO_NET_ERR;
+ }
+
+ n->curr_queues = queues;
+ /* stop the backend before changing the number of queues to avoid handling a
+ * disabled queue */
+ virtio_net_set_status(vdev, vdev->status);
+ virtio_net_set_queues(n);
+
+ return VIRTIO_NET_OK;
+}
+static void virtio_net_handle_ctrl(VirtIODevice *vdev, VirtQueue *vq)
+{
+ VirtIONet *n = VIRTIO_NET(vdev);
+ struct virtio_net_ctrl_hdr ctrl;
+ virtio_net_ctrl_ack status = VIRTIO_NET_ERR;
+ VirtQueueElement elem;
+ size_t s;
+ struct iovec *iov;
+ unsigned int iov_cnt;
+
+ while (virtqueue_pop(vq, &elem)) {
+ if (iov_size(elem.in_sg, elem.in_num) < sizeof(status) ||
+ iov_size(elem.out_sg, elem.out_num) < sizeof(ctrl)) {
+ error_report("virtio-net ctrl missing headers");
+ exit(1);
+ }
+
+ iov = elem.out_sg;
+ iov_cnt = elem.out_num;
+ s = iov_to_buf(iov, iov_cnt, 0, &ctrl, sizeof(ctrl));
+ iov_discard_front(&iov, &iov_cnt, sizeof(ctrl));
+ if (s != sizeof(ctrl)) {
+ status = VIRTIO_NET_ERR;
+ } else if (ctrl.class == VIRTIO_NET_CTRL_RX) {
+ status = virtio_net_handle_rx_mode(n, ctrl.cmd, iov, iov_cnt);
+ } else if (ctrl.class == VIRTIO_NET_CTRL_MAC) {
+ status = virtio_net_handle_mac(n, ctrl.cmd, iov, iov_cnt);
+ } else if (ctrl.class == VIRTIO_NET_CTRL_VLAN) {
+ status = virtio_net_handle_vlan_table(n, ctrl.cmd, iov, iov_cnt);
+ } else if (ctrl.class == VIRTIO_NET_CTRL_MQ) {
+ status = virtio_net_handle_mq(n, ctrl.cmd, iov, iov_cnt);
+ } else if (ctrl.class == VIRTIO_NET_CTRL_GUEST_OFFLOADS) {
+ status = virtio_net_handle_offloads(n, ctrl.cmd, iov, iov_cnt);
+ }
+
+ s = iov_from_buf(elem.in_sg, elem.in_num, 0, &status, sizeof(status));
+ assert(s == sizeof(status));
+
+ virtqueue_push(vq, &elem, sizeof(status));
+ virtio_notify(vdev, vq);
+ }
+}
+
+/* RX */
+
+static void virtio_net_handle_rx(VirtIODevice *vdev, VirtQueue *vq)
+{
+ VirtIONet *n = VIRTIO_NET(vdev);
+ int queue_index = vq2q(virtio_get_queue_index(vq));
+
+ qemu_flush_queued_packets(qemu_get_subqueue(n->nic, queue_index));
+}
+
+static int virtio_net_can_receive(NetClientState *nc)
+{
+ VirtIONet *n = qemu_get_nic_opaque(nc);
+ VirtIODevice *vdev = VIRTIO_DEVICE(n);
+ VirtIONetQueue *q = virtio_net_get_subqueue(nc);
+
+ if (!vdev->vm_running) {
+ return 0;
+ }
+
+ if (nc->queue_index >= n->curr_queues) {
+ return 0;
+ }
+
+ if (!virtio_queue_ready(q->rx_vq) ||
+ !(vdev->status & VIRTIO_CONFIG_S_DRIVER_OK)) {
+ return 0;
+ }
+
+ return 1;
+}
+
+static int virtio_net_has_buffers(VirtIONetQueue *q, int bufsize)
+{
+ VirtIONet *n = q->n;
+ if (virtio_queue_empty(q->rx_vq) ||
+ (n->mergeable_rx_bufs &&
+ !virtqueue_avail_bytes(q->rx_vq, bufsize, 0))) {
+ virtio_queue_set_notification(q->rx_vq, 1);
+
+ /* To avoid a race condition where the guest has made some buffers
+ * available after the above check but before notification was
+ * enabled, check for available buffers again.
+ */
+ if (virtio_queue_empty(q->rx_vq) ||
+ (n->mergeable_rx_bufs &&
+ !virtqueue_avail_bytes(q->rx_vq, bufsize, 0))) {
+ return 0;
+ }
+ }
+
+ virtio_queue_set_notification(q->rx_vq, 0);
+ return 1;
+}
+
+/* dhclient uses AF_PACKET but doesn't pass auxdata to the kernel so
+ * it never finds out that the packets don't have valid checksums. This
+ * causes dhclient to get upset. Fedora's carried a patch for ages to
+ * fix this with Xen but it hasn't appeared in an upstream release of
+ * dhclient yet.
+ *
+ * To avoid breaking existing guests, we catch udp packets and add
+ * checksums. This is terrible but it's better than hacking the guest
+ * kernels.
+ *
+ * N.B. if we introduce a zero-copy API, this operation is no longer free so
+ * we should provide a mechanism to disable it to avoid polluting the host
+ * cache.
+ */
+static void work_around_broken_dhclient(struct virtio_net_hdr *hdr,
+ uint8_t *buf, size_t size)
+{
+ if ((hdr->flags & VIRTIO_NET_HDR_F_NEEDS_CSUM) && /* missing csum */
+ (size > 27 && size < 1500) && /* normal sized MTU */
+ (buf[12] == 0x08 && buf[13] == 0x00) && /* ethertype == IPv4 */
+ (buf[23] == 17) && /* ip.protocol == UDP */
+ (buf[34] == 0 && buf[35] == 67)) { /* udp.srcport == bootps */
+ net_checksum_calculate(buf, size);
+ hdr->flags &= ~VIRTIO_NET_HDR_F_NEEDS_CSUM;
+ }
+}
+
+static void receive_header(VirtIONet *n, const struct iovec *iov, int iov_cnt,
+ const void *buf, size_t size)
+{
+ if (n->has_vnet_hdr) {
+ /* FIXME this cast is evil */
+ void *wbuf = (void *)buf;
+ work_around_broken_dhclient(wbuf, wbuf + n->host_hdr_len,
+ size - n->host_hdr_len);
+ iov_from_buf(iov, iov_cnt, 0, buf, sizeof(struct virtio_net_hdr));
+ } else {
+ struct virtio_net_hdr hdr = {
+ .flags = 0,
+ .gso_type = VIRTIO_NET_HDR_GSO_NONE
+ };
+ iov_from_buf(iov, iov_cnt, 0, &hdr, sizeof hdr);
+ }
+}
+
+static int receive_filter(VirtIONet *n, const uint8_t *buf, int size)
+{
+ static const uint8_t bcast[] = {0xff, 0xff, 0xff, 0xff, 0xff, 0xff};
+ static const uint8_t vlan[] = {0x81, 0x00};
+ uint8_t *ptr = (uint8_t *)buf;
+ int i;
+
+ if (n->promisc)
+ return 1;
+
+ ptr += n->host_hdr_len;
+
+ if (!memcmp(&ptr[12], vlan, sizeof(vlan))) {
+ int vid = be16_to_cpup((uint16_t *)(ptr + 14)) & 0xfff;
+ if (!(n->vlans[vid >> 5] & (1U << (vid & 0x1f))))
+ return 0;
+ }
+
+ if (ptr[0] & 1) { // multicast
+ if (!memcmp(ptr, bcast, sizeof(bcast))) {
+ return !n->nobcast;
+ } else if (n->nomulti) {
+ return 0;
+ } else if (n->allmulti || n->mac_table.multi_overflow) {
+ return 1;
+ }
+
+ for (i = n->mac_table.first_multi; i < n->mac_table.in_use; i++) {
+ if (!memcmp(ptr, &n->mac_table.macs[i * ETH_ALEN], ETH_ALEN)) {
+ return 1;
+ }
+ }
+ } else { // unicast
+ if (n->nouni) {
+ return 0;
+ } else if (n->alluni || n->mac_table.uni_overflow) {
+ return 1;
+ } else if (!memcmp(ptr, n->mac, ETH_ALEN)) {
+ return 1;
+ }
+
+ for (i = 0; i < n->mac_table.first_multi; i++) {
+ if (!memcmp(ptr, &n->mac_table.macs[i * ETH_ALEN], ETH_ALEN)) {
+ return 1;
+ }
+ }
+ }
+
+ return 0;
+}
+
+static ssize_t virtio_net_receive(NetClientState *nc, const uint8_t *buf, size_t size)
+{
+ VirtIONet *n = qemu_get_nic_opaque(nc);
+ VirtIONetQueue *q = virtio_net_get_subqueue(nc);
+ VirtIODevice *vdev = VIRTIO_DEVICE(n);
+ struct iovec mhdr_sg[VIRTQUEUE_MAX_SIZE];
+ struct virtio_net_hdr_mrg_rxbuf mhdr;
+ unsigned mhdr_cnt = 0;
+ size_t offset, i, guest_offset;
+
+ if (!virtio_net_can_receive(nc)) {
+ return -1;
+ }
+
+ /* hdr_len refers to the header we supply to the guest */
+ if (!virtio_net_has_buffers(q, size + n->guest_hdr_len - n->host_hdr_len)) {
+ return 0;
+ }
+
+ if (!receive_filter(n, buf, size))
+ return size;
+
+ offset = i = 0;
+
+ while (offset < size) {
+ VirtQueueElement elem;
+ int len, total;
+ const struct iovec *sg = elem.in_sg;
+
+ total = 0;
+
+ if (virtqueue_pop(q->rx_vq, &elem) == 0) {
+ if (i == 0)
+ return -1;
+ error_report("virtio-net unexpected empty queue: "
+ "i %zd mergeable %d offset %zd, size %zd, "
+ "guest hdr len %zd, host hdr len %zd guest features 0x%x",
+ i, n->mergeable_rx_bufs, offset, size,
+ n->guest_hdr_len, n->host_hdr_len, vdev->guest_features);
+ exit(1);
+ }
+
+ if (elem.in_num < 1) {
+ error_report("virtio-net receive queue contains no in buffers");
+ exit(1);
+ }
+
+ if (i == 0) {
+ assert(offset == 0);
+ if (n->mergeable_rx_bufs) {
+ mhdr_cnt = iov_copy(mhdr_sg, ARRAY_SIZE(mhdr_sg),
+ sg, elem.in_num,
+ offsetof(typeof(mhdr), num_buffers),
+ sizeof(mhdr.num_buffers));
+ }
+
+ receive_header(n, sg, elem.in_num, buf, size);
+ offset = n->host_hdr_len;
+ total += n->guest_hdr_len;
+ guest_offset = n->guest_hdr_len;
+ } else {
+ guest_offset = 0;
+ }
+
+ /* copy in packet. ugh */
+ len = iov_from_buf(sg, elem.in_num, guest_offset,
+ buf + offset, size - offset);
+ total += len;
+ offset += len;
+ /* If buffers can't be merged, at this point we
+ * must have consumed the complete packet.
+ * Otherwise, drop it. */
+ if (!n->mergeable_rx_bufs && offset < size) {
+#if 0
+ error_report("virtio-net truncated non-mergeable packet: "
+ "i %zd mergeable %d offset %zd, size %zd, "
+ "guest hdr len %zd, host hdr len %zd",
+ i, n->mergeable_rx_bufs,
+ offset, size, n->guest_hdr_len, n->host_hdr_len);
+#endif
+ return size;
+ }
+
+ /* signal other side */
+ virtqueue_fill(q->rx_vq, &elem, total, i++);
+ }
+
+ if (mhdr_cnt) {
+ stw_p(&mhdr.num_buffers, i);
+ iov_from_buf(mhdr_sg, mhdr_cnt,
+ 0,
+ &mhdr.num_buffers, sizeof mhdr.num_buffers);
+ }
+
+ virtqueue_flush(q->rx_vq, i);
+ virtio_notify(vdev, q->rx_vq);
+
+ return size;
+}
+
+static int32_t virtio_net_flush_tx(VirtIONetQueue *q);
+
+static void virtio_net_tx_complete(NetClientState *nc, ssize_t len)
+{
+ VirtIONet *n = qemu_get_nic_opaque(nc);
+ VirtIONetQueue *q = virtio_net_get_subqueue(nc);
+ VirtIODevice *vdev = VIRTIO_DEVICE(n);
+
+ virtqueue_push(q->tx_vq, &q->async_tx.elem, 0);
+ virtio_notify(vdev, q->tx_vq);
+
+ q->async_tx.elem.out_num = q->async_tx.len = 0;
+
+ virtio_queue_set_notification(q->tx_vq, 1);
+ virtio_net_flush_tx(q);
+}
+
+/* TX */
+static int32_t virtio_net_flush_tx(VirtIONetQueue *q)
+{
+ VirtIONet *n = q->n;
+ VirtIODevice *vdev = VIRTIO_DEVICE(n);
+ VirtQueueElement elem;
+ int32_t num_packets = 0;
+ int queue_index = vq2q(virtio_get_queue_index(q->tx_vq));
+ if (!(vdev->status & VIRTIO_CONFIG_S_DRIVER_OK)) {
+ return num_packets;
+ }
+
+ assert(vdev->vm_running);
+
+ if (q->async_tx.elem.out_num) {
+ virtio_queue_set_notification(q->tx_vq, 0);
+ return num_packets;
+ }
+
+ while (virtqueue_pop(q->tx_vq, &elem)) {
+ ssize_t ret, len;
+ unsigned int out_num = elem.out_num;
+ struct iovec *out_sg = &elem.out_sg[0];
+ struct iovec sg[VIRTQUEUE_MAX_SIZE];
+
+ if (out_num < 1) {
+ error_report("virtio-net header not in first element");
+ exit(1);
+ }
+
+ /*
+ * If host wants to see the guest header as is, we can
+ * pass it on unchanged. Otherwise, copy just the parts
+ * that host is interested in.
+ */
+ assert(n->host_hdr_len <= n->guest_hdr_len);
+ if (n->host_hdr_len != n->guest_hdr_len) {
+ unsigned sg_num = iov_copy(sg, ARRAY_SIZE(sg),
+ out_sg, out_num,
+ 0, n->host_hdr_len);
+ sg_num += iov_copy(sg + sg_num, ARRAY_SIZE(sg) - sg_num,
+ out_sg, out_num,
+ n->guest_hdr_len, -1);
+ out_num = sg_num;
+ out_sg = sg;
+ }
+
+ len = n->guest_hdr_len;
+
+ ret = qemu_sendv_packet_async(qemu_get_subqueue(n->nic, queue_index),
+ out_sg, out_num, virtio_net_tx_complete);
+ if (ret == 0) {
+ virtio_queue_set_notification(q->tx_vq, 0);
+ q->async_tx.elem = elem;
+ q->async_tx.len = len;
+ return -EBUSY;
+ }
+
+ len += ret;
+
+ virtqueue_push(q->tx_vq, &elem, 0);
+ virtio_notify(vdev, q->tx_vq);
+
+ if (++num_packets >= n->tx_burst) {
+ break;
+ }
+ }
+ return num_packets;
+}
+
+static void virtio_net_handle_tx_timer(VirtIODevice *vdev, VirtQueue *vq)
+{
+ VirtIONet *n = VIRTIO_NET(vdev);
+ VirtIONetQueue *q = &n->vqs[vq2q(virtio_get_queue_index(vq))];
+
+ /* This happens when device was stopped but VCPU wasn't. */
+ if (!vdev->vm_running) {
+ q->tx_waiting = 1;
+ return;
+ }
+
+ if (q->tx_waiting) {
+ virtio_queue_set_notification(vq, 1);
+ qemu_del_timer(q->tx_timer);
+ q->tx_waiting = 0;
+ virtio_net_flush_tx(q);
+ } else {
+ qemu_mod_timer(q->tx_timer,
+ qemu_get_clock_ns(vm_clock) + n->tx_timeout);
+ q->tx_waiting = 1;
+ virtio_queue_set_notification(vq, 0);
+ }
+}
+
+static void virtio_net_handle_tx_bh(VirtIODevice *vdev, VirtQueue *vq)
+{
+ VirtIONet *n = VIRTIO_NET(vdev);
+ VirtIONetQueue *q = &n->vqs[vq2q(virtio_get_queue_index(vq))];
+
+ if (unlikely(q->tx_waiting)) {
+ return;
+ }
+ q->tx_waiting = 1;
+ /* This happens when device was stopped but VCPU wasn't. */
+ if (!vdev->vm_running) {
+ return;
+ }
+ virtio_queue_set_notification(vq, 0);
+ qemu_bh_schedule(q->tx_bh);
+}
+
+static void virtio_net_tx_timer(void *opaque)
+{
+ VirtIONetQueue *q = opaque;
+ VirtIONet *n = q->n;
+ VirtIODevice *vdev = VIRTIO_DEVICE(n);
+ assert(vdev->vm_running);
+
+ q->tx_waiting = 0;
+
+ /* Just in case the driver is not ready on more */
+ if (!(vdev->status & VIRTIO_CONFIG_S_DRIVER_OK)) {
+ return;
+ }
+
+ virtio_queue_set_notification(q->tx_vq, 1);
+ virtio_net_flush_tx(q);
+}
+
+static void virtio_net_tx_bh(void *opaque)
+{
+ VirtIONetQueue *q = opaque;
+ VirtIONet *n = q->n;
+ VirtIODevice *vdev = VIRTIO_DEVICE(n);
+ int32_t ret;
+
+ assert(vdev->vm_running);
+
+ q->tx_waiting = 0;
+
+ /* Just in case the driver is not ready on more */
+ if (unlikely(!(vdev->status & VIRTIO_CONFIG_S_DRIVER_OK))) {
+ return;
+ }
+
+ ret = virtio_net_flush_tx(q);
+ if (ret == -EBUSY) {
+ return; /* Notification re-enable handled by tx_complete */
+ }
+
+ /* If we flush a full burst of packets, assume there are
+ * more coming and immediately reschedule */
+ if (ret >= n->tx_burst) {
+ qemu_bh_schedule(q->tx_bh);
+ q->tx_waiting = 1;
+ return;
+ }
+
+ /* If less than a full burst, re-enable notification and flush
+ * anything that may have come in while we weren't looking. If
+ * we find something, assume the guest is still active and reschedule */
+ virtio_queue_set_notification(q->tx_vq, 1);
+ if (virtio_net_flush_tx(q) > 0) {
+ virtio_queue_set_notification(q->tx_vq, 0);
+ qemu_bh_schedule(q->tx_bh);
+ q->tx_waiting = 1;
+ }
+}
+
+static void virtio_net_set_multiqueue(VirtIONet *n, int multiqueue)
+{
+ VirtIODevice *vdev = VIRTIO_DEVICE(n);
+ int i, max = multiqueue ? n->max_queues : 1;
+
+ n->multiqueue = multiqueue;
+
+ for (i = 2; i <= n->max_queues * 2 + 1; i++) {
+ virtio_del_queue(vdev, i);
+ }
+
+ for (i = 1; i < max; i++) {
+ n->vqs[i].rx_vq = virtio_add_queue(vdev, 256, virtio_net_handle_rx);
+ if (n->vqs[i].tx_timer) {
+ n->vqs[i].tx_vq =
+ virtio_add_queue(vdev, 256, virtio_net_handle_tx_timer);
+ n->vqs[i].tx_timer = qemu_new_timer_ns(vm_clock,
+ virtio_net_tx_timer,
+ &n->vqs[i]);
+ } else {
+ n->vqs[i].tx_vq =
+ virtio_add_queue(vdev, 256, virtio_net_handle_tx_bh);
+ n->vqs[i].tx_bh = qemu_bh_new(virtio_net_tx_bh, &n->vqs[i]);
+ }
+
+ n->vqs[i].tx_waiting = 0;
+ n->vqs[i].n = n;
+ }
+
+ /* Note: Minux Guests (version 3.2.1) use ctrl vq but don't ack
+ * VIRTIO_NET_F_CTRL_VQ. Create ctrl vq unconditionally to avoid
+ * breaking them.
+ */
+ n->ctrl_vq = virtio_add_queue(vdev, 64, virtio_net_handle_ctrl);
+
+ virtio_net_set_queues(n);
+}
+
+static void virtio_net_save(QEMUFile *f, void *opaque)
+{
+ int i;
+ VirtIONet *n = opaque;
+ VirtIODevice *vdev = VIRTIO_DEVICE(n);
+
+ /* At this point, backend must be stopped, otherwise
+ * it might keep writing to memory. */
+ assert(!n->vhost_started);
+ virtio_save(vdev, f);
+
+ qemu_put_buffer(f, n->mac, ETH_ALEN);
+ qemu_put_be32(f, n->vqs[0].tx_waiting);
+ qemu_put_be32(f, n->mergeable_rx_bufs);
+ qemu_put_be16(f, n->status);
+ qemu_put_byte(f, n->promisc);
+ qemu_put_byte(f, n->allmulti);
+ qemu_put_be32(f, n->mac_table.in_use);
+ qemu_put_buffer(f, n->mac_table.macs, n->mac_table.in_use * ETH_ALEN);
+ qemu_put_buffer(f, (uint8_t *)n->vlans, MAX_VLAN >> 3);
+ qemu_put_be32(f, n->has_vnet_hdr);
+ qemu_put_byte(f, n->mac_table.multi_overflow);
+ qemu_put_byte(f, n->mac_table.uni_overflow);
+ qemu_put_byte(f, n->alluni);
+ qemu_put_byte(f, n->nomulti);
+ qemu_put_byte(f, n->nouni);
+ qemu_put_byte(f, n->nobcast);
+ qemu_put_byte(f, n->has_ufo);
+ if (n->max_queues > 1) {
+ qemu_put_be16(f, n->max_queues);
+ qemu_put_be16(f, n->curr_queues);
+ for (i = 1; i < n->curr_queues; i++) {
+ qemu_put_be32(f, n->vqs[i].tx_waiting);
+ }
+ }
+
+ if ((1 << VIRTIO_NET_F_CTRL_GUEST_OFFLOADS) & vdev->guest_features) {
+ qemu_put_be64(f, n->curr_guest_offloads);
+ }
+}
+
+static int virtio_net_load(QEMUFile *f, void *opaque, int version_id)
+{
+ VirtIONet *n = opaque;
+ VirtIODevice *vdev = VIRTIO_DEVICE(n);
+ int ret, i, link_down;
+
+ if (version_id < 2 || version_id > VIRTIO_NET_VM_VERSION)
+ return -EINVAL;
+
+ ret = virtio_load(vdev, f);
+ if (ret) {
+ return ret;
+ }
+
+ qemu_get_buffer(f, n->mac, ETH_ALEN);
+ n->vqs[0].tx_waiting = qemu_get_be32(f);
+
+ virtio_net_set_mrg_rx_bufs(n, qemu_get_be32(f));
+
+ if (version_id >= 3)
+ n->status = qemu_get_be16(f);
+
+ if (version_id >= 4) {
+ if (version_id < 8) {
+ n->promisc = qemu_get_be32(f);
+ n->allmulti = qemu_get_be32(f);
+ } else {
+ n->promisc = qemu_get_byte(f);
+ n->allmulti = qemu_get_byte(f);
+ }
+ }
+
+ if (version_id >= 5) {
+ n->mac_table.in_use = qemu_get_be32(f);
+ /* MAC_TABLE_ENTRIES may be different from the saved image */
+ if (n->mac_table.in_use <= MAC_TABLE_ENTRIES) {
+ qemu_get_buffer(f, n->mac_table.macs,
+ n->mac_table.in_use * ETH_ALEN);
+ } else if (n->mac_table.in_use) {
+ uint8_t *buf = g_malloc0(n->mac_table.in_use);
+ qemu_get_buffer(f, buf, n->mac_table.in_use * ETH_ALEN);
+ g_free(buf);
+ n->mac_table.multi_overflow = n->mac_table.uni_overflow = 1;
+ n->mac_table.in_use = 0;
+ }
+ }
+
+ if (version_id >= 6)
+ qemu_get_buffer(f, (uint8_t *)n->vlans, MAX_VLAN >> 3);
+
+ if (version_id >= 7) {
+ if (qemu_get_be32(f) && !peer_has_vnet_hdr(n)) {
+ error_report("virtio-net: saved image requires vnet_hdr=on");
+ return -1;
+ }
+ }
+
+ if (version_id >= 9) {
+ n->mac_table.multi_overflow = qemu_get_byte(f);
+ n->mac_table.uni_overflow = qemu_get_byte(f);
+ }
+
+ if (version_id >= 10) {
+ n->alluni = qemu_get_byte(f);
+ n->nomulti = qemu_get_byte(f);
+ n->nouni = qemu_get_byte(f);
+ n->nobcast = qemu_get_byte(f);
+ }
+
+ if (version_id >= 11) {
+ if (qemu_get_byte(f) && !peer_has_ufo(n)) {
+ error_report("virtio-net: saved image requires TUN_F_UFO support");
+ return -1;
+ }
+ }
+
+ if (n->max_queues > 1) {
+ if (n->max_queues != qemu_get_be16(f)) {
+ error_report("virtio-net: different max_queues ");
+ return -1;
+ }
+
+ n->curr_queues = qemu_get_be16(f);
+ for (i = 1; i < n->curr_queues; i++) {
+ n->vqs[i].tx_waiting = qemu_get_be32(f);
+ }
+ }
+
+ if ((1 << VIRTIO_NET_F_CTRL_GUEST_OFFLOADS) & vdev->guest_features) {
+ n->curr_guest_offloads = qemu_get_be64(f);
+ } else {
+ n->curr_guest_offloads = virtio_net_supported_guest_offloads(n);
+ }
+
+ if (peer_has_vnet_hdr(n)) {
+ virtio_net_apply_guest_offloads(n);
+ }
+
+ virtio_net_set_queues(n);
+
+ /* Find the first multicast entry in the saved MAC filter */
+ for (i = 0; i < n->mac_table.in_use; i++) {
+ if (n->mac_table.macs[i * ETH_ALEN] & 1) {
+ break;
+ }
+ }
+ n->mac_table.first_multi = i;
+
+ /* nc.link_down can't be migrated, so infer link_down according
+ * to link status bit in n->status */
+ link_down = (n->status & VIRTIO_NET_S_LINK_UP) == 0;
+ for (i = 0; i < n->max_queues; i++) {
+ qemu_get_subqueue(n->nic, i)->link_down = link_down;
+ }
+
+ return 0;
+}
+
+static void virtio_net_cleanup(NetClientState *nc)
+{
+ VirtIONet *n = qemu_get_nic_opaque(nc);
+
+ n->nic = NULL;
+}
+
+static NetClientInfo net_virtio_info = {
+ .type = NET_CLIENT_OPTIONS_KIND_NIC,
+ .size = sizeof(NICState),
+ .can_receive = virtio_net_can_receive,
+ .receive = virtio_net_receive,
+ .cleanup = virtio_net_cleanup,
+ .link_status_changed = virtio_net_set_link_status,
+ .query_rx_filter = virtio_net_query_rxfilter,
+};
+
+static bool virtio_net_guest_notifier_pending(VirtIODevice *vdev, int idx)
+{
+ VirtIONet *n = VIRTIO_NET(vdev);
+ NetClientState *nc = qemu_get_subqueue(n->nic, vq2q(idx));
+ assert(n->vhost_started);
+ return vhost_net_virtqueue_pending(tap_get_vhost_net(nc->peer), idx);
+}
+
+static void virtio_net_guest_notifier_mask(VirtIODevice *vdev, int idx,
+ bool mask)
+{
+ VirtIONet *n = VIRTIO_NET(vdev);
+ NetClientState *nc = qemu_get_subqueue(n->nic, vq2q(idx));
+ assert(n->vhost_started);
+ vhost_net_virtqueue_mask(tap_get_vhost_net(nc->peer),
+ vdev, idx, mask);
+}
+
+void virtio_net_set_config_size(VirtIONet *n, uint32_t host_features)
+{
+ int i, config_size = 0;
+ host_features |= (1 << VIRTIO_NET_F_MAC);
+ for (i = 0; feature_sizes[i].flags != 0; i++) {
+ if (host_features & feature_sizes[i].flags) {
+ config_size = MAX(feature_sizes[i].end, config_size);
+ }
+ }
+ n->config_size = config_size;
+}
+
+void virtio_net_set_netclient_name(VirtIONet *n, const char *name,
+ const char *type)
+{
+ /*
+ * The name can be NULL, the netclient name will be type.x.
+ */
+ assert(type != NULL);
+
+ if (n->netclient_name) {
+ g_free(n->netclient_name);
+ n->netclient_name = NULL;
+ }
+ if (n->netclient_type) {
+ g_free(n->netclient_type);
+ n->netclient_type = NULL;
+ }
+
+ if (name != NULL) {
+ n->netclient_name = g_strdup(name);
+ }
+ n->netclient_type = g_strdup(type);
+}
+
+static int virtio_net_device_init(VirtIODevice *vdev)
+{
+ int i;
+
+ DeviceState *qdev = DEVICE(vdev);
+ VirtIONet *n = VIRTIO_NET(vdev);
+ NetClientState *nc;
+
+ virtio_init(VIRTIO_DEVICE(n), "virtio-net", VIRTIO_ID_NET,
+ n->config_size);
+
+ n->max_queues = MAX(n->nic_conf.queues, 1);
+ n->vqs = g_malloc0(sizeof(VirtIONetQueue) * n->max_queues);
+ n->vqs[0].rx_vq = virtio_add_queue(vdev, 256, virtio_net_handle_rx);
+ n->curr_queues = 1;
+ n->vqs[0].n = n;
+ n->tx_timeout = n->net_conf.txtimer;
+
+ if (n->net_conf.tx && strcmp(n->net_conf.tx, "timer")
+ && strcmp(n->net_conf.tx, "bh")) {
+ error_report("virtio-net: "
+ "Unknown option tx=%s, valid options: \"timer\" \"bh\"",
+ n->net_conf.tx);
+ error_report("Defaulting to \"bh\"");
+ }
+
+ if (n->net_conf.tx && !strcmp(n->net_conf.tx, "timer")) {
+ n->vqs[0].tx_vq = virtio_add_queue(vdev, 256,
+ virtio_net_handle_tx_timer);
+ n->vqs[0].tx_timer = qemu_new_timer_ns(vm_clock, virtio_net_tx_timer,
+ &n->vqs[0]);
+ } else {
+ n->vqs[0].tx_vq = virtio_add_queue(vdev, 256,
+ virtio_net_handle_tx_bh);
+ n->vqs[0].tx_bh = qemu_bh_new(virtio_net_tx_bh, &n->vqs[0]);
+ }
+ n->ctrl_vq = virtio_add_queue(vdev, 64, virtio_net_handle_ctrl);
+ qemu_macaddr_default_if_unset(&n->nic_conf.macaddr);
+ memcpy(&n->mac[0], &n->nic_conf.macaddr, sizeof(n->mac));
+ n->status = VIRTIO_NET_S_LINK_UP;
+
+ if (n->netclient_type) {
+ /*
+ * Happen when virtio_net_set_netclient_name has been called.
+ */
+ n->nic = qemu_new_nic(&net_virtio_info, &n->nic_conf,
+ n->netclient_type, n->netclient_name, n);
+ } else {
+ n->nic = qemu_new_nic(&net_virtio_info, &n->nic_conf,
+ object_get_typename(OBJECT(qdev)), qdev->id, n);
+ }
+
+ peer_test_vnet_hdr(n);
+ if (peer_has_vnet_hdr(n)) {
+ for (i = 0; i < n->max_queues; i++) {
+ tap_using_vnet_hdr(qemu_get_subqueue(n->nic, i)->peer, true);
+ }
+ n->host_hdr_len = sizeof(struct virtio_net_hdr);
+ } else {
+ n->host_hdr_len = 0;
+ }
+
+ qemu_format_nic_info_str(qemu_get_queue(n->nic), n->nic_conf.macaddr.a);
+
+ n->vqs[0].tx_waiting = 0;
+ n->tx_burst = n->net_conf.txburst;
+ virtio_net_set_mrg_rx_bufs(n, 0);
+ n->promisc = 1; /* for compatibility */
+
+ n->mac_table.macs = g_malloc0(MAC_TABLE_ENTRIES * ETH_ALEN);
+
+ n->vlans = g_malloc0(MAX_VLAN >> 3);
+
+ nc = qemu_get_queue(n->nic);
+ nc->rxfilter_notify_enabled = 1;
+
+ n->qdev = qdev;
+ register_savevm(qdev, "virtio-net", -1, VIRTIO_NET_VM_VERSION,
+ virtio_net_save, virtio_net_load, n);
+
+ add_boot_device_path(n->nic_conf.bootindex, qdev, "/ethernet-phy@0");
+ return 0;
+}
+
+static int virtio_net_device_exit(DeviceState *qdev)
+{
+ VirtIONet *n = VIRTIO_NET(qdev);
+ VirtIODevice *vdev = VIRTIO_DEVICE(qdev);
+ int i;
+
+ /* This will stop vhost backend if appropriate. */
+ virtio_net_set_status(vdev, 0);
+
+ unregister_savevm(qdev, "virtio-net", n);
+
+ if (n->netclient_name) {
+ g_free(n->netclient_name);
+ n->netclient_name = NULL;
+ }
+ if (n->netclient_type) {
+ g_free(n->netclient_type);
+ n->netclient_type = NULL;
+ }
+
+ g_free(n->mac_table.macs);
+ g_free(n->vlans);
+
+ for (i = 0; i < n->max_queues; i++) {
+ VirtIONetQueue *q = &n->vqs[i];
+ NetClientState *nc = qemu_get_subqueue(n->nic, i);
+
+ qemu_purge_queued_packets(nc);
+
+ if (q->tx_timer) {
+ qemu_del_timer(q->tx_timer);
+ qemu_free_timer(q->tx_timer);
+ } else {
+ qemu_bh_delete(q->tx_bh);
+ }
+ }
+
+ g_free(n->vqs);
+ qemu_del_nic(n->nic);
+ virtio_cleanup(vdev);
+
+ return 0;
+}
+
+static void virtio_net_instance_init(Object *obj)
+{
+ VirtIONet *n = VIRTIO_NET(obj);
+
+ /*
+ * The default config_size is sizeof(struct virtio_net_config).
+ * Can be overriden with virtio_net_set_config_size.
+ */
+ n->config_size = sizeof(struct virtio_net_config);
+}
+
+static Property virtio_net_properties[] = {
+ DEFINE_NIC_PROPERTIES(VirtIONet, nic_conf),
+ DEFINE_PROP_UINT32("x-txtimer", VirtIONet, net_conf.txtimer,
+ TX_TIMER_INTERVAL),
+ DEFINE_PROP_INT32("x-txburst", VirtIONet, net_conf.txburst, TX_BURST),
+ DEFINE_PROP_STRING("tx", VirtIONet, net_conf.tx),
+ DEFINE_PROP_END_OF_LIST(),
+};
+
+static void virtio_net_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ VirtioDeviceClass *vdc = VIRTIO_DEVICE_CLASS(klass);
+ dc->exit = virtio_net_device_exit;
+ dc->props = virtio_net_properties;
+ set_bit(DEVICE_CATEGORY_NETWORK, dc->categories);
+ vdc->init = virtio_net_device_init;
+ vdc->get_config = virtio_net_get_config;
+ vdc->set_config = virtio_net_set_config;
+ vdc->get_features = virtio_net_get_features;
+ vdc->set_features = virtio_net_set_features;
+ vdc->bad_features = virtio_net_bad_features;
+ vdc->reset = virtio_net_reset;
+ vdc->set_status = virtio_net_set_status;
+ vdc->guest_notifier_mask = virtio_net_guest_notifier_mask;
+ vdc->guest_notifier_pending = virtio_net_guest_notifier_pending;
+}
+
+static const TypeInfo virtio_net_info = {
+ .name = TYPE_VIRTIO_NET,
+ .parent = TYPE_VIRTIO_DEVICE,
+ .instance_size = sizeof(VirtIONet),
+ .instance_init = virtio_net_instance_init,
+ .class_init = virtio_net_class_init,
+};
+
+static void virtio_register_types(void)
+{
+ type_register_static(&virtio_net_info);
+}
+
+type_init(virtio_register_types)
diff --git a/hw/net/vmware_utils.h b/hw/net/vmware_utils.h
new file mode 100644
index 000000000..5307e2ccc
--- /dev/null
+++ b/hw/net/vmware_utils.h
@@ -0,0 +1,143 @@
+/*
+ * QEMU VMWARE paravirtual devices - auxiliary code
+ *
+ * Copyright (c) 2012 Ravello Systems LTD (http://ravellosystems.com)
+ *
+ * Developed by Daynix Computing LTD (http://www.daynix.com)
+ *
+ * Authors:
+ * Dmitry Fleytman <dmitry@daynix.com>
+ * Yan Vugenfirer <yan@daynix.com>
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or later.
+ * See the COPYING file in the top-level directory.
+ *
+ */
+
+#ifndef VMWARE_UTILS_H
+#define VMWARE_UTILS_H
+
+#include "qemu/range.h"
+
+#ifndef VMW_SHPRN
+#define VMW_SHPRN(fmt, ...) do {} while (0)
+#endif
+
+/*
+ * Shared memory access functions with byte swap support
+ * Each function contains printout for reverse-engineering needs
+ *
+ */
+static inline void
+vmw_shmem_read(hwaddr addr, void *buf, int len)
+{
+ VMW_SHPRN("SHMEM r: %" PRIx64 ", len: %d to %p", addr, len, buf);
+ cpu_physical_memory_read(addr, buf, len);
+}
+
+static inline void
+vmw_shmem_write(hwaddr addr, void *buf, int len)
+{
+ VMW_SHPRN("SHMEM w: %" PRIx64 ", len: %d to %p", addr, len, buf);
+ cpu_physical_memory_write(addr, buf, len);
+}
+
+static inline void
+vmw_shmem_rw(hwaddr addr, void *buf, int len, int is_write)
+{
+ VMW_SHPRN("SHMEM r/w: %" PRIx64 ", len: %d (to %p), is write: %d",
+ addr, len, buf, is_write);
+
+ cpu_physical_memory_rw(addr, buf, len, is_write);
+}
+
+static inline void
+vmw_shmem_set(hwaddr addr, uint8 val, int len)
+{
+ int i;
+ VMW_SHPRN("SHMEM set: %" PRIx64 ", len: %d (value 0x%X)", addr, len, val);
+
+ for (i = 0; i < len; i++) {
+ cpu_physical_memory_write(addr + i, &val, 1);
+ }
+}
+
+static inline uint32_t
+vmw_shmem_ld8(hwaddr addr)
+{
+ uint8_t res = ldub_phys(addr);
+ VMW_SHPRN("SHMEM load8: %" PRIx64 " (value 0x%X)", addr, res);
+ return res;
+}
+
+static inline void
+vmw_shmem_st8(hwaddr addr, uint8_t value)
+{
+ VMW_SHPRN("SHMEM store8: %" PRIx64 " (value 0x%X)", addr, value);
+ stb_phys(addr, value);
+}
+
+static inline uint32_t
+vmw_shmem_ld16(hwaddr addr)
+{
+ uint16_t res = lduw_le_phys(addr);
+ VMW_SHPRN("SHMEM load16: %" PRIx64 " (value 0x%X)", addr, res);
+ return res;
+}
+
+static inline void
+vmw_shmem_st16(hwaddr addr, uint16_t value)
+{
+ VMW_SHPRN("SHMEM store16: %" PRIx64 " (value 0x%X)", addr, value);
+ stw_le_phys(addr, value);
+}
+
+static inline uint32_t
+vmw_shmem_ld32(hwaddr addr)
+{
+ uint32_t res = ldl_le_phys(addr);
+ VMW_SHPRN("SHMEM load32: %" PRIx64 " (value 0x%X)", addr, res);
+ return res;
+}
+
+static inline void
+vmw_shmem_st32(hwaddr addr, uint32_t value)
+{
+ VMW_SHPRN("SHMEM store32: %" PRIx64 " (value 0x%X)", addr, value);
+ stl_le_phys(addr, value);
+}
+
+static inline uint64_t
+vmw_shmem_ld64(hwaddr addr)
+{
+ uint64_t res = ldq_le_phys(addr);
+ VMW_SHPRN("SHMEM load64: %" PRIx64 " (value %" PRIx64 ")", addr, res);
+ return res;
+}
+
+static inline void
+vmw_shmem_st64(hwaddr addr, uint64_t value)
+{
+ VMW_SHPRN("SHMEM store64: %" PRIx64 " (value %" PRIx64 ")", addr, value);
+ stq_le_phys(addr, value);
+}
+
+/* Macros for simplification of operations on array-style registers */
+
+/*
+ * Whether <addr> lies inside of array-style register defined by <base>,
+ * number of elements (<cnt>) and element size (<regsize>)
+ *
+*/
+#define VMW_IS_MULTIREG_ADDR(addr, base, cnt, regsize) \
+ range_covers_byte(base, cnt * regsize, addr)
+
+/*
+ * Returns index of given register (<addr>) in array-style register defined by
+ * <base> and element size (<regsize>)
+ *
+*/
+#define VMW_MULTIREG_IDX_BY_ADDR(addr, base, regsize) \
+ (((addr) - (base)) / (regsize))
+
+#endif
diff --git a/hw/net/vmxnet3.c b/hw/net/vmxnet3.c
new file mode 100644
index 000000000..49c246643
--- /dev/null
+++ b/hw/net/vmxnet3.c
@@ -0,0 +1,2472 @@
+/*
+ * QEMU VMWARE VMXNET3 paravirtual NIC
+ *
+ * Copyright (c) 2012 Ravello Systems LTD (http://ravellosystems.com)
+ *
+ * Developed by Daynix Computing LTD (http://www.daynix.com)
+ *
+ * Authors:
+ * Dmitry Fleytman <dmitry@daynix.com>
+ * Tamir Shomer <tamirs@daynix.com>
+ * Yan Vugenfirer <yan@daynix.com>
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2.
+ * See the COPYING file in the top-level directory.
+ *
+ */
+
+#include "hw/hw.h"
+#include "hw/pci/pci.h"
+#include "net/net.h"
+#include "net/tap.h"
+#include "net/checksum.h"
+#include "sysemu/sysemu.h"
+#include "qemu-common.h"
+#include "qemu/bswap.h"
+#include "hw/pci/msix.h"
+#include "hw/pci/msi.h"
+
+#include "vmxnet3.h"
+#include "vmxnet_debug.h"
+#include "vmware_utils.h"
+#include "vmxnet_tx_pkt.h"
+#include "vmxnet_rx_pkt.h"
+
+#define PCI_DEVICE_ID_VMWARE_VMXNET3_REVISION 0x1
+#define VMXNET3_MSIX_BAR_SIZE 0x2000
+
+#define VMXNET3_BAR0_IDX (0)
+#define VMXNET3_BAR1_IDX (1)
+#define VMXNET3_MSIX_BAR_IDX (2)
+
+#define VMXNET3_OFF_MSIX_TABLE (0x000)
+#define VMXNET3_OFF_MSIX_PBA (0x800)
+
+/* Link speed in Mbps should be shifted by 16 */
+#define VMXNET3_LINK_SPEED (1000 << 16)
+
+/* Link status: 1 - up, 0 - down. */
+#define VMXNET3_LINK_STATUS_UP 0x1
+
+/* Least significant bit should be set for revision and version */
+#define VMXNET3_DEVICE_VERSION 0x1
+#define VMXNET3_DEVICE_REVISION 0x1
+
+/* Macros for rings descriptors access */
+#define VMXNET3_READ_TX_QUEUE_DESCR8(dpa, field) \
+ (vmw_shmem_ld8(dpa + offsetof(struct Vmxnet3_TxQueueDesc, field)))
+
+#define VMXNET3_WRITE_TX_QUEUE_DESCR8(dpa, field, value) \
+ (vmw_shmem_st8(dpa + offsetof(struct Vmxnet3_TxQueueDesc, field, value)))
+
+#define VMXNET3_READ_TX_QUEUE_DESCR32(dpa, field) \
+ (vmw_shmem_ld32(dpa + offsetof(struct Vmxnet3_TxQueueDesc, field)))
+
+#define VMXNET3_WRITE_TX_QUEUE_DESCR32(dpa, field, value) \
+ (vmw_shmem_st32(dpa + offsetof(struct Vmxnet3_TxQueueDesc, field), value))
+
+#define VMXNET3_READ_TX_QUEUE_DESCR64(dpa, field) \
+ (vmw_shmem_ld64(dpa + offsetof(struct Vmxnet3_TxQueueDesc, field)))
+
+#define VMXNET3_WRITE_TX_QUEUE_DESCR64(dpa, field, value) \
+ (vmw_shmem_st64(dpa + offsetof(struct Vmxnet3_TxQueueDesc, field), value))
+
+#define VMXNET3_READ_RX_QUEUE_DESCR64(dpa, field) \
+ (vmw_shmem_ld64(dpa + offsetof(struct Vmxnet3_RxQueueDesc, field)))
+
+#define VMXNET3_READ_RX_QUEUE_DESCR32(dpa, field) \
+ (vmw_shmem_ld32(dpa + offsetof(struct Vmxnet3_RxQueueDesc, field)))
+
+#define VMXNET3_WRITE_RX_QUEUE_DESCR64(dpa, field, value) \
+ (vmw_shmem_st64(dpa + offsetof(struct Vmxnet3_RxQueueDesc, field), value))
+
+#define VMXNET3_WRITE_RX_QUEUE_DESCR8(dpa, field, value) \
+ (vmw_shmem_st8(dpa + offsetof(struct Vmxnet3_RxQueueDesc, field), value))
+
+/* Macros for guest driver shared area access */
+#define VMXNET3_READ_DRV_SHARED64(shpa, field) \
+ (vmw_shmem_ld64(shpa + offsetof(struct Vmxnet3_DriverShared, field)))
+
+#define VMXNET3_READ_DRV_SHARED32(shpa, field) \
+ (vmw_shmem_ld32(shpa + offsetof(struct Vmxnet3_DriverShared, field)))
+
+#define VMXNET3_WRITE_DRV_SHARED32(shpa, field, val) \
+ (vmw_shmem_st32(shpa + offsetof(struct Vmxnet3_DriverShared, field), val))
+
+#define VMXNET3_READ_DRV_SHARED16(shpa, field) \
+ (vmw_shmem_ld16(shpa + offsetof(struct Vmxnet3_DriverShared, field)))
+
+#define VMXNET3_READ_DRV_SHARED8(shpa, field) \
+ (vmw_shmem_ld8(shpa + offsetof(struct Vmxnet3_DriverShared, field)))
+
+#define VMXNET3_READ_DRV_SHARED(shpa, field, b, l) \
+ (vmw_shmem_read(shpa + offsetof(struct Vmxnet3_DriverShared, field), b, l))
+
+#define VMXNET_FLAG_IS_SET(field, flag) (((field) & (flag)) == (flag))
+
+#define TYPE_VMXNET3 "vmxnet3"
+#define VMXNET3(obj) OBJECT_CHECK(VMXNET3State, (obj), TYPE_VMXNET3)
+
+/* Cyclic ring abstraction */
+typedef struct {
+ hwaddr pa;
+ size_t size;
+ size_t cell_size;
+ size_t next;
+ uint8_t gen;
+} Vmxnet3Ring;
+
+static inline void vmxnet3_ring_init(Vmxnet3Ring *ring,
+ hwaddr pa,
+ size_t size,
+ size_t cell_size,
+ bool zero_region)
+{
+ ring->pa = pa;
+ ring->size = size;
+ ring->cell_size = cell_size;
+ ring->gen = VMXNET3_INIT_GEN;
+ ring->next = 0;
+
+ if (zero_region) {
+ vmw_shmem_set(pa, 0, size * cell_size);
+ }
+}
+
+#define VMXNET3_RING_DUMP(macro, ring_name, ridx, r) \
+ macro("%s#%d: base %" PRIx64 " size %lu cell_size %lu gen %d next %lu", \
+ (ring_name), (ridx), \
+ (r)->pa, (r)->size, (r)->cell_size, (r)->gen, (r)->next)
+
+static inline void vmxnet3_ring_inc(Vmxnet3Ring *ring)
+{
+ if (++ring->next >= ring->size) {
+ ring->next = 0;
+ ring->gen ^= 1;
+ }
+}
+
+static inline void vmxnet3_ring_dec(Vmxnet3Ring *ring)
+{
+ if (ring->next-- == 0) {
+ ring->next = ring->size - 1;
+ ring->gen ^= 1;
+ }
+}
+
+static inline hwaddr vmxnet3_ring_curr_cell_pa(Vmxnet3Ring *ring)
+{
+ return ring->pa + ring->next * ring->cell_size;
+}
+
+static inline void vmxnet3_ring_read_curr_cell(Vmxnet3Ring *ring, void *buff)
+{
+ vmw_shmem_read(vmxnet3_ring_curr_cell_pa(ring), buff, ring->cell_size);
+}
+
+static inline void vmxnet3_ring_write_curr_cell(Vmxnet3Ring *ring, void *buff)
+{
+ vmw_shmem_write(vmxnet3_ring_curr_cell_pa(ring), buff, ring->cell_size);
+}
+
+static inline size_t vmxnet3_ring_curr_cell_idx(Vmxnet3Ring *ring)
+{
+ return ring->next;
+}
+
+static inline uint8_t vmxnet3_ring_curr_gen(Vmxnet3Ring *ring)
+{
+ return ring->gen;
+}
+
+/* Debug trace-related functions */
+static inline void
+vmxnet3_dump_tx_descr(struct Vmxnet3_TxDesc *descr)
+{
+ VMW_PKPRN("TX DESCR: "
+ "addr %" PRIx64 ", len: %d, gen: %d, rsvd: %d, "
+ "dtype: %d, ext1: %d, msscof: %d, hlen: %d, om: %d, "
+ "eop: %d, cq: %d, ext2: %d, ti: %d, tci: %d",
+ le64_to_cpu(descr->addr), descr->len, descr->gen, descr->rsvd,
+ descr->dtype, descr->ext1, descr->msscof, descr->hlen, descr->om,
+ descr->eop, descr->cq, descr->ext2, descr->ti, descr->tci);
+}
+
+static inline void
+vmxnet3_dump_virt_hdr(struct virtio_net_hdr *vhdr)
+{
+ VMW_PKPRN("VHDR: flags 0x%x, gso_type: 0x%x, hdr_len: %d, gso_size: %d, "
+ "csum_start: %d, csum_offset: %d",
+ vhdr->flags, vhdr->gso_type, vhdr->hdr_len, vhdr->gso_size,
+ vhdr->csum_start, vhdr->csum_offset);
+}
+
+static inline void
+vmxnet3_dump_rx_descr(struct Vmxnet3_RxDesc *descr)
+{
+ VMW_PKPRN("RX DESCR: addr %" PRIx64 ", len: %d, gen: %d, rsvd: %d, "
+ "dtype: %d, ext1: %d, btype: %d",
+ le64_to_cpu(descr->addr), descr->len, descr->gen,
+ descr->rsvd, descr->dtype, descr->ext1, descr->btype);
+}
+
+/* Device state and helper functions */
+#define VMXNET3_RX_RINGS_PER_QUEUE (2)
+
+typedef struct {
+ Vmxnet3Ring tx_ring;
+ Vmxnet3Ring comp_ring;
+
+ uint8_t intr_idx;
+ hwaddr tx_stats_pa;
+ struct UPT1_TxStats txq_stats;
+} Vmxnet3TxqDescr;
+
+typedef struct {
+ Vmxnet3Ring rx_ring[VMXNET3_RX_RINGS_PER_QUEUE];
+ Vmxnet3Ring comp_ring;
+ uint8_t intr_idx;
+ hwaddr rx_stats_pa;
+ struct UPT1_RxStats rxq_stats;
+} Vmxnet3RxqDescr;
+
+typedef struct {
+ bool is_masked;
+ bool is_pending;
+ bool is_asserted;
+} Vmxnet3IntState;
+
+typedef struct {
+ PCIDevice parent_obj;
+ NICState *nic;
+ NICConf conf;
+ MemoryRegion bar0;
+ MemoryRegion bar1;
+ MemoryRegion msix_bar;
+
+ Vmxnet3RxqDescr rxq_descr[VMXNET3_DEVICE_MAX_RX_QUEUES];
+ Vmxnet3TxqDescr txq_descr[VMXNET3_DEVICE_MAX_TX_QUEUES];
+
+ /* Whether MSI-X support was installed successfully */
+ bool msix_used;
+ /* Whether MSI support was installed successfully */
+ bool msi_used;
+ hwaddr drv_shmem;
+ hwaddr temp_shared_guest_driver_memory;
+
+ uint8_t txq_num;
+
+ /* This boolean tells whether RX packet being indicated has to */
+ /* be split into head and body chunks from different RX rings */
+ bool rx_packets_compound;
+
+ bool rx_vlan_stripping;
+ bool lro_supported;
+
+ uint8_t rxq_num;
+
+ /* Network MTU */
+ uint32_t mtu;
+
+ /* Maximum number of fragments for indicated TX packets */
+ uint32_t max_tx_frags;
+
+ /* Maximum number of fragments for indicated RX packets */
+ uint16_t max_rx_frags;
+
+ /* Index for events interrupt */
+ uint8_t event_int_idx;
+
+ /* Whether automatic interrupts masking enabled */
+ bool auto_int_masking;
+
+ bool peer_has_vhdr;
+
+ /* TX packets to QEMU interface */
+ struct VmxnetTxPkt *tx_pkt;
+ uint32_t offload_mode;
+ uint32_t cso_or_gso_size;
+ uint16_t tci;
+ bool needs_vlan;
+
+ struct VmxnetRxPkt *rx_pkt;
+
+ bool tx_sop;
+ bool skip_current_tx_pkt;
+
+ uint32_t device_active;
+ uint32_t last_command;
+
+ uint32_t link_status_and_speed;
+
+ Vmxnet3IntState interrupt_states[VMXNET3_MAX_INTRS];
+
+ uint32_t temp_mac; /* To store the low part first */
+
+ MACAddr perm_mac;
+ uint32_t vlan_table[VMXNET3_VFT_SIZE];
+ uint32_t rx_mode;
+ MACAddr *mcast_list;
+ uint32_t mcast_list_len;
+ uint32_t mcast_list_buff_size; /* needed for live migration. */
+} VMXNET3State;
+
+/* Interrupt management */
+
+/*
+ *This function returns sign whether interrupt line is in asserted state
+ * This depends on the type of interrupt used. For INTX interrupt line will
+ * be asserted until explicit deassertion, for MSI(X) interrupt line will
+ * be deasserted automatically due to notification semantics of the MSI(X)
+ * interrupts
+ */
+static bool _vmxnet3_assert_interrupt_line(VMXNET3State *s, uint32_t int_idx)
+{
+ PCIDevice *d = PCI_DEVICE(s);
+
+ if (s->msix_used && msix_enabled(d)) {
+ VMW_IRPRN("Sending MSI-X notification for vector %u", int_idx);
+ msix_notify(d, int_idx);
+ return false;
+ }
+ if (s->msi_used && msi_enabled(d)) {
+ VMW_IRPRN("Sending MSI notification for vector %u", int_idx);
+ msi_notify(d, int_idx);
+ return false;
+ }
+
+ VMW_IRPRN("Asserting line for interrupt %u", int_idx);
+ qemu_set_irq(d->irq[int_idx], 1);
+ return true;
+}
+
+static void _vmxnet3_deassert_interrupt_line(VMXNET3State *s, int lidx)
+{
+ PCIDevice *d = PCI_DEVICE(s);
+
+ /*
+ * This function should never be called for MSI(X) interrupts
+ * because deassertion never required for message interrupts
+ */
+ assert(!s->msix_used || !msix_enabled(d));
+ /*
+ * This function should never be called for MSI(X) interrupts
+ * because deassertion never required for message interrupts
+ */
+ assert(!s->msi_used || !msi_enabled(d));
+
+ VMW_IRPRN("Deasserting line for interrupt %u", lidx);
+ qemu_set_irq(d->irq[lidx], 0);
+}
+
+static void vmxnet3_update_interrupt_line_state(VMXNET3State *s, int lidx)
+{
+ if (!s->interrupt_states[lidx].is_pending &&
+ s->interrupt_states[lidx].is_asserted) {
+ VMW_IRPRN("New interrupt line state for index %d is DOWN", lidx);
+ _vmxnet3_deassert_interrupt_line(s, lidx);
+ s->interrupt_states[lidx].is_asserted = false;
+ return;
+ }
+
+ if (s->interrupt_states[lidx].is_pending &&
+ !s->interrupt_states[lidx].is_masked &&
+ !s->interrupt_states[lidx].is_asserted) {
+ VMW_IRPRN("New interrupt line state for index %d is UP", lidx);
+ s->interrupt_states[lidx].is_asserted =
+ _vmxnet3_assert_interrupt_line(s, lidx);
+ s->interrupt_states[lidx].is_pending = false;
+ return;
+ }
+}
+
+static void vmxnet3_trigger_interrupt(VMXNET3State *s, int lidx)
+{
+ PCIDevice *d = PCI_DEVICE(s);
+ s->interrupt_states[lidx].is_pending = true;
+ vmxnet3_update_interrupt_line_state(s, lidx);
+
+ if (s->msix_used && msix_enabled(d) && s->auto_int_masking) {
+ goto do_automask;
+ }
+
+ if (s->msi_used && msi_enabled(d) && s->auto_int_masking) {
+ goto do_automask;
+ }
+
+ return;
+
+do_automask:
+ s->interrupt_states[lidx].is_masked = true;
+ vmxnet3_update_interrupt_line_state(s, lidx);
+}
+
+static bool vmxnet3_interrupt_asserted(VMXNET3State *s, int lidx)
+{
+ return s->interrupt_states[lidx].is_asserted;
+}
+
+static void vmxnet3_clear_interrupt(VMXNET3State *s, int int_idx)
+{
+ s->interrupt_states[int_idx].is_pending = false;
+ if (s->auto_int_masking) {
+ s->interrupt_states[int_idx].is_masked = true;
+ }
+ vmxnet3_update_interrupt_line_state(s, int_idx);
+}
+
+static void
+vmxnet3_on_interrupt_mask_changed(VMXNET3State *s, int lidx, bool is_masked)
+{
+ s->interrupt_states[lidx].is_masked = is_masked;
+ vmxnet3_update_interrupt_line_state(s, lidx);
+}
+
+static bool vmxnet3_verify_driver_magic(hwaddr dshmem)
+{
+ return (VMXNET3_READ_DRV_SHARED32(dshmem, magic) == VMXNET3_REV1_MAGIC);
+}
+
+#define VMXNET3_GET_BYTE(x, byte_num) (((x) >> (byte_num)*8) & 0xFF)
+#define VMXNET3_MAKE_BYTE(byte_num, val) \
+ (((uint32_t)((val) & 0xFF)) << (byte_num)*8)
+
+static void vmxnet3_set_variable_mac(VMXNET3State *s, uint32_t h, uint32_t l)
+{
+ s->conf.macaddr.a[0] = VMXNET3_GET_BYTE(l, 0);
+ s->conf.macaddr.a[1] = VMXNET3_GET_BYTE(l, 1);
+ s->conf.macaddr.a[2] = VMXNET3_GET_BYTE(l, 2);
+ s->conf.macaddr.a[3] = VMXNET3_GET_BYTE(l, 3);
+ s->conf.macaddr.a[4] = VMXNET3_GET_BYTE(h, 0);
+ s->conf.macaddr.a[5] = VMXNET3_GET_BYTE(h, 1);
+
+ VMW_CFPRN("Variable MAC: " VMXNET_MF, VMXNET_MA(s->conf.macaddr.a));
+
+ qemu_format_nic_info_str(qemu_get_queue(s->nic), s->conf.macaddr.a);
+}
+
+static uint64_t vmxnet3_get_mac_low(MACAddr *addr)
+{
+ return VMXNET3_MAKE_BYTE(0, addr->a[0]) |
+ VMXNET3_MAKE_BYTE(1, addr->a[1]) |
+ VMXNET3_MAKE_BYTE(2, addr->a[2]) |
+ VMXNET3_MAKE_BYTE(3, addr->a[3]);
+}
+
+static uint64_t vmxnet3_get_mac_high(MACAddr *addr)
+{
+ return VMXNET3_MAKE_BYTE(0, addr->a[4]) |
+ VMXNET3_MAKE_BYTE(1, addr->a[5]);
+}
+
+static void
+vmxnet3_inc_tx_consumption_counter(VMXNET3State *s, int qidx)
+{
+ vmxnet3_ring_inc(&s->txq_descr[qidx].tx_ring);
+}
+
+static inline void
+vmxnet3_inc_rx_consumption_counter(VMXNET3State *s, int qidx, int ridx)
+{
+ vmxnet3_ring_inc(&s->rxq_descr[qidx].rx_ring[ridx]);
+}
+
+static inline void
+vmxnet3_inc_tx_completion_counter(VMXNET3State *s, int qidx)
+{
+ vmxnet3_ring_inc(&s->txq_descr[qidx].comp_ring);
+}
+
+static void
+vmxnet3_inc_rx_completion_counter(VMXNET3State *s, int qidx)
+{
+ vmxnet3_ring_inc(&s->rxq_descr[qidx].comp_ring);
+}
+
+static void
+vmxnet3_dec_rx_completion_counter(VMXNET3State *s, int qidx)
+{
+ vmxnet3_ring_dec(&s->rxq_descr[qidx].comp_ring);
+}
+
+static void vmxnet3_complete_packet(VMXNET3State *s, int qidx, uint32 tx_ridx)
+{
+ struct Vmxnet3_TxCompDesc txcq_descr;
+
+ VMXNET3_RING_DUMP(VMW_RIPRN, "TXC", qidx, &s->txq_descr[qidx].comp_ring);
+
+ txcq_descr.txdIdx = tx_ridx;
+ txcq_descr.gen = vmxnet3_ring_curr_gen(&s->txq_descr[qidx].comp_ring);
+
+ vmxnet3_ring_write_curr_cell(&s->txq_descr[qidx].comp_ring, &txcq_descr);
+
+ /* Flush changes in TX descriptor before changing the counter value */
+ smp_wmb();
+
+ vmxnet3_inc_tx_completion_counter(s, qidx);
+ vmxnet3_trigger_interrupt(s, s->txq_descr[qidx].intr_idx);
+}
+
+static bool
+vmxnet3_setup_tx_offloads(VMXNET3State *s)
+{
+ switch (s->offload_mode) {
+ case VMXNET3_OM_NONE:
+ vmxnet_tx_pkt_build_vheader(s->tx_pkt, false, false, 0);
+ break;
+
+ case VMXNET3_OM_CSUM:
+ vmxnet_tx_pkt_build_vheader(s->tx_pkt, false, true, 0);
+ VMW_PKPRN("L4 CSO requested\n");
+ break;
+
+ case VMXNET3_OM_TSO:
+ vmxnet_tx_pkt_build_vheader(s->tx_pkt, true, true,
+ s->cso_or_gso_size);
+ vmxnet_tx_pkt_update_ip_checksums(s->tx_pkt);
+ VMW_PKPRN("GSO offload requested.");
+ break;
+
+ default:
+ g_assert_not_reached();
+ return false;
+ }
+
+ return true;
+}
+
+static void
+vmxnet3_tx_retrieve_metadata(VMXNET3State *s,
+ const struct Vmxnet3_TxDesc *txd)
+{
+ s->offload_mode = txd->om;
+ s->cso_or_gso_size = txd->msscof;
+ s->tci = txd->tci;
+ s->needs_vlan = txd->ti;
+}
+
+typedef enum {
+ VMXNET3_PKT_STATUS_OK,
+ VMXNET3_PKT_STATUS_ERROR,
+ VMXNET3_PKT_STATUS_DISCARD,/* only for tx */
+ VMXNET3_PKT_STATUS_OUT_OF_BUF /* only for rx */
+} Vmxnet3PktStatus;
+
+static void
+vmxnet3_on_tx_done_update_stats(VMXNET3State *s, int qidx,
+ Vmxnet3PktStatus status)
+{
+ size_t tot_len = vmxnet_tx_pkt_get_total_len(s->tx_pkt);
+ struct UPT1_TxStats *stats = &s->txq_descr[qidx].txq_stats;
+
+ switch (status) {
+ case VMXNET3_PKT_STATUS_OK:
+ switch (vmxnet_tx_pkt_get_packet_type(s->tx_pkt)) {
+ case ETH_PKT_BCAST:
+ stats->bcastPktsTxOK++;
+ stats->bcastBytesTxOK += tot_len;
+ break;
+ case ETH_PKT_MCAST:
+ stats->mcastPktsTxOK++;
+ stats->mcastBytesTxOK += tot_len;
+ break;
+ case ETH_PKT_UCAST:
+ stats->ucastPktsTxOK++;
+ stats->ucastBytesTxOK += tot_len;
+ break;
+ default:
+ g_assert_not_reached();
+ }
+
+ if (s->offload_mode == VMXNET3_OM_TSO) {
+ /*
+ * According to VMWARE headers this statistic is a number
+ * of packets after segmentation but since we don't have
+ * this information in QEMU model, the best we can do is to
+ * provide number of non-segmented packets
+ */
+ stats->TSOPktsTxOK++;
+ stats->TSOBytesTxOK += tot_len;
+ }
+ break;
+
+ case VMXNET3_PKT_STATUS_DISCARD:
+ stats->pktsTxDiscard++;
+ break;
+
+ case VMXNET3_PKT_STATUS_ERROR:
+ stats->pktsTxError++;
+ break;
+
+ default:
+ g_assert_not_reached();
+ }
+}
+
+static void
+vmxnet3_on_rx_done_update_stats(VMXNET3State *s,
+ int qidx,
+ Vmxnet3PktStatus status)
+{
+ struct UPT1_RxStats *stats = &s->rxq_descr[qidx].rxq_stats;
+ size_t tot_len = vmxnet_rx_pkt_get_total_len(s->rx_pkt);
+
+ switch (status) {
+ case VMXNET3_PKT_STATUS_OUT_OF_BUF:
+ stats->pktsRxOutOfBuf++;
+ break;
+
+ case VMXNET3_PKT_STATUS_ERROR:
+ stats->pktsRxError++;
+ break;
+ case VMXNET3_PKT_STATUS_OK:
+ switch (vmxnet_rx_pkt_get_packet_type(s->rx_pkt)) {
+ case ETH_PKT_BCAST:
+ stats->bcastPktsRxOK++;
+ stats->bcastBytesRxOK += tot_len;
+ break;
+ case ETH_PKT_MCAST:
+ stats->mcastPktsRxOK++;
+ stats->mcastBytesRxOK += tot_len;
+ break;
+ case ETH_PKT_UCAST:
+ stats->ucastPktsRxOK++;
+ stats->ucastBytesRxOK += tot_len;
+ break;
+ default:
+ g_assert_not_reached();
+ }
+
+ if (tot_len > s->mtu) {
+ stats->LROPktsRxOK++;
+ stats->LROBytesRxOK += tot_len;
+ }
+ break;
+ default:
+ g_assert_not_reached();
+ }
+}
+
+static inline bool
+vmxnet3_pop_next_tx_descr(VMXNET3State *s,
+ int qidx,
+ struct Vmxnet3_TxDesc *txd,
+ uint32_t *descr_idx)
+{
+ Vmxnet3Ring *ring = &s->txq_descr[qidx].tx_ring;
+
+ vmxnet3_ring_read_curr_cell(ring, txd);
+ if (txd->gen == vmxnet3_ring_curr_gen(ring)) {
+ /* Only read after generation field verification */
+ smp_rmb();
+ /* Re-read to be sure we got the latest version */
+ vmxnet3_ring_read_curr_cell(ring, txd);
+ VMXNET3_RING_DUMP(VMW_RIPRN, "TX", qidx, ring);
+ *descr_idx = vmxnet3_ring_curr_cell_idx(ring);
+ vmxnet3_inc_tx_consumption_counter(s, qidx);
+ return true;
+ }
+
+ return false;
+}
+
+static bool
+vmxnet3_send_packet(VMXNET3State *s, uint32_t qidx)
+{
+ Vmxnet3PktStatus status = VMXNET3_PKT_STATUS_OK;
+
+ if (!vmxnet3_setup_tx_offloads(s)) {
+ status = VMXNET3_PKT_STATUS_ERROR;
+ goto func_exit;
+ }
+
+ /* debug prints */
+ vmxnet3_dump_virt_hdr(vmxnet_tx_pkt_get_vhdr(s->tx_pkt));
+ vmxnet_tx_pkt_dump(s->tx_pkt);
+
+ if (!vmxnet_tx_pkt_send(s->tx_pkt, qemu_get_queue(s->nic))) {
+ status = VMXNET3_PKT_STATUS_DISCARD;
+ goto func_exit;
+ }
+
+func_exit:
+ vmxnet3_on_tx_done_update_stats(s, qidx, status);
+ return (status == VMXNET3_PKT_STATUS_OK);
+}
+
+static void vmxnet3_process_tx_queue(VMXNET3State *s, int qidx)
+{
+ struct Vmxnet3_TxDesc txd;
+ uint32_t txd_idx;
+ uint32_t data_len;
+ hwaddr data_pa;
+
+ for (;;) {
+ if (!vmxnet3_pop_next_tx_descr(s, qidx, &txd, &txd_idx)) {
+ break;
+ }
+
+ vmxnet3_dump_tx_descr(&txd);
+
+ if (!s->skip_current_tx_pkt) {
+ data_len = (txd.len > 0) ? txd.len : VMXNET3_MAX_TX_BUF_SIZE;
+ data_pa = le64_to_cpu(txd.addr);
+
+ if (!vmxnet_tx_pkt_add_raw_fragment(s->tx_pkt,
+ data_pa,
+ data_len)) {
+ s->skip_current_tx_pkt = true;
+ }
+ }
+
+ if (s->tx_sop) {
+ vmxnet3_tx_retrieve_metadata(s, &txd);
+ s->tx_sop = false;
+ }
+
+ if (txd.eop) {
+ if (!s->skip_current_tx_pkt) {
+ vmxnet_tx_pkt_parse(s->tx_pkt);
+
+ if (s->needs_vlan) {
+ vmxnet_tx_pkt_setup_vlan_header(s->tx_pkt, s->tci);
+ }
+
+ vmxnet3_send_packet(s, qidx);
+ } else {
+ vmxnet3_on_tx_done_update_stats(s, qidx,
+ VMXNET3_PKT_STATUS_ERROR);
+ }
+
+ vmxnet3_complete_packet(s, qidx, txd_idx);
+ s->tx_sop = true;
+ s->skip_current_tx_pkt = false;
+ vmxnet_tx_pkt_reset(s->tx_pkt);
+ }
+ }
+}
+
+static inline void
+vmxnet3_read_next_rx_descr(VMXNET3State *s, int qidx, int ridx,
+ struct Vmxnet3_RxDesc *dbuf, uint32_t *didx)
+{
+ Vmxnet3Ring *ring = &s->rxq_descr[qidx].rx_ring[ridx];
+ *didx = vmxnet3_ring_curr_cell_idx(ring);
+ vmxnet3_ring_read_curr_cell(ring, dbuf);
+}
+
+static inline uint8_t
+vmxnet3_get_rx_ring_gen(VMXNET3State *s, int qidx, int ridx)
+{
+ return s->rxq_descr[qidx].rx_ring[ridx].gen;
+}
+
+static inline hwaddr
+vmxnet3_pop_rxc_descr(VMXNET3State *s, int qidx, uint32_t *descr_gen)
+{
+ uint8_t ring_gen;
+ struct Vmxnet3_RxCompDesc rxcd;
+
+ hwaddr daddr =
+ vmxnet3_ring_curr_cell_pa(&s->rxq_descr[qidx].comp_ring);
+
+ cpu_physical_memory_read(daddr, &rxcd, sizeof(struct Vmxnet3_RxCompDesc));
+ ring_gen = vmxnet3_ring_curr_gen(&s->rxq_descr[qidx].comp_ring);
+
+ if (rxcd.gen != ring_gen) {
+ *descr_gen = ring_gen;
+ vmxnet3_inc_rx_completion_counter(s, qidx);
+ return daddr;
+ }
+
+ return 0;
+}
+
+static inline void
+vmxnet3_revert_rxc_descr(VMXNET3State *s, int qidx)
+{
+ vmxnet3_dec_rx_completion_counter(s, qidx);
+}
+
+#define RXQ_IDX (0)
+#define RX_HEAD_BODY_RING (0)
+#define RX_BODY_ONLY_RING (1)
+
+static bool
+vmxnet3_get_next_head_rx_descr(VMXNET3State *s,
+ struct Vmxnet3_RxDesc *descr_buf,
+ uint32_t *descr_idx,
+ uint32_t *ridx)
+{
+ for (;;) {
+ uint32_t ring_gen;
+ vmxnet3_read_next_rx_descr(s, RXQ_IDX, RX_HEAD_BODY_RING,
+ descr_buf, descr_idx);
+
+ /* If no more free descriptors - return */
+ ring_gen = vmxnet3_get_rx_ring_gen(s, RXQ_IDX, RX_HEAD_BODY_RING);
+ if (descr_buf->gen != ring_gen) {
+ return false;
+ }
+
+ /* Only read after generation field verification */
+ smp_rmb();
+ /* Re-read to be sure we got the latest version */
+ vmxnet3_read_next_rx_descr(s, RXQ_IDX, RX_HEAD_BODY_RING,
+ descr_buf, descr_idx);
+
+ /* Mark current descriptor as used/skipped */
+ vmxnet3_inc_rx_consumption_counter(s, RXQ_IDX, RX_HEAD_BODY_RING);
+
+ /* If this is what we are looking for - return */
+ if (descr_buf->btype == VMXNET3_RXD_BTYPE_HEAD) {
+ *ridx = RX_HEAD_BODY_RING;
+ return true;
+ }
+ }
+}
+
+static bool
+vmxnet3_get_next_body_rx_descr(VMXNET3State *s,
+ struct Vmxnet3_RxDesc *d,
+ uint32_t *didx,
+ uint32_t *ridx)
+{
+ vmxnet3_read_next_rx_descr(s, RXQ_IDX, RX_HEAD_BODY_RING, d, didx);
+
+ /* Try to find corresponding descriptor in head/body ring */
+ if (d->gen == vmxnet3_get_rx_ring_gen(s, RXQ_IDX, RX_HEAD_BODY_RING)) {
+ /* Only read after generation field verification */
+ smp_rmb();
+ /* Re-read to be sure we got the latest version */
+ vmxnet3_read_next_rx_descr(s, RXQ_IDX, RX_HEAD_BODY_RING, d, didx);
+ if (d->btype == VMXNET3_RXD_BTYPE_BODY) {
+ vmxnet3_inc_rx_consumption_counter(s, RXQ_IDX, RX_HEAD_BODY_RING);
+ *ridx = RX_HEAD_BODY_RING;
+ return true;
+ }
+ }
+
+ /*
+ * If there is no free descriptors on head/body ring or next free
+ * descriptor is a head descriptor switch to body only ring
+ */
+ vmxnet3_read_next_rx_descr(s, RXQ_IDX, RX_BODY_ONLY_RING, d, didx);
+
+ /* If no more free descriptors - return */
+ if (d->gen == vmxnet3_get_rx_ring_gen(s, RXQ_IDX, RX_BODY_ONLY_RING)) {
+ /* Only read after generation field verification */
+ smp_rmb();
+ /* Re-read to be sure we got the latest version */
+ vmxnet3_read_next_rx_descr(s, RXQ_IDX, RX_BODY_ONLY_RING, d, didx);
+ assert(d->btype == VMXNET3_RXD_BTYPE_BODY);
+ *ridx = RX_BODY_ONLY_RING;
+ vmxnet3_inc_rx_consumption_counter(s, RXQ_IDX, RX_BODY_ONLY_RING);
+ return true;
+ }
+
+ return false;
+}
+
+static inline bool
+vmxnet3_get_next_rx_descr(VMXNET3State *s, bool is_head,
+ struct Vmxnet3_RxDesc *descr_buf,
+ uint32_t *descr_idx,
+ uint32_t *ridx)
+{
+ if (is_head || !s->rx_packets_compound) {
+ return vmxnet3_get_next_head_rx_descr(s, descr_buf, descr_idx, ridx);
+ } else {
+ return vmxnet3_get_next_body_rx_descr(s, descr_buf, descr_idx, ridx);
+ }
+}
+
+static void vmxnet3_rx_update_descr(struct VmxnetRxPkt *pkt,
+ struct Vmxnet3_RxCompDesc *rxcd)
+{
+ int csum_ok, is_gso;
+ bool isip4, isip6, istcp, isudp;
+ struct virtio_net_hdr *vhdr;
+ uint8_t offload_type;
+
+ if (vmxnet_rx_pkt_is_vlan_stripped(pkt)) {
+ rxcd->ts = 1;
+ rxcd->tci = vmxnet_rx_pkt_get_vlan_tag(pkt);
+ }
+
+ if (!vmxnet_rx_pkt_has_virt_hdr(pkt)) {
+ goto nocsum;
+ }
+
+ vhdr = vmxnet_rx_pkt_get_vhdr(pkt);
+ /*
+ * Checksum is valid when lower level tell so or when lower level
+ * requires checksum offload telling that packet produced/bridged
+ * locally and did travel over network after last checksum calculation
+ * or production
+ */
+ csum_ok = VMXNET_FLAG_IS_SET(vhdr->flags, VIRTIO_NET_HDR_F_DATA_VALID) ||
+ VMXNET_FLAG_IS_SET(vhdr->flags, VIRTIO_NET_HDR_F_NEEDS_CSUM);
+
+ offload_type = vhdr->gso_type & ~VIRTIO_NET_HDR_GSO_ECN;
+ is_gso = (offload_type != VIRTIO_NET_HDR_GSO_NONE) ? 1 : 0;
+
+ if (!csum_ok && !is_gso) {
+ goto nocsum;
+ }
+
+ vmxnet_rx_pkt_get_protocols(pkt, &isip4, &isip6, &isudp, &istcp);
+ if ((!istcp && !isudp) || (!isip4 && !isip6)) {
+ goto nocsum;
+ }
+
+ rxcd->cnc = 0;
+ rxcd->v4 = isip4 ? 1 : 0;
+ rxcd->v6 = isip6 ? 1 : 0;
+ rxcd->tcp = istcp ? 1 : 0;
+ rxcd->udp = isudp ? 1 : 0;
+ rxcd->fcs = rxcd->tuc = rxcd->ipc = 1;
+ return;
+
+nocsum:
+ rxcd->cnc = 1;
+ return;
+}
+
+static void
+vmxnet3_physical_memory_writev(const struct iovec *iov,
+ size_t start_iov_off,
+ hwaddr target_addr,
+ size_t bytes_to_copy)
+{
+ size_t curr_off = 0;
+ size_t copied = 0;
+
+ while (bytes_to_copy) {
+ if (start_iov_off < (curr_off + iov->iov_len)) {
+ size_t chunk_len =
+ MIN((curr_off + iov->iov_len) - start_iov_off, bytes_to_copy);
+
+ cpu_physical_memory_write(target_addr + copied,
+ iov->iov_base + start_iov_off - curr_off,
+ chunk_len);
+
+ copied += chunk_len;
+ start_iov_off += chunk_len;
+ curr_off = start_iov_off;
+ bytes_to_copy -= chunk_len;
+ } else {
+ curr_off += iov->iov_len;
+ }
+ iov++;
+ }
+}
+
+static bool
+vmxnet3_indicate_packet(VMXNET3State *s)
+{
+ struct Vmxnet3_RxDesc rxd;
+ bool is_head = true;
+ uint32_t rxd_idx;
+ uint32_t rx_ridx = 0;
+
+ struct Vmxnet3_RxCompDesc rxcd;
+ uint32_t new_rxcd_gen = VMXNET3_INIT_GEN;
+ hwaddr new_rxcd_pa = 0;
+ hwaddr ready_rxcd_pa = 0;
+ struct iovec *data = vmxnet_rx_pkt_get_iovec(s->rx_pkt);
+ size_t bytes_copied = 0;
+ size_t bytes_left = vmxnet_rx_pkt_get_total_len(s->rx_pkt);
+ uint16_t num_frags = 0;
+ size_t chunk_size;
+
+ vmxnet_rx_pkt_dump(s->rx_pkt);
+
+ while (bytes_left > 0) {
+
+ /* cannot add more frags to packet */
+ if (num_frags == s->max_rx_frags) {
+ break;
+ }
+
+ new_rxcd_pa = vmxnet3_pop_rxc_descr(s, RXQ_IDX, &new_rxcd_gen);
+ if (!new_rxcd_pa) {
+ break;
+ }
+
+ if (!vmxnet3_get_next_rx_descr(s, is_head, &rxd, &rxd_idx, &rx_ridx)) {
+ break;
+ }
+
+ chunk_size = MIN(bytes_left, rxd.len);
+ vmxnet3_physical_memory_writev(data, bytes_copied,
+ le64_to_cpu(rxd.addr), chunk_size);
+ bytes_copied += chunk_size;
+ bytes_left -= chunk_size;
+
+ vmxnet3_dump_rx_descr(&rxd);
+
+ if (0 != ready_rxcd_pa) {
+ cpu_physical_memory_write(ready_rxcd_pa, &rxcd, sizeof(rxcd));
+ }
+
+ memset(&rxcd, 0, sizeof(struct Vmxnet3_RxCompDesc));
+ rxcd.rxdIdx = rxd_idx;
+ rxcd.len = chunk_size;
+ rxcd.sop = is_head;
+ rxcd.gen = new_rxcd_gen;
+ rxcd.rqID = RXQ_IDX + rx_ridx * s->rxq_num;
+
+ if (0 == bytes_left) {
+ vmxnet3_rx_update_descr(s->rx_pkt, &rxcd);
+ }
+
+ VMW_RIPRN("RX Completion descriptor: rxRing: %lu rxIdx %lu len %lu "
+ "sop %d csum_correct %lu",
+ (unsigned long) rx_ridx,
+ (unsigned long) rxcd.rxdIdx,
+ (unsigned long) rxcd.len,
+ (int) rxcd.sop,
+ (unsigned long) rxcd.tuc);
+
+ is_head = false;
+ ready_rxcd_pa = new_rxcd_pa;
+ new_rxcd_pa = 0;
+ num_frags++;
+ }
+
+ if (0 != ready_rxcd_pa) {
+ rxcd.eop = 1;
+ rxcd.err = (0 != bytes_left);
+ cpu_physical_memory_write(ready_rxcd_pa, &rxcd, sizeof(rxcd));
+
+ /* Flush RX descriptor changes */
+ smp_wmb();
+ }
+
+ if (0 != new_rxcd_pa) {
+ vmxnet3_revert_rxc_descr(s, RXQ_IDX);
+ }
+
+ vmxnet3_trigger_interrupt(s, s->rxq_descr[RXQ_IDX].intr_idx);
+
+ if (bytes_left == 0) {
+ vmxnet3_on_rx_done_update_stats(s, RXQ_IDX, VMXNET3_PKT_STATUS_OK);
+ return true;
+ } else if (num_frags == s->max_rx_frags) {
+ vmxnet3_on_rx_done_update_stats(s, RXQ_IDX, VMXNET3_PKT_STATUS_ERROR);
+ return false;
+ } else {
+ vmxnet3_on_rx_done_update_stats(s, RXQ_IDX,
+ VMXNET3_PKT_STATUS_OUT_OF_BUF);
+ return false;
+ }
+}
+
+static void
+vmxnet3_io_bar0_write(void *opaque, hwaddr addr,
+ uint64_t val, unsigned size)
+{
+ VMXNET3State *s = opaque;
+
+ if (VMW_IS_MULTIREG_ADDR(addr, VMXNET3_REG_TXPROD,
+ VMXNET3_DEVICE_MAX_TX_QUEUES, VMXNET3_REG_ALIGN)) {
+ int tx_queue_idx =
+ VMW_MULTIREG_IDX_BY_ADDR(addr, VMXNET3_REG_TXPROD,
+ VMXNET3_REG_ALIGN);
+ assert(tx_queue_idx <= s->txq_num);
+ vmxnet3_process_tx_queue(s, tx_queue_idx);
+ return;
+ }
+
+ if (VMW_IS_MULTIREG_ADDR(addr, VMXNET3_REG_IMR,
+ VMXNET3_MAX_INTRS, VMXNET3_REG_ALIGN)) {
+ int l = VMW_MULTIREG_IDX_BY_ADDR(addr, VMXNET3_REG_IMR,
+ VMXNET3_REG_ALIGN);
+
+ VMW_CBPRN("Interrupt mask for line %d written: 0x%" PRIx64, l, val);
+
+ vmxnet3_on_interrupt_mask_changed(s, l, val);
+ return;
+ }
+
+ if (VMW_IS_MULTIREG_ADDR(addr, VMXNET3_REG_RXPROD,
+ VMXNET3_DEVICE_MAX_RX_QUEUES, VMXNET3_REG_ALIGN) ||
+ VMW_IS_MULTIREG_ADDR(addr, VMXNET3_REG_RXPROD2,
+ VMXNET3_DEVICE_MAX_RX_QUEUES, VMXNET3_REG_ALIGN)) {
+ return;
+ }
+
+ VMW_WRPRN("BAR0 unknown write [%" PRIx64 "] = %" PRIx64 ", size %d",
+ (uint64_t) addr, val, size);
+}
+
+static uint64_t
+vmxnet3_io_bar0_read(void *opaque, hwaddr addr, unsigned size)
+{
+ if (VMW_IS_MULTIREG_ADDR(addr, VMXNET3_REG_IMR,
+ VMXNET3_MAX_INTRS, VMXNET3_REG_ALIGN)) {
+ g_assert_not_reached();
+ }
+
+ VMW_CBPRN("BAR0 unknown read [%" PRIx64 "], size %d", addr, size);
+ return 0;
+}
+
+static void vmxnet3_reset_interrupt_states(VMXNET3State *s)
+{
+ int i;
+ for (i = 0; i < ARRAY_SIZE(s->interrupt_states); i++) {
+ s->interrupt_states[i].is_asserted = false;
+ s->interrupt_states[i].is_pending = false;
+ s->interrupt_states[i].is_masked = true;
+ }
+}
+
+static void vmxnet3_reset_mac(VMXNET3State *s)
+{
+ memcpy(&s->conf.macaddr.a, &s->perm_mac.a, sizeof(s->perm_mac.a));
+ VMW_CFPRN("MAC address set to: " VMXNET_MF, VMXNET_MA(s->conf.macaddr.a));
+}
+
+static void vmxnet3_deactivate_device(VMXNET3State *s)
+{
+ VMW_CBPRN("Deactivating vmxnet3...");
+ s->device_active = false;
+}
+
+static void vmxnet3_reset(VMXNET3State *s)
+{
+ VMW_CBPRN("Resetting vmxnet3...");
+
+ vmxnet3_deactivate_device(s);
+ vmxnet3_reset_interrupt_states(s);
+ vmxnet_tx_pkt_reset(s->tx_pkt);
+ s->drv_shmem = 0;
+ s->tx_sop = true;
+ s->skip_current_tx_pkt = false;
+}
+
+static void vmxnet3_update_rx_mode(VMXNET3State *s)
+{
+ s->rx_mode = VMXNET3_READ_DRV_SHARED32(s->drv_shmem,
+ devRead.rxFilterConf.rxMode);
+ VMW_CFPRN("RX mode: 0x%08X", s->rx_mode);
+}
+
+static void vmxnet3_update_vlan_filters(VMXNET3State *s)
+{
+ int i;
+
+ /* Copy configuration from shared memory */
+ VMXNET3_READ_DRV_SHARED(s->drv_shmem,
+ devRead.rxFilterConf.vfTable,
+ s->vlan_table,
+ sizeof(s->vlan_table));
+
+ /* Invert byte order when needed */
+ for (i = 0; i < ARRAY_SIZE(s->vlan_table); i++) {
+ s->vlan_table[i] = le32_to_cpu(s->vlan_table[i]);
+ }
+
+ /* Dump configuration for debugging purposes */
+ VMW_CFPRN("Configured VLANs:");
+ for (i = 0; i < sizeof(s->vlan_table) * 8; i++) {
+ if (VMXNET3_VFTABLE_ENTRY_IS_SET(s->vlan_table, i)) {
+ VMW_CFPRN("\tVLAN %d is present", i);
+ }
+ }
+}
+
+static void vmxnet3_update_mcast_filters(VMXNET3State *s)
+{
+ uint16_t list_bytes =
+ VMXNET3_READ_DRV_SHARED16(s->drv_shmem,
+ devRead.rxFilterConf.mfTableLen);
+
+ s->mcast_list_len = list_bytes / sizeof(s->mcast_list[0]);
+
+ s->mcast_list = g_realloc(s->mcast_list, list_bytes);
+ if (NULL == s->mcast_list) {
+ if (0 == s->mcast_list_len) {
+ VMW_CFPRN("Current multicast list is empty");
+ } else {
+ VMW_ERPRN("Failed to allocate multicast list of %d elements",
+ s->mcast_list_len);
+ }
+ s->mcast_list_len = 0;
+ } else {
+ int i;
+ hwaddr mcast_list_pa =
+ VMXNET3_READ_DRV_SHARED64(s->drv_shmem,
+ devRead.rxFilterConf.mfTablePA);
+
+ cpu_physical_memory_read(mcast_list_pa, s->mcast_list, list_bytes);
+ VMW_CFPRN("Current multicast list len is %d:", s->mcast_list_len);
+ for (i = 0; i < s->mcast_list_len; i++) {
+ VMW_CFPRN("\t" VMXNET_MF, VMXNET_MA(s->mcast_list[i].a));
+ }
+ }
+}
+
+static void vmxnet3_setup_rx_filtering(VMXNET3State *s)
+{
+ vmxnet3_update_rx_mode(s);
+ vmxnet3_update_vlan_filters(s);
+ vmxnet3_update_mcast_filters(s);
+}
+
+static uint32_t vmxnet3_get_interrupt_config(VMXNET3State *s)
+{
+ uint32_t interrupt_mode = VMXNET3_IT_AUTO | (VMXNET3_IMM_AUTO << 2);
+ VMW_CFPRN("Interrupt config is 0x%X", interrupt_mode);
+ return interrupt_mode;
+}
+
+static void vmxnet3_fill_stats(VMXNET3State *s)
+{
+ int i;
+ for (i = 0; i < s->txq_num; i++) {
+ cpu_physical_memory_write(s->txq_descr[i].tx_stats_pa,
+ &s->txq_descr[i].txq_stats,
+ sizeof(s->txq_descr[i].txq_stats));
+ }
+
+ for (i = 0; i < s->rxq_num; i++) {
+ cpu_physical_memory_write(s->rxq_descr[i].rx_stats_pa,
+ &s->rxq_descr[i].rxq_stats,
+ sizeof(s->rxq_descr[i].rxq_stats));
+ }
+}
+
+static void vmxnet3_adjust_by_guest_type(VMXNET3State *s)
+{
+ struct Vmxnet3_GOSInfo gos;
+
+ VMXNET3_READ_DRV_SHARED(s->drv_shmem, devRead.misc.driverInfo.gos,
+ &gos, sizeof(gos));
+ s->rx_packets_compound =
+ (gos.gosType == VMXNET3_GOS_TYPE_WIN) ? false : true;
+
+ VMW_CFPRN("Guest type specifics: RXCOMPOUND: %d", s->rx_packets_compound);
+}
+
+static void
+vmxnet3_dump_conf_descr(const char *name,
+ struct Vmxnet3_VariableLenConfDesc *pm_descr)
+{
+ VMW_CFPRN("%s descriptor dump: Version %u, Length %u",
+ name, pm_descr->confVer, pm_descr->confLen);
+
+};
+
+static void vmxnet3_update_pm_state(VMXNET3State *s)
+{
+ struct Vmxnet3_VariableLenConfDesc pm_descr;
+
+ pm_descr.confLen =
+ VMXNET3_READ_DRV_SHARED32(s->drv_shmem, devRead.pmConfDesc.confLen);
+ pm_descr.confVer =
+ VMXNET3_READ_DRV_SHARED32(s->drv_shmem, devRead.pmConfDesc.confVer);
+ pm_descr.confPA =
+ VMXNET3_READ_DRV_SHARED64(s->drv_shmem, devRead.pmConfDesc.confPA);
+
+ vmxnet3_dump_conf_descr("PM State", &pm_descr);
+}
+
+static void vmxnet3_update_features(VMXNET3State *s)
+{
+ uint32_t guest_features;
+ int rxcso_supported;
+
+ guest_features = VMXNET3_READ_DRV_SHARED32(s->drv_shmem,
+ devRead.misc.uptFeatures);
+
+ rxcso_supported = VMXNET_FLAG_IS_SET(guest_features, UPT1_F_RXCSUM);
+ s->rx_vlan_stripping = VMXNET_FLAG_IS_SET(guest_features, UPT1_F_RXVLAN);
+ s->lro_supported = VMXNET_FLAG_IS_SET(guest_features, UPT1_F_LRO);
+
+ VMW_CFPRN("Features configuration: LRO: %d, RXCSUM: %d, VLANSTRIP: %d",
+ s->lro_supported, rxcso_supported,
+ s->rx_vlan_stripping);
+ if (s->peer_has_vhdr) {
+ tap_set_offload(qemu_get_queue(s->nic)->peer,
+ rxcso_supported,
+ s->lro_supported,
+ s->lro_supported,
+ 0,
+ 0);
+ }
+}
+
+static void vmxnet3_activate_device(VMXNET3State *s)
+{
+ int i;
+ static const uint32_t VMXNET3_DEF_TX_THRESHOLD = 1;
+ hwaddr qdescr_table_pa;
+ uint64_t pa;
+ uint32_t size;
+
+ /* Verify configuration consistency */
+ if (!vmxnet3_verify_driver_magic(s->drv_shmem)) {
+ VMW_ERPRN("Device configuration received from driver is invalid");
+ return;
+ }
+
+ vmxnet3_adjust_by_guest_type(s);
+ vmxnet3_update_features(s);
+ vmxnet3_update_pm_state(s);
+ vmxnet3_setup_rx_filtering(s);
+ /* Cache fields from shared memory */
+ s->mtu = VMXNET3_READ_DRV_SHARED32(s->drv_shmem, devRead.misc.mtu);
+ VMW_CFPRN("MTU is %u", s->mtu);
+
+ s->max_rx_frags =
+ VMXNET3_READ_DRV_SHARED16(s->drv_shmem, devRead.misc.maxNumRxSG);
+
+ if (s->max_rx_frags == 0) {
+ s->max_rx_frags = 1;
+ }
+
+ VMW_CFPRN("Max RX fragments is %u", s->max_rx_frags);
+
+ s->event_int_idx =
+ VMXNET3_READ_DRV_SHARED8(s->drv_shmem, devRead.intrConf.eventIntrIdx);
+ VMW_CFPRN("Events interrupt line is %u", s->event_int_idx);
+
+ s->auto_int_masking =
+ VMXNET3_READ_DRV_SHARED8(s->drv_shmem, devRead.intrConf.autoMask);
+ VMW_CFPRN("Automatic interrupt masking is %d", (int)s->auto_int_masking);
+
+ s->txq_num =
+ VMXNET3_READ_DRV_SHARED8(s->drv_shmem, devRead.misc.numTxQueues);
+ s->rxq_num =
+ VMXNET3_READ_DRV_SHARED8(s->drv_shmem, devRead.misc.numRxQueues);
+
+ VMW_CFPRN("Number of TX/RX queues %u/%u", s->txq_num, s->rxq_num);
+ assert(s->txq_num <= VMXNET3_DEVICE_MAX_TX_QUEUES);
+
+ qdescr_table_pa =
+ VMXNET3_READ_DRV_SHARED64(s->drv_shmem, devRead.misc.queueDescPA);
+ VMW_CFPRN("TX queues descriptors table is at 0x%" PRIx64, qdescr_table_pa);
+
+ /*
+ * Worst-case scenario is a packet that holds all TX rings space so
+ * we calculate total size of all TX rings for max TX fragments number
+ */
+ s->max_tx_frags = 0;
+
+ /* TX queues */
+ for (i = 0; i < s->txq_num; i++) {
+ hwaddr qdescr_pa =
+ qdescr_table_pa + i * sizeof(struct Vmxnet3_TxQueueDesc);
+
+ /* Read interrupt number for this TX queue */
+ s->txq_descr[i].intr_idx =
+ VMXNET3_READ_TX_QUEUE_DESCR8(qdescr_pa, conf.intrIdx);
+
+ VMW_CFPRN("TX Queue %d interrupt: %d", i, s->txq_descr[i].intr_idx);
+
+ /* Read rings memory locations for TX queues */
+ pa = VMXNET3_READ_TX_QUEUE_DESCR64(qdescr_pa, conf.txRingBasePA);
+ size = VMXNET3_READ_TX_QUEUE_DESCR32(qdescr_pa, conf.txRingSize);
+
+ vmxnet3_ring_init(&s->txq_descr[i].tx_ring, pa, size,
+ sizeof(struct Vmxnet3_TxDesc), false);
+ VMXNET3_RING_DUMP(VMW_CFPRN, "TX", i, &s->txq_descr[i].tx_ring);
+
+ s->max_tx_frags += size;
+
+ /* TXC ring */
+ pa = VMXNET3_READ_TX_QUEUE_DESCR64(qdescr_pa, conf.compRingBasePA);
+ size = VMXNET3_READ_TX_QUEUE_DESCR32(qdescr_pa, conf.compRingSize);
+ vmxnet3_ring_init(&s->txq_descr[i].comp_ring, pa, size,
+ sizeof(struct Vmxnet3_TxCompDesc), true);
+ VMXNET3_RING_DUMP(VMW_CFPRN, "TXC", i, &s->txq_descr[i].comp_ring);
+
+ s->txq_descr[i].tx_stats_pa =
+ qdescr_pa + offsetof(struct Vmxnet3_TxQueueDesc, stats);
+
+ memset(&s->txq_descr[i].txq_stats, 0,
+ sizeof(s->txq_descr[i].txq_stats));
+
+ /* Fill device-managed parameters for queues */
+ VMXNET3_WRITE_TX_QUEUE_DESCR32(qdescr_pa,
+ ctrl.txThreshold,
+ VMXNET3_DEF_TX_THRESHOLD);
+ }
+
+ /* Preallocate TX packet wrapper */
+ VMW_CFPRN("Max TX fragments is %u", s->max_tx_frags);
+ vmxnet_tx_pkt_init(&s->tx_pkt, s->max_tx_frags, s->peer_has_vhdr);
+ vmxnet_rx_pkt_init(&s->rx_pkt, s->peer_has_vhdr);
+
+ /* Read rings memory locations for RX queues */
+ for (i = 0; i < s->rxq_num; i++) {
+ int j;
+ hwaddr qd_pa =
+ qdescr_table_pa + s->txq_num * sizeof(struct Vmxnet3_TxQueueDesc) +
+ i * sizeof(struct Vmxnet3_RxQueueDesc);
+
+ /* Read interrupt number for this RX queue */
+ s->rxq_descr[i].intr_idx =
+ VMXNET3_READ_TX_QUEUE_DESCR8(qd_pa, conf.intrIdx);
+
+ VMW_CFPRN("RX Queue %d interrupt: %d", i, s->rxq_descr[i].intr_idx);
+
+ /* Read rings memory locations */
+ for (j = 0; j < VMXNET3_RX_RINGS_PER_QUEUE; j++) {
+ /* RX rings */
+ pa = VMXNET3_READ_RX_QUEUE_DESCR64(qd_pa, conf.rxRingBasePA[j]);
+ size = VMXNET3_READ_RX_QUEUE_DESCR32(qd_pa, conf.rxRingSize[j]);
+ vmxnet3_ring_init(&s->rxq_descr[i].rx_ring[j], pa, size,
+ sizeof(struct Vmxnet3_RxDesc), false);
+ VMW_CFPRN("RX queue %d:%d: Base: %" PRIx64 ", Size: %d",
+ i, j, pa, size);
+ }
+
+ /* RXC ring */
+ pa = VMXNET3_READ_RX_QUEUE_DESCR64(qd_pa, conf.compRingBasePA);
+ size = VMXNET3_READ_RX_QUEUE_DESCR32(qd_pa, conf.compRingSize);
+ vmxnet3_ring_init(&s->rxq_descr[i].comp_ring, pa, size,
+ sizeof(struct Vmxnet3_RxCompDesc), true);
+ VMW_CFPRN("RXC queue %d: Base: %" PRIx64 ", Size: %d", i, pa, size);
+
+ s->rxq_descr[i].rx_stats_pa =
+ qd_pa + offsetof(struct Vmxnet3_RxQueueDesc, stats);
+ memset(&s->rxq_descr[i].rxq_stats, 0,
+ sizeof(s->rxq_descr[i].rxq_stats));
+ }
+
+ /* Make sure everything is in place before device activation */
+ smp_wmb();
+
+ vmxnet3_reset_mac(s);
+
+ s->device_active = true;
+}
+
+static void vmxnet3_handle_command(VMXNET3State *s, uint64_t cmd)
+{
+ s->last_command = cmd;
+
+ switch (cmd) {
+ case VMXNET3_CMD_GET_PERM_MAC_HI:
+ VMW_CBPRN("Set: Get upper part of permanent MAC");
+ break;
+
+ case VMXNET3_CMD_GET_PERM_MAC_LO:
+ VMW_CBPRN("Set: Get lower part of permanent MAC");
+ break;
+
+ case VMXNET3_CMD_GET_STATS:
+ VMW_CBPRN("Set: Get device statistics");
+ vmxnet3_fill_stats(s);
+ break;
+
+ case VMXNET3_CMD_ACTIVATE_DEV:
+ VMW_CBPRN("Set: Activating vmxnet3 device");
+ vmxnet3_activate_device(s);
+ break;
+
+ case VMXNET3_CMD_UPDATE_RX_MODE:
+ VMW_CBPRN("Set: Update rx mode");
+ vmxnet3_update_rx_mode(s);
+ break;
+
+ case VMXNET3_CMD_UPDATE_VLAN_FILTERS:
+ VMW_CBPRN("Set: Update VLAN filters");
+ vmxnet3_update_vlan_filters(s);
+ break;
+
+ case VMXNET3_CMD_UPDATE_MAC_FILTERS:
+ VMW_CBPRN("Set: Update MAC filters");
+ vmxnet3_update_mcast_filters(s);
+ break;
+
+ case VMXNET3_CMD_UPDATE_FEATURE:
+ VMW_CBPRN("Set: Update features");
+ vmxnet3_update_features(s);
+ break;
+
+ case VMXNET3_CMD_UPDATE_PMCFG:
+ VMW_CBPRN("Set: Update power management config");
+ vmxnet3_update_pm_state(s);
+ break;
+
+ case VMXNET3_CMD_GET_LINK:
+ VMW_CBPRN("Set: Get link");
+ break;
+
+ case VMXNET3_CMD_RESET_DEV:
+ VMW_CBPRN("Set: Reset device");
+ vmxnet3_reset(s);
+ break;
+
+ case VMXNET3_CMD_QUIESCE_DEV:
+ VMW_CBPRN("Set: VMXNET3_CMD_QUIESCE_DEV - pause the device");
+ vmxnet3_deactivate_device(s);
+ break;
+
+ case VMXNET3_CMD_GET_CONF_INTR:
+ VMW_CBPRN("Set: VMXNET3_CMD_GET_CONF_INTR - interrupt configuration");
+ break;
+
+ default:
+ VMW_CBPRN("Received unknown command: %" PRIx64, cmd);
+ break;
+ }
+}
+
+static uint64_t vmxnet3_get_command_status(VMXNET3State *s)
+{
+ uint64_t ret;
+
+ switch (s->last_command) {
+ case VMXNET3_CMD_ACTIVATE_DEV:
+ ret = (s->device_active) ? 0 : -1;
+ VMW_CFPRN("Device active: %" PRIx64, ret);
+ break;
+
+ case VMXNET3_CMD_RESET_DEV:
+ case VMXNET3_CMD_QUIESCE_DEV:
+ case VMXNET3_CMD_GET_QUEUE_STATUS:
+ ret = 0;
+ break;
+
+ case VMXNET3_CMD_GET_LINK:
+ ret = s->link_status_and_speed;
+ VMW_CFPRN("Link and speed: %" PRIx64, ret);
+ break;
+
+ case VMXNET3_CMD_GET_PERM_MAC_LO:
+ ret = vmxnet3_get_mac_low(&s->perm_mac);
+ break;
+
+ case VMXNET3_CMD_GET_PERM_MAC_HI:
+ ret = vmxnet3_get_mac_high(&s->perm_mac);
+ break;
+
+ case VMXNET3_CMD_GET_CONF_INTR:
+ ret = vmxnet3_get_interrupt_config(s);
+ break;
+
+ default:
+ VMW_WRPRN("Received request for unknown command: %x", s->last_command);
+ ret = -1;
+ break;
+ }
+
+ return ret;
+}
+
+static void vmxnet3_set_events(VMXNET3State *s, uint32_t val)
+{
+ uint32_t events;
+
+ VMW_CBPRN("Setting events: 0x%x", val);
+ events = VMXNET3_READ_DRV_SHARED32(s->drv_shmem, ecr) | val;
+ VMXNET3_WRITE_DRV_SHARED32(s->drv_shmem, ecr, events);
+}
+
+static void vmxnet3_ack_events(VMXNET3State *s, uint32_t val)
+{
+ uint32_t events;
+
+ VMW_CBPRN("Clearing events: 0x%x", val);
+ events = VMXNET3_READ_DRV_SHARED32(s->drv_shmem, ecr) & ~val;
+ VMXNET3_WRITE_DRV_SHARED32(s->drv_shmem, ecr, events);
+}
+
+static void
+vmxnet3_io_bar1_write(void *opaque,
+ hwaddr addr,
+ uint64_t val,
+ unsigned size)
+{
+ VMXNET3State *s = opaque;
+
+ switch (addr) {
+ /* Vmxnet3 Revision Report Selection */
+ case VMXNET3_REG_VRRS:
+ VMW_CBPRN("Write BAR1 [VMXNET3_REG_VRRS] = %" PRIx64 ", size %d",
+ val, size);
+ break;
+
+ /* UPT Version Report Selection */
+ case VMXNET3_REG_UVRS:
+ VMW_CBPRN("Write BAR1 [VMXNET3_REG_UVRS] = %" PRIx64 ", size %d",
+ val, size);
+ break;
+
+ /* Driver Shared Address Low */
+ case VMXNET3_REG_DSAL:
+ VMW_CBPRN("Write BAR1 [VMXNET3_REG_DSAL] = %" PRIx64 ", size %d",
+ val, size);
+ /*
+ * Guest driver will first write the low part of the shared
+ * memory address. We save it to temp variable and set the
+ * shared address only after we get the high part
+ */
+ if (0 == val) {
+ s->device_active = false;
+ }
+ s->temp_shared_guest_driver_memory = val;
+ s->drv_shmem = 0;
+ break;
+
+ /* Driver Shared Address High */
+ case VMXNET3_REG_DSAH:
+ VMW_CBPRN("Write BAR1 [VMXNET3_REG_DSAH] = %" PRIx64 ", size %d",
+ val, size);
+ /*
+ * Set the shared memory between guest driver and device.
+ * We already should have low address part.
+ */
+ s->drv_shmem = s->temp_shared_guest_driver_memory | (val << 32);
+ break;
+
+ /* Command */
+ case VMXNET3_REG_CMD:
+ VMW_CBPRN("Write BAR1 [VMXNET3_REG_CMD] = %" PRIx64 ", size %d",
+ val, size);
+ vmxnet3_handle_command(s, val);
+ break;
+
+ /* MAC Address Low */
+ case VMXNET3_REG_MACL:
+ VMW_CBPRN("Write BAR1 [VMXNET3_REG_MACL] = %" PRIx64 ", size %d",
+ val, size);
+ s->temp_mac = val;
+ break;
+
+ /* MAC Address High */
+ case VMXNET3_REG_MACH:
+ VMW_CBPRN("Write BAR1 [VMXNET3_REG_MACH] = %" PRIx64 ", size %d",
+ val, size);
+ vmxnet3_set_variable_mac(s, val, s->temp_mac);
+ break;
+
+ /* Interrupt Cause Register */
+ case VMXNET3_REG_ICR:
+ VMW_CBPRN("Write BAR1 [VMXNET3_REG_ICR] = %" PRIx64 ", size %d",
+ val, size);
+ g_assert_not_reached();
+ break;
+
+ /* Event Cause Register */
+ case VMXNET3_REG_ECR:
+ VMW_CBPRN("Write BAR1 [VMXNET3_REG_ECR] = %" PRIx64 ", size %d",
+ val, size);
+ vmxnet3_ack_events(s, val);
+ break;
+
+ default:
+ VMW_CBPRN("Unknown Write to BAR1 [%" PRIx64 "] = %" PRIx64 ", size %d",
+ addr, val, size);
+ break;
+ }
+}
+
+static uint64_t
+vmxnet3_io_bar1_read(void *opaque, hwaddr addr, unsigned size)
+{
+ VMXNET3State *s = opaque;
+ uint64_t ret = 0;
+
+ switch (addr) {
+ /* Vmxnet3 Revision Report Selection */
+ case VMXNET3_REG_VRRS:
+ VMW_CBPRN("Read BAR1 [VMXNET3_REG_VRRS], size %d", size);
+ ret = VMXNET3_DEVICE_REVISION;
+ break;
+
+ /* UPT Version Report Selection */
+ case VMXNET3_REG_UVRS:
+ VMW_CBPRN("Read BAR1 [VMXNET3_REG_UVRS], size %d", size);
+ ret = VMXNET3_DEVICE_VERSION;
+ break;
+
+ /* Command */
+ case VMXNET3_REG_CMD:
+ VMW_CBPRN("Read BAR1 [VMXNET3_REG_CMD], size %d", size);
+ ret = vmxnet3_get_command_status(s);
+ break;
+
+ /* MAC Address Low */
+ case VMXNET3_REG_MACL:
+ VMW_CBPRN("Read BAR1 [VMXNET3_REG_MACL], size %d", size);
+ ret = vmxnet3_get_mac_low(&s->conf.macaddr);
+ break;
+
+ /* MAC Address High */
+ case VMXNET3_REG_MACH:
+ VMW_CBPRN("Read BAR1 [VMXNET3_REG_MACH], size %d", size);
+ ret = vmxnet3_get_mac_high(&s->conf.macaddr);
+ break;
+
+ /*
+ * Interrupt Cause Register
+ * Used for legacy interrupts only so interrupt index always 0
+ */
+ case VMXNET3_REG_ICR:
+ VMW_CBPRN("Read BAR1 [VMXNET3_REG_ICR], size %d", size);
+ if (vmxnet3_interrupt_asserted(s, 0)) {
+ vmxnet3_clear_interrupt(s, 0);
+ ret = true;
+ } else {
+ ret = false;
+ }
+ break;
+
+ default:
+ VMW_CBPRN("Unknow read BAR1[%" PRIx64 "], %d bytes", addr, size);
+ break;
+ }
+
+ return ret;
+}
+
+static int
+vmxnet3_can_receive(NetClientState *nc)
+{
+ VMXNET3State *s = qemu_get_nic_opaque(nc);
+ return s->device_active &&
+ VMXNET_FLAG_IS_SET(s->link_status_and_speed, VMXNET3_LINK_STATUS_UP);
+}
+
+static inline bool
+vmxnet3_is_registered_vlan(VMXNET3State *s, const void *data)
+{
+ uint16_t vlan_tag = eth_get_pkt_tci(data) & VLAN_VID_MASK;
+ if (IS_SPECIAL_VLAN_ID(vlan_tag)) {
+ return true;
+ }
+
+ return VMXNET3_VFTABLE_ENTRY_IS_SET(s->vlan_table, vlan_tag);
+}
+
+static bool
+vmxnet3_is_allowed_mcast_group(VMXNET3State *s, const uint8_t *group_mac)
+{
+ int i;
+ for (i = 0; i < s->mcast_list_len; i++) {
+ if (!memcmp(group_mac, s->mcast_list[i].a, sizeof(s->mcast_list[i]))) {
+ return true;
+ }
+ }
+ return false;
+}
+
+static bool
+vmxnet3_rx_filter_may_indicate(VMXNET3State *s, const void *data,
+ size_t size)
+{
+ struct eth_header *ehdr = PKT_GET_ETH_HDR(data);
+
+ if (VMXNET_FLAG_IS_SET(s->rx_mode, VMXNET3_RXM_PROMISC)) {
+ return true;
+ }
+
+ if (!vmxnet3_is_registered_vlan(s, data)) {
+ return false;
+ }
+
+ switch (vmxnet_rx_pkt_get_packet_type(s->rx_pkt)) {
+ case ETH_PKT_UCAST:
+ if (!VMXNET_FLAG_IS_SET(s->rx_mode, VMXNET3_RXM_UCAST)) {
+ return false;
+ }
+ if (memcmp(s->conf.macaddr.a, ehdr->h_dest, ETH_ALEN)) {
+ return false;
+ }
+ break;
+
+ case ETH_PKT_BCAST:
+ if (!VMXNET_FLAG_IS_SET(s->rx_mode, VMXNET3_RXM_BCAST)) {
+ return false;
+ }
+ break;
+
+ case ETH_PKT_MCAST:
+ if (VMXNET_FLAG_IS_SET(s->rx_mode, VMXNET3_RXM_ALL_MULTI)) {
+ return true;
+ }
+ if (!VMXNET_FLAG_IS_SET(s->rx_mode, VMXNET3_RXM_MCAST)) {
+ return false;
+ }
+ if (!vmxnet3_is_allowed_mcast_group(s, ehdr->h_dest)) {
+ return false;
+ }
+ break;
+
+ default:
+ g_assert_not_reached();
+ }
+
+ return true;
+}
+
+static ssize_t
+vmxnet3_receive(NetClientState *nc, const uint8_t *buf, size_t size)
+{
+ VMXNET3State *s = qemu_get_nic_opaque(nc);
+ size_t bytes_indicated;
+
+ if (!vmxnet3_can_receive(nc)) {
+ VMW_PKPRN("Cannot receive now");
+ return -1;
+ }
+
+ if (s->peer_has_vhdr) {
+ vmxnet_rx_pkt_set_vhdr(s->rx_pkt, (struct virtio_net_hdr *)buf);
+ buf += sizeof(struct virtio_net_hdr);
+ size -= sizeof(struct virtio_net_hdr);
+ }
+
+ vmxnet_rx_pkt_set_packet_type(s->rx_pkt,
+ get_eth_packet_type(PKT_GET_ETH_HDR(buf)));
+
+ if (vmxnet3_rx_filter_may_indicate(s, buf, size)) {
+ vmxnet_rx_pkt_attach_data(s->rx_pkt, buf, size, s->rx_vlan_stripping);
+ bytes_indicated = vmxnet3_indicate_packet(s) ? size : -1;
+ if (bytes_indicated < size) {
+ VMW_PKPRN("RX: %lu of %lu bytes indicated", bytes_indicated, size);
+ }
+ } else {
+ VMW_PKPRN("Packet dropped by RX filter");
+ bytes_indicated = size;
+ }
+
+ assert(size > 0);
+ assert(bytes_indicated != 0);
+ return bytes_indicated;
+}
+
+static void vmxnet3_cleanup(NetClientState *nc)
+{
+ VMXNET3State *s = qemu_get_nic_opaque(nc);
+ s->nic = NULL;
+}
+
+static void vmxnet3_set_link_status(NetClientState *nc)
+{
+ VMXNET3State *s = qemu_get_nic_opaque(nc);
+
+ if (nc->link_down) {
+ s->link_status_and_speed &= ~VMXNET3_LINK_STATUS_UP;
+ } else {
+ s->link_status_and_speed |= VMXNET3_LINK_STATUS_UP;
+ }
+
+ vmxnet3_set_events(s, VMXNET3_ECR_LINK);
+ vmxnet3_trigger_interrupt(s, s->event_int_idx);
+}
+
+static NetClientInfo net_vmxnet3_info = {
+ .type = NET_CLIENT_OPTIONS_KIND_NIC,
+ .size = sizeof(NICState),
+ .can_receive = vmxnet3_can_receive,
+ .receive = vmxnet3_receive,
+ .cleanup = vmxnet3_cleanup,
+ .link_status_changed = vmxnet3_set_link_status,
+};
+
+static bool vmxnet3_peer_has_vnet_hdr(VMXNET3State *s)
+{
+ NetClientState *peer = qemu_get_queue(s->nic)->peer;
+
+ if ((NULL != peer) &&
+ (peer->info->type == NET_CLIENT_OPTIONS_KIND_TAP) &&
+ tap_has_vnet_hdr(peer)) {
+ return true;
+ }
+
+ VMW_WRPRN("Peer has no virtio extension. Task offloads will be emulated.");
+ return false;
+}
+
+static void vmxnet3_net_uninit(VMXNET3State *s)
+{
+ g_free(s->mcast_list);
+ vmxnet_tx_pkt_reset(s->tx_pkt);
+ vmxnet_tx_pkt_uninit(s->tx_pkt);
+ vmxnet_rx_pkt_uninit(s->rx_pkt);
+ qemu_del_nic(s->nic);
+}
+
+static void vmxnet3_net_init(VMXNET3State *s)
+{
+ DeviceState *d = DEVICE(s);
+
+ VMW_CBPRN("vmxnet3_net_init called...");
+
+ qemu_macaddr_default_if_unset(&s->conf.macaddr);
+
+ /* Windows guest will query the address that was set on init */
+ memcpy(&s->perm_mac.a, &s->conf.macaddr.a, sizeof(s->perm_mac.a));
+
+ s->mcast_list = NULL;
+ s->mcast_list_len = 0;
+
+ s->link_status_and_speed = VMXNET3_LINK_SPEED | VMXNET3_LINK_STATUS_UP;
+
+ VMW_CFPRN("Permanent MAC: " MAC_FMT, MAC_ARG(s->perm_mac.a));
+
+ s->nic = qemu_new_nic(&net_vmxnet3_info, &s->conf,
+ object_get_typename(OBJECT(s)),
+ d->id, s);
+
+ s->peer_has_vhdr = vmxnet3_peer_has_vnet_hdr(s);
+ s->tx_sop = true;
+ s->skip_current_tx_pkt = false;
+ s->tx_pkt = NULL;
+ s->rx_pkt = NULL;
+ s->rx_vlan_stripping = false;
+ s->lro_supported = false;
+
+ if (s->peer_has_vhdr) {
+ tap_set_vnet_hdr_len(qemu_get_queue(s->nic)->peer,
+ sizeof(struct virtio_net_hdr));
+
+ tap_using_vnet_hdr(qemu_get_queue(s->nic)->peer, 1);
+ }
+
+ qemu_format_nic_info_str(qemu_get_queue(s->nic), s->conf.macaddr.a);
+}
+
+static void
+vmxnet3_unuse_msix_vectors(VMXNET3State *s, int num_vectors)
+{
+ PCIDevice *d = PCI_DEVICE(s);
+ int i;
+ for (i = 0; i < num_vectors; i++) {
+ msix_vector_unuse(d, i);
+ }
+}
+
+static bool
+vmxnet3_use_msix_vectors(VMXNET3State *s, int num_vectors)
+{
+ PCIDevice *d = PCI_DEVICE(s);
+ int i;
+ for (i = 0; i < num_vectors; i++) {
+ int res = msix_vector_use(d, i);
+ if (0 > res) {
+ VMW_WRPRN("Failed to use MSI-X vector %d, error %d", i, res);
+ vmxnet3_unuse_msix_vectors(s, i);
+ return false;
+ }
+ }
+ return true;
+}
+
+static bool
+vmxnet3_init_msix(VMXNET3State *s)
+{
+ PCIDevice *d = PCI_DEVICE(s);
+ int res = msix_init(d, VMXNET3_MAX_INTRS,
+ &s->msix_bar,
+ VMXNET3_MSIX_BAR_IDX, VMXNET3_OFF_MSIX_TABLE,
+ &s->msix_bar,
+ VMXNET3_MSIX_BAR_IDX, VMXNET3_OFF_MSIX_PBA,
+ 0);
+
+ if (0 > res) {
+ VMW_WRPRN("Failed to initialize MSI-X, error %d", res);
+ s->msix_used = false;
+ } else {
+ if (!vmxnet3_use_msix_vectors(s, VMXNET3_MAX_INTRS)) {
+ VMW_WRPRN("Failed to use MSI-X vectors, error %d", res);
+ msix_uninit(d, &s->msix_bar, &s->msix_bar);
+ s->msix_used = false;
+ } else {
+ s->msix_used = true;
+ }
+ }
+ return s->msix_used;
+}
+
+static void
+vmxnet3_cleanup_msix(VMXNET3State *s)
+{
+ PCIDevice *d = PCI_DEVICE(s);
+
+ if (s->msix_used) {
+ msix_vector_unuse(d, VMXNET3_MAX_INTRS);
+ msix_uninit(d, &s->msix_bar, &s->msix_bar);
+ }
+}
+
+#define VMXNET3_MSI_NUM_VECTORS (1)
+#define VMXNET3_MSI_OFFSET (0x50)
+#define VMXNET3_USE_64BIT (true)
+#define VMXNET3_PER_VECTOR_MASK (false)
+
+static bool
+vmxnet3_init_msi(VMXNET3State *s)
+{
+ PCIDevice *d = PCI_DEVICE(s);
+ int res;
+
+ res = msi_init(d, VMXNET3_MSI_OFFSET, VMXNET3_MSI_NUM_VECTORS,
+ VMXNET3_USE_64BIT, VMXNET3_PER_VECTOR_MASK);
+ if (0 > res) {
+ VMW_WRPRN("Failed to initialize MSI, error %d", res);
+ s->msi_used = false;
+ } else {
+ s->msi_used = true;
+ }
+
+ return s->msi_used;
+}
+
+static void
+vmxnet3_cleanup_msi(VMXNET3State *s)
+{
+ PCIDevice *d = PCI_DEVICE(s);
+
+ if (s->msi_used) {
+ msi_uninit(d);
+ }
+}
+
+static void
+vmxnet3_msix_save(QEMUFile *f, void *opaque)
+{
+ PCIDevice *d = PCI_DEVICE(opaque);
+ msix_save(d, f);
+}
+
+static int
+vmxnet3_msix_load(QEMUFile *f, void *opaque, int version_id)
+{
+ PCIDevice *d = PCI_DEVICE(opaque);
+ msix_load(d, f);
+ return 0;
+}
+
+static const MemoryRegionOps b0_ops = {
+ .read = vmxnet3_io_bar0_read,
+ .write = vmxnet3_io_bar0_write,
+ .endianness = DEVICE_LITTLE_ENDIAN,
+ .impl = {
+ .min_access_size = 4,
+ .max_access_size = 4,
+ },
+};
+
+static const MemoryRegionOps b1_ops = {
+ .read = vmxnet3_io_bar1_read,
+ .write = vmxnet3_io_bar1_write,
+ .endianness = DEVICE_LITTLE_ENDIAN,
+ .impl = {
+ .min_access_size = 4,
+ .max_access_size = 4,
+ },
+};
+
+static int vmxnet3_pci_init(PCIDevice *pci_dev)
+{
+ DeviceState *dev = DEVICE(pci_dev);
+ VMXNET3State *s = VMXNET3(pci_dev);
+
+ VMW_CBPRN("Starting init...");
+
+ memory_region_init_io(&s->bar0, OBJECT(s), &b0_ops, s,
+ "vmxnet3-b0", VMXNET3_PT_REG_SIZE);
+ pci_register_bar(pci_dev, VMXNET3_BAR0_IDX,
+ PCI_BASE_ADDRESS_SPACE_MEMORY, &s->bar0);
+
+ memory_region_init_io(&s->bar1, OBJECT(s), &b1_ops, s,
+ "vmxnet3-b1", VMXNET3_VD_REG_SIZE);
+ pci_register_bar(pci_dev, VMXNET3_BAR1_IDX,
+ PCI_BASE_ADDRESS_SPACE_MEMORY, &s->bar1);
+
+ memory_region_init(&s->msix_bar, OBJECT(s), "vmxnet3-msix-bar",
+ VMXNET3_MSIX_BAR_SIZE);
+ pci_register_bar(pci_dev, VMXNET3_MSIX_BAR_IDX,
+ PCI_BASE_ADDRESS_SPACE_MEMORY, &s->msix_bar);
+
+ vmxnet3_reset_interrupt_states(s);
+
+ /* Interrupt pin A */
+ pci_dev->config[PCI_INTERRUPT_PIN] = 0x01;
+
+ if (!vmxnet3_init_msix(s)) {
+ VMW_WRPRN("Failed to initialize MSI-X, configuration is inconsistent.");
+ }
+
+ if (!vmxnet3_init_msi(s)) {
+ VMW_WRPRN("Failed to initialize MSI, configuration is inconsistent.");
+ }
+
+ vmxnet3_net_init(s);
+
+ register_savevm(dev, "vmxnet3-msix", -1, 1,
+ vmxnet3_msix_save, vmxnet3_msix_load, s);
+
+ add_boot_device_path(s->conf.bootindex, dev, "/ethernet-phy@0");
+
+ return 0;
+}
+
+
+static void vmxnet3_pci_uninit(PCIDevice *pci_dev)
+{
+ DeviceState *dev = DEVICE(pci_dev);
+ VMXNET3State *s = VMXNET3(pci_dev);
+
+ VMW_CBPRN("Starting uninit...");
+
+ unregister_savevm(dev, "vmxnet3-msix", s);
+
+ vmxnet3_net_uninit(s);
+
+ vmxnet3_cleanup_msix(s);
+
+ vmxnet3_cleanup_msi(s);
+
+ memory_region_destroy(&s->bar0);
+ memory_region_destroy(&s->bar1);
+ memory_region_destroy(&s->msix_bar);
+}
+
+static void vmxnet3_qdev_reset(DeviceState *dev)
+{
+ PCIDevice *d = PCI_DEVICE(dev);
+ VMXNET3State *s = VMXNET3(d);
+
+ VMW_CBPRN("Starting QDEV reset...");
+ vmxnet3_reset(s);
+}
+
+static bool vmxnet3_mc_list_needed(void *opaque)
+{
+ return true;
+}
+
+static int vmxnet3_mcast_list_pre_load(void *opaque)
+{
+ VMXNET3State *s = opaque;
+
+ s->mcast_list = g_malloc(s->mcast_list_buff_size);
+
+ return 0;
+}
+
+
+static void vmxnet3_pre_save(void *opaque)
+{
+ VMXNET3State *s = opaque;
+
+ s->mcast_list_buff_size = s->mcast_list_len * sizeof(MACAddr);
+}
+
+static const VMStateDescription vmxstate_vmxnet3_mcast_list = {
+ .name = "vmxnet3/mcast_list",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .minimum_version_id_old = 1,
+ .pre_load = vmxnet3_mcast_list_pre_load,
+ .fields = (VMStateField[]) {
+ VMSTATE_VBUFFER_UINT32(mcast_list, VMXNET3State, 0, NULL, 0,
+ mcast_list_buff_size),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+static void vmxnet3_get_ring_from_file(QEMUFile *f, Vmxnet3Ring *r)
+{
+ r->pa = qemu_get_be64(f);
+ r->size = qemu_get_be32(f);
+ r->cell_size = qemu_get_be32(f);
+ r->next = qemu_get_be32(f);
+ r->gen = qemu_get_byte(f);
+}
+
+static void vmxnet3_put_ring_to_file(QEMUFile *f, Vmxnet3Ring *r)
+{
+ qemu_put_be64(f, r->pa);
+ qemu_put_be32(f, r->size);
+ qemu_put_be32(f, r->cell_size);
+ qemu_put_be32(f, r->next);
+ qemu_put_byte(f, r->gen);
+}
+
+static void vmxnet3_get_tx_stats_from_file(QEMUFile *f,
+ struct UPT1_TxStats *tx_stat)
+{
+ tx_stat->TSOPktsTxOK = qemu_get_be64(f);
+ tx_stat->TSOBytesTxOK = qemu_get_be64(f);
+ tx_stat->ucastPktsTxOK = qemu_get_be64(f);
+ tx_stat->ucastBytesTxOK = qemu_get_be64(f);
+ tx_stat->mcastPktsTxOK = qemu_get_be64(f);
+ tx_stat->mcastBytesTxOK = qemu_get_be64(f);
+ tx_stat->bcastPktsTxOK = qemu_get_be64(f);
+ tx_stat->bcastBytesTxOK = qemu_get_be64(f);
+ tx_stat->pktsTxError = qemu_get_be64(f);
+ tx_stat->pktsTxDiscard = qemu_get_be64(f);
+}
+
+static void vmxnet3_put_tx_stats_to_file(QEMUFile *f,
+ struct UPT1_TxStats *tx_stat)
+{
+ qemu_put_be64(f, tx_stat->TSOPktsTxOK);
+ qemu_put_be64(f, tx_stat->TSOBytesTxOK);
+ qemu_put_be64(f, tx_stat->ucastPktsTxOK);
+ qemu_put_be64(f, tx_stat->ucastBytesTxOK);
+ qemu_put_be64(f, tx_stat->mcastPktsTxOK);
+ qemu_put_be64(f, tx_stat->mcastBytesTxOK);
+ qemu_put_be64(f, tx_stat->bcastPktsTxOK);
+ qemu_put_be64(f, tx_stat->bcastBytesTxOK);
+ qemu_put_be64(f, tx_stat->pktsTxError);
+ qemu_put_be64(f, tx_stat->pktsTxDiscard);
+}
+
+static int vmxnet3_get_txq_descr(QEMUFile *f, void *pv, size_t size)
+{
+ Vmxnet3TxqDescr *r = pv;
+
+ vmxnet3_get_ring_from_file(f, &r->tx_ring);
+ vmxnet3_get_ring_from_file(f, &r->comp_ring);
+ r->intr_idx = qemu_get_byte(f);
+ r->tx_stats_pa = qemu_get_be64(f);
+
+ vmxnet3_get_tx_stats_from_file(f, &r->txq_stats);
+
+ return 0;
+}
+
+static void vmxnet3_put_txq_descr(QEMUFile *f, void *pv, size_t size)
+{
+ Vmxnet3TxqDescr *r = pv;
+
+ vmxnet3_put_ring_to_file(f, &r->tx_ring);
+ vmxnet3_put_ring_to_file(f, &r->comp_ring);
+ qemu_put_byte(f, r->intr_idx);
+ qemu_put_be64(f, r->tx_stats_pa);
+ vmxnet3_put_tx_stats_to_file(f, &r->txq_stats);
+}
+
+const VMStateInfo txq_descr_info = {
+ .name = "txq_descr",
+ .get = vmxnet3_get_txq_descr,
+ .put = vmxnet3_put_txq_descr
+};
+
+static void vmxnet3_get_rx_stats_from_file(QEMUFile *f,
+ struct UPT1_RxStats *rx_stat)
+{
+ rx_stat->LROPktsRxOK = qemu_get_be64(f);
+ rx_stat->LROBytesRxOK = qemu_get_be64(f);
+ rx_stat->ucastPktsRxOK = qemu_get_be64(f);
+ rx_stat->ucastBytesRxOK = qemu_get_be64(f);
+ rx_stat->mcastPktsRxOK = qemu_get_be64(f);
+ rx_stat->mcastBytesRxOK = qemu_get_be64(f);
+ rx_stat->bcastPktsRxOK = qemu_get_be64(f);
+ rx_stat->bcastBytesRxOK = qemu_get_be64(f);
+ rx_stat->pktsRxOutOfBuf = qemu_get_be64(f);
+ rx_stat->pktsRxError = qemu_get_be64(f);
+}
+
+static void vmxnet3_put_rx_stats_to_file(QEMUFile *f,
+ struct UPT1_RxStats *rx_stat)
+{
+ qemu_put_be64(f, rx_stat->LROPktsRxOK);
+ qemu_put_be64(f, rx_stat->LROBytesRxOK);
+ qemu_put_be64(f, rx_stat->ucastPktsRxOK);
+ qemu_put_be64(f, rx_stat->ucastBytesRxOK);
+ qemu_put_be64(f, rx_stat->mcastPktsRxOK);
+ qemu_put_be64(f, rx_stat->mcastBytesRxOK);
+ qemu_put_be64(f, rx_stat->bcastPktsRxOK);
+ qemu_put_be64(f, rx_stat->bcastBytesRxOK);
+ qemu_put_be64(f, rx_stat->pktsRxOutOfBuf);
+ qemu_put_be64(f, rx_stat->pktsRxError);
+}
+
+static int vmxnet3_get_rxq_descr(QEMUFile *f, void *pv, size_t size)
+{
+ Vmxnet3RxqDescr *r = pv;
+ int i;
+
+ for (i = 0; i < VMXNET3_RX_RINGS_PER_QUEUE; i++) {
+ vmxnet3_get_ring_from_file(f, &r->rx_ring[i]);
+ }
+
+ vmxnet3_get_ring_from_file(f, &r->comp_ring);
+ r->intr_idx = qemu_get_byte(f);
+ r->rx_stats_pa = qemu_get_be64(f);
+
+ vmxnet3_get_rx_stats_from_file(f, &r->rxq_stats);
+
+ return 0;
+}
+
+static void vmxnet3_put_rxq_descr(QEMUFile *f, void *pv, size_t size)
+{
+ Vmxnet3RxqDescr *r = pv;
+ int i;
+
+ for (i = 0; i < VMXNET3_RX_RINGS_PER_QUEUE; i++) {
+ vmxnet3_put_ring_to_file(f, &r->rx_ring[i]);
+ }
+
+ vmxnet3_put_ring_to_file(f, &r->comp_ring);
+ qemu_put_byte(f, r->intr_idx);
+ qemu_put_be64(f, r->rx_stats_pa);
+ vmxnet3_put_rx_stats_to_file(f, &r->rxq_stats);
+}
+
+static int vmxnet3_post_load(void *opaque, int version_id)
+{
+ VMXNET3State *s = opaque;
+ PCIDevice *d = PCI_DEVICE(s);
+
+ vmxnet_tx_pkt_init(&s->tx_pkt, s->max_tx_frags, s->peer_has_vhdr);
+ vmxnet_rx_pkt_init(&s->rx_pkt, s->peer_has_vhdr);
+
+ if (s->msix_used) {
+ if (!vmxnet3_use_msix_vectors(s, VMXNET3_MAX_INTRS)) {
+ VMW_WRPRN("Failed to re-use MSI-X vectors");
+ msix_uninit(d, &s->msix_bar, &s->msix_bar);
+ s->msix_used = false;
+ return -1;
+ }
+ }
+
+ return 0;
+}
+
+const VMStateInfo rxq_descr_info = {
+ .name = "rxq_descr",
+ .get = vmxnet3_get_rxq_descr,
+ .put = vmxnet3_put_rxq_descr
+};
+
+static int vmxnet3_get_int_state(QEMUFile *f, void *pv, size_t size)
+{
+ Vmxnet3IntState *r = pv;
+
+ r->is_masked = qemu_get_byte(f);
+ r->is_pending = qemu_get_byte(f);
+ r->is_asserted = qemu_get_byte(f);
+
+ return 0;
+}
+
+static void vmxnet3_put_int_state(QEMUFile *f, void *pv, size_t size)
+{
+ Vmxnet3IntState *r = pv;
+
+ qemu_put_byte(f, r->is_masked);
+ qemu_put_byte(f, r->is_pending);
+ qemu_put_byte(f, r->is_asserted);
+}
+
+const VMStateInfo int_state_info = {
+ .name = "int_state",
+ .get = vmxnet3_get_int_state,
+ .put = vmxnet3_put_int_state
+};
+
+static const VMStateDescription vmstate_vmxnet3 = {
+ .name = "vmxnet3",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .minimum_version_id_old = 1,
+ .pre_save = vmxnet3_pre_save,
+ .post_load = vmxnet3_post_load,
+ .fields = (VMStateField[]) {
+ VMSTATE_PCI_DEVICE(parent_obj, VMXNET3State),
+ VMSTATE_BOOL(rx_packets_compound, VMXNET3State),
+ VMSTATE_BOOL(rx_vlan_stripping, VMXNET3State),
+ VMSTATE_BOOL(lro_supported, VMXNET3State),
+ VMSTATE_UINT32(rx_mode, VMXNET3State),
+ VMSTATE_UINT32(mcast_list_len, VMXNET3State),
+ VMSTATE_UINT32(mcast_list_buff_size, VMXNET3State),
+ VMSTATE_UINT32_ARRAY(vlan_table, VMXNET3State, VMXNET3_VFT_SIZE),
+ VMSTATE_UINT32(mtu, VMXNET3State),
+ VMSTATE_UINT16(max_rx_frags, VMXNET3State),
+ VMSTATE_UINT32(max_tx_frags, VMXNET3State),
+ VMSTATE_UINT8(event_int_idx, VMXNET3State),
+ VMSTATE_BOOL(auto_int_masking, VMXNET3State),
+ VMSTATE_UINT8(txq_num, VMXNET3State),
+ VMSTATE_UINT8(rxq_num, VMXNET3State),
+ VMSTATE_UINT32(device_active, VMXNET3State),
+ VMSTATE_UINT32(last_command, VMXNET3State),
+ VMSTATE_UINT32(link_status_and_speed, VMXNET3State),
+ VMSTATE_UINT32(temp_mac, VMXNET3State),
+ VMSTATE_UINT64(drv_shmem, VMXNET3State),
+ VMSTATE_UINT64(temp_shared_guest_driver_memory, VMXNET3State),
+
+ VMSTATE_ARRAY(txq_descr, VMXNET3State,
+ VMXNET3_DEVICE_MAX_TX_QUEUES, 0, txq_descr_info,
+ Vmxnet3TxqDescr),
+ VMSTATE_ARRAY(rxq_descr, VMXNET3State,
+ VMXNET3_DEVICE_MAX_RX_QUEUES, 0, rxq_descr_info,
+ Vmxnet3RxqDescr),
+ VMSTATE_ARRAY(interrupt_states, VMXNET3State, VMXNET3_MAX_INTRS,
+ 0, int_state_info, Vmxnet3IntState),
+
+ VMSTATE_END_OF_LIST()
+ },
+ .subsections = (VMStateSubsection[]) {
+ {
+ .vmsd = &vmxstate_vmxnet3_mcast_list,
+ .needed = vmxnet3_mc_list_needed
+ },
+ {
+ /* empty element. */
+ }
+ }
+};
+
+static void
+vmxnet3_write_config(PCIDevice *pci_dev, uint32_t addr, uint32_t val, int len)
+{
+ pci_default_write_config(pci_dev, addr, val, len);
+ msix_write_config(pci_dev, addr, val, len);
+ msi_write_config(pci_dev, addr, val, len);
+}
+
+static Property vmxnet3_properties[] = {
+ DEFINE_NIC_PROPERTIES(VMXNET3State, conf),
+ DEFINE_PROP_END_OF_LIST(),
+};
+
+static void vmxnet3_class_init(ObjectClass *class, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(class);
+ PCIDeviceClass *c = PCI_DEVICE_CLASS(class);
+
+ c->init = vmxnet3_pci_init;
+ c->exit = vmxnet3_pci_uninit;
+ c->vendor_id = PCI_VENDOR_ID_VMWARE;
+ c->device_id = PCI_DEVICE_ID_VMWARE_VMXNET3;
+ c->revision = PCI_DEVICE_ID_VMWARE_VMXNET3_REVISION;
+ c->class_id = PCI_CLASS_NETWORK_ETHERNET;
+ c->subsystem_vendor_id = PCI_VENDOR_ID_VMWARE;
+ c->subsystem_id = PCI_DEVICE_ID_VMWARE_VMXNET3;
+ c->config_write = vmxnet3_write_config,
+ dc->desc = "VMWare Paravirtualized Ethernet v3";
+ dc->reset = vmxnet3_qdev_reset;
+ dc->vmsd = &vmstate_vmxnet3;
+ dc->props = vmxnet3_properties;
+ set_bit(DEVICE_CATEGORY_NETWORK, dc->categories);
+}
+
+static const TypeInfo vmxnet3_info = {
+ .name = TYPE_VMXNET3,
+ .parent = TYPE_PCI_DEVICE,
+ .instance_size = sizeof(VMXNET3State),
+ .class_init = vmxnet3_class_init,
+};
+
+static void vmxnet3_register_types(void)
+{
+ VMW_CBPRN("vmxnet3_register_types called...");
+ type_register_static(&vmxnet3_info);
+}
+
+type_init(vmxnet3_register_types)
diff --git a/hw/net/vmxnet3.h b/hw/net/vmxnet3.h
new file mode 100644
index 000000000..4eae7c76b
--- /dev/null
+++ b/hw/net/vmxnet3.h
@@ -0,0 +1,757 @@
+/*
+ * QEMU VMWARE VMXNET3 paravirtual NIC interface definitions
+ *
+ * Copyright (c) 2012 Ravello Systems LTD (http://ravellosystems.com)
+ *
+ * Developed by Daynix Computing LTD (http://www.daynix.com)
+ *
+ * Authors:
+ * Dmitry Fleytman <dmitry@daynix.com>
+ * Tamir Shomer <tamirs@daynix.com>
+ * Yan Vugenfirer <yan@daynix.com>
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2.
+ * See the COPYING file in the top-level directory.
+ *
+ */
+
+#ifndef _QEMU_VMXNET3_H
+#define _QEMU_VMXNET3_H
+
+#define VMXNET3_DEVICE_MAX_TX_QUEUES 8
+#define VMXNET3_DEVICE_MAX_RX_QUEUES 8 /* Keep this value as a power of 2 */
+
+/*
+ * VMWARE headers we got from Linux kernel do not fully comply QEMU coding
+ * standards in sense of types and defines used.
+ * Since we didn't want to change VMWARE code, following set of typedefs
+ * and defines needed to compile these headers with QEMU introduced.
+ */
+#define u64 uint64_t
+#define u32 uint32_t
+#define u16 uint16_t
+#define u8 uint8_t
+#define __le16 uint16_t
+#define __le32 uint32_t
+#define __le64 uint64_t
+#define __packed QEMU_PACKED
+
+#if defined(HOST_WORDS_BIGENDIAN)
+#define __BIG_ENDIAN_BITFIELD
+#else
+#endif
+
+/*
+ * Following is an interface definition for
+ * VMXNET3 device as provided by VMWARE
+ * See original copyright from Linux kernel v3.2.8
+ * header file drivers/net/vmxnet3/vmxnet3_defs.h below.
+ */
+
+/*
+ * Linux driver for VMware's vmxnet3 ethernet NIC.
+ *
+ * Copyright (C) 2008-2009, VMware, Inc. All Rights Reserved.
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; version 2 of the License and no later version.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE, GOOD TITLE or
+ * NON INFRINGEMENT. See the GNU General Public License for more
+ * details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * The full GNU General Public License is included in this distribution in
+ * the file called "COPYING".
+ *
+ * Maintained by: Shreyas Bhatewara <pv-drivers@vmware.com>
+ *
+ */
+
+struct UPT1_TxStats {
+ u64 TSOPktsTxOK; /* TSO pkts post-segmentation */
+ u64 TSOBytesTxOK;
+ u64 ucastPktsTxOK;
+ u64 ucastBytesTxOK;
+ u64 mcastPktsTxOK;
+ u64 mcastBytesTxOK;
+ u64 bcastPktsTxOK;
+ u64 bcastBytesTxOK;
+ u64 pktsTxError;
+ u64 pktsTxDiscard;
+};
+
+struct UPT1_RxStats {
+ u64 LROPktsRxOK; /* LRO pkts */
+ u64 LROBytesRxOK; /* bytes from LRO pkts */
+ /* the following counters are for pkts from the wire, i.e., pre-LRO */
+ u64 ucastPktsRxOK;
+ u64 ucastBytesRxOK;
+ u64 mcastPktsRxOK;
+ u64 mcastBytesRxOK;
+ u64 bcastPktsRxOK;
+ u64 bcastBytesRxOK;
+ u64 pktsRxOutOfBuf;
+ u64 pktsRxError;
+};
+
+/* interrupt moderation level */
+enum {
+ UPT1_IML_NONE = 0, /* no interrupt moderation */
+ UPT1_IML_HIGHEST = 7, /* least intr generated */
+ UPT1_IML_ADAPTIVE = 8, /* adpative intr moderation */
+};
+/* values for UPT1_RSSConf.hashFunc */
+enum {
+ UPT1_RSS_HASH_TYPE_NONE = 0x0,
+ UPT1_RSS_HASH_TYPE_IPV4 = 0x01,
+ UPT1_RSS_HASH_TYPE_TCP_IPV4 = 0x02,
+ UPT1_RSS_HASH_TYPE_IPV6 = 0x04,
+ UPT1_RSS_HASH_TYPE_TCP_IPV6 = 0x08,
+};
+
+enum {
+ UPT1_RSS_HASH_FUNC_NONE = 0x0,
+ UPT1_RSS_HASH_FUNC_TOEPLITZ = 0x01,
+};
+
+#define UPT1_RSS_MAX_KEY_SIZE 40
+#define UPT1_RSS_MAX_IND_TABLE_SIZE 128
+
+struct UPT1_RSSConf {
+ u16 hashType;
+ u16 hashFunc;
+ u16 hashKeySize;
+ u16 indTableSize;
+ u8 hashKey[UPT1_RSS_MAX_KEY_SIZE];
+ u8 indTable[UPT1_RSS_MAX_IND_TABLE_SIZE];
+};
+
+/* features */
+enum {
+ UPT1_F_RXCSUM = 0x0001, /* rx csum verification */
+ UPT1_F_RSS = 0x0002,
+ UPT1_F_RXVLAN = 0x0004, /* VLAN tag stripping */
+ UPT1_F_LRO = 0x0008,
+};
+
+/* all registers are 32 bit wide */
+/* BAR 1 */
+enum {
+ VMXNET3_REG_VRRS = 0x0, /* Vmxnet3 Revision Report Selection */
+ VMXNET3_REG_UVRS = 0x8, /* UPT Version Report Selection */
+ VMXNET3_REG_DSAL = 0x10, /* Driver Shared Address Low */
+ VMXNET3_REG_DSAH = 0x18, /* Driver Shared Address High */
+ VMXNET3_REG_CMD = 0x20, /* Command */
+ VMXNET3_REG_MACL = 0x28, /* MAC Address Low */
+ VMXNET3_REG_MACH = 0x30, /* MAC Address High */
+ VMXNET3_REG_ICR = 0x38, /* Interrupt Cause Register */
+ VMXNET3_REG_ECR = 0x40 /* Event Cause Register */
+};
+
+/* BAR 0 */
+enum {
+ VMXNET3_REG_IMR = 0x0, /* Interrupt Mask Register */
+ VMXNET3_REG_TXPROD = 0x600, /* Tx Producer Index */
+ VMXNET3_REG_RXPROD = 0x800, /* Rx Producer Index for ring 1 */
+ VMXNET3_REG_RXPROD2 = 0xA00 /* Rx Producer Index for ring 2 */
+};
+
+#define VMXNET3_PT_REG_SIZE 4096 /* BAR 0 */
+#define VMXNET3_VD_REG_SIZE 4096 /* BAR 1 */
+
+#define VMXNET3_REG_ALIGN 8 /* All registers are 8-byte aligned. */
+#define VMXNET3_REG_ALIGN_MASK 0x7
+
+/* I/O Mapped access to registers */
+#define VMXNET3_IO_TYPE_PT 0
+#define VMXNET3_IO_TYPE_VD 1
+#define VMXNET3_IO_ADDR(type, reg) (((type) << 24) | ((reg) & 0xFFFFFF))
+#define VMXNET3_IO_TYPE(addr) ((addr) >> 24)
+#define VMXNET3_IO_REG(addr) ((addr) & 0xFFFFFF)
+
+enum {
+ VMXNET3_CMD_FIRST_SET = 0xCAFE0000,
+ VMXNET3_CMD_ACTIVATE_DEV = VMXNET3_CMD_FIRST_SET, /* 0xCAFE0000 */
+ VMXNET3_CMD_QUIESCE_DEV, /* 0xCAFE0001 */
+ VMXNET3_CMD_RESET_DEV, /* 0xCAFE0002 */
+ VMXNET3_CMD_UPDATE_RX_MODE, /* 0xCAFE0003 */
+ VMXNET3_CMD_UPDATE_MAC_FILTERS, /* 0xCAFE0004 */
+ VMXNET3_CMD_UPDATE_VLAN_FILTERS, /* 0xCAFE0005 */
+ VMXNET3_CMD_UPDATE_RSSIDT, /* 0xCAFE0006 */
+ VMXNET3_CMD_UPDATE_IML, /* 0xCAFE0007 */
+ VMXNET3_CMD_UPDATE_PMCFG, /* 0xCAFE0008 */
+ VMXNET3_CMD_UPDATE_FEATURE, /* 0xCAFE0009 */
+ VMXNET3_CMD_LOAD_PLUGIN, /* 0xCAFE000A */
+
+ VMXNET3_CMD_FIRST_GET = 0xF00D0000,
+ VMXNET3_CMD_GET_QUEUE_STATUS = VMXNET3_CMD_FIRST_GET, /* 0xF00D0000 */
+ VMXNET3_CMD_GET_STATS, /* 0xF00D0001 */
+ VMXNET3_CMD_GET_LINK, /* 0xF00D0002 */
+ VMXNET3_CMD_GET_PERM_MAC_LO, /* 0xF00D0003 */
+ VMXNET3_CMD_GET_PERM_MAC_HI, /* 0xF00D0004 */
+ VMXNET3_CMD_GET_DID_LO, /* 0xF00D0005 */
+ VMXNET3_CMD_GET_DID_HI, /* 0xF00D0006 */
+ VMXNET3_CMD_GET_DEV_EXTRA_INFO, /* 0xF00D0007 */
+ VMXNET3_CMD_GET_CONF_INTR /* 0xF00D0008 */
+};
+
+/*
+ * Little Endian layout of bitfields -
+ * Byte 0 : 7.....len.....0
+ * Byte 1 : rsvd gen 13.len.8
+ * Byte 2 : 5.msscof.0 ext1 dtype
+ * Byte 3 : 13...msscof...6
+ *
+ * Big Endian layout of bitfields -
+ * Byte 0: 13...msscof...6
+ * Byte 1 : 5.msscof.0 ext1 dtype
+ * Byte 2 : rsvd gen 13.len.8
+ * Byte 3 : 7.....len.....0
+ *
+ * Thus, le32_to_cpu on the dword will allow the big endian driver to read
+ * the bit fields correctly. And cpu_to_le32 will convert bitfields
+ * bit fields written by big endian driver to format required by device.
+ */
+
+struct Vmxnet3_TxDesc {
+ __le64 addr;
+
+#ifdef __BIG_ENDIAN_BITFIELD
+ u32 msscof:14; /* MSS, checksum offset, flags */
+ u32 ext1:1;
+ u32 dtype:1; /* descriptor type */
+ u32 rsvd:1;
+ u32 gen:1; /* generation bit */
+ u32 len:14;
+#else
+ u32 len:14;
+ u32 gen:1; /* generation bit */
+ u32 rsvd:1;
+ u32 dtype:1; /* descriptor type */
+ u32 ext1:1;
+ u32 msscof:14; /* MSS, checksum offset, flags */
+#endif /* __BIG_ENDIAN_BITFIELD */
+
+#ifdef __BIG_ENDIAN_BITFIELD
+ u32 tci:16; /* Tag to Insert */
+ u32 ti:1; /* VLAN Tag Insertion */
+ u32 ext2:1;
+ u32 cq:1; /* completion request */
+ u32 eop:1; /* End Of Packet */
+ u32 om:2; /* offload mode */
+ u32 hlen:10; /* header len */
+#else
+ u32 hlen:10; /* header len */
+ u32 om:2; /* offload mode */
+ u32 eop:1; /* End Of Packet */
+ u32 cq:1; /* completion request */
+ u32 ext2:1;
+ u32 ti:1; /* VLAN Tag Insertion */
+ u32 tci:16; /* Tag to Insert */
+#endif /* __BIG_ENDIAN_BITFIELD */
+};
+
+/* TxDesc.OM values */
+#define VMXNET3_OM_NONE 0
+#define VMXNET3_OM_CSUM 2
+#define VMXNET3_OM_TSO 3
+
+/* fields in TxDesc we access w/o using bit fields */
+#define VMXNET3_TXD_EOP_SHIFT 12
+#define VMXNET3_TXD_CQ_SHIFT 13
+#define VMXNET3_TXD_GEN_SHIFT 14
+#define VMXNET3_TXD_EOP_DWORD_SHIFT 3
+#define VMXNET3_TXD_GEN_DWORD_SHIFT 2
+
+#define VMXNET3_TXD_CQ (1 << VMXNET3_TXD_CQ_SHIFT)
+#define VMXNET3_TXD_EOP (1 << VMXNET3_TXD_EOP_SHIFT)
+#define VMXNET3_TXD_GEN (1 << VMXNET3_TXD_GEN_SHIFT)
+
+#define VMXNET3_HDR_COPY_SIZE 128
+
+
+struct Vmxnet3_TxDataDesc {
+ u8 data[VMXNET3_HDR_COPY_SIZE];
+};
+
+#define VMXNET3_TCD_GEN_SHIFT 31
+#define VMXNET3_TCD_GEN_SIZE 1
+#define VMXNET3_TCD_TXIDX_SHIFT 0
+#define VMXNET3_TCD_TXIDX_SIZE 12
+#define VMXNET3_TCD_GEN_DWORD_SHIFT 3
+
+struct Vmxnet3_TxCompDesc {
+ u32 txdIdx:12; /* Index of the EOP TxDesc */
+ u32 ext1:20;
+
+ __le32 ext2;
+ __le32 ext3;
+
+ u32 rsvd:24;
+ u32 type:7; /* completion type */
+ u32 gen:1; /* generation bit */
+};
+
+struct Vmxnet3_RxDesc {
+ __le64 addr;
+
+#ifdef __BIG_ENDIAN_BITFIELD
+ u32 gen:1; /* Generation bit */
+ u32 rsvd:15;
+ u32 dtype:1; /* Descriptor type */
+ u32 btype:1; /* Buffer Type */
+ u32 len:14;
+#else
+ u32 len:14;
+ u32 btype:1; /* Buffer Type */
+ u32 dtype:1; /* Descriptor type */
+ u32 rsvd:15;
+ u32 gen:1; /* Generation bit */
+#endif
+ u32 ext1;
+};
+
+/* values of RXD.BTYPE */
+#define VMXNET3_RXD_BTYPE_HEAD 0 /* head only */
+#define VMXNET3_RXD_BTYPE_BODY 1 /* body only */
+
+/* fields in RxDesc we access w/o using bit fields */
+#define VMXNET3_RXD_BTYPE_SHIFT 14
+#define VMXNET3_RXD_GEN_SHIFT 31
+
+struct Vmxnet3_RxCompDesc {
+#ifdef __BIG_ENDIAN_BITFIELD
+ u32 ext2:1;
+ u32 cnc:1; /* Checksum Not Calculated */
+ u32 rssType:4; /* RSS hash type used */
+ u32 rqID:10; /* rx queue/ring ID */
+ u32 sop:1; /* Start of Packet */
+ u32 eop:1; /* End of Packet */
+ u32 ext1:2;
+ u32 rxdIdx:12; /* Index of the RxDesc */
+#else
+ u32 rxdIdx:12; /* Index of the RxDesc */
+ u32 ext1:2;
+ u32 eop:1; /* End of Packet */
+ u32 sop:1; /* Start of Packet */
+ u32 rqID:10; /* rx queue/ring ID */
+ u32 rssType:4; /* RSS hash type used */
+ u32 cnc:1; /* Checksum Not Calculated */
+ u32 ext2:1;
+#endif /* __BIG_ENDIAN_BITFIELD */
+
+ __le32 rssHash; /* RSS hash value */
+
+#ifdef __BIG_ENDIAN_BITFIELD
+ u32 tci:16; /* Tag stripped */
+ u32 ts:1; /* Tag is stripped */
+ u32 err:1; /* Error */
+ u32 len:14; /* data length */
+#else
+ u32 len:14; /* data length */
+ u32 err:1; /* Error */
+ u32 ts:1; /* Tag is stripped */
+ u32 tci:16; /* Tag stripped */
+#endif /* __BIG_ENDIAN_BITFIELD */
+
+
+#ifdef __BIG_ENDIAN_BITFIELD
+ u32 gen:1; /* generation bit */
+ u32 type:7; /* completion type */
+ u32 fcs:1; /* Frame CRC correct */
+ u32 frg:1; /* IP Fragment */
+ u32 v4:1; /* IPv4 */
+ u32 v6:1; /* IPv6 */
+ u32 ipc:1; /* IP Checksum Correct */
+ u32 tcp:1; /* TCP packet */
+ u32 udp:1; /* UDP packet */
+ u32 tuc:1; /* TCP/UDP Checksum Correct */
+ u32 csum:16;
+#else
+ u32 csum:16;
+ u32 tuc:1; /* TCP/UDP Checksum Correct */
+ u32 udp:1; /* UDP packet */
+ u32 tcp:1; /* TCP packet */
+ u32 ipc:1; /* IP Checksum Correct */
+ u32 v6:1; /* IPv6 */
+ u32 v4:1; /* IPv4 */
+ u32 frg:1; /* IP Fragment */
+ u32 fcs:1; /* Frame CRC correct */
+ u32 type:7; /* completion type */
+ u32 gen:1; /* generation bit */
+#endif /* __BIG_ENDIAN_BITFIELD */
+};
+
+/* fields in RxCompDesc we access via Vmxnet3_GenericDesc.dword[3] */
+#define VMXNET3_RCD_TUC_SHIFT 16
+#define VMXNET3_RCD_IPC_SHIFT 19
+
+/* fields in RxCompDesc we access via Vmxnet3_GenericDesc.qword[1] */
+#define VMXNET3_RCD_TYPE_SHIFT 56
+#define VMXNET3_RCD_GEN_SHIFT 63
+
+/* csum OK for TCP/UDP pkts over IP */
+#define VMXNET3_RCD_CSUM_OK (1 << VMXNET3_RCD_TUC_SHIFT | \
+ 1 << VMXNET3_RCD_IPC_SHIFT)
+#define VMXNET3_TXD_GEN_SIZE 1
+#define VMXNET3_TXD_EOP_SIZE 1
+
+/* value of RxCompDesc.rssType */
+enum {
+ VMXNET3_RCD_RSS_TYPE_NONE = 0,
+ VMXNET3_RCD_RSS_TYPE_IPV4 = 1,
+ VMXNET3_RCD_RSS_TYPE_TCPIPV4 = 2,
+ VMXNET3_RCD_RSS_TYPE_IPV6 = 3,
+ VMXNET3_RCD_RSS_TYPE_TCPIPV6 = 4,
+};
+
+
+/* a union for accessing all cmd/completion descriptors */
+union Vmxnet3_GenericDesc {
+ __le64 qword[2];
+ __le32 dword[4];
+ __le16 word[8];
+ struct Vmxnet3_TxDesc txd;
+ struct Vmxnet3_RxDesc rxd;
+ struct Vmxnet3_TxCompDesc tcd;
+ struct Vmxnet3_RxCompDesc rcd;
+};
+
+#define VMXNET3_INIT_GEN 1
+
+/* Max size of a single tx buffer */
+#define VMXNET3_MAX_TX_BUF_SIZE (1 << 14)
+
+/* # of tx desc needed for a tx buffer size */
+#define VMXNET3_TXD_NEEDED(size) (((size) + VMXNET3_MAX_TX_BUF_SIZE - 1) / \
+ VMXNET3_MAX_TX_BUF_SIZE)
+
+/* max # of tx descs for a non-tso pkt */
+#define VMXNET3_MAX_TXD_PER_PKT 16
+
+/* Max size of a single rx buffer */
+#define VMXNET3_MAX_RX_BUF_SIZE ((1 << 14) - 1)
+/* Minimum size of a type 0 buffer */
+#define VMXNET3_MIN_T0_BUF_SIZE 128
+#define VMXNET3_MAX_CSUM_OFFSET 1024
+
+/* Ring base address alignment */
+#define VMXNET3_RING_BA_ALIGN 512
+#define VMXNET3_RING_BA_MASK (VMXNET3_RING_BA_ALIGN - 1)
+
+/* Ring size must be a multiple of 32 */
+#define VMXNET3_RING_SIZE_ALIGN 32
+#define VMXNET3_RING_SIZE_MASK (VMXNET3_RING_SIZE_ALIGN - 1)
+
+/* Max ring size */
+#define VMXNET3_TX_RING_MAX_SIZE 4096
+#define VMXNET3_TC_RING_MAX_SIZE 4096
+#define VMXNET3_RX_RING_MAX_SIZE 4096
+#define VMXNET3_RC_RING_MAX_SIZE 8192
+
+/* a list of reasons for queue stop */
+
+enum {
+ VMXNET3_ERR_NOEOP = 0x80000000, /* cannot find the EOP desc of a pkt */
+ VMXNET3_ERR_TXD_REUSE = 0x80000001, /* reuse TxDesc before tx completion */
+ VMXNET3_ERR_BIG_PKT = 0x80000002, /* too many TxDesc for a pkt */
+ VMXNET3_ERR_DESC_NOT_SPT = 0x80000003, /* descriptor type not supported */
+ VMXNET3_ERR_SMALL_BUF = 0x80000004, /* type 0 buffer too small */
+ VMXNET3_ERR_STRESS = 0x80000005, /* stress option firing in vmkernel */
+ VMXNET3_ERR_SWITCH = 0x80000006, /* mode switch failure */
+ VMXNET3_ERR_TXD_INVALID = 0x80000007, /* invalid TxDesc */
+};
+
+/* completion descriptor types */
+#define VMXNET3_CDTYPE_TXCOMP 0 /* Tx Completion Descriptor */
+#define VMXNET3_CDTYPE_RXCOMP 3 /* Rx Completion Descriptor */
+
+enum {
+ VMXNET3_GOS_BITS_UNK = 0, /* unknown */
+ VMXNET3_GOS_BITS_32 = 1,
+ VMXNET3_GOS_BITS_64 = 2,
+};
+
+#define VMXNET3_GOS_TYPE_UNK 0 /* unknown */
+#define VMXNET3_GOS_TYPE_LINUX 1
+#define VMXNET3_GOS_TYPE_WIN 2
+#define VMXNET3_GOS_TYPE_SOLARIS 3
+#define VMXNET3_GOS_TYPE_FREEBSD 4
+#define VMXNET3_GOS_TYPE_PXE 5
+
+struct Vmxnet3_GOSInfo {
+#ifdef __BIG_ENDIAN_BITFIELD
+ u32 gosMisc:10; /* other info about gos */
+ u32 gosVer:16; /* gos version */
+ u32 gosType:4; /* which guest */
+ u32 gosBits:2; /* 32-bit or 64-bit? */
+#else
+ u32 gosBits:2; /* 32-bit or 64-bit? */
+ u32 gosType:4; /* which guest */
+ u32 gosVer:16; /* gos version */
+ u32 gosMisc:10; /* other info about gos */
+#endif /* __BIG_ENDIAN_BITFIELD */
+};
+
+struct Vmxnet3_DriverInfo {
+ __le32 version;
+ struct Vmxnet3_GOSInfo gos;
+ __le32 vmxnet3RevSpt;
+ __le32 uptVerSpt;
+};
+
+
+#define VMXNET3_REV1_MAGIC 0xbabefee1
+
+/*
+ * QueueDescPA must be 128 bytes aligned. It points to an array of
+ * Vmxnet3_TxQueueDesc followed by an array of Vmxnet3_RxQueueDesc.
+ * The number of Vmxnet3_TxQueueDesc/Vmxnet3_RxQueueDesc are specified by
+ * Vmxnet3_MiscConf.numTxQueues/numRxQueues, respectively.
+ */
+#define VMXNET3_QUEUE_DESC_ALIGN 128
+
+
+struct Vmxnet3_MiscConf {
+ struct Vmxnet3_DriverInfo driverInfo;
+ __le64 uptFeatures;
+ __le64 ddPA; /* driver data PA */
+ __le64 queueDescPA; /* queue descriptor table PA */
+ __le32 ddLen; /* driver data len */
+ __le32 queueDescLen; /* queue desc. table len in bytes */
+ __le32 mtu;
+ __le16 maxNumRxSG;
+ u8 numTxQueues;
+ u8 numRxQueues;
+ __le32 reserved[4];
+};
+
+
+struct Vmxnet3_TxQueueConf {
+ __le64 txRingBasePA;
+ __le64 dataRingBasePA;
+ __le64 compRingBasePA;
+ __le64 ddPA; /* driver data */
+ __le64 reserved;
+ __le32 txRingSize; /* # of tx desc */
+ __le32 dataRingSize; /* # of data desc */
+ __le32 compRingSize; /* # of comp desc */
+ __le32 ddLen; /* size of driver data */
+ u8 intrIdx;
+ u8 _pad[7];
+};
+
+
+struct Vmxnet3_RxQueueConf {
+ __le64 rxRingBasePA[2];
+ __le64 compRingBasePA;
+ __le64 ddPA; /* driver data */
+ __le64 reserved;
+ __le32 rxRingSize[2]; /* # of rx desc */
+ __le32 compRingSize; /* # of rx comp desc */
+ __le32 ddLen; /* size of driver data */
+ u8 intrIdx;
+ u8 _pad[7];
+};
+
+
+enum vmxnet3_intr_mask_mode {
+ VMXNET3_IMM_AUTO = 0,
+ VMXNET3_IMM_ACTIVE = 1,
+ VMXNET3_IMM_LAZY = 2
+};
+
+enum vmxnet3_intr_type {
+ VMXNET3_IT_AUTO = 0,
+ VMXNET3_IT_INTX = 1,
+ VMXNET3_IT_MSI = 2,
+ VMXNET3_IT_MSIX = 3
+};
+
+#define VMXNET3_MAX_TX_QUEUES 8
+#define VMXNET3_MAX_RX_QUEUES 16
+/* addition 1 for events */
+#define VMXNET3_MAX_INTRS 25
+
+/* value of intrCtrl */
+#define VMXNET3_IC_DISABLE_ALL 0x1 /* bit 0 */
+
+
+struct Vmxnet3_IntrConf {
+ bool autoMask;
+ u8 numIntrs; /* # of interrupts */
+ u8 eventIntrIdx;
+ u8 modLevels[VMXNET3_MAX_INTRS]; /* moderation level for
+ * each intr */
+ __le32 intrCtrl;
+ __le32 reserved[2];
+};
+
+/* one bit per VLAN ID, the size is in the units of u32 */
+#define VMXNET3_VFT_SIZE (4096/(sizeof(uint32_t)*8))
+
+
+struct Vmxnet3_QueueStatus {
+ bool stopped;
+ u8 _pad[3];
+ __le32 error;
+};
+
+
+struct Vmxnet3_TxQueueCtrl {
+ __le32 txNumDeferred;
+ __le32 txThreshold;
+ __le64 reserved;
+};
+
+
+struct Vmxnet3_RxQueueCtrl {
+ bool updateRxProd;
+ u8 _pad[7];
+ __le64 reserved;
+};
+
+enum {
+ VMXNET3_RXM_UCAST = 0x01, /* unicast only */
+ VMXNET3_RXM_MCAST = 0x02, /* multicast passing the filters */
+ VMXNET3_RXM_BCAST = 0x04, /* broadcast only */
+ VMXNET3_RXM_ALL_MULTI = 0x08, /* all multicast */
+ VMXNET3_RXM_PROMISC = 0x10 /* promiscuous */
+};
+
+struct Vmxnet3_RxFilterConf {
+ __le32 rxMode; /* VMXNET3_RXM_xxx */
+ __le16 mfTableLen; /* size of the multicast filter table */
+ __le16 _pad1;
+ __le64 mfTablePA; /* PA of the multicast filters table */
+ __le32 vfTable[VMXNET3_VFT_SIZE]; /* vlan filter */
+};
+
+
+#define VMXNET3_PM_MAX_FILTERS 6
+#define VMXNET3_PM_MAX_PATTERN_SIZE 128
+#define VMXNET3_PM_MAX_MASK_SIZE (VMXNET3_PM_MAX_PATTERN_SIZE / 8)
+
+#define VMXNET3_PM_WAKEUP_MAGIC cpu_to_le16(0x01) /* wake up on magic pkts */
+#define VMXNET3_PM_WAKEUP_FILTER cpu_to_le16(0x02) /* wake up on pkts matching
+ * filters */
+
+
+struct Vmxnet3_PM_PktFilter {
+ u8 maskSize;
+ u8 patternSize;
+ u8 mask[VMXNET3_PM_MAX_MASK_SIZE];
+ u8 pattern[VMXNET3_PM_MAX_PATTERN_SIZE];
+ u8 pad[6];
+};
+
+
+struct Vmxnet3_PMConf {
+ __le16 wakeUpEvents; /* VMXNET3_PM_WAKEUP_xxx */
+ u8 numFilters;
+ u8 pad[5];
+ struct Vmxnet3_PM_PktFilter filters[VMXNET3_PM_MAX_FILTERS];
+};
+
+
+struct Vmxnet3_VariableLenConfDesc {
+ __le32 confVer;
+ __le32 confLen;
+ __le64 confPA;
+};
+
+
+struct Vmxnet3_TxQueueDesc {
+ struct Vmxnet3_TxQueueCtrl ctrl;
+ struct Vmxnet3_TxQueueConf conf;
+
+ /* Driver read after a GET command */
+ struct Vmxnet3_QueueStatus status;
+ struct UPT1_TxStats stats;
+ u8 _pad[88]; /* 128 aligned */
+};
+
+
+struct Vmxnet3_RxQueueDesc {
+ struct Vmxnet3_RxQueueCtrl ctrl;
+ struct Vmxnet3_RxQueueConf conf;
+ /* Driver read after a GET commad */
+ struct Vmxnet3_QueueStatus status;
+ struct UPT1_RxStats stats;
+ u8 __pad[88]; /* 128 aligned */
+};
+
+
+struct Vmxnet3_DSDevRead {
+ /* read-only region for device, read by dev in response to a SET cmd */
+ struct Vmxnet3_MiscConf misc;
+ struct Vmxnet3_IntrConf intrConf;
+ struct Vmxnet3_RxFilterConf rxFilterConf;
+ struct Vmxnet3_VariableLenConfDesc rssConfDesc;
+ struct Vmxnet3_VariableLenConfDesc pmConfDesc;
+ struct Vmxnet3_VariableLenConfDesc pluginConfDesc;
+};
+
+/* All structures in DriverShared are padded to multiples of 8 bytes */
+struct Vmxnet3_DriverShared {
+ __le32 magic;
+ /* make devRead start at 64bit boundaries */
+ __le32 pad;
+ struct Vmxnet3_DSDevRead devRead;
+ __le32 ecr;
+ __le32 reserved[5];
+};
+
+
+#define VMXNET3_ECR_RQERR (1 << 0)
+#define VMXNET3_ECR_TQERR (1 << 1)
+#define VMXNET3_ECR_LINK (1 << 2)
+#define VMXNET3_ECR_DIC (1 << 3)
+#define VMXNET3_ECR_DEBUG (1 << 4)
+
+/* flip the gen bit of a ring */
+#define VMXNET3_FLIP_RING_GEN(gen) ((gen) = (gen) ^ 0x1)
+
+/* only use this if moving the idx won't affect the gen bit */
+#define VMXNET3_INC_RING_IDX_ONLY(idx, ring_size) \
+ do {\
+ (idx)++;\
+ if (unlikely((idx) == (ring_size))) {\
+ (idx) = 0;\
+ } \
+ } while (0)
+
+#define VMXNET3_SET_VFTABLE_ENTRY(vfTable, vid) \
+ (vfTable[vid >> 5] |= (1 << (vid & 31)))
+#define VMXNET3_CLEAR_VFTABLE_ENTRY(vfTable, vid) \
+ (vfTable[vid >> 5] &= ~(1 << (vid & 31)))
+
+#define VMXNET3_VFTABLE_ENTRY_IS_SET(vfTable, vid) \
+ ((vfTable[vid >> 5] & (1 << (vid & 31))) != 0)
+
+#define VMXNET3_MAX_MTU 9000
+#define VMXNET3_MIN_MTU 60
+
+#define VMXNET3_LINK_UP (10000 << 16 | 1) /* 10 Gbps, up */
+#define VMXNET3_LINK_DOWN 0
+
+#undef u64
+#undef u32
+#undef u16
+#undef u8
+#undef __le16
+#undef __le32
+#undef __le64
+#undef __packed
+#if defined(HOST_WORDS_BIGENDIAN)
+#undef __BIG_ENDIAN_BITFIELD
+#endif
+
+#endif
diff --git a/hw/net/vmxnet_debug.h b/hw/net/vmxnet_debug.h
new file mode 100644
index 000000000..96dae0f91
--- /dev/null
+++ b/hw/net/vmxnet_debug.h
@@ -0,0 +1,115 @@
+/*
+ * QEMU VMWARE VMXNET* paravirtual NICs - debugging facilities
+ *
+ * Copyright (c) 2012 Ravello Systems LTD (http://ravellosystems.com)
+ *
+ * Developed by Daynix Computing LTD (http://www.daynix.com)
+ *
+ * Authors:
+ * Dmitry Fleytman <dmitry@daynix.com>
+ * Tamir Shomer <tamirs@daynix.com>
+ * Yan Vugenfirer <yan@daynix.com>
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or later.
+ * See the COPYING file in the top-level directory.
+ *
+ */
+
+#ifndef _QEMU_VMXNET_DEBUG_H
+#define _QEMU_VMXNET_DEBUG_H
+
+#define VMXNET_DEVICE_NAME "vmxnet3"
+
+/* #define VMXNET_DEBUG_CB */
+#define VMXNET_DEBUG_WARNINGS
+#define VMXNET_DEBUG_ERRORS
+/* #define VMXNET_DEBUG_INTERRUPTS */
+/* #define VMXNET_DEBUG_CONFIG */
+/* #define VMXNET_DEBUG_RINGS */
+/* #define VMXNET_DEBUG_PACKETS */
+/* #define VMXNET_DEBUG_SHMEM_ACCESS */
+
+#ifdef VMXNET_DEBUG_SHMEM_ACCESS
+#define VMW_SHPRN(fmt, ...) \
+ do { \
+ printf("[%s][SH][%s]: " fmt "\n", VMXNET_DEVICE_NAME, __func__, \
+ ## __VA_ARGS__); \
+ } while (0)
+#else
+#define VMW_SHPRN(fmt, ...) do {} while (0)
+#endif
+
+#ifdef VMXNET_DEBUG_CB
+#define VMW_CBPRN(fmt, ...) \
+ do { \
+ printf("[%s][CB][%s]: " fmt "\n", VMXNET_DEVICE_NAME, __func__, \
+ ## __VA_ARGS__); \
+ } while (0)
+#else
+#define VMW_CBPRN(fmt, ...) do {} while (0)
+#endif
+
+#ifdef VMXNET_DEBUG_PACKETS
+#define VMW_PKPRN(fmt, ...) \
+ do { \
+ printf("[%s][PK][%s]: " fmt "\n", VMXNET_DEVICE_NAME, __func__, \
+ ## __VA_ARGS__); \
+ } while (0)
+#else
+#define VMW_PKPRN(fmt, ...) do {} while (0)
+#endif
+
+#ifdef VMXNET_DEBUG_WARNINGS
+#define VMW_WRPRN(fmt, ...) \
+ do { \
+ printf("[%s][WR][%s]: " fmt "\n", VMXNET_DEVICE_NAME, __func__, \
+ ## __VA_ARGS__); \
+ } while (0)
+#else
+#define VMW_WRPRN(fmt, ...) do {} while (0)
+#endif
+
+#ifdef VMXNET_DEBUG_ERRORS
+#define VMW_ERPRN(fmt, ...) \
+ do { \
+ printf("[%s][ER][%s]: " fmt "\n", VMXNET_DEVICE_NAME, __func__, \
+ ## __VA_ARGS__); \
+ } while (0)
+#else
+#define VMW_ERPRN(fmt, ...) do {} while (0)
+#endif
+
+#ifdef VMXNET_DEBUG_INTERRUPTS
+#define VMW_IRPRN(fmt, ...) \
+ do { \
+ printf("[%s][IR][%s]: " fmt "\n", VMXNET_DEVICE_NAME, __func__, \
+ ## __VA_ARGS__); \
+ } while (0)
+#else
+#define VMW_IRPRN(fmt, ...) do {} while (0)
+#endif
+
+#ifdef VMXNET_DEBUG_CONFIG
+#define VMW_CFPRN(fmt, ...) \
+ do { \
+ printf("[%s][CF][%s]: " fmt "\n", VMXNET_DEVICE_NAME, __func__, \
+ ## __VA_ARGS__); \
+ } while (0)
+#else
+#define VMW_CFPRN(fmt, ...) do {} while (0)
+#endif
+
+#ifdef VMXNET_DEBUG_RINGS
+#define VMW_RIPRN(fmt, ...) \
+ do { \
+ printf("[%s][RI][%s]: " fmt "\n", VMXNET_DEVICE_NAME, __func__, \
+ ## __VA_ARGS__); \
+ } while (0)
+#else
+#define VMW_RIPRN(fmt, ...) do {} while (0)
+#endif
+
+#define VMXNET_MF "%02X:%02X:%02X:%02X:%02X:%02X"
+#define VMXNET_MA(a) (a)[0], (a)[1], (a)[2], (a)[3], (a)[4], (a)[5]
+
+#endif /* _QEMU_VMXNET3_DEBUG_H */
diff --git a/hw/net/vmxnet_rx_pkt.c b/hw/net/vmxnet_rx_pkt.c
new file mode 100644
index 000000000..a40e34629
--- /dev/null
+++ b/hw/net/vmxnet_rx_pkt.c
@@ -0,0 +1,187 @@
+/*
+ * QEMU VMWARE VMXNET* paravirtual NICs - RX packets abstractions
+ *
+ * Copyright (c) 2012 Ravello Systems LTD (http://ravellosystems.com)
+ *
+ * Developed by Daynix Computing LTD (http://www.daynix.com)
+ *
+ * Authors:
+ * Dmitry Fleytman <dmitry@daynix.com>
+ * Tamir Shomer <tamirs@daynix.com>
+ * Yan Vugenfirer <yan@daynix.com>
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or later.
+ * See the COPYING file in the top-level directory.
+ *
+ */
+
+#include "vmxnet_rx_pkt.h"
+#include "net/eth.h"
+#include "qemu-common.h"
+#include "qemu/iov.h"
+#include "net/checksum.h"
+#include "net/tap.h"
+
+/*
+ * RX packet may contain up to 2 fragments - rebuilt eth header
+ * in case of VLAN tag stripping
+ * and payload received from QEMU - in any case
+ */
+#define VMXNET_MAX_RX_PACKET_FRAGMENTS (2)
+
+struct VmxnetRxPkt {
+ struct virtio_net_hdr virt_hdr;
+ uint8_t ehdr_buf[ETH_MAX_L2_HDR_LEN];
+ struct iovec vec[VMXNET_MAX_RX_PACKET_FRAGMENTS];
+ uint16_t vec_len;
+ uint32_t tot_len;
+ uint16_t tci;
+ bool vlan_stripped;
+ bool has_virt_hdr;
+ eth_pkt_types_e packet_type;
+
+ /* Analysis results */
+ bool isip4;
+ bool isip6;
+ bool isudp;
+ bool istcp;
+};
+
+void vmxnet_rx_pkt_init(struct VmxnetRxPkt **pkt, bool has_virt_hdr)
+{
+ struct VmxnetRxPkt *p = g_malloc0(sizeof *p);
+ p->has_virt_hdr = has_virt_hdr;
+ *pkt = p;
+}
+
+void vmxnet_rx_pkt_uninit(struct VmxnetRxPkt *pkt)
+{
+ g_free(pkt);
+}
+
+struct virtio_net_hdr *vmxnet_rx_pkt_get_vhdr(struct VmxnetRxPkt *pkt)
+{
+ assert(pkt);
+ return &pkt->virt_hdr;
+}
+
+void vmxnet_rx_pkt_attach_data(struct VmxnetRxPkt *pkt, const void *data,
+ size_t len, bool strip_vlan)
+{
+ uint16_t tci = 0;
+ uint16_t ploff;
+ assert(pkt);
+ pkt->vlan_stripped = false;
+
+ if (strip_vlan) {
+ pkt->vlan_stripped = eth_strip_vlan(data, pkt->ehdr_buf, &ploff, &tci);
+ }
+
+ if (pkt->vlan_stripped) {
+ pkt->vec[0].iov_base = pkt->ehdr_buf;
+ pkt->vec[0].iov_len = ploff - sizeof(struct vlan_header);
+ pkt->vec[1].iov_base = (uint8_t *) data + ploff;
+ pkt->vec[1].iov_len = len - ploff;
+ pkt->vec_len = 2;
+ pkt->tot_len = len - ploff + sizeof(struct eth_header);
+ } else {
+ pkt->vec[0].iov_base = (void *)data;
+ pkt->vec[0].iov_len = len;
+ pkt->vec_len = 1;
+ pkt->tot_len = len;
+ }
+
+ pkt->tci = tci;
+
+ eth_get_protocols(data, len, &pkt->isip4, &pkt->isip6,
+ &pkt->isudp, &pkt->istcp);
+}
+
+void vmxnet_rx_pkt_dump(struct VmxnetRxPkt *pkt)
+{
+#ifdef VMXNET_RX_PKT_DEBUG
+ VmxnetRxPkt *pkt = (VmxnetRxPkt *)pkt;
+ assert(pkt);
+
+ printf("RX PKT: tot_len: %d, vlan_stripped: %d, vlan_tag: %d\n",
+ pkt->tot_len, pkt->vlan_stripped, pkt->tci);
+#endif
+}
+
+void vmxnet_rx_pkt_set_packet_type(struct VmxnetRxPkt *pkt,
+ eth_pkt_types_e packet_type)
+{
+ assert(pkt);
+
+ pkt->packet_type = packet_type;
+
+}
+
+eth_pkt_types_e vmxnet_rx_pkt_get_packet_type(struct VmxnetRxPkt *pkt)
+{
+ assert(pkt);
+
+ return pkt->packet_type;
+}
+
+size_t vmxnet_rx_pkt_get_total_len(struct VmxnetRxPkt *pkt)
+{
+ assert(pkt);
+
+ return pkt->tot_len;
+}
+
+void vmxnet_rx_pkt_get_protocols(struct VmxnetRxPkt *pkt,
+ bool *isip4, bool *isip6,
+ bool *isudp, bool *istcp)
+{
+ assert(pkt);
+
+ *isip4 = pkt->isip4;
+ *isip6 = pkt->isip6;
+ *isudp = pkt->isudp;
+ *istcp = pkt->istcp;
+}
+
+struct iovec *vmxnet_rx_pkt_get_iovec(struct VmxnetRxPkt *pkt)
+{
+ assert(pkt);
+
+ return pkt->vec;
+}
+
+void vmxnet_rx_pkt_set_vhdr(struct VmxnetRxPkt *pkt,
+ struct virtio_net_hdr *vhdr)
+{
+ assert(pkt);
+
+ memcpy(&pkt->virt_hdr, vhdr, sizeof pkt->virt_hdr);
+}
+
+bool vmxnet_rx_pkt_is_vlan_stripped(struct VmxnetRxPkt *pkt)
+{
+ assert(pkt);
+
+ return pkt->vlan_stripped;
+}
+
+bool vmxnet_rx_pkt_has_virt_hdr(struct VmxnetRxPkt *pkt)
+{
+ assert(pkt);
+
+ return pkt->has_virt_hdr;
+}
+
+uint16_t vmxnet_rx_pkt_get_num_frags(struct VmxnetRxPkt *pkt)
+{
+ assert(pkt);
+
+ return pkt->vec_len;
+}
+
+uint16_t vmxnet_rx_pkt_get_vlan_tag(struct VmxnetRxPkt *pkt)
+{
+ assert(pkt);
+
+ return pkt->tci;
+}
diff --git a/hw/net/vmxnet_rx_pkt.h b/hw/net/vmxnet_rx_pkt.h
new file mode 100644
index 000000000..6b2c60ef1
--- /dev/null
+++ b/hw/net/vmxnet_rx_pkt.h
@@ -0,0 +1,174 @@
+/*
+ * QEMU VMWARE VMXNET* paravirtual NICs - RX packets abstraction
+ *
+ * Copyright (c) 2012 Ravello Systems LTD (http://ravellosystems.com)
+ *
+ * Developed by Daynix Computing LTD (http://www.daynix.com)
+ *
+ * Authors:
+ * Dmitry Fleytman <dmitry@daynix.com>
+ * Tamir Shomer <tamirs@daynix.com>
+ * Yan Vugenfirer <yan@daynix.com>
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or later.
+ * See the COPYING file in the top-level directory.
+ *
+ */
+
+#ifndef VMXNET_RX_PKT_H
+#define VMXNET_RX_PKT_H
+
+#include "stdint.h"
+#include "stdbool.h"
+#include "net/eth.h"
+
+/* defines to enable packet dump functions */
+/*#define VMXNET_RX_PKT_DEBUG*/
+
+struct VmxnetRxPkt;
+
+/**
+ * Clean all rx packet resources
+ *
+ * @pkt: packet
+ *
+ */
+void vmxnet_rx_pkt_uninit(struct VmxnetRxPkt *pkt);
+
+/**
+ * Init function for rx packet functionality
+ *
+ * @pkt: packet pointer
+ * @has_virt_hdr: device uses virtio header
+ *
+ */
+void vmxnet_rx_pkt_init(struct VmxnetRxPkt **pkt, bool has_virt_hdr);
+
+/**
+ * returns total length of data attached to rx context
+ *
+ * @pkt: packet
+ *
+ * Return: nothing
+ *
+ */
+size_t vmxnet_rx_pkt_get_total_len(struct VmxnetRxPkt *pkt);
+
+/**
+ * fetches packet analysis results
+ *
+ * @pkt: packet
+ * @isip4: whether the packet given is IPv4
+ * @isip6: whether the packet given is IPv6
+ * @isudp: whether the packet given is UDP
+ * @istcp: whether the packet given is TCP
+ *
+ */
+void vmxnet_rx_pkt_get_protocols(struct VmxnetRxPkt *pkt,
+ bool *isip4, bool *isip6,
+ bool *isudp, bool *istcp);
+
+/**
+ * returns virtio header stored in rx context
+ *
+ * @pkt: packet
+ * @ret: virtio header
+ *
+ */
+struct virtio_net_hdr *vmxnet_rx_pkt_get_vhdr(struct VmxnetRxPkt *pkt);
+
+/**
+ * returns packet type
+ *
+ * @pkt: packet
+ * @ret: packet type
+ *
+ */
+eth_pkt_types_e vmxnet_rx_pkt_get_packet_type(struct VmxnetRxPkt *pkt);
+
+/**
+ * returns vlan tag
+ *
+ * @pkt: packet
+ * @ret: VLAN tag
+ *
+ */
+uint16_t vmxnet_rx_pkt_get_vlan_tag(struct VmxnetRxPkt *pkt);
+
+/**
+ * tells whether vlan was stripped from the packet
+ *
+ * @pkt: packet
+ * @ret: VLAN stripped sign
+ *
+ */
+bool vmxnet_rx_pkt_is_vlan_stripped(struct VmxnetRxPkt *pkt);
+
+/**
+ * notifies caller if the packet has virtio header
+ *
+ * @pkt: packet
+ * @ret: true if packet has virtio header, false otherwize
+ *
+ */
+bool vmxnet_rx_pkt_has_virt_hdr(struct VmxnetRxPkt *pkt);
+
+/**
+ * returns number of frags attached to the packet
+ *
+ * @pkt: packet
+ * @ret: number of frags
+ *
+ */
+uint16_t vmxnet_rx_pkt_get_num_frags(struct VmxnetRxPkt *pkt);
+
+/**
+ * attach data to rx packet
+ *
+ * @pkt: packet
+ * @data: pointer to the data buffer
+ * @len: data length
+ * @strip_vlan: should the module strip vlan from data
+ *
+ */
+void vmxnet_rx_pkt_attach_data(struct VmxnetRxPkt *pkt, const void *data,
+ size_t len, bool strip_vlan);
+
+/**
+ * returns io vector that holds the attached data
+ *
+ * @pkt: packet
+ * @ret: pointer to IOVec
+ *
+ */
+struct iovec *vmxnet_rx_pkt_get_iovec(struct VmxnetRxPkt *pkt);
+
+/**
+ * prints rx packet data if debug is enabled
+ *
+ * @pkt: packet
+ *
+ */
+void vmxnet_rx_pkt_dump(struct VmxnetRxPkt *pkt);
+
+/**
+ * copy passed vhdr data to packet context
+ *
+ * @pkt: packet
+ * @vhdr: VHDR buffer
+ *
+ */
+void vmxnet_rx_pkt_set_vhdr(struct VmxnetRxPkt *pkt,
+ struct virtio_net_hdr *vhdr);
+
+/**
+ * save packet type in packet context
+ *
+ * @pkt: packet
+ * @packet_type: the packet type
+ *
+ */
+void vmxnet_rx_pkt_set_packet_type(struct VmxnetRxPkt *pkt,
+ eth_pkt_types_e packet_type);
+
+#endif
diff --git a/hw/net/vmxnet_tx_pkt.c b/hw/net/vmxnet_tx_pkt.c
new file mode 100644
index 000000000..f7344c4cb
--- /dev/null
+++ b/hw/net/vmxnet_tx_pkt.c
@@ -0,0 +1,567 @@
+/*
+ * QEMU VMWARE VMXNET* paravirtual NICs - TX packets abstractions
+ *
+ * Copyright (c) 2012 Ravello Systems LTD (http://ravellosystems.com)
+ *
+ * Developed by Daynix Computing LTD (http://www.daynix.com)
+ *
+ * Authors:
+ * Dmitry Fleytman <dmitry@daynix.com>
+ * Tamir Shomer <tamirs@daynix.com>
+ * Yan Vugenfirer <yan@daynix.com>
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or later.
+ * See the COPYING file in the top-level directory.
+ *
+ */
+
+#include "hw/hw.h"
+#include "vmxnet_tx_pkt.h"
+#include "net/eth.h"
+#include "qemu-common.h"
+#include "qemu/iov.h"
+#include "net/checksum.h"
+#include "net/tap.h"
+#include "net/net.h"
+
+enum {
+ VMXNET_TX_PKT_VHDR_FRAG = 0,
+ VMXNET_TX_PKT_L2HDR_FRAG,
+ VMXNET_TX_PKT_L3HDR_FRAG,
+ VMXNET_TX_PKT_PL_START_FRAG
+};
+
+/* TX packet private context */
+struct VmxnetTxPkt {
+ struct virtio_net_hdr virt_hdr;
+ bool has_virt_hdr;
+
+ struct iovec *raw;
+ uint32_t raw_frags;
+ uint32_t max_raw_frags;
+
+ struct iovec *vec;
+
+ uint8_t l2_hdr[ETH_MAX_L2_HDR_LEN];
+
+ uint32_t payload_len;
+
+ uint32_t payload_frags;
+ uint32_t max_payload_frags;
+
+ uint16_t hdr_len;
+ eth_pkt_types_e packet_type;
+ uint8_t l4proto;
+};
+
+void vmxnet_tx_pkt_init(struct VmxnetTxPkt **pkt, uint32_t max_frags,
+ bool has_virt_hdr)
+{
+ struct VmxnetTxPkt *p = g_malloc0(sizeof *p);
+
+ p->vec = g_malloc((sizeof *p->vec) *
+ (max_frags + VMXNET_TX_PKT_PL_START_FRAG));
+
+ p->raw = g_malloc((sizeof *p->raw) * max_frags);
+
+ p->max_payload_frags = max_frags;
+ p->max_raw_frags = max_frags;
+ p->has_virt_hdr = has_virt_hdr;
+ p->vec[VMXNET_TX_PKT_VHDR_FRAG].iov_base = &p->virt_hdr;
+ p->vec[VMXNET_TX_PKT_VHDR_FRAG].iov_len =
+ p->has_virt_hdr ? sizeof p->virt_hdr : 0;
+ p->vec[VMXNET_TX_PKT_L2HDR_FRAG].iov_base = &p->l2_hdr;
+ p->vec[VMXNET_TX_PKT_L3HDR_FRAG].iov_base = NULL;
+ p->vec[VMXNET_TX_PKT_L3HDR_FRAG].iov_len = 0;
+
+ *pkt = p;
+}
+
+void vmxnet_tx_pkt_uninit(struct VmxnetTxPkt *pkt)
+{
+ if (pkt) {
+ g_free(pkt->vec);
+ g_free(pkt->raw);
+ g_free(pkt);
+ }
+}
+
+void vmxnet_tx_pkt_update_ip_checksums(struct VmxnetTxPkt *pkt)
+{
+ uint16_t csum;
+ uint32_t ph_raw_csum;
+ assert(pkt);
+ uint8_t gso_type = pkt->virt_hdr.gso_type & ~VIRTIO_NET_HDR_GSO_ECN;
+ struct ip_header *ip_hdr;
+
+ if (VIRTIO_NET_HDR_GSO_TCPV4 != gso_type &&
+ VIRTIO_NET_HDR_GSO_UDP != gso_type) {
+ return;
+ }
+
+ ip_hdr = pkt->vec[VMXNET_TX_PKT_L3HDR_FRAG].iov_base;
+
+ if (pkt->payload_len + pkt->vec[VMXNET_TX_PKT_L3HDR_FRAG].iov_len >
+ ETH_MAX_IP_DGRAM_LEN) {
+ return;
+ }
+
+ ip_hdr->ip_len = cpu_to_be16(pkt->payload_len +
+ pkt->vec[VMXNET_TX_PKT_L3HDR_FRAG].iov_len);
+
+ /* Calculate IP header checksum */
+ ip_hdr->ip_sum = 0;
+ csum = net_raw_checksum((uint8_t *)ip_hdr,
+ pkt->vec[VMXNET_TX_PKT_L3HDR_FRAG].iov_len);
+ ip_hdr->ip_sum = cpu_to_be16(csum);
+
+ /* Calculate IP pseudo header checksum */
+ ph_raw_csum = eth_calc_pseudo_hdr_csum(ip_hdr, pkt->payload_len);
+ csum = cpu_to_be16(~net_checksum_finish(ph_raw_csum));
+ iov_from_buf(&pkt->vec[VMXNET_TX_PKT_PL_START_FRAG], pkt->payload_frags,
+ pkt->virt_hdr.csum_offset, &csum, sizeof(csum));
+}
+
+static void vmxnet_tx_pkt_calculate_hdr_len(struct VmxnetTxPkt *pkt)
+{
+ pkt->hdr_len = pkt->vec[VMXNET_TX_PKT_L2HDR_FRAG].iov_len +
+ pkt->vec[VMXNET_TX_PKT_L3HDR_FRAG].iov_len;
+}
+
+static bool vmxnet_tx_pkt_parse_headers(struct VmxnetTxPkt *pkt)
+{
+ struct iovec *l2_hdr, *l3_hdr;
+ size_t bytes_read;
+ size_t full_ip6hdr_len;
+ uint16_t l3_proto;
+
+ assert(pkt);
+
+ l2_hdr = &pkt->vec[VMXNET_TX_PKT_L2HDR_FRAG];
+ l3_hdr = &pkt->vec[VMXNET_TX_PKT_L3HDR_FRAG];
+
+ bytes_read = iov_to_buf(pkt->raw, pkt->raw_frags, 0, l2_hdr->iov_base,
+ ETH_MAX_L2_HDR_LEN);
+ if (bytes_read < ETH_MAX_L2_HDR_LEN) {
+ l2_hdr->iov_len = 0;
+ return false;
+ } else {
+ l2_hdr->iov_len = eth_get_l2_hdr_length(l2_hdr->iov_base);
+ }
+
+ l3_proto = eth_get_l3_proto(l2_hdr->iov_base, l2_hdr->iov_len);
+
+ switch (l3_proto) {
+ case ETH_P_IP:
+ l3_hdr->iov_base = g_malloc(ETH_MAX_IP4_HDR_LEN);
+
+ bytes_read = iov_to_buf(pkt->raw, pkt->raw_frags, l2_hdr->iov_len,
+ l3_hdr->iov_base, sizeof(struct ip_header));
+
+ if (bytes_read < sizeof(struct ip_header)) {
+ l3_hdr->iov_len = 0;
+ return false;
+ }
+
+ l3_hdr->iov_len = IP_HDR_GET_LEN(l3_hdr->iov_base);
+ pkt->l4proto = ((struct ip_header *) l3_hdr->iov_base)->ip_p;
+
+ /* copy optional IPv4 header data */
+ bytes_read = iov_to_buf(pkt->raw, pkt->raw_frags,
+ l2_hdr->iov_len + sizeof(struct ip_header),
+ l3_hdr->iov_base + sizeof(struct ip_header),
+ l3_hdr->iov_len - sizeof(struct ip_header));
+ if (bytes_read < l3_hdr->iov_len - sizeof(struct ip_header)) {
+ l3_hdr->iov_len = 0;
+ return false;
+ }
+ break;
+
+ case ETH_P_IPV6:
+ if (!eth_parse_ipv6_hdr(pkt->raw, pkt->raw_frags, l2_hdr->iov_len,
+ &pkt->l4proto, &full_ip6hdr_len)) {
+ l3_hdr->iov_len = 0;
+ return false;
+ }
+
+ l3_hdr->iov_base = g_malloc(full_ip6hdr_len);
+
+ bytes_read = iov_to_buf(pkt->raw, pkt->raw_frags, l2_hdr->iov_len,
+ l3_hdr->iov_base, full_ip6hdr_len);
+
+ if (bytes_read < full_ip6hdr_len) {
+ l3_hdr->iov_len = 0;
+ return false;
+ } else {
+ l3_hdr->iov_len = full_ip6hdr_len;
+ }
+ break;
+
+ default:
+ l3_hdr->iov_len = 0;
+ break;
+ }
+
+ vmxnet_tx_pkt_calculate_hdr_len(pkt);
+ pkt->packet_type = get_eth_packet_type(l2_hdr->iov_base);
+ return true;
+}
+
+static bool vmxnet_tx_pkt_rebuild_payload(struct VmxnetTxPkt *pkt)
+{
+ size_t payload_len = iov_size(pkt->raw, pkt->raw_frags) - pkt->hdr_len;
+
+ pkt->payload_frags = iov_copy(&pkt->vec[VMXNET_TX_PKT_PL_START_FRAG],
+ pkt->max_payload_frags,
+ pkt->raw, pkt->raw_frags,
+ pkt->hdr_len, payload_len);
+
+ if (pkt->payload_frags != (uint32_t) -1) {
+ pkt->payload_len = payload_len;
+ return true;
+ } else {
+ return false;
+ }
+}
+
+bool vmxnet_tx_pkt_parse(struct VmxnetTxPkt *pkt)
+{
+ return vmxnet_tx_pkt_parse_headers(pkt) &&
+ vmxnet_tx_pkt_rebuild_payload(pkt);
+}
+
+struct virtio_net_hdr *vmxnet_tx_pkt_get_vhdr(struct VmxnetTxPkt *pkt)
+{
+ assert(pkt);
+ return &pkt->virt_hdr;
+}
+
+static uint8_t vmxnet_tx_pkt_get_gso_type(struct VmxnetTxPkt *pkt,
+ bool tso_enable)
+{
+ uint8_t rc = VIRTIO_NET_HDR_GSO_NONE;
+ uint16_t l3_proto;
+
+ l3_proto = eth_get_l3_proto(pkt->vec[VMXNET_TX_PKT_L2HDR_FRAG].iov_base,
+ pkt->vec[VMXNET_TX_PKT_L2HDR_FRAG].iov_len);
+
+ if (!tso_enable) {
+ goto func_exit;
+ }
+
+ rc = eth_get_gso_type(l3_proto, pkt->vec[VMXNET_TX_PKT_L3HDR_FRAG].iov_base,
+ pkt->l4proto);
+
+func_exit:
+ return rc;
+}
+
+void vmxnet_tx_pkt_build_vheader(struct VmxnetTxPkt *pkt, bool tso_enable,
+ bool csum_enable, uint32_t gso_size)
+{
+ struct tcp_hdr l4hdr;
+ assert(pkt);
+
+ /* csum has to be enabled if tso is. */
+ assert(csum_enable || !tso_enable);
+
+ pkt->virt_hdr.gso_type = vmxnet_tx_pkt_get_gso_type(pkt, tso_enable);
+
+ switch (pkt->virt_hdr.gso_type & ~VIRTIO_NET_HDR_GSO_ECN) {
+ case VIRTIO_NET_HDR_GSO_NONE:
+ pkt->virt_hdr.hdr_len = 0;
+ pkt->virt_hdr.gso_size = 0;
+ break;
+
+ case VIRTIO_NET_HDR_GSO_UDP:
+ pkt->virt_hdr.gso_size = IP_FRAG_ALIGN_SIZE(gso_size);
+ pkt->virt_hdr.hdr_len = pkt->hdr_len + sizeof(struct udp_header);
+ break;
+
+ case VIRTIO_NET_HDR_GSO_TCPV4:
+ case VIRTIO_NET_HDR_GSO_TCPV6:
+ iov_to_buf(&pkt->vec[VMXNET_TX_PKT_PL_START_FRAG], pkt->payload_frags,
+ 0, &l4hdr, sizeof(l4hdr));
+ pkt->virt_hdr.hdr_len = pkt->hdr_len + l4hdr.th_off * sizeof(uint32_t);
+ pkt->virt_hdr.gso_size = IP_FRAG_ALIGN_SIZE(gso_size);
+ break;
+
+ default:
+ g_assert_not_reached();
+ }
+
+ if (csum_enable) {
+ switch (pkt->l4proto) {
+ case IP_PROTO_TCP:
+ pkt->virt_hdr.flags = VIRTIO_NET_HDR_F_NEEDS_CSUM;
+ pkt->virt_hdr.csum_start = pkt->hdr_len;
+ pkt->virt_hdr.csum_offset = offsetof(struct tcp_hdr, th_sum);
+ break;
+ case IP_PROTO_UDP:
+ pkt->virt_hdr.flags = VIRTIO_NET_HDR_F_NEEDS_CSUM;
+ pkt->virt_hdr.csum_start = pkt->hdr_len;
+ pkt->virt_hdr.csum_offset = offsetof(struct udp_hdr, uh_sum);
+ break;
+ default:
+ break;
+ }
+ }
+}
+
+void vmxnet_tx_pkt_setup_vlan_header(struct VmxnetTxPkt *pkt, uint16_t vlan)
+{
+ bool is_new;
+ assert(pkt);
+
+ eth_setup_vlan_headers(pkt->vec[VMXNET_TX_PKT_L2HDR_FRAG].iov_base,
+ vlan, &is_new);
+
+ /* update l2hdrlen */
+ if (is_new) {
+ pkt->hdr_len += sizeof(struct vlan_header);
+ pkt->vec[VMXNET_TX_PKT_L2HDR_FRAG].iov_len +=
+ sizeof(struct vlan_header);
+ }
+}
+
+bool vmxnet_tx_pkt_add_raw_fragment(struct VmxnetTxPkt *pkt, hwaddr pa,
+ size_t len)
+{
+ hwaddr mapped_len = 0;
+ struct iovec *ventry;
+ assert(pkt);
+ assert(pkt->max_raw_frags > pkt->raw_frags);
+
+ if (!len) {
+ return true;
+ }
+
+ ventry = &pkt->raw[pkt->raw_frags];
+ mapped_len = len;
+
+ ventry->iov_base = cpu_physical_memory_map(pa, &mapped_len, false);
+ ventry->iov_len = mapped_len;
+ pkt->raw_frags += !!ventry->iov_base;
+
+ if ((ventry->iov_base == NULL) || (len != mapped_len)) {
+ return false;
+ }
+
+ return true;
+}
+
+eth_pkt_types_e vmxnet_tx_pkt_get_packet_type(struct VmxnetTxPkt *pkt)
+{
+ assert(pkt);
+
+ return pkt->packet_type;
+}
+
+size_t vmxnet_tx_pkt_get_total_len(struct VmxnetTxPkt *pkt)
+{
+ assert(pkt);
+
+ return pkt->hdr_len + pkt->payload_len;
+}
+
+void vmxnet_tx_pkt_dump(struct VmxnetTxPkt *pkt)
+{
+#ifdef VMXNET_TX_PKT_DEBUG
+ assert(pkt);
+
+ printf("TX PKT: hdr_len: %d, pkt_type: 0x%X, l2hdr_len: %lu, "
+ "l3hdr_len: %lu, payload_len: %u\n", pkt->hdr_len, pkt->packet_type,
+ pkt->vec[VMXNET_TX_PKT_L2HDR_FRAG].iov_len,
+ pkt->vec[VMXNET_TX_PKT_L3HDR_FRAG].iov_len, pkt->payload_len);
+#endif
+}
+
+void vmxnet_tx_pkt_reset(struct VmxnetTxPkt *pkt)
+{
+ int i;
+
+ /* no assert, as reset can be called before tx_pkt_init */
+ if (!pkt) {
+ return;
+ }
+
+ memset(&pkt->virt_hdr, 0, sizeof(pkt->virt_hdr));
+
+ g_free(pkt->vec[VMXNET_TX_PKT_L3HDR_FRAG].iov_base);
+ pkt->vec[VMXNET_TX_PKT_L3HDR_FRAG].iov_base = NULL;
+
+ assert(pkt->vec);
+ for (i = VMXNET_TX_PKT_L2HDR_FRAG;
+ i < pkt->payload_frags + VMXNET_TX_PKT_PL_START_FRAG; i++) {
+ pkt->vec[i].iov_len = 0;
+ }
+ pkt->payload_len = 0;
+ pkt->payload_frags = 0;
+
+ assert(pkt->raw);
+ for (i = 0; i < pkt->raw_frags; i++) {
+ assert(pkt->raw[i].iov_base);
+ cpu_physical_memory_unmap(pkt->raw[i].iov_base, pkt->raw[i].iov_len,
+ false, pkt->raw[i].iov_len);
+ pkt->raw[i].iov_len = 0;
+ }
+ pkt->raw_frags = 0;
+
+ pkt->hdr_len = 0;
+ pkt->packet_type = 0;
+ pkt->l4proto = 0;
+}
+
+static void vmxnet_tx_pkt_do_sw_csum(struct VmxnetTxPkt *pkt)
+{
+ struct iovec *iov = &pkt->vec[VMXNET_TX_PKT_L2HDR_FRAG];
+ uint32_t csum_cntr;
+ uint16_t csum = 0;
+ /* num of iovec without vhdr */
+ uint32_t iov_len = pkt->payload_frags + VMXNET_TX_PKT_PL_START_FRAG - 1;
+ uint16_t csl;
+ struct ip_header *iphdr;
+ size_t csum_offset = pkt->virt_hdr.csum_start + pkt->virt_hdr.csum_offset;
+
+ /* Put zero to checksum field */
+ iov_from_buf(iov, iov_len, csum_offset, &csum, sizeof csum);
+
+ /* Calculate L4 TCP/UDP checksum */
+ csl = pkt->payload_len;
+
+ /* data checksum */
+ csum_cntr =
+ net_checksum_add_iov(iov, iov_len, pkt->virt_hdr.csum_start, csl);
+ /* add pseudo header to csum */
+ iphdr = pkt->vec[VMXNET_TX_PKT_L3HDR_FRAG].iov_base;
+ csum_cntr += eth_calc_pseudo_hdr_csum(iphdr, csl);
+
+ /* Put the checksum obtained into the packet */
+ csum = cpu_to_be16(net_checksum_finish(csum_cntr));
+ iov_from_buf(iov, iov_len, csum_offset, &csum, sizeof csum);
+}
+
+enum {
+ VMXNET_TX_PKT_FRAGMENT_L2_HDR_POS = 0,
+ VMXNET_TX_PKT_FRAGMENT_L3_HDR_POS,
+ VMXNET_TX_PKT_FRAGMENT_HEADER_NUM
+};
+
+#define VMXNET_MAX_FRAG_SG_LIST (64)
+
+static size_t vmxnet_tx_pkt_fetch_fragment(struct VmxnetTxPkt *pkt,
+ int *src_idx, size_t *src_offset, struct iovec *dst, int *dst_idx)
+{
+ size_t fetched = 0;
+ struct iovec *src = pkt->vec;
+
+ *dst_idx = VMXNET_TX_PKT_FRAGMENT_HEADER_NUM;
+
+ while (fetched < pkt->virt_hdr.gso_size) {
+
+ /* no more place in fragment iov */
+ if (*dst_idx == VMXNET_MAX_FRAG_SG_LIST) {
+ break;
+ }
+
+ /* no more data in iovec */
+ if (*src_idx == (pkt->payload_frags + VMXNET_TX_PKT_PL_START_FRAG)) {
+ break;
+ }
+
+
+ dst[*dst_idx].iov_base = src[*src_idx].iov_base + *src_offset;
+ dst[*dst_idx].iov_len = MIN(src[*src_idx].iov_len - *src_offset,
+ pkt->virt_hdr.gso_size - fetched);
+
+ *src_offset += dst[*dst_idx].iov_len;
+ fetched += dst[*dst_idx].iov_len;
+
+ if (*src_offset == src[*src_idx].iov_len) {
+ *src_offset = 0;
+ (*src_idx)++;
+ }
+
+ (*dst_idx)++;
+ }
+
+ return fetched;
+}
+
+static bool vmxnet_tx_pkt_do_sw_fragmentation(struct VmxnetTxPkt *pkt,
+ NetClientState *nc)
+{
+ struct iovec fragment[VMXNET_MAX_FRAG_SG_LIST];
+ size_t fragment_len = 0;
+ bool more_frags = false;
+
+ /* some pointers for shorter code */
+ void *l2_iov_base, *l3_iov_base;
+ size_t l2_iov_len, l3_iov_len;
+ int src_idx = VMXNET_TX_PKT_PL_START_FRAG, dst_idx;
+ size_t src_offset = 0;
+ size_t fragment_offset = 0;
+
+ l2_iov_base = pkt->vec[VMXNET_TX_PKT_L2HDR_FRAG].iov_base;
+ l2_iov_len = pkt->vec[VMXNET_TX_PKT_L2HDR_FRAG].iov_len;
+ l3_iov_base = pkt->vec[VMXNET_TX_PKT_L3HDR_FRAG].iov_base;
+ l3_iov_len = pkt->vec[VMXNET_TX_PKT_L3HDR_FRAG].iov_len;
+
+ /* Copy headers */
+ fragment[VMXNET_TX_PKT_FRAGMENT_L2_HDR_POS].iov_base = l2_iov_base;
+ fragment[VMXNET_TX_PKT_FRAGMENT_L2_HDR_POS].iov_len = l2_iov_len;
+ fragment[VMXNET_TX_PKT_FRAGMENT_L3_HDR_POS].iov_base = l3_iov_base;
+ fragment[VMXNET_TX_PKT_FRAGMENT_L3_HDR_POS].iov_len = l3_iov_len;
+
+
+ /* Put as much data as possible and send */
+ do {
+ fragment_len = vmxnet_tx_pkt_fetch_fragment(pkt, &src_idx, &src_offset,
+ fragment, &dst_idx);
+
+ more_frags = (fragment_offset + fragment_len < pkt->payload_len);
+
+ eth_setup_ip4_fragmentation(l2_iov_base, l2_iov_len, l3_iov_base,
+ l3_iov_len, fragment_len, fragment_offset, more_frags);
+
+ eth_fix_ip4_checksum(l3_iov_base, l3_iov_len);
+
+ qemu_sendv_packet(nc, fragment, dst_idx);
+
+ fragment_offset += fragment_len;
+
+ } while (more_frags);
+
+ return true;
+}
+
+bool vmxnet_tx_pkt_send(struct VmxnetTxPkt *pkt, NetClientState *nc)
+{
+ assert(pkt);
+
+ if (!pkt->has_virt_hdr &&
+ pkt->virt_hdr.flags & VIRTIO_NET_HDR_F_NEEDS_CSUM) {
+ vmxnet_tx_pkt_do_sw_csum(pkt);
+ }
+
+ /*
+ * Since underlying infrastructure does not support IP datagrams longer
+ * than 64K we should drop such packets and don't even try to send
+ */
+ if (VIRTIO_NET_HDR_GSO_NONE != pkt->virt_hdr.gso_type) {
+ if (pkt->payload_len >
+ ETH_MAX_IP_DGRAM_LEN -
+ pkt->vec[VMXNET_TX_PKT_L3HDR_FRAG].iov_len) {
+ return false;
+ }
+ }
+
+ if (pkt->has_virt_hdr ||
+ pkt->virt_hdr.gso_type == VIRTIO_NET_HDR_GSO_NONE) {
+ qemu_sendv_packet(nc, pkt->vec,
+ pkt->payload_frags + VMXNET_TX_PKT_PL_START_FRAG);
+ return true;
+ }
+
+ return vmxnet_tx_pkt_do_sw_fragmentation(pkt, nc);
+}
diff --git a/hw/net/vmxnet_tx_pkt.h b/hw/net/vmxnet_tx_pkt.h
new file mode 100644
index 000000000..57121a6fe
--- /dev/null
+++ b/hw/net/vmxnet_tx_pkt.h
@@ -0,0 +1,148 @@
+/*
+ * QEMU VMWARE VMXNET* paravirtual NICs - TX packets abstraction
+ *
+ * Copyright (c) 2012 Ravello Systems LTD (http://ravellosystems.com)
+ *
+ * Developed by Daynix Computing LTD (http://www.daynix.com)
+ *
+ * Authors:
+ * Dmitry Fleytman <dmitry@daynix.com>
+ * Tamir Shomer <tamirs@daynix.com>
+ * Yan Vugenfirer <yan@daynix.com>
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or later.
+ * See the COPYING file in the top-level directory.
+ *
+ */
+
+#ifndef VMXNET_TX_PKT_H
+#define VMXNET_TX_PKT_H
+
+#include "stdint.h"
+#include "stdbool.h"
+#include "net/eth.h"
+#include "exec/hwaddr.h"
+
+/* define to enable packet dump functions */
+/*#define VMXNET_TX_PKT_DEBUG*/
+
+struct VmxnetTxPkt;
+
+/**
+ * Init function for tx packet functionality
+ *
+ * @pkt: packet pointer
+ * @max_frags: max tx ip fragments
+ * @has_virt_hdr: device uses virtio header.
+ */
+void vmxnet_tx_pkt_init(struct VmxnetTxPkt **pkt, uint32_t max_frags,
+ bool has_virt_hdr);
+
+/**
+ * Clean all tx packet resources.
+ *
+ * @pkt: packet.
+ */
+void vmxnet_tx_pkt_uninit(struct VmxnetTxPkt *pkt);
+
+/**
+ * get virtio header
+ *
+ * @pkt: packet
+ * @ret: virtio header
+ */
+struct virtio_net_hdr *vmxnet_tx_pkt_get_vhdr(struct VmxnetTxPkt *pkt);
+
+/**
+ * build virtio header (will be stored in module context)
+ *
+ * @pkt: packet
+ * @tso_enable: TSO enabled
+ * @csum_enable: CSO enabled
+ * @gso_size: MSS size for TSO
+ *
+ */
+void vmxnet_tx_pkt_build_vheader(struct VmxnetTxPkt *pkt, bool tso_enable,
+ bool csum_enable, uint32_t gso_size);
+
+/**
+ * updates vlan tag, and adds vlan header in case it is missing
+ *
+ * @pkt: packet
+ * @vlan: VLAN tag
+ *
+ */
+void vmxnet_tx_pkt_setup_vlan_header(struct VmxnetTxPkt *pkt, uint16_t vlan);
+
+/**
+ * populate data fragment into pkt context.
+ *
+ * @pkt: packet
+ * @pa: physical address of fragment
+ * @len: length of fragment
+ *
+ */
+bool vmxnet_tx_pkt_add_raw_fragment(struct VmxnetTxPkt *pkt, hwaddr pa,
+ size_t len);
+
+/**
+ * fix ip header fields and calculate checksums needed.
+ *
+ * @pkt: packet
+ *
+ */
+void vmxnet_tx_pkt_update_ip_checksums(struct VmxnetTxPkt *pkt);
+
+/**
+ * get length of all populated data.
+ *
+ * @pkt: packet
+ * @ret: total data length
+ *
+ */
+size_t vmxnet_tx_pkt_get_total_len(struct VmxnetTxPkt *pkt);
+
+/**
+ * get packet type
+ *
+ * @pkt: packet
+ * @ret: packet type
+ *
+ */
+eth_pkt_types_e vmxnet_tx_pkt_get_packet_type(struct VmxnetTxPkt *pkt);
+
+/**
+ * prints packet data if debug is enabled
+ *
+ * @pkt: packet
+ *
+ */
+void vmxnet_tx_pkt_dump(struct VmxnetTxPkt *pkt);
+
+/**
+ * reset tx packet private context (needed to be called between packets)
+ *
+ * @pkt: packet
+ *
+ */
+void vmxnet_tx_pkt_reset(struct VmxnetTxPkt *pkt);
+
+/**
+ * Send packet to qemu. handles sw offloads if vhdr is not supported.
+ *
+ * @pkt: packet
+ * @nc: NetClientState
+ * @ret: operation result
+ *
+ */
+bool vmxnet_tx_pkt_send(struct VmxnetTxPkt *pkt, NetClientState *nc);
+
+/**
+ * parse raw packet data and analyze offload requirements.
+ *
+ * @pkt: packet
+ *
+ */
+bool vmxnet_tx_pkt_parse(struct VmxnetTxPkt *pkt);
+
+#endif
diff --git a/hw/net/xen_nic.c b/hw/net/xen_nic.c
new file mode 100644
index 000000000..63918ae1a
--- /dev/null
+++ b/hw/net/xen_nic.c
@@ -0,0 +1,439 @@
+/*
+ * xen paravirt network card backend
+ *
+ * (c) Gerd Hoffmann <kraxel@redhat.com>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; under version 2 of the License.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, see <http://www.gnu.org/licenses/>.
+ *
+ * Contributions after 2012-01-13 are licensed under the terms of the
+ * GNU GPL, version 2 or (at your option) any later version.
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <stdarg.h>
+#include <string.h>
+#include <unistd.h>
+#include <signal.h>
+#include <inttypes.h>
+#include <fcntl.h>
+#include <errno.h>
+#include <sys/socket.h>
+#include <sys/ioctl.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <sys/mman.h>
+#include <sys/wait.h>
+
+#include "hw/hw.h"
+#include "net/net.h"
+#include "net/checksum.h"
+#include "net/util.h"
+#include "hw/xen/xen_backend.h"
+
+#include <xen/io/netif.h>
+
+/* ------------------------------------------------------------- */
+
+struct XenNetDev {
+ struct XenDevice xendev; /* must be first */
+ char *mac;
+ int tx_work;
+ int tx_ring_ref;
+ int rx_ring_ref;
+ struct netif_tx_sring *txs;
+ struct netif_rx_sring *rxs;
+ netif_tx_back_ring_t tx_ring;
+ netif_rx_back_ring_t rx_ring;
+ NICConf conf;
+ NICState *nic;
+};
+
+/* ------------------------------------------------------------- */
+
+static void net_tx_response(struct XenNetDev *netdev, netif_tx_request_t *txp, int8_t st)
+{
+ RING_IDX i = netdev->tx_ring.rsp_prod_pvt;
+ netif_tx_response_t *resp;
+ int notify;
+
+ resp = RING_GET_RESPONSE(&netdev->tx_ring, i);
+ resp->id = txp->id;
+ resp->status = st;
+
+#if 0
+ if (txp->flags & NETTXF_extra_info) {
+ RING_GET_RESPONSE(&netdev->tx_ring, ++i)->status = NETIF_RSP_NULL;
+ }
+#endif
+
+ netdev->tx_ring.rsp_prod_pvt = ++i;
+ RING_PUSH_RESPONSES_AND_CHECK_NOTIFY(&netdev->tx_ring, notify);
+ if (notify) {
+ xen_be_send_notify(&netdev->xendev);
+ }
+
+ if (i == netdev->tx_ring.req_cons) {
+ int more_to_do;
+ RING_FINAL_CHECK_FOR_REQUESTS(&netdev->tx_ring, more_to_do);
+ if (more_to_do) {
+ netdev->tx_work++;
+ }
+ }
+}
+
+static void net_tx_error(struct XenNetDev *netdev, netif_tx_request_t *txp, RING_IDX end)
+{
+#if 0
+ /*
+ * Hmm, why netback fails everything in the ring?
+ * Should we do that even when not supporting SG and TSO?
+ */
+ RING_IDX cons = netdev->tx_ring.req_cons;
+
+ do {
+ make_tx_response(netif, txp, NETIF_RSP_ERROR);
+ if (cons >= end) {
+ break;
+ }
+ txp = RING_GET_REQUEST(&netdev->tx_ring, cons++);
+ } while (1);
+ netdev->tx_ring.req_cons = cons;
+ netif_schedule_work(netif);
+ netif_put(netif);
+#else
+ net_tx_response(netdev, txp, NETIF_RSP_ERROR);
+#endif
+}
+
+static void net_tx_packets(struct XenNetDev *netdev)
+{
+ netif_tx_request_t txreq;
+ RING_IDX rc, rp;
+ void *page;
+ void *tmpbuf = NULL;
+
+ for (;;) {
+ rc = netdev->tx_ring.req_cons;
+ rp = netdev->tx_ring.sring->req_prod;
+ xen_rmb(); /* Ensure we see queued requests up to 'rp'. */
+
+ while ((rc != rp)) {
+ if (RING_REQUEST_CONS_OVERFLOW(&netdev->tx_ring, rc)) {
+ break;
+ }
+ memcpy(&txreq, RING_GET_REQUEST(&netdev->tx_ring, rc), sizeof(txreq));
+ netdev->tx_ring.req_cons = ++rc;
+
+#if 1
+ /* should not happen in theory, we don't announce the *
+ * feature-{sg,gso,whatelse} flags in xenstore (yet?) */
+ if (txreq.flags & NETTXF_extra_info) {
+ xen_be_printf(&netdev->xendev, 0, "FIXME: extra info flag\n");
+ net_tx_error(netdev, &txreq, rc);
+ continue;
+ }
+ if (txreq.flags & NETTXF_more_data) {
+ xen_be_printf(&netdev->xendev, 0, "FIXME: more data flag\n");
+ net_tx_error(netdev, &txreq, rc);
+ continue;
+ }
+#endif
+
+ if (txreq.size < 14) {
+ xen_be_printf(&netdev->xendev, 0, "bad packet size: %d\n", txreq.size);
+ net_tx_error(netdev, &txreq, rc);
+ continue;
+ }
+
+ if ((txreq.offset + txreq.size) > XC_PAGE_SIZE) {
+ xen_be_printf(&netdev->xendev, 0, "error: page crossing\n");
+ net_tx_error(netdev, &txreq, rc);
+ continue;
+ }
+
+ xen_be_printf(&netdev->xendev, 3, "tx packet ref %d, off %d, len %d, flags 0x%x%s%s%s%s\n",
+ txreq.gref, txreq.offset, txreq.size, txreq.flags,
+ (txreq.flags & NETTXF_csum_blank) ? " csum_blank" : "",
+ (txreq.flags & NETTXF_data_validated) ? " data_validated" : "",
+ (txreq.flags & NETTXF_more_data) ? " more_data" : "",
+ (txreq.flags & NETTXF_extra_info) ? " extra_info" : "");
+
+ page = xc_gnttab_map_grant_ref(netdev->xendev.gnttabdev,
+ netdev->xendev.dom,
+ txreq.gref, PROT_READ);
+ if (page == NULL) {
+ xen_be_printf(&netdev->xendev, 0, "error: tx gref dereference failed (%d)\n",
+ txreq.gref);
+ net_tx_error(netdev, &txreq, rc);
+ continue;
+ }
+ if (txreq.flags & NETTXF_csum_blank) {
+ /* have read-only mapping -> can't fill checksum in-place */
+ if (!tmpbuf) {
+ tmpbuf = g_malloc(XC_PAGE_SIZE);
+ }
+ memcpy(tmpbuf, page + txreq.offset, txreq.size);
+ net_checksum_calculate(tmpbuf, txreq.size);
+ qemu_send_packet(qemu_get_queue(netdev->nic), tmpbuf,
+ txreq.size);
+ } else {
+ qemu_send_packet(qemu_get_queue(netdev->nic),
+ page + txreq.offset, txreq.size);
+ }
+ xc_gnttab_munmap(netdev->xendev.gnttabdev, page, 1);
+ net_tx_response(netdev, &txreq, NETIF_RSP_OKAY);
+ }
+ if (!netdev->tx_work) {
+ break;
+ }
+ netdev->tx_work = 0;
+ }
+ g_free(tmpbuf);
+}
+
+/* ------------------------------------------------------------- */
+
+static void net_rx_response(struct XenNetDev *netdev,
+ netif_rx_request_t *req, int8_t st,
+ uint16_t offset, uint16_t size,
+ uint16_t flags)
+{
+ RING_IDX i = netdev->rx_ring.rsp_prod_pvt;
+ netif_rx_response_t *resp;
+ int notify;
+
+ resp = RING_GET_RESPONSE(&netdev->rx_ring, i);
+ resp->offset = offset;
+ resp->flags = flags;
+ resp->id = req->id;
+ resp->status = (int16_t)size;
+ if (st < 0) {
+ resp->status = (int16_t)st;
+ }
+
+ xen_be_printf(&netdev->xendev, 3, "rx response: idx %d, status %d, flags 0x%x\n",
+ i, resp->status, resp->flags);
+
+ netdev->rx_ring.rsp_prod_pvt = ++i;
+ RING_PUSH_RESPONSES_AND_CHECK_NOTIFY(&netdev->rx_ring, notify);
+ if (notify) {
+ xen_be_send_notify(&netdev->xendev);
+ }
+}
+
+#define NET_IP_ALIGN 2
+
+static int net_rx_ok(NetClientState *nc)
+{
+ struct XenNetDev *netdev = qemu_get_nic_opaque(nc);
+ RING_IDX rc, rp;
+
+ if (netdev->xendev.be_state != XenbusStateConnected) {
+ return 0;
+ }
+
+ rc = netdev->rx_ring.req_cons;
+ rp = netdev->rx_ring.sring->req_prod;
+ xen_rmb();
+
+ if (rc == rp || RING_REQUEST_CONS_OVERFLOW(&netdev->rx_ring, rc)) {
+ xen_be_printf(&netdev->xendev, 2, "%s: no rx buffers (%d/%d)\n",
+ __FUNCTION__, rc, rp);
+ return 0;
+ }
+ return 1;
+}
+
+static ssize_t net_rx_packet(NetClientState *nc, const uint8_t *buf, size_t size)
+{
+ struct XenNetDev *netdev = qemu_get_nic_opaque(nc);
+ netif_rx_request_t rxreq;
+ RING_IDX rc, rp;
+ void *page;
+
+ if (netdev->xendev.be_state != XenbusStateConnected) {
+ return -1;
+ }
+
+ rc = netdev->rx_ring.req_cons;
+ rp = netdev->rx_ring.sring->req_prod;
+ xen_rmb(); /* Ensure we see queued requests up to 'rp'. */
+
+ if (rc == rp || RING_REQUEST_CONS_OVERFLOW(&netdev->rx_ring, rc)) {
+ xen_be_printf(&netdev->xendev, 2, "no buffer, drop packet\n");
+ return -1;
+ }
+ if (size > XC_PAGE_SIZE - NET_IP_ALIGN) {
+ xen_be_printf(&netdev->xendev, 0, "packet too big (%lu > %ld)",
+ (unsigned long)size, XC_PAGE_SIZE - NET_IP_ALIGN);
+ return -1;
+ }
+
+ memcpy(&rxreq, RING_GET_REQUEST(&netdev->rx_ring, rc), sizeof(rxreq));
+ netdev->rx_ring.req_cons = ++rc;
+
+ page = xc_gnttab_map_grant_ref(netdev->xendev.gnttabdev,
+ netdev->xendev.dom,
+ rxreq.gref, PROT_WRITE);
+ if (page == NULL) {
+ xen_be_printf(&netdev->xendev, 0, "error: rx gref dereference failed (%d)\n",
+ rxreq.gref);
+ net_rx_response(netdev, &rxreq, NETIF_RSP_ERROR, 0, 0, 0);
+ return -1;
+ }
+ memcpy(page + NET_IP_ALIGN, buf, size);
+ xc_gnttab_munmap(netdev->xendev.gnttabdev, page, 1);
+ net_rx_response(netdev, &rxreq, NETIF_RSP_OKAY, NET_IP_ALIGN, size, 0);
+
+ return size;
+}
+
+/* ------------------------------------------------------------- */
+
+static NetClientInfo net_xen_info = {
+ .type = NET_CLIENT_OPTIONS_KIND_NIC,
+ .size = sizeof(NICState),
+ .can_receive = net_rx_ok,
+ .receive = net_rx_packet,
+};
+
+static int net_init(struct XenDevice *xendev)
+{
+ struct XenNetDev *netdev = container_of(xendev, struct XenNetDev, xendev);
+
+ /* read xenstore entries */
+ if (netdev->mac == NULL) {
+ netdev->mac = xenstore_read_be_str(&netdev->xendev, "mac");
+ }
+
+ /* do we have all we need? */
+ if (netdev->mac == NULL) {
+ return -1;
+ }
+
+ if (net_parse_macaddr(netdev->conf.macaddr.a, netdev->mac) < 0) {
+ return -1;
+ }
+
+ netdev->nic = qemu_new_nic(&net_xen_info, &netdev->conf,
+ "xen", NULL, netdev);
+
+ snprintf(qemu_get_queue(netdev->nic)->info_str,
+ sizeof(qemu_get_queue(netdev->nic)->info_str),
+ "nic: xenbus vif macaddr=%s", netdev->mac);
+
+ /* fill info */
+ xenstore_write_be_int(&netdev->xendev, "feature-rx-copy", 1);
+ xenstore_write_be_int(&netdev->xendev, "feature-rx-flip", 0);
+
+ return 0;
+}
+
+static int net_connect(struct XenDevice *xendev)
+{
+ struct XenNetDev *netdev = container_of(xendev, struct XenNetDev, xendev);
+ int rx_copy;
+
+ if (xenstore_read_fe_int(&netdev->xendev, "tx-ring-ref",
+ &netdev->tx_ring_ref) == -1) {
+ return -1;
+ }
+ if (xenstore_read_fe_int(&netdev->xendev, "rx-ring-ref",
+ &netdev->rx_ring_ref) == -1) {
+ return 1;
+ }
+ if (xenstore_read_fe_int(&netdev->xendev, "event-channel",
+ &netdev->xendev.remote_port) == -1) {
+ return -1;
+ }
+
+ if (xenstore_read_fe_int(&netdev->xendev, "request-rx-copy", &rx_copy) == -1) {
+ rx_copy = 0;
+ }
+ if (rx_copy == 0) {
+ xen_be_printf(&netdev->xendev, 0, "frontend doesn't support rx-copy.\n");
+ return -1;
+ }
+
+ netdev->txs = xc_gnttab_map_grant_ref(netdev->xendev.gnttabdev,
+ netdev->xendev.dom,
+ netdev->tx_ring_ref,
+ PROT_READ | PROT_WRITE);
+ netdev->rxs = xc_gnttab_map_grant_ref(netdev->xendev.gnttabdev,
+ netdev->xendev.dom,
+ netdev->rx_ring_ref,
+ PROT_READ | PROT_WRITE);
+ if (!netdev->txs || !netdev->rxs) {
+ return -1;
+ }
+ BACK_RING_INIT(&netdev->tx_ring, netdev->txs, XC_PAGE_SIZE);
+ BACK_RING_INIT(&netdev->rx_ring, netdev->rxs, XC_PAGE_SIZE);
+
+ xen_be_bind_evtchn(&netdev->xendev);
+
+ xen_be_printf(&netdev->xendev, 1, "ok: tx-ring-ref %d, rx-ring-ref %d, "
+ "remote port %d, local port %d\n",
+ netdev->tx_ring_ref, netdev->rx_ring_ref,
+ netdev->xendev.remote_port, netdev->xendev.local_port);
+
+ net_tx_packets(netdev);
+ return 0;
+}
+
+static void net_disconnect(struct XenDevice *xendev)
+{
+ struct XenNetDev *netdev = container_of(xendev, struct XenNetDev, xendev);
+
+ xen_be_unbind_evtchn(&netdev->xendev);
+
+ if (netdev->txs) {
+ xc_gnttab_munmap(netdev->xendev.gnttabdev, netdev->txs, 1);
+ netdev->txs = NULL;
+ }
+ if (netdev->rxs) {
+ xc_gnttab_munmap(netdev->xendev.gnttabdev, netdev->rxs, 1);
+ netdev->rxs = NULL;
+ }
+ if (netdev->nic) {
+ qemu_del_nic(netdev->nic);
+ netdev->nic = NULL;
+ }
+}
+
+static void net_event(struct XenDevice *xendev)
+{
+ struct XenNetDev *netdev = container_of(xendev, struct XenNetDev, xendev);
+ net_tx_packets(netdev);
+ qemu_flush_queued_packets(qemu_get_queue(netdev->nic));
+}
+
+static int net_free(struct XenDevice *xendev)
+{
+ struct XenNetDev *netdev = container_of(xendev, struct XenNetDev, xendev);
+
+ g_free(netdev->mac);
+ return 0;
+}
+
+/* ------------------------------------------------------------- */
+
+struct XenDevOps xen_netdev_ops = {
+ .size = sizeof(struct XenNetDev),
+ .flags = DEVOPS_FLAG_NEED_GNTDEV,
+ .init = net_init,
+ .initialise = net_connect,
+ .event = net_event,
+ .disconnect = net_disconnect,
+ .free = net_free,
+};
diff --git a/hw/net/xgmac.c b/hw/net/xgmac.c
new file mode 100644
index 000000000..9384fa0c5
--- /dev/null
+++ b/hw/net/xgmac.c
@@ -0,0 +1,440 @@
+/*
+ * QEMU model of XGMAC Ethernet.
+ *
+ * derived from the Xilinx AXI-Ethernet by Edgar E. Iglesias.
+ *
+ * Copyright (c) 2011 Calxeda, Inc.
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+#include "hw/sysbus.h"
+#include "sysemu/char.h"
+#include "qemu/log.h"
+#include "net/net.h"
+#include "net/checksum.h"
+
+#ifdef DEBUG_XGMAC
+#define DEBUGF_BRK(message, args...) do { \
+ fprintf(stderr, (message), ## args); \
+ } while (0)
+#else
+#define DEBUGF_BRK(message, args...) do { } while (0)
+#endif
+
+#define XGMAC_CONTROL 0x00000000 /* MAC Configuration */
+#define XGMAC_FRAME_FILTER 0x00000001 /* MAC Frame Filter */
+#define XGMAC_FLOW_CTRL 0x00000006 /* MAC Flow Control */
+#define XGMAC_VLAN_TAG 0x00000007 /* VLAN Tags */
+#define XGMAC_VERSION 0x00000008 /* Version */
+/* VLAN tag for insertion or replacement into tx frames */
+#define XGMAC_VLAN_INCL 0x00000009
+#define XGMAC_LPI_CTRL 0x0000000a /* LPI Control and Status */
+#define XGMAC_LPI_TIMER 0x0000000b /* LPI Timers Control */
+#define XGMAC_TX_PACE 0x0000000c /* Transmit Pace and Stretch */
+#define XGMAC_VLAN_HASH 0x0000000d /* VLAN Hash Table */
+#define XGMAC_DEBUG 0x0000000e /* Debug */
+#define XGMAC_INT_STATUS 0x0000000f /* Interrupt and Control */
+/* HASH table registers */
+#define XGMAC_HASH(n) ((0x00000300/4) + (n))
+#define XGMAC_NUM_HASH 16
+/* Operation Mode */
+#define XGMAC_OPMODE (0x00000400/4)
+/* Remote Wake-Up Frame Filter */
+#define XGMAC_REMOTE_WAKE (0x00000700/4)
+/* PMT Control and Status */
+#define XGMAC_PMT (0x00000704/4)
+
+#define XGMAC_ADDR_HIGH(reg) (0x00000010+((reg) * 2))
+#define XGMAC_ADDR_LOW(reg) (0x00000011+((reg) * 2))
+
+#define DMA_BUS_MODE 0x000003c0 /* Bus Mode */
+#define DMA_XMT_POLL_DEMAND 0x000003c1 /* Transmit Poll Demand */
+#define DMA_RCV_POLL_DEMAND 0x000003c2 /* Received Poll Demand */
+#define DMA_RCV_BASE_ADDR 0x000003c3 /* Receive List Base */
+#define DMA_TX_BASE_ADDR 0x000003c4 /* Transmit List Base */
+#define DMA_STATUS 0x000003c5 /* Status Register */
+#define DMA_CONTROL 0x000003c6 /* Ctrl (Operational Mode) */
+#define DMA_INTR_ENA 0x000003c7 /* Interrupt Enable */
+#define DMA_MISSED_FRAME_CTR 0x000003c8 /* Missed Frame Counter */
+/* Receive Interrupt Watchdog Timer */
+#define DMA_RI_WATCHDOG_TIMER 0x000003c9
+#define DMA_AXI_BUS 0x000003ca /* AXI Bus Mode */
+#define DMA_AXI_STATUS 0x000003cb /* AXI Status */
+#define DMA_CUR_TX_DESC_ADDR 0x000003d2 /* Current Host Tx Descriptor */
+#define DMA_CUR_RX_DESC_ADDR 0x000003d3 /* Current Host Rx Descriptor */
+#define DMA_CUR_TX_BUF_ADDR 0x000003d4 /* Current Host Tx Buffer */
+#define DMA_CUR_RX_BUF_ADDR 0x000003d5 /* Current Host Rx Buffer */
+#define DMA_HW_FEATURE 0x000003d6 /* Enabled Hardware Features */
+
+/* DMA Status register defines */
+#define DMA_STATUS_GMI 0x08000000 /* MMC interrupt */
+#define DMA_STATUS_GLI 0x04000000 /* GMAC Line interface int */
+#define DMA_STATUS_EB_MASK 0x00380000 /* Error Bits Mask */
+#define DMA_STATUS_EB_TX_ABORT 0x00080000 /* Error Bits - TX Abort */
+#define DMA_STATUS_EB_RX_ABORT 0x00100000 /* Error Bits - RX Abort */
+#define DMA_STATUS_TS_MASK 0x00700000 /* Transmit Process State */
+#define DMA_STATUS_TS_SHIFT 20
+#define DMA_STATUS_RS_MASK 0x000e0000 /* Receive Process State */
+#define DMA_STATUS_RS_SHIFT 17
+#define DMA_STATUS_NIS 0x00010000 /* Normal Interrupt Summary */
+#define DMA_STATUS_AIS 0x00008000 /* Abnormal Interrupt Summary */
+#define DMA_STATUS_ERI 0x00004000 /* Early Receive Interrupt */
+#define DMA_STATUS_FBI 0x00002000 /* Fatal Bus Error Interrupt */
+#define DMA_STATUS_ETI 0x00000400 /* Early Transmit Interrupt */
+#define DMA_STATUS_RWT 0x00000200 /* Receive Watchdog Timeout */
+#define DMA_STATUS_RPS 0x00000100 /* Receive Process Stopped */
+#define DMA_STATUS_RU 0x00000080 /* Receive Buffer Unavailable */
+#define DMA_STATUS_RI 0x00000040 /* Receive Interrupt */
+#define DMA_STATUS_UNF 0x00000020 /* Transmit Underflow */
+#define DMA_STATUS_OVF 0x00000010 /* Receive Overflow */
+#define DMA_STATUS_TJT 0x00000008 /* Transmit Jabber Timeout */
+#define DMA_STATUS_TU 0x00000004 /* Transmit Buffer Unavailable */
+#define DMA_STATUS_TPS 0x00000002 /* Transmit Process Stopped */
+#define DMA_STATUS_TI 0x00000001 /* Transmit Interrupt */
+
+/* DMA Control register defines */
+#define DMA_CONTROL_ST 0x00002000 /* Start/Stop Transmission */
+#define DMA_CONTROL_SR 0x00000002 /* Start/Stop Receive */
+#define DMA_CONTROL_DFF 0x01000000 /* Disable flush of rx frames */
+
+struct desc {
+ uint32_t ctl_stat;
+ uint16_t buffer1_size;
+ uint16_t buffer2_size;
+ uint32_t buffer1_addr;
+ uint32_t buffer2_addr;
+ uint32_t ext_stat;
+ uint32_t res[3];
+};
+
+#define R_MAX 0x400
+
+typedef struct RxTxStats {
+ uint64_t rx_bytes;
+ uint64_t tx_bytes;
+
+ uint64_t rx;
+ uint64_t rx_bcast;
+ uint64_t rx_mcast;
+} RxTxStats;
+
+#define TYPE_XGMAC "xgmac"
+#define XGMAC(obj) OBJECT_CHECK(XgmacState, (obj), TYPE_XGMAC)
+
+typedef struct XgmacState {
+ SysBusDevice parent_obj;
+
+ MemoryRegion iomem;
+ qemu_irq sbd_irq;
+ qemu_irq pmt_irq;
+ qemu_irq mci_irq;
+ NICState *nic;
+ NICConf conf;
+
+ struct RxTxStats stats;
+ uint32_t regs[R_MAX];
+} XgmacState;
+
+const VMStateDescription vmstate_rxtx_stats = {
+ .name = "xgmac_stats",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .fields = (VMStateField[]) {
+ VMSTATE_UINT64(rx_bytes, RxTxStats),
+ VMSTATE_UINT64(tx_bytes, RxTxStats),
+ VMSTATE_UINT64(rx, RxTxStats),
+ VMSTATE_UINT64(rx_bcast, RxTxStats),
+ VMSTATE_UINT64(rx_mcast, RxTxStats),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+static const VMStateDescription vmstate_xgmac = {
+ .name = "xgmac",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .fields = (VMStateField[]) {
+ VMSTATE_STRUCT(stats, XgmacState, 0, vmstate_rxtx_stats, RxTxStats),
+ VMSTATE_UINT32_ARRAY(regs, XgmacState, R_MAX),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+static void xgmac_read_desc(XgmacState *s, struct desc *d, int rx)
+{
+ uint32_t addr = rx ? s->regs[DMA_CUR_RX_DESC_ADDR] :
+ s->regs[DMA_CUR_TX_DESC_ADDR];
+ cpu_physical_memory_read(addr, d, sizeof(*d));
+}
+
+static void xgmac_write_desc(XgmacState *s, struct desc *d, int rx)
+{
+ int reg = rx ? DMA_CUR_RX_DESC_ADDR : DMA_CUR_TX_DESC_ADDR;
+ uint32_t addr = s->regs[reg];
+
+ if (!rx && (d->ctl_stat & 0x00200000)) {
+ s->regs[reg] = s->regs[DMA_TX_BASE_ADDR];
+ } else if (rx && (d->buffer1_size & 0x8000)) {
+ s->regs[reg] = s->regs[DMA_RCV_BASE_ADDR];
+ } else {
+ s->regs[reg] += sizeof(*d);
+ }
+ cpu_physical_memory_write(addr, d, sizeof(*d));
+}
+
+static void xgmac_enet_send(XgmacState *s)
+{
+ struct desc bd;
+ int frame_size;
+ int len;
+ uint8_t frame[8192];
+ uint8_t *ptr;
+
+ ptr = frame;
+ frame_size = 0;
+ while (1) {
+ xgmac_read_desc(s, &bd, 0);
+ if ((bd.ctl_stat & 0x80000000) == 0) {
+ /* Run out of descriptors to transmit. */
+ break;
+ }
+ len = (bd.buffer1_size & 0xfff) + (bd.buffer2_size & 0xfff);
+
+ if ((bd.buffer1_size & 0xfff) > 2048) {
+ DEBUGF_BRK("qemu:%s:ERROR...ERROR...ERROR... -- "
+ "xgmac buffer 1 len on send > 2048 (0x%x)\n",
+ __func__, bd.buffer1_size & 0xfff);
+ }
+ if ((bd.buffer2_size & 0xfff) != 0) {
+ DEBUGF_BRK("qemu:%s:ERROR...ERROR...ERROR... -- "
+ "xgmac buffer 2 len on send != 0 (0x%x)\n",
+ __func__, bd.buffer2_size & 0xfff);
+ }
+ if (len >= sizeof(frame)) {
+ DEBUGF_BRK("qemu:%s: buffer overflow %d read into %zu "
+ "buffer\n" , __func__, len, sizeof(frame));
+ DEBUGF_BRK("qemu:%s: buffer1.size=%d; buffer2.size=%d\n",
+ __func__, bd.buffer1_size, bd.buffer2_size);
+ }
+
+ cpu_physical_memory_read(bd.buffer1_addr, ptr, len);
+ ptr += len;
+ frame_size += len;
+ if (bd.ctl_stat & 0x20000000) {
+ /* Last buffer in frame. */
+ qemu_send_packet(qemu_get_queue(s->nic), frame, len);
+ ptr = frame;
+ frame_size = 0;
+ s->regs[DMA_STATUS] |= DMA_STATUS_TI | DMA_STATUS_NIS;
+ }
+ bd.ctl_stat &= ~0x80000000;
+ /* Write back the modified descriptor. */
+ xgmac_write_desc(s, &bd, 0);
+ }
+}
+
+static void enet_update_irq(XgmacState *s)
+{
+ int stat = s->regs[DMA_STATUS] & s->regs[DMA_INTR_ENA];
+ qemu_set_irq(s->sbd_irq, !!stat);
+}
+
+static uint64_t enet_read(void *opaque, hwaddr addr, unsigned size)
+{
+ XgmacState *s = opaque;
+ uint64_t r = 0;
+ addr >>= 2;
+
+ switch (addr) {
+ case XGMAC_VERSION:
+ r = 0x1012;
+ break;
+ default:
+ if (addr < ARRAY_SIZE(s->regs)) {
+ r = s->regs[addr];
+ }
+ break;
+ }
+ return r;
+}
+
+static void enet_write(void *opaque, hwaddr addr,
+ uint64_t value, unsigned size)
+{
+ XgmacState *s = opaque;
+
+ addr >>= 2;
+ switch (addr) {
+ case DMA_BUS_MODE:
+ s->regs[DMA_BUS_MODE] = value & ~0x1;
+ break;
+ case DMA_XMT_POLL_DEMAND:
+ xgmac_enet_send(s);
+ break;
+ case DMA_STATUS:
+ s->regs[DMA_STATUS] = s->regs[DMA_STATUS] & ~value;
+ break;
+ case DMA_RCV_BASE_ADDR:
+ s->regs[DMA_RCV_BASE_ADDR] = s->regs[DMA_CUR_RX_DESC_ADDR] = value;
+ break;
+ case DMA_TX_BASE_ADDR:
+ s->regs[DMA_TX_BASE_ADDR] = s->regs[DMA_CUR_TX_DESC_ADDR] = value;
+ break;
+ default:
+ if (addr < ARRAY_SIZE(s->regs)) {
+ s->regs[addr] = value;
+ }
+ break;
+ }
+ enet_update_irq(s);
+}
+
+static const MemoryRegionOps enet_mem_ops = {
+ .read = enet_read,
+ .write = enet_write,
+ .endianness = DEVICE_LITTLE_ENDIAN,
+};
+
+static int eth_can_rx(NetClientState *nc)
+{
+ XgmacState *s = qemu_get_nic_opaque(nc);
+
+ /* RX enabled? */
+ return s->regs[DMA_CONTROL] & DMA_CONTROL_SR;
+}
+
+static ssize_t eth_rx(NetClientState *nc, const uint8_t *buf, size_t size)
+{
+ XgmacState *s = qemu_get_nic_opaque(nc);
+ static const unsigned char sa_bcast[6] = {0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff};
+ int unicast, broadcast, multicast;
+ struct desc bd;
+ ssize_t ret;
+
+ unicast = ~buf[0] & 0x1;
+ broadcast = memcmp(buf, sa_bcast, 6) == 0;
+ multicast = !unicast && !broadcast;
+ if (size < 12) {
+ s->regs[DMA_STATUS] |= DMA_STATUS_RI | DMA_STATUS_NIS;
+ ret = -1;
+ goto out;
+ }
+
+ xgmac_read_desc(s, &bd, 1);
+ if ((bd.ctl_stat & 0x80000000) == 0) {
+ s->regs[DMA_STATUS] |= DMA_STATUS_RU | DMA_STATUS_AIS;
+ ret = size;
+ goto out;
+ }
+
+ cpu_physical_memory_write(bd.buffer1_addr, buf, size);
+
+ /* Add in the 4 bytes for crc (the real hw returns length incl crc) */
+ size += 4;
+ bd.ctl_stat = (size << 16) | 0x300;
+ xgmac_write_desc(s, &bd, 1);
+
+ s->stats.rx_bytes += size;
+ s->stats.rx++;
+ if (multicast) {
+ s->stats.rx_mcast++;
+ } else if (broadcast) {
+ s->stats.rx_bcast++;
+ }
+
+ s->regs[DMA_STATUS] |= DMA_STATUS_RI | DMA_STATUS_NIS;
+ ret = size;
+
+out:
+ enet_update_irq(s);
+ return ret;
+}
+
+static void eth_cleanup(NetClientState *nc)
+{
+ XgmacState *s = qemu_get_nic_opaque(nc);
+
+ s->nic = NULL;
+}
+
+static NetClientInfo net_xgmac_enet_info = {
+ .type = NET_CLIENT_OPTIONS_KIND_NIC,
+ .size = sizeof(NICState),
+ .can_receive = eth_can_rx,
+ .receive = eth_rx,
+ .cleanup = eth_cleanup,
+};
+
+static int xgmac_enet_init(SysBusDevice *sbd)
+{
+ DeviceState *dev = DEVICE(sbd);
+ XgmacState *s = XGMAC(dev);
+
+ memory_region_init_io(&s->iomem, OBJECT(s), &enet_mem_ops, s,
+ "xgmac", 0x1000);
+ sysbus_init_mmio(sbd, &s->iomem);
+ sysbus_init_irq(sbd, &s->sbd_irq);
+ sysbus_init_irq(sbd, &s->pmt_irq);
+ sysbus_init_irq(sbd, &s->mci_irq);
+
+ qemu_macaddr_default_if_unset(&s->conf.macaddr);
+ s->nic = qemu_new_nic(&net_xgmac_enet_info, &s->conf,
+ object_get_typename(OBJECT(dev)), dev->id, s);
+ qemu_format_nic_info_str(qemu_get_queue(s->nic), s->conf.macaddr.a);
+
+ s->regs[XGMAC_ADDR_HIGH(0)] = (s->conf.macaddr.a[5] << 8) |
+ s->conf.macaddr.a[4];
+ s->regs[XGMAC_ADDR_LOW(0)] = (s->conf.macaddr.a[3] << 24) |
+ (s->conf.macaddr.a[2] << 16) |
+ (s->conf.macaddr.a[1] << 8) |
+ s->conf.macaddr.a[0];
+
+ return 0;
+}
+
+static Property xgmac_properties[] = {
+ DEFINE_NIC_PROPERTIES(XgmacState, conf),
+ DEFINE_PROP_END_OF_LIST(),
+};
+
+static void xgmac_enet_class_init(ObjectClass *klass, void *data)
+{
+ SysBusDeviceClass *sbc = SYS_BUS_DEVICE_CLASS(klass);
+ DeviceClass *dc = DEVICE_CLASS(klass);
+
+ sbc->init = xgmac_enet_init;
+ dc->vmsd = &vmstate_xgmac;
+ dc->props = xgmac_properties;
+}
+
+static const TypeInfo xgmac_enet_info = {
+ .name = TYPE_XGMAC,
+ .parent = TYPE_SYS_BUS_DEVICE,
+ .instance_size = sizeof(XgmacState),
+ .class_init = xgmac_enet_class_init,
+};
+
+static void xgmac_enet_register_types(void)
+{
+ type_register_static(&xgmac_enet_info);
+}
+
+type_init(xgmac_enet_register_types)
diff --git a/hw/net/xilinx_axienet.c b/hw/net/xilinx_axienet.c
new file mode 100644
index 000000000..f173429ec
--- /dev/null
+++ b/hw/net/xilinx_axienet.c
@@ -0,0 +1,1071 @@
+/*
+ * QEMU model of Xilinx AXI-Ethernet.
+ *
+ * Copyright (c) 2011 Edgar E. Iglesias.
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+#include "hw/sysbus.h"
+#include "qemu/log.h"
+#include "net/net.h"
+#include "net/checksum.h"
+#include "qapi/qmp/qerror.h"
+
+#include "hw/stream.h"
+
+#define DPHY(x)
+
+#define TYPE_XILINX_AXI_ENET "xlnx.axi-ethernet"
+#define TYPE_XILINX_AXI_ENET_DATA_STREAM "xilinx-axienet-data-stream"
+#define TYPE_XILINX_AXI_ENET_CONTROL_STREAM "xilinx-axienet-control-stream"
+
+#define XILINX_AXI_ENET(obj) \
+ OBJECT_CHECK(XilinxAXIEnet, (obj), TYPE_XILINX_AXI_ENET)
+
+#define XILINX_AXI_ENET_DATA_STREAM(obj) \
+ OBJECT_CHECK(XilinxAXIEnetStreamSlave, (obj),\
+ TYPE_XILINX_AXI_ENET_DATA_STREAM)
+
+#define XILINX_AXI_ENET_CONTROL_STREAM(obj) \
+ OBJECT_CHECK(XilinxAXIEnetStreamSlave, (obj),\
+ TYPE_XILINX_AXI_ENET_CONTROL_STREAM)
+
+/* Advertisement control register. */
+#define ADVERTISE_10HALF 0x0020 /* Try for 10mbps half-duplex */
+#define ADVERTISE_10FULL 0x0040 /* Try for 10mbps full-duplex */
+#define ADVERTISE_100HALF 0x0080 /* Try for 100mbps half-duplex */
+#define ADVERTISE_100FULL 0x0100 /* Try for 100mbps full-duplex */
+
+#define CONTROL_PAYLOAD_WORDS 5
+#define CONTROL_PAYLOAD_SIZE (CONTROL_PAYLOAD_WORDS * (sizeof(uint32_t)))
+
+struct PHY {
+ uint32_t regs[32];
+
+ int link;
+
+ unsigned int (*read)(struct PHY *phy, unsigned int req);
+ void (*write)(struct PHY *phy, unsigned int req,
+ unsigned int data);
+};
+
+static unsigned int tdk_read(struct PHY *phy, unsigned int req)
+{
+ int regnum;
+ unsigned r = 0;
+
+ regnum = req & 0x1f;
+
+ switch (regnum) {
+ case 1:
+ if (!phy->link) {
+ break;
+ }
+ /* MR1. */
+ /* Speeds and modes. */
+ r |= (1 << 13) | (1 << 14);
+ r |= (1 << 11) | (1 << 12);
+ r |= (1 << 5); /* Autoneg complete. */
+ r |= (1 << 3); /* Autoneg able. */
+ r |= (1 << 2); /* link. */
+ r |= (1 << 1); /* link. */
+ break;
+ case 5:
+ /* Link partner ability.
+ We are kind; always agree with whatever best mode
+ the guest advertises. */
+ r = 1 << 14; /* Success. */
+ /* Copy advertised modes. */
+ r |= phy->regs[4] & (15 << 5);
+ /* Autoneg support. */
+ r |= 1;
+ break;
+ case 17:
+ /* Marvel PHY on many xilinx boards. */
+ r = 0x8000; /* 1000Mb */
+ break;
+ case 18:
+ {
+ /* Diagnostics reg. */
+ int duplex = 0;
+ int speed_100 = 0;
+
+ if (!phy->link) {
+ break;
+ }
+
+ /* Are we advertising 100 half or 100 duplex ? */
+ speed_100 = !!(phy->regs[4] & ADVERTISE_100HALF);
+ speed_100 |= !!(phy->regs[4] & ADVERTISE_100FULL);
+
+ /* Are we advertising 10 duplex or 100 duplex ? */
+ duplex = !!(phy->regs[4] & ADVERTISE_100FULL);
+ duplex |= !!(phy->regs[4] & ADVERTISE_10FULL);
+ r = (speed_100 << 10) | (duplex << 11);
+ }
+ break;
+
+ default:
+ r = phy->regs[regnum];
+ break;
+ }
+ DPHY(qemu_log("\n%s %x = reg[%d]\n", __func__, r, regnum));
+ return r;
+}
+
+static void
+tdk_write(struct PHY *phy, unsigned int req, unsigned int data)
+{
+ int regnum;
+
+ regnum = req & 0x1f;
+ DPHY(qemu_log("%s reg[%d] = %x\n", __func__, regnum, data));
+ switch (regnum) {
+ default:
+ phy->regs[regnum] = data;
+ break;
+ }
+}
+
+static void
+tdk_init(struct PHY *phy)
+{
+ phy->regs[0] = 0x3100;
+ /* PHY Id. */
+ phy->regs[2] = 0x0300;
+ phy->regs[3] = 0xe400;
+ /* Autonegotiation advertisement reg. */
+ phy->regs[4] = 0x01E1;
+ phy->link = 1;
+
+ phy->read = tdk_read;
+ phy->write = tdk_write;
+}
+
+struct MDIOBus {
+ /* bus. */
+ int mdc;
+ int mdio;
+
+ /* decoder. */
+ enum {
+ PREAMBLE,
+ SOF,
+ OPC,
+ ADDR,
+ REQ,
+ TURNAROUND,
+ DATA
+ } state;
+ unsigned int drive;
+
+ unsigned int cnt;
+ unsigned int addr;
+ unsigned int opc;
+ unsigned int req;
+ unsigned int data;
+
+ struct PHY *devs[32];
+};
+
+static void
+mdio_attach(struct MDIOBus *bus, struct PHY *phy, unsigned int addr)
+{
+ bus->devs[addr & 0x1f] = phy;
+}
+
+#ifdef USE_THIS_DEAD_CODE
+static void
+mdio_detach(struct MDIOBus *bus, struct PHY *phy, unsigned int addr)
+{
+ bus->devs[addr & 0x1f] = NULL;
+}
+#endif
+
+static uint16_t mdio_read_req(struct MDIOBus *bus, unsigned int addr,
+ unsigned int reg)
+{
+ struct PHY *phy;
+ uint16_t data;
+
+ phy = bus->devs[addr];
+ if (phy && phy->read) {
+ data = phy->read(phy, reg);
+ } else {
+ data = 0xffff;
+ }
+ DPHY(qemu_log("%s addr=%d reg=%d data=%x\n", __func__, addr, reg, data));
+ return data;
+}
+
+static void mdio_write_req(struct MDIOBus *bus, unsigned int addr,
+ unsigned int reg, uint16_t data)
+{
+ struct PHY *phy;
+
+ DPHY(qemu_log("%s addr=%d reg=%d data=%x\n", __func__, addr, reg, data));
+ phy = bus->devs[addr];
+ if (phy && phy->write) {
+ phy->write(phy, reg, data);
+ }
+}
+
+#define DENET(x)
+
+#define R_RAF (0x000 / 4)
+enum {
+ RAF_MCAST_REJ = (1 << 1),
+ RAF_BCAST_REJ = (1 << 2),
+ RAF_EMCF_EN = (1 << 12),
+ RAF_NEWFUNC_EN = (1 << 11)
+};
+
+#define R_IS (0x00C / 4)
+enum {
+ IS_HARD_ACCESS_COMPLETE = 1,
+ IS_AUTONEG = (1 << 1),
+ IS_RX_COMPLETE = (1 << 2),
+ IS_RX_REJECT = (1 << 3),
+ IS_TX_COMPLETE = (1 << 5),
+ IS_RX_DCM_LOCK = (1 << 6),
+ IS_MGM_RDY = (1 << 7),
+ IS_PHY_RST_DONE = (1 << 8),
+};
+
+#define R_IP (0x010 / 4)
+#define R_IE (0x014 / 4)
+#define R_UAWL (0x020 / 4)
+#define R_UAWU (0x024 / 4)
+#define R_PPST (0x030 / 4)
+enum {
+ PPST_LINKSTATUS = (1 << 0),
+ PPST_PHY_LINKSTATUS = (1 << 7),
+};
+
+#define R_STATS_RX_BYTESL (0x200 / 4)
+#define R_STATS_RX_BYTESH (0x204 / 4)
+#define R_STATS_TX_BYTESL (0x208 / 4)
+#define R_STATS_TX_BYTESH (0x20C / 4)
+#define R_STATS_RXL (0x290 / 4)
+#define R_STATS_RXH (0x294 / 4)
+#define R_STATS_RX_BCASTL (0x2a0 / 4)
+#define R_STATS_RX_BCASTH (0x2a4 / 4)
+#define R_STATS_RX_MCASTL (0x2a8 / 4)
+#define R_STATS_RX_MCASTH (0x2ac / 4)
+
+#define R_RCW0 (0x400 / 4)
+#define R_RCW1 (0x404 / 4)
+enum {
+ RCW1_VLAN = (1 << 27),
+ RCW1_RX = (1 << 28),
+ RCW1_FCS = (1 << 29),
+ RCW1_JUM = (1 << 30),
+ RCW1_RST = (1 << 31),
+};
+
+#define R_TC (0x408 / 4)
+enum {
+ TC_VLAN = (1 << 27),
+ TC_TX = (1 << 28),
+ TC_FCS = (1 << 29),
+ TC_JUM = (1 << 30),
+ TC_RST = (1 << 31),
+};
+
+#define R_EMMC (0x410 / 4)
+enum {
+ EMMC_LINKSPEED_10MB = (0 << 30),
+ EMMC_LINKSPEED_100MB = (1 << 30),
+ EMMC_LINKSPEED_1000MB = (2 << 30),
+};
+
+#define R_PHYC (0x414 / 4)
+
+#define R_MC (0x500 / 4)
+#define MC_EN (1 << 6)
+
+#define R_MCR (0x504 / 4)
+#define R_MWD (0x508 / 4)
+#define R_MRD (0x50c / 4)
+#define R_MIS (0x600 / 4)
+#define R_MIP (0x620 / 4)
+#define R_MIE (0x640 / 4)
+#define R_MIC (0x640 / 4)
+
+#define R_UAW0 (0x700 / 4)
+#define R_UAW1 (0x704 / 4)
+#define R_FMI (0x708 / 4)
+#define R_AF0 (0x710 / 4)
+#define R_AF1 (0x714 / 4)
+#define R_MAX (0x34 / 4)
+
+/* Indirect registers. */
+struct TEMAC {
+ struct MDIOBus mdio_bus;
+ struct PHY phy;
+
+ void *parent;
+};
+
+typedef struct XilinxAXIEnetStreamSlave XilinxAXIEnetStreamSlave;
+typedef struct XilinxAXIEnet XilinxAXIEnet;
+
+struct XilinxAXIEnetStreamSlave {
+ Object parent;
+
+ struct XilinxAXIEnet *enet;
+} ;
+
+struct XilinxAXIEnet {
+ SysBusDevice busdev;
+ MemoryRegion iomem;
+ qemu_irq irq;
+ StreamSlave *tx_data_dev;
+ StreamSlave *tx_control_dev;
+ XilinxAXIEnetStreamSlave rx_data_dev;
+ XilinxAXIEnetStreamSlave rx_control_dev;
+ NICState *nic;
+ NICConf conf;
+
+
+ uint32_t c_rxmem;
+ uint32_t c_txmem;
+ uint32_t c_phyaddr;
+
+ struct TEMAC TEMAC;
+
+ /* MII regs. */
+ union {
+ uint32_t regs[4];
+ struct {
+ uint32_t mc;
+ uint32_t mcr;
+ uint32_t mwd;
+ uint32_t mrd;
+ };
+ } mii;
+
+ struct {
+ uint64_t rx_bytes;
+ uint64_t tx_bytes;
+
+ uint64_t rx;
+ uint64_t rx_bcast;
+ uint64_t rx_mcast;
+ } stats;
+
+ /* Receive configuration words. */
+ uint32_t rcw[2];
+ /* Transmit config. */
+ uint32_t tc;
+ uint32_t emmc;
+ uint32_t phyc;
+
+ /* Unicast Address Word. */
+ uint32_t uaw[2];
+ /* Unicast address filter used with extended mcast. */
+ uint32_t ext_uaw[2];
+ uint32_t fmi;
+
+ uint32_t regs[R_MAX];
+
+ /* Multicast filter addrs. */
+ uint32_t maddr[4][2];
+ /* 32K x 1 lookup filter. */
+ uint32_t ext_mtable[1024];
+
+ uint32_t hdr[CONTROL_PAYLOAD_WORDS];
+
+ uint8_t *rxmem;
+ uint32_t rxsize;
+ uint32_t rxpos;
+
+ uint8_t rxapp[CONTROL_PAYLOAD_SIZE];
+ uint32_t rxappsize;
+};
+
+static void axienet_rx_reset(XilinxAXIEnet *s)
+{
+ s->rcw[1] = RCW1_JUM | RCW1_FCS | RCW1_RX | RCW1_VLAN;
+}
+
+static void axienet_tx_reset(XilinxAXIEnet *s)
+{
+ s->tc = TC_JUM | TC_TX | TC_VLAN;
+}
+
+static inline int axienet_rx_resetting(XilinxAXIEnet *s)
+{
+ return s->rcw[1] & RCW1_RST;
+}
+
+static inline int axienet_rx_enabled(XilinxAXIEnet *s)
+{
+ return s->rcw[1] & RCW1_RX;
+}
+
+static inline int axienet_extmcf_enabled(XilinxAXIEnet *s)
+{
+ return !!(s->regs[R_RAF] & RAF_EMCF_EN);
+}
+
+static inline int axienet_newfunc_enabled(XilinxAXIEnet *s)
+{
+ return !!(s->regs[R_RAF] & RAF_NEWFUNC_EN);
+}
+
+static void xilinx_axienet_reset(DeviceState *d)
+{
+ XilinxAXIEnet *s = XILINX_AXI_ENET(d);
+
+ axienet_rx_reset(s);
+ axienet_tx_reset(s);
+
+ s->regs[R_PPST] = PPST_LINKSTATUS | PPST_PHY_LINKSTATUS;
+ s->regs[R_IS] = IS_AUTONEG | IS_RX_DCM_LOCK | IS_MGM_RDY | IS_PHY_RST_DONE;
+
+ s->emmc = EMMC_LINKSPEED_100MB;
+}
+
+static void enet_update_irq(XilinxAXIEnet *s)
+{
+ s->regs[R_IP] = s->regs[R_IS] & s->regs[R_IE];
+ qemu_set_irq(s->irq, !!s->regs[R_IP]);
+}
+
+static uint64_t enet_read(void *opaque, hwaddr addr, unsigned size)
+{
+ XilinxAXIEnet *s = opaque;
+ uint32_t r = 0;
+ addr >>= 2;
+
+ switch (addr) {
+ case R_RCW0:
+ case R_RCW1:
+ r = s->rcw[addr & 1];
+ break;
+
+ case R_TC:
+ r = s->tc;
+ break;
+
+ case R_EMMC:
+ r = s->emmc;
+ break;
+
+ case R_PHYC:
+ r = s->phyc;
+ break;
+
+ case R_MCR:
+ r = s->mii.regs[addr & 3] | (1 << 7); /* Always ready. */
+ break;
+
+ case R_STATS_RX_BYTESL:
+ case R_STATS_RX_BYTESH:
+ r = s->stats.rx_bytes >> (32 * (addr & 1));
+ break;
+
+ case R_STATS_TX_BYTESL:
+ case R_STATS_TX_BYTESH:
+ r = s->stats.tx_bytes >> (32 * (addr & 1));
+ break;
+
+ case R_STATS_RXL:
+ case R_STATS_RXH:
+ r = s->stats.rx >> (32 * (addr & 1));
+ break;
+ case R_STATS_RX_BCASTL:
+ case R_STATS_RX_BCASTH:
+ r = s->stats.rx_bcast >> (32 * (addr & 1));
+ break;
+ case R_STATS_RX_MCASTL:
+ case R_STATS_RX_MCASTH:
+ r = s->stats.rx_mcast >> (32 * (addr & 1));
+ break;
+
+ case R_MC:
+ case R_MWD:
+ case R_MRD:
+ r = s->mii.regs[addr & 3];
+ break;
+
+ case R_UAW0:
+ case R_UAW1:
+ r = s->uaw[addr & 1];
+ break;
+
+ case R_UAWU:
+ case R_UAWL:
+ r = s->ext_uaw[addr & 1];
+ break;
+
+ case R_FMI:
+ r = s->fmi;
+ break;
+
+ case R_AF0:
+ case R_AF1:
+ r = s->maddr[s->fmi & 3][addr & 1];
+ break;
+
+ case 0x8000 ... 0x83ff:
+ r = s->ext_mtable[addr - 0x8000];
+ break;
+
+ default:
+ if (addr < ARRAY_SIZE(s->regs)) {
+ r = s->regs[addr];
+ }
+ DENET(qemu_log("%s addr=" TARGET_FMT_plx " v=%x\n",
+ __func__, addr * 4, r));
+ break;
+ }
+ return r;
+}
+
+static void enet_write(void *opaque, hwaddr addr,
+ uint64_t value, unsigned size)
+{
+ XilinxAXIEnet *s = opaque;
+ struct TEMAC *t = &s->TEMAC;
+
+ addr >>= 2;
+ switch (addr) {
+ case R_RCW0:
+ case R_RCW1:
+ s->rcw[addr & 1] = value;
+ if ((addr & 1) && value & RCW1_RST) {
+ axienet_rx_reset(s);
+ } else {
+ qemu_flush_queued_packets(qemu_get_queue(s->nic));
+ }
+ break;
+
+ case R_TC:
+ s->tc = value;
+ if (value & TC_RST) {
+ axienet_tx_reset(s);
+ }
+ break;
+
+ case R_EMMC:
+ s->emmc = value;
+ break;
+
+ case R_PHYC:
+ s->phyc = value;
+ break;
+
+ case R_MC:
+ value &= ((1 << 7) - 1);
+
+ /* Enable the MII. */
+ if (value & MC_EN) {
+ unsigned int miiclkdiv = value & ((1 << 6) - 1);
+ if (!miiclkdiv) {
+ qemu_log("AXIENET: MDIO enabled but MDIOCLK is zero!\n");
+ }
+ }
+ s->mii.mc = value;
+ break;
+
+ case R_MCR: {
+ unsigned int phyaddr = (value >> 24) & 0x1f;
+ unsigned int regaddr = (value >> 16) & 0x1f;
+ unsigned int op = (value >> 14) & 3;
+ unsigned int initiate = (value >> 11) & 1;
+
+ if (initiate) {
+ if (op == 1) {
+ mdio_write_req(&t->mdio_bus, phyaddr, regaddr, s->mii.mwd);
+ } else if (op == 2) {
+ s->mii.mrd = mdio_read_req(&t->mdio_bus, phyaddr, regaddr);
+ } else {
+ qemu_log("AXIENET: invalid MDIOBus OP=%d\n", op);
+ }
+ }
+ s->mii.mcr = value;
+ break;
+ }
+
+ case R_MWD:
+ case R_MRD:
+ s->mii.regs[addr & 3] = value;
+ break;
+
+
+ case R_UAW0:
+ case R_UAW1:
+ s->uaw[addr & 1] = value;
+ break;
+
+ case R_UAWL:
+ case R_UAWU:
+ s->ext_uaw[addr & 1] = value;
+ break;
+
+ case R_FMI:
+ s->fmi = value;
+ break;
+
+ case R_AF0:
+ case R_AF1:
+ s->maddr[s->fmi & 3][addr & 1] = value;
+ break;
+
+ case R_IS:
+ s->regs[addr] &= ~value;
+ break;
+
+ case 0x8000 ... 0x83ff:
+ s->ext_mtable[addr - 0x8000] = value;
+ break;
+
+ default:
+ DENET(qemu_log("%s addr=" TARGET_FMT_plx " v=%x\n",
+ __func__, addr * 4, (unsigned)value));
+ if (addr < ARRAY_SIZE(s->regs)) {
+ s->regs[addr] = value;
+ }
+ break;
+ }
+ enet_update_irq(s);
+}
+
+static const MemoryRegionOps enet_ops = {
+ .read = enet_read,
+ .write = enet_write,
+ .endianness = DEVICE_LITTLE_ENDIAN,
+};
+
+static int eth_can_rx(NetClientState *nc)
+{
+ XilinxAXIEnet *s = qemu_get_nic_opaque(nc);
+
+ /* RX enabled? */
+ return !s->rxsize && !axienet_rx_resetting(s) && axienet_rx_enabled(s);
+}
+
+static int enet_match_addr(const uint8_t *buf, uint32_t f0, uint32_t f1)
+{
+ int match = 1;
+
+ if (memcmp(buf, &f0, 4)) {
+ match = 0;
+ }
+
+ if (buf[4] != (f1 & 0xff) || buf[5] != ((f1 >> 8) & 0xff)) {
+ match = 0;
+ }
+
+ return match;
+}
+
+static void axienet_eth_rx_notify(void *opaque)
+{
+ XilinxAXIEnet *s = XILINX_AXI_ENET(opaque);
+
+ while (s->rxappsize && stream_can_push(s->tx_control_dev,
+ axienet_eth_rx_notify, s)) {
+ size_t ret = stream_push(s->tx_control_dev,
+ (void *)s->rxapp + CONTROL_PAYLOAD_SIZE
+ - s->rxappsize, s->rxappsize);
+ s->rxappsize -= ret;
+ }
+
+ while (s->rxsize && stream_can_push(s->tx_data_dev,
+ axienet_eth_rx_notify, s)) {
+ size_t ret = stream_push(s->tx_data_dev, (void *)s->rxmem + s->rxpos,
+ s->rxsize);
+ s->rxsize -= ret;
+ s->rxpos += ret;
+ if (!s->rxsize) {
+ s->regs[R_IS] |= IS_RX_COMPLETE;
+ }
+ }
+ enet_update_irq(s);
+}
+
+static ssize_t eth_rx(NetClientState *nc, const uint8_t *buf, size_t size)
+{
+ XilinxAXIEnet *s = qemu_get_nic_opaque(nc);
+ static const unsigned char sa_bcast[6] = {0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff};
+ static const unsigned char sa_ipmcast[3] = {0x01, 0x00, 0x52};
+ uint32_t app[CONTROL_PAYLOAD_WORDS] = {0};
+ int promisc = s->fmi & (1 << 31);
+ int unicast, broadcast, multicast, ip_multicast = 0;
+ uint32_t csum32;
+ uint16_t csum16;
+ int i;
+
+ DENET(qemu_log("%s: %zd bytes\n", __func__, size));
+
+ unicast = ~buf[0] & 0x1;
+ broadcast = memcmp(buf, sa_bcast, 6) == 0;
+ multicast = !unicast && !broadcast;
+ if (multicast && (memcmp(sa_ipmcast, buf, sizeof sa_ipmcast) == 0)) {
+ ip_multicast = 1;
+ }
+
+ /* Jumbo or vlan sizes ? */
+ if (!(s->rcw[1] & RCW1_JUM)) {
+ if (size > 1518 && size <= 1522 && !(s->rcw[1] & RCW1_VLAN)) {
+ return size;
+ }
+ }
+
+ /* Basic Address filters. If you want to use the extended filters
+ you'll generally have to place the ethernet mac into promiscuous mode
+ to avoid the basic filtering from dropping most frames. */
+ if (!promisc) {
+ if (unicast) {
+ if (!enet_match_addr(buf, s->uaw[0], s->uaw[1])) {
+ return size;
+ }
+ } else {
+ if (broadcast) {
+ /* Broadcast. */
+ if (s->regs[R_RAF] & RAF_BCAST_REJ) {
+ return size;
+ }
+ } else {
+ int drop = 1;
+
+ /* Multicast. */
+ if (s->regs[R_RAF] & RAF_MCAST_REJ) {
+ return size;
+ }
+
+ for (i = 0; i < 4; i++) {
+ if (enet_match_addr(buf, s->maddr[i][0], s->maddr[i][1])) {
+ drop = 0;
+ break;
+ }
+ }
+
+ if (drop) {
+ return size;
+ }
+ }
+ }
+ }
+
+ /* Extended mcast filtering enabled? */
+ if (axienet_newfunc_enabled(s) && axienet_extmcf_enabled(s)) {
+ if (unicast) {
+ if (!enet_match_addr(buf, s->ext_uaw[0], s->ext_uaw[1])) {
+ return size;
+ }
+ } else {
+ if (broadcast) {
+ /* Broadcast. ??? */
+ if (s->regs[R_RAF] & RAF_BCAST_REJ) {
+ return size;
+ }
+ } else {
+ int idx, bit;
+
+ /* Multicast. */
+ if (!memcmp(buf, sa_ipmcast, 3)) {
+ return size;
+ }
+
+ idx = (buf[4] & 0x7f) << 8;
+ idx |= buf[5];
+
+ bit = 1 << (idx & 0x1f);
+ idx >>= 5;
+
+ if (!(s->ext_mtable[idx] & bit)) {
+ return size;
+ }
+ }
+ }
+ }
+
+ if (size < 12) {
+ s->regs[R_IS] |= IS_RX_REJECT;
+ enet_update_irq(s);
+ return -1;
+ }
+
+ if (size > (s->c_rxmem - 4)) {
+ size = s->c_rxmem - 4;
+ }
+
+ memcpy(s->rxmem, buf, size);
+ memset(s->rxmem + size, 0, 4); /* Clear the FCS. */
+
+ if (s->rcw[1] & RCW1_FCS) {
+ size += 4; /* fcs is inband. */
+ }
+
+ app[0] = 5 << 28;
+ csum32 = net_checksum_add(size - 14, (uint8_t *)s->rxmem + 14);
+ /* Fold it once. */
+ csum32 = (csum32 & 0xffff) + (csum32 >> 16);
+ /* And twice to get rid of possible carries. */
+ csum16 = (csum32 & 0xffff) + (csum32 >> 16);
+ app[3] = csum16;
+ app[4] = size & 0xffff;
+
+ s->stats.rx_bytes += size;
+ s->stats.rx++;
+ if (multicast) {
+ s->stats.rx_mcast++;
+ app[2] |= 1 | (ip_multicast << 1);
+ } else if (broadcast) {
+ s->stats.rx_bcast++;
+ app[2] |= 1 << 3;
+ }
+
+ /* Good frame. */
+ app[2] |= 1 << 6;
+
+ s->rxsize = size;
+ s->rxpos = 0;
+ for (i = 0; i < ARRAY_SIZE(app); ++i) {
+ app[i] = cpu_to_le32(app[i]);
+ }
+ s->rxappsize = CONTROL_PAYLOAD_SIZE;
+ memcpy(s->rxapp, app, s->rxappsize);
+ axienet_eth_rx_notify(s);
+
+ enet_update_irq(s);
+ return size;
+}
+
+static void eth_cleanup(NetClientState *nc)
+{
+ /* FIXME. */
+ XilinxAXIEnet *s = qemu_get_nic_opaque(nc);
+ g_free(s->rxmem);
+ g_free(s);
+}
+
+static size_t
+xilinx_axienet_control_stream_push(StreamSlave *obj, uint8_t *buf, size_t len)
+{
+ int i;
+ XilinxAXIEnetStreamSlave *cs = XILINX_AXI_ENET_CONTROL_STREAM(obj);
+ XilinxAXIEnet *s = cs->enet;
+
+ if (len != CONTROL_PAYLOAD_SIZE) {
+ hw_error("AXI Enet requires %d byte control stream payload\n",
+ (int)CONTROL_PAYLOAD_SIZE);
+ }
+
+ memcpy(s->hdr, buf, len);
+
+ for (i = 0; i < ARRAY_SIZE(s->hdr); ++i) {
+ s->hdr[i] = le32_to_cpu(s->hdr[i]);
+ }
+ return len;
+}
+
+static size_t
+xilinx_axienet_data_stream_push(StreamSlave *obj, uint8_t *buf, size_t size)
+{
+ XilinxAXIEnetStreamSlave *ds = XILINX_AXI_ENET_DATA_STREAM(obj);
+ XilinxAXIEnet *s = ds->enet;
+
+ /* TX enable ? */
+ if (!(s->tc & TC_TX)) {
+ return size;
+ }
+
+ /* Jumbo or vlan sizes ? */
+ if (!(s->tc & TC_JUM)) {
+ if (size > 1518 && size <= 1522 && !(s->tc & TC_VLAN)) {
+ return size;
+ }
+ }
+
+ if (s->hdr[0] & 1) {
+ unsigned int start_off = s->hdr[1] >> 16;
+ unsigned int write_off = s->hdr[1] & 0xffff;
+ uint32_t tmp_csum;
+ uint16_t csum;
+
+ tmp_csum = net_checksum_add(size - start_off,
+ (uint8_t *)buf + start_off);
+ /* Accumulate the seed. */
+ tmp_csum += s->hdr[2] & 0xffff;
+
+ /* Fold the 32bit partial checksum. */
+ csum = net_checksum_finish(tmp_csum);
+
+ /* Writeback. */
+ buf[write_off] = csum >> 8;
+ buf[write_off + 1] = csum & 0xff;
+ }
+
+ qemu_send_packet(qemu_get_queue(s->nic), buf, size);
+
+ s->stats.tx_bytes += size;
+ s->regs[R_IS] |= IS_TX_COMPLETE;
+ enet_update_irq(s);
+
+ return size;
+}
+
+static NetClientInfo net_xilinx_enet_info = {
+ .type = NET_CLIENT_OPTIONS_KIND_NIC,
+ .size = sizeof(NICState),
+ .can_receive = eth_can_rx,
+ .receive = eth_rx,
+ .cleanup = eth_cleanup,
+};
+
+static void xilinx_enet_realize(DeviceState *dev, Error **errp)
+{
+ XilinxAXIEnet *s = XILINX_AXI_ENET(dev);
+ XilinxAXIEnetStreamSlave *ds = XILINX_AXI_ENET_DATA_STREAM(&s->rx_data_dev);
+ XilinxAXIEnetStreamSlave *cs = XILINX_AXI_ENET_CONTROL_STREAM(
+ &s->rx_control_dev);
+ Error *local_errp = NULL;
+
+ object_property_add_link(OBJECT(ds), "enet", "xlnx.axi-ethernet",
+ (Object **) &ds->enet, &local_errp);
+ object_property_add_link(OBJECT(cs), "enet", "xlnx.axi-ethernet",
+ (Object **) &cs->enet, &local_errp);
+ if (local_errp) {
+ goto xilinx_enet_realize_fail;
+ }
+ object_property_set_link(OBJECT(ds), OBJECT(s), "enet", &local_errp);
+ object_property_set_link(OBJECT(cs), OBJECT(s), "enet", &local_errp);
+ if (local_errp) {
+ goto xilinx_enet_realize_fail;
+ }
+
+ qemu_macaddr_default_if_unset(&s->conf.macaddr);
+ s->nic = qemu_new_nic(&net_xilinx_enet_info, &s->conf,
+ object_get_typename(OBJECT(dev)), dev->id, s);
+ qemu_format_nic_info_str(qemu_get_queue(s->nic), s->conf.macaddr.a);
+
+ tdk_init(&s->TEMAC.phy);
+ mdio_attach(&s->TEMAC.mdio_bus, &s->TEMAC.phy, s->c_phyaddr);
+
+ s->TEMAC.parent = s;
+
+ s->rxmem = g_malloc(s->c_rxmem);
+ return;
+
+xilinx_enet_realize_fail:
+ if (!*errp) {
+ *errp = local_errp;
+ }
+}
+
+static void xilinx_enet_init(Object *obj)
+{
+ XilinxAXIEnet *s = XILINX_AXI_ENET(obj);
+ SysBusDevice *sbd = SYS_BUS_DEVICE(obj);
+ Error *errp = NULL;
+
+ object_property_add_link(obj, "axistream-connected", TYPE_STREAM_SLAVE,
+ (Object **) &s->tx_data_dev, &errp);
+ assert_no_error(errp);
+ object_property_add_link(obj, "axistream-control-connected",
+ TYPE_STREAM_SLAVE,
+ (Object **) &s->tx_control_dev, &errp);
+ assert_no_error(errp);
+
+ object_initialize(&s->rx_data_dev, TYPE_XILINX_AXI_ENET_DATA_STREAM);
+ object_initialize(&s->rx_control_dev, TYPE_XILINX_AXI_ENET_CONTROL_STREAM);
+ object_property_add_child(OBJECT(s), "axistream-connected-target",
+ (Object *)&s->rx_data_dev, &errp);
+ assert_no_error(errp);
+ object_property_add_child(OBJECT(s), "axistream-control-connected-target",
+ (Object *)&s->rx_control_dev, &errp);
+ assert_no_error(errp);
+
+ sysbus_init_irq(sbd, &s->irq);
+
+ memory_region_init_io(&s->iomem, OBJECT(s), &enet_ops, s, "enet", 0x40000);
+ sysbus_init_mmio(sbd, &s->iomem);
+}
+
+static Property xilinx_enet_properties[] = {
+ DEFINE_PROP_UINT32("phyaddr", XilinxAXIEnet, c_phyaddr, 7),
+ DEFINE_PROP_UINT32("rxmem", XilinxAXIEnet, c_rxmem, 0x1000),
+ DEFINE_PROP_UINT32("txmem", XilinxAXIEnet, c_txmem, 0x1000),
+ DEFINE_NIC_PROPERTIES(XilinxAXIEnet, conf),
+ DEFINE_PROP_END_OF_LIST(),
+};
+
+static void xilinx_enet_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+
+ dc->realize = xilinx_enet_realize;
+ dc->props = xilinx_enet_properties;
+ dc->reset = xilinx_axienet_reset;
+}
+
+static void xilinx_enet_stream_class_init(ObjectClass *klass, void *data)
+{
+ StreamSlaveClass *ssc = STREAM_SLAVE_CLASS(klass);
+
+ ssc->push = data;
+}
+
+static const TypeInfo xilinx_enet_info = {
+ .name = TYPE_XILINX_AXI_ENET,
+ .parent = TYPE_SYS_BUS_DEVICE,
+ .instance_size = sizeof(XilinxAXIEnet),
+ .class_init = xilinx_enet_class_init,
+ .instance_init = xilinx_enet_init,
+};
+
+static const TypeInfo xilinx_enet_data_stream_info = {
+ .name = TYPE_XILINX_AXI_ENET_DATA_STREAM,
+ .parent = TYPE_OBJECT,
+ .instance_size = sizeof(struct XilinxAXIEnetStreamSlave),
+ .class_init = xilinx_enet_stream_class_init,
+ .class_data = xilinx_axienet_data_stream_push,
+ .interfaces = (InterfaceInfo[]) {
+ { TYPE_STREAM_SLAVE },
+ { }
+ }
+};
+
+static const TypeInfo xilinx_enet_control_stream_info = {
+ .name = TYPE_XILINX_AXI_ENET_CONTROL_STREAM,
+ .parent = TYPE_OBJECT,
+ .instance_size = sizeof(struct XilinxAXIEnetStreamSlave),
+ .class_init = xilinx_enet_stream_class_init,
+ .class_data = xilinx_axienet_control_stream_push,
+ .interfaces = (InterfaceInfo[]) {
+ { TYPE_STREAM_SLAVE },
+ { }
+ }
+};
+
+static void xilinx_enet_register_types(void)
+{
+ type_register_static(&xilinx_enet_info);
+ type_register_static(&xilinx_enet_data_stream_info);
+ type_register_static(&xilinx_enet_control_stream_info);
+}
+
+type_init(xilinx_enet_register_types)
diff --git a/hw/net/xilinx_ethlite.c b/hw/net/xilinx_ethlite.c
new file mode 100644
index 000000000..3a2a6c21c
--- /dev/null
+++ b/hw/net/xilinx_ethlite.c
@@ -0,0 +1,269 @@
+/*
+ * QEMU model of the Xilinx Ethernet Lite MAC.
+ *
+ * Copyright (c) 2009 Edgar E. Iglesias.
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+#include "hw/sysbus.h"
+#include "hw/hw.h"
+#include "net/net.h"
+
+#define D(x)
+#define R_TX_BUF0 0
+#define R_TX_LEN0 (0x07f4 / 4)
+#define R_TX_GIE0 (0x07f8 / 4)
+#define R_TX_CTRL0 (0x07fc / 4)
+#define R_TX_BUF1 (0x0800 / 4)
+#define R_TX_LEN1 (0x0ff4 / 4)
+#define R_TX_CTRL1 (0x0ffc / 4)
+
+#define R_RX_BUF0 (0x1000 / 4)
+#define R_RX_CTRL0 (0x17fc / 4)
+#define R_RX_BUF1 (0x1800 / 4)
+#define R_RX_CTRL1 (0x1ffc / 4)
+#define R_MAX (0x2000 / 4)
+
+#define GIE_GIE 0x80000000
+
+#define CTRL_I 0x8
+#define CTRL_P 0x2
+#define CTRL_S 0x1
+
+#define TYPE_XILINX_ETHLITE "xlnx.xps-ethernetlite"
+#define XILINX_ETHLITE(obj) \
+ OBJECT_CHECK(struct xlx_ethlite, (obj), TYPE_XILINX_ETHLITE)
+
+struct xlx_ethlite
+{
+ SysBusDevice parent_obj;
+
+ MemoryRegion mmio;
+ qemu_irq irq;
+ NICState *nic;
+ NICConf conf;
+
+ uint32_t c_tx_pingpong;
+ uint32_t c_rx_pingpong;
+ unsigned int txbuf;
+ unsigned int rxbuf;
+
+ uint32_t regs[R_MAX];
+};
+
+static inline void eth_pulse_irq(struct xlx_ethlite *s)
+{
+ /* Only the first gie reg is active. */
+ if (s->regs[R_TX_GIE0] & GIE_GIE) {
+ qemu_irq_pulse(s->irq);
+ }
+}
+
+static uint64_t
+eth_read(void *opaque, hwaddr addr, unsigned int size)
+{
+ struct xlx_ethlite *s = opaque;
+ uint32_t r = 0;
+
+ addr >>= 2;
+
+ switch (addr)
+ {
+ case R_TX_GIE0:
+ case R_TX_LEN0:
+ case R_TX_LEN1:
+ case R_TX_CTRL1:
+ case R_TX_CTRL0:
+ case R_RX_CTRL1:
+ case R_RX_CTRL0:
+ r = s->regs[addr];
+ D(qemu_log("%s " TARGET_FMT_plx "=%x\n", __func__, addr * 4, r));
+ break;
+
+ default:
+ r = tswap32(s->regs[addr]);
+ break;
+ }
+ return r;
+}
+
+static void
+eth_write(void *opaque, hwaddr addr,
+ uint64_t val64, unsigned int size)
+{
+ struct xlx_ethlite *s = opaque;
+ unsigned int base = 0;
+ uint32_t value = val64;
+
+ addr >>= 2;
+ switch (addr)
+ {
+ case R_TX_CTRL0:
+ case R_TX_CTRL1:
+ if (addr == R_TX_CTRL1)
+ base = 0x800 / 4;
+
+ D(qemu_log("%s addr=" TARGET_FMT_plx " val=%x\n",
+ __func__, addr * 4, value));
+ if ((value & (CTRL_P | CTRL_S)) == CTRL_S) {
+ qemu_send_packet(qemu_get_queue(s->nic),
+ (void *) &s->regs[base],
+ s->regs[base + R_TX_LEN0]);
+ D(qemu_log("eth_tx %d\n", s->regs[base + R_TX_LEN0]));
+ if (s->regs[base + R_TX_CTRL0] & CTRL_I)
+ eth_pulse_irq(s);
+ } else if ((value & (CTRL_P | CTRL_S)) == (CTRL_P | CTRL_S)) {
+ memcpy(&s->conf.macaddr.a[0], &s->regs[base], 6);
+ if (s->regs[base + R_TX_CTRL0] & CTRL_I)
+ eth_pulse_irq(s);
+ }
+
+ /* We are fast and get ready pretty much immediately so
+ we actually never flip the S nor P bits to one. */
+ s->regs[addr] = value & ~(CTRL_P | CTRL_S);
+ break;
+
+ /* Keep these native. */
+ case R_RX_CTRL0:
+ case R_RX_CTRL1:
+ if (!(value & CTRL_S)) {
+ qemu_flush_queued_packets(qemu_get_queue(s->nic));
+ }
+ case R_TX_LEN0:
+ case R_TX_LEN1:
+ case R_TX_GIE0:
+ D(qemu_log("%s addr=" TARGET_FMT_plx " val=%x\n",
+ __func__, addr * 4, value));
+ s->regs[addr] = value;
+ break;
+
+ default:
+ s->regs[addr] = tswap32(value);
+ break;
+ }
+}
+
+static const MemoryRegionOps eth_ops = {
+ .read = eth_read,
+ .write = eth_write,
+ .endianness = DEVICE_NATIVE_ENDIAN,
+ .valid = {
+ .min_access_size = 4,
+ .max_access_size = 4
+ }
+};
+
+static int eth_can_rx(NetClientState *nc)
+{
+ struct xlx_ethlite *s = qemu_get_nic_opaque(nc);
+ unsigned int rxbase = s->rxbuf * (0x800 / 4);
+
+ return !(s->regs[rxbase + R_RX_CTRL0] & CTRL_S);
+}
+
+static ssize_t eth_rx(NetClientState *nc, const uint8_t *buf, size_t size)
+{
+ struct xlx_ethlite *s = qemu_get_nic_opaque(nc);
+ unsigned int rxbase = s->rxbuf * (0x800 / 4);
+
+ /* DA filter. */
+ if (!(buf[0] & 0x80) && memcmp(&s->conf.macaddr.a[0], buf, 6))
+ return size;
+
+ if (s->regs[rxbase + R_RX_CTRL0] & CTRL_S) {
+ D(qemu_log("ethlite lost packet %x\n", s->regs[R_RX_CTRL0]));
+ return -1;
+ }
+
+ D(qemu_log("%s %zd rxbase=%x\n", __func__, size, rxbase));
+ memcpy(&s->regs[rxbase + R_RX_BUF0], buf, size);
+
+ s->regs[rxbase + R_RX_CTRL0] |= CTRL_S;
+ if (s->regs[rxbase + R_RX_CTRL0] & CTRL_I)
+ eth_pulse_irq(s);
+
+ /* If c_rx_pingpong was set flip buffers. */
+ s->rxbuf ^= s->c_rx_pingpong;
+ return size;
+}
+
+static void eth_cleanup(NetClientState *nc)
+{
+ struct xlx_ethlite *s = qemu_get_nic_opaque(nc);
+
+ s->nic = NULL;
+}
+
+static NetClientInfo net_xilinx_ethlite_info = {
+ .type = NET_CLIENT_OPTIONS_KIND_NIC,
+ .size = sizeof(NICState),
+ .can_receive = eth_can_rx,
+ .receive = eth_rx,
+ .cleanup = eth_cleanup,
+};
+
+static int xilinx_ethlite_init(SysBusDevice *sbd)
+{
+ DeviceState *dev = DEVICE(sbd);
+ struct xlx_ethlite *s = XILINX_ETHLITE(dev);
+
+ sysbus_init_irq(sbd, &s->irq);
+ s->rxbuf = 0;
+
+ memory_region_init_io(&s->mmio, OBJECT(s), &eth_ops, s,
+ "xlnx.xps-ethernetlite", R_MAX * 4);
+ sysbus_init_mmio(sbd, &s->mmio);
+
+ qemu_macaddr_default_if_unset(&s->conf.macaddr);
+ s->nic = qemu_new_nic(&net_xilinx_ethlite_info, &s->conf,
+ object_get_typename(OBJECT(dev)), dev->id, s);
+ qemu_format_nic_info_str(qemu_get_queue(s->nic), s->conf.macaddr.a);
+ return 0;
+}
+
+static Property xilinx_ethlite_properties[] = {
+ DEFINE_PROP_UINT32("tx-ping-pong", struct xlx_ethlite, c_tx_pingpong, 1),
+ DEFINE_PROP_UINT32("rx-ping-pong", struct xlx_ethlite, c_rx_pingpong, 1),
+ DEFINE_NIC_PROPERTIES(struct xlx_ethlite, conf),
+ DEFINE_PROP_END_OF_LIST(),
+};
+
+static void xilinx_ethlite_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
+
+ k->init = xilinx_ethlite_init;
+ dc->props = xilinx_ethlite_properties;
+}
+
+static const TypeInfo xilinx_ethlite_info = {
+ .name = TYPE_XILINX_ETHLITE,
+ .parent = TYPE_SYS_BUS_DEVICE,
+ .instance_size = sizeof(struct xlx_ethlite),
+ .class_init = xilinx_ethlite_class_init,
+};
+
+static void xilinx_ethlite_register_types(void)
+{
+ type_register_static(&xilinx_ethlite_info);
+}
+
+type_init(xilinx_ethlite_register_types)
diff --git a/hw/nseries.c b/hw/nseries.c
deleted file mode 100644
index 2de8d21f0..000000000
--- a/hw/nseries.c
+++ /dev/null
@@ -1,1428 +0,0 @@
-/*
- * Nokia N-series internet tablets.
- *
- * Copyright (C) 2007 Nokia Corporation
- * Written by Andrzej Zaborowski <andrew@openedhand.com>
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License as
- * published by the Free Software Foundation; either version 2 or
- * (at your option) version 3 of the License.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, see <http://www.gnu.org/licenses/>.
- */
-
-#include "qemu-common.h"
-#include "sysemu.h"
-#include "omap.h"
-#include "arm-misc.h"
-#include "irq.h"
-#include "console.h"
-#include "boards.h"
-#include "i2c.h"
-#include "devices.h"
-#include "flash.h"
-#include "hw.h"
-#include "bt.h"
-#include "loader.h"
-#include "blockdev.h"
-#include "sysbus.h"
-#include "exec-memory.h"
-
-/* Nokia N8x0 support */
-struct n800_s {
- struct omap_mpu_state_s *mpu;
-
- struct rfbi_chip_s blizzard;
- struct {
- void *opaque;
- uint32_t (*txrx)(void *opaque, uint32_t value, int len);
- uWireSlave *chip;
- } ts;
-
- int keymap[0x80];
- DeviceState *kbd;
-
- DeviceState *usb;
- void *retu;
- void *tahvo;
- DeviceState *nand;
-};
-
-/* GPIO pins */
-#define N8X0_TUSB_ENABLE_GPIO 0
-#define N800_MMC2_WP_GPIO 8
-#define N800_UNKNOWN_GPIO0 9 /* out */
-#define N810_MMC2_VIOSD_GPIO 9
-#define N810_HEADSET_AMP_GPIO 10
-#define N800_CAM_TURN_GPIO 12
-#define N810_GPS_RESET_GPIO 12
-#define N800_BLIZZARD_POWERDOWN_GPIO 15
-#define N800_MMC1_WP_GPIO 23
-#define N810_MMC2_VSD_GPIO 23
-#define N8X0_ONENAND_GPIO 26
-#define N810_BLIZZARD_RESET_GPIO 30
-#define N800_UNKNOWN_GPIO2 53 /* out */
-#define N8X0_TUSB_INT_GPIO 58
-#define N8X0_BT_WKUP_GPIO 61
-#define N8X0_STI_GPIO 62
-#define N8X0_CBUS_SEL_GPIO 64
-#define N8X0_CBUS_DAT_GPIO 65
-#define N8X0_CBUS_CLK_GPIO 66
-#define N8X0_WLAN_IRQ_GPIO 87
-#define N8X0_BT_RESET_GPIO 92
-#define N8X0_TEA5761_CS_GPIO 93
-#define N800_UNKNOWN_GPIO 94
-#define N810_TSC_RESET_GPIO 94
-#define N800_CAM_ACT_GPIO 95
-#define N810_GPS_WAKEUP_GPIO 95
-#define N8X0_MMC_CS_GPIO 96
-#define N8X0_WLAN_PWR_GPIO 97
-#define N8X0_BT_HOST_WKUP_GPIO 98
-#define N810_SPEAKER_AMP_GPIO 101
-#define N810_KB_LOCK_GPIO 102
-#define N800_TSC_TS_GPIO 103
-#define N810_TSC_TS_GPIO 106
-#define N8X0_HEADPHONE_GPIO 107
-#define N8X0_RETU_GPIO 108
-#define N800_TSC_KP_IRQ_GPIO 109
-#define N810_KEYBOARD_GPIO 109
-#define N800_BAT_COVER_GPIO 110
-#define N810_SLIDE_GPIO 110
-#define N8X0_TAHVO_GPIO 111
-#define N800_UNKNOWN_GPIO4 112 /* out */
-#define N810_SLEEPX_LED_GPIO 112
-#define N800_TSC_RESET_GPIO 118 /* ? */
-#define N810_AIC33_RESET_GPIO 118
-#define N800_TSC_UNKNOWN_GPIO 119 /* out */
-#define N8X0_TMP105_GPIO 125
-
-/* Config */
-#define BT_UART 0
-#define XLDR_LL_UART 1
-
-/* Addresses on the I2C bus 0 */
-#define N810_TLV320AIC33_ADDR 0x18 /* Audio CODEC */
-#define N8X0_TCM825x_ADDR 0x29 /* Camera */
-#define N810_LP5521_ADDR 0x32 /* LEDs */
-#define N810_TSL2563_ADDR 0x3d /* Light sensor */
-#define N810_LM8323_ADDR 0x45 /* Keyboard */
-/* Addresses on the I2C bus 1 */
-#define N8X0_TMP105_ADDR 0x48 /* Temperature sensor */
-#define N8X0_MENELAUS_ADDR 0x72 /* Power management */
-
-/* Chipselects on GPMC NOR interface */
-#define N8X0_ONENAND_CS 0
-#define N8X0_USB_ASYNC_CS 1
-#define N8X0_USB_SYNC_CS 4
-
-#define N8X0_BD_ADDR 0x00, 0x1a, 0x89, 0x9e, 0x3e, 0x81
-
-static void n800_mmc_cs_cb(void *opaque, int line, int level)
-{
- /* TODO: this seems to actually be connected to the menelaus, to
- * which also both MMC slots connect. */
- omap_mmc_enable((struct omap_mmc_s *) opaque, !level);
-
- printf("%s: MMC slot %i active\n", __FUNCTION__, level + 1);
-}
-
-static void n8x0_gpio_setup(struct n800_s *s)
-{
- qemu_irq *mmc_cs = qemu_allocate_irqs(n800_mmc_cs_cb, s->mpu->mmc, 1);
- qdev_connect_gpio_out(s->mpu->gpio, N8X0_MMC_CS_GPIO, mmc_cs[0]);
-
- qemu_irq_lower(qdev_get_gpio_in(s->mpu->gpio, N800_BAT_COVER_GPIO));
-}
-
-#define MAEMO_CAL_HEADER(...) \
- 'C', 'o', 'n', 'F', 0x02, 0x00, 0x04, 0x00, \
- __VA_ARGS__, \
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-
-static const uint8_t n8x0_cal_wlan_mac[] = {
- MAEMO_CAL_HEADER('w', 'l', 'a', 'n', '-', 'm', 'a', 'c')
- 0x1c, 0x00, 0x00, 0x00, 0x47, 0xd6, 0x69, 0xb3,
- 0x30, 0x08, 0xa0, 0x83, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x1a, 0x00, 0x00, 0x00,
- 0x89, 0x00, 0x00, 0x00, 0x9e, 0x00, 0x00, 0x00,
- 0x5d, 0x00, 0x00, 0x00, 0xc1, 0x00, 0x00, 0x00,
-};
-
-static const uint8_t n8x0_cal_bt_id[] = {
- MAEMO_CAL_HEADER('b', 't', '-', 'i', 'd', 0, 0, 0)
- 0x0a, 0x00, 0x00, 0x00, 0xa3, 0x4b, 0xf6, 0x96,
- 0xa8, 0xeb, 0xb2, 0x41, 0x00, 0x00, 0x00, 0x00,
- N8X0_BD_ADDR,
-};
-
-static void n8x0_nand_setup(struct n800_s *s)
-{
- char *otp_region;
- DriveInfo *dinfo;
-
- s->nand = qdev_create(NULL, "onenand");
- qdev_prop_set_uint16(s->nand, "manufacturer_id", NAND_MFR_SAMSUNG);
- /* Either 0x40 or 0x48 are OK for the device ID */
- qdev_prop_set_uint16(s->nand, "device_id", 0x48);
- qdev_prop_set_uint16(s->nand, "version_id", 0);
- qdev_prop_set_int32(s->nand, "shift", 1);
- dinfo = drive_get(IF_MTD, 0, 0);
- if (dinfo && dinfo->bdrv) {
- qdev_prop_set_drive_nofail(s->nand, "drive", dinfo->bdrv);
- }
- qdev_init_nofail(s->nand);
- sysbus_connect_irq(sysbus_from_qdev(s->nand), 0,
- qdev_get_gpio_in(s->mpu->gpio, N8X0_ONENAND_GPIO));
- omap_gpmc_attach(s->mpu->gpmc, N8X0_ONENAND_CS,
- sysbus_mmio_get_region(sysbus_from_qdev(s->nand), 0));
- otp_region = onenand_raw_otp(s->nand);
-
- memcpy(otp_region + 0x000, n8x0_cal_wlan_mac, sizeof(n8x0_cal_wlan_mac));
- memcpy(otp_region + 0x800, n8x0_cal_bt_id, sizeof(n8x0_cal_bt_id));
- /* XXX: in theory should also update the OOB for both pages */
-}
-
-static qemu_irq n8x0_system_powerdown;
-
-static void n8x0_powerdown_req(Notifier *n, void *opaque)
-{
- qemu_irq_raise(n8x0_system_powerdown);
-}
-
-static Notifier n8x0_system_powerdown_notifier = {
- .notify = n8x0_powerdown_req
-};
-
-static void n8x0_i2c_setup(struct n800_s *s)
-{
- DeviceState *dev;
- qemu_irq tmp_irq = qdev_get_gpio_in(s->mpu->gpio, N8X0_TMP105_GPIO);
- i2c_bus *i2c = omap_i2c_bus(s->mpu->i2c[0]);
-
- /* Attach a menelaus PM chip */
- dev = i2c_create_slave(i2c, "twl92230", N8X0_MENELAUS_ADDR);
- qdev_connect_gpio_out(dev, 3,
- qdev_get_gpio_in(s->mpu->ih[0],
- OMAP_INT_24XX_SYS_NIRQ));
-
- n8x0_system_powerdown = qdev_get_gpio_in(dev, 3);
- qemu_register_powerdown_notifier(&n8x0_system_powerdown_notifier);
-
- /* Attach a TMP105 PM chip (A0 wired to ground) */
- dev = i2c_create_slave(i2c, "tmp105", N8X0_TMP105_ADDR);
- qdev_connect_gpio_out(dev, 0, tmp_irq);
-}
-
-/* Touchscreen and keypad controller */
-static MouseTransformInfo n800_pointercal = {
- .x = 800,
- .y = 480,
- .a = { 14560, -68, -3455208, -39, -9621, 35152972, 65536 },
-};
-
-static MouseTransformInfo n810_pointercal = {
- .x = 800,
- .y = 480,
- .a = { 15041, 148, -4731056, 171, -10238, 35933380, 65536 },
-};
-
-#define RETU_KEYCODE 61 /* F3 */
-
-static void n800_key_event(void *opaque, int keycode)
-{
- struct n800_s *s = (struct n800_s *) opaque;
- int code = s->keymap[keycode & 0x7f];
-
- if (code == -1) {
- if ((keycode & 0x7f) == RETU_KEYCODE)
- retu_key_event(s->retu, !(keycode & 0x80));
- return;
- }
-
- tsc210x_key_event(s->ts.chip, code, !(keycode & 0x80));
-}
-
-static const int n800_keys[16] = {
- -1,
- 72, /* Up */
- 63, /* Home (F5) */
- -1,
- 75, /* Left */
- 28, /* Enter */
- 77, /* Right */
- -1,
- 1, /* Cycle (ESC) */
- 80, /* Down */
- 62, /* Menu (F4) */
- -1,
- 66, /* Zoom- (F8) */
- 64, /* FullScreen (F6) */
- 65, /* Zoom+ (F7) */
- -1,
-};
-
-static void n800_tsc_kbd_setup(struct n800_s *s)
-{
- int i;
-
- /* XXX: are the three pins inverted inside the chip between the
- * tsc and the cpu (N4111)? */
- qemu_irq penirq = NULL; /* NC */
- qemu_irq kbirq = qdev_get_gpio_in(s->mpu->gpio, N800_TSC_KP_IRQ_GPIO);
- qemu_irq dav = qdev_get_gpio_in(s->mpu->gpio, N800_TSC_TS_GPIO);
-
- s->ts.chip = tsc2301_init(penirq, kbirq, dav);
- s->ts.opaque = s->ts.chip->opaque;
- s->ts.txrx = tsc210x_txrx;
-
- for (i = 0; i < 0x80; i ++)
- s->keymap[i] = -1;
- for (i = 0; i < 0x10; i ++)
- if (n800_keys[i] >= 0)
- s->keymap[n800_keys[i]] = i;
-
- qemu_add_kbd_event_handler(n800_key_event, s);
-
- tsc210x_set_transform(s->ts.chip, &n800_pointercal);
-}
-
-static void n810_tsc_setup(struct n800_s *s)
-{
- qemu_irq pintdav = qdev_get_gpio_in(s->mpu->gpio, N810_TSC_TS_GPIO);
-
- s->ts.opaque = tsc2005_init(pintdav);
- s->ts.txrx = tsc2005_txrx;
-
- tsc2005_set_transform(s->ts.opaque, &n810_pointercal);
-}
-
-/* N810 Keyboard controller */
-static void n810_key_event(void *opaque, int keycode)
-{
- struct n800_s *s = (struct n800_s *) opaque;
- int code = s->keymap[keycode & 0x7f];
-
- if (code == -1) {
- if ((keycode & 0x7f) == RETU_KEYCODE)
- retu_key_event(s->retu, !(keycode & 0x80));
- return;
- }
-
- lm832x_key_event(s->kbd, code, !(keycode & 0x80));
-}
-
-#define M 0
-
-static int n810_keys[0x80] = {
- [0x01] = 16, /* Q */
- [0x02] = 37, /* K */
- [0x03] = 24, /* O */
- [0x04] = 25, /* P */
- [0x05] = 14, /* Backspace */
- [0x06] = 30, /* A */
- [0x07] = 31, /* S */
- [0x08] = 32, /* D */
- [0x09] = 33, /* F */
- [0x0a] = 34, /* G */
- [0x0b] = 35, /* H */
- [0x0c] = 36, /* J */
-
- [0x11] = 17, /* W */
- [0x12] = 62, /* Menu (F4) */
- [0x13] = 38, /* L */
- [0x14] = 40, /* ' (Apostrophe) */
- [0x16] = 44, /* Z */
- [0x17] = 45, /* X */
- [0x18] = 46, /* C */
- [0x19] = 47, /* V */
- [0x1a] = 48, /* B */
- [0x1b] = 49, /* N */
- [0x1c] = 42, /* Shift (Left shift) */
- [0x1f] = 65, /* Zoom+ (F7) */
-
- [0x21] = 18, /* E */
- [0x22] = 39, /* ; (Semicolon) */
- [0x23] = 12, /* - (Minus) */
- [0x24] = 13, /* = (Equal) */
- [0x2b] = 56, /* Fn (Left Alt) */
- [0x2c] = 50, /* M */
- [0x2f] = 66, /* Zoom- (F8) */
-
- [0x31] = 19, /* R */
- [0x32] = 29 | M, /* Right Ctrl */
- [0x34] = 57, /* Space */
- [0x35] = 51, /* , (Comma) */
- [0x37] = 72 | M, /* Up */
- [0x3c] = 82 | M, /* Compose (Insert) */
- [0x3f] = 64, /* FullScreen (F6) */
-
- [0x41] = 20, /* T */
- [0x44] = 52, /* . (Dot) */
- [0x46] = 77 | M, /* Right */
- [0x4f] = 63, /* Home (F5) */
- [0x51] = 21, /* Y */
- [0x53] = 80 | M, /* Down */
- [0x55] = 28, /* Enter */
- [0x5f] = 1, /* Cycle (ESC) */
-
- [0x61] = 22, /* U */
- [0x64] = 75 | M, /* Left */
-
- [0x71] = 23, /* I */
-#if 0
- [0x75] = 28 | M, /* KP Enter (KP Enter) */
-#else
- [0x75] = 15, /* KP Enter (Tab) */
-#endif
-};
-
-#undef M
-
-static void n810_kbd_setup(struct n800_s *s)
-{
- qemu_irq kbd_irq = qdev_get_gpio_in(s->mpu->gpio, N810_KEYBOARD_GPIO);
- int i;
-
- for (i = 0; i < 0x80; i ++)
- s->keymap[i] = -1;
- for (i = 0; i < 0x80; i ++)
- if (n810_keys[i] > 0)
- s->keymap[n810_keys[i]] = i;
-
- qemu_add_kbd_event_handler(n810_key_event, s);
-
- /* Attach the LM8322 keyboard to the I2C bus,
- * should happen in n8x0_i2c_setup and s->kbd be initialised here. */
- s->kbd = i2c_create_slave(omap_i2c_bus(s->mpu->i2c[0]),
- "lm8323", N810_LM8323_ADDR);
- qdev_connect_gpio_out(s->kbd, 0, kbd_irq);
-}
-
-/* LCD MIPI DBI-C controller (URAL) */
-struct mipid_s {
- int resp[4];
- int param[4];
- int p;
- int pm;
- int cmd;
-
- int sleep;
- int booster;
- int te;
- int selfcheck;
- int partial;
- int normal;
- int vscr;
- int invert;
- int onoff;
- int gamma;
- uint32_t id;
-};
-
-static void mipid_reset(struct mipid_s *s)
-{
- if (!s->sleep)
- fprintf(stderr, "%s: Display off\n", __FUNCTION__);
-
- s->pm = 0;
- s->cmd = 0;
-
- s->sleep = 1;
- s->booster = 0;
- s->selfcheck =
- (1 << 7) | /* Register loading OK. */
- (1 << 5) | /* The chip is attached. */
- (1 << 4); /* Display glass still in one piece. */
- s->te = 0;
- s->partial = 0;
- s->normal = 1;
- s->vscr = 0;
- s->invert = 0;
- s->onoff = 1;
- s->gamma = 0;
-}
-
-static uint32_t mipid_txrx(void *opaque, uint32_t cmd, int len)
-{
- struct mipid_s *s = (struct mipid_s *) opaque;
- uint8_t ret;
-
- if (len > 9)
- hw_error("%s: FIXME: bad SPI word width %i\n", __FUNCTION__, len);
-
- if (s->p >= ARRAY_SIZE(s->resp))
- ret = 0;
- else
- ret = s->resp[s->p ++];
- if (s->pm --> 0)
- s->param[s->pm] = cmd;
- else
- s->cmd = cmd;
-
- switch (s->cmd) {
- case 0x00: /* NOP */
- break;
-
- case 0x01: /* SWRESET */
- mipid_reset(s);
- break;
-
- case 0x02: /* BSTROFF */
- s->booster = 0;
- break;
- case 0x03: /* BSTRON */
- s->booster = 1;
- break;
-
- case 0x04: /* RDDID */
- s->p = 0;
- s->resp[0] = (s->id >> 16) & 0xff;
- s->resp[1] = (s->id >> 8) & 0xff;
- s->resp[2] = (s->id >> 0) & 0xff;
- break;
-
- case 0x06: /* RD_RED */
- case 0x07: /* RD_GREEN */
- /* XXX the bootloader sometimes issues RD_BLUE meaning RDDID so
- * for the bootloader one needs to change this. */
- case 0x08: /* RD_BLUE */
- s->p = 0;
- /* TODO: return first pixel components */
- s->resp[0] = 0x01;
- break;
-
- case 0x09: /* RDDST */
- s->p = 0;
- s->resp[0] = s->booster << 7;
- s->resp[1] = (5 << 4) | (s->partial << 2) |
- (s->sleep << 1) | s->normal;
- s->resp[2] = (s->vscr << 7) | (s->invert << 5) |
- (s->onoff << 2) | (s->te << 1) | (s->gamma >> 2);
- s->resp[3] = s->gamma << 6;
- break;
-
- case 0x0a: /* RDDPM */
- s->p = 0;
- s->resp[0] = (s->onoff << 2) | (s->normal << 3) | (s->sleep << 4) |
- (s->partial << 5) | (s->sleep << 6) | (s->booster << 7);
- break;
- case 0x0b: /* RDDMADCTR */
- s->p = 0;
- s->resp[0] = 0;
- break;
- case 0x0c: /* RDDCOLMOD */
- s->p = 0;
- s->resp[0] = 5; /* 65K colours */
- break;
- case 0x0d: /* RDDIM */
- s->p = 0;
- s->resp[0] = (s->invert << 5) | (s->vscr << 7) | s->gamma;
- break;
- case 0x0e: /* RDDSM */
- s->p = 0;
- s->resp[0] = s->te << 7;
- break;
- case 0x0f: /* RDDSDR */
- s->p = 0;
- s->resp[0] = s->selfcheck;
- break;
-
- case 0x10: /* SLPIN */
- s->sleep = 1;
- break;
- case 0x11: /* SLPOUT */
- s->sleep = 0;
- s->selfcheck ^= 1 << 6; /* POFF self-diagnosis Ok */
- break;
-
- case 0x12: /* PTLON */
- s->partial = 1;
- s->normal = 0;
- s->vscr = 0;
- break;
- case 0x13: /* NORON */
- s->partial = 0;
- s->normal = 1;
- s->vscr = 0;
- break;
-
- case 0x20: /* INVOFF */
- s->invert = 0;
- break;
- case 0x21: /* INVON */
- s->invert = 1;
- break;
-
- case 0x22: /* APOFF */
- case 0x23: /* APON */
- goto bad_cmd;
-
- case 0x25: /* WRCNTR */
- if (s->pm < 0)
- s->pm = 1;
- goto bad_cmd;
-
- case 0x26: /* GAMSET */
- if (!s->pm)
- s->gamma = ffs(s->param[0] & 0xf) - 1;
- else if (s->pm < 0)
- s->pm = 1;
- break;
-
- case 0x28: /* DISPOFF */
- s->onoff = 0;
- fprintf(stderr, "%s: Display off\n", __FUNCTION__);
- break;
- case 0x29: /* DISPON */
- s->onoff = 1;
- fprintf(stderr, "%s: Display on\n", __FUNCTION__);
- break;
-
- case 0x2a: /* CASET */
- case 0x2b: /* RASET */
- case 0x2c: /* RAMWR */
- case 0x2d: /* RGBSET */
- case 0x2e: /* RAMRD */
- case 0x30: /* PTLAR */
- case 0x33: /* SCRLAR */
- goto bad_cmd;
-
- case 0x34: /* TEOFF */
- s->te = 0;
- break;
- case 0x35: /* TEON */
- if (!s->pm)
- s->te = 1;
- else if (s->pm < 0)
- s->pm = 1;
- break;
-
- case 0x36: /* MADCTR */
- goto bad_cmd;
-
- case 0x37: /* VSCSAD */
- s->partial = 0;
- s->normal = 0;
- s->vscr = 1;
- break;
-
- case 0x38: /* IDMOFF */
- case 0x39: /* IDMON */
- case 0x3a: /* COLMOD */
- goto bad_cmd;
-
- case 0xb0: /* CLKINT / DISCTL */
- case 0xb1: /* CLKEXT */
- if (s->pm < 0)
- s->pm = 2;
- break;
-
- case 0xb4: /* FRMSEL */
- break;
-
- case 0xb5: /* FRM8SEL */
- case 0xb6: /* TMPRNG / INIESC */
- case 0xb7: /* TMPHIS / NOP2 */
- case 0xb8: /* TMPREAD / MADCTL */
- case 0xba: /* DISTCTR */
- case 0xbb: /* EPVOL */
- goto bad_cmd;
-
- case 0xbd: /* Unknown */
- s->p = 0;
- s->resp[0] = 0;
- s->resp[1] = 1;
- break;
-
- case 0xc2: /* IFMOD */
- if (s->pm < 0)
- s->pm = 2;
- break;
-
- case 0xc6: /* PWRCTL */
- case 0xc7: /* PPWRCTL */
- case 0xd0: /* EPWROUT */
- case 0xd1: /* EPWRIN */
- case 0xd4: /* RDEV */
- case 0xd5: /* RDRR */
- goto bad_cmd;
-
- case 0xda: /* RDID1 */
- s->p = 0;
- s->resp[0] = (s->id >> 16) & 0xff;
- break;
- case 0xdb: /* RDID2 */
- s->p = 0;
- s->resp[0] = (s->id >> 8) & 0xff;
- break;
- case 0xdc: /* RDID3 */
- s->p = 0;
- s->resp[0] = (s->id >> 0) & 0xff;
- break;
-
- default:
- bad_cmd:
- fprintf(stderr, "%s: unknown command %02x\n", __FUNCTION__, s->cmd);
- break;
- }
-
- return ret;
-}
-
-static void *mipid_init(void)
-{
- struct mipid_s *s = (struct mipid_s *) g_malloc0(sizeof(*s));
-
- s->id = 0x838f03;
- mipid_reset(s);
-
- return s;
-}
-
-static void n8x0_spi_setup(struct n800_s *s)
-{
- void *tsc = s->ts.opaque;
- void *mipid = mipid_init();
-
- omap_mcspi_attach(s->mpu->mcspi[0], s->ts.txrx, tsc, 0);
- omap_mcspi_attach(s->mpu->mcspi[0], mipid_txrx, mipid, 1);
-}
-
-/* This task is normally performed by the bootloader. If we're loading
- * a kernel directly, we need to enable the Blizzard ourselves. */
-static void n800_dss_init(struct rfbi_chip_s *chip)
-{
- uint8_t *fb_blank;
-
- chip->write(chip->opaque, 0, 0x2a); /* LCD Width register */
- chip->write(chip->opaque, 1, 0x64);
- chip->write(chip->opaque, 0, 0x2c); /* LCD HNDP register */
- chip->write(chip->opaque, 1, 0x1e);
- chip->write(chip->opaque, 0, 0x2e); /* LCD Height 0 register */
- chip->write(chip->opaque, 1, 0xe0);
- chip->write(chip->opaque, 0, 0x30); /* LCD Height 1 register */
- chip->write(chip->opaque, 1, 0x01);
- chip->write(chip->opaque, 0, 0x32); /* LCD VNDP register */
- chip->write(chip->opaque, 1, 0x06);
- chip->write(chip->opaque, 0, 0x68); /* Display Mode register */
- chip->write(chip->opaque, 1, 1); /* Enable bit */
-
- chip->write(chip->opaque, 0, 0x6c);
- chip->write(chip->opaque, 1, 0x00); /* Input X Start Position */
- chip->write(chip->opaque, 1, 0x00); /* Input X Start Position */
- chip->write(chip->opaque, 1, 0x00); /* Input Y Start Position */
- chip->write(chip->opaque, 1, 0x00); /* Input Y Start Position */
- chip->write(chip->opaque, 1, 0x1f); /* Input X End Position */
- chip->write(chip->opaque, 1, 0x03); /* Input X End Position */
- chip->write(chip->opaque, 1, 0xdf); /* Input Y End Position */
- chip->write(chip->opaque, 1, 0x01); /* Input Y End Position */
- chip->write(chip->opaque, 1, 0x00); /* Output X Start Position */
- chip->write(chip->opaque, 1, 0x00); /* Output X Start Position */
- chip->write(chip->opaque, 1, 0x00); /* Output Y Start Position */
- chip->write(chip->opaque, 1, 0x00); /* Output Y Start Position */
- chip->write(chip->opaque, 1, 0x1f); /* Output X End Position */
- chip->write(chip->opaque, 1, 0x03); /* Output X End Position */
- chip->write(chip->opaque, 1, 0xdf); /* Output Y End Position */
- chip->write(chip->opaque, 1, 0x01); /* Output Y End Position */
- chip->write(chip->opaque, 1, 0x01); /* Input Data Format */
- chip->write(chip->opaque, 1, 0x01); /* Data Source Select */
-
- fb_blank = memset(g_malloc(800 * 480 * 2), 0xff, 800 * 480 * 2);
- /* Display Memory Data Port */
- chip->block(chip->opaque, 1, fb_blank, 800 * 480 * 2, 800);
- g_free(fb_blank);
-}
-
-static void n8x0_dss_setup(struct n800_s *s)
-{
- s->blizzard.opaque = s1d13745_init(NULL);
- s->blizzard.block = s1d13745_write_block;
- s->blizzard.write = s1d13745_write;
- s->blizzard.read = s1d13745_read;
-
- omap_rfbi_attach(s->mpu->dss, 0, &s->blizzard);
-}
-
-static void n8x0_cbus_setup(struct n800_s *s)
-{
- qemu_irq dat_out = qdev_get_gpio_in(s->mpu->gpio, N8X0_CBUS_DAT_GPIO);
- qemu_irq retu_irq = qdev_get_gpio_in(s->mpu->gpio, N8X0_RETU_GPIO);
- qemu_irq tahvo_irq = qdev_get_gpio_in(s->mpu->gpio, N8X0_TAHVO_GPIO);
-
- CBus *cbus = cbus_init(dat_out);
-
- qdev_connect_gpio_out(s->mpu->gpio, N8X0_CBUS_CLK_GPIO, cbus->clk);
- qdev_connect_gpio_out(s->mpu->gpio, N8X0_CBUS_DAT_GPIO, cbus->dat);
- qdev_connect_gpio_out(s->mpu->gpio, N8X0_CBUS_SEL_GPIO, cbus->sel);
-
- cbus_attach(cbus, s->retu = retu_init(retu_irq, 1));
- cbus_attach(cbus, s->tahvo = tahvo_init(tahvo_irq, 1));
-}
-
-static void n8x0_uart_setup(struct n800_s *s)
-{
- CharDriverState *radio = uart_hci_init(
- qdev_get_gpio_in(s->mpu->gpio, N8X0_BT_HOST_WKUP_GPIO));
-
- qdev_connect_gpio_out(s->mpu->gpio, N8X0_BT_RESET_GPIO,
- csrhci_pins_get(radio)[csrhci_pin_reset]);
- qdev_connect_gpio_out(s->mpu->gpio, N8X0_BT_WKUP_GPIO,
- csrhci_pins_get(radio)[csrhci_pin_wakeup]);
-
- omap_uart_attach(s->mpu->uart[BT_UART], radio);
-}
-
-static void n8x0_usb_setup(struct n800_s *s)
-{
- SysBusDevice *dev;
- s->usb = qdev_create(NULL, "tusb6010");
- dev = sysbus_from_qdev(s->usb);
- qdev_init_nofail(s->usb);
- sysbus_connect_irq(dev, 0,
- qdev_get_gpio_in(s->mpu->gpio, N8X0_TUSB_INT_GPIO));
- /* Using the NOR interface */
- omap_gpmc_attach(s->mpu->gpmc, N8X0_USB_ASYNC_CS,
- sysbus_mmio_get_region(dev, 0));
- omap_gpmc_attach(s->mpu->gpmc, N8X0_USB_SYNC_CS,
- sysbus_mmio_get_region(dev, 1));
- qdev_connect_gpio_out(s->mpu->gpio, N8X0_TUSB_ENABLE_GPIO,
- qdev_get_gpio_in(s->usb, 0)); /* tusb_pwr */
-}
-
-/* Setup done before the main bootloader starts by some early setup code
- * - used when we want to run the main bootloader in emulation. This
- * isn't documented. */
-static uint32_t n800_pinout[104] = {
- 0x080f00d8, 0x00d40808, 0x03080808, 0x080800d0,
- 0x00dc0808, 0x0b0f0f00, 0x080800b4, 0x00c00808,
- 0x08080808, 0x180800c4, 0x00b80000, 0x08080808,
- 0x080800bc, 0x00cc0808, 0x08081818, 0x18180128,
- 0x01241800, 0x18181818, 0x000000f0, 0x01300000,
- 0x00001b0b, 0x1b0f0138, 0x00e0181b, 0x1b031b0b,
- 0x180f0078, 0x00740018, 0x0f0f0f1a, 0x00000080,
- 0x007c0000, 0x00000000, 0x00000088, 0x00840000,
- 0x00000000, 0x00000094, 0x00980300, 0x0f180003,
- 0x0000008c, 0x00900f0f, 0x0f0f1b00, 0x0f00009c,
- 0x01140000, 0x1b1b0f18, 0x0818013c, 0x01400008,
- 0x00001818, 0x000b0110, 0x010c1800, 0x0b030b0f,
- 0x181800f4, 0x00f81818, 0x00000018, 0x000000fc,
- 0x00401808, 0x00000000, 0x0f1b0030, 0x003c0008,
- 0x00000000, 0x00000038, 0x00340000, 0x00000000,
- 0x1a080070, 0x00641a1a, 0x08080808, 0x08080060,
- 0x005c0808, 0x08080808, 0x08080058, 0x00540808,
- 0x08080808, 0x0808006c, 0x00680808, 0x08080808,
- 0x000000a8, 0x00b00000, 0x08080808, 0x000000a0,
- 0x00a40000, 0x00000000, 0x08ff0050, 0x004c0808,
- 0xffffffff, 0xffff0048, 0x0044ffff, 0xffffffff,
- 0x000000ac, 0x01040800, 0x08080b0f, 0x18180100,
- 0x01081818, 0x0b0b1808, 0x1a0300e4, 0x012c0b1a,
- 0x02020018, 0x0b000134, 0x011c0800, 0x0b1b1b00,
- 0x0f0000c8, 0x00ec181b, 0x000f0f02, 0x00180118,
- 0x01200000, 0x0f0b1b1b, 0x0f0200e8, 0x0000020b,
-};
-
-static void n800_setup_nolo_tags(void *sram_base)
-{
- int i;
- uint32_t *p = sram_base + 0x8000;
- uint32_t *v = sram_base + 0xa000;
-
- memset(p, 0, 0x3000);
-
- strcpy((void *) (p + 0), "QEMU N800");
-
- strcpy((void *) (p + 8), "F5");
-
- stl_raw(p + 10, 0x04f70000);
- strcpy((void *) (p + 9), "RX-34");
-
- /* RAM size in MB? */
- stl_raw(p + 12, 0x80);
-
- /* Pointer to the list of tags */
- stl_raw(p + 13, OMAP2_SRAM_BASE + 0x9000);
-
- /* The NOLO tags start here */
- p = sram_base + 0x9000;
-#define ADD_TAG(tag, len) \
- stw_raw((uint16_t *) p + 0, tag); \
- stw_raw((uint16_t *) p + 1, len); p ++; \
- stl_raw(p ++, OMAP2_SRAM_BASE | (((void *) v - sram_base) & 0xffff));
-
- /* OMAP STI console? Pin out settings? */
- ADD_TAG(0x6e01, 414);
- for (i = 0; i < ARRAY_SIZE(n800_pinout); i ++)
- stl_raw(v ++, n800_pinout[i]);
-
- /* Kernel memsize? */
- ADD_TAG(0x6e05, 1);
- stl_raw(v ++, 2);
-
- /* NOLO serial console */
- ADD_TAG(0x6e02, 4);
- stl_raw(v ++, XLDR_LL_UART); /* UART number (1 - 3) */
-
-#if 0
- /* CBUS settings (Retu/AVilma) */
- ADD_TAG(0x6e03, 6);
- stw_raw((uint16_t *) v + 0, 65); /* CBUS GPIO0 */
- stw_raw((uint16_t *) v + 1, 66); /* CBUS GPIO1 */
- stw_raw((uint16_t *) v + 2, 64); /* CBUS GPIO2 */
- v += 2;
-#endif
-
- /* Nokia ASIC BB5 (Retu/Tahvo) */
- ADD_TAG(0x6e0a, 4);
- stw_raw((uint16_t *) v + 0, 111); /* "Retu" interrupt GPIO */
- stw_raw((uint16_t *) v + 1, 108); /* "Tahvo" interrupt GPIO */
- v ++;
-
- /* LCD console? */
- ADD_TAG(0x6e04, 4);
- stw_raw((uint16_t *) v + 0, 30); /* ??? */
- stw_raw((uint16_t *) v + 1, 24); /* ??? */
- v ++;
-
-#if 0
- /* LCD settings */
- ADD_TAG(0x6e06, 2);
- stw_raw((uint16_t *) (v ++), 15); /* ??? */
-#endif
-
- /* I^2C (Menelaus) */
- ADD_TAG(0x6e07, 4);
- stl_raw(v ++, 0x00720000); /* ??? */
-
- /* Unknown */
- ADD_TAG(0x6e0b, 6);
- stw_raw((uint16_t *) v + 0, 94); /* ??? */
- stw_raw((uint16_t *) v + 1, 23); /* ??? */
- stw_raw((uint16_t *) v + 2, 0); /* ??? */
- v += 2;
-
- /* OMAP gpio switch info */
- ADD_TAG(0x6e0c, 80);
- strcpy((void *) v, "bat_cover"); v += 3;
- stw_raw((uint16_t *) v + 0, 110); /* GPIO num ??? */
- stw_raw((uint16_t *) v + 1, 1); /* GPIO num ??? */
- v += 2;
- strcpy((void *) v, "cam_act"); v += 3;
- stw_raw((uint16_t *) v + 0, 95); /* GPIO num ??? */
- stw_raw((uint16_t *) v + 1, 32); /* GPIO num ??? */
- v += 2;
- strcpy((void *) v, "cam_turn"); v += 3;
- stw_raw((uint16_t *) v + 0, 12); /* GPIO num ??? */
- stw_raw((uint16_t *) v + 1, 33); /* GPIO num ??? */
- v += 2;
- strcpy((void *) v, "headphone"); v += 3;
- stw_raw((uint16_t *) v + 0, 107); /* GPIO num ??? */
- stw_raw((uint16_t *) v + 1, 17); /* GPIO num ??? */
- v += 2;
-
- /* Bluetooth */
- ADD_TAG(0x6e0e, 12);
- stl_raw(v ++, 0x5c623d01); /* ??? */
- stl_raw(v ++, 0x00000201); /* ??? */
- stl_raw(v ++, 0x00000000); /* ??? */
-
- /* CX3110x WLAN settings */
- ADD_TAG(0x6e0f, 8);
- stl_raw(v ++, 0x00610025); /* ??? */
- stl_raw(v ++, 0xffff0057); /* ??? */
-
- /* MMC host settings */
- ADD_TAG(0x6e10, 12);
- stl_raw(v ++, 0xffff000f); /* ??? */
- stl_raw(v ++, 0xffffffff); /* ??? */
- stl_raw(v ++, 0x00000060); /* ??? */
-
- /* OneNAND chip select */
- ADD_TAG(0x6e11, 10);
- stl_raw(v ++, 0x00000401); /* ??? */
- stl_raw(v ++, 0x0002003a); /* ??? */
- stl_raw(v ++, 0x00000002); /* ??? */
-
- /* TEA5761 sensor settings */
- ADD_TAG(0x6e12, 2);
- stl_raw(v ++, 93); /* GPIO num ??? */
-
-#if 0
- /* Unknown tag */
- ADD_TAG(6e09, 0);
-
- /* Kernel UART / console */
- ADD_TAG(6e12, 0);
-#endif
-
- /* End of the list */
- stl_raw(p ++, 0x00000000);
- stl_raw(p ++, 0x00000000);
-}
-
-/* This task is normally performed by the bootloader. If we're loading
- * a kernel directly, we need to set up GPMC mappings ourselves. */
-static void n800_gpmc_init(struct n800_s *s)
-{
- uint32_t config7 =
- (0xf << 8) | /* MASKADDRESS */
- (1 << 6) | /* CSVALID */
- (4 << 0); /* BASEADDRESS */
-
- cpu_physical_memory_write(0x6800a078, /* GPMC_CONFIG7_0 */
- (void *) &config7, sizeof(config7));
-}
-
-/* Setup sequence done by the bootloader */
-static void n8x0_boot_init(void *opaque)
-{
- struct n800_s *s = (struct n800_s *) opaque;
- uint32_t buf;
-
- /* PRCM setup */
-#define omap_writel(addr, val) \
- buf = (val); \
- cpu_physical_memory_write(addr, (void *) &buf, sizeof(buf))
-
- omap_writel(0x48008060, 0x41); /* PRCM_CLKSRC_CTRL */
- omap_writel(0x48008070, 1); /* PRCM_CLKOUT_CTRL */
- omap_writel(0x48008078, 0); /* PRCM_CLKEMUL_CTRL */
- omap_writel(0x48008090, 0); /* PRCM_VOLTSETUP */
- omap_writel(0x48008094, 0); /* PRCM_CLKSSETUP */
- omap_writel(0x48008098, 0); /* PRCM_POLCTRL */
- omap_writel(0x48008140, 2); /* CM_CLKSEL_MPU */
- omap_writel(0x48008148, 0); /* CM_CLKSTCTRL_MPU */
- omap_writel(0x48008158, 1); /* RM_RSTST_MPU */
- omap_writel(0x480081c8, 0x15); /* PM_WKDEP_MPU */
- omap_writel(0x480081d4, 0x1d4); /* PM_EVGENCTRL_MPU */
- omap_writel(0x480081d8, 0); /* PM_EVEGENONTIM_MPU */
- omap_writel(0x480081dc, 0); /* PM_EVEGENOFFTIM_MPU */
- omap_writel(0x480081e0, 0xc); /* PM_PWSTCTRL_MPU */
- omap_writel(0x48008200, 0x047e7ff7); /* CM_FCLKEN1_CORE */
- omap_writel(0x48008204, 0x00000004); /* CM_FCLKEN2_CORE */
- omap_writel(0x48008210, 0x047e7ff1); /* CM_ICLKEN1_CORE */
- omap_writel(0x48008214, 0x00000004); /* CM_ICLKEN2_CORE */
- omap_writel(0x4800821c, 0x00000000); /* CM_ICLKEN4_CORE */
- omap_writel(0x48008230, 0); /* CM_AUTOIDLE1_CORE */
- omap_writel(0x48008234, 0); /* CM_AUTOIDLE2_CORE */
- omap_writel(0x48008238, 7); /* CM_AUTOIDLE3_CORE */
- omap_writel(0x4800823c, 0); /* CM_AUTOIDLE4_CORE */
- omap_writel(0x48008240, 0x04360626); /* CM_CLKSEL1_CORE */
- omap_writel(0x48008244, 0x00000014); /* CM_CLKSEL2_CORE */
- omap_writel(0x48008248, 0); /* CM_CLKSTCTRL_CORE */
- omap_writel(0x48008300, 0x00000000); /* CM_FCLKEN_GFX */
- omap_writel(0x48008310, 0x00000000); /* CM_ICLKEN_GFX */
- omap_writel(0x48008340, 0x00000001); /* CM_CLKSEL_GFX */
- omap_writel(0x48008400, 0x00000004); /* CM_FCLKEN_WKUP */
- omap_writel(0x48008410, 0x00000004); /* CM_ICLKEN_WKUP */
- omap_writel(0x48008440, 0x00000000); /* CM_CLKSEL_WKUP */
- omap_writel(0x48008500, 0x000000cf); /* CM_CLKEN_PLL */
- omap_writel(0x48008530, 0x0000000c); /* CM_AUTOIDLE_PLL */
- omap_writel(0x48008540, /* CM_CLKSEL1_PLL */
- (0x78 << 12) | (6 << 8));
- omap_writel(0x48008544, 2); /* CM_CLKSEL2_PLL */
-
- /* GPMC setup */
- n800_gpmc_init(s);
-
- /* Video setup */
- n800_dss_init(&s->blizzard);
-
- /* CPU setup */
- s->mpu->cpu->env.GE = 0x5;
-
- /* If the machine has a slided keyboard, open it */
- if (s->kbd)
- qemu_irq_raise(qdev_get_gpio_in(s->mpu->gpio, N810_SLIDE_GPIO));
-}
-
-#define OMAP_TAG_NOKIA_BT 0x4e01
-#define OMAP_TAG_WLAN_CX3110X 0x4e02
-#define OMAP_TAG_CBUS 0x4e03
-#define OMAP_TAG_EM_ASIC_BB5 0x4e04
-
-static struct omap_gpiosw_info_s {
- const char *name;
- int line;
- int type;
-} n800_gpiosw_info[] = {
- {
- "bat_cover", N800_BAT_COVER_GPIO,
- OMAP_GPIOSW_TYPE_COVER | OMAP_GPIOSW_INVERTED,
- }, {
- "cam_act", N800_CAM_ACT_GPIO,
- OMAP_GPIOSW_TYPE_ACTIVITY,
- }, {
- "cam_turn", N800_CAM_TURN_GPIO,
- OMAP_GPIOSW_TYPE_ACTIVITY | OMAP_GPIOSW_INVERTED,
- }, {
- "headphone", N8X0_HEADPHONE_GPIO,
- OMAP_GPIOSW_TYPE_CONNECTION | OMAP_GPIOSW_INVERTED,
- },
- { NULL }
-}, n810_gpiosw_info[] = {
- {
- "gps_reset", N810_GPS_RESET_GPIO,
- OMAP_GPIOSW_TYPE_ACTIVITY | OMAP_GPIOSW_OUTPUT,
- }, {
- "gps_wakeup", N810_GPS_WAKEUP_GPIO,
- OMAP_GPIOSW_TYPE_ACTIVITY | OMAP_GPIOSW_OUTPUT,
- }, {
- "headphone", N8X0_HEADPHONE_GPIO,
- OMAP_GPIOSW_TYPE_CONNECTION | OMAP_GPIOSW_INVERTED,
- }, {
- "kb_lock", N810_KB_LOCK_GPIO,
- OMAP_GPIOSW_TYPE_COVER | OMAP_GPIOSW_INVERTED,
- }, {
- "sleepx_led", N810_SLEEPX_LED_GPIO,
- OMAP_GPIOSW_TYPE_ACTIVITY | OMAP_GPIOSW_INVERTED | OMAP_GPIOSW_OUTPUT,
- }, {
- "slide", N810_SLIDE_GPIO,
- OMAP_GPIOSW_TYPE_COVER | OMAP_GPIOSW_INVERTED,
- },
- { NULL }
-};
-
-static struct omap_partition_info_s {
- uint32_t offset;
- uint32_t size;
- int mask;
- const char *name;
-} n800_part_info[] = {
- { 0x00000000, 0x00020000, 0x3, "bootloader" },
- { 0x00020000, 0x00060000, 0x0, "config" },
- { 0x00080000, 0x00200000, 0x0, "kernel" },
- { 0x00280000, 0x00200000, 0x3, "initfs" },
- { 0x00480000, 0x0fb80000, 0x3, "rootfs" },
-
- { 0, 0, 0, NULL }
-}, n810_part_info[] = {
- { 0x00000000, 0x00020000, 0x3, "bootloader" },
- { 0x00020000, 0x00060000, 0x0, "config" },
- { 0x00080000, 0x00220000, 0x0, "kernel" },
- { 0x002a0000, 0x00400000, 0x0, "initfs" },
- { 0x006a0000, 0x0f960000, 0x0, "rootfs" },
-
- { 0, 0, 0, NULL }
-};
-
-static bdaddr_t n8x0_bd_addr = {{ N8X0_BD_ADDR }};
-
-static int n8x0_atag_setup(void *p, int model)
-{
- uint8_t *b;
- uint16_t *w;
- uint32_t *l;
- struct omap_gpiosw_info_s *gpiosw;
- struct omap_partition_info_s *partition;
- const char *tag;
-
- w = p;
-
- stw_raw(w ++, OMAP_TAG_UART); /* u16 tag */
- stw_raw(w ++, 4); /* u16 len */
- stw_raw(w ++, (1 << 2) | (1 << 1) | (1 << 0)); /* uint enabled_uarts */
- w ++;
-
-#if 0
- stw_raw(w ++, OMAP_TAG_SERIAL_CONSOLE); /* u16 tag */
- stw_raw(w ++, 4); /* u16 len */
- stw_raw(w ++, XLDR_LL_UART + 1); /* u8 console_uart */
- stw_raw(w ++, 115200); /* u32 console_speed */
-#endif
-
- stw_raw(w ++, OMAP_TAG_LCD); /* u16 tag */
- stw_raw(w ++, 36); /* u16 len */
- strcpy((void *) w, "QEMU LCD panel"); /* char panel_name[16] */
- w += 8;
- strcpy((void *) w, "blizzard"); /* char ctrl_name[16] */
- w += 8;
- stw_raw(w ++, N810_BLIZZARD_RESET_GPIO); /* TODO: n800 s16 nreset_gpio */
- stw_raw(w ++, 24); /* u8 data_lines */
-
- stw_raw(w ++, OMAP_TAG_CBUS); /* u16 tag */
- stw_raw(w ++, 8); /* u16 len */
- stw_raw(w ++, N8X0_CBUS_CLK_GPIO); /* s16 clk_gpio */
- stw_raw(w ++, N8X0_CBUS_DAT_GPIO); /* s16 dat_gpio */
- stw_raw(w ++, N8X0_CBUS_SEL_GPIO); /* s16 sel_gpio */
- w ++;
-
- stw_raw(w ++, OMAP_TAG_EM_ASIC_BB5); /* u16 tag */
- stw_raw(w ++, 4); /* u16 len */
- stw_raw(w ++, N8X0_RETU_GPIO); /* s16 retu_irq_gpio */
- stw_raw(w ++, N8X0_TAHVO_GPIO); /* s16 tahvo_irq_gpio */
-
- gpiosw = (model == 810) ? n810_gpiosw_info : n800_gpiosw_info;
- for (; gpiosw->name; gpiosw ++) {
- stw_raw(w ++, OMAP_TAG_GPIO_SWITCH); /* u16 tag */
- stw_raw(w ++, 20); /* u16 len */
- strcpy((void *) w, gpiosw->name); /* char name[12] */
- w += 6;
- stw_raw(w ++, gpiosw->line); /* u16 gpio */
- stw_raw(w ++, gpiosw->type);
- stw_raw(w ++, 0);
- stw_raw(w ++, 0);
- }
-
- stw_raw(w ++, OMAP_TAG_NOKIA_BT); /* u16 tag */
- stw_raw(w ++, 12); /* u16 len */
- b = (void *) w;
- stb_raw(b ++, 0x01); /* u8 chip_type (CSR) */
- stb_raw(b ++, N8X0_BT_WKUP_GPIO); /* u8 bt_wakeup_gpio */
- stb_raw(b ++, N8X0_BT_HOST_WKUP_GPIO); /* u8 host_wakeup_gpio */
- stb_raw(b ++, N8X0_BT_RESET_GPIO); /* u8 reset_gpio */
- stb_raw(b ++, BT_UART + 1); /* u8 bt_uart */
- memcpy(b, &n8x0_bd_addr, 6); /* u8 bd_addr[6] */
- b += 6;
- stb_raw(b ++, 0x02); /* u8 bt_sysclk (38.4) */
- w = (void *) b;
-
- stw_raw(w ++, OMAP_TAG_WLAN_CX3110X); /* u16 tag */
- stw_raw(w ++, 8); /* u16 len */
- stw_raw(w ++, 0x25); /* u8 chip_type */
- stw_raw(w ++, N8X0_WLAN_PWR_GPIO); /* s16 power_gpio */
- stw_raw(w ++, N8X0_WLAN_IRQ_GPIO); /* s16 irq_gpio */
- stw_raw(w ++, -1); /* s16 spi_cs_gpio */
-
- stw_raw(w ++, OMAP_TAG_MMC); /* u16 tag */
- stw_raw(w ++, 16); /* u16 len */
- if (model == 810) {
- stw_raw(w ++, 0x23f); /* unsigned flags */
- stw_raw(w ++, -1); /* s16 power_pin */
- stw_raw(w ++, -1); /* s16 switch_pin */
- stw_raw(w ++, -1); /* s16 wp_pin */
- stw_raw(w ++, 0x240); /* unsigned flags */
- stw_raw(w ++, 0xc000); /* s16 power_pin */
- stw_raw(w ++, 0x0248); /* s16 switch_pin */
- stw_raw(w ++, 0xc000); /* s16 wp_pin */
- } else {
- stw_raw(w ++, 0xf); /* unsigned flags */
- stw_raw(w ++, -1); /* s16 power_pin */
- stw_raw(w ++, -1); /* s16 switch_pin */
- stw_raw(w ++, -1); /* s16 wp_pin */
- stw_raw(w ++, 0); /* unsigned flags */
- stw_raw(w ++, 0); /* s16 power_pin */
- stw_raw(w ++, 0); /* s16 switch_pin */
- stw_raw(w ++, 0); /* s16 wp_pin */
- }
-
- stw_raw(w ++, OMAP_TAG_TEA5761); /* u16 tag */
- stw_raw(w ++, 4); /* u16 len */
- stw_raw(w ++, N8X0_TEA5761_CS_GPIO); /* u16 enable_gpio */
- w ++;
-
- partition = (model == 810) ? n810_part_info : n800_part_info;
- for (; partition->name; partition ++) {
- stw_raw(w ++, OMAP_TAG_PARTITION); /* u16 tag */
- stw_raw(w ++, 28); /* u16 len */
- strcpy((void *) w, partition->name); /* char name[16] */
- l = (void *) (w + 8);
- stl_raw(l ++, partition->size); /* unsigned int size */
- stl_raw(l ++, partition->offset); /* unsigned int offset */
- stl_raw(l ++, partition->mask); /* unsigned int mask_flags */
- w = (void *) l;
- }
-
- stw_raw(w ++, OMAP_TAG_BOOT_REASON); /* u16 tag */
- stw_raw(w ++, 12); /* u16 len */
-#if 0
- strcpy((void *) w, "por"); /* char reason_str[12] */
- strcpy((void *) w, "charger"); /* char reason_str[12] */
- strcpy((void *) w, "32wd_to"); /* char reason_str[12] */
- strcpy((void *) w, "sw_rst"); /* char reason_str[12] */
- strcpy((void *) w, "mbus"); /* char reason_str[12] */
- strcpy((void *) w, "unknown"); /* char reason_str[12] */
- strcpy((void *) w, "swdg_to"); /* char reason_str[12] */
- strcpy((void *) w, "sec_vio"); /* char reason_str[12] */
- strcpy((void *) w, "pwr_key"); /* char reason_str[12] */
- strcpy((void *) w, "rtc_alarm"); /* char reason_str[12] */
-#else
- strcpy((void *) w, "pwr_key"); /* char reason_str[12] */
-#endif
- w += 6;
-
- tag = (model == 810) ? "RX-44" : "RX-34";
- stw_raw(w ++, OMAP_TAG_VERSION_STR); /* u16 tag */
- stw_raw(w ++, 24); /* u16 len */
- strcpy((void *) w, "product"); /* char component[12] */
- w += 6;
- strcpy((void *) w, tag); /* char version[12] */
- w += 6;
-
- stw_raw(w ++, OMAP_TAG_VERSION_STR); /* u16 tag */
- stw_raw(w ++, 24); /* u16 len */
- strcpy((void *) w, "hw-build"); /* char component[12] */
- w += 6;
- strcpy((void *) w, "QEMU ");
- pstrcat((void *) w, 12, qemu_get_version()); /* char version[12] */
- w += 6;
-
- tag = (model == 810) ? "1.1.10-qemu" : "1.1.6-qemu";
- stw_raw(w ++, OMAP_TAG_VERSION_STR); /* u16 tag */
- stw_raw(w ++, 24); /* u16 len */
- strcpy((void *) w, "nolo"); /* char component[12] */
- w += 6;
- strcpy((void *) w, tag); /* char version[12] */
- w += 6;
-
- return (void *) w - p;
-}
-
-static int n800_atag_setup(const struct arm_boot_info *info, void *p)
-{
- return n8x0_atag_setup(p, 800);
-}
-
-static int n810_atag_setup(const struct arm_boot_info *info, void *p)
-{
- return n8x0_atag_setup(p, 810);
-}
-
-static void n8x0_init(QEMUMachineInitArgs *args,
- struct arm_boot_info *binfo, int model)
-{
- MemoryRegion *sysmem = get_system_memory();
- struct n800_s *s = (struct n800_s *) g_malloc0(sizeof(*s));
- int sdram_size = binfo->ram_size;
- DisplayState *ds;
-
- s->mpu = omap2420_mpu_init(sysmem, sdram_size, args->cpu_model);
-
- /* Setup peripherals
- *
- * Believed external peripherals layout in the N810:
- * (spi bus 1)
- * tsc2005
- * lcd_mipid
- * (spi bus 2)
- * Conexant cx3110x (WLAN)
- * optional: pc2400m (WiMAX)
- * (i2c bus 0)
- * TLV320AIC33 (audio codec)
- * TCM825x (camera by Toshiba)
- * lp5521 (clever LEDs)
- * tsl2563 (light sensor, hwmon, model 7, rev. 0)
- * lm8323 (keypad, manf 00, rev 04)
- * (i2c bus 1)
- * tmp105 (temperature sensor, hwmon)
- * menelaus (pm)
- * (somewhere on i2c - maybe N800-only)
- * tea5761 (FM tuner)
- * (serial 0)
- * GPS
- * (some serial port)
- * csr41814 (Bluetooth)
- */
- n8x0_gpio_setup(s);
- n8x0_nand_setup(s);
- n8x0_i2c_setup(s);
- if (model == 800)
- n800_tsc_kbd_setup(s);
- else if (model == 810) {
- n810_tsc_setup(s);
- n810_kbd_setup(s);
- }
- n8x0_spi_setup(s);
- n8x0_dss_setup(s);
- n8x0_cbus_setup(s);
- n8x0_uart_setup(s);
- if (usb_enabled(false)) {
- n8x0_usb_setup(s);
- }
-
- if (args->kernel_filename) {
- /* Or at the linux loader. */
- binfo->kernel_filename = args->kernel_filename;
- binfo->kernel_cmdline = args->kernel_cmdline;
- binfo->initrd_filename = args->initrd_filename;
- arm_load_kernel(s->mpu->cpu, binfo);
-
- qemu_register_reset(n8x0_boot_init, s);
- }
-
- if (option_rom[0].name &&
- (args->boot_device[0] == 'n' || !args->kernel_filename)) {
- int rom_size;
- uint8_t nolo_tags[0x10000];
- /* No, wait, better start at the ROM. */
- s->mpu->cpu->env.regs[15] = OMAP2_Q2_BASE + 0x400000;
-
- /* This is intended for loading the `secondary.bin' program from
- * Nokia images (the NOLO bootloader). The entry point seems
- * to be at OMAP2_Q2_BASE + 0x400000.
- *
- * The `2nd.bin' files contain some kind of earlier boot code and
- * for them the entry point needs to be set to OMAP2_SRAM_BASE.
- *
- * The code above is for loading the `zImage' file from Nokia
- * images. */
- rom_size = load_image_targphys(option_rom[0].name,
- OMAP2_Q2_BASE + 0x400000,
- sdram_size - 0x400000);
- printf("%i bytes of image loaded\n", rom_size);
-
- n800_setup_nolo_tags(nolo_tags);
- cpu_physical_memory_write(OMAP2_SRAM_BASE, nolo_tags, 0x10000);
- }
- /* FIXME: We shouldn't really be doing this here. The LCD controller
- will set the size once configured, so this just sets an initial
- size until the guest activates the display. */
- ds = get_displaystate();
- ds->surface = qemu_resize_displaysurface(ds, 800, 480);
- dpy_gfx_resize(ds);
-}
-
-static struct arm_boot_info n800_binfo = {
- .loader_start = OMAP2_Q2_BASE,
- /* Actually two chips of 0x4000000 bytes each */
- .ram_size = 0x08000000,
- .board_id = 0x4f7,
- .atag_board = n800_atag_setup,
-};
-
-static struct arm_boot_info n810_binfo = {
- .loader_start = OMAP2_Q2_BASE,
- /* Actually two chips of 0x4000000 bytes each */
- .ram_size = 0x08000000,
- /* 0x60c and 0x6bf (WiMAX Edition) have been assigned but are not
- * used by some older versions of the bootloader and 5555 is used
- * instead (including versions that shipped with many devices). */
- .board_id = 0x60c,
- .atag_board = n810_atag_setup,
-};
-
-static void n800_init(QEMUMachineInitArgs *args)
-{
- return n8x0_init(args, &n800_binfo, 800);
-}
-
-static void n810_init(QEMUMachineInitArgs *args)
-{
- return n8x0_init(args, &n810_binfo, 810);
-}
-
-static QEMUMachine n800_machine = {
- .name = "n800",
- .desc = "Nokia N800 tablet aka. RX-34 (OMAP2420)",
- .init = n800_init,
-};
-
-static QEMUMachine n810_machine = {
- .name = "n810",
- .desc = "Nokia N810 tablet aka. RX-44 (OMAP2420)",
- .init = n810_init,
-};
-
-static void nseries_machine_init(void)
-{
- qemu_register_machine(&n800_machine);
- qemu_register_machine(&n810_machine);
-}
-
-machine_init(nseries_machine_init);
diff --git a/hw/null-machine.c b/hw/null-machine.c
deleted file mode 100644
index d813c089e..000000000
--- a/hw/null-machine.c
+++ /dev/null
@@ -1,35 +0,0 @@
-/*
- * Empty machine
- *
- * Copyright IBM, Corp. 2012
- *
- * Authors:
- * Anthony Liguori <aliguori@us.ibm.com>
- *
- * This work is licensed under the terms of the GNU GPL, version 2 or later.
- * See the COPYING file in the top-level directory.
- *
- */
-
-#include "qemu-common.h"
-#include "hw/hw.h"
-#include "hw/boards.h"
-
-static void machine_none_init(QEMUMachineInitArgs *args)
-{
-}
-
-static QEMUMachine machine_none = {
- .name = "none",
- .desc = "empty machine",
- .init = machine_none_init,
- .max_cpus = 0,
-};
-
-static void register_machines(void)
-{
- qemu_register_machine(&machine_none);
-}
-
-machine_init(register_machines);
-
diff --git a/hw/nvram.h b/hw/nvram.h
deleted file mode 100644
index 59337faaa..000000000
--- a/hw/nvram.h
+++ /dev/null
@@ -1,34 +0,0 @@
-#ifndef NVRAM_H
-#define NVRAM_H
-
-/* NVRAM helpers */
-typedef uint32_t (*nvram_read_t)(void *private, uint32_t addr);
-typedef void (*nvram_write_t)(void *private, uint32_t addr, uint32_t val);
-typedef struct nvram_t {
- void *opaque;
- nvram_read_t read_fn;
- nvram_write_t write_fn;
-} nvram_t;
-
-uint32_t NVRAM_get_lword (nvram_t *nvram, uint32_t addr);
-int NVRAM_get_string (nvram_t *nvram, uint8_t *dst, uint16_t addr, int max);
-
-int PPC_NVRAM_set_params (nvram_t *nvram, uint16_t NVRAM_size,
- const char *arch,
- uint32_t RAM_size, int boot_device,
- uint32_t kernel_image, uint32_t kernel_size,
- const char *cmdline,
- uint32_t initrd_image, uint32_t initrd_size,
- uint32_t NVRAM_image,
- int width, int height, int depth);
-typedef struct M48t59State M48t59State;
-
-void m48t59_write (void *private, uint32_t addr, uint32_t val);
-uint32_t m48t59_read (void *private, uint32_t addr);
-void m48t59_toggle_lock (void *private, int lock);
-M48t59State *m48t59_init_isa(ISABus *bus, uint32_t io_base, uint16_t size,
- int type);
-M48t59State *m48t59_init(qemu_irq IRQ, hwaddr mem_base,
- uint32_t io_base, uint16_t size, int type);
-
-#endif /* !NVRAM_H */
diff --git a/hw/nvram/Makefile.objs b/hw/nvram/Makefile.objs
new file mode 100644
index 000000000..e9a66940e
--- /dev/null
+++ b/hw/nvram/Makefile.objs
@@ -0,0 +1,5 @@
+common-obj-$(CONFIG_DS1225Y) += ds1225y.o
+common-obj-y += eeprom93xx.o
+common-obj-y += fw_cfg.o
+common-obj-$(CONFIG_MAC_NVRAM) += mac_nvram.o
+obj-$(CONFIG_PSERIES) += spapr_nvram.o
diff --git a/hw/nvram/ds1225y.c b/hw/nvram/ds1225y.c
new file mode 100644
index 000000000..f9a700b01
--- /dev/null
+++ b/hw/nvram/ds1225y.c
@@ -0,0 +1,170 @@
+/*
+ * QEMU NVRAM emulation for DS1225Y chip
+ *
+ * Copyright (c) 2007-2008 Hervé Poussineau
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+#include "hw/sysbus.h"
+#include "trace.h"
+
+typedef struct {
+ MemoryRegion iomem;
+ uint32_t chip_size;
+ char *filename;
+ FILE *file;
+ uint8_t *contents;
+} NvRamState;
+
+static uint64_t nvram_read(void *opaque, hwaddr addr, unsigned size)
+{
+ NvRamState *s = opaque;
+ uint32_t val;
+
+ val = s->contents[addr];
+ trace_nvram_read(addr, val);
+ return val;
+}
+
+static void nvram_write(void *opaque, hwaddr addr, uint64_t val,
+ unsigned size)
+{
+ NvRamState *s = opaque;
+
+ val &= 0xff;
+ trace_nvram_write(addr, s->contents[addr], val);
+
+ s->contents[addr] = val;
+ if (s->file) {
+ fseek(s->file, addr, SEEK_SET);
+ fputc(val, s->file);
+ fflush(s->file);
+ }
+}
+
+static const MemoryRegionOps nvram_ops = {
+ .read = nvram_read,
+ .write = nvram_write,
+ .impl = {
+ .min_access_size = 1,
+ .max_access_size = 1,
+ },
+ .endianness = DEVICE_LITTLE_ENDIAN,
+};
+
+static int nvram_post_load(void *opaque, int version_id)
+{
+ NvRamState *s = opaque;
+
+ /* Close file, as filename may has changed in load/store process */
+ if (s->file) {
+ fclose(s->file);
+ }
+
+ /* Write back nvram contents */
+ s->file = fopen(s->filename, "wb");
+ if (s->file) {
+ /* Write back contents, as 'wb' mode cleaned the file */
+ if (fwrite(s->contents, s->chip_size, 1, s->file) != 1) {
+ printf("nvram_post_load: short write\n");
+ }
+ fflush(s->file);
+ }
+
+ return 0;
+}
+
+static const VMStateDescription vmstate_nvram = {
+ .name = "nvram",
+ .version_id = 0,
+ .minimum_version_id = 0,
+ .minimum_version_id_old = 0,
+ .post_load = nvram_post_load,
+ .fields = (VMStateField[]) {
+ VMSTATE_VARRAY_UINT32(contents, NvRamState, chip_size, 0,
+ vmstate_info_uint8, uint8_t),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+#define TYPE_DS1225Y "ds1225y"
+#define DS1225Y(obj) OBJECT_CHECK(SysBusNvRamState, (obj), TYPE_DS1225Y)
+
+typedef struct {
+ SysBusDevice parent_obj;
+
+ NvRamState nvram;
+} SysBusNvRamState;
+
+static int nvram_sysbus_initfn(SysBusDevice *dev)
+{
+ SysBusNvRamState *sys = DS1225Y(dev);
+ NvRamState *s = &sys->nvram;
+ FILE *file;
+
+ s->contents = g_malloc0(s->chip_size);
+
+ memory_region_init_io(&s->iomem, OBJECT(s), &nvram_ops, s,
+ "nvram", s->chip_size);
+ sysbus_init_mmio(dev, &s->iomem);
+
+ /* Read current file */
+ file = fopen(s->filename, "rb");
+ if (file) {
+ /* Read nvram contents */
+ if (fread(s->contents, s->chip_size, 1, file) != 1) {
+ printf("nvram_sysbus_initfn: short read\n");
+ }
+ fclose(file);
+ }
+ nvram_post_load(s, 0);
+
+ return 0;
+}
+
+static Property nvram_sysbus_properties[] = {
+ DEFINE_PROP_UINT32("size", SysBusNvRamState, nvram.chip_size, 0x2000),
+ DEFINE_PROP_STRING("filename", SysBusNvRamState, nvram.filename),
+ DEFINE_PROP_END_OF_LIST(),
+};
+
+static void nvram_sysbus_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
+
+ k->init = nvram_sysbus_initfn;
+ dc->vmsd = &vmstate_nvram;
+ dc->props = nvram_sysbus_properties;
+}
+
+static const TypeInfo nvram_sysbus_info = {
+ .name = TYPE_DS1225Y,
+ .parent = TYPE_SYS_BUS_DEVICE,
+ .instance_size = sizeof(SysBusNvRamState),
+ .class_init = nvram_sysbus_class_init,
+};
+
+static void nvram_register_types(void)
+{
+ type_register_static(&nvram_sysbus_info);
+}
+
+type_init(nvram_register_types)
diff --git a/hw/nvram/eeprom93xx.c b/hw/nvram/eeprom93xx.c
new file mode 100644
index 000000000..08f4df586
--- /dev/null
+++ b/hw/nvram/eeprom93xx.c
@@ -0,0 +1,337 @@
+/*
+ * QEMU EEPROM 93xx emulation
+ *
+ * Copyright (c) 2006-2007 Stefan Weil
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+/* Emulation for serial EEPROMs:
+ * NMC93C06 256-Bit (16 x 16)
+ * NMC93C46 1024-Bit (64 x 16)
+ * NMC93C56 2028 Bit (128 x 16)
+ * NMC93C66 4096 Bit (256 x 16)
+ * Compatible devices include FM93C46 and others.
+ *
+ * Other drivers use these interface functions:
+ * eeprom93xx_new - add a new EEPROM (with 16, 64 or 256 words)
+ * eeprom93xx_free - destroy EEPROM
+ * eeprom93xx_read - read data from the EEPROM
+ * eeprom93xx_write - write data to the EEPROM
+ * eeprom93xx_data - get EEPROM data array for external manipulation
+ *
+ * Todo list:
+ * - No emulation of EEPROM timings.
+ */
+
+#include "hw/hw.h"
+#include "hw/nvram/eeprom93xx.h"
+
+/* Debug EEPROM emulation. */
+//~ #define DEBUG_EEPROM
+
+#ifdef DEBUG_EEPROM
+#define logout(fmt, ...) fprintf(stderr, "EEPROM\t%-24s" fmt, __func__, ## __VA_ARGS__)
+#else
+#define logout(fmt, ...) ((void)0)
+#endif
+
+#define EEPROM_INSTANCE 0
+#define OLD_EEPROM_VERSION 20061112
+#define EEPROM_VERSION (OLD_EEPROM_VERSION + 1)
+
+#if 0
+typedef enum {
+ eeprom_read = 0x80, /* read register xx */
+ eeprom_write = 0x40, /* write register xx */
+ eeprom_erase = 0xc0, /* erase register xx */
+ eeprom_ewen = 0x30, /* erase / write enable */
+ eeprom_ewds = 0x00, /* erase / write disable */
+ eeprom_eral = 0x20, /* erase all registers */
+ eeprom_wral = 0x10, /* write all registers */
+ eeprom_amask = 0x0f,
+ eeprom_imask = 0xf0
+} eeprom_instruction_t;
+#endif
+
+#ifdef DEBUG_EEPROM
+static const char *opstring[] = {
+ "extended", "write", "read", "erase"
+};
+#endif
+
+struct _eeprom_t {
+ uint8_t tick;
+ uint8_t address;
+ uint8_t command;
+ uint8_t writable;
+
+ uint8_t eecs;
+ uint8_t eesk;
+ uint8_t eedo;
+
+ uint8_t addrbits;
+ uint16_t size;
+ uint16_t data;
+ uint16_t contents[0];
+};
+
+/* Code for saving and restoring of EEPROM state. */
+
+/* Restore an uint16_t from an uint8_t
+ This is a Big hack, but it is how the old state did it.
+ */
+
+static int get_uint16_from_uint8(QEMUFile *f, void *pv, size_t size)
+{
+ uint16_t *v = pv;
+ *v = qemu_get_ubyte(f);
+ return 0;
+}
+
+static void put_unused(QEMUFile *f, void *pv, size_t size)
+{
+ fprintf(stderr, "uint16_from_uint8 is used only for backwards compatibility.\n");
+ fprintf(stderr, "Never should be used to write a new state.\n");
+ exit(0);
+}
+
+static const VMStateInfo vmstate_hack_uint16_from_uint8 = {
+ .name = "uint16_from_uint8",
+ .get = get_uint16_from_uint8,
+ .put = put_unused,
+};
+
+#define VMSTATE_UINT16_HACK_TEST(_f, _s, _t) \
+ VMSTATE_SINGLE_TEST(_f, _s, _t, 0, vmstate_hack_uint16_from_uint8, uint16_t)
+
+static bool is_old_eeprom_version(void *opaque, int version_id)
+{
+ return version_id == OLD_EEPROM_VERSION;
+}
+
+static const VMStateDescription vmstate_eeprom = {
+ .name = "eeprom",
+ .version_id = EEPROM_VERSION,
+ .minimum_version_id = OLD_EEPROM_VERSION,
+ .minimum_version_id_old = OLD_EEPROM_VERSION,
+ .fields = (VMStateField []) {
+ VMSTATE_UINT8(tick, eeprom_t),
+ VMSTATE_UINT8(address, eeprom_t),
+ VMSTATE_UINT8(command, eeprom_t),
+ VMSTATE_UINT8(writable, eeprom_t),
+
+ VMSTATE_UINT8(eecs, eeprom_t),
+ VMSTATE_UINT8(eesk, eeprom_t),
+ VMSTATE_UINT8(eedo, eeprom_t),
+
+ VMSTATE_UINT8(addrbits, eeprom_t),
+ VMSTATE_UINT16_HACK_TEST(size, eeprom_t, is_old_eeprom_version),
+ VMSTATE_UNUSED_TEST(is_old_eeprom_version, 1),
+ VMSTATE_UINT16_EQUAL_V(size, eeprom_t, EEPROM_VERSION),
+ VMSTATE_UINT16(data, eeprom_t),
+ VMSTATE_VARRAY_UINT16_UNSAFE(contents, eeprom_t, size, 0,
+ vmstate_info_uint16, uint16_t),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+void eeprom93xx_write(eeprom_t *eeprom, int eecs, int eesk, int eedi)
+{
+ uint8_t tick = eeprom->tick;
+ uint8_t eedo = eeprom->eedo;
+ uint16_t address = eeprom->address;
+ uint8_t command = eeprom->command;
+
+ logout("CS=%u SK=%u DI=%u DO=%u, tick = %u\n",
+ eecs, eesk, eedi, eedo, tick);
+
+ if (! eeprom->eecs && eecs) {
+ /* Start chip select cycle. */
+ logout("Cycle start, waiting for 1st start bit (0)\n");
+ tick = 0;
+ command = 0x0;
+ address = 0x0;
+ } else if (eeprom->eecs && ! eecs) {
+ /* End chip select cycle. This triggers write / erase. */
+ if (eeprom->writable) {
+ uint8_t subcommand = address >> (eeprom->addrbits - 2);
+ if (command == 0 && subcommand == 2) {
+ /* Erase all. */
+ for (address = 0; address < eeprom->size; address++) {
+ eeprom->contents[address] = 0xffff;
+ }
+ } else if (command == 3) {
+ /* Erase word. */
+ eeprom->contents[address] = 0xffff;
+ } else if (tick >= 2 + 2 + eeprom->addrbits + 16) {
+ if (command == 1) {
+ /* Write word. */
+ eeprom->contents[address] &= eeprom->data;
+ } else if (command == 0 && subcommand == 1) {
+ /* Write all. */
+ for (address = 0; address < eeprom->size; address++) {
+ eeprom->contents[address] &= eeprom->data;
+ }
+ }
+ }
+ }
+ /* Output DO is tristate, read results in 1. */
+ eedo = 1;
+ } else if (eecs && ! eeprom->eesk && eesk) {
+ /* Raising edge of clock shifts data in. */
+ if (tick == 0) {
+ /* Wait for 1st start bit. */
+ if (eedi == 0) {
+ logout("Got correct 1st start bit, waiting for 2nd start bit (1)\n");
+ tick++;
+ } else {
+ logout("wrong 1st start bit (is 1, should be 0)\n");
+ tick = 2;
+ //~ assert(!"wrong start bit");
+ }
+ } else if (tick == 1) {
+ /* Wait for 2nd start bit. */
+ if (eedi != 0) {
+ logout("Got correct 2nd start bit, getting command + address\n");
+ tick++;
+ } else {
+ logout("1st start bit is longer than needed\n");
+ }
+ } else if (tick < 2 + 2) {
+ /* Got 2 start bits, transfer 2 opcode bits. */
+ tick++;
+ command <<= 1;
+ if (eedi) {
+ command += 1;
+ }
+ } else if (tick < 2 + 2 + eeprom->addrbits) {
+ /* Got 2 start bits and 2 opcode bits, transfer all address bits. */
+ tick++;
+ address = ((address << 1) | eedi);
+ if (tick == 2 + 2 + eeprom->addrbits) {
+ logout("%s command, address = 0x%02x (value 0x%04x)\n",
+ opstring[command], address, eeprom->contents[address]);
+ if (command == 2) {
+ eedo = 0;
+ }
+ address = address % eeprom->size;
+ if (command == 0) {
+ /* Command code in upper 2 bits of address. */
+ switch (address >> (eeprom->addrbits - 2)) {
+ case 0:
+ logout("write disable command\n");
+ eeprom->writable = 0;
+ break;
+ case 1:
+ logout("write all command\n");
+ break;
+ case 2:
+ logout("erase all command\n");
+ break;
+ case 3:
+ logout("write enable command\n");
+ eeprom->writable = 1;
+ break;
+ }
+ } else {
+ /* Read, write or erase word. */
+ eeprom->data = eeprom->contents[address];
+ }
+ }
+ } else if (tick < 2 + 2 + eeprom->addrbits + 16) {
+ /* Transfer 16 data bits. */
+ tick++;
+ if (command == 2) {
+ /* Read word. */
+ eedo = ((eeprom->data & 0x8000) != 0);
+ }
+ eeprom->data <<= 1;
+ eeprom->data += eedi;
+ } else {
+ logout("additional unneeded tick, not processed\n");
+ }
+ }
+ /* Save status of EEPROM. */
+ eeprom->tick = tick;
+ eeprom->eecs = eecs;
+ eeprom->eesk = eesk;
+ eeprom->eedo = eedo;
+ eeprom->address = address;
+ eeprom->command = command;
+}
+
+uint16_t eeprom93xx_read(eeprom_t *eeprom)
+{
+ /* Return status of pin DO (0 or 1). */
+ logout("CS=%u DO=%u\n", eeprom->eecs, eeprom->eedo);
+ return (eeprom->eedo);
+}
+
+#if 0
+void eeprom93xx_reset(eeprom_t *eeprom)
+{
+ /* prepare eeprom */
+ logout("eeprom = 0x%p\n", eeprom);
+ eeprom->tick = 0;
+ eeprom->command = 0;
+}
+#endif
+
+eeprom_t *eeprom93xx_new(DeviceState *dev, uint16_t nwords)
+{
+ /* Add a new EEPROM (with 16, 64 or 256 words). */
+ eeprom_t *eeprom;
+ uint8_t addrbits;
+
+ switch (nwords) {
+ case 16:
+ case 64:
+ addrbits = 6;
+ break;
+ case 128:
+ case 256:
+ addrbits = 8;
+ break;
+ default:
+ assert(!"Unsupported EEPROM size, fallback to 64 words!");
+ nwords = 64;
+ addrbits = 6;
+ }
+
+ eeprom = (eeprom_t *)g_malloc0(sizeof(*eeprom) + nwords * 2);
+ eeprom->size = nwords;
+ eeprom->addrbits = addrbits;
+ /* Output DO is tristate, read results in 1. */
+ eeprom->eedo = 1;
+ logout("eeprom = 0x%p, nwords = %u\n", eeprom, nwords);
+ vmstate_register(dev, 0, &vmstate_eeprom, eeprom);
+ return eeprom;
+}
+
+void eeprom93xx_free(DeviceState *dev, eeprom_t *eeprom)
+{
+ /* Destroy EEPROM. */
+ logout("eeprom = 0x%p\n", eeprom);
+ vmstate_unregister(dev, &vmstate_eeprom, eeprom);
+ g_free(eeprom);
+}
+
+uint16_t *eeprom93xx_data(eeprom_t *eeprom)
+{
+ /* Get EEPROM data array. */
+ return &eeprom->contents[0];
+}
+
+/* eof */
diff --git a/hw/nvram/fw_cfg.c b/hw/nvram/fw_cfg.c
new file mode 100644
index 000000000..d0820e507
--- /dev/null
+++ b/hw/nvram/fw_cfg.c
@@ -0,0 +1,598 @@
+/*
+ * QEMU Firmware configuration device emulation
+ *
+ * Copyright (c) 2008 Gleb Natapov
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+#include "hw/hw.h"
+#include "sysemu/sysemu.h"
+#include "hw/isa/isa.h"
+#include "hw/nvram/fw_cfg.h"
+#include "hw/sysbus.h"
+#include "trace.h"
+#include "qemu/error-report.h"
+#include "qemu/config-file.h"
+
+#define FW_CFG_SIZE 2
+#define FW_CFG_DATA_SIZE 1
+#define TYPE_FW_CFG "fw_cfg"
+#define FW_CFG_NAME "fw_cfg"
+#define FW_CFG_PATH "/machine/" FW_CFG_NAME
+#define FW_CFG(obj) OBJECT_CHECK(FWCfgState, (obj), TYPE_FW_CFG)
+
+typedef struct FWCfgEntry {
+ uint32_t len;
+ uint8_t *data;
+ void *callback_opaque;
+ FWCfgCallback callback;
+} FWCfgEntry;
+
+struct FWCfgState {
+ /*< private >*/
+ SysBusDevice parent_obj;
+ /*< public >*/
+
+ MemoryRegion ctl_iomem, data_iomem, comb_iomem;
+ uint32_t ctl_iobase, data_iobase;
+ FWCfgEntry entries[2][FW_CFG_MAX_ENTRY];
+ FWCfgFiles *files;
+ uint16_t cur_entry;
+ uint32_t cur_offset;
+ Notifier machine_ready;
+};
+
+#define JPG_FILE 0
+#define BMP_FILE 1
+
+static char *read_splashfile(char *filename, gsize *file_sizep,
+ int *file_typep)
+{
+ GError *err = NULL;
+ gboolean res;
+ gchar *content;
+ int file_type;
+ unsigned int filehead;
+ int bmp_bpp;
+
+ res = g_file_get_contents(filename, &content, file_sizep, &err);
+ if (res == FALSE) {
+ error_report("failed to read splash file '%s'", filename);
+ g_error_free(err);
+ return NULL;
+ }
+
+ /* check file size */
+ if (*file_sizep < 30) {
+ goto error;
+ }
+
+ /* check magic ID */
+ filehead = ((content[0] & 0xff) + (content[1] << 8)) & 0xffff;
+ if (filehead == 0xd8ff) {
+ file_type = JPG_FILE;
+ } else if (filehead == 0x4d42) {
+ file_type = BMP_FILE;
+ } else {
+ goto error;
+ }
+
+ /* check BMP bpp */
+ if (file_type == BMP_FILE) {
+ bmp_bpp = (content[28] + (content[29] << 8)) & 0xffff;
+ if (bmp_bpp != 24) {
+ goto error;
+ }
+ }
+
+ /* return values */
+ *file_typep = file_type;
+
+ return content;
+
+error:
+ error_report("splash file '%s' format not recognized; must be JPEG "
+ "or 24 bit BMP", filename);
+ g_free(content);
+ return NULL;
+}
+
+static void fw_cfg_bootsplash(FWCfgState *s)
+{
+ int boot_splash_time = -1;
+ const char *boot_splash_filename = NULL;
+ char *p;
+ char *filename, *file_data;
+ gsize file_size;
+ int file_type;
+ const char *temp;
+
+ /* get user configuration */
+ QemuOptsList *plist = qemu_find_opts("boot-opts");
+ QemuOpts *opts = QTAILQ_FIRST(&plist->head);
+ if (opts != NULL) {
+ temp = qemu_opt_get(opts, "splash");
+ if (temp != NULL) {
+ boot_splash_filename = temp;
+ }
+ temp = qemu_opt_get(opts, "splash-time");
+ if (temp != NULL) {
+ p = (char *)temp;
+ boot_splash_time = strtol(p, (char **)&p, 10);
+ }
+ }
+
+ /* insert splash time if user configurated */
+ if (boot_splash_time >= 0) {
+ /* validate the input */
+ if (boot_splash_time > 0xffff) {
+ error_report("splash time is big than 65535, force it to 65535.");
+ boot_splash_time = 0xffff;
+ }
+ /* use little endian format */
+ qemu_extra_params_fw[0] = (uint8_t)(boot_splash_time & 0xff);
+ qemu_extra_params_fw[1] = (uint8_t)((boot_splash_time >> 8) & 0xff);
+ fw_cfg_add_file(s, "etc/boot-menu-wait", qemu_extra_params_fw, 2);
+ }
+
+ /* insert splash file if user configurated */
+ if (boot_splash_filename != NULL) {
+ filename = qemu_find_file(QEMU_FILE_TYPE_BIOS, boot_splash_filename);
+ if (filename == NULL) {
+ error_report("failed to find file '%s'.", boot_splash_filename);
+ return;
+ }
+
+ /* loading file data */
+ file_data = read_splashfile(filename, &file_size, &file_type);
+ if (file_data == NULL) {
+ g_free(filename);
+ return;
+ }
+ if (boot_splash_filedata != NULL) {
+ g_free(boot_splash_filedata);
+ }
+ boot_splash_filedata = (uint8_t *)file_data;
+ boot_splash_filedata_size = file_size;
+
+ /* insert data */
+ if (file_type == JPG_FILE) {
+ fw_cfg_add_file(s, "bootsplash.jpg",
+ boot_splash_filedata, boot_splash_filedata_size);
+ } else {
+ fw_cfg_add_file(s, "bootsplash.bmp",
+ boot_splash_filedata, boot_splash_filedata_size);
+ }
+ g_free(filename);
+ }
+}
+
+static void fw_cfg_reboot(FWCfgState *s)
+{
+ int reboot_timeout = -1;
+ char *p;
+ const char *temp;
+
+ /* get user configuration */
+ QemuOptsList *plist = qemu_find_opts("boot-opts");
+ QemuOpts *opts = QTAILQ_FIRST(&plist->head);
+ if (opts != NULL) {
+ temp = qemu_opt_get(opts, "reboot-timeout");
+ if (temp != NULL) {
+ p = (char *)temp;
+ reboot_timeout = strtol(p, (char **)&p, 10);
+ }
+ }
+ /* validate the input */
+ if (reboot_timeout > 0xffff) {
+ error_report("reboot timeout is larger than 65535, force it to 65535.");
+ reboot_timeout = 0xffff;
+ }
+ fw_cfg_add_file(s, "etc/boot-fail-wait", g_memdup(&reboot_timeout, 4), 4);
+}
+
+static void fw_cfg_write(FWCfgState *s, uint8_t value)
+{
+ int arch = !!(s->cur_entry & FW_CFG_ARCH_LOCAL);
+ FWCfgEntry *e = &s->entries[arch][s->cur_entry & FW_CFG_ENTRY_MASK];
+
+ trace_fw_cfg_write(s, value);
+
+ if (s->cur_entry & FW_CFG_WRITE_CHANNEL && e->callback &&
+ s->cur_offset < e->len) {
+ e->data[s->cur_offset++] = value;
+ if (s->cur_offset == e->len) {
+ e->callback(e->callback_opaque, e->data);
+ s->cur_offset = 0;
+ }
+ }
+}
+
+static int fw_cfg_select(FWCfgState *s, uint16_t key)
+{
+ int ret;
+
+ s->cur_offset = 0;
+ if ((key & FW_CFG_ENTRY_MASK) >= FW_CFG_MAX_ENTRY) {
+ s->cur_entry = FW_CFG_INVALID;
+ ret = 0;
+ } else {
+ s->cur_entry = key;
+ ret = 1;
+ }
+
+ trace_fw_cfg_select(s, key, ret);
+ return ret;
+}
+
+static uint8_t fw_cfg_read(FWCfgState *s)
+{
+ int arch = !!(s->cur_entry & FW_CFG_ARCH_LOCAL);
+ FWCfgEntry *e = &s->entries[arch][s->cur_entry & FW_CFG_ENTRY_MASK];
+ uint8_t ret;
+
+ if (s->cur_entry == FW_CFG_INVALID || !e->data || s->cur_offset >= e->len)
+ ret = 0;
+ else
+ ret = e->data[s->cur_offset++];
+
+ trace_fw_cfg_read(s, ret);
+ return ret;
+}
+
+static uint64_t fw_cfg_data_mem_read(void *opaque, hwaddr addr,
+ unsigned size)
+{
+ return fw_cfg_read(opaque);
+}
+
+static void fw_cfg_data_mem_write(void *opaque, hwaddr addr,
+ uint64_t value, unsigned size)
+{
+ fw_cfg_write(opaque, (uint8_t)value);
+}
+
+static void fw_cfg_ctl_mem_write(void *opaque, hwaddr addr,
+ uint64_t value, unsigned size)
+{
+ fw_cfg_select(opaque, (uint16_t)value);
+}
+
+static bool fw_cfg_ctl_mem_valid(void *opaque, hwaddr addr,
+ unsigned size, bool is_write)
+{
+ return is_write && size == 2;
+}
+
+static uint64_t fw_cfg_comb_read(void *opaque, hwaddr addr,
+ unsigned size)
+{
+ return fw_cfg_read(opaque);
+}
+
+static void fw_cfg_comb_write(void *opaque, hwaddr addr,
+ uint64_t value, unsigned size)
+{
+ switch (size) {
+ case 1:
+ fw_cfg_write(opaque, (uint8_t)value);
+ break;
+ case 2:
+ fw_cfg_select(opaque, (uint16_t)value);
+ break;
+ }
+}
+
+static bool fw_cfg_comb_valid(void *opaque, hwaddr addr,
+ unsigned size, bool is_write)
+{
+ return (size == 1) || (is_write && size == 2);
+}
+
+static const MemoryRegionOps fw_cfg_ctl_mem_ops = {
+ .write = fw_cfg_ctl_mem_write,
+ .endianness = DEVICE_NATIVE_ENDIAN,
+ .valid.accepts = fw_cfg_ctl_mem_valid,
+};
+
+static const MemoryRegionOps fw_cfg_data_mem_ops = {
+ .read = fw_cfg_data_mem_read,
+ .write = fw_cfg_data_mem_write,
+ .endianness = DEVICE_NATIVE_ENDIAN,
+ .valid = {
+ .min_access_size = 1,
+ .max_access_size = 1,
+ },
+};
+
+static const MemoryRegionOps fw_cfg_comb_mem_ops = {
+ .read = fw_cfg_comb_read,
+ .write = fw_cfg_comb_write,
+ .endianness = DEVICE_LITTLE_ENDIAN,
+ .valid.accepts = fw_cfg_comb_valid,
+};
+
+static void fw_cfg_reset(DeviceState *d)
+{
+ FWCfgState *s = FW_CFG(d);
+
+ fw_cfg_select(s, 0);
+}
+
+/* Save restore 32 bit int as uint16_t
+ This is a Big hack, but it is how the old state did it.
+ Or we broke compatibility in the state, or we can't use struct tm
+ */
+
+static int get_uint32_as_uint16(QEMUFile *f, void *pv, size_t size)
+{
+ uint32_t *v = pv;
+ *v = qemu_get_be16(f);
+ return 0;
+}
+
+static void put_unused(QEMUFile *f, void *pv, size_t size)
+{
+ fprintf(stderr, "uint32_as_uint16 is only used for backward compatibility.\n");
+ fprintf(stderr, "This functions shouldn't be called.\n");
+}
+
+static const VMStateInfo vmstate_hack_uint32_as_uint16 = {
+ .name = "int32_as_uint16",
+ .get = get_uint32_as_uint16,
+ .put = put_unused,
+};
+
+#define VMSTATE_UINT16_HACK(_f, _s, _t) \
+ VMSTATE_SINGLE_TEST(_f, _s, _t, 0, vmstate_hack_uint32_as_uint16, uint32_t)
+
+
+static bool is_version_1(void *opaque, int version_id)
+{
+ return version_id == 1;
+}
+
+static const VMStateDescription vmstate_fw_cfg = {
+ .name = "fw_cfg",
+ .version_id = 2,
+ .minimum_version_id = 1,
+ .minimum_version_id_old = 1,
+ .fields = (VMStateField []) {
+ VMSTATE_UINT16(cur_entry, FWCfgState),
+ VMSTATE_UINT16_HACK(cur_offset, FWCfgState, is_version_1),
+ VMSTATE_UINT32_V(cur_offset, FWCfgState, 2),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+void fw_cfg_add_bytes(FWCfgState *s, uint16_t key, void *data, size_t len)
+{
+ int arch = !!(key & FW_CFG_ARCH_LOCAL);
+
+ key &= FW_CFG_ENTRY_MASK;
+
+ assert(key < FW_CFG_MAX_ENTRY && len < UINT32_MAX);
+
+ s->entries[arch][key].data = data;
+ s->entries[arch][key].len = (uint32_t)len;
+}
+
+void fw_cfg_add_string(FWCfgState *s, uint16_t key, const char *value)
+{
+ size_t sz = strlen(value) + 1;
+
+ return fw_cfg_add_bytes(s, key, g_memdup(value, sz), sz);
+}
+
+void fw_cfg_add_i16(FWCfgState *s, uint16_t key, uint16_t value)
+{
+ uint16_t *copy;
+
+ copy = g_malloc(sizeof(value));
+ *copy = cpu_to_le16(value);
+ fw_cfg_add_bytes(s, key, copy, sizeof(value));
+}
+
+void fw_cfg_add_i32(FWCfgState *s, uint16_t key, uint32_t value)
+{
+ uint32_t *copy;
+
+ copy = g_malloc(sizeof(value));
+ *copy = cpu_to_le32(value);
+ fw_cfg_add_bytes(s, key, copy, sizeof(value));
+}
+
+void fw_cfg_add_i64(FWCfgState *s, uint16_t key, uint64_t value)
+{
+ uint64_t *copy;
+
+ copy = g_malloc(sizeof(value));
+ *copy = cpu_to_le64(value);
+ fw_cfg_add_bytes(s, key, copy, sizeof(value));
+}
+
+void fw_cfg_add_callback(FWCfgState *s, uint16_t key, FWCfgCallback callback,
+ void *callback_opaque, void *data, size_t len)
+{
+ int arch = !!(key & FW_CFG_ARCH_LOCAL);
+
+ assert(key & FW_CFG_WRITE_CHANNEL);
+
+ key &= FW_CFG_ENTRY_MASK;
+
+ assert(key < FW_CFG_MAX_ENTRY && len <= UINT32_MAX);
+
+ s->entries[arch][key].data = data;
+ s->entries[arch][key].len = (uint32_t)len;
+ s->entries[arch][key].callback_opaque = callback_opaque;
+ s->entries[arch][key].callback = callback;
+}
+
+void fw_cfg_add_file(FWCfgState *s, const char *filename,
+ void *data, size_t len)
+{
+ int i, index;
+ size_t dsize;
+
+ if (!s->files) {
+ dsize = sizeof(uint32_t) + sizeof(FWCfgFile) * FW_CFG_FILE_SLOTS;
+ s->files = g_malloc0(dsize);
+ fw_cfg_add_bytes(s, FW_CFG_FILE_DIR, s->files, dsize);
+ }
+
+ index = be32_to_cpu(s->files->count);
+ assert(index < FW_CFG_FILE_SLOTS);
+
+ fw_cfg_add_bytes(s, FW_CFG_FILE_FIRST + index, data, len);
+
+ pstrcpy(s->files->f[index].name, sizeof(s->files->f[index].name),
+ filename);
+ for (i = 0; i < index; i++) {
+ if (strcmp(s->files->f[index].name, s->files->f[i].name) == 0) {
+ trace_fw_cfg_add_file_dupe(s, s->files->f[index].name);
+ return;
+ }
+ }
+
+ s->files->f[index].size = cpu_to_be32(len);
+ s->files->f[index].select = cpu_to_be16(FW_CFG_FILE_FIRST + index);
+ trace_fw_cfg_add_file(s, index, s->files->f[index].name, len);
+
+ s->files->count = cpu_to_be32(index+1);
+}
+
+static void fw_cfg_machine_ready(struct Notifier *n, void *data)
+{
+ size_t len;
+ FWCfgState *s = container_of(n, FWCfgState, machine_ready);
+ char *bootindex = get_boot_devices_list(&len);
+
+ fw_cfg_add_file(s, "bootorder", (uint8_t*)bootindex, len);
+}
+
+FWCfgState *fw_cfg_init(uint32_t ctl_port, uint32_t data_port,
+ hwaddr ctl_addr, hwaddr data_addr)
+{
+ DeviceState *dev;
+ SysBusDevice *d;
+ FWCfgState *s;
+
+ dev = qdev_create(NULL, TYPE_FW_CFG);
+ qdev_prop_set_uint32(dev, "ctl_iobase", ctl_port);
+ qdev_prop_set_uint32(dev, "data_iobase", data_port);
+ d = SYS_BUS_DEVICE(dev);
+
+ s = FW_CFG(dev);
+
+ assert(!object_resolve_path(FW_CFG_PATH, NULL));
+
+ object_property_add_child(qdev_get_machine(), FW_CFG_NAME, OBJECT(s), NULL);
+
+ qdev_init_nofail(dev);
+
+ if (ctl_addr) {
+ sysbus_mmio_map(d, 0, ctl_addr);
+ }
+ if (data_addr) {
+ sysbus_mmio_map(d, 1, data_addr);
+ }
+ fw_cfg_add_bytes(s, FW_CFG_SIGNATURE, (char *)"QEMU", 4);
+ fw_cfg_add_bytes(s, FW_CFG_UUID, qemu_uuid, 16);
+ fw_cfg_add_i16(s, FW_CFG_NOGRAPHIC, (uint16_t)(display_type == DT_NOGRAPHIC));
+ fw_cfg_add_i16(s, FW_CFG_NB_CPUS, (uint16_t)smp_cpus);
+ fw_cfg_add_i16(s, FW_CFG_BOOT_MENU, (uint16_t)boot_menu);
+ fw_cfg_bootsplash(s);
+ fw_cfg_reboot(s);
+
+ s->machine_ready.notify = fw_cfg_machine_ready;
+ qemu_add_machine_init_done_notifier(&s->machine_ready);
+
+ return s;
+}
+
+static void fw_cfg_initfn(Object *obj)
+{
+ SysBusDevice *sbd = SYS_BUS_DEVICE(obj);
+ FWCfgState *s = FW_CFG(obj);
+
+ memory_region_init_io(&s->ctl_iomem, OBJECT(s), &fw_cfg_ctl_mem_ops, s,
+ "fwcfg.ctl", FW_CFG_SIZE);
+ sysbus_init_mmio(sbd, &s->ctl_iomem);
+ memory_region_init_io(&s->data_iomem, OBJECT(s), &fw_cfg_data_mem_ops, s,
+ "fwcfg.data", FW_CFG_DATA_SIZE);
+ sysbus_init_mmio(sbd, &s->data_iomem);
+ /* In case ctl and data overlap: */
+ memory_region_init_io(&s->comb_iomem, OBJECT(s), &fw_cfg_comb_mem_ops, s,
+ "fwcfg", FW_CFG_SIZE);
+}
+
+static void fw_cfg_realize(DeviceState *dev, Error **errp)
+{
+ FWCfgState *s = FW_CFG(dev);
+ SysBusDevice *sbd = SYS_BUS_DEVICE(dev);
+
+
+ if (s->ctl_iobase + 1 == s->data_iobase) {
+ sysbus_add_io(sbd, s->ctl_iobase, &s->comb_iomem);
+ } else {
+ if (s->ctl_iobase) {
+ sysbus_add_io(sbd, s->ctl_iobase, &s->ctl_iomem);
+ }
+ if (s->data_iobase) {
+ sysbus_add_io(sbd, s->data_iobase, &s->data_iomem);
+ }
+ }
+}
+
+static Property fw_cfg_properties[] = {
+ DEFINE_PROP_HEX32("ctl_iobase", FWCfgState, ctl_iobase, -1),
+ DEFINE_PROP_HEX32("data_iobase", FWCfgState, data_iobase, -1),
+ DEFINE_PROP_END_OF_LIST(),
+};
+
+FWCfgState *fw_cfg_find(void)
+{
+ return FW_CFG(object_resolve_path(FW_CFG_PATH, NULL));
+}
+
+static void fw_cfg_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+
+ dc->realize = fw_cfg_realize;
+ dc->no_user = 1;
+ dc->reset = fw_cfg_reset;
+ dc->vmsd = &vmstate_fw_cfg;
+ dc->props = fw_cfg_properties;
+}
+
+static const TypeInfo fw_cfg_info = {
+ .name = TYPE_FW_CFG,
+ .parent = TYPE_SYS_BUS_DEVICE,
+ .instance_size = sizeof(FWCfgState),
+ .instance_init = fw_cfg_initfn,
+ .class_init = fw_cfg_class_init,
+};
+
+static void fw_cfg_register_types(void)
+{
+ type_register_static(&fw_cfg_info);
+}
+
+type_init(fw_cfg_register_types)
diff --git a/hw/nvram/mac_nvram.c b/hw/nvram/mac_nvram.c
new file mode 100644
index 000000000..2eb008179
--- /dev/null
+++ b/hw/nvram/mac_nvram.c
@@ -0,0 +1,196 @@
+/*
+ * PowerMac NVRAM emulation
+ *
+ * Copyright (c) 2005-2007 Fabrice Bellard
+ * Copyright (c) 2007 Jocelyn Mayer
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+#include "hw/hw.h"
+#include "hw/nvram/openbios_firmware_abi.h"
+#include "sysemu/sysemu.h"
+#include "hw/ppc/mac.h"
+
+/* debug NVR */
+//#define DEBUG_NVR
+
+#ifdef DEBUG_NVR
+#define NVR_DPRINTF(fmt, ...) \
+ do { printf("NVR: " fmt , ## __VA_ARGS__); } while (0)
+#else
+#define NVR_DPRINTF(fmt, ...)
+#endif
+
+#define DEF_SYSTEM_SIZE 0xc10
+
+/* Direct access to NVRAM */
+uint8_t macio_nvram_read(MacIONVRAMState *s, uint32_t addr)
+{
+ uint32_t ret;
+
+ if (addr < s->size) {
+ ret = s->data[addr];
+ } else {
+ ret = -1;
+ }
+ NVR_DPRINTF("read addr %04" PRIx32 " val %" PRIx8 "\n", addr, ret);
+
+ return ret;
+}
+
+void macio_nvram_write(MacIONVRAMState *s, uint32_t addr, uint8_t val)
+{
+ NVR_DPRINTF("write addr %04" PRIx32 " val %" PRIx8 "\n", addr, val);
+ if (addr < s->size) {
+ s->data[addr] = val;
+ }
+}
+
+/* macio style NVRAM device */
+static void macio_nvram_writeb(void *opaque, hwaddr addr,
+ uint64_t value, unsigned size)
+{
+ MacIONVRAMState *s = opaque;
+
+ addr = (addr >> s->it_shift) & (s->size - 1);
+ s->data[addr] = value;
+ NVR_DPRINTF("writeb addr %04" PHYS_PRIx " val %" PRIx64 "\n", addr, value);
+}
+
+static uint64_t macio_nvram_readb(void *opaque, hwaddr addr,
+ unsigned size)
+{
+ MacIONVRAMState *s = opaque;
+ uint32_t value;
+
+ addr = (addr >> s->it_shift) & (s->size - 1);
+ value = s->data[addr];
+ NVR_DPRINTF("readb addr %04x val %x\n", (int)addr, value);
+
+ return value;
+}
+
+static const MemoryRegionOps macio_nvram_ops = {
+ .read = macio_nvram_readb,
+ .write = macio_nvram_writeb,
+ .endianness = DEVICE_BIG_ENDIAN,
+};
+
+static const VMStateDescription vmstate_macio_nvram = {
+ .name = "macio_nvram",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .minimum_version_id_old = 1,
+ .fields = (VMStateField[]) {
+ VMSTATE_VBUFFER_UINT32(data, MacIONVRAMState, 0, NULL, 0, size),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+
+static void macio_nvram_reset(DeviceState *dev)
+{
+}
+
+static void macio_nvram_realizefn(DeviceState *dev, Error **errp)
+{
+ SysBusDevice *d = SYS_BUS_DEVICE(dev);
+ MacIONVRAMState *s = MACIO_NVRAM(dev);
+
+ s->data = g_malloc0(s->size);
+
+ memory_region_init_io(&s->mem, OBJECT(s), &macio_nvram_ops, s,
+ "macio-nvram", s->size << s->it_shift);
+ sysbus_init_mmio(d, &s->mem);
+}
+
+static void macio_nvram_unrealizefn(DeviceState *dev, Error **errp)
+{
+ MacIONVRAMState *s = MACIO_NVRAM(dev);
+
+ g_free(s->data);
+}
+
+static Property macio_nvram_properties[] = {
+ DEFINE_PROP_UINT32("size", MacIONVRAMState, size, 0),
+ DEFINE_PROP_UINT32("it_shift", MacIONVRAMState, it_shift, 0),
+ DEFINE_PROP_END_OF_LIST()
+};
+
+static void macio_nvram_class_init(ObjectClass *oc, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(oc);
+
+ dc->realize = macio_nvram_realizefn;
+ dc->unrealize = macio_nvram_unrealizefn;
+ dc->reset = macio_nvram_reset;
+ dc->vmsd = &vmstate_macio_nvram;
+ dc->props = macio_nvram_properties;
+}
+
+static const TypeInfo macio_nvram_type_info = {
+ .name = TYPE_MACIO_NVRAM,
+ .parent = TYPE_SYS_BUS_DEVICE,
+ .instance_size = sizeof(MacIONVRAMState),
+ .class_init = macio_nvram_class_init,
+};
+
+static void macio_nvram_register_types(void)
+{
+ type_register_static(&macio_nvram_type_info);
+}
+
+/* Set up a system OpenBIOS NVRAM partition */
+void pmac_format_nvram_partition (MacIONVRAMState *nvr, int len)
+{
+ unsigned int i;
+ uint32_t start = 0, end;
+ struct OpenBIOS_nvpart_v1 *part_header;
+
+ // OpenBIOS nvram variables
+ // Variable partition
+ part_header = (struct OpenBIOS_nvpart_v1 *)nvr->data;
+ part_header->signature = OPENBIOS_PART_SYSTEM;
+ pstrcpy(part_header->name, sizeof(part_header->name), "system");
+
+ end = start + sizeof(struct OpenBIOS_nvpart_v1);
+ for (i = 0; i < nb_prom_envs; i++)
+ end = OpenBIOS_set_var(nvr->data, end, prom_envs[i]);
+
+ // End marker
+ nvr->data[end++] = '\0';
+
+ end = start + ((end - start + 15) & ~15);
+ /* XXX: OpenBIOS is not able to grow up a partition. Leave some space for
+ new variables. */
+ if (end < DEF_SYSTEM_SIZE)
+ end = DEF_SYSTEM_SIZE;
+ OpenBIOS_finish_partition(part_header, end - start);
+
+ // free partition
+ start = end;
+ part_header = (struct OpenBIOS_nvpart_v1 *)&nvr->data[start];
+ part_header->signature = OPENBIOS_PART_FREE;
+ pstrcpy(part_header->name, sizeof(part_header->name), "free");
+
+ end = len;
+ OpenBIOS_finish_partition(part_header, end - start);
+}
+
+type_init(macio_nvram_register_types)
diff --git a/hw/nvram/spapr_nvram.c b/hw/nvram/spapr_nvram.c
new file mode 100644
index 000000000..eb4500e26
--- /dev/null
+++ b/hw/nvram/spapr_nvram.c
@@ -0,0 +1,200 @@
+/*
+ * QEMU sPAPR NVRAM emulation
+ *
+ * Copyright (C) 2012 David Gibson, IBM Corporation.
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+#include <libfdt.h>
+
+#include "sysemu/device_tree.h"
+#include "hw/sysbus.h"
+#include "hw/ppc/spapr.h"
+#include "hw/ppc/spapr_vio.h"
+
+typedef struct sPAPRNVRAM {
+ VIOsPAPRDevice sdev;
+ uint32_t size;
+ uint8_t *buf;
+ BlockDriverState *drive;
+} sPAPRNVRAM;
+
+#define TYPE_VIO_SPAPR_NVRAM "spapr-nvram"
+#define VIO_SPAPR_NVRAM(obj) \
+ OBJECT_CHECK(sPAPRNVRAM, (obj), TYPE_VIO_SPAPR_NVRAM)
+
+#define MIN_NVRAM_SIZE 8192
+#define DEFAULT_NVRAM_SIZE 65536
+#define MAX_NVRAM_SIZE (UINT16_MAX * 16)
+
+static void rtas_nvram_fetch(PowerPCCPU *cpu, sPAPREnvironment *spapr,
+ uint32_t token, uint32_t nargs,
+ target_ulong args,
+ uint32_t nret, target_ulong rets)
+{
+ sPAPRNVRAM *nvram = spapr->nvram;
+ hwaddr offset, buffer, len;
+ int alen;
+ void *membuf;
+
+ if ((nargs != 3) || (nret != 2)) {
+ rtas_st(rets, 0, -3);
+ return;
+ }
+
+ if (!nvram) {
+ rtas_st(rets, 0, -1);
+ rtas_st(rets, 1, 0);
+ return;
+ }
+
+ offset = rtas_ld(args, 0);
+ buffer = rtas_ld(args, 1);
+ len = rtas_ld(args, 2);
+
+ if (((offset + len) < offset)
+ || ((offset + len) > nvram->size)) {
+ rtas_st(rets, 0, -3);
+ rtas_st(rets, 1, 0);
+ return;
+ }
+
+ membuf = cpu_physical_memory_map(buffer, &len, 1);
+ if (nvram->drive) {
+ alen = bdrv_pread(nvram->drive, offset, membuf, len);
+ } else {
+ assert(nvram->buf);
+
+ memcpy(membuf, nvram->buf + offset, len);
+ alen = len;
+ }
+ cpu_physical_memory_unmap(membuf, len, 1, len);
+
+ rtas_st(rets, 0, (alen < len) ? -1 : 0);
+ rtas_st(rets, 1, (alen < 0) ? 0 : alen);
+}
+
+static void rtas_nvram_store(PowerPCCPU *cpu, sPAPREnvironment *spapr,
+ uint32_t token, uint32_t nargs,
+ target_ulong args,
+ uint32_t nret, target_ulong rets)
+{
+ sPAPRNVRAM *nvram = spapr->nvram;
+ hwaddr offset, buffer, len;
+ int alen;
+ void *membuf;
+
+ if ((nargs != 3) || (nret != 2)) {
+ rtas_st(rets, 0, -3);
+ return;
+ }
+
+ if (!nvram) {
+ rtas_st(rets, 0, -1);
+ return;
+ }
+
+ offset = rtas_ld(args, 0);
+ buffer = rtas_ld(args, 1);
+ len = rtas_ld(args, 2);
+
+ if (((offset + len) < offset)
+ || ((offset + len) > nvram->size)) {
+ rtas_st(rets, 0, -3);
+ return;
+ }
+
+ membuf = cpu_physical_memory_map(buffer, &len, 0);
+ if (nvram->drive) {
+ alen = bdrv_pwrite(nvram->drive, offset, membuf, len);
+ } else {
+ assert(nvram->buf);
+
+ memcpy(nvram->buf + offset, membuf, len);
+ alen = len;
+ }
+ cpu_physical_memory_unmap(membuf, len, 0, len);
+
+ rtas_st(rets, 0, (alen < len) ? -1 : 0);
+ rtas_st(rets, 1, (alen < 0) ? 0 : alen);
+}
+
+static int spapr_nvram_init(VIOsPAPRDevice *dev)
+{
+ sPAPRNVRAM *nvram = VIO_SPAPR_NVRAM(dev);
+
+ if (nvram->drive) {
+ nvram->size = bdrv_getlength(nvram->drive);
+ } else {
+ nvram->size = DEFAULT_NVRAM_SIZE;
+ nvram->buf = g_malloc0(nvram->size);
+ }
+
+ if ((nvram->size < MIN_NVRAM_SIZE) || (nvram->size > MAX_NVRAM_SIZE)) {
+ fprintf(stderr, "spapr-nvram must be between %d and %d bytes in size\n",
+ MIN_NVRAM_SIZE, MAX_NVRAM_SIZE);
+ return -1;
+ }
+
+ spapr_rtas_register("nvram-fetch", rtas_nvram_fetch);
+ spapr_rtas_register("nvram-store", rtas_nvram_store);
+
+ return 0;
+}
+
+static int spapr_nvram_devnode(VIOsPAPRDevice *dev, void *fdt, int node_off)
+{
+ sPAPRNVRAM *nvram = VIO_SPAPR_NVRAM(dev);
+
+ return fdt_setprop_cell(fdt, node_off, "#bytes", nvram->size);
+}
+
+static Property spapr_nvram_properties[] = {
+ DEFINE_SPAPR_PROPERTIES(sPAPRNVRAM, sdev),
+ DEFINE_PROP_DRIVE("drive", sPAPRNVRAM, drive),
+ DEFINE_PROP_END_OF_LIST(),
+};
+
+static void spapr_nvram_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ VIOsPAPRDeviceClass *k = VIO_SPAPR_DEVICE_CLASS(klass);
+
+ k->init = spapr_nvram_init;
+ k->devnode = spapr_nvram_devnode;
+ k->dt_name = "nvram";
+ k->dt_type = "nvram";
+ k->dt_compatible = "qemu,spapr-nvram";
+ dc->props = spapr_nvram_properties;
+}
+
+static const TypeInfo spapr_nvram_type_info = {
+ .name = TYPE_VIO_SPAPR_NVRAM,
+ .parent = TYPE_VIO_SPAPR_DEVICE,
+ .instance_size = sizeof(sPAPRNVRAM),
+ .class_init = spapr_nvram_class_init,
+};
+
+static void spapr_nvram_register_types(void)
+{
+ type_register_static(&spapr_nvram_type_info);
+}
+
+type_init(spapr_nvram_register_types)
diff --git a/hw/omap.h b/hw/omap.h
deleted file mode 100644
index 2b383ffc4..000000000
--- a/hw/omap.h
+++ /dev/null
@@ -1,1015 +0,0 @@
-/*
- * Texas Instruments OMAP processors.
- *
- * Copyright (C) 2006-2008 Andrzej Zaborowski <balrog@zabor.org>
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License as
- * published by the Free Software Foundation; either version 2 or
- * (at your option) version 3 of the License.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, see <http://www.gnu.org/licenses/>.
- */
-#ifndef hw_omap_h
-#include "memory.h"
-# define hw_omap_h "omap.h"
-#include "hw/irq.h"
-
-# define OMAP_EMIFS_BASE 0x00000000
-# define OMAP2_Q0_BASE 0x00000000
-# define OMAP_CS0_BASE 0x00000000
-# define OMAP_CS1_BASE 0x04000000
-# define OMAP_CS2_BASE 0x08000000
-# define OMAP_CS3_BASE 0x0c000000
-# define OMAP_EMIFF_BASE 0x10000000
-# define OMAP_IMIF_BASE 0x20000000
-# define OMAP_LOCALBUS_BASE 0x30000000
-# define OMAP2_Q1_BASE 0x40000000
-# define OMAP2_L4_BASE 0x48000000
-# define OMAP2_SRAM_BASE 0x40200000
-# define OMAP2_L3_BASE 0x68000000
-# define OMAP2_Q2_BASE 0x80000000
-# define OMAP2_Q3_BASE 0xc0000000
-# define OMAP_MPUI_BASE 0xe1000000
-
-# define OMAP730_SRAM_SIZE 0x00032000
-# define OMAP15XX_SRAM_SIZE 0x00030000
-# define OMAP16XX_SRAM_SIZE 0x00004000
-# define OMAP1611_SRAM_SIZE 0x0003e800
-# define OMAP242X_SRAM_SIZE 0x000a0000
-# define OMAP243X_SRAM_SIZE 0x00010000
-# define OMAP_CS0_SIZE 0x04000000
-# define OMAP_CS1_SIZE 0x04000000
-# define OMAP_CS2_SIZE 0x04000000
-# define OMAP_CS3_SIZE 0x04000000
-
-/* omap_clk.c */
-struct omap_mpu_state_s;
-typedef struct clk *omap_clk;
-omap_clk omap_findclk(struct omap_mpu_state_s *mpu, const char *name);
-void omap_clk_init(struct omap_mpu_state_s *mpu);
-void omap_clk_adduser(struct clk *clk, qemu_irq user);
-void omap_clk_get(omap_clk clk);
-void omap_clk_put(omap_clk clk);
-void omap_clk_onoff(omap_clk clk, int on);
-void omap_clk_canidle(omap_clk clk, int can);
-void omap_clk_setrate(omap_clk clk, int divide, int multiply);
-int64_t omap_clk_getrate(omap_clk clk);
-void omap_clk_reparent(omap_clk clk, omap_clk parent);
-
-/* OMAP2 l4 Interconnect */
-struct omap_l4_s;
-struct omap_l4_region_s {
- hwaddr offset;
- size_t size;
- int access;
-};
-struct omap_l4_agent_info_s {
- int ta;
- int region;
- int regions;
- int ta_region;
-};
-struct omap_target_agent_s {
- MemoryRegion iomem;
- struct omap_l4_s *bus;
- int regions;
- const struct omap_l4_region_s *start;
- hwaddr base;
- uint32_t component;
- uint32_t control;
- uint32_t status;
-};
-struct omap_l4_s *omap_l4_init(MemoryRegion *address_space,
- hwaddr base, int ta_num);
-
-struct omap_target_agent_s;
-struct omap_target_agent_s *omap_l4ta_get(
- struct omap_l4_s *bus,
- const struct omap_l4_region_s *regions,
- const struct omap_l4_agent_info_s *agents,
- int cs);
-hwaddr omap_l4_attach(struct omap_target_agent_s *ta,
- int region, MemoryRegion *mr);
-hwaddr omap_l4_region_base(struct omap_target_agent_s *ta,
- int region);
-hwaddr omap_l4_region_size(struct omap_target_agent_s *ta,
- int region);
-
-/* OMAP2 SDRAM controller */
-struct omap_sdrc_s;
-struct omap_sdrc_s *omap_sdrc_init(MemoryRegion *sysmem,
- hwaddr base);
-void omap_sdrc_reset(struct omap_sdrc_s *s);
-
-/* OMAP2 general purpose memory controller */
-struct omap_gpmc_s;
-struct omap_gpmc_s *omap_gpmc_init(struct omap_mpu_state_s *mpu,
- hwaddr base,
- qemu_irq irq, qemu_irq drq);
-void omap_gpmc_reset(struct omap_gpmc_s *s);
-void omap_gpmc_attach(struct omap_gpmc_s *s, int cs, MemoryRegion *iomem);
-void omap_gpmc_attach_nand(struct omap_gpmc_s *s, int cs, DeviceState *nand);
-
-/*
- * Common IRQ numbers for level 1 interrupt handler
- * See /usr/include/asm-arm/arch-omap/irqs.h in Linux.
- */
-# define OMAP_INT_CAMERA 1
-# define OMAP_INT_FIQ 3
-# define OMAP_INT_RTDX 6
-# define OMAP_INT_DSP_MMU_ABORT 7
-# define OMAP_INT_HOST 8
-# define OMAP_INT_ABORT 9
-# define OMAP_INT_BRIDGE_PRIV 13
-# define OMAP_INT_GPIO_BANK1 14
-# define OMAP_INT_UART3 15
-# define OMAP_INT_TIMER3 16
-# define OMAP_INT_DMA_CH0_6 19
-# define OMAP_INT_DMA_CH1_7 20
-# define OMAP_INT_DMA_CH2_8 21
-# define OMAP_INT_DMA_CH3 22
-# define OMAP_INT_DMA_CH4 23
-# define OMAP_INT_DMA_CH5 24
-# define OMAP_INT_DMA_LCD 25
-# define OMAP_INT_TIMER1 26
-# define OMAP_INT_WD_TIMER 27
-# define OMAP_INT_BRIDGE_PUB 28
-# define OMAP_INT_TIMER2 30
-# define OMAP_INT_LCD_CTRL 31
-
-/*
- * Common OMAP-15xx IRQ numbers for level 1 interrupt handler
- */
-# define OMAP_INT_15XX_IH2_IRQ 0
-# define OMAP_INT_15XX_LB_MMU 17
-# define OMAP_INT_15XX_LOCAL_BUS 29
-
-/*
- * OMAP-1510 specific IRQ numbers for level 1 interrupt handler
- */
-# define OMAP_INT_1510_SPI_TX 4
-# define OMAP_INT_1510_SPI_RX 5
-# define OMAP_INT_1510_DSP_MAILBOX1 10
-# define OMAP_INT_1510_DSP_MAILBOX2 11
-
-/*
- * OMAP-310 specific IRQ numbers for level 1 interrupt handler
- */
-# define OMAP_INT_310_McBSP2_TX 4
-# define OMAP_INT_310_McBSP2_RX 5
-# define OMAP_INT_310_HSB_MAILBOX1 12
-# define OMAP_INT_310_HSAB_MMU 18
-
-/*
- * OMAP-1610 specific IRQ numbers for level 1 interrupt handler
- */
-# define OMAP_INT_1610_IH2_IRQ 0
-# define OMAP_INT_1610_IH2_FIQ 2
-# define OMAP_INT_1610_McBSP2_TX 4
-# define OMAP_INT_1610_McBSP2_RX 5
-# define OMAP_INT_1610_DSP_MAILBOX1 10
-# define OMAP_INT_1610_DSP_MAILBOX2 11
-# define OMAP_INT_1610_LCD_LINE 12
-# define OMAP_INT_1610_GPTIMER1 17
-# define OMAP_INT_1610_GPTIMER2 18
-# define OMAP_INT_1610_SSR_FIFO_0 29
-
-/*
- * OMAP-730 specific IRQ numbers for level 1 interrupt handler
- */
-# define OMAP_INT_730_IH2_FIQ 0
-# define OMAP_INT_730_IH2_IRQ 1
-# define OMAP_INT_730_USB_NON_ISO 2
-# define OMAP_INT_730_USB_ISO 3
-# define OMAP_INT_730_ICR 4
-# define OMAP_INT_730_EAC 5
-# define OMAP_INT_730_GPIO_BANK1 6
-# define OMAP_INT_730_GPIO_BANK2 7
-# define OMAP_INT_730_GPIO_BANK3 8
-# define OMAP_INT_730_McBSP2TX 10
-# define OMAP_INT_730_McBSP2RX 11
-# define OMAP_INT_730_McBSP2RX_OVF 12
-# define OMAP_INT_730_LCD_LINE 14
-# define OMAP_INT_730_GSM_PROTECT 15
-# define OMAP_INT_730_TIMER3 16
-# define OMAP_INT_730_GPIO_BANK5 17
-# define OMAP_INT_730_GPIO_BANK6 18
-# define OMAP_INT_730_SPGIO_WR 29
-
-/*
- * Common IRQ numbers for level 2 interrupt handler
- */
-# define OMAP_INT_KEYBOARD 1
-# define OMAP_INT_uWireTX 2
-# define OMAP_INT_uWireRX 3
-# define OMAP_INT_I2C 4
-# define OMAP_INT_MPUIO 5
-# define OMAP_INT_USB_HHC_1 6
-# define OMAP_INT_McBSP3TX 10
-# define OMAP_INT_McBSP3RX 11
-# define OMAP_INT_McBSP1TX 12
-# define OMAP_INT_McBSP1RX 13
-# define OMAP_INT_UART1 14
-# define OMAP_INT_UART2 15
-# define OMAP_INT_USB_W2FC 20
-# define OMAP_INT_1WIRE 21
-# define OMAP_INT_OS_TIMER 22
-# define OMAP_INT_OQN 23
-# define OMAP_INT_GAUGE_32K 24
-# define OMAP_INT_RTC_TIMER 25
-# define OMAP_INT_RTC_ALARM 26
-# define OMAP_INT_DSP_MMU 28
-
-/*
- * OMAP-1510 specific IRQ numbers for level 2 interrupt handler
- */
-# define OMAP_INT_1510_BT_MCSI1TX 16
-# define OMAP_INT_1510_BT_MCSI1RX 17
-# define OMAP_INT_1510_SoSSI_MATCH 19
-# define OMAP_INT_1510_MEM_STICK 27
-# define OMAP_INT_1510_COM_SPI_RO 31
-
-/*
- * OMAP-310 specific IRQ numbers for level 2 interrupt handler
- */
-# define OMAP_INT_310_FAC 0
-# define OMAP_INT_310_USB_HHC_2 7
-# define OMAP_INT_310_MCSI1_FE 16
-# define OMAP_INT_310_MCSI2_FE 17
-# define OMAP_INT_310_USB_W2FC_ISO 29
-# define OMAP_INT_310_USB_W2FC_NON_ISO 30
-# define OMAP_INT_310_McBSP2RX_OF 31
-
-/*
- * OMAP-1610 specific IRQ numbers for level 2 interrupt handler
- */
-# define OMAP_INT_1610_FAC 0
-# define OMAP_INT_1610_USB_HHC_2 7
-# define OMAP_INT_1610_USB_OTG 8
-# define OMAP_INT_1610_SoSSI 9
-# define OMAP_INT_1610_BT_MCSI1TX 16
-# define OMAP_INT_1610_BT_MCSI1RX 17
-# define OMAP_INT_1610_SoSSI_MATCH 19
-# define OMAP_INT_1610_MEM_STICK 27
-# define OMAP_INT_1610_McBSP2RX_OF 31
-# define OMAP_INT_1610_STI 32
-# define OMAP_INT_1610_STI_WAKEUP 33
-# define OMAP_INT_1610_GPTIMER3 34
-# define OMAP_INT_1610_GPTIMER4 35
-# define OMAP_INT_1610_GPTIMER5 36
-# define OMAP_INT_1610_GPTIMER6 37
-# define OMAP_INT_1610_GPTIMER7 38
-# define OMAP_INT_1610_GPTIMER8 39
-# define OMAP_INT_1610_GPIO_BANK2 40
-# define OMAP_INT_1610_GPIO_BANK3 41
-# define OMAP_INT_1610_MMC2 42
-# define OMAP_INT_1610_CF 43
-# define OMAP_INT_1610_WAKE_UP_REQ 46
-# define OMAP_INT_1610_GPIO_BANK4 48
-# define OMAP_INT_1610_SPI 49
-# define OMAP_INT_1610_DMA_CH6 53
-# define OMAP_INT_1610_DMA_CH7 54
-# define OMAP_INT_1610_DMA_CH8 55
-# define OMAP_INT_1610_DMA_CH9 56
-# define OMAP_INT_1610_DMA_CH10 57
-# define OMAP_INT_1610_DMA_CH11 58
-# define OMAP_INT_1610_DMA_CH12 59
-# define OMAP_INT_1610_DMA_CH13 60
-# define OMAP_INT_1610_DMA_CH14 61
-# define OMAP_INT_1610_DMA_CH15 62
-# define OMAP_INT_1610_NAND 63
-
-/*
- * OMAP-730 specific IRQ numbers for level 2 interrupt handler
- */
-# define OMAP_INT_730_HW_ERRORS 0
-# define OMAP_INT_730_NFIQ_PWR_FAIL 1
-# define OMAP_INT_730_CFCD 2
-# define OMAP_INT_730_CFIREQ 3
-# define OMAP_INT_730_I2C 4
-# define OMAP_INT_730_PCC 5
-# define OMAP_INT_730_MPU_EXT_NIRQ 6
-# define OMAP_INT_730_SPI_100K_1 7
-# define OMAP_INT_730_SYREN_SPI 8
-# define OMAP_INT_730_VLYNQ 9
-# define OMAP_INT_730_GPIO_BANK4 10
-# define OMAP_INT_730_McBSP1TX 11
-# define OMAP_INT_730_McBSP1RX 12
-# define OMAP_INT_730_McBSP1RX_OF 13
-# define OMAP_INT_730_UART_MODEM_IRDA_2 14
-# define OMAP_INT_730_UART_MODEM_1 15
-# define OMAP_INT_730_MCSI 16
-# define OMAP_INT_730_uWireTX 17
-# define OMAP_INT_730_uWireRX 18
-# define OMAP_INT_730_SMC_CD 19
-# define OMAP_INT_730_SMC_IREQ 20
-# define OMAP_INT_730_HDQ_1WIRE 21
-# define OMAP_INT_730_TIMER32K 22
-# define OMAP_INT_730_MMC_SDIO 23
-# define OMAP_INT_730_UPLD 24
-# define OMAP_INT_730_USB_HHC_1 27
-# define OMAP_INT_730_USB_HHC_2 28
-# define OMAP_INT_730_USB_GENI 29
-# define OMAP_INT_730_USB_OTG 30
-# define OMAP_INT_730_CAMERA_IF 31
-# define OMAP_INT_730_RNG 32
-# define OMAP_INT_730_DUAL_MODE_TIMER 33
-# define OMAP_INT_730_DBB_RF_EN 34
-# define OMAP_INT_730_MPUIO_KEYPAD 35
-# define OMAP_INT_730_SHA1_MD5 36
-# define OMAP_INT_730_SPI_100K_2 37
-# define OMAP_INT_730_RNG_IDLE 38
-# define OMAP_INT_730_MPUIO 39
-# define OMAP_INT_730_LLPC_LCD_CTRL_OFF 40
-# define OMAP_INT_730_LLPC_OE_FALLING 41
-# define OMAP_INT_730_LLPC_OE_RISING 42
-# define OMAP_INT_730_LLPC_VSYNC 43
-# define OMAP_INT_730_WAKE_UP_REQ 46
-# define OMAP_INT_730_DMA_CH6 53
-# define OMAP_INT_730_DMA_CH7 54
-# define OMAP_INT_730_DMA_CH8 55
-# define OMAP_INT_730_DMA_CH9 56
-# define OMAP_INT_730_DMA_CH10 57
-# define OMAP_INT_730_DMA_CH11 58
-# define OMAP_INT_730_DMA_CH12 59
-# define OMAP_INT_730_DMA_CH13 60
-# define OMAP_INT_730_DMA_CH14 61
-# define OMAP_INT_730_DMA_CH15 62
-# define OMAP_INT_730_NAND 63
-
-/*
- * OMAP-24xx common IRQ numbers
- */
-# define OMAP_INT_24XX_STI 4
-# define OMAP_INT_24XX_SYS_NIRQ 7
-# define OMAP_INT_24XX_L3_IRQ 10
-# define OMAP_INT_24XX_PRCM_MPU_IRQ 11
-# define OMAP_INT_24XX_SDMA_IRQ0 12
-# define OMAP_INT_24XX_SDMA_IRQ1 13
-# define OMAP_INT_24XX_SDMA_IRQ2 14
-# define OMAP_INT_24XX_SDMA_IRQ3 15
-# define OMAP_INT_243X_MCBSP2_IRQ 16
-# define OMAP_INT_243X_MCBSP3_IRQ 17
-# define OMAP_INT_243X_MCBSP4_IRQ 18
-# define OMAP_INT_243X_MCBSP5_IRQ 19
-# define OMAP_INT_24XX_GPMC_IRQ 20
-# define OMAP_INT_24XX_GUFFAW_IRQ 21
-# define OMAP_INT_24XX_IVA_IRQ 22
-# define OMAP_INT_24XX_EAC_IRQ 23
-# define OMAP_INT_24XX_CAM_IRQ 24
-# define OMAP_INT_24XX_DSS_IRQ 25
-# define OMAP_INT_24XX_MAIL_U0_MPU 26
-# define OMAP_INT_24XX_DSP_UMA 27
-# define OMAP_INT_24XX_DSP_MMU 28
-# define OMAP_INT_24XX_GPIO_BANK1 29
-# define OMAP_INT_24XX_GPIO_BANK2 30
-# define OMAP_INT_24XX_GPIO_BANK3 31
-# define OMAP_INT_24XX_GPIO_BANK4 32
-# define OMAP_INT_243X_GPIO_BANK5 33
-# define OMAP_INT_24XX_MAIL_U3_MPU 34
-# define OMAP_INT_24XX_WDT3 35
-# define OMAP_INT_24XX_WDT4 36
-# define OMAP_INT_24XX_GPTIMER1 37
-# define OMAP_INT_24XX_GPTIMER2 38
-# define OMAP_INT_24XX_GPTIMER3 39
-# define OMAP_INT_24XX_GPTIMER4 40
-# define OMAP_INT_24XX_GPTIMER5 41
-# define OMAP_INT_24XX_GPTIMER6 42
-# define OMAP_INT_24XX_GPTIMER7 43
-# define OMAP_INT_24XX_GPTIMER8 44
-# define OMAP_INT_24XX_GPTIMER9 45
-# define OMAP_INT_24XX_GPTIMER10 46
-# define OMAP_INT_24XX_GPTIMER11 47
-# define OMAP_INT_24XX_GPTIMER12 48
-# define OMAP_INT_24XX_PKA_IRQ 50
-# define OMAP_INT_24XX_SHA1MD5_IRQ 51
-# define OMAP_INT_24XX_RNG_IRQ 52
-# define OMAP_INT_24XX_MG_IRQ 53
-# define OMAP_INT_24XX_I2C1_IRQ 56
-# define OMAP_INT_24XX_I2C2_IRQ 57
-# define OMAP_INT_24XX_MCBSP1_IRQ_TX 59
-# define OMAP_INT_24XX_MCBSP1_IRQ_RX 60
-# define OMAP_INT_24XX_MCBSP2_IRQ_TX 62
-# define OMAP_INT_24XX_MCBSP2_IRQ_RX 63
-# define OMAP_INT_243X_MCBSP1_IRQ 64
-# define OMAP_INT_24XX_MCSPI1_IRQ 65
-# define OMAP_INT_24XX_MCSPI2_IRQ 66
-# define OMAP_INT_24XX_SSI1_IRQ0 67
-# define OMAP_INT_24XX_SSI1_IRQ1 68
-# define OMAP_INT_24XX_SSI2_IRQ0 69
-# define OMAP_INT_24XX_SSI2_IRQ1 70
-# define OMAP_INT_24XX_SSI_GDD_IRQ 71
-# define OMAP_INT_24XX_UART1_IRQ 72
-# define OMAP_INT_24XX_UART2_IRQ 73
-# define OMAP_INT_24XX_UART3_IRQ 74
-# define OMAP_INT_24XX_USB_IRQ_GEN 75
-# define OMAP_INT_24XX_USB_IRQ_NISO 76
-# define OMAP_INT_24XX_USB_IRQ_ISO 77
-# define OMAP_INT_24XX_USB_IRQ_HGEN 78
-# define OMAP_INT_24XX_USB_IRQ_HSOF 79
-# define OMAP_INT_24XX_USB_IRQ_OTG 80
-# define OMAP_INT_24XX_VLYNQ_IRQ 81
-# define OMAP_INT_24XX_MMC_IRQ 83
-# define OMAP_INT_24XX_MS_IRQ 84
-# define OMAP_INT_24XX_FAC_IRQ 85
-# define OMAP_INT_24XX_MCSPI3_IRQ 91
-# define OMAP_INT_243X_HS_USB_MC 92
-# define OMAP_INT_243X_HS_USB_DMA 93
-# define OMAP_INT_243X_CARKIT 94
-# define OMAP_INT_34XX_GPTIMER12 95
-
-/* omap_dma.c */
-enum omap_dma_model {
- omap_dma_3_0,
- omap_dma_3_1,
- omap_dma_3_2,
- omap_dma_4,
-};
-
-struct soc_dma_s;
-struct soc_dma_s *omap_dma_init(hwaddr base, qemu_irq *irqs,
- MemoryRegion *sysmem,
- qemu_irq lcd_irq, struct omap_mpu_state_s *mpu, omap_clk clk,
- enum omap_dma_model model);
-struct soc_dma_s *omap_dma4_init(hwaddr base, qemu_irq *irqs,
- MemoryRegion *sysmem,
- struct omap_mpu_state_s *mpu, int fifo,
- int chans, omap_clk iclk, omap_clk fclk);
-void omap_dma_reset(struct soc_dma_s *s);
-
-struct dma_irq_map {
- int ih;
- int intr;
-};
-
-/* Only used in OMAP DMA 3.x gigacells */
-enum omap_dma_port {
- emiff = 0,
- emifs,
- imif, /* omap16xx: ocp_t1 */
- tipb,
- local, /* omap16xx: ocp_t2 */
- tipb_mpui,
- __omap_dma_port_last,
-};
-
-typedef enum {
- constant = 0,
- post_incremented,
- single_index,
- double_index,
-} omap_dma_addressing_t;
-
-/* Only used in OMAP DMA 3.x gigacells */
-struct omap_dma_lcd_channel_s {
- enum omap_dma_port src;
- hwaddr src_f1_top;
- hwaddr src_f1_bottom;
- hwaddr src_f2_top;
- hwaddr src_f2_bottom;
-
- /* Used in OMAP DMA 3.2 gigacell */
- unsigned char brust_f1;
- unsigned char pack_f1;
- unsigned char data_type_f1;
- unsigned char brust_f2;
- unsigned char pack_f2;
- unsigned char data_type_f2;
- unsigned char end_prog;
- unsigned char repeat;
- unsigned char auto_init;
- unsigned char priority;
- unsigned char fs;
- unsigned char running;
- unsigned char bs;
- unsigned char omap_3_1_compatible_disable;
- unsigned char dst;
- unsigned char lch_type;
- int16_t element_index_f1;
- int16_t element_index_f2;
- int32_t frame_index_f1;
- int32_t frame_index_f2;
- uint16_t elements_f1;
- uint16_t frames_f1;
- uint16_t elements_f2;
- uint16_t frames_f2;
- omap_dma_addressing_t mode_f1;
- omap_dma_addressing_t mode_f2;
-
- /* Destination port is fixed. */
- int interrupts;
- int condition;
- int dual;
-
- int current_frame;
- hwaddr phys_framebuffer[2];
- qemu_irq irq;
- struct omap_mpu_state_s *mpu;
-} *omap_dma_get_lcdch(struct soc_dma_s *s);
-
-/*
- * DMA request numbers for OMAP1
- * See /usr/include/asm-arm/arch-omap/dma.h in Linux.
- */
-# define OMAP_DMA_NO_DEVICE 0
-# define OMAP_DMA_MCSI1_TX 1
-# define OMAP_DMA_MCSI1_RX 2
-# define OMAP_DMA_I2C_RX 3
-# define OMAP_DMA_I2C_TX 4
-# define OMAP_DMA_EXT_NDMA_REQ0 5
-# define OMAP_DMA_EXT_NDMA_REQ1 6
-# define OMAP_DMA_UWIRE_TX 7
-# define OMAP_DMA_MCBSP1_TX 8
-# define OMAP_DMA_MCBSP1_RX 9
-# define OMAP_DMA_MCBSP3_TX 10
-# define OMAP_DMA_MCBSP3_RX 11
-# define OMAP_DMA_UART1_TX 12
-# define OMAP_DMA_UART1_RX 13
-# define OMAP_DMA_UART2_TX 14
-# define OMAP_DMA_UART2_RX 15
-# define OMAP_DMA_MCBSP2_TX 16
-# define OMAP_DMA_MCBSP2_RX 17
-# define OMAP_DMA_UART3_TX 18
-# define OMAP_DMA_UART3_RX 19
-# define OMAP_DMA_CAMERA_IF_RX 20
-# define OMAP_DMA_MMC_TX 21
-# define OMAP_DMA_MMC_RX 22
-# define OMAP_DMA_NAND 23 /* Not in OMAP310 */
-# define OMAP_DMA_IRQ_LCD_LINE 24 /* Not in OMAP310 */
-# define OMAP_DMA_MEMORY_STICK 25 /* Not in OMAP310 */
-# define OMAP_DMA_USB_W2FC_RX0 26
-# define OMAP_DMA_USB_W2FC_RX1 27
-# define OMAP_DMA_USB_W2FC_RX2 28
-# define OMAP_DMA_USB_W2FC_TX0 29
-# define OMAP_DMA_USB_W2FC_TX1 30
-# define OMAP_DMA_USB_W2FC_TX2 31
-
-/* These are only for 1610 */
-# define OMAP_DMA_CRYPTO_DES_IN 32
-# define OMAP_DMA_SPI_TX 33
-# define OMAP_DMA_SPI_RX 34
-# define OMAP_DMA_CRYPTO_HASH 35
-# define OMAP_DMA_CCP_ATTN 36
-# define OMAP_DMA_CCP_FIFO_NOT_EMPTY 37
-# define OMAP_DMA_CMT_APE_TX_CHAN_0 38
-# define OMAP_DMA_CMT_APE_RV_CHAN_0 39
-# define OMAP_DMA_CMT_APE_TX_CHAN_1 40
-# define OMAP_DMA_CMT_APE_RV_CHAN_1 41
-# define OMAP_DMA_CMT_APE_TX_CHAN_2 42
-# define OMAP_DMA_CMT_APE_RV_CHAN_2 43
-# define OMAP_DMA_CMT_APE_TX_CHAN_3 44
-# define OMAP_DMA_CMT_APE_RV_CHAN_3 45
-# define OMAP_DMA_CMT_APE_TX_CHAN_4 46
-# define OMAP_DMA_CMT_APE_RV_CHAN_4 47
-# define OMAP_DMA_CMT_APE_TX_CHAN_5 48
-# define OMAP_DMA_CMT_APE_RV_CHAN_5 49
-# define OMAP_DMA_CMT_APE_TX_CHAN_6 50
-# define OMAP_DMA_CMT_APE_RV_CHAN_6 51
-# define OMAP_DMA_CMT_APE_TX_CHAN_7 52
-# define OMAP_DMA_CMT_APE_RV_CHAN_7 53
-# define OMAP_DMA_MMC2_TX 54
-# define OMAP_DMA_MMC2_RX 55
-# define OMAP_DMA_CRYPTO_DES_OUT 56
-
-/*
- * DMA request numbers for the OMAP2
- */
-# define OMAP24XX_DMA_NO_DEVICE 0
-# define OMAP24XX_DMA_XTI_DMA 1 /* Not in OMAP2420 */
-# define OMAP24XX_DMA_EXT_DMAREQ0 2
-# define OMAP24XX_DMA_EXT_DMAREQ1 3
-# define OMAP24XX_DMA_GPMC 4
-# define OMAP24XX_DMA_GFX 5 /* Not in OMAP2420 */
-# define OMAP24XX_DMA_DSS 6
-# define OMAP24XX_DMA_VLYNQ_TX 7 /* Not in OMAP2420 */
-# define OMAP24XX_DMA_CWT 8 /* Not in OMAP2420 */
-# define OMAP24XX_DMA_AES_TX 9 /* Not in OMAP2420 */
-# define OMAP24XX_DMA_AES_RX 10 /* Not in OMAP2420 */
-# define OMAP24XX_DMA_DES_TX 11 /* Not in OMAP2420 */
-# define OMAP24XX_DMA_DES_RX 12 /* Not in OMAP2420 */
-# define OMAP24XX_DMA_SHA1MD5_RX 13 /* Not in OMAP2420 */
-# define OMAP24XX_DMA_EXT_DMAREQ2 14
-# define OMAP24XX_DMA_EXT_DMAREQ3 15
-# define OMAP24XX_DMA_EXT_DMAREQ4 16
-# define OMAP24XX_DMA_EAC_AC_RD 17
-# define OMAP24XX_DMA_EAC_AC_WR 18
-# define OMAP24XX_DMA_EAC_MD_UL_RD 19
-# define OMAP24XX_DMA_EAC_MD_UL_WR 20
-# define OMAP24XX_DMA_EAC_MD_DL_RD 21
-# define OMAP24XX_DMA_EAC_MD_DL_WR 22
-# define OMAP24XX_DMA_EAC_BT_UL_RD 23
-# define OMAP24XX_DMA_EAC_BT_UL_WR 24
-# define OMAP24XX_DMA_EAC_BT_DL_RD 25
-# define OMAP24XX_DMA_EAC_BT_DL_WR 26
-# define OMAP24XX_DMA_I2C1_TX 27
-# define OMAP24XX_DMA_I2C1_RX 28
-# define OMAP24XX_DMA_I2C2_TX 29
-# define OMAP24XX_DMA_I2C2_RX 30
-# define OMAP24XX_DMA_MCBSP1_TX 31
-# define OMAP24XX_DMA_MCBSP1_RX 32
-# define OMAP24XX_DMA_MCBSP2_TX 33
-# define OMAP24XX_DMA_MCBSP2_RX 34
-# define OMAP24XX_DMA_SPI1_TX0 35
-# define OMAP24XX_DMA_SPI1_RX0 36
-# define OMAP24XX_DMA_SPI1_TX1 37
-# define OMAP24XX_DMA_SPI1_RX1 38
-# define OMAP24XX_DMA_SPI1_TX2 39
-# define OMAP24XX_DMA_SPI1_RX2 40
-# define OMAP24XX_DMA_SPI1_TX3 41
-# define OMAP24XX_DMA_SPI1_RX3 42
-# define OMAP24XX_DMA_SPI2_TX0 43
-# define OMAP24XX_DMA_SPI2_RX0 44
-# define OMAP24XX_DMA_SPI2_TX1 45
-# define OMAP24XX_DMA_SPI2_RX1 46
-
-# define OMAP24XX_DMA_UART1_TX 49
-# define OMAP24XX_DMA_UART1_RX 50
-# define OMAP24XX_DMA_UART2_TX 51
-# define OMAP24XX_DMA_UART2_RX 52
-# define OMAP24XX_DMA_UART3_TX 53
-# define OMAP24XX_DMA_UART3_RX 54
-# define OMAP24XX_DMA_USB_W2FC_TX0 55
-# define OMAP24XX_DMA_USB_W2FC_RX0 56
-# define OMAP24XX_DMA_USB_W2FC_TX1 57
-# define OMAP24XX_DMA_USB_W2FC_RX1 58
-# define OMAP24XX_DMA_USB_W2FC_TX2 59
-# define OMAP24XX_DMA_USB_W2FC_RX2 60
-# define OMAP24XX_DMA_MMC1_TX 61
-# define OMAP24XX_DMA_MMC1_RX 62
-# define OMAP24XX_DMA_MS 63 /* Not in OMAP2420 */
-# define OMAP24XX_DMA_EXT_DMAREQ5 64
-
-/* omap[123].c */
-/* OMAP2 gp timer */
-struct omap_gp_timer_s;
-struct omap_gp_timer_s *omap_gp_timer_init(struct omap_target_agent_s *ta,
- qemu_irq irq, omap_clk fclk, omap_clk iclk);
-void omap_gp_timer_reset(struct omap_gp_timer_s *s);
-
-/* OMAP2 sysctimer */
-struct omap_synctimer_s;
-struct omap_synctimer_s *omap_synctimer_init(struct omap_target_agent_s *ta,
- struct omap_mpu_state_s *mpu, omap_clk fclk, omap_clk iclk);
-void omap_synctimer_reset(struct omap_synctimer_s *s);
-
-struct omap_uart_s;
-struct omap_uart_s *omap_uart_init(hwaddr base,
- qemu_irq irq, omap_clk fclk, omap_clk iclk,
- qemu_irq txdma, qemu_irq rxdma,
- const char *label, CharDriverState *chr);
-struct omap_uart_s *omap2_uart_init(MemoryRegion *sysmem,
- struct omap_target_agent_s *ta,
- qemu_irq irq, omap_clk fclk, omap_clk iclk,
- qemu_irq txdma, qemu_irq rxdma,
- const char *label, CharDriverState *chr);
-void omap_uart_reset(struct omap_uart_s *s);
-void omap_uart_attach(struct omap_uart_s *s, CharDriverState *chr);
-
-struct omap_mpuio_s;
-qemu_irq *omap_mpuio_in_get(struct omap_mpuio_s *s);
-void omap_mpuio_out_set(struct omap_mpuio_s *s, int line, qemu_irq handler);
-void omap_mpuio_key(struct omap_mpuio_s *s, int row, int col, int down);
-
-struct uWireSlave {
- uint16_t (*receive)(void *opaque);
- void (*send)(void *opaque, uint16_t data);
- void *opaque;
-};
-struct omap_uwire_s;
-void omap_uwire_attach(struct omap_uwire_s *s,
- uWireSlave *slave, int chipselect);
-
-/* OMAP2 spi */
-struct omap_mcspi_s;
-struct omap_mcspi_s *omap_mcspi_init(struct omap_target_agent_s *ta, int chnum,
- qemu_irq irq, qemu_irq *drq, omap_clk fclk, omap_clk iclk);
-void omap_mcspi_attach(struct omap_mcspi_s *s,
- uint32_t (*txrx)(void *opaque, uint32_t, int), void *opaque,
- int chipselect);
-void omap_mcspi_reset(struct omap_mcspi_s *s);
-
-struct I2SCodec {
- void *opaque;
-
- /* The CPU can call this if it is generating the clock signal on the
- * i2s port. The CODEC can ignore it if it is set up as a clock
- * master and generates its own clock. */
- void (*set_rate)(void *opaque, int in, int out);
-
- void (*tx_swallow)(void *opaque);
- qemu_irq rx_swallow;
- qemu_irq tx_start;
-
- int tx_rate;
- int cts;
- int rx_rate;
- int rts;
-
- struct i2s_fifo_s {
- uint8_t *fifo;
- int len;
- int start;
- int size;
- } in, out;
-};
-struct omap_mcbsp_s;
-void omap_mcbsp_i2s_attach(struct omap_mcbsp_s *s, I2SCodec *slave);
-
-void omap_tap_init(struct omap_target_agent_s *ta,
- struct omap_mpu_state_s *mpu);
-
-/* omap_lcdc.c */
-struct omap_lcd_panel_s;
-void omap_lcdc_reset(struct omap_lcd_panel_s *s);
-struct omap_lcd_panel_s *omap_lcdc_init(MemoryRegion *sysmem,
- hwaddr base,
- qemu_irq irq,
- struct omap_dma_lcd_channel_s *dma,
- omap_clk clk);
-
-/* omap_dss.c */
-struct rfbi_chip_s {
- void *opaque;
- void (*write)(void *opaque, int dc, uint16_t value);
- void (*block)(void *opaque, int dc, void *buf, size_t len, int pitch);
- uint16_t (*read)(void *opaque, int dc);
-};
-struct omap_dss_s;
-void omap_dss_reset(struct omap_dss_s *s);
-struct omap_dss_s *omap_dss_init(struct omap_target_agent_s *ta,
- MemoryRegion *sysmem,
- hwaddr l3_base,
- qemu_irq irq, qemu_irq drq,
- omap_clk fck1, omap_clk fck2, omap_clk ck54m,
- omap_clk ick1, omap_clk ick2);
-void omap_rfbi_attach(struct omap_dss_s *s, int cs, struct rfbi_chip_s *chip);
-
-/* omap_mmc.c */
-struct omap_mmc_s;
-struct omap_mmc_s *omap_mmc_init(hwaddr base,
- MemoryRegion *sysmem,
- BlockDriverState *bd,
- qemu_irq irq, qemu_irq dma[], omap_clk clk);
-struct omap_mmc_s *omap2_mmc_init(struct omap_target_agent_s *ta,
- BlockDriverState *bd, qemu_irq irq, qemu_irq dma[],
- omap_clk fclk, omap_clk iclk);
-void omap_mmc_reset(struct omap_mmc_s *s);
-void omap_mmc_handlers(struct omap_mmc_s *s, qemu_irq ro, qemu_irq cover);
-void omap_mmc_enable(struct omap_mmc_s *s, int enable);
-
-/* omap_i2c.c */
-i2c_bus *omap_i2c_bus(DeviceState *omap_i2c);
-
-# define cpu_is_omap310(cpu) (cpu->mpu_model == omap310)
-# define cpu_is_omap1510(cpu) (cpu->mpu_model == omap1510)
-# define cpu_is_omap1610(cpu) (cpu->mpu_model == omap1610)
-# define cpu_is_omap1710(cpu) (cpu->mpu_model == omap1710)
-# define cpu_is_omap2410(cpu) (cpu->mpu_model == omap2410)
-# define cpu_is_omap2420(cpu) (cpu->mpu_model == omap2420)
-# define cpu_is_omap2430(cpu) (cpu->mpu_model == omap2430)
-# define cpu_is_omap3430(cpu) (cpu->mpu_model == omap3430)
-# define cpu_is_omap3630(cpu) (cpu->mpu_model == omap3630)
-
-# define cpu_is_omap15xx(cpu) \
- (cpu_is_omap310(cpu) || cpu_is_omap1510(cpu))
-# define cpu_is_omap16xx(cpu) \
- (cpu_is_omap1610(cpu) || cpu_is_omap1710(cpu))
-# define cpu_is_omap24xx(cpu) \
- (cpu_is_omap2410(cpu) || cpu_is_omap2420(cpu) || cpu_is_omap2430(cpu))
-
-# define cpu_class_omap1(cpu) \
- (cpu_is_omap15xx(cpu) || cpu_is_omap16xx(cpu))
-# define cpu_class_omap2(cpu) cpu_is_omap24xx(cpu)
-# define cpu_class_omap3(cpu) \
- (cpu_is_omap3430(cpu) || cpu_is_omap3630(cpu))
-
-struct omap_mpu_state_s {
- enum omap_mpu_model {
- omap310,
- omap1510,
- omap1610,
- omap1710,
- omap2410,
- omap2420,
- omap2422,
- omap2423,
- omap2430,
- omap3430,
- omap3630,
- } mpu_model;
-
- ARMCPU *cpu;
-
- qemu_irq *drq;
-
- qemu_irq wakeup;
-
- MemoryRegion ulpd_pm_iomem;
- MemoryRegion pin_cfg_iomem;
- MemoryRegion id_iomem;
- MemoryRegion id_iomem_e18;
- MemoryRegion id_iomem_ed4;
- MemoryRegion id_iomem_e20;
- MemoryRegion mpui_iomem;
- MemoryRegion tcmi_iomem;
- MemoryRegion clkm_iomem;
- MemoryRegion clkdsp_iomem;
- MemoryRegion mpui_io_iomem;
- MemoryRegion tap_iomem;
- MemoryRegion imif_ram;
- MemoryRegion emiff_ram;
- MemoryRegion sdram;
- MemoryRegion sram;
-
- struct omap_dma_port_if_s {
- uint32_t (*read[3])(struct omap_mpu_state_s *s,
- hwaddr offset);
- void (*write[3])(struct omap_mpu_state_s *s,
- hwaddr offset, uint32_t value);
- int (*addr_valid)(struct omap_mpu_state_s *s,
- hwaddr addr);
- } port[__omap_dma_port_last];
-
- unsigned long sdram_size;
- unsigned long sram_size;
-
- /* MPUI-TIPB peripherals */
- struct omap_uart_s *uart[3];
-
- DeviceState *gpio;
-
- struct omap_mcbsp_s *mcbsp1;
- struct omap_mcbsp_s *mcbsp3;
-
- /* MPU public TIPB peripherals */
- struct omap_32khz_timer_s *os_timer;
-
- struct omap_mmc_s *mmc;
-
- struct omap_mpuio_s *mpuio;
-
- struct omap_uwire_s *microwire;
-
- struct omap_pwl_s *pwl;
- struct omap_pwt_s *pwt;
- DeviceState *i2c[2];
-
- struct omap_rtc_s *rtc;
-
- struct omap_mcbsp_s *mcbsp2;
-
- struct omap_lpg_s *led[2];
-
- /* MPU private TIPB peripherals */
- DeviceState *ih[2];
-
- struct soc_dma_s *dma;
-
- struct omap_mpu_timer_s *timer[3];
- struct omap_watchdog_timer_s *wdt;
-
- struct omap_lcd_panel_s *lcd;
-
- uint32_t ulpd_pm_regs[21];
- int64_t ulpd_gauge_start;
-
- uint32_t func_mux_ctrl[14];
- uint32_t comp_mode_ctrl[1];
- uint32_t pull_dwn_ctrl[4];
- uint32_t gate_inh_ctrl[1];
- uint32_t voltage_ctrl[1];
- uint32_t test_dbg_ctrl[1];
- uint32_t mod_conf_ctrl[1];
- int compat1509;
-
- uint32_t mpui_ctrl;
-
- struct omap_tipb_bridge_s *private_tipb;
- struct omap_tipb_bridge_s *public_tipb;
-
- uint32_t tcmi_regs[17];
-
- struct dpll_ctl_s *dpll[3];
-
- omap_clk clks;
- struct {
- int cold_start;
- int clocking_scheme;
- uint16_t arm_ckctl;
- uint16_t arm_idlect1;
- uint16_t arm_idlect2;
- uint16_t arm_ewupct;
- uint16_t arm_rstct1;
- uint16_t arm_rstct2;
- uint16_t arm_ckout1;
- int dpll1_mode;
- uint16_t dsp_idlect1;
- uint16_t dsp_idlect2;
- uint16_t dsp_rstct2;
- } clkm;
-
- /* OMAP2-only peripherals */
- struct omap_l4_s *l4;
-
- struct omap_gp_timer_s *gptimer[12];
- struct omap_synctimer_s *synctimer;
-
- struct omap_prcm_s *prcm;
- struct omap_sdrc_s *sdrc;
- struct omap_gpmc_s *gpmc;
- struct omap_sysctl_s *sysc;
-
- struct omap_mcspi_s *mcspi[2];
-
- struct omap_dss_s *dss;
-
- struct omap_eac_s *eac;
-};
-
-/* omap1.c */
-struct omap_mpu_state_s *omap310_mpu_init(MemoryRegion *system_memory,
- unsigned long sdram_size,
- const char *core);
-
-/* omap2.c */
-struct omap_mpu_state_s *omap2420_mpu_init(MemoryRegion *sysmem,
- unsigned long sdram_size,
- const char *core);
-
-#define OMAP_FMT_plx "%#08" HWADDR_PRIx
-
-uint32_t omap_badwidth_read8(void *opaque, hwaddr addr);
-void omap_badwidth_write8(void *opaque, hwaddr addr,
- uint32_t value);
-uint32_t omap_badwidth_read16(void *opaque, hwaddr addr);
-void omap_badwidth_write16(void *opaque, hwaddr addr,
- uint32_t value);
-uint32_t omap_badwidth_read32(void *opaque, hwaddr addr);
-void omap_badwidth_write32(void *opaque, hwaddr addr,
- uint32_t value);
-
-void omap_mpu_wakeup(void *opaque, int irq, int req);
-
-# define OMAP_BAD_REG(paddr) \
- fprintf(stderr, "%s: Bad register " OMAP_FMT_plx "\n", \
- __FUNCTION__, paddr)
-# define OMAP_RO_REG(paddr) \
- fprintf(stderr, "%s: Read-only register " OMAP_FMT_plx "\n", \
- __FUNCTION__, paddr)
-
-/* OMAP-specific Linux bootloader tags for the ATAG_BOARD area
- (Board-specifc tags are not here) */
-#define OMAP_TAG_CLOCK 0x4f01
-#define OMAP_TAG_MMC 0x4f02
-#define OMAP_TAG_SERIAL_CONSOLE 0x4f03
-#define OMAP_TAG_USB 0x4f04
-#define OMAP_TAG_LCD 0x4f05
-#define OMAP_TAG_GPIO_SWITCH 0x4f06
-#define OMAP_TAG_UART 0x4f07
-#define OMAP_TAG_FBMEM 0x4f08
-#define OMAP_TAG_STI_CONSOLE 0x4f09
-#define OMAP_TAG_CAMERA_SENSOR 0x4f0a
-#define OMAP_TAG_PARTITION 0x4f0b
-#define OMAP_TAG_TEA5761 0x4f10
-#define OMAP_TAG_TMP105 0x4f11
-#define OMAP_TAG_BOOT_REASON 0x4f80
-#define OMAP_TAG_FLASH_PART_STR 0x4f81
-#define OMAP_TAG_VERSION_STR 0x4f82
-
-enum {
- OMAP_GPIOSW_TYPE_COVER = 0 << 4,
- OMAP_GPIOSW_TYPE_CONNECTION = 1 << 4,
- OMAP_GPIOSW_TYPE_ACTIVITY = 2 << 4,
-};
-
-#define OMAP_GPIOSW_INVERTED 0x0001
-#define OMAP_GPIOSW_OUTPUT 0x0002
-
-# define TCMI_VERBOSE 1
-
-# ifdef TCMI_VERBOSE
-# define OMAP_8B_REG(paddr) \
- fprintf(stderr, "%s: 8-bit register " OMAP_FMT_plx "\n", \
- __FUNCTION__, paddr)
-# define OMAP_16B_REG(paddr) \
- fprintf(stderr, "%s: 16-bit register " OMAP_FMT_plx "\n", \
- __FUNCTION__, paddr)
-# define OMAP_32B_REG(paddr) \
- fprintf(stderr, "%s: 32-bit register " OMAP_FMT_plx "\n", \
- __FUNCTION__, paddr)
-# else
-# define OMAP_8B_REG(paddr)
-# define OMAP_16B_REG(paddr)
-# define OMAP_32B_REG(paddr)
-# endif
-
-# define OMAP_MPUI_REG_MASK 0x000007ff
-
-#endif /* hw_omap_h */
diff --git a/hw/omap1.c b/hw/omap1.c
deleted file mode 100644
index 4d5815eb0..000000000
--- a/hw/omap1.c
+++ /dev/null
@@ -1,4053 +0,0 @@
-/*
- * TI OMAP processors emulation.
- *
- * Copyright (C) 2006-2008 Andrzej Zaborowski <balrog@zabor.org>
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License as
- * published by the Free Software Foundation; either version 2 or
- * (at your option) version 3 of the License.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, see <http://www.gnu.org/licenses/>.
- */
-#include "hw.h"
-#include "arm-misc.h"
-#include "omap.h"
-#include "sysemu.h"
-#include "soc_dma.h"
-#include "blockdev.h"
-#include "range.h"
-#include "sysbus.h"
-
-/* Should signal the TCMI/GPMC */
-uint32_t omap_badwidth_read8(void *opaque, hwaddr addr)
-{
- uint8_t ret;
-
- OMAP_8B_REG(addr);
- cpu_physical_memory_read(addr, (void *) &ret, 1);
- return ret;
-}
-
-void omap_badwidth_write8(void *opaque, hwaddr addr,
- uint32_t value)
-{
- uint8_t val8 = value;
-
- OMAP_8B_REG(addr);
- cpu_physical_memory_write(addr, (void *) &val8, 1);
-}
-
-uint32_t omap_badwidth_read16(void *opaque, hwaddr addr)
-{
- uint16_t ret;
-
- OMAP_16B_REG(addr);
- cpu_physical_memory_read(addr, (void *) &ret, 2);
- return ret;
-}
-
-void omap_badwidth_write16(void *opaque, hwaddr addr,
- uint32_t value)
-{
- uint16_t val16 = value;
-
- OMAP_16B_REG(addr);
- cpu_physical_memory_write(addr, (void *) &val16, 2);
-}
-
-uint32_t omap_badwidth_read32(void *opaque, hwaddr addr)
-{
- uint32_t ret;
-
- OMAP_32B_REG(addr);
- cpu_physical_memory_read(addr, (void *) &ret, 4);
- return ret;
-}
-
-void omap_badwidth_write32(void *opaque, hwaddr addr,
- uint32_t value)
-{
- OMAP_32B_REG(addr);
- cpu_physical_memory_write(addr, (void *) &value, 4);
-}
-
-/* MPU OS timers */
-struct omap_mpu_timer_s {
- MemoryRegion iomem;
- qemu_irq irq;
- omap_clk clk;
- uint32_t val;
- int64_t time;
- QEMUTimer *timer;
- QEMUBH *tick;
- int64_t rate;
- int it_ena;
-
- int enable;
- int ptv;
- int ar;
- int st;
- uint32_t reset_val;
-};
-
-static inline uint32_t omap_timer_read(struct omap_mpu_timer_s *timer)
-{
- uint64_t distance = qemu_get_clock_ns(vm_clock) - timer->time;
-
- if (timer->st && timer->enable && timer->rate)
- return timer->val - muldiv64(distance >> (timer->ptv + 1),
- timer->rate, get_ticks_per_sec());
- else
- return timer->val;
-}
-
-static inline void omap_timer_sync(struct omap_mpu_timer_s *timer)
-{
- timer->val = omap_timer_read(timer);
- timer->time = qemu_get_clock_ns(vm_clock);
-}
-
-static inline void omap_timer_update(struct omap_mpu_timer_s *timer)
-{
- int64_t expires;
-
- if (timer->enable && timer->st && timer->rate) {
- timer->val = timer->reset_val; /* Should skip this on clk enable */
- expires = muldiv64((uint64_t) timer->val << (timer->ptv + 1),
- get_ticks_per_sec(), timer->rate);
-
- /* If timer expiry would be sooner than in about 1 ms and
- * auto-reload isn't set, then fire immediately. This is a hack
- * to make systems like PalmOS run in acceptable time. PalmOS
- * sets the interval to a very low value and polls the status bit
- * in a busy loop when it wants to sleep just a couple of CPU
- * ticks. */
- if (expires > (get_ticks_per_sec() >> 10) || timer->ar)
- qemu_mod_timer(timer->timer, timer->time + expires);
- else
- qemu_bh_schedule(timer->tick);
- } else
- qemu_del_timer(timer->timer);
-}
-
-static void omap_timer_fire(void *opaque)
-{
- struct omap_mpu_timer_s *timer = opaque;
-
- if (!timer->ar) {
- timer->val = 0;
- timer->st = 0;
- }
-
- if (timer->it_ena)
- /* Edge-triggered irq */
- qemu_irq_pulse(timer->irq);
-}
-
-static void omap_timer_tick(void *opaque)
-{
- struct omap_mpu_timer_s *timer = (struct omap_mpu_timer_s *) opaque;
-
- omap_timer_sync(timer);
- omap_timer_fire(timer);
- omap_timer_update(timer);
-}
-
-static void omap_timer_clk_update(void *opaque, int line, int on)
-{
- struct omap_mpu_timer_s *timer = (struct omap_mpu_timer_s *) opaque;
-
- omap_timer_sync(timer);
- timer->rate = on ? omap_clk_getrate(timer->clk) : 0;
- omap_timer_update(timer);
-}
-
-static void omap_timer_clk_setup(struct omap_mpu_timer_s *timer)
-{
- omap_clk_adduser(timer->clk,
- qemu_allocate_irqs(omap_timer_clk_update, timer, 1)[0]);
- timer->rate = omap_clk_getrate(timer->clk);
-}
-
-static uint64_t omap_mpu_timer_read(void *opaque, hwaddr addr,
- unsigned size)
-{
- struct omap_mpu_timer_s *s = (struct omap_mpu_timer_s *) opaque;
-
- if (size != 4) {
- return omap_badwidth_read32(opaque, addr);
- }
-
- switch (addr) {
- case 0x00: /* CNTL_TIMER */
- return (s->enable << 5) | (s->ptv << 2) | (s->ar << 1) | s->st;
-
- case 0x04: /* LOAD_TIM */
- break;
-
- case 0x08: /* READ_TIM */
- return omap_timer_read(s);
- }
-
- OMAP_BAD_REG(addr);
- return 0;
-}
-
-static void omap_mpu_timer_write(void *opaque, hwaddr addr,
- uint64_t value, unsigned size)
-{
- struct omap_mpu_timer_s *s = (struct omap_mpu_timer_s *) opaque;
-
- if (size != 4) {
- return omap_badwidth_write32(opaque, addr, value);
- }
-
- switch (addr) {
- case 0x00: /* CNTL_TIMER */
- omap_timer_sync(s);
- s->enable = (value >> 5) & 1;
- s->ptv = (value >> 2) & 7;
- s->ar = (value >> 1) & 1;
- s->st = value & 1;
- omap_timer_update(s);
- return;
-
- case 0x04: /* LOAD_TIM */
- s->reset_val = value;
- return;
-
- case 0x08: /* READ_TIM */
- OMAP_RO_REG(addr);
- break;
-
- default:
- OMAP_BAD_REG(addr);
- }
-}
-
-static const MemoryRegionOps omap_mpu_timer_ops = {
- .read = omap_mpu_timer_read,
- .write = omap_mpu_timer_write,
- .endianness = DEVICE_LITTLE_ENDIAN,
-};
-
-static void omap_mpu_timer_reset(struct omap_mpu_timer_s *s)
-{
- qemu_del_timer(s->timer);
- s->enable = 0;
- s->reset_val = 31337;
- s->val = 0;
- s->ptv = 0;
- s->ar = 0;
- s->st = 0;
- s->it_ena = 1;
-}
-
-static struct omap_mpu_timer_s *omap_mpu_timer_init(MemoryRegion *system_memory,
- hwaddr base,
- qemu_irq irq, omap_clk clk)
-{
- struct omap_mpu_timer_s *s = (struct omap_mpu_timer_s *)
- g_malloc0(sizeof(struct omap_mpu_timer_s));
-
- s->irq = irq;
- s->clk = clk;
- s->timer = qemu_new_timer_ns(vm_clock, omap_timer_tick, s);
- s->tick = qemu_bh_new(omap_timer_fire, s);
- omap_mpu_timer_reset(s);
- omap_timer_clk_setup(s);
-
- memory_region_init_io(&s->iomem, &omap_mpu_timer_ops, s,
- "omap-mpu-timer", 0x100);
-
- memory_region_add_subregion(system_memory, base, &s->iomem);
-
- return s;
-}
-
-/* Watchdog timer */
-struct omap_watchdog_timer_s {
- struct omap_mpu_timer_s timer;
- MemoryRegion iomem;
- uint8_t last_wr;
- int mode;
- int free;
- int reset;
-};
-
-static uint64_t omap_wd_timer_read(void *opaque, hwaddr addr,
- unsigned size)
-{
- struct omap_watchdog_timer_s *s = (struct omap_watchdog_timer_s *) opaque;
-
- if (size != 2) {
- return omap_badwidth_read16(opaque, addr);
- }
-
- switch (addr) {
- case 0x00: /* CNTL_TIMER */
- return (s->timer.ptv << 9) | (s->timer.ar << 8) |
- (s->timer.st << 7) | (s->free << 1);
-
- case 0x04: /* READ_TIMER */
- return omap_timer_read(&s->timer);
-
- case 0x08: /* TIMER_MODE */
- return s->mode << 15;
- }
-
- OMAP_BAD_REG(addr);
- return 0;
-}
-
-static void omap_wd_timer_write(void *opaque, hwaddr addr,
- uint64_t value, unsigned size)
-{
- struct omap_watchdog_timer_s *s = (struct omap_watchdog_timer_s *) opaque;
-
- if (size != 2) {
- return omap_badwidth_write16(opaque, addr, value);
- }
-
- switch (addr) {
- case 0x00: /* CNTL_TIMER */
- omap_timer_sync(&s->timer);
- s->timer.ptv = (value >> 9) & 7;
- s->timer.ar = (value >> 8) & 1;
- s->timer.st = (value >> 7) & 1;
- s->free = (value >> 1) & 1;
- omap_timer_update(&s->timer);
- break;
-
- case 0x04: /* LOAD_TIMER */
- s->timer.reset_val = value & 0xffff;
- break;
-
- case 0x08: /* TIMER_MODE */
- if (!s->mode && ((value >> 15) & 1))
- omap_clk_get(s->timer.clk);
- s->mode |= (value >> 15) & 1;
- if (s->last_wr == 0xf5) {
- if ((value & 0xff) == 0xa0) {
- if (s->mode) {
- s->mode = 0;
- omap_clk_put(s->timer.clk);
- }
- } else {
- /* XXX: on T|E hardware somehow this has no effect,
- * on Zire 71 it works as specified. */
- s->reset = 1;
- qemu_system_reset_request();
- }
- }
- s->last_wr = value & 0xff;
- break;
-
- default:
- OMAP_BAD_REG(addr);
- }
-}
-
-static const MemoryRegionOps omap_wd_timer_ops = {
- .read = omap_wd_timer_read,
- .write = omap_wd_timer_write,
- .endianness = DEVICE_NATIVE_ENDIAN,
-};
-
-static void omap_wd_timer_reset(struct omap_watchdog_timer_s *s)
-{
- qemu_del_timer(s->timer.timer);
- if (!s->mode)
- omap_clk_get(s->timer.clk);
- s->mode = 1;
- s->free = 1;
- s->reset = 0;
- s->timer.enable = 1;
- s->timer.it_ena = 1;
- s->timer.reset_val = 0xffff;
- s->timer.val = 0;
- s->timer.st = 0;
- s->timer.ptv = 0;
- s->timer.ar = 0;
- omap_timer_update(&s->timer);
-}
-
-static struct omap_watchdog_timer_s *omap_wd_timer_init(MemoryRegion *memory,
- hwaddr base,
- qemu_irq irq, omap_clk clk)
-{
- struct omap_watchdog_timer_s *s = (struct omap_watchdog_timer_s *)
- g_malloc0(sizeof(struct omap_watchdog_timer_s));
-
- s->timer.irq = irq;
- s->timer.clk = clk;
- s->timer.timer = qemu_new_timer_ns(vm_clock, omap_timer_tick, &s->timer);
- omap_wd_timer_reset(s);
- omap_timer_clk_setup(&s->timer);
-
- memory_region_init_io(&s->iomem, &omap_wd_timer_ops, s,
- "omap-wd-timer", 0x100);
- memory_region_add_subregion(memory, base, &s->iomem);
-
- return s;
-}
-
-/* 32-kHz timer */
-struct omap_32khz_timer_s {
- struct omap_mpu_timer_s timer;
- MemoryRegion iomem;
-};
-
-static uint64_t omap_os_timer_read(void *opaque, hwaddr addr,
- unsigned size)
-{
- struct omap_32khz_timer_s *s = (struct omap_32khz_timer_s *) opaque;
- int offset = addr & OMAP_MPUI_REG_MASK;
-
- if (size != 4) {
- return omap_badwidth_read32(opaque, addr);
- }
-
- switch (offset) {
- case 0x00: /* TVR */
- return s->timer.reset_val;
-
- case 0x04: /* TCR */
- return omap_timer_read(&s->timer);
-
- case 0x08: /* CR */
- return (s->timer.ar << 3) | (s->timer.it_ena << 2) | s->timer.st;
-
- default:
- break;
- }
- OMAP_BAD_REG(addr);
- return 0;
-}
-
-static void omap_os_timer_write(void *opaque, hwaddr addr,
- uint64_t value, unsigned size)
-{
- struct omap_32khz_timer_s *s = (struct omap_32khz_timer_s *) opaque;
- int offset = addr & OMAP_MPUI_REG_MASK;
-
- if (size != 4) {
- return omap_badwidth_write32(opaque, addr, value);
- }
-
- switch (offset) {
- case 0x00: /* TVR */
- s->timer.reset_val = value & 0x00ffffff;
- break;
-
- case 0x04: /* TCR */
- OMAP_RO_REG(addr);
- break;
-
- case 0x08: /* CR */
- s->timer.ar = (value >> 3) & 1;
- s->timer.it_ena = (value >> 2) & 1;
- if (s->timer.st != (value & 1) || (value & 2)) {
- omap_timer_sync(&s->timer);
- s->timer.enable = value & 1;
- s->timer.st = value & 1;
- omap_timer_update(&s->timer);
- }
- break;
-
- default:
- OMAP_BAD_REG(addr);
- }
-}
-
-static const MemoryRegionOps omap_os_timer_ops = {
- .read = omap_os_timer_read,
- .write = omap_os_timer_write,
- .endianness = DEVICE_NATIVE_ENDIAN,
-};
-
-static void omap_os_timer_reset(struct omap_32khz_timer_s *s)
-{
- qemu_del_timer(s->timer.timer);
- s->timer.enable = 0;
- s->timer.it_ena = 0;
- s->timer.reset_val = 0x00ffffff;
- s->timer.val = 0;
- s->timer.st = 0;
- s->timer.ptv = 0;
- s->timer.ar = 1;
-}
-
-static struct omap_32khz_timer_s *omap_os_timer_init(MemoryRegion *memory,
- hwaddr base,
- qemu_irq irq, omap_clk clk)
-{
- struct omap_32khz_timer_s *s = (struct omap_32khz_timer_s *)
- g_malloc0(sizeof(struct omap_32khz_timer_s));
-
- s->timer.irq = irq;
- s->timer.clk = clk;
- s->timer.timer = qemu_new_timer_ns(vm_clock, omap_timer_tick, &s->timer);
- omap_os_timer_reset(s);
- omap_timer_clk_setup(&s->timer);
-
- memory_region_init_io(&s->iomem, &omap_os_timer_ops, s,
- "omap-os-timer", 0x800);
- memory_region_add_subregion(memory, base, &s->iomem);
-
- return s;
-}
-
-/* Ultra Low-Power Device Module */
-static uint64_t omap_ulpd_pm_read(void *opaque, hwaddr addr,
- unsigned size)
-{
- struct omap_mpu_state_s *s = (struct omap_mpu_state_s *) opaque;
- uint16_t ret;
-
- if (size != 2) {
- return omap_badwidth_read16(opaque, addr);
- }
-
- switch (addr) {
- case 0x14: /* IT_STATUS */
- ret = s->ulpd_pm_regs[addr >> 2];
- s->ulpd_pm_regs[addr >> 2] = 0;
- qemu_irq_lower(qdev_get_gpio_in(s->ih[1], OMAP_INT_GAUGE_32K));
- return ret;
-
- case 0x18: /* Reserved */
- case 0x1c: /* Reserved */
- case 0x20: /* Reserved */
- case 0x28: /* Reserved */
- case 0x2c: /* Reserved */
- OMAP_BAD_REG(addr);
- case 0x00: /* COUNTER_32_LSB */
- case 0x04: /* COUNTER_32_MSB */
- case 0x08: /* COUNTER_HIGH_FREQ_LSB */
- case 0x0c: /* COUNTER_HIGH_FREQ_MSB */
- case 0x10: /* GAUGING_CTRL */
- case 0x24: /* SETUP_ANALOG_CELL3_ULPD1 */
- case 0x30: /* CLOCK_CTRL */
- case 0x34: /* SOFT_REQ */
- case 0x38: /* COUNTER_32_FIQ */
- case 0x3c: /* DPLL_CTRL */
- case 0x40: /* STATUS_REQ */
- /* XXX: check clk::usecount state for every clock */
- case 0x48: /* LOCL_TIME */
- case 0x4c: /* APLL_CTRL */
- case 0x50: /* POWER_CTRL */
- return s->ulpd_pm_regs[addr >> 2];
- }
-
- OMAP_BAD_REG(addr);
- return 0;
-}
-
-static inline void omap_ulpd_clk_update(struct omap_mpu_state_s *s,
- uint16_t diff, uint16_t value)
-{
- if (diff & (1 << 4)) /* USB_MCLK_EN */
- omap_clk_onoff(omap_findclk(s, "usb_clk0"), (value >> 4) & 1);
- if (diff & (1 << 5)) /* DIS_USB_PVCI_CLK */
- omap_clk_onoff(omap_findclk(s, "usb_w2fc_ck"), (~value >> 5) & 1);
-}
-
-static inline void omap_ulpd_req_update(struct omap_mpu_state_s *s,
- uint16_t diff, uint16_t value)
-{
- if (diff & (1 << 0)) /* SOFT_DPLL_REQ */
- omap_clk_canidle(omap_findclk(s, "dpll4"), (~value >> 0) & 1);
- if (diff & (1 << 1)) /* SOFT_COM_REQ */
- omap_clk_canidle(omap_findclk(s, "com_mclk_out"), (~value >> 1) & 1);
- if (diff & (1 << 2)) /* SOFT_SDW_REQ */
- omap_clk_canidle(omap_findclk(s, "bt_mclk_out"), (~value >> 2) & 1);
- if (diff & (1 << 3)) /* SOFT_USB_REQ */
- omap_clk_canidle(omap_findclk(s, "usb_clk0"), (~value >> 3) & 1);
-}
-
-static void omap_ulpd_pm_write(void *opaque, hwaddr addr,
- uint64_t value, unsigned size)
-{
- struct omap_mpu_state_s *s = (struct omap_mpu_state_s *) opaque;
- int64_t now, ticks;
- int div, mult;
- static const int bypass_div[4] = { 1, 2, 4, 4 };
- uint16_t diff;
-
- if (size != 2) {
- return omap_badwidth_write16(opaque, addr, value);
- }
-
- switch (addr) {
- case 0x00: /* COUNTER_32_LSB */
- case 0x04: /* COUNTER_32_MSB */
- case 0x08: /* COUNTER_HIGH_FREQ_LSB */
- case 0x0c: /* COUNTER_HIGH_FREQ_MSB */
- case 0x14: /* IT_STATUS */
- case 0x40: /* STATUS_REQ */
- OMAP_RO_REG(addr);
- break;
-
- case 0x10: /* GAUGING_CTRL */
- /* Bits 0 and 1 seem to be confused in the OMAP 310 TRM */
- if ((s->ulpd_pm_regs[addr >> 2] ^ value) & 1) {
- now = qemu_get_clock_ns(vm_clock);
-
- if (value & 1)
- s->ulpd_gauge_start = now;
- else {
- now -= s->ulpd_gauge_start;
-
- /* 32-kHz ticks */
- ticks = muldiv64(now, 32768, get_ticks_per_sec());
- s->ulpd_pm_regs[0x00 >> 2] = (ticks >> 0) & 0xffff;
- s->ulpd_pm_regs[0x04 >> 2] = (ticks >> 16) & 0xffff;
- if (ticks >> 32) /* OVERFLOW_32K */
- s->ulpd_pm_regs[0x14 >> 2] |= 1 << 2;
-
- /* High frequency ticks */
- ticks = muldiv64(now, 12000000, get_ticks_per_sec());
- s->ulpd_pm_regs[0x08 >> 2] = (ticks >> 0) & 0xffff;
- s->ulpd_pm_regs[0x0c >> 2] = (ticks >> 16) & 0xffff;
- if (ticks >> 32) /* OVERFLOW_HI_FREQ */
- s->ulpd_pm_regs[0x14 >> 2] |= 1 << 1;
-
- s->ulpd_pm_regs[0x14 >> 2] |= 1 << 0; /* IT_GAUGING */
- qemu_irq_raise(qdev_get_gpio_in(s->ih[1], OMAP_INT_GAUGE_32K));
- }
- }
- s->ulpd_pm_regs[addr >> 2] = value;
- break;
-
- case 0x18: /* Reserved */
- case 0x1c: /* Reserved */
- case 0x20: /* Reserved */
- case 0x28: /* Reserved */
- case 0x2c: /* Reserved */
- OMAP_BAD_REG(addr);
- case 0x24: /* SETUP_ANALOG_CELL3_ULPD1 */
- case 0x38: /* COUNTER_32_FIQ */
- case 0x48: /* LOCL_TIME */
- case 0x50: /* POWER_CTRL */
- s->ulpd_pm_regs[addr >> 2] = value;
- break;
-
- case 0x30: /* CLOCK_CTRL */
- diff = s->ulpd_pm_regs[addr >> 2] ^ value;
- s->ulpd_pm_regs[addr >> 2] = value & 0x3f;
- omap_ulpd_clk_update(s, diff, value);
- break;
-
- case 0x34: /* SOFT_REQ */
- diff = s->ulpd_pm_regs[addr >> 2] ^ value;
- s->ulpd_pm_regs[addr >> 2] = value & 0x1f;
- omap_ulpd_req_update(s, diff, value);
- break;
-
- case 0x3c: /* DPLL_CTRL */
- /* XXX: OMAP310 TRM claims bit 3 is PLL_ENABLE, and bit 4 is
- * omitted altogether, probably a typo. */
- /* This register has identical semantics with DPLL(1:3) control
- * registers, see omap_dpll_write() */
- diff = s->ulpd_pm_regs[addr >> 2] & value;
- s->ulpd_pm_regs[addr >> 2] = value & 0x2fff;
- if (diff & (0x3ff << 2)) {
- if (value & (1 << 4)) { /* PLL_ENABLE */
- div = ((value >> 5) & 3) + 1; /* PLL_DIV */
- mult = MIN((value >> 7) & 0x1f, 1); /* PLL_MULT */
- } else {
- div = bypass_div[((value >> 2) & 3)]; /* BYPASS_DIV */
- mult = 1;
- }
- omap_clk_setrate(omap_findclk(s, "dpll4"), div, mult);
- }
-
- /* Enter the desired mode. */
- s->ulpd_pm_regs[addr >> 2] =
- (s->ulpd_pm_regs[addr >> 2] & 0xfffe) |
- ((s->ulpd_pm_regs[addr >> 2] >> 4) & 1);
-
- /* Act as if the lock is restored. */
- s->ulpd_pm_regs[addr >> 2] |= 2;
- break;
-
- case 0x4c: /* APLL_CTRL */
- diff = s->ulpd_pm_regs[addr >> 2] & value;
- s->ulpd_pm_regs[addr >> 2] = value & 0xf;
- if (diff & (1 << 0)) /* APLL_NDPLL_SWITCH */
- omap_clk_reparent(omap_findclk(s, "ck_48m"), omap_findclk(s,
- (value & (1 << 0)) ? "apll" : "dpll4"));
- break;
-
- default:
- OMAP_BAD_REG(addr);
- }
-}
-
-static const MemoryRegionOps omap_ulpd_pm_ops = {
- .read = omap_ulpd_pm_read,
- .write = omap_ulpd_pm_write,
- .endianness = DEVICE_NATIVE_ENDIAN,
-};
-
-static void omap_ulpd_pm_reset(struct omap_mpu_state_s *mpu)
-{
- mpu->ulpd_pm_regs[0x00 >> 2] = 0x0001;
- mpu->ulpd_pm_regs[0x04 >> 2] = 0x0000;
- mpu->ulpd_pm_regs[0x08 >> 2] = 0x0001;
- mpu->ulpd_pm_regs[0x0c >> 2] = 0x0000;
- mpu->ulpd_pm_regs[0x10 >> 2] = 0x0000;
- mpu->ulpd_pm_regs[0x18 >> 2] = 0x01;
- mpu->ulpd_pm_regs[0x1c >> 2] = 0x01;
- mpu->ulpd_pm_regs[0x20 >> 2] = 0x01;
- mpu->ulpd_pm_regs[0x24 >> 2] = 0x03ff;
- mpu->ulpd_pm_regs[0x28 >> 2] = 0x01;
- mpu->ulpd_pm_regs[0x2c >> 2] = 0x01;
- omap_ulpd_clk_update(mpu, mpu->ulpd_pm_regs[0x30 >> 2], 0x0000);
- mpu->ulpd_pm_regs[0x30 >> 2] = 0x0000;
- omap_ulpd_req_update(mpu, mpu->ulpd_pm_regs[0x34 >> 2], 0x0000);
- mpu->ulpd_pm_regs[0x34 >> 2] = 0x0000;
- mpu->ulpd_pm_regs[0x38 >> 2] = 0x0001;
- mpu->ulpd_pm_regs[0x3c >> 2] = 0x2211;
- mpu->ulpd_pm_regs[0x40 >> 2] = 0x0000; /* FIXME: dump a real STATUS_REQ */
- mpu->ulpd_pm_regs[0x48 >> 2] = 0x960;
- mpu->ulpd_pm_regs[0x4c >> 2] = 0x08;
- mpu->ulpd_pm_regs[0x50 >> 2] = 0x08;
- omap_clk_setrate(omap_findclk(mpu, "dpll4"), 1, 4);
- omap_clk_reparent(omap_findclk(mpu, "ck_48m"), omap_findclk(mpu, "dpll4"));
-}
-
-static void omap_ulpd_pm_init(MemoryRegion *system_memory,
- hwaddr base,
- struct omap_mpu_state_s *mpu)
-{
- memory_region_init_io(&mpu->ulpd_pm_iomem, &omap_ulpd_pm_ops, mpu,
- "omap-ulpd-pm", 0x800);
- memory_region_add_subregion(system_memory, base, &mpu->ulpd_pm_iomem);
- omap_ulpd_pm_reset(mpu);
-}
-
-/* OMAP Pin Configuration */
-static uint64_t omap_pin_cfg_read(void *opaque, hwaddr addr,
- unsigned size)
-{
- struct omap_mpu_state_s *s = (struct omap_mpu_state_s *) opaque;
-
- if (size != 4) {
- return omap_badwidth_read32(opaque, addr);
- }
-
- switch (addr) {
- case 0x00: /* FUNC_MUX_CTRL_0 */
- case 0x04: /* FUNC_MUX_CTRL_1 */
- case 0x08: /* FUNC_MUX_CTRL_2 */
- return s->func_mux_ctrl[addr >> 2];
-
- case 0x0c: /* COMP_MODE_CTRL_0 */
- return s->comp_mode_ctrl[0];
-
- case 0x10: /* FUNC_MUX_CTRL_3 */
- case 0x14: /* FUNC_MUX_CTRL_4 */
- case 0x18: /* FUNC_MUX_CTRL_5 */
- case 0x1c: /* FUNC_MUX_CTRL_6 */
- case 0x20: /* FUNC_MUX_CTRL_7 */
- case 0x24: /* FUNC_MUX_CTRL_8 */
- case 0x28: /* FUNC_MUX_CTRL_9 */
- case 0x2c: /* FUNC_MUX_CTRL_A */
- case 0x30: /* FUNC_MUX_CTRL_B */
- case 0x34: /* FUNC_MUX_CTRL_C */
- case 0x38: /* FUNC_MUX_CTRL_D */
- return s->func_mux_ctrl[(addr >> 2) - 1];
-
- case 0x40: /* PULL_DWN_CTRL_0 */
- case 0x44: /* PULL_DWN_CTRL_1 */
- case 0x48: /* PULL_DWN_CTRL_2 */
- case 0x4c: /* PULL_DWN_CTRL_3 */
- return s->pull_dwn_ctrl[(addr & 0xf) >> 2];
-
- case 0x50: /* GATE_INH_CTRL_0 */
- return s->gate_inh_ctrl[0];
-
- case 0x60: /* VOLTAGE_CTRL_0 */
- return s->voltage_ctrl[0];
-
- case 0x70: /* TEST_DBG_CTRL_0 */
- return s->test_dbg_ctrl[0];
-
- case 0x80: /* MOD_CONF_CTRL_0 */
- return s->mod_conf_ctrl[0];
- }
-
- OMAP_BAD_REG(addr);
- return 0;
-}
-
-static inline void omap_pin_funcmux0_update(struct omap_mpu_state_s *s,
- uint32_t diff, uint32_t value)
-{
- if (s->compat1509) {
- if (diff & (1 << 9)) /* BLUETOOTH */
- omap_clk_onoff(omap_findclk(s, "bt_mclk_out"),
- (~value >> 9) & 1);
- if (diff & (1 << 7)) /* USB.CLKO */
- omap_clk_onoff(omap_findclk(s, "usb.clko"),
- (value >> 7) & 1);
- }
-}
-
-static inline void omap_pin_funcmux1_update(struct omap_mpu_state_s *s,
- uint32_t diff, uint32_t value)
-{
- if (s->compat1509) {
- if (diff & (1 << 31)) /* MCBSP3_CLK_HIZ_DI */
- omap_clk_onoff(omap_findclk(s, "mcbsp3.clkx"),
- (value >> 31) & 1);
- if (diff & (1 << 1)) /* CLK32K */
- omap_clk_onoff(omap_findclk(s, "clk32k_out"),
- (~value >> 1) & 1);
- }
-}
-
-static inline void omap_pin_modconf1_update(struct omap_mpu_state_s *s,
- uint32_t diff, uint32_t value)
-{
- if (diff & (1 << 31)) /* CONF_MOD_UART3_CLK_MODE_R */
- omap_clk_reparent(omap_findclk(s, "uart3_ck"),
- omap_findclk(s, ((value >> 31) & 1) ?
- "ck_48m" : "armper_ck"));
- if (diff & (1 << 30)) /* CONF_MOD_UART2_CLK_MODE_R */
- omap_clk_reparent(omap_findclk(s, "uart2_ck"),
- omap_findclk(s, ((value >> 30) & 1) ?
- "ck_48m" : "armper_ck"));
- if (diff & (1 << 29)) /* CONF_MOD_UART1_CLK_MODE_R */
- omap_clk_reparent(omap_findclk(s, "uart1_ck"),
- omap_findclk(s, ((value >> 29) & 1) ?
- "ck_48m" : "armper_ck"));
- if (diff & (1 << 23)) /* CONF_MOD_MMC_SD_CLK_REQ_R */
- omap_clk_reparent(omap_findclk(s, "mmc_ck"),
- omap_findclk(s, ((value >> 23) & 1) ?
- "ck_48m" : "armper_ck"));
- if (diff & (1 << 12)) /* CONF_MOD_COM_MCLK_12_48_S */
- omap_clk_reparent(omap_findclk(s, "com_mclk_out"),
- omap_findclk(s, ((value >> 12) & 1) ?
- "ck_48m" : "armper_ck"));
- if (diff & (1 << 9)) /* CONF_MOD_USB_HOST_HHC_UHO */
- omap_clk_onoff(omap_findclk(s, "usb_hhc_ck"), (value >> 9) & 1);
-}
-
-static void omap_pin_cfg_write(void *opaque, hwaddr addr,
- uint64_t value, unsigned size)
-{
- struct omap_mpu_state_s *s = (struct omap_mpu_state_s *) opaque;
- uint32_t diff;
-
- if (size != 4) {
- return omap_badwidth_write32(opaque, addr, value);
- }
-
- switch (addr) {
- case 0x00: /* FUNC_MUX_CTRL_0 */
- diff = s->func_mux_ctrl[addr >> 2] ^ value;
- s->func_mux_ctrl[addr >> 2] = value;
- omap_pin_funcmux0_update(s, diff, value);
- return;
-
- case 0x04: /* FUNC_MUX_CTRL_1 */
- diff = s->func_mux_ctrl[addr >> 2] ^ value;
- s->func_mux_ctrl[addr >> 2] = value;
- omap_pin_funcmux1_update(s, diff, value);
- return;
-
- case 0x08: /* FUNC_MUX_CTRL_2 */
- s->func_mux_ctrl[addr >> 2] = value;
- return;
-
- case 0x0c: /* COMP_MODE_CTRL_0 */
- s->comp_mode_ctrl[0] = value;
- s->compat1509 = (value != 0x0000eaef);
- omap_pin_funcmux0_update(s, ~0, s->func_mux_ctrl[0]);
- omap_pin_funcmux1_update(s, ~0, s->func_mux_ctrl[1]);
- return;
-
- case 0x10: /* FUNC_MUX_CTRL_3 */
- case 0x14: /* FUNC_MUX_CTRL_4 */
- case 0x18: /* FUNC_MUX_CTRL_5 */
- case 0x1c: /* FUNC_MUX_CTRL_6 */
- case 0x20: /* FUNC_MUX_CTRL_7 */
- case 0x24: /* FUNC_MUX_CTRL_8 */
- case 0x28: /* FUNC_MUX_CTRL_9 */
- case 0x2c: /* FUNC_MUX_CTRL_A */
- case 0x30: /* FUNC_MUX_CTRL_B */
- case 0x34: /* FUNC_MUX_CTRL_C */
- case 0x38: /* FUNC_MUX_CTRL_D */
- s->func_mux_ctrl[(addr >> 2) - 1] = value;
- return;
-
- case 0x40: /* PULL_DWN_CTRL_0 */
- case 0x44: /* PULL_DWN_CTRL_1 */
- case 0x48: /* PULL_DWN_CTRL_2 */
- case 0x4c: /* PULL_DWN_CTRL_3 */
- s->pull_dwn_ctrl[(addr & 0xf) >> 2] = value;
- return;
-
- case 0x50: /* GATE_INH_CTRL_0 */
- s->gate_inh_ctrl[0] = value;
- return;
-
- case 0x60: /* VOLTAGE_CTRL_0 */
- s->voltage_ctrl[0] = value;
- return;
-
- case 0x70: /* TEST_DBG_CTRL_0 */
- s->test_dbg_ctrl[0] = value;
- return;
-
- case 0x80: /* MOD_CONF_CTRL_0 */
- diff = s->mod_conf_ctrl[0] ^ value;
- s->mod_conf_ctrl[0] = value;
- omap_pin_modconf1_update(s, diff, value);
- return;
-
- default:
- OMAP_BAD_REG(addr);
- }
-}
-
-static const MemoryRegionOps omap_pin_cfg_ops = {
- .read = omap_pin_cfg_read,
- .write = omap_pin_cfg_write,
- .endianness = DEVICE_NATIVE_ENDIAN,
-};
-
-static void omap_pin_cfg_reset(struct omap_mpu_state_s *mpu)
-{
- /* Start in Compatibility Mode. */
- mpu->compat1509 = 1;
- omap_pin_funcmux0_update(mpu, mpu->func_mux_ctrl[0], 0);
- omap_pin_funcmux1_update(mpu, mpu->func_mux_ctrl[1], 0);
- omap_pin_modconf1_update(mpu, mpu->mod_conf_ctrl[0], 0);
- memset(mpu->func_mux_ctrl, 0, sizeof(mpu->func_mux_ctrl));
- memset(mpu->comp_mode_ctrl, 0, sizeof(mpu->comp_mode_ctrl));
- memset(mpu->pull_dwn_ctrl, 0, sizeof(mpu->pull_dwn_ctrl));
- memset(mpu->gate_inh_ctrl, 0, sizeof(mpu->gate_inh_ctrl));
- memset(mpu->voltage_ctrl, 0, sizeof(mpu->voltage_ctrl));
- memset(mpu->test_dbg_ctrl, 0, sizeof(mpu->test_dbg_ctrl));
- memset(mpu->mod_conf_ctrl, 0, sizeof(mpu->mod_conf_ctrl));
-}
-
-static void omap_pin_cfg_init(MemoryRegion *system_memory,
- hwaddr base,
- struct omap_mpu_state_s *mpu)
-{
- memory_region_init_io(&mpu->pin_cfg_iomem, &omap_pin_cfg_ops, mpu,
- "omap-pin-cfg", 0x800);
- memory_region_add_subregion(system_memory, base, &mpu->pin_cfg_iomem);
- omap_pin_cfg_reset(mpu);
-}
-
-/* Device Identification, Die Identification */
-static uint64_t omap_id_read(void *opaque, hwaddr addr,
- unsigned size)
-{
- struct omap_mpu_state_s *s = (struct omap_mpu_state_s *) opaque;
-
- if (size != 4) {
- return omap_badwidth_read32(opaque, addr);
- }
-
- switch (addr) {
- case 0xfffe1800: /* DIE_ID_LSB */
- return 0xc9581f0e;
- case 0xfffe1804: /* DIE_ID_MSB */
- return 0xa8858bfa;
-
- case 0xfffe2000: /* PRODUCT_ID_LSB */
- return 0x00aaaafc;
- case 0xfffe2004: /* PRODUCT_ID_MSB */
- return 0xcafeb574;
-
- case 0xfffed400: /* JTAG_ID_LSB */
- switch (s->mpu_model) {
- case omap310:
- return 0x03310315;
- case omap1510:
- return 0x03310115;
- default:
- hw_error("%s: bad mpu model\n", __FUNCTION__);
- }
- break;
-
- case 0xfffed404: /* JTAG_ID_MSB */
- switch (s->mpu_model) {
- case omap310:
- return 0xfb57402f;
- case omap1510:
- return 0xfb47002f;
- default:
- hw_error("%s: bad mpu model\n", __FUNCTION__);
- }
- break;
- }
-
- OMAP_BAD_REG(addr);
- return 0;
-}
-
-static void omap_id_write(void *opaque, hwaddr addr,
- uint64_t value, unsigned size)
-{
- if (size != 4) {
- return omap_badwidth_write32(opaque, addr, value);
- }
-
- OMAP_BAD_REG(addr);
-}
-
-static const MemoryRegionOps omap_id_ops = {
- .read = omap_id_read,
- .write = omap_id_write,
- .endianness = DEVICE_NATIVE_ENDIAN,
-};
-
-static void omap_id_init(MemoryRegion *memory, struct omap_mpu_state_s *mpu)
-{
- memory_region_init_io(&mpu->id_iomem, &omap_id_ops, mpu,
- "omap-id", 0x100000000ULL);
- memory_region_init_alias(&mpu->id_iomem_e18, "omap-id-e18", &mpu->id_iomem,
- 0xfffe1800, 0x800);
- memory_region_add_subregion(memory, 0xfffe1800, &mpu->id_iomem_e18);
- memory_region_init_alias(&mpu->id_iomem_ed4, "omap-id-ed4", &mpu->id_iomem,
- 0xfffed400, 0x100);
- memory_region_add_subregion(memory, 0xfffed400, &mpu->id_iomem_ed4);
- if (!cpu_is_omap15xx(mpu)) {
- memory_region_init_alias(&mpu->id_iomem_ed4, "omap-id-e20",
- &mpu->id_iomem, 0xfffe2000, 0x800);
- memory_region_add_subregion(memory, 0xfffe2000, &mpu->id_iomem_e20);
- }
-}
-
-/* MPUI Control (Dummy) */
-static uint64_t omap_mpui_read(void *opaque, hwaddr addr,
- unsigned size)
-{
- struct omap_mpu_state_s *s = (struct omap_mpu_state_s *) opaque;
-
- if (size != 4) {
- return omap_badwidth_read32(opaque, addr);
- }
-
- switch (addr) {
- case 0x00: /* CTRL */
- return s->mpui_ctrl;
- case 0x04: /* DEBUG_ADDR */
- return 0x01ffffff;
- case 0x08: /* DEBUG_DATA */
- return 0xffffffff;
- case 0x0c: /* DEBUG_FLAG */
- return 0x00000800;
- case 0x10: /* STATUS */
- return 0x00000000;
-
- /* Not in OMAP310 */
- case 0x14: /* DSP_STATUS */
- case 0x18: /* DSP_BOOT_CONFIG */
- return 0x00000000;
- case 0x1c: /* DSP_MPUI_CONFIG */
- return 0x0000ffff;
- }
-
- OMAP_BAD_REG(addr);
- return 0;
-}
-
-static void omap_mpui_write(void *opaque, hwaddr addr,
- uint64_t value, unsigned size)
-{
- struct omap_mpu_state_s *s = (struct omap_mpu_state_s *) opaque;
-
- if (size != 4) {
- return omap_badwidth_write32(opaque, addr, value);
- }
-
- switch (addr) {
- case 0x00: /* CTRL */
- s->mpui_ctrl = value & 0x007fffff;
- break;
-
- case 0x04: /* DEBUG_ADDR */
- case 0x08: /* DEBUG_DATA */
- case 0x0c: /* DEBUG_FLAG */
- case 0x10: /* STATUS */
- /* Not in OMAP310 */
- case 0x14: /* DSP_STATUS */
- OMAP_RO_REG(addr);
- case 0x18: /* DSP_BOOT_CONFIG */
- case 0x1c: /* DSP_MPUI_CONFIG */
- break;
-
- default:
- OMAP_BAD_REG(addr);
- }
-}
-
-static const MemoryRegionOps omap_mpui_ops = {
- .read = omap_mpui_read,
- .write = omap_mpui_write,
- .endianness = DEVICE_NATIVE_ENDIAN,
-};
-
-static void omap_mpui_reset(struct omap_mpu_state_s *s)
-{
- s->mpui_ctrl = 0x0003ff1b;
-}
-
-static void omap_mpui_init(MemoryRegion *memory, hwaddr base,
- struct omap_mpu_state_s *mpu)
-{
- memory_region_init_io(&mpu->mpui_iomem, &omap_mpui_ops, mpu,
- "omap-mpui", 0x100);
- memory_region_add_subregion(memory, base, &mpu->mpui_iomem);
-
- omap_mpui_reset(mpu);
-}
-
-/* TIPB Bridges */
-struct omap_tipb_bridge_s {
- qemu_irq abort;
- MemoryRegion iomem;
-
- int width_intr;
- uint16_t control;
- uint16_t alloc;
- uint16_t buffer;
- uint16_t enh_control;
-};
-
-static uint64_t omap_tipb_bridge_read(void *opaque, hwaddr addr,
- unsigned size)
-{
- struct omap_tipb_bridge_s *s = (struct omap_tipb_bridge_s *) opaque;
-
- if (size < 2) {
- return omap_badwidth_read16(opaque, addr);
- }
-
- switch (addr) {
- case 0x00: /* TIPB_CNTL */
- return s->control;
- case 0x04: /* TIPB_BUS_ALLOC */
- return s->alloc;
- case 0x08: /* MPU_TIPB_CNTL */
- return s->buffer;
- case 0x0c: /* ENHANCED_TIPB_CNTL */
- return s->enh_control;
- case 0x10: /* ADDRESS_DBG */
- case 0x14: /* DATA_DEBUG_LOW */
- case 0x18: /* DATA_DEBUG_HIGH */
- return 0xffff;
- case 0x1c: /* DEBUG_CNTR_SIG */
- return 0x00f8;
- }
-
- OMAP_BAD_REG(addr);
- return 0;
-}
-
-static void omap_tipb_bridge_write(void *opaque, hwaddr addr,
- uint64_t value, unsigned size)
-{
- struct omap_tipb_bridge_s *s = (struct omap_tipb_bridge_s *) opaque;
-
- if (size < 2) {
- return omap_badwidth_write16(opaque, addr, value);
- }
-
- switch (addr) {
- case 0x00: /* TIPB_CNTL */
- s->control = value & 0xffff;
- break;
-
- case 0x04: /* TIPB_BUS_ALLOC */
- s->alloc = value & 0x003f;
- break;
-
- case 0x08: /* MPU_TIPB_CNTL */
- s->buffer = value & 0x0003;
- break;
-
- case 0x0c: /* ENHANCED_TIPB_CNTL */
- s->width_intr = !(value & 2);
- s->enh_control = value & 0x000f;
- break;
-
- case 0x10: /* ADDRESS_DBG */
- case 0x14: /* DATA_DEBUG_LOW */
- case 0x18: /* DATA_DEBUG_HIGH */
- case 0x1c: /* DEBUG_CNTR_SIG */
- OMAP_RO_REG(addr);
- break;
-
- default:
- OMAP_BAD_REG(addr);
- }
-}
-
-static const MemoryRegionOps omap_tipb_bridge_ops = {
- .read = omap_tipb_bridge_read,
- .write = omap_tipb_bridge_write,
- .endianness = DEVICE_NATIVE_ENDIAN,
-};
-
-static void omap_tipb_bridge_reset(struct omap_tipb_bridge_s *s)
-{
- s->control = 0xffff;
- s->alloc = 0x0009;
- s->buffer = 0x0000;
- s->enh_control = 0x000f;
-}
-
-static struct omap_tipb_bridge_s *omap_tipb_bridge_init(
- MemoryRegion *memory, hwaddr base,
- qemu_irq abort_irq, omap_clk clk)
-{
- struct omap_tipb_bridge_s *s = (struct omap_tipb_bridge_s *)
- g_malloc0(sizeof(struct omap_tipb_bridge_s));
-
- s->abort = abort_irq;
- omap_tipb_bridge_reset(s);
-
- memory_region_init_io(&s->iomem, &omap_tipb_bridge_ops, s,
- "omap-tipb-bridge", 0x100);
- memory_region_add_subregion(memory, base, &s->iomem);
-
- return s;
-}
-
-/* Dummy Traffic Controller's Memory Interface */
-static uint64_t omap_tcmi_read(void *opaque, hwaddr addr,
- unsigned size)
-{
- struct omap_mpu_state_s *s = (struct omap_mpu_state_s *) opaque;
- uint32_t ret;
-
- if (size != 4) {
- return omap_badwidth_read32(opaque, addr);
- }
-
- switch (addr) {
- case 0x00: /* IMIF_PRIO */
- case 0x04: /* EMIFS_PRIO */
- case 0x08: /* EMIFF_PRIO */
- case 0x0c: /* EMIFS_CONFIG */
- case 0x10: /* EMIFS_CS0_CONFIG */
- case 0x14: /* EMIFS_CS1_CONFIG */
- case 0x18: /* EMIFS_CS2_CONFIG */
- case 0x1c: /* EMIFS_CS3_CONFIG */
- case 0x24: /* EMIFF_MRS */
- case 0x28: /* TIMEOUT1 */
- case 0x2c: /* TIMEOUT2 */
- case 0x30: /* TIMEOUT3 */
- case 0x3c: /* EMIFF_SDRAM_CONFIG_2 */
- case 0x40: /* EMIFS_CFG_DYN_WAIT */
- return s->tcmi_regs[addr >> 2];
-
- case 0x20: /* EMIFF_SDRAM_CONFIG */
- ret = s->tcmi_regs[addr >> 2];
- s->tcmi_regs[addr >> 2] &= ~1; /* XXX: Clear SLRF on SDRAM access */
- /* XXX: We can try using the VGA_DIRTY flag for this */
- return ret;
- }
-
- OMAP_BAD_REG(addr);
- return 0;
-}
-
-static void omap_tcmi_write(void *opaque, hwaddr addr,
- uint64_t value, unsigned size)
-{
- struct omap_mpu_state_s *s = (struct omap_mpu_state_s *) opaque;
-
- if (size != 4) {
- return omap_badwidth_write32(opaque, addr, value);
- }
-
- switch (addr) {
- case 0x00: /* IMIF_PRIO */
- case 0x04: /* EMIFS_PRIO */
- case 0x08: /* EMIFF_PRIO */
- case 0x10: /* EMIFS_CS0_CONFIG */
- case 0x14: /* EMIFS_CS1_CONFIG */
- case 0x18: /* EMIFS_CS2_CONFIG */
- case 0x1c: /* EMIFS_CS3_CONFIG */
- case 0x20: /* EMIFF_SDRAM_CONFIG */
- case 0x24: /* EMIFF_MRS */
- case 0x28: /* TIMEOUT1 */
- case 0x2c: /* TIMEOUT2 */
- case 0x30: /* TIMEOUT3 */
- case 0x3c: /* EMIFF_SDRAM_CONFIG_2 */
- case 0x40: /* EMIFS_CFG_DYN_WAIT */
- s->tcmi_regs[addr >> 2] = value;
- break;
- case 0x0c: /* EMIFS_CONFIG */
- s->tcmi_regs[addr >> 2] = (value & 0xf) | (1 << 4);
- break;
-
- default:
- OMAP_BAD_REG(addr);
- }
-}
-
-static const MemoryRegionOps omap_tcmi_ops = {
- .read = omap_tcmi_read,
- .write = omap_tcmi_write,
- .endianness = DEVICE_NATIVE_ENDIAN,
-};
-
-static void omap_tcmi_reset(struct omap_mpu_state_s *mpu)
-{
- mpu->tcmi_regs[0x00 >> 2] = 0x00000000;
- mpu->tcmi_regs[0x04 >> 2] = 0x00000000;
- mpu->tcmi_regs[0x08 >> 2] = 0x00000000;
- mpu->tcmi_regs[0x0c >> 2] = 0x00000010;
- mpu->tcmi_regs[0x10 >> 2] = 0x0010fffb;
- mpu->tcmi_regs[0x14 >> 2] = 0x0010fffb;
- mpu->tcmi_regs[0x18 >> 2] = 0x0010fffb;
- mpu->tcmi_regs[0x1c >> 2] = 0x0010fffb;
- mpu->tcmi_regs[0x20 >> 2] = 0x00618800;
- mpu->tcmi_regs[0x24 >> 2] = 0x00000037;
- mpu->tcmi_regs[0x28 >> 2] = 0x00000000;
- mpu->tcmi_regs[0x2c >> 2] = 0x00000000;
- mpu->tcmi_regs[0x30 >> 2] = 0x00000000;
- mpu->tcmi_regs[0x3c >> 2] = 0x00000003;
- mpu->tcmi_regs[0x40 >> 2] = 0x00000000;
-}
-
-static void omap_tcmi_init(MemoryRegion *memory, hwaddr base,
- struct omap_mpu_state_s *mpu)
-{
- memory_region_init_io(&mpu->tcmi_iomem, &omap_tcmi_ops, mpu,
- "omap-tcmi", 0x100);
- memory_region_add_subregion(memory, base, &mpu->tcmi_iomem);
- omap_tcmi_reset(mpu);
-}
-
-/* Digital phase-locked loops control */
-struct dpll_ctl_s {
- MemoryRegion iomem;
- uint16_t mode;
- omap_clk dpll;
-};
-
-static uint64_t omap_dpll_read(void *opaque, hwaddr addr,
- unsigned size)
-{
- struct dpll_ctl_s *s = (struct dpll_ctl_s *) opaque;
-
- if (size != 2) {
- return omap_badwidth_read16(opaque, addr);
- }
-
- if (addr == 0x00) /* CTL_REG */
- return s->mode;
-
- OMAP_BAD_REG(addr);
- return 0;
-}
-
-static void omap_dpll_write(void *opaque, hwaddr addr,
- uint64_t value, unsigned size)
-{
- struct dpll_ctl_s *s = (struct dpll_ctl_s *) opaque;
- uint16_t diff;
- static const int bypass_div[4] = { 1, 2, 4, 4 };
- int div, mult;
-
- if (size != 2) {
- return omap_badwidth_write16(opaque, addr, value);
- }
-
- if (addr == 0x00) { /* CTL_REG */
- /* See omap_ulpd_pm_write() too */
- diff = s->mode & value;
- s->mode = value & 0x2fff;
- if (diff & (0x3ff << 2)) {
- if (value & (1 << 4)) { /* PLL_ENABLE */
- div = ((value >> 5) & 3) + 1; /* PLL_DIV */
- mult = MIN((value >> 7) & 0x1f, 1); /* PLL_MULT */
- } else {
- div = bypass_div[((value >> 2) & 3)]; /* BYPASS_DIV */
- mult = 1;
- }
- omap_clk_setrate(s->dpll, div, mult);
- }
-
- /* Enter the desired mode. */
- s->mode = (s->mode & 0xfffe) | ((s->mode >> 4) & 1);
-
- /* Act as if the lock is restored. */
- s->mode |= 2;
- } else {
- OMAP_BAD_REG(addr);
- }
-}
-
-static const MemoryRegionOps omap_dpll_ops = {
- .read = omap_dpll_read,
- .write = omap_dpll_write,
- .endianness = DEVICE_NATIVE_ENDIAN,
-};
-
-static void omap_dpll_reset(struct dpll_ctl_s *s)
-{
- s->mode = 0x2002;
- omap_clk_setrate(s->dpll, 1, 1);
-}
-
-static struct dpll_ctl_s *omap_dpll_init(MemoryRegion *memory,
- hwaddr base, omap_clk clk)
-{
- struct dpll_ctl_s *s = g_malloc0(sizeof(*s));
- memory_region_init_io(&s->iomem, &omap_dpll_ops, s, "omap-dpll", 0x100);
-
- s->dpll = clk;
- omap_dpll_reset(s);
-
- memory_region_add_subregion(memory, base, &s->iomem);
- return s;
-}
-
-/* MPU Clock/Reset/Power Mode Control */
-static uint64_t omap_clkm_read(void *opaque, hwaddr addr,
- unsigned size)
-{
- struct omap_mpu_state_s *s = (struct omap_mpu_state_s *) opaque;
-
- if (size != 2) {
- return omap_badwidth_read16(opaque, addr);
- }
-
- switch (addr) {
- case 0x00: /* ARM_CKCTL */
- return s->clkm.arm_ckctl;
-
- case 0x04: /* ARM_IDLECT1 */
- return s->clkm.arm_idlect1;
-
- case 0x08: /* ARM_IDLECT2 */
- return s->clkm.arm_idlect2;
-
- case 0x0c: /* ARM_EWUPCT */
- return s->clkm.arm_ewupct;
-
- case 0x10: /* ARM_RSTCT1 */
- return s->clkm.arm_rstct1;
-
- case 0x14: /* ARM_RSTCT2 */
- return s->clkm.arm_rstct2;
-
- case 0x18: /* ARM_SYSST */
- return (s->clkm.clocking_scheme << 11) | s->clkm.cold_start;
-
- case 0x1c: /* ARM_CKOUT1 */
- return s->clkm.arm_ckout1;
-
- case 0x20: /* ARM_CKOUT2 */
- break;
- }
-
- OMAP_BAD_REG(addr);
- return 0;
-}
-
-static inline void omap_clkm_ckctl_update(struct omap_mpu_state_s *s,
- uint16_t diff, uint16_t value)
-{
- omap_clk clk;
-
- if (diff & (1 << 14)) { /* ARM_INTHCK_SEL */
- if (value & (1 << 14))
- /* Reserved */;
- else {
- clk = omap_findclk(s, "arminth_ck");
- omap_clk_reparent(clk, omap_findclk(s, "tc_ck"));
- }
- }
- if (diff & (1 << 12)) { /* ARM_TIMXO */
- clk = omap_findclk(s, "armtim_ck");
- if (value & (1 << 12))
- omap_clk_reparent(clk, omap_findclk(s, "clkin"));
- else
- omap_clk_reparent(clk, omap_findclk(s, "ck_gen1"));
- }
- /* XXX: en_dspck */
- if (diff & (3 << 10)) { /* DSPMMUDIV */
- clk = omap_findclk(s, "dspmmu_ck");
- omap_clk_setrate(clk, 1 << ((value >> 10) & 3), 1);
- }
- if (diff & (3 << 8)) { /* TCDIV */
- clk = omap_findclk(s, "tc_ck");
- omap_clk_setrate(clk, 1 << ((value >> 8) & 3), 1);
- }
- if (diff & (3 << 6)) { /* DSPDIV */
- clk = omap_findclk(s, "dsp_ck");
- omap_clk_setrate(clk, 1 << ((value >> 6) & 3), 1);
- }
- if (diff & (3 << 4)) { /* ARMDIV */
- clk = omap_findclk(s, "arm_ck");
- omap_clk_setrate(clk, 1 << ((value >> 4) & 3), 1);
- }
- if (diff & (3 << 2)) { /* LCDDIV */
- clk = omap_findclk(s, "lcd_ck");
- omap_clk_setrate(clk, 1 << ((value >> 2) & 3), 1);
- }
- if (diff & (3 << 0)) { /* PERDIV */
- clk = omap_findclk(s, "armper_ck");
- omap_clk_setrate(clk, 1 << ((value >> 0) & 3), 1);
- }
-}
-
-static inline void omap_clkm_idlect1_update(struct omap_mpu_state_s *s,
- uint16_t diff, uint16_t value)
-{
- omap_clk clk;
-
- if (value & (1 << 11)) { /* SETARM_IDLE */
- cpu_interrupt(&s->cpu->env, CPU_INTERRUPT_HALT);
- }
- if (!(value & (1 << 10))) /* WKUP_MODE */
- qemu_system_shutdown_request(); /* XXX: disable wakeup from IRQ */
-
-#define SET_CANIDLE(clock, bit) \
- if (diff & (1 << bit)) { \
- clk = omap_findclk(s, clock); \
- omap_clk_canidle(clk, (value >> bit) & 1); \
- }
- SET_CANIDLE("mpuwd_ck", 0) /* IDLWDT_ARM */
- SET_CANIDLE("armxor_ck", 1) /* IDLXORP_ARM */
- SET_CANIDLE("mpuper_ck", 2) /* IDLPER_ARM */
- SET_CANIDLE("lcd_ck", 3) /* IDLLCD_ARM */
- SET_CANIDLE("lb_ck", 4) /* IDLLB_ARM */
- SET_CANIDLE("hsab_ck", 5) /* IDLHSAB_ARM */
- SET_CANIDLE("tipb_ck", 6) /* IDLIF_ARM */
- SET_CANIDLE("dma_ck", 6) /* IDLIF_ARM */
- SET_CANIDLE("tc_ck", 6) /* IDLIF_ARM */
- SET_CANIDLE("dpll1", 7) /* IDLDPLL_ARM */
- SET_CANIDLE("dpll2", 7) /* IDLDPLL_ARM */
- SET_CANIDLE("dpll3", 7) /* IDLDPLL_ARM */
- SET_CANIDLE("mpui_ck", 8) /* IDLAPI_ARM */
- SET_CANIDLE("armtim_ck", 9) /* IDLTIM_ARM */
-}
-
-static inline void omap_clkm_idlect2_update(struct omap_mpu_state_s *s,
- uint16_t diff, uint16_t value)
-{
- omap_clk clk;
-
-#define SET_ONOFF(clock, bit) \
- if (diff & (1 << bit)) { \
- clk = omap_findclk(s, clock); \
- omap_clk_onoff(clk, (value >> bit) & 1); \
- }
- SET_ONOFF("mpuwd_ck", 0) /* EN_WDTCK */
- SET_ONOFF("armxor_ck", 1) /* EN_XORPCK */
- SET_ONOFF("mpuper_ck", 2) /* EN_PERCK */
- SET_ONOFF("lcd_ck", 3) /* EN_LCDCK */
- SET_ONOFF("lb_ck", 4) /* EN_LBCK */
- SET_ONOFF("hsab_ck", 5) /* EN_HSABCK */
- SET_ONOFF("mpui_ck", 6) /* EN_APICK */
- SET_ONOFF("armtim_ck", 7) /* EN_TIMCK */
- SET_CANIDLE("dma_ck", 8) /* DMACK_REQ */
- SET_ONOFF("arm_gpio_ck", 9) /* EN_GPIOCK */
- SET_ONOFF("lbfree_ck", 10) /* EN_LBFREECK */
-}
-
-static inline void omap_clkm_ckout1_update(struct omap_mpu_state_s *s,
- uint16_t diff, uint16_t value)
-{
- omap_clk clk;
-
- if (diff & (3 << 4)) { /* TCLKOUT */
- clk = omap_findclk(s, "tclk_out");
- switch ((value >> 4) & 3) {
- case 1:
- omap_clk_reparent(clk, omap_findclk(s, "ck_gen3"));
- omap_clk_onoff(clk, 1);
- break;
- case 2:
- omap_clk_reparent(clk, omap_findclk(s, "tc_ck"));
- omap_clk_onoff(clk, 1);
- break;
- default:
- omap_clk_onoff(clk, 0);
- }
- }
- if (diff & (3 << 2)) { /* DCLKOUT */
- clk = omap_findclk(s, "dclk_out");
- switch ((value >> 2) & 3) {
- case 0:
- omap_clk_reparent(clk, omap_findclk(s, "dspmmu_ck"));
- break;
- case 1:
- omap_clk_reparent(clk, omap_findclk(s, "ck_gen2"));
- break;
- case 2:
- omap_clk_reparent(clk, omap_findclk(s, "dsp_ck"));
- break;
- case 3:
- omap_clk_reparent(clk, omap_findclk(s, "ck_ref14"));
- break;
- }
- }
- if (diff & (3 << 0)) { /* ACLKOUT */
- clk = omap_findclk(s, "aclk_out");
- switch ((value >> 0) & 3) {
- case 1:
- omap_clk_reparent(clk, omap_findclk(s, "ck_gen1"));
- omap_clk_onoff(clk, 1);
- break;
- case 2:
- omap_clk_reparent(clk, omap_findclk(s, "arm_ck"));
- omap_clk_onoff(clk, 1);
- break;
- case 3:
- omap_clk_reparent(clk, omap_findclk(s, "ck_ref14"));
- omap_clk_onoff(clk, 1);
- break;
- default:
- omap_clk_onoff(clk, 0);
- }
- }
-}
-
-static void omap_clkm_write(void *opaque, hwaddr addr,
- uint64_t value, unsigned size)
-{
- struct omap_mpu_state_s *s = (struct omap_mpu_state_s *) opaque;
- uint16_t diff;
- omap_clk clk;
- static const char *clkschemename[8] = {
- "fully synchronous", "fully asynchronous", "synchronous scalable",
- "mix mode 1", "mix mode 2", "bypass mode", "mix mode 3", "mix mode 4",
- };
-
- if (size != 2) {
- return omap_badwidth_write16(opaque, addr, value);
- }
-
- switch (addr) {
- case 0x00: /* ARM_CKCTL */
- diff = s->clkm.arm_ckctl ^ value;
- s->clkm.arm_ckctl = value & 0x7fff;
- omap_clkm_ckctl_update(s, diff, value);
- return;
-
- case 0x04: /* ARM_IDLECT1 */
- diff = s->clkm.arm_idlect1 ^ value;
- s->clkm.arm_idlect1 = value & 0x0fff;
- omap_clkm_idlect1_update(s, diff, value);
- return;
-
- case 0x08: /* ARM_IDLECT2 */
- diff = s->clkm.arm_idlect2 ^ value;
- s->clkm.arm_idlect2 = value & 0x07ff;
- omap_clkm_idlect2_update(s, diff, value);
- return;
-
- case 0x0c: /* ARM_EWUPCT */
- s->clkm.arm_ewupct = value & 0x003f;
- return;
-
- case 0x10: /* ARM_RSTCT1 */
- diff = s->clkm.arm_rstct1 ^ value;
- s->clkm.arm_rstct1 = value & 0x0007;
- if (value & 9) {
- qemu_system_reset_request();
- s->clkm.cold_start = 0xa;
- }
- if (diff & ~value & 4) { /* DSP_RST */
- omap_mpui_reset(s);
- omap_tipb_bridge_reset(s->private_tipb);
- omap_tipb_bridge_reset(s->public_tipb);
- }
- if (diff & 2) { /* DSP_EN */
- clk = omap_findclk(s, "dsp_ck");
- omap_clk_canidle(clk, (~value >> 1) & 1);
- }
- return;
-
- case 0x14: /* ARM_RSTCT2 */
- s->clkm.arm_rstct2 = value & 0x0001;
- return;
-
- case 0x18: /* ARM_SYSST */
- if ((s->clkm.clocking_scheme ^ (value >> 11)) & 7) {
- s->clkm.clocking_scheme = (value >> 11) & 7;
- printf("%s: clocking scheme set to %s\n", __FUNCTION__,
- clkschemename[s->clkm.clocking_scheme]);
- }
- s->clkm.cold_start &= value & 0x3f;
- return;
-
- case 0x1c: /* ARM_CKOUT1 */
- diff = s->clkm.arm_ckout1 ^ value;
- s->clkm.arm_ckout1 = value & 0x003f;
- omap_clkm_ckout1_update(s, diff, value);
- return;
-
- case 0x20: /* ARM_CKOUT2 */
- default:
- OMAP_BAD_REG(addr);
- }
-}
-
-static const MemoryRegionOps omap_clkm_ops = {
- .read = omap_clkm_read,
- .write = omap_clkm_write,
- .endianness = DEVICE_NATIVE_ENDIAN,
-};
-
-static uint64_t omap_clkdsp_read(void *opaque, hwaddr addr,
- unsigned size)
-{
- struct omap_mpu_state_s *s = (struct omap_mpu_state_s *) opaque;
-
- if (size != 2) {
- return omap_badwidth_read16(opaque, addr);
- }
-
- switch (addr) {
- case 0x04: /* DSP_IDLECT1 */
- return s->clkm.dsp_idlect1;
-
- case 0x08: /* DSP_IDLECT2 */
- return s->clkm.dsp_idlect2;
-
- case 0x14: /* DSP_RSTCT2 */
- return s->clkm.dsp_rstct2;
-
- case 0x18: /* DSP_SYSST */
- return (s->clkm.clocking_scheme << 11) | s->clkm.cold_start |
- (s->cpu->env.halted << 6); /* Quite useless... */
- }
-
- OMAP_BAD_REG(addr);
- return 0;
-}
-
-static inline void omap_clkdsp_idlect1_update(struct omap_mpu_state_s *s,
- uint16_t diff, uint16_t value)
-{
- omap_clk clk;
-
- SET_CANIDLE("dspxor_ck", 1); /* IDLXORP_DSP */
-}
-
-static inline void omap_clkdsp_idlect2_update(struct omap_mpu_state_s *s,
- uint16_t diff, uint16_t value)
-{
- omap_clk clk;
-
- SET_ONOFF("dspxor_ck", 1); /* EN_XORPCK */
-}
-
-static void omap_clkdsp_write(void *opaque, hwaddr addr,
- uint64_t value, unsigned size)
-{
- struct omap_mpu_state_s *s = (struct omap_mpu_state_s *) opaque;
- uint16_t diff;
-
- if (size != 2) {
- return omap_badwidth_write16(opaque, addr, value);
- }
-
- switch (addr) {
- case 0x04: /* DSP_IDLECT1 */
- diff = s->clkm.dsp_idlect1 ^ value;
- s->clkm.dsp_idlect1 = value & 0x01f7;
- omap_clkdsp_idlect1_update(s, diff, value);
- break;
-
- case 0x08: /* DSP_IDLECT2 */
- s->clkm.dsp_idlect2 = value & 0x0037;
- diff = s->clkm.dsp_idlect1 ^ value;
- omap_clkdsp_idlect2_update(s, diff, value);
- break;
-
- case 0x14: /* DSP_RSTCT2 */
- s->clkm.dsp_rstct2 = value & 0x0001;
- break;
-
- case 0x18: /* DSP_SYSST */
- s->clkm.cold_start &= value & 0x3f;
- break;
-
- default:
- OMAP_BAD_REG(addr);
- }
-}
-
-static const MemoryRegionOps omap_clkdsp_ops = {
- .read = omap_clkdsp_read,
- .write = omap_clkdsp_write,
- .endianness = DEVICE_NATIVE_ENDIAN,
-};
-
-static void omap_clkm_reset(struct omap_mpu_state_s *s)
-{
- if (s->wdt && s->wdt->reset)
- s->clkm.cold_start = 0x6;
- s->clkm.clocking_scheme = 0;
- omap_clkm_ckctl_update(s, ~0, 0x3000);
- s->clkm.arm_ckctl = 0x3000;
- omap_clkm_idlect1_update(s, s->clkm.arm_idlect1 ^ 0x0400, 0x0400);
- s->clkm.arm_idlect1 = 0x0400;
- omap_clkm_idlect2_update(s, s->clkm.arm_idlect2 ^ 0x0100, 0x0100);
- s->clkm.arm_idlect2 = 0x0100;
- s->clkm.arm_ewupct = 0x003f;
- s->clkm.arm_rstct1 = 0x0000;
- s->clkm.arm_rstct2 = 0x0000;
- s->clkm.arm_ckout1 = 0x0015;
- s->clkm.dpll1_mode = 0x2002;
- omap_clkdsp_idlect1_update(s, s->clkm.dsp_idlect1 ^ 0x0040, 0x0040);
- s->clkm.dsp_idlect1 = 0x0040;
- omap_clkdsp_idlect2_update(s, ~0, 0x0000);
- s->clkm.dsp_idlect2 = 0x0000;
- s->clkm.dsp_rstct2 = 0x0000;
-}
-
-static void omap_clkm_init(MemoryRegion *memory, hwaddr mpu_base,
- hwaddr dsp_base, struct omap_mpu_state_s *s)
-{
- memory_region_init_io(&s->clkm_iomem, &omap_clkm_ops, s,
- "omap-clkm", 0x100);
- memory_region_init_io(&s->clkdsp_iomem, &omap_clkdsp_ops, s,
- "omap-clkdsp", 0x1000);
-
- s->clkm.arm_idlect1 = 0x03ff;
- s->clkm.arm_idlect2 = 0x0100;
- s->clkm.dsp_idlect1 = 0x0002;
- omap_clkm_reset(s);
- s->clkm.cold_start = 0x3a;
-
- memory_region_add_subregion(memory, mpu_base, &s->clkm_iomem);
- memory_region_add_subregion(memory, dsp_base, &s->clkdsp_iomem);
-}
-
-/* MPU I/O */
-struct omap_mpuio_s {
- qemu_irq irq;
- qemu_irq kbd_irq;
- qemu_irq *in;
- qemu_irq handler[16];
- qemu_irq wakeup;
- MemoryRegion iomem;
-
- uint16_t inputs;
- uint16_t outputs;
- uint16_t dir;
- uint16_t edge;
- uint16_t mask;
- uint16_t ints;
-
- uint16_t debounce;
- uint16_t latch;
- uint8_t event;
-
- uint8_t buttons[5];
- uint8_t row_latch;
- uint8_t cols;
- int kbd_mask;
- int clk;
-};
-
-static void omap_mpuio_set(void *opaque, int line, int level)
-{
- struct omap_mpuio_s *s = (struct omap_mpuio_s *) opaque;
- uint16_t prev = s->inputs;
-
- if (level)
- s->inputs |= 1 << line;
- else
- s->inputs &= ~(1 << line);
-
- if (((1 << line) & s->dir & ~s->mask) && s->clk) {
- if ((s->edge & s->inputs & ~prev) | (~s->edge & ~s->inputs & prev)) {
- s->ints |= 1 << line;
- qemu_irq_raise(s->irq);
- /* TODO: wakeup */
- }
- if ((s->event & (1 << 0)) && /* SET_GPIO_EVENT_MODE */
- (s->event >> 1) == line) /* PIN_SELECT */
- s->latch = s->inputs;
- }
-}
-
-static void omap_mpuio_kbd_update(struct omap_mpuio_s *s)
-{
- int i;
- uint8_t *row, rows = 0, cols = ~s->cols;
-
- for (row = s->buttons + 4, i = 1 << 4; i; row --, i >>= 1)
- if (*row & cols)
- rows |= i;
-
- qemu_set_irq(s->kbd_irq, rows && !s->kbd_mask && s->clk);
- s->row_latch = ~rows;
-}
-
-static uint64_t omap_mpuio_read(void *opaque, hwaddr addr,
- unsigned size)
-{
- struct omap_mpuio_s *s = (struct omap_mpuio_s *) opaque;
- int offset = addr & OMAP_MPUI_REG_MASK;
- uint16_t ret;
-
- if (size != 2) {
- return omap_badwidth_read16(opaque, addr);
- }
-
- switch (offset) {
- case 0x00: /* INPUT_LATCH */
- return s->inputs;
-
- case 0x04: /* OUTPUT_REG */
- return s->outputs;
-
- case 0x08: /* IO_CNTL */
- return s->dir;
-
- case 0x10: /* KBR_LATCH */
- return s->row_latch;
-
- case 0x14: /* KBC_REG */
- return s->cols;
-
- case 0x18: /* GPIO_EVENT_MODE_REG */
- return s->event;
-
- case 0x1c: /* GPIO_INT_EDGE_REG */
- return s->edge;
-
- case 0x20: /* KBD_INT */
- return (~s->row_latch & 0x1f) && !s->kbd_mask;
-
- case 0x24: /* GPIO_INT */
- ret = s->ints;
- s->ints &= s->mask;
- if (ret)
- qemu_irq_lower(s->irq);
- return ret;
-
- case 0x28: /* KBD_MASKIT */
- return s->kbd_mask;
-
- case 0x2c: /* GPIO_MASKIT */
- return s->mask;
-
- case 0x30: /* GPIO_DEBOUNCING_REG */
- return s->debounce;
-
- case 0x34: /* GPIO_LATCH_REG */
- return s->latch;
- }
-
- OMAP_BAD_REG(addr);
- return 0;
-}
-
-static void omap_mpuio_write(void *opaque, hwaddr addr,
- uint64_t value, unsigned size)
-{
- struct omap_mpuio_s *s = (struct omap_mpuio_s *) opaque;
- int offset = addr & OMAP_MPUI_REG_MASK;
- uint16_t diff;
- int ln;
-
- if (size != 2) {
- return omap_badwidth_write16(opaque, addr, value);
- }
-
- switch (offset) {
- case 0x04: /* OUTPUT_REG */
- diff = (s->outputs ^ value) & ~s->dir;
- s->outputs = value;
- while ((ln = ffs(diff))) {
- ln --;
- if (s->handler[ln])
- qemu_set_irq(s->handler[ln], (value >> ln) & 1);
- diff &= ~(1 << ln);
- }
- break;
-
- case 0x08: /* IO_CNTL */
- diff = s->outputs & (s->dir ^ value);
- s->dir = value;
-
- value = s->outputs & ~s->dir;
- while ((ln = ffs(diff))) {
- ln --;
- if (s->handler[ln])
- qemu_set_irq(s->handler[ln], (value >> ln) & 1);
- diff &= ~(1 << ln);
- }
- break;
-
- case 0x14: /* KBC_REG */
- s->cols = value;
- omap_mpuio_kbd_update(s);
- break;
-
- case 0x18: /* GPIO_EVENT_MODE_REG */
- s->event = value & 0x1f;
- break;
-
- case 0x1c: /* GPIO_INT_EDGE_REG */
- s->edge = value;
- break;
-
- case 0x28: /* KBD_MASKIT */
- s->kbd_mask = value & 1;
- omap_mpuio_kbd_update(s);
- break;
-
- case 0x2c: /* GPIO_MASKIT */
- s->mask = value;
- break;
-
- case 0x30: /* GPIO_DEBOUNCING_REG */
- s->debounce = value & 0x1ff;
- break;
-
- case 0x00: /* INPUT_LATCH */
- case 0x10: /* KBR_LATCH */
- case 0x20: /* KBD_INT */
- case 0x24: /* GPIO_INT */
- case 0x34: /* GPIO_LATCH_REG */
- OMAP_RO_REG(addr);
- return;
-
- default:
- OMAP_BAD_REG(addr);
- return;
- }
-}
-
-static const MemoryRegionOps omap_mpuio_ops = {
- .read = omap_mpuio_read,
- .write = omap_mpuio_write,
- .endianness = DEVICE_NATIVE_ENDIAN,
-};
-
-static void omap_mpuio_reset(struct omap_mpuio_s *s)
-{
- s->inputs = 0;
- s->outputs = 0;
- s->dir = ~0;
- s->event = 0;
- s->edge = 0;
- s->kbd_mask = 0;
- s->mask = 0;
- s->debounce = 0;
- s->latch = 0;
- s->ints = 0;
- s->row_latch = 0x1f;
- s->clk = 1;
-}
-
-static void omap_mpuio_onoff(void *opaque, int line, int on)
-{
- struct omap_mpuio_s *s = (struct omap_mpuio_s *) opaque;
-
- s->clk = on;
- if (on)
- omap_mpuio_kbd_update(s);
-}
-
-static struct omap_mpuio_s *omap_mpuio_init(MemoryRegion *memory,
- hwaddr base,
- qemu_irq kbd_int, qemu_irq gpio_int, qemu_irq wakeup,
- omap_clk clk)
-{
- struct omap_mpuio_s *s = (struct omap_mpuio_s *)
- g_malloc0(sizeof(struct omap_mpuio_s));
-
- s->irq = gpio_int;
- s->kbd_irq = kbd_int;
- s->wakeup = wakeup;
- s->in = qemu_allocate_irqs(omap_mpuio_set, s, 16);
- omap_mpuio_reset(s);
-
- memory_region_init_io(&s->iomem, &omap_mpuio_ops, s,
- "omap-mpuio", 0x800);
- memory_region_add_subregion(memory, base, &s->iomem);
-
- omap_clk_adduser(clk, qemu_allocate_irqs(omap_mpuio_onoff, s, 1)[0]);
-
- return s;
-}
-
-qemu_irq *omap_mpuio_in_get(struct omap_mpuio_s *s)
-{
- return s->in;
-}
-
-void omap_mpuio_out_set(struct omap_mpuio_s *s, int line, qemu_irq handler)
-{
- if (line >= 16 || line < 0)
- hw_error("%s: No GPIO line %i\n", __FUNCTION__, line);
- s->handler[line] = handler;
-}
-
-void omap_mpuio_key(struct omap_mpuio_s *s, int row, int col, int down)
-{
- if (row >= 5 || row < 0)
- hw_error("%s: No key %i-%i\n", __FUNCTION__, col, row);
-
- if (down)
- s->buttons[row] |= 1 << col;
- else
- s->buttons[row] &= ~(1 << col);
-
- omap_mpuio_kbd_update(s);
-}
-
-/* MicroWire Interface */
-struct omap_uwire_s {
- MemoryRegion iomem;
- qemu_irq txirq;
- qemu_irq rxirq;
- qemu_irq txdrq;
-
- uint16_t txbuf;
- uint16_t rxbuf;
- uint16_t control;
- uint16_t setup[5];
-
- uWireSlave *chip[4];
-};
-
-static void omap_uwire_transfer_start(struct omap_uwire_s *s)
-{
- int chipselect = (s->control >> 10) & 3; /* INDEX */
- uWireSlave *slave = s->chip[chipselect];
-
- if ((s->control >> 5) & 0x1f) { /* NB_BITS_WR */
- if (s->control & (1 << 12)) /* CS_CMD */
- if (slave && slave->send)
- slave->send(slave->opaque,
- s->txbuf >> (16 - ((s->control >> 5) & 0x1f)));
- s->control &= ~(1 << 14); /* CSRB */
- /* TODO: depending on s->setup[4] bits [1:0] assert an IRQ or
- * a DRQ. When is the level IRQ supposed to be reset? */
- }
-
- if ((s->control >> 0) & 0x1f) { /* NB_BITS_RD */
- if (s->control & (1 << 12)) /* CS_CMD */
- if (slave && slave->receive)
- s->rxbuf = slave->receive(slave->opaque);
- s->control |= 1 << 15; /* RDRB */
- /* TODO: depending on s->setup[4] bits [1:0] assert an IRQ or
- * a DRQ. When is the level IRQ supposed to be reset? */
- }
-}
-
-static uint64_t omap_uwire_read(void *opaque, hwaddr addr,
- unsigned size)
-{
- struct omap_uwire_s *s = (struct omap_uwire_s *) opaque;
- int offset = addr & OMAP_MPUI_REG_MASK;
-
- if (size != 2) {
- return omap_badwidth_read16(opaque, addr);
- }
-
- switch (offset) {
- case 0x00: /* RDR */
- s->control &= ~(1 << 15); /* RDRB */
- return s->rxbuf;
-
- case 0x04: /* CSR */
- return s->control;
-
- case 0x08: /* SR1 */
- return s->setup[0];
- case 0x0c: /* SR2 */
- return s->setup[1];
- case 0x10: /* SR3 */
- return s->setup[2];
- case 0x14: /* SR4 */
- return s->setup[3];
- case 0x18: /* SR5 */
- return s->setup[4];
- }
-
- OMAP_BAD_REG(addr);
- return 0;
-}
-
-static void omap_uwire_write(void *opaque, hwaddr addr,
- uint64_t value, unsigned size)
-{
- struct omap_uwire_s *s = (struct omap_uwire_s *) opaque;
- int offset = addr & OMAP_MPUI_REG_MASK;
-
- if (size != 2) {
- return omap_badwidth_write16(opaque, addr, value);
- }
-
- switch (offset) {
- case 0x00: /* TDR */
- s->txbuf = value; /* TD */
- if ((s->setup[4] & (1 << 2)) && /* AUTO_TX_EN */
- ((s->setup[4] & (1 << 3)) || /* CS_TOGGLE_TX_EN */
- (s->control & (1 << 12)))) { /* CS_CMD */
- s->control |= 1 << 14; /* CSRB */
- omap_uwire_transfer_start(s);
- }
- break;
-
- case 0x04: /* CSR */
- s->control = value & 0x1fff;
- if (value & (1 << 13)) /* START */
- omap_uwire_transfer_start(s);
- break;
-
- case 0x08: /* SR1 */
- s->setup[0] = value & 0x003f;
- break;
-
- case 0x0c: /* SR2 */
- s->setup[1] = value & 0x0fc0;
- break;
-
- case 0x10: /* SR3 */
- s->setup[2] = value & 0x0003;
- break;
-
- case 0x14: /* SR4 */
- s->setup[3] = value & 0x0001;
- break;
-
- case 0x18: /* SR5 */
- s->setup[4] = value & 0x000f;
- break;
-
- default:
- OMAP_BAD_REG(addr);
- return;
- }
-}
-
-static const MemoryRegionOps omap_uwire_ops = {
- .read = omap_uwire_read,
- .write = omap_uwire_write,
- .endianness = DEVICE_NATIVE_ENDIAN,
-};
-
-static void omap_uwire_reset(struct omap_uwire_s *s)
-{
- s->control = 0;
- s->setup[0] = 0;
- s->setup[1] = 0;
- s->setup[2] = 0;
- s->setup[3] = 0;
- s->setup[4] = 0;
-}
-
-static struct omap_uwire_s *omap_uwire_init(MemoryRegion *system_memory,
- hwaddr base,
- qemu_irq txirq, qemu_irq rxirq,
- qemu_irq dma,
- omap_clk clk)
-{
- struct omap_uwire_s *s = (struct omap_uwire_s *)
- g_malloc0(sizeof(struct omap_uwire_s));
-
- s->txirq = txirq;
- s->rxirq = rxirq;
- s->txdrq = dma;
- omap_uwire_reset(s);
-
- memory_region_init_io(&s->iomem, &omap_uwire_ops, s, "omap-uwire", 0x800);
- memory_region_add_subregion(system_memory, base, &s->iomem);
-
- return s;
-}
-
-void omap_uwire_attach(struct omap_uwire_s *s,
- uWireSlave *slave, int chipselect)
-{
- if (chipselect < 0 || chipselect > 3) {
- fprintf(stderr, "%s: Bad chipselect %i\n", __FUNCTION__, chipselect);
- exit(-1);
- }
-
- s->chip[chipselect] = slave;
-}
-
-/* Pseudonoise Pulse-Width Light Modulator */
-struct omap_pwl_s {
- MemoryRegion iomem;
- uint8_t output;
- uint8_t level;
- uint8_t enable;
- int clk;
-};
-
-static void omap_pwl_update(struct omap_pwl_s *s)
-{
- int output = (s->clk && s->enable) ? s->level : 0;
-
- if (output != s->output) {
- s->output = output;
- printf("%s: Backlight now at %i/256\n", __FUNCTION__, output);
- }
-}
-
-static uint64_t omap_pwl_read(void *opaque, hwaddr addr,
- unsigned size)
-{
- struct omap_pwl_s *s = (struct omap_pwl_s *) opaque;
- int offset = addr & OMAP_MPUI_REG_MASK;
-
- if (size != 1) {
- return omap_badwidth_read8(opaque, addr);
- }
-
- switch (offset) {
- case 0x00: /* PWL_LEVEL */
- return s->level;
- case 0x04: /* PWL_CTRL */
- return s->enable;
- }
- OMAP_BAD_REG(addr);
- return 0;
-}
-
-static void omap_pwl_write(void *opaque, hwaddr addr,
- uint64_t value, unsigned size)
-{
- struct omap_pwl_s *s = (struct omap_pwl_s *) opaque;
- int offset = addr & OMAP_MPUI_REG_MASK;
-
- if (size != 1) {
- return omap_badwidth_write8(opaque, addr, value);
- }
-
- switch (offset) {
- case 0x00: /* PWL_LEVEL */
- s->level = value;
- omap_pwl_update(s);
- break;
- case 0x04: /* PWL_CTRL */
- s->enable = value & 1;
- omap_pwl_update(s);
- break;
- default:
- OMAP_BAD_REG(addr);
- return;
- }
-}
-
-static const MemoryRegionOps omap_pwl_ops = {
- .read = omap_pwl_read,
- .write = omap_pwl_write,
- .endianness = DEVICE_NATIVE_ENDIAN,
-};
-
-static void omap_pwl_reset(struct omap_pwl_s *s)
-{
- s->output = 0;
- s->level = 0;
- s->enable = 0;
- s->clk = 1;
- omap_pwl_update(s);
-}
-
-static void omap_pwl_clk_update(void *opaque, int line, int on)
-{
- struct omap_pwl_s *s = (struct omap_pwl_s *) opaque;
-
- s->clk = on;
- omap_pwl_update(s);
-}
-
-static struct omap_pwl_s *omap_pwl_init(MemoryRegion *system_memory,
- hwaddr base,
- omap_clk clk)
-{
- struct omap_pwl_s *s = g_malloc0(sizeof(*s));
-
- omap_pwl_reset(s);
-
- memory_region_init_io(&s->iomem, &omap_pwl_ops, s,
- "omap-pwl", 0x800);
- memory_region_add_subregion(system_memory, base, &s->iomem);
-
- omap_clk_adduser(clk, qemu_allocate_irqs(omap_pwl_clk_update, s, 1)[0]);
- return s;
-}
-
-/* Pulse-Width Tone module */
-struct omap_pwt_s {
- MemoryRegion iomem;
- uint8_t frc;
- uint8_t vrc;
- uint8_t gcr;
- omap_clk clk;
-};
-
-static uint64_t omap_pwt_read(void *opaque, hwaddr addr,
- unsigned size)
-{
- struct omap_pwt_s *s = (struct omap_pwt_s *) opaque;
- int offset = addr & OMAP_MPUI_REG_MASK;
-
- if (size != 1) {
- return omap_badwidth_read8(opaque, addr);
- }
-
- switch (offset) {
- case 0x00: /* FRC */
- return s->frc;
- case 0x04: /* VCR */
- return s->vrc;
- case 0x08: /* GCR */
- return s->gcr;
- }
- OMAP_BAD_REG(addr);
- return 0;
-}
-
-static void omap_pwt_write(void *opaque, hwaddr addr,
- uint64_t value, unsigned size)
-{
- struct omap_pwt_s *s = (struct omap_pwt_s *) opaque;
- int offset = addr & OMAP_MPUI_REG_MASK;
-
- if (size != 1) {
- return omap_badwidth_write8(opaque, addr, value);
- }
-
- switch (offset) {
- case 0x00: /* FRC */
- s->frc = value & 0x3f;
- break;
- case 0x04: /* VRC */
- if ((value ^ s->vrc) & 1) {
- if (value & 1)
- printf("%s: %iHz buzz on\n", __FUNCTION__, (int)
- /* 1.5 MHz from a 12-MHz or 13-MHz PWT_CLK */
- ((omap_clk_getrate(s->clk) >> 3) /
- /* Pre-multiplexer divider */
- ((s->gcr & 2) ? 1 : 154) /
- /* Octave multiplexer */
- (2 << (value & 3)) *
- /* 101/107 divider */
- ((value & (1 << 2)) ? 101 : 107) *
- /* 49/55 divider */
- ((value & (1 << 3)) ? 49 : 55) *
- /* 50/63 divider */
- ((value & (1 << 4)) ? 50 : 63) *
- /* 80/127 divider */
- ((value & (1 << 5)) ? 80 : 127) /
- (107 * 55 * 63 * 127)));
- else
- printf("%s: silence!\n", __FUNCTION__);
- }
- s->vrc = value & 0x7f;
- break;
- case 0x08: /* GCR */
- s->gcr = value & 3;
- break;
- default:
- OMAP_BAD_REG(addr);
- return;
- }
-}
-
-static const MemoryRegionOps omap_pwt_ops = {
- .read =omap_pwt_read,
- .write = omap_pwt_write,
- .endianness = DEVICE_NATIVE_ENDIAN,
-};
-
-static void omap_pwt_reset(struct omap_pwt_s *s)
-{
- s->frc = 0;
- s->vrc = 0;
- s->gcr = 0;
-}
-
-static struct omap_pwt_s *omap_pwt_init(MemoryRegion *system_memory,
- hwaddr base,
- omap_clk clk)
-{
- struct omap_pwt_s *s = g_malloc0(sizeof(*s));
- s->clk = clk;
- omap_pwt_reset(s);
-
- memory_region_init_io(&s->iomem, &omap_pwt_ops, s,
- "omap-pwt", 0x800);
- memory_region_add_subregion(system_memory, base, &s->iomem);
- return s;
-}
-
-/* Real-time Clock module */
-struct omap_rtc_s {
- MemoryRegion iomem;
- qemu_irq irq;
- qemu_irq alarm;
- QEMUTimer *clk;
-
- uint8_t interrupts;
- uint8_t status;
- int16_t comp_reg;
- int running;
- int pm_am;
- int auto_comp;
- int round;
- struct tm alarm_tm;
- time_t alarm_ti;
-
- struct tm current_tm;
- time_t ti;
- uint64_t tick;
-};
-
-static void omap_rtc_interrupts_update(struct omap_rtc_s *s)
-{
- /* s->alarm is level-triggered */
- qemu_set_irq(s->alarm, (s->status >> 6) & 1);
-}
-
-static void omap_rtc_alarm_update(struct omap_rtc_s *s)
-{
- s->alarm_ti = mktimegm(&s->alarm_tm);
- if (s->alarm_ti == -1)
- printf("%s: conversion failed\n", __FUNCTION__);
-}
-
-static uint64_t omap_rtc_read(void *opaque, hwaddr addr,
- unsigned size)
-{
- struct omap_rtc_s *s = (struct omap_rtc_s *) opaque;
- int offset = addr & OMAP_MPUI_REG_MASK;
- uint8_t i;
-
- if (size != 1) {
- return omap_badwidth_read8(opaque, addr);
- }
-
- switch (offset) {
- case 0x00: /* SECONDS_REG */
- return to_bcd(s->current_tm.tm_sec);
-
- case 0x04: /* MINUTES_REG */
- return to_bcd(s->current_tm.tm_min);
-
- case 0x08: /* HOURS_REG */
- if (s->pm_am)
- return ((s->current_tm.tm_hour > 11) << 7) |
- to_bcd(((s->current_tm.tm_hour - 1) % 12) + 1);
- else
- return to_bcd(s->current_tm.tm_hour);
-
- case 0x0c: /* DAYS_REG */
- return to_bcd(s->current_tm.tm_mday);
-
- case 0x10: /* MONTHS_REG */
- return to_bcd(s->current_tm.tm_mon + 1);
-
- case 0x14: /* YEARS_REG */
- return to_bcd(s->current_tm.tm_year % 100);
-
- case 0x18: /* WEEK_REG */
- return s->current_tm.tm_wday;
-
- case 0x20: /* ALARM_SECONDS_REG */
- return to_bcd(s->alarm_tm.tm_sec);
-
- case 0x24: /* ALARM_MINUTES_REG */
- return to_bcd(s->alarm_tm.tm_min);
-
- case 0x28: /* ALARM_HOURS_REG */
- if (s->pm_am)
- return ((s->alarm_tm.tm_hour > 11) << 7) |
- to_bcd(((s->alarm_tm.tm_hour - 1) % 12) + 1);
- else
- return to_bcd(s->alarm_tm.tm_hour);
-
- case 0x2c: /* ALARM_DAYS_REG */
- return to_bcd(s->alarm_tm.tm_mday);
-
- case 0x30: /* ALARM_MONTHS_REG */
- return to_bcd(s->alarm_tm.tm_mon + 1);
-
- case 0x34: /* ALARM_YEARS_REG */
- return to_bcd(s->alarm_tm.tm_year % 100);
-
- case 0x40: /* RTC_CTRL_REG */
- return (s->pm_am << 3) | (s->auto_comp << 2) |
- (s->round << 1) | s->running;
-
- case 0x44: /* RTC_STATUS_REG */
- i = s->status;
- s->status &= ~0x3d;
- return i;
-
- case 0x48: /* RTC_INTERRUPTS_REG */
- return s->interrupts;
-
- case 0x4c: /* RTC_COMP_LSB_REG */
- return ((uint16_t) s->comp_reg) & 0xff;
-
- case 0x50: /* RTC_COMP_MSB_REG */
- return ((uint16_t) s->comp_reg) >> 8;
- }
-
- OMAP_BAD_REG(addr);
- return 0;
-}
-
-static void omap_rtc_write(void *opaque, hwaddr addr,
- uint64_t value, unsigned size)
-{
- struct omap_rtc_s *s = (struct omap_rtc_s *) opaque;
- int offset = addr & OMAP_MPUI_REG_MASK;
- struct tm new_tm;
- time_t ti[2];
-
- if (size != 1) {
- return omap_badwidth_write8(opaque, addr, value);
- }
-
- switch (offset) {
- case 0x00: /* SECONDS_REG */
-#ifdef ALMDEBUG
- printf("RTC SEC_REG <-- %02x\n", value);
-#endif
- s->ti -= s->current_tm.tm_sec;
- s->ti += from_bcd(value);
- return;
-
- case 0x04: /* MINUTES_REG */
-#ifdef ALMDEBUG
- printf("RTC MIN_REG <-- %02x\n", value);
-#endif
- s->ti -= s->current_tm.tm_min * 60;
- s->ti += from_bcd(value) * 60;
- return;
-
- case 0x08: /* HOURS_REG */
-#ifdef ALMDEBUG
- printf("RTC HRS_REG <-- %02x\n", value);
-#endif
- s->ti -= s->current_tm.tm_hour * 3600;
- if (s->pm_am) {
- s->ti += (from_bcd(value & 0x3f) & 12) * 3600;
- s->ti += ((value >> 7) & 1) * 43200;
- } else
- s->ti += from_bcd(value & 0x3f) * 3600;
- return;
-
- case 0x0c: /* DAYS_REG */
-#ifdef ALMDEBUG
- printf("RTC DAY_REG <-- %02x\n", value);
-#endif
- s->ti -= s->current_tm.tm_mday * 86400;
- s->ti += from_bcd(value) * 86400;
- return;
-
- case 0x10: /* MONTHS_REG */
-#ifdef ALMDEBUG
- printf("RTC MTH_REG <-- %02x\n", value);
-#endif
- memcpy(&new_tm, &s->current_tm, sizeof(new_tm));
- new_tm.tm_mon = from_bcd(value);
- ti[0] = mktimegm(&s->current_tm);
- ti[1] = mktimegm(&new_tm);
-
- if (ti[0] != -1 && ti[1] != -1) {
- s->ti -= ti[0];
- s->ti += ti[1];
- } else {
- /* A less accurate version */
- s->ti -= s->current_tm.tm_mon * 2592000;
- s->ti += from_bcd(value) * 2592000;
- }
- return;
-
- case 0x14: /* YEARS_REG */
-#ifdef ALMDEBUG
- printf("RTC YRS_REG <-- %02x\n", value);
-#endif
- memcpy(&new_tm, &s->current_tm, sizeof(new_tm));
- new_tm.tm_year += from_bcd(value) - (new_tm.tm_year % 100);
- ti[0] = mktimegm(&s->current_tm);
- ti[1] = mktimegm(&new_tm);
-
- if (ti[0] != -1 && ti[1] != -1) {
- s->ti -= ti[0];
- s->ti += ti[1];
- } else {
- /* A less accurate version */
- s->ti -= (s->current_tm.tm_year % 100) * 31536000;
- s->ti += from_bcd(value) * 31536000;
- }
- return;
-
- case 0x18: /* WEEK_REG */
- return; /* Ignored */
-
- case 0x20: /* ALARM_SECONDS_REG */
-#ifdef ALMDEBUG
- printf("ALM SEC_REG <-- %02x\n", value);
-#endif
- s->alarm_tm.tm_sec = from_bcd(value);
- omap_rtc_alarm_update(s);
- return;
-
- case 0x24: /* ALARM_MINUTES_REG */
-#ifdef ALMDEBUG
- printf("ALM MIN_REG <-- %02x\n", value);
-#endif
- s->alarm_tm.tm_min = from_bcd(value);
- omap_rtc_alarm_update(s);
- return;
-
- case 0x28: /* ALARM_HOURS_REG */
-#ifdef ALMDEBUG
- printf("ALM HRS_REG <-- %02x\n", value);
-#endif
- if (s->pm_am)
- s->alarm_tm.tm_hour =
- ((from_bcd(value & 0x3f)) % 12) +
- ((value >> 7) & 1) * 12;
- else
- s->alarm_tm.tm_hour = from_bcd(value);
- omap_rtc_alarm_update(s);
- return;
-
- case 0x2c: /* ALARM_DAYS_REG */
-#ifdef ALMDEBUG
- printf("ALM DAY_REG <-- %02x\n", value);
-#endif
- s->alarm_tm.tm_mday = from_bcd(value);
- omap_rtc_alarm_update(s);
- return;
-
- case 0x30: /* ALARM_MONTHS_REG */
-#ifdef ALMDEBUG
- printf("ALM MON_REG <-- %02x\n", value);
-#endif
- s->alarm_tm.tm_mon = from_bcd(value);
- omap_rtc_alarm_update(s);
- return;
-
- case 0x34: /* ALARM_YEARS_REG */
-#ifdef ALMDEBUG
- printf("ALM YRS_REG <-- %02x\n", value);
-#endif
- s->alarm_tm.tm_year = from_bcd(value);
- omap_rtc_alarm_update(s);
- return;
-
- case 0x40: /* RTC_CTRL_REG */
-#ifdef ALMDEBUG
- printf("RTC CONTROL <-- %02x\n", value);
-#endif
- s->pm_am = (value >> 3) & 1;
- s->auto_comp = (value >> 2) & 1;
- s->round = (value >> 1) & 1;
- s->running = value & 1;
- s->status &= 0xfd;
- s->status |= s->running << 1;
- return;
-
- case 0x44: /* RTC_STATUS_REG */
-#ifdef ALMDEBUG
- printf("RTC STATUSL <-- %02x\n", value);
-#endif
- s->status &= ~((value & 0xc0) ^ 0x80);
- omap_rtc_interrupts_update(s);
- return;
-
- case 0x48: /* RTC_INTERRUPTS_REG */
-#ifdef ALMDEBUG
- printf("RTC INTRS <-- %02x\n", value);
-#endif
- s->interrupts = value;
- return;
-
- case 0x4c: /* RTC_COMP_LSB_REG */
-#ifdef ALMDEBUG
- printf("RTC COMPLSB <-- %02x\n", value);
-#endif
- s->comp_reg &= 0xff00;
- s->comp_reg |= 0x00ff & value;
- return;
-
- case 0x50: /* RTC_COMP_MSB_REG */
-#ifdef ALMDEBUG
- printf("RTC COMPMSB <-- %02x\n", value);
-#endif
- s->comp_reg &= 0x00ff;
- s->comp_reg |= 0xff00 & (value << 8);
- return;
-
- default:
- OMAP_BAD_REG(addr);
- return;
- }
-}
-
-static const MemoryRegionOps omap_rtc_ops = {
- .read = omap_rtc_read,
- .write = omap_rtc_write,
- .endianness = DEVICE_NATIVE_ENDIAN,
-};
-
-static void omap_rtc_tick(void *opaque)
-{
- struct omap_rtc_s *s = opaque;
-
- if (s->round) {
- /* Round to nearest full minute. */
- if (s->current_tm.tm_sec < 30)
- s->ti -= s->current_tm.tm_sec;
- else
- s->ti += 60 - s->current_tm.tm_sec;
-
- s->round = 0;
- }
-
- memcpy(&s->current_tm, localtime(&s->ti), sizeof(s->current_tm));
-
- if ((s->interrupts & 0x08) && s->ti == s->alarm_ti) {
- s->status |= 0x40;
- omap_rtc_interrupts_update(s);
- }
-
- if (s->interrupts & 0x04)
- switch (s->interrupts & 3) {
- case 0:
- s->status |= 0x04;
- qemu_irq_pulse(s->irq);
- break;
- case 1:
- if (s->current_tm.tm_sec)
- break;
- s->status |= 0x08;
- qemu_irq_pulse(s->irq);
- break;
- case 2:
- if (s->current_tm.tm_sec || s->current_tm.tm_min)
- break;
- s->status |= 0x10;
- qemu_irq_pulse(s->irq);
- break;
- case 3:
- if (s->current_tm.tm_sec ||
- s->current_tm.tm_min || s->current_tm.tm_hour)
- break;
- s->status |= 0x20;
- qemu_irq_pulse(s->irq);
- break;
- }
-
- /* Move on */
- if (s->running)
- s->ti ++;
- s->tick += 1000;
-
- /*
- * Every full hour add a rough approximation of the compensation
- * register to the 32kHz Timer (which drives the RTC) value.
- */
- if (s->auto_comp && !s->current_tm.tm_sec && !s->current_tm.tm_min)
- s->tick += s->comp_reg * 1000 / 32768;
-
- qemu_mod_timer(s->clk, s->tick);
-}
-
-static void omap_rtc_reset(struct omap_rtc_s *s)
-{
- struct tm tm;
-
- s->interrupts = 0;
- s->comp_reg = 0;
- s->running = 0;
- s->pm_am = 0;
- s->auto_comp = 0;
- s->round = 0;
- s->tick = qemu_get_clock_ms(rtc_clock);
- memset(&s->alarm_tm, 0, sizeof(s->alarm_tm));
- s->alarm_tm.tm_mday = 0x01;
- s->status = 1 << 7;
- qemu_get_timedate(&tm, 0);
- s->ti = mktimegm(&tm);
-
- omap_rtc_alarm_update(s);
- omap_rtc_tick(s);
-}
-
-static struct omap_rtc_s *omap_rtc_init(MemoryRegion *system_memory,
- hwaddr base,
- qemu_irq timerirq, qemu_irq alarmirq,
- omap_clk clk)
-{
- struct omap_rtc_s *s = (struct omap_rtc_s *)
- g_malloc0(sizeof(struct omap_rtc_s));
-
- s->irq = timerirq;
- s->alarm = alarmirq;
- s->clk = qemu_new_timer_ms(rtc_clock, omap_rtc_tick, s);
-
- omap_rtc_reset(s);
-
- memory_region_init_io(&s->iomem, &omap_rtc_ops, s,
- "omap-rtc", 0x800);
- memory_region_add_subregion(system_memory, base, &s->iomem);
-
- return s;
-}
-
-/* Multi-channel Buffered Serial Port interfaces */
-struct omap_mcbsp_s {
- MemoryRegion iomem;
- qemu_irq txirq;
- qemu_irq rxirq;
- qemu_irq txdrq;
- qemu_irq rxdrq;
-
- uint16_t spcr[2];
- uint16_t rcr[2];
- uint16_t xcr[2];
- uint16_t srgr[2];
- uint16_t mcr[2];
- uint16_t pcr;
- uint16_t rcer[8];
- uint16_t xcer[8];
- int tx_rate;
- int rx_rate;
- int tx_req;
- int rx_req;
-
- I2SCodec *codec;
- QEMUTimer *source_timer;
- QEMUTimer *sink_timer;
-};
-
-static void omap_mcbsp_intr_update(struct omap_mcbsp_s *s)
-{
- int irq;
-
- switch ((s->spcr[0] >> 4) & 3) { /* RINTM */
- case 0:
- irq = (s->spcr[0] >> 1) & 1; /* RRDY */
- break;
- case 3:
- irq = (s->spcr[0] >> 3) & 1; /* RSYNCERR */
- break;
- default:
- irq = 0;
- break;
- }
-
- if (irq)
- qemu_irq_pulse(s->rxirq);
-
- switch ((s->spcr[1] >> 4) & 3) { /* XINTM */
- case 0:
- irq = (s->spcr[1] >> 1) & 1; /* XRDY */
- break;
- case 3:
- irq = (s->spcr[1] >> 3) & 1; /* XSYNCERR */
- break;
- default:
- irq = 0;
- break;
- }
-
- if (irq)
- qemu_irq_pulse(s->txirq);
-}
-
-static void omap_mcbsp_rx_newdata(struct omap_mcbsp_s *s)
-{
- if ((s->spcr[0] >> 1) & 1) /* RRDY */
- s->spcr[0] |= 1 << 2; /* RFULL */
- s->spcr[0] |= 1 << 1; /* RRDY */
- qemu_irq_raise(s->rxdrq);
- omap_mcbsp_intr_update(s);
-}
-
-static void omap_mcbsp_source_tick(void *opaque)
-{
- struct omap_mcbsp_s *s = (struct omap_mcbsp_s *) opaque;
- static const int bps[8] = { 0, 1, 1, 2, 2, 2, -255, -255 };
-
- if (!s->rx_rate)
- return;
- if (s->rx_req)
- printf("%s: Rx FIFO overrun\n", __FUNCTION__);
-
- s->rx_req = s->rx_rate << bps[(s->rcr[0] >> 5) & 7];
-
- omap_mcbsp_rx_newdata(s);
- qemu_mod_timer(s->source_timer, qemu_get_clock_ns(vm_clock) +
- get_ticks_per_sec());
-}
-
-static void omap_mcbsp_rx_start(struct omap_mcbsp_s *s)
-{
- if (!s->codec || !s->codec->rts)
- omap_mcbsp_source_tick(s);
- else if (s->codec->in.len) {
- s->rx_req = s->codec->in.len;
- omap_mcbsp_rx_newdata(s);
- }
-}
-
-static void omap_mcbsp_rx_stop(struct omap_mcbsp_s *s)
-{
- qemu_del_timer(s->source_timer);
-}
-
-static void omap_mcbsp_rx_done(struct omap_mcbsp_s *s)
-{
- s->spcr[0] &= ~(1 << 1); /* RRDY */
- qemu_irq_lower(s->rxdrq);
- omap_mcbsp_intr_update(s);
-}
-
-static void omap_mcbsp_tx_newdata(struct omap_mcbsp_s *s)
-{
- s->spcr[1] |= 1 << 1; /* XRDY */
- qemu_irq_raise(s->txdrq);
- omap_mcbsp_intr_update(s);
-}
-
-static void omap_mcbsp_sink_tick(void *opaque)
-{
- struct omap_mcbsp_s *s = (struct omap_mcbsp_s *) opaque;
- static const int bps[8] = { 0, 1, 1, 2, 2, 2, -255, -255 };
-
- if (!s->tx_rate)
- return;
- if (s->tx_req)
- printf("%s: Tx FIFO underrun\n", __FUNCTION__);
-
- s->tx_req = s->tx_rate << bps[(s->xcr[0] >> 5) & 7];
-
- omap_mcbsp_tx_newdata(s);
- qemu_mod_timer(s->sink_timer, qemu_get_clock_ns(vm_clock) +
- get_ticks_per_sec());
-}
-
-static void omap_mcbsp_tx_start(struct omap_mcbsp_s *s)
-{
- if (!s->codec || !s->codec->cts)
- omap_mcbsp_sink_tick(s);
- else if (s->codec->out.size) {
- s->tx_req = s->codec->out.size;
- omap_mcbsp_tx_newdata(s);
- }
-}
-
-static void omap_mcbsp_tx_done(struct omap_mcbsp_s *s)
-{
- s->spcr[1] &= ~(1 << 1); /* XRDY */
- qemu_irq_lower(s->txdrq);
- omap_mcbsp_intr_update(s);
- if (s->codec && s->codec->cts)
- s->codec->tx_swallow(s->codec->opaque);
-}
-
-static void omap_mcbsp_tx_stop(struct omap_mcbsp_s *s)
-{
- s->tx_req = 0;
- omap_mcbsp_tx_done(s);
- qemu_del_timer(s->sink_timer);
-}
-
-static void omap_mcbsp_req_update(struct omap_mcbsp_s *s)
-{
- int prev_rx_rate, prev_tx_rate;
- int rx_rate = 0, tx_rate = 0;
- int cpu_rate = 1500000; /* XXX */
-
- /* TODO: check CLKSTP bit */
- if (s->spcr[1] & (1 << 6)) { /* GRST */
- if (s->spcr[0] & (1 << 0)) { /* RRST */
- if ((s->srgr[1] & (1 << 13)) && /* CLKSM */
- (s->pcr & (1 << 8))) { /* CLKRM */
- if (~s->pcr & (1 << 7)) /* SCLKME */
- rx_rate = cpu_rate /
- ((s->srgr[0] & 0xff) + 1); /* CLKGDV */
- } else
- if (s->codec)
- rx_rate = s->codec->rx_rate;
- }
-
- if (s->spcr[1] & (1 << 0)) { /* XRST */
- if ((s->srgr[1] & (1 << 13)) && /* CLKSM */
- (s->pcr & (1 << 9))) { /* CLKXM */
- if (~s->pcr & (1 << 7)) /* SCLKME */
- tx_rate = cpu_rate /
- ((s->srgr[0] & 0xff) + 1); /* CLKGDV */
- } else
- if (s->codec)
- tx_rate = s->codec->tx_rate;
- }
- }
- prev_tx_rate = s->tx_rate;
- prev_rx_rate = s->rx_rate;
- s->tx_rate = tx_rate;
- s->rx_rate = rx_rate;
-
- if (s->codec)
- s->codec->set_rate(s->codec->opaque, rx_rate, tx_rate);
-
- if (!prev_tx_rate && tx_rate)
- omap_mcbsp_tx_start(s);
- else if (s->tx_rate && !tx_rate)
- omap_mcbsp_tx_stop(s);
-
- if (!prev_rx_rate && rx_rate)
- omap_mcbsp_rx_start(s);
- else if (prev_tx_rate && !tx_rate)
- omap_mcbsp_rx_stop(s);
-}
-
-static uint64_t omap_mcbsp_read(void *opaque, hwaddr addr,
- unsigned size)
-{
- struct omap_mcbsp_s *s = (struct omap_mcbsp_s *) opaque;
- int offset = addr & OMAP_MPUI_REG_MASK;
- uint16_t ret;
-
- if (size != 2) {
- return omap_badwidth_read16(opaque, addr);
- }
-
- switch (offset) {
- case 0x00: /* DRR2 */
- if (((s->rcr[0] >> 5) & 7) < 3) /* RWDLEN1 */
- return 0x0000;
- /* Fall through. */
- case 0x02: /* DRR1 */
- if (s->rx_req < 2) {
- printf("%s: Rx FIFO underrun\n", __FUNCTION__);
- omap_mcbsp_rx_done(s);
- } else {
- s->tx_req -= 2;
- if (s->codec && s->codec->in.len >= 2) {
- ret = s->codec->in.fifo[s->codec->in.start ++] << 8;
- ret |= s->codec->in.fifo[s->codec->in.start ++];
- s->codec->in.len -= 2;
- } else
- ret = 0x0000;
- if (!s->tx_req)
- omap_mcbsp_rx_done(s);
- return ret;
- }
- return 0x0000;
-
- case 0x04: /* DXR2 */
- case 0x06: /* DXR1 */
- return 0x0000;
-
- case 0x08: /* SPCR2 */
- return s->spcr[1];
- case 0x0a: /* SPCR1 */
- return s->spcr[0];
- case 0x0c: /* RCR2 */
- return s->rcr[1];
- case 0x0e: /* RCR1 */
- return s->rcr[0];
- case 0x10: /* XCR2 */
- return s->xcr[1];
- case 0x12: /* XCR1 */
- return s->xcr[0];
- case 0x14: /* SRGR2 */
- return s->srgr[1];
- case 0x16: /* SRGR1 */
- return s->srgr[0];
- case 0x18: /* MCR2 */
- return s->mcr[1];
- case 0x1a: /* MCR1 */
- return s->mcr[0];
- case 0x1c: /* RCERA */
- return s->rcer[0];
- case 0x1e: /* RCERB */
- return s->rcer[1];
- case 0x20: /* XCERA */
- return s->xcer[0];
- case 0x22: /* XCERB */
- return s->xcer[1];
- case 0x24: /* PCR0 */
- return s->pcr;
- case 0x26: /* RCERC */
- return s->rcer[2];
- case 0x28: /* RCERD */
- return s->rcer[3];
- case 0x2a: /* XCERC */
- return s->xcer[2];
- case 0x2c: /* XCERD */
- return s->xcer[3];
- case 0x2e: /* RCERE */
- return s->rcer[4];
- case 0x30: /* RCERF */
- return s->rcer[5];
- case 0x32: /* XCERE */
- return s->xcer[4];
- case 0x34: /* XCERF */
- return s->xcer[5];
- case 0x36: /* RCERG */
- return s->rcer[6];
- case 0x38: /* RCERH */
- return s->rcer[7];
- case 0x3a: /* XCERG */
- return s->xcer[6];
- case 0x3c: /* XCERH */
- return s->xcer[7];
- }
-
- OMAP_BAD_REG(addr);
- return 0;
-}
-
-static void omap_mcbsp_writeh(void *opaque, hwaddr addr,
- uint32_t value)
-{
- struct omap_mcbsp_s *s = (struct omap_mcbsp_s *) opaque;
- int offset = addr & OMAP_MPUI_REG_MASK;
-
- switch (offset) {
- case 0x00: /* DRR2 */
- case 0x02: /* DRR1 */
- OMAP_RO_REG(addr);
- return;
-
- case 0x04: /* DXR2 */
- if (((s->xcr[0] >> 5) & 7) < 3) /* XWDLEN1 */
- return;
- /* Fall through. */
- case 0x06: /* DXR1 */
- if (s->tx_req > 1) {
- s->tx_req -= 2;
- if (s->codec && s->codec->cts) {
- s->codec->out.fifo[s->codec->out.len ++] = (value >> 8) & 0xff;
- s->codec->out.fifo[s->codec->out.len ++] = (value >> 0) & 0xff;
- }
- if (s->tx_req < 2)
- omap_mcbsp_tx_done(s);
- } else
- printf("%s: Tx FIFO overrun\n", __FUNCTION__);
- return;
-
- case 0x08: /* SPCR2 */
- s->spcr[1] &= 0x0002;
- s->spcr[1] |= 0x03f9 & value;
- s->spcr[1] |= 0x0004 & (value << 2); /* XEMPTY := XRST */
- if (~value & 1) /* XRST */
- s->spcr[1] &= ~6;
- omap_mcbsp_req_update(s);
- return;
- case 0x0a: /* SPCR1 */
- s->spcr[0] &= 0x0006;
- s->spcr[0] |= 0xf8f9 & value;
- if (value & (1 << 15)) /* DLB */
- printf("%s: Digital Loopback mode enable attempt\n", __FUNCTION__);
- if (~value & 1) { /* RRST */
- s->spcr[0] &= ~6;
- s->rx_req = 0;
- omap_mcbsp_rx_done(s);
- }
- omap_mcbsp_req_update(s);
- return;
-
- case 0x0c: /* RCR2 */
- s->rcr[1] = value & 0xffff;
- return;
- case 0x0e: /* RCR1 */
- s->rcr[0] = value & 0x7fe0;
- return;
- case 0x10: /* XCR2 */
- s->xcr[1] = value & 0xffff;
- return;
- case 0x12: /* XCR1 */
- s->xcr[0] = value & 0x7fe0;
- return;
- case 0x14: /* SRGR2 */
- s->srgr[1] = value & 0xffff;
- omap_mcbsp_req_update(s);
- return;
- case 0x16: /* SRGR1 */
- s->srgr[0] = value & 0xffff;
- omap_mcbsp_req_update(s);
- return;
- case 0x18: /* MCR2 */
- s->mcr[1] = value & 0x03e3;
- if (value & 3) /* XMCM */
- printf("%s: Tx channel selection mode enable attempt\n",
- __FUNCTION__);
- return;
- case 0x1a: /* MCR1 */
- s->mcr[0] = value & 0x03e1;
- if (value & 1) /* RMCM */
- printf("%s: Rx channel selection mode enable attempt\n",
- __FUNCTION__);
- return;
- case 0x1c: /* RCERA */
- s->rcer[0] = value & 0xffff;
- return;
- case 0x1e: /* RCERB */
- s->rcer[1] = value & 0xffff;
- return;
- case 0x20: /* XCERA */
- s->xcer[0] = value & 0xffff;
- return;
- case 0x22: /* XCERB */
- s->xcer[1] = value & 0xffff;
- return;
- case 0x24: /* PCR0 */
- s->pcr = value & 0x7faf;
- return;
- case 0x26: /* RCERC */
- s->rcer[2] = value & 0xffff;
- return;
- case 0x28: /* RCERD */
- s->rcer[3] = value & 0xffff;
- return;
- case 0x2a: /* XCERC */
- s->xcer[2] = value & 0xffff;
- return;
- case 0x2c: /* XCERD */
- s->xcer[3] = value & 0xffff;
- return;
- case 0x2e: /* RCERE */
- s->rcer[4] = value & 0xffff;
- return;
- case 0x30: /* RCERF */
- s->rcer[5] = value & 0xffff;
- return;
- case 0x32: /* XCERE */
- s->xcer[4] = value & 0xffff;
- return;
- case 0x34: /* XCERF */
- s->xcer[5] = value & 0xffff;
- return;
- case 0x36: /* RCERG */
- s->rcer[6] = value & 0xffff;
- return;
- case 0x38: /* RCERH */
- s->rcer[7] = value & 0xffff;
- return;
- case 0x3a: /* XCERG */
- s->xcer[6] = value & 0xffff;
- return;
- case 0x3c: /* XCERH */
- s->xcer[7] = value & 0xffff;
- return;
- }
-
- OMAP_BAD_REG(addr);
-}
-
-static void omap_mcbsp_writew(void *opaque, hwaddr addr,
- uint32_t value)
-{
- struct omap_mcbsp_s *s = (struct omap_mcbsp_s *) opaque;
- int offset = addr & OMAP_MPUI_REG_MASK;
-
- if (offset == 0x04) { /* DXR */
- if (((s->xcr[0] >> 5) & 7) < 3) /* XWDLEN1 */
- return;
- if (s->tx_req > 3) {
- s->tx_req -= 4;
- if (s->codec && s->codec->cts) {
- s->codec->out.fifo[s->codec->out.len ++] =
- (value >> 24) & 0xff;
- s->codec->out.fifo[s->codec->out.len ++] =
- (value >> 16) & 0xff;
- s->codec->out.fifo[s->codec->out.len ++] =
- (value >> 8) & 0xff;
- s->codec->out.fifo[s->codec->out.len ++] =
- (value >> 0) & 0xff;
- }
- if (s->tx_req < 4)
- omap_mcbsp_tx_done(s);
- } else
- printf("%s: Tx FIFO overrun\n", __FUNCTION__);
- return;
- }
-
- omap_badwidth_write16(opaque, addr, value);
-}
-
-static void omap_mcbsp_write(void *opaque, hwaddr addr,
- uint64_t value, unsigned size)
-{
- switch (size) {
- case 2: return omap_mcbsp_writeh(opaque, addr, value);
- case 4: return omap_mcbsp_writew(opaque, addr, value);
- default: return omap_badwidth_write16(opaque, addr, value);
- }
-}
-
-static const MemoryRegionOps omap_mcbsp_ops = {
- .read = omap_mcbsp_read,
- .write = omap_mcbsp_write,
- .endianness = DEVICE_NATIVE_ENDIAN,
-};
-
-static void omap_mcbsp_reset(struct omap_mcbsp_s *s)
-{
- memset(&s->spcr, 0, sizeof(s->spcr));
- memset(&s->rcr, 0, sizeof(s->rcr));
- memset(&s->xcr, 0, sizeof(s->xcr));
- s->srgr[0] = 0x0001;
- s->srgr[1] = 0x2000;
- memset(&s->mcr, 0, sizeof(s->mcr));
- memset(&s->pcr, 0, sizeof(s->pcr));
- memset(&s->rcer, 0, sizeof(s->rcer));
- memset(&s->xcer, 0, sizeof(s->xcer));
- s->tx_req = 0;
- s->rx_req = 0;
- s->tx_rate = 0;
- s->rx_rate = 0;
- qemu_del_timer(s->source_timer);
- qemu_del_timer(s->sink_timer);
-}
-
-static struct omap_mcbsp_s *omap_mcbsp_init(MemoryRegion *system_memory,
- hwaddr base,
- qemu_irq txirq, qemu_irq rxirq,
- qemu_irq *dma, omap_clk clk)
-{
- struct omap_mcbsp_s *s = (struct omap_mcbsp_s *)
- g_malloc0(sizeof(struct omap_mcbsp_s));
-
- s->txirq = txirq;
- s->rxirq = rxirq;
- s->txdrq = dma[0];
- s->rxdrq = dma[1];
- s->sink_timer = qemu_new_timer_ns(vm_clock, omap_mcbsp_sink_tick, s);
- s->source_timer = qemu_new_timer_ns(vm_clock, omap_mcbsp_source_tick, s);
- omap_mcbsp_reset(s);
-
- memory_region_init_io(&s->iomem, &omap_mcbsp_ops, s, "omap-mcbsp", 0x800);
- memory_region_add_subregion(system_memory, base, &s->iomem);
-
- return s;
-}
-
-static void omap_mcbsp_i2s_swallow(void *opaque, int line, int level)
-{
- struct omap_mcbsp_s *s = (struct omap_mcbsp_s *) opaque;
-
- if (s->rx_rate) {
- s->rx_req = s->codec->in.len;
- omap_mcbsp_rx_newdata(s);
- }
-}
-
-static void omap_mcbsp_i2s_start(void *opaque, int line, int level)
-{
- struct omap_mcbsp_s *s = (struct omap_mcbsp_s *) opaque;
-
- if (s->tx_rate) {
- s->tx_req = s->codec->out.size;
- omap_mcbsp_tx_newdata(s);
- }
-}
-
-void omap_mcbsp_i2s_attach(struct omap_mcbsp_s *s, I2SCodec *slave)
-{
- s->codec = slave;
- slave->rx_swallow = qemu_allocate_irqs(omap_mcbsp_i2s_swallow, s, 1)[0];
- slave->tx_start = qemu_allocate_irqs(omap_mcbsp_i2s_start, s, 1)[0];
-}
-
-/* LED Pulse Generators */
-struct omap_lpg_s {
- MemoryRegion iomem;
- QEMUTimer *tm;
-
- uint8_t control;
- uint8_t power;
- int64_t on;
- int64_t period;
- int clk;
- int cycle;
-};
-
-static void omap_lpg_tick(void *opaque)
-{
- struct omap_lpg_s *s = opaque;
-
- if (s->cycle)
- qemu_mod_timer(s->tm, qemu_get_clock_ms(vm_clock) + s->period - s->on);
- else
- qemu_mod_timer(s->tm, qemu_get_clock_ms(vm_clock) + s->on);
-
- s->cycle = !s->cycle;
- printf("%s: LED is %s\n", __FUNCTION__, s->cycle ? "on" : "off");
-}
-
-static void omap_lpg_update(struct omap_lpg_s *s)
-{
- int64_t on, period = 1, ticks = 1000;
- static const int per[8] = { 1, 2, 4, 8, 12, 16, 20, 24 };
-
- if (~s->control & (1 << 6)) /* LPGRES */
- on = 0;
- else if (s->control & (1 << 7)) /* PERM_ON */
- on = period;
- else {
- period = muldiv64(ticks, per[s->control & 7], /* PERCTRL */
- 256 / 32);
- on = (s->clk && s->power) ? muldiv64(ticks,
- per[(s->control >> 3) & 7], 256) : 0; /* ONCTRL */
- }
-
- qemu_del_timer(s->tm);
- if (on == period && s->on < s->period)
- printf("%s: LED is on\n", __FUNCTION__);
- else if (on == 0 && s->on)
- printf("%s: LED is off\n", __FUNCTION__);
- else if (on && (on != s->on || period != s->period)) {
- s->cycle = 0;
- s->on = on;
- s->period = period;
- omap_lpg_tick(s);
- return;
- }
-
- s->on = on;
- s->period = period;
-}
-
-static void omap_lpg_reset(struct omap_lpg_s *s)
-{
- s->control = 0x00;
- s->power = 0x00;
- s->clk = 1;
- omap_lpg_update(s);
-}
-
-static uint64_t omap_lpg_read(void *opaque, hwaddr addr,
- unsigned size)
-{
- struct omap_lpg_s *s = (struct omap_lpg_s *) opaque;
- int offset = addr & OMAP_MPUI_REG_MASK;
-
- if (size != 1) {
- return omap_badwidth_read8(opaque, addr);
- }
-
- switch (offset) {
- case 0x00: /* LCR */
- return s->control;
-
- case 0x04: /* PMR */
- return s->power;
- }
-
- OMAP_BAD_REG(addr);
- return 0;
-}
-
-static void omap_lpg_write(void *opaque, hwaddr addr,
- uint64_t value, unsigned size)
-{
- struct omap_lpg_s *s = (struct omap_lpg_s *) opaque;
- int offset = addr & OMAP_MPUI_REG_MASK;
-
- if (size != 1) {
- return omap_badwidth_write8(opaque, addr, value);
- }
-
- switch (offset) {
- case 0x00: /* LCR */
- if (~value & (1 << 6)) /* LPGRES */
- omap_lpg_reset(s);
- s->control = value & 0xff;
- omap_lpg_update(s);
- return;
-
- case 0x04: /* PMR */
- s->power = value & 0x01;
- omap_lpg_update(s);
- return;
-
- default:
- OMAP_BAD_REG(addr);
- return;
- }
-}
-
-static const MemoryRegionOps omap_lpg_ops = {
- .read = omap_lpg_read,
- .write = omap_lpg_write,
- .endianness = DEVICE_NATIVE_ENDIAN,
-};
-
-static void omap_lpg_clk_update(void *opaque, int line, int on)
-{
- struct omap_lpg_s *s = (struct omap_lpg_s *) opaque;
-
- s->clk = on;
- omap_lpg_update(s);
-}
-
-static struct omap_lpg_s *omap_lpg_init(MemoryRegion *system_memory,
- hwaddr base, omap_clk clk)
-{
- struct omap_lpg_s *s = (struct omap_lpg_s *)
- g_malloc0(sizeof(struct omap_lpg_s));
-
- s->tm = qemu_new_timer_ms(vm_clock, omap_lpg_tick, s);
-
- omap_lpg_reset(s);
-
- memory_region_init_io(&s->iomem, &omap_lpg_ops, s, "omap-lpg", 0x800);
- memory_region_add_subregion(system_memory, base, &s->iomem);
-
- omap_clk_adduser(clk, qemu_allocate_irqs(omap_lpg_clk_update, s, 1)[0]);
-
- return s;
-}
-
-/* MPUI Peripheral Bridge configuration */
-static uint64_t omap_mpui_io_read(void *opaque, hwaddr addr,
- unsigned size)
-{
- if (size != 2) {
- return omap_badwidth_read16(opaque, addr);
- }
-
- if (addr == OMAP_MPUI_BASE) /* CMR */
- return 0xfe4d;
-
- OMAP_BAD_REG(addr);
- return 0;
-}
-
-static void omap_mpui_io_write(void *opaque, hwaddr addr,
- uint64_t value, unsigned size)
-{
- /* FIXME: infinite loop */
- omap_badwidth_write16(opaque, addr, value);
-}
-
-static const MemoryRegionOps omap_mpui_io_ops = {
- .read = omap_mpui_io_read,
- .write = omap_mpui_io_write,
- .endianness = DEVICE_NATIVE_ENDIAN,
-};
-
-static void omap_setup_mpui_io(MemoryRegion *system_memory,
- struct omap_mpu_state_s *mpu)
-{
- memory_region_init_io(&mpu->mpui_io_iomem, &omap_mpui_io_ops, mpu,
- "omap-mpui-io", 0x7fff);
- memory_region_add_subregion(system_memory, OMAP_MPUI_BASE,
- &mpu->mpui_io_iomem);
-}
-
-/* General chip reset */
-static void omap1_mpu_reset(void *opaque)
-{
- struct omap_mpu_state_s *mpu = (struct omap_mpu_state_s *) opaque;
-
- omap_dma_reset(mpu->dma);
- omap_mpu_timer_reset(mpu->timer[0]);
- omap_mpu_timer_reset(mpu->timer[1]);
- omap_mpu_timer_reset(mpu->timer[2]);
- omap_wd_timer_reset(mpu->wdt);
- omap_os_timer_reset(mpu->os_timer);
- omap_lcdc_reset(mpu->lcd);
- omap_ulpd_pm_reset(mpu);
- omap_pin_cfg_reset(mpu);
- omap_mpui_reset(mpu);
- omap_tipb_bridge_reset(mpu->private_tipb);
- omap_tipb_bridge_reset(mpu->public_tipb);
- omap_dpll_reset(mpu->dpll[0]);
- omap_dpll_reset(mpu->dpll[1]);
- omap_dpll_reset(mpu->dpll[2]);
- omap_uart_reset(mpu->uart[0]);
- omap_uart_reset(mpu->uart[1]);
- omap_uart_reset(mpu->uart[2]);
- omap_mmc_reset(mpu->mmc);
- omap_mpuio_reset(mpu->mpuio);
- omap_uwire_reset(mpu->microwire);
- omap_pwl_reset(mpu->pwl);
- omap_pwt_reset(mpu->pwt);
- omap_rtc_reset(mpu->rtc);
- omap_mcbsp_reset(mpu->mcbsp1);
- omap_mcbsp_reset(mpu->mcbsp2);
- omap_mcbsp_reset(mpu->mcbsp3);
- omap_lpg_reset(mpu->led[0]);
- omap_lpg_reset(mpu->led[1]);
- omap_clkm_reset(mpu);
- cpu_reset(CPU(mpu->cpu));
-}
-
-static const struct omap_map_s {
- hwaddr phys_dsp;
- hwaddr phys_mpu;
- uint32_t size;
- const char *name;
-} omap15xx_dsp_mm[] = {
- /* Strobe 0 */
- { 0xe1010000, 0xfffb0000, 0x800, "UART1 BT" }, /* CS0 */
- { 0xe1010800, 0xfffb0800, 0x800, "UART2 COM" }, /* CS1 */
- { 0xe1011800, 0xfffb1800, 0x800, "McBSP1 audio" }, /* CS3 */
- { 0xe1012000, 0xfffb2000, 0x800, "MCSI2 communication" }, /* CS4 */
- { 0xe1012800, 0xfffb2800, 0x800, "MCSI1 BT u-Law" }, /* CS5 */
- { 0xe1013000, 0xfffb3000, 0x800, "uWire" }, /* CS6 */
- { 0xe1013800, 0xfffb3800, 0x800, "I^2C" }, /* CS7 */
- { 0xe1014000, 0xfffb4000, 0x800, "USB W2FC" }, /* CS8 */
- { 0xe1014800, 0xfffb4800, 0x800, "RTC" }, /* CS9 */
- { 0xe1015000, 0xfffb5000, 0x800, "MPUIO" }, /* CS10 */
- { 0xe1015800, 0xfffb5800, 0x800, "PWL" }, /* CS11 */
- { 0xe1016000, 0xfffb6000, 0x800, "PWT" }, /* CS12 */
- { 0xe1017000, 0xfffb7000, 0x800, "McBSP3" }, /* CS14 */
- { 0xe1017800, 0xfffb7800, 0x800, "MMC" }, /* CS15 */
- { 0xe1019000, 0xfffb9000, 0x800, "32-kHz timer" }, /* CS18 */
- { 0xe1019800, 0xfffb9800, 0x800, "UART3" }, /* CS19 */
- { 0xe101c800, 0xfffbc800, 0x800, "TIPB switches" }, /* CS25 */
- /* Strobe 1 */
- { 0xe101e000, 0xfffce000, 0x800, "GPIOs" }, /* CS28 */
-
- { 0 }
-};
-
-static void omap_setup_dsp_mapping(MemoryRegion *system_memory,
- const struct omap_map_s *map)
-{
- MemoryRegion *io;
-
- for (; map->phys_dsp; map ++) {
- io = g_new(MemoryRegion, 1);
- memory_region_init_alias(io, map->name,
- system_memory, map->phys_mpu, map->size);
- memory_region_add_subregion(system_memory, map->phys_dsp, io);
- }
-}
-
-void omap_mpu_wakeup(void *opaque, int irq, int req)
-{
- struct omap_mpu_state_s *mpu = (struct omap_mpu_state_s *) opaque;
-
- if (mpu->cpu->env.halted) {
- cpu_interrupt(&mpu->cpu->env, CPU_INTERRUPT_EXITTB);
- }
-}
-
-static const struct dma_irq_map omap1_dma_irq_map[] = {
- { 0, OMAP_INT_DMA_CH0_6 },
- { 0, OMAP_INT_DMA_CH1_7 },
- { 0, OMAP_INT_DMA_CH2_8 },
- { 0, OMAP_INT_DMA_CH3 },
- { 0, OMAP_INT_DMA_CH4 },
- { 0, OMAP_INT_DMA_CH5 },
- { 1, OMAP_INT_1610_DMA_CH6 },
- { 1, OMAP_INT_1610_DMA_CH7 },
- { 1, OMAP_INT_1610_DMA_CH8 },
- { 1, OMAP_INT_1610_DMA_CH9 },
- { 1, OMAP_INT_1610_DMA_CH10 },
- { 1, OMAP_INT_1610_DMA_CH11 },
- { 1, OMAP_INT_1610_DMA_CH12 },
- { 1, OMAP_INT_1610_DMA_CH13 },
- { 1, OMAP_INT_1610_DMA_CH14 },
- { 1, OMAP_INT_1610_DMA_CH15 }
-};
-
-/* DMA ports for OMAP1 */
-static int omap_validate_emiff_addr(struct omap_mpu_state_s *s,
- hwaddr addr)
-{
- return range_covers_byte(OMAP_EMIFF_BASE, s->sdram_size, addr);
-}
-
-static int omap_validate_emifs_addr(struct omap_mpu_state_s *s,
- hwaddr addr)
-{
- return range_covers_byte(OMAP_EMIFS_BASE, OMAP_EMIFF_BASE - OMAP_EMIFS_BASE,
- addr);
-}
-
-static int omap_validate_imif_addr(struct omap_mpu_state_s *s,
- hwaddr addr)
-{
- return range_covers_byte(OMAP_IMIF_BASE, s->sram_size, addr);
-}
-
-static int omap_validate_tipb_addr(struct omap_mpu_state_s *s,
- hwaddr addr)
-{
- return range_covers_byte(0xfffb0000, 0xffff0000 - 0xfffb0000, addr);
-}
-
-static int omap_validate_local_addr(struct omap_mpu_state_s *s,
- hwaddr addr)
-{
- return range_covers_byte(OMAP_LOCALBUS_BASE, 0x1000000, addr);
-}
-
-static int omap_validate_tipb_mpui_addr(struct omap_mpu_state_s *s,
- hwaddr addr)
-{
- return range_covers_byte(0xe1010000, 0xe1020004 - 0xe1010000, addr);
-}
-
-struct omap_mpu_state_s *omap310_mpu_init(MemoryRegion *system_memory,
- unsigned long sdram_size,
- const char *core)
-{
- int i;
- struct omap_mpu_state_s *s = (struct omap_mpu_state_s *)
- g_malloc0(sizeof(struct omap_mpu_state_s));
- qemu_irq *cpu_irq;
- qemu_irq dma_irqs[6];
- DriveInfo *dinfo;
- SysBusDevice *busdev;
-
- if (!core)
- core = "ti925t";
-
- /* Core */
- s->mpu_model = omap310;
- s->cpu = cpu_arm_init(core);
- if (s->cpu == NULL) {
- fprintf(stderr, "Unable to find CPU definition\n");
- exit(1);
- }
- s->sdram_size = sdram_size;
- s->sram_size = OMAP15XX_SRAM_SIZE;
-
- s->wakeup = qemu_allocate_irqs(omap_mpu_wakeup, s, 1)[0];
-
- /* Clocks */
- omap_clk_init(s);
-
- /* Memory-mapped stuff */
- memory_region_init_ram(&s->emiff_ram, "omap1.dram", s->sdram_size);
- vmstate_register_ram_global(&s->emiff_ram);
- memory_region_add_subregion(system_memory, OMAP_EMIFF_BASE, &s->emiff_ram);
- memory_region_init_ram(&s->imif_ram, "omap1.sram", s->sram_size);
- vmstate_register_ram_global(&s->imif_ram);
- memory_region_add_subregion(system_memory, OMAP_IMIF_BASE, &s->imif_ram);
-
- omap_clkm_init(system_memory, 0xfffece00, 0xe1008000, s);
-
- cpu_irq = arm_pic_init_cpu(s->cpu);
- s->ih[0] = qdev_create(NULL, "omap-intc");
- qdev_prop_set_uint32(s->ih[0], "size", 0x100);
- qdev_prop_set_ptr(s->ih[0], "clk", omap_findclk(s, "arminth_ck"));
- qdev_init_nofail(s->ih[0]);
- busdev = sysbus_from_qdev(s->ih[0]);
- sysbus_connect_irq(busdev, 0, cpu_irq[ARM_PIC_CPU_IRQ]);
- sysbus_connect_irq(busdev, 1, cpu_irq[ARM_PIC_CPU_FIQ]);
- sysbus_mmio_map(busdev, 0, 0xfffecb00);
- s->ih[1] = qdev_create(NULL, "omap-intc");
- qdev_prop_set_uint32(s->ih[1], "size", 0x800);
- qdev_prop_set_ptr(s->ih[1], "clk", omap_findclk(s, "arminth_ck"));
- qdev_init_nofail(s->ih[1]);
- busdev = sysbus_from_qdev(s->ih[1]);
- sysbus_connect_irq(busdev, 0,
- qdev_get_gpio_in(s->ih[0], OMAP_INT_15XX_IH2_IRQ));
- /* The second interrupt controller's FIQ output is not wired up */
- sysbus_mmio_map(busdev, 0, 0xfffe0000);
-
- for (i = 0; i < 6; i++) {
- dma_irqs[i] = qdev_get_gpio_in(s->ih[omap1_dma_irq_map[i].ih],
- omap1_dma_irq_map[i].intr);
- }
- s->dma = omap_dma_init(0xfffed800, dma_irqs, system_memory,
- qdev_get_gpio_in(s->ih[0], OMAP_INT_DMA_LCD),
- s, omap_findclk(s, "dma_ck"), omap_dma_3_1);
-
- s->port[emiff ].addr_valid = omap_validate_emiff_addr;
- s->port[emifs ].addr_valid = omap_validate_emifs_addr;
- s->port[imif ].addr_valid = omap_validate_imif_addr;
- s->port[tipb ].addr_valid = omap_validate_tipb_addr;
- s->port[local ].addr_valid = omap_validate_local_addr;
- s->port[tipb_mpui].addr_valid = omap_validate_tipb_mpui_addr;
-
- /* Register SDRAM and SRAM DMA ports for fast transfers. */
- soc_dma_port_add_mem(s->dma, memory_region_get_ram_ptr(&s->emiff_ram),
- OMAP_EMIFF_BASE, s->sdram_size);
- soc_dma_port_add_mem(s->dma, memory_region_get_ram_ptr(&s->imif_ram),
- OMAP_IMIF_BASE, s->sram_size);
-
- s->timer[0] = omap_mpu_timer_init(system_memory, 0xfffec500,
- qdev_get_gpio_in(s->ih[0], OMAP_INT_TIMER1),
- omap_findclk(s, "mputim_ck"));
- s->timer[1] = omap_mpu_timer_init(system_memory, 0xfffec600,
- qdev_get_gpio_in(s->ih[0], OMAP_INT_TIMER2),
- omap_findclk(s, "mputim_ck"));
- s->timer[2] = omap_mpu_timer_init(system_memory, 0xfffec700,
- qdev_get_gpio_in(s->ih[0], OMAP_INT_TIMER3),
- omap_findclk(s, "mputim_ck"));
-
- s->wdt = omap_wd_timer_init(system_memory, 0xfffec800,
- qdev_get_gpio_in(s->ih[0], OMAP_INT_WD_TIMER),
- omap_findclk(s, "armwdt_ck"));
-
- s->os_timer = omap_os_timer_init(system_memory, 0xfffb9000,
- qdev_get_gpio_in(s->ih[1], OMAP_INT_OS_TIMER),
- omap_findclk(s, "clk32-kHz"));
-
- s->lcd = omap_lcdc_init(system_memory, 0xfffec000,
- qdev_get_gpio_in(s->ih[0], OMAP_INT_LCD_CTRL),
- omap_dma_get_lcdch(s->dma),
- omap_findclk(s, "lcd_ck"));
-
- omap_ulpd_pm_init(system_memory, 0xfffe0800, s);
- omap_pin_cfg_init(system_memory, 0xfffe1000, s);
- omap_id_init(system_memory, s);
-
- omap_mpui_init(system_memory, 0xfffec900, s);
-
- s->private_tipb = omap_tipb_bridge_init(system_memory, 0xfffeca00,
- qdev_get_gpio_in(s->ih[0], OMAP_INT_BRIDGE_PRIV),
- omap_findclk(s, "tipb_ck"));
- s->public_tipb = omap_tipb_bridge_init(system_memory, 0xfffed300,
- qdev_get_gpio_in(s->ih[0], OMAP_INT_BRIDGE_PUB),
- omap_findclk(s, "tipb_ck"));
-
- omap_tcmi_init(system_memory, 0xfffecc00, s);
-
- s->uart[0] = omap_uart_init(0xfffb0000,
- qdev_get_gpio_in(s->ih[1], OMAP_INT_UART1),
- omap_findclk(s, "uart1_ck"),
- omap_findclk(s, "uart1_ck"),
- s->drq[OMAP_DMA_UART1_TX], s->drq[OMAP_DMA_UART1_RX],
- "uart1",
- serial_hds[0]);
- s->uart[1] = omap_uart_init(0xfffb0800,
- qdev_get_gpio_in(s->ih[1], OMAP_INT_UART2),
- omap_findclk(s, "uart2_ck"),
- omap_findclk(s, "uart2_ck"),
- s->drq[OMAP_DMA_UART2_TX], s->drq[OMAP_DMA_UART2_RX],
- "uart2",
- serial_hds[0] ? serial_hds[1] : NULL);
- s->uart[2] = omap_uart_init(0xfffb9800,
- qdev_get_gpio_in(s->ih[0], OMAP_INT_UART3),
- omap_findclk(s, "uart3_ck"),
- omap_findclk(s, "uart3_ck"),
- s->drq[OMAP_DMA_UART3_TX], s->drq[OMAP_DMA_UART3_RX],
- "uart3",
- serial_hds[0] && serial_hds[1] ? serial_hds[2] : NULL);
-
- s->dpll[0] = omap_dpll_init(system_memory, 0xfffecf00,
- omap_findclk(s, "dpll1"));
- s->dpll[1] = omap_dpll_init(system_memory, 0xfffed000,
- omap_findclk(s, "dpll2"));
- s->dpll[2] = omap_dpll_init(system_memory, 0xfffed100,
- omap_findclk(s, "dpll3"));
-
- dinfo = drive_get(IF_SD, 0, 0);
- if (!dinfo) {
- fprintf(stderr, "qemu: missing SecureDigital device\n");
- exit(1);
- }
- s->mmc = omap_mmc_init(0xfffb7800, system_memory, dinfo->bdrv,
- qdev_get_gpio_in(s->ih[1], OMAP_INT_OQN),
- &s->drq[OMAP_DMA_MMC_TX],
- omap_findclk(s, "mmc_ck"));
-
- s->mpuio = omap_mpuio_init(system_memory, 0xfffb5000,
- qdev_get_gpio_in(s->ih[1], OMAP_INT_KEYBOARD),
- qdev_get_gpio_in(s->ih[1], OMAP_INT_MPUIO),
- s->wakeup, omap_findclk(s, "clk32-kHz"));
-
- s->gpio = qdev_create(NULL, "omap-gpio");
- qdev_prop_set_int32(s->gpio, "mpu_model", s->mpu_model);
- qdev_prop_set_ptr(s->gpio, "clk", omap_findclk(s, "arm_gpio_ck"));
- qdev_init_nofail(s->gpio);
- sysbus_connect_irq(sysbus_from_qdev(s->gpio), 0,
- qdev_get_gpio_in(s->ih[0], OMAP_INT_GPIO_BANK1));
- sysbus_mmio_map(sysbus_from_qdev(s->gpio), 0, 0xfffce000);
-
- s->microwire = omap_uwire_init(system_memory, 0xfffb3000,
- qdev_get_gpio_in(s->ih[1], OMAP_INT_uWireTX),
- qdev_get_gpio_in(s->ih[1], OMAP_INT_uWireRX),
- s->drq[OMAP_DMA_UWIRE_TX], omap_findclk(s, "mpuper_ck"));
-
- s->pwl = omap_pwl_init(system_memory, 0xfffb5800,
- omap_findclk(s, "armxor_ck"));
- s->pwt = omap_pwt_init(system_memory, 0xfffb6000,
- omap_findclk(s, "armxor_ck"));
-
- s->i2c[0] = qdev_create(NULL, "omap_i2c");
- qdev_prop_set_uint8(s->i2c[0], "revision", 0x11);
- qdev_prop_set_ptr(s->i2c[0], "fclk", omap_findclk(s, "mpuper_ck"));
- qdev_init_nofail(s->i2c[0]);
- busdev = sysbus_from_qdev(s->i2c[0]);
- sysbus_connect_irq(busdev, 0, qdev_get_gpio_in(s->ih[1], OMAP_INT_I2C));
- sysbus_connect_irq(busdev, 1, s->drq[OMAP_DMA_I2C_TX]);
- sysbus_connect_irq(busdev, 2, s->drq[OMAP_DMA_I2C_RX]);
- sysbus_mmio_map(busdev, 0, 0xfffb3800);
-
- s->rtc = omap_rtc_init(system_memory, 0xfffb4800,
- qdev_get_gpio_in(s->ih[1], OMAP_INT_RTC_TIMER),
- qdev_get_gpio_in(s->ih[1], OMAP_INT_RTC_ALARM),
- omap_findclk(s, "clk32-kHz"));
-
- s->mcbsp1 = omap_mcbsp_init(system_memory, 0xfffb1800,
- qdev_get_gpio_in(s->ih[1], OMAP_INT_McBSP1TX),
- qdev_get_gpio_in(s->ih[1], OMAP_INT_McBSP1RX),
- &s->drq[OMAP_DMA_MCBSP1_TX], omap_findclk(s, "dspxor_ck"));
- s->mcbsp2 = omap_mcbsp_init(system_memory, 0xfffb1000,
- qdev_get_gpio_in(s->ih[0],
- OMAP_INT_310_McBSP2_TX),
- qdev_get_gpio_in(s->ih[0],
- OMAP_INT_310_McBSP2_RX),
- &s->drq[OMAP_DMA_MCBSP2_TX], omap_findclk(s, "mpuper_ck"));
- s->mcbsp3 = omap_mcbsp_init(system_memory, 0xfffb7000,
- qdev_get_gpio_in(s->ih[1], OMAP_INT_McBSP3TX),
- qdev_get_gpio_in(s->ih[1], OMAP_INT_McBSP3RX),
- &s->drq[OMAP_DMA_MCBSP3_TX], omap_findclk(s, "dspxor_ck"));
-
- s->led[0] = omap_lpg_init(system_memory,
- 0xfffbd000, omap_findclk(s, "clk32-kHz"));
- s->led[1] = omap_lpg_init(system_memory,
- 0xfffbd800, omap_findclk(s, "clk32-kHz"));
-
- /* Register mappings not currenlty implemented:
- * MCSI2 Comm fffb2000 - fffb27ff (not mapped on OMAP310)
- * MCSI1 Bluetooth fffb2800 - fffb2fff (not mapped on OMAP310)
- * USB W2FC fffb4000 - fffb47ff
- * Camera Interface fffb6800 - fffb6fff
- * USB Host fffba000 - fffba7ff
- * FAC fffba800 - fffbafff
- * HDQ/1-Wire fffbc000 - fffbc7ff
- * TIPB switches fffbc800 - fffbcfff
- * Mailbox fffcf000 - fffcf7ff
- * Local bus IF fffec100 - fffec1ff
- * Local bus MMU fffec200 - fffec2ff
- * DSP MMU fffed200 - fffed2ff
- */
-
- omap_setup_dsp_mapping(system_memory, omap15xx_dsp_mm);
- omap_setup_mpui_io(system_memory, s);
-
- qemu_register_reset(omap1_mpu_reset, s);
-
- return s;
-}
diff --git a/hw/omap2.c b/hw/omap2.c
deleted file mode 100644
index 96aba7105..000000000
--- a/hw/omap2.c
+++ /dev/null
@@ -1,2684 +0,0 @@
-/*
- * TI OMAP processors emulation.
- *
- * Copyright (C) 2007-2008 Nokia Corporation
- * Written by Andrzej Zaborowski <andrew@openedhand.com>
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License as
- * published by the Free Software Foundation; either version 2 or
- * (at your option) version 3 of the License.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, see <http://www.gnu.org/licenses/>.
- */
-
-#include "blockdev.h"
-#include "hw.h"
-#include "arm-misc.h"
-#include "omap.h"
-#include "sysemu.h"
-#include "qemu-timer.h"
-#include "qemu-char.h"
-#include "flash.h"
-#include "soc_dma.h"
-#include "sysbus.h"
-#include "audio/audio.h"
-
-/* Enhanced Audio Controller (CODEC only) */
-struct omap_eac_s {
- qemu_irq irq;
- MemoryRegion iomem;
-
- uint16_t sysconfig;
- uint8_t config[4];
- uint8_t control;
- uint8_t address;
- uint16_t data;
- uint8_t vtol;
- uint8_t vtsl;
- uint16_t mixer;
- uint16_t gain[4];
- uint8_t att;
- uint16_t max[7];
-
- struct {
- qemu_irq txdrq;
- qemu_irq rxdrq;
- uint32_t (*txrx)(void *opaque, uint32_t, int);
- void *opaque;
-
-#define EAC_BUF_LEN 1024
- uint32_t rxbuf[EAC_BUF_LEN];
- int rxoff;
- int rxlen;
- int rxavail;
- uint32_t txbuf[EAC_BUF_LEN];
- int txlen;
- int txavail;
-
- int enable;
- int rate;
-
- uint16_t config[4];
-
- /* These need to be moved to the actual codec */
- QEMUSoundCard card;
- SWVoiceIn *in_voice;
- SWVoiceOut *out_voice;
- int hw_enable;
- } codec;
-
- struct {
- uint8_t control;
- uint16_t config;
- } modem, bt;
-};
-
-static inline void omap_eac_interrupt_update(struct omap_eac_s *s)
-{
- qemu_set_irq(s->irq, (s->codec.config[1] >> 14) & 1); /* AURDI */
-}
-
-static inline void omap_eac_in_dmarequest_update(struct omap_eac_s *s)
-{
- qemu_set_irq(s->codec.rxdrq, (s->codec.rxavail || s->codec.rxlen) &&
- ((s->codec.config[1] >> 12) & 1)); /* DMAREN */
-}
-
-static inline void omap_eac_out_dmarequest_update(struct omap_eac_s *s)
-{
- qemu_set_irq(s->codec.txdrq, s->codec.txlen < s->codec.txavail &&
- ((s->codec.config[1] >> 11) & 1)); /* DMAWEN */
-}
-
-static inline void omap_eac_in_refill(struct omap_eac_s *s)
-{
- int left = MIN(EAC_BUF_LEN - s->codec.rxlen, s->codec.rxavail) << 2;
- int start = ((s->codec.rxoff + s->codec.rxlen) & (EAC_BUF_LEN - 1)) << 2;
- int leftwrap = MIN(left, (EAC_BUF_LEN << 2) - start);
- int recv = 1;
- uint8_t *buf = (uint8_t *) s->codec.rxbuf + start;
-
- left -= leftwrap;
- start = 0;
- while (leftwrap && (recv = AUD_read(s->codec.in_voice, buf + start,
- leftwrap)) > 0) { /* Be defensive */
- start += recv;
- leftwrap -= recv;
- }
- if (recv <= 0)
- s->codec.rxavail = 0;
- else
- s->codec.rxavail -= start >> 2;
- s->codec.rxlen += start >> 2;
-
- if (recv > 0 && left > 0) {
- start = 0;
- while (left && (recv = AUD_read(s->codec.in_voice,
- (uint8_t *) s->codec.rxbuf + start,
- left)) > 0) { /* Be defensive */
- start += recv;
- left -= recv;
- }
- if (recv <= 0)
- s->codec.rxavail = 0;
- else
- s->codec.rxavail -= start >> 2;
- s->codec.rxlen += start >> 2;
- }
-}
-
-static inline void omap_eac_out_empty(struct omap_eac_s *s)
-{
- int left = s->codec.txlen << 2;
- int start = 0;
- int sent = 1;
-
- while (left && (sent = AUD_write(s->codec.out_voice,
- (uint8_t *) s->codec.txbuf + start,
- left)) > 0) { /* Be defensive */
- start += sent;
- left -= sent;
- }
-
- if (!sent) {
- s->codec.txavail = 0;
- omap_eac_out_dmarequest_update(s);
- }
-
- if (start)
- s->codec.txlen = 0;
-}
-
-static void omap_eac_in_cb(void *opaque, int avail_b)
-{
- struct omap_eac_s *s = (struct omap_eac_s *) opaque;
-
- s->codec.rxavail = avail_b >> 2;
- omap_eac_in_refill(s);
- /* TODO: possibly discard current buffer if overrun */
- omap_eac_in_dmarequest_update(s);
-}
-
-static void omap_eac_out_cb(void *opaque, int free_b)
-{
- struct omap_eac_s *s = (struct omap_eac_s *) opaque;
-
- s->codec.txavail = free_b >> 2;
- if (s->codec.txlen)
- omap_eac_out_empty(s);
- else
- omap_eac_out_dmarequest_update(s);
-}
-
-static void omap_eac_enable_update(struct omap_eac_s *s)
-{
- s->codec.enable = !(s->codec.config[1] & 1) && /* EACPWD */
- (s->codec.config[1] & 2) && /* AUDEN */
- s->codec.hw_enable;
-}
-
-static const int omap_eac_fsint[4] = {
- 8000,
- 11025,
- 22050,
- 44100,
-};
-
-static const int omap_eac_fsint2[8] = {
- 8000,
- 11025,
- 22050,
- 44100,
- 48000,
- 0, 0, 0,
-};
-
-static const int omap_eac_fsint3[16] = {
- 8000,
- 11025,
- 16000,
- 22050,
- 24000,
- 32000,
- 44100,
- 48000,
- 0, 0, 0, 0, 0, 0, 0, 0,
-};
-
-static void omap_eac_rate_update(struct omap_eac_s *s)
-{
- int fsint[3];
-
- fsint[2] = (s->codec.config[3] >> 9) & 0xf;
- fsint[1] = (s->codec.config[2] >> 0) & 0x7;
- fsint[0] = (s->codec.config[0] >> 6) & 0x3;
- if (fsint[2] < 0xf)
- s->codec.rate = omap_eac_fsint3[fsint[2]];
- else if (fsint[1] < 0x7)
- s->codec.rate = omap_eac_fsint2[fsint[1]];
- else
- s->codec.rate = omap_eac_fsint[fsint[0]];
-}
-
-static void omap_eac_volume_update(struct omap_eac_s *s)
-{
- /* TODO */
-}
-
-static void omap_eac_format_update(struct omap_eac_s *s)
-{
- struct audsettings fmt;
-
- /* The hardware buffers at most one sample */
- if (s->codec.rxlen)
- s->codec.rxlen = 1;
-
- if (s->codec.in_voice) {
- AUD_set_active_in(s->codec.in_voice, 0);
- AUD_close_in(&s->codec.card, s->codec.in_voice);
- s->codec.in_voice = NULL;
- }
- if (s->codec.out_voice) {
- omap_eac_out_empty(s);
- AUD_set_active_out(s->codec.out_voice, 0);
- AUD_close_out(&s->codec.card, s->codec.out_voice);
- s->codec.out_voice = NULL;
- s->codec.txavail = 0;
- }
- /* Discard what couldn't be written */
- s->codec.txlen = 0;
-
- omap_eac_enable_update(s);
- if (!s->codec.enable)
- return;
-
- omap_eac_rate_update(s);
- fmt.endianness = ((s->codec.config[0] >> 8) & 1); /* LI_BI */
- fmt.nchannels = ((s->codec.config[0] >> 10) & 1) ? 2 : 1; /* MN_ST */
- fmt.freq = s->codec.rate;
- /* TODO: signedness possibly depends on the CODEC hardware - or
- * does I2S specify it? */
- /* All register writes are 16 bits so we we store 16-bit samples
- * in the buffers regardless of AGCFR[B8_16] value. */
- fmt.fmt = AUD_FMT_U16;
-
- s->codec.in_voice = AUD_open_in(&s->codec.card, s->codec.in_voice,
- "eac.codec.in", s, omap_eac_in_cb, &fmt);
- s->codec.out_voice = AUD_open_out(&s->codec.card, s->codec.out_voice,
- "eac.codec.out", s, omap_eac_out_cb, &fmt);
-
- omap_eac_volume_update(s);
-
- AUD_set_active_in(s->codec.in_voice, 1);
- AUD_set_active_out(s->codec.out_voice, 1);
-}
-
-static void omap_eac_reset(struct omap_eac_s *s)
-{
- s->sysconfig = 0;
- s->config[0] = 0x0c;
- s->config[1] = 0x09;
- s->config[2] = 0xab;
- s->config[3] = 0x03;
- s->control = 0x00;
- s->address = 0x00;
- s->data = 0x0000;
- s->vtol = 0x00;
- s->vtsl = 0x00;
- s->mixer = 0x0000;
- s->gain[0] = 0xe7e7;
- s->gain[1] = 0x6767;
- s->gain[2] = 0x6767;
- s->gain[3] = 0x6767;
- s->att = 0xce;
- s->max[0] = 0;
- s->max[1] = 0;
- s->max[2] = 0;
- s->max[3] = 0;
- s->max[4] = 0;
- s->max[5] = 0;
- s->max[6] = 0;
-
- s->modem.control = 0x00;
- s->modem.config = 0x0000;
- s->bt.control = 0x00;
- s->bt.config = 0x0000;
- s->codec.config[0] = 0x0649;
- s->codec.config[1] = 0x0000;
- s->codec.config[2] = 0x0007;
- s->codec.config[3] = 0x1ffc;
- s->codec.rxoff = 0;
- s->codec.rxlen = 0;
- s->codec.txlen = 0;
- s->codec.rxavail = 0;
- s->codec.txavail = 0;
-
- omap_eac_format_update(s);
- omap_eac_interrupt_update(s);
-}
-
-static uint64_t omap_eac_read(void *opaque, hwaddr addr,
- unsigned size)
-{
- struct omap_eac_s *s = (struct omap_eac_s *) opaque;
- uint32_t ret;
-
- if (size != 2) {
- return omap_badwidth_read16(opaque, addr);
- }
-
- switch (addr) {
- case 0x000: /* CPCFR1 */
- return s->config[0];
- case 0x004: /* CPCFR2 */
- return s->config[1];
- case 0x008: /* CPCFR3 */
- return s->config[2];
- case 0x00c: /* CPCFR4 */
- return s->config[3];
-
- case 0x010: /* CPTCTL */
- return s->control | ((s->codec.rxavail + s->codec.rxlen > 0) << 7) |
- ((s->codec.txlen < s->codec.txavail) << 5);
-
- case 0x014: /* CPTTADR */
- return s->address;
- case 0x018: /* CPTDATL */
- return s->data & 0xff;
- case 0x01c: /* CPTDATH */
- return s->data >> 8;
- case 0x020: /* CPTVSLL */
- return s->vtol;
- case 0x024: /* CPTVSLH */
- return s->vtsl | (3 << 5); /* CRDY1 | CRDY2 */
- case 0x040: /* MPCTR */
- return s->modem.control;
- case 0x044: /* MPMCCFR */
- return s->modem.config;
- case 0x060: /* BPCTR */
- return s->bt.control;
- case 0x064: /* BPMCCFR */
- return s->bt.config;
- case 0x080: /* AMSCFR */
- return s->mixer;
- case 0x084: /* AMVCTR */
- return s->gain[0];
- case 0x088: /* AM1VCTR */
- return s->gain[1];
- case 0x08c: /* AM2VCTR */
- return s->gain[2];
- case 0x090: /* AM3VCTR */
- return s->gain[3];
- case 0x094: /* ASTCTR */
- return s->att;
- case 0x098: /* APD1LCR */
- return s->max[0];
- case 0x09c: /* APD1RCR */
- return s->max[1];
- case 0x0a0: /* APD2LCR */
- return s->max[2];
- case 0x0a4: /* APD2RCR */
- return s->max[3];
- case 0x0a8: /* APD3LCR */
- return s->max[4];
- case 0x0ac: /* APD3RCR */
- return s->max[5];
- case 0x0b0: /* APD4R */
- return s->max[6];
- case 0x0b4: /* ADWR */
- /* This should be write-only? Docs list it as read-only. */
- return 0x0000;
- case 0x0b8: /* ADRDR */
- if (likely(s->codec.rxlen > 1)) {
- ret = s->codec.rxbuf[s->codec.rxoff ++];
- s->codec.rxlen --;
- s->codec.rxoff &= EAC_BUF_LEN - 1;
- return ret;
- } else if (s->codec.rxlen) {
- ret = s->codec.rxbuf[s->codec.rxoff ++];
- s->codec.rxlen --;
- s->codec.rxoff &= EAC_BUF_LEN - 1;
- if (s->codec.rxavail)
- omap_eac_in_refill(s);
- omap_eac_in_dmarequest_update(s);
- return ret;
- }
- return 0x0000;
- case 0x0bc: /* AGCFR */
- return s->codec.config[0];
- case 0x0c0: /* AGCTR */
- return s->codec.config[1] | ((s->codec.config[1] & 2) << 14);
- case 0x0c4: /* AGCFR2 */
- return s->codec.config[2];
- case 0x0c8: /* AGCFR3 */
- return s->codec.config[3];
- case 0x0cc: /* MBPDMACTR */
- case 0x0d0: /* MPDDMARR */
- case 0x0d8: /* MPUDMARR */
- case 0x0e4: /* BPDDMARR */
- case 0x0ec: /* BPUDMARR */
- return 0x0000;
-
- case 0x100: /* VERSION_NUMBER */
- return 0x0010;
-
- case 0x104: /* SYSCONFIG */
- return s->sysconfig;
-
- case 0x108: /* SYSSTATUS */
- return 1 | 0xe; /* RESETDONE | stuff */
- }
-
- OMAP_BAD_REG(addr);
- return 0;
-}
-
-static void omap_eac_write(void *opaque, hwaddr addr,
- uint64_t value, unsigned size)
-{
- struct omap_eac_s *s = (struct omap_eac_s *) opaque;
-
- if (size != 2) {
- return omap_badwidth_write16(opaque, addr, value);
- }
-
- switch (addr) {
- case 0x098: /* APD1LCR */
- case 0x09c: /* APD1RCR */
- case 0x0a0: /* APD2LCR */
- case 0x0a4: /* APD2RCR */
- case 0x0a8: /* APD3LCR */
- case 0x0ac: /* APD3RCR */
- case 0x0b0: /* APD4R */
- case 0x0b8: /* ADRDR */
- case 0x0d0: /* MPDDMARR */
- case 0x0d8: /* MPUDMARR */
- case 0x0e4: /* BPDDMARR */
- case 0x0ec: /* BPUDMARR */
- case 0x100: /* VERSION_NUMBER */
- case 0x108: /* SYSSTATUS */
- OMAP_RO_REG(addr);
- return;
-
- case 0x000: /* CPCFR1 */
- s->config[0] = value & 0xff;
- omap_eac_format_update(s);
- break;
- case 0x004: /* CPCFR2 */
- s->config[1] = value & 0xff;
- omap_eac_format_update(s);
- break;
- case 0x008: /* CPCFR3 */
- s->config[2] = value & 0xff;
- omap_eac_format_update(s);
- break;
- case 0x00c: /* CPCFR4 */
- s->config[3] = value & 0xff;
- omap_eac_format_update(s);
- break;
-
- case 0x010: /* CPTCTL */
- /* Assuming TXF and TXE bits are read-only... */
- s->control = value & 0x5f;
- omap_eac_interrupt_update(s);
- break;
-
- case 0x014: /* CPTTADR */
- s->address = value & 0xff;
- break;
- case 0x018: /* CPTDATL */
- s->data &= 0xff00;
- s->data |= value & 0xff;
- break;
- case 0x01c: /* CPTDATH */
- s->data &= 0x00ff;
- s->data |= value << 8;
- break;
- case 0x020: /* CPTVSLL */
- s->vtol = value & 0xf8;
- break;
- case 0x024: /* CPTVSLH */
- s->vtsl = value & 0x9f;
- break;
- case 0x040: /* MPCTR */
- s->modem.control = value & 0x8f;
- break;
- case 0x044: /* MPMCCFR */
- s->modem.config = value & 0x7fff;
- break;
- case 0x060: /* BPCTR */
- s->bt.control = value & 0x8f;
- break;
- case 0x064: /* BPMCCFR */
- s->bt.config = value & 0x7fff;
- break;
- case 0x080: /* AMSCFR */
- s->mixer = value & 0x0fff;
- break;
- case 0x084: /* AMVCTR */
- s->gain[0] = value & 0xffff;
- break;
- case 0x088: /* AM1VCTR */
- s->gain[1] = value & 0xff7f;
- break;
- case 0x08c: /* AM2VCTR */
- s->gain[2] = value & 0xff7f;
- break;
- case 0x090: /* AM3VCTR */
- s->gain[3] = value & 0xff7f;
- break;
- case 0x094: /* ASTCTR */
- s->att = value & 0xff;
- break;
-
- case 0x0b4: /* ADWR */
- s->codec.txbuf[s->codec.txlen ++] = value;
- if (unlikely(s->codec.txlen == EAC_BUF_LEN ||
- s->codec.txlen == s->codec.txavail)) {
- if (s->codec.txavail)
- omap_eac_out_empty(s);
- /* Discard what couldn't be written */
- s->codec.txlen = 0;
- }
- break;
-
- case 0x0bc: /* AGCFR */
- s->codec.config[0] = value & 0x07ff;
- omap_eac_format_update(s);
- break;
- case 0x0c0: /* AGCTR */
- s->codec.config[1] = value & 0x780f;
- omap_eac_format_update(s);
- break;
- case 0x0c4: /* AGCFR2 */
- s->codec.config[2] = value & 0x003f;
- omap_eac_format_update(s);
- break;
- case 0x0c8: /* AGCFR3 */
- s->codec.config[3] = value & 0xffff;
- omap_eac_format_update(s);
- break;
- case 0x0cc: /* MBPDMACTR */
- case 0x0d4: /* MPDDMAWR */
- case 0x0e0: /* MPUDMAWR */
- case 0x0e8: /* BPDDMAWR */
- case 0x0f0: /* BPUDMAWR */
- break;
-
- case 0x104: /* SYSCONFIG */
- if (value & (1 << 1)) /* SOFTRESET */
- omap_eac_reset(s);
- s->sysconfig = value & 0x31d;
- break;
-
- default:
- OMAP_BAD_REG(addr);
- return;
- }
-}
-
-static const MemoryRegionOps omap_eac_ops = {
- .read = omap_eac_read,
- .write = omap_eac_write,
- .endianness = DEVICE_NATIVE_ENDIAN,
-};
-
-static struct omap_eac_s *omap_eac_init(struct omap_target_agent_s *ta,
- qemu_irq irq, qemu_irq *drq, omap_clk fclk, omap_clk iclk)
-{
- struct omap_eac_s *s = (struct omap_eac_s *)
- g_malloc0(sizeof(struct omap_eac_s));
-
- s->irq = irq;
- s->codec.rxdrq = *drq ++;
- s->codec.txdrq = *drq;
- omap_eac_reset(s);
-
- AUD_register_card("OMAP EAC", &s->codec.card);
-
- memory_region_init_io(&s->iomem, &omap_eac_ops, s, "omap.eac",
- omap_l4_region_size(ta, 0));
- omap_l4_attach(ta, 0, &s->iomem);
-
- return s;
-}
-
-/* STI/XTI (emulation interface) console - reverse engineered only */
-struct omap_sti_s {
- qemu_irq irq;
- MemoryRegion iomem;
- MemoryRegion iomem_fifo;
- CharDriverState *chr;
-
- uint32_t sysconfig;
- uint32_t systest;
- uint32_t irqst;
- uint32_t irqen;
- uint32_t clkcontrol;
- uint32_t serial_config;
-};
-
-#define STI_TRACE_CONSOLE_CHANNEL 239
-#define STI_TRACE_CONTROL_CHANNEL 253
-
-static inline void omap_sti_interrupt_update(struct omap_sti_s *s)
-{
- qemu_set_irq(s->irq, s->irqst & s->irqen);
-}
-
-static void omap_sti_reset(struct omap_sti_s *s)
-{
- s->sysconfig = 0;
- s->irqst = 0;
- s->irqen = 0;
- s->clkcontrol = 0;
- s->serial_config = 0;
-
- omap_sti_interrupt_update(s);
-}
-
-static uint64_t omap_sti_read(void *opaque, hwaddr addr,
- unsigned size)
-{
- struct omap_sti_s *s = (struct omap_sti_s *) opaque;
-
- if (size != 4) {
- return omap_badwidth_read32(opaque, addr);
- }
-
- switch (addr) {
- case 0x00: /* STI_REVISION */
- return 0x10;
-
- case 0x10: /* STI_SYSCONFIG */
- return s->sysconfig;
-
- case 0x14: /* STI_SYSSTATUS / STI_RX_STATUS / XTI_SYSSTATUS */
- return 0x00;
-
- case 0x18: /* STI_IRQSTATUS */
- return s->irqst;
-
- case 0x1c: /* STI_IRQSETEN / STI_IRQCLREN */
- return s->irqen;
-
- case 0x24: /* STI_ER / STI_DR / XTI_TRACESELECT */
- case 0x28: /* STI_RX_DR / XTI_RXDATA */
- /* TODO */
- return 0;
-
- case 0x2c: /* STI_CLK_CTRL / XTI_SCLKCRTL */
- return s->clkcontrol;
-
- case 0x30: /* STI_SERIAL_CFG / XTI_SCONFIG */
- return s->serial_config;
- }
-
- OMAP_BAD_REG(addr);
- return 0;
-}
-
-static void omap_sti_write(void *opaque, hwaddr addr,
- uint64_t value, unsigned size)
-{
- struct omap_sti_s *s = (struct omap_sti_s *) opaque;
-
- if (size != 4) {
- return omap_badwidth_write32(opaque, addr, value);
- }
-
- switch (addr) {
- case 0x00: /* STI_REVISION */
- case 0x14: /* STI_SYSSTATUS / STI_RX_STATUS / XTI_SYSSTATUS */
- OMAP_RO_REG(addr);
- return;
-
- case 0x10: /* STI_SYSCONFIG */
- if (value & (1 << 1)) /* SOFTRESET */
- omap_sti_reset(s);
- s->sysconfig = value & 0xfe;
- break;
-
- case 0x18: /* STI_IRQSTATUS */
- s->irqst &= ~value;
- omap_sti_interrupt_update(s);
- break;
-
- case 0x1c: /* STI_IRQSETEN / STI_IRQCLREN */
- s->irqen = value & 0xffff;
- omap_sti_interrupt_update(s);
- break;
-
- case 0x2c: /* STI_CLK_CTRL / XTI_SCLKCRTL */
- s->clkcontrol = value & 0xff;
- break;
-
- case 0x30: /* STI_SERIAL_CFG / XTI_SCONFIG */
- s->serial_config = value & 0xff;
- break;
-
- case 0x24: /* STI_ER / STI_DR / XTI_TRACESELECT */
- case 0x28: /* STI_RX_DR / XTI_RXDATA */
- /* TODO */
- return;
-
- default:
- OMAP_BAD_REG(addr);
- return;
- }
-}
-
-static const MemoryRegionOps omap_sti_ops = {
- .read = omap_sti_read,
- .write = omap_sti_write,
- .endianness = DEVICE_NATIVE_ENDIAN,
-};
-
-static uint64_t omap_sti_fifo_read(void *opaque, hwaddr addr,
- unsigned size)
-{
- OMAP_BAD_REG(addr);
- return 0;
-}
-
-static void omap_sti_fifo_write(void *opaque, hwaddr addr,
- uint64_t value, unsigned size)
-{
- struct omap_sti_s *s = (struct omap_sti_s *) opaque;
- int ch = addr >> 6;
- uint8_t byte = value;
-
- if (size != 1) {
- return omap_badwidth_write8(opaque, addr, size);
- }
-
- if (ch == STI_TRACE_CONTROL_CHANNEL) {
- /* Flush channel <i>value</i>. */
- qemu_chr_fe_write(s->chr, (const uint8_t *) "\r", 1);
- } else if (ch == STI_TRACE_CONSOLE_CHANNEL || 1) {
- if (value == 0xc0 || value == 0xc3) {
- /* Open channel <i>ch</i>. */
- } else if (value == 0x00)
- qemu_chr_fe_write(s->chr, (const uint8_t *) "\n", 1);
- else
- qemu_chr_fe_write(s->chr, &byte, 1);
- }
-}
-
-static const MemoryRegionOps omap_sti_fifo_ops = {
- .read = omap_sti_fifo_read,
- .write = omap_sti_fifo_write,
- .endianness = DEVICE_NATIVE_ENDIAN,
-};
-
-static struct omap_sti_s *omap_sti_init(struct omap_target_agent_s *ta,
- MemoryRegion *sysmem,
- hwaddr channel_base, qemu_irq irq, omap_clk clk,
- CharDriverState *chr)
-{
- struct omap_sti_s *s = (struct omap_sti_s *)
- g_malloc0(sizeof(struct omap_sti_s));
-
- s->irq = irq;
- omap_sti_reset(s);
-
- s->chr = chr ?: qemu_chr_new("null", "null", NULL);
-
- memory_region_init_io(&s->iomem, &omap_sti_ops, s, "omap.sti",
- omap_l4_region_size(ta, 0));
- omap_l4_attach(ta, 0, &s->iomem);
-
- memory_region_init_io(&s->iomem_fifo, &omap_sti_fifo_ops, s,
- "omap.sti.fifo", 0x10000);
- memory_region_add_subregion(sysmem, channel_base, &s->iomem_fifo);
-
- return s;
-}
-
-/* L4 Interconnect */
-#define L4TA(n) (n)
-#define L4TAO(n) ((n) + 39)
-
-static const struct omap_l4_region_s omap_l4_region[125] = {
- [ 1] = { 0x40800, 0x800, 32 }, /* Initiator agent */
- [ 2] = { 0x41000, 0x1000, 32 }, /* Link agent */
- [ 0] = { 0x40000, 0x800, 32 }, /* Address and protection */
- [ 3] = { 0x00000, 0x1000, 32 | 16 | 8 }, /* System Control and Pinout */
- [ 4] = { 0x01000, 0x1000, 32 | 16 | 8 }, /* L4TAO1 */
- [ 5] = { 0x04000, 0x1000, 32 | 16 }, /* 32K Timer */
- [ 6] = { 0x05000, 0x1000, 32 | 16 | 8 }, /* L4TAO2 */
- [ 7] = { 0x08000, 0x800, 32 }, /* PRCM Region A */
- [ 8] = { 0x08800, 0x800, 32 }, /* PRCM Region B */
- [ 9] = { 0x09000, 0x1000, 32 | 16 | 8 }, /* L4TAO */
- [ 10] = { 0x12000, 0x1000, 32 | 16 | 8 }, /* Test (BCM) */
- [ 11] = { 0x13000, 0x1000, 32 | 16 | 8 }, /* L4TA1 */
- [ 12] = { 0x14000, 0x1000, 32 }, /* Test/emulation (TAP) */
- [ 13] = { 0x15000, 0x1000, 32 | 16 | 8 }, /* L4TA2 */
- [ 14] = { 0x18000, 0x1000, 32 | 16 | 8 }, /* GPIO1 */
- [ 16] = { 0x1a000, 0x1000, 32 | 16 | 8 }, /* GPIO2 */
- [ 18] = { 0x1c000, 0x1000, 32 | 16 | 8 }, /* GPIO3 */
- [ 19] = { 0x1e000, 0x1000, 32 | 16 | 8 }, /* GPIO4 */
- [ 15] = { 0x19000, 0x1000, 32 | 16 | 8 }, /* Quad GPIO TOP */
- [ 17] = { 0x1b000, 0x1000, 32 | 16 | 8 }, /* L4TA3 */
- [ 20] = { 0x20000, 0x1000, 32 | 16 | 8 }, /* WD Timer 1 (Secure) */
- [ 22] = { 0x22000, 0x1000, 32 | 16 | 8 }, /* WD Timer 2 (OMAP) */
- [ 21] = { 0x21000, 0x1000, 32 | 16 | 8 }, /* Dual WD timer TOP */
- [ 23] = { 0x23000, 0x1000, 32 | 16 | 8 }, /* L4TA4 */
- [ 24] = { 0x28000, 0x1000, 32 | 16 | 8 }, /* GP Timer 1 */
- [ 25] = { 0x29000, 0x1000, 32 | 16 | 8 }, /* L4TA7 */
- [ 26] = { 0x48000, 0x2000, 32 | 16 | 8 }, /* Emulation (ARM11ETB) */
- [ 27] = { 0x4a000, 0x1000, 32 | 16 | 8 }, /* L4TA9 */
- [ 28] = { 0x50000, 0x400, 32 | 16 | 8 }, /* Display top */
- [ 29] = { 0x50400, 0x400, 32 | 16 | 8 }, /* Display control */
- [ 30] = { 0x50800, 0x400, 32 | 16 | 8 }, /* Display RFBI */
- [ 31] = { 0x50c00, 0x400, 32 | 16 | 8 }, /* Display encoder */
- [ 32] = { 0x51000, 0x1000, 32 | 16 | 8 }, /* L4TA10 */
- [ 33] = { 0x52000, 0x400, 32 | 16 | 8 }, /* Camera top */
- [ 34] = { 0x52400, 0x400, 32 | 16 | 8 }, /* Camera core */
- [ 35] = { 0x52800, 0x400, 32 | 16 | 8 }, /* Camera DMA */
- [ 36] = { 0x52c00, 0x400, 32 | 16 | 8 }, /* Camera MMU */
- [ 37] = { 0x53000, 0x1000, 32 | 16 | 8 }, /* L4TA11 */
- [ 38] = { 0x56000, 0x1000, 32 | 16 | 8 }, /* sDMA */
- [ 39] = { 0x57000, 0x1000, 32 | 16 | 8 }, /* L4TA12 */
- [ 40] = { 0x58000, 0x1000, 32 | 16 | 8 }, /* SSI top */
- [ 41] = { 0x59000, 0x1000, 32 | 16 | 8 }, /* SSI GDD */
- [ 42] = { 0x5a000, 0x1000, 32 | 16 | 8 }, /* SSI Port1 */
- [ 43] = { 0x5b000, 0x1000, 32 | 16 | 8 }, /* SSI Port2 */
- [ 44] = { 0x5c000, 0x1000, 32 | 16 | 8 }, /* L4TA13 */
- [ 45] = { 0x5e000, 0x1000, 32 | 16 | 8 }, /* USB OTG */
- [ 46] = { 0x5f000, 0x1000, 32 | 16 | 8 }, /* L4TAO4 */
- [ 47] = { 0x60000, 0x1000, 32 | 16 | 8 }, /* Emulation (WIN_TRACER1SDRC) */
- [ 48] = { 0x61000, 0x1000, 32 | 16 | 8 }, /* L4TA14 */
- [ 49] = { 0x62000, 0x1000, 32 | 16 | 8 }, /* Emulation (WIN_TRACER2GPMC) */
- [ 50] = { 0x63000, 0x1000, 32 | 16 | 8 }, /* L4TA15 */
- [ 51] = { 0x64000, 0x1000, 32 | 16 | 8 }, /* Emulation (WIN_TRACER3OCM) */
- [ 52] = { 0x65000, 0x1000, 32 | 16 | 8 }, /* L4TA16 */
- [ 53] = { 0x66000, 0x300, 32 | 16 | 8 }, /* Emulation (WIN_TRACER4L4) */
- [ 54] = { 0x67000, 0x1000, 32 | 16 | 8 }, /* L4TA17 */
- [ 55] = { 0x68000, 0x1000, 32 | 16 | 8 }, /* Emulation (XTI) */
- [ 56] = { 0x69000, 0x1000, 32 | 16 | 8 }, /* L4TA18 */
- [ 57] = { 0x6a000, 0x1000, 16 | 8 }, /* UART1 */
- [ 58] = { 0x6b000, 0x1000, 32 | 16 | 8 }, /* L4TA19 */
- [ 59] = { 0x6c000, 0x1000, 16 | 8 }, /* UART2 */
- [ 60] = { 0x6d000, 0x1000, 32 | 16 | 8 }, /* L4TA20 */
- [ 61] = { 0x6e000, 0x1000, 16 | 8 }, /* UART3 */
- [ 62] = { 0x6f000, 0x1000, 32 | 16 | 8 }, /* L4TA21 */
- [ 63] = { 0x70000, 0x1000, 16 }, /* I2C1 */
- [ 64] = { 0x71000, 0x1000, 32 | 16 | 8 }, /* L4TAO5 */
- [ 65] = { 0x72000, 0x1000, 16 }, /* I2C2 */
- [ 66] = { 0x73000, 0x1000, 32 | 16 | 8 }, /* L4TAO6 */
- [ 67] = { 0x74000, 0x1000, 16 }, /* McBSP1 */
- [ 68] = { 0x75000, 0x1000, 32 | 16 | 8 }, /* L4TAO7 */
- [ 69] = { 0x76000, 0x1000, 16 }, /* McBSP2 */
- [ 70] = { 0x77000, 0x1000, 32 | 16 | 8 }, /* L4TAO8 */
- [ 71] = { 0x24000, 0x1000, 32 | 16 | 8 }, /* WD Timer 3 (DSP) */
- [ 72] = { 0x25000, 0x1000, 32 | 16 | 8 }, /* L4TA5 */
- [ 73] = { 0x26000, 0x1000, 32 | 16 | 8 }, /* WD Timer 4 (IVA) */
- [ 74] = { 0x27000, 0x1000, 32 | 16 | 8 }, /* L4TA6 */
- [ 75] = { 0x2a000, 0x1000, 32 | 16 | 8 }, /* GP Timer 2 */
- [ 76] = { 0x2b000, 0x1000, 32 | 16 | 8 }, /* L4TA8 */
- [ 77] = { 0x78000, 0x1000, 32 | 16 | 8 }, /* GP Timer 3 */
- [ 78] = { 0x79000, 0x1000, 32 | 16 | 8 }, /* L4TA22 */
- [ 79] = { 0x7a000, 0x1000, 32 | 16 | 8 }, /* GP Timer 4 */
- [ 80] = { 0x7b000, 0x1000, 32 | 16 | 8 }, /* L4TA23 */
- [ 81] = { 0x7c000, 0x1000, 32 | 16 | 8 }, /* GP Timer 5 */
- [ 82] = { 0x7d000, 0x1000, 32 | 16 | 8 }, /* L4TA24 */
- [ 83] = { 0x7e000, 0x1000, 32 | 16 | 8 }, /* GP Timer 6 */
- [ 84] = { 0x7f000, 0x1000, 32 | 16 | 8 }, /* L4TA25 */
- [ 85] = { 0x80000, 0x1000, 32 | 16 | 8 }, /* GP Timer 7 */
- [ 86] = { 0x81000, 0x1000, 32 | 16 | 8 }, /* L4TA26 */
- [ 87] = { 0x82000, 0x1000, 32 | 16 | 8 }, /* GP Timer 8 */
- [ 88] = { 0x83000, 0x1000, 32 | 16 | 8 }, /* L4TA27 */
- [ 89] = { 0x84000, 0x1000, 32 | 16 | 8 }, /* GP Timer 9 */
- [ 90] = { 0x85000, 0x1000, 32 | 16 | 8 }, /* L4TA28 */
- [ 91] = { 0x86000, 0x1000, 32 | 16 | 8 }, /* GP Timer 10 */
- [ 92] = { 0x87000, 0x1000, 32 | 16 | 8 }, /* L4TA29 */
- [ 93] = { 0x88000, 0x1000, 32 | 16 | 8 }, /* GP Timer 11 */
- [ 94] = { 0x89000, 0x1000, 32 | 16 | 8 }, /* L4TA30 */
- [ 95] = { 0x8a000, 0x1000, 32 | 16 | 8 }, /* GP Timer 12 */
- [ 96] = { 0x8b000, 0x1000, 32 | 16 | 8 }, /* L4TA31 */
- [ 97] = { 0x90000, 0x1000, 16 }, /* EAC */
- [ 98] = { 0x91000, 0x1000, 32 | 16 | 8 }, /* L4TA32 */
- [ 99] = { 0x92000, 0x1000, 16 }, /* FAC */
- [100] = { 0x93000, 0x1000, 32 | 16 | 8 }, /* L4TA33 */
- [101] = { 0x94000, 0x1000, 32 | 16 | 8 }, /* IPC (MAILBOX) */
- [102] = { 0x95000, 0x1000, 32 | 16 | 8 }, /* L4TA34 */
- [103] = { 0x98000, 0x1000, 32 | 16 | 8 }, /* SPI1 */
- [104] = { 0x99000, 0x1000, 32 | 16 | 8 }, /* L4TA35 */
- [105] = { 0x9a000, 0x1000, 32 | 16 | 8 }, /* SPI2 */
- [106] = { 0x9b000, 0x1000, 32 | 16 | 8 }, /* L4TA36 */
- [107] = { 0x9c000, 0x1000, 16 | 8 }, /* MMC SDIO */
- [108] = { 0x9d000, 0x1000, 32 | 16 | 8 }, /* L4TAO9 */
- [109] = { 0x9e000, 0x1000, 32 | 16 | 8 }, /* MS_PRO */
- [110] = { 0x9f000, 0x1000, 32 | 16 | 8 }, /* L4TAO10 */
- [111] = { 0xa0000, 0x1000, 32 }, /* RNG */
- [112] = { 0xa1000, 0x1000, 32 | 16 | 8 }, /* L4TAO11 */
- [113] = { 0xa2000, 0x1000, 32 }, /* DES3DES */
- [114] = { 0xa3000, 0x1000, 32 | 16 | 8 }, /* L4TAO12 */
- [115] = { 0xa4000, 0x1000, 32 }, /* SHA1MD5 */
- [116] = { 0xa5000, 0x1000, 32 | 16 | 8 }, /* L4TAO13 */
- [117] = { 0xa6000, 0x1000, 32 }, /* AES */
- [118] = { 0xa7000, 0x1000, 32 | 16 | 8 }, /* L4TA37 */
- [119] = { 0xa8000, 0x2000, 32 }, /* PKA */
- [120] = { 0xaa000, 0x1000, 32 | 16 | 8 }, /* L4TA38 */
- [121] = { 0xb0000, 0x1000, 32 }, /* MG */
- [122] = { 0xb1000, 0x1000, 32 | 16 | 8 },
- [123] = { 0xb2000, 0x1000, 32 }, /* HDQ/1-Wire */
- [124] = { 0xb3000, 0x1000, 32 | 16 | 8 }, /* L4TA39 */
-};
-
-static const struct omap_l4_agent_info_s omap_l4_agent_info[54] = {
- { 0, 0, 3, 2 }, /* L4IA initiatior agent */
- { L4TAO(1), 3, 2, 1 }, /* Control and pinout module */
- { L4TAO(2), 5, 2, 1 }, /* 32K timer */
- { L4TAO(3), 7, 3, 2 }, /* PRCM */
- { L4TA(1), 10, 2, 1 }, /* BCM */
- { L4TA(2), 12, 2, 1 }, /* Test JTAG */
- { L4TA(3), 14, 6, 3 }, /* Quad GPIO */
- { L4TA(4), 20, 4, 3 }, /* WD timer 1/2 */
- { L4TA(7), 24, 2, 1 }, /* GP timer 1 */
- { L4TA(9), 26, 2, 1 }, /* ATM11 ETB */
- { L4TA(10), 28, 5, 4 }, /* Display subsystem */
- { L4TA(11), 33, 5, 4 }, /* Camera subsystem */
- { L4TA(12), 38, 2, 1 }, /* sDMA */
- { L4TA(13), 40, 5, 4 }, /* SSI */
- { L4TAO(4), 45, 2, 1 }, /* USB */
- { L4TA(14), 47, 2, 1 }, /* Win Tracer1 */
- { L4TA(15), 49, 2, 1 }, /* Win Tracer2 */
- { L4TA(16), 51, 2, 1 }, /* Win Tracer3 */
- { L4TA(17), 53, 2, 1 }, /* Win Tracer4 */
- { L4TA(18), 55, 2, 1 }, /* XTI */
- { L4TA(19), 57, 2, 1 }, /* UART1 */
- { L4TA(20), 59, 2, 1 }, /* UART2 */
- { L4TA(21), 61, 2, 1 }, /* UART3 */
- { L4TAO(5), 63, 2, 1 }, /* I2C1 */
- { L4TAO(6), 65, 2, 1 }, /* I2C2 */
- { L4TAO(7), 67, 2, 1 }, /* McBSP1 */
- { L4TAO(8), 69, 2, 1 }, /* McBSP2 */
- { L4TA(5), 71, 2, 1 }, /* WD Timer 3 (DSP) */
- { L4TA(6), 73, 2, 1 }, /* WD Timer 4 (IVA) */
- { L4TA(8), 75, 2, 1 }, /* GP Timer 2 */
- { L4TA(22), 77, 2, 1 }, /* GP Timer 3 */
- { L4TA(23), 79, 2, 1 }, /* GP Timer 4 */
- { L4TA(24), 81, 2, 1 }, /* GP Timer 5 */
- { L4TA(25), 83, 2, 1 }, /* GP Timer 6 */
- { L4TA(26), 85, 2, 1 }, /* GP Timer 7 */
- { L4TA(27), 87, 2, 1 }, /* GP Timer 8 */
- { L4TA(28), 89, 2, 1 }, /* GP Timer 9 */
- { L4TA(29), 91, 2, 1 }, /* GP Timer 10 */
- { L4TA(30), 93, 2, 1 }, /* GP Timer 11 */
- { L4TA(31), 95, 2, 1 }, /* GP Timer 12 */
- { L4TA(32), 97, 2, 1 }, /* EAC */
- { L4TA(33), 99, 2, 1 }, /* FAC */
- { L4TA(34), 101, 2, 1 }, /* IPC */
- { L4TA(35), 103, 2, 1 }, /* SPI1 */
- { L4TA(36), 105, 2, 1 }, /* SPI2 */
- { L4TAO(9), 107, 2, 1 }, /* MMC SDIO */
- { L4TAO(10), 109, 2, 1 },
- { L4TAO(11), 111, 2, 1 }, /* RNG */
- { L4TAO(12), 113, 2, 1 }, /* DES3DES */
- { L4TAO(13), 115, 2, 1 }, /* SHA1MD5 */
- { L4TA(37), 117, 2, 1 }, /* AES */
- { L4TA(38), 119, 2, 1 }, /* PKA */
- { -1, 121, 2, 1 },
- { L4TA(39), 123, 2, 1 }, /* HDQ/1-Wire */
-};
-
-#define omap_l4ta(bus, cs) \
- omap_l4ta_get(bus, omap_l4_region, omap_l4_agent_info, L4TA(cs))
-#define omap_l4tao(bus, cs) \
- omap_l4ta_get(bus, omap_l4_region, omap_l4_agent_info, L4TAO(cs))
-
-/* Power, Reset, and Clock Management */
-struct omap_prcm_s {
- qemu_irq irq[3];
- struct omap_mpu_state_s *mpu;
- MemoryRegion iomem0;
- MemoryRegion iomem1;
-
- uint32_t irqst[3];
- uint32_t irqen[3];
-
- uint32_t sysconfig;
- uint32_t voltctrl;
- uint32_t scratch[20];
-
- uint32_t clksrc[1];
- uint32_t clkout[1];
- uint32_t clkemul[1];
- uint32_t clkpol[1];
- uint32_t clksel[8];
- uint32_t clken[12];
- uint32_t clkctrl[4];
- uint32_t clkidle[7];
- uint32_t setuptime[2];
-
- uint32_t wkup[3];
- uint32_t wken[3];
- uint32_t wkst[3];
- uint32_t rst[4];
- uint32_t rstctrl[1];
- uint32_t power[4];
- uint32_t rsttime_wkup;
-
- uint32_t ev;
- uint32_t evtime[2];
-
- int dpll_lock, apll_lock[2];
-};
-
-static void omap_prcm_int_update(struct omap_prcm_s *s, int dom)
-{
- qemu_set_irq(s->irq[dom], s->irqst[dom] & s->irqen[dom]);
- /* XXX or is the mask applied before PRCM_IRQSTATUS_* ? */
-}
-
-static uint64_t omap_prcm_read(void *opaque, hwaddr addr,
- unsigned size)
-{
- struct omap_prcm_s *s = (struct omap_prcm_s *) opaque;
- uint32_t ret;
-
- if (size != 4) {
- return omap_badwidth_read32(opaque, addr);
- }
-
- switch (addr) {
- case 0x000: /* PRCM_REVISION */
- return 0x10;
-
- case 0x010: /* PRCM_SYSCONFIG */
- return s->sysconfig;
-
- case 0x018: /* PRCM_IRQSTATUS_MPU */
- return s->irqst[0];
-
- case 0x01c: /* PRCM_IRQENABLE_MPU */
- return s->irqen[0];
-
- case 0x050: /* PRCM_VOLTCTRL */
- return s->voltctrl;
- case 0x054: /* PRCM_VOLTST */
- return s->voltctrl & 3;
-
- case 0x060: /* PRCM_CLKSRC_CTRL */
- return s->clksrc[0];
- case 0x070: /* PRCM_CLKOUT_CTRL */
- return s->clkout[0];
- case 0x078: /* PRCM_CLKEMUL_CTRL */
- return s->clkemul[0];
- case 0x080: /* PRCM_CLKCFG_CTRL */
- case 0x084: /* PRCM_CLKCFG_STATUS */
- return 0;
-
- case 0x090: /* PRCM_VOLTSETUP */
- return s->setuptime[0];
-
- case 0x094: /* PRCM_CLKSSETUP */
- return s->setuptime[1];
-
- case 0x098: /* PRCM_POLCTRL */
- return s->clkpol[0];
-
- case 0x0b0: /* GENERAL_PURPOSE1 */
- case 0x0b4: /* GENERAL_PURPOSE2 */
- case 0x0b8: /* GENERAL_PURPOSE3 */
- case 0x0bc: /* GENERAL_PURPOSE4 */
- case 0x0c0: /* GENERAL_PURPOSE5 */
- case 0x0c4: /* GENERAL_PURPOSE6 */
- case 0x0c8: /* GENERAL_PURPOSE7 */
- case 0x0cc: /* GENERAL_PURPOSE8 */
- case 0x0d0: /* GENERAL_PURPOSE9 */
- case 0x0d4: /* GENERAL_PURPOSE10 */
- case 0x0d8: /* GENERAL_PURPOSE11 */
- case 0x0dc: /* GENERAL_PURPOSE12 */
- case 0x0e0: /* GENERAL_PURPOSE13 */
- case 0x0e4: /* GENERAL_PURPOSE14 */
- case 0x0e8: /* GENERAL_PURPOSE15 */
- case 0x0ec: /* GENERAL_PURPOSE16 */
- case 0x0f0: /* GENERAL_PURPOSE17 */
- case 0x0f4: /* GENERAL_PURPOSE18 */
- case 0x0f8: /* GENERAL_PURPOSE19 */
- case 0x0fc: /* GENERAL_PURPOSE20 */
- return s->scratch[(addr - 0xb0) >> 2];
-
- case 0x140: /* CM_CLKSEL_MPU */
- return s->clksel[0];
- case 0x148: /* CM_CLKSTCTRL_MPU */
- return s->clkctrl[0];
-
- case 0x158: /* RM_RSTST_MPU */
- return s->rst[0];
- case 0x1c8: /* PM_WKDEP_MPU */
- return s->wkup[0];
- case 0x1d4: /* PM_EVGENCTRL_MPU */
- return s->ev;
- case 0x1d8: /* PM_EVEGENONTIM_MPU */
- return s->evtime[0];
- case 0x1dc: /* PM_EVEGENOFFTIM_MPU */
- return s->evtime[1];
- case 0x1e0: /* PM_PWSTCTRL_MPU */
- return s->power[0];
- case 0x1e4: /* PM_PWSTST_MPU */
- return 0;
-
- case 0x200: /* CM_FCLKEN1_CORE */
- return s->clken[0];
- case 0x204: /* CM_FCLKEN2_CORE */
- return s->clken[1];
- case 0x210: /* CM_ICLKEN1_CORE */
- return s->clken[2];
- case 0x214: /* CM_ICLKEN2_CORE */
- return s->clken[3];
- case 0x21c: /* CM_ICLKEN4_CORE */
- return s->clken[4];
-
- case 0x220: /* CM_IDLEST1_CORE */
- /* TODO: check the actual iclk status */
- return 0x7ffffff9;
- case 0x224: /* CM_IDLEST2_CORE */
- /* TODO: check the actual iclk status */
- return 0x00000007;
- case 0x22c: /* CM_IDLEST4_CORE */
- /* TODO: check the actual iclk status */
- return 0x0000001f;
-
- case 0x230: /* CM_AUTOIDLE1_CORE */
- return s->clkidle[0];
- case 0x234: /* CM_AUTOIDLE2_CORE */
- return s->clkidle[1];
- case 0x238: /* CM_AUTOIDLE3_CORE */
- return s->clkidle[2];
- case 0x23c: /* CM_AUTOIDLE4_CORE */
- return s->clkidle[3];
-
- case 0x240: /* CM_CLKSEL1_CORE */
- return s->clksel[1];
- case 0x244: /* CM_CLKSEL2_CORE */
- return s->clksel[2];
-
- case 0x248: /* CM_CLKSTCTRL_CORE */
- return s->clkctrl[1];
-
- case 0x2a0: /* PM_WKEN1_CORE */
- return s->wken[0];
- case 0x2a4: /* PM_WKEN2_CORE */
- return s->wken[1];
-
- case 0x2b0: /* PM_WKST1_CORE */
- return s->wkst[0];
- case 0x2b4: /* PM_WKST2_CORE */
- return s->wkst[1];
- case 0x2c8: /* PM_WKDEP_CORE */
- return 0x1e;
-
- case 0x2e0: /* PM_PWSTCTRL_CORE */
- return s->power[1];
- case 0x2e4: /* PM_PWSTST_CORE */
- return 0x000030 | (s->power[1] & 0xfc00);
-
- case 0x300: /* CM_FCLKEN_GFX */
- return s->clken[5];
- case 0x310: /* CM_ICLKEN_GFX */
- return s->clken[6];
- case 0x320: /* CM_IDLEST_GFX */
- /* TODO: check the actual iclk status */
- return 0x00000001;
- case 0x340: /* CM_CLKSEL_GFX */
- return s->clksel[3];
- case 0x348: /* CM_CLKSTCTRL_GFX */
- return s->clkctrl[2];
- case 0x350: /* RM_RSTCTRL_GFX */
- return s->rstctrl[0];
- case 0x358: /* RM_RSTST_GFX */
- return s->rst[1];
- case 0x3c8: /* PM_WKDEP_GFX */
- return s->wkup[1];
-
- case 0x3e0: /* PM_PWSTCTRL_GFX */
- return s->power[2];
- case 0x3e4: /* PM_PWSTST_GFX */
- return s->power[2] & 3;
-
- case 0x400: /* CM_FCLKEN_WKUP */
- return s->clken[7];
- case 0x410: /* CM_ICLKEN_WKUP */
- return s->clken[8];
- case 0x420: /* CM_IDLEST_WKUP */
- /* TODO: check the actual iclk status */
- return 0x0000003f;
- case 0x430: /* CM_AUTOIDLE_WKUP */
- return s->clkidle[4];
- case 0x440: /* CM_CLKSEL_WKUP */
- return s->clksel[4];
- case 0x450: /* RM_RSTCTRL_WKUP */
- return 0;
- case 0x454: /* RM_RSTTIME_WKUP */
- return s->rsttime_wkup;
- case 0x458: /* RM_RSTST_WKUP */
- return s->rst[2];
- case 0x4a0: /* PM_WKEN_WKUP */
- return s->wken[2];
- case 0x4b0: /* PM_WKST_WKUP */
- return s->wkst[2];
-
- case 0x500: /* CM_CLKEN_PLL */
- return s->clken[9];
- case 0x520: /* CM_IDLEST_CKGEN */
- ret = 0x0000070 | (s->apll_lock[0] << 9) | (s->apll_lock[1] << 8);
- if (!(s->clksel[6] & 3))
- /* Core uses 32-kHz clock */
- ret |= 3 << 0;
- else if (!s->dpll_lock)
- /* DPLL not locked, core uses ref_clk */
- ret |= 1 << 0;
- else
- /* Core uses DPLL */
- ret |= 2 << 0;
- return ret;
- case 0x530: /* CM_AUTOIDLE_PLL */
- return s->clkidle[5];
- case 0x540: /* CM_CLKSEL1_PLL */
- return s->clksel[5];
- case 0x544: /* CM_CLKSEL2_PLL */
- return s->clksel[6];
-
- case 0x800: /* CM_FCLKEN_DSP */
- return s->clken[10];
- case 0x810: /* CM_ICLKEN_DSP */
- return s->clken[11];
- case 0x820: /* CM_IDLEST_DSP */
- /* TODO: check the actual iclk status */
- return 0x00000103;
- case 0x830: /* CM_AUTOIDLE_DSP */
- return s->clkidle[6];
- case 0x840: /* CM_CLKSEL_DSP */
- return s->clksel[7];
- case 0x848: /* CM_CLKSTCTRL_DSP */
- return s->clkctrl[3];
- case 0x850: /* RM_RSTCTRL_DSP */
- return 0;
- case 0x858: /* RM_RSTST_DSP */
- return s->rst[3];
- case 0x8c8: /* PM_WKDEP_DSP */
- return s->wkup[2];
- case 0x8e0: /* PM_PWSTCTRL_DSP */
- return s->power[3];
- case 0x8e4: /* PM_PWSTST_DSP */
- return 0x008030 | (s->power[3] & 0x3003);
-
- case 0x8f0: /* PRCM_IRQSTATUS_DSP */
- return s->irqst[1];
- case 0x8f4: /* PRCM_IRQENABLE_DSP */
- return s->irqen[1];
-
- case 0x8f8: /* PRCM_IRQSTATUS_IVA */
- return s->irqst[2];
- case 0x8fc: /* PRCM_IRQENABLE_IVA */
- return s->irqen[2];
- }
-
- OMAP_BAD_REG(addr);
- return 0;
-}
-
-static void omap_prcm_apll_update(struct omap_prcm_s *s)
-{
- int mode[2];
-
- mode[0] = (s->clken[9] >> 6) & 3;
- s->apll_lock[0] = (mode[0] == 3);
- mode[1] = (s->clken[9] >> 2) & 3;
- s->apll_lock[1] = (mode[1] == 3);
- /* TODO: update clocks */
-
- if (mode[0] == 1 || mode[0] == 2 || mode[1] == 1 || mode[1] == 2)
- fprintf(stderr, "%s: bad EN_54M_PLL or bad EN_96M_PLL\n",
- __FUNCTION__);
-}
-
-static void omap_prcm_dpll_update(struct omap_prcm_s *s)
-{
- omap_clk dpll = omap_findclk(s->mpu, "dpll");
- omap_clk dpll_x2 = omap_findclk(s->mpu, "dpll");
- omap_clk core = omap_findclk(s->mpu, "core_clk");
- int mode = (s->clken[9] >> 0) & 3;
- int mult, div;
-
- mult = (s->clksel[5] >> 12) & 0x3ff;
- div = (s->clksel[5] >> 8) & 0xf;
- if (mult == 0 || mult == 1)
- mode = 1; /* Bypass */
-
- s->dpll_lock = 0;
- switch (mode) {
- case 0:
- fprintf(stderr, "%s: bad EN_DPLL\n", __FUNCTION__);
- break;
- case 1: /* Low-power bypass mode (Default) */
- case 2: /* Fast-relock bypass mode */
- omap_clk_setrate(dpll, 1, 1);
- omap_clk_setrate(dpll_x2, 1, 1);
- break;
- case 3: /* Lock mode */
- s->dpll_lock = 1; /* After 20 FINT cycles (ref_clk / (div + 1)). */
-
- omap_clk_setrate(dpll, div + 1, mult);
- omap_clk_setrate(dpll_x2, div + 1, mult * 2);
- break;
- }
-
- switch ((s->clksel[6] >> 0) & 3) {
- case 0:
- omap_clk_reparent(core, omap_findclk(s->mpu, "clk32-kHz"));
- break;
- case 1:
- omap_clk_reparent(core, dpll);
- break;
- case 2:
- /* Default */
- omap_clk_reparent(core, dpll_x2);
- break;
- case 3:
- fprintf(stderr, "%s: bad CORE_CLK_SRC\n", __FUNCTION__);
- break;
- }
-}
-
-static void omap_prcm_write(void *opaque, hwaddr addr,
- uint64_t value, unsigned size)
-{
- struct omap_prcm_s *s = (struct omap_prcm_s *) opaque;
-
- if (size != 4) {
- return omap_badwidth_write32(opaque, addr, value);
- }
-
- switch (addr) {
- case 0x000: /* PRCM_REVISION */
- case 0x054: /* PRCM_VOLTST */
- case 0x084: /* PRCM_CLKCFG_STATUS */
- case 0x1e4: /* PM_PWSTST_MPU */
- case 0x220: /* CM_IDLEST1_CORE */
- case 0x224: /* CM_IDLEST2_CORE */
- case 0x22c: /* CM_IDLEST4_CORE */
- case 0x2c8: /* PM_WKDEP_CORE */
- case 0x2e4: /* PM_PWSTST_CORE */
- case 0x320: /* CM_IDLEST_GFX */
- case 0x3e4: /* PM_PWSTST_GFX */
- case 0x420: /* CM_IDLEST_WKUP */
- case 0x520: /* CM_IDLEST_CKGEN */
- case 0x820: /* CM_IDLEST_DSP */
- case 0x8e4: /* PM_PWSTST_DSP */
- OMAP_RO_REG(addr);
- return;
-
- case 0x010: /* PRCM_SYSCONFIG */
- s->sysconfig = value & 1;
- break;
-
- case 0x018: /* PRCM_IRQSTATUS_MPU */
- s->irqst[0] &= ~value;
- omap_prcm_int_update(s, 0);
- break;
- case 0x01c: /* PRCM_IRQENABLE_MPU */
- s->irqen[0] = value & 0x3f;
- omap_prcm_int_update(s, 0);
- break;
-
- case 0x050: /* PRCM_VOLTCTRL */
- s->voltctrl = value & 0xf1c3;
- break;
-
- case 0x060: /* PRCM_CLKSRC_CTRL */
- s->clksrc[0] = value & 0xdb;
- /* TODO update clocks */
- break;
-
- case 0x070: /* PRCM_CLKOUT_CTRL */
- s->clkout[0] = value & 0xbbbb;
- /* TODO update clocks */
- break;
-
- case 0x078: /* PRCM_CLKEMUL_CTRL */
- s->clkemul[0] = value & 1;
- /* TODO update clocks */
- break;
-
- case 0x080: /* PRCM_CLKCFG_CTRL */
- break;
-
- case 0x090: /* PRCM_VOLTSETUP */
- s->setuptime[0] = value & 0xffff;
- break;
- case 0x094: /* PRCM_CLKSSETUP */
- s->setuptime[1] = value & 0xffff;
- break;
-
- case 0x098: /* PRCM_POLCTRL */
- s->clkpol[0] = value & 0x701;
- break;
-
- case 0x0b0: /* GENERAL_PURPOSE1 */
- case 0x0b4: /* GENERAL_PURPOSE2 */
- case 0x0b8: /* GENERAL_PURPOSE3 */
- case 0x0bc: /* GENERAL_PURPOSE4 */
- case 0x0c0: /* GENERAL_PURPOSE5 */
- case 0x0c4: /* GENERAL_PURPOSE6 */
- case 0x0c8: /* GENERAL_PURPOSE7 */
- case 0x0cc: /* GENERAL_PURPOSE8 */
- case 0x0d0: /* GENERAL_PURPOSE9 */
- case 0x0d4: /* GENERAL_PURPOSE10 */
- case 0x0d8: /* GENERAL_PURPOSE11 */
- case 0x0dc: /* GENERAL_PURPOSE12 */
- case 0x0e0: /* GENERAL_PURPOSE13 */
- case 0x0e4: /* GENERAL_PURPOSE14 */
- case 0x0e8: /* GENERAL_PURPOSE15 */
- case 0x0ec: /* GENERAL_PURPOSE16 */
- case 0x0f0: /* GENERAL_PURPOSE17 */
- case 0x0f4: /* GENERAL_PURPOSE18 */
- case 0x0f8: /* GENERAL_PURPOSE19 */
- case 0x0fc: /* GENERAL_PURPOSE20 */
- s->scratch[(addr - 0xb0) >> 2] = value;
- break;
-
- case 0x140: /* CM_CLKSEL_MPU */
- s->clksel[0] = value & 0x1f;
- /* TODO update clocks */
- break;
- case 0x148: /* CM_CLKSTCTRL_MPU */
- s->clkctrl[0] = value & 0x1f;
- break;
-
- case 0x158: /* RM_RSTST_MPU */
- s->rst[0] &= ~value;
- break;
- case 0x1c8: /* PM_WKDEP_MPU */
- s->wkup[0] = value & 0x15;
- break;
-
- case 0x1d4: /* PM_EVGENCTRL_MPU */
- s->ev = value & 0x1f;
- break;
- case 0x1d8: /* PM_EVEGENONTIM_MPU */
- s->evtime[0] = value;
- break;
- case 0x1dc: /* PM_EVEGENOFFTIM_MPU */
- s->evtime[1] = value;
- break;
-
- case 0x1e0: /* PM_PWSTCTRL_MPU */
- s->power[0] = value & 0xc0f;
- break;
-
- case 0x200: /* CM_FCLKEN1_CORE */
- s->clken[0] = value & 0xbfffffff;
- /* TODO update clocks */
- /* The EN_EAC bit only gets/puts func_96m_clk. */
- break;
- case 0x204: /* CM_FCLKEN2_CORE */
- s->clken[1] = value & 0x00000007;
- /* TODO update clocks */
- break;
- case 0x210: /* CM_ICLKEN1_CORE */
- s->clken[2] = value & 0xfffffff9;
- /* TODO update clocks */
- /* The EN_EAC bit only gets/puts core_l4_iclk. */
- break;
- case 0x214: /* CM_ICLKEN2_CORE */
- s->clken[3] = value & 0x00000007;
- /* TODO update clocks */
- break;
- case 0x21c: /* CM_ICLKEN4_CORE */
- s->clken[4] = value & 0x0000001f;
- /* TODO update clocks */
- break;
-
- case 0x230: /* CM_AUTOIDLE1_CORE */
- s->clkidle[0] = value & 0xfffffff9;
- /* TODO update clocks */
- break;
- case 0x234: /* CM_AUTOIDLE2_CORE */
- s->clkidle[1] = value & 0x00000007;
- /* TODO update clocks */
- break;
- case 0x238: /* CM_AUTOIDLE3_CORE */
- s->clkidle[2] = value & 0x00000007;
- /* TODO update clocks */
- break;
- case 0x23c: /* CM_AUTOIDLE4_CORE */
- s->clkidle[3] = value & 0x0000001f;
- /* TODO update clocks */
- break;
-
- case 0x240: /* CM_CLKSEL1_CORE */
- s->clksel[1] = value & 0x0fffbf7f;
- /* TODO update clocks */
- break;
-
- case 0x244: /* CM_CLKSEL2_CORE */
- s->clksel[2] = value & 0x00fffffc;
- /* TODO update clocks */
- break;
-
- case 0x248: /* CM_CLKSTCTRL_CORE */
- s->clkctrl[1] = value & 0x7;
- break;
-
- case 0x2a0: /* PM_WKEN1_CORE */
- s->wken[0] = value & 0x04667ff8;
- break;
- case 0x2a4: /* PM_WKEN2_CORE */
- s->wken[1] = value & 0x00000005;
- break;
-
- case 0x2b0: /* PM_WKST1_CORE */
- s->wkst[0] &= ~value;
- break;
- case 0x2b4: /* PM_WKST2_CORE */
- s->wkst[1] &= ~value;
- break;
-
- case 0x2e0: /* PM_PWSTCTRL_CORE */
- s->power[1] = (value & 0x00fc3f) | (1 << 2);
- break;
-
- case 0x300: /* CM_FCLKEN_GFX */
- s->clken[5] = value & 6;
- /* TODO update clocks */
- break;
- case 0x310: /* CM_ICLKEN_GFX */
- s->clken[6] = value & 1;
- /* TODO update clocks */
- break;
- case 0x340: /* CM_CLKSEL_GFX */
- s->clksel[3] = value & 7;
- /* TODO update clocks */
- break;
- case 0x348: /* CM_CLKSTCTRL_GFX */
- s->clkctrl[2] = value & 1;
- break;
- case 0x350: /* RM_RSTCTRL_GFX */
- s->rstctrl[0] = value & 1;
- /* TODO: reset */
- break;
- case 0x358: /* RM_RSTST_GFX */
- s->rst[1] &= ~value;
- break;
- case 0x3c8: /* PM_WKDEP_GFX */
- s->wkup[1] = value & 0x13;
- break;
- case 0x3e0: /* PM_PWSTCTRL_GFX */
- s->power[2] = (value & 0x00c0f) | (3 << 2);
- break;
-
- case 0x400: /* CM_FCLKEN_WKUP */
- s->clken[7] = value & 0xd;
- /* TODO update clocks */
- break;
- case 0x410: /* CM_ICLKEN_WKUP */
- s->clken[8] = value & 0x3f;
- /* TODO update clocks */
- break;
- case 0x430: /* CM_AUTOIDLE_WKUP */
- s->clkidle[4] = value & 0x0000003f;
- /* TODO update clocks */
- break;
- case 0x440: /* CM_CLKSEL_WKUP */
- s->clksel[4] = value & 3;
- /* TODO update clocks */
- break;
- case 0x450: /* RM_RSTCTRL_WKUP */
- /* TODO: reset */
- if (value & 2)
- qemu_system_reset_request();
- break;
- case 0x454: /* RM_RSTTIME_WKUP */
- s->rsttime_wkup = value & 0x1fff;
- break;
- case 0x458: /* RM_RSTST_WKUP */
- s->rst[2] &= ~value;
- break;
- case 0x4a0: /* PM_WKEN_WKUP */
- s->wken[2] = value & 0x00000005;
- break;
- case 0x4b0: /* PM_WKST_WKUP */
- s->wkst[2] &= ~value;
- break;
-
- case 0x500: /* CM_CLKEN_PLL */
- if (value & 0xffffff30)
- fprintf(stderr, "%s: write 0s in CM_CLKEN_PLL for "
- "future compatibility\n", __FUNCTION__);
- if ((s->clken[9] ^ value) & 0xcc) {
- s->clken[9] &= ~0xcc;
- s->clken[9] |= value & 0xcc;
- omap_prcm_apll_update(s);
- }
- if ((s->clken[9] ^ value) & 3) {
- s->clken[9] &= ~3;
- s->clken[9] |= value & 3;
- omap_prcm_dpll_update(s);
- }
- break;
- case 0x530: /* CM_AUTOIDLE_PLL */
- s->clkidle[5] = value & 0x000000cf;
- /* TODO update clocks */
- break;
- case 0x540: /* CM_CLKSEL1_PLL */
- if (value & 0xfc4000d7)
- fprintf(stderr, "%s: write 0s in CM_CLKSEL1_PLL for "
- "future compatibility\n", __FUNCTION__);
- if ((s->clksel[5] ^ value) & 0x003fff00) {
- s->clksel[5] = value & 0x03bfff28;
- omap_prcm_dpll_update(s);
- }
- /* TODO update the other clocks */
-
- s->clksel[5] = value & 0x03bfff28;
- break;
- case 0x544: /* CM_CLKSEL2_PLL */
- if (value & ~3)
- fprintf(stderr, "%s: write 0s in CM_CLKSEL2_PLL[31:2] for "
- "future compatibility\n", __FUNCTION__);
- if (s->clksel[6] != (value & 3)) {
- s->clksel[6] = value & 3;
- omap_prcm_dpll_update(s);
- }
- break;
-
- case 0x800: /* CM_FCLKEN_DSP */
- s->clken[10] = value & 0x501;
- /* TODO update clocks */
- break;
- case 0x810: /* CM_ICLKEN_DSP */
- s->clken[11] = value & 0x2;
- /* TODO update clocks */
- break;
- case 0x830: /* CM_AUTOIDLE_DSP */
- s->clkidle[6] = value & 0x2;
- /* TODO update clocks */
- break;
- case 0x840: /* CM_CLKSEL_DSP */
- s->clksel[7] = value & 0x3fff;
- /* TODO update clocks */
- break;
- case 0x848: /* CM_CLKSTCTRL_DSP */
- s->clkctrl[3] = value & 0x101;
- break;
- case 0x850: /* RM_RSTCTRL_DSP */
- /* TODO: reset */
- break;
- case 0x858: /* RM_RSTST_DSP */
- s->rst[3] &= ~value;
- break;
- case 0x8c8: /* PM_WKDEP_DSP */
- s->wkup[2] = value & 0x13;
- break;
- case 0x8e0: /* PM_PWSTCTRL_DSP */
- s->power[3] = (value & 0x03017) | (3 << 2);
- break;
-
- case 0x8f0: /* PRCM_IRQSTATUS_DSP */
- s->irqst[1] &= ~value;
- omap_prcm_int_update(s, 1);
- break;
- case 0x8f4: /* PRCM_IRQENABLE_DSP */
- s->irqen[1] = value & 0x7;
- omap_prcm_int_update(s, 1);
- break;
-
- case 0x8f8: /* PRCM_IRQSTATUS_IVA */
- s->irqst[2] &= ~value;
- omap_prcm_int_update(s, 2);
- break;
- case 0x8fc: /* PRCM_IRQENABLE_IVA */
- s->irqen[2] = value & 0x7;
- omap_prcm_int_update(s, 2);
- break;
-
- default:
- OMAP_BAD_REG(addr);
- return;
- }
-}
-
-static const MemoryRegionOps omap_prcm_ops = {
- .read = omap_prcm_read,
- .write = omap_prcm_write,
- .endianness = DEVICE_NATIVE_ENDIAN,
-};
-
-static void omap_prcm_reset(struct omap_prcm_s *s)
-{
- s->sysconfig = 0;
- s->irqst[0] = 0;
- s->irqst[1] = 0;
- s->irqst[2] = 0;
- s->irqen[0] = 0;
- s->irqen[1] = 0;
- s->irqen[2] = 0;
- s->voltctrl = 0x1040;
- s->ev = 0x14;
- s->evtime[0] = 0;
- s->evtime[1] = 0;
- s->clkctrl[0] = 0;
- s->clkctrl[1] = 0;
- s->clkctrl[2] = 0;
- s->clkctrl[3] = 0;
- s->clken[1] = 7;
- s->clken[3] = 7;
- s->clken[4] = 0;
- s->clken[5] = 0;
- s->clken[6] = 0;
- s->clken[7] = 0xc;
- s->clken[8] = 0x3e;
- s->clken[9] = 0x0d;
- s->clken[10] = 0;
- s->clken[11] = 0;
- s->clkidle[0] = 0;
- s->clkidle[2] = 7;
- s->clkidle[3] = 0;
- s->clkidle[4] = 0;
- s->clkidle[5] = 0x0c;
- s->clkidle[6] = 0;
- s->clksel[0] = 0x01;
- s->clksel[1] = 0x02100121;
- s->clksel[2] = 0x00000000;
- s->clksel[3] = 0x01;
- s->clksel[4] = 0;
- s->clksel[7] = 0x0121;
- s->wkup[0] = 0x15;
- s->wkup[1] = 0x13;
- s->wkup[2] = 0x13;
- s->wken[0] = 0x04667ff8;
- s->wken[1] = 0x00000005;
- s->wken[2] = 5;
- s->wkst[0] = 0;
- s->wkst[1] = 0;
- s->wkst[2] = 0;
- s->power[0] = 0x00c;
- s->power[1] = 4;
- s->power[2] = 0x0000c;
- s->power[3] = 0x14;
- s->rstctrl[0] = 1;
- s->rst[3] = 1;
- omap_prcm_apll_update(s);
- omap_prcm_dpll_update(s);
-}
-
-static void omap_prcm_coldreset(struct omap_prcm_s *s)
-{
- s->setuptime[0] = 0;
- s->setuptime[1] = 0;
- memset(&s->scratch, 0, sizeof(s->scratch));
- s->rst[0] = 0x01;
- s->rst[1] = 0x00;
- s->rst[2] = 0x01;
- s->clken[0] = 0;
- s->clken[2] = 0;
- s->clkidle[1] = 0;
- s->clksel[5] = 0;
- s->clksel[6] = 2;
- s->clksrc[0] = 0x43;
- s->clkout[0] = 0x0303;
- s->clkemul[0] = 0;
- s->clkpol[0] = 0x100;
- s->rsttime_wkup = 0x1002;
-
- omap_prcm_reset(s);
-}
-
-static struct omap_prcm_s *omap_prcm_init(struct omap_target_agent_s *ta,
- qemu_irq mpu_int, qemu_irq dsp_int, qemu_irq iva_int,
- struct omap_mpu_state_s *mpu)
-{
- struct omap_prcm_s *s = (struct omap_prcm_s *)
- g_malloc0(sizeof(struct omap_prcm_s));
-
- s->irq[0] = mpu_int;
- s->irq[1] = dsp_int;
- s->irq[2] = iva_int;
- s->mpu = mpu;
- omap_prcm_coldreset(s);
-
- memory_region_init_io(&s->iomem0, &omap_prcm_ops, s, "omap.pcrm0",
- omap_l4_region_size(ta, 0));
- memory_region_init_io(&s->iomem1, &omap_prcm_ops, s, "omap.pcrm1",
- omap_l4_region_size(ta, 1));
- omap_l4_attach(ta, 0, &s->iomem0);
- omap_l4_attach(ta, 1, &s->iomem1);
-
- return s;
-}
-
-/* System and Pinout control */
-struct omap_sysctl_s {
- struct omap_mpu_state_s *mpu;
- MemoryRegion iomem;
-
- uint32_t sysconfig;
- uint32_t devconfig;
- uint32_t psaconfig;
- uint32_t padconf[0x45];
- uint8_t obs;
- uint32_t msuspendmux[5];
-};
-
-static uint32_t omap_sysctl_read8(void *opaque, hwaddr addr)
-{
-
- struct omap_sysctl_s *s = (struct omap_sysctl_s *) opaque;
- int pad_offset, byte_offset;
- int value;
-
- switch (addr) {
- case 0x030 ... 0x140: /* CONTROL_PADCONF - only used in the POP */
- pad_offset = (addr - 0x30) >> 2;
- byte_offset = (addr - 0x30) & (4 - 1);
-
- value = s->padconf[pad_offset];
- value = (value >> (byte_offset * 8)) & 0xff;
-
- return value;
-
- default:
- break;
- }
-
- OMAP_BAD_REG(addr);
- return 0;
-}
-
-static uint32_t omap_sysctl_read(void *opaque, hwaddr addr)
-{
- struct omap_sysctl_s *s = (struct omap_sysctl_s *) opaque;
-
- switch (addr) {
- case 0x000: /* CONTROL_REVISION */
- return 0x20;
-
- case 0x010: /* CONTROL_SYSCONFIG */
- return s->sysconfig;
-
- case 0x030 ... 0x140: /* CONTROL_PADCONF - only used in the POP */
- return s->padconf[(addr - 0x30) >> 2];
-
- case 0x270: /* CONTROL_DEBOBS */
- return s->obs;
-
- case 0x274: /* CONTROL_DEVCONF */
- return s->devconfig;
-
- case 0x28c: /* CONTROL_EMU_SUPPORT */
- return 0;
-
- case 0x290: /* CONTROL_MSUSPENDMUX_0 */
- return s->msuspendmux[0];
- case 0x294: /* CONTROL_MSUSPENDMUX_1 */
- return s->msuspendmux[1];
- case 0x298: /* CONTROL_MSUSPENDMUX_2 */
- return s->msuspendmux[2];
- case 0x29c: /* CONTROL_MSUSPENDMUX_3 */
- return s->msuspendmux[3];
- case 0x2a0: /* CONTROL_MSUSPENDMUX_4 */
- return s->msuspendmux[4];
- case 0x2a4: /* CONTROL_MSUSPENDMUX_5 */
- return 0;
-
- case 0x2b8: /* CONTROL_PSA_CTRL */
- return s->psaconfig;
- case 0x2bc: /* CONTROL_PSA_CMD */
- case 0x2c0: /* CONTROL_PSA_VALUE */
- return 0;
-
- case 0x2b0: /* CONTROL_SEC_CTRL */
- return 0x800000f1;
- case 0x2d0: /* CONTROL_SEC_EMU */
- return 0x80000015;
- case 0x2d4: /* CONTROL_SEC_TAP */
- return 0x8000007f;
- case 0x2b4: /* CONTROL_SEC_TEST */
- case 0x2f0: /* CONTROL_SEC_STATUS */
- case 0x2f4: /* CONTROL_SEC_ERR_STATUS */
- /* Secure mode is not present on general-pusrpose device. Outside
- * secure mode these values cannot be read or written. */
- return 0;
-
- case 0x2d8: /* CONTROL_OCM_RAM_PERM */
- return 0xff;
- case 0x2dc: /* CONTROL_OCM_PUB_RAM_ADD */
- case 0x2e0: /* CONTROL_EXT_SEC_RAM_START_ADD */
- case 0x2e4: /* CONTROL_EXT_SEC_RAM_STOP_ADD */
- /* No secure mode so no Extended Secure RAM present. */
- return 0;
-
- case 0x2f8: /* CONTROL_STATUS */
- /* Device Type => General-purpose */
- return 0x0300;
- case 0x2fc: /* CONTROL_GENERAL_PURPOSE_STATUS */
-
- case 0x300: /* CONTROL_RPUB_KEY_H_0 */
- case 0x304: /* CONTROL_RPUB_KEY_H_1 */
- case 0x308: /* CONTROL_RPUB_KEY_H_2 */
- case 0x30c: /* CONTROL_RPUB_KEY_H_3 */
- return 0xdecafbad;
-
- case 0x310: /* CONTROL_RAND_KEY_0 */
- case 0x314: /* CONTROL_RAND_KEY_1 */
- case 0x318: /* CONTROL_RAND_KEY_2 */
- case 0x31c: /* CONTROL_RAND_KEY_3 */
- case 0x320: /* CONTROL_CUST_KEY_0 */
- case 0x324: /* CONTROL_CUST_KEY_1 */
- case 0x330: /* CONTROL_TEST_KEY_0 */
- case 0x334: /* CONTROL_TEST_KEY_1 */
- case 0x338: /* CONTROL_TEST_KEY_2 */
- case 0x33c: /* CONTROL_TEST_KEY_3 */
- case 0x340: /* CONTROL_TEST_KEY_4 */
- case 0x344: /* CONTROL_TEST_KEY_5 */
- case 0x348: /* CONTROL_TEST_KEY_6 */
- case 0x34c: /* CONTROL_TEST_KEY_7 */
- case 0x350: /* CONTROL_TEST_KEY_8 */
- case 0x354: /* CONTROL_TEST_KEY_9 */
- /* Can only be accessed in secure mode and when C_FieldAccEnable
- * bit is set in CONTROL_SEC_CTRL.
- * TODO: otherwise an interconnect access error is generated. */
- return 0;
- }
-
- OMAP_BAD_REG(addr);
- return 0;
-}
-
-static void omap_sysctl_write8(void *opaque, hwaddr addr,
- uint32_t value)
-{
- struct omap_sysctl_s *s = (struct omap_sysctl_s *) opaque;
- int pad_offset, byte_offset;
- int prev_value;
-
- switch (addr) {
- case 0x030 ... 0x140: /* CONTROL_PADCONF - only used in the POP */
- pad_offset = (addr - 0x30) >> 2;
- byte_offset = (addr - 0x30) & (4 - 1);
-
- prev_value = s->padconf[pad_offset];
- prev_value &= ~(0xff << (byte_offset * 8));
- prev_value |= ((value & 0x1f1f1f1f) << (byte_offset * 8)) & 0x1f1f1f1f;
- s->padconf[pad_offset] = prev_value;
- break;
-
- default:
- OMAP_BAD_REG(addr);
- break;
- }
-}
-
-static void omap_sysctl_write(void *opaque, hwaddr addr,
- uint32_t value)
-{
- struct omap_sysctl_s *s = (struct omap_sysctl_s *) opaque;
-
- switch (addr) {
- case 0x000: /* CONTROL_REVISION */
- case 0x2a4: /* CONTROL_MSUSPENDMUX_5 */
- case 0x2c0: /* CONTROL_PSA_VALUE */
- case 0x2f8: /* CONTROL_STATUS */
- case 0x2fc: /* CONTROL_GENERAL_PURPOSE_STATUS */
- case 0x300: /* CONTROL_RPUB_KEY_H_0 */
- case 0x304: /* CONTROL_RPUB_KEY_H_1 */
- case 0x308: /* CONTROL_RPUB_KEY_H_2 */
- case 0x30c: /* CONTROL_RPUB_KEY_H_3 */
- case 0x310: /* CONTROL_RAND_KEY_0 */
- case 0x314: /* CONTROL_RAND_KEY_1 */
- case 0x318: /* CONTROL_RAND_KEY_2 */
- case 0x31c: /* CONTROL_RAND_KEY_3 */
- case 0x320: /* CONTROL_CUST_KEY_0 */
- case 0x324: /* CONTROL_CUST_KEY_1 */
- case 0x330: /* CONTROL_TEST_KEY_0 */
- case 0x334: /* CONTROL_TEST_KEY_1 */
- case 0x338: /* CONTROL_TEST_KEY_2 */
- case 0x33c: /* CONTROL_TEST_KEY_3 */
- case 0x340: /* CONTROL_TEST_KEY_4 */
- case 0x344: /* CONTROL_TEST_KEY_5 */
- case 0x348: /* CONTROL_TEST_KEY_6 */
- case 0x34c: /* CONTROL_TEST_KEY_7 */
- case 0x350: /* CONTROL_TEST_KEY_8 */
- case 0x354: /* CONTROL_TEST_KEY_9 */
- OMAP_RO_REG(addr);
- return;
-
- case 0x010: /* CONTROL_SYSCONFIG */
- s->sysconfig = value & 0x1e;
- break;
-
- case 0x030 ... 0x140: /* CONTROL_PADCONF - only used in the POP */
- /* XXX: should check constant bits */
- s->padconf[(addr - 0x30) >> 2] = value & 0x1f1f1f1f;
- break;
-
- case 0x270: /* CONTROL_DEBOBS */
- s->obs = value & 0xff;
- break;
-
- case 0x274: /* CONTROL_DEVCONF */
- s->devconfig = value & 0xffffc7ff;
- break;
-
- case 0x28c: /* CONTROL_EMU_SUPPORT */
- break;
-
- case 0x290: /* CONTROL_MSUSPENDMUX_0 */
- s->msuspendmux[0] = value & 0x3fffffff;
- break;
- case 0x294: /* CONTROL_MSUSPENDMUX_1 */
- s->msuspendmux[1] = value & 0x3fffffff;
- break;
- case 0x298: /* CONTROL_MSUSPENDMUX_2 */
- s->msuspendmux[2] = value & 0x3fffffff;
- break;
- case 0x29c: /* CONTROL_MSUSPENDMUX_3 */
- s->msuspendmux[3] = value & 0x3fffffff;
- break;
- case 0x2a0: /* CONTROL_MSUSPENDMUX_4 */
- s->msuspendmux[4] = value & 0x3fffffff;
- break;
-
- case 0x2b8: /* CONTROL_PSA_CTRL */
- s->psaconfig = value & 0x1c;
- s->psaconfig |= (value & 0x20) ? 2 : 1;
- break;
- case 0x2bc: /* CONTROL_PSA_CMD */
- break;
-
- case 0x2b0: /* CONTROL_SEC_CTRL */
- case 0x2b4: /* CONTROL_SEC_TEST */
- case 0x2d0: /* CONTROL_SEC_EMU */
- case 0x2d4: /* CONTROL_SEC_TAP */
- case 0x2d8: /* CONTROL_OCM_RAM_PERM */
- case 0x2dc: /* CONTROL_OCM_PUB_RAM_ADD */
- case 0x2e0: /* CONTROL_EXT_SEC_RAM_START_ADD */
- case 0x2e4: /* CONTROL_EXT_SEC_RAM_STOP_ADD */
- case 0x2f0: /* CONTROL_SEC_STATUS */
- case 0x2f4: /* CONTROL_SEC_ERR_STATUS */
- break;
-
- default:
- OMAP_BAD_REG(addr);
- return;
- }
-}
-
-static const MemoryRegionOps omap_sysctl_ops = {
- .old_mmio = {
- .read = {
- omap_sysctl_read8,
- omap_badwidth_read32, /* TODO */
- omap_sysctl_read,
- },
- .write = {
- omap_sysctl_write8,
- omap_badwidth_write32, /* TODO */
- omap_sysctl_write,
- },
- },
- .endianness = DEVICE_NATIVE_ENDIAN,
-};
-
-static void omap_sysctl_reset(struct omap_sysctl_s *s)
-{
- /* (power-on reset) */
- s->sysconfig = 0;
- s->obs = 0;
- s->devconfig = 0x0c000000;
- s->msuspendmux[0] = 0x00000000;
- s->msuspendmux[1] = 0x00000000;
- s->msuspendmux[2] = 0x00000000;
- s->msuspendmux[3] = 0x00000000;
- s->msuspendmux[4] = 0x00000000;
- s->psaconfig = 1;
-
- s->padconf[0x00] = 0x000f0f0f;
- s->padconf[0x01] = 0x00000000;
- s->padconf[0x02] = 0x00000000;
- s->padconf[0x03] = 0x00000000;
- s->padconf[0x04] = 0x00000000;
- s->padconf[0x05] = 0x00000000;
- s->padconf[0x06] = 0x00000000;
- s->padconf[0x07] = 0x00000000;
- s->padconf[0x08] = 0x08080800;
- s->padconf[0x09] = 0x08080808;
- s->padconf[0x0a] = 0x08080808;
- s->padconf[0x0b] = 0x08080808;
- s->padconf[0x0c] = 0x08080808;
- s->padconf[0x0d] = 0x08080800;
- s->padconf[0x0e] = 0x08080808;
- s->padconf[0x0f] = 0x08080808;
- s->padconf[0x10] = 0x18181808; /* | 0x07070700 if SBoot3 */
- s->padconf[0x11] = 0x18181818; /* | 0x07070707 if SBoot3 */
- s->padconf[0x12] = 0x18181818; /* | 0x07070707 if SBoot3 */
- s->padconf[0x13] = 0x18181818; /* | 0x07070707 if SBoot3 */
- s->padconf[0x14] = 0x18181818; /* | 0x00070707 if SBoot3 */
- s->padconf[0x15] = 0x18181818;
- s->padconf[0x16] = 0x18181818; /* | 0x07000000 if SBoot3 */
- s->padconf[0x17] = 0x1f001f00;
- s->padconf[0x18] = 0x1f1f1f1f;
- s->padconf[0x19] = 0x00000000;
- s->padconf[0x1a] = 0x1f180000;
- s->padconf[0x1b] = 0x00001f1f;
- s->padconf[0x1c] = 0x1f001f00;
- s->padconf[0x1d] = 0x00000000;
- s->padconf[0x1e] = 0x00000000;
- s->padconf[0x1f] = 0x08000000;
- s->padconf[0x20] = 0x08080808;
- s->padconf[0x21] = 0x08080808;
- s->padconf[0x22] = 0x0f080808;
- s->padconf[0x23] = 0x0f0f0f0f;
- s->padconf[0x24] = 0x000f0f0f;
- s->padconf[0x25] = 0x1f1f1f0f;
- s->padconf[0x26] = 0x080f0f1f;
- s->padconf[0x27] = 0x070f1808;
- s->padconf[0x28] = 0x0f070707;
- s->padconf[0x29] = 0x000f0f1f;
- s->padconf[0x2a] = 0x0f0f0f1f;
- s->padconf[0x2b] = 0x08000000;
- s->padconf[0x2c] = 0x0000001f;
- s->padconf[0x2d] = 0x0f0f1f00;
- s->padconf[0x2e] = 0x1f1f0f0f;
- s->padconf[0x2f] = 0x0f1f1f1f;
- s->padconf[0x30] = 0x0f0f0f0f;
- s->padconf[0x31] = 0x0f1f0f1f;
- s->padconf[0x32] = 0x0f0f0f0f;
- s->padconf[0x33] = 0x0f1f0f1f;
- s->padconf[0x34] = 0x1f1f0f0f;
- s->padconf[0x35] = 0x0f0f1f1f;
- s->padconf[0x36] = 0x0f0f1f0f;
- s->padconf[0x37] = 0x0f0f0f0f;
- s->padconf[0x38] = 0x1f18180f;
- s->padconf[0x39] = 0x1f1f1f1f;
- s->padconf[0x3a] = 0x00001f1f;
- s->padconf[0x3b] = 0x00000000;
- s->padconf[0x3c] = 0x00000000;
- s->padconf[0x3d] = 0x0f0f0f0f;
- s->padconf[0x3e] = 0x18000f0f;
- s->padconf[0x3f] = 0x00070000;
- s->padconf[0x40] = 0x00000707;
- s->padconf[0x41] = 0x0f1f0700;
- s->padconf[0x42] = 0x1f1f070f;
- s->padconf[0x43] = 0x0008081f;
- s->padconf[0x44] = 0x00000800;
-}
-
-static struct omap_sysctl_s *omap_sysctl_init(struct omap_target_agent_s *ta,
- omap_clk iclk, struct omap_mpu_state_s *mpu)
-{
- struct omap_sysctl_s *s = (struct omap_sysctl_s *)
- g_malloc0(sizeof(struct omap_sysctl_s));
-
- s->mpu = mpu;
- omap_sysctl_reset(s);
-
- memory_region_init_io(&s->iomem, &omap_sysctl_ops, s, "omap.sysctl",
- omap_l4_region_size(ta, 0));
- omap_l4_attach(ta, 0, &s->iomem);
-
- return s;
-}
-
-/* General chip reset */
-static void omap2_mpu_reset(void *opaque)
-{
- struct omap_mpu_state_s *mpu = (struct omap_mpu_state_s *) opaque;
-
- omap_dma_reset(mpu->dma);
- omap_prcm_reset(mpu->prcm);
- omap_sysctl_reset(mpu->sysc);
- omap_gp_timer_reset(mpu->gptimer[0]);
- omap_gp_timer_reset(mpu->gptimer[1]);
- omap_gp_timer_reset(mpu->gptimer[2]);
- omap_gp_timer_reset(mpu->gptimer[3]);
- omap_gp_timer_reset(mpu->gptimer[4]);
- omap_gp_timer_reset(mpu->gptimer[5]);
- omap_gp_timer_reset(mpu->gptimer[6]);
- omap_gp_timer_reset(mpu->gptimer[7]);
- omap_gp_timer_reset(mpu->gptimer[8]);
- omap_gp_timer_reset(mpu->gptimer[9]);
- omap_gp_timer_reset(mpu->gptimer[10]);
- omap_gp_timer_reset(mpu->gptimer[11]);
- omap_synctimer_reset(mpu->synctimer);
- omap_sdrc_reset(mpu->sdrc);
- omap_gpmc_reset(mpu->gpmc);
- omap_dss_reset(mpu->dss);
- omap_uart_reset(mpu->uart[0]);
- omap_uart_reset(mpu->uart[1]);
- omap_uart_reset(mpu->uart[2]);
- omap_mmc_reset(mpu->mmc);
- omap_mcspi_reset(mpu->mcspi[0]);
- omap_mcspi_reset(mpu->mcspi[1]);
- cpu_reset(CPU(mpu->cpu));
-}
-
-static int omap2_validate_addr(struct omap_mpu_state_s *s,
- hwaddr addr)
-{
- return 1;
-}
-
-static const struct dma_irq_map omap2_dma_irq_map[] = {
- { 0, OMAP_INT_24XX_SDMA_IRQ0 },
- { 0, OMAP_INT_24XX_SDMA_IRQ1 },
- { 0, OMAP_INT_24XX_SDMA_IRQ2 },
- { 0, OMAP_INT_24XX_SDMA_IRQ3 },
-};
-
-struct omap_mpu_state_s *omap2420_mpu_init(MemoryRegion *sysmem,
- unsigned long sdram_size,
- const char *core)
-{
- struct omap_mpu_state_s *s = (struct omap_mpu_state_s *)
- g_malloc0(sizeof(struct omap_mpu_state_s));
- qemu_irq *cpu_irq;
- qemu_irq dma_irqs[4];
- DriveInfo *dinfo;
- int i;
- SysBusDevice *busdev;
- struct omap_target_agent_s *ta;
-
- /* Core */
- s->mpu_model = omap2420;
- s->cpu = cpu_arm_init(core ?: "arm1136-r2");
- if (s->cpu == NULL) {
- fprintf(stderr, "Unable to find CPU definition\n");
- exit(1);
- }
- s->sdram_size = sdram_size;
- s->sram_size = OMAP242X_SRAM_SIZE;
-
- s->wakeup = qemu_allocate_irqs(omap_mpu_wakeup, s, 1)[0];
-
- /* Clocks */
- omap_clk_init(s);
-
- /* Memory-mapped stuff */
- memory_region_init_ram(&s->sdram, "omap2.dram", s->sdram_size);
- vmstate_register_ram_global(&s->sdram);
- memory_region_add_subregion(sysmem, OMAP2_Q2_BASE, &s->sdram);
- memory_region_init_ram(&s->sram, "omap2.sram", s->sram_size);
- vmstate_register_ram_global(&s->sram);
- memory_region_add_subregion(sysmem, OMAP2_SRAM_BASE, &s->sram);
-
- s->l4 = omap_l4_init(sysmem, OMAP2_L4_BASE, 54);
-
- /* Actually mapped at any 2K boundary in the ARM11 private-peripheral if */
- cpu_irq = arm_pic_init_cpu(s->cpu);
- s->ih[0] = qdev_create(NULL, "omap2-intc");
- qdev_prop_set_uint8(s->ih[0], "revision", 0x21);
- qdev_prop_set_ptr(s->ih[0], "fclk", omap_findclk(s, "mpu_intc_fclk"));
- qdev_prop_set_ptr(s->ih[0], "iclk", omap_findclk(s, "mpu_intc_iclk"));
- qdev_init_nofail(s->ih[0]);
- busdev = sysbus_from_qdev(s->ih[0]);
- sysbus_connect_irq(busdev, 0, cpu_irq[ARM_PIC_CPU_IRQ]);
- sysbus_connect_irq(busdev, 1, cpu_irq[ARM_PIC_CPU_FIQ]);
- sysbus_mmio_map(busdev, 0, 0x480fe000);
- s->prcm = omap_prcm_init(omap_l4tao(s->l4, 3),
- qdev_get_gpio_in(s->ih[0],
- OMAP_INT_24XX_PRCM_MPU_IRQ),
- NULL, NULL, s);
-
- s->sysc = omap_sysctl_init(omap_l4tao(s->l4, 1),
- omap_findclk(s, "omapctrl_iclk"), s);
-
- for (i = 0; i < 4; i++) {
- dma_irqs[i] = qdev_get_gpio_in(s->ih[omap2_dma_irq_map[i].ih],
- omap2_dma_irq_map[i].intr);
- }
- s->dma = omap_dma4_init(0x48056000, dma_irqs, sysmem, s, 256, 32,
- omap_findclk(s, "sdma_iclk"),
- omap_findclk(s, "sdma_fclk"));
- s->port->addr_valid = omap2_validate_addr;
-
- /* Register SDRAM and SRAM ports for fast DMA transfers. */
- soc_dma_port_add_mem(s->dma, memory_region_get_ram_ptr(&s->sdram),
- OMAP2_Q2_BASE, s->sdram_size);
- soc_dma_port_add_mem(s->dma, memory_region_get_ram_ptr(&s->sram),
- OMAP2_SRAM_BASE, s->sram_size);
-
- s->uart[0] = omap2_uart_init(sysmem, omap_l4ta(s->l4, 19),
- qdev_get_gpio_in(s->ih[0],
- OMAP_INT_24XX_UART1_IRQ),
- omap_findclk(s, "uart1_fclk"),
- omap_findclk(s, "uart1_iclk"),
- s->drq[OMAP24XX_DMA_UART1_TX],
- s->drq[OMAP24XX_DMA_UART1_RX],
- "uart1",
- serial_hds[0]);
- s->uart[1] = omap2_uart_init(sysmem, omap_l4ta(s->l4, 20),
- qdev_get_gpio_in(s->ih[0],
- OMAP_INT_24XX_UART2_IRQ),
- omap_findclk(s, "uart2_fclk"),
- omap_findclk(s, "uart2_iclk"),
- s->drq[OMAP24XX_DMA_UART2_TX],
- s->drq[OMAP24XX_DMA_UART2_RX],
- "uart2",
- serial_hds[0] ? serial_hds[1] : NULL);
- s->uart[2] = omap2_uart_init(sysmem, omap_l4ta(s->l4, 21),
- qdev_get_gpio_in(s->ih[0],
- OMAP_INT_24XX_UART3_IRQ),
- omap_findclk(s, "uart3_fclk"),
- omap_findclk(s, "uart3_iclk"),
- s->drq[OMAP24XX_DMA_UART3_TX],
- s->drq[OMAP24XX_DMA_UART3_RX],
- "uart3",
- serial_hds[0] && serial_hds[1] ? serial_hds[2] : NULL);
-
- s->gptimer[0] = omap_gp_timer_init(omap_l4ta(s->l4, 7),
- qdev_get_gpio_in(s->ih[0], OMAP_INT_24XX_GPTIMER1),
- omap_findclk(s, "wu_gpt1_clk"),
- omap_findclk(s, "wu_l4_iclk"));
- s->gptimer[1] = omap_gp_timer_init(omap_l4ta(s->l4, 8),
- qdev_get_gpio_in(s->ih[0], OMAP_INT_24XX_GPTIMER2),
- omap_findclk(s, "core_gpt2_clk"),
- omap_findclk(s, "core_l4_iclk"));
- s->gptimer[2] = omap_gp_timer_init(omap_l4ta(s->l4, 22),
- qdev_get_gpio_in(s->ih[0], OMAP_INT_24XX_GPTIMER3),
- omap_findclk(s, "core_gpt3_clk"),
- omap_findclk(s, "core_l4_iclk"));
- s->gptimer[3] = omap_gp_timer_init(omap_l4ta(s->l4, 23),
- qdev_get_gpio_in(s->ih[0], OMAP_INT_24XX_GPTIMER4),
- omap_findclk(s, "core_gpt4_clk"),
- omap_findclk(s, "core_l4_iclk"));
- s->gptimer[4] = omap_gp_timer_init(omap_l4ta(s->l4, 24),
- qdev_get_gpio_in(s->ih[0], OMAP_INT_24XX_GPTIMER5),
- omap_findclk(s, "core_gpt5_clk"),
- omap_findclk(s, "core_l4_iclk"));
- s->gptimer[5] = omap_gp_timer_init(omap_l4ta(s->l4, 25),
- qdev_get_gpio_in(s->ih[0], OMAP_INT_24XX_GPTIMER6),
- omap_findclk(s, "core_gpt6_clk"),
- omap_findclk(s, "core_l4_iclk"));
- s->gptimer[6] = omap_gp_timer_init(omap_l4ta(s->l4, 26),
- qdev_get_gpio_in(s->ih[0], OMAP_INT_24XX_GPTIMER7),
- omap_findclk(s, "core_gpt7_clk"),
- omap_findclk(s, "core_l4_iclk"));
- s->gptimer[7] = omap_gp_timer_init(omap_l4ta(s->l4, 27),
- qdev_get_gpio_in(s->ih[0], OMAP_INT_24XX_GPTIMER8),
- omap_findclk(s, "core_gpt8_clk"),
- omap_findclk(s, "core_l4_iclk"));
- s->gptimer[8] = omap_gp_timer_init(omap_l4ta(s->l4, 28),
- qdev_get_gpio_in(s->ih[0], OMAP_INT_24XX_GPTIMER9),
- omap_findclk(s, "core_gpt9_clk"),
- omap_findclk(s, "core_l4_iclk"));
- s->gptimer[9] = omap_gp_timer_init(omap_l4ta(s->l4, 29),
- qdev_get_gpio_in(s->ih[0], OMAP_INT_24XX_GPTIMER10),
- omap_findclk(s, "core_gpt10_clk"),
- omap_findclk(s, "core_l4_iclk"));
- s->gptimer[10] = omap_gp_timer_init(omap_l4ta(s->l4, 30),
- qdev_get_gpio_in(s->ih[0], OMAP_INT_24XX_GPTIMER11),
- omap_findclk(s, "core_gpt11_clk"),
- omap_findclk(s, "core_l4_iclk"));
- s->gptimer[11] = omap_gp_timer_init(omap_l4ta(s->l4, 31),
- qdev_get_gpio_in(s->ih[0], OMAP_INT_24XX_GPTIMER12),
- omap_findclk(s, "core_gpt12_clk"),
- omap_findclk(s, "core_l4_iclk"));
-
- omap_tap_init(omap_l4ta(s->l4, 2), s);
-
- s->synctimer = omap_synctimer_init(omap_l4tao(s->l4, 2), s,
- omap_findclk(s, "clk32-kHz"),
- omap_findclk(s, "core_l4_iclk"));
-
- s->i2c[0] = qdev_create(NULL, "omap_i2c");
- qdev_prop_set_uint8(s->i2c[0], "revision", 0x34);
- qdev_prop_set_ptr(s->i2c[0], "iclk", omap_findclk(s, "i2c1.iclk"));
- qdev_prop_set_ptr(s->i2c[0], "fclk", omap_findclk(s, "i2c1.fclk"));
- qdev_init_nofail(s->i2c[0]);
- busdev = sysbus_from_qdev(s->i2c[0]);
- sysbus_connect_irq(busdev, 0,
- qdev_get_gpio_in(s->ih[0], OMAP_INT_24XX_I2C1_IRQ));
- sysbus_connect_irq(busdev, 1, s->drq[OMAP24XX_DMA_I2C1_TX]);
- sysbus_connect_irq(busdev, 2, s->drq[OMAP24XX_DMA_I2C1_RX]);
- sysbus_mmio_map(busdev, 0, omap_l4_region_base(omap_l4tao(s->l4, 5), 0));
-
- s->i2c[1] = qdev_create(NULL, "omap_i2c");
- qdev_prop_set_uint8(s->i2c[1], "revision", 0x34);
- qdev_prop_set_ptr(s->i2c[1], "iclk", omap_findclk(s, "i2c2.iclk"));
- qdev_prop_set_ptr(s->i2c[1], "fclk", omap_findclk(s, "i2c2.fclk"));
- qdev_init_nofail(s->i2c[1]);
- busdev = sysbus_from_qdev(s->i2c[1]);
- sysbus_connect_irq(busdev, 0,
- qdev_get_gpio_in(s->ih[0], OMAP_INT_24XX_I2C2_IRQ));
- sysbus_connect_irq(busdev, 1, s->drq[OMAP24XX_DMA_I2C2_TX]);
- sysbus_connect_irq(busdev, 2, s->drq[OMAP24XX_DMA_I2C2_RX]);
- sysbus_mmio_map(busdev, 0, omap_l4_region_base(omap_l4tao(s->l4, 6), 0));
-
- s->gpio = qdev_create(NULL, "omap2-gpio");
- qdev_prop_set_int32(s->gpio, "mpu_model", s->mpu_model);
- qdev_prop_set_ptr(s->gpio, "iclk", omap_findclk(s, "gpio_iclk"));
- qdev_prop_set_ptr(s->gpio, "fclk0", omap_findclk(s, "gpio1_dbclk"));
- qdev_prop_set_ptr(s->gpio, "fclk1", omap_findclk(s, "gpio2_dbclk"));
- qdev_prop_set_ptr(s->gpio, "fclk2", omap_findclk(s, "gpio3_dbclk"));
- qdev_prop_set_ptr(s->gpio, "fclk3", omap_findclk(s, "gpio4_dbclk"));
- if (s->mpu_model == omap2430) {
- qdev_prop_set_ptr(s->gpio, "fclk4", omap_findclk(s, "gpio5_dbclk"));
- }
- qdev_init_nofail(s->gpio);
- busdev = sysbus_from_qdev(s->gpio);
- sysbus_connect_irq(busdev, 0,
- qdev_get_gpio_in(s->ih[0], OMAP_INT_24XX_GPIO_BANK1));
- sysbus_connect_irq(busdev, 3,
- qdev_get_gpio_in(s->ih[0], OMAP_INT_24XX_GPIO_BANK2));
- sysbus_connect_irq(busdev, 6,
- qdev_get_gpio_in(s->ih[0], OMAP_INT_24XX_GPIO_BANK3));
- sysbus_connect_irq(busdev, 9,
- qdev_get_gpio_in(s->ih[0], OMAP_INT_24XX_GPIO_BANK4));
- if (s->mpu_model == omap2430) {
- sysbus_connect_irq(busdev, 12,
- qdev_get_gpio_in(s->ih[0],
- OMAP_INT_243X_GPIO_BANK5));
- }
- ta = omap_l4ta(s->l4, 3);
- sysbus_mmio_map(busdev, 0, omap_l4_region_base(ta, 1));
- sysbus_mmio_map(busdev, 1, omap_l4_region_base(ta, 0));
- sysbus_mmio_map(busdev, 2, omap_l4_region_base(ta, 2));
- sysbus_mmio_map(busdev, 3, omap_l4_region_base(ta, 4));
- sysbus_mmio_map(busdev, 4, omap_l4_region_base(ta, 5));
-
- s->sdrc = omap_sdrc_init(sysmem, 0x68009000);
- s->gpmc = omap_gpmc_init(s, 0x6800a000,
- qdev_get_gpio_in(s->ih[0], OMAP_INT_24XX_GPMC_IRQ),
- s->drq[OMAP24XX_DMA_GPMC]);
-
- dinfo = drive_get(IF_SD, 0, 0);
- if (!dinfo) {
- fprintf(stderr, "qemu: missing SecureDigital device\n");
- exit(1);
- }
- s->mmc = omap2_mmc_init(omap_l4tao(s->l4, 9), dinfo->bdrv,
- qdev_get_gpio_in(s->ih[0], OMAP_INT_24XX_MMC_IRQ),
- &s->drq[OMAP24XX_DMA_MMC1_TX],
- omap_findclk(s, "mmc_fclk"), omap_findclk(s, "mmc_iclk"));
-
- s->mcspi[0] = omap_mcspi_init(omap_l4ta(s->l4, 35), 4,
- qdev_get_gpio_in(s->ih[0], OMAP_INT_24XX_MCSPI1_IRQ),
- &s->drq[OMAP24XX_DMA_SPI1_TX0],
- omap_findclk(s, "spi1_fclk"),
- omap_findclk(s, "spi1_iclk"));
- s->mcspi[1] = omap_mcspi_init(omap_l4ta(s->l4, 36), 2,
- qdev_get_gpio_in(s->ih[0], OMAP_INT_24XX_MCSPI2_IRQ),
- &s->drq[OMAP24XX_DMA_SPI2_TX0],
- omap_findclk(s, "spi2_fclk"),
- omap_findclk(s, "spi2_iclk"));
-
- s->dss = omap_dss_init(omap_l4ta(s->l4, 10), sysmem, 0x68000800,
- /* XXX wire M_IRQ_25, D_L2_IRQ_30 and I_IRQ_13 together */
- qdev_get_gpio_in(s->ih[0], OMAP_INT_24XX_DSS_IRQ),
- s->drq[OMAP24XX_DMA_DSS],
- omap_findclk(s, "dss_clk1"), omap_findclk(s, "dss_clk2"),
- omap_findclk(s, "dss_54m_clk"),
- omap_findclk(s, "dss_l3_iclk"),
- omap_findclk(s, "dss_l4_iclk"));
-
- omap_sti_init(omap_l4ta(s->l4, 18), sysmem, 0x54000000,
- qdev_get_gpio_in(s->ih[0], OMAP_INT_24XX_STI),
- omap_findclk(s, "emul_ck"),
- serial_hds[0] && serial_hds[1] && serial_hds[2] ?
- serial_hds[3] : NULL);
-
- s->eac = omap_eac_init(omap_l4ta(s->l4, 32),
- qdev_get_gpio_in(s->ih[0], OMAP_INT_24XX_EAC_IRQ),
- /* Ten consecutive lines */
- &s->drq[OMAP24XX_DMA_EAC_AC_RD],
- omap_findclk(s, "func_96m_clk"),
- omap_findclk(s, "core_l4_iclk"));
-
- /* All register mappings (includin those not currenlty implemented):
- * SystemControlMod 48000000 - 48000fff
- * SystemControlL4 48001000 - 48001fff
- * 32kHz Timer Mod 48004000 - 48004fff
- * 32kHz Timer L4 48005000 - 48005fff
- * PRCM ModA 48008000 - 480087ff
- * PRCM ModB 48008800 - 48008fff
- * PRCM L4 48009000 - 48009fff
- * TEST-BCM Mod 48012000 - 48012fff
- * TEST-BCM L4 48013000 - 48013fff
- * TEST-TAP Mod 48014000 - 48014fff
- * TEST-TAP L4 48015000 - 48015fff
- * GPIO1 Mod 48018000 - 48018fff
- * GPIO Top 48019000 - 48019fff
- * GPIO2 Mod 4801a000 - 4801afff
- * GPIO L4 4801b000 - 4801bfff
- * GPIO3 Mod 4801c000 - 4801cfff
- * GPIO4 Mod 4801e000 - 4801efff
- * WDTIMER1 Mod 48020000 - 48010fff
- * WDTIMER Top 48021000 - 48011fff
- * WDTIMER2 Mod 48022000 - 48012fff
- * WDTIMER L4 48023000 - 48013fff
- * WDTIMER3 Mod 48024000 - 48014fff
- * WDTIMER3 L4 48025000 - 48015fff
- * WDTIMER4 Mod 48026000 - 48016fff
- * WDTIMER4 L4 48027000 - 48017fff
- * GPTIMER1 Mod 48028000 - 48018fff
- * GPTIMER1 L4 48029000 - 48019fff
- * GPTIMER2 Mod 4802a000 - 4801afff
- * GPTIMER2 L4 4802b000 - 4801bfff
- * L4-Config AP 48040000 - 480407ff
- * L4-Config IP 48040800 - 48040fff
- * L4-Config LA 48041000 - 48041fff
- * ARM11ETB Mod 48048000 - 48049fff
- * ARM11ETB L4 4804a000 - 4804afff
- * DISPLAY Top 48050000 - 480503ff
- * DISPLAY DISPC 48050400 - 480507ff
- * DISPLAY RFBI 48050800 - 48050bff
- * DISPLAY VENC 48050c00 - 48050fff
- * DISPLAY L4 48051000 - 48051fff
- * CAMERA Top 48052000 - 480523ff
- * CAMERA core 48052400 - 480527ff
- * CAMERA DMA 48052800 - 48052bff
- * CAMERA MMU 48052c00 - 48052fff
- * CAMERA L4 48053000 - 48053fff
- * SDMA Mod 48056000 - 48056fff
- * SDMA L4 48057000 - 48057fff
- * SSI Top 48058000 - 48058fff
- * SSI GDD 48059000 - 48059fff
- * SSI Port1 4805a000 - 4805afff
- * SSI Port2 4805b000 - 4805bfff
- * SSI L4 4805c000 - 4805cfff
- * USB Mod 4805e000 - 480fefff
- * USB L4 4805f000 - 480fffff
- * WIN_TRACER1 Mod 48060000 - 48060fff
- * WIN_TRACER1 L4 48061000 - 48061fff
- * WIN_TRACER2 Mod 48062000 - 48062fff
- * WIN_TRACER2 L4 48063000 - 48063fff
- * WIN_TRACER3 Mod 48064000 - 48064fff
- * WIN_TRACER3 L4 48065000 - 48065fff
- * WIN_TRACER4 Top 48066000 - 480660ff
- * WIN_TRACER4 ETT 48066100 - 480661ff
- * WIN_TRACER4 WT 48066200 - 480662ff
- * WIN_TRACER4 L4 48067000 - 48067fff
- * XTI Mod 48068000 - 48068fff
- * XTI L4 48069000 - 48069fff
- * UART1 Mod 4806a000 - 4806afff
- * UART1 L4 4806b000 - 4806bfff
- * UART2 Mod 4806c000 - 4806cfff
- * UART2 L4 4806d000 - 4806dfff
- * UART3 Mod 4806e000 - 4806efff
- * UART3 L4 4806f000 - 4806ffff
- * I2C1 Mod 48070000 - 48070fff
- * I2C1 L4 48071000 - 48071fff
- * I2C2 Mod 48072000 - 48072fff
- * I2C2 L4 48073000 - 48073fff
- * McBSP1 Mod 48074000 - 48074fff
- * McBSP1 L4 48075000 - 48075fff
- * McBSP2 Mod 48076000 - 48076fff
- * McBSP2 L4 48077000 - 48077fff
- * GPTIMER3 Mod 48078000 - 48078fff
- * GPTIMER3 L4 48079000 - 48079fff
- * GPTIMER4 Mod 4807a000 - 4807afff
- * GPTIMER4 L4 4807b000 - 4807bfff
- * GPTIMER5 Mod 4807c000 - 4807cfff
- * GPTIMER5 L4 4807d000 - 4807dfff
- * GPTIMER6 Mod 4807e000 - 4807efff
- * GPTIMER6 L4 4807f000 - 4807ffff
- * GPTIMER7 Mod 48080000 - 48080fff
- * GPTIMER7 L4 48081000 - 48081fff
- * GPTIMER8 Mod 48082000 - 48082fff
- * GPTIMER8 L4 48083000 - 48083fff
- * GPTIMER9 Mod 48084000 - 48084fff
- * GPTIMER9 L4 48085000 - 48085fff
- * GPTIMER10 Mod 48086000 - 48086fff
- * GPTIMER10 L4 48087000 - 48087fff
- * GPTIMER11 Mod 48088000 - 48088fff
- * GPTIMER11 L4 48089000 - 48089fff
- * GPTIMER12 Mod 4808a000 - 4808afff
- * GPTIMER12 L4 4808b000 - 4808bfff
- * EAC Mod 48090000 - 48090fff
- * EAC L4 48091000 - 48091fff
- * FAC Mod 48092000 - 48092fff
- * FAC L4 48093000 - 48093fff
- * MAILBOX Mod 48094000 - 48094fff
- * MAILBOX L4 48095000 - 48095fff
- * SPI1 Mod 48098000 - 48098fff
- * SPI1 L4 48099000 - 48099fff
- * SPI2 Mod 4809a000 - 4809afff
- * SPI2 L4 4809b000 - 4809bfff
- * MMC/SDIO Mod 4809c000 - 4809cfff
- * MMC/SDIO L4 4809d000 - 4809dfff
- * MS_PRO Mod 4809e000 - 4809efff
- * MS_PRO L4 4809f000 - 4809ffff
- * RNG Mod 480a0000 - 480a0fff
- * RNG L4 480a1000 - 480a1fff
- * DES3DES Mod 480a2000 - 480a2fff
- * DES3DES L4 480a3000 - 480a3fff
- * SHA1MD5 Mod 480a4000 - 480a4fff
- * SHA1MD5 L4 480a5000 - 480a5fff
- * AES Mod 480a6000 - 480a6fff
- * AES L4 480a7000 - 480a7fff
- * PKA Mod 480a8000 - 480a9fff
- * PKA L4 480aa000 - 480aafff
- * MG Mod 480b0000 - 480b0fff
- * MG L4 480b1000 - 480b1fff
- * HDQ/1-wire Mod 480b2000 - 480b2fff
- * HDQ/1-wire L4 480b3000 - 480b3fff
- * MPU interrupt 480fe000 - 480fefff
- * STI channel base 54000000 - 5400ffff
- * IVA RAM 5c000000 - 5c01ffff
- * IVA ROM 5c020000 - 5c027fff
- * IMG_BUF_A 5c040000 - 5c040fff
- * IMG_BUF_B 5c042000 - 5c042fff
- * VLCDS 5c048000 - 5c0487ff
- * IMX_COEF 5c049000 - 5c04afff
- * IMX_CMD 5c051000 - 5c051fff
- * VLCDQ 5c053000 - 5c0533ff
- * VLCDH 5c054000 - 5c054fff
- * SEQ_CMD 5c055000 - 5c055fff
- * IMX_REG 5c056000 - 5c0560ff
- * VLCD_REG 5c056100 - 5c0561ff
- * SEQ_REG 5c056200 - 5c0562ff
- * IMG_BUF_REG 5c056300 - 5c0563ff
- * SEQIRQ_REG 5c056400 - 5c0564ff
- * OCP_REG 5c060000 - 5c060fff
- * SYSC_REG 5c070000 - 5c070fff
- * MMU_REG 5d000000 - 5d000fff
- * sDMA R 68000400 - 680005ff
- * sDMA W 68000600 - 680007ff
- * Display Control 68000800 - 680009ff
- * DSP subsystem 68000a00 - 68000bff
- * MPU subsystem 68000c00 - 68000dff
- * IVA subsystem 68001000 - 680011ff
- * USB 68001200 - 680013ff
- * Camera 68001400 - 680015ff
- * VLYNQ (firewall) 68001800 - 68001bff
- * VLYNQ 68001e00 - 68001fff
- * SSI 68002000 - 680021ff
- * L4 68002400 - 680025ff
- * DSP (firewall) 68002800 - 68002bff
- * DSP subsystem 68002e00 - 68002fff
- * IVA (firewall) 68003000 - 680033ff
- * IVA 68003600 - 680037ff
- * GFX 68003a00 - 68003bff
- * CMDWR emulation 68003c00 - 68003dff
- * SMS 68004000 - 680041ff
- * OCM 68004200 - 680043ff
- * GPMC 68004400 - 680045ff
- * RAM (firewall) 68005000 - 680053ff
- * RAM (err login) 68005400 - 680057ff
- * ROM (firewall) 68005800 - 68005bff
- * ROM (err login) 68005c00 - 68005fff
- * GPMC (firewall) 68006000 - 680063ff
- * GPMC (err login) 68006400 - 680067ff
- * SMS (err login) 68006c00 - 68006fff
- * SMS registers 68008000 - 68008fff
- * SDRC registers 68009000 - 68009fff
- * GPMC registers 6800a000 6800afff
- */
-
- qemu_register_reset(omap2_mpu_reset, s);
-
- return s;
-}
diff --git a/hw/omap_clk.c b/hw/omap_clk.c
deleted file mode 100644
index 844800606..000000000
--- a/hw/omap_clk.c
+++ /dev/null
@@ -1,1264 +0,0 @@
-/*
- * OMAP clocks.
- *
- * Copyright (C) 2006-2008 Andrzej Zaborowski <balrog@zabor.org>
- *
- * Clocks data comes in part from arch/arm/mach-omap1/clock.h in Linux.
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License as
- * published by the Free Software Foundation; either version 2 of
- * the License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, see <http://www.gnu.org/licenses/>.
- */
-#include "hw.h"
-#include "omap.h"
-
-struct clk {
- const char *name;
- const char *alias;
- struct clk *parent;
- struct clk *child1;
- struct clk *sibling;
-#define ALWAYS_ENABLED (1 << 0)
-#define CLOCK_IN_OMAP310 (1 << 10)
-#define CLOCK_IN_OMAP730 (1 << 11)
-#define CLOCK_IN_OMAP1510 (1 << 12)
-#define CLOCK_IN_OMAP16XX (1 << 13)
-#define CLOCK_IN_OMAP242X (1 << 14)
-#define CLOCK_IN_OMAP243X (1 << 15)
-#define CLOCK_IN_OMAP343X (1 << 16)
- uint32_t flags;
- int id;
-
- int running; /* Is currently ticking */
- int enabled; /* Is enabled, regardless of its input clk */
- unsigned long rate; /* Current rate (if .running) */
- unsigned int divisor; /* Rate relative to input (if .enabled) */
- unsigned int multiplier; /* Rate relative to input (if .enabled) */
- qemu_irq users[16]; /* Who to notify on change */
- int usecount; /* Automatically idle when unused */
-};
-
-static struct clk xtal_osc12m = {
- .name = "xtal_osc_12m",
- .rate = 12000000,
- .flags = CLOCK_IN_OMAP1510 | CLOCK_IN_OMAP16XX | CLOCK_IN_OMAP310,
-};
-
-static struct clk xtal_osc32k = {
- .name = "xtal_osc_32k",
- .rate = 32768,
- .flags = CLOCK_IN_OMAP1510 | CLOCK_IN_OMAP16XX | CLOCK_IN_OMAP310 |
- CLOCK_IN_OMAP242X | CLOCK_IN_OMAP243X,
-};
-
-static struct clk ck_ref = {
- .name = "ck_ref",
- .alias = "clkin",
- .parent = &xtal_osc12m,
- .flags = CLOCK_IN_OMAP1510 | CLOCK_IN_OMAP16XX | CLOCK_IN_OMAP310 |
- ALWAYS_ENABLED,
-};
-
-/* If a dpll is disabled it becomes a bypass, child clocks don't stop */
-static struct clk dpll1 = {
- .name = "dpll1",
- .parent = &ck_ref,
- .flags = CLOCK_IN_OMAP1510 | CLOCK_IN_OMAP16XX | CLOCK_IN_OMAP310 |
- ALWAYS_ENABLED,
-};
-
-static struct clk dpll2 = {
- .name = "dpll2",
- .parent = &ck_ref,
- .flags = CLOCK_IN_OMAP310 | ALWAYS_ENABLED,
-};
-
-static struct clk dpll3 = {
- .name = "dpll3",
- .parent = &ck_ref,
- .flags = CLOCK_IN_OMAP310 | ALWAYS_ENABLED,
-};
-
-static struct clk dpll4 = {
- .name = "dpll4",
- .parent = &ck_ref,
- .multiplier = 4,
- .flags = CLOCK_IN_OMAP1510 | CLOCK_IN_OMAP16XX | CLOCK_IN_OMAP310,
-};
-
-static struct clk apll = {
- .name = "apll",
- .parent = &ck_ref,
- .multiplier = 48,
- .divisor = 12,
- .flags = CLOCK_IN_OMAP1510 | CLOCK_IN_OMAP16XX | CLOCK_IN_OMAP310,
-};
-
-static struct clk ck_48m = {
- .name = "ck_48m",
- .parent = &dpll4, /* either dpll4 or apll */
- .flags = CLOCK_IN_OMAP1510 | CLOCK_IN_OMAP16XX | CLOCK_IN_OMAP310,
-};
-
-static struct clk ck_dpll1out = {
- .name = "ck_dpll1out",
- .parent = &dpll1,
- .flags = CLOCK_IN_OMAP16XX,
-};
-
-static struct clk sossi_ck = {
- .name = "ck_sossi",
- .parent = &ck_dpll1out,
- .flags = CLOCK_IN_OMAP16XX,
-};
-
-static struct clk clkm1 = {
- .name = "clkm1",
- .alias = "ck_gen1",
- .parent = &dpll1,
- .flags = CLOCK_IN_OMAP1510 | CLOCK_IN_OMAP16XX | CLOCK_IN_OMAP310 |
- ALWAYS_ENABLED,
-};
-
-static struct clk clkm2 = {
- .name = "clkm2",
- .alias = "ck_gen2",
- .parent = &dpll1,
- .flags = CLOCK_IN_OMAP1510 | CLOCK_IN_OMAP16XX | CLOCK_IN_OMAP310 |
- ALWAYS_ENABLED,
-};
-
-static struct clk clkm3 = {
- .name = "clkm3",
- .alias = "ck_gen3",
- .parent = &dpll1, /* either dpll1 or ck_ref */
- .flags = CLOCK_IN_OMAP1510 | CLOCK_IN_OMAP16XX | CLOCK_IN_OMAP310 |
- ALWAYS_ENABLED,
-};
-
-static struct clk arm_ck = {
- .name = "arm_ck",
- .alias = "mpu_ck",
- .parent = &clkm1,
- .flags = CLOCK_IN_OMAP1510 | CLOCK_IN_OMAP16XX | CLOCK_IN_OMAP310 |
- ALWAYS_ENABLED,
-};
-
-static struct clk armper_ck = {
- .name = "armper_ck",
- .alias = "mpuper_ck",
- .parent = &clkm1,
- .flags = CLOCK_IN_OMAP1510 | CLOCK_IN_OMAP16XX | CLOCK_IN_OMAP310,
-};
-
-static struct clk arm_gpio_ck = {
- .name = "arm_gpio_ck",
- .alias = "mpu_gpio_ck",
- .parent = &clkm1,
- .divisor = 1,
- .flags = CLOCK_IN_OMAP1510 | CLOCK_IN_OMAP310,
-};
-
-static struct clk armxor_ck = {
- .name = "armxor_ck",
- .alias = "mpuxor_ck",
- .parent = &ck_ref,
- .flags = CLOCK_IN_OMAP1510 | CLOCK_IN_OMAP16XX | CLOCK_IN_OMAP310,
-};
-
-static struct clk armtim_ck = {
- .name = "armtim_ck",
- .alias = "mputim_ck",
- .parent = &ck_ref, /* either CLKIN or DPLL1 */
- .flags = CLOCK_IN_OMAP1510 | CLOCK_IN_OMAP16XX | CLOCK_IN_OMAP310,
-};
-
-static struct clk armwdt_ck = {
- .name = "armwdt_ck",
- .alias = "mpuwd_ck",
- .parent = &clkm1,
- .divisor = 14,
- .flags = CLOCK_IN_OMAP1510 | CLOCK_IN_OMAP16XX | CLOCK_IN_OMAP310 |
- ALWAYS_ENABLED,
-};
-
-static struct clk arminth_ck16xx = {
- .name = "arminth_ck",
- .parent = &arm_ck,
- .flags = CLOCK_IN_OMAP16XX | ALWAYS_ENABLED,
- /* Note: On 16xx the frequency can be divided by 2 by programming
- * ARM_CKCTL:ARM_INTHCK_SEL(14) to 1
- *
- * 1510 version is in TC clocks.
- */
-};
-
-static struct clk dsp_ck = {
- .name = "dsp_ck",
- .parent = &clkm2,
- .flags = CLOCK_IN_OMAP310 | CLOCK_IN_OMAP1510 | CLOCK_IN_OMAP16XX,
-};
-
-static struct clk dspmmu_ck = {
- .name = "dspmmu_ck",
- .parent = &clkm2,
- .flags = CLOCK_IN_OMAP310 | CLOCK_IN_OMAP1510 | CLOCK_IN_OMAP16XX |
- ALWAYS_ENABLED,
-};
-
-static struct clk dspper_ck = {
- .name = "dspper_ck",
- .parent = &clkm2,
- .flags = CLOCK_IN_OMAP310 | CLOCK_IN_OMAP1510 | CLOCK_IN_OMAP16XX,
-};
-
-static struct clk dspxor_ck = {
- .name = "dspxor_ck",
- .parent = &ck_ref,
- .flags = CLOCK_IN_OMAP310 | CLOCK_IN_OMAP1510 | CLOCK_IN_OMAP16XX,
-};
-
-static struct clk dsptim_ck = {
- .name = "dsptim_ck",
- .parent = &ck_ref,
- .flags = CLOCK_IN_OMAP310 | CLOCK_IN_OMAP1510 | CLOCK_IN_OMAP16XX,
-};
-
-static struct clk tc_ck = {
- .name = "tc_ck",
- .parent = &clkm3,
- .flags = CLOCK_IN_OMAP1510 | CLOCK_IN_OMAP16XX |
- CLOCK_IN_OMAP730 | CLOCK_IN_OMAP310 |
- ALWAYS_ENABLED,
-};
-
-static struct clk arminth_ck15xx = {
- .name = "arminth_ck",
- .parent = &tc_ck,
- .flags = CLOCK_IN_OMAP1510 | CLOCK_IN_OMAP310 | ALWAYS_ENABLED,
- /* Note: On 1510 the frequency follows TC_CK
- *
- * 16xx version is in MPU clocks.
- */
-};
-
-static struct clk tipb_ck = {
- /* No-idle controlled by "tc_ck" */
- .name = "tipb_ck",
- .parent = &tc_ck,
- .flags = CLOCK_IN_OMAP1510 | CLOCK_IN_OMAP310 | ALWAYS_ENABLED,
-};
-
-static struct clk l3_ocpi_ck = {
- /* No-idle controlled by "tc_ck" */
- .name = "l3_ocpi_ck",
- .parent = &tc_ck,
- .flags = CLOCK_IN_OMAP16XX,
-};
-
-static struct clk tc1_ck = {
- .name = "tc1_ck",
- .parent = &tc_ck,
- .flags = CLOCK_IN_OMAP16XX,
-};
-
-static struct clk tc2_ck = {
- .name = "tc2_ck",
- .parent = &tc_ck,
- .flags = CLOCK_IN_OMAP16XX,
-};
-
-static struct clk dma_ck = {
- /* No-idle controlled by "tc_ck" */
- .name = "dma_ck",
- .parent = &tc_ck,
- .flags = CLOCK_IN_OMAP1510 | CLOCK_IN_OMAP16XX | CLOCK_IN_OMAP310 |
- ALWAYS_ENABLED,
-};
-
-static struct clk dma_lcdfree_ck = {
- .name = "dma_lcdfree_ck",
- .parent = &tc_ck,
- .flags = CLOCK_IN_OMAP16XX | ALWAYS_ENABLED,
-};
-
-static struct clk api_ck = {
- .name = "api_ck",
- .alias = "mpui_ck",
- .parent = &tc_ck,
- .flags = CLOCK_IN_OMAP1510 | CLOCK_IN_OMAP16XX | CLOCK_IN_OMAP310,
-};
-
-static struct clk lb_ck = {
- .name = "lb_ck",
- .parent = &tc_ck,
- .flags = CLOCK_IN_OMAP1510 | CLOCK_IN_OMAP310,
-};
-
-static struct clk lbfree_ck = {
- .name = "lbfree_ck",
- .parent = &tc_ck,
- .flags = CLOCK_IN_OMAP1510 | CLOCK_IN_OMAP310,
-};
-
-static struct clk hsab_ck = {
- .name = "hsab_ck",
- .parent = &tc_ck,
- .flags = CLOCK_IN_OMAP1510 | CLOCK_IN_OMAP310,
-};
-
-static struct clk rhea1_ck = {
- .name = "rhea1_ck",
- .parent = &tc_ck,
- .flags = CLOCK_IN_OMAP16XX | ALWAYS_ENABLED,
-};
-
-static struct clk rhea2_ck = {
- .name = "rhea2_ck",
- .parent = &tc_ck,
- .flags = CLOCK_IN_OMAP16XX | ALWAYS_ENABLED,
-};
-
-static struct clk lcd_ck_16xx = {
- .name = "lcd_ck",
- .parent = &clkm3,
- .flags = CLOCK_IN_OMAP16XX | CLOCK_IN_OMAP730,
-};
-
-static struct clk lcd_ck_1510 = {
- .name = "lcd_ck",
- .parent = &clkm3,
- .flags = CLOCK_IN_OMAP1510 | CLOCK_IN_OMAP310,
-};
-
-static struct clk uart1_1510 = {
- .name = "uart1_ck",
- /* Direct from ULPD, no real parent */
- .parent = &armper_ck, /* either armper_ck or dpll4 */
- .rate = 12000000,
- .flags = CLOCK_IN_OMAP1510 | CLOCK_IN_OMAP310 | ALWAYS_ENABLED,
-};
-
-static struct clk uart1_16xx = {
- .name = "uart1_ck",
- /* Direct from ULPD, no real parent */
- .parent = &armper_ck,
- .rate = 48000000,
- .flags = CLOCK_IN_OMAP16XX,
-};
-
-static struct clk uart2_ck = {
- .name = "uart2_ck",
- /* Direct from ULPD, no real parent */
- .parent = &armper_ck, /* either armper_ck or dpll4 */
- .rate = 12000000,
- .flags = CLOCK_IN_OMAP1510 | CLOCK_IN_OMAP16XX | CLOCK_IN_OMAP310 |
- ALWAYS_ENABLED,
-};
-
-static struct clk uart3_1510 = {
- .name = "uart3_ck",
- /* Direct from ULPD, no real parent */
- .parent = &armper_ck, /* either armper_ck or dpll4 */
- .rate = 12000000,
- .flags = CLOCK_IN_OMAP1510 | CLOCK_IN_OMAP310 | ALWAYS_ENABLED,
-};
-
-static struct clk uart3_16xx = {
- .name = "uart3_ck",
- /* Direct from ULPD, no real parent */
- .parent = &armper_ck,
- .rate = 48000000,
- .flags = CLOCK_IN_OMAP16XX,
-};
-
-static struct clk usb_clk0 = { /* 6 MHz output on W4_USB_CLK0 */
- .name = "usb_clk0",
- .alias = "usb.clko",
- /* Direct from ULPD, no parent */
- .rate = 6000000,
- .flags = CLOCK_IN_OMAP1510 | CLOCK_IN_OMAP16XX | CLOCK_IN_OMAP310,
-};
-
-static struct clk usb_hhc_ck1510 = {
- .name = "usb_hhc_ck",
- /* Direct from ULPD, no parent */
- .rate = 48000000, /* Actually 2 clocks, 12MHz and 48MHz */
- .flags = CLOCK_IN_OMAP1510 | CLOCK_IN_OMAP310,
-};
-
-static struct clk usb_hhc_ck16xx = {
- .name = "usb_hhc_ck",
- /* Direct from ULPD, no parent */
- .rate = 48000000,
- /* OTG_SYSCON_2.OTG_PADEN == 0 (not 1510-compatible) */
- .flags = CLOCK_IN_OMAP16XX,
-};
-
-static struct clk usb_w2fc_mclk = {
- .name = "usb_w2fc_mclk",
- .alias = "usb_w2fc_ck",
- .parent = &ck_48m,
- .rate = 48000000,
- .flags = CLOCK_IN_OMAP310 | CLOCK_IN_OMAP1510 | CLOCK_IN_OMAP16XX,
-};
-
-static struct clk mclk_1510 = {
- .name = "mclk",
- /* Direct from ULPD, no parent. May be enabled by ext hardware. */
- .rate = 12000000,
- .flags = CLOCK_IN_OMAP1510,
-};
-
-static struct clk bclk_310 = {
- .name = "bt_mclk_out", /* Alias midi_mclk_out? */
- .parent = &armper_ck,
- .flags = CLOCK_IN_OMAP310,
-};
-
-static struct clk mclk_310 = {
- .name = "com_mclk_out",
- .parent = &armper_ck,
- .flags = CLOCK_IN_OMAP310,
-};
-
-static struct clk mclk_16xx = {
- .name = "mclk",
- /* Direct from ULPD, no parent. May be enabled by ext hardware. */
- .flags = CLOCK_IN_OMAP16XX,
-};
-
-static struct clk bclk_1510 = {
- .name = "bclk",
- /* Direct from ULPD, no parent. May be enabled by ext hardware. */
- .rate = 12000000,
- .flags = CLOCK_IN_OMAP1510,
-};
-
-static struct clk bclk_16xx = {
- .name = "bclk",
- /* Direct from ULPD, no parent. May be enabled by ext hardware. */
- .flags = CLOCK_IN_OMAP16XX,
-};
-
-static struct clk mmc1_ck = {
- .name = "mmc_ck",
- .id = 1,
- /* Functional clock is direct from ULPD, interface clock is ARMPER */
- .parent = &armper_ck, /* either armper_ck or dpll4 */
- .rate = 48000000,
- .flags = CLOCK_IN_OMAP1510 | CLOCK_IN_OMAP16XX | CLOCK_IN_OMAP310,
-};
-
-static struct clk mmc2_ck = {
- .name = "mmc_ck",
- .id = 2,
- /* Functional clock is direct from ULPD, interface clock is ARMPER */
- .parent = &armper_ck,
- .rate = 48000000,
- .flags = CLOCK_IN_OMAP16XX,
-};
-
-static struct clk cam_mclk = {
- .name = "cam.mclk",
- .flags = CLOCK_IN_OMAP310 | CLOCK_IN_OMAP1510 | CLOCK_IN_OMAP16XX,
- .rate = 12000000,
-};
-
-static struct clk cam_exclk = {
- .name = "cam.exclk",
- .flags = CLOCK_IN_OMAP310 | CLOCK_IN_OMAP1510 | CLOCK_IN_OMAP16XX,
- /* Either 12M from cam.mclk or 48M from dpll4 */
- .parent = &cam_mclk,
-};
-
-static struct clk cam_lclk = {
- .name = "cam.lclk",
- .flags = CLOCK_IN_OMAP310 | CLOCK_IN_OMAP1510 | CLOCK_IN_OMAP16XX,
-};
-
-static struct clk i2c_fck = {
- .name = "i2c_fck",
- .id = 1,
- .flags = CLOCK_IN_OMAP310 | CLOCK_IN_OMAP1510 | CLOCK_IN_OMAP16XX |
- ALWAYS_ENABLED,
- .parent = &armxor_ck,
-};
-
-static struct clk i2c_ick = {
- .name = "i2c_ick",
- .id = 1,
- .flags = CLOCK_IN_OMAP16XX | ALWAYS_ENABLED,
- .parent = &armper_ck,
-};
-
-static struct clk clk32k = {
- .name = "clk32-kHz",
- .flags = CLOCK_IN_OMAP310 | CLOCK_IN_OMAP1510 | CLOCK_IN_OMAP16XX |
- CLOCK_IN_OMAP242X | CLOCK_IN_OMAP243X | ALWAYS_ENABLED,
- .parent = &xtal_osc32k,
-};
-
-static struct clk ref_clk = {
- .name = "ref_clk",
- .flags = CLOCK_IN_OMAP242X | CLOCK_IN_OMAP243X | ALWAYS_ENABLED,
- .rate = 12000000, /* 12 MHz or 13 MHz or 19.2 MHz */
- /*.parent = sys.xtalin */
-};
-
-static struct clk apll_96m = {
- .name = "apll_96m",
- .flags = CLOCK_IN_OMAP242X | CLOCK_IN_OMAP243X | ALWAYS_ENABLED,
- .rate = 96000000,
- /*.parent = ref_clk */
-};
-
-static struct clk apll_54m = {
- .name = "apll_54m",
- .flags = CLOCK_IN_OMAP242X | CLOCK_IN_OMAP243X | ALWAYS_ENABLED,
- .rate = 54000000,
- /*.parent = ref_clk */
-};
-
-static struct clk sys_clk = {
- .name = "sys_clk",
- .flags = CLOCK_IN_OMAP242X | CLOCK_IN_OMAP243X | ALWAYS_ENABLED,
- .rate = 32768,
- /*.parent = sys.xtalin */
-};
-
-static struct clk sleep_clk = {
- .name = "sleep_clk",
- .flags = CLOCK_IN_OMAP242X | CLOCK_IN_OMAP243X | ALWAYS_ENABLED,
- .rate = 32768,
- /*.parent = sys.xtalin */
-};
-
-static struct clk dpll_ck = {
- .name = "dpll",
- .flags = CLOCK_IN_OMAP242X | CLOCK_IN_OMAP243X | ALWAYS_ENABLED,
- .parent = &ref_clk,
-};
-
-static struct clk dpll_x2_ck = {
- .name = "dpll_x2",
- .flags = CLOCK_IN_OMAP242X | CLOCK_IN_OMAP243X | ALWAYS_ENABLED,
- .parent = &ref_clk,
-};
-
-static struct clk wdt1_sys_clk = {
- .name = "wdt1_sys_clk",
- .flags = CLOCK_IN_OMAP242X | CLOCK_IN_OMAP243X | ALWAYS_ENABLED,
- .rate = 32768,
- /*.parent = sys.xtalin */
-};
-
-static struct clk func_96m_clk = {
- .name = "func_96m_clk",
- .flags = CLOCK_IN_OMAP242X | CLOCK_IN_OMAP243X,
- .divisor = 1,
- .parent = &apll_96m,
-};
-
-static struct clk func_48m_clk = {
- .name = "func_48m_clk",
- .flags = CLOCK_IN_OMAP242X | CLOCK_IN_OMAP243X,
- .divisor = 2,
- .parent = &apll_96m,
-};
-
-static struct clk func_12m_clk = {
- .name = "func_12m_clk",
- .flags = CLOCK_IN_OMAP242X | CLOCK_IN_OMAP243X,
- .divisor = 8,
- .parent = &apll_96m,
-};
-
-static struct clk func_54m_clk = {
- .name = "func_54m_clk",
- .flags = CLOCK_IN_OMAP242X,
- .divisor = 1,
- .parent = &apll_54m,
-};
-
-static struct clk sys_clkout = {
- .name = "clkout",
- .flags = CLOCK_IN_OMAP242X | CLOCK_IN_OMAP243X,
- .parent = &sys_clk,
-};
-
-static struct clk sys_clkout2 = {
- .name = "clkout2",
- .flags = CLOCK_IN_OMAP242X | CLOCK_IN_OMAP243X,
- .parent = &sys_clk,
-};
-
-static struct clk core_clk = {
- .name = "core_clk",
- .flags = CLOCK_IN_OMAP242X | CLOCK_IN_OMAP243X,
- .parent = &dpll_x2_ck, /* Switchable between dpll_ck and clk32k */
-};
-
-static struct clk l3_clk = {
- .name = "l3_clk",
- .flags = CLOCK_IN_OMAP242X | CLOCK_IN_OMAP243X,
- .parent = &core_clk,
-};
-
-static struct clk core_l4_iclk = {
- .name = "core_l4_iclk",
- .flags = CLOCK_IN_OMAP242X | CLOCK_IN_OMAP243X,
- .parent = &l3_clk,
-};
-
-static struct clk wu_l4_iclk = {
- .name = "wu_l4_iclk",
- .flags = CLOCK_IN_OMAP242X | CLOCK_IN_OMAP243X,
- .parent = &l3_clk,
-};
-
-static struct clk core_l3_iclk = {
- .name = "core_l3_iclk",
- .flags = CLOCK_IN_OMAP242X | CLOCK_IN_OMAP243X,
- .parent = &core_clk,
-};
-
-static struct clk core_l4_usb_clk = {
- .name = "core_l4_usb_clk",
- .flags = CLOCK_IN_OMAP242X | CLOCK_IN_OMAP243X,
- .parent = &l3_clk,
-};
-
-static struct clk wu_gpt1_clk = {
- .name = "wu_gpt1_clk",
- .flags = CLOCK_IN_OMAP242X | CLOCK_IN_OMAP243X,
- .parent = &sys_clk,
-};
-
-static struct clk wu_32k_clk = {
- .name = "wu_32k_clk",
- .flags = CLOCK_IN_OMAP242X | CLOCK_IN_OMAP243X,
- .parent = &sys_clk,
-};
-
-static struct clk uart1_fclk = {
- .name = "uart1_fclk",
- .flags = CLOCK_IN_OMAP242X | CLOCK_IN_OMAP243X,
- .parent = &func_48m_clk,
-};
-
-static struct clk uart1_iclk = {
- .name = "uart1_iclk",
- .flags = CLOCK_IN_OMAP242X | CLOCK_IN_OMAP243X,
- .parent = &core_l4_iclk,
-};
-
-static struct clk uart2_fclk = {
- .name = "uart2_fclk",
- .flags = CLOCK_IN_OMAP242X | CLOCK_IN_OMAP243X,
- .parent = &func_48m_clk,
-};
-
-static struct clk uart2_iclk = {
- .name = "uart2_iclk",
- .flags = CLOCK_IN_OMAP242X | CLOCK_IN_OMAP243X,
- .parent = &core_l4_iclk,
-};
-
-static struct clk uart3_fclk = {
- .name = "uart3_fclk",
- .flags = CLOCK_IN_OMAP242X | CLOCK_IN_OMAP243X,
- .parent = &func_48m_clk,
-};
-
-static struct clk uart3_iclk = {
- .name = "uart3_iclk",
- .flags = CLOCK_IN_OMAP242X | CLOCK_IN_OMAP243X,
- .parent = &core_l4_iclk,
-};
-
-static struct clk mpu_fclk = {
- .name = "mpu_fclk",
- .flags = CLOCK_IN_OMAP242X | CLOCK_IN_OMAP243X,
- .parent = &core_clk,
-};
-
-static struct clk mpu_iclk = {
- .name = "mpu_iclk",
- .flags = CLOCK_IN_OMAP242X | CLOCK_IN_OMAP243X,
- .parent = &core_clk,
-};
-
-static struct clk int_m_fclk = {
- .name = "int_m_fclk",
- .alias = "mpu_intc_fclk",
- .flags = CLOCK_IN_OMAP242X | CLOCK_IN_OMAP243X,
- .parent = &core_clk,
-};
-
-static struct clk int_m_iclk = {
- .name = "int_m_iclk",
- .alias = "mpu_intc_iclk",
- .flags = CLOCK_IN_OMAP242X | CLOCK_IN_OMAP243X,
- .parent = &core_clk,
-};
-
-static struct clk core_gpt2_clk = {
- .name = "core_gpt2_clk",
- .flags = CLOCK_IN_OMAP242X | CLOCK_IN_OMAP243X,
- .parent = &sys_clk,
-};
-
-static struct clk core_gpt3_clk = {
- .name = "core_gpt3_clk",
- .flags = CLOCK_IN_OMAP242X | CLOCK_IN_OMAP243X,
- .parent = &sys_clk,
-};
-
-static struct clk core_gpt4_clk = {
- .name = "core_gpt4_clk",
- .flags = CLOCK_IN_OMAP242X | CLOCK_IN_OMAP243X,
- .parent = &sys_clk,
-};
-
-static struct clk core_gpt5_clk = {
- .name = "core_gpt5_clk",
- .flags = CLOCK_IN_OMAP242X | CLOCK_IN_OMAP243X,
- .parent = &sys_clk,
-};
-
-static struct clk core_gpt6_clk = {
- .name = "core_gpt6_clk",
- .flags = CLOCK_IN_OMAP242X | CLOCK_IN_OMAP243X,
- .parent = &sys_clk,
-};
-
-static struct clk core_gpt7_clk = {
- .name = "core_gpt7_clk",
- .flags = CLOCK_IN_OMAP242X | CLOCK_IN_OMAP243X,
- .parent = &sys_clk,
-};
-
-static struct clk core_gpt8_clk = {
- .name = "core_gpt8_clk",
- .flags = CLOCK_IN_OMAP242X | CLOCK_IN_OMAP243X,
- .parent = &sys_clk,
-};
-
-static struct clk core_gpt9_clk = {
- .name = "core_gpt9_clk",
- .flags = CLOCK_IN_OMAP242X | CLOCK_IN_OMAP243X,
- .parent = &sys_clk,
-};
-
-static struct clk core_gpt10_clk = {
- .name = "core_gpt10_clk",
- .flags = CLOCK_IN_OMAP242X | CLOCK_IN_OMAP243X,
- .parent = &sys_clk,
-};
-
-static struct clk core_gpt11_clk = {
- .name = "core_gpt11_clk",
- .flags = CLOCK_IN_OMAP242X | CLOCK_IN_OMAP243X,
- .parent = &sys_clk,
-};
-
-static struct clk core_gpt12_clk = {
- .name = "core_gpt12_clk",
- .flags = CLOCK_IN_OMAP242X | CLOCK_IN_OMAP243X,
- .parent = &sys_clk,
-};
-
-static struct clk mcbsp1_clk = {
- .name = "mcbsp1_cg",
- .flags = CLOCK_IN_OMAP242X | CLOCK_IN_OMAP243X,
- .divisor = 2,
- .parent = &func_96m_clk,
-};
-
-static struct clk mcbsp2_clk = {
- .name = "mcbsp2_cg",
- .flags = CLOCK_IN_OMAP242X | CLOCK_IN_OMAP243X,
- .divisor = 2,
- .parent = &func_96m_clk,
-};
-
-static struct clk emul_clk = {
- .name = "emul_ck",
- .flags = CLOCK_IN_OMAP242X | CLOCK_IN_OMAP243X,
- .parent = &func_54m_clk,
-};
-
-static struct clk sdma_fclk = {
- .name = "sdma_fclk",
- .flags = CLOCK_IN_OMAP242X | CLOCK_IN_OMAP243X,
- .parent = &l3_clk,
-};
-
-static struct clk sdma_iclk = {
- .name = "sdma_iclk",
- .flags = CLOCK_IN_OMAP242X | CLOCK_IN_OMAP243X,
- .parent = &core_l3_iclk, /* core_l4_iclk for the configuration port */
-};
-
-static struct clk i2c1_fclk = {
- .name = "i2c1.fclk",
- .flags = CLOCK_IN_OMAP242X | CLOCK_IN_OMAP243X,
- .parent = &func_12m_clk,
- .divisor = 1,
-};
-
-static struct clk i2c1_iclk = {
- .name = "i2c1.iclk",
- .flags = CLOCK_IN_OMAP242X | CLOCK_IN_OMAP243X,
- .parent = &core_l4_iclk,
-};
-
-static struct clk i2c2_fclk = {
- .name = "i2c2.fclk",
- .flags = CLOCK_IN_OMAP242X | CLOCK_IN_OMAP243X,
- .parent = &func_12m_clk,
- .divisor = 1,
-};
-
-static struct clk i2c2_iclk = {
- .name = "i2c2.iclk",
- .flags = CLOCK_IN_OMAP242X | CLOCK_IN_OMAP243X,
- .parent = &core_l4_iclk,
-};
-
-static struct clk gpio_dbclk[5] = {
- {
- .name = "gpio1_dbclk",
- .flags = CLOCK_IN_OMAP242X | CLOCK_IN_OMAP243X,
- .parent = &wu_32k_clk,
- }, {
- .name = "gpio2_dbclk",
- .flags = CLOCK_IN_OMAP242X | CLOCK_IN_OMAP243X,
- .parent = &wu_32k_clk,
- }, {
- .name = "gpio3_dbclk",
- .flags = CLOCK_IN_OMAP242X | CLOCK_IN_OMAP243X,
- .parent = &wu_32k_clk,
- }, {
- .name = "gpio4_dbclk",
- .flags = CLOCK_IN_OMAP242X | CLOCK_IN_OMAP243X,
- .parent = &wu_32k_clk,
- }, {
- .name = "gpio5_dbclk",
- .flags = CLOCK_IN_OMAP243X,
- .parent = &wu_32k_clk,
- },
-};
-
-static struct clk gpio_iclk = {
- .name = "gpio_iclk",
- .flags = CLOCK_IN_OMAP242X | CLOCK_IN_OMAP243X,
- .parent = &wu_l4_iclk,
-};
-
-static struct clk mmc_fck = {
- .name = "mmc_fclk",
- .flags = CLOCK_IN_OMAP242X,
- .parent = &func_96m_clk,
-};
-
-static struct clk mmc_ick = {
- .name = "mmc_iclk",
- .flags = CLOCK_IN_OMAP242X,
- .parent = &core_l4_iclk,
-};
-
-static struct clk spi_fclk[3] = {
- {
- .name = "spi1_fclk",
- .flags = CLOCK_IN_OMAP242X | CLOCK_IN_OMAP243X,
- .parent = &func_48m_clk,
- }, {
- .name = "spi2_fclk",
- .flags = CLOCK_IN_OMAP242X | CLOCK_IN_OMAP243X,
- .parent = &func_48m_clk,
- }, {
- .name = "spi3_fclk",
- .flags = CLOCK_IN_OMAP243X,
- .parent = &func_48m_clk,
- },
-};
-
-static struct clk dss_clk[2] = {
- {
- .name = "dss_clk1",
- .flags = CLOCK_IN_OMAP242X | CLOCK_IN_OMAP243X,
- .parent = &core_clk,
- }, {
- .name = "dss_clk2",
- .flags = CLOCK_IN_OMAP242X | CLOCK_IN_OMAP243X,
- .parent = &sys_clk,
- },
-};
-
-static struct clk dss_54m_clk = {
- .name = "dss_54m_clk",
- .flags = CLOCK_IN_OMAP242X | CLOCK_IN_OMAP243X,
- .parent = &func_54m_clk,
-};
-
-static struct clk dss_l3_iclk = {
- .name = "dss_l3_iclk",
- .flags = CLOCK_IN_OMAP242X | CLOCK_IN_OMAP243X,
- .parent = &core_l3_iclk,
-};
-
-static struct clk dss_l4_iclk = {
- .name = "dss_l4_iclk",
- .flags = CLOCK_IN_OMAP242X | CLOCK_IN_OMAP243X,
- .parent = &core_l4_iclk,
-};
-
-static struct clk spi_iclk[3] = {
- {
- .name = "spi1_iclk",
- .flags = CLOCK_IN_OMAP242X | CLOCK_IN_OMAP243X,
- .parent = &core_l4_iclk,
- }, {
- .name = "spi2_iclk",
- .flags = CLOCK_IN_OMAP242X | CLOCK_IN_OMAP243X,
- .parent = &core_l4_iclk,
- }, {
- .name = "spi3_iclk",
- .flags = CLOCK_IN_OMAP243X,
- .parent = &core_l4_iclk,
- },
-};
-
-static struct clk omapctrl_clk = {
- .name = "omapctrl_iclk",
- .flags = CLOCK_IN_OMAP242X | CLOCK_IN_OMAP243X,
- /* XXX Should be in WKUP domain */
- .parent = &core_l4_iclk,
-};
-
-static struct clk *onchip_clks[] = {
- /* OMAP 1 */
-
- /* non-ULPD clocks */
- &xtal_osc12m,
- &xtal_osc32k,
- &ck_ref,
- &dpll1,
- &dpll2,
- &dpll3,
- &dpll4,
- &apll,
- &ck_48m,
- /* CK_GEN1 clocks */
- &clkm1,
- &ck_dpll1out,
- &sossi_ck,
- &arm_ck,
- &armper_ck,
- &arm_gpio_ck,
- &armxor_ck,
- &armtim_ck,
- &armwdt_ck,
- &arminth_ck15xx, &arminth_ck16xx,
- /* CK_GEN2 clocks */
- &clkm2,
- &dsp_ck,
- &dspmmu_ck,
- &dspper_ck,
- &dspxor_ck,
- &dsptim_ck,
- /* CK_GEN3 clocks */
- &clkm3,
- &tc_ck,
- &tipb_ck,
- &l3_ocpi_ck,
- &tc1_ck,
- &tc2_ck,
- &dma_ck,
- &dma_lcdfree_ck,
- &api_ck,
- &lb_ck,
- &lbfree_ck,
- &hsab_ck,
- &rhea1_ck,
- &rhea2_ck,
- &lcd_ck_16xx,
- &lcd_ck_1510,
- /* ULPD clocks */
- &uart1_1510,
- &uart1_16xx,
- &uart2_ck,
- &uart3_1510,
- &uart3_16xx,
- &usb_clk0,
- &usb_hhc_ck1510, &usb_hhc_ck16xx,
- &mclk_1510, &mclk_16xx, &mclk_310,
- &bclk_1510, &bclk_16xx, &bclk_310,
- &mmc1_ck,
- &mmc2_ck,
- &cam_mclk,
- &cam_exclk,
- &cam_lclk,
- &clk32k,
- &usb_w2fc_mclk,
- /* Virtual clocks */
- &i2c_fck,
- &i2c_ick,
-
- /* OMAP 2 */
-
- &ref_clk,
- &apll_96m,
- &apll_54m,
- &sys_clk,
- &sleep_clk,
- &dpll_ck,
- &dpll_x2_ck,
- &wdt1_sys_clk,
- &func_96m_clk,
- &func_48m_clk,
- &func_12m_clk,
- &func_54m_clk,
- &sys_clkout,
- &sys_clkout2,
- &core_clk,
- &l3_clk,
- &core_l4_iclk,
- &wu_l4_iclk,
- &core_l3_iclk,
- &core_l4_usb_clk,
- &wu_gpt1_clk,
- &wu_32k_clk,
- &uart1_fclk,
- &uart1_iclk,
- &uart2_fclk,
- &uart2_iclk,
- &uart3_fclk,
- &uart3_iclk,
- &mpu_fclk,
- &mpu_iclk,
- &int_m_fclk,
- &int_m_iclk,
- &core_gpt2_clk,
- &core_gpt3_clk,
- &core_gpt4_clk,
- &core_gpt5_clk,
- &core_gpt6_clk,
- &core_gpt7_clk,
- &core_gpt8_clk,
- &core_gpt9_clk,
- &core_gpt10_clk,
- &core_gpt11_clk,
- &core_gpt12_clk,
- &mcbsp1_clk,
- &mcbsp2_clk,
- &emul_clk,
- &sdma_fclk,
- &sdma_iclk,
- &i2c1_fclk,
- &i2c1_iclk,
- &i2c2_fclk,
- &i2c2_iclk,
- &gpio_dbclk[0],
- &gpio_dbclk[1],
- &gpio_dbclk[2],
- &gpio_dbclk[3],
- &gpio_iclk,
- &mmc_fck,
- &mmc_ick,
- &spi_fclk[0],
- &spi_iclk[0],
- &spi_fclk[1],
- &spi_iclk[1],
- &spi_fclk[2],
- &spi_iclk[2],
- &dss_clk[0],
- &dss_clk[1],
- &dss_54m_clk,
- &dss_l3_iclk,
- &dss_l4_iclk,
- &omapctrl_clk,
-
- NULL
-};
-
-void omap_clk_adduser(struct clk *clk, qemu_irq user)
-{
- qemu_irq *i;
-
- for (i = clk->users; *i; i ++);
- *i = user;
-}
-
-struct clk *omap_findclk(struct omap_mpu_state_s *mpu, const char *name)
-{
- struct clk *i;
-
- for (i = mpu->clks; i->name; i ++)
- if (!strcmp(i->name, name) || (i->alias && !strcmp(i->alias, name)))
- return i;
- hw_error("%s: %s not found\n", __FUNCTION__, name);
-}
-
-void omap_clk_get(struct clk *clk)
-{
- clk->usecount ++;
-}
-
-void omap_clk_put(struct clk *clk)
-{
- if (!(clk->usecount --))
- hw_error("%s: %s is not in use\n", __FUNCTION__, clk->name);
-}
-
-static void omap_clk_update(struct clk *clk)
-{
- int parent, running;
- qemu_irq *user;
- struct clk *i;
-
- if (clk->parent)
- parent = clk->parent->running;
- else
- parent = 1;
-
- running = parent && (clk->enabled ||
- ((clk->flags & ALWAYS_ENABLED) && clk->usecount));
- if (clk->running != running) {
- clk->running = running;
- for (user = clk->users; *user; user ++)
- qemu_set_irq(*user, running);
- for (i = clk->child1; i; i = i->sibling)
- omap_clk_update(i);
- }
-}
-
-static void omap_clk_rate_update_full(struct clk *clk, unsigned long int rate,
- unsigned long int div, unsigned long int mult)
-{
- struct clk *i;
- qemu_irq *user;
-
- clk->rate = muldiv64(rate, mult, div);
- if (clk->running)
- for (user = clk->users; *user; user ++)
- qemu_irq_raise(*user);
- for (i = clk->child1; i; i = i->sibling)
- omap_clk_rate_update_full(i, rate,
- div * i->divisor, mult * i->multiplier);
-}
-
-static void omap_clk_rate_update(struct clk *clk)
-{
- struct clk *i;
- unsigned long int div, mult = div = 1;
-
- for (i = clk; i->parent; i = i->parent) {
- div *= i->divisor;
- mult *= i->multiplier;
- }
-
- omap_clk_rate_update_full(clk, i->rate, div, mult);
-}
-
-void omap_clk_reparent(struct clk *clk, struct clk *parent)
-{
- struct clk **p;
-
- if (clk->parent) {
- for (p = &clk->parent->child1; *p != clk; p = &(*p)->sibling);
- *p = clk->sibling;
- }
-
- clk->parent = parent;
- if (parent) {
- clk->sibling = parent->child1;
- parent->child1 = clk;
- omap_clk_update(clk);
- omap_clk_rate_update(clk);
- } else
- clk->sibling = NULL;
-}
-
-void omap_clk_onoff(struct clk *clk, int on)
-{
- clk->enabled = on;
- omap_clk_update(clk);
-}
-
-void omap_clk_canidle(struct clk *clk, int can)
-{
- if (can)
- omap_clk_put(clk);
- else
- omap_clk_get(clk);
-}
-
-void omap_clk_setrate(struct clk *clk, int divide, int multiply)
-{
- clk->divisor = divide;
- clk->multiplier = multiply;
- omap_clk_rate_update(clk);
-}
-
-int64_t omap_clk_getrate(omap_clk clk)
-{
- return clk->rate;
-}
-
-void omap_clk_init(struct omap_mpu_state_s *mpu)
-{
- struct clk **i, *j, *k;
- int count;
- int flag;
-
- if (cpu_is_omap310(mpu))
- flag = CLOCK_IN_OMAP310;
- else if (cpu_is_omap1510(mpu))
- flag = CLOCK_IN_OMAP1510;
- else if (cpu_is_omap2410(mpu) || cpu_is_omap2420(mpu))
- flag = CLOCK_IN_OMAP242X;
- else if (cpu_is_omap2430(mpu))
- flag = CLOCK_IN_OMAP243X;
- else if (cpu_is_omap3430(mpu))
- flag = CLOCK_IN_OMAP243X;
- else
- return;
-
- for (i = onchip_clks, count = 0; *i; i ++)
- if ((*i)->flags & flag)
- count ++;
- mpu->clks = (struct clk *) g_malloc0(sizeof(struct clk) * (count + 1));
- for (i = onchip_clks, j = mpu->clks; *i; i ++)
- if ((*i)->flags & flag) {
- memcpy(j, *i, sizeof(struct clk));
- for (k = mpu->clks; k < j; k ++)
- if (j->parent && !strcmp(j->parent->name, k->name)) {
- j->parent = k;
- j->sibling = k->child1;
- k->child1 = j;
- } else if (k->parent && !strcmp(k->parent->name, j->name)) {
- k->parent = j;
- k->sibling = j->child1;
- j->child1 = k;
- }
- j->divisor = j->divisor ?: 1;
- j->multiplier = j->multiplier ?: 1;
- j ++;
- }
- for (j = mpu->clks; count --; j ++) {
- omap_clk_update(j);
- omap_clk_rate_update(j);
- }
-}
diff --git a/hw/omap_dma.c b/hw/omap_dma.c
deleted file mode 100644
index e619c7b7d..000000000
--- a/hw/omap_dma.c
+++ /dev/null
@@ -1,2089 +0,0 @@
-/*
- * TI OMAP DMA gigacell.
- *
- * Copyright (C) 2006-2008 Andrzej Zaborowski <balrog@zabor.org>
- * Copyright (C) 2007-2008 Lauro Ramos Venancio <lauro.venancio@indt.org.br>
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License as
- * published by the Free Software Foundation; either version 2 of
- * the License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, see <http://www.gnu.org/licenses/>.
- */
-#include "qemu-common.h"
-#include "qemu-timer.h"
-#include "omap.h"
-#include "irq.h"
-#include "soc_dma.h"
-
-struct omap_dma_channel_s {
- /* transfer data */
- int burst[2];
- int pack[2];
- int endian[2];
- int endian_lock[2];
- int translate[2];
- enum omap_dma_port port[2];
- hwaddr addr[2];
- omap_dma_addressing_t mode[2];
- uint32_t elements;
- uint16_t frames;
- int32_t frame_index[2];
- int16_t element_index[2];
- int data_type;
-
- /* transfer type */
- int transparent_copy;
- int constant_fill;
- uint32_t color;
- int prefetch;
-
- /* auto init and linked channel data */
- int end_prog;
- int repeat;
- int auto_init;
- int link_enabled;
- int link_next_ch;
-
- /* interruption data */
- int interrupts;
- int status;
- int cstatus;
-
- /* state data */
- int active;
- int enable;
- int sync;
- int src_sync;
- int pending_request;
- int waiting_end_prog;
- uint16_t cpc;
- int set_update;
-
- /* sync type */
- int fs;
- int bs;
-
- /* compatibility */
- int omap_3_1_compatible_disable;
-
- qemu_irq irq;
- struct omap_dma_channel_s *sibling;
-
- struct omap_dma_reg_set_s {
- hwaddr src, dest;
- int frame;
- int element;
- int pck_element;
- int frame_delta[2];
- int elem_delta[2];
- int frames;
- int elements;
- int pck_elements;
- } active_set;
-
- struct soc_dma_ch_s *dma;
-
- /* unused parameters */
- int write_mode;
- int priority;
- int interleave_disabled;
- int type;
- int suspend;
- int buf_disable;
-};
-
-struct omap_dma_s {
- struct soc_dma_s *dma;
- MemoryRegion iomem;
-
- struct omap_mpu_state_s *mpu;
- omap_clk clk;
- qemu_irq irq[4];
- void (*intr_update)(struct omap_dma_s *s);
- enum omap_dma_model model;
- int omap_3_1_mapping_disabled;
-
- uint32_t gcr;
- uint32_t ocp;
- uint32_t caps[5];
- uint32_t irqen[4];
- uint32_t irqstat[4];
-
- int chans;
- struct omap_dma_channel_s ch[32];
- struct omap_dma_lcd_channel_s lcd_ch;
-};
-
-/* Interrupts */
-#define TIMEOUT_INTR (1 << 0)
-#define EVENT_DROP_INTR (1 << 1)
-#define HALF_FRAME_INTR (1 << 2)
-#define END_FRAME_INTR (1 << 3)
-#define LAST_FRAME_INTR (1 << 4)
-#define END_BLOCK_INTR (1 << 5)
-#define SYNC (1 << 6)
-#define END_PKT_INTR (1 << 7)
-#define TRANS_ERR_INTR (1 << 8)
-#define MISALIGN_INTR (1 << 11)
-
-static inline void omap_dma_interrupts_update(struct omap_dma_s *s)
-{
- return s->intr_update(s);
-}
-
-static void omap_dma_channel_load(struct omap_dma_channel_s *ch)
-{
- struct omap_dma_reg_set_s *a = &ch->active_set;
- int i, normal;
- int omap_3_1 = !ch->omap_3_1_compatible_disable;
-
- /*
- * TODO: verify address ranges and alignment
- * TODO: port endianness
- */
-
- a->src = ch->addr[0];
- a->dest = ch->addr[1];
- a->frames = ch->frames;
- a->elements = ch->elements;
- a->pck_elements = ch->frame_index[!ch->src_sync];
- a->frame = 0;
- a->element = 0;
- a->pck_element = 0;
-
- if (unlikely(!ch->elements || !ch->frames)) {
- printf("%s: bad DMA request\n", __FUNCTION__);
- return;
- }
-
- for (i = 0; i < 2; i ++)
- switch (ch->mode[i]) {
- case constant:
- a->elem_delta[i] = 0;
- a->frame_delta[i] = 0;
- break;
- case post_incremented:
- a->elem_delta[i] = ch->data_type;
- a->frame_delta[i] = 0;
- break;
- case single_index:
- a->elem_delta[i] = ch->data_type +
- ch->element_index[omap_3_1 ? 0 : i] - 1;
- a->frame_delta[i] = 0;
- break;
- case double_index:
- a->elem_delta[i] = ch->data_type +
- ch->element_index[omap_3_1 ? 0 : i] - 1;
- a->frame_delta[i] = ch->frame_index[omap_3_1 ? 0 : i] -
- ch->element_index[omap_3_1 ? 0 : i];
- break;
- default:
- break;
- }
-
- normal = !ch->transparent_copy && !ch->constant_fill &&
- /* FIFO is big-endian so either (ch->endian[n] == 1) OR
- * (ch->endian_lock[n] == 1) mean no endianism conversion. */
- (ch->endian[0] | ch->endian_lock[0]) ==
- (ch->endian[1] | ch->endian_lock[1]);
- for (i = 0; i < 2; i ++) {
- /* TODO: for a->frame_delta[i] > 0 still use the fast path, just
- * limit min_elems in omap_dma_transfer_setup to the nearest frame
- * end. */
- if (!a->elem_delta[i] && normal &&
- (a->frames == 1 || !a->frame_delta[i]))
- ch->dma->type[i] = soc_dma_access_const;
- else if (a->elem_delta[i] == ch->data_type && normal &&
- (a->frames == 1 || !a->frame_delta[i]))
- ch->dma->type[i] = soc_dma_access_linear;
- else
- ch->dma->type[i] = soc_dma_access_other;
-
- ch->dma->vaddr[i] = ch->addr[i];
- }
- soc_dma_ch_update(ch->dma);
-}
-
-static void omap_dma_activate_channel(struct omap_dma_s *s,
- struct omap_dma_channel_s *ch)
-{
- if (!ch->active) {
- if (ch->set_update) {
- /* It's not clear when the active set is supposed to be
- * loaded from registers. We're already loading it when the
- * channel is enabled, and for some guests this is not enough
- * but that may be also because of a race condition (no
- * delays in qemu) in the guest code, which we're just
- * working around here. */
- omap_dma_channel_load(ch);
- ch->set_update = 0;
- }
-
- ch->active = 1;
- soc_dma_set_request(ch->dma, 1);
- if (ch->sync)
- ch->status |= SYNC;
- }
-}
-
-static void omap_dma_deactivate_channel(struct omap_dma_s *s,
- struct omap_dma_channel_s *ch)
-{
- /* Update cpc */
- ch->cpc = ch->active_set.dest & 0xffff;
-
- if (ch->pending_request && !ch->waiting_end_prog && ch->enable) {
- /* Don't deactivate the channel */
- ch->pending_request = 0;
- return;
- }
-
- /* Don't deactive the channel if it is synchronized and the DMA request is
- active */
- if (ch->sync && ch->enable && (s->dma->drqbmp & (1 << ch->sync)))
- return;
-
- if (ch->active) {
- ch->active = 0;
- ch->status &= ~SYNC;
- soc_dma_set_request(ch->dma, 0);
- }
-}
-
-static void omap_dma_enable_channel(struct omap_dma_s *s,
- struct omap_dma_channel_s *ch)
-{
- if (!ch->enable) {
- ch->enable = 1;
- ch->waiting_end_prog = 0;
- omap_dma_channel_load(ch);
- /* TODO: theoretically if ch->sync && ch->prefetch &&
- * !s->dma->drqbmp[ch->sync], we should also activate and fetch
- * from source and then stall until signalled. */
- if ((!ch->sync) || (s->dma->drqbmp & (1 << ch->sync)))
- omap_dma_activate_channel(s, ch);
- }
-}
-
-static void omap_dma_disable_channel(struct omap_dma_s *s,
- struct omap_dma_channel_s *ch)
-{
- if (ch->enable) {
- ch->enable = 0;
- /* Discard any pending request */
- ch->pending_request = 0;
- omap_dma_deactivate_channel(s, ch);
- }
-}
-
-static void omap_dma_channel_end_prog(struct omap_dma_s *s,
- struct omap_dma_channel_s *ch)
-{
- if (ch->waiting_end_prog) {
- ch->waiting_end_prog = 0;
- if (!ch->sync || ch->pending_request) {
- ch->pending_request = 0;
- omap_dma_activate_channel(s, ch);
- }
- }
-}
-
-static void omap_dma_interrupts_3_1_update(struct omap_dma_s *s)
-{
- struct omap_dma_channel_s *ch = s->ch;
-
- /* First three interrupts are shared between two channels each. */
- if (ch[0].status | ch[6].status)
- qemu_irq_raise(ch[0].irq);
- if (ch[1].status | ch[7].status)
- qemu_irq_raise(ch[1].irq);
- if (ch[2].status | ch[8].status)
- qemu_irq_raise(ch[2].irq);
- if (ch[3].status)
- qemu_irq_raise(ch[3].irq);
- if (ch[4].status)
- qemu_irq_raise(ch[4].irq);
- if (ch[5].status)
- qemu_irq_raise(ch[5].irq);
-}
-
-static void omap_dma_interrupts_3_2_update(struct omap_dma_s *s)
-{
- struct omap_dma_channel_s *ch = s->ch;
- int i;
-
- for (i = s->chans; i; ch ++, i --)
- if (ch->status)
- qemu_irq_raise(ch->irq);
-}
-
-static void omap_dma_enable_3_1_mapping(struct omap_dma_s *s)
-{
- s->omap_3_1_mapping_disabled = 0;
- s->chans = 9;
- s->intr_update = omap_dma_interrupts_3_1_update;
-}
-
-static void omap_dma_disable_3_1_mapping(struct omap_dma_s *s)
-{
- s->omap_3_1_mapping_disabled = 1;
- s->chans = 16;
- s->intr_update = omap_dma_interrupts_3_2_update;
-}
-
-static void omap_dma_process_request(struct omap_dma_s *s, int request)
-{
- int channel;
- int drop_event = 0;
- struct omap_dma_channel_s *ch = s->ch;
-
- for (channel = 0; channel < s->chans; channel ++, ch ++) {
- if (ch->enable && ch->sync == request) {
- if (!ch->active)
- omap_dma_activate_channel(s, ch);
- else if (!ch->pending_request)
- ch->pending_request = 1;
- else {
- /* Request collision */
- /* Second request received while processing other request */
- ch->status |= EVENT_DROP_INTR;
- drop_event = 1;
- }
- }
- }
-
- if (drop_event)
- omap_dma_interrupts_update(s);
-}
-
-static void omap_dma_transfer_generic(struct soc_dma_ch_s *dma)
-{
- uint8_t value[4];
- struct omap_dma_channel_s *ch = dma->opaque;
- struct omap_dma_reg_set_s *a = &ch->active_set;
- int bytes = dma->bytes;
-#ifdef MULTI_REQ
- uint16_t status = ch->status;
-#endif
-
- do {
- /* Transfer a single element */
- /* FIXME: check the endianness */
- if (!ch->constant_fill)
- cpu_physical_memory_read(a->src, value, ch->data_type);
- else
- *(uint32_t *) value = ch->color;
-
- if (!ch->transparent_copy || *(uint32_t *) value != ch->color)
- cpu_physical_memory_write(a->dest, value, ch->data_type);
-
- a->src += a->elem_delta[0];
- a->dest += a->elem_delta[1];
- a->element ++;
-
-#ifndef MULTI_REQ
- if (a->element == a->elements) {
- /* End of Frame */
- a->element = 0;
- a->src += a->frame_delta[0];
- a->dest += a->frame_delta[1];
- a->frame ++;
-
- /* If the channel is async, update cpc */
- if (!ch->sync)
- ch->cpc = a->dest & 0xffff;
- }
- } while ((bytes -= ch->data_type));
-#else
- /* If the channel is element synchronized, deactivate it */
- if (ch->sync && !ch->fs && !ch->bs)
- omap_dma_deactivate_channel(s, ch);
-
- /* If it is the last frame, set the LAST_FRAME interrupt */
- if (a->element == 1 && a->frame == a->frames - 1)
- if (ch->interrupts & LAST_FRAME_INTR)
- ch->status |= LAST_FRAME_INTR;
-
- /* If the half of the frame was reached, set the HALF_FRAME
- interrupt */
- if (a->element == (a->elements >> 1))
- if (ch->interrupts & HALF_FRAME_INTR)
- ch->status |= HALF_FRAME_INTR;
-
- if (ch->fs && ch->bs) {
- a->pck_element ++;
- /* Check if a full packet has beed transferred. */
- if (a->pck_element == a->pck_elements) {
- a->pck_element = 0;
-
- /* Set the END_PKT interrupt */
- if ((ch->interrupts & END_PKT_INTR) && !ch->src_sync)
- ch->status |= END_PKT_INTR;
-
- /* If the channel is packet-synchronized, deactivate it */
- if (ch->sync)
- omap_dma_deactivate_channel(s, ch);
- }
- }
-
- if (a->element == a->elements) {
- /* End of Frame */
- a->element = 0;
- a->src += a->frame_delta[0];
- a->dest += a->frame_delta[1];
- a->frame ++;
-
- /* If the channel is frame synchronized, deactivate it */
- if (ch->sync && ch->fs && !ch->bs)
- omap_dma_deactivate_channel(s, ch);
-
- /* If the channel is async, update cpc */
- if (!ch->sync)
- ch->cpc = a->dest & 0xffff;
-
- /* Set the END_FRAME interrupt */
- if (ch->interrupts & END_FRAME_INTR)
- ch->status |= END_FRAME_INTR;
-
- if (a->frame == a->frames) {
- /* End of Block */
- /* Disable the channel */
-
- if (ch->omap_3_1_compatible_disable) {
- omap_dma_disable_channel(s, ch);
- if (ch->link_enabled)
- omap_dma_enable_channel(s,
- &s->ch[ch->link_next_ch]);
- } else {
- if (!ch->auto_init)
- omap_dma_disable_channel(s, ch);
- else if (ch->repeat || ch->end_prog)
- omap_dma_channel_load(ch);
- else {
- ch->waiting_end_prog = 1;
- omap_dma_deactivate_channel(s, ch);
- }
- }
-
- if (ch->interrupts & END_BLOCK_INTR)
- ch->status |= END_BLOCK_INTR;
- }
- }
- } while (status == ch->status && ch->active);
-
- omap_dma_interrupts_update(s);
-#endif
-}
-
-enum {
- omap_dma_intr_element_sync,
- omap_dma_intr_last_frame,
- omap_dma_intr_half_frame,
- omap_dma_intr_frame,
- omap_dma_intr_frame_sync,
- omap_dma_intr_packet,
- omap_dma_intr_packet_sync,
- omap_dma_intr_block,
- __omap_dma_intr_last,
-};
-
-static void omap_dma_transfer_setup(struct soc_dma_ch_s *dma)
-{
- struct omap_dma_port_if_s *src_p, *dest_p;
- struct omap_dma_reg_set_s *a;
- struct omap_dma_channel_s *ch = dma->opaque;
- struct omap_dma_s *s = dma->dma->opaque;
- int frames, min_elems, elements[__omap_dma_intr_last];
-
- a = &ch->active_set;
-
- src_p = &s->mpu->port[ch->port[0]];
- dest_p = &s->mpu->port[ch->port[1]];
- if ((!ch->constant_fill && !src_p->addr_valid(s->mpu, a->src)) ||
- (!dest_p->addr_valid(s->mpu, a->dest))) {
-#if 0
- /* Bus time-out */
- if (ch->interrupts & TIMEOUT_INTR)
- ch->status |= TIMEOUT_INTR;
- omap_dma_deactivate_channel(s, ch);
- continue;
-#endif
- printf("%s: Bus time-out in DMA%i operation\n",
- __FUNCTION__, dma->num);
- }
-
- min_elems = INT_MAX;
-
- /* Check all the conditions that terminate the transfer starting
- * with those that can occur the soonest. */
-#define INTR_CHECK(cond, id, nelements) \
- if (cond) { \
- elements[id] = nelements; \
- if (elements[id] < min_elems) \
- min_elems = elements[id]; \
- } else \
- elements[id] = INT_MAX;
-
- /* Elements */
- INTR_CHECK(
- ch->sync && !ch->fs && !ch->bs,
- omap_dma_intr_element_sync,
- 1)
-
- /* Frames */
- /* TODO: for transfers where entire frames can be read and written
- * using memcpy() but a->frame_delta is non-zero, try to still do
- * transfers using soc_dma but limit min_elems to a->elements - ...
- * See also the TODO in omap_dma_channel_load. */
- INTR_CHECK(
- (ch->interrupts & LAST_FRAME_INTR) &&
- ((a->frame < a->frames - 1) || !a->element),
- omap_dma_intr_last_frame,
- (a->frames - a->frame - 2) * a->elements +
- (a->elements - a->element + 1))
- INTR_CHECK(
- ch->interrupts & HALF_FRAME_INTR,
- omap_dma_intr_half_frame,
- (a->elements >> 1) +
- (a->element >= (a->elements >> 1) ? a->elements : 0) -
- a->element)
- INTR_CHECK(
- ch->sync && ch->fs && (ch->interrupts & END_FRAME_INTR),
- omap_dma_intr_frame,
- a->elements - a->element)
- INTR_CHECK(
- ch->sync && ch->fs && !ch->bs,
- omap_dma_intr_frame_sync,
- a->elements - a->element)
-
- /* Packets */
- INTR_CHECK(
- ch->fs && ch->bs &&
- (ch->interrupts & END_PKT_INTR) && !ch->src_sync,
- omap_dma_intr_packet,
- a->pck_elements - a->pck_element)
- INTR_CHECK(
- ch->fs && ch->bs && ch->sync,
- omap_dma_intr_packet_sync,
- a->pck_elements - a->pck_element)
-
- /* Blocks */
- INTR_CHECK(
- 1,
- omap_dma_intr_block,
- (a->frames - a->frame - 1) * a->elements +
- (a->elements - a->element))
-
- dma->bytes = min_elems * ch->data_type;
-
- /* Set appropriate interrupts and/or deactivate channels */
-
-#ifdef MULTI_REQ
- /* TODO: should all of this only be done if dma->update, and otherwise
- * inside omap_dma_transfer_generic below - check what's faster. */
- if (dma->update) {
-#endif
-
- /* If the channel is element synchronized, deactivate it */
- if (min_elems == elements[omap_dma_intr_element_sync])
- omap_dma_deactivate_channel(s, ch);
-
- /* If it is the last frame, set the LAST_FRAME interrupt */
- if (min_elems == elements[omap_dma_intr_last_frame])
- ch->status |= LAST_FRAME_INTR;
-
- /* If exactly half of the frame was reached, set the HALF_FRAME
- interrupt */
- if (min_elems == elements[omap_dma_intr_half_frame])
- ch->status |= HALF_FRAME_INTR;
-
- /* If a full packet has been transferred, set the END_PKT interrupt */
- if (min_elems == elements[omap_dma_intr_packet])
- ch->status |= END_PKT_INTR;
-
- /* If the channel is packet-synchronized, deactivate it */
- if (min_elems == elements[omap_dma_intr_packet_sync])
- omap_dma_deactivate_channel(s, ch);
-
- /* If the channel is frame synchronized, deactivate it */
- if (min_elems == elements[omap_dma_intr_frame_sync])
- omap_dma_deactivate_channel(s, ch);
-
- /* Set the END_FRAME interrupt */
- if (min_elems == elements[omap_dma_intr_frame])
- ch->status |= END_FRAME_INTR;
-
- if (min_elems == elements[omap_dma_intr_block]) {
- /* End of Block */
- /* Disable the channel */
-
- if (ch->omap_3_1_compatible_disable) {
- omap_dma_disable_channel(s, ch);
- if (ch->link_enabled)
- omap_dma_enable_channel(s, &s->ch[ch->link_next_ch]);
- } else {
- if (!ch->auto_init)
- omap_dma_disable_channel(s, ch);
- else if (ch->repeat || ch->end_prog)
- omap_dma_channel_load(ch);
- else {
- ch->waiting_end_prog = 1;
- omap_dma_deactivate_channel(s, ch);
- }
- }
-
- if (ch->interrupts & END_BLOCK_INTR)
- ch->status |= END_BLOCK_INTR;
- }
-
- /* Update packet number */
- if (ch->fs && ch->bs) {
- a->pck_element += min_elems;
- a->pck_element %= a->pck_elements;
- }
-
- /* TODO: check if we really need to update anything here or perhaps we
- * can skip part of this. */
-#ifndef MULTI_REQ
- if (dma->update) {
-#endif
- a->element += min_elems;
-
- frames = a->element / a->elements;
- a->element = a->element % a->elements;
- a->frame += frames;
- a->src += min_elems * a->elem_delta[0] + frames * a->frame_delta[0];
- a->dest += min_elems * a->elem_delta[1] + frames * a->frame_delta[1];
-
- /* If the channel is async, update cpc */
- if (!ch->sync && frames)
- ch->cpc = a->dest & 0xffff;
-
- /* TODO: if the destination port is IMIF or EMIFF, set the dirty
- * bits on it. */
-#ifndef MULTI_REQ
- }
-#else
- }
-#endif
-
- omap_dma_interrupts_update(s);
-}
-
-void omap_dma_reset(struct soc_dma_s *dma)
-{
- int i;
- struct omap_dma_s *s = dma->opaque;
-
- soc_dma_reset(s->dma);
- if (s->model < omap_dma_4)
- s->gcr = 0x0004;
- else
- s->gcr = 0x00010010;
- s->ocp = 0x00000000;
- memset(&s->irqstat, 0, sizeof(s->irqstat));
- memset(&s->irqen, 0, sizeof(s->irqen));
- s->lcd_ch.src = emiff;
- s->lcd_ch.condition = 0;
- s->lcd_ch.interrupts = 0;
- s->lcd_ch.dual = 0;
- if (s->model < omap_dma_4)
- omap_dma_enable_3_1_mapping(s);
- for (i = 0; i < s->chans; i ++) {
- s->ch[i].suspend = 0;
- s->ch[i].prefetch = 0;
- s->ch[i].buf_disable = 0;
- s->ch[i].src_sync = 0;
- memset(&s->ch[i].burst, 0, sizeof(s->ch[i].burst));
- memset(&s->ch[i].port, 0, sizeof(s->ch[i].port));
- memset(&s->ch[i].mode, 0, sizeof(s->ch[i].mode));
- memset(&s->ch[i].frame_index, 0, sizeof(s->ch[i].frame_index));
- memset(&s->ch[i].element_index, 0, sizeof(s->ch[i].element_index));
- memset(&s->ch[i].endian, 0, sizeof(s->ch[i].endian));
- memset(&s->ch[i].endian_lock, 0, sizeof(s->ch[i].endian_lock));
- memset(&s->ch[i].translate, 0, sizeof(s->ch[i].translate));
- s->ch[i].write_mode = 0;
- s->ch[i].data_type = 0;
- s->ch[i].transparent_copy = 0;
- s->ch[i].constant_fill = 0;
- s->ch[i].color = 0x00000000;
- s->ch[i].end_prog = 0;
- s->ch[i].repeat = 0;
- s->ch[i].auto_init = 0;
- s->ch[i].link_enabled = 0;
- if (s->model < omap_dma_4)
- s->ch[i].interrupts = 0x0003;
- else
- s->ch[i].interrupts = 0x0000;
- s->ch[i].status = 0;
- s->ch[i].cstatus = 0;
- s->ch[i].active = 0;
- s->ch[i].enable = 0;
- s->ch[i].sync = 0;
- s->ch[i].pending_request = 0;
- s->ch[i].waiting_end_prog = 0;
- s->ch[i].cpc = 0x0000;
- s->ch[i].fs = 0;
- s->ch[i].bs = 0;
- s->ch[i].omap_3_1_compatible_disable = 0;
- memset(&s->ch[i].active_set, 0, sizeof(s->ch[i].active_set));
- s->ch[i].priority = 0;
- s->ch[i].interleave_disabled = 0;
- s->ch[i].type = 0;
- }
-}
-
-static int omap_dma_ch_reg_read(struct omap_dma_s *s,
- struct omap_dma_channel_s *ch, int reg, uint16_t *value)
-{
- switch (reg) {
- case 0x00: /* SYS_DMA_CSDP_CH0 */
- *value = (ch->burst[1] << 14) |
- (ch->pack[1] << 13) |
- (ch->port[1] << 9) |
- (ch->burst[0] << 7) |
- (ch->pack[0] << 6) |
- (ch->port[0] << 2) |
- (ch->data_type >> 1);
- break;
-
- case 0x02: /* SYS_DMA_CCR_CH0 */
- if (s->model <= omap_dma_3_1)
- *value = 0 << 10; /* FIFO_FLUSH reads as 0 */
- else
- *value = ch->omap_3_1_compatible_disable << 10;
- *value |= (ch->mode[1] << 14) |
- (ch->mode[0] << 12) |
- (ch->end_prog << 11) |
- (ch->repeat << 9) |
- (ch->auto_init << 8) |
- (ch->enable << 7) |
- (ch->priority << 6) |
- (ch->fs << 5) | ch->sync;
- break;
-
- case 0x04: /* SYS_DMA_CICR_CH0 */
- *value = ch->interrupts;
- break;
-
- case 0x06: /* SYS_DMA_CSR_CH0 */
- *value = ch->status;
- ch->status &= SYNC;
- if (!ch->omap_3_1_compatible_disable && ch->sibling) {
- *value |= (ch->sibling->status & 0x3f) << 6;
- ch->sibling->status &= SYNC;
- }
- qemu_irq_lower(ch->irq);
- break;
-
- case 0x08: /* SYS_DMA_CSSA_L_CH0 */
- *value = ch->addr[0] & 0x0000ffff;
- break;
-
- case 0x0a: /* SYS_DMA_CSSA_U_CH0 */
- *value = ch->addr[0] >> 16;
- break;
-
- case 0x0c: /* SYS_DMA_CDSA_L_CH0 */
- *value = ch->addr[1] & 0x0000ffff;
- break;
-
- case 0x0e: /* SYS_DMA_CDSA_U_CH0 */
- *value = ch->addr[1] >> 16;
- break;
-
- case 0x10: /* SYS_DMA_CEN_CH0 */
- *value = ch->elements;
- break;
-
- case 0x12: /* SYS_DMA_CFN_CH0 */
- *value = ch->frames;
- break;
-
- case 0x14: /* SYS_DMA_CFI_CH0 */
- *value = ch->frame_index[0];
- break;
-
- case 0x16: /* SYS_DMA_CEI_CH0 */
- *value = ch->element_index[0];
- break;
-
- case 0x18: /* SYS_DMA_CPC_CH0 or DMA_CSAC */
- if (ch->omap_3_1_compatible_disable)
- *value = ch->active_set.src & 0xffff; /* CSAC */
- else
- *value = ch->cpc;
- break;
-
- case 0x1a: /* DMA_CDAC */
- *value = ch->active_set.dest & 0xffff; /* CDAC */
- break;
-
- case 0x1c: /* DMA_CDEI */
- *value = ch->element_index[1];
- break;
-
- case 0x1e: /* DMA_CDFI */
- *value = ch->frame_index[1];
- break;
-
- case 0x20: /* DMA_COLOR_L */
- *value = ch->color & 0xffff;
- break;
-
- case 0x22: /* DMA_COLOR_U */
- *value = ch->color >> 16;
- break;
-
- case 0x24: /* DMA_CCR2 */
- *value = (ch->bs << 2) |
- (ch->transparent_copy << 1) |
- ch->constant_fill;
- break;
-
- case 0x28: /* DMA_CLNK_CTRL */
- *value = (ch->link_enabled << 15) |
- (ch->link_next_ch & 0xf);
- break;
-
- case 0x2a: /* DMA_LCH_CTRL */
- *value = (ch->interleave_disabled << 15) |
- ch->type;
- break;
-
- default:
- return 1;
- }
- return 0;
-}
-
-static int omap_dma_ch_reg_write(struct omap_dma_s *s,
- struct omap_dma_channel_s *ch, int reg, uint16_t value)
-{
- switch (reg) {
- case 0x00: /* SYS_DMA_CSDP_CH0 */
- ch->burst[1] = (value & 0xc000) >> 14;
- ch->pack[1] = (value & 0x2000) >> 13;
- ch->port[1] = (enum omap_dma_port) ((value & 0x1e00) >> 9);
- ch->burst[0] = (value & 0x0180) >> 7;
- ch->pack[0] = (value & 0x0040) >> 6;
- ch->port[0] = (enum omap_dma_port) ((value & 0x003c) >> 2);
- ch->data_type = 1 << (value & 3);
- if (ch->port[0] >= __omap_dma_port_last)
- printf("%s: invalid DMA port %i\n", __FUNCTION__,
- ch->port[0]);
- if (ch->port[1] >= __omap_dma_port_last)
- printf("%s: invalid DMA port %i\n", __FUNCTION__,
- ch->port[1]);
- if ((value & 3) == 3)
- printf("%s: bad data_type for DMA channel\n", __FUNCTION__);
- break;
-
- case 0x02: /* SYS_DMA_CCR_CH0 */
- ch->mode[1] = (omap_dma_addressing_t) ((value & 0xc000) >> 14);
- ch->mode[0] = (omap_dma_addressing_t) ((value & 0x3000) >> 12);
- ch->end_prog = (value & 0x0800) >> 11;
- if (s->model >= omap_dma_3_2)
- ch->omap_3_1_compatible_disable = (value >> 10) & 0x1;
- ch->repeat = (value & 0x0200) >> 9;
- ch->auto_init = (value & 0x0100) >> 8;
- ch->priority = (value & 0x0040) >> 6;
- ch->fs = (value & 0x0020) >> 5;
- ch->sync = value & 0x001f;
-
- if (value & 0x0080)
- omap_dma_enable_channel(s, ch);
- else
- omap_dma_disable_channel(s, ch);
-
- if (ch->end_prog)
- omap_dma_channel_end_prog(s, ch);
-
- break;
-
- case 0x04: /* SYS_DMA_CICR_CH0 */
- ch->interrupts = value & 0x3f;
- break;
-
- case 0x06: /* SYS_DMA_CSR_CH0 */
- OMAP_RO_REG((hwaddr) reg);
- break;
-
- case 0x08: /* SYS_DMA_CSSA_L_CH0 */
- ch->addr[0] &= 0xffff0000;
- ch->addr[0] |= value;
- break;
-
- case 0x0a: /* SYS_DMA_CSSA_U_CH0 */
- ch->addr[0] &= 0x0000ffff;
- ch->addr[0] |= (uint32_t) value << 16;
- break;
-
- case 0x0c: /* SYS_DMA_CDSA_L_CH0 */
- ch->addr[1] &= 0xffff0000;
- ch->addr[1] |= value;
- break;
-
- case 0x0e: /* SYS_DMA_CDSA_U_CH0 */
- ch->addr[1] &= 0x0000ffff;
- ch->addr[1] |= (uint32_t) value << 16;
- break;
-
- case 0x10: /* SYS_DMA_CEN_CH0 */
- ch->elements = value;
- break;
-
- case 0x12: /* SYS_DMA_CFN_CH0 */
- ch->frames = value;
- break;
-
- case 0x14: /* SYS_DMA_CFI_CH0 */
- ch->frame_index[0] = (int16_t) value;
- break;
-
- case 0x16: /* SYS_DMA_CEI_CH0 */
- ch->element_index[0] = (int16_t) value;
- break;
-
- case 0x18: /* SYS_DMA_CPC_CH0 or DMA_CSAC */
- OMAP_RO_REG((hwaddr) reg);
- break;
-
- case 0x1c: /* DMA_CDEI */
- ch->element_index[1] = (int16_t) value;
- break;
-
- case 0x1e: /* DMA_CDFI */
- ch->frame_index[1] = (int16_t) value;
- break;
-
- case 0x20: /* DMA_COLOR_L */
- ch->color &= 0xffff0000;
- ch->color |= value;
- break;
-
- case 0x22: /* DMA_COLOR_U */
- ch->color &= 0xffff;
- ch->color |= value << 16;
- break;
-
- case 0x24: /* DMA_CCR2 */
- ch->bs = (value >> 2) & 0x1;
- ch->transparent_copy = (value >> 1) & 0x1;
- ch->constant_fill = value & 0x1;
- break;
-
- case 0x28: /* DMA_CLNK_CTRL */
- ch->link_enabled = (value >> 15) & 0x1;
- if (value & (1 << 14)) { /* Stop_Lnk */
- ch->link_enabled = 0;
- omap_dma_disable_channel(s, ch);
- }
- ch->link_next_ch = value & 0x1f;
- break;
-
- case 0x2a: /* DMA_LCH_CTRL */
- ch->interleave_disabled = (value >> 15) & 0x1;
- ch->type = value & 0xf;
- break;
-
- default:
- return 1;
- }
- return 0;
-}
-
-static int omap_dma_3_2_lcd_write(struct omap_dma_lcd_channel_s *s, int offset,
- uint16_t value)
-{
- switch (offset) {
- case 0xbc0: /* DMA_LCD_CSDP */
- s->brust_f2 = (value >> 14) & 0x3;
- s->pack_f2 = (value >> 13) & 0x1;
- s->data_type_f2 = (1 << ((value >> 11) & 0x3));
- s->brust_f1 = (value >> 7) & 0x3;
- s->pack_f1 = (value >> 6) & 0x1;
- s->data_type_f1 = (1 << ((value >> 0) & 0x3));
- break;
-
- case 0xbc2: /* DMA_LCD_CCR */
- s->mode_f2 = (value >> 14) & 0x3;
- s->mode_f1 = (value >> 12) & 0x3;
- s->end_prog = (value >> 11) & 0x1;
- s->omap_3_1_compatible_disable = (value >> 10) & 0x1;
- s->repeat = (value >> 9) & 0x1;
- s->auto_init = (value >> 8) & 0x1;
- s->running = (value >> 7) & 0x1;
- s->priority = (value >> 6) & 0x1;
- s->bs = (value >> 4) & 0x1;
- break;
-
- case 0xbc4: /* DMA_LCD_CTRL */
- s->dst = (value >> 8) & 0x1;
- s->src = ((value >> 6) & 0x3) << 1;
- s->condition = 0;
- /* Assume no bus errors and thus no BUS_ERROR irq bits. */
- s->interrupts = (value >> 1) & 1;
- s->dual = value & 1;
- break;
-
- case 0xbc8: /* TOP_B1_L */
- s->src_f1_top &= 0xffff0000;
- s->src_f1_top |= 0x0000ffff & value;
- break;
-
- case 0xbca: /* TOP_B1_U */
- s->src_f1_top &= 0x0000ffff;
- s->src_f1_top |= value << 16;
- break;
-
- case 0xbcc: /* BOT_B1_L */
- s->src_f1_bottom &= 0xffff0000;
- s->src_f1_bottom |= 0x0000ffff & value;
- break;
-
- case 0xbce: /* BOT_B1_U */
- s->src_f1_bottom &= 0x0000ffff;
- s->src_f1_bottom |= (uint32_t) value << 16;
- break;
-
- case 0xbd0: /* TOP_B2_L */
- s->src_f2_top &= 0xffff0000;
- s->src_f2_top |= 0x0000ffff & value;
- break;
-
- case 0xbd2: /* TOP_B2_U */
- s->src_f2_top &= 0x0000ffff;
- s->src_f2_top |= (uint32_t) value << 16;
- break;
-
- case 0xbd4: /* BOT_B2_L */
- s->src_f2_bottom &= 0xffff0000;
- s->src_f2_bottom |= 0x0000ffff & value;
- break;
-
- case 0xbd6: /* BOT_B2_U */
- s->src_f2_bottom &= 0x0000ffff;
- s->src_f2_bottom |= (uint32_t) value << 16;
- break;
-
- case 0xbd8: /* DMA_LCD_SRC_EI_B1 */
- s->element_index_f1 = value;
- break;
-
- case 0xbda: /* DMA_LCD_SRC_FI_B1_L */
- s->frame_index_f1 &= 0xffff0000;
- s->frame_index_f1 |= 0x0000ffff & value;
- break;
-
- case 0xbf4: /* DMA_LCD_SRC_FI_B1_U */
- s->frame_index_f1 &= 0x0000ffff;
- s->frame_index_f1 |= (uint32_t) value << 16;
- break;
-
- case 0xbdc: /* DMA_LCD_SRC_EI_B2 */
- s->element_index_f2 = value;
- break;
-
- case 0xbde: /* DMA_LCD_SRC_FI_B2_L */
- s->frame_index_f2 &= 0xffff0000;
- s->frame_index_f2 |= 0x0000ffff & value;
- break;
-
- case 0xbf6: /* DMA_LCD_SRC_FI_B2_U */
- s->frame_index_f2 &= 0x0000ffff;
- s->frame_index_f2 |= (uint32_t) value << 16;
- break;
-
- case 0xbe0: /* DMA_LCD_SRC_EN_B1 */
- s->elements_f1 = value;
- break;
-
- case 0xbe4: /* DMA_LCD_SRC_FN_B1 */
- s->frames_f1 = value;
- break;
-
- case 0xbe2: /* DMA_LCD_SRC_EN_B2 */
- s->elements_f2 = value;
- break;
-
- case 0xbe6: /* DMA_LCD_SRC_FN_B2 */
- s->frames_f2 = value;
- break;
-
- case 0xbea: /* DMA_LCD_LCH_CTRL */
- s->lch_type = value & 0xf;
- break;
-
- default:
- return 1;
- }
- return 0;
-}
-
-static int omap_dma_3_2_lcd_read(struct omap_dma_lcd_channel_s *s, int offset,
- uint16_t *ret)
-{
- switch (offset) {
- case 0xbc0: /* DMA_LCD_CSDP */
- *ret = (s->brust_f2 << 14) |
- (s->pack_f2 << 13) |
- ((s->data_type_f2 >> 1) << 11) |
- (s->brust_f1 << 7) |
- (s->pack_f1 << 6) |
- ((s->data_type_f1 >> 1) << 0);
- break;
-
- case 0xbc2: /* DMA_LCD_CCR */
- *ret = (s->mode_f2 << 14) |
- (s->mode_f1 << 12) |
- (s->end_prog << 11) |
- (s->omap_3_1_compatible_disable << 10) |
- (s->repeat << 9) |
- (s->auto_init << 8) |
- (s->running << 7) |
- (s->priority << 6) |
- (s->bs << 4);
- break;
-
- case 0xbc4: /* DMA_LCD_CTRL */
- qemu_irq_lower(s->irq);
- *ret = (s->dst << 8) |
- ((s->src & 0x6) << 5) |
- (s->condition << 3) |
- (s->interrupts << 1) |
- s->dual;
- break;
-
- case 0xbc8: /* TOP_B1_L */
- *ret = s->src_f1_top & 0xffff;
- break;
-
- case 0xbca: /* TOP_B1_U */
- *ret = s->src_f1_top >> 16;
- break;
-
- case 0xbcc: /* BOT_B1_L */
- *ret = s->src_f1_bottom & 0xffff;
- break;
-
- case 0xbce: /* BOT_B1_U */
- *ret = s->src_f1_bottom >> 16;
- break;
-
- case 0xbd0: /* TOP_B2_L */
- *ret = s->src_f2_top & 0xffff;
- break;
-
- case 0xbd2: /* TOP_B2_U */
- *ret = s->src_f2_top >> 16;
- break;
-
- case 0xbd4: /* BOT_B2_L */
- *ret = s->src_f2_bottom & 0xffff;
- break;
-
- case 0xbd6: /* BOT_B2_U */
- *ret = s->src_f2_bottom >> 16;
- break;
-
- case 0xbd8: /* DMA_LCD_SRC_EI_B1 */
- *ret = s->element_index_f1;
- break;
-
- case 0xbda: /* DMA_LCD_SRC_FI_B1_L */
- *ret = s->frame_index_f1 & 0xffff;
- break;
-
- case 0xbf4: /* DMA_LCD_SRC_FI_B1_U */
- *ret = s->frame_index_f1 >> 16;
- break;
-
- case 0xbdc: /* DMA_LCD_SRC_EI_B2 */
- *ret = s->element_index_f2;
- break;
-
- case 0xbde: /* DMA_LCD_SRC_FI_B2_L */
- *ret = s->frame_index_f2 & 0xffff;
- break;
-
- case 0xbf6: /* DMA_LCD_SRC_FI_B2_U */
- *ret = s->frame_index_f2 >> 16;
- break;
-
- case 0xbe0: /* DMA_LCD_SRC_EN_B1 */
- *ret = s->elements_f1;
- break;
-
- case 0xbe4: /* DMA_LCD_SRC_FN_B1 */
- *ret = s->frames_f1;
- break;
-
- case 0xbe2: /* DMA_LCD_SRC_EN_B2 */
- *ret = s->elements_f2;
- break;
-
- case 0xbe6: /* DMA_LCD_SRC_FN_B2 */
- *ret = s->frames_f2;
- break;
-
- case 0xbea: /* DMA_LCD_LCH_CTRL */
- *ret = s->lch_type;
- break;
-
- default:
- return 1;
- }
- return 0;
-}
-
-static int omap_dma_3_1_lcd_write(struct omap_dma_lcd_channel_s *s, int offset,
- uint16_t value)
-{
- switch (offset) {
- case 0x300: /* SYS_DMA_LCD_CTRL */
- s->src = (value & 0x40) ? imif : emiff;
- s->condition = 0;
- /* Assume no bus errors and thus no BUS_ERROR irq bits. */
- s->interrupts = (value >> 1) & 1;
- s->dual = value & 1;
- break;
-
- case 0x302: /* SYS_DMA_LCD_TOP_F1_L */
- s->src_f1_top &= 0xffff0000;
- s->src_f1_top |= 0x0000ffff & value;
- break;
-
- case 0x304: /* SYS_DMA_LCD_TOP_F1_U */
- s->src_f1_top &= 0x0000ffff;
- s->src_f1_top |= value << 16;
- break;
-
- case 0x306: /* SYS_DMA_LCD_BOT_F1_L */
- s->src_f1_bottom &= 0xffff0000;
- s->src_f1_bottom |= 0x0000ffff & value;
- break;
-
- case 0x308: /* SYS_DMA_LCD_BOT_F1_U */
- s->src_f1_bottom &= 0x0000ffff;
- s->src_f1_bottom |= value << 16;
- break;
-
- case 0x30a: /* SYS_DMA_LCD_TOP_F2_L */
- s->src_f2_top &= 0xffff0000;
- s->src_f2_top |= 0x0000ffff & value;
- break;
-
- case 0x30c: /* SYS_DMA_LCD_TOP_F2_U */
- s->src_f2_top &= 0x0000ffff;
- s->src_f2_top |= value << 16;
- break;
-
- case 0x30e: /* SYS_DMA_LCD_BOT_F2_L */
- s->src_f2_bottom &= 0xffff0000;
- s->src_f2_bottom |= 0x0000ffff & value;
- break;
-
- case 0x310: /* SYS_DMA_LCD_BOT_F2_U */
- s->src_f2_bottom &= 0x0000ffff;
- s->src_f2_bottom |= value << 16;
- break;
-
- default:
- return 1;
- }
- return 0;
-}
-
-static int omap_dma_3_1_lcd_read(struct omap_dma_lcd_channel_s *s, int offset,
- uint16_t *ret)
-{
- int i;
-
- switch (offset) {
- case 0x300: /* SYS_DMA_LCD_CTRL */
- i = s->condition;
- s->condition = 0;
- qemu_irq_lower(s->irq);
- *ret = ((s->src == imif) << 6) | (i << 3) |
- (s->interrupts << 1) | s->dual;
- break;
-
- case 0x302: /* SYS_DMA_LCD_TOP_F1_L */
- *ret = s->src_f1_top & 0xffff;
- break;
-
- case 0x304: /* SYS_DMA_LCD_TOP_F1_U */
- *ret = s->src_f1_top >> 16;
- break;
-
- case 0x306: /* SYS_DMA_LCD_BOT_F1_L */
- *ret = s->src_f1_bottom & 0xffff;
- break;
-
- case 0x308: /* SYS_DMA_LCD_BOT_F1_U */
- *ret = s->src_f1_bottom >> 16;
- break;
-
- case 0x30a: /* SYS_DMA_LCD_TOP_F2_L */
- *ret = s->src_f2_top & 0xffff;
- break;
-
- case 0x30c: /* SYS_DMA_LCD_TOP_F2_U */
- *ret = s->src_f2_top >> 16;
- break;
-
- case 0x30e: /* SYS_DMA_LCD_BOT_F2_L */
- *ret = s->src_f2_bottom & 0xffff;
- break;
-
- case 0x310: /* SYS_DMA_LCD_BOT_F2_U */
- *ret = s->src_f2_bottom >> 16;
- break;
-
- default:
- return 1;
- }
- return 0;
-}
-
-static int omap_dma_sys_write(struct omap_dma_s *s, int offset, uint16_t value)
-{
- switch (offset) {
- case 0x400: /* SYS_DMA_GCR */
- s->gcr = value;
- break;
-
- case 0x404: /* DMA_GSCR */
- if (value & 0x8)
- omap_dma_disable_3_1_mapping(s);
- else
- omap_dma_enable_3_1_mapping(s);
- break;
-
- case 0x408: /* DMA_GRST */
- if (value & 0x1)
- omap_dma_reset(s->dma);
- break;
-
- default:
- return 1;
- }
- return 0;
-}
-
-static int omap_dma_sys_read(struct omap_dma_s *s, int offset,
- uint16_t *ret)
-{
- switch (offset) {
- case 0x400: /* SYS_DMA_GCR */
- *ret = s->gcr;
- break;
-
- case 0x404: /* DMA_GSCR */
- *ret = s->omap_3_1_mapping_disabled << 3;
- break;
-
- case 0x408: /* DMA_GRST */
- *ret = 0;
- break;
-
- case 0x442: /* DMA_HW_ID */
- case 0x444: /* DMA_PCh2_ID */
- case 0x446: /* DMA_PCh0_ID */
- case 0x448: /* DMA_PCh1_ID */
- case 0x44a: /* DMA_PChG_ID */
- case 0x44c: /* DMA_PChD_ID */
- *ret = 1;
- break;
-
- case 0x44e: /* DMA_CAPS_0_U */
- *ret = (s->caps[0] >> 16) & 0xffff;
- break;
- case 0x450: /* DMA_CAPS_0_L */
- *ret = (s->caps[0] >> 0) & 0xffff;
- break;
-
- case 0x452: /* DMA_CAPS_1_U */
- *ret = (s->caps[1] >> 16) & 0xffff;
- break;
- case 0x454: /* DMA_CAPS_1_L */
- *ret = (s->caps[1] >> 0) & 0xffff;
- break;
-
- case 0x456: /* DMA_CAPS_2 */
- *ret = s->caps[2];
- break;
-
- case 0x458: /* DMA_CAPS_3 */
- *ret = s->caps[3];
- break;
-
- case 0x45a: /* DMA_CAPS_4 */
- *ret = s->caps[4];
- break;
-
- case 0x460: /* DMA_PCh2_SR */
- case 0x480: /* DMA_PCh0_SR */
- case 0x482: /* DMA_PCh1_SR */
- case 0x4c0: /* DMA_PChD_SR_0 */
- printf("%s: Physical Channel Status Registers not implemented.\n",
- __FUNCTION__);
- *ret = 0xff;
- break;
-
- default:
- return 1;
- }
- return 0;
-}
-
-static uint64_t omap_dma_read(void *opaque, hwaddr addr,
- unsigned size)
-{
- struct omap_dma_s *s = (struct omap_dma_s *) opaque;
- int reg, ch;
- uint16_t ret;
-
- if (size != 2) {
- return omap_badwidth_read16(opaque, addr);
- }
-
- switch (addr) {
- case 0x300 ... 0x3fe:
- if (s->model <= omap_dma_3_1 || !s->omap_3_1_mapping_disabled) {
- if (omap_dma_3_1_lcd_read(&s->lcd_ch, addr, &ret))
- break;
- return ret;
- }
- /* Fall through. */
- case 0x000 ... 0x2fe:
- reg = addr & 0x3f;
- ch = (addr >> 6) & 0x0f;
- if (omap_dma_ch_reg_read(s, &s->ch[ch], reg, &ret))
- break;
- return ret;
-
- case 0x404 ... 0x4fe:
- if (s->model <= omap_dma_3_1)
- break;
- /* Fall through. */
- case 0x400:
- if (omap_dma_sys_read(s, addr, &ret))
- break;
- return ret;
-
- case 0xb00 ... 0xbfe:
- if (s->model == omap_dma_3_2 && s->omap_3_1_mapping_disabled) {
- if (omap_dma_3_2_lcd_read(&s->lcd_ch, addr, &ret))
- break;
- return ret;
- }
- break;
- }
-
- OMAP_BAD_REG(addr);
- return 0;
-}
-
-static void omap_dma_write(void *opaque, hwaddr addr,
- uint64_t value, unsigned size)
-{
- struct omap_dma_s *s = (struct omap_dma_s *) opaque;
- int reg, ch;
-
- if (size != 2) {
- return omap_badwidth_write16(opaque, addr, value);
- }
-
- switch (addr) {
- case 0x300 ... 0x3fe:
- if (s->model <= omap_dma_3_1 || !s->omap_3_1_mapping_disabled) {
- if (omap_dma_3_1_lcd_write(&s->lcd_ch, addr, value))
- break;
- return;
- }
- /* Fall through. */
- case 0x000 ... 0x2fe:
- reg = addr & 0x3f;
- ch = (addr >> 6) & 0x0f;
- if (omap_dma_ch_reg_write(s, &s->ch[ch], reg, value))
- break;
- return;
-
- case 0x404 ... 0x4fe:
- if (s->model <= omap_dma_3_1)
- break;
- case 0x400:
- /* Fall through. */
- if (omap_dma_sys_write(s, addr, value))
- break;
- return;
-
- case 0xb00 ... 0xbfe:
- if (s->model == omap_dma_3_2 && s->omap_3_1_mapping_disabled) {
- if (omap_dma_3_2_lcd_write(&s->lcd_ch, addr, value))
- break;
- return;
- }
- break;
- }
-
- OMAP_BAD_REG(addr);
-}
-
-static const MemoryRegionOps omap_dma_ops = {
- .read = omap_dma_read,
- .write = omap_dma_write,
- .endianness = DEVICE_NATIVE_ENDIAN,
-};
-
-static void omap_dma_request(void *opaque, int drq, int req)
-{
- struct omap_dma_s *s = (struct omap_dma_s *) opaque;
- /* The request pins are level triggered in QEMU. */
- if (req) {
- if (~s->dma->drqbmp & (1 << drq)) {
- s->dma->drqbmp |= 1 << drq;
- omap_dma_process_request(s, drq);
- }
- } else
- s->dma->drqbmp &= ~(1 << drq);
-}
-
-/* XXX: this won't be needed once soc_dma knows about clocks. */
-static void omap_dma_clk_update(void *opaque, int line, int on)
-{
- struct omap_dma_s *s = (struct omap_dma_s *) opaque;
- int i;
-
- s->dma->freq = omap_clk_getrate(s->clk);
-
- for (i = 0; i < s->chans; i ++)
- if (s->ch[i].active)
- soc_dma_set_request(s->ch[i].dma, on);
-}
-
-static void omap_dma_setcaps(struct omap_dma_s *s)
-{
- switch (s->model) {
- default:
- case omap_dma_3_1:
- break;
- case omap_dma_3_2:
- case omap_dma_4:
- /* XXX Only available for sDMA */
- s->caps[0] =
- (1 << 19) | /* Constant Fill Capability */
- (1 << 18); /* Transparent BLT Capability */
- s->caps[1] =
- (1 << 1); /* 1-bit palettized capability (DMA 3.2 only) */
- s->caps[2] =
- (1 << 8) | /* SEPARATE_SRC_AND_DST_INDEX_CPBLTY */
- (1 << 7) | /* DST_DOUBLE_INDEX_ADRS_CPBLTY */
- (1 << 6) | /* DST_SINGLE_INDEX_ADRS_CPBLTY */
- (1 << 5) | /* DST_POST_INCRMNT_ADRS_CPBLTY */
- (1 << 4) | /* DST_CONST_ADRS_CPBLTY */
- (1 << 3) | /* SRC_DOUBLE_INDEX_ADRS_CPBLTY */
- (1 << 2) | /* SRC_SINGLE_INDEX_ADRS_CPBLTY */
- (1 << 1) | /* SRC_POST_INCRMNT_ADRS_CPBLTY */
- (1 << 0); /* SRC_CONST_ADRS_CPBLTY */
- s->caps[3] =
- (1 << 6) | /* BLOCK_SYNCHR_CPBLTY (DMA 4 only) */
- (1 << 7) | /* PKT_SYNCHR_CPBLTY (DMA 4 only) */
- (1 << 5) | /* CHANNEL_CHAINING_CPBLTY */
- (1 << 4) | /* LCh_INTERLEAVE_CPBLTY */
- (1 << 3) | /* AUTOINIT_REPEAT_CPBLTY (DMA 3.2 only) */
- (1 << 2) | /* AUTOINIT_ENDPROG_CPBLTY (DMA 3.2 only) */
- (1 << 1) | /* FRAME_SYNCHR_CPBLTY */
- (1 << 0); /* ELMNT_SYNCHR_CPBLTY */
- s->caps[4] =
- (1 << 7) | /* PKT_INTERRUPT_CPBLTY (DMA 4 only) */
- (1 << 6) | /* SYNC_STATUS_CPBLTY */
- (1 << 5) | /* BLOCK_INTERRUPT_CPBLTY */
- (1 << 4) | /* LAST_FRAME_INTERRUPT_CPBLTY */
- (1 << 3) | /* FRAME_INTERRUPT_CPBLTY */
- (1 << 2) | /* HALF_FRAME_INTERRUPT_CPBLTY */
- (1 << 1) | /* EVENT_DROP_INTERRUPT_CPBLTY */
- (1 << 0); /* TIMEOUT_INTERRUPT_CPBLTY (DMA 3.2 only) */
- break;
- }
-}
-
-struct soc_dma_s *omap_dma_init(hwaddr base, qemu_irq *irqs,
- MemoryRegion *sysmem,
- qemu_irq lcd_irq, struct omap_mpu_state_s *mpu, omap_clk clk,
- enum omap_dma_model model)
-{
- int num_irqs, memsize, i;
- struct omap_dma_s *s = (struct omap_dma_s *)
- g_malloc0(sizeof(struct omap_dma_s));
-
- if (model <= omap_dma_3_1) {
- num_irqs = 6;
- memsize = 0x800;
- } else {
- num_irqs = 16;
- memsize = 0xc00;
- }
- s->model = model;
- s->mpu = mpu;
- s->clk = clk;
- s->lcd_ch.irq = lcd_irq;
- s->lcd_ch.mpu = mpu;
-
- s->dma = soc_dma_init((model <= omap_dma_3_1) ? 9 : 16);
- s->dma->freq = omap_clk_getrate(clk);
- s->dma->transfer_fn = omap_dma_transfer_generic;
- s->dma->setup_fn = omap_dma_transfer_setup;
- s->dma->drq = qemu_allocate_irqs(omap_dma_request, s, 32);
- s->dma->opaque = s;
-
- while (num_irqs --)
- s->ch[num_irqs].irq = irqs[num_irqs];
- for (i = 0; i < 3; i ++) {
- s->ch[i].sibling = &s->ch[i + 6];
- s->ch[i + 6].sibling = &s->ch[i];
- }
- for (i = (model <= omap_dma_3_1) ? 8 : 15; i >= 0; i --) {
- s->ch[i].dma = &s->dma->ch[i];
- s->dma->ch[i].opaque = &s->ch[i];
- }
-
- omap_dma_setcaps(s);
- omap_clk_adduser(s->clk, qemu_allocate_irqs(omap_dma_clk_update, s, 1)[0]);
- omap_dma_reset(s->dma);
- omap_dma_clk_update(s, 0, 1);
-
- memory_region_init_io(&s->iomem, &omap_dma_ops, s, "omap.dma", memsize);
- memory_region_add_subregion(sysmem, base, &s->iomem);
-
- mpu->drq = s->dma->drq;
-
- return s->dma;
-}
-
-static void omap_dma_interrupts_4_update(struct omap_dma_s *s)
-{
- struct omap_dma_channel_s *ch = s->ch;
- uint32_t bmp, bit;
-
- for (bmp = 0, bit = 1; bit; ch ++, bit <<= 1)
- if (ch->status) {
- bmp |= bit;
- ch->cstatus |= ch->status;
- ch->status = 0;
- }
- if ((s->irqstat[0] |= s->irqen[0] & bmp))
- qemu_irq_raise(s->irq[0]);
- if ((s->irqstat[1] |= s->irqen[1] & bmp))
- qemu_irq_raise(s->irq[1]);
- if ((s->irqstat[2] |= s->irqen[2] & bmp))
- qemu_irq_raise(s->irq[2]);
- if ((s->irqstat[3] |= s->irqen[3] & bmp))
- qemu_irq_raise(s->irq[3]);
-}
-
-static uint64_t omap_dma4_read(void *opaque, hwaddr addr,
- unsigned size)
-{
- struct omap_dma_s *s = (struct omap_dma_s *) opaque;
- int irqn = 0, chnum;
- struct omap_dma_channel_s *ch;
-
- if (size == 1) {
- return omap_badwidth_read16(opaque, addr);
- }
-
- switch (addr) {
- case 0x00: /* DMA4_REVISION */
- return 0x40;
-
- case 0x14: /* DMA4_IRQSTATUS_L3 */
- irqn ++;
- case 0x10: /* DMA4_IRQSTATUS_L2 */
- irqn ++;
- case 0x0c: /* DMA4_IRQSTATUS_L1 */
- irqn ++;
- case 0x08: /* DMA4_IRQSTATUS_L0 */
- return s->irqstat[irqn];
-
- case 0x24: /* DMA4_IRQENABLE_L3 */
- irqn ++;
- case 0x20: /* DMA4_IRQENABLE_L2 */
- irqn ++;
- case 0x1c: /* DMA4_IRQENABLE_L1 */
- irqn ++;
- case 0x18: /* DMA4_IRQENABLE_L0 */
- return s->irqen[irqn];
-
- case 0x28: /* DMA4_SYSSTATUS */
- return 1; /* RESETDONE */
-
- case 0x2c: /* DMA4_OCP_SYSCONFIG */
- return s->ocp;
-
- case 0x64: /* DMA4_CAPS_0 */
- return s->caps[0];
- case 0x6c: /* DMA4_CAPS_2 */
- return s->caps[2];
- case 0x70: /* DMA4_CAPS_3 */
- return s->caps[3];
- case 0x74: /* DMA4_CAPS_4 */
- return s->caps[4];
-
- case 0x78: /* DMA4_GCR */
- return s->gcr;
-
- case 0x80 ... 0xfff:
- addr -= 0x80;
- chnum = addr / 0x60;
- ch = s->ch + chnum;
- addr -= chnum * 0x60;
- break;
-
- default:
- OMAP_BAD_REG(addr);
- return 0;
- }
-
- /* Per-channel registers */
- switch (addr) {
- case 0x00: /* DMA4_CCR */
- return (ch->buf_disable << 25) |
- (ch->src_sync << 24) |
- (ch->prefetch << 23) |
- ((ch->sync & 0x60) << 14) |
- (ch->bs << 18) |
- (ch->transparent_copy << 17) |
- (ch->constant_fill << 16) |
- (ch->mode[1] << 14) |
- (ch->mode[0] << 12) |
- (0 << 10) | (0 << 9) |
- (ch->suspend << 8) |
- (ch->enable << 7) |
- (ch->priority << 6) |
- (ch->fs << 5) | (ch->sync & 0x1f);
-
- case 0x04: /* DMA4_CLNK_CTRL */
- return (ch->link_enabled << 15) | ch->link_next_ch;
-
- case 0x08: /* DMA4_CICR */
- return ch->interrupts;
-
- case 0x0c: /* DMA4_CSR */
- return ch->cstatus;
-
- case 0x10: /* DMA4_CSDP */
- return (ch->endian[0] << 21) |
- (ch->endian_lock[0] << 20) |
- (ch->endian[1] << 19) |
- (ch->endian_lock[1] << 18) |
- (ch->write_mode << 16) |
- (ch->burst[1] << 14) |
- (ch->pack[1] << 13) |
- (ch->translate[1] << 9) |
- (ch->burst[0] << 7) |
- (ch->pack[0] << 6) |
- (ch->translate[0] << 2) |
- (ch->data_type >> 1);
-
- case 0x14: /* DMA4_CEN */
- return ch->elements;
-
- case 0x18: /* DMA4_CFN */
- return ch->frames;
-
- case 0x1c: /* DMA4_CSSA */
- return ch->addr[0];
-
- case 0x20: /* DMA4_CDSA */
- return ch->addr[1];
-
- case 0x24: /* DMA4_CSEI */
- return ch->element_index[0];
-
- case 0x28: /* DMA4_CSFI */
- return ch->frame_index[0];
-
- case 0x2c: /* DMA4_CDEI */
- return ch->element_index[1];
-
- case 0x30: /* DMA4_CDFI */
- return ch->frame_index[1];
-
- case 0x34: /* DMA4_CSAC */
- return ch->active_set.src & 0xffff;
-
- case 0x38: /* DMA4_CDAC */
- return ch->active_set.dest & 0xffff;
-
- case 0x3c: /* DMA4_CCEN */
- return ch->active_set.element;
-
- case 0x40: /* DMA4_CCFN */
- return ch->active_set.frame;
-
- case 0x44: /* DMA4_COLOR */
- /* XXX only in sDMA */
- return ch->color;
-
- default:
- OMAP_BAD_REG(addr);
- return 0;
- }
-}
-
-static void omap_dma4_write(void *opaque, hwaddr addr,
- uint64_t value, unsigned size)
-{
- struct omap_dma_s *s = (struct omap_dma_s *) opaque;
- int chnum, irqn = 0;
- struct omap_dma_channel_s *ch;
-
- if (size == 1) {
- return omap_badwidth_write16(opaque, addr, value);
- }
-
- switch (addr) {
- case 0x14: /* DMA4_IRQSTATUS_L3 */
- irqn ++;
- case 0x10: /* DMA4_IRQSTATUS_L2 */
- irqn ++;
- case 0x0c: /* DMA4_IRQSTATUS_L1 */
- irqn ++;
- case 0x08: /* DMA4_IRQSTATUS_L0 */
- s->irqstat[irqn] &= ~value;
- if (!s->irqstat[irqn])
- qemu_irq_lower(s->irq[irqn]);
- return;
-
- case 0x24: /* DMA4_IRQENABLE_L3 */
- irqn ++;
- case 0x20: /* DMA4_IRQENABLE_L2 */
- irqn ++;
- case 0x1c: /* DMA4_IRQENABLE_L1 */
- irqn ++;
- case 0x18: /* DMA4_IRQENABLE_L0 */
- s->irqen[irqn] = value;
- return;
-
- case 0x2c: /* DMA4_OCP_SYSCONFIG */
- if (value & 2) /* SOFTRESET */
- omap_dma_reset(s->dma);
- s->ocp = value & 0x3321;
- if (((s->ocp >> 12) & 3) == 3) /* MIDLEMODE */
- fprintf(stderr, "%s: invalid DMA power mode\n", __FUNCTION__);
- return;
-
- case 0x78: /* DMA4_GCR */
- s->gcr = value & 0x00ff00ff;
- if ((value & 0xff) == 0x00) /* MAX_CHANNEL_FIFO_DEPTH */
- fprintf(stderr, "%s: wrong FIFO depth in GCR\n", __FUNCTION__);
- return;
-
- case 0x80 ... 0xfff:
- addr -= 0x80;
- chnum = addr / 0x60;
- ch = s->ch + chnum;
- addr -= chnum * 0x60;
- break;
-
- case 0x00: /* DMA4_REVISION */
- case 0x28: /* DMA4_SYSSTATUS */
- case 0x64: /* DMA4_CAPS_0 */
- case 0x6c: /* DMA4_CAPS_2 */
- case 0x70: /* DMA4_CAPS_3 */
- case 0x74: /* DMA4_CAPS_4 */
- OMAP_RO_REG(addr);
- return;
-
- default:
- OMAP_BAD_REG(addr);
- return;
- }
-
- /* Per-channel registers */
- switch (addr) {
- case 0x00: /* DMA4_CCR */
- ch->buf_disable = (value >> 25) & 1;
- ch->src_sync = (value >> 24) & 1; /* XXX For CamDMA must be 1 */
- if (ch->buf_disable && !ch->src_sync)
- fprintf(stderr, "%s: Buffering disable is not allowed in "
- "destination synchronised mode\n", __FUNCTION__);
- ch->prefetch = (value >> 23) & 1;
- ch->bs = (value >> 18) & 1;
- ch->transparent_copy = (value >> 17) & 1;
- ch->constant_fill = (value >> 16) & 1;
- ch->mode[1] = (omap_dma_addressing_t) ((value & 0xc000) >> 14);
- ch->mode[0] = (omap_dma_addressing_t) ((value & 0x3000) >> 12);
- ch->suspend = (value & 0x0100) >> 8;
- ch->priority = (value & 0x0040) >> 6;
- ch->fs = (value & 0x0020) >> 5;
- if (ch->fs && ch->bs && ch->mode[0] && ch->mode[1])
- fprintf(stderr, "%s: For a packet transfer at least one port "
- "must be constant-addressed\n", __FUNCTION__);
- ch->sync = (value & 0x001f) | ((value >> 14) & 0x0060);
- /* XXX must be 0x01 for CamDMA */
-
- if (value & 0x0080)
- omap_dma_enable_channel(s, ch);
- else
- omap_dma_disable_channel(s, ch);
-
- break;
-
- case 0x04: /* DMA4_CLNK_CTRL */
- ch->link_enabled = (value >> 15) & 0x1;
- ch->link_next_ch = value & 0x1f;
- break;
-
- case 0x08: /* DMA4_CICR */
- ch->interrupts = value & 0x09be;
- break;
-
- case 0x0c: /* DMA4_CSR */
- ch->cstatus &= ~value;
- break;
-
- case 0x10: /* DMA4_CSDP */
- ch->endian[0] =(value >> 21) & 1;
- ch->endian_lock[0] =(value >> 20) & 1;
- ch->endian[1] =(value >> 19) & 1;
- ch->endian_lock[1] =(value >> 18) & 1;
- if (ch->endian[0] != ch->endian[1])
- fprintf(stderr, "%s: DMA endiannes conversion enable attempt\n",
- __FUNCTION__);
- ch->write_mode = (value >> 16) & 3;
- ch->burst[1] = (value & 0xc000) >> 14;
- ch->pack[1] = (value & 0x2000) >> 13;
- ch->translate[1] = (value & 0x1e00) >> 9;
- ch->burst[0] = (value & 0x0180) >> 7;
- ch->pack[0] = (value & 0x0040) >> 6;
- ch->translate[0] = (value & 0x003c) >> 2;
- if (ch->translate[0] | ch->translate[1])
- fprintf(stderr, "%s: bad MReqAddressTranslate sideband signal\n",
- __FUNCTION__);
- ch->data_type = 1 << (value & 3);
- if ((value & 3) == 3)
- printf("%s: bad data_type for DMA channel\n", __FUNCTION__);
- break;
-
- case 0x14: /* DMA4_CEN */
- ch->set_update = 1;
- ch->elements = value & 0xffffff;
- break;
-
- case 0x18: /* DMA4_CFN */
- ch->frames = value & 0xffff;
- ch->set_update = 1;
- break;
-
- case 0x1c: /* DMA4_CSSA */
- ch->addr[0] = (hwaddr) (uint32_t) value;
- ch->set_update = 1;
- break;
-
- case 0x20: /* DMA4_CDSA */
- ch->addr[1] = (hwaddr) (uint32_t) value;
- ch->set_update = 1;
- break;
-
- case 0x24: /* DMA4_CSEI */
- ch->element_index[0] = (int16_t) value;
- ch->set_update = 1;
- break;
-
- case 0x28: /* DMA4_CSFI */
- ch->frame_index[0] = (int32_t) value;
- ch->set_update = 1;
- break;
-
- case 0x2c: /* DMA4_CDEI */
- ch->element_index[1] = (int16_t) value;
- ch->set_update = 1;
- break;
-
- case 0x30: /* DMA4_CDFI */
- ch->frame_index[1] = (int32_t) value;
- ch->set_update = 1;
- break;
-
- case 0x44: /* DMA4_COLOR */
- /* XXX only in sDMA */
- ch->color = value;
- break;
-
- case 0x34: /* DMA4_CSAC */
- case 0x38: /* DMA4_CDAC */
- case 0x3c: /* DMA4_CCEN */
- case 0x40: /* DMA4_CCFN */
- OMAP_RO_REG(addr);
- break;
-
- default:
- OMAP_BAD_REG(addr);
- }
-}
-
-static const MemoryRegionOps omap_dma4_ops = {
- .read = omap_dma4_read,
- .write = omap_dma4_write,
- .endianness = DEVICE_NATIVE_ENDIAN,
-};
-
-struct soc_dma_s *omap_dma4_init(hwaddr base, qemu_irq *irqs,
- MemoryRegion *sysmem,
- struct omap_mpu_state_s *mpu, int fifo,
- int chans, omap_clk iclk, omap_clk fclk)
-{
- int i;
- struct omap_dma_s *s = (struct omap_dma_s *)
- g_malloc0(sizeof(struct omap_dma_s));
-
- s->model = omap_dma_4;
- s->chans = chans;
- s->mpu = mpu;
- s->clk = fclk;
-
- s->dma = soc_dma_init(s->chans);
- s->dma->freq = omap_clk_getrate(fclk);
- s->dma->transfer_fn = omap_dma_transfer_generic;
- s->dma->setup_fn = omap_dma_transfer_setup;
- s->dma->drq = qemu_allocate_irqs(omap_dma_request, s, 64);
- s->dma->opaque = s;
- for (i = 0; i < s->chans; i ++) {
- s->ch[i].dma = &s->dma->ch[i];
- s->dma->ch[i].opaque = &s->ch[i];
- }
-
- memcpy(&s->irq, irqs, sizeof(s->irq));
- s->intr_update = omap_dma_interrupts_4_update;
-
- omap_dma_setcaps(s);
- omap_clk_adduser(s->clk, qemu_allocate_irqs(omap_dma_clk_update, s, 1)[0]);
- omap_dma_reset(s->dma);
- omap_dma_clk_update(s, 0, !!s->dma->freq);
-
- memory_region_init_io(&s->iomem, &omap_dma4_ops, s, "omap.dma4", 0x1000);
- memory_region_add_subregion(sysmem, base, &s->iomem);
-
- mpu->drq = s->dma->drq;
-
- return s->dma;
-}
-
-struct omap_dma_lcd_channel_s *omap_dma_get_lcdch(struct soc_dma_s *dma)
-{
- struct omap_dma_s *s = dma->opaque;
-
- return &s->lcd_ch;
-}
diff --git a/hw/omap_dss.c b/hw/omap_dss.c
deleted file mode 100644
index 1e83726d3..000000000
--- a/hw/omap_dss.c
+++ /dev/null
@@ -1,1086 +0,0 @@
-/*
- * OMAP2 Display Subsystem.
- *
- * Copyright (C) 2008 Nokia Corporation
- * Written by Andrzej Zaborowski <andrew@openedhand.com>
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License as
- * published by the Free Software Foundation; either version 2 or
- * (at your option) version 3 of the License.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, see <http://www.gnu.org/licenses/>.
- */
-#include "hw.h"
-#include "console.h"
-#include "omap.h"
-
-struct omap_dss_s {
- qemu_irq irq;
- qemu_irq drq;
- DisplayState *state;
- MemoryRegion iomem_diss1, iomem_disc1, iomem_rfbi1, iomem_venc1, iomem_im3;
-
- int autoidle;
- int control;
- int enable;
-
- struct omap_dss_panel_s {
- int enable;
- int nx;
- int ny;
-
- int x;
- int y;
- } dig, lcd;
-
- struct {
- uint32_t idlemode;
- uint32_t irqst;
- uint32_t irqen;
- uint32_t control;
- uint32_t config;
- uint32_t capable;
- uint32_t timing[4];
- int line;
- uint32_t bg[2];
- uint32_t trans[2];
-
- struct omap_dss_plane_s {
- int enable;
- int bpp;
- int posx;
- int posy;
- int nx;
- int ny;
-
- hwaddr addr[3];
-
- uint32_t attr;
- uint32_t tresh;
- int rowinc;
- int colinc;
- int wininc;
- } l[3];
-
- int invalidate;
- uint16_t palette[256];
- } dispc;
-
- struct {
- int idlemode;
- uint32_t control;
- int enable;
- int pixels;
- int busy;
- int skiplines;
- uint16_t rxbuf;
- uint32_t config[2];
- uint32_t time[4];
- uint32_t data[6];
- uint16_t vsync;
- uint16_t hsync;
- struct rfbi_chip_s *chip[2];
- } rfbi;
-};
-
-static void omap_dispc_interrupt_update(struct omap_dss_s *s)
-{
- qemu_set_irq(s->irq, s->dispc.irqst & s->dispc.irqen);
-}
-
-static void omap_rfbi_reset(struct omap_dss_s *s)
-{
- s->rfbi.idlemode = 0;
- s->rfbi.control = 2;
- s->rfbi.enable = 0;
- s->rfbi.pixels = 0;
- s->rfbi.skiplines = 0;
- s->rfbi.busy = 0;
- s->rfbi.config[0] = 0x00310000;
- s->rfbi.config[1] = 0x00310000;
- s->rfbi.time[0] = 0;
- s->rfbi.time[1] = 0;
- s->rfbi.time[2] = 0;
- s->rfbi.time[3] = 0;
- s->rfbi.data[0] = 0;
- s->rfbi.data[1] = 0;
- s->rfbi.data[2] = 0;
- s->rfbi.data[3] = 0;
- s->rfbi.data[4] = 0;
- s->rfbi.data[5] = 0;
- s->rfbi.vsync = 0;
- s->rfbi.hsync = 0;
-}
-
-void omap_dss_reset(struct omap_dss_s *s)
-{
- s->autoidle = 0;
- s->control = 0;
- s->enable = 0;
-
- s->dig.enable = 0;
- s->dig.nx = 1;
- s->dig.ny = 1;
-
- s->lcd.enable = 0;
- s->lcd.nx = 1;
- s->lcd.ny = 1;
-
- s->dispc.idlemode = 0;
- s->dispc.irqst = 0;
- s->dispc.irqen = 0;
- s->dispc.control = 0;
- s->dispc.config = 0;
- s->dispc.capable = 0x161;
- s->dispc.timing[0] = 0;
- s->dispc.timing[1] = 0;
- s->dispc.timing[2] = 0;
- s->dispc.timing[3] = 0;
- s->dispc.line = 0;
- s->dispc.bg[0] = 0;
- s->dispc.bg[1] = 0;
- s->dispc.trans[0] = 0;
- s->dispc.trans[1] = 0;
-
- s->dispc.l[0].enable = 0;
- s->dispc.l[0].bpp = 0;
- s->dispc.l[0].addr[0] = 0;
- s->dispc.l[0].addr[1] = 0;
- s->dispc.l[0].addr[2] = 0;
- s->dispc.l[0].posx = 0;
- s->dispc.l[0].posy = 0;
- s->dispc.l[0].nx = 1;
- s->dispc.l[0].ny = 1;
- s->dispc.l[0].attr = 0;
- s->dispc.l[0].tresh = 0;
- s->dispc.l[0].rowinc = 1;
- s->dispc.l[0].colinc = 1;
- s->dispc.l[0].wininc = 0;
-
- omap_rfbi_reset(s);
- omap_dispc_interrupt_update(s);
-}
-
-static uint64_t omap_diss_read(void *opaque, hwaddr addr,
- unsigned size)
-{
- struct omap_dss_s *s = (struct omap_dss_s *) opaque;
-
- if (size != 4) {
- return omap_badwidth_read32(opaque, addr);
- }
-
- switch (addr) {
- case 0x00: /* DSS_REVISIONNUMBER */
- return 0x20;
-
- case 0x10: /* DSS_SYSCONFIG */
- return s->autoidle;
-
- case 0x14: /* DSS_SYSSTATUS */
- return 1; /* RESETDONE */
-
- case 0x40: /* DSS_CONTROL */
- return s->control;
-
- case 0x50: /* DSS_PSA_LCD_REG_1 */
- case 0x54: /* DSS_PSA_LCD_REG_2 */
- case 0x58: /* DSS_PSA_VIDEO_REG */
- /* TODO: fake some values when appropriate s->control bits are set */
- return 0;
-
- case 0x5c: /* DSS_STATUS */
- return 1 + (s->control & 1);
-
- default:
- break;
- }
- OMAP_BAD_REG(addr);
- return 0;
-}
-
-static void omap_diss_write(void *opaque, hwaddr addr,
- uint64_t value, unsigned size)
-{
- struct omap_dss_s *s = (struct omap_dss_s *) opaque;
-
- if (size != 4) {
- return omap_badwidth_write32(opaque, addr, value);
- }
-
- switch (addr) {
- case 0x00: /* DSS_REVISIONNUMBER */
- case 0x14: /* DSS_SYSSTATUS */
- case 0x50: /* DSS_PSA_LCD_REG_1 */
- case 0x54: /* DSS_PSA_LCD_REG_2 */
- case 0x58: /* DSS_PSA_VIDEO_REG */
- case 0x5c: /* DSS_STATUS */
- OMAP_RO_REG(addr);
- break;
-
- case 0x10: /* DSS_SYSCONFIG */
- if (value & 2) /* SOFTRESET */
- omap_dss_reset(s);
- s->autoidle = value & 1;
- break;
-
- case 0x40: /* DSS_CONTROL */
- s->control = value & 0x3dd;
- break;
-
- default:
- OMAP_BAD_REG(addr);
- }
-}
-
-static const MemoryRegionOps omap_diss_ops = {
- .read = omap_diss_read,
- .write = omap_diss_write,
- .endianness = DEVICE_NATIVE_ENDIAN,
-};
-
-static uint64_t omap_disc_read(void *opaque, hwaddr addr,
- unsigned size)
-{
- struct omap_dss_s *s = (struct omap_dss_s *) opaque;
-
- if (size != 4) {
- return omap_badwidth_read32(opaque, addr);
- }
-
- switch (addr) {
- case 0x000: /* DISPC_REVISION */
- return 0x20;
-
- case 0x010: /* DISPC_SYSCONFIG */
- return s->dispc.idlemode;
-
- case 0x014: /* DISPC_SYSSTATUS */
- return 1; /* RESETDONE */
-
- case 0x018: /* DISPC_IRQSTATUS */
- return s->dispc.irqst;
-
- case 0x01c: /* DISPC_IRQENABLE */
- return s->dispc.irqen;
-
- case 0x040: /* DISPC_CONTROL */
- return s->dispc.control;
-
- case 0x044: /* DISPC_CONFIG */
- return s->dispc.config;
-
- case 0x048: /* DISPC_CAPABLE */
- return s->dispc.capable;
-
- case 0x04c: /* DISPC_DEFAULT_COLOR0 */
- return s->dispc.bg[0];
- case 0x050: /* DISPC_DEFAULT_COLOR1 */
- return s->dispc.bg[1];
- case 0x054: /* DISPC_TRANS_COLOR0 */
- return s->dispc.trans[0];
- case 0x058: /* DISPC_TRANS_COLOR1 */
- return s->dispc.trans[1];
-
- case 0x05c: /* DISPC_LINE_STATUS */
- return 0x7ff;
- case 0x060: /* DISPC_LINE_NUMBER */
- return s->dispc.line;
-
- case 0x064: /* DISPC_TIMING_H */
- return s->dispc.timing[0];
- case 0x068: /* DISPC_TIMING_V */
- return s->dispc.timing[1];
- case 0x06c: /* DISPC_POL_FREQ */
- return s->dispc.timing[2];
- case 0x070: /* DISPC_DIVISOR */
- return s->dispc.timing[3];
-
- case 0x078: /* DISPC_SIZE_DIG */
- return ((s->dig.ny - 1) << 16) | (s->dig.nx - 1);
- case 0x07c: /* DISPC_SIZE_LCD */
- return ((s->lcd.ny - 1) << 16) | (s->lcd.nx - 1);
-
- case 0x080: /* DISPC_GFX_BA0 */
- return s->dispc.l[0].addr[0];
- case 0x084: /* DISPC_GFX_BA1 */
- return s->dispc.l[0].addr[1];
- case 0x088: /* DISPC_GFX_POSITION */
- return (s->dispc.l[0].posy << 16) | s->dispc.l[0].posx;
- case 0x08c: /* DISPC_GFX_SIZE */
- return ((s->dispc.l[0].ny - 1) << 16) | (s->dispc.l[0].nx - 1);
- case 0x0a0: /* DISPC_GFX_ATTRIBUTES */
- return s->dispc.l[0].attr;
- case 0x0a4: /* DISPC_GFX_FIFO_TRESHOLD */
- return s->dispc.l[0].tresh;
- case 0x0a8: /* DISPC_GFX_FIFO_SIZE_STATUS */
- return 256;
- case 0x0ac: /* DISPC_GFX_ROW_INC */
- return s->dispc.l[0].rowinc;
- case 0x0b0: /* DISPC_GFX_PIXEL_INC */
- return s->dispc.l[0].colinc;
- case 0x0b4: /* DISPC_GFX_WINDOW_SKIP */
- return s->dispc.l[0].wininc;
- case 0x0b8: /* DISPC_GFX_TABLE_BA */
- return s->dispc.l[0].addr[2];
-
- case 0x0bc: /* DISPC_VID1_BA0 */
- case 0x0c0: /* DISPC_VID1_BA1 */
- case 0x0c4: /* DISPC_VID1_POSITION */
- case 0x0c8: /* DISPC_VID1_SIZE */
- case 0x0cc: /* DISPC_VID1_ATTRIBUTES */
- case 0x0d0: /* DISPC_VID1_FIFO_TRESHOLD */
- case 0x0d4: /* DISPC_VID1_FIFO_SIZE_STATUS */
- case 0x0d8: /* DISPC_VID1_ROW_INC */
- case 0x0dc: /* DISPC_VID1_PIXEL_INC */
- case 0x0e0: /* DISPC_VID1_FIR */
- case 0x0e4: /* DISPC_VID1_PICTURE_SIZE */
- case 0x0e8: /* DISPC_VID1_ACCU0 */
- case 0x0ec: /* DISPC_VID1_ACCU1 */
- case 0x0f0 ... 0x140: /* DISPC_VID1_FIR_COEF, DISPC_VID1_CONV_COEF */
- case 0x14c: /* DISPC_VID2_BA0 */
- case 0x150: /* DISPC_VID2_BA1 */
- case 0x154: /* DISPC_VID2_POSITION */
- case 0x158: /* DISPC_VID2_SIZE */
- case 0x15c: /* DISPC_VID2_ATTRIBUTES */
- case 0x160: /* DISPC_VID2_FIFO_TRESHOLD */
- case 0x164: /* DISPC_VID2_FIFO_SIZE_STATUS */
- case 0x168: /* DISPC_VID2_ROW_INC */
- case 0x16c: /* DISPC_VID2_PIXEL_INC */
- case 0x170: /* DISPC_VID2_FIR */
- case 0x174: /* DISPC_VID2_PICTURE_SIZE */
- case 0x178: /* DISPC_VID2_ACCU0 */
- case 0x17c: /* DISPC_VID2_ACCU1 */
- case 0x180 ... 0x1d0: /* DISPC_VID2_FIR_COEF, DISPC_VID2_CONV_COEF */
- case 0x1d4: /* DISPC_DATA_CYCLE1 */
- case 0x1d8: /* DISPC_DATA_CYCLE2 */
- case 0x1dc: /* DISPC_DATA_CYCLE3 */
- return 0;
-
- default:
- break;
- }
- OMAP_BAD_REG(addr);
- return 0;
-}
-
-static void omap_disc_write(void *opaque, hwaddr addr,
- uint64_t value, unsigned size)
-{
- struct omap_dss_s *s = (struct omap_dss_s *) opaque;
-
- if (size != 4) {
- return omap_badwidth_write32(opaque, addr, value);
- }
-
- switch (addr) {
- case 0x010: /* DISPC_SYSCONFIG */
- if (value & 2) /* SOFTRESET */
- omap_dss_reset(s);
- s->dispc.idlemode = value & 0x301b;
- break;
-
- case 0x018: /* DISPC_IRQSTATUS */
- s->dispc.irqst &= ~value;
- omap_dispc_interrupt_update(s);
- break;
-
- case 0x01c: /* DISPC_IRQENABLE */
- s->dispc.irqen = value & 0xffff;
- omap_dispc_interrupt_update(s);
- break;
-
- case 0x040: /* DISPC_CONTROL */
- s->dispc.control = value & 0x07ff9fff;
- s->dig.enable = (value >> 1) & 1;
- s->lcd.enable = (value >> 0) & 1;
- if (value & (1 << 12)) /* OVERLAY_OPTIMIZATION */
- if (!((s->dispc.l[1].attr | s->dispc.l[2].attr) & 1)) {
- fprintf(stderr, "%s: Overlay Optimization when no overlay "
- "region effectively exists leads to "
- "unpredictable behaviour!\n", __func__);
- }
- if (value & (1 << 6)) { /* GODIGITAL */
- /* XXX: Shadowed fields are:
- * s->dispc.config
- * s->dispc.capable
- * s->dispc.bg[0]
- * s->dispc.bg[1]
- * s->dispc.trans[0]
- * s->dispc.trans[1]
- * s->dispc.line
- * s->dispc.timing[0]
- * s->dispc.timing[1]
- * s->dispc.timing[2]
- * s->dispc.timing[3]
- * s->lcd.nx
- * s->lcd.ny
- * s->dig.nx
- * s->dig.ny
- * s->dispc.l[0].addr[0]
- * s->dispc.l[0].addr[1]
- * s->dispc.l[0].addr[2]
- * s->dispc.l[0].posx
- * s->dispc.l[0].posy
- * s->dispc.l[0].nx
- * s->dispc.l[0].ny
- * s->dispc.l[0].tresh
- * s->dispc.l[0].rowinc
- * s->dispc.l[0].colinc
- * s->dispc.l[0].wininc
- * All they need to be loaded here from their shadow registers.
- */
- }
- if (value & (1 << 5)) { /* GOLCD */
- /* XXX: Likewise for LCD here. */
- }
- s->dispc.invalidate = 1;
- break;
-
- case 0x044: /* DISPC_CONFIG */
- s->dispc.config = value & 0x3fff;
- /* XXX:
- * bits 2:1 (LOADMODE) reset to 0 after set to 1 and palette loaded
- * bits 2:1 (LOADMODE) reset to 2 after set to 3 and palette loaded
- */
- s->dispc.invalidate = 1;
- break;
-
- case 0x048: /* DISPC_CAPABLE */
- s->dispc.capable = value & 0x3ff;
- break;
-
- case 0x04c: /* DISPC_DEFAULT_COLOR0 */
- s->dispc.bg[0] = value & 0xffffff;
- s->dispc.invalidate = 1;
- break;
- case 0x050: /* DISPC_DEFAULT_COLOR1 */
- s->dispc.bg[1] = value & 0xffffff;
- s->dispc.invalidate = 1;
- break;
- case 0x054: /* DISPC_TRANS_COLOR0 */
- s->dispc.trans[0] = value & 0xffffff;
- s->dispc.invalidate = 1;
- break;
- case 0x058: /* DISPC_TRANS_COLOR1 */
- s->dispc.trans[1] = value & 0xffffff;
- s->dispc.invalidate = 1;
- break;
-
- case 0x060: /* DISPC_LINE_NUMBER */
- s->dispc.line = value & 0x7ff;
- break;
-
- case 0x064: /* DISPC_TIMING_H */
- s->dispc.timing[0] = value & 0x0ff0ff3f;
- break;
- case 0x068: /* DISPC_TIMING_V */
- s->dispc.timing[1] = value & 0x0ff0ff3f;
- break;
- case 0x06c: /* DISPC_POL_FREQ */
- s->dispc.timing[2] = value & 0x0003ffff;
- break;
- case 0x070: /* DISPC_DIVISOR */
- s->dispc.timing[3] = value & 0x00ff00ff;
- break;
-
- case 0x078: /* DISPC_SIZE_DIG */
- s->dig.nx = ((value >> 0) & 0x7ff) + 1; /* PPL */
- s->dig.ny = ((value >> 16) & 0x7ff) + 1; /* LPP */
- s->dispc.invalidate = 1;
- break;
- case 0x07c: /* DISPC_SIZE_LCD */
- s->lcd.nx = ((value >> 0) & 0x7ff) + 1; /* PPL */
- s->lcd.ny = ((value >> 16) & 0x7ff) + 1; /* LPP */
- s->dispc.invalidate = 1;
- break;
- case 0x080: /* DISPC_GFX_BA0 */
- s->dispc.l[0].addr[0] = (hwaddr) value;
- s->dispc.invalidate = 1;
- break;
- case 0x084: /* DISPC_GFX_BA1 */
- s->dispc.l[0].addr[1] = (hwaddr) value;
- s->dispc.invalidate = 1;
- break;
- case 0x088: /* DISPC_GFX_POSITION */
- s->dispc.l[0].posx = ((value >> 0) & 0x7ff); /* GFXPOSX */
- s->dispc.l[0].posy = ((value >> 16) & 0x7ff); /* GFXPOSY */
- s->dispc.invalidate = 1;
- break;
- case 0x08c: /* DISPC_GFX_SIZE */
- s->dispc.l[0].nx = ((value >> 0) & 0x7ff) + 1; /* GFXSIZEX */
- s->dispc.l[0].ny = ((value >> 16) & 0x7ff) + 1; /* GFXSIZEY */
- s->dispc.invalidate = 1;
- break;
- case 0x0a0: /* DISPC_GFX_ATTRIBUTES */
- s->dispc.l[0].attr = value & 0x7ff;
- if (value & (3 << 9))
- fprintf(stderr, "%s: Big-endian pixel format not supported\n",
- __FUNCTION__);
- s->dispc.l[0].enable = value & 1;
- s->dispc.l[0].bpp = (value >> 1) & 0xf;
- s->dispc.invalidate = 1;
- break;
- case 0x0a4: /* DISPC_GFX_FIFO_TRESHOLD */
- s->dispc.l[0].tresh = value & 0x01ff01ff;
- break;
- case 0x0ac: /* DISPC_GFX_ROW_INC */
- s->dispc.l[0].rowinc = value;
- s->dispc.invalidate = 1;
- break;
- case 0x0b0: /* DISPC_GFX_PIXEL_INC */
- s->dispc.l[0].colinc = value;
- s->dispc.invalidate = 1;
- break;
- case 0x0b4: /* DISPC_GFX_WINDOW_SKIP */
- s->dispc.l[0].wininc = value;
- break;
- case 0x0b8: /* DISPC_GFX_TABLE_BA */
- s->dispc.l[0].addr[2] = (hwaddr) value;
- s->dispc.invalidate = 1;
- break;
-
- case 0x0bc: /* DISPC_VID1_BA0 */
- case 0x0c0: /* DISPC_VID1_BA1 */
- case 0x0c4: /* DISPC_VID1_POSITION */
- case 0x0c8: /* DISPC_VID1_SIZE */
- case 0x0cc: /* DISPC_VID1_ATTRIBUTES */
- case 0x0d0: /* DISPC_VID1_FIFO_TRESHOLD */
- case 0x0d8: /* DISPC_VID1_ROW_INC */
- case 0x0dc: /* DISPC_VID1_PIXEL_INC */
- case 0x0e0: /* DISPC_VID1_FIR */
- case 0x0e4: /* DISPC_VID1_PICTURE_SIZE */
- case 0x0e8: /* DISPC_VID1_ACCU0 */
- case 0x0ec: /* DISPC_VID1_ACCU1 */
- case 0x0f0 ... 0x140: /* DISPC_VID1_FIR_COEF, DISPC_VID1_CONV_COEF */
- case 0x14c: /* DISPC_VID2_BA0 */
- case 0x150: /* DISPC_VID2_BA1 */
- case 0x154: /* DISPC_VID2_POSITION */
- case 0x158: /* DISPC_VID2_SIZE */
- case 0x15c: /* DISPC_VID2_ATTRIBUTES */
- case 0x160: /* DISPC_VID2_FIFO_TRESHOLD */
- case 0x168: /* DISPC_VID2_ROW_INC */
- case 0x16c: /* DISPC_VID2_PIXEL_INC */
- case 0x170: /* DISPC_VID2_FIR */
- case 0x174: /* DISPC_VID2_PICTURE_SIZE */
- case 0x178: /* DISPC_VID2_ACCU0 */
- case 0x17c: /* DISPC_VID2_ACCU1 */
- case 0x180 ... 0x1d0: /* DISPC_VID2_FIR_COEF, DISPC_VID2_CONV_COEF */
- case 0x1d4: /* DISPC_DATA_CYCLE1 */
- case 0x1d8: /* DISPC_DATA_CYCLE2 */
- case 0x1dc: /* DISPC_DATA_CYCLE3 */
- break;
-
- default:
- OMAP_BAD_REG(addr);
- }
-}
-
-static const MemoryRegionOps omap_disc_ops = {
- .read = omap_disc_read,
- .write = omap_disc_write,
- .endianness = DEVICE_NATIVE_ENDIAN,
-};
-
-static void omap_rfbi_transfer_stop(struct omap_dss_s *s)
-{
- if (!s->rfbi.busy)
- return;
-
- /* TODO: in non-Bypass mode we probably need to just deassert the DRQ. */
-
- s->rfbi.busy = 0;
-}
-
-static void omap_rfbi_transfer_start(struct omap_dss_s *s)
-{
- void *data;
- hwaddr len;
- hwaddr data_addr;
- int pitch;
- static void *bounce_buffer;
- static hwaddr bounce_len;
-
- if (!s->rfbi.enable || s->rfbi.busy)
- return;
-
- if (s->rfbi.control & (1 << 1)) { /* BYPASS */
- /* TODO: in non-Bypass mode we probably need to just assert the
- * DRQ and wait for DMA to write the pixels. */
- fprintf(stderr, "%s: Bypass mode unimplemented\n", __FUNCTION__);
- return;
- }
-
- if (!(s->dispc.control & (1 << 11))) /* RFBIMODE */
- return;
- /* TODO: check that LCD output is enabled in DISPC. */
-
- s->rfbi.busy = 1;
-
- len = s->rfbi.pixels * 2;
-
- data_addr = s->dispc.l[0].addr[0];
- data = cpu_physical_memory_map(data_addr, &len, 0);
- if (data && len != s->rfbi.pixels * 2) {
- cpu_physical_memory_unmap(data, len, 0, 0);
- data = NULL;
- len = s->rfbi.pixels * 2;
- }
- if (!data) {
- if (len > bounce_len) {
- bounce_buffer = g_realloc(bounce_buffer, len);
- }
- data = bounce_buffer;
- cpu_physical_memory_read(data_addr, data, len);
- }
-
- /* TODO bpp */
- s->rfbi.pixels = 0;
-
- /* TODO: negative values */
- pitch = s->dispc.l[0].nx + (s->dispc.l[0].rowinc - 1) / 2;
-
- if ((s->rfbi.control & (1 << 2)) && s->rfbi.chip[0])
- s->rfbi.chip[0]->block(s->rfbi.chip[0]->opaque, 1, data, len, pitch);
- if ((s->rfbi.control & (1 << 3)) && s->rfbi.chip[1])
- s->rfbi.chip[1]->block(s->rfbi.chip[1]->opaque, 1, data, len, pitch);
-
- if (data != bounce_buffer) {
- cpu_physical_memory_unmap(data, len, 0, len);
- }
-
- omap_rfbi_transfer_stop(s);
-
- /* TODO */
- s->dispc.irqst |= 1; /* FRAMEDONE */
- omap_dispc_interrupt_update(s);
-}
-
-static uint64_t omap_rfbi_read(void *opaque, hwaddr addr,
- unsigned size)
-{
- struct omap_dss_s *s = (struct omap_dss_s *) opaque;
-
- if (size != 4) {
- return omap_badwidth_read32(opaque, addr);
- }
-
- switch (addr) {
- case 0x00: /* RFBI_REVISION */
- return 0x10;
-
- case 0x10: /* RFBI_SYSCONFIG */
- return s->rfbi.idlemode;
-
- case 0x14: /* RFBI_SYSSTATUS */
- return 1 | (s->rfbi.busy << 8); /* RESETDONE */
-
- case 0x40: /* RFBI_CONTROL */
- return s->rfbi.control;
-
- case 0x44: /* RFBI_PIXELCNT */
- return s->rfbi.pixels;
-
- case 0x48: /* RFBI_LINE_NUMBER */
- return s->rfbi.skiplines;
-
- case 0x58: /* RFBI_READ */
- case 0x5c: /* RFBI_STATUS */
- return s->rfbi.rxbuf;
-
- case 0x60: /* RFBI_CONFIG0 */
- return s->rfbi.config[0];
- case 0x64: /* RFBI_ONOFF_TIME0 */
- return s->rfbi.time[0];
- case 0x68: /* RFBI_CYCLE_TIME0 */
- return s->rfbi.time[1];
- case 0x6c: /* RFBI_DATA_CYCLE1_0 */
- return s->rfbi.data[0];
- case 0x70: /* RFBI_DATA_CYCLE2_0 */
- return s->rfbi.data[1];
- case 0x74: /* RFBI_DATA_CYCLE3_0 */
- return s->rfbi.data[2];
-
- case 0x78: /* RFBI_CONFIG1 */
- return s->rfbi.config[1];
- case 0x7c: /* RFBI_ONOFF_TIME1 */
- return s->rfbi.time[2];
- case 0x80: /* RFBI_CYCLE_TIME1 */
- return s->rfbi.time[3];
- case 0x84: /* RFBI_DATA_CYCLE1_1 */
- return s->rfbi.data[3];
- case 0x88: /* RFBI_DATA_CYCLE2_1 */
- return s->rfbi.data[4];
- case 0x8c: /* RFBI_DATA_CYCLE3_1 */
- return s->rfbi.data[5];
-
- case 0x90: /* RFBI_VSYNC_WIDTH */
- return s->rfbi.vsync;
- case 0x94: /* RFBI_HSYNC_WIDTH */
- return s->rfbi.hsync;
- }
- OMAP_BAD_REG(addr);
- return 0;
-}
-
-static void omap_rfbi_write(void *opaque, hwaddr addr,
- uint64_t value, unsigned size)
-{
- struct omap_dss_s *s = (struct omap_dss_s *) opaque;
-
- if (size != 4) {
- return omap_badwidth_write32(opaque, addr, value);
- }
-
- switch (addr) {
- case 0x10: /* RFBI_SYSCONFIG */
- if (value & 2) /* SOFTRESET */
- omap_rfbi_reset(s);
- s->rfbi.idlemode = value & 0x19;
- break;
-
- case 0x40: /* RFBI_CONTROL */
- s->rfbi.control = value & 0xf;
- s->rfbi.enable = value & 1;
- if (value & (1 << 4) && /* ITE */
- !(s->rfbi.config[0] & s->rfbi.config[1] & 0xc))
- omap_rfbi_transfer_start(s);
- break;
-
- case 0x44: /* RFBI_PIXELCNT */
- s->rfbi.pixels = value;
- break;
-
- case 0x48: /* RFBI_LINE_NUMBER */
- s->rfbi.skiplines = value & 0x7ff;
- break;
-
- case 0x4c: /* RFBI_CMD */
- if ((s->rfbi.control & (1 << 2)) && s->rfbi.chip[0])
- s->rfbi.chip[0]->write(s->rfbi.chip[0]->opaque, 0, value & 0xffff);
- if ((s->rfbi.control & (1 << 3)) && s->rfbi.chip[1])
- s->rfbi.chip[1]->write(s->rfbi.chip[1]->opaque, 0, value & 0xffff);
- break;
- case 0x50: /* RFBI_PARAM */
- if ((s->rfbi.control & (1 << 2)) && s->rfbi.chip[0])
- s->rfbi.chip[0]->write(s->rfbi.chip[0]->opaque, 1, value & 0xffff);
- if ((s->rfbi.control & (1 << 3)) && s->rfbi.chip[1])
- s->rfbi.chip[1]->write(s->rfbi.chip[1]->opaque, 1, value & 0xffff);
- break;
- case 0x54: /* RFBI_DATA */
- /* TODO: take into account the format set up in s->rfbi.config[?] and
- * s->rfbi.data[?], but special-case the most usual scenario so that
- * speed doesn't suffer. */
- if ((s->rfbi.control & (1 << 2)) && s->rfbi.chip[0]) {
- s->rfbi.chip[0]->write(s->rfbi.chip[0]->opaque, 1, value & 0xffff);
- s->rfbi.chip[0]->write(s->rfbi.chip[0]->opaque, 1, value >> 16);
- }
- if ((s->rfbi.control & (1 << 3)) && s->rfbi.chip[1]) {
- s->rfbi.chip[1]->write(s->rfbi.chip[1]->opaque, 1, value & 0xffff);
- s->rfbi.chip[1]->write(s->rfbi.chip[1]->opaque, 1, value >> 16);
- }
- if (!-- s->rfbi.pixels)
- omap_rfbi_transfer_stop(s);
- break;
- case 0x58: /* RFBI_READ */
- if ((s->rfbi.control & (1 << 2)) && s->rfbi.chip[0])
- s->rfbi.rxbuf = s->rfbi.chip[0]->read(s->rfbi.chip[0]->opaque, 1);
- else if ((s->rfbi.control & (1 << 3)) && s->rfbi.chip[1])
- s->rfbi.rxbuf = s->rfbi.chip[1]->read(s->rfbi.chip[1]->opaque, 1);
- if (!-- s->rfbi.pixels)
- omap_rfbi_transfer_stop(s);
- break;
-
- case 0x5c: /* RFBI_STATUS */
- if ((s->rfbi.control & (1 << 2)) && s->rfbi.chip[0])
- s->rfbi.rxbuf = s->rfbi.chip[0]->read(s->rfbi.chip[0]->opaque, 0);
- else if ((s->rfbi.control & (1 << 3)) && s->rfbi.chip[1])
- s->rfbi.rxbuf = s->rfbi.chip[1]->read(s->rfbi.chip[1]->opaque, 0);
- if (!-- s->rfbi.pixels)
- omap_rfbi_transfer_stop(s);
- break;
-
- case 0x60: /* RFBI_CONFIG0 */
- s->rfbi.config[0] = value & 0x003f1fff;
- break;
-
- case 0x64: /* RFBI_ONOFF_TIME0 */
- s->rfbi.time[0] = value & 0x3fffffff;
- break;
- case 0x68: /* RFBI_CYCLE_TIME0 */
- s->rfbi.time[1] = value & 0x0fffffff;
- break;
- case 0x6c: /* RFBI_DATA_CYCLE1_0 */
- s->rfbi.data[0] = value & 0x0f1f0f1f;
- break;
- case 0x70: /* RFBI_DATA_CYCLE2_0 */
- s->rfbi.data[1] = value & 0x0f1f0f1f;
- break;
- case 0x74: /* RFBI_DATA_CYCLE3_0 */
- s->rfbi.data[2] = value & 0x0f1f0f1f;
- break;
- case 0x78: /* RFBI_CONFIG1 */
- s->rfbi.config[1] = value & 0x003f1fff;
- break;
-
- case 0x7c: /* RFBI_ONOFF_TIME1 */
- s->rfbi.time[2] = value & 0x3fffffff;
- break;
- case 0x80: /* RFBI_CYCLE_TIME1 */
- s->rfbi.time[3] = value & 0x0fffffff;
- break;
- case 0x84: /* RFBI_DATA_CYCLE1_1 */
- s->rfbi.data[3] = value & 0x0f1f0f1f;
- break;
- case 0x88: /* RFBI_DATA_CYCLE2_1 */
- s->rfbi.data[4] = value & 0x0f1f0f1f;
- break;
- case 0x8c: /* RFBI_DATA_CYCLE3_1 */
- s->rfbi.data[5] = value & 0x0f1f0f1f;
- break;
-
- case 0x90: /* RFBI_VSYNC_WIDTH */
- s->rfbi.vsync = value & 0xffff;
- break;
- case 0x94: /* RFBI_HSYNC_WIDTH */
- s->rfbi.hsync = value & 0xffff;
- break;
-
- default:
- OMAP_BAD_REG(addr);
- }
-}
-
-static const MemoryRegionOps omap_rfbi_ops = {
- .read = omap_rfbi_read,
- .write = omap_rfbi_write,
- .endianness = DEVICE_NATIVE_ENDIAN,
-};
-
-static uint64_t omap_venc_read(void *opaque, hwaddr addr,
- unsigned size)
-{
- if (size != 4) {
- return omap_badwidth_read32(opaque, addr);
- }
-
- switch (addr) {
- case 0x00: /* REV_ID */
- case 0x04: /* STATUS */
- case 0x08: /* F_CONTROL */
- case 0x10: /* VIDOUT_CTRL */
- case 0x14: /* SYNC_CTRL */
- case 0x1c: /* LLEN */
- case 0x20: /* FLENS */
- case 0x24: /* HFLTR_CTRL */
- case 0x28: /* CC_CARR_WSS_CARR */
- case 0x2c: /* C_PHASE */
- case 0x30: /* GAIN_U */
- case 0x34: /* GAIN_V */
- case 0x38: /* GAIN_Y */
- case 0x3c: /* BLACK_LEVEL */
- case 0x40: /* BLANK_LEVEL */
- case 0x44: /* X_COLOR */
- case 0x48: /* M_CONTROL */
- case 0x4c: /* BSTAMP_WSS_DATA */
- case 0x50: /* S_CARR */
- case 0x54: /* LINE21 */
- case 0x58: /* LN_SEL */
- case 0x5c: /* L21__WC_CTL */
- case 0x60: /* HTRIGGER_VTRIGGER */
- case 0x64: /* SAVID__EAVID */
- case 0x68: /* FLEN__FAL */
- case 0x6c: /* LAL__PHASE_RESET */
- case 0x70: /* HS_INT_START_STOP_X */
- case 0x74: /* HS_EXT_START_STOP_X */
- case 0x78: /* VS_INT_START_X */
- case 0x7c: /* VS_INT_STOP_X__VS_INT_START_Y */
- case 0x80: /* VS_INT_STOP_Y__VS_INT_START_X */
- case 0x84: /* VS_EXT_STOP_X__VS_EXT_START_Y */
- case 0x88: /* VS_EXT_STOP_Y */
- case 0x90: /* AVID_START_STOP_X */
- case 0x94: /* AVID_START_STOP_Y */
- case 0xa0: /* FID_INT_START_X__FID_INT_START_Y */
- case 0xa4: /* FID_INT_OFFSET_Y__FID_EXT_START_X */
- case 0xa8: /* FID_EXT_START_Y__FID_EXT_OFFSET_Y */
- case 0xb0: /* TVDETGP_INT_START_STOP_X */
- case 0xb4: /* TVDETGP_INT_START_STOP_Y */
- case 0xb8: /* GEN_CTRL */
- case 0xc4: /* DAC_TST__DAC_A */
- case 0xc8: /* DAC_B__DAC_C */
- return 0;
-
- default:
- break;
- }
- OMAP_BAD_REG(addr);
- return 0;
-}
-
-static void omap_venc_write(void *opaque, hwaddr addr,
- uint64_t value, unsigned size)
-{
- if (size != 4) {
- return omap_badwidth_write32(opaque, addr, size);
- }
-
- switch (addr) {
- case 0x08: /* F_CONTROL */
- case 0x10: /* VIDOUT_CTRL */
- case 0x14: /* SYNC_CTRL */
- case 0x1c: /* LLEN */
- case 0x20: /* FLENS */
- case 0x24: /* HFLTR_CTRL */
- case 0x28: /* CC_CARR_WSS_CARR */
- case 0x2c: /* C_PHASE */
- case 0x30: /* GAIN_U */
- case 0x34: /* GAIN_V */
- case 0x38: /* GAIN_Y */
- case 0x3c: /* BLACK_LEVEL */
- case 0x40: /* BLANK_LEVEL */
- case 0x44: /* X_COLOR */
- case 0x48: /* M_CONTROL */
- case 0x4c: /* BSTAMP_WSS_DATA */
- case 0x50: /* S_CARR */
- case 0x54: /* LINE21 */
- case 0x58: /* LN_SEL */
- case 0x5c: /* L21__WC_CTL */
- case 0x60: /* HTRIGGER_VTRIGGER */
- case 0x64: /* SAVID__EAVID */
- case 0x68: /* FLEN__FAL */
- case 0x6c: /* LAL__PHASE_RESET */
- case 0x70: /* HS_INT_START_STOP_X */
- case 0x74: /* HS_EXT_START_STOP_X */
- case 0x78: /* VS_INT_START_X */
- case 0x7c: /* VS_INT_STOP_X__VS_INT_START_Y */
- case 0x80: /* VS_INT_STOP_Y__VS_INT_START_X */
- case 0x84: /* VS_EXT_STOP_X__VS_EXT_START_Y */
- case 0x88: /* VS_EXT_STOP_Y */
- case 0x90: /* AVID_START_STOP_X */
- case 0x94: /* AVID_START_STOP_Y */
- case 0xa0: /* FID_INT_START_X__FID_INT_START_Y */
- case 0xa4: /* FID_INT_OFFSET_Y__FID_EXT_START_X */
- case 0xa8: /* FID_EXT_START_Y__FID_EXT_OFFSET_Y */
- case 0xb0: /* TVDETGP_INT_START_STOP_X */
- case 0xb4: /* TVDETGP_INT_START_STOP_Y */
- case 0xb8: /* GEN_CTRL */
- case 0xc4: /* DAC_TST__DAC_A */
- case 0xc8: /* DAC_B__DAC_C */
- break;
-
- default:
- OMAP_BAD_REG(addr);
- }
-}
-
-static const MemoryRegionOps omap_venc_ops = {
- .read = omap_venc_read,
- .write = omap_venc_write,
- .endianness = DEVICE_NATIVE_ENDIAN,
-};
-
-static uint64_t omap_im3_read(void *opaque, hwaddr addr,
- unsigned size)
-{
- if (size != 4) {
- return omap_badwidth_read32(opaque, addr);
- }
-
- switch (addr) {
- case 0x0a8: /* SBIMERRLOGA */
- case 0x0b0: /* SBIMERRLOG */
- case 0x190: /* SBIMSTATE */
- case 0x198: /* SBTMSTATE_L */
- case 0x19c: /* SBTMSTATE_H */
- case 0x1a8: /* SBIMCONFIG_L */
- case 0x1ac: /* SBIMCONFIG_H */
- case 0x1f8: /* SBID_L */
- case 0x1fc: /* SBID_H */
- return 0;
-
- default:
- break;
- }
- OMAP_BAD_REG(addr);
- return 0;
-}
-
-static void omap_im3_write(void *opaque, hwaddr addr,
- uint64_t value, unsigned size)
-{
- if (size != 4) {
- return omap_badwidth_write32(opaque, addr, value);
- }
-
- switch (addr) {
- case 0x0b0: /* SBIMERRLOG */
- case 0x190: /* SBIMSTATE */
- case 0x198: /* SBTMSTATE_L */
- case 0x19c: /* SBTMSTATE_H */
- case 0x1a8: /* SBIMCONFIG_L */
- case 0x1ac: /* SBIMCONFIG_H */
- break;
-
- default:
- OMAP_BAD_REG(addr);
- }
-}
-
-static const MemoryRegionOps omap_im3_ops = {
- .read = omap_im3_read,
- .write = omap_im3_write,
- .endianness = DEVICE_NATIVE_ENDIAN,
-};
-
-struct omap_dss_s *omap_dss_init(struct omap_target_agent_s *ta,
- MemoryRegion *sysmem,
- hwaddr l3_base,
- qemu_irq irq, qemu_irq drq,
- omap_clk fck1, omap_clk fck2, omap_clk ck54m,
- omap_clk ick1, omap_clk ick2)
-{
- struct omap_dss_s *s = (struct omap_dss_s *)
- g_malloc0(sizeof(struct omap_dss_s));
-
- s->irq = irq;
- s->drq = drq;
- omap_dss_reset(s);
-
- memory_region_init_io(&s->iomem_diss1, &omap_diss_ops, s, "omap.diss1",
- omap_l4_region_size(ta, 0));
- memory_region_init_io(&s->iomem_disc1, &omap_disc_ops, s, "omap.disc1",
- omap_l4_region_size(ta, 1));
- memory_region_init_io(&s->iomem_rfbi1, &omap_rfbi_ops, s, "omap.rfbi1",
- omap_l4_region_size(ta, 2));
- memory_region_init_io(&s->iomem_venc1, &omap_venc_ops, s, "omap.venc1",
- omap_l4_region_size(ta, 3));
- memory_region_init_io(&s->iomem_im3, &omap_im3_ops, s,
- "omap.im3", 0x1000);
-
- omap_l4_attach(ta, 0, &s->iomem_diss1);
- omap_l4_attach(ta, 1, &s->iomem_disc1);
- omap_l4_attach(ta, 2, &s->iomem_rfbi1);
- omap_l4_attach(ta, 3, &s->iomem_venc1);
- memory_region_add_subregion(sysmem, l3_base, &s->iomem_im3);
-
-#if 0
- s->state = graphic_console_init(omap_update_display,
- omap_invalidate_display, omap_screen_dump, s);
-#endif
-
- return s;
-}
-
-void omap_rfbi_attach(struct omap_dss_s *s, int cs, struct rfbi_chip_s *chip)
-{
- if (cs < 0 || cs > 1)
- hw_error("%s: wrong CS %i\n", __FUNCTION__, cs);
- s->rfbi.chip[cs] = chip;
-}
diff --git a/hw/omap_gpio.c b/hw/omap_gpio.c
deleted file mode 100644
index 25655325d..000000000
--- a/hw/omap_gpio.c
+++ /dev/null
@@ -1,792 +0,0 @@
-/*
- * TI OMAP processors GPIO emulation.
- *
- * Copyright (C) 2006-2008 Andrzej Zaborowski <balrog@zabor.org>
- * Copyright (C) 2007-2009 Nokia Corporation
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License as
- * published by the Free Software Foundation; either version 2 or
- * (at your option) version 3 of the License.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, see <http://www.gnu.org/licenses/>.
- */
-
-#include "hw.h"
-#include "omap.h"
-#include "sysbus.h"
-
-struct omap_gpio_s {
- qemu_irq irq;
- qemu_irq handler[16];
-
- uint16_t inputs;
- uint16_t outputs;
- uint16_t dir;
- uint16_t edge;
- uint16_t mask;
- uint16_t ints;
- uint16_t pins;
-};
-
-struct omap_gpif_s {
- SysBusDevice busdev;
- MemoryRegion iomem;
- int mpu_model;
- void *clk;
- struct omap_gpio_s omap1;
-};
-
-/* General-Purpose I/O of OMAP1 */
-static void omap_gpio_set(void *opaque, int line, int level)
-{
- struct omap_gpio_s *s = &((struct omap_gpif_s *) opaque)->omap1;
- uint16_t prev = s->inputs;
-
- if (level)
- s->inputs |= 1 << line;
- else
- s->inputs &= ~(1 << line);
-
- if (((s->edge & s->inputs & ~prev) | (~s->edge & ~s->inputs & prev)) &
- (1 << line) & s->dir & ~s->mask) {
- s->ints |= 1 << line;
- qemu_irq_raise(s->irq);
- }
-}
-
-static uint64_t omap_gpio_read(void *opaque, hwaddr addr,
- unsigned size)
-{
- struct omap_gpio_s *s = (struct omap_gpio_s *) opaque;
- int offset = addr & OMAP_MPUI_REG_MASK;
-
- if (size != 2) {
- return omap_badwidth_read16(opaque, addr);
- }
-
- switch (offset) {
- case 0x00: /* DATA_INPUT */
- return s->inputs & s->pins;
-
- case 0x04: /* DATA_OUTPUT */
- return s->outputs;
-
- case 0x08: /* DIRECTION_CONTROL */
- return s->dir;
-
- case 0x0c: /* INTERRUPT_CONTROL */
- return s->edge;
-
- case 0x10: /* INTERRUPT_MASK */
- return s->mask;
-
- case 0x14: /* INTERRUPT_STATUS */
- return s->ints;
-
- case 0x18: /* PIN_CONTROL (not in OMAP310) */
- OMAP_BAD_REG(addr);
- return s->pins;
- }
-
- OMAP_BAD_REG(addr);
- return 0;
-}
-
-static void omap_gpio_write(void *opaque, hwaddr addr,
- uint64_t value, unsigned size)
-{
- struct omap_gpio_s *s = (struct omap_gpio_s *) opaque;
- int offset = addr & OMAP_MPUI_REG_MASK;
- uint16_t diff;
- int ln;
-
- if (size != 2) {
- return omap_badwidth_write16(opaque, addr, value);
- }
-
- switch (offset) {
- case 0x00: /* DATA_INPUT */
- OMAP_RO_REG(addr);
- return;
-
- case 0x04: /* DATA_OUTPUT */
- diff = (s->outputs ^ value) & ~s->dir;
- s->outputs = value;
- while ((ln = ffs(diff))) {
- ln --;
- if (s->handler[ln])
- qemu_set_irq(s->handler[ln], (value >> ln) & 1);
- diff &= ~(1 << ln);
- }
- break;
-
- case 0x08: /* DIRECTION_CONTROL */
- diff = s->outputs & (s->dir ^ value);
- s->dir = value;
-
- value = s->outputs & ~s->dir;
- while ((ln = ffs(diff))) {
- ln --;
- if (s->handler[ln])
- qemu_set_irq(s->handler[ln], (value >> ln) & 1);
- diff &= ~(1 << ln);
- }
- break;
-
- case 0x0c: /* INTERRUPT_CONTROL */
- s->edge = value;
- break;
-
- case 0x10: /* INTERRUPT_MASK */
- s->mask = value;
- break;
-
- case 0x14: /* INTERRUPT_STATUS */
- s->ints &= ~value;
- if (!s->ints)
- qemu_irq_lower(s->irq);
- break;
-
- case 0x18: /* PIN_CONTROL (not in OMAP310 TRM) */
- OMAP_BAD_REG(addr);
- s->pins = value;
- break;
-
- default:
- OMAP_BAD_REG(addr);
- return;
- }
-}
-
-/* *Some* sources say the memory region is 32-bit. */
-static const MemoryRegionOps omap_gpio_ops = {
- .read = omap_gpio_read,
- .write = omap_gpio_write,
- .endianness = DEVICE_NATIVE_ENDIAN,
-};
-
-static void omap_gpio_reset(struct omap_gpio_s *s)
-{
- s->inputs = 0;
- s->outputs = ~0;
- s->dir = ~0;
- s->edge = ~0;
- s->mask = ~0;
- s->ints = 0;
- s->pins = ~0;
-}
-
-struct omap2_gpio_s {
- qemu_irq irq[2];
- qemu_irq wkup;
- qemu_irq *handler;
- MemoryRegion iomem;
-
- uint8_t revision;
- uint8_t config[2];
- uint32_t inputs;
- uint32_t outputs;
- uint32_t dir;
- uint32_t level[2];
- uint32_t edge[2];
- uint32_t mask[2];
- uint32_t wumask;
- uint32_t ints[2];
- uint32_t debounce;
- uint8_t delay;
-};
-
-struct omap2_gpif_s {
- SysBusDevice busdev;
- MemoryRegion iomem;
- int mpu_model;
- void *iclk;
- void *fclk[6];
- int modulecount;
- struct omap2_gpio_s *modules;
- qemu_irq *handler;
- int autoidle;
- int gpo;
-};
-
-/* General-Purpose Interface of OMAP2/3 */
-static inline void omap2_gpio_module_int_update(struct omap2_gpio_s *s,
- int line)
-{
- qemu_set_irq(s->irq[line], s->ints[line] & s->mask[line]);
-}
-
-static void omap2_gpio_module_wake(struct omap2_gpio_s *s, int line)
-{
- if (!(s->config[0] & (1 << 2))) /* ENAWAKEUP */
- return;
- if (!(s->config[0] & (3 << 3))) /* Force Idle */
- return;
- if (!(s->wumask & (1 << line)))
- return;
-
- qemu_irq_raise(s->wkup);
-}
-
-static inline void omap2_gpio_module_out_update(struct omap2_gpio_s *s,
- uint32_t diff)
-{
- int ln;
-
- s->outputs ^= diff;
- diff &= ~s->dir;
- while ((ln = ffs(diff))) {
- ln --;
- qemu_set_irq(s->handler[ln], (s->outputs >> ln) & 1);
- diff &= ~(1 << ln);
- }
-}
-
-static void omap2_gpio_module_level_update(struct omap2_gpio_s *s, int line)
-{
- s->ints[line] |= s->dir &
- ((s->inputs & s->level[1]) | (~s->inputs & s->level[0]));
- omap2_gpio_module_int_update(s, line);
-}
-
-static inline void omap2_gpio_module_int(struct omap2_gpio_s *s, int line)
-{
- s->ints[0] |= 1 << line;
- omap2_gpio_module_int_update(s, 0);
- s->ints[1] |= 1 << line;
- omap2_gpio_module_int_update(s, 1);
- omap2_gpio_module_wake(s, line);
-}
-
-static void omap2_gpio_set(void *opaque, int line, int level)
-{
- struct omap2_gpif_s *p = opaque;
- struct omap2_gpio_s *s = &p->modules[line >> 5];
-
- line &= 31;
- if (level) {
- if (s->dir & (1 << line) & ((~s->inputs & s->edge[0]) | s->level[1]))
- omap2_gpio_module_int(s, line);
- s->inputs |= 1 << line;
- } else {
- if (s->dir & (1 << line) & ((s->inputs & s->edge[1]) | s->level[0]))
- omap2_gpio_module_int(s, line);
- s->inputs &= ~(1 << line);
- }
-}
-
-static void omap2_gpio_module_reset(struct omap2_gpio_s *s)
-{
- s->config[0] = 0;
- s->config[1] = 2;
- s->ints[0] = 0;
- s->ints[1] = 0;
- s->mask[0] = 0;
- s->mask[1] = 0;
- s->wumask = 0;
- s->dir = ~0;
- s->level[0] = 0;
- s->level[1] = 0;
- s->edge[0] = 0;
- s->edge[1] = 0;
- s->debounce = 0;
- s->delay = 0;
-}
-
-static uint32_t omap2_gpio_module_read(void *opaque, hwaddr addr)
-{
- struct omap2_gpio_s *s = (struct omap2_gpio_s *) opaque;
-
- switch (addr) {
- case 0x00: /* GPIO_REVISION */
- return s->revision;
-
- case 0x10: /* GPIO_SYSCONFIG */
- return s->config[0];
-
- case 0x14: /* GPIO_SYSSTATUS */
- return 0x01;
-
- case 0x18: /* GPIO_IRQSTATUS1 */
- return s->ints[0];
-
- case 0x1c: /* GPIO_IRQENABLE1 */
- case 0x60: /* GPIO_CLEARIRQENABLE1 */
- case 0x64: /* GPIO_SETIRQENABLE1 */
- return s->mask[0];
-
- case 0x20: /* GPIO_WAKEUPENABLE */
- case 0x80: /* GPIO_CLEARWKUENA */
- case 0x84: /* GPIO_SETWKUENA */
- return s->wumask;
-
- case 0x28: /* GPIO_IRQSTATUS2 */
- return s->ints[1];
-
- case 0x2c: /* GPIO_IRQENABLE2 */
- case 0x70: /* GPIO_CLEARIRQENABLE2 */
- case 0x74: /* GPIO_SETIREQNEABLE2 */
- return s->mask[1];
-
- case 0x30: /* GPIO_CTRL */
- return s->config[1];
-
- case 0x34: /* GPIO_OE */
- return s->dir;
-
- case 0x38: /* GPIO_DATAIN */
- return s->inputs;
-
- case 0x3c: /* GPIO_DATAOUT */
- case 0x90: /* GPIO_CLEARDATAOUT */
- case 0x94: /* GPIO_SETDATAOUT */
- return s->outputs;
-
- case 0x40: /* GPIO_LEVELDETECT0 */
- return s->level[0];
-
- case 0x44: /* GPIO_LEVELDETECT1 */
- return s->level[1];
-
- case 0x48: /* GPIO_RISINGDETECT */
- return s->edge[0];
-
- case 0x4c: /* GPIO_FALLINGDETECT */
- return s->edge[1];
-
- case 0x50: /* GPIO_DEBOUNCENABLE */
- return s->debounce;
-
- case 0x54: /* GPIO_DEBOUNCINGTIME */
- return s->delay;
- }
-
- OMAP_BAD_REG(addr);
- return 0;
-}
-
-static void omap2_gpio_module_write(void *opaque, hwaddr addr,
- uint32_t value)
-{
- struct omap2_gpio_s *s = (struct omap2_gpio_s *) opaque;
- uint32_t diff;
- int ln;
-
- switch (addr) {
- case 0x00: /* GPIO_REVISION */
- case 0x14: /* GPIO_SYSSTATUS */
- case 0x38: /* GPIO_DATAIN */
- OMAP_RO_REG(addr);
- break;
-
- case 0x10: /* GPIO_SYSCONFIG */
- if (((value >> 3) & 3) == 3)
- fprintf(stderr, "%s: bad IDLEMODE value\n", __FUNCTION__);
- if (value & 2)
- omap2_gpio_module_reset(s);
- s->config[0] = value & 0x1d;
- break;
-
- case 0x18: /* GPIO_IRQSTATUS1 */
- if (s->ints[0] & value) {
- s->ints[0] &= ~value;
- omap2_gpio_module_level_update(s, 0);
- }
- break;
-
- case 0x1c: /* GPIO_IRQENABLE1 */
- s->mask[0] = value;
- omap2_gpio_module_int_update(s, 0);
- break;
-
- case 0x20: /* GPIO_WAKEUPENABLE */
- s->wumask = value;
- break;
-
- case 0x28: /* GPIO_IRQSTATUS2 */
- if (s->ints[1] & value) {
- s->ints[1] &= ~value;
- omap2_gpio_module_level_update(s, 1);
- }
- break;
-
- case 0x2c: /* GPIO_IRQENABLE2 */
- s->mask[1] = value;
- omap2_gpio_module_int_update(s, 1);
- break;
-
- case 0x30: /* GPIO_CTRL */
- s->config[1] = value & 7;
- break;
-
- case 0x34: /* GPIO_OE */
- diff = s->outputs & (s->dir ^ value);
- s->dir = value;
-
- value = s->outputs & ~s->dir;
- while ((ln = ffs(diff))) {
- diff &= ~(1 <<-- ln);
- qemu_set_irq(s->handler[ln], (value >> ln) & 1);
- }
-
- omap2_gpio_module_level_update(s, 0);
- omap2_gpio_module_level_update(s, 1);
- break;
-
- case 0x3c: /* GPIO_DATAOUT */
- omap2_gpio_module_out_update(s, s->outputs ^ value);
- break;
-
- case 0x40: /* GPIO_LEVELDETECT0 */
- s->level[0] = value;
- omap2_gpio_module_level_update(s, 0);
- omap2_gpio_module_level_update(s, 1);
- break;
-
- case 0x44: /* GPIO_LEVELDETECT1 */
- s->level[1] = value;
- omap2_gpio_module_level_update(s, 0);
- omap2_gpio_module_level_update(s, 1);
- break;
-
- case 0x48: /* GPIO_RISINGDETECT */
- s->edge[0] = value;
- break;
-
- case 0x4c: /* GPIO_FALLINGDETECT */
- s->edge[1] = value;
- break;
-
- case 0x50: /* GPIO_DEBOUNCENABLE */
- s->debounce = value;
- break;
-
- case 0x54: /* GPIO_DEBOUNCINGTIME */
- s->delay = value;
- break;
-
- case 0x60: /* GPIO_CLEARIRQENABLE1 */
- s->mask[0] &= ~value;
- omap2_gpio_module_int_update(s, 0);
- break;
-
- case 0x64: /* GPIO_SETIRQENABLE1 */
- s->mask[0] |= value;
- omap2_gpio_module_int_update(s, 0);
- break;
-
- case 0x70: /* GPIO_CLEARIRQENABLE2 */
- s->mask[1] &= ~value;
- omap2_gpio_module_int_update(s, 1);
- break;
-
- case 0x74: /* GPIO_SETIREQNEABLE2 */
- s->mask[1] |= value;
- omap2_gpio_module_int_update(s, 1);
- break;
-
- case 0x80: /* GPIO_CLEARWKUENA */
- s->wumask &= ~value;
- break;
-
- case 0x84: /* GPIO_SETWKUENA */
- s->wumask |= value;
- break;
-
- case 0x90: /* GPIO_CLEARDATAOUT */
- omap2_gpio_module_out_update(s, s->outputs & value);
- break;
-
- case 0x94: /* GPIO_SETDATAOUT */
- omap2_gpio_module_out_update(s, ~s->outputs & value);
- break;
-
- default:
- OMAP_BAD_REG(addr);
- return;
- }
-}
-
-static uint32_t omap2_gpio_module_readp(void *opaque, hwaddr addr)
-{
- return omap2_gpio_module_read(opaque, addr & ~3) >> ((addr & 3) << 3);
-}
-
-static void omap2_gpio_module_writep(void *opaque, hwaddr addr,
- uint32_t value)
-{
- uint32_t cur = 0;
- uint32_t mask = 0xffff;
-
- switch (addr & ~3) {
- case 0x00: /* GPIO_REVISION */
- case 0x14: /* GPIO_SYSSTATUS */
- case 0x38: /* GPIO_DATAIN */
- OMAP_RO_REG(addr);
- break;
-
- case 0x10: /* GPIO_SYSCONFIG */
- case 0x1c: /* GPIO_IRQENABLE1 */
- case 0x20: /* GPIO_WAKEUPENABLE */
- case 0x2c: /* GPIO_IRQENABLE2 */
- case 0x30: /* GPIO_CTRL */
- case 0x34: /* GPIO_OE */
- case 0x3c: /* GPIO_DATAOUT */
- case 0x40: /* GPIO_LEVELDETECT0 */
- case 0x44: /* GPIO_LEVELDETECT1 */
- case 0x48: /* GPIO_RISINGDETECT */
- case 0x4c: /* GPIO_FALLINGDETECT */
- case 0x50: /* GPIO_DEBOUNCENABLE */
- case 0x54: /* GPIO_DEBOUNCINGTIME */
- cur = omap2_gpio_module_read(opaque, addr & ~3) &
- ~(mask << ((addr & 3) << 3));
-
- /* Fall through. */
- case 0x18: /* GPIO_IRQSTATUS1 */
- case 0x28: /* GPIO_IRQSTATUS2 */
- case 0x60: /* GPIO_CLEARIRQENABLE1 */
- case 0x64: /* GPIO_SETIRQENABLE1 */
- case 0x70: /* GPIO_CLEARIRQENABLE2 */
- case 0x74: /* GPIO_SETIREQNEABLE2 */
- case 0x80: /* GPIO_CLEARWKUENA */
- case 0x84: /* GPIO_SETWKUENA */
- case 0x90: /* GPIO_CLEARDATAOUT */
- case 0x94: /* GPIO_SETDATAOUT */
- value <<= (addr & 3) << 3;
- omap2_gpio_module_write(opaque, addr, cur | value);
- break;
-
- default:
- OMAP_BAD_REG(addr);
- return;
- }
-}
-
-static const MemoryRegionOps omap2_gpio_module_ops = {
- .old_mmio = {
- .read = {
- omap2_gpio_module_readp,
- omap2_gpio_module_readp,
- omap2_gpio_module_read,
- },
- .write = {
- omap2_gpio_module_writep,
- omap2_gpio_module_writep,
- omap2_gpio_module_write,
- },
- },
- .endianness = DEVICE_NATIVE_ENDIAN,
-};
-
-static void omap_gpif_reset(DeviceState *dev)
-{
- struct omap_gpif_s *s = FROM_SYSBUS(struct omap_gpif_s,
- sysbus_from_qdev(dev));
- omap_gpio_reset(&s->omap1);
-}
-
-static void omap2_gpif_reset(DeviceState *dev)
-{
- int i;
- struct omap2_gpif_s *s = FROM_SYSBUS(struct omap2_gpif_s,
- sysbus_from_qdev(dev));
- for (i = 0; i < s->modulecount; i++) {
- omap2_gpio_module_reset(&s->modules[i]);
- }
- s->autoidle = 0;
- s->gpo = 0;
-}
-
-static uint64_t omap2_gpif_top_read(void *opaque, hwaddr addr,
- unsigned size)
-{
- struct omap2_gpif_s *s = (struct omap2_gpif_s *) opaque;
-
- switch (addr) {
- case 0x00: /* IPGENERICOCPSPL_REVISION */
- return 0x18;
-
- case 0x10: /* IPGENERICOCPSPL_SYSCONFIG */
- return s->autoidle;
-
- case 0x14: /* IPGENERICOCPSPL_SYSSTATUS */
- return 0x01;
-
- case 0x18: /* IPGENERICOCPSPL_IRQSTATUS */
- return 0x00;
-
- case 0x40: /* IPGENERICOCPSPL_GPO */
- return s->gpo;
-
- case 0x50: /* IPGENERICOCPSPL_GPI */
- return 0x00;
- }
-
- OMAP_BAD_REG(addr);
- return 0;
-}
-
-static void omap2_gpif_top_write(void *opaque, hwaddr addr,
- uint64_t value, unsigned size)
-{
- struct omap2_gpif_s *s = (struct omap2_gpif_s *) opaque;
-
- switch (addr) {
- case 0x00: /* IPGENERICOCPSPL_REVISION */
- case 0x14: /* IPGENERICOCPSPL_SYSSTATUS */
- case 0x18: /* IPGENERICOCPSPL_IRQSTATUS */
- case 0x50: /* IPGENERICOCPSPL_GPI */
- OMAP_RO_REG(addr);
- break;
-
- case 0x10: /* IPGENERICOCPSPL_SYSCONFIG */
- if (value & (1 << 1)) /* SOFTRESET */
- omap2_gpif_reset(&s->busdev.qdev);
- s->autoidle = value & 1;
- break;
-
- case 0x40: /* IPGENERICOCPSPL_GPO */
- s->gpo = value & 1;
- break;
-
- default:
- OMAP_BAD_REG(addr);
- return;
- }
-}
-
-static const MemoryRegionOps omap2_gpif_top_ops = {
- .read = omap2_gpif_top_read,
- .write = omap2_gpif_top_write,
- .endianness = DEVICE_NATIVE_ENDIAN,
-};
-
-static int omap_gpio_init(SysBusDevice *dev)
-{
- struct omap_gpif_s *s = FROM_SYSBUS(struct omap_gpif_s, dev);
- if (!s->clk) {
- hw_error("omap-gpio: clk not connected\n");
- }
- qdev_init_gpio_in(&dev->qdev, omap_gpio_set, 16);
- qdev_init_gpio_out(&dev->qdev, s->omap1.handler, 16);
- sysbus_init_irq(dev, &s->omap1.irq);
- memory_region_init_io(&s->iomem, &omap_gpio_ops, &s->omap1,
- "omap.gpio", 0x1000);
- sysbus_init_mmio(dev, &s->iomem);
- return 0;
-}
-
-static int omap2_gpio_init(SysBusDevice *dev)
-{
- int i;
- struct omap2_gpif_s *s = FROM_SYSBUS(struct omap2_gpif_s, dev);
- if (!s->iclk) {
- hw_error("omap2-gpio: iclk not connected\n");
- }
- if (s->mpu_model < omap3430) {
- s->modulecount = (s->mpu_model < omap2430) ? 4 : 5;
- memory_region_init_io(&s->iomem, &omap2_gpif_top_ops, s,
- "omap2.gpio", 0x1000);
- sysbus_init_mmio(dev, &s->iomem);
- } else {
- s->modulecount = 6;
- }
- s->modules = g_malloc0(s->modulecount * sizeof(struct omap2_gpio_s));
- s->handler = g_malloc0(s->modulecount * 32 * sizeof(qemu_irq));
- qdev_init_gpio_in(&dev->qdev, omap2_gpio_set, s->modulecount * 32);
- qdev_init_gpio_out(&dev->qdev, s->handler, s->modulecount * 32);
- for (i = 0; i < s->modulecount; i++) {
- struct omap2_gpio_s *m = &s->modules[i];
- if (!s->fclk[i]) {
- hw_error("omap2-gpio: fclk%d not connected\n", i);
- }
- m->revision = (s->mpu_model < omap3430) ? 0x18 : 0x25;
- m->handler = &s->handler[i * 32];
- sysbus_init_irq(dev, &m->irq[0]); /* mpu irq */
- sysbus_init_irq(dev, &m->irq[1]); /* dsp irq */
- sysbus_init_irq(dev, &m->wkup);
- memory_region_init_io(&m->iomem, &omap2_gpio_module_ops, m,
- "omap.gpio-module", 0x1000);
- sysbus_init_mmio(dev, &m->iomem);
- }
- return 0;
-}
-
-/* Using qdev pointer properties for the clocks is not ideal.
- * qdev should support a generic means of defining a 'port' with
- * an arbitrary interface for connecting two devices. Then we
- * could reframe the omap clock API in terms of clock ports,
- * and get some type safety. For now the best qdev provides is
- * passing an arbitrary pointer.
- * (It's not possible to pass in the string which is the clock
- * name, because this device does not have the necessary information
- * (ie the struct omap_mpu_state_s*) to do the clockname to pointer
- * translation.)
- */
-
-static Property omap_gpio_properties[] = {
- DEFINE_PROP_INT32("mpu_model", struct omap_gpif_s, mpu_model, 0),
- DEFINE_PROP_PTR("clk", struct omap_gpif_s, clk),
- DEFINE_PROP_END_OF_LIST(),
-};
-
-static void omap_gpio_class_init(ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS(klass);
- SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
-
- k->init = omap_gpio_init;
- dc->reset = omap_gpif_reset;
- dc->props = omap_gpio_properties;
-}
-
-static TypeInfo omap_gpio_info = {
- .name = "omap-gpio",
- .parent = TYPE_SYS_BUS_DEVICE,
- .instance_size = sizeof(struct omap_gpif_s),
- .class_init = omap_gpio_class_init,
-};
-
-static Property omap2_gpio_properties[] = {
- DEFINE_PROP_INT32("mpu_model", struct omap2_gpif_s, mpu_model, 0),
- DEFINE_PROP_PTR("iclk", struct omap2_gpif_s, iclk),
- DEFINE_PROP_PTR("fclk0", struct omap2_gpif_s, fclk[0]),
- DEFINE_PROP_PTR("fclk1", struct omap2_gpif_s, fclk[1]),
- DEFINE_PROP_PTR("fclk2", struct omap2_gpif_s, fclk[2]),
- DEFINE_PROP_PTR("fclk3", struct omap2_gpif_s, fclk[3]),
- DEFINE_PROP_PTR("fclk4", struct omap2_gpif_s, fclk[4]),
- DEFINE_PROP_PTR("fclk5", struct omap2_gpif_s, fclk[5]),
- DEFINE_PROP_END_OF_LIST(),
-};
-
-static void omap2_gpio_class_init(ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS(klass);
- SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
-
- k->init = omap2_gpio_init;
- dc->reset = omap2_gpif_reset;
- dc->props = omap2_gpio_properties;
-}
-
-static TypeInfo omap2_gpio_info = {
- .name = "omap2-gpio",
- .parent = TYPE_SYS_BUS_DEVICE,
- .instance_size = sizeof(struct omap2_gpif_s),
- .class_init = omap2_gpio_class_init,
-};
-
-static void omap_gpio_register_types(void)
-{
- type_register_static(&omap_gpio_info);
- type_register_static(&omap2_gpio_info);
-}
-
-type_init(omap_gpio_register_types)
diff --git a/hw/omap_gpmc.c b/hw/omap_gpmc.c
deleted file mode 100644
index 1f7c5bc5f..000000000
--- a/hw/omap_gpmc.c
+++ /dev/null
@@ -1,894 +0,0 @@
-/*
- * TI OMAP general purpose memory controller emulation.
- *
- * Copyright (C) 2007-2009 Nokia Corporation
- * Original code written by Andrzej Zaborowski <andrew@openedhand.com>
- * Enhancements for OMAP3 and NAND support written by Juha Riihimäki
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License as
- * published by the Free Software Foundation; either version 2 or
- * (at your option) any later version of the License.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, see <http://www.gnu.org/licenses/>.
- */
-#include "hw.h"
-#include "flash.h"
-#include "omap.h"
-#include "memory.h"
-#include "exec-memory.h"
-
-/* General-Purpose Memory Controller */
-struct omap_gpmc_s {
- qemu_irq irq;
- qemu_irq drq;
- MemoryRegion iomem;
- int accept_256;
-
- uint8_t revision;
- uint8_t sysconfig;
- uint16_t irqst;
- uint16_t irqen;
- uint16_t lastirq;
- uint16_t timeout;
- uint16_t config;
- struct omap_gpmc_cs_file_s {
- uint32_t config[7];
- MemoryRegion *iomem;
- MemoryRegion container;
- MemoryRegion nandiomem;
- DeviceState *dev;
- } cs_file[8];
- int ecc_cs;
- int ecc_ptr;
- uint32_t ecc_cfg;
- ECCState ecc[9];
- struct prefetch {
- uint32_t config1; /* GPMC_PREFETCH_CONFIG1 */
- uint32_t transfercount; /* GPMC_PREFETCH_CONFIG2:TRANSFERCOUNT */
- int startengine; /* GPMC_PREFETCH_CONTROL:STARTENGINE */
- int fifopointer; /* GPMC_PREFETCH_STATUS:FIFOPOINTER */
- int count; /* GPMC_PREFETCH_STATUS:COUNTVALUE */
- MemoryRegion iomem;
- uint8_t fifo[64];
- } prefetch;
-};
-
-#define OMAP_GPMC_8BIT 0
-#define OMAP_GPMC_16BIT 1
-#define OMAP_GPMC_NOR 0
-#define OMAP_GPMC_NAND 2
-
-static int omap_gpmc_devtype(struct omap_gpmc_cs_file_s *f)
-{
- return (f->config[0] >> 10) & 3;
-}
-
-static int omap_gpmc_devsize(struct omap_gpmc_cs_file_s *f)
-{
- /* devsize field is really 2 bits but we ignore the high
- * bit to ensure consistent behaviour if the guest sets
- * it (values 2 and 3 are reserved in the TRM)
- */
- return (f->config[0] >> 12) & 1;
-}
-
-/* Extract the chip-select value from the prefetch config1 register */
-static int prefetch_cs(uint32_t config1)
-{
- return (config1 >> 24) & 7;
-}
-
-static int prefetch_threshold(uint32_t config1)
-{
- return (config1 >> 8) & 0x7f;
-}
-
-static void omap_gpmc_int_update(struct omap_gpmc_s *s)
-{
- /* The TRM is a bit unclear, but it seems to say that
- * the TERMINALCOUNTSTATUS bit is set only on the
- * transition when the prefetch engine goes from
- * active to inactive, whereas the FIFOEVENTSTATUS
- * bit is held high as long as the fifo has at
- * least THRESHOLD bytes available.
- * So we do the latter here, but TERMINALCOUNTSTATUS
- * is set elsewhere.
- */
- if (s->prefetch.fifopointer >= prefetch_threshold(s->prefetch.config1)) {
- s->irqst |= 1;
- }
- if ((s->irqen & s->irqst) != s->lastirq) {
- s->lastirq = s->irqen & s->irqst;
- qemu_set_irq(s->irq, s->lastirq);
- }
-}
-
-static void omap_gpmc_dma_update(struct omap_gpmc_s *s, int value)
-{
- if (s->prefetch.config1 & 4) {
- qemu_set_irq(s->drq, value);
- }
-}
-
-/* Access functions for when a NAND-like device is mapped into memory:
- * all addresses in the region behave like accesses to the relevant
- * GPMC_NAND_DATA_i register (which is actually implemented to call these)
- */
-static uint64_t omap_nand_read(void *opaque, hwaddr addr,
- unsigned size)
-{
- struct omap_gpmc_cs_file_s *f = (struct omap_gpmc_cs_file_s *)opaque;
- uint64_t v;
- nand_setpins(f->dev, 0, 0, 0, 1, 0);
- switch (omap_gpmc_devsize(f)) {
- case OMAP_GPMC_8BIT:
- v = nand_getio(f->dev);
- if (size == 1) {
- return v;
- }
- v |= (nand_getio(f->dev) << 8);
- if (size == 2) {
- return v;
- }
- v |= (nand_getio(f->dev) << 16);
- v |= (nand_getio(f->dev) << 24);
- return v;
- case OMAP_GPMC_16BIT:
- v = nand_getio(f->dev);
- if (size == 1) {
- /* 8 bit read from 16 bit device : probably a guest bug */
- return v & 0xff;
- }
- if (size == 2) {
- return v;
- }
- v |= (nand_getio(f->dev) << 16);
- return v;
- default:
- abort();
- }
-}
-
-static void omap_nand_setio(DeviceState *dev, uint64_t value,
- int nandsize, int size)
-{
- /* Write the specified value to the NAND device, respecting
- * both size of the NAND device and size of the write access.
- */
- switch (nandsize) {
- case OMAP_GPMC_8BIT:
- switch (size) {
- case 1:
- nand_setio(dev, value & 0xff);
- break;
- case 2:
- nand_setio(dev, value & 0xff);
- nand_setio(dev, (value >> 8) & 0xff);
- break;
- case 4:
- default:
- nand_setio(dev, value & 0xff);
- nand_setio(dev, (value >> 8) & 0xff);
- nand_setio(dev, (value >> 16) & 0xff);
- nand_setio(dev, (value >> 24) & 0xff);
- break;
- }
- break;
- case OMAP_GPMC_16BIT:
- switch (size) {
- case 1:
- /* writing to a 16bit device with 8bit access is probably a guest
- * bug; pass the value through anyway.
- */
- case 2:
- nand_setio(dev, value & 0xffff);
- break;
- case 4:
- default:
- nand_setio(dev, value & 0xffff);
- nand_setio(dev, (value >> 16) & 0xffff);
- break;
- }
- break;
- }
-}
-
-static void omap_nand_write(void *opaque, hwaddr addr,
- uint64_t value, unsigned size)
-{
- struct omap_gpmc_cs_file_s *f = (struct omap_gpmc_cs_file_s *)opaque;
- nand_setpins(f->dev, 0, 0, 0, 1, 0);
- omap_nand_setio(f->dev, value, omap_gpmc_devsize(f), size);
-}
-
-static const MemoryRegionOps omap_nand_ops = {
- .read = omap_nand_read,
- .write = omap_nand_write,
- .endianness = DEVICE_NATIVE_ENDIAN,
-};
-
-static void fill_prefetch_fifo(struct omap_gpmc_s *s)
-{
- /* Fill the prefetch FIFO by reading data from NAND.
- * We do this synchronously, unlike the hardware which
- * will do this asynchronously. We refill when the
- * FIFO has THRESHOLD bytes free, and we always refill
- * as much data as possible starting at the top end
- * of the FIFO.
- * (We have to refill at THRESHOLD rather than waiting
- * for the FIFO to empty to allow for the case where
- * the FIFO size isn't an exact multiple of THRESHOLD
- * and we're doing DMA transfers.)
- * This means we never need to handle wrap-around in
- * the fifo-reading code, and the next byte of data
- * to read is always fifo[63 - fifopointer].
- */
- int fptr;
- int cs = prefetch_cs(s->prefetch.config1);
- int is16bit = (((s->cs_file[cs].config[0] >> 12) & 3) != 0);
- int bytes;
- /* Don't believe the bit of the OMAP TRM that says that COUNTVALUE
- * and TRANSFERCOUNT are in units of 16 bit words for 16 bit NAND.
- * Instead believe the bit that says it is always a byte count.
- */
- bytes = 64 - s->prefetch.fifopointer;
- if (bytes > s->prefetch.count) {
- bytes = s->prefetch.count;
- }
- s->prefetch.count -= bytes;
- s->prefetch.fifopointer += bytes;
- fptr = 64 - s->prefetch.fifopointer;
- /* Move the existing data in the FIFO so it sits just
- * before what we're about to read in
- */
- while (fptr < (64 - bytes)) {
- s->prefetch.fifo[fptr] = s->prefetch.fifo[fptr + bytes];
- fptr++;
- }
- while (fptr < 64) {
- if (is16bit) {
- uint32_t v = omap_nand_read(&s->cs_file[cs], 0, 2);
- s->prefetch.fifo[fptr++] = v & 0xff;
- s->prefetch.fifo[fptr++] = (v >> 8) & 0xff;
- } else {
- s->prefetch.fifo[fptr++] = omap_nand_read(&s->cs_file[cs], 0, 1);
- }
- }
- if (s->prefetch.startengine && (s->prefetch.count == 0)) {
- /* This was the final transfer: raise TERMINALCOUNTSTATUS */
- s->irqst |= 2;
- s->prefetch.startengine = 0;
- }
- /* If there are any bytes in the FIFO at this point then
- * we must raise a DMA request (either this is a final part
- * transfer, or we filled the FIFO in which case we certainly
- * have THRESHOLD bytes available)
- */
- if (s->prefetch.fifopointer != 0) {
- omap_gpmc_dma_update(s, 1);
- }
- omap_gpmc_int_update(s);
-}
-
-/* Access functions for a NAND-like device when the prefetch/postwrite
- * engine is enabled -- all addresses in the region behave alike:
- * data is read or written to the FIFO.
- */
-static uint64_t omap_gpmc_prefetch_read(void *opaque, hwaddr addr,
- unsigned size)
-{
- struct omap_gpmc_s *s = (struct omap_gpmc_s *) opaque;
- uint32_t data;
- if (s->prefetch.config1 & 1) {
- /* The TRM doesn't define the behaviour if you read from the
- * FIFO when the prefetch engine is in write mode. We choose
- * to always return zero.
- */
- return 0;
- }
- /* Note that trying to read an empty fifo repeats the last byte */
- if (s->prefetch.fifopointer) {
- s->prefetch.fifopointer--;
- }
- data = s->prefetch.fifo[63 - s->prefetch.fifopointer];
- if (s->prefetch.fifopointer ==
- (64 - prefetch_threshold(s->prefetch.config1))) {
- /* We've drained THRESHOLD bytes now. So deassert the
- * DMA request, then refill the FIFO (which will probably
- * assert it again.)
- */
- omap_gpmc_dma_update(s, 0);
- fill_prefetch_fifo(s);
- }
- omap_gpmc_int_update(s);
- return data;
-}
-
-static void omap_gpmc_prefetch_write(void *opaque, hwaddr addr,
- uint64_t value, unsigned size)
-{
- struct omap_gpmc_s *s = (struct omap_gpmc_s *) opaque;
- int cs = prefetch_cs(s->prefetch.config1);
- if ((s->prefetch.config1 & 1) == 0) {
- /* The TRM doesn't define the behaviour of writing to the
- * FIFO when the prefetch engine is in read mode. We
- * choose to ignore the write.
- */
- return;
- }
- if (s->prefetch.count == 0) {
- /* The TRM doesn't define the behaviour of writing to the
- * FIFO if the transfer is complete. We choose to ignore.
- */
- return;
- }
- /* The only reason we do any data buffering in postwrite
- * mode is if we are talking to a 16 bit NAND device, in
- * which case we need to buffer the first byte of the
- * 16 bit word until the other byte arrives.
- */
- int is16bit = (((s->cs_file[cs].config[0] >> 12) & 3) != 0);
- if (is16bit) {
- /* fifopointer alternates between 64 (waiting for first
- * byte of word) and 63 (waiting for second byte)
- */
- if (s->prefetch.fifopointer == 64) {
- s->prefetch.fifo[0] = value;
- s->prefetch.fifopointer--;
- } else {
- value = (value << 8) | s->prefetch.fifo[0];
- omap_nand_write(&s->cs_file[cs], 0, value, 2);
- s->prefetch.count--;
- s->prefetch.fifopointer = 64;
- }
- } else {
- /* Just write the byte : fifopointer remains 64 at all times */
- omap_nand_write(&s->cs_file[cs], 0, value, 1);
- s->prefetch.count--;
- }
- if (s->prefetch.count == 0) {
- /* Final transfer: raise TERMINALCOUNTSTATUS */
- s->irqst |= 2;
- s->prefetch.startengine = 0;
- }
- omap_gpmc_int_update(s);
-}
-
-static const MemoryRegionOps omap_prefetch_ops = {
- .read = omap_gpmc_prefetch_read,
- .write = omap_gpmc_prefetch_write,
- .endianness = DEVICE_NATIVE_ENDIAN,
- .impl.min_access_size = 1,
- .impl.max_access_size = 1,
-};
-
-static MemoryRegion *omap_gpmc_cs_memregion(struct omap_gpmc_s *s, int cs)
-{
- /* Return the MemoryRegion* to map/unmap for this chipselect */
- struct omap_gpmc_cs_file_s *f = &s->cs_file[cs];
- if (omap_gpmc_devtype(f) == OMAP_GPMC_NOR) {
- return f->iomem;
- }
- if ((s->prefetch.config1 & 0x80) &&
- (prefetch_cs(s->prefetch.config1) == cs)) {
- /* The prefetch engine is enabled for this CS: map the FIFO */
- return &s->prefetch.iomem;
- }
- return &f->nandiomem;
-}
-
-static void omap_gpmc_cs_map(struct omap_gpmc_s *s, int cs)
-{
- struct omap_gpmc_cs_file_s *f = &s->cs_file[cs];
- uint32_t mask = (f->config[6] >> 8) & 0xf;
- uint32_t base = f->config[6] & 0x3f;
- uint32_t size;
-
- if (!f->iomem && !f->dev) {
- return;
- }
-
- if (!(f->config[6] & (1 << 6))) {
- /* Do nothing unless CSVALID */
- return;
- }
-
- /* TODO: check for overlapping regions and report access errors */
- if (mask != 0x8 && mask != 0xc && mask != 0xe && mask != 0xf
- && !(s->accept_256 && !mask)) {
- fprintf(stderr, "%s: invalid chip-select mask address (0x%x)\n",
- __func__, mask);
- }
-
- base <<= 24;
- size = (0x0fffffff & ~(mask << 24)) + 1;
- /* TODO: rather than setting the size of the mapping (which should be
- * constant), the mask should cause wrapping of the address space, so
- * that the same memory becomes accessible at every <i>size</i> bytes
- * starting from <i>base</i>. */
- memory_region_init(&f->container, "omap-gpmc-file", size);
- memory_region_add_subregion(&f->container, 0,
- omap_gpmc_cs_memregion(s, cs));
- memory_region_add_subregion(get_system_memory(), base,
- &f->container);
-}
-
-static void omap_gpmc_cs_unmap(struct omap_gpmc_s *s, int cs)
-{
- struct omap_gpmc_cs_file_s *f = &s->cs_file[cs];
- if (!(f->config[6] & (1 << 6))) {
- /* Do nothing unless CSVALID */
- return;
- }
- if (!f->iomem && !f->dev) {
- return;
- }
- memory_region_del_subregion(get_system_memory(), &f->container);
- memory_region_del_subregion(&f->container, omap_gpmc_cs_memregion(s, cs));
- memory_region_destroy(&f->container);
-}
-
-void omap_gpmc_reset(struct omap_gpmc_s *s)
-{
- int i;
-
- s->sysconfig = 0;
- s->irqst = 0;
- s->irqen = 0;
- omap_gpmc_int_update(s);
- for (i = 0; i < 8; i++) {
- /* This has to happen before we change any of the config
- * used to determine which memory regions are mapped or unmapped.
- */
- omap_gpmc_cs_unmap(s, i);
- }
- s->timeout = 0;
- s->config = 0xa00;
- s->prefetch.config1 = 0x00004000;
- s->prefetch.transfercount = 0x00000000;
- s->prefetch.startengine = 0;
- s->prefetch.fifopointer = 0;
- s->prefetch.count = 0;
- for (i = 0; i < 8; i ++) {
- s->cs_file[i].config[1] = 0x101001;
- s->cs_file[i].config[2] = 0x020201;
- s->cs_file[i].config[3] = 0x10031003;
- s->cs_file[i].config[4] = 0x10f1111;
- s->cs_file[i].config[5] = 0;
- s->cs_file[i].config[6] = 0xf00 | (i ? 0 : 1 << 6);
-
- s->cs_file[i].config[6] = 0xf00;
- /* In theory we could probe attached devices for some CFG1
- * bits here, but we just retain them across resets as they
- * were set initially by omap_gpmc_attach().
- */
- if (i == 0) {
- s->cs_file[i].config[0] &= 0x00433e00;
- s->cs_file[i].config[6] |= 1 << 6; /* CSVALID */
- omap_gpmc_cs_map(s, i);
- } else {
- s->cs_file[i].config[0] &= 0x00403c00;
- }
- }
- s->ecc_cs = 0;
- s->ecc_ptr = 0;
- s->ecc_cfg = 0x3fcff000;
- for (i = 0; i < 9; i ++)
- ecc_reset(&s->ecc[i]);
-}
-
-static int gpmc_wordaccess_only(hwaddr addr)
-{
- /* Return true if the register offset is to a register that
- * only permits word width accesses.
- * Non-word accesses are only OK for GPMC_NAND_DATA/ADDRESS/COMMAND
- * for any chipselect.
- */
- if (addr >= 0x60 && addr <= 0x1d4) {
- int cs = (addr - 0x60) / 0x30;
- addr -= cs * 0x30;
- if (addr >= 0x7c && addr < 0x88) {
- /* GPMC_NAND_COMMAND, GPMC_NAND_ADDRESS, GPMC_NAND_DATA */
- return 0;
- }
- }
- return 1;
-}
-
-static uint64_t omap_gpmc_read(void *opaque, hwaddr addr,
- unsigned size)
-{
- struct omap_gpmc_s *s = (struct omap_gpmc_s *) opaque;
- int cs;
- struct omap_gpmc_cs_file_s *f;
-
- if (size != 4 && gpmc_wordaccess_only(addr)) {
- return omap_badwidth_read32(opaque, addr);
- }
-
- switch (addr) {
- case 0x000: /* GPMC_REVISION */
- return s->revision;
-
- case 0x010: /* GPMC_SYSCONFIG */
- return s->sysconfig;
-
- case 0x014: /* GPMC_SYSSTATUS */
- return 1; /* RESETDONE */
-
- case 0x018: /* GPMC_IRQSTATUS */
- return s->irqst;
-
- case 0x01c: /* GPMC_IRQENABLE */
- return s->irqen;
-
- case 0x040: /* GPMC_TIMEOUT_CONTROL */
- return s->timeout;
-
- case 0x044: /* GPMC_ERR_ADDRESS */
- case 0x048: /* GPMC_ERR_TYPE */
- return 0;
-
- case 0x050: /* GPMC_CONFIG */
- return s->config;
-
- case 0x054: /* GPMC_STATUS */
- return 0x001;
-
- case 0x060 ... 0x1d4:
- cs = (addr - 0x060) / 0x30;
- addr -= cs * 0x30;
- f = s->cs_file + cs;
- switch (addr) {
- case 0x60: /* GPMC_CONFIG1 */
- return f->config[0];
- case 0x64: /* GPMC_CONFIG2 */
- return f->config[1];
- case 0x68: /* GPMC_CONFIG3 */
- return f->config[2];
- case 0x6c: /* GPMC_CONFIG4 */
- return f->config[3];
- case 0x70: /* GPMC_CONFIG5 */
- return f->config[4];
- case 0x74: /* GPMC_CONFIG6 */
- return f->config[5];
- case 0x78: /* GPMC_CONFIG7 */
- return f->config[6];
- case 0x84 ... 0x87: /* GPMC_NAND_DATA */
- if (omap_gpmc_devtype(f) == OMAP_GPMC_NAND) {
- return omap_nand_read(f, 0, size);
- }
- return 0;
- }
- break;
-
- case 0x1e0: /* GPMC_PREFETCH_CONFIG1 */
- return s->prefetch.config1;
- case 0x1e4: /* GPMC_PREFETCH_CONFIG2 */
- return s->prefetch.transfercount;
- case 0x1ec: /* GPMC_PREFETCH_CONTROL */
- return s->prefetch.startengine;
- case 0x1f0: /* GPMC_PREFETCH_STATUS */
- /* NB: The OMAP3 TRM is inconsistent about whether the GPMC
- * FIFOTHRESHOLDSTATUS bit should be set when
- * FIFOPOINTER > FIFOTHRESHOLD or when it is >= FIFOTHRESHOLD.
- * Apparently the underlying functional spec from which the TRM was
- * created states that the behaviour is ">=", and this also
- * makes more conceptual sense.
- */
- return (s->prefetch.fifopointer << 24) |
- ((s->prefetch.fifopointer >=
- ((s->prefetch.config1 >> 8) & 0x7f) ? 1 : 0) << 16) |
- s->prefetch.count;
-
- case 0x1f4: /* GPMC_ECC_CONFIG */
- return s->ecc_cs;
- case 0x1f8: /* GPMC_ECC_CONTROL */
- return s->ecc_ptr;
- case 0x1fc: /* GPMC_ECC_SIZE_CONFIG */
- return s->ecc_cfg;
- case 0x200 ... 0x220: /* GPMC_ECC_RESULT */
- cs = (addr & 0x1f) >> 2;
- /* TODO: check correctness */
- return
- ((s->ecc[cs].cp & 0x07) << 0) |
- ((s->ecc[cs].cp & 0x38) << 13) |
- ((s->ecc[cs].lp[0] & 0x1ff) << 3) |
- ((s->ecc[cs].lp[1] & 0x1ff) << 19);
-
- case 0x230: /* GPMC_TESTMODE_CTRL */
- return 0;
- case 0x234: /* GPMC_PSA_LSB */
- case 0x238: /* GPMC_PSA_MSB */
- return 0x00000000;
- }
-
- OMAP_BAD_REG(addr);
- return 0;
-}
-
-static void omap_gpmc_write(void *opaque, hwaddr addr,
- uint64_t value, unsigned size)
-{
- struct omap_gpmc_s *s = (struct omap_gpmc_s *) opaque;
- int cs;
- struct omap_gpmc_cs_file_s *f;
-
- if (size != 4 && gpmc_wordaccess_only(addr)) {
- return omap_badwidth_write32(opaque, addr, value);
- }
-
- switch (addr) {
- case 0x000: /* GPMC_REVISION */
- case 0x014: /* GPMC_SYSSTATUS */
- case 0x054: /* GPMC_STATUS */
- case 0x1f0: /* GPMC_PREFETCH_STATUS */
- case 0x200 ... 0x220: /* GPMC_ECC_RESULT */
- case 0x234: /* GPMC_PSA_LSB */
- case 0x238: /* GPMC_PSA_MSB */
- OMAP_RO_REG(addr);
- break;
-
- case 0x010: /* GPMC_SYSCONFIG */
- if ((value >> 3) == 0x3)
- fprintf(stderr, "%s: bad SDRAM idle mode %"PRIi64"\n",
- __FUNCTION__, value >> 3);
- if (value & 2)
- omap_gpmc_reset(s);
- s->sysconfig = value & 0x19;
- break;
-
- case 0x018: /* GPMC_IRQSTATUS */
- s->irqst &= ~value;
- omap_gpmc_int_update(s);
- break;
-
- case 0x01c: /* GPMC_IRQENABLE */
- s->irqen = value & 0xf03;
- omap_gpmc_int_update(s);
- break;
-
- case 0x040: /* GPMC_TIMEOUT_CONTROL */
- s->timeout = value & 0x1ff1;
- break;
-
- case 0x044: /* GPMC_ERR_ADDRESS */
- case 0x048: /* GPMC_ERR_TYPE */
- break;
-
- case 0x050: /* GPMC_CONFIG */
- s->config = value & 0xf13;
- break;
-
- case 0x060 ... 0x1d4:
- cs = (addr - 0x060) / 0x30;
- addr -= cs * 0x30;
- f = s->cs_file + cs;
- switch (addr) {
- case 0x60: /* GPMC_CONFIG1 */
- f->config[0] = value & 0xffef3e13;
- break;
- case 0x64: /* GPMC_CONFIG2 */
- f->config[1] = value & 0x001f1f8f;
- break;
- case 0x68: /* GPMC_CONFIG3 */
- f->config[2] = value & 0x001f1f8f;
- break;
- case 0x6c: /* GPMC_CONFIG4 */
- f->config[3] = value & 0x1f8f1f8f;
- break;
- case 0x70: /* GPMC_CONFIG5 */
- f->config[4] = value & 0x0f1f1f1f;
- break;
- case 0x74: /* GPMC_CONFIG6 */
- f->config[5] = value & 0x00000fcf;
- break;
- case 0x78: /* GPMC_CONFIG7 */
- if ((f->config[6] ^ value) & 0xf7f) {
- omap_gpmc_cs_unmap(s, cs);
- f->config[6] = value & 0x00000f7f;
- omap_gpmc_cs_map(s, cs);
- }
- break;
- case 0x7c ... 0x7f: /* GPMC_NAND_COMMAND */
- if (omap_gpmc_devtype(f) == OMAP_GPMC_NAND) {
- nand_setpins(f->dev, 1, 0, 0, 1, 0); /* CLE */
- omap_nand_setio(f->dev, value, omap_gpmc_devsize(f), size);
- }
- break;
- case 0x80 ... 0x83: /* GPMC_NAND_ADDRESS */
- if (omap_gpmc_devtype(f) == OMAP_GPMC_NAND) {
- nand_setpins(f->dev, 0, 1, 0, 1, 0); /* ALE */
- omap_nand_setio(f->dev, value, omap_gpmc_devsize(f), size);
- }
- break;
- case 0x84 ... 0x87: /* GPMC_NAND_DATA */
- if (omap_gpmc_devtype(f) == OMAP_GPMC_NAND) {
- omap_nand_write(f, 0, value, size);
- }
- break;
- default:
- goto bad_reg;
- }
- break;
-
- case 0x1e0: /* GPMC_PREFETCH_CONFIG1 */
- if (!s->prefetch.startengine) {
- uint32_t newconfig1 = value & 0x7f8f7fbf;
- uint32_t changed;
- changed = newconfig1 ^ s->prefetch.config1;
- if (changed & (0x80 | 0x7000000)) {
- /* Turning the engine on or off, or mapping it somewhere else.
- * cs_map() and cs_unmap() check the prefetch config and
- * overall CSVALID bits, so it is sufficient to unmap-and-map
- * both the old cs and the new one. Note that we adhere to
- * the "unmap/change config/map" order (and not unmap twice
- * if newcs == oldcs), otherwise we'll try to delete the wrong
- * memory region.
- */
- int oldcs = prefetch_cs(s->prefetch.config1);
- int newcs = prefetch_cs(newconfig1);
- omap_gpmc_cs_unmap(s, oldcs);
- if (oldcs != newcs) {
- omap_gpmc_cs_unmap(s, newcs);
- }
- s->prefetch.config1 = newconfig1;
- omap_gpmc_cs_map(s, oldcs);
- if (oldcs != newcs) {
- omap_gpmc_cs_map(s, newcs);
- }
- } else {
- s->prefetch.config1 = newconfig1;
- }
- }
- break;
-
- case 0x1e4: /* GPMC_PREFETCH_CONFIG2 */
- if (!s->prefetch.startengine) {
- s->prefetch.transfercount = value & 0x3fff;
- }
- break;
-
- case 0x1ec: /* GPMC_PREFETCH_CONTROL */
- if (s->prefetch.startengine != (value & 1)) {
- s->prefetch.startengine = value & 1;
- if (s->prefetch.startengine) {
- /* Prefetch engine start */
- s->prefetch.count = s->prefetch.transfercount;
- if (s->prefetch.config1 & 1) {
- /* Write */
- s->prefetch.fifopointer = 64;
- } else {
- /* Read */
- s->prefetch.fifopointer = 0;
- fill_prefetch_fifo(s);
- }
- } else {
- /* Prefetch engine forcibly stopped. The TRM
- * doesn't define the behaviour if you do this.
- * We clear the prefetch count, which means that
- * we permit no more writes, and don't read any
- * more data from NAND. The CPU can still drain
- * the FIFO of unread data.
- */
- s->prefetch.count = 0;
- }
- omap_gpmc_int_update(s);
- }
- break;
-
- case 0x1f4: /* GPMC_ECC_CONFIG */
- s->ecc_cs = 0x8f;
- break;
- case 0x1f8: /* GPMC_ECC_CONTROL */
- if (value & (1 << 8))
- for (cs = 0; cs < 9; cs ++)
- ecc_reset(&s->ecc[cs]);
- s->ecc_ptr = value & 0xf;
- if (s->ecc_ptr == 0 || s->ecc_ptr > 9) {
- s->ecc_ptr = 0;
- s->ecc_cs &= ~1;
- }
- break;
- case 0x1fc: /* GPMC_ECC_SIZE_CONFIG */
- s->ecc_cfg = value & 0x3fcff1ff;
- break;
- case 0x230: /* GPMC_TESTMODE_CTRL */
- if (value & 7)
- fprintf(stderr, "%s: test mode enable attempt\n", __FUNCTION__);
- break;
-
- default:
- bad_reg:
- OMAP_BAD_REG(addr);
- return;
- }
-}
-
-static const MemoryRegionOps omap_gpmc_ops = {
- .read = omap_gpmc_read,
- .write = omap_gpmc_write,
- .endianness = DEVICE_NATIVE_ENDIAN,
-};
-
-struct omap_gpmc_s *omap_gpmc_init(struct omap_mpu_state_s *mpu,
- hwaddr base,
- qemu_irq irq, qemu_irq drq)
-{
- int cs;
- struct omap_gpmc_s *s = (struct omap_gpmc_s *)
- g_malloc0(sizeof(struct omap_gpmc_s));
-
- memory_region_init_io(&s->iomem, &omap_gpmc_ops, s, "omap-gpmc", 0x1000);
- memory_region_add_subregion(get_system_memory(), base, &s->iomem);
-
- s->irq = irq;
- s->drq = drq;
- s->accept_256 = cpu_is_omap3630(mpu);
- s->revision = cpu_class_omap3(mpu) ? 0x50 : 0x20;
- s->lastirq = 0;
- omap_gpmc_reset(s);
-
- /* We have to register a different IO memory handler for each
- * chip select region in case a NAND device is mapped there. We
- * make the region the worst-case size of 256MB and rely on the
- * container memory region in cs_map to chop it down to the actual
- * guest-requested size.
- */
- for (cs = 0; cs < 8; cs++) {
- memory_region_init_io(&s->cs_file[cs].nandiomem,
- &omap_nand_ops,
- &s->cs_file[cs],
- "omap-nand",
- 256 * 1024 * 1024);
- }
-
- memory_region_init_io(&s->prefetch.iomem, &omap_prefetch_ops, s,
- "omap-gpmc-prefetch", 256 * 1024 * 1024);
- return s;
-}
-
-void omap_gpmc_attach(struct omap_gpmc_s *s, int cs, MemoryRegion *iomem)
-{
- struct omap_gpmc_cs_file_s *f;
- assert(iomem);
-
- if (cs < 0 || cs >= 8) {
- fprintf(stderr, "%s: bad chip-select %i\n", __FUNCTION__, cs);
- exit(-1);
- }
- f = &s->cs_file[cs];
-
- omap_gpmc_cs_unmap(s, cs);
- f->config[0] &= ~(0xf << 10);
- f->iomem = iomem;
- omap_gpmc_cs_map(s, cs);
-}
-
-void omap_gpmc_attach_nand(struct omap_gpmc_s *s, int cs, DeviceState *nand)
-{
- struct omap_gpmc_cs_file_s *f;
- assert(nand);
-
- if (cs < 0 || cs >= 8) {
- fprintf(stderr, "%s: bad chip-select %i\n", __func__, cs);
- exit(-1);
- }
- f = &s->cs_file[cs];
-
- omap_gpmc_cs_unmap(s, cs);
- f->config[0] &= ~(0xf << 10);
- f->config[0] |= (OMAP_GPMC_NAND << 10);
- f->dev = nand;
- if (nand_getbuswidth(f->dev) == 16) {
- f->config[0] |= OMAP_GPMC_16BIT << 12;
- }
- omap_gpmc_cs_map(s, cs);
-}
diff --git a/hw/omap_gptimer.c b/hw/omap_gptimer.c
deleted file mode 100644
index e39da7406..000000000
--- a/hw/omap_gptimer.c
+++ /dev/null
@@ -1,488 +0,0 @@
-/*
- * TI OMAP2 general purpose timers emulation.
- *
- * Copyright (C) 2007-2008 Nokia Corporation
- * Written by Andrzej Zaborowski <andrew@openedhand.com>
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License as
- * published by the Free Software Foundation; either version 2 or
- * (at your option) any later version of the License.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, see <http://www.gnu.org/licenses/>.
- */
-#include "hw.h"
-#include "qemu-timer.h"
-#include "omap.h"
-
-/* GP timers */
-struct omap_gp_timer_s {
- MemoryRegion iomem;
- qemu_irq irq;
- qemu_irq wkup;
- qemu_irq in;
- qemu_irq out;
- omap_clk clk;
- QEMUTimer *timer;
- QEMUTimer *match;
- struct omap_target_agent_s *ta;
-
- int in_val;
- int out_val;
- int64_t time;
- int64_t rate;
- int64_t ticks_per_sec;
-
- int16_t config;
- int status;
- int it_ena;
- int wu_ena;
- int enable;
- int inout;
- int capt2;
- int pt;
- enum {
- gpt_trigger_none, gpt_trigger_overflow, gpt_trigger_both
- } trigger;
- enum {
- gpt_capture_none, gpt_capture_rising,
- gpt_capture_falling, gpt_capture_both
- } capture;
- int scpwm;
- int ce;
- int pre;
- int ptv;
- int ar;
- int st;
- int posted;
- uint32_t val;
- uint32_t load_val;
- uint32_t capture_val[2];
- uint32_t match_val;
- int capt_num;
-
- uint16_t writeh; /* LSB */
- uint16_t readh; /* MSB */
-};
-
-#define GPT_TCAR_IT (1 << 2)
-#define GPT_OVF_IT (1 << 1)
-#define GPT_MAT_IT (1 << 0)
-
-static inline void omap_gp_timer_intr(struct omap_gp_timer_s *timer, int it)
-{
- if (timer->it_ena & it) {
- if (!timer->status)
- qemu_irq_raise(timer->irq);
-
- timer->status |= it;
- /* Or are the status bits set even when masked?
- * i.e. is masking applied before or after the status register? */
- }
-
- if (timer->wu_ena & it)
- qemu_irq_pulse(timer->wkup);
-}
-
-static inline void omap_gp_timer_out(struct omap_gp_timer_s *timer, int level)
-{
- if (!timer->inout && timer->out_val != level) {
- timer->out_val = level;
- qemu_set_irq(timer->out, level);
- }
-}
-
-static inline uint32_t omap_gp_timer_read(struct omap_gp_timer_s *timer)
-{
- uint64_t distance;
-
- if (timer->st && timer->rate) {
- distance = qemu_get_clock_ns(vm_clock) - timer->time;
- distance = muldiv64(distance, timer->rate, timer->ticks_per_sec);
-
- if (distance >= 0xffffffff - timer->val)
- return 0xffffffff;
- else
- return timer->val + distance;
- } else
- return timer->val;
-}
-
-static inline void omap_gp_timer_sync(struct omap_gp_timer_s *timer)
-{
- if (timer->st) {
- timer->val = omap_gp_timer_read(timer);
- timer->time = qemu_get_clock_ns(vm_clock);
- }
-}
-
-static inline void omap_gp_timer_update(struct omap_gp_timer_s *timer)
-{
- int64_t expires, matches;
-
- if (timer->st && timer->rate) {
- expires = muldiv64(0x100000000ll - timer->val,
- timer->ticks_per_sec, timer->rate);
- qemu_mod_timer(timer->timer, timer->time + expires);
-
- if (timer->ce && timer->match_val >= timer->val) {
- matches = muldiv64(timer->match_val - timer->val,
- timer->ticks_per_sec, timer->rate);
- qemu_mod_timer(timer->match, timer->time + matches);
- } else
- qemu_del_timer(timer->match);
- } else {
- qemu_del_timer(timer->timer);
- qemu_del_timer(timer->match);
- omap_gp_timer_out(timer, timer->scpwm);
- }
-}
-
-static inline void omap_gp_timer_trigger(struct omap_gp_timer_s *timer)
-{
- if (timer->pt)
- /* TODO in overflow-and-match mode if the first event to
- * occur is the match, don't toggle. */
- omap_gp_timer_out(timer, !timer->out_val);
- else
- /* TODO inverted pulse on timer->out_val == 1? */
- qemu_irq_pulse(timer->out);
-}
-
-static void omap_gp_timer_tick(void *opaque)
-{
- struct omap_gp_timer_s *timer = (struct omap_gp_timer_s *) opaque;
-
- if (!timer->ar) {
- timer->st = 0;
- timer->val = 0;
- } else {
- timer->val = timer->load_val;
- timer->time = qemu_get_clock_ns(vm_clock);
- }
-
- if (timer->trigger == gpt_trigger_overflow ||
- timer->trigger == gpt_trigger_both)
- omap_gp_timer_trigger(timer);
-
- omap_gp_timer_intr(timer, GPT_OVF_IT);
- omap_gp_timer_update(timer);
-}
-
-static void omap_gp_timer_match(void *opaque)
-{
- struct omap_gp_timer_s *timer = (struct omap_gp_timer_s *) opaque;
-
- if (timer->trigger == gpt_trigger_both)
- omap_gp_timer_trigger(timer);
-
- omap_gp_timer_intr(timer, GPT_MAT_IT);
-}
-
-static void omap_gp_timer_input(void *opaque, int line, int on)
-{
- struct omap_gp_timer_s *s = (struct omap_gp_timer_s *) opaque;
- int trigger;
-
- switch (s->capture) {
- default:
- case gpt_capture_none:
- trigger = 0;
- break;
- case gpt_capture_rising:
- trigger = !s->in_val && on;
- break;
- case gpt_capture_falling:
- trigger = s->in_val && !on;
- break;
- case gpt_capture_both:
- trigger = (s->in_val == !on);
- break;
- }
- s->in_val = on;
-
- if (s->inout && trigger && s->capt_num < 2) {
- s->capture_val[s->capt_num] = omap_gp_timer_read(s);
-
- if (s->capt2 == s->capt_num ++)
- omap_gp_timer_intr(s, GPT_TCAR_IT);
- }
-}
-
-static void omap_gp_timer_clk_update(void *opaque, int line, int on)
-{
- struct omap_gp_timer_s *timer = (struct omap_gp_timer_s *) opaque;
-
- omap_gp_timer_sync(timer);
- timer->rate = on ? omap_clk_getrate(timer->clk) : 0;
- omap_gp_timer_update(timer);
-}
-
-static void omap_gp_timer_clk_setup(struct omap_gp_timer_s *timer)
-{
- omap_clk_adduser(timer->clk,
- qemu_allocate_irqs(omap_gp_timer_clk_update, timer, 1)[0]);
- timer->rate = omap_clk_getrate(timer->clk);
-}
-
-void omap_gp_timer_reset(struct omap_gp_timer_s *s)
-{
- s->config = 0x000;
- s->status = 0;
- s->it_ena = 0;
- s->wu_ena = 0;
- s->inout = 0;
- s->capt2 = 0;
- s->capt_num = 0;
- s->pt = 0;
- s->trigger = gpt_trigger_none;
- s->capture = gpt_capture_none;
- s->scpwm = 0;
- s->ce = 0;
- s->pre = 0;
- s->ptv = 0;
- s->ar = 0;
- s->st = 0;
- s->posted = 1;
- s->val = 0x00000000;
- s->load_val = 0x00000000;
- s->capture_val[0] = 0x00000000;
- s->capture_val[1] = 0x00000000;
- s->match_val = 0x00000000;
- omap_gp_timer_update(s);
-}
-
-static uint32_t omap_gp_timer_readw(void *opaque, hwaddr addr)
-{
- struct omap_gp_timer_s *s = (struct omap_gp_timer_s *) opaque;
-
- switch (addr) {
- case 0x00: /* TIDR */
- return 0x21;
-
- case 0x10: /* TIOCP_CFG */
- return s->config;
-
- case 0x14: /* TISTAT */
- /* ??? When's this bit reset? */
- return 1; /* RESETDONE */
-
- case 0x18: /* TISR */
- return s->status;
-
- case 0x1c: /* TIER */
- return s->it_ena;
-
- case 0x20: /* TWER */
- return s->wu_ena;
-
- case 0x24: /* TCLR */
- return (s->inout << 14) |
- (s->capt2 << 13) |
- (s->pt << 12) |
- (s->trigger << 10) |
- (s->capture << 8) |
- (s->scpwm << 7) |
- (s->ce << 6) |
- (s->pre << 5) |
- (s->ptv << 2) |
- (s->ar << 1) |
- (s->st << 0);
-
- case 0x28: /* TCRR */
- return omap_gp_timer_read(s);
-
- case 0x2c: /* TLDR */
- return s->load_val;
-
- case 0x30: /* TTGR */
- return 0xffffffff;
-
- case 0x34: /* TWPS */
- return 0x00000000; /* No posted writes pending. */
-
- case 0x38: /* TMAR */
- return s->match_val;
-
- case 0x3c: /* TCAR1 */
- return s->capture_val[0];
-
- case 0x40: /* TSICR */
- return s->posted << 2;
-
- case 0x44: /* TCAR2 */
- return s->capture_val[1];
- }
-
- OMAP_BAD_REG(addr);
- return 0;
-}
-
-static uint32_t omap_gp_timer_readh(void *opaque, hwaddr addr)
-{
- struct omap_gp_timer_s *s = (struct omap_gp_timer_s *) opaque;
- uint32_t ret;
-
- if (addr & 2)
- return s->readh;
- else {
- ret = omap_gp_timer_readw(opaque, addr);
- s->readh = ret >> 16;
- return ret & 0xffff;
- }
-}
-
-static void omap_gp_timer_write(void *opaque, hwaddr addr,
- uint32_t value)
-{
- struct omap_gp_timer_s *s = (struct omap_gp_timer_s *) opaque;
-
- switch (addr) {
- case 0x00: /* TIDR */
- case 0x14: /* TISTAT */
- case 0x34: /* TWPS */
- case 0x3c: /* TCAR1 */
- case 0x44: /* TCAR2 */
- OMAP_RO_REG(addr);
- break;
-
- case 0x10: /* TIOCP_CFG */
- s->config = value & 0x33d;
- if (((value >> 3) & 3) == 3) /* IDLEMODE */
- fprintf(stderr, "%s: illegal IDLEMODE value in TIOCP_CFG\n",
- __FUNCTION__);
- if (value & 2) /* SOFTRESET */
- omap_gp_timer_reset(s);
- break;
-
- case 0x18: /* TISR */
- if (value & GPT_TCAR_IT)
- s->capt_num = 0;
- if (s->status && !(s->status &= ~value))
- qemu_irq_lower(s->irq);
- break;
-
- case 0x1c: /* TIER */
- s->it_ena = value & 7;
- break;
-
- case 0x20: /* TWER */
- s->wu_ena = value & 7;
- break;
-
- case 0x24: /* TCLR */
- omap_gp_timer_sync(s);
- s->inout = (value >> 14) & 1;
- s->capt2 = (value >> 13) & 1;
- s->pt = (value >> 12) & 1;
- s->trigger = (value >> 10) & 3;
- if (s->capture == gpt_capture_none &&
- ((value >> 8) & 3) != gpt_capture_none)
- s->capt_num = 0;
- s->capture = (value >> 8) & 3;
- s->scpwm = (value >> 7) & 1;
- s->ce = (value >> 6) & 1;
- s->pre = (value >> 5) & 1;
- s->ptv = (value >> 2) & 7;
- s->ar = (value >> 1) & 1;
- s->st = (value >> 0) & 1;
- if (s->inout && s->trigger != gpt_trigger_none)
- fprintf(stderr, "%s: GP timer pin must be an output "
- "for this trigger mode\n", __FUNCTION__);
- if (!s->inout && s->capture != gpt_capture_none)
- fprintf(stderr, "%s: GP timer pin must be an input "
- "for this capture mode\n", __FUNCTION__);
- if (s->trigger == gpt_trigger_none)
- omap_gp_timer_out(s, s->scpwm);
- /* TODO: make sure this doesn't overflow 32-bits */
- s->ticks_per_sec = get_ticks_per_sec() << (s->pre ? s->ptv + 1 : 0);
- omap_gp_timer_update(s);
- break;
-
- case 0x28: /* TCRR */
- s->time = qemu_get_clock_ns(vm_clock);
- s->val = value;
- omap_gp_timer_update(s);
- break;
-
- case 0x2c: /* TLDR */
- s->load_val = value;
- break;
-
- case 0x30: /* TTGR */
- s->time = qemu_get_clock_ns(vm_clock);
- s->val = s->load_val;
- omap_gp_timer_update(s);
- break;
-
- case 0x38: /* TMAR */
- omap_gp_timer_sync(s);
- s->match_val = value;
- omap_gp_timer_update(s);
- break;
-
- case 0x40: /* TSICR */
- s->posted = (value >> 2) & 1;
- if (value & 2) /* How much exactly are we supposed to reset? */
- omap_gp_timer_reset(s);
- break;
-
- default:
- OMAP_BAD_REG(addr);
- }
-}
-
-static void omap_gp_timer_writeh(void *opaque, hwaddr addr,
- uint32_t value)
-{
- struct omap_gp_timer_s *s = (struct omap_gp_timer_s *) opaque;
-
- if (addr & 2)
- return omap_gp_timer_write(opaque, addr, (value << 16) | s->writeh);
- else
- s->writeh = (uint16_t) value;
-}
-
-static const MemoryRegionOps omap_gp_timer_ops = {
- .old_mmio = {
- .read = {
- omap_badwidth_read32,
- omap_gp_timer_readh,
- omap_gp_timer_readw,
- },
- .write = {
- omap_badwidth_write32,
- omap_gp_timer_writeh,
- omap_gp_timer_write,
- },
- },
- .endianness = DEVICE_NATIVE_ENDIAN,
-};
-
-struct omap_gp_timer_s *omap_gp_timer_init(struct omap_target_agent_s *ta,
- qemu_irq irq, omap_clk fclk, omap_clk iclk)
-{
- struct omap_gp_timer_s *s = (struct omap_gp_timer_s *)
- g_malloc0(sizeof(struct omap_gp_timer_s));
-
- s->ta = ta;
- s->irq = irq;
- s->clk = fclk;
- s->timer = qemu_new_timer_ns(vm_clock, omap_gp_timer_tick, s);
- s->match = qemu_new_timer_ns(vm_clock, omap_gp_timer_match, s);
- s->in = qemu_allocate_irqs(omap_gp_timer_input, s, 1)[0];
- omap_gp_timer_reset(s);
- omap_gp_timer_clk_setup(s);
-
- memory_region_init_io(&s->iomem, &omap_gp_timer_ops, s, "omap.gptimer",
- omap_l4_region_size(ta, 0));
- omap_l4_attach(ta, 0, &s->iomem);
-
- return s;
-}
diff --git a/hw/omap_i2c.c b/hw/omap_i2c.c
deleted file mode 100644
index ba08e6400..000000000
--- a/hw/omap_i2c.c
+++ /dev/null
@@ -1,492 +0,0 @@
-/*
- * TI OMAP on-chip I2C controller. Only "new I2C" mode supported.
- *
- * Copyright (C) 2007 Andrzej Zaborowski <balrog@zabor.org>
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License as
- * published by the Free Software Foundation; either version 2 of
- * the License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, see <http://www.gnu.org/licenses/>.
- */
-#include "hw.h"
-#include "i2c.h"
-#include "omap.h"
-#include "sysbus.h"
-
-
-typedef struct OMAPI2CState {
- SysBusDevice busdev;
- MemoryRegion iomem;
- qemu_irq irq;
- qemu_irq drq[2];
- i2c_bus *bus;
-
- uint8_t revision;
- void *iclk;
- void *fclk;
-
- uint8_t mask;
- uint16_t stat;
- uint16_t dma;
- uint16_t count;
- int count_cur;
- uint32_t fifo;
- int rxlen;
- int txlen;
- uint16_t control;
- uint16_t addr[2];
- uint8_t divider;
- uint8_t times[2];
- uint16_t test;
-} OMAPI2CState;
-
-#define OMAP2_INTR_REV 0x34
-#define OMAP2_GC_REV 0x34
-
-static void omap_i2c_interrupts_update(OMAPI2CState *s)
-{
- qemu_set_irq(s->irq, s->stat & s->mask);
- if ((s->dma >> 15) & 1) /* RDMA_EN */
- qemu_set_irq(s->drq[0], (s->stat >> 3) & 1); /* RRDY */
- if ((s->dma >> 7) & 1) /* XDMA_EN */
- qemu_set_irq(s->drq[1], (s->stat >> 4) & 1); /* XRDY */
-}
-
-static void omap_i2c_fifo_run(OMAPI2CState *s)
-{
- int ack = 1;
-
- if (!i2c_bus_busy(s->bus))
- return;
-
- if ((s->control >> 2) & 1) { /* RM */
- if ((s->control >> 1) & 1) { /* STP */
- i2c_end_transfer(s->bus);
- s->control &= ~(1 << 1); /* STP */
- s->count_cur = s->count;
- s->txlen = 0;
- } else if ((s->control >> 9) & 1) { /* TRX */
- while (ack && s->txlen)
- ack = (i2c_send(s->bus,
- (s->fifo >> ((-- s->txlen) << 3)) &
- 0xff) >= 0);
- s->stat |= 1 << 4; /* XRDY */
- } else {
- while (s->rxlen < 4)
- s->fifo |= i2c_recv(s->bus) << ((s->rxlen ++) << 3);
- s->stat |= 1 << 3; /* RRDY */
- }
- } else {
- if ((s->control >> 9) & 1) { /* TRX */
- while (ack && s->count_cur && s->txlen) {
- ack = (i2c_send(s->bus,
- (s->fifo >> ((-- s->txlen) << 3)) &
- 0xff) >= 0);
- s->count_cur --;
- }
- if (ack && s->count_cur)
- s->stat |= 1 << 4; /* XRDY */
- else
- s->stat &= ~(1 << 4); /* XRDY */
- if (!s->count_cur) {
- s->stat |= 1 << 2; /* ARDY */
- s->control &= ~(1 << 10); /* MST */
- }
- } else {
- while (s->count_cur && s->rxlen < 4) {
- s->fifo |= i2c_recv(s->bus) << ((s->rxlen ++) << 3);
- s->count_cur --;
- }
- if (s->rxlen)
- s->stat |= 1 << 3; /* RRDY */
- else
- s->stat &= ~(1 << 3); /* RRDY */
- }
- if (!s->count_cur) {
- if ((s->control >> 1) & 1) { /* STP */
- i2c_end_transfer(s->bus);
- s->control &= ~(1 << 1); /* STP */
- s->count_cur = s->count;
- s->txlen = 0;
- } else {
- s->stat |= 1 << 2; /* ARDY */
- s->control &= ~(1 << 10); /* MST */
- }
- }
- }
-
- s->stat |= (!ack) << 1; /* NACK */
- if (!ack)
- s->control &= ~(1 << 1); /* STP */
-}
-
-static void omap_i2c_reset(DeviceState *dev)
-{
- OMAPI2CState *s = FROM_SYSBUS(OMAPI2CState,
- sysbus_from_qdev(dev));
- s->mask = 0;
- s->stat = 0;
- s->dma = 0;
- s->count = 0;
- s->count_cur = 0;
- s->fifo = 0;
- s->rxlen = 0;
- s->txlen = 0;
- s->control = 0;
- s->addr[0] = 0;
- s->addr[1] = 0;
- s->divider = 0;
- s->times[0] = 0;
- s->times[1] = 0;
- s->test = 0;
-}
-
-static uint32_t omap_i2c_read(void *opaque, hwaddr addr)
-{
- OMAPI2CState *s = opaque;
- int offset = addr & OMAP_MPUI_REG_MASK;
- uint16_t ret;
-
- switch (offset) {
- case 0x00: /* I2C_REV */
- return s->revision; /* REV */
-
- case 0x04: /* I2C_IE */
- return s->mask;
-
- case 0x08: /* I2C_STAT */
- return s->stat | (i2c_bus_busy(s->bus) << 12);
-
- case 0x0c: /* I2C_IV */
- if (s->revision >= OMAP2_INTR_REV)
- break;
- ret = ffs(s->stat & s->mask);
- if (ret)
- s->stat ^= 1 << (ret - 1);
- omap_i2c_interrupts_update(s);
- return ret;
-
- case 0x10: /* I2C_SYSS */
- return (s->control >> 15) & 1; /* I2C_EN */
-
- case 0x14: /* I2C_BUF */
- return s->dma;
-
- case 0x18: /* I2C_CNT */
- return s->count_cur; /* DCOUNT */
-
- case 0x1c: /* I2C_DATA */
- ret = 0;
- if (s->control & (1 << 14)) { /* BE */
- ret |= ((s->fifo >> 0) & 0xff) << 8;
- ret |= ((s->fifo >> 8) & 0xff) << 0;
- } else {
- ret |= ((s->fifo >> 8) & 0xff) << 8;
- ret |= ((s->fifo >> 0) & 0xff) << 0;
- }
- if (s->rxlen == 1) {
- s->stat |= 1 << 15; /* SBD */
- s->rxlen = 0;
- } else if (s->rxlen > 1) {
- if (s->rxlen > 2)
- s->fifo >>= 16;
- s->rxlen -= 2;
- } else {
- /* XXX: remote access (qualifier) error - what's that? */
- }
- if (!s->rxlen) {
- s->stat &= ~(1 << 3); /* RRDY */
- if (((s->control >> 10) & 1) && /* MST */
- ((~s->control >> 9) & 1)) { /* TRX */
- s->stat |= 1 << 2; /* ARDY */
- s->control &= ~(1 << 10); /* MST */
- }
- }
- s->stat &= ~(1 << 11); /* ROVR */
- omap_i2c_fifo_run(s);
- omap_i2c_interrupts_update(s);
- return ret;
-
- case 0x20: /* I2C_SYSC */
- return 0;
-
- case 0x24: /* I2C_CON */
- return s->control;
-
- case 0x28: /* I2C_OA */
- return s->addr[0];
-
- case 0x2c: /* I2C_SA */
- return s->addr[1];
-
- case 0x30: /* I2C_PSC */
- return s->divider;
-
- case 0x34: /* I2C_SCLL */
- return s->times[0];
-
- case 0x38: /* I2C_SCLH */
- return s->times[1];
-
- case 0x3c: /* I2C_SYSTEST */
- if (s->test & (1 << 15)) { /* ST_EN */
- s->test ^= 0xa;
- return s->test;
- } else
- return s->test & ~0x300f;
- }
-
- OMAP_BAD_REG(addr);
- return 0;
-}
-
-static void omap_i2c_write(void *opaque, hwaddr addr,
- uint32_t value)
-{
- OMAPI2CState *s = opaque;
- int offset = addr & OMAP_MPUI_REG_MASK;
- int nack;
-
- switch (offset) {
- case 0x00: /* I2C_REV */
- case 0x0c: /* I2C_IV */
- case 0x10: /* I2C_SYSS */
- OMAP_RO_REG(addr);
- return;
-
- case 0x04: /* I2C_IE */
- s->mask = value & (s->revision < OMAP2_GC_REV ? 0x1f : 0x3f);
- break;
-
- case 0x08: /* I2C_STAT */
- if (s->revision < OMAP2_INTR_REV) {
- OMAP_RO_REG(addr);
- return;
- }
-
- /* RRDY and XRDY are reset by hardware. (in all versions???) */
- s->stat &= ~(value & 0x27);
- omap_i2c_interrupts_update(s);
- break;
-
- case 0x14: /* I2C_BUF */
- s->dma = value & 0x8080;
- if (value & (1 << 15)) /* RDMA_EN */
- s->mask &= ~(1 << 3); /* RRDY_IE */
- if (value & (1 << 7)) /* XDMA_EN */
- s->mask &= ~(1 << 4); /* XRDY_IE */
- break;
-
- case 0x18: /* I2C_CNT */
- s->count = value; /* DCOUNT */
- break;
-
- case 0x1c: /* I2C_DATA */
- if (s->txlen > 2) {
- /* XXX: remote access (qualifier) error - what's that? */
- break;
- }
- s->fifo <<= 16;
- s->txlen += 2;
- if (s->control & (1 << 14)) { /* BE */
- s->fifo |= ((value >> 8) & 0xff) << 8;
- s->fifo |= ((value >> 0) & 0xff) << 0;
- } else {
- s->fifo |= ((value >> 0) & 0xff) << 8;
- s->fifo |= ((value >> 8) & 0xff) << 0;
- }
- s->stat &= ~(1 << 10); /* XUDF */
- if (s->txlen > 2)
- s->stat &= ~(1 << 4); /* XRDY */
- omap_i2c_fifo_run(s);
- omap_i2c_interrupts_update(s);
- break;
-
- case 0x20: /* I2C_SYSC */
- if (s->revision < OMAP2_INTR_REV) {
- OMAP_BAD_REG(addr);
- return;
- }
-
- if (value & 2)
- omap_i2c_reset(&s->busdev.qdev);
- break;
-
- case 0x24: /* I2C_CON */
- s->control = value & 0xcf87;
- if (~value & (1 << 15)) { /* I2C_EN */
- if (s->revision < OMAP2_INTR_REV)
- omap_i2c_reset(&s->busdev.qdev);
- break;
- }
- if ((value & (1 << 15)) && !(value & (1 << 10))) { /* MST */
- fprintf(stderr, "%s: I^2C slave mode not supported\n",
- __FUNCTION__);
- break;
- }
- if ((value & (1 << 15)) && value & (1 << 8)) { /* XA */
- fprintf(stderr, "%s: 10-bit addressing mode not supported\n",
- __FUNCTION__);
- break;
- }
- if ((value & (1 << 15)) && value & (1 << 0)) { /* STT */
- nack = !!i2c_start_transfer(s->bus, s->addr[1], /* SA */
- (~value >> 9) & 1); /* TRX */
- s->stat |= nack << 1; /* NACK */
- s->control &= ~(1 << 0); /* STT */
- s->fifo = 0;
- if (nack)
- s->control &= ~(1 << 1); /* STP */
- else {
- s->count_cur = s->count;
- omap_i2c_fifo_run(s);
- }
- omap_i2c_interrupts_update(s);
- }
- break;
-
- case 0x28: /* I2C_OA */
- s->addr[0] = value & 0x3ff;
- break;
-
- case 0x2c: /* I2C_SA */
- s->addr[1] = value & 0x3ff;
- break;
-
- case 0x30: /* I2C_PSC */
- s->divider = value;
- break;
-
- case 0x34: /* I2C_SCLL */
- s->times[0] = value;
- break;
-
- case 0x38: /* I2C_SCLH */
- s->times[1] = value;
- break;
-
- case 0x3c: /* I2C_SYSTEST */
- s->test = value & 0xf80f;
- if (value & (1 << 11)) /* SBB */
- if (s->revision >= OMAP2_INTR_REV) {
- s->stat |= 0x3f;
- omap_i2c_interrupts_update(s);
- }
- if (value & (1 << 15)) /* ST_EN */
- fprintf(stderr, "%s: System Test not supported\n", __FUNCTION__);
- break;
-
- default:
- OMAP_BAD_REG(addr);
- return;
- }
-}
-
-static void omap_i2c_writeb(void *opaque, hwaddr addr,
- uint32_t value)
-{
- OMAPI2CState *s = opaque;
- int offset = addr & OMAP_MPUI_REG_MASK;
-
- switch (offset) {
- case 0x1c: /* I2C_DATA */
- if (s->txlen > 2) {
- /* XXX: remote access (qualifier) error - what's that? */
- break;
- }
- s->fifo <<= 8;
- s->txlen += 1;
- s->fifo |= value & 0xff;
- s->stat &= ~(1 << 10); /* XUDF */
- if (s->txlen > 2)
- s->stat &= ~(1 << 4); /* XRDY */
- omap_i2c_fifo_run(s);
- omap_i2c_interrupts_update(s);
- break;
-
- default:
- OMAP_BAD_REG(addr);
- return;
- }
-}
-
-static const MemoryRegionOps omap_i2c_ops = {
- .old_mmio = {
- .read = {
- omap_badwidth_read16,
- omap_i2c_read,
- omap_badwidth_read16,
- },
- .write = {
- omap_i2c_writeb, /* Only the last fifo write can be 8 bit. */
- omap_i2c_write,
- omap_badwidth_write16,
- },
- },
- .endianness = DEVICE_NATIVE_ENDIAN,
-};
-
-static int omap_i2c_init(SysBusDevice *dev)
-{
- OMAPI2CState *s = FROM_SYSBUS(OMAPI2CState, dev);
-
- if (!s->fclk) {
- hw_error("omap_i2c: fclk not connected\n");
- }
- if (s->revision >= OMAP2_INTR_REV && !s->iclk) {
- /* Note that OMAP1 doesn't have a separate interface clock */
- hw_error("omap_i2c: iclk not connected\n");
- }
- sysbus_init_irq(dev, &s->irq);
- sysbus_init_irq(dev, &s->drq[0]);
- sysbus_init_irq(dev, &s->drq[1]);
- memory_region_init_io(&s->iomem, &omap_i2c_ops, s, "omap.i2c",
- (s->revision < OMAP2_INTR_REV) ? 0x800 : 0x1000);
- sysbus_init_mmio(dev, &s->iomem);
- s->bus = i2c_init_bus(&dev->qdev, NULL);
- return 0;
-}
-
-static Property omap_i2c_properties[] = {
- DEFINE_PROP_UINT8("revision", OMAPI2CState, revision, 0),
- DEFINE_PROP_PTR("iclk", OMAPI2CState, iclk),
- DEFINE_PROP_PTR("fclk", OMAPI2CState, fclk),
- DEFINE_PROP_END_OF_LIST(),
-};
-
-static void omap_i2c_class_init(ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS(klass);
- SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
- k->init = omap_i2c_init;
- dc->props = omap_i2c_properties;
- dc->reset = omap_i2c_reset;
-}
-
-static TypeInfo omap_i2c_info = {
- .name = "omap_i2c",
- .parent = TYPE_SYS_BUS_DEVICE,
- .instance_size = sizeof(OMAPI2CState),
- .class_init = omap_i2c_class_init,
-};
-
-static void omap_i2c_register_types(void)
-{
- type_register_static(&omap_i2c_info);
-}
-
-i2c_bus *omap_i2c_bus(DeviceState *omap_i2c)
-{
- OMAPI2CState *s = FROM_SYSBUS(OMAPI2CState, sysbus_from_qdev(omap_i2c));
- return s->bus;
-}
-
-type_init(omap_i2c_register_types)
diff --git a/hw/omap_intc.c b/hw/omap_intc.c
deleted file mode 100644
index 61e0dafbd..000000000
--- a/hw/omap_intc.c
+++ /dev/null
@@ -1,649 +0,0 @@
-/*
- * TI OMAP interrupt controller emulation.
- *
- * Copyright (C) 2006-2008 Andrzej Zaborowski <balrog@zabor.org>
- * Copyright (C) 2007-2008 Nokia Corporation
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License as
- * published by the Free Software Foundation; either version 2 or
- * (at your option) version 3 of the License.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, see <http://www.gnu.org/licenses/>.
- */
-#include "hw.h"
-#include "omap.h"
-#include "sysbus.h"
-
-/* Interrupt Handlers */
-struct omap_intr_handler_bank_s {
- uint32_t irqs;
- uint32_t inputs;
- uint32_t mask;
- uint32_t fiq;
- uint32_t sens_edge;
- uint32_t swi;
- unsigned char priority[32];
-};
-
-struct omap_intr_handler_s {
- SysBusDevice busdev;
- qemu_irq *pins;
- qemu_irq parent_intr[2];
- MemoryRegion mmio;
- void *iclk;
- void *fclk;
- unsigned char nbanks;
- int level_only;
- uint32_t size;
-
- uint8_t revision;
-
- /* state */
- uint32_t new_agr[2];
- int sir_intr[2];
- int autoidle;
- uint32_t mask;
- struct omap_intr_handler_bank_s bank[3];
-};
-
-static void omap_inth_sir_update(struct omap_intr_handler_s *s, int is_fiq)
-{
- int i, j, sir_intr, p_intr, p, f;
- uint32_t level;
- sir_intr = 0;
- p_intr = 255;
-
- /* Find the interrupt line with the highest dynamic priority.
- * Note: 0 denotes the hightest priority.
- * If all interrupts have the same priority, the default order is IRQ_N,
- * IRQ_N-1,...,IRQ_0. */
- for (j = 0; j < s->nbanks; ++j) {
- level = s->bank[j].irqs & ~s->bank[j].mask &
- (is_fiq ? s->bank[j].fiq : ~s->bank[j].fiq);
- for (f = ffs(level), i = f - 1, level >>= f - 1; f; i += f,
- level >>= f) {
- p = s->bank[j].priority[i];
- if (p <= p_intr) {
- p_intr = p;
- sir_intr = 32 * j + i;
- }
- f = ffs(level >> 1);
- }
- }
- s->sir_intr[is_fiq] = sir_intr;
-}
-
-static inline void omap_inth_update(struct omap_intr_handler_s *s, int is_fiq)
-{
- int i;
- uint32_t has_intr = 0;
-
- for (i = 0; i < s->nbanks; ++i)
- has_intr |= s->bank[i].irqs & ~s->bank[i].mask &
- (is_fiq ? s->bank[i].fiq : ~s->bank[i].fiq);
-
- if (s->new_agr[is_fiq] & has_intr & s->mask) {
- s->new_agr[is_fiq] = 0;
- omap_inth_sir_update(s, is_fiq);
- qemu_set_irq(s->parent_intr[is_fiq], 1);
- }
-}
-
-#define INT_FALLING_EDGE 0
-#define INT_LOW_LEVEL 1
-
-static void omap_set_intr(void *opaque, int irq, int req)
-{
- struct omap_intr_handler_s *ih = (struct omap_intr_handler_s *) opaque;
- uint32_t rise;
-
- struct omap_intr_handler_bank_s *bank = &ih->bank[irq >> 5];
- int n = irq & 31;
-
- if (req) {
- rise = ~bank->irqs & (1 << n);
- if (~bank->sens_edge & (1 << n))
- rise &= ~bank->inputs;
-
- bank->inputs |= (1 << n);
- if (rise) {
- bank->irqs |= rise;
- omap_inth_update(ih, 0);
- omap_inth_update(ih, 1);
- }
- } else {
- rise = bank->sens_edge & bank->irqs & (1 << n);
- bank->irqs &= ~rise;
- bank->inputs &= ~(1 << n);
- }
-}
-
-/* Simplified version with no edge detection */
-static void omap_set_intr_noedge(void *opaque, int irq, int req)
-{
- struct omap_intr_handler_s *ih = (struct omap_intr_handler_s *) opaque;
- uint32_t rise;
-
- struct omap_intr_handler_bank_s *bank = &ih->bank[irq >> 5];
- int n = irq & 31;
-
- if (req) {
- rise = ~bank->inputs & (1 << n);
- if (rise) {
- bank->irqs |= bank->inputs |= rise;
- omap_inth_update(ih, 0);
- omap_inth_update(ih, 1);
- }
- } else
- bank->irqs = (bank->inputs &= ~(1 << n)) | bank->swi;
-}
-
-static uint64_t omap_inth_read(void *opaque, hwaddr addr,
- unsigned size)
-{
- struct omap_intr_handler_s *s = (struct omap_intr_handler_s *) opaque;
- int i, offset = addr;
- int bank_no = offset >> 8;
- int line_no;
- struct omap_intr_handler_bank_s *bank = &s->bank[bank_no];
- offset &= 0xff;
-
- switch (offset) {
- case 0x00: /* ITR */
- return bank->irqs;
-
- case 0x04: /* MIR */
- return bank->mask;
-
- case 0x10: /* SIR_IRQ_CODE */
- case 0x14: /* SIR_FIQ_CODE */
- if (bank_no != 0)
- break;
- line_no = s->sir_intr[(offset - 0x10) >> 2];
- bank = &s->bank[line_no >> 5];
- i = line_no & 31;
- if (((bank->sens_edge >> i) & 1) == INT_FALLING_EDGE)
- bank->irqs &= ~(1 << i);
- return line_no;
-
- case 0x18: /* CONTROL_REG */
- if (bank_no != 0)
- break;
- return 0;
-
- case 0x1c: /* ILR0 */
- case 0x20: /* ILR1 */
- case 0x24: /* ILR2 */
- case 0x28: /* ILR3 */
- case 0x2c: /* ILR4 */
- case 0x30: /* ILR5 */
- case 0x34: /* ILR6 */
- case 0x38: /* ILR7 */
- case 0x3c: /* ILR8 */
- case 0x40: /* ILR9 */
- case 0x44: /* ILR10 */
- case 0x48: /* ILR11 */
- case 0x4c: /* ILR12 */
- case 0x50: /* ILR13 */
- case 0x54: /* ILR14 */
- case 0x58: /* ILR15 */
- case 0x5c: /* ILR16 */
- case 0x60: /* ILR17 */
- case 0x64: /* ILR18 */
- case 0x68: /* ILR19 */
- case 0x6c: /* ILR20 */
- case 0x70: /* ILR21 */
- case 0x74: /* ILR22 */
- case 0x78: /* ILR23 */
- case 0x7c: /* ILR24 */
- case 0x80: /* ILR25 */
- case 0x84: /* ILR26 */
- case 0x88: /* ILR27 */
- case 0x8c: /* ILR28 */
- case 0x90: /* ILR29 */
- case 0x94: /* ILR30 */
- case 0x98: /* ILR31 */
- i = (offset - 0x1c) >> 2;
- return (bank->priority[i] << 2) |
- (((bank->sens_edge >> i) & 1) << 1) |
- ((bank->fiq >> i) & 1);
-
- case 0x9c: /* ISR */
- return 0x00000000;
-
- }
- OMAP_BAD_REG(addr);
- return 0;
-}
-
-static void omap_inth_write(void *opaque, hwaddr addr,
- uint64_t value, unsigned size)
-{
- struct omap_intr_handler_s *s = (struct omap_intr_handler_s *) opaque;
- int i, offset = addr;
- int bank_no = offset >> 8;
- struct omap_intr_handler_bank_s *bank = &s->bank[bank_no];
- offset &= 0xff;
-
- switch (offset) {
- case 0x00: /* ITR */
- /* Important: ignore the clearing if the IRQ is level-triggered and
- the input bit is 1 */
- bank->irqs &= value | (bank->inputs & bank->sens_edge);
- return;
-
- case 0x04: /* MIR */
- bank->mask = value;
- omap_inth_update(s, 0);
- omap_inth_update(s, 1);
- return;
-
- case 0x10: /* SIR_IRQ_CODE */
- case 0x14: /* SIR_FIQ_CODE */
- OMAP_RO_REG(addr);
- break;
-
- case 0x18: /* CONTROL_REG */
- if (bank_no != 0)
- break;
- if (value & 2) {
- qemu_set_irq(s->parent_intr[1], 0);
- s->new_agr[1] = ~0;
- omap_inth_update(s, 1);
- }
- if (value & 1) {
- qemu_set_irq(s->parent_intr[0], 0);
- s->new_agr[0] = ~0;
- omap_inth_update(s, 0);
- }
- return;
-
- case 0x1c: /* ILR0 */
- case 0x20: /* ILR1 */
- case 0x24: /* ILR2 */
- case 0x28: /* ILR3 */
- case 0x2c: /* ILR4 */
- case 0x30: /* ILR5 */
- case 0x34: /* ILR6 */
- case 0x38: /* ILR7 */
- case 0x3c: /* ILR8 */
- case 0x40: /* ILR9 */
- case 0x44: /* ILR10 */
- case 0x48: /* ILR11 */
- case 0x4c: /* ILR12 */
- case 0x50: /* ILR13 */
- case 0x54: /* ILR14 */
- case 0x58: /* ILR15 */
- case 0x5c: /* ILR16 */
- case 0x60: /* ILR17 */
- case 0x64: /* ILR18 */
- case 0x68: /* ILR19 */
- case 0x6c: /* ILR20 */
- case 0x70: /* ILR21 */
- case 0x74: /* ILR22 */
- case 0x78: /* ILR23 */
- case 0x7c: /* ILR24 */
- case 0x80: /* ILR25 */
- case 0x84: /* ILR26 */
- case 0x88: /* ILR27 */
- case 0x8c: /* ILR28 */
- case 0x90: /* ILR29 */
- case 0x94: /* ILR30 */
- case 0x98: /* ILR31 */
- i = (offset - 0x1c) >> 2;
- bank->priority[i] = (value >> 2) & 0x1f;
- bank->sens_edge &= ~(1 << i);
- bank->sens_edge |= ((value >> 1) & 1) << i;
- bank->fiq &= ~(1 << i);
- bank->fiq |= (value & 1) << i;
- return;
-
- case 0x9c: /* ISR */
- for (i = 0; i < 32; i ++)
- if (value & (1 << i)) {
- omap_set_intr(s, 32 * bank_no + i, 1);
- return;
- }
- return;
- }
- OMAP_BAD_REG(addr);
-}
-
-static const MemoryRegionOps omap_inth_mem_ops = {
- .read = omap_inth_read,
- .write = omap_inth_write,
- .endianness = DEVICE_NATIVE_ENDIAN,
- .valid = {
- .min_access_size = 4,
- .max_access_size = 4,
- },
-};
-
-static void omap_inth_reset(DeviceState *dev)
-{
- struct omap_intr_handler_s *s = FROM_SYSBUS(struct omap_intr_handler_s,
- sysbus_from_qdev(dev));
- int i;
-
- for (i = 0; i < s->nbanks; ++i){
- s->bank[i].irqs = 0x00000000;
- s->bank[i].mask = 0xffffffff;
- s->bank[i].sens_edge = 0x00000000;
- s->bank[i].fiq = 0x00000000;
- s->bank[i].inputs = 0x00000000;
- s->bank[i].swi = 0x00000000;
- memset(s->bank[i].priority, 0, sizeof(s->bank[i].priority));
-
- if (s->level_only)
- s->bank[i].sens_edge = 0xffffffff;
- }
-
- s->new_agr[0] = ~0;
- s->new_agr[1] = ~0;
- s->sir_intr[0] = 0;
- s->sir_intr[1] = 0;
- s->autoidle = 0;
- s->mask = ~0;
-
- qemu_set_irq(s->parent_intr[0], 0);
- qemu_set_irq(s->parent_intr[1], 0);
-}
-
-static int omap_intc_init(SysBusDevice *dev)
-{
- struct omap_intr_handler_s *s;
- s = FROM_SYSBUS(struct omap_intr_handler_s, dev);
- if (!s->iclk) {
- hw_error("omap-intc: clk not connected\n");
- }
- s->nbanks = 1;
- sysbus_init_irq(dev, &s->parent_intr[0]);
- sysbus_init_irq(dev, &s->parent_intr[1]);
- qdev_init_gpio_in(&dev->qdev, omap_set_intr, s->nbanks * 32);
- memory_region_init_io(&s->mmio, &omap_inth_mem_ops, s,
- "omap-intc", s->size);
- sysbus_init_mmio(dev, &s->mmio);
- return 0;
-}
-
-static Property omap_intc_properties[] = {
- DEFINE_PROP_UINT32("size", struct omap_intr_handler_s, size, 0x100),
- DEFINE_PROP_PTR("clk", struct omap_intr_handler_s, iclk),
- DEFINE_PROP_END_OF_LIST(),
-};
-
-static void omap_intc_class_init(ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS(klass);
- SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
-
- k->init = omap_intc_init;
- dc->reset = omap_inth_reset;
- dc->props = omap_intc_properties;
-}
-
-static TypeInfo omap_intc_info = {
- .name = "omap-intc",
- .parent = TYPE_SYS_BUS_DEVICE,
- .instance_size = sizeof(struct omap_intr_handler_s),
- .class_init = omap_intc_class_init,
-};
-
-static uint64_t omap2_inth_read(void *opaque, hwaddr addr,
- unsigned size)
-{
- struct omap_intr_handler_s *s = (struct omap_intr_handler_s *) opaque;
- int offset = addr;
- int bank_no, line_no;
- struct omap_intr_handler_bank_s *bank = NULL;
-
- if ((offset & 0xf80) == 0x80) {
- bank_no = (offset & 0x60) >> 5;
- if (bank_no < s->nbanks) {
- offset &= ~0x60;
- bank = &s->bank[bank_no];
- } else {
- OMAP_BAD_REG(addr);
- return 0;
- }
- }
-
- switch (offset) {
- case 0x00: /* INTC_REVISION */
- return s->revision;
-
- case 0x10: /* INTC_SYSCONFIG */
- return (s->autoidle >> 2) & 1;
-
- case 0x14: /* INTC_SYSSTATUS */
- return 1; /* RESETDONE */
-
- case 0x40: /* INTC_SIR_IRQ */
- return s->sir_intr[0];
-
- case 0x44: /* INTC_SIR_FIQ */
- return s->sir_intr[1];
-
- case 0x48: /* INTC_CONTROL */
- return (!s->mask) << 2; /* GLOBALMASK */
-
- case 0x4c: /* INTC_PROTECTION */
- return 0;
-
- case 0x50: /* INTC_IDLE */
- return s->autoidle & 3;
-
- /* Per-bank registers */
- case 0x80: /* INTC_ITR */
- return bank->inputs;
-
- case 0x84: /* INTC_MIR */
- return bank->mask;
-
- case 0x88: /* INTC_MIR_CLEAR */
- case 0x8c: /* INTC_MIR_SET */
- return 0;
-
- case 0x90: /* INTC_ISR_SET */
- return bank->swi;
-
- case 0x94: /* INTC_ISR_CLEAR */
- return 0;
-
- case 0x98: /* INTC_PENDING_IRQ */
- return bank->irqs & ~bank->mask & ~bank->fiq;
-
- case 0x9c: /* INTC_PENDING_FIQ */
- return bank->irqs & ~bank->mask & bank->fiq;
-
- /* Per-line registers */
- case 0x100 ... 0x300: /* INTC_ILR */
- bank_no = (offset - 0x100) >> 7;
- if (bank_no > s->nbanks)
- break;
- bank = &s->bank[bank_no];
- line_no = (offset & 0x7f) >> 2;
- return (bank->priority[line_no] << 2) |
- ((bank->fiq >> line_no) & 1);
- }
- OMAP_BAD_REG(addr);
- return 0;
-}
-
-static void omap2_inth_write(void *opaque, hwaddr addr,
- uint64_t value, unsigned size)
-{
- struct omap_intr_handler_s *s = (struct omap_intr_handler_s *) opaque;
- int offset = addr;
- int bank_no, line_no;
- struct omap_intr_handler_bank_s *bank = NULL;
-
- if ((offset & 0xf80) == 0x80) {
- bank_no = (offset & 0x60) >> 5;
- if (bank_no < s->nbanks) {
- offset &= ~0x60;
- bank = &s->bank[bank_no];
- } else {
- OMAP_BAD_REG(addr);
- return;
- }
- }
-
- switch (offset) {
- case 0x10: /* INTC_SYSCONFIG */
- s->autoidle &= 4;
- s->autoidle |= (value & 1) << 2;
- if (value & 2) /* SOFTRESET */
- omap_inth_reset(&s->busdev.qdev);
- return;
-
- case 0x48: /* INTC_CONTROL */
- s->mask = (value & 4) ? 0 : ~0; /* GLOBALMASK */
- if (value & 2) { /* NEWFIQAGR */
- qemu_set_irq(s->parent_intr[1], 0);
- s->new_agr[1] = ~0;
- omap_inth_update(s, 1);
- }
- if (value & 1) { /* NEWIRQAGR */
- qemu_set_irq(s->parent_intr[0], 0);
- s->new_agr[0] = ~0;
- omap_inth_update(s, 0);
- }
- return;
-
- case 0x4c: /* INTC_PROTECTION */
- /* TODO: Make a bitmap (or sizeof(char)map) of access privileges
- * for every register, see Chapter 3 and 4 for privileged mode. */
- if (value & 1)
- fprintf(stderr, "%s: protection mode enable attempt\n",
- __FUNCTION__);
- return;
-
- case 0x50: /* INTC_IDLE */
- s->autoidle &= ~3;
- s->autoidle |= value & 3;
- return;
-
- /* Per-bank registers */
- case 0x84: /* INTC_MIR */
- bank->mask = value;
- omap_inth_update(s, 0);
- omap_inth_update(s, 1);
- return;
-
- case 0x88: /* INTC_MIR_CLEAR */
- bank->mask &= ~value;
- omap_inth_update(s, 0);
- omap_inth_update(s, 1);
- return;
-
- case 0x8c: /* INTC_MIR_SET */
- bank->mask |= value;
- return;
-
- case 0x90: /* INTC_ISR_SET */
- bank->irqs |= bank->swi |= value;
- omap_inth_update(s, 0);
- omap_inth_update(s, 1);
- return;
-
- case 0x94: /* INTC_ISR_CLEAR */
- bank->swi &= ~value;
- bank->irqs = bank->swi & bank->inputs;
- return;
-
- /* Per-line registers */
- case 0x100 ... 0x300: /* INTC_ILR */
- bank_no = (offset - 0x100) >> 7;
- if (bank_no > s->nbanks)
- break;
- bank = &s->bank[bank_no];
- line_no = (offset & 0x7f) >> 2;
- bank->priority[line_no] = (value >> 2) & 0x3f;
- bank->fiq &= ~(1 << line_no);
- bank->fiq |= (value & 1) << line_no;
- return;
-
- case 0x00: /* INTC_REVISION */
- case 0x14: /* INTC_SYSSTATUS */
- case 0x40: /* INTC_SIR_IRQ */
- case 0x44: /* INTC_SIR_FIQ */
- case 0x80: /* INTC_ITR */
- case 0x98: /* INTC_PENDING_IRQ */
- case 0x9c: /* INTC_PENDING_FIQ */
- OMAP_RO_REG(addr);
- return;
- }
- OMAP_BAD_REG(addr);
-}
-
-static const MemoryRegionOps omap2_inth_mem_ops = {
- .read = omap2_inth_read,
- .write = omap2_inth_write,
- .endianness = DEVICE_NATIVE_ENDIAN,
- .valid = {
- .min_access_size = 4,
- .max_access_size = 4,
- },
-};
-
-static int omap2_intc_init(SysBusDevice *dev)
-{
- struct omap_intr_handler_s *s;
- s = FROM_SYSBUS(struct omap_intr_handler_s, dev);
- if (!s->iclk) {
- hw_error("omap2-intc: iclk not connected\n");
- }
- if (!s->fclk) {
- hw_error("omap2-intc: fclk not connected\n");
- }
- s->level_only = 1;
- s->nbanks = 3;
- sysbus_init_irq(dev, &s->parent_intr[0]);
- sysbus_init_irq(dev, &s->parent_intr[1]);
- qdev_init_gpio_in(&dev->qdev, omap_set_intr_noedge, s->nbanks * 32);
- memory_region_init_io(&s->mmio, &omap2_inth_mem_ops, s,
- "omap2-intc", 0x1000);
- sysbus_init_mmio(dev, &s->mmio);
- return 0;
-}
-
-static Property omap2_intc_properties[] = {
- DEFINE_PROP_UINT8("revision", struct omap_intr_handler_s,
- revision, 0x21),
- DEFINE_PROP_PTR("iclk", struct omap_intr_handler_s, iclk),
- DEFINE_PROP_PTR("fclk", struct omap_intr_handler_s, fclk),
- DEFINE_PROP_END_OF_LIST(),
-};
-
-static void omap2_intc_class_init(ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS(klass);
- SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
-
- k->init = omap2_intc_init;
- dc->reset = omap_inth_reset;
- dc->props = omap2_intc_properties;
-}
-
-static TypeInfo omap2_intc_info = {
- .name = "omap2-intc",
- .parent = TYPE_SYS_BUS_DEVICE,
- .instance_size = sizeof(struct omap_intr_handler_s),
- .class_init = omap2_intc_class_init,
-};
-
-static void omap_intc_register_types(void)
-{
- type_register_static(&omap_intc_info);
- type_register_static(&omap2_intc_info);
-}
-
-type_init(omap_intc_register_types)
diff --git a/hw/omap_l4.c b/hw/omap_l4.c
deleted file mode 100644
index 09e983f31..000000000
--- a/hw/omap_l4.c
+++ /dev/null
@@ -1,162 +0,0 @@
-/*
- * TI OMAP L4 interconnect emulation.
- *
- * Copyright (C) 2007-2009 Nokia Corporation
- * Written by Andrzej Zaborowski <andrew@openedhand.com>
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License as
- * published by the Free Software Foundation; either version 2 or
- * (at your option) any later version of the License.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, see <http://www.gnu.org/licenses/>.
- */
-#include "hw.h"
-#include "omap.h"
-
-struct omap_l4_s {
- MemoryRegion *address_space;
- hwaddr base;
- int ta_num;
- struct omap_target_agent_s ta[0];
-};
-
-struct omap_l4_s *omap_l4_init(MemoryRegion *address_space,
- hwaddr base, int ta_num)
-{
- struct omap_l4_s *bus = g_malloc0(
- sizeof(*bus) + ta_num * sizeof(*bus->ta));
-
- bus->address_space = address_space;
- bus->ta_num = ta_num;
- bus->base = base;
-
- return bus;
-}
-
-hwaddr omap_l4_region_base(struct omap_target_agent_s *ta,
- int region)
-{
- return ta->bus->base + ta->start[region].offset;
-}
-
-hwaddr omap_l4_region_size(struct omap_target_agent_s *ta,
- int region)
-{
- return ta->start[region].size;
-}
-
-static uint64_t omap_l4ta_read(void *opaque, hwaddr addr,
- unsigned size)
-{
- struct omap_target_agent_s *s = (struct omap_target_agent_s *) opaque;
-
- if (size != 2) {
- return omap_badwidth_read16(opaque, addr);
- }
-
- switch (addr) {
- case 0x00: /* COMPONENT */
- return s->component;
-
- case 0x20: /* AGENT_CONTROL */
- return s->control;
-
- case 0x28: /* AGENT_STATUS */
- return s->status;
- }
-
- OMAP_BAD_REG(addr);
- return 0;
-}
-
-static void omap_l4ta_write(void *opaque, hwaddr addr,
- uint64_t value, unsigned size)
-{
- struct omap_target_agent_s *s = (struct omap_target_agent_s *) opaque;
-
- if (size != 4) {
- return omap_badwidth_write32(opaque, addr, value);
- }
-
- switch (addr) {
- case 0x00: /* COMPONENT */
- case 0x28: /* AGENT_STATUS */
- OMAP_RO_REG(addr);
- break;
-
- case 0x20: /* AGENT_CONTROL */
- s->control = value & 0x01000700;
- if (value & 1) /* OCP_RESET */
- s->status &= ~1; /* REQ_TIMEOUT */
- break;
-
- default:
- OMAP_BAD_REG(addr);
- }
-}
-
-static const MemoryRegionOps omap_l4ta_ops = {
- .read = omap_l4ta_read,
- .write = omap_l4ta_write,
- .endianness = DEVICE_NATIVE_ENDIAN,
-};
-
-struct omap_target_agent_s *omap_l4ta_get(struct omap_l4_s *bus,
- const struct omap_l4_region_s *regions,
- const struct omap_l4_agent_info_s *agents,
- int cs)
-{
- int i;
- struct omap_target_agent_s *ta = NULL;
- const struct omap_l4_agent_info_s *info = NULL;
-
- for (i = 0; i < bus->ta_num; i ++)
- if (agents[i].ta == cs) {
- ta = &bus->ta[i];
- info = &agents[i];
- break;
- }
- if (!ta) {
- fprintf(stderr, "%s: bad target agent (%i)\n", __FUNCTION__, cs);
- exit(-1);
- }
-
- ta->bus = bus;
- ta->start = &regions[info->region];
- ta->regions = info->regions;
-
- ta->component = ('Q' << 24) | ('E' << 16) | ('M' << 8) | ('U' << 0);
- ta->status = 0x00000000;
- ta->control = 0x00000200; /* XXX 01000200 for L4TAO */
-
- memory_region_init_io(&ta->iomem, &omap_l4ta_ops, ta, "omap.l4ta",
- omap_l4_region_size(ta, info->ta_region));
- omap_l4_attach(ta, info->ta_region, &ta->iomem);
-
- return ta;
-}
-
-hwaddr omap_l4_attach(struct omap_target_agent_s *ta,
- int region, MemoryRegion *mr)
-{
- hwaddr base;
-
- if (region < 0 || region >= ta->regions) {
- fprintf(stderr, "%s: bad io region (%i)\n", __FUNCTION__, region);
- exit(-1);
- }
-
- base = ta->bus->base + ta->start[region].offset;
- if (mr) {
- memory_region_add_subregion(ta->bus->address_space, base, mr);
- }
-
- return base;
-}
diff --git a/hw/omap_lcdc.c b/hw/omap_lcdc.c
deleted file mode 100644
index d7ae3032b..000000000
--- a/hw/omap_lcdc.c
+++ /dev/null
@@ -1,489 +0,0 @@
-/*
- * OMAP LCD controller.
- *
- * Copyright (C) 2006-2007 Andrzej Zaborowski <balrog@zabor.org>
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License as
- * published by the Free Software Foundation; either version 2 of
- * the License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, see <http://www.gnu.org/licenses/>.
- */
-#include "hw.h"
-#include "console.h"
-#include "omap.h"
-#include "framebuffer.h"
-
-struct omap_lcd_panel_s {
- MemoryRegion *sysmem;
- MemoryRegion iomem;
- qemu_irq irq;
- DisplayState *state;
-
- int plm;
- int tft;
- int mono;
- int enable;
- int width;
- int height;
- int interrupts;
- uint32_t timing[3];
- uint32_t subpanel;
- uint32_t ctrl;
-
- struct omap_dma_lcd_channel_s *dma;
- uint16_t palette[256];
- int palette_done;
- int frame_done;
- int invalidate;
- int sync_error;
-};
-
-static void omap_lcd_interrupts(struct omap_lcd_panel_s *s)
-{
- if (s->frame_done && (s->interrupts & 1)) {
- qemu_irq_raise(s->irq);
- return;
- }
-
- if (s->palette_done && (s->interrupts & 2)) {
- qemu_irq_raise(s->irq);
- return;
- }
-
- if (s->sync_error) {
- qemu_irq_raise(s->irq);
- return;
- }
-
- qemu_irq_lower(s->irq);
-}
-
-#include "pixel_ops.h"
-
-#define draw_line_func drawfn
-
-#define DEPTH 8
-#include "omap_lcd_template.h"
-#define DEPTH 15
-#include "omap_lcd_template.h"
-#define DEPTH 16
-#include "omap_lcd_template.h"
-#define DEPTH 32
-#include "omap_lcd_template.h"
-
-static draw_line_func draw_line_table2[33] = {
- [0 ... 32] = NULL,
- [8] = draw_line2_8,
- [15] = draw_line2_15,
- [16] = draw_line2_16,
- [32] = draw_line2_32,
-}, draw_line_table4[33] = {
- [0 ... 32] = NULL,
- [8] = draw_line4_8,
- [15] = draw_line4_15,
- [16] = draw_line4_16,
- [32] = draw_line4_32,
-}, draw_line_table8[33] = {
- [0 ... 32] = NULL,
- [8] = draw_line8_8,
- [15] = draw_line8_15,
- [16] = draw_line8_16,
- [32] = draw_line8_32,
-}, draw_line_table12[33] = {
- [0 ... 32] = NULL,
- [8] = draw_line12_8,
- [15] = draw_line12_15,
- [16] = draw_line12_16,
- [32] = draw_line12_32,
-}, draw_line_table16[33] = {
- [0 ... 32] = NULL,
- [8] = draw_line16_8,
- [15] = draw_line16_15,
- [16] = draw_line16_16,
- [32] = draw_line16_32,
-};
-
-static void omap_update_display(void *opaque)
-{
- struct omap_lcd_panel_s *omap_lcd = (struct omap_lcd_panel_s *) opaque;
- draw_line_func draw_line;
- int size, height, first, last;
- int width, linesize, step, bpp, frame_offset;
- hwaddr frame_base;
-
- if (!omap_lcd || omap_lcd->plm == 1 ||
- !omap_lcd->enable || !ds_get_bits_per_pixel(omap_lcd->state))
- return;
-
- frame_offset = 0;
- if (omap_lcd->plm != 2) {
- cpu_physical_memory_read(omap_lcd->dma->phys_framebuffer[
- omap_lcd->dma->current_frame],
- (void *)omap_lcd->palette, 0x200);
- switch (omap_lcd->palette[0] >> 12 & 7) {
- case 3 ... 7:
- frame_offset += 0x200;
- break;
- default:
- frame_offset += 0x20;
- }
- }
-
- /* Colour depth */
- switch ((omap_lcd->palette[0] >> 12) & 7) {
- case 1:
- draw_line = draw_line_table2[ds_get_bits_per_pixel(omap_lcd->state)];
- bpp = 2;
- break;
-
- case 2:
- draw_line = draw_line_table4[ds_get_bits_per_pixel(omap_lcd->state)];
- bpp = 4;
- break;
-
- case 3:
- draw_line = draw_line_table8[ds_get_bits_per_pixel(omap_lcd->state)];
- bpp = 8;
- break;
-
- case 4 ... 7:
- if (!omap_lcd->tft)
- draw_line = draw_line_table12[ds_get_bits_per_pixel(omap_lcd->state)];
- else
- draw_line = draw_line_table16[ds_get_bits_per_pixel(omap_lcd->state)];
- bpp = 16;
- break;
-
- default:
- /* Unsupported at the moment. */
- return;
- }
-
- /* Resolution */
- width = omap_lcd->width;
- if (width != ds_get_width(omap_lcd->state) ||
- omap_lcd->height != ds_get_height(omap_lcd->state)) {
- qemu_console_resize(omap_lcd->state,
- omap_lcd->width, omap_lcd->height);
- omap_lcd->invalidate = 1;
- }
-
- if (omap_lcd->dma->current_frame == 0)
- size = omap_lcd->dma->src_f1_bottom - omap_lcd->dma->src_f1_top;
- else
- size = omap_lcd->dma->src_f2_bottom - omap_lcd->dma->src_f2_top;
-
- if (frame_offset + ((width * omap_lcd->height * bpp) >> 3) > size + 2) {
- omap_lcd->sync_error = 1;
- omap_lcd_interrupts(omap_lcd);
- omap_lcd->enable = 0;
- return;
- }
-
- /* Content */
- frame_base = omap_lcd->dma->phys_framebuffer[
- omap_lcd->dma->current_frame] + frame_offset;
- omap_lcd->dma->condition |= 1 << omap_lcd->dma->current_frame;
- if (omap_lcd->dma->interrupts & 1)
- qemu_irq_raise(omap_lcd->dma->irq);
- if (omap_lcd->dma->dual)
- omap_lcd->dma->current_frame ^= 1;
-
- if (!ds_get_bits_per_pixel(omap_lcd->state))
- return;
-
- first = 0;
- height = omap_lcd->height;
- if (omap_lcd->subpanel & (1 << 31)) {
- if (omap_lcd->subpanel & (1 << 29))
- first = (omap_lcd->subpanel >> 16) & 0x3ff;
- else
- height = (omap_lcd->subpanel >> 16) & 0x3ff;
- /* TODO: fill the rest of the panel with DPD */
- }
-
- step = width * bpp >> 3;
- linesize = ds_get_linesize(omap_lcd->state);
- framebuffer_update_display(omap_lcd->state, omap_lcd->sysmem,
- frame_base, width, height,
- step, linesize, 0,
- omap_lcd->invalidate,
- draw_line, omap_lcd->palette,
- &first, &last);
- if (first >= 0) {
- dpy_gfx_update(omap_lcd->state, 0, first, width, last - first + 1);
- }
- omap_lcd->invalidate = 0;
-}
-
-static void omap_ppm_save(const char *filename, uint8_t *data,
- int w, int h, int linesize, Error **errp)
-{
- FILE *f;
- uint8_t *d, *d1;
- unsigned int v;
- int ret, y, x, bpp;
-
- f = fopen(filename, "wb");
- if (!f) {
- error_setg(errp, "failed to open file '%s': %s", filename,
- strerror(errno));
- return;
- }
- ret = fprintf(f, "P6\n%d %d\n%d\n", w, h, 255);
- if (ret < 0) {
- goto write_err;
- }
- d1 = data;
- bpp = linesize / w;
- for (y = 0; y < h; y ++) {
- d = d1;
- for (x = 0; x < w; x ++) {
- v = *(uint32_t *) d;
- switch (bpp) {
- case 2:
- ret = fputc((v >> 8) & 0xf8, f);
- if (ret == EOF) {
- goto write_err;
- }
- ret = fputc((v >> 3) & 0xfc, f);
- if (ret == EOF) {
- goto write_err;
- }
- ret = fputc((v << 3) & 0xf8, f);
- if (ret == EOF) {
- goto write_err;
- }
- break;
- case 3:
- case 4:
- default:
- ret = fputc((v >> 16) & 0xff, f);
- if (ret == EOF) {
- goto write_err;
- }
- ret = fputc((v >> 8) & 0xff, f);
- if (ret == EOF) {
- goto write_err;
- }
- ret = fputc((v) & 0xff, f);
- if (ret == EOF) {
- goto write_err;
- }
- break;
- }
- d += bpp;
- }
- d1 += linesize;
- }
-out:
- fclose(f);
- return;
-
-write_err:
- error_setg(errp, "failed to write to file '%s': %s", filename,
- strerror(errno));
- unlink(filename);
- goto out;
-}
-
-static void omap_screen_dump(void *opaque, const char *filename, bool cswitch,
- Error **errp)
-{
- struct omap_lcd_panel_s *omap_lcd = opaque;
-
- omap_update_display(opaque);
- if (omap_lcd && ds_get_data(omap_lcd->state))
- omap_ppm_save(filename, ds_get_data(omap_lcd->state),
- omap_lcd->width, omap_lcd->height,
- ds_get_linesize(omap_lcd->state), errp);
-}
-
-static void omap_invalidate_display(void *opaque) {
- struct omap_lcd_panel_s *omap_lcd = opaque;
- omap_lcd->invalidate = 1;
-}
-
-static void omap_lcd_update(struct omap_lcd_panel_s *s) {
- if (!s->enable) {
- s->dma->current_frame = -1;
- s->sync_error = 0;
- if (s->plm != 1)
- s->frame_done = 1;
- omap_lcd_interrupts(s);
- return;
- }
-
- if (s->dma->current_frame == -1) {
- s->frame_done = 0;
- s->palette_done = 0;
- s->dma->current_frame = 0;
- }
-
- if (!s->dma->mpu->port[s->dma->src].addr_valid(s->dma->mpu,
- s->dma->src_f1_top) ||
- !s->dma->mpu->port[
- s->dma->src].addr_valid(s->dma->mpu,
- s->dma->src_f1_bottom) ||
- (s->dma->dual &&
- (!s->dma->mpu->port[
- s->dma->src].addr_valid(s->dma->mpu,
- s->dma->src_f2_top) ||
- !s->dma->mpu->port[
- s->dma->src].addr_valid(s->dma->mpu,
- s->dma->src_f2_bottom)))) {
- s->dma->condition |= 1 << 2;
- if (s->dma->interrupts & (1 << 1))
- qemu_irq_raise(s->dma->irq);
- s->enable = 0;
- return;
- }
-
- s->dma->phys_framebuffer[0] = s->dma->src_f1_top;
- s->dma->phys_framebuffer[1] = s->dma->src_f2_top;
-
- if (s->plm != 2 && !s->palette_done) {
- cpu_physical_memory_read(
- s->dma->phys_framebuffer[s->dma->current_frame],
- (void *)s->palette, 0x200);
- s->palette_done = 1;
- omap_lcd_interrupts(s);
- }
-}
-
-static uint64_t omap_lcdc_read(void *opaque, hwaddr addr,
- unsigned size)
-{
- struct omap_lcd_panel_s *s = (struct omap_lcd_panel_s *) opaque;
-
- switch (addr) {
- case 0x00: /* LCD_CONTROL */
- return (s->tft << 23) | (s->plm << 20) |
- (s->tft << 7) | (s->interrupts << 3) |
- (s->mono << 1) | s->enable | s->ctrl | 0xfe000c34;
-
- case 0x04: /* LCD_TIMING0 */
- return (s->timing[0] << 10) | (s->width - 1) | 0x0000000f;
-
- case 0x08: /* LCD_TIMING1 */
- return (s->timing[1] << 10) | (s->height - 1);
-
- case 0x0c: /* LCD_TIMING2 */
- return s->timing[2] | 0xfc000000;
-
- case 0x10: /* LCD_STATUS */
- return (s->palette_done << 6) | (s->sync_error << 2) | s->frame_done;
-
- case 0x14: /* LCD_SUBPANEL */
- return s->subpanel;
-
- default:
- break;
- }
- OMAP_BAD_REG(addr);
- return 0;
-}
-
-static void omap_lcdc_write(void *opaque, hwaddr addr,
- uint64_t value, unsigned size)
-{
- struct omap_lcd_panel_s *s = (struct omap_lcd_panel_s *) opaque;
-
- switch (addr) {
- case 0x00: /* LCD_CONTROL */
- s->plm = (value >> 20) & 3;
- s->tft = (value >> 7) & 1;
- s->interrupts = (value >> 3) & 3;
- s->mono = (value >> 1) & 1;
- s->ctrl = value & 0x01cff300;
- if (s->enable != (value & 1)) {
- s->enable = value & 1;
- omap_lcd_update(s);
- }
- break;
-
- case 0x04: /* LCD_TIMING0 */
- s->timing[0] = value >> 10;
- s->width = (value & 0x3ff) + 1;
- break;
-
- case 0x08: /* LCD_TIMING1 */
- s->timing[1] = value >> 10;
- s->height = (value & 0x3ff) + 1;
- break;
-
- case 0x0c: /* LCD_TIMING2 */
- s->timing[2] = value;
- break;
-
- case 0x10: /* LCD_STATUS */
- break;
-
- case 0x14: /* LCD_SUBPANEL */
- s->subpanel = value & 0xa1ffffff;
- break;
-
- default:
- OMAP_BAD_REG(addr);
- }
-}
-
-static const MemoryRegionOps omap_lcdc_ops = {
- .read = omap_lcdc_read,
- .write = omap_lcdc_write,
- .endianness = DEVICE_NATIVE_ENDIAN,
-};
-
-void omap_lcdc_reset(struct omap_lcd_panel_s *s)
-{
- s->dma->current_frame = -1;
- s->plm = 0;
- s->tft = 0;
- s->mono = 0;
- s->enable = 0;
- s->width = 0;
- s->height = 0;
- s->interrupts = 0;
- s->timing[0] = 0;
- s->timing[1] = 0;
- s->timing[2] = 0;
- s->subpanel = 0;
- s->palette_done = 0;
- s->frame_done = 0;
- s->sync_error = 0;
- s->invalidate = 1;
- s->subpanel = 0;
- s->ctrl = 0;
-}
-
-struct omap_lcd_panel_s *omap_lcdc_init(MemoryRegion *sysmem,
- hwaddr base,
- qemu_irq irq,
- struct omap_dma_lcd_channel_s *dma,
- omap_clk clk)
-{
- struct omap_lcd_panel_s *s = (struct omap_lcd_panel_s *)
- g_malloc0(sizeof(struct omap_lcd_panel_s));
-
- s->irq = irq;
- s->dma = dma;
- s->sysmem = sysmem;
- omap_lcdc_reset(s);
-
- memory_region_init_io(&s->iomem, &omap_lcdc_ops, s, "omap.lcdc", 0x100);
- memory_region_add_subregion(sysmem, base, &s->iomem);
-
- s->state = graphic_console_init(omap_update_display,
- omap_invalidate_display,
- omap_screen_dump, NULL, s);
-
- return s;
-}
diff --git a/hw/omap_mmc.c b/hw/omap_mmc.c
deleted file mode 100644
index 7ecd9bd4c..000000000
--- a/hw/omap_mmc.c
+++ /dev/null
@@ -1,641 +0,0 @@
-/*
- * OMAP on-chip MMC/SD host emulation.
- *
- * Copyright (C) 2006-2007 Andrzej Zaborowski <balrog@zabor.org>
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License as
- * published by the Free Software Foundation; either version 2 or
- * (at your option) version 3 of the License.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, see <http://www.gnu.org/licenses/>.
- */
-#include "hw.h"
-#include "omap.h"
-#include "sd.h"
-
-struct omap_mmc_s {
- qemu_irq irq;
- qemu_irq *dma;
- qemu_irq coverswitch;
- MemoryRegion iomem;
- omap_clk clk;
- SDState *card;
- uint16_t last_cmd;
- uint16_t sdio;
- uint16_t rsp[8];
- uint32_t arg;
- int lines;
- int dw;
- int mode;
- int enable;
- int be;
- int rev;
- uint16_t status;
- uint16_t mask;
- uint8_t cto;
- uint16_t dto;
- int clkdiv;
- uint16_t fifo[32];
- int fifo_start;
- int fifo_len;
- uint16_t blen;
- uint16_t blen_counter;
- uint16_t nblk;
- uint16_t nblk_counter;
- int tx_dma;
- int rx_dma;
- int af_level;
- int ae_level;
-
- int ddir;
- int transfer;
-
- int cdet_wakeup;
- int cdet_enable;
- int cdet_state;
- qemu_irq cdet;
-};
-
-static void omap_mmc_interrupts_update(struct omap_mmc_s *s)
-{
- qemu_set_irq(s->irq, !!(s->status & s->mask));
-}
-
-static void omap_mmc_fifolevel_update(struct omap_mmc_s *host)
-{
- if (!host->transfer && !host->fifo_len) {
- host->status &= 0xf3ff;
- return;
- }
-
- if (host->fifo_len > host->af_level && host->ddir) {
- if (host->rx_dma) {
- host->status &= 0xfbff;
- qemu_irq_raise(host->dma[1]);
- } else
- host->status |= 0x0400;
- } else {
- host->status &= 0xfbff;
- qemu_irq_lower(host->dma[1]);
- }
-
- if (host->fifo_len < host->ae_level && !host->ddir) {
- if (host->tx_dma) {
- host->status &= 0xf7ff;
- qemu_irq_raise(host->dma[0]);
- } else
- host->status |= 0x0800;
- } else {
- qemu_irq_lower(host->dma[0]);
- host->status &= 0xf7ff;
- }
-}
-
-typedef enum {
- sd_nore = 0, /* no response */
- sd_r1, /* normal response command */
- sd_r2, /* CID, CSD registers */
- sd_r3, /* OCR register */
- sd_r6 = 6, /* Published RCA response */
- sd_r1b = -1,
-} sd_rsp_type_t;
-
-static void omap_mmc_command(struct omap_mmc_s *host, int cmd, int dir,
- sd_cmd_type_t type, int busy, sd_rsp_type_t resptype, int init)
-{
- uint32_t rspstatus, mask;
- int rsplen, timeout;
- SDRequest request;
- uint8_t response[16];
-
- if (init && cmd == 0) {
- host->status |= 0x0001;
- return;
- }
-
- if (resptype == sd_r1 && busy)
- resptype = sd_r1b;
-
- if (type == sd_adtc) {
- host->fifo_start = 0;
- host->fifo_len = 0;
- host->transfer = 1;
- host->ddir = dir;
- } else
- host->transfer = 0;
- timeout = 0;
- mask = 0;
- rspstatus = 0;
-
- request.cmd = cmd;
- request.arg = host->arg;
- request.crc = 0; /* FIXME */
-
- rsplen = sd_do_command(host->card, &request, response);
-
- /* TODO: validate CRCs */
- switch (resptype) {
- case sd_nore:
- rsplen = 0;
- break;
-
- case sd_r1:
- case sd_r1b:
- if (rsplen < 4) {
- timeout = 1;
- break;
- }
- rsplen = 4;
-
- mask = OUT_OF_RANGE | ADDRESS_ERROR | BLOCK_LEN_ERROR |
- ERASE_SEQ_ERROR | ERASE_PARAM | WP_VIOLATION |
- LOCK_UNLOCK_FAILED | COM_CRC_ERROR | ILLEGAL_COMMAND |
- CARD_ECC_FAILED | CC_ERROR | SD_ERROR |
- CID_CSD_OVERWRITE;
- if (host->sdio & (1 << 13))
- mask |= AKE_SEQ_ERROR;
- rspstatus = (response[0] << 24) | (response[1] << 16) |
- (response[2] << 8) | (response[3] << 0);
- break;
-
- case sd_r2:
- if (rsplen < 16) {
- timeout = 1;
- break;
- }
- rsplen = 16;
- break;
-
- case sd_r3:
- if (rsplen < 4) {
- timeout = 1;
- break;
- }
- rsplen = 4;
-
- rspstatus = (response[0] << 24) | (response[1] << 16) |
- (response[2] << 8) | (response[3] << 0);
- if (rspstatus & 0x80000000)
- host->status &= 0xe000;
- else
- host->status |= 0x1000;
- break;
-
- case sd_r6:
- if (rsplen < 4) {
- timeout = 1;
- break;
- }
- rsplen = 4;
-
- mask = 0xe000 | AKE_SEQ_ERROR;
- rspstatus = (response[2] << 8) | (response[3] << 0);
- }
-
- if (rspstatus & mask)
- host->status |= 0x4000;
- else
- host->status &= 0xb000;
-
- if (rsplen)
- for (rsplen = 0; rsplen < 8; rsplen ++)
- host->rsp[~rsplen & 7] = response[(rsplen << 1) | 1] |
- (response[(rsplen << 1) | 0] << 8);
-
- if (timeout)
- host->status |= 0x0080;
- else if (cmd == 12)
- host->status |= 0x0005; /* Makes it more real */
- else
- host->status |= 0x0001;
-}
-
-static void omap_mmc_transfer(struct omap_mmc_s *host)
-{
- uint8_t value;
-
- if (!host->transfer)
- return;
-
- while (1) {
- if (host->ddir) {
- if (host->fifo_len > host->af_level)
- break;
-
- value = sd_read_data(host->card);
- host->fifo[(host->fifo_start + host->fifo_len) & 31] = value;
- if (-- host->blen_counter) {
- value = sd_read_data(host->card);
- host->fifo[(host->fifo_start + host->fifo_len) & 31] |=
- value << 8;
- host->blen_counter --;
- }
-
- host->fifo_len ++;
- } else {
- if (!host->fifo_len)
- break;
-
- value = host->fifo[host->fifo_start] & 0xff;
- sd_write_data(host->card, value);
- if (-- host->blen_counter) {
- value = host->fifo[host->fifo_start] >> 8;
- sd_write_data(host->card, value);
- host->blen_counter --;
- }
-
- host->fifo_start ++;
- host->fifo_len --;
- host->fifo_start &= 31;
- }
-
- if (host->blen_counter == 0) {
- host->nblk_counter --;
- host->blen_counter = host->blen;
-
- if (host->nblk_counter == 0) {
- host->nblk_counter = host->nblk;
- host->transfer = 0;
- host->status |= 0x0008;
- break;
- }
- }
- }
-}
-
-static void omap_mmc_update(void *opaque)
-{
- struct omap_mmc_s *s = opaque;
- omap_mmc_transfer(s);
- omap_mmc_fifolevel_update(s);
- omap_mmc_interrupts_update(s);
-}
-
-void omap_mmc_reset(struct omap_mmc_s *host)
-{
- host->last_cmd = 0;
- memset(host->rsp, 0, sizeof(host->rsp));
- host->arg = 0;
- host->dw = 0;
- host->mode = 0;
- host->enable = 0;
- host->status = 0;
- host->mask = 0;
- host->cto = 0;
- host->dto = 0;
- host->fifo_len = 0;
- host->blen = 0;
- host->blen_counter = 0;
- host->nblk = 0;
- host->nblk_counter = 0;
- host->tx_dma = 0;
- host->rx_dma = 0;
- host->ae_level = 0x00;
- host->af_level = 0x1f;
- host->transfer = 0;
- host->cdet_wakeup = 0;
- host->cdet_enable = 0;
- qemu_set_irq(host->coverswitch, host->cdet_state);
- host->clkdiv = 0;
-}
-
-static uint64_t omap_mmc_read(void *opaque, hwaddr offset,
- unsigned size)
-{
- uint16_t i;
- struct omap_mmc_s *s = (struct omap_mmc_s *) opaque;
-
- if (size != 2) {
- return omap_badwidth_read16(opaque, offset);
- }
-
- switch (offset) {
- case 0x00: /* MMC_CMD */
- return s->last_cmd;
-
- case 0x04: /* MMC_ARGL */
- return s->arg & 0x0000ffff;
-
- case 0x08: /* MMC_ARGH */
- return s->arg >> 16;
-
- case 0x0c: /* MMC_CON */
- return (s->dw << 15) | (s->mode << 12) | (s->enable << 11) |
- (s->be << 10) | s->clkdiv;
-
- case 0x10: /* MMC_STAT */
- return s->status;
-
- case 0x14: /* MMC_IE */
- return s->mask;
-
- case 0x18: /* MMC_CTO */
- return s->cto;
-
- case 0x1c: /* MMC_DTO */
- return s->dto;
-
- case 0x20: /* MMC_DATA */
- /* TODO: support 8-bit access */
- i = s->fifo[s->fifo_start];
- if (s->fifo_len == 0) {
- printf("MMC: FIFO underrun\n");
- return i;
- }
- s->fifo_start ++;
- s->fifo_len --;
- s->fifo_start &= 31;
- omap_mmc_transfer(s);
- omap_mmc_fifolevel_update(s);
- omap_mmc_interrupts_update(s);
- return i;
-
- case 0x24: /* MMC_BLEN */
- return s->blen_counter;
-
- case 0x28: /* MMC_NBLK */
- return s->nblk_counter;
-
- case 0x2c: /* MMC_BUF */
- return (s->rx_dma << 15) | (s->af_level << 8) |
- (s->tx_dma << 7) | s->ae_level;
-
- case 0x30: /* MMC_SPI */
- return 0x0000;
- case 0x34: /* MMC_SDIO */
- return (s->cdet_wakeup << 2) | (s->cdet_enable) | s->sdio;
- case 0x38: /* MMC_SYST */
- return 0x0000;
-
- case 0x3c: /* MMC_REV */
- return s->rev;
-
- case 0x40: /* MMC_RSP0 */
- case 0x44: /* MMC_RSP1 */
- case 0x48: /* MMC_RSP2 */
- case 0x4c: /* MMC_RSP3 */
- case 0x50: /* MMC_RSP4 */
- case 0x54: /* MMC_RSP5 */
- case 0x58: /* MMC_RSP6 */
- case 0x5c: /* MMC_RSP7 */
- return s->rsp[(offset - 0x40) >> 2];
-
- /* OMAP2-specific */
- case 0x60: /* MMC_IOSR */
- case 0x64: /* MMC_SYSC */
- return 0;
- case 0x68: /* MMC_SYSS */
- return 1; /* RSTD */
- }
-
- OMAP_BAD_REG(offset);
- return 0;
-}
-
-static void omap_mmc_write(void *opaque, hwaddr offset,
- uint64_t value, unsigned size)
-{
- int i;
- struct omap_mmc_s *s = (struct omap_mmc_s *) opaque;
-
- if (size != 2) {
- return omap_badwidth_write16(opaque, offset, value);
- }
-
- switch (offset) {
- case 0x00: /* MMC_CMD */
- if (!s->enable)
- break;
-
- s->last_cmd = value;
- for (i = 0; i < 8; i ++)
- s->rsp[i] = 0x0000;
- omap_mmc_command(s, value & 63, (value >> 15) & 1,
- (sd_cmd_type_t) ((value >> 12) & 3),
- (value >> 11) & 1,
- (sd_rsp_type_t) ((value >> 8) & 7),
- (value >> 7) & 1);
- omap_mmc_update(s);
- break;
-
- case 0x04: /* MMC_ARGL */
- s->arg &= 0xffff0000;
- s->arg |= 0x0000ffff & value;
- break;
-
- case 0x08: /* MMC_ARGH */
- s->arg &= 0x0000ffff;
- s->arg |= value << 16;
- break;
-
- case 0x0c: /* MMC_CON */
- s->dw = (value >> 15) & 1;
- s->mode = (value >> 12) & 3;
- s->enable = (value >> 11) & 1;
- s->be = (value >> 10) & 1;
- s->clkdiv = (value >> 0) & (s->rev >= 2 ? 0x3ff : 0xff);
- if (s->mode != 0)
- printf("SD mode %i unimplemented!\n", s->mode);
- if (s->be != 0)
- printf("SD FIFO byte sex unimplemented!\n");
- if (s->dw != 0 && s->lines < 4)
- printf("4-bit SD bus enabled\n");
- if (!s->enable)
- omap_mmc_reset(s);
- break;
-
- case 0x10: /* MMC_STAT */
- s->status &= ~value;
- omap_mmc_interrupts_update(s);
- break;
-
- case 0x14: /* MMC_IE */
- s->mask = value & 0x7fff;
- omap_mmc_interrupts_update(s);
- break;
-
- case 0x18: /* MMC_CTO */
- s->cto = value & 0xff;
- if (s->cto > 0xfd && s->rev <= 1)
- printf("MMC: CTO of 0xff and 0xfe cannot be used!\n");
- break;
-
- case 0x1c: /* MMC_DTO */
- s->dto = value & 0xffff;
- break;
-
- case 0x20: /* MMC_DATA */
- /* TODO: support 8-bit access */
- if (s->fifo_len == 32)
- break;
- s->fifo[(s->fifo_start + s->fifo_len) & 31] = value;
- s->fifo_len ++;
- omap_mmc_transfer(s);
- omap_mmc_fifolevel_update(s);
- omap_mmc_interrupts_update(s);
- break;
-
- case 0x24: /* MMC_BLEN */
- s->blen = (value & 0x07ff) + 1;
- s->blen_counter = s->blen;
- break;
-
- case 0x28: /* MMC_NBLK */
- s->nblk = (value & 0x07ff) + 1;
- s->nblk_counter = s->nblk;
- s->blen_counter = s->blen;
- break;
-
- case 0x2c: /* MMC_BUF */
- s->rx_dma = (value >> 15) & 1;
- s->af_level = (value >> 8) & 0x1f;
- s->tx_dma = (value >> 7) & 1;
- s->ae_level = value & 0x1f;
-
- if (s->rx_dma)
- s->status &= 0xfbff;
- if (s->tx_dma)
- s->status &= 0xf7ff;
- omap_mmc_fifolevel_update(s);
- omap_mmc_interrupts_update(s);
- break;
-
- /* SPI, SDIO and TEST modes unimplemented */
- case 0x30: /* MMC_SPI (OMAP1 only) */
- break;
- case 0x34: /* MMC_SDIO */
- s->sdio = value & (s->rev >= 2 ? 0xfbf3 : 0x2020);
- s->cdet_wakeup = (value >> 9) & 1;
- s->cdet_enable = (value >> 2) & 1;
- break;
- case 0x38: /* MMC_SYST */
- break;
-
- case 0x3c: /* MMC_REV */
- case 0x40: /* MMC_RSP0 */
- case 0x44: /* MMC_RSP1 */
- case 0x48: /* MMC_RSP2 */
- case 0x4c: /* MMC_RSP3 */
- case 0x50: /* MMC_RSP4 */
- case 0x54: /* MMC_RSP5 */
- case 0x58: /* MMC_RSP6 */
- case 0x5c: /* MMC_RSP7 */
- OMAP_RO_REG(offset);
- break;
-
- /* OMAP2-specific */
- case 0x60: /* MMC_IOSR */
- if (value & 0xf)
- printf("MMC: SDIO bits used!\n");
- break;
- case 0x64: /* MMC_SYSC */
- if (value & (1 << 2)) /* SRTS */
- omap_mmc_reset(s);
- break;
- case 0x68: /* MMC_SYSS */
- OMAP_RO_REG(offset);
- break;
-
- default:
- OMAP_BAD_REG(offset);
- }
-}
-
-static const MemoryRegionOps omap_mmc_ops = {
- .read = omap_mmc_read,
- .write = omap_mmc_write,
- .endianness = DEVICE_NATIVE_ENDIAN,
-};
-
-static void omap_mmc_cover_cb(void *opaque, int line, int level)
-{
- struct omap_mmc_s *host = (struct omap_mmc_s *) opaque;
-
- if (!host->cdet_state && level) {
- host->status |= 0x0002;
- omap_mmc_interrupts_update(host);
- if (host->cdet_wakeup) {
- /* TODO: Assert wake-up */
- }
- }
-
- if (host->cdet_state != level) {
- qemu_set_irq(host->coverswitch, level);
- host->cdet_state = level;
- }
-}
-
-struct omap_mmc_s *omap_mmc_init(hwaddr base,
- MemoryRegion *sysmem,
- BlockDriverState *bd,
- qemu_irq irq, qemu_irq dma[], omap_clk clk)
-{
- struct omap_mmc_s *s = (struct omap_mmc_s *)
- g_malloc0(sizeof(struct omap_mmc_s));
-
- s->irq = irq;
- s->dma = dma;
- s->clk = clk;
- s->lines = 1; /* TODO: needs to be settable per-board */
- s->rev = 1;
-
- omap_mmc_reset(s);
-
- memory_region_init_io(&s->iomem, &omap_mmc_ops, s, "omap.mmc", 0x800);
- memory_region_add_subregion(sysmem, base, &s->iomem);
-
- /* Instantiate the storage */
- s->card = sd_init(bd, 0);
-
- return s;
-}
-
-struct omap_mmc_s *omap2_mmc_init(struct omap_target_agent_s *ta,
- BlockDriverState *bd, qemu_irq irq, qemu_irq dma[],
- omap_clk fclk, omap_clk iclk)
-{
- struct omap_mmc_s *s = (struct omap_mmc_s *)
- g_malloc0(sizeof(struct omap_mmc_s));
-
- s->irq = irq;
- s->dma = dma;
- s->clk = fclk;
- s->lines = 4;
- s->rev = 2;
-
- omap_mmc_reset(s);
-
- memory_region_init_io(&s->iomem, &omap_mmc_ops, s, "omap.mmc",
- omap_l4_region_size(ta, 0));
- omap_l4_attach(ta, 0, &s->iomem);
-
- /* Instantiate the storage */
- s->card = sd_init(bd, 0);
-
- s->cdet = qemu_allocate_irqs(omap_mmc_cover_cb, s, 1)[0];
- sd_set_cb(s->card, NULL, s->cdet);
-
- return s;
-}
-
-void omap_mmc_handlers(struct omap_mmc_s *s, qemu_irq ro, qemu_irq cover)
-{
- if (s->cdet) {
- sd_set_cb(s->card, ro, s->cdet);
- s->coverswitch = cover;
- qemu_set_irq(cover, s->cdet_state);
- } else
- sd_set_cb(s->card, ro, cover);
-}
-
-void omap_mmc_enable(struct omap_mmc_s *s, int enable)
-{
- sd_enable(s->card, enable);
-}
diff --git a/hw/omap_sdrc.c b/hw/omap_sdrc.c
deleted file mode 100644
index b0f3b8e67..000000000
--- a/hw/omap_sdrc.c
+++ /dev/null
@@ -1,168 +0,0 @@
-/*
- * TI OMAP SDRAM controller emulation.
- *
- * Copyright (C) 2007-2008 Nokia Corporation
- * Written by Andrzej Zaborowski <andrew@openedhand.com>
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License as
- * published by the Free Software Foundation; either version 2 or
- * (at your option) any later version of the License.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, see <http://www.gnu.org/licenses/>.
- */
-#include "hw.h"
-#include "omap.h"
-
-/* SDRAM Controller Subsystem */
-struct omap_sdrc_s {
- MemoryRegion iomem;
- uint8_t config;
-};
-
-void omap_sdrc_reset(struct omap_sdrc_s *s)
-{
- s->config = 0x10;
-}
-
-static uint64_t omap_sdrc_read(void *opaque, hwaddr addr,
- unsigned size)
-{
- struct omap_sdrc_s *s = (struct omap_sdrc_s *) opaque;
-
- if (size != 4) {
- return omap_badwidth_read32(opaque, addr);
- }
-
- switch (addr) {
- case 0x00: /* SDRC_REVISION */
- return 0x20;
-
- case 0x10: /* SDRC_SYSCONFIG */
- return s->config;
-
- case 0x14: /* SDRC_SYSSTATUS */
- return 1; /* RESETDONE */
-
- case 0x40: /* SDRC_CS_CFG */
- case 0x44: /* SDRC_SHARING */
- case 0x48: /* SDRC_ERR_ADDR */
- case 0x4c: /* SDRC_ERR_TYPE */
- case 0x60: /* SDRC_DLLA_SCTRL */
- case 0x64: /* SDRC_DLLA_STATUS */
- case 0x68: /* SDRC_DLLB_CTRL */
- case 0x6c: /* SDRC_DLLB_STATUS */
- case 0x70: /* SDRC_POWER */
- case 0x80: /* SDRC_MCFG_0 */
- case 0x84: /* SDRC_MR_0 */
- case 0x88: /* SDRC_EMR1_0 */
- case 0x8c: /* SDRC_EMR2_0 */
- case 0x90: /* SDRC_EMR3_0 */
- case 0x94: /* SDRC_DCDL1_CTRL */
- case 0x98: /* SDRC_DCDL2_CTRL */
- case 0x9c: /* SDRC_ACTIM_CTRLA_0 */
- case 0xa0: /* SDRC_ACTIM_CTRLB_0 */
- case 0xa4: /* SDRC_RFR_CTRL_0 */
- case 0xa8: /* SDRC_MANUAL_0 */
- case 0xb0: /* SDRC_MCFG_1 */
- case 0xb4: /* SDRC_MR_1 */
- case 0xb8: /* SDRC_EMR1_1 */
- case 0xbc: /* SDRC_EMR2_1 */
- case 0xc0: /* SDRC_EMR3_1 */
- case 0xc4: /* SDRC_ACTIM_CTRLA_1 */
- case 0xc8: /* SDRC_ACTIM_CTRLB_1 */
- case 0xd4: /* SDRC_RFR_CTRL_1 */
- case 0xd8: /* SDRC_MANUAL_1 */
- return 0x00;
- }
-
- OMAP_BAD_REG(addr);
- return 0;
-}
-
-static void omap_sdrc_write(void *opaque, hwaddr addr,
- uint64_t value, unsigned size)
-{
- struct omap_sdrc_s *s = (struct omap_sdrc_s *) opaque;
-
- if (size != 4) {
- return omap_badwidth_write32(opaque, addr, value);
- }
-
- switch (addr) {
- case 0x00: /* SDRC_REVISION */
- case 0x14: /* SDRC_SYSSTATUS */
- case 0x48: /* SDRC_ERR_ADDR */
- case 0x64: /* SDRC_DLLA_STATUS */
- case 0x6c: /* SDRC_DLLB_STATUS */
- OMAP_RO_REG(addr);
- return;
-
- case 0x10: /* SDRC_SYSCONFIG */
- if ((value >> 3) != 0x2)
- fprintf(stderr, "%s: bad SDRAM idle mode %i\n",
- __FUNCTION__, (unsigned)value >> 3);
- if (value & 2)
- omap_sdrc_reset(s);
- s->config = value & 0x18;
- break;
-
- case 0x40: /* SDRC_CS_CFG */
- case 0x44: /* SDRC_SHARING */
- case 0x4c: /* SDRC_ERR_TYPE */
- case 0x60: /* SDRC_DLLA_SCTRL */
- case 0x68: /* SDRC_DLLB_CTRL */
- case 0x70: /* SDRC_POWER */
- case 0x80: /* SDRC_MCFG_0 */
- case 0x84: /* SDRC_MR_0 */
- case 0x88: /* SDRC_EMR1_0 */
- case 0x8c: /* SDRC_EMR2_0 */
- case 0x90: /* SDRC_EMR3_0 */
- case 0x94: /* SDRC_DCDL1_CTRL */
- case 0x98: /* SDRC_DCDL2_CTRL */
- case 0x9c: /* SDRC_ACTIM_CTRLA_0 */
- case 0xa0: /* SDRC_ACTIM_CTRLB_0 */
- case 0xa4: /* SDRC_RFR_CTRL_0 */
- case 0xa8: /* SDRC_MANUAL_0 */
- case 0xb0: /* SDRC_MCFG_1 */
- case 0xb4: /* SDRC_MR_1 */
- case 0xb8: /* SDRC_EMR1_1 */
- case 0xbc: /* SDRC_EMR2_1 */
- case 0xc0: /* SDRC_EMR3_1 */
- case 0xc4: /* SDRC_ACTIM_CTRLA_1 */
- case 0xc8: /* SDRC_ACTIM_CTRLB_1 */
- case 0xd4: /* SDRC_RFR_CTRL_1 */
- case 0xd8: /* SDRC_MANUAL_1 */
- break;
-
- default:
- OMAP_BAD_REG(addr);
- return;
- }
-}
-
-static const MemoryRegionOps omap_sdrc_ops = {
- .read = omap_sdrc_read,
- .write = omap_sdrc_write,
- .endianness = DEVICE_NATIVE_ENDIAN,
-};
-
-struct omap_sdrc_s *omap_sdrc_init(MemoryRegion *sysmem,
- hwaddr base)
-{
- struct omap_sdrc_s *s = (struct omap_sdrc_s *)
- g_malloc0(sizeof(struct omap_sdrc_s));
-
- omap_sdrc_reset(s);
-
- memory_region_init_io(&s->iomem, &omap_sdrc_ops, s, "omap.sdrc", 0x1000);
- memory_region_add_subregion(sysmem, base, &s->iomem);
-
- return s;
-}
diff --git a/hw/omap_spi.c b/hw/omap_spi.c
deleted file mode 100644
index 42d5149a2..000000000
--- a/hw/omap_spi.c
+++ /dev/null
@@ -1,349 +0,0 @@
-/*
- * TI OMAP processor's Multichannel SPI emulation.
- *
- * Copyright (C) 2007-2009 Nokia Corporation
- *
- * Original code for OMAP2 by Andrzej Zaborowski <andrew@openedhand.com>
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License as
- * published by the Free Software Foundation; either version 2 or
- * (at your option) any later version of the License.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
- */
-#include "hw.h"
-#include "omap.h"
-
-/* Multichannel SPI */
-struct omap_mcspi_s {
- MemoryRegion iomem;
- qemu_irq irq;
- int chnum;
-
- uint32_t sysconfig;
- uint32_t systest;
- uint32_t irqst;
- uint32_t irqen;
- uint32_t wken;
- uint32_t control;
-
- struct omap_mcspi_ch_s {
- qemu_irq txdrq;
- qemu_irq rxdrq;
- uint32_t (*txrx)(void *opaque, uint32_t, int);
- void *opaque;
-
- uint32_t tx;
- uint32_t rx;
-
- uint32_t config;
- uint32_t status;
- uint32_t control;
- } ch[4];
-};
-
-static inline void omap_mcspi_interrupt_update(struct omap_mcspi_s *s)
-{
- qemu_set_irq(s->irq, s->irqst & s->irqen);
-}
-
-static inline void omap_mcspi_dmarequest_update(struct omap_mcspi_ch_s *ch)
-{
- qemu_set_irq(ch->txdrq,
- (ch->control & 1) && /* EN */
- (ch->config & (1 << 14)) && /* DMAW */
- (ch->status & (1 << 1)) && /* TXS */
- ((ch->config >> 12) & 3) != 1); /* TRM */
- qemu_set_irq(ch->rxdrq,
- (ch->control & 1) && /* EN */
- (ch->config & (1 << 15)) && /* DMAW */
- (ch->status & (1 << 0)) && /* RXS */
- ((ch->config >> 12) & 3) != 2); /* TRM */
-}
-
-static void omap_mcspi_transfer_run(struct omap_mcspi_s *s, int chnum)
-{
- struct omap_mcspi_ch_s *ch = s->ch + chnum;
-
- if (!(ch->control & 1)) /* EN */
- return;
- if ((ch->status & (1 << 0)) && /* RXS */
- ((ch->config >> 12) & 3) != 2 && /* TRM */
- !(ch->config & (1 << 19))) /* TURBO */
- goto intr_update;
- if ((ch->status & (1 << 1)) && /* TXS */
- ((ch->config >> 12) & 3) != 1) /* TRM */
- goto intr_update;
-
- if (!(s->control & 1) || /* SINGLE */
- (ch->config & (1 << 20))) { /* FORCE */
- if (ch->txrx)
- ch->rx = ch->txrx(ch->opaque, ch->tx, /* WL */
- 1 + (0x1f & (ch->config >> 7)));
- }
-
- ch->tx = 0;
- ch->status |= 1 << 2; /* EOT */
- ch->status |= 1 << 1; /* TXS */
- if (((ch->config >> 12) & 3) != 2) /* TRM */
- ch->status |= 1 << 0; /* RXS */
-
-intr_update:
- if ((ch->status & (1 << 0)) && /* RXS */
- ((ch->config >> 12) & 3) != 2 && /* TRM */
- !(ch->config & (1 << 19))) /* TURBO */
- s->irqst |= 1 << (2 + 4 * chnum); /* RX_FULL */
- if ((ch->status & (1 << 1)) && /* TXS */
- ((ch->config >> 12) & 3) != 1) /* TRM */
- s->irqst |= 1 << (0 + 4 * chnum); /* TX_EMPTY */
- omap_mcspi_interrupt_update(s);
- omap_mcspi_dmarequest_update(ch);
-}
-
-void omap_mcspi_reset(struct omap_mcspi_s *s)
-{
- int ch;
-
- s->sysconfig = 0;
- s->systest = 0;
- s->irqst = 0;
- s->irqen = 0;
- s->wken = 0;
- s->control = 4;
-
- for (ch = 0; ch < 4; ch ++) {
- s->ch[ch].config = 0x060000;
- s->ch[ch].status = 2; /* TXS */
- s->ch[ch].control = 0;
-
- omap_mcspi_dmarequest_update(s->ch + ch);
- }
-
- omap_mcspi_interrupt_update(s);
-}
-
-static uint64_t omap_mcspi_read(void *opaque, hwaddr addr,
- unsigned size)
-{
- struct omap_mcspi_s *s = (struct omap_mcspi_s *) opaque;
- int ch = 0;
- uint32_t ret;
-
- if (size != 4) {
- return omap_badwidth_read32(opaque, addr);
- }
-
- switch (addr) {
- case 0x00: /* MCSPI_REVISION */
- return 0x91;
-
- case 0x10: /* MCSPI_SYSCONFIG */
- return s->sysconfig;
-
- case 0x14: /* MCSPI_SYSSTATUS */
- return 1; /* RESETDONE */
-
- case 0x18: /* MCSPI_IRQSTATUS */
- return s->irqst;
-
- case 0x1c: /* MCSPI_IRQENABLE */
- return s->irqen;
-
- case 0x20: /* MCSPI_WAKEUPENABLE */
- return s->wken;
-
- case 0x24: /* MCSPI_SYST */
- return s->systest;
-
- case 0x28: /* MCSPI_MODULCTRL */
- return s->control;
-
- case 0x68: ch ++;
- case 0x54: ch ++;
- case 0x40: ch ++;
- case 0x2c: /* MCSPI_CHCONF */
- return s->ch[ch].config;
-
- case 0x6c: ch ++;
- case 0x58: ch ++;
- case 0x44: ch ++;
- case 0x30: /* MCSPI_CHSTAT */
- return s->ch[ch].status;
-
- case 0x70: ch ++;
- case 0x5c: ch ++;
- case 0x48: ch ++;
- case 0x34: /* MCSPI_CHCTRL */
- return s->ch[ch].control;
-
- case 0x74: ch ++;
- case 0x60: ch ++;
- case 0x4c: ch ++;
- case 0x38: /* MCSPI_TX */
- return s->ch[ch].tx;
-
- case 0x78: ch ++;
- case 0x64: ch ++;
- case 0x50: ch ++;
- case 0x3c: /* MCSPI_RX */
- s->ch[ch].status &= ~(1 << 0); /* RXS */
- ret = s->ch[ch].rx;
- omap_mcspi_transfer_run(s, ch);
- return ret;
- }
-
- OMAP_BAD_REG(addr);
- return 0;
-}
-
-static void omap_mcspi_write(void *opaque, hwaddr addr,
- uint64_t value, unsigned size)
-{
- struct omap_mcspi_s *s = (struct omap_mcspi_s *) opaque;
- int ch = 0;
-
- if (size != 4) {
- return omap_badwidth_write32(opaque, addr, value);
- }
-
- switch (addr) {
- case 0x00: /* MCSPI_REVISION */
- case 0x14: /* MCSPI_SYSSTATUS */
- case 0x30: /* MCSPI_CHSTAT0 */
- case 0x3c: /* MCSPI_RX0 */
- case 0x44: /* MCSPI_CHSTAT1 */
- case 0x50: /* MCSPI_RX1 */
- case 0x58: /* MCSPI_CHSTAT2 */
- case 0x64: /* MCSPI_RX2 */
- case 0x6c: /* MCSPI_CHSTAT3 */
- case 0x78: /* MCSPI_RX3 */
- OMAP_RO_REG(addr);
- return;
-
- case 0x10: /* MCSPI_SYSCONFIG */
- if (value & (1 << 1)) /* SOFTRESET */
- omap_mcspi_reset(s);
- s->sysconfig = value & 0x31d;
- break;
-
- case 0x18: /* MCSPI_IRQSTATUS */
- if (!((s->control & (1 << 3)) && (s->systest & (1 << 11)))) {
- s->irqst &= ~value;
- omap_mcspi_interrupt_update(s);
- }
- break;
-
- case 0x1c: /* MCSPI_IRQENABLE */
- s->irqen = value & 0x1777f;
- omap_mcspi_interrupt_update(s);
- break;
-
- case 0x20: /* MCSPI_WAKEUPENABLE */
- s->wken = value & 1;
- break;
-
- case 0x24: /* MCSPI_SYST */
- if (s->control & (1 << 3)) /* SYSTEM_TEST */
- if (value & (1 << 11)) { /* SSB */
- s->irqst |= 0x1777f;
- omap_mcspi_interrupt_update(s);
- }
- s->systest = value & 0xfff;
- break;
-
- case 0x28: /* MCSPI_MODULCTRL */
- if (value & (1 << 3)) /* SYSTEM_TEST */
- if (s->systest & (1 << 11)) { /* SSB */
- s->irqst |= 0x1777f;
- omap_mcspi_interrupt_update(s);
- }
- s->control = value & 0xf;
- break;
-
- case 0x68: ch ++;
- case 0x54: ch ++;
- case 0x40: ch ++;
- case 0x2c: /* MCSPI_CHCONF */
- if ((value ^ s->ch[ch].config) & (3 << 14)) /* DMAR | DMAW */
- omap_mcspi_dmarequest_update(s->ch + ch);
- if (((value >> 12) & 3) == 3) /* TRM */
- fprintf(stderr, "%s: invalid TRM value (3)\n", __FUNCTION__);
- if (((value >> 7) & 0x1f) < 3) /* WL */
- fprintf(stderr, "%s: invalid WL value (%" PRIx64 ")\n",
- __FUNCTION__, (value >> 7) & 0x1f);
- s->ch[ch].config = value & 0x7fffff;
- break;
-
- case 0x70: ch ++;
- case 0x5c: ch ++;
- case 0x48: ch ++;
- case 0x34: /* MCSPI_CHCTRL */
- if (value & ~s->ch[ch].control & 1) { /* EN */
- s->ch[ch].control |= 1;
- omap_mcspi_transfer_run(s, ch);
- } else
- s->ch[ch].control = value & 1;
- break;
-
- case 0x74: ch ++;
- case 0x60: ch ++;
- case 0x4c: ch ++;
- case 0x38: /* MCSPI_TX */
- s->ch[ch].tx = value;
- s->ch[ch].status &= ~(1 << 1); /* TXS */
- omap_mcspi_transfer_run(s, ch);
- break;
-
- default:
- OMAP_BAD_REG(addr);
- return;
- }
-}
-
-static const MemoryRegionOps omap_mcspi_ops = {
- .read = omap_mcspi_read,
- .write = omap_mcspi_write,
- .endianness = DEVICE_NATIVE_ENDIAN,
-};
-
-struct omap_mcspi_s *omap_mcspi_init(struct omap_target_agent_s *ta, int chnum,
- qemu_irq irq, qemu_irq *drq, omap_clk fclk, omap_clk iclk)
-{
- struct omap_mcspi_s *s = (struct omap_mcspi_s *)
- g_malloc0(sizeof(struct omap_mcspi_s));
- struct omap_mcspi_ch_s *ch = s->ch;
-
- s->irq = irq;
- s->chnum = chnum;
- while (chnum --) {
- ch->txdrq = *drq ++;
- ch->rxdrq = *drq ++;
- ch ++;
- }
- omap_mcspi_reset(s);
-
- memory_region_init_io(&s->iomem, &omap_mcspi_ops, s, "omap.mcspi",
- omap_l4_region_size(ta, 0));
- omap_l4_attach(ta, 0, &s->iomem);
-
- return s;
-}
-
-void omap_mcspi_attach(struct omap_mcspi_s *s,
- uint32_t (*txrx)(void *opaque, uint32_t, int), void *opaque,
- int chipselect)
-{
- if (chipselect < 0 || chipselect >= s->chnum)
- hw_error("%s: Bad chipselect %i\n", __FUNCTION__, chipselect);
-
- s->ch[chipselect].txrx = txrx;
- s->ch[chipselect].opaque = opaque;
-}
diff --git a/hw/omap_sx1.c b/hw/omap_sx1.c
deleted file mode 100644
index 21a5bbb00..000000000
--- a/hw/omap_sx1.c
+++ /dev/null
@@ -1,236 +0,0 @@
-/* omap_sx1.c Support for the Siemens SX1 smartphone emulation.
- *
- * Copyright (C) 2008
- * Jean-Christophe PLAGNIOL-VILLARD <plagnioj@jcrosoft.com>
- * Copyright (C) 2007 Vladimir Ananiev <vovan888@gmail.com>
- *
- * based on PalmOne's (TM) PDAs support (palm.c)
- */
-
-/*
- * PalmOne's (TM) PDAs.
- *
- * Copyright (C) 2006-2007 Andrzej Zaborowski <balrog@zabor.org>
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License as
- * published by the Free Software Foundation; either version 2 of
- * the License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, see <http://www.gnu.org/licenses/>.
- */
-#include "hw.h"
-#include "console.h"
-#include "omap.h"
-#include "boards.h"
-#include "arm-misc.h"
-#include "flash.h"
-#include "blockdev.h"
-#include "exec-memory.h"
-
-/*****************************************************************************/
-/* Siemens SX1 Cellphone V1 */
-/* - ARM OMAP310 processor
- * - SRAM 192 kB
- * - SDRAM 32 MB at 0x10000000
- * - Boot flash 16 MB at 0x00000000
- * - Application flash 8 MB at 0x04000000
- * - 3 serial ports
- * - 1 SecureDigital
- * - 1 LCD display
- * - 1 RTC
- */
-
-/*****************************************************************************/
-/* Siemens SX1 Cellphone V2 */
-/* - ARM OMAP310 processor
- * - SRAM 192 kB
- * - SDRAM 32 MB at 0x10000000
- * - Boot flash 32 MB at 0x00000000
- * - 3 serial ports
- * - 1 SecureDigital
- * - 1 LCD display
- * - 1 RTC
- */
-
-static uint64_t static_read(void *opaque, hwaddr offset,
- unsigned size)
-{
- uint32_t *val = (uint32_t *) opaque;
- uint32_t mask = (4 / size) - 1;
-
- return *val >> ((offset & mask) << 3);
-}
-
-static void static_write(void *opaque, hwaddr offset,
- uint64_t value, unsigned size)
-{
-#ifdef SPY
- printf("%s: value %" PRIx64 " %u bytes written at 0x%x\n",
- __func__, value, size, (int)offset);
-#endif
-}
-
-static const MemoryRegionOps static_ops = {
- .read = static_read,
- .write = static_write,
- .endianness = DEVICE_NATIVE_ENDIAN,
-};
-
-#define sdram_size 0x02000000
-#define sector_size (128 * 1024)
-#define flash0_size (16 * 1024 * 1024)
-#define flash1_size ( 8 * 1024 * 1024)
-#define flash2_size (32 * 1024 * 1024)
-#define total_ram_v1 (sdram_size + flash0_size + flash1_size + OMAP15XX_SRAM_SIZE)
-#define total_ram_v2 (sdram_size + flash2_size + OMAP15XX_SRAM_SIZE)
-
-static struct arm_boot_info sx1_binfo = {
- .loader_start = OMAP_EMIFF_BASE,
- .ram_size = sdram_size,
- .board_id = 0x265,
-};
-
-static void sx1_init(QEMUMachineInitArgs *args, const int version)
-{
- struct omap_mpu_state_s *mpu;
- MemoryRegion *address_space = get_system_memory();
- MemoryRegion *flash = g_new(MemoryRegion, 1);
- MemoryRegion *flash_1 = g_new(MemoryRegion, 1);
- MemoryRegion *cs = g_new(MemoryRegion, 4);
- static uint32_t cs0val = 0x00213090;
- static uint32_t cs1val = 0x00215070;
- static uint32_t cs2val = 0x00001139;
- static uint32_t cs3val = 0x00001139;
- DriveInfo *dinfo;
- int fl_idx;
- uint32_t flash_size = flash0_size;
- int be;
-
- if (version == 2) {
- flash_size = flash2_size;
- }
-
- mpu = omap310_mpu_init(address_space, sx1_binfo.ram_size, args->cpu_model);
-
- /* External Flash (EMIFS) */
- memory_region_init_ram(flash, "omap_sx1.flash0-0", flash_size);
- vmstate_register_ram_global(flash);
- memory_region_set_readonly(flash, true);
- memory_region_add_subregion(address_space, OMAP_CS0_BASE, flash);
-
- memory_region_init_io(&cs[0], &static_ops, &cs0val,
- "sx1.cs0", OMAP_CS0_SIZE - flash_size);
- memory_region_add_subregion(address_space,
- OMAP_CS0_BASE + flash_size, &cs[0]);
-
-
- memory_region_init_io(&cs[2], &static_ops, &cs2val,
- "sx1.cs2", OMAP_CS2_SIZE);
- memory_region_add_subregion(address_space,
- OMAP_CS2_BASE, &cs[2]);
-
- memory_region_init_io(&cs[3], &static_ops, &cs3val,
- "sx1.cs3", OMAP_CS3_SIZE);
- memory_region_add_subregion(address_space,
- OMAP_CS2_BASE, &cs[3]);
-
- fl_idx = 0;
-#ifdef TARGET_WORDS_BIGENDIAN
- be = 1;
-#else
- be = 0;
-#endif
-
- if ((dinfo = drive_get(IF_PFLASH, 0, fl_idx)) != NULL) {
- if (!pflash_cfi01_register(OMAP_CS0_BASE, NULL,
- "omap_sx1.flash0-1", flash_size,
- dinfo->bdrv, sector_size,
- flash_size / sector_size,
- 4, 0, 0, 0, 0, be)) {
- fprintf(stderr, "qemu: Error registering flash memory %d.\n",
- fl_idx);
- }
- fl_idx++;
- }
-
- if ((version == 1) &&
- (dinfo = drive_get(IF_PFLASH, 0, fl_idx)) != NULL) {
- memory_region_init_ram(flash_1, "omap_sx1.flash1-0", flash1_size);
- vmstate_register_ram_global(flash_1);
- memory_region_set_readonly(flash_1, true);
- memory_region_add_subregion(address_space, OMAP_CS1_BASE, flash_1);
-
- memory_region_init_io(&cs[1], &static_ops, &cs1val,
- "sx1.cs1", OMAP_CS1_SIZE - flash1_size);
- memory_region_add_subregion(address_space,
- OMAP_CS1_BASE + flash1_size, &cs[1]);
-
- if (!pflash_cfi01_register(OMAP_CS1_BASE, NULL,
- "omap_sx1.flash1-1", flash1_size,
- dinfo->bdrv, sector_size,
- flash1_size / sector_size,
- 4, 0, 0, 0, 0, be)) {
- fprintf(stderr, "qemu: Error registering flash memory %d.\n",
- fl_idx);
- }
- fl_idx++;
- } else {
- memory_region_init_io(&cs[1], &static_ops, &cs1val,
- "sx1.cs1", OMAP_CS1_SIZE);
- memory_region_add_subregion(address_space,
- OMAP_CS1_BASE, &cs[1]);
- }
-
- if (!args->kernel_filename && !fl_idx) {
- fprintf(stderr, "Kernel or Flash image must be specified\n");
- exit(1);
- }
-
- /* Load the kernel. */
- if (args->kernel_filename) {
- sx1_binfo.kernel_filename = args->kernel_filename;
- sx1_binfo.kernel_cmdline = args->kernel_cmdline;
- sx1_binfo.initrd_filename = args->initrd_filename;
- arm_load_kernel(mpu->cpu, &sx1_binfo);
- }
-
- /* TODO: fix next line */
- //~ qemu_console_resize(ds, 640, 480);
-}
-
-static void sx1_init_v1(QEMUMachineInitArgs *args)
-{
- sx1_init(args, 1);
-}
-
-static void sx1_init_v2(QEMUMachineInitArgs *args)
-{
- sx1_init(args, 2);
-}
-
-static QEMUMachine sx1_machine_v2 = {
- .name = "sx1",
- .desc = "Siemens SX1 (OMAP310) V2",
- .init = sx1_init_v2,
-};
-
-static QEMUMachine sx1_machine_v1 = {
- .name = "sx1-v1",
- .desc = "Siemens SX1 (OMAP310) V1",
- .init = sx1_init_v1,
-};
-
-static void sx1_machine_init(void)
-{
- qemu_register_machine(&sx1_machine_v2);
- qemu_register_machine(&sx1_machine_v1);
-}
-
-machine_init(sx1_machine_init);
diff --git a/hw/omap_synctimer.c b/hw/omap_synctimer.c
deleted file mode 100644
index 7031a8853..000000000
--- a/hw/omap_synctimer.c
+++ /dev/null
@@ -1,102 +0,0 @@
-/*
- * TI OMAP2 32kHz sync timer emulation.
- *
- * Copyright (C) 2007-2008 Nokia Corporation
- * Written by Andrzej Zaborowski <andrew@openedhand.com>
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License as
- * published by the Free Software Foundation; either version 2 or
- * (at your option) any later version of the License.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, see <http://www.gnu.org/licenses/>.
- */
-#include "hw.h"
-#include "qemu-timer.h"
-#include "omap.h"
-struct omap_synctimer_s {
- MemoryRegion iomem;
- uint32_t val;
- uint16_t readh;
-};
-
-/* 32-kHz Sync Timer of the OMAP2 */
-static uint32_t omap_synctimer_read(struct omap_synctimer_s *s) {
- return muldiv64(qemu_get_clock_ns(vm_clock), 0x8000, get_ticks_per_sec());
-}
-
-void omap_synctimer_reset(struct omap_synctimer_s *s)
-{
- s->val = omap_synctimer_read(s);
-}
-
-static uint32_t omap_synctimer_readw(void *opaque, hwaddr addr)
-{
- struct omap_synctimer_s *s = (struct omap_synctimer_s *) opaque;
-
- switch (addr) {
- case 0x00: /* 32KSYNCNT_REV */
- return 0x21;
-
- case 0x10: /* CR */
- return omap_synctimer_read(s) - s->val;
- }
-
- OMAP_BAD_REG(addr);
- return 0;
-}
-
-static uint32_t omap_synctimer_readh(void *opaque, hwaddr addr)
-{
- struct omap_synctimer_s *s = (struct omap_synctimer_s *) opaque;
- uint32_t ret;
-
- if (addr & 2)
- return s->readh;
- else {
- ret = omap_synctimer_readw(opaque, addr);
- s->readh = ret >> 16;
- return ret & 0xffff;
- }
-}
-
-static void omap_synctimer_write(void *opaque, hwaddr addr,
- uint32_t value)
-{
- OMAP_BAD_REG(addr);
-}
-
-static const MemoryRegionOps omap_synctimer_ops = {
- .old_mmio = {
- .read = {
- omap_badwidth_read32,
- omap_synctimer_readh,
- omap_synctimer_readw,
- },
- .write = {
- omap_badwidth_write32,
- omap_synctimer_write,
- omap_synctimer_write,
- },
- },
- .endianness = DEVICE_NATIVE_ENDIAN,
-};
-
-struct omap_synctimer_s *omap_synctimer_init(struct omap_target_agent_s *ta,
- struct omap_mpu_state_s *mpu, omap_clk fclk, omap_clk iclk)
-{
- struct omap_synctimer_s *s = g_malloc0(sizeof(*s));
-
- omap_synctimer_reset(s);
- memory_region_init_io(&s->iomem, &omap_synctimer_ops, s, "omap.synctimer",
- omap_l4_region_size(ta, 0));
- omap_l4_attach(ta, 0, &s->iomem);
-
- return s;
-}
diff --git a/hw/omap_tap.c b/hw/omap_tap.c
deleted file mode 100644
index e273e971e..000000000
--- a/hw/omap_tap.c
+++ /dev/null
@@ -1,116 +0,0 @@
-/*
- * TI OMAP TEST-Chip-level TAP emulation.
- *
- * Copyright (C) 2007-2008 Nokia Corporation
- * Written by Andrzej Zaborowski <andrew@openedhand.com>
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License as
- * published by the Free Software Foundation; either version 2 or
- * (at your option) any later version of the License.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, see <http://www.gnu.org/licenses/>.
- */
-
-#include "hw.h"
-#include "omap.h"
-
-/* TEST-Chip-level TAP */
-static uint64_t omap_tap_read(void *opaque, hwaddr addr,
- unsigned size)
-{
- struct omap_mpu_state_s *s = (struct omap_mpu_state_s *) opaque;
-
- if (size != 4) {
- return omap_badwidth_read32(opaque, addr);
- }
-
- switch (addr) {
- case 0x204: /* IDCODE_reg */
- switch (s->mpu_model) {
- case omap2420:
- case omap2422:
- case omap2423:
- return 0x5b5d902f; /* ES 2.2 */
- case omap2430:
- return 0x5b68a02f; /* ES 2.2 */
- case omap3430:
- return 0x1b7ae02f; /* ES 2 */
- default:
- hw_error("%s: Bad mpu model\n", __FUNCTION__);
- }
-
- case 0x208: /* PRODUCTION_ID_reg for OMAP2 */
- case 0x210: /* PRODUCTION_ID_reg for OMAP3 */
- switch (s->mpu_model) {
- case omap2420:
- return 0x000254f0; /* POP ESHS2.1.1 in N91/93/95, ES2 in N800 */
- case omap2422:
- return 0x000400f0;
- case omap2423:
- return 0x000800f0;
- case omap2430:
- return 0x000000f0;
- case omap3430:
- return 0x000000f0;
- default:
- hw_error("%s: Bad mpu model\n", __FUNCTION__);
- }
-
- case 0x20c:
- switch (s->mpu_model) {
- case omap2420:
- case omap2422:
- case omap2423:
- return 0xcafeb5d9; /* ES 2.2 */
- case omap2430:
- return 0xcafeb68a; /* ES 2.2 */
- case omap3430:
- return 0xcafeb7ae; /* ES 2 */
- default:
- hw_error("%s: Bad mpu model\n", __FUNCTION__);
- }
-
- case 0x218: /* DIE_ID_reg */
- return ('Q' << 24) | ('E' << 16) | ('M' << 8) | ('U' << 0);
- case 0x21c: /* DIE_ID_reg */
- return 0x54 << 24;
- case 0x220: /* DIE_ID_reg */
- return ('Q' << 24) | ('E' << 16) | ('M' << 8) | ('U' << 0);
- case 0x224: /* DIE_ID_reg */
- return ('Q' << 24) | ('E' << 16) | ('M' << 8) | ('U' << 0);
- }
-
- OMAP_BAD_REG(addr);
- return 0;
-}
-
-static void omap_tap_write(void *opaque, hwaddr addr,
- uint64_t value, unsigned size)
-{
- if (size != 4) {
- return omap_badwidth_write32(opaque, addr, value);
- }
-
- OMAP_BAD_REG(addr);
-}
-
-static const MemoryRegionOps omap_tap_ops = {
- .read = omap_tap_read,
- .write = omap_tap_write,
- .endianness = DEVICE_NATIVE_ENDIAN,
-};
-
-void omap_tap_init(struct omap_target_agent_s *ta,
- struct omap_mpu_state_s *mpu)
-{
- memory_region_init_io(&mpu->tap_iomem, &omap_tap_ops, mpu, "omap.tap",
- omap_l4_region_size(ta, 0));
- omap_l4_attach(ta, 0, &mpu->tap_iomem);
-}
diff --git a/hw/omap_uart.c b/hw/omap_uart.c
deleted file mode 100644
index 92f27021b..000000000
--- a/hw/omap_uart.c
+++ /dev/null
@@ -1,187 +0,0 @@
-/*
- * TI OMAP processors UART emulation.
- *
- * Copyright (C) 2006-2008 Andrzej Zaborowski <balrog@zabor.org>
- * Copyright (C) 2007-2009 Nokia Corporation
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License as
- * published by the Free Software Foundation; either version 2 or
- * (at your option) version 3 of the License.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, see <http://www.gnu.org/licenses/>.
- */
-#include "qemu-char.h"
-#include "hw.h"
-#include "omap.h"
-#include "serial.h"
-#include "exec-memory.h"
-
-/* UARTs */
-struct omap_uart_s {
- MemoryRegion iomem;
- hwaddr base;
- SerialState *serial; /* TODO */
- struct omap_target_agent_s *ta;
- omap_clk fclk;
- qemu_irq irq;
-
- uint8_t eblr;
- uint8_t syscontrol;
- uint8_t wkup;
- uint8_t cfps;
- uint8_t mdr[2];
- uint8_t scr;
- uint8_t clksel;
-};
-
-void omap_uart_reset(struct omap_uart_s *s)
-{
- s->eblr = 0x00;
- s->syscontrol = 0;
- s->wkup = 0x3f;
- s->cfps = 0x69;
- s->clksel = 0;
-}
-
-struct omap_uart_s *omap_uart_init(hwaddr base,
- qemu_irq irq, omap_clk fclk, omap_clk iclk,
- qemu_irq txdma, qemu_irq rxdma,
- const char *label, CharDriverState *chr)
-{
- struct omap_uart_s *s = (struct omap_uart_s *)
- g_malloc0(sizeof(struct omap_uart_s));
-
- s->base = base;
- s->fclk = fclk;
- s->irq = irq;
- s->serial = serial_mm_init(get_system_memory(), base, 2, irq,
- omap_clk_getrate(fclk)/16,
- chr ?: qemu_chr_new(label, "null", NULL),
- DEVICE_NATIVE_ENDIAN);
- return s;
-}
-
-static uint64_t omap_uart_read(void *opaque, hwaddr addr,
- unsigned size)
-{
- struct omap_uart_s *s = (struct omap_uart_s *) opaque;
-
- if (size == 4) {
- return omap_badwidth_read8(opaque, addr);
- }
-
- switch (addr) {
- case 0x20: /* MDR1 */
- return s->mdr[0];
- case 0x24: /* MDR2 */
- return s->mdr[1];
- case 0x40: /* SCR */
- return s->scr;
- case 0x44: /* SSR */
- return 0x0;
- case 0x48: /* EBLR (OMAP2) */
- return s->eblr;
- case 0x4C: /* OSC_12M_SEL (OMAP1) */
- return s->clksel;
- case 0x50: /* MVR */
- return 0x30;
- case 0x54: /* SYSC (OMAP2) */
- return s->syscontrol;
- case 0x58: /* SYSS (OMAP2) */
- return 1;
- case 0x5c: /* WER (OMAP2) */
- return s->wkup;
- case 0x60: /* CFPS (OMAP2) */
- return s->cfps;
- }
-
- OMAP_BAD_REG(addr);
- return 0;
-}
-
-static void omap_uart_write(void *opaque, hwaddr addr,
- uint64_t value, unsigned size)
-{
- struct omap_uart_s *s = (struct omap_uart_s *) opaque;
-
- if (size == 4) {
- return omap_badwidth_write8(opaque, addr, value);
- }
-
- switch (addr) {
- case 0x20: /* MDR1 */
- s->mdr[0] = value & 0x7f;
- break;
- case 0x24: /* MDR2 */
- s->mdr[1] = value & 0xff;
- break;
- case 0x40: /* SCR */
- s->scr = value & 0xff;
- break;
- case 0x48: /* EBLR (OMAP2) */
- s->eblr = value & 0xff;
- break;
- case 0x4C: /* OSC_12M_SEL (OMAP1) */
- s->clksel = value & 1;
- break;
- case 0x44: /* SSR */
- case 0x50: /* MVR */
- case 0x58: /* SYSS (OMAP2) */
- OMAP_RO_REG(addr);
- break;
- case 0x54: /* SYSC (OMAP2) */
- s->syscontrol = value & 0x1d;
- if (value & 2)
- omap_uart_reset(s);
- break;
- case 0x5c: /* WER (OMAP2) */
- s->wkup = value & 0x7f;
- break;
- case 0x60: /* CFPS (OMAP2) */
- s->cfps = value & 0xff;
- break;
- default:
- OMAP_BAD_REG(addr);
- }
-}
-
-static const MemoryRegionOps omap_uart_ops = {
- .read = omap_uart_read,
- .write = omap_uart_write,
- .endianness = DEVICE_NATIVE_ENDIAN,
-};
-
-struct omap_uart_s *omap2_uart_init(MemoryRegion *sysmem,
- struct omap_target_agent_s *ta,
- qemu_irq irq, omap_clk fclk, omap_clk iclk,
- qemu_irq txdma, qemu_irq rxdma,
- const char *label, CharDriverState *chr)
-{
- hwaddr base = omap_l4_attach(ta, 0, NULL);
- struct omap_uart_s *s = omap_uart_init(base, irq,
- fclk, iclk, txdma, rxdma, label, chr);
-
- memory_region_init_io(&s->iomem, &omap_uart_ops, s, "omap.uart", 0x100);
-
- s->ta = ta;
-
- memory_region_add_subregion(sysmem, base + 0x20, &s->iomem);
-
- return s;
-}
-
-void omap_uart_attach(struct omap_uart_s *s, CharDriverState *chr)
-{
- /* TODO: Should reuse or destroy current s->serial */
- s->serial = serial_mm_init(get_system_memory(), s->base, 2, s->irq,
- omap_clk_getrate(s->fclk) / 16,
- chr ?: qemu_chr_new("null", "null", NULL),
- DEVICE_NATIVE_ENDIAN);
-}
diff --git a/hw/onenand.c b/hw/onenand.c
deleted file mode 100644
index 1803e4c26..000000000
--- a/hw/onenand.c
+++ /dev/null
@@ -1,841 +0,0 @@
-/*
- * OneNAND flash memories emulation.
- *
- * Copyright (C) 2008 Nokia Corporation
- * Written by Andrzej Zaborowski <andrew@openedhand.com>
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License as
- * published by the Free Software Foundation; either version 2 or
- * (at your option) version 3 of the License.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, see <http://www.gnu.org/licenses/>.
- */
-
-#include "qemu-common.h"
-#include "hw.h"
-#include "flash.h"
-#include "irq.h"
-#include "blockdev.h"
-#include "memory.h"
-#include "exec-memory.h"
-#include "sysbus.h"
-#include "qemu-error.h"
-
-/* 11 for 2kB-page OneNAND ("2nd generation") and 10 for 1kB-page chips */
-#define PAGE_SHIFT 11
-
-/* Fixed */
-#define BLOCK_SHIFT (PAGE_SHIFT + 6)
-
-typedef struct {
- SysBusDevice busdev;
- struct {
- uint16_t man;
- uint16_t dev;
- uint16_t ver;
- } id;
- int shift;
- hwaddr base;
- qemu_irq intr;
- qemu_irq rdy;
- BlockDriverState *bdrv;
- BlockDriverState *bdrv_cur;
- uint8_t *image;
- uint8_t *otp;
- uint8_t *current;
- MemoryRegion ram;
- MemoryRegion mapped_ram;
- uint8_t current_direction;
- uint8_t *boot[2];
- uint8_t *data[2][2];
- MemoryRegion iomem;
- MemoryRegion container;
- int cycle;
- int otpmode;
-
- uint16_t addr[8];
- uint16_t unladdr[8];
- int bufaddr;
- int count;
- uint16_t command;
- uint16_t config[2];
- uint16_t status;
- uint16_t intstatus;
- uint16_t wpstatus;
-
- ECCState ecc;
-
- int density_mask;
- int secs;
- int secs_cur;
- int blocks;
- uint8_t *blockwp;
-} OneNANDState;
-
-enum {
- ONEN_BUF_BLOCK = 0,
- ONEN_BUF_BLOCK2 = 1,
- ONEN_BUF_DEST_BLOCK = 2,
- ONEN_BUF_DEST_PAGE = 3,
- ONEN_BUF_PAGE = 7,
-};
-
-enum {
- ONEN_ERR_CMD = 1 << 10,
- ONEN_ERR_ERASE = 1 << 11,
- ONEN_ERR_PROG = 1 << 12,
- ONEN_ERR_LOAD = 1 << 13,
-};
-
-enum {
- ONEN_INT_RESET = 1 << 4,
- ONEN_INT_ERASE = 1 << 5,
- ONEN_INT_PROG = 1 << 6,
- ONEN_INT_LOAD = 1 << 7,
- ONEN_INT = 1 << 15,
-};
-
-enum {
- ONEN_LOCK_LOCKTIGHTEN = 1 << 0,
- ONEN_LOCK_LOCKED = 1 << 1,
- ONEN_LOCK_UNLOCKED = 1 << 2,
-};
-
-static void onenand_mem_setup(OneNANDState *s)
-{
- /* XXX: We should use IO_MEM_ROMD but we broke it earlier...
- * Both 0x0000 ... 0x01ff and 0x8000 ... 0x800f can be used to
- * write boot commands. Also take note of the BWPS bit. */
- memory_region_init(&s->container, "onenand", 0x10000 << s->shift);
- memory_region_add_subregion(&s->container, 0, &s->iomem);
- memory_region_init_alias(&s->mapped_ram, "onenand-mapped-ram",
- &s->ram, 0x0200 << s->shift,
- 0xbe00 << s->shift);
- memory_region_add_subregion_overlap(&s->container,
- 0x0200 << s->shift,
- &s->mapped_ram,
- 1);
-}
-
-static void onenand_intr_update(OneNANDState *s)
-{
- qemu_set_irq(s->intr, ((s->intstatus >> 15) ^ (~s->config[0] >> 6)) & 1);
-}
-
-static void onenand_pre_save(void *opaque)
-{
- OneNANDState *s = opaque;
- if (s->current == s->otp) {
- s->current_direction = 1;
- } else if (s->current == s->image) {
- s->current_direction = 2;
- } else {
- s->current_direction = 0;
- }
-}
-
-static int onenand_post_load(void *opaque, int version_id)
-{
- OneNANDState *s = opaque;
- switch (s->current_direction) {
- case 0:
- break;
- case 1:
- s->current = s->otp;
- break;
- case 2:
- s->current = s->image;
- break;
- default:
- return -1;
- }
- onenand_intr_update(s);
- return 0;
-}
-
-static const VMStateDescription vmstate_onenand = {
- .name = "onenand",
- .version_id = 1,
- .minimum_version_id = 1,
- .minimum_version_id_old = 1,
- .pre_save = onenand_pre_save,
- .post_load = onenand_post_load,
- .fields = (VMStateField[]) {
- VMSTATE_UINT8(current_direction, OneNANDState),
- VMSTATE_INT32(cycle, OneNANDState),
- VMSTATE_INT32(otpmode, OneNANDState),
- VMSTATE_UINT16_ARRAY(addr, OneNANDState, 8),
- VMSTATE_UINT16_ARRAY(unladdr, OneNANDState, 8),
- VMSTATE_INT32(bufaddr, OneNANDState),
- VMSTATE_INT32(count, OneNANDState),
- VMSTATE_UINT16(command, OneNANDState),
- VMSTATE_UINT16_ARRAY(config, OneNANDState, 2),
- VMSTATE_UINT16(status, OneNANDState),
- VMSTATE_UINT16(intstatus, OneNANDState),
- VMSTATE_UINT16(wpstatus, OneNANDState),
- VMSTATE_INT32(secs_cur, OneNANDState),
- VMSTATE_PARTIAL_VBUFFER(blockwp, OneNANDState, blocks),
- VMSTATE_UINT8(ecc.cp, OneNANDState),
- VMSTATE_UINT16_ARRAY(ecc.lp, OneNANDState, 2),
- VMSTATE_UINT16(ecc.count, OneNANDState),
- VMSTATE_BUFFER_UNSAFE(otp, OneNANDState, 0, ((64 + 2) << PAGE_SHIFT)),
- VMSTATE_END_OF_LIST()
- }
-};
-
-/* Hot reset (Reset OneNAND command) or warm reset (RP pin low) */
-static void onenand_reset(OneNANDState *s, int cold)
-{
- memset(&s->addr, 0, sizeof(s->addr));
- s->command = 0;
- s->count = 1;
- s->bufaddr = 0;
- s->config[0] = 0x40c0;
- s->config[1] = 0x0000;
- onenand_intr_update(s);
- qemu_irq_raise(s->rdy);
- s->status = 0x0000;
- s->intstatus = cold ? 0x8080 : 0x8010;
- s->unladdr[0] = 0;
- s->unladdr[1] = 0;
- s->wpstatus = 0x0002;
- s->cycle = 0;
- s->otpmode = 0;
- s->bdrv_cur = s->bdrv;
- s->current = s->image;
- s->secs_cur = s->secs;
-
- if (cold) {
- /* Lock the whole flash */
- memset(s->blockwp, ONEN_LOCK_LOCKED, s->blocks);
-
- if (s->bdrv_cur && bdrv_read(s->bdrv_cur, 0, s->boot[0], 8) < 0) {
- hw_error("%s: Loading the BootRAM failed.\n", __func__);
- }
- }
-}
-
-static void onenand_system_reset(DeviceState *dev)
-{
- onenand_reset(FROM_SYSBUS(OneNANDState, sysbus_from_qdev(dev)), 1);
-}
-
-static inline int onenand_load_main(OneNANDState *s, int sec, int secn,
- void *dest)
-{
- if (s->bdrv_cur)
- return bdrv_read(s->bdrv_cur, sec, dest, secn) < 0;
- else if (sec + secn > s->secs_cur)
- return 1;
-
- memcpy(dest, s->current + (sec << 9), secn << 9);
-
- return 0;
-}
-
-static inline int onenand_prog_main(OneNANDState *s, int sec, int secn,
- void *src)
-{
- int result = 0;
-
- if (secn > 0) {
- uint32_t size = (uint32_t)secn * 512;
- const uint8_t *sp = (const uint8_t *)src;
- uint8_t *dp = 0;
- if (s->bdrv_cur) {
- dp = g_malloc(size);
- if (!dp || bdrv_read(s->bdrv_cur, sec, dp, secn) < 0) {
- result = 1;
- }
- } else {
- if (sec + secn > s->secs_cur) {
- result = 1;
- } else {
- dp = (uint8_t *)s->current + (sec << 9);
- }
- }
- if (!result) {
- uint32_t i;
- for (i = 0; i < size; i++) {
- dp[i] &= sp[i];
- }
- if (s->bdrv_cur) {
- result = bdrv_write(s->bdrv_cur, sec, dp, secn) < 0;
- }
- }
- if (dp && s->bdrv_cur) {
- g_free(dp);
- }
- }
-
- return result;
-}
-
-static inline int onenand_load_spare(OneNANDState *s, int sec, int secn,
- void *dest)
-{
- uint8_t buf[512];
-
- if (s->bdrv_cur) {
- if (bdrv_read(s->bdrv_cur, s->secs_cur + (sec >> 5), buf, 1) < 0)
- return 1;
- memcpy(dest, buf + ((sec & 31) << 4), secn << 4);
- } else if (sec + secn > s->secs_cur)
- return 1;
- else
- memcpy(dest, s->current + (s->secs_cur << 9) + (sec << 4), secn << 4);
-
- return 0;
-}
-
-static inline int onenand_prog_spare(OneNANDState *s, int sec, int secn,
- void *src)
-{
- int result = 0;
- if (secn > 0) {
- const uint8_t *sp = (const uint8_t *)src;
- uint8_t *dp = 0, *dpp = 0;
- if (s->bdrv_cur) {
- dp = g_malloc(512);
- if (!dp || bdrv_read(s->bdrv_cur,
- s->secs_cur + (sec >> 5),
- dp, 1) < 0) {
- result = 1;
- } else {
- dpp = dp + ((sec & 31) << 4);
- }
- } else {
- if (sec + secn > s->secs_cur) {
- result = 1;
- } else {
- dpp = s->current + (s->secs_cur << 9) + (sec << 4);
- }
- }
- if (!result) {
- uint32_t i;
- for (i = 0; i < (secn << 4); i++) {
- dpp[i] &= sp[i];
- }
- if (s->bdrv_cur) {
- result = bdrv_write(s->bdrv_cur, s->secs_cur + (sec >> 5),
- dp, 1) < 0;
- }
- }
- if (dp) {
- g_free(dp);
- }
- }
- return result;
-}
-
-static inline int onenand_erase(OneNANDState *s, int sec, int num)
-{
- uint8_t *blankbuf, *tmpbuf;
- blankbuf = g_malloc(512);
- if (!blankbuf) {
- return 1;
- }
- tmpbuf = g_malloc(512);
- if (!tmpbuf) {
- g_free(blankbuf);
- return 1;
- }
- memset(blankbuf, 0xff, 512);
- for (; num > 0; num--, sec++) {
- if (s->bdrv_cur) {
- int erasesec = s->secs_cur + (sec >> 5);
- if (bdrv_write(s->bdrv_cur, sec, blankbuf, 1) < 0) {
- goto fail;
- }
- if (bdrv_read(s->bdrv_cur, erasesec, tmpbuf, 1) < 0) {
- goto fail;
- }
- memcpy(tmpbuf + ((sec & 31) << 4), blankbuf, 1 << 4);
- if (bdrv_write(s->bdrv_cur, erasesec, tmpbuf, 1) < 0) {
- goto fail;
- }
- } else {
- if (sec + 1 > s->secs_cur) {
- goto fail;
- }
- memcpy(s->current + (sec << 9), blankbuf, 512);
- memcpy(s->current + (s->secs_cur << 9) + (sec << 4),
- blankbuf, 1 << 4);
- }
- }
-
- g_free(tmpbuf);
- g_free(blankbuf);
- return 0;
-
-fail:
- g_free(tmpbuf);
- g_free(blankbuf);
- return 1;
-}
-
-static void onenand_command(OneNANDState *s)
-{
- int b;
- int sec;
- void *buf;
-#define SETADDR(block, page) \
- sec = (s->addr[page] & 3) + \
- ((((s->addr[page] >> 2) & 0x3f) + \
- (((s->addr[block] & 0xfff) | \
- (s->addr[block] >> 15 ? \
- s->density_mask : 0)) << 6)) << (PAGE_SHIFT - 9));
-#define SETBUF_M() \
- buf = (s->bufaddr & 8) ? \
- s->data[(s->bufaddr >> 2) & 1][0] : s->boot[0]; \
- buf += (s->bufaddr & 3) << 9;
-#define SETBUF_S() \
- buf = (s->bufaddr & 8) ? \
- s->data[(s->bufaddr >> 2) & 1][1] : s->boot[1]; \
- buf += (s->bufaddr & 3) << 4;
-
- switch (s->command) {
- case 0x00: /* Load single/multiple sector data unit into buffer */
- SETADDR(ONEN_BUF_BLOCK, ONEN_BUF_PAGE)
-
- SETBUF_M()
- if (onenand_load_main(s, sec, s->count, buf))
- s->status |= ONEN_ERR_CMD | ONEN_ERR_LOAD;
-
-#if 0
- SETBUF_S()
- if (onenand_load_spare(s, sec, s->count, buf))
- s->status |= ONEN_ERR_CMD | ONEN_ERR_LOAD;
-#endif
-
- /* TODO: if (s->bufaddr & 3) + s->count was > 4 (2k-pages)
- * or if (s->bufaddr & 1) + s->count was > 2 (1k-pages)
- * then we need two split the read/write into two chunks.
- */
- s->intstatus |= ONEN_INT | ONEN_INT_LOAD;
- break;
- case 0x13: /* Load single/multiple spare sector into buffer */
- SETADDR(ONEN_BUF_BLOCK, ONEN_BUF_PAGE)
-
- SETBUF_S()
- if (onenand_load_spare(s, sec, s->count, buf))
- s->status |= ONEN_ERR_CMD | ONEN_ERR_LOAD;
-
- /* TODO: if (s->bufaddr & 3) + s->count was > 4 (2k-pages)
- * or if (s->bufaddr & 1) + s->count was > 2 (1k-pages)
- * then we need two split the read/write into two chunks.
- */
- s->intstatus |= ONEN_INT | ONEN_INT_LOAD;
- break;
- case 0x80: /* Program single/multiple sector data unit from buffer */
- SETADDR(ONEN_BUF_BLOCK, ONEN_BUF_PAGE)
-
- SETBUF_M()
- if (onenand_prog_main(s, sec, s->count, buf))
- s->status |= ONEN_ERR_CMD | ONEN_ERR_PROG;
-
-#if 0
- SETBUF_S()
- if (onenand_prog_spare(s, sec, s->count, buf))
- s->status |= ONEN_ERR_CMD | ONEN_ERR_PROG;
-#endif
-
- /* TODO: if (s->bufaddr & 3) + s->count was > 4 (2k-pages)
- * or if (s->bufaddr & 1) + s->count was > 2 (1k-pages)
- * then we need two split the read/write into two chunks.
- */
- s->intstatus |= ONEN_INT | ONEN_INT_PROG;
- break;
- case 0x1a: /* Program single/multiple spare area sector from buffer */
- SETADDR(ONEN_BUF_BLOCK, ONEN_BUF_PAGE)
-
- SETBUF_S()
- if (onenand_prog_spare(s, sec, s->count, buf))
- s->status |= ONEN_ERR_CMD | ONEN_ERR_PROG;
-
- /* TODO: if (s->bufaddr & 3) + s->count was > 4 (2k-pages)
- * or if (s->bufaddr & 1) + s->count was > 2 (1k-pages)
- * then we need two split the read/write into two chunks.
- */
- s->intstatus |= ONEN_INT | ONEN_INT_PROG;
- break;
- case 0x1b: /* Copy-back program */
- SETBUF_S()
-
- SETADDR(ONEN_BUF_BLOCK, ONEN_BUF_PAGE)
- if (onenand_load_main(s, sec, s->count, buf))
- s->status |= ONEN_ERR_CMD | ONEN_ERR_PROG;
-
- SETADDR(ONEN_BUF_DEST_BLOCK, ONEN_BUF_DEST_PAGE)
- if (onenand_prog_main(s, sec, s->count, buf))
- s->status |= ONEN_ERR_CMD | ONEN_ERR_PROG;
-
- /* TODO: spare areas */
-
- s->intstatus |= ONEN_INT | ONEN_INT_PROG;
- break;
-
- case 0x23: /* Unlock NAND array block(s) */
- s->intstatus |= ONEN_INT;
-
- /* XXX the previous (?) area should be locked automatically */
- for (b = s->unladdr[0]; b <= s->unladdr[1]; b ++) {
- if (b >= s->blocks) {
- s->status |= ONEN_ERR_CMD;
- break;
- }
- if (s->blockwp[b] == ONEN_LOCK_LOCKTIGHTEN)
- break;
-
- s->wpstatus = s->blockwp[b] = ONEN_LOCK_UNLOCKED;
- }
- break;
- case 0x27: /* Unlock All NAND array blocks */
- s->intstatus |= ONEN_INT;
-
- for (b = 0; b < s->blocks; b ++) {
- if (b >= s->blocks) {
- s->status |= ONEN_ERR_CMD;
- break;
- }
- if (s->blockwp[b] == ONEN_LOCK_LOCKTIGHTEN)
- break;
-
- s->wpstatus = s->blockwp[b] = ONEN_LOCK_UNLOCKED;
- }
- break;
-
- case 0x2a: /* Lock NAND array block(s) */
- s->intstatus |= ONEN_INT;
-
- for (b = s->unladdr[0]; b <= s->unladdr[1]; b ++) {
- if (b >= s->blocks) {
- s->status |= ONEN_ERR_CMD;
- break;
- }
- if (s->blockwp[b] == ONEN_LOCK_LOCKTIGHTEN)
- break;
-
- s->wpstatus = s->blockwp[b] = ONEN_LOCK_LOCKED;
- }
- break;
- case 0x2c: /* Lock-tight NAND array block(s) */
- s->intstatus |= ONEN_INT;
-
- for (b = s->unladdr[0]; b <= s->unladdr[1]; b ++) {
- if (b >= s->blocks) {
- s->status |= ONEN_ERR_CMD;
- break;
- }
- if (s->blockwp[b] == ONEN_LOCK_UNLOCKED)
- continue;
-
- s->wpstatus = s->blockwp[b] = ONEN_LOCK_LOCKTIGHTEN;
- }
- break;
-
- case 0x71: /* Erase-Verify-Read */
- s->intstatus |= ONEN_INT;
- break;
- case 0x95: /* Multi-block erase */
- qemu_irq_pulse(s->intr);
- /* Fall through. */
- case 0x94: /* Block erase */
- sec = ((s->addr[ONEN_BUF_BLOCK] & 0xfff) |
- (s->addr[ONEN_BUF_BLOCK] >> 15 ? s->density_mask : 0))
- << (BLOCK_SHIFT - 9);
- if (onenand_erase(s, sec, 1 << (BLOCK_SHIFT - 9)))
- s->status |= ONEN_ERR_CMD | ONEN_ERR_ERASE;
-
- s->intstatus |= ONEN_INT | ONEN_INT_ERASE;
- break;
- case 0xb0: /* Erase suspend */
- break;
- case 0x30: /* Erase resume */
- s->intstatus |= ONEN_INT | ONEN_INT_ERASE;
- break;
-
- case 0xf0: /* Reset NAND Flash core */
- onenand_reset(s, 0);
- break;
- case 0xf3: /* Reset OneNAND */
- onenand_reset(s, 0);
- break;
-
- case 0x65: /* OTP Access */
- s->intstatus |= ONEN_INT;
- s->bdrv_cur = NULL;
- s->current = s->otp;
- s->secs_cur = 1 << (BLOCK_SHIFT - 9);
- s->addr[ONEN_BUF_BLOCK] = 0;
- s->otpmode = 1;
- break;
-
- default:
- s->status |= ONEN_ERR_CMD;
- s->intstatus |= ONEN_INT;
- fprintf(stderr, "%s: unknown OneNAND command %x\n",
- __func__, s->command);
- }
-
- onenand_intr_update(s);
-}
-
-static uint64_t onenand_read(void *opaque, hwaddr addr,
- unsigned size)
-{
- OneNANDState *s = (OneNANDState *) opaque;
- int offset = addr >> s->shift;
-
- switch (offset) {
- case 0x0000 ... 0xc000:
- return lduw_le_p(s->boot[0] + addr);
-
- case 0xf000: /* Manufacturer ID */
- return s->id.man;
- case 0xf001: /* Device ID */
- return s->id.dev;
- case 0xf002: /* Version ID */
- return s->id.ver;
- /* TODO: get the following values from a real chip! */
- case 0xf003: /* Data Buffer size */
- return 1 << PAGE_SHIFT;
- case 0xf004: /* Boot Buffer size */
- return 0x200;
- case 0xf005: /* Amount of buffers */
- return 1 | (2 << 8);
- case 0xf006: /* Technology */
- return 0;
-
- case 0xf100 ... 0xf107: /* Start addresses */
- return s->addr[offset - 0xf100];
-
- case 0xf200: /* Start buffer */
- return (s->bufaddr << 8) | ((s->count - 1) & (1 << (PAGE_SHIFT - 10)));
-
- case 0xf220: /* Command */
- return s->command;
- case 0xf221: /* System Configuration 1 */
- return s->config[0] & 0xffe0;
- case 0xf222: /* System Configuration 2 */
- return s->config[1];
-
- case 0xf240: /* Controller Status */
- return s->status;
- case 0xf241: /* Interrupt */
- return s->intstatus;
- case 0xf24c: /* Unlock Start Block Address */
- return s->unladdr[0];
- case 0xf24d: /* Unlock End Block Address */
- return s->unladdr[1];
- case 0xf24e: /* Write Protection Status */
- return s->wpstatus;
-
- case 0xff00: /* ECC Status */
- return 0x00;
- case 0xff01: /* ECC Result of main area data */
- case 0xff02: /* ECC Result of spare area data */
- case 0xff03: /* ECC Result of main area data */
- case 0xff04: /* ECC Result of spare area data */
- hw_error("%s: imeplement ECC\n", __FUNCTION__);
- return 0x0000;
- }
-
- fprintf(stderr, "%s: unknown OneNAND register %x\n",
- __FUNCTION__, offset);
- return 0;
-}
-
-static void onenand_write(void *opaque, hwaddr addr,
- uint64_t value, unsigned size)
-{
- OneNANDState *s = (OneNANDState *) opaque;
- int offset = addr >> s->shift;
- int sec;
-
- switch (offset) {
- case 0x0000 ... 0x01ff:
- case 0x8000 ... 0x800f:
- if (s->cycle) {
- s->cycle = 0;
-
- if (value == 0x0000) {
- SETADDR(ONEN_BUF_BLOCK, ONEN_BUF_PAGE)
- onenand_load_main(s, sec,
- 1 << (PAGE_SHIFT - 9), s->data[0][0]);
- s->addr[ONEN_BUF_PAGE] += 4;
- s->addr[ONEN_BUF_PAGE] &= 0xff;
- }
- break;
- }
-
- switch (value) {
- case 0x00f0: /* Reset OneNAND */
- onenand_reset(s, 0);
- break;
-
- case 0x00e0: /* Load Data into Buffer */
- s->cycle = 1;
- break;
-
- case 0x0090: /* Read Identification Data */
- memset(s->boot[0], 0, 3 << s->shift);
- s->boot[0][0 << s->shift] = s->id.man & 0xff;
- s->boot[0][1 << s->shift] = s->id.dev & 0xff;
- s->boot[0][2 << s->shift] = s->wpstatus & 0xff;
- break;
-
- default:
- fprintf(stderr, "%s: unknown OneNAND boot command %"PRIx64"\n",
- __FUNCTION__, value);
- }
- break;
-
- case 0xf100 ... 0xf107: /* Start addresses */
- s->addr[offset - 0xf100] = value;
- break;
-
- case 0xf200: /* Start buffer */
- s->bufaddr = (value >> 8) & 0xf;
- if (PAGE_SHIFT == 11)
- s->count = (value & 3) ?: 4;
- else if (PAGE_SHIFT == 10)
- s->count = (value & 1) ?: 2;
- break;
-
- case 0xf220: /* Command */
- if (s->intstatus & (1 << 15))
- break;
- s->command = value;
- onenand_command(s);
- break;
- case 0xf221: /* System Configuration 1 */
- s->config[0] = value;
- onenand_intr_update(s);
- qemu_set_irq(s->rdy, (s->config[0] >> 7) & 1);
- break;
- case 0xf222: /* System Configuration 2 */
- s->config[1] = value;
- break;
-
- case 0xf241: /* Interrupt */
- s->intstatus &= value;
- if ((1 << 15) & ~s->intstatus)
- s->status &= ~(ONEN_ERR_CMD | ONEN_ERR_ERASE |
- ONEN_ERR_PROG | ONEN_ERR_LOAD);
- onenand_intr_update(s);
- break;
- case 0xf24c: /* Unlock Start Block Address */
- s->unladdr[0] = value & (s->blocks - 1);
- /* For some reason we have to set the end address to by default
- * be same as start because the software forgets to write anything
- * in there. */
- s->unladdr[1] = value & (s->blocks - 1);
- break;
- case 0xf24d: /* Unlock End Block Address */
- s->unladdr[1] = value & (s->blocks - 1);
- break;
-
- default:
- fprintf(stderr, "%s: unknown OneNAND register %x\n",
- __FUNCTION__, offset);
- }
-}
-
-static const MemoryRegionOps onenand_ops = {
- .read = onenand_read,
- .write = onenand_write,
- .endianness = DEVICE_NATIVE_ENDIAN,
-};
-
-static int onenand_initfn(SysBusDevice *dev)
-{
- OneNANDState *s = (OneNANDState *)dev;
- uint32_t size = 1 << (24 + ((s->id.dev >> 4) & 7));
- void *ram;
- s->base = (hwaddr)-1;
- s->rdy = NULL;
- s->blocks = size >> BLOCK_SHIFT;
- s->secs = size >> 9;
- s->blockwp = g_malloc(s->blocks);
- s->density_mask = (s->id.dev & 0x08)
- ? (1 << (6 + ((s->id.dev >> 4) & 7))) : 0;
- memory_region_init_io(&s->iomem, &onenand_ops, s, "onenand",
- 0x10000 << s->shift);
- if (!s->bdrv) {
- s->image = memset(g_malloc(size + (size >> 5)),
- 0xff, size + (size >> 5));
- } else {
- if (bdrv_is_read_only(s->bdrv)) {
- error_report("Can't use a read-only drive");
- return -1;
- }
- s->bdrv_cur = s->bdrv;
- }
- s->otp = memset(g_malloc((64 + 2) << PAGE_SHIFT),
- 0xff, (64 + 2) << PAGE_SHIFT);
- memory_region_init_ram(&s->ram, "onenand.ram", 0xc000 << s->shift);
- vmstate_register_ram_global(&s->ram);
- ram = memory_region_get_ram_ptr(&s->ram);
- s->boot[0] = ram + (0x0000 << s->shift);
- s->boot[1] = ram + (0x8000 << s->shift);
- s->data[0][0] = ram + ((0x0200 + (0 << (PAGE_SHIFT - 1))) << s->shift);
- s->data[0][1] = ram + ((0x8010 + (0 << (PAGE_SHIFT - 6))) << s->shift);
- s->data[1][0] = ram + ((0x0200 + (1 << (PAGE_SHIFT - 1))) << s->shift);
- s->data[1][1] = ram + ((0x8010 + (1 << (PAGE_SHIFT - 6))) << s->shift);
- onenand_mem_setup(s);
- sysbus_init_irq(dev, &s->intr);
- sysbus_init_mmio(dev, &s->container);
- vmstate_register(&dev->qdev,
- ((s->shift & 0x7f) << 24)
- | ((s->id.man & 0xff) << 16)
- | ((s->id.dev & 0xff) << 8)
- | (s->id.ver & 0xff),
- &vmstate_onenand, s);
- return 0;
-}
-
-static Property onenand_properties[] = {
- DEFINE_PROP_UINT16("manufacturer_id", OneNANDState, id.man, 0),
- DEFINE_PROP_UINT16("device_id", OneNANDState, id.dev, 0),
- DEFINE_PROP_UINT16("version_id", OneNANDState, id.ver, 0),
- DEFINE_PROP_INT32("shift", OneNANDState, shift, 0),
- DEFINE_PROP_DRIVE("drive", OneNANDState, bdrv),
- DEFINE_PROP_END_OF_LIST(),
-};
-
-static void onenand_class_init(ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS(klass);
- SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
-
- k->init = onenand_initfn;
- dc->reset = onenand_system_reset;
- dc->props = onenand_properties;
-}
-
-static TypeInfo onenand_info = {
- .name = "onenand",
- .parent = TYPE_SYS_BUS_DEVICE,
- .instance_size = sizeof(OneNANDState),
- .class_init = onenand_class_init,
-};
-
-static void onenand_register_types(void)
-{
- type_register_static(&onenand_info);
-}
-
-void *onenand_raw_otp(DeviceState *onenand_device)
-{
- return FROM_SYSBUS(OneNANDState, sysbus_from_qdev(onenand_device))->otp;
-}
-
-type_init(onenand_register_types)
diff --git a/hw/opencores_eth.c b/hw/opencores_eth.c
deleted file mode 100644
index b2780b933..000000000
--- a/hw/opencores_eth.c
+++ /dev/null
@@ -1,733 +0,0 @@
-/*
- * OpenCores Ethernet MAC 10/100 + subset of
- * National Semiconductors DP83848C 10/100 PHY
- *
- * http://opencores.org/svnget,ethmac?file=%2Ftrunk%2F%2Fdoc%2Feth_speci.pdf
- * http://cache.national.com/ds/DP/DP83848C.pdf
- *
- * Copyright (c) 2011, Max Filippov, Open Source and Linux Lab.
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions are met:
- * * Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * * Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * * Neither the name of the Open Source and Linux Lab nor the
- * names of its contributors may be used to endorse or promote products
- * derived from this software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
- * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
- * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
- * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
- * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-#include "hw.h"
-#include "sysbus.h"
-#include "net.h"
-#include "sysemu.h"
-#include "trace.h"
-
-/* RECSMALL is not used because it breaks tap networking in linux:
- * incoming ARP responses are too short
- */
-#undef USE_RECSMALL
-
-#define GET_FIELD(v, field) (((v) & (field)) >> (field ## _LBN))
-#define GET_REGBIT(s, reg, field) ((s)->regs[reg] & (reg ## _ ## field))
-#define GET_REGFIELD(s, reg, field) \
- GET_FIELD((s)->regs[reg], reg ## _ ## field)
-
-#define SET_FIELD(v, field, data) \
- ((v) = (((v) & ~(field)) | (((data) << (field ## _LBN)) & (field))))
-#define SET_REGFIELD(s, reg, field, data) \
- SET_FIELD((s)->regs[reg], reg ## _ ## field, data)
-
-/* PHY MII registers */
-enum {
- MII_BMCR,
- MII_BMSR,
- MII_PHYIDR1,
- MII_PHYIDR2,
- MII_ANAR,
- MII_ANLPAR,
- MII_REG_MAX = 16,
-};
-
-typedef struct Mii {
- uint16_t regs[MII_REG_MAX];
- bool link_ok;
-} Mii;
-
-static void mii_set_link(Mii *s, bool link_ok)
-{
- if (link_ok) {
- s->regs[MII_BMSR] |= 0x4;
- s->regs[MII_ANLPAR] |= 0x01e1;
- } else {
- s->regs[MII_BMSR] &= ~0x4;
- s->regs[MII_ANLPAR] &= 0x01ff;
- }
- s->link_ok = link_ok;
-}
-
-static void mii_reset(Mii *s)
-{
- memset(s->regs, 0, sizeof(s->regs));
- s->regs[MII_BMCR] = 0x1000;
- s->regs[MII_BMSR] = 0x7848; /* no ext regs */
- s->regs[MII_PHYIDR1] = 0x2000;
- s->regs[MII_PHYIDR2] = 0x5c90;
- s->regs[MII_ANAR] = 0x01e1;
- mii_set_link(s, s->link_ok);
-}
-
-static void mii_ro(Mii *s, uint16_t v)
-{
-}
-
-static void mii_write_bmcr(Mii *s, uint16_t v)
-{
- if (v & 0x8000) {
- mii_reset(s);
- } else {
- s->regs[MII_BMCR] = v;
- }
-}
-
-static void mii_write_host(Mii *s, unsigned idx, uint16_t v)
-{
- static void (*reg_write[MII_REG_MAX])(Mii *s, uint16_t v) = {
- [MII_BMCR] = mii_write_bmcr,
- [MII_BMSR] = mii_ro,
- [MII_PHYIDR1] = mii_ro,
- [MII_PHYIDR2] = mii_ro,
- };
-
- if (idx < MII_REG_MAX) {
- trace_open_eth_mii_write(idx, v);
- if (reg_write[idx]) {
- reg_write[idx](s, v);
- } else {
- s->regs[idx] = v;
- }
- }
-}
-
-static uint16_t mii_read_host(Mii *s, unsigned idx)
-{
- trace_open_eth_mii_read(idx, s->regs[idx]);
- return s->regs[idx];
-}
-
-/* OpenCores Ethernet registers */
-enum {
- MODER,
- INT_SOURCE,
- INT_MASK,
- IPGT,
- IPGR1,
- IPGR2,
- PACKETLEN,
- COLLCONF,
- TX_BD_NUM,
- CTRLMODER,
- MIIMODER,
- MIICOMMAND,
- MIIADDRESS,
- MIITX_DATA,
- MIIRX_DATA,
- MIISTATUS,
- MAC_ADDR0,
- MAC_ADDR1,
- HASH0,
- HASH1,
- TXCTRL,
- REG_MAX,
-};
-
-enum {
- MODER_RECSMALL = 0x10000,
- MODER_PAD = 0x8000,
- MODER_HUGEN = 0x4000,
- MODER_RST = 0x800,
- MODER_LOOPBCK = 0x80,
- MODER_PRO = 0x20,
- MODER_IAM = 0x10,
- MODER_BRO = 0x8,
- MODER_TXEN = 0x2,
- MODER_RXEN = 0x1,
-};
-
-enum {
- INT_SOURCE_RXB = 0x4,
- INT_SOURCE_TXB = 0x1,
-};
-
-enum {
- PACKETLEN_MINFL = 0xffff0000,
- PACKETLEN_MINFL_LBN = 16,
- PACKETLEN_MAXFL = 0xffff,
- PACKETLEN_MAXFL_LBN = 0,
-};
-
-enum {
- MIICOMMAND_WCTRLDATA = 0x4,
- MIICOMMAND_RSTAT = 0x2,
- MIICOMMAND_SCANSTAT = 0x1,
-};
-
-enum {
- MIIADDRESS_RGAD = 0x1f00,
- MIIADDRESS_RGAD_LBN = 8,
- MIIADDRESS_FIAD = 0x1f,
- MIIADDRESS_FIAD_LBN = 0,
-};
-
-enum {
- MIITX_DATA_CTRLDATA = 0xffff,
- MIITX_DATA_CTRLDATA_LBN = 0,
-};
-
-enum {
- MIIRX_DATA_PRSD = 0xffff,
- MIIRX_DATA_PRSD_LBN = 0,
-};
-
-enum {
- MIISTATUS_LINKFAIL = 0x1,
- MIISTATUS_LINKFAIL_LBN = 0,
-};
-
-enum {
- MAC_ADDR0_BYTE2 = 0xff000000,
- MAC_ADDR0_BYTE2_LBN = 24,
- MAC_ADDR0_BYTE3 = 0xff0000,
- MAC_ADDR0_BYTE3_LBN = 16,
- MAC_ADDR0_BYTE4 = 0xff00,
- MAC_ADDR0_BYTE4_LBN = 8,
- MAC_ADDR0_BYTE5 = 0xff,
- MAC_ADDR0_BYTE5_LBN = 0,
-};
-
-enum {
- MAC_ADDR1_BYTE0 = 0xff00,
- MAC_ADDR1_BYTE0_LBN = 8,
- MAC_ADDR1_BYTE1 = 0xff,
- MAC_ADDR1_BYTE1_LBN = 0,
-};
-
-enum {
- TXD_LEN = 0xffff0000,
- TXD_LEN_LBN = 16,
- TXD_RD = 0x8000,
- TXD_IRQ = 0x4000,
- TXD_WR = 0x2000,
- TXD_PAD = 0x1000,
- TXD_CRC = 0x800,
- TXD_UR = 0x100,
- TXD_RTRY = 0xf0,
- TXD_RTRY_LBN = 4,
- TXD_RL = 0x8,
- TXD_LC = 0x4,
- TXD_DF = 0x2,
- TXD_CS = 0x1,
-};
-
-enum {
- RXD_LEN = 0xffff0000,
- RXD_LEN_LBN = 16,
- RXD_E = 0x8000,
- RXD_IRQ = 0x4000,
- RXD_WRAP = 0x2000,
- RXD_CF = 0x100,
- RXD_M = 0x80,
- RXD_OR = 0x40,
- RXD_IS = 0x20,
- RXD_DN = 0x10,
- RXD_TL = 0x8,
- RXD_SF = 0x4,
- RXD_CRC = 0x2,
- RXD_LC = 0x1,
-};
-
-typedef struct desc {
- uint32_t len_flags;
- uint32_t buf_ptr;
-} desc;
-
-#define DEFAULT_PHY 1
-
-typedef struct OpenEthState {
- SysBusDevice dev;
- NICState *nic;
- NICConf conf;
- MemoryRegion reg_io;
- MemoryRegion desc_io;
- qemu_irq irq;
-
- Mii mii;
- uint32_t regs[REG_MAX];
- unsigned tx_desc;
- unsigned rx_desc;
- desc desc[128];
-} OpenEthState;
-
-static desc *rx_desc(OpenEthState *s)
-{
- return s->desc + s->rx_desc;
-}
-
-static desc *tx_desc(OpenEthState *s)
-{
- return s->desc + s->tx_desc;
-}
-
-static void open_eth_update_irq(OpenEthState *s,
- uint32_t old, uint32_t new)
-{
- if (!old != !new) {
- trace_open_eth_update_irq(new);
- qemu_set_irq(s->irq, new);
- }
-}
-
-static void open_eth_int_source_write(OpenEthState *s,
- uint32_t val)
-{
- uint32_t old_val = s->regs[INT_SOURCE];
-
- s->regs[INT_SOURCE] = val;
- open_eth_update_irq(s, old_val & s->regs[INT_MASK],
- s->regs[INT_SOURCE] & s->regs[INT_MASK]);
-}
-
-static void open_eth_set_link_status(NetClientState *nc)
-{
- OpenEthState *s = DO_UPCAST(NICState, nc, nc)->opaque;
-
- if (GET_REGBIT(s, MIICOMMAND, SCANSTAT)) {
- SET_REGFIELD(s, MIISTATUS, LINKFAIL, nc->link_down);
- }
- mii_set_link(&s->mii, !nc->link_down);
-}
-
-static void open_eth_reset(void *opaque)
-{
- OpenEthState *s = opaque;
-
- memset(s->regs, 0, sizeof(s->regs));
- s->regs[MODER] = 0xa000;
- s->regs[IPGT] = 0x12;
- s->regs[IPGR1] = 0xc;
- s->regs[IPGR2] = 0x12;
- s->regs[PACKETLEN] = 0x400600;
- s->regs[COLLCONF] = 0xf003f;
- s->regs[TX_BD_NUM] = 0x40;
- s->regs[MIIMODER] = 0x64;
-
- s->tx_desc = 0;
- s->rx_desc = 0x40;
-
- mii_reset(&s->mii);
- open_eth_set_link_status(&s->nic->nc);
-}
-
-static int open_eth_can_receive(NetClientState *nc)
-{
- OpenEthState *s = DO_UPCAST(NICState, nc, nc)->opaque;
-
- return GET_REGBIT(s, MODER, RXEN) &&
- (s->regs[TX_BD_NUM] < 0x80) &&
- (rx_desc(s)->len_flags & RXD_E);
-}
-
-static ssize_t open_eth_receive(NetClientState *nc,
- const uint8_t *buf, size_t size)
-{
- OpenEthState *s = DO_UPCAST(NICState, nc, nc)->opaque;
- size_t maxfl = GET_REGFIELD(s, PACKETLEN, MAXFL);
- size_t minfl = GET_REGFIELD(s, PACKETLEN, MINFL);
- size_t fcsl = 4;
- bool miss = true;
-
- trace_open_eth_receive((unsigned)size);
-
- if (size >= 6) {
- static const uint8_t bcast_addr[] = {
- 0xff, 0xff, 0xff, 0xff, 0xff, 0xff
- };
- if (memcmp(buf, bcast_addr, sizeof(bcast_addr)) == 0) {
- miss = GET_REGBIT(s, MODER, BRO);
- } else if ((buf[0] & 0x1) || GET_REGBIT(s, MODER, IAM)) {
- unsigned mcast_idx = compute_mcast_idx(buf);
- miss = !(s->regs[HASH0 + mcast_idx / 32] &
- (1 << (mcast_idx % 32)));
- trace_open_eth_receive_mcast(
- mcast_idx, s->regs[HASH0], s->regs[HASH1]);
- } else {
- miss = GET_REGFIELD(s, MAC_ADDR1, BYTE0) != buf[0] ||
- GET_REGFIELD(s, MAC_ADDR1, BYTE1) != buf[1] ||
- GET_REGFIELD(s, MAC_ADDR0, BYTE2) != buf[2] ||
- GET_REGFIELD(s, MAC_ADDR0, BYTE3) != buf[3] ||
- GET_REGFIELD(s, MAC_ADDR0, BYTE4) != buf[4] ||
- GET_REGFIELD(s, MAC_ADDR0, BYTE5) != buf[5];
- }
- }
-
- if (miss && !GET_REGBIT(s, MODER, PRO)) {
- trace_open_eth_receive_reject();
- return size;
- }
-
-#ifdef USE_RECSMALL
- if (GET_REGBIT(s, MODER, RECSMALL) || size >= minfl) {
-#else
- {
-#endif
- static const uint8_t zero[64] = {0};
- desc *desc = rx_desc(s);
- size_t copy_size = GET_REGBIT(s, MODER, HUGEN) ? 65536 : maxfl;
-
- desc->len_flags &= ~(RXD_CF | RXD_M | RXD_OR |
- RXD_IS | RXD_DN | RXD_TL | RXD_SF | RXD_CRC | RXD_LC);
-
- if (copy_size > size) {
- copy_size = size;
- } else {
- fcsl = 0;
- }
- if (miss) {
- desc->len_flags |= RXD_M;
- }
- if (GET_REGBIT(s, MODER, HUGEN) && size > maxfl) {
- desc->len_flags |= RXD_TL;
- }
-#ifdef USE_RECSMALL
- if (size < minfl) {
- desc->len_flags |= RXD_SF;
- }
-#endif
-
- cpu_physical_memory_write(desc->buf_ptr, buf, copy_size);
-
- if (GET_REGBIT(s, MODER, PAD) && copy_size < minfl) {
- if (minfl - copy_size > fcsl) {
- fcsl = 0;
- } else {
- fcsl -= minfl - copy_size;
- }
- while (copy_size < minfl) {
- size_t zero_sz = minfl - copy_size < sizeof(zero) ?
- minfl - copy_size : sizeof(zero);
-
- cpu_physical_memory_write(desc->buf_ptr + copy_size,
- zero, zero_sz);
- copy_size += zero_sz;
- }
- }
-
- /* There's no FCS in the frames handed to us by the QEMU, zero fill it.
- * Don't do it if the frame is cut at the MAXFL or padded with 4 or
- * more bytes to the MINFL.
- */
- cpu_physical_memory_write(desc->buf_ptr + copy_size, zero, fcsl);
- copy_size += fcsl;
-
- SET_FIELD(desc->len_flags, RXD_LEN, copy_size);
-
- if ((desc->len_flags & RXD_WRAP) || s->rx_desc == 0x7f) {
- s->rx_desc = s->regs[TX_BD_NUM];
- } else {
- ++s->rx_desc;
- }
- desc->len_flags &= ~RXD_E;
-
- trace_open_eth_receive_desc(desc->buf_ptr, desc->len_flags);
-
- if (desc->len_flags & RXD_IRQ) {
- open_eth_int_source_write(s,
- s->regs[INT_SOURCE] | INT_SOURCE_RXB);
- }
- }
- return size;
-}
-
-static void open_eth_cleanup(NetClientState *nc)
-{
-}
-
-static NetClientInfo net_open_eth_info = {
- .type = NET_CLIENT_OPTIONS_KIND_NIC,
- .size = sizeof(NICState),
- .can_receive = open_eth_can_receive,
- .receive = open_eth_receive,
- .cleanup = open_eth_cleanup,
- .link_status_changed = open_eth_set_link_status,
-};
-
-static void open_eth_start_xmit(OpenEthState *s, desc *tx)
-{
- uint8_t buf[65536];
- unsigned len = GET_FIELD(tx->len_flags, TXD_LEN);
- unsigned tx_len = len;
-
- if ((tx->len_flags & TXD_PAD) &&
- tx_len < GET_REGFIELD(s, PACKETLEN, MINFL)) {
- tx_len = GET_REGFIELD(s, PACKETLEN, MINFL);
- }
- if (!GET_REGBIT(s, MODER, HUGEN) &&
- tx_len > GET_REGFIELD(s, PACKETLEN, MAXFL)) {
- tx_len = GET_REGFIELD(s, PACKETLEN, MAXFL);
- }
-
- trace_open_eth_start_xmit(tx->buf_ptr, len, tx_len);
-
- if (len > tx_len) {
- len = tx_len;
- }
- cpu_physical_memory_read(tx->buf_ptr, buf, len);
- if (tx_len > len) {
- memset(buf + len, 0, tx_len - len);
- }
- qemu_send_packet(&s->nic->nc, buf, tx_len);
-
- if (tx->len_flags & TXD_WR) {
- s->tx_desc = 0;
- } else {
- ++s->tx_desc;
- if (s->tx_desc >= s->regs[TX_BD_NUM]) {
- s->tx_desc = 0;
- }
- }
- tx->len_flags &= ~(TXD_RD | TXD_UR |
- TXD_RTRY | TXD_RL | TXD_LC | TXD_DF | TXD_CS);
- if (tx->len_flags & TXD_IRQ) {
- open_eth_int_source_write(s, s->regs[INT_SOURCE] | INT_SOURCE_TXB);
- }
-
-}
-
-static void open_eth_check_start_xmit(OpenEthState *s)
-{
- desc *tx = tx_desc(s);
- if (GET_REGBIT(s, MODER, TXEN) && s->regs[TX_BD_NUM] > 0 &&
- (tx->len_flags & TXD_RD) &&
- GET_FIELD(tx->len_flags, TXD_LEN) > 4) {
- open_eth_start_xmit(s, tx);
- }
-}
-
-static uint64_t open_eth_reg_read(void *opaque,
- hwaddr addr, unsigned int size)
-{
- static uint32_t (*reg_read[REG_MAX])(OpenEthState *s) = {
- };
- OpenEthState *s = opaque;
- unsigned idx = addr / 4;
- uint64_t v = 0;
-
- if (idx < REG_MAX) {
- if (reg_read[idx]) {
- v = reg_read[idx](s);
- } else {
- v = s->regs[idx];
- }
- }
- trace_open_eth_reg_read((uint32_t)addr, (uint32_t)v);
- return v;
-}
-
-static void open_eth_ro(OpenEthState *s, uint32_t val)
-{
-}
-
-static void open_eth_moder_host_write(OpenEthState *s, uint32_t val)
-{
- uint32_t set = val & ~s->regs[MODER];
-
- if (set & MODER_RST) {
- open_eth_reset(s);
- }
-
- s->regs[MODER] = val;
-
- if (set & MODER_RXEN) {
- s->rx_desc = s->regs[TX_BD_NUM];
- }
- if (set & MODER_TXEN) {
- s->tx_desc = 0;
- open_eth_check_start_xmit(s);
- }
-}
-
-static void open_eth_int_source_host_write(OpenEthState *s, uint32_t val)
-{
- uint32_t old = s->regs[INT_SOURCE];
-
- s->regs[INT_SOURCE] &= ~val;
- open_eth_update_irq(s, old & s->regs[INT_MASK],
- s->regs[INT_SOURCE] & s->regs[INT_MASK]);
-}
-
-static void open_eth_int_mask_host_write(OpenEthState *s, uint32_t val)
-{
- uint32_t old = s->regs[INT_MASK];
-
- s->regs[INT_MASK] = val;
- open_eth_update_irq(s, s->regs[INT_SOURCE] & old,
- s->regs[INT_SOURCE] & s->regs[INT_MASK]);
-}
-
-static void open_eth_mii_command_host_write(OpenEthState *s, uint32_t val)
-{
- unsigned fiad = GET_REGFIELD(s, MIIADDRESS, FIAD);
- unsigned rgad = GET_REGFIELD(s, MIIADDRESS, RGAD);
-
- if (val & MIICOMMAND_WCTRLDATA) {
- if (fiad == DEFAULT_PHY) {
- mii_write_host(&s->mii, rgad,
- GET_REGFIELD(s, MIITX_DATA, CTRLDATA));
- }
- }
- if (val & MIICOMMAND_RSTAT) {
- if (fiad == DEFAULT_PHY) {
- SET_REGFIELD(s, MIIRX_DATA, PRSD,
- mii_read_host(&s->mii, rgad));
- } else {
- s->regs[MIIRX_DATA] = 0xffff;
- }
- SET_REGFIELD(s, MIISTATUS, LINKFAIL, s->nic->nc.link_down);
- }
-}
-
-static void open_eth_mii_tx_host_write(OpenEthState *s, uint32_t val)
-{
- SET_REGFIELD(s, MIITX_DATA, CTRLDATA, val);
- if (GET_REGFIELD(s, MIIADDRESS, FIAD) == DEFAULT_PHY) {
- mii_write_host(&s->mii, GET_REGFIELD(s, MIIADDRESS, RGAD),
- GET_REGFIELD(s, MIITX_DATA, CTRLDATA));
- }
-}
-
-static void open_eth_reg_write(void *opaque,
- hwaddr addr, uint64_t val, unsigned int size)
-{
- static void (*reg_write[REG_MAX])(OpenEthState *s, uint32_t val) = {
- [MODER] = open_eth_moder_host_write,
- [INT_SOURCE] = open_eth_int_source_host_write,
- [INT_MASK] = open_eth_int_mask_host_write,
- [MIICOMMAND] = open_eth_mii_command_host_write,
- [MIITX_DATA] = open_eth_mii_tx_host_write,
- [MIISTATUS] = open_eth_ro,
- };
- OpenEthState *s = opaque;
- unsigned idx = addr / 4;
-
- if (idx < REG_MAX) {
- trace_open_eth_reg_write((uint32_t)addr, (uint32_t)val);
- if (reg_write[idx]) {
- reg_write[idx](s, val);
- } else {
- s->regs[idx] = val;
- }
- }
-}
-
-static uint64_t open_eth_desc_read(void *opaque,
- hwaddr addr, unsigned int size)
-{
- OpenEthState *s = opaque;
- uint64_t v = 0;
-
- addr &= 0x3ff;
- memcpy(&v, (uint8_t *)s->desc + addr, size);
- trace_open_eth_desc_read((uint32_t)addr, (uint32_t)v);
- return v;
-}
-
-static void open_eth_desc_write(void *opaque,
- hwaddr addr, uint64_t val, unsigned int size)
-{
- OpenEthState *s = opaque;
-
- addr &= 0x3ff;
- trace_open_eth_desc_write((uint32_t)addr, (uint32_t)val);
- memcpy((uint8_t *)s->desc + addr, &val, size);
- open_eth_check_start_xmit(s);
-}
-
-
-static const MemoryRegionOps open_eth_reg_ops = {
- .read = open_eth_reg_read,
- .write = open_eth_reg_write,
-};
-
-static const MemoryRegionOps open_eth_desc_ops = {
- .read = open_eth_desc_read,
- .write = open_eth_desc_write,
-};
-
-static int sysbus_open_eth_init(SysBusDevice *dev)
-{
- OpenEthState *s = DO_UPCAST(OpenEthState, dev, dev);
-
- memory_region_init_io(&s->reg_io, &open_eth_reg_ops, s,
- "open_eth.regs", 0x54);
- sysbus_init_mmio(dev, &s->reg_io);
-
- memory_region_init_io(&s->desc_io, &open_eth_desc_ops, s,
- "open_eth.desc", 0x400);
- sysbus_init_mmio(dev, &s->desc_io);
-
- sysbus_init_irq(dev, &s->irq);
-
- s->nic = qemu_new_nic(&net_open_eth_info, &s->conf,
- object_get_typename(OBJECT(s)), s->dev.qdev.id, s);
- return 0;
-}
-
-static void qdev_open_eth_reset(DeviceState *dev)
-{
- OpenEthState *d = DO_UPCAST(OpenEthState, dev.qdev, dev);
- open_eth_reset(d);
-}
-
-static Property open_eth_properties[] = {
- DEFINE_NIC_PROPERTIES(OpenEthState, conf),
- DEFINE_PROP_END_OF_LIST(),
-};
-
-static void open_eth_class_init(ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS(klass);
- SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
-
- k->init = sysbus_open_eth_init;
- dc->desc = "Opencores 10/100 Mbit Ethernet";
- dc->reset = qdev_open_eth_reset;
- dc->props = open_eth_properties;
-}
-
-static TypeInfo open_eth_info = {
- .name = "open_eth",
- .parent = TYPE_SYS_BUS_DEVICE,
- .instance_size = sizeof(OpenEthState),
- .class_init = open_eth_class_init,
-};
-
-static void open_eth_register_types(void)
-{
- type_register_static(&open_eth_info);
-}
-
-type_init(open_eth_register_types)
diff --git a/hw/openpic.c b/hw/openpic.c
deleted file mode 100644
index 8b3784a6b..000000000
--- a/hw/openpic.c
+++ /dev/null
@@ -1,1710 +0,0 @@
-/*
- * OpenPIC emulation
- *
- * Copyright (c) 2004 Jocelyn Mayer
- * 2011 Alexander Graf
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
- * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
- * THE SOFTWARE.
- */
-/*
- *
- * Based on OpenPic implementations:
- * - Intel GW80314 I/O companion chip developer's manual
- * - Motorola MPC8245 & MPC8540 user manuals.
- * - Motorola MCP750 (aka Raven) programmer manual.
- * - Motorola Harrier programmer manuel
- *
- * Serial interrupts, as implemented in Raven chipset are not supported yet.
- *
- */
-#include "hw.h"
-#include "ppc_mac.h"
-#include "pci.h"
-#include "openpic.h"
-
-//#define DEBUG_OPENPIC
-
-#ifdef DEBUG_OPENPIC
-#define DPRINTF(fmt, ...) do { printf(fmt , ## __VA_ARGS__); } while (0)
-#else
-#define DPRINTF(fmt, ...) do { } while (0)
-#endif
-
-#define USE_MPCxxx /* Intel model is broken, for now */
-
-#if defined (USE_INTEL_GW80314)
-/* Intel GW80314 I/O Companion chip */
-
-#define MAX_CPU 4
-#define MAX_IRQ 32
-#define MAX_DBL 4
-#define MAX_MBX 4
-#define MAX_TMR 4
-#define VECTOR_BITS 8
-#define MAX_IPI 4
-
-#define VID (0x00000000)
-
-#elif defined(USE_MPCxxx)
-
-#define MAX_CPU 15
-#define MAX_IRQ 128
-#define MAX_DBL 0
-#define MAX_MBX 0
-#define MAX_TMR 4
-#define VECTOR_BITS 8
-#define MAX_IPI 4
-#define VID 0x03 /* MPIC version ID */
-#define VENI 0x00000000 /* Vendor ID */
-
-enum {
- IRQ_IPVP = 0,
- IRQ_IDE,
-};
-
-/* OpenPIC */
-#define OPENPIC_MAX_CPU 2
-#define OPENPIC_MAX_IRQ 64
-#define OPENPIC_EXT_IRQ 48
-#define OPENPIC_MAX_TMR MAX_TMR
-#define OPENPIC_MAX_IPI MAX_IPI
-
-/* Interrupt definitions */
-#define OPENPIC_IRQ_FE (OPENPIC_EXT_IRQ) /* Internal functional IRQ */
-#define OPENPIC_IRQ_ERR (OPENPIC_EXT_IRQ + 1) /* Error IRQ */
-#define OPENPIC_IRQ_TIM0 (OPENPIC_EXT_IRQ + 2) /* First timer IRQ */
-#if OPENPIC_MAX_IPI > 0
-#define OPENPIC_IRQ_IPI0 (OPENPIC_IRQ_TIM0 + OPENPIC_MAX_TMR) /* First IPI IRQ */
-#define OPENPIC_IRQ_DBL0 (OPENPIC_IRQ_IPI0 + (OPENPIC_MAX_CPU * OPENPIC_MAX_IPI)) /* First doorbell IRQ */
-#else
-#define OPENPIC_IRQ_DBL0 (OPENPIC_IRQ_TIM0 + OPENPIC_MAX_TMR) /* First doorbell IRQ */
-#define OPENPIC_IRQ_MBX0 (OPENPIC_IRQ_DBL0 + OPENPIC_MAX_DBL) /* First mailbox IRQ */
-#endif
-
-/* MPIC */
-#define MPIC_MAX_CPU 1
-#define MPIC_MAX_EXT 12
-#define MPIC_MAX_INT 64
-#define MPIC_MAX_MSG 4
-#define MPIC_MAX_MSI 8
-#define MPIC_MAX_TMR MAX_TMR
-#define MPIC_MAX_IPI MAX_IPI
-#define MPIC_MAX_IRQ (MPIC_MAX_EXT + MPIC_MAX_INT + MPIC_MAX_TMR + MPIC_MAX_MSG + MPIC_MAX_MSI + (MPIC_MAX_IPI * MPIC_MAX_CPU))
-
-/* Interrupt definitions */
-#define MPIC_EXT_IRQ 0
-#define MPIC_INT_IRQ (MPIC_EXT_IRQ + MPIC_MAX_EXT)
-#define MPIC_TMR_IRQ (MPIC_INT_IRQ + MPIC_MAX_INT)
-#define MPIC_MSG_IRQ (MPIC_TMR_IRQ + MPIC_MAX_TMR)
-#define MPIC_MSI_IRQ (MPIC_MSG_IRQ + MPIC_MAX_MSG)
-#define MPIC_IPI_IRQ (MPIC_MSI_IRQ + MPIC_MAX_MSI)
-
-#define MPIC_GLB_REG_START 0x0
-#define MPIC_GLB_REG_SIZE 0x10F0
-#define MPIC_TMR_REG_START 0x10F0
-#define MPIC_TMR_REG_SIZE 0x220
-#define MPIC_EXT_REG_START 0x10000
-#define MPIC_EXT_REG_SIZE 0x180
-#define MPIC_INT_REG_START 0x10200
-#define MPIC_INT_REG_SIZE 0x800
-#define MPIC_MSG_REG_START 0x11600
-#define MPIC_MSG_REG_SIZE 0x100
-#define MPIC_MSI_REG_START 0x11C00
-#define MPIC_MSI_REG_SIZE 0x100
-#define MPIC_CPU_REG_START 0x20000
-#define MPIC_CPU_REG_SIZE 0x100 + ((MAX_CPU - 1) * 0x1000)
-
-/*
- * Block Revision Register1 (BRR1): QEMU does not fully emulate
- * any version on MPIC. So to start with, set the IP version to 0.
- *
- * NOTE: This is Freescale MPIC specific register. Keep it here till
- * this code is refactored for different variants of OPENPIC and MPIC.
- */
-#define FSL_BRR1_IPID (0x0040 << 16) /* 16 bit IP-block ID */
-#define FSL_BRR1_IPMJ (0x00 << 8) /* 8 bit IP major number */
-#define FSL_BRR1_IPMN 0x00 /* 8 bit IP minor number */
-
-enum mpic_ide_bits {
- IDR_EP = 31,
- IDR_CI0 = 30,
- IDR_CI1 = 29,
- IDR_P1 = 1,
- IDR_P0 = 0,
-};
-
-#else
-#error "Please select which OpenPic implementation is to be emulated"
-#endif
-
-#define OPENPIC_PAGE_SIZE 4096
-
-#define BF_WIDTH(_bits_) \
-(((_bits_) + (sizeof(uint32_t) * 8) - 1) / (sizeof(uint32_t) * 8))
-
-static inline void set_bit (uint32_t *field, int bit)
-{
- field[bit >> 5] |= 1 << (bit & 0x1F);
-}
-
-static inline void reset_bit (uint32_t *field, int bit)
-{
- field[bit >> 5] &= ~(1 << (bit & 0x1F));
-}
-
-static inline int test_bit (uint32_t *field, int bit)
-{
- return (field[bit >> 5] & 1 << (bit & 0x1F)) != 0;
-}
-
-static int get_current_cpu(void)
-{
- return cpu_single_env->cpu_index;
-}
-
-static uint32_t openpic_cpu_read_internal(void *opaque, hwaddr addr,
- int idx);
-static void openpic_cpu_write_internal(void *opaque, hwaddr addr,
- uint32_t val, int idx);
-
-enum {
- IRQ_EXTERNAL = 0x01,
- IRQ_INTERNAL = 0x02,
- IRQ_TIMER = 0x04,
- IRQ_SPECIAL = 0x08,
-};
-
-typedef struct IRQ_queue_t {
- uint32_t queue[BF_WIDTH(MAX_IRQ)];
- int next;
- int priority;
-} IRQ_queue_t;
-
-typedef struct IRQ_src_t {
- uint32_t ipvp; /* IRQ vector/priority register */
- uint32_t ide; /* IRQ destination register */
- int type;
- int last_cpu;
- int pending; /* TRUE if IRQ is pending */
-} IRQ_src_t;
-
-enum IPVP_bits {
- IPVP_MASK = 31,
- IPVP_ACTIVITY = 30,
- IPVP_MODE = 29,
- IPVP_POLARITY = 23,
- IPVP_SENSE = 22,
-};
-#define IPVP_PRIORITY_MASK (0x1F << 16)
-#define IPVP_PRIORITY(_ipvpr_) ((int)(((_ipvpr_) & IPVP_PRIORITY_MASK) >> 16))
-#define IPVP_VECTOR_MASK ((1 << VECTOR_BITS) - 1)
-#define IPVP_VECTOR(_ipvpr_) ((_ipvpr_) & IPVP_VECTOR_MASK)
-
-typedef struct IRQ_dst_t {
- uint32_t tfrr;
- uint32_t pctp; /* CPU current task priority */
- uint32_t pcsr; /* CPU sensitivity register */
- IRQ_queue_t raised;
- IRQ_queue_t servicing;
- qemu_irq *irqs;
-} IRQ_dst_t;
-
-typedef struct openpic_t {
- PCIDevice pci_dev;
- MemoryRegion mem;
-
- /* Sub-regions */
- MemoryRegion sub_io_mem[7];
-
- /* Global registers */
- uint32_t frep; /* Feature reporting register */
- uint32_t glbc; /* Global configuration register */
- uint32_t micr; /* MPIC interrupt configuration register */
- uint32_t veni; /* Vendor identification register */
- uint32_t pint; /* Processor initialization register */
- uint32_t spve; /* Spurious vector register */
- uint32_t tifr; /* Timer frequency reporting register */
- /* Source registers */
- IRQ_src_t src[MAX_IRQ];
- /* Local registers per output pin */
- IRQ_dst_t dst[MAX_CPU];
- int nb_cpus;
- /* Timer registers */
- struct {
- uint32_t ticc; /* Global timer current count register */
- uint32_t tibc; /* Global timer base count register */
- } timers[MAX_TMR];
-#if MAX_DBL > 0
- /* Doorbell registers */
- uint32_t dar; /* Doorbell activate register */
- struct {
- uint32_t dmr; /* Doorbell messaging register */
- } doorbells[MAX_DBL];
-#endif
-#if MAX_MBX > 0
- /* Mailbox registers */
- struct {
- uint32_t mbr; /* Mailbox register */
- } mailboxes[MAX_MAILBOXES];
-#endif
- /* IRQ out is used when in bypass mode (not implemented) */
- qemu_irq irq_out;
- int max_irq;
- int irq_ipi0;
- int irq_tim0;
- void (*reset) (void *);
- void (*irq_raise) (struct openpic_t *, int, IRQ_src_t *);
-} openpic_t;
-
-static inline void IRQ_setbit (IRQ_queue_t *q, int n_IRQ)
-{
- set_bit(q->queue, n_IRQ);
-}
-
-static inline void IRQ_resetbit (IRQ_queue_t *q, int n_IRQ)
-{
- reset_bit(q->queue, n_IRQ);
-}
-
-static inline int IRQ_testbit (IRQ_queue_t *q, int n_IRQ)
-{
- return test_bit(q->queue, n_IRQ);
-}
-
-static void IRQ_check (openpic_t *opp, IRQ_queue_t *q)
-{
- int next, i;
- int priority;
-
- next = -1;
- priority = -1;
- for (i = 0; i < opp->max_irq; i++) {
- if (IRQ_testbit(q, i)) {
- DPRINTF("IRQ_check: irq %d set ipvp_pr=%d pr=%d\n",
- i, IPVP_PRIORITY(opp->src[i].ipvp), priority);
- if (IPVP_PRIORITY(opp->src[i].ipvp) > priority) {
- next = i;
- priority = IPVP_PRIORITY(opp->src[i].ipvp);
- }
- }
- }
- q->next = next;
- q->priority = priority;
-}
-
-static int IRQ_get_next (openpic_t *opp, IRQ_queue_t *q)
-{
- if (q->next == -1) {
- /* XXX: optimize */
- IRQ_check(opp, q);
- }
-
- return q->next;
-}
-
-static void IRQ_local_pipe (openpic_t *opp, int n_CPU, int n_IRQ)
-{
- IRQ_dst_t *dst;
- IRQ_src_t *src;
- int priority;
-
- dst = &opp->dst[n_CPU];
- src = &opp->src[n_IRQ];
- priority = IPVP_PRIORITY(src->ipvp);
- if (priority <= dst->pctp) {
- /* Too low priority */
- DPRINTF("%s: IRQ %d has too low priority on CPU %d\n",
- __func__, n_IRQ, n_CPU);
- return;
- }
- if (IRQ_testbit(&dst->raised, n_IRQ)) {
- /* Interrupt miss */
- DPRINTF("%s: IRQ %d was missed on CPU %d\n",
- __func__, n_IRQ, n_CPU);
- return;
- }
- set_bit(&src->ipvp, IPVP_ACTIVITY);
- IRQ_setbit(&dst->raised, n_IRQ);
- if (priority < dst->raised.priority) {
- /* An higher priority IRQ is already raised */
- DPRINTF("%s: IRQ %d is hidden by raised IRQ %d on CPU %d\n",
- __func__, n_IRQ, dst->raised.next, n_CPU);
- return;
- }
- IRQ_get_next(opp, &dst->raised);
- if (IRQ_get_next(opp, &dst->servicing) != -1 &&
- priority <= dst->servicing.priority) {
- DPRINTF("%s: IRQ %d is hidden by servicing IRQ %d on CPU %d\n",
- __func__, n_IRQ, dst->servicing.next, n_CPU);
- /* Already servicing a higher priority IRQ */
- return;
- }
- DPRINTF("Raise OpenPIC INT output cpu %d irq %d\n", n_CPU, n_IRQ);
- opp->irq_raise(opp, n_CPU, src);
-}
-
-/* update pic state because registers for n_IRQ have changed value */
-static void openpic_update_irq(openpic_t *opp, int n_IRQ)
-{
- IRQ_src_t *src;
- int i;
-
- src = &opp->src[n_IRQ];
-
- if (!src->pending) {
- /* no irq pending */
- DPRINTF("%s: IRQ %d is not pending\n", __func__, n_IRQ);
- return;
- }
- if (test_bit(&src->ipvp, IPVP_MASK)) {
- /* Interrupt source is disabled */
- DPRINTF("%s: IRQ %d is disabled\n", __func__, n_IRQ);
- return;
- }
- if (IPVP_PRIORITY(src->ipvp) == 0) {
- /* Priority set to zero */
- DPRINTF("%s: IRQ %d has 0 priority\n", __func__, n_IRQ);
- return;
- }
- if (test_bit(&src->ipvp, IPVP_ACTIVITY)) {
- /* IRQ already active */
- DPRINTF("%s: IRQ %d is already active\n", __func__, n_IRQ);
- return;
- }
- if (src->ide == 0x00000000) {
- /* No target */
- DPRINTF("%s: IRQ %d has no target\n", __func__, n_IRQ);
- return;
- }
-
- if (src->ide == (1 << src->last_cpu)) {
- /* Only one CPU is allowed to receive this IRQ */
- IRQ_local_pipe(opp, src->last_cpu, n_IRQ);
- } else if (!test_bit(&src->ipvp, IPVP_MODE)) {
- /* Directed delivery mode */
- for (i = 0; i < opp->nb_cpus; i++) {
- if (test_bit(&src->ide, i))
- IRQ_local_pipe(opp, i, n_IRQ);
- }
- } else {
- /* Distributed delivery mode */
- for (i = src->last_cpu + 1; i != src->last_cpu; i++) {
- if (i == opp->nb_cpus)
- i = 0;
- if (test_bit(&src->ide, i)) {
- IRQ_local_pipe(opp, i, n_IRQ);
- src->last_cpu = i;
- break;
- }
- }
- }
-}
-
-static void openpic_set_irq(void *opaque, int n_IRQ, int level)
-{
- openpic_t *opp = opaque;
- IRQ_src_t *src;
-
- src = &opp->src[n_IRQ];
- DPRINTF("openpic: set irq %d = %d ipvp=%08x\n",
- n_IRQ, level, src->ipvp);
- if (test_bit(&src->ipvp, IPVP_SENSE)) {
- /* level-sensitive irq */
- src->pending = level;
- if (!level)
- reset_bit(&src->ipvp, IPVP_ACTIVITY);
- } else {
- /* edge-sensitive irq */
- if (level)
- src->pending = 1;
- }
- openpic_update_irq(opp, n_IRQ);
-}
-
-static void openpic_reset (void *opaque)
-{
- openpic_t *opp = (openpic_t *)opaque;
- int i;
-
- opp->glbc = 0x80000000;
- /* Initialise controller registers */
- opp->frep = ((OPENPIC_EXT_IRQ - 1) << 16) | ((MAX_CPU - 1) << 8) | VID;
- opp->veni = VENI;
- opp->pint = 0x00000000;
- opp->spve = 0x000000FF;
- opp->tifr = 0x003F7A00;
- /* ? */
- opp->micr = 0x00000000;
- /* Initialise IRQ sources */
- for (i = 0; i < opp->max_irq; i++) {
- opp->src[i].ipvp = 0xA0000000;
- opp->src[i].ide = 0x00000000;
- }
- /* Initialise IRQ destinations */
- for (i = 0; i < MAX_CPU; i++) {
- opp->dst[i].pctp = 0x0000000F;
- opp->dst[i].pcsr = 0x00000000;
- memset(&opp->dst[i].raised, 0, sizeof(IRQ_queue_t));
- opp->dst[i].raised.next = -1;
- memset(&opp->dst[i].servicing, 0, sizeof(IRQ_queue_t));
- opp->dst[i].servicing.next = -1;
- }
- /* Initialise timers */
- for (i = 0; i < MAX_TMR; i++) {
- opp->timers[i].ticc = 0x00000000;
- opp->timers[i].tibc = 0x80000000;
- }
- /* Initialise doorbells */
-#if MAX_DBL > 0
- opp->dar = 0x00000000;
- for (i = 0; i < MAX_DBL; i++) {
- opp->doorbells[i].dmr = 0x00000000;
- }
-#endif
- /* Initialise mailboxes */
-#if MAX_MBX > 0
- for (i = 0; i < MAX_MBX; i++) { /* ? */
- opp->mailboxes[i].mbr = 0x00000000;
- }
-#endif
- /* Go out of RESET state */
- opp->glbc = 0x00000000;
-}
-
-static inline uint32_t read_IRQreg_ide(openpic_t *opp, int n_IRQ)
-{
- return opp->src[n_IRQ].ide;
-}
-
-static inline uint32_t read_IRQreg_ipvp(openpic_t *opp, int n_IRQ)
-{
- return opp->src[n_IRQ].ipvp;
-}
-
-static inline void write_IRQreg_ide(openpic_t *opp, int n_IRQ, uint32_t val)
-{
- uint32_t tmp;
-
- tmp = val & 0xC0000000;
- tmp |= val & ((1ULL << MAX_CPU) - 1);
- opp->src[n_IRQ].ide = tmp;
- DPRINTF("Set IDE %d to 0x%08x\n", n_IRQ, opp->src[n_IRQ].ide);
-}
-
-static inline void write_IRQreg_ipvp(openpic_t *opp, int n_IRQ, uint32_t val)
-{
- /* NOTE: not fully accurate for special IRQs, but simple and sufficient */
- /* ACTIVITY bit is read-only */
- opp->src[n_IRQ].ipvp = (opp->src[n_IRQ].ipvp & 0x40000000)
- | (val & 0x800F00FF);
- openpic_update_irq(opp, n_IRQ);
- DPRINTF("Set IPVP %d to 0x%08x -> 0x%08x\n", n_IRQ, val,
- opp->src[n_IRQ].ipvp);
-}
-
-#if 0 // Code provision for Intel model
-#if MAX_DBL > 0
-static uint32_t read_doorbell_register (openpic_t *opp,
- int n_dbl, uint32_t offset)
-{
- uint32_t retval;
-
- switch (offset) {
- case DBL_IPVP_OFFSET:
- retval = read_IRQreg_ipvp(opp, IRQ_DBL0 + n_dbl);
- break;
- case DBL_IDE_OFFSET:
- retval = read_IRQreg_ide(opp, IRQ_DBL0 + n_dbl);
- break;
- case DBL_DMR_OFFSET:
- retval = opp->doorbells[n_dbl].dmr;
- break;
- }
-
- return retval;
-}
-
-static void write_doorbell_register (penpic_t *opp, int n_dbl,
- uint32_t offset, uint32_t value)
-{
- switch (offset) {
- case DBL_IVPR_OFFSET:
- write_IRQreg_ipvp(opp, IRQ_DBL0 + n_dbl, value);
- break;
- case DBL_IDE_OFFSET:
- write_IRQreg_ide(opp, IRQ_DBL0 + n_dbl, value);
- break;
- case DBL_DMR_OFFSET:
- opp->doorbells[n_dbl].dmr = value;
- break;
- }
-}
-#endif
-
-#if MAX_MBX > 0
-static uint32_t read_mailbox_register (openpic_t *opp,
- int n_mbx, uint32_t offset)
-{
- uint32_t retval;
-
- switch (offset) {
- case MBX_MBR_OFFSET:
- retval = opp->mailboxes[n_mbx].mbr;
- break;
- case MBX_IVPR_OFFSET:
- retval = read_IRQreg_ipvp(opp, IRQ_MBX0 + n_mbx);
- break;
- case MBX_DMR_OFFSET:
- retval = read_IRQreg_ide(opp, IRQ_MBX0 + n_mbx);
- break;
- }
-
- return retval;
-}
-
-static void write_mailbox_register (openpic_t *opp, int n_mbx,
- uint32_t address, uint32_t value)
-{
- switch (offset) {
- case MBX_MBR_OFFSET:
- opp->mailboxes[n_mbx].mbr = value;
- break;
- case MBX_IVPR_OFFSET:
- write_IRQreg_ipvp(opp, IRQ_MBX0 + n_mbx, value);
- break;
- case MBX_DMR_OFFSET:
- write_IRQreg_ide(opp, IRQ_MBX0 + n_mbx, value);
- break;
- }
-}
-#endif
-#endif /* 0 : Code provision for Intel model */
-
-static void openpic_gbl_write (void *opaque, hwaddr addr, uint32_t val)
-{
- openpic_t *opp = opaque;
- IRQ_dst_t *dst;
- int idx;
-
- DPRINTF("%s: addr " TARGET_FMT_plx " <= %08x\n", __func__, addr, val);
- if (addr & 0xF)
- return;
- switch (addr) {
- case 0x00: /* Block Revision Register1 (BRR1) is Readonly */
- break;
- case 0x40:
- case 0x50:
- case 0x60:
- case 0x70:
- case 0x80:
- case 0x90:
- case 0xA0:
- case 0xB0:
- openpic_cpu_write_internal(opp, addr, val, get_current_cpu());
- break;
- case 0x1000: /* FREP */
- break;
- case 0x1020: /* GLBC */
- if (val & 0x80000000 && opp->reset)
- opp->reset(opp);
- opp->glbc = val & ~0x80000000;
- break;
- case 0x1080: /* VENI */
- break;
- case 0x1090: /* PINT */
- for (idx = 0; idx < opp->nb_cpus; idx++) {
- if ((val & (1 << idx)) && !(opp->pint & (1 << idx))) {
- DPRINTF("Raise OpenPIC RESET output for CPU %d\n", idx);
- dst = &opp->dst[idx];
- qemu_irq_raise(dst->irqs[OPENPIC_OUTPUT_RESET]);
- } else if (!(val & (1 << idx)) && (opp->pint & (1 << idx))) {
- DPRINTF("Lower OpenPIC RESET output for CPU %d\n", idx);
- dst = &opp->dst[idx];
- qemu_irq_lower(dst->irqs[OPENPIC_OUTPUT_RESET]);
- }
- }
- opp->pint = val;
- break;
- case 0x10A0: /* IPI_IPVP */
- case 0x10B0:
- case 0x10C0:
- case 0x10D0:
- {
- int idx;
- idx = (addr - 0x10A0) >> 4;
- write_IRQreg_ipvp(opp, opp->irq_ipi0 + idx, val);
- }
- break;
- case 0x10E0: /* SPVE */
- opp->spve = val & 0x000000FF;
- break;
- case 0x10F0: /* TIFR */
- opp->tifr = val;
- break;
- default:
- break;
- }
-}
-
-static uint32_t openpic_gbl_read (void *opaque, hwaddr addr)
-{
- openpic_t *opp = opaque;
- uint32_t retval;
-
- DPRINTF("%s: addr " TARGET_FMT_plx "\n", __func__, addr);
- retval = 0xFFFFFFFF;
- if (addr & 0xF)
- return retval;
- switch (addr) {
- case 0x1000: /* FREP */
- retval = opp->frep;
- break;
- case 0x1020: /* GLBC */
- retval = opp->glbc;
- break;
- case 0x1080: /* VENI */
- retval = opp->veni;
- break;
- case 0x1090: /* PINT */
- retval = 0x00000000;
- break;
- case 0x00: /* Block Revision Register1 (BRR1) */
- case 0x40:
- case 0x50:
- case 0x60:
- case 0x70:
- case 0x80:
- case 0x90:
- case 0xA0:
- case 0xB0:
- retval = openpic_cpu_read_internal(opp, addr, get_current_cpu());
- break;
- case 0x10A0: /* IPI_IPVP */
- case 0x10B0:
- case 0x10C0:
- case 0x10D0:
- {
- int idx;
- idx = (addr - 0x10A0) >> 4;
- retval = read_IRQreg_ipvp(opp, opp->irq_ipi0 + idx);
- }
- break;
- case 0x10E0: /* SPVE */
- retval = opp->spve;
- break;
- case 0x10F0: /* TIFR */
- retval = opp->tifr;
- break;
- default:
- break;
- }
- DPRINTF("%s: => %08x\n", __func__, retval);
-
- return retval;
-}
-
-static void openpic_timer_write (void *opaque, uint32_t addr, uint32_t val)
-{
- openpic_t *opp = opaque;
- int idx;
-
- DPRINTF("%s: addr %08x <= %08x\n", __func__, addr, val);
- if (addr & 0xF)
- return;
- addr -= 0x10;
- addr &= 0xFFFF;
- idx = (addr & 0xFFF0) >> 6;
- addr = addr & 0x30;
- switch (addr) {
- case 0x00: /* TICC */
- break;
- case 0x10: /* TIBC */
- if ((opp->timers[idx].ticc & 0x80000000) != 0 &&
- (val & 0x80000000) == 0 &&
- (opp->timers[idx].tibc & 0x80000000) != 0)
- opp->timers[idx].ticc &= ~0x80000000;
- opp->timers[idx].tibc = val;
- break;
- case 0x20: /* TIVP */
- write_IRQreg_ipvp(opp, opp->irq_tim0 + idx, val);
- break;
- case 0x30: /* TIDE */
- write_IRQreg_ide(opp, opp->irq_tim0 + idx, val);
- break;
- }
-}
-
-static uint32_t openpic_timer_read (void *opaque, uint32_t addr)
-{
- openpic_t *opp = opaque;
- uint32_t retval;
- int idx;
-
- DPRINTF("%s: addr %08x\n", __func__, addr);
- retval = 0xFFFFFFFF;
- if (addr & 0xF)
- return retval;
- addr -= 0x10;
- addr &= 0xFFFF;
- idx = (addr & 0xFFF0) >> 6;
- addr = addr & 0x30;
- switch (addr) {
- case 0x00: /* TICC */
- retval = opp->timers[idx].ticc;
- break;
- case 0x10: /* TIBC */
- retval = opp->timers[idx].tibc;
- break;
- case 0x20: /* TIPV */
- retval = read_IRQreg_ipvp(opp, opp->irq_tim0 + idx);
- break;
- case 0x30: /* TIDE */
- retval = read_IRQreg_ide(opp, opp->irq_tim0 + idx);
- break;
- }
- DPRINTF("%s: => %08x\n", __func__, retval);
-
- return retval;
-}
-
-static void openpic_src_write (void *opaque, uint32_t addr, uint32_t val)
-{
- openpic_t *opp = opaque;
- int idx;
-
- DPRINTF("%s: addr %08x <= %08x\n", __func__, addr, val);
- if (addr & 0xF)
- return;
- addr = addr & 0xFFF0;
- idx = addr >> 5;
- if (addr & 0x10) {
- /* EXDE / IFEDE / IEEDE */
- write_IRQreg_ide(opp, idx, val);
- } else {
- /* EXVP / IFEVP / IEEVP */
- write_IRQreg_ipvp(opp, idx, val);
- }
-}
-
-static uint32_t openpic_src_read (void *opaque, uint32_t addr)
-{
- openpic_t *opp = opaque;
- uint32_t retval;
- int idx;
-
- DPRINTF("%s: addr %08x\n", __func__, addr);
- retval = 0xFFFFFFFF;
- if (addr & 0xF)
- return retval;
- addr = addr & 0xFFF0;
- idx = addr >> 5;
- if (addr & 0x10) {
- /* EXDE / IFEDE / IEEDE */
- retval = read_IRQreg_ide(opp, idx);
- } else {
- /* EXVP / IFEVP / IEEVP */
- retval = read_IRQreg_ipvp(opp, idx);
- }
- DPRINTF("%s: => %08x\n", __func__, retval);
-
- return retval;
-}
-
-static void openpic_cpu_write_internal(void *opaque, hwaddr addr,
- uint32_t val, int idx)
-{
- openpic_t *opp = opaque;
- IRQ_src_t *src;
- IRQ_dst_t *dst;
- int s_IRQ, n_IRQ;
-
- DPRINTF("%s: cpu %d addr " TARGET_FMT_plx " <= %08x\n", __func__, idx,
- addr, val);
- if (addr & 0xF)
- return;
- dst = &opp->dst[idx];
- addr &= 0xFF0;
- switch (addr) {
-#if MAX_IPI > 0
- case 0x40: /* IPIDR */
- case 0x50:
- case 0x60:
- case 0x70:
- idx = (addr - 0x40) >> 4;
- /* we use IDE as mask which CPUs to deliver the IPI to still. */
- write_IRQreg_ide(opp, opp->irq_ipi0 + idx,
- opp->src[opp->irq_ipi0 + idx].ide | val);
- openpic_set_irq(opp, opp->irq_ipi0 + idx, 1);
- openpic_set_irq(opp, opp->irq_ipi0 + idx, 0);
- break;
-#endif
- case 0x80: /* PCTP */
- dst->pctp = val & 0x0000000F;
- break;
- case 0x90: /* WHOAMI */
- /* Read-only register */
- break;
- case 0xA0: /* PIAC */
- /* Read-only register */
- break;
- case 0xB0: /* PEOI */
- DPRINTF("PEOI\n");
- s_IRQ = IRQ_get_next(opp, &dst->servicing);
- IRQ_resetbit(&dst->servicing, s_IRQ);
- dst->servicing.next = -1;
- /* Set up next servicing IRQ */
- s_IRQ = IRQ_get_next(opp, &dst->servicing);
- /* Check queued interrupts. */
- n_IRQ = IRQ_get_next(opp, &dst->raised);
- src = &opp->src[n_IRQ];
- if (n_IRQ != -1 &&
- (s_IRQ == -1 ||
- IPVP_PRIORITY(src->ipvp) > dst->servicing.priority)) {
- DPRINTF("Raise OpenPIC INT output cpu %d irq %d\n",
- idx, n_IRQ);
- opp->irq_raise(opp, idx, src);
- }
- break;
- default:
- break;
- }
-}
-
-static void openpic_cpu_write(void *opaque, hwaddr addr, uint32_t val)
-{
- openpic_cpu_write_internal(opaque, addr, val, (addr & 0x1f000) >> 12);
-}
-
-static uint32_t openpic_cpu_read_internal(void *opaque, hwaddr addr,
- int idx)
-{
- openpic_t *opp = opaque;
- IRQ_src_t *src;
- IRQ_dst_t *dst;
- uint32_t retval;
- int n_IRQ;
-
- DPRINTF("%s: cpu %d addr " TARGET_FMT_plx "\n", __func__, idx, addr);
- retval = 0xFFFFFFFF;
- if (addr & 0xF)
- return retval;
- dst = &opp->dst[idx];
- addr &= 0xFF0;
- switch (addr) {
- case 0x00: /* Block Revision Register1 (BRR1) */
- retval = FSL_BRR1_IPID | FSL_BRR1_IPMJ | FSL_BRR1_IPMN;
- break;
- case 0x80: /* PCTP */
- retval = dst->pctp;
- break;
- case 0x90: /* WHOAMI */
- retval = idx;
- break;
- case 0xA0: /* PIAC */
- DPRINTF("Lower OpenPIC INT output\n");
- qemu_irq_lower(dst->irqs[OPENPIC_OUTPUT_INT]);
- n_IRQ = IRQ_get_next(opp, &dst->raised);
- DPRINTF("PIAC: irq=%d\n", n_IRQ);
- if (n_IRQ == -1) {
- /* No more interrupt pending */
- retval = IPVP_VECTOR(opp->spve);
- } else {
- src = &opp->src[n_IRQ];
- if (!test_bit(&src->ipvp, IPVP_ACTIVITY) ||
- !(IPVP_PRIORITY(src->ipvp) > dst->pctp)) {
- /* - Spurious level-sensitive IRQ
- * - Priorities has been changed
- * and the pending IRQ isn't allowed anymore
- */
- reset_bit(&src->ipvp, IPVP_ACTIVITY);
- retval = IPVP_VECTOR(opp->spve);
- } else {
- /* IRQ enter servicing state */
- IRQ_setbit(&dst->servicing, n_IRQ);
- retval = IPVP_VECTOR(src->ipvp);
- }
- IRQ_resetbit(&dst->raised, n_IRQ);
- dst->raised.next = -1;
- if (!test_bit(&src->ipvp, IPVP_SENSE)) {
- /* edge-sensitive IRQ */
- reset_bit(&src->ipvp, IPVP_ACTIVITY);
- src->pending = 0;
- }
-
- if ((n_IRQ >= opp->irq_ipi0) && (n_IRQ < (opp->irq_ipi0 + MAX_IPI))) {
- src->ide &= ~(1 << idx);
- if (src->ide && !test_bit(&src->ipvp, IPVP_SENSE)) {
- /* trigger on CPUs that didn't know about it yet */
- openpic_set_irq(opp, n_IRQ, 1);
- openpic_set_irq(opp, n_IRQ, 0);
- /* if all CPUs knew about it, set active bit again */
- set_bit(&src->ipvp, IPVP_ACTIVITY);
- }
- }
- }
- break;
- case 0xB0: /* PEOI */
- retval = 0;
- break;
- default:
- break;
- }
- DPRINTF("%s: => %08x\n", __func__, retval);
-
- return retval;
-}
-
-static uint32_t openpic_cpu_read(void *opaque, hwaddr addr)
-{
- return openpic_cpu_read_internal(opaque, addr, (addr & 0x1f000) >> 12);
-}
-
-static void openpic_buggy_write (void *opaque,
- hwaddr addr, uint32_t val)
-{
- printf("Invalid OPENPIC write access !\n");
-}
-
-static uint32_t openpic_buggy_read (void *opaque, hwaddr addr)
-{
- printf("Invalid OPENPIC read access !\n");
-
- return -1;
-}
-
-static void openpic_writel (void *opaque,
- hwaddr addr, uint32_t val)
-{
- openpic_t *opp = opaque;
-
- addr &= 0x3FFFF;
- DPRINTF("%s: offset %08x val: %08x\n", __func__, (int)addr, val);
- if (addr < 0x1100) {
- /* Global registers */
- openpic_gbl_write(opp, addr, val);
- } else if (addr < 0x10000) {
- /* Timers registers */
- openpic_timer_write(opp, addr, val);
- } else if (addr < 0x20000) {
- /* Source registers */
- openpic_src_write(opp, addr, val);
- } else {
- /* CPU registers */
- openpic_cpu_write(opp, addr, val);
- }
-}
-
-static uint32_t openpic_readl (void *opaque,hwaddr addr)
-{
- openpic_t *opp = opaque;
- uint32_t retval;
-
- addr &= 0x3FFFF;
- DPRINTF("%s: offset %08x\n", __func__, (int)addr);
- if (addr < 0x1100) {
- /* Global registers */
- retval = openpic_gbl_read(opp, addr);
- } else if (addr < 0x10000) {
- /* Timers registers */
- retval = openpic_timer_read(opp, addr);
- } else if (addr < 0x20000) {
- /* Source registers */
- retval = openpic_src_read(opp, addr);
- } else {
- /* CPU registers */
- retval = openpic_cpu_read(opp, addr);
- }
-
- return retval;
-}
-
-static uint64_t openpic_read(void *opaque, hwaddr addr,
- unsigned size)
-{
- openpic_t *opp = opaque;
-
- switch (size) {
- case 4: return openpic_readl(opp, addr);
- default: return openpic_buggy_read(opp, addr);
- }
-}
-
-static void openpic_write(void *opaque, hwaddr addr,
- uint64_t data, unsigned size)
-{
- openpic_t *opp = opaque;
-
- switch (size) {
- case 4: return openpic_writel(opp, addr, data);
- default: return openpic_buggy_write(opp, addr, data);
- }
-}
-
-static const MemoryRegionOps openpic_ops = {
- .read = openpic_read,
- .write = openpic_write,
- .endianness = DEVICE_LITTLE_ENDIAN,
-};
-
-static void openpic_save_IRQ_queue(QEMUFile* f, IRQ_queue_t *q)
-{
- unsigned int i;
-
- for (i = 0; i < BF_WIDTH(MAX_IRQ); i++)
- qemu_put_be32s(f, &q->queue[i]);
-
- qemu_put_sbe32s(f, &q->next);
- qemu_put_sbe32s(f, &q->priority);
-}
-
-static void openpic_save(QEMUFile* f, void *opaque)
-{
- openpic_t *opp = (openpic_t *)opaque;
- unsigned int i;
-
- qemu_put_be32s(f, &opp->frep);
- qemu_put_be32s(f, &opp->glbc);
- qemu_put_be32s(f, &opp->micr);
- qemu_put_be32s(f, &opp->veni);
- qemu_put_be32s(f, &opp->pint);
- qemu_put_be32s(f, &opp->spve);
- qemu_put_be32s(f, &opp->tifr);
-
- for (i = 0; i < opp->max_irq; i++) {
- qemu_put_be32s(f, &opp->src[i].ipvp);
- qemu_put_be32s(f, &opp->src[i].ide);
- qemu_put_sbe32s(f, &opp->src[i].type);
- qemu_put_sbe32s(f, &opp->src[i].last_cpu);
- qemu_put_sbe32s(f, &opp->src[i].pending);
- }
-
- qemu_put_sbe32s(f, &opp->nb_cpus);
-
- for (i = 0; i < opp->nb_cpus; i++) {
- qemu_put_be32s(f, &opp->dst[i].tfrr);
- qemu_put_be32s(f, &opp->dst[i].pctp);
- qemu_put_be32s(f, &opp->dst[i].pcsr);
- openpic_save_IRQ_queue(f, &opp->dst[i].raised);
- openpic_save_IRQ_queue(f, &opp->dst[i].servicing);
- }
-
- for (i = 0; i < MAX_TMR; i++) {
- qemu_put_be32s(f, &opp->timers[i].ticc);
- qemu_put_be32s(f, &opp->timers[i].tibc);
- }
-
-#if MAX_DBL > 0
- qemu_put_be32s(f, &opp->dar);
-
- for (i = 0; i < MAX_DBL; i++) {
- qemu_put_be32s(f, &opp->doorbells[i].dmr);
- }
-#endif
-
-#if MAX_MBX > 0
- for (i = 0; i < MAX_MAILBOXES; i++) {
- qemu_put_be32s(f, &opp->mailboxes[i].mbr);
- }
-#endif
-
- pci_device_save(&opp->pci_dev, f);
-}
-
-static void openpic_load_IRQ_queue(QEMUFile* f, IRQ_queue_t *q)
-{
- unsigned int i;
-
- for (i = 0; i < BF_WIDTH(MAX_IRQ); i++)
- qemu_get_be32s(f, &q->queue[i]);
-
- qemu_get_sbe32s(f, &q->next);
- qemu_get_sbe32s(f, &q->priority);
-}
-
-static int openpic_load(QEMUFile* f, void *opaque, int version_id)
-{
- openpic_t *opp = (openpic_t *)opaque;
- unsigned int i;
-
- if (version_id != 1)
- return -EINVAL;
-
- qemu_get_be32s(f, &opp->frep);
- qemu_get_be32s(f, &opp->glbc);
- qemu_get_be32s(f, &opp->micr);
- qemu_get_be32s(f, &opp->veni);
- qemu_get_be32s(f, &opp->pint);
- qemu_get_be32s(f, &opp->spve);
- qemu_get_be32s(f, &opp->tifr);
-
- for (i = 0; i < opp->max_irq; i++) {
- qemu_get_be32s(f, &opp->src[i].ipvp);
- qemu_get_be32s(f, &opp->src[i].ide);
- qemu_get_sbe32s(f, &opp->src[i].type);
- qemu_get_sbe32s(f, &opp->src[i].last_cpu);
- qemu_get_sbe32s(f, &opp->src[i].pending);
- }
-
- qemu_get_sbe32s(f, &opp->nb_cpus);
-
- for (i = 0; i < opp->nb_cpus; i++) {
- qemu_get_be32s(f, &opp->dst[i].tfrr);
- qemu_get_be32s(f, &opp->dst[i].pctp);
- qemu_get_be32s(f, &opp->dst[i].pcsr);
- openpic_load_IRQ_queue(f, &opp->dst[i].raised);
- openpic_load_IRQ_queue(f, &opp->dst[i].servicing);
- }
-
- for (i = 0; i < MAX_TMR; i++) {
- qemu_get_be32s(f, &opp->timers[i].ticc);
- qemu_get_be32s(f, &opp->timers[i].tibc);
- }
-
-#if MAX_DBL > 0
- qemu_get_be32s(f, &opp->dar);
-
- for (i = 0; i < MAX_DBL; i++) {
- qemu_get_be32s(f, &opp->doorbells[i].dmr);
- }
-#endif
-
-#if MAX_MBX > 0
- for (i = 0; i < MAX_MAILBOXES; i++) {
- qemu_get_be32s(f, &opp->mailboxes[i].mbr);
- }
-#endif
-
- return pci_device_load(&opp->pci_dev, f);
-}
-
-static void openpic_irq_raise(openpic_t *opp, int n_CPU, IRQ_src_t *src)
-{
- qemu_irq_raise(opp->dst[n_CPU].irqs[OPENPIC_OUTPUT_INT]);
-}
-
-qemu_irq *openpic_init (MemoryRegion **pmem, int nb_cpus,
- qemu_irq **irqs, qemu_irq irq_out)
-{
- openpic_t *opp;
- int i, m;
-
- /* XXX: for now, only one CPU is supported */
- if (nb_cpus != 1)
- return NULL;
- opp = g_malloc0(sizeof(openpic_t));
- memory_region_init_io(&opp->mem, &openpic_ops, opp, "openpic", 0x40000);
-
- // isu_base &= 0xFFFC0000;
- opp->nb_cpus = nb_cpus;
- opp->max_irq = OPENPIC_MAX_IRQ;
- opp->irq_ipi0 = OPENPIC_IRQ_IPI0;
- opp->irq_tim0 = OPENPIC_IRQ_TIM0;
- /* Set IRQ types */
- for (i = 0; i < OPENPIC_EXT_IRQ; i++) {
- opp->src[i].type = IRQ_EXTERNAL;
- }
- for (; i < OPENPIC_IRQ_TIM0; i++) {
- opp->src[i].type = IRQ_SPECIAL;
- }
-#if MAX_IPI > 0
- m = OPENPIC_IRQ_IPI0;
-#else
- m = OPENPIC_IRQ_DBL0;
-#endif
- for (; i < m; i++) {
- opp->src[i].type = IRQ_TIMER;
- }
- for (; i < OPENPIC_MAX_IRQ; i++) {
- opp->src[i].type = IRQ_INTERNAL;
- }
- for (i = 0; i < nb_cpus; i++)
- opp->dst[i].irqs = irqs[i];
- opp->irq_out = irq_out;
-
- register_savevm(&opp->pci_dev.qdev, "openpic", 0, 2,
- openpic_save, openpic_load, opp);
- qemu_register_reset(openpic_reset, opp);
-
- opp->irq_raise = openpic_irq_raise;
- opp->reset = openpic_reset;
-
- if (pmem)
- *pmem = &opp->mem;
-
- return qemu_allocate_irqs(openpic_set_irq, opp, opp->max_irq);
-}
-
-static void mpic_irq_raise(openpic_t *mpp, int n_CPU, IRQ_src_t *src)
-{
- int n_ci = IDR_CI0 - n_CPU;
-
- if(test_bit(&src->ide, n_ci)) {
- qemu_irq_raise(mpp->dst[n_CPU].irqs[OPENPIC_OUTPUT_CINT]);
- }
- else {
- qemu_irq_raise(mpp->dst[n_CPU].irqs[OPENPIC_OUTPUT_INT]);
- }
-}
-
-static void mpic_reset (void *opaque)
-{
- openpic_t *mpp = (openpic_t *)opaque;
- int i;
-
- mpp->glbc = 0x80000000;
- /* Initialise controller registers */
- mpp->frep = 0x004f0002 | ((mpp->nb_cpus - 1) << 8);
- mpp->veni = VENI;
- mpp->pint = 0x00000000;
- mpp->spve = 0x0000FFFF;
- /* Initialise IRQ sources */
- for (i = 0; i < mpp->max_irq; i++) {
- mpp->src[i].ipvp = 0x80800000;
- mpp->src[i].ide = 0x00000001;
- }
- /* Set IDE for IPIs to 0 so we don't get spurious interrupts */
- for (i = mpp->irq_ipi0; i < (mpp->irq_ipi0 + MAX_IPI); i++) {
- mpp->src[i].ide = 0;
- }
- /* Initialise IRQ destinations */
- for (i = 0; i < MAX_CPU; i++) {
- mpp->dst[i].pctp = 0x0000000F;
- mpp->dst[i].tfrr = 0x00000000;
- memset(&mpp->dst[i].raised, 0, sizeof(IRQ_queue_t));
- mpp->dst[i].raised.next = -1;
- memset(&mpp->dst[i].servicing, 0, sizeof(IRQ_queue_t));
- mpp->dst[i].servicing.next = -1;
- }
- /* Initialise timers */
- for (i = 0; i < MAX_TMR; i++) {
- mpp->timers[i].ticc = 0x00000000;
- mpp->timers[i].tibc = 0x80000000;
- }
- /* Go out of RESET state */
- mpp->glbc = 0x00000000;
-}
-
-static void mpic_timer_write (void *opaque, hwaddr addr, uint32_t val)
-{
- openpic_t *mpp = opaque;
- int idx, cpu;
-
- DPRINTF("%s: addr " TARGET_FMT_plx " <= %08x\n", __func__, addr, val);
- if (addr & 0xF)
- return;
- addr &= 0xFFFF;
- cpu = addr >> 12;
- idx = (addr >> 6) & 0x3;
- switch (addr & 0x30) {
- case 0x00: /* gtccr */
- break;
- case 0x10: /* gtbcr */
- if ((mpp->timers[idx].ticc & 0x80000000) != 0 &&
- (val & 0x80000000) == 0 &&
- (mpp->timers[idx].tibc & 0x80000000) != 0)
- mpp->timers[idx].ticc &= ~0x80000000;
- mpp->timers[idx].tibc = val;
- break;
- case 0x20: /* GTIVPR */
- write_IRQreg_ipvp(mpp, MPIC_TMR_IRQ + idx, val);
- break;
- case 0x30: /* GTIDR & TFRR */
- if ((addr & 0xF0) == 0xF0)
- mpp->dst[cpu].tfrr = val;
- else
- write_IRQreg_ide(mpp, MPIC_TMR_IRQ + idx, val);
- break;
- }
-}
-
-static uint32_t mpic_timer_read (void *opaque, hwaddr addr)
-{
- openpic_t *mpp = opaque;
- uint32_t retval;
- int idx, cpu;
-
- DPRINTF("%s: addr " TARGET_FMT_plx "\n", __func__, addr);
- retval = 0xFFFFFFFF;
- if (addr & 0xF)
- return retval;
- addr &= 0xFFFF;
- cpu = addr >> 12;
- idx = (addr >> 6) & 0x3;
- switch (addr & 0x30) {
- case 0x00: /* gtccr */
- retval = mpp->timers[idx].ticc;
- break;
- case 0x10: /* gtbcr */
- retval = mpp->timers[idx].tibc;
- break;
- case 0x20: /* TIPV */
- retval = read_IRQreg_ipvp(mpp, MPIC_TMR_IRQ + idx);
- break;
- case 0x30: /* TIDR */
- if ((addr &0xF0) == 0XF0)
- retval = mpp->dst[cpu].tfrr;
- else
- retval = read_IRQreg_ide(mpp, MPIC_TMR_IRQ + idx);
- break;
- }
- DPRINTF("%s: => %08x\n", __func__, retval);
-
- return retval;
-}
-
-static void mpic_src_ext_write (void *opaque, hwaddr addr,
- uint32_t val)
-{
- openpic_t *mpp = opaque;
- int idx = MPIC_EXT_IRQ;
-
- DPRINTF("%s: addr " TARGET_FMT_plx " <= %08x\n", __func__, addr, val);
- if (addr & 0xF)
- return;
-
- if (addr < MPIC_EXT_REG_SIZE) {
- idx += (addr & 0xFFF0) >> 5;
- if (addr & 0x10) {
- /* EXDE / IFEDE / IEEDE */
- write_IRQreg_ide(mpp, idx, val);
- } else {
- /* EXVP / IFEVP / IEEVP */
- write_IRQreg_ipvp(mpp, idx, val);
- }
- }
-}
-
-static uint32_t mpic_src_ext_read (void *opaque, hwaddr addr)
-{
- openpic_t *mpp = opaque;
- uint32_t retval;
- int idx = MPIC_EXT_IRQ;
-
- DPRINTF("%s: addr " TARGET_FMT_plx "\n", __func__, addr);
- retval = 0xFFFFFFFF;
- if (addr & 0xF)
- return retval;
-
- if (addr < MPIC_EXT_REG_SIZE) {
- idx += (addr & 0xFFF0) >> 5;
- if (addr & 0x10) {
- /* EXDE / IFEDE / IEEDE */
- retval = read_IRQreg_ide(mpp, idx);
- } else {
- /* EXVP / IFEVP / IEEVP */
- retval = read_IRQreg_ipvp(mpp, idx);
- }
- DPRINTF("%s: => %08x\n", __func__, retval);
- }
-
- return retval;
-}
-
-static void mpic_src_int_write (void *opaque, hwaddr addr,
- uint32_t val)
-{
- openpic_t *mpp = opaque;
- int idx = MPIC_INT_IRQ;
-
- DPRINTF("%s: addr " TARGET_FMT_plx " <= %08x\n", __func__, addr, val);
- if (addr & 0xF)
- return;
-
- if (addr < MPIC_INT_REG_SIZE) {
- idx += (addr & 0xFFF0) >> 5;
- if (addr & 0x10) {
- /* EXDE / IFEDE / IEEDE */
- write_IRQreg_ide(mpp, idx, val);
- } else {
- /* EXVP / IFEVP / IEEVP */
- write_IRQreg_ipvp(mpp, idx, val);
- }
- }
-}
-
-static uint32_t mpic_src_int_read (void *opaque, hwaddr addr)
-{
- openpic_t *mpp = opaque;
- uint32_t retval;
- int idx = MPIC_INT_IRQ;
-
- DPRINTF("%s: addr " TARGET_FMT_plx "\n", __func__, addr);
- retval = 0xFFFFFFFF;
- if (addr & 0xF)
- return retval;
-
- if (addr < MPIC_INT_REG_SIZE) {
- idx += (addr & 0xFFF0) >> 5;
- if (addr & 0x10) {
- /* EXDE / IFEDE / IEEDE */
- retval = read_IRQreg_ide(mpp, idx);
- } else {
- /* EXVP / IFEVP / IEEVP */
- retval = read_IRQreg_ipvp(mpp, idx);
- }
- DPRINTF("%s: => %08x\n", __func__, retval);
- }
-
- return retval;
-}
-
-static void mpic_src_msg_write (void *opaque, hwaddr addr,
- uint32_t val)
-{
- openpic_t *mpp = opaque;
- int idx = MPIC_MSG_IRQ;
-
- DPRINTF("%s: addr " TARGET_FMT_plx " <= %08x\n", __func__, addr, val);
- if (addr & 0xF)
- return;
-
- if (addr < MPIC_MSG_REG_SIZE) {
- idx += (addr & 0xFFF0) >> 5;
- if (addr & 0x10) {
- /* EXDE / IFEDE / IEEDE */
- write_IRQreg_ide(mpp, idx, val);
- } else {
- /* EXVP / IFEVP / IEEVP */
- write_IRQreg_ipvp(mpp, idx, val);
- }
- }
-}
-
-static uint32_t mpic_src_msg_read (void *opaque, hwaddr addr)
-{
- openpic_t *mpp = opaque;
- uint32_t retval;
- int idx = MPIC_MSG_IRQ;
-
- DPRINTF("%s: addr " TARGET_FMT_plx "\n", __func__, addr);
- retval = 0xFFFFFFFF;
- if (addr & 0xF)
- return retval;
-
- if (addr < MPIC_MSG_REG_SIZE) {
- idx += (addr & 0xFFF0) >> 5;
- if (addr & 0x10) {
- /* EXDE / IFEDE / IEEDE */
- retval = read_IRQreg_ide(mpp, idx);
- } else {
- /* EXVP / IFEVP / IEEVP */
- retval = read_IRQreg_ipvp(mpp, idx);
- }
- DPRINTF("%s: => %08x\n", __func__, retval);
- }
-
- return retval;
-}
-
-static void mpic_src_msi_write (void *opaque, hwaddr addr,
- uint32_t val)
-{
- openpic_t *mpp = opaque;
- int idx = MPIC_MSI_IRQ;
-
- DPRINTF("%s: addr " TARGET_FMT_plx " <= %08x\n", __func__, addr, val);
- if (addr & 0xF)
- return;
-
- if (addr < MPIC_MSI_REG_SIZE) {
- idx += (addr & 0xFFF0) >> 5;
- if (addr & 0x10) {
- /* EXDE / IFEDE / IEEDE */
- write_IRQreg_ide(mpp, idx, val);
- } else {
- /* EXVP / IFEVP / IEEVP */
- write_IRQreg_ipvp(mpp, idx, val);
- }
- }
-}
-static uint32_t mpic_src_msi_read (void *opaque, hwaddr addr)
-{
- openpic_t *mpp = opaque;
- uint32_t retval;
- int idx = MPIC_MSI_IRQ;
-
- DPRINTF("%s: addr " TARGET_FMT_plx "\n", __func__, addr);
- retval = 0xFFFFFFFF;
- if (addr & 0xF)
- return retval;
-
- if (addr < MPIC_MSI_REG_SIZE) {
- idx += (addr & 0xFFF0) >> 5;
- if (addr & 0x10) {
- /* EXDE / IFEDE / IEEDE */
- retval = read_IRQreg_ide(mpp, idx);
- } else {
- /* EXVP / IFEVP / IEEVP */
- retval = read_IRQreg_ipvp(mpp, idx);
- }
- DPRINTF("%s: => %08x\n", __func__, retval);
- }
-
- return retval;
-}
-
-static const MemoryRegionOps mpic_glb_ops = {
- .old_mmio = {
- .write = { openpic_buggy_write,
- openpic_buggy_write,
- openpic_gbl_write,
- },
- .read = { openpic_buggy_read,
- openpic_buggy_read,
- openpic_gbl_read,
- },
- },
- .endianness = DEVICE_BIG_ENDIAN,
-};
-
-static const MemoryRegionOps mpic_tmr_ops = {
- .old_mmio = {
- .write = { openpic_buggy_write,
- openpic_buggy_write,
- mpic_timer_write,
- },
- .read = { openpic_buggy_read,
- openpic_buggy_read,
- mpic_timer_read,
- },
- },
- .endianness = DEVICE_BIG_ENDIAN,
-};
-
-static const MemoryRegionOps mpic_cpu_ops = {
- .old_mmio = {
- .write = { openpic_buggy_write,
- openpic_buggy_write,
- openpic_cpu_write,
- },
- .read = { openpic_buggy_read,
- openpic_buggy_read,
- openpic_cpu_read,
- },
- },
- .endianness = DEVICE_BIG_ENDIAN,
-};
-
-static const MemoryRegionOps mpic_ext_ops = {
- .old_mmio = {
- .write = { openpic_buggy_write,
- openpic_buggy_write,
- mpic_src_ext_write,
- },
- .read = { openpic_buggy_read,
- openpic_buggy_read,
- mpic_src_ext_read,
- },
- },
- .endianness = DEVICE_BIG_ENDIAN,
-};
-
-static const MemoryRegionOps mpic_int_ops = {
- .old_mmio = {
- .write = { openpic_buggy_write,
- openpic_buggy_write,
- mpic_src_int_write,
- },
- .read = { openpic_buggy_read,
- openpic_buggy_read,
- mpic_src_int_read,
- },
- },
- .endianness = DEVICE_BIG_ENDIAN,
-};
-
-static const MemoryRegionOps mpic_msg_ops = {
- .old_mmio = {
- .write = { openpic_buggy_write,
- openpic_buggy_write,
- mpic_src_msg_write,
- },
- .read = { openpic_buggy_read,
- openpic_buggy_read,
- mpic_src_msg_read,
- },
- },
- .endianness = DEVICE_BIG_ENDIAN,
-};
-
-static const MemoryRegionOps mpic_msi_ops = {
- .old_mmio = {
- .write = { openpic_buggy_write,
- openpic_buggy_write,
- mpic_src_msi_write,
- },
- .read = { openpic_buggy_read,
- openpic_buggy_read,
- mpic_src_msi_read,
- },
- },
- .endianness = DEVICE_BIG_ENDIAN,
-};
-
-qemu_irq *mpic_init (MemoryRegion *address_space, hwaddr base,
- int nb_cpus, qemu_irq **irqs, qemu_irq irq_out)
-{
- openpic_t *mpp;
- int i;
- struct {
- const char *name;
- MemoryRegionOps const *ops;
- hwaddr start_addr;
- ram_addr_t size;
- } const list[] = {
- {"glb", &mpic_glb_ops, MPIC_GLB_REG_START, MPIC_GLB_REG_SIZE},
- {"tmr", &mpic_tmr_ops, MPIC_TMR_REG_START, MPIC_TMR_REG_SIZE},
- {"ext", &mpic_ext_ops, MPIC_EXT_REG_START, MPIC_EXT_REG_SIZE},
- {"int", &mpic_int_ops, MPIC_INT_REG_START, MPIC_INT_REG_SIZE},
- {"msg", &mpic_msg_ops, MPIC_MSG_REG_START, MPIC_MSG_REG_SIZE},
- {"msi", &mpic_msi_ops, MPIC_MSI_REG_START, MPIC_MSI_REG_SIZE},
- {"cpu", &mpic_cpu_ops, MPIC_CPU_REG_START, MPIC_CPU_REG_SIZE},
- };
-
- mpp = g_malloc0(sizeof(openpic_t));
-
- memory_region_init(&mpp->mem, "mpic", 0x40000);
- memory_region_add_subregion(address_space, base, &mpp->mem);
-
- for (i = 0; i < sizeof(list)/sizeof(list[0]); i++) {
-
- memory_region_init_io(&mpp->sub_io_mem[i], list[i].ops, mpp,
- list[i].name, list[i].size);
-
- memory_region_add_subregion(&mpp->mem, list[i].start_addr,
- &mpp->sub_io_mem[i]);
- }
-
- mpp->nb_cpus = nb_cpus;
- mpp->max_irq = MPIC_MAX_IRQ;
- mpp->irq_ipi0 = MPIC_IPI_IRQ;
- mpp->irq_tim0 = MPIC_TMR_IRQ;
-
- for (i = 0; i < nb_cpus; i++)
- mpp->dst[i].irqs = irqs[i];
- mpp->irq_out = irq_out;
-
- mpp->irq_raise = mpic_irq_raise;
- mpp->reset = mpic_reset;
-
- register_savevm(NULL, "mpic", 0, 2, openpic_save, openpic_load, mpp);
- qemu_register_reset(mpic_reset, mpp);
-
- return qemu_allocate_irqs(openpic_set_irq, mpp, mpp->max_irq);
-}
diff --git a/hw/openpic.h b/hw/openpic.h
deleted file mode 100644
index f50a1e42b..000000000
--- a/hw/openpic.h
+++ /dev/null
@@ -1,18 +0,0 @@
-#if !defined(__OPENPIC_H__)
-#define __OPENPIC_H__
-
-/* OpenPIC have 5 outputs per CPU connected and one IRQ out single output */
-enum {
- OPENPIC_OUTPUT_INT = 0, /* IRQ */
- OPENPIC_OUTPUT_CINT, /* critical IRQ */
- OPENPIC_OUTPUT_MCK, /* Machine check event */
- OPENPIC_OUTPUT_DEBUG, /* Inconditional debug event */
- OPENPIC_OUTPUT_RESET, /* Core reset event */
- OPENPIC_OUTPUT_NB,
-};
-
-qemu_irq *openpic_init (MemoryRegion **pmem, int nb_cpus,
- qemu_irq **irqs, qemu_irq irq_out);
-qemu_irq *mpic_init (MemoryRegion *address_space, hwaddr base,
- int nb_cpus, qemu_irq **irqs, qemu_irq irq_out);
-#endif /* __OPENPIC_H__ */
diff --git a/hw/openrisc/Makefile.objs b/hw/openrisc/Makefile.objs
index 38ff8f5d6..61246b149 100644
--- a/hw/openrisc/Makefile.objs
+++ b/hw/openrisc/Makefile.objs
@@ -1,3 +1,2 @@
-obj-y = openrisc_pic.o openrisc_sim.o openrisc_timer.o
-
-obj-y := $(addprefix ../,$(obj-y))
+obj-y = pic_cpu.o cputimer.o
+obj-y += openrisc_sim.o
diff --git a/hw/openrisc/cputimer.c b/hw/openrisc/cputimer.c
new file mode 100644
index 000000000..4144b34be
--- /dev/null
+++ b/hw/openrisc/cputimer.c
@@ -0,0 +1,103 @@
+/*
+ * QEMU OpenRISC timer support
+ *
+ * Copyright (c) 2011-2012 Jia Liu <proljc@gmail.com>
+ * Zhizhou Zhang <etouzh@gmail.com>
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "cpu.h"
+#include "hw/hw.h"
+#include "qemu/timer.h"
+
+#define TIMER_FREQ (20 * 1000 * 1000) /* 20MHz */
+
+/* The time when TTCR changes */
+static uint64_t last_clk;
+static int is_counting;
+
+void cpu_openrisc_count_update(OpenRISCCPU *cpu)
+{
+ uint64_t now, next;
+ uint32_t wait;
+
+ now = qemu_get_clock_ns(vm_clock);
+ if (!is_counting) {
+ qemu_del_timer(cpu->env.timer);
+ last_clk = now;
+ return;
+ }
+
+ cpu->env.ttcr += (uint32_t)muldiv64(now - last_clk, TIMER_FREQ,
+ get_ticks_per_sec());
+ last_clk = now;
+
+ if ((cpu->env.ttmr & TTMR_TP) <= (cpu->env.ttcr & TTMR_TP)) {
+ wait = TTMR_TP - (cpu->env.ttcr & TTMR_TP) + 1;
+ wait += cpu->env.ttmr & TTMR_TP;
+ } else {
+ wait = (cpu->env.ttmr & TTMR_TP) - (cpu->env.ttcr & TTMR_TP);
+ }
+
+ next = now + muldiv64(wait, get_ticks_per_sec(), TIMER_FREQ);
+ qemu_mod_timer(cpu->env.timer, next);
+}
+
+void cpu_openrisc_count_start(OpenRISCCPU *cpu)
+{
+ is_counting = 1;
+ cpu_openrisc_count_update(cpu);
+}
+
+void cpu_openrisc_count_stop(OpenRISCCPU *cpu)
+{
+ is_counting = 0;
+ cpu_openrisc_count_update(cpu);
+}
+
+static void openrisc_timer_cb(void *opaque)
+{
+ OpenRISCCPU *cpu = opaque;
+
+ if ((cpu->env.ttmr & TTMR_IE) &&
+ qemu_timer_expired(cpu->env.timer, qemu_get_clock_ns(vm_clock))) {
+ CPUState *cs = CPU(cpu);
+
+ cpu->env.ttmr |= TTMR_IP;
+ cs->interrupt_request |= CPU_INTERRUPT_TIMER;
+ }
+
+ switch (cpu->env.ttmr & TTMR_M) {
+ case TIMER_NONE:
+ break;
+ case TIMER_INTR:
+ cpu->env.ttcr = 0;
+ cpu_openrisc_count_start(cpu);
+ break;
+ case TIMER_SHOT:
+ cpu_openrisc_count_stop(cpu);
+ break;
+ case TIMER_CONT:
+ cpu_openrisc_count_start(cpu);
+ break;
+ }
+}
+
+void cpu_openrisc_clock_init(OpenRISCCPU *cpu)
+{
+ cpu->env.timer = qemu_new_timer_ns(vm_clock, &openrisc_timer_cb, cpu);
+ cpu->env.ttmr = 0x00000000;
+ cpu->env.ttcr = 0x00000000;
+}
diff --git a/hw/openrisc/openrisc_sim.c b/hw/openrisc/openrisc_sim.c
new file mode 100644
index 000000000..a08f27ce2
--- /dev/null
+++ b/hw/openrisc/openrisc_sim.c
@@ -0,0 +1,150 @@
+/*
+ * OpenRISC simulator for use as an IIS.
+ *
+ * Copyright (c) 2011-2012 Jia Liu <proljc@gmail.com>
+ * Feng Gao <gf91597@gmail.com>
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "hw/hw.h"
+#include "hw/boards.h"
+#include "elf.h"
+#include "hw/char/serial.h"
+#include "net/net.h"
+#include "hw/loader.h"
+#include "exec/address-spaces.h"
+#include "sysemu/sysemu.h"
+#include "hw/sysbus.h"
+#include "sysemu/qtest.h"
+
+#define KERNEL_LOAD_ADDR 0x100
+
+static void main_cpu_reset(void *opaque)
+{
+ OpenRISCCPU *cpu = opaque;
+
+ cpu_reset(CPU(cpu));
+}
+
+static void openrisc_sim_net_init(MemoryRegion *address_space,
+ hwaddr base,
+ hwaddr descriptors,
+ qemu_irq irq, NICInfo *nd)
+{
+ DeviceState *dev;
+ SysBusDevice *s;
+
+ dev = qdev_create(NULL, "open_eth");
+ qdev_set_nic_properties(dev, nd);
+ qdev_init_nofail(dev);
+
+ s = SYS_BUS_DEVICE(dev);
+ sysbus_connect_irq(s, 0, irq);
+ memory_region_add_subregion(address_space, base,
+ sysbus_mmio_get_region(s, 0));
+ memory_region_add_subregion(address_space, descriptors,
+ sysbus_mmio_get_region(s, 1));
+}
+
+static void cpu_openrisc_load_kernel(ram_addr_t ram_size,
+ const char *kernel_filename,
+ OpenRISCCPU *cpu)
+{
+ long kernel_size;
+ uint64_t elf_entry;
+ hwaddr entry;
+
+ if (kernel_filename && !qtest_enabled()) {
+ kernel_size = load_elf(kernel_filename, NULL, NULL,
+ &elf_entry, NULL, NULL, 1, ELF_MACHINE, 1);
+ entry = elf_entry;
+ if (kernel_size < 0) {
+ kernel_size = load_uimage(kernel_filename,
+ &entry, NULL, NULL);
+ }
+ if (kernel_size < 0) {
+ kernel_size = load_image_targphys(kernel_filename,
+ KERNEL_LOAD_ADDR,
+ ram_size - KERNEL_LOAD_ADDR);
+ entry = KERNEL_LOAD_ADDR;
+ }
+
+ if (kernel_size < 0) {
+ fprintf(stderr, "QEMU: couldn't load the kernel '%s'\n",
+ kernel_filename);
+ exit(1);
+ }
+ }
+
+ cpu->env.pc = entry;
+}
+
+static void openrisc_sim_init(QEMUMachineInitArgs *args)
+{
+ ram_addr_t ram_size = args->ram_size;
+ const char *cpu_model = args->cpu_model;
+ const char *kernel_filename = args->kernel_filename;
+ OpenRISCCPU *cpu = NULL;
+ MemoryRegion *ram;
+ int n;
+
+ if (!cpu_model) {
+ cpu_model = "or1200";
+ }
+
+ for (n = 0; n < smp_cpus; n++) {
+ cpu = cpu_openrisc_init(cpu_model);
+ if (cpu == NULL) {
+ fprintf(stderr, "Unable to find CPU definition!\n");
+ exit(1);
+ }
+ qemu_register_reset(main_cpu_reset, cpu);
+ main_cpu_reset(cpu);
+ }
+
+ ram = g_malloc(sizeof(*ram));
+ memory_region_init_ram(ram, NULL, "openrisc.ram", ram_size);
+ vmstate_register_ram_global(ram);
+ memory_region_add_subregion(get_system_memory(), 0, ram);
+
+ cpu_openrisc_pic_init(cpu);
+ cpu_openrisc_clock_init(cpu);
+
+ serial_mm_init(get_system_memory(), 0x90000000, 0, cpu->env.irq[2],
+ 115200, serial_hds[0], DEVICE_NATIVE_ENDIAN);
+
+ if (nd_table[0].used) {
+ openrisc_sim_net_init(get_system_memory(), 0x92000000,
+ 0x92000400, cpu->env.irq[4], nd_table);
+ }
+
+ cpu_openrisc_load_kernel(ram_size, kernel_filename, cpu);
+}
+
+static QEMUMachine openrisc_sim_machine = {
+ .name = "or32-sim",
+ .desc = "or32 simulation",
+ .init = openrisc_sim_init,
+ .max_cpus = 1,
+ .is_default = 1,
+ DEFAULT_MACHINE_OPTIONS,
+};
+
+static void openrisc_sim_machine_init(void)
+{
+ qemu_register_machine(&openrisc_sim_machine);
+}
+
+machine_init(openrisc_sim_machine_init);
diff --git a/hw/openrisc/pic_cpu.c b/hw/openrisc/pic_cpu.c
new file mode 100644
index 000000000..ca0b7c11b
--- /dev/null
+++ b/hw/openrisc/pic_cpu.c
@@ -0,0 +1,61 @@
+/*
+ * OpenRISC Programmable Interrupt Controller support.
+ *
+ * Copyright (c) 2011-2012 Jia Liu <proljc@gmail.com>
+ * Feng Gao <gf91597@gmail.com>
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "hw/hw.h"
+#include "cpu.h"
+
+/* OpenRISC pic handler */
+static void openrisc_pic_cpu_handler(void *opaque, int irq, int level)
+{
+ OpenRISCCPU *cpu = (OpenRISCCPU *)opaque;
+ CPUState *cs = CPU(cpu);
+ int i;
+ uint32_t irq_bit = 1 << irq;
+
+ if (irq > 31 || irq < 0) {
+ return;
+ }
+
+ if (level) {
+ cpu->env.picsr |= irq_bit;
+ } else {
+ cpu->env.picsr &= ~irq_bit;
+ }
+
+ for (i = 0; i < 32; i++) {
+ if ((cpu->env.picsr && (1 << i)) && (cpu->env.picmr && (1 << i))) {
+ cpu_interrupt(cs, CPU_INTERRUPT_HARD);
+ } else {
+ cpu_reset_interrupt(cs, CPU_INTERRUPT_HARD);
+ cpu->env.picsr &= ~(1 << i);
+ }
+ }
+}
+
+void cpu_openrisc_pic_init(OpenRISCCPU *cpu)
+{
+ int i;
+ qemu_irq *qi;
+ qi = qemu_allocate_irqs(openrisc_pic_cpu_handler, cpu, NR_IRQS);
+
+ for (i = 0; i < NR_IRQS; i++) {
+ cpu->env.irq[i] = qi[i];
+ }
+}
diff --git a/hw/openrisc_pic.c b/hw/openrisc_pic.c
deleted file mode 100644
index aaeb9a917..000000000
--- a/hw/openrisc_pic.c
+++ /dev/null
@@ -1,60 +0,0 @@
-/*
- * OpenRISC Programmable Interrupt Controller support.
- *
- * Copyright (c) 2011-2012 Jia Liu <proljc@gmail.com>
- * Feng Gao <gf91597@gmail.com>
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, see <http://www.gnu.org/licenses/>.
- */
-
-#include "hw.h"
-#include "cpu.h"
-
-/* OpenRISC pic handler */
-static void openrisc_pic_cpu_handler(void *opaque, int irq, int level)
-{
- OpenRISCCPU *cpu = (OpenRISCCPU *)opaque;
- int i;
- uint32_t irq_bit = 1 << irq;
-
- if (irq > 31 || irq < 0) {
- return;
- }
-
- if (level) {
- cpu->env.picsr |= irq_bit;
- } else {
- cpu->env.picsr &= ~irq_bit;
- }
-
- for (i = 0; i < 32; i++) {
- if ((cpu->env.picsr && (1 << i)) && (cpu->env.picmr && (1 << i))) {
- cpu_interrupt(&cpu->env, CPU_INTERRUPT_HARD);
- } else {
- cpu_reset_interrupt(&cpu->env, CPU_INTERRUPT_HARD);
- cpu->env.picsr &= ~(1 << i);
- }
- }
-}
-
-void cpu_openrisc_pic_init(OpenRISCCPU *cpu)
-{
- int i;
- qemu_irq *qi;
- qi = qemu_allocate_irqs(openrisc_pic_cpu_handler, cpu, NR_IRQS);
-
- for (i = 0; i < NR_IRQS; i++) {
- cpu->env.irq[i] = qi[i];
- }
-}
diff --git a/hw/openrisc_sim.c b/hw/openrisc_sim.c
deleted file mode 100644
index 23c66df1f..000000000
--- a/hw/openrisc_sim.c
+++ /dev/null
@@ -1,149 +0,0 @@
-/*
- * OpenRISC simulator for use as an IIS.
- *
- * Copyright (c) 2011-2012 Jia Liu <proljc@gmail.com>
- * Feng Gao <gf91597@gmail.com>
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, see <http://www.gnu.org/licenses/>.
- */
-
-#include "hw.h"
-#include "boards.h"
-#include "elf.h"
-#include "serial.h"
-#include "net.h"
-#include "loader.h"
-#include "exec-memory.h"
-#include "sysemu.h"
-#include "sysbus.h"
-#include "qtest.h"
-
-#define KERNEL_LOAD_ADDR 0x100
-
-static void main_cpu_reset(void *opaque)
-{
- OpenRISCCPU *cpu = opaque;
-
- cpu_reset(CPU(cpu));
-}
-
-static void openrisc_sim_net_init(MemoryRegion *address_space,
- hwaddr base,
- hwaddr descriptors,
- qemu_irq irq, NICInfo *nd)
-{
- DeviceState *dev;
- SysBusDevice *s;
-
- dev = qdev_create(NULL, "open_eth");
- qdev_set_nic_properties(dev, nd);
- qdev_init_nofail(dev);
-
- s = sysbus_from_qdev(dev);
- sysbus_connect_irq(s, 0, irq);
- memory_region_add_subregion(address_space, base,
- sysbus_mmio_get_region(s, 0));
- memory_region_add_subregion(address_space, descriptors,
- sysbus_mmio_get_region(s, 1));
-}
-
-static void cpu_openrisc_load_kernel(ram_addr_t ram_size,
- const char *kernel_filename,
- OpenRISCCPU *cpu)
-{
- long kernel_size;
- uint64_t elf_entry;
- hwaddr entry;
-
- if (kernel_filename && !qtest_enabled()) {
- kernel_size = load_elf(kernel_filename, NULL, NULL,
- &elf_entry, NULL, NULL, 1, ELF_MACHINE, 1);
- entry = elf_entry;
- if (kernel_size < 0) {
- kernel_size = load_uimage(kernel_filename,
- &entry, NULL, NULL);
- }
- if (kernel_size < 0) {
- kernel_size = load_image_targphys(kernel_filename,
- KERNEL_LOAD_ADDR,
- ram_size - KERNEL_LOAD_ADDR);
- entry = KERNEL_LOAD_ADDR;
- }
-
- if (kernel_size < 0) {
- qemu_log("QEMU: couldn't load the kernel '%s'\n",
- kernel_filename);
- exit(1);
- }
- }
-
- cpu->env.pc = entry;
-}
-
-static void openrisc_sim_init(QEMUMachineInitArgs *args)
-{
- ram_addr_t ram_size = args->ram_size;
- const char *cpu_model = args->cpu_model;
- const char *kernel_filename = args->kernel_filename;
- OpenRISCCPU *cpu = NULL;
- MemoryRegion *ram;
- int n;
-
- if (!cpu_model) {
- cpu_model = "or1200";
- }
-
- for (n = 0; n < smp_cpus; n++) {
- cpu = cpu_openrisc_init(cpu_model);
- if (cpu == NULL) {
- qemu_log("Unable to find CPU defineition!\n");
- exit(1);
- }
- qemu_register_reset(main_cpu_reset, cpu);
- main_cpu_reset(cpu);
- }
-
- ram = g_malloc(sizeof(*ram));
- memory_region_init_ram(ram, "openrisc.ram", ram_size);
- vmstate_register_ram_global(ram);
- memory_region_add_subregion(get_system_memory(), 0, ram);
-
- cpu_openrisc_pic_init(cpu);
- cpu_openrisc_clock_init(cpu);
-
- serial_mm_init(get_system_memory(), 0x90000000, 0, cpu->env.irq[2],
- 115200, serial_hds[0], DEVICE_NATIVE_ENDIAN);
-
- if (nd_table[0].used) {
- openrisc_sim_net_init(get_system_memory(), 0x92000000,
- 0x92000400, cpu->env.irq[4], nd_table);
- }
-
- cpu_openrisc_load_kernel(ram_size, kernel_filename, cpu);
-}
-
-static QEMUMachine openrisc_sim_machine = {
- .name = "or32-sim",
- .desc = "or32 simulation",
- .init = openrisc_sim_init,
- .max_cpus = 1,
- .is_default = 1,
-};
-
-static void openrisc_sim_machine_init(void)
-{
- qemu_register_machine(&openrisc_sim_machine);
-}
-
-machine_init(openrisc_sim_machine_init);
diff --git a/hw/openrisc_timer.c b/hw/openrisc_timer.c
deleted file mode 100644
index 7916e61d2..000000000
--- a/hw/openrisc_timer.c
+++ /dev/null
@@ -1,101 +0,0 @@
-/*
- * QEMU OpenRISC timer support
- *
- * Copyright (c) 2011-2012 Jia Liu <proljc@gmail.com>
- * Zhizhou Zhang <etouzh@gmail.com>
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, see <http://www.gnu.org/licenses/>.
- */
-
-#include "cpu.h"
-#include "hw.h"
-#include "qemu-timer.h"
-
-#define TIMER_FREQ (20 * 1000 * 1000) /* 20MHz */
-
-/* The time when TTCR changes */
-static uint64_t last_clk;
-static int is_counting;
-
-void cpu_openrisc_count_update(OpenRISCCPU *cpu)
-{
- uint64_t now, next;
- uint32_t wait;
-
- now = qemu_get_clock_ns(vm_clock);
- if (!is_counting) {
- qemu_del_timer(cpu->env.timer);
- last_clk = now;
- return;
- }
-
- cpu->env.ttcr += (uint32_t)muldiv64(now - last_clk, TIMER_FREQ,
- get_ticks_per_sec());
- last_clk = now;
-
- if ((cpu->env.ttmr & TTMR_TP) <= (cpu->env.ttcr & TTMR_TP)) {
- wait = TTMR_TP - (cpu->env.ttcr & TTMR_TP) + 1;
- wait += cpu->env.ttmr & TTMR_TP;
- } else {
- wait = (cpu->env.ttmr & TTMR_TP) - (cpu->env.ttcr & TTMR_TP);
- }
-
- next = now + muldiv64(wait, get_ticks_per_sec(), TIMER_FREQ);
- qemu_mod_timer(cpu->env.timer, next);
-}
-
-void cpu_openrisc_count_start(OpenRISCCPU *cpu)
-{
- is_counting = 1;
- cpu_openrisc_count_update(cpu);
-}
-
-void cpu_openrisc_count_stop(OpenRISCCPU *cpu)
-{
- is_counting = 0;
- cpu_openrisc_count_update(cpu);
-}
-
-static void openrisc_timer_cb(void *opaque)
-{
- OpenRISCCPU *cpu = opaque;
-
- if ((cpu->env.ttmr & TTMR_IE) &&
- qemu_timer_expired(cpu->env.timer, qemu_get_clock_ns(vm_clock))) {
- cpu->env.ttmr |= TTMR_IP;
- cpu->env.interrupt_request |= CPU_INTERRUPT_TIMER;
- }
-
- switch (cpu->env.ttmr & TTMR_M) {
- case TIMER_NONE:
- break;
- case TIMER_INTR:
- cpu->env.ttcr = 0;
- cpu_openrisc_count_start(cpu);
- break;
- case TIMER_SHOT:
- cpu_openrisc_count_stop(cpu);
- break;
- case TIMER_CONT:
- cpu_openrisc_count_start(cpu);
- break;
- }
-}
-
-void cpu_openrisc_clock_init(OpenRISCCPU *cpu)
-{
- cpu->env.timer = qemu_new_timer_ns(vm_clock, &openrisc_timer_cb, cpu);
- cpu->env.ttmr = 0x00000000;
- cpu->env.ttcr = 0x00000000;
-}
diff --git a/hw/palm.c b/hw/palm.c
deleted file mode 100644
index 6f6f414e6..000000000
--- a/hw/palm.c
+++ /dev/null
@@ -1,290 +0,0 @@
-/*
- * PalmOne's (TM) PDAs.
- *
- * Copyright (C) 2006-2007 Andrzej Zaborowski <balrog@zabor.org>
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License as
- * published by the Free Software Foundation; either version 2 or
- * (at your option) version 3 of the License.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, see <http://www.gnu.org/licenses/>.
- */
-#include "hw.h"
-#include "audio/audio.h"
-#include "sysemu.h"
-#include "console.h"
-#include "omap.h"
-#include "boards.h"
-#include "arm-misc.h"
-#include "devices.h"
-#include "loader.h"
-#include "exec-memory.h"
-
-static uint32_t static_readb(void *opaque, hwaddr offset)
-{
- uint32_t *val = (uint32_t *) opaque;
- return *val >> ((offset & 3) << 3);
-}
-
-static uint32_t static_readh(void *opaque, hwaddr offset)
-{
- uint32_t *val = (uint32_t *) opaque;
- return *val >> ((offset & 1) << 3);
-}
-
-static uint32_t static_readw(void *opaque, hwaddr offset)
-{
- uint32_t *val = (uint32_t *) opaque;
- return *val >> ((offset & 0) << 3);
-}
-
-static void static_write(void *opaque, hwaddr offset,
- uint32_t value)
-{
-#ifdef SPY
- printf("%s: value %08lx written at " PA_FMT "\n",
- __FUNCTION__, value, offset);
-#endif
-}
-
-static const MemoryRegionOps static_ops = {
- .old_mmio = {
- .read = { static_readb, static_readh, static_readw, },
- .write = { static_write, static_write, static_write, },
- },
- .endianness = DEVICE_NATIVE_ENDIAN,
-};
-
-/* Palm Tunsgten|E support */
-
-/* Shared GPIOs */
-#define PALMTE_USBDETECT_GPIO 0
-#define PALMTE_USB_OR_DC_GPIO 1
-#define PALMTE_TSC_GPIO 4
-#define PALMTE_PINTDAV_GPIO 6
-#define PALMTE_MMC_WP_GPIO 8
-#define PALMTE_MMC_POWER_GPIO 9
-#define PALMTE_HDQ_GPIO 11
-#define PALMTE_HEADPHONES_GPIO 14
-#define PALMTE_SPEAKER_GPIO 15
-/* MPU private GPIOs */
-#define PALMTE_DC_GPIO 2
-#define PALMTE_MMC_SWITCH_GPIO 4
-#define PALMTE_MMC1_GPIO 6
-#define PALMTE_MMC2_GPIO 7
-#define PALMTE_MMC3_GPIO 11
-
-static MouseTransformInfo palmte_pointercal = {
- .x = 320,
- .y = 320,
- .a = { -5909, 8, 22465308, 104, 7644, -1219972, 65536 },
-};
-
-static void palmte_microwire_setup(struct omap_mpu_state_s *cpu)
-{
- uWireSlave *tsc;
-
- tsc = tsc2102_init(qdev_get_gpio_in(cpu->gpio, PALMTE_PINTDAV_GPIO));
-
- omap_uwire_attach(cpu->microwire, tsc, 0);
- omap_mcbsp_i2s_attach(cpu->mcbsp1, tsc210x_codec(tsc));
-
- tsc210x_set_transform(tsc, &palmte_pointercal);
-}
-
-static struct {
- int row;
- int column;
-} palmte_keymap[0x80] = {
- [0 ... 0x7f] = { -1, -1 },
- [0x3b] = { 0, 0 }, /* F1 -> Calendar */
- [0x3c] = { 1, 0 }, /* F2 -> Contacts */
- [0x3d] = { 2, 0 }, /* F3 -> Tasks List */
- [0x3e] = { 3, 0 }, /* F4 -> Note Pad */
- [0x01] = { 4, 0 }, /* Esc -> Power */
- [0x4b] = { 0, 1 }, /* Left */
- [0x50] = { 1, 1 }, /* Down */
- [0x48] = { 2, 1 }, /* Up */
- [0x4d] = { 3, 1 }, /* Right */
- [0x4c] = { 4, 1 }, /* Centre */
- [0x39] = { 4, 1 }, /* Spc -> Centre */
-};
-
-static void palmte_button_event(void *opaque, int keycode)
-{
- struct omap_mpu_state_s *cpu = (struct omap_mpu_state_s *) opaque;
-
- if (palmte_keymap[keycode & 0x7f].row != -1)
- omap_mpuio_key(cpu->mpuio,
- palmte_keymap[keycode & 0x7f].row,
- palmte_keymap[keycode & 0x7f].column,
- !(keycode & 0x80));
-}
-
-static void palmte_onoff_gpios(void *opaque, int line, int level)
-{
- switch (line) {
- case 0:
- printf("%s: current to MMC/SD card %sabled.\n",
- __FUNCTION__, level ? "dis" : "en");
- break;
- case 1:
- printf("%s: internal speaker amplifier %s.\n",
- __FUNCTION__, level ? "down" : "on");
- break;
-
- /* These LCD & Audio output signals have not been identified yet. */
- case 2:
- case 3:
- case 4:
- printf("%s: LCD GPIO%i %s.\n",
- __FUNCTION__, line - 1, level ? "high" : "low");
- break;
- case 5:
- case 6:
- printf("%s: Audio GPIO%i %s.\n",
- __FUNCTION__, line - 4, level ? "high" : "low");
- break;
- }
-}
-
-static void palmte_gpio_setup(struct omap_mpu_state_s *cpu)
-{
- qemu_irq *misc_gpio;
-
- omap_mmc_handlers(cpu->mmc,
- qdev_get_gpio_in(cpu->gpio, PALMTE_MMC_WP_GPIO),
- qemu_irq_invert(omap_mpuio_in_get(cpu->mpuio)
- [PALMTE_MMC_SWITCH_GPIO]));
-
- misc_gpio = qemu_allocate_irqs(palmte_onoff_gpios, cpu, 7);
- qdev_connect_gpio_out(cpu->gpio, PALMTE_MMC_POWER_GPIO, misc_gpio[0]);
- qdev_connect_gpio_out(cpu->gpio, PALMTE_SPEAKER_GPIO, misc_gpio[1]);
- qdev_connect_gpio_out(cpu->gpio, 11, misc_gpio[2]);
- qdev_connect_gpio_out(cpu->gpio, 12, misc_gpio[3]);
- qdev_connect_gpio_out(cpu->gpio, 13, misc_gpio[4]);
- omap_mpuio_out_set(cpu->mpuio, 1, misc_gpio[5]);
- omap_mpuio_out_set(cpu->mpuio, 3, misc_gpio[6]);
-
- /* Reset some inputs to initial state. */
- qemu_irq_lower(qdev_get_gpio_in(cpu->gpio, PALMTE_USBDETECT_GPIO));
- qemu_irq_lower(qdev_get_gpio_in(cpu->gpio, PALMTE_USB_OR_DC_GPIO));
- qemu_irq_lower(qdev_get_gpio_in(cpu->gpio, 4));
- qemu_irq_lower(qdev_get_gpio_in(cpu->gpio, PALMTE_HEADPHONES_GPIO));
- qemu_irq_lower(omap_mpuio_in_get(cpu->mpuio)[PALMTE_DC_GPIO]);
- qemu_irq_raise(omap_mpuio_in_get(cpu->mpuio)[6]);
- qemu_irq_raise(omap_mpuio_in_get(cpu->mpuio)[7]);
- qemu_irq_raise(omap_mpuio_in_get(cpu->mpuio)[11]);
-}
-
-static struct arm_boot_info palmte_binfo = {
- .loader_start = OMAP_EMIFF_BASE,
- .ram_size = 0x02000000,
- .board_id = 0x331,
-};
-
-static void palmte_init(QEMUMachineInitArgs *args)
-{
- const char *cpu_model = args->cpu_model;
- const char *kernel_filename = args->kernel_filename;
- const char *kernel_cmdline = args->kernel_cmdline;
- const char *initrd_filename = args->initrd_filename;
- MemoryRegion *address_space_mem = get_system_memory();
- struct omap_mpu_state_s *mpu;
- int flash_size = 0x00800000;
- int sdram_size = palmte_binfo.ram_size;
- static uint32_t cs0val = 0xffffffff;
- static uint32_t cs1val = 0x0000e1a0;
- static uint32_t cs2val = 0x0000e1a0;
- static uint32_t cs3val = 0xe1a0e1a0;
- int rom_size, rom_loaded = 0;
- DisplayState *ds = get_displaystate();
- MemoryRegion *flash = g_new(MemoryRegion, 1);
- MemoryRegion *cs = g_new(MemoryRegion, 4);
-
- mpu = omap310_mpu_init(address_space_mem, sdram_size, cpu_model);
-
- /* External Flash (EMIFS) */
- memory_region_init_ram(flash, "palmte.flash", flash_size);
- vmstate_register_ram_global(flash);
- memory_region_set_readonly(flash, true);
- memory_region_add_subregion(address_space_mem, OMAP_CS0_BASE, flash);
-
- memory_region_init_io(&cs[0], &static_ops, &cs0val, "palmte-cs0",
- OMAP_CS0_SIZE - flash_size);
- memory_region_add_subregion(address_space_mem, OMAP_CS0_BASE + flash_size,
- &cs[0]);
- memory_region_init_io(&cs[1], &static_ops, &cs1val, "palmte-cs1",
- OMAP_CS1_SIZE);
- memory_region_add_subregion(address_space_mem, OMAP_CS1_BASE, &cs[1]);
- memory_region_init_io(&cs[2], &static_ops, &cs2val, "palmte-cs2",
- OMAP_CS2_SIZE);
- memory_region_add_subregion(address_space_mem, OMAP_CS2_BASE, &cs[2]);
- memory_region_init_io(&cs[3], &static_ops, &cs3val, "palmte-cs3",
- OMAP_CS3_SIZE);
- memory_region_add_subregion(address_space_mem, OMAP_CS3_BASE, &cs[3]);
-
- palmte_microwire_setup(mpu);
-
- qemu_add_kbd_event_handler(palmte_button_event, mpu);
-
- palmte_gpio_setup(mpu);
-
- /* Setup initial (reset) machine state */
- if (nb_option_roms) {
- rom_size = get_image_size(option_rom[0].name);
- if (rom_size > flash_size) {
- fprintf(stderr, "%s: ROM image too big (%x > %x)\n",
- __FUNCTION__, rom_size, flash_size);
- rom_size = 0;
- }
- if (rom_size > 0) {
- rom_size = load_image_targphys(option_rom[0].name, OMAP_CS0_BASE,
- flash_size);
- rom_loaded = 1;
- }
- if (rom_size < 0) {
- fprintf(stderr, "%s: error loading '%s'\n",
- __FUNCTION__, option_rom[0].name);
- }
- }
-
- if (!rom_loaded && !kernel_filename) {
- fprintf(stderr, "Kernel or ROM image must be specified\n");
- exit(1);
- }
-
- /* Load the kernel. */
- if (kernel_filename) {
- palmte_binfo.kernel_filename = kernel_filename;
- palmte_binfo.kernel_cmdline = kernel_cmdline;
- palmte_binfo.initrd_filename = initrd_filename;
- arm_load_kernel(mpu->cpu, &palmte_binfo);
- }
-
- /* FIXME: We shouldn't really be doing this here. The LCD controller
- will set the size once configured, so this just sets an initial
- size until the guest activates the display. */
- ds->surface = qemu_resize_displaysurface(ds, 320, 320);
- dpy_gfx_resize(ds);
-}
-
-static QEMUMachine palmte_machine = {
- .name = "cheetah",
- .desc = "Palm Tungsten|E aka. Cheetah PDA (OMAP310)",
- .init = palmte_init,
-};
-
-static void palmte_machine_init(void)
-{
- qemu_register_machine(&palmte_machine);
-}
-
-machine_init(palmte_machine_init);
diff --git a/hw/pam.c b/hw/pam.c
deleted file mode 100644
index a95e2cfb0..000000000
--- a/hw/pam.c
+++ /dev/null
@@ -1,87 +0,0 @@
-/*
- * QEMU i440FX/PIIX3 PCI Bridge Emulation
- *
- * Copyright (c) 2006 Fabrice Bellard
- * Copyright (c) 2011 Isaku Yamahata <yamahata at valinux co jp>
- * VA Linux Systems Japan K.K.
- * Copyright (c) 2012 Jason Baron <jbaron@redhat.com>
- *
- * Split out from piix_pci.c
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
- * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
- * THE SOFTWARE.
- */
-#include "sysemu.h"
-#include "pam.h"
-
-void smram_update(MemoryRegion *smram_region, uint8_t smram,
- uint8_t smm_enabled)
-{
- bool smram_enabled;
-
- smram_enabled = ((smm_enabled && (smram & SMRAM_G_SMRAME)) ||
- (smram & SMRAM_D_OPEN));
- memory_region_set_enabled(smram_region, !smram_enabled);
-}
-
-void smram_set_smm(uint8_t *host_smm_enabled, int smm, uint8_t smram,
- MemoryRegion *smram_region)
-{
- uint8_t smm_enabled = (smm != 0);
- if (*host_smm_enabled != smm_enabled) {
- *host_smm_enabled = smm_enabled;
- smram_update(smram_region, smram, *host_smm_enabled);
- }
-}
-
-void init_pam(MemoryRegion *ram_memory, MemoryRegion *system_memory,
- MemoryRegion *pci_address_space, PAMMemoryRegion *mem,
- uint32_t start, uint32_t size)
-{
- int i;
-
- /* RAM */
- memory_region_init_alias(&mem->alias[3], "pam-ram", ram_memory,
- start, size);
- /* ROM (XXX: not quite correct) */
- memory_region_init_alias(&mem->alias[1], "pam-rom", ram_memory,
- start, size);
- memory_region_set_readonly(&mem->alias[1], true);
-
- /* XXX: should distinguish read/write cases */
- memory_region_init_alias(&mem->alias[0], "pam-pci", pci_address_space,
- start, size);
- memory_region_init_alias(&mem->alias[2], "pam-pci", pci_address_space,
- start, size);
-
- for (i = 0; i < 4; ++i) {
- memory_region_set_enabled(&mem->alias[i], false);
- memory_region_add_subregion_overlap(system_memory, start,
- &mem->alias[i], 1);
- }
- mem->current = 0;
-}
-
-void pam_update(PAMMemoryRegion *pam, int idx, uint8_t val)
-{
- assert(0 <= idx && idx <= 12);
-
- memory_region_set_enabled(&pam->alias[pam->current], false);
- pam->current = (val >> ((!(idx & 1)) * 4)) & PAM_ATTR_MASK;
- memory_region_set_enabled(&pam->alias[pam->current], true);
-}
diff --git a/hw/pam.h b/hw/pam.h
deleted file mode 100644
index 2d77ebe0d..000000000
--- a/hw/pam.h
+++ /dev/null
@@ -1,97 +0,0 @@
-#ifndef QEMU_PAM_H
-#define QEMU_PAM_H
-
-/*
- * Copyright (c) 2006 Fabrice Bellard
- * Copyright (c) 2011 Isaku Yamahata <yamahata at valinux co jp>
- * VA Linux Systems Japan K.K.
- * Copyright (c) 2012 Jason Baron <jbaron@redhat.com>
- *
- * Split out from piix_pci.c
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
- * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
- * THE SOFTWARE.
- */
-
-/*
- * SMRAM memory area and PAM memory area in Legacy address range for PC.
- * PAM: Programmable Attribute Map registers
- *
- * 0xa0000 - 0xbffff compatible SMRAM
- *
- * 0xc0000 - 0xc3fff Expansion area memory segments
- * 0xc4000 - 0xc7fff
- * 0xc8000 - 0xcbfff
- * 0xcc000 - 0xcffff
- * 0xd0000 - 0xd3fff
- * 0xd4000 - 0xd7fff
- * 0xd8000 - 0xdbfff
- * 0xdc000 - 0xdffff
- * 0xe0000 - 0xe3fff Extended System BIOS Area Memory Segments
- * 0xe4000 - 0xe7fff
- * 0xe8000 - 0xebfff
- * 0xec000 - 0xeffff
- *
- * 0xf0000 - 0xfffff System BIOS Area Memory Segments
- */
-
-#include "qemu-common.h"
-#include "memory.h"
-
-#define SMRAM_C_BASE 0xa0000
-#define SMRAM_C_END 0xc0000
-#define SMRAM_C_SIZE 0x20000
-
-#define PAM_EXPAN_BASE 0xc0000
-#define PAM_EXPAN_SIZE 0x04000
-
-#define PAM_EXBIOS_BASE 0xe0000
-#define PAM_EXBIOS_SIZE 0x04000
-
-#define PAM_BIOS_BASE 0xf0000
-#define PAM_BIOS_END 0xfffff
-/* 64KB: Intel 3 series express chipset family p. 58*/
-#define PAM_BIOS_SIZE 0x10000
-
-/* PAM registers: log nibble and high nibble*/
-#define PAM_ATTR_WE ((uint8_t)2)
-#define PAM_ATTR_RE ((uint8_t)1)
-#define PAM_ATTR_MASK ((uint8_t)3)
-
-/* SMRAM register */
-#define SMRAM_D_OPEN ((uint8_t)(1 << 6))
-#define SMRAM_D_CLS ((uint8_t)(1 << 5))
-#define SMRAM_D_LCK ((uint8_t)(1 << 4))
-#define SMRAM_G_SMRAME ((uint8_t)(1 << 3))
-#define SMRAM_C_BASE_SEG_MASK ((uint8_t)0x7)
-#define SMRAM_C_BASE_SEG ((uint8_t)0x2) /* hardwired to b010 */
-
-typedef struct PAMMemoryRegion {
- MemoryRegion alias[4]; /* index = PAM value */
- unsigned current;
-} PAMMemoryRegion;
-
-void smram_update(MemoryRegion *smram_region, uint8_t smram,
- uint8_t smm_enabled);
-void smram_set_smm(uint8_t *host_smm_enabled, int smm, uint8_t smram,
- MemoryRegion *smram_region);
-void init_pam(MemoryRegion *ram, MemoryRegion *system, MemoryRegion *pci,
- PAMMemoryRegion *mem, uint32_t start, uint32_t size);
-void pam_update(PAMMemoryRegion *mem, int idx, uint8_t val);
-
-#endif /* QEMU_PAM_H */
diff --git a/hw/parallel.c b/hw/parallel.c
deleted file mode 100644
index c4705bc89..000000000
--- a/hw/parallel.c
+++ /dev/null
@@ -1,614 +0,0 @@
-/*
- * QEMU Parallel PORT emulation
- *
- * Copyright (c) 2003-2005 Fabrice Bellard
- * Copyright (c) 2007 Marko Kohtala
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
- * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
- * THE SOFTWARE.
- */
-#include "hw.h"
-#include "qemu-char.h"
-#include "isa.h"
-#include "pc.h"
-#include "sysemu.h"
-
-//#define DEBUG_PARALLEL
-
-#ifdef DEBUG_PARALLEL
-#define pdebug(fmt, ...) printf("pp: " fmt, ## __VA_ARGS__)
-#else
-#define pdebug(fmt, ...) ((void)0)
-#endif
-
-#define PARA_REG_DATA 0
-#define PARA_REG_STS 1
-#define PARA_REG_CTR 2
-#define PARA_REG_EPP_ADDR 3
-#define PARA_REG_EPP_DATA 4
-
-/*
- * These are the definitions for the Printer Status Register
- */
-#define PARA_STS_BUSY 0x80 /* Busy complement */
-#define PARA_STS_ACK 0x40 /* Acknowledge */
-#define PARA_STS_PAPER 0x20 /* Out of paper */
-#define PARA_STS_ONLINE 0x10 /* Online */
-#define PARA_STS_ERROR 0x08 /* Error complement */
-#define PARA_STS_TMOUT 0x01 /* EPP timeout */
-
-/*
- * These are the definitions for the Printer Control Register
- */
-#define PARA_CTR_DIR 0x20 /* Direction (1=read, 0=write) */
-#define PARA_CTR_INTEN 0x10 /* IRQ Enable */
-#define PARA_CTR_SELECT 0x08 /* Select In complement */
-#define PARA_CTR_INIT 0x04 /* Initialize Printer complement */
-#define PARA_CTR_AUTOLF 0x02 /* Auto linefeed complement */
-#define PARA_CTR_STROBE 0x01 /* Strobe complement */
-
-#define PARA_CTR_SIGNAL (PARA_CTR_SELECT|PARA_CTR_INIT|PARA_CTR_AUTOLF|PARA_CTR_STROBE)
-
-typedef struct ParallelState {
- MemoryRegion iomem;
- uint8_t dataw;
- uint8_t datar;
- uint8_t status;
- uint8_t control;
- qemu_irq irq;
- int irq_pending;
- CharDriverState *chr;
- int hw_driver;
- int epp_timeout;
- uint32_t last_read_offset; /* For debugging */
- /* Memory-mapped interface */
- int it_shift;
-} ParallelState;
-
-typedef struct ISAParallelState {
- ISADevice dev;
- uint32_t index;
- uint32_t iobase;
- uint32_t isairq;
- ParallelState state;
-} ISAParallelState;
-
-static void parallel_update_irq(ParallelState *s)
-{
- if (s->irq_pending)
- qemu_irq_raise(s->irq);
- else
- qemu_irq_lower(s->irq);
-}
-
-static void
-parallel_ioport_write_sw(void *opaque, uint32_t addr, uint32_t val)
-{
- ParallelState *s = opaque;
-
- pdebug("write addr=0x%02x val=0x%02x\n", addr, val);
-
- addr &= 7;
- switch(addr) {
- case PARA_REG_DATA:
- s->dataw = val;
- parallel_update_irq(s);
- break;
- case PARA_REG_CTR:
- val |= 0xc0;
- if ((val & PARA_CTR_INIT) == 0 ) {
- s->status = PARA_STS_BUSY;
- s->status |= PARA_STS_ACK;
- s->status |= PARA_STS_ONLINE;
- s->status |= PARA_STS_ERROR;
- }
- else if (val & PARA_CTR_SELECT) {
- if (val & PARA_CTR_STROBE) {
- s->status &= ~PARA_STS_BUSY;
- if ((s->control & PARA_CTR_STROBE) == 0)
- qemu_chr_fe_write(s->chr, &s->dataw, 1);
- } else {
- if (s->control & PARA_CTR_INTEN) {
- s->irq_pending = 1;
- }
- }
- }
- parallel_update_irq(s);
- s->control = val;
- break;
- }
-}
-
-static void parallel_ioport_write_hw(void *opaque, uint32_t addr, uint32_t val)
-{
- ParallelState *s = opaque;
- uint8_t parm = val;
- int dir;
-
- /* Sometimes programs do several writes for timing purposes on old
- HW. Take care not to waste time on writes that do nothing. */
-
- s->last_read_offset = ~0U;
-
- addr &= 7;
- switch(addr) {
- case PARA_REG_DATA:
- if (s->dataw == val)
- return;
- pdebug("wd%02x\n", val);
- qemu_chr_fe_ioctl(s->chr, CHR_IOCTL_PP_WRITE_DATA, &parm);
- s->dataw = val;
- break;
- case PARA_REG_STS:
- pdebug("ws%02x\n", val);
- if (val & PARA_STS_TMOUT)
- s->epp_timeout = 0;
- break;
- case PARA_REG_CTR:
- val |= 0xc0;
- if (s->control == val)
- return;
- pdebug("wc%02x\n", val);
-
- if ((val & PARA_CTR_DIR) != (s->control & PARA_CTR_DIR)) {
- if (val & PARA_CTR_DIR) {
- dir = 1;
- } else {
- dir = 0;
- }
- qemu_chr_fe_ioctl(s->chr, CHR_IOCTL_PP_DATA_DIR, &dir);
- parm &= ~PARA_CTR_DIR;
- }
-
- qemu_chr_fe_ioctl(s->chr, CHR_IOCTL_PP_WRITE_CONTROL, &parm);
- s->control = val;
- break;
- case PARA_REG_EPP_ADDR:
- if ((s->control & (PARA_CTR_DIR|PARA_CTR_SIGNAL)) != PARA_CTR_INIT)
- /* Controls not correct for EPP address cycle, so do nothing */
- pdebug("wa%02x s\n", val);
- else {
- struct ParallelIOArg ioarg = { .buffer = &parm, .count = 1 };
- if (qemu_chr_fe_ioctl(s->chr, CHR_IOCTL_PP_EPP_WRITE_ADDR, &ioarg)) {
- s->epp_timeout = 1;
- pdebug("wa%02x t\n", val);
- }
- else
- pdebug("wa%02x\n", val);
- }
- break;
- case PARA_REG_EPP_DATA:
- if ((s->control & (PARA_CTR_DIR|PARA_CTR_SIGNAL)) != PARA_CTR_INIT)
- /* Controls not correct for EPP data cycle, so do nothing */
- pdebug("we%02x s\n", val);
- else {
- struct ParallelIOArg ioarg = { .buffer = &parm, .count = 1 };
- if (qemu_chr_fe_ioctl(s->chr, CHR_IOCTL_PP_EPP_WRITE, &ioarg)) {
- s->epp_timeout = 1;
- pdebug("we%02x t\n", val);
- }
- else
- pdebug("we%02x\n", val);
- }
- break;
- }
-}
-
-static void
-parallel_ioport_eppdata_write_hw2(void *opaque, uint32_t addr, uint32_t val)
-{
- ParallelState *s = opaque;
- uint16_t eppdata = cpu_to_le16(val);
- int err;
- struct ParallelIOArg ioarg = {
- .buffer = &eppdata, .count = sizeof(eppdata)
- };
- if ((s->control & (PARA_CTR_DIR|PARA_CTR_SIGNAL)) != PARA_CTR_INIT) {
- /* Controls not correct for EPP data cycle, so do nothing */
- pdebug("we%04x s\n", val);
- return;
- }
- err = qemu_chr_fe_ioctl(s->chr, CHR_IOCTL_PP_EPP_WRITE, &ioarg);
- if (err) {
- s->epp_timeout = 1;
- pdebug("we%04x t\n", val);
- }
- else
- pdebug("we%04x\n", val);
-}
-
-static void
-parallel_ioport_eppdata_write_hw4(void *opaque, uint32_t addr, uint32_t val)
-{
- ParallelState *s = opaque;
- uint32_t eppdata = cpu_to_le32(val);
- int err;
- struct ParallelIOArg ioarg = {
- .buffer = &eppdata, .count = sizeof(eppdata)
- };
- if ((s->control & (PARA_CTR_DIR|PARA_CTR_SIGNAL)) != PARA_CTR_INIT) {
- /* Controls not correct for EPP data cycle, so do nothing */
- pdebug("we%08x s\n", val);
- return;
- }
- err = qemu_chr_fe_ioctl(s->chr, CHR_IOCTL_PP_EPP_WRITE, &ioarg);
- if (err) {
- s->epp_timeout = 1;
- pdebug("we%08x t\n", val);
- }
- else
- pdebug("we%08x\n", val);
-}
-
-static uint32_t parallel_ioport_read_sw(void *opaque, uint32_t addr)
-{
- ParallelState *s = opaque;
- uint32_t ret = 0xff;
-
- addr &= 7;
- switch(addr) {
- case PARA_REG_DATA:
- if (s->control & PARA_CTR_DIR)
- ret = s->datar;
- else
- ret = s->dataw;
- break;
- case PARA_REG_STS:
- ret = s->status;
- s->irq_pending = 0;
- if ((s->status & PARA_STS_BUSY) == 0 && (s->control & PARA_CTR_STROBE) == 0) {
- /* XXX Fixme: wait 5 microseconds */
- if (s->status & PARA_STS_ACK)
- s->status &= ~PARA_STS_ACK;
- else {
- /* XXX Fixme: wait 5 microseconds */
- s->status |= PARA_STS_ACK;
- s->status |= PARA_STS_BUSY;
- }
- }
- parallel_update_irq(s);
- break;
- case PARA_REG_CTR:
- ret = s->control;
- break;
- }
- pdebug("read addr=0x%02x val=0x%02x\n", addr, ret);
- return ret;
-}
-
-static uint32_t parallel_ioport_read_hw(void *opaque, uint32_t addr)
-{
- ParallelState *s = opaque;
- uint8_t ret = 0xff;
- addr &= 7;
- switch(addr) {
- case PARA_REG_DATA:
- qemu_chr_fe_ioctl(s->chr, CHR_IOCTL_PP_READ_DATA, &ret);
- if (s->last_read_offset != addr || s->datar != ret)
- pdebug("rd%02x\n", ret);
- s->datar = ret;
- break;
- case PARA_REG_STS:
- qemu_chr_fe_ioctl(s->chr, CHR_IOCTL_PP_READ_STATUS, &ret);
- ret &= ~PARA_STS_TMOUT;
- if (s->epp_timeout)
- ret |= PARA_STS_TMOUT;
- if (s->last_read_offset != addr || s->status != ret)
- pdebug("rs%02x\n", ret);
- s->status = ret;
- break;
- case PARA_REG_CTR:
- /* s->control has some bits fixed to 1. It is zero only when
- it has not been yet written to. */
- if (s->control == 0) {
- qemu_chr_fe_ioctl(s->chr, CHR_IOCTL_PP_READ_CONTROL, &ret);
- if (s->last_read_offset != addr)
- pdebug("rc%02x\n", ret);
- s->control = ret;
- }
- else {
- ret = s->control;
- if (s->last_read_offset != addr)
- pdebug("rc%02x\n", ret);
- }
- break;
- case PARA_REG_EPP_ADDR:
- if ((s->control & (PARA_CTR_DIR|PARA_CTR_SIGNAL)) != (PARA_CTR_DIR|PARA_CTR_INIT))
- /* Controls not correct for EPP addr cycle, so do nothing */
- pdebug("ra%02x s\n", ret);
- else {
- struct ParallelIOArg ioarg = { .buffer = &ret, .count = 1 };
- if (qemu_chr_fe_ioctl(s->chr, CHR_IOCTL_PP_EPP_READ_ADDR, &ioarg)) {
- s->epp_timeout = 1;
- pdebug("ra%02x t\n", ret);
- }
- else
- pdebug("ra%02x\n", ret);
- }
- break;
- case PARA_REG_EPP_DATA:
- if ((s->control & (PARA_CTR_DIR|PARA_CTR_SIGNAL)) != (PARA_CTR_DIR|PARA_CTR_INIT))
- /* Controls not correct for EPP data cycle, so do nothing */
- pdebug("re%02x s\n", ret);
- else {
- struct ParallelIOArg ioarg = { .buffer = &ret, .count = 1 };
- if (qemu_chr_fe_ioctl(s->chr, CHR_IOCTL_PP_EPP_READ, &ioarg)) {
- s->epp_timeout = 1;
- pdebug("re%02x t\n", ret);
- }
- else
- pdebug("re%02x\n", ret);
- }
- break;
- }
- s->last_read_offset = addr;
- return ret;
-}
-
-static uint32_t
-parallel_ioport_eppdata_read_hw2(void *opaque, uint32_t addr)
-{
- ParallelState *s = opaque;
- uint32_t ret;
- uint16_t eppdata = ~0;
- int err;
- struct ParallelIOArg ioarg = {
- .buffer = &eppdata, .count = sizeof(eppdata)
- };
- if ((s->control & (PARA_CTR_DIR|PARA_CTR_SIGNAL)) != (PARA_CTR_DIR|PARA_CTR_INIT)) {
- /* Controls not correct for EPP data cycle, so do nothing */
- pdebug("re%04x s\n", eppdata);
- return eppdata;
- }
- err = qemu_chr_fe_ioctl(s->chr, CHR_IOCTL_PP_EPP_READ, &ioarg);
- ret = le16_to_cpu(eppdata);
-
- if (err) {
- s->epp_timeout = 1;
- pdebug("re%04x t\n", ret);
- }
- else
- pdebug("re%04x\n", ret);
- return ret;
-}
-
-static uint32_t
-parallel_ioport_eppdata_read_hw4(void *opaque, uint32_t addr)
-{
- ParallelState *s = opaque;
- uint32_t ret;
- uint32_t eppdata = ~0U;
- int err;
- struct ParallelIOArg ioarg = {
- .buffer = &eppdata, .count = sizeof(eppdata)
- };
- if ((s->control & (PARA_CTR_DIR|PARA_CTR_SIGNAL)) != (PARA_CTR_DIR|PARA_CTR_INIT)) {
- /* Controls not correct for EPP data cycle, so do nothing */
- pdebug("re%08x s\n", eppdata);
- return eppdata;
- }
- err = qemu_chr_fe_ioctl(s->chr, CHR_IOCTL_PP_EPP_READ, &ioarg);
- ret = le32_to_cpu(eppdata);
-
- if (err) {
- s->epp_timeout = 1;
- pdebug("re%08x t\n", ret);
- }
- else
- pdebug("re%08x\n", ret);
- return ret;
-}
-
-static void parallel_ioport_ecp_write(void *opaque, uint32_t addr, uint32_t val)
-{
- pdebug("wecp%d=%02x\n", addr & 7, val);
-}
-
-static uint32_t parallel_ioport_ecp_read(void *opaque, uint32_t addr)
-{
- uint8_t ret = 0xff;
-
- pdebug("recp%d:%02x\n", addr & 7, ret);
- return ret;
-}
-
-static void parallel_reset(void *opaque)
-{
- ParallelState *s = opaque;
-
- s->datar = ~0;
- s->dataw = ~0;
- s->status = PARA_STS_BUSY;
- s->status |= PARA_STS_ACK;
- s->status |= PARA_STS_ONLINE;
- s->status |= PARA_STS_ERROR;
- s->status |= PARA_STS_TMOUT;
- s->control = PARA_CTR_SELECT;
- s->control |= PARA_CTR_INIT;
- s->control |= 0xc0;
- s->irq_pending = 0;
- s->hw_driver = 0;
- s->epp_timeout = 0;
- s->last_read_offset = ~0U;
-}
-
-static const int isa_parallel_io[MAX_PARALLEL_PORTS] = { 0x378, 0x278, 0x3bc };
-
-static const MemoryRegionPortio isa_parallel_portio_hw_list[] = {
- { 0, 8, 1,
- .read = parallel_ioport_read_hw,
- .write = parallel_ioport_write_hw },
- { 4, 1, 2,
- .read = parallel_ioport_eppdata_read_hw2,
- .write = parallel_ioport_eppdata_write_hw2 },
- { 4, 1, 4,
- .read = parallel_ioport_eppdata_read_hw4,
- .write = parallel_ioport_eppdata_write_hw4 },
- { 0x400, 8, 1,
- .read = parallel_ioport_ecp_read,
- .write = parallel_ioport_ecp_write },
- PORTIO_END_OF_LIST(),
-};
-
-static const MemoryRegionPortio isa_parallel_portio_sw_list[] = {
- { 0, 8, 1,
- .read = parallel_ioport_read_sw,
- .write = parallel_ioport_write_sw },
- PORTIO_END_OF_LIST(),
-};
-
-static int parallel_isa_initfn(ISADevice *dev)
-{
- static int index;
- ISAParallelState *isa = DO_UPCAST(ISAParallelState, dev, dev);
- ParallelState *s = &isa->state;
- int base;
- uint8_t dummy;
-
- if (!s->chr) {
- fprintf(stderr, "Can't create parallel device, empty char device\n");
- exit(1);
- }
-
- if (isa->index == -1)
- isa->index = index;
- if (isa->index >= MAX_PARALLEL_PORTS)
- return -1;
- if (isa->iobase == -1)
- isa->iobase = isa_parallel_io[isa->index];
- index++;
-
- base = isa->iobase;
- isa_init_irq(dev, &s->irq, isa->isairq);
- qemu_register_reset(parallel_reset, s);
-
- if (qemu_chr_fe_ioctl(s->chr, CHR_IOCTL_PP_READ_STATUS, &dummy) == 0) {
- s->hw_driver = 1;
- s->status = dummy;
- }
-
- isa_register_portio_list(dev, base,
- (s->hw_driver
- ? &isa_parallel_portio_hw_list[0]
- : &isa_parallel_portio_sw_list[0]),
- s, "parallel");
- return 0;
-}
-
-/* Memory mapped interface */
-static uint32_t parallel_mm_readb (void *opaque, hwaddr addr)
-{
- ParallelState *s = opaque;
-
- return parallel_ioport_read_sw(s, addr >> s->it_shift) & 0xFF;
-}
-
-static void parallel_mm_writeb (void *opaque,
- hwaddr addr, uint32_t value)
-{
- ParallelState *s = opaque;
-
- parallel_ioport_write_sw(s, addr >> s->it_shift, value & 0xFF);
-}
-
-static uint32_t parallel_mm_readw (void *opaque, hwaddr addr)
-{
- ParallelState *s = opaque;
-
- return parallel_ioport_read_sw(s, addr >> s->it_shift) & 0xFFFF;
-}
-
-static void parallel_mm_writew (void *opaque,
- hwaddr addr, uint32_t value)
-{
- ParallelState *s = opaque;
-
- parallel_ioport_write_sw(s, addr >> s->it_shift, value & 0xFFFF);
-}
-
-static uint32_t parallel_mm_readl (void *opaque, hwaddr addr)
-{
- ParallelState *s = opaque;
-
- return parallel_ioport_read_sw(s, addr >> s->it_shift);
-}
-
-static void parallel_mm_writel (void *opaque,
- hwaddr addr, uint32_t value)
-{
- ParallelState *s = opaque;
-
- parallel_ioport_write_sw(s, addr >> s->it_shift, value);
-}
-
-static const MemoryRegionOps parallel_mm_ops = {
- .old_mmio = {
- .read = { parallel_mm_readb, parallel_mm_readw, parallel_mm_readl },
- .write = { parallel_mm_writeb, parallel_mm_writew, parallel_mm_writel },
- },
- .endianness = DEVICE_NATIVE_ENDIAN,
-};
-
-/* If fd is zero, it means that the parallel device uses the console */
-bool parallel_mm_init(MemoryRegion *address_space,
- hwaddr base, int it_shift, qemu_irq irq,
- CharDriverState *chr)
-{
- ParallelState *s;
-
- s = g_malloc0(sizeof(ParallelState));
- s->irq = irq;
- s->chr = chr;
- s->it_shift = it_shift;
- qemu_register_reset(parallel_reset, s);
-
- memory_region_init_io(&s->iomem, &parallel_mm_ops, s,
- "parallel", 8 << it_shift);
- memory_region_add_subregion(address_space, base, &s->iomem);
- return true;
-}
-
-static Property parallel_isa_properties[] = {
- DEFINE_PROP_UINT32("index", ISAParallelState, index, -1),
- DEFINE_PROP_HEX32("iobase", ISAParallelState, iobase, -1),
- DEFINE_PROP_UINT32("irq", ISAParallelState, isairq, 7),
- DEFINE_PROP_CHR("chardev", ISAParallelState, state.chr),
- DEFINE_PROP_END_OF_LIST(),
-};
-
-static void parallel_isa_class_initfn(ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS(klass);
- ISADeviceClass *ic = ISA_DEVICE_CLASS(klass);
- ic->init = parallel_isa_initfn;
- dc->props = parallel_isa_properties;
-}
-
-static TypeInfo parallel_isa_info = {
- .name = "isa-parallel",
- .parent = TYPE_ISA_DEVICE,
- .instance_size = sizeof(ISAParallelState),
- .class_init = parallel_isa_class_initfn,
-};
-
-static void parallel_register_types(void)
-{
- type_register_static(&parallel_isa_info);
-}
-
-type_init(parallel_register_types)
diff --git a/hw/pc.c b/hw/pc.c
deleted file mode 100644
index 2b5bbbfb3..000000000
--- a/hw/pc.c
+++ /dev/null
@@ -1,1109 +0,0 @@
-/*
- * QEMU PC System Emulator
- *
- * Copyright (c) 2003-2004 Fabrice Bellard
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
- * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
- * THE SOFTWARE.
- */
-#include "hw.h"
-#include "pc.h"
-#include "serial.h"
-#include "apic.h"
-#include "fdc.h"
-#include "ide.h"
-#include "pci.h"
-#include "monitor.h"
-#include "fw_cfg.h"
-#include "hpet_emul.h"
-#include "smbios.h"
-#include "loader.h"
-#include "elf.h"
-#include "multiboot.h"
-#include "mc146818rtc.h"
-#include "i8254.h"
-#include "pcspk.h"
-#include "msi.h"
-#include "sysbus.h"
-#include "sysemu.h"
-#include "kvm.h"
-#include "kvm_i386.h"
-#include "xen.h"
-#include "blockdev.h"
-#include "hw/block-common.h"
-#include "ui/qemu-spice.h"
-#include "memory.h"
-#include "exec-memory.h"
-#include "arch_init.h"
-#include "bitmap.h"
-
-/* debug PC/ISA interrupts */
-//#define DEBUG_IRQ
-
-#ifdef DEBUG_IRQ
-#define DPRINTF(fmt, ...) \
- do { printf("CPUIRQ: " fmt , ## __VA_ARGS__); } while (0)
-#else
-#define DPRINTF(fmt, ...)
-#endif
-
-/* Leave a chunk of memory at the top of RAM for the BIOS ACPI tables. */
-#define ACPI_DATA_SIZE 0x10000
-#define BIOS_CFG_IOPORT 0x510
-#define FW_CFG_ACPI_TABLES (FW_CFG_ARCH_LOCAL + 0)
-#define FW_CFG_SMBIOS_ENTRIES (FW_CFG_ARCH_LOCAL + 1)
-#define FW_CFG_IRQ0_OVERRIDE (FW_CFG_ARCH_LOCAL + 2)
-#define FW_CFG_E820_TABLE (FW_CFG_ARCH_LOCAL + 3)
-#define FW_CFG_HPET (FW_CFG_ARCH_LOCAL + 4)
-
-#define E820_NR_ENTRIES 16
-
-struct e820_entry {
- uint64_t address;
- uint64_t length;
- uint32_t type;
-} QEMU_PACKED __attribute((__aligned__(4)));
-
-struct e820_table {
- uint32_t count;
- struct e820_entry entry[E820_NR_ENTRIES];
-} QEMU_PACKED __attribute((__aligned__(4)));
-
-static struct e820_table e820_table;
-struct hpet_fw_config hpet_cfg = {.count = UINT8_MAX};
-
-void gsi_handler(void *opaque, int n, int level)
-{
- GSIState *s = opaque;
-
- DPRINTF("pc: %s GSI %d\n", level ? "raising" : "lowering", n);
- if (n < ISA_NUM_IRQS) {
- qemu_set_irq(s->i8259_irq[n], level);
- }
- qemu_set_irq(s->ioapic_irq[n], level);
-}
-
-static void ioport80_write(void *opaque, uint32_t addr, uint32_t data)
-{
-}
-
-/* MSDOS compatibility mode FPU exception support */
-static qemu_irq ferr_irq;
-
-void pc_register_ferr_irq(qemu_irq irq)
-{
- ferr_irq = irq;
-}
-
-/* XXX: add IGNNE support */
-void cpu_set_ferr(CPUX86State *s)
-{
- qemu_irq_raise(ferr_irq);
-}
-
-static void ioportF0_write(void *opaque, uint32_t addr, uint32_t data)
-{
- qemu_irq_lower(ferr_irq);
-}
-
-/* TSC handling */
-uint64_t cpu_get_tsc(CPUX86State *env)
-{
- return cpu_get_ticks();
-}
-
-/* SMM support */
-
-static cpu_set_smm_t smm_set;
-static void *smm_arg;
-
-void cpu_smm_register(cpu_set_smm_t callback, void *arg)
-{
- assert(smm_set == NULL);
- assert(smm_arg == NULL);
- smm_set = callback;
- smm_arg = arg;
-}
-
-void cpu_smm_update(CPUX86State *env)
-{
- if (smm_set && smm_arg && env == first_cpu)
- smm_set(!!(env->hflags & HF_SMM_MASK), smm_arg);
-}
-
-
-/* IRQ handling */
-int cpu_get_pic_interrupt(CPUX86State *env)
-{
- int intno;
-
- intno = apic_get_interrupt(env->apic_state);
- if (intno >= 0) {
- return intno;
- }
- /* read the irq from the PIC */
- if (!apic_accept_pic_intr(env->apic_state)) {
- return -1;
- }
-
- intno = pic_read_irq(isa_pic);
- return intno;
-}
-
-static void pic_irq_request(void *opaque, int irq, int level)
-{
- CPUX86State *env = first_cpu;
-
- DPRINTF("pic_irqs: %s irq %d\n", level? "raise" : "lower", irq);
- if (env->apic_state) {
- while (env) {
- if (apic_accept_pic_intr(env->apic_state)) {
- apic_deliver_pic_intr(env->apic_state, level);
- }
- env = env->next_cpu;
- }
- } else {
- if (level)
- cpu_interrupt(env, CPU_INTERRUPT_HARD);
- else
- cpu_reset_interrupt(env, CPU_INTERRUPT_HARD);
- }
-}
-
-/* PC cmos mappings */
-
-#define REG_EQUIPMENT_BYTE 0x14
-
-static int cmos_get_fd_drive_type(FDriveType fd0)
-{
- int val;
-
- switch (fd0) {
- case FDRIVE_DRV_144:
- /* 1.44 Mb 3"5 drive */
- val = 4;
- break;
- case FDRIVE_DRV_288:
- /* 2.88 Mb 3"5 drive */
- val = 5;
- break;
- case FDRIVE_DRV_120:
- /* 1.2 Mb 5"5 drive */
- val = 2;
- break;
- case FDRIVE_DRV_NONE:
- default:
- val = 0;
- break;
- }
- return val;
-}
-
-static void cmos_init_hd(ISADevice *s, int type_ofs, int info_ofs,
- int16_t cylinders, int8_t heads, int8_t sectors)
-{
- rtc_set_memory(s, type_ofs, 47);
- rtc_set_memory(s, info_ofs, cylinders);
- rtc_set_memory(s, info_ofs + 1, cylinders >> 8);
- rtc_set_memory(s, info_ofs + 2, heads);
- rtc_set_memory(s, info_ofs + 3, 0xff);
- rtc_set_memory(s, info_ofs + 4, 0xff);
- rtc_set_memory(s, info_ofs + 5, 0xc0 | ((heads > 8) << 3));
- rtc_set_memory(s, info_ofs + 6, cylinders);
- rtc_set_memory(s, info_ofs + 7, cylinders >> 8);
- rtc_set_memory(s, info_ofs + 8, sectors);
-}
-
-/* convert boot_device letter to something recognizable by the bios */
-static int boot_device2nibble(char boot_device)
-{
- switch(boot_device) {
- case 'a':
- case 'b':
- return 0x01; /* floppy boot */
- case 'c':
- return 0x02; /* hard drive boot */
- case 'd':
- return 0x03; /* CD-ROM boot */
- case 'n':
- return 0x04; /* Network boot */
- }
- return 0;
-}
-
-static int set_boot_dev(ISADevice *s, const char *boot_device, int fd_bootchk)
-{
-#define PC_MAX_BOOT_DEVICES 3
- int nbds, bds[3] = { 0, };
- int i;
-
- nbds = strlen(boot_device);
- if (nbds > PC_MAX_BOOT_DEVICES) {
- error_report("Too many boot devices for PC");
- return(1);
- }
- for (i = 0; i < nbds; i++) {
- bds[i] = boot_device2nibble(boot_device[i]);
- if (bds[i] == 0) {
- error_report("Invalid boot device for PC: '%c'",
- boot_device[i]);
- return(1);
- }
- }
- rtc_set_memory(s, 0x3d, (bds[1] << 4) | bds[0]);
- rtc_set_memory(s, 0x38, (bds[2] << 4) | (fd_bootchk ? 0x0 : 0x1));
- return(0);
-}
-
-static int pc_boot_set(void *opaque, const char *boot_device)
-{
- return set_boot_dev(opaque, boot_device, 0);
-}
-
-typedef struct pc_cmos_init_late_arg {
- ISADevice *rtc_state;
- BusState *idebus[2];
-} pc_cmos_init_late_arg;
-
-static void pc_cmos_init_late(void *opaque)
-{
- pc_cmos_init_late_arg *arg = opaque;
- ISADevice *s = arg->rtc_state;
- int16_t cylinders;
- int8_t heads, sectors;
- int val;
- int i, trans;
-
- val = 0;
- if (ide_get_geometry(arg->idebus[0], 0,
- &cylinders, &heads, &sectors) >= 0) {
- cmos_init_hd(s, 0x19, 0x1b, cylinders, heads, sectors);
- val |= 0xf0;
- }
- if (ide_get_geometry(arg->idebus[0], 1,
- &cylinders, &heads, &sectors) >= 0) {
- cmos_init_hd(s, 0x1a, 0x24, cylinders, heads, sectors);
- val |= 0x0f;
- }
- rtc_set_memory(s, 0x12, val);
-
- val = 0;
- for (i = 0; i < 4; i++) {
- /* NOTE: ide_get_geometry() returns the physical
- geometry. It is always such that: 1 <= sects <= 63, 1
- <= heads <= 16, 1 <= cylinders <= 16383. The BIOS
- geometry can be different if a translation is done. */
- if (ide_get_geometry(arg->idebus[i / 2], i % 2,
- &cylinders, &heads, &sectors) >= 0) {
- trans = ide_get_bios_chs_trans(arg->idebus[i / 2], i % 2) - 1;
- assert((trans & ~3) == 0);
- val |= trans << (i * 2);
- }
- }
- rtc_set_memory(s, 0x39, val);
-
- qemu_unregister_reset(pc_cmos_init_late, opaque);
-}
-
-void pc_cmos_init(ram_addr_t ram_size, ram_addr_t above_4g_mem_size,
- const char *boot_device,
- ISADevice *floppy, BusState *idebus0, BusState *idebus1,
- ISADevice *s)
-{
- int val, nb, i;
- FDriveType fd_type[2] = { FDRIVE_DRV_NONE, FDRIVE_DRV_NONE };
- static pc_cmos_init_late_arg arg;
-
- /* various important CMOS locations needed by PC/Bochs bios */
-
- /* memory size */
- /* base memory (first MiB) */
- val = MIN(ram_size / 1024, 640);
- rtc_set_memory(s, 0x15, val);
- rtc_set_memory(s, 0x16, val >> 8);
- /* extended memory (next 64MiB) */
- if (ram_size > 1024 * 1024) {
- val = (ram_size - 1024 * 1024) / 1024;
- } else {
- val = 0;
- }
- if (val > 65535)
- val = 65535;
- rtc_set_memory(s, 0x17, val);
- rtc_set_memory(s, 0x18, val >> 8);
- rtc_set_memory(s, 0x30, val);
- rtc_set_memory(s, 0x31, val >> 8);
- /* memory between 16MiB and 4GiB */
- if (ram_size > 16 * 1024 * 1024) {
- val = (ram_size - 16 * 1024 * 1024) / 65536;
- } else {
- val = 0;
- }
- if (val > 65535)
- val = 65535;
- rtc_set_memory(s, 0x34, val);
- rtc_set_memory(s, 0x35, val >> 8);
- /* memory above 4GiB */
- val = above_4g_mem_size / 65536;
- rtc_set_memory(s, 0x5b, val);
- rtc_set_memory(s, 0x5c, val >> 8);
- rtc_set_memory(s, 0x5d, val >> 16);
-
- /* set the number of CPU */
- rtc_set_memory(s, 0x5f, smp_cpus - 1);
-
- /* set boot devices, and disable floppy signature check if requested */
- if (set_boot_dev(s, boot_device, fd_bootchk)) {
- exit(1);
- }
-
- /* floppy type */
- if (floppy) {
- for (i = 0; i < 2; i++) {
- fd_type[i] = isa_fdc_get_drive_type(floppy, i);
- }
- }
- val = (cmos_get_fd_drive_type(fd_type[0]) << 4) |
- cmos_get_fd_drive_type(fd_type[1]);
- rtc_set_memory(s, 0x10, val);
-
- val = 0;
- nb = 0;
- if (fd_type[0] < FDRIVE_DRV_NONE) {
- nb++;
- }
- if (fd_type[1] < FDRIVE_DRV_NONE) {
- nb++;
- }
- switch (nb) {
- case 0:
- break;
- case 1:
- val |= 0x01; /* 1 drive, ready for boot */
- break;
- case 2:
- val |= 0x41; /* 2 drives, ready for boot */
- break;
- }
- val |= 0x02; /* FPU is there */
- val |= 0x04; /* PS/2 mouse installed */
- rtc_set_memory(s, REG_EQUIPMENT_BYTE, val);
-
- /* hard drives */
- arg.rtc_state = s;
- arg.idebus[0] = idebus0;
- arg.idebus[1] = idebus1;
- qemu_register_reset(pc_cmos_init_late, &arg);
-}
-
-/* port 92 stuff: could be split off */
-typedef struct Port92State {
- ISADevice dev;
- MemoryRegion io;
- uint8_t outport;
- qemu_irq *a20_out;
-} Port92State;
-
-static void port92_write(void *opaque, hwaddr addr, uint64_t val,
- unsigned size)
-{
- Port92State *s = opaque;
-
- DPRINTF("port92: write 0x%02x\n", val);
- s->outport = val;
- qemu_set_irq(*s->a20_out, (val >> 1) & 1);
- if (val & 1) {
- qemu_system_reset_request();
- }
-}
-
-static uint64_t port92_read(void *opaque, hwaddr addr,
- unsigned size)
-{
- Port92State *s = opaque;
- uint32_t ret;
-
- ret = s->outport;
- DPRINTF("port92: read 0x%02x\n", ret);
- return ret;
-}
-
-static void port92_init(ISADevice *dev, qemu_irq *a20_out)
-{
- Port92State *s = DO_UPCAST(Port92State, dev, dev);
-
- s->a20_out = a20_out;
-}
-
-static const VMStateDescription vmstate_port92_isa = {
- .name = "port92",
- .version_id = 1,
- .minimum_version_id = 1,
- .minimum_version_id_old = 1,
- .fields = (VMStateField []) {
- VMSTATE_UINT8(outport, Port92State),
- VMSTATE_END_OF_LIST()
- }
-};
-
-static void port92_reset(DeviceState *d)
-{
- Port92State *s = container_of(d, Port92State, dev.qdev);
-
- s->outport &= ~1;
-}
-
-static const MemoryRegionOps port92_ops = {
- .read = port92_read,
- .write = port92_write,
- .impl = {
- .min_access_size = 1,
- .max_access_size = 1,
- },
- .endianness = DEVICE_LITTLE_ENDIAN,
-};
-
-static int port92_initfn(ISADevice *dev)
-{
- Port92State *s = DO_UPCAST(Port92State, dev, dev);
-
- memory_region_init_io(&s->io, &port92_ops, s, "port92", 1);
- isa_register_ioport(dev, &s->io, 0x92);
-
- s->outport = 0;
- return 0;
-}
-
-static void port92_class_initfn(ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS(klass);
- ISADeviceClass *ic = ISA_DEVICE_CLASS(klass);
- ic->init = port92_initfn;
- dc->no_user = 1;
- dc->reset = port92_reset;
- dc->vmsd = &vmstate_port92_isa;
-}
-
-static TypeInfo port92_info = {
- .name = "port92",
- .parent = TYPE_ISA_DEVICE,
- .instance_size = sizeof(Port92State),
- .class_init = port92_class_initfn,
-};
-
-static void port92_register_types(void)
-{
- type_register_static(&port92_info);
-}
-
-type_init(port92_register_types)
-
-static void handle_a20_line_change(void *opaque, int irq, int level)
-{
- CPUX86State *cpu = opaque;
-
- /* XXX: send to all CPUs ? */
- /* XXX: add logic to handle multiple A20 line sources */
- cpu_x86_set_a20(cpu, level);
-}
-
-/***********************************************************/
-/* Bochs BIOS debug ports */
-
-static void bochs_bios_write(void *opaque, uint32_t addr, uint32_t val)
-{
- static const char shutdown_str[8] = "Shutdown";
- static int shutdown_index = 0;
-
- switch(addr) {
- case 0x8900:
- /* same as Bochs power off */
- if (val == shutdown_str[shutdown_index]) {
- shutdown_index++;
- if (shutdown_index == 8) {
- shutdown_index = 0;
- qemu_system_shutdown_request();
- }
- } else {
- shutdown_index = 0;
- }
- break;
-
- case 0x501:
- case 0x502:
- exit((val << 1) | 1);
- }
-}
-
-int e820_add_entry(uint64_t address, uint64_t length, uint32_t type)
-{
- int index = le32_to_cpu(e820_table.count);
- struct e820_entry *entry;
-
- if (index >= E820_NR_ENTRIES)
- return -EBUSY;
- entry = &e820_table.entry[index++];
-
- entry->address = cpu_to_le64(address);
- entry->length = cpu_to_le64(length);
- entry->type = cpu_to_le32(type);
-
- e820_table.count = cpu_to_le32(index);
- return index;
-}
-
-static void *bochs_bios_init(void)
-{
- void *fw_cfg;
- uint8_t *smbios_table;
- size_t smbios_len;
- uint64_t *numa_fw_cfg;
- int i, j;
-
- register_ioport_write(0x8900, 1, 1, bochs_bios_write, NULL);
-
- register_ioport_write(0x501, 1, 1, bochs_bios_write, NULL);
- register_ioport_write(0x501, 1, 2, bochs_bios_write, NULL);
- register_ioport_write(0x502, 1, 2, bochs_bios_write, NULL);
-
- fw_cfg = fw_cfg_init(BIOS_CFG_IOPORT, BIOS_CFG_IOPORT + 1, 0, 0);
-
- fw_cfg_add_i32(fw_cfg, FW_CFG_ID, 1);
- fw_cfg_add_i64(fw_cfg, FW_CFG_RAM_SIZE, (uint64_t)ram_size);
- fw_cfg_add_bytes(fw_cfg, FW_CFG_ACPI_TABLES, (uint8_t *)acpi_tables,
- acpi_tables_len);
- fw_cfg_add_i32(fw_cfg, FW_CFG_IRQ0_OVERRIDE, kvm_allows_irq0_override());
-
- smbios_table = smbios_get_table(&smbios_len);
- if (smbios_table)
- fw_cfg_add_bytes(fw_cfg, FW_CFG_SMBIOS_ENTRIES,
- smbios_table, smbios_len);
- fw_cfg_add_bytes(fw_cfg, FW_CFG_E820_TABLE, (uint8_t *)&e820_table,
- sizeof(struct e820_table));
-
- fw_cfg_add_bytes(fw_cfg, FW_CFG_HPET, (uint8_t *)&hpet_cfg,
- sizeof(struct hpet_fw_config));
- /* allocate memory for the NUMA channel: one (64bit) word for the number
- * of nodes, one word for each VCPU->node and one word for each node to
- * hold the amount of memory.
- */
- numa_fw_cfg = g_malloc0((1 + max_cpus + nb_numa_nodes) * 8);
- numa_fw_cfg[0] = cpu_to_le64(nb_numa_nodes);
- for (i = 0; i < max_cpus; i++) {
- for (j = 0; j < nb_numa_nodes; j++) {
- if (test_bit(i, node_cpumask[j])) {
- numa_fw_cfg[i + 1] = cpu_to_le64(j);
- break;
- }
- }
- }
- for (i = 0; i < nb_numa_nodes; i++) {
- numa_fw_cfg[max_cpus + 1 + i] = cpu_to_le64(node_mem[i]);
- }
- fw_cfg_add_bytes(fw_cfg, FW_CFG_NUMA, (uint8_t *)numa_fw_cfg,
- (1 + max_cpus + nb_numa_nodes) * 8);
-
- return fw_cfg;
-}
-
-static long get_file_size(FILE *f)
-{
- long where, size;
-
- /* XXX: on Unix systems, using fstat() probably makes more sense */
-
- where = ftell(f);
- fseek(f, 0, SEEK_END);
- size = ftell(f);
- fseek(f, where, SEEK_SET);
-
- return size;
-}
-
-static void load_linux(void *fw_cfg,
- const char *kernel_filename,
- const char *initrd_filename,
- const char *kernel_cmdline,
- hwaddr max_ram_size)
-{
- uint16_t protocol;
- int setup_size, kernel_size, initrd_size = 0, cmdline_size;
- uint32_t initrd_max;
- uint8_t header[8192], *setup, *kernel, *initrd_data;
- hwaddr real_addr, prot_addr, cmdline_addr, initrd_addr = 0;
- FILE *f;
- char *vmode;
-
- /* Align to 16 bytes as a paranoia measure */
- cmdline_size = (strlen(kernel_cmdline)+16) & ~15;
-
- /* load the kernel header */
- f = fopen(kernel_filename, "rb");
- if (!f || !(kernel_size = get_file_size(f)) ||
- fread(header, 1, MIN(ARRAY_SIZE(header), kernel_size), f) !=
- MIN(ARRAY_SIZE(header), kernel_size)) {
- fprintf(stderr, "qemu: could not load kernel '%s': %s\n",
- kernel_filename, strerror(errno));
- exit(1);
- }
-
- /* kernel protocol version */
-#if 0
- fprintf(stderr, "header magic: %#x\n", ldl_p(header+0x202));
-#endif
- if (ldl_p(header+0x202) == 0x53726448)
- protocol = lduw_p(header+0x206);
- else {
- /* This looks like a multiboot kernel. If it is, let's stop
- treating it like a Linux kernel. */
- if (load_multiboot(fw_cfg, f, kernel_filename, initrd_filename,
- kernel_cmdline, kernel_size, header))
- return;
- protocol = 0;
- }
-
- if (protocol < 0x200 || !(header[0x211] & 0x01)) {
- /* Low kernel */
- real_addr = 0x90000;
- cmdline_addr = 0x9a000 - cmdline_size;
- prot_addr = 0x10000;
- } else if (protocol < 0x202) {
- /* High but ancient kernel */
- real_addr = 0x90000;
- cmdline_addr = 0x9a000 - cmdline_size;
- prot_addr = 0x100000;
- } else {
- /* High and recent kernel */
- real_addr = 0x10000;
- cmdline_addr = 0x20000;
- prot_addr = 0x100000;
- }
-
-#if 0
- fprintf(stderr,
- "qemu: real_addr = 0x" TARGET_FMT_plx "\n"
- "qemu: cmdline_addr = 0x" TARGET_FMT_plx "\n"
- "qemu: prot_addr = 0x" TARGET_FMT_plx "\n",
- real_addr,
- cmdline_addr,
- prot_addr);
-#endif
-
- /* highest address for loading the initrd */
- if (protocol >= 0x203)
- initrd_max = ldl_p(header+0x22c);
- else
- initrd_max = 0x37ffffff;
-
- if (initrd_max >= max_ram_size-ACPI_DATA_SIZE)
- initrd_max = max_ram_size-ACPI_DATA_SIZE-1;
-
- fw_cfg_add_i32(fw_cfg, FW_CFG_CMDLINE_ADDR, cmdline_addr);
- fw_cfg_add_i32(fw_cfg, FW_CFG_CMDLINE_SIZE, strlen(kernel_cmdline)+1);
- fw_cfg_add_bytes(fw_cfg, FW_CFG_CMDLINE_DATA,
- (uint8_t*)strdup(kernel_cmdline),
- strlen(kernel_cmdline)+1);
-
- if (protocol >= 0x202) {
- stl_p(header+0x228, cmdline_addr);
- } else {
- stw_p(header+0x20, 0xA33F);
- stw_p(header+0x22, cmdline_addr-real_addr);
- }
-
- /* handle vga= parameter */
- vmode = strstr(kernel_cmdline, "vga=");
- if (vmode) {
- unsigned int video_mode;
- /* skip "vga=" */
- vmode += 4;
- if (!strncmp(vmode, "normal", 6)) {
- video_mode = 0xffff;
- } else if (!strncmp(vmode, "ext", 3)) {
- video_mode = 0xfffe;
- } else if (!strncmp(vmode, "ask", 3)) {
- video_mode = 0xfffd;
- } else {
- video_mode = strtol(vmode, NULL, 0);
- }
- stw_p(header+0x1fa, video_mode);
- }
-
- /* loader type */
- /* High nybble = B reserved for QEMU; low nybble is revision number.
- If this code is substantially changed, you may want to consider
- incrementing the revision. */
- if (protocol >= 0x200)
- header[0x210] = 0xB0;
-
- /* heap */
- if (protocol >= 0x201) {
- header[0x211] |= 0x80; /* CAN_USE_HEAP */
- stw_p(header+0x224, cmdline_addr-real_addr-0x200);
- }
-
- /* load initrd */
- if (initrd_filename) {
- if (protocol < 0x200) {
- fprintf(stderr, "qemu: linux kernel too old to load a ram disk\n");
- exit(1);
- }
-
- initrd_size = get_image_size(initrd_filename);
- if (initrd_size < 0) {
- fprintf(stderr, "qemu: error reading initrd %s\n",
- initrd_filename);
- exit(1);
- }
-
- initrd_addr = (initrd_max-initrd_size) & ~4095;
-
- initrd_data = g_malloc(initrd_size);
- load_image(initrd_filename, initrd_data);
-
- fw_cfg_add_i32(fw_cfg, FW_CFG_INITRD_ADDR, initrd_addr);
- fw_cfg_add_i32(fw_cfg, FW_CFG_INITRD_SIZE, initrd_size);
- fw_cfg_add_bytes(fw_cfg, FW_CFG_INITRD_DATA, initrd_data, initrd_size);
-
- stl_p(header+0x218, initrd_addr);
- stl_p(header+0x21c, initrd_size);
- }
-
- /* load kernel and setup */
- setup_size = header[0x1f1];
- if (setup_size == 0)
- setup_size = 4;
- setup_size = (setup_size+1)*512;
- kernel_size -= setup_size;
-
- setup = g_malloc(setup_size);
- kernel = g_malloc(kernel_size);
- fseek(f, 0, SEEK_SET);
- if (fread(setup, 1, setup_size, f) != setup_size) {
- fprintf(stderr, "fread() failed\n");
- exit(1);
- }
- if (fread(kernel, 1, kernel_size, f) != kernel_size) {
- fprintf(stderr, "fread() failed\n");
- exit(1);
- }
- fclose(f);
- memcpy(setup, header, MIN(sizeof(header), setup_size));
-
- fw_cfg_add_i32(fw_cfg, FW_CFG_KERNEL_ADDR, prot_addr);
- fw_cfg_add_i32(fw_cfg, FW_CFG_KERNEL_SIZE, kernel_size);
- fw_cfg_add_bytes(fw_cfg, FW_CFG_KERNEL_DATA, kernel, kernel_size);
-
- fw_cfg_add_i32(fw_cfg, FW_CFG_SETUP_ADDR, real_addr);
- fw_cfg_add_i32(fw_cfg, FW_CFG_SETUP_SIZE, setup_size);
- fw_cfg_add_bytes(fw_cfg, FW_CFG_SETUP_DATA, setup, setup_size);
-
- option_rom[nb_option_roms].name = "linuxboot.bin";
- option_rom[nb_option_roms].bootindex = 0;
- nb_option_roms++;
-}
-
-#define NE2000_NB_MAX 6
-
-static const int ne2000_io[NE2000_NB_MAX] = { 0x300, 0x320, 0x340, 0x360,
- 0x280, 0x380 };
-static const int ne2000_irq[NE2000_NB_MAX] = { 9, 10, 11, 3, 4, 5 };
-
-static const int parallel_io[MAX_PARALLEL_PORTS] = { 0x378, 0x278, 0x3bc };
-static const int parallel_irq[MAX_PARALLEL_PORTS] = { 7, 7, 7 };
-
-void pc_init_ne2k_isa(ISABus *bus, NICInfo *nd)
-{
- static int nb_ne2k = 0;
-
- if (nb_ne2k == NE2000_NB_MAX)
- return;
- isa_ne2000_init(bus, ne2000_io[nb_ne2k],
- ne2000_irq[nb_ne2k], nd);
- nb_ne2k++;
-}
-
-DeviceState *cpu_get_current_apic(void)
-{
- if (cpu_single_env) {
- return cpu_single_env->apic_state;
- } else {
- return NULL;
- }
-}
-
-void pc_acpi_smi_interrupt(void *opaque, int irq, int level)
-{
- CPUX86State *s = opaque;
-
- if (level) {
- cpu_interrupt(s, CPU_INTERRUPT_SMI);
- }
-}
-
-void pc_cpus_init(const char *cpu_model)
-{
- int i;
-
- /* init CPUs */
- if (cpu_model == NULL) {
-#ifdef TARGET_X86_64
- cpu_model = "qemu64";
-#else
- cpu_model = "qemu32";
-#endif
- }
-
- for (i = 0; i < smp_cpus; i++) {
- if (!cpu_x86_init(cpu_model)) {
- fprintf(stderr, "Unable to find x86 CPU definition\n");
- exit(1);
- }
- }
-}
-
-void *pc_memory_init(MemoryRegion *system_memory,
- const char *kernel_filename,
- const char *kernel_cmdline,
- const char *initrd_filename,
- ram_addr_t below_4g_mem_size,
- ram_addr_t above_4g_mem_size,
- MemoryRegion *rom_memory,
- MemoryRegion **ram_memory)
-{
- int linux_boot, i;
- MemoryRegion *ram, *option_rom_mr;
- MemoryRegion *ram_below_4g, *ram_above_4g;
- void *fw_cfg;
-
- linux_boot = (kernel_filename != NULL);
-
- /* Allocate RAM. We allocate it as a single memory region and use
- * aliases to address portions of it, mostly for backwards compatibility
- * with older qemus that used qemu_ram_alloc().
- */
- ram = g_malloc(sizeof(*ram));
- memory_region_init_ram(ram, "pc.ram",
- below_4g_mem_size + above_4g_mem_size);
- vmstate_register_ram_global(ram);
- *ram_memory = ram;
- ram_below_4g = g_malloc(sizeof(*ram_below_4g));
- memory_region_init_alias(ram_below_4g, "ram-below-4g", ram,
- 0, below_4g_mem_size);
- memory_region_add_subregion(system_memory, 0, ram_below_4g);
- if (above_4g_mem_size > 0) {
- ram_above_4g = g_malloc(sizeof(*ram_above_4g));
- memory_region_init_alias(ram_above_4g, "ram-above-4g", ram,
- below_4g_mem_size, above_4g_mem_size);
- memory_region_add_subregion(system_memory, 0x100000000ULL,
- ram_above_4g);
- }
-
-
- /* Initialize PC system firmware */
- pc_system_firmware_init(rom_memory);
-
- option_rom_mr = g_malloc(sizeof(*option_rom_mr));
- memory_region_init_ram(option_rom_mr, "pc.rom", PC_ROM_SIZE);
- vmstate_register_ram_global(option_rom_mr);
- memory_region_add_subregion_overlap(rom_memory,
- PC_ROM_MIN_VGA,
- option_rom_mr,
- 1);
-
- fw_cfg = bochs_bios_init();
- rom_set_fw(fw_cfg);
-
- if (linux_boot) {
- load_linux(fw_cfg, kernel_filename, initrd_filename, kernel_cmdline, below_4g_mem_size);
- }
-
- for (i = 0; i < nb_option_roms; i++) {
- rom_add_option(option_rom[i].name, option_rom[i].bootindex);
- }
- return fw_cfg;
-}
-
-qemu_irq *pc_allocate_cpu_irq(void)
-{
- return qemu_allocate_irqs(pic_irq_request, NULL, 1);
-}
-
-DeviceState *pc_vga_init(ISABus *isa_bus, PCIBus *pci_bus)
-{
- DeviceState *dev = NULL;
-
- if (pci_bus) {
- PCIDevice *pcidev = pci_vga_init(pci_bus);
- dev = pcidev ? &pcidev->qdev : NULL;
- } else if (isa_bus) {
- ISADevice *isadev = isa_vga_init(isa_bus);
- dev = isadev ? &isadev->qdev : NULL;
- }
- return dev;
-}
-
-static void cpu_request_exit(void *opaque, int irq, int level)
-{
- CPUX86State *env = cpu_single_env;
-
- if (env && level) {
- cpu_exit(env);
- }
-}
-
-void pc_basic_device_init(ISABus *isa_bus, qemu_irq *gsi,
- ISADevice **rtc_state,
- ISADevice **floppy,
- bool no_vmport)
-{
- int i;
- DriveInfo *fd[MAX_FD];
- DeviceState *hpet = NULL;
- int pit_isa_irq = 0;
- qemu_irq pit_alt_irq = NULL;
- qemu_irq rtc_irq = NULL;
- qemu_irq *a20_line;
- ISADevice *i8042, *port92, *vmmouse, *pit = NULL;
- qemu_irq *cpu_exit_irq;
-
- register_ioport_write(0x80, 1, 1, ioport80_write, NULL);
-
- register_ioport_write(0xf0, 1, 1, ioportF0_write, NULL);
-
- /*
- * Check if an HPET shall be created.
- *
- * Without KVM_CAP_PIT_STATE2, we cannot switch off the in-kernel PIT
- * when the HPET wants to take over. Thus we have to disable the latter.
- */
- if (!no_hpet && (!kvm_irqchip_in_kernel() || kvm_has_pit_state2())) {
- hpet = sysbus_try_create_simple("hpet", HPET_BASE, NULL);
-
- if (hpet) {
- for (i = 0; i < GSI_NUM_PINS; i++) {
- sysbus_connect_irq(sysbus_from_qdev(hpet), i, gsi[i]);
- }
- pit_isa_irq = -1;
- pit_alt_irq = qdev_get_gpio_in(hpet, HPET_LEGACY_PIT_INT);
- rtc_irq = qdev_get_gpio_in(hpet, HPET_LEGACY_RTC_INT);
- }
- }
- *rtc_state = rtc_init(isa_bus, 2000, rtc_irq);
-
- qemu_register_boot_set(pc_boot_set, *rtc_state);
-
- if (!xen_enabled()) {
- if (kvm_irqchip_in_kernel()) {
- pit = kvm_pit_init(isa_bus, 0x40);
- } else {
- pit = pit_init(isa_bus, 0x40, pit_isa_irq, pit_alt_irq);
- }
- if (hpet) {
- /* connect PIT to output control line of the HPET */
- qdev_connect_gpio_out(hpet, 0, qdev_get_gpio_in(&pit->qdev, 0));
- }
- pcspk_init(isa_bus, pit);
- }
-
- for(i = 0; i < MAX_SERIAL_PORTS; i++) {
- if (serial_hds[i]) {
- serial_isa_init(isa_bus, i, serial_hds[i]);
- }
- }
-
- for(i = 0; i < MAX_PARALLEL_PORTS; i++) {
- if (parallel_hds[i]) {
- parallel_init(isa_bus, i, parallel_hds[i]);
- }
- }
-
- a20_line = qemu_allocate_irqs(handle_a20_line_change, first_cpu, 2);
- i8042 = isa_create_simple(isa_bus, "i8042");
- i8042_setup_a20_line(i8042, &a20_line[0]);
- if (!no_vmport) {
- vmport_init(isa_bus);
- vmmouse = isa_try_create(isa_bus, "vmmouse");
- } else {
- vmmouse = NULL;
- }
- if (vmmouse) {
- qdev_prop_set_ptr(&vmmouse->qdev, "ps2_mouse", i8042);
- qdev_init_nofail(&vmmouse->qdev);
- }
- port92 = isa_create_simple(isa_bus, "port92");
- port92_init(port92, &a20_line[1]);
-
- cpu_exit_irq = qemu_allocate_irqs(cpu_request_exit, NULL, 1);
- DMA_init(0, cpu_exit_irq);
-
- for(i = 0; i < MAX_FD; i++) {
- fd[i] = drive_get(IF_FLOPPY, 0, i);
- }
- *floppy = fdctrl_init_isa(isa_bus, fd);
-}
-
-void pc_nic_init(ISABus *isa_bus, PCIBus *pci_bus)
-{
- int i;
-
- for (i = 0; i < nb_nics; i++) {
- NICInfo *nd = &nd_table[i];
-
- if (!pci_bus || (nd->model && strcmp(nd->model, "ne2k_isa") == 0)) {
- pc_init_ne2k_isa(isa_bus, nd);
- } else {
- pci_nic_init_nofail(nd, "e1000", NULL);
- }
- }
-}
-
-void pc_pci_device_init(PCIBus *pci_bus)
-{
- int max_bus;
- int bus;
-
- max_bus = drive_get_max_bus(IF_SCSI);
- for (bus = 0; bus <= max_bus; bus++) {
- pci_create_simple(pci_bus, -1, "lsi53c895a");
- }
-}
-
-void ioapic_init_gsi(GSIState *gsi_state, const char *parent_name)
-{
- DeviceState *dev;
- SysBusDevice *d;
- unsigned int i;
-
- if (kvm_irqchip_in_kernel()) {
- dev = qdev_create(NULL, "kvm-ioapic");
- } else {
- dev = qdev_create(NULL, "ioapic");
- }
- if (parent_name) {
- object_property_add_child(object_resolve_path(parent_name, NULL),
- "ioapic", OBJECT(dev), NULL);
- }
- qdev_init_nofail(dev);
- d = sysbus_from_qdev(dev);
- sysbus_mmio_map(d, 0, 0xfec00000);
-
- for (i = 0; i < IOAPIC_NUM_PINS; i++) {
- gsi_state->ioapic_irq[i] = qdev_get_gpio_in(dev, i);
- }
-}
diff --git a/hw/pc.h b/hw/pc.h
deleted file mode 100644
index 2237e8644..000000000
--- a/hw/pc.h
+++ /dev/null
@@ -1,189 +0,0 @@
-#ifndef HW_PC_H
-#define HW_PC_H
-
-#include "qemu-common.h"
-#include "memory.h"
-#include "ioport.h"
-#include "isa.h"
-#include "fdc.h"
-#include "net.h"
-#include "memory.h"
-#include "ioapic.h"
-
-/* PC-style peripherals (also used by other machines). */
-
-/* parallel.c */
-static inline bool parallel_init(ISABus *bus, int index, CharDriverState *chr)
-{
- ISADevice *dev;
-
- dev = isa_try_create(bus, "isa-parallel");
- if (!dev) {
- return false;
- }
- qdev_prop_set_uint32(&dev->qdev, "index", index);
- qdev_prop_set_chr(&dev->qdev, "chardev", chr);
- if (qdev_init(&dev->qdev) < 0) {
- return false;
- }
- return true;
-}
-
-bool parallel_mm_init(MemoryRegion *address_space,
- hwaddr base, int it_shift, qemu_irq irq,
- CharDriverState *chr);
-
-/* i8259.c */
-
-extern DeviceState *isa_pic;
-qemu_irq *i8259_init(ISABus *bus, qemu_irq parent_irq);
-qemu_irq *kvm_i8259_init(ISABus *bus);
-int pic_read_irq(DeviceState *d);
-int pic_get_output(DeviceState *d);
-void pic_info(Monitor *mon);
-void irq_info(Monitor *mon);
-
-/* Global System Interrupts */
-
-#define GSI_NUM_PINS IOAPIC_NUM_PINS
-
-typedef struct GSIState {
- qemu_irq i8259_irq[ISA_NUM_IRQS];
- qemu_irq ioapic_irq[IOAPIC_NUM_PINS];
-} GSIState;
-
-void gsi_handler(void *opaque, int n, int level);
-
-/* vmport.c */
-static inline void vmport_init(ISABus *bus)
-{
- isa_create_simple(bus, "vmport");
-}
-void vmport_register(unsigned char command, IOPortReadFunc *func, void *opaque);
-void vmmouse_get_data(uint32_t *data);
-void vmmouse_set_data(const uint32_t *data);
-
-/* pckbd.c */
-
-void i8042_init(qemu_irq kbd_irq, qemu_irq mouse_irq, uint32_t io_base);
-void i8042_mm_init(qemu_irq kbd_irq, qemu_irq mouse_irq,
- MemoryRegion *region, ram_addr_t size,
- hwaddr mask);
-void i8042_isa_mouse_fake_event(void *opaque);
-void i8042_setup_a20_line(ISADevice *dev, qemu_irq *a20_out);
-
-/* pc.c */
-extern int fd_bootchk;
-
-void pc_register_ferr_irq(qemu_irq irq);
-void pc_acpi_smi_interrupt(void *opaque, int irq, int level);
-
-void pc_cpus_init(const char *cpu_model);
-void *pc_memory_init(MemoryRegion *system_memory,
- const char *kernel_filename,
- const char *kernel_cmdline,
- const char *initrd_filename,
- ram_addr_t below_4g_mem_size,
- ram_addr_t above_4g_mem_size,
- MemoryRegion *rom_memory,
- MemoryRegion **ram_memory);
-qemu_irq *pc_allocate_cpu_irq(void);
-DeviceState *pc_vga_init(ISABus *isa_bus, PCIBus *pci_bus);
-void pc_basic_device_init(ISABus *isa_bus, qemu_irq *gsi,
- ISADevice **rtc_state,
- ISADevice **floppy,
- bool no_vmport);
-void pc_init_ne2k_isa(ISABus *bus, NICInfo *nd);
-void pc_cmos_init(ram_addr_t ram_size, ram_addr_t above_4g_mem_size,
- const char *boot_device,
- ISADevice *floppy, BusState *ide0, BusState *ide1,
- ISADevice *s);
-void pc_nic_init(ISABus *isa_bus, PCIBus *pci_bus);
-void pc_pci_device_init(PCIBus *pci_bus);
-
-typedef void (*cpu_set_smm_t)(int smm, void *arg);
-void cpu_smm_register(cpu_set_smm_t callback, void *arg);
-
-void ioapic_init_gsi(GSIState *gsi_state, const char *parent_name);
-
-/* acpi.c */
-extern int acpi_enabled;
-extern char *acpi_tables;
-extern size_t acpi_tables_len;
-
-void acpi_bios_init(void);
-int acpi_table_add(const char *table_desc);
-
-/* acpi_piix.c */
-
-i2c_bus *piix4_pm_init(PCIBus *bus, int devfn, uint32_t smb_io_base,
- qemu_irq sci_irq, qemu_irq smi_irq,
- int kvm_enabled, void *fw_cfg);
-void piix4_smbus_register_device(SMBusDevice *dev, uint8_t addr);
-
-/* hpet.c */
-extern int no_hpet;
-
-/* piix_pci.c */
-struct PCII440FXState;
-typedef struct PCII440FXState PCII440FXState;
-
-PCIBus *i440fx_init(PCII440FXState **pi440fx_state, int *piix_devfn,
- ISABus **isa_bus, qemu_irq *pic,
- MemoryRegion *address_space_mem,
- MemoryRegion *address_space_io,
- ram_addr_t ram_size,
- hwaddr pci_hole_start,
- hwaddr pci_hole_size,
- hwaddr pci_hole64_start,
- hwaddr pci_hole64_size,
- MemoryRegion *pci_memory,
- MemoryRegion *ram_memory);
-
-/* piix4.c */
-extern PCIDevice *piix4_dev;
-int piix4_init(PCIBus *bus, ISABus **isa_bus, int devfn);
-
-/* vga.c */
-enum vga_retrace_method {
- VGA_RETRACE_DUMB,
- VGA_RETRACE_PRECISE
-};
-
-extern enum vga_retrace_method vga_retrace_method;
-
-int isa_vga_mm_init(hwaddr vram_base,
- hwaddr ctrl_base, int it_shift,
- MemoryRegion *address_space);
-
-/* ne2000.c */
-static inline bool isa_ne2000_init(ISABus *bus, int base, int irq, NICInfo *nd)
-{
- ISADevice *dev;
-
- qemu_check_nic_model(nd, "ne2k_isa");
-
- dev = isa_try_create(bus, "ne2k_isa");
- if (!dev) {
- return false;
- }
- qdev_prop_set_uint32(&dev->qdev, "iobase", base);
- qdev_prop_set_uint32(&dev->qdev, "irq", irq);
- qdev_set_nic_properties(&dev->qdev, nd);
- qdev_init_nofail(&dev->qdev);
- return true;
-}
-
-/* pc_sysfw.c */
-void pc_system_firmware_init(MemoryRegion *rom_memory);
-
-/* e820 types */
-#define E820_RAM 1
-#define E820_RESERVED 2
-#define E820_ACPI 3
-#define E820_NVS 4
-#define E820_UNUSABLE 5
-
-int e820_add_entry(uint64_t, uint64_t, uint32_t);
-
-#endif
diff --git a/hw/pc_piix.c b/hw/pc_piix.c
deleted file mode 100644
index aa3e7f40d..000000000
--- a/hw/pc_piix.c
+++ /dev/null
@@ -1,645 +0,0 @@
-/*
- * QEMU PC System Emulator
- *
- * Copyright (c) 2003-2004 Fabrice Bellard
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
- * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
- * THE SOFTWARE.
- */
-
-#include <glib.h>
-
-#include "hw.h"
-#include "pc.h"
-#include "apic.h"
-#include "pci.h"
-#include "pci_ids.h"
-#include "usb.h"
-#include "net.h"
-#include "boards.h"
-#include "ide.h"
-#include "kvm.h"
-#include "kvm/clock.h"
-#include "sysemu.h"
-#include "sysbus.h"
-#include "arch_init.h"
-#include "blockdev.h"
-#include "smbus.h"
-#include "xen.h"
-#include "memory.h"
-#include "exec-memory.h"
-#include "cpu.h"
-#ifdef CONFIG_XEN
-# include <xen/hvm/hvm_info_table.h>
-#endif
-
-#define MAX_IDE_BUS 2
-
-static const int ide_iobase[MAX_IDE_BUS] = { 0x1f0, 0x170 };
-static const int ide_iobase2[MAX_IDE_BUS] = { 0x3f6, 0x376 };
-static const int ide_irq[MAX_IDE_BUS] = { 14, 15 };
-
-/* PC hardware initialisation */
-static void pc_init1(MemoryRegion *system_memory,
- MemoryRegion *system_io,
- ram_addr_t ram_size,
- const char *boot_device,
- const char *kernel_filename,
- const char *kernel_cmdline,
- const char *initrd_filename,
- const char *cpu_model,
- int pci_enabled,
- int kvmclock_enabled)
-{
- int i;
- ram_addr_t below_4g_mem_size, above_4g_mem_size;
- PCIBus *pci_bus;
- ISABus *isa_bus;
- PCII440FXState *i440fx_state;
- int piix3_devfn = -1;
- qemu_irq *cpu_irq;
- qemu_irq *gsi;
- qemu_irq *i8259;
- qemu_irq *smi_irq;
- GSIState *gsi_state;
- DriveInfo *hd[MAX_IDE_BUS * MAX_IDE_DEVS];
- BusState *idebus[MAX_IDE_BUS];
- ISADevice *rtc_state;
- ISADevice *floppy;
- MemoryRegion *ram_memory;
- MemoryRegion *pci_memory;
- MemoryRegion *rom_memory;
- void *fw_cfg = NULL;
-
- pc_cpus_init(cpu_model);
-
- if (kvmclock_enabled) {
- kvmclock_create();
- }
-
- if (ram_size >= 0xe0000000 ) {
- above_4g_mem_size = ram_size - 0xe0000000;
- below_4g_mem_size = 0xe0000000;
- } else {
- above_4g_mem_size = 0;
- below_4g_mem_size = ram_size;
- }
-
- if (pci_enabled) {
- pci_memory = g_new(MemoryRegion, 1);
- memory_region_init(pci_memory, "pci", INT64_MAX);
- rom_memory = pci_memory;
- } else {
- pci_memory = NULL;
- rom_memory = system_memory;
- }
-
- /* allocate ram and load rom/bios */
- if (!xen_enabled()) {
- fw_cfg = pc_memory_init(system_memory,
- kernel_filename, kernel_cmdline, initrd_filename,
- below_4g_mem_size, above_4g_mem_size,
- rom_memory, &ram_memory);
- }
-
- gsi_state = g_malloc0(sizeof(*gsi_state));
- if (kvm_irqchip_in_kernel()) {
- kvm_pc_setup_irq_routing(pci_enabled);
- gsi = qemu_allocate_irqs(kvm_pc_gsi_handler, gsi_state,
- GSI_NUM_PINS);
- } else {
- gsi = qemu_allocate_irqs(gsi_handler, gsi_state, GSI_NUM_PINS);
- }
-
- if (pci_enabled) {
- pci_bus = i440fx_init(&i440fx_state, &piix3_devfn, &isa_bus, gsi,
- system_memory, system_io, ram_size,
- below_4g_mem_size,
- 0x100000000ULL - below_4g_mem_size,
- 0x100000000ULL + above_4g_mem_size,
- (sizeof(hwaddr) == 4
- ? 0
- : ((uint64_t)1 << 62)),
- pci_memory, ram_memory);
- } else {
- pci_bus = NULL;
- i440fx_state = NULL;
- isa_bus = isa_bus_new(NULL, system_io);
- no_hpet = 1;
- }
- isa_bus_irqs(isa_bus, gsi);
-
- if (kvm_irqchip_in_kernel()) {
- i8259 = kvm_i8259_init(isa_bus);
- } else if (xen_enabled()) {
- i8259 = xen_interrupt_controller_init();
- } else {
- cpu_irq = pc_allocate_cpu_irq();
- i8259 = i8259_init(isa_bus, cpu_irq[0]);
- }
-
- for (i = 0; i < ISA_NUM_IRQS; i++) {
- gsi_state->i8259_irq[i] = i8259[i];
- }
- if (pci_enabled) {
- ioapic_init_gsi(gsi_state, "i440fx");
- }
-
- pc_register_ferr_irq(gsi[13]);
-
- pc_vga_init(isa_bus, pci_enabled ? pci_bus : NULL);
- if (xen_enabled()) {
- pci_create_simple(pci_bus, -1, "xen-platform");
- }
-
- /* init basic PC hardware */
- pc_basic_device_init(isa_bus, gsi, &rtc_state, &floppy, xen_enabled());
-
- pc_nic_init(isa_bus, pci_bus);
-
- ide_drive_get(hd, MAX_IDE_BUS);
- if (pci_enabled) {
- PCIDevice *dev;
- if (xen_enabled()) {
- dev = pci_piix3_xen_ide_init(pci_bus, hd, piix3_devfn + 1);
- } else {
- dev = pci_piix3_ide_init(pci_bus, hd, piix3_devfn + 1);
- }
- idebus[0] = qdev_get_child_bus(&dev->qdev, "ide.0");
- idebus[1] = qdev_get_child_bus(&dev->qdev, "ide.1");
- } else {
- for(i = 0; i < MAX_IDE_BUS; i++) {
- ISADevice *dev;
- dev = isa_ide_init(isa_bus, ide_iobase[i], ide_iobase2[i],
- ide_irq[i],
- hd[MAX_IDE_DEVS * i], hd[MAX_IDE_DEVS * i + 1]);
- idebus[i] = qdev_get_child_bus(&dev->qdev, "ide.0");
- }
- }
-
- audio_init(isa_bus, pci_enabled ? pci_bus : NULL);
-
- pc_cmos_init(below_4g_mem_size, above_4g_mem_size, boot_device,
- floppy, idebus[0], idebus[1], rtc_state);
-
- if (pci_enabled && usb_enabled(false)) {
- pci_create_simple(pci_bus, piix3_devfn + 2, "piix3-usb-uhci");
- }
-
- if (pci_enabled && acpi_enabled) {
- i2c_bus *smbus;
-
- smi_irq = qemu_allocate_irqs(pc_acpi_smi_interrupt, first_cpu, 1);
- /* TODO: Populate SPD eeprom data. */
- smbus = piix4_pm_init(pci_bus, piix3_devfn + 3, 0xb100,
- gsi[9], *smi_irq,
- kvm_enabled(), fw_cfg);
- smbus_eeprom_init(smbus, 8, NULL, 0);
- }
-
- if (pci_enabled) {
- pc_pci_device_init(pci_bus);
- }
-}
-
-static void pc_init_pci(QEMUMachineInitArgs *args)
-{
- ram_addr_t ram_size = args->ram_size;
- const char *cpu_model = args->cpu_model;
- const char *kernel_filename = args->kernel_filename;
- const char *kernel_cmdline = args->kernel_cmdline;
- const char *initrd_filename = args->initrd_filename;
- const char *boot_device = args->boot_device;
- pc_init1(get_system_memory(),
- get_system_io(),
- ram_size, boot_device,
- kernel_filename, kernel_cmdline,
- initrd_filename, cpu_model, 1, 1);
-}
-
-static void pc_init_pci_1_3(QEMUMachineInitArgs *args)
-{
- enable_kvm_pv_eoi();
- pc_init_pci(args);
-}
-
-static void pc_init_pci_no_kvmclock(QEMUMachineInitArgs *args)
-{
- ram_addr_t ram_size = args->ram_size;
- const char *cpu_model = args->cpu_model;
- const char *kernel_filename = args->kernel_filename;
- const char *kernel_cmdline = args->kernel_cmdline;
- const char *initrd_filename = args->initrd_filename;
- const char *boot_device = args->boot_device;
- pc_init1(get_system_memory(),
- get_system_io(),
- ram_size, boot_device,
- kernel_filename, kernel_cmdline,
- initrd_filename, cpu_model, 1, 0);
-}
-
-static void pc_init_isa(QEMUMachineInitArgs *args)
-{
- ram_addr_t ram_size = args->ram_size;
- const char *cpu_model = args->cpu_model;
- const char *kernel_filename = args->kernel_filename;
- const char *kernel_cmdline = args->kernel_cmdline;
- const char *initrd_filename = args->initrd_filename;
- const char *boot_device = args->boot_device;
- if (cpu_model == NULL)
- cpu_model = "486";
- pc_init1(get_system_memory(),
- get_system_io(),
- ram_size, boot_device,
- kernel_filename, kernel_cmdline,
- initrd_filename, cpu_model, 0, 1);
-}
-
-#ifdef CONFIG_XEN
-static void pc_xen_hvm_init(QEMUMachineInitArgs *args)
-{
- if (xen_hvm_init() != 0) {
- hw_error("xen hardware virtual machine initialisation failed");
- }
- pc_init_pci_no_kvmclock(args);
- xen_vcpu_init();
-}
-#endif
-
-static QEMUMachine pc_machine_v1_3 = {
- .name = "pc-1.3",
- .alias = "pc",
- .desc = "Standard PC",
- .init = pc_init_pci_1_3,
- .max_cpus = 255,
- .is_default = 1,
-};
-
-#define PC_COMPAT_1_2 \
- {\
- .driver = "nec-usb-xhci",\
- .property = "msi",\
- .value = "off",\
- },{\
- .driver = "nec-usb-xhci",\
- .property = "msix",\
- .value = "off",\
- },{\
- .driver = "ivshmem",\
- .property = "use64",\
- .value = "0",\
- },{\
- .driver = "qxl",\
- .property = "revision",\
- .value = stringify(3),\
- },{\
- .driver = "qxl-vga",\
- .property = "revision",\
- .value = stringify(3),\
- },{\
- .driver = "VGA",\
- .property = "mmio",\
- .value = "off",\
- }
-
-static QEMUMachine pc_machine_v1_2 = {
- .name = "pc-1.2",
- .desc = "Standard PC",
- .init = pc_init_pci,
- .max_cpus = 255,
- .compat_props = (GlobalProperty[]) {
- PC_COMPAT_1_2,
- { /* end of list */ }
- },
-};
-
-#define PC_COMPAT_1_1 \
- PC_COMPAT_1_2,\
- {\
- .driver = "virtio-scsi-pci",\
- .property = "hotplug",\
- .value = "off",\
- },{\
- .driver = "virtio-scsi-pci",\
- .property = "param_change",\
- .value = "off",\
- },{\
- .driver = "VGA",\
- .property = "vgamem_mb",\
- .value = stringify(8),\
- },{\
- .driver = "vmware-svga",\
- .property = "vgamem_mb",\
- .value = stringify(8),\
- },{\
- .driver = "qxl-vga",\
- .property = "vgamem_mb",\
- .value = stringify(8),\
- },{\
- .driver = "qxl",\
- .property = "vgamem_mb",\
- .value = stringify(8),\
- },{\
- .driver = "virtio-blk-pci",\
- .property = "config-wce",\
- .value = "off",\
- }
-
-static QEMUMachine pc_machine_v1_1 = {
- .name = "pc-1.1",
- .desc = "Standard PC",
- .init = pc_init_pci,
- .max_cpus = 255,
- .compat_props = (GlobalProperty[]) {
- PC_COMPAT_1_1,
- { /* end of list */ }
- },
-};
-
-#define PC_COMPAT_1_0 \
- PC_COMPAT_1_1,\
- {\
- .driver = "pc-sysfw",\
- .property = "rom_only",\
- .value = stringify(1),\
- }, {\
- .driver = "isa-fdc",\
- .property = "check_media_rate",\
- .value = "off",\
- }, {\
- .driver = "virtio-balloon-pci",\
- .property = "class",\
- .value = stringify(PCI_CLASS_MEMORY_RAM),\
- },{\
- .driver = "apic",\
- .property = "vapic",\
- .value = "off",\
- },{\
- .driver = TYPE_USB_DEVICE,\
- .property = "full-path",\
- .value = "no",\
- }
-
-static QEMUMachine pc_machine_v1_0 = {
- .name = "pc-1.0",
- .desc = "Standard PC",
- .init = pc_init_pci,
- .max_cpus = 255,
- .compat_props = (GlobalProperty[]) {
- PC_COMPAT_1_0,
- { /* end of list */ }
- },
- .hw_version = "1.0",
-};
-
-#define PC_COMPAT_0_15 \
- PC_COMPAT_1_0
-
-static QEMUMachine pc_machine_v0_15 = {
- .name = "pc-0.15",
- .desc = "Standard PC",
- .init = pc_init_pci,
- .max_cpus = 255,
- .compat_props = (GlobalProperty[]) {
- PC_COMPAT_0_15,
- { /* end of list */ }
- },
- .hw_version = "0.15",
-};
-
-#define PC_COMPAT_0_14 \
- PC_COMPAT_0_15,\
- {\
- .driver = "virtio-blk-pci",\
- .property = "event_idx",\
- .value = "off",\
- },{\
- .driver = "virtio-serial-pci",\
- .property = "event_idx",\
- .value = "off",\
- },{\
- .driver = "virtio-net-pci",\
- .property = "event_idx",\
- .value = "off",\
- },{\
- .driver = "virtio-balloon-pci",\
- .property = "event_idx",\
- .value = "off",\
- }
-
-static QEMUMachine pc_machine_v0_14 = {
- .name = "pc-0.14",
- .desc = "Standard PC",
- .init = pc_init_pci,
- .max_cpus = 255,
- .compat_props = (GlobalProperty[]) {
- PC_COMPAT_0_14,
- {
- .driver = "qxl",
- .property = "revision",
- .value = stringify(2),
- },{
- .driver = "qxl-vga",
- .property = "revision",
- .value = stringify(2),
- },
- { /* end of list */ }
- },
- .hw_version = "0.14",
-};
-
-#define PC_COMPAT_0_13 \
- PC_COMPAT_0_14,\
- {\
- .driver = TYPE_PCI_DEVICE,\
- .property = "command_serr_enable",\
- .value = "off",\
- },{\
- .driver = "AC97",\
- .property = "use_broken_id",\
- .value = stringify(1),\
- }
-
-static QEMUMachine pc_machine_v0_13 = {
- .name = "pc-0.13",
- .desc = "Standard PC",
- .init = pc_init_pci_no_kvmclock,
- .max_cpus = 255,
- .compat_props = (GlobalProperty[]) {
- PC_COMPAT_0_13,
- {
- .driver = "virtio-9p-pci",
- .property = "vectors",
- .value = stringify(0),
- },{
- .driver = "VGA",
- .property = "rombar",
- .value = stringify(0),
- },{
- .driver = "vmware-svga",
- .property = "rombar",
- .value = stringify(0),
- },
- { /* end of list */ }
- },
- .hw_version = "0.13",
-};
-
-#define PC_COMPAT_0_12 \
- PC_COMPAT_0_13,\
- {\
- .driver = "virtio-serial-pci",\
- .property = "max_ports",\
- .value = stringify(1),\
- },{\
- .driver = "virtio-serial-pci",\
- .property = "vectors",\
- .value = stringify(0),\
- }
-
-static QEMUMachine pc_machine_v0_12 = {
- .name = "pc-0.12",
- .desc = "Standard PC",
- .init = pc_init_pci_no_kvmclock,
- .max_cpus = 255,
- .compat_props = (GlobalProperty[]) {
- PC_COMPAT_0_12,
- {
- .driver = "VGA",
- .property = "rombar",
- .value = stringify(0),
- },{
- .driver = "vmware-svga",
- .property = "rombar",
- .value = stringify(0),
- },
- { /* end of list */ }
- },
- .hw_version = "0.12",
-};
-
-#define PC_COMPAT_0_11 \
- PC_COMPAT_0_12,\
- {\
- .driver = "virtio-blk-pci",\
- .property = "vectors",\
- .value = stringify(0),\
- },{\
- .driver = TYPE_PCI_DEVICE,\
- .property = "rombar",\
- .value = stringify(0),\
- }
-
-static QEMUMachine pc_machine_v0_11 = {
- .name = "pc-0.11",
- .desc = "Standard PC, qemu 0.11",
- .init = pc_init_pci_no_kvmclock,
- .max_cpus = 255,
- .compat_props = (GlobalProperty[]) {
- PC_COMPAT_0_11,
- {
- .driver = "ide-drive",
- .property = "ver",
- .value = "0.11",
- },{
- .driver = "scsi-disk",
- .property = "ver",
- .value = "0.11",
- },
- { /* end of list */ }
- },
- .hw_version = "0.11",
-};
-
-static QEMUMachine pc_machine_v0_10 = {
- .name = "pc-0.10",
- .desc = "Standard PC, qemu 0.10",
- .init = pc_init_pci_no_kvmclock,
- .max_cpus = 255,
- .compat_props = (GlobalProperty[]) {
- PC_COMPAT_0_11,
- {
- .driver = "virtio-blk-pci",
- .property = "class",
- .value = stringify(PCI_CLASS_STORAGE_OTHER),
- },{
- .driver = "virtio-serial-pci",
- .property = "class",
- .value = stringify(PCI_CLASS_DISPLAY_OTHER),
- },{
- .driver = "virtio-net-pci",
- .property = "vectors",
- .value = stringify(0),
- },{
- .driver = "ide-drive",
- .property = "ver",
- .value = "0.10",
- },{
- .driver = "scsi-disk",
- .property = "ver",
- .value = "0.10",
- },
- { /* end of list */ }
- },
- .hw_version = "0.10",
-};
-
-static QEMUMachine isapc_machine = {
- .name = "isapc",
- .desc = "ISA-only PC",
- .init = pc_init_isa,
- .max_cpus = 1,
- .compat_props = (GlobalProperty[]) {
- {
- .driver = "pc-sysfw",
- .property = "rom_only",
- .value = stringify(1),
- },
- { /* end of list */ }
- },
-};
-
-#ifdef CONFIG_XEN
-static QEMUMachine xenfv_machine = {
- .name = "xenfv",
- .desc = "Xen Fully-virtualized PC",
- .init = pc_xen_hvm_init,
- .max_cpus = HVM_MAX_VCPUS,
- .default_machine_opts = "accel=xen",
-};
-#endif
-
-static void pc_machine_init(void)
-{
- qemu_register_machine(&pc_machine_v1_3);
- qemu_register_machine(&pc_machine_v1_2);
- qemu_register_machine(&pc_machine_v1_1);
- qemu_register_machine(&pc_machine_v1_0);
- qemu_register_machine(&pc_machine_v0_15);
- qemu_register_machine(&pc_machine_v0_14);
- qemu_register_machine(&pc_machine_v0_13);
- qemu_register_machine(&pc_machine_v0_12);
- qemu_register_machine(&pc_machine_v0_11);
- qemu_register_machine(&pc_machine_v0_10);
- qemu_register_machine(&isapc_machine);
-#ifdef CONFIG_XEN
- qemu_register_machine(&xenfv_machine);
-#endif
-}
-
-machine_init(pc_machine_init);
diff --git a/hw/pc_q35.c b/hw/pc_q35.c
deleted file mode 100644
index 3429a9ae8..000000000
--- a/hw/pc_q35.c
+++ /dev/null
@@ -1,223 +0,0 @@
-/*
- * Q35 chipset based pc system emulator
- *
- * Copyright (c) 2003-2004 Fabrice Bellard
- * Copyright (c) 2009, 2010
- * Isaku Yamahata <yamahata at valinux co jp>
- * VA Linux Systems Japan K.K.
- * Copyright (C) 2012 Jason Baron <jbaron@redhat.com>
- *
- * This is based on pc.c, but heavily modified.
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
- * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
- * THE SOFTWARE.
- */
-#include "hw.h"
-#include "arch_init.h"
-#include "smbus.h"
-#include "boards.h"
-#include "mc146818rtc.h"
-#include "xen.h"
-#include "kvm.h"
-#include "kvm/clock.h"
-#include "q35.h"
-#include "exec-memory.h"
-#include "ich9.h"
-#include "hw/ide/pci.h"
-#include "hw/ide/ahci.h"
-#include "hw/usb.h"
-
-/* ICH9 AHCI has 6 ports */
-#define MAX_SATA_PORTS 6
-
-/* set CMOS shutdown status register (index 0xF) as S3_resume(0xFE)
- * BIOS will read it and start S3 resume at POST Entry */
-static void pc_cmos_set_s3_resume(void *opaque, int irq, int level)
-{
- ISADevice *s = opaque;
-
- if (level) {
- rtc_set_memory(s, 0xF, 0xFE);
- }
-}
-
-/* PC hardware initialisation */
-static void pc_q35_init(QEMUMachineInitArgs *args)
-{
- ram_addr_t ram_size = args->ram_size;
- const char *cpu_model = args->cpu_model;
- const char *kernel_filename = args->kernel_filename;
- const char *kernel_cmdline = args->kernel_cmdline;
- const char *initrd_filename = args->initrd_filename;
- const char *boot_device = args->boot_device;
- ram_addr_t below_4g_mem_size, above_4g_mem_size;
- Q35PCIHost *q35_host;
- PCIBus *host_bus;
- PCIDevice *lpc;
- BusState *idebus[MAX_SATA_PORTS];
- ISADevice *rtc_state;
- ISADevice *floppy;
- MemoryRegion *pci_memory;
- MemoryRegion *rom_memory;
- MemoryRegion *ram_memory;
- GSIState *gsi_state;
- ISABus *isa_bus;
- int pci_enabled = 1;
- qemu_irq *cpu_irq;
- qemu_irq *gsi;
- qemu_irq *i8259;
- int i;
- ICH9LPCState *ich9_lpc;
- PCIDevice *ahci;
- qemu_irq *cmos_s3;
-
- pc_cpus_init(cpu_model);
-
- kvmclock_create();
-
- if (ram_size >= 0xb0000000) {
- above_4g_mem_size = ram_size - 0xb0000000;
- below_4g_mem_size = 0xb0000000;
- } else {
- above_4g_mem_size = 0;
- below_4g_mem_size = ram_size;
- }
-
- /* pci enabled */
- if (pci_enabled) {
- pci_memory = g_new(MemoryRegion, 1);
- memory_region_init(pci_memory, "pci", INT64_MAX);
- rom_memory = pci_memory;
- } else {
- pci_memory = NULL;
- rom_memory = get_system_memory();
- }
-
- /* allocate ram and load rom/bios */
- if (!xen_enabled()) {
- pc_memory_init(get_system_memory(), kernel_filename, kernel_cmdline,
- initrd_filename, below_4g_mem_size, above_4g_mem_size,
- rom_memory, &ram_memory);
- }
-
- /* irq lines */
- gsi_state = g_malloc0(sizeof(*gsi_state));
- if (kvm_irqchip_in_kernel()) {
- kvm_pc_setup_irq_routing(pci_enabled);
- gsi = qemu_allocate_irqs(kvm_pc_gsi_handler, gsi_state,
- GSI_NUM_PINS);
- } else {
- gsi = qemu_allocate_irqs(gsi_handler, gsi_state, GSI_NUM_PINS);
- }
-
- /* create pci host bus */
- q35_host = Q35_HOST_DEVICE(qdev_create(NULL, TYPE_Q35_HOST_DEVICE));
-
- q35_host->mch.ram_memory = ram_memory;
- q35_host->mch.pci_address_space = pci_memory;
- q35_host->mch.system_memory = get_system_memory();
- q35_host->mch.address_space_io = get_system_io();;
- q35_host->mch.below_4g_mem_size = below_4g_mem_size;
- q35_host->mch.above_4g_mem_size = above_4g_mem_size;
- /* pci */
- qdev_init_nofail(DEVICE(q35_host));
- host_bus = q35_host->host.pci.bus;
- /* create ISA bus */
- lpc = pci_create_simple_multifunction(host_bus, PCI_DEVFN(ICH9_LPC_DEV,
- ICH9_LPC_FUNC), true,
- TYPE_ICH9_LPC_DEVICE);
- ich9_lpc = ICH9_LPC_DEVICE(lpc);
- ich9_lpc->pic = gsi;
- ich9_lpc->ioapic = gsi_state->ioapic_irq;
- pci_bus_irqs(host_bus, ich9_lpc_set_irq, ich9_lpc_map_irq, ich9_lpc,
- ICH9_LPC_NB_PIRQS);
- isa_bus = ich9_lpc->isa_bus;
-
- /*end early*/
- isa_bus_irqs(isa_bus, gsi);
-
- if (kvm_irqchip_in_kernel()) {
- i8259 = kvm_i8259_init(isa_bus);
- } else if (xen_enabled()) {
- i8259 = xen_interrupt_controller_init();
- } else {
- cpu_irq = pc_allocate_cpu_irq();
- i8259 = i8259_init(isa_bus, cpu_irq[0]);
- }
-
- for (i = 0; i < ISA_NUM_IRQS; i++) {
- gsi_state->i8259_irq[i] = i8259[i];
- }
- if (pci_enabled) {
- ioapic_init_gsi(gsi_state, NULL);
- }
-
- pc_register_ferr_irq(gsi[13]);
-
- /* init basic PC hardware */
- pc_basic_device_init(isa_bus, gsi, &rtc_state, &floppy, false);
-
- /* connect pm stuff to lpc */
- cmos_s3 = qemu_allocate_irqs(pc_cmos_set_s3_resume, rtc_state, 1);
- ich9_lpc_pm_init(lpc, *cmos_s3);
-
- /* ahci and SATA device, for q35 1 ahci controller is built-in */
- ahci = pci_create_simple_multifunction(host_bus,
- PCI_DEVFN(ICH9_SATA1_DEV,
- ICH9_SATA1_FUNC),
- true, "ich9-ahci");
- idebus[0] = qdev_get_child_bus(&ahci->qdev, "ide.0");
- idebus[1] = qdev_get_child_bus(&ahci->qdev, "ide.1");
-
- if (usb_enabled(false)) {
- /* Should we create 6 UHCI according to ich9 spec? */
- ehci_create_ich9_with_companions(host_bus, 0x1d);
- }
-
- /* TODO: Populate SPD eeprom data. */
- smbus_eeprom_init(ich9_smb_init(host_bus,
- PCI_DEVFN(ICH9_SMB_DEV, ICH9_SMB_FUNC),
- 0xb100),
- 8, NULL, 0);
-
- pc_cmos_init(below_4g_mem_size, above_4g_mem_size, boot_device,
- floppy, idebus[0], idebus[1], rtc_state);
-
- /* the rest devices to which pci devfn is automatically assigned */
- pc_vga_init(isa_bus, host_bus);
- audio_init(isa_bus, host_bus);
- pc_nic_init(isa_bus, host_bus);
- if (pci_enabled) {
- pc_pci_device_init(host_bus);
- }
-}
-
-static QEMUMachine pc_q35_machine = {
- .name = "q35-next",
- .alias = "q35",
- .desc = "Q35 chipset PC",
- .init = pc_q35_init,
- .max_cpus = 255,
-};
-
-static void pc_q35_machine_init(void)
-{
- qemu_register_machine(&pc_q35_machine);
-}
-
-machine_init(pc_q35_machine_init);
diff --git a/hw/pc_sysfw.c b/hw/pc_sysfw.c
deleted file mode 100644
index 9d7c5f400..000000000
--- a/hw/pc_sysfw.c
+++ /dev/null
@@ -1,266 +0,0 @@
-/*
- * QEMU PC System Firmware
- *
- * Copyright (c) 2003-2004 Fabrice Bellard
- * Copyright (c) 2011-2012 Intel Corporation
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
- * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
- * THE SOFTWARE.
- */
-
-#include "blockdev.h"
-#include "sysbus.h"
-#include "hw.h"
-#include "pc.h"
-#include "hw/boards.h"
-#include "loader.h"
-#include "sysemu.h"
-#include "flash.h"
-#include "kvm.h"
-
-#define BIOS_FILENAME "bios.bin"
-
-typedef struct PcSysFwDevice {
- SysBusDevice busdev;
- uint8_t rom_only;
-} PcSysFwDevice;
-
-static void pc_isa_bios_init(MemoryRegion *rom_memory,
- MemoryRegion *flash_mem,
- int ram_size)
-{
- int isa_bios_size;
- MemoryRegion *isa_bios;
- uint64_t flash_size;
- void *flash_ptr, *isa_bios_ptr;
-
- flash_size = memory_region_size(flash_mem);
-
- /* map the last 128KB of the BIOS in ISA space */
- isa_bios_size = flash_size;
- if (isa_bios_size > (128 * 1024)) {
- isa_bios_size = 128 * 1024;
- }
- isa_bios = g_malloc(sizeof(*isa_bios));
- memory_region_init_ram(isa_bios, "isa-bios", isa_bios_size);
- vmstate_register_ram_global(isa_bios);
- memory_region_add_subregion_overlap(rom_memory,
- 0x100000 - isa_bios_size,
- isa_bios,
- 1);
-
- /* copy ISA rom image from top of flash memory */
- flash_ptr = memory_region_get_ram_ptr(flash_mem);
- isa_bios_ptr = memory_region_get_ram_ptr(isa_bios);
- memcpy(isa_bios_ptr,
- ((uint8_t*)flash_ptr) + (flash_size - isa_bios_size),
- isa_bios_size);
-
- memory_region_set_readonly(isa_bios, true);
-}
-
-static void pc_fw_add_pflash_drv(void)
-{
- QemuOpts *opts;
- QEMUMachine *machine;
- char *filename;
-
- if (bios_name == NULL) {
- bios_name = BIOS_FILENAME;
- }
- filename = qemu_find_file(QEMU_FILE_TYPE_BIOS, bios_name);
-
- opts = drive_add(IF_PFLASH, -1, filename, "readonly=on");
-
- g_free(filename);
-
- if (opts == NULL) {
- return;
- }
-
- machine = find_default_machine();
- if (machine == NULL) {
- return;
- }
-
- drive_init(opts, machine->use_scsi);
-}
-
-static void pc_system_flash_init(MemoryRegion *rom_memory,
- DriveInfo *pflash_drv)
-{
- BlockDriverState *bdrv;
- int64_t size;
- hwaddr phys_addr;
- int sector_bits, sector_size;
- pflash_t *system_flash;
- MemoryRegion *flash_mem;
-
- bdrv = pflash_drv->bdrv;
- size = bdrv_getlength(pflash_drv->bdrv);
- sector_bits = 12;
- sector_size = 1 << sector_bits;
-
- if ((size % sector_size) != 0) {
- fprintf(stderr,
- "qemu: PC system firmware (pflash) must be a multiple of 0x%x\n",
- sector_size);
- exit(1);
- }
-
- phys_addr = 0x100000000ULL - size;
- system_flash = pflash_cfi01_register(phys_addr, NULL, "system.flash", size,
- bdrv, sector_size, size >> sector_bits,
- 1, 0x0000, 0x0000, 0x0000, 0x0000, 0);
- flash_mem = pflash_cfi01_get_memory(system_flash);
-
- pc_isa_bios_init(rom_memory, flash_mem, size);
-}
-
-static void old_pc_system_rom_init(MemoryRegion *rom_memory)
-{
- char *filename;
- MemoryRegion *bios, *isa_bios;
- int bios_size, isa_bios_size;
- int ret;
-
- /* BIOS load */
- if (bios_name == NULL) {
- bios_name = BIOS_FILENAME;
- }
- filename = qemu_find_file(QEMU_FILE_TYPE_BIOS, bios_name);
- if (filename) {
- bios_size = get_image_size(filename);
- } else {
- bios_size = -1;
- }
- if (bios_size <= 0 ||
- (bios_size % 65536) != 0) {
- goto bios_error;
- }
- bios = g_malloc(sizeof(*bios));
- memory_region_init_ram(bios, "pc.bios", bios_size);
- vmstate_register_ram_global(bios);
- memory_region_set_readonly(bios, true);
- ret = rom_add_file_fixed(bios_name, (uint32_t)(-bios_size), -1);
- if (ret != 0) {
- bios_error:
- fprintf(stderr, "qemu: could not load PC BIOS '%s'\n", bios_name);
- exit(1);
- }
- if (filename) {
- g_free(filename);
- }
-
- /* map the last 128KB of the BIOS in ISA space */
- isa_bios_size = bios_size;
- if (isa_bios_size > (128 * 1024)) {
- isa_bios_size = 128 * 1024;
- }
- isa_bios = g_malloc(sizeof(*isa_bios));
- memory_region_init_alias(isa_bios, "isa-bios", bios,
- bios_size - isa_bios_size, isa_bios_size);
- memory_region_add_subregion_overlap(rom_memory,
- 0x100000 - isa_bios_size,
- isa_bios,
- 1);
- memory_region_set_readonly(isa_bios, true);
-
- /* map all the bios at the top of memory */
- memory_region_add_subregion(rom_memory,
- (uint32_t)(-bios_size),
- bios);
-}
-
-void pc_system_firmware_init(MemoryRegion *rom_memory)
-{
- DriveInfo *pflash_drv;
- PcSysFwDevice *sysfw_dev;
-
- sysfw_dev = (PcSysFwDevice*) qdev_create(NULL, "pc-sysfw");
-
- qdev_init_nofail(DEVICE(sysfw_dev));
-
- if (sysfw_dev->rom_only) {
- old_pc_system_rom_init(rom_memory);
- return;
- }
-
- pflash_drv = drive_get(IF_PFLASH, 0, 0);
-
- /* Currently KVM cannot execute from device memory.
- Use old rom based firmware initialization for KVM. */
- if (kvm_enabled()) {
- if (pflash_drv != NULL) {
- fprintf(stderr, "qemu: pflash cannot be used with kvm enabled\n");
- exit(1);
- } else {
- sysfw_dev->rom_only = 1;
- old_pc_system_rom_init(rom_memory);
- return;
- }
- }
-
- /* If a pflash drive is not found, then create one using
- the bios filename. */
- if (pflash_drv == NULL) {
- pc_fw_add_pflash_drv();
- pflash_drv = drive_get(IF_PFLASH, 0, 0);
- }
-
- if (pflash_drv != NULL) {
- pc_system_flash_init(rom_memory, pflash_drv);
- } else {
- fprintf(stderr, "qemu: PC system firmware (pflash) not available\n");
- exit(1);
- }
-}
-
-static Property pcsysfw_properties[] = {
- DEFINE_PROP_UINT8("rom_only", PcSysFwDevice, rom_only, 0),
- DEFINE_PROP_END_OF_LIST(),
-};
-
-static int pcsysfw_init(DeviceState *dev)
-{
- return 0;
-}
-
-static void pcsysfw_class_init (ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS (klass);
-
- dc->desc = "PC System Firmware";
- dc->init = pcsysfw_init;
- dc->props = pcsysfw_properties;
-}
-
-static TypeInfo pcsysfw_info = {
- .name = "pc-sysfw",
- .parent = TYPE_SYS_BUS_DEVICE,
- .instance_size = sizeof (PcSysFwDevice),
- .class_init = pcsysfw_class_init,
-};
-
-static void pcsysfw_register (void)
-{
- type_register_static (&pcsysfw_info);
-}
-
-type_init (pcsysfw_register);
-
diff --git a/hw/pci-bridge/Makefile.objs b/hw/pci-bridge/Makefile.objs
new file mode 100644
index 000000000..968b3694a
--- /dev/null
+++ b/hw/pci-bridge/Makefile.objs
@@ -0,0 +1,5 @@
+common-obj-y += pci_bridge_dev.o
+common-obj-y += ioh3420.o xio3130_upstream.o xio3130_downstream.o
+common-obj-y += i82801b11.o
+# NewWorld PowerMac
+common-obj-$(CONFIG_DEC_PCI) += dec.o
diff --git a/hw/pci-bridge/dec.c b/hw/pci-bridge/dec.c
new file mode 100644
index 000000000..e5e3be829
--- /dev/null
+++ b/hw/pci-bridge/dec.c
@@ -0,0 +1,156 @@
+/*
+ * QEMU DEC 21154 PCI bridge
+ *
+ * Copyright (c) 2006-2007 Fabrice Bellard
+ * Copyright (c) 2007 Jocelyn Mayer
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+#include "dec.h"
+#include "hw/sysbus.h"
+#include "hw/pci/pci.h"
+#include "hw/pci/pci_host.h"
+#include "hw/pci/pci_bridge.h"
+#include "hw/pci/pci_bus.h"
+
+/* debug DEC */
+//#define DEBUG_DEC
+
+#ifdef DEBUG_DEC
+#define DEC_DPRINTF(fmt, ...) \
+ do { printf("DEC: " fmt , ## __VA_ARGS__); } while (0)
+#else
+#define DEC_DPRINTF(fmt, ...)
+#endif
+
+#define DEC_21154(obj) OBJECT_CHECK(DECState, (obj), TYPE_DEC_21154)
+
+typedef struct DECState {
+ PCIHostState parent_obj;
+} DECState;
+
+static int dec_map_irq(PCIDevice *pci_dev, int irq_num)
+{
+ return irq_num;
+}
+
+static int dec_pci_bridge_initfn(PCIDevice *pci_dev)
+{
+ return pci_bridge_initfn(pci_dev, TYPE_PCI_BUS);
+}
+
+static void dec_21154_pci_bridge_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ PCIDeviceClass *k = PCI_DEVICE_CLASS(klass);
+
+ k->init = dec_pci_bridge_initfn;
+ k->exit = pci_bridge_exitfn;
+ k->vendor_id = PCI_VENDOR_ID_DEC;
+ k->device_id = PCI_DEVICE_ID_DEC_21154;
+ k->config_write = pci_bridge_write_config;
+ k->is_bridge = 1;
+ dc->desc = "DEC 21154 PCI-PCI bridge";
+ dc->reset = pci_bridge_reset;
+ dc->vmsd = &vmstate_pci_device;
+}
+
+static const TypeInfo dec_21154_pci_bridge_info = {
+ .name = "dec-21154-p2p-bridge",
+ .parent = TYPE_PCI_BRIDGE,
+ .instance_size = sizeof(PCIBridge),
+ .class_init = dec_21154_pci_bridge_class_init,
+};
+
+PCIBus *pci_dec_21154_init(PCIBus *parent_bus, int devfn)
+{
+ PCIDevice *dev;
+ PCIBridge *br;
+
+ dev = pci_create_multifunction(parent_bus, devfn, false,
+ "dec-21154-p2p-bridge");
+ br = PCI_BRIDGE(dev);
+ pci_bridge_map_irq(br, "DEC 21154 PCI-PCI bridge", dec_map_irq);
+ qdev_init_nofail(&dev->qdev);
+ return pci_bridge_get_sec_bus(br);
+}
+
+static int pci_dec_21154_device_init(SysBusDevice *dev)
+{
+ PCIHostState *phb;
+
+ phb = PCI_HOST_BRIDGE(dev);
+
+ memory_region_init_io(&phb->conf_mem, OBJECT(dev), &pci_host_conf_le_ops,
+ dev, "pci-conf-idx", 0x1000);
+ memory_region_init_io(&phb->data_mem, OBJECT(dev), &pci_host_data_le_ops,
+ dev, "pci-data-idx", 0x1000);
+ sysbus_init_mmio(dev, &phb->conf_mem);
+ sysbus_init_mmio(dev, &phb->data_mem);
+ return 0;
+}
+
+static int dec_21154_pci_host_init(PCIDevice *d)
+{
+ /* PCI2PCI bridge same values as PearPC - check this */
+ return 0;
+}
+
+static void dec_21154_pci_host_class_init(ObjectClass *klass, void *data)
+{
+ PCIDeviceClass *k = PCI_DEVICE_CLASS(klass);
+
+ k->init = dec_21154_pci_host_init;
+ k->vendor_id = PCI_VENDOR_ID_DEC;
+ k->device_id = PCI_DEVICE_ID_DEC_21154;
+ k->revision = 0x02;
+ k->class_id = PCI_CLASS_BRIDGE_PCI;
+ k->is_bridge = 1;
+}
+
+static const TypeInfo dec_21154_pci_host_info = {
+ .name = "dec-21154",
+ .parent = TYPE_PCI_DEVICE,
+ .instance_size = sizeof(PCIDevice),
+ .class_init = dec_21154_pci_host_class_init,
+};
+
+static void pci_dec_21154_device_class_init(ObjectClass *klass, void *data)
+{
+ SysBusDeviceClass *sdc = SYS_BUS_DEVICE_CLASS(klass);
+
+ sdc->init = pci_dec_21154_device_init;
+}
+
+static const TypeInfo pci_dec_21154_device_info = {
+ .name = TYPE_DEC_21154,
+ .parent = TYPE_PCI_HOST_BRIDGE,
+ .instance_size = sizeof(DECState),
+ .class_init = pci_dec_21154_device_class_init,
+};
+
+static void dec_register_types(void)
+{
+ type_register_static(&pci_dec_21154_device_info);
+ type_register_static(&dec_21154_pci_host_info);
+ type_register_static(&dec_21154_pci_bridge_info);
+}
+
+type_init(dec_register_types)
diff --git a/hw/dec_pci.h b/hw/pci-bridge/dec.h
index 17dc0c2b0..17dc0c2b0 100644
--- a/hw/dec_pci.h
+++ b/hw/pci-bridge/dec.h
diff --git a/hw/pci-bridge/i82801b11.c b/hw/pci-bridge/i82801b11.c
new file mode 100644
index 000000000..14cd7fd40
--- /dev/null
+++ b/hw/pci-bridge/i82801b11.c
@@ -0,0 +1,130 @@
+/*
+ * Copyright (c) 2006 Fabrice Bellard
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+/*
+ * QEMU i82801b11 dmi-to-pci Bridge Emulation
+ *
+ * Copyright (c) 2009, 2010, 2011
+ * Isaku Yamahata <yamahata at valinux co jp>
+ * VA Linux Systems Japan K.K.
+ * Copyright (C) 2012 Jason Baron <jbaron@redhat.com>
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, see <http://www.gnu.org/licenses/>
+ */
+
+#include "hw/pci/pci.h"
+#include "hw/i386/ich9.h"
+
+
+/*****************************************************************************/
+/* ICH9 DMI-to-PCI bridge */
+#define I82801ba_SSVID_OFFSET 0x50
+#define I82801ba_SSVID_SVID 0
+#define I82801ba_SSVID_SSID 0
+
+typedef struct I82801b11Bridge {
+ /*< private >*/
+ PCIBridge parent_obj;
+ /*< public >*/
+} I82801b11Bridge;
+
+static int i82801b11_bridge_initfn(PCIDevice *d)
+{
+ int rc;
+
+ rc = pci_bridge_initfn(d, TYPE_PCI_BUS);
+ if (rc < 0) {
+ return rc;
+ }
+
+ rc = pci_bridge_ssvid_init(d, I82801ba_SSVID_OFFSET,
+ I82801ba_SSVID_SVID, I82801ba_SSVID_SSID);
+ if (rc < 0) {
+ goto err_bridge;
+ }
+ pci_config_set_prog_interface(d->config, PCI_CLASS_BRIDGE_PCI_INF_SUB);
+ return 0;
+
+err_bridge:
+ pci_bridge_exitfn(d);
+
+ return rc;
+}
+
+static void i82801b11_bridge_class_init(ObjectClass *klass, void *data)
+{
+ PCIDeviceClass *k = PCI_DEVICE_CLASS(klass);
+ DeviceClass *dc = DEVICE_CLASS(klass);
+
+ k->is_bridge = 1;
+ k->vendor_id = PCI_VENDOR_ID_INTEL;
+ k->device_id = PCI_DEVICE_ID_INTEL_82801BA_11;
+ k->revision = ICH9_D2P_A2_REVISION;
+ k->init = i82801b11_bridge_initfn;
+ k->config_write = pci_bridge_write_config;
+ set_bit(DEVICE_CATEGORY_BRIDGE, dc->categories);
+}
+
+static const TypeInfo i82801b11_bridge_info = {
+ .name = "i82801b11-bridge",
+ .parent = TYPE_PCI_BRIDGE,
+ .instance_size = sizeof(I82801b11Bridge),
+ .class_init = i82801b11_bridge_class_init,
+};
+
+PCIBus *ich9_d2pbr_init(PCIBus *bus, int devfn, int sec_bus)
+{
+ PCIDevice *d;
+ PCIBridge *br;
+ char buf[16];
+ DeviceState *qdev;
+
+ d = pci_create_multifunction(bus, devfn, true, "i82801b11-bridge");
+ if (!d) {
+ return NULL;
+ }
+ br = PCI_BRIDGE(d);
+ qdev = DEVICE(d);
+
+ snprintf(buf, sizeof(buf), "pci.%d", sec_bus);
+ pci_bridge_map_irq(br, buf, pci_swizzle_map_irq_fn);
+ qdev_init_nofail(qdev);
+
+ return pci_bridge_get_sec_bus(br);
+}
+
+static void d2pbr_register(void)
+{
+ type_register_static(&i82801b11_bridge_info);
+}
+
+type_init(d2pbr_register);
diff --git a/hw/pci-bridge/ioh3420.c b/hw/pci-bridge/ioh3420.c
new file mode 100644
index 000000000..0f7f2092a
--- /dev/null
+++ b/hw/pci-bridge/ioh3420.c
@@ -0,0 +1,236 @@
+/*
+ * ioh3420.c
+ * Intel X58 north bridge IOH
+ * PCI Express root port device id 3420
+ *
+ * Copyright (c) 2010 Isaku Yamahata <yamahata at valinux co jp>
+ * VA Linux Systems Japan K.K.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "hw/pci/pci_ids.h"
+#include "hw/pci/msi.h"
+#include "hw/pci/pcie.h"
+#include "ioh3420.h"
+
+#define PCI_DEVICE_ID_IOH_EPORT 0x3420 /* D0:F0 express mode */
+#define PCI_DEVICE_ID_IOH_REV 0x2
+#define IOH_EP_SSVID_OFFSET 0x40
+#define IOH_EP_SSVID_SVID PCI_VENDOR_ID_INTEL
+#define IOH_EP_SSVID_SSID 0
+#define IOH_EP_MSI_OFFSET 0x60
+#define IOH_EP_MSI_SUPPORTED_FLAGS PCI_MSI_FLAGS_MASKBIT
+#define IOH_EP_MSI_NR_VECTOR 2
+#define IOH_EP_EXP_OFFSET 0x90
+#define IOH_EP_AER_OFFSET 0x100
+
+/*
+ * If two MSI vector are allocated, Advanced Error Interrupt Message Number
+ * is 1. otherwise 0.
+ * 17.12.5.10 RPERRSTS, 32:27 bit Advanced Error Interrupt Message Number.
+ */
+static uint8_t ioh3420_aer_vector(const PCIDevice *d)
+{
+ switch (msi_nr_vectors_allocated(d)) {
+ case 1:
+ return 0;
+ case 2:
+ return 1;
+ case 4:
+ case 8:
+ case 16:
+ case 32:
+ default:
+ break;
+ }
+ abort();
+ return 0;
+}
+
+static void ioh3420_aer_vector_update(PCIDevice *d)
+{
+ pcie_aer_root_set_vector(d, ioh3420_aer_vector(d));
+}
+
+static void ioh3420_write_config(PCIDevice *d,
+ uint32_t address, uint32_t val, int len)
+{
+ uint32_t root_cmd =
+ pci_get_long(d->config + d->exp.aer_cap + PCI_ERR_ROOT_COMMAND);
+
+ pci_bridge_write_config(d, address, val, len);
+ ioh3420_aer_vector_update(d);
+ pcie_cap_slot_write_config(d, address, val, len);
+ pcie_aer_write_config(d, address, val, len);
+ pcie_aer_root_write_config(d, address, val, len, root_cmd);
+}
+
+static void ioh3420_reset(DeviceState *qdev)
+{
+ PCIDevice *d = PCI_DEVICE(qdev);
+
+ ioh3420_aer_vector_update(d);
+ pcie_cap_root_reset(d);
+ pcie_cap_deverr_reset(d);
+ pcie_cap_slot_reset(d);
+ pcie_aer_root_reset(d);
+ pci_bridge_reset(qdev);
+ pci_bridge_disable_base_limit(d);
+}
+
+static int ioh3420_initfn(PCIDevice *d)
+{
+ PCIEPort *p = PCIE_PORT(d);
+ PCIESlot *s = PCIE_SLOT(d);
+ int rc;
+
+ rc = pci_bridge_initfn(d, TYPE_PCIE_BUS);
+ if (rc < 0) {
+ return rc;
+ }
+
+ pcie_port_init_reg(d);
+
+ rc = pci_bridge_ssvid_init(d, IOH_EP_SSVID_OFFSET,
+ IOH_EP_SSVID_SVID, IOH_EP_SSVID_SSID);
+ if (rc < 0) {
+ goto err_bridge;
+ }
+ rc = msi_init(d, IOH_EP_MSI_OFFSET, IOH_EP_MSI_NR_VECTOR,
+ IOH_EP_MSI_SUPPORTED_FLAGS & PCI_MSI_FLAGS_64BIT,
+ IOH_EP_MSI_SUPPORTED_FLAGS & PCI_MSI_FLAGS_MASKBIT);
+ if (rc < 0) {
+ goto err_bridge;
+ }
+ rc = pcie_cap_init(d, IOH_EP_EXP_OFFSET, PCI_EXP_TYPE_ROOT_PORT, p->port);
+ if (rc < 0) {
+ goto err_msi;
+ }
+ pcie_cap_deverr_init(d);
+ pcie_cap_slot_init(d, s->slot);
+ pcie_chassis_create(s->chassis);
+ rc = pcie_chassis_add_slot(s);
+ if (rc < 0) {
+ goto err_pcie_cap;
+ }
+ pcie_cap_root_init(d);
+ rc = pcie_aer_init(d, IOH_EP_AER_OFFSET);
+ if (rc < 0) {
+ goto err;
+ }
+ pcie_aer_root_init(d);
+ ioh3420_aer_vector_update(d);
+ return 0;
+
+err:
+ pcie_chassis_del_slot(s);
+err_pcie_cap:
+ pcie_cap_exit(d);
+err_msi:
+ msi_uninit(d);
+err_bridge:
+ pci_bridge_exitfn(d);
+ return rc;
+}
+
+static void ioh3420_exitfn(PCIDevice *d)
+{
+ PCIESlot *s = PCIE_SLOT(d);
+
+ pcie_aer_exit(d);
+ pcie_chassis_del_slot(s);
+ pcie_cap_exit(d);
+ msi_uninit(d);
+ pci_bridge_exitfn(d);
+}
+
+PCIESlot *ioh3420_init(PCIBus *bus, int devfn, bool multifunction,
+ const char *bus_name, pci_map_irq_fn map_irq,
+ uint8_t port, uint8_t chassis, uint16_t slot)
+{
+ PCIDevice *d;
+ PCIBridge *br;
+ DeviceState *qdev;
+
+ d = pci_create_multifunction(bus, devfn, multifunction, "ioh3420");
+ if (!d) {
+ return NULL;
+ }
+ br = PCI_BRIDGE(d);
+
+ qdev = DEVICE(d);
+ pci_bridge_map_irq(br, bus_name, map_irq);
+ qdev_prop_set_uint8(qdev, "port", port);
+ qdev_prop_set_uint8(qdev, "chassis", chassis);
+ qdev_prop_set_uint16(qdev, "slot", slot);
+ qdev_init_nofail(qdev);
+
+ return PCIE_SLOT(d);
+}
+
+static const VMStateDescription vmstate_ioh3420 = {
+ .name = "ioh-3240-express-root-port",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .minimum_version_id_old = 1,
+ .post_load = pcie_cap_slot_post_load,
+ .fields = (VMStateField[]) {
+ VMSTATE_PCIE_DEVICE(parent_obj.parent_obj.parent_obj, PCIESlot),
+ VMSTATE_STRUCT(parent_obj.parent_obj.parent_obj.exp.aer_log,
+ PCIESlot, 0, vmstate_pcie_aer_log, PCIEAERLog),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+static void ioh3420_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ PCIDeviceClass *k = PCI_DEVICE_CLASS(klass);
+
+ k->is_express = 1;
+ k->is_bridge = 1;
+ k->config_write = ioh3420_write_config;
+ k->init = ioh3420_initfn;
+ k->exit = ioh3420_exitfn;
+ k->vendor_id = PCI_VENDOR_ID_INTEL;
+ k->device_id = PCI_DEVICE_ID_IOH_EPORT;
+ k->revision = PCI_DEVICE_ID_IOH_REV;
+ set_bit(DEVICE_CATEGORY_BRIDGE, dc->categories);
+ dc->desc = "Intel IOH device id 3420 PCIE Root Port";
+ dc->reset = ioh3420_reset;
+ dc->vmsd = &vmstate_ioh3420;
+}
+
+static const TypeInfo ioh3420_info = {
+ .name = "ioh3420",
+ .parent = TYPE_PCIE_SLOT,
+ .class_init = ioh3420_class_init,
+};
+
+static void ioh3420_register_types(void)
+{
+ type_register_static(&ioh3420_info);
+}
+
+type_init(ioh3420_register_types)
+
+/*
+ * Local variables:
+ * c-indent-level: 4
+ * c-basic-offset: 4
+ * tab-width: 8
+ * indent-tab-mode: nil
+ * End:
+ */
diff --git a/hw/pci-bridge/ioh3420.h b/hw/pci-bridge/ioh3420.h
new file mode 100644
index 000000000..7776e5b02
--- /dev/null
+++ b/hw/pci-bridge/ioh3420.h
@@ -0,0 +1,10 @@
+#ifndef QEMU_IOH3420_H
+#define QEMU_IOH3420_H
+
+#include "hw/pci/pcie_port.h"
+
+PCIESlot *ioh3420_init(PCIBus *bus, int devfn, bool multifunction,
+ const char *bus_name, pci_map_irq_fn map_irq,
+ uint8_t port, uint8_t chassis, uint16_t slot);
+
+#endif /* QEMU_IOH3420_H */
diff --git a/hw/pci-bridge/pci_bridge_dev.c b/hw/pci-bridge/pci_bridge_dev.c
new file mode 100644
index 000000000..a9392c7bd
--- /dev/null
+++ b/hw/pci-bridge/pci_bridge_dev.c
@@ -0,0 +1,165 @@
+/*
+ * Standard PCI Bridge Device
+ *
+ * Copyright (c) 2011 Red Hat Inc. Author: Michael S. Tsirkin <mst@redhat.com>
+ *
+ * http://www.pcisig.com/specifications/conventional/pci_to_pci_bridge_architecture/
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "hw/pci/pci_bridge.h"
+#include "hw/pci/pci_ids.h"
+#include "hw/pci/msi.h"
+#include "hw/pci/shpc.h"
+#include "hw/pci/slotid_cap.h"
+#include "exec/memory.h"
+#include "hw/pci/pci_bus.h"
+
+#define TYPE_PCI_BRIDGE_DEV "pci-bridge"
+#define PCI_BRIDGE_DEV(obj) \
+ OBJECT_CHECK(PCIBridgeDev, (obj), TYPE_PCI_BRIDGE_DEV)
+
+struct PCIBridgeDev {
+ /*< private >*/
+ PCIBridge parent_obj;
+ /*< public >*/
+
+ MemoryRegion bar;
+ uint8_t chassis_nr;
+#define PCI_BRIDGE_DEV_F_MSI_REQ 0
+ uint32_t flags;
+};
+typedef struct PCIBridgeDev PCIBridgeDev;
+
+static int pci_bridge_dev_initfn(PCIDevice *dev)
+{
+ PCIBridge *br = PCI_BRIDGE(dev);
+ PCIBridgeDev *bridge_dev = PCI_BRIDGE_DEV(dev);
+ int err;
+
+ err = pci_bridge_initfn(dev, TYPE_PCI_BUS);
+ if (err) {
+ goto bridge_error;
+ }
+ memory_region_init(&bridge_dev->bar, OBJECT(dev), "shpc-bar", shpc_bar_size(dev));
+ err = shpc_init(dev, &br->sec_bus, &bridge_dev->bar, 0);
+ if (err) {
+ goto shpc_error;
+ }
+ err = slotid_cap_init(dev, 0, bridge_dev->chassis_nr, 0);
+ if (err) {
+ goto slotid_error;
+ }
+ if ((bridge_dev->flags & (1 << PCI_BRIDGE_DEV_F_MSI_REQ)) &&
+ msi_supported) {
+ err = msi_init(dev, 0, 1, true, true);
+ if (err < 0) {
+ goto msi_error;
+ }
+ }
+ /* TODO: spec recommends using 64 bit prefetcheable BAR.
+ * Check whether that works well. */
+ pci_register_bar(dev, 0, PCI_BASE_ADDRESS_SPACE_MEMORY |
+ PCI_BASE_ADDRESS_MEM_TYPE_64, &bridge_dev->bar);
+ dev->config[PCI_INTERRUPT_PIN] = 0x1;
+ return 0;
+msi_error:
+ slotid_cap_cleanup(dev);
+slotid_error:
+ shpc_cleanup(dev, &bridge_dev->bar);
+shpc_error:
+ memory_region_destroy(&bridge_dev->bar);
+ pci_bridge_exitfn(dev);
+bridge_error:
+ return err;
+}
+
+static void pci_bridge_dev_exitfn(PCIDevice *dev)
+{
+ PCIBridgeDev *bridge_dev = PCI_BRIDGE_DEV(dev);
+ if (msi_present(dev)) {
+ msi_uninit(dev);
+ }
+ slotid_cap_cleanup(dev);
+ shpc_cleanup(dev, &bridge_dev->bar);
+ memory_region_destroy(&bridge_dev->bar);
+ pci_bridge_exitfn(dev);
+}
+
+static void pci_bridge_dev_write_config(PCIDevice *d,
+ uint32_t address, uint32_t val, int len)
+{
+ pci_bridge_write_config(d, address, val, len);
+ if (msi_present(d)) {
+ msi_write_config(d, address, val, len);
+ }
+ shpc_cap_write_config(d, address, val, len);
+}
+
+static void qdev_pci_bridge_dev_reset(DeviceState *qdev)
+{
+ PCIDevice *dev = PCI_DEVICE(qdev);
+
+ pci_bridge_reset(qdev);
+ shpc_reset(dev);
+}
+
+static Property pci_bridge_dev_properties[] = {
+ /* Note: 0 is not a legal chassis number. */
+ DEFINE_PROP_UINT8("chassis_nr", PCIBridgeDev, chassis_nr, 0),
+ DEFINE_PROP_BIT("msi", PCIBridgeDev, flags, PCI_BRIDGE_DEV_F_MSI_REQ, true),
+ DEFINE_PROP_END_OF_LIST(),
+};
+
+static const VMStateDescription pci_bridge_dev_vmstate = {
+ .name = "pci_bridge",
+ .fields = (VMStateField[]) {
+ VMSTATE_PCI_DEVICE(parent_obj, PCIBridge),
+ SHPC_VMSTATE(shpc, PCIDevice),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+static void pci_bridge_dev_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ PCIDeviceClass *k = PCI_DEVICE_CLASS(klass);
+ k->init = pci_bridge_dev_initfn;
+ k->exit = pci_bridge_dev_exitfn;
+ k->config_write = pci_bridge_dev_write_config;
+ k->vendor_id = PCI_VENDOR_ID_REDHAT;
+ k->device_id = PCI_DEVICE_ID_REDHAT_BRIDGE;
+ k->class_id = PCI_CLASS_BRIDGE_PCI;
+ k->is_bridge = 1,
+ dc->desc = "Standard PCI Bridge";
+ dc->reset = qdev_pci_bridge_dev_reset;
+ dc->props = pci_bridge_dev_properties;
+ dc->vmsd = &pci_bridge_dev_vmstate;
+ set_bit(DEVICE_CATEGORY_BRIDGE, dc->categories);
+}
+
+static const TypeInfo pci_bridge_dev_info = {
+ .name = TYPE_PCI_BRIDGE_DEV,
+ .parent = TYPE_PCI_BRIDGE,
+ .instance_size = sizeof(PCIBridgeDev),
+ .class_init = pci_bridge_dev_class_init,
+};
+
+static void pci_bridge_dev_register(void)
+{
+ type_register_static(&pci_bridge_dev_info);
+}
+
+type_init(pci_bridge_dev_register);
diff --git a/hw/pci-bridge/xio3130_downstream.c b/hw/pci-bridge/xio3130_downstream.c
new file mode 100644
index 000000000..94f97819c
--- /dev/null
+++ b/hw/pci-bridge/xio3130_downstream.c
@@ -0,0 +1,203 @@
+/*
+ * x3130_downstream.c
+ * TI X3130 pci express downstream port switch
+ *
+ * Copyright (c) 2010 Isaku Yamahata <yamahata at valinux co jp>
+ * VA Linux Systems Japan K.K.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "hw/pci/pci_ids.h"
+#include "hw/pci/msi.h"
+#include "hw/pci/pcie.h"
+#include "xio3130_downstream.h"
+
+#define PCI_DEVICE_ID_TI_XIO3130D 0x8233 /* downstream port */
+#define XIO3130_REVISION 0x1
+#define XIO3130_MSI_OFFSET 0x70
+#define XIO3130_MSI_SUPPORTED_FLAGS PCI_MSI_FLAGS_64BIT
+#define XIO3130_MSI_NR_VECTOR 1
+#define XIO3130_SSVID_OFFSET 0x80
+#define XIO3130_SSVID_SVID 0
+#define XIO3130_SSVID_SSID 0
+#define XIO3130_EXP_OFFSET 0x90
+#define XIO3130_AER_OFFSET 0x100
+
+static void xio3130_downstream_write_config(PCIDevice *d, uint32_t address,
+ uint32_t val, int len)
+{
+ pci_bridge_write_config(d, address, val, len);
+ pcie_cap_flr_write_config(d, address, val, len);
+ pcie_cap_slot_write_config(d, address, val, len);
+ pcie_aer_write_config(d, address, val, len);
+}
+
+static void xio3130_downstream_reset(DeviceState *qdev)
+{
+ PCIDevice *d = PCI_DEVICE(qdev);
+
+ pcie_cap_deverr_reset(d);
+ pcie_cap_slot_reset(d);
+ pcie_cap_ari_reset(d);
+ pci_bridge_reset(qdev);
+}
+
+static int xio3130_downstream_initfn(PCIDevice *d)
+{
+ PCIEPort *p = PCIE_PORT(d);
+ PCIESlot *s = PCIE_SLOT(d);
+ int rc;
+
+ rc = pci_bridge_initfn(d, TYPE_PCIE_BUS);
+ if (rc < 0) {
+ return rc;
+ }
+
+ pcie_port_init_reg(d);
+
+ rc = msi_init(d, XIO3130_MSI_OFFSET, XIO3130_MSI_NR_VECTOR,
+ XIO3130_MSI_SUPPORTED_FLAGS & PCI_MSI_FLAGS_64BIT,
+ XIO3130_MSI_SUPPORTED_FLAGS & PCI_MSI_FLAGS_MASKBIT);
+ if (rc < 0) {
+ goto err_bridge;
+ }
+ rc = pci_bridge_ssvid_init(d, XIO3130_SSVID_OFFSET,
+ XIO3130_SSVID_SVID, XIO3130_SSVID_SSID);
+ if (rc < 0) {
+ goto err_bridge;
+ }
+ rc = pcie_cap_init(d, XIO3130_EXP_OFFSET, PCI_EXP_TYPE_DOWNSTREAM,
+ p->port);
+ if (rc < 0) {
+ goto err_msi;
+ }
+ pcie_cap_flr_init(d);
+ pcie_cap_deverr_init(d);
+ pcie_cap_slot_init(d, s->slot);
+ pcie_chassis_create(s->chassis);
+ rc = pcie_chassis_add_slot(s);
+ if (rc < 0) {
+ goto err_pcie_cap;
+ }
+ pcie_cap_ari_init(d);
+ rc = pcie_aer_init(d, XIO3130_AER_OFFSET);
+ if (rc < 0) {
+ goto err;
+ }
+
+ return 0;
+
+err:
+ pcie_chassis_del_slot(s);
+err_pcie_cap:
+ pcie_cap_exit(d);
+err_msi:
+ msi_uninit(d);
+err_bridge:
+ pci_bridge_exitfn(d);
+ return rc;
+}
+
+static void xio3130_downstream_exitfn(PCIDevice *d)
+{
+ PCIESlot *s = PCIE_SLOT(d);
+
+ pcie_aer_exit(d);
+ pcie_chassis_del_slot(s);
+ pcie_cap_exit(d);
+ msi_uninit(d);
+ pci_bridge_exitfn(d);
+}
+
+PCIESlot *xio3130_downstream_init(PCIBus *bus, int devfn, bool multifunction,
+ const char *bus_name, pci_map_irq_fn map_irq,
+ uint8_t port, uint8_t chassis,
+ uint16_t slot)
+{
+ PCIDevice *d;
+ PCIBridge *br;
+ DeviceState *qdev;
+
+ d = pci_create_multifunction(bus, devfn, multifunction,
+ "xio3130-downstream");
+ if (!d) {
+ return NULL;
+ }
+ br = PCI_BRIDGE(d);
+
+ qdev = DEVICE(d);
+ pci_bridge_map_irq(br, bus_name, map_irq);
+ qdev_prop_set_uint8(qdev, "port", port);
+ qdev_prop_set_uint8(qdev, "chassis", chassis);
+ qdev_prop_set_uint16(qdev, "slot", slot);
+ qdev_init_nofail(qdev);
+
+ return PCIE_SLOT(d);
+}
+
+static const VMStateDescription vmstate_xio3130_downstream = {
+ .name = "xio3130-express-downstream-port",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .minimum_version_id_old = 1,
+ .post_load = pcie_cap_slot_post_load,
+ .fields = (VMStateField[]) {
+ VMSTATE_PCIE_DEVICE(parent_obj.parent_obj.parent_obj, PCIESlot),
+ VMSTATE_STRUCT(parent_obj.parent_obj.parent_obj.exp.aer_log,
+ PCIESlot, 0, vmstate_pcie_aer_log, PCIEAERLog),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+static void xio3130_downstream_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ PCIDeviceClass *k = PCI_DEVICE_CLASS(klass);
+
+ k->is_express = 1;
+ k->is_bridge = 1;
+ k->config_write = xio3130_downstream_write_config;
+ k->init = xio3130_downstream_initfn;
+ k->exit = xio3130_downstream_exitfn;
+ k->vendor_id = PCI_VENDOR_ID_TI;
+ k->device_id = PCI_DEVICE_ID_TI_XIO3130D;
+ k->revision = XIO3130_REVISION;
+ set_bit(DEVICE_CATEGORY_BRIDGE, dc->categories);
+ dc->desc = "TI X3130 Downstream Port of PCI Express Switch";
+ dc->reset = xio3130_downstream_reset;
+ dc->vmsd = &vmstate_xio3130_downstream;
+}
+
+static const TypeInfo xio3130_downstream_info = {
+ .name = "xio3130-downstream",
+ .parent = TYPE_PCIE_SLOT,
+ .class_init = xio3130_downstream_class_init,
+};
+
+static void xio3130_downstream_register_types(void)
+{
+ type_register_static(&xio3130_downstream_info);
+}
+
+type_init(xio3130_downstream_register_types)
+
+/*
+ * Local variables:
+ * c-indent-level: 4
+ * c-basic-offset: 4
+ * tab-width: 8
+ * indent-tab-mode: nil
+ * End:
+ */
diff --git a/hw/pci-bridge/xio3130_downstream.h b/hw/pci-bridge/xio3130_downstream.h
new file mode 100644
index 000000000..8426d9ffa
--- /dev/null
+++ b/hw/pci-bridge/xio3130_downstream.h
@@ -0,0 +1,11 @@
+#ifndef QEMU_XIO3130_DOWNSTREAM_H
+#define QEMU_XIO3130_DOWNSTREAM_H
+
+#include "hw/pci/pcie_port.h"
+
+PCIESlot *xio3130_downstream_init(PCIBus *bus, int devfn, bool multifunction,
+ const char *bus_name, pci_map_irq_fn map_irq,
+ uint8_t port, uint8_t chassis,
+ uint16_t slot);
+
+#endif /* QEMU_XIO3130_DOWNSTREAM_H */
diff --git a/hw/pci-bridge/xio3130_upstream.c b/hw/pci-bridge/xio3130_upstream.c
new file mode 100644
index 000000000..59f97f6ff
--- /dev/null
+++ b/hw/pci-bridge/xio3130_upstream.c
@@ -0,0 +1,183 @@
+/*
+ * xio3130_upstream.c
+ * TI X3130 pci express upstream port switch
+ *
+ * Copyright (c) 2010 Isaku Yamahata <yamahata at valinux co jp>
+ * VA Linux Systems Japan K.K.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "hw/pci/pci_ids.h"
+#include "hw/pci/msi.h"
+#include "hw/pci/pcie.h"
+#include "xio3130_upstream.h"
+
+#define PCI_DEVICE_ID_TI_XIO3130U 0x8232 /* upstream port */
+#define XIO3130_REVISION 0x2
+#define XIO3130_MSI_OFFSET 0x70
+#define XIO3130_MSI_SUPPORTED_FLAGS PCI_MSI_FLAGS_64BIT
+#define XIO3130_MSI_NR_VECTOR 1
+#define XIO3130_SSVID_OFFSET 0x80
+#define XIO3130_SSVID_SVID 0
+#define XIO3130_SSVID_SSID 0
+#define XIO3130_EXP_OFFSET 0x90
+#define XIO3130_AER_OFFSET 0x100
+
+static void xio3130_upstream_write_config(PCIDevice *d, uint32_t address,
+ uint32_t val, int len)
+{
+ pci_bridge_write_config(d, address, val, len);
+ pcie_cap_flr_write_config(d, address, val, len);
+ pcie_aer_write_config(d, address, val, len);
+}
+
+static void xio3130_upstream_reset(DeviceState *qdev)
+{
+ PCIDevice *d = PCI_DEVICE(qdev);
+
+ pci_bridge_reset(qdev);
+ pcie_cap_deverr_reset(d);
+}
+
+static int xio3130_upstream_initfn(PCIDevice *d)
+{
+ PCIEPort *p = PCIE_PORT(d);
+ int rc;
+
+ rc = pci_bridge_initfn(d, TYPE_PCIE_BUS);
+ if (rc < 0) {
+ return rc;
+ }
+
+ pcie_port_init_reg(d);
+
+ rc = msi_init(d, XIO3130_MSI_OFFSET, XIO3130_MSI_NR_VECTOR,
+ XIO3130_MSI_SUPPORTED_FLAGS & PCI_MSI_FLAGS_64BIT,
+ XIO3130_MSI_SUPPORTED_FLAGS & PCI_MSI_FLAGS_MASKBIT);
+ if (rc < 0) {
+ goto err_bridge;
+ }
+ rc = pci_bridge_ssvid_init(d, XIO3130_SSVID_OFFSET,
+ XIO3130_SSVID_SVID, XIO3130_SSVID_SSID);
+ if (rc < 0) {
+ goto err_bridge;
+ }
+ rc = pcie_cap_init(d, XIO3130_EXP_OFFSET, PCI_EXP_TYPE_UPSTREAM,
+ p->port);
+ if (rc < 0) {
+ goto err_msi;
+ }
+ pcie_cap_flr_init(d);
+ pcie_cap_deverr_init(d);
+ rc = pcie_aer_init(d, XIO3130_AER_OFFSET);
+ if (rc < 0) {
+ goto err;
+ }
+
+ return 0;
+
+err:
+ pcie_cap_exit(d);
+err_msi:
+ msi_uninit(d);
+err_bridge:
+ pci_bridge_exitfn(d);
+ return rc;
+}
+
+static void xio3130_upstream_exitfn(PCIDevice *d)
+{
+ pcie_aer_exit(d);
+ pcie_cap_exit(d);
+ msi_uninit(d);
+ pci_bridge_exitfn(d);
+}
+
+PCIEPort *xio3130_upstream_init(PCIBus *bus, int devfn, bool multifunction,
+ const char *bus_name, pci_map_irq_fn map_irq,
+ uint8_t port)
+{
+ PCIDevice *d;
+ PCIBridge *br;
+ DeviceState *qdev;
+
+ d = pci_create_multifunction(bus, devfn, multifunction, "x3130-upstream");
+ if (!d) {
+ return NULL;
+ }
+ br = PCI_BRIDGE(d);
+
+ qdev = DEVICE(d);
+ pci_bridge_map_irq(br, bus_name, map_irq);
+ qdev_prop_set_uint8(qdev, "port", port);
+ qdev_init_nofail(qdev);
+
+ return PCIE_PORT(d);
+}
+
+static const VMStateDescription vmstate_xio3130_upstream = {
+ .name = "xio3130-express-upstream-port",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .minimum_version_id_old = 1,
+ .fields = (VMStateField[]) {
+ VMSTATE_PCIE_DEVICE(parent_obj.parent_obj, PCIEPort),
+ VMSTATE_STRUCT(parent_obj.parent_obj.exp.aer_log, PCIEPort, 0,
+ vmstate_pcie_aer_log, PCIEAERLog),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+static void xio3130_upstream_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ PCIDeviceClass *k = PCI_DEVICE_CLASS(klass);
+
+ k->is_express = 1;
+ k->is_bridge = 1;
+ k->config_write = xio3130_upstream_write_config;
+ k->init = xio3130_upstream_initfn;
+ k->exit = xio3130_upstream_exitfn;
+ k->vendor_id = PCI_VENDOR_ID_TI;
+ k->device_id = PCI_DEVICE_ID_TI_XIO3130U;
+ k->revision = XIO3130_REVISION;
+ set_bit(DEVICE_CATEGORY_BRIDGE, dc->categories);
+ dc->desc = "TI X3130 Upstream Port of PCI Express Switch";
+ dc->reset = xio3130_upstream_reset;
+ dc->vmsd = &vmstate_xio3130_upstream;
+}
+
+static const TypeInfo xio3130_upstream_info = {
+ .name = "x3130-upstream",
+ .parent = TYPE_PCIE_PORT,
+ .class_init = xio3130_upstream_class_init,
+};
+
+static void xio3130_upstream_register_types(void)
+{
+ type_register_static(&xio3130_upstream_info);
+}
+
+type_init(xio3130_upstream_register_types)
+
+
+/*
+ * Local variables:
+ * c-indent-level: 4
+ * c-basic-offset: 4
+ * tab-width: 8
+ * indent-tab-mode: nil
+ * End:
+ */
diff --git a/hw/pci-bridge/xio3130_upstream.h b/hw/pci-bridge/xio3130_upstream.h
new file mode 100644
index 000000000..08c1d5f75
--- /dev/null
+++ b/hw/pci-bridge/xio3130_upstream.h
@@ -0,0 +1,10 @@
+#ifndef QEMU_XIO3130_UPSTREAM_H
+#define QEMU_XIO3130_UPSTREAM_H
+
+#include "hw/pci/pcie_port.h"
+
+PCIEPort *xio3130_upstream_init(PCIBus *bus, int devfn, bool multifunction,
+ const char *bus_name, pci_map_irq_fn map_irq,
+ uint8_t port);
+
+#endif /* QEMU_XIO3130_H */
diff --git a/hw/pci-host/Makefile.objs b/hw/pci-host/Makefile.objs
new file mode 100644
index 000000000..bb65f9c4d
--- /dev/null
+++ b/hw/pci-host/Makefile.objs
@@ -0,0 +1,17 @@
+common-obj-y += pam.o
+
+# PPC devices
+common-obj-$(CONFIG_PREP_PCI) += prep.o
+common-obj-$(CONFIG_GRACKLE_PCI) += grackle.o
+# NewWorld PowerMac
+common-obj-$(CONFIG_UNIN_PCI) += uninorth.o
+# PowerPC E500 boards
+common-obj-$(CONFIG_PPCE500_PCI) += ppce500.o
+
+# ARM devices
+common-obj-$(CONFIG_VERSATILE_PCI) += versatile.o
+
+common-obj-$(CONFIG_PCI_APB) += apb.o
+common-obj-$(CONFIG_FULONG) += bonito.o
+common-obj-$(CONFIG_PCI_PIIX) += piix.o
+common-obj-$(CONFIG_PCI_Q35) += q35.o
diff --git a/hw/pci-host/apb.c b/hw/pci-host/apb.c
new file mode 100644
index 000000000..92f289f8f
--- /dev/null
+++ b/hw/pci-host/apb.c
@@ -0,0 +1,580 @@
+/*
+ * QEMU Ultrasparc APB PCI host
+ *
+ * Copyright (c) 2006 Fabrice Bellard
+ * Copyright (c) 2012,2013 Artyom Tarasenko
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+/* XXX This file and most of its contents are somewhat misnamed. The
+ Ultrasparc PCI host is called the PCI Bus Module (PBM). The APB is
+ the secondary PCI bridge. */
+
+#include "hw/sysbus.h"
+#include "hw/pci/pci.h"
+#include "hw/pci/pci_host.h"
+#include "hw/pci/pci_bridge.h"
+#include "hw/pci/pci_bus.h"
+#include "hw/pci-host/apb.h"
+#include "sysemu/sysemu.h"
+#include "exec/address-spaces.h"
+
+/* debug APB */
+//#define DEBUG_APB
+
+#ifdef DEBUG_APB
+#define APB_DPRINTF(fmt, ...) \
+do { printf("APB: " fmt , ## __VA_ARGS__); } while (0)
+#else
+#define APB_DPRINTF(fmt, ...)
+#endif
+
+/*
+ * Chipset docs:
+ * PBM: "UltraSPARC IIi User's Manual",
+ * http://www.sun.com/processors/manuals/805-0087.pdf
+ *
+ * APB: "Advanced PCI Bridge (APB) User's Manual",
+ * http://www.sun.com/processors/manuals/805-1251.pdf
+ */
+
+#define PBM_PCI_IMR_MASK 0x7fffffff
+#define PBM_PCI_IMR_ENABLED 0x80000000
+
+#define POR (1 << 31)
+#define SOFT_POR (1 << 30)
+#define SOFT_XIR (1 << 29)
+#define BTN_POR (1 << 28)
+#define BTN_XIR (1 << 27)
+#define RESET_MASK 0xf8000000
+#define RESET_WCMASK 0x98000000
+#define RESET_WMASK 0x60000000
+
+#define MAX_IVEC 0x40
+#define NO_IRQ_REQUEST (MAX_IVEC + 1)
+
+#define TYPE_APB "pbm"
+
+#define APB_DEVICE(obj) \
+ OBJECT_CHECK(APBState, (obj), TYPE_APB)
+
+typedef struct APBState {
+ PCIHostState parent_obj;
+
+ MemoryRegion apb_config;
+ MemoryRegion pci_config;
+ MemoryRegion pci_mmio;
+ MemoryRegion pci_ioport;
+ uint64_t pci_irq_in;
+ uint32_t iommu[4];
+ uint32_t pci_control[16];
+ uint32_t pci_irq_map[8];
+ uint32_t obio_irq_map[32];
+ qemu_irq *pbm_irqs;
+ qemu_irq *ivec_irqs;
+ unsigned int irq_request;
+ uint32_t reset_control;
+ unsigned int nr_resets;
+} APBState;
+
+static inline void pbm_set_request(APBState *s, unsigned int irq_num)
+{
+ APB_DPRINTF("%s: request irq %d\n", __func__, irq_num);
+
+ s->irq_request = irq_num;
+ qemu_set_irq(s->ivec_irqs[irq_num], 1);
+}
+
+static inline void pbm_check_irqs(APBState *s)
+{
+
+ unsigned int i;
+
+ /* Previous request is not acknowledged, resubmit */
+ if (s->irq_request != NO_IRQ_REQUEST) {
+ pbm_set_request(s, s->irq_request);
+ return;
+ }
+ /* no request pending */
+ if (s->pci_irq_in == 0ULL) {
+ return;
+ }
+ for (i = 0; i < 32; i++) {
+ if (s->pci_irq_in & (1ULL << i)) {
+ if (s->pci_irq_map[i >> 2] & PBM_PCI_IMR_ENABLED) {
+ pbm_set_request(s, i);
+ return;
+ }
+ }
+ }
+ for (i = 32; i < 64; i++) {
+ if (s->pci_irq_in & (1ULL << i)) {
+ if (s->obio_irq_map[i - 32] & PBM_PCI_IMR_ENABLED) {
+ pbm_set_request(s, i);
+ break;
+ }
+ }
+ }
+}
+
+static inline void pbm_clear_request(APBState *s, unsigned int irq_num)
+{
+ APB_DPRINTF("%s: clear request irq %d\n", __func__, irq_num);
+ qemu_set_irq(s->ivec_irqs[irq_num], 0);
+ s->irq_request = NO_IRQ_REQUEST;
+}
+
+static void apb_config_writel (void *opaque, hwaddr addr,
+ uint64_t val, unsigned size)
+{
+ APBState *s = opaque;
+
+ APB_DPRINTF("%s: addr " TARGET_FMT_plx " val %" PRIx64 "\n", __func__, addr, val);
+
+ switch (addr & 0xffff) {
+ case 0x30 ... 0x4f: /* DMA error registers */
+ /* XXX: not implemented yet */
+ break;
+ case 0x200 ... 0x20b: /* IOMMU */
+ s->iommu[(addr & 0xf) >> 2] = val;
+ break;
+ case 0x20c ... 0x3ff: /* IOMMU flush */
+ break;
+ case 0xc00 ... 0xc3f: /* PCI interrupt control */
+ if (addr & 4) {
+ unsigned int ino = (addr & 0x3f) >> 3;
+ s->pci_irq_map[ino] &= PBM_PCI_IMR_MASK;
+ s->pci_irq_map[ino] |= val & ~PBM_PCI_IMR_MASK;
+ if ((s->irq_request == ino) && !(val & ~PBM_PCI_IMR_MASK)) {
+ pbm_clear_request(s, ino);
+ }
+ pbm_check_irqs(s);
+ }
+ break;
+ case 0x1000 ... 0x1080: /* OBIO interrupt control */
+ if (addr & 4) {
+ unsigned int ino = ((addr & 0xff) >> 3);
+ s->obio_irq_map[ino] &= PBM_PCI_IMR_MASK;
+ s->obio_irq_map[ino] |= val & ~PBM_PCI_IMR_MASK;
+ if ((s->irq_request == (ino | 0x20))
+ && !(val & ~PBM_PCI_IMR_MASK)) {
+ pbm_clear_request(s, ino | 0x20);
+ }
+ pbm_check_irqs(s);
+ }
+ break;
+ case 0x1400 ... 0x14ff: /* PCI interrupt clear */
+ if (addr & 4) {
+ unsigned int ino = (addr & 0xff) >> 5;
+ if ((s->irq_request / 4) == ino) {
+ pbm_clear_request(s, s->irq_request);
+ pbm_check_irqs(s);
+ }
+ }
+ break;
+ case 0x1800 ... 0x1860: /* OBIO interrupt clear */
+ if (addr & 4) {
+ unsigned int ino = ((addr & 0xff) >> 3) | 0x20;
+ if (s->irq_request == ino) {
+ pbm_clear_request(s, ino);
+ pbm_check_irqs(s);
+ }
+ }
+ break;
+ case 0x2000 ... 0x202f: /* PCI control */
+ s->pci_control[(addr & 0x3f) >> 2] = val;
+ break;
+ case 0xf020 ... 0xf027: /* Reset control */
+ if (addr & 4) {
+ val &= RESET_MASK;
+ s->reset_control &= ~(val & RESET_WCMASK);
+ s->reset_control |= val & RESET_WMASK;
+ if (val & SOFT_POR) {
+ s->nr_resets = 0;
+ qemu_system_reset_request();
+ } else if (val & SOFT_XIR) {
+ qemu_system_reset_request();
+ }
+ }
+ break;
+ case 0x5000 ... 0x51cf: /* PIO/DMA diagnostics */
+ case 0xa400 ... 0xa67f: /* IOMMU diagnostics */
+ case 0xa800 ... 0xa80f: /* Interrupt diagnostics */
+ case 0xf000 ... 0xf01f: /* FFB config, memory control */
+ /* we don't care */
+ default:
+ break;
+ }
+}
+
+static uint64_t apb_config_readl (void *opaque,
+ hwaddr addr, unsigned size)
+{
+ APBState *s = opaque;
+ uint32_t val;
+
+ switch (addr & 0xffff) {
+ case 0x30 ... 0x4f: /* DMA error registers */
+ val = 0;
+ /* XXX: not implemented yet */
+ break;
+ case 0x200 ... 0x20b: /* IOMMU */
+ val = s->iommu[(addr & 0xf) >> 2];
+ break;
+ case 0x20c ... 0x3ff: /* IOMMU flush */
+ val = 0;
+ break;
+ case 0xc00 ... 0xc3f: /* PCI interrupt control */
+ if (addr & 4) {
+ val = s->pci_irq_map[(addr & 0x3f) >> 3];
+ } else {
+ val = 0;
+ }
+ break;
+ case 0x1000 ... 0x1080: /* OBIO interrupt control */
+ if (addr & 4) {
+ val = s->obio_irq_map[(addr & 0xff) >> 3];
+ } else {
+ val = 0;
+ }
+ break;
+ case 0x2000 ... 0x202f: /* PCI control */
+ val = s->pci_control[(addr & 0x3f) >> 2];
+ break;
+ case 0xf020 ... 0xf027: /* Reset control */
+ if (addr & 4) {
+ val = s->reset_control;
+ } else {
+ val = 0;
+ }
+ break;
+ case 0x5000 ... 0x51cf: /* PIO/DMA diagnostics */
+ case 0xa400 ... 0xa67f: /* IOMMU diagnostics */
+ case 0xa800 ... 0xa80f: /* Interrupt diagnostics */
+ case 0xf000 ... 0xf01f: /* FFB config, memory control */
+ /* we don't care */
+ default:
+ val = 0;
+ break;
+ }
+ APB_DPRINTF("%s: addr " TARGET_FMT_plx " -> %x\n", __func__, addr, val);
+
+ return val;
+}
+
+static const MemoryRegionOps apb_config_ops = {
+ .read = apb_config_readl,
+ .write = apb_config_writel,
+ .endianness = DEVICE_NATIVE_ENDIAN,
+};
+
+static void apb_pci_config_write(void *opaque, hwaddr addr,
+ uint64_t val, unsigned size)
+{
+ APBState *s = opaque;
+ PCIHostState *phb = PCI_HOST_BRIDGE(s);
+
+ val = qemu_bswap_len(val, size);
+ APB_DPRINTF("%s: addr " TARGET_FMT_plx " val %" PRIx64 "\n", __func__, addr, val);
+ pci_data_write(phb->bus, addr, val, size);
+}
+
+static uint64_t apb_pci_config_read(void *opaque, hwaddr addr,
+ unsigned size)
+{
+ uint32_t ret;
+ APBState *s = opaque;
+ PCIHostState *phb = PCI_HOST_BRIDGE(s);
+
+ ret = pci_data_read(phb->bus, addr, size);
+ ret = qemu_bswap_len(ret, size);
+ APB_DPRINTF("%s: addr " TARGET_FMT_plx " -> %x\n", __func__, addr, ret);
+ return ret;
+}
+
+/* The APB host has an IRQ line for each IRQ line of each slot. */
+static int pci_apb_map_irq(PCIDevice *pci_dev, int irq_num)
+{
+ return ((pci_dev->devfn & 0x18) >> 1) + irq_num;
+}
+
+static int pci_pbm_map_irq(PCIDevice *pci_dev, int irq_num)
+{
+ int bus_offset;
+ if (pci_dev->devfn & 1)
+ bus_offset = 16;
+ else
+ bus_offset = 0;
+ return (bus_offset + (PCI_SLOT(pci_dev->devfn) << 2) + irq_num) & 0x1f;
+}
+
+static void pci_apb_set_irq(void *opaque, int irq_num, int level)
+{
+ APBState *s = opaque;
+
+ APB_DPRINTF("%s: set irq_in %d level %d\n", __func__, irq_num, level);
+ /* PCI IRQ map onto the first 32 INO. */
+ if (irq_num < 32) {
+ if (level) {
+ s->pci_irq_in |= 1ULL << irq_num;
+ if (s->pci_irq_map[irq_num >> 2] & PBM_PCI_IMR_ENABLED) {
+ pbm_set_request(s, irq_num);
+ }
+ } else {
+ s->pci_irq_in &= ~(1ULL << irq_num);
+ }
+ } else {
+ /* OBIO IRQ map onto the next 32 INO. */
+ if (level) {
+ APB_DPRINTF("%s: set irq %d level %d\n", __func__, irq_num, level);
+ s->pci_irq_in |= 1ULL << irq_num;
+ if ((s->irq_request == NO_IRQ_REQUEST)
+ && (s->obio_irq_map[irq_num - 32] & PBM_PCI_IMR_ENABLED)) {
+ pbm_set_request(s, irq_num);
+ }
+ } else {
+ s->pci_irq_in &= ~(1ULL << irq_num);
+ }
+ }
+}
+
+static int apb_pci_bridge_initfn(PCIDevice *dev)
+{
+ int rc;
+
+ rc = pci_bridge_initfn(dev, TYPE_PCI_BUS);
+ if (rc < 0) {
+ return rc;
+ }
+
+ /*
+ * command register:
+ * According to PCI bridge spec, after reset
+ * bus master bit is off
+ * memory space enable bit is off
+ * According to manual (805-1251.pdf).
+ * the reset value should be zero unless the boot pin is tied high
+ * (which is true) and thus it should be PCI_COMMAND_MEMORY.
+ */
+ pci_set_word(dev->config + PCI_COMMAND,
+ PCI_COMMAND_MEMORY);
+ pci_set_word(dev->config + PCI_STATUS,
+ PCI_STATUS_FAST_BACK | PCI_STATUS_66MHZ |
+ PCI_STATUS_DEVSEL_MEDIUM);
+ return 0;
+}
+
+PCIBus *pci_apb_init(hwaddr special_base,
+ hwaddr mem_base,
+ qemu_irq *ivec_irqs, PCIBus **bus2, PCIBus **bus3,
+ qemu_irq **pbm_irqs)
+{
+ DeviceState *dev;
+ SysBusDevice *s;
+ PCIHostState *phb;
+ APBState *d;
+ PCIDevice *pci_dev;
+ PCIBridge *br;
+
+ /* Ultrasparc PBM main bus */
+ dev = qdev_create(NULL, TYPE_APB);
+ qdev_init_nofail(dev);
+ s = SYS_BUS_DEVICE(dev);
+ /* apb_config */
+ sysbus_mmio_map(s, 0, special_base);
+ /* PCI configuration space */
+ sysbus_mmio_map(s, 1, special_base + 0x1000000ULL);
+ /* pci_ioport */
+ sysbus_mmio_map(s, 2, special_base + 0x2000000ULL);
+ d = APB_DEVICE(dev);
+
+ memory_region_init(&d->pci_mmio, OBJECT(s), "pci-mmio", 0x100000000ULL);
+ memory_region_add_subregion(get_system_memory(), mem_base, &d->pci_mmio);
+
+ phb = PCI_HOST_BRIDGE(dev);
+ phb->bus = pci_register_bus(DEVICE(phb), "pci",
+ pci_apb_set_irq, pci_pbm_map_irq, d,
+ &d->pci_mmio,
+ get_system_io(),
+ 0, 32, TYPE_PCI_BUS);
+
+ *pbm_irqs = d->pbm_irqs;
+ d->ivec_irqs = ivec_irqs;
+
+ pci_create_simple(phb->bus, 0, "pbm-pci");
+
+ /* APB secondary busses */
+ pci_dev = pci_create_multifunction(phb->bus, PCI_DEVFN(1, 0), true,
+ "pbm-bridge");
+ br = PCI_BRIDGE(pci_dev);
+ pci_bridge_map_irq(br, "Advanced PCI Bus secondary bridge 1",
+ pci_apb_map_irq);
+ qdev_init_nofail(&pci_dev->qdev);
+ *bus2 = pci_bridge_get_sec_bus(br);
+
+ pci_dev = pci_create_multifunction(phb->bus, PCI_DEVFN(1, 1), true,
+ "pbm-bridge");
+ br = PCI_BRIDGE(pci_dev);
+ pci_bridge_map_irq(br, "Advanced PCI Bus secondary bridge 2",
+ pci_apb_map_irq);
+ qdev_init_nofail(&pci_dev->qdev);
+ *bus3 = pci_bridge_get_sec_bus(br);
+
+ return phb->bus;
+}
+
+static void pci_pbm_reset(DeviceState *d)
+{
+ unsigned int i;
+ APBState *s = APB_DEVICE(d);
+
+ for (i = 0; i < 8; i++) {
+ s->pci_irq_map[i] &= PBM_PCI_IMR_MASK;
+ }
+ for (i = 0; i < 32; i++) {
+ s->obio_irq_map[i] &= PBM_PCI_IMR_MASK;
+ }
+
+ s->irq_request = NO_IRQ_REQUEST;
+ s->pci_irq_in = 0ULL;
+
+ if (s->nr_resets++ == 0) {
+ /* Power on reset */
+ s->reset_control = POR;
+ }
+}
+
+static const MemoryRegionOps pci_config_ops = {
+ .read = apb_pci_config_read,
+ .write = apb_pci_config_write,
+ .endianness = DEVICE_NATIVE_ENDIAN,
+};
+
+static int pci_pbm_init_device(SysBusDevice *dev)
+{
+ APBState *s;
+ unsigned int i;
+
+ s = APB_DEVICE(dev);
+ for (i = 0; i < 8; i++) {
+ s->pci_irq_map[i] = (0x1f << 6) | (i << 2);
+ }
+ for (i = 0; i < 32; i++) {
+ s->obio_irq_map[i] = ((0x1f << 6) | 0x20) + i;
+ }
+ s->pbm_irqs = qemu_allocate_irqs(pci_apb_set_irq, s, MAX_IVEC);
+ s->irq_request = NO_IRQ_REQUEST;
+ s->pci_irq_in = 0ULL;
+
+ /* apb_config */
+ memory_region_init_io(&s->apb_config, OBJECT(s), &apb_config_ops, s,
+ "apb-config", 0x10000);
+ /* at region 0 */
+ sysbus_init_mmio(dev, &s->apb_config);
+
+ memory_region_init_io(&s->pci_config, OBJECT(s), &pci_config_ops, s,
+ "apb-pci-config", 0x1000000);
+ /* at region 1 */
+ sysbus_init_mmio(dev, &s->pci_config);
+
+ /* pci_ioport */
+ memory_region_init_alias(&s->pci_ioport, OBJECT(s), "apb-pci-ioport",
+ get_system_io(), 0, 0x10000);
+ /* at region 2 */
+ sysbus_init_mmio(dev, &s->pci_ioport);
+
+ return 0;
+}
+
+static int pbm_pci_host_init(PCIDevice *d)
+{
+ pci_set_word(d->config + PCI_COMMAND,
+ PCI_COMMAND_MEMORY | PCI_COMMAND_MASTER);
+ pci_set_word(d->config + PCI_STATUS,
+ PCI_STATUS_FAST_BACK | PCI_STATUS_66MHZ |
+ PCI_STATUS_DEVSEL_MEDIUM);
+ return 0;
+}
+
+static void pbm_pci_host_class_init(ObjectClass *klass, void *data)
+{
+ PCIDeviceClass *k = PCI_DEVICE_CLASS(klass);
+
+ k->init = pbm_pci_host_init;
+ k->vendor_id = PCI_VENDOR_ID_SUN;
+ k->device_id = PCI_DEVICE_ID_SUN_SABRE;
+ k->class_id = PCI_CLASS_BRIDGE_HOST;
+}
+
+static const TypeInfo pbm_pci_host_info = {
+ .name = "pbm-pci",
+ .parent = TYPE_PCI_DEVICE,
+ .instance_size = sizeof(PCIDevice),
+ .class_init = pbm_pci_host_class_init,
+};
+
+static void pbm_host_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
+
+ k->init = pci_pbm_init_device;
+ set_bit(DEVICE_CATEGORY_BRIDGE, dc->categories);
+ dc->reset = pci_pbm_reset;
+}
+
+static const TypeInfo pbm_host_info = {
+ .name = TYPE_APB,
+ .parent = TYPE_PCI_HOST_BRIDGE,
+ .instance_size = sizeof(APBState),
+ .class_init = pbm_host_class_init,
+};
+
+static void pbm_pci_bridge_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ PCIDeviceClass *k = PCI_DEVICE_CLASS(klass);
+
+ k->init = apb_pci_bridge_initfn;
+ k->exit = pci_bridge_exitfn;
+ k->vendor_id = PCI_VENDOR_ID_SUN;
+ k->device_id = PCI_DEVICE_ID_SUN_SIMBA;
+ k->revision = 0x11;
+ k->config_write = pci_bridge_write_config;
+ k->is_bridge = 1;
+ set_bit(DEVICE_CATEGORY_BRIDGE, dc->categories);
+ dc->reset = pci_bridge_reset;
+ dc->vmsd = &vmstate_pci_device;
+}
+
+static const TypeInfo pbm_pci_bridge_info = {
+ .name = "pbm-bridge",
+ .parent = TYPE_PCI_BRIDGE,
+ .class_init = pbm_pci_bridge_class_init,
+};
+
+static void pbm_register_types(void)
+{
+ type_register_static(&pbm_host_info);
+ type_register_static(&pbm_pci_host_info);
+ type_register_static(&pbm_pci_bridge_info);
+}
+
+type_init(pbm_register_types)
diff --git a/hw/pci-host/bonito.c b/hw/pci-host/bonito.c
new file mode 100644
index 000000000..5086d42c1
--- /dev/null
+++ b/hw/pci-host/bonito.c
@@ -0,0 +1,842 @@
+/*
+ * bonito north bridge support
+ *
+ * Copyright (c) 2008 yajin (yajin@vm-kernel.org)
+ * Copyright (c) 2010 Huacai Chen (zltjiangshi@gmail.com)
+ *
+ * This code is licensed under the GNU GPL v2.
+ *
+ * Contributions after 2012-01-13 are licensed under the terms of the
+ * GNU GPL, version 2 or (at your option) any later version.
+ */
+
+/*
+ * fulong 2e mini pc has a bonito north bridge.
+ */
+
+/* what is the meaning of devfn in qemu and IDSEL in bonito northbridge?
+ *
+ * devfn pci_slot<<3 + funno
+ * one pci bus can have 32 devices and each device can have 8 functions.
+ *
+ * In bonito north bridge, pci slot = IDSEL bit - 12.
+ * For example, PCI_IDSEL_VIA686B = 17,
+ * pci slot = 17-12=5
+ *
+ * so
+ * VT686B_FUN0's devfn = (5<<3)+0
+ * VT686B_FUN1's devfn = (5<<3)+1
+ *
+ * qemu also uses pci address for north bridge to access pci config register.
+ * bus_no [23:16]
+ * dev_no [15:11]
+ * fun_no [10:8]
+ * reg_no [7:2]
+ *
+ * so function bonito_sbridge_pciaddr for the translation from
+ * north bridge address to pci address.
+ */
+
+#include <assert.h>
+
+#include "hw/hw.h"
+#include "hw/pci/pci.h"
+#include "hw/i386/pc.h"
+#include "hw/mips/mips.h"
+#include "hw/pci/pci_host.h"
+#include "sysemu/sysemu.h"
+#include "exec/address-spaces.h"
+
+//#define DEBUG_BONITO
+
+#ifdef DEBUG_BONITO
+#define DPRINTF(fmt, ...) fprintf(stderr, "%s: " fmt, __FUNCTION__, ##__VA_ARGS__)
+#else
+#define DPRINTF(fmt, ...)
+#endif
+
+/* from linux soure code. include/asm-mips/mips-boards/bonito64.h*/
+#define BONITO_BOOT_BASE 0x1fc00000
+#define BONITO_BOOT_SIZE 0x00100000
+#define BONITO_BOOT_TOP (BONITO_BOOT_BASE+BONITO_BOOT_SIZE-1)
+#define BONITO_FLASH_BASE 0x1c000000
+#define BONITO_FLASH_SIZE 0x03000000
+#define BONITO_FLASH_TOP (BONITO_FLASH_BASE+BONITO_FLASH_SIZE-1)
+#define BONITO_SOCKET_BASE 0x1f800000
+#define BONITO_SOCKET_SIZE 0x00400000
+#define BONITO_SOCKET_TOP (BONITO_SOCKET_BASE+BONITO_SOCKET_SIZE-1)
+#define BONITO_REG_BASE 0x1fe00000
+#define BONITO_REG_SIZE 0x00040000
+#define BONITO_REG_TOP (BONITO_REG_BASE+BONITO_REG_SIZE-1)
+#define BONITO_DEV_BASE 0x1ff00000
+#define BONITO_DEV_SIZE 0x00100000
+#define BONITO_DEV_TOP (BONITO_DEV_BASE+BONITO_DEV_SIZE-1)
+#define BONITO_PCILO_BASE 0x10000000
+#define BONITO_PCILO_BASE_VA 0xb0000000
+#define BONITO_PCILO_SIZE 0x0c000000
+#define BONITO_PCILO_TOP (BONITO_PCILO_BASE+BONITO_PCILO_SIZE-1)
+#define BONITO_PCILO0_BASE 0x10000000
+#define BONITO_PCILO1_BASE 0x14000000
+#define BONITO_PCILO2_BASE 0x18000000
+#define BONITO_PCIHI_BASE 0x20000000
+#define BONITO_PCIHI_SIZE 0x20000000
+#define BONITO_PCIHI_TOP (BONITO_PCIHI_BASE+BONITO_PCIHI_SIZE-1)
+#define BONITO_PCIIO_BASE 0x1fd00000
+#define BONITO_PCIIO_BASE_VA 0xbfd00000
+#define BONITO_PCIIO_SIZE 0x00010000
+#define BONITO_PCIIO_TOP (BONITO_PCIIO_BASE+BONITO_PCIIO_SIZE-1)
+#define BONITO_PCICFG_BASE 0x1fe80000
+#define BONITO_PCICFG_SIZE 0x00080000
+#define BONITO_PCICFG_TOP (BONITO_PCICFG_BASE+BONITO_PCICFG_SIZE-1)
+
+
+#define BONITO_PCICONFIGBASE 0x00
+#define BONITO_REGBASE 0x100
+
+#define BONITO_PCICONFIG_BASE (BONITO_PCICONFIGBASE+BONITO_REG_BASE)
+#define BONITO_PCICONFIG_SIZE (0x100)
+
+#define BONITO_INTERNAL_REG_BASE (BONITO_REGBASE+BONITO_REG_BASE)
+#define BONITO_INTERNAL_REG_SIZE (0x70)
+
+#define BONITO_SPCICONFIG_BASE (BONITO_PCICFG_BASE)
+#define BONITO_SPCICONFIG_SIZE (BONITO_PCICFG_SIZE)
+
+
+
+/* 1. Bonito h/w Configuration */
+/* Power on register */
+
+#define BONITO_BONPONCFG (0x00 >> 2) /* 0x100 */
+#define BONITO_BONGENCFG_OFFSET 0x4
+#define BONITO_BONGENCFG (BONITO_BONGENCFG_OFFSET>>2) /*0x104 */
+
+/* 2. IO & IDE configuration */
+#define BONITO_IODEVCFG (0x08 >> 2) /* 0x108 */
+
+/* 3. IO & IDE configuration */
+#define BONITO_SDCFG (0x0c >> 2) /* 0x10c */
+
+/* 4. PCI address map control */
+#define BONITO_PCIMAP (0x10 >> 2) /* 0x110 */
+#define BONITO_PCIMEMBASECFG (0x14 >> 2) /* 0x114 */
+#define BONITO_PCIMAP_CFG (0x18 >> 2) /* 0x118 */
+
+/* 5. ICU & GPIO regs */
+/* GPIO Regs - r/w */
+#define BONITO_GPIODATA_OFFSET 0x1c
+#define BONITO_GPIODATA (BONITO_GPIODATA_OFFSET >> 2) /* 0x11c */
+#define BONITO_GPIOIE (0x20 >> 2) /* 0x120 */
+
+/* ICU Configuration Regs - r/w */
+#define BONITO_INTEDGE (0x24 >> 2) /* 0x124 */
+#define BONITO_INTSTEER (0x28 >> 2) /* 0x128 */
+#define BONITO_INTPOL (0x2c >> 2) /* 0x12c */
+
+/* ICU Enable Regs - IntEn & IntISR are r/o. */
+#define BONITO_INTENSET (0x30 >> 2) /* 0x130 */
+#define BONITO_INTENCLR (0x34 >> 2) /* 0x134 */
+#define BONITO_INTEN (0x38 >> 2) /* 0x138 */
+#define BONITO_INTISR (0x3c >> 2) /* 0x13c */
+
+/* PCI mail boxes */
+#define BONITO_PCIMAIL0_OFFSET 0x40
+#define BONITO_PCIMAIL1_OFFSET 0x44
+#define BONITO_PCIMAIL2_OFFSET 0x48
+#define BONITO_PCIMAIL3_OFFSET 0x4c
+#define BONITO_PCIMAIL0 (0x40 >> 2) /* 0x140 */
+#define BONITO_PCIMAIL1 (0x44 >> 2) /* 0x144 */
+#define BONITO_PCIMAIL2 (0x48 >> 2) /* 0x148 */
+#define BONITO_PCIMAIL3 (0x4c >> 2) /* 0x14c */
+
+/* 6. PCI cache */
+#define BONITO_PCICACHECTRL (0x50 >> 2) /* 0x150 */
+#define BONITO_PCICACHETAG (0x54 >> 2) /* 0x154 */
+#define BONITO_PCIBADADDR (0x58 >> 2) /* 0x158 */
+#define BONITO_PCIMSTAT (0x5c >> 2) /* 0x15c */
+
+/* 7. other*/
+#define BONITO_TIMECFG (0x60 >> 2) /* 0x160 */
+#define BONITO_CPUCFG (0x64 >> 2) /* 0x164 */
+#define BONITO_DQCFG (0x68 >> 2) /* 0x168 */
+#define BONITO_MEMSIZE (0x6C >> 2) /* 0x16c */
+
+#define BONITO_REGS (0x70 >> 2)
+
+/* PCI config for south bridge. type 0 */
+#define BONITO_PCICONF_IDSEL_MASK 0xfffff800 /* [31:11] */
+#define BONITO_PCICONF_IDSEL_OFFSET 11
+#define BONITO_PCICONF_FUN_MASK 0x700 /* [10:8] */
+#define BONITO_PCICONF_FUN_OFFSET 8
+#define BONITO_PCICONF_REG_MASK 0xFC
+#define BONITO_PCICONF_REG_OFFSET 0
+
+
+/* idsel BIT = pci slot number +12 */
+#define PCI_SLOT_BASE 12
+#define PCI_IDSEL_VIA686B_BIT (17)
+#define PCI_IDSEL_VIA686B (1<<PCI_IDSEL_VIA686B_BIT)
+
+#define PCI_ADDR(busno,devno,funno,regno) \
+ ((((busno)<<16)&0xff0000) + (((devno)<<11)&0xf800) + (((funno)<<8)&0x700) + (regno))
+
+#define TYPE_BONITO_PCI_HOST_BRIDGE "Bonito-pcihost"
+
+typedef struct BonitoState BonitoState;
+
+typedef struct PCIBonitoState
+{
+ PCIDevice dev;
+
+ BonitoState *pcihost;
+ uint32_t regs[BONITO_REGS];
+
+ struct bonldma {
+ uint32_t ldmactrl;
+ uint32_t ldmastat;
+ uint32_t ldmaaddr;
+ uint32_t ldmago;
+ } bonldma;
+
+ /* Based at 1fe00300, bonito Copier */
+ struct boncop {
+ uint32_t copctrl;
+ uint32_t copstat;
+ uint32_t coppaddr;
+ uint32_t copgo;
+ } boncop;
+
+ /* Bonito registers */
+ MemoryRegion iomem;
+ MemoryRegion iomem_ldma;
+ MemoryRegion iomem_cop;
+ MemoryRegion bonito_pciio;
+ MemoryRegion bonito_localio;
+
+} PCIBonitoState;
+
+#define BONITO_PCI_HOST_BRIDGE(obj) \
+ OBJECT_CHECK(BonitoState, (obj), TYPE_BONITO_PCI_HOST_BRIDGE)
+
+struct BonitoState {
+ PCIHostState parent_obj;
+
+ qemu_irq *pic;
+
+ PCIBonitoState *pci_dev;
+};
+
+static void bonito_writel(void *opaque, hwaddr addr,
+ uint64_t val, unsigned size)
+{
+ PCIBonitoState *s = opaque;
+ uint32_t saddr;
+ int reset = 0;
+
+ saddr = (addr - BONITO_REGBASE) >> 2;
+
+ DPRINTF("bonito_writel "TARGET_FMT_plx" val %x saddr %x\n", addr, val, saddr);
+ switch (saddr) {
+ case BONITO_BONPONCFG:
+ case BONITO_IODEVCFG:
+ case BONITO_SDCFG:
+ case BONITO_PCIMAP:
+ case BONITO_PCIMEMBASECFG:
+ case BONITO_PCIMAP_CFG:
+ case BONITO_GPIODATA:
+ case BONITO_GPIOIE:
+ case BONITO_INTEDGE:
+ case BONITO_INTSTEER:
+ case BONITO_INTPOL:
+ case BONITO_PCIMAIL0:
+ case BONITO_PCIMAIL1:
+ case BONITO_PCIMAIL2:
+ case BONITO_PCIMAIL3:
+ case BONITO_PCICACHECTRL:
+ case BONITO_PCICACHETAG:
+ case BONITO_PCIBADADDR:
+ case BONITO_PCIMSTAT:
+ case BONITO_TIMECFG:
+ case BONITO_CPUCFG:
+ case BONITO_DQCFG:
+ case BONITO_MEMSIZE:
+ s->regs[saddr] = val;
+ break;
+ case BONITO_BONGENCFG:
+ if (!(s->regs[saddr] & 0x04) && (val & 0x04)) {
+ reset = 1; /* bit 2 jump from 0 to 1 cause reset */
+ }
+ s->regs[saddr] = val;
+ if (reset) {
+ qemu_system_reset_request();
+ }
+ break;
+ case BONITO_INTENSET:
+ s->regs[BONITO_INTENSET] = val;
+ s->regs[BONITO_INTEN] |= val;
+ break;
+ case BONITO_INTENCLR:
+ s->regs[BONITO_INTENCLR] = val;
+ s->regs[BONITO_INTEN] &= ~val;
+ break;
+ case BONITO_INTEN:
+ case BONITO_INTISR:
+ DPRINTF("write to readonly bonito register %x\n", saddr);
+ break;
+ default:
+ DPRINTF("write to unknown bonito register %x\n", saddr);
+ break;
+ }
+}
+
+static uint64_t bonito_readl(void *opaque, hwaddr addr,
+ unsigned size)
+{
+ PCIBonitoState *s = opaque;
+ uint32_t saddr;
+
+ saddr = (addr - BONITO_REGBASE) >> 2;
+
+ DPRINTF("bonito_readl "TARGET_FMT_plx"\n", addr);
+ switch (saddr) {
+ case BONITO_INTISR:
+ return s->regs[saddr];
+ default:
+ return s->regs[saddr];
+ }
+}
+
+static const MemoryRegionOps bonito_ops = {
+ .read = bonito_readl,
+ .write = bonito_writel,
+ .endianness = DEVICE_NATIVE_ENDIAN,
+ .valid = {
+ .min_access_size = 4,
+ .max_access_size = 4,
+ },
+};
+
+static void bonito_pciconf_writel(void *opaque, hwaddr addr,
+ uint64_t val, unsigned size)
+{
+ PCIBonitoState *s = opaque;
+ PCIDevice *d = PCI_DEVICE(s);
+
+ DPRINTF("bonito_pciconf_writel "TARGET_FMT_plx" val %x\n", addr, val);
+ d->config_write(d, addr, val, 4);
+}
+
+static uint64_t bonito_pciconf_readl(void *opaque, hwaddr addr,
+ unsigned size)
+{
+
+ PCIBonitoState *s = opaque;
+ PCIDevice *d = PCI_DEVICE(s);
+
+ DPRINTF("bonito_pciconf_readl "TARGET_FMT_plx"\n", addr);
+ return d->config_read(d, addr, 4);
+}
+
+/* north bridge PCI configure space. 0x1fe0 0000 - 0x1fe0 00ff */
+
+static const MemoryRegionOps bonito_pciconf_ops = {
+ .read = bonito_pciconf_readl,
+ .write = bonito_pciconf_writel,
+ .endianness = DEVICE_NATIVE_ENDIAN,
+ .valid = {
+ .min_access_size = 4,
+ .max_access_size = 4,
+ },
+};
+
+static uint64_t bonito_ldma_readl(void *opaque, hwaddr addr,
+ unsigned size)
+{
+ uint32_t val;
+ PCIBonitoState *s = opaque;
+
+ val = ((uint32_t *)(&s->bonldma))[addr/sizeof(uint32_t)];
+
+ return val;
+}
+
+static void bonito_ldma_writel(void *opaque, hwaddr addr,
+ uint64_t val, unsigned size)
+{
+ PCIBonitoState *s = opaque;
+
+ ((uint32_t *)(&s->bonldma))[addr/sizeof(uint32_t)] = val & 0xffffffff;
+}
+
+static const MemoryRegionOps bonito_ldma_ops = {
+ .read = bonito_ldma_readl,
+ .write = bonito_ldma_writel,
+ .endianness = DEVICE_NATIVE_ENDIAN,
+ .valid = {
+ .min_access_size = 4,
+ .max_access_size = 4,
+ },
+};
+
+static uint64_t bonito_cop_readl(void *opaque, hwaddr addr,
+ unsigned size)
+{
+ uint32_t val;
+ PCIBonitoState *s = opaque;
+
+ val = ((uint32_t *)(&s->boncop))[addr/sizeof(uint32_t)];
+
+ return val;
+}
+
+static void bonito_cop_writel(void *opaque, hwaddr addr,
+ uint64_t val, unsigned size)
+{
+ PCIBonitoState *s = opaque;
+
+ ((uint32_t *)(&s->boncop))[addr/sizeof(uint32_t)] = val & 0xffffffff;
+}
+
+static const MemoryRegionOps bonito_cop_ops = {
+ .read = bonito_cop_readl,
+ .write = bonito_cop_writel,
+ .endianness = DEVICE_NATIVE_ENDIAN,
+ .valid = {
+ .min_access_size = 4,
+ .max_access_size = 4,
+ },
+};
+
+static uint32_t bonito_sbridge_pciaddr(void *opaque, hwaddr addr)
+{
+ PCIBonitoState *s = opaque;
+ PCIHostState *phb = PCI_HOST_BRIDGE(s->pcihost);
+ uint32_t cfgaddr;
+ uint32_t idsel;
+ uint32_t devno;
+ uint32_t funno;
+ uint32_t regno;
+ uint32_t pciaddr;
+
+ /* support type0 pci config */
+ if ((s->regs[BONITO_PCIMAP_CFG] & 0x10000) != 0x0) {
+ return 0xffffffff;
+ }
+
+ cfgaddr = addr & 0xffff;
+ cfgaddr |= (s->regs[BONITO_PCIMAP_CFG] & 0xffff) << 16;
+
+ idsel = (cfgaddr & BONITO_PCICONF_IDSEL_MASK) >> BONITO_PCICONF_IDSEL_OFFSET;
+ devno = ffs(idsel) - 1;
+ funno = (cfgaddr & BONITO_PCICONF_FUN_MASK) >> BONITO_PCICONF_FUN_OFFSET;
+ regno = (cfgaddr & BONITO_PCICONF_REG_MASK) >> BONITO_PCICONF_REG_OFFSET;
+
+ if (idsel == 0) {
+ fprintf(stderr, "error in bonito pci config address " TARGET_FMT_plx
+ ",pcimap_cfg=%x\n", addr, s->regs[BONITO_PCIMAP_CFG]);
+ exit(1);
+ }
+ pciaddr = PCI_ADDR(pci_bus_num(phb->bus), devno, funno, regno);
+ DPRINTF("cfgaddr %x pciaddr %x busno %x devno %d funno %d regno %d\n",
+ cfgaddr, pciaddr, pci_bus_num(phb->bus), devno, funno, regno);
+
+ return pciaddr;
+}
+
+static void bonito_spciconf_writeb(void *opaque, hwaddr addr,
+ uint32_t val)
+{
+ PCIBonitoState *s = opaque;
+ PCIDevice *d = PCI_DEVICE(s);
+ PCIHostState *phb = PCI_HOST_BRIDGE(s->pcihost);
+ uint32_t pciaddr;
+ uint16_t status;
+
+ DPRINTF("bonito_spciconf_writeb "TARGET_FMT_plx" val %x\n", addr, val);
+ pciaddr = bonito_sbridge_pciaddr(s, addr);
+
+ if (pciaddr == 0xffffffff) {
+ return;
+ }
+
+ /* set the pci address in s->config_reg */
+ phb->config_reg = (pciaddr) | (1u << 31);
+ pci_data_write(phb->bus, phb->config_reg, val & 0xff, 1);
+
+ /* clear PCI_STATUS_REC_MASTER_ABORT and PCI_STATUS_REC_TARGET_ABORT */
+ status = pci_get_word(d->config + PCI_STATUS);
+ status &= ~(PCI_STATUS_REC_MASTER_ABORT | PCI_STATUS_REC_TARGET_ABORT);
+ pci_set_word(d->config + PCI_STATUS, status);
+}
+
+static void bonito_spciconf_writew(void *opaque, hwaddr addr,
+ uint32_t val)
+{
+ PCIBonitoState *s = opaque;
+ PCIDevice *d = PCI_DEVICE(s);
+ PCIHostState *phb = PCI_HOST_BRIDGE(s->pcihost);
+ uint32_t pciaddr;
+ uint16_t status;
+
+ DPRINTF("bonito_spciconf_writew "TARGET_FMT_plx" val %x\n", addr, val);
+ assert((addr & 0x1) == 0);
+
+ pciaddr = bonito_sbridge_pciaddr(s, addr);
+
+ if (pciaddr == 0xffffffff) {
+ return;
+ }
+
+ /* set the pci address in s->config_reg */
+ phb->config_reg = (pciaddr) | (1u << 31);
+ pci_data_write(phb->bus, phb->config_reg, val, 2);
+
+ /* clear PCI_STATUS_REC_MASTER_ABORT and PCI_STATUS_REC_TARGET_ABORT */
+ status = pci_get_word(d->config + PCI_STATUS);
+ status &= ~(PCI_STATUS_REC_MASTER_ABORT | PCI_STATUS_REC_TARGET_ABORT);
+ pci_set_word(d->config + PCI_STATUS, status);
+}
+
+static void bonito_spciconf_writel(void *opaque, hwaddr addr,
+ uint32_t val)
+{
+ PCIBonitoState *s = opaque;
+ PCIDevice *d = PCI_DEVICE(s);
+ PCIHostState *phb = PCI_HOST_BRIDGE(s->pcihost);
+ uint32_t pciaddr;
+ uint16_t status;
+
+ DPRINTF("bonito_spciconf_writel "TARGET_FMT_plx" val %x\n", addr, val);
+ assert((addr & 0x3) == 0);
+
+ pciaddr = bonito_sbridge_pciaddr(s, addr);
+
+ if (pciaddr == 0xffffffff) {
+ return;
+ }
+
+ /* set the pci address in s->config_reg */
+ phb->config_reg = (pciaddr) | (1u << 31);
+ pci_data_write(phb->bus, phb->config_reg, val, 4);
+
+ /* clear PCI_STATUS_REC_MASTER_ABORT and PCI_STATUS_REC_TARGET_ABORT */
+ status = pci_get_word(d->config + PCI_STATUS);
+ status &= ~(PCI_STATUS_REC_MASTER_ABORT | PCI_STATUS_REC_TARGET_ABORT);
+ pci_set_word(d->config + PCI_STATUS, status);
+}
+
+static uint32_t bonito_spciconf_readb(void *opaque, hwaddr addr)
+{
+ PCIBonitoState *s = opaque;
+ PCIDevice *d = PCI_DEVICE(s);
+ PCIHostState *phb = PCI_HOST_BRIDGE(s->pcihost);
+ uint32_t pciaddr;
+ uint16_t status;
+
+ DPRINTF("bonito_spciconf_readb "TARGET_FMT_plx"\n", addr);
+ pciaddr = bonito_sbridge_pciaddr(s, addr);
+
+ if (pciaddr == 0xffffffff) {
+ return 0xff;
+ }
+
+ /* set the pci address in s->config_reg */
+ phb->config_reg = (pciaddr) | (1u << 31);
+
+ /* clear PCI_STATUS_REC_MASTER_ABORT and PCI_STATUS_REC_TARGET_ABORT */
+ status = pci_get_word(d->config + PCI_STATUS);
+ status &= ~(PCI_STATUS_REC_MASTER_ABORT | PCI_STATUS_REC_TARGET_ABORT);
+ pci_set_word(d->config + PCI_STATUS, status);
+
+ return pci_data_read(phb->bus, phb->config_reg, 1);
+}
+
+static uint32_t bonito_spciconf_readw(void *opaque, hwaddr addr)
+{
+ PCIBonitoState *s = opaque;
+ PCIDevice *d = PCI_DEVICE(s);
+ PCIHostState *phb = PCI_HOST_BRIDGE(s->pcihost);
+ uint32_t pciaddr;
+ uint16_t status;
+
+ DPRINTF("bonito_spciconf_readw "TARGET_FMT_plx"\n", addr);
+ assert((addr & 0x1) == 0);
+
+ pciaddr = bonito_sbridge_pciaddr(s, addr);
+
+ if (pciaddr == 0xffffffff) {
+ return 0xffff;
+ }
+
+ /* set the pci address in s->config_reg */
+ phb->config_reg = (pciaddr) | (1u << 31);
+
+ /* clear PCI_STATUS_REC_MASTER_ABORT and PCI_STATUS_REC_TARGET_ABORT */
+ status = pci_get_word(d->config + PCI_STATUS);
+ status &= ~(PCI_STATUS_REC_MASTER_ABORT | PCI_STATUS_REC_TARGET_ABORT);
+ pci_set_word(d->config + PCI_STATUS, status);
+
+ return pci_data_read(phb->bus, phb->config_reg, 2);
+}
+
+static uint32_t bonito_spciconf_readl(void *opaque, hwaddr addr)
+{
+ PCIBonitoState *s = opaque;
+ PCIDevice *d = PCI_DEVICE(s);
+ PCIHostState *phb = PCI_HOST_BRIDGE(s->pcihost);
+ uint32_t pciaddr;
+ uint16_t status;
+
+ DPRINTF("bonito_spciconf_readl "TARGET_FMT_plx"\n", addr);
+ assert((addr & 0x3) == 0);
+
+ pciaddr = bonito_sbridge_pciaddr(s, addr);
+
+ if (pciaddr == 0xffffffff) {
+ return 0xffffffff;
+ }
+
+ /* set the pci address in s->config_reg */
+ phb->config_reg = (pciaddr) | (1u << 31);
+
+ /* clear PCI_STATUS_REC_MASTER_ABORT and PCI_STATUS_REC_TARGET_ABORT */
+ status = pci_get_word(d->config + PCI_STATUS);
+ status &= ~(PCI_STATUS_REC_MASTER_ABORT | PCI_STATUS_REC_TARGET_ABORT);
+ pci_set_word(d->config + PCI_STATUS, status);
+
+ return pci_data_read(phb->bus, phb->config_reg, 4);
+}
+
+/* south bridge PCI configure space. 0x1fe8 0000 - 0x1fef ffff */
+static const MemoryRegionOps bonito_spciconf_ops = {
+ .old_mmio = {
+ .read = {
+ bonito_spciconf_readb,
+ bonito_spciconf_readw,
+ bonito_spciconf_readl,
+ },
+ .write = {
+ bonito_spciconf_writeb,
+ bonito_spciconf_writew,
+ bonito_spciconf_writel,
+ },
+ },
+ .endianness = DEVICE_NATIVE_ENDIAN,
+};
+
+#define BONITO_IRQ_BASE 32
+
+static void pci_bonito_set_irq(void *opaque, int irq_num, int level)
+{
+ BonitoState *s = opaque;
+ qemu_irq *pic = s->pic;
+ PCIBonitoState *bonito_state = s->pci_dev;
+ int internal_irq = irq_num - BONITO_IRQ_BASE;
+
+ if (bonito_state->regs[BONITO_INTEDGE] & (1 << internal_irq)) {
+ qemu_irq_pulse(*pic);
+ } else { /* level triggered */
+ if (bonito_state->regs[BONITO_INTPOL] & (1 << internal_irq)) {
+ qemu_irq_raise(*pic);
+ } else {
+ qemu_irq_lower(*pic);
+ }
+ }
+}
+
+/* map the original irq (0~3) to bonito irq (16~47, but 16~31 are unused) */
+static int pci_bonito_map_irq(PCIDevice * pci_dev, int irq_num)
+{
+ int slot;
+
+ slot = (pci_dev->devfn >> 3);
+
+ switch (slot) {
+ case 5: /* FULONG2E_VIA_SLOT, SouthBridge, IDE, USB, ACPI, AC97, MC97 */
+ return irq_num % 4 + BONITO_IRQ_BASE;
+ case 6: /* FULONG2E_ATI_SLOT, VGA */
+ return 4 + BONITO_IRQ_BASE;
+ case 7: /* FULONG2E_RTL_SLOT, RTL8139 */
+ return 5 + BONITO_IRQ_BASE;
+ case 8 ... 12: /* PCI slot 1 to 4 */
+ return (slot - 8 + irq_num) + 6 + BONITO_IRQ_BASE;
+ default: /* Unknown device, don't do any translation */
+ return irq_num;
+ }
+}
+
+static void bonito_reset(void *opaque)
+{
+ PCIBonitoState *s = opaque;
+
+ /* set the default value of north bridge registers */
+
+ s->regs[BONITO_BONPONCFG] = 0xc40;
+ s->regs[BONITO_BONGENCFG] = 0x1384;
+ s->regs[BONITO_IODEVCFG] = 0x2bff8010;
+ s->regs[BONITO_SDCFG] = 0x255e0091;
+
+ s->regs[BONITO_GPIODATA] = 0x1ff;
+ s->regs[BONITO_GPIOIE] = 0x1ff;
+ s->regs[BONITO_DQCFG] = 0x8;
+ s->regs[BONITO_MEMSIZE] = 0x10000000;
+ s->regs[BONITO_PCIMAP] = 0x6140;
+}
+
+static const VMStateDescription vmstate_bonito = {
+ .name = "Bonito",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .minimum_version_id_old = 1,
+ .fields = (VMStateField []) {
+ VMSTATE_PCI_DEVICE(dev, PCIBonitoState),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+static int bonito_pcihost_initfn(SysBusDevice *dev)
+{
+ PCIHostState *phb = PCI_HOST_BRIDGE(dev);
+
+ phb->bus = pci_register_bus(DEVICE(dev), "pci",
+ pci_bonito_set_irq, pci_bonito_map_irq, dev,
+ get_system_memory(), get_system_io(),
+ 0x28, 32, TYPE_PCI_BUS);
+
+ return 0;
+}
+
+static int bonito_initfn(PCIDevice *dev)
+{
+ PCIBonitoState *s = DO_UPCAST(PCIBonitoState, dev, dev);
+ SysBusDevice *sysbus = SYS_BUS_DEVICE(s->pcihost);
+ PCIHostState *phb = PCI_HOST_BRIDGE(s->pcihost);
+
+ /* Bonito North Bridge, built on FPGA, VENDOR_ID/DEVICE_ID are "undefined" */
+ pci_config_set_prog_interface(dev->config, 0x00);
+
+ /* set the north bridge register mapping */
+ memory_region_init_io(&s->iomem, OBJECT(s), &bonito_ops, s,
+ "north-bridge-register", BONITO_INTERNAL_REG_SIZE);
+ sysbus_init_mmio(sysbus, &s->iomem);
+ sysbus_mmio_map(sysbus, 0, BONITO_INTERNAL_REG_BASE);
+
+ /* set the north bridge pci configure mapping */
+ memory_region_init_io(&phb->conf_mem, OBJECT(s), &bonito_pciconf_ops, s,
+ "north-bridge-pci-config", BONITO_PCICONFIG_SIZE);
+ sysbus_init_mmio(sysbus, &phb->conf_mem);
+ sysbus_mmio_map(sysbus, 1, BONITO_PCICONFIG_BASE);
+
+ /* set the south bridge pci configure mapping */
+ memory_region_init_io(&phb->data_mem, OBJECT(s), &bonito_spciconf_ops, s,
+ "south-bridge-pci-config", BONITO_SPCICONFIG_SIZE);
+ sysbus_init_mmio(sysbus, &phb->data_mem);
+ sysbus_mmio_map(sysbus, 2, BONITO_SPCICONFIG_BASE);
+
+ memory_region_init_io(&s->iomem_ldma, OBJECT(s), &bonito_ldma_ops, s,
+ "ldma", 0x100);
+ sysbus_init_mmio(sysbus, &s->iomem_ldma);
+ sysbus_mmio_map(sysbus, 3, 0xbfe00200);
+
+ memory_region_init_io(&s->iomem_cop, OBJECT(s), &bonito_cop_ops, s,
+ "cop", 0x100);
+ sysbus_init_mmio(sysbus, &s->iomem_cop);
+ sysbus_mmio_map(sysbus, 4, 0xbfe00300);
+
+ /* Map PCI IO Space 0x1fd0 0000 - 0x1fd1 0000 */
+ memory_region_init_alias(&s->bonito_pciio, OBJECT(s), "isa_mmio",
+ get_system_io(), 0, BONITO_PCIIO_SIZE);
+ sysbus_init_mmio(sysbus, &s->bonito_pciio);
+ sysbus_mmio_map(sysbus, 5, BONITO_PCIIO_BASE);
+
+ /* add pci local io mapping */
+ memory_region_init_alias(&s->bonito_localio, OBJECT(s), "isa_mmio",
+ get_system_io(), 0, BONITO_DEV_SIZE);
+ sysbus_init_mmio(sysbus, &s->bonito_localio);
+ sysbus_mmio_map(sysbus, 6, BONITO_DEV_BASE);
+
+ /* set the default value of north bridge pci config */
+ pci_set_word(dev->config + PCI_COMMAND, 0x0000);
+ pci_set_word(dev->config + PCI_STATUS, 0x0000);
+ pci_set_word(dev->config + PCI_SUBSYSTEM_VENDOR_ID, 0x0000);
+ pci_set_word(dev->config + PCI_SUBSYSTEM_ID, 0x0000);
+
+ pci_set_byte(dev->config + PCI_INTERRUPT_LINE, 0x00);
+ pci_set_byte(dev->config + PCI_INTERRUPT_PIN, 0x01);
+ pci_set_byte(dev->config + PCI_MIN_GNT, 0x3c);
+ pci_set_byte(dev->config + PCI_MAX_LAT, 0x00);
+
+ qemu_register_reset(bonito_reset, s);
+
+ return 0;
+}
+
+PCIBus *bonito_init(qemu_irq *pic)
+{
+ DeviceState *dev;
+ BonitoState *pcihost;
+ PCIHostState *phb;
+ PCIBonitoState *s;
+ PCIDevice *d;
+
+ dev = qdev_create(NULL, TYPE_BONITO_PCI_HOST_BRIDGE);
+ phb = PCI_HOST_BRIDGE(dev);
+ pcihost = BONITO_PCI_HOST_BRIDGE(dev);
+ pcihost->pic = pic;
+ qdev_init_nofail(dev);
+
+ /* set the pcihost pointer before bonito_initfn is called */
+ d = pci_create(phb->bus, PCI_DEVFN(0, 0), "Bonito");
+ s = DO_UPCAST(PCIBonitoState, dev, d);
+ s->pcihost = pcihost;
+ pcihost->pci_dev = s;
+ qdev_init_nofail(DEVICE(d));
+
+ return phb->bus;
+}
+
+static void bonito_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ PCIDeviceClass *k = PCI_DEVICE_CLASS(klass);
+
+ k->init = bonito_initfn;
+ k->vendor_id = 0xdf53;
+ k->device_id = 0x00d5;
+ k->revision = 0x01;
+ k->class_id = PCI_CLASS_BRIDGE_HOST;
+ dc->desc = "Host bridge";
+ dc->no_user = 1;
+ dc->vmsd = &vmstate_bonito;
+}
+
+static const TypeInfo bonito_info = {
+ .name = "Bonito",
+ .parent = TYPE_PCI_DEVICE,
+ .instance_size = sizeof(PCIBonitoState),
+ .class_init = bonito_class_init,
+};
+
+static void bonito_pcihost_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
+
+ k->init = bonito_pcihost_initfn;
+ dc->no_user = 1;
+}
+
+static const TypeInfo bonito_pcihost_info = {
+ .name = TYPE_BONITO_PCI_HOST_BRIDGE,
+ .parent = TYPE_PCI_HOST_BRIDGE,
+ .instance_size = sizeof(BonitoState),
+ .class_init = bonito_pcihost_class_init,
+};
+
+static void bonito_register_types(void)
+{
+ type_register_static(&bonito_pcihost_info);
+ type_register_static(&bonito_info);
+}
+
+type_init(bonito_register_types)
diff --git a/hw/pci-host/grackle.c b/hw/pci-host/grackle.c
new file mode 100644
index 000000000..4991ec44b
--- /dev/null
+++ b/hw/pci-host/grackle.c
@@ -0,0 +1,165 @@
+/*
+ * QEMU Grackle PCI host (heathrow OldWorld PowerMac)
+ *
+ * Copyright (c) 2006-2007 Fabrice Bellard
+ * Copyright (c) 2007 Jocelyn Mayer
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+#include "hw/pci/pci_host.h"
+#include "hw/ppc/mac.h"
+#include "hw/pci/pci.h"
+
+/* debug Grackle */
+//#define DEBUG_GRACKLE
+
+#ifdef DEBUG_GRACKLE
+#define GRACKLE_DPRINTF(fmt, ...) \
+ do { printf("GRACKLE: " fmt , ## __VA_ARGS__); } while (0)
+#else
+#define GRACKLE_DPRINTF(fmt, ...)
+#endif
+
+#define GRACKLE_PCI_HOST_BRIDGE(obj) \
+ OBJECT_CHECK(GrackleState, (obj), TYPE_GRACKLE_PCI_HOST_BRIDGE)
+
+typedef struct GrackleState {
+ PCIHostState parent_obj;
+
+ MemoryRegion pci_mmio;
+ MemoryRegion pci_hole;
+} GrackleState;
+
+/* Don't know if this matches real hardware, but it agrees with OHW. */
+static int pci_grackle_map_irq(PCIDevice *pci_dev, int irq_num)
+{
+ return (irq_num + (pci_dev->devfn >> 3)) & 3;
+}
+
+static void pci_grackle_set_irq(void *opaque, int irq_num, int level)
+{
+ qemu_irq *pic = opaque;
+
+ GRACKLE_DPRINTF("set_irq num %d level %d\n", irq_num, level);
+ qemu_set_irq(pic[irq_num + 0x15], level);
+}
+
+PCIBus *pci_grackle_init(uint32_t base, qemu_irq *pic,
+ MemoryRegion *address_space_mem,
+ MemoryRegion *address_space_io)
+{
+ DeviceState *dev;
+ SysBusDevice *s;
+ PCIHostState *phb;
+ GrackleState *d;
+
+ dev = qdev_create(NULL, TYPE_GRACKLE_PCI_HOST_BRIDGE);
+ qdev_init_nofail(dev);
+ s = SYS_BUS_DEVICE(dev);
+ phb = PCI_HOST_BRIDGE(dev);
+ d = GRACKLE_PCI_HOST_BRIDGE(dev);
+
+ memory_region_init(&d->pci_mmio, OBJECT(s), "pci-mmio", 0x100000000ULL);
+ memory_region_init_alias(&d->pci_hole, OBJECT(s), "pci-hole", &d->pci_mmio,
+ 0x80000000ULL, 0x7e000000ULL);
+ memory_region_add_subregion(address_space_mem, 0x80000000ULL,
+ &d->pci_hole);
+
+ phb->bus = pci_register_bus(dev, "pci",
+ pci_grackle_set_irq,
+ pci_grackle_map_irq,
+ pic,
+ &d->pci_mmio,
+ address_space_io,
+ 0, 4, TYPE_PCI_BUS);
+
+ pci_create_simple(phb->bus, 0, "grackle");
+
+ sysbus_mmio_map(s, 0, base);
+ sysbus_mmio_map(s, 1, base + 0x00200000);
+
+ return phb->bus;
+}
+
+static int pci_grackle_init_device(SysBusDevice *dev)
+{
+ PCIHostState *phb;
+
+ phb = PCI_HOST_BRIDGE(dev);
+
+ memory_region_init_io(&phb->conf_mem, OBJECT(dev), &pci_host_conf_le_ops,
+ dev, "pci-conf-idx", 0x1000);
+ memory_region_init_io(&phb->data_mem, OBJECT(dev), &pci_host_data_le_ops,
+ dev, "pci-data-idx", 0x1000);
+ sysbus_init_mmio(dev, &phb->conf_mem);
+ sysbus_init_mmio(dev, &phb->data_mem);
+
+ return 0;
+}
+
+static int grackle_pci_host_init(PCIDevice *d)
+{
+ d->config[0x09] = 0x01;
+ return 0;
+}
+
+static void grackle_pci_class_init(ObjectClass *klass, void *data)
+{
+ PCIDeviceClass *k = PCI_DEVICE_CLASS(klass);
+ DeviceClass *dc = DEVICE_CLASS(klass);
+
+ k->init = grackle_pci_host_init;
+ k->vendor_id = PCI_VENDOR_ID_MOTOROLA;
+ k->device_id = PCI_DEVICE_ID_MOTOROLA_MPC106;
+ k->revision = 0x00;
+ k->class_id = PCI_CLASS_BRIDGE_HOST;
+ dc->no_user = 1;
+}
+
+static const TypeInfo grackle_pci_info = {
+ .name = "grackle",
+ .parent = TYPE_PCI_DEVICE,
+ .instance_size = sizeof(PCIDevice),
+ .class_init = grackle_pci_class_init,
+};
+
+static void pci_grackle_class_init(ObjectClass *klass, void *data)
+{
+ SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
+ DeviceClass *dc = DEVICE_CLASS(klass);
+
+ k->init = pci_grackle_init_device;
+ dc->no_user = 1;
+}
+
+static const TypeInfo grackle_pci_host_info = {
+ .name = TYPE_GRACKLE_PCI_HOST_BRIDGE,
+ .parent = TYPE_PCI_HOST_BRIDGE,
+ .instance_size = sizeof(GrackleState),
+ .class_init = pci_grackle_class_init,
+};
+
+static void grackle_register_types(void)
+{
+ type_register_static(&grackle_pci_info);
+ type_register_static(&grackle_pci_host_info);
+}
+
+type_init(grackle_register_types)
diff --git a/hw/pci-host/pam.c b/hw/pci-host/pam.c
new file mode 100644
index 000000000..ec6be4676
--- /dev/null
+++ b/hw/pci-host/pam.c
@@ -0,0 +1,89 @@
+/*
+ * QEMU i440FX/PIIX3 PCI Bridge Emulation
+ *
+ * Copyright (c) 2006 Fabrice Bellard
+ * Copyright (c) 2011 Isaku Yamahata <yamahata at valinux co jp>
+ * VA Linux Systems Japan K.K.
+ * Copyright (c) 2012 Jason Baron <jbaron@redhat.com>
+ *
+ * Split out from piix_pci.c
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+#include "qom/object.h"
+#include "sysemu/sysemu.h"
+#include "hw/pci-host/pam.h"
+
+void smram_update(MemoryRegion *smram_region, uint8_t smram,
+ uint8_t smm_enabled)
+{
+ bool smram_enabled;
+
+ smram_enabled = ((smm_enabled && (smram & SMRAM_G_SMRAME)) ||
+ (smram & SMRAM_D_OPEN));
+ memory_region_set_enabled(smram_region, !smram_enabled);
+}
+
+void smram_set_smm(uint8_t *host_smm_enabled, int smm, uint8_t smram,
+ MemoryRegion *smram_region)
+{
+ uint8_t smm_enabled = (smm != 0);
+ if (*host_smm_enabled != smm_enabled) {
+ *host_smm_enabled = smm_enabled;
+ smram_update(smram_region, smram, *host_smm_enabled);
+ }
+}
+
+void init_pam(DeviceState *dev, MemoryRegion *ram_memory,
+ MemoryRegion *system_memory, MemoryRegion *pci_address_space,
+ PAMMemoryRegion *mem, uint32_t start, uint32_t size)
+{
+ int i;
+
+ /* RAM */
+ memory_region_init_alias(&mem->alias[3], OBJECT(dev), "pam-ram", ram_memory,
+ start, size);
+ /* ROM (XXX: not quite correct) */
+ memory_region_init_alias(&mem->alias[1], OBJECT(dev), "pam-rom", ram_memory,
+ start, size);
+ memory_region_set_readonly(&mem->alias[1], true);
+
+ /* XXX: should distinguish read/write cases */
+ memory_region_init_alias(&mem->alias[0], OBJECT(dev), "pam-pci", pci_address_space,
+ start, size);
+ memory_region_init_alias(&mem->alias[2], OBJECT(dev), "pam-pci", pci_address_space,
+ start, size);
+
+ for (i = 0; i < 4; ++i) {
+ memory_region_set_enabled(&mem->alias[i], false);
+ memory_region_add_subregion_overlap(system_memory, start,
+ &mem->alias[i], 1);
+ }
+ mem->current = 0;
+}
+
+void pam_update(PAMMemoryRegion *pam, int idx, uint8_t val)
+{
+ assert(0 <= idx && idx <= 12);
+
+ memory_region_set_enabled(&pam->alias[pam->current], false);
+ pam->current = (val >> ((!(idx & 1)) * 4)) & PAM_ATTR_MASK;
+ memory_region_set_enabled(&pam->alias[pam->current], true);
+}
diff --git a/hw/pci-host/piix.c b/hw/pci-host/piix.c
new file mode 100644
index 000000000..dc1718fe3
--- /dev/null
+++ b/hw/pci-host/piix.c
@@ -0,0 +1,744 @@
+/*
+ * QEMU i440FX/PIIX3 PCI Bridge Emulation
+ *
+ * Copyright (c) 2006 Fabrice Bellard
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+#include "hw/hw.h"
+#include "hw/i386/pc.h"
+#include "hw/pci/pci.h"
+#include "hw/pci/pci_host.h"
+#include "hw/isa/isa.h"
+#include "hw/sysbus.h"
+#include "qemu/range.h"
+#include "hw/xen/xen.h"
+#include "hw/pci-host/pam.h"
+#include "sysemu/sysemu.h"
+#include "hw/i386/ioapic.h"
+#include "qapi/visitor.h"
+
+/*
+ * I440FX chipset data sheet.
+ * http://download.intel.com/design/chipsets/datashts/29054901.pdf
+ */
+
+#define TYPE_I440FX_PCI_HOST_BRIDGE "i440FX-pcihost"
+#define I440FX_PCI_HOST_BRIDGE(obj) \
+ OBJECT_CHECK(I440FXState, (obj), TYPE_I440FX_PCI_HOST_BRIDGE)
+
+typedef struct I440FXState {
+ PCIHostState parent_obj;
+ PcPciInfo pci_info;
+ uint64_t pci_hole64_size;
+} I440FXState;
+
+#define PIIX_NUM_PIC_IRQS 16 /* i8259 * 2 */
+#define PIIX_NUM_PIRQS 4ULL /* PIRQ[A-D] */
+#define XEN_PIIX_NUM_PIRQS 128ULL
+#define PIIX_PIRQC 0x60
+
+/*
+ * Reset Control Register: PCI-accessible ISA-Compatible Register at address
+ * 0xcf9, provided by the PCI/ISA bridge (PIIX3 PCI function 0, 8086:7000).
+ */
+#define RCR_IOPORT 0xcf9
+
+typedef struct PIIX3State {
+ PCIDevice dev;
+
+ /*
+ * bitmap to track pic levels.
+ * The pic level is the logical OR of all the PCI irqs mapped to it
+ * So one PIC level is tracked by PIIX_NUM_PIRQS bits.
+ *
+ * PIRQ is mapped to PIC pins, we track it by
+ * PIIX_NUM_PIRQS * PIIX_NUM_PIC_IRQS = 64 bits with
+ * pic_irq * PIIX_NUM_PIRQS + pirq
+ */
+#if PIIX_NUM_PIC_IRQS * PIIX_NUM_PIRQS > 64
+#error "unable to encode pic state in 64bit in pic_levels."
+#endif
+ uint64_t pic_levels;
+
+ qemu_irq *pic;
+
+ /* This member isn't used. Just for save/load compatibility */
+ int32_t pci_irq_levels_vmstate[PIIX_NUM_PIRQS];
+
+ /* Reset Control Register contents */
+ uint8_t rcr;
+
+ /* IO memory region for Reset Control Register (RCR_IOPORT) */
+ MemoryRegion rcr_mem;
+} PIIX3State;
+
+#define TYPE_I440FX_PCI_DEVICE "i440FX"
+#define I440FX_PCI_DEVICE(obj) \
+ OBJECT_CHECK(PCII440FXState, (obj), TYPE_I440FX_PCI_DEVICE)
+
+struct PCII440FXState {
+ /*< private >*/
+ PCIDevice parent_obj;
+ /*< public >*/
+
+ MemoryRegion *system_memory;
+ MemoryRegion *pci_address_space;
+ MemoryRegion *ram_memory;
+ MemoryRegion pci_hole;
+ MemoryRegion pci_hole_64bit;
+ PAMMemoryRegion pam_regions[13];
+ MemoryRegion smram_region;
+ uint8_t smm_enabled;
+};
+
+
+#define I440FX_PAM 0x59
+#define I440FX_PAM_SIZE 7
+#define I440FX_SMRAM 0x72
+
+static void piix3_set_irq(void *opaque, int pirq, int level);
+static PCIINTxRoute piix3_route_intx_pin_to_irq(void *opaque, int pci_intx);
+static void piix3_write_config_xen(PCIDevice *dev,
+ uint32_t address, uint32_t val, int len);
+
+/* return the global irq number corresponding to a given device irq
+ pin. We could also use the bus number to have a more precise
+ mapping. */
+static int pci_slot_get_pirq(PCIDevice *pci_dev, int pci_intx)
+{
+ int slot_addend;
+ slot_addend = (pci_dev->devfn >> 3) - 1;
+ return (pci_intx + slot_addend) & 3;
+}
+
+static void i440fx_update_memory_mappings(PCII440FXState *d)
+{
+ int i;
+ PCIDevice *pd = PCI_DEVICE(d);
+
+ memory_region_transaction_begin();
+ for (i = 0; i < 13; i++) {
+ pam_update(&d->pam_regions[i], i,
+ pd->config[I440FX_PAM + ((i + 1) / 2)]);
+ }
+ smram_update(&d->smram_region, pd->config[I440FX_SMRAM], d->smm_enabled);
+ memory_region_transaction_commit();
+}
+
+static void i440fx_set_smm(int val, void *arg)
+{
+ PCII440FXState *d = arg;
+ PCIDevice *pd = PCI_DEVICE(d);
+
+ memory_region_transaction_begin();
+ smram_set_smm(&d->smm_enabled, val, pd->config[I440FX_SMRAM],
+ &d->smram_region);
+ memory_region_transaction_commit();
+}
+
+
+static void i440fx_write_config(PCIDevice *dev,
+ uint32_t address, uint32_t val, int len)
+{
+ PCII440FXState *d = I440FX_PCI_DEVICE(dev);
+
+ /* XXX: implement SMRAM.D_LOCK */
+ pci_default_write_config(dev, address, val, len);
+ if (ranges_overlap(address, len, I440FX_PAM, I440FX_PAM_SIZE) ||
+ range_covers_byte(address, len, I440FX_SMRAM)) {
+ i440fx_update_memory_mappings(d);
+ }
+}
+
+static int i440fx_load_old(QEMUFile* f, void *opaque, int version_id)
+{
+ PCII440FXState *d = opaque;
+ PCIDevice *pd = PCI_DEVICE(d);
+ int ret, i;
+
+ ret = pci_device_load(pd, f);
+ if (ret < 0)
+ return ret;
+ i440fx_update_memory_mappings(d);
+ qemu_get_8s(f, &d->smm_enabled);
+
+ if (version_id == 2) {
+ for (i = 0; i < PIIX_NUM_PIRQS; i++) {
+ qemu_get_be32(f); /* dummy load for compatibility */
+ }
+ }
+
+ return 0;
+}
+
+static int i440fx_post_load(void *opaque, int version_id)
+{
+ PCII440FXState *d = opaque;
+
+ i440fx_update_memory_mappings(d);
+ return 0;
+}
+
+static const VMStateDescription vmstate_i440fx = {
+ .name = "I440FX",
+ .version_id = 3,
+ .minimum_version_id = 3,
+ .minimum_version_id_old = 1,
+ .load_state_old = i440fx_load_old,
+ .post_load = i440fx_post_load,
+ .fields = (VMStateField []) {
+ VMSTATE_PCI_DEVICE(parent_obj, PCII440FXState),
+ VMSTATE_UINT8(smm_enabled, PCII440FXState),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+static void i440fx_pcihost_get_pci_hole_start(Object *obj, Visitor *v,
+ void *opaque, const char *name,
+ Error **errp)
+{
+ I440FXState *s = I440FX_PCI_HOST_BRIDGE(obj);
+ uint32_t value = s->pci_info.w32.begin;
+
+ visit_type_uint32(v, &value, name, errp);
+}
+
+static void i440fx_pcihost_get_pci_hole_end(Object *obj, Visitor *v,
+ void *opaque, const char *name,
+ Error **errp)
+{
+ I440FXState *s = I440FX_PCI_HOST_BRIDGE(obj);
+ uint32_t value = s->pci_info.w32.end;
+
+ visit_type_uint32(v, &value, name, errp);
+}
+
+static void i440fx_pcihost_get_pci_hole64_start(Object *obj, Visitor *v,
+ void *opaque, const char *name,
+ Error **errp)
+{
+ I440FXState *s = I440FX_PCI_HOST_BRIDGE(obj);
+
+ visit_type_uint64(v, &s->pci_info.w64.begin, name, errp);
+}
+
+static void i440fx_pcihost_get_pci_hole64_end(Object *obj, Visitor *v,
+ void *opaque, const char *name,
+ Error **errp)
+{
+ I440FXState *s = I440FX_PCI_HOST_BRIDGE(obj);
+
+ visit_type_uint64(v, &s->pci_info.w64.end, name, errp);
+}
+
+static void i440fx_pcihost_initfn(Object *obj)
+{
+ PCIHostState *s = PCI_HOST_BRIDGE(obj);
+ I440FXState *d = I440FX_PCI_HOST_BRIDGE(obj);
+
+ memory_region_init_io(&s->conf_mem, obj, &pci_host_conf_le_ops, s,
+ "pci-conf-idx", 4);
+ memory_region_init_io(&s->data_mem, obj, &pci_host_data_le_ops, s,
+ "pci-conf-data", 4);
+
+ object_property_add(obj, PCI_HOST_PROP_PCI_HOLE_START, "int",
+ i440fx_pcihost_get_pci_hole_start,
+ NULL, NULL, NULL, NULL);
+
+ object_property_add(obj, PCI_HOST_PROP_PCI_HOLE_END, "int",
+ i440fx_pcihost_get_pci_hole_end,
+ NULL, NULL, NULL, NULL);
+
+ object_property_add(obj, PCI_HOST_PROP_PCI_HOLE64_START, "int",
+ i440fx_pcihost_get_pci_hole64_start,
+ NULL, NULL, NULL, NULL);
+
+ object_property_add(obj, PCI_HOST_PROP_PCI_HOLE64_END, "int",
+ i440fx_pcihost_get_pci_hole64_end,
+ NULL, NULL, NULL, NULL);
+
+ d->pci_info.w32.end = IO_APIC_DEFAULT_ADDRESS;
+}
+
+static void i440fx_pcihost_realize(DeviceState *dev, Error **errp)
+{
+ PCIHostState *s = PCI_HOST_BRIDGE(dev);
+ SysBusDevice *sbd = SYS_BUS_DEVICE(dev);
+
+ sysbus_add_io(sbd, 0xcf8, &s->conf_mem);
+ sysbus_init_ioports(sbd, 0xcf8, 4);
+
+ sysbus_add_io(sbd, 0xcfc, &s->data_mem);
+ sysbus_init_ioports(sbd, 0xcfc, 4);
+}
+
+static int i440fx_initfn(PCIDevice *dev)
+{
+ PCII440FXState *d = I440FX_PCI_DEVICE(dev);
+
+ dev->config[I440FX_SMRAM] = 0x02;
+
+ cpu_smm_register(&i440fx_set_smm, d);
+ return 0;
+}
+
+PCIBus *i440fx_init(PCII440FXState **pi440fx_state,
+ int *piix3_devfn,
+ ISABus **isa_bus, qemu_irq *pic,
+ MemoryRegion *address_space_mem,
+ MemoryRegion *address_space_io,
+ ram_addr_t ram_size,
+ hwaddr pci_hole_start,
+ hwaddr pci_hole_size,
+ ram_addr_t above_4g_mem_size,
+ MemoryRegion *pci_address_space,
+ MemoryRegion *ram_memory)
+{
+ DeviceState *dev;
+ PCIBus *b;
+ PCIDevice *d;
+ PCIHostState *s;
+ PIIX3State *piix3;
+ PCII440FXState *f;
+ unsigned i;
+ I440FXState *i440fx;
+
+ dev = qdev_create(NULL, TYPE_I440FX_PCI_HOST_BRIDGE);
+ s = PCI_HOST_BRIDGE(dev);
+ b = pci_bus_new(dev, NULL, pci_address_space,
+ address_space_io, 0, TYPE_PCI_BUS);
+ s->bus = b;
+ object_property_add_child(qdev_get_machine(), "i440fx", OBJECT(dev), NULL);
+ qdev_init_nofail(dev);
+
+ d = pci_create_simple(b, 0, TYPE_I440FX_PCI_DEVICE);
+ *pi440fx_state = I440FX_PCI_DEVICE(d);
+ f = *pi440fx_state;
+ f->system_memory = address_space_mem;
+ f->pci_address_space = pci_address_space;
+ f->ram_memory = ram_memory;
+
+ i440fx = I440FX_PCI_HOST_BRIDGE(dev);
+ /* Set PCI window size the way seabios has always done it. */
+ /* Power of 2 so bios can cover it with a single MTRR */
+ if (ram_size <= 0x80000000) {
+ i440fx->pci_info.w32.begin = 0x80000000;
+ } else if (ram_size <= 0xc0000000) {
+ i440fx->pci_info.w32.begin = 0xc0000000;
+ } else {
+ i440fx->pci_info.w32.begin = 0xe0000000;
+ }
+
+ memory_region_init_alias(&f->pci_hole, OBJECT(d), "pci-hole", f->pci_address_space,
+ pci_hole_start, pci_hole_size);
+ memory_region_add_subregion(f->system_memory, pci_hole_start, &f->pci_hole);
+
+ pc_init_pci64_hole(&i440fx->pci_info, 0x100000000ULL + above_4g_mem_size,
+ i440fx->pci_hole64_size);
+ memory_region_init_alias(&f->pci_hole_64bit, OBJECT(d), "pci-hole64",
+ f->pci_address_space,
+ i440fx->pci_info.w64.begin,
+ i440fx->pci_hole64_size);
+ if (i440fx->pci_hole64_size) {
+ memory_region_add_subregion(f->system_memory,
+ i440fx->pci_info.w64.begin,
+ &f->pci_hole_64bit);
+ }
+ memory_region_init_alias(&f->smram_region, OBJECT(d), "smram-region",
+ f->pci_address_space, 0xa0000, 0x20000);
+ memory_region_add_subregion_overlap(f->system_memory, 0xa0000,
+ &f->smram_region, 1);
+ memory_region_set_enabled(&f->smram_region, false);
+ init_pam(dev, f->ram_memory, f->system_memory, f->pci_address_space,
+ &f->pam_regions[0], PAM_BIOS_BASE, PAM_BIOS_SIZE);
+ for (i = 0; i < 12; ++i) {
+ init_pam(dev, f->ram_memory, f->system_memory, f->pci_address_space,
+ &f->pam_regions[i+1], PAM_EXPAN_BASE + i * PAM_EXPAN_SIZE,
+ PAM_EXPAN_SIZE);
+ }
+
+ /* Xen supports additional interrupt routes from the PCI devices to
+ * the IOAPIC: the four pins of each PCI device on the bus are also
+ * connected to the IOAPIC directly.
+ * These additional routes can be discovered through ACPI. */
+ if (xen_enabled()) {
+ piix3 = DO_UPCAST(PIIX3State, dev,
+ pci_create_simple_multifunction(b, -1, true, "PIIX3-xen"));
+ pci_bus_irqs(b, xen_piix3_set_irq, xen_pci_slot_get_pirq,
+ piix3, XEN_PIIX_NUM_PIRQS);
+ } else {
+ piix3 = DO_UPCAST(PIIX3State, dev,
+ pci_create_simple_multifunction(b, -1, true, "PIIX3"));
+ pci_bus_irqs(b, piix3_set_irq, pci_slot_get_pirq, piix3,
+ PIIX_NUM_PIRQS);
+ pci_bus_set_route_irq_fn(b, piix3_route_intx_pin_to_irq);
+ }
+ piix3->pic = pic;
+ *isa_bus = ISA_BUS(qdev_get_child_bus(DEVICE(piix3), "isa.0"));
+
+ *piix3_devfn = piix3->dev.devfn;
+
+ ram_size = ram_size / 8 / 1024 / 1024;
+ if (ram_size > 255) {
+ ram_size = 255;
+ }
+ d->config[0x57] = ram_size;
+
+ i440fx_update_memory_mappings(f);
+
+ return b;
+}
+
+/* PIIX3 PCI to ISA bridge */
+static void piix3_set_irq_pic(PIIX3State *piix3, int pic_irq)
+{
+ qemu_set_irq(piix3->pic[pic_irq],
+ !!(piix3->pic_levels &
+ (((1ULL << PIIX_NUM_PIRQS) - 1) <<
+ (pic_irq * PIIX_NUM_PIRQS))));
+}
+
+static void piix3_set_irq_level(PIIX3State *piix3, int pirq, int level)
+{
+ int pic_irq;
+ uint64_t mask;
+
+ pic_irq = piix3->dev.config[PIIX_PIRQC + pirq];
+ if (pic_irq >= PIIX_NUM_PIC_IRQS) {
+ return;
+ }
+
+ mask = 1ULL << ((pic_irq * PIIX_NUM_PIRQS) + pirq);
+ piix3->pic_levels &= ~mask;
+ piix3->pic_levels |= mask * !!level;
+
+ piix3_set_irq_pic(piix3, pic_irq);
+}
+
+static void piix3_set_irq(void *opaque, int pirq, int level)
+{
+ PIIX3State *piix3 = opaque;
+ piix3_set_irq_level(piix3, pirq, level);
+}
+
+static PCIINTxRoute piix3_route_intx_pin_to_irq(void *opaque, int pin)
+{
+ PIIX3State *piix3 = opaque;
+ int irq = piix3->dev.config[PIIX_PIRQC + pin];
+ PCIINTxRoute route;
+
+ if (irq < PIIX_NUM_PIC_IRQS) {
+ route.mode = PCI_INTX_ENABLED;
+ route.irq = irq;
+ } else {
+ route.mode = PCI_INTX_DISABLED;
+ route.irq = -1;
+ }
+ return route;
+}
+
+/* irq routing is changed. so rebuild bitmap */
+static void piix3_update_irq_levels(PIIX3State *piix3)
+{
+ int pirq;
+
+ piix3->pic_levels = 0;
+ for (pirq = 0; pirq < PIIX_NUM_PIRQS; pirq++) {
+ piix3_set_irq_level(piix3, pirq,
+ pci_bus_get_irq_level(piix3->dev.bus, pirq));
+ }
+}
+
+static void piix3_write_config(PCIDevice *dev,
+ uint32_t address, uint32_t val, int len)
+{
+ pci_default_write_config(dev, address, val, len);
+ if (ranges_overlap(address, len, PIIX_PIRQC, 4)) {
+ PIIX3State *piix3 = DO_UPCAST(PIIX3State, dev, dev);
+ int pic_irq;
+
+ pci_bus_fire_intx_routing_notifier(piix3->dev.bus);
+ piix3_update_irq_levels(piix3);
+ for (pic_irq = 0; pic_irq < PIIX_NUM_PIC_IRQS; pic_irq++) {
+ piix3_set_irq_pic(piix3, pic_irq);
+ }
+ }
+}
+
+static void piix3_write_config_xen(PCIDevice *dev,
+ uint32_t address, uint32_t val, int len)
+{
+ xen_piix_pci_write_config_client(address, val, len);
+ piix3_write_config(dev, address, val, len);
+}
+
+static void piix3_reset(void *opaque)
+{
+ PIIX3State *d = opaque;
+ uint8_t *pci_conf = d->dev.config;
+
+ pci_conf[0x04] = 0x07; /* master, memory and I/O */
+ pci_conf[0x05] = 0x00;
+ pci_conf[0x06] = 0x00;
+ pci_conf[0x07] = 0x02; /* PCI_status_devsel_medium */
+ pci_conf[0x4c] = 0x4d;
+ pci_conf[0x4e] = 0x03;
+ pci_conf[0x4f] = 0x00;
+ pci_conf[0x60] = 0x80;
+ pci_conf[0x61] = 0x80;
+ pci_conf[0x62] = 0x80;
+ pci_conf[0x63] = 0x80;
+ pci_conf[0x69] = 0x02;
+ pci_conf[0x70] = 0x80;
+ pci_conf[0x76] = 0x0c;
+ pci_conf[0x77] = 0x0c;
+ pci_conf[0x78] = 0x02;
+ pci_conf[0x79] = 0x00;
+ pci_conf[0x80] = 0x00;
+ pci_conf[0x82] = 0x00;
+ pci_conf[0xa0] = 0x08;
+ pci_conf[0xa2] = 0x00;
+ pci_conf[0xa3] = 0x00;
+ pci_conf[0xa4] = 0x00;
+ pci_conf[0xa5] = 0x00;
+ pci_conf[0xa6] = 0x00;
+ pci_conf[0xa7] = 0x00;
+ pci_conf[0xa8] = 0x0f;
+ pci_conf[0xaa] = 0x00;
+ pci_conf[0xab] = 0x00;
+ pci_conf[0xac] = 0x00;
+ pci_conf[0xae] = 0x00;
+
+ d->pic_levels = 0;
+ d->rcr = 0;
+}
+
+static int piix3_post_load(void *opaque, int version_id)
+{
+ PIIX3State *piix3 = opaque;
+ piix3_update_irq_levels(piix3);
+ return 0;
+}
+
+static void piix3_pre_save(void *opaque)
+{
+ int i;
+ PIIX3State *piix3 = opaque;
+
+ for (i = 0; i < ARRAY_SIZE(piix3->pci_irq_levels_vmstate); i++) {
+ piix3->pci_irq_levels_vmstate[i] =
+ pci_bus_get_irq_level(piix3->dev.bus, i);
+ }
+}
+
+static bool piix3_rcr_needed(void *opaque)
+{
+ PIIX3State *piix3 = opaque;
+
+ return (piix3->rcr != 0);
+}
+
+static const VMStateDescription vmstate_piix3_rcr = {
+ .name = "PIIX3/rcr",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .fields = (VMStateField []) {
+ VMSTATE_UINT8(rcr, PIIX3State),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+static const VMStateDescription vmstate_piix3 = {
+ .name = "PIIX3",
+ .version_id = 3,
+ .minimum_version_id = 2,
+ .minimum_version_id_old = 2,
+ .post_load = piix3_post_load,
+ .pre_save = piix3_pre_save,
+ .fields = (VMStateField[]) {
+ VMSTATE_PCI_DEVICE(dev, PIIX3State),
+ VMSTATE_INT32_ARRAY_V(pci_irq_levels_vmstate, PIIX3State,
+ PIIX_NUM_PIRQS, 3),
+ VMSTATE_END_OF_LIST()
+ },
+ .subsections = (VMStateSubsection[]) {
+ {
+ .vmsd = &vmstate_piix3_rcr,
+ .needed = piix3_rcr_needed,
+ },
+ { 0 }
+ }
+};
+
+
+static void rcr_write(void *opaque, hwaddr addr, uint64_t val, unsigned len)
+{
+ PIIX3State *d = opaque;
+
+ if (val & 4) {
+ qemu_system_reset_request();
+ return;
+ }
+ d->rcr = val & 2; /* keep System Reset type only */
+}
+
+static uint64_t rcr_read(void *opaque, hwaddr addr, unsigned len)
+{
+ PIIX3State *d = opaque;
+
+ return d->rcr;
+}
+
+static const MemoryRegionOps rcr_ops = {
+ .read = rcr_read,
+ .write = rcr_write,
+ .endianness = DEVICE_LITTLE_ENDIAN
+};
+
+static int piix3_initfn(PCIDevice *dev)
+{
+ PIIX3State *d = DO_UPCAST(PIIX3State, dev, dev);
+
+ isa_bus_new(DEVICE(d), pci_address_space_io(dev));
+
+ memory_region_init_io(&d->rcr_mem, OBJECT(dev), &rcr_ops, d,
+ "piix3-reset-control", 1);
+ memory_region_add_subregion_overlap(pci_address_space_io(dev), RCR_IOPORT,
+ &d->rcr_mem, 1);
+
+ qemu_register_reset(piix3_reset, d);
+ return 0;
+}
+
+static void piix3_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ PCIDeviceClass *k = PCI_DEVICE_CLASS(klass);
+
+ dc->desc = "ISA bridge";
+ dc->vmsd = &vmstate_piix3;
+ dc->no_user = 1,
+ k->no_hotplug = 1;
+ k->init = piix3_initfn;
+ k->config_write = piix3_write_config;
+ k->vendor_id = PCI_VENDOR_ID_INTEL;
+ /* 82371SB PIIX3 PCI-to-ISA bridge (Step A1) */
+ k->device_id = PCI_DEVICE_ID_INTEL_82371SB_0;
+ k->class_id = PCI_CLASS_BRIDGE_ISA;
+}
+
+static const TypeInfo piix3_info = {
+ .name = "PIIX3",
+ .parent = TYPE_PCI_DEVICE,
+ .instance_size = sizeof(PIIX3State),
+ .class_init = piix3_class_init,
+};
+
+static void piix3_xen_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ PCIDeviceClass *k = PCI_DEVICE_CLASS(klass);
+
+ dc->desc = "ISA bridge";
+ dc->vmsd = &vmstate_piix3;
+ dc->no_user = 1;
+ k->no_hotplug = 1;
+ k->init = piix3_initfn;
+ k->config_write = piix3_write_config_xen;
+ k->vendor_id = PCI_VENDOR_ID_INTEL;
+ /* 82371SB PIIX3 PCI-to-ISA bridge (Step A1) */
+ k->device_id = PCI_DEVICE_ID_INTEL_82371SB_0;
+ k->class_id = PCI_CLASS_BRIDGE_ISA;
+};
+
+static const TypeInfo piix3_xen_info = {
+ .name = "PIIX3-xen",
+ .parent = TYPE_PCI_DEVICE,
+ .instance_size = sizeof(PIIX3State),
+ .class_init = piix3_xen_class_init,
+};
+
+static void i440fx_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ PCIDeviceClass *k = PCI_DEVICE_CLASS(klass);
+
+ k->no_hotplug = 1;
+ k->init = i440fx_initfn;
+ k->config_write = i440fx_write_config;
+ k->vendor_id = PCI_VENDOR_ID_INTEL;
+ k->device_id = PCI_DEVICE_ID_INTEL_82441;
+ k->revision = 0x02;
+ k->class_id = PCI_CLASS_BRIDGE_HOST;
+ dc->desc = "Host bridge";
+ dc->no_user = 1;
+ dc->vmsd = &vmstate_i440fx;
+}
+
+static const TypeInfo i440fx_info = {
+ .name = TYPE_I440FX_PCI_DEVICE,
+ .parent = TYPE_PCI_DEVICE,
+ .instance_size = sizeof(PCII440FXState),
+ .class_init = i440fx_class_init,
+};
+
+static const char *i440fx_pcihost_root_bus_path(PCIHostState *host_bridge,
+ PCIBus *rootbus)
+{
+ /* For backwards compat with old device paths */
+ return "0000";
+}
+
+static Property i440fx_props[] = {
+ DEFINE_PROP_SIZE(PCI_HOST_PROP_PCI_HOLE64_SIZE, I440FXState,
+ pci_hole64_size, DEFAULT_PCI_HOLE64_SIZE),
+ DEFINE_PROP_END_OF_LIST(),
+};
+
+static void i440fx_pcihost_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ PCIHostBridgeClass *hc = PCI_HOST_BRIDGE_CLASS(klass);
+
+ hc->root_bus_path = i440fx_pcihost_root_bus_path;
+ dc->realize = i440fx_pcihost_realize;
+ dc->fw_name = "pci";
+ dc->no_user = 1;
+ dc->props = i440fx_props;
+}
+
+static const TypeInfo i440fx_pcihost_info = {
+ .name = TYPE_I440FX_PCI_HOST_BRIDGE,
+ .parent = TYPE_PCI_HOST_BRIDGE,
+ .instance_size = sizeof(I440FXState),
+ .instance_init = i440fx_pcihost_initfn,
+ .class_init = i440fx_pcihost_class_init,
+};
+
+static void i440fx_register_types(void)
+{
+ type_register_static(&i440fx_info);
+ type_register_static(&piix3_info);
+ type_register_static(&piix3_xen_info);
+ type_register_static(&i440fx_pcihost_info);
+}
+
+type_init(i440fx_register_types)
diff --git a/hw/pci-host/ppce500.c b/hw/pci-host/ppce500.c
new file mode 100644
index 000000000..f00793d81
--- /dev/null
+++ b/hw/pci-host/ppce500.c
@@ -0,0 +1,428 @@
+/*
+ * QEMU PowerPC E500 embedded processors pci controller emulation
+ *
+ * Copyright (C) 2009 Freescale Semiconductor, Inc. All rights reserved.
+ *
+ * Author: Yu Liu, <yu.liu@freescale.com>
+ *
+ * This file is derived from hw/ppc4xx_pci.c,
+ * the copyright for that material belongs to the original owners.
+ *
+ * This is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ */
+
+#include "hw/hw.h"
+#include "hw/ppc/e500-ccsr.h"
+#include "hw/pci/pci.h"
+#include "hw/pci/pci_host.h"
+#include "qemu/bswap.h"
+#include "hw/pci-host/ppce500.h"
+
+#ifdef DEBUG_PCI
+#define pci_debug(fmt, ...) fprintf(stderr, fmt, ## __VA_ARGS__)
+#else
+#define pci_debug(fmt, ...)
+#endif
+
+#define PCIE500_CFGADDR 0x0
+#define PCIE500_CFGDATA 0x4
+#define PCIE500_REG_BASE 0xC00
+#define PCIE500_ALL_SIZE 0x1000
+#define PCIE500_REG_SIZE (PCIE500_ALL_SIZE - PCIE500_REG_BASE)
+
+#define PCIE500_PCI_IOLEN 0x10000ULL
+
+#define PPCE500_PCI_CONFIG_ADDR 0x0
+#define PPCE500_PCI_CONFIG_DATA 0x4
+#define PPCE500_PCI_INTACK 0x8
+
+#define PPCE500_PCI_OW1 (0xC20 - PCIE500_REG_BASE)
+#define PPCE500_PCI_OW2 (0xC40 - PCIE500_REG_BASE)
+#define PPCE500_PCI_OW3 (0xC60 - PCIE500_REG_BASE)
+#define PPCE500_PCI_OW4 (0xC80 - PCIE500_REG_BASE)
+#define PPCE500_PCI_IW3 (0xDA0 - PCIE500_REG_BASE)
+#define PPCE500_PCI_IW2 (0xDC0 - PCIE500_REG_BASE)
+#define PPCE500_PCI_IW1 (0xDE0 - PCIE500_REG_BASE)
+
+#define PPCE500_PCI_GASKET_TIMR (0xE20 - PCIE500_REG_BASE)
+
+#define PCI_POTAR 0x0
+#define PCI_POTEAR 0x4
+#define PCI_POWBAR 0x8
+#define PCI_POWAR 0x10
+
+#define PCI_PITAR 0x0
+#define PCI_PIWBAR 0x8
+#define PCI_PIWBEAR 0xC
+#define PCI_PIWAR 0x10
+
+#define PPCE500_PCI_NR_POBS 5
+#define PPCE500_PCI_NR_PIBS 3
+
+struct pci_outbound {
+ uint32_t potar;
+ uint32_t potear;
+ uint32_t powbar;
+ uint32_t powar;
+};
+
+struct pci_inbound {
+ uint32_t pitar;
+ uint32_t piwbar;
+ uint32_t piwbear;
+ uint32_t piwar;
+};
+
+#define TYPE_PPC_E500_PCI_HOST_BRIDGE "e500-pcihost"
+
+#define PPC_E500_PCI_HOST_BRIDGE(obj) \
+ OBJECT_CHECK(PPCE500PCIState, (obj), TYPE_PPC_E500_PCI_HOST_BRIDGE)
+
+struct PPCE500PCIState {
+ PCIHostState parent_obj;
+
+ struct pci_outbound pob[PPCE500_PCI_NR_POBS];
+ struct pci_inbound pib[PPCE500_PCI_NR_PIBS];
+ uint32_t gasket_time;
+ qemu_irq irq[4];
+ uint32_t first_slot;
+ /* mmio maps */
+ MemoryRegion container;
+ MemoryRegion iomem;
+ MemoryRegion pio;
+};
+
+#define TYPE_PPC_E500_PCI_BRIDGE "e500-host-bridge"
+#define PPC_E500_PCI_BRIDGE(obj) \
+ OBJECT_CHECK(PPCE500PCIBridgeState, (obj), TYPE_PPC_E500_PCI_BRIDGE)
+
+struct PPCE500PCIBridgeState {
+ /*< private >*/
+ PCIDevice parent;
+ /*< public >*/
+
+ MemoryRegion bar0;
+};
+
+typedef struct PPCE500PCIBridgeState PPCE500PCIBridgeState;
+typedef struct PPCE500PCIState PPCE500PCIState;
+
+static uint64_t pci_reg_read4(void *opaque, hwaddr addr,
+ unsigned size)
+{
+ PPCE500PCIState *pci = opaque;
+ unsigned long win;
+ uint32_t value = 0;
+ int idx;
+
+ win = addr & 0xfe0;
+
+ switch (win) {
+ case PPCE500_PCI_OW1:
+ case PPCE500_PCI_OW2:
+ case PPCE500_PCI_OW3:
+ case PPCE500_PCI_OW4:
+ idx = (addr >> 5) & 0x7;
+ switch (addr & 0xC) {
+ case PCI_POTAR:
+ value = pci->pob[idx].potar;
+ break;
+ case PCI_POTEAR:
+ value = pci->pob[idx].potear;
+ break;
+ case PCI_POWBAR:
+ value = pci->pob[idx].powbar;
+ break;
+ case PCI_POWAR:
+ value = pci->pob[idx].powar;
+ break;
+ default:
+ break;
+ }
+ break;
+
+ case PPCE500_PCI_IW3:
+ case PPCE500_PCI_IW2:
+ case PPCE500_PCI_IW1:
+ idx = ((addr >> 5) & 0x3) - 1;
+ switch (addr & 0xC) {
+ case PCI_PITAR:
+ value = pci->pib[idx].pitar;
+ break;
+ case PCI_PIWBAR:
+ value = pci->pib[idx].piwbar;
+ break;
+ case PCI_PIWBEAR:
+ value = pci->pib[idx].piwbear;
+ break;
+ case PCI_PIWAR:
+ value = pci->pib[idx].piwar;
+ break;
+ default:
+ break;
+ };
+ break;
+
+ case PPCE500_PCI_GASKET_TIMR:
+ value = pci->gasket_time;
+ break;
+
+ default:
+ break;
+ }
+
+ pci_debug("%s: win:%lx(addr:" TARGET_FMT_plx ") -> value:%x\n", __func__,
+ win, addr, value);
+ return value;
+}
+
+static void pci_reg_write4(void *opaque, hwaddr addr,
+ uint64_t value, unsigned size)
+{
+ PPCE500PCIState *pci = opaque;
+ unsigned long win;
+ int idx;
+
+ win = addr & 0xfe0;
+
+ pci_debug("%s: value:%x -> win:%lx(addr:" TARGET_FMT_plx ")\n",
+ __func__, (unsigned)value, win, addr);
+
+ switch (win) {
+ case PPCE500_PCI_OW1:
+ case PPCE500_PCI_OW2:
+ case PPCE500_PCI_OW3:
+ case PPCE500_PCI_OW4:
+ idx = (addr >> 5) & 0x7;
+ switch (addr & 0xC) {
+ case PCI_POTAR:
+ pci->pob[idx].potar = value;
+ break;
+ case PCI_POTEAR:
+ pci->pob[idx].potear = value;
+ break;
+ case PCI_POWBAR:
+ pci->pob[idx].powbar = value;
+ break;
+ case PCI_POWAR:
+ pci->pob[idx].powar = value;
+ break;
+ default:
+ break;
+ };
+ break;
+
+ case PPCE500_PCI_IW3:
+ case PPCE500_PCI_IW2:
+ case PPCE500_PCI_IW1:
+ idx = ((addr >> 5) & 0x3) - 1;
+ switch (addr & 0xC) {
+ case PCI_PITAR:
+ pci->pib[idx].pitar = value;
+ break;
+ case PCI_PIWBAR:
+ pci->pib[idx].piwbar = value;
+ break;
+ case PCI_PIWBEAR:
+ pci->pib[idx].piwbear = value;
+ break;
+ case PCI_PIWAR:
+ pci->pib[idx].piwar = value;
+ break;
+ default:
+ break;
+ };
+ break;
+
+ case PPCE500_PCI_GASKET_TIMR:
+ pci->gasket_time = value;
+ break;
+
+ default:
+ break;
+ };
+}
+
+static const MemoryRegionOps e500_pci_reg_ops = {
+ .read = pci_reg_read4,
+ .write = pci_reg_write4,
+ .endianness = DEVICE_BIG_ENDIAN,
+};
+
+static int mpc85xx_pci_map_irq(PCIDevice *pci_dev, int irq_num)
+{
+ int devno = pci_dev->devfn >> 3;
+ int ret;
+
+ ret = ppce500_pci_map_irq_slot(devno, irq_num);
+
+ pci_debug("%s: devfn %x irq %d -> %d devno:%x\n", __func__,
+ pci_dev->devfn, irq_num, ret, devno);
+
+ return ret;
+}
+
+static void mpc85xx_pci_set_irq(void *opaque, int irq_num, int level)
+{
+ qemu_irq *pic = opaque;
+
+ pci_debug("%s: PCI irq %d, level:%d\n", __func__, irq_num, level);
+
+ qemu_set_irq(pic[irq_num], level);
+}
+
+static const VMStateDescription vmstate_pci_outbound = {
+ .name = "pci_outbound",
+ .version_id = 0,
+ .minimum_version_id = 0,
+ .minimum_version_id_old = 0,
+ .fields = (VMStateField[]) {
+ VMSTATE_UINT32(potar, struct pci_outbound),
+ VMSTATE_UINT32(potear, struct pci_outbound),
+ VMSTATE_UINT32(powbar, struct pci_outbound),
+ VMSTATE_UINT32(powar, struct pci_outbound),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+static const VMStateDescription vmstate_pci_inbound = {
+ .name = "pci_inbound",
+ .version_id = 0,
+ .minimum_version_id = 0,
+ .minimum_version_id_old = 0,
+ .fields = (VMStateField[]) {
+ VMSTATE_UINT32(pitar, struct pci_inbound),
+ VMSTATE_UINT32(piwbar, struct pci_inbound),
+ VMSTATE_UINT32(piwbear, struct pci_inbound),
+ VMSTATE_UINT32(piwar, struct pci_inbound),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+static const VMStateDescription vmstate_ppce500_pci = {
+ .name = "ppce500_pci",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .minimum_version_id_old = 1,
+ .fields = (VMStateField[]) {
+ VMSTATE_STRUCT_ARRAY(pob, PPCE500PCIState, PPCE500_PCI_NR_POBS, 1,
+ vmstate_pci_outbound, struct pci_outbound),
+ VMSTATE_STRUCT_ARRAY(pib, PPCE500PCIState, PPCE500_PCI_NR_PIBS, 1,
+ vmstate_pci_outbound, struct pci_inbound),
+ VMSTATE_UINT32(gasket_time, PPCE500PCIState),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+#include "exec/address-spaces.h"
+
+static int e500_pcihost_bridge_initfn(PCIDevice *d)
+{
+ PPCE500PCIBridgeState *b = PPC_E500_PCI_BRIDGE(d);
+ PPCE500CCSRState *ccsr = CCSR(container_get(qdev_get_machine(),
+ "/e500-ccsr"));
+
+ pci_config_set_class(d->config, PCI_CLASS_BRIDGE_PCI);
+ d->config[PCI_HEADER_TYPE] =
+ (d->config[PCI_HEADER_TYPE] & PCI_HEADER_TYPE_MULTI_FUNCTION) |
+ PCI_HEADER_TYPE_BRIDGE;
+
+ memory_region_init_alias(&b->bar0, OBJECT(ccsr), "e500-pci-bar0", &ccsr->ccsr_space,
+ 0, int128_get64(ccsr->ccsr_space.size));
+ pci_register_bar(d, 0, PCI_BASE_ADDRESS_SPACE_MEMORY, &b->bar0);
+
+ return 0;
+}
+
+static int e500_pcihost_initfn(SysBusDevice *dev)
+{
+ PCIHostState *h;
+ PPCE500PCIState *s;
+ PCIBus *b;
+ int i;
+ MemoryRegion *address_space_mem = get_system_memory();
+
+ h = PCI_HOST_BRIDGE(dev);
+ s = PPC_E500_PCI_HOST_BRIDGE(dev);
+
+ for (i = 0; i < ARRAY_SIZE(s->irq); i++) {
+ sysbus_init_irq(dev, &s->irq[i]);
+ }
+
+ memory_region_init(&s->pio, OBJECT(s), "pci-pio", PCIE500_PCI_IOLEN);
+
+ b = pci_register_bus(DEVICE(dev), NULL, mpc85xx_pci_set_irq,
+ mpc85xx_pci_map_irq, s->irq, address_space_mem,
+ &s->pio, PCI_DEVFN(s->first_slot, 0), 4, TYPE_PCI_BUS);
+ h->bus = b;
+
+ pci_create_simple(b, 0, "e500-host-bridge");
+
+ memory_region_init(&s->container, OBJECT(h), "pci-container", PCIE500_ALL_SIZE);
+ memory_region_init_io(&h->conf_mem, OBJECT(h), &pci_host_conf_be_ops, h,
+ "pci-conf-idx", 4);
+ memory_region_init_io(&h->data_mem, OBJECT(h), &pci_host_data_le_ops, h,
+ "pci-conf-data", 4);
+ memory_region_init_io(&s->iomem, OBJECT(s), &e500_pci_reg_ops, s,
+ "pci.reg", PCIE500_REG_SIZE);
+ memory_region_add_subregion(&s->container, PCIE500_CFGADDR, &h->conf_mem);
+ memory_region_add_subregion(&s->container, PCIE500_CFGDATA, &h->data_mem);
+ memory_region_add_subregion(&s->container, PCIE500_REG_BASE, &s->iomem);
+ sysbus_init_mmio(dev, &s->container);
+ sysbus_init_mmio(dev, &s->pio);
+
+ return 0;
+}
+
+static void e500_host_bridge_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ PCIDeviceClass *k = PCI_DEVICE_CLASS(klass);
+
+ k->init = e500_pcihost_bridge_initfn;
+ k->vendor_id = PCI_VENDOR_ID_FREESCALE;
+ k->device_id = PCI_DEVICE_ID_MPC8533E;
+ k->class_id = PCI_CLASS_PROCESSOR_POWERPC;
+ dc->desc = "Host bridge";
+}
+
+static const TypeInfo e500_host_bridge_info = {
+ .name = "e500-host-bridge",
+ .parent = TYPE_PCI_DEVICE,
+ .instance_size = sizeof(PPCE500PCIBridgeState),
+ .class_init = e500_host_bridge_class_init,
+};
+
+static Property pcihost_properties[] = {
+ DEFINE_PROP_UINT32("first_slot", PPCE500PCIState, first_slot, 0x11),
+ DEFINE_PROP_END_OF_LIST(),
+};
+
+static void e500_pcihost_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
+
+ k->init = e500_pcihost_initfn;
+ set_bit(DEVICE_CATEGORY_BRIDGE, dc->categories);
+ dc->props = pcihost_properties;
+ dc->vmsd = &vmstate_ppce500_pci;
+}
+
+static const TypeInfo e500_pcihost_info = {
+ .name = TYPE_PPC_E500_PCI_HOST_BRIDGE,
+ .parent = TYPE_PCI_HOST_BRIDGE,
+ .instance_size = sizeof(PPCE500PCIState),
+ .class_init = e500_pcihost_class_init,
+};
+
+static void e500_pci_register_types(void)
+{
+ type_register_static(&e500_pcihost_info);
+ type_register_static(&e500_host_bridge_info);
+}
+
+type_init(e500_pci_register_types)
diff --git a/hw/pci-host/prep.c b/hw/pci-host/prep.c
new file mode 100644
index 000000000..e12005851
--- /dev/null
+++ b/hw/pci-host/prep.c
@@ -0,0 +1,235 @@
+/*
+ * QEMU PREP PCI host
+ *
+ * Copyright (c) 2006 Fabrice Bellard
+ * Copyright (c) 2011-2013 Andreas Färber
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+#include "hw/hw.h"
+#include "hw/pci/pci.h"
+#include "hw/pci/pci_bus.h"
+#include "hw/pci/pci_host.h"
+#include "hw/i386/pc.h"
+#include "exec/address-spaces.h"
+
+#define TYPE_RAVEN_PCI_DEVICE "raven"
+#define TYPE_RAVEN_PCI_HOST_BRIDGE "raven-pcihost"
+
+#define RAVEN_PCI_DEVICE(obj) \
+ OBJECT_CHECK(RavenPCIState, (obj), TYPE_RAVEN_PCI_DEVICE)
+
+typedef struct RavenPCIState {
+ PCIDevice dev;
+} RavenPCIState;
+
+#define RAVEN_PCI_HOST_BRIDGE(obj) \
+ OBJECT_CHECK(PREPPCIState, (obj), TYPE_RAVEN_PCI_HOST_BRIDGE)
+
+typedef struct PRePPCIState {
+ PCIHostState parent_obj;
+
+ MemoryRegion intack;
+ qemu_irq irq[4];
+ PCIBus pci_bus;
+ RavenPCIState pci_dev;
+} PREPPCIState;
+
+static inline uint32_t PPC_PCIIO_config(hwaddr addr)
+{
+ int i;
+
+ for (i = 0; i < 11; i++) {
+ if ((addr & (1 << (11 + i))) != 0) {
+ break;
+ }
+ }
+ return (addr & 0x7ff) | (i << 11);
+}
+
+static void ppc_pci_io_write(void *opaque, hwaddr addr,
+ uint64_t val, unsigned int size)
+{
+ PREPPCIState *s = opaque;
+ PCIHostState *phb = PCI_HOST_BRIDGE(s);
+ pci_data_write(phb->bus, PPC_PCIIO_config(addr), val, size);
+}
+
+static uint64_t ppc_pci_io_read(void *opaque, hwaddr addr,
+ unsigned int size)
+{
+ PREPPCIState *s = opaque;
+ PCIHostState *phb = PCI_HOST_BRIDGE(s);
+ return pci_data_read(phb->bus, PPC_PCIIO_config(addr), size);
+}
+
+static const MemoryRegionOps PPC_PCIIO_ops = {
+ .read = ppc_pci_io_read,
+ .write = ppc_pci_io_write,
+ .endianness = DEVICE_LITTLE_ENDIAN,
+};
+
+static uint64_t ppc_intack_read(void *opaque, hwaddr addr,
+ unsigned int size)
+{
+ return pic_read_irq(isa_pic);
+}
+
+static const MemoryRegionOps PPC_intack_ops = {
+ .read = ppc_intack_read,
+ .valid = {
+ .max_access_size = 1,
+ },
+};
+
+static int prep_map_irq(PCIDevice *pci_dev, int irq_num)
+{
+ return (irq_num + (pci_dev->devfn >> 3)) & 1;
+}
+
+static void prep_set_irq(void *opaque, int irq_num, int level)
+{
+ qemu_irq *pic = opaque;
+
+ qemu_set_irq(pic[irq_num] , level);
+}
+
+static void raven_pcihost_realizefn(DeviceState *d, Error **errp)
+{
+ SysBusDevice *dev = SYS_BUS_DEVICE(d);
+ PCIHostState *h = PCI_HOST_BRIDGE(dev);
+ PREPPCIState *s = RAVEN_PCI_HOST_BRIDGE(dev);
+ MemoryRegion *address_space_mem = get_system_memory();
+ int i;
+
+ isa_mem_base = 0xc0000000;
+
+ for (i = 0; i < 4; i++) {
+ sysbus_init_irq(dev, &s->irq[i]);
+ }
+
+ pci_bus_irqs(&s->pci_bus, prep_set_irq, prep_map_irq, s->irq, 4);
+
+ memory_region_init_io(&h->conf_mem, OBJECT(h), &pci_host_conf_be_ops, s,
+ "pci-conf-idx", 1);
+ sysbus_add_io(dev, 0xcf8, &h->conf_mem);
+ sysbus_init_ioports(&h->busdev, 0xcf8, 1);
+
+ memory_region_init_io(&h->data_mem, OBJECT(h), &pci_host_data_be_ops, s,
+ "pci-conf-data", 1);
+ sysbus_add_io(dev, 0xcfc, &h->data_mem);
+ sysbus_init_ioports(&h->busdev, 0xcfc, 1);
+
+ memory_region_init_io(&h->mmcfg, OBJECT(s), &PPC_PCIIO_ops, s, "pciio", 0x00400000);
+ memory_region_add_subregion(address_space_mem, 0x80800000, &h->mmcfg);
+
+ memory_region_init_io(&s->intack, OBJECT(s), &PPC_intack_ops, s, "pci-intack", 1);
+ memory_region_add_subregion(address_space_mem, 0xbffffff0, &s->intack);
+
+ /* TODO Remove once realize propagates to child devices. */
+ object_property_set_bool(OBJECT(&s->pci_dev), true, "realized", errp);
+}
+
+static void raven_pcihost_initfn(Object *obj)
+{
+ PCIHostState *h = PCI_HOST_BRIDGE(obj);
+ PREPPCIState *s = RAVEN_PCI_HOST_BRIDGE(obj);
+ MemoryRegion *address_space_mem = get_system_memory();
+ MemoryRegion *address_space_io = get_system_io();
+ DeviceState *pci_dev;
+
+ pci_bus_new_inplace(&s->pci_bus, DEVICE(obj), NULL,
+ address_space_mem, address_space_io, 0, TYPE_PCI_BUS);
+ h->bus = &s->pci_bus;
+
+ object_initialize(&s->pci_dev, TYPE_RAVEN_PCI_DEVICE);
+ pci_dev = DEVICE(&s->pci_dev);
+ qdev_set_parent_bus(pci_dev, BUS(&s->pci_bus));
+ object_property_set_int(OBJECT(&s->pci_dev), PCI_DEVFN(0, 0), "addr",
+ NULL);
+ qdev_prop_set_bit(pci_dev, "multifunction", false);
+}
+
+static int raven_init(PCIDevice *d)
+{
+ d->config[0x0C] = 0x08; // cache_line_size
+ d->config[0x0D] = 0x10; // latency_timer
+ d->config[0x34] = 0x00; // capabilities_pointer
+
+ return 0;
+}
+
+static const VMStateDescription vmstate_raven = {
+ .name = "raven",
+ .version_id = 0,
+ .minimum_version_id = 0,
+ .fields = (VMStateField[]) {
+ VMSTATE_PCI_DEVICE(dev, RavenPCIState),
+ VMSTATE_END_OF_LIST()
+ },
+};
+
+static void raven_class_init(ObjectClass *klass, void *data)
+{
+ PCIDeviceClass *k = PCI_DEVICE_CLASS(klass);
+ DeviceClass *dc = DEVICE_CLASS(klass);
+
+ k->init = raven_init;
+ k->vendor_id = PCI_VENDOR_ID_MOTOROLA;
+ k->device_id = PCI_DEVICE_ID_MOTOROLA_RAVEN;
+ k->revision = 0x00;
+ k->class_id = PCI_CLASS_BRIDGE_HOST;
+ dc->desc = "PReP Host Bridge - Motorola Raven";
+ dc->vmsd = &vmstate_raven;
+ dc->no_user = 1;
+}
+
+static const TypeInfo raven_info = {
+ .name = TYPE_RAVEN_PCI_DEVICE,
+ .parent = TYPE_PCI_DEVICE,
+ .instance_size = sizeof(RavenPCIState),
+ .class_init = raven_class_init,
+};
+
+static void raven_pcihost_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+
+ set_bit(DEVICE_CATEGORY_BRIDGE, dc->categories);
+ dc->realize = raven_pcihost_realizefn;
+ dc->fw_name = "pci";
+ dc->no_user = 1;
+}
+
+static const TypeInfo raven_pcihost_info = {
+ .name = TYPE_RAVEN_PCI_HOST_BRIDGE,
+ .parent = TYPE_PCI_HOST_BRIDGE,
+ .instance_size = sizeof(PREPPCIState),
+ .instance_init = raven_pcihost_initfn,
+ .class_init = raven_pcihost_class_init,
+};
+
+static void raven_register_types(void)
+{
+ type_register_static(&raven_pcihost_info);
+ type_register_static(&raven_info);
+}
+
+type_init(raven_register_types)
diff --git a/hw/pci-host/q35.c b/hw/pci-host/q35.c
new file mode 100644
index 000000000..12314d8df
--- /dev/null
+++ b/hw/pci-host/q35.c
@@ -0,0 +1,390 @@
+/*
+ * QEMU MCH/ICH9 PCI Bridge Emulation
+ *
+ * Copyright (c) 2006 Fabrice Bellard
+ * Copyright (c) 2009, 2010, 2011
+ * Isaku Yamahata <yamahata at valinux co jp>
+ * VA Linux Systems Japan K.K.
+ * Copyright (C) 2012 Jason Baron <jbaron@redhat.com>
+ *
+ * This is based on piix_pci.c, but heavily modified.
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+#include "hw/hw.h"
+#include "hw/pci-host/q35.h"
+#include "qapi/visitor.h"
+
+/****************************************************************************
+ * Q35 host
+ */
+
+static void q35_host_realize(DeviceState *dev, Error **errp)
+{
+ PCIHostState *pci = PCI_HOST_BRIDGE(dev);
+ Q35PCIHost *s = Q35_HOST_DEVICE(dev);
+ SysBusDevice *sbd = SYS_BUS_DEVICE(dev);
+
+ sysbus_add_io(sbd, MCH_HOST_BRIDGE_CONFIG_ADDR, &pci->conf_mem);
+ sysbus_init_ioports(sbd, MCH_HOST_BRIDGE_CONFIG_ADDR, 4);
+
+ sysbus_add_io(sbd, MCH_HOST_BRIDGE_CONFIG_DATA, &pci->data_mem);
+ sysbus_init_ioports(sbd, MCH_HOST_BRIDGE_CONFIG_DATA, 4);
+
+ if (pcie_host_init(PCIE_HOST_BRIDGE(s)) < 0) {
+ error_setg(errp, "failed to initialize pcie host");
+ return;
+ }
+ pci->bus = pci_bus_new(DEVICE(s), "pcie.0",
+ s->mch.pci_address_space, s->mch.address_space_io,
+ 0, TYPE_PCIE_BUS);
+ qdev_set_parent_bus(DEVICE(&s->mch), BUS(pci->bus));
+ qdev_init_nofail(DEVICE(&s->mch));
+}
+
+static const char *q35_host_root_bus_path(PCIHostState *host_bridge,
+ PCIBus *rootbus)
+{
+ /* For backwards compat with old device paths */
+ return "0000";
+}
+
+static void q35_host_get_pci_hole_start(Object *obj, Visitor *v,
+ void *opaque, const char *name,
+ Error **errp)
+{
+ Q35PCIHost *s = Q35_HOST_DEVICE(obj);
+ uint32_t value = s->mch.pci_info.w32.begin;
+
+ visit_type_uint32(v, &value, name, errp);
+}
+
+static void q35_host_get_pci_hole_end(Object *obj, Visitor *v,
+ void *opaque, const char *name,
+ Error **errp)
+{
+ Q35PCIHost *s = Q35_HOST_DEVICE(obj);
+ uint32_t value = s->mch.pci_info.w32.end;
+
+ visit_type_uint32(v, &value, name, errp);
+}
+
+static void q35_host_get_pci_hole64_start(Object *obj, Visitor *v,
+ void *opaque, const char *name,
+ Error **errp)
+{
+ Q35PCIHost *s = Q35_HOST_DEVICE(obj);
+
+ visit_type_uint64(v, &s->mch.pci_info.w64.begin, name, errp);
+}
+
+static void q35_host_get_pci_hole64_end(Object *obj, Visitor *v,
+ void *opaque, const char *name,
+ Error **errp)
+{
+ Q35PCIHost *s = Q35_HOST_DEVICE(obj);
+
+ visit_type_uint64(v, &s->mch.pci_info.w64.end, name, errp);
+}
+
+static Property mch_props[] = {
+ DEFINE_PROP_UINT64("MCFG", Q35PCIHost, parent_obj.base_addr,
+ MCH_HOST_BRIDGE_PCIEXBAR_DEFAULT),
+ DEFINE_PROP_SIZE(PCI_HOST_PROP_PCI_HOLE64_SIZE, Q35PCIHost,
+ mch.pci_hole64_size, DEFAULT_PCI_HOLE64_SIZE),
+ DEFINE_PROP_END_OF_LIST(),
+};
+
+static void q35_host_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ PCIHostBridgeClass *hc = PCI_HOST_BRIDGE_CLASS(klass);
+
+ hc->root_bus_path = q35_host_root_bus_path;
+ dc->realize = q35_host_realize;
+ dc->props = mch_props;
+ set_bit(DEVICE_CATEGORY_BRIDGE, dc->categories);
+ dc->fw_name = "pci";
+}
+
+static void q35_host_initfn(Object *obj)
+{
+ Q35PCIHost *s = Q35_HOST_DEVICE(obj);
+ PCIHostState *phb = PCI_HOST_BRIDGE(obj);
+
+ memory_region_init_io(&phb->conf_mem, obj, &pci_host_conf_le_ops, phb,
+ "pci-conf-idx", 4);
+ memory_region_init_io(&phb->data_mem, obj, &pci_host_data_le_ops, phb,
+ "pci-conf-data", 4);
+
+ object_initialize(&s->mch, TYPE_MCH_PCI_DEVICE);
+ object_property_add_child(OBJECT(s), "mch", OBJECT(&s->mch), NULL);
+ qdev_prop_set_uint32(DEVICE(&s->mch), "addr", PCI_DEVFN(0, 0));
+ qdev_prop_set_bit(DEVICE(&s->mch), "multifunction", false);
+
+ object_property_add(obj, PCI_HOST_PROP_PCI_HOLE_START, "int",
+ q35_host_get_pci_hole_start,
+ NULL, NULL, NULL, NULL);
+
+ object_property_add(obj, PCI_HOST_PROP_PCI_HOLE_END, "int",
+ q35_host_get_pci_hole_end,
+ NULL, NULL, NULL, NULL);
+
+ object_property_add(obj, PCI_HOST_PROP_PCI_HOLE64_START, "int",
+ q35_host_get_pci_hole64_start,
+ NULL, NULL, NULL, NULL);
+
+ object_property_add(obj, PCI_HOST_PROP_PCI_HOLE64_END, "int",
+ q35_host_get_pci_hole64_end,
+ NULL, NULL, NULL, NULL);
+
+ /* Leave enough space for the biggest MCFG BAR */
+ /* TODO: this matches current bios behaviour, but
+ * it's not a power of two, which means an MTRR
+ * can't cover it exactly.
+ */
+ s->mch.pci_info.w32.begin = MCH_HOST_BRIDGE_PCIEXBAR_DEFAULT +
+ MCH_HOST_BRIDGE_PCIEXBAR_MAX;
+ s->mch.pci_info.w32.end = IO_APIC_DEFAULT_ADDRESS;
+}
+
+static const TypeInfo q35_host_info = {
+ .name = TYPE_Q35_HOST_DEVICE,
+ .parent = TYPE_PCIE_HOST_BRIDGE,
+ .instance_size = sizeof(Q35PCIHost),
+ .instance_init = q35_host_initfn,
+ .class_init = q35_host_class_init,
+};
+
+/****************************************************************************
+ * MCH D0:F0
+ */
+
+/* PCIe MMCFG */
+static void mch_update_pciexbar(MCHPCIState *mch)
+{
+ PCIDevice *pci_dev = PCI_DEVICE(mch);
+ BusState *bus = qdev_get_parent_bus(DEVICE(mch));
+ PCIExpressHost *pehb = PCIE_HOST_BRIDGE(bus->parent);
+
+ uint64_t pciexbar;
+ int enable;
+ uint64_t addr;
+ uint64_t addr_mask;
+ uint32_t length;
+
+ pciexbar = pci_get_quad(pci_dev->config + MCH_HOST_BRIDGE_PCIEXBAR);
+ enable = pciexbar & MCH_HOST_BRIDGE_PCIEXBAREN;
+ addr_mask = MCH_HOST_BRIDGE_PCIEXBAR_ADMSK;
+ switch (pciexbar & MCH_HOST_BRIDGE_PCIEXBAR_LENGTH_MASK) {
+ case MCH_HOST_BRIDGE_PCIEXBAR_LENGTH_256M:
+ length = 256 * 1024 * 1024;
+ break;
+ case MCH_HOST_BRIDGE_PCIEXBAR_LENGTH_128M:
+ length = 128 * 1024 * 1024;
+ addr_mask |= MCH_HOST_BRIDGE_PCIEXBAR_128ADMSK |
+ MCH_HOST_BRIDGE_PCIEXBAR_64ADMSK;
+ break;
+ case MCH_HOST_BRIDGE_PCIEXBAR_LENGTH_64M:
+ length = 64 * 1024 * 1024;
+ addr_mask |= MCH_HOST_BRIDGE_PCIEXBAR_64ADMSK;
+ break;
+ case MCH_HOST_BRIDGE_PCIEXBAR_LENGTH_RVD:
+ default:
+ enable = 0;
+ length = 0;
+ abort();
+ break;
+ }
+ addr = pciexbar & addr_mask;
+ pcie_host_mmcfg_update(pehb, enable, addr, length);
+}
+
+/* PAM */
+static void mch_update_pam(MCHPCIState *mch)
+{
+ PCIDevice *pd = PCI_DEVICE(mch);
+ int i;
+
+ memory_region_transaction_begin();
+ for (i = 0; i < 13; i++) {
+ pam_update(&mch->pam_regions[i], i,
+ pd->config[MCH_HOST_BRIDGE_PAM0 + ((i + 1) / 2)]);
+ }
+ memory_region_transaction_commit();
+}
+
+/* SMRAM */
+static void mch_update_smram(MCHPCIState *mch)
+{
+ PCIDevice *pd = PCI_DEVICE(mch);
+
+ memory_region_transaction_begin();
+ smram_update(&mch->smram_region, pd->config[MCH_HOST_BRDIGE_SMRAM],
+ mch->smm_enabled);
+ memory_region_transaction_commit();
+}
+
+static void mch_set_smm(int smm, void *arg)
+{
+ MCHPCIState *mch = arg;
+ PCIDevice *pd = PCI_DEVICE(mch);
+
+ memory_region_transaction_begin();
+ smram_set_smm(&mch->smm_enabled, smm, pd->config[MCH_HOST_BRDIGE_SMRAM],
+ &mch->smram_region);
+ memory_region_transaction_commit();
+}
+
+static void mch_write_config(PCIDevice *d,
+ uint32_t address, uint32_t val, int len)
+{
+ MCHPCIState *mch = MCH_PCI_DEVICE(d);
+
+ /* XXX: implement SMRAM.D_LOCK */
+ pci_default_write_config(d, address, val, len);
+
+ if (ranges_overlap(address, len, MCH_HOST_BRIDGE_PAM0,
+ MCH_HOST_BRIDGE_PAM_SIZE)) {
+ mch_update_pam(mch);
+ }
+
+ if (ranges_overlap(address, len, MCH_HOST_BRIDGE_PCIEXBAR,
+ MCH_HOST_BRIDGE_PCIEXBAR_SIZE)) {
+ mch_update_pciexbar(mch);
+ }
+
+ if (ranges_overlap(address, len, MCH_HOST_BRDIGE_SMRAM,
+ MCH_HOST_BRDIGE_SMRAM_SIZE)) {
+ mch_update_smram(mch);
+ }
+}
+
+static void mch_update(MCHPCIState *mch)
+{
+ mch_update_pciexbar(mch);
+ mch_update_pam(mch);
+ mch_update_smram(mch);
+}
+
+static int mch_post_load(void *opaque, int version_id)
+{
+ MCHPCIState *mch = opaque;
+ mch_update(mch);
+ return 0;
+}
+
+static const VMStateDescription vmstate_mch = {
+ .name = "mch",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .minimum_version_id_old = 1,
+ .post_load = mch_post_load,
+ .fields = (VMStateField []) {
+ VMSTATE_PCI_DEVICE(parent_obj, MCHPCIState),
+ VMSTATE_UINT8(smm_enabled, MCHPCIState),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+static void mch_reset(DeviceState *qdev)
+{
+ PCIDevice *d = PCI_DEVICE(qdev);
+ MCHPCIState *mch = MCH_PCI_DEVICE(d);
+
+ pci_set_quad(d->config + MCH_HOST_BRIDGE_PCIEXBAR,
+ MCH_HOST_BRIDGE_PCIEXBAR_DEFAULT);
+
+ d->config[MCH_HOST_BRDIGE_SMRAM] = MCH_HOST_BRIDGE_SMRAM_DEFAULT;
+
+ mch_update(mch);
+}
+
+static int mch_init(PCIDevice *d)
+{
+ int i;
+ MCHPCIState *mch = MCH_PCI_DEVICE(d);
+
+ /* setup pci memory regions */
+ memory_region_init_alias(&mch->pci_hole, OBJECT(mch), "pci-hole",
+ mch->pci_address_space,
+ mch->below_4g_mem_size,
+ 0x100000000ULL - mch->below_4g_mem_size);
+ memory_region_add_subregion(mch->system_memory, mch->below_4g_mem_size,
+ &mch->pci_hole);
+
+ pc_init_pci64_hole(&mch->pci_info, 0x100000000ULL + mch->above_4g_mem_size,
+ mch->pci_hole64_size);
+ memory_region_init_alias(&mch->pci_hole_64bit, OBJECT(mch), "pci-hole64",
+ mch->pci_address_space,
+ mch->pci_info.w64.begin,
+ mch->pci_hole64_size);
+ if (mch->pci_hole64_size) {
+ memory_region_add_subregion(mch->system_memory,
+ mch->pci_info.w64.begin,
+ &mch->pci_hole_64bit);
+ }
+ /* smram */
+ cpu_smm_register(&mch_set_smm, mch);
+ memory_region_init_alias(&mch->smram_region, OBJECT(mch), "smram-region",
+ mch->pci_address_space, 0xa0000, 0x20000);
+ memory_region_add_subregion_overlap(mch->system_memory, 0xa0000,
+ &mch->smram_region, 1);
+ memory_region_set_enabled(&mch->smram_region, false);
+ init_pam(DEVICE(mch), mch->ram_memory, mch->system_memory, mch->pci_address_space,
+ &mch->pam_regions[0], PAM_BIOS_BASE, PAM_BIOS_SIZE);
+ for (i = 0; i < 12; ++i) {
+ init_pam(DEVICE(mch), mch->ram_memory, mch->system_memory, mch->pci_address_space,
+ &mch->pam_regions[i+1], PAM_EXPAN_BASE + i * PAM_EXPAN_SIZE,
+ PAM_EXPAN_SIZE);
+ }
+ return 0;
+}
+
+static void mch_class_init(ObjectClass *klass, void *data)
+{
+ PCIDeviceClass *k = PCI_DEVICE_CLASS(klass);
+ DeviceClass *dc = DEVICE_CLASS(klass);
+
+ k->init = mch_init;
+ k->config_write = mch_write_config;
+ dc->reset = mch_reset;
+ set_bit(DEVICE_CATEGORY_BRIDGE, dc->categories);
+ dc->desc = "Host bridge";
+ dc->vmsd = &vmstate_mch;
+ k->vendor_id = PCI_VENDOR_ID_INTEL;
+ k->device_id = PCI_DEVICE_ID_INTEL_Q35_MCH;
+ k->revision = MCH_HOST_BRIDGE_REVISION_DEFUALT;
+ k->class_id = PCI_CLASS_BRIDGE_HOST;
+}
+
+static const TypeInfo mch_info = {
+ .name = TYPE_MCH_PCI_DEVICE,
+ .parent = TYPE_PCI_DEVICE,
+ .instance_size = sizeof(MCHPCIState),
+ .class_init = mch_class_init,
+};
+
+static void q35_register(void)
+{
+ type_register_static(&mch_info);
+ type_register_static(&q35_host_info);
+}
+
+type_init(q35_register);
diff --git a/hw/pci-host/uninorth.c b/hw/pci-host/uninorth.c
new file mode 100644
index 000000000..91530cdd0
--- /dev/null
+++ b/hw/pci-host/uninorth.c
@@ -0,0 +1,492 @@
+/*
+ * QEMU Uninorth PCI host (for all Mac99 and newer machines)
+ *
+ * Copyright (c) 2006 Fabrice Bellard
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+#include "hw/hw.h"
+#include "hw/ppc/mac.h"
+#include "hw/pci/pci.h"
+#include "hw/pci/pci_host.h"
+
+/* debug UniNorth */
+//#define DEBUG_UNIN
+
+#ifdef DEBUG_UNIN
+#define UNIN_DPRINTF(fmt, ...) \
+ do { printf("UNIN: " fmt , ## __VA_ARGS__); } while (0)
+#else
+#define UNIN_DPRINTF(fmt, ...)
+#endif
+
+static const int unin_irq_line[] = { 0x1b, 0x1c, 0x1d, 0x1e };
+
+#define TYPE_UNI_NORTH_PCI_HOST_BRIDGE "uni-north-pci-pcihost"
+#define TYPE_UNI_NORTH_AGP_HOST_BRIDGE "uni-north-agp-pcihost"
+#define TYPE_UNI_NORTH_INTERNAL_PCI_HOST_BRIDGE "uni-north-internal-pci-pcihost"
+#define TYPE_U3_AGP_HOST_BRIDGE "u3-agp-pcihost"
+
+#define UNI_NORTH_PCI_HOST_BRIDGE(obj) \
+ OBJECT_CHECK(UNINState, (obj), TYPE_UNI_NORTH_PCI_HOST_BRIDGE)
+#define UNI_NORTH_AGP_HOST_BRIDGE(obj) \
+ OBJECT_CHECK(UNINState, (obj), TYPE_UNI_NORTH_AGP_HOST_BRIDGE)
+#define UNI_NORTH_INTERNAL_PCI_HOST_BRIDGE(obj) \
+ OBJECT_CHECK(UNINState, (obj), TYPE_UNI_NORTH_INTERNAL_PCI_HOST_BRIDGE)
+#define U3_AGP_HOST_BRIDGE(obj) \
+ OBJECT_CHECK(UNINState, (obj), TYPE_U3_AGP_HOST_BRIDGE)
+
+typedef struct UNINState {
+ PCIHostState parent_obj;
+
+ MemoryRegion pci_mmio;
+ MemoryRegion pci_hole;
+} UNINState;
+
+static int pci_unin_map_irq(PCIDevice *pci_dev, int irq_num)
+{
+ int retval;
+ int devfn = pci_dev->devfn & 0x00FFFFFF;
+
+ retval = (((devfn >> 11) & 0x1F) + irq_num) & 3;
+
+ return retval;
+}
+
+static void pci_unin_set_irq(void *opaque, int irq_num, int level)
+{
+ qemu_irq *pic = opaque;
+
+ UNIN_DPRINTF("%s: setting INT %d = %d\n", __func__,
+ unin_irq_line[irq_num], level);
+ qemu_set_irq(pic[unin_irq_line[irq_num]], level);
+}
+
+static uint32_t unin_get_config_reg(uint32_t reg, uint32_t addr)
+{
+ uint32_t retval;
+
+ if (reg & (1u << 31)) {
+ /* XXX OpenBIOS compatibility hack */
+ retval = reg | (addr & 3);
+ } else if (reg & 1) {
+ /* CFA1 style */
+ retval = (reg & ~7u) | (addr & 7);
+ } else {
+ uint32_t slot, func;
+
+ /* Grab CFA0 style values */
+ slot = ffs(reg & 0xfffff800) - 1;
+ func = (reg >> 8) & 7;
+
+ /* ... and then convert them to x86 format */
+ /* config pointer */
+ retval = (reg & (0xff - 7)) | (addr & 7);
+ /* slot */
+ retval |= slot << 11;
+ /* fn */
+ retval |= func << 8;
+ }
+
+
+ UNIN_DPRINTF("Converted config space accessor %08x/%08x -> %08x\n",
+ reg, addr, retval);
+
+ return retval;
+}
+
+static void unin_data_write(void *opaque, hwaddr addr,
+ uint64_t val, unsigned len)
+{
+ UNINState *s = opaque;
+ PCIHostState *phb = PCI_HOST_BRIDGE(s);
+ UNIN_DPRINTF("write addr %" TARGET_FMT_plx " len %d val %"PRIx64"\n",
+ addr, len, val);
+ pci_data_write(phb->bus,
+ unin_get_config_reg(phb->config_reg, addr),
+ val, len);
+}
+
+static uint64_t unin_data_read(void *opaque, hwaddr addr,
+ unsigned len)
+{
+ UNINState *s = opaque;
+ PCIHostState *phb = PCI_HOST_BRIDGE(s);
+ uint32_t val;
+
+ val = pci_data_read(phb->bus,
+ unin_get_config_reg(phb->config_reg, addr),
+ len);
+ UNIN_DPRINTF("read addr %" TARGET_FMT_plx " len %d val %x\n",
+ addr, len, val);
+ return val;
+}
+
+static const MemoryRegionOps unin_data_ops = {
+ .read = unin_data_read,
+ .write = unin_data_write,
+ .endianness = DEVICE_LITTLE_ENDIAN,
+};
+
+static int pci_unin_main_init_device(SysBusDevice *dev)
+{
+ PCIHostState *h;
+
+ /* Use values found on a real PowerMac */
+ /* Uninorth main bus */
+ h = PCI_HOST_BRIDGE(dev);
+
+ memory_region_init_io(&h->conf_mem, OBJECT(h), &pci_host_conf_le_ops,
+ dev, "pci-conf-idx", 0x1000);
+ memory_region_init_io(&h->data_mem, OBJECT(h), &unin_data_ops, dev,
+ "pci-conf-data", 0x1000);
+ sysbus_init_mmio(dev, &h->conf_mem);
+ sysbus_init_mmio(dev, &h->data_mem);
+
+ return 0;
+}
+
+
+static int pci_u3_agp_init_device(SysBusDevice *dev)
+{
+ PCIHostState *h;
+
+ /* Uninorth U3 AGP bus */
+ h = PCI_HOST_BRIDGE(dev);
+
+ memory_region_init_io(&h->conf_mem, OBJECT(h), &pci_host_conf_le_ops,
+ dev, "pci-conf-idx", 0x1000);
+ memory_region_init_io(&h->data_mem, OBJECT(h), &unin_data_ops, dev,
+ "pci-conf-data", 0x1000);
+ sysbus_init_mmio(dev, &h->conf_mem);
+ sysbus_init_mmio(dev, &h->data_mem);
+
+ return 0;
+}
+
+static int pci_unin_agp_init_device(SysBusDevice *dev)
+{
+ PCIHostState *h;
+
+ /* Uninorth AGP bus */
+ h = PCI_HOST_BRIDGE(dev);
+
+ memory_region_init_io(&h->conf_mem, OBJECT(h), &pci_host_conf_le_ops,
+ dev, "pci-conf-idx", 0x1000);
+ memory_region_init_io(&h->data_mem, OBJECT(h), &pci_host_data_le_ops,
+ dev, "pci-conf-data", 0x1000);
+ sysbus_init_mmio(dev, &h->conf_mem);
+ sysbus_init_mmio(dev, &h->data_mem);
+ return 0;
+}
+
+static int pci_unin_internal_init_device(SysBusDevice *dev)
+{
+ PCIHostState *h;
+
+ /* Uninorth internal bus */
+ h = PCI_HOST_BRIDGE(dev);
+
+ memory_region_init_io(&h->conf_mem, OBJECT(h), &pci_host_conf_le_ops,
+ dev, "pci-conf-idx", 0x1000);
+ memory_region_init_io(&h->data_mem, OBJECT(h), &pci_host_data_le_ops,
+ dev, "pci-conf-data", 0x1000);
+ sysbus_init_mmio(dev, &h->conf_mem);
+ sysbus_init_mmio(dev, &h->data_mem);
+ return 0;
+}
+
+PCIBus *pci_pmac_init(qemu_irq *pic,
+ MemoryRegion *address_space_mem,
+ MemoryRegion *address_space_io)
+{
+ DeviceState *dev;
+ SysBusDevice *s;
+ PCIHostState *h;
+ UNINState *d;
+
+ /* Use values found on a real PowerMac */
+ /* Uninorth main bus */
+ dev = qdev_create(NULL, TYPE_UNI_NORTH_PCI_HOST_BRIDGE);
+ qdev_init_nofail(dev);
+ s = SYS_BUS_DEVICE(dev);
+ h = PCI_HOST_BRIDGE(s);
+ d = UNI_NORTH_PCI_HOST_BRIDGE(dev);
+ memory_region_init(&d->pci_mmio, OBJECT(d), "pci-mmio", 0x100000000ULL);
+ memory_region_init_alias(&d->pci_hole, OBJECT(d), "pci-hole", &d->pci_mmio,
+ 0x80000000ULL, 0x70000000ULL);
+ memory_region_add_subregion(address_space_mem, 0x80000000ULL,
+ &d->pci_hole);
+
+ h->bus = pci_register_bus(dev, "pci",
+ pci_unin_set_irq, pci_unin_map_irq,
+ pic,
+ &d->pci_mmio,
+ address_space_io,
+ PCI_DEVFN(11, 0), 4, TYPE_PCI_BUS);
+
+#if 0
+ pci_create_simple(h->bus, PCI_DEVFN(11, 0), "uni-north");
+#endif
+
+ sysbus_mmio_map(s, 0, 0xf2800000);
+ sysbus_mmio_map(s, 1, 0xf2c00000);
+
+ /* DEC 21154 bridge */
+#if 0
+ /* XXX: not activated as PPC BIOS doesn't handle multiple buses properly */
+ pci_create_simple(h->bus, PCI_DEVFN(12, 0), "dec-21154");
+#endif
+
+ /* Uninorth AGP bus */
+ pci_create_simple(h->bus, PCI_DEVFN(11, 0), "uni-north-agp");
+ dev = qdev_create(NULL, TYPE_UNI_NORTH_AGP_HOST_BRIDGE);
+ qdev_init_nofail(dev);
+ s = SYS_BUS_DEVICE(dev);
+ sysbus_mmio_map(s, 0, 0xf0800000);
+ sysbus_mmio_map(s, 1, 0xf0c00000);
+
+ /* Uninorth internal bus */
+#if 0
+ /* XXX: not needed for now */
+ pci_create_simple(h->bus, PCI_DEVFN(14, 0),
+ "uni-north-internal-pci");
+ dev = qdev_create(NULL, TYPE_UNI_NORTH_INTERNAL_PCI_HOST_BRIDGE);
+ qdev_init_nofail(dev);
+ s = SYS_BUS_DEVICE(dev);
+ sysbus_mmio_map(s, 0, 0xf4800000);
+ sysbus_mmio_map(s, 1, 0xf4c00000);
+#endif
+
+ return h->bus;
+}
+
+PCIBus *pci_pmac_u3_init(qemu_irq *pic,
+ MemoryRegion *address_space_mem,
+ MemoryRegion *address_space_io)
+{
+ DeviceState *dev;
+ SysBusDevice *s;
+ PCIHostState *h;
+ UNINState *d;
+
+ /* Uninorth AGP bus */
+
+ dev = qdev_create(NULL, TYPE_U3_AGP_HOST_BRIDGE);
+ qdev_init_nofail(dev);
+ s = SYS_BUS_DEVICE(dev);
+ h = PCI_HOST_BRIDGE(dev);
+ d = U3_AGP_HOST_BRIDGE(dev);
+
+ memory_region_init(&d->pci_mmio, OBJECT(d), "pci-mmio", 0x100000000ULL);
+ memory_region_init_alias(&d->pci_hole, OBJECT(d), "pci-hole", &d->pci_mmio,
+ 0x80000000ULL, 0x70000000ULL);
+ memory_region_add_subregion(address_space_mem, 0x80000000ULL,
+ &d->pci_hole);
+
+ h->bus = pci_register_bus(dev, "pci",
+ pci_unin_set_irq, pci_unin_map_irq,
+ pic,
+ &d->pci_mmio,
+ address_space_io,
+ PCI_DEVFN(11, 0), 4, TYPE_PCI_BUS);
+
+ sysbus_mmio_map(s, 0, 0xf0800000);
+ sysbus_mmio_map(s, 1, 0xf0c00000);
+
+ pci_create_simple(h->bus, 11 << 3, "u3-agp");
+
+ return h->bus;
+}
+
+static int unin_main_pci_host_init(PCIDevice *d)
+{
+ d->config[0x0C] = 0x08; // cache_line_size
+ d->config[0x0D] = 0x10; // latency_timer
+ d->config[0x34] = 0x00; // capabilities_pointer
+ return 0;
+}
+
+static int unin_agp_pci_host_init(PCIDevice *d)
+{
+ d->config[0x0C] = 0x08; // cache_line_size
+ d->config[0x0D] = 0x10; // latency_timer
+ // d->config[0x34] = 0x80; // capabilities_pointer
+ return 0;
+}
+
+static int u3_agp_pci_host_init(PCIDevice *d)
+{
+ /* cache line size */
+ d->config[0x0C] = 0x08;
+ /* latency timer */
+ d->config[0x0D] = 0x10;
+ return 0;
+}
+
+static int unin_internal_pci_host_init(PCIDevice *d)
+{
+ d->config[0x0C] = 0x08; // cache_line_size
+ d->config[0x0D] = 0x10; // latency_timer
+ d->config[0x34] = 0x00; // capabilities_pointer
+ return 0;
+}
+
+static void unin_main_pci_host_class_init(ObjectClass *klass, void *data)
+{
+ PCIDeviceClass *k = PCI_DEVICE_CLASS(klass);
+
+ k->init = unin_main_pci_host_init;
+ k->vendor_id = PCI_VENDOR_ID_APPLE;
+ k->device_id = PCI_DEVICE_ID_APPLE_UNI_N_PCI;
+ k->revision = 0x00;
+ k->class_id = PCI_CLASS_BRIDGE_HOST;
+}
+
+static const TypeInfo unin_main_pci_host_info = {
+ .name = "uni-north-pci",
+ .parent = TYPE_PCI_DEVICE,
+ .instance_size = sizeof(PCIDevice),
+ .class_init = unin_main_pci_host_class_init,
+};
+
+static void u3_agp_pci_host_class_init(ObjectClass *klass, void *data)
+{
+ PCIDeviceClass *k = PCI_DEVICE_CLASS(klass);
+
+ k->init = u3_agp_pci_host_init;
+ k->vendor_id = PCI_VENDOR_ID_APPLE;
+ k->device_id = PCI_DEVICE_ID_APPLE_U3_AGP;
+ k->revision = 0x00;
+ k->class_id = PCI_CLASS_BRIDGE_HOST;
+}
+
+static const TypeInfo u3_agp_pci_host_info = {
+ .name = "u3-agp",
+ .parent = TYPE_PCI_DEVICE,
+ .instance_size = sizeof(PCIDevice),
+ .class_init = u3_agp_pci_host_class_init,
+};
+
+static void unin_agp_pci_host_class_init(ObjectClass *klass, void *data)
+{
+ PCIDeviceClass *k = PCI_DEVICE_CLASS(klass);
+
+ k->init = unin_agp_pci_host_init;
+ k->vendor_id = PCI_VENDOR_ID_APPLE;
+ k->device_id = PCI_DEVICE_ID_APPLE_UNI_N_AGP;
+ k->revision = 0x00;
+ k->class_id = PCI_CLASS_BRIDGE_HOST;
+}
+
+static const TypeInfo unin_agp_pci_host_info = {
+ .name = "uni-north-agp",
+ .parent = TYPE_PCI_DEVICE,
+ .instance_size = sizeof(PCIDevice),
+ .class_init = unin_agp_pci_host_class_init,
+};
+
+static void unin_internal_pci_host_class_init(ObjectClass *klass, void *data)
+{
+ PCIDeviceClass *k = PCI_DEVICE_CLASS(klass);
+
+ k->init = unin_internal_pci_host_init;
+ k->vendor_id = PCI_VENDOR_ID_APPLE;
+ k->device_id = PCI_DEVICE_ID_APPLE_UNI_N_I_PCI;
+ k->revision = 0x00;
+ k->class_id = PCI_CLASS_BRIDGE_HOST;
+}
+
+static const TypeInfo unin_internal_pci_host_info = {
+ .name = "uni-north-internal-pci",
+ .parent = TYPE_PCI_DEVICE,
+ .instance_size = sizeof(PCIDevice),
+ .class_init = unin_internal_pci_host_class_init,
+};
+
+static void pci_unin_main_class_init(ObjectClass *klass, void *data)
+{
+ SysBusDeviceClass *sbc = SYS_BUS_DEVICE_CLASS(klass);
+
+ sbc->init = pci_unin_main_init_device;
+}
+
+static const TypeInfo pci_unin_main_info = {
+ .name = TYPE_UNI_NORTH_PCI_HOST_BRIDGE,
+ .parent = TYPE_PCI_HOST_BRIDGE,
+ .instance_size = sizeof(UNINState),
+ .class_init = pci_unin_main_class_init,
+};
+
+static void pci_u3_agp_class_init(ObjectClass *klass, void *data)
+{
+ SysBusDeviceClass *sbc = SYS_BUS_DEVICE_CLASS(klass);
+
+ sbc->init = pci_u3_agp_init_device;
+}
+
+static const TypeInfo pci_u3_agp_info = {
+ .name = TYPE_U3_AGP_HOST_BRIDGE,
+ .parent = TYPE_PCI_HOST_BRIDGE,
+ .instance_size = sizeof(UNINState),
+ .class_init = pci_u3_agp_class_init,
+};
+
+static void pci_unin_agp_class_init(ObjectClass *klass, void *data)
+{
+ SysBusDeviceClass *sbc = SYS_BUS_DEVICE_CLASS(klass);
+
+ sbc->init = pci_unin_agp_init_device;
+}
+
+static const TypeInfo pci_unin_agp_info = {
+ .name = TYPE_UNI_NORTH_AGP_HOST_BRIDGE,
+ .parent = TYPE_PCI_HOST_BRIDGE,
+ .instance_size = sizeof(UNINState),
+ .class_init = pci_unin_agp_class_init,
+};
+
+static void pci_unin_internal_class_init(ObjectClass *klass, void *data)
+{
+ SysBusDeviceClass *sbc = SYS_BUS_DEVICE_CLASS(klass);
+
+ sbc->init = pci_unin_internal_init_device;
+}
+
+static const TypeInfo pci_unin_internal_info = {
+ .name = TYPE_UNI_NORTH_INTERNAL_PCI_HOST_BRIDGE,
+ .parent = TYPE_PCI_HOST_BRIDGE,
+ .instance_size = sizeof(UNINState),
+ .class_init = pci_unin_internal_class_init,
+};
+
+static void unin_register_types(void)
+{
+ type_register_static(&unin_main_pci_host_info);
+ type_register_static(&u3_agp_pci_host_info);
+ type_register_static(&unin_agp_pci_host_info);
+ type_register_static(&unin_internal_pci_host_info);
+
+ type_register_static(&pci_unin_main_info);
+ type_register_static(&pci_u3_agp_info);
+ type_register_static(&pci_unin_agp_info);
+ type_register_static(&pci_unin_internal_info);
+}
+
+type_init(unin_register_types)
diff --git a/hw/pci-host/versatile.c b/hw/pci-host/versatile.c
new file mode 100644
index 000000000..9238d39b0
--- /dev/null
+++ b/hw/pci-host/versatile.c
@@ -0,0 +1,532 @@
+/*
+ * ARM Versatile/PB PCI host controller
+ *
+ * Copyright (c) 2006-2009 CodeSourcery.
+ * Written by Paul Brook
+ *
+ * This code is licensed under the LGPL.
+ */
+
+#include "hw/sysbus.h"
+#include "hw/pci/pci.h"
+#include "hw/pci/pci_bus.h"
+#include "hw/pci/pci_host.h"
+#include "exec/address-spaces.h"
+
+/* Old and buggy versions of QEMU used the wrong mapping from
+ * PCI IRQs to system interrupt lines. Unfortunately the Linux
+ * kernel also had the corresponding bug in setting up interrupts
+ * (so older kernels work on QEMU and not on real hardware).
+ * We automatically detect these broken kernels and flip back
+ * to the broken irq mapping by spotting guest writes to the
+ * PCI_INTERRUPT_LINE register to see where the guest thinks
+ * interrupts are going to be routed. So we start in state
+ * ASSUME_OK on reset, and transition to either BROKEN or
+ * FORCE_OK at the first write to an INTERRUPT_LINE register for
+ * a slot where broken and correct interrupt mapping would differ.
+ * Once in either BROKEN or FORCE_OK we never transition again;
+ * this allows a newer kernel to use the INTERRUPT_LINE
+ * registers arbitrarily once it has indicated that it isn't
+ * broken in its init code somewhere.
+ *
+ * Unfortunately we have to cope with multiple different
+ * variants on the broken kernel behaviour:
+ * phase I (before kernel commit 1bc39ac5d) kernels assume old
+ * QEMU behaviour, so they use IRQ 27 for all slots
+ * phase II (1bc39ac5d and later, but before e3e92a7be6) kernels
+ * swizzle IRQs between slots, but do it wrongly, so they
+ * work only for every fourth PCI card, and only if (like old
+ * QEMU) the PCI host device is at slot 0 rather than where
+ * the h/w actually puts it
+ * phase III (e3e92a7be6 and later) kernels still swizzle IRQs between
+ * slots wrongly, but add a fixed offset of 64 to everything
+ * they write to PCI_INTERRUPT_LINE.
+ *
+ * We live in hope of a mythical phase IV kernel which might
+ * actually behave in ways that work on the hardware. Such a
+ * kernel should probably start off by writing some value neither
+ * 27 nor 91 to slot zero's PCI_INTERRUPT_LINE register to
+ * disable the autodetection. After that it can do what it likes.
+ *
+ * Slot % 4 | hw | I | II | III
+ * -------------------------------
+ * 0 | 29 | 27 | 27 | 91
+ * 1 | 30 | 27 | 28 | 92
+ * 2 | 27 | 27 | 29 | 93
+ * 3 | 28 | 27 | 30 | 94
+ *
+ * Since our autodetection is not perfect we also provide a
+ * property so the user can make us start in BROKEN or FORCE_OK
+ * on reset if they know they have a bad or good kernel.
+ */
+enum {
+ PCI_VPB_IRQMAP_ASSUME_OK,
+ PCI_VPB_IRQMAP_BROKEN,
+ PCI_VPB_IRQMAP_FORCE_OK,
+};
+
+typedef struct {
+ PCIHostState parent_obj;
+
+ qemu_irq irq[4];
+ MemoryRegion controlregs;
+ MemoryRegion mem_config;
+ MemoryRegion mem_config2;
+ /* Containers representing the PCI address spaces */
+ MemoryRegion pci_io_space;
+ MemoryRegion pci_mem_space;
+ /* Alias regions into PCI address spaces which we expose as sysbus regions.
+ * The offsets into pci_mem_space are controlled by the imap registers.
+ */
+ MemoryRegion pci_io_window;
+ MemoryRegion pci_mem_window[3];
+ PCIBus pci_bus;
+ PCIDevice pci_dev;
+
+ /* Constant for life of device: */
+ int realview;
+ uint32_t mem_win_size[3];
+ uint8_t irq_mapping_prop;
+
+ /* Variable state: */
+ uint32_t imap[3];
+ uint32_t smap[3];
+ uint32_t selfid;
+ uint32_t flags;
+ uint8_t irq_mapping;
+} PCIVPBState;
+
+static void pci_vpb_update_window(PCIVPBState *s, int i)
+{
+ /* Adjust the offset of the alias region we use for
+ * the memory window i to account for a change in the
+ * value of the corresponding IMAP register.
+ * Note that the semantics of the IMAP register differ
+ * for realview and versatile variants of the controller.
+ */
+ hwaddr offset;
+ if (s->realview) {
+ /* Top bits of register (masked according to window size) provide
+ * top bits of PCI address.
+ */
+ offset = s->imap[i] & ~(s->mem_win_size[i] - 1);
+ } else {
+ /* Bottom 4 bits of register provide top 4 bits of PCI address */
+ offset = s->imap[i] << 28;
+ }
+ memory_region_set_alias_offset(&s->pci_mem_window[i], offset);
+}
+
+static void pci_vpb_update_all_windows(PCIVPBState *s)
+{
+ /* Update all alias windows based on the current register state */
+ int i;
+
+ for (i = 0; i < 3; i++) {
+ pci_vpb_update_window(s, i);
+ }
+}
+
+static int pci_vpb_post_load(void *opaque, int version_id)
+{
+ PCIVPBState *s = opaque;
+ pci_vpb_update_all_windows(s);
+ return 0;
+}
+
+static const VMStateDescription pci_vpb_vmstate = {
+ .name = "versatile-pci",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .post_load = pci_vpb_post_load,
+ .fields = (VMStateField[]) {
+ VMSTATE_UINT32_ARRAY(imap, PCIVPBState, 3),
+ VMSTATE_UINT32_ARRAY(smap, PCIVPBState, 3),
+ VMSTATE_UINT32(selfid, PCIVPBState),
+ VMSTATE_UINT32(flags, PCIVPBState),
+ VMSTATE_UINT8(irq_mapping, PCIVPBState),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+#define TYPE_VERSATILE_PCI "versatile_pci"
+#define PCI_VPB(obj) \
+ OBJECT_CHECK(PCIVPBState, (obj), TYPE_VERSATILE_PCI)
+
+#define TYPE_VERSATILE_PCI_HOST "versatile_pci_host"
+#define PCI_VPB_HOST(obj) \
+ OBJECT_CHECK(PCIDevice, (obj), TYPE_VERSATILE_PCIHOST)
+
+typedef enum {
+ PCI_IMAP0 = 0x0,
+ PCI_IMAP1 = 0x4,
+ PCI_IMAP2 = 0x8,
+ PCI_SELFID = 0xc,
+ PCI_FLAGS = 0x10,
+ PCI_SMAP0 = 0x14,
+ PCI_SMAP1 = 0x18,
+ PCI_SMAP2 = 0x1c,
+} PCIVPBControlRegs;
+
+static void pci_vpb_reg_write(void *opaque, hwaddr addr,
+ uint64_t val, unsigned size)
+{
+ PCIVPBState *s = opaque;
+
+ switch (addr) {
+ case PCI_IMAP0:
+ case PCI_IMAP1:
+ case PCI_IMAP2:
+ {
+ int win = (addr - PCI_IMAP0) >> 2;
+ s->imap[win] = val;
+ pci_vpb_update_window(s, win);
+ break;
+ }
+ case PCI_SELFID:
+ s->selfid = val;
+ break;
+ case PCI_FLAGS:
+ s->flags = val;
+ break;
+ case PCI_SMAP0:
+ case PCI_SMAP1:
+ case PCI_SMAP2:
+ {
+ int win = (addr - PCI_SMAP0) >> 2;
+ s->smap[win] = val;
+ break;
+ }
+ default:
+ qemu_log_mask(LOG_GUEST_ERROR,
+ "pci_vpb_reg_write: Bad offset %x\n", (int)addr);
+ break;
+ }
+}
+
+static uint64_t pci_vpb_reg_read(void *opaque, hwaddr addr,
+ unsigned size)
+{
+ PCIVPBState *s = opaque;
+
+ switch (addr) {
+ case PCI_IMAP0:
+ case PCI_IMAP1:
+ case PCI_IMAP2:
+ {
+ int win = (addr - PCI_IMAP0) >> 2;
+ return s->imap[win];
+ }
+ case PCI_SELFID:
+ return s->selfid;
+ case PCI_FLAGS:
+ return s->flags;
+ case PCI_SMAP0:
+ case PCI_SMAP1:
+ case PCI_SMAP2:
+ {
+ int win = (addr - PCI_SMAP0) >> 2;
+ return s->smap[win];
+ }
+ default:
+ qemu_log_mask(LOG_GUEST_ERROR,
+ "pci_vpb_reg_read: Bad offset %x\n", (int)addr);
+ return 0;
+ }
+}
+
+static const MemoryRegionOps pci_vpb_reg_ops = {
+ .read = pci_vpb_reg_read,
+ .write = pci_vpb_reg_write,
+ .endianness = DEVICE_NATIVE_ENDIAN,
+ .valid = {
+ .min_access_size = 4,
+ .max_access_size = 4,
+ },
+};
+
+static int pci_vpb_broken_irq(int slot, int irq)
+{
+ /* Determine whether this IRQ value for this slot represents a
+ * known broken Linux kernel behaviour for this slot.
+ * Return one of the PCI_VPB_IRQMAP_ constants:
+ * BROKEN : if this definitely looks like a broken kernel
+ * FORCE_OK : if this definitely looks good
+ * ASSUME_OK : if we can't tell
+ */
+ slot %= PCI_NUM_PINS;
+
+ if (irq == 27) {
+ if (slot == 2) {
+ /* Might be a Phase I kernel, or might be a fixed kernel,
+ * since slot 2 is where we expect this IRQ.
+ */
+ return PCI_VPB_IRQMAP_ASSUME_OK;
+ }
+ /* Phase I kernel */
+ return PCI_VPB_IRQMAP_BROKEN;
+ }
+ if (irq == slot + 27) {
+ /* Phase II kernel */
+ return PCI_VPB_IRQMAP_BROKEN;
+ }
+ if (irq == slot + 27 + 64) {
+ /* Phase III kernel */
+ return PCI_VPB_IRQMAP_BROKEN;
+ }
+ /* Anything else must be a fixed kernel, possibly using an
+ * arbitrary irq map.
+ */
+ return PCI_VPB_IRQMAP_FORCE_OK;
+}
+
+static void pci_vpb_config_write(void *opaque, hwaddr addr,
+ uint64_t val, unsigned size)
+{
+ PCIVPBState *s = opaque;
+ if (!s->realview && (addr & 0xff) == PCI_INTERRUPT_LINE
+ && s->irq_mapping == PCI_VPB_IRQMAP_ASSUME_OK) {
+ uint8_t devfn = addr >> 8;
+ s->irq_mapping = pci_vpb_broken_irq(PCI_SLOT(devfn), val);
+ }
+ pci_data_write(&s->pci_bus, addr, val, size);
+}
+
+static uint64_t pci_vpb_config_read(void *opaque, hwaddr addr,
+ unsigned size)
+{
+ PCIVPBState *s = opaque;
+ uint32_t val;
+ val = pci_data_read(&s->pci_bus, addr, size);
+ return val;
+}
+
+static const MemoryRegionOps pci_vpb_config_ops = {
+ .read = pci_vpb_config_read,
+ .write = pci_vpb_config_write,
+ .endianness = DEVICE_NATIVE_ENDIAN,
+};
+
+static int pci_vpb_map_irq(PCIDevice *d, int irq_num)
+{
+ PCIVPBState *s = container_of(d->bus, PCIVPBState, pci_bus);
+
+ if (s->irq_mapping == PCI_VPB_IRQMAP_BROKEN) {
+ /* Legacy broken IRQ mapping for compatibility with old and
+ * buggy Linux guests
+ */
+ return irq_num;
+ }
+
+ /* Slot to IRQ mapping for RealView Platform Baseboard 926 backplane
+ * name slot IntA IntB IntC IntD
+ * A 31 IRQ28 IRQ29 IRQ30 IRQ27
+ * B 30 IRQ27 IRQ28 IRQ29 IRQ30
+ * C 29 IRQ30 IRQ27 IRQ28 IRQ29
+ * Slot C is for the host bridge; A and B the peripherals.
+ * Our output irqs 0..3 correspond to the baseboard's 27..30.
+ *
+ * This mapping function takes account of an oddity in the PB926
+ * board wiring, where the FPGA's P_nINTA input is connected to
+ * the INTB connection on the board PCI edge connector, P_nINTB
+ * is connected to INTC, and so on, so everything is one number
+ * further round from where you might expect.
+ */
+ return pci_swizzle_map_irq_fn(d, irq_num + 2);
+}
+
+static int pci_vpb_rv_map_irq(PCIDevice *d, int irq_num)
+{
+ /* Slot to IRQ mapping for RealView EB and PB1176 backplane
+ * name slot IntA IntB IntC IntD
+ * A 31 IRQ50 IRQ51 IRQ48 IRQ49
+ * B 30 IRQ49 IRQ50 IRQ51 IRQ48
+ * C 29 IRQ48 IRQ49 IRQ50 IRQ51
+ * Slot C is for the host bridge; A and B the peripherals.
+ * Our output irqs 0..3 correspond to the baseboard's 48..51.
+ *
+ * The PB1176 and EB boards don't have the PB926 wiring oddity
+ * described above; P_nINTA connects to INTA, P_nINTB to INTB
+ * and so on, which is why this mapping function is different.
+ */
+ return pci_swizzle_map_irq_fn(d, irq_num + 3);
+}
+
+static void pci_vpb_set_irq(void *opaque, int irq_num, int level)
+{
+ qemu_irq *pic = opaque;
+
+ qemu_set_irq(pic[irq_num], level);
+}
+
+static void pci_vpb_reset(DeviceState *d)
+{
+ PCIVPBState *s = PCI_VPB(d);
+
+ s->imap[0] = 0;
+ s->imap[1] = 0;
+ s->imap[2] = 0;
+ s->smap[0] = 0;
+ s->smap[1] = 0;
+ s->smap[2] = 0;
+ s->selfid = 0;
+ s->flags = 0;
+ s->irq_mapping = s->irq_mapping_prop;
+
+ pci_vpb_update_all_windows(s);
+}
+
+static void pci_vpb_init(Object *obj)
+{
+ PCIHostState *h = PCI_HOST_BRIDGE(obj);
+ PCIVPBState *s = PCI_VPB(obj);
+
+ memory_region_init(&s->pci_io_space, OBJECT(s), "pci_io", 1ULL << 32);
+ memory_region_init(&s->pci_mem_space, OBJECT(s), "pci_mem", 1ULL << 32);
+
+ pci_bus_new_inplace(&s->pci_bus, DEVICE(obj), "pci",
+ &s->pci_mem_space, &s->pci_io_space,
+ PCI_DEVFN(11, 0), TYPE_PCI_BUS);
+ h->bus = &s->pci_bus;
+
+ object_initialize(&s->pci_dev, TYPE_VERSATILE_PCI_HOST);
+ qdev_set_parent_bus(DEVICE(&s->pci_dev), BUS(&s->pci_bus));
+
+ /* Window sizes for VersatilePB; realview_pci's init will override */
+ s->mem_win_size[0] = 0x0c000000;
+ s->mem_win_size[1] = 0x10000000;
+ s->mem_win_size[2] = 0x10000000;
+}
+
+static void pci_vpb_realize(DeviceState *dev, Error **errp)
+{
+ PCIVPBState *s = PCI_VPB(dev);
+ SysBusDevice *sbd = SYS_BUS_DEVICE(dev);
+ pci_map_irq_fn mapfn;
+ int i;
+
+ for (i = 0; i < 4; i++) {
+ sysbus_init_irq(sbd, &s->irq[i]);
+ }
+
+ if (s->realview) {
+ mapfn = pci_vpb_rv_map_irq;
+ } else {
+ mapfn = pci_vpb_map_irq;
+ }
+
+ pci_bus_irqs(&s->pci_bus, pci_vpb_set_irq, mapfn, s->irq, 4);
+
+ /* Our memory regions are:
+ * 0 : our control registers
+ * 1 : PCI self config window
+ * 2 : PCI config window
+ * 3 : PCI IO window
+ * 4..6 : PCI memory windows
+ */
+ memory_region_init_io(&s->controlregs, OBJECT(s), &pci_vpb_reg_ops, s,
+ "pci-vpb-regs", 0x1000);
+ sysbus_init_mmio(sbd, &s->controlregs);
+ memory_region_init_io(&s->mem_config, OBJECT(s), &pci_vpb_config_ops, s,
+ "pci-vpb-selfconfig", 0x1000000);
+ sysbus_init_mmio(sbd, &s->mem_config);
+ memory_region_init_io(&s->mem_config2, OBJECT(s), &pci_vpb_config_ops, s,
+ "pci-vpb-config", 0x1000000);
+ sysbus_init_mmio(sbd, &s->mem_config2);
+
+ /* The window into I/O space is always into a fixed base address;
+ * its size is the same for both realview and versatile.
+ */
+ memory_region_init_alias(&s->pci_io_window, OBJECT(s), "pci-vbp-io-window",
+ &s->pci_io_space, 0, 0x100000);
+
+ sysbus_init_mmio(sbd, &s->pci_io_space);
+
+ /* Create the alias regions corresponding to our three windows onto
+ * PCI memory space. The sizes vary from board to board; the base
+ * offsets are guest controllable via the IMAP registers.
+ */
+ for (i = 0; i < 3; i++) {
+ memory_region_init_alias(&s->pci_mem_window[i], OBJECT(s), "pci-vbp-window",
+ &s->pci_mem_space, 0, s->mem_win_size[i]);
+ sysbus_init_mmio(sbd, &s->pci_mem_window[i]);
+ }
+
+ /* TODO Remove once realize propagates to child devices. */
+ object_property_set_bool(OBJECT(&s->pci_dev), true, "realized", errp);
+}
+
+static int versatile_pci_host_init(PCIDevice *d)
+{
+ pci_set_word(d->config + PCI_STATUS,
+ PCI_STATUS_66MHZ | PCI_STATUS_DEVSEL_MEDIUM);
+ pci_set_byte(d->config + PCI_LATENCY_TIMER, 0x10);
+ return 0;
+}
+
+static void versatile_pci_host_class_init(ObjectClass *klass, void *data)
+{
+ PCIDeviceClass *k = PCI_DEVICE_CLASS(klass);
+
+ k->init = versatile_pci_host_init;
+ k->vendor_id = PCI_VENDOR_ID_XILINX;
+ k->device_id = PCI_DEVICE_ID_XILINX_XC2VP30;
+ k->class_id = PCI_CLASS_PROCESSOR_CO;
+}
+
+static const TypeInfo versatile_pci_host_info = {
+ .name = TYPE_VERSATILE_PCI_HOST,
+ .parent = TYPE_PCI_DEVICE,
+ .instance_size = sizeof(PCIDevice),
+ .class_init = versatile_pci_host_class_init,
+};
+
+static Property pci_vpb_properties[] = {
+ DEFINE_PROP_UINT8("broken-irq-mapping", PCIVPBState, irq_mapping_prop,
+ PCI_VPB_IRQMAP_ASSUME_OK),
+ DEFINE_PROP_END_OF_LIST()
+};
+
+static void pci_vpb_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+
+ dc->realize = pci_vpb_realize;
+ dc->reset = pci_vpb_reset;
+ dc->vmsd = &pci_vpb_vmstate;
+ dc->props = pci_vpb_properties;
+}
+
+static const TypeInfo pci_vpb_info = {
+ .name = TYPE_VERSATILE_PCI,
+ .parent = TYPE_PCI_HOST_BRIDGE,
+ .instance_size = sizeof(PCIVPBState),
+ .instance_init = pci_vpb_init,
+ .class_init = pci_vpb_class_init,
+};
+
+static void pci_realview_init(Object *obj)
+{
+ PCIVPBState *s = PCI_VPB(obj);
+
+ s->realview = 1;
+ /* The PCI window sizes are different on Realview boards */
+ s->mem_win_size[0] = 0x01000000;
+ s->mem_win_size[1] = 0x04000000;
+ s->mem_win_size[2] = 0x08000000;
+}
+
+static const TypeInfo pci_realview_info = {
+ .name = "realview_pci",
+ .parent = TYPE_VERSATILE_PCI,
+ .instance_init = pci_realview_init,
+};
+
+static void versatile_pci_register_types(void)
+{
+ type_register_static(&pci_vpb_info);
+ type_register_static(&pci_realview_info);
+ type_register_static(&versatile_pci_host_info);
+}
+
+type_init(versatile_pci_register_types)
diff --git a/hw/pci-hotplug.c b/hw/pci-hotplug.c
deleted file mode 100644
index 0ca5546fc..000000000
--- a/hw/pci-hotplug.c
+++ /dev/null
@@ -1,293 +0,0 @@
-/*
- * QEMU PCI hotplug support
- *
- * Copyright (c) 2004 Fabrice Bellard
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
- * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
- * THE SOFTWARE.
- */
-
-#include "hw.h"
-#include "boards.h"
-#include "pci.h"
-#include "net.h"
-#include "pc.h"
-#include "monitor.h"
-#include "scsi.h"
-#include "virtio-blk.h"
-#include "qemu-config.h"
-#include "blockdev.h"
-#include "error.h"
-
-#if defined(TARGET_I386)
-static PCIDevice *qemu_pci_hot_add_nic(Monitor *mon,
- const char *devaddr,
- const char *opts_str)
-{
- Error *local_err = NULL;
- QemuOpts *opts;
- PCIBus *bus;
- int ret, devfn;
-
- bus = pci_get_bus_devfn(&devfn, devaddr);
- if (!bus) {
- monitor_printf(mon, "Invalid PCI device address %s\n", devaddr);
- return NULL;
- }
- if (!((BusState*)bus)->allow_hotplug) {
- monitor_printf(mon, "PCI bus doesn't support hotplug\n");
- return NULL;
- }
-
- opts = qemu_opts_parse(qemu_find_opts("net"), opts_str ? opts_str : "", 0);
- if (!opts) {
- return NULL;
- }
-
- qemu_opt_set(opts, "type", "nic");
-
- ret = net_client_init(opts, 0, &local_err);
- if (error_is_set(&local_err)) {
- qerror_report_err(local_err);
- error_free(local_err);
- return NULL;
- }
- if (nd_table[ret].devaddr) {
- monitor_printf(mon, "Parameter addr not supported\n");
- return NULL;
- }
- return pci_nic_init(&nd_table[ret], "rtl8139", devaddr);
-}
-
-static int scsi_hot_add(Monitor *mon, DeviceState *adapter,
- DriveInfo *dinfo, int printinfo)
-{
- SCSIBus *scsibus;
- SCSIDevice *scsidev;
-
- scsibus = (SCSIBus *)
- object_dynamic_cast(OBJECT(QLIST_FIRST(&adapter->child_bus)),
- TYPE_SCSI_BUS);
- if (!scsibus) {
- error_report("Device is not a SCSI adapter");
- return -1;
- }
-
- /*
- * drive_init() tries to find a default for dinfo->unit. Doesn't
- * work at all for hotplug though as we assign the device to a
- * specific bus instead of the first bus with spare scsi ids.
- *
- * Ditch the calculated value and reload from option string (if
- * specified).
- */
- dinfo->unit = qemu_opt_get_number(dinfo->opts, "unit", -1);
- dinfo->bus = scsibus->busnr;
- scsidev = scsi_bus_legacy_add_drive(scsibus, dinfo->bdrv, dinfo->unit,
- false, -1);
- if (!scsidev) {
- return -1;
- }
- dinfo->unit = scsidev->id;
-
- if (printinfo)
- monitor_printf(mon, "OK bus %d, unit %d\n",
- scsibus->busnr, scsidev->id);
- return 0;
-}
-
-int pci_drive_hot_add(Monitor *mon, const QDict *qdict,
- DriveInfo *dinfo, int type)
-{
- int dom, pci_bus;
- unsigned slot;
- PCIDevice *dev;
- const char *pci_addr = qdict_get_str(qdict, "pci_addr");
-
- switch (type) {
- case IF_SCSI:
- if (pci_read_devaddr(mon, pci_addr, &dom, &pci_bus, &slot)) {
- goto err;
- }
- dev = pci_find_device(pci_find_root_bus(dom), pci_bus,
- PCI_DEVFN(slot, 0));
- if (!dev) {
- monitor_printf(mon, "no pci device with address %s\n", pci_addr);
- goto err;
- }
- if (scsi_hot_add(mon, &dev->qdev, dinfo, 1) != 0) {
- goto err;
- }
- break;
- default:
- monitor_printf(mon, "Can't hot-add drive to type %d\n", type);
- goto err;
- }
-
- return 0;
-err:
- return -1;
-}
-
-static PCIDevice *qemu_pci_hot_add_storage(Monitor *mon,
- const char *devaddr,
- const char *opts)
-{
- PCIDevice *dev;
- DriveInfo *dinfo = NULL;
- int type = -1;
- char buf[128];
- PCIBus *bus;
- int devfn;
-
- if (get_param_value(buf, sizeof(buf), "if", opts)) {
- if (!strcmp(buf, "scsi"))
- type = IF_SCSI;
- else if (!strcmp(buf, "virtio")) {
- type = IF_VIRTIO;
- } else {
- monitor_printf(mon, "type %s not a hotpluggable PCI device.\n", buf);
- return NULL;
- }
- } else {
- monitor_printf(mon, "no if= specified\n");
- return NULL;
- }
-
- if (get_param_value(buf, sizeof(buf), "file", opts)) {
- dinfo = add_init_drive(opts);
- if (!dinfo)
- return NULL;
- if (dinfo->devaddr) {
- monitor_printf(mon, "Parameter addr not supported\n");
- return NULL;
- }
- } else {
- dinfo = NULL;
- }
-
- bus = pci_get_bus_devfn(&devfn, devaddr);
- if (!bus) {
- monitor_printf(mon, "Invalid PCI device address %s\n", devaddr);
- return NULL;
- }
- if (!((BusState*)bus)->allow_hotplug) {
- monitor_printf(mon, "PCI bus doesn't support hotplug\n");
- return NULL;
- }
-
- switch (type) {
- case IF_SCSI:
- dev = pci_create(bus, devfn, "lsi53c895a");
- if (qdev_init(&dev->qdev) < 0)
- dev = NULL;
- if (dev && dinfo) {
- if (scsi_hot_add(mon, &dev->qdev, dinfo, 0) != 0) {
- qdev_unplug(&dev->qdev, NULL);
- dev = NULL;
- }
- }
- break;
- case IF_VIRTIO:
- if (!dinfo) {
- monitor_printf(mon, "virtio requires a backing file/device.\n");
- return NULL;
- }
- dev = pci_create(bus, devfn, "virtio-blk-pci");
- if (qdev_prop_set_drive(&dev->qdev, "drive", dinfo->bdrv) < 0) {
- qdev_free(&dev->qdev);
- dev = NULL;
- break;
- }
- if (qdev_init(&dev->qdev) < 0)
- dev = NULL;
- break;
- default:
- dev = NULL;
- }
- return dev;
-}
-
-void pci_device_hot_add(Monitor *mon, const QDict *qdict)
-{
- PCIDevice *dev = NULL;
- const char *pci_addr = qdict_get_str(qdict, "pci_addr");
- const char *type = qdict_get_str(qdict, "type");
- const char *opts = qdict_get_try_str(qdict, "opts");
-
- /* strip legacy tag */
- if (!strncmp(pci_addr, "pci_addr=", 9)) {
- pci_addr += 9;
- }
-
- if (!opts) {
- opts = "";
- }
-
- if (!strcmp(pci_addr, "auto"))
- pci_addr = NULL;
-
- if (strcmp(type, "nic") == 0) {
- dev = qemu_pci_hot_add_nic(mon, pci_addr, opts);
- } else if (strcmp(type, "storage") == 0) {
- dev = qemu_pci_hot_add_storage(mon, pci_addr, opts);
- } else {
- monitor_printf(mon, "invalid type: %s\n", type);
- }
-
- if (dev) {
- monitor_printf(mon, "OK domain %d, bus %d, slot %d, function %d\n",
- pci_find_domain(dev->bus),
- pci_bus_num(dev->bus), PCI_SLOT(dev->devfn),
- PCI_FUNC(dev->devfn));
- } else
- monitor_printf(mon, "failed to add %s\n", opts);
-}
-#endif
-
-static int pci_device_hot_remove(Monitor *mon, const char *pci_addr)
-{
- PCIDevice *d;
- int dom, bus;
- unsigned slot;
- Error *local_err = NULL;
-
- if (pci_read_devaddr(mon, pci_addr, &dom, &bus, &slot)) {
- return -1;
- }
-
- d = pci_find_device(pci_find_root_bus(dom), bus, PCI_DEVFN(slot, 0));
- if (!d) {
- monitor_printf(mon, "slot %d empty\n", slot);
- return -1;
- }
-
- qdev_unplug(&d->qdev, &local_err);
- if (error_is_set(&local_err)) {
- monitor_printf(mon, "%s\n", error_get_pretty(local_err));
- error_free(local_err);
- return -1;
- }
-
- return 0;
-}
-
-void do_pci_device_hot_remove(Monitor *mon, const QDict *qdict)
-{
- pci_device_hot_remove(mon, qdict_get_str(qdict, "pci_addr"));
-}
diff --git a/hw/pci-stub.c b/hw/pci-stub.c
deleted file mode 100644
index 134c4484b..000000000
--- a/hw/pci-stub.c
+++ /dev/null
@@ -1,47 +0,0 @@
-/*
- * PCI stubs for platforms that don't support pci bus.
- *
- * Copyright (c) 2010 Isaku Yamahata <yamahata at valinux co jp>
- * VA Linux Systems Japan K.K.
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, see <http://www.gnu.org/licenses/>.
- */
-
-#include "sysemu.h"
-#include "monitor.h"
-#include "pci.h"
-#include "qmp-commands.h"
-
-PciInfoList *qmp_query_pci(Error **errp)
-{
- error_set(errp, QERR_UNSUPPORTED);
- return NULL;
-}
-
-static void pci_error_message(Monitor *mon)
-{
- monitor_printf(mon, "PCI devices not supported\n");
-}
-
-int do_pcie_aer_inject_error(Monitor *mon,
- const QDict *qdict, QObject **ret_data)
-{
- pci_error_message(mon);
- return -ENOSYS;
-}
-
-void pcie_aer_inject_error_print(Monitor *mon, const QObject *data)
-{
- pci_error_message(mon);
-}
diff --git a/hw/pci.c b/hw/pci.c
deleted file mode 100644
index 97a0cd77c..000000000
--- a/hw/pci.c
+++ /dev/null
@@ -1,2168 +0,0 @@
-/*
- * QEMU PCI bus manager
- *
- * Copyright (c) 2004 Fabrice Bellard
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
- * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
- * THE SOFTWARE.
- */
-#include "hw.h"
-#include "pci.h"
-#include "pci_bridge.h"
-#include "pci_internals.h"
-#include "monitor.h"
-#include "net.h"
-#include "sysemu.h"
-#include "loader.h"
-#include "range.h"
-#include "qmp-commands.h"
-#include "msi.h"
-#include "msix.h"
-#include "exec-memory.h"
-
-//#define DEBUG_PCI
-#ifdef DEBUG_PCI
-# define PCI_DPRINTF(format, ...) printf(format, ## __VA_ARGS__)
-#else
-# define PCI_DPRINTF(format, ...) do { } while (0)
-#endif
-
-static void pcibus_dev_print(Monitor *mon, DeviceState *dev, int indent);
-static char *pcibus_get_dev_path(DeviceState *dev);
-static char *pcibus_get_fw_dev_path(DeviceState *dev);
-static int pcibus_reset(BusState *qbus);
-
-static Property pci_props[] = {
- DEFINE_PROP_PCI_DEVFN("addr", PCIDevice, devfn, -1),
- DEFINE_PROP_STRING("romfile", PCIDevice, romfile),
- DEFINE_PROP_UINT32("rombar", PCIDevice, rom_bar, 1),
- DEFINE_PROP_BIT("multifunction", PCIDevice, cap_present,
- QEMU_PCI_CAP_MULTIFUNCTION_BITNR, false),
- DEFINE_PROP_BIT("command_serr_enable", PCIDevice, cap_present,
- QEMU_PCI_CAP_SERR_BITNR, true),
- DEFINE_PROP_END_OF_LIST()
-};
-
-static void pci_bus_class_init(ObjectClass *klass, void *data)
-{
- BusClass *k = BUS_CLASS(klass);
-
- k->print_dev = pcibus_dev_print;
- k->get_dev_path = pcibus_get_dev_path;
- k->get_fw_dev_path = pcibus_get_fw_dev_path;
- k->reset = pcibus_reset;
-}
-
-static const TypeInfo pci_bus_info = {
- .name = TYPE_PCI_BUS,
- .parent = TYPE_BUS,
- .instance_size = sizeof(PCIBus),
- .class_init = pci_bus_class_init,
-};
-
-static PCIBus *pci_find_bus_nr(PCIBus *bus, int bus_num);
-static void pci_update_mappings(PCIDevice *d);
-static void pci_set_irq(void *opaque, int irq_num, int level);
-static int pci_add_option_rom(PCIDevice *pdev, bool is_default_rom);
-static void pci_del_option_rom(PCIDevice *pdev);
-
-static uint16_t pci_default_sub_vendor_id = PCI_SUBVENDOR_ID_REDHAT_QUMRANET;
-static uint16_t pci_default_sub_device_id = PCI_SUBDEVICE_ID_QEMU;
-
-struct PCIHostBus {
- int domain;
- struct PCIBus *bus;
- QLIST_ENTRY(PCIHostBus) next;
-};
-static QLIST_HEAD(, PCIHostBus) host_buses;
-
-static const VMStateDescription vmstate_pcibus = {
- .name = "PCIBUS",
- .version_id = 1,
- .minimum_version_id = 1,
- .minimum_version_id_old = 1,
- .fields = (VMStateField []) {
- VMSTATE_INT32_EQUAL(nirq, PCIBus),
- VMSTATE_VARRAY_INT32(irq_count, PCIBus, nirq, 0, vmstate_info_int32, int32_t),
- VMSTATE_END_OF_LIST()
- }
-};
-static int pci_bar(PCIDevice *d, int reg)
-{
- uint8_t type;
-
- if (reg != PCI_ROM_SLOT)
- return PCI_BASE_ADDRESS_0 + reg * 4;
-
- type = d->config[PCI_HEADER_TYPE] & ~PCI_HEADER_TYPE_MULTI_FUNCTION;
- return type == PCI_HEADER_TYPE_BRIDGE ? PCI_ROM_ADDRESS1 : PCI_ROM_ADDRESS;
-}
-
-static inline int pci_irq_state(PCIDevice *d, int irq_num)
-{
- return (d->irq_state >> irq_num) & 0x1;
-}
-
-static inline void pci_set_irq_state(PCIDevice *d, int irq_num, int level)
-{
- d->irq_state &= ~(0x1 << irq_num);
- d->irq_state |= level << irq_num;
-}
-
-static void pci_change_irq_level(PCIDevice *pci_dev, int irq_num, int change)
-{
- PCIBus *bus;
- for (;;) {
- bus = pci_dev->bus;
- irq_num = bus->map_irq(pci_dev, irq_num);
- if (bus->set_irq)
- break;
- pci_dev = bus->parent_dev;
- }
- bus->irq_count[irq_num] += change;
- bus->set_irq(bus->irq_opaque, irq_num, bus->irq_count[irq_num] != 0);
-}
-
-int pci_bus_get_irq_level(PCIBus *bus, int irq_num)
-{
- assert(irq_num >= 0);
- assert(irq_num < bus->nirq);
- return !!bus->irq_count[irq_num];
-}
-
-/* Update interrupt status bit in config space on interrupt
- * state change. */
-static void pci_update_irq_status(PCIDevice *dev)
-{
- if (dev->irq_state) {
- dev->config[PCI_STATUS] |= PCI_STATUS_INTERRUPT;
- } else {
- dev->config[PCI_STATUS] &= ~PCI_STATUS_INTERRUPT;
- }
-}
-
-void pci_device_deassert_intx(PCIDevice *dev)
-{
- int i;
- for (i = 0; i < PCI_NUM_PINS; ++i) {
- qemu_set_irq(dev->irq[i], 0);
- }
-}
-
-/*
- * This function is called on #RST and FLR.
- * FLR if PCI_EXP_DEVCTL_BCR_FLR is set
- */
-void pci_device_reset(PCIDevice *dev)
-{
- int r;
-
- qdev_reset_all(&dev->qdev);
-
- dev->irq_state = 0;
- pci_update_irq_status(dev);
- pci_device_deassert_intx(dev);
- /* Clear all writable bits */
- pci_word_test_and_clear_mask(dev->config + PCI_COMMAND,
- pci_get_word(dev->wmask + PCI_COMMAND) |
- pci_get_word(dev->w1cmask + PCI_COMMAND));
- pci_word_test_and_clear_mask(dev->config + PCI_STATUS,
- pci_get_word(dev->wmask + PCI_STATUS) |
- pci_get_word(dev->w1cmask + PCI_STATUS));
- dev->config[PCI_CACHE_LINE_SIZE] = 0x0;
- dev->config[PCI_INTERRUPT_LINE] = 0x0;
- for (r = 0; r < PCI_NUM_REGIONS; ++r) {
- PCIIORegion *region = &dev->io_regions[r];
- if (!region->size) {
- continue;
- }
-
- if (!(region->type & PCI_BASE_ADDRESS_SPACE_IO) &&
- region->type & PCI_BASE_ADDRESS_MEM_TYPE_64) {
- pci_set_quad(dev->config + pci_bar(dev, r), region->type);
- } else {
- pci_set_long(dev->config + pci_bar(dev, r), region->type);
- }
- }
- pci_update_mappings(dev);
-
- msi_reset(dev);
- msix_reset(dev);
-}
-
-/*
- * Trigger pci bus reset under a given bus.
- * To be called on RST# assert.
- */
-void pci_bus_reset(PCIBus *bus)
-{
- int i;
-
- for (i = 0; i < bus->nirq; i++) {
- bus->irq_count[i] = 0;
- }
- for (i = 0; i < ARRAY_SIZE(bus->devices); ++i) {
- if (bus->devices[i]) {
- pci_device_reset(bus->devices[i]);
- }
- }
-}
-
-static int pcibus_reset(BusState *qbus)
-{
- pci_bus_reset(DO_UPCAST(PCIBus, qbus, qbus));
-
- /* topology traverse is done by pci_bus_reset().
- Tell qbus/qdev walker not to traverse the tree */
- return 1;
-}
-
-static void pci_host_bus_register(int domain, PCIBus *bus)
-{
- struct PCIHostBus *host;
- host = g_malloc0(sizeof(*host));
- host->domain = domain;
- host->bus = bus;
- QLIST_INSERT_HEAD(&host_buses, host, next);
-}
-
-PCIBus *pci_find_root_bus(int domain)
-{
- struct PCIHostBus *host;
-
- QLIST_FOREACH(host, &host_buses, next) {
- if (host->domain == domain) {
- return host->bus;
- }
- }
-
- return NULL;
-}
-
-int pci_find_domain(const PCIBus *bus)
-{
- PCIDevice *d;
- struct PCIHostBus *host;
-
- /* obtain root bus */
- while ((d = bus->parent_dev) != NULL) {
- bus = d->bus;
- }
-
- QLIST_FOREACH(host, &host_buses, next) {
- if (host->bus == bus) {
- return host->domain;
- }
- }
-
- abort(); /* should not be reached */
- return -1;
-}
-
-void pci_bus_new_inplace(PCIBus *bus, DeviceState *parent,
- const char *name,
- MemoryRegion *address_space_mem,
- MemoryRegion *address_space_io,
- uint8_t devfn_min)
-{
- qbus_create_inplace(&bus->qbus, TYPE_PCI_BUS, parent, name);
- assert(PCI_FUNC(devfn_min) == 0);
- bus->devfn_min = devfn_min;
- bus->address_space_mem = address_space_mem;
- bus->address_space_io = address_space_io;
-
- /* host bridge */
- QLIST_INIT(&bus->child);
- pci_host_bus_register(0, bus); /* for now only pci domain 0 is supported */
-
- vmstate_register(NULL, -1, &vmstate_pcibus, bus);
-}
-
-PCIBus *pci_bus_new(DeviceState *parent, const char *name,
- MemoryRegion *address_space_mem,
- MemoryRegion *address_space_io,
- uint8_t devfn_min)
-{
- PCIBus *bus;
-
- bus = g_malloc0(sizeof(*bus));
- pci_bus_new_inplace(bus, parent, name, address_space_mem,
- address_space_io, devfn_min);
- OBJECT(bus)->free = g_free;
- return bus;
-}
-
-void pci_bus_irqs(PCIBus *bus, pci_set_irq_fn set_irq, pci_map_irq_fn map_irq,
- void *irq_opaque, int nirq)
-{
- bus->set_irq = set_irq;
- bus->map_irq = map_irq;
- bus->irq_opaque = irq_opaque;
- bus->nirq = nirq;
- bus->irq_count = g_malloc0(nirq * sizeof(bus->irq_count[0]));
-}
-
-void pci_bus_hotplug(PCIBus *bus, pci_hotplug_fn hotplug, DeviceState *qdev)
-{
- bus->qbus.allow_hotplug = 1;
- bus->hotplug = hotplug;
- bus->hotplug_qdev = qdev;
-}
-
-PCIBus *pci_register_bus(DeviceState *parent, const char *name,
- pci_set_irq_fn set_irq, pci_map_irq_fn map_irq,
- void *irq_opaque,
- MemoryRegion *address_space_mem,
- MemoryRegion *address_space_io,
- uint8_t devfn_min, int nirq)
-{
- PCIBus *bus;
-
- bus = pci_bus_new(parent, name, address_space_mem,
- address_space_io, devfn_min);
- pci_bus_irqs(bus, set_irq, map_irq, irq_opaque, nirq);
- return bus;
-}
-
-int pci_bus_num(PCIBus *s)
-{
- if (!s->parent_dev)
- return 0; /* pci host bridge */
- return s->parent_dev->config[PCI_SECONDARY_BUS];
-}
-
-static int get_pci_config_device(QEMUFile *f, void *pv, size_t size)
-{
- PCIDevice *s = container_of(pv, PCIDevice, config);
- uint8_t *config;
- int i;
-
- assert(size == pci_config_size(s));
- config = g_malloc(size);
-
- qemu_get_buffer(f, config, size);
- for (i = 0; i < size; ++i) {
- if ((config[i] ^ s->config[i]) &
- s->cmask[i] & ~s->wmask[i] & ~s->w1cmask[i]) {
- g_free(config);
- return -EINVAL;
- }
- }
- memcpy(s->config, config, size);
-
- pci_update_mappings(s);
-
- memory_region_set_enabled(&s->bus_master_enable_region,
- pci_get_word(s->config + PCI_COMMAND)
- & PCI_COMMAND_MASTER);
-
- g_free(config);
- return 0;
-}
-
-/* just put buffer */
-static void put_pci_config_device(QEMUFile *f, void *pv, size_t size)
-{
- const uint8_t **v = pv;
- assert(size == pci_config_size(container_of(pv, PCIDevice, config)));
- qemu_put_buffer(f, *v, size);
-}
-
-static VMStateInfo vmstate_info_pci_config = {
- .name = "pci config",
- .get = get_pci_config_device,
- .put = put_pci_config_device,
-};
-
-static int get_pci_irq_state(QEMUFile *f, void *pv, size_t size)
-{
- PCIDevice *s = container_of(pv, PCIDevice, irq_state);
- uint32_t irq_state[PCI_NUM_PINS];
- int i;
- for (i = 0; i < PCI_NUM_PINS; ++i) {
- irq_state[i] = qemu_get_be32(f);
- if (irq_state[i] != 0x1 && irq_state[i] != 0) {
- fprintf(stderr, "irq state %d: must be 0 or 1.\n",
- irq_state[i]);
- return -EINVAL;
- }
- }
-
- for (i = 0; i < PCI_NUM_PINS; ++i) {
- pci_set_irq_state(s, i, irq_state[i]);
- }
-
- return 0;
-}
-
-static void put_pci_irq_state(QEMUFile *f, void *pv, size_t size)
-{
- int i;
- PCIDevice *s = container_of(pv, PCIDevice, irq_state);
-
- for (i = 0; i < PCI_NUM_PINS; ++i) {
- qemu_put_be32(f, pci_irq_state(s, i));
- }
-}
-
-static VMStateInfo vmstate_info_pci_irq_state = {
- .name = "pci irq state",
- .get = get_pci_irq_state,
- .put = put_pci_irq_state,
-};
-
-const VMStateDescription vmstate_pci_device = {
- .name = "PCIDevice",
- .version_id = 2,
- .minimum_version_id = 1,
- .minimum_version_id_old = 1,
- .fields = (VMStateField []) {
- VMSTATE_INT32_LE(version_id, PCIDevice),
- VMSTATE_BUFFER_UNSAFE_INFO(config, PCIDevice, 0,
- vmstate_info_pci_config,
- PCI_CONFIG_SPACE_SIZE),
- VMSTATE_BUFFER_UNSAFE_INFO(irq_state, PCIDevice, 2,
- vmstate_info_pci_irq_state,
- PCI_NUM_PINS * sizeof(int32_t)),
- VMSTATE_END_OF_LIST()
- }
-};
-
-const VMStateDescription vmstate_pcie_device = {
- .name = "PCIEDevice",
- .version_id = 2,
- .minimum_version_id = 1,
- .minimum_version_id_old = 1,
- .fields = (VMStateField []) {
- VMSTATE_INT32_LE(version_id, PCIDevice),
- VMSTATE_BUFFER_UNSAFE_INFO(config, PCIDevice, 0,
- vmstate_info_pci_config,
- PCIE_CONFIG_SPACE_SIZE),
- VMSTATE_BUFFER_UNSAFE_INFO(irq_state, PCIDevice, 2,
- vmstate_info_pci_irq_state,
- PCI_NUM_PINS * sizeof(int32_t)),
- VMSTATE_END_OF_LIST()
- }
-};
-
-static inline const VMStateDescription *pci_get_vmstate(PCIDevice *s)
-{
- return pci_is_express(s) ? &vmstate_pcie_device : &vmstate_pci_device;
-}
-
-void pci_device_save(PCIDevice *s, QEMUFile *f)
-{
- /* Clear interrupt status bit: it is implicit
- * in irq_state which we are saving.
- * This makes us compatible with old devices
- * which never set or clear this bit. */
- s->config[PCI_STATUS] &= ~PCI_STATUS_INTERRUPT;
- vmstate_save_state(f, pci_get_vmstate(s), s);
- /* Restore the interrupt status bit. */
- pci_update_irq_status(s);
-}
-
-int pci_device_load(PCIDevice *s, QEMUFile *f)
-{
- int ret;
- ret = vmstate_load_state(f, pci_get_vmstate(s), s, s->version_id);
- /* Restore the interrupt status bit. */
- pci_update_irq_status(s);
- return ret;
-}
-
-static void pci_set_default_subsystem_id(PCIDevice *pci_dev)
-{
- pci_set_word(pci_dev->config + PCI_SUBSYSTEM_VENDOR_ID,
- pci_default_sub_vendor_id);
- pci_set_word(pci_dev->config + PCI_SUBSYSTEM_ID,
- pci_default_sub_device_id);
-}
-
-/*
- * Parse [[<domain>:]<bus>:]<slot>, return -1 on error if funcp == NULL
- * [[<domain>:]<bus>:]<slot>.<func>, return -1 on error
- */
-static int pci_parse_devaddr(const char *addr, int *domp, int *busp,
- unsigned int *slotp, unsigned int *funcp)
-{
- const char *p;
- char *e;
- unsigned long val;
- unsigned long dom = 0, bus = 0;
- unsigned int slot = 0;
- unsigned int func = 0;
-
- p = addr;
- val = strtoul(p, &e, 16);
- if (e == p)
- return -1;
- if (*e == ':') {
- bus = val;
- p = e + 1;
- val = strtoul(p, &e, 16);
- if (e == p)
- return -1;
- if (*e == ':') {
- dom = bus;
- bus = val;
- p = e + 1;
- val = strtoul(p, &e, 16);
- if (e == p)
- return -1;
- }
- }
-
- slot = val;
-
- if (funcp != NULL) {
- if (*e != '.')
- return -1;
-
- p = e + 1;
- val = strtoul(p, &e, 16);
- if (e == p)
- return -1;
-
- func = val;
- }
-
- /* if funcp == NULL func is 0 */
- if (dom > 0xffff || bus > 0xff || slot > 0x1f || func > 7)
- return -1;
-
- if (*e)
- return -1;
-
- *domp = dom;
- *busp = bus;
- *slotp = slot;
- if (funcp != NULL)
- *funcp = func;
- return 0;
-}
-
-int pci_read_devaddr(Monitor *mon, const char *addr, int *domp, int *busp,
- unsigned *slotp)
-{
- /* strip legacy tag */
- if (!strncmp(addr, "pci_addr=", 9)) {
- addr += 9;
- }
- if (pci_parse_devaddr(addr, domp, busp, slotp, NULL)) {
- monitor_printf(mon, "Invalid pci address\n");
- return -1;
- }
- return 0;
-}
-
-PCIBus *pci_get_bus_devfn(int *devfnp, const char *devaddr)
-{
- int dom, bus;
- unsigned slot;
-
- if (!devaddr) {
- *devfnp = -1;
- return pci_find_bus_nr(pci_find_root_bus(0), 0);
- }
-
- if (pci_parse_devaddr(devaddr, &dom, &bus, &slot, NULL) < 0) {
- return NULL;
- }
-
- *devfnp = PCI_DEVFN(slot, 0);
- return pci_find_bus_nr(pci_find_root_bus(dom), bus);
-}
-
-static void pci_init_cmask(PCIDevice *dev)
-{
- pci_set_word(dev->cmask + PCI_VENDOR_ID, 0xffff);
- pci_set_word(dev->cmask + PCI_DEVICE_ID, 0xffff);
- dev->cmask[PCI_STATUS] = PCI_STATUS_CAP_LIST;
- dev->cmask[PCI_REVISION_ID] = 0xff;
- dev->cmask[PCI_CLASS_PROG] = 0xff;
- pci_set_word(dev->cmask + PCI_CLASS_DEVICE, 0xffff);
- dev->cmask[PCI_HEADER_TYPE] = 0xff;
- dev->cmask[PCI_CAPABILITY_LIST] = 0xff;
-}
-
-static void pci_init_wmask(PCIDevice *dev)
-{
- int config_size = pci_config_size(dev);
-
- dev->wmask[PCI_CACHE_LINE_SIZE] = 0xff;
- dev->wmask[PCI_INTERRUPT_LINE] = 0xff;
- pci_set_word(dev->wmask + PCI_COMMAND,
- PCI_COMMAND_IO | PCI_COMMAND_MEMORY | PCI_COMMAND_MASTER |
- PCI_COMMAND_INTX_DISABLE);
- if (dev->cap_present & QEMU_PCI_CAP_SERR) {
- pci_word_test_and_set_mask(dev->wmask + PCI_COMMAND, PCI_COMMAND_SERR);
- }
-
- memset(dev->wmask + PCI_CONFIG_HEADER_SIZE, 0xff,
- config_size - PCI_CONFIG_HEADER_SIZE);
-}
-
-static void pci_init_w1cmask(PCIDevice *dev)
-{
- /*
- * Note: It's okay to set w1cmask even for readonly bits as
- * long as their value is hardwired to 0.
- */
- pci_set_word(dev->w1cmask + PCI_STATUS,
- PCI_STATUS_PARITY | PCI_STATUS_SIG_TARGET_ABORT |
- PCI_STATUS_REC_TARGET_ABORT | PCI_STATUS_REC_MASTER_ABORT |
- PCI_STATUS_SIG_SYSTEM_ERROR | PCI_STATUS_DETECTED_PARITY);
-}
-
-static void pci_init_mask_bridge(PCIDevice *d)
-{
- /* PCI_PRIMARY_BUS, PCI_SECONDARY_BUS, PCI_SUBORDINATE_BUS and
- PCI_SEC_LETENCY_TIMER */
- memset(d->wmask + PCI_PRIMARY_BUS, 0xff, 4);
-
- /* base and limit */
- d->wmask[PCI_IO_BASE] = PCI_IO_RANGE_MASK & 0xff;
- d->wmask[PCI_IO_LIMIT] = PCI_IO_RANGE_MASK & 0xff;
- pci_set_word(d->wmask + PCI_MEMORY_BASE,
- PCI_MEMORY_RANGE_MASK & 0xffff);
- pci_set_word(d->wmask + PCI_MEMORY_LIMIT,
- PCI_MEMORY_RANGE_MASK & 0xffff);
- pci_set_word(d->wmask + PCI_PREF_MEMORY_BASE,
- PCI_PREF_RANGE_MASK & 0xffff);
- pci_set_word(d->wmask + PCI_PREF_MEMORY_LIMIT,
- PCI_PREF_RANGE_MASK & 0xffff);
-
- /* PCI_PREF_BASE_UPPER32 and PCI_PREF_LIMIT_UPPER32 */
- memset(d->wmask + PCI_PREF_BASE_UPPER32, 0xff, 8);
-
- /* Supported memory and i/o types */
- d->config[PCI_IO_BASE] |= PCI_IO_RANGE_TYPE_16;
- d->config[PCI_IO_LIMIT] |= PCI_IO_RANGE_TYPE_16;
- pci_word_test_and_set_mask(d->config + PCI_PREF_MEMORY_BASE,
- PCI_PREF_RANGE_TYPE_64);
- pci_word_test_and_set_mask(d->config + PCI_PREF_MEMORY_LIMIT,
- PCI_PREF_RANGE_TYPE_64);
-
-/* TODO: add this define to pci_regs.h in linux and then in qemu. */
-#define PCI_BRIDGE_CTL_VGA_16BIT 0x10 /* VGA 16-bit decode */
-#define PCI_BRIDGE_CTL_DISCARD 0x100 /* Primary discard timer */
-#define PCI_BRIDGE_CTL_SEC_DISCARD 0x200 /* Secondary discard timer */
-#define PCI_BRIDGE_CTL_DISCARD_STATUS 0x400 /* Discard timer status */
-#define PCI_BRIDGE_CTL_DISCARD_SERR 0x800 /* Discard timer SERR# enable */
- pci_set_word(d->wmask + PCI_BRIDGE_CONTROL,
- PCI_BRIDGE_CTL_PARITY |
- PCI_BRIDGE_CTL_SERR |
- PCI_BRIDGE_CTL_ISA |
- PCI_BRIDGE_CTL_VGA |
- PCI_BRIDGE_CTL_VGA_16BIT |
- PCI_BRIDGE_CTL_MASTER_ABORT |
- PCI_BRIDGE_CTL_BUS_RESET |
- PCI_BRIDGE_CTL_FAST_BACK |
- PCI_BRIDGE_CTL_DISCARD |
- PCI_BRIDGE_CTL_SEC_DISCARD |
- PCI_BRIDGE_CTL_DISCARD_SERR);
- /* Below does not do anything as we never set this bit, put here for
- * completeness. */
- pci_set_word(d->w1cmask + PCI_BRIDGE_CONTROL,
- PCI_BRIDGE_CTL_DISCARD_STATUS);
- d->cmask[PCI_IO_BASE] |= PCI_IO_RANGE_TYPE_MASK;
- d->cmask[PCI_IO_LIMIT] |= PCI_IO_RANGE_TYPE_MASK;
- pci_word_test_and_set_mask(d->cmask + PCI_PREF_MEMORY_BASE,
- PCI_PREF_RANGE_TYPE_MASK);
- pci_word_test_and_set_mask(d->cmask + PCI_PREF_MEMORY_LIMIT,
- PCI_PREF_RANGE_TYPE_MASK);
-}
-
-static int pci_init_multifunction(PCIBus *bus, PCIDevice *dev)
-{
- uint8_t slot = PCI_SLOT(dev->devfn);
- uint8_t func;
-
- if (dev->cap_present & QEMU_PCI_CAP_MULTIFUNCTION) {
- dev->config[PCI_HEADER_TYPE] |= PCI_HEADER_TYPE_MULTI_FUNCTION;
- }
-
- /*
- * multifunction bit is interpreted in two ways as follows.
- * - all functions must set the bit to 1.
- * Example: Intel X53
- * - function 0 must set the bit, but the rest function (> 0)
- * is allowed to leave the bit to 0.
- * Example: PIIX3(also in qemu), PIIX4(also in qemu), ICH10,
- *
- * So OS (at least Linux) checks the bit of only function 0,
- * and doesn't see the bit of function > 0.
- *
- * The below check allows both interpretation.
- */
- if (PCI_FUNC(dev->devfn)) {
- PCIDevice *f0 = bus->devices[PCI_DEVFN(slot, 0)];
- if (f0 && !(f0->cap_present & QEMU_PCI_CAP_MULTIFUNCTION)) {
- /* function 0 should set multifunction bit */
- error_report("PCI: single function device can't be populated "
- "in function %x.%x", slot, PCI_FUNC(dev->devfn));
- return -1;
- }
- return 0;
- }
-
- if (dev->cap_present & QEMU_PCI_CAP_MULTIFUNCTION) {
- return 0;
- }
- /* function 0 indicates single function, so function > 0 must be NULL */
- for (func = 1; func < PCI_FUNC_MAX; ++func) {
- if (bus->devices[PCI_DEVFN(slot, func)]) {
- error_report("PCI: %x.0 indicates single function, "
- "but %x.%x is already populated.",
- slot, slot, func);
- return -1;
- }
- }
- return 0;
-}
-
-static void pci_config_alloc(PCIDevice *pci_dev)
-{
- int config_size = pci_config_size(pci_dev);
-
- pci_dev->config = g_malloc0(config_size);
- pci_dev->cmask = g_malloc0(config_size);
- pci_dev->wmask = g_malloc0(config_size);
- pci_dev->w1cmask = g_malloc0(config_size);
- pci_dev->used = g_malloc0(config_size);
-}
-
-static void pci_config_free(PCIDevice *pci_dev)
-{
- g_free(pci_dev->config);
- g_free(pci_dev->cmask);
- g_free(pci_dev->wmask);
- g_free(pci_dev->w1cmask);
- g_free(pci_dev->used);
-}
-
-/* -1 for devfn means auto assign */
-static PCIDevice *do_pci_register_device(PCIDevice *pci_dev, PCIBus *bus,
- const char *name, int devfn)
-{
- PCIDeviceClass *pc = PCI_DEVICE_GET_CLASS(pci_dev);
- PCIConfigReadFunc *config_read = pc->config_read;
- PCIConfigWriteFunc *config_write = pc->config_write;
-
- if (devfn < 0) {
- for(devfn = bus->devfn_min ; devfn < ARRAY_SIZE(bus->devices);
- devfn += PCI_FUNC_MAX) {
- if (!bus->devices[devfn])
- goto found;
- }
- error_report("PCI: no slot/function available for %s, all in use", name);
- return NULL;
- found: ;
- } else if (bus->devices[devfn]) {
- error_report("PCI: slot %d function %d not available for %s, in use by %s",
- PCI_SLOT(devfn), PCI_FUNC(devfn), name, bus->devices[devfn]->name);
- return NULL;
- }
- pci_dev->bus = bus;
- if (bus->dma_context_fn) {
- pci_dev->dma = bus->dma_context_fn(bus, bus->dma_context_opaque, devfn);
- } else {
- /* FIXME: Make dma_context_fn use MemoryRegions instead, so this path is
- * taken unconditionally */
- /* FIXME: inherit memory region from bus creator */
- memory_region_init_alias(&pci_dev->bus_master_enable_region, "bus master",
- get_system_memory(), 0,
- memory_region_size(get_system_memory()));
- memory_region_set_enabled(&pci_dev->bus_master_enable_region, false);
- address_space_init(&pci_dev->bus_master_as, &pci_dev->bus_master_enable_region);
- pci_dev->dma = g_new(DMAContext, 1);
- dma_context_init(pci_dev->dma, &pci_dev->bus_master_as, NULL, NULL, NULL);
- }
- pci_dev->devfn = devfn;
- pstrcpy(pci_dev->name, sizeof(pci_dev->name), name);
- pci_dev->irq_state = 0;
- pci_config_alloc(pci_dev);
-
- pci_config_set_vendor_id(pci_dev->config, pc->vendor_id);
- pci_config_set_device_id(pci_dev->config, pc->device_id);
- pci_config_set_revision(pci_dev->config, pc->revision);
- pci_config_set_class(pci_dev->config, pc->class_id);
-
- if (!pc->is_bridge) {
- if (pc->subsystem_vendor_id || pc->subsystem_id) {
- pci_set_word(pci_dev->config + PCI_SUBSYSTEM_VENDOR_ID,
- pc->subsystem_vendor_id);
- pci_set_word(pci_dev->config + PCI_SUBSYSTEM_ID,
- pc->subsystem_id);
- } else {
- pci_set_default_subsystem_id(pci_dev);
- }
- } else {
- /* subsystem_vendor_id/subsystem_id are only for header type 0 */
- assert(!pc->subsystem_vendor_id);
- assert(!pc->subsystem_id);
- }
- pci_init_cmask(pci_dev);
- pci_init_wmask(pci_dev);
- pci_init_w1cmask(pci_dev);
- if (pc->is_bridge) {
- pci_init_mask_bridge(pci_dev);
- }
- if (pci_init_multifunction(bus, pci_dev)) {
- pci_config_free(pci_dev);
- return NULL;
- }
-
- if (!config_read)
- config_read = pci_default_read_config;
- if (!config_write)
- config_write = pci_default_write_config;
- pci_dev->config_read = config_read;
- pci_dev->config_write = config_write;
- bus->devices[devfn] = pci_dev;
- pci_dev->irq = qemu_allocate_irqs(pci_set_irq, pci_dev, PCI_NUM_PINS);
- pci_dev->version_id = 2; /* Current pci device vmstate version */
- return pci_dev;
-}
-
-static void do_pci_unregister_device(PCIDevice *pci_dev)
-{
- qemu_free_irqs(pci_dev->irq);
- pci_dev->bus->devices[pci_dev->devfn] = NULL;
- pci_config_free(pci_dev);
-
- if (!pci_dev->bus->dma_context_fn) {
- address_space_destroy(&pci_dev->bus_master_as);
- memory_region_destroy(&pci_dev->bus_master_enable_region);
- g_free(pci_dev->dma);
- pci_dev->dma = NULL;
- }
-}
-
-static void pci_unregister_io_regions(PCIDevice *pci_dev)
-{
- PCIIORegion *r;
- int i;
-
- for(i = 0; i < PCI_NUM_REGIONS; i++) {
- r = &pci_dev->io_regions[i];
- if (!r->size || r->addr == PCI_BAR_UNMAPPED)
- continue;
- memory_region_del_subregion(r->address_space, r->memory);
- }
-}
-
-static int pci_unregister_device(DeviceState *dev)
-{
- PCIDevice *pci_dev = PCI_DEVICE(dev);
- PCIDeviceClass *pc = PCI_DEVICE_GET_CLASS(pci_dev);
-
- pci_unregister_io_regions(pci_dev);
- pci_del_option_rom(pci_dev);
-
- if (pc->exit) {
- pc->exit(pci_dev);
- }
-
- do_pci_unregister_device(pci_dev);
- return 0;
-}
-
-void pci_register_bar(PCIDevice *pci_dev, int region_num,
- uint8_t type, MemoryRegion *memory)
-{
- PCIIORegion *r;
- uint32_t addr;
- uint64_t wmask;
- pcibus_t size = memory_region_size(memory);
-
- assert(region_num >= 0);
- assert(region_num < PCI_NUM_REGIONS);
- if (size & (size-1)) {
- fprintf(stderr, "ERROR: PCI region size must be pow2 "
- "type=0x%x, size=0x%"FMT_PCIBUS"\n", type, size);
- exit(1);
- }
-
- r = &pci_dev->io_regions[region_num];
- r->addr = PCI_BAR_UNMAPPED;
- r->size = size;
- r->type = type;
- r->memory = NULL;
-
- wmask = ~(size - 1);
- addr = pci_bar(pci_dev, region_num);
- if (region_num == PCI_ROM_SLOT) {
- /* ROM enable bit is writable */
- wmask |= PCI_ROM_ADDRESS_ENABLE;
- }
- pci_set_long(pci_dev->config + addr, type);
- if (!(r->type & PCI_BASE_ADDRESS_SPACE_IO) &&
- r->type & PCI_BASE_ADDRESS_MEM_TYPE_64) {
- pci_set_quad(pci_dev->wmask + addr, wmask);
- pci_set_quad(pci_dev->cmask + addr, ~0ULL);
- } else {
- pci_set_long(pci_dev->wmask + addr, wmask & 0xffffffff);
- pci_set_long(pci_dev->cmask + addr, 0xffffffff);
- }
- pci_dev->io_regions[region_num].memory = memory;
- pci_dev->io_regions[region_num].address_space
- = type & PCI_BASE_ADDRESS_SPACE_IO
- ? pci_dev->bus->address_space_io
- : pci_dev->bus->address_space_mem;
-}
-
-pcibus_t pci_get_bar_addr(PCIDevice *pci_dev, int region_num)
-{
- return pci_dev->io_regions[region_num].addr;
-}
-
-static pcibus_t pci_bar_address(PCIDevice *d,
- int reg, uint8_t type, pcibus_t size)
-{
- pcibus_t new_addr, last_addr;
- int bar = pci_bar(d, reg);
- uint16_t cmd = pci_get_word(d->config + PCI_COMMAND);
-
- if (type & PCI_BASE_ADDRESS_SPACE_IO) {
- if (!(cmd & PCI_COMMAND_IO)) {
- return PCI_BAR_UNMAPPED;
- }
- new_addr = pci_get_long(d->config + bar) & ~(size - 1);
- last_addr = new_addr + size - 1;
- /* NOTE: we have only 64K ioports on PC */
- if (last_addr <= new_addr || new_addr == 0 || last_addr > UINT16_MAX) {
- return PCI_BAR_UNMAPPED;
- }
- return new_addr;
- }
-
- if (!(cmd & PCI_COMMAND_MEMORY)) {
- return PCI_BAR_UNMAPPED;
- }
- if (type & PCI_BASE_ADDRESS_MEM_TYPE_64) {
- new_addr = pci_get_quad(d->config + bar);
- } else {
- new_addr = pci_get_long(d->config + bar);
- }
- /* the ROM slot has a specific enable bit */
- if (reg == PCI_ROM_SLOT && !(new_addr & PCI_ROM_ADDRESS_ENABLE)) {
- return PCI_BAR_UNMAPPED;
- }
- new_addr &= ~(size - 1);
- last_addr = new_addr + size - 1;
- /* NOTE: we do not support wrapping */
- /* XXX: as we cannot support really dynamic
- mappings, we handle specific values as invalid
- mappings. */
- if (last_addr <= new_addr || new_addr == 0 ||
- last_addr == PCI_BAR_UNMAPPED) {
- return PCI_BAR_UNMAPPED;
- }
-
- /* Now pcibus_t is 64bit.
- * Check if 32 bit BAR wraps around explicitly.
- * Without this, PC ide doesn't work well.
- * TODO: remove this work around.
- */
- if (!(type & PCI_BASE_ADDRESS_MEM_TYPE_64) && last_addr >= UINT32_MAX) {
- return PCI_BAR_UNMAPPED;
- }
-
- /*
- * OS is allowed to set BAR beyond its addressable
- * bits. For example, 32 bit OS can set 64bit bar
- * to >4G. Check it. TODO: we might need to support
- * it in the future for e.g. PAE.
- */
- if (last_addr >= HWADDR_MAX) {
- return PCI_BAR_UNMAPPED;
- }
-
- return new_addr;
-}
-
-static void pci_update_mappings(PCIDevice *d)
-{
- PCIIORegion *r;
- int i;
- pcibus_t new_addr;
-
- for(i = 0; i < PCI_NUM_REGIONS; i++) {
- r = &d->io_regions[i];
-
- /* this region isn't registered */
- if (!r->size)
- continue;
-
- new_addr = pci_bar_address(d, i, r->type, r->size);
-
- /* This bar isn't changed */
- if (new_addr == r->addr)
- continue;
-
- /* now do the real mapping */
- if (r->addr != PCI_BAR_UNMAPPED) {
- memory_region_del_subregion(r->address_space, r->memory);
- }
- r->addr = new_addr;
- if (r->addr != PCI_BAR_UNMAPPED) {
- memory_region_add_subregion_overlap(r->address_space,
- r->addr, r->memory, 1);
- }
- }
-}
-
-static inline int pci_irq_disabled(PCIDevice *d)
-{
- return pci_get_word(d->config + PCI_COMMAND) & PCI_COMMAND_INTX_DISABLE;
-}
-
-/* Called after interrupt disabled field update in config space,
- * assert/deassert interrupts if necessary.
- * Gets original interrupt disable bit value (before update). */
-static void pci_update_irq_disabled(PCIDevice *d, int was_irq_disabled)
-{
- int i, disabled = pci_irq_disabled(d);
- if (disabled == was_irq_disabled)
- return;
- for (i = 0; i < PCI_NUM_PINS; ++i) {
- int state = pci_irq_state(d, i);
- pci_change_irq_level(d, i, disabled ? -state : state);
- }
-}
-
-uint32_t pci_default_read_config(PCIDevice *d,
- uint32_t address, int len)
-{
- uint32_t val = 0;
-
- memcpy(&val, d->config + address, len);
- return le32_to_cpu(val);
-}
-
-void pci_default_write_config(PCIDevice *d, uint32_t addr, uint32_t val, int l)
-{
- int i, was_irq_disabled = pci_irq_disabled(d);
-
- for (i = 0; i < l; val >>= 8, ++i) {
- uint8_t wmask = d->wmask[addr + i];
- uint8_t w1cmask = d->w1cmask[addr + i];
- assert(!(wmask & w1cmask));
- d->config[addr + i] = (d->config[addr + i] & ~wmask) | (val & wmask);
- d->config[addr + i] &= ~(val & w1cmask); /* W1C: Write 1 to Clear */
- }
- if (ranges_overlap(addr, l, PCI_BASE_ADDRESS_0, 24) ||
- ranges_overlap(addr, l, PCI_ROM_ADDRESS, 4) ||
- ranges_overlap(addr, l, PCI_ROM_ADDRESS1, 4) ||
- range_covers_byte(addr, l, PCI_COMMAND))
- pci_update_mappings(d);
-
- if (range_covers_byte(addr, l, PCI_COMMAND)) {
- pci_update_irq_disabled(d, was_irq_disabled);
- memory_region_set_enabled(&d->bus_master_enable_region,
- pci_get_word(d->config + PCI_COMMAND)
- & PCI_COMMAND_MASTER);
- }
-
- msi_write_config(d, addr, val, l);
- msix_write_config(d, addr, val, l);
-}
-
-/***********************************************************/
-/* generic PCI irq support */
-
-/* 0 <= irq_num <= 3. level must be 0 or 1 */
-static void pci_set_irq(void *opaque, int irq_num, int level)
-{
- PCIDevice *pci_dev = opaque;
- int change;
-
- change = level - pci_irq_state(pci_dev, irq_num);
- if (!change)
- return;
-
- pci_set_irq_state(pci_dev, irq_num, level);
- pci_update_irq_status(pci_dev);
- if (pci_irq_disabled(pci_dev))
- return;
- pci_change_irq_level(pci_dev, irq_num, change);
-}
-
-/* Special hooks used by device assignment */
-void pci_bus_set_route_irq_fn(PCIBus *bus, pci_route_irq_fn route_intx_to_irq)
-{
- assert(!bus->parent_dev);
- bus->route_intx_to_irq = route_intx_to_irq;
-}
-
-PCIINTxRoute pci_device_route_intx_to_irq(PCIDevice *dev, int pin)
-{
- PCIBus *bus;
-
- do {
- bus = dev->bus;
- pin = bus->map_irq(dev, pin);
- dev = bus->parent_dev;
- } while (dev);
-
- if (!bus->route_intx_to_irq) {
- error_report("PCI: Bug - unimplemented PCI INTx routing (%s)\n",
- object_get_typename(OBJECT(bus->qbus.parent)));
- return (PCIINTxRoute) { PCI_INTX_DISABLED, -1 };
- }
-
- return bus->route_intx_to_irq(bus->irq_opaque, pin);
-}
-
-bool pci_intx_route_changed(PCIINTxRoute *old, PCIINTxRoute *new)
-{
- return old->mode != new->mode || old->irq != new->irq;
-}
-
-void pci_bus_fire_intx_routing_notifier(PCIBus *bus)
-{
- PCIDevice *dev;
- PCIBus *sec;
- int i;
-
- for (i = 0; i < ARRAY_SIZE(bus->devices); ++i) {
- dev = bus->devices[i];
- if (dev && dev->intx_routing_notifier) {
- dev->intx_routing_notifier(dev);
- }
- QLIST_FOREACH(sec, &bus->child, sibling) {
- pci_bus_fire_intx_routing_notifier(sec);
- }
- }
-}
-
-void pci_device_set_intx_routing_notifier(PCIDevice *dev,
- PCIINTxRoutingNotifier notifier)
-{
- dev->intx_routing_notifier = notifier;
-}
-
-/*
- * PCI-to-PCI bridge specification
- * 9.1: Interrupt routing. Table 9-1
- *
- * the PCI Express Base Specification, Revision 2.1
- * 2.2.8.1: INTx interrutp signaling - Rules
- * the Implementation Note
- * Table 2-20
- */
-/*
- * 0 <= pin <= 3 0 = INTA, 1 = INTB, 2 = INTC, 3 = INTD
- * 0-origin unlike PCI interrupt pin register.
- */
-int pci_swizzle_map_irq_fn(PCIDevice *pci_dev, int pin)
-{
- return (pin + PCI_SLOT(pci_dev->devfn)) % PCI_NUM_PINS;
-}
-
-/***********************************************************/
-/* monitor info on PCI */
-
-typedef struct {
- uint16_t class;
- const char *desc;
- const char *fw_name;
- uint16_t fw_ign_bits;
-} pci_class_desc;
-
-static const pci_class_desc pci_class_descriptions[] =
-{
- { 0x0001, "VGA controller", "display"},
- { 0x0100, "SCSI controller", "scsi"},
- { 0x0101, "IDE controller", "ide"},
- { 0x0102, "Floppy controller", "fdc"},
- { 0x0103, "IPI controller", "ipi"},
- { 0x0104, "RAID controller", "raid"},
- { 0x0106, "SATA controller"},
- { 0x0107, "SAS controller"},
- { 0x0180, "Storage controller"},
- { 0x0200, "Ethernet controller", "ethernet"},
- { 0x0201, "Token Ring controller", "token-ring"},
- { 0x0202, "FDDI controller", "fddi"},
- { 0x0203, "ATM controller", "atm"},
- { 0x0280, "Network controller"},
- { 0x0300, "VGA controller", "display", 0x00ff},
- { 0x0301, "XGA controller"},
- { 0x0302, "3D controller"},
- { 0x0380, "Display controller"},
- { 0x0400, "Video controller", "video"},
- { 0x0401, "Audio controller", "sound"},
- { 0x0402, "Phone"},
- { 0x0403, "Audio controller", "sound"},
- { 0x0480, "Multimedia controller"},
- { 0x0500, "RAM controller", "memory"},
- { 0x0501, "Flash controller", "flash"},
- { 0x0580, "Memory controller"},
- { 0x0600, "Host bridge", "host"},
- { 0x0601, "ISA bridge", "isa"},
- { 0x0602, "EISA bridge", "eisa"},
- { 0x0603, "MC bridge", "mca"},
- { 0x0604, "PCI bridge", "pci"},
- { 0x0605, "PCMCIA bridge", "pcmcia"},
- { 0x0606, "NUBUS bridge", "nubus"},
- { 0x0607, "CARDBUS bridge", "cardbus"},
- { 0x0608, "RACEWAY bridge"},
- { 0x0680, "Bridge"},
- { 0x0700, "Serial port", "serial"},
- { 0x0701, "Parallel port", "parallel"},
- { 0x0800, "Interrupt controller", "interrupt-controller"},
- { 0x0801, "DMA controller", "dma-controller"},
- { 0x0802, "Timer", "timer"},
- { 0x0803, "RTC", "rtc"},
- { 0x0900, "Keyboard", "keyboard"},
- { 0x0901, "Pen", "pen"},
- { 0x0902, "Mouse", "mouse"},
- { 0x0A00, "Dock station", "dock", 0x00ff},
- { 0x0B00, "i386 cpu", "cpu", 0x00ff},
- { 0x0c00, "Fireware contorller", "fireware"},
- { 0x0c01, "Access bus controller", "access-bus"},
- { 0x0c02, "SSA controller", "ssa"},
- { 0x0c03, "USB controller", "usb"},
- { 0x0c04, "Fibre channel controller", "fibre-channel"},
- { 0x0c05, "SMBus"},
- { 0, NULL}
-};
-
-static void pci_for_each_device_under_bus(PCIBus *bus,
- void (*fn)(PCIBus *b, PCIDevice *d,
- void *opaque),
- void *opaque)
-{
- PCIDevice *d;
- int devfn;
-
- for(devfn = 0; devfn < ARRAY_SIZE(bus->devices); devfn++) {
- d = bus->devices[devfn];
- if (d) {
- fn(bus, d, opaque);
- }
- }
-}
-
-void pci_for_each_device(PCIBus *bus, int bus_num,
- void (*fn)(PCIBus *b, PCIDevice *d, void *opaque),
- void *opaque)
-{
- bus = pci_find_bus_nr(bus, bus_num);
-
- if (bus) {
- pci_for_each_device_under_bus(bus, fn, opaque);
- }
-}
-
-static const pci_class_desc *get_class_desc(int class)
-{
- const pci_class_desc *desc;
-
- desc = pci_class_descriptions;
- while (desc->desc && class != desc->class) {
- desc++;
- }
-
- return desc;
-}
-
-static PciDeviceInfoList *qmp_query_pci_devices(PCIBus *bus, int bus_num);
-
-static PciMemoryRegionList *qmp_query_pci_regions(const PCIDevice *dev)
-{
- PciMemoryRegionList *head = NULL, *cur_item = NULL;
- int i;
-
- for (i = 0; i < PCI_NUM_REGIONS; i++) {
- const PCIIORegion *r = &dev->io_regions[i];
- PciMemoryRegionList *region;
-
- if (!r->size) {
- continue;
- }
-
- region = g_malloc0(sizeof(*region));
- region->value = g_malloc0(sizeof(*region->value));
-
- if (r->type & PCI_BASE_ADDRESS_SPACE_IO) {
- region->value->type = g_strdup("io");
- } else {
- region->value->type = g_strdup("memory");
- region->value->has_prefetch = true;
- region->value->prefetch = !!(r->type & PCI_BASE_ADDRESS_MEM_PREFETCH);
- region->value->has_mem_type_64 = true;
- region->value->mem_type_64 = !!(r->type & PCI_BASE_ADDRESS_MEM_TYPE_64);
- }
-
- region->value->bar = i;
- region->value->address = r->addr;
- region->value->size = r->size;
-
- /* XXX: waiting for the qapi to support GSList */
- if (!cur_item) {
- head = cur_item = region;
- } else {
- cur_item->next = region;
- cur_item = region;
- }
- }
-
- return head;
-}
-
-static PciBridgeInfo *qmp_query_pci_bridge(PCIDevice *dev, PCIBus *bus,
- int bus_num)
-{
- PciBridgeInfo *info;
-
- info = g_malloc0(sizeof(*info));
-
- info->bus.number = dev->config[PCI_PRIMARY_BUS];
- info->bus.secondary = dev->config[PCI_SECONDARY_BUS];
- info->bus.subordinate = dev->config[PCI_SUBORDINATE_BUS];
-
- info->bus.io_range = g_malloc0(sizeof(*info->bus.io_range));
- info->bus.io_range->base = pci_bridge_get_base(dev, PCI_BASE_ADDRESS_SPACE_IO);
- info->bus.io_range->limit = pci_bridge_get_limit(dev, PCI_BASE_ADDRESS_SPACE_IO);
-
- info->bus.memory_range = g_malloc0(sizeof(*info->bus.memory_range));
- info->bus.memory_range->base = pci_bridge_get_base(dev, PCI_BASE_ADDRESS_SPACE_MEMORY);
- info->bus.memory_range->limit = pci_bridge_get_limit(dev, PCI_BASE_ADDRESS_SPACE_MEMORY);
-
- info->bus.prefetchable_range = g_malloc0(sizeof(*info->bus.prefetchable_range));
- info->bus.prefetchable_range->base = pci_bridge_get_base(dev, PCI_BASE_ADDRESS_MEM_PREFETCH);
- info->bus.prefetchable_range->limit = pci_bridge_get_limit(dev, PCI_BASE_ADDRESS_MEM_PREFETCH);
-
- if (dev->config[PCI_SECONDARY_BUS] != 0) {
- PCIBus *child_bus = pci_find_bus_nr(bus, dev->config[PCI_SECONDARY_BUS]);
- if (child_bus) {
- info->has_devices = true;
- info->devices = qmp_query_pci_devices(child_bus, dev->config[PCI_SECONDARY_BUS]);
- }
- }
-
- return info;
-}
-
-static PciDeviceInfo *qmp_query_pci_device(PCIDevice *dev, PCIBus *bus,
- int bus_num)
-{
- const pci_class_desc *desc;
- PciDeviceInfo *info;
- uint8_t type;
- int class;
-
- info = g_malloc0(sizeof(*info));
- info->bus = bus_num;
- info->slot = PCI_SLOT(dev->devfn);
- info->function = PCI_FUNC(dev->devfn);
-
- class = pci_get_word(dev->config + PCI_CLASS_DEVICE);
- info->class_info.class = class;
- desc = get_class_desc(class);
- if (desc->desc) {
- info->class_info.has_desc = true;
- info->class_info.desc = g_strdup(desc->desc);
- }
-
- info->id.vendor = pci_get_word(dev->config + PCI_VENDOR_ID);
- info->id.device = pci_get_word(dev->config + PCI_DEVICE_ID);
- info->regions = qmp_query_pci_regions(dev);
- info->qdev_id = g_strdup(dev->qdev.id ? dev->qdev.id : "");
-
- if (dev->config[PCI_INTERRUPT_PIN] != 0) {
- info->has_irq = true;
- info->irq = dev->config[PCI_INTERRUPT_LINE];
- }
-
- type = dev->config[PCI_HEADER_TYPE] & ~PCI_HEADER_TYPE_MULTI_FUNCTION;
- if (type == PCI_HEADER_TYPE_BRIDGE) {
- info->has_pci_bridge = true;
- info->pci_bridge = qmp_query_pci_bridge(dev, bus, bus_num);
- }
-
- return info;
-}
-
-static PciDeviceInfoList *qmp_query_pci_devices(PCIBus *bus, int bus_num)
-{
- PciDeviceInfoList *info, *head = NULL, *cur_item = NULL;
- PCIDevice *dev;
- int devfn;
-
- for (devfn = 0; devfn < ARRAY_SIZE(bus->devices); devfn++) {
- dev = bus->devices[devfn];
- if (dev) {
- info = g_malloc0(sizeof(*info));
- info->value = qmp_query_pci_device(dev, bus, bus_num);
-
- /* XXX: waiting for the qapi to support GSList */
- if (!cur_item) {
- head = cur_item = info;
- } else {
- cur_item->next = info;
- cur_item = info;
- }
- }
- }
-
- return head;
-}
-
-static PciInfo *qmp_query_pci_bus(PCIBus *bus, int bus_num)
-{
- PciInfo *info = NULL;
-
- bus = pci_find_bus_nr(bus, bus_num);
- if (bus) {
- info = g_malloc0(sizeof(*info));
- info->bus = bus_num;
- info->devices = qmp_query_pci_devices(bus, bus_num);
- }
-
- return info;
-}
-
-PciInfoList *qmp_query_pci(Error **errp)
-{
- PciInfoList *info, *head = NULL, *cur_item = NULL;
- struct PCIHostBus *host;
-
- QLIST_FOREACH(host, &host_buses, next) {
- info = g_malloc0(sizeof(*info));
- info->value = qmp_query_pci_bus(host->bus, 0);
-
- /* XXX: waiting for the qapi to support GSList */
- if (!cur_item) {
- head = cur_item = info;
- } else {
- cur_item->next = info;
- cur_item = info;
- }
- }
-
- return head;
-}
-
-static const char * const pci_nic_models[] = {
- "ne2k_pci",
- "i82551",
- "i82557b",
- "i82559er",
- "rtl8139",
- "e1000",
- "pcnet",
- "virtio",
- NULL
-};
-
-static const char * const pci_nic_names[] = {
- "ne2k_pci",
- "i82551",
- "i82557b",
- "i82559er",
- "rtl8139",
- "e1000",
- "pcnet",
- "virtio-net-pci",
- NULL
-};
-
-/* Initialize a PCI NIC. */
-/* FIXME callers should check for failure, but don't */
-PCIDevice *pci_nic_init(NICInfo *nd, const char *default_model,
- const char *default_devaddr)
-{
- const char *devaddr = nd->devaddr ? nd->devaddr : default_devaddr;
- PCIBus *bus;
- int devfn;
- PCIDevice *pci_dev;
- DeviceState *dev;
- int i;
-
- i = qemu_find_nic_model(nd, pci_nic_models, default_model);
- if (i < 0)
- return NULL;
-
- bus = pci_get_bus_devfn(&devfn, devaddr);
- if (!bus) {
- error_report("Invalid PCI device address %s for device %s",
- devaddr, pci_nic_names[i]);
- return NULL;
- }
-
- pci_dev = pci_create(bus, devfn, pci_nic_names[i]);
- dev = &pci_dev->qdev;
- qdev_set_nic_properties(dev, nd);
- if (qdev_init(dev) < 0)
- return NULL;
- return pci_dev;
-}
-
-PCIDevice *pci_nic_init_nofail(NICInfo *nd, const char *default_model,
- const char *default_devaddr)
-{
- PCIDevice *res;
-
- if (qemu_show_nic_models(nd->model, pci_nic_models))
- exit(0);
-
- res = pci_nic_init(nd, default_model, default_devaddr);
- if (!res)
- exit(1);
- return res;
-}
-
-PCIDevice *pci_vga_init(PCIBus *bus)
-{
- switch (vga_interface_type) {
- case VGA_CIRRUS:
- return pci_create_simple(bus, -1, "cirrus-vga");
- case VGA_QXL:
- return pci_create_simple(bus, -1, "qxl-vga");
- case VGA_STD:
- return pci_create_simple(bus, -1, "VGA");
- case VGA_VMWARE:
- return pci_create_simple(bus, -1, "vmware-svga");
- case VGA_NONE:
- default: /* Other non-PCI types. Checking for unsupported types is already
- done in vl.c. */
- return NULL;
- }
-}
-
-/* Whether a given bus number is in range of the secondary
- * bus of the given bridge device. */
-static bool pci_secondary_bus_in_range(PCIDevice *dev, int bus_num)
-{
- return !(pci_get_word(dev->config + PCI_BRIDGE_CONTROL) &
- PCI_BRIDGE_CTL_BUS_RESET) /* Don't walk the bus if it's reset. */ &&
- dev->config[PCI_SECONDARY_BUS] < bus_num &&
- bus_num <= dev->config[PCI_SUBORDINATE_BUS];
-}
-
-static PCIBus *pci_find_bus_nr(PCIBus *bus, int bus_num)
-{
- PCIBus *sec;
-
- if (!bus) {
- return NULL;
- }
-
- if (pci_bus_num(bus) == bus_num) {
- return bus;
- }
-
- /* Consider all bus numbers in range for the host pci bridge. */
- if (bus->parent_dev &&
- !pci_secondary_bus_in_range(bus->parent_dev, bus_num)) {
- return NULL;
- }
-
- /* try child bus */
- for (; bus; bus = sec) {
- QLIST_FOREACH(sec, &bus->child, sibling) {
- assert(sec->parent_dev);
- if (sec->parent_dev->config[PCI_SECONDARY_BUS] == bus_num) {
- return sec;
- }
- if (pci_secondary_bus_in_range(sec->parent_dev, bus_num)) {
- break;
- }
- }
- }
-
- return NULL;
-}
-
-PCIDevice *pci_find_device(PCIBus *bus, int bus_num, uint8_t devfn)
-{
- bus = pci_find_bus_nr(bus, bus_num);
-
- if (!bus)
- return NULL;
-
- return bus->devices[devfn];
-}
-
-static int pci_qdev_init(DeviceState *qdev)
-{
- PCIDevice *pci_dev = (PCIDevice *)qdev;
- PCIDeviceClass *pc = PCI_DEVICE_GET_CLASS(pci_dev);
- PCIBus *bus;
- int rc;
- bool is_default_rom;
-
- /* initialize cap_present for pci_is_express() and pci_config_size() */
- if (pc->is_express) {
- pci_dev->cap_present |= QEMU_PCI_CAP_EXPRESS;
- }
-
- bus = FROM_QBUS(PCIBus, qdev_get_parent_bus(qdev));
- pci_dev = do_pci_register_device(pci_dev, bus,
- object_get_typename(OBJECT(qdev)),
- pci_dev->devfn);
- if (pci_dev == NULL)
- return -1;
- if (qdev->hotplugged && pc->no_hotplug) {
- qerror_report(QERR_DEVICE_NO_HOTPLUG, object_get_typename(OBJECT(pci_dev)));
- do_pci_unregister_device(pci_dev);
- return -1;
- }
- if (pc->init) {
- rc = pc->init(pci_dev);
- if (rc != 0) {
- do_pci_unregister_device(pci_dev);
- return rc;
- }
- }
-
- /* rom loading */
- is_default_rom = false;
- if (pci_dev->romfile == NULL && pc->romfile != NULL) {
- pci_dev->romfile = g_strdup(pc->romfile);
- is_default_rom = true;
- }
- pci_add_option_rom(pci_dev, is_default_rom);
-
- if (bus->hotplug) {
- /* Let buses differentiate between hotplug and when device is
- * enabled during qemu machine creation. */
- rc = bus->hotplug(bus->hotplug_qdev, pci_dev,
- qdev->hotplugged ? PCI_HOTPLUG_ENABLED:
- PCI_COLDPLUG_ENABLED);
- if (rc != 0) {
- int r = pci_unregister_device(&pci_dev->qdev);
- assert(!r);
- return rc;
- }
- }
- return 0;
-}
-
-static int pci_unplug_device(DeviceState *qdev)
-{
- PCIDevice *dev = PCI_DEVICE(qdev);
- PCIDeviceClass *pc = PCI_DEVICE_GET_CLASS(dev);
-
- if (pc->no_hotplug) {
- qerror_report(QERR_DEVICE_NO_HOTPLUG, object_get_typename(OBJECT(dev)));
- return -1;
- }
- return dev->bus->hotplug(dev->bus->hotplug_qdev, dev,
- PCI_HOTPLUG_DISABLED);
-}
-
-PCIDevice *pci_create_multifunction(PCIBus *bus, int devfn, bool multifunction,
- const char *name)
-{
- DeviceState *dev;
-
- dev = qdev_create(&bus->qbus, name);
- qdev_prop_set_int32(dev, "addr", devfn);
- qdev_prop_set_bit(dev, "multifunction", multifunction);
- return PCI_DEVICE(dev);
-}
-
-PCIDevice *pci_create_simple_multifunction(PCIBus *bus, int devfn,
- bool multifunction,
- const char *name)
-{
- PCIDevice *dev = pci_create_multifunction(bus, devfn, multifunction, name);
- qdev_init_nofail(&dev->qdev);
- return dev;
-}
-
-PCIDevice *pci_create(PCIBus *bus, int devfn, const char *name)
-{
- return pci_create_multifunction(bus, devfn, false, name);
-}
-
-PCIDevice *pci_create_simple(PCIBus *bus, int devfn, const char *name)
-{
- return pci_create_simple_multifunction(bus, devfn, false, name);
-}
-
-static uint8_t pci_find_space(PCIDevice *pdev, uint8_t size)
-{
- int offset = PCI_CONFIG_HEADER_SIZE;
- int i;
- for (i = PCI_CONFIG_HEADER_SIZE; i < PCI_CONFIG_SPACE_SIZE; ++i) {
- if (pdev->used[i])
- offset = i + 1;
- else if (i - offset + 1 == size)
- return offset;
- }
- return 0;
-}
-
-static uint8_t pci_find_capability_list(PCIDevice *pdev, uint8_t cap_id,
- uint8_t *prev_p)
-{
- uint8_t next, prev;
-
- if (!(pdev->config[PCI_STATUS] & PCI_STATUS_CAP_LIST))
- return 0;
-
- for (prev = PCI_CAPABILITY_LIST; (next = pdev->config[prev]);
- prev = next + PCI_CAP_LIST_NEXT)
- if (pdev->config[next + PCI_CAP_LIST_ID] == cap_id)
- break;
-
- if (prev_p)
- *prev_p = prev;
- return next;
-}
-
-static uint8_t pci_find_capability_at_offset(PCIDevice *pdev, uint8_t offset)
-{
- uint8_t next, prev, found = 0;
-
- if (!(pdev->used[offset])) {
- return 0;
- }
-
- assert(pdev->config[PCI_STATUS] & PCI_STATUS_CAP_LIST);
-
- for (prev = PCI_CAPABILITY_LIST; (next = pdev->config[prev]);
- prev = next + PCI_CAP_LIST_NEXT) {
- if (next <= offset && next > found) {
- found = next;
- }
- }
- return found;
-}
-
-/* Patch the PCI vendor and device ids in a PCI rom image if necessary.
- This is needed for an option rom which is used for more than one device. */
-static void pci_patch_ids(PCIDevice *pdev, uint8_t *ptr, int size)
-{
- uint16_t vendor_id;
- uint16_t device_id;
- uint16_t rom_vendor_id;
- uint16_t rom_device_id;
- uint16_t rom_magic;
- uint16_t pcir_offset;
- uint8_t checksum;
-
- /* Words in rom data are little endian (like in PCI configuration),
- so they can be read / written with pci_get_word / pci_set_word. */
-
- /* Only a valid rom will be patched. */
- rom_magic = pci_get_word(ptr);
- if (rom_magic != 0xaa55) {
- PCI_DPRINTF("Bad ROM magic %04x\n", rom_magic);
- return;
- }
- pcir_offset = pci_get_word(ptr + 0x18);
- if (pcir_offset + 8 >= size || memcmp(ptr + pcir_offset, "PCIR", 4)) {
- PCI_DPRINTF("Bad PCIR offset 0x%x or signature\n", pcir_offset);
- return;
- }
-
- vendor_id = pci_get_word(pdev->config + PCI_VENDOR_ID);
- device_id = pci_get_word(pdev->config + PCI_DEVICE_ID);
- rom_vendor_id = pci_get_word(ptr + pcir_offset + 4);
- rom_device_id = pci_get_word(ptr + pcir_offset + 6);
-
- PCI_DPRINTF("%s: ROM id %04x%04x / PCI id %04x%04x\n", pdev->romfile,
- vendor_id, device_id, rom_vendor_id, rom_device_id);
-
- checksum = ptr[6];
-
- if (vendor_id != rom_vendor_id) {
- /* Patch vendor id and checksum (at offset 6 for etherboot roms). */
- checksum += (uint8_t)rom_vendor_id + (uint8_t)(rom_vendor_id >> 8);
- checksum -= (uint8_t)vendor_id + (uint8_t)(vendor_id >> 8);
- PCI_DPRINTF("ROM checksum %02x / %02x\n", ptr[6], checksum);
- ptr[6] = checksum;
- pci_set_word(ptr + pcir_offset + 4, vendor_id);
- }
-
- if (device_id != rom_device_id) {
- /* Patch device id and checksum (at offset 6 for etherboot roms). */
- checksum += (uint8_t)rom_device_id + (uint8_t)(rom_device_id >> 8);
- checksum -= (uint8_t)device_id + (uint8_t)(device_id >> 8);
- PCI_DPRINTF("ROM checksum %02x / %02x\n", ptr[6], checksum);
- ptr[6] = checksum;
- pci_set_word(ptr + pcir_offset + 6, device_id);
- }
-}
-
-/* Add an option rom for the device */
-static int pci_add_option_rom(PCIDevice *pdev, bool is_default_rom)
-{
- int size;
- char *path;
- void *ptr;
- char name[32];
- const VMStateDescription *vmsd;
-
- if (!pdev->romfile)
- return 0;
- if (strlen(pdev->romfile) == 0)
- return 0;
-
- if (!pdev->rom_bar) {
- /*
- * Load rom via fw_cfg instead of creating a rom bar,
- * for 0.11 compatibility.
- */
- int class = pci_get_word(pdev->config + PCI_CLASS_DEVICE);
- if (class == 0x0300) {
- rom_add_vga(pdev->romfile);
- } else {
- rom_add_option(pdev->romfile, -1);
- }
- return 0;
- }
-
- path = qemu_find_file(QEMU_FILE_TYPE_BIOS, pdev->romfile);
- if (path == NULL) {
- path = g_strdup(pdev->romfile);
- }
-
- size = get_image_size(path);
- if (size < 0) {
- error_report("%s: failed to find romfile \"%s\"",
- __FUNCTION__, pdev->romfile);
- g_free(path);
- return -1;
- }
- if (size & (size - 1)) {
- size = 1 << qemu_fls(size);
- }
-
- vmsd = qdev_get_vmsd(DEVICE(pdev));
-
- if (vmsd) {
- snprintf(name, sizeof(name), "%s.rom", vmsd->name);
- } else {
- snprintf(name, sizeof(name), "%s.rom", object_get_typename(OBJECT(pdev)));
- }
- pdev->has_rom = true;
- memory_region_init_ram(&pdev->rom, name, size);
- vmstate_register_ram(&pdev->rom, &pdev->qdev);
- ptr = memory_region_get_ram_ptr(&pdev->rom);
- load_image(path, ptr);
- g_free(path);
-
- if (is_default_rom) {
- /* Only the default rom images will be patched (if needed). */
- pci_patch_ids(pdev, ptr, size);
- }
-
- qemu_put_ram_ptr(ptr);
-
- pci_register_bar(pdev, PCI_ROM_SLOT, 0, &pdev->rom);
-
- return 0;
-}
-
-static void pci_del_option_rom(PCIDevice *pdev)
-{
- if (!pdev->has_rom)
- return;
-
- vmstate_unregister_ram(&pdev->rom, &pdev->qdev);
- memory_region_destroy(&pdev->rom);
- pdev->has_rom = false;
-}
-
-/*
- * if !offset
- * Reserve space and add capability to the linked list in pci config space
- *
- * if offset = 0,
- * Find and reserve space and add capability to the linked list
- * in pci config space */
-int pci_add_capability(PCIDevice *pdev, uint8_t cap_id,
- uint8_t offset, uint8_t size)
-{
- uint8_t *config;
- int i, overlapping_cap;
-
- if (!offset) {
- offset = pci_find_space(pdev, size);
- if (!offset) {
- return -ENOSPC;
- }
- } else {
- /* Verify that capabilities don't overlap. Note: device assignment
- * depends on this check to verify that the device is not broken.
- * Should never trigger for emulated devices, but it's helpful
- * for debugging these. */
- for (i = offset; i < offset + size; i++) {
- overlapping_cap = pci_find_capability_at_offset(pdev, i);
- if (overlapping_cap) {
- fprintf(stderr, "ERROR: %04x:%02x:%02x.%x "
- "Attempt to add PCI capability %x at offset "
- "%x overlaps existing capability %x at offset %x\n",
- pci_find_domain(pdev->bus), pci_bus_num(pdev->bus),
- PCI_SLOT(pdev->devfn), PCI_FUNC(pdev->devfn),
- cap_id, offset, overlapping_cap, i);
- return -EINVAL;
- }
- }
- }
-
- config = pdev->config + offset;
- config[PCI_CAP_LIST_ID] = cap_id;
- config[PCI_CAP_LIST_NEXT] = pdev->config[PCI_CAPABILITY_LIST];
- pdev->config[PCI_CAPABILITY_LIST] = offset;
- pdev->config[PCI_STATUS] |= PCI_STATUS_CAP_LIST;
- memset(pdev->used + offset, 0xFF, QEMU_ALIGN_UP(size, 4));
- /* Make capability read-only by default */
- memset(pdev->wmask + offset, 0, size);
- /* Check capability by default */
- memset(pdev->cmask + offset, 0xFF, size);
- return offset;
-}
-
-/* Unlink capability from the pci config space. */
-void pci_del_capability(PCIDevice *pdev, uint8_t cap_id, uint8_t size)
-{
- uint8_t prev, offset = pci_find_capability_list(pdev, cap_id, &prev);
- if (!offset)
- return;
- pdev->config[prev] = pdev->config[offset + PCI_CAP_LIST_NEXT];
- /* Make capability writable again */
- memset(pdev->wmask + offset, 0xff, size);
- memset(pdev->w1cmask + offset, 0, size);
- /* Clear cmask as device-specific registers can't be checked */
- memset(pdev->cmask + offset, 0, size);
- memset(pdev->used + offset, 0, QEMU_ALIGN_UP(size, 4));
-
- if (!pdev->config[PCI_CAPABILITY_LIST])
- pdev->config[PCI_STATUS] &= ~PCI_STATUS_CAP_LIST;
-}
-
-uint8_t pci_find_capability(PCIDevice *pdev, uint8_t cap_id)
-{
- return pci_find_capability_list(pdev, cap_id, NULL);
-}
-
-static void pcibus_dev_print(Monitor *mon, DeviceState *dev, int indent)
-{
- PCIDevice *d = (PCIDevice *)dev;
- const pci_class_desc *desc;
- char ctxt[64];
- PCIIORegion *r;
- int i, class;
-
- class = pci_get_word(d->config + PCI_CLASS_DEVICE);
- desc = pci_class_descriptions;
- while (desc->desc && class != desc->class)
- desc++;
- if (desc->desc) {
- snprintf(ctxt, sizeof(ctxt), "%s", desc->desc);
- } else {
- snprintf(ctxt, sizeof(ctxt), "Class %04x", class);
- }
-
- monitor_printf(mon, "%*sclass %s, addr %02x:%02x.%x, "
- "pci id %04x:%04x (sub %04x:%04x)\n",
- indent, "", ctxt, pci_bus_num(d->bus),
- PCI_SLOT(d->devfn), PCI_FUNC(d->devfn),
- pci_get_word(d->config + PCI_VENDOR_ID),
- pci_get_word(d->config + PCI_DEVICE_ID),
- pci_get_word(d->config + PCI_SUBSYSTEM_VENDOR_ID),
- pci_get_word(d->config + PCI_SUBSYSTEM_ID));
- for (i = 0; i < PCI_NUM_REGIONS; i++) {
- r = &d->io_regions[i];
- if (!r->size)
- continue;
- monitor_printf(mon, "%*sbar %d: %s at 0x%"FMT_PCIBUS
- " [0x%"FMT_PCIBUS"]\n",
- indent, "",
- i, r->type & PCI_BASE_ADDRESS_SPACE_IO ? "i/o" : "mem",
- r->addr, r->addr + r->size - 1);
- }
-}
-
-static char *pci_dev_fw_name(DeviceState *dev, char *buf, int len)
-{
- PCIDevice *d = (PCIDevice *)dev;
- const char *name = NULL;
- const pci_class_desc *desc = pci_class_descriptions;
- int class = pci_get_word(d->config + PCI_CLASS_DEVICE);
-
- while (desc->desc &&
- (class & ~desc->fw_ign_bits) !=
- (desc->class & ~desc->fw_ign_bits)) {
- desc++;
- }
-
- if (desc->desc) {
- name = desc->fw_name;
- }
-
- if (name) {
- pstrcpy(buf, len, name);
- } else {
- snprintf(buf, len, "pci%04x,%04x",
- pci_get_word(d->config + PCI_VENDOR_ID),
- pci_get_word(d->config + PCI_DEVICE_ID));
- }
-
- return buf;
-}
-
-static char *pcibus_get_fw_dev_path(DeviceState *dev)
-{
- PCIDevice *d = (PCIDevice *)dev;
- char path[50], name[33];
- int off;
-
- off = snprintf(path, sizeof(path), "%s@%x",
- pci_dev_fw_name(dev, name, sizeof name),
- PCI_SLOT(d->devfn));
- if (PCI_FUNC(d->devfn))
- snprintf(path + off, sizeof(path) + off, ",%x", PCI_FUNC(d->devfn));
- return g_strdup(path);
-}
-
-static char *pcibus_get_dev_path(DeviceState *dev)
-{
- PCIDevice *d = container_of(dev, PCIDevice, qdev);
- PCIDevice *t;
- int slot_depth;
- /* Path format: Domain:00:Slot.Function:Slot.Function....:Slot.Function.
- * 00 is added here to make this format compatible with
- * domain:Bus:Slot.Func for systems without nested PCI bridges.
- * Slot.Function list specifies the slot and function numbers for all
- * devices on the path from root to the specific device. */
- char domain[] = "DDDD:00";
- char slot[] = ":SS.F";
- int domain_len = sizeof domain - 1 /* For '\0' */;
- int slot_len = sizeof slot - 1 /* For '\0' */;
- int path_len;
- char *path, *p;
- int s;
-
- /* Calculate # of slots on path between device and root. */;
- slot_depth = 0;
- for (t = d; t; t = t->bus->parent_dev) {
- ++slot_depth;
- }
-
- path_len = domain_len + slot_len * slot_depth;
-
- /* Allocate memory, fill in the terminating null byte. */
- path = g_malloc(path_len + 1 /* For '\0' */);
- path[path_len] = '\0';
-
- /* First field is the domain. */
- s = snprintf(domain, sizeof domain, "%04x:00", pci_find_domain(d->bus));
- assert(s == domain_len);
- memcpy(path, domain, domain_len);
-
- /* Fill in slot numbers. We walk up from device to root, so need to print
- * them in the reverse order, last to first. */
- p = path + path_len;
- for (t = d; t; t = t->bus->parent_dev) {
- p -= slot_len;
- s = snprintf(slot, sizeof slot, ":%02x.%x",
- PCI_SLOT(t->devfn), PCI_FUNC(t->devfn));
- assert(s == slot_len);
- memcpy(p, slot, slot_len);
- }
-
- return path;
-}
-
-static int pci_qdev_find_recursive(PCIBus *bus,
- const char *id, PCIDevice **pdev)
-{
- DeviceState *qdev = qdev_find_recursive(&bus->qbus, id);
- if (!qdev) {
- return -ENODEV;
- }
-
- /* roughly check if given qdev is pci device */
- if (object_dynamic_cast(OBJECT(qdev), TYPE_PCI_DEVICE)) {
- *pdev = PCI_DEVICE(qdev);
- return 0;
- }
- return -EINVAL;
-}
-
-int pci_qdev_find_device(const char *id, PCIDevice **pdev)
-{
- struct PCIHostBus *host;
- int rc = -ENODEV;
-
- QLIST_FOREACH(host, &host_buses, next) {
- int tmp = pci_qdev_find_recursive(host->bus, id, pdev);
- if (!tmp) {
- rc = 0;
- break;
- }
- if (tmp != -ENODEV) {
- rc = tmp;
- }
- }
-
- return rc;
-}
-
-MemoryRegion *pci_address_space(PCIDevice *dev)
-{
- return dev->bus->address_space_mem;
-}
-
-MemoryRegion *pci_address_space_io(PCIDevice *dev)
-{
- return dev->bus->address_space_io;
-}
-
-static void pci_device_class_init(ObjectClass *klass, void *data)
-{
- DeviceClass *k = DEVICE_CLASS(klass);
- k->init = pci_qdev_init;
- k->unplug = pci_unplug_device;
- k->exit = pci_unregister_device;
- k->bus_type = TYPE_PCI_BUS;
- k->props = pci_props;
-}
-
-void pci_setup_iommu(PCIBus *bus, PCIDMAContextFunc fn, void *opaque)
-{
- bus->dma_context_fn = fn;
- bus->dma_context_opaque = opaque;
-}
-
-static TypeInfo pci_device_type_info = {
- .name = TYPE_PCI_DEVICE,
- .parent = TYPE_DEVICE,
- .instance_size = sizeof(PCIDevice),
- .abstract = true,
- .class_size = sizeof(PCIDeviceClass),
- .class_init = pci_device_class_init,
-};
-
-static void pci_register_types(void)
-{
- type_register_static(&pci_bus_info);
- type_register_static(&pci_device_type_info);
-}
-
-type_init(pci_register_types)
diff --git a/hw/pci.h b/hw/pci.h
deleted file mode 100644
index 4da0c2a4c..000000000
--- a/hw/pci.h
+++ /dev/null
@@ -1,684 +0,0 @@
-#ifndef QEMU_PCI_H
-#define QEMU_PCI_H
-
-#include "qemu-common.h"
-
-#include "qdev.h"
-#include "memory.h"
-#include "dma.h"
-
-/* PCI includes legacy ISA access. */
-#include "isa.h"
-
-#include "pcie.h"
-
-/* PCI bus */
-
-#define PCI_DEVFN(slot, func) ((((slot) & 0x1f) << 3) | ((func) & 0x07))
-#define PCI_SLOT(devfn) (((devfn) >> 3) & 0x1f)
-#define PCI_FUNC(devfn) ((devfn) & 0x07)
-#define PCI_SLOT_MAX 32
-#define PCI_FUNC_MAX 8
-
-/* Class, Vendor and Device IDs from Linux's pci_ids.h */
-#include "pci_ids.h"
-
-/* QEMU-specific Vendor and Device ID definitions */
-
-/* IBM (0x1014) */
-#define PCI_DEVICE_ID_IBM_440GX 0x027f
-#define PCI_DEVICE_ID_IBM_OPENPIC2 0xffff
-
-/* Hitachi (0x1054) */
-#define PCI_VENDOR_ID_HITACHI 0x1054
-#define PCI_DEVICE_ID_HITACHI_SH7751R 0x350e
-
-/* Apple (0x106b) */
-#define PCI_DEVICE_ID_APPLE_343S1201 0x0010
-#define PCI_DEVICE_ID_APPLE_UNI_N_I_PCI 0x001e
-#define PCI_DEVICE_ID_APPLE_UNI_N_PCI 0x001f
-#define PCI_DEVICE_ID_APPLE_UNI_N_KEYL 0x0022
-#define PCI_DEVICE_ID_APPLE_IPID_USB 0x003f
-
-/* Realtek (0x10ec) */
-#define PCI_DEVICE_ID_REALTEK_8029 0x8029
-
-/* Xilinx (0x10ee) */
-#define PCI_DEVICE_ID_XILINX_XC2VP30 0x0300
-
-/* Marvell (0x11ab) */
-#define PCI_DEVICE_ID_MARVELL_GT6412X 0x4620
-
-/* QEMU/Bochs VGA (0x1234) */
-#define PCI_VENDOR_ID_QEMU 0x1234
-#define PCI_DEVICE_ID_QEMU_VGA 0x1111
-
-/* VMWare (0x15ad) */
-#define PCI_VENDOR_ID_VMWARE 0x15ad
-#define PCI_DEVICE_ID_VMWARE_SVGA2 0x0405
-#define PCI_DEVICE_ID_VMWARE_SVGA 0x0710
-#define PCI_DEVICE_ID_VMWARE_NET 0x0720
-#define PCI_DEVICE_ID_VMWARE_SCSI 0x0730
-#define PCI_DEVICE_ID_VMWARE_IDE 0x1729
-
-/* Intel (0x8086) */
-#define PCI_DEVICE_ID_INTEL_82551IT 0x1209
-#define PCI_DEVICE_ID_INTEL_82557 0x1229
-#define PCI_DEVICE_ID_INTEL_82801IR 0x2922
-
-/* Red Hat / Qumranet (for QEMU) -- see pci-ids.txt */
-#define PCI_VENDOR_ID_REDHAT_QUMRANET 0x1af4
-#define PCI_SUBVENDOR_ID_REDHAT_QUMRANET 0x1af4
-#define PCI_SUBDEVICE_ID_QEMU 0x1100
-
-#define PCI_DEVICE_ID_VIRTIO_NET 0x1000
-#define PCI_DEVICE_ID_VIRTIO_BLOCK 0x1001
-#define PCI_DEVICE_ID_VIRTIO_BALLOON 0x1002
-#define PCI_DEVICE_ID_VIRTIO_CONSOLE 0x1003
-#define PCI_DEVICE_ID_VIRTIO_SCSI 0x1004
-#define PCI_DEVICE_ID_VIRTIO_RNG 0x1005
-
-#define FMT_PCIBUS PRIx64
-
-typedef void PCIConfigWriteFunc(PCIDevice *pci_dev,
- uint32_t address, uint32_t data, int len);
-typedef uint32_t PCIConfigReadFunc(PCIDevice *pci_dev,
- uint32_t address, int len);
-typedef void PCIMapIORegionFunc(PCIDevice *pci_dev, int region_num,
- pcibus_t addr, pcibus_t size, int type);
-typedef void PCIUnregisterFunc(PCIDevice *pci_dev);
-
-typedef struct PCIIORegion {
- pcibus_t addr; /* current PCI mapping address. -1 means not mapped */
-#define PCI_BAR_UNMAPPED (~(pcibus_t)0)
- pcibus_t size;
- uint8_t type;
- MemoryRegion *memory;
- MemoryRegion *address_space;
-} PCIIORegion;
-
-#define PCI_ROM_SLOT 6
-#define PCI_NUM_REGIONS 7
-
-#include "pci_regs.h"
-
-/* PCI HEADER_TYPE */
-#define PCI_HEADER_TYPE_MULTI_FUNCTION 0x80
-
-/* Size of the standard PCI config header */
-#define PCI_CONFIG_HEADER_SIZE 0x40
-/* Size of the standard PCI config space */
-#define PCI_CONFIG_SPACE_SIZE 0x100
-/* Size of the standart PCIe config space: 4KB */
-#define PCIE_CONFIG_SPACE_SIZE 0x1000
-
-#define PCI_NUM_PINS 4 /* A-D */
-
-/* Bits in cap_present field. */
-enum {
- QEMU_PCI_CAP_MSI = 0x1,
- QEMU_PCI_CAP_MSIX = 0x2,
- QEMU_PCI_CAP_EXPRESS = 0x4,
-
- /* multifunction capable device */
-#define QEMU_PCI_CAP_MULTIFUNCTION_BITNR 3
- QEMU_PCI_CAP_MULTIFUNCTION = (1 << QEMU_PCI_CAP_MULTIFUNCTION_BITNR),
-
- /* command register SERR bit enabled */
-#define QEMU_PCI_CAP_SERR_BITNR 4
- QEMU_PCI_CAP_SERR = (1 << QEMU_PCI_CAP_SERR_BITNR),
- /* Standard hot plug controller. */
-#define QEMU_PCI_SHPC_BITNR 5
- QEMU_PCI_CAP_SHPC = (1 << QEMU_PCI_SHPC_BITNR),
-#define QEMU_PCI_SLOTID_BITNR 6
- QEMU_PCI_CAP_SLOTID = (1 << QEMU_PCI_SLOTID_BITNR),
-};
-
-#define TYPE_PCI_DEVICE "pci-device"
-#define PCI_DEVICE(obj) \
- OBJECT_CHECK(PCIDevice, (obj), TYPE_PCI_DEVICE)
-#define PCI_DEVICE_CLASS(klass) \
- OBJECT_CLASS_CHECK(PCIDeviceClass, (klass), TYPE_PCI_DEVICE)
-#define PCI_DEVICE_GET_CLASS(obj) \
- OBJECT_GET_CLASS(PCIDeviceClass, (obj), TYPE_PCI_DEVICE)
-
-typedef struct PCIINTxRoute {
- enum {
- PCI_INTX_ENABLED,
- PCI_INTX_INVERTED,
- PCI_INTX_DISABLED,
- } mode;
- int irq;
-} PCIINTxRoute;
-
-typedef struct PCIDeviceClass {
- DeviceClass parent_class;
-
- int (*init)(PCIDevice *dev);
- PCIUnregisterFunc *exit;
- PCIConfigReadFunc *config_read;
- PCIConfigWriteFunc *config_write;
-
- uint16_t vendor_id;
- uint16_t device_id;
- uint8_t revision;
- uint16_t class_id;
- uint16_t subsystem_vendor_id; /* only for header type = 0 */
- uint16_t subsystem_id; /* only for header type = 0 */
-
- /*
- * pci-to-pci bridge or normal device.
- * This doesn't mean pci host switch.
- * When card bus bridge is supported, this would be enhanced.
- */
- int is_bridge;
-
- /* pcie stuff */
- int is_express; /* is this device pci express? */
-
- /* device isn't hot-pluggable */
- int no_hotplug;
-
- /* rom bar */
- const char *romfile;
-} PCIDeviceClass;
-
-typedef void (*PCIINTxRoutingNotifier)(PCIDevice *dev);
-typedef int (*MSIVectorUseNotifier)(PCIDevice *dev, unsigned int vector,
- MSIMessage msg);
-typedef void (*MSIVectorReleaseNotifier)(PCIDevice *dev, unsigned int vector);
-
-struct PCIDevice {
- DeviceState qdev;
-
- /* PCI config space */
- uint8_t *config;
-
- /* Used to enable config checks on load. Note that writable bits are
- * never checked even if set in cmask. */
- uint8_t *cmask;
-
- /* Used to implement R/W bytes */
- uint8_t *wmask;
-
- /* Used to implement RW1C(Write 1 to Clear) bytes */
- uint8_t *w1cmask;
-
- /* Used to allocate config space for capabilities. */
- uint8_t *used;
-
- /* the following fields are read only */
- PCIBus *bus;
- int32_t devfn;
- char name[64];
- PCIIORegion io_regions[PCI_NUM_REGIONS];
- AddressSpace bus_master_as;
- MemoryRegion bus_master_enable_region;
- DMAContext *dma;
-
- /* do not access the following fields */
- PCIConfigReadFunc *config_read;
- PCIConfigWriteFunc *config_write;
-
- /* IRQ objects for the INTA-INTD pins. */
- qemu_irq *irq;
-
- /* Current IRQ levels. Used internally by the generic PCI code. */
- uint8_t irq_state;
-
- /* Capability bits */
- uint32_t cap_present;
-
- /* Offset of MSI-X capability in config space */
- uint8_t msix_cap;
-
- /* MSI-X entries */
- int msix_entries_nr;
-
- /* Space to store MSIX table & pending bit array */
- uint8_t *msix_table;
- uint8_t *msix_pba;
- /* MemoryRegion container for msix exclusive BAR setup */
- MemoryRegion msix_exclusive_bar;
- /* Memory Regions for MSIX table and pending bit entries. */
- MemoryRegion msix_table_mmio;
- MemoryRegion msix_pba_mmio;
- /* Reference-count for entries actually in use by driver. */
- unsigned *msix_entry_used;
- /* MSIX function mask set or MSIX disabled */
- bool msix_function_masked;
- /* Version id needed for VMState */
- int32_t version_id;
-
- /* Offset of MSI capability in config space */
- uint8_t msi_cap;
-
- /* PCI Express */
- PCIExpressDevice exp;
-
- /* SHPC */
- SHPCDevice *shpc;
-
- /* Location of option rom */
- char *romfile;
- bool has_rom;
- MemoryRegion rom;
- uint32_t rom_bar;
-
- /* INTx routing notifier */
- PCIINTxRoutingNotifier intx_routing_notifier;
-
- /* MSI-X notifiers */
- MSIVectorUseNotifier msix_vector_use_notifier;
- MSIVectorReleaseNotifier msix_vector_release_notifier;
-};
-
-void pci_register_bar(PCIDevice *pci_dev, int region_num,
- uint8_t attr, MemoryRegion *memory);
-pcibus_t pci_get_bar_addr(PCIDevice *pci_dev, int region_num);
-
-int pci_add_capability(PCIDevice *pdev, uint8_t cap_id,
- uint8_t offset, uint8_t size);
-
-void pci_del_capability(PCIDevice *pci_dev, uint8_t cap_id, uint8_t cap_size);
-
-uint8_t pci_find_capability(PCIDevice *pci_dev, uint8_t cap_id);
-
-
-uint32_t pci_default_read_config(PCIDevice *d,
- uint32_t address, int len);
-void pci_default_write_config(PCIDevice *d,
- uint32_t address, uint32_t val, int len);
-void pci_device_save(PCIDevice *s, QEMUFile *f);
-int pci_device_load(PCIDevice *s, QEMUFile *f);
-MemoryRegion *pci_address_space(PCIDevice *dev);
-MemoryRegion *pci_address_space_io(PCIDevice *dev);
-
-typedef void (*pci_set_irq_fn)(void *opaque, int irq_num, int level);
-typedef int (*pci_map_irq_fn)(PCIDevice *pci_dev, int irq_num);
-typedef PCIINTxRoute (*pci_route_irq_fn)(void *opaque, int pin);
-
-typedef enum {
- PCI_HOTPLUG_DISABLED,
- PCI_HOTPLUG_ENABLED,
- PCI_COLDPLUG_ENABLED,
-} PCIHotplugState;
-
-typedef int (*pci_hotplug_fn)(DeviceState *qdev, PCIDevice *pci_dev,
- PCIHotplugState state);
-void pci_bus_new_inplace(PCIBus *bus, DeviceState *parent,
- const char *name,
- MemoryRegion *address_space_mem,
- MemoryRegion *address_space_io,
- uint8_t devfn_min);
-PCIBus *pci_bus_new(DeviceState *parent, const char *name,
- MemoryRegion *address_space_mem,
- MemoryRegion *address_space_io,
- uint8_t devfn_min);
-void pci_bus_irqs(PCIBus *bus, pci_set_irq_fn set_irq, pci_map_irq_fn map_irq,
- void *irq_opaque, int nirq);
-int pci_bus_get_irq_level(PCIBus *bus, int irq_num);
-void pci_bus_hotplug(PCIBus *bus, pci_hotplug_fn hotplug, DeviceState *dev);
-/* 0 <= pin <= 3 0 = INTA, 1 = INTB, 2 = INTC, 3 = INTD */
-int pci_swizzle_map_irq_fn(PCIDevice *pci_dev, int pin);
-PCIBus *pci_register_bus(DeviceState *parent, const char *name,
- pci_set_irq_fn set_irq, pci_map_irq_fn map_irq,
- void *irq_opaque,
- MemoryRegion *address_space_mem,
- MemoryRegion *address_space_io,
- uint8_t devfn_min, int nirq);
-void pci_bus_set_route_irq_fn(PCIBus *, pci_route_irq_fn);
-PCIINTxRoute pci_device_route_intx_to_irq(PCIDevice *dev, int pin);
-bool pci_intx_route_changed(PCIINTxRoute *old, PCIINTxRoute *new);
-void pci_bus_fire_intx_routing_notifier(PCIBus *bus);
-void pci_device_set_intx_routing_notifier(PCIDevice *dev,
- PCIINTxRoutingNotifier notifier);
-void pci_device_reset(PCIDevice *dev);
-void pci_bus_reset(PCIBus *bus);
-
-PCIDevice *pci_nic_init(NICInfo *nd, const char *default_model,
- const char *default_devaddr);
-PCIDevice *pci_nic_init_nofail(NICInfo *nd, const char *default_model,
- const char *default_devaddr);
-
-PCIDevice *pci_vga_init(PCIBus *bus);
-
-int pci_bus_num(PCIBus *s);
-void pci_for_each_device(PCIBus *bus, int bus_num,
- void (*fn)(PCIBus *bus, PCIDevice *d, void *opaque),
- void *opaque);
-PCIBus *pci_find_root_bus(int domain);
-int pci_find_domain(const PCIBus *bus);
-PCIDevice *pci_find_device(PCIBus *bus, int bus_num, uint8_t devfn);
-int pci_qdev_find_device(const char *id, PCIDevice **pdev);
-PCIBus *pci_get_bus_devfn(int *devfnp, const char *devaddr);
-
-int pci_read_devaddr(Monitor *mon, const char *addr, int *domp, int *busp,
- unsigned *slotp);
-
-void pci_device_deassert_intx(PCIDevice *dev);
-
-typedef DMAContext *(*PCIDMAContextFunc)(PCIBus *, void *, int);
-
-void pci_setup_iommu(PCIBus *bus, PCIDMAContextFunc fn, void *opaque);
-
-static inline void
-pci_set_byte(uint8_t *config, uint8_t val)
-{
- *config = val;
-}
-
-static inline uint8_t
-pci_get_byte(const uint8_t *config)
-{
- return *config;
-}
-
-static inline void
-pci_set_word(uint8_t *config, uint16_t val)
-{
- cpu_to_le16wu((uint16_t *)config, val);
-}
-
-static inline uint16_t
-pci_get_word(const uint8_t *config)
-{
- return le16_to_cpupu((const uint16_t *)config);
-}
-
-static inline void
-pci_set_long(uint8_t *config, uint32_t val)
-{
- cpu_to_le32wu((uint32_t *)config, val);
-}
-
-static inline uint32_t
-pci_get_long(const uint8_t *config)
-{
- return le32_to_cpupu((const uint32_t *)config);
-}
-
-static inline void
-pci_set_quad(uint8_t *config, uint64_t val)
-{
- cpu_to_le64w((uint64_t *)config, val);
-}
-
-static inline uint64_t
-pci_get_quad(const uint8_t *config)
-{
- return le64_to_cpup((const uint64_t *)config);
-}
-
-static inline void
-pci_config_set_vendor_id(uint8_t *pci_config, uint16_t val)
-{
- pci_set_word(&pci_config[PCI_VENDOR_ID], val);
-}
-
-static inline void
-pci_config_set_device_id(uint8_t *pci_config, uint16_t val)
-{
- pci_set_word(&pci_config[PCI_DEVICE_ID], val);
-}
-
-static inline void
-pci_config_set_revision(uint8_t *pci_config, uint8_t val)
-{
- pci_set_byte(&pci_config[PCI_REVISION_ID], val);
-}
-
-static inline void
-pci_config_set_class(uint8_t *pci_config, uint16_t val)
-{
- pci_set_word(&pci_config[PCI_CLASS_DEVICE], val);
-}
-
-static inline void
-pci_config_set_prog_interface(uint8_t *pci_config, uint8_t val)
-{
- pci_set_byte(&pci_config[PCI_CLASS_PROG], val);
-}
-
-static inline void
-pci_config_set_interrupt_pin(uint8_t *pci_config, uint8_t val)
-{
- pci_set_byte(&pci_config[PCI_INTERRUPT_PIN], val);
-}
-
-/*
- * helper functions to do bit mask operation on configuration space.
- * Just to set bit, use test-and-set and discard returned value.
- * Just to clear bit, use test-and-clear and discard returned value.
- * NOTE: They aren't atomic.
- */
-static inline uint8_t
-pci_byte_test_and_clear_mask(uint8_t *config, uint8_t mask)
-{
- uint8_t val = pci_get_byte(config);
- pci_set_byte(config, val & ~mask);
- return val & mask;
-}
-
-static inline uint8_t
-pci_byte_test_and_set_mask(uint8_t *config, uint8_t mask)
-{
- uint8_t val = pci_get_byte(config);
- pci_set_byte(config, val | mask);
- return val & mask;
-}
-
-static inline uint16_t
-pci_word_test_and_clear_mask(uint8_t *config, uint16_t mask)
-{
- uint16_t val = pci_get_word(config);
- pci_set_word(config, val & ~mask);
- return val & mask;
-}
-
-static inline uint16_t
-pci_word_test_and_set_mask(uint8_t *config, uint16_t mask)
-{
- uint16_t val = pci_get_word(config);
- pci_set_word(config, val | mask);
- return val & mask;
-}
-
-static inline uint32_t
-pci_long_test_and_clear_mask(uint8_t *config, uint32_t mask)
-{
- uint32_t val = pci_get_long(config);
- pci_set_long(config, val & ~mask);
- return val & mask;
-}
-
-static inline uint32_t
-pci_long_test_and_set_mask(uint8_t *config, uint32_t mask)
-{
- uint32_t val = pci_get_long(config);
- pci_set_long(config, val | mask);
- return val & mask;
-}
-
-static inline uint64_t
-pci_quad_test_and_clear_mask(uint8_t *config, uint64_t mask)
-{
- uint64_t val = pci_get_quad(config);
- pci_set_quad(config, val & ~mask);
- return val & mask;
-}
-
-static inline uint64_t
-pci_quad_test_and_set_mask(uint8_t *config, uint64_t mask)
-{
- uint64_t val = pci_get_quad(config);
- pci_set_quad(config, val | mask);
- return val & mask;
-}
-
-/* Access a register specified by a mask */
-static inline void
-pci_set_byte_by_mask(uint8_t *config, uint8_t mask, uint8_t reg)
-{
- uint8_t val = pci_get_byte(config);
- uint8_t rval = reg << (ffs(mask) - 1);
- pci_set_byte(config, (~mask & val) | (mask & rval));
-}
-
-static inline uint8_t
-pci_get_byte_by_mask(uint8_t *config, uint8_t mask)
-{
- uint8_t val = pci_get_byte(config);
- return (val & mask) >> (ffs(mask) - 1);
-}
-
-static inline void
-pci_set_word_by_mask(uint8_t *config, uint16_t mask, uint16_t reg)
-{
- uint16_t val = pci_get_word(config);
- uint16_t rval = reg << (ffs(mask) - 1);
- pci_set_word(config, (~mask & val) | (mask & rval));
-}
-
-static inline uint16_t
-pci_get_word_by_mask(uint8_t *config, uint16_t mask)
-{
- uint16_t val = pci_get_word(config);
- return (val & mask) >> (ffs(mask) - 1);
-}
-
-static inline void
-pci_set_long_by_mask(uint8_t *config, uint32_t mask, uint32_t reg)
-{
- uint32_t val = pci_get_long(config);
- uint32_t rval = reg << (ffs(mask) - 1);
- pci_set_long(config, (~mask & val) | (mask & rval));
-}
-
-static inline uint32_t
-pci_get_long_by_mask(uint8_t *config, uint32_t mask)
-{
- uint32_t val = pci_get_long(config);
- return (val & mask) >> (ffs(mask) - 1);
-}
-
-static inline void
-pci_set_quad_by_mask(uint8_t *config, uint64_t mask, uint64_t reg)
-{
- uint64_t val = pci_get_quad(config);
- uint64_t rval = reg << (ffs(mask) - 1);
- pci_set_quad(config, (~mask & val) | (mask & rval));
-}
-
-static inline uint64_t
-pci_get_quad_by_mask(uint8_t *config, uint64_t mask)
-{
- uint64_t val = pci_get_quad(config);
- return (val & mask) >> (ffs(mask) - 1);
-}
-
-PCIDevice *pci_create_multifunction(PCIBus *bus, int devfn, bool multifunction,
- const char *name);
-PCIDevice *pci_create_simple_multifunction(PCIBus *bus, int devfn,
- bool multifunction,
- const char *name);
-PCIDevice *pci_create(PCIBus *bus, int devfn, const char *name);
-PCIDevice *pci_create_simple(PCIBus *bus, int devfn, const char *name);
-
-static inline int pci_is_express(const PCIDevice *d)
-{
- return d->cap_present & QEMU_PCI_CAP_EXPRESS;
-}
-
-static inline uint32_t pci_config_size(const PCIDevice *d)
-{
- return pci_is_express(d) ? PCIE_CONFIG_SPACE_SIZE : PCI_CONFIG_SPACE_SIZE;
-}
-
-/* DMA access functions */
-static inline DMAContext *pci_dma_context(PCIDevice *dev)
-{
- return dev->dma;
-}
-
-static inline int pci_dma_rw(PCIDevice *dev, dma_addr_t addr,
- void *buf, dma_addr_t len, DMADirection dir)
-{
- dma_memory_rw(pci_dma_context(dev), addr, buf, len, dir);
- return 0;
-}
-
-static inline int pci_dma_read(PCIDevice *dev, dma_addr_t addr,
- void *buf, dma_addr_t len)
-{
- return pci_dma_rw(dev, addr, buf, len, DMA_DIRECTION_TO_DEVICE);
-}
-
-static inline int pci_dma_write(PCIDevice *dev, dma_addr_t addr,
- const void *buf, dma_addr_t len)
-{
- return pci_dma_rw(dev, addr, (void *) buf, len, DMA_DIRECTION_FROM_DEVICE);
-}
-
-#define PCI_DMA_DEFINE_LDST(_l, _s, _bits) \
- static inline uint##_bits##_t ld##_l##_pci_dma(PCIDevice *dev, \
- dma_addr_t addr) \
- { \
- return ld##_l##_dma(pci_dma_context(dev), addr); \
- } \
- static inline void st##_s##_pci_dma(PCIDevice *dev, \
- dma_addr_t addr, uint##_bits##_t val) \
- { \
- st##_s##_dma(pci_dma_context(dev), addr, val); \
- }
-
-PCI_DMA_DEFINE_LDST(ub, b, 8);
-PCI_DMA_DEFINE_LDST(uw_le, w_le, 16)
-PCI_DMA_DEFINE_LDST(l_le, l_le, 32);
-PCI_DMA_DEFINE_LDST(q_le, q_le, 64);
-PCI_DMA_DEFINE_LDST(uw_be, w_be, 16)
-PCI_DMA_DEFINE_LDST(l_be, l_be, 32);
-PCI_DMA_DEFINE_LDST(q_be, q_be, 64);
-
-#undef PCI_DMA_DEFINE_LDST
-
-static inline void *pci_dma_map(PCIDevice *dev, dma_addr_t addr,
- dma_addr_t *plen, DMADirection dir)
-{
- void *buf;
-
- buf = dma_memory_map(pci_dma_context(dev), addr, plen, dir);
- return buf;
-}
-
-static inline void pci_dma_unmap(PCIDevice *dev, void *buffer, dma_addr_t len,
- DMADirection dir, dma_addr_t access_len)
-{
- dma_memory_unmap(pci_dma_context(dev), buffer, len, dir, access_len);
-}
-
-static inline void pci_dma_sglist_init(QEMUSGList *qsg, PCIDevice *dev,
- int alloc_hint)
-{
- qemu_sglist_init(qsg, alloc_hint, pci_dma_context(dev));
-}
-
-extern const VMStateDescription vmstate_pci_device;
-
-#define VMSTATE_PCI_DEVICE(_field, _state) { \
- .name = (stringify(_field)), \
- .size = sizeof(PCIDevice), \
- .vmsd = &vmstate_pci_device, \
- .flags = VMS_STRUCT, \
- .offset = vmstate_offset_value(_state, _field, PCIDevice), \
-}
-
-#define VMSTATE_PCI_DEVICE_POINTER(_field, _state) { \
- .name = (stringify(_field)), \
- .size = sizeof(PCIDevice), \
- .vmsd = &vmstate_pci_device, \
- .flags = VMS_STRUCT|VMS_POINTER, \
- .offset = vmstate_offset_pointer(_state, _field, PCIDevice), \
-}
-
-#endif
diff --git a/hw/pci/Makefile.objs b/hw/pci/Makefile.objs
new file mode 100644
index 000000000..720f438ac
--- /dev/null
+++ b/hw/pci/Makefile.objs
@@ -0,0 +1,11 @@
+common-obj-$(CONFIG_PCI) += pci.o pci_bridge.o
+common-obj-$(CONFIG_PCI) += msix.o msi.o
+common-obj-$(CONFIG_PCI) += shpc.o
+common-obj-$(CONFIG_PCI) += slotid_cap.o
+common-obj-$(CONFIG_PCI) += pci_host.o pcie_host.o
+common-obj-$(CONFIG_PCI) += pcie.o pcie_aer.o pcie_port.o
+
+common-obj-$(CONFIG_NO_PCI) += pci-stub.o
+common-obj-$(CONFIG_ALL) += pci-stub.o
+
+common-obj-$(CONFIG_PCI_HOTPLUG_OLD) += pci-hotplug-old.o
diff --git a/hw/pci/msi.c b/hw/pci/msi.c
new file mode 100644
index 000000000..2a04d1888
--- /dev/null
+++ b/hw/pci/msi.c
@@ -0,0 +1,395 @@
+/*
+ * msi.c
+ *
+ * Copyright (c) 2010 Isaku Yamahata <yamahata at valinux co jp>
+ * VA Linux Systems Japan K.K.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "hw/pci/msi.h"
+#include "qemu/range.h"
+
+/* Eventually those constants should go to Linux pci_regs.h */
+#define PCI_MSI_PENDING_32 0x10
+#define PCI_MSI_PENDING_64 0x14
+
+/* PCI_MSI_ADDRESS_LO */
+#define PCI_MSI_ADDRESS_LO_MASK (~0x3)
+
+/* If we get rid of cap allocator, we won't need those. */
+#define PCI_MSI_32_SIZEOF 0x0a
+#define PCI_MSI_64_SIZEOF 0x0e
+#define PCI_MSI_32M_SIZEOF 0x14
+#define PCI_MSI_64M_SIZEOF 0x18
+
+#define PCI_MSI_VECTORS_MAX 32
+
+/* Flag for interrupt controller to declare MSI/MSI-X support */
+bool msi_supported;
+
+/* If we get rid of cap allocator, we won't need this. */
+static inline uint8_t msi_cap_sizeof(uint16_t flags)
+{
+ switch (flags & (PCI_MSI_FLAGS_MASKBIT | PCI_MSI_FLAGS_64BIT)) {
+ case PCI_MSI_FLAGS_MASKBIT | PCI_MSI_FLAGS_64BIT:
+ return PCI_MSI_64M_SIZEOF;
+ case PCI_MSI_FLAGS_64BIT:
+ return PCI_MSI_64_SIZEOF;
+ case PCI_MSI_FLAGS_MASKBIT:
+ return PCI_MSI_32M_SIZEOF;
+ case 0:
+ return PCI_MSI_32_SIZEOF;
+ default:
+ abort();
+ break;
+ }
+ return 0;
+}
+
+//#define MSI_DEBUG
+
+#ifdef MSI_DEBUG
+# define MSI_DPRINTF(fmt, ...) \
+ fprintf(stderr, "%s:%d " fmt, __func__, __LINE__, ## __VA_ARGS__)
+#else
+# define MSI_DPRINTF(fmt, ...) do { } while (0)
+#endif
+#define MSI_DEV_PRINTF(dev, fmt, ...) \
+ MSI_DPRINTF("%s:%x " fmt, (dev)->name, (dev)->devfn, ## __VA_ARGS__)
+
+static inline unsigned int msi_nr_vectors(uint16_t flags)
+{
+ return 1U <<
+ ((flags & PCI_MSI_FLAGS_QSIZE) >> (ffs(PCI_MSI_FLAGS_QSIZE) - 1));
+}
+
+static inline uint8_t msi_flags_off(const PCIDevice* dev)
+{
+ return dev->msi_cap + PCI_MSI_FLAGS;
+}
+
+static inline uint8_t msi_address_lo_off(const PCIDevice* dev)
+{
+ return dev->msi_cap + PCI_MSI_ADDRESS_LO;
+}
+
+static inline uint8_t msi_address_hi_off(const PCIDevice* dev)
+{
+ return dev->msi_cap + PCI_MSI_ADDRESS_HI;
+}
+
+static inline uint8_t msi_data_off(const PCIDevice* dev, bool msi64bit)
+{
+ return dev->msi_cap + (msi64bit ? PCI_MSI_DATA_64 : PCI_MSI_DATA_32);
+}
+
+static inline uint8_t msi_mask_off(const PCIDevice* dev, bool msi64bit)
+{
+ return dev->msi_cap + (msi64bit ? PCI_MSI_MASK_64 : PCI_MSI_MASK_32);
+}
+
+static inline uint8_t msi_pending_off(const PCIDevice* dev, bool msi64bit)
+{
+ return dev->msi_cap + (msi64bit ? PCI_MSI_PENDING_64 : PCI_MSI_PENDING_32);
+}
+
+/*
+ * Special API for POWER to configure the vectors through
+ * a side channel. Should never be used by devices.
+ */
+void msi_set_message(PCIDevice *dev, MSIMessage msg)
+{
+ uint16_t flags = pci_get_word(dev->config + msi_flags_off(dev));
+ bool msi64bit = flags & PCI_MSI_FLAGS_64BIT;
+
+ if (msi64bit) {
+ pci_set_quad(dev->config + msi_address_lo_off(dev), msg.address);
+ } else {
+ pci_set_long(dev->config + msi_address_lo_off(dev), msg.address);
+ }
+ pci_set_word(dev->config + msi_data_off(dev, msi64bit), msg.data);
+}
+
+MSIMessage msi_get_message(PCIDevice *dev, unsigned int vector)
+{
+ uint16_t flags = pci_get_word(dev->config + msi_flags_off(dev));
+ bool msi64bit = flags & PCI_MSI_FLAGS_64BIT;
+ unsigned int nr_vectors = msi_nr_vectors(flags);
+ MSIMessage msg;
+
+ assert(vector < nr_vectors);
+
+ if (msi64bit) {
+ msg.address = pci_get_quad(dev->config + msi_address_lo_off(dev));
+ } else {
+ msg.address = pci_get_long(dev->config + msi_address_lo_off(dev));
+ }
+
+ /* upper bit 31:16 is zero */
+ msg.data = pci_get_word(dev->config + msi_data_off(dev, msi64bit));
+ if (nr_vectors > 1) {
+ msg.data &= ~(nr_vectors - 1);
+ msg.data |= vector;
+ }
+
+ return msg;
+}
+
+bool msi_enabled(const PCIDevice *dev)
+{
+ return msi_present(dev) &&
+ (pci_get_word(dev->config + msi_flags_off(dev)) &
+ PCI_MSI_FLAGS_ENABLE);
+}
+
+int msi_init(struct PCIDevice *dev, uint8_t offset,
+ unsigned int nr_vectors, bool msi64bit, bool msi_per_vector_mask)
+{
+ unsigned int vectors_order;
+ uint16_t flags;
+ uint8_t cap_size;
+ int config_offset;
+
+ if (!msi_supported) {
+ return -ENOTSUP;
+ }
+
+ MSI_DEV_PRINTF(dev,
+ "init offset: 0x%"PRIx8" vector: %"PRId8
+ " 64bit %d mask %d\n",
+ offset, nr_vectors, msi64bit, msi_per_vector_mask);
+
+ assert(!(nr_vectors & (nr_vectors - 1))); /* power of 2 */
+ assert(nr_vectors > 0);
+ assert(nr_vectors <= PCI_MSI_VECTORS_MAX);
+ /* the nr of MSI vectors is up to 32 */
+ vectors_order = ffs(nr_vectors) - 1;
+
+ flags = vectors_order << (ffs(PCI_MSI_FLAGS_QMASK) - 1);
+ if (msi64bit) {
+ flags |= PCI_MSI_FLAGS_64BIT;
+ }
+ if (msi_per_vector_mask) {
+ flags |= PCI_MSI_FLAGS_MASKBIT;
+ }
+
+ cap_size = msi_cap_sizeof(flags);
+ config_offset = pci_add_capability(dev, PCI_CAP_ID_MSI, offset, cap_size);
+ if (config_offset < 0) {
+ return config_offset;
+ }
+
+ dev->msi_cap = config_offset;
+ dev->cap_present |= QEMU_PCI_CAP_MSI;
+
+ pci_set_word(dev->config + msi_flags_off(dev), flags);
+ pci_set_word(dev->wmask + msi_flags_off(dev),
+ PCI_MSI_FLAGS_QSIZE | PCI_MSI_FLAGS_ENABLE);
+ pci_set_long(dev->wmask + msi_address_lo_off(dev),
+ PCI_MSI_ADDRESS_LO_MASK);
+ if (msi64bit) {
+ pci_set_long(dev->wmask + msi_address_hi_off(dev), 0xffffffff);
+ }
+ pci_set_word(dev->wmask + msi_data_off(dev, msi64bit), 0xffff);
+
+ if (msi_per_vector_mask) {
+ /* Make mask bits 0 to nr_vectors - 1 writable. */
+ pci_set_long(dev->wmask + msi_mask_off(dev, msi64bit),
+ 0xffffffff >> (PCI_MSI_VECTORS_MAX - nr_vectors));
+ }
+ return config_offset;
+}
+
+void msi_uninit(struct PCIDevice *dev)
+{
+ uint16_t flags;
+ uint8_t cap_size;
+
+ if (!msi_present(dev)) {
+ return;
+ }
+ flags = pci_get_word(dev->config + msi_flags_off(dev));
+ cap_size = msi_cap_sizeof(flags);
+ pci_del_capability(dev, PCI_CAP_ID_MSI, cap_size);
+ dev->cap_present &= ~QEMU_PCI_CAP_MSI;
+
+ MSI_DEV_PRINTF(dev, "uninit\n");
+}
+
+void msi_reset(PCIDevice *dev)
+{
+ uint16_t flags;
+ bool msi64bit;
+
+ if (!msi_present(dev)) {
+ return;
+ }
+
+ flags = pci_get_word(dev->config + msi_flags_off(dev));
+ flags &= ~(PCI_MSI_FLAGS_QSIZE | PCI_MSI_FLAGS_ENABLE);
+ msi64bit = flags & PCI_MSI_FLAGS_64BIT;
+
+ pci_set_word(dev->config + msi_flags_off(dev), flags);
+ pci_set_long(dev->config + msi_address_lo_off(dev), 0);
+ if (msi64bit) {
+ pci_set_long(dev->config + msi_address_hi_off(dev), 0);
+ }
+ pci_set_word(dev->config + msi_data_off(dev, msi64bit), 0);
+ if (flags & PCI_MSI_FLAGS_MASKBIT) {
+ pci_set_long(dev->config + msi_mask_off(dev, msi64bit), 0);
+ pci_set_long(dev->config + msi_pending_off(dev, msi64bit), 0);
+ }
+ MSI_DEV_PRINTF(dev, "reset\n");
+}
+
+static bool msi_is_masked(const PCIDevice *dev, unsigned int vector)
+{
+ uint16_t flags = pci_get_word(dev->config + msi_flags_off(dev));
+ uint32_t mask;
+ assert(vector < PCI_MSI_VECTORS_MAX);
+
+ if (!(flags & PCI_MSI_FLAGS_MASKBIT)) {
+ return false;
+ }
+
+ mask = pci_get_long(dev->config +
+ msi_mask_off(dev, flags & PCI_MSI_FLAGS_64BIT));
+ return mask & (1U << vector);
+}
+
+void msi_notify(PCIDevice *dev, unsigned int vector)
+{
+ uint16_t flags = pci_get_word(dev->config + msi_flags_off(dev));
+ bool msi64bit = flags & PCI_MSI_FLAGS_64BIT;
+ unsigned int nr_vectors = msi_nr_vectors(flags);
+ MSIMessage msg;
+
+ assert(vector < nr_vectors);
+ if (msi_is_masked(dev, vector)) {
+ assert(flags & PCI_MSI_FLAGS_MASKBIT);
+ pci_long_test_and_set_mask(
+ dev->config + msi_pending_off(dev, msi64bit), 1U << vector);
+ MSI_DEV_PRINTF(dev, "pending vector 0x%x\n", vector);
+ return;
+ }
+
+ msg = msi_get_message(dev, vector);
+
+ MSI_DEV_PRINTF(dev,
+ "notify vector 0x%x"
+ " address: 0x%"PRIx64" data: 0x%"PRIx32"\n",
+ vector, msg.address, msg.data);
+ stl_le_phys(msg.address, msg.data);
+}
+
+/* Normally called by pci_default_write_config(). */
+void msi_write_config(PCIDevice *dev, uint32_t addr, uint32_t val, int len)
+{
+ uint16_t flags = pci_get_word(dev->config + msi_flags_off(dev));
+ bool msi64bit = flags & PCI_MSI_FLAGS_64BIT;
+ bool msi_per_vector_mask = flags & PCI_MSI_FLAGS_MASKBIT;
+ unsigned int nr_vectors;
+ uint8_t log_num_vecs;
+ uint8_t log_max_vecs;
+ unsigned int vector;
+ uint32_t pending;
+
+ if (!msi_present(dev) ||
+ !ranges_overlap(addr, len, dev->msi_cap, msi_cap_sizeof(flags))) {
+ return;
+ }
+
+#ifdef MSI_DEBUG
+ MSI_DEV_PRINTF(dev, "addr 0x%"PRIx32" val 0x%"PRIx32" len %d\n",
+ addr, val, len);
+ MSI_DEV_PRINTF(dev, "ctrl: 0x%"PRIx16" address: 0x%"PRIx32,
+ flags,
+ pci_get_long(dev->config + msi_address_lo_off(dev)));
+ if (msi64bit) {
+ fprintf(stderr, " address-hi: 0x%"PRIx32,
+ pci_get_long(dev->config + msi_address_hi_off(dev)));
+ }
+ fprintf(stderr, " data: 0x%"PRIx16,
+ pci_get_word(dev->config + msi_data_off(dev, msi64bit)));
+ if (flags & PCI_MSI_FLAGS_MASKBIT) {
+ fprintf(stderr, " mask 0x%"PRIx32" pending 0x%"PRIx32,
+ pci_get_long(dev->config + msi_mask_off(dev, msi64bit)),
+ pci_get_long(dev->config + msi_pending_off(dev, msi64bit)));
+ }
+ fprintf(stderr, "\n");
+#endif
+
+ if (!(flags & PCI_MSI_FLAGS_ENABLE)) {
+ return;
+ }
+
+ /*
+ * Now MSI is enabled, clear INTx# interrupts.
+ * the driver is prohibited from writing enable bit to mask
+ * a service request. But the guest OS could do this.
+ * So we just discard the interrupts as moderate fallback.
+ *
+ * 6.8.3.3. Enabling Operation
+ * While enabled for MSI or MSI-X operation, a function is prohibited
+ * from using its INTx# pin (if implemented) to request
+ * service (MSI, MSI-X, and INTx# are mutually exclusive).
+ */
+ pci_device_deassert_intx(dev);
+
+ /*
+ * nr_vectors might be set bigger than capable. So clamp it.
+ * This is not legal by spec, so we can do anything we like,
+ * just don't crash the host
+ */
+ log_num_vecs =
+ (flags & PCI_MSI_FLAGS_QSIZE) >> (ffs(PCI_MSI_FLAGS_QSIZE) - 1);
+ log_max_vecs =
+ (flags & PCI_MSI_FLAGS_QMASK) >> (ffs(PCI_MSI_FLAGS_QMASK) - 1);
+ if (log_num_vecs > log_max_vecs) {
+ flags &= ~PCI_MSI_FLAGS_QSIZE;
+ flags |= log_max_vecs << (ffs(PCI_MSI_FLAGS_QSIZE) - 1);
+ pci_set_word(dev->config + msi_flags_off(dev), flags);
+ }
+
+ if (!msi_per_vector_mask) {
+ /* if per vector masking isn't supported,
+ there is no pending interrupt. */
+ return;
+ }
+
+ nr_vectors = msi_nr_vectors(flags);
+
+ /* This will discard pending interrupts, if any. */
+ pending = pci_get_long(dev->config + msi_pending_off(dev, msi64bit));
+ pending &= 0xffffffff >> (PCI_MSI_VECTORS_MAX - nr_vectors);
+ pci_set_long(dev->config + msi_pending_off(dev, msi64bit), pending);
+
+ /* deliver pending interrupts which are unmasked */
+ for (vector = 0; vector < nr_vectors; ++vector) {
+ if (msi_is_masked(dev, vector) || !(pending & (1U << vector))) {
+ continue;
+ }
+
+ pci_long_test_and_clear_mask(
+ dev->config + msi_pending_off(dev, msi64bit), 1U << vector);
+ msi_notify(dev, vector);
+ }
+}
+
+unsigned int msi_nr_vectors_allocated(const PCIDevice *dev)
+{
+ uint16_t flags = pci_get_word(dev->config + msi_flags_off(dev));
+ return msi_nr_vectors(flags);
+}
diff --git a/hw/pci/msix.c b/hw/pci/msix.c
new file mode 100644
index 000000000..3430770f3
--- /dev/null
+++ b/hw/pci/msix.c
@@ -0,0 +1,604 @@
+/*
+ * MSI-X device support
+ *
+ * This module includes support for MSI-X in pci devices.
+ *
+ * Author: Michael S. Tsirkin <mst@redhat.com>
+ *
+ * Copyright (c) 2009, Red Hat Inc, Michael S. Tsirkin (mst@redhat.com)
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2. See
+ * the COPYING file in the top-level directory.
+ *
+ * Contributions after 2012-01-13 are licensed under the terms of the
+ * GNU GPL, version 2 or (at your option) any later version.
+ */
+
+#include "hw/hw.h"
+#include "hw/pci/msi.h"
+#include "hw/pci/msix.h"
+#include "hw/pci/pci.h"
+#include "qemu/range.h"
+
+#define MSIX_CAP_LENGTH 12
+
+/* MSI enable bit and maskall bit are in byte 1 in FLAGS register */
+#define MSIX_CONTROL_OFFSET (PCI_MSIX_FLAGS + 1)
+#define MSIX_ENABLE_MASK (PCI_MSIX_FLAGS_ENABLE >> 8)
+#define MSIX_MASKALL_MASK (PCI_MSIX_FLAGS_MASKALL >> 8)
+
+MSIMessage msix_get_message(PCIDevice *dev, unsigned vector)
+{
+ uint8_t *table_entry = dev->msix_table + vector * PCI_MSIX_ENTRY_SIZE;
+ MSIMessage msg;
+
+ msg.address = pci_get_quad(table_entry + PCI_MSIX_ENTRY_LOWER_ADDR);
+ msg.data = pci_get_long(table_entry + PCI_MSIX_ENTRY_DATA);
+ return msg;
+}
+
+/*
+ * Special API for POWER to configure the vectors through
+ * a side channel. Should never be used by devices.
+ */
+void msix_set_message(PCIDevice *dev, int vector, struct MSIMessage msg)
+{
+ uint8_t *table_entry = dev->msix_table + vector * PCI_MSIX_ENTRY_SIZE;
+
+ pci_set_quad(table_entry + PCI_MSIX_ENTRY_LOWER_ADDR, msg.address);
+ pci_set_long(table_entry + PCI_MSIX_ENTRY_DATA, msg.data);
+ table_entry[PCI_MSIX_ENTRY_VECTOR_CTRL] &= ~PCI_MSIX_ENTRY_CTRL_MASKBIT;
+}
+
+static uint8_t msix_pending_mask(int vector)
+{
+ return 1 << (vector % 8);
+}
+
+static uint8_t *msix_pending_byte(PCIDevice *dev, int vector)
+{
+ return dev->msix_pba + vector / 8;
+}
+
+static int msix_is_pending(PCIDevice *dev, int vector)
+{
+ return *msix_pending_byte(dev, vector) & msix_pending_mask(vector);
+}
+
+void msix_set_pending(PCIDevice *dev, unsigned int vector)
+{
+ *msix_pending_byte(dev, vector) |= msix_pending_mask(vector);
+}
+
+static void msix_clr_pending(PCIDevice *dev, int vector)
+{
+ *msix_pending_byte(dev, vector) &= ~msix_pending_mask(vector);
+}
+
+static bool msix_vector_masked(PCIDevice *dev, unsigned int vector, bool fmask)
+{
+ unsigned offset = vector * PCI_MSIX_ENTRY_SIZE + PCI_MSIX_ENTRY_VECTOR_CTRL;
+ return fmask || dev->msix_table[offset] & PCI_MSIX_ENTRY_CTRL_MASKBIT;
+}
+
+bool msix_is_masked(PCIDevice *dev, unsigned int vector)
+{
+ return msix_vector_masked(dev, vector, dev->msix_function_masked);
+}
+
+static void msix_fire_vector_notifier(PCIDevice *dev,
+ unsigned int vector, bool is_masked)
+{
+ MSIMessage msg;
+ int ret;
+
+ if (!dev->msix_vector_use_notifier) {
+ return;
+ }
+ if (is_masked) {
+ dev->msix_vector_release_notifier(dev, vector);
+ } else {
+ msg = msix_get_message(dev, vector);
+ ret = dev->msix_vector_use_notifier(dev, vector, msg);
+ assert(ret >= 0);
+ }
+}
+
+static void msix_handle_mask_update(PCIDevice *dev, int vector, bool was_masked)
+{
+ bool is_masked = msix_is_masked(dev, vector);
+
+ if (is_masked == was_masked) {
+ return;
+ }
+
+ msix_fire_vector_notifier(dev, vector, is_masked);
+
+ if (!is_masked && msix_is_pending(dev, vector)) {
+ msix_clr_pending(dev, vector);
+ msix_notify(dev, vector);
+ }
+}
+
+static void msix_update_function_masked(PCIDevice *dev)
+{
+ dev->msix_function_masked = !msix_enabled(dev) ||
+ (dev->config[dev->msix_cap + MSIX_CONTROL_OFFSET] & MSIX_MASKALL_MASK);
+}
+
+/* Handle MSI-X capability config write. */
+void msix_write_config(PCIDevice *dev, uint32_t addr,
+ uint32_t val, int len)
+{
+ unsigned enable_pos = dev->msix_cap + MSIX_CONTROL_OFFSET;
+ int vector;
+ bool was_masked;
+
+ if (!msix_present(dev) || !range_covers_byte(addr, len, enable_pos)) {
+ return;
+ }
+
+ was_masked = dev->msix_function_masked;
+ msix_update_function_masked(dev);
+
+ if (!msix_enabled(dev)) {
+ return;
+ }
+
+ pci_device_deassert_intx(dev);
+
+ if (dev->msix_function_masked == was_masked) {
+ return;
+ }
+
+ for (vector = 0; vector < dev->msix_entries_nr; ++vector) {
+ msix_handle_mask_update(dev, vector,
+ msix_vector_masked(dev, vector, was_masked));
+ }
+}
+
+static uint64_t msix_table_mmio_read(void *opaque, hwaddr addr,
+ unsigned size)
+{
+ PCIDevice *dev = opaque;
+
+ return pci_get_long(dev->msix_table + addr);
+}
+
+static void msix_table_mmio_write(void *opaque, hwaddr addr,
+ uint64_t val, unsigned size)
+{
+ PCIDevice *dev = opaque;
+ int vector = addr / PCI_MSIX_ENTRY_SIZE;
+ bool was_masked;
+
+ was_masked = msix_is_masked(dev, vector);
+ pci_set_long(dev->msix_table + addr, val);
+ msix_handle_mask_update(dev, vector, was_masked);
+}
+
+static const MemoryRegionOps msix_table_mmio_ops = {
+ .read = msix_table_mmio_read,
+ .write = msix_table_mmio_write,
+ .endianness = DEVICE_LITTLE_ENDIAN,
+ .valid = {
+ .min_access_size = 4,
+ .max_access_size = 4,
+ },
+};
+
+static uint64_t msix_pba_mmio_read(void *opaque, hwaddr addr,
+ unsigned size)
+{
+ PCIDevice *dev = opaque;
+ if (dev->msix_vector_poll_notifier) {
+ unsigned vector_start = addr * 8;
+ unsigned vector_end = MIN(addr + size * 8, dev->msix_entries_nr);
+ dev->msix_vector_poll_notifier(dev, vector_start, vector_end);
+ }
+
+ return pci_get_long(dev->msix_pba + addr);
+}
+
+static const MemoryRegionOps msix_pba_mmio_ops = {
+ .read = msix_pba_mmio_read,
+ .endianness = DEVICE_LITTLE_ENDIAN,
+ .valid = {
+ .min_access_size = 4,
+ .max_access_size = 4,
+ },
+};
+
+static void msix_mask_all(struct PCIDevice *dev, unsigned nentries)
+{
+ int vector;
+
+ for (vector = 0; vector < nentries; ++vector) {
+ unsigned offset =
+ vector * PCI_MSIX_ENTRY_SIZE + PCI_MSIX_ENTRY_VECTOR_CTRL;
+ bool was_masked = msix_is_masked(dev, vector);
+
+ dev->msix_table[offset] |= PCI_MSIX_ENTRY_CTRL_MASKBIT;
+ msix_handle_mask_update(dev, vector, was_masked);
+ }
+}
+
+/* Initialize the MSI-X structures */
+int msix_init(struct PCIDevice *dev, unsigned short nentries,
+ MemoryRegion *table_bar, uint8_t table_bar_nr,
+ unsigned table_offset, MemoryRegion *pba_bar,
+ uint8_t pba_bar_nr, unsigned pba_offset, uint8_t cap_pos)
+{
+ int cap;
+ unsigned table_size, pba_size;
+ uint8_t *config;
+
+ /* Nothing to do if MSI is not supported by interrupt controller */
+ if (!msi_supported) {
+ return -ENOTSUP;
+ }
+
+ if (nentries < 1 || nentries > PCI_MSIX_FLAGS_QSIZE + 1) {
+ return -EINVAL;
+ }
+
+ table_size = nentries * PCI_MSIX_ENTRY_SIZE;
+ pba_size = QEMU_ALIGN_UP(nentries, 64) / 8;
+
+ /* Sanity test: table & pba don't overlap, fit within BARs, min aligned */
+ if ((table_bar_nr == pba_bar_nr &&
+ ranges_overlap(table_offset, table_size, pba_offset, pba_size)) ||
+ table_offset + table_size > memory_region_size(table_bar) ||
+ pba_offset + pba_size > memory_region_size(pba_bar) ||
+ (table_offset | pba_offset) & PCI_MSIX_FLAGS_BIRMASK) {
+ return -EINVAL;
+ }
+
+ cap = pci_add_capability(dev, PCI_CAP_ID_MSIX, cap_pos, MSIX_CAP_LENGTH);
+ if (cap < 0) {
+ return cap;
+ }
+
+ dev->msix_cap = cap;
+ dev->cap_present |= QEMU_PCI_CAP_MSIX;
+ config = dev->config + cap;
+
+ pci_set_word(config + PCI_MSIX_FLAGS, nentries - 1);
+ dev->msix_entries_nr = nentries;
+ dev->msix_function_masked = true;
+
+ pci_set_long(config + PCI_MSIX_TABLE, table_offset | table_bar_nr);
+ pci_set_long(config + PCI_MSIX_PBA, pba_offset | pba_bar_nr);
+
+ /* Make flags bit writable. */
+ dev->wmask[cap + MSIX_CONTROL_OFFSET] |= MSIX_ENABLE_MASK |
+ MSIX_MASKALL_MASK;
+
+ dev->msix_table = g_malloc0(table_size);
+ dev->msix_pba = g_malloc0(pba_size);
+ dev->msix_entry_used = g_malloc0(nentries * sizeof *dev->msix_entry_used);
+
+ msix_mask_all(dev, nentries);
+
+ memory_region_init_io(&dev->msix_table_mmio, OBJECT(dev), &msix_table_mmio_ops, dev,
+ "msix-table", table_size);
+ memory_region_add_subregion(table_bar, table_offset, &dev->msix_table_mmio);
+ memory_region_init_io(&dev->msix_pba_mmio, OBJECT(dev), &msix_pba_mmio_ops, dev,
+ "msix-pba", pba_size);
+ memory_region_add_subregion(pba_bar, pba_offset, &dev->msix_pba_mmio);
+
+ return 0;
+}
+
+int msix_init_exclusive_bar(PCIDevice *dev, unsigned short nentries,
+ uint8_t bar_nr)
+{
+ int ret;
+ char *name;
+
+ /*
+ * Migration compatibility dictates that this remains a 4k
+ * BAR with the vector table in the lower half and PBA in
+ * the upper half. Do not use these elsewhere!
+ */
+#define MSIX_EXCLUSIVE_BAR_SIZE 4096
+#define MSIX_EXCLUSIVE_BAR_TABLE_OFFSET 0
+#define MSIX_EXCLUSIVE_BAR_PBA_OFFSET (MSIX_EXCLUSIVE_BAR_SIZE / 2)
+#define MSIX_EXCLUSIVE_CAP_OFFSET 0
+
+ if (nentries * PCI_MSIX_ENTRY_SIZE > MSIX_EXCLUSIVE_BAR_PBA_OFFSET) {
+ return -EINVAL;
+ }
+
+ name = g_strdup_printf("%s-msix", dev->name);
+ memory_region_init(&dev->msix_exclusive_bar, OBJECT(dev), name, MSIX_EXCLUSIVE_BAR_SIZE);
+ g_free(name);
+
+ ret = msix_init(dev, nentries, &dev->msix_exclusive_bar, bar_nr,
+ MSIX_EXCLUSIVE_BAR_TABLE_OFFSET, &dev->msix_exclusive_bar,
+ bar_nr, MSIX_EXCLUSIVE_BAR_PBA_OFFSET,
+ MSIX_EXCLUSIVE_CAP_OFFSET);
+ if (ret) {
+ memory_region_destroy(&dev->msix_exclusive_bar);
+ return ret;
+ }
+
+ pci_register_bar(dev, bar_nr, PCI_BASE_ADDRESS_SPACE_MEMORY,
+ &dev->msix_exclusive_bar);
+
+ return 0;
+}
+
+static void msix_free_irq_entries(PCIDevice *dev)
+{
+ int vector;
+
+ for (vector = 0; vector < dev->msix_entries_nr; ++vector) {
+ dev->msix_entry_used[vector] = 0;
+ msix_clr_pending(dev, vector);
+ }
+}
+
+static void msix_clear_all_vectors(PCIDevice *dev)
+{
+ int vector;
+
+ for (vector = 0; vector < dev->msix_entries_nr; ++vector) {
+ msix_clr_pending(dev, vector);
+ }
+}
+
+/* Clean up resources for the device. */
+void msix_uninit(PCIDevice *dev, MemoryRegion *table_bar, MemoryRegion *pba_bar)
+{
+ if (!msix_present(dev)) {
+ return;
+ }
+ pci_del_capability(dev, PCI_CAP_ID_MSIX, MSIX_CAP_LENGTH);
+ dev->msix_cap = 0;
+ msix_free_irq_entries(dev);
+ dev->msix_entries_nr = 0;
+ memory_region_del_subregion(pba_bar, &dev->msix_pba_mmio);
+ memory_region_destroy(&dev->msix_pba_mmio);
+ g_free(dev->msix_pba);
+ dev->msix_pba = NULL;
+ memory_region_del_subregion(table_bar, &dev->msix_table_mmio);
+ memory_region_destroy(&dev->msix_table_mmio);
+ g_free(dev->msix_table);
+ dev->msix_table = NULL;
+ g_free(dev->msix_entry_used);
+ dev->msix_entry_used = NULL;
+ dev->cap_present &= ~QEMU_PCI_CAP_MSIX;
+}
+
+void msix_uninit_exclusive_bar(PCIDevice *dev)
+{
+ if (msix_present(dev)) {
+ msix_uninit(dev, &dev->msix_exclusive_bar, &dev->msix_exclusive_bar);
+ memory_region_destroy(&dev->msix_exclusive_bar);
+ }
+}
+
+void msix_save(PCIDevice *dev, QEMUFile *f)
+{
+ unsigned n = dev->msix_entries_nr;
+
+ if (!msix_present(dev)) {
+ return;
+ }
+
+ qemu_put_buffer(f, dev->msix_table, n * PCI_MSIX_ENTRY_SIZE);
+ qemu_put_buffer(f, dev->msix_pba, (n + 7) / 8);
+}
+
+/* Should be called after restoring the config space. */
+void msix_load(PCIDevice *dev, QEMUFile *f)
+{
+ unsigned n = dev->msix_entries_nr;
+ unsigned int vector;
+
+ if (!msix_present(dev)) {
+ return;
+ }
+
+ msix_clear_all_vectors(dev);
+ qemu_get_buffer(f, dev->msix_table, n * PCI_MSIX_ENTRY_SIZE);
+ qemu_get_buffer(f, dev->msix_pba, (n + 7) / 8);
+ msix_update_function_masked(dev);
+
+ for (vector = 0; vector < n; vector++) {
+ msix_handle_mask_update(dev, vector, true);
+ }
+}
+
+/* Does device support MSI-X? */
+int msix_present(PCIDevice *dev)
+{
+ return dev->cap_present & QEMU_PCI_CAP_MSIX;
+}
+
+/* Is MSI-X enabled? */
+int msix_enabled(PCIDevice *dev)
+{
+ return (dev->cap_present & QEMU_PCI_CAP_MSIX) &&
+ (dev->config[dev->msix_cap + MSIX_CONTROL_OFFSET] &
+ MSIX_ENABLE_MASK);
+}
+
+/* Send an MSI-X message */
+void msix_notify(PCIDevice *dev, unsigned vector)
+{
+ MSIMessage msg;
+
+ if (vector >= dev->msix_entries_nr || !dev->msix_entry_used[vector])
+ return;
+ if (msix_is_masked(dev, vector)) {
+ msix_set_pending(dev, vector);
+ return;
+ }
+
+ msg = msix_get_message(dev, vector);
+
+ stl_le_phys(msg.address, msg.data);
+}
+
+void msix_reset(PCIDevice *dev)
+{
+ if (!msix_present(dev)) {
+ return;
+ }
+ msix_clear_all_vectors(dev);
+ dev->config[dev->msix_cap + MSIX_CONTROL_OFFSET] &=
+ ~dev->wmask[dev->msix_cap + MSIX_CONTROL_OFFSET];
+ memset(dev->msix_table, 0, dev->msix_entries_nr * PCI_MSIX_ENTRY_SIZE);
+ memset(dev->msix_pba, 0, QEMU_ALIGN_UP(dev->msix_entries_nr, 64) / 8);
+ msix_mask_all(dev, dev->msix_entries_nr);
+}
+
+/* PCI spec suggests that devices make it possible for software to configure
+ * less vectors than supported by the device, but does not specify a standard
+ * mechanism for devices to do so.
+ *
+ * We support this by asking devices to declare vectors software is going to
+ * actually use, and checking this on the notification path. Devices that
+ * don't want to follow the spec suggestion can declare all vectors as used. */
+
+/* Mark vector as used. */
+int msix_vector_use(PCIDevice *dev, unsigned vector)
+{
+ if (vector >= dev->msix_entries_nr)
+ return -EINVAL;
+ dev->msix_entry_used[vector]++;
+ return 0;
+}
+
+/* Mark vector as unused. */
+void msix_vector_unuse(PCIDevice *dev, unsigned vector)
+{
+ if (vector >= dev->msix_entries_nr || !dev->msix_entry_used[vector]) {
+ return;
+ }
+ if (--dev->msix_entry_used[vector]) {
+ return;
+ }
+ msix_clr_pending(dev, vector);
+}
+
+void msix_unuse_all_vectors(PCIDevice *dev)
+{
+ if (!msix_present(dev)) {
+ return;
+ }
+ msix_free_irq_entries(dev);
+}
+
+unsigned int msix_nr_vectors_allocated(const PCIDevice *dev)
+{
+ return dev->msix_entries_nr;
+}
+
+static int msix_set_notifier_for_vector(PCIDevice *dev, unsigned int vector)
+{
+ MSIMessage msg;
+
+ if (msix_is_masked(dev, vector)) {
+ return 0;
+ }
+ msg = msix_get_message(dev, vector);
+ return dev->msix_vector_use_notifier(dev, vector, msg);
+}
+
+static void msix_unset_notifier_for_vector(PCIDevice *dev, unsigned int vector)
+{
+ if (msix_is_masked(dev, vector)) {
+ return;
+ }
+ dev->msix_vector_release_notifier(dev, vector);
+}
+
+int msix_set_vector_notifiers(PCIDevice *dev,
+ MSIVectorUseNotifier use_notifier,
+ MSIVectorReleaseNotifier release_notifier,
+ MSIVectorPollNotifier poll_notifier)
+{
+ int vector, ret;
+
+ assert(use_notifier && release_notifier);
+
+ dev->msix_vector_use_notifier = use_notifier;
+ dev->msix_vector_release_notifier = release_notifier;
+ dev->msix_vector_poll_notifier = poll_notifier;
+
+ if ((dev->config[dev->msix_cap + MSIX_CONTROL_OFFSET] &
+ (MSIX_ENABLE_MASK | MSIX_MASKALL_MASK)) == MSIX_ENABLE_MASK) {
+ for (vector = 0; vector < dev->msix_entries_nr; vector++) {
+ ret = msix_set_notifier_for_vector(dev, vector);
+ if (ret < 0) {
+ goto undo;
+ }
+ }
+ }
+ if (dev->msix_vector_poll_notifier) {
+ dev->msix_vector_poll_notifier(dev, 0, dev->msix_entries_nr);
+ }
+ return 0;
+
+undo:
+ while (--vector >= 0) {
+ msix_unset_notifier_for_vector(dev, vector);
+ }
+ dev->msix_vector_use_notifier = NULL;
+ dev->msix_vector_release_notifier = NULL;
+ return ret;
+}
+
+void msix_unset_vector_notifiers(PCIDevice *dev)
+{
+ int vector;
+
+ assert(dev->msix_vector_use_notifier &&
+ dev->msix_vector_release_notifier);
+
+ if ((dev->config[dev->msix_cap + MSIX_CONTROL_OFFSET] &
+ (MSIX_ENABLE_MASK | MSIX_MASKALL_MASK)) == MSIX_ENABLE_MASK) {
+ for (vector = 0; vector < dev->msix_entries_nr; vector++) {
+ msix_unset_notifier_for_vector(dev, vector);
+ }
+ }
+ dev->msix_vector_use_notifier = NULL;
+ dev->msix_vector_release_notifier = NULL;
+ dev->msix_vector_poll_notifier = NULL;
+}
+
+static void put_msix_state(QEMUFile *f, void *pv, size_t size)
+{
+ msix_save(pv, f);
+}
+
+static int get_msix_state(QEMUFile *f, void *pv, size_t size)
+{
+ msix_load(pv, f);
+ return 0;
+}
+
+static VMStateInfo vmstate_info_msix = {
+ .name = "msix state",
+ .get = get_msix_state,
+ .put = put_msix_state,
+};
+
+const VMStateDescription vmstate_msix = {
+ .name = "msix",
+ .fields = (VMStateField[]) {
+ {
+ .name = "msix",
+ .version_id = 0,
+ .field_exists = NULL,
+ .size = 0, /* ouch */
+ .info = &vmstate_info_msix,
+ .flags = VMS_SINGLE,
+ .offset = 0,
+ },
+ VMSTATE_END_OF_LIST()
+ }
+};
diff --git a/hw/pci/pci-hotplug-old.c b/hw/pci/pci-hotplug-old.c
new file mode 100644
index 000000000..619fe473e
--- /dev/null
+++ b/hw/pci/pci-hotplug-old.c
@@ -0,0 +1,337 @@
+/*
+ * Deprecated PCI hotplug interface support
+ * This covers the old pci_add / pci_del command, whereas the more general
+ * device_add / device_del commands are now preferred.
+ *
+ * Copyright (c) 2004 Fabrice Bellard
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+#include "hw/hw.h"
+#include "hw/boards.h"
+#include "hw/pci/pci.h"
+#include "net/net.h"
+#include "hw/i386/pc.h"
+#include "monitor/monitor.h"
+#include "hw/scsi/scsi.h"
+#include "hw/virtio/virtio-blk.h"
+#include "qemu/config-file.h"
+#include "sysemu/blockdev.h"
+#include "qapi/error.h"
+
+static int pci_read_devaddr(Monitor *mon, const char *addr,
+ int *busp, unsigned *slotp)
+{
+ int dom;
+
+ /* strip legacy tag */
+ if (!strncmp(addr, "pci_addr=", 9)) {
+ addr += 9;
+ }
+ if (pci_parse_devaddr(addr, &dom, busp, slotp, NULL)) {
+ monitor_printf(mon, "Invalid pci address\n");
+ return -1;
+ }
+ if (dom != 0) {
+ monitor_printf(mon, "Multiple PCI domains not supported, use device_add\n");
+ return -1;
+ }
+ return 0;
+}
+
+static PCIDevice *qemu_pci_hot_add_nic(Monitor *mon,
+ const char *devaddr,
+ const char *opts_str)
+{
+ Error *local_err = NULL;
+ QemuOpts *opts;
+ PCIBus *root = pci_find_primary_bus();
+ PCIBus *bus;
+ int ret, devfn;
+
+ if (!root) {
+ monitor_printf(mon, "no primary PCI bus (if there are multiple"
+ " PCI roots, you must use device_add instead)");
+ return NULL;
+ }
+
+ bus = pci_get_bus_devfn(&devfn, root, devaddr);
+ if (!bus) {
+ monitor_printf(mon, "Invalid PCI device address %s\n", devaddr);
+ return NULL;
+ }
+ if (!((BusState*)bus)->allow_hotplug) {
+ monitor_printf(mon, "PCI bus doesn't support hotplug\n");
+ return NULL;
+ }
+
+ opts = qemu_opts_parse(qemu_find_opts("net"), opts_str ? opts_str : "", 0);
+ if (!opts) {
+ return NULL;
+ }
+
+ qemu_opt_set(opts, "type", "nic");
+
+ ret = net_client_init(opts, 0, &local_err);
+ if (error_is_set(&local_err)) {
+ qerror_report_err(local_err);
+ error_free(local_err);
+ return NULL;
+ }
+ if (nd_table[ret].devaddr) {
+ monitor_printf(mon, "Parameter addr not supported\n");
+ return NULL;
+ }
+ return pci_nic_init(&nd_table[ret], root, "rtl8139", devaddr);
+}
+
+static int scsi_hot_add(Monitor *mon, DeviceState *adapter,
+ DriveInfo *dinfo, int printinfo)
+{
+ SCSIBus *scsibus;
+ SCSIDevice *scsidev;
+
+ scsibus = (SCSIBus *)
+ object_dynamic_cast(OBJECT(QLIST_FIRST(&adapter->child_bus)),
+ TYPE_SCSI_BUS);
+ if (!scsibus) {
+ error_report("Device is not a SCSI adapter");
+ return -1;
+ }
+
+ /*
+ * drive_init() tries to find a default for dinfo->unit. Doesn't
+ * work at all for hotplug though as we assign the device to a
+ * specific bus instead of the first bus with spare scsi ids.
+ *
+ * Ditch the calculated value and reload from option string (if
+ * specified).
+ */
+ dinfo->unit = qemu_opt_get_number(dinfo->opts, "unit", -1);
+ dinfo->bus = scsibus->busnr;
+ scsidev = scsi_bus_legacy_add_drive(scsibus, dinfo->bdrv, dinfo->unit,
+ false, -1, NULL, NULL);
+ if (!scsidev) {
+ return -1;
+ }
+ dinfo->unit = scsidev->id;
+
+ if (printinfo)
+ monitor_printf(mon, "OK bus %d, unit %d\n",
+ scsibus->busnr, scsidev->id);
+ return 0;
+}
+
+int pci_drive_hot_add(Monitor *mon, const QDict *qdict, DriveInfo *dinfo)
+{
+ int pci_bus;
+ unsigned slot;
+ PCIBus *root = pci_find_primary_bus();
+ PCIDevice *dev;
+ const char *pci_addr = qdict_get_str(qdict, "pci_addr");
+
+ switch (dinfo->type) {
+ case IF_SCSI:
+ if (!root) {
+ monitor_printf(mon, "no primary PCI bus (if there are multiple"
+ " PCI roots, you must use device_add instead)");
+ goto err;
+ }
+ if (pci_read_devaddr(mon, pci_addr, &pci_bus, &slot)) {
+ goto err;
+ }
+ dev = pci_find_device(root, pci_bus, PCI_DEVFN(slot, 0));
+ if (!dev) {
+ monitor_printf(mon, "no pci device with address %s\n", pci_addr);
+ goto err;
+ }
+ if (scsi_hot_add(mon, &dev->qdev, dinfo, 1) != 0) {
+ goto err;
+ }
+ break;
+ default:
+ monitor_printf(mon, "Can't hot-add drive to type %d\n", dinfo->type);
+ goto err;
+ }
+
+ return 0;
+err:
+ return -1;
+}
+
+static PCIDevice *qemu_pci_hot_add_storage(Monitor *mon,
+ const char *devaddr,
+ const char *opts)
+{
+ PCIDevice *dev;
+ DriveInfo *dinfo = NULL;
+ int type = -1;
+ char buf[128];
+ PCIBus *root = pci_find_primary_bus();
+ PCIBus *bus;
+ int devfn;
+
+ if (get_param_value(buf, sizeof(buf), "if", opts)) {
+ if (!strcmp(buf, "scsi"))
+ type = IF_SCSI;
+ else if (!strcmp(buf, "virtio")) {
+ type = IF_VIRTIO;
+ } else {
+ monitor_printf(mon, "type %s not a hotpluggable PCI device.\n", buf);
+ return NULL;
+ }
+ } else {
+ monitor_printf(mon, "no if= specified\n");
+ return NULL;
+ }
+
+ if (get_param_value(buf, sizeof(buf), "file", opts)) {
+ dinfo = add_init_drive(opts);
+ if (!dinfo)
+ return NULL;
+ if (dinfo->devaddr) {
+ monitor_printf(mon, "Parameter addr not supported\n");
+ return NULL;
+ }
+ } else {
+ dinfo = NULL;
+ }
+
+ if (!root) {
+ monitor_printf(mon, "no primary PCI bus (if there are multiple"
+ " PCI roots, you must use device_add instead)");
+ return NULL;
+ }
+ bus = pci_get_bus_devfn(&devfn, root, devaddr);
+ if (!bus) {
+ monitor_printf(mon, "Invalid PCI device address %s\n", devaddr);
+ return NULL;
+ }
+ if (!((BusState*)bus)->allow_hotplug) {
+ monitor_printf(mon, "PCI bus doesn't support hotplug\n");
+ return NULL;
+ }
+
+ switch (type) {
+ case IF_SCSI:
+ dev = pci_create(bus, devfn, "lsi53c895a");
+ if (qdev_init(&dev->qdev) < 0)
+ dev = NULL;
+ if (dev && dinfo) {
+ if (scsi_hot_add(mon, &dev->qdev, dinfo, 0) != 0) {
+ qdev_unplug(&dev->qdev, NULL);
+ dev = NULL;
+ }
+ }
+ break;
+ case IF_VIRTIO:
+ if (!dinfo) {
+ monitor_printf(mon, "virtio requires a backing file/device.\n");
+ return NULL;
+ }
+ dev = pci_create(bus, devfn, "virtio-blk-pci");
+ if (qdev_prop_set_drive(&dev->qdev, "drive", dinfo->bdrv) < 0) {
+ qdev_free(&dev->qdev);
+ dev = NULL;
+ break;
+ }
+ if (qdev_init(&dev->qdev) < 0)
+ dev = NULL;
+ break;
+ default:
+ dev = NULL;
+ }
+ return dev;
+}
+
+void pci_device_hot_add(Monitor *mon, const QDict *qdict)
+{
+ PCIDevice *dev = NULL;
+ const char *pci_addr = qdict_get_str(qdict, "pci_addr");
+ const char *type = qdict_get_str(qdict, "type");
+ const char *opts = qdict_get_try_str(qdict, "opts");
+
+ /* strip legacy tag */
+ if (!strncmp(pci_addr, "pci_addr=", 9)) {
+ pci_addr += 9;
+ }
+
+ if (!opts) {
+ opts = "";
+ }
+
+ if (!strcmp(pci_addr, "auto"))
+ pci_addr = NULL;
+
+ if (strcmp(type, "nic") == 0) {
+ dev = qemu_pci_hot_add_nic(mon, pci_addr, opts);
+ } else if (strcmp(type, "storage") == 0) {
+ dev = qemu_pci_hot_add_storage(mon, pci_addr, opts);
+ } else {
+ monitor_printf(mon, "invalid type: %s\n", type);
+ }
+
+ if (dev) {
+ monitor_printf(mon, "OK root bus %s, bus %d, slot %d, function %d\n",
+ pci_root_bus_path(dev),
+ pci_bus_num(dev->bus), PCI_SLOT(dev->devfn),
+ PCI_FUNC(dev->devfn));
+ } else
+ monitor_printf(mon, "failed to add %s\n", opts);
+}
+
+static int pci_device_hot_remove(Monitor *mon, const char *pci_addr)
+{
+ PCIBus *root = pci_find_primary_bus();
+ PCIDevice *d;
+ int bus;
+ unsigned slot;
+ Error *local_err = NULL;
+
+ if (!root) {
+ monitor_printf(mon, "no primary PCI bus (if there are multiple"
+ " PCI roots, you must use device_del instead)");
+ return -1;
+ }
+
+ if (pci_read_devaddr(mon, pci_addr, &bus, &slot)) {
+ return -1;
+ }
+
+ d = pci_find_device(root, bus, PCI_DEVFN(slot, 0));
+ if (!d) {
+ monitor_printf(mon, "slot %d empty\n", slot);
+ return -1;
+ }
+
+ qdev_unplug(&d->qdev, &local_err);
+ if (error_is_set(&local_err)) {
+ monitor_printf(mon, "%s\n", error_get_pretty(local_err));
+ error_free(local_err);
+ return -1;
+ }
+
+ return 0;
+}
+
+void do_pci_device_hot_remove(Monitor *mon, const QDict *qdict)
+{
+ pci_device_hot_remove(mon, qdict_get_str(qdict, "pci_addr"));
+}
diff --git a/hw/pci/pci-stub.c b/hw/pci/pci-stub.c
new file mode 100644
index 000000000..1dda89b59
--- /dev/null
+++ b/hw/pci/pci-stub.c
@@ -0,0 +1,47 @@
+/*
+ * PCI stubs for platforms that don't support pci bus.
+ *
+ * Copyright (c) 2010 Isaku Yamahata <yamahata at valinux co jp>
+ * VA Linux Systems Japan K.K.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "sysemu/sysemu.h"
+#include "monitor/monitor.h"
+#include "hw/pci/pci.h"
+#include "qmp-commands.h"
+
+PciInfoList *qmp_query_pci(Error **errp)
+{
+ error_set(errp, QERR_UNSUPPORTED);
+ return NULL;
+}
+
+static void pci_error_message(Monitor *mon)
+{
+ monitor_printf(mon, "PCI devices not supported\n");
+}
+
+int do_pcie_aer_inject_error(Monitor *mon,
+ const QDict *qdict, QObject **ret_data)
+{
+ pci_error_message(mon);
+ return -ENOSYS;
+}
+
+void pcie_aer_inject_error_print(Monitor *mon, const QObject *data)
+{
+ pci_error_message(mon);
+}
diff --git a/hw/pci/pci.c b/hw/pci/pci.c
new file mode 100644
index 000000000..4c004f5da
--- /dev/null
+++ b/hw/pci/pci.c
@@ -0,0 +1,2264 @@
+/*
+ * QEMU PCI bus manager
+ *
+ * Copyright (c) 2004 Fabrice Bellard
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+#include "hw/hw.h"
+#include "hw/pci/pci.h"
+#include "hw/pci/pci_bridge.h"
+#include "hw/pci/pci_bus.h"
+#include "hw/pci/pci_host.h"
+#include "monitor/monitor.h"
+#include "net/net.h"
+#include "sysemu/sysemu.h"
+#include "hw/loader.h"
+#include "qemu/range.h"
+#include "qmp-commands.h"
+#include "hw/pci/msi.h"
+#include "hw/pci/msix.h"
+#include "exec/address-spaces.h"
+
+//#define DEBUG_PCI
+#ifdef DEBUG_PCI
+# define PCI_DPRINTF(format, ...) printf(format, ## __VA_ARGS__)
+#else
+# define PCI_DPRINTF(format, ...) do { } while (0)
+#endif
+
+static void pcibus_dev_print(Monitor *mon, DeviceState *dev, int indent);
+static char *pcibus_get_dev_path(DeviceState *dev);
+static char *pcibus_get_fw_dev_path(DeviceState *dev);
+static int pcibus_reset(BusState *qbus);
+
+static Property pci_props[] = {
+ DEFINE_PROP_PCI_DEVFN("addr", PCIDevice, devfn, -1),
+ DEFINE_PROP_STRING("romfile", PCIDevice, romfile),
+ DEFINE_PROP_UINT32("rombar", PCIDevice, rom_bar, 1),
+ DEFINE_PROP_BIT("multifunction", PCIDevice, cap_present,
+ QEMU_PCI_CAP_MULTIFUNCTION_BITNR, false),
+ DEFINE_PROP_BIT("command_serr_enable", PCIDevice, cap_present,
+ QEMU_PCI_CAP_SERR_BITNR, true),
+ DEFINE_PROP_END_OF_LIST()
+};
+
+static void pci_bus_class_init(ObjectClass *klass, void *data)
+{
+ BusClass *k = BUS_CLASS(klass);
+
+ k->print_dev = pcibus_dev_print;
+ k->get_dev_path = pcibus_get_dev_path;
+ k->get_fw_dev_path = pcibus_get_fw_dev_path;
+ k->reset = pcibus_reset;
+}
+
+static const TypeInfo pci_bus_info = {
+ .name = TYPE_PCI_BUS,
+ .parent = TYPE_BUS,
+ .instance_size = sizeof(PCIBus),
+ .class_init = pci_bus_class_init,
+};
+
+static const TypeInfo pcie_bus_info = {
+ .name = TYPE_PCIE_BUS,
+ .parent = TYPE_PCI_BUS,
+};
+
+static PCIBus *pci_find_bus_nr(PCIBus *bus, int bus_num);
+static void pci_update_mappings(PCIDevice *d);
+static void pci_set_irq(void *opaque, int irq_num, int level);
+static int pci_add_option_rom(PCIDevice *pdev, bool is_default_rom);
+static void pci_del_option_rom(PCIDevice *pdev);
+
+static uint16_t pci_default_sub_vendor_id = PCI_SUBVENDOR_ID_REDHAT_QUMRANET;
+static uint16_t pci_default_sub_device_id = PCI_SUBDEVICE_ID_QEMU;
+
+static QLIST_HEAD(, PCIHostState) pci_host_bridges;
+
+static const VMStateDescription vmstate_pcibus = {
+ .name = "PCIBUS",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .minimum_version_id_old = 1,
+ .fields = (VMStateField []) {
+ VMSTATE_INT32_EQUAL(nirq, PCIBus),
+ VMSTATE_VARRAY_INT32(irq_count, PCIBus, nirq, 0, vmstate_info_int32, int32_t),
+ VMSTATE_END_OF_LIST()
+ }
+};
+static int pci_bar(PCIDevice *d, int reg)
+{
+ uint8_t type;
+
+ if (reg != PCI_ROM_SLOT)
+ return PCI_BASE_ADDRESS_0 + reg * 4;
+
+ type = d->config[PCI_HEADER_TYPE] & ~PCI_HEADER_TYPE_MULTI_FUNCTION;
+ return type == PCI_HEADER_TYPE_BRIDGE ? PCI_ROM_ADDRESS1 : PCI_ROM_ADDRESS;
+}
+
+static inline int pci_irq_state(PCIDevice *d, int irq_num)
+{
+ return (d->irq_state >> irq_num) & 0x1;
+}
+
+static inline void pci_set_irq_state(PCIDevice *d, int irq_num, int level)
+{
+ d->irq_state &= ~(0x1 << irq_num);
+ d->irq_state |= level << irq_num;
+}
+
+static void pci_change_irq_level(PCIDevice *pci_dev, int irq_num, int change)
+{
+ PCIBus *bus;
+ for (;;) {
+ bus = pci_dev->bus;
+ irq_num = bus->map_irq(pci_dev, irq_num);
+ if (bus->set_irq)
+ break;
+ pci_dev = bus->parent_dev;
+ }
+ bus->irq_count[irq_num] += change;
+ bus->set_irq(bus->irq_opaque, irq_num, bus->irq_count[irq_num] != 0);
+}
+
+int pci_bus_get_irq_level(PCIBus *bus, int irq_num)
+{
+ assert(irq_num >= 0);
+ assert(irq_num < bus->nirq);
+ return !!bus->irq_count[irq_num];
+}
+
+/* Update interrupt status bit in config space on interrupt
+ * state change. */
+static void pci_update_irq_status(PCIDevice *dev)
+{
+ if (dev->irq_state) {
+ dev->config[PCI_STATUS] |= PCI_STATUS_INTERRUPT;
+ } else {
+ dev->config[PCI_STATUS] &= ~PCI_STATUS_INTERRUPT;
+ }
+}
+
+void pci_device_deassert_intx(PCIDevice *dev)
+{
+ int i;
+ for (i = 0; i < PCI_NUM_PINS; ++i) {
+ qemu_set_irq(dev->irq[i], 0);
+ }
+}
+
+/*
+ * This function is called on #RST and FLR.
+ * FLR if PCI_EXP_DEVCTL_BCR_FLR is set
+ */
+void pci_device_reset(PCIDevice *dev)
+{
+ int r;
+
+ qdev_reset_all(&dev->qdev);
+
+ dev->irq_state = 0;
+ pci_update_irq_status(dev);
+ pci_device_deassert_intx(dev);
+ /* Clear all writable bits */
+ pci_word_test_and_clear_mask(dev->config + PCI_COMMAND,
+ pci_get_word(dev->wmask + PCI_COMMAND) |
+ pci_get_word(dev->w1cmask + PCI_COMMAND));
+ pci_word_test_and_clear_mask(dev->config + PCI_STATUS,
+ pci_get_word(dev->wmask + PCI_STATUS) |
+ pci_get_word(dev->w1cmask + PCI_STATUS));
+ dev->config[PCI_CACHE_LINE_SIZE] = 0x0;
+ dev->config[PCI_INTERRUPT_LINE] = 0x0;
+ for (r = 0; r < PCI_NUM_REGIONS; ++r) {
+ PCIIORegion *region = &dev->io_regions[r];
+ if (!region->size) {
+ continue;
+ }
+
+ if (!(region->type & PCI_BASE_ADDRESS_SPACE_IO) &&
+ region->type & PCI_BASE_ADDRESS_MEM_TYPE_64) {
+ pci_set_quad(dev->config + pci_bar(dev, r), region->type);
+ } else {
+ pci_set_long(dev->config + pci_bar(dev, r), region->type);
+ }
+ }
+ pci_update_mappings(dev);
+
+ msi_reset(dev);
+ msix_reset(dev);
+}
+
+/*
+ * Trigger pci bus reset under a given bus.
+ * To be called on RST# assert.
+ */
+void pci_bus_reset(PCIBus *bus)
+{
+ int i;
+
+ for (i = 0; i < bus->nirq; i++) {
+ bus->irq_count[i] = 0;
+ }
+ for (i = 0; i < ARRAY_SIZE(bus->devices); ++i) {
+ if (bus->devices[i]) {
+ pci_device_reset(bus->devices[i]);
+ }
+ }
+}
+
+static int pcibus_reset(BusState *qbus)
+{
+ pci_bus_reset(DO_UPCAST(PCIBus, qbus, qbus));
+
+ /* topology traverse is done by pci_bus_reset().
+ Tell qbus/qdev walker not to traverse the tree */
+ return 1;
+}
+
+static void pci_host_bus_register(PCIBus *bus, DeviceState *parent)
+{
+ PCIHostState *host_bridge = PCI_HOST_BRIDGE(parent);
+
+ QLIST_INSERT_HEAD(&pci_host_bridges, host_bridge, next);
+}
+
+PCIBus *pci_find_primary_bus(void)
+{
+ PCIBus *primary_bus = NULL;
+ PCIHostState *host;
+
+ QLIST_FOREACH(host, &pci_host_bridges, next) {
+ if (primary_bus) {
+ /* We have multiple root buses, refuse to select a primary */
+ return NULL;
+ }
+ primary_bus = host->bus;
+ }
+
+ return primary_bus;
+}
+
+PCIBus *pci_device_root_bus(const PCIDevice *d)
+{
+ PCIBus *bus = d->bus;
+
+ while ((d = bus->parent_dev) != NULL) {
+ bus = d->bus;
+ }
+
+ return bus;
+}
+
+const char *pci_root_bus_path(PCIDevice *dev)
+{
+ PCIBus *rootbus = pci_device_root_bus(dev);
+ PCIHostState *host_bridge = PCI_HOST_BRIDGE(rootbus->qbus.parent);
+ PCIHostBridgeClass *hc = PCI_HOST_BRIDGE_GET_CLASS(host_bridge);
+
+ assert(!rootbus->parent_dev);
+ assert(host_bridge->bus == rootbus);
+
+ if (hc->root_bus_path) {
+ return (*hc->root_bus_path)(host_bridge, rootbus);
+ }
+
+ return rootbus->qbus.name;
+}
+
+static void pci_bus_init(PCIBus *bus, DeviceState *parent,
+ const char *name,
+ MemoryRegion *address_space_mem,
+ MemoryRegion *address_space_io,
+ uint8_t devfn_min)
+{
+ assert(PCI_FUNC(devfn_min) == 0);
+ bus->devfn_min = devfn_min;
+ bus->address_space_mem = address_space_mem;
+ bus->address_space_io = address_space_io;
+
+ /* host bridge */
+ QLIST_INIT(&bus->child);
+
+ pci_host_bus_register(bus, parent);
+
+ vmstate_register(NULL, -1, &vmstate_pcibus, bus);
+}
+
+bool pci_bus_is_express(PCIBus *bus)
+{
+ return object_dynamic_cast(OBJECT(bus), TYPE_PCIE_BUS);
+}
+
+bool pci_bus_is_root(PCIBus *bus)
+{
+ return !bus->parent_dev;
+}
+
+void pci_bus_new_inplace(PCIBus *bus, DeviceState *parent,
+ const char *name,
+ MemoryRegion *address_space_mem,
+ MemoryRegion *address_space_io,
+ uint8_t devfn_min, const char *typename)
+{
+ qbus_create_inplace(bus, typename, parent, name);
+ pci_bus_init(bus, parent, name, address_space_mem,
+ address_space_io, devfn_min);
+}
+
+PCIBus *pci_bus_new(DeviceState *parent, const char *name,
+ MemoryRegion *address_space_mem,
+ MemoryRegion *address_space_io,
+ uint8_t devfn_min, const char *typename)
+{
+ PCIBus *bus;
+
+ bus = PCI_BUS(qbus_create(typename, parent, name));
+ pci_bus_init(bus, parent, name, address_space_mem,
+ address_space_io, devfn_min);
+ return bus;
+}
+
+void pci_bus_irqs(PCIBus *bus, pci_set_irq_fn set_irq, pci_map_irq_fn map_irq,
+ void *irq_opaque, int nirq)
+{
+ bus->set_irq = set_irq;
+ bus->map_irq = map_irq;
+ bus->irq_opaque = irq_opaque;
+ bus->nirq = nirq;
+ bus->irq_count = g_malloc0(nirq * sizeof(bus->irq_count[0]));
+}
+
+void pci_bus_hotplug(PCIBus *bus, pci_hotplug_fn hotplug, DeviceState *qdev)
+{
+ bus->qbus.allow_hotplug = 1;
+ bus->hotplug = hotplug;
+ bus->hotplug_qdev = qdev;
+}
+
+PCIBus *pci_register_bus(DeviceState *parent, const char *name,
+ pci_set_irq_fn set_irq, pci_map_irq_fn map_irq,
+ void *irq_opaque,
+ MemoryRegion *address_space_mem,
+ MemoryRegion *address_space_io,
+ uint8_t devfn_min, int nirq, const char *typename)
+{
+ PCIBus *bus;
+
+ bus = pci_bus_new(parent, name, address_space_mem,
+ address_space_io, devfn_min, typename);
+ pci_bus_irqs(bus, set_irq, map_irq, irq_opaque, nirq);
+ return bus;
+}
+
+int pci_bus_num(PCIBus *s)
+{
+ if (pci_bus_is_root(s))
+ return 0; /* pci host bridge */
+ return s->parent_dev->config[PCI_SECONDARY_BUS];
+}
+
+static int get_pci_config_device(QEMUFile *f, void *pv, size_t size)
+{
+ PCIDevice *s = container_of(pv, PCIDevice, config);
+ PCIDeviceClass *pc = PCI_DEVICE_GET_CLASS(s);
+ uint8_t *config;
+ int i;
+
+ assert(size == pci_config_size(s));
+ config = g_malloc(size);
+
+ qemu_get_buffer(f, config, size);
+ for (i = 0; i < size; ++i) {
+ if ((config[i] ^ s->config[i]) &
+ s->cmask[i] & ~s->wmask[i] & ~s->w1cmask[i]) {
+ g_free(config);
+ return -EINVAL;
+ }
+ }
+ memcpy(s->config, config, size);
+
+ pci_update_mappings(s);
+ if (pc->is_bridge) {
+ PCIBridge *b = PCI_BRIDGE(s);
+ pci_bridge_update_mappings(b);
+ }
+
+ memory_region_set_enabled(&s->bus_master_enable_region,
+ pci_get_word(s->config + PCI_COMMAND)
+ & PCI_COMMAND_MASTER);
+
+ g_free(config);
+ return 0;
+}
+
+/* just put buffer */
+static void put_pci_config_device(QEMUFile *f, void *pv, size_t size)
+{
+ const uint8_t **v = pv;
+ assert(size == pci_config_size(container_of(pv, PCIDevice, config)));
+ qemu_put_buffer(f, *v, size);
+}
+
+static VMStateInfo vmstate_info_pci_config = {
+ .name = "pci config",
+ .get = get_pci_config_device,
+ .put = put_pci_config_device,
+};
+
+static int get_pci_irq_state(QEMUFile *f, void *pv, size_t size)
+{
+ PCIDevice *s = container_of(pv, PCIDevice, irq_state);
+ uint32_t irq_state[PCI_NUM_PINS];
+ int i;
+ for (i = 0; i < PCI_NUM_PINS; ++i) {
+ irq_state[i] = qemu_get_be32(f);
+ if (irq_state[i] != 0x1 && irq_state[i] != 0) {
+ fprintf(stderr, "irq state %d: must be 0 or 1.\n",
+ irq_state[i]);
+ return -EINVAL;
+ }
+ }
+
+ for (i = 0; i < PCI_NUM_PINS; ++i) {
+ pci_set_irq_state(s, i, irq_state[i]);
+ }
+
+ return 0;
+}
+
+static void put_pci_irq_state(QEMUFile *f, void *pv, size_t size)
+{
+ int i;
+ PCIDevice *s = container_of(pv, PCIDevice, irq_state);
+
+ for (i = 0; i < PCI_NUM_PINS; ++i) {
+ qemu_put_be32(f, pci_irq_state(s, i));
+ }
+}
+
+static VMStateInfo vmstate_info_pci_irq_state = {
+ .name = "pci irq state",
+ .get = get_pci_irq_state,
+ .put = put_pci_irq_state,
+};
+
+const VMStateDescription vmstate_pci_device = {
+ .name = "PCIDevice",
+ .version_id = 2,
+ .minimum_version_id = 1,
+ .minimum_version_id_old = 1,
+ .fields = (VMStateField []) {
+ VMSTATE_INT32_LE(version_id, PCIDevice),
+ VMSTATE_BUFFER_UNSAFE_INFO(config, PCIDevice, 0,
+ vmstate_info_pci_config,
+ PCI_CONFIG_SPACE_SIZE),
+ VMSTATE_BUFFER_UNSAFE_INFO(irq_state, PCIDevice, 2,
+ vmstate_info_pci_irq_state,
+ PCI_NUM_PINS * sizeof(int32_t)),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+const VMStateDescription vmstate_pcie_device = {
+ .name = "PCIEDevice",
+ .version_id = 2,
+ .minimum_version_id = 1,
+ .minimum_version_id_old = 1,
+ .fields = (VMStateField []) {
+ VMSTATE_INT32_LE(version_id, PCIDevice),
+ VMSTATE_BUFFER_UNSAFE_INFO(config, PCIDevice, 0,
+ vmstate_info_pci_config,
+ PCIE_CONFIG_SPACE_SIZE),
+ VMSTATE_BUFFER_UNSAFE_INFO(irq_state, PCIDevice, 2,
+ vmstate_info_pci_irq_state,
+ PCI_NUM_PINS * sizeof(int32_t)),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+static inline const VMStateDescription *pci_get_vmstate(PCIDevice *s)
+{
+ return pci_is_express(s) ? &vmstate_pcie_device : &vmstate_pci_device;
+}
+
+void pci_device_save(PCIDevice *s, QEMUFile *f)
+{
+ /* Clear interrupt status bit: it is implicit
+ * in irq_state which we are saving.
+ * This makes us compatible with old devices
+ * which never set or clear this bit. */
+ s->config[PCI_STATUS] &= ~PCI_STATUS_INTERRUPT;
+ vmstate_save_state(f, pci_get_vmstate(s), s);
+ /* Restore the interrupt status bit. */
+ pci_update_irq_status(s);
+}
+
+int pci_device_load(PCIDevice *s, QEMUFile *f)
+{
+ int ret;
+ ret = vmstate_load_state(f, pci_get_vmstate(s), s, s->version_id);
+ /* Restore the interrupt status bit. */
+ pci_update_irq_status(s);
+ return ret;
+}
+
+static void pci_set_default_subsystem_id(PCIDevice *pci_dev)
+{
+ pci_set_word(pci_dev->config + PCI_SUBSYSTEM_VENDOR_ID,
+ pci_default_sub_vendor_id);
+ pci_set_word(pci_dev->config + PCI_SUBSYSTEM_ID,
+ pci_default_sub_device_id);
+}
+
+/*
+ * Parse [[<domain>:]<bus>:]<slot>, return -1 on error if funcp == NULL
+ * [[<domain>:]<bus>:]<slot>.<func>, return -1 on error
+ */
+int pci_parse_devaddr(const char *addr, int *domp, int *busp,
+ unsigned int *slotp, unsigned int *funcp)
+{
+ const char *p;
+ char *e;
+ unsigned long val;
+ unsigned long dom = 0, bus = 0;
+ unsigned int slot = 0;
+ unsigned int func = 0;
+
+ p = addr;
+ val = strtoul(p, &e, 16);
+ if (e == p)
+ return -1;
+ if (*e == ':') {
+ bus = val;
+ p = e + 1;
+ val = strtoul(p, &e, 16);
+ if (e == p)
+ return -1;
+ if (*e == ':') {
+ dom = bus;
+ bus = val;
+ p = e + 1;
+ val = strtoul(p, &e, 16);
+ if (e == p)
+ return -1;
+ }
+ }
+
+ slot = val;
+
+ if (funcp != NULL) {
+ if (*e != '.')
+ return -1;
+
+ p = e + 1;
+ val = strtoul(p, &e, 16);
+ if (e == p)
+ return -1;
+
+ func = val;
+ }
+
+ /* if funcp == NULL func is 0 */
+ if (dom > 0xffff || bus > 0xff || slot > 0x1f || func > 7)
+ return -1;
+
+ if (*e)
+ return -1;
+
+ *domp = dom;
+ *busp = bus;
+ *slotp = slot;
+ if (funcp != NULL)
+ *funcp = func;
+ return 0;
+}
+
+PCIBus *pci_get_bus_devfn(int *devfnp, PCIBus *root, const char *devaddr)
+{
+ int dom, bus;
+ unsigned slot;
+
+ assert(!root->parent_dev);
+
+ if (!root) {
+ fprintf(stderr, "No primary PCI bus\n");
+ return NULL;
+ }
+
+ if (!devaddr) {
+ *devfnp = -1;
+ return pci_find_bus_nr(root, 0);
+ }
+
+ if (pci_parse_devaddr(devaddr, &dom, &bus, &slot, NULL) < 0) {
+ return NULL;
+ }
+
+ if (dom != 0) {
+ fprintf(stderr, "No support for non-zero PCI domains\n");
+ return NULL;
+ }
+
+ *devfnp = PCI_DEVFN(slot, 0);
+ return pci_find_bus_nr(root, bus);
+}
+
+static void pci_init_cmask(PCIDevice *dev)
+{
+ pci_set_word(dev->cmask + PCI_VENDOR_ID, 0xffff);
+ pci_set_word(dev->cmask + PCI_DEVICE_ID, 0xffff);
+ dev->cmask[PCI_STATUS] = PCI_STATUS_CAP_LIST;
+ dev->cmask[PCI_REVISION_ID] = 0xff;
+ dev->cmask[PCI_CLASS_PROG] = 0xff;
+ pci_set_word(dev->cmask + PCI_CLASS_DEVICE, 0xffff);
+ dev->cmask[PCI_HEADER_TYPE] = 0xff;
+ dev->cmask[PCI_CAPABILITY_LIST] = 0xff;
+}
+
+static void pci_init_wmask(PCIDevice *dev)
+{
+ int config_size = pci_config_size(dev);
+
+ dev->wmask[PCI_CACHE_LINE_SIZE] = 0xff;
+ dev->wmask[PCI_INTERRUPT_LINE] = 0xff;
+ pci_set_word(dev->wmask + PCI_COMMAND,
+ PCI_COMMAND_IO | PCI_COMMAND_MEMORY | PCI_COMMAND_MASTER |
+ PCI_COMMAND_INTX_DISABLE);
+ if (dev->cap_present & QEMU_PCI_CAP_SERR) {
+ pci_word_test_and_set_mask(dev->wmask + PCI_COMMAND, PCI_COMMAND_SERR);
+ }
+
+ memset(dev->wmask + PCI_CONFIG_HEADER_SIZE, 0xff,
+ config_size - PCI_CONFIG_HEADER_SIZE);
+}
+
+static void pci_init_w1cmask(PCIDevice *dev)
+{
+ /*
+ * Note: It's okay to set w1cmask even for readonly bits as
+ * long as their value is hardwired to 0.
+ */
+ pci_set_word(dev->w1cmask + PCI_STATUS,
+ PCI_STATUS_PARITY | PCI_STATUS_SIG_TARGET_ABORT |
+ PCI_STATUS_REC_TARGET_ABORT | PCI_STATUS_REC_MASTER_ABORT |
+ PCI_STATUS_SIG_SYSTEM_ERROR | PCI_STATUS_DETECTED_PARITY);
+}
+
+static void pci_init_mask_bridge(PCIDevice *d)
+{
+ /* PCI_PRIMARY_BUS, PCI_SECONDARY_BUS, PCI_SUBORDINATE_BUS and
+ PCI_SEC_LETENCY_TIMER */
+ memset(d->wmask + PCI_PRIMARY_BUS, 0xff, 4);
+
+ /* base and limit */
+ d->wmask[PCI_IO_BASE] = PCI_IO_RANGE_MASK & 0xff;
+ d->wmask[PCI_IO_LIMIT] = PCI_IO_RANGE_MASK & 0xff;
+ pci_set_word(d->wmask + PCI_MEMORY_BASE,
+ PCI_MEMORY_RANGE_MASK & 0xffff);
+ pci_set_word(d->wmask + PCI_MEMORY_LIMIT,
+ PCI_MEMORY_RANGE_MASK & 0xffff);
+ pci_set_word(d->wmask + PCI_PREF_MEMORY_BASE,
+ PCI_PREF_RANGE_MASK & 0xffff);
+ pci_set_word(d->wmask + PCI_PREF_MEMORY_LIMIT,
+ PCI_PREF_RANGE_MASK & 0xffff);
+
+ /* PCI_PREF_BASE_UPPER32 and PCI_PREF_LIMIT_UPPER32 */
+ memset(d->wmask + PCI_PREF_BASE_UPPER32, 0xff, 8);
+
+ /* Supported memory and i/o types */
+ d->config[PCI_IO_BASE] |= PCI_IO_RANGE_TYPE_16;
+ d->config[PCI_IO_LIMIT] |= PCI_IO_RANGE_TYPE_16;
+ pci_word_test_and_set_mask(d->config + PCI_PREF_MEMORY_BASE,
+ PCI_PREF_RANGE_TYPE_64);
+ pci_word_test_and_set_mask(d->config + PCI_PREF_MEMORY_LIMIT,
+ PCI_PREF_RANGE_TYPE_64);
+
+ /*
+ * TODO: Bridges default to 10-bit VGA decoding but we currently only
+ * implement 16-bit decoding (no alias support).
+ */
+ pci_set_word(d->wmask + PCI_BRIDGE_CONTROL,
+ PCI_BRIDGE_CTL_PARITY |
+ PCI_BRIDGE_CTL_SERR |
+ PCI_BRIDGE_CTL_ISA |
+ PCI_BRIDGE_CTL_VGA |
+ PCI_BRIDGE_CTL_VGA_16BIT |
+ PCI_BRIDGE_CTL_MASTER_ABORT |
+ PCI_BRIDGE_CTL_BUS_RESET |
+ PCI_BRIDGE_CTL_FAST_BACK |
+ PCI_BRIDGE_CTL_DISCARD |
+ PCI_BRIDGE_CTL_SEC_DISCARD |
+ PCI_BRIDGE_CTL_DISCARD_SERR);
+ /* Below does not do anything as we never set this bit, put here for
+ * completeness. */
+ pci_set_word(d->w1cmask + PCI_BRIDGE_CONTROL,
+ PCI_BRIDGE_CTL_DISCARD_STATUS);
+ d->cmask[PCI_IO_BASE] |= PCI_IO_RANGE_TYPE_MASK;
+ d->cmask[PCI_IO_LIMIT] |= PCI_IO_RANGE_TYPE_MASK;
+ pci_word_test_and_set_mask(d->cmask + PCI_PREF_MEMORY_BASE,
+ PCI_PREF_RANGE_TYPE_MASK);
+ pci_word_test_and_set_mask(d->cmask + PCI_PREF_MEMORY_LIMIT,
+ PCI_PREF_RANGE_TYPE_MASK);
+}
+
+static int pci_init_multifunction(PCIBus *bus, PCIDevice *dev)
+{
+ uint8_t slot = PCI_SLOT(dev->devfn);
+ uint8_t func;
+
+ if (dev->cap_present & QEMU_PCI_CAP_MULTIFUNCTION) {
+ dev->config[PCI_HEADER_TYPE] |= PCI_HEADER_TYPE_MULTI_FUNCTION;
+ }
+
+ /*
+ * multifunction bit is interpreted in two ways as follows.
+ * - all functions must set the bit to 1.
+ * Example: Intel X53
+ * - function 0 must set the bit, but the rest function (> 0)
+ * is allowed to leave the bit to 0.
+ * Example: PIIX3(also in qemu), PIIX4(also in qemu), ICH10,
+ *
+ * So OS (at least Linux) checks the bit of only function 0,
+ * and doesn't see the bit of function > 0.
+ *
+ * The below check allows both interpretation.
+ */
+ if (PCI_FUNC(dev->devfn)) {
+ PCIDevice *f0 = bus->devices[PCI_DEVFN(slot, 0)];
+ if (f0 && !(f0->cap_present & QEMU_PCI_CAP_MULTIFUNCTION)) {
+ /* function 0 should set multifunction bit */
+ error_report("PCI: single function device can't be populated "
+ "in function %x.%x", slot, PCI_FUNC(dev->devfn));
+ return -1;
+ }
+ return 0;
+ }
+
+ if (dev->cap_present & QEMU_PCI_CAP_MULTIFUNCTION) {
+ return 0;
+ }
+ /* function 0 indicates single function, so function > 0 must be NULL */
+ for (func = 1; func < PCI_FUNC_MAX; ++func) {
+ if (bus->devices[PCI_DEVFN(slot, func)]) {
+ error_report("PCI: %x.0 indicates single function, "
+ "but %x.%x is already populated.",
+ slot, slot, func);
+ return -1;
+ }
+ }
+ return 0;
+}
+
+static void pci_config_alloc(PCIDevice *pci_dev)
+{
+ int config_size = pci_config_size(pci_dev);
+
+ pci_dev->config = g_malloc0(config_size);
+ pci_dev->cmask = g_malloc0(config_size);
+ pci_dev->wmask = g_malloc0(config_size);
+ pci_dev->w1cmask = g_malloc0(config_size);
+ pci_dev->used = g_malloc0(config_size);
+}
+
+static void pci_config_free(PCIDevice *pci_dev)
+{
+ g_free(pci_dev->config);
+ g_free(pci_dev->cmask);
+ g_free(pci_dev->wmask);
+ g_free(pci_dev->w1cmask);
+ g_free(pci_dev->used);
+}
+
+/* -1 for devfn means auto assign */
+static PCIDevice *do_pci_register_device(PCIDevice *pci_dev, PCIBus *bus,
+ const char *name, int devfn)
+{
+ PCIDeviceClass *pc = PCI_DEVICE_GET_CLASS(pci_dev);
+ PCIConfigReadFunc *config_read = pc->config_read;
+ PCIConfigWriteFunc *config_write = pc->config_write;
+ AddressSpace *dma_as;
+
+ if (devfn < 0) {
+ for(devfn = bus->devfn_min ; devfn < ARRAY_SIZE(bus->devices);
+ devfn += PCI_FUNC_MAX) {
+ if (!bus->devices[devfn])
+ goto found;
+ }
+ error_report("PCI: no slot/function available for %s, all in use", name);
+ return NULL;
+ found: ;
+ } else if (bus->devices[devfn]) {
+ error_report("PCI: slot %d function %d not available for %s, in use by %s",
+ PCI_SLOT(devfn), PCI_FUNC(devfn), name, bus->devices[devfn]->name);
+ return NULL;
+ }
+
+ pci_dev->bus = bus;
+ if (bus->iommu_fn) {
+ dma_as = bus->iommu_fn(bus, bus->iommu_opaque, devfn);
+ } else {
+ /* FIXME: inherit memory region from bus creator */
+ dma_as = &address_space_memory;
+ }
+
+ memory_region_init_alias(&pci_dev->bus_master_enable_region,
+ OBJECT(pci_dev), "bus master",
+ dma_as->root, 0, memory_region_size(dma_as->root));
+ memory_region_set_enabled(&pci_dev->bus_master_enable_region, false);
+ address_space_init(&pci_dev->bus_master_as, &pci_dev->bus_master_enable_region,
+ name);
+
+ pci_dev->devfn = devfn;
+ pstrcpy(pci_dev->name, sizeof(pci_dev->name), name);
+ pci_dev->irq_state = 0;
+ pci_config_alloc(pci_dev);
+
+ pci_config_set_vendor_id(pci_dev->config, pc->vendor_id);
+ pci_config_set_device_id(pci_dev->config, pc->device_id);
+ pci_config_set_revision(pci_dev->config, pc->revision);
+ pci_config_set_class(pci_dev->config, pc->class_id);
+
+ if (!pc->is_bridge) {
+ if (pc->subsystem_vendor_id || pc->subsystem_id) {
+ pci_set_word(pci_dev->config + PCI_SUBSYSTEM_VENDOR_ID,
+ pc->subsystem_vendor_id);
+ pci_set_word(pci_dev->config + PCI_SUBSYSTEM_ID,
+ pc->subsystem_id);
+ } else {
+ pci_set_default_subsystem_id(pci_dev);
+ }
+ } else {
+ /* subsystem_vendor_id/subsystem_id are only for header type 0 */
+ assert(!pc->subsystem_vendor_id);
+ assert(!pc->subsystem_id);
+ }
+ pci_init_cmask(pci_dev);
+ pci_init_wmask(pci_dev);
+ pci_init_w1cmask(pci_dev);
+ if (pc->is_bridge) {
+ pci_init_mask_bridge(pci_dev);
+ }
+ if (pci_init_multifunction(bus, pci_dev)) {
+ pci_config_free(pci_dev);
+ return NULL;
+ }
+
+ if (!config_read)
+ config_read = pci_default_read_config;
+ if (!config_write)
+ config_write = pci_default_write_config;
+ pci_dev->config_read = config_read;
+ pci_dev->config_write = config_write;
+ bus->devices[devfn] = pci_dev;
+ pci_dev->irq = qemu_allocate_irqs(pci_set_irq, pci_dev, PCI_NUM_PINS);
+ pci_dev->version_id = 2; /* Current pci device vmstate version */
+ return pci_dev;
+}
+
+static void do_pci_unregister_device(PCIDevice *pci_dev)
+{
+ qemu_free_irqs(pci_dev->irq);
+ pci_dev->bus->devices[pci_dev->devfn] = NULL;
+ pci_config_free(pci_dev);
+
+ address_space_destroy(&pci_dev->bus_master_as);
+ memory_region_destroy(&pci_dev->bus_master_enable_region);
+}
+
+static void pci_unregister_io_regions(PCIDevice *pci_dev)
+{
+ PCIIORegion *r;
+ int i;
+
+ for(i = 0; i < PCI_NUM_REGIONS; i++) {
+ r = &pci_dev->io_regions[i];
+ if (!r->size || r->addr == PCI_BAR_UNMAPPED)
+ continue;
+ memory_region_del_subregion(r->address_space, r->memory);
+ }
+
+ pci_unregister_vga(pci_dev);
+}
+
+static int pci_unregister_device(DeviceState *dev)
+{
+ PCIDevice *pci_dev = PCI_DEVICE(dev);
+ PCIDeviceClass *pc = PCI_DEVICE_GET_CLASS(pci_dev);
+
+ pci_unregister_io_regions(pci_dev);
+ pci_del_option_rom(pci_dev);
+
+ if (pc->exit) {
+ pc->exit(pci_dev);
+ }
+
+ do_pci_unregister_device(pci_dev);
+ return 0;
+}
+
+void pci_register_bar(PCIDevice *pci_dev, int region_num,
+ uint8_t type, MemoryRegion *memory)
+{
+ PCIIORegion *r;
+ uint32_t addr;
+ uint64_t wmask;
+ pcibus_t size = memory_region_size(memory);
+
+ assert(region_num >= 0);
+ assert(region_num < PCI_NUM_REGIONS);
+ if (size & (size-1)) {
+ fprintf(stderr, "ERROR: PCI region size must be pow2 "
+ "type=0x%x, size=0x%"FMT_PCIBUS"\n", type, size);
+ exit(1);
+ }
+
+ r = &pci_dev->io_regions[region_num];
+ r->addr = PCI_BAR_UNMAPPED;
+ r->size = size;
+ r->type = type;
+ r->memory = NULL;
+
+ wmask = ~(size - 1);
+ addr = pci_bar(pci_dev, region_num);
+ if (region_num == PCI_ROM_SLOT) {
+ /* ROM enable bit is writable */
+ wmask |= PCI_ROM_ADDRESS_ENABLE;
+ }
+ pci_set_long(pci_dev->config + addr, type);
+ if (!(r->type & PCI_BASE_ADDRESS_SPACE_IO) &&
+ r->type & PCI_BASE_ADDRESS_MEM_TYPE_64) {
+ pci_set_quad(pci_dev->wmask + addr, wmask);
+ pci_set_quad(pci_dev->cmask + addr, ~0ULL);
+ } else {
+ pci_set_long(pci_dev->wmask + addr, wmask & 0xffffffff);
+ pci_set_long(pci_dev->cmask + addr, 0xffffffff);
+ }
+ pci_dev->io_regions[region_num].memory = memory;
+ pci_dev->io_regions[region_num].address_space
+ = type & PCI_BASE_ADDRESS_SPACE_IO
+ ? pci_dev->bus->address_space_io
+ : pci_dev->bus->address_space_mem;
+}
+
+static void pci_update_vga(PCIDevice *pci_dev)
+{
+ uint16_t cmd;
+
+ if (!pci_dev->has_vga) {
+ return;
+ }
+
+ cmd = pci_get_word(pci_dev->config + PCI_COMMAND);
+
+ memory_region_set_enabled(pci_dev->vga_regions[QEMU_PCI_VGA_MEM],
+ cmd & PCI_COMMAND_MEMORY);
+ memory_region_set_enabled(pci_dev->vga_regions[QEMU_PCI_VGA_IO_LO],
+ cmd & PCI_COMMAND_IO);
+ memory_region_set_enabled(pci_dev->vga_regions[QEMU_PCI_VGA_IO_HI],
+ cmd & PCI_COMMAND_IO);
+}
+
+void pci_register_vga(PCIDevice *pci_dev, MemoryRegion *mem,
+ MemoryRegion *io_lo, MemoryRegion *io_hi)
+{
+ assert(!pci_dev->has_vga);
+
+ assert(memory_region_size(mem) == QEMU_PCI_VGA_MEM_SIZE);
+ pci_dev->vga_regions[QEMU_PCI_VGA_MEM] = mem;
+ memory_region_add_subregion_overlap(pci_dev->bus->address_space_mem,
+ QEMU_PCI_VGA_MEM_BASE, mem, 1);
+
+ assert(memory_region_size(io_lo) == QEMU_PCI_VGA_IO_LO_SIZE);
+ pci_dev->vga_regions[QEMU_PCI_VGA_IO_LO] = io_lo;
+ memory_region_add_subregion_overlap(pci_dev->bus->address_space_io,
+ QEMU_PCI_VGA_IO_LO_BASE, io_lo, 1);
+
+ assert(memory_region_size(io_hi) == QEMU_PCI_VGA_IO_HI_SIZE);
+ pci_dev->vga_regions[QEMU_PCI_VGA_IO_HI] = io_hi;
+ memory_region_add_subregion_overlap(pci_dev->bus->address_space_io,
+ QEMU_PCI_VGA_IO_HI_BASE, io_hi, 1);
+ pci_dev->has_vga = true;
+
+ pci_update_vga(pci_dev);
+}
+
+void pci_unregister_vga(PCIDevice *pci_dev)
+{
+ if (!pci_dev->has_vga) {
+ return;
+ }
+
+ memory_region_del_subregion(pci_dev->bus->address_space_mem,
+ pci_dev->vga_regions[QEMU_PCI_VGA_MEM]);
+ memory_region_del_subregion(pci_dev->bus->address_space_io,
+ pci_dev->vga_regions[QEMU_PCI_VGA_IO_LO]);
+ memory_region_del_subregion(pci_dev->bus->address_space_io,
+ pci_dev->vga_regions[QEMU_PCI_VGA_IO_HI]);
+ pci_dev->has_vga = false;
+}
+
+pcibus_t pci_get_bar_addr(PCIDevice *pci_dev, int region_num)
+{
+ return pci_dev->io_regions[region_num].addr;
+}
+
+static pcibus_t pci_bar_address(PCIDevice *d,
+ int reg, uint8_t type, pcibus_t size)
+{
+ pcibus_t new_addr, last_addr;
+ int bar = pci_bar(d, reg);
+ uint16_t cmd = pci_get_word(d->config + PCI_COMMAND);
+
+ if (type & PCI_BASE_ADDRESS_SPACE_IO) {
+ if (!(cmd & PCI_COMMAND_IO)) {
+ return PCI_BAR_UNMAPPED;
+ }
+ new_addr = pci_get_long(d->config + bar) & ~(size - 1);
+ last_addr = new_addr + size - 1;
+ /* NOTE: we have only 64K ioports on PC */
+ if (last_addr <= new_addr || new_addr == 0 || last_addr > UINT16_MAX) {
+ return PCI_BAR_UNMAPPED;
+ }
+ return new_addr;
+ }
+
+ if (!(cmd & PCI_COMMAND_MEMORY)) {
+ return PCI_BAR_UNMAPPED;
+ }
+ if (type & PCI_BASE_ADDRESS_MEM_TYPE_64) {
+ new_addr = pci_get_quad(d->config + bar);
+ } else {
+ new_addr = pci_get_long(d->config + bar);
+ }
+ /* the ROM slot has a specific enable bit */
+ if (reg == PCI_ROM_SLOT && !(new_addr & PCI_ROM_ADDRESS_ENABLE)) {
+ return PCI_BAR_UNMAPPED;
+ }
+ new_addr &= ~(size - 1);
+ last_addr = new_addr + size - 1;
+ /* NOTE: we do not support wrapping */
+ /* XXX: as we cannot support really dynamic
+ mappings, we handle specific values as invalid
+ mappings. */
+ if (last_addr <= new_addr || new_addr == 0 ||
+ last_addr == PCI_BAR_UNMAPPED) {
+ return PCI_BAR_UNMAPPED;
+ }
+
+ /* Now pcibus_t is 64bit.
+ * Check if 32 bit BAR wraps around explicitly.
+ * Without this, PC ide doesn't work well.
+ * TODO: remove this work around.
+ */
+ if (!(type & PCI_BASE_ADDRESS_MEM_TYPE_64) && last_addr >= UINT32_MAX) {
+ return PCI_BAR_UNMAPPED;
+ }
+
+ /*
+ * OS is allowed to set BAR beyond its addressable
+ * bits. For example, 32 bit OS can set 64bit bar
+ * to >4G. Check it. TODO: we might need to support
+ * it in the future for e.g. PAE.
+ */
+ if (last_addr >= HWADDR_MAX) {
+ return PCI_BAR_UNMAPPED;
+ }
+
+ return new_addr;
+}
+
+static void pci_update_mappings(PCIDevice *d)
+{
+ PCIIORegion *r;
+ int i;
+ pcibus_t new_addr;
+
+ for(i = 0; i < PCI_NUM_REGIONS; i++) {
+ r = &d->io_regions[i];
+
+ /* this region isn't registered */
+ if (!r->size)
+ continue;
+
+ new_addr = pci_bar_address(d, i, r->type, r->size);
+
+ /* This bar isn't changed */
+ if (new_addr == r->addr)
+ continue;
+
+ /* now do the real mapping */
+ if (r->addr != PCI_BAR_UNMAPPED) {
+ memory_region_del_subregion(r->address_space, r->memory);
+ }
+ r->addr = new_addr;
+ if (r->addr != PCI_BAR_UNMAPPED) {
+ memory_region_add_subregion_overlap(r->address_space,
+ r->addr, r->memory, 1);
+ }
+ }
+
+ pci_update_vga(d);
+}
+
+static inline int pci_irq_disabled(PCIDevice *d)
+{
+ return pci_get_word(d->config + PCI_COMMAND) & PCI_COMMAND_INTX_DISABLE;
+}
+
+/* Called after interrupt disabled field update in config space,
+ * assert/deassert interrupts if necessary.
+ * Gets original interrupt disable bit value (before update). */
+static void pci_update_irq_disabled(PCIDevice *d, int was_irq_disabled)
+{
+ int i, disabled = pci_irq_disabled(d);
+ if (disabled == was_irq_disabled)
+ return;
+ for (i = 0; i < PCI_NUM_PINS; ++i) {
+ int state = pci_irq_state(d, i);
+ pci_change_irq_level(d, i, disabled ? -state : state);
+ }
+}
+
+uint32_t pci_default_read_config(PCIDevice *d,
+ uint32_t address, int len)
+{
+ uint32_t val = 0;
+
+ memcpy(&val, d->config + address, len);
+ return le32_to_cpu(val);
+}
+
+void pci_default_write_config(PCIDevice *d, uint32_t addr, uint32_t val, int l)
+{
+ int i, was_irq_disabled = pci_irq_disabled(d);
+
+ for (i = 0; i < l; val >>= 8, ++i) {
+ uint8_t wmask = d->wmask[addr + i];
+ uint8_t w1cmask = d->w1cmask[addr + i];
+ assert(!(wmask & w1cmask));
+ d->config[addr + i] = (d->config[addr + i] & ~wmask) | (val & wmask);
+ d->config[addr + i] &= ~(val & w1cmask); /* W1C: Write 1 to Clear */
+ }
+ if (ranges_overlap(addr, l, PCI_BASE_ADDRESS_0, 24) ||
+ ranges_overlap(addr, l, PCI_ROM_ADDRESS, 4) ||
+ ranges_overlap(addr, l, PCI_ROM_ADDRESS1, 4) ||
+ range_covers_byte(addr, l, PCI_COMMAND))
+ pci_update_mappings(d);
+
+ if (range_covers_byte(addr, l, PCI_COMMAND)) {
+ pci_update_irq_disabled(d, was_irq_disabled);
+ memory_region_set_enabled(&d->bus_master_enable_region,
+ pci_get_word(d->config + PCI_COMMAND)
+ & PCI_COMMAND_MASTER);
+ }
+
+ msi_write_config(d, addr, val, l);
+ msix_write_config(d, addr, val, l);
+}
+
+/***********************************************************/
+/* generic PCI irq support */
+
+/* 0 <= irq_num <= 3. level must be 0 or 1 */
+static void pci_set_irq(void *opaque, int irq_num, int level)
+{
+ PCIDevice *pci_dev = opaque;
+ int change;
+
+ change = level - pci_irq_state(pci_dev, irq_num);
+ if (!change)
+ return;
+
+ pci_set_irq_state(pci_dev, irq_num, level);
+ pci_update_irq_status(pci_dev);
+ if (pci_irq_disabled(pci_dev))
+ return;
+ pci_change_irq_level(pci_dev, irq_num, change);
+}
+
+/* Special hooks used by device assignment */
+void pci_bus_set_route_irq_fn(PCIBus *bus, pci_route_irq_fn route_intx_to_irq)
+{
+ assert(pci_bus_is_root(bus));
+ bus->route_intx_to_irq = route_intx_to_irq;
+}
+
+PCIINTxRoute pci_device_route_intx_to_irq(PCIDevice *dev, int pin)
+{
+ PCIBus *bus;
+
+ do {
+ bus = dev->bus;
+ pin = bus->map_irq(dev, pin);
+ dev = bus->parent_dev;
+ } while (dev);
+
+ if (!bus->route_intx_to_irq) {
+ error_report("PCI: Bug - unimplemented PCI INTx routing (%s)",
+ object_get_typename(OBJECT(bus->qbus.parent)));
+ return (PCIINTxRoute) { PCI_INTX_DISABLED, -1 };
+ }
+
+ return bus->route_intx_to_irq(bus->irq_opaque, pin);
+}
+
+bool pci_intx_route_changed(PCIINTxRoute *old, PCIINTxRoute *new)
+{
+ return old->mode != new->mode || old->irq != new->irq;
+}
+
+void pci_bus_fire_intx_routing_notifier(PCIBus *bus)
+{
+ PCIDevice *dev;
+ PCIBus *sec;
+ int i;
+
+ for (i = 0; i < ARRAY_SIZE(bus->devices); ++i) {
+ dev = bus->devices[i];
+ if (dev && dev->intx_routing_notifier) {
+ dev->intx_routing_notifier(dev);
+ }
+ }
+
+ QLIST_FOREACH(sec, &bus->child, sibling) {
+ pci_bus_fire_intx_routing_notifier(sec);
+ }
+}
+
+void pci_device_set_intx_routing_notifier(PCIDevice *dev,
+ PCIINTxRoutingNotifier notifier)
+{
+ dev->intx_routing_notifier = notifier;
+}
+
+/*
+ * PCI-to-PCI bridge specification
+ * 9.1: Interrupt routing. Table 9-1
+ *
+ * the PCI Express Base Specification, Revision 2.1
+ * 2.2.8.1: INTx interrutp signaling - Rules
+ * the Implementation Note
+ * Table 2-20
+ */
+/*
+ * 0 <= pin <= 3 0 = INTA, 1 = INTB, 2 = INTC, 3 = INTD
+ * 0-origin unlike PCI interrupt pin register.
+ */
+int pci_swizzle_map_irq_fn(PCIDevice *pci_dev, int pin)
+{
+ return (pin + PCI_SLOT(pci_dev->devfn)) % PCI_NUM_PINS;
+}
+
+/***********************************************************/
+/* monitor info on PCI */
+
+typedef struct {
+ uint16_t class;
+ const char *desc;
+ const char *fw_name;
+ uint16_t fw_ign_bits;
+} pci_class_desc;
+
+static const pci_class_desc pci_class_descriptions[] =
+{
+ { 0x0001, "VGA controller", "display"},
+ { 0x0100, "SCSI controller", "scsi"},
+ { 0x0101, "IDE controller", "ide"},
+ { 0x0102, "Floppy controller", "fdc"},
+ { 0x0103, "IPI controller", "ipi"},
+ { 0x0104, "RAID controller", "raid"},
+ { 0x0106, "SATA controller"},
+ { 0x0107, "SAS controller"},
+ { 0x0180, "Storage controller"},
+ { 0x0200, "Ethernet controller", "ethernet"},
+ { 0x0201, "Token Ring controller", "token-ring"},
+ { 0x0202, "FDDI controller", "fddi"},
+ { 0x0203, "ATM controller", "atm"},
+ { 0x0280, "Network controller"},
+ { 0x0300, "VGA controller", "display", 0x00ff},
+ { 0x0301, "XGA controller"},
+ { 0x0302, "3D controller"},
+ { 0x0380, "Display controller"},
+ { 0x0400, "Video controller", "video"},
+ { 0x0401, "Audio controller", "sound"},
+ { 0x0402, "Phone"},
+ { 0x0403, "Audio controller", "sound"},
+ { 0x0480, "Multimedia controller"},
+ { 0x0500, "RAM controller", "memory"},
+ { 0x0501, "Flash controller", "flash"},
+ { 0x0580, "Memory controller"},
+ { 0x0600, "Host bridge", "host"},
+ { 0x0601, "ISA bridge", "isa"},
+ { 0x0602, "EISA bridge", "eisa"},
+ { 0x0603, "MC bridge", "mca"},
+ { 0x0604, "PCI bridge", "pci"},
+ { 0x0605, "PCMCIA bridge", "pcmcia"},
+ { 0x0606, "NUBUS bridge", "nubus"},
+ { 0x0607, "CARDBUS bridge", "cardbus"},
+ { 0x0608, "RACEWAY bridge"},
+ { 0x0680, "Bridge"},
+ { 0x0700, "Serial port", "serial"},
+ { 0x0701, "Parallel port", "parallel"},
+ { 0x0800, "Interrupt controller", "interrupt-controller"},
+ { 0x0801, "DMA controller", "dma-controller"},
+ { 0x0802, "Timer", "timer"},
+ { 0x0803, "RTC", "rtc"},
+ { 0x0900, "Keyboard", "keyboard"},
+ { 0x0901, "Pen", "pen"},
+ { 0x0902, "Mouse", "mouse"},
+ { 0x0A00, "Dock station", "dock", 0x00ff},
+ { 0x0B00, "i386 cpu", "cpu", 0x00ff},
+ { 0x0c00, "Fireware contorller", "fireware"},
+ { 0x0c01, "Access bus controller", "access-bus"},
+ { 0x0c02, "SSA controller", "ssa"},
+ { 0x0c03, "USB controller", "usb"},
+ { 0x0c04, "Fibre channel controller", "fibre-channel"},
+ { 0x0c05, "SMBus"},
+ { 0, NULL}
+};
+
+static void pci_for_each_device_under_bus(PCIBus *bus,
+ void (*fn)(PCIBus *b, PCIDevice *d,
+ void *opaque),
+ void *opaque)
+{
+ PCIDevice *d;
+ int devfn;
+
+ for(devfn = 0; devfn < ARRAY_SIZE(bus->devices); devfn++) {
+ d = bus->devices[devfn];
+ if (d) {
+ fn(bus, d, opaque);
+ }
+ }
+}
+
+void pci_for_each_device(PCIBus *bus, int bus_num,
+ void (*fn)(PCIBus *b, PCIDevice *d, void *opaque),
+ void *opaque)
+{
+ bus = pci_find_bus_nr(bus, bus_num);
+
+ if (bus) {
+ pci_for_each_device_under_bus(bus, fn, opaque);
+ }
+}
+
+static const pci_class_desc *get_class_desc(int class)
+{
+ const pci_class_desc *desc;
+
+ desc = pci_class_descriptions;
+ while (desc->desc && class != desc->class) {
+ desc++;
+ }
+
+ return desc;
+}
+
+static PciDeviceInfoList *qmp_query_pci_devices(PCIBus *bus, int bus_num);
+
+static PciMemoryRegionList *qmp_query_pci_regions(const PCIDevice *dev)
+{
+ PciMemoryRegionList *head = NULL, *cur_item = NULL;
+ int i;
+
+ for (i = 0; i < PCI_NUM_REGIONS; i++) {
+ const PCIIORegion *r = &dev->io_regions[i];
+ PciMemoryRegionList *region;
+
+ if (!r->size) {
+ continue;
+ }
+
+ region = g_malloc0(sizeof(*region));
+ region->value = g_malloc0(sizeof(*region->value));
+
+ if (r->type & PCI_BASE_ADDRESS_SPACE_IO) {
+ region->value->type = g_strdup("io");
+ } else {
+ region->value->type = g_strdup("memory");
+ region->value->has_prefetch = true;
+ region->value->prefetch = !!(r->type & PCI_BASE_ADDRESS_MEM_PREFETCH);
+ region->value->has_mem_type_64 = true;
+ region->value->mem_type_64 = !!(r->type & PCI_BASE_ADDRESS_MEM_TYPE_64);
+ }
+
+ region->value->bar = i;
+ region->value->address = r->addr;
+ region->value->size = r->size;
+
+ /* XXX: waiting for the qapi to support GSList */
+ if (!cur_item) {
+ head = cur_item = region;
+ } else {
+ cur_item->next = region;
+ cur_item = region;
+ }
+ }
+
+ return head;
+}
+
+static PciBridgeInfo *qmp_query_pci_bridge(PCIDevice *dev, PCIBus *bus,
+ int bus_num)
+{
+ PciBridgeInfo *info;
+
+ info = g_malloc0(sizeof(*info));
+
+ info->bus.number = dev->config[PCI_PRIMARY_BUS];
+ info->bus.secondary = dev->config[PCI_SECONDARY_BUS];
+ info->bus.subordinate = dev->config[PCI_SUBORDINATE_BUS];
+
+ info->bus.io_range = g_malloc0(sizeof(*info->bus.io_range));
+ info->bus.io_range->base = pci_bridge_get_base(dev, PCI_BASE_ADDRESS_SPACE_IO);
+ info->bus.io_range->limit = pci_bridge_get_limit(dev, PCI_BASE_ADDRESS_SPACE_IO);
+
+ info->bus.memory_range = g_malloc0(sizeof(*info->bus.memory_range));
+ info->bus.memory_range->base = pci_bridge_get_base(dev, PCI_BASE_ADDRESS_SPACE_MEMORY);
+ info->bus.memory_range->limit = pci_bridge_get_limit(dev, PCI_BASE_ADDRESS_SPACE_MEMORY);
+
+ info->bus.prefetchable_range = g_malloc0(sizeof(*info->bus.prefetchable_range));
+ info->bus.prefetchable_range->base = pci_bridge_get_base(dev, PCI_BASE_ADDRESS_MEM_PREFETCH);
+ info->bus.prefetchable_range->limit = pci_bridge_get_limit(dev, PCI_BASE_ADDRESS_MEM_PREFETCH);
+
+ if (dev->config[PCI_SECONDARY_BUS] != 0) {
+ PCIBus *child_bus = pci_find_bus_nr(bus, dev->config[PCI_SECONDARY_BUS]);
+ if (child_bus) {
+ info->has_devices = true;
+ info->devices = qmp_query_pci_devices(child_bus, dev->config[PCI_SECONDARY_BUS]);
+ }
+ }
+
+ return info;
+}
+
+static PciDeviceInfo *qmp_query_pci_device(PCIDevice *dev, PCIBus *bus,
+ int bus_num)
+{
+ const pci_class_desc *desc;
+ PciDeviceInfo *info;
+ uint8_t type;
+ int class;
+
+ info = g_malloc0(sizeof(*info));
+ info->bus = bus_num;
+ info->slot = PCI_SLOT(dev->devfn);
+ info->function = PCI_FUNC(dev->devfn);
+
+ class = pci_get_word(dev->config + PCI_CLASS_DEVICE);
+ info->class_info.class = class;
+ desc = get_class_desc(class);
+ if (desc->desc) {
+ info->class_info.has_desc = true;
+ info->class_info.desc = g_strdup(desc->desc);
+ }
+
+ info->id.vendor = pci_get_word(dev->config + PCI_VENDOR_ID);
+ info->id.device = pci_get_word(dev->config + PCI_DEVICE_ID);
+ info->regions = qmp_query_pci_regions(dev);
+ info->qdev_id = g_strdup(dev->qdev.id ? dev->qdev.id : "");
+
+ if (dev->config[PCI_INTERRUPT_PIN] != 0) {
+ info->has_irq = true;
+ info->irq = dev->config[PCI_INTERRUPT_LINE];
+ }
+
+ type = dev->config[PCI_HEADER_TYPE] & ~PCI_HEADER_TYPE_MULTI_FUNCTION;
+ if (type == PCI_HEADER_TYPE_BRIDGE) {
+ info->has_pci_bridge = true;
+ info->pci_bridge = qmp_query_pci_bridge(dev, bus, bus_num);
+ }
+
+ return info;
+}
+
+static PciDeviceInfoList *qmp_query_pci_devices(PCIBus *bus, int bus_num)
+{
+ PciDeviceInfoList *info, *head = NULL, *cur_item = NULL;
+ PCIDevice *dev;
+ int devfn;
+
+ for (devfn = 0; devfn < ARRAY_SIZE(bus->devices); devfn++) {
+ dev = bus->devices[devfn];
+ if (dev) {
+ info = g_malloc0(sizeof(*info));
+ info->value = qmp_query_pci_device(dev, bus, bus_num);
+
+ /* XXX: waiting for the qapi to support GSList */
+ if (!cur_item) {
+ head = cur_item = info;
+ } else {
+ cur_item->next = info;
+ cur_item = info;
+ }
+ }
+ }
+
+ return head;
+}
+
+static PciInfo *qmp_query_pci_bus(PCIBus *bus, int bus_num)
+{
+ PciInfo *info = NULL;
+
+ bus = pci_find_bus_nr(bus, bus_num);
+ if (bus) {
+ info = g_malloc0(sizeof(*info));
+ info->bus = bus_num;
+ info->devices = qmp_query_pci_devices(bus, bus_num);
+ }
+
+ return info;
+}
+
+PciInfoList *qmp_query_pci(Error **errp)
+{
+ PciInfoList *info, *head = NULL, *cur_item = NULL;
+ PCIHostState *host_bridge;
+
+ QLIST_FOREACH(host_bridge, &pci_host_bridges, next) {
+ info = g_malloc0(sizeof(*info));
+ info->value = qmp_query_pci_bus(host_bridge->bus, 0);
+
+ /* XXX: waiting for the qapi to support GSList */
+ if (!cur_item) {
+ head = cur_item = info;
+ } else {
+ cur_item->next = info;
+ cur_item = info;
+ }
+ }
+
+ return head;
+}
+
+static const char * const pci_nic_models[] = {
+ "ne2k_pci",
+ "i82551",
+ "i82557b",
+ "i82559er",
+ "rtl8139",
+ "e1000",
+ "pcnet",
+ "virtio",
+ NULL
+};
+
+static const char * const pci_nic_names[] = {
+ "ne2k_pci",
+ "i82551",
+ "i82557b",
+ "i82559er",
+ "rtl8139",
+ "e1000",
+ "pcnet",
+ "virtio-net-pci",
+ NULL
+};
+
+/* Initialize a PCI NIC. */
+/* FIXME callers should check for failure, but don't */
+PCIDevice *pci_nic_init(NICInfo *nd, PCIBus *rootbus,
+ const char *default_model,
+ const char *default_devaddr)
+{
+ const char *devaddr = nd->devaddr ? nd->devaddr : default_devaddr;
+ PCIBus *bus;
+ int devfn;
+ PCIDevice *pci_dev;
+ DeviceState *dev;
+ int i;
+
+ i = qemu_find_nic_model(nd, pci_nic_models, default_model);
+ if (i < 0)
+ return NULL;
+
+ bus = pci_get_bus_devfn(&devfn, rootbus, devaddr);
+ if (!bus) {
+ error_report("Invalid PCI device address %s for device %s",
+ devaddr, pci_nic_names[i]);
+ return NULL;
+ }
+
+ pci_dev = pci_create(bus, devfn, pci_nic_names[i]);
+ dev = &pci_dev->qdev;
+ qdev_set_nic_properties(dev, nd);
+ if (qdev_init(dev) < 0)
+ return NULL;
+ return pci_dev;
+}
+
+PCIDevice *pci_nic_init_nofail(NICInfo *nd, PCIBus *rootbus,
+ const char *default_model,
+ const char *default_devaddr)
+{
+ PCIDevice *res;
+
+ if (qemu_show_nic_models(nd->model, pci_nic_models))
+ exit(0);
+
+ res = pci_nic_init(nd, rootbus, default_model, default_devaddr);
+ if (!res)
+ exit(1);
+ return res;
+}
+
+PCIDevice *pci_vga_init(PCIBus *bus)
+{
+ switch (vga_interface_type) {
+ case VGA_CIRRUS:
+ return pci_create_simple(bus, -1, "cirrus-vga");
+ case VGA_QXL:
+ return pci_create_simple(bus, -1, "qxl-vga");
+ case VGA_STD:
+ return pci_create_simple(bus, -1, "VGA");
+ case VGA_VMWARE:
+ return pci_create_simple(bus, -1, "vmware-svga");
+ case VGA_NONE:
+ default: /* Other non-PCI types. Checking for unsupported types is already
+ done in vl.c. */
+ return NULL;
+ }
+}
+
+/* Whether a given bus number is in range of the secondary
+ * bus of the given bridge device. */
+static bool pci_secondary_bus_in_range(PCIDevice *dev, int bus_num)
+{
+ return !(pci_get_word(dev->config + PCI_BRIDGE_CONTROL) &
+ PCI_BRIDGE_CTL_BUS_RESET) /* Don't walk the bus if it's reset. */ &&
+ dev->config[PCI_SECONDARY_BUS] < bus_num &&
+ bus_num <= dev->config[PCI_SUBORDINATE_BUS];
+}
+
+static PCIBus *pci_find_bus_nr(PCIBus *bus, int bus_num)
+{
+ PCIBus *sec;
+
+ if (!bus) {
+ return NULL;
+ }
+
+ if (pci_bus_num(bus) == bus_num) {
+ return bus;
+ }
+
+ /* Consider all bus numbers in range for the host pci bridge. */
+ if (!pci_bus_is_root(bus) &&
+ !pci_secondary_bus_in_range(bus->parent_dev, bus_num)) {
+ return NULL;
+ }
+
+ /* try child bus */
+ for (; bus; bus = sec) {
+ QLIST_FOREACH(sec, &bus->child, sibling) {
+ assert(!pci_bus_is_root(sec));
+ if (sec->parent_dev->config[PCI_SECONDARY_BUS] == bus_num) {
+ return sec;
+ }
+ if (pci_secondary_bus_in_range(sec->parent_dev, bus_num)) {
+ break;
+ }
+ }
+ }
+
+ return NULL;
+}
+
+PCIDevice *pci_find_device(PCIBus *bus, int bus_num, uint8_t devfn)
+{
+ bus = pci_find_bus_nr(bus, bus_num);
+
+ if (!bus)
+ return NULL;
+
+ return bus->devices[devfn];
+}
+
+static int pci_qdev_init(DeviceState *qdev)
+{
+ PCIDevice *pci_dev = (PCIDevice *)qdev;
+ PCIDeviceClass *pc = PCI_DEVICE_GET_CLASS(pci_dev);
+ PCIBus *bus;
+ int rc;
+ bool is_default_rom;
+
+ /* initialize cap_present for pci_is_express() and pci_config_size() */
+ if (pc->is_express) {
+ pci_dev->cap_present |= QEMU_PCI_CAP_EXPRESS;
+ }
+
+ bus = PCI_BUS(qdev_get_parent_bus(qdev));
+ pci_dev = do_pci_register_device(pci_dev, bus,
+ object_get_typename(OBJECT(qdev)),
+ pci_dev->devfn);
+ if (pci_dev == NULL)
+ return -1;
+ if (qdev->hotplugged && pc->no_hotplug) {
+ qerror_report(QERR_DEVICE_NO_HOTPLUG, object_get_typename(OBJECT(pci_dev)));
+ do_pci_unregister_device(pci_dev);
+ return -1;
+ }
+ if (pc->init) {
+ rc = pc->init(pci_dev);
+ if (rc != 0) {
+ do_pci_unregister_device(pci_dev);
+ return rc;
+ }
+ }
+
+ /* rom loading */
+ is_default_rom = false;
+ if (pci_dev->romfile == NULL && pc->romfile != NULL) {
+ pci_dev->romfile = g_strdup(pc->romfile);
+ is_default_rom = true;
+ }
+ pci_add_option_rom(pci_dev, is_default_rom);
+
+ if (bus->hotplug) {
+ /* Let buses differentiate between hotplug and when device is
+ * enabled during qemu machine creation. */
+ rc = bus->hotplug(bus->hotplug_qdev, pci_dev,
+ qdev->hotplugged ? PCI_HOTPLUG_ENABLED:
+ PCI_COLDPLUG_ENABLED);
+ if (rc != 0) {
+ int r = pci_unregister_device(&pci_dev->qdev);
+ assert(!r);
+ return rc;
+ }
+ }
+ return 0;
+}
+
+static int pci_unplug_device(DeviceState *qdev)
+{
+ PCIDevice *dev = PCI_DEVICE(qdev);
+ PCIDeviceClass *pc = PCI_DEVICE_GET_CLASS(dev);
+
+ if (pc->no_hotplug) {
+ qerror_report(QERR_DEVICE_NO_HOTPLUG, object_get_typename(OBJECT(dev)));
+ return -1;
+ }
+ return dev->bus->hotplug(dev->bus->hotplug_qdev, dev,
+ PCI_HOTPLUG_DISABLED);
+}
+
+PCIDevice *pci_create_multifunction(PCIBus *bus, int devfn, bool multifunction,
+ const char *name)
+{
+ DeviceState *dev;
+
+ dev = qdev_create(&bus->qbus, name);
+ qdev_prop_set_int32(dev, "addr", devfn);
+ qdev_prop_set_bit(dev, "multifunction", multifunction);
+ return PCI_DEVICE(dev);
+}
+
+PCIDevice *pci_create_simple_multifunction(PCIBus *bus, int devfn,
+ bool multifunction,
+ const char *name)
+{
+ PCIDevice *dev = pci_create_multifunction(bus, devfn, multifunction, name);
+ qdev_init_nofail(&dev->qdev);
+ return dev;
+}
+
+PCIDevice *pci_create(PCIBus *bus, int devfn, const char *name)
+{
+ return pci_create_multifunction(bus, devfn, false, name);
+}
+
+PCIDevice *pci_create_simple(PCIBus *bus, int devfn, const char *name)
+{
+ return pci_create_simple_multifunction(bus, devfn, false, name);
+}
+
+static uint8_t pci_find_space(PCIDevice *pdev, uint8_t size)
+{
+ int offset = PCI_CONFIG_HEADER_SIZE;
+ int i;
+ for (i = PCI_CONFIG_HEADER_SIZE; i < PCI_CONFIG_SPACE_SIZE; ++i) {
+ if (pdev->used[i])
+ offset = i + 1;
+ else if (i - offset + 1 == size)
+ return offset;
+ }
+ return 0;
+}
+
+static uint8_t pci_find_capability_list(PCIDevice *pdev, uint8_t cap_id,
+ uint8_t *prev_p)
+{
+ uint8_t next, prev;
+
+ if (!(pdev->config[PCI_STATUS] & PCI_STATUS_CAP_LIST))
+ return 0;
+
+ for (prev = PCI_CAPABILITY_LIST; (next = pdev->config[prev]);
+ prev = next + PCI_CAP_LIST_NEXT)
+ if (pdev->config[next + PCI_CAP_LIST_ID] == cap_id)
+ break;
+
+ if (prev_p)
+ *prev_p = prev;
+ return next;
+}
+
+static uint8_t pci_find_capability_at_offset(PCIDevice *pdev, uint8_t offset)
+{
+ uint8_t next, prev, found = 0;
+
+ if (!(pdev->used[offset])) {
+ return 0;
+ }
+
+ assert(pdev->config[PCI_STATUS] & PCI_STATUS_CAP_LIST);
+
+ for (prev = PCI_CAPABILITY_LIST; (next = pdev->config[prev]);
+ prev = next + PCI_CAP_LIST_NEXT) {
+ if (next <= offset && next > found) {
+ found = next;
+ }
+ }
+ return found;
+}
+
+/* Patch the PCI vendor and device ids in a PCI rom image if necessary.
+ This is needed for an option rom which is used for more than one device. */
+static void pci_patch_ids(PCIDevice *pdev, uint8_t *ptr, int size)
+{
+ uint16_t vendor_id;
+ uint16_t device_id;
+ uint16_t rom_vendor_id;
+ uint16_t rom_device_id;
+ uint16_t rom_magic;
+ uint16_t pcir_offset;
+ uint8_t checksum;
+
+ /* Words in rom data are little endian (like in PCI configuration),
+ so they can be read / written with pci_get_word / pci_set_word. */
+
+ /* Only a valid rom will be patched. */
+ rom_magic = pci_get_word(ptr);
+ if (rom_magic != 0xaa55) {
+ PCI_DPRINTF("Bad ROM magic %04x\n", rom_magic);
+ return;
+ }
+ pcir_offset = pci_get_word(ptr + 0x18);
+ if (pcir_offset + 8 >= size || memcmp(ptr + pcir_offset, "PCIR", 4)) {
+ PCI_DPRINTF("Bad PCIR offset 0x%x or signature\n", pcir_offset);
+ return;
+ }
+
+ vendor_id = pci_get_word(pdev->config + PCI_VENDOR_ID);
+ device_id = pci_get_word(pdev->config + PCI_DEVICE_ID);
+ rom_vendor_id = pci_get_word(ptr + pcir_offset + 4);
+ rom_device_id = pci_get_word(ptr + pcir_offset + 6);
+
+ PCI_DPRINTF("%s: ROM id %04x%04x / PCI id %04x%04x\n", pdev->romfile,
+ vendor_id, device_id, rom_vendor_id, rom_device_id);
+
+ checksum = ptr[6];
+
+ if (vendor_id != rom_vendor_id) {
+ /* Patch vendor id and checksum (at offset 6 for etherboot roms). */
+ checksum += (uint8_t)rom_vendor_id + (uint8_t)(rom_vendor_id >> 8);
+ checksum -= (uint8_t)vendor_id + (uint8_t)(vendor_id >> 8);
+ PCI_DPRINTF("ROM checksum %02x / %02x\n", ptr[6], checksum);
+ ptr[6] = checksum;
+ pci_set_word(ptr + pcir_offset + 4, vendor_id);
+ }
+
+ if (device_id != rom_device_id) {
+ /* Patch device id and checksum (at offset 6 for etherboot roms). */
+ checksum += (uint8_t)rom_device_id + (uint8_t)(rom_device_id >> 8);
+ checksum -= (uint8_t)device_id + (uint8_t)(device_id >> 8);
+ PCI_DPRINTF("ROM checksum %02x / %02x\n", ptr[6], checksum);
+ ptr[6] = checksum;
+ pci_set_word(ptr + pcir_offset + 6, device_id);
+ }
+}
+
+/* Add an option rom for the device */
+static int pci_add_option_rom(PCIDevice *pdev, bool is_default_rom)
+{
+ int size;
+ char *path;
+ void *ptr;
+ char name[32];
+ const VMStateDescription *vmsd;
+
+ if (!pdev->romfile)
+ return 0;
+ if (strlen(pdev->romfile) == 0)
+ return 0;
+
+ if (!pdev->rom_bar) {
+ /*
+ * Load rom via fw_cfg instead of creating a rom bar,
+ * for 0.11 compatibility.
+ */
+ int class = pci_get_word(pdev->config + PCI_CLASS_DEVICE);
+ if (class == 0x0300) {
+ rom_add_vga(pdev->romfile);
+ } else {
+ rom_add_option(pdev->romfile, -1);
+ }
+ return 0;
+ }
+
+ path = qemu_find_file(QEMU_FILE_TYPE_BIOS, pdev->romfile);
+ if (path == NULL) {
+ path = g_strdup(pdev->romfile);
+ }
+
+ size = get_image_size(path);
+ if (size < 0) {
+ error_report("%s: failed to find romfile \"%s\"",
+ __func__, pdev->romfile);
+ g_free(path);
+ return -1;
+ } else if (size == 0) {
+ error_report("%s: ignoring empty romfile \"%s\"",
+ __func__, pdev->romfile);
+ g_free(path);
+ return -1;
+ }
+ if (size & (size - 1)) {
+ size = 1 << qemu_fls(size);
+ }
+
+ vmsd = qdev_get_vmsd(DEVICE(pdev));
+
+ if (vmsd) {
+ snprintf(name, sizeof(name), "%s.rom", vmsd->name);
+ } else {
+ snprintf(name, sizeof(name), "%s.rom", object_get_typename(OBJECT(pdev)));
+ }
+ pdev->has_rom = true;
+ memory_region_init_ram(&pdev->rom, OBJECT(pdev), name, size);
+ vmstate_register_ram(&pdev->rom, &pdev->qdev);
+ ptr = memory_region_get_ram_ptr(&pdev->rom);
+ load_image(path, ptr);
+ g_free(path);
+
+ if (is_default_rom) {
+ /* Only the default rom images will be patched (if needed). */
+ pci_patch_ids(pdev, ptr, size);
+ }
+
+ pci_register_bar(pdev, PCI_ROM_SLOT, 0, &pdev->rom);
+
+ return 0;
+}
+
+static void pci_del_option_rom(PCIDevice *pdev)
+{
+ if (!pdev->has_rom)
+ return;
+
+ vmstate_unregister_ram(&pdev->rom, &pdev->qdev);
+ memory_region_destroy(&pdev->rom);
+ pdev->has_rom = false;
+}
+
+/*
+ * if !offset
+ * Reserve space and add capability to the linked list in pci config space
+ *
+ * if offset = 0,
+ * Find and reserve space and add capability to the linked list
+ * in pci config space */
+int pci_add_capability(PCIDevice *pdev, uint8_t cap_id,
+ uint8_t offset, uint8_t size)
+{
+ uint8_t *config;
+ int i, overlapping_cap;
+
+ if (!offset) {
+ offset = pci_find_space(pdev, size);
+ if (!offset) {
+ return -ENOSPC;
+ }
+ } else {
+ /* Verify that capabilities don't overlap. Note: device assignment
+ * depends on this check to verify that the device is not broken.
+ * Should never trigger for emulated devices, but it's helpful
+ * for debugging these. */
+ for (i = offset; i < offset + size; i++) {
+ overlapping_cap = pci_find_capability_at_offset(pdev, i);
+ if (overlapping_cap) {
+ fprintf(stderr, "ERROR: %s:%02x:%02x.%x "
+ "Attempt to add PCI capability %x at offset "
+ "%x overlaps existing capability %x at offset %x\n",
+ pci_root_bus_path(pdev), pci_bus_num(pdev->bus),
+ PCI_SLOT(pdev->devfn), PCI_FUNC(pdev->devfn),
+ cap_id, offset, overlapping_cap, i);
+ return -EINVAL;
+ }
+ }
+ }
+
+ config = pdev->config + offset;
+ config[PCI_CAP_LIST_ID] = cap_id;
+ config[PCI_CAP_LIST_NEXT] = pdev->config[PCI_CAPABILITY_LIST];
+ pdev->config[PCI_CAPABILITY_LIST] = offset;
+ pdev->config[PCI_STATUS] |= PCI_STATUS_CAP_LIST;
+ memset(pdev->used + offset, 0xFF, QEMU_ALIGN_UP(size, 4));
+ /* Make capability read-only by default */
+ memset(pdev->wmask + offset, 0, size);
+ /* Check capability by default */
+ memset(pdev->cmask + offset, 0xFF, size);
+ return offset;
+}
+
+/* Unlink capability from the pci config space. */
+void pci_del_capability(PCIDevice *pdev, uint8_t cap_id, uint8_t size)
+{
+ uint8_t prev, offset = pci_find_capability_list(pdev, cap_id, &prev);
+ if (!offset)
+ return;
+ pdev->config[prev] = pdev->config[offset + PCI_CAP_LIST_NEXT];
+ /* Make capability writable again */
+ memset(pdev->wmask + offset, 0xff, size);
+ memset(pdev->w1cmask + offset, 0, size);
+ /* Clear cmask as device-specific registers can't be checked */
+ memset(pdev->cmask + offset, 0, size);
+ memset(pdev->used + offset, 0, QEMU_ALIGN_UP(size, 4));
+
+ if (!pdev->config[PCI_CAPABILITY_LIST])
+ pdev->config[PCI_STATUS] &= ~PCI_STATUS_CAP_LIST;
+}
+
+uint8_t pci_find_capability(PCIDevice *pdev, uint8_t cap_id)
+{
+ return pci_find_capability_list(pdev, cap_id, NULL);
+}
+
+static void pcibus_dev_print(Monitor *mon, DeviceState *dev, int indent)
+{
+ PCIDevice *d = (PCIDevice *)dev;
+ const pci_class_desc *desc;
+ char ctxt[64];
+ PCIIORegion *r;
+ int i, class;
+
+ class = pci_get_word(d->config + PCI_CLASS_DEVICE);
+ desc = pci_class_descriptions;
+ while (desc->desc && class != desc->class)
+ desc++;
+ if (desc->desc) {
+ snprintf(ctxt, sizeof(ctxt), "%s", desc->desc);
+ } else {
+ snprintf(ctxt, sizeof(ctxt), "Class %04x", class);
+ }
+
+ monitor_printf(mon, "%*sclass %s, addr %02x:%02x.%x, "
+ "pci id %04x:%04x (sub %04x:%04x)\n",
+ indent, "", ctxt, pci_bus_num(d->bus),
+ PCI_SLOT(d->devfn), PCI_FUNC(d->devfn),
+ pci_get_word(d->config + PCI_VENDOR_ID),
+ pci_get_word(d->config + PCI_DEVICE_ID),
+ pci_get_word(d->config + PCI_SUBSYSTEM_VENDOR_ID),
+ pci_get_word(d->config + PCI_SUBSYSTEM_ID));
+ for (i = 0; i < PCI_NUM_REGIONS; i++) {
+ r = &d->io_regions[i];
+ if (!r->size)
+ continue;
+ monitor_printf(mon, "%*sbar %d: %s at 0x%"FMT_PCIBUS
+ " [0x%"FMT_PCIBUS"]\n",
+ indent, "",
+ i, r->type & PCI_BASE_ADDRESS_SPACE_IO ? "i/o" : "mem",
+ r->addr, r->addr + r->size - 1);
+ }
+}
+
+static char *pci_dev_fw_name(DeviceState *dev, char *buf, int len)
+{
+ PCIDevice *d = (PCIDevice *)dev;
+ const char *name = NULL;
+ const pci_class_desc *desc = pci_class_descriptions;
+ int class = pci_get_word(d->config + PCI_CLASS_DEVICE);
+
+ while (desc->desc &&
+ (class & ~desc->fw_ign_bits) !=
+ (desc->class & ~desc->fw_ign_bits)) {
+ desc++;
+ }
+
+ if (desc->desc) {
+ name = desc->fw_name;
+ }
+
+ if (name) {
+ pstrcpy(buf, len, name);
+ } else {
+ snprintf(buf, len, "pci%04x,%04x",
+ pci_get_word(d->config + PCI_VENDOR_ID),
+ pci_get_word(d->config + PCI_DEVICE_ID));
+ }
+
+ return buf;
+}
+
+static char *pcibus_get_fw_dev_path(DeviceState *dev)
+{
+ PCIDevice *d = (PCIDevice *)dev;
+ char path[50], name[33];
+ int off;
+
+ off = snprintf(path, sizeof(path), "%s@%x",
+ pci_dev_fw_name(dev, name, sizeof name),
+ PCI_SLOT(d->devfn));
+ if (PCI_FUNC(d->devfn))
+ snprintf(path + off, sizeof(path) + off, ",%x", PCI_FUNC(d->devfn));
+ return g_strdup(path);
+}
+
+static char *pcibus_get_dev_path(DeviceState *dev)
+{
+ PCIDevice *d = container_of(dev, PCIDevice, qdev);
+ PCIDevice *t;
+ int slot_depth;
+ /* Path format: Domain:00:Slot.Function:Slot.Function....:Slot.Function.
+ * 00 is added here to make this format compatible with
+ * domain:Bus:Slot.Func for systems without nested PCI bridges.
+ * Slot.Function list specifies the slot and function numbers for all
+ * devices on the path from root to the specific device. */
+ const char *root_bus_path;
+ int root_bus_len;
+ char slot[] = ":SS.F";
+ int slot_len = sizeof slot - 1 /* For '\0' */;
+ int path_len;
+ char *path, *p;
+ int s;
+
+ root_bus_path = pci_root_bus_path(d);
+ root_bus_len = strlen(root_bus_path);
+
+ /* Calculate # of slots on path between device and root. */;
+ slot_depth = 0;
+ for (t = d; t; t = t->bus->parent_dev) {
+ ++slot_depth;
+ }
+
+ path_len = root_bus_len + slot_len * slot_depth;
+
+ /* Allocate memory, fill in the terminating null byte. */
+ path = g_malloc(path_len + 1 /* For '\0' */);
+ path[path_len] = '\0';
+
+ memcpy(path, root_bus_path, root_bus_len);
+
+ /* Fill in slot numbers. We walk up from device to root, so need to print
+ * them in the reverse order, last to first. */
+ p = path + path_len;
+ for (t = d; t; t = t->bus->parent_dev) {
+ p -= slot_len;
+ s = snprintf(slot, sizeof slot, ":%02x.%x",
+ PCI_SLOT(t->devfn), PCI_FUNC(t->devfn));
+ assert(s == slot_len);
+ memcpy(p, slot, slot_len);
+ }
+
+ return path;
+}
+
+static int pci_qdev_find_recursive(PCIBus *bus,
+ const char *id, PCIDevice **pdev)
+{
+ DeviceState *qdev = qdev_find_recursive(&bus->qbus, id);
+ if (!qdev) {
+ return -ENODEV;
+ }
+
+ /* roughly check if given qdev is pci device */
+ if (object_dynamic_cast(OBJECT(qdev), TYPE_PCI_DEVICE)) {
+ *pdev = PCI_DEVICE(qdev);
+ return 0;
+ }
+ return -EINVAL;
+}
+
+int pci_qdev_find_device(const char *id, PCIDevice **pdev)
+{
+ PCIHostState *host_bridge;
+ int rc = -ENODEV;
+
+ QLIST_FOREACH(host_bridge, &pci_host_bridges, next) {
+ int tmp = pci_qdev_find_recursive(host_bridge->bus, id, pdev);
+ if (!tmp) {
+ rc = 0;
+ break;
+ }
+ if (tmp != -ENODEV) {
+ rc = tmp;
+ }
+ }
+
+ return rc;
+}
+
+MemoryRegion *pci_address_space(PCIDevice *dev)
+{
+ return dev->bus->address_space_mem;
+}
+
+MemoryRegion *pci_address_space_io(PCIDevice *dev)
+{
+ return dev->bus->address_space_io;
+}
+
+static void pci_device_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *k = DEVICE_CLASS(klass);
+ k->init = pci_qdev_init;
+ k->unplug = pci_unplug_device;
+ k->exit = pci_unregister_device;
+ k->bus_type = TYPE_PCI_BUS;
+ k->props = pci_props;
+}
+
+void pci_setup_iommu(PCIBus *bus, PCIIOMMUFunc fn, void *opaque)
+{
+ bus->iommu_fn = fn;
+ bus->iommu_opaque = opaque;
+}
+
+static const TypeInfo pci_device_type_info = {
+ .name = TYPE_PCI_DEVICE,
+ .parent = TYPE_DEVICE,
+ .instance_size = sizeof(PCIDevice),
+ .abstract = true,
+ .class_size = sizeof(PCIDeviceClass),
+ .class_init = pci_device_class_init,
+};
+
+static void pci_register_types(void)
+{
+ type_register_static(&pci_bus_info);
+ type_register_static(&pcie_bus_info);
+ type_register_static(&pci_device_type_info);
+}
+
+type_init(pci_register_types)
diff --git a/hw/pci/pci_bridge.c b/hw/pci/pci_bridge.c
new file mode 100644
index 000000000..a90671d2f
--- /dev/null
+++ b/hw/pci/pci_bridge.c
@@ -0,0 +1,420 @@
+/*
+ * QEMU PCI bus manager
+ *
+ * Copyright (c) 2004 Fabrice Bellard
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to dea
+
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM
+
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+/*
+ * split out from pci.c
+ * Copyright (c) 2010 Isaku Yamahata <yamahata at valinux co jp>
+ * VA Linux Systems Japan K.K.
+ */
+
+#include "hw/pci/pci_bridge.h"
+#include "hw/pci/pci_bus.h"
+#include "qemu/range.h"
+
+/* PCI bridge subsystem vendor ID helper functions */
+#define PCI_SSVID_SIZEOF 8
+#define PCI_SSVID_SVID 4
+#define PCI_SSVID_SSID 6
+
+int pci_bridge_ssvid_init(PCIDevice *dev, uint8_t offset,
+ uint16_t svid, uint16_t ssid)
+{
+ int pos;
+ pos = pci_add_capability(dev, PCI_CAP_ID_SSVID, offset, PCI_SSVID_SIZEOF);
+ if (pos < 0) {
+ return pos;
+ }
+
+ pci_set_word(dev->config + pos + PCI_SSVID_SVID, svid);
+ pci_set_word(dev->config + pos + PCI_SSVID_SSID, ssid);
+ return pos;
+}
+
+/* Accessor function to get parent bridge device from pci bus. */
+PCIDevice *pci_bridge_get_device(PCIBus *bus)
+{
+ return bus->parent_dev;
+}
+
+/* Accessor function to get secondary bus from pci-to-pci bridge device */
+PCIBus *pci_bridge_get_sec_bus(PCIBridge *br)
+{
+ return &br->sec_bus;
+}
+
+static uint32_t pci_config_get_io_base(const PCIDevice *d,
+ uint32_t base, uint32_t base_upper16)
+{
+ uint32_t val;
+
+ val = ((uint32_t)d->config[base] & PCI_IO_RANGE_MASK) << 8;
+ if (d->config[base] & PCI_IO_RANGE_TYPE_32) {
+ val |= (uint32_t)pci_get_word(d->config + base_upper16) << 16;
+ }
+ return val;
+}
+
+static pcibus_t pci_config_get_memory_base(const PCIDevice *d, uint32_t base)
+{
+ return ((pcibus_t)pci_get_word(d->config + base) & PCI_MEMORY_RANGE_MASK)
+ << 16;
+}
+
+static pcibus_t pci_config_get_pref_base(const PCIDevice *d,
+ uint32_t base, uint32_t upper)
+{
+ pcibus_t tmp;
+ pcibus_t val;
+
+ tmp = (pcibus_t)pci_get_word(d->config + base);
+ val = (tmp & PCI_PREF_RANGE_MASK) << 16;
+ if (tmp & PCI_PREF_RANGE_TYPE_64) {
+ val |= (pcibus_t)pci_get_long(d->config + upper) << 32;
+ }
+ return val;
+}
+
+/* accessor function to get bridge filtering base address */
+pcibus_t pci_bridge_get_base(const PCIDevice *bridge, uint8_t type)
+{
+ pcibus_t base;
+ if (type & PCI_BASE_ADDRESS_SPACE_IO) {
+ base = pci_config_get_io_base(bridge,
+ PCI_IO_BASE, PCI_IO_BASE_UPPER16);
+ } else {
+ if (type & PCI_BASE_ADDRESS_MEM_PREFETCH) {
+ base = pci_config_get_pref_base(
+ bridge, PCI_PREF_MEMORY_BASE, PCI_PREF_BASE_UPPER32);
+ } else {
+ base = pci_config_get_memory_base(bridge, PCI_MEMORY_BASE);
+ }
+ }
+
+ return base;
+}
+
+/* accessor funciton to get bridge filtering limit */
+pcibus_t pci_bridge_get_limit(const PCIDevice *bridge, uint8_t type)
+{
+ pcibus_t limit;
+ if (type & PCI_BASE_ADDRESS_SPACE_IO) {
+ limit = pci_config_get_io_base(bridge,
+ PCI_IO_LIMIT, PCI_IO_LIMIT_UPPER16);
+ limit |= 0xfff; /* PCI bridge spec 3.2.5.6. */
+ } else {
+ if (type & PCI_BASE_ADDRESS_MEM_PREFETCH) {
+ limit = pci_config_get_pref_base(
+ bridge, PCI_PREF_MEMORY_LIMIT, PCI_PREF_LIMIT_UPPER32);
+ } else {
+ limit = pci_config_get_memory_base(bridge, PCI_MEMORY_LIMIT);
+ }
+ limit |= 0xfffff; /* PCI bridge spec 3.2.5.{1, 8}. */
+ }
+ return limit;
+}
+
+static void pci_bridge_init_alias(PCIBridge *bridge, MemoryRegion *alias,
+ uint8_t type, const char *name,
+ MemoryRegion *space,
+ MemoryRegion *parent_space,
+ bool enabled)
+{
+ PCIDevice *bridge_dev = PCI_DEVICE(bridge);
+ pcibus_t base = pci_bridge_get_base(bridge_dev, type);
+ pcibus_t limit = pci_bridge_get_limit(bridge_dev, type);
+ /* TODO: this doesn't handle base = 0 limit = 2^64 - 1 correctly.
+ * Apparently no way to do this with existing memory APIs. */
+ pcibus_t size = enabled && limit >= base ? limit + 1 - base : 0;
+
+ memory_region_init_alias(alias, OBJECT(bridge), name, space, base, size);
+ memory_region_add_subregion_overlap(parent_space, base, alias, 1);
+}
+
+static void pci_bridge_init_vga_aliases(PCIBridge *br, PCIBus *parent,
+ MemoryRegion *alias_vga)
+{
+ PCIDevice *pd = PCI_DEVICE(br);
+ uint16_t brctl = pci_get_word(pd->config + PCI_BRIDGE_CONTROL);
+
+ memory_region_init_alias(&alias_vga[QEMU_PCI_VGA_IO_LO], OBJECT(br),
+ "pci_bridge_vga_io_lo", &br->address_space_io,
+ QEMU_PCI_VGA_IO_LO_BASE, QEMU_PCI_VGA_IO_LO_SIZE);
+ memory_region_init_alias(&alias_vga[QEMU_PCI_VGA_IO_HI], OBJECT(br),
+ "pci_bridge_vga_io_hi", &br->address_space_io,
+ QEMU_PCI_VGA_IO_HI_BASE, QEMU_PCI_VGA_IO_HI_SIZE);
+ memory_region_init_alias(&alias_vga[QEMU_PCI_VGA_MEM], OBJECT(br),
+ "pci_bridge_vga_mem", &br->address_space_mem,
+ QEMU_PCI_VGA_MEM_BASE, QEMU_PCI_VGA_MEM_SIZE);
+
+ if (brctl & PCI_BRIDGE_CTL_VGA) {
+ pci_register_vga(pd, &alias_vga[QEMU_PCI_VGA_MEM],
+ &alias_vga[QEMU_PCI_VGA_IO_LO],
+ &alias_vga[QEMU_PCI_VGA_IO_HI]);
+ }
+}
+
+static PCIBridgeWindows *pci_bridge_region_init(PCIBridge *br)
+{
+ PCIDevice *pd = PCI_DEVICE(br);
+ PCIBus *parent = pd->bus;
+ PCIBridgeWindows *w = g_new(PCIBridgeWindows, 1);
+ uint16_t cmd = pci_get_word(pd->config + PCI_COMMAND);
+
+ pci_bridge_init_alias(br, &w->alias_pref_mem,
+ PCI_BASE_ADDRESS_MEM_PREFETCH,
+ "pci_bridge_pref_mem",
+ &br->address_space_mem,
+ parent->address_space_mem,
+ cmd & PCI_COMMAND_MEMORY);
+ pci_bridge_init_alias(br, &w->alias_mem,
+ PCI_BASE_ADDRESS_SPACE_MEMORY,
+ "pci_bridge_mem",
+ &br->address_space_mem,
+ parent->address_space_mem,
+ cmd & PCI_COMMAND_MEMORY);
+ pci_bridge_init_alias(br, &w->alias_io,
+ PCI_BASE_ADDRESS_SPACE_IO,
+ "pci_bridge_io",
+ &br->address_space_io,
+ parent->address_space_io,
+ cmd & PCI_COMMAND_IO);
+
+ pci_bridge_init_vga_aliases(br, parent, w->alias_vga);
+
+ return w;
+}
+
+static void pci_bridge_region_del(PCIBridge *br, PCIBridgeWindows *w)
+{
+ PCIDevice *pd = PCI_DEVICE(br);
+ PCIBus *parent = pd->bus;
+
+ memory_region_del_subregion(parent->address_space_io, &w->alias_io);
+ memory_region_del_subregion(parent->address_space_mem, &w->alias_mem);
+ memory_region_del_subregion(parent->address_space_mem, &w->alias_pref_mem);
+ pci_unregister_vga(pd);
+}
+
+static void pci_bridge_region_cleanup(PCIBridge *br, PCIBridgeWindows *w)
+{
+ memory_region_destroy(&w->alias_io);
+ memory_region_destroy(&w->alias_mem);
+ memory_region_destroy(&w->alias_pref_mem);
+ memory_region_destroy(&w->alias_vga[QEMU_PCI_VGA_IO_LO]);
+ memory_region_destroy(&w->alias_vga[QEMU_PCI_VGA_IO_HI]);
+ memory_region_destroy(&w->alias_vga[QEMU_PCI_VGA_MEM]);
+ g_free(w);
+}
+
+void pci_bridge_update_mappings(PCIBridge *br)
+{
+ PCIBridgeWindows *w = br->windows;
+
+ /* Make updates atomic to: handle the case of one VCPU updating the bridge
+ * while another accesses an unaffected region. */
+ memory_region_transaction_begin();
+ pci_bridge_region_del(br, br->windows);
+ br->windows = pci_bridge_region_init(br);
+ memory_region_transaction_commit();
+ pci_bridge_region_cleanup(br, w);
+}
+
+/* default write_config function for PCI-to-PCI bridge */
+void pci_bridge_write_config(PCIDevice *d,
+ uint32_t address, uint32_t val, int len)
+{
+ PCIBridge *s = PCI_BRIDGE(d);
+ uint16_t oldctl = pci_get_word(d->config + PCI_BRIDGE_CONTROL);
+ uint16_t newctl;
+
+ pci_default_write_config(d, address, val, len);
+
+ if (ranges_overlap(address, len, PCI_COMMAND, 2) ||
+
+ /* io base/limit */
+ ranges_overlap(address, len, PCI_IO_BASE, 2) ||
+
+ /* memory base/limit, prefetchable base/limit and
+ io base/limit upper 16 */
+ ranges_overlap(address, len, PCI_MEMORY_BASE, 20) ||
+
+ /* vga enable */
+ ranges_overlap(address, len, PCI_BRIDGE_CONTROL, 2)) {
+ pci_bridge_update_mappings(s);
+ }
+
+ newctl = pci_get_word(d->config + PCI_BRIDGE_CONTROL);
+ if (~oldctl & newctl & PCI_BRIDGE_CTL_BUS_RESET) {
+ /* Trigger hot reset on 0->1 transition. */
+ pci_bus_reset(&s->sec_bus);
+ }
+}
+
+void pci_bridge_disable_base_limit(PCIDevice *dev)
+{
+ uint8_t *conf = dev->config;
+
+ pci_byte_test_and_set_mask(conf + PCI_IO_BASE,
+ PCI_IO_RANGE_MASK & 0xff);
+ pci_byte_test_and_clear_mask(conf + PCI_IO_LIMIT,
+ PCI_IO_RANGE_MASK & 0xff);
+ pci_word_test_and_set_mask(conf + PCI_MEMORY_BASE,
+ PCI_MEMORY_RANGE_MASK & 0xffff);
+ pci_word_test_and_clear_mask(conf + PCI_MEMORY_LIMIT,
+ PCI_MEMORY_RANGE_MASK & 0xffff);
+ pci_word_test_and_set_mask(conf + PCI_PREF_MEMORY_BASE,
+ PCI_PREF_RANGE_MASK & 0xffff);
+ pci_word_test_and_clear_mask(conf + PCI_PREF_MEMORY_LIMIT,
+ PCI_PREF_RANGE_MASK & 0xffff);
+ pci_set_long(conf + PCI_PREF_BASE_UPPER32, 0);
+ pci_set_long(conf + PCI_PREF_LIMIT_UPPER32, 0);
+}
+
+/* reset bridge specific configuration registers */
+void pci_bridge_reset(DeviceState *qdev)
+{
+ PCIDevice *dev = PCI_DEVICE(qdev);
+ uint8_t *conf = dev->config;
+
+ conf[PCI_PRIMARY_BUS] = 0;
+ conf[PCI_SECONDARY_BUS] = 0;
+ conf[PCI_SUBORDINATE_BUS] = 0;
+ conf[PCI_SEC_LATENCY_TIMER] = 0;
+
+ /*
+ * the default values for base/limit registers aren't specified
+ * in the PCI-to-PCI-bridge spec. So we don't thouch them here.
+ * Each implementation can override it.
+ * typical implementation does
+ * zero base/limit registers or
+ * disable forwarding: pci_bridge_disable_base_limit()
+ * If disable forwarding is wanted, call pci_bridge_disable_base_limit()
+ * after this function.
+ */
+ pci_byte_test_and_clear_mask(conf + PCI_IO_BASE,
+ PCI_IO_RANGE_MASK & 0xff);
+ pci_byte_test_and_clear_mask(conf + PCI_IO_LIMIT,
+ PCI_IO_RANGE_MASK & 0xff);
+ pci_word_test_and_clear_mask(conf + PCI_MEMORY_BASE,
+ PCI_MEMORY_RANGE_MASK & 0xffff);
+ pci_word_test_and_clear_mask(conf + PCI_MEMORY_LIMIT,
+ PCI_MEMORY_RANGE_MASK & 0xffff);
+ pci_word_test_and_clear_mask(conf + PCI_PREF_MEMORY_BASE,
+ PCI_PREF_RANGE_MASK & 0xffff);
+ pci_word_test_and_clear_mask(conf + PCI_PREF_MEMORY_LIMIT,
+ PCI_PREF_RANGE_MASK & 0xffff);
+ pci_set_long(conf + PCI_PREF_BASE_UPPER32, 0);
+ pci_set_long(conf + PCI_PREF_LIMIT_UPPER32, 0);
+
+ pci_set_word(conf + PCI_BRIDGE_CONTROL, 0);
+}
+
+/* default qdev initialization function for PCI-to-PCI bridge */
+int pci_bridge_initfn(PCIDevice *dev, const char *typename)
+{
+ PCIBus *parent = dev->bus;
+ PCIBridge *br = PCI_BRIDGE(dev);
+ PCIBus *sec_bus = &br->sec_bus;
+
+ pci_word_test_and_set_mask(dev->config + PCI_STATUS,
+ PCI_STATUS_66MHZ | PCI_STATUS_FAST_BACK);
+
+ /*
+ * TODO: We implement VGA Enable in the Bridge Control Register
+ * therefore per the PCI to PCI bridge spec we must also implement
+ * VGA Palette Snooping. When done, set this bit writable:
+ *
+ * pci_word_test_and_set_mask(dev->wmask + PCI_COMMAND,
+ * PCI_COMMAND_VGA_PALETTE);
+ */
+
+ pci_config_set_class(dev->config, PCI_CLASS_BRIDGE_PCI);
+ dev->config[PCI_HEADER_TYPE] =
+ (dev->config[PCI_HEADER_TYPE] & PCI_HEADER_TYPE_MULTI_FUNCTION) |
+ PCI_HEADER_TYPE_BRIDGE;
+ pci_set_word(dev->config + PCI_SEC_STATUS,
+ PCI_STATUS_66MHZ | PCI_STATUS_FAST_BACK);
+
+ /*
+ * If we don't specify the name, the bus will be addressed as <id>.0, where
+ * id is the device id.
+ * Since PCI Bridge devices have a single bus each, we don't need the index:
+ * let users address the bus using the device name.
+ */
+ if (!br->bus_name && dev->qdev.id && *dev->qdev.id) {
+ br->bus_name = dev->qdev.id;
+ }
+
+ qbus_create_inplace(&sec_bus->qbus, typename, &dev->qdev, br->bus_name);
+ sec_bus->parent_dev = dev;
+ sec_bus->map_irq = br->map_irq ? br->map_irq : pci_swizzle_map_irq_fn;
+ sec_bus->address_space_mem = &br->address_space_mem;
+ memory_region_init(&br->address_space_mem, OBJECT(br), "pci_bridge_pci", INT64_MAX);
+ sec_bus->address_space_io = &br->address_space_io;
+ memory_region_init(&br->address_space_io, OBJECT(br), "pci_bridge_io", 65536);
+ br->windows = pci_bridge_region_init(br);
+ QLIST_INIT(&sec_bus->child);
+ QLIST_INSERT_HEAD(&parent->child, sec_bus, sibling);
+ return 0;
+}
+
+/* default qdev clean up function for PCI-to-PCI bridge */
+void pci_bridge_exitfn(PCIDevice *pci_dev)
+{
+ PCIBridge *s = PCI_BRIDGE(pci_dev);
+ assert(QLIST_EMPTY(&s->sec_bus.child));
+ QLIST_REMOVE(&s->sec_bus, sibling);
+ pci_bridge_region_del(s, s->windows);
+ pci_bridge_region_cleanup(s, s->windows);
+ memory_region_destroy(&s->address_space_mem);
+ memory_region_destroy(&s->address_space_io);
+ /* qbus_free() is called automatically by qdev_free() */
+}
+
+/*
+ * before qdev initialization(qdev_init()), this function sets bus_name and
+ * map_irq callback which are necessry for pci_bridge_initfn() to
+ * initialize bus.
+ */
+void pci_bridge_map_irq(PCIBridge *br, const char* bus_name,
+ pci_map_irq_fn map_irq)
+{
+ br->map_irq = map_irq;
+ br->bus_name = bus_name;
+}
+
+static const TypeInfo pci_bridge_type_info = {
+ .name = TYPE_PCI_BRIDGE,
+ .parent = TYPE_PCI_DEVICE,
+ .instance_size = sizeof(PCIBridge),
+ .abstract = true,
+};
+
+static void pci_bridge_register_types(void)
+{
+ type_register_static(&pci_bridge_type_info);
+}
+
+type_init(pci_bridge_register_types)
diff --git a/hw/pci/pci_host.c b/hw/pci/pci_host.c
new file mode 100644
index 000000000..7dd9b2560
--- /dev/null
+++ b/hw/pci/pci_host.c
@@ -0,0 +1,181 @@
+/*
+ * pci_host.c
+ *
+ * Copyright (c) 2009 Isaku Yamahata <yamahata at valinux co jp>
+ * VA Linux Systems Japan K.K.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "hw/pci/pci.h"
+#include "hw/pci/pci_host.h"
+
+/* debug PCI */
+//#define DEBUG_PCI
+
+#ifdef DEBUG_PCI
+#define PCI_DPRINTF(fmt, ...) \
+do { printf("pci_host_data: " fmt , ## __VA_ARGS__); } while (0)
+#else
+#define PCI_DPRINTF(fmt, ...)
+#endif
+
+/*
+ * PCI address
+ * bit 16 - 24: bus number
+ * bit 8 - 15: devfun number
+ * bit 0 - 7: offset in configuration space of a given pci device
+ */
+
+/* the helper function to get a PCIDevice* for a given pci address */
+static inline PCIDevice *pci_dev_find_by_addr(PCIBus *bus, uint32_t addr)
+{
+ uint8_t bus_num = addr >> 16;
+ uint8_t devfn = addr >> 8;
+
+ return pci_find_device(bus, bus_num, devfn);
+}
+
+void pci_host_config_write_common(PCIDevice *pci_dev, uint32_t addr,
+ uint32_t limit, uint32_t val, uint32_t len)
+{
+ assert(len <= 4);
+ pci_dev->config_write(pci_dev, addr, val, MIN(len, limit - addr));
+}
+
+uint32_t pci_host_config_read_common(PCIDevice *pci_dev, uint32_t addr,
+ uint32_t limit, uint32_t len)
+{
+ assert(len <= 4);
+ return pci_dev->config_read(pci_dev, addr, MIN(len, limit - addr));
+}
+
+void pci_data_write(PCIBus *s, uint32_t addr, uint32_t val, int len)
+{
+ PCIDevice *pci_dev = pci_dev_find_by_addr(s, addr);
+ uint32_t config_addr = addr & (PCI_CONFIG_SPACE_SIZE - 1);
+
+ if (!pci_dev) {
+ return;
+ }
+
+ PCI_DPRINTF("%s: %s: addr=%02" PRIx32 " val=%08" PRIx32 " len=%d\n",
+ __func__, pci_dev->name, config_addr, val, len);
+ pci_host_config_write_common(pci_dev, config_addr, PCI_CONFIG_SPACE_SIZE,
+ val, len);
+}
+
+uint32_t pci_data_read(PCIBus *s, uint32_t addr, int len)
+{
+ PCIDevice *pci_dev = pci_dev_find_by_addr(s, addr);
+ uint32_t config_addr = addr & (PCI_CONFIG_SPACE_SIZE - 1);
+ uint32_t val;
+
+ if (!pci_dev) {
+ return ~0x0;
+ }
+
+ val = pci_host_config_read_common(pci_dev, config_addr,
+ PCI_CONFIG_SPACE_SIZE, len);
+ PCI_DPRINTF("%s: %s: addr=%02"PRIx32" val=%08"PRIx32" len=%d\n",
+ __func__, pci_dev->name, config_addr, val, len);
+
+ return val;
+}
+
+static void pci_host_config_write(void *opaque, hwaddr addr,
+ uint64_t val, unsigned len)
+{
+ PCIHostState *s = opaque;
+
+ PCI_DPRINTF("%s addr " TARGET_FMT_plx " len %d val %"PRIx64"\n",
+ __func__, addr, len, val);
+ if (addr != 0 || len != 4) {
+ return;
+ }
+ s->config_reg = val;
+}
+
+static uint64_t pci_host_config_read(void *opaque, hwaddr addr,
+ unsigned len)
+{
+ PCIHostState *s = opaque;
+ uint32_t val = s->config_reg;
+
+ PCI_DPRINTF("%s addr " TARGET_FMT_plx " len %d val %"PRIx32"\n",
+ __func__, addr, len, val);
+ return val;
+}
+
+static void pci_host_data_write(void *opaque, hwaddr addr,
+ uint64_t val, unsigned len)
+{
+ PCIHostState *s = opaque;
+ PCI_DPRINTF("write addr " TARGET_FMT_plx " len %d val %x\n",
+ addr, len, (unsigned)val);
+ if (s->config_reg & (1u << 31))
+ pci_data_write(s->bus, s->config_reg | (addr & 3), val, len);
+}
+
+static uint64_t pci_host_data_read(void *opaque,
+ hwaddr addr, unsigned len)
+{
+ PCIHostState *s = opaque;
+ uint32_t val;
+ if (!(s->config_reg & (1 << 31)))
+ return 0xffffffff;
+ val = pci_data_read(s->bus, s->config_reg | (addr & 3), len);
+ PCI_DPRINTF("read addr " TARGET_FMT_plx " len %d val %x\n",
+ addr, len, val);
+ return val;
+}
+
+const MemoryRegionOps pci_host_conf_le_ops = {
+ .read = pci_host_config_read,
+ .write = pci_host_config_write,
+ .endianness = DEVICE_LITTLE_ENDIAN,
+};
+
+const MemoryRegionOps pci_host_conf_be_ops = {
+ .read = pci_host_config_read,
+ .write = pci_host_config_write,
+ .endianness = DEVICE_BIG_ENDIAN,
+};
+
+const MemoryRegionOps pci_host_data_le_ops = {
+ .read = pci_host_data_read,
+ .write = pci_host_data_write,
+ .endianness = DEVICE_LITTLE_ENDIAN,
+};
+
+const MemoryRegionOps pci_host_data_be_ops = {
+ .read = pci_host_data_read,
+ .write = pci_host_data_write,
+ .endianness = DEVICE_BIG_ENDIAN,
+};
+
+static const TypeInfo pci_host_type_info = {
+ .name = TYPE_PCI_HOST_BRIDGE,
+ .parent = TYPE_SYS_BUS_DEVICE,
+ .abstract = true,
+ .class_size = sizeof(PCIHostBridgeClass),
+ .instance_size = sizeof(PCIHostState),
+};
+
+static void pci_host_register_types(void)
+{
+ type_register_static(&pci_host_type_info);
+}
+
+type_init(pci_host_register_types)
diff --git a/hw/pci/pcie.c b/hw/pci/pcie.c
new file mode 100644
index 000000000..50af3c1df
--- /dev/null
+++ b/hw/pci/pcie.c
@@ -0,0 +1,571 @@
+/*
+ * pcie.c
+ *
+ * Copyright (c) 2010 Isaku Yamahata <yamahata at valinux co jp>
+ * VA Linux Systems Japan K.K.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "qemu-common.h"
+#include "hw/pci/pci_bridge.h"
+#include "hw/pci/pcie.h"
+#include "hw/pci/msix.h"
+#include "hw/pci/msi.h"
+#include "hw/pci/pci_bus.h"
+#include "hw/pci/pcie_regs.h"
+#include "qemu/range.h"
+
+//#define DEBUG_PCIE
+#ifdef DEBUG_PCIE
+# define PCIE_DPRINTF(fmt, ...) \
+ fprintf(stderr, "%s:%d " fmt, __func__, __LINE__, ## __VA_ARGS__)
+#else
+# define PCIE_DPRINTF(fmt, ...) do {} while (0)
+#endif
+#define PCIE_DEV_PRINTF(dev, fmt, ...) \
+ PCIE_DPRINTF("%s:%x "fmt, (dev)->name, (dev)->devfn, ## __VA_ARGS__)
+
+
+/***************************************************************************
+ * pci express capability helper functions
+ */
+int pcie_cap_init(PCIDevice *dev, uint8_t offset, uint8_t type, uint8_t port)
+{
+ int pos;
+ uint8_t *exp_cap;
+
+ assert(pci_is_express(dev));
+
+ pos = pci_add_capability(dev, PCI_CAP_ID_EXP, offset,
+ PCI_EXP_VER2_SIZEOF);
+ if (pos < 0) {
+ return pos;
+ }
+ dev->exp.exp_cap = pos;
+ exp_cap = dev->config + pos;
+
+ /* capability register
+ interrupt message number defaults to 0 */
+ pci_set_word(exp_cap + PCI_EXP_FLAGS,
+ ((type << PCI_EXP_FLAGS_TYPE_SHIFT) & PCI_EXP_FLAGS_TYPE) |
+ PCI_EXP_FLAGS_VER2);
+
+ /* device capability register
+ * table 7-12:
+ * roll based error reporting bit must be set by all
+ * Functions conforming to the ECN, PCI Express Base
+ * Specification, Revision 1.1., or subsequent PCI Express Base
+ * Specification revisions.
+ */
+ pci_set_long(exp_cap + PCI_EXP_DEVCAP, PCI_EXP_DEVCAP_RBER);
+
+ pci_set_long(exp_cap + PCI_EXP_LNKCAP,
+ (port << PCI_EXP_LNKCAP_PN_SHIFT) |
+ PCI_EXP_LNKCAP_ASPMS_0S |
+ PCI_EXP_LNK_MLW_1 |
+ PCI_EXP_LNK_LS_25);
+
+ pci_set_word(exp_cap + PCI_EXP_LNKSTA,
+ PCI_EXP_LNK_MLW_1 | PCI_EXP_LNK_LS_25);
+
+ pci_set_long(exp_cap + PCI_EXP_DEVCAP2,
+ PCI_EXP_DEVCAP2_EFF | PCI_EXP_DEVCAP2_EETLPP);
+
+ pci_set_word(dev->wmask + pos, PCI_EXP_DEVCTL2_EETLPPB);
+ return pos;
+}
+
+int pcie_endpoint_cap_init(PCIDevice *dev, uint8_t offset)
+{
+ uint8_t type = PCI_EXP_TYPE_ENDPOINT;
+
+ /*
+ * Windows guests will report Code 10, device cannot start, if
+ * a regular Endpoint type is exposed on a root complex. These
+ * should instead be Root Complex Integrated Endpoints.
+ */
+ if (pci_bus_is_express(dev->bus) && pci_bus_is_root(dev->bus)) {
+ type = PCI_EXP_TYPE_RC_END;
+ }
+
+ return pcie_cap_init(dev, offset, type, 0);
+}
+
+void pcie_cap_exit(PCIDevice *dev)
+{
+ pci_del_capability(dev, PCI_CAP_ID_EXP, PCI_EXP_VER2_SIZEOF);
+}
+
+uint8_t pcie_cap_get_type(const PCIDevice *dev)
+{
+ uint32_t pos = dev->exp.exp_cap;
+ assert(pos > 0);
+ return (pci_get_word(dev->config + pos + PCI_EXP_FLAGS) &
+ PCI_EXP_FLAGS_TYPE) >> PCI_EXP_FLAGS_TYPE_SHIFT;
+}
+
+/* MSI/MSI-X */
+/* pci express interrupt message number */
+/* 7.8.2 PCI Express Capabilities Register: Interrupt Message Number */
+void pcie_cap_flags_set_vector(PCIDevice *dev, uint8_t vector)
+{
+ uint8_t *exp_cap = dev->config + dev->exp.exp_cap;
+ assert(vector < 32);
+ pci_word_test_and_clear_mask(exp_cap + PCI_EXP_FLAGS, PCI_EXP_FLAGS_IRQ);
+ pci_word_test_and_set_mask(exp_cap + PCI_EXP_FLAGS,
+ vector << PCI_EXP_FLAGS_IRQ_SHIFT);
+}
+
+uint8_t pcie_cap_flags_get_vector(PCIDevice *dev)
+{
+ return (pci_get_word(dev->config + dev->exp.exp_cap + PCI_EXP_FLAGS) &
+ PCI_EXP_FLAGS_IRQ) >> PCI_EXP_FLAGS_IRQ_SHIFT;
+}
+
+void pcie_cap_deverr_init(PCIDevice *dev)
+{
+ uint32_t pos = dev->exp.exp_cap;
+ pci_long_test_and_set_mask(dev->config + pos + PCI_EXP_DEVCAP,
+ PCI_EXP_DEVCAP_RBER);
+ pci_long_test_and_set_mask(dev->wmask + pos + PCI_EXP_DEVCTL,
+ PCI_EXP_DEVCTL_CERE | PCI_EXP_DEVCTL_NFERE |
+ PCI_EXP_DEVCTL_FERE | PCI_EXP_DEVCTL_URRE);
+ pci_long_test_and_set_mask(dev->w1cmask + pos + PCI_EXP_DEVSTA,
+ PCI_EXP_DEVSTA_CED | PCI_EXP_DEVSTA_NFED |
+ PCI_EXP_DEVSTA_URD | PCI_EXP_DEVSTA_URD);
+}
+
+void pcie_cap_deverr_reset(PCIDevice *dev)
+{
+ uint8_t *devctl = dev->config + dev->exp.exp_cap + PCI_EXP_DEVCTL;
+ pci_long_test_and_clear_mask(devctl,
+ PCI_EXP_DEVCTL_CERE | PCI_EXP_DEVCTL_NFERE |
+ PCI_EXP_DEVCTL_FERE | PCI_EXP_DEVCTL_URRE);
+}
+
+static void hotplug_event_update_event_status(PCIDevice *dev)
+{
+ uint32_t pos = dev->exp.exp_cap;
+ uint8_t *exp_cap = dev->config + pos;
+ uint16_t sltctl = pci_get_word(exp_cap + PCI_EXP_SLTCTL);
+ uint16_t sltsta = pci_get_word(exp_cap + PCI_EXP_SLTSTA);
+
+ dev->exp.hpev_notified = (sltctl & PCI_EXP_SLTCTL_HPIE) &&
+ (sltsta & sltctl & PCI_EXP_HP_EV_SUPPORTED);
+}
+
+static void hotplug_event_notify(PCIDevice *dev)
+{
+ bool prev = dev->exp.hpev_notified;
+
+ hotplug_event_update_event_status(dev);
+
+ if (prev == dev->exp.hpev_notified) {
+ return;
+ }
+
+ /* Note: the logic above does not take into account whether interrupts
+ * are masked. The result is that interrupt will be sent when it is
+ * subsequently unmasked. This appears to be legal: Section 6.7.3.4:
+ * The Port may optionally send an MSI when there are hot-plug events that
+ * occur while interrupt generation is disabled, and interrupt generation is
+ * subsequently enabled. */
+ if (msix_enabled(dev)) {
+ msix_notify(dev, pcie_cap_flags_get_vector(dev));
+ } else if (msi_enabled(dev)) {
+ msi_notify(dev, pcie_cap_flags_get_vector(dev));
+ } else {
+ qemu_set_irq(dev->irq[dev->exp.hpev_intx], dev->exp.hpev_notified);
+ }
+}
+
+static void hotplug_event_clear(PCIDevice *dev)
+{
+ hotplug_event_update_event_status(dev);
+ if (!msix_enabled(dev) && !msi_enabled(dev) && !dev->exp.hpev_notified) {
+ qemu_set_irq(dev->irq[dev->exp.hpev_intx], 0);
+ }
+}
+
+/*
+ * A PCI Express Hot-Plug Event has occurred, so update slot status register
+ * and notify OS of the event if necessary.
+ *
+ * 6.7.3 PCI Express Hot-Plug Events
+ * 6.7.3.4 Software Notification of Hot-Plug Events
+ */
+static void pcie_cap_slot_event(PCIDevice *dev, PCIExpressHotPlugEvent event)
+{
+ /* Minor optimization: if nothing changed - no event is needed. */
+ if (pci_word_test_and_set_mask(dev->config + dev->exp.exp_cap +
+ PCI_EXP_SLTSTA, event)) {
+ return;
+ }
+ hotplug_event_notify(dev);
+}
+
+static int pcie_cap_slot_hotplug(DeviceState *qdev,
+ PCIDevice *pci_dev, PCIHotplugState state)
+{
+ PCIDevice *d = PCI_DEVICE(qdev);
+ uint8_t *exp_cap = d->config + d->exp.exp_cap;
+ uint16_t sltsta = pci_get_word(exp_cap + PCI_EXP_SLTSTA);
+
+ /* Don't send event when device is enabled during qemu machine creation:
+ * it is present on boot, no hotplug event is necessary. We do send an
+ * event when the device is disabled later. */
+ if (state == PCI_COLDPLUG_ENABLED) {
+ pci_word_test_and_set_mask(exp_cap + PCI_EXP_SLTSTA,
+ PCI_EXP_SLTSTA_PDS);
+ return 0;
+ }
+
+ PCIE_DEV_PRINTF(pci_dev, "hotplug state: %d\n", state);
+ if (sltsta & PCI_EXP_SLTSTA_EIS) {
+ /* the slot is electromechanically locked.
+ * This error is propagated up to qdev and then to HMP/QMP.
+ */
+ return -EBUSY;
+ }
+
+ /* TODO: multifunction hot-plug.
+ * Right now, only a device of function = 0 is allowed to be
+ * hot plugged/unplugged.
+ */
+ assert(PCI_FUNC(pci_dev->devfn) == 0);
+
+ if (state == PCI_HOTPLUG_ENABLED) {
+ pci_word_test_and_set_mask(exp_cap + PCI_EXP_SLTSTA,
+ PCI_EXP_SLTSTA_PDS);
+ pcie_cap_slot_event(d, PCI_EXP_HP_EV_PDC);
+ } else {
+ qdev_free(&pci_dev->qdev);
+ pci_word_test_and_clear_mask(exp_cap + PCI_EXP_SLTSTA,
+ PCI_EXP_SLTSTA_PDS);
+ pcie_cap_slot_event(d, PCI_EXP_HP_EV_PDC);
+ }
+ return 0;
+}
+
+/* pci express slot for pci express root/downstream port
+ PCI express capability slot registers */
+void pcie_cap_slot_init(PCIDevice *dev, uint16_t slot)
+{
+ uint32_t pos = dev->exp.exp_cap;
+
+ pci_word_test_and_set_mask(dev->config + pos + PCI_EXP_FLAGS,
+ PCI_EXP_FLAGS_SLOT);
+
+ pci_long_test_and_clear_mask(dev->config + pos + PCI_EXP_SLTCAP,
+ ~PCI_EXP_SLTCAP_PSN);
+ pci_long_test_and_set_mask(dev->config + pos + PCI_EXP_SLTCAP,
+ (slot << PCI_EXP_SLTCAP_PSN_SHIFT) |
+ PCI_EXP_SLTCAP_EIP |
+ PCI_EXP_SLTCAP_HPS |
+ PCI_EXP_SLTCAP_HPC |
+ PCI_EXP_SLTCAP_PIP |
+ PCI_EXP_SLTCAP_AIP |
+ PCI_EXP_SLTCAP_ABP);
+
+ pci_word_test_and_clear_mask(dev->config + pos + PCI_EXP_SLTCTL,
+ PCI_EXP_SLTCTL_PIC |
+ PCI_EXP_SLTCTL_AIC);
+ pci_word_test_and_set_mask(dev->config + pos + PCI_EXP_SLTCTL,
+ PCI_EXP_SLTCTL_PIC_OFF |
+ PCI_EXP_SLTCTL_AIC_OFF);
+ pci_word_test_and_set_mask(dev->wmask + pos + PCI_EXP_SLTCTL,
+ PCI_EXP_SLTCTL_PIC |
+ PCI_EXP_SLTCTL_AIC |
+ PCI_EXP_SLTCTL_HPIE |
+ PCI_EXP_SLTCTL_CCIE |
+ PCI_EXP_SLTCTL_PDCE |
+ PCI_EXP_SLTCTL_ABPE);
+ /* Although reading PCI_EXP_SLTCTL_EIC returns always 0,
+ * make the bit writable here in order to detect 1b is written.
+ * pcie_cap_slot_write_config() test-and-clear the bit, so
+ * this bit always returns 0 to the guest.
+ */
+ pci_word_test_and_set_mask(dev->wmask + pos + PCI_EXP_SLTCTL,
+ PCI_EXP_SLTCTL_EIC);
+
+ pci_word_test_and_set_mask(dev->w1cmask + pos + PCI_EXP_SLTSTA,
+ PCI_EXP_HP_EV_SUPPORTED);
+
+ dev->exp.hpev_notified = false;
+
+ pci_bus_hotplug(pci_bridge_get_sec_bus(PCI_BRIDGE(dev)),
+ pcie_cap_slot_hotplug, &dev->qdev);
+}
+
+void pcie_cap_slot_reset(PCIDevice *dev)
+{
+ uint8_t *exp_cap = dev->config + dev->exp.exp_cap;
+
+ PCIE_DEV_PRINTF(dev, "reset\n");
+
+ pci_word_test_and_clear_mask(exp_cap + PCI_EXP_SLTCTL,
+ PCI_EXP_SLTCTL_EIC |
+ PCI_EXP_SLTCTL_PIC |
+ PCI_EXP_SLTCTL_AIC |
+ PCI_EXP_SLTCTL_HPIE |
+ PCI_EXP_SLTCTL_CCIE |
+ PCI_EXP_SLTCTL_PDCE |
+ PCI_EXP_SLTCTL_ABPE);
+ pci_word_test_and_set_mask(exp_cap + PCI_EXP_SLTCTL,
+ PCI_EXP_SLTCTL_PIC_OFF |
+ PCI_EXP_SLTCTL_AIC_OFF);
+
+ pci_word_test_and_clear_mask(exp_cap + PCI_EXP_SLTSTA,
+ PCI_EXP_SLTSTA_EIS |/* on reset,
+ the lock is released */
+ PCI_EXP_SLTSTA_CC |
+ PCI_EXP_SLTSTA_PDC |
+ PCI_EXP_SLTSTA_ABP);
+
+ hotplug_event_update_event_status(dev);
+}
+
+void pcie_cap_slot_write_config(PCIDevice *dev,
+ uint32_t addr, uint32_t val, int len)
+{
+ uint32_t pos = dev->exp.exp_cap;
+ uint8_t *exp_cap = dev->config + pos;
+ uint16_t sltsta = pci_get_word(exp_cap + PCI_EXP_SLTSTA);
+
+ if (ranges_overlap(addr, len, pos + PCI_EXP_SLTSTA, 2)) {
+ hotplug_event_clear(dev);
+ }
+
+ if (!ranges_overlap(addr, len, pos + PCI_EXP_SLTCTL, 2)) {
+ return;
+ }
+
+ if (pci_word_test_and_clear_mask(exp_cap + PCI_EXP_SLTCTL,
+ PCI_EXP_SLTCTL_EIC)) {
+ sltsta ^= PCI_EXP_SLTSTA_EIS; /* toggle PCI_EXP_SLTSTA_EIS bit */
+ pci_set_word(exp_cap + PCI_EXP_SLTSTA, sltsta);
+ PCIE_DEV_PRINTF(dev, "PCI_EXP_SLTCTL_EIC: "
+ "sltsta -> 0x%02"PRIx16"\n",
+ sltsta);
+ }
+
+ hotplug_event_notify(dev);
+
+ /*
+ * 6.7.3.2 Command Completed Events
+ *
+ * Software issues a command to a hot-plug capable Downstream Port by
+ * issuing a write transaction that targets any portion of the Port’s Slot
+ * Control register. A single write to the Slot Control register is
+ * considered to be a single command, even if the write affects more than
+ * one field in the Slot Control register. In response to this transaction,
+ * the Port must carry out the requested actions and then set the
+ * associated status field for the command completed event. */
+
+ /* Real hardware might take a while to complete requested command because
+ * physical movement would be involved like locking the electromechanical
+ * lock. However in our case, command is completed instantaneously above,
+ * so send a command completion event right now.
+ */
+ pcie_cap_slot_event(dev, PCI_EXP_HP_EV_CCI);
+}
+
+int pcie_cap_slot_post_load(void *opaque, int version_id)
+{
+ PCIDevice *dev = opaque;
+ hotplug_event_update_event_status(dev);
+ return 0;
+}
+
+void pcie_cap_slot_push_attention_button(PCIDevice *dev)
+{
+ pcie_cap_slot_event(dev, PCI_EXP_HP_EV_ABP);
+}
+
+/* root control/capabilities/status. PME isn't emulated for now */
+void pcie_cap_root_init(PCIDevice *dev)
+{
+ pci_set_word(dev->wmask + dev->exp.exp_cap + PCI_EXP_RTCTL,
+ PCI_EXP_RTCTL_SECEE | PCI_EXP_RTCTL_SENFEE |
+ PCI_EXP_RTCTL_SEFEE);
+}
+
+void pcie_cap_root_reset(PCIDevice *dev)
+{
+ pci_set_word(dev->config + dev->exp.exp_cap + PCI_EXP_RTCTL, 0);
+}
+
+/* function level reset(FLR) */
+void pcie_cap_flr_init(PCIDevice *dev)
+{
+ pci_long_test_and_set_mask(dev->config + dev->exp.exp_cap + PCI_EXP_DEVCAP,
+ PCI_EXP_DEVCAP_FLR);
+
+ /* Although reading BCR_FLR returns always 0,
+ * the bit is made writable here in order to detect the 1b is written
+ * pcie_cap_flr_write_config() test-and-clear the bit, so
+ * this bit always returns 0 to the guest.
+ */
+ pci_word_test_and_set_mask(dev->wmask + dev->exp.exp_cap + PCI_EXP_DEVCTL,
+ PCI_EXP_DEVCTL_BCR_FLR);
+}
+
+void pcie_cap_flr_write_config(PCIDevice *dev,
+ uint32_t addr, uint32_t val, int len)
+{
+ uint8_t *devctl = dev->config + dev->exp.exp_cap + PCI_EXP_DEVCTL;
+ if (pci_get_word(devctl) & PCI_EXP_DEVCTL_BCR_FLR) {
+ /* Clear PCI_EXP_DEVCTL_BCR_FLR after invoking the reset handler
+ so the handler can detect FLR by looking at this bit. */
+ pci_device_reset(dev);
+ pci_word_test_and_clear_mask(devctl, PCI_EXP_DEVCTL_BCR_FLR);
+ }
+}
+
+/* Alternative Routing-ID Interpretation (ARI) */
+/* ari forwarding support for down stream port */
+void pcie_cap_ari_init(PCIDevice *dev)
+{
+ uint32_t pos = dev->exp.exp_cap;
+ pci_long_test_and_set_mask(dev->config + pos + PCI_EXP_DEVCAP2,
+ PCI_EXP_DEVCAP2_ARI);
+ pci_long_test_and_set_mask(dev->wmask + pos + PCI_EXP_DEVCTL2,
+ PCI_EXP_DEVCTL2_ARI);
+}
+
+void pcie_cap_ari_reset(PCIDevice *dev)
+{
+ uint8_t *devctl2 = dev->config + dev->exp.exp_cap + PCI_EXP_DEVCTL2;
+ pci_long_test_and_clear_mask(devctl2, PCI_EXP_DEVCTL2_ARI);
+}
+
+bool pcie_cap_is_ari_enabled(const PCIDevice *dev)
+{
+ if (!pci_is_express(dev)) {
+ return false;
+ }
+ if (!dev->exp.exp_cap) {
+ return false;
+ }
+
+ return pci_get_long(dev->config + dev->exp.exp_cap + PCI_EXP_DEVCTL2) &
+ PCI_EXP_DEVCTL2_ARI;
+}
+
+/**************************************************************************
+ * pci express extended capability allocation functions
+ * uint16_t ext_cap_id (16 bit)
+ * uint8_t cap_ver (4 bit)
+ * uint16_t cap_offset (12 bit)
+ * uint16_t ext_cap_size
+ */
+
+static uint16_t pcie_find_capability_list(PCIDevice *dev, uint16_t cap_id,
+ uint16_t *prev_p)
+{
+ uint16_t prev = 0;
+ uint16_t next;
+ uint32_t header = pci_get_long(dev->config + PCI_CONFIG_SPACE_SIZE);
+
+ if (!header) {
+ /* no extended capability */
+ next = 0;
+ goto out;
+ }
+ for (next = PCI_CONFIG_SPACE_SIZE; next;
+ prev = next, next = PCI_EXT_CAP_NEXT(header)) {
+
+ assert(next >= PCI_CONFIG_SPACE_SIZE);
+ assert(next <= PCIE_CONFIG_SPACE_SIZE - 8);
+
+ header = pci_get_long(dev->config + next);
+ if (PCI_EXT_CAP_ID(header) == cap_id) {
+ break;
+ }
+ }
+
+out:
+ if (prev_p) {
+ *prev_p = prev;
+ }
+ return next;
+}
+
+uint16_t pcie_find_capability(PCIDevice *dev, uint16_t cap_id)
+{
+ return pcie_find_capability_list(dev, cap_id, NULL);
+}
+
+static void pcie_ext_cap_set_next(PCIDevice *dev, uint16_t pos, uint16_t next)
+{
+ uint32_t header = pci_get_long(dev->config + pos);
+ assert(!(next & (PCI_EXT_CAP_ALIGN - 1)));
+ header = (header & ~PCI_EXT_CAP_NEXT_MASK) |
+ ((next << PCI_EXT_CAP_NEXT_SHIFT) & PCI_EXT_CAP_NEXT_MASK);
+ pci_set_long(dev->config + pos, header);
+}
+
+/*
+ * caller must supply valid (offset, size) * such that the range shouldn't
+ * overlap with other capability or other registers.
+ * This function doesn't check it.
+ */
+void pcie_add_capability(PCIDevice *dev,
+ uint16_t cap_id, uint8_t cap_ver,
+ uint16_t offset, uint16_t size)
+{
+ uint32_t header;
+ uint16_t next;
+
+ assert(offset >= PCI_CONFIG_SPACE_SIZE);
+ assert(offset < offset + size);
+ assert(offset + size < PCIE_CONFIG_SPACE_SIZE);
+ assert(size >= 8);
+ assert(pci_is_express(dev));
+
+ if (offset == PCI_CONFIG_SPACE_SIZE) {
+ header = pci_get_long(dev->config + offset);
+ next = PCI_EXT_CAP_NEXT(header);
+ } else {
+ uint16_t prev;
+
+ /* 0 is reserved cap id. use internally to find the last capability
+ in the linked list */
+ next = pcie_find_capability_list(dev, 0, &prev);
+
+ assert(prev >= PCI_CONFIG_SPACE_SIZE);
+ assert(next == 0);
+ pcie_ext_cap_set_next(dev, prev, offset);
+ }
+ pci_set_long(dev->config + offset, PCI_EXT_CAP(cap_id, cap_ver, next));
+
+ /* Make capability read-only by default */
+ memset(dev->wmask + offset, 0, size);
+ memset(dev->w1cmask + offset, 0, size);
+ /* Check capability by default */
+ memset(dev->cmask + offset, 0xFF, size);
+}
+
+/**************************************************************************
+ * pci express extended capability helper functions
+ */
+
+/* ARI */
+void pcie_ari_init(PCIDevice *dev, uint16_t offset, uint16_t nextfn)
+{
+ pcie_add_capability(dev, PCI_EXT_CAP_ID_ARI, PCI_ARI_VER,
+ offset, PCI_ARI_SIZEOF);
+ pci_set_long(dev->config + offset + PCI_ARI_CAP, PCI_ARI_CAP_NFN(nextfn));
+}
diff --git a/hw/pci/pcie_aer.c b/hw/pci/pcie_aer.c
new file mode 100644
index 000000000..ca762ab09
--- /dev/null
+++ b/hw/pci/pcie_aer.c
@@ -0,0 +1,1031 @@
+/*
+ * pcie_aer.c
+ *
+ * Copyright (c) 2010 Isaku Yamahata <yamahata at valinux co jp>
+ * VA Linux Systems Japan K.K.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "sysemu/sysemu.h"
+#include "qapi/qmp/types.h"
+#include "monitor/monitor.h"
+#include "hw/pci/pci_bridge.h"
+#include "hw/pci/pcie.h"
+#include "hw/pci/msix.h"
+#include "hw/pci/msi.h"
+#include "hw/pci/pci_bus.h"
+#include "hw/pci/pcie_regs.h"
+
+//#define DEBUG_PCIE
+#ifdef DEBUG_PCIE
+# define PCIE_DPRINTF(fmt, ...) \
+ fprintf(stderr, "%s:%d " fmt, __func__, __LINE__, ## __VA_ARGS__)
+#else
+# define PCIE_DPRINTF(fmt, ...) do {} while (0)
+#endif
+#define PCIE_DEV_PRINTF(dev, fmt, ...) \
+ PCIE_DPRINTF("%s:%x "fmt, (dev)->name, (dev)->devfn, ## __VA_ARGS__)
+
+#define PCI_ERR_SRC_COR_OFFS 0
+#define PCI_ERR_SRC_UNCOR_OFFS 2
+
+/* From 6.2.7 Error Listing and Rules. Table 6-2, 6-3 and 6-4 */
+static uint32_t pcie_aer_uncor_default_severity(uint32_t status)
+{
+ switch (status) {
+ case PCI_ERR_UNC_INTN:
+ case PCI_ERR_UNC_DLP:
+ case PCI_ERR_UNC_SDN:
+ case PCI_ERR_UNC_RX_OVER:
+ case PCI_ERR_UNC_FCP:
+ case PCI_ERR_UNC_MALF_TLP:
+ return PCI_ERR_ROOT_CMD_FATAL_EN;
+ case PCI_ERR_UNC_POISON_TLP:
+ case PCI_ERR_UNC_ECRC:
+ case PCI_ERR_UNC_UNSUP:
+ case PCI_ERR_UNC_COMP_TIME:
+ case PCI_ERR_UNC_COMP_ABORT:
+ case PCI_ERR_UNC_UNX_COMP:
+ case PCI_ERR_UNC_ACSV:
+ case PCI_ERR_UNC_MCBTLP:
+ case PCI_ERR_UNC_ATOP_EBLOCKED:
+ case PCI_ERR_UNC_TLP_PRF_BLOCKED:
+ return PCI_ERR_ROOT_CMD_NONFATAL_EN;
+ default:
+ abort();
+ break;
+ }
+ return PCI_ERR_ROOT_CMD_FATAL_EN;
+}
+
+static int aer_log_add_err(PCIEAERLog *aer_log, const PCIEAERErr *err)
+{
+ if (aer_log->log_num == aer_log->log_max) {
+ return -1;
+ }
+ memcpy(&aer_log->log[aer_log->log_num], err, sizeof *err);
+ aer_log->log_num++;
+ return 0;
+}
+
+static void aer_log_del_err(PCIEAERLog *aer_log, PCIEAERErr *err)
+{
+ assert(aer_log->log_num);
+ *err = aer_log->log[0];
+ aer_log->log_num--;
+ memmove(&aer_log->log[0], &aer_log->log[1],
+ aer_log->log_num * sizeof *err);
+}
+
+static void aer_log_clear_all_err(PCIEAERLog *aer_log)
+{
+ aer_log->log_num = 0;
+}
+
+int pcie_aer_init(PCIDevice *dev, uint16_t offset)
+{
+ PCIExpressDevice *exp;
+
+ pcie_add_capability(dev, PCI_EXT_CAP_ID_ERR, PCI_ERR_VER,
+ offset, PCI_ERR_SIZEOF);
+ exp = &dev->exp;
+ exp->aer_cap = offset;
+
+ /* log_max is property */
+ if (dev->exp.aer_log.log_max == PCIE_AER_LOG_MAX_UNSET) {
+ dev->exp.aer_log.log_max = PCIE_AER_LOG_MAX_DEFAULT;
+ }
+ /* clip down the value to avoid unreasobale memory usage */
+ if (dev->exp.aer_log.log_max > PCIE_AER_LOG_MAX_LIMIT) {
+ return -EINVAL;
+ }
+ dev->exp.aer_log.log = g_malloc0(sizeof dev->exp.aer_log.log[0] *
+ dev->exp.aer_log.log_max);
+
+ pci_set_long(dev->w1cmask + offset + PCI_ERR_UNCOR_STATUS,
+ PCI_ERR_UNC_SUPPORTED);
+
+ pci_set_long(dev->config + offset + PCI_ERR_UNCOR_SEVER,
+ PCI_ERR_UNC_SEVERITY_DEFAULT);
+ pci_set_long(dev->wmask + offset + PCI_ERR_UNCOR_SEVER,
+ PCI_ERR_UNC_SUPPORTED);
+
+ pci_long_test_and_set_mask(dev->w1cmask + offset + PCI_ERR_COR_STATUS,
+ PCI_ERR_COR_STATUS);
+
+ pci_set_long(dev->config + offset + PCI_ERR_COR_MASK,
+ PCI_ERR_COR_MASK_DEFAULT);
+ pci_set_long(dev->wmask + offset + PCI_ERR_COR_MASK,
+ PCI_ERR_COR_SUPPORTED);
+
+ /* capabilities and control. multiple header logging is supported */
+ if (dev->exp.aer_log.log_max > 0) {
+ pci_set_long(dev->config + offset + PCI_ERR_CAP,
+ PCI_ERR_CAP_ECRC_GENC | PCI_ERR_CAP_ECRC_CHKC |
+ PCI_ERR_CAP_MHRC);
+ pci_set_long(dev->wmask + offset + PCI_ERR_CAP,
+ PCI_ERR_CAP_ECRC_GENE | PCI_ERR_CAP_ECRC_CHKE |
+ PCI_ERR_CAP_MHRE);
+ } else {
+ pci_set_long(dev->config + offset + PCI_ERR_CAP,
+ PCI_ERR_CAP_ECRC_GENC | PCI_ERR_CAP_ECRC_CHKC);
+ pci_set_long(dev->wmask + offset + PCI_ERR_CAP,
+ PCI_ERR_CAP_ECRC_GENE | PCI_ERR_CAP_ECRC_CHKE);
+ }
+
+ switch (pcie_cap_get_type(dev)) {
+ case PCI_EXP_TYPE_ROOT_PORT:
+ /* this case will be set by pcie_aer_root_init() */
+ /* fallthrough */
+ case PCI_EXP_TYPE_DOWNSTREAM:
+ case PCI_EXP_TYPE_UPSTREAM:
+ pci_word_test_and_set_mask(dev->wmask + PCI_BRIDGE_CONTROL,
+ PCI_BRIDGE_CTL_SERR);
+ pci_long_test_and_set_mask(dev->w1cmask + PCI_STATUS,
+ PCI_SEC_STATUS_RCV_SYSTEM_ERROR);
+ break;
+ default:
+ /* nothing */
+ break;
+ }
+ return 0;
+}
+
+void pcie_aer_exit(PCIDevice *dev)
+{
+ g_free(dev->exp.aer_log.log);
+}
+
+static void pcie_aer_update_uncor_status(PCIDevice *dev)
+{
+ uint8_t *aer_cap = dev->config + dev->exp.aer_cap;
+ PCIEAERLog *aer_log = &dev->exp.aer_log;
+
+ uint16_t i;
+ for (i = 0; i < aer_log->log_num; i++) {
+ pci_long_test_and_set_mask(aer_cap + PCI_ERR_UNCOR_STATUS,
+ dev->exp.aer_log.log[i].status);
+ }
+}
+
+/*
+ * return value:
+ * true: error message needs to be sent up
+ * false: error message is masked
+ *
+ * 6.2.6 Error Message Control
+ * Figure 6-3
+ * all pci express devices part
+ */
+static bool
+pcie_aer_msg_alldev(PCIDevice *dev, const PCIEAERMsg *msg)
+{
+ if (!(pcie_aer_msg_is_uncor(msg) &&
+ (pci_get_word(dev->config + PCI_COMMAND) & PCI_COMMAND_SERR))) {
+ return false;
+ }
+
+ /* Signaled System Error
+ *
+ * 7.5.1.1 Command register
+ * Bit 8 SERR# Enable
+ *
+ * When Set, this bit enables reporting of Non-fatal and Fatal
+ * errors detected by the Function to the Root Complex. Note that
+ * errors are reported if enabled either through this bit or through
+ * the PCI Express specific bits in the Device Control register (see
+ * Section 7.8.4).
+ */
+ pci_word_test_and_set_mask(dev->config + PCI_STATUS,
+ PCI_STATUS_SIG_SYSTEM_ERROR);
+
+ if (!(msg->severity &
+ pci_get_word(dev->config + dev->exp.exp_cap + PCI_EXP_DEVCTL))) {
+ return false;
+ }
+
+ /* send up error message */
+ return true;
+}
+
+/*
+ * return value:
+ * true: error message is sent up
+ * false: error message is masked
+ *
+ * 6.2.6 Error Message Control
+ * Figure 6-3
+ * virtual pci bridge part
+ */
+static bool pcie_aer_msg_vbridge(PCIDevice *dev, const PCIEAERMsg *msg)
+{
+ uint16_t bridge_control = pci_get_word(dev->config + PCI_BRIDGE_CONTROL);
+
+ if (pcie_aer_msg_is_uncor(msg)) {
+ /* Received System Error */
+ pci_word_test_and_set_mask(dev->config + PCI_SEC_STATUS,
+ PCI_SEC_STATUS_RCV_SYSTEM_ERROR);
+ }
+
+ if (!(bridge_control & PCI_BRIDGE_CTL_SERR)) {
+ return false;
+ }
+ return true;
+}
+
+void pcie_aer_root_set_vector(PCIDevice *dev, unsigned int vector)
+{
+ uint8_t *aer_cap = dev->config + dev->exp.aer_cap;
+ assert(vector < PCI_ERR_ROOT_IRQ_MAX);
+ pci_long_test_and_clear_mask(aer_cap + PCI_ERR_ROOT_STATUS,
+ PCI_ERR_ROOT_IRQ);
+ pci_long_test_and_set_mask(aer_cap + PCI_ERR_ROOT_STATUS,
+ vector << PCI_ERR_ROOT_IRQ_SHIFT);
+}
+
+static unsigned int pcie_aer_root_get_vector(PCIDevice *dev)
+{
+ uint8_t *aer_cap = dev->config + dev->exp.aer_cap;
+ uint32_t root_status = pci_get_long(aer_cap + PCI_ERR_ROOT_STATUS);
+ return (root_status & PCI_ERR_ROOT_IRQ) >> PCI_ERR_ROOT_IRQ_SHIFT;
+}
+
+/* Given a status register, get corresponding bits in the command register */
+static uint32_t pcie_aer_status_to_cmd(uint32_t status)
+{
+ uint32_t cmd = 0;
+ if (status & PCI_ERR_ROOT_COR_RCV) {
+ cmd |= PCI_ERR_ROOT_CMD_COR_EN;
+ }
+ if (status & PCI_ERR_ROOT_NONFATAL_RCV) {
+ cmd |= PCI_ERR_ROOT_CMD_NONFATAL_EN;
+ }
+ if (status & PCI_ERR_ROOT_FATAL_RCV) {
+ cmd |= PCI_ERR_ROOT_CMD_FATAL_EN;
+ }
+ return cmd;
+}
+
+static void pcie_aer_root_notify(PCIDevice *dev)
+{
+ if (msix_enabled(dev)) {
+ msix_notify(dev, pcie_aer_root_get_vector(dev));
+ } else if (msi_enabled(dev)) {
+ msi_notify(dev, pcie_aer_root_get_vector(dev));
+ } else {
+ qemu_set_irq(dev->irq[dev->exp.aer_intx], 1);
+ }
+}
+
+/*
+ * 6.2.6 Error Message Control
+ * Figure 6-3
+ * root port part
+ */
+static void pcie_aer_msg_root_port(PCIDevice *dev, const PCIEAERMsg *msg)
+{
+ uint16_t cmd;
+ uint8_t *aer_cap;
+ uint32_t root_cmd;
+ uint32_t root_status, prev_status;
+
+ cmd = pci_get_word(dev->config + PCI_COMMAND);
+ aer_cap = dev->config + dev->exp.aer_cap;
+ root_cmd = pci_get_long(aer_cap + PCI_ERR_ROOT_COMMAND);
+ prev_status = root_status = pci_get_long(aer_cap + PCI_ERR_ROOT_STATUS);
+
+ if (cmd & PCI_COMMAND_SERR) {
+ /* System Error.
+ *
+ * The way to report System Error is platform specific and
+ * it isn't implemented in qemu right now.
+ * So just discard the error for now.
+ * OS which cares of aer would receive errors via
+ * native aer mechanims, so this wouldn't matter.
+ */
+ }
+
+ /* Errro Message Received: Root Error Status register */
+ switch (msg->severity) {
+ case PCI_ERR_ROOT_CMD_COR_EN:
+ if (root_status & PCI_ERR_ROOT_COR_RCV) {
+ root_status |= PCI_ERR_ROOT_MULTI_COR_RCV;
+ } else {
+ pci_set_word(aer_cap + PCI_ERR_ROOT_ERR_SRC + PCI_ERR_SRC_COR_OFFS,
+ msg->source_id);
+ }
+ root_status |= PCI_ERR_ROOT_COR_RCV;
+ break;
+ case PCI_ERR_ROOT_CMD_NONFATAL_EN:
+ root_status |= PCI_ERR_ROOT_NONFATAL_RCV;
+ break;
+ case PCI_ERR_ROOT_CMD_FATAL_EN:
+ if (!(root_status & PCI_ERR_ROOT_UNCOR_RCV)) {
+ root_status |= PCI_ERR_ROOT_FIRST_FATAL;
+ }
+ root_status |= PCI_ERR_ROOT_FATAL_RCV;
+ break;
+ default:
+ abort();
+ break;
+ }
+ if (pcie_aer_msg_is_uncor(msg)) {
+ if (root_status & PCI_ERR_ROOT_UNCOR_RCV) {
+ root_status |= PCI_ERR_ROOT_MULTI_UNCOR_RCV;
+ } else {
+ pci_set_word(aer_cap + PCI_ERR_ROOT_ERR_SRC +
+ PCI_ERR_SRC_UNCOR_OFFS, msg->source_id);
+ }
+ root_status |= PCI_ERR_ROOT_UNCOR_RCV;
+ }
+ pci_set_long(aer_cap + PCI_ERR_ROOT_STATUS, root_status);
+
+ /* 6.2.4.1.2 Interrupt Generation */
+ /* All the above did was set some bits in the status register.
+ * Specifically these that match message severity.
+ * The below code relies on this fact. */
+ if (!(root_cmd & msg->severity) ||
+ (pcie_aer_status_to_cmd(prev_status) & root_cmd)) {
+ /* Condition is not being set or was already true so nothing to do. */
+ return;
+ }
+
+ pcie_aer_root_notify(dev);
+}
+
+/*
+ * 6.2.6 Error Message Control Figure 6-3
+ *
+ * Walk up the bus tree from the device, propagate the error message.
+ */
+static void pcie_aer_msg(PCIDevice *dev, const PCIEAERMsg *msg)
+{
+ uint8_t type;
+
+ while (dev) {
+ if (!pci_is_express(dev)) {
+ /* just ignore it */
+ /* TODO: Shouldn't we set PCI_STATUS_SIG_SYSTEM_ERROR?
+ * Consider e.g. a PCI bridge above a PCI Express device. */
+ return;
+ }
+
+ type = pcie_cap_get_type(dev);
+ if ((type == PCI_EXP_TYPE_ROOT_PORT ||
+ type == PCI_EXP_TYPE_UPSTREAM ||
+ type == PCI_EXP_TYPE_DOWNSTREAM) &&
+ !pcie_aer_msg_vbridge(dev, msg)) {
+ return;
+ }
+ if (!pcie_aer_msg_alldev(dev, msg)) {
+ return;
+ }
+ if (type == PCI_EXP_TYPE_ROOT_PORT) {
+ pcie_aer_msg_root_port(dev, msg);
+ /* Root port can notify system itself,
+ or send the error message to root complex event collector. */
+ /*
+ * if root port is associated with an event collector,
+ * return the root complex event collector here.
+ * For now root complex event collector isn't supported.
+ */
+ return;
+ }
+ dev = pci_bridge_get_device(dev->bus);
+ }
+}
+
+static void pcie_aer_update_log(PCIDevice *dev, const PCIEAERErr *err)
+{
+ uint8_t *aer_cap = dev->config + dev->exp.aer_cap;
+ uint8_t first_bit = ffs(err->status) - 1;
+ uint32_t errcap = pci_get_long(aer_cap + PCI_ERR_CAP);
+ int i;
+
+ assert(err->status);
+ assert(!(err->status & (err->status - 1)));
+
+ errcap &= ~(PCI_ERR_CAP_FEP_MASK | PCI_ERR_CAP_TLP);
+ errcap |= PCI_ERR_CAP_FEP(first_bit);
+
+ if (err->flags & PCIE_AER_ERR_HEADER_VALID) {
+ for (i = 0; i < ARRAY_SIZE(err->header); ++i) {
+ /* 7.10.8 Header Log Register */
+ uint8_t *header_log =
+ aer_cap + PCI_ERR_HEADER_LOG + i * sizeof err->header[0];
+ cpu_to_be32wu((uint32_t*)header_log, err->header[i]);
+ }
+ } else {
+ assert(!(err->flags & PCIE_AER_ERR_TLP_PREFIX_PRESENT));
+ memset(aer_cap + PCI_ERR_HEADER_LOG, 0, PCI_ERR_HEADER_LOG_SIZE);
+ }
+
+ if ((err->flags & PCIE_AER_ERR_TLP_PREFIX_PRESENT) &&
+ (pci_get_long(dev->config + dev->exp.exp_cap + PCI_EXP_DEVCTL2) &
+ PCI_EXP_DEVCAP2_EETLPP)) {
+ for (i = 0; i < ARRAY_SIZE(err->prefix); ++i) {
+ /* 7.10.12 tlp prefix log register */
+ uint8_t *prefix_log =
+ aer_cap + PCI_ERR_TLP_PREFIX_LOG + i * sizeof err->prefix[0];
+ cpu_to_be32wu((uint32_t*)prefix_log, err->prefix[i]);
+ }
+ errcap |= PCI_ERR_CAP_TLP;
+ } else {
+ memset(aer_cap + PCI_ERR_TLP_PREFIX_LOG, 0,
+ PCI_ERR_TLP_PREFIX_LOG_SIZE);
+ }
+ pci_set_long(aer_cap + PCI_ERR_CAP, errcap);
+}
+
+static void pcie_aer_clear_log(PCIDevice *dev)
+{
+ uint8_t *aer_cap = dev->config + dev->exp.aer_cap;
+
+ pci_long_test_and_clear_mask(aer_cap + PCI_ERR_CAP,
+ PCI_ERR_CAP_FEP_MASK | PCI_ERR_CAP_TLP);
+
+ memset(aer_cap + PCI_ERR_HEADER_LOG, 0, PCI_ERR_HEADER_LOG_SIZE);
+ memset(aer_cap + PCI_ERR_TLP_PREFIX_LOG, 0, PCI_ERR_TLP_PREFIX_LOG_SIZE);
+}
+
+static void pcie_aer_clear_error(PCIDevice *dev)
+{
+ uint8_t *aer_cap = dev->config + dev->exp.aer_cap;
+ uint32_t errcap = pci_get_long(aer_cap + PCI_ERR_CAP);
+ PCIEAERLog *aer_log = &dev->exp.aer_log;
+ PCIEAERErr err;
+
+ if (!(errcap & PCI_ERR_CAP_MHRE) || !aer_log->log_num) {
+ pcie_aer_clear_log(dev);
+ return;
+ }
+
+ /*
+ * If more errors are queued, set corresponding bits in uncorrectable
+ * error status.
+ * We emulate uncorrectable error status register as W1CS.
+ * So set bit in uncorrectable error status here again for multiple
+ * error recording support.
+ *
+ * 6.2.4.2 Multiple Error Handling(Advanced Error Reporting Capability)
+ */
+ pcie_aer_update_uncor_status(dev);
+
+ aer_log_del_err(aer_log, &err);
+ pcie_aer_update_log(dev, &err);
+}
+
+static int pcie_aer_record_error(PCIDevice *dev,
+ const PCIEAERErr *err)
+{
+ uint8_t *aer_cap = dev->config + dev->exp.aer_cap;
+ uint32_t errcap = pci_get_long(aer_cap + PCI_ERR_CAP);
+ int fep = PCI_ERR_CAP_FEP(errcap);
+
+ assert(err->status);
+ assert(!(err->status & (err->status - 1)));
+
+ if (errcap & PCI_ERR_CAP_MHRE &&
+ (pci_get_long(aer_cap + PCI_ERR_UNCOR_STATUS) & (1U << fep))) {
+ /* Not first error. queue error */
+ if (aer_log_add_err(&dev->exp.aer_log, err) < 0) {
+ /* overflow */
+ return -1;
+ }
+ return 0;
+ }
+
+ pcie_aer_update_log(dev, err);
+ return 0;
+}
+
+typedef struct PCIEAERInject {
+ PCIDevice *dev;
+ uint8_t *aer_cap;
+ const PCIEAERErr *err;
+ uint16_t devctl;
+ uint16_t devsta;
+ uint32_t error_status;
+ bool unsupported_request;
+ bool log_overflow;
+ PCIEAERMsg msg;
+} PCIEAERInject;
+
+static bool pcie_aer_inject_cor_error(PCIEAERInject *inj,
+ uint32_t uncor_status,
+ bool is_advisory_nonfatal)
+{
+ PCIDevice *dev = inj->dev;
+
+ inj->devsta |= PCI_EXP_DEVSTA_CED;
+ if (inj->unsupported_request) {
+ inj->devsta |= PCI_EXP_DEVSTA_URD;
+ }
+ pci_set_word(dev->config + dev->exp.exp_cap + PCI_EXP_DEVSTA, inj->devsta);
+
+ if (inj->aer_cap) {
+ uint32_t mask;
+ pci_long_test_and_set_mask(inj->aer_cap + PCI_ERR_COR_STATUS,
+ inj->error_status);
+ mask = pci_get_long(inj->aer_cap + PCI_ERR_COR_MASK);
+ if (mask & inj->error_status) {
+ return false;
+ }
+ if (is_advisory_nonfatal) {
+ uint32_t uncor_mask =
+ pci_get_long(inj->aer_cap + PCI_ERR_UNCOR_MASK);
+ if (!(uncor_mask & uncor_status)) {
+ inj->log_overflow = !!pcie_aer_record_error(dev, inj->err);
+ }
+ pci_long_test_and_set_mask(inj->aer_cap + PCI_ERR_UNCOR_STATUS,
+ uncor_status);
+ }
+ }
+
+ if (inj->unsupported_request && !(inj->devctl & PCI_EXP_DEVCTL_URRE)) {
+ return false;
+ }
+ if (!(inj->devctl & PCI_EXP_DEVCTL_CERE)) {
+ return false;
+ }
+
+ inj->msg.severity = PCI_ERR_ROOT_CMD_COR_EN;
+ return true;
+}
+
+static bool pcie_aer_inject_uncor_error(PCIEAERInject *inj, bool is_fatal)
+{
+ PCIDevice *dev = inj->dev;
+ uint16_t cmd;
+
+ if (is_fatal) {
+ inj->devsta |= PCI_EXP_DEVSTA_FED;
+ } else {
+ inj->devsta |= PCI_EXP_DEVSTA_NFED;
+ }
+ if (inj->unsupported_request) {
+ inj->devsta |= PCI_EXP_DEVSTA_URD;
+ }
+ pci_set_long(dev->config + dev->exp.exp_cap + PCI_EXP_DEVSTA, inj->devsta);
+
+ if (inj->aer_cap) {
+ uint32_t mask = pci_get_long(inj->aer_cap + PCI_ERR_UNCOR_MASK);
+ if (mask & inj->error_status) {
+ pci_long_test_and_set_mask(inj->aer_cap + PCI_ERR_UNCOR_STATUS,
+ inj->error_status);
+ return false;
+ }
+
+ inj->log_overflow = !!pcie_aer_record_error(dev, inj->err);
+ pci_long_test_and_set_mask(inj->aer_cap + PCI_ERR_UNCOR_STATUS,
+ inj->error_status);
+ }
+
+ cmd = pci_get_word(dev->config + PCI_COMMAND);
+ if (inj->unsupported_request &&
+ !(inj->devctl & PCI_EXP_DEVCTL_URRE) && !(cmd & PCI_COMMAND_SERR)) {
+ return false;
+ }
+ if (is_fatal) {
+ if (!((cmd & PCI_COMMAND_SERR) ||
+ (inj->devctl & PCI_EXP_DEVCTL_FERE))) {
+ return false;
+ }
+ inj->msg.severity = PCI_ERR_ROOT_CMD_FATAL_EN;
+ } else {
+ if (!((cmd & PCI_COMMAND_SERR) ||
+ (inj->devctl & PCI_EXP_DEVCTL_NFERE))) {
+ return false;
+ }
+ inj->msg.severity = PCI_ERR_ROOT_CMD_NONFATAL_EN;
+ }
+ return true;
+}
+
+/*
+ * non-Function specific error must be recorded in all functions.
+ * It is the responsibility of the caller of this function.
+ * It is also caller's responsibility to determine which function should
+ * report the rerror.
+ *
+ * 6.2.4 Error Logging
+ * 6.2.5 Sqeunce of Device Error Signaling and Logging Operations
+ * table 6-2: Flowchard Showing Sequence of Device Error Signaling and Logging
+ * Operations
+ */
+int pcie_aer_inject_error(PCIDevice *dev, const PCIEAERErr *err)
+{
+ uint8_t *aer_cap = NULL;
+ uint16_t devctl = 0;
+ uint16_t devsta = 0;
+ uint32_t error_status = err->status;
+ PCIEAERInject inj;
+
+ if (!pci_is_express(dev)) {
+ return -ENOSYS;
+ }
+
+ if (err->flags & PCIE_AER_ERR_IS_CORRECTABLE) {
+ error_status &= PCI_ERR_COR_SUPPORTED;
+ } else {
+ error_status &= PCI_ERR_UNC_SUPPORTED;
+ }
+
+ /* invalid status bit. one and only one bit must be set */
+ if (!error_status || (error_status & (error_status - 1))) {
+ return -EINVAL;
+ }
+
+ if (dev->exp.aer_cap) {
+ uint8_t *exp_cap = dev->config + dev->exp.exp_cap;
+ aer_cap = dev->config + dev->exp.aer_cap;
+ devctl = pci_get_long(exp_cap + PCI_EXP_DEVCTL);
+ devsta = pci_get_long(exp_cap + PCI_EXP_DEVSTA);
+ }
+
+ inj.dev = dev;
+ inj.aer_cap = aer_cap;
+ inj.err = err;
+ inj.devctl = devctl;
+ inj.devsta = devsta;
+ inj.error_status = error_status;
+ inj.unsupported_request = !(err->flags & PCIE_AER_ERR_IS_CORRECTABLE) &&
+ err->status == PCI_ERR_UNC_UNSUP;
+ inj.log_overflow = false;
+
+ if (err->flags & PCIE_AER_ERR_IS_CORRECTABLE) {
+ if (!pcie_aer_inject_cor_error(&inj, 0, false)) {
+ return 0;
+ }
+ } else {
+ bool is_fatal =
+ pcie_aer_uncor_default_severity(error_status) ==
+ PCI_ERR_ROOT_CMD_FATAL_EN;
+ if (aer_cap) {
+ is_fatal =
+ error_status & pci_get_long(aer_cap + PCI_ERR_UNCOR_SEVER);
+ }
+ if (!is_fatal && (err->flags & PCIE_AER_ERR_MAYBE_ADVISORY)) {
+ inj.error_status = PCI_ERR_COR_ADV_NONFATAL;
+ if (!pcie_aer_inject_cor_error(&inj, error_status, true)) {
+ return 0;
+ }
+ } else {
+ if (!pcie_aer_inject_uncor_error(&inj, is_fatal)) {
+ return 0;
+ }
+ }
+ }
+
+ /* send up error message */
+ inj.msg.source_id = err->source_id;
+ pcie_aer_msg(dev, &inj.msg);
+
+ if (inj.log_overflow) {
+ PCIEAERErr header_log_overflow = {
+ .status = PCI_ERR_COR_HL_OVERFLOW,
+ .flags = PCIE_AER_ERR_IS_CORRECTABLE,
+ };
+ int ret = pcie_aer_inject_error(dev, &header_log_overflow);
+ assert(!ret);
+ }
+ return 0;
+}
+
+void pcie_aer_write_config(PCIDevice *dev,
+ uint32_t addr, uint32_t val, int len)
+{
+ uint8_t *aer_cap = dev->config + dev->exp.aer_cap;
+ uint32_t errcap = pci_get_long(aer_cap + PCI_ERR_CAP);
+ uint32_t first_error = 1U << PCI_ERR_CAP_FEP(errcap);
+ uint32_t uncorsta = pci_get_long(aer_cap + PCI_ERR_UNCOR_STATUS);
+
+ /* uncorrectable error */
+ if (!(uncorsta & first_error)) {
+ /* the bit that corresponds to the first error is cleared */
+ pcie_aer_clear_error(dev);
+ } else if (errcap & PCI_ERR_CAP_MHRE) {
+ /* When PCI_ERR_CAP_MHRE is enabled and the first error isn't cleared
+ * nothing should happen. So we have to revert the modification to
+ * the register.
+ */
+ pcie_aer_update_uncor_status(dev);
+ } else {
+ /* capability & control
+ * PCI_ERR_CAP_MHRE might be cleared, so clear of header log.
+ */
+ aer_log_clear_all_err(&dev->exp.aer_log);
+ }
+}
+
+void pcie_aer_root_init(PCIDevice *dev)
+{
+ uint16_t pos = dev->exp.aer_cap;
+
+ pci_set_long(dev->wmask + pos + PCI_ERR_ROOT_COMMAND,
+ PCI_ERR_ROOT_CMD_EN_MASK);
+ pci_set_long(dev->w1cmask + pos + PCI_ERR_ROOT_STATUS,
+ PCI_ERR_ROOT_STATUS_REPORT_MASK);
+ /* PCI_ERR_ROOT_IRQ is RO but devices change it using a
+ * device-specific method.
+ */
+ pci_set_long(dev->cmask + pos + PCI_ERR_ROOT_STATUS,
+ ~PCI_ERR_ROOT_IRQ);
+}
+
+void pcie_aer_root_reset(PCIDevice *dev)
+{
+ uint8_t* aer_cap = dev->config + dev->exp.aer_cap;
+
+ pci_set_long(aer_cap + PCI_ERR_ROOT_COMMAND, 0);
+
+ /*
+ * Advanced Error Interrupt Message Number in Root Error Status Register
+ * must be updated by chip dependent code because it's chip dependent
+ * which number is used.
+ */
+}
+
+void pcie_aer_root_write_config(PCIDevice *dev,
+ uint32_t addr, uint32_t val, int len,
+ uint32_t root_cmd_prev)
+{
+ uint8_t *aer_cap = dev->config + dev->exp.aer_cap;
+ uint32_t root_status = pci_get_long(aer_cap + PCI_ERR_ROOT_STATUS);
+ uint32_t enabled_cmd = pcie_aer_status_to_cmd(root_status);
+ uint32_t root_cmd = pci_get_long(aer_cap + PCI_ERR_ROOT_COMMAND);
+ /* 6.2.4.1.2 Interrupt Generation */
+ if (!msix_enabled(dev) && !msi_enabled(dev)) {
+ qemu_set_irq(dev->irq[dev->exp.aer_intx], !!(root_cmd & enabled_cmd));
+ return;
+ }
+
+ if ((root_cmd_prev & enabled_cmd) || !(root_cmd & enabled_cmd)) {
+ /* Send MSI on transition from false to true. */
+ return;
+ }
+
+ pcie_aer_root_notify(dev);
+}
+
+static const VMStateDescription vmstate_pcie_aer_err = {
+ .name = "PCIE_AER_ERROR",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .minimum_version_id_old = 1,
+ .fields = (VMStateField[]) {
+ VMSTATE_UINT32(status, PCIEAERErr),
+ VMSTATE_UINT16(source_id, PCIEAERErr),
+ VMSTATE_UINT16(flags, PCIEAERErr),
+ VMSTATE_UINT32_ARRAY(header, PCIEAERErr, 4),
+ VMSTATE_UINT32_ARRAY(prefix, PCIEAERErr, 4),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+const VMStateDescription vmstate_pcie_aer_log = {
+ .name = "PCIE_AER_ERROR_LOG",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .minimum_version_id_old = 1,
+ .fields = (VMStateField[]) {
+ VMSTATE_UINT16(log_num, PCIEAERLog),
+ VMSTATE_UINT16(log_max, PCIEAERLog),
+ VMSTATE_STRUCT_VARRAY_POINTER_UINT16(log, PCIEAERLog, log_num,
+ vmstate_pcie_aer_err, PCIEAERErr),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+void pcie_aer_inject_error_print(Monitor *mon, const QObject *data)
+{
+ QDict *qdict;
+ int devfn;
+ assert(qobject_type(data) == QTYPE_QDICT);
+ qdict = qobject_to_qdict(data);
+
+ devfn = (int)qdict_get_int(qdict, "devfn");
+ monitor_printf(mon, "OK id: %s root bus: %s, bus: %x devfn: %x.%x\n",
+ qdict_get_str(qdict, "id"),
+ qdict_get_str(qdict, "root_bus"),
+ (int) qdict_get_int(qdict, "bus"),
+ PCI_SLOT(devfn), PCI_FUNC(devfn));
+}
+
+typedef struct PCIEAERErrorName {
+ const char *name;
+ uint32_t val;
+ bool correctable;
+} PCIEAERErrorName;
+
+/*
+ * AER error name -> value conversion table
+ * This naming scheme is same to linux aer-injection tool.
+ */
+static const struct PCIEAERErrorName pcie_aer_error_list[] = {
+ {
+ .name = "TRAIN",
+ .val = PCI_ERR_UNC_TRAIN,
+ .correctable = false,
+ }, {
+ .name = "DLP",
+ .val = PCI_ERR_UNC_DLP,
+ .correctable = false,
+ }, {
+ .name = "SDN",
+ .val = PCI_ERR_UNC_SDN,
+ .correctable = false,
+ }, {
+ .name = "POISON_TLP",
+ .val = PCI_ERR_UNC_POISON_TLP,
+ .correctable = false,
+ }, {
+ .name = "FCP",
+ .val = PCI_ERR_UNC_FCP,
+ .correctable = false,
+ }, {
+ .name = "COMP_TIME",
+ .val = PCI_ERR_UNC_COMP_TIME,
+ .correctable = false,
+ }, {
+ .name = "COMP_ABORT",
+ .val = PCI_ERR_UNC_COMP_ABORT,
+ .correctable = false,
+ }, {
+ .name = "UNX_COMP",
+ .val = PCI_ERR_UNC_UNX_COMP,
+ .correctable = false,
+ }, {
+ .name = "RX_OVER",
+ .val = PCI_ERR_UNC_RX_OVER,
+ .correctable = false,
+ }, {
+ .name = "MALF_TLP",
+ .val = PCI_ERR_UNC_MALF_TLP,
+ .correctable = false,
+ }, {
+ .name = "ECRC",
+ .val = PCI_ERR_UNC_ECRC,
+ .correctable = false,
+ }, {
+ .name = "UNSUP",
+ .val = PCI_ERR_UNC_UNSUP,
+ .correctable = false,
+ }, {
+ .name = "ACSV",
+ .val = PCI_ERR_UNC_ACSV,
+ .correctable = false,
+ }, {
+ .name = "INTN",
+ .val = PCI_ERR_UNC_INTN,
+ .correctable = false,
+ }, {
+ .name = "MCBTLP",
+ .val = PCI_ERR_UNC_MCBTLP,
+ .correctable = false,
+ }, {
+ .name = "ATOP_EBLOCKED",
+ .val = PCI_ERR_UNC_ATOP_EBLOCKED,
+ .correctable = false,
+ }, {
+ .name = "TLP_PRF_BLOCKED",
+ .val = PCI_ERR_UNC_TLP_PRF_BLOCKED,
+ .correctable = false,
+ }, {
+ .name = "RCVR",
+ .val = PCI_ERR_COR_RCVR,
+ .correctable = true,
+ }, {
+ .name = "BAD_TLP",
+ .val = PCI_ERR_COR_BAD_TLP,
+ .correctable = true,
+ }, {
+ .name = "BAD_DLLP",
+ .val = PCI_ERR_COR_BAD_DLLP,
+ .correctable = true,
+ }, {
+ .name = "REP_ROLL",
+ .val = PCI_ERR_COR_REP_ROLL,
+ .correctable = true,
+ }, {
+ .name = "REP_TIMER",
+ .val = PCI_ERR_COR_REP_TIMER,
+ .correctable = true,
+ }, {
+ .name = "ADV_NONFATAL",
+ .val = PCI_ERR_COR_ADV_NONFATAL,
+ .correctable = true,
+ }, {
+ .name = "INTERNAL",
+ .val = PCI_ERR_COR_INTERNAL,
+ .correctable = true,
+ }, {
+ .name = "HL_OVERFLOW",
+ .val = PCI_ERR_COR_HL_OVERFLOW,
+ .correctable = true,
+ },
+};
+
+static int pcie_aer_parse_error_string(const char *error_name,
+ uint32_t *status, bool *correctable)
+{
+ int i;
+
+ for (i = 0; i < ARRAY_SIZE(pcie_aer_error_list); i++) {
+ const PCIEAERErrorName *e = &pcie_aer_error_list[i];
+ if (strcmp(error_name, e->name)) {
+ continue;
+ }
+
+ *status = e->val;
+ *correctable = e->correctable;
+ return 0;
+ }
+ return -EINVAL;
+}
+
+int do_pcie_aer_inject_error(Monitor *mon,
+ const QDict *qdict, QObject **ret_data)
+{
+ const char *id = qdict_get_str(qdict, "id");
+ const char *error_name;
+ uint32_t error_status;
+ bool correctable;
+ PCIDevice *dev;
+ PCIEAERErr err;
+ int ret;
+
+ ret = pci_qdev_find_device(id, &dev);
+ if (ret < 0) {
+ monitor_printf(mon,
+ "id or pci device path is invalid or device not "
+ "found. %s\n", id);
+ return ret;
+ }
+ if (!pci_is_express(dev)) {
+ monitor_printf(mon, "the device doesn't support pci express. %s\n",
+ id);
+ return -ENOSYS;
+ }
+
+ error_name = qdict_get_str(qdict, "error_status");
+ if (pcie_aer_parse_error_string(error_name, &error_status, &correctable)) {
+ char *e = NULL;
+ error_status = strtoul(error_name, &e, 0);
+ correctable = qdict_get_try_bool(qdict, "correctable", 0);
+ if (!e || *e != '\0') {
+ monitor_printf(mon, "invalid error status value. \"%s\"",
+ error_name);
+ return -EINVAL;
+ }
+ }
+ err.status = error_status;
+ err.source_id = (pci_bus_num(dev->bus) << 8) | dev->devfn;
+
+ err.flags = 0;
+ if (correctable) {
+ err.flags |= PCIE_AER_ERR_IS_CORRECTABLE;
+ }
+ if (qdict_get_try_bool(qdict, "advisory_non_fatal", 0)) {
+ err.flags |= PCIE_AER_ERR_MAYBE_ADVISORY;
+ }
+ if (qdict_haskey(qdict, "header0")) {
+ err.flags |= PCIE_AER_ERR_HEADER_VALID;
+ }
+ if (qdict_haskey(qdict, "prefix0")) {
+ err.flags |= PCIE_AER_ERR_TLP_PREFIX_PRESENT;
+ }
+
+ err.header[0] = qdict_get_try_int(qdict, "header0", 0);
+ err.header[1] = qdict_get_try_int(qdict, "header1", 0);
+ err.header[2] = qdict_get_try_int(qdict, "header2", 0);
+ err.header[3] = qdict_get_try_int(qdict, "header3", 0);
+
+ err.prefix[0] = qdict_get_try_int(qdict, "prefix0", 0);
+ err.prefix[1] = qdict_get_try_int(qdict, "prefix1", 0);
+ err.prefix[2] = qdict_get_try_int(qdict, "prefix2", 0);
+ err.prefix[3] = qdict_get_try_int(qdict, "prefix3", 0);
+
+ ret = pcie_aer_inject_error(dev, &err);
+ *ret_data = qobject_from_jsonf("{'id': %s, "
+ "'root_bus': %s, 'bus': %d, 'devfn': %d, "
+ "'ret': %d}",
+ id, pci_root_bus_path(dev),
+ pci_bus_num(dev->bus), dev->devfn,
+ ret);
+ assert(*ret_data);
+
+ return 0;
+}
diff --git a/hw/pci/pcie_host.c b/hw/pci/pcie_host.c
new file mode 100644
index 000000000..b70e5adc4
--- /dev/null
+++ b/hw/pci/pcie_host.c
@@ -0,0 +1,162 @@
+/*
+ * pcie_host.c
+ * utility functions for pci express host bridge.
+ *
+ * Copyright (c) 2009 Isaku Yamahata <yamahata at valinux co jp>
+ * VA Linux Systems Japan K.K.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "hw/hw.h"
+#include "hw/pci/pci.h"
+#include "hw/pci/pcie_host.h"
+#include "exec/address-spaces.h"
+
+/*
+ * PCI express mmcfig address
+ * bit 20 - 28: bus number
+ * bit 15 - 19: device number
+ * bit 12 - 14: function number
+ * bit 0 - 11: offset in configuration space of a given device
+ */
+#define PCIE_MMCFG_SIZE_MAX (1ULL << 28)
+#define PCIE_MMCFG_SIZE_MIN (1ULL << 20)
+#define PCIE_MMCFG_BUS_BIT 20
+#define PCIE_MMCFG_BUS_MASK 0x1ff
+#define PCIE_MMCFG_DEVFN_BIT 12
+#define PCIE_MMCFG_DEVFN_MASK 0xff
+#define PCIE_MMCFG_CONFOFFSET_MASK 0xfff
+#define PCIE_MMCFG_BUS(addr) (((addr) >> PCIE_MMCFG_BUS_BIT) & \
+ PCIE_MMCFG_BUS_MASK)
+#define PCIE_MMCFG_DEVFN(addr) (((addr) >> PCIE_MMCFG_DEVFN_BIT) & \
+ PCIE_MMCFG_DEVFN_MASK)
+#define PCIE_MMCFG_CONFOFFSET(addr) ((addr) & PCIE_MMCFG_CONFOFFSET_MASK)
+
+
+/* a helper function to get a PCIDevice for a given mmconfig address */
+static inline PCIDevice *pcie_dev_find_by_mmcfg_addr(PCIBus *s,
+ uint32_t mmcfg_addr)
+{
+ return pci_find_device(s, PCIE_MMCFG_BUS(mmcfg_addr),
+ PCIE_MMCFG_DEVFN(mmcfg_addr));
+}
+
+static void pcie_mmcfg_data_write(void *opaque, hwaddr mmcfg_addr,
+ uint64_t val, unsigned len)
+{
+ PCIExpressHost *e = opaque;
+ PCIBus *s = e->pci.bus;
+ PCIDevice *pci_dev = pcie_dev_find_by_mmcfg_addr(s, mmcfg_addr);
+ uint32_t addr;
+ uint32_t limit;
+
+ if (!pci_dev) {
+ return;
+ }
+ addr = PCIE_MMCFG_CONFOFFSET(mmcfg_addr);
+ limit = pci_config_size(pci_dev);
+ if (limit <= addr) {
+ /* conventional pci device can be behind pcie-to-pci bridge.
+ 256 <= addr < 4K has no effects. */
+ return;
+ }
+ pci_host_config_write_common(pci_dev, addr, limit, val, len);
+}
+
+static uint64_t pcie_mmcfg_data_read(void *opaque,
+ hwaddr mmcfg_addr,
+ unsigned len)
+{
+ PCIExpressHost *e = opaque;
+ PCIBus *s = e->pci.bus;
+ PCIDevice *pci_dev = pcie_dev_find_by_mmcfg_addr(s, mmcfg_addr);
+ uint32_t addr;
+ uint32_t limit;
+
+ if (!pci_dev) {
+ return ~0x0;
+ }
+ addr = PCIE_MMCFG_CONFOFFSET(mmcfg_addr);
+ limit = pci_config_size(pci_dev);
+ if (limit <= addr) {
+ /* conventional pci device can be behind pcie-to-pci bridge.
+ 256 <= addr < 4K has no effects. */
+ return ~0x0;
+ }
+ return pci_host_config_read_common(pci_dev, addr, limit, len);
+}
+
+static const MemoryRegionOps pcie_mmcfg_ops = {
+ .read = pcie_mmcfg_data_read,
+ .write = pcie_mmcfg_data_write,
+ .endianness = DEVICE_NATIVE_ENDIAN,
+};
+
+/* pcie_host::base_addr == PCIE_BASE_ADDR_UNMAPPED when it isn't mapped. */
+#define PCIE_BASE_ADDR_UNMAPPED ((hwaddr)-1ULL)
+
+int pcie_host_init(PCIExpressHost *e)
+{
+ e->base_addr = PCIE_BASE_ADDR_UNMAPPED;
+
+ return 0;
+}
+
+void pcie_host_mmcfg_unmap(PCIExpressHost *e)
+{
+ if (e->base_addr != PCIE_BASE_ADDR_UNMAPPED) {
+ memory_region_del_subregion(get_system_memory(), &e->mmio);
+ memory_region_destroy(&e->mmio);
+ e->base_addr = PCIE_BASE_ADDR_UNMAPPED;
+ }
+}
+
+void pcie_host_mmcfg_map(PCIExpressHost *e, hwaddr addr,
+ uint32_t size)
+{
+ assert(!(size & (size - 1))); /* power of 2 */
+ assert(size >= PCIE_MMCFG_SIZE_MIN);
+ assert(size <= PCIE_MMCFG_SIZE_MAX);
+ e->size = size;
+ memory_region_init_io(&e->mmio, OBJECT(e), &pcie_mmcfg_ops, e,
+ "pcie-mmcfg", e->size);
+ e->base_addr = addr;
+ memory_region_add_subregion(get_system_memory(), e->base_addr, &e->mmio);
+}
+
+void pcie_host_mmcfg_update(PCIExpressHost *e,
+ int enable,
+ hwaddr addr,
+ uint32_t size)
+{
+ pcie_host_mmcfg_unmap(e);
+ if (enable) {
+ pcie_host_mmcfg_map(e, addr, size);
+ }
+}
+
+static const TypeInfo pcie_host_type_info = {
+ .name = TYPE_PCIE_HOST_BRIDGE,
+ .parent = TYPE_PCI_HOST_BRIDGE,
+ .abstract = true,
+ .instance_size = sizeof(PCIExpressHost),
+};
+
+static void pcie_host_register_types(void)
+{
+ type_register_static(&pcie_host_type_info);
+}
+
+type_init(pcie_host_register_types)
diff --git a/hw/pci/pcie_port.c b/hw/pci/pcie_port.c
new file mode 100644
index 000000000..2adb0300f
--- /dev/null
+++ b/hw/pci/pcie_port.c
@@ -0,0 +1,170 @@
+/*
+ * pcie_port.c
+ *
+ * Copyright (c) 2010 Isaku Yamahata <yamahata at valinux co jp>
+ * VA Linux Systems Japan K.K.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "hw/pci/pcie_port.h"
+
+void pcie_port_init_reg(PCIDevice *d)
+{
+ /* Unlike pci bridge,
+ 66MHz and fast back to back don't apply to pci express port. */
+ pci_set_word(d->config + PCI_STATUS, 0);
+ pci_set_word(d->config + PCI_SEC_STATUS, 0);
+
+ /*
+ * Unlike conventional pci bridge, for some bits the spec states:
+ * Does not apply to PCI Express and must be hardwired to 0.
+ */
+ pci_word_test_and_clear_mask(d->wmask + PCI_BRIDGE_CONTROL,
+ PCI_BRIDGE_CTL_MASTER_ABORT |
+ PCI_BRIDGE_CTL_FAST_BACK |
+ PCI_BRIDGE_CTL_DISCARD |
+ PCI_BRIDGE_CTL_SEC_DISCARD |
+ PCI_BRIDGE_CTL_DISCARD_STATUS |
+ PCI_BRIDGE_CTL_DISCARD_SERR);
+}
+
+/**************************************************************************
+ * (chassis number, pcie physical slot number) -> pcie slot conversion
+ */
+struct PCIEChassis {
+ uint8_t number;
+
+ QLIST_HEAD(, PCIESlot) slots;
+ QLIST_ENTRY(PCIEChassis) next;
+};
+
+static QLIST_HEAD(, PCIEChassis) chassis = QLIST_HEAD_INITIALIZER(chassis);
+
+static struct PCIEChassis *pcie_chassis_find(uint8_t chassis_number)
+{
+ struct PCIEChassis *c;
+ QLIST_FOREACH(c, &chassis, next) {
+ if (c->number == chassis_number) {
+ break;
+ }
+ }
+ return c;
+}
+
+void pcie_chassis_create(uint8_t chassis_number)
+{
+ struct PCIEChassis *c;
+ c = pcie_chassis_find(chassis_number);
+ if (c) {
+ return;
+ }
+ c = g_malloc0(sizeof(*c));
+ c->number = chassis_number;
+ QLIST_INIT(&c->slots);
+ QLIST_INSERT_HEAD(&chassis, c, next);
+}
+
+static PCIESlot *pcie_chassis_find_slot_with_chassis(struct PCIEChassis *c,
+ uint8_t slot)
+{
+ PCIESlot *s;
+ QLIST_FOREACH(s, &c->slots, next) {
+ if (s->slot == slot) {
+ break;
+ }
+ }
+ return s;
+}
+
+PCIESlot *pcie_chassis_find_slot(uint8_t chassis_number, uint16_t slot)
+{
+ struct PCIEChassis *c;
+ c = pcie_chassis_find(chassis_number);
+ if (!c) {
+ return NULL;
+ }
+ return pcie_chassis_find_slot_with_chassis(c, slot);
+}
+
+int pcie_chassis_add_slot(struct PCIESlot *slot)
+{
+ struct PCIEChassis *c;
+ c = pcie_chassis_find(slot->chassis);
+ if (!c) {
+ return -ENODEV;
+ }
+ if (pcie_chassis_find_slot_with_chassis(c, slot->slot)) {
+ return -EBUSY;
+ }
+ QLIST_INSERT_HEAD(&c->slots, slot, next);
+ return 0;
+}
+
+void pcie_chassis_del_slot(PCIESlot *s)
+{
+ QLIST_REMOVE(s, next);
+}
+
+static Property pcie_port_props[] = {
+ DEFINE_PROP_UINT8("port", PCIEPort, port, 0),
+ DEFINE_PROP_UINT16("aer_log_max", PCIEPort,
+ parent_obj.parent_obj.exp.aer_log.log_max,
+ PCIE_AER_LOG_MAX_DEFAULT),
+ DEFINE_PROP_END_OF_LIST()
+};
+
+static void pcie_port_class_init(ObjectClass *oc, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(oc);
+
+ dc->props = pcie_port_props;
+}
+
+static const TypeInfo pcie_port_type_info = {
+ .name = TYPE_PCIE_PORT,
+ .parent = TYPE_PCI_BRIDGE,
+ .instance_size = sizeof(PCIEPort),
+ .abstract = true,
+ .class_init = pcie_port_class_init,
+};
+
+static Property pcie_slot_props[] = {
+ DEFINE_PROP_UINT8("chassis", PCIESlot, chassis, 0),
+ DEFINE_PROP_UINT16("slot", PCIESlot, slot, 0),
+ DEFINE_PROP_END_OF_LIST()
+};
+
+static void pcie_slot_class_init(ObjectClass *oc, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(oc);
+
+ dc->props = pcie_slot_props;
+}
+
+static const TypeInfo pcie_slot_type_info = {
+ .name = TYPE_PCIE_SLOT,
+ .parent = TYPE_PCIE_PORT,
+ .instance_size = sizeof(PCIESlot),
+ .abstract = true,
+ .class_init = pcie_slot_class_init,
+};
+
+static void pcie_port_register_types(void)
+{
+ type_register_static(&pcie_port_type_info);
+ type_register_static(&pcie_slot_type_info);
+}
+
+type_init(pcie_port_register_types)
diff --git a/hw/pci/shpc.c b/hw/pci/shpc.c
new file mode 100644
index 000000000..eb092fdb6
--- /dev/null
+++ b/hw/pci/shpc.c
@@ -0,0 +1,682 @@
+#include "qemu-common.h"
+#include <strings.h>
+#include <stdint.h>
+#include "qemu/range.h"
+#include "qemu/error-report.h"
+#include "hw/pci/shpc.h"
+#include "hw/pci/pci.h"
+#include "hw/pci/pci_bus.h"
+#include "hw/pci/msi.h"
+
+/* TODO: model power only and disabled slot states. */
+/* TODO: handle SERR and wakeups */
+/* TODO: consider enabling 66MHz support */
+
+/* TODO: remove fully only on state DISABLED and LED off.
+ * track state to properly record this. */
+
+/* SHPC Working Register Set */
+#define SHPC_BASE_OFFSET 0x00 /* 4 bytes */
+#define SHPC_SLOTS_33 0x04 /* 4 bytes. Also encodes PCI-X slots. */
+#define SHPC_SLOTS_66 0x08 /* 4 bytes. */
+#define SHPC_NSLOTS 0x0C /* 1 byte */
+#define SHPC_FIRST_DEV 0x0D /* 1 byte */
+#define SHPC_PHYS_SLOT 0x0E /* 2 byte */
+#define SHPC_PHYS_NUM_MAX 0x7ff
+#define SHPC_PHYS_NUM_UP 0x2000
+#define SHPC_PHYS_MRL 0x4000
+#define SHPC_PHYS_BUTTON 0x8000
+#define SHPC_SEC_BUS 0x10 /* 2 bytes */
+#define SHPC_SEC_BUS_33 0x0
+#define SHPC_SEC_BUS_66 0x1 /* Unused */
+#define SHPC_SEC_BUS_MASK 0x7
+#define SHPC_MSI_CTL 0x12 /* 1 byte */
+#define SHPC_PROG_IFC 0x13 /* 1 byte */
+#define SHPC_PROG_IFC_1_0 0x1
+#define SHPC_CMD_CODE 0x14 /* 1 byte */
+#define SHPC_CMD_TRGT 0x15 /* 1 byte */
+#define SHPC_CMD_TRGT_MIN 0x1
+#define SHPC_CMD_TRGT_MAX 0x1f
+#define SHPC_CMD_STATUS 0x16 /* 2 bytes */
+#define SHPC_CMD_STATUS_BUSY 0x1
+#define SHPC_CMD_STATUS_MRL_OPEN 0x2
+#define SHPC_CMD_STATUS_INVALID_CMD 0x4
+#define SHPC_CMD_STATUS_INVALID_MODE 0x8
+#define SHPC_INT_LOCATOR 0x18 /* 4 bytes */
+#define SHPC_INT_COMMAND 0x1
+#define SHPC_SERR_LOCATOR 0x1C /* 4 bytes */
+#define SHPC_SERR_INT 0x20 /* 4 bytes */
+#define SHPC_INT_DIS 0x1
+#define SHPC_SERR_DIS 0x2
+#define SHPC_CMD_INT_DIS 0x4
+#define SHPC_ARB_SERR_DIS 0x8
+#define SHPC_CMD_DETECTED 0x10000
+#define SHPC_ARB_DETECTED 0x20000
+ /* 4 bytes * slot # (start from 0) */
+#define SHPC_SLOT_REG(s) (0x24 + (s) * 4)
+ /* 2 bytes */
+#define SHPC_SLOT_STATUS(s) (0x0 + SHPC_SLOT_REG(s))
+
+/* Same slot state masks are used for command and status registers */
+#define SHPC_SLOT_STATE_MASK 0x03
+#define SHPC_SLOT_STATE_SHIFT \
+ (ffs(SHPC_SLOT_STATE_MASK) - 1)
+
+#define SHPC_STATE_NO 0x0
+#define SHPC_STATE_PWRONLY 0x1
+#define SHPC_STATE_ENABLED 0x2
+#define SHPC_STATE_DISABLED 0x3
+
+#define SHPC_SLOT_PWR_LED_MASK 0xC
+#define SHPC_SLOT_PWR_LED_SHIFT \
+ (ffs(SHPC_SLOT_PWR_LED_MASK) - 1)
+#define SHPC_SLOT_ATTN_LED_MASK 0x30
+#define SHPC_SLOT_ATTN_LED_SHIFT \
+ (ffs(SHPC_SLOT_ATTN_LED_MASK) - 1)
+
+#define SHPC_LED_NO 0x0
+#define SHPC_LED_ON 0x1
+#define SHPC_LED_BLINK 0x2
+#define SHPC_LED_OFF 0x3
+
+#define SHPC_SLOT_STATUS_PWR_FAULT 0x40
+#define SHPC_SLOT_STATUS_BUTTON 0x80
+#define SHPC_SLOT_STATUS_MRL_OPEN 0x100
+#define SHPC_SLOT_STATUS_66 0x200
+#define SHPC_SLOT_STATUS_PRSNT_MASK 0xC00
+#define SHPC_SLOT_STATUS_PRSNT_EMPTY 0x3
+#define SHPC_SLOT_STATUS_PRSNT_25W 0x1
+#define SHPC_SLOT_STATUS_PRSNT_15W 0x2
+#define SHPC_SLOT_STATUS_PRSNT_7_5W 0x0
+
+#define SHPC_SLOT_STATUS_PRSNT_PCIX 0x3000
+
+
+ /* 1 byte */
+#define SHPC_SLOT_EVENT_LATCH(s) (0x2 + SHPC_SLOT_REG(s))
+ /* 1 byte */
+#define SHPC_SLOT_EVENT_SERR_INT_DIS(d, s) (0x3 + SHPC_SLOT_REG(s))
+#define SHPC_SLOT_EVENT_PRESENCE 0x01
+#define SHPC_SLOT_EVENT_ISOLATED_FAULT 0x02
+#define SHPC_SLOT_EVENT_BUTTON 0x04
+#define SHPC_SLOT_EVENT_MRL 0x08
+#define SHPC_SLOT_EVENT_CONNECTED_FAULT 0x10
+/* Bits below are used for Serr/Int disable only */
+#define SHPC_SLOT_EVENT_MRL_SERR_DIS 0x20
+#define SHPC_SLOT_EVENT_CONNECTED_FAULT_SERR_DIS 0x40
+
+#define SHPC_MIN_SLOTS 1
+#define SHPC_MAX_SLOTS 31
+#define SHPC_SIZEOF(d) SHPC_SLOT_REG((d)->shpc->nslots)
+
+/* SHPC Slot identifiers */
+
+/* Hotplug supported at 31 slots out of the total 32. We reserve slot 0,
+ and give the rest of them physical *and* pci numbers starting from 1, so
+ they match logical numbers. Note: this means that multiple slots must have
+ different chassis number values, to make chassis+physical slot unique.
+ TODO: make this configurable? */
+#define SHPC_IDX_TO_LOGICAL(slot) ((slot) + 1)
+#define SHPC_LOGICAL_TO_IDX(target) ((target) - 1)
+#define SHPC_IDX_TO_PCI(slot) ((slot) + 1)
+#define SHPC_PCI_TO_IDX(pci_slot) ((pci_slot) - 1)
+#define SHPC_IDX_TO_PHYSICAL(slot) ((slot) + 1)
+
+static int roundup_pow_of_two(int x)
+{
+ x |= (x >> 1);
+ x |= (x >> 2);
+ x |= (x >> 4);
+ x |= (x >> 8);
+ x |= (x >> 16);
+ return x + 1;
+}
+
+static uint16_t shpc_get_status(SHPCDevice *shpc, int slot, uint16_t msk)
+{
+ uint8_t *status = shpc->config + SHPC_SLOT_STATUS(slot);
+ return (pci_get_word(status) & msk) >> (ffs(msk) - 1);
+}
+
+static void shpc_set_status(SHPCDevice *shpc,
+ int slot, uint8_t value, uint16_t msk)
+{
+ uint8_t *status = shpc->config + SHPC_SLOT_STATUS(slot);
+ pci_word_test_and_clear_mask(status, msk);
+ pci_word_test_and_set_mask(status, value << (ffs(msk) - 1));
+}
+
+static void shpc_interrupt_update(PCIDevice *d)
+{
+ SHPCDevice *shpc = d->shpc;
+ int slot;
+ int level = 0;
+ uint32_t serr_int;
+ uint32_t int_locator = 0;
+
+ /* Update interrupt locator register */
+ for (slot = 0; slot < shpc->nslots; ++slot) {
+ uint8_t event = shpc->config[SHPC_SLOT_EVENT_LATCH(slot)];
+ uint8_t disable = shpc->config[SHPC_SLOT_EVENT_SERR_INT_DIS(d, slot)];
+ uint32_t mask = 1 << SHPC_IDX_TO_LOGICAL(slot);
+ if (event & ~disable) {
+ int_locator |= mask;
+ }
+ }
+ serr_int = pci_get_long(shpc->config + SHPC_SERR_INT);
+ if ((serr_int & SHPC_CMD_DETECTED) && !(serr_int & SHPC_CMD_INT_DIS)) {
+ int_locator |= SHPC_INT_COMMAND;
+ }
+ pci_set_long(shpc->config + SHPC_INT_LOCATOR, int_locator);
+ level = (!(serr_int & SHPC_INT_DIS) && int_locator) ? 1 : 0;
+ if (msi_enabled(d) && shpc->msi_requested != level)
+ msi_notify(d, 0);
+ else
+ qemu_set_irq(d->irq[0], level);
+ shpc->msi_requested = level;
+}
+
+static void shpc_set_sec_bus_speed(SHPCDevice *shpc, uint8_t speed)
+{
+ switch (speed) {
+ case SHPC_SEC_BUS_33:
+ shpc->config[SHPC_SEC_BUS] &= ~SHPC_SEC_BUS_MASK;
+ shpc->config[SHPC_SEC_BUS] |= speed;
+ break;
+ default:
+ pci_word_test_and_set_mask(shpc->config + SHPC_CMD_STATUS,
+ SHPC_CMD_STATUS_INVALID_MODE);
+ }
+}
+
+void shpc_reset(PCIDevice *d)
+{
+ SHPCDevice *shpc = d->shpc;
+ int nslots = shpc->nslots;
+ int i;
+ memset(shpc->config, 0, SHPC_SIZEOF(d));
+ pci_set_byte(shpc->config + SHPC_NSLOTS, nslots);
+ pci_set_long(shpc->config + SHPC_SLOTS_33, nslots);
+ pci_set_long(shpc->config + SHPC_SLOTS_66, 0);
+ pci_set_byte(shpc->config + SHPC_FIRST_DEV, SHPC_IDX_TO_PCI(0));
+ pci_set_word(shpc->config + SHPC_PHYS_SLOT,
+ SHPC_IDX_TO_PHYSICAL(0) |
+ SHPC_PHYS_NUM_UP |
+ SHPC_PHYS_MRL |
+ SHPC_PHYS_BUTTON);
+ pci_set_long(shpc->config + SHPC_SERR_INT, SHPC_INT_DIS |
+ SHPC_SERR_DIS |
+ SHPC_CMD_INT_DIS |
+ SHPC_ARB_SERR_DIS);
+ pci_set_byte(shpc->config + SHPC_PROG_IFC, SHPC_PROG_IFC_1_0);
+ pci_set_word(shpc->config + SHPC_SEC_BUS, SHPC_SEC_BUS_33);
+ for (i = 0; i < shpc->nslots; ++i) {
+ pci_set_byte(shpc->config + SHPC_SLOT_EVENT_SERR_INT_DIS(d, i),
+ SHPC_SLOT_EVENT_PRESENCE |
+ SHPC_SLOT_EVENT_ISOLATED_FAULT |
+ SHPC_SLOT_EVENT_BUTTON |
+ SHPC_SLOT_EVENT_MRL |
+ SHPC_SLOT_EVENT_CONNECTED_FAULT |
+ SHPC_SLOT_EVENT_MRL_SERR_DIS |
+ SHPC_SLOT_EVENT_CONNECTED_FAULT_SERR_DIS);
+ if (shpc->sec_bus->devices[PCI_DEVFN(SHPC_IDX_TO_PCI(i), 0)]) {
+ shpc_set_status(shpc, i, SHPC_STATE_ENABLED, SHPC_SLOT_STATE_MASK);
+ shpc_set_status(shpc, i, 0, SHPC_SLOT_STATUS_MRL_OPEN);
+ shpc_set_status(shpc, i, SHPC_SLOT_STATUS_PRSNT_7_5W,
+ SHPC_SLOT_STATUS_PRSNT_MASK);
+ shpc_set_status(shpc, i, SHPC_LED_ON, SHPC_SLOT_PWR_LED_MASK);
+ } else {
+ shpc_set_status(shpc, i, SHPC_STATE_DISABLED, SHPC_SLOT_STATE_MASK);
+ shpc_set_status(shpc, i, 1, SHPC_SLOT_STATUS_MRL_OPEN);
+ shpc_set_status(shpc, i, SHPC_SLOT_STATUS_PRSNT_EMPTY,
+ SHPC_SLOT_STATUS_PRSNT_MASK);
+ shpc_set_status(shpc, i, SHPC_LED_OFF, SHPC_SLOT_PWR_LED_MASK);
+ }
+ shpc_set_status(shpc, i, 0, SHPC_SLOT_STATUS_66);
+ }
+ shpc_set_sec_bus_speed(shpc, SHPC_SEC_BUS_33);
+ shpc->msi_requested = 0;
+ shpc_interrupt_update(d);
+}
+
+static void shpc_invalid_command(SHPCDevice *shpc)
+{
+ pci_word_test_and_set_mask(shpc->config + SHPC_CMD_STATUS,
+ SHPC_CMD_STATUS_INVALID_CMD);
+}
+
+static void shpc_free_devices_in_slot(SHPCDevice *shpc, int slot)
+{
+ int devfn;
+ int pci_slot = SHPC_IDX_TO_PCI(slot);
+ for (devfn = PCI_DEVFN(pci_slot, 0);
+ devfn <= PCI_DEVFN(pci_slot, PCI_FUNC_MAX - 1);
+ ++devfn) {
+ PCIDevice *affected_dev = shpc->sec_bus->devices[devfn];
+ if (affected_dev) {
+ qdev_free(&affected_dev->qdev);
+ }
+ }
+}
+
+static void shpc_slot_command(SHPCDevice *shpc, uint8_t target,
+ uint8_t state, uint8_t power, uint8_t attn)
+{
+ uint8_t current_state;
+ int slot = SHPC_LOGICAL_TO_IDX(target);
+ if (target < SHPC_CMD_TRGT_MIN || slot >= shpc->nslots) {
+ shpc_invalid_command(shpc);
+ return;
+ }
+ current_state = shpc_get_status(shpc, slot, SHPC_SLOT_STATE_MASK);
+ if (current_state == SHPC_STATE_ENABLED && state == SHPC_STATE_PWRONLY) {
+ shpc_invalid_command(shpc);
+ return;
+ }
+
+ switch (power) {
+ case SHPC_LED_NO:
+ break;
+ default:
+ /* TODO: send event to monitor */
+ shpc_set_status(shpc, slot, power, SHPC_SLOT_PWR_LED_MASK);
+ }
+ switch (attn) {
+ case SHPC_LED_NO:
+ break;
+ default:
+ /* TODO: send event to monitor */
+ shpc_set_status(shpc, slot, attn, SHPC_SLOT_ATTN_LED_MASK);
+ }
+
+ if ((current_state == SHPC_STATE_DISABLED && state == SHPC_STATE_PWRONLY) ||
+ (current_state == SHPC_STATE_DISABLED && state == SHPC_STATE_ENABLED)) {
+ shpc_set_status(shpc, slot, state, SHPC_SLOT_STATE_MASK);
+ } else if ((current_state == SHPC_STATE_ENABLED ||
+ current_state == SHPC_STATE_PWRONLY) &&
+ state == SHPC_STATE_DISABLED) {
+ shpc_set_status(shpc, slot, state, SHPC_SLOT_STATE_MASK);
+ power = shpc_get_status(shpc, slot, SHPC_SLOT_PWR_LED_MASK);
+ /* TODO: track what monitor requested. */
+ /* Look at LED to figure out whether it's ok to remove the device. */
+ if (power == SHPC_LED_OFF) {
+ shpc_free_devices_in_slot(shpc, slot);
+ shpc_set_status(shpc, slot, 1, SHPC_SLOT_STATUS_MRL_OPEN);
+ shpc_set_status(shpc, slot, SHPC_SLOT_STATUS_PRSNT_EMPTY,
+ SHPC_SLOT_STATUS_PRSNT_MASK);
+ shpc->config[SHPC_SLOT_EVENT_LATCH(slot)] |=
+ SHPC_SLOT_EVENT_BUTTON |
+ SHPC_SLOT_EVENT_MRL |
+ SHPC_SLOT_EVENT_PRESENCE;
+ }
+ }
+}
+
+static void shpc_command(SHPCDevice *shpc)
+{
+ uint8_t code = pci_get_byte(shpc->config + SHPC_CMD_CODE);
+ uint8_t speed;
+ uint8_t target;
+ uint8_t attn;
+ uint8_t power;
+ uint8_t state;
+ int i;
+
+ /* Clear status from the previous command. */
+ pci_word_test_and_clear_mask(shpc->config + SHPC_CMD_STATUS,
+ SHPC_CMD_STATUS_BUSY |
+ SHPC_CMD_STATUS_MRL_OPEN |
+ SHPC_CMD_STATUS_INVALID_CMD |
+ SHPC_CMD_STATUS_INVALID_MODE);
+ switch (code) {
+ case 0x00 ... 0x3f:
+ target = shpc->config[SHPC_CMD_TRGT] & SHPC_CMD_TRGT_MAX;
+ state = (code & SHPC_SLOT_STATE_MASK) >> SHPC_SLOT_STATE_SHIFT;
+ power = (code & SHPC_SLOT_PWR_LED_MASK) >> SHPC_SLOT_PWR_LED_SHIFT;
+ attn = (code & SHPC_SLOT_ATTN_LED_MASK) >> SHPC_SLOT_ATTN_LED_SHIFT;
+ shpc_slot_command(shpc, target, state, power, attn);
+ break;
+ case 0x40 ... 0x47:
+ speed = code & SHPC_SEC_BUS_MASK;
+ shpc_set_sec_bus_speed(shpc, speed);
+ break;
+ case 0x48:
+ /* Power only all slots */
+ /* first verify no slots are enabled */
+ for (i = 0; i < shpc->nslots; ++i) {
+ state = shpc_get_status(shpc, i, SHPC_SLOT_STATE_MASK);
+ if (state == SHPC_STATE_ENABLED) {
+ shpc_invalid_command(shpc);
+ goto done;
+ }
+ }
+ for (i = 0; i < shpc->nslots; ++i) {
+ if (!(shpc_get_status(shpc, i, SHPC_SLOT_STATUS_MRL_OPEN))) {
+ shpc_slot_command(shpc, i + SHPC_CMD_TRGT_MIN,
+ SHPC_STATE_PWRONLY, SHPC_LED_ON, SHPC_LED_NO);
+ } else {
+ shpc_slot_command(shpc, i + SHPC_CMD_TRGT_MIN,
+ SHPC_STATE_NO, SHPC_LED_OFF, SHPC_LED_NO);
+ }
+ }
+ break;
+ case 0x49:
+ /* Enable all slots */
+ /* TODO: Spec says this shall fail if some are already enabled.
+ * This doesn't make sense - why not? a spec bug? */
+ for (i = 0; i < shpc->nslots; ++i) {
+ state = shpc_get_status(shpc, i, SHPC_SLOT_STATE_MASK);
+ if (state == SHPC_STATE_ENABLED) {
+ shpc_invalid_command(shpc);
+ goto done;
+ }
+ }
+ for (i = 0; i < shpc->nslots; ++i) {
+ if (!(shpc_get_status(shpc, i, SHPC_SLOT_STATUS_MRL_OPEN))) {
+ shpc_slot_command(shpc, i + SHPC_CMD_TRGT_MIN,
+ SHPC_STATE_ENABLED, SHPC_LED_ON, SHPC_LED_NO);
+ } else {
+ shpc_slot_command(shpc, i + SHPC_CMD_TRGT_MIN,
+ SHPC_STATE_NO, SHPC_LED_OFF, SHPC_LED_NO);
+ }
+ }
+ break;
+ default:
+ shpc_invalid_command(shpc);
+ break;
+ }
+done:
+ pci_long_test_and_set_mask(shpc->config + SHPC_SERR_INT, SHPC_CMD_DETECTED);
+}
+
+static void shpc_write(PCIDevice *d, unsigned addr, uint64_t val, int l)
+{
+ SHPCDevice *shpc = d->shpc;
+ int i;
+ if (addr >= SHPC_SIZEOF(d)) {
+ return;
+ }
+ l = MIN(l, SHPC_SIZEOF(d) - addr);
+
+ /* TODO: code duplicated from pci.c */
+ for (i = 0; i < l; val >>= 8, ++i) {
+ unsigned a = addr + i;
+ uint8_t wmask = shpc->wmask[a];
+ uint8_t w1cmask = shpc->w1cmask[a];
+ assert(!(wmask & w1cmask));
+ shpc->config[a] = (shpc->config[a] & ~wmask) | (val & wmask);
+ shpc->config[a] &= ~(val & w1cmask); /* W1C: Write 1 to Clear */
+ }
+ if (ranges_overlap(addr, l, SHPC_CMD_CODE, 2)) {
+ shpc_command(shpc);
+ }
+ shpc_interrupt_update(d);
+}
+
+static uint64_t shpc_read(PCIDevice *d, unsigned addr, int l)
+{
+ uint64_t val = 0x0;
+ if (addr >= SHPC_SIZEOF(d)) {
+ return val;
+ }
+ l = MIN(l, SHPC_SIZEOF(d) - addr);
+ memcpy(&val, d->shpc->config + addr, l);
+ return val;
+}
+
+/* SHPC Bridge Capability */
+#define SHPC_CAP_LENGTH 0x08
+#define SHPC_CAP_DWORD_SELECT 0x2 /* 1 byte */
+#define SHPC_CAP_CxP 0x3 /* 1 byte: CSP, CIP */
+#define SHPC_CAP_DWORD_DATA 0x4 /* 4 bytes */
+#define SHPC_CAP_CSP_MASK 0x4
+#define SHPC_CAP_CIP_MASK 0x8
+
+static uint8_t shpc_cap_dword(PCIDevice *d)
+{
+ return pci_get_byte(d->config + d->shpc->cap + SHPC_CAP_DWORD_SELECT);
+}
+
+/* Update dword data capability register */
+static void shpc_cap_update_dword(PCIDevice *d)
+{
+ unsigned data;
+ data = shpc_read(d, shpc_cap_dword(d) * 4, 4);
+ pci_set_long(d->config + d->shpc->cap + SHPC_CAP_DWORD_DATA, data);
+}
+
+/* Add SHPC capability to the config space for the device. */
+static int shpc_cap_add_config(PCIDevice *d)
+{
+ uint8_t *config;
+ int config_offset;
+ config_offset = pci_add_capability(d, PCI_CAP_ID_SHPC,
+ 0, SHPC_CAP_LENGTH);
+ if (config_offset < 0) {
+ return config_offset;
+ }
+ config = d->config + config_offset;
+
+ pci_set_byte(config + SHPC_CAP_DWORD_SELECT, 0);
+ pci_set_byte(config + SHPC_CAP_CxP, 0);
+ pci_set_long(config + SHPC_CAP_DWORD_DATA, 0);
+ d->shpc->cap = config_offset;
+ /* Make dword select and data writeable. */
+ pci_set_byte(d->wmask + config_offset + SHPC_CAP_DWORD_SELECT, 0xff);
+ pci_set_long(d->wmask + config_offset + SHPC_CAP_DWORD_DATA, 0xffffffff);
+ return 0;
+}
+
+static uint64_t shpc_mmio_read(void *opaque, hwaddr addr,
+ unsigned size)
+{
+ return shpc_read(opaque, addr, size);
+}
+
+static void shpc_mmio_write(void *opaque, hwaddr addr,
+ uint64_t val, unsigned size)
+{
+ shpc_write(opaque, addr, val, size);
+}
+
+static const MemoryRegionOps shpc_mmio_ops = {
+ .read = shpc_mmio_read,
+ .write = shpc_mmio_write,
+ .endianness = DEVICE_LITTLE_ENDIAN,
+ .valid = {
+ /* SHPC ECN requires dword accesses, but the original 1.0 spec doesn't.
+ * It's easier to suppport all sizes than worry about it. */
+ .min_access_size = 1,
+ .max_access_size = 4,
+ },
+};
+
+static int shpc_device_hotplug(DeviceState *qdev, PCIDevice *affected_dev,
+ PCIHotplugState hotplug_state)
+{
+ int pci_slot = PCI_SLOT(affected_dev->devfn);
+ uint8_t state;
+ uint8_t led;
+ PCIDevice *d = DO_UPCAST(PCIDevice, qdev, qdev);
+ SHPCDevice *shpc = d->shpc;
+ int slot = SHPC_PCI_TO_IDX(pci_slot);
+ if (pci_slot < SHPC_IDX_TO_PCI(0) || slot >= shpc->nslots) {
+ error_report("Unsupported PCI slot %d for standard hotplug "
+ "controller. Valid slots are between %d and %d.",
+ pci_slot, SHPC_IDX_TO_PCI(0),
+ SHPC_IDX_TO_PCI(shpc->nslots) - 1);
+ return -1;
+ }
+ /* Don't send event when device is enabled during qemu machine creation:
+ * it is present on boot, no hotplug event is necessary. We do send an
+ * event when the device is disabled later. */
+ if (hotplug_state == PCI_COLDPLUG_ENABLED) {
+ shpc_set_status(shpc, slot, 0, SHPC_SLOT_STATUS_MRL_OPEN);
+ shpc_set_status(shpc, slot, SHPC_SLOT_STATUS_PRSNT_7_5W,
+ SHPC_SLOT_STATUS_PRSNT_MASK);
+ return 0;
+ }
+ if (hotplug_state == PCI_HOTPLUG_DISABLED) {
+ shpc->config[SHPC_SLOT_EVENT_LATCH(slot)] |= SHPC_SLOT_EVENT_BUTTON;
+ state = shpc_get_status(shpc, slot, SHPC_SLOT_STATE_MASK);
+ led = shpc_get_status(shpc, slot, SHPC_SLOT_PWR_LED_MASK);
+ if (state == SHPC_STATE_DISABLED && led == SHPC_LED_OFF) {
+ shpc_free_devices_in_slot(shpc, slot);
+ shpc_set_status(shpc, slot, 1, SHPC_SLOT_STATUS_MRL_OPEN);
+ shpc_set_status(shpc, slot, SHPC_SLOT_STATUS_PRSNT_EMPTY,
+ SHPC_SLOT_STATUS_PRSNT_MASK);
+ shpc->config[SHPC_SLOT_EVENT_LATCH(slot)] |=
+ SHPC_SLOT_EVENT_MRL |
+ SHPC_SLOT_EVENT_PRESENCE;
+ }
+ } else {
+ /* This could be a cancellation of the previous removal.
+ * We check MRL state to figure out. */
+ if (shpc_get_status(shpc, slot, SHPC_SLOT_STATUS_MRL_OPEN)) {
+ shpc_set_status(shpc, slot, 0, SHPC_SLOT_STATUS_MRL_OPEN);
+ shpc_set_status(shpc, slot, SHPC_SLOT_STATUS_PRSNT_7_5W,
+ SHPC_SLOT_STATUS_PRSNT_MASK);
+ shpc->config[SHPC_SLOT_EVENT_LATCH(slot)] |=
+ SHPC_SLOT_EVENT_BUTTON |
+ SHPC_SLOT_EVENT_MRL |
+ SHPC_SLOT_EVENT_PRESENCE;
+ } else {
+ /* Press attention button to cancel removal */
+ shpc->config[SHPC_SLOT_EVENT_LATCH(slot)] |=
+ SHPC_SLOT_EVENT_BUTTON;
+ }
+ }
+ shpc_set_status(shpc, slot, 0, SHPC_SLOT_STATUS_66);
+ shpc_interrupt_update(d);
+ return 0;
+}
+
+/* Initialize the SHPC structure in bridge's BAR. */
+int shpc_init(PCIDevice *d, PCIBus *sec_bus, MemoryRegion *bar, unsigned offset)
+{
+ int i, ret;
+ int nslots = SHPC_MAX_SLOTS; /* TODO: qdev property? */
+ SHPCDevice *shpc = d->shpc = g_malloc0(sizeof(*d->shpc));
+ shpc->sec_bus = sec_bus;
+ ret = shpc_cap_add_config(d);
+ if (ret) {
+ g_free(d->shpc);
+ return ret;
+ }
+ if (nslots < SHPC_MIN_SLOTS) {
+ return 0;
+ }
+ if (nslots > SHPC_MAX_SLOTS ||
+ SHPC_IDX_TO_PCI(nslots) > PCI_SLOT_MAX) {
+ /* TODO: report an error mesage that makes sense. */
+ return -EINVAL;
+ }
+ shpc->nslots = nslots;
+ shpc->config = g_malloc0(SHPC_SIZEOF(d));
+ shpc->cmask = g_malloc0(SHPC_SIZEOF(d));
+ shpc->wmask = g_malloc0(SHPC_SIZEOF(d));
+ shpc->w1cmask = g_malloc0(SHPC_SIZEOF(d));
+
+ shpc_reset(d);
+
+ pci_set_long(shpc->config + SHPC_BASE_OFFSET, offset);
+
+ pci_set_byte(shpc->wmask + SHPC_CMD_CODE, 0xff);
+ pci_set_byte(shpc->wmask + SHPC_CMD_TRGT, SHPC_CMD_TRGT_MAX);
+ pci_set_byte(shpc->wmask + SHPC_CMD_TRGT, SHPC_CMD_TRGT_MAX);
+ pci_set_long(shpc->wmask + SHPC_SERR_INT,
+ SHPC_INT_DIS |
+ SHPC_SERR_DIS |
+ SHPC_CMD_INT_DIS |
+ SHPC_ARB_SERR_DIS);
+ pci_set_long(shpc->w1cmask + SHPC_SERR_INT,
+ SHPC_CMD_DETECTED |
+ SHPC_ARB_DETECTED);
+ for (i = 0; i < nslots; ++i) {
+ pci_set_byte(shpc->wmask +
+ SHPC_SLOT_EVENT_SERR_INT_DIS(d, i),
+ SHPC_SLOT_EVENT_PRESENCE |
+ SHPC_SLOT_EVENT_ISOLATED_FAULT |
+ SHPC_SLOT_EVENT_BUTTON |
+ SHPC_SLOT_EVENT_MRL |
+ SHPC_SLOT_EVENT_CONNECTED_FAULT |
+ SHPC_SLOT_EVENT_MRL_SERR_DIS |
+ SHPC_SLOT_EVENT_CONNECTED_FAULT_SERR_DIS);
+ pci_set_byte(shpc->w1cmask +
+ SHPC_SLOT_EVENT_LATCH(i),
+ SHPC_SLOT_EVENT_PRESENCE |
+ SHPC_SLOT_EVENT_ISOLATED_FAULT |
+ SHPC_SLOT_EVENT_BUTTON |
+ SHPC_SLOT_EVENT_MRL |
+ SHPC_SLOT_EVENT_CONNECTED_FAULT);
+ }
+
+ /* TODO: init cmask */
+ memory_region_init_io(&shpc->mmio, OBJECT(d), &shpc_mmio_ops,
+ d, "shpc-mmio", SHPC_SIZEOF(d));
+ shpc_cap_update_dword(d);
+ memory_region_add_subregion(bar, offset, &shpc->mmio);
+ pci_bus_hotplug(sec_bus, shpc_device_hotplug, &d->qdev);
+
+ d->cap_present |= QEMU_PCI_CAP_SHPC;
+ return 0;
+}
+
+int shpc_bar_size(PCIDevice *d)
+{
+ return roundup_pow_of_two(SHPC_SLOT_REG(SHPC_MAX_SLOTS));
+}
+
+void shpc_cleanup(PCIDevice *d, MemoryRegion *bar)
+{
+ SHPCDevice *shpc = d->shpc;
+ d->cap_present &= ~QEMU_PCI_CAP_SHPC;
+ memory_region_del_subregion(bar, &shpc->mmio);
+ /* TODO: cleanup config space changes? */
+ g_free(shpc->config);
+ g_free(shpc->cmask);
+ g_free(shpc->wmask);
+ g_free(shpc->w1cmask);
+ memory_region_destroy(&shpc->mmio);
+ g_free(shpc);
+}
+
+void shpc_cap_write_config(PCIDevice *d, uint32_t addr, uint32_t val, int l)
+{
+ if (!ranges_overlap(addr, l, d->shpc->cap, SHPC_CAP_LENGTH)) {
+ return;
+ }
+ if (ranges_overlap(addr, l, d->shpc->cap + SHPC_CAP_DWORD_DATA, 4)) {
+ unsigned dword_data;
+ dword_data = pci_get_long(d->shpc->config + d->shpc->cap
+ + SHPC_CAP_DWORD_DATA);
+ shpc_write(d, shpc_cap_dword(d) * 4, dword_data, 4);
+ }
+ /* Update cap dword data in case guest is going to read it. */
+ shpc_cap_update_dword(d);
+}
+
+static void shpc_save(QEMUFile *f, void *pv, size_t size)
+{
+ PCIDevice *d = container_of(pv, PCIDevice, shpc);
+ qemu_put_buffer(f, d->shpc->config, SHPC_SIZEOF(d));
+}
+
+static int shpc_load(QEMUFile *f, void *pv, size_t size)
+{
+ PCIDevice *d = container_of(pv, PCIDevice, shpc);
+ int ret = qemu_get_buffer(f, d->shpc->config, SHPC_SIZEOF(d));
+ if (ret != SHPC_SIZEOF(d)) {
+ return -EINVAL;
+ }
+ /* Make sure we don't lose notifications. An extra interrupt is harmless. */
+ d->shpc->msi_requested = 0;
+ shpc_interrupt_update(d);
+ return 0;
+}
+
+VMStateInfo shpc_vmstate_info = {
+ .name = "shpc",
+ .get = shpc_load,
+ .put = shpc_save,
+};
diff --git a/hw/pci/slotid_cap.c b/hw/pci/slotid_cap.c
new file mode 100644
index 000000000..62f7bae2f
--- /dev/null
+++ b/hw/pci/slotid_cap.c
@@ -0,0 +1,45 @@
+#include "hw/pci/slotid_cap.h"
+#include "hw/pci/pci.h"
+#include "qemu/error-report.h"
+
+#define SLOTID_CAP_LENGTH 4
+#define SLOTID_NSLOTS_SHIFT (ffs(PCI_SID_ESR_NSLOTS) - 1)
+
+int slotid_cap_init(PCIDevice *d, int nslots,
+ uint8_t chassis,
+ unsigned offset)
+{
+ int cap;
+ if (!chassis) {
+ error_report("Bridge chassis not specified. Each bridge is required "
+ "to be assigned a unique chassis id > 0.");
+ return -EINVAL;
+ }
+ if (nslots < 0 || nslots > (PCI_SID_ESR_NSLOTS >> SLOTID_NSLOTS_SHIFT)) {
+ /* TODO: error report? */
+ return -EINVAL;
+ }
+
+ cap = pci_add_capability(d, PCI_CAP_ID_SLOTID, offset, SLOTID_CAP_LENGTH);
+ if (cap < 0) {
+ return cap;
+ }
+ /* We make each chassis unique, this way each bridge is First in Chassis */
+ d->config[cap + PCI_SID_ESR] = PCI_SID_ESR_FIC |
+ (nslots << SLOTID_NSLOTS_SHIFT);
+ d->cmask[cap + PCI_SID_ESR] = 0xff;
+ d->config[cap + PCI_SID_CHASSIS_NR] = chassis;
+ /* Note: Chassis number register is non-volatile,
+ so we don't reset it. */
+ /* TODO: store in eeprom? */
+ d->wmask[cap + PCI_SID_CHASSIS_NR] = 0xff;
+
+ d->cap_present |= QEMU_PCI_CAP_SLOTID;
+ return 0;
+}
+
+void slotid_cap_cleanup(PCIDevice *d)
+{
+ /* TODO: cleanup config space? */
+ d->cap_present &= ~QEMU_PCI_CAP_SLOTID;
+}
diff --git a/hw/pci_bridge.c b/hw/pci_bridge.c
deleted file mode 100644
index 4680501e4..000000000
--- a/hw/pci_bridge.c
+++ /dev/null
@@ -1,363 +0,0 @@
-/*
- * QEMU PCI bus manager
- *
- * Copyright (c) 2004 Fabrice Bellard
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to dea
-
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
- * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM
-
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
- * THE SOFTWARE.
- */
-/*
- * split out from pci.c
- * Copyright (c) 2010 Isaku Yamahata <yamahata at valinux co jp>
- * VA Linux Systems Japan K.K.
- */
-
-#include "pci_bridge.h"
-#include "pci_internals.h"
-#include "range.h"
-
-/* PCI bridge subsystem vendor ID helper functions */
-#define PCI_SSVID_SIZEOF 8
-#define PCI_SSVID_SVID 4
-#define PCI_SSVID_SSID 6
-
-int pci_bridge_ssvid_init(PCIDevice *dev, uint8_t offset,
- uint16_t svid, uint16_t ssid)
-{
- int pos;
- pos = pci_add_capability(dev, PCI_CAP_ID_SSVID, offset, PCI_SSVID_SIZEOF);
- if (pos < 0) {
- return pos;
- }
-
- pci_set_word(dev->config + pos + PCI_SSVID_SVID, svid);
- pci_set_word(dev->config + pos + PCI_SSVID_SSID, ssid);
- return pos;
-}
-
-/* Accessor function to get parent bridge device from pci bus. */
-PCIDevice *pci_bridge_get_device(PCIBus *bus)
-{
- return bus->parent_dev;
-}
-
-/* Accessor function to get secondary bus from pci-to-pci bridge device */
-PCIBus *pci_bridge_get_sec_bus(PCIBridge *br)
-{
- return &br->sec_bus;
-}
-
-static uint32_t pci_config_get_io_base(const PCIDevice *d,
- uint32_t base, uint32_t base_upper16)
-{
- uint32_t val;
-
- val = ((uint32_t)d->config[base] & PCI_IO_RANGE_MASK) << 8;
- if (d->config[base] & PCI_IO_RANGE_TYPE_32) {
- val |= (uint32_t)pci_get_word(d->config + base_upper16) << 16;
- }
- return val;
-}
-
-static pcibus_t pci_config_get_memory_base(const PCIDevice *d, uint32_t base)
-{
- return ((pcibus_t)pci_get_word(d->config + base) & PCI_MEMORY_RANGE_MASK)
- << 16;
-}
-
-static pcibus_t pci_config_get_pref_base(const PCIDevice *d,
- uint32_t base, uint32_t upper)
-{
- pcibus_t tmp;
- pcibus_t val;
-
- tmp = (pcibus_t)pci_get_word(d->config + base);
- val = (tmp & PCI_PREF_RANGE_MASK) << 16;
- if (tmp & PCI_PREF_RANGE_TYPE_64) {
- val |= (pcibus_t)pci_get_long(d->config + upper) << 32;
- }
- return val;
-}
-
-/* accessor function to get bridge filtering base address */
-pcibus_t pci_bridge_get_base(const PCIDevice *bridge, uint8_t type)
-{
- pcibus_t base;
- if (type & PCI_BASE_ADDRESS_SPACE_IO) {
- base = pci_config_get_io_base(bridge,
- PCI_IO_BASE, PCI_IO_BASE_UPPER16);
- } else {
- if (type & PCI_BASE_ADDRESS_MEM_PREFETCH) {
- base = pci_config_get_pref_base(
- bridge, PCI_PREF_MEMORY_BASE, PCI_PREF_BASE_UPPER32);
- } else {
- base = pci_config_get_memory_base(bridge, PCI_MEMORY_BASE);
- }
- }
-
- return base;
-}
-
-/* accessor funciton to get bridge filtering limit */
-pcibus_t pci_bridge_get_limit(const PCIDevice *bridge, uint8_t type)
-{
- pcibus_t limit;
- if (type & PCI_BASE_ADDRESS_SPACE_IO) {
- limit = pci_config_get_io_base(bridge,
- PCI_IO_LIMIT, PCI_IO_LIMIT_UPPER16);
- limit |= 0xfff; /* PCI bridge spec 3.2.5.6. */
- } else {
- if (type & PCI_BASE_ADDRESS_MEM_PREFETCH) {
- limit = pci_config_get_pref_base(
- bridge, PCI_PREF_MEMORY_LIMIT, PCI_PREF_LIMIT_UPPER32);
- } else {
- limit = pci_config_get_memory_base(bridge, PCI_MEMORY_LIMIT);
- }
- limit |= 0xfffff; /* PCI bridge spec 3.2.5.{1, 8}. */
- }
- return limit;
-}
-
-static void pci_bridge_init_alias(PCIBridge *bridge, MemoryRegion *alias,
- uint8_t type, const char *name,
- MemoryRegion *space,
- MemoryRegion *parent_space,
- bool enabled)
-{
- pcibus_t base = pci_bridge_get_base(&bridge->dev, type);
- pcibus_t limit = pci_bridge_get_limit(&bridge->dev, type);
- /* TODO: this doesn't handle base = 0 limit = 2^64 - 1 correctly.
- * Apparently no way to do this with existing memory APIs. */
- pcibus_t size = enabled && limit >= base ? limit + 1 - base : 0;
-
- memory_region_init_alias(alias, name, space, base, size);
- memory_region_add_subregion_overlap(parent_space, base, alias, 1);
-}
-
-static PCIBridgeWindows *pci_bridge_region_init(PCIBridge *br)
-{
- PCIBus *parent = br->dev.bus;
- PCIBridgeWindows *w = g_new(PCIBridgeWindows, 1);
- uint16_t cmd = pci_get_word(br->dev.config + PCI_COMMAND);
-
- pci_bridge_init_alias(br, &w->alias_pref_mem,
- PCI_BASE_ADDRESS_MEM_PREFETCH,
- "pci_bridge_pref_mem",
- &br->address_space_mem,
- parent->address_space_mem,
- cmd & PCI_COMMAND_MEMORY);
- pci_bridge_init_alias(br, &w->alias_mem,
- PCI_BASE_ADDRESS_SPACE_MEMORY,
- "pci_bridge_mem",
- &br->address_space_mem,
- parent->address_space_mem,
- cmd & PCI_COMMAND_MEMORY);
- pci_bridge_init_alias(br, &w->alias_io,
- PCI_BASE_ADDRESS_SPACE_IO,
- "pci_bridge_io",
- &br->address_space_io,
- parent->address_space_io,
- cmd & PCI_COMMAND_IO);
- /* TODO: optinal VGA and VGA palette snooping support. */
-
- return w;
-}
-
-static void pci_bridge_region_del(PCIBridge *br, PCIBridgeWindows *w)
-{
- PCIBus *parent = br->dev.bus;
-
- memory_region_del_subregion(parent->address_space_io, &w->alias_io);
- memory_region_del_subregion(parent->address_space_mem, &w->alias_mem);
- memory_region_del_subregion(parent->address_space_mem, &w->alias_pref_mem);
-}
-
-static void pci_bridge_region_cleanup(PCIBridge *br, PCIBridgeWindows *w)
-{
- memory_region_destroy(&w->alias_io);
- memory_region_destroy(&w->alias_mem);
- memory_region_destroy(&w->alias_pref_mem);
- g_free(w);
-}
-
-static void pci_bridge_update_mappings(PCIBridge *br)
-{
- PCIBridgeWindows *w = br->windows;
-
- /* Make updates atomic to: handle the case of one VCPU updating the bridge
- * while another accesses an unaffected region. */
- memory_region_transaction_begin();
- pci_bridge_region_del(br, br->windows);
- br->windows = pci_bridge_region_init(br);
- memory_region_transaction_commit();
- pci_bridge_region_cleanup(br, w);
-}
-
-/* default write_config function for PCI-to-PCI bridge */
-void pci_bridge_write_config(PCIDevice *d,
- uint32_t address, uint32_t val, int len)
-{
- PCIBridge *s = container_of(d, PCIBridge, dev);
- uint16_t oldctl = pci_get_word(d->config + PCI_BRIDGE_CONTROL);
- uint16_t newctl;
-
- pci_default_write_config(d, address, val, len);
-
- if (ranges_overlap(address, len, PCI_COMMAND, 2) ||
-
- /* io base/limit */
- ranges_overlap(address, len, PCI_IO_BASE, 2) ||
-
- /* memory base/limit, prefetchable base/limit and
- io base/limit upper 16 */
- ranges_overlap(address, len, PCI_MEMORY_BASE, 20)) {
- pci_bridge_update_mappings(s);
- }
-
- newctl = pci_get_word(d->config + PCI_BRIDGE_CONTROL);
- if (~oldctl & newctl & PCI_BRIDGE_CTL_BUS_RESET) {
- /* Trigger hot reset on 0->1 transition. */
- pci_bus_reset(&s->sec_bus);
- }
-}
-
-void pci_bridge_disable_base_limit(PCIDevice *dev)
-{
- uint8_t *conf = dev->config;
-
- pci_byte_test_and_set_mask(conf + PCI_IO_BASE,
- PCI_IO_RANGE_MASK & 0xff);
- pci_byte_test_and_clear_mask(conf + PCI_IO_LIMIT,
- PCI_IO_RANGE_MASK & 0xff);
- pci_word_test_and_set_mask(conf + PCI_MEMORY_BASE,
- PCI_MEMORY_RANGE_MASK & 0xffff);
- pci_word_test_and_clear_mask(conf + PCI_MEMORY_LIMIT,
- PCI_MEMORY_RANGE_MASK & 0xffff);
- pci_word_test_and_set_mask(conf + PCI_PREF_MEMORY_BASE,
- PCI_PREF_RANGE_MASK & 0xffff);
- pci_word_test_and_clear_mask(conf + PCI_PREF_MEMORY_LIMIT,
- PCI_PREF_RANGE_MASK & 0xffff);
- pci_set_long(conf + PCI_PREF_BASE_UPPER32, 0);
- pci_set_long(conf + PCI_PREF_LIMIT_UPPER32, 0);
-}
-
-/* reset bridge specific configuration registers */
-void pci_bridge_reset(DeviceState *qdev)
-{
- PCIDevice *dev = PCI_DEVICE(qdev);
- uint8_t *conf = dev->config;
-
- conf[PCI_PRIMARY_BUS] = 0;
- conf[PCI_SECONDARY_BUS] = 0;
- conf[PCI_SUBORDINATE_BUS] = 0;
- conf[PCI_SEC_LATENCY_TIMER] = 0;
-
- /*
- * the default values for base/limit registers aren't specified
- * in the PCI-to-PCI-bridge spec. So we don't thouch them here.
- * Each implementation can override it.
- * typical implementation does
- * zero base/limit registers or
- * disable forwarding: pci_bridge_disable_base_limit()
- * If disable forwarding is wanted, call pci_bridge_disable_base_limit()
- * after this function.
- */
- pci_byte_test_and_clear_mask(conf + PCI_IO_BASE,
- PCI_IO_RANGE_MASK & 0xff);
- pci_byte_test_and_clear_mask(conf + PCI_IO_LIMIT,
- PCI_IO_RANGE_MASK & 0xff);
- pci_word_test_and_clear_mask(conf + PCI_MEMORY_BASE,
- PCI_MEMORY_RANGE_MASK & 0xffff);
- pci_word_test_and_clear_mask(conf + PCI_MEMORY_LIMIT,
- PCI_MEMORY_RANGE_MASK & 0xffff);
- pci_word_test_and_clear_mask(conf + PCI_PREF_MEMORY_BASE,
- PCI_PREF_RANGE_MASK & 0xffff);
- pci_word_test_and_clear_mask(conf + PCI_PREF_MEMORY_LIMIT,
- PCI_PREF_RANGE_MASK & 0xffff);
- pci_set_long(conf + PCI_PREF_BASE_UPPER32, 0);
- pci_set_long(conf + PCI_PREF_LIMIT_UPPER32, 0);
-
- pci_set_word(conf + PCI_BRIDGE_CONTROL, 0);
-}
-
-/* default qdev initialization function for PCI-to-PCI bridge */
-int pci_bridge_initfn(PCIDevice *dev)
-{
- PCIBus *parent = dev->bus;
- PCIBridge *br = DO_UPCAST(PCIBridge, dev, dev);
- PCIBus *sec_bus = &br->sec_bus;
-
- pci_word_test_and_set_mask(dev->config + PCI_STATUS,
- PCI_STATUS_66MHZ | PCI_STATUS_FAST_BACK);
- pci_config_set_class(dev->config, PCI_CLASS_BRIDGE_PCI);
- dev->config[PCI_HEADER_TYPE] =
- (dev->config[PCI_HEADER_TYPE] & PCI_HEADER_TYPE_MULTI_FUNCTION) |
- PCI_HEADER_TYPE_BRIDGE;
- pci_set_word(dev->config + PCI_SEC_STATUS,
- PCI_STATUS_66MHZ | PCI_STATUS_FAST_BACK);
-
- /*
- * If we don't specify the name, the bus will be addressed as <id>.0, where
- * id is the device id.
- * Since PCI Bridge devices have a single bus each, we don't need the index:
- * let users address the bus using the device name.
- */
- if (!br->bus_name && dev->qdev.id && *dev->qdev.id) {
- br->bus_name = dev->qdev.id;
- }
-
- qbus_create_inplace(&sec_bus->qbus, TYPE_PCI_BUS, &dev->qdev,
- br->bus_name);
- sec_bus->parent_dev = dev;
- sec_bus->map_irq = br->map_irq;
- sec_bus->address_space_mem = &br->address_space_mem;
- memory_region_init(&br->address_space_mem, "pci_bridge_pci", INT64_MAX);
- sec_bus->address_space_io = &br->address_space_io;
- memory_region_init(&br->address_space_io, "pci_bridge_io", 65536);
- br->windows = pci_bridge_region_init(br);
- QLIST_INIT(&sec_bus->child);
- QLIST_INSERT_HEAD(&parent->child, sec_bus, sibling);
- return 0;
-}
-
-/* default qdev clean up function for PCI-to-PCI bridge */
-void pci_bridge_exitfn(PCIDevice *pci_dev)
-{
- PCIBridge *s = DO_UPCAST(PCIBridge, dev, pci_dev);
- assert(QLIST_EMPTY(&s->sec_bus.child));
- QLIST_REMOVE(&s->sec_bus, sibling);
- pci_bridge_region_del(s, s->windows);
- pci_bridge_region_cleanup(s, s->windows);
- memory_region_destroy(&s->address_space_mem);
- memory_region_destroy(&s->address_space_io);
- /* qbus_free() is called automatically by qdev_free() */
-}
-
-/*
- * before qdev initialization(qdev_init()), this function sets bus_name and
- * map_irq callback which are necessry for pci_bridge_initfn() to
- * initialize bus.
- */
-void pci_bridge_map_irq(PCIBridge *br, const char* bus_name,
- pci_map_irq_fn map_irq)
-{
- br->map_irq = map_irq;
- br->bus_name = bus_name;
-}
diff --git a/hw/pci_bridge.h b/hw/pci_bridge.h
deleted file mode 100644
index a00accc17..000000000
--- a/hw/pci_bridge.h
+++ /dev/null
@@ -1,66 +0,0 @@
-/*
- * QEMU PCI bridge
- *
- * Copyright (c) 2004 Fabrice Bellard
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
- *
- * split out pci bus specific stuff from pci.[hc] to pci_bridge.[hc]
- * Copyright (c) 2009 Isaku Yamahata <yamahata at valinux co jp>
- * VA Linux Systems Japan K.K.
- *
- */
-
-#ifndef QEMU_PCI_BRIDGE_H
-#define QEMU_PCI_BRIDGE_H
-
-#include "pci.h"
-
-int pci_bridge_ssvid_init(PCIDevice *dev, uint8_t offset,
- uint16_t svid, uint16_t ssid);
-
-PCIDevice *pci_bridge_get_device(PCIBus *bus);
-PCIBus *pci_bridge_get_sec_bus(PCIBridge *br);
-
-pcibus_t pci_bridge_get_base(const PCIDevice *bridge, uint8_t type);
-pcibus_t pci_bridge_get_limit(const PCIDevice *bridge, uint8_t type);
-
-void pci_bridge_write_config(PCIDevice *d,
- uint32_t address, uint32_t val, int len);
-void pci_bridge_disable_base_limit(PCIDevice *dev);
-void pci_bridge_reset_reg(PCIDevice *dev);
-void pci_bridge_reset(DeviceState *qdev);
-
-int pci_bridge_initfn(PCIDevice *pci_dev);
-void pci_bridge_exitfn(PCIDevice *pci_dev);
-
-
-/*
- * before qdev initialization(qdev_init()), this function sets bus_name and
- * map_irq callback which are necessry for pci_bridge_initfn() to
- * initialize bus.
- */
-void pci_bridge_map_irq(PCIBridge *br, const char* bus_name,
- pci_map_irq_fn map_irq);
-
-#endif /* QEMU_PCI_BRIDGE_H */
-/*
- * Local variables:
- * c-indent-level: 4
- * c-basic-offset: 4
- * tab-width: 8
- * indent-tab-mode: nil
- * End:
- */
diff --git a/hw/pci_bridge_dev.c b/hw/pci_bridge_dev.c
deleted file mode 100644
index f7063961a..000000000
--- a/hw/pci_bridge_dev.c
+++ /dev/null
@@ -1,171 +0,0 @@
-/*
- * Standard PCI Bridge Device
- *
- * Copyright (c) 2011 Red Hat Inc. Author: Michael S. Tsirkin <mst@redhat.com>
- *
- * http://www.pcisig.com/specifications/conventional/pci_to_pci_bridge_architecture/
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, see <http://www.gnu.org/licenses/>.
- */
-
-#include "pci_bridge.h"
-#include "pci_ids.h"
-#include "msi.h"
-#include "shpc.h"
-#include "slotid_cap.h"
-#include "memory.h"
-#include "pci_internals.h"
-
-#define REDHAT_PCI_VENDOR_ID 0x1b36
-#define PCI_BRIDGE_DEV_VENDOR_ID REDHAT_PCI_VENDOR_ID
-#define PCI_BRIDGE_DEV_DEVICE_ID 0x1
-
-struct PCIBridgeDev {
- PCIBridge bridge;
- MemoryRegion bar;
- uint8_t chassis_nr;
-#define PCI_BRIDGE_DEV_F_MSI_REQ 0
- uint32_t flags;
-};
-typedef struct PCIBridgeDev PCIBridgeDev;
-
-/* Mapping mandated by PCI-to-PCI Bridge architecture specification,
- * revision 1.2 */
-/* Table 9-1: Interrupt Binding for Devices Behind a Bridge */
-static int pci_bridge_dev_map_irq_fn(PCIDevice *dev, int irq_num)
-{
- return (irq_num + PCI_SLOT(dev->devfn)) % PCI_NUM_PINS;
-}
-
-static int pci_bridge_dev_initfn(PCIDevice *dev)
-{
- PCIBridge *br = DO_UPCAST(PCIBridge, dev, dev);
- PCIBridgeDev *bridge_dev = DO_UPCAST(PCIBridgeDev, bridge, br);
- int err;
-
- pci_bridge_map_irq(br, NULL, pci_bridge_dev_map_irq_fn);
- err = pci_bridge_initfn(dev);
- if (err) {
- goto bridge_error;
- }
- memory_region_init(&bridge_dev->bar, "shpc-bar", shpc_bar_size(dev));
- err = shpc_init(dev, &br->sec_bus, &bridge_dev->bar, 0);
- if (err) {
- goto shpc_error;
- }
- err = slotid_cap_init(dev, 0, bridge_dev->chassis_nr, 0);
- if (err) {
- goto slotid_error;
- }
- if ((bridge_dev->flags & (1 << PCI_BRIDGE_DEV_F_MSI_REQ)) &&
- msi_supported) {
- err = msi_init(dev, 0, 1, true, true);
- if (err < 0) {
- goto msi_error;
- }
- }
- /* TODO: spec recommends using 64 bit prefetcheable BAR.
- * Check whether that works well. */
- pci_register_bar(dev, 0, PCI_BASE_ADDRESS_SPACE_MEMORY |
- PCI_BASE_ADDRESS_MEM_TYPE_64, &bridge_dev->bar);
- dev->config[PCI_INTERRUPT_PIN] = 0x1;
- return 0;
-msi_error:
- slotid_cap_cleanup(dev);
-slotid_error:
- shpc_cleanup(dev, &bridge_dev->bar);
-shpc_error:
- memory_region_destroy(&bridge_dev->bar);
- pci_bridge_exitfn(dev);
-bridge_error:
- return err;
-}
-
-static void pci_bridge_dev_exitfn(PCIDevice *dev)
-{
- PCIBridge *br = DO_UPCAST(PCIBridge, dev, dev);
- PCIBridgeDev *bridge_dev = DO_UPCAST(PCIBridgeDev, bridge, br);
- if (msi_present(dev)) {
- msi_uninit(dev);
- }
- slotid_cap_cleanup(dev);
- shpc_cleanup(dev, &bridge_dev->bar);
- memory_region_destroy(&bridge_dev->bar);
- pci_bridge_exitfn(dev);
-}
-
-static void pci_bridge_dev_write_config(PCIDevice *d,
- uint32_t address, uint32_t val, int len)
-{
- pci_bridge_write_config(d, address, val, len);
- if (msi_present(d)) {
- msi_write_config(d, address, val, len);
- }
- shpc_cap_write_config(d, address, val, len);
-}
-
-static void qdev_pci_bridge_dev_reset(DeviceState *qdev)
-{
- PCIDevice *dev = DO_UPCAST(PCIDevice, qdev, qdev);
-
- pci_bridge_reset(qdev);
- shpc_reset(dev);
-}
-
-static Property pci_bridge_dev_properties[] = {
- /* Note: 0 is not a legal chassis number. */
- DEFINE_PROP_UINT8("chassis_nr", PCIBridgeDev, chassis_nr, 0),
- DEFINE_PROP_BIT("msi", PCIBridgeDev, flags, PCI_BRIDGE_DEV_F_MSI_REQ, true),
- DEFINE_PROP_END_OF_LIST(),
-};
-
-static const VMStateDescription pci_bridge_dev_vmstate = {
- .name = "pci_bridge",
- .fields = (VMStateField[]) {
- VMSTATE_PCI_DEVICE(bridge.dev, PCIBridgeDev),
- SHPC_VMSTATE(bridge.dev.shpc, PCIBridgeDev),
- VMSTATE_END_OF_LIST()
- }
-};
-
-static void pci_bridge_dev_class_init(ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS(klass);
- PCIDeviceClass *k = PCI_DEVICE_CLASS(klass);
- k->init = pci_bridge_dev_initfn;
- k->exit = pci_bridge_dev_exitfn;
- k->config_write = pci_bridge_dev_write_config;
- k->vendor_id = PCI_BRIDGE_DEV_VENDOR_ID;
- k->device_id = PCI_BRIDGE_DEV_DEVICE_ID;
- k->class_id = PCI_CLASS_BRIDGE_PCI;
- k->is_bridge = 1,
- dc->desc = "Standard PCI Bridge";
- dc->reset = qdev_pci_bridge_dev_reset;
- dc->props = pci_bridge_dev_properties;
- dc->vmsd = &pci_bridge_dev_vmstate;
-}
-
-static TypeInfo pci_bridge_dev_info = {
- .name = "pci-bridge",
- .parent = TYPE_PCI_DEVICE,
- .instance_size = sizeof(PCIBridgeDev),
- .class_init = pci_bridge_dev_class_init,
-};
-
-static void pci_bridge_dev_register(void)
-{
- type_register_static(&pci_bridge_dev_info);
-}
-
-type_init(pci_bridge_dev_register);
diff --git a/hw/pci_host.c b/hw/pci_host.c
deleted file mode 100644
index 68e328cd2..000000000
--- a/hw/pci_host.c
+++ /dev/null
@@ -1,180 +0,0 @@
-/*
- * pci_host.c
- *
- * Copyright (c) 2009 Isaku Yamahata <yamahata at valinux co jp>
- * VA Linux Systems Japan K.K.
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
-
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
-
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, see <http://www.gnu.org/licenses/>.
- */
-
-#include "pci.h"
-#include "pci_host.h"
-
-/* debug PCI */
-//#define DEBUG_PCI
-
-#ifdef DEBUG_PCI
-#define PCI_DPRINTF(fmt, ...) \
-do { printf("pci_host_data: " fmt , ## __VA_ARGS__); } while (0)
-#else
-#define PCI_DPRINTF(fmt, ...)
-#endif
-
-/*
- * PCI address
- * bit 16 - 24: bus number
- * bit 8 - 15: devfun number
- * bit 0 - 7: offset in configuration space of a given pci device
- */
-
-/* the helper functio to get a PCIDeice* for a given pci address */
-static inline PCIDevice *pci_dev_find_by_addr(PCIBus *bus, uint32_t addr)
-{
- uint8_t bus_num = addr >> 16;
- uint8_t devfn = addr >> 8;
-
- return pci_find_device(bus, bus_num, devfn);
-}
-
-void pci_host_config_write_common(PCIDevice *pci_dev, uint32_t addr,
- uint32_t limit, uint32_t val, uint32_t len)
-{
- assert(len <= 4);
- pci_dev->config_write(pci_dev, addr, val, MIN(len, limit - addr));
-}
-
-uint32_t pci_host_config_read_common(PCIDevice *pci_dev, uint32_t addr,
- uint32_t limit, uint32_t len)
-{
- assert(len <= 4);
- return pci_dev->config_read(pci_dev, addr, MIN(len, limit - addr));
-}
-
-void pci_data_write(PCIBus *s, uint32_t addr, uint32_t val, int len)
-{
- PCIDevice *pci_dev = pci_dev_find_by_addr(s, addr);
- uint32_t config_addr = addr & (PCI_CONFIG_SPACE_SIZE - 1);
-
- if (!pci_dev) {
- return;
- }
-
- PCI_DPRINTF("%s: %s: addr=%02" PRIx32 " val=%08" PRIx32 " len=%d\n",
- __func__, pci_dev->name, config_addr, val, len);
- pci_host_config_write_common(pci_dev, config_addr, PCI_CONFIG_SPACE_SIZE,
- val, len);
-}
-
-uint32_t pci_data_read(PCIBus *s, uint32_t addr, int len)
-{
- PCIDevice *pci_dev = pci_dev_find_by_addr(s, addr);
- uint32_t config_addr = addr & (PCI_CONFIG_SPACE_SIZE - 1);
- uint32_t val;
-
- if (!pci_dev) {
- return ~0x0;
- }
-
- val = pci_host_config_read_common(pci_dev, config_addr,
- PCI_CONFIG_SPACE_SIZE, len);
- PCI_DPRINTF("%s: %s: addr=%02"PRIx32" val=%08"PRIx32" len=%d\n",
- __func__, pci_dev->name, config_addr, val, len);
-
- return val;
-}
-
-static void pci_host_config_write(void *opaque, hwaddr addr,
- uint64_t val, unsigned len)
-{
- PCIHostState *s = opaque;
-
- PCI_DPRINTF("%s addr " TARGET_FMT_plx " len %d val %"PRIx64"\n",
- __func__, addr, len, val);
- if (addr != 0 || len != 4) {
- return;
- }
- s->config_reg = val;
-}
-
-static uint64_t pci_host_config_read(void *opaque, hwaddr addr,
- unsigned len)
-{
- PCIHostState *s = opaque;
- uint32_t val = s->config_reg;
-
- PCI_DPRINTF("%s addr " TARGET_FMT_plx " len %d val %"PRIx32"\n",
- __func__, addr, len, val);
- return val;
-}
-
-static void pci_host_data_write(void *opaque, hwaddr addr,
- uint64_t val, unsigned len)
-{
- PCIHostState *s = opaque;
- PCI_DPRINTF("write addr " TARGET_FMT_plx " len %d val %x\n",
- addr, len, (unsigned)val);
- if (s->config_reg & (1u << 31))
- pci_data_write(s->bus, s->config_reg | (addr & 3), val, len);
-}
-
-static uint64_t pci_host_data_read(void *opaque,
- hwaddr addr, unsigned len)
-{
- PCIHostState *s = opaque;
- uint32_t val;
- if (!(s->config_reg & (1 << 31)))
- return 0xffffffff;
- val = pci_data_read(s->bus, s->config_reg | (addr & 3), len);
- PCI_DPRINTF("read addr " TARGET_FMT_plx " len %d val %x\n",
- addr, len, val);
- return val;
-}
-
-const MemoryRegionOps pci_host_conf_le_ops = {
- .read = pci_host_config_read,
- .write = pci_host_config_write,
- .endianness = DEVICE_LITTLE_ENDIAN,
-};
-
-const MemoryRegionOps pci_host_conf_be_ops = {
- .read = pci_host_config_read,
- .write = pci_host_config_write,
- .endianness = DEVICE_BIG_ENDIAN,
-};
-
-const MemoryRegionOps pci_host_data_le_ops = {
- .read = pci_host_data_read,
- .write = pci_host_data_write,
- .endianness = DEVICE_LITTLE_ENDIAN,
-};
-
-const MemoryRegionOps pci_host_data_be_ops = {
- .read = pci_host_data_read,
- .write = pci_host_data_write,
- .endianness = DEVICE_BIG_ENDIAN,
-};
-
-static const TypeInfo pci_host_type_info = {
- .name = TYPE_PCI_HOST_BRIDGE,
- .parent = TYPE_SYS_BUS_DEVICE,
- .abstract = true,
- .instance_size = sizeof(PCIHostState),
-};
-
-static void pci_host_register_types(void)
-{
- type_register_static(&pci_host_type_info);
-}
-
-type_init(pci_host_register_types)
diff --git a/hw/pci_host.h b/hw/pci_host.h
deleted file mode 100644
index 4b9c300fc..000000000
--- a/hw/pci_host.h
+++ /dev/null
@@ -1,62 +0,0 @@
-/*
- * QEMU Common PCI Host bridge configuration data space access routines.
- *
- * Copyright (c) 2006 Fabrice Bellard
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
- * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
- * THE SOFTWARE.
- */
-
-/* Worker routines for a PCI host controller that uses an {address,data}
- register pair to access PCI configuration space. */
-
-#ifndef PCI_HOST_H
-#define PCI_HOST_H
-
-#include "sysbus.h"
-
-#define TYPE_PCI_HOST_BRIDGE "pci-host-bridge"
-#define PCI_HOST_BRIDGE(obj) \
- OBJECT_CHECK(PCIHostState, (obj), TYPE_PCI_HOST_BRIDGE)
-
-struct PCIHostState {
- SysBusDevice busdev;
-
- MemoryRegion conf_mem;
- MemoryRegion data_mem;
- MemoryRegion mmcfg;
- MemoryRegion *address_space;
- uint32_t config_reg;
- PCIBus *bus;
-};
-
-/* common internal helpers for PCI/PCIe hosts, cut off overflows */
-void pci_host_config_write_common(PCIDevice *pci_dev, uint32_t addr,
- uint32_t limit, uint32_t val, uint32_t len);
-uint32_t pci_host_config_read_common(PCIDevice *pci_dev, uint32_t addr,
- uint32_t limit, uint32_t len);
-
-void pci_data_write(PCIBus *s, uint32_t addr, uint32_t val, int len);
-uint32_t pci_data_read(PCIBus *s, uint32_t addr, int len);
-
-extern const MemoryRegionOps pci_host_conf_le_ops;
-extern const MemoryRegionOps pci_host_conf_be_ops;
-extern const MemoryRegionOps pci_host_data_le_ops;
-extern const MemoryRegionOps pci_host_data_be_ops;
-
-#endif /* PCI_HOST_H */
diff --git a/hw/pci_ids.h b/hw/pci_ids.h
deleted file mode 100644
index 5df724534..000000000
--- a/hw/pci_ids.h
+++ /dev/null
@@ -1,147 +0,0 @@
-/*
- * PCI Class, Vendor and Device IDs
- *
- * Please keep sorted.
- *
- * Abbreviated version of linux/pci_ids.h
- *
- * QEMU-specific definitions belong in pci.h
- */
-
-/* Device classes and subclasses */
-
-#define PCI_BASE_CLASS_STORAGE 0x01
-#define PCI_BASE_CLASS_NETWORK 0x02
-
-#define PCI_CLASS_STORAGE_SCSI 0x0100
-#define PCI_CLASS_STORAGE_IDE 0x0101
-#define PCI_CLASS_STORAGE_RAID 0x0104
-#define PCI_CLASS_STORAGE_SATA 0x0106
-#define PCI_CLASS_STORAGE_OTHER 0x0180
-
-#define PCI_CLASS_NETWORK_ETHERNET 0x0200
-
-#define PCI_CLASS_DISPLAY_VGA 0x0300
-#define PCI_CLASS_DISPLAY_OTHER 0x0380
-
-#define PCI_CLASS_MULTIMEDIA_AUDIO 0x0401
-
-#define PCI_CLASS_MEMORY_RAM 0x0500
-
-#define PCI_CLASS_SYSTEM_OTHER 0x0880
-
-#define PCI_CLASS_SERIAL_USB 0x0c03
-#define PCI_CLASS_SERIAL_SMBUS 0x0c05
-
-#define PCI_CLASS_BRIDGE_HOST 0x0600
-#define PCI_CLASS_BRIDGE_ISA 0x0601
-#define PCI_CLASS_BRIDGE_PCI 0x0604
-#define PCI_CLASS_BRDIGE_PCI_INF_SUB 0x01
-#define PCI_CLASS_BRIDGE_OTHER 0x0680
-
-#define PCI_CLASS_COMMUNICATION_SERIAL 0x0700
-#define PCI_CLASS_COMMUNICATION_OTHER 0x0780
-
-#define PCI_CLASS_PROCESSOR_CO 0x0b40
-#define PCI_CLASS_PROCESSOR_POWERPC 0x0b20
-
-#define PCI_CLASS_OTHERS 0xff
-
-/* Vendors and devices. Sort key: vendor first, device next. */
-
-#define PCI_VENDOR_ID_LSI_LOGIC 0x1000
-#define PCI_DEVICE_ID_LSI_53C895A 0x0012
-#define PCI_DEVICE_ID_LSI_SAS1078 0x0060
-
-#define PCI_VENDOR_ID_DEC 0x1011
-#define PCI_DEVICE_ID_DEC_21154 0x0026
-
-#define PCI_VENDOR_ID_CIRRUS 0x1013
-
-#define PCI_VENDOR_ID_IBM 0x1014
-
-#define PCI_VENDOR_ID_AMD 0x1022
-#define PCI_DEVICE_ID_AMD_LANCE 0x2000
-#define PCI_DEVICE_ID_AMD_SCSI 0x2020
-
-#define PCI_VENDOR_ID_TI 0x104c
-
-#define PCI_VENDOR_ID_MOTOROLA 0x1057
-#define PCI_DEVICE_ID_MOTOROLA_MPC106 0x0002
-#define PCI_DEVICE_ID_MOTOROLA_RAVEN 0x4801
-
-#define PCI_VENDOR_ID_APPLE 0x106b
-#define PCI_DEVICE_ID_APPLE_UNI_N_AGP 0x0020
-#define PCI_DEVICE_ID_APPLE_U3_AGP 0x004b
-
-#define PCI_VENDOR_ID_SUN 0x108e
-#define PCI_DEVICE_ID_SUN_EBUS 0x1000
-#define PCI_DEVICE_ID_SUN_SIMBA 0x5000
-#define PCI_DEVICE_ID_SUN_SABRE 0xa000
-
-#define PCI_VENDOR_ID_CMD 0x1095
-#define PCI_DEVICE_ID_CMD_646 0x0646
-
-#define PCI_VENDOR_ID_REALTEK 0x10ec
-#define PCI_DEVICE_ID_REALTEK_8139 0x8139
-
-#define PCI_VENDOR_ID_XILINX 0x10ee
-
-#define PCI_VENDOR_ID_VIA 0x1106
-#define PCI_DEVICE_ID_VIA_ISA_BRIDGE 0x0686
-#define PCI_DEVICE_ID_VIA_IDE 0x0571
-#define PCI_DEVICE_ID_VIA_UHCI 0x3038
-#define PCI_DEVICE_ID_VIA_ACPI 0x3057
-#define PCI_DEVICE_ID_VIA_AC97 0x3058
-#define PCI_DEVICE_ID_VIA_MC97 0x3068
-
-#define PCI_VENDOR_ID_MARVELL 0x11ab
-
-#define PCI_VENDOR_ID_ENSONIQ 0x1274
-#define PCI_DEVICE_ID_ENSONIQ_ES1370 0x5000
-
-#define PCI_VENDOR_ID_FREESCALE 0x1957
-#define PCI_DEVICE_ID_MPC8533E 0x0030
-
-#define PCI_VENDOR_ID_INTEL 0x8086
-#define PCI_DEVICE_ID_INTEL_82378 0x0484
-#define PCI_DEVICE_ID_INTEL_82441 0x1237
-#define PCI_DEVICE_ID_INTEL_82801AA_5 0x2415
-#define PCI_DEVICE_ID_INTEL_82801BA_11 0x244e
-#define PCI_DEVICE_ID_INTEL_82801D 0x24CD
-#define PCI_DEVICE_ID_INTEL_ESB_9 0x25ab
-#define PCI_DEVICE_ID_INTEL_82371SB_0 0x7000
-#define PCI_DEVICE_ID_INTEL_82371SB_1 0x7010
-#define PCI_DEVICE_ID_INTEL_82371SB_2 0x7020
-#define PCI_DEVICE_ID_INTEL_82371AB_0 0x7110
-#define PCI_DEVICE_ID_INTEL_82371AB 0x7111
-#define PCI_DEVICE_ID_INTEL_82371AB_2 0x7112
-#define PCI_DEVICE_ID_INTEL_82371AB_3 0x7113
-
-#define PCI_DEVICE_ID_INTEL_ICH9_0 0x2910
-#define PCI_DEVICE_ID_INTEL_ICH9_1 0x2917
-#define PCI_DEVICE_ID_INTEL_ICH9_2 0x2912
-#define PCI_DEVICE_ID_INTEL_ICH9_3 0x2913
-#define PCI_DEVICE_ID_INTEL_ICH9_4 0x2914
-#define PCI_DEVICE_ID_INTEL_ICH9_5 0x2919
-#define PCI_DEVICE_ID_INTEL_ICH9_6 0x2930
-#define PCI_DEVICE_ID_INTEL_ICH9_7 0x2916
-#define PCI_DEVICE_ID_INTEL_ICH9_8 0x2918
-
-#define PCI_DEVICE_ID_INTEL_82801I_UHCI1 0x2934
-#define PCI_DEVICE_ID_INTEL_82801I_UHCI2 0x2935
-#define PCI_DEVICE_ID_INTEL_82801I_UHCI3 0x2936
-#define PCI_DEVICE_ID_INTEL_82801I_UHCI4 0x2937
-#define PCI_DEVICE_ID_INTEL_82801I_UHCI5 0x2938
-#define PCI_DEVICE_ID_INTEL_82801I_UHCI6 0x2939
-#define PCI_DEVICE_ID_INTEL_82801I_EHCI1 0x293a
-#define PCI_DEVICE_ID_INTEL_82801I_EHCI2 0x293c
-#define PCI_DEVICE_ID_INTEL_82599_SFP_VF 0x10ed
-
-#define PCI_DEVICE_ID_INTEL_Q35_MCH 0x29c0
-
-#define PCI_VENDOR_ID_XEN 0x5853
-#define PCI_DEVICE_ID_XEN_PLATFORM 0x0001
-
-#define PCI_VENDOR_ID_NEC 0x1033
-#define PCI_DEVICE_ID_NEC_UPD720200 0x0194
diff --git a/hw/pci_internals.h b/hw/pci_internals.h
deleted file mode 100644
index 21d0ce697..000000000
--- a/hw/pci_internals.h
+++ /dev/null
@@ -1,78 +0,0 @@
-#ifndef QEMU_PCI_INTERNALS_H
-#define QEMU_PCI_INTERNALS_H
-
-/*
- * This header files is private to pci.c and pci_bridge.c
- * So following structures are opaque to others and shouldn't be
- * accessed.
- *
- * For pci-to-pci bridge needs to include this header file to embed
- * PCIBridge in its structure or to get sizeof(PCIBridge),
- * However, they shouldn't access those following members directly.
- * Use accessor function in pci.h, pci_bridge.h
- */
-
-#define TYPE_PCI_BUS "PCI"
-#define PCI_BUS(obj) OBJECT_CHECK(PCIBus, (obj), TYPE_PCI_BUS)
-
-struct PCIBus {
- BusState qbus;
- PCIDMAContextFunc dma_context_fn;
- void *dma_context_opaque;
- uint8_t devfn_min;
- pci_set_irq_fn set_irq;
- pci_map_irq_fn map_irq;
- pci_route_irq_fn route_intx_to_irq;
- pci_hotplug_fn hotplug;
- DeviceState *hotplug_qdev;
- void *irq_opaque;
- PCIDevice *devices[PCI_SLOT_MAX * PCI_FUNC_MAX];
- PCIDevice *parent_dev;
- MemoryRegion *address_space_mem;
- MemoryRegion *address_space_io;
-
- QLIST_HEAD(, PCIBus) child; /* this will be replaced by qdev later */
- QLIST_ENTRY(PCIBus) sibling;/* this will be replaced by qdev later */
-
- /* The bus IRQ state is the logical OR of the connected devices.
- Keep a count of the number of devices with raised IRQs. */
- int nirq;
- int *irq_count;
-};
-
-typedef struct PCIBridgeWindows PCIBridgeWindows;
-
-/*
- * Aliases for each of the address space windows that the bridge
- * can forward. Mapped into the bridge's parent's address space,
- * as subregions.
- */
-struct PCIBridgeWindows {
- MemoryRegion alias_pref_mem;
- MemoryRegion alias_mem;
- MemoryRegion alias_io;
-};
-
-struct PCIBridge {
- PCIDevice dev;
-
- /* private member */
- PCIBus sec_bus;
- /*
- * Memory regions for the bridge's address spaces. These regions are not
- * directly added to system_memory/system_io or its descendants.
- * Bridge's secondary bus points to these, so that devices
- * under the bridge see these regions as its address spaces.
- * The regions are as large as the entire address space -
- * they don't take into account any windows.
- */
- MemoryRegion address_space_mem;
- MemoryRegion address_space_io;
-
- PCIBridgeWindows *windows;
-
- pci_map_irq_fn map_irq;
- const char *bus_name;
-};
-
-#endif /* QEMU_PCI_INTERNALS_H */
diff --git a/hw/pci_regs.h b/hw/pci_regs.h
deleted file mode 100644
index 56a404be6..000000000
--- a/hw/pci_regs.h
+++ /dev/null
@@ -1,717 +0,0 @@
-/*
- * pci_regs.h
- *
- * PCI standard defines
- * Copyright 1994, Drew Eckhardt
- * Copyright 1997--1999 Martin Mares <mj@ucw.cz>
- *
- * For more information, please consult the following manuals (look at
- * http://www.pcisig.com/ for how to get them):
- *
- * PCI BIOS Specification
- * PCI Local Bus Specification
- * PCI to PCI Bridge Specification
- * PCI System Design Guide
- *
- * For hypertransport information, please consult the following manuals
- * from http://www.hypertransport.org
- *
- * The Hypertransport I/O Link Specification
- */
-
-#ifndef LINUX_PCI_REGS_H
-#define LINUX_PCI_REGS_H
-
-/*
- * Under PCI, each device has 256 bytes of configuration address space,
- * of which the first 64 bytes are standardized as follows:
- */
-#define PCI_VENDOR_ID 0x00 /* 16 bits */
-#define PCI_DEVICE_ID 0x02 /* 16 bits */
-#define PCI_COMMAND 0x04 /* 16 bits */
-#define PCI_COMMAND_IO 0x1 /* Enable response in I/O space */
-#define PCI_COMMAND_MEMORY 0x2 /* Enable response in Memory space */
-#define PCI_COMMAND_MASTER 0x4 /* Enable bus mastering */
-#define PCI_COMMAND_SPECIAL 0x8 /* Enable response to special cycles */
-#define PCI_COMMAND_INVALIDATE 0x10 /* Use memory write and invalidate */
-#define PCI_COMMAND_VGA_PALETTE 0x20 /* Enable palette snooping */
-#define PCI_COMMAND_PARITY 0x40 /* Enable parity checking */
-#define PCI_COMMAND_WAIT 0x80 /* Enable address/data stepping */
-#define PCI_COMMAND_SERR 0x100 /* Enable SERR */
-#define PCI_COMMAND_FAST_BACK 0x200 /* Enable back-to-back writes */
-#define PCI_COMMAND_INTX_DISABLE 0x400 /* INTx Emulation Disable */
-
-#define PCI_STATUS 0x06 /* 16 bits */
-#define PCI_STATUS_INTERRUPT 0x08 /* Interrupt status */
-#define PCI_STATUS_CAP_LIST 0x10 /* Support Capability List */
-#define PCI_STATUS_66MHZ 0x20 /* Support 66 Mhz PCI 2.1 bus */
-#define PCI_STATUS_UDF 0x40 /* Support User Definable Features [obsolete] */
-#define PCI_STATUS_FAST_BACK 0x80 /* Accept fast-back to back */
-#define PCI_STATUS_PARITY 0x100 /* Detected parity error */
-#define PCI_STATUS_DEVSEL_MASK 0x600 /* DEVSEL timing */
-#define PCI_STATUS_DEVSEL_FAST 0x000
-#define PCI_STATUS_DEVSEL_MEDIUM 0x200
-#define PCI_STATUS_DEVSEL_SLOW 0x400
-#define PCI_STATUS_SIG_TARGET_ABORT 0x800 /* Set on target abort */
-#define PCI_STATUS_REC_TARGET_ABORT 0x1000 /* Master ack of " */
-#define PCI_STATUS_REC_MASTER_ABORT 0x2000 /* Set on master abort */
-#define PCI_STATUS_SIG_SYSTEM_ERROR 0x4000 /* Set when we drive SERR */
-#define PCI_STATUS_DETECTED_PARITY 0x8000 /* Set on parity error */
-
-#define PCI_CLASS_REVISION 0x08 /* High 24 bits are class, low 8 revision */
-#define PCI_REVISION_ID 0x08 /* Revision ID */
-#define PCI_CLASS_PROG 0x09 /* Reg. Level Programming Interface */
-#define PCI_CLASS_DEVICE 0x0a /* Device class */
-
-#define PCI_CACHE_LINE_SIZE 0x0c /* 8 bits */
-#define PCI_LATENCY_TIMER 0x0d /* 8 bits */
-#define PCI_HEADER_TYPE 0x0e /* 8 bits */
-#define PCI_HEADER_TYPE_NORMAL 0
-#define PCI_HEADER_TYPE_BRIDGE 1
-#define PCI_HEADER_TYPE_CARDBUS 2
-
-#define PCI_BIST 0x0f /* 8 bits */
-#define PCI_BIST_CODE_MASK 0x0f /* Return result */
-#define PCI_BIST_START 0x40 /* 1 to start BIST, 2 secs or less */
-#define PCI_BIST_CAPABLE 0x80 /* 1 if BIST capable */
-
-/*
- * Base addresses specify locations in memory or I/O space.
- * Decoded size can be determined by writing a value of
- * 0xffffffff to the register, and reading it back. Only
- * 1 bits are decoded.
- */
-#define PCI_BASE_ADDRESS_0 0x10 /* 32 bits */
-#define PCI_BASE_ADDRESS_1 0x14 /* 32 bits [htype 0,1 only] */
-#define PCI_BASE_ADDRESS_2 0x18 /* 32 bits [htype 0 only] */
-#define PCI_BASE_ADDRESS_3 0x1c /* 32 bits */
-#define PCI_BASE_ADDRESS_4 0x20 /* 32 bits */
-#define PCI_BASE_ADDRESS_5 0x24 /* 32 bits */
-#define PCI_BASE_ADDRESS_SPACE 0x01 /* 0 = memory, 1 = I/O */
-#define PCI_BASE_ADDRESS_SPACE_IO 0x01
-#define PCI_BASE_ADDRESS_SPACE_MEMORY 0x00
-#define PCI_BASE_ADDRESS_MEM_TYPE_MASK 0x06
-#define PCI_BASE_ADDRESS_MEM_TYPE_32 0x00 /* 32 bit address */
-#define PCI_BASE_ADDRESS_MEM_TYPE_1M 0x02 /* Below 1M [obsolete] */
-#define PCI_BASE_ADDRESS_MEM_TYPE_64 0x04 /* 64 bit address */
-#define PCI_BASE_ADDRESS_MEM_PREFETCH 0x08 /* prefetchable? */
-#define PCI_BASE_ADDRESS_MEM_MASK (~0x0fUL)
-#define PCI_BASE_ADDRESS_IO_MASK (~0x03UL)
-/* bit 1 is reserved if address_space = 1 */
-
-/* Header type 0 (normal devices) */
-#define PCI_CARDBUS_CIS 0x28
-#define PCI_SUBSYSTEM_VENDOR_ID 0x2c
-#define PCI_SUBSYSTEM_ID 0x2e
-#define PCI_ROM_ADDRESS 0x30 /* Bits 31..11 are address, 10..1 reserved */
-#define PCI_ROM_ADDRESS_ENABLE 0x01
-#define PCI_ROM_ADDRESS_MASK (~0x7ffUL)
-
-#define PCI_CAPABILITY_LIST 0x34 /* Offset of first capability list entry */
-
-/* 0x35-0x3b are reserved */
-#define PCI_INTERRUPT_LINE 0x3c /* 8 bits */
-#define PCI_INTERRUPT_PIN 0x3d /* 8 bits */
-#define PCI_MIN_GNT 0x3e /* 8 bits */
-#define PCI_MAX_LAT 0x3f /* 8 bits */
-
-/* Header type 1 (PCI-to-PCI bridges) */
-#define PCI_PRIMARY_BUS 0x18 /* Primary bus number */
-#define PCI_SECONDARY_BUS 0x19 /* Secondary bus number */
-#define PCI_SUBORDINATE_BUS 0x1a /* Highest bus number behind the bridge */
-#define PCI_SEC_LATENCY_TIMER 0x1b /* Latency timer for secondary interface */
-#define PCI_IO_BASE 0x1c /* I/O range behind the bridge */
-#define PCI_IO_LIMIT 0x1d
-#define PCI_IO_RANGE_TYPE_MASK 0x0fUL /* I/O bridging type */
-#define PCI_IO_RANGE_TYPE_16 0x00
-#define PCI_IO_RANGE_TYPE_32 0x01
-#define PCI_IO_RANGE_MASK (~0x0fUL)
-#define PCI_SEC_STATUS 0x1e /* Secondary status register, only bit 14 used */
-#define PCI_MEMORY_BASE 0x20 /* Memory range behind */
-#define PCI_MEMORY_LIMIT 0x22
-#define PCI_MEMORY_RANGE_TYPE_MASK 0x0fUL
-#define PCI_MEMORY_RANGE_MASK (~0x0fUL)
-#define PCI_PREF_MEMORY_BASE 0x24 /* Prefetchable memory range behind */
-#define PCI_PREF_MEMORY_LIMIT 0x26
-#define PCI_PREF_RANGE_TYPE_MASK 0x0fUL
-#define PCI_PREF_RANGE_TYPE_32 0x00
-#define PCI_PREF_RANGE_TYPE_64 0x01
-#define PCI_PREF_RANGE_MASK (~0x0fUL)
-#define PCI_PREF_BASE_UPPER32 0x28 /* Upper half of prefetchable memory range */
-#define PCI_PREF_LIMIT_UPPER32 0x2c
-#define PCI_IO_BASE_UPPER16 0x30 /* Upper half of I/O addresses */
-#define PCI_IO_LIMIT_UPPER16 0x32
-/* 0x34 same as for htype 0 */
-/* 0x35-0x3b is reserved */
-#define PCI_ROM_ADDRESS1 0x38 /* Same as PCI_ROM_ADDRESS, but for htype 1 */
-/* 0x3c-0x3d are same as for htype 0 */
-#define PCI_BRIDGE_CONTROL 0x3e
-#define PCI_BRIDGE_CTL_PARITY 0x01 /* Enable parity detection on secondary interface */
-#define PCI_BRIDGE_CTL_SERR 0x02 /* The same for SERR forwarding */
-#define PCI_BRIDGE_CTL_ISA 0x04 /* Enable ISA mode */
-#define PCI_BRIDGE_CTL_VGA 0x08 /* Forward VGA addresses */
-#define PCI_BRIDGE_CTL_MASTER_ABORT 0x20 /* Report master aborts */
-#define PCI_BRIDGE_CTL_BUS_RESET 0x40 /* Secondary bus reset */
-#define PCI_BRIDGE_CTL_FAST_BACK 0x80 /* Fast Back2Back enabled on secondary interface */
-
-/* Header type 2 (CardBus bridges) */
-#define PCI_CB_CAPABILITY_LIST 0x14
-/* 0x15 reserved */
-#define PCI_CB_SEC_STATUS 0x16 /* Secondary status */
-#define PCI_CB_PRIMARY_BUS 0x18 /* PCI bus number */
-#define PCI_CB_CARD_BUS 0x19 /* CardBus bus number */
-#define PCI_CB_SUBORDINATE_BUS 0x1a /* Subordinate bus number */
-#define PCI_CB_LATENCY_TIMER 0x1b /* CardBus latency timer */
-#define PCI_CB_MEMORY_BASE_0 0x1c
-#define PCI_CB_MEMORY_LIMIT_0 0x20
-#define PCI_CB_MEMORY_BASE_1 0x24
-#define PCI_CB_MEMORY_LIMIT_1 0x28
-#define PCI_CB_IO_BASE_0 0x2c
-#define PCI_CB_IO_BASE_0_HI 0x2e
-#define PCI_CB_IO_LIMIT_0 0x30
-#define PCI_CB_IO_LIMIT_0_HI 0x32
-#define PCI_CB_IO_BASE_1 0x34
-#define PCI_CB_IO_BASE_1_HI 0x36
-#define PCI_CB_IO_LIMIT_1 0x38
-#define PCI_CB_IO_LIMIT_1_HI 0x3a
-#define PCI_CB_IO_RANGE_MASK (~0x03UL)
-/* 0x3c-0x3d are same as for htype 0 */
-#define PCI_CB_BRIDGE_CONTROL 0x3e
-#define PCI_CB_BRIDGE_CTL_PARITY 0x01 /* Similar to standard bridge control register */
-#define PCI_CB_BRIDGE_CTL_SERR 0x02
-#define PCI_CB_BRIDGE_CTL_ISA 0x04
-#define PCI_CB_BRIDGE_CTL_VGA 0x08
-#define PCI_CB_BRIDGE_CTL_MASTER_ABORT 0x20
-#define PCI_CB_BRIDGE_CTL_CB_RESET 0x40 /* CardBus reset */
-#define PCI_CB_BRIDGE_CTL_16BIT_INT 0x80 /* Enable interrupt for 16-bit cards */
-#define PCI_CB_BRIDGE_CTL_PREFETCH_MEM0 0x100 /* Prefetch enable for both memory regions */
-#define PCI_CB_BRIDGE_CTL_PREFETCH_MEM1 0x200
-#define PCI_CB_BRIDGE_CTL_POST_WRITES 0x400
-#define PCI_CB_SUBSYSTEM_VENDOR_ID 0x40
-#define PCI_CB_SUBSYSTEM_ID 0x42
-#define PCI_CB_LEGACY_MODE_BASE 0x44 /* 16-bit PC Card legacy mode base address (ExCa) */
-/* 0x48-0x7f reserved */
-
-/* Capability lists */
-
-#define PCI_CAP_LIST_ID 0 /* Capability ID */
-#define PCI_CAP_ID_PM 0x01 /* Power Management */
-#define PCI_CAP_ID_AGP 0x02 /* Accelerated Graphics Port */
-#define PCI_CAP_ID_VPD 0x03 /* Vital Product Data */
-#define PCI_CAP_ID_SLOTID 0x04 /* Slot Identification */
-#define PCI_CAP_ID_MSI 0x05 /* Message Signalled Interrupts */
-#define PCI_CAP_ID_CHSWP 0x06 /* CompactPCI HotSwap */
-#define PCI_CAP_ID_PCIX 0x07 /* PCI-X */
-#define PCI_CAP_ID_HT 0x08 /* HyperTransport */
-#define PCI_CAP_ID_VNDR 0x09 /* Vendor specific */
-#define PCI_CAP_ID_DBG 0x0A /* Debug port */
-#define PCI_CAP_ID_CCRC 0x0B /* CompactPCI Central Resource Control */
-#define PCI_CAP_ID_SHPC 0x0C /* PCI Standard Hot-Plug Controller */
-#define PCI_CAP_ID_SSVID 0x0D /* Bridge subsystem vendor/device ID */
-#define PCI_CAP_ID_AGP3 0x0E /* AGP Target PCI-PCI bridge */
-#define PCI_CAP_ID_EXP 0x10 /* PCI Express */
-#define PCI_CAP_ID_MSIX 0x11 /* MSI-X */
-#define PCI_CAP_ID_SATA 0x12 /* Serial ATA */
-#define PCI_CAP_ID_AF 0x13 /* PCI Advanced Features */
-#define PCI_CAP_LIST_NEXT 1 /* Next capability in the list */
-#define PCI_CAP_FLAGS 2 /* Capability defined flags (16 bits) */
-#define PCI_CAP_SIZEOF 4
-
-/* Power Management Registers */
-
-#define PCI_PM_PMC 2 /* PM Capabilities Register */
-#define PCI_PM_CAP_VER_MASK 0x0007 /* Version */
-#define PCI_PM_CAP_PME_CLOCK 0x0008 /* PME clock required */
-#define PCI_PM_CAP_RESERVED 0x0010 /* Reserved field */
-#define PCI_PM_CAP_DSI 0x0020 /* Device specific initialization */
-#define PCI_PM_CAP_AUX_POWER 0x01C0 /* Auxiliary power support mask */
-#define PCI_PM_CAP_D1 0x0200 /* D1 power state support */
-#define PCI_PM_CAP_D2 0x0400 /* D2 power state support */
-#define PCI_PM_CAP_PME 0x0800 /* PME pin supported */
-#define PCI_PM_CAP_PME_MASK 0xF800 /* PME Mask of all supported states */
-#define PCI_PM_CAP_PME_D0 0x0800 /* PME# from D0 */
-#define PCI_PM_CAP_PME_D1 0x1000 /* PME# from D1 */
-#define PCI_PM_CAP_PME_D2 0x2000 /* PME# from D2 */
-#define PCI_PM_CAP_PME_D3 0x4000 /* PME# from D3 (hot) */
-#define PCI_PM_CAP_PME_D3cold 0x8000 /* PME# from D3 (cold) */
-#define PCI_PM_CAP_PME_SHIFT 11 /* Start of the PME Mask in PMC */
-#define PCI_PM_CTRL 4 /* PM control and status register */
-#define PCI_PM_CTRL_STATE_MASK 0x0003 /* Current power state (D0 to D3) */
-#define PCI_PM_CTRL_NO_SOFT_RESET 0x0008 /* No reset for D3hot->D0 */
-#define PCI_PM_CTRL_PME_ENABLE 0x0100 /* PME pin enable */
-#define PCI_PM_CTRL_DATA_SEL_MASK 0x1e00 /* Data select (??) */
-#define PCI_PM_CTRL_DATA_SCALE_MASK 0x6000 /* Data scale (??) */
-#define PCI_PM_CTRL_PME_STATUS 0x8000 /* PME pin status */
-#define PCI_PM_PPB_EXTENSIONS 6 /* PPB support extensions (??) */
-#define PCI_PM_PPB_B2_B3 0x40 /* Stop clock when in D3hot (??) */
-#define PCI_PM_BPCC_ENABLE 0x80 /* Bus power/clock control enable (??) */
-#define PCI_PM_DATA_REGISTER 7 /* (??) */
-#define PCI_PM_SIZEOF 8
-
-/* AGP registers */
-
-#define PCI_AGP_VERSION 2 /* BCD version number */
-#define PCI_AGP_RFU 3 /* Rest of capability flags */
-#define PCI_AGP_STATUS 4 /* Status register */
-#define PCI_AGP_STATUS_RQ_MASK 0xff000000 /* Maximum number of requests - 1 */
-#define PCI_AGP_STATUS_SBA 0x0200 /* Sideband addressing supported */
-#define PCI_AGP_STATUS_64BIT 0x0020 /* 64-bit addressing supported */
-#define PCI_AGP_STATUS_FW 0x0010 /* FW transfers supported */
-#define PCI_AGP_STATUS_RATE4 0x0004 /* 4x transfer rate supported */
-#define PCI_AGP_STATUS_RATE2 0x0002 /* 2x transfer rate supported */
-#define PCI_AGP_STATUS_RATE1 0x0001 /* 1x transfer rate supported */
-#define PCI_AGP_COMMAND 8 /* Control register */
-#define PCI_AGP_COMMAND_RQ_MASK 0xff000000 /* Master: Maximum number of requests */
-#define PCI_AGP_COMMAND_SBA 0x0200 /* Sideband addressing enabled */
-#define PCI_AGP_COMMAND_AGP 0x0100 /* Allow processing of AGP transactions */
-#define PCI_AGP_COMMAND_64BIT 0x0020 /* Allow processing of 64-bit addresses */
-#define PCI_AGP_COMMAND_FW 0x0010 /* Force FW transfers */
-#define PCI_AGP_COMMAND_RATE4 0x0004 /* Use 4x rate */
-#define PCI_AGP_COMMAND_RATE2 0x0002 /* Use 2x rate */
-#define PCI_AGP_COMMAND_RATE1 0x0001 /* Use 1x rate */
-#define PCI_AGP_SIZEOF 12
-
-/* Vital Product Data */
-
-#define PCI_VPD_ADDR 2 /* Address to access (15 bits!) */
-#define PCI_VPD_ADDR_MASK 0x7fff /* Address mask */
-#define PCI_VPD_ADDR_F 0x8000 /* Write 0, 1 indicates completion */
-#define PCI_VPD_DATA 4 /* 32-bits of data returned here */
-
-/* Slot Identification */
-
-#define PCI_SID_ESR 2 /* Expansion Slot Register */
-#define PCI_SID_ESR_NSLOTS 0x1f /* Number of expansion slots available */
-#define PCI_SID_ESR_FIC 0x20 /* First In Chassis Flag */
-#define PCI_SID_CHASSIS_NR 3 /* Chassis Number */
-
-/* Message Signalled Interrupts registers */
-
-#define PCI_MSI_FLAGS 2 /* Various flags */
-#define PCI_MSI_FLAGS_64BIT 0x80 /* 64-bit addresses allowed */
-#define PCI_MSI_FLAGS_QSIZE 0x70 /* Message queue size configured */
-#define PCI_MSI_FLAGS_QMASK 0x0e /* Maximum queue size available */
-#define PCI_MSI_FLAGS_ENABLE 0x01 /* MSI feature enabled */
-#define PCI_MSI_FLAGS_MASKBIT 0x100 /* 64-bit mask bits allowed */
-#define PCI_MSI_RFU 3 /* Rest of capability flags */
-#define PCI_MSI_ADDRESS_LO 4 /* Lower 32 bits */
-#define PCI_MSI_ADDRESS_HI 8 /* Upper 32 bits (if PCI_MSI_FLAGS_64BIT set) */
-#define PCI_MSI_DATA_32 8 /* 16 bits of data for 32-bit devices */
-#define PCI_MSI_MASK_32 12 /* Mask bits register for 32-bit devices */
-#define PCI_MSI_DATA_64 12 /* 16 bits of data for 64-bit devices */
-#define PCI_MSI_MASK_64 16 /* Mask bits register for 64-bit devices */
-
-/* MSI-X registers */
-#define PCI_MSIX_FLAGS 2
-#define PCI_MSIX_FLAGS_QSIZE 0x7FF
-#define PCI_MSIX_FLAGS_ENABLE (1 << 15)
-#define PCI_MSIX_FLAGS_MASKALL (1 << 14)
-#define PCI_MSIX_TABLE 4
-#define PCI_MSIX_PBA 8
-#define PCI_MSIX_FLAGS_BIRMASK (7 << 0)
-
-/* MSI-X entry's format */
-#define PCI_MSIX_ENTRY_SIZE 16
-#define PCI_MSIX_ENTRY_LOWER_ADDR 0
-#define PCI_MSIX_ENTRY_UPPER_ADDR 4
-#define PCI_MSIX_ENTRY_DATA 8
-#define PCI_MSIX_ENTRY_VECTOR_CTRL 12
-#define PCI_MSIX_ENTRY_CTRL_MASKBIT 1
-
-/* CompactPCI Hotswap Register */
-
-#define PCI_CHSWP_CSR 2 /* Control and Status Register */
-#define PCI_CHSWP_DHA 0x01 /* Device Hiding Arm */
-#define PCI_CHSWP_EIM 0x02 /* ENUM# Signal Mask */
-#define PCI_CHSWP_PIE 0x04 /* Pending Insert or Extract */
-#define PCI_CHSWP_LOO 0x08 /* LED On / Off */
-#define PCI_CHSWP_PI 0x30 /* Programming Interface */
-#define PCI_CHSWP_EXT 0x40 /* ENUM# status - extraction */
-#define PCI_CHSWP_INS 0x80 /* ENUM# status - insertion */
-
-/* PCI Advanced Feature registers */
-
-#define PCI_AF_LENGTH 2
-#define PCI_AF_CAP 3
-#define PCI_AF_CAP_TP 0x01
-#define PCI_AF_CAP_FLR 0x02
-#define PCI_AF_CTRL 4
-#define PCI_AF_CTRL_FLR 0x01
-#define PCI_AF_STATUS 5
-#define PCI_AF_STATUS_TP 0x01
-
-/* PCI-X registers */
-
-#define PCI_X_CMD 2 /* Modes & Features */
-#define PCI_X_CMD_DPERR_E 0x0001 /* Data Parity Error Recovery Enable */
-#define PCI_X_CMD_ERO 0x0002 /* Enable Relaxed Ordering */
-#define PCI_X_CMD_READ_512 0x0000 /* 512 byte maximum read byte count */
-#define PCI_X_CMD_READ_1K 0x0004 /* 1Kbyte maximum read byte count */
-#define PCI_X_CMD_READ_2K 0x0008 /* 2Kbyte maximum read byte count */
-#define PCI_X_CMD_READ_4K 0x000c /* 4Kbyte maximum read byte count */
-#define PCI_X_CMD_MAX_READ 0x000c /* Max Memory Read Byte Count */
- /* Max # of outstanding split transactions */
-#define PCI_X_CMD_SPLIT_1 0x0000 /* Max 1 */
-#define PCI_X_CMD_SPLIT_2 0x0010 /* Max 2 */
-#define PCI_X_CMD_SPLIT_3 0x0020 /* Max 3 */
-#define PCI_X_CMD_SPLIT_4 0x0030 /* Max 4 */
-#define PCI_X_CMD_SPLIT_8 0x0040 /* Max 8 */
-#define PCI_X_CMD_SPLIT_12 0x0050 /* Max 12 */
-#define PCI_X_CMD_SPLIT_16 0x0060 /* Max 16 */
-#define PCI_X_CMD_SPLIT_32 0x0070 /* Max 32 */
-#define PCI_X_CMD_MAX_SPLIT 0x0070 /* Max Outstanding Split Transactions */
-#define PCI_X_CMD_VERSION(x) (((x) >> 12) & 3) /* Version */
-#define PCI_X_STATUS 4 /* PCI-X capabilities */
-#define PCI_X_STATUS_DEVFN 0x000000ff /* A copy of devfn */
-#define PCI_X_STATUS_BUS 0x0000ff00 /* A copy of bus nr */
-#define PCI_X_STATUS_64BIT 0x00010000 /* 64-bit device */
-#define PCI_X_STATUS_133MHZ 0x00020000 /* 133 MHz capable */
-#define PCI_X_STATUS_SPL_DISC 0x00040000 /* Split Completion Discarded */
-#define PCI_X_STATUS_UNX_SPL 0x00080000 /* Unexpected Split Completion */
-#define PCI_X_STATUS_COMPLEX 0x00100000 /* Device Complexity */
-#define PCI_X_STATUS_MAX_READ 0x00600000 /* Designed Max Memory Read Count */
-#define PCI_X_STATUS_MAX_SPLIT 0x03800000 /* Designed Max Outstanding Split Transactions */
-#define PCI_X_STATUS_MAX_CUM 0x1c000000 /* Designed Max Cumulative Read Size */
-#define PCI_X_STATUS_SPL_ERR 0x20000000 /* Rcvd Split Completion Error Msg */
-#define PCI_X_STATUS_266MHZ 0x40000000 /* 266 MHz capable */
-#define PCI_X_STATUS_533MHZ 0x80000000 /* 533 MHz capable */
-
-/* PCI Bridge Subsystem ID registers */
-
-#define PCI_SSVID_VENDOR_ID 4 /* PCI-Bridge subsystem vendor id register */
-#define PCI_SSVID_DEVICE_ID 6 /* PCI-Bridge subsystem device id register */
-
-/* PCI Express capability registers */
-
-#define PCI_EXP_FLAGS 2 /* Capabilities register */
-#define PCI_EXP_FLAGS_VERS 0x000f /* Capability version */
-#define PCI_EXP_FLAGS_TYPE 0x00f0 /* Device/Port type */
-#define PCI_EXP_TYPE_ENDPOINT 0x0 /* Express Endpoint */
-#define PCI_EXP_TYPE_LEG_END 0x1 /* Legacy Endpoint */
-#define PCI_EXP_TYPE_ROOT_PORT 0x4 /* Root Port */
-#define PCI_EXP_TYPE_UPSTREAM 0x5 /* Upstream Port */
-#define PCI_EXP_TYPE_DOWNSTREAM 0x6 /* Downstream Port */
-#define PCI_EXP_TYPE_PCI_BRIDGE 0x7 /* PCI/PCI-X Bridge */
-#define PCI_EXP_TYPE_PCIE_BRIDGE 0x8 /* PCI/PCI-X to PCIE Bridge */
-#define PCI_EXP_TYPE_RC_END 0x9 /* Root Complex Integrated Endpoint */
-#define PCI_EXP_TYPE_RC_EC 0xa /* Root Complex Event Collector */
-#define PCI_EXP_FLAGS_SLOT 0x0100 /* Slot implemented */
-#define PCI_EXP_FLAGS_IRQ 0x3e00 /* Interrupt message number */
-#define PCI_EXP_DEVCAP 4 /* Device capabilities */
-#define PCI_EXP_DEVCAP_PAYLOAD 0x07 /* Max_Payload_Size */
-#define PCI_EXP_DEVCAP_PHANTOM 0x18 /* Phantom functions */
-#define PCI_EXP_DEVCAP_EXT_TAG 0x20 /* Extended tags */
-#define PCI_EXP_DEVCAP_L0S 0x1c0 /* L0s Acceptable Latency */
-#define PCI_EXP_DEVCAP_L1 0xe00 /* L1 Acceptable Latency */
-#define PCI_EXP_DEVCAP_ATN_BUT 0x1000 /* Attention Button Present */
-#define PCI_EXP_DEVCAP_ATN_IND 0x2000 /* Attention Indicator Present */
-#define PCI_EXP_DEVCAP_PWR_IND 0x4000 /* Power Indicator Present */
-#define PCI_EXP_DEVCAP_RBER 0x8000 /* Role-Based Error Reporting */
-#define PCI_EXP_DEVCAP_PWR_VAL 0x3fc0000 /* Slot Power Limit Value */
-#define PCI_EXP_DEVCAP_PWR_SCL 0xc000000 /* Slot Power Limit Scale */
-#define PCI_EXP_DEVCAP_FLR 0x10000000 /* Function Level Reset */
-#define PCI_EXP_DEVCTL 8 /* Device Control */
-#define PCI_EXP_DEVCTL_CERE 0x0001 /* Correctable Error Reporting En. */
-#define PCI_EXP_DEVCTL_NFERE 0x0002 /* Non-Fatal Error Reporting Enable */
-#define PCI_EXP_DEVCTL_FERE 0x0004 /* Fatal Error Reporting Enable */
-#define PCI_EXP_DEVCTL_URRE 0x0008 /* Unsupported Request Reporting En. */
-#define PCI_EXP_DEVCTL_RELAX_EN 0x0010 /* Enable relaxed ordering */
-#define PCI_EXP_DEVCTL_PAYLOAD 0x00e0 /* Max_Payload_Size */
-#define PCI_EXP_DEVCTL_EXT_TAG 0x0100 /* Extended Tag Field Enable */
-#define PCI_EXP_DEVCTL_PHANTOM 0x0200 /* Phantom Functions Enable */
-#define PCI_EXP_DEVCTL_AUX_PME 0x0400 /* Auxiliary Power PM Enable */
-#define PCI_EXP_DEVCTL_NOSNOOP_EN 0x0800 /* Enable No Snoop */
-#define PCI_EXP_DEVCTL_READRQ 0x7000 /* Max_Read_Request_Size */
-#define PCI_EXP_DEVCTL_BCR_FLR 0x8000 /* Bridge Configuration Retry / FLR */
-#define PCI_EXP_DEVSTA 10 /* Device Status */
-#define PCI_EXP_DEVSTA_CED 0x01 /* Correctable Error Detected */
-#define PCI_EXP_DEVSTA_NFED 0x02 /* Non-Fatal Error Detected */
-#define PCI_EXP_DEVSTA_FED 0x04 /* Fatal Error Detected */
-#define PCI_EXP_DEVSTA_URD 0x08 /* Unsupported Request Detected */
-#define PCI_EXP_DEVSTA_AUXPD 0x10 /* AUX Power Detected */
-#define PCI_EXP_DEVSTA_TRPND 0x20 /* Transactions Pending */
-#define PCI_EXP_LNKCAP 12 /* Link Capabilities */
-#define PCI_EXP_LNKCAP_SLS 0x0000000f /* Supported Link Speeds */
-#define PCI_EXP_LNKCAP_MLW 0x000003f0 /* Maximum Link Width */
-#define PCI_EXP_LNKCAP_ASPMS 0x00000c00 /* ASPM Support */
-#define PCI_EXP_LNKCAP_L0SEL 0x00007000 /* L0s Exit Latency */
-#define PCI_EXP_LNKCAP_L1EL 0x00038000 /* L1 Exit Latency */
-#define PCI_EXP_LNKCAP_CLKPM 0x00040000 /* L1 Clock Power Management */
-#define PCI_EXP_LNKCAP_SDERC 0x00080000 /* Surprise Down Error Reporting Capable */
-#define PCI_EXP_LNKCAP_DLLLARC 0x00100000 /* Data Link Layer Link Active Reporting Capable */
-#define PCI_EXP_LNKCAP_LBNC 0x00200000 /* Link Bandwidth Notification Capability */
-#define PCI_EXP_LNKCAP_PN 0xff000000 /* Port Number */
-#define PCI_EXP_LNKCTL 16 /* Link Control */
-#define PCI_EXP_LNKCTL_ASPMC 0x0003 /* ASPM Control */
-#define PCI_EXP_LNKCTL_RCB 0x0008 /* Read Completion Boundary */
-#define PCI_EXP_LNKCTL_LD 0x0010 /* Link Disable */
-#define PCI_EXP_LNKCTL_RL 0x0020 /* Retrain Link */
-#define PCI_EXP_LNKCTL_CCC 0x0040 /* Common Clock Configuration */
-#define PCI_EXP_LNKCTL_ES 0x0080 /* Extended Synch */
-#define PCI_EXP_LNKCTL_CLKREQ_EN 0x100 /* Enable clkreq */
-#define PCI_EXP_LNKCTL_HAWD 0x0200 /* Hardware Autonomous Width Disable */
-#define PCI_EXP_LNKCTL_LBMIE 0x0400 /* Link Bandwidth Management Interrupt Enable */
-#define PCI_EXP_LNKCTL_LABIE 0x0800 /* Lnk Autonomous Bandwidth Interrupt Enable */
-#define PCI_EXP_LNKSTA 18 /* Link Status */
-#define PCI_EXP_LNKSTA_CLS 0x000f /* Current Link Speed */
-#define PCI_EXP_LNKSTA_CLS_2_5GB 0x01 /* Current Link Speed 2.5GT/s */
-#define PCI_EXP_LNKSTA_CLS_5_0GB 0x02 /* Current Link Speed 5.0GT/s */
-#define PCI_EXP_LNKSTA_NLW 0x03f0 /* Nogotiated Link Width */
-#define PCI_EXP_LNKSTA_NLW_SHIFT 4 /* start of NLW mask in link status */
-#define PCI_EXP_LNKSTA_LT 0x0800 /* Link Training */
-#define PCI_EXP_LNKSTA_SLC 0x1000 /* Slot Clock Configuration */
-#define PCI_EXP_LNKSTA_DLLLA 0x2000 /* Data Link Layer Link Active */
-#define PCI_EXP_LNKSTA_LBMS 0x4000 /* Link Bandwidth Management Status */
-#define PCI_EXP_LNKSTA_LABS 0x8000 /* Link Autonomous Bandwidth Status */
-#define PCI_EXP_SLTCAP 20 /* Slot Capabilities */
-#define PCI_EXP_SLTCAP_ABP 0x00000001 /* Attention Button Present */
-#define PCI_EXP_SLTCAP_PCP 0x00000002 /* Power Controller Present */
-#define PCI_EXP_SLTCAP_MRLSP 0x00000004 /* MRL Sensor Present */
-#define PCI_EXP_SLTCAP_AIP 0x00000008 /* Attention Indicator Present */
-#define PCI_EXP_SLTCAP_PIP 0x00000010 /* Power Indicator Present */
-#define PCI_EXP_SLTCAP_HPS 0x00000020 /* Hot-Plug Surprise */
-#define PCI_EXP_SLTCAP_HPC 0x00000040 /* Hot-Plug Capable */
-#define PCI_EXP_SLTCAP_SPLV 0x00007f80 /* Slot Power Limit Value */
-#define PCI_EXP_SLTCAP_SPLS 0x00018000 /* Slot Power Limit Scale */
-#define PCI_EXP_SLTCAP_EIP 0x00020000 /* Electromechanical Interlock Present */
-#define PCI_EXP_SLTCAP_NCCS 0x00040000 /* No Command Completed Support */
-#define PCI_EXP_SLTCAP_PSN 0xfff80000 /* Physical Slot Number */
-#define PCI_EXP_SLTCTL 24 /* Slot Control */
-#define PCI_EXP_SLTCTL_ABPE 0x0001 /* Attention Button Pressed Enable */
-#define PCI_EXP_SLTCTL_PFDE 0x0002 /* Power Fault Detected Enable */
-#define PCI_EXP_SLTCTL_MRLSCE 0x0004 /* MRL Sensor Changed Enable */
-#define PCI_EXP_SLTCTL_PDCE 0x0008 /* Presence Detect Changed Enable */
-#define PCI_EXP_SLTCTL_CCIE 0x0010 /* Command Completed Interrupt Enable */
-#define PCI_EXP_SLTCTL_HPIE 0x0020 /* Hot-Plug Interrupt Enable */
-#define PCI_EXP_SLTCTL_AIC 0x00c0 /* Attention Indicator Control */
-#define PCI_EXP_SLTCTL_PIC 0x0300 /* Power Indicator Control */
-#define PCI_EXP_SLTCTL_PCC 0x0400 /* Power Controller Control */
-#define PCI_EXP_SLTCTL_EIC 0x0800 /* Electromechanical Interlock Control */
-#define PCI_EXP_SLTCTL_DLLSCE 0x1000 /* Data Link Layer State Changed Enable */
-#define PCI_EXP_SLTSTA 26 /* Slot Status */
-#define PCI_EXP_SLTSTA_ABP 0x0001 /* Attention Button Pressed */
-#define PCI_EXP_SLTSTA_PFD 0x0002 /* Power Fault Detected */
-#define PCI_EXP_SLTSTA_MRLSC 0x0004 /* MRL Sensor Changed */
-#define PCI_EXP_SLTSTA_PDC 0x0008 /* Presence Detect Changed */
-#define PCI_EXP_SLTSTA_CC 0x0010 /* Command Completed */
-#define PCI_EXP_SLTSTA_MRLSS 0x0020 /* MRL Sensor State */
-#define PCI_EXP_SLTSTA_PDS 0x0040 /* Presence Detect State */
-#define PCI_EXP_SLTSTA_EIS 0x0080 /* Electromechanical Interlock Status */
-#define PCI_EXP_SLTSTA_DLLSC 0x0100 /* Data Link Layer State Changed */
-#define PCI_EXP_RTCTL 28 /* Root Control */
-#define PCI_EXP_RTCTL_SECEE 0x01 /* System Error on Correctable Error */
-#define PCI_EXP_RTCTL_SENFEE 0x02 /* System Error on Non-Fatal Error */
-#define PCI_EXP_RTCTL_SEFEE 0x04 /* System Error on Fatal Error */
-#define PCI_EXP_RTCTL_PMEIE 0x08 /* PME Interrupt Enable */
-#define PCI_EXP_RTCTL_CRSSVE 0x10 /* CRS Software Visibility Enable */
-#define PCI_EXP_RTCAP 30 /* Root Capabilities */
-#define PCI_EXP_RTSTA 32 /* Root Status */
-#define PCI_EXP_RTSTA_PME 0x10000 /* PME status */
-#define PCI_EXP_RTSTA_PENDING 0x20000 /* PME pending */
-#define PCI_EXP_DEVCAP2 36 /* Device Capabilities 2 */
-#define PCI_EXP_DEVCAP2_ARI 0x20 /* Alternative Routing-ID */
-#define PCI_EXP_DEVCAP2_LTR 0x800 /* Latency tolerance reporting */
-#define PCI_EXP_OBFF_MASK 0xc0000 /* OBFF support mechanism */
-#define PCI_EXP_OBFF_MSG 0x40000 /* New message signaling */
-#define PCI_EXP_OBFF_WAKE 0x80000 /* Re-use WAKE# for OBFF */
-#define PCI_EXP_DEVCTL2 40 /* Device Control 2 */
-#define PCI_EXP_DEVCTL2_ARI 0x20 /* Alternative Routing-ID */
-#define PCI_EXP_IDO_REQ_EN 0x100 /* ID-based ordering request enable */
-#define PCI_EXP_IDO_CMP_EN 0x200 /* ID-based ordering completion enable */
-#define PCI_EXP_LTR_EN 0x400 /* Latency tolerance reporting */
-#define PCI_EXP_OBFF_MSGA_EN 0x2000 /* OBFF enable with Message type A */
-#define PCI_EXP_OBFF_MSGB_EN 0x4000 /* OBFF enable with Message type B */
-#define PCI_EXP_OBFF_WAKE_EN 0x6000 /* OBFF using WAKE# signaling */
-#define PCI_EXP_LNKCTL2 48 /* Link Control 2 */
-#define PCI_EXP_SLTCTL2 56 /* Slot Control 2 */
-
-/* Extended Capabilities (PCI-X 2.0 and Express) */
-#define PCI_EXT_CAP_ID(header) (header & 0x0000ffff)
-#define PCI_EXT_CAP_VER(header) ((header >> 16) & 0xf)
-#define PCI_EXT_CAP_NEXT(header) ((header >> 20) & 0xffc)
-
-#define PCI_EXT_CAP_ID_ERR 1
-#define PCI_EXT_CAP_ID_VC 2
-#define PCI_EXT_CAP_ID_DSN 3
-#define PCI_EXT_CAP_ID_PWR 4
-#define PCI_EXT_CAP_ID_VNDR 11
-#define PCI_EXT_CAP_ID_ACS 13
-#define PCI_EXT_CAP_ID_ARI 14
-#define PCI_EXT_CAP_ID_ATS 15
-#define PCI_EXT_CAP_ID_SRIOV 16
-#define PCI_EXT_CAP_ID_LTR 24
-
-/* Advanced Error Reporting */
-#define PCI_ERR_UNCOR_STATUS 4 /* Uncorrectable Error Status */
-#define PCI_ERR_UNC_TRAIN 0x00000001 /* Training */
-#define PCI_ERR_UNC_DLP 0x00000010 /* Data Link Protocol */
-#define PCI_ERR_UNC_POISON_TLP 0x00001000 /* Poisoned TLP */
-#define PCI_ERR_UNC_FCP 0x00002000 /* Flow Control Protocol */
-#define PCI_ERR_UNC_COMP_TIME 0x00004000 /* Completion Timeout */
-#define PCI_ERR_UNC_COMP_ABORT 0x00008000 /* Completer Abort */
-#define PCI_ERR_UNC_UNX_COMP 0x00010000 /* Unexpected Completion */
-#define PCI_ERR_UNC_RX_OVER 0x00020000 /* Receiver Overflow */
-#define PCI_ERR_UNC_MALF_TLP 0x00040000 /* Malformed TLP */
-#define PCI_ERR_UNC_ECRC 0x00080000 /* ECRC Error Status */
-#define PCI_ERR_UNC_UNSUP 0x00100000 /* Unsupported Request */
-#define PCI_ERR_UNCOR_MASK 8 /* Uncorrectable Error Mask */
- /* Same bits as above */
-#define PCI_ERR_UNCOR_SEVER 12 /* Uncorrectable Error Severity */
- /* Same bits as above */
-#define PCI_ERR_COR_STATUS 16 /* Correctable Error Status */
-#define PCI_ERR_COR_RCVR 0x00000001 /* Receiver Error Status */
-#define PCI_ERR_COR_BAD_TLP 0x00000040 /* Bad TLP Status */
-#define PCI_ERR_COR_BAD_DLLP 0x00000080 /* Bad DLLP Status */
-#define PCI_ERR_COR_REP_ROLL 0x00000100 /* REPLAY_NUM Rollover */
-#define PCI_ERR_COR_REP_TIMER 0x00001000 /* Replay Timer Timeout */
-#define PCI_ERR_COR_MASK 20 /* Correctable Error Mask */
- /* Same bits as above */
-#define PCI_ERR_CAP 24 /* Advanced Error Capabilities */
-#define PCI_ERR_CAP_FEP(x) ((x) & 31) /* First Error Pointer */
-#define PCI_ERR_CAP_ECRC_GENC 0x00000020 /* ECRC Generation Capable */
-#define PCI_ERR_CAP_ECRC_GENE 0x00000040 /* ECRC Generation Enable */
-#define PCI_ERR_CAP_ECRC_CHKC 0x00000080 /* ECRC Check Capable */
-#define PCI_ERR_CAP_ECRC_CHKE 0x00000100 /* ECRC Check Enable */
-#define PCI_ERR_HEADER_LOG 28 /* Header Log Register (16 bytes) */
-#define PCI_ERR_ROOT_COMMAND 44 /* Root Error Command */
-/* Correctable Err Reporting Enable */
-#define PCI_ERR_ROOT_CMD_COR_EN 0x00000001
-/* Non-fatal Err Reporting Enable */
-#define PCI_ERR_ROOT_CMD_NONFATAL_EN 0x00000002
-/* Fatal Err Reporting Enable */
-#define PCI_ERR_ROOT_CMD_FATAL_EN 0x00000004
-#define PCI_ERR_ROOT_STATUS 48
-#define PCI_ERR_ROOT_COR_RCV 0x00000001 /* ERR_COR Received */
-/* Multi ERR_COR Received */
-#define PCI_ERR_ROOT_MULTI_COR_RCV 0x00000002
-/* ERR_FATAL/NONFATAL Recevied */
-#define PCI_ERR_ROOT_UNCOR_RCV 0x00000004
-/* Multi ERR_FATAL/NONFATAL Recevied */
-#define PCI_ERR_ROOT_MULTI_UNCOR_RCV 0x00000008
-#define PCI_ERR_ROOT_FIRST_FATAL 0x00000010 /* First Fatal */
-#define PCI_ERR_ROOT_NONFATAL_RCV 0x00000020 /* Non-Fatal Received */
-#define PCI_ERR_ROOT_FATAL_RCV 0x00000040 /* Fatal Received */
-#define PCI_ERR_ROOT_ERR_SRC 52 /* Error Source Identification */
-
-/* Virtual Channel */
-#define PCI_VC_PORT_REG1 4
-#define PCI_VC_PORT_REG2 8
-#define PCI_VC_PORT_CTRL 12
-#define PCI_VC_PORT_STATUS 14
-#define PCI_VC_RES_CAP 16
-#define PCI_VC_RES_CTRL 20
-#define PCI_VC_RES_STATUS 26
-
-/* Power Budgeting */
-#define PCI_PWR_DSR 4 /* Data Select Register */
-#define PCI_PWR_DATA 8 /* Data Register */
-#define PCI_PWR_DATA_BASE(x) ((x) & 0xff) /* Base Power */
-#define PCI_PWR_DATA_SCALE(x) (((x) >> 8) & 3) /* Data Scale */
-#define PCI_PWR_DATA_PM_SUB(x) (((x) >> 10) & 7) /* PM Sub State */
-#define PCI_PWR_DATA_PM_STATE(x) (((x) >> 13) & 3) /* PM State */
-#define PCI_PWR_DATA_TYPE(x) (((x) >> 15) & 7) /* Type */
-#define PCI_PWR_DATA_RAIL(x) (((x) >> 18) & 7) /* Power Rail */
-#define PCI_PWR_CAP 12 /* Capability */
-#define PCI_PWR_CAP_BUDGET(x) ((x) & 1) /* Included in system budget */
-
-/*
- * Hypertransport sub capability types
- *
- * Unfortunately there are both 3 bit and 5 bit capability types defined
- * in the HT spec, catering for that is a little messy. You probably don't
- * want to use these directly, just use pci_find_ht_capability() and it
- * will do the right thing for you.
- */
-#define HT_3BIT_CAP_MASK 0xE0
-#define HT_CAPTYPE_SLAVE 0x00 /* Slave/Primary link configuration */
-#define HT_CAPTYPE_HOST 0x20 /* Host/Secondary link configuration */
-
-#define HT_5BIT_CAP_MASK 0xF8
-#define HT_CAPTYPE_IRQ 0x80 /* IRQ Configuration */
-#define HT_CAPTYPE_REMAPPING_40 0xA0 /* 40 bit address remapping */
-#define HT_CAPTYPE_REMAPPING_64 0xA2 /* 64 bit address remapping */
-#define HT_CAPTYPE_UNITID_CLUMP 0x90 /* Unit ID clumping */
-#define HT_CAPTYPE_EXTCONF 0x98 /* Extended Configuration Space Access */
-#define HT_CAPTYPE_MSI_MAPPING 0xA8 /* MSI Mapping Capability */
-#define HT_MSI_FLAGS 0x02 /* Offset to flags */
-#define HT_MSI_FLAGS_ENABLE 0x1 /* Mapping enable */
-#define HT_MSI_FLAGS_FIXED 0x2 /* Fixed mapping only */
-#define HT_MSI_FIXED_ADDR 0x00000000FEE00000ULL /* Fixed addr */
-#define HT_MSI_ADDR_LO 0x04 /* Offset to low addr bits */
-#define HT_MSI_ADDR_LO_MASK 0xFFF00000 /* Low address bit mask */
-#define HT_MSI_ADDR_HI 0x08 /* Offset to high addr bits */
-#define HT_CAPTYPE_DIRECT_ROUTE 0xB0 /* Direct routing configuration */
-#define HT_CAPTYPE_VCSET 0xB8 /* Virtual Channel configuration */
-#define HT_CAPTYPE_ERROR_RETRY 0xC0 /* Retry on error configuration */
-#define HT_CAPTYPE_GEN3 0xD0 /* Generation 3 hypertransport configuration */
-#define HT_CAPTYPE_PM 0xE0 /* Hypertransport powermanagement configuration */
-
-/* Alternative Routing-ID Interpretation */
-#define PCI_ARI_CAP 0x04 /* ARI Capability Register */
-#define PCI_ARI_CAP_MFVC 0x0001 /* MFVC Function Groups Capability */
-#define PCI_ARI_CAP_ACS 0x0002 /* ACS Function Groups Capability */
-#define PCI_ARI_CAP_NFN(x) (((x) >> 8) & 0xff) /* Next Function Number */
-#define PCI_ARI_CTRL 0x06 /* ARI Control Register */
-#define PCI_ARI_CTRL_MFVC 0x0001 /* MFVC Function Groups Enable */
-#define PCI_ARI_CTRL_ACS 0x0002 /* ACS Function Groups Enable */
-#define PCI_ARI_CTRL_FG(x) (((x) >> 4) & 7) /* Function Group */
-
-/* Address Translation Service */
-#define PCI_ATS_CAP 0x04 /* ATS Capability Register */
-#define PCI_ATS_CAP_QDEP(x) ((x) & 0x1f) /* Invalidate Queue Depth */
-#define PCI_ATS_MAX_QDEP 32 /* Max Invalidate Queue Depth */
-#define PCI_ATS_CTRL 0x06 /* ATS Control Register */
-#define PCI_ATS_CTRL_ENABLE 0x8000 /* ATS Enable */
-#define PCI_ATS_CTRL_STU(x) ((x) & 0x1f) /* Smallest Translation Unit */
-#define PCI_ATS_MIN_STU 12 /* shift of minimum STU block */
-
-/* Single Root I/O Virtualization */
-#define PCI_SRIOV_CAP 0x04 /* SR-IOV Capabilities */
-#define PCI_SRIOV_CAP_VFM 0x01 /* VF Migration Capable */
-#define PCI_SRIOV_CAP_INTR(x) ((x) >> 21) /* Interrupt Message Number */
-#define PCI_SRIOV_CTRL 0x08 /* SR-IOV Control */
-#define PCI_SRIOV_CTRL_VFE 0x01 /* VF Enable */
-#define PCI_SRIOV_CTRL_VFM 0x02 /* VF Migration Enable */
-#define PCI_SRIOV_CTRL_INTR 0x04 /* VF Migration Interrupt Enable */
-#define PCI_SRIOV_CTRL_MSE 0x08 /* VF Memory Space Enable */
-#define PCI_SRIOV_CTRL_ARI 0x10 /* ARI Capable Hierarchy */
-#define PCI_SRIOV_STATUS 0x0a /* SR-IOV Status */
-#define PCI_SRIOV_STATUS_VFM 0x01 /* VF Migration Status */
-#define PCI_SRIOV_INITIAL_VF 0x0c /* Initial VFs */
-#define PCI_SRIOV_TOTAL_VF 0x0e /* Total VFs */
-#define PCI_SRIOV_NUM_VF 0x10 /* Number of VFs */
-#define PCI_SRIOV_FUNC_LINK 0x12 /* Function Dependency Link */
-#define PCI_SRIOV_VF_OFFSET 0x14 /* First VF Offset */
-#define PCI_SRIOV_VF_STRIDE 0x16 /* Following VF Stride */
-#define PCI_SRIOV_VF_DID 0x1a /* VF Device ID */
-#define PCI_SRIOV_SUP_PGSIZE 0x1c /* Supported Page Sizes */
-#define PCI_SRIOV_SYS_PGSIZE 0x20 /* System Page Size */
-#define PCI_SRIOV_BAR 0x24 /* VF BAR0 */
-#define PCI_SRIOV_NUM_BARS 6 /* Number of VF BARs */
-#define PCI_SRIOV_VFM 0x3c /* VF Migration State Array Offset*/
-#define PCI_SRIOV_VFM_BIR(x) ((x) & 7) /* State BIR */
-#define PCI_SRIOV_VFM_OFFSET(x) ((x) & ~7) /* State Offset */
-#define PCI_SRIOV_VFM_UA 0x0 /* Inactive.Unavailable */
-#define PCI_SRIOV_VFM_MI 0x1 /* Dormant.MigrateIn */
-#define PCI_SRIOV_VFM_MO 0x2 /* Active.MigrateOut */
-#define PCI_SRIOV_VFM_AV 0x3 /* Active.Available */
-
-#define PCI_LTR_MAX_SNOOP_LAT 0x4
-#define PCI_LTR_MAX_NOSNOOP_LAT 0x6
-#define PCI_LTR_VALUE_MASK 0x000003ff
-#define PCI_LTR_SCALE_MASK 0x00001c00
-#define PCI_LTR_SCALE_SHIFT 10
-
-/* Access Control Service */
-#define PCI_ACS_CAP 0x04 /* ACS Capability Register */
-#define PCI_ACS_SV 0x01 /* Source Validation */
-#define PCI_ACS_TB 0x02 /* Translation Blocking */
-#define PCI_ACS_RR 0x04 /* P2P Request Redirect */
-#define PCI_ACS_CR 0x08 /* P2P Completion Redirect */
-#define PCI_ACS_UF 0x10 /* Upstream Forwarding */
-#define PCI_ACS_EC 0x20 /* P2P Egress Control */
-#define PCI_ACS_DT 0x40 /* Direct Translated P2P */
-#define PCI_ACS_CTRL 0x06 /* ACS Control Register */
-#define PCI_ACS_EGRESS_CTL_V 0x08 /* ACS Egress Control Vector */
-
-#endif /* LINUX_PCI_REGS_H */
diff --git a/hw/pcie.c b/hw/pcie.c
deleted file mode 100644
index 7c92f193e..000000000
--- a/hw/pcie.c
+++ /dev/null
@@ -1,555 +0,0 @@
-/*
- * pcie.c
- *
- * Copyright (c) 2010 Isaku Yamahata <yamahata at valinux co jp>
- * VA Linux Systems Japan K.K.
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, see <http://www.gnu.org/licenses/>.
- */
-
-#include "qemu-common.h"
-#include "pci_bridge.h"
-#include "pcie.h"
-#include "msix.h"
-#include "msi.h"
-#include "pci_internals.h"
-#include "pcie_regs.h"
-#include "range.h"
-
-//#define DEBUG_PCIE
-#ifdef DEBUG_PCIE
-# define PCIE_DPRINTF(fmt, ...) \
- fprintf(stderr, "%s:%d " fmt, __func__, __LINE__, ## __VA_ARGS__)
-#else
-# define PCIE_DPRINTF(fmt, ...) do {} while (0)
-#endif
-#define PCIE_DEV_PRINTF(dev, fmt, ...) \
- PCIE_DPRINTF("%s:%x "fmt, (dev)->name, (dev)->devfn, ## __VA_ARGS__)
-
-
-/***************************************************************************
- * pci express capability helper functions
- */
-int pcie_cap_init(PCIDevice *dev, uint8_t offset, uint8_t type, uint8_t port)
-{
- int pos;
- uint8_t *exp_cap;
-
- assert(pci_is_express(dev));
-
- pos = pci_add_capability(dev, PCI_CAP_ID_EXP, offset,
- PCI_EXP_VER2_SIZEOF);
- if (pos < 0) {
- return pos;
- }
- dev->exp.exp_cap = pos;
- exp_cap = dev->config + pos;
-
- /* capability register
- interrupt message number defaults to 0 */
- pci_set_word(exp_cap + PCI_EXP_FLAGS,
- ((type << PCI_EXP_FLAGS_TYPE_SHIFT) & PCI_EXP_FLAGS_TYPE) |
- PCI_EXP_FLAGS_VER2);
-
- /* device capability register
- * table 7-12:
- * roll based error reporting bit must be set by all
- * Functions conforming to the ECN, PCI Express Base
- * Specification, Revision 1.1., or subsequent PCI Express Base
- * Specification revisions.
- */
- pci_set_long(exp_cap + PCI_EXP_DEVCAP, PCI_EXP_DEVCAP_RBER);
-
- pci_set_long(exp_cap + PCI_EXP_LNKCAP,
- (port << PCI_EXP_LNKCAP_PN_SHIFT) |
- PCI_EXP_LNKCAP_ASPMS_0S |
- PCI_EXP_LNK_MLW_1 |
- PCI_EXP_LNK_LS_25);
-
- pci_set_word(exp_cap + PCI_EXP_LNKSTA,
- PCI_EXP_LNK_MLW_1 | PCI_EXP_LNK_LS_25);
-
- pci_set_long(exp_cap + PCI_EXP_DEVCAP2,
- PCI_EXP_DEVCAP2_EFF | PCI_EXP_DEVCAP2_EETLPP);
-
- pci_set_word(dev->wmask + pos, PCI_EXP_DEVCTL2_EETLPPB);
- return pos;
-}
-
-void pcie_cap_exit(PCIDevice *dev)
-{
- pci_del_capability(dev, PCI_CAP_ID_EXP, PCI_EXP_VER2_SIZEOF);
-}
-
-uint8_t pcie_cap_get_type(const PCIDevice *dev)
-{
- uint32_t pos = dev->exp.exp_cap;
- assert(pos > 0);
- return (pci_get_word(dev->config + pos + PCI_EXP_FLAGS) &
- PCI_EXP_FLAGS_TYPE) >> PCI_EXP_FLAGS_TYPE_SHIFT;
-}
-
-/* MSI/MSI-X */
-/* pci express interrupt message number */
-/* 7.8.2 PCI Express Capabilities Register: Interrupt Message Number */
-void pcie_cap_flags_set_vector(PCIDevice *dev, uint8_t vector)
-{
- uint8_t *exp_cap = dev->config + dev->exp.exp_cap;
- assert(vector < 32);
- pci_word_test_and_clear_mask(exp_cap + PCI_EXP_FLAGS, PCI_EXP_FLAGS_IRQ);
- pci_word_test_and_set_mask(exp_cap + PCI_EXP_FLAGS,
- vector << PCI_EXP_FLAGS_IRQ_SHIFT);
-}
-
-uint8_t pcie_cap_flags_get_vector(PCIDevice *dev)
-{
- return (pci_get_word(dev->config + dev->exp.exp_cap + PCI_EXP_FLAGS) &
- PCI_EXP_FLAGS_IRQ) >> PCI_EXP_FLAGS_IRQ_SHIFT;
-}
-
-void pcie_cap_deverr_init(PCIDevice *dev)
-{
- uint32_t pos = dev->exp.exp_cap;
- pci_long_test_and_set_mask(dev->config + pos + PCI_EXP_DEVCAP,
- PCI_EXP_DEVCAP_RBER);
- pci_long_test_and_set_mask(dev->wmask + pos + PCI_EXP_DEVCTL,
- PCI_EXP_DEVCTL_CERE | PCI_EXP_DEVCTL_NFERE |
- PCI_EXP_DEVCTL_FERE | PCI_EXP_DEVCTL_URRE);
- pci_long_test_and_set_mask(dev->w1cmask + pos + PCI_EXP_DEVSTA,
- PCI_EXP_DEVSTA_CED | PCI_EXP_DEVSTA_NFED |
- PCI_EXP_DEVSTA_URD | PCI_EXP_DEVSTA_URD);
-}
-
-void pcie_cap_deverr_reset(PCIDevice *dev)
-{
- uint8_t *devctl = dev->config + dev->exp.exp_cap + PCI_EXP_DEVCTL;
- pci_long_test_and_clear_mask(devctl,
- PCI_EXP_DEVCTL_CERE | PCI_EXP_DEVCTL_NFERE |
- PCI_EXP_DEVCTL_FERE | PCI_EXP_DEVCTL_URRE);
-}
-
-static void hotplug_event_update_event_status(PCIDevice *dev)
-{
- uint32_t pos = dev->exp.exp_cap;
- uint8_t *exp_cap = dev->config + pos;
- uint16_t sltctl = pci_get_word(exp_cap + PCI_EXP_SLTCTL);
- uint16_t sltsta = pci_get_word(exp_cap + PCI_EXP_SLTSTA);
-
- dev->exp.hpev_notified = (sltctl & PCI_EXP_SLTCTL_HPIE) &&
- (sltsta & sltctl & PCI_EXP_HP_EV_SUPPORTED);
-}
-
-static void hotplug_event_notify(PCIDevice *dev)
-{
- bool prev = dev->exp.hpev_notified;
-
- hotplug_event_update_event_status(dev);
-
- if (prev == dev->exp.hpev_notified) {
- return;
- }
-
- /* Note: the logic above does not take into account whether interrupts
- * are masked. The result is that interrupt will be sent when it is
- * subsequently unmasked. This appears to be legal: Section 6.7.3.4:
- * The Port may optionally send an MSI when there are hot-plug events that
- * occur while interrupt generation is disabled, and interrupt generation is
- * subsequently enabled. */
- if (msix_enabled(dev)) {
- msix_notify(dev, pcie_cap_flags_get_vector(dev));
- } else if (msi_enabled(dev)) {
- msi_notify(dev, pcie_cap_flags_get_vector(dev));
- } else {
- qemu_set_irq(dev->irq[dev->exp.hpev_intx], dev->exp.hpev_notified);
- }
-}
-
-static void hotplug_event_clear(PCIDevice *dev)
-{
- hotplug_event_update_event_status(dev);
- if (!msix_enabled(dev) && !msi_enabled(dev) && !dev->exp.hpev_notified) {
- qemu_set_irq(dev->irq[dev->exp.hpev_intx], 0);
- }
-}
-
-/*
- * A PCI Express Hot-Plug Event has occurred, so update slot status register
- * and notify OS of the event if necessary.
- *
- * 6.7.3 PCI Express Hot-Plug Events
- * 6.7.3.4 Software Notification of Hot-Plug Events
- */
-static void pcie_cap_slot_event(PCIDevice *dev, PCIExpressHotPlugEvent event)
-{
- /* Minor optimization: if nothing changed - no event is needed. */
- if (pci_word_test_and_set_mask(dev->config + dev->exp.exp_cap +
- PCI_EXP_SLTSTA, event)) {
- return;
- }
- hotplug_event_notify(dev);
-}
-
-static int pcie_cap_slot_hotplug(DeviceState *qdev,
- PCIDevice *pci_dev, PCIHotplugState state)
-{
- PCIDevice *d = PCI_DEVICE(qdev);
- uint8_t *exp_cap = d->config + d->exp.exp_cap;
- uint16_t sltsta = pci_get_word(exp_cap + PCI_EXP_SLTSTA);
-
- /* Don't send event when device is enabled during qemu machine creation:
- * it is present on boot, no hotplug event is necessary. We do send an
- * event when the device is disabled later. */
- if (state == PCI_COLDPLUG_ENABLED) {
- pci_word_test_and_set_mask(exp_cap + PCI_EXP_SLTSTA,
- PCI_EXP_SLTSTA_PDS);
- return 0;
- }
-
- PCIE_DEV_PRINTF(pci_dev, "hotplug state: %d\n", state);
- if (sltsta & PCI_EXP_SLTSTA_EIS) {
- /* the slot is electromechanically locked.
- * This error is propagated up to qdev and then to HMP/QMP.
- */
- return -EBUSY;
- }
-
- /* TODO: multifunction hot-plug.
- * Right now, only a device of function = 0 is allowed to be
- * hot plugged/unplugged.
- */
- assert(PCI_FUNC(pci_dev->devfn) == 0);
-
- if (state == PCI_HOTPLUG_ENABLED) {
- pci_word_test_and_set_mask(exp_cap + PCI_EXP_SLTSTA,
- PCI_EXP_SLTSTA_PDS);
- pcie_cap_slot_event(d, PCI_EXP_HP_EV_PDC);
- } else {
- qdev_free(&pci_dev->qdev);
- pci_word_test_and_clear_mask(exp_cap + PCI_EXP_SLTSTA,
- PCI_EXP_SLTSTA_PDS);
- pcie_cap_slot_event(d, PCI_EXP_HP_EV_PDC);
- }
- return 0;
-}
-
-/* pci express slot for pci express root/downstream port
- PCI express capability slot registers */
-void pcie_cap_slot_init(PCIDevice *dev, uint16_t slot)
-{
- uint32_t pos = dev->exp.exp_cap;
-
- pci_word_test_and_set_mask(dev->config + pos + PCI_EXP_FLAGS,
- PCI_EXP_FLAGS_SLOT);
-
- pci_long_test_and_clear_mask(dev->config + pos + PCI_EXP_SLTCAP,
- ~PCI_EXP_SLTCAP_PSN);
- pci_long_test_and_set_mask(dev->config + pos + PCI_EXP_SLTCAP,
- (slot << PCI_EXP_SLTCAP_PSN_SHIFT) |
- PCI_EXP_SLTCAP_EIP |
- PCI_EXP_SLTCAP_HPS |
- PCI_EXP_SLTCAP_HPC |
- PCI_EXP_SLTCAP_PIP |
- PCI_EXP_SLTCAP_AIP |
- PCI_EXP_SLTCAP_ABP);
-
- pci_word_test_and_clear_mask(dev->config + pos + PCI_EXP_SLTCTL,
- PCI_EXP_SLTCTL_PIC |
- PCI_EXP_SLTCTL_AIC);
- pci_word_test_and_set_mask(dev->config + pos + PCI_EXP_SLTCTL,
- PCI_EXP_SLTCTL_PIC_OFF |
- PCI_EXP_SLTCTL_AIC_OFF);
- pci_word_test_and_set_mask(dev->wmask + pos + PCI_EXP_SLTCTL,
- PCI_EXP_SLTCTL_PIC |
- PCI_EXP_SLTCTL_AIC |
- PCI_EXP_SLTCTL_HPIE |
- PCI_EXP_SLTCTL_CCIE |
- PCI_EXP_SLTCTL_PDCE |
- PCI_EXP_SLTCTL_ABPE);
- /* Although reading PCI_EXP_SLTCTL_EIC returns always 0,
- * make the bit writable here in order to detect 1b is written.
- * pcie_cap_slot_write_config() test-and-clear the bit, so
- * this bit always returns 0 to the guest.
- */
- pci_word_test_and_set_mask(dev->wmask + pos + PCI_EXP_SLTCTL,
- PCI_EXP_SLTCTL_EIC);
-
- pci_word_test_and_set_mask(dev->w1cmask + pos + PCI_EXP_SLTSTA,
- PCI_EXP_HP_EV_SUPPORTED);
-
- dev->exp.hpev_notified = false;
-
- pci_bus_hotplug(pci_bridge_get_sec_bus(DO_UPCAST(PCIBridge, dev, dev)),
- pcie_cap_slot_hotplug, &dev->qdev);
-}
-
-void pcie_cap_slot_reset(PCIDevice *dev)
-{
- uint8_t *exp_cap = dev->config + dev->exp.exp_cap;
-
- PCIE_DEV_PRINTF(dev, "reset\n");
-
- pci_word_test_and_clear_mask(exp_cap + PCI_EXP_SLTCTL,
- PCI_EXP_SLTCTL_EIC |
- PCI_EXP_SLTCTL_PIC |
- PCI_EXP_SLTCTL_AIC |
- PCI_EXP_SLTCTL_HPIE |
- PCI_EXP_SLTCTL_CCIE |
- PCI_EXP_SLTCTL_PDCE |
- PCI_EXP_SLTCTL_ABPE);
- pci_word_test_and_set_mask(exp_cap + PCI_EXP_SLTCTL,
- PCI_EXP_SLTCTL_PIC_OFF |
- PCI_EXP_SLTCTL_AIC_OFF);
-
- pci_word_test_and_clear_mask(exp_cap + PCI_EXP_SLTSTA,
- PCI_EXP_SLTSTA_EIS |/* on reset,
- the lock is released */
- PCI_EXP_SLTSTA_CC |
- PCI_EXP_SLTSTA_PDC |
- PCI_EXP_SLTSTA_ABP);
-
- hotplug_event_update_event_status(dev);
-}
-
-void pcie_cap_slot_write_config(PCIDevice *dev,
- uint32_t addr, uint32_t val, int len)
-{
- uint32_t pos = dev->exp.exp_cap;
- uint8_t *exp_cap = dev->config + pos;
- uint16_t sltsta = pci_get_word(exp_cap + PCI_EXP_SLTSTA);
-
- if (ranges_overlap(addr, len, pos + PCI_EXP_SLTSTA, 2)) {
- hotplug_event_clear(dev);
- }
-
- if (!ranges_overlap(addr, len, pos + PCI_EXP_SLTCTL, 2)) {
- return;
- }
-
- if (pci_word_test_and_clear_mask(exp_cap + PCI_EXP_SLTCTL,
- PCI_EXP_SLTCTL_EIC)) {
- sltsta ^= PCI_EXP_SLTSTA_EIS; /* toggle PCI_EXP_SLTSTA_EIS bit */
- pci_set_word(exp_cap + PCI_EXP_SLTSTA, sltsta);
- PCIE_DEV_PRINTF(dev, "PCI_EXP_SLTCTL_EIC: "
- "sltsta -> 0x%02"PRIx16"\n",
- sltsta);
- }
-
- hotplug_event_notify(dev);
-
- /*
- * 6.7.3.2 Command Completed Events
- *
- * Software issues a command to a hot-plug capable Downstream Port by
- * issuing a write transaction that targets any portion of the Port’s Slot
- * Control register. A single write to the Slot Control register is
- * considered to be a single command, even if the write affects more than
- * one field in the Slot Control register. In response to this transaction,
- * the Port must carry out the requested actions and then set the
- * associated status field for the command completed event. */
-
- /* Real hardware might take a while to complete requested command because
- * physical movement would be involved like locking the electromechanical
- * lock. However in our case, command is completed instantaneously above,
- * so send a command completion event right now.
- */
- pcie_cap_slot_event(dev, PCI_EXP_HP_EV_CCI);
-}
-
-int pcie_cap_slot_post_load(void *opaque, int version_id)
-{
- PCIDevice *dev = opaque;
- hotplug_event_update_event_status(dev);
- return 0;
-}
-
-void pcie_cap_slot_push_attention_button(PCIDevice *dev)
-{
- pcie_cap_slot_event(dev, PCI_EXP_HP_EV_ABP);
-}
-
-/* root control/capabilities/status. PME isn't emulated for now */
-void pcie_cap_root_init(PCIDevice *dev)
-{
- pci_set_word(dev->wmask + dev->exp.exp_cap + PCI_EXP_RTCTL,
- PCI_EXP_RTCTL_SECEE | PCI_EXP_RTCTL_SENFEE |
- PCI_EXP_RTCTL_SEFEE);
-}
-
-void pcie_cap_root_reset(PCIDevice *dev)
-{
- pci_set_word(dev->config + dev->exp.exp_cap + PCI_EXP_RTCTL, 0);
-}
-
-/* function level reset(FLR) */
-void pcie_cap_flr_init(PCIDevice *dev)
-{
- pci_long_test_and_set_mask(dev->config + dev->exp.exp_cap + PCI_EXP_DEVCAP,
- PCI_EXP_DEVCAP_FLR);
-
- /* Although reading BCR_FLR returns always 0,
- * the bit is made writable here in order to detect the 1b is written
- * pcie_cap_flr_write_config() test-and-clear the bit, so
- * this bit always returns 0 to the guest.
- */
- pci_word_test_and_set_mask(dev->wmask + dev->exp.exp_cap + PCI_EXP_DEVCTL,
- PCI_EXP_DEVCTL_BCR_FLR);
-}
-
-void pcie_cap_flr_write_config(PCIDevice *dev,
- uint32_t addr, uint32_t val, int len)
-{
- uint8_t *devctl = dev->config + dev->exp.exp_cap + PCI_EXP_DEVCTL;
- if (pci_get_word(devctl) & PCI_EXP_DEVCTL_BCR_FLR) {
- /* Clear PCI_EXP_DEVCTL_BCR_FLR after invoking the reset handler
- so the handler can detect FLR by looking at this bit. */
- pci_device_reset(dev);
- pci_word_test_and_clear_mask(devctl, PCI_EXP_DEVCTL_BCR_FLR);
- }
-}
-
-/* Alternative Routing-ID Interpretation (ARI) */
-/* ari forwarding support for down stream port */
-void pcie_cap_ari_init(PCIDevice *dev)
-{
- uint32_t pos = dev->exp.exp_cap;
- pci_long_test_and_set_mask(dev->config + pos + PCI_EXP_DEVCAP2,
- PCI_EXP_DEVCAP2_ARI);
- pci_long_test_and_set_mask(dev->wmask + pos + PCI_EXP_DEVCTL2,
- PCI_EXP_DEVCTL2_ARI);
-}
-
-void pcie_cap_ari_reset(PCIDevice *dev)
-{
- uint8_t *devctl2 = dev->config + dev->exp.exp_cap + PCI_EXP_DEVCTL2;
- pci_long_test_and_clear_mask(devctl2, PCI_EXP_DEVCTL2_ARI);
-}
-
-bool pcie_cap_is_ari_enabled(const PCIDevice *dev)
-{
- if (!pci_is_express(dev)) {
- return false;
- }
- if (!dev->exp.exp_cap) {
- return false;
- }
-
- return pci_get_long(dev->config + dev->exp.exp_cap + PCI_EXP_DEVCTL2) &
- PCI_EXP_DEVCTL2_ARI;
-}
-
-/**************************************************************************
- * pci express extended capability allocation functions
- * uint16_t ext_cap_id (16 bit)
- * uint8_t cap_ver (4 bit)
- * uint16_t cap_offset (12 bit)
- * uint16_t ext_cap_size
- */
-
-static uint16_t pcie_find_capability_list(PCIDevice *dev, uint16_t cap_id,
- uint16_t *prev_p)
-{
- uint16_t prev = 0;
- uint16_t next;
- uint32_t header = pci_get_long(dev->config + PCI_CONFIG_SPACE_SIZE);
-
- if (!header) {
- /* no extended capability */
- next = 0;
- goto out;
- }
- for (next = PCI_CONFIG_SPACE_SIZE; next;
- prev = next, next = PCI_EXT_CAP_NEXT(header)) {
-
- assert(next >= PCI_CONFIG_SPACE_SIZE);
- assert(next <= PCIE_CONFIG_SPACE_SIZE - 8);
-
- header = pci_get_long(dev->config + next);
- if (PCI_EXT_CAP_ID(header) == cap_id) {
- break;
- }
- }
-
-out:
- if (prev_p) {
- *prev_p = prev;
- }
- return next;
-}
-
-uint16_t pcie_find_capability(PCIDevice *dev, uint16_t cap_id)
-{
- return pcie_find_capability_list(dev, cap_id, NULL);
-}
-
-static void pcie_ext_cap_set_next(PCIDevice *dev, uint16_t pos, uint16_t next)
-{
- uint16_t header = pci_get_long(dev->config + pos);
- assert(!(next & (PCI_EXT_CAP_ALIGN - 1)));
- header = (header & ~PCI_EXT_CAP_NEXT_MASK) |
- ((next << PCI_EXT_CAP_NEXT_SHIFT) & PCI_EXT_CAP_NEXT_MASK);
- pci_set_long(dev->config + pos, header);
-}
-
-/*
- * caller must supply valid (offset, size) * such that the range shouldn't
- * overlap with other capability or other registers.
- * This function doesn't check it.
- */
-void pcie_add_capability(PCIDevice *dev,
- uint16_t cap_id, uint8_t cap_ver,
- uint16_t offset, uint16_t size)
-{
- uint32_t header;
- uint16_t next;
-
- assert(offset >= PCI_CONFIG_SPACE_SIZE);
- assert(offset < offset + size);
- assert(offset + size < PCIE_CONFIG_SPACE_SIZE);
- assert(size >= 8);
- assert(pci_is_express(dev));
-
- if (offset == PCI_CONFIG_SPACE_SIZE) {
- header = pci_get_long(dev->config + offset);
- next = PCI_EXT_CAP_NEXT(header);
- } else {
- uint16_t prev;
-
- /* 0 is reserved cap id. use internally to find the last capability
- in the linked list */
- next = pcie_find_capability_list(dev, 0, &prev);
-
- assert(prev >= PCI_CONFIG_SPACE_SIZE);
- assert(next == 0);
- pcie_ext_cap_set_next(dev, prev, offset);
- }
- pci_set_long(dev->config + offset, PCI_EXT_CAP(cap_id, cap_ver, next));
-
- /* Make capability read-only by default */
- memset(dev->wmask + offset, 0, size);
- memset(dev->w1cmask + offset, 0, size);
- /* Check capability by default */
- memset(dev->cmask + offset, 0xFF, size);
-}
-
-/**************************************************************************
- * pci express extended capability helper functions
- */
-
-/* ARI */
-void pcie_ari_init(PCIDevice *dev, uint16_t offset, uint16_t nextfn)
-{
- pcie_add_capability(dev, PCI_EXT_CAP_ID_ARI, PCI_ARI_VER,
- offset, PCI_ARI_SIZEOF);
- pci_set_long(dev->config + offset + PCI_ARI_CAP, PCI_ARI_CAP_NFN(nextfn));
-}
diff --git a/hw/pcie.h b/hw/pcie.h
deleted file mode 100644
index 4889194ae..000000000
--- a/hw/pcie.h
+++ /dev/null
@@ -1,142 +0,0 @@
-/*
- * pcie.h
- *
- * Copyright (c) 2010 Isaku Yamahata <yamahata at valinux co jp>
- * VA Linux Systems Japan K.K.
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, see <http://www.gnu.org/licenses/>.
- */
-
-#ifndef QEMU_PCIE_H
-#define QEMU_PCIE_H
-
-#include "hw.h"
-#include "pci_regs.h"
-#include "pcie_regs.h"
-#include "pcie_aer.h"
-
-typedef enum {
- /* for attention and power indicator */
- PCI_EXP_HP_IND_RESERVED = PCI_EXP_SLTCTL_IND_RESERVED,
- PCI_EXP_HP_IND_ON = PCI_EXP_SLTCTL_IND_ON,
- PCI_EXP_HP_IND_BLINK = PCI_EXP_SLTCTL_IND_BLINK,
- PCI_EXP_HP_IND_OFF = PCI_EXP_SLTCTL_IND_OFF,
-} PCIExpressIndicator;
-
-typedef enum {
- /* these bits must match the bits in Slot Control/Status registers.
- * PCI_EXP_HP_EV_xxx = PCI_EXP_SLTCTL_xxxE = PCI_EXP_SLTSTA_xxx
- *
- * Not all the bits of slot control register match with the ones of
- * slot status. Not some bits of slot status register is used to
- * show status, not to report event occurrence.
- * So such bits must be masked out when checking the software
- * notification condition.
- */
- PCI_EXP_HP_EV_ABP = PCI_EXP_SLTCTL_ABPE,
- /* attention button pressed */
- PCI_EXP_HP_EV_PDC = PCI_EXP_SLTCTL_PDCE,
- /* presence detect changed */
- PCI_EXP_HP_EV_CCI = PCI_EXP_SLTCTL_CCIE,
- /* command completed */
-
- PCI_EXP_HP_EV_SUPPORTED = PCI_EXP_HP_EV_ABP |
- PCI_EXP_HP_EV_PDC |
- PCI_EXP_HP_EV_CCI,
- /* supported event mask */
-
- /* events not listed aren't supported */
-} PCIExpressHotPlugEvent;
-
-struct PCIExpressDevice {
- /* Offset of express capability in config space */
- uint8_t exp_cap;
-
- /* SLOT */
- unsigned int hpev_intx; /* INTx for hot plug event (0-3:INT[A-D]#)
- * default is 0 = INTA#
- * If the chip wants to use other interrupt
- * line, initialize this member with the
- * desired number.
- * If the chip dynamically changes this member,
- * also initialize it when loaded as
- * appropreately.
- */
- bool hpev_notified; /* Logical AND of conditions for hot plug event.
- Following 6.7.3.4:
- Software Notification of Hot-Plug Events, an interrupt
- is sent whenever the logical and of these conditions
- transitions from false to true. */
-
- /* AER */
- uint16_t aer_cap;
- PCIEAERLog aer_log;
- unsigned int aer_intx; /* INTx for error reporting
- * default is 0 = INTA#
- * If the chip wants to use other interrupt
- * line, initialize this member with the
- * desired number.
- * If the chip dynamically changes this member,
- * also initialize it when loaded as
- * appropreately.
- */
-};
-
-/* PCI express capability helper functions */
-int pcie_cap_init(PCIDevice *dev, uint8_t offset, uint8_t type, uint8_t port);
-void pcie_cap_exit(PCIDevice *dev);
-uint8_t pcie_cap_get_type(const PCIDevice *dev);
-void pcie_cap_flags_set_vector(PCIDevice *dev, uint8_t vector);
-uint8_t pcie_cap_flags_get_vector(PCIDevice *dev);
-
-void pcie_cap_deverr_init(PCIDevice *dev);
-void pcie_cap_deverr_reset(PCIDevice *dev);
-
-void pcie_cap_slot_init(PCIDevice *dev, uint16_t slot);
-void pcie_cap_slot_reset(PCIDevice *dev);
-void pcie_cap_slot_write_config(PCIDevice *dev,
- uint32_t addr, uint32_t val, int len);
-int pcie_cap_slot_post_load(void *opaque, int version_id);
-void pcie_cap_slot_push_attention_button(PCIDevice *dev);
-
-void pcie_cap_root_init(PCIDevice *dev);
-void pcie_cap_root_reset(PCIDevice *dev);
-
-void pcie_cap_flr_init(PCIDevice *dev);
-void pcie_cap_flr_write_config(PCIDevice *dev,
- uint32_t addr, uint32_t val, int len);
-
-void pcie_cap_ari_init(PCIDevice *dev);
-void pcie_cap_ari_reset(PCIDevice *dev);
-bool pcie_cap_is_ari_enabled(const PCIDevice *dev);
-
-/* PCI express extended capability helper functions */
-uint16_t pcie_find_capability(PCIDevice *dev, uint16_t cap_id);
-void pcie_add_capability(PCIDevice *dev,
- uint16_t cap_id, uint8_t cap_ver,
- uint16_t offset, uint16_t size);
-
-void pcie_ari_init(PCIDevice *dev, uint16_t offset, uint16_t nextfn);
-
-extern const VMStateDescription vmstate_pcie_device;
-
-#define VMSTATE_PCIE_DEVICE(_field, _state) { \
- .name = (stringify(_field)), \
- .size = sizeof(PCIDevice), \
- .vmsd = &vmstate_pcie_device, \
- .flags = VMS_STRUCT, \
- .offset = vmstate_offset_value(_state, _field, PCIDevice), \
-}
-
-#endif /* QEMU_PCIE_H */
diff --git a/hw/pcie_aer.c b/hw/pcie_aer.c
deleted file mode 100644
index b04c164e2..000000000
--- a/hw/pcie_aer.c
+++ /dev/null
@@ -1,1032 +0,0 @@
-/*
- * pcie_aer.c
- *
- * Copyright (c) 2010 Isaku Yamahata <yamahata at valinux co jp>
- * VA Linux Systems Japan K.K.
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, see <http://www.gnu.org/licenses/>.
- */
-
-#include "sysemu.h"
-#include "qemu-objects.h"
-#include "monitor.h"
-#include "pci_bridge.h"
-#include "pcie.h"
-#include "msix.h"
-#include "msi.h"
-#include "pci_internals.h"
-#include "pcie_regs.h"
-
-//#define DEBUG_PCIE
-#ifdef DEBUG_PCIE
-# define PCIE_DPRINTF(fmt, ...) \
- fprintf(stderr, "%s:%d " fmt, __func__, __LINE__, ## __VA_ARGS__)
-#else
-# define PCIE_DPRINTF(fmt, ...) do {} while (0)
-#endif
-#define PCIE_DEV_PRINTF(dev, fmt, ...) \
- PCIE_DPRINTF("%s:%x "fmt, (dev)->name, (dev)->devfn, ## __VA_ARGS__)
-
-#define PCI_ERR_SRC_COR_OFFS 0
-#define PCI_ERR_SRC_UNCOR_OFFS 2
-
-/* From 6.2.7 Error Listing and Rules. Table 6-2, 6-3 and 6-4 */
-static uint32_t pcie_aer_uncor_default_severity(uint32_t status)
-{
- switch (status) {
- case PCI_ERR_UNC_INTN:
- case PCI_ERR_UNC_DLP:
- case PCI_ERR_UNC_SDN:
- case PCI_ERR_UNC_RX_OVER:
- case PCI_ERR_UNC_FCP:
- case PCI_ERR_UNC_MALF_TLP:
- return PCI_ERR_ROOT_CMD_FATAL_EN;
- case PCI_ERR_UNC_POISON_TLP:
- case PCI_ERR_UNC_ECRC:
- case PCI_ERR_UNC_UNSUP:
- case PCI_ERR_UNC_COMP_TIME:
- case PCI_ERR_UNC_COMP_ABORT:
- case PCI_ERR_UNC_UNX_COMP:
- case PCI_ERR_UNC_ACSV:
- case PCI_ERR_UNC_MCBTLP:
- case PCI_ERR_UNC_ATOP_EBLOCKED:
- case PCI_ERR_UNC_TLP_PRF_BLOCKED:
- return PCI_ERR_ROOT_CMD_NONFATAL_EN;
- default:
- abort();
- break;
- }
- return PCI_ERR_ROOT_CMD_FATAL_EN;
-}
-
-static int aer_log_add_err(PCIEAERLog *aer_log, const PCIEAERErr *err)
-{
- if (aer_log->log_num == aer_log->log_max) {
- return -1;
- }
- memcpy(&aer_log->log[aer_log->log_num], err, sizeof *err);
- aer_log->log_num++;
- return 0;
-}
-
-static void aer_log_del_err(PCIEAERLog *aer_log, PCIEAERErr *err)
-{
- assert(aer_log->log_num);
- *err = aer_log->log[0];
- aer_log->log_num--;
- memmove(&aer_log->log[0], &aer_log->log[1],
- aer_log->log_num * sizeof *err);
-}
-
-static void aer_log_clear_all_err(PCIEAERLog *aer_log)
-{
- aer_log->log_num = 0;
-}
-
-int pcie_aer_init(PCIDevice *dev, uint16_t offset)
-{
- PCIExpressDevice *exp;
-
- pcie_add_capability(dev, PCI_EXT_CAP_ID_ERR, PCI_ERR_VER,
- offset, PCI_ERR_SIZEOF);
- exp = &dev->exp;
- exp->aer_cap = offset;
-
- /* log_max is property */
- if (dev->exp.aer_log.log_max == PCIE_AER_LOG_MAX_UNSET) {
- dev->exp.aer_log.log_max = PCIE_AER_LOG_MAX_DEFAULT;
- }
- /* clip down the value to avoid unreasobale memory usage */
- if (dev->exp.aer_log.log_max > PCIE_AER_LOG_MAX_LIMIT) {
- return -EINVAL;
- }
- dev->exp.aer_log.log = g_malloc0(sizeof dev->exp.aer_log.log[0] *
- dev->exp.aer_log.log_max);
-
- pci_set_long(dev->w1cmask + offset + PCI_ERR_UNCOR_STATUS,
- PCI_ERR_UNC_SUPPORTED);
-
- pci_set_long(dev->config + offset + PCI_ERR_UNCOR_SEVER,
- PCI_ERR_UNC_SEVERITY_DEFAULT);
- pci_set_long(dev->wmask + offset + PCI_ERR_UNCOR_SEVER,
- PCI_ERR_UNC_SUPPORTED);
-
- pci_long_test_and_set_mask(dev->w1cmask + offset + PCI_ERR_COR_STATUS,
- PCI_ERR_COR_STATUS);
-
- pci_set_long(dev->config + offset + PCI_ERR_COR_MASK,
- PCI_ERR_COR_MASK_DEFAULT);
- pci_set_long(dev->wmask + offset + PCI_ERR_COR_MASK,
- PCI_ERR_COR_SUPPORTED);
-
- /* capabilities and control. multiple header logging is supported */
- if (dev->exp.aer_log.log_max > 0) {
- pci_set_long(dev->config + offset + PCI_ERR_CAP,
- PCI_ERR_CAP_ECRC_GENC | PCI_ERR_CAP_ECRC_CHKC |
- PCI_ERR_CAP_MHRC);
- pci_set_long(dev->wmask + offset + PCI_ERR_CAP,
- PCI_ERR_CAP_ECRC_GENE | PCI_ERR_CAP_ECRC_CHKE |
- PCI_ERR_CAP_MHRE);
- } else {
- pci_set_long(dev->config + offset + PCI_ERR_CAP,
- PCI_ERR_CAP_ECRC_GENC | PCI_ERR_CAP_ECRC_CHKC);
- pci_set_long(dev->wmask + offset + PCI_ERR_CAP,
- PCI_ERR_CAP_ECRC_GENE | PCI_ERR_CAP_ECRC_CHKE);
- }
-
- switch (pcie_cap_get_type(dev)) {
- case PCI_EXP_TYPE_ROOT_PORT:
- /* this case will be set by pcie_aer_root_init() */
- /* fallthrough */
- case PCI_EXP_TYPE_DOWNSTREAM:
- case PCI_EXP_TYPE_UPSTREAM:
- pci_word_test_and_set_mask(dev->wmask + PCI_BRIDGE_CONTROL,
- PCI_BRIDGE_CTL_SERR);
- pci_long_test_and_set_mask(dev->w1cmask + PCI_STATUS,
- PCI_SEC_STATUS_RCV_SYSTEM_ERROR);
- break;
- default:
- /* nothing */
- break;
- }
- return 0;
-}
-
-void pcie_aer_exit(PCIDevice *dev)
-{
- g_free(dev->exp.aer_log.log);
-}
-
-static void pcie_aer_update_uncor_status(PCIDevice *dev)
-{
- uint8_t *aer_cap = dev->config + dev->exp.aer_cap;
- PCIEAERLog *aer_log = &dev->exp.aer_log;
-
- uint16_t i;
- for (i = 0; i < aer_log->log_num; i++) {
- pci_long_test_and_set_mask(aer_cap + PCI_ERR_UNCOR_STATUS,
- dev->exp.aer_log.log[i].status);
- }
-}
-
-/*
- * return value:
- * true: error message needs to be sent up
- * false: error message is masked
- *
- * 6.2.6 Error Message Control
- * Figure 6-3
- * all pci express devices part
- */
-static bool
-pcie_aer_msg_alldev(PCIDevice *dev, const PCIEAERMsg *msg)
-{
- if (!(pcie_aer_msg_is_uncor(msg) &&
- (pci_get_word(dev->config + PCI_COMMAND) & PCI_COMMAND_SERR))) {
- return false;
- }
-
- /* Signaled System Error
- *
- * 7.5.1.1 Command register
- * Bit 8 SERR# Enable
- *
- * When Set, this bit enables reporting of Non-fatal and Fatal
- * errors detected by the Function to the Root Complex. Note that
- * errors are reported if enabled either through this bit or through
- * the PCI Express specific bits in the Device Control register (see
- * Section 7.8.4).
- */
- pci_word_test_and_set_mask(dev->config + PCI_STATUS,
- PCI_STATUS_SIG_SYSTEM_ERROR);
-
- if (!(msg->severity &
- pci_get_word(dev->config + dev->exp.exp_cap + PCI_EXP_DEVCTL))) {
- return false;
- }
-
- /* send up error message */
- return true;
-}
-
-/*
- * return value:
- * true: error message is sent up
- * false: error message is masked
- *
- * 6.2.6 Error Message Control
- * Figure 6-3
- * virtual pci bridge part
- */
-static bool pcie_aer_msg_vbridge(PCIDevice *dev, const PCIEAERMsg *msg)
-{
- uint16_t bridge_control = pci_get_word(dev->config + PCI_BRIDGE_CONTROL);
-
- if (pcie_aer_msg_is_uncor(msg)) {
- /* Received System Error */
- pci_word_test_and_set_mask(dev->config + PCI_SEC_STATUS,
- PCI_SEC_STATUS_RCV_SYSTEM_ERROR);
- }
-
- if (!(bridge_control & PCI_BRIDGE_CTL_SERR)) {
- return false;
- }
- return true;
-}
-
-void pcie_aer_root_set_vector(PCIDevice *dev, unsigned int vector)
-{
- uint8_t *aer_cap = dev->config + dev->exp.aer_cap;
- assert(vector < PCI_ERR_ROOT_IRQ_MAX);
- pci_long_test_and_clear_mask(aer_cap + PCI_ERR_ROOT_STATUS,
- PCI_ERR_ROOT_IRQ);
- pci_long_test_and_set_mask(aer_cap + PCI_ERR_ROOT_STATUS,
- vector << PCI_ERR_ROOT_IRQ_SHIFT);
-}
-
-static unsigned int pcie_aer_root_get_vector(PCIDevice *dev)
-{
- uint8_t *aer_cap = dev->config + dev->exp.aer_cap;
- uint32_t root_status = pci_get_long(aer_cap + PCI_ERR_ROOT_STATUS);
- return (root_status & PCI_ERR_ROOT_IRQ) >> PCI_ERR_ROOT_IRQ_SHIFT;
-}
-
-/* Given a status register, get corresponding bits in the command register */
-static uint32_t pcie_aer_status_to_cmd(uint32_t status)
-{
- uint32_t cmd = 0;
- if (status & PCI_ERR_ROOT_COR_RCV) {
- cmd |= PCI_ERR_ROOT_CMD_COR_EN;
- }
- if (status & PCI_ERR_ROOT_NONFATAL_RCV) {
- cmd |= PCI_ERR_ROOT_CMD_NONFATAL_EN;
- }
- if (status & PCI_ERR_ROOT_FATAL_RCV) {
- cmd |= PCI_ERR_ROOT_CMD_FATAL_EN;
- }
- return cmd;
-}
-
-static void pcie_aer_root_notify(PCIDevice *dev)
-{
- if (msix_enabled(dev)) {
- msix_notify(dev, pcie_aer_root_get_vector(dev));
- } else if (msi_enabled(dev)) {
- msi_notify(dev, pcie_aer_root_get_vector(dev));
- } else {
- qemu_set_irq(dev->irq[dev->exp.aer_intx], 1);
- }
-}
-
-/*
- * 6.2.6 Error Message Control
- * Figure 6-3
- * root port part
- */
-static void pcie_aer_msg_root_port(PCIDevice *dev, const PCIEAERMsg *msg)
-{
- uint16_t cmd;
- uint8_t *aer_cap;
- uint32_t root_cmd;
- uint32_t root_status, prev_status;
-
- cmd = pci_get_word(dev->config + PCI_COMMAND);
- aer_cap = dev->config + dev->exp.aer_cap;
- root_cmd = pci_get_long(aer_cap + PCI_ERR_ROOT_COMMAND);
- prev_status = root_status = pci_get_long(aer_cap + PCI_ERR_ROOT_STATUS);
-
- if (cmd & PCI_COMMAND_SERR) {
- /* System Error.
- *
- * The way to report System Error is platform specific and
- * it isn't implemented in qemu right now.
- * So just discard the error for now.
- * OS which cares of aer would receive errors via
- * native aer mechanims, so this wouldn't matter.
- */
- }
-
- /* Errro Message Received: Root Error Status register */
- switch (msg->severity) {
- case PCI_ERR_ROOT_CMD_COR_EN:
- if (root_status & PCI_ERR_ROOT_COR_RCV) {
- root_status |= PCI_ERR_ROOT_MULTI_COR_RCV;
- } else {
- pci_set_word(aer_cap + PCI_ERR_ROOT_ERR_SRC + PCI_ERR_SRC_COR_OFFS,
- msg->source_id);
- }
- root_status |= PCI_ERR_ROOT_COR_RCV;
- break;
- case PCI_ERR_ROOT_CMD_NONFATAL_EN:
- root_status |= PCI_ERR_ROOT_NONFATAL_RCV;
- break;
- case PCI_ERR_ROOT_CMD_FATAL_EN:
- if (!(root_status & PCI_ERR_ROOT_UNCOR_RCV)) {
- root_status |= PCI_ERR_ROOT_FIRST_FATAL;
- }
- root_status |= PCI_ERR_ROOT_FATAL_RCV;
- break;
- default:
- abort();
- break;
- }
- if (pcie_aer_msg_is_uncor(msg)) {
- if (root_status & PCI_ERR_ROOT_UNCOR_RCV) {
- root_status |= PCI_ERR_ROOT_MULTI_UNCOR_RCV;
- } else {
- pci_set_word(aer_cap + PCI_ERR_ROOT_ERR_SRC +
- PCI_ERR_SRC_UNCOR_OFFS, msg->source_id);
- }
- root_status |= PCI_ERR_ROOT_UNCOR_RCV;
- }
- pci_set_long(aer_cap + PCI_ERR_ROOT_STATUS, root_status);
-
- /* 6.2.4.1.2 Interrupt Generation */
- /* All the above did was set some bits in the status register.
- * Specifically these that match message severity.
- * The below code relies on this fact. */
- if (!(root_cmd & msg->severity) ||
- (pcie_aer_status_to_cmd(prev_status) & root_cmd)) {
- /* Condition is not being set or was already true so nothing to do. */
- return;
- }
-
- pcie_aer_root_notify(dev);
-}
-
-/*
- * 6.2.6 Error Message Control Figure 6-3
- *
- * Walk up the bus tree from the device, propagate the error message.
- */
-static void pcie_aer_msg(PCIDevice *dev, const PCIEAERMsg *msg)
-{
- uint8_t type;
-
- while (dev) {
- if (!pci_is_express(dev)) {
- /* just ignore it */
- /* TODO: Shouldn't we set PCI_STATUS_SIG_SYSTEM_ERROR?
- * Consider e.g. a PCI bridge above a PCI Express device. */
- return;
- }
-
- type = pcie_cap_get_type(dev);
- if ((type == PCI_EXP_TYPE_ROOT_PORT ||
- type == PCI_EXP_TYPE_UPSTREAM ||
- type == PCI_EXP_TYPE_DOWNSTREAM) &&
- !pcie_aer_msg_vbridge(dev, msg)) {
- return;
- }
- if (!pcie_aer_msg_alldev(dev, msg)) {
- return;
- }
- if (type == PCI_EXP_TYPE_ROOT_PORT) {
- pcie_aer_msg_root_port(dev, msg);
- /* Root port can notify system itself,
- or send the error message to root complex event collector. */
- /*
- * if root port is associated with an event collector,
- * return the root complex event collector here.
- * For now root complex event collector isn't supported.
- */
- return;
- }
- dev = pci_bridge_get_device(dev->bus);
- }
-}
-
-static void pcie_aer_update_log(PCIDevice *dev, const PCIEAERErr *err)
-{
- uint8_t *aer_cap = dev->config + dev->exp.aer_cap;
- uint8_t first_bit = ffs(err->status) - 1;
- uint32_t errcap = pci_get_long(aer_cap + PCI_ERR_CAP);
- int i;
-
- assert(err->status);
- assert(!(err->status & (err->status - 1)));
-
- errcap &= ~(PCI_ERR_CAP_FEP_MASK | PCI_ERR_CAP_TLP);
- errcap |= PCI_ERR_CAP_FEP(first_bit);
-
- if (err->flags & PCIE_AER_ERR_HEADER_VALID) {
- for (i = 0; i < ARRAY_SIZE(err->header); ++i) {
- /* 7.10.8 Header Log Register */
- uint8_t *header_log =
- aer_cap + PCI_ERR_HEADER_LOG + i * sizeof err->header[0];
- cpu_to_be32wu((uint32_t*)header_log, err->header[i]);
- }
- } else {
- assert(!(err->flags & PCIE_AER_ERR_TLP_PREFIX_PRESENT));
- memset(aer_cap + PCI_ERR_HEADER_LOG, 0, PCI_ERR_HEADER_LOG_SIZE);
- }
-
- if ((err->flags & PCIE_AER_ERR_TLP_PREFIX_PRESENT) &&
- (pci_get_long(dev->config + dev->exp.exp_cap + PCI_EXP_DEVCTL2) &
- PCI_EXP_DEVCAP2_EETLPP)) {
- for (i = 0; i < ARRAY_SIZE(err->prefix); ++i) {
- /* 7.10.12 tlp prefix log register */
- uint8_t *prefix_log =
- aer_cap + PCI_ERR_TLP_PREFIX_LOG + i * sizeof err->prefix[0];
- cpu_to_be32wu((uint32_t*)prefix_log, err->prefix[i]);
- }
- errcap |= PCI_ERR_CAP_TLP;
- } else {
- memset(aer_cap + PCI_ERR_TLP_PREFIX_LOG, 0,
- PCI_ERR_TLP_PREFIX_LOG_SIZE);
- }
- pci_set_long(aer_cap + PCI_ERR_CAP, errcap);
-}
-
-static void pcie_aer_clear_log(PCIDevice *dev)
-{
- uint8_t *aer_cap = dev->config + dev->exp.aer_cap;
-
- pci_long_test_and_clear_mask(aer_cap + PCI_ERR_CAP,
- PCI_ERR_CAP_FEP_MASK | PCI_ERR_CAP_TLP);
-
- memset(aer_cap + PCI_ERR_HEADER_LOG, 0, PCI_ERR_HEADER_LOG_SIZE);
- memset(aer_cap + PCI_ERR_TLP_PREFIX_LOG, 0, PCI_ERR_TLP_PREFIX_LOG_SIZE);
-}
-
-static void pcie_aer_clear_error(PCIDevice *dev)
-{
- uint8_t *aer_cap = dev->config + dev->exp.aer_cap;
- uint32_t errcap = pci_get_long(aer_cap + PCI_ERR_CAP);
- PCIEAERLog *aer_log = &dev->exp.aer_log;
- PCIEAERErr err;
-
- if (!(errcap & PCI_ERR_CAP_MHRE) || !aer_log->log_num) {
- pcie_aer_clear_log(dev);
- return;
- }
-
- /*
- * If more errors are queued, set corresponding bits in uncorrectable
- * error status.
- * We emulate uncorrectable error status register as W1CS.
- * So set bit in uncorrectable error status here again for multiple
- * error recording support.
- *
- * 6.2.4.2 Multiple Error Handling(Advanced Error Reporting Capability)
- */
- pcie_aer_update_uncor_status(dev);
-
- aer_log_del_err(aer_log, &err);
- pcie_aer_update_log(dev, &err);
-}
-
-static int pcie_aer_record_error(PCIDevice *dev,
- const PCIEAERErr *err)
-{
- uint8_t *aer_cap = dev->config + dev->exp.aer_cap;
- uint32_t errcap = pci_get_long(aer_cap + PCI_ERR_CAP);
- int fep = PCI_ERR_CAP_FEP(errcap);
-
- assert(err->status);
- assert(!(err->status & (err->status - 1)));
-
- if (errcap & PCI_ERR_CAP_MHRE &&
- (pci_get_long(aer_cap + PCI_ERR_UNCOR_STATUS) & (1U << fep))) {
- /* Not first error. queue error */
- if (aer_log_add_err(&dev->exp.aer_log, err) < 0) {
- /* overflow */
- return -1;
- }
- return 0;
- }
-
- pcie_aer_update_log(dev, err);
- return 0;
-}
-
-typedef struct PCIEAERInject {
- PCIDevice *dev;
- uint8_t *aer_cap;
- const PCIEAERErr *err;
- uint16_t devctl;
- uint16_t devsta;
- uint32_t error_status;
- bool unsupported_request;
- bool log_overflow;
- PCIEAERMsg msg;
-} PCIEAERInject;
-
-static bool pcie_aer_inject_cor_error(PCIEAERInject *inj,
- uint32_t uncor_status,
- bool is_advisory_nonfatal)
-{
- PCIDevice *dev = inj->dev;
-
- inj->devsta |= PCI_EXP_DEVSTA_CED;
- if (inj->unsupported_request) {
- inj->devsta |= PCI_EXP_DEVSTA_URD;
- }
- pci_set_word(dev->config + dev->exp.exp_cap + PCI_EXP_DEVSTA, inj->devsta);
-
- if (inj->aer_cap) {
- uint32_t mask;
- pci_long_test_and_set_mask(inj->aer_cap + PCI_ERR_COR_STATUS,
- inj->error_status);
- mask = pci_get_long(inj->aer_cap + PCI_ERR_COR_MASK);
- if (mask & inj->error_status) {
- return false;
- }
- if (is_advisory_nonfatal) {
- uint32_t uncor_mask =
- pci_get_long(inj->aer_cap + PCI_ERR_UNCOR_MASK);
- if (!(uncor_mask & uncor_status)) {
- inj->log_overflow = !!pcie_aer_record_error(dev, inj->err);
- }
- pci_long_test_and_set_mask(inj->aer_cap + PCI_ERR_UNCOR_STATUS,
- uncor_status);
- }
- }
-
- if (inj->unsupported_request && !(inj->devctl & PCI_EXP_DEVCTL_URRE)) {
- return false;
- }
- if (!(inj->devctl & PCI_EXP_DEVCTL_CERE)) {
- return false;
- }
-
- inj->msg.severity = PCI_ERR_ROOT_CMD_COR_EN;
- return true;
-}
-
-static bool pcie_aer_inject_uncor_error(PCIEAERInject *inj, bool is_fatal)
-{
- PCIDevice *dev = inj->dev;
- uint16_t cmd;
-
- if (is_fatal) {
- inj->devsta |= PCI_EXP_DEVSTA_FED;
- } else {
- inj->devsta |= PCI_EXP_DEVSTA_NFED;
- }
- if (inj->unsupported_request) {
- inj->devsta |= PCI_EXP_DEVSTA_URD;
- }
- pci_set_long(dev->config + dev->exp.exp_cap + PCI_EXP_DEVSTA, inj->devsta);
-
- if (inj->aer_cap) {
- uint32_t mask = pci_get_long(inj->aer_cap + PCI_ERR_UNCOR_MASK);
- if (mask & inj->error_status) {
- pci_long_test_and_set_mask(inj->aer_cap + PCI_ERR_UNCOR_STATUS,
- inj->error_status);
- return false;
- }
-
- inj->log_overflow = !!pcie_aer_record_error(dev, inj->err);
- pci_long_test_and_set_mask(inj->aer_cap + PCI_ERR_UNCOR_STATUS,
- inj->error_status);
- }
-
- cmd = pci_get_word(dev->config + PCI_COMMAND);
- if (inj->unsupported_request &&
- !(inj->devctl & PCI_EXP_DEVCTL_URRE) && !(cmd & PCI_COMMAND_SERR)) {
- return false;
- }
- if (is_fatal) {
- if (!((cmd & PCI_COMMAND_SERR) ||
- (inj->devctl & PCI_EXP_DEVCTL_FERE))) {
- return false;
- }
- inj->msg.severity = PCI_ERR_ROOT_CMD_FATAL_EN;
- } else {
- if (!((cmd & PCI_COMMAND_SERR) ||
- (inj->devctl & PCI_EXP_DEVCTL_NFERE))) {
- return false;
- }
- inj->msg.severity = PCI_ERR_ROOT_CMD_NONFATAL_EN;
- }
- return true;
-}
-
-/*
- * non-Function specific error must be recorded in all functions.
- * It is the responsibility of the caller of this function.
- * It is also caller's responsibility to determine which function should
- * report the rerror.
- *
- * 6.2.4 Error Logging
- * 6.2.5 Sqeunce of Device Error Signaling and Logging Operations
- * table 6-2: Flowchard Showing Sequence of Device Error Signaling and Logging
- * Operations
- */
-int pcie_aer_inject_error(PCIDevice *dev, const PCIEAERErr *err)
-{
- uint8_t *aer_cap = NULL;
- uint16_t devctl = 0;
- uint16_t devsta = 0;
- uint32_t error_status = err->status;
- PCIEAERInject inj;
-
- if (!pci_is_express(dev)) {
- return -ENOSYS;
- }
-
- if (err->flags & PCIE_AER_ERR_IS_CORRECTABLE) {
- error_status &= PCI_ERR_COR_SUPPORTED;
- } else {
- error_status &= PCI_ERR_UNC_SUPPORTED;
- }
-
- /* invalid status bit. one and only one bit must be set */
- if (!error_status || (error_status & (error_status - 1))) {
- return -EINVAL;
- }
-
- if (dev->exp.aer_cap) {
- uint8_t *exp_cap = dev->config + dev->exp.exp_cap;
- aer_cap = dev->config + dev->exp.aer_cap;
- devctl = pci_get_long(exp_cap + PCI_EXP_DEVCTL);
- devsta = pci_get_long(exp_cap + PCI_EXP_DEVSTA);
- }
-
- inj.dev = dev;
- inj.aer_cap = aer_cap;
- inj.err = err;
- inj.devctl = devctl;
- inj.devsta = devsta;
- inj.error_status = error_status;
- inj.unsupported_request = !(err->flags & PCIE_AER_ERR_IS_CORRECTABLE) &&
- err->status == PCI_ERR_UNC_UNSUP;
- inj.log_overflow = false;
-
- if (err->flags & PCIE_AER_ERR_IS_CORRECTABLE) {
- if (!pcie_aer_inject_cor_error(&inj, 0, false)) {
- return 0;
- }
- } else {
- bool is_fatal =
- pcie_aer_uncor_default_severity(error_status) ==
- PCI_ERR_ROOT_CMD_FATAL_EN;
- if (aer_cap) {
- is_fatal =
- error_status & pci_get_long(aer_cap + PCI_ERR_UNCOR_SEVER);
- }
- if (!is_fatal && (err->flags & PCIE_AER_ERR_MAYBE_ADVISORY)) {
- inj.error_status = PCI_ERR_COR_ADV_NONFATAL;
- if (!pcie_aer_inject_cor_error(&inj, error_status, true)) {
- return 0;
- }
- } else {
- if (!pcie_aer_inject_uncor_error(&inj, is_fatal)) {
- return 0;
- }
- }
- }
-
- /* send up error message */
- inj.msg.source_id = err->source_id;
- pcie_aer_msg(dev, &inj.msg);
-
- if (inj.log_overflow) {
- PCIEAERErr header_log_overflow = {
- .status = PCI_ERR_COR_HL_OVERFLOW,
- .flags = PCIE_AER_ERR_IS_CORRECTABLE,
- };
- int ret = pcie_aer_inject_error(dev, &header_log_overflow);
- assert(!ret);
- }
- return 0;
-}
-
-void pcie_aer_write_config(PCIDevice *dev,
- uint32_t addr, uint32_t val, int len)
-{
- uint8_t *aer_cap = dev->config + dev->exp.aer_cap;
- uint32_t errcap = pci_get_long(aer_cap + PCI_ERR_CAP);
- uint32_t first_error = 1U << PCI_ERR_CAP_FEP(errcap);
- uint32_t uncorsta = pci_get_long(aer_cap + PCI_ERR_UNCOR_STATUS);
-
- /* uncorrectable error */
- if (!(uncorsta & first_error)) {
- /* the bit that corresponds to the first error is cleared */
- pcie_aer_clear_error(dev);
- } else if (errcap & PCI_ERR_CAP_MHRE) {
- /* When PCI_ERR_CAP_MHRE is enabled and the first error isn't cleared
- * nothing should happen. So we have to revert the modification to
- * the register.
- */
- pcie_aer_update_uncor_status(dev);
- } else {
- /* capability & control
- * PCI_ERR_CAP_MHRE might be cleared, so clear of header log.
- */
- aer_log_clear_all_err(&dev->exp.aer_log);
- }
-}
-
-void pcie_aer_root_init(PCIDevice *dev)
-{
- uint16_t pos = dev->exp.aer_cap;
-
- pci_set_long(dev->wmask + pos + PCI_ERR_ROOT_COMMAND,
- PCI_ERR_ROOT_CMD_EN_MASK);
- pci_set_long(dev->w1cmask + pos + PCI_ERR_ROOT_STATUS,
- PCI_ERR_ROOT_STATUS_REPORT_MASK);
- /* PCI_ERR_ROOT_IRQ is RO but devices change it using a
- * device-specific method.
- */
- pci_set_long(dev->cmask + pos + PCI_ERR_ROOT_STATUS,
- ~PCI_ERR_ROOT_IRQ);
-}
-
-void pcie_aer_root_reset(PCIDevice *dev)
-{
- uint8_t* aer_cap = dev->config + dev->exp.aer_cap;
-
- pci_set_long(aer_cap + PCI_ERR_ROOT_COMMAND, 0);
-
- /*
- * Advanced Error Interrupt Message Number in Root Error Status Register
- * must be updated by chip dependent code because it's chip dependent
- * which number is used.
- */
-}
-
-void pcie_aer_root_write_config(PCIDevice *dev,
- uint32_t addr, uint32_t val, int len,
- uint32_t root_cmd_prev)
-{
- uint8_t *aer_cap = dev->config + dev->exp.aer_cap;
- uint32_t root_status = pci_get_long(aer_cap + PCI_ERR_ROOT_STATUS);
- uint32_t enabled_cmd = pcie_aer_status_to_cmd(root_status);
- uint32_t root_cmd = pci_get_long(aer_cap + PCI_ERR_ROOT_COMMAND);
- /* 6.2.4.1.2 Interrupt Generation */
- if (!msix_enabled(dev) && !msi_enabled(dev)) {
- qemu_set_irq(dev->irq[dev->exp.aer_intx], !!(root_cmd & enabled_cmd));
- return;
- }
-
- if ((root_cmd_prev & enabled_cmd) || !(root_cmd & enabled_cmd)) {
- /* Send MSI on transition from false to true. */
- return;
- }
-
- pcie_aer_root_notify(dev);
-}
-
-static const VMStateDescription vmstate_pcie_aer_err = {
- .name = "PCIE_AER_ERROR",
- .version_id = 1,
- .minimum_version_id = 1,
- .minimum_version_id_old = 1,
- .fields = (VMStateField[]) {
- VMSTATE_UINT32(status, PCIEAERErr),
- VMSTATE_UINT16(source_id, PCIEAERErr),
- VMSTATE_UINT16(flags, PCIEAERErr),
- VMSTATE_UINT32_ARRAY(header, PCIEAERErr, 4),
- VMSTATE_UINT32_ARRAY(prefix, PCIEAERErr, 4),
- VMSTATE_END_OF_LIST()
- }
-};
-
-const VMStateDescription vmstate_pcie_aer_log = {
- .name = "PCIE_AER_ERROR_LOG",
- .version_id = 1,
- .minimum_version_id = 1,
- .minimum_version_id_old = 1,
- .fields = (VMStateField[]) {
- VMSTATE_UINT16(log_num, PCIEAERLog),
- VMSTATE_UINT16(log_max, PCIEAERLog),
- VMSTATE_STRUCT_VARRAY_POINTER_UINT16(log, PCIEAERLog, log_num,
- vmstate_pcie_aer_err, PCIEAERErr),
- VMSTATE_END_OF_LIST()
- }
-};
-
-void pcie_aer_inject_error_print(Monitor *mon, const QObject *data)
-{
- QDict *qdict;
- int devfn;
- assert(qobject_type(data) == QTYPE_QDICT);
- qdict = qobject_to_qdict(data);
-
- devfn = (int)qdict_get_int(qdict, "devfn");
- monitor_printf(mon, "OK id: %s domain: %x, bus: %x devfn: %x.%x\n",
- qdict_get_str(qdict, "id"),
- (int) qdict_get_int(qdict, "domain"),
- (int) qdict_get_int(qdict, "bus"),
- PCI_SLOT(devfn), PCI_FUNC(devfn));
-}
-
-typedef struct PCIEAERErrorName {
- const char *name;
- uint32_t val;
- bool correctable;
-} PCIEAERErrorName;
-
-/*
- * AER error name -> value conversion table
- * This naming scheme is same to linux aer-injection tool.
- */
-static const struct PCIEAERErrorName pcie_aer_error_list[] = {
- {
- .name = "TRAIN",
- .val = PCI_ERR_UNC_TRAIN,
- .correctable = false,
- }, {
- .name = "DLP",
- .val = PCI_ERR_UNC_DLP,
- .correctable = false,
- }, {
- .name = "SDN",
- .val = PCI_ERR_UNC_SDN,
- .correctable = false,
- }, {
- .name = "POISON_TLP",
- .val = PCI_ERR_UNC_POISON_TLP,
- .correctable = false,
- }, {
- .name = "FCP",
- .val = PCI_ERR_UNC_FCP,
- .correctable = false,
- }, {
- .name = "COMP_TIME",
- .val = PCI_ERR_UNC_COMP_TIME,
- .correctable = false,
- }, {
- .name = "COMP_ABORT",
- .val = PCI_ERR_UNC_COMP_ABORT,
- .correctable = false,
- }, {
- .name = "UNX_COMP",
- .val = PCI_ERR_UNC_UNX_COMP,
- .correctable = false,
- }, {
- .name = "RX_OVER",
- .val = PCI_ERR_UNC_RX_OVER,
- .correctable = false,
- }, {
- .name = "MALF_TLP",
- .val = PCI_ERR_UNC_MALF_TLP,
- .correctable = false,
- }, {
- .name = "ECRC",
- .val = PCI_ERR_UNC_ECRC,
- .correctable = false,
- }, {
- .name = "UNSUP",
- .val = PCI_ERR_UNC_UNSUP,
- .correctable = false,
- }, {
- .name = "ACSV",
- .val = PCI_ERR_UNC_ACSV,
- .correctable = false,
- }, {
- .name = "INTN",
- .val = PCI_ERR_UNC_INTN,
- .correctable = false,
- }, {
- .name = "MCBTLP",
- .val = PCI_ERR_UNC_MCBTLP,
- .correctable = false,
- }, {
- .name = "ATOP_EBLOCKED",
- .val = PCI_ERR_UNC_ATOP_EBLOCKED,
- .correctable = false,
- }, {
- .name = "TLP_PRF_BLOCKED",
- .val = PCI_ERR_UNC_TLP_PRF_BLOCKED,
- .correctable = false,
- }, {
- .name = "RCVR",
- .val = PCI_ERR_COR_RCVR,
- .correctable = true,
- }, {
- .name = "BAD_TLP",
- .val = PCI_ERR_COR_BAD_TLP,
- .correctable = true,
- }, {
- .name = "BAD_DLLP",
- .val = PCI_ERR_COR_BAD_DLLP,
- .correctable = true,
- }, {
- .name = "REP_ROLL",
- .val = PCI_ERR_COR_REP_ROLL,
- .correctable = true,
- }, {
- .name = "REP_TIMER",
- .val = PCI_ERR_COR_REP_TIMER,
- .correctable = true,
- }, {
- .name = "ADV_NONFATAL",
- .val = PCI_ERR_COR_ADV_NONFATAL,
- .correctable = true,
- }, {
- .name = "INTERNAL",
- .val = PCI_ERR_COR_INTERNAL,
- .correctable = true,
- }, {
- .name = "HL_OVERFLOW",
- .val = PCI_ERR_COR_HL_OVERFLOW,
- .correctable = true,
- },
-};
-
-static int pcie_aer_parse_error_string(const char *error_name,
- uint32_t *status, bool *correctable)
-{
- int i;
-
- for (i = 0; i < ARRAY_SIZE(pcie_aer_error_list); i++) {
- const PCIEAERErrorName *e = &pcie_aer_error_list[i];
- if (strcmp(error_name, e->name)) {
- continue;
- }
-
- *status = e->val;
- *correctable = e->correctable;
- return 0;
- }
- return -EINVAL;
-}
-
-int do_pcie_aer_inject_error(Monitor *mon,
- const QDict *qdict, QObject **ret_data)
-{
- const char *id = qdict_get_str(qdict, "id");
- const char *error_name;
- uint32_t error_status;
- bool correctable;
- PCIDevice *dev;
- PCIEAERErr err;
- int ret;
-
- ret = pci_qdev_find_device(id, &dev);
- if (ret < 0) {
- monitor_printf(mon,
- "id or pci device path is invalid or device not "
- "found. %s\n", id);
- return ret;
- }
- if (!pci_is_express(dev)) {
- monitor_printf(mon, "the device doesn't support pci express. %s\n",
- id);
- return -ENOSYS;
- }
-
- error_name = qdict_get_str(qdict, "error_status");
- if (pcie_aer_parse_error_string(error_name, &error_status, &correctable)) {
- char *e = NULL;
- error_status = strtoul(error_name, &e, 0);
- correctable = qdict_get_try_bool(qdict, "correctable", 0);
- if (!e || *e != '\0') {
- monitor_printf(mon, "invalid error status value. \"%s\"",
- error_name);
- return -EINVAL;
- }
- }
- err.status = error_status;
- err.source_id = (pci_bus_num(dev->bus) << 8) | dev->devfn;
-
- err.flags = 0;
- if (correctable) {
- err.flags |= PCIE_AER_ERR_IS_CORRECTABLE;
- }
- if (qdict_get_try_bool(qdict, "advisory_non_fatal", 0)) {
- err.flags |= PCIE_AER_ERR_MAYBE_ADVISORY;
- }
- if (qdict_haskey(qdict, "header0")) {
- err.flags |= PCIE_AER_ERR_HEADER_VALID;
- }
- if (qdict_haskey(qdict, "prefix0")) {
- err.flags |= PCIE_AER_ERR_TLP_PREFIX_PRESENT;
- }
-
- err.header[0] = qdict_get_try_int(qdict, "header0", 0);
- err.header[1] = qdict_get_try_int(qdict, "header1", 0);
- err.header[2] = qdict_get_try_int(qdict, "header2", 0);
- err.header[3] = qdict_get_try_int(qdict, "header3", 0);
-
- err.prefix[0] = qdict_get_try_int(qdict, "prefix0", 0);
- err.prefix[1] = qdict_get_try_int(qdict, "prefix1", 0);
- err.prefix[2] = qdict_get_try_int(qdict, "prefix2", 0);
- err.prefix[3] = qdict_get_try_int(qdict, "prefix3", 0);
-
- ret = pcie_aer_inject_error(dev, &err);
- *ret_data = qobject_from_jsonf("{'id': %s, "
- "'domain': %d, 'bus': %d, 'devfn': %d, "
- "'ret': %d}",
- id,
- pci_find_domain(dev->bus),
- pci_bus_num(dev->bus), dev->devfn,
- ret);
- assert(*ret_data);
-
- return 0;
-}
diff --git a/hw/pcie_aer.h b/hw/pcie_aer.h
deleted file mode 100644
index 7539500cd..000000000
--- a/hw/pcie_aer.h
+++ /dev/null
@@ -1,106 +0,0 @@
-/*
- * pcie_aer.h
- *
- * Copyright (c) 2010 Isaku Yamahata <yamahata at valinux co jp>
- * VA Linux Systems Japan K.K.
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, see <http://www.gnu.org/licenses/>.
- */
-
-#ifndef QEMU_PCIE_AER_H
-#define QEMU_PCIE_AER_H
-
-#include "hw.h"
-
-/* definitions which PCIExpressDevice uses */
-
-/* AER log */
-struct PCIEAERLog {
- /* This structure is saved/loaded.
- So explicitly size them instead of unsigned int */
-
- /* the number of currently recorded log in log member */
- uint16_t log_num;
-
- /*
- * The maximum number of the log. Errors can be logged up to this.
- *
- * This is configurable property.
- * The specified value will be clipped down to PCIE_AER_LOG_MAX_LIMIT
- * to avoid unreasonable memory usage.
- * I bet that 128 log size would be big enough, otherwise too many errors
- * for system to function normaly. But could consecutive errors occur?
- */
-#define PCIE_AER_LOG_MAX_DEFAULT 8
-#define PCIE_AER_LOG_MAX_LIMIT 128
-#define PCIE_AER_LOG_MAX_UNSET 0xffff
- uint16_t log_max;
-
- /* Error log. log_max-sized array */
- PCIEAERErr *log;
-};
-
-/* aer error message: error signaling message has only error sevirity and
- source id. See 2.2.8.3 error signaling messages */
-struct PCIEAERMsg {
- /*
- * PCI_ERR_ROOT_CMD_{COR, NONFATAL, FATAL}_EN
- * = PCI_EXP_DEVCTL_{CERE, NFERE, FERE}
- */
- uint32_t severity;
-
- uint16_t source_id; /* bdf */
-};
-
-static inline bool
-pcie_aer_msg_is_uncor(const PCIEAERMsg *msg)
-{
- return msg->severity == PCI_ERR_ROOT_CMD_NONFATAL_EN ||
- msg->severity == PCI_ERR_ROOT_CMD_FATAL_EN;
-}
-
-/* error */
-struct PCIEAERErr {
- uint32_t status; /* error status bits */
- uint16_t source_id; /* bdf */
-
-#define PCIE_AER_ERR_IS_CORRECTABLE 0x1 /* correctable/uncorrectable */
-#define PCIE_AER_ERR_MAYBE_ADVISORY 0x2 /* maybe advisory non-fatal */
-#define PCIE_AER_ERR_HEADER_VALID 0x4 /* TLP header is logged */
-#define PCIE_AER_ERR_TLP_PREFIX_PRESENT 0x8 /* TLP Prefix is logged */
- uint16_t flags;
-
- uint32_t header[4]; /* TLP header */
- uint32_t prefix[4]; /* TLP header prefix */
-};
-
-extern const VMStateDescription vmstate_pcie_aer_log;
-
-int pcie_aer_init(PCIDevice *dev, uint16_t offset);
-void pcie_aer_exit(PCIDevice *dev);
-void pcie_aer_write_config(PCIDevice *dev,
- uint32_t addr, uint32_t val, int len);
-
-/* aer root port */
-void pcie_aer_root_set_vector(PCIDevice *dev, unsigned int vector);
-void pcie_aer_root_init(PCIDevice *dev);
-void pcie_aer_root_reset(PCIDevice *dev);
-void pcie_aer_root_write_config(PCIDevice *dev,
- uint32_t addr, uint32_t val, int len,
- uint32_t root_cmd_prev);
-
-/* error injection */
-int pcie_aer_inject_error(PCIDevice *dev, const PCIEAERErr *err);
-
-#endif /* QEMU_PCIE_AER_H */
diff --git a/hw/pcie_host.c b/hw/pcie_host.c
deleted file mode 100644
index c257fb43c..000000000
--- a/hw/pcie_host.c
+++ /dev/null
@@ -1,161 +0,0 @@
-/*
- * pcie_host.c
- * utility functions for pci express host bridge.
- *
- * Copyright (c) 2009 Isaku Yamahata <yamahata at valinux co jp>
- * VA Linux Systems Japan K.K.
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
-
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
-
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, see <http://www.gnu.org/licenses/>.
- */
-
-#include "hw.h"
-#include "pci.h"
-#include "pcie_host.h"
-#include "exec-memory.h"
-
-/*
- * PCI express mmcfig address
- * bit 20 - 28: bus number
- * bit 15 - 19: device number
- * bit 12 - 14: function number
- * bit 0 - 11: offset in configuration space of a given device
- */
-#define PCIE_MMCFG_SIZE_MAX (1ULL << 28)
-#define PCIE_MMCFG_SIZE_MIN (1ULL << 20)
-#define PCIE_MMCFG_BUS_BIT 20
-#define PCIE_MMCFG_BUS_MASK 0x1ff
-#define PCIE_MMCFG_DEVFN_BIT 12
-#define PCIE_MMCFG_DEVFN_MASK 0xff
-#define PCIE_MMCFG_CONFOFFSET_MASK 0xfff
-#define PCIE_MMCFG_BUS(addr) (((addr) >> PCIE_MMCFG_BUS_BIT) & \
- PCIE_MMCFG_BUS_MASK)
-#define PCIE_MMCFG_DEVFN(addr) (((addr) >> PCIE_MMCFG_DEVFN_BIT) & \
- PCIE_MMCFG_DEVFN_MASK)
-#define PCIE_MMCFG_CONFOFFSET(addr) ((addr) & PCIE_MMCFG_CONFOFFSET_MASK)
-
-
-/* a helper function to get a PCIDevice for a given mmconfig address */
-static inline PCIDevice *pcie_dev_find_by_mmcfg_addr(PCIBus *s,
- uint32_t mmcfg_addr)
-{
- return pci_find_device(s, PCIE_MMCFG_BUS(mmcfg_addr),
- PCIE_MMCFG_DEVFN(mmcfg_addr));
-}
-
-static void pcie_mmcfg_data_write(void *opaque, hwaddr mmcfg_addr,
- uint64_t val, unsigned len)
-{
- PCIExpressHost *e = opaque;
- PCIBus *s = e->pci.bus;
- PCIDevice *pci_dev = pcie_dev_find_by_mmcfg_addr(s, mmcfg_addr);
- uint32_t addr;
- uint32_t limit;
-
- if (!pci_dev) {
- return;
- }
- addr = PCIE_MMCFG_CONFOFFSET(mmcfg_addr);
- limit = pci_config_size(pci_dev);
- if (limit <= addr) {
- /* conventional pci device can be behind pcie-to-pci bridge.
- 256 <= addr < 4K has no effects. */
- return;
- }
- pci_host_config_write_common(pci_dev, addr, limit, val, len);
-}
-
-static uint64_t pcie_mmcfg_data_read(void *opaque,
- hwaddr mmcfg_addr,
- unsigned len)
-{
- PCIExpressHost *e = opaque;
- PCIBus *s = e->pci.bus;
- PCIDevice *pci_dev = pcie_dev_find_by_mmcfg_addr(s, mmcfg_addr);
- uint32_t addr;
- uint32_t limit;
-
- if (!pci_dev) {
- return ~0x0;
- }
- addr = PCIE_MMCFG_CONFOFFSET(mmcfg_addr);
- limit = pci_config_size(pci_dev);
- if (limit <= addr) {
- /* conventional pci device can be behind pcie-to-pci bridge.
- 256 <= addr < 4K has no effects. */
- return ~0x0;
- }
- return pci_host_config_read_common(pci_dev, addr, limit, len);
-}
-
-static const MemoryRegionOps pcie_mmcfg_ops = {
- .read = pcie_mmcfg_data_read,
- .write = pcie_mmcfg_data_write,
- .endianness = DEVICE_NATIVE_ENDIAN,
-};
-
-/* pcie_host::base_addr == PCIE_BASE_ADDR_UNMAPPED when it isn't mapped. */
-#define PCIE_BASE_ADDR_UNMAPPED ((hwaddr)-1ULL)
-
-int pcie_host_init(PCIExpressHost *e)
-{
- e->base_addr = PCIE_BASE_ADDR_UNMAPPED;
-
- return 0;
-}
-
-void pcie_host_mmcfg_unmap(PCIExpressHost *e)
-{
- if (e->base_addr != PCIE_BASE_ADDR_UNMAPPED) {
- memory_region_del_subregion(get_system_memory(), &e->mmio);
- memory_region_destroy(&e->mmio);
- e->base_addr = PCIE_BASE_ADDR_UNMAPPED;
- }
-}
-
-void pcie_host_mmcfg_map(PCIExpressHost *e, hwaddr addr,
- uint32_t size)
-{
- assert(!(size & (size - 1))); /* power of 2 */
- assert(size >= PCIE_MMCFG_SIZE_MIN);
- assert(size <= PCIE_MMCFG_SIZE_MAX);
- e->size = size;
- memory_region_init_io(&e->mmio, &pcie_mmcfg_ops, e, "pcie-mmcfg", e->size);
- e->base_addr = addr;
- memory_region_add_subregion(get_system_memory(), e->base_addr, &e->mmio);
-}
-
-void pcie_host_mmcfg_update(PCIExpressHost *e,
- int enable,
- hwaddr addr,
- uint32_t size)
-{
- pcie_host_mmcfg_unmap(e);
- if (enable) {
- pcie_host_mmcfg_map(e, addr, size);
- }
-}
-
-static const TypeInfo pcie_host_type_info = {
- .name = TYPE_PCIE_HOST_BRIDGE,
- .parent = TYPE_PCI_HOST_BRIDGE,
- .abstract = true,
- .instance_size = sizeof(PCIExpressHost),
-};
-
-static void pcie_host_register_types(void)
-{
- type_register_static(&pcie_host_type_info);
-}
-
-type_init(pcie_host_register_types)
diff --git a/hw/pcie_host.h b/hw/pcie_host.h
deleted file mode 100644
index 392193530..000000000
--- a/hw/pcie_host.h
+++ /dev/null
@@ -1,54 +0,0 @@
-/*
- * pcie_host.h
- *
- * Copyright (c) 2009 Isaku Yamahata <yamahata at valinux co jp>
- * VA Linux Systems Japan K.K.
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
-
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
-
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, see <http://www.gnu.org/licenses/>.
- */
-
-#ifndef PCIE_HOST_H
-#define PCIE_HOST_H
-
-#include "pci_host.h"
-#include "memory.h"
-
-#define TYPE_PCIE_HOST_BRIDGE "pcie-host-bridge"
-#define PCIE_HOST_BRIDGE(obj) \
- OBJECT_CHECK(PCIExpressHost, (obj), TYPE_PCIE_HOST_BRIDGE)
-
-struct PCIExpressHost {
- PCIHostState pci;
-
- /* express part */
-
- /* base address where MMCONFIG area is mapped. */
- hwaddr base_addr;
-
- /* the size of MMCONFIG area. It's host bridge dependent */
- hwaddr size;
-
- /* MMCONFIG mmio area */
- MemoryRegion mmio;
-};
-
-int pcie_host_init(PCIExpressHost *e);
-void pcie_host_mmcfg_unmap(PCIExpressHost *e);
-void pcie_host_mmcfg_map(PCIExpressHost *e, hwaddr addr, uint32_t size);
-void pcie_host_mmcfg_update(PCIExpressHost *e,
- int enable,
- hwaddr addr,
- uint32_t size);
-
-#endif /* PCIE_HOST_H */
diff --git a/hw/pcie_port.c b/hw/pcie_port.c
deleted file mode 100644
index d6350e5e7..000000000
--- a/hw/pcie_port.c
+++ /dev/null
@@ -1,114 +0,0 @@
-/*
- * pcie_port.c
- *
- * Copyright (c) 2010 Isaku Yamahata <yamahata at valinux co jp>
- * VA Linux Systems Japan K.K.
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, see <http://www.gnu.org/licenses/>.
- */
-
-#include "pcie_port.h"
-
-void pcie_port_init_reg(PCIDevice *d)
-{
- /* Unlike pci bridge,
- 66MHz and fast back to back don't apply to pci express port. */
- pci_set_word(d->config + PCI_STATUS, 0);
- pci_set_word(d->config + PCI_SEC_STATUS, 0);
-
- /* Unlike conventional pci bridge, some bits are hardwired to 0. */
- pci_set_word(d->wmask + PCI_BRIDGE_CONTROL,
- PCI_BRIDGE_CTL_PARITY |
- PCI_BRIDGE_CTL_ISA |
- PCI_BRIDGE_CTL_VGA |
- PCI_BRIDGE_CTL_SERR |
- PCI_BRIDGE_CTL_BUS_RESET);
-}
-
-/**************************************************************************
- * (chassis number, pcie physical slot number) -> pcie slot conversion
- */
-struct PCIEChassis {
- uint8_t number;
-
- QLIST_HEAD(, PCIESlot) slots;
- QLIST_ENTRY(PCIEChassis) next;
-};
-
-static QLIST_HEAD(, PCIEChassis) chassis = QLIST_HEAD_INITIALIZER(chassis);
-
-static struct PCIEChassis *pcie_chassis_find(uint8_t chassis_number)
-{
- struct PCIEChassis *c;
- QLIST_FOREACH(c, &chassis, next) {
- if (c->number == chassis_number) {
- break;
- }
- }
- return c;
-}
-
-void pcie_chassis_create(uint8_t chassis_number)
-{
- struct PCIEChassis *c;
- c = pcie_chassis_find(chassis_number);
- if (c) {
- return;
- }
- c = g_malloc0(sizeof(*c));
- c->number = chassis_number;
- QLIST_INIT(&c->slots);
- QLIST_INSERT_HEAD(&chassis, c, next);
-}
-
-static PCIESlot *pcie_chassis_find_slot_with_chassis(struct PCIEChassis *c,
- uint8_t slot)
-{
- PCIESlot *s;
- QLIST_FOREACH(s, &c->slots, next) {
- if (s->slot == slot) {
- break;
- }
- }
- return s;
-}
-
-PCIESlot *pcie_chassis_find_slot(uint8_t chassis_number, uint16_t slot)
-{
- struct PCIEChassis *c;
- c = pcie_chassis_find(chassis_number);
- if (!c) {
- return NULL;
- }
- return pcie_chassis_find_slot_with_chassis(c, slot);
-}
-
-int pcie_chassis_add_slot(struct PCIESlot *slot)
-{
- struct PCIEChassis *c;
- c = pcie_chassis_find(slot->chassis);
- if (!c) {
- return -ENODEV;
- }
- if (pcie_chassis_find_slot_with_chassis(c, slot->slot)) {
- return -EBUSY;
- }
- QLIST_INSERT_HEAD(&c->slots, slot, next);
- return 0;
-}
-
-void pcie_chassis_del_slot(PCIESlot *s)
-{
- QLIST_REMOVE(s, next);
-}
diff --git a/hw/pcie_port.h b/hw/pcie_port.h
deleted file mode 100644
index 3709583cc..000000000
--- a/hw/pcie_port.h
+++ /dev/null
@@ -1,51 +0,0 @@
-/*
- * pcie_port.h
- *
- * Copyright (c) 2010 Isaku Yamahata <yamahata at valinux co jp>
- * VA Linux Systems Japan K.K.
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, see <http://www.gnu.org/licenses/>.
- */
-
-#ifndef QEMU_PCIE_PORT_H
-#define QEMU_PCIE_PORT_H
-
-#include "pci_bridge.h"
-#include "pci_internals.h"
-
-struct PCIEPort {
- PCIBridge br;
-
- /* pci express switch port */
- uint8_t port;
-};
-
-void pcie_port_init_reg(PCIDevice *d);
-
-struct PCIESlot {
- PCIEPort port;
-
- /* pci express switch port with slot */
- uint8_t chassis;
- uint16_t slot;
- QLIST_ENTRY(PCIESlot) next;
-};
-
-void pcie_chassis_create(uint8_t chassis_number);
-void pcie_main_chassis_create(void);
-PCIESlot *pcie_chassis_find_slot(uint8_t chassis, uint16_t slot);
-int pcie_chassis_add_slot(struct PCIESlot *slot);
-void pcie_chassis_del_slot(PCIESlot *s);
-
-#endif /* QEMU_PCIE_PORT_H */
diff --git a/hw/pcie_regs.h b/hw/pcie_regs.h
deleted file mode 100644
index 4d123d9fc..000000000
--- a/hw/pcie_regs.h
+++ /dev/null
@@ -1,156 +0,0 @@
-/*
- * constants for pcie configurations space from pci express spec.
- *
- * TODO:
- * Those constants and macros should go to Linux pci_regs.h
- * Once they're merged, they will go away.
- */
-#ifndef QEMU_PCIE_REGS_H
-#define QEMU_PCIE_REGS_H
-
-
-/* express capability */
-
-#define PCI_EXP_VER2_SIZEOF 0x3c /* express capability of ver. 2 */
-#define PCI_EXT_CAP_VER_SHIFT 16
-#define PCI_EXT_CAP_NEXT_SHIFT 20
-#define PCI_EXT_CAP_NEXT_MASK (0xffc << PCI_EXT_CAP_NEXT_SHIFT)
-
-#define PCI_EXT_CAP(id, ver, next) \
- ((id) | \
- ((ver) << PCI_EXT_CAP_VER_SHIFT) | \
- ((next) << PCI_EXT_CAP_NEXT_SHIFT))
-
-#define PCI_EXT_CAP_ALIGN 4
-#define PCI_EXT_CAP_ALIGNUP(x) \
- (((x) + PCI_EXT_CAP_ALIGN - 1) & ~(PCI_EXT_CAP_ALIGN - 1))
-
-/* PCI_EXP_FLAGS */
-#define PCI_EXP_FLAGS_VER2 2 /* for now, supports only ver. 2 */
-#define PCI_EXP_FLAGS_IRQ_SHIFT (ffs(PCI_EXP_FLAGS_IRQ) - 1)
-#define PCI_EXP_FLAGS_TYPE_SHIFT (ffs(PCI_EXP_FLAGS_TYPE) - 1)
-
-
-/* PCI_EXP_LINK{CAP, STA} */
-/* link speed */
-#define PCI_EXP_LNK_LS_25 1
-
-#define PCI_EXP_LNK_MLW_SHIFT (ffs(PCI_EXP_LNKCAP_MLW) - 1)
-#define PCI_EXP_LNK_MLW_1 (1 << PCI_EXP_LNK_MLW_SHIFT)
-
-/* PCI_EXP_LINKCAP */
-#define PCI_EXP_LNKCAP_ASPMS_SHIFT (ffs(PCI_EXP_LNKCAP_ASPMS) - 1)
-#define PCI_EXP_LNKCAP_ASPMS_0S (1 << PCI_EXP_LNKCAP_ASPMS_SHIFT)
-
-#define PCI_EXP_LNKCAP_PN_SHIFT (ffs(PCI_EXP_LNKCAP_PN) - 1)
-
-#define PCI_EXP_SLTCAP_PSN_SHIFT (ffs(PCI_EXP_SLTCAP_PSN) - 1)
-
-#define PCI_EXP_SLTCTL_IND_RESERVED 0x0
-#define PCI_EXP_SLTCTL_IND_ON 0x1
-#define PCI_EXP_SLTCTL_IND_BLINK 0x2
-#define PCI_EXP_SLTCTL_IND_OFF 0x3
-#define PCI_EXP_SLTCTL_AIC_SHIFT (ffs(PCI_EXP_SLTCTL_AIC) - 1)
-#define PCI_EXP_SLTCTL_AIC_OFF \
- (PCI_EXP_SLTCTL_IND_OFF << PCI_EXP_SLTCTL_AIC_SHIFT)
-
-#define PCI_EXP_SLTCTL_PIC_SHIFT (ffs(PCI_EXP_SLTCTL_PIC) - 1)
-#define PCI_EXP_SLTCTL_PIC_OFF \
- (PCI_EXP_SLTCTL_IND_OFF << PCI_EXP_SLTCTL_PIC_SHIFT)
-
-#define PCI_EXP_SLTCTL_SUPPORTED \
- (PCI_EXP_SLTCTL_ABPE | \
- PCI_EXP_SLTCTL_PDCE | \
- PCI_EXP_SLTCTL_CCIE | \
- PCI_EXP_SLTCTL_HPIE | \
- PCI_EXP_SLTCTL_AIC | \
- PCI_EXP_SLTCTL_PCC | \
- PCI_EXP_SLTCTL_EIC)
-
-#define PCI_EXP_DEVCAP2_EFF 0x100000
-#define PCI_EXP_DEVCAP2_EETLPP 0x200000
-
-#define PCI_EXP_DEVCTL2_EETLPPB 0x80
-
-/* ARI */
-#define PCI_ARI_VER 1
-#define PCI_ARI_SIZEOF 8
-
-/* AER */
-#define PCI_ERR_VER 2
-#define PCI_ERR_SIZEOF 0x48
-
-#define PCI_ERR_UNC_SDN 0x00000020 /* surprise down */
-#define PCI_ERR_UNC_ACSV 0x00200000 /* ACS Violation */
-#define PCI_ERR_UNC_INTN 0x00400000 /* Internal Error */
-#define PCI_ERR_UNC_MCBTLP 0x00800000 /* MC Blcoked TLP */
-#define PCI_ERR_UNC_ATOP_EBLOCKED 0x01000000 /* atomic op egress blocked */
-#define PCI_ERR_UNC_TLP_PRF_BLOCKED 0x02000000 /* TLP Prefix Blocked */
-#define PCI_ERR_COR_ADV_NONFATAL 0x00002000 /* Advisory Non-Fatal */
-#define PCI_ERR_COR_INTERNAL 0x00004000 /* Corrected Internal */
-#define PCI_ERR_COR_HL_OVERFLOW 0x00008000 /* Header Long Overflow */
-#define PCI_ERR_CAP_FEP_MASK 0x0000001f
-#define PCI_ERR_CAP_MHRC 0x00000200
-#define PCI_ERR_CAP_MHRE 0x00000400
-#define PCI_ERR_CAP_TLP 0x00000800
-
-#define PCI_ERR_HEADER_LOG_SIZE 16
-#define PCI_ERR_TLP_PREFIX_LOG 0x38
-#define PCI_ERR_TLP_PREFIX_LOG_SIZE 16
-
-#define PCI_SEC_STATUS_RCV_SYSTEM_ERROR 0x4000
-
-/* aer root error command/status */
-#define PCI_ERR_ROOT_CMD_EN_MASK (PCI_ERR_ROOT_CMD_COR_EN | \
- PCI_ERR_ROOT_CMD_NONFATAL_EN | \
- PCI_ERR_ROOT_CMD_FATAL_EN)
-
-#define PCI_ERR_ROOT_IRQ_MAX 32
-#define PCI_ERR_ROOT_IRQ 0xf8000000
-#define PCI_ERR_ROOT_IRQ_SHIFT (ffs(PCI_ERR_ROOT_IRQ) - 1)
-#define PCI_ERR_ROOT_STATUS_REPORT_MASK (PCI_ERR_ROOT_COR_RCV | \
- PCI_ERR_ROOT_MULTI_COR_RCV | \
- PCI_ERR_ROOT_UNCOR_RCV | \
- PCI_ERR_ROOT_MULTI_UNCOR_RCV | \
- PCI_ERR_ROOT_FIRST_FATAL | \
- PCI_ERR_ROOT_NONFATAL_RCV | \
- PCI_ERR_ROOT_FATAL_RCV)
-
-#define PCI_ERR_UNC_SUPPORTED (PCI_ERR_UNC_DLP | \
- PCI_ERR_UNC_SDN | \
- PCI_ERR_UNC_POISON_TLP | \
- PCI_ERR_UNC_FCP | \
- PCI_ERR_UNC_COMP_TIME | \
- PCI_ERR_UNC_COMP_ABORT | \
- PCI_ERR_UNC_UNX_COMP | \
- PCI_ERR_UNC_RX_OVER | \
- PCI_ERR_UNC_MALF_TLP | \
- PCI_ERR_UNC_ECRC | \
- PCI_ERR_UNC_UNSUP | \
- PCI_ERR_UNC_ACSV | \
- PCI_ERR_UNC_INTN | \
- PCI_ERR_UNC_MCBTLP | \
- PCI_ERR_UNC_ATOP_EBLOCKED | \
- PCI_ERR_UNC_TLP_PRF_BLOCKED)
-
-#define PCI_ERR_UNC_SEVERITY_DEFAULT (PCI_ERR_UNC_DLP | \
- PCI_ERR_UNC_SDN | \
- PCI_ERR_UNC_FCP | \
- PCI_ERR_UNC_RX_OVER | \
- PCI_ERR_UNC_MALF_TLP | \
- PCI_ERR_UNC_INTN)
-
-#define PCI_ERR_COR_SUPPORTED (PCI_ERR_COR_RCVR | \
- PCI_ERR_COR_BAD_TLP | \
- PCI_ERR_COR_BAD_DLLP | \
- PCI_ERR_COR_REP_ROLL | \
- PCI_ERR_COR_REP_TIMER | \
- PCI_ERR_COR_ADV_NONFATAL | \
- PCI_ERR_COR_INTERNAL | \
- PCI_ERR_COR_HL_OVERFLOW)
-
-#define PCI_ERR_COR_MASK_DEFAULT (PCI_ERR_COR_ADV_NONFATAL | \
- PCI_ERR_COR_INTERNAL | \
- PCI_ERR_COR_HL_OVERFLOW)
-
-#endif /* QEMU_PCIE_REGS_H */
diff --git a/hw/pckbd.c b/hw/pckbd.c
deleted file mode 100644
index 5bb3e0abf..000000000
--- a/hw/pckbd.c
+++ /dev/null
@@ -1,527 +0,0 @@
-/*
- * QEMU PC keyboard emulation
- *
- * Copyright (c) 2003 Fabrice Bellard
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
- * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
- * THE SOFTWARE.
- */
-#include "hw.h"
-#include "isa.h"
-#include "pc.h"
-#include "ps2.h"
-#include "sysemu.h"
-
-/* debug PC keyboard */
-//#define DEBUG_KBD
-#ifdef DEBUG_KBD
-#define DPRINTF(fmt, ...) \
- do { printf("KBD: " fmt , ## __VA_ARGS__); } while (0)
-#else
-#define DPRINTF(fmt, ...)
-#endif
-
-/* Keyboard Controller Commands */
-#define KBD_CCMD_READ_MODE 0x20 /* Read mode bits */
-#define KBD_CCMD_WRITE_MODE 0x60 /* Write mode bits */
-#define KBD_CCMD_GET_VERSION 0xA1 /* Get controller version */
-#define KBD_CCMD_MOUSE_DISABLE 0xA7 /* Disable mouse interface */
-#define KBD_CCMD_MOUSE_ENABLE 0xA8 /* Enable mouse interface */
-#define KBD_CCMD_TEST_MOUSE 0xA9 /* Mouse interface test */
-#define KBD_CCMD_SELF_TEST 0xAA /* Controller self test */
-#define KBD_CCMD_KBD_TEST 0xAB /* Keyboard interface test */
-#define KBD_CCMD_KBD_DISABLE 0xAD /* Keyboard interface disable */
-#define KBD_CCMD_KBD_ENABLE 0xAE /* Keyboard interface enable */
-#define KBD_CCMD_READ_INPORT 0xC0 /* read input port */
-#define KBD_CCMD_READ_OUTPORT 0xD0 /* read output port */
-#define KBD_CCMD_WRITE_OUTPORT 0xD1 /* write output port */
-#define KBD_CCMD_WRITE_OBUF 0xD2
-#define KBD_CCMD_WRITE_AUX_OBUF 0xD3 /* Write to output buffer as if
- initiated by the auxiliary device */
-#define KBD_CCMD_WRITE_MOUSE 0xD4 /* Write the following byte to the mouse */
-#define KBD_CCMD_DISABLE_A20 0xDD /* HP vectra only ? */
-#define KBD_CCMD_ENABLE_A20 0xDF /* HP vectra only ? */
-#define KBD_CCMD_PULSE_BITS_3_0 0xF0 /* Pulse bits 3-0 of the output port P2. */
-#define KBD_CCMD_RESET 0xFE /* Pulse bit 0 of the output port P2 = CPU reset. */
-#define KBD_CCMD_NO_OP 0xFF /* Pulse no bits of the output port P2. */
-
-/* Keyboard Commands */
-#define KBD_CMD_SET_LEDS 0xED /* Set keyboard leds */
-#define KBD_CMD_ECHO 0xEE
-#define KBD_CMD_GET_ID 0xF2 /* get keyboard ID */
-#define KBD_CMD_SET_RATE 0xF3 /* Set typematic rate */
-#define KBD_CMD_ENABLE 0xF4 /* Enable scanning */
-#define KBD_CMD_RESET_DISABLE 0xF5 /* reset and disable scanning */
-#define KBD_CMD_RESET_ENABLE 0xF6 /* reset and enable scanning */
-#define KBD_CMD_RESET 0xFF /* Reset */
-
-/* Keyboard Replies */
-#define KBD_REPLY_POR 0xAA /* Power on reset */
-#define KBD_REPLY_ACK 0xFA /* Command ACK */
-#define KBD_REPLY_RESEND 0xFE /* Command NACK, send the cmd again */
-
-/* Status Register Bits */
-#define KBD_STAT_OBF 0x01 /* Keyboard output buffer full */
-#define KBD_STAT_IBF 0x02 /* Keyboard input buffer full */
-#define KBD_STAT_SELFTEST 0x04 /* Self test successful */
-#define KBD_STAT_CMD 0x08 /* Last write was a command write (0=data) */
-#define KBD_STAT_UNLOCKED 0x10 /* Zero if keyboard locked */
-#define KBD_STAT_MOUSE_OBF 0x20 /* Mouse output buffer full */
-#define KBD_STAT_GTO 0x40 /* General receive/xmit timeout */
-#define KBD_STAT_PERR 0x80 /* Parity error */
-
-/* Controller Mode Register Bits */
-#define KBD_MODE_KBD_INT 0x01 /* Keyboard data generate IRQ1 */
-#define KBD_MODE_MOUSE_INT 0x02 /* Mouse data generate IRQ12 */
-#define KBD_MODE_SYS 0x04 /* The system flag (?) */
-#define KBD_MODE_NO_KEYLOCK 0x08 /* The keylock doesn't affect the keyboard if set */
-#define KBD_MODE_DISABLE_KBD 0x10 /* Disable keyboard interface */
-#define KBD_MODE_DISABLE_MOUSE 0x20 /* Disable mouse interface */
-#define KBD_MODE_KCC 0x40 /* Scan code conversion to PC format */
-#define KBD_MODE_RFU 0x80
-
-/* Output Port Bits */
-#define KBD_OUT_RESET 0x01 /* 1=normal mode, 0=reset */
-#define KBD_OUT_A20 0x02 /* x86 only */
-#define KBD_OUT_OBF 0x10 /* Keyboard output buffer full */
-#define KBD_OUT_MOUSE_OBF 0x20 /* Mouse output buffer full */
-
-/* Mouse Commands */
-#define AUX_SET_SCALE11 0xE6 /* Set 1:1 scaling */
-#define AUX_SET_SCALE21 0xE7 /* Set 2:1 scaling */
-#define AUX_SET_RES 0xE8 /* Set resolution */
-#define AUX_GET_SCALE 0xE9 /* Get scaling factor */
-#define AUX_SET_STREAM 0xEA /* Set stream mode */
-#define AUX_POLL 0xEB /* Poll */
-#define AUX_RESET_WRAP 0xEC /* Reset wrap mode */
-#define AUX_SET_WRAP 0xEE /* Set wrap mode */
-#define AUX_SET_REMOTE 0xF0 /* Set remote mode */
-#define AUX_GET_TYPE 0xF2 /* Get type */
-#define AUX_SET_SAMPLE 0xF3 /* Set sample rate */
-#define AUX_ENABLE_DEV 0xF4 /* Enable aux device */
-#define AUX_DISABLE_DEV 0xF5 /* Disable aux device */
-#define AUX_SET_DEFAULT 0xF6
-#define AUX_RESET 0xFF /* Reset aux device */
-#define AUX_ACK 0xFA /* Command byte ACK. */
-
-#define MOUSE_STATUS_REMOTE 0x40
-#define MOUSE_STATUS_ENABLED 0x20
-#define MOUSE_STATUS_SCALE21 0x10
-
-#define KBD_PENDING_KBD 1
-#define KBD_PENDING_AUX 2
-
-typedef struct KBDState {
- uint8_t write_cmd; /* if non zero, write data to port 60 is expected */
- uint8_t status;
- uint8_t mode;
- uint8_t outport;
- /* Bitmask of devices with data available. */
- uint8_t pending;
- void *kbd;
- void *mouse;
-
- qemu_irq irq_kbd;
- qemu_irq irq_mouse;
- qemu_irq *a20_out;
- hwaddr mask;
-} KBDState;
-
-/* update irq and KBD_STAT_[MOUSE_]OBF */
-/* XXX: not generating the irqs if KBD_MODE_DISABLE_KBD is set may be
- incorrect, but it avoids having to simulate exact delays */
-static void kbd_update_irq(KBDState *s)
-{
- int irq_kbd_level, irq_mouse_level;
-
- irq_kbd_level = 0;
- irq_mouse_level = 0;
- s->status &= ~(KBD_STAT_OBF | KBD_STAT_MOUSE_OBF);
- s->outport &= ~(KBD_OUT_OBF | KBD_OUT_MOUSE_OBF);
- if (s->pending) {
- s->status |= KBD_STAT_OBF;
- s->outport |= KBD_OUT_OBF;
- /* kbd data takes priority over aux data. */
- if (s->pending == KBD_PENDING_AUX) {
- s->status |= KBD_STAT_MOUSE_OBF;
- s->outport |= KBD_OUT_MOUSE_OBF;
- if (s->mode & KBD_MODE_MOUSE_INT)
- irq_mouse_level = 1;
- } else {
- if ((s->mode & KBD_MODE_KBD_INT) &&
- !(s->mode & KBD_MODE_DISABLE_KBD))
- irq_kbd_level = 1;
- }
- }
- qemu_set_irq(s->irq_kbd, irq_kbd_level);
- qemu_set_irq(s->irq_mouse, irq_mouse_level);
-}
-
-static void kbd_update_kbd_irq(void *opaque, int level)
-{
- KBDState *s = (KBDState *)opaque;
-
- if (level)
- s->pending |= KBD_PENDING_KBD;
- else
- s->pending &= ~KBD_PENDING_KBD;
- kbd_update_irq(s);
-}
-
-static void kbd_update_aux_irq(void *opaque, int level)
-{
- KBDState *s = (KBDState *)opaque;
-
- if (level)
- s->pending |= KBD_PENDING_AUX;
- else
- s->pending &= ~KBD_PENDING_AUX;
- kbd_update_irq(s);
-}
-
-static uint64_t kbd_read_status(void *opaque, hwaddr addr,
- unsigned size)
-{
- KBDState *s = opaque;
- int val;
- val = s->status;
- DPRINTF("kbd: read status=0x%02x\n", val);
- return val;
-}
-
-static void kbd_queue(KBDState *s, int b, int aux)
-{
- if (aux)
- ps2_queue(s->mouse, b);
- else
- ps2_queue(s->kbd, b);
-}
-
-static void outport_write(KBDState *s, uint32_t val)
-{
- DPRINTF("kbd: write outport=0x%02x\n", val);
- s->outport = val;
- if (s->a20_out) {
- qemu_set_irq(*s->a20_out, (val >> 1) & 1);
- }
- if (!(val & 1)) {
- qemu_system_reset_request();
- }
-}
-
-static void kbd_write_command(void *opaque, hwaddr addr,
- uint64_t val, unsigned size)
-{
- KBDState *s = opaque;
-
- DPRINTF("kbd: write cmd=0x%02x\n", val);
-
- /* Bits 3-0 of the output port P2 of the keyboard controller may be pulsed
- * low for approximately 6 micro seconds. Bits 3-0 of the KBD_CCMD_PULSE
- * command specify the output port bits to be pulsed.
- * 0: Bit should be pulsed. 1: Bit should not be modified.
- * The only useful version of this command is pulsing bit 0,
- * which does a CPU reset.
- */
- if((val & KBD_CCMD_PULSE_BITS_3_0) == KBD_CCMD_PULSE_BITS_3_0) {
- if(!(val & 1))
- val = KBD_CCMD_RESET;
- else
- val = KBD_CCMD_NO_OP;
- }
-
- switch(val) {
- case KBD_CCMD_READ_MODE:
- kbd_queue(s, s->mode, 0);
- break;
- case KBD_CCMD_WRITE_MODE:
- case KBD_CCMD_WRITE_OBUF:
- case KBD_CCMD_WRITE_AUX_OBUF:
- case KBD_CCMD_WRITE_MOUSE:
- case KBD_CCMD_WRITE_OUTPORT:
- s->write_cmd = val;
- break;
- case KBD_CCMD_MOUSE_DISABLE:
- s->mode |= KBD_MODE_DISABLE_MOUSE;
- break;
- case KBD_CCMD_MOUSE_ENABLE:
- s->mode &= ~KBD_MODE_DISABLE_MOUSE;
- break;
- case KBD_CCMD_TEST_MOUSE:
- kbd_queue(s, 0x00, 0);
- break;
- case KBD_CCMD_SELF_TEST:
- s->status |= KBD_STAT_SELFTEST;
- kbd_queue(s, 0x55, 0);
- break;
- case KBD_CCMD_KBD_TEST:
- kbd_queue(s, 0x00, 0);
- break;
- case KBD_CCMD_KBD_DISABLE:
- s->mode |= KBD_MODE_DISABLE_KBD;
- kbd_update_irq(s);
- break;
- case KBD_CCMD_KBD_ENABLE:
- s->mode &= ~KBD_MODE_DISABLE_KBD;
- kbd_update_irq(s);
- break;
- case KBD_CCMD_READ_INPORT:
- kbd_queue(s, 0x00, 0);
- break;
- case KBD_CCMD_READ_OUTPORT:
- kbd_queue(s, s->outport, 0);
- break;
- case KBD_CCMD_ENABLE_A20:
- if (s->a20_out) {
- qemu_irq_raise(*s->a20_out);
- }
- s->outport |= KBD_OUT_A20;
- break;
- case KBD_CCMD_DISABLE_A20:
- if (s->a20_out) {
- qemu_irq_lower(*s->a20_out);
- }
- s->outport &= ~KBD_OUT_A20;
- break;
- case KBD_CCMD_RESET:
- qemu_system_reset_request();
- break;
- case KBD_CCMD_NO_OP:
- /* ignore that */
- break;
- default:
- fprintf(stderr, "qemu: unsupported keyboard cmd=0x%02x\n", (int)val);
- break;
- }
-}
-
-static uint64_t kbd_read_data(void *opaque, hwaddr addr,
- unsigned size)
-{
- KBDState *s = opaque;
- uint32_t val;
-
- if (s->pending == KBD_PENDING_AUX)
- val = ps2_read_data(s->mouse);
- else
- val = ps2_read_data(s->kbd);
-
- DPRINTF("kbd: read data=0x%02x\n", val);
- return val;
-}
-
-static void kbd_write_data(void *opaque, hwaddr addr,
- uint64_t val, unsigned size)
-{
- KBDState *s = opaque;
-
- DPRINTF("kbd: write data=0x%02x\n", val);
-
- switch(s->write_cmd) {
- case 0:
- ps2_write_keyboard(s->kbd, val);
- break;
- case KBD_CCMD_WRITE_MODE:
- s->mode = val;
- ps2_keyboard_set_translation(s->kbd, (s->mode & KBD_MODE_KCC) != 0);
- /* ??? */
- kbd_update_irq(s);
- break;
- case KBD_CCMD_WRITE_OBUF:
- kbd_queue(s, val, 0);
- break;
- case KBD_CCMD_WRITE_AUX_OBUF:
- kbd_queue(s, val, 1);
- break;
- case KBD_CCMD_WRITE_OUTPORT:
- outport_write(s, val);
- break;
- case KBD_CCMD_WRITE_MOUSE:
- ps2_write_mouse(s->mouse, val);
- break;
- default:
- break;
- }
- s->write_cmd = 0;
-}
-
-static void kbd_reset(void *opaque)
-{
- KBDState *s = opaque;
-
- s->mode = KBD_MODE_KBD_INT | KBD_MODE_MOUSE_INT;
- s->status = KBD_STAT_CMD | KBD_STAT_UNLOCKED;
- s->outport = KBD_OUT_RESET | KBD_OUT_A20;
-}
-
-static const VMStateDescription vmstate_kbd = {
- .name = "pckbd",
- .version_id = 3,
- .minimum_version_id = 3,
- .minimum_version_id_old = 3,
- .fields = (VMStateField []) {
- VMSTATE_UINT8(write_cmd, KBDState),
- VMSTATE_UINT8(status, KBDState),
- VMSTATE_UINT8(mode, KBDState),
- VMSTATE_UINT8(pending, KBDState),
- VMSTATE_END_OF_LIST()
- }
-};
-
-/* Memory mapped interface */
-static uint32_t kbd_mm_readb (void *opaque, hwaddr addr)
-{
- KBDState *s = opaque;
-
- if (addr & s->mask)
- return kbd_read_status(s, 0, 1) & 0xff;
- else
- return kbd_read_data(s, 0, 1) & 0xff;
-}
-
-static void kbd_mm_writeb (void *opaque, hwaddr addr, uint32_t value)
-{
- KBDState *s = opaque;
-
- if (addr & s->mask)
- kbd_write_command(s, 0, value & 0xff, 1);
- else
- kbd_write_data(s, 0, value & 0xff, 1);
-}
-
-static const MemoryRegionOps i8042_mmio_ops = {
- .endianness = DEVICE_NATIVE_ENDIAN,
- .old_mmio = {
- .read = { kbd_mm_readb, kbd_mm_readb, kbd_mm_readb },
- .write = { kbd_mm_writeb, kbd_mm_writeb, kbd_mm_writeb },
- },
-};
-
-void i8042_mm_init(qemu_irq kbd_irq, qemu_irq mouse_irq,
- MemoryRegion *region, ram_addr_t size,
- hwaddr mask)
-{
- KBDState *s = g_malloc0(sizeof(KBDState));
-
- s->irq_kbd = kbd_irq;
- s->irq_mouse = mouse_irq;
- s->mask = mask;
-
- vmstate_register(NULL, 0, &vmstate_kbd, s);
-
- memory_region_init_io(region, &i8042_mmio_ops, s, "i8042", size);
-
- s->kbd = ps2_kbd_init(kbd_update_kbd_irq, s);
- s->mouse = ps2_mouse_init(kbd_update_aux_irq, s);
- qemu_register_reset(kbd_reset, s);
-}
-
-typedef struct ISAKBDState {
- ISADevice dev;
- KBDState kbd;
- MemoryRegion io[2];
-} ISAKBDState;
-
-void i8042_isa_mouse_fake_event(void *opaque)
-{
- ISADevice *dev = opaque;
- KBDState *s = &(DO_UPCAST(ISAKBDState, dev, dev)->kbd);
-
- ps2_mouse_fake_event(s->mouse);
-}
-
-void i8042_setup_a20_line(ISADevice *dev, qemu_irq *a20_out)
-{
- KBDState *s = &(DO_UPCAST(ISAKBDState, dev, dev)->kbd);
-
- s->a20_out = a20_out;
-}
-
-static const VMStateDescription vmstate_kbd_isa = {
- .name = "pckbd",
- .version_id = 3,
- .minimum_version_id = 3,
- .minimum_version_id_old = 3,
- .fields = (VMStateField []) {
- VMSTATE_STRUCT(kbd, ISAKBDState, 0, vmstate_kbd, KBDState),
- VMSTATE_END_OF_LIST()
- }
-};
-
-static const MemoryRegionOps i8042_data_ops = {
- .read = kbd_read_data,
- .write = kbd_write_data,
- .impl = {
- .min_access_size = 1,
- .max_access_size = 1,
- },
- .endianness = DEVICE_LITTLE_ENDIAN,
-};
-
-static const MemoryRegionOps i8042_cmd_ops = {
- .read = kbd_read_status,
- .write = kbd_write_command,
- .impl = {
- .min_access_size = 1,
- .max_access_size = 1,
- },
- .endianness = DEVICE_LITTLE_ENDIAN,
-};
-
-static int i8042_initfn(ISADevice *dev)
-{
- ISAKBDState *isa_s = DO_UPCAST(ISAKBDState, dev, dev);
- KBDState *s = &isa_s->kbd;
-
- isa_init_irq(dev, &s->irq_kbd, 1);
- isa_init_irq(dev, &s->irq_mouse, 12);
-
- memory_region_init_io(isa_s->io + 0, &i8042_data_ops, s, "i8042-data", 1);
- isa_register_ioport(dev, isa_s->io + 0, 0x60);
-
- memory_region_init_io(isa_s->io + 1, &i8042_cmd_ops, s, "i8042-cmd", 1);
- isa_register_ioport(dev, isa_s->io + 1, 0x64);
-
- s->kbd = ps2_kbd_init(kbd_update_kbd_irq, s);
- s->mouse = ps2_mouse_init(kbd_update_aux_irq, s);
- qemu_register_reset(kbd_reset, s);
- return 0;
-}
-
-static void i8042_class_initfn(ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS(klass);
- ISADeviceClass *ic = ISA_DEVICE_CLASS(klass);
- ic->init = i8042_initfn;
- dc->no_user = 1;
- dc->vmsd = &vmstate_kbd_isa;
-}
-
-static TypeInfo i8042_info = {
- .name = "i8042",
- .parent = TYPE_ISA_DEVICE,
- .instance_size = sizeof(ISAKBDState),
- .class_init = i8042_class_initfn,
-};
-
-static void i8042_register_types(void)
-{
- type_register_static(&i8042_info);
-}
-
-type_init(i8042_register_types)
diff --git a/hw/pcmcia.h b/hw/pcmcia.h
deleted file mode 100644
index 50648c973..000000000
--- a/hw/pcmcia.h
+++ /dev/null
@@ -1,51 +0,0 @@
-/* PCMCIA/Cardbus */
-
-#include "qemu-common.h"
-
-typedef struct {
- qemu_irq irq;
- int attached;
- const char *slot_string;
- const char *card_string;
-} PCMCIASocket;
-
-void pcmcia_socket_register(PCMCIASocket *socket);
-void pcmcia_socket_unregister(PCMCIASocket *socket);
-void pcmcia_info(Monitor *mon);
-
-struct PCMCIACardState {
- void *state;
- PCMCIASocket *slot;
- int (*attach)(void *state);
- int (*detach)(void *state);
- const uint8_t *cis;
- int cis_len;
-
- /* Only valid if attached */
- uint8_t (*attr_read)(void *state, uint32_t address);
- void (*attr_write)(void *state, uint32_t address, uint8_t value);
- uint16_t (*common_read)(void *state, uint32_t address);
- void (*common_write)(void *state, uint32_t address, uint16_t value);
- uint16_t (*io_read)(void *state, uint32_t address);
- void (*io_write)(void *state, uint32_t address, uint16_t value);
-};
-
-#define CISTPL_DEVICE 0x01 /* 5V Device Information Tuple */
-#define CISTPL_NO_LINK 0x14 /* No Link Tuple */
-#define CISTPL_VERS_1 0x15 /* Level 1 Version Tuple */
-#define CISTPL_JEDEC_C 0x18 /* JEDEC ID Tuple */
-#define CISTPL_JEDEC_A 0x19 /* JEDEC ID Tuple */
-#define CISTPL_CONFIG 0x1a /* Configuration Tuple */
-#define CISTPL_CFTABLE_ENTRY 0x1b /* 16-bit PCCard Configuration */
-#define CISTPL_DEVICE_OC 0x1c /* Additional Device Information */
-#define CISTPL_DEVICE_OA 0x1d /* Additional Device Information */
-#define CISTPL_DEVICE_GEO 0x1e /* Additional Device Information */
-#define CISTPL_DEVICE_GEO_A 0x1f /* Additional Device Information */
-#define CISTPL_MANFID 0x20 /* Manufacture ID Tuple */
-#define CISTPL_FUNCID 0x21 /* Function ID Tuple */
-#define CISTPL_FUNCE 0x22 /* Function Extension Tuple */
-#define CISTPL_END 0xff /* Tuple End */
-#define CISTPL_ENDMARK 0xff
-
-/* dscm1xxxx.c */
-PCMCIACardState *dscm1xxxx_init(DriveInfo *bdrv);
diff --git a/hw/pcnet-pci.c b/hw/pcnet-pci.c
deleted file mode 100644
index 0bf438ffe..000000000
--- a/hw/pcnet-pci.c
+++ /dev/null
@@ -1,376 +0,0 @@
-/*
- * QEMU AMD PC-Net II (Am79C970A) PCI emulation
- *
- * Copyright (c) 2004 Antony T Curtis
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
- * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
- * THE SOFTWARE.
- */
-
-/* This software was written to be compatible with the specification:
- * AMD Am79C970A PCnet-PCI II Ethernet Controller Data-Sheet
- * AMD Publication# 19436 Rev:E Amendment/0 Issue Date: June 2000
- */
-
-#include "pci.h"
-#include "net.h"
-#include "loader.h"
-#include "qemu-timer.h"
-#include "dma.h"
-
-#include "pcnet.h"
-
-//#define PCNET_DEBUG
-//#define PCNET_DEBUG_IO
-//#define PCNET_DEBUG_BCR
-//#define PCNET_DEBUG_CSR
-//#define PCNET_DEBUG_RMD
-//#define PCNET_DEBUG_TMD
-//#define PCNET_DEBUG_MATCH
-
-
-typedef struct {
- PCIDevice pci_dev;
- PCNetState state;
- MemoryRegion io_bar;
-} PCIPCNetState;
-
-static void pcnet_aprom_writeb(void *opaque, uint32_t addr, uint32_t val)
-{
- PCNetState *s = opaque;
-#ifdef PCNET_DEBUG
- printf("pcnet_aprom_writeb addr=0x%08x val=0x%02x\n", addr, val);
-#endif
- if (BCR_APROMWE(s)) {
- s->prom[addr & 15] = val;
- }
-}
-
-static uint32_t pcnet_aprom_readb(void *opaque, uint32_t addr)
-{
- PCNetState *s = opaque;
- uint32_t val = s->prom[addr & 15];
-#ifdef PCNET_DEBUG
- printf("pcnet_aprom_readb addr=0x%08x val=0x%02x\n", addr, val);
-#endif
- return val;
-}
-
-static uint64_t pcnet_ioport_read(void *opaque, hwaddr addr,
- unsigned size)
-{
- PCNetState *d = opaque;
-
- if (addr < 0x10) {
- if (!BCR_DWIO(d) && size == 1) {
- return pcnet_aprom_readb(d, addr);
- } else if (!BCR_DWIO(d) && (addr & 1) == 0 && size == 2) {
- return pcnet_aprom_readb(d, addr) |
- (pcnet_aprom_readb(d, addr + 1) << 8);
- } else if (BCR_DWIO(d) && (addr & 3) == 0 && size == 4) {
- return pcnet_aprom_readb(d, addr) |
- (pcnet_aprom_readb(d, addr + 1) << 8) |
- (pcnet_aprom_readb(d, addr + 2) << 16) |
- (pcnet_aprom_readb(d, addr + 3) << 24);
- }
- } else {
- if (size == 2) {
- return pcnet_ioport_readw(d, addr);
- } else if (size == 4) {
- return pcnet_ioport_readl(d, addr);
- }
- }
- return ((uint64_t)1 << (size * 8)) - 1;
-}
-
-static void pcnet_ioport_write(void *opaque, hwaddr addr,
- uint64_t data, unsigned size)
-{
- PCNetState *d = opaque;
-
- if (addr < 0x10) {
- if (!BCR_DWIO(d) && size == 1) {
- pcnet_aprom_writeb(d, addr, data);
- } else if (!BCR_DWIO(d) && (addr & 1) == 0 && size == 2) {
- pcnet_aprom_writeb(d, addr, data & 0xff);
- pcnet_aprom_writeb(d, addr + 1, data >> 8);
- } else if (BCR_DWIO(d) && (addr & 3) == 0 && size == 4) {
- pcnet_aprom_writeb(d, addr, data & 0xff);
- pcnet_aprom_writeb(d, addr + 1, (data >> 8) & 0xff);
- pcnet_aprom_writeb(d, addr + 2, (data >> 16) & 0xff);
- pcnet_aprom_writeb(d, addr + 3, data >> 24);
- }
- } else {
- if (size == 2) {
- pcnet_ioport_writew(d, addr, data);
- } else if (size == 4) {
- pcnet_ioport_writel(d, addr, data);
- }
- }
-}
-
-static const MemoryRegionOps pcnet_io_ops = {
- .read = pcnet_ioport_read,
- .write = pcnet_ioport_write,
- .endianness = DEVICE_NATIVE_ENDIAN,
-};
-
-static void pcnet_mmio_writeb(void *opaque, hwaddr addr, uint32_t val)
-{
- PCNetState *d = opaque;
-#ifdef PCNET_DEBUG_IO
- printf("pcnet_mmio_writeb addr=0x" TARGET_FMT_plx" val=0x%02x\n", addr,
- val);
-#endif
- if (!(addr & 0x10))
- pcnet_aprom_writeb(d, addr & 0x0f, val);
-}
-
-static uint32_t pcnet_mmio_readb(void *opaque, hwaddr addr)
-{
- PCNetState *d = opaque;
- uint32_t val = -1;
- if (!(addr & 0x10))
- val = pcnet_aprom_readb(d, addr & 0x0f);
-#ifdef PCNET_DEBUG_IO
- printf("pcnet_mmio_readb addr=0x" TARGET_FMT_plx " val=0x%02x\n", addr,
- val & 0xff);
-#endif
- return val;
-}
-
-static void pcnet_mmio_writew(void *opaque, hwaddr addr, uint32_t val)
-{
- PCNetState *d = opaque;
-#ifdef PCNET_DEBUG_IO
- printf("pcnet_mmio_writew addr=0x" TARGET_FMT_plx " val=0x%04x\n", addr,
- val);
-#endif
- if (addr & 0x10)
- pcnet_ioport_writew(d, addr & 0x0f, val);
- else {
- addr &= 0x0f;
- pcnet_aprom_writeb(d, addr, val & 0xff);
- pcnet_aprom_writeb(d, addr+1, (val & 0xff00) >> 8);
- }
-}
-
-static uint32_t pcnet_mmio_readw(void *opaque, hwaddr addr)
-{
- PCNetState *d = opaque;
- uint32_t val = -1;
- if (addr & 0x10)
- val = pcnet_ioport_readw(d, addr & 0x0f);
- else {
- addr &= 0x0f;
- val = pcnet_aprom_readb(d, addr+1);
- val <<= 8;
- val |= pcnet_aprom_readb(d, addr);
- }
-#ifdef PCNET_DEBUG_IO
- printf("pcnet_mmio_readw addr=0x" TARGET_FMT_plx" val = 0x%04x\n", addr,
- val & 0xffff);
-#endif
- return val;
-}
-
-static void pcnet_mmio_writel(void *opaque, hwaddr addr, uint32_t val)
-{
- PCNetState *d = opaque;
-#ifdef PCNET_DEBUG_IO
- printf("pcnet_mmio_writel addr=0x" TARGET_FMT_plx" val=0x%08x\n", addr,
- val);
-#endif
- if (addr & 0x10)
- pcnet_ioport_writel(d, addr & 0x0f, val);
- else {
- addr &= 0x0f;
- pcnet_aprom_writeb(d, addr, val & 0xff);
- pcnet_aprom_writeb(d, addr+1, (val & 0xff00) >> 8);
- pcnet_aprom_writeb(d, addr+2, (val & 0xff0000) >> 16);
- pcnet_aprom_writeb(d, addr+3, (val & 0xff000000) >> 24);
- }
-}
-
-static uint32_t pcnet_mmio_readl(void *opaque, hwaddr addr)
-{
- PCNetState *d = opaque;
- uint32_t val;
- if (addr & 0x10)
- val = pcnet_ioport_readl(d, addr & 0x0f);
- else {
- addr &= 0x0f;
- val = pcnet_aprom_readb(d, addr+3);
- val <<= 8;
- val |= pcnet_aprom_readb(d, addr+2);
- val <<= 8;
- val |= pcnet_aprom_readb(d, addr+1);
- val <<= 8;
- val |= pcnet_aprom_readb(d, addr);
- }
-#ifdef PCNET_DEBUG_IO
- printf("pcnet_mmio_readl addr=0x" TARGET_FMT_plx " val=0x%08x\n", addr,
- val);
-#endif
- return val;
-}
-
-static const VMStateDescription vmstate_pci_pcnet = {
- .name = "pcnet",
- .version_id = 3,
- .minimum_version_id = 2,
- .minimum_version_id_old = 2,
- .fields = (VMStateField []) {
- VMSTATE_PCI_DEVICE(pci_dev, PCIPCNetState),
- VMSTATE_STRUCT(state, PCIPCNetState, 0, vmstate_pcnet, PCNetState),
- VMSTATE_END_OF_LIST()
- }
-};
-
-/* PCI interface */
-
-static const MemoryRegionOps pcnet_mmio_ops = {
- .old_mmio = {
- .read = { pcnet_mmio_readb, pcnet_mmio_readw, pcnet_mmio_readl },
- .write = { pcnet_mmio_writeb, pcnet_mmio_writew, pcnet_mmio_writel },
- },
- .endianness = DEVICE_NATIVE_ENDIAN,
-};
-
-static void pci_physical_memory_write(void *dma_opaque, hwaddr addr,
- uint8_t *buf, int len, int do_bswap)
-{
- pci_dma_write(dma_opaque, addr, buf, len);
-}
-
-static void pci_physical_memory_read(void *dma_opaque, hwaddr addr,
- uint8_t *buf, int len, int do_bswap)
-{
- pci_dma_read(dma_opaque, addr, buf, len);
-}
-
-static void pci_pcnet_cleanup(NetClientState *nc)
-{
- PCNetState *d = DO_UPCAST(NICState, nc, nc)->opaque;
-
- pcnet_common_cleanup(d);
-}
-
-static void pci_pcnet_uninit(PCIDevice *dev)
-{
- PCIPCNetState *d = DO_UPCAST(PCIPCNetState, pci_dev, dev);
-
- memory_region_destroy(&d->state.mmio);
- memory_region_destroy(&d->io_bar);
- qemu_del_timer(d->state.poll_timer);
- qemu_free_timer(d->state.poll_timer);
- qemu_del_net_client(&d->state.nic->nc);
-}
-
-static NetClientInfo net_pci_pcnet_info = {
- .type = NET_CLIENT_OPTIONS_KIND_NIC,
- .size = sizeof(NICState),
- .can_receive = pcnet_can_receive,
- .receive = pcnet_receive,
- .link_status_changed = pcnet_set_link_status,
- .cleanup = pci_pcnet_cleanup,
-};
-
-static int pci_pcnet_init(PCIDevice *pci_dev)
-{
- PCIPCNetState *d = DO_UPCAST(PCIPCNetState, pci_dev, pci_dev);
- PCNetState *s = &d->state;
- uint8_t *pci_conf;
-
-#if 0
- printf("sizeof(RMD)=%d, sizeof(TMD)=%d\n",
- sizeof(struct pcnet_RMD), sizeof(struct pcnet_TMD));
-#endif
-
- pci_conf = pci_dev->config;
-
- pci_set_word(pci_conf + PCI_STATUS,
- PCI_STATUS_FAST_BACK | PCI_STATUS_DEVSEL_MEDIUM);
-
- pci_set_word(pci_conf + PCI_SUBSYSTEM_VENDOR_ID, 0x0);
- pci_set_word(pci_conf + PCI_SUBSYSTEM_ID, 0x0);
-
- pci_conf[PCI_INTERRUPT_PIN] = 1; /* interrupt pin A */
- pci_conf[PCI_MIN_GNT] = 0x06;
- pci_conf[PCI_MAX_LAT] = 0xff;
-
- /* Handler for memory-mapped I/O */
- memory_region_init_io(&d->state.mmio, &pcnet_mmio_ops, s, "pcnet-mmio",
- PCNET_PNPMMIO_SIZE);
-
- memory_region_init_io(&d->io_bar, &pcnet_io_ops, s, "pcnet-io",
- PCNET_IOPORT_SIZE);
- pci_register_bar(pci_dev, 0, PCI_BASE_ADDRESS_SPACE_IO, &d->io_bar);
-
- pci_register_bar(pci_dev, 1, 0, &s->mmio);
-
- s->irq = pci_dev->irq[0];
- s->phys_mem_read = pci_physical_memory_read;
- s->phys_mem_write = pci_physical_memory_write;
- s->dma_opaque = pci_dev;
-
- return pcnet_common_init(&pci_dev->qdev, s, &net_pci_pcnet_info);
-}
-
-static void pci_reset(DeviceState *dev)
-{
- PCIPCNetState *d = DO_UPCAST(PCIPCNetState, pci_dev.qdev, dev);
-
- pcnet_h_reset(&d->state);
-}
-
-static Property pcnet_properties[] = {
- DEFINE_NIC_PROPERTIES(PCIPCNetState, state.conf),
- DEFINE_PROP_END_OF_LIST(),
-};
-
-static void pcnet_class_init(ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS(klass);
- PCIDeviceClass *k = PCI_DEVICE_CLASS(klass);
-
- k->init = pci_pcnet_init;
- k->exit = pci_pcnet_uninit;
- k->romfile = "pxe-pcnet.rom",
- k->vendor_id = PCI_VENDOR_ID_AMD;
- k->device_id = PCI_DEVICE_ID_AMD_LANCE;
- k->revision = 0x10;
- k->class_id = PCI_CLASS_NETWORK_ETHERNET;
- dc->reset = pci_reset;
- dc->vmsd = &vmstate_pci_pcnet;
- dc->props = pcnet_properties;
-}
-
-static TypeInfo pcnet_info = {
- .name = "pcnet",
- .parent = TYPE_PCI_DEVICE,
- .instance_size = sizeof(PCIPCNetState),
- .class_init = pcnet_class_init,
-};
-
-static void pci_pcnet_register_types(void)
-{
- type_register_static(&pcnet_info);
-}
-
-type_init(pci_pcnet_register_types)
diff --git a/hw/pcnet.c b/hw/pcnet.c
deleted file mode 100644
index 54eecd01d..000000000
--- a/hw/pcnet.c
+++ /dev/null
@@ -1,1767 +0,0 @@
-/*
- * QEMU AMD PC-Net II (Am79C970A) emulation
- *
- * Copyright (c) 2004 Antony T Curtis
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
- * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
- * THE SOFTWARE.
- */
-
-/* This software was written to be compatible with the specification:
- * AMD Am79C970A PCnet-PCI II Ethernet Controller Data-Sheet
- * AMD Publication# 19436 Rev:E Amendment/0 Issue Date: June 2000
- */
-
-/*
- * On Sparc32, this is the Lance (Am7990) part of chip STP2000 (Master I/O), also
- * produced as NCR89C100. See
- * http://www.ibiblio.org/pub/historic-linux/early-ports/Sparc/NCR/NCR89C100.txt
- * and
- * http://www.ibiblio.org/pub/historic-linux/early-ports/Sparc/NCR/NCR92C990.txt
- */
-
-#include "qdev.h"
-#include "net.h"
-#include "qemu-timer.h"
-#include "qemu_socket.h"
-#include "sysemu.h"
-
-#include "pcnet.h"
-
-//#define PCNET_DEBUG
-//#define PCNET_DEBUG_IO
-//#define PCNET_DEBUG_BCR
-//#define PCNET_DEBUG_CSR
-//#define PCNET_DEBUG_RMD
-//#define PCNET_DEBUG_TMD
-//#define PCNET_DEBUG_MATCH
-
-
-struct qemu_ether_header {
- uint8_t ether_dhost[6];
- uint8_t ether_shost[6];
- uint16_t ether_type;
-};
-
-#define CSR_INIT(S) !!(((S)->csr[0])&0x0001)
-#define CSR_STRT(S) !!(((S)->csr[0])&0x0002)
-#define CSR_STOP(S) !!(((S)->csr[0])&0x0004)
-#define CSR_TDMD(S) !!(((S)->csr[0])&0x0008)
-#define CSR_TXON(S) !!(((S)->csr[0])&0x0010)
-#define CSR_RXON(S) !!(((S)->csr[0])&0x0020)
-#define CSR_INEA(S) !!(((S)->csr[0])&0x0040)
-#define CSR_BSWP(S) !!(((S)->csr[3])&0x0004)
-#define CSR_LAPPEN(S) !!(((S)->csr[3])&0x0020)
-#define CSR_DXSUFLO(S) !!(((S)->csr[3])&0x0040)
-#define CSR_ASTRP_RCV(S) !!(((S)->csr[4])&0x0800)
-#define CSR_DPOLL(S) !!(((S)->csr[4])&0x1000)
-#define CSR_SPND(S) !!(((S)->csr[5])&0x0001)
-#define CSR_LTINTEN(S) !!(((S)->csr[5])&0x4000)
-#define CSR_TOKINTD(S) !!(((S)->csr[5])&0x8000)
-#define CSR_DRX(S) !!(((S)->csr[15])&0x0001)
-#define CSR_DTX(S) !!(((S)->csr[15])&0x0002)
-#define CSR_LOOP(S) !!(((S)->csr[15])&0x0004)
-#define CSR_DXMTFCS(S) !!(((S)->csr[15])&0x0008)
-#define CSR_INTL(S) !!(((S)->csr[15])&0x0040)
-#define CSR_DRCVPA(S) !!(((S)->csr[15])&0x2000)
-#define CSR_DRCVBC(S) !!(((S)->csr[15])&0x4000)
-#define CSR_PROM(S) !!(((S)->csr[15])&0x8000)
-
-#define CSR_CRBC(S) ((S)->csr[40])
-#define CSR_CRST(S) ((S)->csr[41])
-#define CSR_CXBC(S) ((S)->csr[42])
-#define CSR_CXST(S) ((S)->csr[43])
-#define CSR_NRBC(S) ((S)->csr[44])
-#define CSR_NRST(S) ((S)->csr[45])
-#define CSR_POLL(S) ((S)->csr[46])
-#define CSR_PINT(S) ((S)->csr[47])
-#define CSR_RCVRC(S) ((S)->csr[72])
-#define CSR_XMTRC(S) ((S)->csr[74])
-#define CSR_RCVRL(S) ((S)->csr[76])
-#define CSR_XMTRL(S) ((S)->csr[78])
-#define CSR_MISSC(S) ((S)->csr[112])
-
-#define CSR_IADR(S) ((S)->csr[ 1] | ((uint32_t)(S)->csr[ 2] << 16))
-#define CSR_CRBA(S) ((S)->csr[18] | ((uint32_t)(S)->csr[19] << 16))
-#define CSR_CXBA(S) ((S)->csr[20] | ((uint32_t)(S)->csr[21] << 16))
-#define CSR_NRBA(S) ((S)->csr[22] | ((uint32_t)(S)->csr[23] << 16))
-#define CSR_BADR(S) ((S)->csr[24] | ((uint32_t)(S)->csr[25] << 16))
-#define CSR_NRDA(S) ((S)->csr[26] | ((uint32_t)(S)->csr[27] << 16))
-#define CSR_CRDA(S) ((S)->csr[28] | ((uint32_t)(S)->csr[29] << 16))
-#define CSR_BADX(S) ((S)->csr[30] | ((uint32_t)(S)->csr[31] << 16))
-#define CSR_NXDA(S) ((S)->csr[32] | ((uint32_t)(S)->csr[33] << 16))
-#define CSR_CXDA(S) ((S)->csr[34] | ((uint32_t)(S)->csr[35] << 16))
-#define CSR_NNRD(S) ((S)->csr[36] | ((uint32_t)(S)->csr[37] << 16))
-#define CSR_NNXD(S) ((S)->csr[38] | ((uint32_t)(S)->csr[39] << 16))
-#define CSR_PXDA(S) ((S)->csr[60] | ((uint32_t)(S)->csr[61] << 16))
-#define CSR_NXBA(S) ((S)->csr[64] | ((uint32_t)(S)->csr[65] << 16))
-
-#define PHYSADDR(S,A) \
- (BCR_SSIZE32(S) ? (A) : (A) | ((0xff00 & (uint32_t)(S)->csr[2])<<16))
-
-struct pcnet_initblk16 {
- uint16_t mode;
- uint16_t padr[3];
- uint16_t ladrf[4];
- uint32_t rdra;
- uint32_t tdra;
-};
-
-struct pcnet_initblk32 {
- uint16_t mode;
- uint8_t rlen;
- uint8_t tlen;
- uint16_t padr[3];
- uint16_t _res;
- uint16_t ladrf[4];
- uint32_t rdra;
- uint32_t tdra;
-};
-
-struct pcnet_TMD {
- uint32_t tbadr;
- int16_t length;
- int16_t status;
- uint32_t misc;
- uint32_t res;
-};
-
-#define TMDL_BCNT_MASK 0x0fff
-#define TMDL_BCNT_SH 0
-#define TMDL_ONES_MASK 0xf000
-#define TMDL_ONES_SH 12
-
-#define TMDS_BPE_MASK 0x0080
-#define TMDS_BPE_SH 7
-#define TMDS_ENP_MASK 0x0100
-#define TMDS_ENP_SH 8
-#define TMDS_STP_MASK 0x0200
-#define TMDS_STP_SH 9
-#define TMDS_DEF_MASK 0x0400
-#define TMDS_DEF_SH 10
-#define TMDS_ONE_MASK 0x0800
-#define TMDS_ONE_SH 11
-#define TMDS_LTINT_MASK 0x1000
-#define TMDS_LTINT_SH 12
-#define TMDS_NOFCS_MASK 0x2000
-#define TMDS_NOFCS_SH 13
-#define TMDS_ADDFCS_MASK TMDS_NOFCS_MASK
-#define TMDS_ADDFCS_SH TMDS_NOFCS_SH
-#define TMDS_ERR_MASK 0x4000
-#define TMDS_ERR_SH 14
-#define TMDS_OWN_MASK 0x8000
-#define TMDS_OWN_SH 15
-
-#define TMDM_TRC_MASK 0x0000000f
-#define TMDM_TRC_SH 0
-#define TMDM_TDR_MASK 0x03ff0000
-#define TMDM_TDR_SH 16
-#define TMDM_RTRY_MASK 0x04000000
-#define TMDM_RTRY_SH 26
-#define TMDM_LCAR_MASK 0x08000000
-#define TMDM_LCAR_SH 27
-#define TMDM_LCOL_MASK 0x10000000
-#define TMDM_LCOL_SH 28
-#define TMDM_EXDEF_MASK 0x20000000
-#define TMDM_EXDEF_SH 29
-#define TMDM_UFLO_MASK 0x40000000
-#define TMDM_UFLO_SH 30
-#define TMDM_BUFF_MASK 0x80000000
-#define TMDM_BUFF_SH 31
-
-struct pcnet_RMD {
- uint32_t rbadr;
- int16_t buf_length;
- int16_t status;
- uint32_t msg_length;
- uint32_t res;
-};
-
-#define RMDL_BCNT_MASK 0x0fff
-#define RMDL_BCNT_SH 0
-#define RMDL_ONES_MASK 0xf000
-#define RMDL_ONES_SH 12
-
-#define RMDS_BAM_MASK 0x0010
-#define RMDS_BAM_SH 4
-#define RMDS_LFAM_MASK 0x0020
-#define RMDS_LFAM_SH 5
-#define RMDS_PAM_MASK 0x0040
-#define RMDS_PAM_SH 6
-#define RMDS_BPE_MASK 0x0080
-#define RMDS_BPE_SH 7
-#define RMDS_ENP_MASK 0x0100
-#define RMDS_ENP_SH 8
-#define RMDS_STP_MASK 0x0200
-#define RMDS_STP_SH 9
-#define RMDS_BUFF_MASK 0x0400
-#define RMDS_BUFF_SH 10
-#define RMDS_CRC_MASK 0x0800
-#define RMDS_CRC_SH 11
-#define RMDS_OFLO_MASK 0x1000
-#define RMDS_OFLO_SH 12
-#define RMDS_FRAM_MASK 0x2000
-#define RMDS_FRAM_SH 13
-#define RMDS_ERR_MASK 0x4000
-#define RMDS_ERR_SH 14
-#define RMDS_OWN_MASK 0x8000
-#define RMDS_OWN_SH 15
-
-#define RMDM_MCNT_MASK 0x00000fff
-#define RMDM_MCNT_SH 0
-#define RMDM_ZEROS_MASK 0x0000f000
-#define RMDM_ZEROS_SH 12
-#define RMDM_RPC_MASK 0x00ff0000
-#define RMDM_RPC_SH 16
-#define RMDM_RCC_MASK 0xff000000
-#define RMDM_RCC_SH 24
-
-#define SET_FIELD(regp, name, field, value) \
- (*(regp) = (*(regp) & ~(name ## _ ## field ## _MASK)) \
- | ((value) << name ## _ ## field ## _SH))
-
-#define GET_FIELD(reg, name, field) \
- (((reg) & name ## _ ## field ## _MASK) >> name ## _ ## field ## _SH)
-
-#define PRINT_TMD(T) printf( \
- "TMD0 : TBADR=0x%08x\n" \
- "TMD1 : OWN=%d, ERR=%d, FCS=%d, LTI=%d, " \
- "ONE=%d, DEF=%d, STP=%d, ENP=%d,\n" \
- " BPE=%d, BCNT=%d\n" \
- "TMD2 : BUF=%d, UFL=%d, EXD=%d, LCO=%d, " \
- "LCA=%d, RTR=%d,\n" \
- " TDR=%d, TRC=%d\n", \
- (T)->tbadr, \
- GET_FIELD((T)->status, TMDS, OWN), \
- GET_FIELD((T)->status, TMDS, ERR), \
- GET_FIELD((T)->status, TMDS, NOFCS), \
- GET_FIELD((T)->status, TMDS, LTINT), \
- GET_FIELD((T)->status, TMDS, ONE), \
- GET_FIELD((T)->status, TMDS, DEF), \
- GET_FIELD((T)->status, TMDS, STP), \
- GET_FIELD((T)->status, TMDS, ENP), \
- GET_FIELD((T)->status, TMDS, BPE), \
- 4096-GET_FIELD((T)->length, TMDL, BCNT), \
- GET_FIELD((T)->misc, TMDM, BUFF), \
- GET_FIELD((T)->misc, TMDM, UFLO), \
- GET_FIELD((T)->misc, TMDM, EXDEF), \
- GET_FIELD((T)->misc, TMDM, LCOL), \
- GET_FIELD((T)->misc, TMDM, LCAR), \
- GET_FIELD((T)->misc, TMDM, RTRY), \
- GET_FIELD((T)->misc, TMDM, TDR), \
- GET_FIELD((T)->misc, TMDM, TRC))
-
-#define PRINT_RMD(R) printf( \
- "RMD0 : RBADR=0x%08x\n" \
- "RMD1 : OWN=%d, ERR=%d, FRAM=%d, OFLO=%d, " \
- "CRC=%d, BUFF=%d, STP=%d, ENP=%d,\n " \
- "BPE=%d, PAM=%d, LAFM=%d, BAM=%d, ONES=%d, BCNT=%d\n" \
- "RMD2 : RCC=%d, RPC=%d, MCNT=%d, ZEROS=%d\n", \
- (R)->rbadr, \
- GET_FIELD((R)->status, RMDS, OWN), \
- GET_FIELD((R)->status, RMDS, ERR), \
- GET_FIELD((R)->status, RMDS, FRAM), \
- GET_FIELD((R)->status, RMDS, OFLO), \
- GET_FIELD((R)->status, RMDS, CRC), \
- GET_FIELD((R)->status, RMDS, BUFF), \
- GET_FIELD((R)->status, RMDS, STP), \
- GET_FIELD((R)->status, RMDS, ENP), \
- GET_FIELD((R)->status, RMDS, BPE), \
- GET_FIELD((R)->status, RMDS, PAM), \
- GET_FIELD((R)->status, RMDS, LFAM), \
- GET_FIELD((R)->status, RMDS, BAM), \
- GET_FIELD((R)->buf_length, RMDL, ONES), \
- 4096-GET_FIELD((R)->buf_length, RMDL, BCNT), \
- GET_FIELD((R)->msg_length, RMDM, RCC), \
- GET_FIELD((R)->msg_length, RMDM, RPC), \
- GET_FIELD((R)->msg_length, RMDM, MCNT), \
- GET_FIELD((R)->msg_length, RMDM, ZEROS))
-
-static inline void pcnet_tmd_load(PCNetState *s, struct pcnet_TMD *tmd,
- hwaddr addr)
-{
- if (!BCR_SSIZE32(s)) {
- struct {
- uint32_t tbadr;
- int16_t length;
- int16_t status;
- } xda;
- s->phys_mem_read(s->dma_opaque, addr, (void *)&xda, sizeof(xda), 0);
- tmd->tbadr = le32_to_cpu(xda.tbadr) & 0xffffff;
- tmd->length = le16_to_cpu(xda.length);
- tmd->status = (le32_to_cpu(xda.tbadr) >> 16) & 0xff00;
- tmd->misc = le16_to_cpu(xda.status) << 16;
- tmd->res = 0;
- } else {
- s->phys_mem_read(s->dma_opaque, addr, (void *)tmd, sizeof(*tmd), 0);
- le32_to_cpus(&tmd->tbadr);
- le16_to_cpus((uint16_t *)&tmd->length);
- le16_to_cpus((uint16_t *)&tmd->status);
- le32_to_cpus(&tmd->misc);
- le32_to_cpus(&tmd->res);
- if (BCR_SWSTYLE(s) == 3) {
- uint32_t tmp = tmd->tbadr;
- tmd->tbadr = tmd->misc;
- tmd->misc = tmp;
- }
- }
-}
-
-static inline void pcnet_tmd_store(PCNetState *s, const struct pcnet_TMD *tmd,
- hwaddr addr)
-{
- if (!BCR_SSIZE32(s)) {
- struct {
- uint32_t tbadr;
- int16_t length;
- int16_t status;
- } xda;
- xda.tbadr = cpu_to_le32((tmd->tbadr & 0xffffff) |
- ((tmd->status & 0xff00) << 16));
- xda.length = cpu_to_le16(tmd->length);
- xda.status = cpu_to_le16(tmd->misc >> 16);
- s->phys_mem_write(s->dma_opaque, addr, (void *)&xda, sizeof(xda), 0);
- } else {
- struct {
- uint32_t tbadr;
- int16_t length;
- int16_t status;
- uint32_t misc;
- uint32_t res;
- } xda;
- xda.tbadr = cpu_to_le32(tmd->tbadr);
- xda.length = cpu_to_le16(tmd->length);
- xda.status = cpu_to_le16(tmd->status);
- xda.misc = cpu_to_le32(tmd->misc);
- xda.res = cpu_to_le32(tmd->res);
- if (BCR_SWSTYLE(s) == 3) {
- uint32_t tmp = xda.tbadr;
- xda.tbadr = xda.misc;
- xda.misc = tmp;
- }
- s->phys_mem_write(s->dma_opaque, addr, (void *)&xda, sizeof(xda), 0);
- }
-}
-
-static inline void pcnet_rmd_load(PCNetState *s, struct pcnet_RMD *rmd,
- hwaddr addr)
-{
- if (!BCR_SSIZE32(s)) {
- struct {
- uint32_t rbadr;
- int16_t buf_length;
- int16_t msg_length;
- } rda;
- s->phys_mem_read(s->dma_opaque, addr, (void *)&rda, sizeof(rda), 0);
- rmd->rbadr = le32_to_cpu(rda.rbadr) & 0xffffff;
- rmd->buf_length = le16_to_cpu(rda.buf_length);
- rmd->status = (le32_to_cpu(rda.rbadr) >> 16) & 0xff00;
- rmd->msg_length = le16_to_cpu(rda.msg_length);
- rmd->res = 0;
- } else {
- s->phys_mem_read(s->dma_opaque, addr, (void *)rmd, sizeof(*rmd), 0);
- le32_to_cpus(&rmd->rbadr);
- le16_to_cpus((uint16_t *)&rmd->buf_length);
- le16_to_cpus((uint16_t *)&rmd->status);
- le32_to_cpus(&rmd->msg_length);
- le32_to_cpus(&rmd->res);
- if (BCR_SWSTYLE(s) == 3) {
- uint32_t tmp = rmd->rbadr;
- rmd->rbadr = rmd->msg_length;
- rmd->msg_length = tmp;
- }
- }
-}
-
-static inline void pcnet_rmd_store(PCNetState *s, struct pcnet_RMD *rmd,
- hwaddr addr)
-{
- if (!BCR_SSIZE32(s)) {
- struct {
- uint32_t rbadr;
- int16_t buf_length;
- int16_t msg_length;
- } rda;
- rda.rbadr = cpu_to_le32((rmd->rbadr & 0xffffff) |
- ((rmd->status & 0xff00) << 16));
- rda.buf_length = cpu_to_le16(rmd->buf_length);
- rda.msg_length = cpu_to_le16(rmd->msg_length);
- s->phys_mem_write(s->dma_opaque, addr, (void *)&rda, sizeof(rda), 0);
- } else {
- struct {
- uint32_t rbadr;
- int16_t buf_length;
- int16_t status;
- uint32_t msg_length;
- uint32_t res;
- } rda;
- rda.rbadr = cpu_to_le32(rmd->rbadr);
- rda.buf_length = cpu_to_le16(rmd->buf_length);
- rda.status = cpu_to_le16(rmd->status);
- rda.msg_length = cpu_to_le32(rmd->msg_length);
- rda.res = cpu_to_le32(rmd->res);
- if (BCR_SWSTYLE(s) == 3) {
- uint32_t tmp = rda.rbadr;
- rda.rbadr = rda.msg_length;
- rda.msg_length = tmp;
- }
- s->phys_mem_write(s->dma_opaque, addr, (void *)&rda, sizeof(rda), 0);
- }
-}
-
-
-#define TMDLOAD(TMD,ADDR) pcnet_tmd_load(s,TMD,ADDR)
-
-#define TMDSTORE(TMD,ADDR) pcnet_tmd_store(s,TMD,ADDR)
-
-#define RMDLOAD(RMD,ADDR) pcnet_rmd_load(s,RMD,ADDR)
-
-#define RMDSTORE(RMD,ADDR) pcnet_rmd_store(s,RMD,ADDR)
-
-#if 1
-
-#define CHECK_RMD(ADDR,RES) do { \
- struct pcnet_RMD rmd; \
- RMDLOAD(&rmd,(ADDR)); \
- (RES) |= (GET_FIELD(rmd.buf_length, RMDL, ONES) != 15) \
- || (GET_FIELD(rmd.msg_length, RMDM, ZEROS) != 0); \
-} while (0)
-
-#define CHECK_TMD(ADDR,RES) do { \
- struct pcnet_TMD tmd; \
- TMDLOAD(&tmd,(ADDR)); \
- (RES) |= (GET_FIELD(tmd.length, TMDL, ONES) != 15); \
-} while (0)
-
-#else
-
-#define CHECK_RMD(ADDR,RES) do { \
- switch (BCR_SWSTYLE(s)) { \
- case 0x00: \
- do { \
- uint16_t rda[4]; \
- s->phys_mem_read(s->dma_opaque, (ADDR), \
- (void *)&rda[0], sizeof(rda), 0); \
- (RES) |= (rda[2] & 0xf000)!=0xf000; \
- (RES) |= (rda[3] & 0xf000)!=0x0000; \
- } while (0); \
- break; \
- case 0x01: \
- case 0x02: \
- do { \
- uint32_t rda[4]; \
- s->phys_mem_read(s->dma_opaque, (ADDR), \
- (void *)&rda[0], sizeof(rda), 0); \
- (RES) |= (rda[1] & 0x0000f000L)!=0x0000f000L; \
- (RES) |= (rda[2] & 0x0000f000L)!=0x00000000L; \
- } while (0); \
- break; \
- case 0x03: \
- do { \
- uint32_t rda[4]; \
- s->phys_mem_read(s->dma_opaque, (ADDR), \
- (void *)&rda[0], sizeof(rda), 0); \
- (RES) |= (rda[0] & 0x0000f000L)!=0x00000000L; \
- (RES) |= (rda[1] & 0x0000f000L)!=0x0000f000L; \
- } while (0); \
- break; \
- } \
-} while (0)
-
-#define CHECK_TMD(ADDR,RES) do { \
- switch (BCR_SWSTYLE(s)) { \
- case 0x00: \
- do { \
- uint16_t xda[4]; \
- s->phys_mem_read(s->dma_opaque, (ADDR), \
- (void *)&xda[0], sizeof(xda), 0); \
- (RES) |= (xda[2] & 0xf000)!=0xf000; \
- } while (0); \
- break; \
- case 0x01: \
- case 0x02: \
- case 0x03: \
- do { \
- uint32_t xda[4]; \
- s->phys_mem_read(s->dma_opaque, (ADDR), \
- (void *)&xda[0], sizeof(xda), 0); \
- (RES) |= (xda[1] & 0x0000f000L)!=0x0000f000L; \
- } while (0); \
- break; \
- } \
-} while (0)
-
-#endif
-
-#define PRINT_PKTHDR(BUF) do { \
- struct qemu_ether_header *hdr = (void *)(BUF); \
- printf("packet dhost=%02x:%02x:%02x:%02x:%02x:%02x, " \
- "shost=%02x:%02x:%02x:%02x:%02x:%02x, " \
- "type=0x%04x\n", \
- hdr->ether_dhost[0],hdr->ether_dhost[1],hdr->ether_dhost[2], \
- hdr->ether_dhost[3],hdr->ether_dhost[4],hdr->ether_dhost[5], \
- hdr->ether_shost[0],hdr->ether_shost[1],hdr->ether_shost[2], \
- hdr->ether_shost[3],hdr->ether_shost[4],hdr->ether_shost[5], \
- be16_to_cpu(hdr->ether_type)); \
-} while (0)
-
-#define MULTICAST_FILTER_LEN 8
-
-static inline uint32_t lnc_mchash(const uint8_t *ether_addr)
-{
-#define LNC_POLYNOMIAL 0xEDB88320UL
- uint32_t crc = 0xFFFFFFFF;
- int idx, bit;
- uint8_t data;
-
- for (idx = 0; idx < 6; idx++) {
- for (data = *ether_addr++, bit = 0; bit < MULTICAST_FILTER_LEN; bit++) {
- crc = (crc >> 1) ^ (((crc ^ data) & 1) ? LNC_POLYNOMIAL : 0);
- data >>= 1;
- }
- }
- return crc;
-#undef LNC_POLYNOMIAL
-}
-
-#define CRC(crc, ch) (crc = (crc >> 8) ^ crctab[(crc ^ (ch)) & 0xff])
-
-/* generated using the AUTODIN II polynomial
- * x^32 + x^26 + x^23 + x^22 + x^16 +
- * x^12 + x^11 + x^10 + x^8 + x^7 + x^5 + x^4 + x^2 + x^1 + 1
- */
-static const uint32_t crctab[256] = {
- 0x00000000, 0x77073096, 0xee0e612c, 0x990951ba,
- 0x076dc419, 0x706af48f, 0xe963a535, 0x9e6495a3,
- 0x0edb8832, 0x79dcb8a4, 0xe0d5e91e, 0x97d2d988,
- 0x09b64c2b, 0x7eb17cbd, 0xe7b82d07, 0x90bf1d91,
- 0x1db71064, 0x6ab020f2, 0xf3b97148, 0x84be41de,
- 0x1adad47d, 0x6ddde4eb, 0xf4d4b551, 0x83d385c7,
- 0x136c9856, 0x646ba8c0, 0xfd62f97a, 0x8a65c9ec,
- 0x14015c4f, 0x63066cd9, 0xfa0f3d63, 0x8d080df5,
- 0x3b6e20c8, 0x4c69105e, 0xd56041e4, 0xa2677172,
- 0x3c03e4d1, 0x4b04d447, 0xd20d85fd, 0xa50ab56b,
- 0x35b5a8fa, 0x42b2986c, 0xdbbbc9d6, 0xacbcf940,
- 0x32d86ce3, 0x45df5c75, 0xdcd60dcf, 0xabd13d59,
- 0x26d930ac, 0x51de003a, 0xc8d75180, 0xbfd06116,
- 0x21b4f4b5, 0x56b3c423, 0xcfba9599, 0xb8bda50f,
- 0x2802b89e, 0x5f058808, 0xc60cd9b2, 0xb10be924,
- 0x2f6f7c87, 0x58684c11, 0xc1611dab, 0xb6662d3d,
- 0x76dc4190, 0x01db7106, 0x98d220bc, 0xefd5102a,
- 0x71b18589, 0x06b6b51f, 0x9fbfe4a5, 0xe8b8d433,
- 0x7807c9a2, 0x0f00f934, 0x9609a88e, 0xe10e9818,
- 0x7f6a0dbb, 0x086d3d2d, 0x91646c97, 0xe6635c01,
- 0x6b6b51f4, 0x1c6c6162, 0x856530d8, 0xf262004e,
- 0x6c0695ed, 0x1b01a57b, 0x8208f4c1, 0xf50fc457,
- 0x65b0d9c6, 0x12b7e950, 0x8bbeb8ea, 0xfcb9887c,
- 0x62dd1ddf, 0x15da2d49, 0x8cd37cf3, 0xfbd44c65,
- 0x4db26158, 0x3ab551ce, 0xa3bc0074, 0xd4bb30e2,
- 0x4adfa541, 0x3dd895d7, 0xa4d1c46d, 0xd3d6f4fb,
- 0x4369e96a, 0x346ed9fc, 0xad678846, 0xda60b8d0,
- 0x44042d73, 0x33031de5, 0xaa0a4c5f, 0xdd0d7cc9,
- 0x5005713c, 0x270241aa, 0xbe0b1010, 0xc90c2086,
- 0x5768b525, 0x206f85b3, 0xb966d409, 0xce61e49f,
- 0x5edef90e, 0x29d9c998, 0xb0d09822, 0xc7d7a8b4,
- 0x59b33d17, 0x2eb40d81, 0xb7bd5c3b, 0xc0ba6cad,
- 0xedb88320, 0x9abfb3b6, 0x03b6e20c, 0x74b1d29a,
- 0xead54739, 0x9dd277af, 0x04db2615, 0x73dc1683,
- 0xe3630b12, 0x94643b84, 0x0d6d6a3e, 0x7a6a5aa8,
- 0xe40ecf0b, 0x9309ff9d, 0x0a00ae27, 0x7d079eb1,
- 0xf00f9344, 0x8708a3d2, 0x1e01f268, 0x6906c2fe,
- 0xf762575d, 0x806567cb, 0x196c3671, 0x6e6b06e7,
- 0xfed41b76, 0x89d32be0, 0x10da7a5a, 0x67dd4acc,
- 0xf9b9df6f, 0x8ebeeff9, 0x17b7be43, 0x60b08ed5,
- 0xd6d6a3e8, 0xa1d1937e, 0x38d8c2c4, 0x4fdff252,
- 0xd1bb67f1, 0xa6bc5767, 0x3fb506dd, 0x48b2364b,
- 0xd80d2bda, 0xaf0a1b4c, 0x36034af6, 0x41047a60,
- 0xdf60efc3, 0xa867df55, 0x316e8eef, 0x4669be79,
- 0xcb61b38c, 0xbc66831a, 0x256fd2a0, 0x5268e236,
- 0xcc0c7795, 0xbb0b4703, 0x220216b9, 0x5505262f,
- 0xc5ba3bbe, 0xb2bd0b28, 0x2bb45a92, 0x5cb36a04,
- 0xc2d7ffa7, 0xb5d0cf31, 0x2cd99e8b, 0x5bdeae1d,
- 0x9b64c2b0, 0xec63f226, 0x756aa39c, 0x026d930a,
- 0x9c0906a9, 0xeb0e363f, 0x72076785, 0x05005713,
- 0x95bf4a82, 0xe2b87a14, 0x7bb12bae, 0x0cb61b38,
- 0x92d28e9b, 0xe5d5be0d, 0x7cdcefb7, 0x0bdbdf21,
- 0x86d3d2d4, 0xf1d4e242, 0x68ddb3f8, 0x1fda836e,
- 0x81be16cd, 0xf6b9265b, 0x6fb077e1, 0x18b74777,
- 0x88085ae6, 0xff0f6a70, 0x66063bca, 0x11010b5c,
- 0x8f659eff, 0xf862ae69, 0x616bffd3, 0x166ccf45,
- 0xa00ae278, 0xd70dd2ee, 0x4e048354, 0x3903b3c2,
- 0xa7672661, 0xd06016f7, 0x4969474d, 0x3e6e77db,
- 0xaed16a4a, 0xd9d65adc, 0x40df0b66, 0x37d83bf0,
- 0xa9bcae53, 0xdebb9ec5, 0x47b2cf7f, 0x30b5ffe9,
- 0xbdbdf21c, 0xcabac28a, 0x53b39330, 0x24b4a3a6,
- 0xbad03605, 0xcdd70693, 0x54de5729, 0x23d967bf,
- 0xb3667a2e, 0xc4614ab8, 0x5d681b02, 0x2a6f2b94,
- 0xb40bbe37, 0xc30c8ea1, 0x5a05df1b, 0x2d02ef8d,
-};
-
-static inline int padr_match(PCNetState *s, const uint8_t *buf, int size)
-{
- struct qemu_ether_header *hdr = (void *)buf;
- uint8_t padr[6] = {
- s->csr[12] & 0xff, s->csr[12] >> 8,
- s->csr[13] & 0xff, s->csr[13] >> 8,
- s->csr[14] & 0xff, s->csr[14] >> 8
- };
- int result = (!CSR_DRCVPA(s)) && !memcmp(hdr->ether_dhost, padr, 6);
-#ifdef PCNET_DEBUG_MATCH
- printf("packet dhost=%02x:%02x:%02x:%02x:%02x:%02x, "
- "padr=%02x:%02x:%02x:%02x:%02x:%02x\n",
- hdr->ether_dhost[0],hdr->ether_dhost[1],hdr->ether_dhost[2],
- hdr->ether_dhost[3],hdr->ether_dhost[4],hdr->ether_dhost[5],
- padr[0],padr[1],padr[2],padr[3],padr[4],padr[5]);
- printf("padr_match result=%d\n", result);
-#endif
- return result;
-}
-
-static inline int padr_bcast(PCNetState *s, const uint8_t *buf, int size)
-{
- static const uint8_t BCAST[6] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
- struct qemu_ether_header *hdr = (void *)buf;
- int result = !CSR_DRCVBC(s) && !memcmp(hdr->ether_dhost, BCAST, 6);
-#ifdef PCNET_DEBUG_MATCH
- printf("padr_bcast result=%d\n", result);
-#endif
- return result;
-}
-
-static inline int ladr_match(PCNetState *s, const uint8_t *buf, int size)
-{
- struct qemu_ether_header *hdr = (void *)buf;
- if ((*(hdr->ether_dhost)&0x01) &&
- ((uint64_t *)&s->csr[8])[0] != 0LL) {
- uint8_t ladr[8] = {
- s->csr[8] & 0xff, s->csr[8] >> 8,
- s->csr[9] & 0xff, s->csr[9] >> 8,
- s->csr[10] & 0xff, s->csr[10] >> 8,
- s->csr[11] & 0xff, s->csr[11] >> 8
- };
- int index = lnc_mchash(hdr->ether_dhost) >> 26;
- return !!(ladr[index >> 3] & (1 << (index & 7)));
- }
- return 0;
-}
-
-static inline hwaddr pcnet_rdra_addr(PCNetState *s, int idx)
-{
- while (idx < 1) idx += CSR_RCVRL(s);
- return s->rdra + ((CSR_RCVRL(s) - idx) * (BCR_SWSTYLE(s) ? 16 : 8));
-}
-
-static inline int64_t pcnet_get_next_poll_time(PCNetState *s, int64_t current_time)
-{
- int64_t next_time = current_time +
- muldiv64(65536 - (CSR_SPND(s) ? 0 : CSR_POLL(s)),
- get_ticks_per_sec(), 33000000L);
- if (next_time <= current_time)
- next_time = current_time + 1;
- return next_time;
-}
-
-static void pcnet_poll(PCNetState *s);
-static void pcnet_poll_timer(void *opaque);
-
-static uint32_t pcnet_csr_readw(PCNetState *s, uint32_t rap);
-static void pcnet_csr_writew(PCNetState *s, uint32_t rap, uint32_t new_value);
-static void pcnet_bcr_writew(PCNetState *s, uint32_t rap, uint32_t val);
-
-static void pcnet_s_reset(PCNetState *s)
-{
-#ifdef PCNET_DEBUG
- printf("pcnet_s_reset\n");
-#endif
-
- s->rdra = 0;
- s->tdra = 0;
- s->rap = 0;
-
- s->bcr[BCR_BSBC] &= ~0x0080;
-
- s->csr[0] = 0x0004;
- s->csr[3] = 0x0000;
- s->csr[4] = 0x0115;
- s->csr[5] = 0x0000;
- s->csr[6] = 0x0000;
- s->csr[8] = 0;
- s->csr[9] = 0;
- s->csr[10] = 0;
- s->csr[11] = 0;
- s->csr[12] = le16_to_cpu(((uint16_t *)&s->prom[0])[0]);
- s->csr[13] = le16_to_cpu(((uint16_t *)&s->prom[0])[1]);
- s->csr[14] = le16_to_cpu(((uint16_t *)&s->prom[0])[2]);
- s->csr[15] &= 0x21c4;
- s->csr[72] = 1;
- s->csr[74] = 1;
- s->csr[76] = 1;
- s->csr[78] = 1;
- s->csr[80] = 0x1410;
- s->csr[88] = 0x1003;
- s->csr[89] = 0x0262;
- s->csr[94] = 0x0000;
- s->csr[100] = 0x0200;
- s->csr[103] = 0x0105;
- s->csr[103] = 0x0105;
- s->csr[112] = 0x0000;
- s->csr[114] = 0x0000;
- s->csr[122] = 0x0000;
- s->csr[124] = 0x0000;
-
- s->tx_busy = 0;
-}
-
-static void pcnet_update_irq(PCNetState *s)
-{
- int isr = 0;
- s->csr[0] &= ~0x0080;
-
-#if 1
- if (((s->csr[0] & ~s->csr[3]) & 0x5f00) ||
- (((s->csr[4]>>1) & ~s->csr[4]) & 0x0115) ||
- (((s->csr[5]>>1) & s->csr[5]) & 0x0048))
-#else
- if ((!(s->csr[3] & 0x4000) && !!(s->csr[0] & 0x4000)) /* BABL */ ||
- (!(s->csr[3] & 0x1000) && !!(s->csr[0] & 0x1000)) /* MISS */ ||
- (!(s->csr[3] & 0x0100) && !!(s->csr[0] & 0x0100)) /* IDON */ ||
- (!(s->csr[3] & 0x0200) && !!(s->csr[0] & 0x0200)) /* TINT */ ||
- (!(s->csr[3] & 0x0400) && !!(s->csr[0] & 0x0400)) /* RINT */ ||
- (!(s->csr[3] & 0x0800) && !!(s->csr[0] & 0x0800)) /* MERR */ ||
- (!(s->csr[4] & 0x0001) && !!(s->csr[4] & 0x0002)) /* JAB */ ||
- (!(s->csr[4] & 0x0004) && !!(s->csr[4] & 0x0008)) /* TXSTRT */ ||
- (!(s->csr[4] & 0x0010) && !!(s->csr[4] & 0x0020)) /* RCVO */ ||
- (!(s->csr[4] & 0x0100) && !!(s->csr[4] & 0x0200)) /* MFCO */ ||
- (!!(s->csr[5] & 0x0040) && !!(s->csr[5] & 0x0080)) /* EXDINT */ ||
- (!!(s->csr[5] & 0x0008) && !!(s->csr[5] & 0x0010)) /* MPINT */)
-#endif
- {
-
- isr = CSR_INEA(s);
- s->csr[0] |= 0x0080;
- }
-
- if (!!(s->csr[4] & 0x0080) && CSR_INEA(s)) { /* UINT */
- s->csr[4] &= ~0x0080;
- s->csr[4] |= 0x0040;
- s->csr[0] |= 0x0080;
- isr = 1;
-#ifdef PCNET_DEBUG
- printf("pcnet user int\n");
-#endif
- }
-
-#if 1
- if (((s->csr[5]>>1) & s->csr[5]) & 0x0500)
-#else
- if ((!!(s->csr[5] & 0x0400) && !!(s->csr[5] & 0x0800)) /* SINT */ ||
- (!!(s->csr[5] & 0x0100) && !!(s->csr[5] & 0x0200)) /* SLPINT */ )
-#endif
- {
- isr = 1;
- s->csr[0] |= 0x0080;
- }
-
- if (isr != s->isr) {
-#ifdef PCNET_DEBUG
- printf("pcnet: INTA=%d\n", isr);
-#endif
- }
- qemu_set_irq(s->irq, isr);
- s->isr = isr;
-}
-
-static void pcnet_init(PCNetState *s)
-{
- int rlen, tlen;
- uint16_t padr[3], ladrf[4], mode;
- uint32_t rdra, tdra;
-
-#ifdef PCNET_DEBUG
- printf("pcnet_init init_addr=0x%08x\n", PHYSADDR(s,CSR_IADR(s)));
-#endif
-
- if (BCR_SSIZE32(s)) {
- struct pcnet_initblk32 initblk;
- s->phys_mem_read(s->dma_opaque, PHYSADDR(s,CSR_IADR(s)),
- (uint8_t *)&initblk, sizeof(initblk), 0);
- mode = le16_to_cpu(initblk.mode);
- rlen = initblk.rlen >> 4;
- tlen = initblk.tlen >> 4;
- ladrf[0] = le16_to_cpu(initblk.ladrf[0]);
- ladrf[1] = le16_to_cpu(initblk.ladrf[1]);
- ladrf[2] = le16_to_cpu(initblk.ladrf[2]);
- ladrf[3] = le16_to_cpu(initblk.ladrf[3]);
- padr[0] = le16_to_cpu(initblk.padr[0]);
- padr[1] = le16_to_cpu(initblk.padr[1]);
- padr[2] = le16_to_cpu(initblk.padr[2]);
- rdra = le32_to_cpu(initblk.rdra);
- tdra = le32_to_cpu(initblk.tdra);
- } else {
- struct pcnet_initblk16 initblk;
- s->phys_mem_read(s->dma_opaque, PHYSADDR(s,CSR_IADR(s)),
- (uint8_t *)&initblk, sizeof(initblk), 0);
- mode = le16_to_cpu(initblk.mode);
- ladrf[0] = le16_to_cpu(initblk.ladrf[0]);
- ladrf[1] = le16_to_cpu(initblk.ladrf[1]);
- ladrf[2] = le16_to_cpu(initblk.ladrf[2]);
- ladrf[3] = le16_to_cpu(initblk.ladrf[3]);
- padr[0] = le16_to_cpu(initblk.padr[0]);
- padr[1] = le16_to_cpu(initblk.padr[1]);
- padr[2] = le16_to_cpu(initblk.padr[2]);
- rdra = le32_to_cpu(initblk.rdra);
- tdra = le32_to_cpu(initblk.tdra);
- rlen = rdra >> 29;
- tlen = tdra >> 29;
- rdra &= 0x00ffffff;
- tdra &= 0x00ffffff;
- }
-
-#if defined(PCNET_DEBUG)
- printf("rlen=%d tlen=%d\n", rlen, tlen);
-#endif
-
- CSR_RCVRL(s) = (rlen < 9) ? (1 << rlen) : 512;
- CSR_XMTRL(s) = (tlen < 9) ? (1 << tlen) : 512;
- s->csr[ 6] = (tlen << 12) | (rlen << 8);
- s->csr[15] = mode;
- s->csr[ 8] = ladrf[0];
- s->csr[ 9] = ladrf[1];
- s->csr[10] = ladrf[2];
- s->csr[11] = ladrf[3];
- s->csr[12] = padr[0];
- s->csr[13] = padr[1];
- s->csr[14] = padr[2];
- s->rdra = PHYSADDR(s, rdra);
- s->tdra = PHYSADDR(s, tdra);
-
- CSR_RCVRC(s) = CSR_RCVRL(s);
- CSR_XMTRC(s) = CSR_XMTRL(s);
-
-#ifdef PCNET_DEBUG
- printf("pcnet ss32=%d rdra=0x%08x[%d] tdra=0x%08x[%d]\n",
- BCR_SSIZE32(s),
- s->rdra, CSR_RCVRL(s), s->tdra, CSR_XMTRL(s));
-#endif
-
- s->csr[0] |= 0x0101;
- s->csr[0] &= ~0x0004; /* clear STOP bit */
-}
-
-static void pcnet_start(PCNetState *s)
-{
-#ifdef PCNET_DEBUG
- printf("pcnet_start\n");
-#endif
-
- if (!CSR_DTX(s))
- s->csr[0] |= 0x0010; /* set TXON */
-
- if (!CSR_DRX(s))
- s->csr[0] |= 0x0020; /* set RXON */
-
- s->csr[0] &= ~0x0004; /* clear STOP bit */
- s->csr[0] |= 0x0002;
- pcnet_poll_timer(s);
-}
-
-static void pcnet_stop(PCNetState *s)
-{
-#ifdef PCNET_DEBUG
- printf("pcnet_stop\n");
-#endif
- s->csr[0] &= ~0xffeb;
- s->csr[0] |= 0x0014;
- s->csr[4] &= ~0x02c2;
- s->csr[5] &= ~0x0011;
- pcnet_poll_timer(s);
-}
-
-static void pcnet_rdte_poll(PCNetState *s)
-{
- s->csr[28] = s->csr[29] = 0;
- if (s->rdra) {
- int bad = 0;
-#if 1
- hwaddr crda = pcnet_rdra_addr(s, CSR_RCVRC(s));
- hwaddr nrda = pcnet_rdra_addr(s, -1 + CSR_RCVRC(s));
- hwaddr nnrd = pcnet_rdra_addr(s, -2 + CSR_RCVRC(s));
-#else
- hwaddr crda = s->rdra +
- (CSR_RCVRL(s) - CSR_RCVRC(s)) *
- (BCR_SWSTYLE(s) ? 16 : 8 );
- int nrdc = CSR_RCVRC(s)<=1 ? CSR_RCVRL(s) : CSR_RCVRC(s)-1;
- hwaddr nrda = s->rdra +
- (CSR_RCVRL(s) - nrdc) *
- (BCR_SWSTYLE(s) ? 16 : 8 );
- int nnrc = nrdc<=1 ? CSR_RCVRL(s) : nrdc-1;
- hwaddr nnrd = s->rdra +
- (CSR_RCVRL(s) - nnrc) *
- (BCR_SWSTYLE(s) ? 16 : 8 );
-#endif
-
- CHECK_RMD(crda, bad);
- if (!bad) {
- CHECK_RMD(nrda, bad);
- if (bad || (nrda == crda)) nrda = 0;
- CHECK_RMD(nnrd, bad);
- if (bad || (nnrd == crda)) nnrd = 0;
-
- s->csr[28] = crda & 0xffff;
- s->csr[29] = crda >> 16;
- s->csr[26] = nrda & 0xffff;
- s->csr[27] = nrda >> 16;
- s->csr[36] = nnrd & 0xffff;
- s->csr[37] = nnrd >> 16;
-#ifdef PCNET_DEBUG
- if (bad) {
- printf("pcnet: BAD RMD RECORDS AFTER 0x" TARGET_FMT_plx "\n",
- crda);
- }
- } else {
- printf("pcnet: BAD RMD RDA=0x" TARGET_FMT_plx "\n",
- crda);
-#endif
- }
- }
-
- if (CSR_CRDA(s)) {
- struct pcnet_RMD rmd;
- RMDLOAD(&rmd, PHYSADDR(s,CSR_CRDA(s)));
- CSR_CRBC(s) = GET_FIELD(rmd.buf_length, RMDL, BCNT);
- CSR_CRST(s) = rmd.status;
-#ifdef PCNET_DEBUG_RMD_X
- printf("CRDA=0x%08x CRST=0x%04x RCVRC=%d RMDL=0x%04x RMDS=0x%04x RMDM=0x%08x\n",
- PHYSADDR(s,CSR_CRDA(s)), CSR_CRST(s), CSR_RCVRC(s),
- rmd.buf_length, rmd.status, rmd.msg_length);
- PRINT_RMD(&rmd);
-#endif
- } else {
- CSR_CRBC(s) = CSR_CRST(s) = 0;
- }
-
- if (CSR_NRDA(s)) {
- struct pcnet_RMD rmd;
- RMDLOAD(&rmd, PHYSADDR(s,CSR_NRDA(s)));
- CSR_NRBC(s) = GET_FIELD(rmd.buf_length, RMDL, BCNT);
- CSR_NRST(s) = rmd.status;
- } else {
- CSR_NRBC(s) = CSR_NRST(s) = 0;
- }
-
-}
-
-static int pcnet_tdte_poll(PCNetState *s)
-{
- s->csr[34] = s->csr[35] = 0;
- if (s->tdra) {
- hwaddr cxda = s->tdra +
- (CSR_XMTRL(s) - CSR_XMTRC(s)) *
- (BCR_SWSTYLE(s) ? 16 : 8);
- int bad = 0;
- CHECK_TMD(cxda, bad);
- if (!bad) {
- if (CSR_CXDA(s) != cxda) {
- s->csr[60] = s->csr[34];
- s->csr[61] = s->csr[35];
- s->csr[62] = CSR_CXBC(s);
- s->csr[63] = CSR_CXST(s);
- }
- s->csr[34] = cxda & 0xffff;
- s->csr[35] = cxda >> 16;
-#ifdef PCNET_DEBUG_X
- printf("pcnet: BAD TMD XDA=0x%08x\n", cxda);
-#endif
- }
- }
-
- if (CSR_CXDA(s)) {
- struct pcnet_TMD tmd;
-
- TMDLOAD(&tmd, PHYSADDR(s,CSR_CXDA(s)));
-
- CSR_CXBC(s) = GET_FIELD(tmd.length, TMDL, BCNT);
- CSR_CXST(s) = tmd.status;
- } else {
- CSR_CXBC(s) = CSR_CXST(s) = 0;
- }
-
- return !!(CSR_CXST(s) & 0x8000);
-}
-
-int pcnet_can_receive(NetClientState *nc)
-{
- PCNetState *s = DO_UPCAST(NICState, nc, nc)->opaque;
- if (CSR_STOP(s) || CSR_SPND(s))
- return 0;
-
- return sizeof(s->buffer)-16;
-}
-
-#define MIN_BUF_SIZE 60
-
-ssize_t pcnet_receive(NetClientState *nc, const uint8_t *buf, size_t size_)
-{
- PCNetState *s = DO_UPCAST(NICState, nc, nc)->opaque;
- int is_padr = 0, is_bcast = 0, is_ladr = 0;
- uint8_t buf1[60];
- int remaining;
- int crc_err = 0;
- int size = size_;
-
- if (CSR_DRX(s) || CSR_STOP(s) || CSR_SPND(s) || !size ||
- (CSR_LOOP(s) && !s->looptest)) {
- return -1;
- }
-#ifdef PCNET_DEBUG
- printf("pcnet_receive size=%d\n", size);
-#endif
-
- /* if too small buffer, then expand it */
- if (size < MIN_BUF_SIZE) {
- memcpy(buf1, buf, size);
- memset(buf1 + size, 0, MIN_BUF_SIZE - size);
- buf = buf1;
- size = MIN_BUF_SIZE;
- }
-
- if (CSR_PROM(s)
- || (is_padr=padr_match(s, buf, size))
- || (is_bcast=padr_bcast(s, buf, size))
- || (is_ladr=ladr_match(s, buf, size))) {
-
- pcnet_rdte_poll(s);
-
- if (!(CSR_CRST(s) & 0x8000) && s->rdra) {
- struct pcnet_RMD rmd;
- int rcvrc = CSR_RCVRC(s)-1,i;
- hwaddr nrda;
- for (i = CSR_RCVRL(s)-1; i > 0; i--, rcvrc--) {
- if (rcvrc <= 1)
- rcvrc = CSR_RCVRL(s);
- nrda = s->rdra +
- (CSR_RCVRL(s) - rcvrc) *
- (BCR_SWSTYLE(s) ? 16 : 8 );
- RMDLOAD(&rmd, nrda);
- if (GET_FIELD(rmd.status, RMDS, OWN)) {
-#ifdef PCNET_DEBUG_RMD
- printf("pcnet - scan buffer: RCVRC=%d PREV_RCVRC=%d\n",
- rcvrc, CSR_RCVRC(s));
-#endif
- CSR_RCVRC(s) = rcvrc;
- pcnet_rdte_poll(s);
- break;
- }
- }
- }
-
- if (!(CSR_CRST(s) & 0x8000)) {
-#ifdef PCNET_DEBUG_RMD
- printf("pcnet - no buffer: RCVRC=%d\n", CSR_RCVRC(s));
-#endif
- s->csr[0] |= 0x1000; /* Set MISS flag */
- CSR_MISSC(s)++;
- } else {
- uint8_t *src = s->buffer;
- hwaddr crda = CSR_CRDA(s);
- struct pcnet_RMD rmd;
- int pktcount = 0;
-
- if (!s->looptest) {
- memcpy(src, buf, size);
- /* no need to compute the CRC */
- src[size] = 0;
- src[size + 1] = 0;
- src[size + 2] = 0;
- src[size + 3] = 0;
- size += 4;
- } else if (s->looptest == PCNET_LOOPTEST_CRC ||
- !CSR_DXMTFCS(s) || size < MIN_BUF_SIZE+4) {
- uint32_t fcs = ~0;
- uint8_t *p = src;
-
- while (p != &src[size])
- CRC(fcs, *p++);
- *(uint32_t *)p = htonl(fcs);
- size += 4;
- } else {
- uint32_t fcs = ~0;
- uint8_t *p = src;
-
- while (p != &src[size-4])
- CRC(fcs, *p++);
- crc_err = (*(uint32_t *)p != htonl(fcs));
- }
-
-#ifdef PCNET_DEBUG_MATCH
- PRINT_PKTHDR(buf);
-#endif
-
- RMDLOAD(&rmd, PHYSADDR(s,crda));
- /*if (!CSR_LAPPEN(s))*/
- SET_FIELD(&rmd.status, RMDS, STP, 1);
-
-#define PCNET_RECV_STORE() do { \
- int count = MIN(4096 - GET_FIELD(rmd.buf_length, RMDL, BCNT),remaining); \
- hwaddr rbadr = PHYSADDR(s, rmd.rbadr); \
- s->phys_mem_write(s->dma_opaque, rbadr, src, count, CSR_BSWP(s)); \
- src += count; remaining -= count; \
- SET_FIELD(&rmd.status, RMDS, OWN, 0); \
- RMDSTORE(&rmd, PHYSADDR(s,crda)); \
- pktcount++; \
-} while (0)
-
- remaining = size;
- PCNET_RECV_STORE();
- if ((remaining > 0) && CSR_NRDA(s)) {
- hwaddr nrda = CSR_NRDA(s);
-#ifdef PCNET_DEBUG_RMD
- PRINT_RMD(&rmd);
-#endif
- RMDLOAD(&rmd, PHYSADDR(s,nrda));
- if (GET_FIELD(rmd.status, RMDS, OWN)) {
- crda = nrda;
- PCNET_RECV_STORE();
-#ifdef PCNET_DEBUG_RMD
- PRINT_RMD(&rmd);
-#endif
- if ((remaining > 0) && (nrda=CSR_NNRD(s))) {
- RMDLOAD(&rmd, PHYSADDR(s,nrda));
- if (GET_FIELD(rmd.status, RMDS, OWN)) {
- crda = nrda;
- PCNET_RECV_STORE();
- }
- }
- }
- }
-
-#undef PCNET_RECV_STORE
-
- RMDLOAD(&rmd, PHYSADDR(s,crda));
- if (remaining == 0) {
- SET_FIELD(&rmd.msg_length, RMDM, MCNT, size);
- SET_FIELD(&rmd.status, RMDS, ENP, 1);
- SET_FIELD(&rmd.status, RMDS, PAM, !CSR_PROM(s) && is_padr);
- SET_FIELD(&rmd.status, RMDS, LFAM, !CSR_PROM(s) && is_ladr);
- SET_FIELD(&rmd.status, RMDS, BAM, !CSR_PROM(s) && is_bcast);
- if (crc_err) {
- SET_FIELD(&rmd.status, RMDS, CRC, 1);
- SET_FIELD(&rmd.status, RMDS, ERR, 1);
- }
- } else {
- SET_FIELD(&rmd.status, RMDS, OFLO, 1);
- SET_FIELD(&rmd.status, RMDS, BUFF, 1);
- SET_FIELD(&rmd.status, RMDS, ERR, 1);
- }
- RMDSTORE(&rmd, PHYSADDR(s,crda));
- s->csr[0] |= 0x0400;
-
-#ifdef PCNET_DEBUG
- printf("RCVRC=%d CRDA=0x%08x BLKS=%d\n",
- CSR_RCVRC(s), PHYSADDR(s,CSR_CRDA(s)), pktcount);
-#endif
-#ifdef PCNET_DEBUG_RMD
- PRINT_RMD(&rmd);
-#endif
-
- while (pktcount--) {
- if (CSR_RCVRC(s) <= 1)
- CSR_RCVRC(s) = CSR_RCVRL(s);
- else
- CSR_RCVRC(s)--;
- }
-
- pcnet_rdte_poll(s);
-
- }
- }
-
- pcnet_poll(s);
- pcnet_update_irq(s);
-
- return size_;
-}
-
-void pcnet_set_link_status(NetClientState *nc)
-{
- PCNetState *d = DO_UPCAST(NICState, nc, nc)->opaque;
-
- d->lnkst = nc->link_down ? 0 : 0x40;
-}
-
-static void pcnet_transmit(PCNetState *s)
-{
- hwaddr xmit_cxda = 0;
- int count = CSR_XMTRL(s)-1;
- int add_crc = 0;
-
- s->xmit_pos = -1;
-
- if (!CSR_TXON(s)) {
- s->csr[0] &= ~0x0008;
- return;
- }
-
- s->tx_busy = 1;
-
- txagain:
- if (pcnet_tdte_poll(s)) {
- struct pcnet_TMD tmd;
-
- TMDLOAD(&tmd, PHYSADDR(s,CSR_CXDA(s)));
-
-#ifdef PCNET_DEBUG_TMD
- printf(" TMDLOAD 0x%08x\n", PHYSADDR(s,CSR_CXDA(s)));
- PRINT_TMD(&tmd);
-#endif
- if (GET_FIELD(tmd.status, TMDS, STP)) {
- s->xmit_pos = 0;
- xmit_cxda = PHYSADDR(s,CSR_CXDA(s));
- if (BCR_SWSTYLE(s) != 1)
- add_crc = GET_FIELD(tmd.status, TMDS, ADDFCS);
- }
- if (s->lnkst == 0 &&
- (!CSR_LOOP(s) || (!CSR_INTL(s) && !BCR_TMAULOOP(s)))) {
- SET_FIELD(&tmd.misc, TMDM, LCAR, 1);
- SET_FIELD(&tmd.status, TMDS, ERR, 1);
- SET_FIELD(&tmd.status, TMDS, OWN, 0);
- s->csr[0] |= 0xa000; /* ERR | CERR */
- s->xmit_pos = -1;
- goto txdone;
- }
- if (!GET_FIELD(tmd.status, TMDS, ENP)) {
- int bcnt = 4096 - GET_FIELD(tmd.length, TMDL, BCNT);
- s->phys_mem_read(s->dma_opaque, PHYSADDR(s, tmd.tbadr),
- s->buffer + s->xmit_pos, bcnt, CSR_BSWP(s));
- s->xmit_pos += bcnt;
- } else if (s->xmit_pos >= 0) {
- int bcnt = 4096 - GET_FIELD(tmd.length, TMDL, BCNT);
- s->phys_mem_read(s->dma_opaque, PHYSADDR(s, tmd.tbadr),
- s->buffer + s->xmit_pos, bcnt, CSR_BSWP(s));
- s->xmit_pos += bcnt;
-#ifdef PCNET_DEBUG
- printf("pcnet_transmit size=%d\n", s->xmit_pos);
-#endif
- if (CSR_LOOP(s)) {
- if (BCR_SWSTYLE(s) == 1)
- add_crc = !GET_FIELD(tmd.status, TMDS, NOFCS);
- s->looptest = add_crc ? PCNET_LOOPTEST_CRC : PCNET_LOOPTEST_NOCRC;
- pcnet_receive(&s->nic->nc, s->buffer, s->xmit_pos);
- s->looptest = 0;
- } else
- if (s->nic)
- qemu_send_packet(&s->nic->nc, s->buffer, s->xmit_pos);
-
- s->csr[0] &= ~0x0008; /* clear TDMD */
- s->csr[4] |= 0x0004; /* set TXSTRT */
- s->xmit_pos = -1;
- }
-
- txdone:
- SET_FIELD(&tmd.status, TMDS, OWN, 0);
- TMDSTORE(&tmd, PHYSADDR(s,CSR_CXDA(s)));
- if (!CSR_TOKINTD(s) || (CSR_LTINTEN(s) && GET_FIELD(tmd.status, TMDS, LTINT)))
- s->csr[0] |= 0x0200; /* set TINT */
-
- if (CSR_XMTRC(s)<=1)
- CSR_XMTRC(s) = CSR_XMTRL(s);
- else
- CSR_XMTRC(s)--;
- if (count--)
- goto txagain;
-
- } else
- if (s->xmit_pos >= 0) {
- struct pcnet_TMD tmd;
- TMDLOAD(&tmd, xmit_cxda);
- SET_FIELD(&tmd.misc, TMDM, BUFF, 1);
- SET_FIELD(&tmd.misc, TMDM, UFLO, 1);
- SET_FIELD(&tmd.status, TMDS, ERR, 1);
- SET_FIELD(&tmd.status, TMDS, OWN, 0);
- TMDSTORE(&tmd, xmit_cxda);
- s->csr[0] |= 0x0200; /* set TINT */
- if (!CSR_DXSUFLO(s)) {
- s->csr[0] &= ~0x0010;
- } else
- if (count--)
- goto txagain;
- }
-
- s->tx_busy = 0;
-}
-
-static void pcnet_poll(PCNetState *s)
-{
- if (CSR_RXON(s)) {
- pcnet_rdte_poll(s);
- }
-
- if (CSR_TDMD(s) ||
- (CSR_TXON(s) && !CSR_DPOLL(s) && pcnet_tdte_poll(s)))
- {
- /* prevent recursion */
- if (s->tx_busy)
- return;
-
- pcnet_transmit(s);
- }
-}
-
-static void pcnet_poll_timer(void *opaque)
-{
- PCNetState *s = opaque;
-
- qemu_del_timer(s->poll_timer);
-
- if (CSR_TDMD(s)) {
- pcnet_transmit(s);
- }
-
- pcnet_update_irq(s);
-
- if (!CSR_STOP(s) && !CSR_SPND(s) && !CSR_DPOLL(s)) {
- uint64_t now = qemu_get_clock_ns(vm_clock) * 33;
- if (!s->timer || !now)
- s->timer = now;
- else {
- uint64_t t = now - s->timer + CSR_POLL(s);
- if (t > 0xffffLL) {
- pcnet_poll(s);
- CSR_POLL(s) = CSR_PINT(s);
- } else
- CSR_POLL(s) = t;
- }
- qemu_mod_timer(s->poll_timer,
- pcnet_get_next_poll_time(s,qemu_get_clock_ns(vm_clock)));
- }
-}
-
-
-static void pcnet_csr_writew(PCNetState *s, uint32_t rap, uint32_t new_value)
-{
- uint16_t val = new_value;
-#ifdef PCNET_DEBUG_CSR
- printf("pcnet_csr_writew rap=%d val=0x%04x\n", rap, val);
-#endif
- switch (rap) {
- case 0:
- s->csr[0] &= ~(val & 0x7f00); /* Clear any interrupt flags */
-
- s->csr[0] = (s->csr[0] & ~0x0040) | (val & 0x0048);
-
- val = (val & 0x007f) | (s->csr[0] & 0x7f00);
-
- /* IFF STOP, STRT and INIT are set, clear STRT and INIT */
- if ((val&7) == 7)
- val &= ~3;
-
- if (!CSR_STOP(s) && (val & 4))
- pcnet_stop(s);
-
- if (!CSR_INIT(s) && (val & 1))
- pcnet_init(s);
-
- if (!CSR_STRT(s) && (val & 2))
- pcnet_start(s);
-
- if (CSR_TDMD(s))
- pcnet_transmit(s);
-
- return;
- case 1:
- case 2:
- case 8:
- case 9:
- case 10:
- case 11:
- case 12:
- case 13:
- case 14:
- case 15:
- case 18: /* CRBAL */
- case 19: /* CRBAU */
- case 20: /* CXBAL */
- case 21: /* CXBAU */
- case 22: /* NRBAU */
- case 23: /* NRBAU */
- case 24:
- case 25:
- case 26:
- case 27:
- case 28:
- case 29:
- case 30:
- case 31:
- case 32:
- case 33:
- case 34:
- case 35:
- case 36:
- case 37:
- case 38:
- case 39:
- case 40: /* CRBC */
- case 41:
- case 42: /* CXBC */
- case 43:
- case 44:
- case 45:
- case 46: /* POLL */
- case 47: /* POLLINT */
- case 72:
- case 74:
- case 76: /* RCVRL */
- case 78: /* XMTRL */
- case 112:
- if (CSR_STOP(s) || CSR_SPND(s))
- break;
- return;
- case 3:
- break;
- case 4:
- s->csr[4] &= ~(val & 0x026a);
- val &= ~0x026a; val |= s->csr[4] & 0x026a;
- break;
- case 5:
- s->csr[5] &= ~(val & 0x0a90);
- val &= ~0x0a90; val |= s->csr[5] & 0x0a90;
- break;
- case 16:
- pcnet_csr_writew(s,1,val);
- return;
- case 17:
- pcnet_csr_writew(s,2,val);
- return;
- case 58:
- pcnet_bcr_writew(s,BCR_SWS,val);
- break;
- default:
- return;
- }
- s->csr[rap] = val;
-}
-
-static uint32_t pcnet_csr_readw(PCNetState *s, uint32_t rap)
-{
- uint32_t val;
- switch (rap) {
- case 0:
- pcnet_update_irq(s);
- val = s->csr[0];
- val |= (val & 0x7800) ? 0x8000 : 0;
- break;
- case 16:
- return pcnet_csr_readw(s,1);
- case 17:
- return pcnet_csr_readw(s,2);
- case 58:
- return pcnet_bcr_readw(s,BCR_SWS);
- case 88:
- val = s->csr[89];
- val <<= 16;
- val |= s->csr[88];
- break;
- default:
- val = s->csr[rap];
- }
-#ifdef PCNET_DEBUG_CSR
- printf("pcnet_csr_readw rap=%d val=0x%04x\n", rap, val);
-#endif
- return val;
-}
-
-static void pcnet_bcr_writew(PCNetState *s, uint32_t rap, uint32_t val)
-{
- rap &= 127;
-#ifdef PCNET_DEBUG_BCR
- printf("pcnet_bcr_writew rap=%d val=0x%04x\n", rap, val);
-#endif
- switch (rap) {
- case BCR_SWS:
- if (!(CSR_STOP(s) || CSR_SPND(s)))
- return;
- val &= ~0x0300;
- switch (val & 0x00ff) {
- case 0:
- val |= 0x0200;
- break;
- case 1:
- val |= 0x0100;
- break;
- case 2:
- case 3:
- val |= 0x0300;
- break;
- default:
- printf("Bad SWSTYLE=0x%02x\n", val & 0xff);
- val = 0x0200;
- break;
- }
-#ifdef PCNET_DEBUG
- printf("BCR_SWS=0x%04x\n", val);
-#endif
- /* fall through */
- case BCR_LNKST:
- case BCR_LED1:
- case BCR_LED2:
- case BCR_LED3:
- case BCR_MC:
- case BCR_FDC:
- case BCR_BSBC:
- case BCR_EECAS:
- case BCR_PLAT:
- s->bcr[rap] = val;
- break;
- default:
- break;
- }
-}
-
-uint32_t pcnet_bcr_readw(PCNetState *s, uint32_t rap)
-{
- uint32_t val;
- rap &= 127;
- switch (rap) {
- case BCR_LNKST:
- case BCR_LED1:
- case BCR_LED2:
- case BCR_LED3:
- val = s->bcr[rap] & ~0x8000;
- val |= (val & 0x017f & s->lnkst) ? 0x8000 : 0;
- break;
- default:
- val = rap < 32 ? s->bcr[rap] : 0;
- break;
- }
-#ifdef PCNET_DEBUG_BCR
- printf("pcnet_bcr_readw rap=%d val=0x%04x\n", rap, val);
-#endif
- return val;
-}
-
-void pcnet_h_reset(void *opaque)
-{
- PCNetState *s = opaque;
-
- s->bcr[BCR_MSRDA] = 0x0005;
- s->bcr[BCR_MSWRA] = 0x0005;
- s->bcr[BCR_MC ] = 0x0002;
- s->bcr[BCR_LNKST] = 0x00c0;
- s->bcr[BCR_LED1 ] = 0x0084;
- s->bcr[BCR_LED2 ] = 0x0088;
- s->bcr[BCR_LED3 ] = 0x0090;
- s->bcr[BCR_FDC ] = 0x0000;
- s->bcr[BCR_BSBC ] = 0x9001;
- s->bcr[BCR_EECAS] = 0x0002;
- s->bcr[BCR_SWS ] = 0x0200;
- s->bcr[BCR_PLAT ] = 0xff06;
-
- pcnet_s_reset(s);
- pcnet_update_irq(s);
- pcnet_poll_timer(s);
-}
-
-void pcnet_ioport_writew(void *opaque, uint32_t addr, uint32_t val)
-{
- PCNetState *s = opaque;
- pcnet_poll_timer(s);
-#ifdef PCNET_DEBUG_IO
- printf("pcnet_ioport_writew addr=0x%08x val=0x%04x\n", addr, val);
-#endif
- if (!BCR_DWIO(s)) {
- switch (addr & 0x0f) {
- case 0x00: /* RDP */
- pcnet_csr_writew(s, s->rap, val);
- break;
- case 0x02:
- s->rap = val & 0x7f;
- break;
- case 0x06:
- pcnet_bcr_writew(s, s->rap, val);
- break;
- }
- }
- pcnet_update_irq(s);
-}
-
-uint32_t pcnet_ioport_readw(void *opaque, uint32_t addr)
-{
- PCNetState *s = opaque;
- uint32_t val = -1;
- pcnet_poll_timer(s);
- if (!BCR_DWIO(s)) {
- switch (addr & 0x0f) {
- case 0x00: /* RDP */
- val = pcnet_csr_readw(s, s->rap);
- break;
- case 0x02:
- val = s->rap;
- break;
- case 0x04:
- pcnet_s_reset(s);
- val = 0;
- break;
- case 0x06:
- val = pcnet_bcr_readw(s, s->rap);
- break;
- }
- }
- pcnet_update_irq(s);
-#ifdef PCNET_DEBUG_IO
- printf("pcnet_ioport_readw addr=0x%08x val=0x%04x\n", addr, val & 0xffff);
-#endif
- return val;
-}
-
-void pcnet_ioport_writel(void *opaque, uint32_t addr, uint32_t val)
-{
- PCNetState *s = opaque;
- pcnet_poll_timer(s);
-#ifdef PCNET_DEBUG_IO
- printf("pcnet_ioport_writel addr=0x%08x val=0x%08x\n", addr, val);
-#endif
- if (BCR_DWIO(s)) {
- switch (addr & 0x0f) {
- case 0x00: /* RDP */
- pcnet_csr_writew(s, s->rap, val & 0xffff);
- break;
- case 0x04:
- s->rap = val & 0x7f;
- break;
- case 0x0c:
- pcnet_bcr_writew(s, s->rap, val & 0xffff);
- break;
- }
- } else
- if ((addr & 0x0f) == 0) {
- /* switch device to dword i/o mode */
- pcnet_bcr_writew(s, BCR_BSBC, pcnet_bcr_readw(s, BCR_BSBC) | 0x0080);
-#ifdef PCNET_DEBUG_IO
- printf("device switched into dword i/o mode\n");
-#endif
- }
- pcnet_update_irq(s);
-}
-
-uint32_t pcnet_ioport_readl(void *opaque, uint32_t addr)
-{
- PCNetState *s = opaque;
- uint32_t val = -1;
- pcnet_poll_timer(s);
- if (BCR_DWIO(s)) {
- switch (addr & 0x0f) {
- case 0x00: /* RDP */
- val = pcnet_csr_readw(s, s->rap);
- break;
- case 0x04:
- val = s->rap;
- break;
- case 0x08:
- pcnet_s_reset(s);
- val = 0;
- break;
- case 0x0c:
- val = pcnet_bcr_readw(s, s->rap);
- break;
- }
- }
- pcnet_update_irq(s);
-#ifdef PCNET_DEBUG_IO
- printf("pcnet_ioport_readl addr=0x%08x val=0x%08x\n", addr, val);
-#endif
- return val;
-}
-
-static bool is_version_2(void *opaque, int version_id)
-{
- return version_id == 2;
-}
-
-const VMStateDescription vmstate_pcnet = {
- .name = "pcnet",
- .version_id = 3,
- .minimum_version_id = 2,
- .minimum_version_id_old = 2,
- .fields = (VMStateField []) {
- VMSTATE_INT32(rap, PCNetState),
- VMSTATE_INT32(isr, PCNetState),
- VMSTATE_INT32(lnkst, PCNetState),
- VMSTATE_UINT32(rdra, PCNetState),
- VMSTATE_UINT32(tdra, PCNetState),
- VMSTATE_BUFFER(prom, PCNetState),
- VMSTATE_UINT16_ARRAY(csr, PCNetState, 128),
- VMSTATE_UINT16_ARRAY(bcr, PCNetState, 32),
- VMSTATE_UINT64(timer, PCNetState),
- VMSTATE_INT32(xmit_pos, PCNetState),
- VMSTATE_BUFFER(buffer, PCNetState),
- VMSTATE_UNUSED_TEST(is_version_2, 4),
- VMSTATE_INT32(tx_busy, PCNetState),
- VMSTATE_TIMER(poll_timer, PCNetState),
- VMSTATE_END_OF_LIST()
- }
-};
-
-void pcnet_common_cleanup(PCNetState *d)
-{
- d->nic = NULL;
-}
-
-int pcnet_common_init(DeviceState *dev, PCNetState *s, NetClientInfo *info)
-{
- int i;
- uint16_t checksum;
-
- s->poll_timer = qemu_new_timer_ns(vm_clock, pcnet_poll_timer, s);
-
- qemu_macaddr_default_if_unset(&s->conf.macaddr);
- s->nic = qemu_new_nic(info, &s->conf, object_get_typename(OBJECT(dev)), dev->id, s);
- qemu_format_nic_info_str(&s->nic->nc, s->conf.macaddr.a);
-
- add_boot_device_path(s->conf.bootindex, dev, "/ethernet-phy@0");
-
- /* Initialize the PROM */
-
- /*
- Datasheet: http://pdfdata.datasheetsite.com/web/24528/AM79C970A.pdf
- page 95
- */
- memcpy(s->prom, s->conf.macaddr.a, 6);
- /* Reserved Location: must be 00h */
- s->prom[6] = s->prom[7] = 0x00;
- /* Reserved Location: must be 00h */
- s->prom[8] = 0x00;
- /* Hardware ID: must be 11h if compatibility to AMD drivers is desired */
- s->prom[9] = 0x11;
- /* User programmable space, init with 0 */
- s->prom[10] = s->prom[11] = 0x00;
- /* LSByte of two-byte checksum, which is the sum of bytes 00h-0Bh
- and bytes 0Eh and 0Fh, must therefore be initialized with 0! */
- s->prom[12] = s->prom[13] = 0x00;
- /* Must be ASCII W (57h) if compatibility to AMD
- driver software is desired */
- s->prom[14] = s->prom[15] = 0x57;
-
- for (i = 0, checksum = 0; i < 16; i++) {
- checksum += s->prom[i];
- }
- *(uint16_t *)&s->prom[12] = cpu_to_le16(checksum);
-
- s->lnkst = 0x40; /* initial link state: up */
-
- return 0;
-}
diff --git a/hw/pcnet.h b/hw/pcnet.h
deleted file mode 100644
index da8c3bde7..000000000
--- a/hw/pcnet.h
+++ /dev/null
@@ -1,65 +0,0 @@
-#define PCNET_IOPORT_SIZE 0x20
-#define PCNET_PNPMMIO_SIZE 0x20
-
-#define PCNET_LOOPTEST_CRC 1
-#define PCNET_LOOPTEST_NOCRC 2
-
-#include "memory.h"
-
-/* BUS CONFIGURATION REGISTERS */
-#define BCR_MSRDA 0
-#define BCR_MSWRA 1
-#define BCR_MC 2
-#define BCR_LNKST 4
-#define BCR_LED1 5
-#define BCR_LED2 6
-#define BCR_LED3 7
-#define BCR_FDC 9
-#define BCR_BSBC 18
-#define BCR_EECAS 19
-#define BCR_SWS 20
-#define BCR_PLAT 22
-
-#define BCR_TMAULOOP(S) !!((S)->bcr[BCR_MC ] & 0x4000)
-#define BCR_APROMWE(S) !!((S)->bcr[BCR_MC ] & 0x0100)
-#define BCR_DWIO(S) !!((S)->bcr[BCR_BSBC] & 0x0080)
-#define BCR_SSIZE32(S) !!((S)->bcr[BCR_SWS ] & 0x0100)
-#define BCR_SWSTYLE(S) ((S)->bcr[BCR_SWS ] & 0x00FF)
-
-typedef struct PCNetState_st PCNetState;
-
-struct PCNetState_st {
- NICState *nic;
- NICConf conf;
- QEMUTimer *poll_timer;
- int rap, isr, lnkst;
- uint32_t rdra, tdra;
- uint8_t prom[16];
- uint16_t csr[128];
- uint16_t bcr[32];
- int xmit_pos;
- uint64_t timer;
- MemoryRegion mmio;
- uint8_t buffer[4096];
- qemu_irq irq;
- void (*phys_mem_read)(void *dma_opaque, hwaddr addr,
- uint8_t *buf, int len, int do_bswap);
- void (*phys_mem_write)(void *dma_opaque, hwaddr addr,
- uint8_t *buf, int len, int do_bswap);
- void *dma_opaque;
- int tx_busy;
- int looptest;
-};
-
-void pcnet_h_reset(void *opaque);
-void pcnet_ioport_writew(void *opaque, uint32_t addr, uint32_t val);
-uint32_t pcnet_ioport_readw(void *opaque, uint32_t addr);
-void pcnet_ioport_writel(void *opaque, uint32_t addr, uint32_t val);
-uint32_t pcnet_ioport_readl(void *opaque, uint32_t addr);
-uint32_t pcnet_bcr_readw(PCNetState *s, uint32_t rap);
-int pcnet_can_receive(NetClientState *nc);
-ssize_t pcnet_receive(NetClientState *nc, const uint8_t *buf, size_t size_);
-void pcnet_set_link_status(NetClientState *nc);
-void pcnet_common_cleanup(PCNetState *d);
-int pcnet_common_init(DeviceState *dev, PCNetState *s, NetClientInfo *info);
-extern const VMStateDescription vmstate_pcnet;
diff --git a/hw/pcspk.c b/hw/pcspk.c
deleted file mode 100644
index ad6491b0f..000000000
--- a/hw/pcspk.c
+++ /dev/null
@@ -1,201 +0,0 @@
-/*
- * QEMU PC speaker emulation
- *
- * Copyright (c) 2006 Joachim Henke
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
- * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
- * THE SOFTWARE.
- */
-
-#include "hw.h"
-#include "pc.h"
-#include "isa.h"
-#include "audio/audio.h"
-#include "qemu-timer.h"
-#include "i8254.h"
-#include "pcspk.h"
-
-#define PCSPK_BUF_LEN 1792
-#define PCSPK_SAMPLE_RATE 32000
-#define PCSPK_MAX_FREQ (PCSPK_SAMPLE_RATE >> 1)
-#define PCSPK_MIN_COUNT ((PIT_FREQ + PCSPK_MAX_FREQ - 1) / PCSPK_MAX_FREQ)
-
-typedef struct {
- ISADevice dev;
- MemoryRegion ioport;
- uint32_t iobase;
- uint8_t sample_buf[PCSPK_BUF_LEN];
- QEMUSoundCard card;
- SWVoiceOut *voice;
- void *pit;
- unsigned int pit_count;
- unsigned int samples;
- unsigned int play_pos;
- int data_on;
- int dummy_refresh_clock;
-} PCSpkState;
-
-static const char *s_spk = "pcspk";
-static PCSpkState *pcspk_state;
-
-static inline void generate_samples(PCSpkState *s)
-{
- unsigned int i;
-
- if (s->pit_count) {
- const uint32_t m = PCSPK_SAMPLE_RATE * s->pit_count;
- const uint32_t n = ((uint64_t)PIT_FREQ << 32) / m;
-
- /* multiple of wavelength for gapless looping */
- s->samples = (PCSPK_BUF_LEN * PIT_FREQ / m * m / (PIT_FREQ >> 1) + 1) >> 1;
- for (i = 0; i < s->samples; ++i)
- s->sample_buf[i] = (64 & (n * i >> 25)) - 32;
- } else {
- s->samples = PCSPK_BUF_LEN;
- for (i = 0; i < PCSPK_BUF_LEN; ++i)
- s->sample_buf[i] = 128; /* silence */
- }
-}
-
-static void pcspk_callback(void *opaque, int free)
-{
- PCSpkState *s = opaque;
- PITChannelInfo ch;
- unsigned int n;
-
- pit_get_channel_info(s->pit, 2, &ch);
-
- if (ch.mode != 3) {
- return;
- }
-
- n = ch.initial_count;
- /* avoid frequencies that are not reproducible with sample rate */
- if (n < PCSPK_MIN_COUNT)
- n = 0;
-
- if (s->pit_count != n) {
- s->pit_count = n;
- s->play_pos = 0;
- generate_samples(s);
- }
-
- while (free > 0) {
- n = audio_MIN(s->samples - s->play_pos, (unsigned int)free);
- n = AUD_write(s->voice, &s->sample_buf[s->play_pos], n);
- if (!n)
- break;
- s->play_pos = (s->play_pos + n) % s->samples;
- free -= n;
- }
-}
-
-int pcspk_audio_init(ISABus *bus)
-{
- PCSpkState *s = pcspk_state;
- struct audsettings as = {PCSPK_SAMPLE_RATE, 1, AUD_FMT_U8, 0};
-
- AUD_register_card(s_spk, &s->card);
-
- s->voice = AUD_open_out(&s->card, s->voice, s_spk, s, pcspk_callback, &as);
- if (!s->voice) {
- AUD_log(s_spk, "Could not open voice\n");
- return -1;
- }
-
- return 0;
-}
-
-static uint64_t pcspk_io_read(void *opaque, hwaddr addr,
- unsigned size)
-{
- PCSpkState *s = opaque;
- PITChannelInfo ch;
-
- pit_get_channel_info(s->pit, 2, &ch);
-
- s->dummy_refresh_clock ^= (1 << 4);
-
- return ch.gate | (s->data_on << 1) | s->dummy_refresh_clock |
- (ch.out << 5);
-}
-
-static void pcspk_io_write(void *opaque, hwaddr addr, uint64_t val,
- unsigned size)
-{
- PCSpkState *s = opaque;
- const int gate = val & 1;
-
- s->data_on = (val >> 1) & 1;
- pit_set_gate(s->pit, 2, gate);
- if (s->voice) {
- if (gate) /* restart */
- s->play_pos = 0;
- AUD_set_active_out(s->voice, gate & s->data_on);
- }
-}
-
-static const MemoryRegionOps pcspk_io_ops = {
- .read = pcspk_io_read,
- .write = pcspk_io_write,
- .impl = {
- .min_access_size = 1,
- .max_access_size = 1,
- },
-};
-
-static int pcspk_initfn(ISADevice *dev)
-{
- PCSpkState *s = DO_UPCAST(PCSpkState, dev, dev);
-
- memory_region_init_io(&s->ioport, &pcspk_io_ops, s, "elcr", 1);
- isa_register_ioport(dev, &s->ioport, s->iobase);
-
- pcspk_state = s;
-
- return 0;
-}
-
-static Property pcspk_properties[] = {
- DEFINE_PROP_HEX32("iobase", PCSpkState, iobase, -1),
- DEFINE_PROP_PTR("pit", PCSpkState, pit),
- DEFINE_PROP_END_OF_LIST(),
-};
-
-static void pcspk_class_initfn(ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS(klass);
- ISADeviceClass *ic = ISA_DEVICE_CLASS(klass);
-
- ic->init = pcspk_initfn;
- dc->no_user = 1;
- dc->props = pcspk_properties;
-}
-
-static TypeInfo pcspk_info = {
- .name = "isa-pcspk",
- .parent = TYPE_ISA_DEVICE,
- .instance_size = sizeof(PCSpkState),
- .class_init = pcspk_class_initfn,
-};
-
-static void pcspk_register(void)
-{
- type_register_static(&pcspk_info);
-}
-type_init(pcspk_register)
diff --git a/hw/pcspk.h b/hw/pcspk.h
deleted file mode 100644
index 7f42bac1c..000000000
--- a/hw/pcspk.h
+++ /dev/null
@@ -1,45 +0,0 @@
-/*
- * QEMU PC speaker emulation
- *
- * Copyright (c) 2006 Joachim Henke
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
- * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
- * THE SOFTWARE.
- */
-
-#ifndef HW_PCSPK_H
-#define HW_PCSPK_H
-
-#include "hw.h"
-#include "isa.h"
-
-static inline ISADevice *pcspk_init(ISABus *bus, ISADevice *pit)
-{
- ISADevice *dev;
-
- dev = isa_create(bus, "isa-pcspk");
- qdev_prop_set_uint32(&dev->qdev, "iobase", 0x61);
- qdev_prop_set_ptr(&dev->qdev, "pit", pit);
- qdev_init_nofail(&dev->qdev);
-
- return dev;
-}
-
-int pcspk_audio_init(ISABus *bus);
-
-#endif /* !HW_PCSPK_H */
diff --git a/hw/petalogix_ml605_mmu.c b/hw/petalogix_ml605_mmu.c
deleted file mode 100644
index 3589a4bc7..000000000
--- a/hw/petalogix_ml605_mmu.c
+++ /dev/null
@@ -1,184 +0,0 @@
-/*
- * Model of Petalogix linux reference design targeting Xilinx Spartan ml605
- * board.
- *
- * Copyright (c) 2011 Michal Simek <monstr@monstr.eu>
- * Copyright (c) 2011 PetaLogix
- * Copyright (c) 2009 Edgar E. Iglesias.
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
- * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
- * THE SOFTWARE.
- */
-
-#include "sysbus.h"
-#include "hw.h"
-#include "net.h"
-#include "flash.h"
-#include "sysemu.h"
-#include "devices.h"
-#include "boards.h"
-#include "xilinx.h"
-#include "blockdev.h"
-#include "serial.h"
-#include "exec-memory.h"
-#include "ssi.h"
-
-#include "microblaze_boot.h"
-#include "microblaze_pic_cpu.h"
-
-#include "stream.h"
-
-#define LMB_BRAM_SIZE (128 * 1024)
-#define FLASH_SIZE (32 * 1024 * 1024)
-
-#define BINARY_DEVICE_TREE_FILE "petalogix-ml605.dtb"
-
-#define NUM_SPI_FLASHES 4
-
-#define MEMORY_BASEADDR 0x50000000
-#define FLASH_BASEADDR 0x86000000
-#define INTC_BASEADDR 0x81800000
-#define TIMER_BASEADDR 0x83c00000
-#define UART16550_BASEADDR 0x83e00000
-#define AXIENET_BASEADDR 0x82780000
-#define AXIDMA_BASEADDR 0x84600000
-
-static void machine_cpu_reset(MicroBlazeCPU *cpu)
-{
- CPUMBState *env = &cpu->env;
-
- env->pvr.regs[10] = 0x0e000000; /* virtex 6 */
- /* setup pvr to match kernel setting */
- env->pvr.regs[5] |= PVR5_DCACHE_WRITEBACK_MASK;
- env->pvr.regs[0] |= PVR0_USE_FPU_MASK | PVR0_ENDI;
- env->pvr.regs[0] = (env->pvr.regs[0] & ~PVR0_VERSION_MASK) | (0x14 << 8);
- env->pvr.regs[2] ^= PVR2_USE_FPU2_MASK;
- env->pvr.regs[4] = 0xc56b8000;
- env->pvr.regs[5] = 0xc56be000;
-}
-
-static void
-petalogix_ml605_init(QEMUMachineInitArgs *args)
-{
- ram_addr_t ram_size = args->ram_size;
- const char *cpu_model = args->cpu_model;
- MemoryRegion *address_space_mem = get_system_memory();
- DeviceState *dev, *dma, *eth0;
- MicroBlazeCPU *cpu;
- SysBusDevice *busdev;
- CPUMBState *env;
- DriveInfo *dinfo;
- int i;
- hwaddr ddr_base = MEMORY_BASEADDR;
- MemoryRegion *phys_lmb_bram = g_new(MemoryRegion, 1);
- MemoryRegion *phys_ram = g_new(MemoryRegion, 1);
- qemu_irq irq[32], *cpu_irq;
-
- /* init CPUs */
- if (cpu_model == NULL) {
- cpu_model = "microblaze";
- }
- cpu = cpu_mb_init(cpu_model);
- env = &cpu->env;
-
- /* Attach emulated BRAM through the LMB. */
- memory_region_init_ram(phys_lmb_bram, "petalogix_ml605.lmb_bram",
- LMB_BRAM_SIZE);
- vmstate_register_ram_global(phys_lmb_bram);
- memory_region_add_subregion(address_space_mem, 0x00000000, phys_lmb_bram);
-
- memory_region_init_ram(phys_ram, "petalogix_ml605.ram", ram_size);
- vmstate_register_ram_global(phys_ram);
- memory_region_add_subregion(address_space_mem, ddr_base, phys_ram);
-
- dinfo = drive_get(IF_PFLASH, 0, 0);
- /* 5th parameter 2 means bank-width
- * 10th paremeter 0 means little-endian */
- pflash_cfi01_register(FLASH_BASEADDR,
- NULL, "petalogix_ml605.flash", FLASH_SIZE,
- dinfo ? dinfo->bdrv : NULL, (64 * 1024),
- FLASH_SIZE >> 16,
- 2, 0x89, 0x18, 0x0000, 0x0, 0);
-
-
- cpu_irq = microblaze_pic_init_cpu(env);
- dev = xilinx_intc_create(INTC_BASEADDR, cpu_irq[0], 4);
- for (i = 0; i < 32; i++) {
- irq[i] = qdev_get_gpio_in(dev, i);
- }
-
- serial_mm_init(address_space_mem, UART16550_BASEADDR + 0x1000, 2,
- irq[5], 115200, serial_hds[0], DEVICE_LITTLE_ENDIAN);
-
- /* 2 timers at irq 2 @ 100 Mhz. */
- xilinx_timer_create(TIMER_BASEADDR, irq[2], 0, 100 * 1000000);
-
- /* axi ethernet and dma initialization. */
- dma = qdev_create(NULL, "xlnx.axi-dma");
-
- /* FIXME: attach to the sysbus instead */
- object_property_add_child(container_get(qdev_get_machine(), "/unattached"),
- "xilinx-dma", OBJECT(dma), NULL);
-
- eth0 = xilinx_axiethernet_create(&nd_table[0], STREAM_SLAVE(dma),
- 0x82780000, irq[3], 0x1000, 0x1000);
-
- xilinx_axiethernetdma_init(dma, STREAM_SLAVE(eth0),
- 0x84600000, irq[1], irq[0], 100 * 1000000);
-
- {
- SSIBus *spi;
-
- dev = qdev_create(NULL, "xlnx.xps-spi");
- qdev_prop_set_uint8(dev, "num-ss-bits", NUM_SPI_FLASHES);
- qdev_init_nofail(dev);
- busdev = sysbus_from_qdev(dev);
- sysbus_mmio_map(busdev, 0, 0x40a00000);
- sysbus_connect_irq(busdev, 0, irq[4]);
-
- spi = (SSIBus *)qdev_get_child_bus(dev, "spi");
-
- for (i = 0; i < NUM_SPI_FLASHES; i++) {
- qemu_irq cs_line;
-
- dev = ssi_create_slave_no_init(spi, "m25p80");
- qdev_prop_set_string(dev, "partname", "n25q128");
- qdev_init_nofail(dev);
- cs_line = qdev_get_gpio_in(dev, 0);
- sysbus_connect_irq(busdev, i+1, cs_line);
- }
- }
-
- microblaze_load_kernel(cpu, ddr_base, ram_size, BINARY_DEVICE_TREE_FILE,
- machine_cpu_reset);
-
-}
-
-static QEMUMachine petalogix_ml605_machine = {
- .name = "petalogix-ml605",
- .desc = "PetaLogix linux refdesign for xilinx ml605 little endian",
- .init = petalogix_ml605_init,
- .is_default = 0
-};
-
-static void petalogix_ml605_machine_init(void)
-{
- qemu_register_machine(&petalogix_ml605_machine);
-}
-
-machine_init(petalogix_ml605_machine_init);
diff --git a/hw/petalogix_s3adsp1800_mmu.c b/hw/petalogix_s3adsp1800_mmu.c
deleted file mode 100644
index c5fd5e793..000000000
--- a/hw/petalogix_s3adsp1800_mmu.c
+++ /dev/null
@@ -1,126 +0,0 @@
-/*
- * Model of Petalogix linux reference design targeting Xilinx Spartan 3ADSP-1800
- * boards.
- *
- * Copyright (c) 2009 Edgar E. Iglesias.
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
- * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
- * THE SOFTWARE.
- */
-
-#include "sysbus.h"
-#include "hw.h"
-#include "net.h"
-#include "flash.h"
-#include "sysemu.h"
-#include "devices.h"
-#include "boards.h"
-#include "xilinx.h"
-#include "blockdev.h"
-#include "exec-memory.h"
-
-#include "microblaze_boot.h"
-#include "microblaze_pic_cpu.h"
-
-#define LMB_BRAM_SIZE (128 * 1024)
-#define FLASH_SIZE (16 * 1024 * 1024)
-
-#define BINARY_DEVICE_TREE_FILE "petalogix-s3adsp1800.dtb"
-
-#define MEMORY_BASEADDR 0x90000000
-#define FLASH_BASEADDR 0xa0000000
-#define INTC_BASEADDR 0x81800000
-#define TIMER_BASEADDR 0x83c00000
-#define UARTLITE_BASEADDR 0x84000000
-#define ETHLITE_BASEADDR 0x81000000
-
-static void machine_cpu_reset(MicroBlazeCPU *cpu)
-{
- CPUMBState *env = &cpu->env;
-
- env->pvr.regs[10] = 0x0c000000; /* spartan 3a dsp family. */
-}
-
-static void
-petalogix_s3adsp1800_init(QEMUMachineInitArgs *args)
-{
- ram_addr_t ram_size = args->ram_size;
- const char *cpu_model = args->cpu_model;
- DeviceState *dev;
- MicroBlazeCPU *cpu;
- CPUMBState *env;
- DriveInfo *dinfo;
- int i;
- hwaddr ddr_base = MEMORY_BASEADDR;
- MemoryRegion *phys_lmb_bram = g_new(MemoryRegion, 1);
- MemoryRegion *phys_ram = g_new(MemoryRegion, 1);
- qemu_irq irq[32], *cpu_irq;
- MemoryRegion *sysmem = get_system_memory();
-
- /* init CPUs */
- if (cpu_model == NULL) {
- cpu_model = "microblaze";
- }
- cpu = cpu_mb_init(cpu_model);
- env = &cpu->env;
-
- /* Attach emulated BRAM through the LMB. */
- memory_region_init_ram(phys_lmb_bram,
- "petalogix_s3adsp1800.lmb_bram", LMB_BRAM_SIZE);
- vmstate_register_ram_global(phys_lmb_bram);
- memory_region_add_subregion(sysmem, 0x00000000, phys_lmb_bram);
-
- memory_region_init_ram(phys_ram, "petalogix_s3adsp1800.ram", ram_size);
- vmstate_register_ram_global(phys_ram);
- memory_region_add_subregion(sysmem, ddr_base, phys_ram);
-
- dinfo = drive_get(IF_PFLASH, 0, 0);
- pflash_cfi01_register(FLASH_BASEADDR,
- NULL, "petalogix_s3adsp1800.flash", FLASH_SIZE,
- dinfo ? dinfo->bdrv : NULL, (64 * 1024),
- FLASH_SIZE >> 16,
- 1, 0x89, 0x18, 0x0000, 0x0, 1);
-
- cpu_irq = microblaze_pic_init_cpu(env);
- dev = xilinx_intc_create(INTC_BASEADDR, cpu_irq[0], 2);
- for (i = 0; i < 32; i++) {
- irq[i] = qdev_get_gpio_in(dev, i);
- }
-
- sysbus_create_simple("xlnx.xps-uartlite", UARTLITE_BASEADDR, irq[3]);
- /* 2 timers at irq 2 @ 62 Mhz. */
- xilinx_timer_create(TIMER_BASEADDR, irq[0], 0, 62 * 1000000);
- xilinx_ethlite_create(&nd_table[0], ETHLITE_BASEADDR, irq[1], 0, 0);
-
- microblaze_load_kernel(cpu, ddr_base, ram_size,
- BINARY_DEVICE_TREE_FILE, machine_cpu_reset);
-}
-
-static QEMUMachine petalogix_s3adsp1800_machine = {
- .name = "petalogix-s3adsp1800",
- .desc = "PetaLogix linux refdesign for xilinx Spartan 3ADSP1800",
- .init = petalogix_s3adsp1800_init,
- .is_default = 1
-};
-
-static void petalogix_s3adsp1800_machine_init(void)
-{
- qemu_register_machine(&petalogix_s3adsp1800_machine);
-}
-
-machine_init(petalogix_s3adsp1800_machine_init);
diff --git a/hw/pflash_cfi01.c b/hw/pflash_cfi01.c
deleted file mode 100644
index 7d040b508..000000000
--- a/hw/pflash_cfi01.c
+++ /dev/null
@@ -1,754 +0,0 @@
-/*
- * CFI parallel flash with Intel command set emulation
- *
- * Copyright (c) 2006 Thorsten Zitterell
- * Copyright (c) 2005 Jocelyn Mayer
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, see <http://www.gnu.org/licenses/>.
- */
-
-/*
- * For now, this code can emulate flashes of 1, 2 or 4 bytes width.
- * Supported commands/modes are:
- * - flash read
- * - flash write
- * - flash ID read
- * - sector erase
- * - CFI queries
- *
- * It does not support timings
- * It does not support flash interleaving
- * It does not implement software data protection as found in many real chips
- * It does not implement erase suspend/resume commands
- * It does not implement multiple sectors erase
- *
- * It does not implement much more ...
- */
-
-#include "hw.h"
-#include "flash.h"
-#include "block.h"
-#include "qemu-timer.h"
-#include "exec-memory.h"
-#include "host-utils.h"
-#include "sysbus.h"
-
-#define PFLASH_BUG(fmt, ...) \
-do { \
- printf("PFLASH: Possible BUG - " fmt, ## __VA_ARGS__); \
- exit(1); \
-} while(0)
-
-/* #define PFLASH_DEBUG */
-#ifdef PFLASH_DEBUG
-#define DPRINTF(fmt, ...) \
-do { \
- printf("PFLASH: " fmt , ## __VA_ARGS__); \
-} while (0)
-#else
-#define DPRINTF(fmt, ...) do { } while (0)
-#endif
-
-struct pflash_t {
- SysBusDevice busdev;
- BlockDriverState *bs;
- uint32_t nb_blocs;
- uint64_t sector_len;
- uint8_t width;
- uint8_t be;
- int wcycle; /* if 0, the flash is read normally */
- int bypass;
- int ro;
- uint8_t cmd;
- uint8_t status;
- uint16_t ident0;
- uint16_t ident1;
- uint16_t ident2;
- uint16_t ident3;
- uint8_t cfi_len;
- uint8_t cfi_table[0x52];
- hwaddr counter;
- unsigned int writeblock_size;
- QEMUTimer *timer;
- MemoryRegion mem;
- char *name;
- void *storage;
-};
-
-static void pflash_timer (void *opaque)
-{
- pflash_t *pfl = opaque;
-
- DPRINTF("%s: command %02x done\n", __func__, pfl->cmd);
- /* Reset flash */
- pfl->status ^= 0x80;
- if (pfl->bypass) {
- pfl->wcycle = 2;
- } else {
- memory_region_rom_device_set_readable(&pfl->mem, true);
- pfl->wcycle = 0;
- }
- pfl->cmd = 0;
-}
-
-static uint32_t pflash_read (pflash_t *pfl, hwaddr offset,
- int width, int be)
-{
- hwaddr boff;
- uint32_t ret;
- uint8_t *p;
-
- ret = -1;
- boff = offset & 0xFF; /* why this here ?? */
-
- if (pfl->width == 2)
- boff = boff >> 1;
- else if (pfl->width == 4)
- boff = boff >> 2;
-
-#if 0
- DPRINTF("%s: reading offset " TARGET_FMT_plx " under cmd %02x width %d\n",
- __func__, offset, pfl->cmd, width);
-#endif
- switch (pfl->cmd) {
- case 0x00:
- /* Flash area read */
- p = pfl->storage;
- switch (width) {
- case 1:
- ret = p[offset];
- DPRINTF("%s: data offset " TARGET_FMT_plx " %02x\n",
- __func__, offset, ret);
- break;
- case 2:
- if (be) {
- ret = p[offset] << 8;
- ret |= p[offset + 1];
- } else {
- ret = p[offset];
- ret |= p[offset + 1] << 8;
- }
- DPRINTF("%s: data offset " TARGET_FMT_plx " %04x\n",
- __func__, offset, ret);
- break;
- case 4:
- if (be) {
- ret = p[offset] << 24;
- ret |= p[offset + 1] << 16;
- ret |= p[offset + 2] << 8;
- ret |= p[offset + 3];
- } else {
- ret = p[offset];
- ret |= p[offset + 1] << 8;
- ret |= p[offset + 2] << 16;
- ret |= p[offset + 3] << 24;
- }
- DPRINTF("%s: data offset " TARGET_FMT_plx " %08x\n",
- __func__, offset, ret);
- break;
- default:
- DPRINTF("BUG in %s\n", __func__);
- }
-
- break;
- case 0x20: /* Block erase */
- case 0x50: /* Clear status register */
- case 0x60: /* Block /un)lock */
- case 0x70: /* Status Register */
- case 0xe8: /* Write block */
- /* Status register read */
- ret = pfl->status;
- DPRINTF("%s: status %x\n", __func__, ret);
- break;
- case 0x90:
- switch (boff) {
- case 0:
- ret = pfl->ident0 << 8 | pfl->ident1;
- DPRINTF("%s: Manufacturer Code %04x\n", __func__, ret);
- break;
- case 1:
- ret = pfl->ident2 << 8 | pfl->ident3;
- DPRINTF("%s: Device ID Code %04x\n", __func__, ret);
- break;
- default:
- DPRINTF("%s: Read Device Information boff=%x\n", __func__,
- (unsigned)boff);
- ret = 0;
- break;
- }
- break;
- case 0x98: /* Query mode */
- if (boff > pfl->cfi_len)
- ret = 0;
- else
- ret = pfl->cfi_table[boff];
- break;
- default:
- /* This should never happen : reset state & treat it as a read */
- DPRINTF("%s: unknown command state: %x\n", __func__, pfl->cmd);
- pfl->wcycle = 0;
- pfl->cmd = 0;
- }
- return ret;
-}
-
-/* update flash content on disk */
-static void pflash_update(pflash_t *pfl, int offset,
- int size)
-{
- int offset_end;
- if (pfl->bs) {
- offset_end = offset + size;
- /* round to sectors */
- offset = offset >> 9;
- offset_end = (offset_end + 511) >> 9;
- bdrv_write(pfl->bs, offset, pfl->storage + (offset << 9),
- offset_end - offset);
- }
-}
-
-static inline void pflash_data_write(pflash_t *pfl, hwaddr offset,
- uint32_t value, int width, int be)
-{
- uint8_t *p = pfl->storage;
-
- DPRINTF("%s: block write offset " TARGET_FMT_plx
- " value %x counter " TARGET_FMT_plx "\n",
- __func__, offset, value, pfl->counter);
- switch (width) {
- case 1:
- p[offset] = value;
- break;
- case 2:
- if (be) {
- p[offset] = value >> 8;
- p[offset + 1] = value;
- } else {
- p[offset] = value;
- p[offset + 1] = value >> 8;
- }
- break;
- case 4:
- if (be) {
- p[offset] = value >> 24;
- p[offset + 1] = value >> 16;
- p[offset + 2] = value >> 8;
- p[offset + 3] = value;
- } else {
- p[offset] = value;
- p[offset + 1] = value >> 8;
- p[offset + 2] = value >> 16;
- p[offset + 3] = value >> 24;
- }
- break;
- }
-
-}
-
-static void pflash_write(pflash_t *pfl, hwaddr offset,
- uint32_t value, int width, int be)
-{
- uint8_t *p;
- uint8_t cmd;
-
- cmd = value;
-
- DPRINTF("%s: writing offset " TARGET_FMT_plx " value %08x width %d wcycle 0x%x\n",
- __func__, offset, value, width, pfl->wcycle);
-
- if (!pfl->wcycle) {
- /* Set the device in I/O access mode */
- memory_region_rom_device_set_readable(&pfl->mem, false);
- }
-
- switch (pfl->wcycle) {
- case 0:
- /* read mode */
- switch (cmd) {
- case 0x00: /* ??? */
- goto reset_flash;
- case 0x10: /* Single Byte Program */
- case 0x40: /* Single Byte Program */
- DPRINTF("%s: Single Byte Program\n", __func__);
- break;
- case 0x20: /* Block erase */
- p = pfl->storage;
- offset &= ~(pfl->sector_len - 1);
-
- DPRINTF("%s: block erase at " TARGET_FMT_plx " bytes %x\n",
- __func__, offset, (unsigned)pfl->sector_len);
-
- if (!pfl->ro) {
- memset(p + offset, 0xff, pfl->sector_len);
- pflash_update(pfl, offset, pfl->sector_len);
- } else {
- pfl->status |= 0x20; /* Block erase error */
- }
- pfl->status |= 0x80; /* Ready! */
- break;
- case 0x50: /* Clear status bits */
- DPRINTF("%s: Clear status bits\n", __func__);
- pfl->status = 0x0;
- goto reset_flash;
- case 0x60: /* Block (un)lock */
- DPRINTF("%s: Block unlock\n", __func__);
- break;
- case 0x70: /* Status Register */
- DPRINTF("%s: Read status register\n", __func__);
- pfl->cmd = cmd;
- return;
- case 0x90: /* Read Device ID */
- DPRINTF("%s: Read Device information\n", __func__);
- pfl->cmd = cmd;
- return;
- case 0x98: /* CFI query */
- DPRINTF("%s: CFI query\n", __func__);
- break;
- case 0xe8: /* Write to buffer */
- DPRINTF("%s: Write to buffer\n", __func__);
- pfl->status |= 0x80; /* Ready! */
- break;
- case 0xff: /* Read array mode */
- DPRINTF("%s: Read array mode\n", __func__);
- goto reset_flash;
- default:
- goto error_flash;
- }
- pfl->wcycle++;
- pfl->cmd = cmd;
- break;
- case 1:
- switch (pfl->cmd) {
- case 0x10: /* Single Byte Program */
- case 0x40: /* Single Byte Program */
- DPRINTF("%s: Single Byte Program\n", __func__);
- if (!pfl->ro) {
- pflash_data_write(pfl, offset, value, width, be);
- pflash_update(pfl, offset, width);
- } else {
- pfl->status |= 0x10; /* Programming error */
- }
- pfl->status |= 0x80; /* Ready! */
- pfl->wcycle = 0;
- break;
- case 0x20: /* Block erase */
- case 0x28:
- if (cmd == 0xd0) { /* confirm */
- pfl->wcycle = 0;
- pfl->status |= 0x80;
- } else if (cmd == 0xff) { /* read array mode */
- goto reset_flash;
- } else
- goto error_flash;
-
- break;
- case 0xe8:
- DPRINTF("%s: block write of %x bytes\n", __func__, value);
- pfl->counter = value;
- pfl->wcycle++;
- break;
- case 0x60:
- if (cmd == 0xd0) {
- pfl->wcycle = 0;
- pfl->status |= 0x80;
- } else if (cmd == 0x01) {
- pfl->wcycle = 0;
- pfl->status |= 0x80;
- } else if (cmd == 0xff) {
- goto reset_flash;
- } else {
- DPRINTF("%s: Unknown (un)locking command\n", __func__);
- goto reset_flash;
- }
- break;
- case 0x98:
- if (cmd == 0xff) {
- goto reset_flash;
- } else {
- DPRINTF("%s: leaving query mode\n", __func__);
- }
- break;
- default:
- goto error_flash;
- }
- break;
- case 2:
- switch (pfl->cmd) {
- case 0xe8: /* Block write */
- if (!pfl->ro) {
- pflash_data_write(pfl, offset, value, width, be);
- } else {
- pfl->status |= 0x10; /* Programming error */
- }
-
- pfl->status |= 0x80;
-
- if (!pfl->counter) {
- hwaddr mask = pfl->writeblock_size - 1;
- mask = ~mask;
-
- DPRINTF("%s: block write finished\n", __func__);
- pfl->wcycle++;
- if (!pfl->ro) {
- /* Flush the entire write buffer onto backing storage. */
- pflash_update(pfl, offset & mask, pfl->writeblock_size);
- } else {
- pfl->status |= 0x10; /* Programming error */
- }
- }
-
- pfl->counter--;
- break;
- default:
- goto error_flash;
- }
- break;
- case 3: /* Confirm mode */
- switch (pfl->cmd) {
- case 0xe8: /* Block write */
- if (cmd == 0xd0) {
- pfl->wcycle = 0;
- pfl->status |= 0x80;
- } else {
- DPRINTF("%s: unknown command for \"write block\"\n", __func__);
- PFLASH_BUG("Write block confirm");
- goto reset_flash;
- }
- break;
- default:
- goto error_flash;
- }
- break;
- default:
- /* Should never happen */
- DPRINTF("%s: invalid write state\n", __func__);
- goto reset_flash;
- }
- return;
-
- error_flash:
- printf("%s: Unimplemented flash cmd sequence "
- "(offset " TARGET_FMT_plx ", wcycle 0x%x cmd 0x%x value 0x%x)\n",
- __func__, offset, pfl->wcycle, pfl->cmd, value);
-
- reset_flash:
- memory_region_rom_device_set_readable(&pfl->mem, true);
-
- pfl->bypass = 0;
- pfl->wcycle = 0;
- pfl->cmd = 0;
-}
-
-
-static uint32_t pflash_readb_be(void *opaque, hwaddr addr)
-{
- return pflash_read(opaque, addr, 1, 1);
-}
-
-static uint32_t pflash_readb_le(void *opaque, hwaddr addr)
-{
- return pflash_read(opaque, addr, 1, 0);
-}
-
-static uint32_t pflash_readw_be(void *opaque, hwaddr addr)
-{
- pflash_t *pfl = opaque;
-
- return pflash_read(pfl, addr, 2, 1);
-}
-
-static uint32_t pflash_readw_le(void *opaque, hwaddr addr)
-{
- pflash_t *pfl = opaque;
-
- return pflash_read(pfl, addr, 2, 0);
-}
-
-static uint32_t pflash_readl_be(void *opaque, hwaddr addr)
-{
- pflash_t *pfl = opaque;
-
- return pflash_read(pfl, addr, 4, 1);
-}
-
-static uint32_t pflash_readl_le(void *opaque, hwaddr addr)
-{
- pflash_t *pfl = opaque;
-
- return pflash_read(pfl, addr, 4, 0);
-}
-
-static void pflash_writeb_be(void *opaque, hwaddr addr,
- uint32_t value)
-{
- pflash_write(opaque, addr, value, 1, 1);
-}
-
-static void pflash_writeb_le(void *opaque, hwaddr addr,
- uint32_t value)
-{
- pflash_write(opaque, addr, value, 1, 0);
-}
-
-static void pflash_writew_be(void *opaque, hwaddr addr,
- uint32_t value)
-{
- pflash_t *pfl = opaque;
-
- pflash_write(pfl, addr, value, 2, 1);
-}
-
-static void pflash_writew_le(void *opaque, hwaddr addr,
- uint32_t value)
-{
- pflash_t *pfl = opaque;
-
- pflash_write(pfl, addr, value, 2, 0);
-}
-
-static void pflash_writel_be(void *opaque, hwaddr addr,
- uint32_t value)
-{
- pflash_t *pfl = opaque;
-
- pflash_write(pfl, addr, value, 4, 1);
-}
-
-static void pflash_writel_le(void *opaque, hwaddr addr,
- uint32_t value)
-{
- pflash_t *pfl = opaque;
-
- pflash_write(pfl, addr, value, 4, 0);
-}
-
-static const MemoryRegionOps pflash_cfi01_ops_be = {
- .old_mmio = {
- .read = { pflash_readb_be, pflash_readw_be, pflash_readl_be, },
- .write = { pflash_writeb_be, pflash_writew_be, pflash_writel_be, },
- },
- .endianness = DEVICE_NATIVE_ENDIAN,
-};
-
-static const MemoryRegionOps pflash_cfi01_ops_le = {
- .old_mmio = {
- .read = { pflash_readb_le, pflash_readw_le, pflash_readl_le, },
- .write = { pflash_writeb_le, pflash_writew_le, pflash_writel_le, },
- },
- .endianness = DEVICE_NATIVE_ENDIAN,
-};
-
-static int pflash_cfi01_init(SysBusDevice *dev)
-{
- pflash_t *pfl = FROM_SYSBUS(typeof(*pfl), dev);
- uint64_t total_len;
- int ret;
-
- total_len = pfl->sector_len * pfl->nb_blocs;
-
- /* XXX: to be fixed */
-#if 0
- if (total_len != (8 * 1024 * 1024) && total_len != (16 * 1024 * 1024) &&
- total_len != (32 * 1024 * 1024) && total_len != (64 * 1024 * 1024))
- return NULL;
-#endif
-
- memory_region_init_rom_device(
- &pfl->mem, pfl->be ? &pflash_cfi01_ops_be : &pflash_cfi01_ops_le, pfl,
- pfl->name, total_len);
- vmstate_register_ram(&pfl->mem, DEVICE(pfl));
- pfl->storage = memory_region_get_ram_ptr(&pfl->mem);
- sysbus_init_mmio(dev, &pfl->mem);
-
- if (pfl->bs) {
- /* read the initial flash content */
- ret = bdrv_read(pfl->bs, 0, pfl->storage, total_len >> 9);
-
- if (ret < 0) {
- vmstate_unregister_ram(&pfl->mem, DEVICE(pfl));
- memory_region_destroy(&pfl->mem);
- return 1;
- }
- }
-
- if (pfl->bs) {
- pfl->ro = bdrv_is_read_only(pfl->bs);
- } else {
- pfl->ro = 0;
- }
-
- pfl->timer = qemu_new_timer_ns(vm_clock, pflash_timer, pfl);
- pfl->wcycle = 0;
- pfl->cmd = 0;
- pfl->status = 0;
- /* Hardcoded CFI table */
- pfl->cfi_len = 0x52;
- /* Standard "QRY" string */
- pfl->cfi_table[0x10] = 'Q';
- pfl->cfi_table[0x11] = 'R';
- pfl->cfi_table[0x12] = 'Y';
- /* Command set (Intel) */
- pfl->cfi_table[0x13] = 0x01;
- pfl->cfi_table[0x14] = 0x00;
- /* Primary extended table address (none) */
- pfl->cfi_table[0x15] = 0x31;
- pfl->cfi_table[0x16] = 0x00;
- /* Alternate command set (none) */
- pfl->cfi_table[0x17] = 0x00;
- pfl->cfi_table[0x18] = 0x00;
- /* Alternate extended table (none) */
- pfl->cfi_table[0x19] = 0x00;
- pfl->cfi_table[0x1A] = 0x00;
- /* Vcc min */
- pfl->cfi_table[0x1B] = 0x45;
- /* Vcc max */
- pfl->cfi_table[0x1C] = 0x55;
- /* Vpp min (no Vpp pin) */
- pfl->cfi_table[0x1D] = 0x00;
- /* Vpp max (no Vpp pin) */
- pfl->cfi_table[0x1E] = 0x00;
- /* Reserved */
- pfl->cfi_table[0x1F] = 0x07;
- /* Timeout for min size buffer write */
- pfl->cfi_table[0x20] = 0x07;
- /* Typical timeout for block erase */
- pfl->cfi_table[0x21] = 0x0a;
- /* Typical timeout for full chip erase (4096 ms) */
- pfl->cfi_table[0x22] = 0x00;
- /* Reserved */
- pfl->cfi_table[0x23] = 0x04;
- /* Max timeout for buffer write */
- pfl->cfi_table[0x24] = 0x04;
- /* Max timeout for block erase */
- pfl->cfi_table[0x25] = 0x04;
- /* Max timeout for chip erase */
- pfl->cfi_table[0x26] = 0x00;
- /* Device size */
- pfl->cfi_table[0x27] = ctz32(total_len); // + 1;
- /* Flash device interface (8 & 16 bits) */
- pfl->cfi_table[0x28] = 0x02;
- pfl->cfi_table[0x29] = 0x00;
- /* Max number of bytes in multi-bytes write */
- if (pfl->width == 1) {
- pfl->cfi_table[0x2A] = 0x08;
- } else {
- pfl->cfi_table[0x2A] = 0x0B;
- }
- pfl->writeblock_size = 1 << pfl->cfi_table[0x2A];
-
- pfl->cfi_table[0x2B] = 0x00;
- /* Number of erase block regions (uniform) */
- pfl->cfi_table[0x2C] = 0x01;
- /* Erase block region 1 */
- pfl->cfi_table[0x2D] = pfl->nb_blocs - 1;
- pfl->cfi_table[0x2E] = (pfl->nb_blocs - 1) >> 8;
- pfl->cfi_table[0x2F] = pfl->sector_len >> 8;
- pfl->cfi_table[0x30] = pfl->sector_len >> 16;
-
- /* Extended */
- pfl->cfi_table[0x31] = 'P';
- pfl->cfi_table[0x32] = 'R';
- pfl->cfi_table[0x33] = 'I';
-
- pfl->cfi_table[0x34] = '1';
- pfl->cfi_table[0x35] = '0';
-
- pfl->cfi_table[0x36] = 0x00;
- pfl->cfi_table[0x37] = 0x00;
- pfl->cfi_table[0x38] = 0x00;
- pfl->cfi_table[0x39] = 0x00;
-
- pfl->cfi_table[0x3a] = 0x00;
-
- pfl->cfi_table[0x3b] = 0x00;
- pfl->cfi_table[0x3c] = 0x00;
-
- pfl->cfi_table[0x3f] = 0x01; /* Number of protection fields */
-
- return 0;
-}
-
-static Property pflash_cfi01_properties[] = {
- DEFINE_PROP_DRIVE("drive", struct pflash_t, bs),
- DEFINE_PROP_UINT32("num-blocks", struct pflash_t, nb_blocs, 0),
- DEFINE_PROP_UINT64("sector-length", struct pflash_t, sector_len, 0),
- DEFINE_PROP_UINT8("width", struct pflash_t, width, 0),
- DEFINE_PROP_UINT8("big-endian", struct pflash_t, be, 0),
- DEFINE_PROP_UINT16("id0", struct pflash_t, ident0, 0),
- DEFINE_PROP_UINT16("id1", struct pflash_t, ident1, 0),
- DEFINE_PROP_UINT16("id2", struct pflash_t, ident2, 0),
- DEFINE_PROP_UINT16("id3", struct pflash_t, ident3, 0),
- DEFINE_PROP_STRING("name", struct pflash_t, name),
- DEFINE_PROP_END_OF_LIST(),
-};
-
-static void pflash_cfi01_class_init(ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS(klass);
- SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
-
- k->init = pflash_cfi01_init;
- dc->props = pflash_cfi01_properties;
-}
-
-
-static const TypeInfo pflash_cfi01_info = {
- .name = "cfi.pflash01",
- .parent = TYPE_SYS_BUS_DEVICE,
- .instance_size = sizeof(struct pflash_t),
- .class_init = pflash_cfi01_class_init,
-};
-
-static void pflash_cfi01_register_types(void)
-{
- type_register_static(&pflash_cfi01_info);
-}
-
-type_init(pflash_cfi01_register_types)
-
-pflash_t *pflash_cfi01_register(hwaddr base,
- DeviceState *qdev, const char *name,
- hwaddr size,
- BlockDriverState *bs,
- uint32_t sector_len, int nb_blocs, int width,
- uint16_t id0, uint16_t id1,
- uint16_t id2, uint16_t id3, int be)
-{
- DeviceState *dev = qdev_create(NULL, "cfi.pflash01");
- SysBusDevice *busdev = sysbus_from_qdev(dev);
- pflash_t *pfl = (pflash_t *)object_dynamic_cast(OBJECT(dev),
- "cfi.pflash01");
-
- if (bs && qdev_prop_set_drive(dev, "drive", bs)) {
- abort();
- }
- qdev_prop_set_uint32(dev, "num-blocks", nb_blocs);
- qdev_prop_set_uint64(dev, "sector-length", sector_len);
- qdev_prop_set_uint8(dev, "width", width);
- qdev_prop_set_uint8(dev, "big-endian", !!be);
- qdev_prop_set_uint16(dev, "id0", id0);
- qdev_prop_set_uint16(dev, "id1", id1);
- qdev_prop_set_uint16(dev, "id2", id2);
- qdev_prop_set_uint16(dev, "id3", id3);
- qdev_prop_set_string(dev, "name", name);
- qdev_init_nofail(dev);
-
- sysbus_mmio_map(busdev, 0, base);
- return pfl;
-}
-
-MemoryRegion *pflash_cfi01_get_memory(pflash_t *fl)
-{
- return &fl->mem;
-}
diff --git a/hw/pflash_cfi02.c b/hw/pflash_cfi02.c
deleted file mode 100644
index f918e3658..000000000
--- a/hw/pflash_cfi02.c
+++ /dev/null
@@ -1,786 +0,0 @@
-/*
- * CFI parallel flash with AMD command set emulation
- *
- * Copyright (c) 2005 Jocelyn Mayer
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, see <http://www.gnu.org/licenses/>.
- */
-
-/*
- * For now, this code can emulate flashes of 1, 2 or 4 bytes width.
- * Supported commands/modes are:
- * - flash read
- * - flash write
- * - flash ID read
- * - sector erase
- * - chip erase
- * - unlock bypass command
- * - CFI queries
- *
- * It does not support flash interleaving.
- * It does not implement boot blocs with reduced size
- * It does not implement software data protection as found in many real chips
- * It does not implement erase suspend/resume commands
- * It does not implement multiple sectors erase
- */
-
-#include "hw.h"
-#include "flash.h"
-#include "qemu-timer.h"
-#include "block.h"
-#include "exec-memory.h"
-#include "host-utils.h"
-#include "sysbus.h"
-
-//#define PFLASH_DEBUG
-#ifdef PFLASH_DEBUG
-#define DPRINTF(fmt, ...) \
-do { \
- printf("PFLASH: " fmt , ## __VA_ARGS__); \
-} while (0)
-#else
-#define DPRINTF(fmt, ...) do { } while (0)
-#endif
-
-#define PFLASH_LAZY_ROMD_THRESHOLD 42
-
-struct pflash_t {
- SysBusDevice busdev;
- BlockDriverState *bs;
- uint32_t sector_len;
- uint32_t nb_blocs;
- uint32_t chip_len;
- uint8_t mappings;
- uint8_t width;
- uint8_t be;
- int wcycle; /* if 0, the flash is read normally */
- int bypass;
- int ro;
- uint8_t cmd;
- uint8_t status;
- /* FIXME: implement array device properties */
- uint16_t ident0;
- uint16_t ident1;
- uint16_t ident2;
- uint16_t ident3;
- uint16_t unlock_addr0;
- uint16_t unlock_addr1;
- uint8_t cfi_len;
- uint8_t cfi_table[0x52];
- QEMUTimer *timer;
- /* The device replicates the flash memory across its memory space. Emulate
- * that by having a container (.mem) filled with an array of aliases
- * (.mem_mappings) pointing to the flash memory (.orig_mem).
- */
- MemoryRegion mem;
- MemoryRegion *mem_mappings; /* array; one per mapping */
- MemoryRegion orig_mem;
- int rom_mode;
- int read_counter; /* used for lazy switch-back to rom mode */
- char *name;
- void *storage;
-};
-
-/*
- * Set up replicated mappings of the same region.
- */
-static void pflash_setup_mappings(pflash_t *pfl)
-{
- unsigned i;
- hwaddr size = memory_region_size(&pfl->orig_mem);
-
- memory_region_init(&pfl->mem, "pflash", pfl->mappings * size);
- pfl->mem_mappings = g_new(MemoryRegion, pfl->mappings);
- for (i = 0; i < pfl->mappings; ++i) {
- memory_region_init_alias(&pfl->mem_mappings[i], "pflash-alias",
- &pfl->orig_mem, 0, size);
- memory_region_add_subregion(&pfl->mem, i * size, &pfl->mem_mappings[i]);
- }
-}
-
-static void pflash_register_memory(pflash_t *pfl, int rom_mode)
-{
- memory_region_rom_device_set_readable(&pfl->orig_mem, rom_mode);
- pfl->rom_mode = rom_mode;
-}
-
-static void pflash_timer (void *opaque)
-{
- pflash_t *pfl = opaque;
-
- DPRINTF("%s: command %02x done\n", __func__, pfl->cmd);
- /* Reset flash */
- pfl->status ^= 0x80;
- if (pfl->bypass) {
- pfl->wcycle = 2;
- } else {
- pflash_register_memory(pfl, 1);
- pfl->wcycle = 0;
- }
- pfl->cmd = 0;
-}
-
-static uint32_t pflash_read (pflash_t *pfl, hwaddr offset,
- int width, int be)
-{
- hwaddr boff;
- uint32_t ret;
- uint8_t *p;
-
- DPRINTF("%s: offset " TARGET_FMT_plx "\n", __func__, offset);
- ret = -1;
- /* Lazy reset to ROMD mode after a certain amount of read accesses */
- if (!pfl->rom_mode && pfl->wcycle == 0 &&
- ++pfl->read_counter > PFLASH_LAZY_ROMD_THRESHOLD) {
- pflash_register_memory(pfl, 1);
- }
- offset &= pfl->chip_len - 1;
- boff = offset & 0xFF;
- if (pfl->width == 2)
- boff = boff >> 1;
- else if (pfl->width == 4)
- boff = boff >> 2;
- switch (pfl->cmd) {
- default:
- /* This should never happen : reset state & treat it as a read*/
- DPRINTF("%s: unknown command state: %x\n", __func__, pfl->cmd);
- pfl->wcycle = 0;
- pfl->cmd = 0;
- case 0x80:
- /* We accept reads during second unlock sequence... */
- case 0x00:
- flash_read:
- /* Flash area read */
- p = pfl->storage;
- switch (width) {
- case 1:
- ret = p[offset];
-// DPRINTF("%s: data offset %08x %02x\n", __func__, offset, ret);
- break;
- case 2:
- if (be) {
- ret = p[offset] << 8;
- ret |= p[offset + 1];
- } else {
- ret = p[offset];
- ret |= p[offset + 1] << 8;
- }
-// DPRINTF("%s: data offset %08x %04x\n", __func__, offset, ret);
- break;
- case 4:
- if (be) {
- ret = p[offset] << 24;
- ret |= p[offset + 1] << 16;
- ret |= p[offset + 2] << 8;
- ret |= p[offset + 3];
- } else {
- ret = p[offset];
- ret |= p[offset + 1] << 8;
- ret |= p[offset + 2] << 16;
- ret |= p[offset + 3] << 24;
- }
-// DPRINTF("%s: data offset %08x %08x\n", __func__, offset, ret);
- break;
- }
- break;
- case 0x90:
- /* flash ID read */
- switch (boff) {
- case 0x00:
- case 0x01:
- ret = boff & 0x01 ? pfl->ident1 : pfl->ident0;
- break;
- case 0x02:
- ret = 0x00; /* Pretend all sectors are unprotected */
- break;
- case 0x0E:
- case 0x0F:
- ret = boff & 0x01 ? pfl->ident3 : pfl->ident2;
- if (ret == (uint8_t)-1) {
- goto flash_read;
- }
- break;
- default:
- goto flash_read;
- }
- DPRINTF("%s: ID " TARGET_FMT_plx " %x\n", __func__, boff, ret);
- break;
- case 0xA0:
- case 0x10:
- case 0x30:
- /* Status register read */
- ret = pfl->status;
- DPRINTF("%s: status %x\n", __func__, ret);
- /* Toggle bit 6 */
- pfl->status ^= 0x40;
- break;
- case 0x98:
- /* CFI query mode */
- if (boff > pfl->cfi_len)
- ret = 0;
- else
- ret = pfl->cfi_table[boff];
- break;
- }
-
- return ret;
-}
-
-/* update flash content on disk */
-static void pflash_update(pflash_t *pfl, int offset,
- int size)
-{
- int offset_end;
- if (pfl->bs) {
- offset_end = offset + size;
- /* round to sectors */
- offset = offset >> 9;
- offset_end = (offset_end + 511) >> 9;
- bdrv_write(pfl->bs, offset, pfl->storage + (offset << 9),
- offset_end - offset);
- }
-}
-
-static void pflash_write (pflash_t *pfl, hwaddr offset,
- uint32_t value, int width, int be)
-{
- hwaddr boff;
- uint8_t *p;
- uint8_t cmd;
-
- cmd = value;
- if (pfl->cmd != 0xA0 && cmd == 0xF0) {
-#if 0
- DPRINTF("%s: flash reset asked (%02x %02x)\n",
- __func__, pfl->cmd, cmd);
-#endif
- goto reset_flash;
- }
- DPRINTF("%s: offset " TARGET_FMT_plx " %08x %d %d\n", __func__,
- offset, value, width, pfl->wcycle);
- offset &= pfl->chip_len - 1;
-
- DPRINTF("%s: offset " TARGET_FMT_plx " %08x %d\n", __func__,
- offset, value, width);
- boff = offset & (pfl->sector_len - 1);
- if (pfl->width == 2)
- boff = boff >> 1;
- else if (pfl->width == 4)
- boff = boff >> 2;
- switch (pfl->wcycle) {
- case 0:
- /* Set the device in I/O access mode if required */
- if (pfl->rom_mode)
- pflash_register_memory(pfl, 0);
- pfl->read_counter = 0;
- /* We're in read mode */
- check_unlock0:
- if (boff == 0x55 && cmd == 0x98) {
- enter_CFI_mode:
- /* Enter CFI query mode */
- pfl->wcycle = 7;
- pfl->cmd = 0x98;
- return;
- }
- if (boff != pfl->unlock_addr0 || cmd != 0xAA) {
- DPRINTF("%s: unlock0 failed " TARGET_FMT_plx " %02x %04x\n",
- __func__, boff, cmd, pfl->unlock_addr0);
- goto reset_flash;
- }
- DPRINTF("%s: unlock sequence started\n", __func__);
- break;
- case 1:
- /* We started an unlock sequence */
- check_unlock1:
- if (boff != pfl->unlock_addr1 || cmd != 0x55) {
- DPRINTF("%s: unlock1 failed " TARGET_FMT_plx " %02x\n", __func__,
- boff, cmd);
- goto reset_flash;
- }
- DPRINTF("%s: unlock sequence done\n", __func__);
- break;
- case 2:
- /* We finished an unlock sequence */
- if (!pfl->bypass && boff != pfl->unlock_addr0) {
- DPRINTF("%s: command failed " TARGET_FMT_plx " %02x\n", __func__,
- boff, cmd);
- goto reset_flash;
- }
- switch (cmd) {
- case 0x20:
- pfl->bypass = 1;
- goto do_bypass;
- case 0x80:
- case 0x90:
- case 0xA0:
- pfl->cmd = cmd;
- DPRINTF("%s: starting command %02x\n", __func__, cmd);
- break;
- default:
- DPRINTF("%s: unknown command %02x\n", __func__, cmd);
- goto reset_flash;
- }
- break;
- case 3:
- switch (pfl->cmd) {
- case 0x80:
- /* We need another unlock sequence */
- goto check_unlock0;
- case 0xA0:
- DPRINTF("%s: write data offset " TARGET_FMT_plx " %08x %d\n",
- __func__, offset, value, width);
- p = pfl->storage;
- if (!pfl->ro) {
- switch (width) {
- case 1:
- p[offset] &= value;
- pflash_update(pfl, offset, 1);
- break;
- case 2:
- if (be) {
- p[offset] &= value >> 8;
- p[offset + 1] &= value;
- } else {
- p[offset] &= value;
- p[offset + 1] &= value >> 8;
- }
- pflash_update(pfl, offset, 2);
- break;
- case 4:
- if (be) {
- p[offset] &= value >> 24;
- p[offset + 1] &= value >> 16;
- p[offset + 2] &= value >> 8;
- p[offset + 3] &= value;
- } else {
- p[offset] &= value;
- p[offset + 1] &= value >> 8;
- p[offset + 2] &= value >> 16;
- p[offset + 3] &= value >> 24;
- }
- pflash_update(pfl, offset, 4);
- break;
- }
- }
- pfl->status = 0x00 | ~(value & 0x80);
- /* Let's pretend write is immediate */
- if (pfl->bypass)
- goto do_bypass;
- goto reset_flash;
- case 0x90:
- if (pfl->bypass && cmd == 0x00) {
- /* Unlock bypass reset */
- goto reset_flash;
- }
- /* We can enter CFI query mode from autoselect mode */
- if (boff == 0x55 && cmd == 0x98)
- goto enter_CFI_mode;
- /* No break here */
- default:
- DPRINTF("%s: invalid write for command %02x\n",
- __func__, pfl->cmd);
- goto reset_flash;
- }
- case 4:
- switch (pfl->cmd) {
- case 0xA0:
- /* Ignore writes while flash data write is occurring */
- /* As we suppose write is immediate, this should never happen */
- return;
- case 0x80:
- goto check_unlock1;
- default:
- /* Should never happen */
- DPRINTF("%s: invalid command state %02x (wc 4)\n",
- __func__, pfl->cmd);
- goto reset_flash;
- }
- break;
- case 5:
- switch (cmd) {
- case 0x10:
- if (boff != pfl->unlock_addr0) {
- DPRINTF("%s: chip erase: invalid address " TARGET_FMT_plx "\n",
- __func__, offset);
- goto reset_flash;
- }
- /* Chip erase */
- DPRINTF("%s: start chip erase\n", __func__);
- if (!pfl->ro) {
- memset(pfl->storage, 0xFF, pfl->chip_len);
- pflash_update(pfl, 0, pfl->chip_len);
- }
- pfl->status = 0x00;
- /* Let's wait 5 seconds before chip erase is done */
- qemu_mod_timer(pfl->timer,
- qemu_get_clock_ns(vm_clock) + (get_ticks_per_sec() * 5));
- break;
- case 0x30:
- /* Sector erase */
- p = pfl->storage;
- offset &= ~(pfl->sector_len - 1);
- DPRINTF("%s: start sector erase at " TARGET_FMT_plx "\n", __func__,
- offset);
- if (!pfl->ro) {
- memset(p + offset, 0xFF, pfl->sector_len);
- pflash_update(pfl, offset, pfl->sector_len);
- }
- pfl->status = 0x00;
- /* Let's wait 1/2 second before sector erase is done */
- qemu_mod_timer(pfl->timer,
- qemu_get_clock_ns(vm_clock) + (get_ticks_per_sec() / 2));
- break;
- default:
- DPRINTF("%s: invalid command %02x (wc 5)\n", __func__, cmd);
- goto reset_flash;
- }
- pfl->cmd = cmd;
- break;
- case 6:
- switch (pfl->cmd) {
- case 0x10:
- /* Ignore writes during chip erase */
- return;
- case 0x30:
- /* Ignore writes during sector erase */
- return;
- default:
- /* Should never happen */
- DPRINTF("%s: invalid command state %02x (wc 6)\n",
- __func__, pfl->cmd);
- goto reset_flash;
- }
- break;
- case 7: /* Special value for CFI queries */
- DPRINTF("%s: invalid write in CFI query mode\n", __func__);
- goto reset_flash;
- default:
- /* Should never happen */
- DPRINTF("%s: invalid write state (wc 7)\n", __func__);
- goto reset_flash;
- }
- pfl->wcycle++;
-
- return;
-
- /* Reset flash */
- reset_flash:
- pfl->bypass = 0;
- pfl->wcycle = 0;
- pfl->cmd = 0;
- return;
-
- do_bypass:
- pfl->wcycle = 2;
- pfl->cmd = 0;
-}
-
-
-static uint32_t pflash_readb_be(void *opaque, hwaddr addr)
-{
- return pflash_read(opaque, addr, 1, 1);
-}
-
-static uint32_t pflash_readb_le(void *opaque, hwaddr addr)
-{
- return pflash_read(opaque, addr, 1, 0);
-}
-
-static uint32_t pflash_readw_be(void *opaque, hwaddr addr)
-{
- pflash_t *pfl = opaque;
-
- return pflash_read(pfl, addr, 2, 1);
-}
-
-static uint32_t pflash_readw_le(void *opaque, hwaddr addr)
-{
- pflash_t *pfl = opaque;
-
- return pflash_read(pfl, addr, 2, 0);
-}
-
-static uint32_t pflash_readl_be(void *opaque, hwaddr addr)
-{
- pflash_t *pfl = opaque;
-
- return pflash_read(pfl, addr, 4, 1);
-}
-
-static uint32_t pflash_readl_le(void *opaque, hwaddr addr)
-{
- pflash_t *pfl = opaque;
-
- return pflash_read(pfl, addr, 4, 0);
-}
-
-static void pflash_writeb_be(void *opaque, hwaddr addr,
- uint32_t value)
-{
- pflash_write(opaque, addr, value, 1, 1);
-}
-
-static void pflash_writeb_le(void *opaque, hwaddr addr,
- uint32_t value)
-{
- pflash_write(opaque, addr, value, 1, 0);
-}
-
-static void pflash_writew_be(void *opaque, hwaddr addr,
- uint32_t value)
-{
- pflash_t *pfl = opaque;
-
- pflash_write(pfl, addr, value, 2, 1);
-}
-
-static void pflash_writew_le(void *opaque, hwaddr addr,
- uint32_t value)
-{
- pflash_t *pfl = opaque;
-
- pflash_write(pfl, addr, value, 2, 0);
-}
-
-static void pflash_writel_be(void *opaque, hwaddr addr,
- uint32_t value)
-{
- pflash_t *pfl = opaque;
-
- pflash_write(pfl, addr, value, 4, 1);
-}
-
-static void pflash_writel_le(void *opaque, hwaddr addr,
- uint32_t value)
-{
- pflash_t *pfl = opaque;
-
- pflash_write(pfl, addr, value, 4, 0);
-}
-
-static const MemoryRegionOps pflash_cfi02_ops_be = {
- .old_mmio = {
- .read = { pflash_readb_be, pflash_readw_be, pflash_readl_be, },
- .write = { pflash_writeb_be, pflash_writew_be, pflash_writel_be, },
- },
- .endianness = DEVICE_NATIVE_ENDIAN,
-};
-
-static const MemoryRegionOps pflash_cfi02_ops_le = {
- .old_mmio = {
- .read = { pflash_readb_le, pflash_readw_le, pflash_readl_le, },
- .write = { pflash_writeb_le, pflash_writew_le, pflash_writel_le, },
- },
- .endianness = DEVICE_NATIVE_ENDIAN,
-};
-
-static int pflash_cfi02_init(SysBusDevice *dev)
-{
- pflash_t *pfl = FROM_SYSBUS(typeof(*pfl), dev);
- uint32_t chip_len;
- int ret;
-
- chip_len = pfl->sector_len * pfl->nb_blocs;
- /* XXX: to be fixed */
-#if 0
- if (total_len != (8 * 1024 * 1024) && total_len != (16 * 1024 * 1024) &&
- total_len != (32 * 1024 * 1024) && total_len != (64 * 1024 * 1024))
- return NULL;
-#endif
-
- memory_region_init_rom_device(&pfl->orig_mem, pfl->be ?
- &pflash_cfi02_ops_be : &pflash_cfi02_ops_le,
- pfl, pfl->name, chip_len);
- vmstate_register_ram(&pfl->orig_mem, DEVICE(pfl));
- pfl->storage = memory_region_get_ram_ptr(&pfl->orig_mem);
- pfl->chip_len = chip_len;
- if (pfl->bs) {
- /* read the initial flash content */
- ret = bdrv_read(pfl->bs, 0, pfl->storage, chip_len >> 9);
- if (ret < 0) {
- g_free(pfl);
- return 1;
- }
- }
-
- pflash_setup_mappings(pfl);
- pfl->rom_mode = 1;
- sysbus_init_mmio(dev, &pfl->mem);
-
- if (pfl->bs) {
- pfl->ro = bdrv_is_read_only(pfl->bs);
- } else {
- pfl->ro = 0;
- }
-
- pfl->timer = qemu_new_timer_ns(vm_clock, pflash_timer, pfl);
- pfl->wcycle = 0;
- pfl->cmd = 0;
- pfl->status = 0;
- /* Hardcoded CFI table (mostly from SG29 Spansion flash) */
- pfl->cfi_len = 0x52;
- /* Standard "QRY" string */
- pfl->cfi_table[0x10] = 'Q';
- pfl->cfi_table[0x11] = 'R';
- pfl->cfi_table[0x12] = 'Y';
- /* Command set (AMD/Fujitsu) */
- pfl->cfi_table[0x13] = 0x02;
- pfl->cfi_table[0x14] = 0x00;
- /* Primary extended table address */
- pfl->cfi_table[0x15] = 0x31;
- pfl->cfi_table[0x16] = 0x00;
- /* Alternate command set (none) */
- pfl->cfi_table[0x17] = 0x00;
- pfl->cfi_table[0x18] = 0x00;
- /* Alternate extended table (none) */
- pfl->cfi_table[0x19] = 0x00;
- pfl->cfi_table[0x1A] = 0x00;
- /* Vcc min */
- pfl->cfi_table[0x1B] = 0x27;
- /* Vcc max */
- pfl->cfi_table[0x1C] = 0x36;
- /* Vpp min (no Vpp pin) */
- pfl->cfi_table[0x1D] = 0x00;
- /* Vpp max (no Vpp pin) */
- pfl->cfi_table[0x1E] = 0x00;
- /* Reserved */
- pfl->cfi_table[0x1F] = 0x07;
- /* Timeout for min size buffer write (NA) */
- pfl->cfi_table[0x20] = 0x00;
- /* Typical timeout for block erase (512 ms) */
- pfl->cfi_table[0x21] = 0x09;
- /* Typical timeout for full chip erase (4096 ms) */
- pfl->cfi_table[0x22] = 0x0C;
- /* Reserved */
- pfl->cfi_table[0x23] = 0x01;
- /* Max timeout for buffer write (NA) */
- pfl->cfi_table[0x24] = 0x00;
- /* Max timeout for block erase */
- pfl->cfi_table[0x25] = 0x0A;
- /* Max timeout for chip erase */
- pfl->cfi_table[0x26] = 0x0D;
- /* Device size */
- pfl->cfi_table[0x27] = ctz32(chip_len);
- /* Flash device interface (8 & 16 bits) */
- pfl->cfi_table[0x28] = 0x02;
- pfl->cfi_table[0x29] = 0x00;
- /* Max number of bytes in multi-bytes write */
- /* XXX: disable buffered write as it's not supported */
- // pfl->cfi_table[0x2A] = 0x05;
- pfl->cfi_table[0x2A] = 0x00;
- pfl->cfi_table[0x2B] = 0x00;
- /* Number of erase block regions (uniform) */
- pfl->cfi_table[0x2C] = 0x01;
- /* Erase block region 1 */
- pfl->cfi_table[0x2D] = pfl->nb_blocs - 1;
- pfl->cfi_table[0x2E] = (pfl->nb_blocs - 1) >> 8;
- pfl->cfi_table[0x2F] = pfl->sector_len >> 8;
- pfl->cfi_table[0x30] = pfl->sector_len >> 16;
-
- /* Extended */
- pfl->cfi_table[0x31] = 'P';
- pfl->cfi_table[0x32] = 'R';
- pfl->cfi_table[0x33] = 'I';
-
- pfl->cfi_table[0x34] = '1';
- pfl->cfi_table[0x35] = '0';
-
- pfl->cfi_table[0x36] = 0x00;
- pfl->cfi_table[0x37] = 0x00;
- pfl->cfi_table[0x38] = 0x00;
- pfl->cfi_table[0x39] = 0x00;
-
- pfl->cfi_table[0x3a] = 0x00;
-
- pfl->cfi_table[0x3b] = 0x00;
- pfl->cfi_table[0x3c] = 0x00;
-
- return 0;
-}
-
-static Property pflash_cfi02_properties[] = {
- DEFINE_PROP_DRIVE("drive", struct pflash_t, bs),
- DEFINE_PROP_UINT32("num-blocks", struct pflash_t, nb_blocs, 0),
- DEFINE_PROP_UINT32("sector-length", struct pflash_t, sector_len, 0),
- DEFINE_PROP_UINT8("width", struct pflash_t, width, 0),
- DEFINE_PROP_UINT8("mappings", struct pflash_t, mappings, 0),
- DEFINE_PROP_UINT8("big-endian", struct pflash_t, be, 0),
- DEFINE_PROP_UINT16("id0", struct pflash_t, ident0, 0),
- DEFINE_PROP_UINT16("id1", struct pflash_t, ident1, 0),
- DEFINE_PROP_UINT16("id2", struct pflash_t, ident2, 0),
- DEFINE_PROP_UINT16("id3", struct pflash_t, ident3, 0),
- DEFINE_PROP_UINT16("unlock-addr0", struct pflash_t, unlock_addr0, 0),
- DEFINE_PROP_UINT16("unlock-addr1", struct pflash_t, unlock_addr1, 0),
- DEFINE_PROP_STRING("name", struct pflash_t, name),
- DEFINE_PROP_END_OF_LIST(),
-};
-
-static void pflash_cfi02_class_init(ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS(klass);
- SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
-
- k->init = pflash_cfi02_init;
- dc->props = pflash_cfi02_properties;
-}
-
-static const TypeInfo pflash_cfi02_info = {
- .name = "cfi.pflash02",
- .parent = TYPE_SYS_BUS_DEVICE,
- .instance_size = sizeof(struct pflash_t),
- .class_init = pflash_cfi02_class_init,
-};
-
-static void pflash_cfi02_register_types(void)
-{
- type_register_static(&pflash_cfi02_info);
-}
-
-type_init(pflash_cfi02_register_types)
-
-pflash_t *pflash_cfi02_register(hwaddr base,
- DeviceState *qdev, const char *name,
- hwaddr size,
- BlockDriverState *bs, uint32_t sector_len,
- int nb_blocs, int nb_mappings, int width,
- uint16_t id0, uint16_t id1,
- uint16_t id2, uint16_t id3,
- uint16_t unlock_addr0, uint16_t unlock_addr1,
- int be)
-{
- DeviceState *dev = qdev_create(NULL, "cfi.pflash02");
- SysBusDevice *busdev = sysbus_from_qdev(dev);
- pflash_t *pfl = (pflash_t *)object_dynamic_cast(OBJECT(dev),
- "cfi.pflash02");
-
- if (bs && qdev_prop_set_drive(dev, "drive", bs)) {
- abort();
- }
- qdev_prop_set_uint32(dev, "num-blocks", nb_blocs);
- qdev_prop_set_uint32(dev, "sector-length", sector_len);
- qdev_prop_set_uint8(dev, "width", width);
- qdev_prop_set_uint8(dev, "mappings", nb_mappings);
- qdev_prop_set_uint8(dev, "big-endian", !!be);
- qdev_prop_set_uint16(dev, "id0", id0);
- qdev_prop_set_uint16(dev, "id1", id1);
- qdev_prop_set_uint16(dev, "id2", id2);
- qdev_prop_set_uint16(dev, "id3", id3);
- qdev_prop_set_uint16(dev, "unlock-addr0", unlock_addr0);
- qdev_prop_set_uint16(dev, "unlock-addr1", unlock_addr1);
- qdev_prop_set_string(dev, "name", name);
- qdev_init_nofail(dev);
-
- sysbus_mmio_map(busdev, 0, base);
- return pfl;
-}
diff --git a/hw/piix4.c b/hw/piix4.c
deleted file mode 100644
index ce4eb0d1a..000000000
--- a/hw/piix4.c
+++ /dev/null
@@ -1,132 +0,0 @@
-/*
- * QEMU PIIX4 PCI Bridge Emulation
- *
- * Copyright (c) 2006 Fabrice Bellard
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
- * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
- * THE SOFTWARE.
- */
-
-#include "hw.h"
-#include "pc.h"
-#include "pci.h"
-#include "isa.h"
-#include "sysbus.h"
-
-PCIDevice *piix4_dev;
-
-typedef struct PIIX4State {
- PCIDevice dev;
-} PIIX4State;
-
-static void piix4_reset(void *opaque)
-{
- PIIX4State *d = opaque;
- uint8_t *pci_conf = d->dev.config;
-
- pci_conf[0x04] = 0x07; // master, memory and I/O
- pci_conf[0x05] = 0x00;
- pci_conf[0x06] = 0x00;
- pci_conf[0x07] = 0x02; // PCI_status_devsel_medium
- pci_conf[0x4c] = 0x4d;
- pci_conf[0x4e] = 0x03;
- pci_conf[0x4f] = 0x00;
- pci_conf[0x60] = 0x0a; // PCI A -> IRQ 10
- pci_conf[0x61] = 0x0a; // PCI B -> IRQ 10
- pci_conf[0x62] = 0x0b; // PCI C -> IRQ 11
- pci_conf[0x63] = 0x0b; // PCI D -> IRQ 11
- pci_conf[0x69] = 0x02;
- pci_conf[0x70] = 0x80;
- pci_conf[0x76] = 0x0c;
- pci_conf[0x77] = 0x0c;
- pci_conf[0x78] = 0x02;
- pci_conf[0x79] = 0x00;
- pci_conf[0x80] = 0x00;
- pci_conf[0x82] = 0x00;
- pci_conf[0xa0] = 0x08;
- pci_conf[0xa2] = 0x00;
- pci_conf[0xa3] = 0x00;
- pci_conf[0xa4] = 0x00;
- pci_conf[0xa5] = 0x00;
- pci_conf[0xa6] = 0x00;
- pci_conf[0xa7] = 0x00;
- pci_conf[0xa8] = 0x0f;
- pci_conf[0xaa] = 0x00;
- pci_conf[0xab] = 0x00;
- pci_conf[0xac] = 0x00;
- pci_conf[0xae] = 0x00;
-}
-
-static const VMStateDescription vmstate_piix4 = {
- .name = "PIIX4",
- .version_id = 2,
- .minimum_version_id = 2,
- .minimum_version_id_old = 2,
- .fields = (VMStateField[]) {
- VMSTATE_PCI_DEVICE(dev, PIIX4State),
- VMSTATE_END_OF_LIST()
- }
-};
-
-static int piix4_initfn(PCIDevice *dev)
-{
- PIIX4State *d = DO_UPCAST(PIIX4State, dev, dev);
-
- isa_bus_new(&d->dev.qdev, pci_address_space_io(dev));
- piix4_dev = &d->dev;
- qemu_register_reset(piix4_reset, d);
- return 0;
-}
-
-int piix4_init(PCIBus *bus, ISABus **isa_bus, int devfn)
-{
- PCIDevice *d;
-
- d = pci_create_simple_multifunction(bus, devfn, true, "PIIX4");
- *isa_bus = DO_UPCAST(ISABus, qbus, qdev_get_child_bus(&d->qdev, "isa.0"));
- return d->devfn;
-}
-
-static void piix4_class_init(ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS(klass);
- PCIDeviceClass *k = PCI_DEVICE_CLASS(klass);
-
- k->no_hotplug = 1;
- k->init = piix4_initfn;
- k->vendor_id = PCI_VENDOR_ID_INTEL;
- k->device_id = PCI_DEVICE_ID_INTEL_82371AB_0;
- k->class_id = PCI_CLASS_BRIDGE_ISA;
- dc->desc = "ISA bridge";
- dc->no_user = 1;
- dc->vmsd = &vmstate_piix4;
-}
-
-static TypeInfo piix4_info = {
- .name = "PIIX4",
- .parent = TYPE_PCI_DEVICE,
- .instance_size = sizeof(PIIX4State),
- .class_init = piix4_class_init,
-};
-
-static void piix4_register_types(void)
-{
- type_register_static(&piix4_info);
-}
-
-type_init(piix4_register_types)
diff --git a/hw/piix_pci.c b/hw/piix_pci.c
deleted file mode 100644
index ba1b3de74..000000000
--- a/hw/piix_pci.c
+++ /dev/null
@@ -1,584 +0,0 @@
-/*
- * QEMU i440FX/PIIX3 PCI Bridge Emulation
- *
- * Copyright (c) 2006 Fabrice Bellard
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
- * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
- * THE SOFTWARE.
- */
-
-#include "hw.h"
-#include "pc.h"
-#include "pci.h"
-#include "pci_host.h"
-#include "isa.h"
-#include "sysbus.h"
-#include "range.h"
-#include "xen.h"
-#include "pam.h"
-
-/*
- * I440FX chipset data sheet.
- * http://download.intel.com/design/chipsets/datashts/29054901.pdf
- */
-
-typedef struct I440FXState {
- PCIHostState parent_obj;
-} I440FXState;
-
-#define PIIX_NUM_PIC_IRQS 16 /* i8259 * 2 */
-#define PIIX_NUM_PIRQS 4ULL /* PIRQ[A-D] */
-#define XEN_PIIX_NUM_PIRQS 128ULL
-#define PIIX_PIRQC 0x60
-
-typedef struct PIIX3State {
- PCIDevice dev;
-
- /*
- * bitmap to track pic levels.
- * The pic level is the logical OR of all the PCI irqs mapped to it
- * So one PIC level is tracked by PIIX_NUM_PIRQS bits.
- *
- * PIRQ is mapped to PIC pins, we track it by
- * PIIX_NUM_PIRQS * PIIX_NUM_PIC_IRQS = 64 bits with
- * pic_irq * PIIX_NUM_PIRQS + pirq
- */
-#if PIIX_NUM_PIC_IRQS * PIIX_NUM_PIRQS > 64
-#error "unable to encode pic state in 64bit in pic_levels."
-#endif
- uint64_t pic_levels;
-
- qemu_irq *pic;
-
- /* This member isn't used. Just for save/load compatibility */
- int32_t pci_irq_levels_vmstate[PIIX_NUM_PIRQS];
-} PIIX3State;
-
-struct PCII440FXState {
- PCIDevice dev;
- MemoryRegion *system_memory;
- MemoryRegion *pci_address_space;
- MemoryRegion *ram_memory;
- MemoryRegion pci_hole;
- MemoryRegion pci_hole_64bit;
- PAMMemoryRegion pam_regions[13];
- MemoryRegion smram_region;
- uint8_t smm_enabled;
-};
-
-
-#define I440FX_PAM 0x59
-#define I440FX_PAM_SIZE 7
-#define I440FX_SMRAM 0x72
-
-static void piix3_set_irq(void *opaque, int pirq, int level);
-static PCIINTxRoute piix3_route_intx_pin_to_irq(void *opaque, int pci_intx);
-static void piix3_write_config_xen(PCIDevice *dev,
- uint32_t address, uint32_t val, int len);
-
-/* return the global irq number corresponding to a given device irq
- pin. We could also use the bus number to have a more precise
- mapping. */
-static int pci_slot_get_pirq(PCIDevice *pci_dev, int pci_intx)
-{
- int slot_addend;
- slot_addend = (pci_dev->devfn >> 3) - 1;
- return (pci_intx + slot_addend) & 3;
-}
-
-static void i440fx_update_memory_mappings(PCII440FXState *d)
-{
- int i;
-
- memory_region_transaction_begin();
- for (i = 0; i < 13; i++) {
- pam_update(&d->pam_regions[i], i,
- d->dev.config[I440FX_PAM + ((i + 1) / 2)]);
- }
- smram_update(&d->smram_region, d->dev.config[I440FX_SMRAM], d->smm_enabled);
- memory_region_transaction_commit();
-}
-
-static void i440fx_set_smm(int val, void *arg)
-{
- PCII440FXState *d = arg;
-
- memory_region_transaction_begin();
- smram_set_smm(&d->smm_enabled, val, d->dev.config[I440FX_SMRAM],
- &d->smram_region);
- memory_region_transaction_commit();
-}
-
-
-static void i440fx_write_config(PCIDevice *dev,
- uint32_t address, uint32_t val, int len)
-{
- PCII440FXState *d = DO_UPCAST(PCII440FXState, dev, dev);
-
- /* XXX: implement SMRAM.D_LOCK */
- pci_default_write_config(dev, address, val, len);
- if (ranges_overlap(address, len, I440FX_PAM, I440FX_PAM_SIZE) ||
- range_covers_byte(address, len, I440FX_SMRAM)) {
- i440fx_update_memory_mappings(d);
- }
-}
-
-static int i440fx_load_old(QEMUFile* f, void *opaque, int version_id)
-{
- PCII440FXState *d = opaque;
- int ret, i;
-
- ret = pci_device_load(&d->dev, f);
- if (ret < 0)
- return ret;
- i440fx_update_memory_mappings(d);
- qemu_get_8s(f, &d->smm_enabled);
-
- if (version_id == 2) {
- for (i = 0; i < PIIX_NUM_PIRQS; i++) {
- qemu_get_be32(f); /* dummy load for compatibility */
- }
- }
-
- return 0;
-}
-
-static int i440fx_post_load(void *opaque, int version_id)
-{
- PCII440FXState *d = opaque;
-
- i440fx_update_memory_mappings(d);
- return 0;
-}
-
-static const VMStateDescription vmstate_i440fx = {
- .name = "I440FX",
- .version_id = 3,
- .minimum_version_id = 3,
- .minimum_version_id_old = 1,
- .load_state_old = i440fx_load_old,
- .post_load = i440fx_post_load,
- .fields = (VMStateField []) {
- VMSTATE_PCI_DEVICE(dev, PCII440FXState),
- VMSTATE_UINT8(smm_enabled, PCII440FXState),
- VMSTATE_END_OF_LIST()
- }
-};
-
-static int i440fx_pcihost_initfn(SysBusDevice *dev)
-{
- PCIHostState *s = PCI_HOST_BRIDGE(dev);
-
- memory_region_init_io(&s->conf_mem, &pci_host_conf_le_ops, s,
- "pci-conf-idx", 4);
- sysbus_add_io(dev, 0xcf8, &s->conf_mem);
- sysbus_init_ioports(&s->busdev, 0xcf8, 4);
-
- memory_region_init_io(&s->data_mem, &pci_host_data_le_ops, s,
- "pci-conf-data", 4);
- sysbus_add_io(dev, 0xcfc, &s->data_mem);
- sysbus_init_ioports(&s->busdev, 0xcfc, 4);
-
- return 0;
-}
-
-static int i440fx_initfn(PCIDevice *dev)
-{
- PCII440FXState *d = DO_UPCAST(PCII440FXState, dev, dev);
-
- d->dev.config[I440FX_SMRAM] = 0x02;
-
- cpu_smm_register(&i440fx_set_smm, d);
- return 0;
-}
-
-static PCIBus *i440fx_common_init(const char *device_name,
- PCII440FXState **pi440fx_state,
- int *piix3_devfn,
- ISABus **isa_bus, qemu_irq *pic,
- MemoryRegion *address_space_mem,
- MemoryRegion *address_space_io,
- ram_addr_t ram_size,
- hwaddr pci_hole_start,
- hwaddr pci_hole_size,
- hwaddr pci_hole64_start,
- hwaddr pci_hole64_size,
- MemoryRegion *pci_address_space,
- MemoryRegion *ram_memory)
-{
- DeviceState *dev;
- PCIBus *b;
- PCIDevice *d;
- PCIHostState *s;
- PIIX3State *piix3;
- PCII440FXState *f;
- unsigned i;
-
- dev = qdev_create(NULL, "i440FX-pcihost");
- s = PCI_HOST_BRIDGE(dev);
- s->address_space = address_space_mem;
- b = pci_bus_new(dev, NULL, pci_address_space,
- address_space_io, 0);
- s->bus = b;
- object_property_add_child(qdev_get_machine(), "i440fx", OBJECT(dev), NULL);
- qdev_init_nofail(dev);
-
- d = pci_create_simple(b, 0, device_name);
- *pi440fx_state = DO_UPCAST(PCII440FXState, dev, d);
- f = *pi440fx_state;
- f->system_memory = address_space_mem;
- f->pci_address_space = pci_address_space;
- f->ram_memory = ram_memory;
- memory_region_init_alias(&f->pci_hole, "pci-hole", f->pci_address_space,
- pci_hole_start, pci_hole_size);
- memory_region_add_subregion(f->system_memory, pci_hole_start, &f->pci_hole);
- memory_region_init_alias(&f->pci_hole_64bit, "pci-hole64",
- f->pci_address_space,
- pci_hole64_start, pci_hole64_size);
- if (pci_hole64_size) {
- memory_region_add_subregion(f->system_memory, pci_hole64_start,
- &f->pci_hole_64bit);
- }
- memory_region_init_alias(&f->smram_region, "smram-region",
- f->pci_address_space, 0xa0000, 0x20000);
- memory_region_add_subregion_overlap(f->system_memory, 0xa0000,
- &f->smram_region, 1);
- memory_region_set_enabled(&f->smram_region, false);
- init_pam(f->ram_memory, f->system_memory, f->pci_address_space,
- &f->pam_regions[0], PAM_BIOS_BASE, PAM_BIOS_SIZE);
- for (i = 0; i < 12; ++i) {
- init_pam(f->ram_memory, f->system_memory, f->pci_address_space,
- &f->pam_regions[i+1], PAM_EXPAN_BASE + i * PAM_EXPAN_SIZE,
- PAM_EXPAN_SIZE);
- }
-
- /* Xen supports additional interrupt routes from the PCI devices to
- * the IOAPIC: the four pins of each PCI device on the bus are also
- * connected to the IOAPIC directly.
- * These additional routes can be discovered through ACPI. */
- if (xen_enabled()) {
- piix3 = DO_UPCAST(PIIX3State, dev,
- pci_create_simple_multifunction(b, -1, true, "PIIX3-xen"));
- pci_bus_irqs(b, xen_piix3_set_irq, xen_pci_slot_get_pirq,
- piix3, XEN_PIIX_NUM_PIRQS);
- } else {
- piix3 = DO_UPCAST(PIIX3State, dev,
- pci_create_simple_multifunction(b, -1, true, "PIIX3"));
- pci_bus_irqs(b, piix3_set_irq, pci_slot_get_pirq, piix3,
- PIIX_NUM_PIRQS);
- pci_bus_set_route_irq_fn(b, piix3_route_intx_pin_to_irq);
- }
- piix3->pic = pic;
- *isa_bus = DO_UPCAST(ISABus, qbus,
- qdev_get_child_bus(&piix3->dev.qdev, "isa.0"));
-
- *piix3_devfn = piix3->dev.devfn;
-
- ram_size = ram_size / 8 / 1024 / 1024;
- if (ram_size > 255)
- ram_size = 255;
- (*pi440fx_state)->dev.config[0x57]=ram_size;
-
- i440fx_update_memory_mappings(f);
-
- return b;
-}
-
-PCIBus *i440fx_init(PCII440FXState **pi440fx_state, int *piix3_devfn,
- ISABus **isa_bus, qemu_irq *pic,
- MemoryRegion *address_space_mem,
- MemoryRegion *address_space_io,
- ram_addr_t ram_size,
- hwaddr pci_hole_start,
- hwaddr pci_hole_size,
- hwaddr pci_hole64_start,
- hwaddr pci_hole64_size,
- MemoryRegion *pci_memory, MemoryRegion *ram_memory)
-
-{
- PCIBus *b;
-
- b = i440fx_common_init("i440FX", pi440fx_state, piix3_devfn, isa_bus, pic,
- address_space_mem, address_space_io, ram_size,
- pci_hole_start, pci_hole_size,
- pci_hole64_start, pci_hole64_size,
- pci_memory, ram_memory);
- return b;
-}
-
-/* PIIX3 PCI to ISA bridge */
-static void piix3_set_irq_pic(PIIX3State *piix3, int pic_irq)
-{
- qemu_set_irq(piix3->pic[pic_irq],
- !!(piix3->pic_levels &
- (((1ULL << PIIX_NUM_PIRQS) - 1) <<
- (pic_irq * PIIX_NUM_PIRQS))));
-}
-
-static void piix3_set_irq_level(PIIX3State *piix3, int pirq, int level)
-{
- int pic_irq;
- uint64_t mask;
-
- pic_irq = piix3->dev.config[PIIX_PIRQC + pirq];
- if (pic_irq >= PIIX_NUM_PIC_IRQS) {
- return;
- }
-
- mask = 1ULL << ((pic_irq * PIIX_NUM_PIRQS) + pirq);
- piix3->pic_levels &= ~mask;
- piix3->pic_levels |= mask * !!level;
-
- piix3_set_irq_pic(piix3, pic_irq);
-}
-
-static void piix3_set_irq(void *opaque, int pirq, int level)
-{
- PIIX3State *piix3 = opaque;
- piix3_set_irq_level(piix3, pirq, level);
-}
-
-static PCIINTxRoute piix3_route_intx_pin_to_irq(void *opaque, int pin)
-{
- PIIX3State *piix3 = opaque;
- int irq = piix3->dev.config[PIIX_PIRQC + pin];
- PCIINTxRoute route;
-
- if (irq < PIIX_NUM_PIC_IRQS) {
- route.mode = PCI_INTX_ENABLED;
- route.irq = irq;
- } else {
- route.mode = PCI_INTX_DISABLED;
- route.irq = -1;
- }
- return route;
-}
-
-/* irq routing is changed. so rebuild bitmap */
-static void piix3_update_irq_levels(PIIX3State *piix3)
-{
- int pirq;
-
- piix3->pic_levels = 0;
- for (pirq = 0; pirq < PIIX_NUM_PIRQS; pirq++) {
- piix3_set_irq_level(piix3, pirq,
- pci_bus_get_irq_level(piix3->dev.bus, pirq));
- }
-}
-
-static void piix3_write_config(PCIDevice *dev,
- uint32_t address, uint32_t val, int len)
-{
- pci_default_write_config(dev, address, val, len);
- if (ranges_overlap(address, len, PIIX_PIRQC, 4)) {
- PIIX3State *piix3 = DO_UPCAST(PIIX3State, dev, dev);
- int pic_irq;
-
- pci_bus_fire_intx_routing_notifier(piix3->dev.bus);
- piix3_update_irq_levels(piix3);
- for (pic_irq = 0; pic_irq < PIIX_NUM_PIC_IRQS; pic_irq++) {
- piix3_set_irq_pic(piix3, pic_irq);
- }
- }
-}
-
-static void piix3_write_config_xen(PCIDevice *dev,
- uint32_t address, uint32_t val, int len)
-{
- xen_piix_pci_write_config_client(address, val, len);
- piix3_write_config(dev, address, val, len);
-}
-
-static void piix3_reset(void *opaque)
-{
- PIIX3State *d = opaque;
- uint8_t *pci_conf = d->dev.config;
-
- pci_conf[0x04] = 0x07; // master, memory and I/O
- pci_conf[0x05] = 0x00;
- pci_conf[0x06] = 0x00;
- pci_conf[0x07] = 0x02; // PCI_status_devsel_medium
- pci_conf[0x4c] = 0x4d;
- pci_conf[0x4e] = 0x03;
- pci_conf[0x4f] = 0x00;
- pci_conf[0x60] = 0x80;
- pci_conf[0x61] = 0x80;
- pci_conf[0x62] = 0x80;
- pci_conf[0x63] = 0x80;
- pci_conf[0x69] = 0x02;
- pci_conf[0x70] = 0x80;
- pci_conf[0x76] = 0x0c;
- pci_conf[0x77] = 0x0c;
- pci_conf[0x78] = 0x02;
- pci_conf[0x79] = 0x00;
- pci_conf[0x80] = 0x00;
- pci_conf[0x82] = 0x00;
- pci_conf[0xa0] = 0x08;
- pci_conf[0xa2] = 0x00;
- pci_conf[0xa3] = 0x00;
- pci_conf[0xa4] = 0x00;
- pci_conf[0xa5] = 0x00;
- pci_conf[0xa6] = 0x00;
- pci_conf[0xa7] = 0x00;
- pci_conf[0xa8] = 0x0f;
- pci_conf[0xaa] = 0x00;
- pci_conf[0xab] = 0x00;
- pci_conf[0xac] = 0x00;
- pci_conf[0xae] = 0x00;
-
- d->pic_levels = 0;
-}
-
-static int piix3_post_load(void *opaque, int version_id)
-{
- PIIX3State *piix3 = opaque;
- piix3_update_irq_levels(piix3);
- return 0;
-}
-
-static void piix3_pre_save(void *opaque)
-{
- int i;
- PIIX3State *piix3 = opaque;
-
- for (i = 0; i < ARRAY_SIZE(piix3->pci_irq_levels_vmstate); i++) {
- piix3->pci_irq_levels_vmstate[i] =
- pci_bus_get_irq_level(piix3->dev.bus, i);
- }
-}
-
-static const VMStateDescription vmstate_piix3 = {
- .name = "PIIX3",
- .version_id = 3,
- .minimum_version_id = 2,
- .minimum_version_id_old = 2,
- .post_load = piix3_post_load,
- .pre_save = piix3_pre_save,
- .fields = (VMStateField []) {
- VMSTATE_PCI_DEVICE(dev, PIIX3State),
- VMSTATE_INT32_ARRAY_V(pci_irq_levels_vmstate, PIIX3State,
- PIIX_NUM_PIRQS, 3),
- VMSTATE_END_OF_LIST()
- }
-};
-
-static int piix3_initfn(PCIDevice *dev)
-{
- PIIX3State *d = DO_UPCAST(PIIX3State, dev, dev);
-
- isa_bus_new(&d->dev.qdev, pci_address_space_io(dev));
- qemu_register_reset(piix3_reset, d);
- return 0;
-}
-
-static void piix3_class_init(ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS(klass);
- PCIDeviceClass *k = PCI_DEVICE_CLASS(klass);
-
- dc->desc = "ISA bridge";
- dc->vmsd = &vmstate_piix3;
- dc->no_user = 1,
- k->no_hotplug = 1;
- k->init = piix3_initfn;
- k->config_write = piix3_write_config;
- k->vendor_id = PCI_VENDOR_ID_INTEL;
- k->device_id = PCI_DEVICE_ID_INTEL_82371SB_0; // 82371SB PIIX3 PCI-to-ISA bridge (Step A1)
- k->class_id = PCI_CLASS_BRIDGE_ISA;
-}
-
-static const TypeInfo piix3_info = {
- .name = "PIIX3",
- .parent = TYPE_PCI_DEVICE,
- .instance_size = sizeof(PIIX3State),
- .class_init = piix3_class_init,
-};
-
-static void piix3_xen_class_init(ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS(klass);
- PCIDeviceClass *k = PCI_DEVICE_CLASS(klass);
-
- dc->desc = "ISA bridge";
- dc->vmsd = &vmstate_piix3;
- dc->no_user = 1;
- k->no_hotplug = 1;
- k->init = piix3_initfn;
- k->config_write = piix3_write_config_xen;
- k->vendor_id = PCI_VENDOR_ID_INTEL;
- k->device_id = PCI_DEVICE_ID_INTEL_82371SB_0; // 82371SB PIIX3 PCI-to-ISA bridge (Step A1)
- k->class_id = PCI_CLASS_BRIDGE_ISA;
-};
-
-static const TypeInfo piix3_xen_info = {
- .name = "PIIX3-xen",
- .parent = TYPE_PCI_DEVICE,
- .instance_size = sizeof(PIIX3State),
- .class_init = piix3_xen_class_init,
-};
-
-static void i440fx_class_init(ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS(klass);
- PCIDeviceClass *k = PCI_DEVICE_CLASS(klass);
-
- k->no_hotplug = 1;
- k->init = i440fx_initfn;
- k->config_write = i440fx_write_config;
- k->vendor_id = PCI_VENDOR_ID_INTEL;
- k->device_id = PCI_DEVICE_ID_INTEL_82441;
- k->revision = 0x02;
- k->class_id = PCI_CLASS_BRIDGE_HOST;
- dc->desc = "Host bridge";
- dc->no_user = 1;
- dc->vmsd = &vmstate_i440fx;
-}
-
-static const TypeInfo i440fx_info = {
- .name = "i440FX",
- .parent = TYPE_PCI_DEVICE,
- .instance_size = sizeof(PCII440FXState),
- .class_init = i440fx_class_init,
-};
-
-static void i440fx_pcihost_class_init(ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS(klass);
- SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
-
- k->init = i440fx_pcihost_initfn;
- dc->fw_name = "pci";
- dc->no_user = 1;
-}
-
-static const TypeInfo i440fx_pcihost_info = {
- .name = "i440FX-pcihost",
- .parent = TYPE_PCI_HOST_BRIDGE,
- .instance_size = sizeof(I440FXState),
- .class_init = i440fx_pcihost_class_init,
-};
-
-static void i440fx_register_types(void)
-{
- type_register_static(&i440fx_info);
- type_register_static(&piix3_info);
- type_register_static(&piix3_xen_info);
- type_register_static(&i440fx_pcihost_info);
-}
-
-type_init(i440fx_register_types)
diff --git a/hw/pixel_ops.h b/hw/pixel_ops.h
deleted file mode 100644
index d390adfd1..000000000
--- a/hw/pixel_ops.h
+++ /dev/null
@@ -1,53 +0,0 @@
-static inline unsigned int rgb_to_pixel8(unsigned int r, unsigned int g,
- unsigned int b)
-{
- return ((r >> 5) << 5) | ((g >> 5) << 2) | (b >> 6);
-}
-
-static inline unsigned int rgb_to_pixel15(unsigned int r, unsigned int g,
- unsigned int b)
-{
- return ((r >> 3) << 10) | ((g >> 3) << 5) | (b >> 3);
-}
-
-static inline unsigned int rgb_to_pixel15bgr(unsigned int r, unsigned int g,
- unsigned int b)
-{
- return ((b >> 3) << 10) | ((g >> 3) << 5) | (r >> 3);
-}
-
-static inline unsigned int rgb_to_pixel16(unsigned int r, unsigned int g,
- unsigned int b)
-{
- return ((r >> 3) << 11) | ((g >> 2) << 5) | (b >> 3);
-}
-
-static inline unsigned int rgb_to_pixel16bgr(unsigned int r, unsigned int g,
- unsigned int b)
-{
- return ((b >> 3) << 11) | ((g >> 2) << 5) | (r >> 3);
-}
-
-static inline unsigned int rgb_to_pixel24(unsigned int r, unsigned int g,
- unsigned int b)
-{
- return (r << 16) | (g << 8) | b;
-}
-
-static inline unsigned int rgb_to_pixel24bgr(unsigned int r, unsigned int g,
- unsigned int b)
-{
- return (b << 16) | (g << 8) | r;
-}
-
-static inline unsigned int rgb_to_pixel32(unsigned int r, unsigned int g,
- unsigned int b)
-{
- return (r << 16) | (g << 8) | b;
-}
-
-static inline unsigned int rgb_to_pixel32bgr(unsigned int r, unsigned int g,
- unsigned int b)
-{
- return (b << 16) | (g << 8) | r;
-}
diff --git a/hw/pl011.c b/hw/pl011.c
deleted file mode 100644
index 1f7ce2f94..000000000
--- a/hw/pl011.c
+++ /dev/null
@@ -1,330 +0,0 @@
-/*
- * Arm PrimeCell PL011 UART
- *
- * Copyright (c) 2006 CodeSourcery.
- * Written by Paul Brook
- *
- * This code is licensed under the GPL.
- */
-
-#include "sysbus.h"
-#include "qemu-char.h"
-
-typedef struct {
- SysBusDevice busdev;
- MemoryRegion iomem;
- uint32_t readbuff;
- uint32_t flags;
- uint32_t lcr;
- uint32_t cr;
- uint32_t dmacr;
- uint32_t int_enabled;
- uint32_t int_level;
- uint32_t read_fifo[16];
- uint32_t ilpr;
- uint32_t ibrd;
- uint32_t fbrd;
- uint32_t ifl;
- int read_pos;
- int read_count;
- int read_trigger;
- CharDriverState *chr;
- qemu_irq irq;
- const unsigned char *id;
-} pl011_state;
-
-#define PL011_INT_TX 0x20
-#define PL011_INT_RX 0x10
-
-#define PL011_FLAG_TXFE 0x80
-#define PL011_FLAG_RXFF 0x40
-#define PL011_FLAG_TXFF 0x20
-#define PL011_FLAG_RXFE 0x10
-
-static const unsigned char pl011_id_arm[8] =
- { 0x11, 0x10, 0x14, 0x00, 0x0d, 0xf0, 0x05, 0xb1 };
-static const unsigned char pl011_id_luminary[8] =
- { 0x11, 0x00, 0x18, 0x01, 0x0d, 0xf0, 0x05, 0xb1 };
-
-static void pl011_update(pl011_state *s)
-{
- uint32_t flags;
-
- flags = s->int_level & s->int_enabled;
- qemu_set_irq(s->irq, flags != 0);
-}
-
-static uint64_t pl011_read(void *opaque, hwaddr offset,
- unsigned size)
-{
- pl011_state *s = (pl011_state *)opaque;
- uint32_t c;
-
- if (offset >= 0xfe0 && offset < 0x1000) {
- return s->id[(offset - 0xfe0) >> 2];
- }
- switch (offset >> 2) {
- case 0: /* UARTDR */
- s->flags &= ~PL011_FLAG_RXFF;
- c = s->read_fifo[s->read_pos];
- if (s->read_count > 0) {
- s->read_count--;
- if (++s->read_pos == 16)
- s->read_pos = 0;
- }
- if (s->read_count == 0) {
- s->flags |= PL011_FLAG_RXFE;
- }
- if (s->read_count == s->read_trigger - 1)
- s->int_level &= ~ PL011_INT_RX;
- pl011_update(s);
- if (s->chr) {
- qemu_chr_accept_input(s->chr);
- }
- return c;
- case 1: /* UARTCR */
- return 0;
- case 6: /* UARTFR */
- return s->flags;
- case 8: /* UARTILPR */
- return s->ilpr;
- case 9: /* UARTIBRD */
- return s->ibrd;
- case 10: /* UARTFBRD */
- return s->fbrd;
- case 11: /* UARTLCR_H */
- return s->lcr;
- case 12: /* UARTCR */
- return s->cr;
- case 13: /* UARTIFLS */
- return s->ifl;
- case 14: /* UARTIMSC */
- return s->int_enabled;
- case 15: /* UARTRIS */
- return s->int_level;
- case 16: /* UARTMIS */
- return s->int_level & s->int_enabled;
- case 18: /* UARTDMACR */
- return s->dmacr;
- default:
- qemu_log_mask(LOG_GUEST_ERROR,
- "pl011_read: Bad offset %x\n", (int)offset);
- return 0;
- }
-}
-
-static void pl011_set_read_trigger(pl011_state *s)
-{
-#if 0
- /* The docs say the RX interrupt is triggered when the FIFO exceeds
- the threshold. However linux only reads the FIFO in response to an
- interrupt. Triggering the interrupt when the FIFO is non-empty seems
- to make things work. */
- if (s->lcr & 0x10)
- s->read_trigger = (s->ifl >> 1) & 0x1c;
- else
-#endif
- s->read_trigger = 1;
-}
-
-static void pl011_write(void *opaque, hwaddr offset,
- uint64_t value, unsigned size)
-{
- pl011_state *s = (pl011_state *)opaque;
- unsigned char ch;
-
- switch (offset >> 2) {
- case 0: /* UARTDR */
- /* ??? Check if transmitter is enabled. */
- ch = value;
- if (s->chr)
- qemu_chr_fe_write(s->chr, &ch, 1);
- s->int_level |= PL011_INT_TX;
- pl011_update(s);
- break;
- case 1: /* UARTCR */
- s->cr = value;
- break;
- case 6: /* UARTFR */
- /* Writes to Flag register are ignored. */
- break;
- case 8: /* UARTUARTILPR */
- s->ilpr = value;
- break;
- case 9: /* UARTIBRD */
- s->ibrd = value;
- break;
- case 10: /* UARTFBRD */
- s->fbrd = value;
- break;
- case 11: /* UARTLCR_H */
- s->lcr = value;
- pl011_set_read_trigger(s);
- break;
- case 12: /* UARTCR */
- /* ??? Need to implement the enable and loopback bits. */
- s->cr = value;
- break;
- case 13: /* UARTIFS */
- s->ifl = value;
- pl011_set_read_trigger(s);
- break;
- case 14: /* UARTIMSC */
- s->int_enabled = value;
- pl011_update(s);
- break;
- case 17: /* UARTICR */
- s->int_level &= ~value;
- pl011_update(s);
- break;
- case 18: /* UARTDMACR */
- s->dmacr = value;
- if (value & 3) {
- qemu_log_mask(LOG_UNIMP, "pl011: DMA not implemented\n");
- }
- break;
- default:
- qemu_log_mask(LOG_GUEST_ERROR,
- "pl011_write: Bad offset %x\n", (int)offset);
- }
-}
-
-static int pl011_can_receive(void *opaque)
-{
- pl011_state *s = (pl011_state *)opaque;
-
- if (s->lcr & 0x10)
- return s->read_count < 16;
- else
- return s->read_count < 1;
-}
-
-static void pl011_put_fifo(void *opaque, uint32_t value)
-{
- pl011_state *s = (pl011_state *)opaque;
- int slot;
-
- slot = s->read_pos + s->read_count;
- if (slot >= 16)
- slot -= 16;
- s->read_fifo[slot] = value;
- s->read_count++;
- s->flags &= ~PL011_FLAG_RXFE;
- if (s->cr & 0x10 || s->read_count == 16) {
- s->flags |= PL011_FLAG_RXFF;
- }
- if (s->read_count == s->read_trigger) {
- s->int_level |= PL011_INT_RX;
- pl011_update(s);
- }
-}
-
-static void pl011_receive(void *opaque, const uint8_t *buf, int size)
-{
- pl011_put_fifo(opaque, *buf);
-}
-
-static void pl011_event(void *opaque, int event)
-{
- if (event == CHR_EVENT_BREAK)
- pl011_put_fifo(opaque, 0x400);
-}
-
-static const MemoryRegionOps pl011_ops = {
- .read = pl011_read,
- .write = pl011_write,
- .endianness = DEVICE_NATIVE_ENDIAN,
-};
-
-static const VMStateDescription vmstate_pl011 = {
- .name = "pl011",
- .version_id = 1,
- .minimum_version_id = 1,
- .minimum_version_id_old = 1,
- .fields = (VMStateField[]) {
- VMSTATE_UINT32(readbuff, pl011_state),
- VMSTATE_UINT32(flags, pl011_state),
- VMSTATE_UINT32(lcr, pl011_state),
- VMSTATE_UINT32(cr, pl011_state),
- VMSTATE_UINT32(dmacr, pl011_state),
- VMSTATE_UINT32(int_enabled, pl011_state),
- VMSTATE_UINT32(int_level, pl011_state),
- VMSTATE_UINT32_ARRAY(read_fifo, pl011_state, 16),
- VMSTATE_UINT32(ilpr, pl011_state),
- VMSTATE_UINT32(ibrd, pl011_state),
- VMSTATE_UINT32(fbrd, pl011_state),
- VMSTATE_UINT32(ifl, pl011_state),
- VMSTATE_INT32(read_pos, pl011_state),
- VMSTATE_INT32(read_count, pl011_state),
- VMSTATE_INT32(read_trigger, pl011_state),
- VMSTATE_END_OF_LIST()
- }
-};
-
-static int pl011_init(SysBusDevice *dev, const unsigned char *id)
-{
- pl011_state *s = FROM_SYSBUS(pl011_state, dev);
-
- memory_region_init_io(&s->iomem, &pl011_ops, s, "pl011", 0x1000);
- sysbus_init_mmio(dev, &s->iomem);
- sysbus_init_irq(dev, &s->irq);
- s->id = id;
- s->chr = qemu_char_get_next_serial();
-
- s->read_trigger = 1;
- s->ifl = 0x12;
- s->cr = 0x300;
- s->flags = 0x90;
- if (s->chr) {
- qemu_chr_add_handlers(s->chr, pl011_can_receive, pl011_receive,
- pl011_event, s);
- }
- vmstate_register(&dev->qdev, -1, &vmstate_pl011, s);
- return 0;
-}
-
-static int pl011_arm_init(SysBusDevice *dev)
-{
- return pl011_init(dev, pl011_id_arm);
-}
-
-static int pl011_luminary_init(SysBusDevice *dev)
-{
- return pl011_init(dev, pl011_id_luminary);
-}
-
-static void pl011_arm_class_init(ObjectClass *klass, void *data)
-{
- SysBusDeviceClass *sdc = SYS_BUS_DEVICE_CLASS(klass);
-
- sdc->init = pl011_arm_init;
-}
-
-static TypeInfo pl011_arm_info = {
- .name = "pl011",
- .parent = TYPE_SYS_BUS_DEVICE,
- .instance_size = sizeof(pl011_state),
- .class_init = pl011_arm_class_init,
-};
-
-static void pl011_luminary_class_init(ObjectClass *klass, void *data)
-{
- SysBusDeviceClass *sdc = SYS_BUS_DEVICE_CLASS(klass);
-
- sdc->init = pl011_luminary_init;
-}
-
-static TypeInfo pl011_luminary_info = {
- .name = "pl011_luminary",
- .parent = TYPE_SYS_BUS_DEVICE,
- .instance_size = sizeof(pl011_state),
- .class_init = pl011_luminary_class_init,
-};
-
-static void pl011_register_types(void)
-{
- type_register_static(&pl011_arm_info);
- type_register_static(&pl011_luminary_info);
-}
-
-type_init(pl011_register_types)
diff --git a/hw/pl022.c b/hw/pl022.c
deleted file mode 100644
index fbd7ded0c..000000000
--- a/hw/pl022.c
+++ /dev/null
@@ -1,308 +0,0 @@
-/*
- * Arm PrimeCell PL022 Synchronous Serial Port
- *
- * Copyright (c) 2007 CodeSourcery.
- * Written by Paul Brook
- *
- * This code is licensed under the GPL.
- */
-
-#include "sysbus.h"
-#include "ssi.h"
-
-//#define DEBUG_PL022 1
-
-#ifdef DEBUG_PL022
-#define DPRINTF(fmt, ...) \
-do { printf("pl022: " fmt , ## __VA_ARGS__); } while (0)
-#define BADF(fmt, ...) \
-do { fprintf(stderr, "pl022: error: " fmt , ## __VA_ARGS__); exit(1);} while (0)
-#else
-#define DPRINTF(fmt, ...) do {} while(0)
-#define BADF(fmt, ...) \
-do { fprintf(stderr, "pl022: error: " fmt , ## __VA_ARGS__);} while (0)
-#endif
-
-#define PL022_CR1_LBM 0x01
-#define PL022_CR1_SSE 0x02
-#define PL022_CR1_MS 0x04
-#define PL022_CR1_SDO 0x08
-
-#define PL022_SR_TFE 0x01
-#define PL022_SR_TNF 0x02
-#define PL022_SR_RNE 0x04
-#define PL022_SR_RFF 0x08
-#define PL022_SR_BSY 0x10
-
-#define PL022_INT_ROR 0x01
-#define PL022_INT_RT 0x04
-#define PL022_INT_RX 0x04
-#define PL022_INT_TX 0x08
-
-typedef struct {
- SysBusDevice busdev;
- MemoryRegion iomem;
- uint32_t cr0;
- uint32_t cr1;
- uint32_t bitmask;
- uint32_t sr;
- uint32_t cpsr;
- uint32_t is;
- uint32_t im;
- /* The FIFO head points to the next empty entry. */
- int tx_fifo_head;
- int rx_fifo_head;
- int tx_fifo_len;
- int rx_fifo_len;
- uint16_t tx_fifo[8];
- uint16_t rx_fifo[8];
- qemu_irq irq;
- SSIBus *ssi;
-} pl022_state;
-
-static const unsigned char pl022_id[8] =
- { 0x22, 0x10, 0x04, 0x00, 0x0d, 0xf0, 0x05, 0xb1 };
-
-static void pl022_update(pl022_state *s)
-{
- s->sr = 0;
- if (s->tx_fifo_len == 0)
- s->sr |= PL022_SR_TFE;
- if (s->tx_fifo_len != 8)
- s->sr |= PL022_SR_TNF;
- if (s->rx_fifo_len != 0)
- s->sr |= PL022_SR_RNE;
- if (s->rx_fifo_len == 8)
- s->sr |= PL022_SR_RFF;
- if (s->tx_fifo_len)
- s->sr |= PL022_SR_BSY;
- s->is = 0;
- if (s->rx_fifo_len >= 4)
- s->is |= PL022_INT_RX;
- if (s->tx_fifo_len <= 4)
- s->is |= PL022_INT_TX;
-
- qemu_set_irq(s->irq, (s->is & s->im) != 0);
-}
-
-static void pl022_xfer(pl022_state *s)
-{
- int i;
- int o;
- int val;
-
- if ((s->cr1 & PL022_CR1_SSE) == 0) {
- pl022_update(s);
- DPRINTF("Disabled\n");
- return;
- }
-
- DPRINTF("Maybe xfer %d/%d\n", s->tx_fifo_len, s->rx_fifo_len);
- i = (s->tx_fifo_head - s->tx_fifo_len) & 7;
- o = s->rx_fifo_head;
- /* ??? We do not emulate the line speed.
- This may break some applications. The are two problematic cases:
- (a) A driver feeds data into the TX FIFO until it is full,
- and only then drains the RX FIFO. On real hardware the CPU can
- feed data fast enough that the RX fifo never gets chance to overflow.
- (b) A driver transmits data, deliberately allowing the RX FIFO to
- overflow because it ignores the RX data anyway.
-
- We choose to support (a) by stalling the transmit engine if it would
- cause the RX FIFO to overflow. In practice much transmit-only code
- falls into (a) because it flushes the RX FIFO to determine when
- the transfer has completed. */
- while (s->tx_fifo_len && s->rx_fifo_len < 8) {
- DPRINTF("xfer\n");
- val = s->tx_fifo[i];
- if (s->cr1 & PL022_CR1_LBM) {
- /* Loopback mode. */
- } else {
- val = ssi_transfer(s->ssi, val);
- }
- s->rx_fifo[o] = val & s->bitmask;
- i = (i + 1) & 7;
- o = (o + 1) & 7;
- s->tx_fifo_len--;
- s->rx_fifo_len++;
- }
- s->rx_fifo_head = o;
- pl022_update(s);
-}
-
-static uint64_t pl022_read(void *opaque, hwaddr offset,
- unsigned size)
-{
- pl022_state *s = (pl022_state *)opaque;
- int val;
-
- if (offset >= 0xfe0 && offset < 0x1000) {
- return pl022_id[(offset - 0xfe0) >> 2];
- }
- switch (offset) {
- case 0x00: /* CR0 */
- return s->cr0;
- case 0x04: /* CR1 */
- return s->cr1;
- case 0x08: /* DR */
- if (s->rx_fifo_len) {
- val = s->rx_fifo[(s->rx_fifo_head - s->rx_fifo_len) & 7];
- DPRINTF("RX %02x\n", val);
- s->rx_fifo_len--;
- pl022_xfer(s);
- } else {
- val = 0;
- }
- return val;
- case 0x0c: /* SR */
- return s->sr;
- case 0x10: /* CPSR */
- return s->cpsr;
- case 0x14: /* IMSC */
- return s->im;
- case 0x18: /* RIS */
- return s->is;
- case 0x1c: /* MIS */
- return s->im & s->is;
- case 0x20: /* DMACR */
- /* Not implemented. */
- return 0;
- default:
- qemu_log_mask(LOG_GUEST_ERROR,
- "pl022_read: Bad offset %x\n", (int)offset);
- return 0;
- }
-}
-
-static void pl022_write(void *opaque, hwaddr offset,
- uint64_t value, unsigned size)
-{
- pl022_state *s = (pl022_state *)opaque;
-
- switch (offset) {
- case 0x00: /* CR0 */
- s->cr0 = value;
- /* Clock rate and format are ignored. */
- s->bitmask = (1 << ((value & 15) + 1)) - 1;
- break;
- case 0x04: /* CR1 */
- s->cr1 = value;
- if ((s->cr1 & (PL022_CR1_MS | PL022_CR1_SSE))
- == (PL022_CR1_MS | PL022_CR1_SSE)) {
- BADF("SPI slave mode not implemented\n");
- }
- pl022_xfer(s);
- break;
- case 0x08: /* DR */
- if (s->tx_fifo_len < 8) {
- DPRINTF("TX %02x\n", (unsigned)value);
- s->tx_fifo[s->tx_fifo_head] = value & s->bitmask;
- s->tx_fifo_head = (s->tx_fifo_head + 1) & 7;
- s->tx_fifo_len++;
- pl022_xfer(s);
- }
- break;
- case 0x10: /* CPSR */
- /* Prescaler. Ignored. */
- s->cpsr = value & 0xff;
- break;
- case 0x14: /* IMSC */
- s->im = value;
- pl022_update(s);
- break;
- case 0x20: /* DMACR */
- if (value) {
- qemu_log_mask(LOG_UNIMP, "pl022: DMA not implemented\n");
- }
- break;
- default:
- qemu_log_mask(LOG_GUEST_ERROR,
- "pl022_write: Bad offset %x\n", (int)offset);
- }
-}
-
-static void pl022_reset(pl022_state *s)
-{
- s->rx_fifo_len = 0;
- s->tx_fifo_len = 0;
- s->im = 0;
- s->is = PL022_INT_TX;
- s->sr = PL022_SR_TFE | PL022_SR_TNF;
-}
-
-static const MemoryRegionOps pl022_ops = {
- .read = pl022_read,
- .write = pl022_write,
- .endianness = DEVICE_NATIVE_ENDIAN,
-};
-
-static const VMStateDescription vmstate_pl022 = {
- .name = "pl022_ssp",
- .version_id = 1,
- .minimum_version_id = 1,
- .minimum_version_id_old = 1,
- .fields = (VMStateField[]) {
- VMSTATE_UINT32(cr0, pl022_state),
- VMSTATE_UINT32(cr1, pl022_state),
- VMSTATE_UINT32(bitmask, pl022_state),
- VMSTATE_UINT32(sr, pl022_state),
- VMSTATE_UINT32(cpsr, pl022_state),
- VMSTATE_UINT32(is, pl022_state),
- VMSTATE_UINT32(im, pl022_state),
- VMSTATE_INT32(tx_fifo_head, pl022_state),
- VMSTATE_INT32(rx_fifo_head, pl022_state),
- VMSTATE_INT32(tx_fifo_len, pl022_state),
- VMSTATE_INT32(rx_fifo_len, pl022_state),
- VMSTATE_UINT16(tx_fifo[0], pl022_state),
- VMSTATE_UINT16(rx_fifo[0], pl022_state),
- VMSTATE_UINT16(tx_fifo[1], pl022_state),
- VMSTATE_UINT16(rx_fifo[1], pl022_state),
- VMSTATE_UINT16(tx_fifo[2], pl022_state),
- VMSTATE_UINT16(rx_fifo[2], pl022_state),
- VMSTATE_UINT16(tx_fifo[3], pl022_state),
- VMSTATE_UINT16(rx_fifo[3], pl022_state),
- VMSTATE_UINT16(tx_fifo[4], pl022_state),
- VMSTATE_UINT16(rx_fifo[4], pl022_state),
- VMSTATE_UINT16(tx_fifo[5], pl022_state),
- VMSTATE_UINT16(rx_fifo[5], pl022_state),
- VMSTATE_UINT16(tx_fifo[6], pl022_state),
- VMSTATE_UINT16(rx_fifo[6], pl022_state),
- VMSTATE_UINT16(tx_fifo[7], pl022_state),
- VMSTATE_UINT16(rx_fifo[7], pl022_state),
- VMSTATE_END_OF_LIST()
- }
-};
-
-static int pl022_init(SysBusDevice *dev)
-{
- pl022_state *s = FROM_SYSBUS(pl022_state, dev);
-
- memory_region_init_io(&s->iomem, &pl022_ops, s, "pl022", 0x1000);
- sysbus_init_mmio(dev, &s->iomem);
- sysbus_init_irq(dev, &s->irq);
- s->ssi = ssi_create_bus(&dev->qdev, "ssi");
- pl022_reset(s);
- vmstate_register(&dev->qdev, -1, &vmstate_pl022, s);
- return 0;
-}
-
-static void pl022_class_init(ObjectClass *klass, void *data)
-{
- SysBusDeviceClass *sdc = SYS_BUS_DEVICE_CLASS(klass);
-
- sdc->init = pl022_init;
-}
-
-static TypeInfo pl022_info = {
- .name = "pl022",
- .parent = TYPE_SYS_BUS_DEVICE,
- .instance_size = sizeof(pl022_state),
- .class_init = pl022_class_init,
-};
-
-static void pl022_register_types(void)
-{
- type_register_static(&pl022_info);
-}
-
-type_init(pl022_register_types)
diff --git a/hw/pl031.c b/hw/pl031.c
deleted file mode 100644
index 8bf018328..000000000
--- a/hw/pl031.c
+++ /dev/null
@@ -1,265 +0,0 @@
-/*
- * ARM AMBA PrimeCell PL031 RTC
- *
- * Copyright (c) 2007 CodeSourcery
- *
- * This file is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License version 2 as
- * published by the Free Software Foundation.
- *
- * Contributions after 2012-01-13 are licensed under the terms of the
- * GNU GPL, version 2 or (at your option) any later version.
- */
-
-#include "sysbus.h"
-#include "qemu-timer.h"
-#include "sysemu.h"
-
-//#define DEBUG_PL031
-
-#ifdef DEBUG_PL031
-#define DPRINTF(fmt, ...) \
-do { printf("pl031: " fmt , ## __VA_ARGS__); } while (0)
-#else
-#define DPRINTF(fmt, ...) do {} while(0)
-#endif
-
-#define RTC_DR 0x00 /* Data read register */
-#define RTC_MR 0x04 /* Match register */
-#define RTC_LR 0x08 /* Data load register */
-#define RTC_CR 0x0c /* Control register */
-#define RTC_IMSC 0x10 /* Interrupt mask and set register */
-#define RTC_RIS 0x14 /* Raw interrupt status register */
-#define RTC_MIS 0x18 /* Masked interrupt status register */
-#define RTC_ICR 0x1c /* Interrupt clear register */
-
-typedef struct {
- SysBusDevice busdev;
- MemoryRegion iomem;
- QEMUTimer *timer;
- qemu_irq irq;
-
- /* Needed to preserve the tick_count across migration, even if the
- * absolute value of the rtc_clock is different on the source and
- * destination.
- */
- uint32_t tick_offset_vmstate;
- uint32_t tick_offset;
-
- uint32_t mr;
- uint32_t lr;
- uint32_t cr;
- uint32_t im;
- uint32_t is;
-} pl031_state;
-
-static const unsigned char pl031_id[] = {
- 0x31, 0x10, 0x14, 0x00, /* Device ID */
- 0x0d, 0xf0, 0x05, 0xb1 /* Cell ID */
-};
-
-static void pl031_update(pl031_state *s)
-{
- qemu_set_irq(s->irq, s->is & s->im);
-}
-
-static void pl031_interrupt(void * opaque)
-{
- pl031_state *s = (pl031_state *)opaque;
-
- s->is = 1;
- DPRINTF("Alarm raised\n");
- pl031_update(s);
-}
-
-static uint32_t pl031_get_count(pl031_state *s)
-{
- int64_t now = qemu_get_clock_ns(rtc_clock);
- return s->tick_offset + now / get_ticks_per_sec();
-}
-
-static void pl031_set_alarm(pl031_state *s)
-{
- uint32_t ticks;
-
- /* The timer wraps around. This subtraction also wraps in the same way,
- and gives correct results when alarm < now_ticks. */
- ticks = s->mr - pl031_get_count(s);
- DPRINTF("Alarm set in %ud ticks\n", ticks);
- if (ticks == 0) {
- qemu_del_timer(s->timer);
- pl031_interrupt(s);
- } else {
- int64_t now = qemu_get_clock_ns(rtc_clock);
- qemu_mod_timer(s->timer, now + (int64_t)ticks * get_ticks_per_sec());
- }
-}
-
-static uint64_t pl031_read(void *opaque, hwaddr offset,
- unsigned size)
-{
- pl031_state *s = (pl031_state *)opaque;
-
- if (offset >= 0xfe0 && offset < 0x1000)
- return pl031_id[(offset - 0xfe0) >> 2];
-
- switch (offset) {
- case RTC_DR:
- return pl031_get_count(s);
- case RTC_MR:
- return s->mr;
- case RTC_IMSC:
- return s->im;
- case RTC_RIS:
- return s->is;
- case RTC_LR:
- return s->lr;
- case RTC_CR:
- /* RTC is permanently enabled. */
- return 1;
- case RTC_MIS:
- return s->is & s->im;
- case RTC_ICR:
- qemu_log_mask(LOG_GUEST_ERROR,
- "pl031: read of write-only register at offset 0x%x\n",
- (int)offset);
- break;
- default:
- qemu_log_mask(LOG_GUEST_ERROR,
- "pl031_read: Bad offset 0x%x\n", (int)offset);
- break;
- }
-
- return 0;
-}
-
-static void pl031_write(void * opaque, hwaddr offset,
- uint64_t value, unsigned size)
-{
- pl031_state *s = (pl031_state *)opaque;
-
-
- switch (offset) {
- case RTC_LR:
- s->tick_offset += value - pl031_get_count(s);
- pl031_set_alarm(s);
- break;
- case RTC_MR:
- s->mr = value;
- pl031_set_alarm(s);
- break;
- case RTC_IMSC:
- s->im = value & 1;
- DPRINTF("Interrupt mask %d\n", s->im);
- pl031_update(s);
- break;
- case RTC_ICR:
- /* The PL031 documentation (DDI0224B) states that the interrupt is
- cleared when bit 0 of the written value is set. However the
- arm926e documentation (DDI0287B) states that the interrupt is
- cleared when any value is written. */
- DPRINTF("Interrupt cleared");
- s->is = 0;
- pl031_update(s);
- break;
- case RTC_CR:
- /* Written value is ignored. */
- break;
-
- case RTC_DR:
- case RTC_MIS:
- case RTC_RIS:
- qemu_log_mask(LOG_GUEST_ERROR,
- "pl031: write to read-only register at offset 0x%x\n",
- (int)offset);
- break;
-
- default:
- qemu_log_mask(LOG_GUEST_ERROR,
- "pl031_write: Bad offset 0x%x\n", (int)offset);
- break;
- }
-}
-
-static const MemoryRegionOps pl031_ops = {
- .read = pl031_read,
- .write = pl031_write,
- .endianness = DEVICE_NATIVE_ENDIAN,
-};
-
-static int pl031_init(SysBusDevice *dev)
-{
- pl031_state *s = FROM_SYSBUS(pl031_state, dev);
- struct tm tm;
-
- memory_region_init_io(&s->iomem, &pl031_ops, s, "pl031", 0x1000);
- sysbus_init_mmio(dev, &s->iomem);
-
- sysbus_init_irq(dev, &s->irq);
- qemu_get_timedate(&tm, 0);
- s->tick_offset = mktimegm(&tm) - qemu_get_clock_ns(rtc_clock) / get_ticks_per_sec();
-
- s->timer = qemu_new_timer_ns(rtc_clock, pl031_interrupt, s);
- return 0;
-}
-
-static void pl031_pre_save(void *opaque)
-{
- pl031_state *s = opaque;
-
- /* tick_offset is base_time - rtc_clock base time. Instead, we want to
- * store the base time relative to the vm_clock for backwards-compatibility. */
- int64_t delta = qemu_get_clock_ns(rtc_clock) - qemu_get_clock_ns(vm_clock);
- s->tick_offset_vmstate = s->tick_offset + delta / get_ticks_per_sec();
-}
-
-static int pl031_post_load(void *opaque, int version_id)
-{
- pl031_state *s = opaque;
-
- int64_t delta = qemu_get_clock_ns(rtc_clock) - qemu_get_clock_ns(vm_clock);
- s->tick_offset = s->tick_offset_vmstate - delta / get_ticks_per_sec();
- pl031_set_alarm(s);
- return 0;
-}
-
-static const VMStateDescription vmstate_pl031 = {
- .name = "pl031",
- .version_id = 1,
- .minimum_version_id = 1,
- .pre_save = pl031_pre_save,
- .post_load = pl031_post_load,
- .fields = (VMStateField[]) {
- VMSTATE_UINT32(tick_offset_vmstate, pl031_state),
- VMSTATE_UINT32(mr, pl031_state),
- VMSTATE_UINT32(lr, pl031_state),
- VMSTATE_UINT32(cr, pl031_state),
- VMSTATE_UINT32(im, pl031_state),
- VMSTATE_UINT32(is, pl031_state),
- VMSTATE_END_OF_LIST()
- }
-};
-
-static void pl031_class_init(ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS(klass);
- SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
-
- k->init = pl031_init;
- dc->no_user = 1;
- dc->vmsd = &vmstate_pl031;
-}
-
-static TypeInfo pl031_info = {
- .name = "pl031",
- .parent = TYPE_SYS_BUS_DEVICE,
- .instance_size = sizeof(pl031_state),
- .class_init = pl031_class_init,
-};
-
-static void pl031_register_types(void)
-{
- type_register_static(&pl031_info);
-}
-
-type_init(pl031_register_types)
diff --git a/hw/pl041.c b/hw/pl041.c
deleted file mode 100644
index 4436d97c5..000000000
--- a/hw/pl041.c
+++ /dev/null
@@ -1,647 +0,0 @@
-/*
- * Arm PrimeCell PL041 Advanced Audio Codec Interface
- *
- * Copyright (c) 2011
- * Written by Mathieu Sonet - www.elasticsheep.com
- *
- * This code is licensed under the GPL.
- *
- * *****************************************************************
- *
- * This driver emulates the ARM AACI interface
- * connected to a LM4549 codec.
- *
- * Limitations:
- * - Supports only a playback on one channel (Versatile/Vexpress)
- * - Supports only one TX FIFO in compact-mode or non-compact mode.
- * - Supports playback of 12, 16, 18 and 20 bits samples.
- * - Record is not supported.
- * - The PL041 is hardwired to a LM4549 codec.
- *
- */
-
-#include "sysbus.h"
-
-#include "pl041.h"
-#include "lm4549.h"
-
-#if 0
-#define PL041_DEBUG_LEVEL 1
-#endif
-
-#if defined(PL041_DEBUG_LEVEL) && (PL041_DEBUG_LEVEL >= 1)
-#define DBG_L1(fmt, ...) \
-do { printf("pl041: " fmt , ## __VA_ARGS__); } while (0)
-#else
-#define DBG_L1(fmt, ...) \
-do { } while (0)
-#endif
-
-#if defined(PL041_DEBUG_LEVEL) && (PL041_DEBUG_LEVEL >= 2)
-#define DBG_L2(fmt, ...) \
-do { printf("pl041: " fmt , ## __VA_ARGS__); } while (0)
-#else
-#define DBG_L2(fmt, ...) \
-do { } while (0)
-#endif
-
-
-#define MAX_FIFO_DEPTH (1024)
-#define DEFAULT_FIFO_DEPTH (8)
-
-#define SLOT1_RW (1 << 19)
-
-/* This FIFO only stores 20-bit samples on 32-bit words.
- So its level is independent of the selected mode */
-typedef struct {
- uint32_t level;
- uint32_t data[MAX_FIFO_DEPTH];
-} pl041_fifo;
-
-typedef struct {
- pl041_fifo tx_fifo;
- uint8_t tx_enabled;
- uint8_t tx_compact_mode;
- uint8_t tx_sample_size;
-
- pl041_fifo rx_fifo;
- uint8_t rx_enabled;
- uint8_t rx_compact_mode;
- uint8_t rx_sample_size;
-} pl041_channel;
-
-typedef struct {
- SysBusDevice busdev;
- MemoryRegion iomem;
- qemu_irq irq;
-
- uint32_t fifo_depth; /* FIFO depth in non-compact mode */
-
- pl041_regfile regs;
- pl041_channel fifo1;
- lm4549_state codec;
-} pl041_state;
-
-
-static const unsigned char pl041_default_id[8] = {
- 0x41, 0x10, 0x04, 0x00, 0x0d, 0xf0, 0x05, 0xb1
-};
-
-#if defined(PL041_DEBUG_LEVEL)
-#define REGISTER(name, offset) #name,
-static const char *pl041_regs_name[] = {
- #include "pl041.hx"
-};
-#undef REGISTER
-#endif
-
-
-#if defined(PL041_DEBUG_LEVEL)
-static const char *get_reg_name(hwaddr offset)
-{
- if (offset <= PL041_dr1_7) {
- return pl041_regs_name[offset >> 2];
- }
-
- return "unknown";
-}
-#endif
-
-static uint8_t pl041_compute_periphid3(pl041_state *s)
-{
- uint8_t id3 = 1; /* One channel */
-
- /* Add the fifo depth information */
- switch (s->fifo_depth) {
- case 8:
- id3 |= 0 << 3;
- break;
- case 32:
- id3 |= 1 << 3;
- break;
- case 64:
- id3 |= 2 << 3;
- break;
- case 128:
- id3 |= 3 << 3;
- break;
- case 256:
- id3 |= 4 << 3;
- break;
- case 512:
- id3 |= 5 << 3;
- break;
- case 1024:
- id3 |= 6 << 3;
- break;
- case 2048:
- id3 |= 7 << 3;
- break;
- }
-
- return id3;
-}
-
-static void pl041_reset(pl041_state *s)
-{
- DBG_L1("pl041_reset\n");
-
- memset(&s->regs, 0x00, sizeof(pl041_regfile));
-
- s->regs.slfr = SL1TXEMPTY | SL2TXEMPTY | SL12TXEMPTY;
- s->regs.sr1 = TXFE | RXFE | TXHE;
- s->regs.isr1 = 0;
-
- memset(&s->fifo1, 0x00, sizeof(s->fifo1));
-}
-
-
-static void pl041_fifo1_write(pl041_state *s, uint32_t value)
-{
- pl041_channel *channel = &s->fifo1;
- pl041_fifo *fifo = &s->fifo1.tx_fifo;
-
- /* Push the value in the FIFO */
- if (channel->tx_compact_mode == 0) {
- /* Non-compact mode */
-
- if (fifo->level < s->fifo_depth) {
- /* Pad the value with 0 to obtain a 20-bit sample */
- switch (channel->tx_sample_size) {
- case 12:
- value = (value << 8) & 0xFFFFF;
- break;
- case 16:
- value = (value << 4) & 0xFFFFF;
- break;
- case 18:
- value = (value << 2) & 0xFFFFF;
- break;
- case 20:
- default:
- break;
- }
-
- /* Store the sample in the FIFO */
- fifo->data[fifo->level++] = value;
- }
-#if defined(PL041_DEBUG_LEVEL)
- else {
- DBG_L1("fifo1 write: overrun\n");
- }
-#endif
- } else {
- /* Compact mode */
-
- if ((fifo->level + 2) < s->fifo_depth) {
- uint32_t i = 0;
- uint32_t sample = 0;
-
- for (i = 0; i < 2; i++) {
- sample = value & 0xFFFF;
- value = value >> 16;
-
- /* Pad each sample with 0 to obtain a 20-bit sample */
- switch (channel->tx_sample_size) {
- case 12:
- sample = sample << 8;
- break;
- case 16:
- default:
- sample = sample << 4;
- break;
- }
-
- /* Store the sample in the FIFO */
- fifo->data[fifo->level++] = sample;
- }
- }
-#if defined(PL041_DEBUG_LEVEL)
- else {
- DBG_L1("fifo1 write: overrun\n");
- }
-#endif
- }
-
- /* Update the status register */
- if (fifo->level > 0) {
- s->regs.sr1 &= ~(TXUNDERRUN | TXFE);
- }
-
- if (fifo->level >= (s->fifo_depth / 2)) {
- s->regs.sr1 &= ~TXHE;
- }
-
- if (fifo->level >= s->fifo_depth) {
- s->regs.sr1 |= TXFF;
- }
-
- DBG_L2("fifo1_push sr1 = 0x%08x\n", s->regs.sr1);
-}
-
-static void pl041_fifo1_transmit(pl041_state *s)
-{
- pl041_channel *channel = &s->fifo1;
- pl041_fifo *fifo = &s->fifo1.tx_fifo;
- uint32_t slots = s->regs.txcr1 & TXSLOT_MASK;
- uint32_t written_samples;
-
- /* Check if FIFO1 transmit is enabled */
- if ((channel->tx_enabled) && (slots & (TXSLOT3 | TXSLOT4))) {
- if (fifo->level >= (s->fifo_depth / 2)) {
- int i;
-
- DBG_L1("Transfer FIFO level = %i\n", fifo->level);
-
- /* Try to transfer the whole FIFO */
- for (i = 0; i < (fifo->level / 2); i++) {
- uint32_t left = fifo->data[i * 2];
- uint32_t right = fifo->data[i * 2 + 1];
-
- /* Transmit two 20-bit samples to the codec */
- if (lm4549_write_samples(&s->codec, left, right) == 0) {
- DBG_L1("Codec buffer full\n");
- break;
- }
- }
-
- written_samples = i * 2;
- if (written_samples > 0) {
- /* Update the FIFO level */
- fifo->level -= written_samples;
-
- /* Move back the pending samples to the start of the FIFO */
- for (i = 0; i < fifo->level; i++) {
- fifo->data[i] = fifo->data[written_samples + i];
- }
-
- /* Update the status register */
- s->regs.sr1 &= ~TXFF;
-
- if (fifo->level <= (s->fifo_depth / 2)) {
- s->regs.sr1 |= TXHE;
- }
-
- if (fifo->level == 0) {
- s->regs.sr1 |= TXFE | TXUNDERRUN;
- DBG_L1("Empty FIFO\n");
- }
- }
- }
- }
-}
-
-static void pl041_isr1_update(pl041_state *s)
-{
- /* Update ISR1 */
- if (s->regs.sr1 & TXUNDERRUN) {
- s->regs.isr1 |= URINTR;
- } else {
- s->regs.isr1 &= ~URINTR;
- }
-
- if (s->regs.sr1 & TXHE) {
- s->regs.isr1 |= TXINTR;
- } else {
- s->regs.isr1 &= ~TXINTR;
- }
-
- if (!(s->regs.sr1 & TXBUSY) && (s->regs.sr1 & TXFE)) {
- s->regs.isr1 |= TXCINTR;
- } else {
- s->regs.isr1 &= ~TXCINTR;
- }
-
- /* Update the irq state */
- qemu_set_irq(s->irq, ((s->regs.isr1 & s->regs.ie1) > 0) ? 1 : 0);
- DBG_L2("Set interrupt sr1 = 0x%08x isr1 = 0x%08x masked = 0x%08x\n",
- s->regs.sr1, s->regs.isr1, s->regs.isr1 & s->regs.ie1);
-}
-
-static void pl041_request_data(void *opaque)
-{
- pl041_state *s = (pl041_state *)opaque;
-
- /* Trigger pending transfers */
- pl041_fifo1_transmit(s);
- pl041_isr1_update(s);
-}
-
-static uint64_t pl041_read(void *opaque, hwaddr offset,
- unsigned size)
-{
- pl041_state *s = (pl041_state *)opaque;
- int value;
-
- if ((offset >= PL041_periphid0) && (offset <= PL041_pcellid3)) {
- if (offset == PL041_periphid3) {
- value = pl041_compute_periphid3(s);
- } else {
- value = pl041_default_id[(offset - PL041_periphid0) >> 2];
- }
-
- DBG_L1("pl041_read [0x%08x] => 0x%08x\n", offset, value);
- return value;
- } else if (offset <= PL041_dr4_7) {
- value = *((uint32_t *)&s->regs + (offset >> 2));
- } else {
- DBG_L1("pl041_read: Reserved offset %x\n", (int)offset);
- return 0;
- }
-
- switch (offset) {
- case PL041_allints:
- value = s->regs.isr1 & 0x7F;
- break;
- }
-
- DBG_L1("pl041_read [0x%08x] %s => 0x%08x\n", offset,
- get_reg_name(offset), value);
-
- return value;
-}
-
-static void pl041_write(void *opaque, hwaddr offset,
- uint64_t value, unsigned size)
-{
- pl041_state *s = (pl041_state *)opaque;
- uint16_t control, data;
- uint32_t result;
-
- DBG_L1("pl041_write [0x%08x] %s <= 0x%08x\n", offset,
- get_reg_name(offset), (unsigned int)value);
-
- /* Write the register */
- if (offset <= PL041_dr4_7) {
- *((uint32_t *)&s->regs + (offset >> 2)) = value;
- } else {
- DBG_L1("pl041_write: Reserved offset %x\n", (int)offset);
- return;
- }
-
- /* Execute the actions */
- switch (offset) {
- case PL041_txcr1:
- {
- pl041_channel *channel = &s->fifo1;
-
- uint32_t txen = s->regs.txcr1 & TXEN;
- uint32_t tsize = (s->regs.txcr1 & TSIZE_MASK) >> TSIZE_MASK_BIT;
- uint32_t compact_mode = (s->regs.txcr1 & TXCOMPACT) ? 1 : 0;
-#if defined(PL041_DEBUG_LEVEL)
- uint32_t slots = (s->regs.txcr1 & TXSLOT_MASK) >> TXSLOT_MASK_BIT;
- uint32_t txfen = (s->regs.txcr1 & TXFEN) > 0 ? 1 : 0;
-#endif
-
- DBG_L1("=> txen = %i slots = 0x%01x tsize = %i compact = %i "
- "txfen = %i\n", txen, slots, tsize, compact_mode, txfen);
-
- channel->tx_enabled = txen;
- channel->tx_compact_mode = compact_mode;
-
- switch (tsize) {
- case 0:
- channel->tx_sample_size = 16;
- break;
- case 1:
- channel->tx_sample_size = 18;
- break;
- case 2:
- channel->tx_sample_size = 20;
- break;
- case 3:
- channel->tx_sample_size = 12;
- break;
- }
-
- DBG_L1("TX enabled = %i\n", channel->tx_enabled);
- DBG_L1("TX compact mode = %i\n", channel->tx_compact_mode);
- DBG_L1("TX sample width = %i\n", channel->tx_sample_size);
-
- /* Check if compact mode is allowed with selected tsize */
- if (channel->tx_compact_mode == 1) {
- if ((channel->tx_sample_size == 18) ||
- (channel->tx_sample_size == 20)) {
- channel->tx_compact_mode = 0;
- DBG_L1("Compact mode not allowed with 18/20-bit sample size\n");
- }
- }
-
- break;
- }
- case PL041_sl1tx:
- s->regs.slfr &= ~SL1TXEMPTY;
-
- control = (s->regs.sl1tx >> 12) & 0x7F;
- data = (s->regs.sl2tx >> 4) & 0xFFFF;
-
- if ((s->regs.sl1tx & SLOT1_RW) == 0) {
- /* Write operation */
- lm4549_write(&s->codec, control, data);
- } else {
- /* Read operation */
- result = lm4549_read(&s->codec, control);
-
- /* Store the returned value */
- s->regs.sl1rx = s->regs.sl1tx & ~SLOT1_RW;
- s->regs.sl2rx = result << 4;
-
- s->regs.slfr &= ~(SL1RXBUSY | SL2RXBUSY);
- s->regs.slfr |= SL1RXVALID | SL2RXVALID;
- }
- break;
-
- case PL041_sl2tx:
- s->regs.sl2tx = value;
- s->regs.slfr &= ~SL2TXEMPTY;
- break;
-
- case PL041_intclr:
- DBG_L1("=> Clear interrupt intclr = 0x%08x isr1 = 0x%08x\n",
- s->regs.intclr, s->regs.isr1);
-
- if (s->regs.intclr & TXUEC1) {
- s->regs.sr1 &= ~TXUNDERRUN;
- }
- break;
-
- case PL041_maincr:
- {
-#if defined(PL041_DEBUG_LEVEL)
- char debug[] = " AACIFE SL1RXEN SL1TXEN";
- if (!(value & AACIFE)) {
- debug[0] = '!';
- }
- if (!(value & SL1RXEN)) {
- debug[8] = '!';
- }
- if (!(value & SL1TXEN)) {
- debug[17] = '!';
- }
- DBG_L1("%s\n", debug);
-#endif
-
- if ((s->regs.maincr & AACIFE) == 0) {
- pl041_reset(s);
- }
- break;
- }
-
- case PL041_dr1_0:
- case PL041_dr1_1:
- case PL041_dr1_2:
- case PL041_dr1_3:
- pl041_fifo1_write(s, value);
- break;
- }
-
- /* Transmit the FIFO content */
- pl041_fifo1_transmit(s);
-
- /* Update the ISR1 register */
- pl041_isr1_update(s);
-}
-
-static void pl041_device_reset(DeviceState *d)
-{
- pl041_state *s = DO_UPCAST(pl041_state, busdev.qdev, d);
-
- pl041_reset(s);
-}
-
-static const MemoryRegionOps pl041_ops = {
- .read = pl041_read,
- .write = pl041_write,
- .endianness = DEVICE_NATIVE_ENDIAN,
-};
-
-static int pl041_init(SysBusDevice *dev)
-{
- pl041_state *s = FROM_SYSBUS(pl041_state, dev);
-
- DBG_L1("pl041_init 0x%08x\n", (uint32_t)s);
-
- /* Check the device properties */
- switch (s->fifo_depth) {
- case 8:
- case 32:
- case 64:
- case 128:
- case 256:
- case 512:
- case 1024:
- case 2048:
- break;
- case 16:
- default:
- /* NC FIFO depth of 16 is not allowed because its id bits in
- AACIPERIPHID3 overlap with the id for the default NC FIFO depth */
- qemu_log_mask(LOG_UNIMP,
- "pl041: unsupported non-compact fifo depth [%i]\n",
- s->fifo_depth);
- return -1;
- }
-
- /* Connect the device to the sysbus */
- memory_region_init_io(&s->iomem, &pl041_ops, s, "pl041", 0x1000);
- sysbus_init_mmio(dev, &s->iomem);
- sysbus_init_irq(dev, &s->irq);
-
- /* Init the codec */
- lm4549_init(&s->codec, &pl041_request_data, (void *)s);
-
- return 0;
-}
-
-static const VMStateDescription vmstate_pl041_regfile = {
- .name = "pl041_regfile",
- .version_id = 1,
- .minimum_version_id = 1,
- .minimum_version_id_old = 1,
- .fields = (VMStateField[]) {
-#define REGISTER(name, offset) VMSTATE_UINT32(name, pl041_regfile),
- #include "pl041.hx"
-#undef REGISTER
- VMSTATE_END_OF_LIST()
- }
-};
-
-static const VMStateDescription vmstate_pl041_fifo = {
- .name = "pl041_fifo",
- .version_id = 1,
- .minimum_version_id = 1,
- .minimum_version_id_old = 1,
- .fields = (VMStateField[]) {
- VMSTATE_UINT32(level, pl041_fifo),
- VMSTATE_UINT32_ARRAY(data, pl041_fifo, MAX_FIFO_DEPTH),
- VMSTATE_END_OF_LIST()
- }
-};
-
-static const VMStateDescription vmstate_pl041_channel = {
- .name = "pl041_channel",
- .version_id = 1,
- .minimum_version_id = 1,
- .minimum_version_id_old = 1,
- .fields = (VMStateField[]) {
- VMSTATE_STRUCT(tx_fifo, pl041_channel, 0,
- vmstate_pl041_fifo, pl041_fifo),
- VMSTATE_UINT8(tx_enabled, pl041_channel),
- VMSTATE_UINT8(tx_compact_mode, pl041_channel),
- VMSTATE_UINT8(tx_sample_size, pl041_channel),
- VMSTATE_STRUCT(rx_fifo, pl041_channel, 0,
- vmstate_pl041_fifo, pl041_fifo),
- VMSTATE_UINT8(rx_enabled, pl041_channel),
- VMSTATE_UINT8(rx_compact_mode, pl041_channel),
- VMSTATE_UINT8(rx_sample_size, pl041_channel),
- VMSTATE_END_OF_LIST()
- }
-};
-
-static const VMStateDescription vmstate_pl041 = {
- .name = "pl041",
- .version_id = 1,
- .minimum_version_id = 1,
- .fields = (VMStateField[]) {
- VMSTATE_UINT32(fifo_depth, pl041_state),
- VMSTATE_STRUCT(regs, pl041_state, 0,
- vmstate_pl041_regfile, pl041_regfile),
- VMSTATE_STRUCT(fifo1, pl041_state, 0,
- vmstate_pl041_channel, pl041_channel),
- VMSTATE_STRUCT(codec, pl041_state, 0,
- vmstate_lm4549_state, lm4549_state),
- VMSTATE_END_OF_LIST()
- }
-};
-
-static Property pl041_device_properties[] = {
- /* Non-compact FIFO depth property */
- DEFINE_PROP_UINT32("nc_fifo_depth", pl041_state, fifo_depth, DEFAULT_FIFO_DEPTH),
- DEFINE_PROP_END_OF_LIST(),
-};
-
-static void pl041_device_class_init(ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS(klass);
- SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
-
- k->init = pl041_init;
- dc->no_user = 1;
- dc->reset = pl041_device_reset;
- dc->vmsd = &vmstate_pl041;
- dc->props = pl041_device_properties;
-}
-
-static TypeInfo pl041_device_info = {
- .name = "pl041",
- .parent = TYPE_SYS_BUS_DEVICE,
- .instance_size = sizeof(pl041_state),
- .class_init = pl041_device_class_init,
-};
-
-static void pl041_register_types(void)
-{
- type_register_static(&pl041_device_info);
-}
-
-type_init(pl041_register_types)
diff --git a/hw/pl050.c b/hw/pl050.c
deleted file mode 100644
index 47032f126..000000000
--- a/hw/pl050.c
+++ /dev/null
@@ -1,200 +0,0 @@
-/*
- * Arm PrimeCell PL050 Keyboard / Mouse Interface
- *
- * Copyright (c) 2006-2007 CodeSourcery.
- * Written by Paul Brook
- *
- * This code is licensed under the GPL.
- */
-
-#include "sysbus.h"
-#include "ps2.h"
-
-typedef struct {
- SysBusDevice busdev;
- MemoryRegion iomem;
- void *dev;
- uint32_t cr;
- uint32_t clk;
- uint32_t last;
- int pending;
- qemu_irq irq;
- int is_mouse;
-} pl050_state;
-
-static const VMStateDescription vmstate_pl050 = {
- .name = "pl050",
- .version_id = 1,
- .minimum_version_id = 1,
- .fields = (VMStateField[]) {
- VMSTATE_UINT32(cr, pl050_state),
- VMSTATE_UINT32(clk, pl050_state),
- VMSTATE_UINT32(last, pl050_state),
- VMSTATE_INT32(pending, pl050_state),
- VMSTATE_INT32(is_mouse, pl050_state),
- VMSTATE_END_OF_LIST()
- }
-};
-
-#define PL050_TXEMPTY (1 << 6)
-#define PL050_TXBUSY (1 << 5)
-#define PL050_RXFULL (1 << 4)
-#define PL050_RXBUSY (1 << 3)
-#define PL050_RXPARITY (1 << 2)
-#define PL050_KMIC (1 << 1)
-#define PL050_KMID (1 << 0)
-
-static const unsigned char pl050_id[] =
-{ 0x50, 0x10, 0x04, 0x00, 0x0d, 0xf0, 0x05, 0xb1 };
-
-static void pl050_update(void *opaque, int level)
-{
- pl050_state *s = (pl050_state *)opaque;
- int raise;
-
- s->pending = level;
- raise = (s->pending && (s->cr & 0x10) != 0)
- || (s->cr & 0x08) != 0;
- qemu_set_irq(s->irq, raise);
-}
-
-static uint64_t pl050_read(void *opaque, hwaddr offset,
- unsigned size)
-{
- pl050_state *s = (pl050_state *)opaque;
- if (offset >= 0xfe0 && offset < 0x1000)
- return pl050_id[(offset - 0xfe0) >> 2];
-
- switch (offset >> 2) {
- case 0: /* KMICR */
- return s->cr;
- case 1: /* KMISTAT */
- {
- uint8_t val;
- uint32_t stat;
-
- val = s->last;
- val = val ^ (val >> 4);
- val = val ^ (val >> 2);
- val = (val ^ (val >> 1)) & 1;
-
- stat = PL050_TXEMPTY;
- if (val)
- stat |= PL050_RXPARITY;
- if (s->pending)
- stat |= PL050_RXFULL;
-
- return stat;
- }
- case 2: /* KMIDATA */
- if (s->pending)
- s->last = ps2_read_data(s->dev);
- return s->last;
- case 3: /* KMICLKDIV */
- return s->clk;
- case 4: /* KMIIR */
- return s->pending | 2;
- default:
- qemu_log_mask(LOG_GUEST_ERROR,
- "pl050_read: Bad offset %x\n", (int)offset);
- return 0;
- }
-}
-
-static void pl050_write(void *opaque, hwaddr offset,
- uint64_t value, unsigned size)
-{
- pl050_state *s = (pl050_state *)opaque;
- switch (offset >> 2) {
- case 0: /* KMICR */
- s->cr = value;
- pl050_update(s, s->pending);
- /* ??? Need to implement the enable/disable bit. */
- break;
- case 2: /* KMIDATA */
- /* ??? This should toggle the TX interrupt line. */
- /* ??? This means kbd/mouse can block each other. */
- if (s->is_mouse) {
- ps2_write_mouse(s->dev, value);
- } else {
- ps2_write_keyboard(s->dev, value);
- }
- break;
- case 3: /* KMICLKDIV */
- s->clk = value;
- return;
- default:
- qemu_log_mask(LOG_GUEST_ERROR,
- "pl050_write: Bad offset %x\n", (int)offset);
- }
-}
-static const MemoryRegionOps pl050_ops = {
- .read = pl050_read,
- .write = pl050_write,
- .endianness = DEVICE_NATIVE_ENDIAN,
-};
-
-static int pl050_init(SysBusDevice *dev, int is_mouse)
-{
- pl050_state *s = FROM_SYSBUS(pl050_state, dev);
-
- memory_region_init_io(&s->iomem, &pl050_ops, s, "pl050", 0x1000);
- sysbus_init_mmio(dev, &s->iomem);
- sysbus_init_irq(dev, &s->irq);
- s->is_mouse = is_mouse;
- if (s->is_mouse)
- s->dev = ps2_mouse_init(pl050_update, s);
- else
- s->dev = ps2_kbd_init(pl050_update, s);
- return 0;
-}
-
-static int pl050_init_keyboard(SysBusDevice *dev)
-{
- return pl050_init(dev, 0);
-}
-
-static int pl050_init_mouse(SysBusDevice *dev)
-{
- return pl050_init(dev, 1);
-}
-
-static void pl050_kbd_class_init(ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS(klass);
- SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
-
- k->init = pl050_init_keyboard;
- dc->vmsd = &vmstate_pl050;
-}
-
-static TypeInfo pl050_kbd_info = {
- .name = "pl050_keyboard",
- .parent = TYPE_SYS_BUS_DEVICE,
- .instance_size = sizeof(pl050_state),
- .class_init = pl050_kbd_class_init,
-};
-
-static void pl050_mouse_class_init(ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS(klass);
- SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
-
- k->init = pl050_init_mouse;
- dc->vmsd = &vmstate_pl050;
-}
-
-static TypeInfo pl050_mouse_info = {
- .name = "pl050_mouse",
- .parent = TYPE_SYS_BUS_DEVICE,
- .instance_size = sizeof(pl050_state),
- .class_init = pl050_mouse_class_init,
-};
-
-static void pl050_register_types(void)
-{
- type_register_static(&pl050_kbd_info);
- type_register_static(&pl050_mouse_info);
-}
-
-type_init(pl050_register_types)
diff --git a/hw/pl061.c b/hw/pl061.c
deleted file mode 100644
index f1ed5ced1..000000000
--- a/hw/pl061.c
+++ /dev/null
@@ -1,336 +0,0 @@
-/*
- * Arm PrimeCell PL061 General Purpose IO with additional
- * Luminary Micro Stellaris bits.
- *
- * Copyright (c) 2007 CodeSourcery.
- * Written by Paul Brook
- *
- * This code is licensed under the GPL.
- */
-
-#include "sysbus.h"
-
-//#define DEBUG_PL061 1
-
-#ifdef DEBUG_PL061
-#define DPRINTF(fmt, ...) \
-do { printf("pl061: " fmt , ## __VA_ARGS__); } while (0)
-#define BADF(fmt, ...) \
-do { fprintf(stderr, "pl061: error: " fmt , ## __VA_ARGS__); exit(1);} while (0)
-#else
-#define DPRINTF(fmt, ...) do {} while(0)
-#define BADF(fmt, ...) \
-do { fprintf(stderr, "pl061: error: " fmt , ## __VA_ARGS__);} while (0)
-#endif
-
-static const uint8_t pl061_id[12] =
- { 0x00, 0x00, 0x00, 0x00, 0x61, 0x10, 0x04, 0x00, 0x0d, 0xf0, 0x05, 0xb1 };
-static const uint8_t pl061_id_luminary[12] =
- { 0x00, 0x00, 0x00, 0x00, 0x61, 0x00, 0x18, 0x01, 0x0d, 0xf0, 0x05, 0xb1 };
-
-typedef struct {
- SysBusDevice busdev;
- MemoryRegion iomem;
- uint32_t locked;
- uint32_t data;
- uint32_t old_data;
- uint32_t dir;
- uint32_t isense;
- uint32_t ibe;
- uint32_t iev;
- uint32_t im;
- uint32_t istate;
- uint32_t afsel;
- uint32_t dr2r;
- uint32_t dr4r;
- uint32_t dr8r;
- uint32_t odr;
- uint32_t pur;
- uint32_t pdr;
- uint32_t slr;
- uint32_t den;
- uint32_t cr;
- uint32_t float_high;
- uint32_t amsel;
- qemu_irq irq;
- qemu_irq out[8];
- const unsigned char *id;
-} pl061_state;
-
-static const VMStateDescription vmstate_pl061 = {
- .name = "pl061",
- .version_id = 2,
- .minimum_version_id = 1,
- .fields = (VMStateField[]) {
- VMSTATE_UINT32(locked, pl061_state),
- VMSTATE_UINT32(data, pl061_state),
- VMSTATE_UINT32(old_data, pl061_state),
- VMSTATE_UINT32(dir, pl061_state),
- VMSTATE_UINT32(isense, pl061_state),
- VMSTATE_UINT32(ibe, pl061_state),
- VMSTATE_UINT32(iev, pl061_state),
- VMSTATE_UINT32(im, pl061_state),
- VMSTATE_UINT32(istate, pl061_state),
- VMSTATE_UINT32(afsel, pl061_state),
- VMSTATE_UINT32(dr2r, pl061_state),
- VMSTATE_UINT32(dr4r, pl061_state),
- VMSTATE_UINT32(dr8r, pl061_state),
- VMSTATE_UINT32(odr, pl061_state),
- VMSTATE_UINT32(pur, pl061_state),
- VMSTATE_UINT32(pdr, pl061_state),
- VMSTATE_UINT32(slr, pl061_state),
- VMSTATE_UINT32(den, pl061_state),
- VMSTATE_UINT32(cr, pl061_state),
- VMSTATE_UINT32(float_high, pl061_state),
- VMSTATE_UINT32_V(amsel, pl061_state, 2),
- VMSTATE_END_OF_LIST()
- }
-};
-
-static void pl061_update(pl061_state *s)
-{
- uint8_t changed;
- uint8_t mask;
- uint8_t out;
- int i;
-
- /* Outputs float high. */
- /* FIXME: This is board dependent. */
- out = (s->data & s->dir) | ~s->dir;
- changed = s->old_data ^ out;
- if (!changed)
- return;
-
- s->old_data = out;
- for (i = 0; i < 8; i++) {
- mask = 1 << i;
- if (changed & mask) {
- DPRINTF("Set output %d = %d\n", i, (out & mask) != 0);
- qemu_set_irq(s->out[i], (out & mask) != 0);
- }
- }
-
- /* FIXME: Implement input interrupts. */
-}
-
-static uint64_t pl061_read(void *opaque, hwaddr offset,
- unsigned size)
-{
- pl061_state *s = (pl061_state *)opaque;
-
- if (offset >= 0xfd0 && offset < 0x1000) {
- return s->id[(offset - 0xfd0) >> 2];
- }
- if (offset < 0x400) {
- return s->data & (offset >> 2);
- }
- switch (offset) {
- case 0x400: /* Direction */
- return s->dir;
- case 0x404: /* Interrupt sense */
- return s->isense;
- case 0x408: /* Interrupt both edges */
- return s->ibe;
- case 0x40c: /* Interrupt event */
- return s->iev;
- case 0x410: /* Interrupt mask */
- return s->im;
- case 0x414: /* Raw interrupt status */
- return s->istate;
- case 0x418: /* Masked interrupt status */
- return s->istate | s->im;
- case 0x420: /* Alternate function select */
- return s->afsel;
- case 0x500: /* 2mA drive */
- return s->dr2r;
- case 0x504: /* 4mA drive */
- return s->dr4r;
- case 0x508: /* 8mA drive */
- return s->dr8r;
- case 0x50c: /* Open drain */
- return s->odr;
- case 0x510: /* Pull-up */
- return s->pur;
- case 0x514: /* Pull-down */
- return s->pdr;
- case 0x518: /* Slew rate control */
- return s->slr;
- case 0x51c: /* Digital enable */
- return s->den;
- case 0x520: /* Lock */
- return s->locked;
- case 0x524: /* Commit */
- return s->cr;
- case 0x528: /* Analog mode select */
- return s->amsel;
- default:
- qemu_log_mask(LOG_GUEST_ERROR,
- "pl061_read: Bad offset %x\n", (int)offset);
- return 0;
- }
-}
-
-static void pl061_write(void *opaque, hwaddr offset,
- uint64_t value, unsigned size)
-{
- pl061_state *s = (pl061_state *)opaque;
- uint8_t mask;
-
- if (offset < 0x400) {
- mask = (offset >> 2) & s->dir;
- s->data = (s->data & ~mask) | (value & mask);
- pl061_update(s);
- return;
- }
- switch (offset) {
- case 0x400: /* Direction */
- s->dir = value & 0xff;
- break;
- case 0x404: /* Interrupt sense */
- s->isense = value & 0xff;
- break;
- case 0x408: /* Interrupt both edges */
- s->ibe = value & 0xff;
- break;
- case 0x40c: /* Interrupt event */
- s->iev = value & 0xff;
- break;
- case 0x410: /* Interrupt mask */
- s->im = value & 0xff;
- break;
- case 0x41c: /* Interrupt clear */
- s->istate &= ~value;
- break;
- case 0x420: /* Alternate function select */
- mask = s->cr;
- s->afsel = (s->afsel & ~mask) | (value & mask);
- break;
- case 0x500: /* 2mA drive */
- s->dr2r = value & 0xff;
- break;
- case 0x504: /* 4mA drive */
- s->dr4r = value & 0xff;
- break;
- case 0x508: /* 8mA drive */
- s->dr8r = value & 0xff;
- break;
- case 0x50c: /* Open drain */
- s->odr = value & 0xff;
- break;
- case 0x510: /* Pull-up */
- s->pur = value & 0xff;
- break;
- case 0x514: /* Pull-down */
- s->pdr = value & 0xff;
- break;
- case 0x518: /* Slew rate control */
- s->slr = value & 0xff;
- break;
- case 0x51c: /* Digital enable */
- s->den = value & 0xff;
- break;
- case 0x520: /* Lock */
- s->locked = (value != 0xacce551);
- break;
- case 0x524: /* Commit */
- if (!s->locked)
- s->cr = value & 0xff;
- break;
- case 0x528:
- s->amsel = value & 0xff;
- break;
- default:
- qemu_log_mask(LOG_GUEST_ERROR,
- "pl061_write: Bad offset %x\n", (int)offset);
- }
- pl061_update(s);
-}
-
-static void pl061_reset(pl061_state *s)
-{
- s->locked = 1;
- s->cr = 0xff;
-}
-
-static void pl061_set_irq(void * opaque, int irq, int level)
-{
- pl061_state *s = (pl061_state *)opaque;
- uint8_t mask;
-
- mask = 1 << irq;
- if ((s->dir & mask) == 0) {
- s->data &= ~mask;
- if (level)
- s->data |= mask;
- pl061_update(s);
- }
-}
-
-static const MemoryRegionOps pl061_ops = {
- .read = pl061_read,
- .write = pl061_write,
- .endianness = DEVICE_NATIVE_ENDIAN,
-};
-
-static int pl061_init(SysBusDevice *dev, const unsigned char *id)
-{
- pl061_state *s = FROM_SYSBUS(pl061_state, dev);
- s->id = id;
- memory_region_init_io(&s->iomem, &pl061_ops, s, "pl061", 0x1000);
- sysbus_init_mmio(dev, &s->iomem);
- sysbus_init_irq(dev, &s->irq);
- qdev_init_gpio_in(&dev->qdev, pl061_set_irq, 8);
- qdev_init_gpio_out(&dev->qdev, s->out, 8);
- pl061_reset(s);
- return 0;
-}
-
-static int pl061_init_luminary(SysBusDevice *dev)
-{
- return pl061_init(dev, pl061_id_luminary);
-}
-
-static int pl061_init_arm(SysBusDevice *dev)
-{
- return pl061_init(dev, pl061_id);
-}
-
-static void pl061_class_init(ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS(klass);
- SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
-
- k->init = pl061_init_arm;
- dc->vmsd = &vmstate_pl061;
-}
-
-static TypeInfo pl061_info = {
- .name = "pl061",
- .parent = TYPE_SYS_BUS_DEVICE,
- .instance_size = sizeof(pl061_state),
- .class_init = pl061_class_init,
-};
-
-static void pl061_luminary_class_init(ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS(klass);
- SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
-
- k->init = pl061_init_luminary;
- dc->vmsd = &vmstate_pl061;
-}
-
-static TypeInfo pl061_luminary_info = {
- .name = "pl061_luminary",
- .parent = TYPE_SYS_BUS_DEVICE,
- .instance_size = sizeof(pl061_state),
- .class_init = pl061_luminary_class_init,
-};
-
-static void pl061_register_types(void)
-{
- type_register_static(&pl061_info);
- type_register_static(&pl061_luminary_info);
-}
-
-type_init(pl061_register_types)
diff --git a/hw/pl080.c b/hw/pl080.c
deleted file mode 100644
index 26150af75..000000000
--- a/hw/pl080.c
+++ /dev/null
@@ -1,421 +0,0 @@
-/*
- * Arm PrimeCell PL080/PL081 DMA controller
- *
- * Copyright (c) 2006 CodeSourcery.
- * Written by Paul Brook
- *
- * This code is licensed under the GPL.
- */
-
-#include "sysbus.h"
-
-#define PL080_MAX_CHANNELS 8
-#define PL080_CONF_E 0x1
-#define PL080_CONF_M1 0x2
-#define PL080_CONF_M2 0x4
-
-#define PL080_CCONF_H 0x40000
-#define PL080_CCONF_A 0x20000
-#define PL080_CCONF_L 0x10000
-#define PL080_CCONF_ITC 0x08000
-#define PL080_CCONF_IE 0x04000
-#define PL080_CCONF_E 0x00001
-
-#define PL080_CCTRL_I 0x80000000
-#define PL080_CCTRL_DI 0x08000000
-#define PL080_CCTRL_SI 0x04000000
-#define PL080_CCTRL_D 0x02000000
-#define PL080_CCTRL_S 0x01000000
-
-typedef struct {
- uint32_t src;
- uint32_t dest;
- uint32_t lli;
- uint32_t ctrl;
- uint32_t conf;
-} pl080_channel;
-
-typedef struct {
- SysBusDevice busdev;
- MemoryRegion iomem;
- uint8_t tc_int;
- uint8_t tc_mask;
- uint8_t err_int;
- uint8_t err_mask;
- uint32_t conf;
- uint32_t sync;
- uint32_t req_single;
- uint32_t req_burst;
- pl080_channel chan[PL080_MAX_CHANNELS];
- int nchannels;
- /* Flag to avoid recursive DMA invocations. */
- int running;
- qemu_irq irq;
-} pl080_state;
-
-static const VMStateDescription vmstate_pl080_channel = {
- .name = "pl080_channel",
- .version_id = 1,
- .minimum_version_id = 1,
- .fields = (VMStateField[]) {
- VMSTATE_UINT32(src, pl080_channel),
- VMSTATE_UINT32(dest, pl080_channel),
- VMSTATE_UINT32(lli, pl080_channel),
- VMSTATE_UINT32(ctrl, pl080_channel),
- VMSTATE_UINT32(conf, pl080_channel),
- VMSTATE_END_OF_LIST()
- }
-};
-
-static const VMStateDescription vmstate_pl080 = {
- .name = "pl080",
- .version_id = 1,
- .minimum_version_id = 1,
- .fields = (VMStateField[]) {
- VMSTATE_UINT8(tc_int, pl080_state),
- VMSTATE_UINT8(tc_mask, pl080_state),
- VMSTATE_UINT8(err_int, pl080_state),
- VMSTATE_UINT8(err_mask, pl080_state),
- VMSTATE_UINT32(conf, pl080_state),
- VMSTATE_UINT32(sync, pl080_state),
- VMSTATE_UINT32(req_single, pl080_state),
- VMSTATE_UINT32(req_burst, pl080_state),
- VMSTATE_UINT8(tc_int, pl080_state),
- VMSTATE_UINT8(tc_int, pl080_state),
- VMSTATE_UINT8(tc_int, pl080_state),
- VMSTATE_STRUCT_ARRAY(chan, pl080_state, PL080_MAX_CHANNELS,
- 1, vmstate_pl080_channel, pl080_channel),
- VMSTATE_INT32(running, pl080_state),
- VMSTATE_END_OF_LIST()
- }
-};
-
-static const unsigned char pl080_id[] =
-{ 0x80, 0x10, 0x04, 0x0a, 0x0d, 0xf0, 0x05, 0xb1 };
-
-static const unsigned char pl081_id[] =
-{ 0x81, 0x10, 0x04, 0x0a, 0x0d, 0xf0, 0x05, 0xb1 };
-
-static void pl080_update(pl080_state *s)
-{
- if ((s->tc_int & s->tc_mask)
- || (s->err_int & s->err_mask))
- qemu_irq_raise(s->irq);
- else
- qemu_irq_lower(s->irq);
-}
-
-static void pl080_run(pl080_state *s)
-{
- int c;
- int flow;
- pl080_channel *ch;
- int swidth;
- int dwidth;
- int xsize;
- int n;
- int src_id;
- int dest_id;
- int size;
- uint8_t buff[4];
- uint32_t req;
-
- s->tc_mask = 0;
- for (c = 0; c < s->nchannels; c++) {
- if (s->chan[c].conf & PL080_CCONF_ITC)
- s->tc_mask |= 1 << c;
- if (s->chan[c].conf & PL080_CCONF_IE)
- s->err_mask |= 1 << c;
- }
-
- if ((s->conf & PL080_CONF_E) == 0)
- return;
-
-hw_error("DMA active\n");
- /* If we are already in the middle of a DMA operation then indicate that
- there may be new DMA requests and return immediately. */
- if (s->running) {
- s->running++;
- return;
- }
- s->running = 1;
- while (s->running) {
- for (c = 0; c < s->nchannels; c++) {
- ch = &s->chan[c];
-again:
- /* Test if thiws channel has any pending DMA requests. */
- if ((ch->conf & (PL080_CCONF_H | PL080_CCONF_E))
- != PL080_CCONF_E)
- continue;
- flow = (ch->conf >> 11) & 7;
- if (flow >= 4) {
- hw_error(
- "pl080_run: Peripheral flow control not implemented\n");
- }
- src_id = (ch->conf >> 1) & 0x1f;
- dest_id = (ch->conf >> 6) & 0x1f;
- size = ch->ctrl & 0xfff;
- req = s->req_single | s->req_burst;
- switch (flow) {
- case 0:
- break;
- case 1:
- if ((req & (1u << dest_id)) == 0)
- size = 0;
- break;
- case 2:
- if ((req & (1u << src_id)) == 0)
- size = 0;
- break;
- case 3:
- if ((req & (1u << src_id)) == 0
- || (req & (1u << dest_id)) == 0)
- size = 0;
- break;
- }
- if (!size)
- continue;
-
- /* Transfer one element. */
- /* ??? Should transfer multiple elements for a burst request. */
- /* ??? Unclear what the proper behavior is when source and
- destination widths are different. */
- swidth = 1 << ((ch->ctrl >> 18) & 7);
- dwidth = 1 << ((ch->ctrl >> 21) & 7);
- for (n = 0; n < dwidth; n+= swidth) {
- cpu_physical_memory_read(ch->src, buff + n, swidth);
- if (ch->ctrl & PL080_CCTRL_SI)
- ch->src += swidth;
- }
- xsize = (dwidth < swidth) ? swidth : dwidth;
- /* ??? This may pad the value incorrectly for dwidth < 32. */
- for (n = 0; n < xsize; n += dwidth) {
- cpu_physical_memory_write(ch->dest + n, buff + n, dwidth);
- if (ch->ctrl & PL080_CCTRL_DI)
- ch->dest += swidth;
- }
-
- size--;
- ch->ctrl = (ch->ctrl & 0xfffff000) | size;
- if (size == 0) {
- /* Transfer complete. */
- if (ch->lli) {
- ch->src = ldl_le_phys(ch->lli);
- ch->dest = ldl_le_phys(ch->lli + 4);
- ch->ctrl = ldl_le_phys(ch->lli + 12);
- ch->lli = ldl_le_phys(ch->lli + 8);
- } else {
- ch->conf &= ~PL080_CCONF_E;
- }
- if (ch->ctrl & PL080_CCTRL_I) {
- s->tc_int |= 1 << c;
- }
- }
- goto again;
- }
- if (--s->running)
- s->running = 1;
- }
-}
-
-static uint64_t pl080_read(void *opaque, hwaddr offset,
- unsigned size)
-{
- pl080_state *s = (pl080_state *)opaque;
- uint32_t i;
- uint32_t mask;
-
- if (offset >= 0xfe0 && offset < 0x1000) {
- if (s->nchannels == 8) {
- return pl080_id[(offset - 0xfe0) >> 2];
- } else {
- return pl081_id[(offset - 0xfe0) >> 2];
- }
- }
- if (offset >= 0x100 && offset < 0x200) {
- i = (offset & 0xe0) >> 5;
- if (i >= s->nchannels)
- goto bad_offset;
- switch (offset >> 2) {
- case 0: /* SrcAddr */
- return s->chan[i].src;
- case 1: /* DestAddr */
- return s->chan[i].dest;
- case 2: /* LLI */
- return s->chan[i].lli;
- case 3: /* Control */
- return s->chan[i].ctrl;
- case 4: /* Configuration */
- return s->chan[i].conf;
- default:
- goto bad_offset;
- }
- }
- switch (offset >> 2) {
- case 0: /* IntStatus */
- return (s->tc_int & s->tc_mask) | (s->err_int & s->err_mask);
- case 1: /* IntTCStatus */
- return (s->tc_int & s->tc_mask);
- case 3: /* IntErrorStatus */
- return (s->err_int & s->err_mask);
- case 5: /* RawIntTCStatus */
- return s->tc_int;
- case 6: /* RawIntErrorStatus */
- return s->err_int;
- case 7: /* EnbldChns */
- mask = 0;
- for (i = 0; i < s->nchannels; i++) {
- if (s->chan[i].conf & PL080_CCONF_E)
- mask |= 1 << i;
- }
- return mask;
- case 8: /* SoftBReq */
- case 9: /* SoftSReq */
- case 10: /* SoftLBReq */
- case 11: /* SoftLSReq */
- /* ??? Implement these. */
- return 0;
- case 12: /* Configuration */
- return s->conf;
- case 13: /* Sync */
- return s->sync;
- default:
- bad_offset:
- qemu_log_mask(LOG_GUEST_ERROR,
- "pl080_read: Bad offset %x\n", (int)offset);
- return 0;
- }
-}
-
-static void pl080_write(void *opaque, hwaddr offset,
- uint64_t value, unsigned size)
-{
- pl080_state *s = (pl080_state *)opaque;
- int i;
-
- if (offset >= 0x100 && offset < 0x200) {
- i = (offset & 0xe0) >> 5;
- if (i >= s->nchannels)
- goto bad_offset;
- switch (offset >> 2) {
- case 0: /* SrcAddr */
- s->chan[i].src = value;
- break;
- case 1: /* DestAddr */
- s->chan[i].dest = value;
- break;
- case 2: /* LLI */
- s->chan[i].lli = value;
- break;
- case 3: /* Control */
- s->chan[i].ctrl = value;
- break;
- case 4: /* Configuration */
- s->chan[i].conf = value;
- pl080_run(s);
- break;
- }
- }
- switch (offset >> 2) {
- case 2: /* IntTCClear */
- s->tc_int &= ~value;
- break;
- case 4: /* IntErrorClear */
- s->err_int &= ~value;
- break;
- case 8: /* SoftBReq */
- case 9: /* SoftSReq */
- case 10: /* SoftLBReq */
- case 11: /* SoftLSReq */
- /* ??? Implement these. */
- qemu_log_mask(LOG_UNIMP, "pl080_write: Soft DMA not implemented\n");
- break;
- case 12: /* Configuration */
- s->conf = value;
- if (s->conf & (PL080_CONF_M1 | PL080_CONF_M1)) {
- qemu_log_mask(LOG_UNIMP,
- "pl080_write: Big-endian DMA not implemented\n");
- }
- pl080_run(s);
- break;
- case 13: /* Sync */
- s->sync = value;
- break;
- default:
- bad_offset:
- qemu_log_mask(LOG_GUEST_ERROR,
- "pl080_write: Bad offset %x\n", (int)offset);
- }
- pl080_update(s);
-}
-
-static const MemoryRegionOps pl080_ops = {
- .read = pl080_read,
- .write = pl080_write,
- .endianness = DEVICE_NATIVE_ENDIAN,
-};
-
-static int pl08x_init(SysBusDevice *dev, int nchannels)
-{
- pl080_state *s = FROM_SYSBUS(pl080_state, dev);
-
- memory_region_init_io(&s->iomem, &pl080_ops, s, "pl080", 0x1000);
- sysbus_init_mmio(dev, &s->iomem);
- sysbus_init_irq(dev, &s->irq);
- s->nchannels = nchannels;
- return 0;
-}
-
-static int pl080_init(SysBusDevice *dev)
-{
- return pl08x_init(dev, 8);
-}
-
-static int pl081_init(SysBusDevice *dev)
-{
- return pl08x_init(dev, 2);
-}
-
-static void pl080_class_init(ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS(klass);
- SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
-
- k->init = pl080_init;
- dc->no_user = 1;
- dc->vmsd = &vmstate_pl080;
-}
-
-static TypeInfo pl080_info = {
- .name = "pl080",
- .parent = TYPE_SYS_BUS_DEVICE,
- .instance_size = sizeof(pl080_state),
- .class_init = pl080_class_init,
-};
-
-static void pl081_class_init(ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS(klass);
- SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
-
- k->init = pl081_init;
- dc->no_user = 1;
- dc->vmsd = &vmstate_pl080;
-}
-
-static TypeInfo pl081_info = {
- .name = "pl081",
- .parent = TYPE_SYS_BUS_DEVICE,
- .instance_size = sizeof(pl080_state),
- .class_init = pl081_class_init,
-};
-
-/* The PL080 and PL081 are the same except for the number of channels
- they implement (8 and 2 respectively). */
-static void pl080_register_types(void)
-{
- type_register_static(&pl080_info);
- type_register_static(&pl081_info);
-}
-
-type_init(pl080_register_types)
diff --git a/hw/pl110.c b/hw/pl110.c
deleted file mode 100644
index f869ba60d..000000000
--- a/hw/pl110.c
+++ /dev/null
@@ -1,532 +0,0 @@
-/*
- * Arm PrimeCell PL110 Color LCD Controller
- *
- * Copyright (c) 2005-2009 CodeSourcery.
- * Written by Paul Brook
- *
- * This code is licensed under the GNU LGPL
- */
-
-#include "sysbus.h"
-#include "console.h"
-#include "framebuffer.h"
-
-#define PL110_CR_EN 0x001
-#define PL110_CR_BGR 0x100
-#define PL110_CR_BEBO 0x200
-#define PL110_CR_BEPO 0x400
-#define PL110_CR_PWR 0x800
-
-enum pl110_bppmode
-{
- BPP_1,
- BPP_2,
- BPP_4,
- BPP_8,
- BPP_16,
- BPP_32,
- BPP_16_565, /* PL111 only */
- BPP_12 /* PL111 only */
-};
-
-
-/* The Versatile/PB uses a slightly modified PL110 controller. */
-enum pl110_version
-{
- PL110,
- PL110_VERSATILE,
- PL111
-};
-
-typedef struct {
- SysBusDevice busdev;
- MemoryRegion iomem;
- DisplayState *ds;
-
- int version;
- uint32_t timing[4];
- uint32_t cr;
- uint32_t upbase;
- uint32_t lpbase;
- uint32_t int_status;
- uint32_t int_mask;
- int cols;
- int rows;
- enum pl110_bppmode bpp;
- int invalidate;
- uint32_t mux_ctrl;
- uint32_t palette[256];
- uint32_t raw_palette[128];
- qemu_irq irq;
-} pl110_state;
-
-static int vmstate_pl110_post_load(void *opaque, int version_id);
-
-static const VMStateDescription vmstate_pl110 = {
- .name = "pl110",
- .version_id = 2,
- .minimum_version_id = 1,
- .post_load = vmstate_pl110_post_load,
- .fields = (VMStateField[]) {
- VMSTATE_INT32(version, pl110_state),
- VMSTATE_UINT32_ARRAY(timing, pl110_state, 4),
- VMSTATE_UINT32(cr, pl110_state),
- VMSTATE_UINT32(upbase, pl110_state),
- VMSTATE_UINT32(lpbase, pl110_state),
- VMSTATE_UINT32(int_status, pl110_state),
- VMSTATE_UINT32(int_mask, pl110_state),
- VMSTATE_INT32(cols, pl110_state),
- VMSTATE_INT32(rows, pl110_state),
- VMSTATE_UINT32(bpp, pl110_state),
- VMSTATE_INT32(invalidate, pl110_state),
- VMSTATE_UINT32_ARRAY(palette, pl110_state, 256),
- VMSTATE_UINT32_ARRAY(raw_palette, pl110_state, 128),
- VMSTATE_UINT32_V(mux_ctrl, pl110_state, 2),
- VMSTATE_END_OF_LIST()
- }
-};
-
-static const unsigned char pl110_id[] =
-{ 0x10, 0x11, 0x04, 0x00, 0x0d, 0xf0, 0x05, 0xb1 };
-
-/* The Arm documentation (DDI0224C) says the CLDC on the Versatile board
- has a different ID. However Linux only looks for the normal ID. */
-#if 0
-static const unsigned char pl110_versatile_id[] =
-{ 0x93, 0x10, 0x04, 0x00, 0x0d, 0xf0, 0x05, 0xb1 };
-#else
-#define pl110_versatile_id pl110_id
-#endif
-
-static const unsigned char pl111_id[] = {
- 0x11, 0x11, 0x24, 0x00, 0x0d, 0xf0, 0x05, 0xb1
-};
-
-/* Indexed by pl110_version */
-static const unsigned char *idregs[] = {
- pl110_id,
- pl110_versatile_id,
- pl111_id
-};
-
-#include "pixel_ops.h"
-
-#define BITS 8
-#include "pl110_template.h"
-#define BITS 15
-#include "pl110_template.h"
-#define BITS 16
-#include "pl110_template.h"
-#define BITS 24
-#include "pl110_template.h"
-#define BITS 32
-#include "pl110_template.h"
-
-static int pl110_enabled(pl110_state *s)
-{
- return (s->cr & PL110_CR_EN) && (s->cr & PL110_CR_PWR);
-}
-
-static void pl110_update_display(void *opaque)
-{
- pl110_state *s = (pl110_state *)opaque;
- drawfn* fntable;
- drawfn fn;
- int dest_width;
- int src_width;
- int bpp_offset;
- int first;
- int last;
-
- if (!pl110_enabled(s))
- return;
-
- switch (ds_get_bits_per_pixel(s->ds)) {
- case 0:
- return;
- case 8:
- fntable = pl110_draw_fn_8;
- dest_width = 1;
- break;
- case 15:
- fntable = pl110_draw_fn_15;
- dest_width = 2;
- break;
- case 16:
- fntable = pl110_draw_fn_16;
- dest_width = 2;
- break;
- case 24:
- fntable = pl110_draw_fn_24;
- dest_width = 3;
- break;
- case 32:
- fntable = pl110_draw_fn_32;
- dest_width = 4;
- break;
- default:
- fprintf(stderr, "pl110: Bad color depth\n");
- exit(1);
- }
- if (s->cr & PL110_CR_BGR)
- bpp_offset = 0;
- else
- bpp_offset = 24;
-
- if ((s->version != PL111) && (s->bpp == BPP_16)) {
- /* The PL110's native 16 bit mode is 5551; however
- * most boards with a PL110 implement an external
- * mux which allows bits to be reshuffled to give
- * 565 format. The mux is typically controlled by
- * an external system register.
- * This is controlled by a GPIO input pin
- * so boards can wire it up to their register.
- *
- * The PL111 straightforwardly implements both
- * 5551 and 565 under control of the bpp field
- * in the LCDControl register.
- */
- switch (s->mux_ctrl) {
- case 3: /* 565 BGR */
- bpp_offset = (BPP_16_565 - BPP_16);
- break;
- case 1: /* 5551 */
- break;
- case 0: /* 888; also if we have loaded vmstate from an old version */
- case 2: /* 565 RGB */
- default:
- /* treat as 565 but honour BGR bit */
- bpp_offset += (BPP_16_565 - BPP_16);
- break;
- }
- }
-
- if (s->cr & PL110_CR_BEBO)
- fn = fntable[s->bpp + 8 + bpp_offset];
- else if (s->cr & PL110_CR_BEPO)
- fn = fntable[s->bpp + 16 + bpp_offset];
- else
- fn = fntable[s->bpp + bpp_offset];
-
- src_width = s->cols;
- switch (s->bpp) {
- case BPP_1:
- src_width >>= 3;
- break;
- case BPP_2:
- src_width >>= 2;
- break;
- case BPP_4:
- src_width >>= 1;
- break;
- case BPP_8:
- break;
- case BPP_16:
- case BPP_16_565:
- case BPP_12:
- src_width <<= 1;
- break;
- case BPP_32:
- src_width <<= 2;
- break;
- }
- dest_width *= s->cols;
- first = 0;
- framebuffer_update_display(s->ds, sysbus_address_space(&s->busdev),
- s->upbase, s->cols, s->rows,
- src_width, dest_width, 0,
- s->invalidate,
- fn, s->palette,
- &first, &last);
- if (first >= 0) {
- dpy_gfx_update(s->ds, 0, first, s->cols, last - first + 1);
- }
- s->invalidate = 0;
-}
-
-static void pl110_invalidate_display(void * opaque)
-{
- pl110_state *s = (pl110_state *)opaque;
- s->invalidate = 1;
- if (pl110_enabled(s)) {
- qemu_console_resize(s->ds, s->cols, s->rows);
- }
-}
-
-static void pl110_update_palette(pl110_state *s, int n)
-{
- int i;
- uint32_t raw;
- unsigned int r, g, b;
-
- raw = s->raw_palette[n];
- n <<= 1;
- for (i = 0; i < 2; i++) {
- r = (raw & 0x1f) << 3;
- raw >>= 5;
- g = (raw & 0x1f) << 3;
- raw >>= 5;
- b = (raw & 0x1f) << 3;
- /* The I bit is ignored. */
- raw >>= 6;
- switch (ds_get_bits_per_pixel(s->ds)) {
- case 8:
- s->palette[n] = rgb_to_pixel8(r, g, b);
- break;
- case 15:
- s->palette[n] = rgb_to_pixel15(r, g, b);
- break;
- case 16:
- s->palette[n] = rgb_to_pixel16(r, g, b);
- break;
- case 24:
- case 32:
- s->palette[n] = rgb_to_pixel32(r, g, b);
- break;
- }
- n++;
- }
-}
-
-static void pl110_resize(pl110_state *s, int width, int height)
-{
- if (width != s->cols || height != s->rows) {
- if (pl110_enabled(s)) {
- qemu_console_resize(s->ds, width, height);
- }
- }
- s->cols = width;
- s->rows = height;
-}
-
-/* Update interrupts. */
-static void pl110_update(pl110_state *s)
-{
- /* TODO: Implement interrupts. */
-}
-
-static uint64_t pl110_read(void *opaque, hwaddr offset,
- unsigned size)
-{
- pl110_state *s = (pl110_state *)opaque;
-
- if (offset >= 0xfe0 && offset < 0x1000) {
- return idregs[s->version][(offset - 0xfe0) >> 2];
- }
- if (offset >= 0x200 && offset < 0x400) {
- return s->raw_palette[(offset - 0x200) >> 2];
- }
- switch (offset >> 2) {
- case 0: /* LCDTiming0 */
- return s->timing[0];
- case 1: /* LCDTiming1 */
- return s->timing[1];
- case 2: /* LCDTiming2 */
- return s->timing[2];
- case 3: /* LCDTiming3 */
- return s->timing[3];
- case 4: /* LCDUPBASE */
- return s->upbase;
- case 5: /* LCDLPBASE */
- return s->lpbase;
- case 6: /* LCDIMSC */
- if (s->version != PL110) {
- return s->cr;
- }
- return s->int_mask;
- case 7: /* LCDControl */
- if (s->version != PL110) {
- return s->int_mask;
- }
- return s->cr;
- case 8: /* LCDRIS */
- return s->int_status;
- case 9: /* LCDMIS */
- return s->int_status & s->int_mask;
- case 11: /* LCDUPCURR */
- /* TODO: Implement vertical refresh. */
- return s->upbase;
- case 12: /* LCDLPCURR */
- return s->lpbase;
- default:
- qemu_log_mask(LOG_GUEST_ERROR,
- "pl110_read: Bad offset %x\n", (int)offset);
- return 0;
- }
-}
-
-static void pl110_write(void *opaque, hwaddr offset,
- uint64_t val, unsigned size)
-{
- pl110_state *s = (pl110_state *)opaque;
- int n;
-
- /* For simplicity invalidate the display whenever a control register
- is written to. */
- s->invalidate = 1;
- if (offset >= 0x200 && offset < 0x400) {
- /* Palette. */
- n = (offset - 0x200) >> 2;
- s->raw_palette[(offset - 0x200) >> 2] = val;
- pl110_update_palette(s, n);
- return;
- }
- switch (offset >> 2) {
- case 0: /* LCDTiming0 */
- s->timing[0] = val;
- n = ((val & 0xfc) + 4) * 4;
- pl110_resize(s, n, s->rows);
- break;
- case 1: /* LCDTiming1 */
- s->timing[1] = val;
- n = (val & 0x3ff) + 1;
- pl110_resize(s, s->cols, n);
- break;
- case 2: /* LCDTiming2 */
- s->timing[2] = val;
- break;
- case 3: /* LCDTiming3 */
- s->timing[3] = val;
- break;
- case 4: /* LCDUPBASE */
- s->upbase = val;
- break;
- case 5: /* LCDLPBASE */
- s->lpbase = val;
- break;
- case 6: /* LCDIMSC */
- if (s->version != PL110) {
- goto control;
- }
- imsc:
- s->int_mask = val;
- pl110_update(s);
- break;
- case 7: /* LCDControl */
- if (s->version != PL110) {
- goto imsc;
- }
- control:
- s->cr = val;
- s->bpp = (val >> 1) & 7;
- if (pl110_enabled(s)) {
- qemu_console_resize(s->ds, s->cols, s->rows);
- }
- break;
- case 10: /* LCDICR */
- s->int_status &= ~val;
- pl110_update(s);
- break;
- default:
- qemu_log_mask(LOG_GUEST_ERROR,
- "pl110_write: Bad offset %x\n", (int)offset);
- }
-}
-
-static const MemoryRegionOps pl110_ops = {
- .read = pl110_read,
- .write = pl110_write,
- .endianness = DEVICE_NATIVE_ENDIAN,
-};
-
-static void pl110_mux_ctrl_set(void *opaque, int line, int level)
-{
- pl110_state *s = (pl110_state *)opaque;
- s->mux_ctrl = level;
-}
-
-static int vmstate_pl110_post_load(void *opaque, int version_id)
-{
- pl110_state *s = opaque;
- /* Make sure we redraw, and at the right size */
- pl110_invalidate_display(s);
- return 0;
-}
-
-static int pl110_init(SysBusDevice *dev)
-{
- pl110_state *s = FROM_SYSBUS(pl110_state, dev);
-
- memory_region_init_io(&s->iomem, &pl110_ops, s, "pl110", 0x1000);
- sysbus_init_mmio(dev, &s->iomem);
- sysbus_init_irq(dev, &s->irq);
- qdev_init_gpio_in(&s->busdev.qdev, pl110_mux_ctrl_set, 1);
- s->ds = graphic_console_init(pl110_update_display,
- pl110_invalidate_display,
- NULL, NULL, s);
- return 0;
-}
-
-static int pl110_versatile_init(SysBusDevice *dev)
-{
- pl110_state *s = FROM_SYSBUS(pl110_state, dev);
- s->version = PL110_VERSATILE;
- return pl110_init(dev);
-}
-
-static int pl111_init(SysBusDevice *dev)
-{
- pl110_state *s = FROM_SYSBUS(pl110_state, dev);
- s->version = PL111;
- return pl110_init(dev);
-}
-
-static void pl110_class_init(ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS(klass);
- SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
-
- k->init = pl110_init;
- dc->no_user = 1;
- dc->vmsd = &vmstate_pl110;
-}
-
-static TypeInfo pl110_info = {
- .name = "pl110",
- .parent = TYPE_SYS_BUS_DEVICE,
- .instance_size = sizeof(pl110_state),
- .class_init = pl110_class_init,
-};
-
-static void pl110_versatile_class_init(ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS(klass);
- SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
-
- k->init = pl110_versatile_init;
- dc->no_user = 1;
- dc->vmsd = &vmstate_pl110;
-}
-
-static TypeInfo pl110_versatile_info = {
- .name = "pl110_versatile",
- .parent = TYPE_SYS_BUS_DEVICE,
- .instance_size = sizeof(pl110_state),
- .class_init = pl110_versatile_class_init,
-};
-
-static void pl111_class_init(ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS(klass);
- SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
-
- k->init = pl111_init;
- dc->no_user = 1;
- dc->vmsd = &vmstate_pl110;
-}
-
-static TypeInfo pl111_info = {
- .name = "pl111",
- .parent = TYPE_SYS_BUS_DEVICE,
- .instance_size = sizeof(pl110_state),
- .class_init = pl111_class_init,
-};
-
-static void pl110_register_types(void)
-{
- type_register_static(&pl110_info);
- type_register_static(&pl110_versatile_info);
- type_register_static(&pl111_info);
-}
-
-type_init(pl110_register_types)
diff --git a/hw/pl181.c b/hw/pl181.c
deleted file mode 100644
index 8a2895ce1..000000000
--- a/hw/pl181.c
+++ /dev/null
@@ -1,515 +0,0 @@
-/*
- * Arm PrimeCell PL181 MultiMedia Card Interface
- *
- * Copyright (c) 2007 CodeSourcery.
- * Written by Paul Brook
- *
- * This code is licensed under the GPL.
- */
-
-#include "blockdev.h"
-#include "sysbus.h"
-#include "sd.h"
-
-//#define DEBUG_PL181 1
-
-#ifdef DEBUG_PL181
-#define DPRINTF(fmt, ...) \
-do { printf("pl181: " fmt , ## __VA_ARGS__); } while (0)
-#else
-#define DPRINTF(fmt, ...) do {} while(0)
-#endif
-
-#define PL181_FIFO_LEN 16
-
-typedef struct {
- SysBusDevice busdev;
- MemoryRegion iomem;
- SDState *card;
- uint32_t clock;
- uint32_t power;
- uint32_t cmdarg;
- uint32_t cmd;
- uint32_t datatimer;
- uint32_t datalength;
- uint32_t respcmd;
- uint32_t response[4];
- uint32_t datactrl;
- uint32_t datacnt;
- uint32_t status;
- uint32_t mask[2];
- int32_t fifo_pos;
- int32_t fifo_len;
- /* The linux 2.6.21 driver is buggy, and misbehaves if new data arrives
- while it is reading the FIFO. We hack around this be defering
- subsequent transfers until after the driver polls the status word.
- http://www.arm.linux.org.uk/developer/patches/viewpatch.php?id=4446/1
- */
- int32_t linux_hack;
- uint32_t fifo[PL181_FIFO_LEN];
- qemu_irq irq[2];
- /* GPIO outputs for 'card is readonly' and 'card inserted' */
- qemu_irq cardstatus[2];
-} pl181_state;
-
-static const VMStateDescription vmstate_pl181 = {
- .name = "pl181",
- .version_id = 1,
- .minimum_version_id = 1,
- .fields = (VMStateField[]) {
- VMSTATE_UINT32(clock, pl181_state),
- VMSTATE_UINT32(power, pl181_state),
- VMSTATE_UINT32(cmdarg, pl181_state),
- VMSTATE_UINT32(cmd, pl181_state),
- VMSTATE_UINT32(datatimer, pl181_state),
- VMSTATE_UINT32(datalength, pl181_state),
- VMSTATE_UINT32(respcmd, pl181_state),
- VMSTATE_UINT32_ARRAY(response, pl181_state, 4),
- VMSTATE_UINT32(datactrl, pl181_state),
- VMSTATE_UINT32(datacnt, pl181_state),
- VMSTATE_UINT32(status, pl181_state),
- VMSTATE_UINT32_ARRAY(mask, pl181_state, 2),
- VMSTATE_INT32(fifo_pos, pl181_state),
- VMSTATE_INT32(fifo_len, pl181_state),
- VMSTATE_INT32(linux_hack, pl181_state),
- VMSTATE_UINT32_ARRAY(fifo, pl181_state, PL181_FIFO_LEN),
- VMSTATE_END_OF_LIST()
- }
-};
-
-#define PL181_CMD_INDEX 0x3f
-#define PL181_CMD_RESPONSE (1 << 6)
-#define PL181_CMD_LONGRESP (1 << 7)
-#define PL181_CMD_INTERRUPT (1 << 8)
-#define PL181_CMD_PENDING (1 << 9)
-#define PL181_CMD_ENABLE (1 << 10)
-
-#define PL181_DATA_ENABLE (1 << 0)
-#define PL181_DATA_DIRECTION (1 << 1)
-#define PL181_DATA_MODE (1 << 2)
-#define PL181_DATA_DMAENABLE (1 << 3)
-
-#define PL181_STATUS_CMDCRCFAIL (1 << 0)
-#define PL181_STATUS_DATACRCFAIL (1 << 1)
-#define PL181_STATUS_CMDTIMEOUT (1 << 2)
-#define PL181_STATUS_DATATIMEOUT (1 << 3)
-#define PL181_STATUS_TXUNDERRUN (1 << 4)
-#define PL181_STATUS_RXOVERRUN (1 << 5)
-#define PL181_STATUS_CMDRESPEND (1 << 6)
-#define PL181_STATUS_CMDSENT (1 << 7)
-#define PL181_STATUS_DATAEND (1 << 8)
-#define PL181_STATUS_DATABLOCKEND (1 << 10)
-#define PL181_STATUS_CMDACTIVE (1 << 11)
-#define PL181_STATUS_TXACTIVE (1 << 12)
-#define PL181_STATUS_RXACTIVE (1 << 13)
-#define PL181_STATUS_TXFIFOHALFEMPTY (1 << 14)
-#define PL181_STATUS_RXFIFOHALFFULL (1 << 15)
-#define PL181_STATUS_TXFIFOFULL (1 << 16)
-#define PL181_STATUS_RXFIFOFULL (1 << 17)
-#define PL181_STATUS_TXFIFOEMPTY (1 << 18)
-#define PL181_STATUS_RXFIFOEMPTY (1 << 19)
-#define PL181_STATUS_TXDATAAVLBL (1 << 20)
-#define PL181_STATUS_RXDATAAVLBL (1 << 21)
-
-#define PL181_STATUS_TX_FIFO (PL181_STATUS_TXACTIVE \
- |PL181_STATUS_TXFIFOHALFEMPTY \
- |PL181_STATUS_TXFIFOFULL \
- |PL181_STATUS_TXFIFOEMPTY \
- |PL181_STATUS_TXDATAAVLBL)
-#define PL181_STATUS_RX_FIFO (PL181_STATUS_RXACTIVE \
- |PL181_STATUS_RXFIFOHALFFULL \
- |PL181_STATUS_RXFIFOFULL \
- |PL181_STATUS_RXFIFOEMPTY \
- |PL181_STATUS_RXDATAAVLBL)
-
-static const unsigned char pl181_id[] =
-{ 0x81, 0x11, 0x04, 0x00, 0x0d, 0xf0, 0x05, 0xb1 };
-
-static void pl181_update(pl181_state *s)
-{
- int i;
- for (i = 0; i < 2; i++) {
- qemu_set_irq(s->irq[i], (s->status & s->mask[i]) != 0);
- }
-}
-
-static void pl181_fifo_push(pl181_state *s, uint32_t value)
-{
- int n;
-
- if (s->fifo_len == PL181_FIFO_LEN) {
- fprintf(stderr, "pl181: FIFO overflow\n");
- return;
- }
- n = (s->fifo_pos + s->fifo_len) & (PL181_FIFO_LEN - 1);
- s->fifo_len++;
- s->fifo[n] = value;
- DPRINTF("FIFO push %08x\n", (int)value);
-}
-
-static uint32_t pl181_fifo_pop(pl181_state *s)
-{
- uint32_t value;
-
- if (s->fifo_len == 0) {
- fprintf(stderr, "pl181: FIFO underflow\n");
- return 0;
- }
- value = s->fifo[s->fifo_pos];
- s->fifo_len--;
- s->fifo_pos = (s->fifo_pos + 1) & (PL181_FIFO_LEN - 1);
- DPRINTF("FIFO pop %08x\n", (int)value);
- return value;
-}
-
-static void pl181_send_command(pl181_state *s)
-{
- SDRequest request;
- uint8_t response[16];
- int rlen;
-
- request.cmd = s->cmd & PL181_CMD_INDEX;
- request.arg = s->cmdarg;
- DPRINTF("Command %d %08x\n", request.cmd, request.arg);
- rlen = sd_do_command(s->card, &request, response);
- if (rlen < 0)
- goto error;
- if (s->cmd & PL181_CMD_RESPONSE) {
-#define RWORD(n) ((response[n] << 24) | (response[n + 1] << 16) \
- | (response[n + 2] << 8) | response[n + 3])
- if (rlen == 0 || (rlen == 4 && (s->cmd & PL181_CMD_LONGRESP)))
- goto error;
- if (rlen != 4 && rlen != 16)
- goto error;
- s->response[0] = RWORD(0);
- if (rlen == 4) {
- s->response[1] = s->response[2] = s->response[3] = 0;
- } else {
- s->response[1] = RWORD(4);
- s->response[2] = RWORD(8);
- s->response[3] = RWORD(12) & ~1;
- }
- DPRINTF("Response received\n");
- s->status |= PL181_STATUS_CMDRESPEND;
-#undef RWORD
- } else {
- DPRINTF("Command sent\n");
- s->status |= PL181_STATUS_CMDSENT;
- }
- return;
-
-error:
- DPRINTF("Timeout\n");
- s->status |= PL181_STATUS_CMDTIMEOUT;
-}
-
-/* Transfer data between the card and the FIFO. This is complicated by
- the FIFO holding 32-bit words and the card taking data in single byte
- chunks. FIFO bytes are transferred in little-endian order. */
-
-static void pl181_fifo_run(pl181_state *s)
-{
- uint32_t bits;
- uint32_t value = 0;
- int n;
- int is_read;
-
- is_read = (s->datactrl & PL181_DATA_DIRECTION) != 0;
- if (s->datacnt != 0 && (!is_read || sd_data_ready(s->card))
- && !s->linux_hack) {
- if (is_read) {
- n = 0;
- while (s->datacnt && s->fifo_len < PL181_FIFO_LEN) {
- value |= (uint32_t)sd_read_data(s->card) << (n * 8);
- s->datacnt--;
- n++;
- if (n == 4) {
- pl181_fifo_push(s, value);
- n = 0;
- value = 0;
- }
- }
- if (n != 0) {
- pl181_fifo_push(s, value);
- }
- } else { /* write */
- n = 0;
- while (s->datacnt > 0 && (s->fifo_len > 0 || n > 0)) {
- if (n == 0) {
- value = pl181_fifo_pop(s);
- n = 4;
- }
- n--;
- s->datacnt--;
- sd_write_data(s->card, value & 0xff);
- value >>= 8;
- }
- }
- }
- s->status &= ~(PL181_STATUS_RX_FIFO | PL181_STATUS_TX_FIFO);
- if (s->datacnt == 0) {
- s->status |= PL181_STATUS_DATAEND;
- /* HACK: */
- s->status |= PL181_STATUS_DATABLOCKEND;
- DPRINTF("Transfer Complete\n");
- }
- if (s->datacnt == 0 && s->fifo_len == 0) {
- s->datactrl &= ~PL181_DATA_ENABLE;
- DPRINTF("Data engine idle\n");
- } else {
- /* Update FIFO bits. */
- bits = PL181_STATUS_TXACTIVE | PL181_STATUS_RXACTIVE;
- if (s->fifo_len == 0) {
- bits |= PL181_STATUS_TXFIFOEMPTY;
- bits |= PL181_STATUS_RXFIFOEMPTY;
- } else {
- bits |= PL181_STATUS_TXDATAAVLBL;
- bits |= PL181_STATUS_RXDATAAVLBL;
- }
- if (s->fifo_len == 16) {
- bits |= PL181_STATUS_TXFIFOFULL;
- bits |= PL181_STATUS_RXFIFOFULL;
- }
- if (s->fifo_len <= 8) {
- bits |= PL181_STATUS_TXFIFOHALFEMPTY;
- }
- if (s->fifo_len >= 8) {
- bits |= PL181_STATUS_RXFIFOHALFFULL;
- }
- if (s->datactrl & PL181_DATA_DIRECTION) {
- bits &= PL181_STATUS_RX_FIFO;
- } else {
- bits &= PL181_STATUS_TX_FIFO;
- }
- s->status |= bits;
- }
-}
-
-static uint64_t pl181_read(void *opaque, hwaddr offset,
- unsigned size)
-{
- pl181_state *s = (pl181_state *)opaque;
- uint32_t tmp;
-
- if (offset >= 0xfe0 && offset < 0x1000) {
- return pl181_id[(offset - 0xfe0) >> 2];
- }
- switch (offset) {
- case 0x00: /* Power */
- return s->power;
- case 0x04: /* Clock */
- return s->clock;
- case 0x08: /* Argument */
- return s->cmdarg;
- case 0x0c: /* Command */
- return s->cmd;
- case 0x10: /* RespCmd */
- return s->respcmd;
- case 0x14: /* Response0 */
- return s->response[0];
- case 0x18: /* Response1 */
- return s->response[1];
- case 0x1c: /* Response2 */
- return s->response[2];
- case 0x20: /* Response3 */
- return s->response[3];
- case 0x24: /* DataTimer */
- return s->datatimer;
- case 0x28: /* DataLength */
- return s->datalength;
- case 0x2c: /* DataCtrl */
- return s->datactrl;
- case 0x30: /* DataCnt */
- return s->datacnt;
- case 0x34: /* Status */
- tmp = s->status;
- if (s->linux_hack) {
- s->linux_hack = 0;
- pl181_fifo_run(s);
- pl181_update(s);
- }
- return tmp;
- case 0x3c: /* Mask0 */
- return s->mask[0];
- case 0x40: /* Mask1 */
- return s->mask[1];
- case 0x48: /* FifoCnt */
- /* The documentation is somewhat vague about exactly what FifoCnt
- does. On real hardware it appears to be when decrememnted
- when a word is transferred between the FIFO and the serial
- data engine. DataCnt is decremented after each byte is
- transferred between the serial engine and the card.
- We don't emulate this level of detail, so both can be the same. */
- tmp = (s->datacnt + 3) >> 2;
- if (s->linux_hack) {
- s->linux_hack = 0;
- pl181_fifo_run(s);
- pl181_update(s);
- }
- return tmp;
- case 0x80: case 0x84: case 0x88: case 0x8c: /* FifoData */
- case 0x90: case 0x94: case 0x98: case 0x9c:
- case 0xa0: case 0xa4: case 0xa8: case 0xac:
- case 0xb0: case 0xb4: case 0xb8: case 0xbc:
- if (s->fifo_len == 0) {
- qemu_log_mask(LOG_GUEST_ERROR, "pl181: Unexpected FIFO read\n");
- return 0;
- } else {
- uint32_t value;
- value = pl181_fifo_pop(s);
- s->linux_hack = 1;
- pl181_fifo_run(s);
- pl181_update(s);
- return value;
- }
- default:
- qemu_log_mask(LOG_GUEST_ERROR,
- "pl181_read: Bad offset %x\n", (int)offset);
- return 0;
- }
-}
-
-static void pl181_write(void *opaque, hwaddr offset,
- uint64_t value, unsigned size)
-{
- pl181_state *s = (pl181_state *)opaque;
-
- switch (offset) {
- case 0x00: /* Power */
- s->power = value & 0xff;
- break;
- case 0x04: /* Clock */
- s->clock = value & 0xff;
- break;
- case 0x08: /* Argument */
- s->cmdarg = value;
- break;
- case 0x0c: /* Command */
- s->cmd = value;
- if (s->cmd & PL181_CMD_ENABLE) {
- if (s->cmd & PL181_CMD_INTERRUPT) {
- qemu_log_mask(LOG_UNIMP,
- "pl181: Interrupt mode not implemented\n");
- } if (s->cmd & PL181_CMD_PENDING) {
- qemu_log_mask(LOG_UNIMP,
- "pl181: Pending commands not implemented\n");
- } else {
- pl181_send_command(s);
- pl181_fifo_run(s);
- }
- /* The command has completed one way or the other. */
- s->cmd &= ~PL181_CMD_ENABLE;
- }
- break;
- case 0x24: /* DataTimer */
- s->datatimer = value;
- break;
- case 0x28: /* DataLength */
- s->datalength = value & 0xffff;
- break;
- case 0x2c: /* DataCtrl */
- s->datactrl = value & 0xff;
- if (value & PL181_DATA_ENABLE) {
- s->datacnt = s->datalength;
- pl181_fifo_run(s);
- }
- break;
- case 0x38: /* Clear */
- s->status &= ~(value & 0x7ff);
- break;
- case 0x3c: /* Mask0 */
- s->mask[0] = value;
- break;
- case 0x40: /* Mask1 */
- s->mask[1] = value;
- break;
- case 0x80: case 0x84: case 0x88: case 0x8c: /* FifoData */
- case 0x90: case 0x94: case 0x98: case 0x9c:
- case 0xa0: case 0xa4: case 0xa8: case 0xac:
- case 0xb0: case 0xb4: case 0xb8: case 0xbc:
- if (s->datacnt == 0) {
- qemu_log_mask(LOG_GUEST_ERROR, "pl181: Unexpected FIFO write\n");
- } else {
- pl181_fifo_push(s, value);
- pl181_fifo_run(s);
- }
- break;
- default:
- qemu_log_mask(LOG_GUEST_ERROR,
- "pl181_write: Bad offset %x\n", (int)offset);
- }
- pl181_update(s);
-}
-
-static const MemoryRegionOps pl181_ops = {
- .read = pl181_read,
- .write = pl181_write,
- .endianness = DEVICE_NATIVE_ENDIAN,
-};
-
-static void pl181_reset(DeviceState *d)
-{
- pl181_state *s = DO_UPCAST(pl181_state, busdev.qdev, d);
-
- s->power = 0;
- s->cmdarg = 0;
- s->cmd = 0;
- s->datatimer = 0;
- s->datalength = 0;
- s->respcmd = 0;
- s->response[0] = 0;
- s->response[1] = 0;
- s->response[2] = 0;
- s->response[3] = 0;
- s->datatimer = 0;
- s->datalength = 0;
- s->datactrl = 0;
- s->datacnt = 0;
- s->status = 0;
- s->linux_hack = 0;
- s->mask[0] = 0;
- s->mask[1] = 0;
-
- /* We can assume our GPIO outputs have been wired up now */
- sd_set_cb(s->card, s->cardstatus[0], s->cardstatus[1]);
-}
-
-static int pl181_init(SysBusDevice *dev)
-{
- pl181_state *s = FROM_SYSBUS(pl181_state, dev);
- DriveInfo *dinfo;
-
- memory_region_init_io(&s->iomem, &pl181_ops, s, "pl181", 0x1000);
- sysbus_init_mmio(dev, &s->iomem);
- sysbus_init_irq(dev, &s->irq[0]);
- sysbus_init_irq(dev, &s->irq[1]);
- qdev_init_gpio_out(&s->busdev.qdev, s->cardstatus, 2);
- dinfo = drive_get_next(IF_SD);
- s->card = sd_init(dinfo ? dinfo->bdrv : NULL, 0);
- return 0;
-}
-
-static void pl181_class_init(ObjectClass *klass, void *data)
-{
- SysBusDeviceClass *sdc = SYS_BUS_DEVICE_CLASS(klass);
- DeviceClass *k = DEVICE_CLASS(klass);
-
- sdc->init = pl181_init;
- k->vmsd = &vmstate_pl181;
- k->reset = pl181_reset;
- k->no_user = 1;
-}
-
-static TypeInfo pl181_info = {
- .name = "pl181",
- .parent = TYPE_SYS_BUS_DEVICE,
- .instance_size = sizeof(pl181_state),
- .class_init = pl181_class_init,
-};
-
-static void pl181_register_types(void)
-{
- type_register_static(&pl181_info);
-}
-
-type_init(pl181_register_types)
diff --git a/hw/pl190.c b/hw/pl190.c
deleted file mode 100644
index 40199302a..000000000
--- a/hw/pl190.c
+++ /dev/null
@@ -1,289 +0,0 @@
-/*
- * Arm PrimeCell PL190 Vector Interrupt Controller
- *
- * Copyright (c) 2006 CodeSourcery.
- * Written by Paul Brook
- *
- * This code is licensed under the GPL.
- */
-
-#include "sysbus.h"
-
-/* The number of virtual priority levels. 16 user vectors plus the
- unvectored IRQ. Chained interrupts would require an additional level
- if implemented. */
-
-#define PL190_NUM_PRIO 17
-
-typedef struct {
- SysBusDevice busdev;
- MemoryRegion iomem;
- uint32_t level;
- uint32_t soft_level;
- uint32_t irq_enable;
- uint32_t fiq_select;
- uint8_t vect_control[16];
- uint32_t vect_addr[PL190_NUM_PRIO];
- /* Mask containing interrupts with higher priority than this one. */
- uint32_t prio_mask[PL190_NUM_PRIO + 1];
- int protected;
- /* Current priority level. */
- int priority;
- int prev_prio[PL190_NUM_PRIO];
- qemu_irq irq;
- qemu_irq fiq;
-} pl190_state;
-
-static const unsigned char pl190_id[] =
-{ 0x90, 0x11, 0x04, 0x00, 0x0D, 0xf0, 0x05, 0xb1 };
-
-static inline uint32_t pl190_irq_level(pl190_state *s)
-{
- return (s->level | s->soft_level) & s->irq_enable & ~s->fiq_select;
-}
-
-/* Update interrupts. */
-static void pl190_update(pl190_state *s)
-{
- uint32_t level = pl190_irq_level(s);
- int set;
-
- set = (level & s->prio_mask[s->priority]) != 0;
- qemu_set_irq(s->irq, set);
- set = ((s->level | s->soft_level) & s->fiq_select) != 0;
- qemu_set_irq(s->fiq, set);
-}
-
-static void pl190_set_irq(void *opaque, int irq, int level)
-{
- pl190_state *s = (pl190_state *)opaque;
-
- if (level)
- s->level |= 1u << irq;
- else
- s->level &= ~(1u << irq);
- pl190_update(s);
-}
-
-static void pl190_update_vectors(pl190_state *s)
-{
- uint32_t mask;
- int i;
- int n;
-
- mask = 0;
- for (i = 0; i < 16; i++)
- {
- s->prio_mask[i] = mask;
- if (s->vect_control[i] & 0x20)
- {
- n = s->vect_control[i] & 0x1f;
- mask |= 1 << n;
- }
- }
- s->prio_mask[16] = mask;
- pl190_update(s);
-}
-
-static uint64_t pl190_read(void *opaque, hwaddr offset,
- unsigned size)
-{
- pl190_state *s = (pl190_state *)opaque;
- int i;
-
- if (offset >= 0xfe0 && offset < 0x1000) {
- return pl190_id[(offset - 0xfe0) >> 2];
- }
- if (offset >= 0x100 && offset < 0x140) {
- return s->vect_addr[(offset - 0x100) >> 2];
- }
- if (offset >= 0x200 && offset < 0x240) {
- return s->vect_control[(offset - 0x200) >> 2];
- }
- switch (offset >> 2) {
- case 0: /* IRQSTATUS */
- return pl190_irq_level(s);
- case 1: /* FIQSATUS */
- return (s->level | s->soft_level) & s->fiq_select;
- case 2: /* RAWINTR */
- return s->level | s->soft_level;
- case 3: /* INTSELECT */
- return s->fiq_select;
- case 4: /* INTENABLE */
- return s->irq_enable;
- case 6: /* SOFTINT */
- return s->soft_level;
- case 8: /* PROTECTION */
- return s->protected;
- case 12: /* VECTADDR */
- /* Read vector address at the start of an ISR. Increases the
- * current priority level to that of the current interrupt.
- *
- * Since an enabled interrupt X at priority P causes prio_mask[Y]
- * to have bit X set for all Y > P, this loop will stop with
- * i == the priority of the highest priority set interrupt.
- */
- for (i = 0; i < s->priority; i++) {
- if ((s->level | s->soft_level) & s->prio_mask[i + 1]) {
- break;
- }
- }
-
- /* Reading this value with no pending interrupts is undefined.
- We return the default address. */
- if (i == PL190_NUM_PRIO)
- return s->vect_addr[16];
- if (i < s->priority)
- {
- s->prev_prio[i] = s->priority;
- s->priority = i;
- pl190_update(s);
- }
- return s->vect_addr[s->priority];
- case 13: /* DEFVECTADDR */
- return s->vect_addr[16];
- default:
- qemu_log_mask(LOG_GUEST_ERROR,
- "pl190_read: Bad offset %x\n", (int)offset);
- return 0;
- }
-}
-
-static void pl190_write(void *opaque, hwaddr offset,
- uint64_t val, unsigned size)
-{
- pl190_state *s = (pl190_state *)opaque;
-
- if (offset >= 0x100 && offset < 0x140) {
- s->vect_addr[(offset - 0x100) >> 2] = val;
- pl190_update_vectors(s);
- return;
- }
- if (offset >= 0x200 && offset < 0x240) {
- s->vect_control[(offset - 0x200) >> 2] = val;
- pl190_update_vectors(s);
- return;
- }
- switch (offset >> 2) {
- case 0: /* SELECT */
- /* This is a readonly register, but linux tries to write to it
- anyway. Ignore the write. */
- break;
- case 3: /* INTSELECT */
- s->fiq_select = val;
- break;
- case 4: /* INTENABLE */
- s->irq_enable |= val;
- break;
- case 5: /* INTENCLEAR */
- s->irq_enable &= ~val;
- break;
- case 6: /* SOFTINT */
- s->soft_level |= val;
- break;
- case 7: /* SOFTINTCLEAR */
- s->soft_level &= ~val;
- break;
- case 8: /* PROTECTION */
- /* TODO: Protection (supervisor only access) is not implemented. */
- s->protected = val & 1;
- break;
- case 12: /* VECTADDR */
- /* Restore the previous priority level. The value written is
- ignored. */
- if (s->priority < PL190_NUM_PRIO)
- s->priority = s->prev_prio[s->priority];
- break;
- case 13: /* DEFVECTADDR */
- s->vect_addr[16] = val;
- break;
- case 0xc0: /* ITCR */
- if (val) {
- qemu_log_mask(LOG_UNIMP, "pl190: Test mode not implemented\n");
- }
- break;
- default:
- qemu_log_mask(LOG_GUEST_ERROR,
- "pl190_write: Bad offset %x\n", (int)offset);
- return;
- }
- pl190_update(s);
-}
-
-static const MemoryRegionOps pl190_ops = {
- .read = pl190_read,
- .write = pl190_write,
- .endianness = DEVICE_NATIVE_ENDIAN,
-};
-
-static void pl190_reset(DeviceState *d)
-{
- pl190_state *s = DO_UPCAST(pl190_state, busdev.qdev, d);
- int i;
-
- for (i = 0; i < 16; i++)
- {
- s->vect_addr[i] = 0;
- s->vect_control[i] = 0;
- }
- s->vect_addr[16] = 0;
- s->prio_mask[17] = 0xffffffff;
- s->priority = PL190_NUM_PRIO;
- pl190_update_vectors(s);
-}
-
-static int pl190_init(SysBusDevice *dev)
-{
- pl190_state *s = FROM_SYSBUS(pl190_state, dev);
-
- memory_region_init_io(&s->iomem, &pl190_ops, s, "pl190", 0x1000);
- sysbus_init_mmio(dev, &s->iomem);
- qdev_init_gpio_in(&dev->qdev, pl190_set_irq, 32);
- sysbus_init_irq(dev, &s->irq);
- sysbus_init_irq(dev, &s->fiq);
- return 0;
-}
-
-static const VMStateDescription vmstate_pl190 = {
- .name = "pl190",
- .version_id = 1,
- .minimum_version_id = 1,
- .fields = (VMStateField[]) {
- VMSTATE_UINT32(level, pl190_state),
- VMSTATE_UINT32(soft_level, pl190_state),
- VMSTATE_UINT32(irq_enable, pl190_state),
- VMSTATE_UINT32(fiq_select, pl190_state),
- VMSTATE_UINT8_ARRAY(vect_control, pl190_state, 16),
- VMSTATE_UINT32_ARRAY(vect_addr, pl190_state, PL190_NUM_PRIO),
- VMSTATE_UINT32_ARRAY(prio_mask, pl190_state, PL190_NUM_PRIO+1),
- VMSTATE_INT32(protected, pl190_state),
- VMSTATE_INT32(priority, pl190_state),
- VMSTATE_INT32_ARRAY(prev_prio, pl190_state, PL190_NUM_PRIO),
- VMSTATE_END_OF_LIST()
- }
-};
-
-static void pl190_class_init(ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS(klass);
- SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
-
- k->init = pl190_init;
- dc->no_user = 1;
- dc->reset = pl190_reset;
- dc->vmsd = &vmstate_pl190;
-}
-
-static TypeInfo pl190_info = {
- .name = "pl190",
- .parent = TYPE_SYS_BUS_DEVICE,
- .instance_size = sizeof(pl190_state),
- .class_init = pl190_class_init,
-};
-
-static void pl190_register_types(void)
-{
- type_register_static(&pl190_info);
-}
-
-type_init(pl190_register_types)
diff --git a/hw/pm_smbus.c b/hw/pm_smbus.c
deleted file mode 100644
index 5d6046de5..000000000
--- a/hw/pm_smbus.c
+++ /dev/null
@@ -1,176 +0,0 @@
-/*
- * PC SMBus implementation
- * splitted from acpi.c
- *
- * Copyright (c) 2006 Fabrice Bellard
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License version 2 as published by the Free Software Foundation.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, see
- * <http://www.gnu.org/licenses/>.
- */
-#include "hw.h"
-#include "pc.h"
-#include "pm_smbus.h"
-#include "smbus.h"
-
-/* no save/load? */
-
-#define SMBHSTSTS 0x00
-#define SMBHSTCNT 0x02
-#define SMBHSTCMD 0x03
-#define SMBHSTADD 0x04
-#define SMBHSTDAT0 0x05
-#define SMBHSTDAT1 0x06
-#define SMBBLKDAT 0x07
-
-//#define DEBUG
-
-#ifdef DEBUG
-# define SMBUS_DPRINTF(format, ...) printf(format, ## __VA_ARGS__)
-#else
-# define SMBUS_DPRINTF(format, ...) do { } while (0)
-#endif
-
-
-static void smb_transaction(PMSMBus *s)
-{
- uint8_t prot = (s->smb_ctl >> 2) & 0x07;
- uint8_t read = s->smb_addr & 0x01;
- uint8_t cmd = s->smb_cmd;
- uint8_t addr = s->smb_addr >> 1;
- i2c_bus *bus = s->smbus;
-
- SMBUS_DPRINTF("SMBus trans addr=0x%02x prot=0x%02x\n", addr, prot);
- switch(prot) {
- case 0x0:
- smbus_quick_command(bus, addr, read);
- break;
- case 0x1:
- if (read) {
- s->smb_data0 = smbus_receive_byte(bus, addr);
- } else {
- smbus_send_byte(bus, addr, cmd);
- }
- break;
- case 0x2:
- if (read) {
- s->smb_data0 = smbus_read_byte(bus, addr, cmd);
- } else {
- smbus_write_byte(bus, addr, cmd, s->smb_data0);
- }
- break;
- case 0x3:
- if (read) {
- uint16_t val;
- val = smbus_read_word(bus, addr, cmd);
- s->smb_data0 = val;
- s->smb_data1 = val >> 8;
- } else {
- smbus_write_word(bus, addr, cmd, (s->smb_data1 << 8) | s->smb_data0);
- }
- break;
- case 0x5:
- if (read) {
- s->smb_data0 = smbus_read_block(bus, addr, cmd, s->smb_data);
- } else {
- smbus_write_block(bus, addr, cmd, s->smb_data, s->smb_data0);
- }
- break;
- default:
- goto error;
- }
- return;
-
- error:
- s->smb_stat |= 0x04;
-}
-
-void smb_ioport_writeb(void *opaque, uint32_t addr, uint32_t val)
-{
- PMSMBus *s = opaque;
- addr &= 0x3f;
- SMBUS_DPRINTF("SMB writeb port=0x%04x val=0x%02x\n", addr, val);
- switch(addr) {
- case SMBHSTSTS:
- s->smb_stat = 0;
- s->smb_index = 0;
- break;
- case SMBHSTCNT:
- s->smb_ctl = val;
- if (val & 0x40)
- smb_transaction(s);
- break;
- case SMBHSTCMD:
- s->smb_cmd = val;
- break;
- case SMBHSTADD:
- s->smb_addr = val;
- break;
- case SMBHSTDAT0:
- s->smb_data0 = val;
- break;
- case SMBHSTDAT1:
- s->smb_data1 = val;
- break;
- case SMBBLKDAT:
- s->smb_data[s->smb_index++] = val;
- if (s->smb_index > 31)
- s->smb_index = 0;
- break;
- default:
- break;
- }
-}
-
-uint32_t smb_ioport_readb(void *opaque, uint32_t addr)
-{
- PMSMBus *s = opaque;
- uint32_t val;
-
- addr &= 0x3f;
- switch(addr) {
- case SMBHSTSTS:
- val = s->smb_stat;
- break;
- case SMBHSTCNT:
- s->smb_index = 0;
- val = s->smb_ctl & 0x1f;
- break;
- case SMBHSTCMD:
- val = s->smb_cmd;
- break;
- case SMBHSTADD:
- val = s->smb_addr;
- break;
- case SMBHSTDAT0:
- val = s->smb_data0;
- break;
- case SMBHSTDAT1:
- val = s->smb_data1;
- break;
- case SMBBLKDAT:
- val = s->smb_data[s->smb_index++];
- if (s->smb_index > 31)
- s->smb_index = 0;
- break;
- default:
- val = 0;
- break;
- }
- SMBUS_DPRINTF("SMB readb port=0x%04x val=0x%02x\n", addr, val);
- return val;
-}
-
-void pm_smbus_init(DeviceState *parent, PMSMBus *smb)
-{
- smb->smbus = i2c_init_bus(parent, "i2c");
-}
diff --git a/hw/pm_smbus.h b/hw/pm_smbus.h
deleted file mode 100644
index 4750a409f..000000000
--- a/hw/pm_smbus.h
+++ /dev/null
@@ -1,21 +0,0 @@
-#ifndef PM_SMBUS_H
-#define PM_SMBUS_H
-
-typedef struct PMSMBus {
- i2c_bus *smbus;
-
- uint8_t smb_stat;
- uint8_t smb_ctl;
- uint8_t smb_cmd;
- uint8_t smb_addr;
- uint8_t smb_data0;
- uint8_t smb_data1;
- uint8_t smb_data[32];
- uint8_t smb_index;
-} PMSMBus;
-
-void pm_smbus_init(DeviceState *parent, PMSMBus *smb);
-void smb_ioport_writeb(void *opaque, uint32_t addr, uint32_t val);
-uint32_t smb_ioport_readb(void *opaque, uint32_t addr);
-
-#endif /* !PM_SMBUS_H */
diff --git a/hw/ppc.c b/hw/ppc.c
deleted file mode 100644
index 11fd199ea..000000000
--- a/hw/ppc.c
+++ /dev/null
@@ -1,1317 +0,0 @@
-/*
- * QEMU generic PowerPC hardware System Emulator
- *
- * Copyright (c) 2003-2007 Jocelyn Mayer
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
- * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
- * THE SOFTWARE.
- */
-#include "hw.h"
-#include "ppc.h"
-#include "qemu-timer.h"
-#include "sysemu.h"
-#include "nvram.h"
-#include "qemu-log.h"
-#include "loader.h"
-#include "kvm.h"
-#include "kvm_ppc.h"
-
-//#define PPC_DEBUG_IRQ
-//#define PPC_DEBUG_TB
-
-#ifdef PPC_DEBUG_IRQ
-# define LOG_IRQ(...) qemu_log_mask(CPU_LOG_INT, ## __VA_ARGS__)
-#else
-# define LOG_IRQ(...) do { } while (0)
-#endif
-
-
-#ifdef PPC_DEBUG_TB
-# define LOG_TB(...) qemu_log(__VA_ARGS__)
-#else
-# define LOG_TB(...) do { } while (0)
-#endif
-
-static void cpu_ppc_tb_stop (CPUPPCState *env);
-static void cpu_ppc_tb_start (CPUPPCState *env);
-
-void ppc_set_irq(CPUPPCState *env, int n_IRQ, int level)
-{
- unsigned int old_pending = env->pending_interrupts;
-
- if (level) {
- env->pending_interrupts |= 1 << n_IRQ;
- cpu_interrupt(env, CPU_INTERRUPT_HARD);
- } else {
- env->pending_interrupts &= ~(1 << n_IRQ);
- if (env->pending_interrupts == 0)
- cpu_reset_interrupt(env, CPU_INTERRUPT_HARD);
- }
-
- if (old_pending != env->pending_interrupts) {
-#ifdef CONFIG_KVM
- kvmppc_set_interrupt(env, n_IRQ, level);
-#endif
- }
-
- LOG_IRQ("%s: %p n_IRQ %d level %d => pending %08" PRIx32
- "req %08x\n", __func__, env, n_IRQ, level,
- env->pending_interrupts, env->interrupt_request);
-}
-
-/* PowerPC 6xx / 7xx internal IRQ controller */
-static void ppc6xx_set_irq(void *opaque, int pin, int level)
-{
- PowerPCCPU *cpu = opaque;
- CPUPPCState *env = &cpu->env;
- int cur_level;
-
- LOG_IRQ("%s: env %p pin %d level %d\n", __func__,
- env, pin, level);
- cur_level = (env->irq_input_state >> pin) & 1;
- /* Don't generate spurious events */
- if ((cur_level == 1 && level == 0) || (cur_level == 0 && level != 0)) {
- switch (pin) {
- case PPC6xx_INPUT_TBEN:
- /* Level sensitive - active high */
- LOG_IRQ("%s: %s the time base\n",
- __func__, level ? "start" : "stop");
- if (level) {
- cpu_ppc_tb_start(env);
- } else {
- cpu_ppc_tb_stop(env);
- }
- case PPC6xx_INPUT_INT:
- /* Level sensitive - active high */
- LOG_IRQ("%s: set the external IRQ state to %d\n",
- __func__, level);
- ppc_set_irq(env, PPC_INTERRUPT_EXT, level);
- break;
- case PPC6xx_INPUT_SMI:
- /* Level sensitive - active high */
- LOG_IRQ("%s: set the SMI IRQ state to %d\n",
- __func__, level);
- ppc_set_irq(env, PPC_INTERRUPT_SMI, level);
- break;
- case PPC6xx_INPUT_MCP:
- /* Negative edge sensitive */
- /* XXX: TODO: actual reaction may depends on HID0 status
- * 603/604/740/750: check HID0[EMCP]
- */
- if (cur_level == 1 && level == 0) {
- LOG_IRQ("%s: raise machine check state\n",
- __func__);
- ppc_set_irq(env, PPC_INTERRUPT_MCK, 1);
- }
- break;
- case PPC6xx_INPUT_CKSTP_IN:
- /* Level sensitive - active low */
- /* XXX: TODO: relay the signal to CKSTP_OUT pin */
- /* XXX: Note that the only way to restart the CPU is to reset it */
- if (level) {
- LOG_IRQ("%s: stop the CPU\n", __func__);
- env->halted = 1;
- }
- break;
- case PPC6xx_INPUT_HRESET:
- /* Level sensitive - active low */
- if (level) {
- LOG_IRQ("%s: reset the CPU\n", __func__);
- cpu_interrupt(env, CPU_INTERRUPT_RESET);
- }
- break;
- case PPC6xx_INPUT_SRESET:
- LOG_IRQ("%s: set the RESET IRQ state to %d\n",
- __func__, level);
- ppc_set_irq(env, PPC_INTERRUPT_RESET, level);
- break;
- default:
- /* Unknown pin - do nothing */
- LOG_IRQ("%s: unknown IRQ pin %d\n", __func__, pin);
- return;
- }
- if (level)
- env->irq_input_state |= 1 << pin;
- else
- env->irq_input_state &= ~(1 << pin);
- }
-}
-
-void ppc6xx_irq_init(CPUPPCState *env)
-{
- PowerPCCPU *cpu = ppc_env_get_cpu(env);
-
- env->irq_inputs = (void **)qemu_allocate_irqs(&ppc6xx_set_irq, cpu,
- PPC6xx_INPUT_NB);
-}
-
-#if defined(TARGET_PPC64)
-/* PowerPC 970 internal IRQ controller */
-static void ppc970_set_irq(void *opaque, int pin, int level)
-{
- PowerPCCPU *cpu = opaque;
- CPUPPCState *env = &cpu->env;
- int cur_level;
-
- LOG_IRQ("%s: env %p pin %d level %d\n", __func__,
- env, pin, level);
- cur_level = (env->irq_input_state >> pin) & 1;
- /* Don't generate spurious events */
- if ((cur_level == 1 && level == 0) || (cur_level == 0 && level != 0)) {
- switch (pin) {
- case PPC970_INPUT_INT:
- /* Level sensitive - active high */
- LOG_IRQ("%s: set the external IRQ state to %d\n",
- __func__, level);
- ppc_set_irq(env, PPC_INTERRUPT_EXT, level);
- break;
- case PPC970_INPUT_THINT:
- /* Level sensitive - active high */
- LOG_IRQ("%s: set the SMI IRQ state to %d\n", __func__,
- level);
- ppc_set_irq(env, PPC_INTERRUPT_THERM, level);
- break;
- case PPC970_INPUT_MCP:
- /* Negative edge sensitive */
- /* XXX: TODO: actual reaction may depends on HID0 status
- * 603/604/740/750: check HID0[EMCP]
- */
- if (cur_level == 1 && level == 0) {
- LOG_IRQ("%s: raise machine check state\n",
- __func__);
- ppc_set_irq(env, PPC_INTERRUPT_MCK, 1);
- }
- break;
- case PPC970_INPUT_CKSTP:
- /* Level sensitive - active low */
- /* XXX: TODO: relay the signal to CKSTP_OUT pin */
- if (level) {
- LOG_IRQ("%s: stop the CPU\n", __func__);
- env->halted = 1;
- } else {
- LOG_IRQ("%s: restart the CPU\n", __func__);
- env->halted = 0;
- qemu_cpu_kick(CPU(cpu));
- }
- break;
- case PPC970_INPUT_HRESET:
- /* Level sensitive - active low */
- if (level) {
- cpu_interrupt(env, CPU_INTERRUPT_RESET);
- }
- break;
- case PPC970_INPUT_SRESET:
- LOG_IRQ("%s: set the RESET IRQ state to %d\n",
- __func__, level);
- ppc_set_irq(env, PPC_INTERRUPT_RESET, level);
- break;
- case PPC970_INPUT_TBEN:
- LOG_IRQ("%s: set the TBEN state to %d\n", __func__,
- level);
- /* XXX: TODO */
- break;
- default:
- /* Unknown pin - do nothing */
- LOG_IRQ("%s: unknown IRQ pin %d\n", __func__, pin);
- return;
- }
- if (level)
- env->irq_input_state |= 1 << pin;
- else
- env->irq_input_state &= ~(1 << pin);
- }
-}
-
-void ppc970_irq_init(CPUPPCState *env)
-{
- PowerPCCPU *cpu = ppc_env_get_cpu(env);
-
- env->irq_inputs = (void **)qemu_allocate_irqs(&ppc970_set_irq, cpu,
- PPC970_INPUT_NB);
-}
-
-/* POWER7 internal IRQ controller */
-static void power7_set_irq(void *opaque, int pin, int level)
-{
- PowerPCCPU *cpu = opaque;
- CPUPPCState *env = &cpu->env;
-
- LOG_IRQ("%s: env %p pin %d level %d\n", __func__,
- env, pin, level);
-
- switch (pin) {
- case POWER7_INPUT_INT:
- /* Level sensitive - active high */
- LOG_IRQ("%s: set the external IRQ state to %d\n",
- __func__, level);
- ppc_set_irq(env, PPC_INTERRUPT_EXT, level);
- break;
- default:
- /* Unknown pin - do nothing */
- LOG_IRQ("%s: unknown IRQ pin %d\n", __func__, pin);
- return;
- }
- if (level) {
- env->irq_input_state |= 1 << pin;
- } else {
- env->irq_input_state &= ~(1 << pin);
- }
-}
-
-void ppcPOWER7_irq_init(CPUPPCState *env)
-{
- PowerPCCPU *cpu = ppc_env_get_cpu(env);
-
- env->irq_inputs = (void **)qemu_allocate_irqs(&power7_set_irq, cpu,
- POWER7_INPUT_NB);
-}
-#endif /* defined(TARGET_PPC64) */
-
-/* PowerPC 40x internal IRQ controller */
-static void ppc40x_set_irq(void *opaque, int pin, int level)
-{
- PowerPCCPU *cpu = opaque;
- CPUPPCState *env = &cpu->env;
- int cur_level;
-
- LOG_IRQ("%s: env %p pin %d level %d\n", __func__,
- env, pin, level);
- cur_level = (env->irq_input_state >> pin) & 1;
- /* Don't generate spurious events */
- if ((cur_level == 1 && level == 0) || (cur_level == 0 && level != 0)) {
- switch (pin) {
- case PPC40x_INPUT_RESET_SYS:
- if (level) {
- LOG_IRQ("%s: reset the PowerPC system\n",
- __func__);
- ppc40x_system_reset(env);
- }
- break;
- case PPC40x_INPUT_RESET_CHIP:
- if (level) {
- LOG_IRQ("%s: reset the PowerPC chip\n", __func__);
- ppc40x_chip_reset(env);
- }
- break;
- case PPC40x_INPUT_RESET_CORE:
- /* XXX: TODO: update DBSR[MRR] */
- if (level) {
- LOG_IRQ("%s: reset the PowerPC core\n", __func__);
- ppc40x_core_reset(env);
- }
- break;
- case PPC40x_INPUT_CINT:
- /* Level sensitive - active high */
- LOG_IRQ("%s: set the critical IRQ state to %d\n",
- __func__, level);
- ppc_set_irq(env, PPC_INTERRUPT_CEXT, level);
- break;
- case PPC40x_INPUT_INT:
- /* Level sensitive - active high */
- LOG_IRQ("%s: set the external IRQ state to %d\n",
- __func__, level);
- ppc_set_irq(env, PPC_INTERRUPT_EXT, level);
- break;
- case PPC40x_INPUT_HALT:
- /* Level sensitive - active low */
- if (level) {
- LOG_IRQ("%s: stop the CPU\n", __func__);
- env->halted = 1;
- } else {
- LOG_IRQ("%s: restart the CPU\n", __func__);
- env->halted = 0;
- qemu_cpu_kick(CPU(cpu));
- }
- break;
- case PPC40x_INPUT_DEBUG:
- /* Level sensitive - active high */
- LOG_IRQ("%s: set the debug pin state to %d\n",
- __func__, level);
- ppc_set_irq(env, PPC_INTERRUPT_DEBUG, level);
- break;
- default:
- /* Unknown pin - do nothing */
- LOG_IRQ("%s: unknown IRQ pin %d\n", __func__, pin);
- return;
- }
- if (level)
- env->irq_input_state |= 1 << pin;
- else
- env->irq_input_state &= ~(1 << pin);
- }
-}
-
-void ppc40x_irq_init(CPUPPCState *env)
-{
- PowerPCCPU *cpu = ppc_env_get_cpu(env);
-
- env->irq_inputs = (void **)qemu_allocate_irqs(&ppc40x_set_irq,
- cpu, PPC40x_INPUT_NB);
-}
-
-/* PowerPC E500 internal IRQ controller */
-static void ppce500_set_irq(void *opaque, int pin, int level)
-{
- PowerPCCPU *cpu = opaque;
- CPUPPCState *env = &cpu->env;
- int cur_level;
-
- LOG_IRQ("%s: env %p pin %d level %d\n", __func__,
- env, pin, level);
- cur_level = (env->irq_input_state >> pin) & 1;
- /* Don't generate spurious events */
- if ((cur_level == 1 && level == 0) || (cur_level == 0 && level != 0)) {
- switch (pin) {
- case PPCE500_INPUT_MCK:
- if (level) {
- LOG_IRQ("%s: reset the PowerPC system\n",
- __func__);
- qemu_system_reset_request();
- }
- break;
- case PPCE500_INPUT_RESET_CORE:
- if (level) {
- LOG_IRQ("%s: reset the PowerPC core\n", __func__);
- ppc_set_irq(env, PPC_INTERRUPT_MCK, level);
- }
- break;
- case PPCE500_INPUT_CINT:
- /* Level sensitive - active high */
- LOG_IRQ("%s: set the critical IRQ state to %d\n",
- __func__, level);
- ppc_set_irq(env, PPC_INTERRUPT_CEXT, level);
- break;
- case PPCE500_INPUT_INT:
- /* Level sensitive - active high */
- LOG_IRQ("%s: set the core IRQ state to %d\n",
- __func__, level);
- ppc_set_irq(env, PPC_INTERRUPT_EXT, level);
- break;
- case PPCE500_INPUT_DEBUG:
- /* Level sensitive - active high */
- LOG_IRQ("%s: set the debug pin state to %d\n",
- __func__, level);
- ppc_set_irq(env, PPC_INTERRUPT_DEBUG, level);
- break;
- default:
- /* Unknown pin - do nothing */
- LOG_IRQ("%s: unknown IRQ pin %d\n", __func__, pin);
- return;
- }
- if (level)
- env->irq_input_state |= 1 << pin;
- else
- env->irq_input_state &= ~(1 << pin);
- }
-}
-
-void ppce500_irq_init(CPUPPCState *env)
-{
- PowerPCCPU *cpu = ppc_env_get_cpu(env);
-
- env->irq_inputs = (void **)qemu_allocate_irqs(&ppce500_set_irq,
- cpu, PPCE500_INPUT_NB);
-}
-/*****************************************************************************/
-/* PowerPC time base and decrementer emulation */
-
-uint64_t cpu_ppc_get_tb(ppc_tb_t *tb_env, uint64_t vmclk, int64_t tb_offset)
-{
- /* TB time in tb periods */
- return muldiv64(vmclk, tb_env->tb_freq, get_ticks_per_sec()) + tb_offset;
-}
-
-uint64_t cpu_ppc_load_tbl (CPUPPCState *env)
-{
- ppc_tb_t *tb_env = env->tb_env;
- uint64_t tb;
-
- if (kvm_enabled()) {
- return env->spr[SPR_TBL];
- }
-
- tb = cpu_ppc_get_tb(tb_env, qemu_get_clock_ns(vm_clock), tb_env->tb_offset);
- LOG_TB("%s: tb %016" PRIx64 "\n", __func__, tb);
-
- return tb;
-}
-
-static inline uint32_t _cpu_ppc_load_tbu(CPUPPCState *env)
-{
- ppc_tb_t *tb_env = env->tb_env;
- uint64_t tb;
-
- tb = cpu_ppc_get_tb(tb_env, qemu_get_clock_ns(vm_clock), tb_env->tb_offset);
- LOG_TB("%s: tb %016" PRIx64 "\n", __func__, tb);
-
- return tb >> 32;
-}
-
-uint32_t cpu_ppc_load_tbu (CPUPPCState *env)
-{
- if (kvm_enabled()) {
- return env->spr[SPR_TBU];
- }
-
- return _cpu_ppc_load_tbu(env);
-}
-
-static inline void cpu_ppc_store_tb(ppc_tb_t *tb_env, uint64_t vmclk,
- int64_t *tb_offsetp, uint64_t value)
-{
- *tb_offsetp = value - muldiv64(vmclk, tb_env->tb_freq, get_ticks_per_sec());
- LOG_TB("%s: tb %016" PRIx64 " offset %08" PRIx64 "\n",
- __func__, value, *tb_offsetp);
-}
-
-void cpu_ppc_store_tbl (CPUPPCState *env, uint32_t value)
-{
- ppc_tb_t *tb_env = env->tb_env;
- uint64_t tb;
-
- tb = cpu_ppc_get_tb(tb_env, qemu_get_clock_ns(vm_clock), tb_env->tb_offset);
- tb &= 0xFFFFFFFF00000000ULL;
- cpu_ppc_store_tb(tb_env, qemu_get_clock_ns(vm_clock),
- &tb_env->tb_offset, tb | (uint64_t)value);
-}
-
-static inline void _cpu_ppc_store_tbu(CPUPPCState *env, uint32_t value)
-{
- ppc_tb_t *tb_env = env->tb_env;
- uint64_t tb;
-
- tb = cpu_ppc_get_tb(tb_env, qemu_get_clock_ns(vm_clock), tb_env->tb_offset);
- tb &= 0x00000000FFFFFFFFULL;
- cpu_ppc_store_tb(tb_env, qemu_get_clock_ns(vm_clock),
- &tb_env->tb_offset, ((uint64_t)value << 32) | tb);
-}
-
-void cpu_ppc_store_tbu (CPUPPCState *env, uint32_t value)
-{
- _cpu_ppc_store_tbu(env, value);
-}
-
-uint64_t cpu_ppc_load_atbl (CPUPPCState *env)
-{
- ppc_tb_t *tb_env = env->tb_env;
- uint64_t tb;
-
- tb = cpu_ppc_get_tb(tb_env, qemu_get_clock_ns(vm_clock), tb_env->atb_offset);
- LOG_TB("%s: tb %016" PRIx64 "\n", __func__, tb);
-
- return tb;
-}
-
-uint32_t cpu_ppc_load_atbu (CPUPPCState *env)
-{
- ppc_tb_t *tb_env = env->tb_env;
- uint64_t tb;
-
- tb = cpu_ppc_get_tb(tb_env, qemu_get_clock_ns(vm_clock), tb_env->atb_offset);
- LOG_TB("%s: tb %016" PRIx64 "\n", __func__, tb);
-
- return tb >> 32;
-}
-
-void cpu_ppc_store_atbl (CPUPPCState *env, uint32_t value)
-{
- ppc_tb_t *tb_env = env->tb_env;
- uint64_t tb;
-
- tb = cpu_ppc_get_tb(tb_env, qemu_get_clock_ns(vm_clock), tb_env->atb_offset);
- tb &= 0xFFFFFFFF00000000ULL;
- cpu_ppc_store_tb(tb_env, qemu_get_clock_ns(vm_clock),
- &tb_env->atb_offset, tb | (uint64_t)value);
-}
-
-void cpu_ppc_store_atbu (CPUPPCState *env, uint32_t value)
-{
- ppc_tb_t *tb_env = env->tb_env;
- uint64_t tb;
-
- tb = cpu_ppc_get_tb(tb_env, qemu_get_clock_ns(vm_clock), tb_env->atb_offset);
- tb &= 0x00000000FFFFFFFFULL;
- cpu_ppc_store_tb(tb_env, qemu_get_clock_ns(vm_clock),
- &tb_env->atb_offset, ((uint64_t)value << 32) | tb);
-}
-
-static void cpu_ppc_tb_stop (CPUPPCState *env)
-{
- ppc_tb_t *tb_env = env->tb_env;
- uint64_t tb, atb, vmclk;
-
- /* If the time base is already frozen, do nothing */
- if (tb_env->tb_freq != 0) {
- vmclk = qemu_get_clock_ns(vm_clock);
- /* Get the time base */
- tb = cpu_ppc_get_tb(tb_env, vmclk, tb_env->tb_offset);
- /* Get the alternate time base */
- atb = cpu_ppc_get_tb(tb_env, vmclk, tb_env->atb_offset);
- /* Store the time base value (ie compute the current offset) */
- cpu_ppc_store_tb(tb_env, vmclk, &tb_env->tb_offset, tb);
- /* Store the alternate time base value (compute the current offset) */
- cpu_ppc_store_tb(tb_env, vmclk, &tb_env->atb_offset, atb);
- /* Set the time base frequency to zero */
- tb_env->tb_freq = 0;
- /* Now, the time bases are frozen to tb_offset / atb_offset value */
- }
-}
-
-static void cpu_ppc_tb_start (CPUPPCState *env)
-{
- ppc_tb_t *tb_env = env->tb_env;
- uint64_t tb, atb, vmclk;
-
- /* If the time base is not frozen, do nothing */
- if (tb_env->tb_freq == 0) {
- vmclk = qemu_get_clock_ns(vm_clock);
- /* Get the time base from tb_offset */
- tb = tb_env->tb_offset;
- /* Get the alternate time base from atb_offset */
- atb = tb_env->atb_offset;
- /* Restore the tb frequency from the decrementer frequency */
- tb_env->tb_freq = tb_env->decr_freq;
- /* Store the time base value */
- cpu_ppc_store_tb(tb_env, vmclk, &tb_env->tb_offset, tb);
- /* Store the alternate time base value */
- cpu_ppc_store_tb(tb_env, vmclk, &tb_env->atb_offset, atb);
- }
-}
-
-static inline uint32_t _cpu_ppc_load_decr(CPUPPCState *env, uint64_t next)
-{
- ppc_tb_t *tb_env = env->tb_env;
- uint32_t decr;
- int64_t diff;
-
- diff = next - qemu_get_clock_ns(vm_clock);
- if (diff >= 0) {
- decr = muldiv64(diff, tb_env->decr_freq, get_ticks_per_sec());
- } else if (tb_env->flags & PPC_TIMER_BOOKE) {
- decr = 0;
- } else {
- decr = -muldiv64(-diff, tb_env->decr_freq, get_ticks_per_sec());
- }
- LOG_TB("%s: %08" PRIx32 "\n", __func__, decr);
-
- return decr;
-}
-
-uint32_t cpu_ppc_load_decr (CPUPPCState *env)
-{
- ppc_tb_t *tb_env = env->tb_env;
-
- if (kvm_enabled()) {
- return env->spr[SPR_DECR];
- }
-
- return _cpu_ppc_load_decr(env, tb_env->decr_next);
-}
-
-uint32_t cpu_ppc_load_hdecr (CPUPPCState *env)
-{
- ppc_tb_t *tb_env = env->tb_env;
-
- return _cpu_ppc_load_decr(env, tb_env->hdecr_next);
-}
-
-uint64_t cpu_ppc_load_purr (CPUPPCState *env)
-{
- ppc_tb_t *tb_env = env->tb_env;
- uint64_t diff;
-
- diff = qemu_get_clock_ns(vm_clock) - tb_env->purr_start;
-
- return tb_env->purr_load + muldiv64(diff, tb_env->tb_freq, get_ticks_per_sec());
-}
-
-/* When decrementer expires,
- * all we need to do is generate or queue a CPU exception
- */
-static inline void cpu_ppc_decr_excp(CPUPPCState *env)
-{
- /* Raise it */
- LOG_TB("raise decrementer exception\n");
- ppc_set_irq(env, PPC_INTERRUPT_DECR, 1);
-}
-
-static inline void cpu_ppc_hdecr_excp(CPUPPCState *env)
-{
- /* Raise it */
- LOG_TB("raise decrementer exception\n");
- ppc_set_irq(env, PPC_INTERRUPT_HDECR, 1);
-}
-
-static void __cpu_ppc_store_decr (CPUPPCState *env, uint64_t *nextp,
- struct QEMUTimer *timer,
- void (*raise_excp)(CPUPPCState *),
- uint32_t decr, uint32_t value,
- int is_excp)
-{
- ppc_tb_t *tb_env = env->tb_env;
- uint64_t now, next;
-
- LOG_TB("%s: %08" PRIx32 " => %08" PRIx32 "\n", __func__,
- decr, value);
-
- if (kvm_enabled()) {
- /* KVM handles decrementer exceptions, we don't need our own timer */
- return;
- }
-
- now = qemu_get_clock_ns(vm_clock);
- next = now + muldiv64(value, get_ticks_per_sec(), tb_env->decr_freq);
- if (is_excp) {
- next += *nextp - now;
- }
- if (next == now) {
- next++;
- }
- *nextp = next;
- /* Adjust timer */
- qemu_mod_timer(timer, next);
-
- /* If we set a negative value and the decrementer was positive, raise an
- * exception.
- */
- if ((tb_env->flags & PPC_DECR_UNDERFLOW_TRIGGERED)
- && (value & 0x80000000)
- && !(decr & 0x80000000)) {
- (*raise_excp)(env);
- }
-}
-
-static inline void _cpu_ppc_store_decr(CPUPPCState *env, uint32_t decr,
- uint32_t value, int is_excp)
-{
- ppc_tb_t *tb_env = env->tb_env;
-
- __cpu_ppc_store_decr(env, &tb_env->decr_next, tb_env->decr_timer,
- &cpu_ppc_decr_excp, decr, value, is_excp);
-}
-
-void cpu_ppc_store_decr (CPUPPCState *env, uint32_t value)
-{
- _cpu_ppc_store_decr(env, cpu_ppc_load_decr(env), value, 0);
-}
-
-static void cpu_ppc_decr_cb (void *opaque)
-{
- _cpu_ppc_store_decr(opaque, 0x00000000, 0xFFFFFFFF, 1);
-}
-
-static inline void _cpu_ppc_store_hdecr(CPUPPCState *env, uint32_t hdecr,
- uint32_t value, int is_excp)
-{
- ppc_tb_t *tb_env = env->tb_env;
-
- if (tb_env->hdecr_timer != NULL) {
- __cpu_ppc_store_decr(env, &tb_env->hdecr_next, tb_env->hdecr_timer,
- &cpu_ppc_hdecr_excp, hdecr, value, is_excp);
- }
-}
-
-void cpu_ppc_store_hdecr (CPUPPCState *env, uint32_t value)
-{
- _cpu_ppc_store_hdecr(env, cpu_ppc_load_hdecr(env), value, 0);
-}
-
-static void cpu_ppc_hdecr_cb (void *opaque)
-{
- _cpu_ppc_store_hdecr(opaque, 0x00000000, 0xFFFFFFFF, 1);
-}
-
-static void cpu_ppc_store_purr(CPUPPCState *env, uint64_t value)
-{
- ppc_tb_t *tb_env = env->tb_env;
-
- tb_env->purr_load = value;
- tb_env->purr_start = qemu_get_clock_ns(vm_clock);
-}
-
-static void cpu_ppc_set_tb_clk (void *opaque, uint32_t freq)
-{
- CPUPPCState *env = opaque;
- ppc_tb_t *tb_env = env->tb_env;
-
- tb_env->tb_freq = freq;
- tb_env->decr_freq = freq;
- /* There is a bug in Linux 2.4 kernels:
- * if a decrementer exception is pending when it enables msr_ee at startup,
- * it's not ready to handle it...
- */
- _cpu_ppc_store_decr(env, 0xFFFFFFFF, 0xFFFFFFFF, 0);
- _cpu_ppc_store_hdecr(env, 0xFFFFFFFF, 0xFFFFFFFF, 0);
- cpu_ppc_store_purr(env, 0x0000000000000000ULL);
-}
-
-/* Set up (once) timebase frequency (in Hz) */
-clk_setup_cb cpu_ppc_tb_init (CPUPPCState *env, uint32_t freq)
-{
- ppc_tb_t *tb_env;
-
- tb_env = g_malloc0(sizeof(ppc_tb_t));
- env->tb_env = tb_env;
- tb_env->flags = PPC_DECR_UNDERFLOW_TRIGGERED;
- /* Create new timer */
- tb_env->decr_timer = qemu_new_timer_ns(vm_clock, &cpu_ppc_decr_cb, env);
- if (0) {
- /* XXX: find a suitable condition to enable the hypervisor decrementer
- */
- tb_env->hdecr_timer = qemu_new_timer_ns(vm_clock, &cpu_ppc_hdecr_cb, env);
- } else {
- tb_env->hdecr_timer = NULL;
- }
- cpu_ppc_set_tb_clk(env, freq);
-
- return &cpu_ppc_set_tb_clk;
-}
-
-/* Specific helpers for POWER & PowerPC 601 RTC */
-#if 0
-static clk_setup_cb cpu_ppc601_rtc_init (CPUPPCState *env)
-{
- return cpu_ppc_tb_init(env, 7812500);
-}
-#endif
-
-void cpu_ppc601_store_rtcu (CPUPPCState *env, uint32_t value)
-{
- _cpu_ppc_store_tbu(env, value);
-}
-
-uint32_t cpu_ppc601_load_rtcu (CPUPPCState *env)
-{
- return _cpu_ppc_load_tbu(env);
-}
-
-void cpu_ppc601_store_rtcl (CPUPPCState *env, uint32_t value)
-{
- cpu_ppc_store_tbl(env, value & 0x3FFFFF80);
-}
-
-uint32_t cpu_ppc601_load_rtcl (CPUPPCState *env)
-{
- return cpu_ppc_load_tbl(env) & 0x3FFFFF80;
-}
-
-/*****************************************************************************/
-/* PowerPC 40x timers */
-
-/* PIT, FIT & WDT */
-typedef struct ppc40x_timer_t ppc40x_timer_t;
-struct ppc40x_timer_t {
- uint64_t pit_reload; /* PIT auto-reload value */
- uint64_t fit_next; /* Tick for next FIT interrupt */
- struct QEMUTimer *fit_timer;
- uint64_t wdt_next; /* Tick for next WDT interrupt */
- struct QEMUTimer *wdt_timer;
-
- /* 405 have the PIT, 440 have a DECR. */
- unsigned int decr_excp;
-};
-
-/* Fixed interval timer */
-static void cpu_4xx_fit_cb (void *opaque)
-{
- CPUPPCState *env;
- ppc_tb_t *tb_env;
- ppc40x_timer_t *ppc40x_timer;
- uint64_t now, next;
-
- env = opaque;
- tb_env = env->tb_env;
- ppc40x_timer = tb_env->opaque;
- now = qemu_get_clock_ns(vm_clock);
- switch ((env->spr[SPR_40x_TCR] >> 24) & 0x3) {
- case 0:
- next = 1 << 9;
- break;
- case 1:
- next = 1 << 13;
- break;
- case 2:
- next = 1 << 17;
- break;
- case 3:
- next = 1 << 21;
- break;
- default:
- /* Cannot occur, but makes gcc happy */
- return;
- }
- next = now + muldiv64(next, get_ticks_per_sec(), tb_env->tb_freq);
- if (next == now)
- next++;
- qemu_mod_timer(ppc40x_timer->fit_timer, next);
- env->spr[SPR_40x_TSR] |= 1 << 26;
- if ((env->spr[SPR_40x_TCR] >> 23) & 0x1)
- ppc_set_irq(env, PPC_INTERRUPT_FIT, 1);
- LOG_TB("%s: ir %d TCR " TARGET_FMT_lx " TSR " TARGET_FMT_lx "\n", __func__,
- (int)((env->spr[SPR_40x_TCR] >> 23) & 0x1),
- env->spr[SPR_40x_TCR], env->spr[SPR_40x_TSR]);
-}
-
-/* Programmable interval timer */
-static void start_stop_pit (CPUPPCState *env, ppc_tb_t *tb_env, int is_excp)
-{
- ppc40x_timer_t *ppc40x_timer;
- uint64_t now, next;
-
- ppc40x_timer = tb_env->opaque;
- if (ppc40x_timer->pit_reload <= 1 ||
- !((env->spr[SPR_40x_TCR] >> 26) & 0x1) ||
- (is_excp && !((env->spr[SPR_40x_TCR] >> 22) & 0x1))) {
- /* Stop PIT */
- LOG_TB("%s: stop PIT\n", __func__);
- qemu_del_timer(tb_env->decr_timer);
- } else {
- LOG_TB("%s: start PIT %016" PRIx64 "\n",
- __func__, ppc40x_timer->pit_reload);
- now = qemu_get_clock_ns(vm_clock);
- next = now + muldiv64(ppc40x_timer->pit_reload,
- get_ticks_per_sec(), tb_env->decr_freq);
- if (is_excp)
- next += tb_env->decr_next - now;
- if (next == now)
- next++;
- qemu_mod_timer(tb_env->decr_timer, next);
- tb_env->decr_next = next;
- }
-}
-
-static void cpu_4xx_pit_cb (void *opaque)
-{
- CPUPPCState *env;
- ppc_tb_t *tb_env;
- ppc40x_timer_t *ppc40x_timer;
-
- env = opaque;
- tb_env = env->tb_env;
- ppc40x_timer = tb_env->opaque;
- env->spr[SPR_40x_TSR] |= 1 << 27;
- if ((env->spr[SPR_40x_TCR] >> 26) & 0x1)
- ppc_set_irq(env, ppc40x_timer->decr_excp, 1);
- start_stop_pit(env, tb_env, 1);
- LOG_TB("%s: ar %d ir %d TCR " TARGET_FMT_lx " TSR " TARGET_FMT_lx " "
- "%016" PRIx64 "\n", __func__,
- (int)((env->spr[SPR_40x_TCR] >> 22) & 0x1),
- (int)((env->spr[SPR_40x_TCR] >> 26) & 0x1),
- env->spr[SPR_40x_TCR], env->spr[SPR_40x_TSR],
- ppc40x_timer->pit_reload);
-}
-
-/* Watchdog timer */
-static void cpu_4xx_wdt_cb (void *opaque)
-{
- CPUPPCState *env;
- ppc_tb_t *tb_env;
- ppc40x_timer_t *ppc40x_timer;
- uint64_t now, next;
-
- env = opaque;
- tb_env = env->tb_env;
- ppc40x_timer = tb_env->opaque;
- now = qemu_get_clock_ns(vm_clock);
- switch ((env->spr[SPR_40x_TCR] >> 30) & 0x3) {
- case 0:
- next = 1 << 17;
- break;
- case 1:
- next = 1 << 21;
- break;
- case 2:
- next = 1 << 25;
- break;
- case 3:
- next = 1 << 29;
- break;
- default:
- /* Cannot occur, but makes gcc happy */
- return;
- }
- next = now + muldiv64(next, get_ticks_per_sec(), tb_env->decr_freq);
- if (next == now)
- next++;
- LOG_TB("%s: TCR " TARGET_FMT_lx " TSR " TARGET_FMT_lx "\n", __func__,
- env->spr[SPR_40x_TCR], env->spr[SPR_40x_TSR]);
- switch ((env->spr[SPR_40x_TSR] >> 30) & 0x3) {
- case 0x0:
- case 0x1:
- qemu_mod_timer(ppc40x_timer->wdt_timer, next);
- ppc40x_timer->wdt_next = next;
- env->spr[SPR_40x_TSR] |= 1 << 31;
- break;
- case 0x2:
- qemu_mod_timer(ppc40x_timer->wdt_timer, next);
- ppc40x_timer->wdt_next = next;
- env->spr[SPR_40x_TSR] |= 1 << 30;
- if ((env->spr[SPR_40x_TCR] >> 27) & 0x1)
- ppc_set_irq(env, PPC_INTERRUPT_WDT, 1);
- break;
- case 0x3:
- env->spr[SPR_40x_TSR] &= ~0x30000000;
- env->spr[SPR_40x_TSR] |= env->spr[SPR_40x_TCR] & 0x30000000;
- switch ((env->spr[SPR_40x_TCR] >> 28) & 0x3) {
- case 0x0:
- /* No reset */
- break;
- case 0x1: /* Core reset */
- ppc40x_core_reset(env);
- break;
- case 0x2: /* Chip reset */
- ppc40x_chip_reset(env);
- break;
- case 0x3: /* System reset */
- ppc40x_system_reset(env);
- break;
- }
- }
-}
-
-void store_40x_pit (CPUPPCState *env, target_ulong val)
-{
- ppc_tb_t *tb_env;
- ppc40x_timer_t *ppc40x_timer;
-
- tb_env = env->tb_env;
- ppc40x_timer = tb_env->opaque;
- LOG_TB("%s val" TARGET_FMT_lx "\n", __func__, val);
- ppc40x_timer->pit_reload = val;
- start_stop_pit(env, tb_env, 0);
-}
-
-target_ulong load_40x_pit (CPUPPCState *env)
-{
- return cpu_ppc_load_decr(env);
-}
-
-static void ppc_40x_set_tb_clk (void *opaque, uint32_t freq)
-{
- CPUPPCState *env = opaque;
- ppc_tb_t *tb_env = env->tb_env;
-
- LOG_TB("%s set new frequency to %" PRIu32 "\n", __func__,
- freq);
- tb_env->tb_freq = freq;
- tb_env->decr_freq = freq;
- /* XXX: we should also update all timers */
-}
-
-clk_setup_cb ppc_40x_timers_init (CPUPPCState *env, uint32_t freq,
- unsigned int decr_excp)
-{
- ppc_tb_t *tb_env;
- ppc40x_timer_t *ppc40x_timer;
-
- tb_env = g_malloc0(sizeof(ppc_tb_t));
- env->tb_env = tb_env;
- tb_env->flags = PPC_DECR_UNDERFLOW_TRIGGERED;
- ppc40x_timer = g_malloc0(sizeof(ppc40x_timer_t));
- tb_env->tb_freq = freq;
- tb_env->decr_freq = freq;
- tb_env->opaque = ppc40x_timer;
- LOG_TB("%s freq %" PRIu32 "\n", __func__, freq);
- if (ppc40x_timer != NULL) {
- /* We use decr timer for PIT */
- tb_env->decr_timer = qemu_new_timer_ns(vm_clock, &cpu_4xx_pit_cb, env);
- ppc40x_timer->fit_timer =
- qemu_new_timer_ns(vm_clock, &cpu_4xx_fit_cb, env);
- ppc40x_timer->wdt_timer =
- qemu_new_timer_ns(vm_clock, &cpu_4xx_wdt_cb, env);
- ppc40x_timer->decr_excp = decr_excp;
- }
-
- return &ppc_40x_set_tb_clk;
-}
-
-/*****************************************************************************/
-/* Embedded PowerPC Device Control Registers */
-typedef struct ppc_dcrn_t ppc_dcrn_t;
-struct ppc_dcrn_t {
- dcr_read_cb dcr_read;
- dcr_write_cb dcr_write;
- void *opaque;
-};
-
-/* XXX: on 460, DCR addresses are 32 bits wide,
- * using DCRIPR to get the 22 upper bits of the DCR address
- */
-#define DCRN_NB 1024
-struct ppc_dcr_t {
- ppc_dcrn_t dcrn[DCRN_NB];
- int (*read_error)(int dcrn);
- int (*write_error)(int dcrn);
-};
-
-int ppc_dcr_read (ppc_dcr_t *dcr_env, int dcrn, uint32_t *valp)
-{
- ppc_dcrn_t *dcr;
-
- if (dcrn < 0 || dcrn >= DCRN_NB)
- goto error;
- dcr = &dcr_env->dcrn[dcrn];
- if (dcr->dcr_read == NULL)
- goto error;
- *valp = (*dcr->dcr_read)(dcr->opaque, dcrn);
-
- return 0;
-
- error:
- if (dcr_env->read_error != NULL)
- return (*dcr_env->read_error)(dcrn);
-
- return -1;
-}
-
-int ppc_dcr_write (ppc_dcr_t *dcr_env, int dcrn, uint32_t val)
-{
- ppc_dcrn_t *dcr;
-
- if (dcrn < 0 || dcrn >= DCRN_NB)
- goto error;
- dcr = &dcr_env->dcrn[dcrn];
- if (dcr->dcr_write == NULL)
- goto error;
- (*dcr->dcr_write)(dcr->opaque, dcrn, val);
-
- return 0;
-
- error:
- if (dcr_env->write_error != NULL)
- return (*dcr_env->write_error)(dcrn);
-
- return -1;
-}
-
-int ppc_dcr_register (CPUPPCState *env, int dcrn, void *opaque,
- dcr_read_cb dcr_read, dcr_write_cb dcr_write)
-{
- ppc_dcr_t *dcr_env;
- ppc_dcrn_t *dcr;
-
- dcr_env = env->dcr_env;
- if (dcr_env == NULL)
- return -1;
- if (dcrn < 0 || dcrn >= DCRN_NB)
- return -1;
- dcr = &dcr_env->dcrn[dcrn];
- if (dcr->opaque != NULL ||
- dcr->dcr_read != NULL ||
- dcr->dcr_write != NULL)
- return -1;
- dcr->opaque = opaque;
- dcr->dcr_read = dcr_read;
- dcr->dcr_write = dcr_write;
-
- return 0;
-}
-
-int ppc_dcr_init (CPUPPCState *env, int (*read_error)(int dcrn),
- int (*write_error)(int dcrn))
-{
- ppc_dcr_t *dcr_env;
-
- dcr_env = g_malloc0(sizeof(ppc_dcr_t));
- dcr_env->read_error = read_error;
- dcr_env->write_error = write_error;
- env->dcr_env = dcr_env;
-
- return 0;
-}
-
-/*****************************************************************************/
-/* Debug port */
-void PPC_debug_write (void *opaque, uint32_t addr, uint32_t val)
-{
- addr &= 0xF;
- switch (addr) {
- case 0:
- printf("%c", val);
- break;
- case 1:
- printf("\n");
- fflush(stdout);
- break;
- case 2:
- printf("Set loglevel to %04" PRIx32 "\n", val);
- cpu_set_log(val | 0x100);
- break;
- }
-}
-
-/*****************************************************************************/
-/* NVRAM helpers */
-static inline uint32_t nvram_read (nvram_t *nvram, uint32_t addr)
-{
- return (*nvram->read_fn)(nvram->opaque, addr);
-}
-
-static inline void nvram_write (nvram_t *nvram, uint32_t addr, uint32_t val)
-{
- (*nvram->write_fn)(nvram->opaque, addr, val);
-}
-
-static void NVRAM_set_byte(nvram_t *nvram, uint32_t addr, uint8_t value)
-{
- nvram_write(nvram, addr, value);
-}
-
-static uint8_t NVRAM_get_byte(nvram_t *nvram, uint32_t addr)
-{
- return nvram_read(nvram, addr);
-}
-
-static void NVRAM_set_word(nvram_t *nvram, uint32_t addr, uint16_t value)
-{
- nvram_write(nvram, addr, value >> 8);
- nvram_write(nvram, addr + 1, value & 0xFF);
-}
-
-static uint16_t NVRAM_get_word(nvram_t *nvram, uint32_t addr)
-{
- uint16_t tmp;
-
- tmp = nvram_read(nvram, addr) << 8;
- tmp |= nvram_read(nvram, addr + 1);
-
- return tmp;
-}
-
-static void NVRAM_set_lword(nvram_t *nvram, uint32_t addr, uint32_t value)
-{
- nvram_write(nvram, addr, value >> 24);
- nvram_write(nvram, addr + 1, (value >> 16) & 0xFF);
- nvram_write(nvram, addr + 2, (value >> 8) & 0xFF);
- nvram_write(nvram, addr + 3, value & 0xFF);
-}
-
-uint32_t NVRAM_get_lword (nvram_t *nvram, uint32_t addr)
-{
- uint32_t tmp;
-
- tmp = nvram_read(nvram, addr) << 24;
- tmp |= nvram_read(nvram, addr + 1) << 16;
- tmp |= nvram_read(nvram, addr + 2) << 8;
- tmp |= nvram_read(nvram, addr + 3);
-
- return tmp;
-}
-
-static void NVRAM_set_string(nvram_t *nvram, uint32_t addr, const char *str,
- uint32_t max)
-{
- int i;
-
- for (i = 0; i < max && str[i] != '\0'; i++) {
- nvram_write(nvram, addr + i, str[i]);
- }
- nvram_write(nvram, addr + i, str[i]);
- nvram_write(nvram, addr + max - 1, '\0');
-}
-
-int NVRAM_get_string (nvram_t *nvram, uint8_t *dst, uint16_t addr, int max)
-{
- int i;
-
- memset(dst, 0, max);
- for (i = 0; i < max; i++) {
- dst[i] = NVRAM_get_byte(nvram, addr + i);
- if (dst[i] == '\0')
- break;
- }
-
- return i;
-}
-
-static uint16_t NVRAM_crc_update (uint16_t prev, uint16_t value)
-{
- uint16_t tmp;
- uint16_t pd, pd1, pd2;
-
- tmp = prev >> 8;
- pd = prev ^ value;
- pd1 = pd & 0x000F;
- pd2 = ((pd >> 4) & 0x000F) ^ pd1;
- tmp ^= (pd1 << 3) | (pd1 << 8);
- tmp ^= pd2 | (pd2 << 7) | (pd2 << 12);
-
- return tmp;
-}
-
-static uint16_t NVRAM_compute_crc (nvram_t *nvram, uint32_t start, uint32_t count)
-{
- uint32_t i;
- uint16_t crc = 0xFFFF;
- int odd;
-
- odd = count & 1;
- count &= ~1;
- for (i = 0; i != count; i++) {
- crc = NVRAM_crc_update(crc, NVRAM_get_word(nvram, start + i));
- }
- if (odd) {
- crc = NVRAM_crc_update(crc, NVRAM_get_byte(nvram, start + i) << 8);
- }
-
- return crc;
-}
-
-#define CMDLINE_ADDR 0x017ff000
-
-int PPC_NVRAM_set_params (nvram_t *nvram, uint16_t NVRAM_size,
- const char *arch,
- uint32_t RAM_size, int boot_device,
- uint32_t kernel_image, uint32_t kernel_size,
- const char *cmdline,
- uint32_t initrd_image, uint32_t initrd_size,
- uint32_t NVRAM_image,
- int width, int height, int depth)
-{
- uint16_t crc;
-
- /* Set parameters for Open Hack'Ware BIOS */
- NVRAM_set_string(nvram, 0x00, "QEMU_BIOS", 16);
- NVRAM_set_lword(nvram, 0x10, 0x00000002); /* structure v2 */
- NVRAM_set_word(nvram, 0x14, NVRAM_size);
- NVRAM_set_string(nvram, 0x20, arch, 16);
- NVRAM_set_lword(nvram, 0x30, RAM_size);
- NVRAM_set_byte(nvram, 0x34, boot_device);
- NVRAM_set_lword(nvram, 0x38, kernel_image);
- NVRAM_set_lword(nvram, 0x3C, kernel_size);
- if (cmdline) {
- /* XXX: put the cmdline in NVRAM too ? */
- pstrcpy_targphys("cmdline", CMDLINE_ADDR, RAM_size - CMDLINE_ADDR, cmdline);
- NVRAM_set_lword(nvram, 0x40, CMDLINE_ADDR);
- NVRAM_set_lword(nvram, 0x44, strlen(cmdline));
- } else {
- NVRAM_set_lword(nvram, 0x40, 0);
- NVRAM_set_lword(nvram, 0x44, 0);
- }
- NVRAM_set_lword(nvram, 0x48, initrd_image);
- NVRAM_set_lword(nvram, 0x4C, initrd_size);
- NVRAM_set_lword(nvram, 0x50, NVRAM_image);
-
- NVRAM_set_word(nvram, 0x54, width);
- NVRAM_set_word(nvram, 0x56, height);
- NVRAM_set_word(nvram, 0x58, depth);
- crc = NVRAM_compute_crc(nvram, 0x00, 0xF8);
- NVRAM_set_word(nvram, 0xFC, crc);
-
- return 0;
-}
diff --git a/hw/ppc.h b/hw/ppc.h
deleted file mode 100644
index 2f3ea277b..000000000
--- a/hw/ppc.h
+++ /dev/null
@@ -1,92 +0,0 @@
-void ppc_set_irq (CPUPPCState *env, int n_IRQ, int level);
-
-/* PowerPC hardware exceptions management helpers */
-typedef void (*clk_setup_cb)(void *opaque, uint32_t freq);
-typedef struct clk_setup_t clk_setup_t;
-struct clk_setup_t {
- clk_setup_cb cb;
- void *opaque;
-};
-static inline void clk_setup (clk_setup_t *clk, uint32_t freq)
-{
- if (clk->cb != NULL)
- (*clk->cb)(clk->opaque, freq);
-}
-
-struct ppc_tb_t {
- /* Time base management */
- int64_t tb_offset; /* Compensation */
- int64_t atb_offset; /* Compensation */
- uint32_t tb_freq; /* TB frequency */
- /* Decrementer management */
- uint64_t decr_next; /* Tick for next decr interrupt */
- uint32_t decr_freq; /* decrementer frequency */
- struct QEMUTimer *decr_timer;
- /* Hypervisor decrementer management */
- uint64_t hdecr_next; /* Tick for next hdecr interrupt */
- struct QEMUTimer *hdecr_timer;
- uint64_t purr_load;
- uint64_t purr_start;
- void *opaque;
- uint32_t flags;
-};
-
-/* PPC Timers flags */
-#define PPC_TIMER_BOOKE (1 << 0) /* Enable Booke support */
-#define PPC_TIMER_E500 (1 << 1) /* Enable e500 support */
-#define PPC_DECR_UNDERFLOW_TRIGGERED (1 << 2) /* Decr interrupt triggered when
- * the most significant bit
- * changes from 0 to 1.
- */
-#define PPC_DECR_ZERO_TRIGGERED (1 << 3) /* Decr interrupt triggered when
- * the decrementer reaches zero.
- */
-
-uint64_t cpu_ppc_get_tb(ppc_tb_t *tb_env, uint64_t vmclk, int64_t tb_offset);
-clk_setup_cb cpu_ppc_tb_init (CPUPPCState *env, uint32_t freq);
-/* Embedded PowerPC DCR management */
-typedef uint32_t (*dcr_read_cb)(void *opaque, int dcrn);
-typedef void (*dcr_write_cb)(void *opaque, int dcrn, uint32_t val);
-int ppc_dcr_init (CPUPPCState *env, int (*dcr_read_error)(int dcrn),
- int (*dcr_write_error)(int dcrn));
-int ppc_dcr_register (CPUPPCState *env, int dcrn, void *opaque,
- dcr_read_cb drc_read, dcr_write_cb dcr_write);
-clk_setup_cb ppc_40x_timers_init (CPUPPCState *env, uint32_t freq,
- unsigned int decr_excp);
-
-/* Embedded PowerPC reset */
-void ppc40x_core_reset (CPUPPCState *env);
-void ppc40x_chip_reset (CPUPPCState *env);
-void ppc40x_system_reset (CPUPPCState *env);
-void PREP_debug_write (void *opaque, uint32_t addr, uint32_t val);
-
-extern CPUWriteMemoryFunc * const PPC_io_write[];
-extern CPUReadMemoryFunc * const PPC_io_read[];
-void PPC_debug_write (void *opaque, uint32_t addr, uint32_t val);
-
-void ppc40x_irq_init (CPUPPCState *env);
-void ppce500_irq_init (CPUPPCState *env);
-void ppc6xx_irq_init (CPUPPCState *env);
-void ppc970_irq_init (CPUPPCState *env);
-void ppcPOWER7_irq_init (CPUPPCState *env);
-
-/* PPC machines for OpenBIOS */
-enum {
- ARCH_PREP = 0,
- ARCH_MAC99,
- ARCH_HEATHROW,
- ARCH_MAC99_U3,
-};
-
-#define FW_CFG_PPC_WIDTH (FW_CFG_ARCH_LOCAL + 0x00)
-#define FW_CFG_PPC_HEIGHT (FW_CFG_ARCH_LOCAL + 0x01)
-#define FW_CFG_PPC_DEPTH (FW_CFG_ARCH_LOCAL + 0x02)
-#define FW_CFG_PPC_TBFREQ (FW_CFG_ARCH_LOCAL + 0x03)
-#define FW_CFG_PPC_IS_KVM (FW_CFG_ARCH_LOCAL + 0x05)
-#define FW_CFG_PPC_KVM_HC (FW_CFG_ARCH_LOCAL + 0x06)
-#define FW_CFG_PPC_KVM_PID (FW_CFG_ARCH_LOCAL + 0x07)
-
-#define PPC_SERIAL_MM_BAUDBASE 399193
-
-/* ppc_booke.c */
-void ppc_booke_timers_init(CPUPPCState *env, uint32_t freq, uint32_t flags);
diff --git a/hw/ppc/Makefile.objs b/hw/ppc/Makefile.objs
index 8fe21235f..7a1cd5d89 100644
--- a/hw/ppc/Makefile.objs
+++ b/hw/ppc/Makefile.objs
@@ -1,31 +1,20 @@
# shared objects
-obj-y = ppc.o ppc_booke.o
-# PREP target
-obj-y += mc146818rtc.o
-obj-y += ppc_prep.o
-# OldWorld PowerMac
-obj-y += ppc_oldworld.o
-# NewWorld PowerMac
-obj-y += ppc_newworld.o
+obj-y += ppc.o ppc_booke.o
# IBM pSeries (sPAPR)
-obj-$(CONFIG_PSERIES) += spapr.o spapr_hcall.o spapr_rtas.o spapr_vio.o
-obj-$(CONFIG_PSERIES) += xics.o spapr_vty.o spapr_llan.o spapr_vscsi.o
-obj-$(CONFIG_PSERIES) += spapr_pci.o pci-hotplug.o spapr_iommu.o
-obj-$(CONFIG_PSERIES) += spapr_events.o
+obj-$(CONFIG_PSERIES) += spapr.o spapr_vio.o spapr_events.o
+obj-$(CONFIG_PSERIES) += spapr_hcall.o spapr_iommu.o spapr_rtas.o
+obj-$(CONFIG_PSERIES) += spapr_pci.o
# PowerPC 4xx boards
-obj-y += ppc4xx_devs.o ppc4xx_pci.o ppc405_uc.o ppc405_boards.o
-obj-y += ppc440_bamboo.o
-# PowerPC E500 boards
-obj-$(CONFIG_FDT) += mpc8544_guts.o ppce500_spin.o
+obj-y += ppc405_boards.o ppc4xx_devs.o ppc405_uc.o ppc440_bamboo.o
+obj-y += ppc4xx_pci.o
+# PReP
+obj-y += prep.o
+# OldWorld PowerMac
+obj-y += mac_oldworld.o
+# NewWorld PowerMac
+obj-y += mac_newworld.o
+# e500
+obj-$(CONFIG_E500) += e500.o mpc8544ds.o e500plat.o
+obj-$(CONFIG_E500) += mpc8544_guts.o ppce500_spin.o
# PowerPC 440 Xilinx ML507 reference board.
obj-y += virtex_ml507.o
-# PowerPC OpenPIC
-obj-y += openpic.o
-obj-$(CONFIG_FDT) += ../device_tree.o
-
-# Xilinx PPC peripherals
-obj-y += xilinx_ethlite.o
-
-obj-y := $(addprefix ../,$(obj-y))
-
-obj-$(CONFIG_FDT) += e500.o mpc8544ds.o e500plat.o
diff --git a/hw/ppc/e500-ccsr.h b/hw/ppc/e500-ccsr.h
new file mode 100644
index 000000000..12a2ba4b9
--- /dev/null
+++ b/hw/ppc/e500-ccsr.h
@@ -0,0 +1,17 @@
+#ifndef E500_CCSR_H
+#define E500_CCSR_H
+
+#include "hw/sysbus.h"
+
+typedef struct PPCE500CCSRState {
+ /*< private >*/
+ SysBusDevice parent;
+ /*< public >*/
+
+ MemoryRegion ccsr_space;
+} PPCE500CCSRState;
+
+#define TYPE_CCSR "e500-ccsr"
+#define CCSR(obj) OBJECT_CHECK(PPCE500CCSRState, (obj), TYPE_CCSR)
+
+#endif /* E500_CCSR_H */
diff --git a/hw/ppc/e500.c b/hw/ppc/e500.c
index 6749ffffb..f00a62a1c 100644
--- a/hw/ppc/e500.c
+++ b/hw/ppc/e500.c
@@ -17,27 +17,32 @@
#include "config.h"
#include "qemu-common.h"
#include "e500.h"
-#include "net.h"
+#include "e500-ccsr.h"
+#include "net/net.h"
+#include "qemu/config-file.h"
#include "hw/hw.h"
-#include "hw/serial.h"
-#include "hw/pci.h"
+#include "hw/char/serial.h"
+#include "hw/pci/pci.h"
#include "hw/boards.h"
-#include "sysemu.h"
-#include "kvm.h"
+#include "sysemu/sysemu.h"
+#include "sysemu/kvm.h"
#include "kvm_ppc.h"
-#include "device_tree.h"
-#include "hw/openpic.h"
-#include "hw/ppc.h"
+#include "sysemu/device_tree.h"
+#include "hw/ppc/openpic.h"
+#include "hw/ppc/ppc.h"
#include "hw/loader.h"
#include "elf.h"
#include "hw/sysbus.h"
-#include "exec-memory.h"
-#include "host-utils.h"
+#include "exec/address-spaces.h"
+#include "qemu/host-utils.h"
+#include "hw/pci-host/ppce500.h"
+#define EPAPR_MAGIC (0x45504150)
#define BINARY_DEVICE_TREE_FILE "mpc8544ds.dtb"
#define UIMAGE_LOAD_BASE 0
#define DTC_LOAD_PAD 0x1800000
#define DTC_PAD_MASK 0xFFFFF
+#define DTB_MAX_SIZE (8 * 1024 * 1024)
#define INITRD_LOAD_PAD 0x2000000
#define INITRD_PAD_MASK 0xFFFFFF
@@ -46,13 +51,16 @@
/* TODO: parameterize */
#define MPC8544_CCSRBAR_BASE 0xE0000000ULL
#define MPC8544_CCSRBAR_SIZE 0x00100000ULL
-#define MPC8544_MPIC_REGS_BASE (MPC8544_CCSRBAR_BASE + 0x40000ULL)
-#define MPC8544_SERIAL0_REGS_BASE (MPC8544_CCSRBAR_BASE + 0x4500ULL)
-#define MPC8544_SERIAL1_REGS_BASE (MPC8544_CCSRBAR_BASE + 0x4600ULL)
-#define MPC8544_PCI_REGS_BASE (MPC8544_CCSRBAR_BASE + 0x8000ULL)
+#define MPC8544_MPIC_REGS_OFFSET 0x40000ULL
+#define MPC8544_MSI_REGS_OFFSET 0x41600ULL
+#define MPC8544_SERIAL0_REGS_OFFSET 0x4500ULL
+#define MPC8544_SERIAL1_REGS_OFFSET 0x4600ULL
+#define MPC8544_PCI_REGS_OFFSET 0x8000ULL
+#define MPC8544_PCI_REGS_BASE (MPC8544_CCSRBAR_BASE + \
+ MPC8544_PCI_REGS_OFFSET)
#define MPC8544_PCI_REGS_SIZE 0x1000ULL
#define MPC8544_PCI_IO 0xE1000000ULL
-#define MPC8544_UTIL_BASE (MPC8544_CCSRBAR_BASE + 0xe0000ULL)
+#define MPC8544_UTIL_OFFSET 0xe0000ULL
#define MPC8544_SPIN_BASE 0xEF000000ULL
struct boot_info
@@ -62,25 +70,35 @@ struct boot_info
uint32_t entry;
};
-static void pci_map_create(void *fdt, uint32_t *pci_map, uint32_t mpic)
+static uint32_t *pci_map_create(void *fdt, uint32_t mpic, int first_slot,
+ int nr_slots, int *len)
{
- int i;
- const uint32_t tmp[] = {
- /* IDSEL 0x11 J17 Slot 1 */
- 0x8800, 0x0, 0x0, 0x1, mpic, 0x2, 0x1,
- 0x8800, 0x0, 0x0, 0x2, mpic, 0x3, 0x1,
- 0x8800, 0x0, 0x0, 0x3, mpic, 0x4, 0x1,
- 0x8800, 0x0, 0x0, 0x4, mpic, 0x1, 0x1,
-
- /* IDSEL 0x12 J16 Slot 2 */
- 0x9000, 0x0, 0x0, 0x1, mpic, 0x3, 0x1,
- 0x9000, 0x0, 0x0, 0x2, mpic, 0x4, 0x1,
- 0x9000, 0x0, 0x0, 0x3, mpic, 0x2, 0x1,
- 0x9000, 0x0, 0x0, 0x4, mpic, 0x1, 0x1,
- };
- for (i = 0; i < (7 * 8); i++) {
- pci_map[i] = cpu_to_be32(tmp[i]);
+ int i = 0;
+ int slot;
+ int pci_irq;
+ int host_irq;
+ int last_slot = first_slot + nr_slots;
+ uint32_t *pci_map;
+
+ *len = nr_slots * 4 * 7 * sizeof(uint32_t);
+ pci_map = g_malloc(*len);
+
+ for (slot = first_slot; slot < last_slot; slot++) {
+ for (pci_irq = 0; pci_irq < 4; pci_irq++) {
+ pci_map[i++] = cpu_to_be32(slot << 11);
+ pci_map[i++] = cpu_to_be32(0x0);
+ pci_map[i++] = cpu_to_be32(0x0);
+ pci_map[i++] = cpu_to_be32(pci_irq + 1);
+ pci_map[i++] = cpu_to_be32(mpic);
+ host_irq = ppce500_pci_map_irq_slot(slot, pci_irq);
+ pci_map[i++] = cpu_to_be32(host_irq + 1);
+ pci_map[i++] = cpu_to_be32(0x1);
+ }
}
+
+ assert((i * sizeof(uint32_t)) == *len);
+
+ return pci_map;
}
static void dt_serial_create(void *fdt, unsigned long long offset,
@@ -119,14 +137,16 @@ static int ppce500_load_device_tree(CPUPPCState *env,
uint32_t clock_freq = 400000000;
uint32_t tb_freq = 400000000;
int i;
- const char *toplevel_compat = NULL; /* user override */
char compatible_sb[] = "fsl,mpc8544-immr\0simple-bus";
char soc[128];
char mpic[128];
uint32_t mpic_ph;
+ uint32_t msi_ph;
char gutil[128];
char pci[128];
- uint32_t pci_map[7 * 8];
+ char msi[128];
+ uint32_t *pci_map = NULL;
+ int len;
uint32_t pci_ranges[14] =
{
0x2000000, 0x0, 0xc0000000,
@@ -137,14 +157,9 @@ static int ppce500_load_device_tree(CPUPPCState *env,
0x0, 0xe1000000,
0x0, 0x10000,
};
- QemuOpts *machine_opts;
- const char *dtb_file = NULL;
-
- machine_opts = qemu_opts_find(qemu_find_opts("machine"), 0);
- if (machine_opts) {
- dtb_file = qemu_opt_get(machine_opts, "dtb");
- toplevel_compat = qemu_opt_get(machine_opts, "dt_compatible");
- }
+ QemuOpts *machine_opts = qemu_get_machine_opts();
+ const char *dtb_file = qemu_opt_get(machine_opts, "dtb");
+ const char *toplevel_compat = qemu_opt_get(machine_opts, "dt_compatible");
if (dtb_file) {
char *filename;
@@ -206,6 +221,10 @@ static int ppce500_load_device_tree(CPUPPCState *env,
kvmppc_get_hypercall(env, hypercall, sizeof(hypercall));
qemu_devtree_setprop(fdt, "/hypervisor", "hcall-instructions",
hypercall, sizeof(hypercall));
+ /* if KVM supports the idle hcall, set property indicating this */
+ if (kvmppc_get_hasidle(env)) {
+ qemu_devtree_setprop(fdt, "/hypervisor", "has-idle", NULL, 0);
+ }
}
/* Create CPU nodes */
@@ -216,25 +235,23 @@ static int ppce500_load_device_tree(CPUPPCState *env,
/* We need to generate the cpu nodes in reverse order, so Linux can pick
the first node as boot node and be happy */
for (i = smp_cpus - 1; i >= 0; i--) {
+ CPUState *cpu;
char cpu_name[128];
uint64_t cpu_release_addr = MPC8544_SPIN_BASE + (i * 0x20);
- for (env = first_cpu; env != NULL; env = env->next_cpu) {
- if (env->cpu_index == i) {
- break;
- }
- }
-
- if (!env) {
+ cpu = qemu_get_cpu(i);
+ if (cpu == NULL) {
continue;
}
+ env = cpu->env_ptr;
- snprintf(cpu_name, sizeof(cpu_name), "/cpus/PowerPC,8544@%x", env->cpu_index);
+ snprintf(cpu_name, sizeof(cpu_name), "/cpus/PowerPC,8544@%x",
+ cpu->cpu_index);
qemu_devtree_add_subnode(fdt, cpu_name);
qemu_devtree_setprop_cell(fdt, cpu_name, "clock-frequency", clock_freq);
qemu_devtree_setprop_cell(fdt, cpu_name, "timebase-frequency", tb_freq);
qemu_devtree_setprop_string(fdt, cpu_name, "device_type", "cpu");
- qemu_devtree_setprop_cell(fdt, cpu_name, "reg", env->cpu_index);
+ qemu_devtree_setprop_cell(fdt, cpu_name, "reg", cpu->cpu_index);
qemu_devtree_setprop_cell(fdt, cpu_name, "d-cache-line-size",
env->dcache_line_size);
qemu_devtree_setprop_cell(fdt, cpu_name, "i-cache-line-size",
@@ -242,7 +259,7 @@ static int ppce500_load_device_tree(CPUPPCState *env,
qemu_devtree_setprop_cell(fdt, cpu_name, "d-cache-size", 0x8000);
qemu_devtree_setprop_cell(fdt, cpu_name, "i-cache-size", 0x8000);
qemu_devtree_setprop_cell(fdt, cpu_name, "bus-frequency", 0);
- if (env->cpu_index) {
+ if (cpu->cpu_index) {
qemu_devtree_setprop_string(fdt, cpu_name, "status", "disabled");
qemu_devtree_setprop_string(fdt, cpu_name, "enable-method", "spin-table");
qemu_devtree_setprop_u64(fdt, cpu_name, "cpu-release-addr",
@@ -267,13 +284,12 @@ static int ppce500_load_device_tree(CPUPPCState *env,
/* XXX should contain a reasonable value */
qemu_devtree_setprop_cell(fdt, soc, "bus-frequency", 0);
- snprintf(mpic, sizeof(mpic), "%s/pic@%llx", soc,
- MPC8544_MPIC_REGS_BASE - MPC8544_CCSRBAR_BASE);
+ snprintf(mpic, sizeof(mpic), "%s/pic@%llx", soc, MPC8544_MPIC_REGS_OFFSET);
qemu_devtree_add_subnode(fdt, mpic);
qemu_devtree_setprop_string(fdt, mpic, "device_type", "open-pic");
- qemu_devtree_setprop_string(fdt, mpic, "compatible", "chrp,open-pic");
- qemu_devtree_setprop_cells(fdt, mpic, "reg", MPC8544_MPIC_REGS_BASE -
- MPC8544_CCSRBAR_BASE, 0x40000);
+ qemu_devtree_setprop_string(fdt, mpic, "compatible", "fsl,mpic");
+ qemu_devtree_setprop_cells(fdt, mpic, "reg", MPC8544_MPIC_REGS_OFFSET,
+ 0x40000);
qemu_devtree_setprop_cell(fdt, mpic, "#address-cells", 0);
qemu_devtree_setprop_cell(fdt, mpic, "#interrupt-cells", 2);
mpic_ph = qemu_devtree_alloc_phandle(fdt);
@@ -286,19 +302,37 @@ static int ppce500_load_device_tree(CPUPPCState *env,
* device it finds in the dt as serial output device. And we generate
* devices in reverse order to the dt.
*/
- dt_serial_create(fdt, MPC8544_SERIAL1_REGS_BASE - MPC8544_CCSRBAR_BASE,
+ dt_serial_create(fdt, MPC8544_SERIAL1_REGS_OFFSET,
soc, mpic, "serial1", 1, false);
- dt_serial_create(fdt, MPC8544_SERIAL0_REGS_BASE - MPC8544_CCSRBAR_BASE,
+ dt_serial_create(fdt, MPC8544_SERIAL0_REGS_OFFSET,
soc, mpic, "serial0", 0, true);
snprintf(gutil, sizeof(gutil), "%s/global-utilities@%llx", soc,
- MPC8544_UTIL_BASE - MPC8544_CCSRBAR_BASE);
+ MPC8544_UTIL_OFFSET);
qemu_devtree_add_subnode(fdt, gutil);
qemu_devtree_setprop_string(fdt, gutil, "compatible", "fsl,mpc8544-guts");
- qemu_devtree_setprop_cells(fdt, gutil, "reg", MPC8544_UTIL_BASE -
- MPC8544_CCSRBAR_BASE, 0x1000);
+ qemu_devtree_setprop_cells(fdt, gutil, "reg", MPC8544_UTIL_OFFSET, 0x1000);
qemu_devtree_setprop(fdt, gutil, "fsl,has-rstcr", NULL, 0);
+ snprintf(msi, sizeof(msi), "/%s/msi@%llx", soc, MPC8544_MSI_REGS_OFFSET);
+ qemu_devtree_add_subnode(fdt, msi);
+ qemu_devtree_setprop_string(fdt, msi, "compatible", "fsl,mpic-msi");
+ qemu_devtree_setprop_cells(fdt, msi, "reg", MPC8544_MSI_REGS_OFFSET, 0x200);
+ msi_ph = qemu_devtree_alloc_phandle(fdt);
+ qemu_devtree_setprop_cells(fdt, msi, "msi-available-ranges", 0x0, 0x100);
+ qemu_devtree_setprop_phandle(fdt, msi, "interrupt-parent", mpic);
+ qemu_devtree_setprop_cells(fdt, msi, "interrupts",
+ 0xe0, 0x0,
+ 0xe1, 0x0,
+ 0xe2, 0x0,
+ 0xe3, 0x0,
+ 0xe4, 0x0,
+ 0xe5, 0x0,
+ 0xe6, 0x0,
+ 0xe7, 0x0);
+ qemu_devtree_setprop_cell(fdt, msi, "phandle", msi_ph);
+ qemu_devtree_setprop_cell(fdt, msi, "linux,phandle", msi_ph);
+
snprintf(pci, sizeof(pci), "/pci@%llx", MPC8544_PCI_REGS_BASE);
qemu_devtree_add_subnode(fdt, pci);
qemu_devtree_setprop_cell(fdt, pci, "cell-index", 0);
@@ -306,14 +340,17 @@ static int ppce500_load_device_tree(CPUPPCState *env,
qemu_devtree_setprop_string(fdt, pci, "device_type", "pci");
qemu_devtree_setprop_cells(fdt, pci, "interrupt-map-mask", 0xf800, 0x0,
0x0, 0x7);
- pci_map_create(fdt, pci_map, qemu_devtree_get_phandle(fdt, mpic));
- qemu_devtree_setprop(fdt, pci, "interrupt-map", pci_map, sizeof(pci_map));
+ pci_map = pci_map_create(fdt, qemu_devtree_get_phandle(fdt, mpic),
+ params->pci_first_slot, params->pci_nr_slots,
+ &len);
+ qemu_devtree_setprop(fdt, pci, "interrupt-map", pci_map, len);
qemu_devtree_setprop_phandle(fdt, pci, "interrupt-parent", mpic);
qemu_devtree_setprop_cells(fdt, pci, "interrupts", 24, 2);
qemu_devtree_setprop_cells(fdt, pci, "bus-range", 0, 255);
for (i = 0; i < 14; i++) {
pci_ranges[i] = cpu_to_be32(pci_ranges[i]);
}
+ qemu_devtree_setprop_cell(fdt, pci, "fsl,msi", msi_ph);
qemu_devtree_setprop(fdt, pci, "ranges", pci_ranges, sizeof(pci_ranges));
qemu_devtree_setprop_cells(fdt, pci, "reg", MPC8544_PCI_REGS_BASE >> 32,
MPC8544_PCI_REGS_BASE, 0, 0x1000);
@@ -340,6 +377,7 @@ done:
ret = fdt_size;
out:
+ g_free(pci_map);
return ret;
}
@@ -350,11 +388,10 @@ static inline hwaddr booke206_page_size_to_tlb(uint64_t size)
return 63 - clz64(size >> 10);
}
-static void mmubooke_create_initial_mapping(CPUPPCState *env)
+static int booke206_initial_map_tsize(CPUPPCState *env)
{
struct boot_info *bi = env->load_info;
- ppcmas_tlb_t *tlb = booke206_get_tlbm(env, 1, 0, 0);
- hwaddr size, dt_end;
+ hwaddr dt_end;
int ps;
/* Our initial TLB entry needs to cover everything from 0 to
@@ -365,6 +402,24 @@ static void mmubooke_create_initial_mapping(CPUPPCState *env)
/* e500v2 can only do even TLB size bits */
ps++;
}
+ return ps;
+}
+
+static uint64_t mmubooke_initial_mapsize(CPUPPCState *env)
+{
+ int tsize;
+
+ tsize = booke206_initial_map_tsize(env);
+ return (1ULL << 10 << tsize);
+}
+
+static void mmubooke_create_initial_mapping(CPUPPCState *env)
+{
+ ppcmas_tlb_t *tlb = booke206_get_tlbm(env, 1, 0, 0);
+ hwaddr size;
+ int ps;
+
+ ps = booke206_initial_map_tsize(env);
size = (ps << MAS1_TSIZE_SHIFT);
tlb->mas1 = MAS1_VALID | size;
tlb->mas2 = 0;
@@ -377,32 +432,133 @@ static void mmubooke_create_initial_mapping(CPUPPCState *env)
static void ppce500_cpu_reset_sec(void *opaque)
{
PowerPCCPU *cpu = opaque;
+ CPUState *cs = CPU(cpu);
CPUPPCState *env = &cpu->env;
- cpu_reset(CPU(cpu));
+ cpu_reset(cs);
/* Secondary CPU starts in halted state for now. Needs to change when
implementing non-kernel boot. */
- env->halted = 1;
+ cs->halted = 1;
env->exception_index = EXCP_HLT;
}
static void ppce500_cpu_reset(void *opaque)
{
PowerPCCPU *cpu = opaque;
+ CPUState *cs = CPU(cpu);
CPUPPCState *env = &cpu->env;
struct boot_info *bi = env->load_info;
- cpu_reset(CPU(cpu));
+ cpu_reset(cs);
/* Set initial guest state. */
- env->halted = 0;
+ cs->halted = 0;
env->gpr[1] = (16<<20) - 8;
env->gpr[3] = bi->dt_base;
+ env->gpr[4] = 0;
+ env->gpr[5] = 0;
+ env->gpr[6] = EPAPR_MAGIC;
+ env->gpr[7] = mmubooke_initial_mapsize(env);
+ env->gpr[8] = 0;
+ env->gpr[9] = 0;
env->nip = bi->entry;
mmubooke_create_initial_mapping(env);
}
+static DeviceState *ppce500_init_mpic_qemu(PPCE500Params *params,
+ qemu_irq **irqs)
+{
+ DeviceState *dev;
+ SysBusDevice *s;
+ int i, j, k;
+
+ dev = qdev_create(NULL, TYPE_OPENPIC);
+ qdev_prop_set_uint32(dev, "model", params->mpic_version);
+ qdev_prop_set_uint32(dev, "nb_cpus", smp_cpus);
+
+ qdev_init_nofail(dev);
+ s = SYS_BUS_DEVICE(dev);
+
+ k = 0;
+ for (i = 0; i < smp_cpus; i++) {
+ for (j = 0; j < OPENPIC_OUTPUT_NB; j++) {
+ sysbus_connect_irq(s, k++, irqs[i][j]);
+ }
+ }
+
+ return dev;
+}
+
+static DeviceState *ppce500_init_mpic_kvm(PPCE500Params *params,
+ qemu_irq **irqs)
+{
+ DeviceState *dev;
+ CPUState *cs;
+ int r;
+
+ dev = qdev_create(NULL, TYPE_KVM_OPENPIC);
+ qdev_prop_set_uint32(dev, "model", params->mpic_version);
+
+ r = qdev_init(dev);
+ if (r) {
+ return NULL;
+ }
+
+ for (cs = first_cpu; cs != NULL; cs = cs->next_cpu) {
+ if (kvm_openpic_connect_vcpu(dev, cs)) {
+ fprintf(stderr, "%s: failed to connect vcpu to irqchip\n",
+ __func__);
+ abort();
+ }
+ }
+
+ return dev;
+}
+
+static qemu_irq *ppce500_init_mpic(PPCE500Params *params, MemoryRegion *ccsr,
+ qemu_irq **irqs)
+{
+ qemu_irq *mpic;
+ DeviceState *dev = NULL;
+ SysBusDevice *s;
+ int i;
+
+ mpic = g_new(qemu_irq, 256);
+
+ if (kvm_enabled()) {
+ QemuOpts *machine_opts = qemu_get_machine_opts();
+ bool irqchip_allowed = qemu_opt_get_bool(machine_opts,
+ "kernel_irqchip", true);
+ bool irqchip_required = qemu_opt_get_bool(machine_opts,
+ "kernel_irqchip", false);
+
+ if (irqchip_allowed) {
+ dev = ppce500_init_mpic_kvm(params, irqs);
+ }
+
+ if (irqchip_required && !dev) {
+ fprintf(stderr, "%s: irqchip requested but unavailable\n",
+ __func__);
+ abort();
+ }
+ }
+
+ if (!dev) {
+ dev = ppce500_init_mpic_qemu(params, irqs);
+ }
+
+ for (i = 0; i < 256; i++) {
+ mpic[i] = qdev_get_gpio_in(dev, i);
+ }
+
+ s = SYS_BUS_DEVICE(dev);
+ memory_region_add_subregion(ccsr, MPC8544_MPIC_REGS_OFFSET,
+ s->mmio[0].memory);
+
+ return mpic;
+}
+
void ppce500_init(PPCE500Params *params)
{
MemoryRegion *address_space_mem = get_system_memory();
@@ -416,12 +572,16 @@ void ppce500_init(PPCE500Params *params)
target_long kernel_size=0;
target_ulong dt_base = 0;
target_ulong initrd_base = 0;
- target_long initrd_size=0;
- int i=0;
+ target_long initrd_size = 0;
+ target_ulong cur_base = 0;
+ int i;
unsigned int pci_irq_nrs[4] = {1, 2, 3, 4};
qemu_irq **irqs, *mpic;
DeviceState *dev;
CPUPPCState *firstenv = NULL;
+ MemoryRegion *ccsr_addr_space;
+ SysBusDevice *s;
+ PPCE500CCSRState *ccsr;
/* Setup CPUs */
if (params->cpu_model == NULL) {
@@ -432,6 +592,7 @@ void ppce500_init(PPCE500Params *params)
irqs[0] = g_malloc0(smp_cpus * sizeof(qemu_irq) * OPENPIC_OUTPUT_NB);
for (i = 0; i < smp_cpus; i++) {
PowerPCCPU *cpu;
+ CPUState *cs;
qemu_irq *input;
cpu = cpu_ppc_init(params->cpu_model);
@@ -440,6 +601,7 @@ void ppce500_init(PPCE500Params *params)
exit(1);
}
env = &cpu->env;
+ cs = CPU(cpu);
if (!firstenv) {
firstenv = env;
@@ -449,10 +611,11 @@ void ppce500_init(PPCE500Params *params)
input = (qemu_irq *)env->irq_inputs;
irqs[i][OPENPIC_OUTPUT_INT] = input[PPCE500_INPUT_INT];
irqs[i][OPENPIC_OUTPUT_CINT] = input[PPCE500_INPUT_CINT];
- env->spr[SPR_BOOKE_PIR] = env->cpu_index = i;
- env->mpic_cpu_base = MPC8544_MPIC_REGS_BASE + 0x20000;
+ env->spr[SPR_BOOKE_PIR] = cs->cpu_index = i;
+ env->mpic_iack = MPC8544_CCSRBAR_BASE +
+ MPC8544_MPIC_REGS_OFFSET + 0xa0;
- ppc_booke_timers_init(env, 400000000, PPC_TIMER_E500);
+ ppc_booke_timers_init(cpu, 400000000, PPC_TIMER_E500);
/* Register reset handler */
if (!i) {
@@ -471,51 +634,66 @@ void ppce500_init(PPCE500Params *params)
/* Fixup Memory size on a alignment boundary */
ram_size &= ~(RAM_SIZES_ALIGN - 1);
+ params->ram_size = ram_size;
/* Register Memory */
- memory_region_init_ram(ram, "mpc8544ds.ram", ram_size);
+ memory_region_init_ram(ram, NULL, "mpc8544ds.ram", ram_size);
vmstate_register_ram_global(ram);
memory_region_add_subregion(address_space_mem, 0, ram);
- /* MPIC */
- mpic = mpic_init(address_space_mem, MPC8544_MPIC_REGS_BASE,
- smp_cpus, irqs, NULL);
+ dev = qdev_create(NULL, "e500-ccsr");
+ object_property_add_child(qdev_get_machine(), "e500-ccsr",
+ OBJECT(dev), NULL);
+ qdev_init_nofail(dev);
+ ccsr = CCSR(dev);
+ ccsr_addr_space = &ccsr->ccsr_space;
+ memory_region_add_subregion(address_space_mem, MPC8544_CCSRBAR_BASE,
+ ccsr_addr_space);
- if (!mpic) {
- cpu_abort(env, "MPIC failed to initialize\n");
- }
+ mpic = ppce500_init_mpic(params, ccsr_addr_space, irqs);
/* Serial */
if (serial_hds[0]) {
- serial_mm_init(address_space_mem, MPC8544_SERIAL0_REGS_BASE,
- 0, mpic[12+26], 399193,
+ serial_mm_init(ccsr_addr_space, MPC8544_SERIAL0_REGS_OFFSET,
+ 0, mpic[42], 399193,
serial_hds[0], DEVICE_BIG_ENDIAN);
}
if (serial_hds[1]) {
- serial_mm_init(address_space_mem, MPC8544_SERIAL1_REGS_BASE,
- 0, mpic[12+26], 399193,
+ serial_mm_init(ccsr_addr_space, MPC8544_SERIAL1_REGS_OFFSET,
+ 0, mpic[42], 399193,
serial_hds[1], DEVICE_BIG_ENDIAN);
}
/* General Utility device */
- sysbus_create_simple("mpc8544-guts", MPC8544_UTIL_BASE, NULL);
+ dev = qdev_create(NULL, "mpc8544-guts");
+ qdev_init_nofail(dev);
+ s = SYS_BUS_DEVICE(dev);
+ memory_region_add_subregion(ccsr_addr_space, MPC8544_UTIL_OFFSET,
+ sysbus_mmio_get_region(s, 0));
/* PCI */
- dev = sysbus_create_varargs("e500-pcihost", MPC8544_PCI_REGS_BASE,
- mpic[pci_irq_nrs[0]], mpic[pci_irq_nrs[1]],
- mpic[pci_irq_nrs[2]], mpic[pci_irq_nrs[3]],
- NULL);
+ dev = qdev_create(NULL, "e500-pcihost");
+ qdev_prop_set_uint32(dev, "first_slot", params->pci_first_slot);
+ qdev_init_nofail(dev);
+ s = SYS_BUS_DEVICE(dev);
+ sysbus_connect_irq(s, 0, mpic[pci_irq_nrs[0]]);
+ sysbus_connect_irq(s, 1, mpic[pci_irq_nrs[1]]);
+ sysbus_connect_irq(s, 2, mpic[pci_irq_nrs[2]]);
+ sysbus_connect_irq(s, 3, mpic[pci_irq_nrs[3]]);
+ memory_region_add_subregion(ccsr_addr_space, MPC8544_PCI_REGS_OFFSET,
+ sysbus_mmio_get_region(s, 0));
+
pci_bus = (PCIBus *)qdev_get_child_bus(dev, "pci.0");
if (!pci_bus)
printf("couldn't create PCI controller!\n");
- sysbus_mmio_map(sysbus_from_qdev(dev), 1, MPC8544_PCI_IO);
+ sysbus_mmio_map(SYS_BUS_DEVICE(dev), 1, MPC8544_PCI_IO);
if (pci_bus) {
/* Register network interfaces. */
for (i = 0; i < nb_nics; i++) {
- pci_nic_init_nofail(&nd_table[i], "virtio", NULL);
+ pci_nic_init_nofail(&nd_table[i], pci_bus, "virtio", NULL);
}
}
@@ -539,12 +717,17 @@ void ppce500_init(PPCE500Params *params)
params->kernel_filename);
exit(1);
}
+
+ cur_base = loadaddr + kernel_size;
+
+ /* Reserve space for dtb */
+ dt_base = (cur_base + DTC_LOAD_PAD) & ~DTC_PAD_MASK;
+ cur_base += DTB_MAX_SIZE;
}
/* Load initrd. */
if (params->initrd_filename) {
- initrd_base = (loadaddr + kernel_size + INITRD_LOAD_PAD) &
- ~INITRD_PAD_MASK;
+ initrd_base = (cur_base + INITRD_LOAD_PAD) & ~INITRD_PAD_MASK;
initrd_size = load_image_targphys(params->initrd_filename, initrd_base,
ram_size - initrd_base);
@@ -553,6 +736,8 @@ void ppce500_init(PPCE500Params *params)
params->initrd_filename);
exit(1);
}
+
+ cur_base = initrd_base + initrd_size;
}
/* If we're loading a kernel directly, we must load the device tree too. */
@@ -560,13 +745,13 @@ void ppce500_init(PPCE500Params *params)
struct boot_info *boot_info;
int dt_size;
- dt_base = (loadaddr + kernel_size + DTC_LOAD_PAD) & ~DTC_PAD_MASK;
dt_size = ppce500_load_device_tree(env, params, dt_base, initrd_base,
initrd_size);
if (dt_size < 0) {
fprintf(stderr, "couldn't load device tree\n");
exit(1);
}
+ assert(dt_size < DTB_MAX_SIZE);
boot_info = env->load_info;
boot_info->entry = entry;
@@ -578,3 +763,33 @@ void ppce500_init(PPCE500Params *params)
kvmppc_init();
}
}
+
+static int e500_ccsr_initfn(SysBusDevice *dev)
+{
+ PPCE500CCSRState *ccsr;
+
+ ccsr = CCSR(dev);
+ memory_region_init(&ccsr->ccsr_space, OBJECT(ccsr), "e500-ccsr",
+ MPC8544_CCSRBAR_SIZE);
+ return 0;
+}
+
+static void e500_ccsr_class_init(ObjectClass *klass, void *data)
+{
+ SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
+ k->init = e500_ccsr_initfn;
+}
+
+static const TypeInfo e500_ccsr_info = {
+ .name = TYPE_CCSR,
+ .parent = TYPE_SYS_BUS_DEVICE,
+ .instance_size = sizeof(PPCE500CCSRState),
+ .class_init = e500_ccsr_class_init,
+};
+
+static void e500_register_types(void)
+{
+ type_register_static(&e500_ccsr_info);
+}
+
+type_init(e500_register_types)
diff --git a/hw/ppc/e500.h b/hw/ppc/e500.h
index 7ae87f4e2..226c93d24 100644
--- a/hw/ppc/e500.h
+++ b/hw/ppc/e500.h
@@ -9,11 +9,15 @@ typedef struct PPCE500Params {
const char *kernel_cmdline;
const char *initrd_filename;
const char *cpu_model;
+ int pci_first_slot;
+ int pci_nr_slots;
/* e500-specific params */
/* required -- must at least add toplevel board compatible */
void (*fixup_devtree)(struct PPCE500Params *params, void *fdt);
+
+ int mpic_version;
} PPCE500Params;
void ppce500_init(PPCE500Params *params);
diff --git a/hw/ppc/e500plat.c b/hw/ppc/e500plat.c
index 4cfb94061..c85299588 100644
--- a/hw/ppc/e500plat.c
+++ b/hw/ppc/e500plat.c
@@ -12,8 +12,11 @@
#include "config.h"
#include "qemu-common.h"
#include "e500.h"
-#include "../boards.h"
-#include "device_tree.h"
+#include "hw/boards.h"
+#include "sysemu/device_tree.h"
+#include "hw/pci/pci.h"
+#include "hw/ppc/openpic.h"
+#include "kvm_ppc.h"
static void e500plat_fixup_devtree(PPCE500Params *params, void *fdt)
{
@@ -40,9 +43,18 @@ static void e500plat_init(QEMUMachineInitArgs *args)
.kernel_cmdline = kernel_cmdline,
.initrd_filename = initrd_filename,
.cpu_model = cpu_model,
+ .pci_first_slot = 0x1,
+ .pci_nr_slots = PCI_SLOT_MAX - 1,
.fixup_devtree = e500plat_fixup_devtree,
+ .mpic_version = OPENPIC_MODEL_FSL_MPIC_42,
};
+ /* Older KVM versions don't support EPR which breaks guests when we announce
+ MPIC variants that support EPR. Revert to an older one for those */
+ if (kvm_enabled() && !kvmppc_has_cap_epr()) {
+ params.mpic_version = OPENPIC_MODEL_FSL_MPIC_20;
+ }
+
ppce500_init(&params);
}
@@ -50,7 +62,8 @@ static QEMUMachine e500plat_machine = {
.name = "ppce500",
.desc = "generic paravirt e500 platform",
.init = e500plat_init,
- .max_cpus = 15,
+ .max_cpus = 32,
+ DEFAULT_MACHINE_OPTIONS,
};
static void e500plat_machine_init(void)
diff --git a/hw/ppc/mac.h b/hw/ppc/mac.h
new file mode 100644
index 000000000..1e578dd59
--- /dev/null
+++ b/hw/ppc/mac.h
@@ -0,0 +1,184 @@
+/*
+ * QEMU PowerMac emulation shared definitions and prototypes
+ *
+ * Copyright (c) 2004-2007 Fabrice Bellard
+ * Copyright (c) 2007 Jocelyn Mayer
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+#if !defined(__PPC_MAC_H__)
+#define __PPC_MAC_H__
+
+#include "exec/memory.h"
+#include "hw/sysbus.h"
+#include "hw/ide/internal.h"
+#include "hw/input/adb.h"
+
+/* SMP is not enabled, for now */
+#define MAX_CPUS 1
+
+#define BIOS_SIZE (1024 * 1024)
+#define BIOS_FILENAME "ppc_rom.bin"
+#define NVRAM_SIZE 0x2000
+#define PROM_FILENAME "openbios-ppc"
+#define PROM_ADDR 0xfff00000
+
+#define KERNEL_LOAD_ADDR 0x01000000
+#define KERNEL_GAP 0x00100000
+
+#define ESCC_CLOCK 3686400
+
+/* Cuda */
+#define TYPE_CUDA "cuda"
+#define CUDA(obj) OBJECT_CHECK(CUDAState, (obj), TYPE_CUDA)
+
+/**
+ * CUDATimer:
+ * @counter_value: counter value at load time
+ */
+typedef struct CUDATimer {
+ int index;
+ uint16_t latch;
+ uint16_t counter_value;
+ int64_t load_time;
+ int64_t next_irq_time;
+ QEMUTimer *timer;
+} CUDATimer;
+
+/**
+ * CUDAState:
+ * @b: B-side data
+ * @a: A-side data
+ * @dirb: B-side direction (1=output)
+ * @dira: A-side direction (1=output)
+ * @sr: Shift register
+ * @acr: Auxiliary control register
+ * @pcr: Peripheral control register
+ * @ifr: Interrupt flag register
+ * @ier: Interrupt enable register
+ * @anh: A-side data, no handshake
+ * @last_b: last value of B register
+ * @last_acr: last value of ACR register
+ */
+typedef struct CUDAState {
+ /*< private >*/
+ SysBusDevice parent_obj;
+ /*< public >*/
+
+ MemoryRegion mem;
+ /* cuda registers */
+ uint8_t b;
+ uint8_t a;
+ uint8_t dirb;
+ uint8_t dira;
+ uint8_t sr;
+ uint8_t acr;
+ uint8_t pcr;
+ uint8_t ifr;
+ uint8_t ier;
+ uint8_t anh;
+
+ ADBBusState adb_bus;
+ CUDATimer timers[2];
+
+ uint32_t tick_offset;
+
+ uint8_t last_b;
+ uint8_t last_acr;
+
+ int data_in_size;
+ int data_in_index;
+ int data_out_index;
+
+ qemu_irq irq;
+ uint8_t autopoll;
+ uint8_t data_in[128];
+ uint8_t data_out[16];
+ QEMUTimer *adb_poll_timer;
+} CUDAState;
+
+/* MacIO */
+#define TYPE_OLDWORLD_MACIO "macio-oldworld"
+#define TYPE_NEWWORLD_MACIO "macio-newworld"
+
+#define TYPE_MACIO_IDE "macio-ide"
+#define MACIO_IDE(obj) OBJECT_CHECK(MACIOIDEState, (obj), TYPE_MACIO_IDE)
+
+typedef struct MACIOIDEState {
+ /*< private >*/
+ SysBusDevice parent_obj;
+ /*< public >*/
+
+ qemu_irq irq;
+ qemu_irq dma_irq;
+
+ MemoryRegion mem;
+ IDEBus bus;
+ BlockDriverAIOCB *aiocb;
+ IDEDMA dma;
+ void *dbdma;
+ bool dma_active;
+} MACIOIDEState;
+
+void macio_ide_init_drives(MACIOIDEState *ide, DriveInfo **hd_table);
+void macio_ide_register_dma(MACIOIDEState *ide, void *dbdma, int channel);
+
+void macio_init(PCIDevice *dev,
+ MemoryRegion *pic_mem,
+ MemoryRegion *escc_mem);
+
+/* Heathrow PIC */
+qemu_irq *heathrow_pic_init(MemoryRegion **pmem,
+ int nb_cpus, qemu_irq **irqs);
+
+/* Grackle PCI */
+#define TYPE_GRACKLE_PCI_HOST_BRIDGE "grackle-pcihost"
+PCIBus *pci_grackle_init(uint32_t base, qemu_irq *pic,
+ MemoryRegion *address_space_mem,
+ MemoryRegion *address_space_io);
+
+/* UniNorth PCI */
+PCIBus *pci_pmac_init(qemu_irq *pic,
+ MemoryRegion *address_space_mem,
+ MemoryRegion *address_space_io);
+PCIBus *pci_pmac_u3_init(qemu_irq *pic,
+ MemoryRegion *address_space_mem,
+ MemoryRegion *address_space_io);
+
+/* Mac NVRAM */
+#define TYPE_MACIO_NVRAM "macio-nvram"
+#define MACIO_NVRAM(obj) \
+ OBJECT_CHECK(MacIONVRAMState, (obj), TYPE_MACIO_NVRAM)
+
+typedef struct MacIONVRAMState {
+ /*< private >*/
+ SysBusDevice parent_obj;
+ /*< public >*/
+
+ uint32_t size;
+ uint32_t it_shift;
+
+ MemoryRegion mem;
+ uint8_t *data;
+} MacIONVRAMState;
+
+void pmac_format_nvram_partition (MacIONVRAMState *nvr, int len);
+uint8_t macio_nvram_read(MacIONVRAMState *s, uint32_t addr);
+void macio_nvram_write(MacIONVRAMState *s, uint32_t addr, uint8_t val);
+#endif /* !defined(__PPC_MAC_H__) */
diff --git a/hw/ppc/mac_newworld.c b/hw/ppc/mac_newworld.c
new file mode 100644
index 000000000..7ef806ef7
--- /dev/null
+++ b/hw/ppc/mac_newworld.c
@@ -0,0 +1,488 @@
+/*
+ * QEMU PowerPC CHRP (currently NewWorld PowerMac) hardware System Emulator
+ *
+ * Copyright (c) 2004-2007 Fabrice Bellard
+ * Copyright (c) 2007 Jocelyn Mayer
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ *
+ * PCI bus layout on a real G5 (U3 based):
+ *
+ * 0000:f0:0b.0 Host bridge [0600]: Apple Computer Inc. U3 AGP [106b:004b]
+ * 0000:f0:10.0 VGA compatible controller [0300]: ATI Technologies Inc RV350 AP [Radeon 9600] [1002:4150]
+ * 0001:00:00.0 Host bridge [0600]: Apple Computer Inc. CPC945 HT Bridge [106b:004a]
+ * 0001:00:01.0 PCI bridge [0604]: Advanced Micro Devices [AMD] AMD-8131 PCI-X Bridge [1022:7450] (rev 12)
+ * 0001:00:02.0 PCI bridge [0604]: Advanced Micro Devices [AMD] AMD-8131 PCI-X Bridge [1022:7450] (rev 12)
+ * 0001:00:03.0 PCI bridge [0604]: Apple Computer Inc. K2 HT-PCI Bridge [106b:0045]
+ * 0001:00:04.0 PCI bridge [0604]: Apple Computer Inc. K2 HT-PCI Bridge [106b:0046]
+ * 0001:00:05.0 PCI bridge [0604]: Apple Computer Inc. K2 HT-PCI Bridge [106b:0047]
+ * 0001:00:06.0 PCI bridge [0604]: Apple Computer Inc. K2 HT-PCI Bridge [106b:0048]
+ * 0001:00:07.0 PCI bridge [0604]: Apple Computer Inc. K2 HT-PCI Bridge [106b:0049]
+ * 0001:01:07.0 Class [ff00]: Apple Computer Inc. K2 KeyLargo Mac/IO [106b:0041] (rev 20)
+ * 0001:01:08.0 USB Controller [0c03]: Apple Computer Inc. K2 KeyLargo USB [106b:0040]
+ * 0001:01:09.0 USB Controller [0c03]: Apple Computer Inc. K2 KeyLargo USB [106b:0040]
+ * 0001:02:0b.0 USB Controller [0c03]: NEC Corporation USB [1033:0035] (rev 43)
+ * 0001:02:0b.1 USB Controller [0c03]: NEC Corporation USB [1033:0035] (rev 43)
+ * 0001:02:0b.2 USB Controller [0c03]: NEC Corporation USB 2.0 [1033:00e0] (rev 04)
+ * 0001:03:0d.0 Class [ff00]: Apple Computer Inc. K2 ATA/100 [106b:0043]
+ * 0001:03:0e.0 FireWire (IEEE 1394) [0c00]: Apple Computer Inc. K2 FireWire [106b:0042]
+ * 0001:04:0f.0 Ethernet controller [0200]: Apple Computer Inc. K2 GMAC (Sun GEM) [106b:004c]
+ * 0001:05:0c.0 IDE interface [0101]: Broadcom K2 SATA [1166:0240]
+ *
+ */
+#include "hw/hw.h"
+#include "hw/ppc/ppc.h"
+#include "hw/ppc/mac.h"
+#include "hw/input/adb.h"
+#include "hw/ppc/mac_dbdma.h"
+#include "hw/timer/m48t59.h"
+#include "hw/pci/pci.h"
+#include "net/net.h"
+#include "sysemu/sysemu.h"
+#include "hw/boards.h"
+#include "hw/nvram/fw_cfg.h"
+#include "hw/char/escc.h"
+#include "hw/ppc/openpic.h"
+#include "hw/ide.h"
+#include "hw/loader.h"
+#include "elf.h"
+#include "sysemu/kvm.h"
+#include "kvm_ppc.h"
+#include "hw/usb.h"
+#include "sysemu/blockdev.h"
+#include "exec/address-spaces.h"
+#include "hw/sysbus.h"
+
+#define MAX_IDE_BUS 2
+#define CFG_ADDR 0xf0000510
+#define TBFREQ (100UL * 1000UL * 1000UL)
+
+/* debug UniNorth */
+//#define DEBUG_UNIN
+
+#ifdef DEBUG_UNIN
+#define UNIN_DPRINTF(fmt, ...) \
+ do { printf("UNIN: " fmt , ## __VA_ARGS__); } while (0)
+#else
+#define UNIN_DPRINTF(fmt, ...)
+#endif
+
+/* UniN device */
+static void unin_write(void *opaque, hwaddr addr, uint64_t value,
+ unsigned size)
+{
+ UNIN_DPRINTF("write addr " TARGET_FMT_plx " val %"PRIx64"\n", addr, value);
+ if (addr == 0x0) {
+ *(int*)opaque = value;
+ }
+}
+
+static uint64_t unin_read(void *opaque, hwaddr addr, unsigned size)
+{
+ uint32_t value;
+
+ value = 0;
+ switch (addr) {
+ case 0:
+ value = *(int*)opaque;
+ }
+
+ UNIN_DPRINTF("readl addr " TARGET_FMT_plx " val %x\n", addr, value);
+
+ return value;
+}
+
+static const MemoryRegionOps unin_ops = {
+ .read = unin_read,
+ .write = unin_write,
+ .endianness = DEVICE_NATIVE_ENDIAN,
+};
+
+static int fw_cfg_boot_set(void *opaque, const char *boot_device)
+{
+ fw_cfg_add_i16(opaque, FW_CFG_BOOT_DEVICE, boot_device[0]);
+ return 0;
+}
+
+static uint64_t translate_kernel_address(void *opaque, uint64_t addr)
+{
+ return (addr & 0x0fffffff) + KERNEL_LOAD_ADDR;
+}
+
+static hwaddr round_page(hwaddr addr)
+{
+ return (addr + TARGET_PAGE_SIZE - 1) & TARGET_PAGE_MASK;
+}
+
+static void ppc_core99_reset(void *opaque)
+{
+ PowerPCCPU *cpu = opaque;
+
+ cpu_reset(CPU(cpu));
+ /* 970 CPUs want to get their initial IP as part of their boot protocol */
+ cpu->env.nip = PROM_ADDR + 0x100;
+}
+
+/* PowerPC Mac99 hardware initialisation */
+static void ppc_core99_init(QEMUMachineInitArgs *args)
+{
+ ram_addr_t ram_size = args->ram_size;
+ const char *cpu_model = args->cpu_model;
+ const char *kernel_filename = args->kernel_filename;
+ const char *kernel_cmdline = args->kernel_cmdline;
+ const char *initrd_filename = args->initrd_filename;
+ const char *boot_device = args->boot_device;
+ PowerPCCPU *cpu = NULL;
+ CPUPPCState *env = NULL;
+ char *filename;
+ qemu_irq *pic, **openpic_irqs;
+ MemoryRegion *isa = g_new(MemoryRegion, 1);
+ MemoryRegion *unin_memory = g_new(MemoryRegion, 1);
+ MemoryRegion *unin2_memory = g_new(MemoryRegion, 1);
+ int linux_boot, i, j, k;
+ MemoryRegion *ram = g_new(MemoryRegion, 1), *bios = g_new(MemoryRegion, 1);
+ hwaddr kernel_base, initrd_base, cmdline_base = 0;
+ long kernel_size, initrd_size;
+ PCIBus *pci_bus;
+ PCIDevice *macio;
+ MACIOIDEState *macio_ide;
+ BusState *adb_bus;
+ MacIONVRAMState *nvr;
+ int bios_size;
+ MemoryRegion *pic_mem, *escc_mem;
+ MemoryRegion *escc_bar = g_new(MemoryRegion, 1);
+ int ppc_boot_device;
+ DriveInfo *hd[MAX_IDE_BUS * MAX_IDE_DEVS];
+ void *fw_cfg;
+ int machine_arch;
+ SysBusDevice *s;
+ DeviceState *dev;
+ int *token = g_new(int, 1);
+
+ linux_boot = (kernel_filename != NULL);
+
+ /* init CPUs */
+ if (cpu_model == NULL)
+#ifdef TARGET_PPC64
+ cpu_model = "970fx";
+#else
+ cpu_model = "G4";
+#endif
+ for (i = 0; i < smp_cpus; i++) {
+ cpu = cpu_ppc_init(cpu_model);
+ if (cpu == NULL) {
+ fprintf(stderr, "Unable to find PowerPC CPU definition\n");
+ exit(1);
+ }
+ env = &cpu->env;
+
+ /* Set time-base frequency to 100 Mhz */
+ cpu_ppc_tb_init(env, TBFREQ);
+ qemu_register_reset(ppc_core99_reset, cpu);
+ }
+
+ /* allocate RAM */
+ memory_region_init_ram(ram, NULL, "ppc_core99.ram", ram_size);
+ vmstate_register_ram_global(ram);
+ memory_region_add_subregion(get_system_memory(), 0, ram);
+
+ /* allocate and load BIOS */
+ memory_region_init_ram(bios, NULL, "ppc_core99.bios", BIOS_SIZE);
+ vmstate_register_ram_global(bios);
+ if (bios_name == NULL)
+ bios_name = PROM_FILENAME;
+ filename = qemu_find_file(QEMU_FILE_TYPE_BIOS, bios_name);
+ memory_region_set_readonly(bios, true);
+ memory_region_add_subregion(get_system_memory(), PROM_ADDR, bios);
+
+ /* Load OpenBIOS (ELF) */
+ if (filename) {
+ bios_size = load_elf(filename, NULL, NULL, NULL,
+ NULL, NULL, 1, ELF_MACHINE, 0);
+
+ g_free(filename);
+ } else {
+ bios_size = -1;
+ }
+ if (bios_size < 0 || bios_size > BIOS_SIZE) {
+ hw_error("qemu: could not load PowerPC bios '%s'\n", bios_name);
+ exit(1);
+ }
+
+ if (linux_boot) {
+ uint64_t lowaddr = 0;
+ int bswap_needed;
+
+#ifdef BSWAP_NEEDED
+ bswap_needed = 1;
+#else
+ bswap_needed = 0;
+#endif
+ kernel_base = KERNEL_LOAD_ADDR;
+
+ kernel_size = load_elf(kernel_filename, translate_kernel_address, NULL,
+ NULL, &lowaddr, NULL, 1, ELF_MACHINE, 0);
+ if (kernel_size < 0)
+ kernel_size = load_aout(kernel_filename, kernel_base,
+ ram_size - kernel_base, bswap_needed,
+ TARGET_PAGE_SIZE);
+ if (kernel_size < 0)
+ kernel_size = load_image_targphys(kernel_filename,
+ kernel_base,
+ ram_size - kernel_base);
+ if (kernel_size < 0) {
+ hw_error("qemu: could not load kernel '%s'\n", kernel_filename);
+ exit(1);
+ }
+ /* load initrd */
+ if (initrd_filename) {
+ initrd_base = round_page(kernel_base + kernel_size + KERNEL_GAP);
+ initrd_size = load_image_targphys(initrd_filename, initrd_base,
+ ram_size - initrd_base);
+ if (initrd_size < 0) {
+ hw_error("qemu: could not load initial ram disk '%s'\n",
+ initrd_filename);
+ exit(1);
+ }
+ cmdline_base = round_page(initrd_base + initrd_size);
+ } else {
+ initrd_base = 0;
+ initrd_size = 0;
+ cmdline_base = round_page(kernel_base + kernel_size + KERNEL_GAP);
+ }
+ ppc_boot_device = 'm';
+ } else {
+ kernel_base = 0;
+ kernel_size = 0;
+ initrd_base = 0;
+ initrd_size = 0;
+ ppc_boot_device = '\0';
+ /* We consider that NewWorld PowerMac never have any floppy drive
+ * For now, OHW cannot boot from the network.
+ */
+ for (i = 0; boot_device[i] != '\0'; i++) {
+ if (boot_device[i] >= 'c' && boot_device[i] <= 'f') {
+ ppc_boot_device = boot_device[i];
+ break;
+ }
+ }
+ if (ppc_boot_device == '\0') {
+ fprintf(stderr, "No valid boot device for Mac99 machine\n");
+ exit(1);
+ }
+ }
+
+ /* Register 8 MB of ISA IO space */
+ memory_region_init_alias(isa, NULL, "isa_mmio",
+ get_system_io(), 0, 0x00800000);
+ memory_region_add_subregion(get_system_memory(), 0xf2000000, isa);
+
+ /* UniN init: XXX should be a real device */
+ memory_region_init_io(unin_memory, NULL, &unin_ops, token, "unin", 0x1000);
+ memory_region_add_subregion(get_system_memory(), 0xf8000000, unin_memory);
+
+ memory_region_init_io(unin2_memory, NULL, &unin_ops, token, "unin", 0x1000);
+ memory_region_add_subregion(get_system_memory(), 0xf3000000, unin2_memory);
+
+ openpic_irqs = g_malloc0(smp_cpus * sizeof(qemu_irq *));
+ openpic_irqs[0] =
+ g_malloc0(smp_cpus * sizeof(qemu_irq) * OPENPIC_OUTPUT_NB);
+ for (i = 0; i < smp_cpus; i++) {
+ /* Mac99 IRQ connection between OpenPIC outputs pins
+ * and PowerPC input pins
+ */
+ switch (PPC_INPUT(env)) {
+ case PPC_FLAGS_INPUT_6xx:
+ openpic_irqs[i] = openpic_irqs[0] + (i * OPENPIC_OUTPUT_NB);
+ openpic_irqs[i][OPENPIC_OUTPUT_INT] =
+ ((qemu_irq *)env->irq_inputs)[PPC6xx_INPUT_INT];
+ openpic_irqs[i][OPENPIC_OUTPUT_CINT] =
+ ((qemu_irq *)env->irq_inputs)[PPC6xx_INPUT_INT];
+ openpic_irqs[i][OPENPIC_OUTPUT_MCK] =
+ ((qemu_irq *)env->irq_inputs)[PPC6xx_INPUT_MCP];
+ /* Not connected ? */
+ openpic_irqs[i][OPENPIC_OUTPUT_DEBUG] = NULL;
+ /* Check this */
+ openpic_irqs[i][OPENPIC_OUTPUT_RESET] =
+ ((qemu_irq *)env->irq_inputs)[PPC6xx_INPUT_HRESET];
+ break;
+#if defined(TARGET_PPC64)
+ case PPC_FLAGS_INPUT_970:
+ openpic_irqs[i] = openpic_irqs[0] + (i * OPENPIC_OUTPUT_NB);
+ openpic_irqs[i][OPENPIC_OUTPUT_INT] =
+ ((qemu_irq *)env->irq_inputs)[PPC970_INPUT_INT];
+ openpic_irqs[i][OPENPIC_OUTPUT_CINT] =
+ ((qemu_irq *)env->irq_inputs)[PPC970_INPUT_INT];
+ openpic_irqs[i][OPENPIC_OUTPUT_MCK] =
+ ((qemu_irq *)env->irq_inputs)[PPC970_INPUT_MCP];
+ /* Not connected ? */
+ openpic_irqs[i][OPENPIC_OUTPUT_DEBUG] = NULL;
+ /* Check this */
+ openpic_irqs[i][OPENPIC_OUTPUT_RESET] =
+ ((qemu_irq *)env->irq_inputs)[PPC970_INPUT_HRESET];
+ break;
+#endif /* defined(TARGET_PPC64) */
+ default:
+ hw_error("Bus model not supported on mac99 machine\n");
+ exit(1);
+ }
+ }
+
+ pic = g_new(qemu_irq, 64);
+
+ dev = qdev_create(NULL, TYPE_OPENPIC);
+ qdev_prop_set_uint32(dev, "model", OPENPIC_MODEL_RAVEN);
+ qdev_init_nofail(dev);
+ s = SYS_BUS_DEVICE(dev);
+ pic_mem = s->mmio[0].memory;
+ k = 0;
+ for (i = 0; i < smp_cpus; i++) {
+ for (j = 0; j < OPENPIC_OUTPUT_NB; j++) {
+ sysbus_connect_irq(s, k++, openpic_irqs[i][j]);
+ }
+ }
+
+ for (i = 0; i < 64; i++) {
+ pic[i] = qdev_get_gpio_in(dev, i);
+ }
+
+ if (PPC_INPUT(env) == PPC_FLAGS_INPUT_970) {
+ /* 970 gets a U3 bus */
+ pci_bus = pci_pmac_u3_init(pic, get_system_memory(), get_system_io());
+ machine_arch = ARCH_MAC99_U3;
+ } else {
+ pci_bus = pci_pmac_init(pic, get_system_memory(), get_system_io());
+ machine_arch = ARCH_MAC99;
+ }
+ /* init basic PC hardware */
+ pci_vga_init(pci_bus);
+
+ escc_mem = escc_init(0, pic[0x25], pic[0x24],
+ serial_hds[0], serial_hds[1], ESCC_CLOCK, 4);
+ memory_region_init_alias(escc_bar, NULL, "escc-bar",
+ escc_mem, 0, memory_region_size(escc_mem));
+
+ for(i = 0; i < nb_nics; i++)
+ pci_nic_init_nofail(&nd_table[i], pci_bus, "ne2k_pci", NULL);
+
+ ide_drive_get(hd, MAX_IDE_BUS);
+
+ macio = pci_create(pci_bus, -1, TYPE_NEWWORLD_MACIO);
+ dev = DEVICE(macio);
+ qdev_connect_gpio_out(dev, 0, pic[0x19]); /* CUDA */
+ qdev_connect_gpio_out(dev, 1, pic[0x0d]); /* IDE */
+ qdev_connect_gpio_out(dev, 2, pic[0x02]); /* IDE DMA */
+ qdev_connect_gpio_out(dev, 3, pic[0x0e]); /* IDE */
+ qdev_connect_gpio_out(dev, 4, pic[0x03]); /* IDE DMA */
+ macio_init(macio, pic_mem, escc_bar);
+
+ /* We only emulate 2 out of 3 IDE controllers for now */
+ macio_ide = MACIO_IDE(object_resolve_path_component(OBJECT(macio),
+ "ide[0]"));
+ macio_ide_init_drives(macio_ide, hd);
+
+ macio_ide = MACIO_IDE(object_resolve_path_component(OBJECT(macio),
+ "ide[1]"));
+ macio_ide_init_drives(macio_ide, &hd[MAX_IDE_DEVS]);
+
+ dev = DEVICE(object_resolve_path_component(OBJECT(macio), "cuda"));
+ adb_bus = qdev_get_child_bus(dev, "adb.0");
+ dev = qdev_create(adb_bus, TYPE_ADB_KEYBOARD);
+ qdev_init_nofail(dev);
+ dev = qdev_create(adb_bus, TYPE_ADB_MOUSE);
+ qdev_init_nofail(dev);
+
+ if (usb_enabled(machine_arch == ARCH_MAC99_U3)) {
+ pci_create_simple(pci_bus, -1, "pci-ohci");
+ /* U3 needs to use USB for input because Linux doesn't support via-cuda
+ on PPC64 */
+ if (machine_arch == ARCH_MAC99_U3) {
+ usbdevice_create("keyboard");
+ usbdevice_create("mouse");
+ }
+ }
+
+ if (graphic_depth != 15 && graphic_depth != 32 && graphic_depth != 8)
+ graphic_depth = 15;
+
+ /* The NewWorld NVRAM is not located in the MacIO device */
+ dev = qdev_create(NULL, TYPE_MACIO_NVRAM);
+ qdev_prop_set_uint32(dev, "size", 0x2000);
+ qdev_prop_set_uint32(dev, "it_shift", 1);
+ qdev_init_nofail(dev);
+ sysbus_mmio_map(SYS_BUS_DEVICE(dev), 0, 0xFFF04000);
+ nvr = MACIO_NVRAM(dev);
+ pmac_format_nvram_partition(nvr, 0x2000);
+ /* No PCI init: the BIOS will do it */
+
+ fw_cfg = fw_cfg_init(0, 0, CFG_ADDR, CFG_ADDR + 2);
+ fw_cfg_add_i16(fw_cfg, FW_CFG_MAX_CPUS, (uint16_t)max_cpus);
+ fw_cfg_add_i32(fw_cfg, FW_CFG_ID, 1);
+ fw_cfg_add_i64(fw_cfg, FW_CFG_RAM_SIZE, (uint64_t)ram_size);
+ fw_cfg_add_i16(fw_cfg, FW_CFG_MACHINE_ID, machine_arch);
+ fw_cfg_add_i32(fw_cfg, FW_CFG_KERNEL_ADDR, kernel_base);
+ fw_cfg_add_i32(fw_cfg, FW_CFG_KERNEL_SIZE, kernel_size);
+ if (kernel_cmdline) {
+ fw_cfg_add_i32(fw_cfg, FW_CFG_KERNEL_CMDLINE, cmdline_base);
+ pstrcpy_targphys("cmdline", cmdline_base, TARGET_PAGE_SIZE, kernel_cmdline);
+ } else {
+ fw_cfg_add_i32(fw_cfg, FW_CFG_KERNEL_CMDLINE, 0);
+ }
+ fw_cfg_add_i32(fw_cfg, FW_CFG_INITRD_ADDR, initrd_base);
+ fw_cfg_add_i32(fw_cfg, FW_CFG_INITRD_SIZE, initrd_size);
+ fw_cfg_add_i16(fw_cfg, FW_CFG_BOOT_DEVICE, ppc_boot_device);
+
+ fw_cfg_add_i16(fw_cfg, FW_CFG_PPC_WIDTH, graphic_width);
+ fw_cfg_add_i16(fw_cfg, FW_CFG_PPC_HEIGHT, graphic_height);
+ fw_cfg_add_i16(fw_cfg, FW_CFG_PPC_DEPTH, graphic_depth);
+
+ fw_cfg_add_i32(fw_cfg, FW_CFG_PPC_IS_KVM, kvm_enabled());
+ if (kvm_enabled()) {
+#ifdef CONFIG_KVM
+ uint8_t *hypercall;
+
+ fw_cfg_add_i32(fw_cfg, FW_CFG_PPC_TBFREQ, kvmppc_get_tbfreq());
+ hypercall = g_malloc(16);
+ kvmppc_get_hypercall(env, hypercall, 16);
+ fw_cfg_add_bytes(fw_cfg, FW_CFG_PPC_KVM_HC, hypercall, 16);
+ fw_cfg_add_i32(fw_cfg, FW_CFG_PPC_KVM_PID, getpid());
+#endif
+ } else {
+ fw_cfg_add_i32(fw_cfg, FW_CFG_PPC_TBFREQ, TBFREQ);
+ }
+ /* Mac OS X requires a "known good" clock-frequency value; pass it one. */
+ fw_cfg_add_i32(fw_cfg, FW_CFG_PPC_CLOCKFREQ, 266000000);
+
+ qemu_register_boot_set(fw_cfg_boot_set, fw_cfg);
+}
+
+static QEMUMachine core99_machine = {
+ .name = "mac99",
+ .desc = "Mac99 based PowerMAC",
+ .init = ppc_core99_init,
+ .max_cpus = MAX_CPUS,
+ DEFAULT_MACHINE_OPTIONS,
+};
+
+static void core99_machine_init(void)
+{
+ qemu_register_machine(&core99_machine);
+}
+
+machine_init(core99_machine_init);
diff --git a/hw/ppc/mac_oldworld.c b/hw/ppc/mac_oldworld.c
new file mode 100644
index 000000000..42bb9d55c
--- /dev/null
+++ b/hw/ppc/mac_oldworld.c
@@ -0,0 +1,361 @@
+
+/*
+ * QEMU OldWorld PowerMac (currently ~G3 Beige) hardware System Emulator
+ *
+ * Copyright (c) 2004-2007 Fabrice Bellard
+ * Copyright (c) 2007 Jocelyn Mayer
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+#include "hw/hw.h"
+#include "hw/ppc/ppc.h"
+#include "mac.h"
+#include "hw/input/adb.h"
+#include "hw/timer/m48t59.h"
+#include "sysemu/sysemu.h"
+#include "net/net.h"
+#include "hw/isa/isa.h"
+#include "hw/pci/pci.h"
+#include "hw/boards.h"
+#include "hw/nvram/fw_cfg.h"
+#include "hw/char/escc.h"
+#include "hw/ide.h"
+#include "hw/loader.h"
+#include "elf.h"
+#include "sysemu/kvm.h"
+#include "kvm_ppc.h"
+#include "sysemu/blockdev.h"
+#include "exec/address-spaces.h"
+
+#define MAX_IDE_BUS 2
+#define CFG_ADDR 0xf0000510
+#define TBFREQ 16600000UL
+
+static int fw_cfg_boot_set(void *opaque, const char *boot_device)
+{
+ fw_cfg_add_i16(opaque, FW_CFG_BOOT_DEVICE, boot_device[0]);
+ return 0;
+}
+
+
+static uint64_t translate_kernel_address(void *opaque, uint64_t addr)
+{
+ return (addr & 0x0fffffff) + KERNEL_LOAD_ADDR;
+}
+
+static hwaddr round_page(hwaddr addr)
+{
+ return (addr + TARGET_PAGE_SIZE - 1) & TARGET_PAGE_MASK;
+}
+
+static void ppc_heathrow_reset(void *opaque)
+{
+ PowerPCCPU *cpu = opaque;
+
+ cpu_reset(CPU(cpu));
+}
+
+static void ppc_heathrow_init(QEMUMachineInitArgs *args)
+{
+ ram_addr_t ram_size = args->ram_size;
+ const char *cpu_model = args->cpu_model;
+ const char *kernel_filename = args->kernel_filename;
+ const char *kernel_cmdline = args->kernel_cmdline;
+ const char *initrd_filename = args->initrd_filename;
+ const char *boot_device = args->boot_device;
+ MemoryRegion *sysmem = get_system_memory();
+ PowerPCCPU *cpu = NULL;
+ CPUPPCState *env = NULL;
+ char *filename;
+ qemu_irq *pic, **heathrow_irqs;
+ int linux_boot, i;
+ MemoryRegion *ram = g_new(MemoryRegion, 1);
+ MemoryRegion *bios = g_new(MemoryRegion, 1);
+ MemoryRegion *isa = g_new(MemoryRegion, 1);
+ uint32_t kernel_base, initrd_base, cmdline_base = 0;
+ int32_t kernel_size, initrd_size;
+ PCIBus *pci_bus;
+ PCIDevice *macio;
+ MACIOIDEState *macio_ide;
+ DeviceState *dev;
+ BusState *adb_bus;
+ int bios_size;
+ MemoryRegion *pic_mem;
+ MemoryRegion *escc_mem, *escc_bar = g_new(MemoryRegion, 1);
+ uint16_t ppc_boot_device;
+ DriveInfo *hd[MAX_IDE_BUS * MAX_IDE_DEVS];
+ void *fw_cfg;
+
+ linux_boot = (kernel_filename != NULL);
+
+ /* init CPUs */
+ if (cpu_model == NULL)
+ cpu_model = "G3";
+ for (i = 0; i < smp_cpus; i++) {
+ cpu = cpu_ppc_init(cpu_model);
+ if (cpu == NULL) {
+ fprintf(stderr, "Unable to find PowerPC CPU definition\n");
+ exit(1);
+ }
+ env = &cpu->env;
+
+ /* Set time-base frequency to 16.6 Mhz */
+ cpu_ppc_tb_init(env, TBFREQ);
+ qemu_register_reset(ppc_heathrow_reset, cpu);
+ }
+
+ /* allocate RAM */
+ if (ram_size > (2047 << 20)) {
+ fprintf(stderr,
+ "qemu: Too much memory for this machine: %d MB, maximum 2047 MB\n",
+ ((unsigned int)ram_size / (1 << 20)));
+ exit(1);
+ }
+
+ memory_region_init_ram(ram, NULL, "ppc_heathrow.ram", ram_size);
+ vmstate_register_ram_global(ram);
+ memory_region_add_subregion(sysmem, 0, ram);
+
+ /* allocate and load BIOS */
+ memory_region_init_ram(bios, NULL, "ppc_heathrow.bios", BIOS_SIZE);
+ vmstate_register_ram_global(bios);
+ if (bios_name == NULL)
+ bios_name = PROM_FILENAME;
+ filename = qemu_find_file(QEMU_FILE_TYPE_BIOS, bios_name);
+ memory_region_set_readonly(bios, true);
+ memory_region_add_subregion(sysmem, PROM_ADDR, bios);
+
+ /* Load OpenBIOS (ELF) */
+ if (filename) {
+ bios_size = load_elf(filename, 0, NULL, NULL, NULL, NULL,
+ 1, ELF_MACHINE, 0);
+ g_free(filename);
+ } else {
+ bios_size = -1;
+ }
+ if (bios_size < 0 || bios_size > BIOS_SIZE) {
+ hw_error("qemu: could not load PowerPC bios '%s'\n", bios_name);
+ exit(1);
+ }
+
+ if (linux_boot) {
+ uint64_t lowaddr = 0;
+ int bswap_needed;
+
+#ifdef BSWAP_NEEDED
+ bswap_needed = 1;
+#else
+ bswap_needed = 0;
+#endif
+ kernel_base = KERNEL_LOAD_ADDR;
+ kernel_size = load_elf(kernel_filename, translate_kernel_address, NULL,
+ NULL, &lowaddr, NULL, 1, ELF_MACHINE, 0);
+ if (kernel_size < 0)
+ kernel_size = load_aout(kernel_filename, kernel_base,
+ ram_size - kernel_base, bswap_needed,
+ TARGET_PAGE_SIZE);
+ if (kernel_size < 0)
+ kernel_size = load_image_targphys(kernel_filename,
+ kernel_base,
+ ram_size - kernel_base);
+ if (kernel_size < 0) {
+ hw_error("qemu: could not load kernel '%s'\n",
+ kernel_filename);
+ exit(1);
+ }
+ /* load initrd */
+ if (initrd_filename) {
+ initrd_base = round_page(kernel_base + kernel_size + KERNEL_GAP);
+ initrd_size = load_image_targphys(initrd_filename, initrd_base,
+ ram_size - initrd_base);
+ if (initrd_size < 0) {
+ hw_error("qemu: could not load initial ram disk '%s'\n",
+ initrd_filename);
+ exit(1);
+ }
+ cmdline_base = round_page(initrd_base + initrd_size);
+ } else {
+ initrd_base = 0;
+ initrd_size = 0;
+ cmdline_base = round_page(kernel_base + kernel_size + KERNEL_GAP);
+ }
+ ppc_boot_device = 'm';
+ } else {
+ kernel_base = 0;
+ kernel_size = 0;
+ initrd_base = 0;
+ initrd_size = 0;
+ ppc_boot_device = '\0';
+ for (i = 0; boot_device[i] != '\0'; i++) {
+ /* TOFIX: for now, the second IDE channel is not properly
+ * used by OHW. The Mac floppy disk are not emulated.
+ * For now, OHW cannot boot from the network.
+ */
+#if 0
+ if (boot_device[i] >= 'a' && boot_device[i] <= 'f') {
+ ppc_boot_device = boot_device[i];
+ break;
+ }
+#else
+ if (boot_device[i] >= 'c' && boot_device[i] <= 'd') {
+ ppc_boot_device = boot_device[i];
+ break;
+ }
+#endif
+ }
+ if (ppc_boot_device == '\0') {
+ fprintf(stderr, "No valid boot device for G3 Beige machine\n");
+ exit(1);
+ }
+ }
+
+ /* Register 2 MB of ISA IO space */
+ memory_region_init_alias(isa, NULL, "isa_mmio",
+ get_system_io(), 0, 0x00200000);
+ memory_region_add_subregion(sysmem, 0xfe000000, isa);
+
+ /* XXX: we register only 1 output pin for heathrow PIC */
+ heathrow_irqs = g_malloc0(smp_cpus * sizeof(qemu_irq *));
+ heathrow_irqs[0] =
+ g_malloc0(smp_cpus * sizeof(qemu_irq) * 1);
+ /* Connect the heathrow PIC outputs to the 6xx bus */
+ for (i = 0; i < smp_cpus; i++) {
+ switch (PPC_INPUT(env)) {
+ case PPC_FLAGS_INPUT_6xx:
+ heathrow_irqs[i] = heathrow_irqs[0] + (i * 1);
+ heathrow_irqs[i][0] =
+ ((qemu_irq *)env->irq_inputs)[PPC6xx_INPUT_INT];
+ break;
+ default:
+ hw_error("Bus model not supported on OldWorld Mac machine\n");
+ }
+ }
+
+ /* init basic PC hardware */
+ if (PPC_INPUT(env) != PPC_FLAGS_INPUT_6xx) {
+ hw_error("Only 6xx bus is supported on heathrow machine\n");
+ }
+ pic = heathrow_pic_init(&pic_mem, 1, heathrow_irqs);
+ pci_bus = pci_grackle_init(0xfec00000, pic,
+ get_system_memory(),
+ get_system_io());
+ pci_vga_init(pci_bus);
+
+ escc_mem = escc_init(0, pic[0x0f], pic[0x10], serial_hds[0],
+ serial_hds[1], ESCC_CLOCK, 4);
+ memory_region_init_alias(escc_bar, NULL, "escc-bar",
+ escc_mem, 0, memory_region_size(escc_mem));
+
+ for(i = 0; i < nb_nics; i++)
+ pci_nic_init_nofail(&nd_table[i], pci_bus, "ne2k_pci", NULL);
+
+
+ ide_drive_get(hd, MAX_IDE_BUS);
+
+ macio = pci_create(pci_bus, -1, TYPE_OLDWORLD_MACIO);
+ dev = DEVICE(macio);
+ qdev_connect_gpio_out(dev, 0, pic[0x12]); /* CUDA */
+ qdev_connect_gpio_out(dev, 1, pic[0x0D]); /* IDE-0 */
+ qdev_connect_gpio_out(dev, 2, pic[0x02]); /* IDE-0 DMA */
+ qdev_connect_gpio_out(dev, 3, pic[0x0E]); /* IDE-1 */
+ qdev_connect_gpio_out(dev, 4, pic[0x03]); /* IDE-1 DMA */
+ macio_init(macio, pic_mem, escc_bar);
+
+ macio_ide = MACIO_IDE(object_resolve_path_component(OBJECT(macio),
+ "ide[0]"));
+ macio_ide_init_drives(macio_ide, hd);
+
+ macio_ide = MACIO_IDE(object_resolve_path_component(OBJECT(macio),
+ "ide[1]"));
+ macio_ide_init_drives(macio_ide, &hd[MAX_IDE_DEVS]);
+
+ dev = DEVICE(object_resolve_path_component(OBJECT(macio), "cuda"));
+ adb_bus = qdev_get_child_bus(dev, "adb.0");
+ dev = qdev_create(adb_bus, TYPE_ADB_KEYBOARD);
+ qdev_init_nofail(dev);
+ dev = qdev_create(adb_bus, TYPE_ADB_MOUSE);
+ qdev_init_nofail(dev);
+
+ if (usb_enabled(false)) {
+ pci_create_simple(pci_bus, -1, "pci-ohci");
+ }
+
+ if (graphic_depth != 15 && graphic_depth != 32 && graphic_depth != 8)
+ graphic_depth = 15;
+
+ /* No PCI init: the BIOS will do it */
+
+ fw_cfg = fw_cfg_init(0, 0, CFG_ADDR, CFG_ADDR + 2);
+ fw_cfg_add_i16(fw_cfg, FW_CFG_MAX_CPUS, (uint16_t)max_cpus);
+ fw_cfg_add_i32(fw_cfg, FW_CFG_ID, 1);
+ fw_cfg_add_i64(fw_cfg, FW_CFG_RAM_SIZE, (uint64_t)ram_size);
+ fw_cfg_add_i16(fw_cfg, FW_CFG_MACHINE_ID, ARCH_HEATHROW);
+ fw_cfg_add_i32(fw_cfg, FW_CFG_KERNEL_ADDR, kernel_base);
+ fw_cfg_add_i32(fw_cfg, FW_CFG_KERNEL_SIZE, kernel_size);
+ if (kernel_cmdline) {
+ fw_cfg_add_i32(fw_cfg, FW_CFG_KERNEL_CMDLINE, cmdline_base);
+ pstrcpy_targphys("cmdline", cmdline_base, TARGET_PAGE_SIZE, kernel_cmdline);
+ } else {
+ fw_cfg_add_i32(fw_cfg, FW_CFG_KERNEL_CMDLINE, 0);
+ }
+ fw_cfg_add_i32(fw_cfg, FW_CFG_INITRD_ADDR, initrd_base);
+ fw_cfg_add_i32(fw_cfg, FW_CFG_INITRD_SIZE, initrd_size);
+ fw_cfg_add_i16(fw_cfg, FW_CFG_BOOT_DEVICE, ppc_boot_device);
+
+ fw_cfg_add_i16(fw_cfg, FW_CFG_PPC_WIDTH, graphic_width);
+ fw_cfg_add_i16(fw_cfg, FW_CFG_PPC_HEIGHT, graphic_height);
+ fw_cfg_add_i16(fw_cfg, FW_CFG_PPC_DEPTH, graphic_depth);
+
+ fw_cfg_add_i32(fw_cfg, FW_CFG_PPC_IS_KVM, kvm_enabled());
+ if (kvm_enabled()) {
+#ifdef CONFIG_KVM
+ uint8_t *hypercall;
+
+ fw_cfg_add_i32(fw_cfg, FW_CFG_PPC_TBFREQ, kvmppc_get_tbfreq());
+ hypercall = g_malloc(16);
+ kvmppc_get_hypercall(env, hypercall, 16);
+ fw_cfg_add_bytes(fw_cfg, FW_CFG_PPC_KVM_HC, hypercall, 16);
+ fw_cfg_add_i32(fw_cfg, FW_CFG_PPC_KVM_PID, getpid());
+#endif
+ } else {
+ fw_cfg_add_i32(fw_cfg, FW_CFG_PPC_TBFREQ, TBFREQ);
+ }
+ /* Mac OS X requires a "known good" clock-frequency value; pass it one. */
+ fw_cfg_add_i32(fw_cfg, FW_CFG_PPC_CLOCKFREQ, 266000000);
+
+ qemu_register_boot_set(fw_cfg_boot_set, fw_cfg);
+}
+
+static QEMUMachine heathrow_machine = {
+ .name = "g3beige",
+ .desc = "Heathrow based PowerMAC",
+ .init = ppc_heathrow_init,
+ .max_cpus = MAX_CPUS,
+#ifndef TARGET_PPC64
+ .is_default = 1,
+#endif
+ DEFAULT_MACHINE_OPTIONS,
+};
+
+static void heathrow_machine_init(void)
+{
+ qemu_register_machine(&heathrow_machine);
+}
+
+machine_init(heathrow_machine_init);
diff --git a/hw/ppc/mpc8544_guts.c b/hw/ppc/mpc8544_guts.c
new file mode 100644
index 000000000..a10abe978
--- /dev/null
+++ b/hw/ppc/mpc8544_guts.c
@@ -0,0 +1,140 @@
+/*
+ * QEMU PowerPC MPC8544 global util pseudo-device
+ *
+ * Copyright (C) 2011 Freescale Semiconductor, Inc. All rights reserved.
+ *
+ * Author: Alexander Graf, <alex@csgraf.de>
+ *
+ * This is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * *****************************************************************
+ *
+ * The documentation for this device is noted in the MPC8544 documentation,
+ * file name "MPC8544ERM.pdf". You can easily find it on the web.
+ *
+ */
+
+#include "hw/hw.h"
+#include "sysemu/sysemu.h"
+#include "hw/sysbus.h"
+
+#define MPC8544_GUTS_MMIO_SIZE 0x1000
+#define MPC8544_GUTS_RSTCR_RESET 0x02
+
+#define MPC8544_GUTS_ADDR_PORPLLSR 0x00
+#define MPC8544_GUTS_ADDR_PORBMSR 0x04
+#define MPC8544_GUTS_ADDR_PORIMPSCR 0x08
+#define MPC8544_GUTS_ADDR_PORDEVSR 0x0C
+#define MPC8544_GUTS_ADDR_PORDBGMSR 0x10
+#define MPC8544_GUTS_ADDR_PORDEVSR2 0x14
+#define MPC8544_GUTS_ADDR_GPPORCR 0x20
+#define MPC8544_GUTS_ADDR_GPIOCR 0x30
+#define MPC8544_GUTS_ADDR_GPOUTDR 0x40
+#define MPC8544_GUTS_ADDR_GPINDR 0x50
+#define MPC8544_GUTS_ADDR_PMUXCR 0x60
+#define MPC8544_GUTS_ADDR_DEVDISR 0x70
+#define MPC8544_GUTS_ADDR_POWMGTCSR 0x80
+#define MPC8544_GUTS_ADDR_MCPSUMR 0x90
+#define MPC8544_GUTS_ADDR_RSTRSCR 0x94
+#define MPC8544_GUTS_ADDR_PVR 0xA0
+#define MPC8544_GUTS_ADDR_SVR 0xA4
+#define MPC8544_GUTS_ADDR_RSTCR 0xB0
+#define MPC8544_GUTS_ADDR_IOVSELSR 0xC0
+#define MPC8544_GUTS_ADDR_DDRCSR 0xB20
+#define MPC8544_GUTS_ADDR_DDRCDR 0xB24
+#define MPC8544_GUTS_ADDR_DDRCLKDR 0xB28
+#define MPC8544_GUTS_ADDR_CLKOCR 0xE00
+#define MPC8544_GUTS_ADDR_SRDS1CR1 0xF04
+#define MPC8544_GUTS_ADDR_SRDS2CR1 0xF10
+#define MPC8544_GUTS_ADDR_SRDS2CR3 0xF18
+
+#define TYPE_MPC8544_GUTS "mpc8544-guts"
+#define MPC8544_GUTS(obj) OBJECT_CHECK(GutsState, (obj), TYPE_MPC8544_GUTS)
+
+struct GutsState {
+ /*< private >*/
+ SysBusDevice parent_obj;
+ /*< public >*/
+
+ MemoryRegion iomem;
+};
+
+typedef struct GutsState GutsState;
+
+static uint64_t mpc8544_guts_read(void *opaque, hwaddr addr,
+ unsigned size)
+{
+ uint32_t value = 0;
+ PowerPCCPU *cpu = POWERPC_CPU(current_cpu);
+ CPUPPCState *env = &cpu->env;
+
+ addr &= MPC8544_GUTS_MMIO_SIZE - 1;
+ switch (addr) {
+ case MPC8544_GUTS_ADDR_PVR:
+ value = env->spr[SPR_PVR];
+ break;
+ case MPC8544_GUTS_ADDR_SVR:
+ value = env->spr[SPR_E500_SVR];
+ break;
+ default:
+ fprintf(stderr, "guts: Unknown register read: %x\n", (int)addr);
+ break;
+ }
+
+ return value;
+}
+
+static void mpc8544_guts_write(void *opaque, hwaddr addr,
+ uint64_t value, unsigned size)
+{
+ addr &= MPC8544_GUTS_MMIO_SIZE - 1;
+
+ switch (addr) {
+ case MPC8544_GUTS_ADDR_RSTCR:
+ if (value & MPC8544_GUTS_RSTCR_RESET) {
+ qemu_system_reset_request();
+ }
+ break;
+ default:
+ fprintf(stderr, "guts: Unknown register write: %x = %x\n",
+ (int)addr, (unsigned)value);
+ break;
+ }
+}
+
+static const MemoryRegionOps mpc8544_guts_ops = {
+ .read = mpc8544_guts_read,
+ .write = mpc8544_guts_write,
+ .endianness = DEVICE_BIG_ENDIAN,
+ .valid = {
+ .min_access_size = 4,
+ .max_access_size = 4,
+ },
+};
+
+static void mpc8544_guts_initfn(Object *obj)
+{
+ SysBusDevice *d = SYS_BUS_DEVICE(obj);
+ GutsState *s = MPC8544_GUTS(obj);
+
+ memory_region_init_io(&s->iomem, OBJECT(s), &mpc8544_guts_ops, s,
+ "mpc8544.guts", MPC8544_GUTS_MMIO_SIZE);
+ sysbus_init_mmio(d, &s->iomem);
+}
+
+static const TypeInfo mpc8544_guts_info = {
+ .name = TYPE_MPC8544_GUTS,
+ .parent = TYPE_SYS_BUS_DEVICE,
+ .instance_size = sizeof(GutsState),
+ .instance_init = mpc8544_guts_initfn,
+};
+
+static void mpc8544_guts_register_types(void)
+{
+ type_register_static(&mpc8544_guts_info);
+}
+
+type_init(mpc8544_guts_register_types)
diff --git a/hw/ppc/mpc8544ds.c b/hw/ppc/mpc8544ds.c
index e65166194..444da0246 100644
--- a/hw/ppc/mpc8544ds.c
+++ b/hw/ppc/mpc8544ds.c
@@ -12,8 +12,9 @@
#include "config.h"
#include "qemu-common.h"
#include "e500.h"
-#include "../boards.h"
-#include "device_tree.h"
+#include "hw/boards.h"
+#include "sysemu/device_tree.h"
+#include "hw/ppc/openpic.h"
static void mpc8544ds_fixup_devtree(PPCE500Params *params, void *fdt)
{
@@ -40,7 +41,10 @@ static void mpc8544ds_init(QEMUMachineInitArgs *args)
.kernel_cmdline = kernel_cmdline,
.initrd_filename = initrd_filename,
.cpu_model = cpu_model,
+ .pci_first_slot = 0x11,
+ .pci_nr_slots = 2,
.fixup_devtree = mpc8544ds_fixup_devtree,
+ .mpic_version = OPENPIC_MODEL_FSL_MPIC_20,
};
ppce500_init(&params);
@@ -52,6 +56,7 @@ static QEMUMachine ppce500_machine = {
.desc = "mpc8544ds",
.init = mpc8544ds_init,
.max_cpus = 15,
+ DEFAULT_MACHINE_OPTIONS,
};
static void ppce500_machine_init(void)
diff --git a/hw/ppc/ppc.c b/hw/ppc/ppc.c
new file mode 100644
index 000000000..e1c095c7e
--- /dev/null
+++ b/hw/ppc/ppc.c
@@ -0,0 +1,1364 @@
+/*
+ * QEMU generic PowerPC hardware System Emulator
+ *
+ * Copyright (c) 2003-2007 Jocelyn Mayer
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+#include "hw/hw.h"
+#include "hw/ppc/ppc.h"
+#include "hw/ppc/ppc_e500.h"
+#include "qemu/timer.h"
+#include "sysemu/sysemu.h"
+#include "hw/timer/m48t59.h"
+#include "qemu/log.h"
+#include "hw/loader.h"
+#include "sysemu/kvm.h"
+#include "kvm_ppc.h"
+
+//#define PPC_DEBUG_IRQ
+//#define PPC_DEBUG_TB
+
+#ifdef PPC_DEBUG_IRQ
+# define LOG_IRQ(...) qemu_log_mask(CPU_LOG_INT, ## __VA_ARGS__)
+#else
+# define LOG_IRQ(...) do { } while (0)
+#endif
+
+
+#ifdef PPC_DEBUG_TB
+# define LOG_TB(...) qemu_log(__VA_ARGS__)
+#else
+# define LOG_TB(...) do { } while (0)
+#endif
+
+static void cpu_ppc_tb_stop (CPUPPCState *env);
+static void cpu_ppc_tb_start (CPUPPCState *env);
+
+void ppc_set_irq(PowerPCCPU *cpu, int n_IRQ, int level)
+{
+ CPUState *cs = CPU(cpu);
+ CPUPPCState *env = &cpu->env;
+ unsigned int old_pending = env->pending_interrupts;
+
+ if (level) {
+ env->pending_interrupts |= 1 << n_IRQ;
+ cpu_interrupt(cs, CPU_INTERRUPT_HARD);
+ } else {
+ env->pending_interrupts &= ~(1 << n_IRQ);
+ if (env->pending_interrupts == 0) {
+ cpu_reset_interrupt(cs, CPU_INTERRUPT_HARD);
+ }
+ }
+
+ if (old_pending != env->pending_interrupts) {
+#ifdef CONFIG_KVM
+ kvmppc_set_interrupt(cpu, n_IRQ, level);
+#endif
+ }
+
+ LOG_IRQ("%s: %p n_IRQ %d level %d => pending %08" PRIx32
+ "req %08x\n", __func__, env, n_IRQ, level,
+ env->pending_interrupts, CPU(cpu)->interrupt_request);
+}
+
+/* PowerPC 6xx / 7xx internal IRQ controller */
+static void ppc6xx_set_irq(void *opaque, int pin, int level)
+{
+ PowerPCCPU *cpu = opaque;
+ CPUPPCState *env = &cpu->env;
+ int cur_level;
+
+ LOG_IRQ("%s: env %p pin %d level %d\n", __func__,
+ env, pin, level);
+ cur_level = (env->irq_input_state >> pin) & 1;
+ /* Don't generate spurious events */
+ if ((cur_level == 1 && level == 0) || (cur_level == 0 && level != 0)) {
+ CPUState *cs = CPU(cpu);
+
+ switch (pin) {
+ case PPC6xx_INPUT_TBEN:
+ /* Level sensitive - active high */
+ LOG_IRQ("%s: %s the time base\n",
+ __func__, level ? "start" : "stop");
+ if (level) {
+ cpu_ppc_tb_start(env);
+ } else {
+ cpu_ppc_tb_stop(env);
+ }
+ case PPC6xx_INPUT_INT:
+ /* Level sensitive - active high */
+ LOG_IRQ("%s: set the external IRQ state to %d\n",
+ __func__, level);
+ ppc_set_irq(cpu, PPC_INTERRUPT_EXT, level);
+ break;
+ case PPC6xx_INPUT_SMI:
+ /* Level sensitive - active high */
+ LOG_IRQ("%s: set the SMI IRQ state to %d\n",
+ __func__, level);
+ ppc_set_irq(cpu, PPC_INTERRUPT_SMI, level);
+ break;
+ case PPC6xx_INPUT_MCP:
+ /* Negative edge sensitive */
+ /* XXX: TODO: actual reaction may depends on HID0 status
+ * 603/604/740/750: check HID0[EMCP]
+ */
+ if (cur_level == 1 && level == 0) {
+ LOG_IRQ("%s: raise machine check state\n",
+ __func__);
+ ppc_set_irq(cpu, PPC_INTERRUPT_MCK, 1);
+ }
+ break;
+ case PPC6xx_INPUT_CKSTP_IN:
+ /* Level sensitive - active low */
+ /* XXX: TODO: relay the signal to CKSTP_OUT pin */
+ /* XXX: Note that the only way to restart the CPU is to reset it */
+ if (level) {
+ LOG_IRQ("%s: stop the CPU\n", __func__);
+ cs->halted = 1;
+ }
+ break;
+ case PPC6xx_INPUT_HRESET:
+ /* Level sensitive - active low */
+ if (level) {
+ LOG_IRQ("%s: reset the CPU\n", __func__);
+ cpu_interrupt(cs, CPU_INTERRUPT_RESET);
+ }
+ break;
+ case PPC6xx_INPUT_SRESET:
+ LOG_IRQ("%s: set the RESET IRQ state to %d\n",
+ __func__, level);
+ ppc_set_irq(cpu, PPC_INTERRUPT_RESET, level);
+ break;
+ default:
+ /* Unknown pin - do nothing */
+ LOG_IRQ("%s: unknown IRQ pin %d\n", __func__, pin);
+ return;
+ }
+ if (level)
+ env->irq_input_state |= 1 << pin;
+ else
+ env->irq_input_state &= ~(1 << pin);
+ }
+}
+
+void ppc6xx_irq_init(CPUPPCState *env)
+{
+ PowerPCCPU *cpu = ppc_env_get_cpu(env);
+
+ env->irq_inputs = (void **)qemu_allocate_irqs(&ppc6xx_set_irq, cpu,
+ PPC6xx_INPUT_NB);
+}
+
+#if defined(TARGET_PPC64)
+/* PowerPC 970 internal IRQ controller */
+static void ppc970_set_irq(void *opaque, int pin, int level)
+{
+ PowerPCCPU *cpu = opaque;
+ CPUPPCState *env = &cpu->env;
+ int cur_level;
+
+ LOG_IRQ("%s: env %p pin %d level %d\n", __func__,
+ env, pin, level);
+ cur_level = (env->irq_input_state >> pin) & 1;
+ /* Don't generate spurious events */
+ if ((cur_level == 1 && level == 0) || (cur_level == 0 && level != 0)) {
+ CPUState *cs = CPU(cpu);
+
+ switch (pin) {
+ case PPC970_INPUT_INT:
+ /* Level sensitive - active high */
+ LOG_IRQ("%s: set the external IRQ state to %d\n",
+ __func__, level);
+ ppc_set_irq(cpu, PPC_INTERRUPT_EXT, level);
+ break;
+ case PPC970_INPUT_THINT:
+ /* Level sensitive - active high */
+ LOG_IRQ("%s: set the SMI IRQ state to %d\n", __func__,
+ level);
+ ppc_set_irq(cpu, PPC_INTERRUPT_THERM, level);
+ break;
+ case PPC970_INPUT_MCP:
+ /* Negative edge sensitive */
+ /* XXX: TODO: actual reaction may depends on HID0 status
+ * 603/604/740/750: check HID0[EMCP]
+ */
+ if (cur_level == 1 && level == 0) {
+ LOG_IRQ("%s: raise machine check state\n",
+ __func__);
+ ppc_set_irq(cpu, PPC_INTERRUPT_MCK, 1);
+ }
+ break;
+ case PPC970_INPUT_CKSTP:
+ /* Level sensitive - active low */
+ /* XXX: TODO: relay the signal to CKSTP_OUT pin */
+ if (level) {
+ LOG_IRQ("%s: stop the CPU\n", __func__);
+ cs->halted = 1;
+ } else {
+ LOG_IRQ("%s: restart the CPU\n", __func__);
+ cs->halted = 0;
+ qemu_cpu_kick(cs);
+ }
+ break;
+ case PPC970_INPUT_HRESET:
+ /* Level sensitive - active low */
+ if (level) {
+ cpu_interrupt(cs, CPU_INTERRUPT_RESET);
+ }
+ break;
+ case PPC970_INPUT_SRESET:
+ LOG_IRQ("%s: set the RESET IRQ state to %d\n",
+ __func__, level);
+ ppc_set_irq(cpu, PPC_INTERRUPT_RESET, level);
+ break;
+ case PPC970_INPUT_TBEN:
+ LOG_IRQ("%s: set the TBEN state to %d\n", __func__,
+ level);
+ /* XXX: TODO */
+ break;
+ default:
+ /* Unknown pin - do nothing */
+ LOG_IRQ("%s: unknown IRQ pin %d\n", __func__, pin);
+ return;
+ }
+ if (level)
+ env->irq_input_state |= 1 << pin;
+ else
+ env->irq_input_state &= ~(1 << pin);
+ }
+}
+
+void ppc970_irq_init(CPUPPCState *env)
+{
+ PowerPCCPU *cpu = ppc_env_get_cpu(env);
+
+ env->irq_inputs = (void **)qemu_allocate_irqs(&ppc970_set_irq, cpu,
+ PPC970_INPUT_NB);
+}
+
+/* POWER7 internal IRQ controller */
+static void power7_set_irq(void *opaque, int pin, int level)
+{
+ PowerPCCPU *cpu = opaque;
+ CPUPPCState *env = &cpu->env;
+
+ LOG_IRQ("%s: env %p pin %d level %d\n", __func__,
+ env, pin, level);
+
+ switch (pin) {
+ case POWER7_INPUT_INT:
+ /* Level sensitive - active high */
+ LOG_IRQ("%s: set the external IRQ state to %d\n",
+ __func__, level);
+ ppc_set_irq(cpu, PPC_INTERRUPT_EXT, level);
+ break;
+ default:
+ /* Unknown pin - do nothing */
+ LOG_IRQ("%s: unknown IRQ pin %d\n", __func__, pin);
+ return;
+ }
+ if (level) {
+ env->irq_input_state |= 1 << pin;
+ } else {
+ env->irq_input_state &= ~(1 << pin);
+ }
+}
+
+void ppcPOWER7_irq_init(CPUPPCState *env)
+{
+ PowerPCCPU *cpu = ppc_env_get_cpu(env);
+
+ env->irq_inputs = (void **)qemu_allocate_irqs(&power7_set_irq, cpu,
+ POWER7_INPUT_NB);
+}
+#endif /* defined(TARGET_PPC64) */
+
+/* PowerPC 40x internal IRQ controller */
+static void ppc40x_set_irq(void *opaque, int pin, int level)
+{
+ PowerPCCPU *cpu = opaque;
+ CPUPPCState *env = &cpu->env;
+ int cur_level;
+
+ LOG_IRQ("%s: env %p pin %d level %d\n", __func__,
+ env, pin, level);
+ cur_level = (env->irq_input_state >> pin) & 1;
+ /* Don't generate spurious events */
+ if ((cur_level == 1 && level == 0) || (cur_level == 0 && level != 0)) {
+ CPUState *cs = CPU(cpu);
+
+ switch (pin) {
+ case PPC40x_INPUT_RESET_SYS:
+ if (level) {
+ LOG_IRQ("%s: reset the PowerPC system\n",
+ __func__);
+ ppc40x_system_reset(cpu);
+ }
+ break;
+ case PPC40x_INPUT_RESET_CHIP:
+ if (level) {
+ LOG_IRQ("%s: reset the PowerPC chip\n", __func__);
+ ppc40x_chip_reset(cpu);
+ }
+ break;
+ case PPC40x_INPUT_RESET_CORE:
+ /* XXX: TODO: update DBSR[MRR] */
+ if (level) {
+ LOG_IRQ("%s: reset the PowerPC core\n", __func__);
+ ppc40x_core_reset(cpu);
+ }
+ break;
+ case PPC40x_INPUT_CINT:
+ /* Level sensitive - active high */
+ LOG_IRQ("%s: set the critical IRQ state to %d\n",
+ __func__, level);
+ ppc_set_irq(cpu, PPC_INTERRUPT_CEXT, level);
+ break;
+ case PPC40x_INPUT_INT:
+ /* Level sensitive - active high */
+ LOG_IRQ("%s: set the external IRQ state to %d\n",
+ __func__, level);
+ ppc_set_irq(cpu, PPC_INTERRUPT_EXT, level);
+ break;
+ case PPC40x_INPUT_HALT:
+ /* Level sensitive - active low */
+ if (level) {
+ LOG_IRQ("%s: stop the CPU\n", __func__);
+ cs->halted = 1;
+ } else {
+ LOG_IRQ("%s: restart the CPU\n", __func__);
+ cs->halted = 0;
+ qemu_cpu_kick(cs);
+ }
+ break;
+ case PPC40x_INPUT_DEBUG:
+ /* Level sensitive - active high */
+ LOG_IRQ("%s: set the debug pin state to %d\n",
+ __func__, level);
+ ppc_set_irq(cpu, PPC_INTERRUPT_DEBUG, level);
+ break;
+ default:
+ /* Unknown pin - do nothing */
+ LOG_IRQ("%s: unknown IRQ pin %d\n", __func__, pin);
+ return;
+ }
+ if (level)
+ env->irq_input_state |= 1 << pin;
+ else
+ env->irq_input_state &= ~(1 << pin);
+ }
+}
+
+void ppc40x_irq_init(CPUPPCState *env)
+{
+ PowerPCCPU *cpu = ppc_env_get_cpu(env);
+
+ env->irq_inputs = (void **)qemu_allocate_irqs(&ppc40x_set_irq,
+ cpu, PPC40x_INPUT_NB);
+}
+
+/* PowerPC E500 internal IRQ controller */
+static void ppce500_set_irq(void *opaque, int pin, int level)
+{
+ PowerPCCPU *cpu = opaque;
+ CPUPPCState *env = &cpu->env;
+ int cur_level;
+
+ LOG_IRQ("%s: env %p pin %d level %d\n", __func__,
+ env, pin, level);
+ cur_level = (env->irq_input_state >> pin) & 1;
+ /* Don't generate spurious events */
+ if ((cur_level == 1 && level == 0) || (cur_level == 0 && level != 0)) {
+ switch (pin) {
+ case PPCE500_INPUT_MCK:
+ if (level) {
+ LOG_IRQ("%s: reset the PowerPC system\n",
+ __func__);
+ qemu_system_reset_request();
+ }
+ break;
+ case PPCE500_INPUT_RESET_CORE:
+ if (level) {
+ LOG_IRQ("%s: reset the PowerPC core\n", __func__);
+ ppc_set_irq(cpu, PPC_INTERRUPT_MCK, level);
+ }
+ break;
+ case PPCE500_INPUT_CINT:
+ /* Level sensitive - active high */
+ LOG_IRQ("%s: set the critical IRQ state to %d\n",
+ __func__, level);
+ ppc_set_irq(cpu, PPC_INTERRUPT_CEXT, level);
+ break;
+ case PPCE500_INPUT_INT:
+ /* Level sensitive - active high */
+ LOG_IRQ("%s: set the core IRQ state to %d\n",
+ __func__, level);
+ ppc_set_irq(cpu, PPC_INTERRUPT_EXT, level);
+ break;
+ case PPCE500_INPUT_DEBUG:
+ /* Level sensitive - active high */
+ LOG_IRQ("%s: set the debug pin state to %d\n",
+ __func__, level);
+ ppc_set_irq(cpu, PPC_INTERRUPT_DEBUG, level);
+ break;
+ default:
+ /* Unknown pin - do nothing */
+ LOG_IRQ("%s: unknown IRQ pin %d\n", __func__, pin);
+ return;
+ }
+ if (level)
+ env->irq_input_state |= 1 << pin;
+ else
+ env->irq_input_state &= ~(1 << pin);
+ }
+}
+
+void ppce500_irq_init(CPUPPCState *env)
+{
+ PowerPCCPU *cpu = ppc_env_get_cpu(env);
+
+ env->irq_inputs = (void **)qemu_allocate_irqs(&ppce500_set_irq,
+ cpu, PPCE500_INPUT_NB);
+}
+
+/* Enable or Disable the E500 EPR capability */
+void ppce500_set_mpic_proxy(bool enabled)
+{
+ CPUState *cs;
+
+ for (cs = first_cpu; cs != NULL; cs = cs->next_cpu) {
+ PowerPCCPU *cpu = POWERPC_CPU(cs);
+
+ cpu->env.mpic_proxy = enabled;
+ if (kvm_enabled()) {
+ kvmppc_set_mpic_proxy(cpu, enabled);
+ }
+ }
+}
+
+/*****************************************************************************/
+/* PowerPC time base and decrementer emulation */
+
+uint64_t cpu_ppc_get_tb(ppc_tb_t *tb_env, uint64_t vmclk, int64_t tb_offset)
+{
+ /* TB time in tb periods */
+ return muldiv64(vmclk, tb_env->tb_freq, get_ticks_per_sec()) + tb_offset;
+}
+
+uint64_t cpu_ppc_load_tbl (CPUPPCState *env)
+{
+ ppc_tb_t *tb_env = env->tb_env;
+ uint64_t tb;
+
+ if (kvm_enabled()) {
+ return env->spr[SPR_TBL];
+ }
+
+ tb = cpu_ppc_get_tb(tb_env, qemu_get_clock_ns(vm_clock), tb_env->tb_offset);
+ LOG_TB("%s: tb %016" PRIx64 "\n", __func__, tb);
+
+ return tb;
+}
+
+static inline uint32_t _cpu_ppc_load_tbu(CPUPPCState *env)
+{
+ ppc_tb_t *tb_env = env->tb_env;
+ uint64_t tb;
+
+ tb = cpu_ppc_get_tb(tb_env, qemu_get_clock_ns(vm_clock), tb_env->tb_offset);
+ LOG_TB("%s: tb %016" PRIx64 "\n", __func__, tb);
+
+ return tb >> 32;
+}
+
+uint32_t cpu_ppc_load_tbu (CPUPPCState *env)
+{
+ if (kvm_enabled()) {
+ return env->spr[SPR_TBU];
+ }
+
+ return _cpu_ppc_load_tbu(env);
+}
+
+static inline void cpu_ppc_store_tb(ppc_tb_t *tb_env, uint64_t vmclk,
+ int64_t *tb_offsetp, uint64_t value)
+{
+ *tb_offsetp = value - muldiv64(vmclk, tb_env->tb_freq, get_ticks_per_sec());
+ LOG_TB("%s: tb %016" PRIx64 " offset %08" PRIx64 "\n",
+ __func__, value, *tb_offsetp);
+}
+
+void cpu_ppc_store_tbl (CPUPPCState *env, uint32_t value)
+{
+ ppc_tb_t *tb_env = env->tb_env;
+ uint64_t tb;
+
+ tb = cpu_ppc_get_tb(tb_env, qemu_get_clock_ns(vm_clock), tb_env->tb_offset);
+ tb &= 0xFFFFFFFF00000000ULL;
+ cpu_ppc_store_tb(tb_env, qemu_get_clock_ns(vm_clock),
+ &tb_env->tb_offset, tb | (uint64_t)value);
+}
+
+static inline void _cpu_ppc_store_tbu(CPUPPCState *env, uint32_t value)
+{
+ ppc_tb_t *tb_env = env->tb_env;
+ uint64_t tb;
+
+ tb = cpu_ppc_get_tb(tb_env, qemu_get_clock_ns(vm_clock), tb_env->tb_offset);
+ tb &= 0x00000000FFFFFFFFULL;
+ cpu_ppc_store_tb(tb_env, qemu_get_clock_ns(vm_clock),
+ &tb_env->tb_offset, ((uint64_t)value << 32) | tb);
+}
+
+void cpu_ppc_store_tbu (CPUPPCState *env, uint32_t value)
+{
+ _cpu_ppc_store_tbu(env, value);
+}
+
+uint64_t cpu_ppc_load_atbl (CPUPPCState *env)
+{
+ ppc_tb_t *tb_env = env->tb_env;
+ uint64_t tb;
+
+ tb = cpu_ppc_get_tb(tb_env, qemu_get_clock_ns(vm_clock), tb_env->atb_offset);
+ LOG_TB("%s: tb %016" PRIx64 "\n", __func__, tb);
+
+ return tb;
+}
+
+uint32_t cpu_ppc_load_atbu (CPUPPCState *env)
+{
+ ppc_tb_t *tb_env = env->tb_env;
+ uint64_t tb;
+
+ tb = cpu_ppc_get_tb(tb_env, qemu_get_clock_ns(vm_clock), tb_env->atb_offset);
+ LOG_TB("%s: tb %016" PRIx64 "\n", __func__, tb);
+
+ return tb >> 32;
+}
+
+void cpu_ppc_store_atbl (CPUPPCState *env, uint32_t value)
+{
+ ppc_tb_t *tb_env = env->tb_env;
+ uint64_t tb;
+
+ tb = cpu_ppc_get_tb(tb_env, qemu_get_clock_ns(vm_clock), tb_env->atb_offset);
+ tb &= 0xFFFFFFFF00000000ULL;
+ cpu_ppc_store_tb(tb_env, qemu_get_clock_ns(vm_clock),
+ &tb_env->atb_offset, tb | (uint64_t)value);
+}
+
+void cpu_ppc_store_atbu (CPUPPCState *env, uint32_t value)
+{
+ ppc_tb_t *tb_env = env->tb_env;
+ uint64_t tb;
+
+ tb = cpu_ppc_get_tb(tb_env, qemu_get_clock_ns(vm_clock), tb_env->atb_offset);
+ tb &= 0x00000000FFFFFFFFULL;
+ cpu_ppc_store_tb(tb_env, qemu_get_clock_ns(vm_clock),
+ &tb_env->atb_offset, ((uint64_t)value << 32) | tb);
+}
+
+static void cpu_ppc_tb_stop (CPUPPCState *env)
+{
+ ppc_tb_t *tb_env = env->tb_env;
+ uint64_t tb, atb, vmclk;
+
+ /* If the time base is already frozen, do nothing */
+ if (tb_env->tb_freq != 0) {
+ vmclk = qemu_get_clock_ns(vm_clock);
+ /* Get the time base */
+ tb = cpu_ppc_get_tb(tb_env, vmclk, tb_env->tb_offset);
+ /* Get the alternate time base */
+ atb = cpu_ppc_get_tb(tb_env, vmclk, tb_env->atb_offset);
+ /* Store the time base value (ie compute the current offset) */
+ cpu_ppc_store_tb(tb_env, vmclk, &tb_env->tb_offset, tb);
+ /* Store the alternate time base value (compute the current offset) */
+ cpu_ppc_store_tb(tb_env, vmclk, &tb_env->atb_offset, atb);
+ /* Set the time base frequency to zero */
+ tb_env->tb_freq = 0;
+ /* Now, the time bases are frozen to tb_offset / atb_offset value */
+ }
+}
+
+static void cpu_ppc_tb_start (CPUPPCState *env)
+{
+ ppc_tb_t *tb_env = env->tb_env;
+ uint64_t tb, atb, vmclk;
+
+ /* If the time base is not frozen, do nothing */
+ if (tb_env->tb_freq == 0) {
+ vmclk = qemu_get_clock_ns(vm_clock);
+ /* Get the time base from tb_offset */
+ tb = tb_env->tb_offset;
+ /* Get the alternate time base from atb_offset */
+ atb = tb_env->atb_offset;
+ /* Restore the tb frequency from the decrementer frequency */
+ tb_env->tb_freq = tb_env->decr_freq;
+ /* Store the time base value */
+ cpu_ppc_store_tb(tb_env, vmclk, &tb_env->tb_offset, tb);
+ /* Store the alternate time base value */
+ cpu_ppc_store_tb(tb_env, vmclk, &tb_env->atb_offset, atb);
+ }
+}
+
+static inline uint32_t _cpu_ppc_load_decr(CPUPPCState *env, uint64_t next)
+{
+ ppc_tb_t *tb_env = env->tb_env;
+ uint32_t decr;
+ int64_t diff;
+
+ diff = next - qemu_get_clock_ns(vm_clock);
+ if (diff >= 0) {
+ decr = muldiv64(diff, tb_env->decr_freq, get_ticks_per_sec());
+ } else if (tb_env->flags & PPC_TIMER_BOOKE) {
+ decr = 0;
+ } else {
+ decr = -muldiv64(-diff, tb_env->decr_freq, get_ticks_per_sec());
+ }
+ LOG_TB("%s: %08" PRIx32 "\n", __func__, decr);
+
+ return decr;
+}
+
+uint32_t cpu_ppc_load_decr (CPUPPCState *env)
+{
+ ppc_tb_t *tb_env = env->tb_env;
+
+ if (kvm_enabled()) {
+ return env->spr[SPR_DECR];
+ }
+
+ return _cpu_ppc_load_decr(env, tb_env->decr_next);
+}
+
+uint32_t cpu_ppc_load_hdecr (CPUPPCState *env)
+{
+ ppc_tb_t *tb_env = env->tb_env;
+
+ return _cpu_ppc_load_decr(env, tb_env->hdecr_next);
+}
+
+uint64_t cpu_ppc_load_purr (CPUPPCState *env)
+{
+ ppc_tb_t *tb_env = env->tb_env;
+ uint64_t diff;
+
+ diff = qemu_get_clock_ns(vm_clock) - tb_env->purr_start;
+
+ return tb_env->purr_load + muldiv64(diff, tb_env->tb_freq, get_ticks_per_sec());
+}
+
+/* When decrementer expires,
+ * all we need to do is generate or queue a CPU exception
+ */
+static inline void cpu_ppc_decr_excp(PowerPCCPU *cpu)
+{
+ /* Raise it */
+ LOG_TB("raise decrementer exception\n");
+ ppc_set_irq(cpu, PPC_INTERRUPT_DECR, 1);
+}
+
+static inline void cpu_ppc_hdecr_excp(PowerPCCPU *cpu)
+{
+ /* Raise it */
+ LOG_TB("raise decrementer exception\n");
+ ppc_set_irq(cpu, PPC_INTERRUPT_HDECR, 1);
+}
+
+static void __cpu_ppc_store_decr(PowerPCCPU *cpu, uint64_t *nextp,
+ struct QEMUTimer *timer,
+ void (*raise_excp)(PowerPCCPU *),
+ uint32_t decr, uint32_t value,
+ int is_excp)
+{
+ CPUPPCState *env = &cpu->env;
+ ppc_tb_t *tb_env = env->tb_env;
+ uint64_t now, next;
+
+ LOG_TB("%s: %08" PRIx32 " => %08" PRIx32 "\n", __func__,
+ decr, value);
+
+ if (kvm_enabled()) {
+ /* KVM handles decrementer exceptions, we don't need our own timer */
+ return;
+ }
+
+ now = qemu_get_clock_ns(vm_clock);
+ next = now + muldiv64(value, get_ticks_per_sec(), tb_env->decr_freq);
+ if (is_excp) {
+ next += *nextp - now;
+ }
+ if (next == now) {
+ next++;
+ }
+ *nextp = next;
+ /* Adjust timer */
+ qemu_mod_timer(timer, next);
+
+ /* If we set a negative value and the decrementer was positive, raise an
+ * exception.
+ */
+ if ((tb_env->flags & PPC_DECR_UNDERFLOW_TRIGGERED)
+ && (value & 0x80000000)
+ && !(decr & 0x80000000)) {
+ (*raise_excp)(cpu);
+ }
+}
+
+static inline void _cpu_ppc_store_decr(PowerPCCPU *cpu, uint32_t decr,
+ uint32_t value, int is_excp)
+{
+ ppc_tb_t *tb_env = cpu->env.tb_env;
+
+ __cpu_ppc_store_decr(cpu, &tb_env->decr_next, tb_env->decr_timer,
+ &cpu_ppc_decr_excp, decr, value, is_excp);
+}
+
+void cpu_ppc_store_decr (CPUPPCState *env, uint32_t value)
+{
+ PowerPCCPU *cpu = ppc_env_get_cpu(env);
+
+ _cpu_ppc_store_decr(cpu, cpu_ppc_load_decr(env), value, 0);
+}
+
+static void cpu_ppc_decr_cb(void *opaque)
+{
+ PowerPCCPU *cpu = opaque;
+
+ _cpu_ppc_store_decr(cpu, 0x00000000, 0xFFFFFFFF, 1);
+}
+
+static inline void _cpu_ppc_store_hdecr(PowerPCCPU *cpu, uint32_t hdecr,
+ uint32_t value, int is_excp)
+{
+ ppc_tb_t *tb_env = cpu->env.tb_env;
+
+ if (tb_env->hdecr_timer != NULL) {
+ __cpu_ppc_store_decr(cpu, &tb_env->hdecr_next, tb_env->hdecr_timer,
+ &cpu_ppc_hdecr_excp, hdecr, value, is_excp);
+ }
+}
+
+void cpu_ppc_store_hdecr (CPUPPCState *env, uint32_t value)
+{
+ PowerPCCPU *cpu = ppc_env_get_cpu(env);
+
+ _cpu_ppc_store_hdecr(cpu, cpu_ppc_load_hdecr(env), value, 0);
+}
+
+static void cpu_ppc_hdecr_cb(void *opaque)
+{
+ PowerPCCPU *cpu = opaque;
+
+ _cpu_ppc_store_hdecr(cpu, 0x00000000, 0xFFFFFFFF, 1);
+}
+
+static void cpu_ppc_store_purr(PowerPCCPU *cpu, uint64_t value)
+{
+ ppc_tb_t *tb_env = cpu->env.tb_env;
+
+ tb_env->purr_load = value;
+ tb_env->purr_start = qemu_get_clock_ns(vm_clock);
+}
+
+static void cpu_ppc_set_tb_clk (void *opaque, uint32_t freq)
+{
+ CPUPPCState *env = opaque;
+ PowerPCCPU *cpu = ppc_env_get_cpu(env);
+ ppc_tb_t *tb_env = env->tb_env;
+
+ tb_env->tb_freq = freq;
+ tb_env->decr_freq = freq;
+ /* There is a bug in Linux 2.4 kernels:
+ * if a decrementer exception is pending when it enables msr_ee at startup,
+ * it's not ready to handle it...
+ */
+ _cpu_ppc_store_decr(cpu, 0xFFFFFFFF, 0xFFFFFFFF, 0);
+ _cpu_ppc_store_hdecr(cpu, 0xFFFFFFFF, 0xFFFFFFFF, 0);
+ cpu_ppc_store_purr(cpu, 0x0000000000000000ULL);
+}
+
+/* Set up (once) timebase frequency (in Hz) */
+clk_setup_cb cpu_ppc_tb_init (CPUPPCState *env, uint32_t freq)
+{
+ PowerPCCPU *cpu = ppc_env_get_cpu(env);
+ ppc_tb_t *tb_env;
+
+ tb_env = g_malloc0(sizeof(ppc_tb_t));
+ env->tb_env = tb_env;
+ tb_env->flags = PPC_DECR_UNDERFLOW_TRIGGERED;
+ /* Create new timer */
+ tb_env->decr_timer = qemu_new_timer_ns(vm_clock, &cpu_ppc_decr_cb, cpu);
+ if (0) {
+ /* XXX: find a suitable condition to enable the hypervisor decrementer
+ */
+ tb_env->hdecr_timer = qemu_new_timer_ns(vm_clock, &cpu_ppc_hdecr_cb,
+ cpu);
+ } else {
+ tb_env->hdecr_timer = NULL;
+ }
+ cpu_ppc_set_tb_clk(env, freq);
+
+ return &cpu_ppc_set_tb_clk;
+}
+
+/* Specific helpers for POWER & PowerPC 601 RTC */
+#if 0
+static clk_setup_cb cpu_ppc601_rtc_init (CPUPPCState *env)
+{
+ return cpu_ppc_tb_init(env, 7812500);
+}
+#endif
+
+void cpu_ppc601_store_rtcu (CPUPPCState *env, uint32_t value)
+{
+ _cpu_ppc_store_tbu(env, value);
+}
+
+uint32_t cpu_ppc601_load_rtcu (CPUPPCState *env)
+{
+ return _cpu_ppc_load_tbu(env);
+}
+
+void cpu_ppc601_store_rtcl (CPUPPCState *env, uint32_t value)
+{
+ cpu_ppc_store_tbl(env, value & 0x3FFFFF80);
+}
+
+uint32_t cpu_ppc601_load_rtcl (CPUPPCState *env)
+{
+ return cpu_ppc_load_tbl(env) & 0x3FFFFF80;
+}
+
+/*****************************************************************************/
+/* PowerPC 40x timers */
+
+/* PIT, FIT & WDT */
+typedef struct ppc40x_timer_t ppc40x_timer_t;
+struct ppc40x_timer_t {
+ uint64_t pit_reload; /* PIT auto-reload value */
+ uint64_t fit_next; /* Tick for next FIT interrupt */
+ struct QEMUTimer *fit_timer;
+ uint64_t wdt_next; /* Tick for next WDT interrupt */
+ struct QEMUTimer *wdt_timer;
+
+ /* 405 have the PIT, 440 have a DECR. */
+ unsigned int decr_excp;
+};
+
+/* Fixed interval timer */
+static void cpu_4xx_fit_cb (void *opaque)
+{
+ PowerPCCPU *cpu;
+ CPUPPCState *env;
+ ppc_tb_t *tb_env;
+ ppc40x_timer_t *ppc40x_timer;
+ uint64_t now, next;
+
+ env = opaque;
+ cpu = ppc_env_get_cpu(env);
+ tb_env = env->tb_env;
+ ppc40x_timer = tb_env->opaque;
+ now = qemu_get_clock_ns(vm_clock);
+ switch ((env->spr[SPR_40x_TCR] >> 24) & 0x3) {
+ case 0:
+ next = 1 << 9;
+ break;
+ case 1:
+ next = 1 << 13;
+ break;
+ case 2:
+ next = 1 << 17;
+ break;
+ case 3:
+ next = 1 << 21;
+ break;
+ default:
+ /* Cannot occur, but makes gcc happy */
+ return;
+ }
+ next = now + muldiv64(next, get_ticks_per_sec(), tb_env->tb_freq);
+ if (next == now)
+ next++;
+ qemu_mod_timer(ppc40x_timer->fit_timer, next);
+ env->spr[SPR_40x_TSR] |= 1 << 26;
+ if ((env->spr[SPR_40x_TCR] >> 23) & 0x1) {
+ ppc_set_irq(cpu, PPC_INTERRUPT_FIT, 1);
+ }
+ LOG_TB("%s: ir %d TCR " TARGET_FMT_lx " TSR " TARGET_FMT_lx "\n", __func__,
+ (int)((env->spr[SPR_40x_TCR] >> 23) & 0x1),
+ env->spr[SPR_40x_TCR], env->spr[SPR_40x_TSR]);
+}
+
+/* Programmable interval timer */
+static void start_stop_pit (CPUPPCState *env, ppc_tb_t *tb_env, int is_excp)
+{
+ ppc40x_timer_t *ppc40x_timer;
+ uint64_t now, next;
+
+ ppc40x_timer = tb_env->opaque;
+ if (ppc40x_timer->pit_reload <= 1 ||
+ !((env->spr[SPR_40x_TCR] >> 26) & 0x1) ||
+ (is_excp && !((env->spr[SPR_40x_TCR] >> 22) & 0x1))) {
+ /* Stop PIT */
+ LOG_TB("%s: stop PIT\n", __func__);
+ qemu_del_timer(tb_env->decr_timer);
+ } else {
+ LOG_TB("%s: start PIT %016" PRIx64 "\n",
+ __func__, ppc40x_timer->pit_reload);
+ now = qemu_get_clock_ns(vm_clock);
+ next = now + muldiv64(ppc40x_timer->pit_reload,
+ get_ticks_per_sec(), tb_env->decr_freq);
+ if (is_excp)
+ next += tb_env->decr_next - now;
+ if (next == now)
+ next++;
+ qemu_mod_timer(tb_env->decr_timer, next);
+ tb_env->decr_next = next;
+ }
+}
+
+static void cpu_4xx_pit_cb (void *opaque)
+{
+ PowerPCCPU *cpu;
+ CPUPPCState *env;
+ ppc_tb_t *tb_env;
+ ppc40x_timer_t *ppc40x_timer;
+
+ env = opaque;
+ cpu = ppc_env_get_cpu(env);
+ tb_env = env->tb_env;
+ ppc40x_timer = tb_env->opaque;
+ env->spr[SPR_40x_TSR] |= 1 << 27;
+ if ((env->spr[SPR_40x_TCR] >> 26) & 0x1) {
+ ppc_set_irq(cpu, ppc40x_timer->decr_excp, 1);
+ }
+ start_stop_pit(env, tb_env, 1);
+ LOG_TB("%s: ar %d ir %d TCR " TARGET_FMT_lx " TSR " TARGET_FMT_lx " "
+ "%016" PRIx64 "\n", __func__,
+ (int)((env->spr[SPR_40x_TCR] >> 22) & 0x1),
+ (int)((env->spr[SPR_40x_TCR] >> 26) & 0x1),
+ env->spr[SPR_40x_TCR], env->spr[SPR_40x_TSR],
+ ppc40x_timer->pit_reload);
+}
+
+/* Watchdog timer */
+static void cpu_4xx_wdt_cb (void *opaque)
+{
+ PowerPCCPU *cpu;
+ CPUPPCState *env;
+ ppc_tb_t *tb_env;
+ ppc40x_timer_t *ppc40x_timer;
+ uint64_t now, next;
+
+ env = opaque;
+ cpu = ppc_env_get_cpu(env);
+ tb_env = env->tb_env;
+ ppc40x_timer = tb_env->opaque;
+ now = qemu_get_clock_ns(vm_clock);
+ switch ((env->spr[SPR_40x_TCR] >> 30) & 0x3) {
+ case 0:
+ next = 1 << 17;
+ break;
+ case 1:
+ next = 1 << 21;
+ break;
+ case 2:
+ next = 1 << 25;
+ break;
+ case 3:
+ next = 1 << 29;
+ break;
+ default:
+ /* Cannot occur, but makes gcc happy */
+ return;
+ }
+ next = now + muldiv64(next, get_ticks_per_sec(), tb_env->decr_freq);
+ if (next == now)
+ next++;
+ LOG_TB("%s: TCR " TARGET_FMT_lx " TSR " TARGET_FMT_lx "\n", __func__,
+ env->spr[SPR_40x_TCR], env->spr[SPR_40x_TSR]);
+ switch ((env->spr[SPR_40x_TSR] >> 30) & 0x3) {
+ case 0x0:
+ case 0x1:
+ qemu_mod_timer(ppc40x_timer->wdt_timer, next);
+ ppc40x_timer->wdt_next = next;
+ env->spr[SPR_40x_TSR] |= 1 << 31;
+ break;
+ case 0x2:
+ qemu_mod_timer(ppc40x_timer->wdt_timer, next);
+ ppc40x_timer->wdt_next = next;
+ env->spr[SPR_40x_TSR] |= 1 << 30;
+ if ((env->spr[SPR_40x_TCR] >> 27) & 0x1) {
+ ppc_set_irq(cpu, PPC_INTERRUPT_WDT, 1);
+ }
+ break;
+ case 0x3:
+ env->spr[SPR_40x_TSR] &= ~0x30000000;
+ env->spr[SPR_40x_TSR] |= env->spr[SPR_40x_TCR] & 0x30000000;
+ switch ((env->spr[SPR_40x_TCR] >> 28) & 0x3) {
+ case 0x0:
+ /* No reset */
+ break;
+ case 0x1: /* Core reset */
+ ppc40x_core_reset(cpu);
+ break;
+ case 0x2: /* Chip reset */
+ ppc40x_chip_reset(cpu);
+ break;
+ case 0x3: /* System reset */
+ ppc40x_system_reset(cpu);
+ break;
+ }
+ }
+}
+
+void store_40x_pit (CPUPPCState *env, target_ulong val)
+{
+ ppc_tb_t *tb_env;
+ ppc40x_timer_t *ppc40x_timer;
+
+ tb_env = env->tb_env;
+ ppc40x_timer = tb_env->opaque;
+ LOG_TB("%s val" TARGET_FMT_lx "\n", __func__, val);
+ ppc40x_timer->pit_reload = val;
+ start_stop_pit(env, tb_env, 0);
+}
+
+target_ulong load_40x_pit (CPUPPCState *env)
+{
+ return cpu_ppc_load_decr(env);
+}
+
+static void ppc_40x_set_tb_clk (void *opaque, uint32_t freq)
+{
+ CPUPPCState *env = opaque;
+ ppc_tb_t *tb_env = env->tb_env;
+
+ LOG_TB("%s set new frequency to %" PRIu32 "\n", __func__,
+ freq);
+ tb_env->tb_freq = freq;
+ tb_env->decr_freq = freq;
+ /* XXX: we should also update all timers */
+}
+
+clk_setup_cb ppc_40x_timers_init (CPUPPCState *env, uint32_t freq,
+ unsigned int decr_excp)
+{
+ ppc_tb_t *tb_env;
+ ppc40x_timer_t *ppc40x_timer;
+
+ tb_env = g_malloc0(sizeof(ppc_tb_t));
+ env->tb_env = tb_env;
+ tb_env->flags = PPC_DECR_UNDERFLOW_TRIGGERED;
+ ppc40x_timer = g_malloc0(sizeof(ppc40x_timer_t));
+ tb_env->tb_freq = freq;
+ tb_env->decr_freq = freq;
+ tb_env->opaque = ppc40x_timer;
+ LOG_TB("%s freq %" PRIu32 "\n", __func__, freq);
+ if (ppc40x_timer != NULL) {
+ /* We use decr timer for PIT */
+ tb_env->decr_timer = qemu_new_timer_ns(vm_clock, &cpu_4xx_pit_cb, env);
+ ppc40x_timer->fit_timer =
+ qemu_new_timer_ns(vm_clock, &cpu_4xx_fit_cb, env);
+ ppc40x_timer->wdt_timer =
+ qemu_new_timer_ns(vm_clock, &cpu_4xx_wdt_cb, env);
+ ppc40x_timer->decr_excp = decr_excp;
+ }
+
+ return &ppc_40x_set_tb_clk;
+}
+
+/*****************************************************************************/
+/* Embedded PowerPC Device Control Registers */
+typedef struct ppc_dcrn_t ppc_dcrn_t;
+struct ppc_dcrn_t {
+ dcr_read_cb dcr_read;
+ dcr_write_cb dcr_write;
+ void *opaque;
+};
+
+/* XXX: on 460, DCR addresses are 32 bits wide,
+ * using DCRIPR to get the 22 upper bits of the DCR address
+ */
+#define DCRN_NB 1024
+struct ppc_dcr_t {
+ ppc_dcrn_t dcrn[DCRN_NB];
+ int (*read_error)(int dcrn);
+ int (*write_error)(int dcrn);
+};
+
+int ppc_dcr_read (ppc_dcr_t *dcr_env, int dcrn, uint32_t *valp)
+{
+ ppc_dcrn_t *dcr;
+
+ if (dcrn < 0 || dcrn >= DCRN_NB)
+ goto error;
+ dcr = &dcr_env->dcrn[dcrn];
+ if (dcr->dcr_read == NULL)
+ goto error;
+ *valp = (*dcr->dcr_read)(dcr->opaque, dcrn);
+
+ return 0;
+
+ error:
+ if (dcr_env->read_error != NULL)
+ return (*dcr_env->read_error)(dcrn);
+
+ return -1;
+}
+
+int ppc_dcr_write (ppc_dcr_t *dcr_env, int dcrn, uint32_t val)
+{
+ ppc_dcrn_t *dcr;
+
+ if (dcrn < 0 || dcrn >= DCRN_NB)
+ goto error;
+ dcr = &dcr_env->dcrn[dcrn];
+ if (dcr->dcr_write == NULL)
+ goto error;
+ (*dcr->dcr_write)(dcr->opaque, dcrn, val);
+
+ return 0;
+
+ error:
+ if (dcr_env->write_error != NULL)
+ return (*dcr_env->write_error)(dcrn);
+
+ return -1;
+}
+
+int ppc_dcr_register (CPUPPCState *env, int dcrn, void *opaque,
+ dcr_read_cb dcr_read, dcr_write_cb dcr_write)
+{
+ ppc_dcr_t *dcr_env;
+ ppc_dcrn_t *dcr;
+
+ dcr_env = env->dcr_env;
+ if (dcr_env == NULL)
+ return -1;
+ if (dcrn < 0 || dcrn >= DCRN_NB)
+ return -1;
+ dcr = &dcr_env->dcrn[dcrn];
+ if (dcr->opaque != NULL ||
+ dcr->dcr_read != NULL ||
+ dcr->dcr_write != NULL)
+ return -1;
+ dcr->opaque = opaque;
+ dcr->dcr_read = dcr_read;
+ dcr->dcr_write = dcr_write;
+
+ return 0;
+}
+
+int ppc_dcr_init (CPUPPCState *env, int (*read_error)(int dcrn),
+ int (*write_error)(int dcrn))
+{
+ ppc_dcr_t *dcr_env;
+
+ dcr_env = g_malloc0(sizeof(ppc_dcr_t));
+ dcr_env->read_error = read_error;
+ dcr_env->write_error = write_error;
+ env->dcr_env = dcr_env;
+
+ return 0;
+}
+
+/*****************************************************************************/
+/* Debug port */
+void PPC_debug_write (void *opaque, uint32_t addr, uint32_t val)
+{
+ addr &= 0xF;
+ switch (addr) {
+ case 0:
+ printf("%c", val);
+ break;
+ case 1:
+ printf("\n");
+ fflush(stdout);
+ break;
+ case 2:
+ printf("Set loglevel to %04" PRIx32 "\n", val);
+ qemu_set_log(val | 0x100);
+ break;
+ }
+}
+
+/*****************************************************************************/
+/* NVRAM helpers */
+static inline uint32_t nvram_read (nvram_t *nvram, uint32_t addr)
+{
+ return (*nvram->read_fn)(nvram->opaque, addr);
+}
+
+static inline void nvram_write (nvram_t *nvram, uint32_t addr, uint32_t val)
+{
+ (*nvram->write_fn)(nvram->opaque, addr, val);
+}
+
+static void NVRAM_set_byte(nvram_t *nvram, uint32_t addr, uint8_t value)
+{
+ nvram_write(nvram, addr, value);
+}
+
+static uint8_t NVRAM_get_byte(nvram_t *nvram, uint32_t addr)
+{
+ return nvram_read(nvram, addr);
+}
+
+static void NVRAM_set_word(nvram_t *nvram, uint32_t addr, uint16_t value)
+{
+ nvram_write(nvram, addr, value >> 8);
+ nvram_write(nvram, addr + 1, value & 0xFF);
+}
+
+static uint16_t NVRAM_get_word(nvram_t *nvram, uint32_t addr)
+{
+ uint16_t tmp;
+
+ tmp = nvram_read(nvram, addr) << 8;
+ tmp |= nvram_read(nvram, addr + 1);
+
+ return tmp;
+}
+
+static void NVRAM_set_lword(nvram_t *nvram, uint32_t addr, uint32_t value)
+{
+ nvram_write(nvram, addr, value >> 24);
+ nvram_write(nvram, addr + 1, (value >> 16) & 0xFF);
+ nvram_write(nvram, addr + 2, (value >> 8) & 0xFF);
+ nvram_write(nvram, addr + 3, value & 0xFF);
+}
+
+uint32_t NVRAM_get_lword (nvram_t *nvram, uint32_t addr)
+{
+ uint32_t tmp;
+
+ tmp = nvram_read(nvram, addr) << 24;
+ tmp |= nvram_read(nvram, addr + 1) << 16;
+ tmp |= nvram_read(nvram, addr + 2) << 8;
+ tmp |= nvram_read(nvram, addr + 3);
+
+ return tmp;
+}
+
+static void NVRAM_set_string(nvram_t *nvram, uint32_t addr, const char *str,
+ uint32_t max)
+{
+ int i;
+
+ for (i = 0; i < max && str[i] != '\0'; i++) {
+ nvram_write(nvram, addr + i, str[i]);
+ }
+ nvram_write(nvram, addr + i, str[i]);
+ nvram_write(nvram, addr + max - 1, '\0');
+}
+
+int NVRAM_get_string (nvram_t *nvram, uint8_t *dst, uint16_t addr, int max)
+{
+ int i;
+
+ memset(dst, 0, max);
+ for (i = 0; i < max; i++) {
+ dst[i] = NVRAM_get_byte(nvram, addr + i);
+ if (dst[i] == '\0')
+ break;
+ }
+
+ return i;
+}
+
+static uint16_t NVRAM_crc_update (uint16_t prev, uint16_t value)
+{
+ uint16_t tmp;
+ uint16_t pd, pd1, pd2;
+
+ tmp = prev >> 8;
+ pd = prev ^ value;
+ pd1 = pd & 0x000F;
+ pd2 = ((pd >> 4) & 0x000F) ^ pd1;
+ tmp ^= (pd1 << 3) | (pd1 << 8);
+ tmp ^= pd2 | (pd2 << 7) | (pd2 << 12);
+
+ return tmp;
+}
+
+static uint16_t NVRAM_compute_crc (nvram_t *nvram, uint32_t start, uint32_t count)
+{
+ uint32_t i;
+ uint16_t crc = 0xFFFF;
+ int odd;
+
+ odd = count & 1;
+ count &= ~1;
+ for (i = 0; i != count; i++) {
+ crc = NVRAM_crc_update(crc, NVRAM_get_word(nvram, start + i));
+ }
+ if (odd) {
+ crc = NVRAM_crc_update(crc, NVRAM_get_byte(nvram, start + i) << 8);
+ }
+
+ return crc;
+}
+
+#define CMDLINE_ADDR 0x017ff000
+
+int PPC_NVRAM_set_params (nvram_t *nvram, uint16_t NVRAM_size,
+ const char *arch,
+ uint32_t RAM_size, int boot_device,
+ uint32_t kernel_image, uint32_t kernel_size,
+ const char *cmdline,
+ uint32_t initrd_image, uint32_t initrd_size,
+ uint32_t NVRAM_image,
+ int width, int height, int depth)
+{
+ uint16_t crc;
+
+ /* Set parameters for Open Hack'Ware BIOS */
+ NVRAM_set_string(nvram, 0x00, "QEMU_BIOS", 16);
+ NVRAM_set_lword(nvram, 0x10, 0x00000002); /* structure v2 */
+ NVRAM_set_word(nvram, 0x14, NVRAM_size);
+ NVRAM_set_string(nvram, 0x20, arch, 16);
+ NVRAM_set_lword(nvram, 0x30, RAM_size);
+ NVRAM_set_byte(nvram, 0x34, boot_device);
+ NVRAM_set_lword(nvram, 0x38, kernel_image);
+ NVRAM_set_lword(nvram, 0x3C, kernel_size);
+ if (cmdline) {
+ /* XXX: put the cmdline in NVRAM too ? */
+ pstrcpy_targphys("cmdline", CMDLINE_ADDR, RAM_size - CMDLINE_ADDR, cmdline);
+ NVRAM_set_lword(nvram, 0x40, CMDLINE_ADDR);
+ NVRAM_set_lword(nvram, 0x44, strlen(cmdline));
+ } else {
+ NVRAM_set_lword(nvram, 0x40, 0);
+ NVRAM_set_lword(nvram, 0x44, 0);
+ }
+ NVRAM_set_lword(nvram, 0x48, initrd_image);
+ NVRAM_set_lword(nvram, 0x4C, initrd_size);
+ NVRAM_set_lword(nvram, 0x50, NVRAM_image);
+
+ NVRAM_set_word(nvram, 0x54, width);
+ NVRAM_set_word(nvram, 0x56, height);
+ NVRAM_set_word(nvram, 0x58, depth);
+ crc = NVRAM_compute_crc(nvram, 0x00, 0xF8);
+ NVRAM_set_word(nvram, 0xFC, crc);
+
+ return 0;
+}
diff --git a/hw/ppc/ppc405.h b/hw/ppc/ppc405.h
new file mode 100644
index 000000000..1c5f04fae
--- /dev/null
+++ b/hw/ppc/ppc405.h
@@ -0,0 +1,81 @@
+/*
+ * QEMU PowerPC 405 shared definitions
+ *
+ * Copyright (c) 2007 Jocelyn Mayer
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+#if !defined(PPC_405_H)
+#define PPC_405_H
+
+#include "hw/ppc/ppc4xx.h"
+
+/* Bootinfo as set-up by u-boot */
+typedef struct ppc4xx_bd_info_t ppc4xx_bd_info_t;
+struct ppc4xx_bd_info_t {
+ uint32_t bi_memstart;
+ uint32_t bi_memsize;
+ uint32_t bi_flashstart;
+ uint32_t bi_flashsize;
+ uint32_t bi_flashoffset; /* 0x10 */
+ uint32_t bi_sramstart;
+ uint32_t bi_sramsize;
+ uint32_t bi_bootflags;
+ uint32_t bi_ipaddr; /* 0x20 */
+ uint8_t bi_enetaddr[6];
+ uint16_t bi_ethspeed;
+ uint32_t bi_intfreq;
+ uint32_t bi_busfreq; /* 0x30 */
+ uint32_t bi_baudrate;
+ uint8_t bi_s_version[4];
+ uint8_t bi_r_version[32];
+ uint32_t bi_procfreq;
+ uint32_t bi_plb_busfreq;
+ uint32_t bi_pci_busfreq;
+ uint8_t bi_pci_enetaddr[6];
+ uint32_t bi_pci_enetaddr2[6];
+ uint32_t bi_opbfreq;
+ uint32_t bi_iic_fast[2];
+};
+
+/* PowerPC 405 core */
+ram_addr_t ppc405_set_bootinfo (CPUPPCState *env, ppc4xx_bd_info_t *bd,
+ uint32_t flags);
+
+CPUPPCState *ppc405cr_init(MemoryRegion *address_space_mem,
+ MemoryRegion ram_memories[4],
+ hwaddr ram_bases[4],
+ hwaddr ram_sizes[4],
+ uint32_t sysclk, qemu_irq **picp,
+ int do_init);
+CPUPPCState *ppc405ep_init(MemoryRegion *address_space_mem,
+ MemoryRegion ram_memories[2],
+ hwaddr ram_bases[2],
+ hwaddr ram_sizes[2],
+ uint32_t sysclk, qemu_irq **picp,
+ int do_init);
+/* IBM STBxxx microcontrollers */
+CPUPPCState *ppc_stb025_init (MemoryRegion ram_memories[2],
+ hwaddr ram_bases[2],
+ hwaddr ram_sizes[2],
+ uint32_t sysclk, qemu_irq **picp,
+ ram_addr_t *offsetp);
+
+#endif /* !defined(PPC_405_H) */
diff --git a/hw/ppc/ppc405_boards.c b/hw/ppc/ppc405_boards.c
new file mode 100644
index 000000000..f74e5e52c
--- /dev/null
+++ b/hw/ppc/ppc405_boards.c
@@ -0,0 +1,662 @@
+/*
+ * QEMU PowerPC 405 evaluation boards emulation
+ *
+ * Copyright (c) 2007 Jocelyn Mayer
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+#include "hw/hw.h"
+#include "hw/ppc/ppc.h"
+#include "ppc405.h"
+#include "hw/timer/m48t59.h"
+#include "hw/block/flash.h"
+#include "sysemu/sysemu.h"
+#include "block/block.h"
+#include "hw/boards.h"
+#include "qemu/log.h"
+#include "hw/loader.h"
+#include "sysemu/blockdev.h"
+#include "exec/address-spaces.h"
+
+#define BIOS_FILENAME "ppc405_rom.bin"
+#define BIOS_SIZE (2048 * 1024)
+
+#define KERNEL_LOAD_ADDR 0x00000000
+#define INITRD_LOAD_ADDR 0x01800000
+
+#define USE_FLASH_BIOS
+
+#define DEBUG_BOARD_INIT
+
+/*****************************************************************************/
+/* PPC405EP reference board (IBM) */
+/* Standalone board with:
+ * - PowerPC 405EP CPU
+ * - SDRAM (0x00000000)
+ * - Flash (0xFFF80000)
+ * - SRAM (0xFFF00000)
+ * - NVRAM (0xF0000000)
+ * - FPGA (0xF0300000)
+ */
+typedef struct ref405ep_fpga_t ref405ep_fpga_t;
+struct ref405ep_fpga_t {
+ uint8_t reg0;
+ uint8_t reg1;
+};
+
+static uint32_t ref405ep_fpga_readb (void *opaque, hwaddr addr)
+{
+ ref405ep_fpga_t *fpga;
+ uint32_t ret;
+
+ fpga = opaque;
+ switch (addr) {
+ case 0x0:
+ ret = fpga->reg0;
+ break;
+ case 0x1:
+ ret = fpga->reg1;
+ break;
+ default:
+ ret = 0;
+ break;
+ }
+
+ return ret;
+}
+
+static void ref405ep_fpga_writeb (void *opaque,
+ hwaddr addr, uint32_t value)
+{
+ ref405ep_fpga_t *fpga;
+
+ fpga = opaque;
+ switch (addr) {
+ case 0x0:
+ /* Read only */
+ break;
+ case 0x1:
+ fpga->reg1 = value;
+ break;
+ default:
+ break;
+ }
+}
+
+static uint32_t ref405ep_fpga_readw (void *opaque, hwaddr addr)
+{
+ uint32_t ret;
+
+ ret = ref405ep_fpga_readb(opaque, addr) << 8;
+ ret |= ref405ep_fpga_readb(opaque, addr + 1);
+
+ return ret;
+}
+
+static void ref405ep_fpga_writew (void *opaque,
+ hwaddr addr, uint32_t value)
+{
+ ref405ep_fpga_writeb(opaque, addr, (value >> 8) & 0xFF);
+ ref405ep_fpga_writeb(opaque, addr + 1, value & 0xFF);
+}
+
+static uint32_t ref405ep_fpga_readl (void *opaque, hwaddr addr)
+{
+ uint32_t ret;
+
+ ret = ref405ep_fpga_readb(opaque, addr) << 24;
+ ret |= ref405ep_fpga_readb(opaque, addr + 1) << 16;
+ ret |= ref405ep_fpga_readb(opaque, addr + 2) << 8;
+ ret |= ref405ep_fpga_readb(opaque, addr + 3);
+
+ return ret;
+}
+
+static void ref405ep_fpga_writel (void *opaque,
+ hwaddr addr, uint32_t value)
+{
+ ref405ep_fpga_writeb(opaque, addr, (value >> 24) & 0xFF);
+ ref405ep_fpga_writeb(opaque, addr + 1, (value >> 16) & 0xFF);
+ ref405ep_fpga_writeb(opaque, addr + 2, (value >> 8) & 0xFF);
+ ref405ep_fpga_writeb(opaque, addr + 3, value & 0xFF);
+}
+
+static const MemoryRegionOps ref405ep_fpga_ops = {
+ .old_mmio = {
+ .read = {
+ ref405ep_fpga_readb, ref405ep_fpga_readw, ref405ep_fpga_readl,
+ },
+ .write = {
+ ref405ep_fpga_writeb, ref405ep_fpga_writew, ref405ep_fpga_writel,
+ },
+ },
+ .endianness = DEVICE_NATIVE_ENDIAN,
+};
+
+static void ref405ep_fpga_reset (void *opaque)
+{
+ ref405ep_fpga_t *fpga;
+
+ fpga = opaque;
+ fpga->reg0 = 0x00;
+ fpga->reg1 = 0x0F;
+}
+
+static void ref405ep_fpga_init(MemoryRegion *sysmem, uint32_t base)
+{
+ ref405ep_fpga_t *fpga;
+ MemoryRegion *fpga_memory = g_new(MemoryRegion, 1);
+
+ fpga = g_malloc0(sizeof(ref405ep_fpga_t));
+ memory_region_init_io(fpga_memory, NULL, &ref405ep_fpga_ops, fpga,
+ "fpga", 0x00000100);
+ memory_region_add_subregion(sysmem, base, fpga_memory);
+ qemu_register_reset(&ref405ep_fpga_reset, fpga);
+}
+
+static void ref405ep_init(QEMUMachineInitArgs *args)
+{
+ ram_addr_t ram_size = args->ram_size;
+ const char *kernel_filename = args->kernel_filename;
+ const char *kernel_cmdline = args->kernel_cmdline;
+ const char *initrd_filename = args->initrd_filename;
+ char *filename;
+ ppc4xx_bd_info_t bd;
+ CPUPPCState *env;
+ qemu_irq *pic;
+ MemoryRegion *bios;
+ MemoryRegion *sram = g_new(MemoryRegion, 1);
+ ram_addr_t bdloc;
+ MemoryRegion *ram_memories = g_malloc(2 * sizeof(*ram_memories));
+ hwaddr ram_bases[2], ram_sizes[2];
+ target_ulong sram_size;
+ long bios_size;
+ //int phy_addr = 0;
+ //static int phy_addr = 1;
+ target_ulong kernel_base, initrd_base;
+ long kernel_size, initrd_size;
+ int linux_boot;
+ int fl_idx, fl_sectors, len;
+ DriveInfo *dinfo;
+ MemoryRegion *sysmem = get_system_memory();
+
+ /* XXX: fix this */
+ memory_region_init_ram(&ram_memories[0], NULL, "ef405ep.ram", 0x08000000);
+ vmstate_register_ram_global(&ram_memories[0]);
+ ram_bases[0] = 0;
+ ram_sizes[0] = 0x08000000;
+ memory_region_init(&ram_memories[1], NULL, "ef405ep.ram1", 0);
+ ram_bases[1] = 0x00000000;
+ ram_sizes[1] = 0x00000000;
+ ram_size = 128 * 1024 * 1024;
+#ifdef DEBUG_BOARD_INIT
+ printf("%s: register cpu\n", __func__);
+#endif
+ env = ppc405ep_init(sysmem, ram_memories, ram_bases, ram_sizes,
+ 33333333, &pic, kernel_filename == NULL ? 0 : 1);
+ /* allocate SRAM */
+ sram_size = 512 * 1024;
+ memory_region_init_ram(sram, NULL, "ef405ep.sram", sram_size);
+ vmstate_register_ram_global(sram);
+ memory_region_add_subregion(sysmem, 0xFFF00000, sram);
+ /* allocate and load BIOS */
+#ifdef DEBUG_BOARD_INIT
+ printf("%s: register BIOS\n", __func__);
+#endif
+ fl_idx = 0;
+#ifdef USE_FLASH_BIOS
+ dinfo = drive_get(IF_PFLASH, 0, fl_idx);
+ if (dinfo) {
+ bios_size = bdrv_getlength(dinfo->bdrv);
+ fl_sectors = (bios_size + 65535) >> 16;
+#ifdef DEBUG_BOARD_INIT
+ printf("Register parallel flash %d size %lx"
+ " at addr %lx '%s' %d\n",
+ fl_idx, bios_size, -bios_size,
+ bdrv_get_device_name(dinfo->bdrv), fl_sectors);
+#endif
+ pflash_cfi02_register((uint32_t)(-bios_size),
+ NULL, "ef405ep.bios", bios_size,
+ dinfo->bdrv, 65536, fl_sectors, 1,
+ 2, 0x0001, 0x22DA, 0x0000, 0x0000, 0x555, 0x2AA,
+ 1);
+ fl_idx++;
+ } else
+#endif
+ {
+#ifdef DEBUG_BOARD_INIT
+ printf("Load BIOS from file\n");
+#endif
+ bios = g_new(MemoryRegion, 1);
+ memory_region_init_ram(bios, NULL, "ef405ep.bios", BIOS_SIZE);
+ vmstate_register_ram_global(bios);
+ if (bios_name == NULL)
+ bios_name = BIOS_FILENAME;
+ filename = qemu_find_file(QEMU_FILE_TYPE_BIOS, bios_name);
+ if (filename) {
+ bios_size = load_image(filename, memory_region_get_ram_ptr(bios));
+ g_free(filename);
+ } else {
+ bios_size = -1;
+ }
+ if (bios_size < 0 || bios_size > BIOS_SIZE) {
+ fprintf(stderr, "qemu: could not load PowerPC bios '%s'\n",
+ bios_name);
+ exit(1);
+ }
+ bios_size = (bios_size + 0xfff) & ~0xfff;
+ memory_region_set_readonly(bios, true);
+ memory_region_add_subregion(sysmem, (uint32_t)(-bios_size), bios);
+ }
+ /* Register FPGA */
+#ifdef DEBUG_BOARD_INIT
+ printf("%s: register FPGA\n", __func__);
+#endif
+ ref405ep_fpga_init(sysmem, 0xF0300000);
+ /* Register NVRAM */
+#ifdef DEBUG_BOARD_INIT
+ printf("%s: register NVRAM\n", __func__);
+#endif
+ m48t59_init(NULL, 0xF0000000, 0, 8192, 8);
+ /* Load kernel */
+ linux_boot = (kernel_filename != NULL);
+ if (linux_boot) {
+#ifdef DEBUG_BOARD_INIT
+ printf("%s: load kernel\n", __func__);
+#endif
+ memset(&bd, 0, sizeof(bd));
+ bd.bi_memstart = 0x00000000;
+ bd.bi_memsize = ram_size;
+ bd.bi_flashstart = -bios_size;
+ bd.bi_flashsize = -bios_size;
+ bd.bi_flashoffset = 0;
+ bd.bi_sramstart = 0xFFF00000;
+ bd.bi_sramsize = sram_size;
+ bd.bi_bootflags = 0;
+ bd.bi_intfreq = 133333333;
+ bd.bi_busfreq = 33333333;
+ bd.bi_baudrate = 115200;
+ bd.bi_s_version[0] = 'Q';
+ bd.bi_s_version[1] = 'M';
+ bd.bi_s_version[2] = 'U';
+ bd.bi_s_version[3] = '\0';
+ bd.bi_r_version[0] = 'Q';
+ bd.bi_r_version[1] = 'E';
+ bd.bi_r_version[2] = 'M';
+ bd.bi_r_version[3] = 'U';
+ bd.bi_r_version[4] = '\0';
+ bd.bi_procfreq = 133333333;
+ bd.bi_plb_busfreq = 33333333;
+ bd.bi_pci_busfreq = 33333333;
+ bd.bi_opbfreq = 33333333;
+ bdloc = ppc405_set_bootinfo(env, &bd, 0x00000001);
+ env->gpr[3] = bdloc;
+ kernel_base = KERNEL_LOAD_ADDR;
+ /* now we can load the kernel */
+ kernel_size = load_image_targphys(kernel_filename, kernel_base,
+ ram_size - kernel_base);
+ if (kernel_size < 0) {
+ fprintf(stderr, "qemu: could not load kernel '%s'\n",
+ kernel_filename);
+ exit(1);
+ }
+ printf("Load kernel size %ld at " TARGET_FMT_lx,
+ kernel_size, kernel_base);
+ /* load initrd */
+ if (initrd_filename) {
+ initrd_base = INITRD_LOAD_ADDR;
+ initrd_size = load_image_targphys(initrd_filename, initrd_base,
+ ram_size - initrd_base);
+ if (initrd_size < 0) {
+ fprintf(stderr, "qemu: could not load initial ram disk '%s'\n",
+ initrd_filename);
+ exit(1);
+ }
+ } else {
+ initrd_base = 0;
+ initrd_size = 0;
+ }
+ env->gpr[4] = initrd_base;
+ env->gpr[5] = initrd_size;
+ if (kernel_cmdline != NULL) {
+ len = strlen(kernel_cmdline);
+ bdloc -= ((len + 255) & ~255);
+ cpu_physical_memory_write(bdloc, kernel_cmdline, len + 1);
+ env->gpr[6] = bdloc;
+ env->gpr[7] = bdloc + len;
+ } else {
+ env->gpr[6] = 0;
+ env->gpr[7] = 0;
+ }
+ env->nip = KERNEL_LOAD_ADDR;
+ } else {
+ kernel_base = 0;
+ kernel_size = 0;
+ initrd_base = 0;
+ initrd_size = 0;
+ bdloc = 0;
+ }
+#ifdef DEBUG_BOARD_INIT
+ printf("%s: Done\n", __func__);
+#endif
+ printf("bdloc " RAM_ADDR_FMT "\n", bdloc);
+}
+
+static QEMUMachine ref405ep_machine = {
+ .name = "ref405ep",
+ .desc = "ref405ep",
+ .init = ref405ep_init,
+ DEFAULT_MACHINE_OPTIONS,
+};
+
+/*****************************************************************************/
+/* AMCC Taihu evaluation board */
+/* - PowerPC 405EP processor
+ * - SDRAM 128 MB at 0x00000000
+ * - Boot flash 2 MB at 0xFFE00000
+ * - Application flash 32 MB at 0xFC000000
+ * - 2 serial ports
+ * - 2 ethernet PHY
+ * - 1 USB 1.1 device 0x50000000
+ * - 1 LCD display 0x50100000
+ * - 1 CPLD 0x50100000
+ * - 1 I2C EEPROM
+ * - 1 I2C thermal sensor
+ * - a set of LEDs
+ * - bit-bang SPI port using GPIOs
+ * - 1 EBC interface connector 0 0x50200000
+ * - 1 cardbus controller + expansion slot.
+ * - 1 PCI expansion slot.
+ */
+typedef struct taihu_cpld_t taihu_cpld_t;
+struct taihu_cpld_t {
+ uint8_t reg0;
+ uint8_t reg1;
+};
+
+static uint32_t taihu_cpld_readb (void *opaque, hwaddr addr)
+{
+ taihu_cpld_t *cpld;
+ uint32_t ret;
+
+ cpld = opaque;
+ switch (addr) {
+ case 0x0:
+ ret = cpld->reg0;
+ break;
+ case 0x1:
+ ret = cpld->reg1;
+ break;
+ default:
+ ret = 0;
+ break;
+ }
+
+ return ret;
+}
+
+static void taihu_cpld_writeb (void *opaque,
+ hwaddr addr, uint32_t value)
+{
+ taihu_cpld_t *cpld;
+
+ cpld = opaque;
+ switch (addr) {
+ case 0x0:
+ /* Read only */
+ break;
+ case 0x1:
+ cpld->reg1 = value;
+ break;
+ default:
+ break;
+ }
+}
+
+static uint32_t taihu_cpld_readw (void *opaque, hwaddr addr)
+{
+ uint32_t ret;
+
+ ret = taihu_cpld_readb(opaque, addr) << 8;
+ ret |= taihu_cpld_readb(opaque, addr + 1);
+
+ return ret;
+}
+
+static void taihu_cpld_writew (void *opaque,
+ hwaddr addr, uint32_t value)
+{
+ taihu_cpld_writeb(opaque, addr, (value >> 8) & 0xFF);
+ taihu_cpld_writeb(opaque, addr + 1, value & 0xFF);
+}
+
+static uint32_t taihu_cpld_readl (void *opaque, hwaddr addr)
+{
+ uint32_t ret;
+
+ ret = taihu_cpld_readb(opaque, addr) << 24;
+ ret |= taihu_cpld_readb(opaque, addr + 1) << 16;
+ ret |= taihu_cpld_readb(opaque, addr + 2) << 8;
+ ret |= taihu_cpld_readb(opaque, addr + 3);
+
+ return ret;
+}
+
+static void taihu_cpld_writel (void *opaque,
+ hwaddr addr, uint32_t value)
+{
+ taihu_cpld_writel(opaque, addr, (value >> 24) & 0xFF);
+ taihu_cpld_writel(opaque, addr + 1, (value >> 16) & 0xFF);
+ taihu_cpld_writel(opaque, addr + 2, (value >> 8) & 0xFF);
+ taihu_cpld_writeb(opaque, addr + 3, value & 0xFF);
+}
+
+static const MemoryRegionOps taihu_cpld_ops = {
+ .old_mmio = {
+ .read = { taihu_cpld_readb, taihu_cpld_readw, taihu_cpld_readl, },
+ .write = { taihu_cpld_writeb, taihu_cpld_writew, taihu_cpld_writel, },
+ },
+ .endianness = DEVICE_NATIVE_ENDIAN,
+};
+
+static void taihu_cpld_reset (void *opaque)
+{
+ taihu_cpld_t *cpld;
+
+ cpld = opaque;
+ cpld->reg0 = 0x01;
+ cpld->reg1 = 0x80;
+}
+
+static void taihu_cpld_init(MemoryRegion *sysmem, uint32_t base)
+{
+ taihu_cpld_t *cpld;
+ MemoryRegion *cpld_memory = g_new(MemoryRegion, 1);
+
+ cpld = g_malloc0(sizeof(taihu_cpld_t));
+ memory_region_init_io(cpld_memory, NULL, &taihu_cpld_ops, cpld, "cpld", 0x100);
+ memory_region_add_subregion(sysmem, base, cpld_memory);
+ qemu_register_reset(&taihu_cpld_reset, cpld);
+}
+
+static void taihu_405ep_init(QEMUMachineInitArgs *args)
+{
+ ram_addr_t ram_size = args->ram_size;
+ const char *kernel_filename = args->kernel_filename;
+ const char *initrd_filename = args->initrd_filename;
+ char *filename;
+ qemu_irq *pic;
+ MemoryRegion *sysmem = get_system_memory();
+ MemoryRegion *bios;
+ MemoryRegion *ram_memories = g_malloc(2 * sizeof(*ram_memories));
+ hwaddr ram_bases[2], ram_sizes[2];
+ long bios_size;
+ target_ulong kernel_base, initrd_base;
+ long kernel_size, initrd_size;
+ int linux_boot;
+ int fl_idx, fl_sectors;
+ DriveInfo *dinfo;
+
+ /* RAM is soldered to the board so the size cannot be changed */
+ memory_region_init_ram(&ram_memories[0], NULL,
+ "taihu_405ep.ram-0", 0x04000000);
+ vmstate_register_ram_global(&ram_memories[0]);
+ ram_bases[0] = 0;
+ ram_sizes[0] = 0x04000000;
+ memory_region_init_ram(&ram_memories[1], NULL,
+ "taihu_405ep.ram-1", 0x04000000);
+ vmstate_register_ram_global(&ram_memories[1]);
+ ram_bases[1] = 0x04000000;
+ ram_sizes[1] = 0x04000000;
+ ram_size = 0x08000000;
+#ifdef DEBUG_BOARD_INIT
+ printf("%s: register cpu\n", __func__);
+#endif
+ ppc405ep_init(sysmem, ram_memories, ram_bases, ram_sizes,
+ 33333333, &pic, kernel_filename == NULL ? 0 : 1);
+ /* allocate and load BIOS */
+#ifdef DEBUG_BOARD_INIT
+ printf("%s: register BIOS\n", __func__);
+#endif
+ fl_idx = 0;
+#if defined(USE_FLASH_BIOS)
+ dinfo = drive_get(IF_PFLASH, 0, fl_idx);
+ if (dinfo) {
+ bios_size = bdrv_getlength(dinfo->bdrv);
+ /* XXX: should check that size is 2MB */
+ // bios_size = 2 * 1024 * 1024;
+ fl_sectors = (bios_size + 65535) >> 16;
+#ifdef DEBUG_BOARD_INIT
+ printf("Register parallel flash %d size %lx"
+ " at addr %lx '%s' %d\n",
+ fl_idx, bios_size, -bios_size,
+ bdrv_get_device_name(dinfo->bdrv), fl_sectors);
+#endif
+ pflash_cfi02_register((uint32_t)(-bios_size),
+ NULL, "taihu_405ep.bios", bios_size,
+ dinfo->bdrv, 65536, fl_sectors, 1,
+ 4, 0x0001, 0x22DA, 0x0000, 0x0000, 0x555, 0x2AA,
+ 1);
+ fl_idx++;
+ } else
+#endif
+ {
+#ifdef DEBUG_BOARD_INIT
+ printf("Load BIOS from file\n");
+#endif
+ if (bios_name == NULL)
+ bios_name = BIOS_FILENAME;
+ bios = g_new(MemoryRegion, 1);
+ memory_region_init_ram(bios, NULL, "taihu_405ep.bios", BIOS_SIZE);
+ vmstate_register_ram_global(bios);
+ filename = qemu_find_file(QEMU_FILE_TYPE_BIOS, bios_name);
+ if (filename) {
+ bios_size = load_image(filename, memory_region_get_ram_ptr(bios));
+ g_free(filename);
+ } else {
+ bios_size = -1;
+ }
+ if (bios_size < 0 || bios_size > BIOS_SIZE) {
+ fprintf(stderr, "qemu: could not load PowerPC bios '%s'\n",
+ bios_name);
+ exit(1);
+ }
+ bios_size = (bios_size + 0xfff) & ~0xfff;
+ memory_region_set_readonly(bios, true);
+ memory_region_add_subregion(sysmem, (uint32_t)(-bios_size), bios);
+ }
+ /* Register Linux flash */
+ dinfo = drive_get(IF_PFLASH, 0, fl_idx);
+ if (dinfo) {
+ bios_size = bdrv_getlength(dinfo->bdrv);
+ /* XXX: should check that size is 32MB */
+ bios_size = 32 * 1024 * 1024;
+ fl_sectors = (bios_size + 65535) >> 16;
+#ifdef DEBUG_BOARD_INIT
+ printf("Register parallel flash %d size %lx"
+ " at addr " TARGET_FMT_lx " '%s'\n",
+ fl_idx, bios_size, (target_ulong)0xfc000000,
+ bdrv_get_device_name(dinfo->bdrv));
+#endif
+ pflash_cfi02_register(0xfc000000, NULL, "taihu_405ep.flash", bios_size,
+ dinfo->bdrv, 65536, fl_sectors, 1,
+ 4, 0x0001, 0x22DA, 0x0000, 0x0000, 0x555, 0x2AA,
+ 1);
+ fl_idx++;
+ }
+ /* Register CLPD & LCD display */
+#ifdef DEBUG_BOARD_INIT
+ printf("%s: register CPLD\n", __func__);
+#endif
+ taihu_cpld_init(sysmem, 0x50100000);
+ /* Load kernel */
+ linux_boot = (kernel_filename != NULL);
+ if (linux_boot) {
+#ifdef DEBUG_BOARD_INIT
+ printf("%s: load kernel\n", __func__);
+#endif
+ kernel_base = KERNEL_LOAD_ADDR;
+ /* now we can load the kernel */
+ kernel_size = load_image_targphys(kernel_filename, kernel_base,
+ ram_size - kernel_base);
+ if (kernel_size < 0) {
+ fprintf(stderr, "qemu: could not load kernel '%s'\n",
+ kernel_filename);
+ exit(1);
+ }
+ /* load initrd */
+ if (initrd_filename) {
+ initrd_base = INITRD_LOAD_ADDR;
+ initrd_size = load_image_targphys(initrd_filename, initrd_base,
+ ram_size - initrd_base);
+ if (initrd_size < 0) {
+ fprintf(stderr,
+ "qemu: could not load initial ram disk '%s'\n",
+ initrd_filename);
+ exit(1);
+ }
+ } else {
+ initrd_base = 0;
+ initrd_size = 0;
+ }
+ } else {
+ kernel_base = 0;
+ kernel_size = 0;
+ initrd_base = 0;
+ initrd_size = 0;
+ }
+#ifdef DEBUG_BOARD_INIT
+ printf("%s: Done\n", __func__);
+#endif
+}
+
+static QEMUMachine taihu_machine = {
+ .name = "taihu",
+ .desc = "taihu",
+ .init = taihu_405ep_init,
+ DEFAULT_MACHINE_OPTIONS,
+};
+
+static void ppc405_machine_init(void)
+{
+ qemu_register_machine(&ref405ep_machine);
+ qemu_register_machine(&taihu_machine);
+}
+
+machine_init(ppc405_machine_init);
diff --git a/hw/ppc/ppc405_uc.c b/hw/ppc/ppc405_uc.c
new file mode 100644
index 000000000..290f71ab6
--- /dev/null
+++ b/hw/ppc/ppc405_uc.c
@@ -0,0 +1,2548 @@
+/*
+ * QEMU PowerPC 405 embedded processors emulation
+ *
+ * Copyright (c) 2007 Jocelyn Mayer
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+#include "hw/hw.h"
+#include "hw/ppc/ppc.h"
+#include "ppc405.h"
+#include "hw/char/serial.h"
+#include "qemu/timer.h"
+#include "sysemu/sysemu.h"
+#include "qemu/log.h"
+#include "exec/address-spaces.h"
+
+#define DEBUG_OPBA
+#define DEBUG_SDRAM
+#define DEBUG_GPIO
+#define DEBUG_SERIAL
+#define DEBUG_OCM
+//#define DEBUG_I2C
+#define DEBUG_GPT
+#define DEBUG_MAL
+#define DEBUG_CLOCKS
+//#define DEBUG_CLOCKS_LL
+
+ram_addr_t ppc405_set_bootinfo (CPUPPCState *env, ppc4xx_bd_info_t *bd,
+ uint32_t flags)
+{
+ ram_addr_t bdloc;
+ int i, n;
+
+ /* We put the bd structure at the top of memory */
+ if (bd->bi_memsize >= 0x01000000UL)
+ bdloc = 0x01000000UL - sizeof(struct ppc4xx_bd_info_t);
+ else
+ bdloc = bd->bi_memsize - sizeof(struct ppc4xx_bd_info_t);
+ stl_be_phys(bdloc + 0x00, bd->bi_memstart);
+ stl_be_phys(bdloc + 0x04, bd->bi_memsize);
+ stl_be_phys(bdloc + 0x08, bd->bi_flashstart);
+ stl_be_phys(bdloc + 0x0C, bd->bi_flashsize);
+ stl_be_phys(bdloc + 0x10, bd->bi_flashoffset);
+ stl_be_phys(bdloc + 0x14, bd->bi_sramstart);
+ stl_be_phys(bdloc + 0x18, bd->bi_sramsize);
+ stl_be_phys(bdloc + 0x1C, bd->bi_bootflags);
+ stl_be_phys(bdloc + 0x20, bd->bi_ipaddr);
+ for (i = 0; i < 6; i++) {
+ stb_phys(bdloc + 0x24 + i, bd->bi_enetaddr[i]);
+ }
+ stw_be_phys(bdloc + 0x2A, bd->bi_ethspeed);
+ stl_be_phys(bdloc + 0x2C, bd->bi_intfreq);
+ stl_be_phys(bdloc + 0x30, bd->bi_busfreq);
+ stl_be_phys(bdloc + 0x34, bd->bi_baudrate);
+ for (i = 0; i < 4; i++) {
+ stb_phys(bdloc + 0x38 + i, bd->bi_s_version[i]);
+ }
+ for (i = 0; i < 32; i++) {
+ stb_phys(bdloc + 0x3C + i, bd->bi_r_version[i]);
+ }
+ stl_be_phys(bdloc + 0x5C, bd->bi_plb_busfreq);
+ stl_be_phys(bdloc + 0x60, bd->bi_pci_busfreq);
+ for (i = 0; i < 6; i++) {
+ stb_phys(bdloc + 0x64 + i, bd->bi_pci_enetaddr[i]);
+ }
+ n = 0x6A;
+ if (flags & 0x00000001) {
+ for (i = 0; i < 6; i++)
+ stb_phys(bdloc + n++, bd->bi_pci_enetaddr2[i]);
+ }
+ stl_be_phys(bdloc + n, bd->bi_opbfreq);
+ n += 4;
+ for (i = 0; i < 2; i++) {
+ stl_be_phys(bdloc + n, bd->bi_iic_fast[i]);
+ n += 4;
+ }
+
+ return bdloc;
+}
+
+/*****************************************************************************/
+/* Shared peripherals */
+
+/*****************************************************************************/
+/* Peripheral local bus arbitrer */
+enum {
+ PLB0_BESR = 0x084,
+ PLB0_BEAR = 0x086,
+ PLB0_ACR = 0x087,
+};
+
+typedef struct ppc4xx_plb_t ppc4xx_plb_t;
+struct ppc4xx_plb_t {
+ uint32_t acr;
+ uint32_t bear;
+ uint32_t besr;
+};
+
+static uint32_t dcr_read_plb (void *opaque, int dcrn)
+{
+ ppc4xx_plb_t *plb;
+ uint32_t ret;
+
+ plb = opaque;
+ switch (dcrn) {
+ case PLB0_ACR:
+ ret = plb->acr;
+ break;
+ case PLB0_BEAR:
+ ret = plb->bear;
+ break;
+ case PLB0_BESR:
+ ret = plb->besr;
+ break;
+ default:
+ /* Avoid gcc warning */
+ ret = 0;
+ break;
+ }
+
+ return ret;
+}
+
+static void dcr_write_plb (void *opaque, int dcrn, uint32_t val)
+{
+ ppc4xx_plb_t *plb;
+
+ plb = opaque;
+ switch (dcrn) {
+ case PLB0_ACR:
+ /* We don't care about the actual parameters written as
+ * we don't manage any priorities on the bus
+ */
+ plb->acr = val & 0xF8000000;
+ break;
+ case PLB0_BEAR:
+ /* Read only */
+ break;
+ case PLB0_BESR:
+ /* Write-clear */
+ plb->besr &= ~val;
+ break;
+ }
+}
+
+static void ppc4xx_plb_reset (void *opaque)
+{
+ ppc4xx_plb_t *plb;
+
+ plb = opaque;
+ plb->acr = 0x00000000;
+ plb->bear = 0x00000000;
+ plb->besr = 0x00000000;
+}
+
+static void ppc4xx_plb_init(CPUPPCState *env)
+{
+ ppc4xx_plb_t *plb;
+
+ plb = g_malloc0(sizeof(ppc4xx_plb_t));
+ ppc_dcr_register(env, PLB0_ACR, plb, &dcr_read_plb, &dcr_write_plb);
+ ppc_dcr_register(env, PLB0_BEAR, plb, &dcr_read_plb, &dcr_write_plb);
+ ppc_dcr_register(env, PLB0_BESR, plb, &dcr_read_plb, &dcr_write_plb);
+ qemu_register_reset(ppc4xx_plb_reset, plb);
+}
+
+/*****************************************************************************/
+/* PLB to OPB bridge */
+enum {
+ POB0_BESR0 = 0x0A0,
+ POB0_BESR1 = 0x0A2,
+ POB0_BEAR = 0x0A4,
+};
+
+typedef struct ppc4xx_pob_t ppc4xx_pob_t;
+struct ppc4xx_pob_t {
+ uint32_t bear;
+ uint32_t besr0;
+ uint32_t besr1;
+};
+
+static uint32_t dcr_read_pob (void *opaque, int dcrn)
+{
+ ppc4xx_pob_t *pob;
+ uint32_t ret;
+
+ pob = opaque;
+ switch (dcrn) {
+ case POB0_BEAR:
+ ret = pob->bear;
+ break;
+ case POB0_BESR0:
+ ret = pob->besr0;
+ break;
+ case POB0_BESR1:
+ ret = pob->besr1;
+ break;
+ default:
+ /* Avoid gcc warning */
+ ret = 0;
+ break;
+ }
+
+ return ret;
+}
+
+static void dcr_write_pob (void *opaque, int dcrn, uint32_t val)
+{
+ ppc4xx_pob_t *pob;
+
+ pob = opaque;
+ switch (dcrn) {
+ case POB0_BEAR:
+ /* Read only */
+ break;
+ case POB0_BESR0:
+ /* Write-clear */
+ pob->besr0 &= ~val;
+ break;
+ case POB0_BESR1:
+ /* Write-clear */
+ pob->besr1 &= ~val;
+ break;
+ }
+}
+
+static void ppc4xx_pob_reset (void *opaque)
+{
+ ppc4xx_pob_t *pob;
+
+ pob = opaque;
+ /* No error */
+ pob->bear = 0x00000000;
+ pob->besr0 = 0x0000000;
+ pob->besr1 = 0x0000000;
+}
+
+static void ppc4xx_pob_init(CPUPPCState *env)
+{
+ ppc4xx_pob_t *pob;
+
+ pob = g_malloc0(sizeof(ppc4xx_pob_t));
+ ppc_dcr_register(env, POB0_BEAR, pob, &dcr_read_pob, &dcr_write_pob);
+ ppc_dcr_register(env, POB0_BESR0, pob, &dcr_read_pob, &dcr_write_pob);
+ ppc_dcr_register(env, POB0_BESR1, pob, &dcr_read_pob, &dcr_write_pob);
+ qemu_register_reset(ppc4xx_pob_reset, pob);
+}
+
+/*****************************************************************************/
+/* OPB arbitrer */
+typedef struct ppc4xx_opba_t ppc4xx_opba_t;
+struct ppc4xx_opba_t {
+ MemoryRegion io;
+ uint8_t cr;
+ uint8_t pr;
+};
+
+static uint32_t opba_readb (void *opaque, hwaddr addr)
+{
+ ppc4xx_opba_t *opba;
+ uint32_t ret;
+
+#ifdef DEBUG_OPBA
+ printf("%s: addr " TARGET_FMT_plx "\n", __func__, addr);
+#endif
+ opba = opaque;
+ switch (addr) {
+ case 0x00:
+ ret = opba->cr;
+ break;
+ case 0x01:
+ ret = opba->pr;
+ break;
+ default:
+ ret = 0x00;
+ break;
+ }
+
+ return ret;
+}
+
+static void opba_writeb (void *opaque,
+ hwaddr addr, uint32_t value)
+{
+ ppc4xx_opba_t *opba;
+
+#ifdef DEBUG_OPBA
+ printf("%s: addr " TARGET_FMT_plx " val %08" PRIx32 "\n", __func__, addr,
+ value);
+#endif
+ opba = opaque;
+ switch (addr) {
+ case 0x00:
+ opba->cr = value & 0xF8;
+ break;
+ case 0x01:
+ opba->pr = value & 0xFF;
+ break;
+ default:
+ break;
+ }
+}
+
+static uint32_t opba_readw (void *opaque, hwaddr addr)
+{
+ uint32_t ret;
+
+#ifdef DEBUG_OPBA
+ printf("%s: addr " TARGET_FMT_plx "\n", __func__, addr);
+#endif
+ ret = opba_readb(opaque, addr) << 8;
+ ret |= opba_readb(opaque, addr + 1);
+
+ return ret;
+}
+
+static void opba_writew (void *opaque,
+ hwaddr addr, uint32_t value)
+{
+#ifdef DEBUG_OPBA
+ printf("%s: addr " TARGET_FMT_plx " val %08" PRIx32 "\n", __func__, addr,
+ value);
+#endif
+ opba_writeb(opaque, addr, value >> 8);
+ opba_writeb(opaque, addr + 1, value);
+}
+
+static uint32_t opba_readl (void *opaque, hwaddr addr)
+{
+ uint32_t ret;
+
+#ifdef DEBUG_OPBA
+ printf("%s: addr " TARGET_FMT_plx "\n", __func__, addr);
+#endif
+ ret = opba_readb(opaque, addr) << 24;
+ ret |= opba_readb(opaque, addr + 1) << 16;
+
+ return ret;
+}
+
+static void opba_writel (void *opaque,
+ hwaddr addr, uint32_t value)
+{
+#ifdef DEBUG_OPBA
+ printf("%s: addr " TARGET_FMT_plx " val %08" PRIx32 "\n", __func__, addr,
+ value);
+#endif
+ opba_writeb(opaque, addr, value >> 24);
+ opba_writeb(opaque, addr + 1, value >> 16);
+}
+
+static const MemoryRegionOps opba_ops = {
+ .old_mmio = {
+ .read = { opba_readb, opba_readw, opba_readl, },
+ .write = { opba_writeb, opba_writew, opba_writel, },
+ },
+ .endianness = DEVICE_NATIVE_ENDIAN,
+};
+
+static void ppc4xx_opba_reset (void *opaque)
+{
+ ppc4xx_opba_t *opba;
+
+ opba = opaque;
+ opba->cr = 0x00; /* No dynamic priorities - park disabled */
+ opba->pr = 0x11;
+}
+
+static void ppc4xx_opba_init(hwaddr base)
+{
+ ppc4xx_opba_t *opba;
+
+ opba = g_malloc0(sizeof(ppc4xx_opba_t));
+#ifdef DEBUG_OPBA
+ printf("%s: offset " TARGET_FMT_plx "\n", __func__, base);
+#endif
+ memory_region_init_io(&opba->io, NULL, &opba_ops, opba, "opba", 0x002);
+ memory_region_add_subregion(get_system_memory(), base, &opba->io);
+ qemu_register_reset(ppc4xx_opba_reset, opba);
+}
+
+/*****************************************************************************/
+/* Code decompression controller */
+/* XXX: TODO */
+
+/*****************************************************************************/
+/* Peripheral controller */
+typedef struct ppc4xx_ebc_t ppc4xx_ebc_t;
+struct ppc4xx_ebc_t {
+ uint32_t addr;
+ uint32_t bcr[8];
+ uint32_t bap[8];
+ uint32_t bear;
+ uint32_t besr0;
+ uint32_t besr1;
+ uint32_t cfg;
+};
+
+enum {
+ EBC0_CFGADDR = 0x012,
+ EBC0_CFGDATA = 0x013,
+};
+
+static uint32_t dcr_read_ebc (void *opaque, int dcrn)
+{
+ ppc4xx_ebc_t *ebc;
+ uint32_t ret;
+
+ ebc = opaque;
+ switch (dcrn) {
+ case EBC0_CFGADDR:
+ ret = ebc->addr;
+ break;
+ case EBC0_CFGDATA:
+ switch (ebc->addr) {
+ case 0x00: /* B0CR */
+ ret = ebc->bcr[0];
+ break;
+ case 0x01: /* B1CR */
+ ret = ebc->bcr[1];
+ break;
+ case 0x02: /* B2CR */
+ ret = ebc->bcr[2];
+ break;
+ case 0x03: /* B3CR */
+ ret = ebc->bcr[3];
+ break;
+ case 0x04: /* B4CR */
+ ret = ebc->bcr[4];
+ break;
+ case 0x05: /* B5CR */
+ ret = ebc->bcr[5];
+ break;
+ case 0x06: /* B6CR */
+ ret = ebc->bcr[6];
+ break;
+ case 0x07: /* B7CR */
+ ret = ebc->bcr[7];
+ break;
+ case 0x10: /* B0AP */
+ ret = ebc->bap[0];
+ break;
+ case 0x11: /* B1AP */
+ ret = ebc->bap[1];
+ break;
+ case 0x12: /* B2AP */
+ ret = ebc->bap[2];
+ break;
+ case 0x13: /* B3AP */
+ ret = ebc->bap[3];
+ break;
+ case 0x14: /* B4AP */
+ ret = ebc->bap[4];
+ break;
+ case 0x15: /* B5AP */
+ ret = ebc->bap[5];
+ break;
+ case 0x16: /* B6AP */
+ ret = ebc->bap[6];
+ break;
+ case 0x17: /* B7AP */
+ ret = ebc->bap[7];
+ break;
+ case 0x20: /* BEAR */
+ ret = ebc->bear;
+ break;
+ case 0x21: /* BESR0 */
+ ret = ebc->besr0;
+ break;
+ case 0x22: /* BESR1 */
+ ret = ebc->besr1;
+ break;
+ case 0x23: /* CFG */
+ ret = ebc->cfg;
+ break;
+ default:
+ ret = 0x00000000;
+ break;
+ }
+ break;
+ default:
+ ret = 0x00000000;
+ break;
+ }
+
+ return ret;
+}
+
+static void dcr_write_ebc (void *opaque, int dcrn, uint32_t val)
+{
+ ppc4xx_ebc_t *ebc;
+
+ ebc = opaque;
+ switch (dcrn) {
+ case EBC0_CFGADDR:
+ ebc->addr = val;
+ break;
+ case EBC0_CFGDATA:
+ switch (ebc->addr) {
+ case 0x00: /* B0CR */
+ break;
+ case 0x01: /* B1CR */
+ break;
+ case 0x02: /* B2CR */
+ break;
+ case 0x03: /* B3CR */
+ break;
+ case 0x04: /* B4CR */
+ break;
+ case 0x05: /* B5CR */
+ break;
+ case 0x06: /* B6CR */
+ break;
+ case 0x07: /* B7CR */
+ break;
+ case 0x10: /* B0AP */
+ break;
+ case 0x11: /* B1AP */
+ break;
+ case 0x12: /* B2AP */
+ break;
+ case 0x13: /* B3AP */
+ break;
+ case 0x14: /* B4AP */
+ break;
+ case 0x15: /* B5AP */
+ break;
+ case 0x16: /* B6AP */
+ break;
+ case 0x17: /* B7AP */
+ break;
+ case 0x20: /* BEAR */
+ break;
+ case 0x21: /* BESR0 */
+ break;
+ case 0x22: /* BESR1 */
+ break;
+ case 0x23: /* CFG */
+ break;
+ default:
+ break;
+ }
+ break;
+ default:
+ break;
+ }
+}
+
+static void ebc_reset (void *opaque)
+{
+ ppc4xx_ebc_t *ebc;
+ int i;
+
+ ebc = opaque;
+ ebc->addr = 0x00000000;
+ ebc->bap[0] = 0x7F8FFE80;
+ ebc->bcr[0] = 0xFFE28000;
+ for (i = 0; i < 8; i++) {
+ ebc->bap[i] = 0x00000000;
+ ebc->bcr[i] = 0x00000000;
+ }
+ ebc->besr0 = 0x00000000;
+ ebc->besr1 = 0x00000000;
+ ebc->cfg = 0x80400000;
+}
+
+static void ppc405_ebc_init(CPUPPCState *env)
+{
+ ppc4xx_ebc_t *ebc;
+
+ ebc = g_malloc0(sizeof(ppc4xx_ebc_t));
+ qemu_register_reset(&ebc_reset, ebc);
+ ppc_dcr_register(env, EBC0_CFGADDR,
+ ebc, &dcr_read_ebc, &dcr_write_ebc);
+ ppc_dcr_register(env, EBC0_CFGDATA,
+ ebc, &dcr_read_ebc, &dcr_write_ebc);
+}
+
+/*****************************************************************************/
+/* DMA controller */
+enum {
+ DMA0_CR0 = 0x100,
+ DMA0_CT0 = 0x101,
+ DMA0_DA0 = 0x102,
+ DMA0_SA0 = 0x103,
+ DMA0_SG0 = 0x104,
+ DMA0_CR1 = 0x108,
+ DMA0_CT1 = 0x109,
+ DMA0_DA1 = 0x10A,
+ DMA0_SA1 = 0x10B,
+ DMA0_SG1 = 0x10C,
+ DMA0_CR2 = 0x110,
+ DMA0_CT2 = 0x111,
+ DMA0_DA2 = 0x112,
+ DMA0_SA2 = 0x113,
+ DMA0_SG2 = 0x114,
+ DMA0_CR3 = 0x118,
+ DMA0_CT3 = 0x119,
+ DMA0_DA3 = 0x11A,
+ DMA0_SA3 = 0x11B,
+ DMA0_SG3 = 0x11C,
+ DMA0_SR = 0x120,
+ DMA0_SGC = 0x123,
+ DMA0_SLP = 0x125,
+ DMA0_POL = 0x126,
+};
+
+typedef struct ppc405_dma_t ppc405_dma_t;
+struct ppc405_dma_t {
+ qemu_irq irqs[4];
+ uint32_t cr[4];
+ uint32_t ct[4];
+ uint32_t da[4];
+ uint32_t sa[4];
+ uint32_t sg[4];
+ uint32_t sr;
+ uint32_t sgc;
+ uint32_t slp;
+ uint32_t pol;
+};
+
+static uint32_t dcr_read_dma (void *opaque, int dcrn)
+{
+ return 0;
+}
+
+static void dcr_write_dma (void *opaque, int dcrn, uint32_t val)
+{
+}
+
+static void ppc405_dma_reset (void *opaque)
+{
+ ppc405_dma_t *dma;
+ int i;
+
+ dma = opaque;
+ for (i = 0; i < 4; i++) {
+ dma->cr[i] = 0x00000000;
+ dma->ct[i] = 0x00000000;
+ dma->da[i] = 0x00000000;
+ dma->sa[i] = 0x00000000;
+ dma->sg[i] = 0x00000000;
+ }
+ dma->sr = 0x00000000;
+ dma->sgc = 0x00000000;
+ dma->slp = 0x7C000000;
+ dma->pol = 0x00000000;
+}
+
+static void ppc405_dma_init(CPUPPCState *env, qemu_irq irqs[4])
+{
+ ppc405_dma_t *dma;
+
+ dma = g_malloc0(sizeof(ppc405_dma_t));
+ memcpy(dma->irqs, irqs, 4 * sizeof(qemu_irq));
+ qemu_register_reset(&ppc405_dma_reset, dma);
+ ppc_dcr_register(env, DMA0_CR0,
+ dma, &dcr_read_dma, &dcr_write_dma);
+ ppc_dcr_register(env, DMA0_CT0,
+ dma, &dcr_read_dma, &dcr_write_dma);
+ ppc_dcr_register(env, DMA0_DA0,
+ dma, &dcr_read_dma, &dcr_write_dma);
+ ppc_dcr_register(env, DMA0_SA0,
+ dma, &dcr_read_dma, &dcr_write_dma);
+ ppc_dcr_register(env, DMA0_SG0,
+ dma, &dcr_read_dma, &dcr_write_dma);
+ ppc_dcr_register(env, DMA0_CR1,
+ dma, &dcr_read_dma, &dcr_write_dma);
+ ppc_dcr_register(env, DMA0_CT1,
+ dma, &dcr_read_dma, &dcr_write_dma);
+ ppc_dcr_register(env, DMA0_DA1,
+ dma, &dcr_read_dma, &dcr_write_dma);
+ ppc_dcr_register(env, DMA0_SA1,
+ dma, &dcr_read_dma, &dcr_write_dma);
+ ppc_dcr_register(env, DMA0_SG1,
+ dma, &dcr_read_dma, &dcr_write_dma);
+ ppc_dcr_register(env, DMA0_CR2,
+ dma, &dcr_read_dma, &dcr_write_dma);
+ ppc_dcr_register(env, DMA0_CT2,
+ dma, &dcr_read_dma, &dcr_write_dma);
+ ppc_dcr_register(env, DMA0_DA2,
+ dma, &dcr_read_dma, &dcr_write_dma);
+ ppc_dcr_register(env, DMA0_SA2,
+ dma, &dcr_read_dma, &dcr_write_dma);
+ ppc_dcr_register(env, DMA0_SG2,
+ dma, &dcr_read_dma, &dcr_write_dma);
+ ppc_dcr_register(env, DMA0_CR3,
+ dma, &dcr_read_dma, &dcr_write_dma);
+ ppc_dcr_register(env, DMA0_CT3,
+ dma, &dcr_read_dma, &dcr_write_dma);
+ ppc_dcr_register(env, DMA0_DA3,
+ dma, &dcr_read_dma, &dcr_write_dma);
+ ppc_dcr_register(env, DMA0_SA3,
+ dma, &dcr_read_dma, &dcr_write_dma);
+ ppc_dcr_register(env, DMA0_SG3,
+ dma, &dcr_read_dma, &dcr_write_dma);
+ ppc_dcr_register(env, DMA0_SR,
+ dma, &dcr_read_dma, &dcr_write_dma);
+ ppc_dcr_register(env, DMA0_SGC,
+ dma, &dcr_read_dma, &dcr_write_dma);
+ ppc_dcr_register(env, DMA0_SLP,
+ dma, &dcr_read_dma, &dcr_write_dma);
+ ppc_dcr_register(env, DMA0_POL,
+ dma, &dcr_read_dma, &dcr_write_dma);
+}
+
+/*****************************************************************************/
+/* GPIO */
+typedef struct ppc405_gpio_t ppc405_gpio_t;
+struct ppc405_gpio_t {
+ MemoryRegion io;
+ uint32_t or;
+ uint32_t tcr;
+ uint32_t osrh;
+ uint32_t osrl;
+ uint32_t tsrh;
+ uint32_t tsrl;
+ uint32_t odr;
+ uint32_t ir;
+ uint32_t rr1;
+ uint32_t isr1h;
+ uint32_t isr1l;
+};
+
+static uint32_t ppc405_gpio_readb (void *opaque, hwaddr addr)
+{
+#ifdef DEBUG_GPIO
+ printf("%s: addr " TARGET_FMT_plx "\n", __func__, addr);
+#endif
+
+ return 0;
+}
+
+static void ppc405_gpio_writeb (void *opaque,
+ hwaddr addr, uint32_t value)
+{
+#ifdef DEBUG_GPIO
+ printf("%s: addr " TARGET_FMT_plx " val %08" PRIx32 "\n", __func__, addr,
+ value);
+#endif
+}
+
+static uint32_t ppc405_gpio_readw (void *opaque, hwaddr addr)
+{
+#ifdef DEBUG_GPIO
+ printf("%s: addr " TARGET_FMT_plx "\n", __func__, addr);
+#endif
+
+ return 0;
+}
+
+static void ppc405_gpio_writew (void *opaque,
+ hwaddr addr, uint32_t value)
+{
+#ifdef DEBUG_GPIO
+ printf("%s: addr " TARGET_FMT_plx " val %08" PRIx32 "\n", __func__, addr,
+ value);
+#endif
+}
+
+static uint32_t ppc405_gpio_readl (void *opaque, hwaddr addr)
+{
+#ifdef DEBUG_GPIO
+ printf("%s: addr " TARGET_FMT_plx "\n", __func__, addr);
+#endif
+
+ return 0;
+}
+
+static void ppc405_gpio_writel (void *opaque,
+ hwaddr addr, uint32_t value)
+{
+#ifdef DEBUG_GPIO
+ printf("%s: addr " TARGET_FMT_plx " val %08" PRIx32 "\n", __func__, addr,
+ value);
+#endif
+}
+
+static const MemoryRegionOps ppc405_gpio_ops = {
+ .old_mmio = {
+ .read = { ppc405_gpio_readb, ppc405_gpio_readw, ppc405_gpio_readl, },
+ .write = { ppc405_gpio_writeb, ppc405_gpio_writew, ppc405_gpio_writel, },
+ },
+ .endianness = DEVICE_NATIVE_ENDIAN,
+};
+
+static void ppc405_gpio_reset (void *opaque)
+{
+}
+
+static void ppc405_gpio_init(hwaddr base)
+{
+ ppc405_gpio_t *gpio;
+
+ gpio = g_malloc0(sizeof(ppc405_gpio_t));
+#ifdef DEBUG_GPIO
+ printf("%s: offset " TARGET_FMT_plx "\n", __func__, base);
+#endif
+ memory_region_init_io(&gpio->io, NULL, &ppc405_gpio_ops, gpio, "pgio", 0x038);
+ memory_region_add_subregion(get_system_memory(), base, &gpio->io);
+ qemu_register_reset(&ppc405_gpio_reset, gpio);
+}
+
+/*****************************************************************************/
+/* On Chip Memory */
+enum {
+ OCM0_ISARC = 0x018,
+ OCM0_ISACNTL = 0x019,
+ OCM0_DSARC = 0x01A,
+ OCM0_DSACNTL = 0x01B,
+};
+
+typedef struct ppc405_ocm_t ppc405_ocm_t;
+struct ppc405_ocm_t {
+ MemoryRegion ram;
+ MemoryRegion isarc_ram;
+ MemoryRegion dsarc_ram;
+ uint32_t isarc;
+ uint32_t isacntl;
+ uint32_t dsarc;
+ uint32_t dsacntl;
+};
+
+static void ocm_update_mappings (ppc405_ocm_t *ocm,
+ uint32_t isarc, uint32_t isacntl,
+ uint32_t dsarc, uint32_t dsacntl)
+{
+#ifdef DEBUG_OCM
+ printf("OCM update ISA %08" PRIx32 " %08" PRIx32 " (%08" PRIx32
+ " %08" PRIx32 ") DSA %08" PRIx32 " %08" PRIx32
+ " (%08" PRIx32 " %08" PRIx32 ")\n",
+ isarc, isacntl, dsarc, dsacntl,
+ ocm->isarc, ocm->isacntl, ocm->dsarc, ocm->dsacntl);
+#endif
+ if (ocm->isarc != isarc ||
+ (ocm->isacntl & 0x80000000) != (isacntl & 0x80000000)) {
+ if (ocm->isacntl & 0x80000000) {
+ /* Unmap previously assigned memory region */
+ printf("OCM unmap ISA %08" PRIx32 "\n", ocm->isarc);
+ memory_region_del_subregion(get_system_memory(), &ocm->isarc_ram);
+ }
+ if (isacntl & 0x80000000) {
+ /* Map new instruction memory region */
+#ifdef DEBUG_OCM
+ printf("OCM map ISA %08" PRIx32 "\n", isarc);
+#endif
+ memory_region_add_subregion(get_system_memory(), isarc,
+ &ocm->isarc_ram);
+ }
+ }
+ if (ocm->dsarc != dsarc ||
+ (ocm->dsacntl & 0x80000000) != (dsacntl & 0x80000000)) {
+ if (ocm->dsacntl & 0x80000000) {
+ /* Beware not to unmap the region we just mapped */
+ if (!(isacntl & 0x80000000) || ocm->dsarc != isarc) {
+ /* Unmap previously assigned memory region */
+#ifdef DEBUG_OCM
+ printf("OCM unmap DSA %08" PRIx32 "\n", ocm->dsarc);
+#endif
+ memory_region_del_subregion(get_system_memory(),
+ &ocm->dsarc_ram);
+ }
+ }
+ if (dsacntl & 0x80000000) {
+ /* Beware not to remap the region we just mapped */
+ if (!(isacntl & 0x80000000) || dsarc != isarc) {
+ /* Map new data memory region */
+#ifdef DEBUG_OCM
+ printf("OCM map DSA %08" PRIx32 "\n", dsarc);
+#endif
+ memory_region_add_subregion(get_system_memory(), dsarc,
+ &ocm->dsarc_ram);
+ }
+ }
+ }
+}
+
+static uint32_t dcr_read_ocm (void *opaque, int dcrn)
+{
+ ppc405_ocm_t *ocm;
+ uint32_t ret;
+
+ ocm = opaque;
+ switch (dcrn) {
+ case OCM0_ISARC:
+ ret = ocm->isarc;
+ break;
+ case OCM0_ISACNTL:
+ ret = ocm->isacntl;
+ break;
+ case OCM0_DSARC:
+ ret = ocm->dsarc;
+ break;
+ case OCM0_DSACNTL:
+ ret = ocm->dsacntl;
+ break;
+ default:
+ ret = 0;
+ break;
+ }
+
+ return ret;
+}
+
+static void dcr_write_ocm (void *opaque, int dcrn, uint32_t val)
+{
+ ppc405_ocm_t *ocm;
+ uint32_t isarc, dsarc, isacntl, dsacntl;
+
+ ocm = opaque;
+ isarc = ocm->isarc;
+ dsarc = ocm->dsarc;
+ isacntl = ocm->isacntl;
+ dsacntl = ocm->dsacntl;
+ switch (dcrn) {
+ case OCM0_ISARC:
+ isarc = val & 0xFC000000;
+ break;
+ case OCM0_ISACNTL:
+ isacntl = val & 0xC0000000;
+ break;
+ case OCM0_DSARC:
+ isarc = val & 0xFC000000;
+ break;
+ case OCM0_DSACNTL:
+ isacntl = val & 0xC0000000;
+ break;
+ }
+ ocm_update_mappings(ocm, isarc, isacntl, dsarc, dsacntl);
+ ocm->isarc = isarc;
+ ocm->dsarc = dsarc;
+ ocm->isacntl = isacntl;
+ ocm->dsacntl = dsacntl;
+}
+
+static void ocm_reset (void *opaque)
+{
+ ppc405_ocm_t *ocm;
+ uint32_t isarc, dsarc, isacntl, dsacntl;
+
+ ocm = opaque;
+ isarc = 0x00000000;
+ isacntl = 0x00000000;
+ dsarc = 0x00000000;
+ dsacntl = 0x00000000;
+ ocm_update_mappings(ocm, isarc, isacntl, dsarc, dsacntl);
+ ocm->isarc = isarc;
+ ocm->dsarc = dsarc;
+ ocm->isacntl = isacntl;
+ ocm->dsacntl = dsacntl;
+}
+
+static void ppc405_ocm_init(CPUPPCState *env)
+{
+ ppc405_ocm_t *ocm;
+
+ ocm = g_malloc0(sizeof(ppc405_ocm_t));
+ /* XXX: Size is 4096 or 0x04000000 */
+ memory_region_init_ram(&ocm->isarc_ram, NULL, "ppc405.ocm", 4096);
+ vmstate_register_ram_global(&ocm->isarc_ram);
+ memory_region_init_alias(&ocm->dsarc_ram, NULL, "ppc405.dsarc", &ocm->isarc_ram,
+ 0, 4096);
+ qemu_register_reset(&ocm_reset, ocm);
+ ppc_dcr_register(env, OCM0_ISARC,
+ ocm, &dcr_read_ocm, &dcr_write_ocm);
+ ppc_dcr_register(env, OCM0_ISACNTL,
+ ocm, &dcr_read_ocm, &dcr_write_ocm);
+ ppc_dcr_register(env, OCM0_DSARC,
+ ocm, &dcr_read_ocm, &dcr_write_ocm);
+ ppc_dcr_register(env, OCM0_DSACNTL,
+ ocm, &dcr_read_ocm, &dcr_write_ocm);
+}
+
+/*****************************************************************************/
+/* I2C controller */
+typedef struct ppc4xx_i2c_t ppc4xx_i2c_t;
+struct ppc4xx_i2c_t {
+ qemu_irq irq;
+ MemoryRegion iomem;
+ uint8_t mdata;
+ uint8_t lmadr;
+ uint8_t hmadr;
+ uint8_t cntl;
+ uint8_t mdcntl;
+ uint8_t sts;
+ uint8_t extsts;
+ uint8_t sdata;
+ uint8_t lsadr;
+ uint8_t hsadr;
+ uint8_t clkdiv;
+ uint8_t intrmsk;
+ uint8_t xfrcnt;
+ uint8_t xtcntlss;
+ uint8_t directcntl;
+};
+
+static uint32_t ppc4xx_i2c_readb (void *opaque, hwaddr addr)
+{
+ ppc4xx_i2c_t *i2c;
+ uint32_t ret;
+
+#ifdef DEBUG_I2C
+ printf("%s: addr " TARGET_FMT_plx "\n", __func__, addr);
+#endif
+ i2c = opaque;
+ switch (addr) {
+ case 0x00:
+ // i2c_readbyte(&i2c->mdata);
+ ret = i2c->mdata;
+ break;
+ case 0x02:
+ ret = i2c->sdata;
+ break;
+ case 0x04:
+ ret = i2c->lmadr;
+ break;
+ case 0x05:
+ ret = i2c->hmadr;
+ break;
+ case 0x06:
+ ret = i2c->cntl;
+ break;
+ case 0x07:
+ ret = i2c->mdcntl;
+ break;
+ case 0x08:
+ ret = i2c->sts;
+ break;
+ case 0x09:
+ ret = i2c->extsts;
+ break;
+ case 0x0A:
+ ret = i2c->lsadr;
+ break;
+ case 0x0B:
+ ret = i2c->hsadr;
+ break;
+ case 0x0C:
+ ret = i2c->clkdiv;
+ break;
+ case 0x0D:
+ ret = i2c->intrmsk;
+ break;
+ case 0x0E:
+ ret = i2c->xfrcnt;
+ break;
+ case 0x0F:
+ ret = i2c->xtcntlss;
+ break;
+ case 0x10:
+ ret = i2c->directcntl;
+ break;
+ default:
+ ret = 0x00;
+ break;
+ }
+#ifdef DEBUG_I2C
+ printf("%s: addr " TARGET_FMT_plx " %02" PRIx32 "\n", __func__, addr, ret);
+#endif
+
+ return ret;
+}
+
+static void ppc4xx_i2c_writeb (void *opaque,
+ hwaddr addr, uint32_t value)
+{
+ ppc4xx_i2c_t *i2c;
+
+#ifdef DEBUG_I2C
+ printf("%s: addr " TARGET_FMT_plx " val %08" PRIx32 "\n", __func__, addr,
+ value);
+#endif
+ i2c = opaque;
+ switch (addr) {
+ case 0x00:
+ i2c->mdata = value;
+ // i2c_sendbyte(&i2c->mdata);
+ break;
+ case 0x02:
+ i2c->sdata = value;
+ break;
+ case 0x04:
+ i2c->lmadr = value;
+ break;
+ case 0x05:
+ i2c->hmadr = value;
+ break;
+ case 0x06:
+ i2c->cntl = value;
+ break;
+ case 0x07:
+ i2c->mdcntl = value & 0xDF;
+ break;
+ case 0x08:
+ i2c->sts &= ~(value & 0x0A);
+ break;
+ case 0x09:
+ i2c->extsts &= ~(value & 0x8F);
+ break;
+ case 0x0A:
+ i2c->lsadr = value;
+ break;
+ case 0x0B:
+ i2c->hsadr = value;
+ break;
+ case 0x0C:
+ i2c->clkdiv = value;
+ break;
+ case 0x0D:
+ i2c->intrmsk = value;
+ break;
+ case 0x0E:
+ i2c->xfrcnt = value & 0x77;
+ break;
+ case 0x0F:
+ i2c->xtcntlss = value;
+ break;
+ case 0x10:
+ i2c->directcntl = value & 0x7;
+ break;
+ }
+}
+
+static uint32_t ppc4xx_i2c_readw (void *opaque, hwaddr addr)
+{
+ uint32_t ret;
+
+#ifdef DEBUG_I2C
+ printf("%s: addr " TARGET_FMT_plx "\n", __func__, addr);
+#endif
+ ret = ppc4xx_i2c_readb(opaque, addr) << 8;
+ ret |= ppc4xx_i2c_readb(opaque, addr + 1);
+
+ return ret;
+}
+
+static void ppc4xx_i2c_writew (void *opaque,
+ hwaddr addr, uint32_t value)
+{
+#ifdef DEBUG_I2C
+ printf("%s: addr " TARGET_FMT_plx " val %08" PRIx32 "\n", __func__, addr,
+ value);
+#endif
+ ppc4xx_i2c_writeb(opaque, addr, value >> 8);
+ ppc4xx_i2c_writeb(opaque, addr + 1, value);
+}
+
+static uint32_t ppc4xx_i2c_readl (void *opaque, hwaddr addr)
+{
+ uint32_t ret;
+
+#ifdef DEBUG_I2C
+ printf("%s: addr " TARGET_FMT_plx "\n", __func__, addr);
+#endif
+ ret = ppc4xx_i2c_readb(opaque, addr) << 24;
+ ret |= ppc4xx_i2c_readb(opaque, addr + 1) << 16;
+ ret |= ppc4xx_i2c_readb(opaque, addr + 2) << 8;
+ ret |= ppc4xx_i2c_readb(opaque, addr + 3);
+
+ return ret;
+}
+
+static void ppc4xx_i2c_writel (void *opaque,
+ hwaddr addr, uint32_t value)
+{
+#ifdef DEBUG_I2C
+ printf("%s: addr " TARGET_FMT_plx " val %08" PRIx32 "\n", __func__, addr,
+ value);
+#endif
+ ppc4xx_i2c_writeb(opaque, addr, value >> 24);
+ ppc4xx_i2c_writeb(opaque, addr + 1, value >> 16);
+ ppc4xx_i2c_writeb(opaque, addr + 2, value >> 8);
+ ppc4xx_i2c_writeb(opaque, addr + 3, value);
+}
+
+static const MemoryRegionOps i2c_ops = {
+ .old_mmio = {
+ .read = { ppc4xx_i2c_readb, ppc4xx_i2c_readw, ppc4xx_i2c_readl, },
+ .write = { ppc4xx_i2c_writeb, ppc4xx_i2c_writew, ppc4xx_i2c_writel, },
+ },
+ .endianness = DEVICE_NATIVE_ENDIAN,
+};
+
+static void ppc4xx_i2c_reset (void *opaque)
+{
+ ppc4xx_i2c_t *i2c;
+
+ i2c = opaque;
+ i2c->mdata = 0x00;
+ i2c->sdata = 0x00;
+ i2c->cntl = 0x00;
+ i2c->mdcntl = 0x00;
+ i2c->sts = 0x00;
+ i2c->extsts = 0x00;
+ i2c->clkdiv = 0x00;
+ i2c->xfrcnt = 0x00;
+ i2c->directcntl = 0x0F;
+}
+
+static void ppc405_i2c_init(hwaddr base, qemu_irq irq)
+{
+ ppc4xx_i2c_t *i2c;
+
+ i2c = g_malloc0(sizeof(ppc4xx_i2c_t));
+ i2c->irq = irq;
+#ifdef DEBUG_I2C
+ printf("%s: offset " TARGET_FMT_plx "\n", __func__, base);
+#endif
+ memory_region_init_io(&i2c->iomem, NULL, &i2c_ops, i2c, "i2c", 0x011);
+ memory_region_add_subregion(get_system_memory(), base, &i2c->iomem);
+ qemu_register_reset(ppc4xx_i2c_reset, i2c);
+}
+
+/*****************************************************************************/
+/* General purpose timers */
+typedef struct ppc4xx_gpt_t ppc4xx_gpt_t;
+struct ppc4xx_gpt_t {
+ MemoryRegion iomem;
+ int64_t tb_offset;
+ uint32_t tb_freq;
+ struct QEMUTimer *timer;
+ qemu_irq irqs[5];
+ uint32_t oe;
+ uint32_t ol;
+ uint32_t im;
+ uint32_t is;
+ uint32_t ie;
+ uint32_t comp[5];
+ uint32_t mask[5];
+};
+
+static uint32_t ppc4xx_gpt_readb (void *opaque, hwaddr addr)
+{
+#ifdef DEBUG_GPT
+ printf("%s: addr " TARGET_FMT_plx "\n", __func__, addr);
+#endif
+ /* XXX: generate a bus fault */
+ return -1;
+}
+
+static void ppc4xx_gpt_writeb (void *opaque,
+ hwaddr addr, uint32_t value)
+{
+#ifdef DEBUG_I2C
+ printf("%s: addr " TARGET_FMT_plx " val %08" PRIx32 "\n", __func__, addr,
+ value);
+#endif
+ /* XXX: generate a bus fault */
+}
+
+static uint32_t ppc4xx_gpt_readw (void *opaque, hwaddr addr)
+{
+#ifdef DEBUG_GPT
+ printf("%s: addr " TARGET_FMT_plx "\n", __func__, addr);
+#endif
+ /* XXX: generate a bus fault */
+ return -1;
+}
+
+static void ppc4xx_gpt_writew (void *opaque,
+ hwaddr addr, uint32_t value)
+{
+#ifdef DEBUG_I2C
+ printf("%s: addr " TARGET_FMT_plx " val %08" PRIx32 "\n", __func__, addr,
+ value);
+#endif
+ /* XXX: generate a bus fault */
+}
+
+static int ppc4xx_gpt_compare (ppc4xx_gpt_t *gpt, int n)
+{
+ /* XXX: TODO */
+ return 0;
+}
+
+static void ppc4xx_gpt_set_output (ppc4xx_gpt_t *gpt, int n, int level)
+{
+ /* XXX: TODO */
+}
+
+static void ppc4xx_gpt_set_outputs (ppc4xx_gpt_t *gpt)
+{
+ uint32_t mask;
+ int i;
+
+ mask = 0x80000000;
+ for (i = 0; i < 5; i++) {
+ if (gpt->oe & mask) {
+ /* Output is enabled */
+ if (ppc4xx_gpt_compare(gpt, i)) {
+ /* Comparison is OK */
+ ppc4xx_gpt_set_output(gpt, i, gpt->ol & mask);
+ } else {
+ /* Comparison is KO */
+ ppc4xx_gpt_set_output(gpt, i, gpt->ol & mask ? 0 : 1);
+ }
+ }
+ mask = mask >> 1;
+ }
+}
+
+static void ppc4xx_gpt_set_irqs (ppc4xx_gpt_t *gpt)
+{
+ uint32_t mask;
+ int i;
+
+ mask = 0x00008000;
+ for (i = 0; i < 5; i++) {
+ if (gpt->is & gpt->im & mask)
+ qemu_irq_raise(gpt->irqs[i]);
+ else
+ qemu_irq_lower(gpt->irqs[i]);
+ mask = mask >> 1;
+ }
+}
+
+static void ppc4xx_gpt_compute_timer (ppc4xx_gpt_t *gpt)
+{
+ /* XXX: TODO */
+}
+
+static uint32_t ppc4xx_gpt_readl (void *opaque, hwaddr addr)
+{
+ ppc4xx_gpt_t *gpt;
+ uint32_t ret;
+ int idx;
+
+#ifdef DEBUG_GPT
+ printf("%s: addr " TARGET_FMT_plx "\n", __func__, addr);
+#endif
+ gpt = opaque;
+ switch (addr) {
+ case 0x00:
+ /* Time base counter */
+ ret = muldiv64(qemu_get_clock_ns(vm_clock) + gpt->tb_offset,
+ gpt->tb_freq, get_ticks_per_sec());
+ break;
+ case 0x10:
+ /* Output enable */
+ ret = gpt->oe;
+ break;
+ case 0x14:
+ /* Output level */
+ ret = gpt->ol;
+ break;
+ case 0x18:
+ /* Interrupt mask */
+ ret = gpt->im;
+ break;
+ case 0x1C:
+ case 0x20:
+ /* Interrupt status */
+ ret = gpt->is;
+ break;
+ case 0x24:
+ /* Interrupt enable */
+ ret = gpt->ie;
+ break;
+ case 0x80 ... 0x90:
+ /* Compare timer */
+ idx = (addr - 0x80) >> 2;
+ ret = gpt->comp[idx];
+ break;
+ case 0xC0 ... 0xD0:
+ /* Compare mask */
+ idx = (addr - 0xC0) >> 2;
+ ret = gpt->mask[idx];
+ break;
+ default:
+ ret = -1;
+ break;
+ }
+
+ return ret;
+}
+
+static void ppc4xx_gpt_writel (void *opaque,
+ hwaddr addr, uint32_t value)
+{
+ ppc4xx_gpt_t *gpt;
+ int idx;
+
+#ifdef DEBUG_I2C
+ printf("%s: addr " TARGET_FMT_plx " val %08" PRIx32 "\n", __func__, addr,
+ value);
+#endif
+ gpt = opaque;
+ switch (addr) {
+ case 0x00:
+ /* Time base counter */
+ gpt->tb_offset = muldiv64(value, get_ticks_per_sec(), gpt->tb_freq)
+ - qemu_get_clock_ns(vm_clock);
+ ppc4xx_gpt_compute_timer(gpt);
+ break;
+ case 0x10:
+ /* Output enable */
+ gpt->oe = value & 0xF8000000;
+ ppc4xx_gpt_set_outputs(gpt);
+ break;
+ case 0x14:
+ /* Output level */
+ gpt->ol = value & 0xF8000000;
+ ppc4xx_gpt_set_outputs(gpt);
+ break;
+ case 0x18:
+ /* Interrupt mask */
+ gpt->im = value & 0x0000F800;
+ break;
+ case 0x1C:
+ /* Interrupt status set */
+ gpt->is |= value & 0x0000F800;
+ ppc4xx_gpt_set_irqs(gpt);
+ break;
+ case 0x20:
+ /* Interrupt status clear */
+ gpt->is &= ~(value & 0x0000F800);
+ ppc4xx_gpt_set_irqs(gpt);
+ break;
+ case 0x24:
+ /* Interrupt enable */
+ gpt->ie = value & 0x0000F800;
+ ppc4xx_gpt_set_irqs(gpt);
+ break;
+ case 0x80 ... 0x90:
+ /* Compare timer */
+ idx = (addr - 0x80) >> 2;
+ gpt->comp[idx] = value & 0xF8000000;
+ ppc4xx_gpt_compute_timer(gpt);
+ break;
+ case 0xC0 ... 0xD0:
+ /* Compare mask */
+ idx = (addr - 0xC0) >> 2;
+ gpt->mask[idx] = value & 0xF8000000;
+ ppc4xx_gpt_compute_timer(gpt);
+ break;
+ }
+}
+
+static const MemoryRegionOps gpt_ops = {
+ .old_mmio = {
+ .read = { ppc4xx_gpt_readb, ppc4xx_gpt_readw, ppc4xx_gpt_readl, },
+ .write = { ppc4xx_gpt_writeb, ppc4xx_gpt_writew, ppc4xx_gpt_writel, },
+ },
+ .endianness = DEVICE_NATIVE_ENDIAN,
+};
+
+static void ppc4xx_gpt_cb (void *opaque)
+{
+ ppc4xx_gpt_t *gpt;
+
+ gpt = opaque;
+ ppc4xx_gpt_set_irqs(gpt);
+ ppc4xx_gpt_set_outputs(gpt);
+ ppc4xx_gpt_compute_timer(gpt);
+}
+
+static void ppc4xx_gpt_reset (void *opaque)
+{
+ ppc4xx_gpt_t *gpt;
+ int i;
+
+ gpt = opaque;
+ qemu_del_timer(gpt->timer);
+ gpt->oe = 0x00000000;
+ gpt->ol = 0x00000000;
+ gpt->im = 0x00000000;
+ gpt->is = 0x00000000;
+ gpt->ie = 0x00000000;
+ for (i = 0; i < 5; i++) {
+ gpt->comp[i] = 0x00000000;
+ gpt->mask[i] = 0x00000000;
+ }
+}
+
+static void ppc4xx_gpt_init(hwaddr base, qemu_irq irqs[5])
+{
+ ppc4xx_gpt_t *gpt;
+ int i;
+
+ gpt = g_malloc0(sizeof(ppc4xx_gpt_t));
+ for (i = 0; i < 5; i++) {
+ gpt->irqs[i] = irqs[i];
+ }
+ gpt->timer = qemu_new_timer_ns(vm_clock, &ppc4xx_gpt_cb, gpt);
+#ifdef DEBUG_GPT
+ printf("%s: offset " TARGET_FMT_plx "\n", __func__, base);
+#endif
+ memory_region_init_io(&gpt->iomem, NULL, &gpt_ops, gpt, "gpt", 0x0d4);
+ memory_region_add_subregion(get_system_memory(), base, &gpt->iomem);
+ qemu_register_reset(ppc4xx_gpt_reset, gpt);
+}
+
+/*****************************************************************************/
+/* MAL */
+enum {
+ MAL0_CFG = 0x180,
+ MAL0_ESR = 0x181,
+ MAL0_IER = 0x182,
+ MAL0_TXCASR = 0x184,
+ MAL0_TXCARR = 0x185,
+ MAL0_TXEOBISR = 0x186,
+ MAL0_TXDEIR = 0x187,
+ MAL0_RXCASR = 0x190,
+ MAL0_RXCARR = 0x191,
+ MAL0_RXEOBISR = 0x192,
+ MAL0_RXDEIR = 0x193,
+ MAL0_TXCTP0R = 0x1A0,
+ MAL0_TXCTP1R = 0x1A1,
+ MAL0_TXCTP2R = 0x1A2,
+ MAL0_TXCTP3R = 0x1A3,
+ MAL0_RXCTP0R = 0x1C0,
+ MAL0_RXCTP1R = 0x1C1,
+ MAL0_RCBS0 = 0x1E0,
+ MAL0_RCBS1 = 0x1E1,
+};
+
+typedef struct ppc40x_mal_t ppc40x_mal_t;
+struct ppc40x_mal_t {
+ qemu_irq irqs[4];
+ uint32_t cfg;
+ uint32_t esr;
+ uint32_t ier;
+ uint32_t txcasr;
+ uint32_t txcarr;
+ uint32_t txeobisr;
+ uint32_t txdeir;
+ uint32_t rxcasr;
+ uint32_t rxcarr;
+ uint32_t rxeobisr;
+ uint32_t rxdeir;
+ uint32_t txctpr[4];
+ uint32_t rxctpr[2];
+ uint32_t rcbs[2];
+};
+
+static void ppc40x_mal_reset (void *opaque);
+
+static uint32_t dcr_read_mal (void *opaque, int dcrn)
+{
+ ppc40x_mal_t *mal;
+ uint32_t ret;
+
+ mal = opaque;
+ switch (dcrn) {
+ case MAL0_CFG:
+ ret = mal->cfg;
+ break;
+ case MAL0_ESR:
+ ret = mal->esr;
+ break;
+ case MAL0_IER:
+ ret = mal->ier;
+ break;
+ case MAL0_TXCASR:
+ ret = mal->txcasr;
+ break;
+ case MAL0_TXCARR:
+ ret = mal->txcarr;
+ break;
+ case MAL0_TXEOBISR:
+ ret = mal->txeobisr;
+ break;
+ case MAL0_TXDEIR:
+ ret = mal->txdeir;
+ break;
+ case MAL0_RXCASR:
+ ret = mal->rxcasr;
+ break;
+ case MAL0_RXCARR:
+ ret = mal->rxcarr;
+ break;
+ case MAL0_RXEOBISR:
+ ret = mal->rxeobisr;
+ break;
+ case MAL0_RXDEIR:
+ ret = mal->rxdeir;
+ break;
+ case MAL0_TXCTP0R:
+ ret = mal->txctpr[0];
+ break;
+ case MAL0_TXCTP1R:
+ ret = mal->txctpr[1];
+ break;
+ case MAL0_TXCTP2R:
+ ret = mal->txctpr[2];
+ break;
+ case MAL0_TXCTP3R:
+ ret = mal->txctpr[3];
+ break;
+ case MAL0_RXCTP0R:
+ ret = mal->rxctpr[0];
+ break;
+ case MAL0_RXCTP1R:
+ ret = mal->rxctpr[1];
+ break;
+ case MAL0_RCBS0:
+ ret = mal->rcbs[0];
+ break;
+ case MAL0_RCBS1:
+ ret = mal->rcbs[1];
+ break;
+ default:
+ ret = 0;
+ break;
+ }
+
+ return ret;
+}
+
+static void dcr_write_mal (void *opaque, int dcrn, uint32_t val)
+{
+ ppc40x_mal_t *mal;
+ int idx;
+
+ mal = opaque;
+ switch (dcrn) {
+ case MAL0_CFG:
+ if (val & 0x80000000)
+ ppc40x_mal_reset(mal);
+ mal->cfg = val & 0x00FFC087;
+ break;
+ case MAL0_ESR:
+ /* Read/clear */
+ mal->esr &= ~val;
+ break;
+ case MAL0_IER:
+ mal->ier = val & 0x0000001F;
+ break;
+ case MAL0_TXCASR:
+ mal->txcasr = val & 0xF0000000;
+ break;
+ case MAL0_TXCARR:
+ mal->txcarr = val & 0xF0000000;
+ break;
+ case MAL0_TXEOBISR:
+ /* Read/clear */
+ mal->txeobisr &= ~val;
+ break;
+ case MAL0_TXDEIR:
+ /* Read/clear */
+ mal->txdeir &= ~val;
+ break;
+ case MAL0_RXCASR:
+ mal->rxcasr = val & 0xC0000000;
+ break;
+ case MAL0_RXCARR:
+ mal->rxcarr = val & 0xC0000000;
+ break;
+ case MAL0_RXEOBISR:
+ /* Read/clear */
+ mal->rxeobisr &= ~val;
+ break;
+ case MAL0_RXDEIR:
+ /* Read/clear */
+ mal->rxdeir &= ~val;
+ break;
+ case MAL0_TXCTP0R:
+ idx = 0;
+ goto update_tx_ptr;
+ case MAL0_TXCTP1R:
+ idx = 1;
+ goto update_tx_ptr;
+ case MAL0_TXCTP2R:
+ idx = 2;
+ goto update_tx_ptr;
+ case MAL0_TXCTP3R:
+ idx = 3;
+ update_tx_ptr:
+ mal->txctpr[idx] = val;
+ break;
+ case MAL0_RXCTP0R:
+ idx = 0;
+ goto update_rx_ptr;
+ case MAL0_RXCTP1R:
+ idx = 1;
+ update_rx_ptr:
+ mal->rxctpr[idx] = val;
+ break;
+ case MAL0_RCBS0:
+ idx = 0;
+ goto update_rx_size;
+ case MAL0_RCBS1:
+ idx = 1;
+ update_rx_size:
+ mal->rcbs[idx] = val & 0x000000FF;
+ break;
+ }
+}
+
+static void ppc40x_mal_reset (void *opaque)
+{
+ ppc40x_mal_t *mal;
+
+ mal = opaque;
+ mal->cfg = 0x0007C000;
+ mal->esr = 0x00000000;
+ mal->ier = 0x00000000;
+ mal->rxcasr = 0x00000000;
+ mal->rxdeir = 0x00000000;
+ mal->rxeobisr = 0x00000000;
+ mal->txcasr = 0x00000000;
+ mal->txdeir = 0x00000000;
+ mal->txeobisr = 0x00000000;
+}
+
+static void ppc405_mal_init(CPUPPCState *env, qemu_irq irqs[4])
+{
+ ppc40x_mal_t *mal;
+ int i;
+
+ mal = g_malloc0(sizeof(ppc40x_mal_t));
+ for (i = 0; i < 4; i++)
+ mal->irqs[i] = irqs[i];
+ qemu_register_reset(&ppc40x_mal_reset, mal);
+ ppc_dcr_register(env, MAL0_CFG,
+ mal, &dcr_read_mal, &dcr_write_mal);
+ ppc_dcr_register(env, MAL0_ESR,
+ mal, &dcr_read_mal, &dcr_write_mal);
+ ppc_dcr_register(env, MAL0_IER,
+ mal, &dcr_read_mal, &dcr_write_mal);
+ ppc_dcr_register(env, MAL0_TXCASR,
+ mal, &dcr_read_mal, &dcr_write_mal);
+ ppc_dcr_register(env, MAL0_TXCARR,
+ mal, &dcr_read_mal, &dcr_write_mal);
+ ppc_dcr_register(env, MAL0_TXEOBISR,
+ mal, &dcr_read_mal, &dcr_write_mal);
+ ppc_dcr_register(env, MAL0_TXDEIR,
+ mal, &dcr_read_mal, &dcr_write_mal);
+ ppc_dcr_register(env, MAL0_RXCASR,
+ mal, &dcr_read_mal, &dcr_write_mal);
+ ppc_dcr_register(env, MAL0_RXCARR,
+ mal, &dcr_read_mal, &dcr_write_mal);
+ ppc_dcr_register(env, MAL0_RXEOBISR,
+ mal, &dcr_read_mal, &dcr_write_mal);
+ ppc_dcr_register(env, MAL0_RXDEIR,
+ mal, &dcr_read_mal, &dcr_write_mal);
+ ppc_dcr_register(env, MAL0_TXCTP0R,
+ mal, &dcr_read_mal, &dcr_write_mal);
+ ppc_dcr_register(env, MAL0_TXCTP1R,
+ mal, &dcr_read_mal, &dcr_write_mal);
+ ppc_dcr_register(env, MAL0_TXCTP2R,
+ mal, &dcr_read_mal, &dcr_write_mal);
+ ppc_dcr_register(env, MAL0_TXCTP3R,
+ mal, &dcr_read_mal, &dcr_write_mal);
+ ppc_dcr_register(env, MAL0_RXCTP0R,
+ mal, &dcr_read_mal, &dcr_write_mal);
+ ppc_dcr_register(env, MAL0_RXCTP1R,
+ mal, &dcr_read_mal, &dcr_write_mal);
+ ppc_dcr_register(env, MAL0_RCBS0,
+ mal, &dcr_read_mal, &dcr_write_mal);
+ ppc_dcr_register(env, MAL0_RCBS1,
+ mal, &dcr_read_mal, &dcr_write_mal);
+}
+
+/*****************************************************************************/
+/* SPR */
+void ppc40x_core_reset(PowerPCCPU *cpu)
+{
+ CPUPPCState *env = &cpu->env;
+ target_ulong dbsr;
+
+ printf("Reset PowerPC core\n");
+ cpu_interrupt(CPU(cpu), CPU_INTERRUPT_RESET);
+ dbsr = env->spr[SPR_40x_DBSR];
+ dbsr &= ~0x00000300;
+ dbsr |= 0x00000100;
+ env->spr[SPR_40x_DBSR] = dbsr;
+}
+
+void ppc40x_chip_reset(PowerPCCPU *cpu)
+{
+ CPUPPCState *env = &cpu->env;
+ target_ulong dbsr;
+
+ printf("Reset PowerPC chip\n");
+ cpu_interrupt(CPU(cpu), CPU_INTERRUPT_RESET);
+ /* XXX: TODO reset all internal peripherals */
+ dbsr = env->spr[SPR_40x_DBSR];
+ dbsr &= ~0x00000300;
+ dbsr |= 0x00000200;
+ env->spr[SPR_40x_DBSR] = dbsr;
+}
+
+void ppc40x_system_reset(PowerPCCPU *cpu)
+{
+ printf("Reset PowerPC system\n");
+ qemu_system_reset_request();
+}
+
+void store_40x_dbcr0 (CPUPPCState *env, uint32_t val)
+{
+ PowerPCCPU *cpu = ppc_env_get_cpu(env);
+
+ switch ((val >> 28) & 0x3) {
+ case 0x0:
+ /* No action */
+ break;
+ case 0x1:
+ /* Core reset */
+ ppc40x_core_reset(cpu);
+ break;
+ case 0x2:
+ /* Chip reset */
+ ppc40x_chip_reset(cpu);
+ break;
+ case 0x3:
+ /* System reset */
+ ppc40x_system_reset(cpu);
+ break;
+ }
+}
+
+/*****************************************************************************/
+/* PowerPC 405CR */
+enum {
+ PPC405CR_CPC0_PLLMR = 0x0B0,
+ PPC405CR_CPC0_CR0 = 0x0B1,
+ PPC405CR_CPC0_CR1 = 0x0B2,
+ PPC405CR_CPC0_PSR = 0x0B4,
+ PPC405CR_CPC0_JTAGID = 0x0B5,
+ PPC405CR_CPC0_ER = 0x0B9,
+ PPC405CR_CPC0_FR = 0x0BA,
+ PPC405CR_CPC0_SR = 0x0BB,
+};
+
+enum {
+ PPC405CR_CPU_CLK = 0,
+ PPC405CR_TMR_CLK = 1,
+ PPC405CR_PLB_CLK = 2,
+ PPC405CR_SDRAM_CLK = 3,
+ PPC405CR_OPB_CLK = 4,
+ PPC405CR_EXT_CLK = 5,
+ PPC405CR_UART_CLK = 6,
+ PPC405CR_CLK_NB = 7,
+};
+
+typedef struct ppc405cr_cpc_t ppc405cr_cpc_t;
+struct ppc405cr_cpc_t {
+ clk_setup_t clk_setup[PPC405CR_CLK_NB];
+ uint32_t sysclk;
+ uint32_t psr;
+ uint32_t cr0;
+ uint32_t cr1;
+ uint32_t jtagid;
+ uint32_t pllmr;
+ uint32_t er;
+ uint32_t fr;
+};
+
+static void ppc405cr_clk_setup (ppc405cr_cpc_t *cpc)
+{
+ uint64_t VCO_out, PLL_out;
+ uint32_t CPU_clk, TMR_clk, SDRAM_clk, PLB_clk, OPB_clk, EXT_clk, UART_clk;
+ int M, D0, D1, D2;
+
+ D0 = ((cpc->pllmr >> 26) & 0x3) + 1; /* CBDV */
+ if (cpc->pllmr & 0x80000000) {
+ D1 = (((cpc->pllmr >> 20) - 1) & 0xF) + 1; /* FBDV */
+ D2 = 8 - ((cpc->pllmr >> 16) & 0x7); /* FWDVA */
+ M = D0 * D1 * D2;
+ VCO_out = cpc->sysclk * M;
+ if (VCO_out < 400000000 || VCO_out > 800000000) {
+ /* PLL cannot lock */
+ cpc->pllmr &= ~0x80000000;
+ goto bypass_pll;
+ }
+ PLL_out = VCO_out / D2;
+ } else {
+ /* Bypass PLL */
+ bypass_pll:
+ M = D0;
+ PLL_out = cpc->sysclk * M;
+ }
+ CPU_clk = PLL_out;
+ if (cpc->cr1 & 0x00800000)
+ TMR_clk = cpc->sysclk; /* Should have a separate clock */
+ else
+ TMR_clk = CPU_clk;
+ PLB_clk = CPU_clk / D0;
+ SDRAM_clk = PLB_clk;
+ D0 = ((cpc->pllmr >> 10) & 0x3) + 1;
+ OPB_clk = PLB_clk / D0;
+ D0 = ((cpc->pllmr >> 24) & 0x3) + 2;
+ EXT_clk = PLB_clk / D0;
+ D0 = ((cpc->cr0 >> 1) & 0x1F) + 1;
+ UART_clk = CPU_clk / D0;
+ /* Setup CPU clocks */
+ clk_setup(&cpc->clk_setup[PPC405CR_CPU_CLK], CPU_clk);
+ /* Setup time-base clock */
+ clk_setup(&cpc->clk_setup[PPC405CR_TMR_CLK], TMR_clk);
+ /* Setup PLB clock */
+ clk_setup(&cpc->clk_setup[PPC405CR_PLB_CLK], PLB_clk);
+ /* Setup SDRAM clock */
+ clk_setup(&cpc->clk_setup[PPC405CR_SDRAM_CLK], SDRAM_clk);
+ /* Setup OPB clock */
+ clk_setup(&cpc->clk_setup[PPC405CR_OPB_CLK], OPB_clk);
+ /* Setup external clock */
+ clk_setup(&cpc->clk_setup[PPC405CR_EXT_CLK], EXT_clk);
+ /* Setup UART clock */
+ clk_setup(&cpc->clk_setup[PPC405CR_UART_CLK], UART_clk);
+}
+
+static uint32_t dcr_read_crcpc (void *opaque, int dcrn)
+{
+ ppc405cr_cpc_t *cpc;
+ uint32_t ret;
+
+ cpc = opaque;
+ switch (dcrn) {
+ case PPC405CR_CPC0_PLLMR:
+ ret = cpc->pllmr;
+ break;
+ case PPC405CR_CPC0_CR0:
+ ret = cpc->cr0;
+ break;
+ case PPC405CR_CPC0_CR1:
+ ret = cpc->cr1;
+ break;
+ case PPC405CR_CPC0_PSR:
+ ret = cpc->psr;
+ break;
+ case PPC405CR_CPC0_JTAGID:
+ ret = cpc->jtagid;
+ break;
+ case PPC405CR_CPC0_ER:
+ ret = cpc->er;
+ break;
+ case PPC405CR_CPC0_FR:
+ ret = cpc->fr;
+ break;
+ case PPC405CR_CPC0_SR:
+ ret = ~(cpc->er | cpc->fr) & 0xFFFF0000;
+ break;
+ default:
+ /* Avoid gcc warning */
+ ret = 0;
+ break;
+ }
+
+ return ret;
+}
+
+static void dcr_write_crcpc (void *opaque, int dcrn, uint32_t val)
+{
+ ppc405cr_cpc_t *cpc;
+
+ cpc = opaque;
+ switch (dcrn) {
+ case PPC405CR_CPC0_PLLMR:
+ cpc->pllmr = val & 0xFFF77C3F;
+ break;
+ case PPC405CR_CPC0_CR0:
+ cpc->cr0 = val & 0x0FFFFFFE;
+ break;
+ case PPC405CR_CPC0_CR1:
+ cpc->cr1 = val & 0x00800000;
+ break;
+ case PPC405CR_CPC0_PSR:
+ /* Read-only */
+ break;
+ case PPC405CR_CPC0_JTAGID:
+ /* Read-only */
+ break;
+ case PPC405CR_CPC0_ER:
+ cpc->er = val & 0xBFFC0000;
+ break;
+ case PPC405CR_CPC0_FR:
+ cpc->fr = val & 0xBFFC0000;
+ break;
+ case PPC405CR_CPC0_SR:
+ /* Read-only */
+ break;
+ }
+}
+
+static void ppc405cr_cpc_reset (void *opaque)
+{
+ ppc405cr_cpc_t *cpc;
+ int D;
+
+ cpc = opaque;
+ /* Compute PLLMR value from PSR settings */
+ cpc->pllmr = 0x80000000;
+ /* PFWD */
+ switch ((cpc->psr >> 30) & 3) {
+ case 0:
+ /* Bypass */
+ cpc->pllmr &= ~0x80000000;
+ break;
+ case 1:
+ /* Divide by 3 */
+ cpc->pllmr |= 5 << 16;
+ break;
+ case 2:
+ /* Divide by 4 */
+ cpc->pllmr |= 4 << 16;
+ break;
+ case 3:
+ /* Divide by 6 */
+ cpc->pllmr |= 2 << 16;
+ break;
+ }
+ /* PFBD */
+ D = (cpc->psr >> 28) & 3;
+ cpc->pllmr |= (D + 1) << 20;
+ /* PT */
+ D = (cpc->psr >> 25) & 7;
+ switch (D) {
+ case 0x2:
+ cpc->pllmr |= 0x13;
+ break;
+ case 0x4:
+ cpc->pllmr |= 0x15;
+ break;
+ case 0x5:
+ cpc->pllmr |= 0x16;
+ break;
+ default:
+ break;
+ }
+ /* PDC */
+ D = (cpc->psr >> 23) & 3;
+ cpc->pllmr |= D << 26;
+ /* ODP */
+ D = (cpc->psr >> 21) & 3;
+ cpc->pllmr |= D << 10;
+ /* EBPD */
+ D = (cpc->psr >> 17) & 3;
+ cpc->pllmr |= D << 24;
+ cpc->cr0 = 0x0000003C;
+ cpc->cr1 = 0x2B0D8800;
+ cpc->er = 0x00000000;
+ cpc->fr = 0x00000000;
+ ppc405cr_clk_setup(cpc);
+}
+
+static void ppc405cr_clk_init (ppc405cr_cpc_t *cpc)
+{
+ int D;
+
+ /* XXX: this should be read from IO pins */
+ cpc->psr = 0x00000000; /* 8 bits ROM */
+ /* PFWD */
+ D = 0x2; /* Divide by 4 */
+ cpc->psr |= D << 30;
+ /* PFBD */
+ D = 0x1; /* Divide by 2 */
+ cpc->psr |= D << 28;
+ /* PDC */
+ D = 0x1; /* Divide by 2 */
+ cpc->psr |= D << 23;
+ /* PT */
+ D = 0x5; /* M = 16 */
+ cpc->psr |= D << 25;
+ /* ODP */
+ D = 0x1; /* Divide by 2 */
+ cpc->psr |= D << 21;
+ /* EBDP */
+ D = 0x2; /* Divide by 4 */
+ cpc->psr |= D << 17;
+}
+
+static void ppc405cr_cpc_init (CPUPPCState *env, clk_setup_t clk_setup[7],
+ uint32_t sysclk)
+{
+ ppc405cr_cpc_t *cpc;
+
+ cpc = g_malloc0(sizeof(ppc405cr_cpc_t));
+ memcpy(cpc->clk_setup, clk_setup,
+ PPC405CR_CLK_NB * sizeof(clk_setup_t));
+ cpc->sysclk = sysclk;
+ cpc->jtagid = 0x42051049;
+ ppc_dcr_register(env, PPC405CR_CPC0_PSR, cpc,
+ &dcr_read_crcpc, &dcr_write_crcpc);
+ ppc_dcr_register(env, PPC405CR_CPC0_CR0, cpc,
+ &dcr_read_crcpc, &dcr_write_crcpc);
+ ppc_dcr_register(env, PPC405CR_CPC0_CR1, cpc,
+ &dcr_read_crcpc, &dcr_write_crcpc);
+ ppc_dcr_register(env, PPC405CR_CPC0_JTAGID, cpc,
+ &dcr_read_crcpc, &dcr_write_crcpc);
+ ppc_dcr_register(env, PPC405CR_CPC0_PLLMR, cpc,
+ &dcr_read_crcpc, &dcr_write_crcpc);
+ ppc_dcr_register(env, PPC405CR_CPC0_ER, cpc,
+ &dcr_read_crcpc, &dcr_write_crcpc);
+ ppc_dcr_register(env, PPC405CR_CPC0_FR, cpc,
+ &dcr_read_crcpc, &dcr_write_crcpc);
+ ppc_dcr_register(env, PPC405CR_CPC0_SR, cpc,
+ &dcr_read_crcpc, &dcr_write_crcpc);
+ ppc405cr_clk_init(cpc);
+ qemu_register_reset(ppc405cr_cpc_reset, cpc);
+}
+
+CPUPPCState *ppc405cr_init(MemoryRegion *address_space_mem,
+ MemoryRegion ram_memories[4],
+ hwaddr ram_bases[4],
+ hwaddr ram_sizes[4],
+ uint32_t sysclk, qemu_irq **picp,
+ int do_init)
+{
+ clk_setup_t clk_setup[PPC405CR_CLK_NB];
+ qemu_irq dma_irqs[4];
+ PowerPCCPU *cpu;
+ CPUPPCState *env;
+ qemu_irq *pic, *irqs;
+
+ memset(clk_setup, 0, sizeof(clk_setup));
+ cpu = ppc4xx_init("405cr", &clk_setup[PPC405CR_CPU_CLK],
+ &clk_setup[PPC405CR_TMR_CLK], sysclk);
+ env = &cpu->env;
+ /* Memory mapped devices registers */
+ /* PLB arbitrer */
+ ppc4xx_plb_init(env);
+ /* PLB to OPB bridge */
+ ppc4xx_pob_init(env);
+ /* OBP arbitrer */
+ ppc4xx_opba_init(0xef600600);
+ /* Universal interrupt controller */
+ irqs = g_malloc0(sizeof(qemu_irq) * PPCUIC_OUTPUT_NB);
+ irqs[PPCUIC_OUTPUT_INT] =
+ ((qemu_irq *)env->irq_inputs)[PPC40x_INPUT_INT];
+ irqs[PPCUIC_OUTPUT_CINT] =
+ ((qemu_irq *)env->irq_inputs)[PPC40x_INPUT_CINT];
+ pic = ppcuic_init(env, irqs, 0x0C0, 0, 1);
+ *picp = pic;
+ /* SDRAM controller */
+ ppc4xx_sdram_init(env, pic[14], 1, ram_memories,
+ ram_bases, ram_sizes, do_init);
+ /* External bus controller */
+ ppc405_ebc_init(env);
+ /* DMA controller */
+ dma_irqs[0] = pic[26];
+ dma_irqs[1] = pic[25];
+ dma_irqs[2] = pic[24];
+ dma_irqs[3] = pic[23];
+ ppc405_dma_init(env, dma_irqs);
+ /* Serial ports */
+ if (serial_hds[0] != NULL) {
+ serial_mm_init(address_space_mem, 0xef600300, 0, pic[0],
+ PPC_SERIAL_MM_BAUDBASE, serial_hds[0],
+ DEVICE_BIG_ENDIAN);
+ }
+ if (serial_hds[1] != NULL) {
+ serial_mm_init(address_space_mem, 0xef600400, 0, pic[1],
+ PPC_SERIAL_MM_BAUDBASE, serial_hds[1],
+ DEVICE_BIG_ENDIAN);
+ }
+ /* IIC controller */
+ ppc405_i2c_init(0xef600500, pic[2]);
+ /* GPIO */
+ ppc405_gpio_init(0xef600700);
+ /* CPU control */
+ ppc405cr_cpc_init(env, clk_setup, sysclk);
+
+ return env;
+}
+
+/*****************************************************************************/
+/* PowerPC 405EP */
+/* CPU control */
+enum {
+ PPC405EP_CPC0_PLLMR0 = 0x0F0,
+ PPC405EP_CPC0_BOOT = 0x0F1,
+ PPC405EP_CPC0_EPCTL = 0x0F3,
+ PPC405EP_CPC0_PLLMR1 = 0x0F4,
+ PPC405EP_CPC0_UCR = 0x0F5,
+ PPC405EP_CPC0_SRR = 0x0F6,
+ PPC405EP_CPC0_JTAGID = 0x0F7,
+ PPC405EP_CPC0_PCI = 0x0F9,
+#if 0
+ PPC405EP_CPC0_ER = xxx,
+ PPC405EP_CPC0_FR = xxx,
+ PPC405EP_CPC0_SR = xxx,
+#endif
+};
+
+enum {
+ PPC405EP_CPU_CLK = 0,
+ PPC405EP_PLB_CLK = 1,
+ PPC405EP_OPB_CLK = 2,
+ PPC405EP_EBC_CLK = 3,
+ PPC405EP_MAL_CLK = 4,
+ PPC405EP_PCI_CLK = 5,
+ PPC405EP_UART0_CLK = 6,
+ PPC405EP_UART1_CLK = 7,
+ PPC405EP_CLK_NB = 8,
+};
+
+typedef struct ppc405ep_cpc_t ppc405ep_cpc_t;
+struct ppc405ep_cpc_t {
+ uint32_t sysclk;
+ clk_setup_t clk_setup[PPC405EP_CLK_NB];
+ uint32_t boot;
+ uint32_t epctl;
+ uint32_t pllmr[2];
+ uint32_t ucr;
+ uint32_t srr;
+ uint32_t jtagid;
+ uint32_t pci;
+ /* Clock and power management */
+ uint32_t er;
+ uint32_t fr;
+ uint32_t sr;
+};
+
+static void ppc405ep_compute_clocks (ppc405ep_cpc_t *cpc)
+{
+ uint32_t CPU_clk, PLB_clk, OPB_clk, EBC_clk, MAL_clk, PCI_clk;
+ uint32_t UART0_clk, UART1_clk;
+ uint64_t VCO_out, PLL_out;
+ int M, D;
+
+ VCO_out = 0;
+ if ((cpc->pllmr[1] & 0x80000000) && !(cpc->pllmr[1] & 0x40000000)) {
+ M = (((cpc->pllmr[1] >> 20) - 1) & 0xF) + 1; /* FBMUL */
+#ifdef DEBUG_CLOCKS_LL
+ printf("FBMUL %01" PRIx32 " %d\n", (cpc->pllmr[1] >> 20) & 0xF, M);
+#endif
+ D = 8 - ((cpc->pllmr[1] >> 16) & 0x7); /* FWDA */
+#ifdef DEBUG_CLOCKS_LL
+ printf("FWDA %01" PRIx32 " %d\n", (cpc->pllmr[1] >> 16) & 0x7, D);
+#endif
+ VCO_out = cpc->sysclk * M * D;
+ if (VCO_out < 500000000UL || VCO_out > 1000000000UL) {
+ /* Error - unlock the PLL */
+ printf("VCO out of range %" PRIu64 "\n", VCO_out);
+#if 0
+ cpc->pllmr[1] &= ~0x80000000;
+ goto pll_bypass;
+#endif
+ }
+ PLL_out = VCO_out / D;
+ /* Pretend the PLL is locked */
+ cpc->boot |= 0x00000001;
+ } else {
+#if 0
+ pll_bypass:
+#endif
+ PLL_out = cpc->sysclk;
+ if (cpc->pllmr[1] & 0x40000000) {
+ /* Pretend the PLL is not locked */
+ cpc->boot &= ~0x00000001;
+ }
+ }
+ /* Now, compute all other clocks */
+ D = ((cpc->pllmr[0] >> 20) & 0x3) + 1; /* CCDV */
+#ifdef DEBUG_CLOCKS_LL
+ printf("CCDV %01" PRIx32 " %d\n", (cpc->pllmr[0] >> 20) & 0x3, D);
+#endif
+ CPU_clk = PLL_out / D;
+ D = ((cpc->pllmr[0] >> 16) & 0x3) + 1; /* CBDV */
+#ifdef DEBUG_CLOCKS_LL
+ printf("CBDV %01" PRIx32 " %d\n", (cpc->pllmr[0] >> 16) & 0x3, D);
+#endif
+ PLB_clk = CPU_clk / D;
+ D = ((cpc->pllmr[0] >> 12) & 0x3) + 1; /* OPDV */
+#ifdef DEBUG_CLOCKS_LL
+ printf("OPDV %01" PRIx32 " %d\n", (cpc->pllmr[0] >> 12) & 0x3, D);
+#endif
+ OPB_clk = PLB_clk / D;
+ D = ((cpc->pllmr[0] >> 8) & 0x3) + 2; /* EPDV */
+#ifdef DEBUG_CLOCKS_LL
+ printf("EPDV %01" PRIx32 " %d\n", (cpc->pllmr[0] >> 8) & 0x3, D);
+#endif
+ EBC_clk = PLB_clk / D;
+ D = ((cpc->pllmr[0] >> 4) & 0x3) + 1; /* MPDV */
+#ifdef DEBUG_CLOCKS_LL
+ printf("MPDV %01" PRIx32 " %d\n", (cpc->pllmr[0] >> 4) & 0x3, D);
+#endif
+ MAL_clk = PLB_clk / D;
+ D = (cpc->pllmr[0] & 0x3) + 1; /* PPDV */
+#ifdef DEBUG_CLOCKS_LL
+ printf("PPDV %01" PRIx32 " %d\n", cpc->pllmr[0] & 0x3, D);
+#endif
+ PCI_clk = PLB_clk / D;
+ D = ((cpc->ucr - 1) & 0x7F) + 1; /* U0DIV */
+#ifdef DEBUG_CLOCKS_LL
+ printf("U0DIV %01" PRIx32 " %d\n", cpc->ucr & 0x7F, D);
+#endif
+ UART0_clk = PLL_out / D;
+ D = (((cpc->ucr >> 8) - 1) & 0x7F) + 1; /* U1DIV */
+#ifdef DEBUG_CLOCKS_LL
+ printf("U1DIV %01" PRIx32 " %d\n", (cpc->ucr >> 8) & 0x7F, D);
+#endif
+ UART1_clk = PLL_out / D;
+#ifdef DEBUG_CLOCKS
+ printf("Setup PPC405EP clocks - sysclk %" PRIu32 " VCO %" PRIu64
+ " PLL out %" PRIu64 " Hz\n", cpc->sysclk, VCO_out, PLL_out);
+ printf("CPU %" PRIu32 " PLB %" PRIu32 " OPB %" PRIu32 " EBC %" PRIu32
+ " MAL %" PRIu32 " PCI %" PRIu32 " UART0 %" PRIu32
+ " UART1 %" PRIu32 "\n",
+ CPU_clk, PLB_clk, OPB_clk, EBC_clk, MAL_clk, PCI_clk,
+ UART0_clk, UART1_clk);
+#endif
+ /* Setup CPU clocks */
+ clk_setup(&cpc->clk_setup[PPC405EP_CPU_CLK], CPU_clk);
+ /* Setup PLB clock */
+ clk_setup(&cpc->clk_setup[PPC405EP_PLB_CLK], PLB_clk);
+ /* Setup OPB clock */
+ clk_setup(&cpc->clk_setup[PPC405EP_OPB_CLK], OPB_clk);
+ /* Setup external clock */
+ clk_setup(&cpc->clk_setup[PPC405EP_EBC_CLK], EBC_clk);
+ /* Setup MAL clock */
+ clk_setup(&cpc->clk_setup[PPC405EP_MAL_CLK], MAL_clk);
+ /* Setup PCI clock */
+ clk_setup(&cpc->clk_setup[PPC405EP_PCI_CLK], PCI_clk);
+ /* Setup UART0 clock */
+ clk_setup(&cpc->clk_setup[PPC405EP_UART0_CLK], UART0_clk);
+ /* Setup UART1 clock */
+ clk_setup(&cpc->clk_setup[PPC405EP_UART1_CLK], UART1_clk);
+}
+
+static uint32_t dcr_read_epcpc (void *opaque, int dcrn)
+{
+ ppc405ep_cpc_t *cpc;
+ uint32_t ret;
+
+ cpc = opaque;
+ switch (dcrn) {
+ case PPC405EP_CPC0_BOOT:
+ ret = cpc->boot;
+ break;
+ case PPC405EP_CPC0_EPCTL:
+ ret = cpc->epctl;
+ break;
+ case PPC405EP_CPC0_PLLMR0:
+ ret = cpc->pllmr[0];
+ break;
+ case PPC405EP_CPC0_PLLMR1:
+ ret = cpc->pllmr[1];
+ break;
+ case PPC405EP_CPC0_UCR:
+ ret = cpc->ucr;
+ break;
+ case PPC405EP_CPC0_SRR:
+ ret = cpc->srr;
+ break;
+ case PPC405EP_CPC0_JTAGID:
+ ret = cpc->jtagid;
+ break;
+ case PPC405EP_CPC0_PCI:
+ ret = cpc->pci;
+ break;
+ default:
+ /* Avoid gcc warning */
+ ret = 0;
+ break;
+ }
+
+ return ret;
+}
+
+static void dcr_write_epcpc (void *opaque, int dcrn, uint32_t val)
+{
+ ppc405ep_cpc_t *cpc;
+
+ cpc = opaque;
+ switch (dcrn) {
+ case PPC405EP_CPC0_BOOT:
+ /* Read-only register */
+ break;
+ case PPC405EP_CPC0_EPCTL:
+ /* Don't care for now */
+ cpc->epctl = val & 0xC00000F3;
+ break;
+ case PPC405EP_CPC0_PLLMR0:
+ cpc->pllmr[0] = val & 0x00633333;
+ ppc405ep_compute_clocks(cpc);
+ break;
+ case PPC405EP_CPC0_PLLMR1:
+ cpc->pllmr[1] = val & 0xC0F73FFF;
+ ppc405ep_compute_clocks(cpc);
+ break;
+ case PPC405EP_CPC0_UCR:
+ /* UART control - don't care for now */
+ cpc->ucr = val & 0x003F7F7F;
+ break;
+ case PPC405EP_CPC0_SRR:
+ cpc->srr = val;
+ break;
+ case PPC405EP_CPC0_JTAGID:
+ /* Read-only */
+ break;
+ case PPC405EP_CPC0_PCI:
+ cpc->pci = val;
+ break;
+ }
+}
+
+static void ppc405ep_cpc_reset (void *opaque)
+{
+ ppc405ep_cpc_t *cpc = opaque;
+
+ cpc->boot = 0x00000010; /* Boot from PCI - IIC EEPROM disabled */
+ cpc->epctl = 0x00000000;
+ cpc->pllmr[0] = 0x00011010;
+ cpc->pllmr[1] = 0x40000000;
+ cpc->ucr = 0x00000000;
+ cpc->srr = 0x00040000;
+ cpc->pci = 0x00000000;
+ cpc->er = 0x00000000;
+ cpc->fr = 0x00000000;
+ cpc->sr = 0x00000000;
+ ppc405ep_compute_clocks(cpc);
+}
+
+/* XXX: sysclk should be between 25 and 100 MHz */
+static void ppc405ep_cpc_init (CPUPPCState *env, clk_setup_t clk_setup[8],
+ uint32_t sysclk)
+{
+ ppc405ep_cpc_t *cpc;
+
+ cpc = g_malloc0(sizeof(ppc405ep_cpc_t));
+ memcpy(cpc->clk_setup, clk_setup,
+ PPC405EP_CLK_NB * sizeof(clk_setup_t));
+ cpc->jtagid = 0x20267049;
+ cpc->sysclk = sysclk;
+ qemu_register_reset(&ppc405ep_cpc_reset, cpc);
+ ppc_dcr_register(env, PPC405EP_CPC0_BOOT, cpc,
+ &dcr_read_epcpc, &dcr_write_epcpc);
+ ppc_dcr_register(env, PPC405EP_CPC0_EPCTL, cpc,
+ &dcr_read_epcpc, &dcr_write_epcpc);
+ ppc_dcr_register(env, PPC405EP_CPC0_PLLMR0, cpc,
+ &dcr_read_epcpc, &dcr_write_epcpc);
+ ppc_dcr_register(env, PPC405EP_CPC0_PLLMR1, cpc,
+ &dcr_read_epcpc, &dcr_write_epcpc);
+ ppc_dcr_register(env, PPC405EP_CPC0_UCR, cpc,
+ &dcr_read_epcpc, &dcr_write_epcpc);
+ ppc_dcr_register(env, PPC405EP_CPC0_SRR, cpc,
+ &dcr_read_epcpc, &dcr_write_epcpc);
+ ppc_dcr_register(env, PPC405EP_CPC0_JTAGID, cpc,
+ &dcr_read_epcpc, &dcr_write_epcpc);
+ ppc_dcr_register(env, PPC405EP_CPC0_PCI, cpc,
+ &dcr_read_epcpc, &dcr_write_epcpc);
+#if 0
+ ppc_dcr_register(env, PPC405EP_CPC0_ER, cpc,
+ &dcr_read_epcpc, &dcr_write_epcpc);
+ ppc_dcr_register(env, PPC405EP_CPC0_FR, cpc,
+ &dcr_read_epcpc, &dcr_write_epcpc);
+ ppc_dcr_register(env, PPC405EP_CPC0_SR, cpc,
+ &dcr_read_epcpc, &dcr_write_epcpc);
+#endif
+}
+
+CPUPPCState *ppc405ep_init(MemoryRegion *address_space_mem,
+ MemoryRegion ram_memories[2],
+ hwaddr ram_bases[2],
+ hwaddr ram_sizes[2],
+ uint32_t sysclk, qemu_irq **picp,
+ int do_init)
+{
+ clk_setup_t clk_setup[PPC405EP_CLK_NB], tlb_clk_setup;
+ qemu_irq dma_irqs[4], gpt_irqs[5], mal_irqs[4];
+ PowerPCCPU *cpu;
+ CPUPPCState *env;
+ qemu_irq *pic, *irqs;
+
+ memset(clk_setup, 0, sizeof(clk_setup));
+ /* init CPUs */
+ cpu = ppc4xx_init("405ep", &clk_setup[PPC405EP_CPU_CLK],
+ &tlb_clk_setup, sysclk);
+ env = &cpu->env;
+ clk_setup[PPC405EP_CPU_CLK].cb = tlb_clk_setup.cb;
+ clk_setup[PPC405EP_CPU_CLK].opaque = tlb_clk_setup.opaque;
+ /* Internal devices init */
+ /* Memory mapped devices registers */
+ /* PLB arbitrer */
+ ppc4xx_plb_init(env);
+ /* PLB to OPB bridge */
+ ppc4xx_pob_init(env);
+ /* OBP arbitrer */
+ ppc4xx_opba_init(0xef600600);
+ /* Initialize timers */
+ ppc_booke_timers_init(cpu, sysclk, 0);
+ /* Universal interrupt controller */
+ irqs = g_malloc0(sizeof(qemu_irq) * PPCUIC_OUTPUT_NB);
+ irqs[PPCUIC_OUTPUT_INT] =
+ ((qemu_irq *)env->irq_inputs)[PPC40x_INPUT_INT];
+ irqs[PPCUIC_OUTPUT_CINT] =
+ ((qemu_irq *)env->irq_inputs)[PPC40x_INPUT_CINT];
+ pic = ppcuic_init(env, irqs, 0x0C0, 0, 1);
+ *picp = pic;
+ /* SDRAM controller */
+ /* XXX 405EP has no ECC interrupt */
+ ppc4xx_sdram_init(env, pic[17], 2, ram_memories,
+ ram_bases, ram_sizes, do_init);
+ /* External bus controller */
+ ppc405_ebc_init(env);
+ /* DMA controller */
+ dma_irqs[0] = pic[5];
+ dma_irqs[1] = pic[6];
+ dma_irqs[2] = pic[7];
+ dma_irqs[3] = pic[8];
+ ppc405_dma_init(env, dma_irqs);
+ /* IIC controller */
+ ppc405_i2c_init(0xef600500, pic[2]);
+ /* GPIO */
+ ppc405_gpio_init(0xef600700);
+ /* Serial ports */
+ if (serial_hds[0] != NULL) {
+ serial_mm_init(address_space_mem, 0xef600300, 0, pic[0],
+ PPC_SERIAL_MM_BAUDBASE, serial_hds[0],
+ DEVICE_BIG_ENDIAN);
+ }
+ if (serial_hds[1] != NULL) {
+ serial_mm_init(address_space_mem, 0xef600400, 0, pic[1],
+ PPC_SERIAL_MM_BAUDBASE, serial_hds[1],
+ DEVICE_BIG_ENDIAN);
+ }
+ /* OCM */
+ ppc405_ocm_init(env);
+ /* GPT */
+ gpt_irqs[0] = pic[19];
+ gpt_irqs[1] = pic[20];
+ gpt_irqs[2] = pic[21];
+ gpt_irqs[3] = pic[22];
+ gpt_irqs[4] = pic[23];
+ ppc4xx_gpt_init(0xef600000, gpt_irqs);
+ /* PCI */
+ /* Uses pic[3], pic[16], pic[18] */
+ /* MAL */
+ mal_irqs[0] = pic[11];
+ mal_irqs[1] = pic[12];
+ mal_irqs[2] = pic[13];
+ mal_irqs[3] = pic[14];
+ ppc405_mal_init(env, mal_irqs);
+ /* Ethernet */
+ /* Uses pic[9], pic[15], pic[17] */
+ /* CPU control */
+ ppc405ep_cpc_init(env, clk_setup, sysclk);
+
+ return env;
+}
diff --git a/hw/ppc/ppc440_bamboo.c b/hw/ppc/ppc440_bamboo.c
new file mode 100644
index 000000000..369ab9e26
--- /dev/null
+++ b/hw/ppc/ppc440_bamboo.c
@@ -0,0 +1,307 @@
+/*
+ * QEMU PowerPC 440 Bamboo board emulation
+ *
+ * Copyright 2007 IBM Corporation.
+ * Authors:
+ * Jerone Young <jyoung5@us.ibm.com>
+ * Christian Ehrhardt <ehrhardt@linux.vnet.ibm.com>
+ * Hollis Blanchard <hollisb@us.ibm.com>
+ *
+ * This work is licensed under the GNU GPL license version 2 or later.
+ *
+ */
+
+#include "config.h"
+#include "qemu-common.h"
+#include "net/net.h"
+#include "hw/hw.h"
+#include "hw/pci/pci.h"
+#include "hw/boards.h"
+#include "sysemu/kvm.h"
+#include "kvm_ppc.h"
+#include "sysemu/device_tree.h"
+#include "hw/loader.h"
+#include "elf.h"
+#include "exec/address-spaces.h"
+#include "hw/char/serial.h"
+#include "hw/ppc/ppc.h"
+#include "ppc405.h"
+#include "sysemu/sysemu.h"
+#include "hw/sysbus.h"
+
+#define BINARY_DEVICE_TREE_FILE "bamboo.dtb"
+
+/* from u-boot */
+#define KERNEL_ADDR 0x1000000
+#define FDT_ADDR 0x1800000
+#define RAMDISK_ADDR 0x1900000
+
+#define PPC440EP_PCI_CONFIG 0xeec00000
+#define PPC440EP_PCI_INTACK 0xeed00000
+#define PPC440EP_PCI_SPECIAL 0xeed00000
+#define PPC440EP_PCI_REGS 0xef400000
+#define PPC440EP_PCI_IO 0xe8000000
+#define PPC440EP_PCI_IOLEN 0x00010000
+
+#define PPC440EP_SDRAM_NR_BANKS 4
+
+static const unsigned int ppc440ep_sdram_bank_sizes[] = {
+ 256<<20, 128<<20, 64<<20, 32<<20, 16<<20, 8<<20, 0
+};
+
+static hwaddr entry;
+
+static int bamboo_load_device_tree(hwaddr addr,
+ uint32_t ramsize,
+ hwaddr initrd_base,
+ hwaddr initrd_size,
+ const char *kernel_cmdline)
+{
+ int ret = -1;
+ uint32_t mem_reg_property[] = { 0, 0, cpu_to_be32(ramsize) };
+ char *filename;
+ int fdt_size;
+ void *fdt;
+ uint32_t tb_freq = 400000000;
+ uint32_t clock_freq = 400000000;
+
+ filename = qemu_find_file(QEMU_FILE_TYPE_BIOS, BINARY_DEVICE_TREE_FILE);
+ if (!filename) {
+ goto out;
+ }
+ fdt = load_device_tree(filename, &fdt_size);
+ g_free(filename);
+ if (fdt == NULL) {
+ goto out;
+ }
+
+ /* Manipulate device tree in memory. */
+
+ ret = qemu_devtree_setprop(fdt, "/memory", "reg", mem_reg_property,
+ sizeof(mem_reg_property));
+ if (ret < 0)
+ fprintf(stderr, "couldn't set /memory/reg\n");
+
+ ret = qemu_devtree_setprop_cell(fdt, "/chosen", "linux,initrd-start",
+ initrd_base);
+ if (ret < 0)
+ fprintf(stderr, "couldn't set /chosen/linux,initrd-start\n");
+
+ ret = qemu_devtree_setprop_cell(fdt, "/chosen", "linux,initrd-end",
+ (initrd_base + initrd_size));
+ if (ret < 0)
+ fprintf(stderr, "couldn't set /chosen/linux,initrd-end\n");
+
+ ret = qemu_devtree_setprop_string(fdt, "/chosen", "bootargs",
+ kernel_cmdline);
+ if (ret < 0)
+ fprintf(stderr, "couldn't set /chosen/bootargs\n");
+
+ /* Copy data from the host device tree into the guest. Since the guest can
+ * directly access the timebase without host involvement, we must expose
+ * the correct frequencies. */
+ if (kvm_enabled()) {
+ tb_freq = kvmppc_get_tbfreq();
+ clock_freq = kvmppc_get_clockfreq();
+ }
+
+ qemu_devtree_setprop_cell(fdt, "/cpus/cpu@0", "clock-frequency",
+ clock_freq);
+ qemu_devtree_setprop_cell(fdt, "/cpus/cpu@0", "timebase-frequency",
+ tb_freq);
+
+ ret = rom_add_blob_fixed(BINARY_DEVICE_TREE_FILE, fdt, fdt_size, addr);
+ g_free(fdt);
+
+out:
+
+ return ret;
+}
+
+/* Create reset TLB entries for BookE, spanning the 32bit addr space. */
+static void mmubooke_create_initial_mapping(CPUPPCState *env,
+ target_ulong va,
+ hwaddr pa)
+{
+ ppcemb_tlb_t *tlb = &env->tlb.tlbe[0];
+
+ tlb->attr = 0;
+ tlb->prot = PAGE_VALID | ((PAGE_READ | PAGE_WRITE | PAGE_EXEC) << 4);
+ tlb->size = 1 << 31; /* up to 0x80000000 */
+ tlb->EPN = va & TARGET_PAGE_MASK;
+ tlb->RPN = pa & TARGET_PAGE_MASK;
+ tlb->PID = 0;
+
+ tlb = &env->tlb.tlbe[1];
+ tlb->attr = 0;
+ tlb->prot = PAGE_VALID | ((PAGE_READ | PAGE_WRITE | PAGE_EXEC) << 4);
+ tlb->size = 1 << 31; /* up to 0xffffffff */
+ tlb->EPN = 0x80000000 & TARGET_PAGE_MASK;
+ tlb->RPN = 0x80000000 & TARGET_PAGE_MASK;
+ tlb->PID = 0;
+}
+
+static void main_cpu_reset(void *opaque)
+{
+ PowerPCCPU *cpu = opaque;
+ CPUPPCState *env = &cpu->env;
+
+ cpu_reset(CPU(cpu));
+ env->gpr[1] = (16<<20) - 8;
+ env->gpr[3] = FDT_ADDR;
+ env->nip = entry;
+
+ /* Create a mapping for the kernel. */
+ mmubooke_create_initial_mapping(env, 0, 0);
+}
+
+static void bamboo_init(QEMUMachineInitArgs *args)
+{
+ ram_addr_t ram_size = args->ram_size;
+ const char *cpu_model = args->cpu_model;
+ const char *kernel_filename = args->kernel_filename;
+ const char *kernel_cmdline = args->kernel_cmdline;
+ const char *initrd_filename = args->initrd_filename;
+ unsigned int pci_irq_nrs[4] = { 28, 27, 26, 25 };
+ MemoryRegion *address_space_mem = get_system_memory();
+ MemoryRegion *isa = g_new(MemoryRegion, 1);
+ MemoryRegion *ram_memories
+ = g_malloc(PPC440EP_SDRAM_NR_BANKS * sizeof(*ram_memories));
+ hwaddr ram_bases[PPC440EP_SDRAM_NR_BANKS];
+ hwaddr ram_sizes[PPC440EP_SDRAM_NR_BANKS];
+ qemu_irq *pic;
+ qemu_irq *irqs;
+ PCIBus *pcibus;
+ PowerPCCPU *cpu;
+ CPUPPCState *env;
+ uint64_t elf_entry;
+ uint64_t elf_lowaddr;
+ hwaddr loadaddr = 0;
+ target_long initrd_size = 0;
+ DeviceState *dev;
+ int success;
+ int i;
+
+ /* Setup CPU. */
+ if (cpu_model == NULL) {
+ cpu_model = "440EP";
+ }
+ cpu = cpu_ppc_init(cpu_model);
+ if (cpu == NULL) {
+ fprintf(stderr, "Unable to initialize CPU!\n");
+ exit(1);
+ }
+ env = &cpu->env;
+
+ qemu_register_reset(main_cpu_reset, cpu);
+ ppc_booke_timers_init(cpu, 400000000, 0);
+ ppc_dcr_init(env, NULL, NULL);
+
+ /* interrupt controller */
+ irqs = g_malloc0(sizeof(qemu_irq) * PPCUIC_OUTPUT_NB);
+ irqs[PPCUIC_OUTPUT_INT] = ((qemu_irq *)env->irq_inputs)[PPC40x_INPUT_INT];
+ irqs[PPCUIC_OUTPUT_CINT] = ((qemu_irq *)env->irq_inputs)[PPC40x_INPUT_CINT];
+ pic = ppcuic_init(env, irqs, 0x0C0, 0, 1);
+
+ /* SDRAM controller */
+ memset(ram_bases, 0, sizeof(ram_bases));
+ memset(ram_sizes, 0, sizeof(ram_sizes));
+ ram_size = ppc4xx_sdram_adjust(ram_size, PPC440EP_SDRAM_NR_BANKS,
+ ram_memories,
+ ram_bases, ram_sizes,
+ ppc440ep_sdram_bank_sizes);
+ /* XXX 440EP's ECC interrupts are on UIC1, but we've only created UIC0. */
+ ppc4xx_sdram_init(env, pic[14], PPC440EP_SDRAM_NR_BANKS, ram_memories,
+ ram_bases, ram_sizes, 1);
+
+ /* PCI */
+ dev = sysbus_create_varargs(TYPE_PPC4xx_PCI_HOST_BRIDGE,
+ PPC440EP_PCI_CONFIG,
+ pic[pci_irq_nrs[0]], pic[pci_irq_nrs[1]],
+ pic[pci_irq_nrs[2]], pic[pci_irq_nrs[3]],
+ NULL);
+ pcibus = (PCIBus *)qdev_get_child_bus(dev, "pci.0");
+ if (!pcibus) {
+ fprintf(stderr, "couldn't create PCI controller!\n");
+ exit(1);
+ }
+
+ memory_region_init_alias(isa, NULL, "isa_mmio",
+ get_system_io(), 0, PPC440EP_PCI_IOLEN);
+ memory_region_add_subregion(get_system_memory(), PPC440EP_PCI_IO, isa);
+
+ if (serial_hds[0] != NULL) {
+ serial_mm_init(address_space_mem, 0xef600300, 0, pic[0],
+ PPC_SERIAL_MM_BAUDBASE, serial_hds[0],
+ DEVICE_BIG_ENDIAN);
+ }
+ if (serial_hds[1] != NULL) {
+ serial_mm_init(address_space_mem, 0xef600400, 0, pic[1],
+ PPC_SERIAL_MM_BAUDBASE, serial_hds[1],
+ DEVICE_BIG_ENDIAN);
+ }
+
+ if (pcibus) {
+ /* Register network interfaces. */
+ for (i = 0; i < nb_nics; i++) {
+ /* There are no PCI NICs on the Bamboo board, but there are
+ * PCI slots, so we can pick whatever default model we want. */
+ pci_nic_init_nofail(&nd_table[i], pcibus, "e1000", NULL);
+ }
+ }
+
+ /* Load kernel. */
+ if (kernel_filename) {
+ success = load_uimage(kernel_filename, &entry, &loadaddr, NULL);
+ if (success < 0) {
+ success = load_elf(kernel_filename, NULL, NULL, &elf_entry,
+ &elf_lowaddr, NULL, 1, ELF_MACHINE, 0);
+ entry = elf_entry;
+ loadaddr = elf_lowaddr;
+ }
+ /* XXX try again as binary */
+ if (success < 0) {
+ fprintf(stderr, "qemu: could not load kernel '%s'\n",
+ kernel_filename);
+ exit(1);
+ }
+ }
+
+ /* Load initrd. */
+ if (initrd_filename) {
+ initrd_size = load_image_targphys(initrd_filename, RAMDISK_ADDR,
+ ram_size - RAMDISK_ADDR);
+
+ if (initrd_size < 0) {
+ fprintf(stderr, "qemu: could not load ram disk '%s' at %x\n",
+ initrd_filename, RAMDISK_ADDR);
+ exit(1);
+ }
+ }
+
+ /* If we're loading a kernel directly, we must load the device tree too. */
+ if (kernel_filename) {
+ if (bamboo_load_device_tree(FDT_ADDR, ram_size, RAMDISK_ADDR,
+ initrd_size, kernel_cmdline) < 0) {
+ fprintf(stderr, "couldn't load device tree\n");
+ exit(1);
+ }
+ }
+
+ if (kvm_enabled())
+ kvmppc_init();
+}
+
+static QEMUMachine bamboo_machine = {
+ .name = "bamboo",
+ .desc = "bamboo",
+ .init = bamboo_init,
+ DEFAULT_MACHINE_OPTIONS,
+};
+
+static void bamboo_machine_init(void)
+{
+ qemu_register_machine(&bamboo_machine);
+}
+
+machine_init(bamboo_machine_init);
diff --git a/hw/ppc/ppc4xx_devs.c b/hw/ppc/ppc4xx_devs.c
new file mode 100644
index 000000000..239aada19
--- /dev/null
+++ b/hw/ppc/ppc4xx_devs.c
@@ -0,0 +1,721 @@
+/*
+ * QEMU PowerPC 4xx embedded processors shared devices emulation
+ *
+ * Copyright (c) 2007 Jocelyn Mayer
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+#include "hw/hw.h"
+#include "hw/ppc/ppc.h"
+#include "hw/ppc/ppc4xx.h"
+#include "qemu/log.h"
+#include "exec/address-spaces.h"
+
+//#define DEBUG_MMIO
+//#define DEBUG_UNASSIGNED
+#define DEBUG_UIC
+
+
+#ifdef DEBUG_UIC
+# define LOG_UIC(...) qemu_log_mask(CPU_LOG_INT, ## __VA_ARGS__)
+#else
+# define LOG_UIC(...) do { } while (0)
+#endif
+
+static void ppc4xx_reset(void *opaque)
+{
+ PowerPCCPU *cpu = opaque;
+
+ cpu_reset(CPU(cpu));
+}
+
+/*****************************************************************************/
+/* Generic PowerPC 4xx processor instantiation */
+PowerPCCPU *ppc4xx_init(const char *cpu_model,
+ clk_setup_t *cpu_clk, clk_setup_t *tb_clk,
+ uint32_t sysclk)
+{
+ PowerPCCPU *cpu;
+ CPUPPCState *env;
+
+ /* init CPUs */
+ cpu = cpu_ppc_init(cpu_model);
+ if (cpu == NULL) {
+ fprintf(stderr, "Unable to find PowerPC %s CPU definition\n",
+ cpu_model);
+ exit(1);
+ }
+ env = &cpu->env;
+
+ cpu_clk->cb = NULL; /* We don't care about CPU clock frequency changes */
+ cpu_clk->opaque = env;
+ /* Set time-base frequency to sysclk */
+ tb_clk->cb = ppc_40x_timers_init(env, sysclk, PPC_INTERRUPT_PIT);
+ tb_clk->opaque = env;
+ ppc_dcr_init(env, NULL, NULL);
+ /* Register qemu callbacks */
+ qemu_register_reset(ppc4xx_reset, cpu);
+
+ return cpu;
+}
+
+/*****************************************************************************/
+/* "Universal" Interrupt controller */
+enum {
+ DCR_UICSR = 0x000,
+ DCR_UICSRS = 0x001,
+ DCR_UICER = 0x002,
+ DCR_UICCR = 0x003,
+ DCR_UICPR = 0x004,
+ DCR_UICTR = 0x005,
+ DCR_UICMSR = 0x006,
+ DCR_UICVR = 0x007,
+ DCR_UICVCR = 0x008,
+ DCR_UICMAX = 0x009,
+};
+
+#define UIC_MAX_IRQ 32
+typedef struct ppcuic_t ppcuic_t;
+struct ppcuic_t {
+ uint32_t dcr_base;
+ int use_vectors;
+ uint32_t level; /* Remembers the state of level-triggered interrupts. */
+ uint32_t uicsr; /* Status register */
+ uint32_t uicer; /* Enable register */
+ uint32_t uiccr; /* Critical register */
+ uint32_t uicpr; /* Polarity register */
+ uint32_t uictr; /* Triggering register */
+ uint32_t uicvcr; /* Vector configuration register */
+ uint32_t uicvr;
+ qemu_irq *irqs;
+};
+
+static void ppcuic_trigger_irq (ppcuic_t *uic)
+{
+ uint32_t ir, cr;
+ int start, end, inc, i;
+
+ /* Trigger interrupt if any is pending */
+ ir = uic->uicsr & uic->uicer & (~uic->uiccr);
+ cr = uic->uicsr & uic->uicer & uic->uiccr;
+ LOG_UIC("%s: uicsr %08" PRIx32 " uicer %08" PRIx32
+ " uiccr %08" PRIx32 "\n"
+ " %08" PRIx32 " ir %08" PRIx32 " cr %08" PRIx32 "\n",
+ __func__, uic->uicsr, uic->uicer, uic->uiccr,
+ uic->uicsr & uic->uicer, ir, cr);
+ if (ir != 0x0000000) {
+ LOG_UIC("Raise UIC interrupt\n");
+ qemu_irq_raise(uic->irqs[PPCUIC_OUTPUT_INT]);
+ } else {
+ LOG_UIC("Lower UIC interrupt\n");
+ qemu_irq_lower(uic->irqs[PPCUIC_OUTPUT_INT]);
+ }
+ /* Trigger critical interrupt if any is pending and update vector */
+ if (cr != 0x0000000) {
+ qemu_irq_raise(uic->irqs[PPCUIC_OUTPUT_CINT]);
+ if (uic->use_vectors) {
+ /* Compute critical IRQ vector */
+ if (uic->uicvcr & 1) {
+ start = 31;
+ end = 0;
+ inc = -1;
+ } else {
+ start = 0;
+ end = 31;
+ inc = 1;
+ }
+ uic->uicvr = uic->uicvcr & 0xFFFFFFFC;
+ for (i = start; i <= end; i += inc) {
+ if (cr & (1 << i)) {
+ uic->uicvr += (i - start) * 512 * inc;
+ break;
+ }
+ }
+ }
+ LOG_UIC("Raise UIC critical interrupt - "
+ "vector %08" PRIx32 "\n", uic->uicvr);
+ } else {
+ LOG_UIC("Lower UIC critical interrupt\n");
+ qemu_irq_lower(uic->irqs[PPCUIC_OUTPUT_CINT]);
+ uic->uicvr = 0x00000000;
+ }
+}
+
+static void ppcuic_set_irq (void *opaque, int irq_num, int level)
+{
+ ppcuic_t *uic;
+ uint32_t mask, sr;
+
+ uic = opaque;
+ mask = 1 << (31-irq_num);
+ LOG_UIC("%s: irq %d level %d uicsr %08" PRIx32
+ " mask %08" PRIx32 " => %08" PRIx32 " %08" PRIx32 "\n",
+ __func__, irq_num, level,
+ uic->uicsr, mask, uic->uicsr & mask, level << irq_num);
+ if (irq_num < 0 || irq_num > 31)
+ return;
+ sr = uic->uicsr;
+
+ /* Update status register */
+ if (uic->uictr & mask) {
+ /* Edge sensitive interrupt */
+ if (level == 1)
+ uic->uicsr |= mask;
+ } else {
+ /* Level sensitive interrupt */
+ if (level == 1) {
+ uic->uicsr |= mask;
+ uic->level |= mask;
+ } else {
+ uic->uicsr &= ~mask;
+ uic->level &= ~mask;
+ }
+ }
+ LOG_UIC("%s: irq %d level %d sr %" PRIx32 " => "
+ "%08" PRIx32 "\n", __func__, irq_num, level, uic->uicsr, sr);
+ if (sr != uic->uicsr)
+ ppcuic_trigger_irq(uic);
+}
+
+static uint32_t dcr_read_uic (void *opaque, int dcrn)
+{
+ ppcuic_t *uic;
+ uint32_t ret;
+
+ uic = opaque;
+ dcrn -= uic->dcr_base;
+ switch (dcrn) {
+ case DCR_UICSR:
+ case DCR_UICSRS:
+ ret = uic->uicsr;
+ break;
+ case DCR_UICER:
+ ret = uic->uicer;
+ break;
+ case DCR_UICCR:
+ ret = uic->uiccr;
+ break;
+ case DCR_UICPR:
+ ret = uic->uicpr;
+ break;
+ case DCR_UICTR:
+ ret = uic->uictr;
+ break;
+ case DCR_UICMSR:
+ ret = uic->uicsr & uic->uicer;
+ break;
+ case DCR_UICVR:
+ if (!uic->use_vectors)
+ goto no_read;
+ ret = uic->uicvr;
+ break;
+ case DCR_UICVCR:
+ if (!uic->use_vectors)
+ goto no_read;
+ ret = uic->uicvcr;
+ break;
+ default:
+ no_read:
+ ret = 0x00000000;
+ break;
+ }
+
+ return ret;
+}
+
+static void dcr_write_uic (void *opaque, int dcrn, uint32_t val)
+{
+ ppcuic_t *uic;
+
+ uic = opaque;
+ dcrn -= uic->dcr_base;
+ LOG_UIC("%s: dcr %d val 0x%x\n", __func__, dcrn, val);
+ switch (dcrn) {
+ case DCR_UICSR:
+ uic->uicsr &= ~val;
+ uic->uicsr |= uic->level;
+ ppcuic_trigger_irq(uic);
+ break;
+ case DCR_UICSRS:
+ uic->uicsr |= val;
+ ppcuic_trigger_irq(uic);
+ break;
+ case DCR_UICER:
+ uic->uicer = val;
+ ppcuic_trigger_irq(uic);
+ break;
+ case DCR_UICCR:
+ uic->uiccr = val;
+ ppcuic_trigger_irq(uic);
+ break;
+ case DCR_UICPR:
+ uic->uicpr = val;
+ break;
+ case DCR_UICTR:
+ uic->uictr = val;
+ ppcuic_trigger_irq(uic);
+ break;
+ case DCR_UICMSR:
+ break;
+ case DCR_UICVR:
+ break;
+ case DCR_UICVCR:
+ uic->uicvcr = val & 0xFFFFFFFD;
+ ppcuic_trigger_irq(uic);
+ break;
+ }
+}
+
+static void ppcuic_reset (void *opaque)
+{
+ ppcuic_t *uic;
+
+ uic = opaque;
+ uic->uiccr = 0x00000000;
+ uic->uicer = 0x00000000;
+ uic->uicpr = 0x00000000;
+ uic->uicsr = 0x00000000;
+ uic->uictr = 0x00000000;
+ if (uic->use_vectors) {
+ uic->uicvcr = 0x00000000;
+ uic->uicvr = 0x0000000;
+ }
+}
+
+qemu_irq *ppcuic_init (CPUPPCState *env, qemu_irq *irqs,
+ uint32_t dcr_base, int has_ssr, int has_vr)
+{
+ ppcuic_t *uic;
+ int i;
+
+ uic = g_malloc0(sizeof(ppcuic_t));
+ uic->dcr_base = dcr_base;
+ uic->irqs = irqs;
+ if (has_vr)
+ uic->use_vectors = 1;
+ for (i = 0; i < DCR_UICMAX; i++) {
+ ppc_dcr_register(env, dcr_base + i, uic,
+ &dcr_read_uic, &dcr_write_uic);
+ }
+ qemu_register_reset(ppcuic_reset, uic);
+
+ return qemu_allocate_irqs(&ppcuic_set_irq, uic, UIC_MAX_IRQ);
+}
+
+/*****************************************************************************/
+/* SDRAM controller */
+typedef struct ppc4xx_sdram_t ppc4xx_sdram_t;
+struct ppc4xx_sdram_t {
+ uint32_t addr;
+ int nbanks;
+ MemoryRegion containers[4]; /* used for clipping */
+ MemoryRegion *ram_memories;
+ hwaddr ram_bases[4];
+ hwaddr ram_sizes[4];
+ uint32_t besr0;
+ uint32_t besr1;
+ uint32_t bear;
+ uint32_t cfg;
+ uint32_t status;
+ uint32_t rtr;
+ uint32_t pmit;
+ uint32_t bcr[4];
+ uint32_t tr;
+ uint32_t ecccfg;
+ uint32_t eccesr;
+ qemu_irq irq;
+};
+
+enum {
+ SDRAM0_CFGADDR = 0x010,
+ SDRAM0_CFGDATA = 0x011,
+};
+
+/* XXX: TOFIX: some patches have made this code become inconsistent:
+ * there are type inconsistencies, mixing hwaddr, target_ulong
+ * and uint32_t
+ */
+static uint32_t sdram_bcr (hwaddr ram_base,
+ hwaddr ram_size)
+{
+ uint32_t bcr;
+
+ switch (ram_size) {
+ case (4 * 1024 * 1024):
+ bcr = 0x00000000;
+ break;
+ case (8 * 1024 * 1024):
+ bcr = 0x00020000;
+ break;
+ case (16 * 1024 * 1024):
+ bcr = 0x00040000;
+ break;
+ case (32 * 1024 * 1024):
+ bcr = 0x00060000;
+ break;
+ case (64 * 1024 * 1024):
+ bcr = 0x00080000;
+ break;
+ case (128 * 1024 * 1024):
+ bcr = 0x000A0000;
+ break;
+ case (256 * 1024 * 1024):
+ bcr = 0x000C0000;
+ break;
+ default:
+ printf("%s: invalid RAM size " TARGET_FMT_plx "\n", __func__,
+ ram_size);
+ return 0x00000000;
+ }
+ bcr |= ram_base & 0xFF800000;
+ bcr |= 1;
+
+ return bcr;
+}
+
+static inline hwaddr sdram_base(uint32_t bcr)
+{
+ return bcr & 0xFF800000;
+}
+
+static target_ulong sdram_size (uint32_t bcr)
+{
+ target_ulong size;
+ int sh;
+
+ sh = (bcr >> 17) & 0x7;
+ if (sh == 7)
+ size = -1;
+ else
+ size = (4 * 1024 * 1024) << sh;
+
+ return size;
+}
+
+static void sdram_set_bcr(ppc4xx_sdram_t *sdram,
+ uint32_t *bcrp, uint32_t bcr, int enabled)
+{
+ unsigned n = bcrp - sdram->bcr;
+
+ if (*bcrp & 0x00000001) {
+ /* Unmap RAM */
+#ifdef DEBUG_SDRAM
+ printf("%s: unmap RAM area " TARGET_FMT_plx " " TARGET_FMT_lx "\n",
+ __func__, sdram_base(*bcrp), sdram_size(*bcrp));
+#endif
+ memory_region_del_subregion(get_system_memory(),
+ &sdram->containers[n]);
+ memory_region_del_subregion(&sdram->containers[n],
+ &sdram->ram_memories[n]);
+ memory_region_destroy(&sdram->containers[n]);
+ }
+ *bcrp = bcr & 0xFFDEE001;
+ if (enabled && (bcr & 0x00000001)) {
+#ifdef DEBUG_SDRAM
+ printf("%s: Map RAM area " TARGET_FMT_plx " " TARGET_FMT_lx "\n",
+ __func__, sdram_base(bcr), sdram_size(bcr));
+#endif
+ memory_region_init(&sdram->containers[n], NULL, "sdram-containers",
+ sdram_size(bcr));
+ memory_region_add_subregion(&sdram->containers[n], 0,
+ &sdram->ram_memories[n]);
+ memory_region_add_subregion(get_system_memory(),
+ sdram_base(bcr),
+ &sdram->containers[n]);
+ }
+}
+
+static void sdram_map_bcr (ppc4xx_sdram_t *sdram)
+{
+ int i;
+
+ for (i = 0; i < sdram->nbanks; i++) {
+ if (sdram->ram_sizes[i] != 0) {
+ sdram_set_bcr(sdram,
+ &sdram->bcr[i],
+ sdram_bcr(sdram->ram_bases[i], sdram->ram_sizes[i]),
+ 1);
+ } else {
+ sdram_set_bcr(sdram, &sdram->bcr[i], 0x00000000, 0);
+ }
+ }
+}
+
+static void sdram_unmap_bcr (ppc4xx_sdram_t *sdram)
+{
+ int i;
+
+ for (i = 0; i < sdram->nbanks; i++) {
+#ifdef DEBUG_SDRAM
+ printf("%s: Unmap RAM area " TARGET_FMT_plx " " TARGET_FMT_lx "\n",
+ __func__, sdram_base(sdram->bcr[i]), sdram_size(sdram->bcr[i]));
+#endif
+ memory_region_del_subregion(get_system_memory(),
+ &sdram->ram_memories[i]);
+ }
+}
+
+static uint32_t dcr_read_sdram (void *opaque, int dcrn)
+{
+ ppc4xx_sdram_t *sdram;
+ uint32_t ret;
+
+ sdram = opaque;
+ switch (dcrn) {
+ case SDRAM0_CFGADDR:
+ ret = sdram->addr;
+ break;
+ case SDRAM0_CFGDATA:
+ switch (sdram->addr) {
+ case 0x00: /* SDRAM_BESR0 */
+ ret = sdram->besr0;
+ break;
+ case 0x08: /* SDRAM_BESR1 */
+ ret = sdram->besr1;
+ break;
+ case 0x10: /* SDRAM_BEAR */
+ ret = sdram->bear;
+ break;
+ case 0x20: /* SDRAM_CFG */
+ ret = sdram->cfg;
+ break;
+ case 0x24: /* SDRAM_STATUS */
+ ret = sdram->status;
+ break;
+ case 0x30: /* SDRAM_RTR */
+ ret = sdram->rtr;
+ break;
+ case 0x34: /* SDRAM_PMIT */
+ ret = sdram->pmit;
+ break;
+ case 0x40: /* SDRAM_B0CR */
+ ret = sdram->bcr[0];
+ break;
+ case 0x44: /* SDRAM_B1CR */
+ ret = sdram->bcr[1];
+ break;
+ case 0x48: /* SDRAM_B2CR */
+ ret = sdram->bcr[2];
+ break;
+ case 0x4C: /* SDRAM_B3CR */
+ ret = sdram->bcr[3];
+ break;
+ case 0x80: /* SDRAM_TR */
+ ret = -1; /* ? */
+ break;
+ case 0x94: /* SDRAM_ECCCFG */
+ ret = sdram->ecccfg;
+ break;
+ case 0x98: /* SDRAM_ECCESR */
+ ret = sdram->eccesr;
+ break;
+ default: /* Error */
+ ret = -1;
+ break;
+ }
+ break;
+ default:
+ /* Avoid gcc warning */
+ ret = 0x00000000;
+ break;
+ }
+
+ return ret;
+}
+
+static void dcr_write_sdram (void *opaque, int dcrn, uint32_t val)
+{
+ ppc4xx_sdram_t *sdram;
+
+ sdram = opaque;
+ switch (dcrn) {
+ case SDRAM0_CFGADDR:
+ sdram->addr = val;
+ break;
+ case SDRAM0_CFGDATA:
+ switch (sdram->addr) {
+ case 0x00: /* SDRAM_BESR0 */
+ sdram->besr0 &= ~val;
+ break;
+ case 0x08: /* SDRAM_BESR1 */
+ sdram->besr1 &= ~val;
+ break;
+ case 0x10: /* SDRAM_BEAR */
+ sdram->bear = val;
+ break;
+ case 0x20: /* SDRAM_CFG */
+ val &= 0xFFE00000;
+ if (!(sdram->cfg & 0x80000000) && (val & 0x80000000)) {
+#ifdef DEBUG_SDRAM
+ printf("%s: enable SDRAM controller\n", __func__);
+#endif
+ /* validate all RAM mappings */
+ sdram_map_bcr(sdram);
+ sdram->status &= ~0x80000000;
+ } else if ((sdram->cfg & 0x80000000) && !(val & 0x80000000)) {
+#ifdef DEBUG_SDRAM
+ printf("%s: disable SDRAM controller\n", __func__);
+#endif
+ /* invalidate all RAM mappings */
+ sdram_unmap_bcr(sdram);
+ sdram->status |= 0x80000000;
+ }
+ if (!(sdram->cfg & 0x40000000) && (val & 0x40000000))
+ sdram->status |= 0x40000000;
+ else if ((sdram->cfg & 0x40000000) && !(val & 0x40000000))
+ sdram->status &= ~0x40000000;
+ sdram->cfg = val;
+ break;
+ case 0x24: /* SDRAM_STATUS */
+ /* Read-only register */
+ break;
+ case 0x30: /* SDRAM_RTR */
+ sdram->rtr = val & 0x3FF80000;
+ break;
+ case 0x34: /* SDRAM_PMIT */
+ sdram->pmit = (val & 0xF8000000) | 0x07C00000;
+ break;
+ case 0x40: /* SDRAM_B0CR */
+ sdram_set_bcr(sdram, &sdram->bcr[0], val, sdram->cfg & 0x80000000);
+ break;
+ case 0x44: /* SDRAM_B1CR */
+ sdram_set_bcr(sdram, &sdram->bcr[1], val, sdram->cfg & 0x80000000);
+ break;
+ case 0x48: /* SDRAM_B2CR */
+ sdram_set_bcr(sdram, &sdram->bcr[2], val, sdram->cfg & 0x80000000);
+ break;
+ case 0x4C: /* SDRAM_B3CR */
+ sdram_set_bcr(sdram, &sdram->bcr[3], val, sdram->cfg & 0x80000000);
+ break;
+ case 0x80: /* SDRAM_TR */
+ sdram->tr = val & 0x018FC01F;
+ break;
+ case 0x94: /* SDRAM_ECCCFG */
+ sdram->ecccfg = val & 0x00F00000;
+ break;
+ case 0x98: /* SDRAM_ECCESR */
+ val &= 0xFFF0F000;
+ if (sdram->eccesr == 0 && val != 0)
+ qemu_irq_raise(sdram->irq);
+ else if (sdram->eccesr != 0 && val == 0)
+ qemu_irq_lower(sdram->irq);
+ sdram->eccesr = val;
+ break;
+ default: /* Error */
+ break;
+ }
+ break;
+ }
+}
+
+static void sdram_reset (void *opaque)
+{
+ ppc4xx_sdram_t *sdram;
+
+ sdram = opaque;
+ sdram->addr = 0x00000000;
+ sdram->bear = 0x00000000;
+ sdram->besr0 = 0x00000000; /* No error */
+ sdram->besr1 = 0x00000000; /* No error */
+ sdram->cfg = 0x00000000;
+ sdram->ecccfg = 0x00000000; /* No ECC */
+ sdram->eccesr = 0x00000000; /* No error */
+ sdram->pmit = 0x07C00000;
+ sdram->rtr = 0x05F00000;
+ sdram->tr = 0x00854009;
+ /* We pre-initialize RAM banks */
+ sdram->status = 0x00000000;
+ sdram->cfg = 0x00800000;
+}
+
+void ppc4xx_sdram_init (CPUPPCState *env, qemu_irq irq, int nbanks,
+ MemoryRegion *ram_memories,
+ hwaddr *ram_bases,
+ hwaddr *ram_sizes,
+ int do_init)
+{
+ ppc4xx_sdram_t *sdram;
+
+ sdram = g_malloc0(sizeof(ppc4xx_sdram_t));
+ sdram->irq = irq;
+ sdram->nbanks = nbanks;
+ sdram->ram_memories = ram_memories;
+ memset(sdram->ram_bases, 0, 4 * sizeof(hwaddr));
+ memcpy(sdram->ram_bases, ram_bases,
+ nbanks * sizeof(hwaddr));
+ memset(sdram->ram_sizes, 0, 4 * sizeof(hwaddr));
+ memcpy(sdram->ram_sizes, ram_sizes,
+ nbanks * sizeof(hwaddr));
+ qemu_register_reset(&sdram_reset, sdram);
+ ppc_dcr_register(env, SDRAM0_CFGADDR,
+ sdram, &dcr_read_sdram, &dcr_write_sdram);
+ ppc_dcr_register(env, SDRAM0_CFGDATA,
+ sdram, &dcr_read_sdram, &dcr_write_sdram);
+ if (do_init)
+ sdram_map_bcr(sdram);
+}
+
+/* Fill in consecutive SDRAM banks with 'ram_size' bytes of memory.
+ *
+ * sdram_bank_sizes[] must be 0-terminated.
+ *
+ * The 4xx SDRAM controller supports a small number of banks, and each bank
+ * must be one of a small set of sizes. The number of banks and the supported
+ * sizes varies by SoC. */
+ram_addr_t ppc4xx_sdram_adjust(ram_addr_t ram_size, int nr_banks,
+ MemoryRegion ram_memories[],
+ hwaddr ram_bases[],
+ hwaddr ram_sizes[],
+ const unsigned int sdram_bank_sizes[])
+{
+ ram_addr_t size_left = ram_size;
+ ram_addr_t base = 0;
+ int i;
+ int j;
+
+ for (i = 0; i < nr_banks; i++) {
+ for (j = 0; sdram_bank_sizes[j] != 0; j++) {
+ unsigned int bank_size = sdram_bank_sizes[j];
+
+ if (bank_size <= size_left) {
+ char name[32];
+ snprintf(name, sizeof(name), "ppc4xx.sdram%d", i);
+ memory_region_init_ram(&ram_memories[i], NULL, name, bank_size);
+ vmstate_register_ram_global(&ram_memories[i]);
+ ram_bases[i] = base;
+ ram_sizes[i] = bank_size;
+ base += bank_size;
+ size_left -= bank_size;
+ break;
+ }
+ }
+
+ if (!size_left) {
+ /* No need to use the remaining banks. */
+ break;
+ }
+ }
+
+ ram_size -= size_left;
+ if (size_left)
+ printf("Truncating memory to %d MiB to fit SDRAM controller limits.\n",
+ (int)(ram_size >> 20));
+
+ return ram_size;
+}
diff --git a/hw/ppc/ppc4xx_pci.c b/hw/ppc/ppc4xx_pci.c
new file mode 100644
index 000000000..d2d6f65e6
--- /dev/null
+++ b/hw/ppc/ppc4xx_pci.c
@@ -0,0 +1,414 @@
+/*
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License, version 2, as
+ * published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ *
+ * Copyright IBM Corp. 2008
+ *
+ * Authors: Hollis Blanchard <hollisb@us.ibm.com>
+ */
+
+/* This file implements emulation of the 32-bit PCI controller found in some
+ * 4xx SoCs, such as the 440EP. */
+
+#include "hw/hw.h"
+#include "hw/ppc/ppc.h"
+#include "hw/ppc/ppc4xx.h"
+#include "hw/pci/pci.h"
+#include "hw/pci/pci_host.h"
+#include "exec/address-spaces.h"
+
+#undef DEBUG
+#ifdef DEBUG
+#define DPRINTF(fmt, ...) do { printf(fmt, ## __VA_ARGS__); } while (0)
+#else
+#define DPRINTF(fmt, ...)
+#endif /* DEBUG */
+
+struct PCIMasterMap {
+ uint32_t la;
+ uint32_t ma;
+ uint32_t pcila;
+ uint32_t pciha;
+};
+
+struct PCITargetMap {
+ uint32_t ms;
+ uint32_t la;
+};
+
+#define PPC4xx_PCI_HOST_BRIDGE(obj) \
+ OBJECT_CHECK(PPC4xxPCIState, (obj), TYPE_PPC4xx_PCI_HOST_BRIDGE)
+
+#define PPC4xx_PCI_NR_PMMS 3
+#define PPC4xx_PCI_NR_PTMS 2
+
+struct PPC4xxPCIState {
+ PCIHostState parent_obj;
+
+ struct PCIMasterMap pmm[PPC4xx_PCI_NR_PMMS];
+ struct PCITargetMap ptm[PPC4xx_PCI_NR_PTMS];
+ qemu_irq irq[4];
+
+ MemoryRegion container;
+ MemoryRegion iomem;
+};
+typedef struct PPC4xxPCIState PPC4xxPCIState;
+
+#define PCIC0_CFGADDR 0x0
+#define PCIC0_CFGDATA 0x4
+
+/* PLB Memory Map (PMM) registers specify which PLB addresses are translated to
+ * PCI accesses. */
+#define PCIL0_PMM0LA 0x0
+#define PCIL0_PMM0MA 0x4
+#define PCIL0_PMM0PCILA 0x8
+#define PCIL0_PMM0PCIHA 0xc
+#define PCIL0_PMM1LA 0x10
+#define PCIL0_PMM1MA 0x14
+#define PCIL0_PMM1PCILA 0x18
+#define PCIL0_PMM1PCIHA 0x1c
+#define PCIL0_PMM2LA 0x20
+#define PCIL0_PMM2MA 0x24
+#define PCIL0_PMM2PCILA 0x28
+#define PCIL0_PMM2PCIHA 0x2c
+
+/* PCI Target Map (PTM) registers specify which PCI addresses are translated to
+ * PLB accesses. */
+#define PCIL0_PTM1MS 0x30
+#define PCIL0_PTM1LA 0x34
+#define PCIL0_PTM2MS 0x38
+#define PCIL0_PTM2LA 0x3c
+#define PCI_REG_BASE 0x800000
+#define PCI_REG_SIZE 0x40
+
+#define PCI_ALL_SIZE (PCI_REG_BASE + PCI_REG_SIZE)
+
+static uint64_t pci4xx_cfgaddr_read(void *opaque, hwaddr addr,
+ unsigned size)
+{
+ PPC4xxPCIState *ppc4xx_pci = opaque;
+ PCIHostState *phb = PCI_HOST_BRIDGE(ppc4xx_pci);
+
+ return phb->config_reg;
+}
+
+static void pci4xx_cfgaddr_write(void *opaque, hwaddr addr,
+ uint64_t value, unsigned size)
+{
+ PPC4xxPCIState *ppc4xx_pci = opaque;
+ PCIHostState *phb = PCI_HOST_BRIDGE(ppc4xx_pci);
+
+ phb->config_reg = value & ~0x3;
+}
+
+static const MemoryRegionOps pci4xx_cfgaddr_ops = {
+ .read = pci4xx_cfgaddr_read,
+ .write = pci4xx_cfgaddr_write,
+ .endianness = DEVICE_LITTLE_ENDIAN,
+};
+
+static void ppc4xx_pci_reg_write4(void *opaque, hwaddr offset,
+ uint64_t value, unsigned size)
+{
+ struct PPC4xxPCIState *pci = opaque;
+
+ /* We ignore all target attempts at PCI configuration, effectively
+ * assuming a bidirectional 1:1 mapping of PLB and PCI space. */
+
+ switch (offset) {
+ case PCIL0_PMM0LA:
+ pci->pmm[0].la = value;
+ break;
+ case PCIL0_PMM0MA:
+ pci->pmm[0].ma = value;
+ break;
+ case PCIL0_PMM0PCIHA:
+ pci->pmm[0].pciha = value;
+ break;
+ case PCIL0_PMM0PCILA:
+ pci->pmm[0].pcila = value;
+ break;
+
+ case PCIL0_PMM1LA:
+ pci->pmm[1].la = value;
+ break;
+ case PCIL0_PMM1MA:
+ pci->pmm[1].ma = value;
+ break;
+ case PCIL0_PMM1PCIHA:
+ pci->pmm[1].pciha = value;
+ break;
+ case PCIL0_PMM1PCILA:
+ pci->pmm[1].pcila = value;
+ break;
+
+ case PCIL0_PMM2LA:
+ pci->pmm[2].la = value;
+ break;
+ case PCIL0_PMM2MA:
+ pci->pmm[2].ma = value;
+ break;
+ case PCIL0_PMM2PCIHA:
+ pci->pmm[2].pciha = value;
+ break;
+ case PCIL0_PMM2PCILA:
+ pci->pmm[2].pcila = value;
+ break;
+
+ case PCIL0_PTM1MS:
+ pci->ptm[0].ms = value;
+ break;
+ case PCIL0_PTM1LA:
+ pci->ptm[0].la = value;
+ break;
+ case PCIL0_PTM2MS:
+ pci->ptm[1].ms = value;
+ break;
+ case PCIL0_PTM2LA:
+ pci->ptm[1].la = value;
+ break;
+
+ default:
+ printf("%s: unhandled PCI internal register 0x%lx\n", __func__,
+ (unsigned long)offset);
+ break;
+ }
+}
+
+static uint64_t ppc4xx_pci_reg_read4(void *opaque, hwaddr offset,
+ unsigned size)
+{
+ struct PPC4xxPCIState *pci = opaque;
+ uint32_t value;
+
+ switch (offset) {
+ case PCIL0_PMM0LA:
+ value = pci->pmm[0].la;
+ break;
+ case PCIL0_PMM0MA:
+ value = pci->pmm[0].ma;
+ break;
+ case PCIL0_PMM0PCIHA:
+ value = pci->pmm[0].pciha;
+ break;
+ case PCIL0_PMM0PCILA:
+ value = pci->pmm[0].pcila;
+ break;
+
+ case PCIL0_PMM1LA:
+ value = pci->pmm[1].la;
+ break;
+ case PCIL0_PMM1MA:
+ value = pci->pmm[1].ma;
+ break;
+ case PCIL0_PMM1PCIHA:
+ value = pci->pmm[1].pciha;
+ break;
+ case PCIL0_PMM1PCILA:
+ value = pci->pmm[1].pcila;
+ break;
+
+ case PCIL0_PMM2LA:
+ value = pci->pmm[2].la;
+ break;
+ case PCIL0_PMM2MA:
+ value = pci->pmm[2].ma;
+ break;
+ case PCIL0_PMM2PCIHA:
+ value = pci->pmm[2].pciha;
+ break;
+ case PCIL0_PMM2PCILA:
+ value = pci->pmm[2].pcila;
+ break;
+
+ case PCIL0_PTM1MS:
+ value = pci->ptm[0].ms;
+ break;
+ case PCIL0_PTM1LA:
+ value = pci->ptm[0].la;
+ break;
+ case PCIL0_PTM2MS:
+ value = pci->ptm[1].ms;
+ break;
+ case PCIL0_PTM2LA:
+ value = pci->ptm[1].la;
+ break;
+
+ default:
+ printf("%s: invalid PCI internal register 0x%lx\n", __func__,
+ (unsigned long)offset);
+ value = 0;
+ }
+
+ return value;
+}
+
+static const MemoryRegionOps pci_reg_ops = {
+ .read = ppc4xx_pci_reg_read4,
+ .write = ppc4xx_pci_reg_write4,
+ .endianness = DEVICE_LITTLE_ENDIAN,
+};
+
+static void ppc4xx_pci_reset(void *opaque)
+{
+ struct PPC4xxPCIState *pci = opaque;
+
+ memset(pci->pmm, 0, sizeof(pci->pmm));
+ memset(pci->ptm, 0, sizeof(pci->ptm));
+}
+
+/* On Bamboo, all pins from each slot are tied to a single board IRQ. This
+ * may need further refactoring for other boards. */
+static int ppc4xx_pci_map_irq(PCIDevice *pci_dev, int irq_num)
+{
+ int slot = pci_dev->devfn >> 3;
+
+ DPRINTF("%s: devfn %x irq %d -> %d\n", __func__,
+ pci_dev->devfn, irq_num, slot);
+
+ return slot - 1;
+}
+
+static void ppc4xx_pci_set_irq(void *opaque, int irq_num, int level)
+{
+ qemu_irq *pci_irqs = opaque;
+
+ DPRINTF("%s: PCI irq %d\n", __func__, irq_num);
+ if (irq_num < 0) {
+ fprintf(stderr, "%s: PCI irq %d\n", __func__, irq_num);
+ return;
+ }
+ qemu_set_irq(pci_irqs[irq_num], level);
+}
+
+static const VMStateDescription vmstate_pci_master_map = {
+ .name = "pci_master_map",
+ .version_id = 0,
+ .minimum_version_id = 0,
+ .minimum_version_id_old = 0,
+ .fields = (VMStateField[]) {
+ VMSTATE_UINT32(la, struct PCIMasterMap),
+ VMSTATE_UINT32(ma, struct PCIMasterMap),
+ VMSTATE_UINT32(pcila, struct PCIMasterMap),
+ VMSTATE_UINT32(pciha, struct PCIMasterMap),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+static const VMStateDescription vmstate_pci_target_map = {
+ .name = "pci_target_map",
+ .version_id = 0,
+ .minimum_version_id = 0,
+ .minimum_version_id_old = 0,
+ .fields = (VMStateField[]) {
+ VMSTATE_UINT32(ms, struct PCITargetMap),
+ VMSTATE_UINT32(la, struct PCITargetMap),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+static const VMStateDescription vmstate_ppc4xx_pci = {
+ .name = "ppc4xx_pci",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .minimum_version_id_old = 1,
+ .fields = (VMStateField[]) {
+ VMSTATE_STRUCT_ARRAY(pmm, PPC4xxPCIState, PPC4xx_PCI_NR_PMMS, 1,
+ vmstate_pci_master_map,
+ struct PCIMasterMap),
+ VMSTATE_STRUCT_ARRAY(ptm, PPC4xxPCIState, PPC4xx_PCI_NR_PTMS, 1,
+ vmstate_pci_target_map,
+ struct PCITargetMap),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+/* XXX Interrupt acknowledge cycles not supported. */
+static int ppc4xx_pcihost_initfn(SysBusDevice *dev)
+{
+ PPC4xxPCIState *s;
+ PCIHostState *h;
+ PCIBus *b;
+ int i;
+
+ h = PCI_HOST_BRIDGE(dev);
+ s = PPC4xx_PCI_HOST_BRIDGE(dev);
+
+ for (i = 0; i < ARRAY_SIZE(s->irq); i++) {
+ sysbus_init_irq(dev, &s->irq[i]);
+ }
+
+ b = pci_register_bus(DEVICE(dev), NULL, ppc4xx_pci_set_irq,
+ ppc4xx_pci_map_irq, s->irq, get_system_memory(),
+ get_system_io(), 0, 4, TYPE_PCI_BUS);
+ h->bus = b;
+
+ pci_create_simple(b, 0, "ppc4xx-host-bridge");
+
+ /* XXX split into 2 memory regions, one for config space, one for regs */
+ memory_region_init(&s->container, OBJECT(s), "pci-container", PCI_ALL_SIZE);
+ memory_region_init_io(&h->conf_mem, OBJECT(s), &pci_host_conf_le_ops, h,
+ "pci-conf-idx", 4);
+ memory_region_init_io(&h->data_mem, OBJECT(s), &pci_host_data_le_ops, h,
+ "pci-conf-data", 4);
+ memory_region_init_io(&s->iomem, OBJECT(s), &pci_reg_ops, s,
+ "pci.reg", PCI_REG_SIZE);
+ memory_region_add_subregion(&s->container, PCIC0_CFGADDR, &h->conf_mem);
+ memory_region_add_subregion(&s->container, PCIC0_CFGDATA, &h->data_mem);
+ memory_region_add_subregion(&s->container, PCI_REG_BASE, &s->iomem);
+ sysbus_init_mmio(dev, &s->container);
+ qemu_register_reset(ppc4xx_pci_reset, s);
+
+ return 0;
+}
+
+static void ppc4xx_host_bridge_class_init(ObjectClass *klass, void *data)
+{
+ PCIDeviceClass *k = PCI_DEVICE_CLASS(klass);
+ DeviceClass *dc = DEVICE_CLASS(klass);
+
+ dc->desc = "Host bridge";
+ k->vendor_id = PCI_VENDOR_ID_IBM;
+ k->device_id = PCI_DEVICE_ID_IBM_440GX;
+ k->class_id = PCI_CLASS_BRIDGE_OTHER;
+}
+
+static const TypeInfo ppc4xx_host_bridge_info = {
+ .name = "ppc4xx-host-bridge",
+ .parent = TYPE_PCI_DEVICE,
+ .instance_size = sizeof(PCIDevice),
+ .class_init = ppc4xx_host_bridge_class_init,
+};
+
+static void ppc4xx_pcihost_class_init(ObjectClass *klass, void *data)
+{
+ SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
+ DeviceClass *dc = DEVICE_CLASS(klass);
+
+ k->init = ppc4xx_pcihost_initfn;
+ dc->vmsd = &vmstate_ppc4xx_pci;
+}
+
+static const TypeInfo ppc4xx_pcihost_info = {
+ .name = TYPE_PPC4xx_PCI_HOST_BRIDGE,
+ .parent = TYPE_PCI_HOST_BRIDGE,
+ .instance_size = sizeof(PPC4xxPCIState),
+ .class_init = ppc4xx_pcihost_class_init,
+};
+
+static void ppc4xx_pci_register_types(void)
+{
+ type_register_static(&ppc4xx_pcihost_info);
+ type_register_static(&ppc4xx_host_bridge_info);
+}
+
+type_init(ppc4xx_pci_register_types)
diff --git a/hw/ppc/ppc_booke.c b/hw/ppc/ppc_booke.c
new file mode 100644
index 000000000..000c27f2e
--- /dev/null
+++ b/hw/ppc/ppc_booke.c
@@ -0,0 +1,326 @@
+/*
+ * QEMU PowerPC Booke hardware System Emulator
+ *
+ * Copyright (c) 2011 AdaCore
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+#include "hw/hw.h"
+#include "hw/ppc/ppc.h"
+#include "qemu/timer.h"
+#include "sysemu/sysemu.h"
+#include "hw/timer/m48t59.h"
+#include "qemu/log.h"
+#include "hw/loader.h"
+#include "kvm_ppc.h"
+
+
+/* Timer Control Register */
+
+#define TCR_WP_SHIFT 30 /* Watchdog Timer Period */
+#define TCR_WP_MASK (0x3 << TCR_WP_SHIFT)
+#define TCR_WRC_SHIFT 28 /* Watchdog Timer Reset Control */
+#define TCR_WRC_MASK (0x3 << TCR_WRC_SHIFT)
+#define TCR_WIE (1 << 27) /* Watchdog Timer Interrupt Enable */
+#define TCR_DIE (1 << 26) /* Decrementer Interrupt Enable */
+#define TCR_FP_SHIFT 24 /* Fixed-Interval Timer Period */
+#define TCR_FP_MASK (0x3 << TCR_FP_SHIFT)
+#define TCR_FIE (1 << 23) /* Fixed-Interval Timer Interrupt Enable */
+#define TCR_ARE (1 << 22) /* Auto-Reload Enable */
+
+/* Timer Control Register (e500 specific fields) */
+
+#define TCR_E500_FPEXT_SHIFT 13 /* Fixed-Interval Timer Period Extension */
+#define TCR_E500_FPEXT_MASK (0xf << TCR_E500_FPEXT_SHIFT)
+#define TCR_E500_WPEXT_SHIFT 17 /* Watchdog Timer Period Extension */
+#define TCR_E500_WPEXT_MASK (0xf << TCR_E500_WPEXT_SHIFT)
+
+/* Timer Status Register */
+
+#define TSR_FIS (1 << 26) /* Fixed-Interval Timer Interrupt Status */
+#define TSR_DIS (1 << 27) /* Decrementer Interrupt Status */
+#define TSR_WRS_SHIFT 28 /* Watchdog Timer Reset Status */
+#define TSR_WRS_MASK (0x3 << TSR_WRS_SHIFT)
+#define TSR_WIS (1 << 30) /* Watchdog Timer Interrupt Status */
+#define TSR_ENW (1 << 31) /* Enable Next Watchdog Timer */
+
+typedef struct booke_timer_t booke_timer_t;
+struct booke_timer_t {
+
+ uint64_t fit_next;
+ struct QEMUTimer *fit_timer;
+
+ uint64_t wdt_next;
+ struct QEMUTimer *wdt_timer;
+
+ uint32_t flags;
+};
+
+static void booke_update_irq(PowerPCCPU *cpu)
+{
+ CPUPPCState *env = &cpu->env;
+
+ ppc_set_irq(cpu, PPC_INTERRUPT_DECR,
+ (env->spr[SPR_BOOKE_TSR] & TSR_DIS
+ && env->spr[SPR_BOOKE_TCR] & TCR_DIE));
+
+ ppc_set_irq(cpu, PPC_INTERRUPT_WDT,
+ (env->spr[SPR_BOOKE_TSR] & TSR_WIS
+ && env->spr[SPR_BOOKE_TCR] & TCR_WIE));
+
+ ppc_set_irq(cpu, PPC_INTERRUPT_FIT,
+ (env->spr[SPR_BOOKE_TSR] & TSR_FIS
+ && env->spr[SPR_BOOKE_TCR] & TCR_FIE));
+}
+
+/* Return the location of the bit of time base at which the FIT will raise an
+ interrupt */
+static uint8_t booke_get_fit_target(CPUPPCState *env, ppc_tb_t *tb_env)
+{
+ uint8_t fp = (env->spr[SPR_BOOKE_TCR] & TCR_FP_MASK) >> TCR_FP_SHIFT;
+
+ if (tb_env->flags & PPC_TIMER_E500) {
+ /* e500 Fixed-interval timer period extension */
+ uint32_t fpext = (env->spr[SPR_BOOKE_TCR] & TCR_E500_FPEXT_MASK)
+ >> TCR_E500_FPEXT_SHIFT;
+ fp = 63 - (fp | fpext << 2);
+ } else {
+ fp = env->fit_period[fp];
+ }
+
+ return fp;
+}
+
+/* Return the location of the bit of time base at which the WDT will raise an
+ interrupt */
+static uint8_t booke_get_wdt_target(CPUPPCState *env, ppc_tb_t *tb_env)
+{
+ uint8_t wp = (env->spr[SPR_BOOKE_TCR] & TCR_WP_MASK) >> TCR_WP_SHIFT;
+
+ if (tb_env->flags & PPC_TIMER_E500) {
+ /* e500 Watchdog timer period extension */
+ uint32_t wpext = (env->spr[SPR_BOOKE_TCR] & TCR_E500_WPEXT_MASK)
+ >> TCR_E500_WPEXT_SHIFT;
+ wp = 63 - (wp | wpext << 2);
+ } else {
+ wp = env->wdt_period[wp];
+ }
+
+ return wp;
+}
+
+static void booke_update_fixed_timer(CPUPPCState *env,
+ uint8_t target_bit,
+ uint64_t *next,
+ struct QEMUTimer *timer)
+{
+ ppc_tb_t *tb_env = env->tb_env;
+ uint64_t delta_tick, ticks = 0;
+ uint64_t tb;
+ uint64_t period;
+ uint64_t now;
+
+ now = qemu_get_clock_ns(vm_clock);
+ tb = cpu_ppc_get_tb(tb_env, now, tb_env->tb_offset);
+ period = 1ULL << target_bit;
+ delta_tick = period - (tb & (period - 1));
+
+ /* the timer triggers only when the selected bit toggles from 0 to 1 */
+ if (tb & period) {
+ ticks = period;
+ }
+
+ if (ticks + delta_tick < ticks) {
+ /* Overflow, so assume the biggest number we can express. */
+ ticks = UINT64_MAX;
+ } else {
+ ticks += delta_tick;
+ }
+
+ *next = now + muldiv64(ticks, get_ticks_per_sec(), tb_env->tb_freq);
+ if ((*next < now) || (*next > INT64_MAX)) {
+ /* Overflow, so assume the biggest number the qemu timer supports. */
+ *next = INT64_MAX;
+ }
+
+ /* XXX: If expire time is now. We can't run the callback because we don't
+ * have access to it. So we just set the timer one nanosecond later.
+ */
+
+ if (*next == now) {
+ (*next)++;
+ }
+
+ qemu_mod_timer(timer, *next);
+}
+
+static void booke_decr_cb(void *opaque)
+{
+ PowerPCCPU *cpu = opaque;
+ CPUPPCState *env = &cpu->env;
+
+ env->spr[SPR_BOOKE_TSR] |= TSR_DIS;
+ booke_update_irq(cpu);
+
+ if (env->spr[SPR_BOOKE_TCR] & TCR_ARE) {
+ /* Auto Reload */
+ cpu_ppc_store_decr(env, env->spr[SPR_BOOKE_DECAR]);
+ }
+}
+
+static void booke_fit_cb(void *opaque)
+{
+ PowerPCCPU *cpu = opaque;
+ CPUPPCState *env = &cpu->env;
+ ppc_tb_t *tb_env;
+ booke_timer_t *booke_timer;
+
+ tb_env = env->tb_env;
+ booke_timer = tb_env->opaque;
+ env->spr[SPR_BOOKE_TSR] |= TSR_FIS;
+
+ booke_update_irq(cpu);
+
+ booke_update_fixed_timer(env,
+ booke_get_fit_target(env, tb_env),
+ &booke_timer->fit_next,
+ booke_timer->fit_timer);
+}
+
+static void booke_wdt_cb(void *opaque)
+{
+ PowerPCCPU *cpu = opaque;
+ CPUPPCState *env = &cpu->env;
+ ppc_tb_t *tb_env;
+ booke_timer_t *booke_timer;
+
+ tb_env = env->tb_env;
+ booke_timer = tb_env->opaque;
+
+ /* TODO: There's lots of complicated stuff to do here */
+
+ booke_update_irq(cpu);
+
+ booke_update_fixed_timer(env,
+ booke_get_wdt_target(env, tb_env),
+ &booke_timer->wdt_next,
+ booke_timer->wdt_timer);
+}
+
+void store_booke_tsr(CPUPPCState *env, target_ulong val)
+{
+ PowerPCCPU *cpu = ppc_env_get_cpu(env);
+
+ env->spr[SPR_BOOKE_TSR] &= ~val;
+ kvmppc_clear_tsr_bits(cpu, val);
+ booke_update_irq(cpu);
+}
+
+void store_booke_tcr(CPUPPCState *env, target_ulong val)
+{
+ PowerPCCPU *cpu = ppc_env_get_cpu(env);
+ ppc_tb_t *tb_env = env->tb_env;
+ booke_timer_t *booke_timer = tb_env->opaque;
+
+ tb_env = env->tb_env;
+ env->spr[SPR_BOOKE_TCR] = val;
+ kvmppc_set_tcr(cpu);
+
+ booke_update_irq(cpu);
+
+ booke_update_fixed_timer(env,
+ booke_get_fit_target(env, tb_env),
+ &booke_timer->fit_next,
+ booke_timer->fit_timer);
+
+ booke_update_fixed_timer(env,
+ booke_get_wdt_target(env, tb_env),
+ &booke_timer->wdt_next,
+ booke_timer->wdt_timer);
+}
+
+static void ppc_booke_timer_reset_handle(void *opaque)
+{
+ PowerPCCPU *cpu = opaque;
+ CPUPPCState *env = &cpu->env;
+
+ store_booke_tcr(env, 0);
+ store_booke_tsr(env, -1);
+}
+
+/*
+ * This function will be called whenever the CPU state changes.
+ * CPU states are defined "typedef enum RunState".
+ * Regarding timer, When CPU state changes to running after debug halt
+ * or similar cases which takes time then in between final watchdog
+ * expiry happenes. This will cause exit to QEMU and configured watchdog
+ * action will be taken. To avoid this we always clear the watchdog state when
+ * state changes to running.
+ */
+static void cpu_state_change_handler(void *opaque, int running, RunState state)
+{
+ PowerPCCPU *cpu = opaque;
+ CPUPPCState *env = &cpu->env;
+
+ if (!running) {
+ return;
+ }
+
+ /*
+ * Clear watchdog interrupt condition by clearing TSR.
+ */
+ store_booke_tsr(env, TSR_ENW | TSR_WIS | TSR_WRS_MASK);
+}
+
+void ppc_booke_timers_init(PowerPCCPU *cpu, uint32_t freq, uint32_t flags)
+{
+ ppc_tb_t *tb_env;
+ booke_timer_t *booke_timer;
+ int ret = 0;
+
+ tb_env = g_malloc0(sizeof(ppc_tb_t));
+ booke_timer = g_malloc0(sizeof(booke_timer_t));
+
+ cpu->env.tb_env = tb_env;
+ tb_env->flags = flags | PPC_TIMER_BOOKE | PPC_DECR_ZERO_TRIGGERED;
+
+ tb_env->tb_freq = freq;
+ tb_env->decr_freq = freq;
+ tb_env->opaque = booke_timer;
+ tb_env->decr_timer = qemu_new_timer_ns(vm_clock, &booke_decr_cb, cpu);
+
+ booke_timer->fit_timer =
+ qemu_new_timer_ns(vm_clock, &booke_fit_cb, cpu);
+ booke_timer->wdt_timer =
+ qemu_new_timer_ns(vm_clock, &booke_wdt_cb, cpu);
+
+ ret = kvmppc_booke_watchdog_enable(cpu);
+
+ if (ret) {
+ /* TODO: Start the QEMU emulated watchdog if not running on KVM.
+ * Also start the QEMU emulated watchdog if KVM does not support
+ * emulated watchdog or somehow it is not enabled (supported but
+ * not enabled is though some bug and requires debugging :)).
+ */
+ }
+
+ qemu_add_vm_change_state_handler(cpu_state_change_handler, cpu);
+
+ qemu_register_reset(ppc_booke_timer_reset_handle, cpu);
+}
diff --git a/hw/ppc/ppce500_spin.c b/hw/ppc/ppce500_spin.c
new file mode 100644
index 000000000..78b23fa59
--- /dev/null
+++ b/hw/ppc/ppce500_spin.c
@@ -0,0 +1,224 @@
+/*
+ * QEMU PowerPC e500v2 ePAPR spinning code
+ *
+ * Copyright (C) 2011 Freescale Semiconductor, Inc. All rights reserved.
+ *
+ * Author: Alexander Graf, <agraf@suse.de>
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, see <http://www.gnu.org/licenses/>.
+ *
+ * This code is not really a device, but models an interface that usually
+ * firmware takes care of. It's used when QEMU plays the role of firmware.
+ *
+ * Specification:
+ *
+ * https://www.power.org/resources/downloads/Power_ePAPR_APPROVED_v1.1.pdf
+ *
+ */
+
+#include "hw/hw.h"
+#include "sysemu/sysemu.h"
+#include "hw/sysbus.h"
+#include "sysemu/kvm.h"
+
+#define MAX_CPUS 32
+
+typedef struct spin_info {
+ uint64_t addr;
+ uint64_t r3;
+ uint32_t resv;
+ uint32_t pir;
+ uint64_t reserved;
+} QEMU_PACKED SpinInfo;
+
+#define TYPE_E500_SPIN "e500-spin"
+#define E500_SPIN(obj) OBJECT_CHECK(SpinState, (obj), TYPE_E500_SPIN)
+
+typedef struct SpinState {
+ SysBusDevice parent_obj;
+
+ MemoryRegion iomem;
+ SpinInfo spin[MAX_CPUS];
+} SpinState;
+
+typedef struct spin_kick {
+ PowerPCCPU *cpu;
+ SpinInfo *spin;
+} SpinKick;
+
+static void spin_reset(void *opaque)
+{
+ SpinState *s = opaque;
+ int i;
+
+ for (i = 0; i < MAX_CPUS; i++) {
+ SpinInfo *info = &s->spin[i];
+
+ info->pir = i;
+ info->r3 = i;
+ info->addr = 1;
+ }
+}
+
+/* Create -kernel TLB entries for BookE, linearly spanning 256MB. */
+static inline hwaddr booke206_page_size_to_tlb(uint64_t size)
+{
+ return (ffs(size >> 10) - 1) >> 1;
+}
+
+static void mmubooke_create_initial_mapping(CPUPPCState *env,
+ target_ulong va,
+ hwaddr pa,
+ hwaddr len)
+{
+ ppcmas_tlb_t *tlb = booke206_get_tlbm(env, 1, 0, 1);
+ hwaddr size;
+
+ size = (booke206_page_size_to_tlb(len) << MAS1_TSIZE_SHIFT);
+ tlb->mas1 = MAS1_VALID | size;
+ tlb->mas2 = (va & TARGET_PAGE_MASK) | MAS2_M;
+ tlb->mas7_3 = pa & TARGET_PAGE_MASK;
+ tlb->mas7_3 |= MAS3_UR | MAS3_UW | MAS3_UX | MAS3_SR | MAS3_SW | MAS3_SX;
+ env->tlb_dirty = true;
+}
+
+static void spin_kick(void *data)
+{
+ SpinKick *kick = data;
+ CPUState *cpu = CPU(kick->cpu);
+ CPUPPCState *env = &kick->cpu->env;
+ SpinInfo *curspin = kick->spin;
+ hwaddr map_size = 64 * 1024 * 1024;
+ hwaddr map_start;
+
+ cpu_synchronize_state(cpu);
+ stl_p(&curspin->pir, env->spr[SPR_PIR]);
+ env->nip = ldq_p(&curspin->addr) & (map_size - 1);
+ env->gpr[3] = ldq_p(&curspin->r3);
+ env->gpr[4] = 0;
+ env->gpr[5] = 0;
+ env->gpr[6] = 0;
+ env->gpr[7] = map_size;
+ env->gpr[8] = 0;
+ env->gpr[9] = 0;
+
+ map_start = ldq_p(&curspin->addr) & ~(map_size - 1);
+ mmubooke_create_initial_mapping(env, 0, map_start, map_size);
+
+ cpu->halted = 0;
+ env->exception_index = -1;
+ cpu->stopped = false;
+ qemu_cpu_kick(cpu);
+}
+
+static void spin_write(void *opaque, hwaddr addr, uint64_t value,
+ unsigned len)
+{
+ SpinState *s = opaque;
+ int env_idx = addr / sizeof(SpinInfo);
+ CPUState *cpu;
+ SpinInfo *curspin = &s->spin[env_idx];
+ uint8_t *curspin_p = (uint8_t*)curspin;
+
+ cpu = qemu_get_cpu(env_idx);
+ if (cpu == NULL) {
+ /* Unknown CPU */
+ return;
+ }
+
+ if (cpu->cpu_index == 0) {
+ /* primary CPU doesn't spin */
+ return;
+ }
+
+ curspin_p = &curspin_p[addr % sizeof(SpinInfo)];
+ switch (len) {
+ case 1:
+ stb_p(curspin_p, value);
+ break;
+ case 2:
+ stw_p(curspin_p, value);
+ break;
+ case 4:
+ stl_p(curspin_p, value);
+ break;
+ }
+
+ if (!(ldq_p(&curspin->addr) & 1)) {
+ /* run CPU */
+ SpinKick kick = {
+ .cpu = POWERPC_CPU(cpu),
+ .spin = curspin,
+ };
+
+ run_on_cpu(cpu, spin_kick, &kick);
+ }
+}
+
+static uint64_t spin_read(void *opaque, hwaddr addr, unsigned len)
+{
+ SpinState *s = opaque;
+ uint8_t *spin_p = &((uint8_t*)s->spin)[addr];
+
+ switch (len) {
+ case 1:
+ return ldub_p(spin_p);
+ case 2:
+ return lduw_p(spin_p);
+ case 4:
+ return ldl_p(spin_p);
+ default:
+ hw_error("ppce500: unexpected %s with len = %u", __func__, len);
+ }
+}
+
+static const MemoryRegionOps spin_rw_ops = {
+ .read = spin_read,
+ .write = spin_write,
+ .endianness = DEVICE_BIG_ENDIAN,
+};
+
+static int ppce500_spin_initfn(SysBusDevice *dev)
+{
+ SpinState *s = E500_SPIN(dev);
+
+ memory_region_init_io(&s->iomem, OBJECT(s), &spin_rw_ops, s,
+ "e500 spin pv device", sizeof(SpinInfo) * MAX_CPUS);
+ sysbus_init_mmio(dev, &s->iomem);
+
+ qemu_register_reset(spin_reset, s);
+
+ return 0;
+}
+
+static void ppce500_spin_class_init(ObjectClass *klass, void *data)
+{
+ SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
+
+ k->init = ppce500_spin_initfn;
+}
+
+static const TypeInfo ppce500_spin_info = {
+ .name = TYPE_E500_SPIN,
+ .parent = TYPE_SYS_BUS_DEVICE,
+ .instance_size = sizeof(SpinState),
+ .class_init = ppce500_spin_class_init,
+};
+
+static void ppce500_spin_register_types(void)
+{
+ type_register_static(&ppce500_spin_info);
+}
+
+type_init(ppce500_spin_register_types)
diff --git a/hw/ppc/prep.c b/hw/ppc/prep.c
new file mode 100644
index 000000000..7e04b1ac8
--- /dev/null
+++ b/hw/ppc/prep.c
@@ -0,0 +1,702 @@
+/*
+ * QEMU PPC PREP hardware System Emulator
+ *
+ * Copyright (c) 2003-2007 Jocelyn Mayer
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+#include "hw/hw.h"
+#include "hw/timer/m48t59.h"
+#include "hw/i386/pc.h"
+#include "hw/char/serial.h"
+#include "hw/block/fdc.h"
+#include "net/net.h"
+#include "sysemu/sysemu.h"
+#include "hw/isa/isa.h"
+#include "hw/pci/pci.h"
+#include "hw/pci/pci_host.h"
+#include "hw/ppc/ppc.h"
+#include "hw/boards.h"
+#include "qemu/log.h"
+#include "hw/ide.h"
+#include "hw/loader.h"
+#include "hw/timer/mc146818rtc.h"
+#include "hw/isa/pc87312.h"
+#include "sysemu/blockdev.h"
+#include "sysemu/arch_init.h"
+#include "sysemu/qtest.h"
+#include "exec/address-spaces.h"
+#include "elf.h"
+
+//#define HARD_DEBUG_PPC_IO
+//#define DEBUG_PPC_IO
+
+/* SMP is not enabled, for now */
+#define MAX_CPUS 1
+
+#define MAX_IDE_BUS 2
+
+#define BIOS_SIZE (1024 * 1024)
+#define BIOS_FILENAME "ppc_rom.bin"
+#define KERNEL_LOAD_ADDR 0x01000000
+#define INITRD_LOAD_ADDR 0x01800000
+
+#if defined (HARD_DEBUG_PPC_IO) && !defined (DEBUG_PPC_IO)
+#define DEBUG_PPC_IO
+#endif
+
+#if defined (HARD_DEBUG_PPC_IO)
+#define PPC_IO_DPRINTF(fmt, ...) \
+do { \
+ if (qemu_loglevel_mask(CPU_LOG_IOPORT)) { \
+ qemu_log("%s: " fmt, __func__ , ## __VA_ARGS__); \
+ } else { \
+ printf("%s : " fmt, __func__ , ## __VA_ARGS__); \
+ } \
+} while (0)
+#elif defined (DEBUG_PPC_IO)
+#define PPC_IO_DPRINTF(fmt, ...) \
+qemu_log_mask(CPU_LOG_IOPORT, fmt, ## __VA_ARGS__)
+#else
+#define PPC_IO_DPRINTF(fmt, ...) do { } while (0)
+#endif
+
+/* Constants for devices init */
+static const int ide_iobase[2] = { 0x1f0, 0x170 };
+static const int ide_iobase2[2] = { 0x3f6, 0x376 };
+static const int ide_irq[2] = { 13, 13 };
+
+#define NE2000_NB_MAX 6
+
+static uint32_t ne2000_io[NE2000_NB_MAX] = { 0x300, 0x320, 0x340, 0x360, 0x280, 0x380 };
+static int ne2000_irq[NE2000_NB_MAX] = { 9, 10, 11, 3, 4, 5 };
+
+/* ISA IO ports bridge */
+#define PPC_IO_BASE 0x80000000
+
+/* PowerPC control and status registers */
+#if 0 // Not used
+static struct {
+ /* IDs */
+ uint32_t veni_devi;
+ uint32_t revi;
+ /* Control and status */
+ uint32_t gcsr;
+ uint32_t xcfr;
+ uint32_t ct32;
+ uint32_t mcsr;
+ /* General purpose registers */
+ uint32_t gprg[6];
+ /* Exceptions */
+ uint32_t feen;
+ uint32_t fest;
+ uint32_t fema;
+ uint32_t fecl;
+ uint32_t eeen;
+ uint32_t eest;
+ uint32_t eecl;
+ uint32_t eeint;
+ uint32_t eemck0;
+ uint32_t eemck1;
+ /* Error diagnostic */
+} XCSR;
+
+static void PPC_XCSR_writeb (void *opaque,
+ hwaddr addr, uint32_t value)
+{
+ printf("%s: 0x" TARGET_FMT_plx " => 0x%08" PRIx32 "\n", __func__, addr,
+ value);
+}
+
+static void PPC_XCSR_writew (void *opaque,
+ hwaddr addr, uint32_t value)
+{
+ printf("%s: 0x" TARGET_FMT_plx " => 0x%08" PRIx32 "\n", __func__, addr,
+ value);
+}
+
+static void PPC_XCSR_writel (void *opaque,
+ hwaddr addr, uint32_t value)
+{
+ printf("%s: 0x" TARGET_FMT_plx " => 0x%08" PRIx32 "\n", __func__, addr,
+ value);
+}
+
+static uint32_t PPC_XCSR_readb (void *opaque, hwaddr addr)
+{
+ uint32_t retval = 0;
+
+ printf("%s: 0x" TARGET_FMT_plx " <= %08" PRIx32 "\n", __func__, addr,
+ retval);
+
+ return retval;
+}
+
+static uint32_t PPC_XCSR_readw (void *opaque, hwaddr addr)
+{
+ uint32_t retval = 0;
+
+ printf("%s: 0x" TARGET_FMT_plx " <= %08" PRIx32 "\n", __func__, addr,
+ retval);
+
+ return retval;
+}
+
+static uint32_t PPC_XCSR_readl (void *opaque, hwaddr addr)
+{
+ uint32_t retval = 0;
+
+ printf("%s: 0x" TARGET_FMT_plx " <= %08" PRIx32 "\n", __func__, addr,
+ retval);
+
+ return retval;
+}
+
+static const MemoryRegionOps PPC_XCSR_ops = {
+ .old_mmio = {
+ .read = { PPC_XCSR_readb, PPC_XCSR_readw, PPC_XCSR_readl, },
+ .write = { PPC_XCSR_writeb, PPC_XCSR_writew, PPC_XCSR_writel, },
+ },
+ .endianness = DEVICE_LITTLE_ENDIAN,
+};
+
+#endif
+
+/* Fake super-io ports for PREP platform (Intel 82378ZB) */
+typedef struct sysctrl_t {
+ qemu_irq reset_irq;
+ M48t59State *nvram;
+ uint8_t state;
+ uint8_t syscontrol;
+ int contiguous_map;
+ int endian;
+} sysctrl_t;
+
+enum {
+ STATE_HARDFILE = 0x01,
+};
+
+static sysctrl_t *sysctrl;
+
+static void PREP_io_800_writeb (void *opaque, uint32_t addr, uint32_t val)
+{
+ sysctrl_t *sysctrl = opaque;
+
+ PPC_IO_DPRINTF("0x%08" PRIx32 " => 0x%02" PRIx32 "\n",
+ addr - PPC_IO_BASE, val);
+ switch (addr) {
+ case 0x0092:
+ /* Special port 92 */
+ /* Check soft reset asked */
+ if (val & 0x01) {
+ qemu_irq_raise(sysctrl->reset_irq);
+ } else {
+ qemu_irq_lower(sysctrl->reset_irq);
+ }
+ /* Check LE mode */
+ if (val & 0x02) {
+ sysctrl->endian = 1;
+ } else {
+ sysctrl->endian = 0;
+ }
+ break;
+ case 0x0800:
+ /* Motorola CPU configuration register : read-only */
+ break;
+ case 0x0802:
+ /* Motorola base module feature register : read-only */
+ break;
+ case 0x0803:
+ /* Motorola base module status register : read-only */
+ break;
+ case 0x0808:
+ /* Hardfile light register */
+ if (val & 1)
+ sysctrl->state |= STATE_HARDFILE;
+ else
+ sysctrl->state &= ~STATE_HARDFILE;
+ break;
+ case 0x0810:
+ /* Password protect 1 register */
+ if (sysctrl->nvram != NULL)
+ m48t59_toggle_lock(sysctrl->nvram, 1);
+ break;
+ case 0x0812:
+ /* Password protect 2 register */
+ if (sysctrl->nvram != NULL)
+ m48t59_toggle_lock(sysctrl->nvram, 2);
+ break;
+ case 0x0814:
+ /* L2 invalidate register */
+ // tlb_flush(first_cpu, 1);
+ break;
+ case 0x081C:
+ /* system control register */
+ sysctrl->syscontrol = val & 0x0F;
+ break;
+ case 0x0850:
+ /* I/O map type register */
+ sysctrl->contiguous_map = val & 0x01;
+ break;
+ default:
+ printf("ERROR: unaffected IO port write: %04" PRIx32
+ " => %02" PRIx32"\n", addr, val);
+ break;
+ }
+}
+
+static uint32_t PREP_io_800_readb (void *opaque, uint32_t addr)
+{
+ sysctrl_t *sysctrl = opaque;
+ uint32_t retval = 0xFF;
+
+ switch (addr) {
+ case 0x0092:
+ /* Special port 92 */
+ retval = sysctrl->endian << 1;
+ break;
+ case 0x0800:
+ /* Motorola CPU configuration register */
+ retval = 0xEF; /* MPC750 */
+ break;
+ case 0x0802:
+ /* Motorola Base module feature register */
+ retval = 0xAD; /* No ESCC, PMC slot neither ethernet */
+ break;
+ case 0x0803:
+ /* Motorola base module status register */
+ retval = 0xE0; /* Standard MPC750 */
+ break;
+ case 0x080C:
+ /* Equipment present register:
+ * no L2 cache
+ * no upgrade processor
+ * no cards in PCI slots
+ * SCSI fuse is bad
+ */
+ retval = 0x3C;
+ break;
+ case 0x0810:
+ /* Motorola base module extended feature register */
+ retval = 0x39; /* No USB, CF and PCI bridge. NVRAM present */
+ break;
+ case 0x0814:
+ /* L2 invalidate: don't care */
+ break;
+ case 0x0818:
+ /* Keylock */
+ retval = 0x00;
+ break;
+ case 0x081C:
+ /* system control register
+ * 7 - 6 / 1 - 0: L2 cache enable
+ */
+ retval = sysctrl->syscontrol;
+ break;
+ case 0x0823:
+ /* */
+ retval = 0x03; /* no L2 cache */
+ break;
+ case 0x0850:
+ /* I/O map type register */
+ retval = sysctrl->contiguous_map;
+ break;
+ default:
+ printf("ERROR: unaffected IO port: %04" PRIx32 " read\n", addr);
+ break;
+ }
+ PPC_IO_DPRINTF("0x%08" PRIx32 " <= 0x%02" PRIx32 "\n",
+ addr - PPC_IO_BASE, retval);
+
+ return retval;
+}
+
+static inline hwaddr prep_IO_address(sysctrl_t *sysctrl,
+ hwaddr addr)
+{
+ if (sysctrl->contiguous_map == 0) {
+ /* 64 KB contiguous space for IOs */
+ addr &= 0xFFFF;
+ } else {
+ /* 8 MB non-contiguous space for IOs */
+ addr = (addr & 0x1F) | ((addr & 0x007FFF000) >> 7);
+ }
+
+ return addr;
+}
+
+static void PPC_prep_io_writeb (void *opaque, hwaddr addr,
+ uint32_t value)
+{
+ sysctrl_t *sysctrl = opaque;
+
+ addr = prep_IO_address(sysctrl, addr);
+ cpu_outb(addr, value);
+}
+
+static uint32_t PPC_prep_io_readb (void *opaque, hwaddr addr)
+{
+ sysctrl_t *sysctrl = opaque;
+ uint32_t ret;
+
+ addr = prep_IO_address(sysctrl, addr);
+ ret = cpu_inb(addr);
+
+ return ret;
+}
+
+static void PPC_prep_io_writew (void *opaque, hwaddr addr,
+ uint32_t value)
+{
+ sysctrl_t *sysctrl = opaque;
+
+ addr = prep_IO_address(sysctrl, addr);
+ PPC_IO_DPRINTF("0x" TARGET_FMT_plx " => 0x%08" PRIx32 "\n", addr, value);
+ cpu_outw(addr, value);
+}
+
+static uint32_t PPC_prep_io_readw (void *opaque, hwaddr addr)
+{
+ sysctrl_t *sysctrl = opaque;
+ uint32_t ret;
+
+ addr = prep_IO_address(sysctrl, addr);
+ ret = cpu_inw(addr);
+ PPC_IO_DPRINTF("0x" TARGET_FMT_plx " <= 0x%08" PRIx32 "\n", addr, ret);
+
+ return ret;
+}
+
+static void PPC_prep_io_writel (void *opaque, hwaddr addr,
+ uint32_t value)
+{
+ sysctrl_t *sysctrl = opaque;
+
+ addr = prep_IO_address(sysctrl, addr);
+ PPC_IO_DPRINTF("0x" TARGET_FMT_plx " => 0x%08" PRIx32 "\n", addr, value);
+ cpu_outl(addr, value);
+}
+
+static uint32_t PPC_prep_io_readl (void *opaque, hwaddr addr)
+{
+ sysctrl_t *sysctrl = opaque;
+ uint32_t ret;
+
+ addr = prep_IO_address(sysctrl, addr);
+ ret = cpu_inl(addr);
+ PPC_IO_DPRINTF("0x" TARGET_FMT_plx " <= 0x%08" PRIx32 "\n", addr, ret);
+
+ return ret;
+}
+
+static const MemoryRegionOps PPC_prep_io_ops = {
+ .old_mmio = {
+ .read = { PPC_prep_io_readb, PPC_prep_io_readw, PPC_prep_io_readl },
+ .write = { PPC_prep_io_writeb, PPC_prep_io_writew, PPC_prep_io_writel },
+ },
+ .endianness = DEVICE_NATIVE_ENDIAN,
+};
+
+#define NVRAM_SIZE 0x2000
+
+static void cpu_request_exit(void *opaque, int irq, int level)
+{
+ CPUState *cpu = current_cpu;
+
+ if (cpu && level) {
+ cpu_exit(cpu);
+ }
+}
+
+static void ppc_prep_reset(void *opaque)
+{
+ PowerPCCPU *cpu = opaque;
+
+ cpu_reset(CPU(cpu));
+
+ /* Reset address */
+ cpu->env.nip = 0xfffffffc;
+}
+
+static const MemoryRegionPortio prep_portio_list[] = {
+ /* System control ports */
+ { 0x0092, 1, 1, .read = PREP_io_800_readb, .write = PREP_io_800_writeb, },
+ { 0x0800, 0x52, 1,
+ .read = PREP_io_800_readb, .write = PREP_io_800_writeb, },
+ /* Special port to get debug messages from Open-Firmware */
+ { 0x0F00, 4, 1, .write = PPC_debug_write, },
+ PORTIO_END_OF_LIST(),
+};
+
+/* PowerPC PREP hardware initialisation */
+static void ppc_prep_init(QEMUMachineInitArgs *args)
+{
+ ram_addr_t ram_size = args->ram_size;
+ const char *cpu_model = args->cpu_model;
+ const char *kernel_filename = args->kernel_filename;
+ const char *kernel_cmdline = args->kernel_cmdline;
+ const char *initrd_filename = args->initrd_filename;
+ const char *boot_device = args->boot_device;
+ MemoryRegion *sysmem = get_system_memory();
+ PowerPCCPU *cpu = NULL;
+ CPUPPCState *env = NULL;
+ char *filename;
+ nvram_t nvram;
+ M48t59State *m48t59;
+ MemoryRegion *PPC_io_memory = g_new(MemoryRegion, 1);
+ PortioList *port_list = g_new(PortioList, 1);
+#if 0
+ MemoryRegion *xcsr = g_new(MemoryRegion, 1);
+#endif
+ int linux_boot, i, nb_nics1, bios_size;
+ MemoryRegion *ram = g_new(MemoryRegion, 1);
+ MemoryRegion *bios = g_new(MemoryRegion, 1);
+ uint32_t kernel_base, initrd_base;
+ long kernel_size, initrd_size;
+ DeviceState *dev;
+ PCIHostState *pcihost;
+ PCIBus *pci_bus;
+ PCIDevice *pci;
+ ISABus *isa_bus;
+ ISADevice *isa;
+ qemu_irq *cpu_exit_irq;
+ int ppc_boot_device;
+ DriveInfo *hd[MAX_IDE_BUS * MAX_IDE_DEVS];
+
+ sysctrl = g_malloc0(sizeof(sysctrl_t));
+
+ linux_boot = (kernel_filename != NULL);
+
+ /* init CPUs */
+ if (cpu_model == NULL)
+ cpu_model = "602";
+ for (i = 0; i < smp_cpus; i++) {
+ cpu = cpu_ppc_init(cpu_model);
+ if (cpu == NULL) {
+ fprintf(stderr, "Unable to find PowerPC CPU definition\n");
+ exit(1);
+ }
+ env = &cpu->env;
+
+ if (env->flags & POWERPC_FLAG_RTC_CLK) {
+ /* POWER / PowerPC 601 RTC clock frequency is 7.8125 MHz */
+ cpu_ppc_tb_init(env, 7812500UL);
+ } else {
+ /* Set time-base frequency to 100 Mhz */
+ cpu_ppc_tb_init(env, 100UL * 1000UL * 1000UL);
+ }
+ qemu_register_reset(ppc_prep_reset, cpu);
+ }
+
+ /* allocate RAM */
+ memory_region_init_ram(ram, NULL, "ppc_prep.ram", ram_size);
+ vmstate_register_ram_global(ram);
+ memory_region_add_subregion(sysmem, 0, ram);
+
+ /* allocate and load BIOS */
+ memory_region_init_ram(bios, NULL, "ppc_prep.bios", BIOS_SIZE);
+ memory_region_set_readonly(bios, true);
+ memory_region_add_subregion(sysmem, (uint32_t)(-BIOS_SIZE), bios);
+ vmstate_register_ram_global(bios);
+ if (bios_name == NULL)
+ bios_name = BIOS_FILENAME;
+ filename = qemu_find_file(QEMU_FILE_TYPE_BIOS, bios_name);
+ if (filename) {
+ bios_size = load_elf(filename, NULL, NULL, NULL,
+ NULL, NULL, 1, ELF_MACHINE, 0);
+ if (bios_size < 0) {
+ bios_size = get_image_size(filename);
+ if (bios_size > 0 && bios_size <= BIOS_SIZE) {
+ hwaddr bios_addr;
+ bios_size = (bios_size + 0xfff) & ~0xfff;
+ bios_addr = (uint32_t)(-bios_size);
+ bios_size = load_image_targphys(filename, bios_addr, bios_size);
+ }
+ if (bios_size > BIOS_SIZE) {
+ fprintf(stderr, "qemu: PReP bios '%s' is too large (0x%x)\n",
+ bios_name, bios_size);
+ exit(1);
+ }
+ }
+ } else {
+ bios_size = -1;
+ }
+ if (bios_size < 0 && !qtest_enabled()) {
+ fprintf(stderr, "qemu: could not load PPC PReP bios '%s'\n",
+ bios_name);
+ exit(1);
+ }
+ if (filename) {
+ g_free(filename);
+ }
+
+ if (linux_boot) {
+ kernel_base = KERNEL_LOAD_ADDR;
+ /* now we can load the kernel */
+ kernel_size = load_image_targphys(kernel_filename, kernel_base,
+ ram_size - kernel_base);
+ if (kernel_size < 0) {
+ hw_error("qemu: could not load kernel '%s'\n", kernel_filename);
+ exit(1);
+ }
+ /* load initrd */
+ if (initrd_filename) {
+ initrd_base = INITRD_LOAD_ADDR;
+ initrd_size = load_image_targphys(initrd_filename, initrd_base,
+ ram_size - initrd_base);
+ if (initrd_size < 0) {
+ hw_error("qemu: could not load initial ram disk '%s'\n",
+ initrd_filename);
+ }
+ } else {
+ initrd_base = 0;
+ initrd_size = 0;
+ }
+ ppc_boot_device = 'm';
+ } else {
+ kernel_base = 0;
+ kernel_size = 0;
+ initrd_base = 0;
+ initrd_size = 0;
+ ppc_boot_device = '\0';
+ /* For now, OHW cannot boot from the network. */
+ for (i = 0; boot_device[i] != '\0'; i++) {
+ if (boot_device[i] >= 'a' && boot_device[i] <= 'f') {
+ ppc_boot_device = boot_device[i];
+ break;
+ }
+ }
+ if (ppc_boot_device == '\0') {
+ fprintf(stderr, "No valid boot device for Mac99 machine\n");
+ exit(1);
+ }
+ }
+
+ if (PPC_INPUT(env) != PPC_FLAGS_INPUT_6xx) {
+ hw_error("Only 6xx bus is supported on PREP machine\n");
+ }
+
+ dev = qdev_create(NULL, "raven-pcihost");
+ pcihost = PCI_HOST_BRIDGE(dev);
+ object_property_add_child(qdev_get_machine(), "raven", OBJECT(dev), NULL);
+ qdev_init_nofail(dev);
+ pci_bus = (PCIBus *)qdev_get_child_bus(dev, "pci.0");
+ if (pci_bus == NULL) {
+ fprintf(stderr, "Couldn't create PCI host controller.\n");
+ exit(1);
+ }
+
+ /* PCI -> ISA bridge */
+ pci = pci_create_simple(pci_bus, PCI_DEVFN(1, 0), "i82378");
+ cpu_exit_irq = qemu_allocate_irqs(cpu_request_exit, NULL, 1);
+ cpu = POWERPC_CPU(first_cpu);
+ qdev_connect_gpio_out(&pci->qdev, 0,
+ cpu->env.irq_inputs[PPC6xx_INPUT_INT]);
+ qdev_connect_gpio_out(&pci->qdev, 1, *cpu_exit_irq);
+ sysbus_connect_irq(&pcihost->busdev, 0, qdev_get_gpio_in(&pci->qdev, 9));
+ sysbus_connect_irq(&pcihost->busdev, 1, qdev_get_gpio_in(&pci->qdev, 11));
+ sysbus_connect_irq(&pcihost->busdev, 2, qdev_get_gpio_in(&pci->qdev, 9));
+ sysbus_connect_irq(&pcihost->busdev, 3, qdev_get_gpio_in(&pci->qdev, 11));
+ isa_bus = ISA_BUS(qdev_get_child_bus(DEVICE(pci), "isa.0"));
+
+ /* Super I/O (parallel + serial ports) */
+ isa = isa_create(isa_bus, TYPE_PC87312);
+ dev = DEVICE(isa);
+ qdev_prop_set_uint8(dev, "config", 13); /* fdc, ser0, ser1, par0 */
+ qdev_init_nofail(dev);
+
+ /* Register 8 MB of ISA IO space (needed for non-contiguous map) */
+ memory_region_init_io(PPC_io_memory, NULL, &PPC_prep_io_ops, sysctrl,
+ "ppc-io", 0x00800000);
+ memory_region_add_subregion(sysmem, 0x80000000, PPC_io_memory);
+
+ /* init basic PC hardware */
+ pci_vga_init(pci_bus);
+
+ nb_nics1 = nb_nics;
+ if (nb_nics1 > NE2000_NB_MAX)
+ nb_nics1 = NE2000_NB_MAX;
+ for(i = 0; i < nb_nics1; i++) {
+ if (nd_table[i].model == NULL) {
+ nd_table[i].model = g_strdup("ne2k_isa");
+ }
+ if (strcmp(nd_table[i].model, "ne2k_isa") == 0) {
+ isa_ne2000_init(isa_bus, ne2000_io[i], ne2000_irq[i],
+ &nd_table[i]);
+ } else {
+ pci_nic_init_nofail(&nd_table[i], pci_bus, "ne2k_pci", NULL);
+ }
+ }
+
+ ide_drive_get(hd, MAX_IDE_BUS);
+ for(i = 0; i < MAX_IDE_BUS; i++) {
+ isa_ide_init(isa_bus, ide_iobase[i], ide_iobase2[i], ide_irq[i],
+ hd[2 * i],
+ hd[2 * i + 1]);
+ }
+ isa_create_simple(isa_bus, "i8042");
+
+ cpu = POWERPC_CPU(first_cpu);
+ sysctrl->reset_irq = cpu->env.irq_inputs[PPC6xx_INPUT_HRESET];
+
+ portio_list_init(port_list, NULL, prep_portio_list, sysctrl, "prep");
+ portio_list_add(port_list, get_system_io(), 0x0);
+
+ /* PowerPC control and status register group */
+#if 0
+ memory_region_init_io(xcsr, NULL, &PPC_XCSR_ops, NULL, "ppc-xcsr", 0x1000);
+ memory_region_add_subregion(sysmem, 0xFEFF0000, xcsr);
+#endif
+
+ if (usb_enabled(false)) {
+ pci_create_simple(pci_bus, -1, "pci-ohci");
+ }
+
+ m48t59 = m48t59_init_isa(isa_bus, 0x0074, NVRAM_SIZE, 59);
+ if (m48t59 == NULL)
+ return;
+ sysctrl->nvram = m48t59;
+
+ /* Initialise NVRAM */
+ nvram.opaque = m48t59;
+ nvram.read_fn = &m48t59_read;
+ nvram.write_fn = &m48t59_write;
+ PPC_NVRAM_set_params(&nvram, NVRAM_SIZE, "PREP", ram_size, ppc_boot_device,
+ kernel_base, kernel_size,
+ kernel_cmdline,
+ initrd_base, initrd_size,
+ /* XXX: need an option to load a NVRAM image */
+ 0,
+ graphic_width, graphic_height, graphic_depth);
+}
+
+static QEMUMachine prep_machine = {
+ .name = "prep",
+ .desc = "PowerPC PREP platform",
+ .init = ppc_prep_init,
+ .max_cpus = MAX_CPUS,
+ DEFAULT_MACHINE_OPTIONS,
+};
+
+static void prep_machine_init(void)
+{
+ qemu_register_machine(&prep_machine);
+}
+
+machine_init(prep_machine_init);
diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c
new file mode 100644
index 000000000..16bfab90b
--- /dev/null
+++ b/hw/ppc/spapr.c
@@ -0,0 +1,1336 @@
+/*
+ * QEMU PowerPC pSeries Logical Partition (aka sPAPR) hardware System Emulator
+ *
+ * Copyright (c) 2004-2007 Fabrice Bellard
+ * Copyright (c) 2007 Jocelyn Mayer
+ * Copyright (c) 2010 David Gibson, IBM Corporation.
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ *
+ */
+#include "sysemu/sysemu.h"
+#include "hw/hw.h"
+#include "elf.h"
+#include "net/net.h"
+#include "sysemu/blockdev.h"
+#include "sysemu/cpus.h"
+#include "sysemu/kvm.h"
+#include "kvm_ppc.h"
+#include "mmu-hash64.h"
+
+#include "hw/boards.h"
+#include "hw/ppc/ppc.h"
+#include "hw/loader.h"
+
+#include "hw/ppc/spapr.h"
+#include "hw/ppc/spapr_vio.h"
+#include "hw/pci-host/spapr.h"
+#include "hw/ppc/xics.h"
+#include "hw/pci/msi.h"
+
+#include "hw/pci/pci.h"
+
+#include "exec/address-spaces.h"
+#include "hw/usb.h"
+#include "qemu/config-file.h"
+
+#include <libfdt.h>
+
+/* SLOF memory layout:
+ *
+ * SLOF raw image loaded at 0, copies its romfs right below the flat
+ * device-tree, then position SLOF itself 31M below that
+ *
+ * So we set FW_OVERHEAD to 40MB which should account for all of that
+ * and more
+ *
+ * We load our kernel at 4M, leaving space for SLOF initial image
+ */
+#define FDT_MAX_SIZE 0x10000
+#define RTAS_MAX_SIZE 0x10000
+#define FW_MAX_SIZE 0x400000
+#define FW_FILE_NAME "slof.bin"
+#define FW_OVERHEAD 0x2800000
+#define KERNEL_LOAD_ADDR FW_MAX_SIZE
+
+#define MIN_RMA_SLOF 128UL
+
+#define TIMEBASE_FREQ 512000000ULL
+
+#define MAX_CPUS 256
+#define XICS_IRQS 1024
+
+#define PHANDLE_XICP 0x00001111
+
+#define HTAB_SIZE(spapr) (1ULL << ((spapr)->htab_shift))
+
+sPAPREnvironment *spapr;
+
+int spapr_allocate_irq(int hint, bool lsi)
+{
+ int irq;
+
+ if (hint) {
+ irq = hint;
+ /* FIXME: we should probably check for collisions somehow */
+ } else {
+ irq = spapr->next_irq++;
+ }
+
+ /* Configure irq type */
+ if (!xics_get_qirq(spapr->icp, irq)) {
+ return 0;
+ }
+
+ xics_set_irq_type(spapr->icp, irq, lsi);
+
+ return irq;
+}
+
+/* Allocate block of consequtive IRQs, returns a number of the first */
+int spapr_allocate_irq_block(int num, bool lsi)
+{
+ int first = -1;
+ int i;
+
+ for (i = 0; i < num; ++i) {
+ int irq;
+
+ irq = spapr_allocate_irq(0, lsi);
+ if (!irq) {
+ return -1;
+ }
+
+ if (0 == i) {
+ first = irq;
+ }
+
+ /* If the above doesn't create a consecutive block then that's
+ * an internal bug */
+ assert(irq == (first + i));
+ }
+
+ return first;
+}
+
+static XICSState *try_create_xics(const char *type, int nr_servers,
+ int nr_irqs)
+{
+ DeviceState *dev;
+
+ dev = qdev_create(NULL, type);
+ qdev_prop_set_uint32(dev, "nr_servers", nr_servers);
+ qdev_prop_set_uint32(dev, "nr_irqs", nr_irqs);
+ if (qdev_init(dev) < 0) {
+ return NULL;
+ }
+
+ return XICS(dev);
+}
+
+static XICSState *xics_system_init(int nr_servers, int nr_irqs)
+{
+ XICSState *icp = NULL;
+
+ icp = try_create_xics(TYPE_XICS, nr_servers, nr_irqs);
+ if (!icp) {
+ perror("Failed to create XICS\n");
+ abort();
+ }
+
+ return icp;
+}
+
+static int spapr_fixup_cpu_dt(void *fdt, sPAPREnvironment *spapr)
+{
+ int ret = 0, offset;
+ CPUState *cpu;
+ char cpu_model[32];
+ int smt = kvmppc_smt_threads();
+ uint32_t pft_size_prop[] = {0, cpu_to_be32(spapr->htab_shift)};
+
+ assert(spapr->cpu_model);
+
+ for (cpu = first_cpu; cpu != NULL; cpu = cpu->next_cpu) {
+ uint32_t associativity[] = {cpu_to_be32(0x5),
+ cpu_to_be32(0x0),
+ cpu_to_be32(0x0),
+ cpu_to_be32(0x0),
+ cpu_to_be32(cpu->numa_node),
+ cpu_to_be32(cpu->cpu_index)};
+
+ if ((cpu->cpu_index % smt) != 0) {
+ continue;
+ }
+
+ snprintf(cpu_model, 32, "/cpus/%s@%x", spapr->cpu_model,
+ cpu->cpu_index);
+
+ offset = fdt_path_offset(fdt, cpu_model);
+ if (offset < 0) {
+ return offset;
+ }
+
+ if (nb_numa_nodes > 1) {
+ ret = fdt_setprop(fdt, offset, "ibm,associativity", associativity,
+ sizeof(associativity));
+ if (ret < 0) {
+ return ret;
+ }
+ }
+
+ ret = fdt_setprop(fdt, offset, "ibm,pft-size",
+ pft_size_prop, sizeof(pft_size_prop));
+ if (ret < 0) {
+ return ret;
+ }
+ }
+ return ret;
+}
+
+
+static size_t create_page_sizes_prop(CPUPPCState *env, uint32_t *prop,
+ size_t maxsize)
+{
+ size_t maxcells = maxsize / sizeof(uint32_t);
+ int i, j, count;
+ uint32_t *p = prop;
+
+ for (i = 0; i < PPC_PAGE_SIZES_MAX_SZ; i++) {
+ struct ppc_one_seg_page_size *sps = &env->sps.sps[i];
+
+ if (!sps->page_shift) {
+ break;
+ }
+ for (count = 0; count < PPC_PAGE_SIZES_MAX_SZ; count++) {
+ if (sps->enc[count].page_shift == 0) {
+ break;
+ }
+ }
+ if ((p - prop) >= (maxcells - 3 - count * 2)) {
+ break;
+ }
+ *(p++) = cpu_to_be32(sps->page_shift);
+ *(p++) = cpu_to_be32(sps->slb_enc);
+ *(p++) = cpu_to_be32(count);
+ for (j = 0; j < count; j++) {
+ *(p++) = cpu_to_be32(sps->enc[j].page_shift);
+ *(p++) = cpu_to_be32(sps->enc[j].pte_enc);
+ }
+ }
+
+ return (p - prop) * sizeof(uint32_t);
+}
+
+#define _FDT(exp) \
+ do { \
+ int ret = (exp); \
+ if (ret < 0) { \
+ fprintf(stderr, "qemu: error creating device tree: %s: %s\n", \
+ #exp, fdt_strerror(ret)); \
+ exit(1); \
+ } \
+ } while (0)
+
+
+static void *spapr_create_fdt_skel(const char *cpu_model,
+ hwaddr initrd_base,
+ hwaddr initrd_size,
+ hwaddr kernel_size,
+ const char *boot_device,
+ const char *kernel_cmdline,
+ uint32_t epow_irq)
+{
+ void *fdt;
+ CPUState *cs;
+ uint32_t start_prop = cpu_to_be32(initrd_base);
+ uint32_t end_prop = cpu_to_be32(initrd_base + initrd_size);
+ char hypertas_prop[] = "hcall-pft\0hcall-term\0hcall-dabr\0hcall-interrupt"
+ "\0hcall-tce\0hcall-vio\0hcall-splpar\0hcall-bulk";
+ char qemu_hypertas_prop[] = "hcall-memop1";
+ uint32_t refpoints[] = {cpu_to_be32(0x4), cpu_to_be32(0x4)};
+ uint32_t interrupt_server_ranges_prop[] = {0, cpu_to_be32(smp_cpus)};
+ char *modelname;
+ int i, smt = kvmppc_smt_threads();
+ unsigned char vec5[] = {0x0, 0x0, 0x0, 0x0, 0x0, 0x80};
+
+ fdt = g_malloc0(FDT_MAX_SIZE);
+ _FDT((fdt_create(fdt, FDT_MAX_SIZE)));
+
+ if (kernel_size) {
+ _FDT((fdt_add_reservemap_entry(fdt, KERNEL_LOAD_ADDR, kernel_size)));
+ }
+ if (initrd_size) {
+ _FDT((fdt_add_reservemap_entry(fdt, initrd_base, initrd_size)));
+ }
+ _FDT((fdt_finish_reservemap(fdt)));
+
+ /* Root node */
+ _FDT((fdt_begin_node(fdt, "")));
+ _FDT((fdt_property_string(fdt, "device_type", "chrp")));
+ _FDT((fdt_property_string(fdt, "model", "IBM pSeries (emulated by qemu)")));
+ _FDT((fdt_property_string(fdt, "compatible", "qemu,pseries")));
+
+ _FDT((fdt_property_cell(fdt, "#address-cells", 0x2)));
+ _FDT((fdt_property_cell(fdt, "#size-cells", 0x2)));
+
+ /* /chosen */
+ _FDT((fdt_begin_node(fdt, "chosen")));
+
+ /* Set Form1_affinity */
+ _FDT((fdt_property(fdt, "ibm,architecture-vec-5", vec5, sizeof(vec5))));
+
+ _FDT((fdt_property_string(fdt, "bootargs", kernel_cmdline)));
+ _FDT((fdt_property(fdt, "linux,initrd-start",
+ &start_prop, sizeof(start_prop))));
+ _FDT((fdt_property(fdt, "linux,initrd-end",
+ &end_prop, sizeof(end_prop))));
+ if (kernel_size) {
+ uint64_t kprop[2] = { cpu_to_be64(KERNEL_LOAD_ADDR),
+ cpu_to_be64(kernel_size) };
+
+ _FDT((fdt_property(fdt, "qemu,boot-kernel", &kprop, sizeof(kprop))));
+ }
+ if (boot_device) {
+ _FDT((fdt_property_string(fdt, "qemu,boot-device", boot_device)));
+ }
+ _FDT((fdt_property_cell(fdt, "qemu,graphic-width", graphic_width)));
+ _FDT((fdt_property_cell(fdt, "qemu,graphic-height", graphic_height)));
+ _FDT((fdt_property_cell(fdt, "qemu,graphic-depth", graphic_depth)));
+
+ _FDT((fdt_end_node(fdt)));
+
+ /* cpus */
+ _FDT((fdt_begin_node(fdt, "cpus")));
+
+ _FDT((fdt_property_cell(fdt, "#address-cells", 0x1)));
+ _FDT((fdt_property_cell(fdt, "#size-cells", 0x0)));
+
+ modelname = g_strdup(cpu_model);
+
+ for (i = 0; i < strlen(modelname); i++) {
+ modelname[i] = toupper(modelname[i]);
+ }
+
+ /* This is needed during FDT finalization */
+ spapr->cpu_model = g_strdup(modelname);
+
+ for (cs = first_cpu; cs != NULL; cs = cs->next_cpu) {
+ PowerPCCPU *cpu = POWERPC_CPU(cs);
+ CPUPPCState *env = &cpu->env;
+ PowerPCCPUClass *pcc = POWERPC_CPU_GET_CLASS(cs);
+ int index = cs->cpu_index;
+ uint32_t servers_prop[smp_threads];
+ uint32_t gservers_prop[smp_threads * 2];
+ char *nodename;
+ uint32_t segs[] = {cpu_to_be32(28), cpu_to_be32(40),
+ 0xffffffff, 0xffffffff};
+ uint32_t tbfreq = kvm_enabled() ? kvmppc_get_tbfreq() : TIMEBASE_FREQ;
+ uint32_t cpufreq = kvm_enabled() ? kvmppc_get_clockfreq() : 1000000000;
+ uint32_t page_sizes_prop[64];
+ size_t page_sizes_prop_size;
+
+ if ((index % smt) != 0) {
+ continue;
+ }
+
+ nodename = g_strdup_printf("%s@%x", modelname, index);
+
+ _FDT((fdt_begin_node(fdt, nodename)));
+
+ g_free(nodename);
+
+ _FDT((fdt_property_cell(fdt, "reg", index)));
+ _FDT((fdt_property_string(fdt, "device_type", "cpu")));
+
+ _FDT((fdt_property_cell(fdt, "cpu-version", env->spr[SPR_PVR])));
+ _FDT((fdt_property_cell(fdt, "d-cache-block-size",
+ env->dcache_line_size)));
+ _FDT((fdt_property_cell(fdt, "d-cache-line-size",
+ env->dcache_line_size)));
+ _FDT((fdt_property_cell(fdt, "i-cache-block-size",
+ env->icache_line_size)));
+ _FDT((fdt_property_cell(fdt, "i-cache-line-size",
+ env->icache_line_size)));
+
+ if (pcc->l1_dcache_size) {
+ _FDT((fdt_property_cell(fdt, "d-cache-size", pcc->l1_dcache_size)));
+ } else {
+ fprintf(stderr, "Warning: Unknown L1 dcache size for cpu\n");
+ }
+ if (pcc->l1_icache_size) {
+ _FDT((fdt_property_cell(fdt, "i-cache-size", pcc->l1_icache_size)));
+ } else {
+ fprintf(stderr, "Warning: Unknown L1 icache size for cpu\n");
+ }
+
+ _FDT((fdt_property_cell(fdt, "timebase-frequency", tbfreq)));
+ _FDT((fdt_property_cell(fdt, "clock-frequency", cpufreq)));
+ _FDT((fdt_property_cell(fdt, "ibm,slb-size", env->slb_nr)));
+ _FDT((fdt_property_string(fdt, "status", "okay")));
+ _FDT((fdt_property(fdt, "64-bit", NULL, 0)));
+
+ /* Build interrupt servers and gservers properties */
+ for (i = 0; i < smp_threads; i++) {
+ servers_prop[i] = cpu_to_be32(index + i);
+ /* Hack, direct the group queues back to cpu 0 */
+ gservers_prop[i*2] = cpu_to_be32(index + i);
+ gservers_prop[i*2 + 1] = 0;
+ }
+ _FDT((fdt_property(fdt, "ibm,ppc-interrupt-server#s",
+ servers_prop, sizeof(servers_prop))));
+ _FDT((fdt_property(fdt, "ibm,ppc-interrupt-gserver#s",
+ gservers_prop, sizeof(gservers_prop))));
+
+ if (env->mmu_model & POWERPC_MMU_1TSEG) {
+ _FDT((fdt_property(fdt, "ibm,processor-segment-sizes",
+ segs, sizeof(segs))));
+ }
+
+ /* Advertise VMX/VSX (vector extensions) if available
+ * 0 / no property == no vector extensions
+ * 1 == VMX / Altivec available
+ * 2 == VSX available */
+ if (env->insns_flags & PPC_ALTIVEC) {
+ uint32_t vmx = (env->insns_flags2 & PPC2_VSX) ? 2 : 1;
+
+ _FDT((fdt_property_cell(fdt, "ibm,vmx", vmx)));
+ }
+
+ /* Advertise DFP (Decimal Floating Point) if available
+ * 0 / no property == no DFP
+ * 1 == DFP available */
+ if (env->insns_flags2 & PPC2_DFP) {
+ _FDT((fdt_property_cell(fdt, "ibm,dfp", 1)));
+ }
+
+ page_sizes_prop_size = create_page_sizes_prop(env, page_sizes_prop,
+ sizeof(page_sizes_prop));
+ if (page_sizes_prop_size) {
+ _FDT((fdt_property(fdt, "ibm,segment-page-sizes",
+ page_sizes_prop, page_sizes_prop_size)));
+ }
+
+ _FDT((fdt_end_node(fdt)));
+ }
+
+ g_free(modelname);
+
+ _FDT((fdt_end_node(fdt)));
+
+ /* RTAS */
+ _FDT((fdt_begin_node(fdt, "rtas")));
+
+ _FDT((fdt_property(fdt, "ibm,hypertas-functions", hypertas_prop,
+ sizeof(hypertas_prop))));
+ _FDT((fdt_property(fdt, "qemu,hypertas-functions", qemu_hypertas_prop,
+ sizeof(qemu_hypertas_prop))));
+
+ _FDT((fdt_property(fdt, "ibm,associativity-reference-points",
+ refpoints, sizeof(refpoints))));
+
+ _FDT((fdt_property_cell(fdt, "rtas-error-log-max", RTAS_ERROR_LOG_MAX)));
+
+ _FDT((fdt_end_node(fdt)));
+
+ /* interrupt controller */
+ _FDT((fdt_begin_node(fdt, "interrupt-controller")));
+
+ _FDT((fdt_property_string(fdt, "device_type",
+ "PowerPC-External-Interrupt-Presentation")));
+ _FDT((fdt_property_string(fdt, "compatible", "IBM,ppc-xicp")));
+ _FDT((fdt_property(fdt, "interrupt-controller", NULL, 0)));
+ _FDT((fdt_property(fdt, "ibm,interrupt-server-ranges",
+ interrupt_server_ranges_prop,
+ sizeof(interrupt_server_ranges_prop))));
+ _FDT((fdt_property_cell(fdt, "#interrupt-cells", 2)));
+ _FDT((fdt_property_cell(fdt, "linux,phandle", PHANDLE_XICP)));
+ _FDT((fdt_property_cell(fdt, "phandle", PHANDLE_XICP)));
+
+ _FDT((fdt_end_node(fdt)));
+
+ /* vdevice */
+ _FDT((fdt_begin_node(fdt, "vdevice")));
+
+ _FDT((fdt_property_string(fdt, "device_type", "vdevice")));
+ _FDT((fdt_property_string(fdt, "compatible", "IBM,vdevice")));
+ _FDT((fdt_property_cell(fdt, "#address-cells", 0x1)));
+ _FDT((fdt_property_cell(fdt, "#size-cells", 0x0)));
+ _FDT((fdt_property_cell(fdt, "#interrupt-cells", 0x2)));
+ _FDT((fdt_property(fdt, "interrupt-controller", NULL, 0)));
+
+ _FDT((fdt_end_node(fdt)));
+
+ /* event-sources */
+ spapr_events_fdt_skel(fdt, epow_irq);
+
+ _FDT((fdt_end_node(fdt))); /* close root node */
+ _FDT((fdt_finish(fdt)));
+
+ return fdt;
+}
+
+static int spapr_populate_memory(sPAPREnvironment *spapr, void *fdt)
+{
+ uint32_t associativity[] = {cpu_to_be32(0x4), cpu_to_be32(0x0),
+ cpu_to_be32(0x0), cpu_to_be32(0x0),
+ cpu_to_be32(0x0)};
+ char mem_name[32];
+ hwaddr node0_size, mem_start;
+ uint64_t mem_reg_property[2];
+ int i, off;
+
+ /* memory node(s) */
+ node0_size = (nb_numa_nodes > 1) ? node_mem[0] : ram_size;
+ if (spapr->rma_size > node0_size) {
+ spapr->rma_size = node0_size;
+ }
+
+ /* RMA */
+ mem_reg_property[0] = 0;
+ mem_reg_property[1] = cpu_to_be64(spapr->rma_size);
+ off = fdt_add_subnode(fdt, 0, "memory@0");
+ _FDT(off);
+ _FDT((fdt_setprop_string(fdt, off, "device_type", "memory")));
+ _FDT((fdt_setprop(fdt, off, "reg", mem_reg_property,
+ sizeof(mem_reg_property))));
+ _FDT((fdt_setprop(fdt, off, "ibm,associativity", associativity,
+ sizeof(associativity))));
+
+ /* RAM: Node 0 */
+ if (node0_size > spapr->rma_size) {
+ mem_reg_property[0] = cpu_to_be64(spapr->rma_size);
+ mem_reg_property[1] = cpu_to_be64(node0_size - spapr->rma_size);
+
+ sprintf(mem_name, "memory@" TARGET_FMT_lx, spapr->rma_size);
+ off = fdt_add_subnode(fdt, 0, mem_name);
+ _FDT(off);
+ _FDT((fdt_setprop_string(fdt, off, "device_type", "memory")));
+ _FDT((fdt_setprop(fdt, off, "reg", mem_reg_property,
+ sizeof(mem_reg_property))));
+ _FDT((fdt_setprop(fdt, off, "ibm,associativity", associativity,
+ sizeof(associativity))));
+ }
+
+ /* RAM: Node 1 and beyond */
+ mem_start = node0_size;
+ for (i = 1; i < nb_numa_nodes; i++) {
+ mem_reg_property[0] = cpu_to_be64(mem_start);
+ mem_reg_property[1] = cpu_to_be64(node_mem[i]);
+ associativity[3] = associativity[4] = cpu_to_be32(i);
+ sprintf(mem_name, "memory@" TARGET_FMT_lx, mem_start);
+ off = fdt_add_subnode(fdt, 0, mem_name);
+ _FDT(off);
+ _FDT((fdt_setprop_string(fdt, off, "device_type", "memory")));
+ _FDT((fdt_setprop(fdt, off, "reg", mem_reg_property,
+ sizeof(mem_reg_property))));
+ _FDT((fdt_setprop(fdt, off, "ibm,associativity", associativity,
+ sizeof(associativity))));
+ mem_start += node_mem[i];
+ }
+
+ return 0;
+}
+
+static void spapr_finalize_fdt(sPAPREnvironment *spapr,
+ hwaddr fdt_addr,
+ hwaddr rtas_addr,
+ hwaddr rtas_size)
+{
+ int ret;
+ void *fdt;
+ sPAPRPHBState *phb;
+
+ fdt = g_malloc(FDT_MAX_SIZE);
+
+ /* open out the base tree into a temp buffer for the final tweaks */
+ _FDT((fdt_open_into(spapr->fdt_skel, fdt, FDT_MAX_SIZE)));
+
+ ret = spapr_populate_memory(spapr, fdt);
+ if (ret < 0) {
+ fprintf(stderr, "couldn't setup memory nodes in fdt\n");
+ exit(1);
+ }
+
+ ret = spapr_populate_vdevice(spapr->vio_bus, fdt);
+ if (ret < 0) {
+ fprintf(stderr, "couldn't setup vio devices in fdt\n");
+ exit(1);
+ }
+
+ QLIST_FOREACH(phb, &spapr->phbs, list) {
+ ret = spapr_populate_pci_dt(phb, PHANDLE_XICP, fdt);
+ }
+
+ if (ret < 0) {
+ fprintf(stderr, "couldn't setup PCI devices in fdt\n");
+ exit(1);
+ }
+
+ /* RTAS */
+ ret = spapr_rtas_device_tree_setup(fdt, rtas_addr, rtas_size);
+ if (ret < 0) {
+ fprintf(stderr, "Couldn't set up RTAS device tree properties\n");
+ }
+
+ /* Advertise NUMA via ibm,associativity */
+ ret = spapr_fixup_cpu_dt(fdt, spapr);
+ if (ret < 0) {
+ fprintf(stderr, "Couldn't finalize CPU device tree properties\n");
+ }
+
+ if (!spapr->has_graphics) {
+ spapr_populate_chosen_stdout(fdt, spapr->vio_bus);
+ }
+
+ _FDT((fdt_pack(fdt)));
+
+ if (fdt_totalsize(fdt) > FDT_MAX_SIZE) {
+ hw_error("FDT too big ! 0x%x bytes (max is 0x%x)\n",
+ fdt_totalsize(fdt), FDT_MAX_SIZE);
+ exit(1);
+ }
+
+ cpu_physical_memory_write(fdt_addr, fdt, fdt_totalsize(fdt));
+
+ g_free(fdt);
+}
+
+static uint64_t translate_kernel_address(void *opaque, uint64_t addr)
+{
+ return (addr & 0x0fffffff) + KERNEL_LOAD_ADDR;
+}
+
+static void emulate_spapr_hypercall(PowerPCCPU *cpu)
+{
+ CPUPPCState *env = &cpu->env;
+
+ if (msr_pr) {
+ hcall_dprintf("Hypercall made with MSR[PR]=1\n");
+ env->gpr[3] = H_PRIVILEGE;
+ } else {
+ env->gpr[3] = spapr_hypercall(cpu, env->gpr[3], &env->gpr[4]);
+ }
+}
+
+static void spapr_reset_htab(sPAPREnvironment *spapr)
+{
+ long shift;
+
+ /* allocate hash page table. For now we always make this 16mb,
+ * later we should probably make it scale to the size of guest
+ * RAM */
+
+ shift = kvmppc_reset_htab(spapr->htab_shift);
+
+ if (shift > 0) {
+ /* Kernel handles htab, we don't need to allocate one */
+ spapr->htab_shift = shift;
+ } else {
+ if (!spapr->htab) {
+ /* Allocate an htab if we don't yet have one */
+ spapr->htab = qemu_memalign(HTAB_SIZE(spapr), HTAB_SIZE(spapr));
+ }
+
+ /* And clear it */
+ memset(spapr->htab, 0, HTAB_SIZE(spapr));
+ }
+
+ /* Update the RMA size if necessary */
+ if (spapr->vrma_adjust) {
+ spapr->rma_size = kvmppc_rma_size(ram_size, spapr->htab_shift);
+ }
+}
+
+static void ppc_spapr_reset(void)
+{
+ PowerPCCPU *first_ppc_cpu;
+
+ /* Reset the hash table & recalc the RMA */
+ spapr_reset_htab(spapr);
+
+ qemu_devices_reset();
+
+ /* Load the fdt */
+ spapr_finalize_fdt(spapr, spapr->fdt_addr, spapr->rtas_addr,
+ spapr->rtas_size);
+
+ /* Set up the entry state */
+ first_ppc_cpu = POWERPC_CPU(first_cpu);
+ first_ppc_cpu->env.gpr[3] = spapr->fdt_addr;
+ first_ppc_cpu->env.gpr[5] = 0;
+ first_cpu->halted = 0;
+ first_ppc_cpu->env.nip = spapr->entry_point;
+
+}
+
+static void spapr_cpu_reset(void *opaque)
+{
+ PowerPCCPU *cpu = opaque;
+ CPUState *cs = CPU(cpu);
+ CPUPPCState *env = &cpu->env;
+
+ cpu_reset(cs);
+
+ /* All CPUs start halted. CPU0 is unhalted from the machine level
+ * reset code and the rest are explicitly started up by the guest
+ * using an RTAS call */
+ cs->halted = 1;
+
+ env->spr[SPR_HIOR] = 0;
+
+ env->external_htab = (uint8_t *)spapr->htab;
+ env->htab_base = -1;
+ env->htab_mask = HTAB_SIZE(spapr) - 1;
+ env->spr[SPR_SDR1] = (target_ulong)(uintptr_t)spapr->htab |
+ (spapr->htab_shift - 18);
+}
+
+static void spapr_create_nvram(sPAPREnvironment *spapr)
+{
+ DeviceState *dev = qdev_create(&spapr->vio_bus->bus, "spapr-nvram");
+ const char *drivename = qemu_opt_get(qemu_get_machine_opts(), "nvram");
+
+ if (drivename) {
+ BlockDriverState *bs;
+
+ bs = bdrv_find(drivename);
+ if (!bs) {
+ fprintf(stderr, "No such block device \"%s\" for nvram\n",
+ drivename);
+ exit(1);
+ }
+ qdev_prop_set_drive_nofail(dev, "drive", bs);
+ }
+
+ qdev_init_nofail(dev);
+
+ spapr->nvram = (struct sPAPRNVRAM *)dev;
+}
+
+/* Returns whether we want to use VGA or not */
+static int spapr_vga_init(PCIBus *pci_bus)
+{
+ switch (vga_interface_type) {
+ case VGA_NONE:
+ case VGA_STD:
+ return pci_vga_init(pci_bus) != NULL;
+ default:
+ fprintf(stderr, "This vga model is not supported,"
+ "currently it only supports -vga std\n");
+ exit(0);
+ break;
+ }
+}
+
+static const VMStateDescription vmstate_spapr = {
+ .name = "spapr",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .minimum_version_id_old = 1,
+ .fields = (VMStateField []) {
+ VMSTATE_UINT32(next_irq, sPAPREnvironment),
+
+ /* RTC offset */
+ VMSTATE_UINT64(rtc_offset, sPAPREnvironment),
+
+ VMSTATE_END_OF_LIST()
+ },
+};
+
+#define HPTE(_table, _i) (void *)(((uint64_t *)(_table)) + ((_i) * 2))
+#define HPTE_VALID(_hpte) (tswap64(*((uint64_t *)(_hpte))) & HPTE64_V_VALID)
+#define HPTE_DIRTY(_hpte) (tswap64(*((uint64_t *)(_hpte))) & HPTE64_V_HPTE_DIRTY)
+#define CLEAN_HPTE(_hpte) ((*(uint64_t *)(_hpte)) &= tswap64(~HPTE64_V_HPTE_DIRTY))
+
+static int htab_save_setup(QEMUFile *f, void *opaque)
+{
+ sPAPREnvironment *spapr = opaque;
+
+ /* "Iteration" header */
+ qemu_put_be32(f, spapr->htab_shift);
+
+ if (spapr->htab) {
+ spapr->htab_save_index = 0;
+ spapr->htab_first_pass = true;
+ } else {
+ assert(kvm_enabled());
+
+ spapr->htab_fd = kvmppc_get_htab_fd(false);
+ if (spapr->htab_fd < 0) {
+ fprintf(stderr, "Unable to open fd for reading hash table from KVM: %s\n",
+ strerror(errno));
+ return -1;
+ }
+ }
+
+
+ return 0;
+}
+
+static void htab_save_first_pass(QEMUFile *f, sPAPREnvironment *spapr,
+ int64_t max_ns)
+{
+ int htabslots = HTAB_SIZE(spapr) / HASH_PTE_SIZE_64;
+ int index = spapr->htab_save_index;
+ int64_t starttime = qemu_get_clock_ns(rt_clock);
+
+ assert(spapr->htab_first_pass);
+
+ do {
+ int chunkstart;
+
+ /* Consume invalid HPTEs */
+ while ((index < htabslots)
+ && !HPTE_VALID(HPTE(spapr->htab, index))) {
+ index++;
+ CLEAN_HPTE(HPTE(spapr->htab, index));
+ }
+
+ /* Consume valid HPTEs */
+ chunkstart = index;
+ while ((index < htabslots)
+ && HPTE_VALID(HPTE(spapr->htab, index))) {
+ index++;
+ CLEAN_HPTE(HPTE(spapr->htab, index));
+ }
+
+ if (index > chunkstart) {
+ int n_valid = index - chunkstart;
+
+ qemu_put_be32(f, chunkstart);
+ qemu_put_be16(f, n_valid);
+ qemu_put_be16(f, 0);
+ qemu_put_buffer(f, HPTE(spapr->htab, chunkstart),
+ HASH_PTE_SIZE_64 * n_valid);
+
+ if ((qemu_get_clock_ns(rt_clock) - starttime) > max_ns) {
+ break;
+ }
+ }
+ } while ((index < htabslots) && !qemu_file_rate_limit(f));
+
+ if (index >= htabslots) {
+ assert(index == htabslots);
+ index = 0;
+ spapr->htab_first_pass = false;
+ }
+ spapr->htab_save_index = index;
+}
+
+static int htab_save_later_pass(QEMUFile *f, sPAPREnvironment *spapr,
+ int64_t max_ns)
+{
+ bool final = max_ns < 0;
+ int htabslots = HTAB_SIZE(spapr) / HASH_PTE_SIZE_64;
+ int examined = 0, sent = 0;
+ int index = spapr->htab_save_index;
+ int64_t starttime = qemu_get_clock_ns(rt_clock);
+
+ assert(!spapr->htab_first_pass);
+
+ do {
+ int chunkstart, invalidstart;
+
+ /* Consume non-dirty HPTEs */
+ while ((index < htabslots)
+ && !HPTE_DIRTY(HPTE(spapr->htab, index))) {
+ index++;
+ examined++;
+ }
+
+ chunkstart = index;
+ /* Consume valid dirty HPTEs */
+ while ((index < htabslots)
+ && HPTE_DIRTY(HPTE(spapr->htab, index))
+ && HPTE_VALID(HPTE(spapr->htab, index))) {
+ CLEAN_HPTE(HPTE(spapr->htab, index));
+ index++;
+ examined++;
+ }
+
+ invalidstart = index;
+ /* Consume invalid dirty HPTEs */
+ while ((index < htabslots)
+ && HPTE_DIRTY(HPTE(spapr->htab, index))
+ && !HPTE_VALID(HPTE(spapr->htab, index))) {
+ CLEAN_HPTE(HPTE(spapr->htab, index));
+ index++;
+ examined++;
+ }
+
+ if (index > chunkstart) {
+ int n_valid = invalidstart - chunkstart;
+ int n_invalid = index - invalidstart;
+
+ qemu_put_be32(f, chunkstart);
+ qemu_put_be16(f, n_valid);
+ qemu_put_be16(f, n_invalid);
+ qemu_put_buffer(f, HPTE(spapr->htab, chunkstart),
+ HASH_PTE_SIZE_64 * n_valid);
+ sent += index - chunkstart;
+
+ if (!final && (qemu_get_clock_ns(rt_clock) - starttime) > max_ns) {
+ break;
+ }
+ }
+
+ if (examined >= htabslots) {
+ break;
+ }
+
+ if (index >= htabslots) {
+ assert(index == htabslots);
+ index = 0;
+ }
+ } while ((examined < htabslots) && (!qemu_file_rate_limit(f) || final));
+
+ if (index >= htabslots) {
+ assert(index == htabslots);
+ index = 0;
+ }
+
+ spapr->htab_save_index = index;
+
+ return (examined >= htabslots) && (sent == 0) ? 1 : 0;
+}
+
+#define MAX_ITERATION_NS 5000000 /* 5 ms */
+#define MAX_KVM_BUF_SIZE 2048
+
+static int htab_save_iterate(QEMUFile *f, void *opaque)
+{
+ sPAPREnvironment *spapr = opaque;
+ int rc = 0;
+
+ /* Iteration header */
+ qemu_put_be32(f, 0);
+
+ if (!spapr->htab) {
+ assert(kvm_enabled());
+
+ rc = kvmppc_save_htab(f, spapr->htab_fd,
+ MAX_KVM_BUF_SIZE, MAX_ITERATION_NS);
+ if (rc < 0) {
+ return rc;
+ }
+ } else if (spapr->htab_first_pass) {
+ htab_save_first_pass(f, spapr, MAX_ITERATION_NS);
+ } else {
+ rc = htab_save_later_pass(f, spapr, MAX_ITERATION_NS);
+ }
+
+ /* End marker */
+ qemu_put_be32(f, 0);
+ qemu_put_be16(f, 0);
+ qemu_put_be16(f, 0);
+
+ return rc;
+}
+
+static int htab_save_complete(QEMUFile *f, void *opaque)
+{
+ sPAPREnvironment *spapr = opaque;
+
+ /* Iteration header */
+ qemu_put_be32(f, 0);
+
+ if (!spapr->htab) {
+ int rc;
+
+ assert(kvm_enabled());
+
+ rc = kvmppc_save_htab(f, spapr->htab_fd, MAX_KVM_BUF_SIZE, -1);
+ if (rc < 0) {
+ return rc;
+ }
+ close(spapr->htab_fd);
+ spapr->htab_fd = -1;
+ } else {
+ htab_save_later_pass(f, spapr, -1);
+ }
+
+ /* End marker */
+ qemu_put_be32(f, 0);
+ qemu_put_be16(f, 0);
+ qemu_put_be16(f, 0);
+
+ return 0;
+}
+
+static int htab_load(QEMUFile *f, void *opaque, int version_id)
+{
+ sPAPREnvironment *spapr = opaque;
+ uint32_t section_hdr;
+ int fd = -1;
+
+ if (version_id < 1 || version_id > 1) {
+ fprintf(stderr, "htab_load() bad version\n");
+ return -EINVAL;
+ }
+
+ section_hdr = qemu_get_be32(f);
+
+ if (section_hdr) {
+ /* First section, just the hash shift */
+ if (spapr->htab_shift != section_hdr) {
+ return -EINVAL;
+ }
+ return 0;
+ }
+
+ if (!spapr->htab) {
+ assert(kvm_enabled());
+
+ fd = kvmppc_get_htab_fd(true);
+ if (fd < 0) {
+ fprintf(stderr, "Unable to open fd to restore KVM hash table: %s\n",
+ strerror(errno));
+ }
+ }
+
+ while (true) {
+ uint32_t index;
+ uint16_t n_valid, n_invalid;
+
+ index = qemu_get_be32(f);
+ n_valid = qemu_get_be16(f);
+ n_invalid = qemu_get_be16(f);
+
+ if ((index == 0) && (n_valid == 0) && (n_invalid == 0)) {
+ /* End of Stream */
+ break;
+ }
+
+ if ((index + n_valid + n_invalid) >
+ (HTAB_SIZE(spapr) / HASH_PTE_SIZE_64)) {
+ /* Bad index in stream */
+ fprintf(stderr, "htab_load() bad index %d (%hd+%hd entries) "
+ "in htab stream (htab_shift=%d)\n", index, n_valid, n_invalid,
+ spapr->htab_shift);
+ return -EINVAL;
+ }
+
+ if (spapr->htab) {
+ if (n_valid) {
+ qemu_get_buffer(f, HPTE(spapr->htab, index),
+ HASH_PTE_SIZE_64 * n_valid);
+ }
+ if (n_invalid) {
+ memset(HPTE(spapr->htab, index + n_valid), 0,
+ HASH_PTE_SIZE_64 * n_invalid);
+ }
+ } else {
+ int rc;
+
+ assert(fd >= 0);
+
+ rc = kvmppc_load_htab_chunk(f, fd, index, n_valid, n_invalid);
+ if (rc < 0) {
+ return rc;
+ }
+ }
+ }
+
+ if (!spapr->htab) {
+ assert(fd >= 0);
+ close(fd);
+ }
+
+ return 0;
+}
+
+static SaveVMHandlers savevm_htab_handlers = {
+ .save_live_setup = htab_save_setup,
+ .save_live_iterate = htab_save_iterate,
+ .save_live_complete = htab_save_complete,
+ .load_state = htab_load,
+};
+
+/* pSeries LPAR / sPAPR hardware init */
+static void ppc_spapr_init(QEMUMachineInitArgs *args)
+{
+ ram_addr_t ram_size = args->ram_size;
+ const char *cpu_model = args->cpu_model;
+ const char *kernel_filename = args->kernel_filename;
+ const char *kernel_cmdline = args->kernel_cmdline;
+ const char *initrd_filename = args->initrd_filename;
+ const char *boot_device = args->boot_device;
+ PowerPCCPU *cpu;
+ CPUPPCState *env;
+ PCIHostState *phb;
+ int i;
+ MemoryRegion *sysmem = get_system_memory();
+ MemoryRegion *ram = g_new(MemoryRegion, 1);
+ hwaddr rma_alloc_size;
+ uint32_t initrd_base = 0;
+ long kernel_size = 0, initrd_size = 0;
+ long load_limit, rtas_limit, fw_size;
+ char *filename;
+
+ msi_supported = true;
+
+ spapr = g_malloc0(sizeof(*spapr));
+ QLIST_INIT(&spapr->phbs);
+
+ cpu_ppc_hypercall = emulate_spapr_hypercall;
+
+ /* Allocate RMA if necessary */
+ rma_alloc_size = kvmppc_alloc_rma("ppc_spapr.rma", sysmem);
+
+ if (rma_alloc_size == -1) {
+ hw_error("qemu: Unable to create RMA\n");
+ exit(1);
+ }
+
+ if (rma_alloc_size && (rma_alloc_size < ram_size)) {
+ spapr->rma_size = rma_alloc_size;
+ } else {
+ spapr->rma_size = ram_size;
+
+ /* With KVM, we don't actually know whether KVM supports an
+ * unbounded RMA (PR KVM) or is limited by the hash table size
+ * (HV KVM using VRMA), so we always assume the latter
+ *
+ * In that case, we also limit the initial allocations for RTAS
+ * etc... to 256M since we have no way to know what the VRMA size
+ * is going to be as it depends on the size of the hash table
+ * isn't determined yet.
+ */
+ if (kvm_enabled()) {
+ spapr->vrma_adjust = 1;
+ spapr->rma_size = MIN(spapr->rma_size, 0x10000000);
+ }
+ }
+
+ /* We place the device tree and RTAS just below either the top of the RMA,
+ * or just below 2GB, whichever is lowere, so that it can be
+ * processed with 32-bit real mode code if necessary */
+ rtas_limit = MIN(spapr->rma_size, 0x80000000);
+ spapr->rtas_addr = rtas_limit - RTAS_MAX_SIZE;
+ spapr->fdt_addr = spapr->rtas_addr - FDT_MAX_SIZE;
+ load_limit = spapr->fdt_addr - FW_OVERHEAD;
+
+ /* We aim for a hash table of size 1/128 the size of RAM. The
+ * normal rule of thumb is 1/64 the size of RAM, but that's much
+ * more than needed for the Linux guests we support. */
+ spapr->htab_shift = 18; /* Minimum architected size */
+ while (spapr->htab_shift <= 46) {
+ if ((1ULL << (spapr->htab_shift + 7)) >= ram_size) {
+ break;
+ }
+ spapr->htab_shift++;
+ }
+
+ /* Set up Interrupt Controller before we create the VCPUs */
+ spapr->icp = xics_system_init(smp_cpus * kvmppc_smt_threads() / smp_threads,
+ XICS_IRQS);
+ spapr->next_irq = XICS_IRQ_BASE;
+
+ /* init CPUs */
+ if (cpu_model == NULL) {
+ cpu_model = kvm_enabled() ? "host" : "POWER7";
+ }
+ for (i = 0; i < smp_cpus; i++) {
+ cpu = cpu_ppc_init(cpu_model);
+ if (cpu == NULL) {
+ fprintf(stderr, "Unable to find PowerPC CPU definition\n");
+ exit(1);
+ }
+ env = &cpu->env;
+
+ xics_cpu_setup(spapr->icp, cpu);
+
+ /* Set time-base frequency to 512 MHz */
+ cpu_ppc_tb_init(env, TIMEBASE_FREQ);
+
+ /* PAPR always has exception vectors in RAM not ROM. To ensure this,
+ * MSR[IP] should never be set.
+ */
+ env->msr_mask &= ~(1 << 6);
+
+ /* Tell KVM that we're in PAPR mode */
+ if (kvm_enabled()) {
+ kvmppc_set_papr(cpu);
+ }
+
+ qemu_register_reset(spapr_cpu_reset, cpu);
+ }
+
+ /* allocate RAM */
+ spapr->ram_limit = ram_size;
+ if (spapr->ram_limit > rma_alloc_size) {
+ ram_addr_t nonrma_base = rma_alloc_size;
+ ram_addr_t nonrma_size = spapr->ram_limit - rma_alloc_size;
+
+ memory_region_init_ram(ram, NULL, "ppc_spapr.ram", nonrma_size);
+ vmstate_register_ram_global(ram);
+ memory_region_add_subregion(sysmem, nonrma_base, ram);
+ }
+
+ filename = qemu_find_file(QEMU_FILE_TYPE_BIOS, "spapr-rtas.bin");
+ spapr->rtas_size = load_image_targphys(filename, spapr->rtas_addr,
+ rtas_limit - spapr->rtas_addr);
+ if (spapr->rtas_size < 0) {
+ hw_error("qemu: could not load LPAR rtas '%s'\n", filename);
+ exit(1);
+ }
+ if (spapr->rtas_size > RTAS_MAX_SIZE) {
+ hw_error("RTAS too big ! 0x%lx bytes (max is 0x%x)\n",
+ spapr->rtas_size, RTAS_MAX_SIZE);
+ exit(1);
+ }
+ g_free(filename);
+
+ /* Set up EPOW events infrastructure */
+ spapr_events_init(spapr);
+
+ /* Set up VIO bus */
+ spapr->vio_bus = spapr_vio_bus_init();
+
+ for (i = 0; i < MAX_SERIAL_PORTS; i++) {
+ if (serial_hds[i]) {
+ spapr_vty_create(spapr->vio_bus, serial_hds[i]);
+ }
+ }
+
+ /* We always have at least the nvram device on VIO */
+ spapr_create_nvram(spapr);
+
+ /* Set up PCI */
+ spapr_pci_rtas_init();
+
+ phb = spapr_create_phb(spapr, 0);
+
+ for (i = 0; i < nb_nics; i++) {
+ NICInfo *nd = &nd_table[i];
+
+ if (!nd->model) {
+ nd->model = g_strdup("ibmveth");
+ }
+
+ if (strcmp(nd->model, "ibmveth") == 0) {
+ spapr_vlan_create(spapr->vio_bus, nd);
+ } else {
+ pci_nic_init_nofail(&nd_table[i], phb->bus, nd->model, NULL);
+ }
+ }
+
+ for (i = 0; i <= drive_get_max_bus(IF_SCSI); i++) {
+ spapr_vscsi_create(spapr->vio_bus);
+ }
+
+ /* Graphics */
+ if (spapr_vga_init(phb->bus)) {
+ spapr->has_graphics = true;
+ }
+
+ if (usb_enabled(spapr->has_graphics)) {
+ pci_create_simple(phb->bus, -1, "pci-ohci");
+ if (spapr->has_graphics) {
+ usbdevice_create("keyboard");
+ usbdevice_create("mouse");
+ }
+ }
+
+ if (spapr->rma_size < (MIN_RMA_SLOF << 20)) {
+ fprintf(stderr, "qemu: pSeries SLOF firmware requires >= "
+ "%ldM guest RMA (Real Mode Area memory)\n", MIN_RMA_SLOF);
+ exit(1);
+ }
+
+ if (kernel_filename) {
+ uint64_t lowaddr = 0;
+
+ kernel_size = load_elf(kernel_filename, translate_kernel_address, NULL,
+ NULL, &lowaddr, NULL, 1, ELF_MACHINE, 0);
+ if (kernel_size < 0) {
+ kernel_size = load_image_targphys(kernel_filename,
+ KERNEL_LOAD_ADDR,
+ load_limit - KERNEL_LOAD_ADDR);
+ }
+ if (kernel_size < 0) {
+ fprintf(stderr, "qemu: could not load kernel '%s'\n",
+ kernel_filename);
+ exit(1);
+ }
+
+ /* load initrd */
+ if (initrd_filename) {
+ /* Try to locate the initrd in the gap between the kernel
+ * and the firmware. Add a bit of space just in case
+ */
+ initrd_base = (KERNEL_LOAD_ADDR + kernel_size + 0x1ffff) & ~0xffff;
+ initrd_size = load_image_targphys(initrd_filename, initrd_base,
+ load_limit - initrd_base);
+ if (initrd_size < 0) {
+ fprintf(stderr, "qemu: could not load initial ram disk '%s'\n",
+ initrd_filename);
+ exit(1);
+ }
+ } else {
+ initrd_base = 0;
+ initrd_size = 0;
+ }
+ }
+
+ if (bios_name == NULL) {
+ bios_name = FW_FILE_NAME;
+ }
+ filename = qemu_find_file(QEMU_FILE_TYPE_BIOS, bios_name);
+ fw_size = load_image_targphys(filename, 0, FW_MAX_SIZE);
+ if (fw_size < 0) {
+ hw_error("qemu: could not load LPAR rtas '%s'\n", filename);
+ exit(1);
+ }
+ g_free(filename);
+
+ spapr->entry_point = 0x100;
+
+ vmstate_register(NULL, 0, &vmstate_spapr, spapr);
+ register_savevm_live(NULL, "spapr/htab", -1, 1,
+ &savevm_htab_handlers, spapr);
+
+ /* Prepare the device tree */
+ spapr->fdt_skel = spapr_create_fdt_skel(cpu_model,
+ initrd_base, initrd_size,
+ kernel_size,
+ boot_device, kernel_cmdline,
+ spapr->epow_irq);
+ assert(spapr->fdt_skel != NULL);
+}
+
+static QEMUMachine spapr_machine = {
+ .name = "pseries",
+ .desc = "pSeries Logical Partition (PAPR compliant)",
+ .is_default = 1,
+ .init = ppc_spapr_init,
+ .reset = ppc_spapr_reset,
+ .block_default_type = IF_SCSI,
+ .max_cpus = MAX_CPUS,
+ .no_parallel = 1,
+ .boot_order = NULL,
+};
+
+static void spapr_machine_init(void)
+{
+ qemu_register_machine(&spapr_machine);
+}
+
+machine_init(spapr_machine_init);
diff --git a/hw/ppc/spapr_events.c b/hw/ppc/spapr_events.c
new file mode 100644
index 000000000..a69390e54
--- /dev/null
+++ b/hw/ppc/spapr_events.c
@@ -0,0 +1,321 @@
+/*
+ * QEMU PowerPC pSeries Logical Partition (aka sPAPR) hardware System Emulator
+ *
+ * RTAS events handling
+ *
+ * Copyright (c) 2012 David Gibson, IBM Corporation.
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ *
+ */
+#include "cpu.h"
+#include "sysemu/sysemu.h"
+#include "sysemu/char.h"
+#include "hw/qdev.h"
+#include "sysemu/device_tree.h"
+
+#include "hw/ppc/spapr.h"
+#include "hw/ppc/spapr_vio.h"
+
+#include <libfdt.h>
+
+struct rtas_error_log {
+ uint32_t summary;
+#define RTAS_LOG_VERSION_MASK 0xff000000
+#define RTAS_LOG_VERSION_6 0x06000000
+#define RTAS_LOG_SEVERITY_MASK 0x00e00000
+#define RTAS_LOG_SEVERITY_ALREADY_REPORTED 0x00c00000
+#define RTAS_LOG_SEVERITY_FATAL 0x00a00000
+#define RTAS_LOG_SEVERITY_ERROR 0x00800000
+#define RTAS_LOG_SEVERITY_ERROR_SYNC 0x00600000
+#define RTAS_LOG_SEVERITY_WARNING 0x00400000
+#define RTAS_LOG_SEVERITY_EVENT 0x00200000
+#define RTAS_LOG_SEVERITY_NO_ERROR 0x00000000
+#define RTAS_LOG_DISPOSITION_MASK 0x00180000
+#define RTAS_LOG_DISPOSITION_FULLY_RECOVERED 0x00000000
+#define RTAS_LOG_DISPOSITION_LIMITED_RECOVERY 0x00080000
+#define RTAS_LOG_DISPOSITION_NOT_RECOVERED 0x00100000
+#define RTAS_LOG_OPTIONAL_PART_PRESENT 0x00040000
+#define RTAS_LOG_INITIATOR_MASK 0x0000f000
+#define RTAS_LOG_INITIATOR_UNKNOWN 0x00000000
+#define RTAS_LOG_INITIATOR_CPU 0x00001000
+#define RTAS_LOG_INITIATOR_PCI 0x00002000
+#define RTAS_LOG_INITIATOR_MEMORY 0x00004000
+#define RTAS_LOG_INITIATOR_HOTPLUG 0x00006000
+#define RTAS_LOG_TARGET_MASK 0x00000f00
+#define RTAS_LOG_TARGET_UNKNOWN 0x00000000
+#define RTAS_LOG_TARGET_CPU 0x00000100
+#define RTAS_LOG_TARGET_PCI 0x00000200
+#define RTAS_LOG_TARGET_MEMORY 0x00000400
+#define RTAS_LOG_TARGET_HOTPLUG 0x00000600
+#define RTAS_LOG_TYPE_MASK 0x000000ff
+#define RTAS_LOG_TYPE_OTHER 0x00000000
+#define RTAS_LOG_TYPE_RETRY 0x00000001
+#define RTAS_LOG_TYPE_TCE_ERR 0x00000002
+#define RTAS_LOG_TYPE_INTERN_DEV_FAIL 0x00000003
+#define RTAS_LOG_TYPE_TIMEOUT 0x00000004
+#define RTAS_LOG_TYPE_DATA_PARITY 0x00000005
+#define RTAS_LOG_TYPE_ADDR_PARITY 0x00000006
+#define RTAS_LOG_TYPE_CACHE_PARITY 0x00000007
+#define RTAS_LOG_TYPE_ADDR_INVALID 0x00000008
+#define RTAS_LOG_TYPE_ECC_UNCORR 0x00000009
+#define RTAS_LOG_TYPE_ECC_CORR 0x0000000a
+#define RTAS_LOG_TYPE_EPOW 0x00000040
+ uint32_t extended_length;
+} QEMU_PACKED;
+
+struct rtas_event_log_v6 {
+ uint8_t b0;
+#define RTAS_LOG_V6_B0_VALID 0x80
+#define RTAS_LOG_V6_B0_UNRECOVERABLE_ERROR 0x40
+#define RTAS_LOG_V6_B0_RECOVERABLE_ERROR 0x20
+#define RTAS_LOG_V6_B0_DEGRADED_OPERATION 0x10
+#define RTAS_LOG_V6_B0_PREDICTIVE_ERROR 0x08
+#define RTAS_LOG_V6_B0_NEW_LOG 0x04
+#define RTAS_LOG_V6_B0_BIGENDIAN 0x02
+ uint8_t _resv1;
+ uint8_t b2;
+#define RTAS_LOG_V6_B2_POWERPC_FORMAT 0x80
+#define RTAS_LOG_V6_B2_LOG_FORMAT_MASK 0x0f
+#define RTAS_LOG_V6_B2_LOG_FORMAT_PLATFORM_EVENT 0x0e
+ uint8_t _resv2[9];
+ uint32_t company;
+#define RTAS_LOG_V6_COMPANY_IBM 0x49424d00 /* IBM<null> */
+} QEMU_PACKED;
+
+struct rtas_event_log_v6_section_header {
+ uint16_t section_id;
+ uint16_t section_length;
+ uint8_t section_version;
+ uint8_t section_subtype;
+ uint16_t creator_component_id;
+} QEMU_PACKED;
+
+struct rtas_event_log_v6_maina {
+#define RTAS_LOG_V6_SECTION_ID_MAINA 0x5048 /* PH */
+ struct rtas_event_log_v6_section_header hdr;
+ uint32_t creation_date; /* BCD: YYYYMMDD */
+ uint32_t creation_time; /* BCD: HHMMSS00 */
+ uint8_t _platform1[8];
+ char creator_id;
+ uint8_t _resv1[2];
+ uint8_t section_count;
+ uint8_t _resv2[4];
+ uint8_t _platform2[8];
+ uint32_t plid;
+ uint8_t _platform3[4];
+} QEMU_PACKED;
+
+struct rtas_event_log_v6_mainb {
+#define RTAS_LOG_V6_SECTION_ID_MAINB 0x5548 /* UH */
+ struct rtas_event_log_v6_section_header hdr;
+ uint8_t subsystem_id;
+ uint8_t _platform1;
+ uint8_t event_severity;
+ uint8_t event_subtype;
+ uint8_t _platform2[4];
+ uint8_t _resv1[2];
+ uint16_t action_flags;
+ uint8_t _resv2[4];
+} QEMU_PACKED;
+
+struct rtas_event_log_v6_epow {
+#define RTAS_LOG_V6_SECTION_ID_EPOW 0x4550 /* EP */
+ struct rtas_event_log_v6_section_header hdr;
+ uint8_t sensor_value;
+#define RTAS_LOG_V6_EPOW_ACTION_RESET 0
+#define RTAS_LOG_V6_EPOW_ACTION_WARN_COOLING 1
+#define RTAS_LOG_V6_EPOW_ACTION_WARN_POWER 2
+#define RTAS_LOG_V6_EPOW_ACTION_SYSTEM_SHUTDOWN 3
+#define RTAS_LOG_V6_EPOW_ACTION_SYSTEM_HALT 4
+#define RTAS_LOG_V6_EPOW_ACTION_MAIN_ENCLOSURE 5
+#define RTAS_LOG_V6_EPOW_ACTION_POWER_OFF 7
+ uint8_t event_modifier;
+#define RTAS_LOG_V6_EPOW_MODIFIER_NORMAL 1
+#define RTAS_LOG_V6_EPOW_MODIFIER_ON_UPS 2
+#define RTAS_LOG_V6_EPOW_MODIFIER_CRITICAL 3
+#define RTAS_LOG_V6_EPOW_MODIFIER_TEMPERATURE 4
+ uint8_t extended_modifier;
+#define RTAS_LOG_V6_EPOW_XMODIFIER_SYSTEM_WIDE 0
+#define RTAS_LOG_V6_EPOW_XMODIFIER_PARTITION_SPECIFIC 1
+ uint8_t _resv;
+ uint64_t reason_code;
+} QEMU_PACKED;
+
+struct epow_log_full {
+ struct rtas_error_log hdr;
+ struct rtas_event_log_v6 v6hdr;
+ struct rtas_event_log_v6_maina maina;
+ struct rtas_event_log_v6_mainb mainb;
+ struct rtas_event_log_v6_epow epow;
+} QEMU_PACKED;
+
+#define EVENT_MASK_INTERNAL_ERRORS 0x80000000
+#define EVENT_MASK_EPOW 0x40000000
+#define EVENT_MASK_HOTPLUG 0x10000000
+#define EVENT_MASK_IO 0x08000000
+
+#define _FDT(exp) \
+ do { \
+ int ret = (exp); \
+ if (ret < 0) { \
+ fprintf(stderr, "qemu: error creating device tree: %s: %s\n", \
+ #exp, fdt_strerror(ret)); \
+ exit(1); \
+ } \
+ } while (0)
+
+void spapr_events_fdt_skel(void *fdt, uint32_t epow_irq)
+{
+ uint32_t epow_irq_ranges[] = {cpu_to_be32(epow_irq), cpu_to_be32(1)};
+ uint32_t epow_interrupts[] = {cpu_to_be32(epow_irq), 0};
+
+ _FDT((fdt_begin_node(fdt, "event-sources")));
+
+ _FDT((fdt_property(fdt, "interrupt-controller", NULL, 0)));
+ _FDT((fdt_property_cell(fdt, "#interrupt-cells", 2)));
+ _FDT((fdt_property(fdt, "interrupt-ranges",
+ epow_irq_ranges, sizeof(epow_irq_ranges))));
+
+ _FDT((fdt_begin_node(fdt, "epow-events")));
+ _FDT((fdt_property(fdt, "interrupts",
+ epow_interrupts, sizeof(epow_interrupts))));
+ _FDT((fdt_end_node(fdt)));
+
+ _FDT((fdt_end_node(fdt)));
+}
+
+static struct epow_log_full *pending_epow;
+static uint32_t next_plid;
+
+static void spapr_powerdown_req(Notifier *n, void *opaque)
+{
+ sPAPREnvironment *spapr = container_of(n, sPAPREnvironment, epow_notifier);
+ struct rtas_error_log *hdr;
+ struct rtas_event_log_v6 *v6hdr;
+ struct rtas_event_log_v6_maina *maina;
+ struct rtas_event_log_v6_mainb *mainb;
+ struct rtas_event_log_v6_epow *epow;
+ struct tm tm;
+ int year;
+
+ if (pending_epow) {
+ /* For now, we just throw away earlier events if two come
+ * along before any are consumed. This is sufficient for our
+ * powerdown messages, but we'll need more if we do more
+ * general error/event logging */
+ g_free(pending_epow);
+ }
+ pending_epow = g_malloc0(sizeof(*pending_epow));
+ hdr = &pending_epow->hdr;
+ v6hdr = &pending_epow->v6hdr;
+ maina = &pending_epow->maina;
+ mainb = &pending_epow->mainb;
+ epow = &pending_epow->epow;
+
+ hdr->summary = cpu_to_be32(RTAS_LOG_VERSION_6
+ | RTAS_LOG_SEVERITY_EVENT
+ | RTAS_LOG_DISPOSITION_NOT_RECOVERED
+ | RTAS_LOG_OPTIONAL_PART_PRESENT
+ | RTAS_LOG_TYPE_EPOW);
+ hdr->extended_length = cpu_to_be32(sizeof(*pending_epow)
+ - sizeof(pending_epow->hdr));
+
+ v6hdr->b0 = RTAS_LOG_V6_B0_VALID | RTAS_LOG_V6_B0_NEW_LOG
+ | RTAS_LOG_V6_B0_BIGENDIAN;
+ v6hdr->b2 = RTAS_LOG_V6_B2_POWERPC_FORMAT
+ | RTAS_LOG_V6_B2_LOG_FORMAT_PLATFORM_EVENT;
+ v6hdr->company = cpu_to_be32(RTAS_LOG_V6_COMPANY_IBM);
+
+ maina->hdr.section_id = cpu_to_be16(RTAS_LOG_V6_SECTION_ID_MAINA);
+ maina->hdr.section_length = cpu_to_be16(sizeof(*maina));
+ /* FIXME: section version, subtype and creator id? */
+ qemu_get_timedate(&tm, spapr->rtc_offset);
+ year = tm.tm_year + 1900;
+ maina->creation_date = cpu_to_be32((to_bcd(year / 100) << 24)
+ | (to_bcd(year % 100) << 16)
+ | (to_bcd(tm.tm_mon + 1) << 8)
+ | to_bcd(tm.tm_mday));
+ maina->creation_time = cpu_to_be32((to_bcd(tm.tm_hour) << 24)
+ | (to_bcd(tm.tm_min) << 16)
+ | (to_bcd(tm.tm_sec) << 8));
+ maina->creator_id = 'H'; /* Hypervisor */
+ maina->section_count = 3; /* Main-A, Main-B and EPOW */
+ maina->plid = next_plid++;
+
+ mainb->hdr.section_id = cpu_to_be16(RTAS_LOG_V6_SECTION_ID_MAINB);
+ mainb->hdr.section_length = cpu_to_be16(sizeof(*mainb));
+ /* FIXME: section version, subtype and creator id? */
+ mainb->subsystem_id = 0xa0; /* External environment */
+ mainb->event_severity = 0x00; /* Informational / non-error */
+ mainb->event_subtype = 0xd0; /* Normal shutdown */
+
+ epow->hdr.section_id = cpu_to_be16(RTAS_LOG_V6_SECTION_ID_EPOW);
+ epow->hdr.section_length = cpu_to_be16(sizeof(*epow));
+ epow->hdr.section_version = 2; /* includes extended modifier */
+ /* FIXME: section subtype and creator id? */
+ epow->sensor_value = RTAS_LOG_V6_EPOW_ACTION_SYSTEM_SHUTDOWN;
+ epow->event_modifier = RTAS_LOG_V6_EPOW_MODIFIER_NORMAL;
+ epow->extended_modifier = RTAS_LOG_V6_EPOW_XMODIFIER_PARTITION_SPECIFIC;
+
+ qemu_irq_pulse(xics_get_qirq(spapr->icp, spapr->epow_irq));
+}
+
+static void check_exception(PowerPCCPU *cpu, sPAPREnvironment *spapr,
+ uint32_t token, uint32_t nargs,
+ target_ulong args,
+ uint32_t nret, target_ulong rets)
+{
+ uint32_t mask, buf, len;
+ uint64_t xinfo;
+
+ if ((nargs < 6) || (nargs > 7) || nret != 1) {
+ rtas_st(rets, 0, -3);
+ return;
+ }
+
+ xinfo = rtas_ld(args, 1);
+ mask = rtas_ld(args, 2);
+ buf = rtas_ld(args, 4);
+ len = rtas_ld(args, 5);
+ if (nargs == 7) {
+ xinfo |= (uint64_t)rtas_ld(args, 6) << 32;
+ }
+
+ if ((mask & EVENT_MASK_EPOW) && pending_epow) {
+ if (sizeof(*pending_epow) < len) {
+ len = sizeof(*pending_epow);
+ }
+
+ cpu_physical_memory_write(buf, pending_epow, len);
+ g_free(pending_epow);
+ pending_epow = NULL;
+ rtas_st(rets, 0, 0);
+ } else {
+ rtas_st(rets, 0, 1);
+ }
+}
+
+void spapr_events_init(sPAPREnvironment *spapr)
+{
+ spapr->epow_irq = spapr_allocate_msi(0);
+ spapr->epow_notifier.notify = spapr_powerdown_req;
+ qemu_register_powerdown_notifier(&spapr->epow_notifier);
+ spapr_rtas_register("check-exception", check_exception);
+}
diff --git a/hw/ppc/spapr_hcall.c b/hw/ppc/spapr_hcall.c
new file mode 100644
index 000000000..67d6cd91d
--- /dev/null
+++ b/hw/ppc/spapr_hcall.c
@@ -0,0 +1,739 @@
+#include "sysemu/sysemu.h"
+#include "cpu.h"
+#include "helper_regs.h"
+#include "hw/ppc/spapr.h"
+#include "mmu-hash64.h"
+
+static target_ulong compute_tlbie_rb(target_ulong v, target_ulong r,
+ target_ulong pte_index)
+{
+ target_ulong rb, va_low;
+
+ rb = (v & ~0x7fULL) << 16; /* AVA field */
+ va_low = pte_index >> 3;
+ if (v & HPTE64_V_SECONDARY) {
+ va_low = ~va_low;
+ }
+ /* xor vsid from AVA */
+ if (!(v & HPTE64_V_1TB_SEG)) {
+ va_low ^= v >> 12;
+ } else {
+ va_low ^= v >> 24;
+ }
+ va_low &= 0x7ff;
+ if (v & HPTE64_V_LARGE) {
+ rb |= 1; /* L field */
+#if 0 /* Disable that P7 specific bit for now */
+ if (r & 0xff000) {
+ /* non-16MB large page, must be 64k */
+ /* (masks depend on page size) */
+ rb |= 0x1000; /* page encoding in LP field */
+ rb |= (va_low & 0x7f) << 16; /* 7b of VA in AVA/LP field */
+ rb |= (va_low & 0xfe); /* AVAL field */
+ }
+#endif
+ } else {
+ /* 4kB page */
+ rb |= (va_low & 0x7ff) << 12; /* remaining 11b of AVA */
+ }
+ rb |= (v >> 54) & 0x300; /* B field */
+ return rb;
+}
+
+static target_ulong h_enter(PowerPCCPU *cpu, sPAPREnvironment *spapr,
+ target_ulong opcode, target_ulong *args)
+{
+ CPUPPCState *env = &cpu->env;
+ target_ulong flags = args[0];
+ target_ulong pte_index = args[1];
+ target_ulong pteh = args[2];
+ target_ulong ptel = args[3];
+ target_ulong page_shift = 12;
+ target_ulong raddr;
+ target_ulong i;
+ hwaddr hpte;
+
+ /* only handle 4k and 16M pages for now */
+ if (pteh & HPTE64_V_LARGE) {
+#if 0 /* We don't support 64k pages yet */
+ if ((ptel & 0xf000) == 0x1000) {
+ /* 64k page */
+ } else
+#endif
+ if ((ptel & 0xff000) == 0) {
+ /* 16M page */
+ page_shift = 24;
+ /* lowest AVA bit must be 0 for 16M pages */
+ if (pteh & 0x80) {
+ return H_PARAMETER;
+ }
+ } else {
+ return H_PARAMETER;
+ }
+ }
+
+ raddr = (ptel & HPTE64_R_RPN) & ~((1ULL << page_shift) - 1);
+
+ if (raddr < spapr->ram_limit) {
+ /* Regular RAM - should have WIMG=0010 */
+ if ((ptel & HPTE64_R_WIMG) != HPTE64_R_M) {
+ return H_PARAMETER;
+ }
+ } else {
+ /* Looks like an IO address */
+ /* FIXME: What WIMG combinations could be sensible for IO?
+ * For now we allow WIMG=010x, but are there others? */
+ /* FIXME: Should we check against registered IO addresses? */
+ if ((ptel & (HPTE64_R_W | HPTE64_R_I | HPTE64_R_M)) != HPTE64_R_I) {
+ return H_PARAMETER;
+ }
+ }
+
+ pteh &= ~0x60ULL;
+
+ if ((pte_index * HASH_PTE_SIZE_64) & ~env->htab_mask) {
+ return H_PARAMETER;
+ }
+ if (likely((flags & H_EXACT) == 0)) {
+ pte_index &= ~7ULL;
+ hpte = pte_index * HASH_PTE_SIZE_64;
+ for (i = 0; ; ++i) {
+ if (i == 8) {
+ return H_PTEG_FULL;
+ }
+ if ((ppc_hash64_load_hpte0(env, hpte) & HPTE64_V_VALID) == 0) {
+ break;
+ }
+ hpte += HASH_PTE_SIZE_64;
+ }
+ } else {
+ i = 0;
+ hpte = pte_index * HASH_PTE_SIZE_64;
+ if (ppc_hash64_load_hpte0(env, hpte) & HPTE64_V_VALID) {
+ return H_PTEG_FULL;
+ }
+ }
+ ppc_hash64_store_hpte1(env, hpte, ptel);
+ /* eieio(); FIXME: need some sort of barrier for smp? */
+ ppc_hash64_store_hpte0(env, hpte, pteh | HPTE64_V_HPTE_DIRTY);
+
+ args[0] = pte_index + i;
+ return H_SUCCESS;
+}
+
+typedef enum {
+ REMOVE_SUCCESS = 0,
+ REMOVE_NOT_FOUND = 1,
+ REMOVE_PARM = 2,
+ REMOVE_HW = 3,
+} RemoveResult;
+
+static RemoveResult remove_hpte(CPUPPCState *env, target_ulong ptex,
+ target_ulong avpn,
+ target_ulong flags,
+ target_ulong *vp, target_ulong *rp)
+{
+ hwaddr hpte;
+ target_ulong v, r, rb;
+
+ if ((ptex * HASH_PTE_SIZE_64) & ~env->htab_mask) {
+ return REMOVE_PARM;
+ }
+
+ hpte = ptex * HASH_PTE_SIZE_64;
+
+ v = ppc_hash64_load_hpte0(env, hpte);
+ r = ppc_hash64_load_hpte1(env, hpte);
+
+ if ((v & HPTE64_V_VALID) == 0 ||
+ ((flags & H_AVPN) && (v & ~0x7fULL) != avpn) ||
+ ((flags & H_ANDCOND) && (v & avpn) != 0)) {
+ return REMOVE_NOT_FOUND;
+ }
+ *vp = v;
+ *rp = r;
+ ppc_hash64_store_hpte0(env, hpte, HPTE64_V_HPTE_DIRTY);
+ rb = compute_tlbie_rb(v, r, ptex);
+ ppc_tlb_invalidate_one(env, rb);
+ return REMOVE_SUCCESS;
+}
+
+static target_ulong h_remove(PowerPCCPU *cpu, sPAPREnvironment *spapr,
+ target_ulong opcode, target_ulong *args)
+{
+ CPUPPCState *env = &cpu->env;
+ target_ulong flags = args[0];
+ target_ulong pte_index = args[1];
+ target_ulong avpn = args[2];
+ RemoveResult ret;
+
+ ret = remove_hpte(env, pte_index, avpn, flags,
+ &args[0], &args[1]);
+
+ switch (ret) {
+ case REMOVE_SUCCESS:
+ return H_SUCCESS;
+
+ case REMOVE_NOT_FOUND:
+ return H_NOT_FOUND;
+
+ case REMOVE_PARM:
+ return H_PARAMETER;
+
+ case REMOVE_HW:
+ return H_HARDWARE;
+ }
+
+ g_assert_not_reached();
+}
+
+#define H_BULK_REMOVE_TYPE 0xc000000000000000ULL
+#define H_BULK_REMOVE_REQUEST 0x4000000000000000ULL
+#define H_BULK_REMOVE_RESPONSE 0x8000000000000000ULL
+#define H_BULK_REMOVE_END 0xc000000000000000ULL
+#define H_BULK_REMOVE_CODE 0x3000000000000000ULL
+#define H_BULK_REMOVE_SUCCESS 0x0000000000000000ULL
+#define H_BULK_REMOVE_NOT_FOUND 0x1000000000000000ULL
+#define H_BULK_REMOVE_PARM 0x2000000000000000ULL
+#define H_BULK_REMOVE_HW 0x3000000000000000ULL
+#define H_BULK_REMOVE_RC 0x0c00000000000000ULL
+#define H_BULK_REMOVE_FLAGS 0x0300000000000000ULL
+#define H_BULK_REMOVE_ABSOLUTE 0x0000000000000000ULL
+#define H_BULK_REMOVE_ANDCOND 0x0100000000000000ULL
+#define H_BULK_REMOVE_AVPN 0x0200000000000000ULL
+#define H_BULK_REMOVE_PTEX 0x00ffffffffffffffULL
+
+#define H_BULK_REMOVE_MAX_BATCH 4
+
+static target_ulong h_bulk_remove(PowerPCCPU *cpu, sPAPREnvironment *spapr,
+ target_ulong opcode, target_ulong *args)
+{
+ CPUPPCState *env = &cpu->env;
+ int i;
+
+ for (i = 0; i < H_BULK_REMOVE_MAX_BATCH; i++) {
+ target_ulong *tsh = &args[i*2];
+ target_ulong tsl = args[i*2 + 1];
+ target_ulong v, r, ret;
+
+ if ((*tsh & H_BULK_REMOVE_TYPE) == H_BULK_REMOVE_END) {
+ break;
+ } else if ((*tsh & H_BULK_REMOVE_TYPE) != H_BULK_REMOVE_REQUEST) {
+ return H_PARAMETER;
+ }
+
+ *tsh &= H_BULK_REMOVE_PTEX | H_BULK_REMOVE_FLAGS;
+ *tsh |= H_BULK_REMOVE_RESPONSE;
+
+ if ((*tsh & H_BULK_REMOVE_ANDCOND) && (*tsh & H_BULK_REMOVE_AVPN)) {
+ *tsh |= H_BULK_REMOVE_PARM;
+ return H_PARAMETER;
+ }
+
+ ret = remove_hpte(env, *tsh & H_BULK_REMOVE_PTEX, tsl,
+ (*tsh & H_BULK_REMOVE_FLAGS) >> 26,
+ &v, &r);
+
+ *tsh |= ret << 60;
+
+ switch (ret) {
+ case REMOVE_SUCCESS:
+ *tsh |= (r & (HPTE64_R_C | HPTE64_R_R)) << 43;
+ break;
+
+ case REMOVE_PARM:
+ return H_PARAMETER;
+
+ case REMOVE_HW:
+ return H_HARDWARE;
+ }
+ }
+
+ return H_SUCCESS;
+}
+
+static target_ulong h_protect(PowerPCCPU *cpu, sPAPREnvironment *spapr,
+ target_ulong opcode, target_ulong *args)
+{
+ CPUPPCState *env = &cpu->env;
+ target_ulong flags = args[0];
+ target_ulong pte_index = args[1];
+ target_ulong avpn = args[2];
+ hwaddr hpte;
+ target_ulong v, r, rb;
+
+ if ((pte_index * HASH_PTE_SIZE_64) & ~env->htab_mask) {
+ return H_PARAMETER;
+ }
+
+ hpte = pte_index * HASH_PTE_SIZE_64;
+
+ v = ppc_hash64_load_hpte0(env, hpte);
+ r = ppc_hash64_load_hpte1(env, hpte);
+
+ if ((v & HPTE64_V_VALID) == 0 ||
+ ((flags & H_AVPN) && (v & ~0x7fULL) != avpn)) {
+ return H_NOT_FOUND;
+ }
+
+ r &= ~(HPTE64_R_PP0 | HPTE64_R_PP | HPTE64_R_N |
+ HPTE64_R_KEY_HI | HPTE64_R_KEY_LO);
+ r |= (flags << 55) & HPTE64_R_PP0;
+ r |= (flags << 48) & HPTE64_R_KEY_HI;
+ r |= flags & (HPTE64_R_PP | HPTE64_R_N | HPTE64_R_KEY_LO);
+ rb = compute_tlbie_rb(v, r, pte_index);
+ ppc_hash64_store_hpte0(env, hpte, (v & ~HPTE64_V_VALID) | HPTE64_V_HPTE_DIRTY);
+ ppc_tlb_invalidate_one(env, rb);
+ ppc_hash64_store_hpte1(env, hpte, r);
+ /* Don't need a memory barrier, due to qemu's global lock */
+ ppc_hash64_store_hpte0(env, hpte, v | HPTE64_V_HPTE_DIRTY);
+ return H_SUCCESS;
+}
+
+static target_ulong h_read(PowerPCCPU *cpu, sPAPREnvironment *spapr,
+ target_ulong opcode, target_ulong *args)
+{
+ CPUPPCState *env = &cpu->env;
+ target_ulong flags = args[0];
+ target_ulong pte_index = args[1];
+ uint8_t *hpte;
+ int i, ridx, n_entries = 1;
+
+ if ((pte_index * HASH_PTE_SIZE_64) & ~env->htab_mask) {
+ return H_PARAMETER;
+ }
+
+ if (flags & H_READ_4) {
+ /* Clear the two low order bits */
+ pte_index &= ~(3ULL);
+ n_entries = 4;
+ }
+
+ hpte = env->external_htab + (pte_index * HASH_PTE_SIZE_64);
+
+ for (i = 0, ridx = 0; i < n_entries; i++) {
+ args[ridx++] = ldq_p(hpte);
+ args[ridx++] = ldq_p(hpte + (HASH_PTE_SIZE_64/2));
+ hpte += HASH_PTE_SIZE_64;
+ }
+
+ return H_SUCCESS;
+}
+
+static target_ulong h_set_dabr(PowerPCCPU *cpu, sPAPREnvironment *spapr,
+ target_ulong opcode, target_ulong *args)
+{
+ /* FIXME: actually implement this */
+ return H_HARDWARE;
+}
+
+#define FLAGS_REGISTER_VPA 0x0000200000000000ULL
+#define FLAGS_REGISTER_DTL 0x0000400000000000ULL
+#define FLAGS_REGISTER_SLBSHADOW 0x0000600000000000ULL
+#define FLAGS_DEREGISTER_VPA 0x0000a00000000000ULL
+#define FLAGS_DEREGISTER_DTL 0x0000c00000000000ULL
+#define FLAGS_DEREGISTER_SLBSHADOW 0x0000e00000000000ULL
+
+#define VPA_MIN_SIZE 640
+#define VPA_SIZE_OFFSET 0x4
+#define VPA_SHARED_PROC_OFFSET 0x9
+#define VPA_SHARED_PROC_VAL 0x2
+
+static target_ulong register_vpa(CPUPPCState *env, target_ulong vpa)
+{
+ uint16_t size;
+ uint8_t tmp;
+
+ if (vpa == 0) {
+ hcall_dprintf("Can't cope with registering a VPA at logical 0\n");
+ return H_HARDWARE;
+ }
+
+ if (vpa % env->dcache_line_size) {
+ return H_PARAMETER;
+ }
+ /* FIXME: bounds check the address */
+
+ size = lduw_be_phys(vpa + 0x4);
+
+ if (size < VPA_MIN_SIZE) {
+ return H_PARAMETER;
+ }
+
+ /* VPA is not allowed to cross a page boundary */
+ if ((vpa / 4096) != ((vpa + size - 1) / 4096)) {
+ return H_PARAMETER;
+ }
+
+ env->vpa_addr = vpa;
+
+ tmp = ldub_phys(env->vpa_addr + VPA_SHARED_PROC_OFFSET);
+ tmp |= VPA_SHARED_PROC_VAL;
+ stb_phys(env->vpa_addr + VPA_SHARED_PROC_OFFSET, tmp);
+
+ return H_SUCCESS;
+}
+
+static target_ulong deregister_vpa(CPUPPCState *env, target_ulong vpa)
+{
+ if (env->slb_shadow_addr) {
+ return H_RESOURCE;
+ }
+
+ if (env->dtl_addr) {
+ return H_RESOURCE;
+ }
+
+ env->vpa_addr = 0;
+ return H_SUCCESS;
+}
+
+static target_ulong register_slb_shadow(CPUPPCState *env, target_ulong addr)
+{
+ uint32_t size;
+
+ if (addr == 0) {
+ hcall_dprintf("Can't cope with SLB shadow at logical 0\n");
+ return H_HARDWARE;
+ }
+
+ size = ldl_be_phys(addr + 0x4);
+ if (size < 0x8) {
+ return H_PARAMETER;
+ }
+
+ if ((addr / 4096) != ((addr + size - 1) / 4096)) {
+ return H_PARAMETER;
+ }
+
+ if (!env->vpa_addr) {
+ return H_RESOURCE;
+ }
+
+ env->slb_shadow_addr = addr;
+ env->slb_shadow_size = size;
+
+ return H_SUCCESS;
+}
+
+static target_ulong deregister_slb_shadow(CPUPPCState *env, target_ulong addr)
+{
+ env->slb_shadow_addr = 0;
+ env->slb_shadow_size = 0;
+ return H_SUCCESS;
+}
+
+static target_ulong register_dtl(CPUPPCState *env, target_ulong addr)
+{
+ uint32_t size;
+
+ if (addr == 0) {
+ hcall_dprintf("Can't cope with DTL at logical 0\n");
+ return H_HARDWARE;
+ }
+
+ size = ldl_be_phys(addr + 0x4);
+
+ if (size < 48) {
+ return H_PARAMETER;
+ }
+
+ if (!env->vpa_addr) {
+ return H_RESOURCE;
+ }
+
+ env->dtl_addr = addr;
+ env->dtl_size = size;
+
+ return H_SUCCESS;
+}
+
+static target_ulong deregister_dtl(CPUPPCState *env, target_ulong addr)
+{
+ env->dtl_addr = 0;
+ env->dtl_size = 0;
+
+ return H_SUCCESS;
+}
+
+static target_ulong h_register_vpa(PowerPCCPU *cpu, sPAPREnvironment *spapr,
+ target_ulong opcode, target_ulong *args)
+{
+ target_ulong flags = args[0];
+ target_ulong procno = args[1];
+ target_ulong vpa = args[2];
+ target_ulong ret = H_PARAMETER;
+ CPUPPCState *tenv;
+ CPUState *tcpu;
+
+ tcpu = qemu_get_cpu(procno);
+ if (!tcpu) {
+ return H_PARAMETER;
+ }
+ tenv = tcpu->env_ptr;
+
+ switch (flags) {
+ case FLAGS_REGISTER_VPA:
+ ret = register_vpa(tenv, vpa);
+ break;
+
+ case FLAGS_DEREGISTER_VPA:
+ ret = deregister_vpa(tenv, vpa);
+ break;
+
+ case FLAGS_REGISTER_SLBSHADOW:
+ ret = register_slb_shadow(tenv, vpa);
+ break;
+
+ case FLAGS_DEREGISTER_SLBSHADOW:
+ ret = deregister_slb_shadow(tenv, vpa);
+ break;
+
+ case FLAGS_REGISTER_DTL:
+ ret = register_dtl(tenv, vpa);
+ break;
+
+ case FLAGS_DEREGISTER_DTL:
+ ret = deregister_dtl(tenv, vpa);
+ break;
+ }
+
+ return ret;
+}
+
+static target_ulong h_cede(PowerPCCPU *cpu, sPAPREnvironment *spapr,
+ target_ulong opcode, target_ulong *args)
+{
+ CPUPPCState *env = &cpu->env;
+ CPUState *cs = CPU(cpu);
+
+ env->msr |= (1ULL << MSR_EE);
+ hreg_compute_hflags(env);
+ if (!cpu_has_work(cs)) {
+ cs->halted = 1;
+ env->exception_index = EXCP_HLT;
+ cs->exit_request = 1;
+ }
+ return H_SUCCESS;
+}
+
+static target_ulong h_rtas(PowerPCCPU *cpu, sPAPREnvironment *spapr,
+ target_ulong opcode, target_ulong *args)
+{
+ target_ulong rtas_r3 = args[0];
+ uint32_t token = ldl_be_phys(rtas_r3);
+ uint32_t nargs = ldl_be_phys(rtas_r3 + 4);
+ uint32_t nret = ldl_be_phys(rtas_r3 + 8);
+
+ return spapr_rtas_call(cpu, spapr, token, nargs, rtas_r3 + 12,
+ nret, rtas_r3 + 12 + 4*nargs);
+}
+
+static target_ulong h_logical_load(PowerPCCPU *cpu, sPAPREnvironment *spapr,
+ target_ulong opcode, target_ulong *args)
+{
+ target_ulong size = args[0];
+ target_ulong addr = args[1];
+
+ switch (size) {
+ case 1:
+ args[0] = ldub_phys(addr);
+ return H_SUCCESS;
+ case 2:
+ args[0] = lduw_phys(addr);
+ return H_SUCCESS;
+ case 4:
+ args[0] = ldl_phys(addr);
+ return H_SUCCESS;
+ case 8:
+ args[0] = ldq_phys(addr);
+ return H_SUCCESS;
+ }
+ return H_PARAMETER;
+}
+
+static target_ulong h_logical_store(PowerPCCPU *cpu, sPAPREnvironment *spapr,
+ target_ulong opcode, target_ulong *args)
+{
+ target_ulong size = args[0];
+ target_ulong addr = args[1];
+ target_ulong val = args[2];
+
+ switch (size) {
+ case 1:
+ stb_phys(addr, val);
+ return H_SUCCESS;
+ case 2:
+ stw_phys(addr, val);
+ return H_SUCCESS;
+ case 4:
+ stl_phys(addr, val);
+ return H_SUCCESS;
+ case 8:
+ stq_phys(addr, val);
+ return H_SUCCESS;
+ }
+ return H_PARAMETER;
+}
+
+static target_ulong h_logical_memop(PowerPCCPU *cpu, sPAPREnvironment *spapr,
+ target_ulong opcode, target_ulong *args)
+{
+ target_ulong dst = args[0]; /* Destination address */
+ target_ulong src = args[1]; /* Source address */
+ target_ulong esize = args[2]; /* Element size (0=1,1=2,2=4,3=8) */
+ target_ulong count = args[3]; /* Element count */
+ target_ulong op = args[4]; /* 0 = copy, 1 = invert */
+ uint64_t tmp;
+ unsigned int mask = (1 << esize) - 1;
+ int step = 1 << esize;
+
+ if (count > 0x80000000) {
+ return H_PARAMETER;
+ }
+
+ if ((dst & mask) || (src & mask) || (op > 1)) {
+ return H_PARAMETER;
+ }
+
+ if (dst >= src && dst < (src + (count << esize))) {
+ dst = dst + ((count - 1) << esize);
+ src = src + ((count - 1) << esize);
+ step = -step;
+ }
+
+ while (count--) {
+ switch (esize) {
+ case 0:
+ tmp = ldub_phys(src);
+ break;
+ case 1:
+ tmp = lduw_phys(src);
+ break;
+ case 2:
+ tmp = ldl_phys(src);
+ break;
+ case 3:
+ tmp = ldq_phys(src);
+ break;
+ default:
+ return H_PARAMETER;
+ }
+ if (op == 1) {
+ tmp = ~tmp;
+ }
+ switch (esize) {
+ case 0:
+ stb_phys(dst, tmp);
+ break;
+ case 1:
+ stw_phys(dst, tmp);
+ break;
+ case 2:
+ stl_phys(dst, tmp);
+ break;
+ case 3:
+ stq_phys(dst, tmp);
+ break;
+ }
+ dst = dst + step;
+ src = src + step;
+ }
+
+ return H_SUCCESS;
+}
+
+static target_ulong h_logical_icbi(PowerPCCPU *cpu, sPAPREnvironment *spapr,
+ target_ulong opcode, target_ulong *args)
+{
+ /* Nothing to do on emulation, KVM will trap this in the kernel */
+ return H_SUCCESS;
+}
+
+static target_ulong h_logical_dcbf(PowerPCCPU *cpu, sPAPREnvironment *spapr,
+ target_ulong opcode, target_ulong *args)
+{
+ /* Nothing to do on emulation, KVM will trap this in the kernel */
+ return H_SUCCESS;
+}
+
+static spapr_hcall_fn papr_hypercall_table[(MAX_HCALL_OPCODE / 4) + 1];
+static spapr_hcall_fn kvmppc_hypercall_table[KVMPPC_HCALL_MAX - KVMPPC_HCALL_BASE + 1];
+
+void spapr_register_hypercall(target_ulong opcode, spapr_hcall_fn fn)
+{
+ spapr_hcall_fn *slot;
+
+ if (opcode <= MAX_HCALL_OPCODE) {
+ assert((opcode & 0x3) == 0);
+
+ slot = &papr_hypercall_table[opcode / 4];
+ } else {
+ assert((opcode >= KVMPPC_HCALL_BASE) && (opcode <= KVMPPC_HCALL_MAX));
+
+ slot = &kvmppc_hypercall_table[opcode - KVMPPC_HCALL_BASE];
+ }
+
+ assert(!(*slot));
+ *slot = fn;
+}
+
+target_ulong spapr_hypercall(PowerPCCPU *cpu, target_ulong opcode,
+ target_ulong *args)
+{
+ if ((opcode <= MAX_HCALL_OPCODE)
+ && ((opcode & 0x3) == 0)) {
+ spapr_hcall_fn fn = papr_hypercall_table[opcode / 4];
+
+ if (fn) {
+ return fn(cpu, spapr, opcode, args);
+ }
+ } else if ((opcode >= KVMPPC_HCALL_BASE) &&
+ (opcode <= KVMPPC_HCALL_MAX)) {
+ spapr_hcall_fn fn = kvmppc_hypercall_table[opcode - KVMPPC_HCALL_BASE];
+
+ if (fn) {
+ return fn(cpu, spapr, opcode, args);
+ }
+ }
+
+ hcall_dprintf("Unimplemented hcall 0x" TARGET_FMT_lx "\n", opcode);
+ return H_FUNCTION;
+}
+
+static void hypercall_register_types(void)
+{
+ /* hcall-pft */
+ spapr_register_hypercall(H_ENTER, h_enter);
+ spapr_register_hypercall(H_REMOVE, h_remove);
+ spapr_register_hypercall(H_PROTECT, h_protect);
+ spapr_register_hypercall(H_READ, h_read);
+
+ /* hcall-bulk */
+ spapr_register_hypercall(H_BULK_REMOVE, h_bulk_remove);
+
+ /* hcall-dabr */
+ spapr_register_hypercall(H_SET_DABR, h_set_dabr);
+
+ /* hcall-splpar */
+ spapr_register_hypercall(H_REGISTER_VPA, h_register_vpa);
+ spapr_register_hypercall(H_CEDE, h_cede);
+
+ /* "debugger" hcalls (also used by SLOF). Note: We do -not- differenciate
+ * here between the "CI" and the "CACHE" variants, they will use whatever
+ * mapping attributes qemu is using. When using KVM, the kernel will
+ * enforce the attributes more strongly
+ */
+ spapr_register_hypercall(H_LOGICAL_CI_LOAD, h_logical_load);
+ spapr_register_hypercall(H_LOGICAL_CI_STORE, h_logical_store);
+ spapr_register_hypercall(H_LOGICAL_CACHE_LOAD, h_logical_load);
+ spapr_register_hypercall(H_LOGICAL_CACHE_STORE, h_logical_store);
+ spapr_register_hypercall(H_LOGICAL_ICBI, h_logical_icbi);
+ spapr_register_hypercall(H_LOGICAL_DCBF, h_logical_dcbf);
+ spapr_register_hypercall(KVMPPC_H_LOGICAL_MEMOP, h_logical_memop);
+
+ /* qemu/KVM-PPC specific hcalls */
+ spapr_register_hypercall(KVMPPC_H_RTAS, h_rtas);
+}
+
+type_init(hypercall_register_types)
diff --git a/hw/ppc/spapr_iommu.c b/hw/ppc/spapr_iommu.c
new file mode 100644
index 000000000..3d4a1fcfe
--- /dev/null
+++ b/hw/ppc/spapr_iommu.c
@@ -0,0 +1,336 @@
+/*
+ * QEMU sPAPR IOMMU (TCE) code
+ *
+ * Copyright (c) 2010 David Gibson, IBM Corporation <dwg@au1.ibm.com>
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, see <http://www.gnu.org/licenses/>.
+ */
+#include "hw/hw.h"
+#include "sysemu/kvm.h"
+#include "hw/qdev.h"
+#include "kvm_ppc.h"
+#include "sysemu/dma.h"
+#include "exec/address-spaces.h"
+
+#include "hw/ppc/spapr.h"
+
+#include <libfdt.h>
+
+/* #define DEBUG_TCE */
+
+enum sPAPRTCEAccess {
+ SPAPR_TCE_FAULT = 0,
+ SPAPR_TCE_RO = 1,
+ SPAPR_TCE_WO = 2,
+ SPAPR_TCE_RW = 3,
+};
+
+QLIST_HEAD(spapr_tce_tables, sPAPRTCETable) spapr_tce_tables;
+
+static sPAPRTCETable *spapr_tce_find_by_liobn(uint32_t liobn)
+{
+ sPAPRTCETable *tcet;
+
+ if (liobn & 0xFFFFFFFF00000000ULL) {
+ hcall_dprintf("Request for out-of-bounds LIOBN 0x" TARGET_FMT_lx "\n",
+ liobn);
+ return NULL;
+ }
+
+ QLIST_FOREACH(tcet, &spapr_tce_tables, list) {
+ if (tcet->liobn == liobn) {
+ return tcet;
+ }
+ }
+
+ return NULL;
+}
+
+static IOMMUTLBEntry spapr_tce_translate_iommu(MemoryRegion *iommu, hwaddr addr)
+{
+ sPAPRTCETable *tcet = container_of(iommu, sPAPRTCETable, iommu);
+ uint64_t tce;
+
+#ifdef DEBUG_TCE
+ fprintf(stderr, "spapr_tce_translate liobn=0x%" PRIx32 " addr=0x"
+ DMA_ADDR_FMT "\n", tcet->liobn, addr);
+#endif
+
+ if (tcet->bypass) {
+ return (IOMMUTLBEntry) {
+ .target_as = &address_space_memory,
+ .iova = 0,
+ .translated_addr = 0,
+ .addr_mask = ~(hwaddr)0,
+ .perm = IOMMU_RW,
+ };
+ }
+
+ /* Check if we are in bound */
+ if (addr >= tcet->window_size) {
+#ifdef DEBUG_TCE
+ fprintf(stderr, "spapr_tce_translate out of bounds\n");
+#endif
+ return (IOMMUTLBEntry) { .perm = IOMMU_NONE };
+ }
+
+ tce = tcet->table[addr >> SPAPR_TCE_PAGE_SHIFT];
+
+#ifdef DEBUG_TCE
+ fprintf(stderr, " -> *paddr=0x%llx, *len=0x%llx\n",
+ (tce & ~SPAPR_TCE_PAGE_MASK), SPAPR_TCE_PAGE_MASK + 1);
+#endif
+
+ return (IOMMUTLBEntry) {
+ .target_as = &address_space_memory,
+ .iova = addr & ~SPAPR_TCE_PAGE_MASK,
+ .translated_addr = tce & ~SPAPR_TCE_PAGE_MASK,
+ .addr_mask = SPAPR_TCE_PAGE_MASK,
+ .perm = tce,
+ };
+}
+
+static int spapr_tce_table_pre_load(void *opaque)
+{
+ sPAPRTCETable *tcet = SPAPR_TCE_TABLE(opaque);
+
+ tcet->nb_table = tcet->window_size >> SPAPR_TCE_PAGE_SHIFT;
+
+ return 0;
+}
+
+static const VMStateDescription vmstate_spapr_tce_table = {
+ .name = "spapr_iommu",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .minimum_version_id_old = 1,
+ .pre_load = spapr_tce_table_pre_load,
+ .fields = (VMStateField []) {
+ /* Sanity check */
+ VMSTATE_UINT32_EQUAL(liobn, sPAPRTCETable),
+ VMSTATE_UINT32_EQUAL(window_size, sPAPRTCETable),
+
+ /* IOMMU state */
+ VMSTATE_BOOL(bypass, sPAPRTCETable),
+ VMSTATE_VARRAY_UINT32(table, sPAPRTCETable, nb_table, 0, vmstate_info_uint64, uint64_t),
+
+ VMSTATE_END_OF_LIST()
+ },
+};
+
+static MemoryRegionIOMMUOps spapr_iommu_ops = {
+ .translate = spapr_tce_translate_iommu,
+};
+
+static int spapr_tce_table_realize(DeviceState *dev)
+{
+ sPAPRTCETable *tcet = SPAPR_TCE_TABLE(dev);
+
+ if (kvm_enabled()) {
+ tcet->table = kvmppc_create_spapr_tce(tcet->liobn,
+ tcet->window_size,
+ &tcet->fd);
+ }
+
+ if (!tcet->table) {
+ size_t table_size = (tcet->window_size >> SPAPR_TCE_PAGE_SHIFT)
+ * sizeof(uint64_t);
+ tcet->table = g_malloc0(table_size);
+ }
+ tcet->nb_table = tcet->window_size >> SPAPR_TCE_PAGE_SHIFT;
+
+#ifdef DEBUG_TCE
+ fprintf(stderr, "spapr_iommu: New TCE table @ %p, liobn=0x%x, "
+ "table @ %p, fd=%d\n", tcet, liobn, tcet->table, tcet->fd);
+#endif
+
+ memory_region_init_iommu(&tcet->iommu, OBJECT(dev), &spapr_iommu_ops,
+ "iommu-spapr", UINT64_MAX);
+
+ QLIST_INSERT_HEAD(&spapr_tce_tables, tcet, list);
+
+ return 0;
+}
+
+sPAPRTCETable *spapr_tce_new_table(DeviceState *owner, uint32_t liobn, size_t window_size)
+{
+ sPAPRTCETable *tcet;
+
+ if (spapr_tce_find_by_liobn(liobn)) {
+ fprintf(stderr, "Attempted to create TCE table with duplicate"
+ " LIOBN 0x%x\n", liobn);
+ return NULL;
+ }
+
+ if (!window_size) {
+ return NULL;
+ }
+
+ tcet = SPAPR_TCE_TABLE(object_new(TYPE_SPAPR_TCE_TABLE));
+ tcet->liobn = liobn;
+ tcet->window_size = window_size;
+
+ object_property_add_child(OBJECT(owner), "tce-table", OBJECT(tcet), NULL);
+
+ qdev_init_nofail(DEVICE(tcet));
+
+ return tcet;
+}
+
+static void spapr_tce_table_finalize(Object *obj)
+{
+ sPAPRTCETable *tcet = SPAPR_TCE_TABLE(obj);
+
+ QLIST_REMOVE(tcet, list);
+
+ if (!kvm_enabled() ||
+ (kvmppc_remove_spapr_tce(tcet->table, tcet->fd,
+ tcet->window_size) != 0)) {
+ g_free(tcet->table);
+ }
+}
+
+MemoryRegion *spapr_tce_get_iommu(sPAPRTCETable *tcet)
+{
+ return &tcet->iommu;
+}
+
+void spapr_tce_set_bypass(sPAPRTCETable *tcet, bool bypass)
+{
+ tcet->bypass = bypass;
+}
+
+static void spapr_tce_reset(DeviceState *dev)
+{
+ sPAPRTCETable *tcet = SPAPR_TCE_TABLE(dev);
+ size_t table_size = (tcet->window_size >> SPAPR_TCE_PAGE_SHIFT)
+ * sizeof(uint64_t);
+
+ tcet->bypass = false;
+ memset(tcet->table, 0, table_size);
+}
+
+static target_ulong put_tce_emu(sPAPRTCETable *tcet, target_ulong ioba,
+ target_ulong tce)
+{
+ IOMMUTLBEntry entry;
+
+ if (ioba >= tcet->window_size) {
+ hcall_dprintf("spapr_vio_put_tce on out-of-bounds IOBA 0x"
+ TARGET_FMT_lx "\n", ioba);
+ return H_PARAMETER;
+ }
+
+ tcet->table[ioba >> SPAPR_TCE_PAGE_SHIFT] = tce;
+
+ entry.target_as = &address_space_memory,
+ entry.iova = ioba & ~SPAPR_TCE_PAGE_MASK;
+ entry.translated_addr = tce & ~SPAPR_TCE_PAGE_MASK;
+ entry.addr_mask = SPAPR_TCE_PAGE_MASK;
+ entry.perm = tce;
+ memory_region_notify_iommu(&tcet->iommu, entry);
+
+ return H_SUCCESS;
+}
+
+static target_ulong h_put_tce(PowerPCCPU *cpu, sPAPREnvironment *spapr,
+ target_ulong opcode, target_ulong *args)
+{
+ target_ulong liobn = args[0];
+ target_ulong ioba = args[1];
+ target_ulong tce = args[2];
+ sPAPRTCETable *tcet = spapr_tce_find_by_liobn(liobn);
+
+ ioba &= ~(SPAPR_TCE_PAGE_SIZE - 1);
+
+ if (tcet) {
+ return put_tce_emu(tcet, ioba, tce);
+ }
+#ifdef DEBUG_TCE
+ fprintf(stderr, "%s on liobn=" TARGET_FMT_lx /*%s*/
+ " ioba 0x" TARGET_FMT_lx " TCE 0x" TARGET_FMT_lx "\n",
+ __func__, liobn, /*dev->qdev.id, */ioba, tce);
+#endif
+
+ return H_PARAMETER;
+}
+
+int spapr_dma_dt(void *fdt, int node_off, const char *propname,
+ uint32_t liobn, uint64_t window, uint32_t size)
+{
+ uint32_t dma_prop[5];
+ int ret;
+
+ dma_prop[0] = cpu_to_be32(liobn);
+ dma_prop[1] = cpu_to_be32(window >> 32);
+ dma_prop[2] = cpu_to_be32(window & 0xFFFFFFFF);
+ dma_prop[3] = 0; /* window size is 32 bits */
+ dma_prop[4] = cpu_to_be32(size);
+
+ ret = fdt_setprop_cell(fdt, node_off, "ibm,#dma-address-cells", 2);
+ if (ret < 0) {
+ return ret;
+ }
+
+ ret = fdt_setprop_cell(fdt, node_off, "ibm,#dma-size-cells", 2);
+ if (ret < 0) {
+ return ret;
+ }
+
+ ret = fdt_setprop(fdt, node_off, propname, dma_prop, sizeof(dma_prop));
+ if (ret < 0) {
+ return ret;
+ }
+
+ return 0;
+}
+
+int spapr_tcet_dma_dt(void *fdt, int node_off, const char *propname,
+ sPAPRTCETable *tcet)
+{
+ if (!tcet) {
+ return 0;
+ }
+
+ return spapr_dma_dt(fdt, node_off, propname,
+ tcet->liobn, 0, tcet->window_size);
+}
+
+static void spapr_tce_table_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ dc->vmsd = &vmstate_spapr_tce_table;
+ dc->init = spapr_tce_table_realize;
+ dc->reset = spapr_tce_reset;
+
+ QLIST_INIT(&spapr_tce_tables);
+
+ /* hcall-tce */
+ spapr_register_hypercall(H_PUT_TCE, h_put_tce);
+}
+
+static TypeInfo spapr_tce_table_info = {
+ .name = TYPE_SPAPR_TCE_TABLE,
+ .parent = TYPE_DEVICE,
+ .instance_size = sizeof(sPAPRTCETable),
+ .class_init = spapr_tce_table_class_init,
+ .instance_finalize = spapr_tce_table_finalize,
+};
+
+static void register_types(void)
+{
+ type_register_static(&spapr_tce_table_info);
+}
+
+type_init(register_types);
diff --git a/hw/ppc/spapr_pci.c b/hw/ppc/spapr_pci.c
new file mode 100644
index 000000000..1ca35a0a7
--- /dev/null
+++ b/hw/ppc/spapr_pci.c
@@ -0,0 +1,868 @@
+/*
+ * QEMU sPAPR PCI host originated from Uninorth PCI host
+ *
+ * Copyright (c) 2011 Alexey Kardashevskiy, IBM Corporation.
+ * Copyright (C) 2011 David Gibson, IBM Corporation.
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+#include "hw/hw.h"
+#include "hw/pci/pci.h"
+#include "hw/pci/msi.h"
+#include "hw/pci/msix.h"
+#include "hw/pci/pci_host.h"
+#include "hw/ppc/spapr.h"
+#include "hw/pci-host/spapr.h"
+#include "exec/address-spaces.h"
+#include <libfdt.h>
+#include "trace.h"
+
+#include "hw/pci/pci_bus.h"
+
+/* Copied from the kernel arch/powerpc/platforms/pseries/msi.c */
+#define RTAS_QUERY_FN 0
+#define RTAS_CHANGE_FN 1
+#define RTAS_RESET_FN 2
+#define RTAS_CHANGE_MSI_FN 3
+#define RTAS_CHANGE_MSIX_FN 4
+
+/* Interrupt types to return on RTAS_CHANGE_* */
+#define RTAS_TYPE_MSI 1
+#define RTAS_TYPE_MSIX 2
+
+static sPAPRPHBState *find_phb(sPAPREnvironment *spapr, uint64_t buid)
+{
+ sPAPRPHBState *sphb;
+
+ QLIST_FOREACH(sphb, &spapr->phbs, list) {
+ if (sphb->buid != buid) {
+ continue;
+ }
+ return sphb;
+ }
+
+ return NULL;
+}
+
+static PCIDevice *find_dev(sPAPREnvironment *spapr, uint64_t buid,
+ uint32_t config_addr)
+{
+ sPAPRPHBState *sphb = find_phb(spapr, buid);
+ PCIHostState *phb = PCI_HOST_BRIDGE(sphb);
+ BusState *bus = BUS(phb->bus);
+ BusChild *kid;
+ int devfn = (config_addr >> 8) & 0xFF;
+
+ if (!phb) {
+ return NULL;
+ }
+
+ QTAILQ_FOREACH(kid, &bus->children, sibling) {
+ PCIDevice *dev = (PCIDevice *)kid->child;
+ if (dev->devfn == devfn) {
+ return dev;
+ }
+ }
+
+ return NULL;
+}
+
+static uint32_t rtas_pci_cfgaddr(uint32_t arg)
+{
+ /* This handles the encoding of extended config space addresses */
+ return ((arg >> 20) & 0xf00) | (arg & 0xff);
+}
+
+static void finish_read_pci_config(sPAPREnvironment *spapr, uint64_t buid,
+ uint32_t addr, uint32_t size,
+ target_ulong rets)
+{
+ PCIDevice *pci_dev;
+ uint32_t val;
+
+ if ((size != 1) && (size != 2) && (size != 4)) {
+ /* access must be 1, 2 or 4 bytes */
+ rtas_st(rets, 0, -1);
+ return;
+ }
+
+ pci_dev = find_dev(spapr, buid, addr);
+ addr = rtas_pci_cfgaddr(addr);
+
+ if (!pci_dev || (addr % size) || (addr >= pci_config_size(pci_dev))) {
+ /* Access must be to a valid device, within bounds and
+ * naturally aligned */
+ rtas_st(rets, 0, -1);
+ return;
+ }
+
+ val = pci_host_config_read_common(pci_dev, addr,
+ pci_config_size(pci_dev), size);
+
+ rtas_st(rets, 0, 0);
+ rtas_st(rets, 1, val);
+}
+
+static void rtas_ibm_read_pci_config(PowerPCCPU *cpu, sPAPREnvironment *spapr,
+ uint32_t token, uint32_t nargs,
+ target_ulong args,
+ uint32_t nret, target_ulong rets)
+{
+ uint64_t buid;
+ uint32_t size, addr;
+
+ if ((nargs != 4) || (nret != 2)) {
+ rtas_st(rets, 0, -1);
+ return;
+ }
+
+ buid = ((uint64_t)rtas_ld(args, 1) << 32) | rtas_ld(args, 2);
+ size = rtas_ld(args, 3);
+ addr = rtas_ld(args, 0);
+
+ finish_read_pci_config(spapr, buid, addr, size, rets);
+}
+
+static void rtas_read_pci_config(PowerPCCPU *cpu, sPAPREnvironment *spapr,
+ uint32_t token, uint32_t nargs,
+ target_ulong args,
+ uint32_t nret, target_ulong rets)
+{
+ uint32_t size, addr;
+
+ if ((nargs != 2) || (nret != 2)) {
+ rtas_st(rets, 0, -1);
+ return;
+ }
+
+ size = rtas_ld(args, 1);
+ addr = rtas_ld(args, 0);
+
+ finish_read_pci_config(spapr, 0, addr, size, rets);
+}
+
+static void finish_write_pci_config(sPAPREnvironment *spapr, uint64_t buid,
+ uint32_t addr, uint32_t size,
+ uint32_t val, target_ulong rets)
+{
+ PCIDevice *pci_dev;
+
+ if ((size != 1) && (size != 2) && (size != 4)) {
+ /* access must be 1, 2 or 4 bytes */
+ rtas_st(rets, 0, -1);
+ return;
+ }
+
+ pci_dev = find_dev(spapr, buid, addr);
+ addr = rtas_pci_cfgaddr(addr);
+
+ if (!pci_dev || (addr % size) || (addr >= pci_config_size(pci_dev))) {
+ /* Access must be to a valid device, within bounds and
+ * naturally aligned */
+ rtas_st(rets, 0, -1);
+ return;
+ }
+
+ pci_host_config_write_common(pci_dev, addr, pci_config_size(pci_dev),
+ val, size);
+
+ rtas_st(rets, 0, 0);
+}
+
+static void rtas_ibm_write_pci_config(PowerPCCPU *cpu, sPAPREnvironment *spapr,
+ uint32_t token, uint32_t nargs,
+ target_ulong args,
+ uint32_t nret, target_ulong rets)
+{
+ uint64_t buid;
+ uint32_t val, size, addr;
+
+ if ((nargs != 5) || (nret != 1)) {
+ rtas_st(rets, 0, -1);
+ return;
+ }
+
+ buid = ((uint64_t)rtas_ld(args, 1) << 32) | rtas_ld(args, 2);
+ val = rtas_ld(args, 4);
+ size = rtas_ld(args, 3);
+ addr = rtas_ld(args, 0);
+
+ finish_write_pci_config(spapr, buid, addr, size, val, rets);
+}
+
+static void rtas_write_pci_config(PowerPCCPU *cpu, sPAPREnvironment *spapr,
+ uint32_t token, uint32_t nargs,
+ target_ulong args,
+ uint32_t nret, target_ulong rets)
+{
+ uint32_t val, size, addr;
+
+ if ((nargs != 3) || (nret != 1)) {
+ rtas_st(rets, 0, -1);
+ return;
+ }
+
+
+ val = rtas_ld(args, 2);
+ size = rtas_ld(args, 1);
+ addr = rtas_ld(args, 0);
+
+ finish_write_pci_config(spapr, 0, addr, size, val, rets);
+}
+
+/*
+ * Find an entry with config_addr or returns the empty one if not found AND
+ * alloc_new is set.
+ * At the moment the msi_table entries are never released so there is
+ * no point to look till the end of the list if we need to find the free entry.
+ */
+static int spapr_msicfg_find(sPAPRPHBState *phb, uint32_t config_addr,
+ bool alloc_new)
+{
+ int i;
+
+ for (i = 0; i < SPAPR_MSIX_MAX_DEVS; ++i) {
+ if (!phb->msi_table[i].nvec) {
+ break;
+ }
+ if (phb->msi_table[i].config_addr == config_addr) {
+ return i;
+ }
+ }
+ if ((i < SPAPR_MSIX_MAX_DEVS) && alloc_new) {
+ trace_spapr_pci_msi("Allocating new MSI config", i, config_addr);
+ return i;
+ }
+
+ return -1;
+}
+
+/*
+ * Set MSI/MSIX message data.
+ * This is required for msi_notify()/msix_notify() which
+ * will write at the addresses via spapr_msi_write().
+ */
+static void spapr_msi_setmsg(PCIDevice *pdev, hwaddr addr,
+ bool msix, unsigned req_num)
+{
+ unsigned i;
+ MSIMessage msg = { .address = addr, .data = 0 };
+
+ if (!msix) {
+ msi_set_message(pdev, msg);
+ trace_spapr_pci_msi_setup(pdev->name, 0, msg.address);
+ return;
+ }
+
+ for (i = 0; i < req_num; ++i) {
+ msg.address = addr | (i << 2);
+ msix_set_message(pdev, i, msg);
+ trace_spapr_pci_msi_setup(pdev->name, i, msg.address);
+ }
+}
+
+static void rtas_ibm_change_msi(PowerPCCPU *cpu, sPAPREnvironment *spapr,
+ uint32_t token, uint32_t nargs,
+ target_ulong args, uint32_t nret,
+ target_ulong rets)
+{
+ uint32_t config_addr = rtas_ld(args, 0);
+ uint64_t buid = ((uint64_t)rtas_ld(args, 1) << 32) | rtas_ld(args, 2);
+ unsigned int func = rtas_ld(args, 3);
+ unsigned int req_num = rtas_ld(args, 4); /* 0 == remove all */
+ unsigned int seq_num = rtas_ld(args, 5);
+ unsigned int ret_intr_type;
+ int ndev, irq;
+ sPAPRPHBState *phb = NULL;
+ PCIDevice *pdev = NULL;
+
+ switch (func) {
+ case RTAS_CHANGE_MSI_FN:
+ case RTAS_CHANGE_FN:
+ ret_intr_type = RTAS_TYPE_MSI;
+ break;
+ case RTAS_CHANGE_MSIX_FN:
+ ret_intr_type = RTAS_TYPE_MSIX;
+ break;
+ default:
+ fprintf(stderr, "rtas_ibm_change_msi(%u) is not implemented\n", func);
+ rtas_st(rets, 0, -3); /* Parameter error */
+ return;
+ }
+
+ /* Fins sPAPRPHBState */
+ phb = find_phb(spapr, buid);
+ if (phb) {
+ pdev = find_dev(spapr, buid, config_addr);
+ }
+ if (!phb || !pdev) {
+ rtas_st(rets, 0, -3); /* Parameter error */
+ return;
+ }
+
+ /* Releasing MSIs */
+ if (!req_num) {
+ ndev = spapr_msicfg_find(phb, config_addr, false);
+ if (ndev < 0) {
+ trace_spapr_pci_msi("MSI has not been enabled", -1, config_addr);
+ rtas_st(rets, 0, -1); /* Hardware error */
+ return;
+ }
+ trace_spapr_pci_msi("Released MSIs", ndev, config_addr);
+ rtas_st(rets, 0, 0);
+ rtas_st(rets, 1, 0);
+ return;
+ }
+
+ /* Enabling MSI */
+
+ /* Find a device number in the map to add or reuse the existing one */
+ ndev = spapr_msicfg_find(phb, config_addr, true);
+ if (ndev >= SPAPR_MSIX_MAX_DEVS || ndev < 0) {
+ fprintf(stderr, "No free entry for a new MSI device\n");
+ rtas_st(rets, 0, -1); /* Hardware error */
+ return;
+ }
+ trace_spapr_pci_msi("Configuring MSI", ndev, config_addr);
+
+ /* Check if there is an old config and MSI number has not changed */
+ if (phb->msi_table[ndev].nvec && (req_num != phb->msi_table[ndev].nvec)) {
+ /* Unexpected behaviour */
+ fprintf(stderr, "Cannot reuse MSI config for device#%d", ndev);
+ rtas_st(rets, 0, -1); /* Hardware error */
+ return;
+ }
+
+ /* There is no cached config, allocate MSIs */
+ if (!phb->msi_table[ndev].nvec) {
+ irq = spapr_allocate_irq_block(req_num, false);
+ if (irq < 0) {
+ fprintf(stderr, "Cannot allocate MSIs for device#%d", ndev);
+ rtas_st(rets, 0, -1); /* Hardware error */
+ return;
+ }
+ phb->msi_table[ndev].irq = irq;
+ phb->msi_table[ndev].nvec = req_num;
+ phb->msi_table[ndev].config_addr = config_addr;
+ }
+
+ /* Setup MSI/MSIX vectors in the device (via cfgspace or MSIX BAR) */
+ spapr_msi_setmsg(pdev, phb->msi_win_addr | (ndev << 16),
+ ret_intr_type == RTAS_TYPE_MSIX, req_num);
+
+ rtas_st(rets, 0, 0);
+ rtas_st(rets, 1, req_num);
+ rtas_st(rets, 2, ++seq_num);
+ rtas_st(rets, 3, ret_intr_type);
+
+ trace_spapr_pci_rtas_ibm_change_msi(func, req_num);
+}
+
+static void rtas_ibm_query_interrupt_source_number(PowerPCCPU *cpu,
+ sPAPREnvironment *spapr,
+ uint32_t token,
+ uint32_t nargs,
+ target_ulong args,
+ uint32_t nret,
+ target_ulong rets)
+{
+ uint32_t config_addr = rtas_ld(args, 0);
+ uint64_t buid = ((uint64_t)rtas_ld(args, 1) << 32) | rtas_ld(args, 2);
+ unsigned int intr_src_num = -1, ioa_intr_num = rtas_ld(args, 3);
+ int ndev;
+ sPAPRPHBState *phb = NULL;
+
+ /* Fins sPAPRPHBState */
+ phb = find_phb(spapr, buid);
+ if (!phb) {
+ rtas_st(rets, 0, -3); /* Parameter error */
+ return;
+ }
+
+ /* Find device descriptor and start IRQ */
+ ndev = spapr_msicfg_find(phb, config_addr, false);
+ if (ndev < 0) {
+ trace_spapr_pci_msi("MSI has not been enabled", -1, config_addr);
+ rtas_st(rets, 0, -1); /* Hardware error */
+ return;
+ }
+
+ intr_src_num = phb->msi_table[ndev].irq + ioa_intr_num;
+ trace_spapr_pci_rtas_ibm_query_interrupt_source_number(ioa_intr_num,
+ intr_src_num);
+
+ rtas_st(rets, 0, 0);
+ rtas_st(rets, 1, intr_src_num);
+ rtas_st(rets, 2, 1);/* 0 == level; 1 == edge */
+}
+
+static int pci_spapr_swizzle(int slot, int pin)
+{
+ return (slot + pin) % PCI_NUM_PINS;
+}
+
+static int pci_spapr_map_irq(PCIDevice *pci_dev, int irq_num)
+{
+ /*
+ * Here we need to convert pci_dev + irq_num to some unique value
+ * which is less than number of IRQs on the specific bus (4). We
+ * use standard PCI swizzling, that is (slot number + pin number)
+ * % 4.
+ */
+ return pci_spapr_swizzle(PCI_SLOT(pci_dev->devfn), irq_num);
+}
+
+static void pci_spapr_set_irq(void *opaque, int irq_num, int level)
+{
+ /*
+ * Here we use the number returned by pci_spapr_map_irq to find a
+ * corresponding qemu_irq.
+ */
+ sPAPRPHBState *phb = opaque;
+
+ trace_spapr_pci_lsi_set(phb->dtbusname, irq_num, phb->lsi_table[irq_num].irq);
+ qemu_set_irq(spapr_phb_lsi_qirq(phb, irq_num), level);
+}
+
+/*
+ * MSI/MSIX memory region implementation.
+ * The handler handles both MSI and MSIX.
+ * For MSI-X, the vector number is encoded as a part of the address,
+ * data is set to 0.
+ * For MSI, the vector number is encoded in least bits in data.
+ */
+static void spapr_msi_write(void *opaque, hwaddr addr,
+ uint64_t data, unsigned size)
+{
+ sPAPRPHBState *phb = opaque;
+ int ndev = addr >> 16;
+ int vec = ((addr & 0xFFFF) >> 2) | data;
+ uint32_t irq = phb->msi_table[ndev].irq + vec;
+
+ trace_spapr_pci_msi_write(addr, data, irq);
+
+ qemu_irq_pulse(xics_get_qirq(spapr->icp, irq));
+}
+
+static const MemoryRegionOps spapr_msi_ops = {
+ /* There is no .read as the read result is undefined by PCI spec */
+ .read = NULL,
+ .write = spapr_msi_write,
+ .endianness = DEVICE_LITTLE_ENDIAN
+};
+
+/*
+ * PHB PCI device
+ */
+static AddressSpace *spapr_pci_dma_iommu(PCIBus *bus, void *opaque, int devfn)
+{
+ sPAPRPHBState *phb = opaque;
+
+ return &phb->iommu_as;
+}
+
+static int spapr_phb_init(SysBusDevice *s)
+{
+ DeviceState *dev = DEVICE(s);
+ sPAPRPHBState *sphb = SPAPR_PCI_HOST_BRIDGE(s);
+ PCIHostState *phb = PCI_HOST_BRIDGE(s);
+ const char *busname;
+ char *namebuf;
+ int i;
+ PCIBus *bus;
+
+ if (sphb->index != -1) {
+ hwaddr windows_base;
+
+ if ((sphb->buid != -1) || (sphb->dma_liobn != -1)
+ || (sphb->mem_win_addr != -1)
+ || (sphb->io_win_addr != -1)
+ || (sphb->msi_win_addr != -1)) {
+ fprintf(stderr, "Either \"index\" or other parameters must"
+ " be specified for PAPR PHB, not both\n");
+ return -1;
+ }
+
+ sphb->buid = SPAPR_PCI_BASE_BUID + sphb->index;
+ sphb->dma_liobn = SPAPR_PCI_BASE_LIOBN + sphb->index;
+
+ windows_base = SPAPR_PCI_WINDOW_BASE
+ + sphb->index * SPAPR_PCI_WINDOW_SPACING;
+ sphb->mem_win_addr = windows_base + SPAPR_PCI_MMIO_WIN_OFF;
+ sphb->io_win_addr = windows_base + SPAPR_PCI_IO_WIN_OFF;
+ sphb->msi_win_addr = windows_base + SPAPR_PCI_MSI_WIN_OFF;
+ }
+
+ if (sphb->buid == -1) {
+ fprintf(stderr, "BUID not specified for PHB\n");
+ return -1;
+ }
+
+ if (sphb->dma_liobn == -1) {
+ fprintf(stderr, "LIOBN not specified for PHB\n");
+ return -1;
+ }
+
+ if (sphb->mem_win_addr == -1) {
+ fprintf(stderr, "Memory window address not specified for PHB\n");
+ return -1;
+ }
+
+ if (sphb->io_win_addr == -1) {
+ fprintf(stderr, "IO window address not specified for PHB\n");
+ return -1;
+ }
+
+ if (sphb->msi_win_addr == -1) {
+ fprintf(stderr, "MSI window address not specified for PHB\n");
+ return -1;
+ }
+
+ if (find_phb(spapr, sphb->buid)) {
+ fprintf(stderr, "PCI host bridges must have unique BUIDs\n");
+ return -1;
+ }
+
+ sphb->dtbusname = g_strdup_printf("pci@%" PRIx64, sphb->buid);
+
+ namebuf = alloca(strlen(sphb->dtbusname) + 32);
+
+ /* Initialize memory regions */
+ sprintf(namebuf, "%s.mmio", sphb->dtbusname);
+ memory_region_init(&sphb->memspace, OBJECT(sphb), namebuf, INT64_MAX);
+
+ sprintf(namebuf, "%s.mmio-alias", sphb->dtbusname);
+ memory_region_init_alias(&sphb->memwindow, OBJECT(sphb),
+ namebuf, &sphb->memspace,
+ SPAPR_PCI_MEM_WIN_BUS_OFFSET, sphb->mem_win_size);
+ memory_region_add_subregion(get_system_memory(), sphb->mem_win_addr,
+ &sphb->memwindow);
+
+ /* On ppc, we only have MMIO no specific IO space from the CPU
+ * perspective. In theory we ought to be able to embed the PCI IO
+ * memory region direction in the system memory space. However,
+ * if any of the IO BAR subregions use the old_portio mechanism,
+ * that won't be processed properly unless accessed from the
+ * system io address space. This hack to bounce things via
+ * system_io works around the problem until all the users of
+ * old_portion are updated */
+ sprintf(namebuf, "%s.io", sphb->dtbusname);
+ memory_region_init(&sphb->iospace, OBJECT(sphb),
+ namebuf, SPAPR_PCI_IO_WIN_SIZE);
+ /* FIXME: fix to support multiple PHBs */
+ memory_region_add_subregion(get_system_io(), 0, &sphb->iospace);
+
+ sprintf(namebuf, "%s.io-alias", sphb->dtbusname);
+ memory_region_init_alias(&sphb->iowindow, OBJECT(sphb), namebuf,
+ get_system_io(), 0, SPAPR_PCI_IO_WIN_SIZE);
+ memory_region_add_subregion(get_system_memory(), sphb->io_win_addr,
+ &sphb->iowindow);
+
+ /* As MSI/MSIX interrupts trigger by writing at MSI/MSIX vectors,
+ * we need to allocate some memory to catch those writes coming
+ * from msi_notify()/msix_notify() */
+ if (msi_supported) {
+ sprintf(namebuf, "%s.msi", sphb->dtbusname);
+ memory_region_init_io(&sphb->msiwindow, OBJECT(sphb), &spapr_msi_ops, sphb,
+ namebuf, SPAPR_MSIX_MAX_DEVS * 0x10000);
+ memory_region_add_subregion(get_system_memory(), sphb->msi_win_addr,
+ &sphb->msiwindow);
+ }
+
+ /*
+ * Selecting a busname is more complex than you'd think, due to
+ * interacting constraints. If the user has specified an id
+ * explicitly for the phb , then we want to use the qdev default
+ * of naming the bus based on the bridge device (so the user can
+ * then assign devices to it in the way they expect). For the
+ * first / default PCI bus (index=0) we want to use just "pci"
+ * because libvirt expects there to be a bus called, simply,
+ * "pci". Otherwise, we use the same name as in the device tree,
+ * since it's unique by construction, and makes the guest visible
+ * BUID clear.
+ */
+ if (dev->id) {
+ busname = NULL;
+ } else if (sphb->index == 0) {
+ busname = "pci";
+ } else {
+ busname = sphb->dtbusname;
+ }
+ bus = pci_register_bus(dev, busname,
+ pci_spapr_set_irq, pci_spapr_map_irq, sphb,
+ &sphb->memspace, &sphb->iospace,
+ PCI_DEVFN(0, 0), PCI_NUM_PINS, TYPE_PCI_BUS);
+ phb->bus = bus;
+
+ sphb->dma_window_start = 0;
+ sphb->dma_window_size = 0x40000000;
+ sphb->tcet = spapr_tce_new_table(dev, sphb->dma_liobn,
+ sphb->dma_window_size);
+ if (!sphb->tcet) {
+ fprintf(stderr, "Unable to create TCE table for %s\n", sphb->dtbusname);
+ return -1;
+ }
+ address_space_init(&sphb->iommu_as, spapr_tce_get_iommu(sphb->tcet),
+ sphb->dtbusname);
+
+ pci_setup_iommu(bus, spapr_pci_dma_iommu, sphb);
+
+ QLIST_INSERT_HEAD(&spapr->phbs, sphb, list);
+
+ /* Initialize the LSI table */
+ for (i = 0; i < PCI_NUM_PINS; i++) {
+ uint32_t irq;
+
+ irq = spapr_allocate_lsi(0);
+ if (!irq) {
+ return -1;
+ }
+
+ sphb->lsi_table[i].irq = irq;
+ }
+
+ return 0;
+}
+
+static void spapr_phb_reset(DeviceState *qdev)
+{
+ SysBusDevice *s = SYS_BUS_DEVICE(qdev);
+ sPAPRPHBState *sphb = SPAPR_PCI_HOST_BRIDGE(s);
+
+ /* Reset the IOMMU state */
+ device_reset(DEVICE(sphb->tcet));
+}
+
+static Property spapr_phb_properties[] = {
+ DEFINE_PROP_INT32("index", sPAPRPHBState, index, -1),
+ DEFINE_PROP_HEX64("buid", sPAPRPHBState, buid, -1),
+ DEFINE_PROP_HEX32("liobn", sPAPRPHBState, dma_liobn, -1),
+ DEFINE_PROP_HEX64("mem_win_addr", sPAPRPHBState, mem_win_addr, -1),
+ DEFINE_PROP_HEX64("mem_win_size", sPAPRPHBState, mem_win_size,
+ SPAPR_PCI_MMIO_WIN_SIZE),
+ DEFINE_PROP_HEX64("io_win_addr", sPAPRPHBState, io_win_addr, -1),
+ DEFINE_PROP_HEX64("io_win_size", sPAPRPHBState, io_win_size,
+ SPAPR_PCI_IO_WIN_SIZE),
+ DEFINE_PROP_HEX64("msi_win_addr", sPAPRPHBState, msi_win_addr, -1),
+ DEFINE_PROP_END_OF_LIST(),
+};
+
+static const VMStateDescription vmstate_spapr_pci_lsi = {
+ .name = "spapr_pci/lsi",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .minimum_version_id_old = 1,
+ .fields = (VMStateField []) {
+ VMSTATE_UINT32_EQUAL(irq, struct spapr_pci_lsi),
+
+ VMSTATE_END_OF_LIST()
+ },
+};
+
+static const VMStateDescription vmstate_spapr_pci_msi = {
+ .name = "spapr_pci/lsi",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .minimum_version_id_old = 1,
+ .fields = (VMStateField []) {
+ VMSTATE_UINT32(config_addr, struct spapr_pci_msi),
+ VMSTATE_UINT32(irq, struct spapr_pci_msi),
+ VMSTATE_UINT32(nvec, struct spapr_pci_msi),
+
+ VMSTATE_END_OF_LIST()
+ },
+};
+
+static const VMStateDescription vmstate_spapr_pci = {
+ .name = "spapr_pci",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .minimum_version_id_old = 1,
+ .fields = (VMStateField []) {
+ VMSTATE_UINT64_EQUAL(buid, sPAPRPHBState),
+ VMSTATE_UINT32_EQUAL(dma_liobn, sPAPRPHBState),
+ VMSTATE_UINT64_EQUAL(mem_win_addr, sPAPRPHBState),
+ VMSTATE_UINT64_EQUAL(mem_win_size, sPAPRPHBState),
+ VMSTATE_UINT64_EQUAL(io_win_addr, sPAPRPHBState),
+ VMSTATE_UINT64_EQUAL(io_win_size, sPAPRPHBState),
+ VMSTATE_UINT64_EQUAL(msi_win_addr, sPAPRPHBState),
+ VMSTATE_STRUCT_ARRAY(lsi_table, sPAPRPHBState, PCI_NUM_PINS, 0,
+ vmstate_spapr_pci_lsi, struct spapr_pci_lsi),
+ VMSTATE_STRUCT_ARRAY(msi_table, sPAPRPHBState, SPAPR_MSIX_MAX_DEVS, 0,
+ vmstate_spapr_pci_msi, struct spapr_pci_msi),
+
+ VMSTATE_END_OF_LIST()
+ },
+};
+
+static const char *spapr_phb_root_bus_path(PCIHostState *host_bridge,
+ PCIBus *rootbus)
+{
+ sPAPRPHBState *sphb = SPAPR_PCI_HOST_BRIDGE(host_bridge);
+
+ return sphb->dtbusname;
+}
+
+static void spapr_phb_class_init(ObjectClass *klass, void *data)
+{
+ PCIHostBridgeClass *hc = PCI_HOST_BRIDGE_CLASS(klass);
+ SysBusDeviceClass *sdc = SYS_BUS_DEVICE_CLASS(klass);
+ DeviceClass *dc = DEVICE_CLASS(klass);
+
+ hc->root_bus_path = spapr_phb_root_bus_path;
+ sdc->init = spapr_phb_init;
+ dc->props = spapr_phb_properties;
+ dc->reset = spapr_phb_reset;
+ dc->vmsd = &vmstate_spapr_pci;
+}
+
+static const TypeInfo spapr_phb_info = {
+ .name = TYPE_SPAPR_PCI_HOST_BRIDGE,
+ .parent = TYPE_PCI_HOST_BRIDGE,
+ .instance_size = sizeof(sPAPRPHBState),
+ .class_init = spapr_phb_class_init,
+};
+
+PCIHostState *spapr_create_phb(sPAPREnvironment *spapr, int index)
+{
+ DeviceState *dev;
+
+ dev = qdev_create(NULL, TYPE_SPAPR_PCI_HOST_BRIDGE);
+ qdev_prop_set_uint32(dev, "index", index);
+ qdev_init_nofail(dev);
+
+ return PCI_HOST_BRIDGE(dev);
+}
+
+/* Macros to operate with address in OF binding to PCI */
+#define b_x(x, p, l) (((x) & ((1<<(l))-1)) << (p))
+#define b_n(x) b_x((x), 31, 1) /* 0 if relocatable */
+#define b_p(x) b_x((x), 30, 1) /* 1 if prefetchable */
+#define b_t(x) b_x((x), 29, 1) /* 1 if the address is aliased */
+#define b_ss(x) b_x((x), 24, 2) /* the space code */
+#define b_bbbbbbbb(x) b_x((x), 16, 8) /* bus number */
+#define b_ddddd(x) b_x((x), 11, 5) /* device number */
+#define b_fff(x) b_x((x), 8, 3) /* function number */
+#define b_rrrrrrrr(x) b_x((x), 0, 8) /* register number */
+
+int spapr_populate_pci_dt(sPAPRPHBState *phb,
+ uint32_t xics_phandle,
+ void *fdt)
+{
+ int bus_off, i, j;
+ char nodename[256];
+ uint32_t bus_range[] = { cpu_to_be32(0), cpu_to_be32(0xff) };
+ struct {
+ uint32_t hi;
+ uint64_t child;
+ uint64_t parent;
+ uint64_t size;
+ } QEMU_PACKED ranges[] = {
+ {
+ cpu_to_be32(b_ss(1)), cpu_to_be64(0),
+ cpu_to_be64(phb->io_win_addr),
+ cpu_to_be64(memory_region_size(&phb->iospace)),
+ },
+ {
+ cpu_to_be32(b_ss(2)), cpu_to_be64(SPAPR_PCI_MEM_WIN_BUS_OFFSET),
+ cpu_to_be64(phb->mem_win_addr),
+ cpu_to_be64(memory_region_size(&phb->memwindow)),
+ },
+ };
+ uint64_t bus_reg[] = { cpu_to_be64(phb->buid), 0 };
+ uint32_t interrupt_map_mask[] = {
+ cpu_to_be32(b_ddddd(-1)|b_fff(0)), 0x0, 0x0, cpu_to_be32(-1)};
+ uint32_t interrupt_map[PCI_SLOT_MAX * PCI_NUM_PINS][7];
+
+ /* Start populating the FDT */
+ sprintf(nodename, "pci@%" PRIx64, phb->buid);
+ bus_off = fdt_add_subnode(fdt, 0, nodename);
+ if (bus_off < 0) {
+ return bus_off;
+ }
+
+#define _FDT(exp) \
+ do { \
+ int ret = (exp); \
+ if (ret < 0) { \
+ return ret; \
+ } \
+ } while (0)
+
+ /* Write PHB properties */
+ _FDT(fdt_setprop_string(fdt, bus_off, "device_type", "pci"));
+ _FDT(fdt_setprop_string(fdt, bus_off, "compatible", "IBM,Logical_PHB"));
+ _FDT(fdt_setprop_cell(fdt, bus_off, "#address-cells", 0x3));
+ _FDT(fdt_setprop_cell(fdt, bus_off, "#size-cells", 0x2));
+ _FDT(fdt_setprop_cell(fdt, bus_off, "#interrupt-cells", 0x1));
+ _FDT(fdt_setprop(fdt, bus_off, "used-by-rtas", NULL, 0));
+ _FDT(fdt_setprop(fdt, bus_off, "bus-range", &bus_range, sizeof(bus_range)));
+ _FDT(fdt_setprop(fdt, bus_off, "ranges", &ranges, sizeof(ranges)));
+ _FDT(fdt_setprop(fdt, bus_off, "reg", &bus_reg, sizeof(bus_reg)));
+ _FDT(fdt_setprop_cell(fdt, bus_off, "ibm,pci-config-space-type", 0x1));
+
+ /* Build the interrupt-map, this must matches what is done
+ * in pci_spapr_map_irq
+ */
+ _FDT(fdt_setprop(fdt, bus_off, "interrupt-map-mask",
+ &interrupt_map_mask, sizeof(interrupt_map_mask)));
+ for (i = 0; i < PCI_SLOT_MAX; i++) {
+ for (j = 0; j < PCI_NUM_PINS; j++) {
+ uint32_t *irqmap = interrupt_map[i*PCI_NUM_PINS + j];
+ int lsi_num = pci_spapr_swizzle(i, j);
+
+ irqmap[0] = cpu_to_be32(b_ddddd(i)|b_fff(0));
+ irqmap[1] = 0;
+ irqmap[2] = 0;
+ irqmap[3] = cpu_to_be32(j+1);
+ irqmap[4] = cpu_to_be32(xics_phandle);
+ irqmap[5] = cpu_to_be32(phb->lsi_table[lsi_num].irq);
+ irqmap[6] = cpu_to_be32(0x8);
+ }
+ }
+ /* Write interrupt map */
+ _FDT(fdt_setprop(fdt, bus_off, "interrupt-map", &interrupt_map,
+ sizeof(interrupt_map)));
+
+ spapr_dma_dt(fdt, bus_off, "ibm,dma-window",
+ phb->dma_liobn, phb->dma_window_start,
+ phb->dma_window_size);
+
+ return 0;
+}
+
+void spapr_pci_rtas_init(void)
+{
+ spapr_rtas_register("read-pci-config", rtas_read_pci_config);
+ spapr_rtas_register("write-pci-config", rtas_write_pci_config);
+ spapr_rtas_register("ibm,read-pci-config", rtas_ibm_read_pci_config);
+ spapr_rtas_register("ibm,write-pci-config", rtas_ibm_write_pci_config);
+ if (msi_supported) {
+ spapr_rtas_register("ibm,query-interrupt-source-number",
+ rtas_ibm_query_interrupt_source_number);
+ spapr_rtas_register("ibm,change-msi", rtas_ibm_change_msi);
+ }
+}
+
+static void spapr_pci_register_types(void)
+{
+ type_register_static(&spapr_phb_info);
+}
+
+type_init(spapr_pci_register_types)
diff --git a/hw/ppc/spapr_rtas.c b/hw/ppc/spapr_rtas.c
new file mode 100644
index 000000000..394ce05ba
--- /dev/null
+++ b/hw/ppc/spapr_rtas.c
@@ -0,0 +1,327 @@
+/*
+ * QEMU PowerPC pSeries Logical Partition (aka sPAPR) hardware System Emulator
+ *
+ * Hypercall based emulated RTAS
+ *
+ * Copyright (c) 2010-2011 David Gibson, IBM Corporation.
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ *
+ */
+#include "cpu.h"
+#include "sysemu/sysemu.h"
+#include "sysemu/char.h"
+#include "hw/qdev.h"
+#include "sysemu/device_tree.h"
+
+#include "hw/ppc/spapr.h"
+#include "hw/ppc/spapr_vio.h"
+
+#include <libfdt.h>
+
+#define TOKEN_BASE 0x2000
+#define TOKEN_MAX 0x100
+
+static void rtas_display_character(PowerPCCPU *cpu, sPAPREnvironment *spapr,
+ uint32_t token, uint32_t nargs,
+ target_ulong args,
+ uint32_t nret, target_ulong rets)
+{
+ uint8_t c = rtas_ld(args, 0);
+ VIOsPAPRDevice *sdev = vty_lookup(spapr, 0);
+
+ if (!sdev) {
+ rtas_st(rets, 0, -1);
+ } else {
+ vty_putchars(sdev, &c, sizeof(c));
+ rtas_st(rets, 0, 0);
+ }
+}
+
+static void rtas_get_time_of_day(PowerPCCPU *cpu, sPAPREnvironment *spapr,
+ uint32_t token, uint32_t nargs,
+ target_ulong args,
+ uint32_t nret, target_ulong rets)
+{
+ struct tm tm;
+
+ if (nret != 8) {
+ rtas_st(rets, 0, -3);
+ return;
+ }
+
+ qemu_get_timedate(&tm, spapr->rtc_offset);
+
+ rtas_st(rets, 0, 0); /* Success */
+ rtas_st(rets, 1, tm.tm_year + 1900);
+ rtas_st(rets, 2, tm.tm_mon + 1);
+ rtas_st(rets, 3, tm.tm_mday);
+ rtas_st(rets, 4, tm.tm_hour);
+ rtas_st(rets, 5, tm.tm_min);
+ rtas_st(rets, 6, tm.tm_sec);
+ rtas_st(rets, 7, 0); /* we don't do nanoseconds */
+}
+
+static void rtas_set_time_of_day(PowerPCCPU *cpu, sPAPREnvironment *spapr,
+ uint32_t token, uint32_t nargs,
+ target_ulong args,
+ uint32_t nret, target_ulong rets)
+{
+ struct tm tm;
+
+ tm.tm_year = rtas_ld(args, 0) - 1900;
+ tm.tm_mon = rtas_ld(args, 1) - 1;
+ tm.tm_mday = rtas_ld(args, 2);
+ tm.tm_hour = rtas_ld(args, 3);
+ tm.tm_min = rtas_ld(args, 4);
+ tm.tm_sec = rtas_ld(args, 5);
+
+ /* Just generate a monitor event for the change */
+ rtc_change_mon_event(&tm);
+ spapr->rtc_offset = qemu_timedate_diff(&tm);
+
+ rtas_st(rets, 0, 0); /* Success */
+}
+
+static void rtas_power_off(PowerPCCPU *cpu, sPAPREnvironment *spapr,
+ uint32_t token, uint32_t nargs, target_ulong args,
+ uint32_t nret, target_ulong rets)
+{
+ if (nargs != 2 || nret != 1) {
+ rtas_st(rets, 0, -3);
+ return;
+ }
+ qemu_system_shutdown_request();
+ rtas_st(rets, 0, 0);
+}
+
+static void rtas_system_reboot(PowerPCCPU *cpu, sPAPREnvironment *spapr,
+ uint32_t token, uint32_t nargs,
+ target_ulong args,
+ uint32_t nret, target_ulong rets)
+{
+ if (nargs != 0 || nret != 1) {
+ rtas_st(rets, 0, -3);
+ return;
+ }
+ qemu_system_reset_request();
+ rtas_st(rets, 0, 0);
+}
+
+static void rtas_query_cpu_stopped_state(PowerPCCPU *cpu_,
+ sPAPREnvironment *spapr,
+ uint32_t token, uint32_t nargs,
+ target_ulong args,
+ uint32_t nret, target_ulong rets)
+{
+ target_ulong id;
+ CPUState *cpu;
+
+ if (nargs != 1 || nret != 2) {
+ rtas_st(rets, 0, -3);
+ return;
+ }
+
+ id = rtas_ld(args, 0);
+ cpu = qemu_get_cpu(id);
+ if (cpu != NULL) {
+ if (cpu->halted) {
+ rtas_st(rets, 1, 0);
+ } else {
+ rtas_st(rets, 1, 2);
+ }
+
+ rtas_st(rets, 0, 0);
+ return;
+ }
+
+ /* Didn't find a matching cpu */
+ rtas_st(rets, 0, -3);
+}
+
+static void rtas_start_cpu(PowerPCCPU *cpu_, sPAPREnvironment *spapr,
+ uint32_t token, uint32_t nargs,
+ target_ulong args,
+ uint32_t nret, target_ulong rets)
+{
+ target_ulong id, start, r3;
+ CPUState *cs;
+
+ if (nargs != 3 || nret != 1) {
+ rtas_st(rets, 0, -3);
+ return;
+ }
+
+ id = rtas_ld(args, 0);
+ start = rtas_ld(args, 1);
+ r3 = rtas_ld(args, 2);
+
+ cs = qemu_get_cpu(id);
+ if (cs != NULL) {
+ PowerPCCPU *cpu = POWERPC_CPU(cs);
+ CPUPPCState *env = &cpu->env;
+
+ if (!cs->halted) {
+ rtas_st(rets, 0, -1);
+ return;
+ }
+
+ /* This will make sure qemu state is up to date with kvm, and
+ * mark it dirty so our changes get flushed back before the
+ * new cpu enters */
+ kvm_cpu_synchronize_state(cs);
+
+ env->msr = (1ULL << MSR_SF) | (1ULL << MSR_ME);
+ env->nip = start;
+ env->gpr[3] = r3;
+ cs->halted = 0;
+
+ qemu_cpu_kick(cs);
+
+ rtas_st(rets, 0, 0);
+ return;
+ }
+
+ /* Didn't find a matching cpu */
+ rtas_st(rets, 0, -3);
+}
+
+static struct rtas_call {
+ const char *name;
+ spapr_rtas_fn fn;
+} rtas_table[TOKEN_MAX];
+
+struct rtas_call *rtas_next = rtas_table;
+
+target_ulong spapr_rtas_call(PowerPCCPU *cpu, sPAPREnvironment *spapr,
+ uint32_t token, uint32_t nargs, target_ulong args,
+ uint32_t nret, target_ulong rets)
+{
+ if ((token >= TOKEN_BASE)
+ && ((token - TOKEN_BASE) < TOKEN_MAX)) {
+ struct rtas_call *call = rtas_table + (token - TOKEN_BASE);
+
+ if (call->fn) {
+ call->fn(cpu, spapr, token, nargs, args, nret, rets);
+ return H_SUCCESS;
+ }
+ }
+
+ /* HACK: Some Linux early debug code uses RTAS display-character,
+ * but assumes the token value is 0xa (which it is on some real
+ * machines) without looking it up in the device tree. This
+ * special case makes this work */
+ if (token == 0xa) {
+ rtas_display_character(cpu, spapr, 0xa, nargs, args, nret, rets);
+ return H_SUCCESS;
+ }
+
+ hcall_dprintf("Unknown RTAS token 0x%x\n", token);
+ rtas_st(rets, 0, -3);
+ return H_PARAMETER;
+}
+
+int spapr_rtas_register(const char *name, spapr_rtas_fn fn)
+{
+ int i;
+
+ for (i = 0; i < (rtas_next - rtas_table); i++) {
+ if (strcmp(name, rtas_table[i].name) == 0) {
+ fprintf(stderr, "RTAS call \"%s\" registered twice\n", name);
+ exit(1);
+ }
+ }
+
+ assert(rtas_next < (rtas_table + TOKEN_MAX));
+
+ rtas_next->name = name;
+ rtas_next->fn = fn;
+
+ return (rtas_next++ - rtas_table) + TOKEN_BASE;
+}
+
+int spapr_rtas_device_tree_setup(void *fdt, hwaddr rtas_addr,
+ hwaddr rtas_size)
+{
+ int ret;
+ int i;
+
+ ret = fdt_add_mem_rsv(fdt, rtas_addr, rtas_size);
+ if (ret < 0) {
+ fprintf(stderr, "Couldn't add RTAS reserve entry: %s\n",
+ fdt_strerror(ret));
+ return ret;
+ }
+
+ ret = qemu_devtree_setprop_cell(fdt, "/rtas", "linux,rtas-base",
+ rtas_addr);
+ if (ret < 0) {
+ fprintf(stderr, "Couldn't add linux,rtas-base property: %s\n",
+ fdt_strerror(ret));
+ return ret;
+ }
+
+ ret = qemu_devtree_setprop_cell(fdt, "/rtas", "linux,rtas-entry",
+ rtas_addr);
+ if (ret < 0) {
+ fprintf(stderr, "Couldn't add linux,rtas-entry property: %s\n",
+ fdt_strerror(ret));
+ return ret;
+ }
+
+ ret = qemu_devtree_setprop_cell(fdt, "/rtas", "rtas-size",
+ rtas_size);
+ if (ret < 0) {
+ fprintf(stderr, "Couldn't add rtas-size property: %s\n",
+ fdt_strerror(ret));
+ return ret;
+ }
+
+ for (i = 0; i < TOKEN_MAX; i++) {
+ struct rtas_call *call = &rtas_table[i];
+
+ if (!call->name) {
+ continue;
+ }
+
+ ret = qemu_devtree_setprop_cell(fdt, "/rtas", call->name,
+ i + TOKEN_BASE);
+ if (ret < 0) {
+ fprintf(stderr, "Couldn't add rtas token for %s: %s\n",
+ call->name, fdt_strerror(ret));
+ return ret;
+ }
+
+ }
+ return 0;
+}
+
+static void core_rtas_register_types(void)
+{
+ spapr_rtas_register("display-character", rtas_display_character);
+ spapr_rtas_register("get-time-of-day", rtas_get_time_of_day);
+ spapr_rtas_register("set-time-of-day", rtas_set_time_of_day);
+ spapr_rtas_register("power-off", rtas_power_off);
+ spapr_rtas_register("system-reboot", rtas_system_reboot);
+ spapr_rtas_register("query-cpu-stopped-state",
+ rtas_query_cpu_stopped_state);
+ spapr_rtas_register("start-cpu", rtas_start_cpu);
+}
+
+type_init(core_rtas_register_types)
diff --git a/hw/ppc/spapr_vio.c b/hw/ppc/spapr_vio.c
new file mode 100644
index 000000000..a6a0a5113
--- /dev/null
+++ b/hw/ppc/spapr_vio.c
@@ -0,0 +1,675 @@
+/*
+ * QEMU sPAPR VIO code
+ *
+ * Copyright (c) 2010 David Gibson, IBM Corporation <dwg@au1.ibm.com>
+ * Based on the s390 virtio bus code:
+ * Copyright (c) 2009 Alexander Graf <agraf@suse.de>
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "hw/hw.h"
+#include "sysemu/sysemu.h"
+#include "hw/boards.h"
+#include "monitor/monitor.h"
+#include "hw/loader.h"
+#include "elf.h"
+#include "hw/sysbus.h"
+#include "sysemu/kvm.h"
+#include "sysemu/device_tree.h"
+#include "kvm_ppc.h"
+
+#include "hw/ppc/spapr.h"
+#include "hw/ppc/spapr_vio.h"
+#include "hw/ppc/xics.h"
+
+#include <libfdt.h>
+
+/* #define DEBUG_SPAPR */
+
+#ifdef DEBUG_SPAPR
+#define DPRINTF(fmt, ...) \
+ do { fprintf(stderr, fmt, ## __VA_ARGS__); } while (0)
+#else
+#define DPRINTF(fmt, ...) \
+ do { } while (0)
+#endif
+
+static Property spapr_vio_props[] = {
+ DEFINE_PROP_UINT32("irq", VIOsPAPRDevice, irq, 0), \
+ DEFINE_PROP_END_OF_LIST(),
+};
+
+static char *spapr_vio_get_dev_name(DeviceState *qdev)
+{
+ VIOsPAPRDevice *dev = VIO_SPAPR_DEVICE(qdev);
+ VIOsPAPRDeviceClass *pc = VIO_SPAPR_DEVICE_GET_CLASS(dev);
+ char *name;
+
+ /* Device tree style name device@reg */
+ name = g_strdup_printf("%s@%x", pc->dt_name, dev->reg);
+
+ return name;
+}
+
+static void spapr_vio_bus_class_init(ObjectClass *klass, void *data)
+{
+ BusClass *k = BUS_CLASS(klass);
+
+ k->get_dev_path = spapr_vio_get_dev_name;
+}
+
+static const TypeInfo spapr_vio_bus_info = {
+ .name = TYPE_SPAPR_VIO_BUS,
+ .parent = TYPE_BUS,
+ .class_init = spapr_vio_bus_class_init,
+ .instance_size = sizeof(VIOsPAPRBus),
+};
+
+VIOsPAPRDevice *spapr_vio_find_by_reg(VIOsPAPRBus *bus, uint32_t reg)
+{
+ BusChild *kid;
+ VIOsPAPRDevice *dev = NULL;
+
+ QTAILQ_FOREACH(kid, &bus->bus.children, sibling) {
+ dev = (VIOsPAPRDevice *)kid->child;
+ if (dev->reg == reg) {
+ return dev;
+ }
+ }
+
+ return NULL;
+}
+
+static int vio_make_devnode(VIOsPAPRDevice *dev,
+ void *fdt)
+{
+ VIOsPAPRDeviceClass *pc = VIO_SPAPR_DEVICE_GET_CLASS(dev);
+ int vdevice_off, node_off, ret;
+ char *dt_name;
+
+ vdevice_off = fdt_path_offset(fdt, "/vdevice");
+ if (vdevice_off < 0) {
+ return vdevice_off;
+ }
+
+ dt_name = spapr_vio_get_dev_name(DEVICE(dev));
+ node_off = fdt_add_subnode(fdt, vdevice_off, dt_name);
+ g_free(dt_name);
+ if (node_off < 0) {
+ return node_off;
+ }
+
+ ret = fdt_setprop_cell(fdt, node_off, "reg", dev->reg);
+ if (ret < 0) {
+ return ret;
+ }
+
+ if (pc->dt_type) {
+ ret = fdt_setprop_string(fdt, node_off, "device_type",
+ pc->dt_type);
+ if (ret < 0) {
+ return ret;
+ }
+ }
+
+ if (pc->dt_compatible) {
+ ret = fdt_setprop_string(fdt, node_off, "compatible",
+ pc->dt_compatible);
+ if (ret < 0) {
+ return ret;
+ }
+ }
+
+ if (dev->irq) {
+ uint32_t ints_prop[] = {cpu_to_be32(dev->irq), 0};
+
+ ret = fdt_setprop(fdt, node_off, "interrupts", ints_prop,
+ sizeof(ints_prop));
+ if (ret < 0) {
+ return ret;
+ }
+ }
+
+ ret = spapr_tcet_dma_dt(fdt, node_off, "ibm,my-dma-window", dev->tcet);
+ if (ret < 0) {
+ return ret;
+ }
+
+ if (pc->devnode) {
+ ret = (pc->devnode)(dev, fdt, node_off);
+ if (ret < 0) {
+ return ret;
+ }
+ }
+
+ return node_off;
+}
+
+/*
+ * CRQ handling
+ */
+static target_ulong h_reg_crq(PowerPCCPU *cpu, sPAPREnvironment *spapr,
+ target_ulong opcode, target_ulong *args)
+{
+ target_ulong reg = args[0];
+ target_ulong queue_addr = args[1];
+ target_ulong queue_len = args[2];
+ VIOsPAPRDevice *dev = spapr_vio_find_by_reg(spapr->vio_bus, reg);
+
+ if (!dev) {
+ hcall_dprintf("Unit 0x" TARGET_FMT_lx " does not exist\n", reg);
+ return H_PARAMETER;
+ }
+
+ /* We can't grok a queue size bigger than 256M for now */
+ if (queue_len < 0x1000 || queue_len > 0x10000000) {
+ hcall_dprintf("Queue size too small or too big (0x" TARGET_FMT_lx
+ ")\n", queue_len);
+ return H_PARAMETER;
+ }
+
+ /* Check queue alignment */
+ if (queue_addr & 0xfff) {
+ hcall_dprintf("Queue not aligned (0x" TARGET_FMT_lx ")\n", queue_addr);
+ return H_PARAMETER;
+ }
+
+ /* Check if device supports CRQs */
+ if (!dev->crq.SendFunc) {
+ hcall_dprintf("Device does not support CRQ\n");
+ return H_NOT_FOUND;
+ }
+
+ /* Already a queue ? */
+ if (dev->crq.qsize) {
+ hcall_dprintf("CRQ already registered\n");
+ return H_RESOURCE;
+ }
+ dev->crq.qladdr = queue_addr;
+ dev->crq.qsize = queue_len;
+ dev->crq.qnext = 0;
+
+ DPRINTF("CRQ for dev 0x" TARGET_FMT_lx " registered at 0x"
+ TARGET_FMT_lx "/0x" TARGET_FMT_lx "\n",
+ reg, queue_addr, queue_len);
+ return H_SUCCESS;
+}
+
+static target_ulong free_crq(VIOsPAPRDevice *dev)
+{
+ dev->crq.qladdr = 0;
+ dev->crq.qsize = 0;
+ dev->crq.qnext = 0;
+
+ DPRINTF("CRQ for dev 0x%" PRIx32 " freed\n", dev->reg);
+
+ return H_SUCCESS;
+}
+
+static target_ulong h_free_crq(PowerPCCPU *cpu, sPAPREnvironment *spapr,
+ target_ulong opcode, target_ulong *args)
+{
+ target_ulong reg = args[0];
+ VIOsPAPRDevice *dev = spapr_vio_find_by_reg(spapr->vio_bus, reg);
+
+ if (!dev) {
+ hcall_dprintf("Unit 0x" TARGET_FMT_lx " does not exist\n", reg);
+ return H_PARAMETER;
+ }
+
+ return free_crq(dev);
+}
+
+static target_ulong h_send_crq(PowerPCCPU *cpu, sPAPREnvironment *spapr,
+ target_ulong opcode, target_ulong *args)
+{
+ target_ulong reg = args[0];
+ target_ulong msg_hi = args[1];
+ target_ulong msg_lo = args[2];
+ VIOsPAPRDevice *dev = spapr_vio_find_by_reg(spapr->vio_bus, reg);
+ uint64_t crq_mangle[2];
+
+ if (!dev) {
+ hcall_dprintf("Unit 0x" TARGET_FMT_lx " does not exist\n", reg);
+ return H_PARAMETER;
+ }
+ crq_mangle[0] = cpu_to_be64(msg_hi);
+ crq_mangle[1] = cpu_to_be64(msg_lo);
+
+ if (dev->crq.SendFunc) {
+ return dev->crq.SendFunc(dev, (uint8_t *)crq_mangle);
+ }
+
+ return H_HARDWARE;
+}
+
+static target_ulong h_enable_crq(PowerPCCPU *cpu, sPAPREnvironment *spapr,
+ target_ulong opcode, target_ulong *args)
+{
+ target_ulong reg = args[0];
+ VIOsPAPRDevice *dev = spapr_vio_find_by_reg(spapr->vio_bus, reg);
+
+ if (!dev) {
+ hcall_dprintf("Unit 0x" TARGET_FMT_lx " does not exist\n", reg);
+ return H_PARAMETER;
+ }
+
+ return 0;
+}
+
+/* Returns negative error, 0 success, or positive: queue full */
+int spapr_vio_send_crq(VIOsPAPRDevice *dev, uint8_t *crq)
+{
+ int rc;
+ uint8_t byte;
+
+ if (!dev->crq.qsize) {
+ fprintf(stderr, "spapr_vio_send_creq on uninitialized queue\n");
+ return -1;
+ }
+
+ /* Maybe do a fast path for KVM just writing to the pages */
+ rc = spapr_vio_dma_read(dev, dev->crq.qladdr + dev->crq.qnext, &byte, 1);
+ if (rc) {
+ return rc;
+ }
+ if (byte != 0) {
+ return 1;
+ }
+
+ rc = spapr_vio_dma_write(dev, dev->crq.qladdr + dev->crq.qnext + 8,
+ &crq[8], 8);
+ if (rc) {
+ return rc;
+ }
+
+ kvmppc_eieio();
+
+ rc = spapr_vio_dma_write(dev, dev->crq.qladdr + dev->crq.qnext, crq, 8);
+ if (rc) {
+ return rc;
+ }
+
+ dev->crq.qnext = (dev->crq.qnext + 16) % dev->crq.qsize;
+
+ if (dev->signal_state & 1) {
+ qemu_irq_pulse(spapr_vio_qirq(dev));
+ }
+
+ return 0;
+}
+
+/* "quiesce" handling */
+
+static void spapr_vio_quiesce_one(VIOsPAPRDevice *dev)
+{
+ if (dev->tcet) {
+ device_reset(DEVICE(dev->tcet));
+ }
+ free_crq(dev);
+}
+
+static void rtas_set_tce_bypass(PowerPCCPU *cpu, sPAPREnvironment *spapr,
+ uint32_t token,
+ uint32_t nargs, target_ulong args,
+ uint32_t nret, target_ulong rets)
+{
+ VIOsPAPRBus *bus = spapr->vio_bus;
+ VIOsPAPRDevice *dev;
+ uint32_t unit, enable;
+
+ if (nargs != 2) {
+ rtas_st(rets, 0, -3);
+ return;
+ }
+ unit = rtas_ld(args, 0);
+ enable = rtas_ld(args, 1);
+ dev = spapr_vio_find_by_reg(bus, unit);
+ if (!dev) {
+ rtas_st(rets, 0, -3);
+ return;
+ }
+
+ if (!dev->tcet) {
+ rtas_st(rets, 0, -3);
+ return;
+ }
+
+ spapr_tce_set_bypass(dev->tcet, !!enable);
+
+ rtas_st(rets, 0, 0);
+}
+
+static void rtas_quiesce(PowerPCCPU *cpu, sPAPREnvironment *spapr,
+ uint32_t token,
+ uint32_t nargs, target_ulong args,
+ uint32_t nret, target_ulong rets)
+{
+ VIOsPAPRBus *bus = spapr->vio_bus;
+ BusChild *kid;
+ VIOsPAPRDevice *dev = NULL;
+
+ if (nargs != 0) {
+ rtas_st(rets, 0, -3);
+ return;
+ }
+
+ QTAILQ_FOREACH(kid, &bus->bus.children, sibling) {
+ dev = (VIOsPAPRDevice *)kid->child;
+ spapr_vio_quiesce_one(dev);
+ }
+
+ rtas_st(rets, 0, 0);
+}
+
+static VIOsPAPRDevice *reg_conflict(VIOsPAPRDevice *dev)
+{
+ VIOsPAPRBus *bus = DO_UPCAST(VIOsPAPRBus, bus, dev->qdev.parent_bus);
+ BusChild *kid;
+ VIOsPAPRDevice *other;
+
+ /*
+ * Check for a device other than the given one which is already
+ * using the requested address. We have to open code this because
+ * the given dev might already be in the list.
+ */
+ QTAILQ_FOREACH(kid, &bus->bus.children, sibling) {
+ other = VIO_SPAPR_DEVICE(kid->child);
+
+ if (other != dev && other->reg == dev->reg) {
+ return other;
+ }
+ }
+
+ return 0;
+}
+
+static void spapr_vio_busdev_reset(DeviceState *qdev)
+{
+ VIOsPAPRDevice *dev = VIO_SPAPR_DEVICE(qdev);
+ VIOsPAPRDeviceClass *pc = VIO_SPAPR_DEVICE_GET_CLASS(dev);
+
+ /* Shut down the request queue and TCEs if necessary */
+ spapr_vio_quiesce_one(dev);
+
+ dev->signal_state = 0;
+
+ if (pc->reset) {
+ pc->reset(dev);
+ }
+}
+
+static int spapr_vio_busdev_init(DeviceState *qdev)
+{
+ VIOsPAPRDevice *dev = (VIOsPAPRDevice *)qdev;
+ VIOsPAPRDeviceClass *pc = VIO_SPAPR_DEVICE_GET_CLASS(dev);
+ char *id;
+
+ if (dev->reg != -1) {
+ /*
+ * Explicitly assigned address, just verify that no-one else
+ * is using it. other mechanism). We have to open code this
+ * rather than using spapr_vio_find_by_reg() because sdev
+ * itself is already in the list.
+ */
+ VIOsPAPRDevice *other = reg_conflict(dev);
+
+ if (other) {
+ fprintf(stderr, "vio: %s and %s devices conflict at address %#x\n",
+ object_get_typename(OBJECT(qdev)),
+ object_get_typename(OBJECT(&other->qdev)),
+ dev->reg);
+ return -1;
+ }
+ } else {
+ /* Need to assign an address */
+ VIOsPAPRBus *bus = DO_UPCAST(VIOsPAPRBus, bus, dev->qdev.parent_bus);
+
+ do {
+ dev->reg = bus->next_reg++;
+ } while (reg_conflict(dev));
+ }
+
+ /* Don't overwrite ids assigned on the command line */
+ if (!dev->qdev.id) {
+ id = spapr_vio_get_dev_name(DEVICE(dev));
+ dev->qdev.id = id;
+ }
+
+ dev->irq = spapr_allocate_msi(dev->irq);
+ if (!dev->irq) {
+ return -1;
+ }
+
+ if (pc->rtce_window_size) {
+ uint32_t liobn = SPAPR_VIO_BASE_LIOBN | dev->reg;
+ dev->tcet = spapr_tce_new_table(qdev, liobn, pc->rtce_window_size);
+ address_space_init(&dev->as, spapr_tce_get_iommu(dev->tcet), qdev->id);
+ }
+
+ return pc->init(dev);
+}
+
+static target_ulong h_vio_signal(PowerPCCPU *cpu, sPAPREnvironment *spapr,
+ target_ulong opcode,
+ target_ulong *args)
+{
+ target_ulong reg = args[0];
+ target_ulong mode = args[1];
+ VIOsPAPRDevice *dev = spapr_vio_find_by_reg(spapr->vio_bus, reg);
+ VIOsPAPRDeviceClass *pc;
+
+ if (!dev) {
+ return H_PARAMETER;
+ }
+
+ pc = VIO_SPAPR_DEVICE_GET_CLASS(dev);
+
+ if (mode & ~pc->signal_mask) {
+ return H_PARAMETER;
+ }
+
+ dev->signal_state = mode;
+
+ return H_SUCCESS;
+}
+
+VIOsPAPRBus *spapr_vio_bus_init(void)
+{
+ VIOsPAPRBus *bus;
+ BusState *qbus;
+ DeviceState *dev;
+
+ /* Create bridge device */
+ dev = qdev_create(NULL, "spapr-vio-bridge");
+ qdev_init_nofail(dev);
+
+ /* Create bus on bridge device */
+
+ qbus = qbus_create(TYPE_SPAPR_VIO_BUS, dev, "spapr-vio");
+ bus = DO_UPCAST(VIOsPAPRBus, bus, qbus);
+ bus->next_reg = 0x71000000;
+
+ /* hcall-vio */
+ spapr_register_hypercall(H_VIO_SIGNAL, h_vio_signal);
+
+ /* hcall-crq */
+ spapr_register_hypercall(H_REG_CRQ, h_reg_crq);
+ spapr_register_hypercall(H_FREE_CRQ, h_free_crq);
+ spapr_register_hypercall(H_SEND_CRQ, h_send_crq);
+ spapr_register_hypercall(H_ENABLE_CRQ, h_enable_crq);
+
+ /* RTAS calls */
+ spapr_rtas_register("ibm,set-tce-bypass", rtas_set_tce_bypass);
+ spapr_rtas_register("quiesce", rtas_quiesce);
+
+ return bus;
+}
+
+/* Represents sPAPR hcall VIO devices */
+
+static int spapr_vio_bridge_init(SysBusDevice *dev)
+{
+ /* nothing */
+ return 0;
+}
+
+static void spapr_vio_bridge_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
+
+ k->init = spapr_vio_bridge_init;
+ dc->no_user = 1;
+}
+
+static const TypeInfo spapr_vio_bridge_info = {
+ .name = "spapr-vio-bridge",
+ .parent = TYPE_SYS_BUS_DEVICE,
+ .instance_size = sizeof(SysBusDevice),
+ .class_init = spapr_vio_bridge_class_init,
+};
+
+const VMStateDescription vmstate_spapr_vio = {
+ .name = "spapr_vio",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .minimum_version_id_old = 1,
+ .fields = (VMStateField []) {
+ /* Sanity check */
+ VMSTATE_UINT32_EQUAL(reg, VIOsPAPRDevice),
+ VMSTATE_UINT32_EQUAL(irq, VIOsPAPRDevice),
+
+ /* General VIO device state */
+ VMSTATE_UINTTL(signal_state, VIOsPAPRDevice),
+ VMSTATE_UINT64(crq.qladdr, VIOsPAPRDevice),
+ VMSTATE_UINT32(crq.qsize, VIOsPAPRDevice),
+ VMSTATE_UINT32(crq.qnext, VIOsPAPRDevice),
+
+ VMSTATE_END_OF_LIST()
+ },
+};
+
+static void vio_spapr_device_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *k = DEVICE_CLASS(klass);
+ k->init = spapr_vio_busdev_init;
+ k->reset = spapr_vio_busdev_reset;
+ k->bus_type = TYPE_SPAPR_VIO_BUS;
+ k->props = spapr_vio_props;
+}
+
+static const TypeInfo spapr_vio_type_info = {
+ .name = TYPE_VIO_SPAPR_DEVICE,
+ .parent = TYPE_DEVICE,
+ .instance_size = sizeof(VIOsPAPRDevice),
+ .abstract = true,
+ .class_size = sizeof(VIOsPAPRDeviceClass),
+ .class_init = vio_spapr_device_class_init,
+};
+
+static void spapr_vio_register_types(void)
+{
+ type_register_static(&spapr_vio_bus_info);
+ type_register_static(&spapr_vio_bridge_info);
+ type_register_static(&spapr_vio_type_info);
+}
+
+type_init(spapr_vio_register_types)
+
+static int compare_reg(const void *p1, const void *p2)
+{
+ VIOsPAPRDevice const *dev1, *dev2;
+
+ dev1 = (VIOsPAPRDevice *)*(DeviceState **)p1;
+ dev2 = (VIOsPAPRDevice *)*(DeviceState **)p2;
+
+ if (dev1->reg < dev2->reg) {
+ return -1;
+ }
+ if (dev1->reg == dev2->reg) {
+ return 0;
+ }
+
+ /* dev1->reg > dev2->reg */
+ return 1;
+}
+
+int spapr_populate_vdevice(VIOsPAPRBus *bus, void *fdt)
+{
+ DeviceState *qdev, **qdevs;
+ BusChild *kid;
+ int i, num, ret = 0;
+
+ /* Count qdevs on the bus list */
+ num = 0;
+ QTAILQ_FOREACH(kid, &bus->bus.children, sibling) {
+ num++;
+ }
+
+ /* Copy out into an array of pointers */
+ qdevs = g_malloc(sizeof(qdev) * num);
+ num = 0;
+ QTAILQ_FOREACH(kid, &bus->bus.children, sibling) {
+ qdevs[num++] = kid->child;
+ }
+
+ /* Sort the array */
+ qsort(qdevs, num, sizeof(qdev), compare_reg);
+
+ /* Hack alert. Give the devices to libfdt in reverse order, we happen
+ * to know that will mean they are in forward order in the tree. */
+ for (i = num - 1; i >= 0; i--) {
+ VIOsPAPRDevice *dev = (VIOsPAPRDevice *)(qdevs[i]);
+
+ ret = vio_make_devnode(dev, fdt);
+
+ if (ret < 0) {
+ goto out;
+ }
+ }
+
+ ret = 0;
+out:
+ free(qdevs);
+
+ return ret;
+}
+
+int spapr_populate_chosen_stdout(void *fdt, VIOsPAPRBus *bus)
+{
+ VIOsPAPRDevice *dev;
+ char *name, *path;
+ int ret, offset;
+
+ dev = spapr_vty_get_default(bus);
+ if (!dev)
+ return 0;
+
+ offset = fdt_path_offset(fdt, "/chosen");
+ if (offset < 0) {
+ return offset;
+ }
+
+ name = spapr_vio_get_dev_name(DEVICE(dev));
+ path = g_strdup_printf("/vdevice/%s", name);
+
+ ret = fdt_setprop_string(fdt, offset, "linux,stdout-path", path);
+
+ g_free(name);
+ g_free(path);
+
+ return ret;
+}
diff --git a/hw/ppc/virtex_ml507.c b/hw/ppc/virtex_ml507.c
new file mode 100644
index 000000000..08e77fbef
--- /dev/null
+++ b/hw/ppc/virtex_ml507.c
@@ -0,0 +1,256 @@
+/*
+ * Model of Xilinx Virtex5 ML507 PPC-440 refdesign.
+ *
+ * Copyright (c) 2010 Edgar E. Iglesias.
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+#include "hw/sysbus.h"
+#include "hw/hw.h"
+#include "hw/char/serial.h"
+#include "hw/block/flash.h"
+#include "sysemu/sysemu.h"
+#include "hw/devices.h"
+#include "hw/boards.h"
+#include "sysemu/device_tree.h"
+#include "hw/loader.h"
+#include "elf.h"
+#include "qemu/log.h"
+#include "exec/address-spaces.h"
+
+#include "hw/ppc/ppc.h"
+#include "hw/ppc/ppc4xx.h"
+#include "ppc405.h"
+
+#include "sysemu/blockdev.h"
+#include "hw/xilinx.h"
+
+#define EPAPR_MAGIC (0x45504150)
+#define FLASH_SIZE (16 * 1024 * 1024)
+
+static struct boot_info
+{
+ uint32_t bootstrap_pc;
+ uint32_t cmdline;
+ uint32_t fdt;
+ uint32_t ima_size;
+ void *vfdt;
+} boot_info;
+
+/* Create reset TLB entries for BookE, spanning the 32bit addr space. */
+static void mmubooke_create_initial_mapping(CPUPPCState *env,
+ target_ulong va,
+ hwaddr pa)
+{
+ ppcemb_tlb_t *tlb = &env->tlb.tlbe[0];
+
+ tlb->attr = 0;
+ tlb->prot = PAGE_VALID | ((PAGE_READ | PAGE_WRITE | PAGE_EXEC) << 4);
+ tlb->size = 1 << 31; /* up to 0x80000000 */
+ tlb->EPN = va & TARGET_PAGE_MASK;
+ tlb->RPN = pa & TARGET_PAGE_MASK;
+ tlb->PID = 0;
+
+ tlb = &env->tlb.tlbe[1];
+ tlb->attr = 0;
+ tlb->prot = PAGE_VALID | ((PAGE_READ | PAGE_WRITE | PAGE_EXEC) << 4);
+ tlb->size = 1 << 31; /* up to 0xffffffff */
+ tlb->EPN = 0x80000000 & TARGET_PAGE_MASK;
+ tlb->RPN = 0x80000000 & TARGET_PAGE_MASK;
+ tlb->PID = 0;
+}
+
+static PowerPCCPU *ppc440_init_xilinx(ram_addr_t *ram_size,
+ int do_init,
+ const char *cpu_model,
+ uint32_t sysclk)
+{
+ PowerPCCPU *cpu;
+ CPUPPCState *env;
+ qemu_irq *irqs;
+
+ cpu = cpu_ppc_init(cpu_model);
+ if (cpu == NULL) {
+ fprintf(stderr, "Unable to initialize CPU!\n");
+ exit(1);
+ }
+ env = &cpu->env;
+
+ ppc_booke_timers_init(cpu, sysclk, 0/* no flags */);
+
+ ppc_dcr_init(env, NULL, NULL);
+
+ /* interrupt controller */
+ irqs = g_malloc0(sizeof(qemu_irq) * PPCUIC_OUTPUT_NB);
+ irqs[PPCUIC_OUTPUT_INT] = ((qemu_irq *)env->irq_inputs)[PPC40x_INPUT_INT];
+ irqs[PPCUIC_OUTPUT_CINT] = ((qemu_irq *)env->irq_inputs)[PPC40x_INPUT_CINT];
+ ppcuic_init(env, irqs, 0x0C0, 0, 1);
+ return cpu;
+}
+
+static void main_cpu_reset(void *opaque)
+{
+ PowerPCCPU *cpu = opaque;
+ CPUPPCState *env = &cpu->env;
+ struct boot_info *bi = env->load_info;
+
+ cpu_reset(CPU(cpu));
+ /* Linux Kernel Parameters (passing device tree):
+ * r3: pointer to the fdt
+ * r4: 0
+ * r5: 0
+ * r6: epapr magic
+ * r7: size of IMA in bytes
+ * r8: 0
+ * r9: 0
+ */
+ env->gpr[1] = (16<<20) - 8;
+ /* Provide a device-tree. */
+ env->gpr[3] = bi->fdt;
+ env->nip = bi->bootstrap_pc;
+
+ /* Create a mapping for the kernel. */
+ mmubooke_create_initial_mapping(env, 0, 0);
+ env->gpr[6] = tswap32(EPAPR_MAGIC);
+ env->gpr[7] = bi->ima_size;
+}
+
+#define BINARY_DEVICE_TREE_FILE "virtex-ml507.dtb"
+static int xilinx_load_device_tree(hwaddr addr,
+ uint32_t ramsize,
+ hwaddr initrd_base,
+ hwaddr initrd_size,
+ const char *kernel_cmdline)
+{
+ char *path;
+ int fdt_size;
+ void *fdt;
+ int r;
+
+ /* Try the local "ppc.dtb" override. */
+ fdt = load_device_tree("ppc.dtb", &fdt_size);
+ if (!fdt) {
+ path = qemu_find_file(QEMU_FILE_TYPE_BIOS, BINARY_DEVICE_TREE_FILE);
+ if (path) {
+ fdt = load_device_tree(path, &fdt_size);
+ g_free(path);
+ }
+ if (!fdt) {
+ return 0;
+ }
+ }
+
+ r = qemu_devtree_setprop_string(fdt, "/chosen", "bootargs", kernel_cmdline);
+ if (r < 0)
+ fprintf(stderr, "couldn't set /chosen/bootargs\n");
+ cpu_physical_memory_write(addr, fdt, fdt_size);
+ return fdt_size;
+}
+
+static void virtex_init(QEMUMachineInitArgs *args)
+{
+ ram_addr_t ram_size = args->ram_size;
+ const char *cpu_model = args->cpu_model;
+ const char *kernel_filename = args->kernel_filename;
+ const char *kernel_cmdline = args->kernel_cmdline;
+ MemoryRegion *address_space_mem = get_system_memory();
+ DeviceState *dev;
+ PowerPCCPU *cpu;
+ CPUPPCState *env;
+ hwaddr ram_base = 0;
+ DriveInfo *dinfo;
+ MemoryRegion *phys_ram = g_new(MemoryRegion, 1);
+ qemu_irq irq[32], *cpu_irq;
+ int kernel_size;
+ int i;
+
+ /* init CPUs */
+ if (cpu_model == NULL) {
+ cpu_model = "440-Xilinx";
+ }
+
+ cpu = ppc440_init_xilinx(&ram_size, 1, cpu_model, 400000000);
+ env = &cpu->env;
+ qemu_register_reset(main_cpu_reset, cpu);
+
+ memory_region_init_ram(phys_ram, NULL, "ram", ram_size);
+ vmstate_register_ram_global(phys_ram);
+ memory_region_add_subregion(address_space_mem, ram_base, phys_ram);
+
+ dinfo = drive_get(IF_PFLASH, 0, 0);
+ pflash_cfi01_register(0xfc000000, NULL, "virtex.flash", FLASH_SIZE,
+ dinfo ? dinfo->bdrv : NULL, (64 * 1024),
+ FLASH_SIZE >> 16,
+ 1, 0x89, 0x18, 0x0000, 0x0, 1);
+
+ cpu_irq = (qemu_irq *) &env->irq_inputs[PPC40x_INPUT_INT];
+ dev = xilinx_intc_create(0x81800000, cpu_irq[0], 0);
+ for (i = 0; i < 32; i++) {
+ irq[i] = qdev_get_gpio_in(dev, i);
+ }
+
+ serial_mm_init(address_space_mem, 0x83e01003ULL, 2, irq[9], 115200,
+ serial_hds[0], DEVICE_LITTLE_ENDIAN);
+
+ /* 2 timers at irq 2 @ 62 Mhz. */
+ xilinx_timer_create(0x83c00000, irq[3], 0, 62 * 1000000);
+
+ if (kernel_filename) {
+ uint64_t entry, low, high;
+ hwaddr boot_offset;
+
+ /* Boots a kernel elf binary. */
+ kernel_size = load_elf(kernel_filename, NULL, NULL,
+ &entry, &low, &high, 1, ELF_MACHINE, 0);
+ boot_info.bootstrap_pc = entry & 0x00ffffff;
+
+ if (kernel_size < 0) {
+ boot_offset = 0x1200000;
+ /* If we failed loading ELF's try a raw image. */
+ kernel_size = load_image_targphys(kernel_filename,
+ boot_offset,
+ ram_size);
+ boot_info.bootstrap_pc = boot_offset;
+ high = boot_info.bootstrap_pc + kernel_size + 8192;
+ }
+
+ boot_info.ima_size = kernel_size;
+
+ /* Provide a device-tree. */
+ boot_info.fdt = high + (8192 * 2);
+ boot_info.fdt &= ~8191;
+ xilinx_load_device_tree(boot_info.fdt, ram_size, 0, 0, kernel_cmdline);
+ }
+ env->load_info = &boot_info;
+}
+
+static QEMUMachine virtex_machine = {
+ .name = "virtex-ml507",
+ .desc = "Xilinx Virtex ML507 reference design",
+ .init = virtex_init,
+ DEFAULT_MACHINE_OPTIONS,
+};
+
+static void virtex_machine_init(void)
+{
+ qemu_register_machine(&virtex_machine);
+}
+
+machine_init(virtex_machine_init);
diff --git a/hw/ppc405.h b/hw/ppc405.h
deleted file mode 100644
index 535cbfb33..000000000
--- a/hw/ppc405.h
+++ /dev/null
@@ -1,81 +0,0 @@
-/*
- * QEMU PowerPC 405 shared definitions
- *
- * Copyright (c) 2007 Jocelyn Mayer
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
- * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
- * THE SOFTWARE.
- */
-
-#if !defined(PPC_405_H)
-#define PPC_405_H
-
-#include "ppc4xx.h"
-
-/* Bootinfo as set-up by u-boot */
-typedef struct ppc4xx_bd_info_t ppc4xx_bd_info_t;
-struct ppc4xx_bd_info_t {
- uint32_t bi_memstart;
- uint32_t bi_memsize;
- uint32_t bi_flashstart;
- uint32_t bi_flashsize;
- uint32_t bi_flashoffset; /* 0x10 */
- uint32_t bi_sramstart;
- uint32_t bi_sramsize;
- uint32_t bi_bootflags;
- uint32_t bi_ipaddr; /* 0x20 */
- uint8_t bi_enetaddr[6];
- uint16_t bi_ethspeed;
- uint32_t bi_intfreq;
- uint32_t bi_busfreq; /* 0x30 */
- uint32_t bi_baudrate;
- uint8_t bi_s_version[4];
- uint8_t bi_r_version[32];
- uint32_t bi_procfreq;
- uint32_t bi_plb_busfreq;
- uint32_t bi_pci_busfreq;
- uint8_t bi_pci_enetaddr[6];
- uint32_t bi_pci_enetaddr2[6];
- uint32_t bi_opbfreq;
- uint32_t bi_iic_fast[2];
-};
-
-/* PowerPC 405 core */
-ram_addr_t ppc405_set_bootinfo (CPUPPCState *env, ppc4xx_bd_info_t *bd,
- uint32_t flags);
-
-CPUPPCState *ppc405cr_init(MemoryRegion *address_space_mem,
- MemoryRegion ram_memories[4],
- hwaddr ram_bases[4],
- hwaddr ram_sizes[4],
- uint32_t sysclk, qemu_irq **picp,
- int do_init);
-CPUPPCState *ppc405ep_init(MemoryRegion *address_space_mem,
- MemoryRegion ram_memories[2],
- hwaddr ram_bases[2],
- hwaddr ram_sizes[2],
- uint32_t sysclk, qemu_irq **picp,
- int do_init);
-/* IBM STBxxx microcontrollers */
-CPUPPCState *ppc_stb025_init (MemoryRegion ram_memories[2],
- hwaddr ram_bases[2],
- hwaddr ram_sizes[2],
- uint32_t sysclk, qemu_irq **picp,
- ram_addr_t *offsetp);
-
-#endif /* !defined(PPC_405_H) */
diff --git a/hw/ppc405_boards.c b/hw/ppc405_boards.c
deleted file mode 100644
index 8dc693f05..000000000
--- a/hw/ppc405_boards.c
+++ /dev/null
@@ -1,660 +0,0 @@
-/*
- * QEMU PowerPC 405 evaluation boards emulation
- *
- * Copyright (c) 2007 Jocelyn Mayer
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
- * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
- * THE SOFTWARE.
- */
-#include "hw.h"
-#include "ppc.h"
-#include "ppc405.h"
-#include "nvram.h"
-#include "flash.h"
-#include "sysemu.h"
-#include "block.h"
-#include "boards.h"
-#include "qemu-log.h"
-#include "loader.h"
-#include "blockdev.h"
-#include "exec-memory.h"
-
-#define BIOS_FILENAME "ppc405_rom.bin"
-#define BIOS_SIZE (2048 * 1024)
-
-#define KERNEL_LOAD_ADDR 0x00000000
-#define INITRD_LOAD_ADDR 0x01800000
-
-#define USE_FLASH_BIOS
-
-#define DEBUG_BOARD_INIT
-
-/*****************************************************************************/
-/* PPC405EP reference board (IBM) */
-/* Standalone board with:
- * - PowerPC 405EP CPU
- * - SDRAM (0x00000000)
- * - Flash (0xFFF80000)
- * - SRAM (0xFFF00000)
- * - NVRAM (0xF0000000)
- * - FPGA (0xF0300000)
- */
-typedef struct ref405ep_fpga_t ref405ep_fpga_t;
-struct ref405ep_fpga_t {
- uint8_t reg0;
- uint8_t reg1;
-};
-
-static uint32_t ref405ep_fpga_readb (void *opaque, hwaddr addr)
-{
- ref405ep_fpga_t *fpga;
- uint32_t ret;
-
- fpga = opaque;
- switch (addr) {
- case 0x0:
- ret = fpga->reg0;
- break;
- case 0x1:
- ret = fpga->reg1;
- break;
- default:
- ret = 0;
- break;
- }
-
- return ret;
-}
-
-static void ref405ep_fpga_writeb (void *opaque,
- hwaddr addr, uint32_t value)
-{
- ref405ep_fpga_t *fpga;
-
- fpga = opaque;
- switch (addr) {
- case 0x0:
- /* Read only */
- break;
- case 0x1:
- fpga->reg1 = value;
- break;
- default:
- break;
- }
-}
-
-static uint32_t ref405ep_fpga_readw (void *opaque, hwaddr addr)
-{
- uint32_t ret;
-
- ret = ref405ep_fpga_readb(opaque, addr) << 8;
- ret |= ref405ep_fpga_readb(opaque, addr + 1);
-
- return ret;
-}
-
-static void ref405ep_fpga_writew (void *opaque,
- hwaddr addr, uint32_t value)
-{
- ref405ep_fpga_writeb(opaque, addr, (value >> 8) & 0xFF);
- ref405ep_fpga_writeb(opaque, addr + 1, value & 0xFF);
-}
-
-static uint32_t ref405ep_fpga_readl (void *opaque, hwaddr addr)
-{
- uint32_t ret;
-
- ret = ref405ep_fpga_readb(opaque, addr) << 24;
- ret |= ref405ep_fpga_readb(opaque, addr + 1) << 16;
- ret |= ref405ep_fpga_readb(opaque, addr + 2) << 8;
- ret |= ref405ep_fpga_readb(opaque, addr + 3);
-
- return ret;
-}
-
-static void ref405ep_fpga_writel (void *opaque,
- hwaddr addr, uint32_t value)
-{
- ref405ep_fpga_writeb(opaque, addr, (value >> 24) & 0xFF);
- ref405ep_fpga_writeb(opaque, addr + 1, (value >> 16) & 0xFF);
- ref405ep_fpga_writeb(opaque, addr + 2, (value >> 8) & 0xFF);
- ref405ep_fpga_writeb(opaque, addr + 3, value & 0xFF);
-}
-
-static const MemoryRegionOps ref405ep_fpga_ops = {
- .old_mmio = {
- .read = {
- ref405ep_fpga_readb, ref405ep_fpga_readw, ref405ep_fpga_readl,
- },
- .write = {
- ref405ep_fpga_writeb, ref405ep_fpga_writew, ref405ep_fpga_writel,
- },
- },
- .endianness = DEVICE_NATIVE_ENDIAN,
-};
-
-static void ref405ep_fpga_reset (void *opaque)
-{
- ref405ep_fpga_t *fpga;
-
- fpga = opaque;
- fpga->reg0 = 0x00;
- fpga->reg1 = 0x0F;
-}
-
-static void ref405ep_fpga_init(MemoryRegion *sysmem, uint32_t base)
-{
- ref405ep_fpga_t *fpga;
- MemoryRegion *fpga_memory = g_new(MemoryRegion, 1);
-
- fpga = g_malloc0(sizeof(ref405ep_fpga_t));
- memory_region_init_io(fpga_memory, &ref405ep_fpga_ops, fpga,
- "fpga", 0x00000100);
- memory_region_add_subregion(sysmem, base, fpga_memory);
- qemu_register_reset(&ref405ep_fpga_reset, fpga);
-}
-
-static void ref405ep_init(QEMUMachineInitArgs *args)
-{
- ram_addr_t ram_size = args->ram_size;
- const char *kernel_filename = args->kernel_filename;
- const char *kernel_cmdline = args->kernel_cmdline;
- const char *initrd_filename = args->initrd_filename;
- char *filename;
- ppc4xx_bd_info_t bd;
- CPUPPCState *env;
- qemu_irq *pic;
- MemoryRegion *bios;
- MemoryRegion *sram = g_new(MemoryRegion, 1);
- ram_addr_t bdloc;
- MemoryRegion *ram_memories = g_malloc(2 * sizeof(*ram_memories));
- hwaddr ram_bases[2], ram_sizes[2];
- target_ulong sram_size;
- long bios_size;
- //int phy_addr = 0;
- //static int phy_addr = 1;
- target_ulong kernel_base, initrd_base;
- long kernel_size, initrd_size;
- int linux_boot;
- int fl_idx, fl_sectors, len;
- DriveInfo *dinfo;
- MemoryRegion *sysmem = get_system_memory();
-
- /* XXX: fix this */
- memory_region_init_ram(&ram_memories[0], "ef405ep.ram", 0x08000000);
- vmstate_register_ram_global(&ram_memories[0]);
- ram_bases[0] = 0;
- ram_sizes[0] = 0x08000000;
- memory_region_init(&ram_memories[1], "ef405ep.ram1", 0);
- ram_bases[1] = 0x00000000;
- ram_sizes[1] = 0x00000000;
- ram_size = 128 * 1024 * 1024;
-#ifdef DEBUG_BOARD_INIT
- printf("%s: register cpu\n", __func__);
-#endif
- env = ppc405ep_init(sysmem, ram_memories, ram_bases, ram_sizes,
- 33333333, &pic, kernel_filename == NULL ? 0 : 1);
- /* allocate SRAM */
- sram_size = 512 * 1024;
- memory_region_init_ram(sram, "ef405ep.sram", sram_size);
- vmstate_register_ram_global(sram);
- memory_region_add_subregion(sysmem, 0xFFF00000, sram);
- /* allocate and load BIOS */
-#ifdef DEBUG_BOARD_INIT
- printf("%s: register BIOS\n", __func__);
-#endif
- fl_idx = 0;
-#ifdef USE_FLASH_BIOS
- dinfo = drive_get(IF_PFLASH, 0, fl_idx);
- if (dinfo) {
- bios_size = bdrv_getlength(dinfo->bdrv);
- fl_sectors = (bios_size + 65535) >> 16;
-#ifdef DEBUG_BOARD_INIT
- printf("Register parallel flash %d size %lx"
- " at addr %lx '%s' %d\n",
- fl_idx, bios_size, -bios_size,
- bdrv_get_device_name(dinfo->bdrv), fl_sectors);
-#endif
- pflash_cfi02_register((uint32_t)(-bios_size),
- NULL, "ef405ep.bios", bios_size,
- dinfo->bdrv, 65536, fl_sectors, 1,
- 2, 0x0001, 0x22DA, 0x0000, 0x0000, 0x555, 0x2AA,
- 1);
- fl_idx++;
- } else
-#endif
- {
-#ifdef DEBUG_BOARD_INIT
- printf("Load BIOS from file\n");
-#endif
- bios = g_new(MemoryRegion, 1);
- memory_region_init_ram(bios, "ef405ep.bios", BIOS_SIZE);
- vmstate_register_ram_global(bios);
- if (bios_name == NULL)
- bios_name = BIOS_FILENAME;
- filename = qemu_find_file(QEMU_FILE_TYPE_BIOS, bios_name);
- if (filename) {
- bios_size = load_image(filename, memory_region_get_ram_ptr(bios));
- g_free(filename);
- } else {
- bios_size = -1;
- }
- if (bios_size < 0 || bios_size > BIOS_SIZE) {
- fprintf(stderr, "qemu: could not load PowerPC bios '%s'\n",
- bios_name);
- exit(1);
- }
- bios_size = (bios_size + 0xfff) & ~0xfff;
- memory_region_set_readonly(bios, true);
- memory_region_add_subregion(sysmem, (uint32_t)(-bios_size), bios);
- }
- /* Register FPGA */
-#ifdef DEBUG_BOARD_INIT
- printf("%s: register FPGA\n", __func__);
-#endif
- ref405ep_fpga_init(sysmem, 0xF0300000);
- /* Register NVRAM */
-#ifdef DEBUG_BOARD_INIT
- printf("%s: register NVRAM\n", __func__);
-#endif
- m48t59_init(NULL, 0xF0000000, 0, 8192, 8);
- /* Load kernel */
- linux_boot = (kernel_filename != NULL);
- if (linux_boot) {
-#ifdef DEBUG_BOARD_INIT
- printf("%s: load kernel\n", __func__);
-#endif
- memset(&bd, 0, sizeof(bd));
- bd.bi_memstart = 0x00000000;
- bd.bi_memsize = ram_size;
- bd.bi_flashstart = -bios_size;
- bd.bi_flashsize = -bios_size;
- bd.bi_flashoffset = 0;
- bd.bi_sramstart = 0xFFF00000;
- bd.bi_sramsize = sram_size;
- bd.bi_bootflags = 0;
- bd.bi_intfreq = 133333333;
- bd.bi_busfreq = 33333333;
- bd.bi_baudrate = 115200;
- bd.bi_s_version[0] = 'Q';
- bd.bi_s_version[1] = 'M';
- bd.bi_s_version[2] = 'U';
- bd.bi_s_version[3] = '\0';
- bd.bi_r_version[0] = 'Q';
- bd.bi_r_version[1] = 'E';
- bd.bi_r_version[2] = 'M';
- bd.bi_r_version[3] = 'U';
- bd.bi_r_version[4] = '\0';
- bd.bi_procfreq = 133333333;
- bd.bi_plb_busfreq = 33333333;
- bd.bi_pci_busfreq = 33333333;
- bd.bi_opbfreq = 33333333;
- bdloc = ppc405_set_bootinfo(env, &bd, 0x00000001);
- env->gpr[3] = bdloc;
- kernel_base = KERNEL_LOAD_ADDR;
- /* now we can load the kernel */
- kernel_size = load_image_targphys(kernel_filename, kernel_base,
- ram_size - kernel_base);
- if (kernel_size < 0) {
- fprintf(stderr, "qemu: could not load kernel '%s'\n",
- kernel_filename);
- exit(1);
- }
- printf("Load kernel size %ld at " TARGET_FMT_lx,
- kernel_size, kernel_base);
- /* load initrd */
- if (initrd_filename) {
- initrd_base = INITRD_LOAD_ADDR;
- initrd_size = load_image_targphys(initrd_filename, initrd_base,
- ram_size - initrd_base);
- if (initrd_size < 0) {
- fprintf(stderr, "qemu: could not load initial ram disk '%s'\n",
- initrd_filename);
- exit(1);
- }
- } else {
- initrd_base = 0;
- initrd_size = 0;
- }
- env->gpr[4] = initrd_base;
- env->gpr[5] = initrd_size;
- if (kernel_cmdline != NULL) {
- len = strlen(kernel_cmdline);
- bdloc -= ((len + 255) & ~255);
- cpu_physical_memory_write(bdloc, (void *)kernel_cmdline, len + 1);
- env->gpr[6] = bdloc;
- env->gpr[7] = bdloc + len;
- } else {
- env->gpr[6] = 0;
- env->gpr[7] = 0;
- }
- env->nip = KERNEL_LOAD_ADDR;
- } else {
- kernel_base = 0;
- kernel_size = 0;
- initrd_base = 0;
- initrd_size = 0;
- bdloc = 0;
- }
-#ifdef DEBUG_BOARD_INIT
- printf("%s: Done\n", __func__);
-#endif
- printf("bdloc " RAM_ADDR_FMT "\n", bdloc);
-}
-
-static QEMUMachine ref405ep_machine = {
- .name = "ref405ep",
- .desc = "ref405ep",
- .init = ref405ep_init,
-};
-
-/*****************************************************************************/
-/* AMCC Taihu evaluation board */
-/* - PowerPC 405EP processor
- * - SDRAM 128 MB at 0x00000000
- * - Boot flash 2 MB at 0xFFE00000
- * - Application flash 32 MB at 0xFC000000
- * - 2 serial ports
- * - 2 ethernet PHY
- * - 1 USB 1.1 device 0x50000000
- * - 1 LCD display 0x50100000
- * - 1 CPLD 0x50100000
- * - 1 I2C EEPROM
- * - 1 I2C thermal sensor
- * - a set of LEDs
- * - bit-bang SPI port using GPIOs
- * - 1 EBC interface connector 0 0x50200000
- * - 1 cardbus controller + expansion slot.
- * - 1 PCI expansion slot.
- */
-typedef struct taihu_cpld_t taihu_cpld_t;
-struct taihu_cpld_t {
- uint8_t reg0;
- uint8_t reg1;
-};
-
-static uint32_t taihu_cpld_readb (void *opaque, hwaddr addr)
-{
- taihu_cpld_t *cpld;
- uint32_t ret;
-
- cpld = opaque;
- switch (addr) {
- case 0x0:
- ret = cpld->reg0;
- break;
- case 0x1:
- ret = cpld->reg1;
- break;
- default:
- ret = 0;
- break;
- }
-
- return ret;
-}
-
-static void taihu_cpld_writeb (void *opaque,
- hwaddr addr, uint32_t value)
-{
- taihu_cpld_t *cpld;
-
- cpld = opaque;
- switch (addr) {
- case 0x0:
- /* Read only */
- break;
- case 0x1:
- cpld->reg1 = value;
- break;
- default:
- break;
- }
-}
-
-static uint32_t taihu_cpld_readw (void *opaque, hwaddr addr)
-{
- uint32_t ret;
-
- ret = taihu_cpld_readb(opaque, addr) << 8;
- ret |= taihu_cpld_readb(opaque, addr + 1);
-
- return ret;
-}
-
-static void taihu_cpld_writew (void *opaque,
- hwaddr addr, uint32_t value)
-{
- taihu_cpld_writeb(opaque, addr, (value >> 8) & 0xFF);
- taihu_cpld_writeb(opaque, addr + 1, value & 0xFF);
-}
-
-static uint32_t taihu_cpld_readl (void *opaque, hwaddr addr)
-{
- uint32_t ret;
-
- ret = taihu_cpld_readb(opaque, addr) << 24;
- ret |= taihu_cpld_readb(opaque, addr + 1) << 16;
- ret |= taihu_cpld_readb(opaque, addr + 2) << 8;
- ret |= taihu_cpld_readb(opaque, addr + 3);
-
- return ret;
-}
-
-static void taihu_cpld_writel (void *opaque,
- hwaddr addr, uint32_t value)
-{
- taihu_cpld_writel(opaque, addr, (value >> 24) & 0xFF);
- taihu_cpld_writel(opaque, addr + 1, (value >> 16) & 0xFF);
- taihu_cpld_writel(opaque, addr + 2, (value >> 8) & 0xFF);
- taihu_cpld_writeb(opaque, addr + 3, value & 0xFF);
-}
-
-static const MemoryRegionOps taihu_cpld_ops = {
- .old_mmio = {
- .read = { taihu_cpld_readb, taihu_cpld_readw, taihu_cpld_readl, },
- .write = { taihu_cpld_writeb, taihu_cpld_writew, taihu_cpld_writel, },
- },
- .endianness = DEVICE_NATIVE_ENDIAN,
-};
-
-static void taihu_cpld_reset (void *opaque)
-{
- taihu_cpld_t *cpld;
-
- cpld = opaque;
- cpld->reg0 = 0x01;
- cpld->reg1 = 0x80;
-}
-
-static void taihu_cpld_init(MemoryRegion *sysmem, uint32_t base)
-{
- taihu_cpld_t *cpld;
- MemoryRegion *cpld_memory = g_new(MemoryRegion, 1);
-
- cpld = g_malloc0(sizeof(taihu_cpld_t));
- memory_region_init_io(cpld_memory, &taihu_cpld_ops, cpld, "cpld", 0x100);
- memory_region_add_subregion(sysmem, base, cpld_memory);
- qemu_register_reset(&taihu_cpld_reset, cpld);
-}
-
-static void taihu_405ep_init(QEMUMachineInitArgs *args)
-{
- ram_addr_t ram_size = args->ram_size;
- const char *kernel_filename = args->kernel_filename;
- const char *initrd_filename = args->initrd_filename;
- char *filename;
- qemu_irq *pic;
- MemoryRegion *sysmem = get_system_memory();
- MemoryRegion *bios;
- MemoryRegion *ram_memories = g_malloc(2 * sizeof(*ram_memories));
- hwaddr ram_bases[2], ram_sizes[2];
- long bios_size;
- target_ulong kernel_base, initrd_base;
- long kernel_size, initrd_size;
- int linux_boot;
- int fl_idx, fl_sectors;
- DriveInfo *dinfo;
-
- /* RAM is soldered to the board so the size cannot be changed */
- memory_region_init_ram(&ram_memories[0],
- "taihu_405ep.ram-0", 0x04000000);
- vmstate_register_ram_global(&ram_memories[0]);
- ram_bases[0] = 0;
- ram_sizes[0] = 0x04000000;
- memory_region_init_ram(&ram_memories[1],
- "taihu_405ep.ram-1", 0x04000000);
- vmstate_register_ram_global(&ram_memories[1]);
- ram_bases[1] = 0x04000000;
- ram_sizes[1] = 0x04000000;
- ram_size = 0x08000000;
-#ifdef DEBUG_BOARD_INIT
- printf("%s: register cpu\n", __func__);
-#endif
- ppc405ep_init(sysmem, ram_memories, ram_bases, ram_sizes,
- 33333333, &pic, kernel_filename == NULL ? 0 : 1);
- /* allocate and load BIOS */
-#ifdef DEBUG_BOARD_INIT
- printf("%s: register BIOS\n", __func__);
-#endif
- fl_idx = 0;
-#if defined(USE_FLASH_BIOS)
- dinfo = drive_get(IF_PFLASH, 0, fl_idx);
- if (dinfo) {
- bios_size = bdrv_getlength(dinfo->bdrv);
- /* XXX: should check that size is 2MB */
- // bios_size = 2 * 1024 * 1024;
- fl_sectors = (bios_size + 65535) >> 16;
-#ifdef DEBUG_BOARD_INIT
- printf("Register parallel flash %d size %lx"
- " at addr %lx '%s' %d\n",
- fl_idx, bios_size, -bios_size,
- bdrv_get_device_name(dinfo->bdrv), fl_sectors);
-#endif
- pflash_cfi02_register((uint32_t)(-bios_size),
- NULL, "taihu_405ep.bios", bios_size,
- dinfo->bdrv, 65536, fl_sectors, 1,
- 4, 0x0001, 0x22DA, 0x0000, 0x0000, 0x555, 0x2AA,
- 1);
- fl_idx++;
- } else
-#endif
- {
-#ifdef DEBUG_BOARD_INIT
- printf("Load BIOS from file\n");
-#endif
- if (bios_name == NULL)
- bios_name = BIOS_FILENAME;
- bios = g_new(MemoryRegion, 1);
- memory_region_init_ram(bios, "taihu_405ep.bios", BIOS_SIZE);
- vmstate_register_ram_global(bios);
- filename = qemu_find_file(QEMU_FILE_TYPE_BIOS, bios_name);
- if (filename) {
- bios_size = load_image(filename, memory_region_get_ram_ptr(bios));
- g_free(filename);
- } else {
- bios_size = -1;
- }
- if (bios_size < 0 || bios_size > BIOS_SIZE) {
- fprintf(stderr, "qemu: could not load PowerPC bios '%s'\n",
- bios_name);
- exit(1);
- }
- bios_size = (bios_size + 0xfff) & ~0xfff;
- memory_region_set_readonly(bios, true);
- memory_region_add_subregion(sysmem, (uint32_t)(-bios_size), bios);
- }
- /* Register Linux flash */
- dinfo = drive_get(IF_PFLASH, 0, fl_idx);
- if (dinfo) {
- bios_size = bdrv_getlength(dinfo->bdrv);
- /* XXX: should check that size is 32MB */
- bios_size = 32 * 1024 * 1024;
- fl_sectors = (bios_size + 65535) >> 16;
-#ifdef DEBUG_BOARD_INIT
- printf("Register parallel flash %d size %lx"
- " at addr " TARGET_FMT_lx " '%s'\n",
- fl_idx, bios_size, (target_ulong)0xfc000000,
- bdrv_get_device_name(dinfo->bdrv));
-#endif
- pflash_cfi02_register(0xfc000000, NULL, "taihu_405ep.flash", bios_size,
- dinfo->bdrv, 65536, fl_sectors, 1,
- 4, 0x0001, 0x22DA, 0x0000, 0x0000, 0x555, 0x2AA,
- 1);
- fl_idx++;
- }
- /* Register CLPD & LCD display */
-#ifdef DEBUG_BOARD_INIT
- printf("%s: register CPLD\n", __func__);
-#endif
- taihu_cpld_init(sysmem, 0x50100000);
- /* Load kernel */
- linux_boot = (kernel_filename != NULL);
- if (linux_boot) {
-#ifdef DEBUG_BOARD_INIT
- printf("%s: load kernel\n", __func__);
-#endif
- kernel_base = KERNEL_LOAD_ADDR;
- /* now we can load the kernel */
- kernel_size = load_image_targphys(kernel_filename, kernel_base,
- ram_size - kernel_base);
- if (kernel_size < 0) {
- fprintf(stderr, "qemu: could not load kernel '%s'\n",
- kernel_filename);
- exit(1);
- }
- /* load initrd */
- if (initrd_filename) {
- initrd_base = INITRD_LOAD_ADDR;
- initrd_size = load_image_targphys(initrd_filename, initrd_base,
- ram_size - initrd_base);
- if (initrd_size < 0) {
- fprintf(stderr,
- "qemu: could not load initial ram disk '%s'\n",
- initrd_filename);
- exit(1);
- }
- } else {
- initrd_base = 0;
- initrd_size = 0;
- }
- } else {
- kernel_base = 0;
- kernel_size = 0;
- initrd_base = 0;
- initrd_size = 0;
- }
-#ifdef DEBUG_BOARD_INIT
- printf("%s: Done\n", __func__);
-#endif
-}
-
-static QEMUMachine taihu_machine = {
- .name = "taihu",
- .desc = "taihu",
- .init = taihu_405ep_init,
-};
-
-static void ppc405_machine_init(void)
-{
- qemu_register_machine(&ref405ep_machine);
- qemu_register_machine(&taihu_machine);
-}
-
-machine_init(ppc405_machine_init);
diff --git a/hw/ppc405_uc.c b/hw/ppc405_uc.c
deleted file mode 100644
index 0f458ef77..000000000
--- a/hw/ppc405_uc.c
+++ /dev/null
@@ -1,2540 +0,0 @@
-/*
- * QEMU PowerPC 405 embedded processors emulation
- *
- * Copyright (c) 2007 Jocelyn Mayer
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
- * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
- * THE SOFTWARE.
- */
-#include "hw.h"
-#include "ppc.h"
-#include "ppc405.h"
-#include "serial.h"
-#include "qemu-timer.h"
-#include "sysemu.h"
-#include "qemu-log.h"
-#include "exec-memory.h"
-
-#define DEBUG_OPBA
-#define DEBUG_SDRAM
-#define DEBUG_GPIO
-#define DEBUG_SERIAL
-#define DEBUG_OCM
-//#define DEBUG_I2C
-#define DEBUG_GPT
-#define DEBUG_MAL
-#define DEBUG_CLOCKS
-//#define DEBUG_CLOCKS_LL
-
-ram_addr_t ppc405_set_bootinfo (CPUPPCState *env, ppc4xx_bd_info_t *bd,
- uint32_t flags)
-{
- ram_addr_t bdloc;
- int i, n;
-
- /* We put the bd structure at the top of memory */
- if (bd->bi_memsize >= 0x01000000UL)
- bdloc = 0x01000000UL - sizeof(struct ppc4xx_bd_info_t);
- else
- bdloc = bd->bi_memsize - sizeof(struct ppc4xx_bd_info_t);
- stl_be_phys(bdloc + 0x00, bd->bi_memstart);
- stl_be_phys(bdloc + 0x04, bd->bi_memsize);
- stl_be_phys(bdloc + 0x08, bd->bi_flashstart);
- stl_be_phys(bdloc + 0x0C, bd->bi_flashsize);
- stl_be_phys(bdloc + 0x10, bd->bi_flashoffset);
- stl_be_phys(bdloc + 0x14, bd->bi_sramstart);
- stl_be_phys(bdloc + 0x18, bd->bi_sramsize);
- stl_be_phys(bdloc + 0x1C, bd->bi_bootflags);
- stl_be_phys(bdloc + 0x20, bd->bi_ipaddr);
- for (i = 0; i < 6; i++) {
- stb_phys(bdloc + 0x24 + i, bd->bi_enetaddr[i]);
- }
- stw_be_phys(bdloc + 0x2A, bd->bi_ethspeed);
- stl_be_phys(bdloc + 0x2C, bd->bi_intfreq);
- stl_be_phys(bdloc + 0x30, bd->bi_busfreq);
- stl_be_phys(bdloc + 0x34, bd->bi_baudrate);
- for (i = 0; i < 4; i++) {
- stb_phys(bdloc + 0x38 + i, bd->bi_s_version[i]);
- }
- for (i = 0; i < 32; i++) {
- stb_phys(bdloc + 0x3C + i, bd->bi_r_version[i]);
- }
- stl_be_phys(bdloc + 0x5C, bd->bi_plb_busfreq);
- stl_be_phys(bdloc + 0x60, bd->bi_pci_busfreq);
- for (i = 0; i < 6; i++) {
- stb_phys(bdloc + 0x64 + i, bd->bi_pci_enetaddr[i]);
- }
- n = 0x6A;
- if (flags & 0x00000001) {
- for (i = 0; i < 6; i++)
- stb_phys(bdloc + n++, bd->bi_pci_enetaddr2[i]);
- }
- stl_be_phys(bdloc + n, bd->bi_opbfreq);
- n += 4;
- for (i = 0; i < 2; i++) {
- stl_be_phys(bdloc + n, bd->bi_iic_fast[i]);
- n += 4;
- }
-
- return bdloc;
-}
-
-/*****************************************************************************/
-/* Shared peripherals */
-
-/*****************************************************************************/
-/* Peripheral local bus arbitrer */
-enum {
- PLB0_BESR = 0x084,
- PLB0_BEAR = 0x086,
- PLB0_ACR = 0x087,
-};
-
-typedef struct ppc4xx_plb_t ppc4xx_plb_t;
-struct ppc4xx_plb_t {
- uint32_t acr;
- uint32_t bear;
- uint32_t besr;
-};
-
-static uint32_t dcr_read_plb (void *opaque, int dcrn)
-{
- ppc4xx_plb_t *plb;
- uint32_t ret;
-
- plb = opaque;
- switch (dcrn) {
- case PLB0_ACR:
- ret = plb->acr;
- break;
- case PLB0_BEAR:
- ret = plb->bear;
- break;
- case PLB0_BESR:
- ret = plb->besr;
- break;
- default:
- /* Avoid gcc warning */
- ret = 0;
- break;
- }
-
- return ret;
-}
-
-static void dcr_write_plb (void *opaque, int dcrn, uint32_t val)
-{
- ppc4xx_plb_t *plb;
-
- plb = opaque;
- switch (dcrn) {
- case PLB0_ACR:
- /* We don't care about the actual parameters written as
- * we don't manage any priorities on the bus
- */
- plb->acr = val & 0xF8000000;
- break;
- case PLB0_BEAR:
- /* Read only */
- break;
- case PLB0_BESR:
- /* Write-clear */
- plb->besr &= ~val;
- break;
- }
-}
-
-static void ppc4xx_plb_reset (void *opaque)
-{
- ppc4xx_plb_t *plb;
-
- plb = opaque;
- plb->acr = 0x00000000;
- plb->bear = 0x00000000;
- plb->besr = 0x00000000;
-}
-
-static void ppc4xx_plb_init(CPUPPCState *env)
-{
- ppc4xx_plb_t *plb;
-
- plb = g_malloc0(sizeof(ppc4xx_plb_t));
- ppc_dcr_register(env, PLB0_ACR, plb, &dcr_read_plb, &dcr_write_plb);
- ppc_dcr_register(env, PLB0_BEAR, plb, &dcr_read_plb, &dcr_write_plb);
- ppc_dcr_register(env, PLB0_BESR, plb, &dcr_read_plb, &dcr_write_plb);
- qemu_register_reset(ppc4xx_plb_reset, plb);
-}
-
-/*****************************************************************************/
-/* PLB to OPB bridge */
-enum {
- POB0_BESR0 = 0x0A0,
- POB0_BESR1 = 0x0A2,
- POB0_BEAR = 0x0A4,
-};
-
-typedef struct ppc4xx_pob_t ppc4xx_pob_t;
-struct ppc4xx_pob_t {
- uint32_t bear;
- uint32_t besr0;
- uint32_t besr1;
-};
-
-static uint32_t dcr_read_pob (void *opaque, int dcrn)
-{
- ppc4xx_pob_t *pob;
- uint32_t ret;
-
- pob = opaque;
- switch (dcrn) {
- case POB0_BEAR:
- ret = pob->bear;
- break;
- case POB0_BESR0:
- ret = pob->besr0;
- break;
- case POB0_BESR1:
- ret = pob->besr1;
- break;
- default:
- /* Avoid gcc warning */
- ret = 0;
- break;
- }
-
- return ret;
-}
-
-static void dcr_write_pob (void *opaque, int dcrn, uint32_t val)
-{
- ppc4xx_pob_t *pob;
-
- pob = opaque;
- switch (dcrn) {
- case POB0_BEAR:
- /* Read only */
- break;
- case POB0_BESR0:
- /* Write-clear */
- pob->besr0 &= ~val;
- break;
- case POB0_BESR1:
- /* Write-clear */
- pob->besr1 &= ~val;
- break;
- }
-}
-
-static void ppc4xx_pob_reset (void *opaque)
-{
- ppc4xx_pob_t *pob;
-
- pob = opaque;
- /* No error */
- pob->bear = 0x00000000;
- pob->besr0 = 0x0000000;
- pob->besr1 = 0x0000000;
-}
-
-static void ppc4xx_pob_init(CPUPPCState *env)
-{
- ppc4xx_pob_t *pob;
-
- pob = g_malloc0(sizeof(ppc4xx_pob_t));
- ppc_dcr_register(env, POB0_BEAR, pob, &dcr_read_pob, &dcr_write_pob);
- ppc_dcr_register(env, POB0_BESR0, pob, &dcr_read_pob, &dcr_write_pob);
- ppc_dcr_register(env, POB0_BESR1, pob, &dcr_read_pob, &dcr_write_pob);
- qemu_register_reset(ppc4xx_pob_reset, pob);
-}
-
-/*****************************************************************************/
-/* OPB arbitrer */
-typedef struct ppc4xx_opba_t ppc4xx_opba_t;
-struct ppc4xx_opba_t {
- MemoryRegion io;
- uint8_t cr;
- uint8_t pr;
-};
-
-static uint32_t opba_readb (void *opaque, hwaddr addr)
-{
- ppc4xx_opba_t *opba;
- uint32_t ret;
-
-#ifdef DEBUG_OPBA
- printf("%s: addr " TARGET_FMT_plx "\n", __func__, addr);
-#endif
- opba = opaque;
- switch (addr) {
- case 0x00:
- ret = opba->cr;
- break;
- case 0x01:
- ret = opba->pr;
- break;
- default:
- ret = 0x00;
- break;
- }
-
- return ret;
-}
-
-static void opba_writeb (void *opaque,
- hwaddr addr, uint32_t value)
-{
- ppc4xx_opba_t *opba;
-
-#ifdef DEBUG_OPBA
- printf("%s: addr " TARGET_FMT_plx " val %08" PRIx32 "\n", __func__, addr,
- value);
-#endif
- opba = opaque;
- switch (addr) {
- case 0x00:
- opba->cr = value & 0xF8;
- break;
- case 0x01:
- opba->pr = value & 0xFF;
- break;
- default:
- break;
- }
-}
-
-static uint32_t opba_readw (void *opaque, hwaddr addr)
-{
- uint32_t ret;
-
-#ifdef DEBUG_OPBA
- printf("%s: addr " TARGET_FMT_plx "\n", __func__, addr);
-#endif
- ret = opba_readb(opaque, addr) << 8;
- ret |= opba_readb(opaque, addr + 1);
-
- return ret;
-}
-
-static void opba_writew (void *opaque,
- hwaddr addr, uint32_t value)
-{
-#ifdef DEBUG_OPBA
- printf("%s: addr " TARGET_FMT_plx " val %08" PRIx32 "\n", __func__, addr,
- value);
-#endif
- opba_writeb(opaque, addr, value >> 8);
- opba_writeb(opaque, addr + 1, value);
-}
-
-static uint32_t opba_readl (void *opaque, hwaddr addr)
-{
- uint32_t ret;
-
-#ifdef DEBUG_OPBA
- printf("%s: addr " TARGET_FMT_plx "\n", __func__, addr);
-#endif
- ret = opba_readb(opaque, addr) << 24;
- ret |= opba_readb(opaque, addr + 1) << 16;
-
- return ret;
-}
-
-static void opba_writel (void *opaque,
- hwaddr addr, uint32_t value)
-{
-#ifdef DEBUG_OPBA
- printf("%s: addr " TARGET_FMT_plx " val %08" PRIx32 "\n", __func__, addr,
- value);
-#endif
- opba_writeb(opaque, addr, value >> 24);
- opba_writeb(opaque, addr + 1, value >> 16);
-}
-
-static const MemoryRegionOps opba_ops = {
- .old_mmio = {
- .read = { opba_readb, opba_readw, opba_readl, },
- .write = { opba_writeb, opba_writew, opba_writel, },
- },
- .endianness = DEVICE_NATIVE_ENDIAN,
-};
-
-static void ppc4xx_opba_reset (void *opaque)
-{
- ppc4xx_opba_t *opba;
-
- opba = opaque;
- opba->cr = 0x00; /* No dynamic priorities - park disabled */
- opba->pr = 0x11;
-}
-
-static void ppc4xx_opba_init(hwaddr base)
-{
- ppc4xx_opba_t *opba;
-
- opba = g_malloc0(sizeof(ppc4xx_opba_t));
-#ifdef DEBUG_OPBA
- printf("%s: offset " TARGET_FMT_plx "\n", __func__, base);
-#endif
- memory_region_init_io(&opba->io, &opba_ops, opba, "opba", 0x002);
- memory_region_add_subregion(get_system_memory(), base, &opba->io);
- qemu_register_reset(ppc4xx_opba_reset, opba);
-}
-
-/*****************************************************************************/
-/* Code decompression controller */
-/* XXX: TODO */
-
-/*****************************************************************************/
-/* Peripheral controller */
-typedef struct ppc4xx_ebc_t ppc4xx_ebc_t;
-struct ppc4xx_ebc_t {
- uint32_t addr;
- uint32_t bcr[8];
- uint32_t bap[8];
- uint32_t bear;
- uint32_t besr0;
- uint32_t besr1;
- uint32_t cfg;
-};
-
-enum {
- EBC0_CFGADDR = 0x012,
- EBC0_CFGDATA = 0x013,
-};
-
-static uint32_t dcr_read_ebc (void *opaque, int dcrn)
-{
- ppc4xx_ebc_t *ebc;
- uint32_t ret;
-
- ebc = opaque;
- switch (dcrn) {
- case EBC0_CFGADDR:
- ret = ebc->addr;
- break;
- case EBC0_CFGDATA:
- switch (ebc->addr) {
- case 0x00: /* B0CR */
- ret = ebc->bcr[0];
- break;
- case 0x01: /* B1CR */
- ret = ebc->bcr[1];
- break;
- case 0x02: /* B2CR */
- ret = ebc->bcr[2];
- break;
- case 0x03: /* B3CR */
- ret = ebc->bcr[3];
- break;
- case 0x04: /* B4CR */
- ret = ebc->bcr[4];
- break;
- case 0x05: /* B5CR */
- ret = ebc->bcr[5];
- break;
- case 0x06: /* B6CR */
- ret = ebc->bcr[6];
- break;
- case 0x07: /* B7CR */
- ret = ebc->bcr[7];
- break;
- case 0x10: /* B0AP */
- ret = ebc->bap[0];
- break;
- case 0x11: /* B1AP */
- ret = ebc->bap[1];
- break;
- case 0x12: /* B2AP */
- ret = ebc->bap[2];
- break;
- case 0x13: /* B3AP */
- ret = ebc->bap[3];
- break;
- case 0x14: /* B4AP */
- ret = ebc->bap[4];
- break;
- case 0x15: /* B5AP */
- ret = ebc->bap[5];
- break;
- case 0x16: /* B6AP */
- ret = ebc->bap[6];
- break;
- case 0x17: /* B7AP */
- ret = ebc->bap[7];
- break;
- case 0x20: /* BEAR */
- ret = ebc->bear;
- break;
- case 0x21: /* BESR0 */
- ret = ebc->besr0;
- break;
- case 0x22: /* BESR1 */
- ret = ebc->besr1;
- break;
- case 0x23: /* CFG */
- ret = ebc->cfg;
- break;
- default:
- ret = 0x00000000;
- break;
- }
- break;
- default:
- ret = 0x00000000;
- break;
- }
-
- return ret;
-}
-
-static void dcr_write_ebc (void *opaque, int dcrn, uint32_t val)
-{
- ppc4xx_ebc_t *ebc;
-
- ebc = opaque;
- switch (dcrn) {
- case EBC0_CFGADDR:
- ebc->addr = val;
- break;
- case EBC0_CFGDATA:
- switch (ebc->addr) {
- case 0x00: /* B0CR */
- break;
- case 0x01: /* B1CR */
- break;
- case 0x02: /* B2CR */
- break;
- case 0x03: /* B3CR */
- break;
- case 0x04: /* B4CR */
- break;
- case 0x05: /* B5CR */
- break;
- case 0x06: /* B6CR */
- break;
- case 0x07: /* B7CR */
- break;
- case 0x10: /* B0AP */
- break;
- case 0x11: /* B1AP */
- break;
- case 0x12: /* B2AP */
- break;
- case 0x13: /* B3AP */
- break;
- case 0x14: /* B4AP */
- break;
- case 0x15: /* B5AP */
- break;
- case 0x16: /* B6AP */
- break;
- case 0x17: /* B7AP */
- break;
- case 0x20: /* BEAR */
- break;
- case 0x21: /* BESR0 */
- break;
- case 0x22: /* BESR1 */
- break;
- case 0x23: /* CFG */
- break;
- default:
- break;
- }
- break;
- default:
- break;
- }
-}
-
-static void ebc_reset (void *opaque)
-{
- ppc4xx_ebc_t *ebc;
- int i;
-
- ebc = opaque;
- ebc->addr = 0x00000000;
- ebc->bap[0] = 0x7F8FFE80;
- ebc->bcr[0] = 0xFFE28000;
- for (i = 0; i < 8; i++) {
- ebc->bap[i] = 0x00000000;
- ebc->bcr[i] = 0x00000000;
- }
- ebc->besr0 = 0x00000000;
- ebc->besr1 = 0x00000000;
- ebc->cfg = 0x80400000;
-}
-
-static void ppc405_ebc_init(CPUPPCState *env)
-{
- ppc4xx_ebc_t *ebc;
-
- ebc = g_malloc0(sizeof(ppc4xx_ebc_t));
- qemu_register_reset(&ebc_reset, ebc);
- ppc_dcr_register(env, EBC0_CFGADDR,
- ebc, &dcr_read_ebc, &dcr_write_ebc);
- ppc_dcr_register(env, EBC0_CFGDATA,
- ebc, &dcr_read_ebc, &dcr_write_ebc);
-}
-
-/*****************************************************************************/
-/* DMA controller */
-enum {
- DMA0_CR0 = 0x100,
- DMA0_CT0 = 0x101,
- DMA0_DA0 = 0x102,
- DMA0_SA0 = 0x103,
- DMA0_SG0 = 0x104,
- DMA0_CR1 = 0x108,
- DMA0_CT1 = 0x109,
- DMA0_DA1 = 0x10A,
- DMA0_SA1 = 0x10B,
- DMA0_SG1 = 0x10C,
- DMA0_CR2 = 0x110,
- DMA0_CT2 = 0x111,
- DMA0_DA2 = 0x112,
- DMA0_SA2 = 0x113,
- DMA0_SG2 = 0x114,
- DMA0_CR3 = 0x118,
- DMA0_CT3 = 0x119,
- DMA0_DA3 = 0x11A,
- DMA0_SA3 = 0x11B,
- DMA0_SG3 = 0x11C,
- DMA0_SR = 0x120,
- DMA0_SGC = 0x123,
- DMA0_SLP = 0x125,
- DMA0_POL = 0x126,
-};
-
-typedef struct ppc405_dma_t ppc405_dma_t;
-struct ppc405_dma_t {
- qemu_irq irqs[4];
- uint32_t cr[4];
- uint32_t ct[4];
- uint32_t da[4];
- uint32_t sa[4];
- uint32_t sg[4];
- uint32_t sr;
- uint32_t sgc;
- uint32_t slp;
- uint32_t pol;
-};
-
-static uint32_t dcr_read_dma (void *opaque, int dcrn)
-{
- return 0;
-}
-
-static void dcr_write_dma (void *opaque, int dcrn, uint32_t val)
-{
-}
-
-static void ppc405_dma_reset (void *opaque)
-{
- ppc405_dma_t *dma;
- int i;
-
- dma = opaque;
- for (i = 0; i < 4; i++) {
- dma->cr[i] = 0x00000000;
- dma->ct[i] = 0x00000000;
- dma->da[i] = 0x00000000;
- dma->sa[i] = 0x00000000;
- dma->sg[i] = 0x00000000;
- }
- dma->sr = 0x00000000;
- dma->sgc = 0x00000000;
- dma->slp = 0x7C000000;
- dma->pol = 0x00000000;
-}
-
-static void ppc405_dma_init(CPUPPCState *env, qemu_irq irqs[4])
-{
- ppc405_dma_t *dma;
-
- dma = g_malloc0(sizeof(ppc405_dma_t));
- memcpy(dma->irqs, irqs, 4 * sizeof(qemu_irq));
- qemu_register_reset(&ppc405_dma_reset, dma);
- ppc_dcr_register(env, DMA0_CR0,
- dma, &dcr_read_dma, &dcr_write_dma);
- ppc_dcr_register(env, DMA0_CT0,
- dma, &dcr_read_dma, &dcr_write_dma);
- ppc_dcr_register(env, DMA0_DA0,
- dma, &dcr_read_dma, &dcr_write_dma);
- ppc_dcr_register(env, DMA0_SA0,
- dma, &dcr_read_dma, &dcr_write_dma);
- ppc_dcr_register(env, DMA0_SG0,
- dma, &dcr_read_dma, &dcr_write_dma);
- ppc_dcr_register(env, DMA0_CR1,
- dma, &dcr_read_dma, &dcr_write_dma);
- ppc_dcr_register(env, DMA0_CT1,
- dma, &dcr_read_dma, &dcr_write_dma);
- ppc_dcr_register(env, DMA0_DA1,
- dma, &dcr_read_dma, &dcr_write_dma);
- ppc_dcr_register(env, DMA0_SA1,
- dma, &dcr_read_dma, &dcr_write_dma);
- ppc_dcr_register(env, DMA0_SG1,
- dma, &dcr_read_dma, &dcr_write_dma);
- ppc_dcr_register(env, DMA0_CR2,
- dma, &dcr_read_dma, &dcr_write_dma);
- ppc_dcr_register(env, DMA0_CT2,
- dma, &dcr_read_dma, &dcr_write_dma);
- ppc_dcr_register(env, DMA0_DA2,
- dma, &dcr_read_dma, &dcr_write_dma);
- ppc_dcr_register(env, DMA0_SA2,
- dma, &dcr_read_dma, &dcr_write_dma);
- ppc_dcr_register(env, DMA0_SG2,
- dma, &dcr_read_dma, &dcr_write_dma);
- ppc_dcr_register(env, DMA0_CR3,
- dma, &dcr_read_dma, &dcr_write_dma);
- ppc_dcr_register(env, DMA0_CT3,
- dma, &dcr_read_dma, &dcr_write_dma);
- ppc_dcr_register(env, DMA0_DA3,
- dma, &dcr_read_dma, &dcr_write_dma);
- ppc_dcr_register(env, DMA0_SA3,
- dma, &dcr_read_dma, &dcr_write_dma);
- ppc_dcr_register(env, DMA0_SG3,
- dma, &dcr_read_dma, &dcr_write_dma);
- ppc_dcr_register(env, DMA0_SR,
- dma, &dcr_read_dma, &dcr_write_dma);
- ppc_dcr_register(env, DMA0_SGC,
- dma, &dcr_read_dma, &dcr_write_dma);
- ppc_dcr_register(env, DMA0_SLP,
- dma, &dcr_read_dma, &dcr_write_dma);
- ppc_dcr_register(env, DMA0_POL,
- dma, &dcr_read_dma, &dcr_write_dma);
-}
-
-/*****************************************************************************/
-/* GPIO */
-typedef struct ppc405_gpio_t ppc405_gpio_t;
-struct ppc405_gpio_t {
- MemoryRegion io;
- uint32_t or;
- uint32_t tcr;
- uint32_t osrh;
- uint32_t osrl;
- uint32_t tsrh;
- uint32_t tsrl;
- uint32_t odr;
- uint32_t ir;
- uint32_t rr1;
- uint32_t isr1h;
- uint32_t isr1l;
-};
-
-static uint32_t ppc405_gpio_readb (void *opaque, hwaddr addr)
-{
-#ifdef DEBUG_GPIO
- printf("%s: addr " TARGET_FMT_plx "\n", __func__, addr);
-#endif
-
- return 0;
-}
-
-static void ppc405_gpio_writeb (void *opaque,
- hwaddr addr, uint32_t value)
-{
-#ifdef DEBUG_GPIO
- printf("%s: addr " TARGET_FMT_plx " val %08" PRIx32 "\n", __func__, addr,
- value);
-#endif
-}
-
-static uint32_t ppc405_gpio_readw (void *opaque, hwaddr addr)
-{
-#ifdef DEBUG_GPIO
- printf("%s: addr " TARGET_FMT_plx "\n", __func__, addr);
-#endif
-
- return 0;
-}
-
-static void ppc405_gpio_writew (void *opaque,
- hwaddr addr, uint32_t value)
-{
-#ifdef DEBUG_GPIO
- printf("%s: addr " TARGET_FMT_plx " val %08" PRIx32 "\n", __func__, addr,
- value);
-#endif
-}
-
-static uint32_t ppc405_gpio_readl (void *opaque, hwaddr addr)
-{
-#ifdef DEBUG_GPIO
- printf("%s: addr " TARGET_FMT_plx "\n", __func__, addr);
-#endif
-
- return 0;
-}
-
-static void ppc405_gpio_writel (void *opaque,
- hwaddr addr, uint32_t value)
-{
-#ifdef DEBUG_GPIO
- printf("%s: addr " TARGET_FMT_plx " val %08" PRIx32 "\n", __func__, addr,
- value);
-#endif
-}
-
-static const MemoryRegionOps ppc405_gpio_ops = {
- .old_mmio = {
- .read = { ppc405_gpio_readb, ppc405_gpio_readw, ppc405_gpio_readl, },
- .write = { ppc405_gpio_writeb, ppc405_gpio_writew, ppc405_gpio_writel, },
- },
- .endianness = DEVICE_NATIVE_ENDIAN,
-};
-
-static void ppc405_gpio_reset (void *opaque)
-{
-}
-
-static void ppc405_gpio_init(hwaddr base)
-{
- ppc405_gpio_t *gpio;
-
- gpio = g_malloc0(sizeof(ppc405_gpio_t));
-#ifdef DEBUG_GPIO
- printf("%s: offset " TARGET_FMT_plx "\n", __func__, base);
-#endif
- memory_region_init_io(&gpio->io, &ppc405_gpio_ops, gpio, "pgio", 0x038);
- memory_region_add_subregion(get_system_memory(), base, &gpio->io);
- qemu_register_reset(&ppc405_gpio_reset, gpio);
-}
-
-/*****************************************************************************/
-/* On Chip Memory */
-enum {
- OCM0_ISARC = 0x018,
- OCM0_ISACNTL = 0x019,
- OCM0_DSARC = 0x01A,
- OCM0_DSACNTL = 0x01B,
-};
-
-typedef struct ppc405_ocm_t ppc405_ocm_t;
-struct ppc405_ocm_t {
- MemoryRegion ram;
- MemoryRegion isarc_ram;
- MemoryRegion dsarc_ram;
- uint32_t isarc;
- uint32_t isacntl;
- uint32_t dsarc;
- uint32_t dsacntl;
-};
-
-static void ocm_update_mappings (ppc405_ocm_t *ocm,
- uint32_t isarc, uint32_t isacntl,
- uint32_t dsarc, uint32_t dsacntl)
-{
-#ifdef DEBUG_OCM
- printf("OCM update ISA %08" PRIx32 " %08" PRIx32 " (%08" PRIx32
- " %08" PRIx32 ") DSA %08" PRIx32 " %08" PRIx32
- " (%08" PRIx32 " %08" PRIx32 ")\n",
- isarc, isacntl, dsarc, dsacntl,
- ocm->isarc, ocm->isacntl, ocm->dsarc, ocm->dsacntl);
-#endif
- if (ocm->isarc != isarc ||
- (ocm->isacntl & 0x80000000) != (isacntl & 0x80000000)) {
- if (ocm->isacntl & 0x80000000) {
- /* Unmap previously assigned memory region */
- printf("OCM unmap ISA %08" PRIx32 "\n", ocm->isarc);
- memory_region_del_subregion(get_system_memory(), &ocm->isarc_ram);
- }
- if (isacntl & 0x80000000) {
- /* Map new instruction memory region */
-#ifdef DEBUG_OCM
- printf("OCM map ISA %08" PRIx32 "\n", isarc);
-#endif
- memory_region_add_subregion(get_system_memory(), isarc,
- &ocm->isarc_ram);
- }
- }
- if (ocm->dsarc != dsarc ||
- (ocm->dsacntl & 0x80000000) != (dsacntl & 0x80000000)) {
- if (ocm->dsacntl & 0x80000000) {
- /* Beware not to unmap the region we just mapped */
- if (!(isacntl & 0x80000000) || ocm->dsarc != isarc) {
- /* Unmap previously assigned memory region */
-#ifdef DEBUG_OCM
- printf("OCM unmap DSA %08" PRIx32 "\n", ocm->dsarc);
-#endif
- memory_region_del_subregion(get_system_memory(),
- &ocm->dsarc_ram);
- }
- }
- if (dsacntl & 0x80000000) {
- /* Beware not to remap the region we just mapped */
- if (!(isacntl & 0x80000000) || dsarc != isarc) {
- /* Map new data memory region */
-#ifdef DEBUG_OCM
- printf("OCM map DSA %08" PRIx32 "\n", dsarc);
-#endif
- memory_region_add_subregion(get_system_memory(), dsarc,
- &ocm->dsarc_ram);
- }
- }
- }
-}
-
-static uint32_t dcr_read_ocm (void *opaque, int dcrn)
-{
- ppc405_ocm_t *ocm;
- uint32_t ret;
-
- ocm = opaque;
- switch (dcrn) {
- case OCM0_ISARC:
- ret = ocm->isarc;
- break;
- case OCM0_ISACNTL:
- ret = ocm->isacntl;
- break;
- case OCM0_DSARC:
- ret = ocm->dsarc;
- break;
- case OCM0_DSACNTL:
- ret = ocm->dsacntl;
- break;
- default:
- ret = 0;
- break;
- }
-
- return ret;
-}
-
-static void dcr_write_ocm (void *opaque, int dcrn, uint32_t val)
-{
- ppc405_ocm_t *ocm;
- uint32_t isarc, dsarc, isacntl, dsacntl;
-
- ocm = opaque;
- isarc = ocm->isarc;
- dsarc = ocm->dsarc;
- isacntl = ocm->isacntl;
- dsacntl = ocm->dsacntl;
- switch (dcrn) {
- case OCM0_ISARC:
- isarc = val & 0xFC000000;
- break;
- case OCM0_ISACNTL:
- isacntl = val & 0xC0000000;
- break;
- case OCM0_DSARC:
- isarc = val & 0xFC000000;
- break;
- case OCM0_DSACNTL:
- isacntl = val & 0xC0000000;
- break;
- }
- ocm_update_mappings(ocm, isarc, isacntl, dsarc, dsacntl);
- ocm->isarc = isarc;
- ocm->dsarc = dsarc;
- ocm->isacntl = isacntl;
- ocm->dsacntl = dsacntl;
-}
-
-static void ocm_reset (void *opaque)
-{
- ppc405_ocm_t *ocm;
- uint32_t isarc, dsarc, isacntl, dsacntl;
-
- ocm = opaque;
- isarc = 0x00000000;
- isacntl = 0x00000000;
- dsarc = 0x00000000;
- dsacntl = 0x00000000;
- ocm_update_mappings(ocm, isarc, isacntl, dsarc, dsacntl);
- ocm->isarc = isarc;
- ocm->dsarc = dsarc;
- ocm->isacntl = isacntl;
- ocm->dsacntl = dsacntl;
-}
-
-static void ppc405_ocm_init(CPUPPCState *env)
-{
- ppc405_ocm_t *ocm;
-
- ocm = g_malloc0(sizeof(ppc405_ocm_t));
- /* XXX: Size is 4096 or 0x04000000 */
- memory_region_init_ram(&ocm->isarc_ram, "ppc405.ocm", 4096);
- vmstate_register_ram_global(&ocm->isarc_ram);
- memory_region_init_alias(&ocm->dsarc_ram, "ppc405.dsarc", &ocm->isarc_ram,
- 0, 4096);
- qemu_register_reset(&ocm_reset, ocm);
- ppc_dcr_register(env, OCM0_ISARC,
- ocm, &dcr_read_ocm, &dcr_write_ocm);
- ppc_dcr_register(env, OCM0_ISACNTL,
- ocm, &dcr_read_ocm, &dcr_write_ocm);
- ppc_dcr_register(env, OCM0_DSARC,
- ocm, &dcr_read_ocm, &dcr_write_ocm);
- ppc_dcr_register(env, OCM0_DSACNTL,
- ocm, &dcr_read_ocm, &dcr_write_ocm);
-}
-
-/*****************************************************************************/
-/* I2C controller */
-typedef struct ppc4xx_i2c_t ppc4xx_i2c_t;
-struct ppc4xx_i2c_t {
- qemu_irq irq;
- MemoryRegion iomem;
- uint8_t mdata;
- uint8_t lmadr;
- uint8_t hmadr;
- uint8_t cntl;
- uint8_t mdcntl;
- uint8_t sts;
- uint8_t extsts;
- uint8_t sdata;
- uint8_t lsadr;
- uint8_t hsadr;
- uint8_t clkdiv;
- uint8_t intrmsk;
- uint8_t xfrcnt;
- uint8_t xtcntlss;
- uint8_t directcntl;
-};
-
-static uint32_t ppc4xx_i2c_readb (void *opaque, hwaddr addr)
-{
- ppc4xx_i2c_t *i2c;
- uint32_t ret;
-
-#ifdef DEBUG_I2C
- printf("%s: addr " TARGET_FMT_plx "\n", __func__, addr);
-#endif
- i2c = opaque;
- switch (addr) {
- case 0x00:
- // i2c_readbyte(&i2c->mdata);
- ret = i2c->mdata;
- break;
- case 0x02:
- ret = i2c->sdata;
- break;
- case 0x04:
- ret = i2c->lmadr;
- break;
- case 0x05:
- ret = i2c->hmadr;
- break;
- case 0x06:
- ret = i2c->cntl;
- break;
- case 0x07:
- ret = i2c->mdcntl;
- break;
- case 0x08:
- ret = i2c->sts;
- break;
- case 0x09:
- ret = i2c->extsts;
- break;
- case 0x0A:
- ret = i2c->lsadr;
- break;
- case 0x0B:
- ret = i2c->hsadr;
- break;
- case 0x0C:
- ret = i2c->clkdiv;
- break;
- case 0x0D:
- ret = i2c->intrmsk;
- break;
- case 0x0E:
- ret = i2c->xfrcnt;
- break;
- case 0x0F:
- ret = i2c->xtcntlss;
- break;
- case 0x10:
- ret = i2c->directcntl;
- break;
- default:
- ret = 0x00;
- break;
- }
-#ifdef DEBUG_I2C
- printf("%s: addr " TARGET_FMT_plx " %02" PRIx32 "\n", __func__, addr, ret);
-#endif
-
- return ret;
-}
-
-static void ppc4xx_i2c_writeb (void *opaque,
- hwaddr addr, uint32_t value)
-{
- ppc4xx_i2c_t *i2c;
-
-#ifdef DEBUG_I2C
- printf("%s: addr " TARGET_FMT_plx " val %08" PRIx32 "\n", __func__, addr,
- value);
-#endif
- i2c = opaque;
- switch (addr) {
- case 0x00:
- i2c->mdata = value;
- // i2c_sendbyte(&i2c->mdata);
- break;
- case 0x02:
- i2c->sdata = value;
- break;
- case 0x04:
- i2c->lmadr = value;
- break;
- case 0x05:
- i2c->hmadr = value;
- break;
- case 0x06:
- i2c->cntl = value;
- break;
- case 0x07:
- i2c->mdcntl = value & 0xDF;
- break;
- case 0x08:
- i2c->sts &= ~(value & 0x0A);
- break;
- case 0x09:
- i2c->extsts &= ~(value & 0x8F);
- break;
- case 0x0A:
- i2c->lsadr = value;
- break;
- case 0x0B:
- i2c->hsadr = value;
- break;
- case 0x0C:
- i2c->clkdiv = value;
- break;
- case 0x0D:
- i2c->intrmsk = value;
- break;
- case 0x0E:
- i2c->xfrcnt = value & 0x77;
- break;
- case 0x0F:
- i2c->xtcntlss = value;
- break;
- case 0x10:
- i2c->directcntl = value & 0x7;
- break;
- }
-}
-
-static uint32_t ppc4xx_i2c_readw (void *opaque, hwaddr addr)
-{
- uint32_t ret;
-
-#ifdef DEBUG_I2C
- printf("%s: addr " TARGET_FMT_plx "\n", __func__, addr);
-#endif
- ret = ppc4xx_i2c_readb(opaque, addr) << 8;
- ret |= ppc4xx_i2c_readb(opaque, addr + 1);
-
- return ret;
-}
-
-static void ppc4xx_i2c_writew (void *opaque,
- hwaddr addr, uint32_t value)
-{
-#ifdef DEBUG_I2C
- printf("%s: addr " TARGET_FMT_plx " val %08" PRIx32 "\n", __func__, addr,
- value);
-#endif
- ppc4xx_i2c_writeb(opaque, addr, value >> 8);
- ppc4xx_i2c_writeb(opaque, addr + 1, value);
-}
-
-static uint32_t ppc4xx_i2c_readl (void *opaque, hwaddr addr)
-{
- uint32_t ret;
-
-#ifdef DEBUG_I2C
- printf("%s: addr " TARGET_FMT_plx "\n", __func__, addr);
-#endif
- ret = ppc4xx_i2c_readb(opaque, addr) << 24;
- ret |= ppc4xx_i2c_readb(opaque, addr + 1) << 16;
- ret |= ppc4xx_i2c_readb(opaque, addr + 2) << 8;
- ret |= ppc4xx_i2c_readb(opaque, addr + 3);
-
- return ret;
-}
-
-static void ppc4xx_i2c_writel (void *opaque,
- hwaddr addr, uint32_t value)
-{
-#ifdef DEBUG_I2C
- printf("%s: addr " TARGET_FMT_plx " val %08" PRIx32 "\n", __func__, addr,
- value);
-#endif
- ppc4xx_i2c_writeb(opaque, addr, value >> 24);
- ppc4xx_i2c_writeb(opaque, addr + 1, value >> 16);
- ppc4xx_i2c_writeb(opaque, addr + 2, value >> 8);
- ppc4xx_i2c_writeb(opaque, addr + 3, value);
-}
-
-static const MemoryRegionOps i2c_ops = {
- .old_mmio = {
- .read = { ppc4xx_i2c_readb, ppc4xx_i2c_readw, ppc4xx_i2c_readl, },
- .write = { ppc4xx_i2c_writeb, ppc4xx_i2c_writew, ppc4xx_i2c_writel, },
- },
- .endianness = DEVICE_NATIVE_ENDIAN,
-};
-
-static void ppc4xx_i2c_reset (void *opaque)
-{
- ppc4xx_i2c_t *i2c;
-
- i2c = opaque;
- i2c->mdata = 0x00;
- i2c->sdata = 0x00;
- i2c->cntl = 0x00;
- i2c->mdcntl = 0x00;
- i2c->sts = 0x00;
- i2c->extsts = 0x00;
- i2c->clkdiv = 0x00;
- i2c->xfrcnt = 0x00;
- i2c->directcntl = 0x0F;
-}
-
-static void ppc405_i2c_init(hwaddr base, qemu_irq irq)
-{
- ppc4xx_i2c_t *i2c;
-
- i2c = g_malloc0(sizeof(ppc4xx_i2c_t));
- i2c->irq = irq;
-#ifdef DEBUG_I2C
- printf("%s: offset " TARGET_FMT_plx "\n", __func__, base);
-#endif
- memory_region_init_io(&i2c->iomem, &i2c_ops, i2c, "i2c", 0x011);
- memory_region_add_subregion(get_system_memory(), base, &i2c->iomem);
- qemu_register_reset(ppc4xx_i2c_reset, i2c);
-}
-
-/*****************************************************************************/
-/* General purpose timers */
-typedef struct ppc4xx_gpt_t ppc4xx_gpt_t;
-struct ppc4xx_gpt_t {
- MemoryRegion iomem;
- int64_t tb_offset;
- uint32_t tb_freq;
- struct QEMUTimer *timer;
- qemu_irq irqs[5];
- uint32_t oe;
- uint32_t ol;
- uint32_t im;
- uint32_t is;
- uint32_t ie;
- uint32_t comp[5];
- uint32_t mask[5];
-};
-
-static uint32_t ppc4xx_gpt_readb (void *opaque, hwaddr addr)
-{
-#ifdef DEBUG_GPT
- printf("%s: addr " TARGET_FMT_plx "\n", __func__, addr);
-#endif
- /* XXX: generate a bus fault */
- return -1;
-}
-
-static void ppc4xx_gpt_writeb (void *opaque,
- hwaddr addr, uint32_t value)
-{
-#ifdef DEBUG_I2C
- printf("%s: addr " TARGET_FMT_plx " val %08" PRIx32 "\n", __func__, addr,
- value);
-#endif
- /* XXX: generate a bus fault */
-}
-
-static uint32_t ppc4xx_gpt_readw (void *opaque, hwaddr addr)
-{
-#ifdef DEBUG_GPT
- printf("%s: addr " TARGET_FMT_plx "\n", __func__, addr);
-#endif
- /* XXX: generate a bus fault */
- return -1;
-}
-
-static void ppc4xx_gpt_writew (void *opaque,
- hwaddr addr, uint32_t value)
-{
-#ifdef DEBUG_I2C
- printf("%s: addr " TARGET_FMT_plx " val %08" PRIx32 "\n", __func__, addr,
- value);
-#endif
- /* XXX: generate a bus fault */
-}
-
-static int ppc4xx_gpt_compare (ppc4xx_gpt_t *gpt, int n)
-{
- /* XXX: TODO */
- return 0;
-}
-
-static void ppc4xx_gpt_set_output (ppc4xx_gpt_t *gpt, int n, int level)
-{
- /* XXX: TODO */
-}
-
-static void ppc4xx_gpt_set_outputs (ppc4xx_gpt_t *gpt)
-{
- uint32_t mask;
- int i;
-
- mask = 0x80000000;
- for (i = 0; i < 5; i++) {
- if (gpt->oe & mask) {
- /* Output is enabled */
- if (ppc4xx_gpt_compare(gpt, i)) {
- /* Comparison is OK */
- ppc4xx_gpt_set_output(gpt, i, gpt->ol & mask);
- } else {
- /* Comparison is KO */
- ppc4xx_gpt_set_output(gpt, i, gpt->ol & mask ? 0 : 1);
- }
- }
- mask = mask >> 1;
- }
-}
-
-static void ppc4xx_gpt_set_irqs (ppc4xx_gpt_t *gpt)
-{
- uint32_t mask;
- int i;
-
- mask = 0x00008000;
- for (i = 0; i < 5; i++) {
- if (gpt->is & gpt->im & mask)
- qemu_irq_raise(gpt->irqs[i]);
- else
- qemu_irq_lower(gpt->irqs[i]);
- mask = mask >> 1;
- }
-}
-
-static void ppc4xx_gpt_compute_timer (ppc4xx_gpt_t *gpt)
-{
- /* XXX: TODO */
-}
-
-static uint32_t ppc4xx_gpt_readl (void *opaque, hwaddr addr)
-{
- ppc4xx_gpt_t *gpt;
- uint32_t ret;
- int idx;
-
-#ifdef DEBUG_GPT
- printf("%s: addr " TARGET_FMT_plx "\n", __func__, addr);
-#endif
- gpt = opaque;
- switch (addr) {
- case 0x00:
- /* Time base counter */
- ret = muldiv64(qemu_get_clock_ns(vm_clock) + gpt->tb_offset,
- gpt->tb_freq, get_ticks_per_sec());
- break;
- case 0x10:
- /* Output enable */
- ret = gpt->oe;
- break;
- case 0x14:
- /* Output level */
- ret = gpt->ol;
- break;
- case 0x18:
- /* Interrupt mask */
- ret = gpt->im;
- break;
- case 0x1C:
- case 0x20:
- /* Interrupt status */
- ret = gpt->is;
- break;
- case 0x24:
- /* Interrupt enable */
- ret = gpt->ie;
- break;
- case 0x80 ... 0x90:
- /* Compare timer */
- idx = (addr - 0x80) >> 2;
- ret = gpt->comp[idx];
- break;
- case 0xC0 ... 0xD0:
- /* Compare mask */
- idx = (addr - 0xC0) >> 2;
- ret = gpt->mask[idx];
- break;
- default:
- ret = -1;
- break;
- }
-
- return ret;
-}
-
-static void ppc4xx_gpt_writel (void *opaque,
- hwaddr addr, uint32_t value)
-{
- ppc4xx_gpt_t *gpt;
- int idx;
-
-#ifdef DEBUG_I2C
- printf("%s: addr " TARGET_FMT_plx " val %08" PRIx32 "\n", __func__, addr,
- value);
-#endif
- gpt = opaque;
- switch (addr) {
- case 0x00:
- /* Time base counter */
- gpt->tb_offset = muldiv64(value, get_ticks_per_sec(), gpt->tb_freq)
- - qemu_get_clock_ns(vm_clock);
- ppc4xx_gpt_compute_timer(gpt);
- break;
- case 0x10:
- /* Output enable */
- gpt->oe = value & 0xF8000000;
- ppc4xx_gpt_set_outputs(gpt);
- break;
- case 0x14:
- /* Output level */
- gpt->ol = value & 0xF8000000;
- ppc4xx_gpt_set_outputs(gpt);
- break;
- case 0x18:
- /* Interrupt mask */
- gpt->im = value & 0x0000F800;
- break;
- case 0x1C:
- /* Interrupt status set */
- gpt->is |= value & 0x0000F800;
- ppc4xx_gpt_set_irqs(gpt);
- break;
- case 0x20:
- /* Interrupt status clear */
- gpt->is &= ~(value & 0x0000F800);
- ppc4xx_gpt_set_irqs(gpt);
- break;
- case 0x24:
- /* Interrupt enable */
- gpt->ie = value & 0x0000F800;
- ppc4xx_gpt_set_irqs(gpt);
- break;
- case 0x80 ... 0x90:
- /* Compare timer */
- idx = (addr - 0x80) >> 2;
- gpt->comp[idx] = value & 0xF8000000;
- ppc4xx_gpt_compute_timer(gpt);
- break;
- case 0xC0 ... 0xD0:
- /* Compare mask */
- idx = (addr - 0xC0) >> 2;
- gpt->mask[idx] = value & 0xF8000000;
- ppc4xx_gpt_compute_timer(gpt);
- break;
- }
-}
-
-static const MemoryRegionOps gpt_ops = {
- .old_mmio = {
- .read = { ppc4xx_gpt_readb, ppc4xx_gpt_readw, ppc4xx_gpt_readl, },
- .write = { ppc4xx_gpt_writeb, ppc4xx_gpt_writew, ppc4xx_gpt_writel, },
- },
- .endianness = DEVICE_NATIVE_ENDIAN,
-};
-
-static void ppc4xx_gpt_cb (void *opaque)
-{
- ppc4xx_gpt_t *gpt;
-
- gpt = opaque;
- ppc4xx_gpt_set_irqs(gpt);
- ppc4xx_gpt_set_outputs(gpt);
- ppc4xx_gpt_compute_timer(gpt);
-}
-
-static void ppc4xx_gpt_reset (void *opaque)
-{
- ppc4xx_gpt_t *gpt;
- int i;
-
- gpt = opaque;
- qemu_del_timer(gpt->timer);
- gpt->oe = 0x00000000;
- gpt->ol = 0x00000000;
- gpt->im = 0x00000000;
- gpt->is = 0x00000000;
- gpt->ie = 0x00000000;
- for (i = 0; i < 5; i++) {
- gpt->comp[i] = 0x00000000;
- gpt->mask[i] = 0x00000000;
- }
-}
-
-static void ppc4xx_gpt_init(hwaddr base, qemu_irq irqs[5])
-{
- ppc4xx_gpt_t *gpt;
- int i;
-
- gpt = g_malloc0(sizeof(ppc4xx_gpt_t));
- for (i = 0; i < 5; i++) {
- gpt->irqs[i] = irqs[i];
- }
- gpt->timer = qemu_new_timer_ns(vm_clock, &ppc4xx_gpt_cb, gpt);
-#ifdef DEBUG_GPT
- printf("%s: offset " TARGET_FMT_plx "\n", __func__, base);
-#endif
- memory_region_init_io(&gpt->iomem, &gpt_ops, gpt, "gpt", 0x0d4);
- memory_region_add_subregion(get_system_memory(), base, &gpt->iomem);
- qemu_register_reset(ppc4xx_gpt_reset, gpt);
-}
-
-/*****************************************************************************/
-/* MAL */
-enum {
- MAL0_CFG = 0x180,
- MAL0_ESR = 0x181,
- MAL0_IER = 0x182,
- MAL0_TXCASR = 0x184,
- MAL0_TXCARR = 0x185,
- MAL0_TXEOBISR = 0x186,
- MAL0_TXDEIR = 0x187,
- MAL0_RXCASR = 0x190,
- MAL0_RXCARR = 0x191,
- MAL0_RXEOBISR = 0x192,
- MAL0_RXDEIR = 0x193,
- MAL0_TXCTP0R = 0x1A0,
- MAL0_TXCTP1R = 0x1A1,
- MAL0_TXCTP2R = 0x1A2,
- MAL0_TXCTP3R = 0x1A3,
- MAL0_RXCTP0R = 0x1C0,
- MAL0_RXCTP1R = 0x1C1,
- MAL0_RCBS0 = 0x1E0,
- MAL0_RCBS1 = 0x1E1,
-};
-
-typedef struct ppc40x_mal_t ppc40x_mal_t;
-struct ppc40x_mal_t {
- qemu_irq irqs[4];
- uint32_t cfg;
- uint32_t esr;
- uint32_t ier;
- uint32_t txcasr;
- uint32_t txcarr;
- uint32_t txeobisr;
- uint32_t txdeir;
- uint32_t rxcasr;
- uint32_t rxcarr;
- uint32_t rxeobisr;
- uint32_t rxdeir;
- uint32_t txctpr[4];
- uint32_t rxctpr[2];
- uint32_t rcbs[2];
-};
-
-static void ppc40x_mal_reset (void *opaque);
-
-static uint32_t dcr_read_mal (void *opaque, int dcrn)
-{
- ppc40x_mal_t *mal;
- uint32_t ret;
-
- mal = opaque;
- switch (dcrn) {
- case MAL0_CFG:
- ret = mal->cfg;
- break;
- case MAL0_ESR:
- ret = mal->esr;
- break;
- case MAL0_IER:
- ret = mal->ier;
- break;
- case MAL0_TXCASR:
- ret = mal->txcasr;
- break;
- case MAL0_TXCARR:
- ret = mal->txcarr;
- break;
- case MAL0_TXEOBISR:
- ret = mal->txeobisr;
- break;
- case MAL0_TXDEIR:
- ret = mal->txdeir;
- break;
- case MAL0_RXCASR:
- ret = mal->rxcasr;
- break;
- case MAL0_RXCARR:
- ret = mal->rxcarr;
- break;
- case MAL0_RXEOBISR:
- ret = mal->rxeobisr;
- break;
- case MAL0_RXDEIR:
- ret = mal->rxdeir;
- break;
- case MAL0_TXCTP0R:
- ret = mal->txctpr[0];
- break;
- case MAL0_TXCTP1R:
- ret = mal->txctpr[1];
- break;
- case MAL0_TXCTP2R:
- ret = mal->txctpr[2];
- break;
- case MAL0_TXCTP3R:
- ret = mal->txctpr[3];
- break;
- case MAL0_RXCTP0R:
- ret = mal->rxctpr[0];
- break;
- case MAL0_RXCTP1R:
- ret = mal->rxctpr[1];
- break;
- case MAL0_RCBS0:
- ret = mal->rcbs[0];
- break;
- case MAL0_RCBS1:
- ret = mal->rcbs[1];
- break;
- default:
- ret = 0;
- break;
- }
-
- return ret;
-}
-
-static void dcr_write_mal (void *opaque, int dcrn, uint32_t val)
-{
- ppc40x_mal_t *mal;
- int idx;
-
- mal = opaque;
- switch (dcrn) {
- case MAL0_CFG:
- if (val & 0x80000000)
- ppc40x_mal_reset(mal);
- mal->cfg = val & 0x00FFC087;
- break;
- case MAL0_ESR:
- /* Read/clear */
- mal->esr &= ~val;
- break;
- case MAL0_IER:
- mal->ier = val & 0x0000001F;
- break;
- case MAL0_TXCASR:
- mal->txcasr = val & 0xF0000000;
- break;
- case MAL0_TXCARR:
- mal->txcarr = val & 0xF0000000;
- break;
- case MAL0_TXEOBISR:
- /* Read/clear */
- mal->txeobisr &= ~val;
- break;
- case MAL0_TXDEIR:
- /* Read/clear */
- mal->txdeir &= ~val;
- break;
- case MAL0_RXCASR:
- mal->rxcasr = val & 0xC0000000;
- break;
- case MAL0_RXCARR:
- mal->rxcarr = val & 0xC0000000;
- break;
- case MAL0_RXEOBISR:
- /* Read/clear */
- mal->rxeobisr &= ~val;
- break;
- case MAL0_RXDEIR:
- /* Read/clear */
- mal->rxdeir &= ~val;
- break;
- case MAL0_TXCTP0R:
- idx = 0;
- goto update_tx_ptr;
- case MAL0_TXCTP1R:
- idx = 1;
- goto update_tx_ptr;
- case MAL0_TXCTP2R:
- idx = 2;
- goto update_tx_ptr;
- case MAL0_TXCTP3R:
- idx = 3;
- update_tx_ptr:
- mal->txctpr[idx] = val;
- break;
- case MAL0_RXCTP0R:
- idx = 0;
- goto update_rx_ptr;
- case MAL0_RXCTP1R:
- idx = 1;
- update_rx_ptr:
- mal->rxctpr[idx] = val;
- break;
- case MAL0_RCBS0:
- idx = 0;
- goto update_rx_size;
- case MAL0_RCBS1:
- idx = 1;
- update_rx_size:
- mal->rcbs[idx] = val & 0x000000FF;
- break;
- }
-}
-
-static void ppc40x_mal_reset (void *opaque)
-{
- ppc40x_mal_t *mal;
-
- mal = opaque;
- mal->cfg = 0x0007C000;
- mal->esr = 0x00000000;
- mal->ier = 0x00000000;
- mal->rxcasr = 0x00000000;
- mal->rxdeir = 0x00000000;
- mal->rxeobisr = 0x00000000;
- mal->txcasr = 0x00000000;
- mal->txdeir = 0x00000000;
- mal->txeobisr = 0x00000000;
-}
-
-static void ppc405_mal_init(CPUPPCState *env, qemu_irq irqs[4])
-{
- ppc40x_mal_t *mal;
- int i;
-
- mal = g_malloc0(sizeof(ppc40x_mal_t));
- for (i = 0; i < 4; i++)
- mal->irqs[i] = irqs[i];
- qemu_register_reset(&ppc40x_mal_reset, mal);
- ppc_dcr_register(env, MAL0_CFG,
- mal, &dcr_read_mal, &dcr_write_mal);
- ppc_dcr_register(env, MAL0_ESR,
- mal, &dcr_read_mal, &dcr_write_mal);
- ppc_dcr_register(env, MAL0_IER,
- mal, &dcr_read_mal, &dcr_write_mal);
- ppc_dcr_register(env, MAL0_TXCASR,
- mal, &dcr_read_mal, &dcr_write_mal);
- ppc_dcr_register(env, MAL0_TXCARR,
- mal, &dcr_read_mal, &dcr_write_mal);
- ppc_dcr_register(env, MAL0_TXEOBISR,
- mal, &dcr_read_mal, &dcr_write_mal);
- ppc_dcr_register(env, MAL0_TXDEIR,
- mal, &dcr_read_mal, &dcr_write_mal);
- ppc_dcr_register(env, MAL0_RXCASR,
- mal, &dcr_read_mal, &dcr_write_mal);
- ppc_dcr_register(env, MAL0_RXCARR,
- mal, &dcr_read_mal, &dcr_write_mal);
- ppc_dcr_register(env, MAL0_RXEOBISR,
- mal, &dcr_read_mal, &dcr_write_mal);
- ppc_dcr_register(env, MAL0_RXDEIR,
- mal, &dcr_read_mal, &dcr_write_mal);
- ppc_dcr_register(env, MAL0_TXCTP0R,
- mal, &dcr_read_mal, &dcr_write_mal);
- ppc_dcr_register(env, MAL0_TXCTP1R,
- mal, &dcr_read_mal, &dcr_write_mal);
- ppc_dcr_register(env, MAL0_TXCTP2R,
- mal, &dcr_read_mal, &dcr_write_mal);
- ppc_dcr_register(env, MAL0_TXCTP3R,
- mal, &dcr_read_mal, &dcr_write_mal);
- ppc_dcr_register(env, MAL0_RXCTP0R,
- mal, &dcr_read_mal, &dcr_write_mal);
- ppc_dcr_register(env, MAL0_RXCTP1R,
- mal, &dcr_read_mal, &dcr_write_mal);
- ppc_dcr_register(env, MAL0_RCBS0,
- mal, &dcr_read_mal, &dcr_write_mal);
- ppc_dcr_register(env, MAL0_RCBS1,
- mal, &dcr_read_mal, &dcr_write_mal);
-}
-
-/*****************************************************************************/
-/* SPR */
-void ppc40x_core_reset (CPUPPCState *env)
-{
- target_ulong dbsr;
-
- printf("Reset PowerPC core\n");
- cpu_interrupt(env, CPU_INTERRUPT_RESET);
- dbsr = env->spr[SPR_40x_DBSR];
- dbsr &= ~0x00000300;
- dbsr |= 0x00000100;
- env->spr[SPR_40x_DBSR] = dbsr;
-}
-
-void ppc40x_chip_reset (CPUPPCState *env)
-{
- target_ulong dbsr;
-
- printf("Reset PowerPC chip\n");
- cpu_interrupt(env, CPU_INTERRUPT_RESET);
- /* XXX: TODO reset all internal peripherals */
- dbsr = env->spr[SPR_40x_DBSR];
- dbsr &= ~0x00000300;
- dbsr |= 0x00000200;
- env->spr[SPR_40x_DBSR] = dbsr;
-}
-
-void ppc40x_system_reset (CPUPPCState *env)
-{
- printf("Reset PowerPC system\n");
- qemu_system_reset_request();
-}
-
-void store_40x_dbcr0 (CPUPPCState *env, uint32_t val)
-{
- switch ((val >> 28) & 0x3) {
- case 0x0:
- /* No action */
- break;
- case 0x1:
- /* Core reset */
- ppc40x_core_reset(env);
- break;
- case 0x2:
- /* Chip reset */
- ppc40x_chip_reset(env);
- break;
- case 0x3:
- /* System reset */
- ppc40x_system_reset(env);
- break;
- }
-}
-
-/*****************************************************************************/
-/* PowerPC 405CR */
-enum {
- PPC405CR_CPC0_PLLMR = 0x0B0,
- PPC405CR_CPC0_CR0 = 0x0B1,
- PPC405CR_CPC0_CR1 = 0x0B2,
- PPC405CR_CPC0_PSR = 0x0B4,
- PPC405CR_CPC0_JTAGID = 0x0B5,
- PPC405CR_CPC0_ER = 0x0B9,
- PPC405CR_CPC0_FR = 0x0BA,
- PPC405CR_CPC0_SR = 0x0BB,
-};
-
-enum {
- PPC405CR_CPU_CLK = 0,
- PPC405CR_TMR_CLK = 1,
- PPC405CR_PLB_CLK = 2,
- PPC405CR_SDRAM_CLK = 3,
- PPC405CR_OPB_CLK = 4,
- PPC405CR_EXT_CLK = 5,
- PPC405CR_UART_CLK = 6,
- PPC405CR_CLK_NB = 7,
-};
-
-typedef struct ppc405cr_cpc_t ppc405cr_cpc_t;
-struct ppc405cr_cpc_t {
- clk_setup_t clk_setup[PPC405CR_CLK_NB];
- uint32_t sysclk;
- uint32_t psr;
- uint32_t cr0;
- uint32_t cr1;
- uint32_t jtagid;
- uint32_t pllmr;
- uint32_t er;
- uint32_t fr;
-};
-
-static void ppc405cr_clk_setup (ppc405cr_cpc_t *cpc)
-{
- uint64_t VCO_out, PLL_out;
- uint32_t CPU_clk, TMR_clk, SDRAM_clk, PLB_clk, OPB_clk, EXT_clk, UART_clk;
- int M, D0, D1, D2;
-
- D0 = ((cpc->pllmr >> 26) & 0x3) + 1; /* CBDV */
- if (cpc->pllmr & 0x80000000) {
- D1 = (((cpc->pllmr >> 20) - 1) & 0xF) + 1; /* FBDV */
- D2 = 8 - ((cpc->pllmr >> 16) & 0x7); /* FWDVA */
- M = D0 * D1 * D2;
- VCO_out = cpc->sysclk * M;
- if (VCO_out < 400000000 || VCO_out > 800000000) {
- /* PLL cannot lock */
- cpc->pllmr &= ~0x80000000;
- goto bypass_pll;
- }
- PLL_out = VCO_out / D2;
- } else {
- /* Bypass PLL */
- bypass_pll:
- M = D0;
- PLL_out = cpc->sysclk * M;
- }
- CPU_clk = PLL_out;
- if (cpc->cr1 & 0x00800000)
- TMR_clk = cpc->sysclk; /* Should have a separate clock */
- else
- TMR_clk = CPU_clk;
- PLB_clk = CPU_clk / D0;
- SDRAM_clk = PLB_clk;
- D0 = ((cpc->pllmr >> 10) & 0x3) + 1;
- OPB_clk = PLB_clk / D0;
- D0 = ((cpc->pllmr >> 24) & 0x3) + 2;
- EXT_clk = PLB_clk / D0;
- D0 = ((cpc->cr0 >> 1) & 0x1F) + 1;
- UART_clk = CPU_clk / D0;
- /* Setup CPU clocks */
- clk_setup(&cpc->clk_setup[PPC405CR_CPU_CLK], CPU_clk);
- /* Setup time-base clock */
- clk_setup(&cpc->clk_setup[PPC405CR_TMR_CLK], TMR_clk);
- /* Setup PLB clock */
- clk_setup(&cpc->clk_setup[PPC405CR_PLB_CLK], PLB_clk);
- /* Setup SDRAM clock */
- clk_setup(&cpc->clk_setup[PPC405CR_SDRAM_CLK], SDRAM_clk);
- /* Setup OPB clock */
- clk_setup(&cpc->clk_setup[PPC405CR_OPB_CLK], OPB_clk);
- /* Setup external clock */
- clk_setup(&cpc->clk_setup[PPC405CR_EXT_CLK], EXT_clk);
- /* Setup UART clock */
- clk_setup(&cpc->clk_setup[PPC405CR_UART_CLK], UART_clk);
-}
-
-static uint32_t dcr_read_crcpc (void *opaque, int dcrn)
-{
- ppc405cr_cpc_t *cpc;
- uint32_t ret;
-
- cpc = opaque;
- switch (dcrn) {
- case PPC405CR_CPC0_PLLMR:
- ret = cpc->pllmr;
- break;
- case PPC405CR_CPC0_CR0:
- ret = cpc->cr0;
- break;
- case PPC405CR_CPC0_CR1:
- ret = cpc->cr1;
- break;
- case PPC405CR_CPC0_PSR:
- ret = cpc->psr;
- break;
- case PPC405CR_CPC0_JTAGID:
- ret = cpc->jtagid;
- break;
- case PPC405CR_CPC0_ER:
- ret = cpc->er;
- break;
- case PPC405CR_CPC0_FR:
- ret = cpc->fr;
- break;
- case PPC405CR_CPC0_SR:
- ret = ~(cpc->er | cpc->fr) & 0xFFFF0000;
- break;
- default:
- /* Avoid gcc warning */
- ret = 0;
- break;
- }
-
- return ret;
-}
-
-static void dcr_write_crcpc (void *opaque, int dcrn, uint32_t val)
-{
- ppc405cr_cpc_t *cpc;
-
- cpc = opaque;
- switch (dcrn) {
- case PPC405CR_CPC0_PLLMR:
- cpc->pllmr = val & 0xFFF77C3F;
- break;
- case PPC405CR_CPC0_CR0:
- cpc->cr0 = val & 0x0FFFFFFE;
- break;
- case PPC405CR_CPC0_CR1:
- cpc->cr1 = val & 0x00800000;
- break;
- case PPC405CR_CPC0_PSR:
- /* Read-only */
- break;
- case PPC405CR_CPC0_JTAGID:
- /* Read-only */
- break;
- case PPC405CR_CPC0_ER:
- cpc->er = val & 0xBFFC0000;
- break;
- case PPC405CR_CPC0_FR:
- cpc->fr = val & 0xBFFC0000;
- break;
- case PPC405CR_CPC0_SR:
- /* Read-only */
- break;
- }
-}
-
-static void ppc405cr_cpc_reset (void *opaque)
-{
- ppc405cr_cpc_t *cpc;
- int D;
-
- cpc = opaque;
- /* Compute PLLMR value from PSR settings */
- cpc->pllmr = 0x80000000;
- /* PFWD */
- switch ((cpc->psr >> 30) & 3) {
- case 0:
- /* Bypass */
- cpc->pllmr &= ~0x80000000;
- break;
- case 1:
- /* Divide by 3 */
- cpc->pllmr |= 5 << 16;
- break;
- case 2:
- /* Divide by 4 */
- cpc->pllmr |= 4 << 16;
- break;
- case 3:
- /* Divide by 6 */
- cpc->pllmr |= 2 << 16;
- break;
- }
- /* PFBD */
- D = (cpc->psr >> 28) & 3;
- cpc->pllmr |= (D + 1) << 20;
- /* PT */
- D = (cpc->psr >> 25) & 7;
- switch (D) {
- case 0x2:
- cpc->pllmr |= 0x13;
- break;
- case 0x4:
- cpc->pllmr |= 0x15;
- break;
- case 0x5:
- cpc->pllmr |= 0x16;
- break;
- default:
- break;
- }
- /* PDC */
- D = (cpc->psr >> 23) & 3;
- cpc->pllmr |= D << 26;
- /* ODP */
- D = (cpc->psr >> 21) & 3;
- cpc->pllmr |= D << 10;
- /* EBPD */
- D = (cpc->psr >> 17) & 3;
- cpc->pllmr |= D << 24;
- cpc->cr0 = 0x0000003C;
- cpc->cr1 = 0x2B0D8800;
- cpc->er = 0x00000000;
- cpc->fr = 0x00000000;
- ppc405cr_clk_setup(cpc);
-}
-
-static void ppc405cr_clk_init (ppc405cr_cpc_t *cpc)
-{
- int D;
-
- /* XXX: this should be read from IO pins */
- cpc->psr = 0x00000000; /* 8 bits ROM */
- /* PFWD */
- D = 0x2; /* Divide by 4 */
- cpc->psr |= D << 30;
- /* PFBD */
- D = 0x1; /* Divide by 2 */
- cpc->psr |= D << 28;
- /* PDC */
- D = 0x1; /* Divide by 2 */
- cpc->psr |= D << 23;
- /* PT */
- D = 0x5; /* M = 16 */
- cpc->psr |= D << 25;
- /* ODP */
- D = 0x1; /* Divide by 2 */
- cpc->psr |= D << 21;
- /* EBDP */
- D = 0x2; /* Divide by 4 */
- cpc->psr |= D << 17;
-}
-
-static void ppc405cr_cpc_init (CPUPPCState *env, clk_setup_t clk_setup[7],
- uint32_t sysclk)
-{
- ppc405cr_cpc_t *cpc;
-
- cpc = g_malloc0(sizeof(ppc405cr_cpc_t));
- memcpy(cpc->clk_setup, clk_setup,
- PPC405CR_CLK_NB * sizeof(clk_setup_t));
- cpc->sysclk = sysclk;
- cpc->jtagid = 0x42051049;
- ppc_dcr_register(env, PPC405CR_CPC0_PSR, cpc,
- &dcr_read_crcpc, &dcr_write_crcpc);
- ppc_dcr_register(env, PPC405CR_CPC0_CR0, cpc,
- &dcr_read_crcpc, &dcr_write_crcpc);
- ppc_dcr_register(env, PPC405CR_CPC0_CR1, cpc,
- &dcr_read_crcpc, &dcr_write_crcpc);
- ppc_dcr_register(env, PPC405CR_CPC0_JTAGID, cpc,
- &dcr_read_crcpc, &dcr_write_crcpc);
- ppc_dcr_register(env, PPC405CR_CPC0_PLLMR, cpc,
- &dcr_read_crcpc, &dcr_write_crcpc);
- ppc_dcr_register(env, PPC405CR_CPC0_ER, cpc,
- &dcr_read_crcpc, &dcr_write_crcpc);
- ppc_dcr_register(env, PPC405CR_CPC0_FR, cpc,
- &dcr_read_crcpc, &dcr_write_crcpc);
- ppc_dcr_register(env, PPC405CR_CPC0_SR, cpc,
- &dcr_read_crcpc, &dcr_write_crcpc);
- ppc405cr_clk_init(cpc);
- qemu_register_reset(ppc405cr_cpc_reset, cpc);
-}
-
-CPUPPCState *ppc405cr_init(MemoryRegion *address_space_mem,
- MemoryRegion ram_memories[4],
- hwaddr ram_bases[4],
- hwaddr ram_sizes[4],
- uint32_t sysclk, qemu_irq **picp,
- int do_init)
-{
- clk_setup_t clk_setup[PPC405CR_CLK_NB];
- qemu_irq dma_irqs[4];
- CPUPPCState *env;
- qemu_irq *pic, *irqs;
-
- memset(clk_setup, 0, sizeof(clk_setup));
- env = ppc4xx_init("405cr", &clk_setup[PPC405CR_CPU_CLK],
- &clk_setup[PPC405CR_TMR_CLK], sysclk);
- /* Memory mapped devices registers */
- /* PLB arbitrer */
- ppc4xx_plb_init(env);
- /* PLB to OPB bridge */
- ppc4xx_pob_init(env);
- /* OBP arbitrer */
- ppc4xx_opba_init(0xef600600);
- /* Universal interrupt controller */
- irqs = g_malloc0(sizeof(qemu_irq) * PPCUIC_OUTPUT_NB);
- irqs[PPCUIC_OUTPUT_INT] =
- ((qemu_irq *)env->irq_inputs)[PPC40x_INPUT_INT];
- irqs[PPCUIC_OUTPUT_CINT] =
- ((qemu_irq *)env->irq_inputs)[PPC40x_INPUT_CINT];
- pic = ppcuic_init(env, irqs, 0x0C0, 0, 1);
- *picp = pic;
- /* SDRAM controller */
- ppc4xx_sdram_init(env, pic[14], 1, ram_memories,
- ram_bases, ram_sizes, do_init);
- /* External bus controller */
- ppc405_ebc_init(env);
- /* DMA controller */
- dma_irqs[0] = pic[26];
- dma_irqs[1] = pic[25];
- dma_irqs[2] = pic[24];
- dma_irqs[3] = pic[23];
- ppc405_dma_init(env, dma_irqs);
- /* Serial ports */
- if (serial_hds[0] != NULL) {
- serial_mm_init(address_space_mem, 0xef600300, 0, pic[0],
- PPC_SERIAL_MM_BAUDBASE, serial_hds[0],
- DEVICE_BIG_ENDIAN);
- }
- if (serial_hds[1] != NULL) {
- serial_mm_init(address_space_mem, 0xef600400, 0, pic[1],
- PPC_SERIAL_MM_BAUDBASE, serial_hds[1],
- DEVICE_BIG_ENDIAN);
- }
- /* IIC controller */
- ppc405_i2c_init(0xef600500, pic[2]);
- /* GPIO */
- ppc405_gpio_init(0xef600700);
- /* CPU control */
- ppc405cr_cpc_init(env, clk_setup, sysclk);
-
- return env;
-}
-
-/*****************************************************************************/
-/* PowerPC 405EP */
-/* CPU control */
-enum {
- PPC405EP_CPC0_PLLMR0 = 0x0F0,
- PPC405EP_CPC0_BOOT = 0x0F1,
- PPC405EP_CPC0_EPCTL = 0x0F3,
- PPC405EP_CPC0_PLLMR1 = 0x0F4,
- PPC405EP_CPC0_UCR = 0x0F5,
- PPC405EP_CPC0_SRR = 0x0F6,
- PPC405EP_CPC0_JTAGID = 0x0F7,
- PPC405EP_CPC0_PCI = 0x0F9,
-#if 0
- PPC405EP_CPC0_ER = xxx,
- PPC405EP_CPC0_FR = xxx,
- PPC405EP_CPC0_SR = xxx,
-#endif
-};
-
-enum {
- PPC405EP_CPU_CLK = 0,
- PPC405EP_PLB_CLK = 1,
- PPC405EP_OPB_CLK = 2,
- PPC405EP_EBC_CLK = 3,
- PPC405EP_MAL_CLK = 4,
- PPC405EP_PCI_CLK = 5,
- PPC405EP_UART0_CLK = 6,
- PPC405EP_UART1_CLK = 7,
- PPC405EP_CLK_NB = 8,
-};
-
-typedef struct ppc405ep_cpc_t ppc405ep_cpc_t;
-struct ppc405ep_cpc_t {
- uint32_t sysclk;
- clk_setup_t clk_setup[PPC405EP_CLK_NB];
- uint32_t boot;
- uint32_t epctl;
- uint32_t pllmr[2];
- uint32_t ucr;
- uint32_t srr;
- uint32_t jtagid;
- uint32_t pci;
- /* Clock and power management */
- uint32_t er;
- uint32_t fr;
- uint32_t sr;
-};
-
-static void ppc405ep_compute_clocks (ppc405ep_cpc_t *cpc)
-{
- uint32_t CPU_clk, PLB_clk, OPB_clk, EBC_clk, MAL_clk, PCI_clk;
- uint32_t UART0_clk, UART1_clk;
- uint64_t VCO_out, PLL_out;
- int M, D;
-
- VCO_out = 0;
- if ((cpc->pllmr[1] & 0x80000000) && !(cpc->pllmr[1] & 0x40000000)) {
- M = (((cpc->pllmr[1] >> 20) - 1) & 0xF) + 1; /* FBMUL */
-#ifdef DEBUG_CLOCKS_LL
- printf("FBMUL %01" PRIx32 " %d\n", (cpc->pllmr[1] >> 20) & 0xF, M);
-#endif
- D = 8 - ((cpc->pllmr[1] >> 16) & 0x7); /* FWDA */
-#ifdef DEBUG_CLOCKS_LL
- printf("FWDA %01" PRIx32 " %d\n", (cpc->pllmr[1] >> 16) & 0x7, D);
-#endif
- VCO_out = cpc->sysclk * M * D;
- if (VCO_out < 500000000UL || VCO_out > 1000000000UL) {
- /* Error - unlock the PLL */
- printf("VCO out of range %" PRIu64 "\n", VCO_out);
-#if 0
- cpc->pllmr[1] &= ~0x80000000;
- goto pll_bypass;
-#endif
- }
- PLL_out = VCO_out / D;
- /* Pretend the PLL is locked */
- cpc->boot |= 0x00000001;
- } else {
-#if 0
- pll_bypass:
-#endif
- PLL_out = cpc->sysclk;
- if (cpc->pllmr[1] & 0x40000000) {
- /* Pretend the PLL is not locked */
- cpc->boot &= ~0x00000001;
- }
- }
- /* Now, compute all other clocks */
- D = ((cpc->pllmr[0] >> 20) & 0x3) + 1; /* CCDV */
-#ifdef DEBUG_CLOCKS_LL
- printf("CCDV %01" PRIx32 " %d\n", (cpc->pllmr[0] >> 20) & 0x3, D);
-#endif
- CPU_clk = PLL_out / D;
- D = ((cpc->pllmr[0] >> 16) & 0x3) + 1; /* CBDV */
-#ifdef DEBUG_CLOCKS_LL
- printf("CBDV %01" PRIx32 " %d\n", (cpc->pllmr[0] >> 16) & 0x3, D);
-#endif
- PLB_clk = CPU_clk / D;
- D = ((cpc->pllmr[0] >> 12) & 0x3) + 1; /* OPDV */
-#ifdef DEBUG_CLOCKS_LL
- printf("OPDV %01" PRIx32 " %d\n", (cpc->pllmr[0] >> 12) & 0x3, D);
-#endif
- OPB_clk = PLB_clk / D;
- D = ((cpc->pllmr[0] >> 8) & 0x3) + 2; /* EPDV */
-#ifdef DEBUG_CLOCKS_LL
- printf("EPDV %01" PRIx32 " %d\n", (cpc->pllmr[0] >> 8) & 0x3, D);
-#endif
- EBC_clk = PLB_clk / D;
- D = ((cpc->pllmr[0] >> 4) & 0x3) + 1; /* MPDV */
-#ifdef DEBUG_CLOCKS_LL
- printf("MPDV %01" PRIx32 " %d\n", (cpc->pllmr[0] >> 4) & 0x3, D);
-#endif
- MAL_clk = PLB_clk / D;
- D = (cpc->pllmr[0] & 0x3) + 1; /* PPDV */
-#ifdef DEBUG_CLOCKS_LL
- printf("PPDV %01" PRIx32 " %d\n", cpc->pllmr[0] & 0x3, D);
-#endif
- PCI_clk = PLB_clk / D;
- D = ((cpc->ucr - 1) & 0x7F) + 1; /* U0DIV */
-#ifdef DEBUG_CLOCKS_LL
- printf("U0DIV %01" PRIx32 " %d\n", cpc->ucr & 0x7F, D);
-#endif
- UART0_clk = PLL_out / D;
- D = (((cpc->ucr >> 8) - 1) & 0x7F) + 1; /* U1DIV */
-#ifdef DEBUG_CLOCKS_LL
- printf("U1DIV %01" PRIx32 " %d\n", (cpc->ucr >> 8) & 0x7F, D);
-#endif
- UART1_clk = PLL_out / D;
-#ifdef DEBUG_CLOCKS
- printf("Setup PPC405EP clocks - sysclk %" PRIu32 " VCO %" PRIu64
- " PLL out %" PRIu64 " Hz\n", cpc->sysclk, VCO_out, PLL_out);
- printf("CPU %" PRIu32 " PLB %" PRIu32 " OPB %" PRIu32 " EBC %" PRIu32
- " MAL %" PRIu32 " PCI %" PRIu32 " UART0 %" PRIu32
- " UART1 %" PRIu32 "\n",
- CPU_clk, PLB_clk, OPB_clk, EBC_clk, MAL_clk, PCI_clk,
- UART0_clk, UART1_clk);
-#endif
- /* Setup CPU clocks */
- clk_setup(&cpc->clk_setup[PPC405EP_CPU_CLK], CPU_clk);
- /* Setup PLB clock */
- clk_setup(&cpc->clk_setup[PPC405EP_PLB_CLK], PLB_clk);
- /* Setup OPB clock */
- clk_setup(&cpc->clk_setup[PPC405EP_OPB_CLK], OPB_clk);
- /* Setup external clock */
- clk_setup(&cpc->clk_setup[PPC405EP_EBC_CLK], EBC_clk);
- /* Setup MAL clock */
- clk_setup(&cpc->clk_setup[PPC405EP_MAL_CLK], MAL_clk);
- /* Setup PCI clock */
- clk_setup(&cpc->clk_setup[PPC405EP_PCI_CLK], PCI_clk);
- /* Setup UART0 clock */
- clk_setup(&cpc->clk_setup[PPC405EP_UART0_CLK], UART0_clk);
- /* Setup UART1 clock */
- clk_setup(&cpc->clk_setup[PPC405EP_UART1_CLK], UART1_clk);
-}
-
-static uint32_t dcr_read_epcpc (void *opaque, int dcrn)
-{
- ppc405ep_cpc_t *cpc;
- uint32_t ret;
-
- cpc = opaque;
- switch (dcrn) {
- case PPC405EP_CPC0_BOOT:
- ret = cpc->boot;
- break;
- case PPC405EP_CPC0_EPCTL:
- ret = cpc->epctl;
- break;
- case PPC405EP_CPC0_PLLMR0:
- ret = cpc->pllmr[0];
- break;
- case PPC405EP_CPC0_PLLMR1:
- ret = cpc->pllmr[1];
- break;
- case PPC405EP_CPC0_UCR:
- ret = cpc->ucr;
- break;
- case PPC405EP_CPC0_SRR:
- ret = cpc->srr;
- break;
- case PPC405EP_CPC0_JTAGID:
- ret = cpc->jtagid;
- break;
- case PPC405EP_CPC0_PCI:
- ret = cpc->pci;
- break;
- default:
- /* Avoid gcc warning */
- ret = 0;
- break;
- }
-
- return ret;
-}
-
-static void dcr_write_epcpc (void *opaque, int dcrn, uint32_t val)
-{
- ppc405ep_cpc_t *cpc;
-
- cpc = opaque;
- switch (dcrn) {
- case PPC405EP_CPC0_BOOT:
- /* Read-only register */
- break;
- case PPC405EP_CPC0_EPCTL:
- /* Don't care for now */
- cpc->epctl = val & 0xC00000F3;
- break;
- case PPC405EP_CPC0_PLLMR0:
- cpc->pllmr[0] = val & 0x00633333;
- ppc405ep_compute_clocks(cpc);
- break;
- case PPC405EP_CPC0_PLLMR1:
- cpc->pllmr[1] = val & 0xC0F73FFF;
- ppc405ep_compute_clocks(cpc);
- break;
- case PPC405EP_CPC0_UCR:
- /* UART control - don't care for now */
- cpc->ucr = val & 0x003F7F7F;
- break;
- case PPC405EP_CPC0_SRR:
- cpc->srr = val;
- break;
- case PPC405EP_CPC0_JTAGID:
- /* Read-only */
- break;
- case PPC405EP_CPC0_PCI:
- cpc->pci = val;
- break;
- }
-}
-
-static void ppc405ep_cpc_reset (void *opaque)
-{
- ppc405ep_cpc_t *cpc = opaque;
-
- cpc->boot = 0x00000010; /* Boot from PCI - IIC EEPROM disabled */
- cpc->epctl = 0x00000000;
- cpc->pllmr[0] = 0x00011010;
- cpc->pllmr[1] = 0x40000000;
- cpc->ucr = 0x00000000;
- cpc->srr = 0x00040000;
- cpc->pci = 0x00000000;
- cpc->er = 0x00000000;
- cpc->fr = 0x00000000;
- cpc->sr = 0x00000000;
- ppc405ep_compute_clocks(cpc);
-}
-
-/* XXX: sysclk should be between 25 and 100 MHz */
-static void ppc405ep_cpc_init (CPUPPCState *env, clk_setup_t clk_setup[8],
- uint32_t sysclk)
-{
- ppc405ep_cpc_t *cpc;
-
- cpc = g_malloc0(sizeof(ppc405ep_cpc_t));
- memcpy(cpc->clk_setup, clk_setup,
- PPC405EP_CLK_NB * sizeof(clk_setup_t));
- cpc->jtagid = 0x20267049;
- cpc->sysclk = sysclk;
- qemu_register_reset(&ppc405ep_cpc_reset, cpc);
- ppc_dcr_register(env, PPC405EP_CPC0_BOOT, cpc,
- &dcr_read_epcpc, &dcr_write_epcpc);
- ppc_dcr_register(env, PPC405EP_CPC0_EPCTL, cpc,
- &dcr_read_epcpc, &dcr_write_epcpc);
- ppc_dcr_register(env, PPC405EP_CPC0_PLLMR0, cpc,
- &dcr_read_epcpc, &dcr_write_epcpc);
- ppc_dcr_register(env, PPC405EP_CPC0_PLLMR1, cpc,
- &dcr_read_epcpc, &dcr_write_epcpc);
- ppc_dcr_register(env, PPC405EP_CPC0_UCR, cpc,
- &dcr_read_epcpc, &dcr_write_epcpc);
- ppc_dcr_register(env, PPC405EP_CPC0_SRR, cpc,
- &dcr_read_epcpc, &dcr_write_epcpc);
- ppc_dcr_register(env, PPC405EP_CPC0_JTAGID, cpc,
- &dcr_read_epcpc, &dcr_write_epcpc);
- ppc_dcr_register(env, PPC405EP_CPC0_PCI, cpc,
- &dcr_read_epcpc, &dcr_write_epcpc);
-#if 0
- ppc_dcr_register(env, PPC405EP_CPC0_ER, cpc,
- &dcr_read_epcpc, &dcr_write_epcpc);
- ppc_dcr_register(env, PPC405EP_CPC0_FR, cpc,
- &dcr_read_epcpc, &dcr_write_epcpc);
- ppc_dcr_register(env, PPC405EP_CPC0_SR, cpc,
- &dcr_read_epcpc, &dcr_write_epcpc);
-#endif
-}
-
-CPUPPCState *ppc405ep_init(MemoryRegion *address_space_mem,
- MemoryRegion ram_memories[2],
- hwaddr ram_bases[2],
- hwaddr ram_sizes[2],
- uint32_t sysclk, qemu_irq **picp,
- int do_init)
-{
- clk_setup_t clk_setup[PPC405EP_CLK_NB], tlb_clk_setup;
- qemu_irq dma_irqs[4], gpt_irqs[5], mal_irqs[4];
- CPUPPCState *env;
- qemu_irq *pic, *irqs;
-
- memset(clk_setup, 0, sizeof(clk_setup));
- /* init CPUs */
- env = ppc4xx_init("405ep", &clk_setup[PPC405EP_CPU_CLK],
- &tlb_clk_setup, sysclk);
- clk_setup[PPC405EP_CPU_CLK].cb = tlb_clk_setup.cb;
- clk_setup[PPC405EP_CPU_CLK].opaque = tlb_clk_setup.opaque;
- /* Internal devices init */
- /* Memory mapped devices registers */
- /* PLB arbitrer */
- ppc4xx_plb_init(env);
- /* PLB to OPB bridge */
- ppc4xx_pob_init(env);
- /* OBP arbitrer */
- ppc4xx_opba_init(0xef600600);
- /* Initialize timers */
- ppc_booke_timers_init(env, sysclk, 0);
- /* Universal interrupt controller */
- irqs = g_malloc0(sizeof(qemu_irq) * PPCUIC_OUTPUT_NB);
- irqs[PPCUIC_OUTPUT_INT] =
- ((qemu_irq *)env->irq_inputs)[PPC40x_INPUT_INT];
- irqs[PPCUIC_OUTPUT_CINT] =
- ((qemu_irq *)env->irq_inputs)[PPC40x_INPUT_CINT];
- pic = ppcuic_init(env, irqs, 0x0C0, 0, 1);
- *picp = pic;
- /* SDRAM controller */
- /* XXX 405EP has no ECC interrupt */
- ppc4xx_sdram_init(env, pic[17], 2, ram_memories,
- ram_bases, ram_sizes, do_init);
- /* External bus controller */
- ppc405_ebc_init(env);
- /* DMA controller */
- dma_irqs[0] = pic[5];
- dma_irqs[1] = pic[6];
- dma_irqs[2] = pic[7];
- dma_irqs[3] = pic[8];
- ppc405_dma_init(env, dma_irqs);
- /* IIC controller */
- ppc405_i2c_init(0xef600500, pic[2]);
- /* GPIO */
- ppc405_gpio_init(0xef600700);
- /* Serial ports */
- if (serial_hds[0] != NULL) {
- serial_mm_init(address_space_mem, 0xef600300, 0, pic[0],
- PPC_SERIAL_MM_BAUDBASE, serial_hds[0],
- DEVICE_BIG_ENDIAN);
- }
- if (serial_hds[1] != NULL) {
- serial_mm_init(address_space_mem, 0xef600400, 0, pic[1],
- PPC_SERIAL_MM_BAUDBASE, serial_hds[1],
- DEVICE_BIG_ENDIAN);
- }
- /* OCM */
- ppc405_ocm_init(env);
- /* GPT */
- gpt_irqs[0] = pic[19];
- gpt_irqs[1] = pic[20];
- gpt_irqs[2] = pic[21];
- gpt_irqs[3] = pic[22];
- gpt_irqs[4] = pic[23];
- ppc4xx_gpt_init(0xef600000, gpt_irqs);
- /* PCI */
- /* Uses pic[3], pic[16], pic[18] */
- /* MAL */
- mal_irqs[0] = pic[11];
- mal_irqs[1] = pic[12];
- mal_irqs[2] = pic[13];
- mal_irqs[3] = pic[14];
- ppc405_mal_init(env, mal_irqs);
- /* Ethernet */
- /* Uses pic[9], pic[15], pic[17] */
- /* CPU control */
- ppc405ep_cpc_init(env, clk_setup, sysclk);
-
- return env;
-}
diff --git a/hw/ppc440_bamboo.c b/hw/ppc440_bamboo.c
deleted file mode 100644
index cc85607cb..000000000
--- a/hw/ppc440_bamboo.c
+++ /dev/null
@@ -1,305 +0,0 @@
-/*
- * QEMU PowerPC 440 Bamboo board emulation
- *
- * Copyright 2007 IBM Corporation.
- * Authors:
- * Jerone Young <jyoung5@us.ibm.com>
- * Christian Ehrhardt <ehrhardt@linux.vnet.ibm.com>
- * Hollis Blanchard <hollisb@us.ibm.com>
- *
- * This work is licensed under the GNU GPL license version 2 or later.
- *
- */
-
-#include "config.h"
-#include "qemu-common.h"
-#include "net.h"
-#include "hw.h"
-#include "pci.h"
-#include "boards.h"
-#include "kvm.h"
-#include "kvm_ppc.h"
-#include "device_tree.h"
-#include "loader.h"
-#include "elf.h"
-#include "exec-memory.h"
-#include "serial.h"
-#include "ppc.h"
-#include "ppc405.h"
-#include "sysemu.h"
-#include "sysbus.h"
-
-#define BINARY_DEVICE_TREE_FILE "bamboo.dtb"
-
-/* from u-boot */
-#define KERNEL_ADDR 0x1000000
-#define FDT_ADDR 0x1800000
-#define RAMDISK_ADDR 0x1900000
-
-#define PPC440EP_PCI_CONFIG 0xeec00000
-#define PPC440EP_PCI_INTACK 0xeed00000
-#define PPC440EP_PCI_SPECIAL 0xeed00000
-#define PPC440EP_PCI_REGS 0xef400000
-#define PPC440EP_PCI_IO 0xe8000000
-#define PPC440EP_PCI_IOLEN 0x00010000
-
-#define PPC440EP_SDRAM_NR_BANKS 4
-
-static const unsigned int ppc440ep_sdram_bank_sizes[] = {
- 256<<20, 128<<20, 64<<20, 32<<20, 16<<20, 8<<20, 0
-};
-
-static hwaddr entry;
-
-static int bamboo_load_device_tree(hwaddr addr,
- uint32_t ramsize,
- hwaddr initrd_base,
- hwaddr initrd_size,
- const char *kernel_cmdline)
-{
- int ret = -1;
-#ifdef CONFIG_FDT
- uint32_t mem_reg_property[] = { 0, 0, cpu_to_be32(ramsize) };
- char *filename;
- int fdt_size;
- void *fdt;
- uint32_t tb_freq = 400000000;
- uint32_t clock_freq = 400000000;
-
- filename = qemu_find_file(QEMU_FILE_TYPE_BIOS, BINARY_DEVICE_TREE_FILE);
- if (!filename) {
- goto out;
- }
- fdt = load_device_tree(filename, &fdt_size);
- g_free(filename);
- if (fdt == NULL) {
- goto out;
- }
-
- /* Manipulate device tree in memory. */
-
- ret = qemu_devtree_setprop(fdt, "/memory", "reg", mem_reg_property,
- sizeof(mem_reg_property));
- if (ret < 0)
- fprintf(stderr, "couldn't set /memory/reg\n");
-
- ret = qemu_devtree_setprop_cell(fdt, "/chosen", "linux,initrd-start",
- initrd_base);
- if (ret < 0)
- fprintf(stderr, "couldn't set /chosen/linux,initrd-start\n");
-
- ret = qemu_devtree_setprop_cell(fdt, "/chosen", "linux,initrd-end",
- (initrd_base + initrd_size));
- if (ret < 0)
- fprintf(stderr, "couldn't set /chosen/linux,initrd-end\n");
-
- ret = qemu_devtree_setprop_string(fdt, "/chosen", "bootargs",
- kernel_cmdline);
- if (ret < 0)
- fprintf(stderr, "couldn't set /chosen/bootargs\n");
-
- /* Copy data from the host device tree into the guest. Since the guest can
- * directly access the timebase without host involvement, we must expose
- * the correct frequencies. */
- if (kvm_enabled()) {
- tb_freq = kvmppc_get_tbfreq();
- clock_freq = kvmppc_get_clockfreq();
- }
-
- qemu_devtree_setprop_cell(fdt, "/cpus/cpu@0", "clock-frequency",
- clock_freq);
- qemu_devtree_setprop_cell(fdt, "/cpus/cpu@0", "timebase-frequency",
- tb_freq);
-
- ret = rom_add_blob_fixed(BINARY_DEVICE_TREE_FILE, fdt, fdt_size, addr);
- g_free(fdt);
-
-out:
-#endif
-
- return ret;
-}
-
-/* Create reset TLB entries for BookE, spanning the 32bit addr space. */
-static void mmubooke_create_initial_mapping(CPUPPCState *env,
- target_ulong va,
- hwaddr pa)
-{
- ppcemb_tlb_t *tlb = &env->tlb.tlbe[0];
-
- tlb->attr = 0;
- tlb->prot = PAGE_VALID | ((PAGE_READ | PAGE_WRITE | PAGE_EXEC) << 4);
- tlb->size = 1 << 31; /* up to 0x80000000 */
- tlb->EPN = va & TARGET_PAGE_MASK;
- tlb->RPN = pa & TARGET_PAGE_MASK;
- tlb->PID = 0;
-
- tlb = &env->tlb.tlbe[1];
- tlb->attr = 0;
- tlb->prot = PAGE_VALID | ((PAGE_READ | PAGE_WRITE | PAGE_EXEC) << 4);
- tlb->size = 1 << 31; /* up to 0xffffffff */
- tlb->EPN = 0x80000000 & TARGET_PAGE_MASK;
- tlb->RPN = 0x80000000 & TARGET_PAGE_MASK;
- tlb->PID = 0;
-}
-
-static void main_cpu_reset(void *opaque)
-{
- PowerPCCPU *cpu = opaque;
- CPUPPCState *env = &cpu->env;
-
- cpu_reset(CPU(cpu));
- env->gpr[1] = (16<<20) - 8;
- env->gpr[3] = FDT_ADDR;
- env->nip = entry;
-
- /* Create a mapping for the kernel. */
- mmubooke_create_initial_mapping(env, 0, 0);
-}
-
-static void bamboo_init(QEMUMachineInitArgs *args)
-{
- ram_addr_t ram_size = args->ram_size;
- const char *cpu_model = args->cpu_model;
- const char *kernel_filename = args->kernel_filename;
- const char *kernel_cmdline = args->kernel_cmdline;
- const char *initrd_filename = args->initrd_filename;
- unsigned int pci_irq_nrs[4] = { 28, 27, 26, 25 };
- MemoryRegion *address_space_mem = get_system_memory();
- MemoryRegion *ram_memories
- = g_malloc(PPC440EP_SDRAM_NR_BANKS * sizeof(*ram_memories));
- hwaddr ram_bases[PPC440EP_SDRAM_NR_BANKS];
- hwaddr ram_sizes[PPC440EP_SDRAM_NR_BANKS];
- qemu_irq *pic;
- qemu_irq *irqs;
- PCIBus *pcibus;
- PowerPCCPU *cpu;
- CPUPPCState *env;
- uint64_t elf_entry;
- uint64_t elf_lowaddr;
- hwaddr loadaddr = 0;
- target_long initrd_size = 0;
- DeviceState *dev;
- int success;
- int i;
-
- /* Setup CPU. */
- if (cpu_model == NULL) {
- cpu_model = "440EP";
- }
- cpu = cpu_ppc_init(cpu_model);
- if (cpu == NULL) {
- fprintf(stderr, "Unable to initialize CPU!\n");
- exit(1);
- }
- env = &cpu->env;
-
- qemu_register_reset(main_cpu_reset, cpu);
- ppc_booke_timers_init(env, 400000000, 0);
- ppc_dcr_init(env, NULL, NULL);
-
- /* interrupt controller */
- irqs = g_malloc0(sizeof(qemu_irq) * PPCUIC_OUTPUT_NB);
- irqs[PPCUIC_OUTPUT_INT] = ((qemu_irq *)env->irq_inputs)[PPC40x_INPUT_INT];
- irqs[PPCUIC_OUTPUT_CINT] = ((qemu_irq *)env->irq_inputs)[PPC40x_INPUT_CINT];
- pic = ppcuic_init(env, irqs, 0x0C0, 0, 1);
-
- /* SDRAM controller */
- memset(ram_bases, 0, sizeof(ram_bases));
- memset(ram_sizes, 0, sizeof(ram_sizes));
- ram_size = ppc4xx_sdram_adjust(ram_size, PPC440EP_SDRAM_NR_BANKS,
- ram_memories,
- ram_bases, ram_sizes,
- ppc440ep_sdram_bank_sizes);
- /* XXX 440EP's ECC interrupts are on UIC1, but we've only created UIC0. */
- ppc4xx_sdram_init(env, pic[14], PPC440EP_SDRAM_NR_BANKS, ram_memories,
- ram_bases, ram_sizes, 1);
-
- /* PCI */
- dev = sysbus_create_varargs(TYPE_PPC4xx_PCI_HOST_BRIDGE,
- PPC440EP_PCI_CONFIG,
- pic[pci_irq_nrs[0]], pic[pci_irq_nrs[1]],
- pic[pci_irq_nrs[2]], pic[pci_irq_nrs[3]],
- NULL);
- pcibus = (PCIBus *)qdev_get_child_bus(dev, "pci.0");
- if (!pcibus) {
- fprintf(stderr, "couldn't create PCI controller!\n");
- exit(1);
- }
-
- isa_mmio_init(PPC440EP_PCI_IO, PPC440EP_PCI_IOLEN);
-
- if (serial_hds[0] != NULL) {
- serial_mm_init(address_space_mem, 0xef600300, 0, pic[0],
- PPC_SERIAL_MM_BAUDBASE, serial_hds[0],
- DEVICE_BIG_ENDIAN);
- }
- if (serial_hds[1] != NULL) {
- serial_mm_init(address_space_mem, 0xef600400, 0, pic[1],
- PPC_SERIAL_MM_BAUDBASE, serial_hds[1],
- DEVICE_BIG_ENDIAN);
- }
-
- if (pcibus) {
- /* Register network interfaces. */
- for (i = 0; i < nb_nics; i++) {
- /* There are no PCI NICs on the Bamboo board, but there are
- * PCI slots, so we can pick whatever default model we want. */
- pci_nic_init_nofail(&nd_table[i], "e1000", NULL);
- }
- }
-
- /* Load kernel. */
- if (kernel_filename) {
- success = load_uimage(kernel_filename, &entry, &loadaddr, NULL);
- if (success < 0) {
- success = load_elf(kernel_filename, NULL, NULL, &elf_entry,
- &elf_lowaddr, NULL, 1, ELF_MACHINE, 0);
- entry = elf_entry;
- loadaddr = elf_lowaddr;
- }
- /* XXX try again as binary */
- if (success < 0) {
- fprintf(stderr, "qemu: could not load kernel '%s'\n",
- kernel_filename);
- exit(1);
- }
- }
-
- /* Load initrd. */
- if (initrd_filename) {
- initrd_size = load_image_targphys(initrd_filename, RAMDISK_ADDR,
- ram_size - RAMDISK_ADDR);
-
- if (initrd_size < 0) {
- fprintf(stderr, "qemu: could not load ram disk '%s' at %x\n",
- initrd_filename, RAMDISK_ADDR);
- exit(1);
- }
- }
-
- /* If we're loading a kernel directly, we must load the device tree too. */
- if (kernel_filename) {
- if (bamboo_load_device_tree(FDT_ADDR, ram_size, RAMDISK_ADDR,
- initrd_size, kernel_cmdline) < 0) {
- fprintf(stderr, "couldn't load device tree\n");
- exit(1);
- }
- }
-
- if (kvm_enabled())
- kvmppc_init();
-}
-
-static QEMUMachine bamboo_machine = {
- .name = "bamboo",
- .desc = "bamboo",
- .init = bamboo_init,
-};
-
-static void bamboo_machine_init(void)
-{
- qemu_register_machine(&bamboo_machine);
-}
-
-machine_init(bamboo_machine_init);
diff --git a/hw/ppc4xx.h b/hw/ppc4xx.h
deleted file mode 100644
index d795ced57..000000000
--- a/hw/ppc4xx.h
+++ /dev/null
@@ -1,64 +0,0 @@
-/*
- * QEMU PowerPC 4xx emulation shared definitions
- *
- * Copyright (c) 2007 Jocelyn Mayer
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
- * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
- * THE SOFTWARE.
- */
-
-#if !defined(PPC_4XX_H)
-#define PPC_4XX_H
-
-#include "pci.h"
-
-/* PowerPC 4xx core initialization */
-CPUPPCState *ppc4xx_init (const char *cpu_model,
- clk_setup_t *cpu_clk, clk_setup_t *tb_clk,
- uint32_t sysclk);
-
-/* PowerPC 4xx universal interrupt controller */
-enum {
- PPCUIC_OUTPUT_INT = 0,
- PPCUIC_OUTPUT_CINT = 1,
- PPCUIC_OUTPUT_NB,
-};
-qemu_irq *ppcuic_init (CPUPPCState *env, qemu_irq *irqs,
- uint32_t dcr_base, int has_ssr, int has_vr);
-
-ram_addr_t ppc4xx_sdram_adjust(ram_addr_t ram_size, int nr_banks,
- MemoryRegion ram_memories[],
- hwaddr ram_bases[],
- hwaddr ram_sizes[],
- const unsigned int sdram_bank_sizes[]);
-
-void ppc4xx_sdram_init (CPUPPCState *env, qemu_irq irq, int nbanks,
- MemoryRegion ram_memories[],
- hwaddr *ram_bases,
- hwaddr *ram_sizes,
- int do_init);
-
-#define TYPE_PPC4xx_PCI_HOST_BRIDGE "ppc4xx-pcihost"
-
-PCIBus *ppc4xx_pci_init(CPUPPCState *env, qemu_irq pci_irqs[4],
- hwaddr config_space,
- hwaddr int_ack,
- hwaddr special_cycle,
- hwaddr registers);
-
-#endif /* !defined(PPC_4XX_H) */
diff --git a/hw/ppc4xx_devs.c b/hw/ppc4xx_devs.c
deleted file mode 100644
index bac8d8769..000000000
--- a/hw/ppc4xx_devs.c
+++ /dev/null
@@ -1,721 +0,0 @@
-/*
- * QEMU PowerPC 4xx embedded processors shared devices emulation
- *
- * Copyright (c) 2007 Jocelyn Mayer
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
- * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
- * THE SOFTWARE.
- */
-#include "hw.h"
-#include "ppc.h"
-#include "ppc4xx.h"
-#include "qemu-log.h"
-#include "exec-memory.h"
-
-//#define DEBUG_MMIO
-//#define DEBUG_UNASSIGNED
-#define DEBUG_UIC
-
-
-#ifdef DEBUG_UIC
-# define LOG_UIC(...) qemu_log_mask(CPU_LOG_INT, ## __VA_ARGS__)
-#else
-# define LOG_UIC(...) do { } while (0)
-#endif
-
-static void ppc4xx_reset(void *opaque)
-{
- PowerPCCPU *cpu = opaque;
-
- cpu_reset(CPU(cpu));
-}
-
-/*****************************************************************************/
-/* Generic PowerPC 4xx processor instantiation */
-CPUPPCState *ppc4xx_init (const char *cpu_model,
- clk_setup_t *cpu_clk, clk_setup_t *tb_clk,
- uint32_t sysclk)
-{
- PowerPCCPU *cpu;
- CPUPPCState *env;
-
- /* init CPUs */
- cpu = cpu_ppc_init(cpu_model);
- if (cpu == NULL) {
- fprintf(stderr, "Unable to find PowerPC %s CPU definition\n",
- cpu_model);
- exit(1);
- }
- env = &cpu->env;
-
- cpu_clk->cb = NULL; /* We don't care about CPU clock frequency changes */
- cpu_clk->opaque = env;
- /* Set time-base frequency to sysclk */
- tb_clk->cb = ppc_40x_timers_init(env, sysclk, PPC_INTERRUPT_PIT);
- tb_clk->opaque = env;
- ppc_dcr_init(env, NULL, NULL);
- /* Register qemu callbacks */
- qemu_register_reset(ppc4xx_reset, cpu);
-
- return env;
-}
-
-/*****************************************************************************/
-/* "Universal" Interrupt controller */
-enum {
- DCR_UICSR = 0x000,
- DCR_UICSRS = 0x001,
- DCR_UICER = 0x002,
- DCR_UICCR = 0x003,
- DCR_UICPR = 0x004,
- DCR_UICTR = 0x005,
- DCR_UICMSR = 0x006,
- DCR_UICVR = 0x007,
- DCR_UICVCR = 0x008,
- DCR_UICMAX = 0x009,
-};
-
-#define UIC_MAX_IRQ 32
-typedef struct ppcuic_t ppcuic_t;
-struct ppcuic_t {
- uint32_t dcr_base;
- int use_vectors;
- uint32_t level; /* Remembers the state of level-triggered interrupts. */
- uint32_t uicsr; /* Status register */
- uint32_t uicer; /* Enable register */
- uint32_t uiccr; /* Critical register */
- uint32_t uicpr; /* Polarity register */
- uint32_t uictr; /* Triggering register */
- uint32_t uicvcr; /* Vector configuration register */
- uint32_t uicvr;
- qemu_irq *irqs;
-};
-
-static void ppcuic_trigger_irq (ppcuic_t *uic)
-{
- uint32_t ir, cr;
- int start, end, inc, i;
-
- /* Trigger interrupt if any is pending */
- ir = uic->uicsr & uic->uicer & (~uic->uiccr);
- cr = uic->uicsr & uic->uicer & uic->uiccr;
- LOG_UIC("%s: uicsr %08" PRIx32 " uicer %08" PRIx32
- " uiccr %08" PRIx32 "\n"
- " %08" PRIx32 " ir %08" PRIx32 " cr %08" PRIx32 "\n",
- __func__, uic->uicsr, uic->uicer, uic->uiccr,
- uic->uicsr & uic->uicer, ir, cr);
- if (ir != 0x0000000) {
- LOG_UIC("Raise UIC interrupt\n");
- qemu_irq_raise(uic->irqs[PPCUIC_OUTPUT_INT]);
- } else {
- LOG_UIC("Lower UIC interrupt\n");
- qemu_irq_lower(uic->irqs[PPCUIC_OUTPUT_INT]);
- }
- /* Trigger critical interrupt if any is pending and update vector */
- if (cr != 0x0000000) {
- qemu_irq_raise(uic->irqs[PPCUIC_OUTPUT_CINT]);
- if (uic->use_vectors) {
- /* Compute critical IRQ vector */
- if (uic->uicvcr & 1) {
- start = 31;
- end = 0;
- inc = -1;
- } else {
- start = 0;
- end = 31;
- inc = 1;
- }
- uic->uicvr = uic->uicvcr & 0xFFFFFFFC;
- for (i = start; i <= end; i += inc) {
- if (cr & (1 << i)) {
- uic->uicvr += (i - start) * 512 * inc;
- break;
- }
- }
- }
- LOG_UIC("Raise UIC critical interrupt - "
- "vector %08" PRIx32 "\n", uic->uicvr);
- } else {
- LOG_UIC("Lower UIC critical interrupt\n");
- qemu_irq_lower(uic->irqs[PPCUIC_OUTPUT_CINT]);
- uic->uicvr = 0x00000000;
- }
-}
-
-static void ppcuic_set_irq (void *opaque, int irq_num, int level)
-{
- ppcuic_t *uic;
- uint32_t mask, sr;
-
- uic = opaque;
- mask = 1 << (31-irq_num);
- LOG_UIC("%s: irq %d level %d uicsr %08" PRIx32
- " mask %08" PRIx32 " => %08" PRIx32 " %08" PRIx32 "\n",
- __func__, irq_num, level,
- uic->uicsr, mask, uic->uicsr & mask, level << irq_num);
- if (irq_num < 0 || irq_num > 31)
- return;
- sr = uic->uicsr;
-
- /* Update status register */
- if (uic->uictr & mask) {
- /* Edge sensitive interrupt */
- if (level == 1)
- uic->uicsr |= mask;
- } else {
- /* Level sensitive interrupt */
- if (level == 1) {
- uic->uicsr |= mask;
- uic->level |= mask;
- } else {
- uic->uicsr &= ~mask;
- uic->level &= ~mask;
- }
- }
- LOG_UIC("%s: irq %d level %d sr %" PRIx32 " => "
- "%08" PRIx32 "\n", __func__, irq_num, level, uic->uicsr, sr);
- if (sr != uic->uicsr)
- ppcuic_trigger_irq(uic);
-}
-
-static uint32_t dcr_read_uic (void *opaque, int dcrn)
-{
- ppcuic_t *uic;
- uint32_t ret;
-
- uic = opaque;
- dcrn -= uic->dcr_base;
- switch (dcrn) {
- case DCR_UICSR:
- case DCR_UICSRS:
- ret = uic->uicsr;
- break;
- case DCR_UICER:
- ret = uic->uicer;
- break;
- case DCR_UICCR:
- ret = uic->uiccr;
- break;
- case DCR_UICPR:
- ret = uic->uicpr;
- break;
- case DCR_UICTR:
- ret = uic->uictr;
- break;
- case DCR_UICMSR:
- ret = uic->uicsr & uic->uicer;
- break;
- case DCR_UICVR:
- if (!uic->use_vectors)
- goto no_read;
- ret = uic->uicvr;
- break;
- case DCR_UICVCR:
- if (!uic->use_vectors)
- goto no_read;
- ret = uic->uicvcr;
- break;
- default:
- no_read:
- ret = 0x00000000;
- break;
- }
-
- return ret;
-}
-
-static void dcr_write_uic (void *opaque, int dcrn, uint32_t val)
-{
- ppcuic_t *uic;
-
- uic = opaque;
- dcrn -= uic->dcr_base;
- LOG_UIC("%s: dcr %d val 0x%x\n", __func__, dcrn, val);
- switch (dcrn) {
- case DCR_UICSR:
- uic->uicsr &= ~val;
- uic->uicsr |= uic->level;
- ppcuic_trigger_irq(uic);
- break;
- case DCR_UICSRS:
- uic->uicsr |= val;
- ppcuic_trigger_irq(uic);
- break;
- case DCR_UICER:
- uic->uicer = val;
- ppcuic_trigger_irq(uic);
- break;
- case DCR_UICCR:
- uic->uiccr = val;
- ppcuic_trigger_irq(uic);
- break;
- case DCR_UICPR:
- uic->uicpr = val;
- break;
- case DCR_UICTR:
- uic->uictr = val;
- ppcuic_trigger_irq(uic);
- break;
- case DCR_UICMSR:
- break;
- case DCR_UICVR:
- break;
- case DCR_UICVCR:
- uic->uicvcr = val & 0xFFFFFFFD;
- ppcuic_trigger_irq(uic);
- break;
- }
-}
-
-static void ppcuic_reset (void *opaque)
-{
- ppcuic_t *uic;
-
- uic = opaque;
- uic->uiccr = 0x00000000;
- uic->uicer = 0x00000000;
- uic->uicpr = 0x00000000;
- uic->uicsr = 0x00000000;
- uic->uictr = 0x00000000;
- if (uic->use_vectors) {
- uic->uicvcr = 0x00000000;
- uic->uicvr = 0x0000000;
- }
-}
-
-qemu_irq *ppcuic_init (CPUPPCState *env, qemu_irq *irqs,
- uint32_t dcr_base, int has_ssr, int has_vr)
-{
- ppcuic_t *uic;
- int i;
-
- uic = g_malloc0(sizeof(ppcuic_t));
- uic->dcr_base = dcr_base;
- uic->irqs = irqs;
- if (has_vr)
- uic->use_vectors = 1;
- for (i = 0; i < DCR_UICMAX; i++) {
- ppc_dcr_register(env, dcr_base + i, uic,
- &dcr_read_uic, &dcr_write_uic);
- }
- qemu_register_reset(ppcuic_reset, uic);
-
- return qemu_allocate_irqs(&ppcuic_set_irq, uic, UIC_MAX_IRQ);
-}
-
-/*****************************************************************************/
-/* SDRAM controller */
-typedef struct ppc4xx_sdram_t ppc4xx_sdram_t;
-struct ppc4xx_sdram_t {
- uint32_t addr;
- int nbanks;
- MemoryRegion containers[4]; /* used for clipping */
- MemoryRegion *ram_memories;
- hwaddr ram_bases[4];
- hwaddr ram_sizes[4];
- uint32_t besr0;
- uint32_t besr1;
- uint32_t bear;
- uint32_t cfg;
- uint32_t status;
- uint32_t rtr;
- uint32_t pmit;
- uint32_t bcr[4];
- uint32_t tr;
- uint32_t ecccfg;
- uint32_t eccesr;
- qemu_irq irq;
-};
-
-enum {
- SDRAM0_CFGADDR = 0x010,
- SDRAM0_CFGDATA = 0x011,
-};
-
-/* XXX: TOFIX: some patches have made this code become inconsistent:
- * there are type inconsistencies, mixing hwaddr, target_ulong
- * and uint32_t
- */
-static uint32_t sdram_bcr (hwaddr ram_base,
- hwaddr ram_size)
-{
- uint32_t bcr;
-
- switch (ram_size) {
- case (4 * 1024 * 1024):
- bcr = 0x00000000;
- break;
- case (8 * 1024 * 1024):
- bcr = 0x00020000;
- break;
- case (16 * 1024 * 1024):
- bcr = 0x00040000;
- break;
- case (32 * 1024 * 1024):
- bcr = 0x00060000;
- break;
- case (64 * 1024 * 1024):
- bcr = 0x00080000;
- break;
- case (128 * 1024 * 1024):
- bcr = 0x000A0000;
- break;
- case (256 * 1024 * 1024):
- bcr = 0x000C0000;
- break;
- default:
- printf("%s: invalid RAM size " TARGET_FMT_plx "\n", __func__,
- ram_size);
- return 0x00000000;
- }
- bcr |= ram_base & 0xFF800000;
- bcr |= 1;
-
- return bcr;
-}
-
-static inline hwaddr sdram_base(uint32_t bcr)
-{
- return bcr & 0xFF800000;
-}
-
-static target_ulong sdram_size (uint32_t bcr)
-{
- target_ulong size;
- int sh;
-
- sh = (bcr >> 17) & 0x7;
- if (sh == 7)
- size = -1;
- else
- size = (4 * 1024 * 1024) << sh;
-
- return size;
-}
-
-static void sdram_set_bcr(ppc4xx_sdram_t *sdram,
- uint32_t *bcrp, uint32_t bcr, int enabled)
-{
- unsigned n = bcrp - sdram->bcr;
-
- if (*bcrp & 0x00000001) {
- /* Unmap RAM */
-#ifdef DEBUG_SDRAM
- printf("%s: unmap RAM area " TARGET_FMT_plx " " TARGET_FMT_lx "\n",
- __func__, sdram_base(*bcrp), sdram_size(*bcrp));
-#endif
- memory_region_del_subregion(get_system_memory(),
- &sdram->containers[n]);
- memory_region_del_subregion(&sdram->containers[n],
- &sdram->ram_memories[n]);
- memory_region_destroy(&sdram->containers[n]);
- }
- *bcrp = bcr & 0xFFDEE001;
- if (enabled && (bcr & 0x00000001)) {
-#ifdef DEBUG_SDRAM
- printf("%s: Map RAM area " TARGET_FMT_plx " " TARGET_FMT_lx "\n",
- __func__, sdram_base(bcr), sdram_size(bcr));
-#endif
- memory_region_init(&sdram->containers[n], "sdram-containers",
- sdram_size(bcr));
- memory_region_add_subregion(&sdram->containers[n], 0,
- &sdram->ram_memories[n]);
- memory_region_add_subregion(get_system_memory(),
- sdram_base(bcr),
- &sdram->containers[n]);
- }
-}
-
-static void sdram_map_bcr (ppc4xx_sdram_t *sdram)
-{
- int i;
-
- for (i = 0; i < sdram->nbanks; i++) {
- if (sdram->ram_sizes[i] != 0) {
- sdram_set_bcr(sdram,
- &sdram->bcr[i],
- sdram_bcr(sdram->ram_bases[i], sdram->ram_sizes[i]),
- 1);
- } else {
- sdram_set_bcr(sdram, &sdram->bcr[i], 0x00000000, 0);
- }
- }
-}
-
-static void sdram_unmap_bcr (ppc4xx_sdram_t *sdram)
-{
- int i;
-
- for (i = 0; i < sdram->nbanks; i++) {
-#ifdef DEBUG_SDRAM
- printf("%s: Unmap RAM area " TARGET_FMT_plx " " TARGET_FMT_lx "\n",
- __func__, sdram_base(sdram->bcr[i]), sdram_size(sdram->bcr[i]));
-#endif
- memory_region_del_subregion(get_system_memory(),
- &sdram->ram_memories[i]);
- }
-}
-
-static uint32_t dcr_read_sdram (void *opaque, int dcrn)
-{
- ppc4xx_sdram_t *sdram;
- uint32_t ret;
-
- sdram = opaque;
- switch (dcrn) {
- case SDRAM0_CFGADDR:
- ret = sdram->addr;
- break;
- case SDRAM0_CFGDATA:
- switch (sdram->addr) {
- case 0x00: /* SDRAM_BESR0 */
- ret = sdram->besr0;
- break;
- case 0x08: /* SDRAM_BESR1 */
- ret = sdram->besr1;
- break;
- case 0x10: /* SDRAM_BEAR */
- ret = sdram->bear;
- break;
- case 0x20: /* SDRAM_CFG */
- ret = sdram->cfg;
- break;
- case 0x24: /* SDRAM_STATUS */
- ret = sdram->status;
- break;
- case 0x30: /* SDRAM_RTR */
- ret = sdram->rtr;
- break;
- case 0x34: /* SDRAM_PMIT */
- ret = sdram->pmit;
- break;
- case 0x40: /* SDRAM_B0CR */
- ret = sdram->bcr[0];
- break;
- case 0x44: /* SDRAM_B1CR */
- ret = sdram->bcr[1];
- break;
- case 0x48: /* SDRAM_B2CR */
- ret = sdram->bcr[2];
- break;
- case 0x4C: /* SDRAM_B3CR */
- ret = sdram->bcr[3];
- break;
- case 0x80: /* SDRAM_TR */
- ret = -1; /* ? */
- break;
- case 0x94: /* SDRAM_ECCCFG */
- ret = sdram->ecccfg;
- break;
- case 0x98: /* SDRAM_ECCESR */
- ret = sdram->eccesr;
- break;
- default: /* Error */
- ret = -1;
- break;
- }
- break;
- default:
- /* Avoid gcc warning */
- ret = 0x00000000;
- break;
- }
-
- return ret;
-}
-
-static void dcr_write_sdram (void *opaque, int dcrn, uint32_t val)
-{
- ppc4xx_sdram_t *sdram;
-
- sdram = opaque;
- switch (dcrn) {
- case SDRAM0_CFGADDR:
- sdram->addr = val;
- break;
- case SDRAM0_CFGDATA:
- switch (sdram->addr) {
- case 0x00: /* SDRAM_BESR0 */
- sdram->besr0 &= ~val;
- break;
- case 0x08: /* SDRAM_BESR1 */
- sdram->besr1 &= ~val;
- break;
- case 0x10: /* SDRAM_BEAR */
- sdram->bear = val;
- break;
- case 0x20: /* SDRAM_CFG */
- val &= 0xFFE00000;
- if (!(sdram->cfg & 0x80000000) && (val & 0x80000000)) {
-#ifdef DEBUG_SDRAM
- printf("%s: enable SDRAM controller\n", __func__);
-#endif
- /* validate all RAM mappings */
- sdram_map_bcr(sdram);
- sdram->status &= ~0x80000000;
- } else if ((sdram->cfg & 0x80000000) && !(val & 0x80000000)) {
-#ifdef DEBUG_SDRAM
- printf("%s: disable SDRAM controller\n", __func__);
-#endif
- /* invalidate all RAM mappings */
- sdram_unmap_bcr(sdram);
- sdram->status |= 0x80000000;
- }
- if (!(sdram->cfg & 0x40000000) && (val & 0x40000000))
- sdram->status |= 0x40000000;
- else if ((sdram->cfg & 0x40000000) && !(val & 0x40000000))
- sdram->status &= ~0x40000000;
- sdram->cfg = val;
- break;
- case 0x24: /* SDRAM_STATUS */
- /* Read-only register */
- break;
- case 0x30: /* SDRAM_RTR */
- sdram->rtr = val & 0x3FF80000;
- break;
- case 0x34: /* SDRAM_PMIT */
- sdram->pmit = (val & 0xF8000000) | 0x07C00000;
- break;
- case 0x40: /* SDRAM_B0CR */
- sdram_set_bcr(sdram, &sdram->bcr[0], val, sdram->cfg & 0x80000000);
- break;
- case 0x44: /* SDRAM_B1CR */
- sdram_set_bcr(sdram, &sdram->bcr[1], val, sdram->cfg & 0x80000000);
- break;
- case 0x48: /* SDRAM_B2CR */
- sdram_set_bcr(sdram, &sdram->bcr[2], val, sdram->cfg & 0x80000000);
- break;
- case 0x4C: /* SDRAM_B3CR */
- sdram_set_bcr(sdram, &sdram->bcr[3], val, sdram->cfg & 0x80000000);
- break;
- case 0x80: /* SDRAM_TR */
- sdram->tr = val & 0x018FC01F;
- break;
- case 0x94: /* SDRAM_ECCCFG */
- sdram->ecccfg = val & 0x00F00000;
- break;
- case 0x98: /* SDRAM_ECCESR */
- val &= 0xFFF0F000;
- if (sdram->eccesr == 0 && val != 0)
- qemu_irq_raise(sdram->irq);
- else if (sdram->eccesr != 0 && val == 0)
- qemu_irq_lower(sdram->irq);
- sdram->eccesr = val;
- break;
- default: /* Error */
- break;
- }
- break;
- }
-}
-
-static void sdram_reset (void *opaque)
-{
- ppc4xx_sdram_t *sdram;
-
- sdram = opaque;
- sdram->addr = 0x00000000;
- sdram->bear = 0x00000000;
- sdram->besr0 = 0x00000000; /* No error */
- sdram->besr1 = 0x00000000; /* No error */
- sdram->cfg = 0x00000000;
- sdram->ecccfg = 0x00000000; /* No ECC */
- sdram->eccesr = 0x00000000; /* No error */
- sdram->pmit = 0x07C00000;
- sdram->rtr = 0x05F00000;
- sdram->tr = 0x00854009;
- /* We pre-initialize RAM banks */
- sdram->status = 0x00000000;
- sdram->cfg = 0x00800000;
-}
-
-void ppc4xx_sdram_init (CPUPPCState *env, qemu_irq irq, int nbanks,
- MemoryRegion *ram_memories,
- hwaddr *ram_bases,
- hwaddr *ram_sizes,
- int do_init)
-{
- ppc4xx_sdram_t *sdram;
-
- sdram = g_malloc0(sizeof(ppc4xx_sdram_t));
- sdram->irq = irq;
- sdram->nbanks = nbanks;
- sdram->ram_memories = ram_memories;
- memset(sdram->ram_bases, 0, 4 * sizeof(hwaddr));
- memcpy(sdram->ram_bases, ram_bases,
- nbanks * sizeof(hwaddr));
- memset(sdram->ram_sizes, 0, 4 * sizeof(hwaddr));
- memcpy(sdram->ram_sizes, ram_sizes,
- nbanks * sizeof(hwaddr));
- qemu_register_reset(&sdram_reset, sdram);
- ppc_dcr_register(env, SDRAM0_CFGADDR,
- sdram, &dcr_read_sdram, &dcr_write_sdram);
- ppc_dcr_register(env, SDRAM0_CFGDATA,
- sdram, &dcr_read_sdram, &dcr_write_sdram);
- if (do_init)
- sdram_map_bcr(sdram);
-}
-
-/* Fill in consecutive SDRAM banks with 'ram_size' bytes of memory.
- *
- * sdram_bank_sizes[] must be 0-terminated.
- *
- * The 4xx SDRAM controller supports a small number of banks, and each bank
- * must be one of a small set of sizes. The number of banks and the supported
- * sizes varies by SoC. */
-ram_addr_t ppc4xx_sdram_adjust(ram_addr_t ram_size, int nr_banks,
- MemoryRegion ram_memories[],
- hwaddr ram_bases[],
- hwaddr ram_sizes[],
- const unsigned int sdram_bank_sizes[])
-{
- ram_addr_t size_left = ram_size;
- ram_addr_t base = 0;
- int i;
- int j;
-
- for (i = 0; i < nr_banks; i++) {
- for (j = 0; sdram_bank_sizes[j] != 0; j++) {
- unsigned int bank_size = sdram_bank_sizes[j];
-
- if (bank_size <= size_left) {
- char name[32];
- snprintf(name, sizeof(name), "ppc4xx.sdram%d", i);
- memory_region_init_ram(&ram_memories[i], name, bank_size);
- vmstate_register_ram_global(&ram_memories[i]);
- ram_bases[i] = base;
- ram_sizes[i] = bank_size;
- base += ram_size;
- size_left -= bank_size;
- break;
- }
- }
-
- if (!size_left) {
- /* No need to use the remaining banks. */
- break;
- }
- }
-
- ram_size -= size_left;
- if (size_left)
- printf("Truncating memory to %d MiB to fit SDRAM controller limits.\n",
- (int)(ram_size >> 20));
-
- return ram_size;
-}
diff --git a/hw/ppc4xx_pci.c b/hw/ppc4xx_pci.c
deleted file mode 100644
index d3ad6a0b7..000000000
--- a/hw/ppc4xx_pci.c
+++ /dev/null
@@ -1,414 +0,0 @@
-/*
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License, version 2, as
- * published by the Free Software Foundation.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, see <http://www.gnu.org/licenses/>.
- *
- * Copyright IBM Corp. 2008
- *
- * Authors: Hollis Blanchard <hollisb@us.ibm.com>
- */
-
-/* This file implements emulation of the 32-bit PCI controller found in some
- * 4xx SoCs, such as the 440EP. */
-
-#include "hw.h"
-#include "ppc.h"
-#include "ppc4xx.h"
-#include "pci.h"
-#include "pci_host.h"
-#include "exec-memory.h"
-
-#undef DEBUG
-#ifdef DEBUG
-#define DPRINTF(fmt, ...) do { printf(fmt, ## __VA_ARGS__); } while (0)
-#else
-#define DPRINTF(fmt, ...)
-#endif /* DEBUG */
-
-struct PCIMasterMap {
- uint32_t la;
- uint32_t ma;
- uint32_t pcila;
- uint32_t pciha;
-};
-
-struct PCITargetMap {
- uint32_t ms;
- uint32_t la;
-};
-
-#define PPC4xx_PCI_HOST_BRIDGE(obj) \
- OBJECT_CHECK(PPC4xxPCIState, (obj), TYPE_PPC4xx_PCI_HOST_BRIDGE)
-
-#define PPC4xx_PCI_NR_PMMS 3
-#define PPC4xx_PCI_NR_PTMS 2
-
-struct PPC4xxPCIState {
- PCIHostState parent_obj;
-
- struct PCIMasterMap pmm[PPC4xx_PCI_NR_PMMS];
- struct PCITargetMap ptm[PPC4xx_PCI_NR_PTMS];
- qemu_irq irq[4];
-
- MemoryRegion container;
- MemoryRegion iomem;
-};
-typedef struct PPC4xxPCIState PPC4xxPCIState;
-
-#define PCIC0_CFGADDR 0x0
-#define PCIC0_CFGDATA 0x4
-
-/* PLB Memory Map (PMM) registers specify which PLB addresses are translated to
- * PCI accesses. */
-#define PCIL0_PMM0LA 0x0
-#define PCIL0_PMM0MA 0x4
-#define PCIL0_PMM0PCILA 0x8
-#define PCIL0_PMM0PCIHA 0xc
-#define PCIL0_PMM1LA 0x10
-#define PCIL0_PMM1MA 0x14
-#define PCIL0_PMM1PCILA 0x18
-#define PCIL0_PMM1PCIHA 0x1c
-#define PCIL0_PMM2LA 0x20
-#define PCIL0_PMM2MA 0x24
-#define PCIL0_PMM2PCILA 0x28
-#define PCIL0_PMM2PCIHA 0x2c
-
-/* PCI Target Map (PTM) registers specify which PCI addresses are translated to
- * PLB accesses. */
-#define PCIL0_PTM1MS 0x30
-#define PCIL0_PTM1LA 0x34
-#define PCIL0_PTM2MS 0x38
-#define PCIL0_PTM2LA 0x3c
-#define PCI_REG_BASE 0x800000
-#define PCI_REG_SIZE 0x40
-
-#define PCI_ALL_SIZE (PCI_REG_BASE + PCI_REG_SIZE)
-
-static uint64_t pci4xx_cfgaddr_read(void *opaque, hwaddr addr,
- unsigned size)
-{
- PPC4xxPCIState *ppc4xx_pci = opaque;
- PCIHostState *phb = PCI_HOST_BRIDGE(ppc4xx_pci);
-
- return phb->config_reg;
-}
-
-static void pci4xx_cfgaddr_write(void *opaque, hwaddr addr,
- uint64_t value, unsigned size)
-{
- PPC4xxPCIState *ppc4xx_pci = opaque;
- PCIHostState *phb = PCI_HOST_BRIDGE(ppc4xx_pci);
-
- phb->config_reg = value & ~0x3;
-}
-
-static const MemoryRegionOps pci4xx_cfgaddr_ops = {
- .read = pci4xx_cfgaddr_read,
- .write = pci4xx_cfgaddr_write,
- .endianness = DEVICE_LITTLE_ENDIAN,
-};
-
-static void ppc4xx_pci_reg_write4(void *opaque, hwaddr offset,
- uint64_t value, unsigned size)
-{
- struct PPC4xxPCIState *pci = opaque;
-
- /* We ignore all target attempts at PCI configuration, effectively
- * assuming a bidirectional 1:1 mapping of PLB and PCI space. */
-
- switch (offset) {
- case PCIL0_PMM0LA:
- pci->pmm[0].la = value;
- break;
- case PCIL0_PMM0MA:
- pci->pmm[0].ma = value;
- break;
- case PCIL0_PMM0PCIHA:
- pci->pmm[0].pciha = value;
- break;
- case PCIL0_PMM0PCILA:
- pci->pmm[0].pcila = value;
- break;
-
- case PCIL0_PMM1LA:
- pci->pmm[1].la = value;
- break;
- case PCIL0_PMM1MA:
- pci->pmm[1].ma = value;
- break;
- case PCIL0_PMM1PCIHA:
- pci->pmm[1].pciha = value;
- break;
- case PCIL0_PMM1PCILA:
- pci->pmm[1].pcila = value;
- break;
-
- case PCIL0_PMM2LA:
- pci->pmm[2].la = value;
- break;
- case PCIL0_PMM2MA:
- pci->pmm[2].ma = value;
- break;
- case PCIL0_PMM2PCIHA:
- pci->pmm[2].pciha = value;
- break;
- case PCIL0_PMM2PCILA:
- pci->pmm[2].pcila = value;
- break;
-
- case PCIL0_PTM1MS:
- pci->ptm[0].ms = value;
- break;
- case PCIL0_PTM1LA:
- pci->ptm[0].la = value;
- break;
- case PCIL0_PTM2MS:
- pci->ptm[1].ms = value;
- break;
- case PCIL0_PTM2LA:
- pci->ptm[1].la = value;
- break;
-
- default:
- printf("%s: unhandled PCI internal register 0x%lx\n", __func__,
- (unsigned long)offset);
- break;
- }
-}
-
-static uint64_t ppc4xx_pci_reg_read4(void *opaque, hwaddr offset,
- unsigned size)
-{
- struct PPC4xxPCIState *pci = opaque;
- uint32_t value;
-
- switch (offset) {
- case PCIL0_PMM0LA:
- value = pci->pmm[0].la;
- break;
- case PCIL0_PMM0MA:
- value = pci->pmm[0].ma;
- break;
- case PCIL0_PMM0PCIHA:
- value = pci->pmm[0].pciha;
- break;
- case PCIL0_PMM0PCILA:
- value = pci->pmm[0].pcila;
- break;
-
- case PCIL0_PMM1LA:
- value = pci->pmm[1].la;
- break;
- case PCIL0_PMM1MA:
- value = pci->pmm[1].ma;
- break;
- case PCIL0_PMM1PCIHA:
- value = pci->pmm[1].pciha;
- break;
- case PCIL0_PMM1PCILA:
- value = pci->pmm[1].pcila;
- break;
-
- case PCIL0_PMM2LA:
- value = pci->pmm[2].la;
- break;
- case PCIL0_PMM2MA:
- value = pci->pmm[2].ma;
- break;
- case PCIL0_PMM2PCIHA:
- value = pci->pmm[2].pciha;
- break;
- case PCIL0_PMM2PCILA:
- value = pci->pmm[2].pcila;
- break;
-
- case PCIL0_PTM1MS:
- value = pci->ptm[0].ms;
- break;
- case PCIL0_PTM1LA:
- value = pci->ptm[0].la;
- break;
- case PCIL0_PTM2MS:
- value = pci->ptm[1].ms;
- break;
- case PCIL0_PTM2LA:
- value = pci->ptm[1].la;
- break;
-
- default:
- printf("%s: invalid PCI internal register 0x%lx\n", __func__,
- (unsigned long)offset);
- value = 0;
- }
-
- return value;
-}
-
-static const MemoryRegionOps pci_reg_ops = {
- .read = ppc4xx_pci_reg_read4,
- .write = ppc4xx_pci_reg_write4,
- .endianness = DEVICE_LITTLE_ENDIAN,
-};
-
-static void ppc4xx_pci_reset(void *opaque)
-{
- struct PPC4xxPCIState *pci = opaque;
-
- memset(pci->pmm, 0, sizeof(pci->pmm));
- memset(pci->ptm, 0, sizeof(pci->ptm));
-}
-
-/* On Bamboo, all pins from each slot are tied to a single board IRQ. This
- * may need further refactoring for other boards. */
-static int ppc4xx_pci_map_irq(PCIDevice *pci_dev, int irq_num)
-{
- int slot = pci_dev->devfn >> 3;
-
- DPRINTF("%s: devfn %x irq %d -> %d\n", __func__,
- pci_dev->devfn, irq_num, slot);
-
- return slot - 1;
-}
-
-static void ppc4xx_pci_set_irq(void *opaque, int irq_num, int level)
-{
- qemu_irq *pci_irqs = opaque;
-
- DPRINTF("%s: PCI irq %d\n", __func__, irq_num);
- if (irq_num < 0) {
- fprintf(stderr, "%s: PCI irq %d\n", __func__, irq_num);
- return;
- }
- qemu_set_irq(pci_irqs[irq_num], level);
-}
-
-static const VMStateDescription vmstate_pci_master_map = {
- .name = "pci_master_map",
- .version_id = 0,
- .minimum_version_id = 0,
- .minimum_version_id_old = 0,
- .fields = (VMStateField[]) {
- VMSTATE_UINT32(la, struct PCIMasterMap),
- VMSTATE_UINT32(ma, struct PCIMasterMap),
- VMSTATE_UINT32(pcila, struct PCIMasterMap),
- VMSTATE_UINT32(pciha, struct PCIMasterMap),
- VMSTATE_END_OF_LIST()
- }
-};
-
-static const VMStateDescription vmstate_pci_target_map = {
- .name = "pci_target_map",
- .version_id = 0,
- .minimum_version_id = 0,
- .minimum_version_id_old = 0,
- .fields = (VMStateField[]) {
- VMSTATE_UINT32(ms, struct PCITargetMap),
- VMSTATE_UINT32(la, struct PCITargetMap),
- VMSTATE_END_OF_LIST()
- }
-};
-
-static const VMStateDescription vmstate_ppc4xx_pci = {
- .name = "ppc4xx_pci",
- .version_id = 1,
- .minimum_version_id = 1,
- .minimum_version_id_old = 1,
- .fields = (VMStateField[]) {
- VMSTATE_STRUCT_ARRAY(pmm, PPC4xxPCIState, PPC4xx_PCI_NR_PMMS, 1,
- vmstate_pci_master_map,
- struct PCIMasterMap),
- VMSTATE_STRUCT_ARRAY(ptm, PPC4xxPCIState, PPC4xx_PCI_NR_PTMS, 1,
- vmstate_pci_target_map,
- struct PCITargetMap),
- VMSTATE_END_OF_LIST()
- }
-};
-
-/* XXX Interrupt acknowledge cycles not supported. */
-static int ppc4xx_pcihost_initfn(SysBusDevice *dev)
-{
- PPC4xxPCIState *s;
- PCIHostState *h;
- PCIBus *b;
- int i;
-
- h = PCI_HOST_BRIDGE(dev);
- s = PPC4xx_PCI_HOST_BRIDGE(dev);
-
- for (i = 0; i < ARRAY_SIZE(s->irq); i++) {
- sysbus_init_irq(dev, &s->irq[i]);
- }
-
- b = pci_register_bus(DEVICE(dev), NULL, ppc4xx_pci_set_irq,
- ppc4xx_pci_map_irq, s->irq, get_system_memory(),
- get_system_io(), 0, 4);
- h->bus = b;
-
- pci_create_simple(b, 0, "ppc4xx-host-bridge");
-
- /* XXX split into 2 memory regions, one for config space, one for regs */
- memory_region_init(&s->container, "pci-container", PCI_ALL_SIZE);
- memory_region_init_io(&h->conf_mem, &pci_host_conf_le_ops, h,
- "pci-conf-idx", 4);
- memory_region_init_io(&h->data_mem, &pci_host_data_le_ops, h,
- "pci-conf-data", 4);
- memory_region_init_io(&s->iomem, &pci_reg_ops, s,
- "pci.reg", PCI_REG_SIZE);
- memory_region_add_subregion(&s->container, PCIC0_CFGADDR, &h->conf_mem);
- memory_region_add_subregion(&s->container, PCIC0_CFGDATA, &h->data_mem);
- memory_region_add_subregion(&s->container, PCI_REG_BASE, &s->iomem);
- sysbus_init_mmio(dev, &s->container);
- qemu_register_reset(ppc4xx_pci_reset, s);
-
- return 0;
-}
-
-static void ppc4xx_host_bridge_class_init(ObjectClass *klass, void *data)
-{
- PCIDeviceClass *k = PCI_DEVICE_CLASS(klass);
- DeviceClass *dc = DEVICE_CLASS(klass);
-
- dc->desc = "Host bridge";
- k->vendor_id = PCI_VENDOR_ID_IBM;
- k->device_id = PCI_DEVICE_ID_IBM_440GX;
- k->class_id = PCI_CLASS_BRIDGE_OTHER;
-}
-
-static const TypeInfo ppc4xx_host_bridge_info = {
- .name = "ppc4xx-host-bridge",
- .parent = TYPE_PCI_DEVICE,
- .instance_size = sizeof(PCIDevice),
- .class_init = ppc4xx_host_bridge_class_init,
-};
-
-static void ppc4xx_pcihost_class_init(ObjectClass *klass, void *data)
-{
- SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
- DeviceClass *dc = DEVICE_CLASS(klass);
-
- k->init = ppc4xx_pcihost_initfn;
- dc->vmsd = &vmstate_ppc4xx_pci;
-}
-
-static const TypeInfo ppc4xx_pcihost_info = {
- .name = TYPE_PPC4xx_PCI_HOST_BRIDGE,
- .parent = TYPE_PCI_HOST_BRIDGE,
- .instance_size = sizeof(PPC4xxPCIState),
- .class_init = ppc4xx_pcihost_class_init,
-};
-
-static void ppc4xx_pci_register_types(void)
-{
- type_register_static(&ppc4xx_pcihost_info);
- type_register_static(&ppc4xx_host_bridge_info);
-}
-
-type_init(ppc4xx_pci_register_types)
diff --git a/hw/ppc_booke.c b/hw/ppc_booke.c
deleted file mode 100644
index d51e7fad6..000000000
--- a/hw/ppc_booke.c
+++ /dev/null
@@ -1,254 +0,0 @@
-/*
- * QEMU PowerPC Booke hardware System Emulator
- *
- * Copyright (c) 2011 AdaCore
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
- * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
- * THE SOFTWARE.
- */
-#include "hw.h"
-#include "ppc.h"
-#include "qemu-timer.h"
-#include "sysemu.h"
-#include "nvram.h"
-#include "qemu-log.h"
-#include "loader.h"
-
-
-/* Timer Control Register */
-
-#define TCR_WP_SHIFT 30 /* Watchdog Timer Period */
-#define TCR_WP_MASK (0x3 << TCR_WP_SHIFT)
-#define TCR_WRC_SHIFT 28 /* Watchdog Timer Reset Control */
-#define TCR_WRC_MASK (0x3 << TCR_WRC_SHIFT)
-#define TCR_WIE (1 << 27) /* Watchdog Timer Interrupt Enable */
-#define TCR_DIE (1 << 26) /* Decrementer Interrupt Enable */
-#define TCR_FP_SHIFT 24 /* Fixed-Interval Timer Period */
-#define TCR_FP_MASK (0x3 << TCR_FP_SHIFT)
-#define TCR_FIE (1 << 23) /* Fixed-Interval Timer Interrupt Enable */
-#define TCR_ARE (1 << 22) /* Auto-Reload Enable */
-
-/* Timer Control Register (e500 specific fields) */
-
-#define TCR_E500_FPEXT_SHIFT 13 /* Fixed-Interval Timer Period Extension */
-#define TCR_E500_FPEXT_MASK (0xf << TCR_E500_FPEXT_SHIFT)
-#define TCR_E500_WPEXT_SHIFT 17 /* Watchdog Timer Period Extension */
-#define TCR_E500_WPEXT_MASK (0xf << TCR_E500_WPEXT_SHIFT)
-
-/* Timer Status Register */
-
-#define TSR_FIS (1 << 26) /* Fixed-Interval Timer Interrupt Status */
-#define TSR_DIS (1 << 27) /* Decrementer Interrupt Status */
-#define TSR_WRS_SHIFT 28 /* Watchdog Timer Reset Status */
-#define TSR_WRS_MASK (0x3 << TSR_WRS_SHIFT)
-#define TSR_WIS (1 << 30) /* Watchdog Timer Interrupt Status */
-#define TSR_ENW (1 << 31) /* Enable Next Watchdog Timer */
-
-typedef struct booke_timer_t booke_timer_t;
-struct booke_timer_t {
-
- uint64_t fit_next;
- struct QEMUTimer *fit_timer;
-
- uint64_t wdt_next;
- struct QEMUTimer *wdt_timer;
-
- uint32_t flags;
-};
-
-static void booke_update_irq(CPUPPCState *env)
-{
- ppc_set_irq(env, PPC_INTERRUPT_DECR,
- (env->spr[SPR_BOOKE_TSR] & TSR_DIS
- && env->spr[SPR_BOOKE_TCR] & TCR_DIE));
-
- ppc_set_irq(env, PPC_INTERRUPT_WDT,
- (env->spr[SPR_BOOKE_TSR] & TSR_WIS
- && env->spr[SPR_BOOKE_TCR] & TCR_WIE));
-
- ppc_set_irq(env, PPC_INTERRUPT_FIT,
- (env->spr[SPR_BOOKE_TSR] & TSR_FIS
- && env->spr[SPR_BOOKE_TCR] & TCR_FIE));
-}
-
-/* Return the location of the bit of time base at which the FIT will raise an
- interrupt */
-static uint8_t booke_get_fit_target(CPUPPCState *env, ppc_tb_t *tb_env)
-{
- uint8_t fp = (env->spr[SPR_BOOKE_TCR] & TCR_FP_MASK) >> TCR_FP_SHIFT;
-
- if (tb_env->flags & PPC_TIMER_E500) {
- /* e500 Fixed-interval timer period extension */
- uint32_t fpext = (env->spr[SPR_BOOKE_TCR] & TCR_E500_FPEXT_MASK)
- >> TCR_E500_FPEXT_SHIFT;
- fp = 63 - (fp | fpext << 2);
- } else {
- fp = env->fit_period[fp];
- }
-
- return fp;
-}
-
-/* Return the location of the bit of time base at which the WDT will raise an
- interrupt */
-static uint8_t booke_get_wdt_target(CPUPPCState *env, ppc_tb_t *tb_env)
-{
- uint8_t wp = (env->spr[SPR_BOOKE_TCR] & TCR_WP_MASK) >> TCR_WP_SHIFT;
-
- if (tb_env->flags & PPC_TIMER_E500) {
- /* e500 Watchdog timer period extension */
- uint32_t wpext = (env->spr[SPR_BOOKE_TCR] & TCR_E500_WPEXT_MASK)
- >> TCR_E500_WPEXT_SHIFT;
- wp = 63 - (wp | wpext << 2);
- } else {
- wp = env->wdt_period[wp];
- }
-
- return wp;
-}
-
-static void booke_update_fixed_timer(CPUPPCState *env,
- uint8_t target_bit,
- uint64_t *next,
- struct QEMUTimer *timer)
-{
- ppc_tb_t *tb_env = env->tb_env;
- uint64_t lapse;
- uint64_t tb;
- uint64_t period = 1 << (target_bit + 1);
- uint64_t now;
-
- now = qemu_get_clock_ns(vm_clock);
- tb = cpu_ppc_get_tb(tb_env, now, tb_env->tb_offset);
-
- lapse = period - ((tb - (1 << target_bit)) & (period - 1));
-
- *next = now + muldiv64(lapse, get_ticks_per_sec(), tb_env->tb_freq);
-
- /* XXX: If expire time is now. We can't run the callback because we don't
- * have access to it. So we just set the timer one nanosecond later.
- */
-
- if (*next == now) {
- (*next)++;
- }
-
- qemu_mod_timer(timer, *next);
-}
-
-static void booke_decr_cb(void *opaque)
-{
- CPUPPCState *env = opaque;
-
- env->spr[SPR_BOOKE_TSR] |= TSR_DIS;
- booke_update_irq(env);
-
- if (env->spr[SPR_BOOKE_TCR] & TCR_ARE) {
- /* Auto Reload */
- cpu_ppc_store_decr(env, env->spr[SPR_BOOKE_DECAR]);
- }
-}
-
-static void booke_fit_cb(void *opaque)
-{
- CPUPPCState *env;
- ppc_tb_t *tb_env;
- booke_timer_t *booke_timer;
-
- env = opaque;
- tb_env = env->tb_env;
- booke_timer = tb_env->opaque;
- env->spr[SPR_BOOKE_TSR] |= TSR_FIS;
-
- booke_update_irq(env);
-
- booke_update_fixed_timer(env,
- booke_get_fit_target(env, tb_env),
- &booke_timer->fit_next,
- booke_timer->fit_timer);
-}
-
-static void booke_wdt_cb(void *opaque)
-{
- CPUPPCState *env;
- ppc_tb_t *tb_env;
- booke_timer_t *booke_timer;
-
- env = opaque;
- tb_env = env->tb_env;
- booke_timer = tb_env->opaque;
-
- /* TODO: There's lots of complicated stuff to do here */
-
- booke_update_irq(env);
-
- booke_update_fixed_timer(env,
- booke_get_wdt_target(env, tb_env),
- &booke_timer->wdt_next,
- booke_timer->wdt_timer);
-}
-
-void store_booke_tsr(CPUPPCState *env, target_ulong val)
-{
- env->spr[SPR_BOOKE_TSR] &= ~val;
- booke_update_irq(env);
-}
-
-void store_booke_tcr(CPUPPCState *env, target_ulong val)
-{
- ppc_tb_t *tb_env = env->tb_env;
- booke_timer_t *booke_timer = tb_env->opaque;
-
- tb_env = env->tb_env;
- env->spr[SPR_BOOKE_TCR] = val;
-
- booke_update_irq(env);
-
- booke_update_fixed_timer(env,
- booke_get_fit_target(env, tb_env),
- &booke_timer->fit_next,
- booke_timer->fit_timer);
-
- booke_update_fixed_timer(env,
- booke_get_wdt_target(env, tb_env),
- &booke_timer->wdt_next,
- booke_timer->wdt_timer);
-
-}
-
-void ppc_booke_timers_init(CPUPPCState *env, uint32_t freq, uint32_t flags)
-{
- ppc_tb_t *tb_env;
- booke_timer_t *booke_timer;
-
- tb_env = g_malloc0(sizeof(ppc_tb_t));
- booke_timer = g_malloc0(sizeof(booke_timer_t));
-
- env->tb_env = tb_env;
- tb_env->flags = flags | PPC_TIMER_BOOKE | PPC_DECR_ZERO_TRIGGERED;
-
- tb_env->tb_freq = freq;
- tb_env->decr_freq = freq;
- tb_env->opaque = booke_timer;
- tb_env->decr_timer = qemu_new_timer_ns(vm_clock, &booke_decr_cb, env);
-
- booke_timer->fit_timer =
- qemu_new_timer_ns(vm_clock, &booke_fit_cb, env);
- booke_timer->wdt_timer =
- qemu_new_timer_ns(vm_clock, &booke_wdt_cb, env);
-}
diff --git a/hw/ppc_mac.h b/hw/ppc_mac.h
deleted file mode 100644
index 524b2368a..000000000
--- a/hw/ppc_mac.h
+++ /dev/null
@@ -1,81 +0,0 @@
-/*
- * QEMU PowerMac emulation shared definitions and prototypes
- *
- * Copyright (c) 2004-2007 Fabrice Bellard
- * Copyright (c) 2007 Jocelyn Mayer
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
- * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
- * THE SOFTWARE.
- */
-#if !defined(__PPC_MAC_H__)
-#define __PPC_MAC_H__
-
-#include "memory.h"
-
-/* SMP is not enabled, for now */
-#define MAX_CPUS 1
-
-#define BIOS_SIZE (1024 * 1024)
-#define BIOS_FILENAME "ppc_rom.bin"
-#define NVRAM_SIZE 0x2000
-#define PROM_FILENAME "openbios-ppc"
-#define PROM_ADDR 0xfff00000
-
-#define KERNEL_LOAD_ADDR 0x01000000
-#define KERNEL_GAP 0x00100000
-
-#define ESCC_CLOCK 3686400
-
-/* Cuda */
-void cuda_init (MemoryRegion **cuda_mem, qemu_irq irq);
-
-/* MacIO */
-void macio_init (PCIBus *bus, int device_id, int is_oldworld,
- MemoryRegion *pic_mem, MemoryRegion *dbdma_mem,
- MemoryRegion *cuda_mem, void *nvram,
- int nb_ide, MemoryRegion **ide_mem, MemoryRegion *escc_mem);
-
-/* Heathrow PIC */
-qemu_irq *heathrow_pic_init(MemoryRegion **pmem,
- int nb_cpus, qemu_irq **irqs);
-
-/* Grackle PCI */
-#define TYPE_GRACKLE_PCI_HOST_BRIDGE "grackle-pcihost"
-PCIBus *pci_grackle_init(uint32_t base, qemu_irq *pic,
- MemoryRegion *address_space_mem,
- MemoryRegion *address_space_io);
-
-/* UniNorth PCI */
-PCIBus *pci_pmac_init(qemu_irq *pic,
- MemoryRegion *address_space_mem,
- MemoryRegion *address_space_io);
-PCIBus *pci_pmac_u3_init(qemu_irq *pic,
- MemoryRegion *address_space_mem,
- MemoryRegion *address_space_io);
-
-/* Mac NVRAM */
-typedef struct MacIONVRAMState MacIONVRAMState;
-
-MacIONVRAMState *macio_nvram_init (hwaddr size,
- unsigned int it_shift);
-void macio_nvram_setup_bar(MacIONVRAMState *s, MemoryRegion *bar,
- hwaddr mem_base);
-void pmac_format_nvram_partition (MacIONVRAMState *nvr, int len);
-uint32_t macio_nvram_read (void *opaque, uint32_t addr);
-void macio_nvram_write (void *opaque, uint32_t addr, uint32_t val);
-#endif /* !defined(__PPC_MAC_H__) */
diff --git a/hw/ppc_newworld.c b/hw/ppc_newworld.c
deleted file mode 100644
index 664747ead..000000000
--- a/hw/ppc_newworld.c
+++ /dev/null
@@ -1,431 +0,0 @@
-/*
- * QEMU PowerPC CHRP (currently NewWorld PowerMac) hardware System Emulator
- *
- * Copyright (c) 2004-2007 Fabrice Bellard
- * Copyright (c) 2007 Jocelyn Mayer
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
- * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
- * THE SOFTWARE.
- *
- * PCI bus layout on a real G5 (U3 based):
- *
- * 0000:f0:0b.0 Host bridge [0600]: Apple Computer Inc. U3 AGP [106b:004b]
- * 0000:f0:10.0 VGA compatible controller [0300]: ATI Technologies Inc RV350 AP [Radeon 9600] [1002:4150]
- * 0001:00:00.0 Host bridge [0600]: Apple Computer Inc. CPC945 HT Bridge [106b:004a]
- * 0001:00:01.0 PCI bridge [0604]: Advanced Micro Devices [AMD] AMD-8131 PCI-X Bridge [1022:7450] (rev 12)
- * 0001:00:02.0 PCI bridge [0604]: Advanced Micro Devices [AMD] AMD-8131 PCI-X Bridge [1022:7450] (rev 12)
- * 0001:00:03.0 PCI bridge [0604]: Apple Computer Inc. K2 HT-PCI Bridge [106b:0045]
- * 0001:00:04.0 PCI bridge [0604]: Apple Computer Inc. K2 HT-PCI Bridge [106b:0046]
- * 0001:00:05.0 PCI bridge [0604]: Apple Computer Inc. K2 HT-PCI Bridge [106b:0047]
- * 0001:00:06.0 PCI bridge [0604]: Apple Computer Inc. K2 HT-PCI Bridge [106b:0048]
- * 0001:00:07.0 PCI bridge [0604]: Apple Computer Inc. K2 HT-PCI Bridge [106b:0049]
- * 0001:01:07.0 Class [ff00]: Apple Computer Inc. K2 KeyLargo Mac/IO [106b:0041] (rev 20)
- * 0001:01:08.0 USB Controller [0c03]: Apple Computer Inc. K2 KeyLargo USB [106b:0040]
- * 0001:01:09.0 USB Controller [0c03]: Apple Computer Inc. K2 KeyLargo USB [106b:0040]
- * 0001:02:0b.0 USB Controller [0c03]: NEC Corporation USB [1033:0035] (rev 43)
- * 0001:02:0b.1 USB Controller [0c03]: NEC Corporation USB [1033:0035] (rev 43)
- * 0001:02:0b.2 USB Controller [0c03]: NEC Corporation USB 2.0 [1033:00e0] (rev 04)
- * 0001:03:0d.0 Class [ff00]: Apple Computer Inc. K2 ATA/100 [106b:0043]
- * 0001:03:0e.0 FireWire (IEEE 1394) [0c00]: Apple Computer Inc. K2 FireWire [106b:0042]
- * 0001:04:0f.0 Ethernet controller [0200]: Apple Computer Inc. K2 GMAC (Sun GEM) [106b:004c]
- * 0001:05:0c.0 IDE interface [0101]: Broadcom K2 SATA [1166:0240]
- *
- */
-#include "hw.h"
-#include "ppc.h"
-#include "ppc_mac.h"
-#include "adb.h"
-#include "mac_dbdma.h"
-#include "nvram.h"
-#include "pci.h"
-#include "net.h"
-#include "sysemu.h"
-#include "boards.h"
-#include "fw_cfg.h"
-#include "escc.h"
-#include "openpic.h"
-#include "ide.h"
-#include "loader.h"
-#include "elf.h"
-#include "kvm.h"
-#include "kvm_ppc.h"
-#include "hw/usb.h"
-#include "blockdev.h"
-#include "exec-memory.h"
-
-#define MAX_IDE_BUS 2
-#define CFG_ADDR 0xf0000510
-
-/* debug UniNorth */
-//#define DEBUG_UNIN
-
-#ifdef DEBUG_UNIN
-#define UNIN_DPRINTF(fmt, ...) \
- do { printf("UNIN: " fmt , ## __VA_ARGS__); } while (0)
-#else
-#define UNIN_DPRINTF(fmt, ...)
-#endif
-
-/* UniN device */
-static void unin_write(void *opaque, hwaddr addr, uint64_t value,
- unsigned size)
-{
- UNIN_DPRINTF("write addr " TARGET_FMT_plx " val %"PRIx64"\n", addr, value);
-}
-
-static uint64_t unin_read(void *opaque, hwaddr addr, unsigned size)
-{
- uint32_t value;
-
- value = 0;
- UNIN_DPRINTF("readl addr " TARGET_FMT_plx " val %x\n", addr, value);
-
- return value;
-}
-
-static const MemoryRegionOps unin_ops = {
- .read = unin_read,
- .write = unin_write,
- .endianness = DEVICE_NATIVE_ENDIAN,
-};
-
-static int fw_cfg_boot_set(void *opaque, const char *boot_device)
-{
- fw_cfg_add_i16(opaque, FW_CFG_BOOT_DEVICE, boot_device[0]);
- return 0;
-}
-
-static uint64_t translate_kernel_address(void *opaque, uint64_t addr)
-{
- return (addr & 0x0fffffff) + KERNEL_LOAD_ADDR;
-}
-
-static hwaddr round_page(hwaddr addr)
-{
- return (addr + TARGET_PAGE_SIZE - 1) & TARGET_PAGE_MASK;
-}
-
-static void ppc_core99_reset(void *opaque)
-{
- PowerPCCPU *cpu = opaque;
-
- cpu_reset(CPU(cpu));
-}
-
-/* PowerPC Mac99 hardware initialisation */
-static void ppc_core99_init(QEMUMachineInitArgs *args)
-{
- ram_addr_t ram_size = args->ram_size;
- const char *cpu_model = args->cpu_model;
- const char *kernel_filename = args->kernel_filename;
- const char *kernel_cmdline = args->kernel_cmdline;
- const char *initrd_filename = args->initrd_filename;
- const char *boot_device = args->boot_device;
- PowerPCCPU *cpu = NULL;
- CPUPPCState *env = NULL;
- char *filename;
- qemu_irq *pic, **openpic_irqs;
- MemoryRegion *unin_memory = g_new(MemoryRegion, 1);
- int linux_boot, i;
- MemoryRegion *ram = g_new(MemoryRegion, 1), *bios = g_new(MemoryRegion, 1);
- hwaddr kernel_base, initrd_base, cmdline_base = 0;
- long kernel_size, initrd_size;
- PCIBus *pci_bus;
- MacIONVRAMState *nvr;
- int bios_size;
- MemoryRegion *pic_mem, *dbdma_mem, *cuda_mem, *escc_mem;
- MemoryRegion *escc_bar = g_new(MemoryRegion, 1);
- MemoryRegion *ide_mem[3];
- int ppc_boot_device;
- DriveInfo *hd[MAX_IDE_BUS * MAX_IDE_DEVS];
- void *fw_cfg;
- void *dbdma;
- int machine_arch;
-
- linux_boot = (kernel_filename != NULL);
-
- /* init CPUs */
- if (cpu_model == NULL)
-#ifdef TARGET_PPC64
- cpu_model = "970fx";
-#else
- cpu_model = "G4";
-#endif
- for (i = 0; i < smp_cpus; i++) {
- cpu = cpu_ppc_init(cpu_model);
- if (cpu == NULL) {
- fprintf(stderr, "Unable to find PowerPC CPU definition\n");
- exit(1);
- }
- env = &cpu->env;
-
- /* Set time-base frequency to 100 Mhz */
- cpu_ppc_tb_init(env, 100UL * 1000UL * 1000UL);
- qemu_register_reset(ppc_core99_reset, cpu);
- }
-
- /* allocate RAM */
- memory_region_init_ram(ram, "ppc_core99.ram", ram_size);
- vmstate_register_ram_global(ram);
- memory_region_add_subregion(get_system_memory(), 0, ram);
-
- /* allocate and load BIOS */
- memory_region_init_ram(bios, "ppc_core99.bios", BIOS_SIZE);
- vmstate_register_ram_global(bios);
- if (bios_name == NULL)
- bios_name = PROM_FILENAME;
- filename = qemu_find_file(QEMU_FILE_TYPE_BIOS, bios_name);
- memory_region_set_readonly(bios, true);
- memory_region_add_subregion(get_system_memory(), PROM_ADDR, bios);
-
- /* Load OpenBIOS (ELF) */
- if (filename) {
- bios_size = load_elf(filename, NULL, NULL, NULL,
- NULL, NULL, 1, ELF_MACHINE, 0);
-
- g_free(filename);
- } else {
- bios_size = -1;
- }
- if (bios_size < 0 || bios_size > BIOS_SIZE) {
- hw_error("qemu: could not load PowerPC bios '%s'\n", bios_name);
- exit(1);
- }
-
- if (linux_boot) {
- uint64_t lowaddr = 0;
- int bswap_needed;
-
-#ifdef BSWAP_NEEDED
- bswap_needed = 1;
-#else
- bswap_needed = 0;
-#endif
- kernel_base = KERNEL_LOAD_ADDR;
-
- kernel_size = load_elf(kernel_filename, translate_kernel_address, NULL,
- NULL, &lowaddr, NULL, 1, ELF_MACHINE, 0);
- if (kernel_size < 0)
- kernel_size = load_aout(kernel_filename, kernel_base,
- ram_size - kernel_base, bswap_needed,
- TARGET_PAGE_SIZE);
- if (kernel_size < 0)
- kernel_size = load_image_targphys(kernel_filename,
- kernel_base,
- ram_size - kernel_base);
- if (kernel_size < 0) {
- hw_error("qemu: could not load kernel '%s'\n", kernel_filename);
- exit(1);
- }
- /* load initrd */
- if (initrd_filename) {
- initrd_base = round_page(kernel_base + kernel_size + KERNEL_GAP);
- initrd_size = load_image_targphys(initrd_filename, initrd_base,
- ram_size - initrd_base);
- if (initrd_size < 0) {
- hw_error("qemu: could not load initial ram disk '%s'\n",
- initrd_filename);
- exit(1);
- }
- cmdline_base = round_page(initrd_base + initrd_size);
- } else {
- initrd_base = 0;
- initrd_size = 0;
- cmdline_base = round_page(kernel_base + kernel_size + KERNEL_GAP);
- }
- ppc_boot_device = 'm';
- } else {
- kernel_base = 0;
- kernel_size = 0;
- initrd_base = 0;
- initrd_size = 0;
- ppc_boot_device = '\0';
- /* We consider that NewWorld PowerMac never have any floppy drive
- * For now, OHW cannot boot from the network.
- */
- for (i = 0; boot_device[i] != '\0'; i++) {
- if (boot_device[i] >= 'c' && boot_device[i] <= 'f') {
- ppc_boot_device = boot_device[i];
- break;
- }
- }
- if (ppc_boot_device == '\0') {
- fprintf(stderr, "No valid boot device for Mac99 machine\n");
- exit(1);
- }
- }
-
- /* Register 8 MB of ISA IO space */
- isa_mmio_init(0xf2000000, 0x00800000);
-
- /* UniN init */
- memory_region_init_io(unin_memory, &unin_ops, NULL, "unin", 0x1000);
- memory_region_add_subregion(get_system_memory(), 0xf8000000, unin_memory);
-
- openpic_irqs = g_malloc0(smp_cpus * sizeof(qemu_irq *));
- openpic_irqs[0] =
- g_malloc0(smp_cpus * sizeof(qemu_irq) * OPENPIC_OUTPUT_NB);
- for (i = 0; i < smp_cpus; i++) {
- /* Mac99 IRQ connection between OpenPIC outputs pins
- * and PowerPC input pins
- */
- switch (PPC_INPUT(env)) {
- case PPC_FLAGS_INPUT_6xx:
- openpic_irqs[i] = openpic_irqs[0] + (i * OPENPIC_OUTPUT_NB);
- openpic_irqs[i][OPENPIC_OUTPUT_INT] =
- ((qemu_irq *)env->irq_inputs)[PPC6xx_INPUT_INT];
- openpic_irqs[i][OPENPIC_OUTPUT_CINT] =
- ((qemu_irq *)env->irq_inputs)[PPC6xx_INPUT_INT];
- openpic_irqs[i][OPENPIC_OUTPUT_MCK] =
- ((qemu_irq *)env->irq_inputs)[PPC6xx_INPUT_MCP];
- /* Not connected ? */
- openpic_irqs[i][OPENPIC_OUTPUT_DEBUG] = NULL;
- /* Check this */
- openpic_irqs[i][OPENPIC_OUTPUT_RESET] =
- ((qemu_irq *)env->irq_inputs)[PPC6xx_INPUT_HRESET];
- break;
-#if defined(TARGET_PPC64)
- case PPC_FLAGS_INPUT_970:
- openpic_irqs[i] = openpic_irqs[0] + (i * OPENPIC_OUTPUT_NB);
- openpic_irqs[i][OPENPIC_OUTPUT_INT] =
- ((qemu_irq *)env->irq_inputs)[PPC970_INPUT_INT];
- openpic_irqs[i][OPENPIC_OUTPUT_CINT] =
- ((qemu_irq *)env->irq_inputs)[PPC970_INPUT_INT];
- openpic_irqs[i][OPENPIC_OUTPUT_MCK] =
- ((qemu_irq *)env->irq_inputs)[PPC970_INPUT_MCP];
- /* Not connected ? */
- openpic_irqs[i][OPENPIC_OUTPUT_DEBUG] = NULL;
- /* Check this */
- openpic_irqs[i][OPENPIC_OUTPUT_RESET] =
- ((qemu_irq *)env->irq_inputs)[PPC970_INPUT_HRESET];
- break;
-#endif /* defined(TARGET_PPC64) */
- default:
- hw_error("Bus model not supported on mac99 machine\n");
- exit(1);
- }
- }
- pic = openpic_init(&pic_mem, smp_cpus, openpic_irqs, NULL);
- if (PPC_INPUT(env) == PPC_FLAGS_INPUT_970) {
- /* 970 gets a U3 bus */
- pci_bus = pci_pmac_u3_init(pic, get_system_memory(), get_system_io());
- machine_arch = ARCH_MAC99_U3;
- } else {
- pci_bus = pci_pmac_init(pic, get_system_memory(), get_system_io());
- machine_arch = ARCH_MAC99;
- }
- /* init basic PC hardware */
- pci_vga_init(pci_bus);
-
- escc_mem = escc_init(0, pic[0x25], pic[0x24],
- serial_hds[0], serial_hds[1], ESCC_CLOCK, 4);
- memory_region_init_alias(escc_bar, "escc-bar",
- escc_mem, 0, memory_region_size(escc_mem));
-
- for(i = 0; i < nb_nics; i++)
- pci_nic_init_nofail(&nd_table[i], "ne2k_pci", NULL);
-
- ide_drive_get(hd, MAX_IDE_BUS);
- dbdma = DBDMA_init(&dbdma_mem);
-
- /* We only emulate 2 out of 3 IDE controllers for now */
- ide_mem[0] = NULL;
- ide_mem[1] = pmac_ide_init(hd, pic[0x0d], dbdma, 0x16, pic[0x02]);
- ide_mem[2] = pmac_ide_init(&hd[MAX_IDE_DEVS], pic[0x0e], dbdma, 0x1a, pic[0x02]);
-
- cuda_init(&cuda_mem, pic[0x19]);
-
- adb_kbd_init(&adb_bus);
- adb_mouse_init(&adb_bus);
-
- macio_init(pci_bus, PCI_DEVICE_ID_APPLE_UNI_N_KEYL, 0, pic_mem,
- dbdma_mem, cuda_mem, NULL, 3, ide_mem, escc_bar);
-
- if (usb_enabled(machine_arch == ARCH_MAC99_U3)) {
- pci_create_simple(pci_bus, -1, "pci-ohci");
- /* U3 needs to use USB for input because Linux doesn't support via-cuda
- on PPC64 */
- if (machine_arch == ARCH_MAC99_U3) {
- usbdevice_create("keyboard");
- usbdevice_create("mouse");
- }
- }
-
- if (graphic_depth != 15 && graphic_depth != 32 && graphic_depth != 8)
- graphic_depth = 15;
-
- /* The NewWorld NVRAM is not located in the MacIO device */
- nvr = macio_nvram_init(0x2000, 1);
- pmac_format_nvram_partition(nvr, 0x2000);
- macio_nvram_setup_bar(nvr, get_system_memory(), 0xFFF04000);
- /* No PCI init: the BIOS will do it */
-
- fw_cfg = fw_cfg_init(0, 0, CFG_ADDR, CFG_ADDR + 2);
- fw_cfg_add_i32(fw_cfg, FW_CFG_ID, 1);
- fw_cfg_add_i64(fw_cfg, FW_CFG_RAM_SIZE, (uint64_t)ram_size);
- fw_cfg_add_i16(fw_cfg, FW_CFG_MACHINE_ID, machine_arch);
- fw_cfg_add_i32(fw_cfg, FW_CFG_KERNEL_ADDR, kernel_base);
- fw_cfg_add_i32(fw_cfg, FW_CFG_KERNEL_SIZE, kernel_size);
- if (kernel_cmdline) {
- fw_cfg_add_i32(fw_cfg, FW_CFG_KERNEL_CMDLINE, cmdline_base);
- pstrcpy_targphys("cmdline", cmdline_base, TARGET_PAGE_SIZE, kernel_cmdline);
- } else {
- fw_cfg_add_i32(fw_cfg, FW_CFG_KERNEL_CMDLINE, 0);
- }
- fw_cfg_add_i32(fw_cfg, FW_CFG_INITRD_ADDR, initrd_base);
- fw_cfg_add_i32(fw_cfg, FW_CFG_INITRD_SIZE, initrd_size);
- fw_cfg_add_i16(fw_cfg, FW_CFG_BOOT_DEVICE, ppc_boot_device);
-
- fw_cfg_add_i16(fw_cfg, FW_CFG_PPC_WIDTH, graphic_width);
- fw_cfg_add_i16(fw_cfg, FW_CFG_PPC_HEIGHT, graphic_height);
- fw_cfg_add_i16(fw_cfg, FW_CFG_PPC_DEPTH, graphic_depth);
-
- fw_cfg_add_i32(fw_cfg, FW_CFG_PPC_IS_KVM, kvm_enabled());
- if (kvm_enabled()) {
-#ifdef CONFIG_KVM
- uint8_t *hypercall;
-
- fw_cfg_add_i32(fw_cfg, FW_CFG_PPC_TBFREQ, kvmppc_get_tbfreq());
- hypercall = g_malloc(16);
- kvmppc_get_hypercall(env, hypercall, 16);
- fw_cfg_add_bytes(fw_cfg, FW_CFG_PPC_KVM_HC, hypercall, 16);
- fw_cfg_add_i32(fw_cfg, FW_CFG_PPC_KVM_PID, getpid());
-#endif
- } else {
- fw_cfg_add_i32(fw_cfg, FW_CFG_PPC_TBFREQ, get_ticks_per_sec());
- }
-
- qemu_register_boot_set(fw_cfg_boot_set, fw_cfg);
-}
-
-static QEMUMachine core99_machine = {
- .name = "mac99",
- .desc = "Mac99 based PowerMAC",
- .init = ppc_core99_init,
- .max_cpus = MAX_CPUS,
-#ifdef TARGET_PPC64
- .is_default = 1,
-#endif
-};
-
-static void core99_machine_init(void)
-{
- qemu_register_machine(&core99_machine);
-}
-
-machine_init(core99_machine_init);
diff --git a/hw/ppc_oldworld.c b/hw/ppc_oldworld.c
deleted file mode 100644
index e8138c091..000000000
--- a/hw/ppc_oldworld.c
+++ /dev/null
@@ -1,351 +0,0 @@
-
-/*
- * QEMU OldWorld PowerMac (currently ~G3 Beige) hardware System Emulator
- *
- * Copyright (c) 2004-2007 Fabrice Bellard
- * Copyright (c) 2007 Jocelyn Mayer
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
- * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
- * THE SOFTWARE.
- */
-#include "hw.h"
-#include "ppc.h"
-#include "ppc_mac.h"
-#include "adb.h"
-#include "mac_dbdma.h"
-#include "nvram.h"
-#include "sysemu.h"
-#include "net.h"
-#include "isa.h"
-#include "pci.h"
-#include "boards.h"
-#include "fw_cfg.h"
-#include "escc.h"
-#include "ide.h"
-#include "loader.h"
-#include "elf.h"
-#include "kvm.h"
-#include "kvm_ppc.h"
-#include "blockdev.h"
-#include "exec-memory.h"
-
-#define MAX_IDE_BUS 2
-#define CFG_ADDR 0xf0000510
-
-static int fw_cfg_boot_set(void *opaque, const char *boot_device)
-{
- fw_cfg_add_i16(opaque, FW_CFG_BOOT_DEVICE, boot_device[0]);
- return 0;
-}
-
-
-static uint64_t translate_kernel_address(void *opaque, uint64_t addr)
-{
- return (addr & 0x0fffffff) + KERNEL_LOAD_ADDR;
-}
-
-static hwaddr round_page(hwaddr addr)
-{
- return (addr + TARGET_PAGE_SIZE - 1) & TARGET_PAGE_MASK;
-}
-
-static void ppc_heathrow_reset(void *opaque)
-{
- PowerPCCPU *cpu = opaque;
-
- cpu_reset(CPU(cpu));
-}
-
-static void ppc_heathrow_init(QEMUMachineInitArgs *args)
-{
- ram_addr_t ram_size = args->ram_size;
- const char *cpu_model = args->cpu_model;
- const char *kernel_filename = args->kernel_filename;
- const char *kernel_cmdline = args->kernel_cmdline;
- const char *initrd_filename = args->initrd_filename;
- const char *boot_device = args->boot_device;
- MemoryRegion *sysmem = get_system_memory();
- PowerPCCPU *cpu = NULL;
- CPUPPCState *env = NULL;
- char *filename;
- qemu_irq *pic, **heathrow_irqs;
- int linux_boot, i;
- MemoryRegion *ram = g_new(MemoryRegion, 1);
- MemoryRegion *bios = g_new(MemoryRegion, 1);
- uint32_t kernel_base, initrd_base, cmdline_base = 0;
- int32_t kernel_size, initrd_size;
- PCIBus *pci_bus;
- MacIONVRAMState *nvr;
- int bios_size;
- MemoryRegion *pic_mem, *dbdma_mem, *cuda_mem;
- MemoryRegion *escc_mem, *escc_bar = g_new(MemoryRegion, 1), *ide_mem[2];
- uint16_t ppc_boot_device;
- DriveInfo *hd[MAX_IDE_BUS * MAX_IDE_DEVS];
- void *fw_cfg;
- void *dbdma;
-
- linux_boot = (kernel_filename != NULL);
-
- /* init CPUs */
- if (cpu_model == NULL)
- cpu_model = "G3";
- for (i = 0; i < smp_cpus; i++) {
- cpu = cpu_ppc_init(cpu_model);
- if (cpu == NULL) {
- fprintf(stderr, "Unable to find PowerPC CPU definition\n");
- exit(1);
- }
- env = &cpu->env;
-
- /* Set time-base frequency to 16.6 Mhz */
- cpu_ppc_tb_init(env, 16600000UL);
- qemu_register_reset(ppc_heathrow_reset, cpu);
- }
-
- /* allocate RAM */
- if (ram_size > (2047 << 20)) {
- fprintf(stderr,
- "qemu: Too much memory for this machine: %d MB, maximum 2047 MB\n",
- ((unsigned int)ram_size / (1 << 20)));
- exit(1);
- }
-
- memory_region_init_ram(ram, "ppc_heathrow.ram", ram_size);
- vmstate_register_ram_global(ram);
- memory_region_add_subregion(sysmem, 0, ram);
-
- /* allocate and load BIOS */
- memory_region_init_ram(bios, "ppc_heathrow.bios", BIOS_SIZE);
- vmstate_register_ram_global(bios);
- if (bios_name == NULL)
- bios_name = PROM_FILENAME;
- filename = qemu_find_file(QEMU_FILE_TYPE_BIOS, bios_name);
- memory_region_set_readonly(bios, true);
- memory_region_add_subregion(sysmem, PROM_ADDR, bios);
-
- /* Load OpenBIOS (ELF) */
- if (filename) {
- bios_size = load_elf(filename, 0, NULL, NULL, NULL, NULL,
- 1, ELF_MACHINE, 0);
- g_free(filename);
- } else {
- bios_size = -1;
- }
- if (bios_size < 0 || bios_size > BIOS_SIZE) {
- hw_error("qemu: could not load PowerPC bios '%s'\n", bios_name);
- exit(1);
- }
-
- if (linux_boot) {
- uint64_t lowaddr = 0;
- int bswap_needed;
-
-#ifdef BSWAP_NEEDED
- bswap_needed = 1;
-#else
- bswap_needed = 0;
-#endif
- kernel_base = KERNEL_LOAD_ADDR;
- kernel_size = load_elf(kernel_filename, translate_kernel_address, NULL,
- NULL, &lowaddr, NULL, 1, ELF_MACHINE, 0);
- if (kernel_size < 0)
- kernel_size = load_aout(kernel_filename, kernel_base,
- ram_size - kernel_base, bswap_needed,
- TARGET_PAGE_SIZE);
- if (kernel_size < 0)
- kernel_size = load_image_targphys(kernel_filename,
- kernel_base,
- ram_size - kernel_base);
- if (kernel_size < 0) {
- hw_error("qemu: could not load kernel '%s'\n",
- kernel_filename);
- exit(1);
- }
- /* load initrd */
- if (initrd_filename) {
- initrd_base = round_page(kernel_base + kernel_size + KERNEL_GAP);
- initrd_size = load_image_targphys(initrd_filename, initrd_base,
- ram_size - initrd_base);
- if (initrd_size < 0) {
- hw_error("qemu: could not load initial ram disk '%s'\n",
- initrd_filename);
- exit(1);
- }
- cmdline_base = round_page(initrd_base + initrd_size);
- } else {
- initrd_base = 0;
- initrd_size = 0;
- cmdline_base = round_page(kernel_base + kernel_size + KERNEL_GAP);
- }
- ppc_boot_device = 'm';
- } else {
- kernel_base = 0;
- kernel_size = 0;
- initrd_base = 0;
- initrd_size = 0;
- ppc_boot_device = '\0';
- for (i = 0; boot_device[i] != '\0'; i++) {
- /* TOFIX: for now, the second IDE channel is not properly
- * used by OHW. The Mac floppy disk are not emulated.
- * For now, OHW cannot boot from the network.
- */
-#if 0
- if (boot_device[i] >= 'a' && boot_device[i] <= 'f') {
- ppc_boot_device = boot_device[i];
- break;
- }
-#else
- if (boot_device[i] >= 'c' && boot_device[i] <= 'd') {
- ppc_boot_device = boot_device[i];
- break;
- }
-#endif
- }
- if (ppc_boot_device == '\0') {
- fprintf(stderr, "No valid boot device for G3 Beige machine\n");
- exit(1);
- }
- }
-
- /* Register 2 MB of ISA IO space */
- isa_mmio_init(0xfe000000, 0x00200000);
-
- /* XXX: we register only 1 output pin for heathrow PIC */
- heathrow_irqs = g_malloc0(smp_cpus * sizeof(qemu_irq *));
- heathrow_irqs[0] =
- g_malloc0(smp_cpus * sizeof(qemu_irq) * 1);
- /* Connect the heathrow PIC outputs to the 6xx bus */
- for (i = 0; i < smp_cpus; i++) {
- switch (PPC_INPUT(env)) {
- case PPC_FLAGS_INPUT_6xx:
- heathrow_irqs[i] = heathrow_irqs[0] + (i * 1);
- heathrow_irqs[i][0] =
- ((qemu_irq *)env->irq_inputs)[PPC6xx_INPUT_INT];
- break;
- default:
- hw_error("Bus model not supported on OldWorld Mac machine\n");
- }
- }
-
- /* init basic PC hardware */
- if (PPC_INPUT(env) != PPC_FLAGS_INPUT_6xx) {
- hw_error("Only 6xx bus is supported on heathrow machine\n");
- }
- pic = heathrow_pic_init(&pic_mem, 1, heathrow_irqs);
- pci_bus = pci_grackle_init(0xfec00000, pic,
- get_system_memory(),
- get_system_io());
- pci_vga_init(pci_bus);
-
- escc_mem = escc_init(0, pic[0x0f], pic[0x10], serial_hds[0],
- serial_hds[1], ESCC_CLOCK, 4);
- memory_region_init_alias(escc_bar, "escc-bar",
- escc_mem, 0, memory_region_size(escc_mem));
-
- for(i = 0; i < nb_nics; i++)
- pci_nic_init_nofail(&nd_table[i], "ne2k_pci", NULL);
-
-
- ide_drive_get(hd, MAX_IDE_BUS);
-
- /* First IDE channel is a MAC IDE on the MacIO bus */
- dbdma = DBDMA_init(&dbdma_mem);
- ide_mem[0] = NULL;
- ide_mem[1] = pmac_ide_init(hd, pic[0x0D], dbdma, 0x16, pic[0x02]);
-
- /* Second IDE channel is a CMD646 on the PCI bus */
- hd[0] = hd[MAX_IDE_DEVS];
- hd[1] = hd[MAX_IDE_DEVS + 1];
- hd[3] = hd[2] = NULL;
- pci_cmd646_ide_init(pci_bus, hd, 0);
-
- /* cuda also initialize ADB */
- cuda_init(&cuda_mem, pic[0x12]);
-
- adb_kbd_init(&adb_bus);
- adb_mouse_init(&adb_bus);
-
- nvr = macio_nvram_init(0x2000, 4);
- pmac_format_nvram_partition(nvr, 0x2000);
-
- macio_init(pci_bus, PCI_DEVICE_ID_APPLE_343S1201, 1, pic_mem,
- dbdma_mem, cuda_mem, nvr, 2, ide_mem, escc_bar);
-
- if (usb_enabled(false)) {
- pci_create_simple(pci_bus, -1, "pci-ohci");
- }
-
- if (graphic_depth != 15 && graphic_depth != 32 && graphic_depth != 8)
- graphic_depth = 15;
-
- /* No PCI init: the BIOS will do it */
-
- fw_cfg = fw_cfg_init(0, 0, CFG_ADDR, CFG_ADDR + 2);
- fw_cfg_add_i32(fw_cfg, FW_CFG_ID, 1);
- fw_cfg_add_i64(fw_cfg, FW_CFG_RAM_SIZE, (uint64_t)ram_size);
- fw_cfg_add_i16(fw_cfg, FW_CFG_MACHINE_ID, ARCH_HEATHROW);
- fw_cfg_add_i32(fw_cfg, FW_CFG_KERNEL_ADDR, kernel_base);
- fw_cfg_add_i32(fw_cfg, FW_CFG_KERNEL_SIZE, kernel_size);
- if (kernel_cmdline) {
- fw_cfg_add_i32(fw_cfg, FW_CFG_KERNEL_CMDLINE, cmdline_base);
- pstrcpy_targphys("cmdline", cmdline_base, TARGET_PAGE_SIZE, kernel_cmdline);
- } else {
- fw_cfg_add_i32(fw_cfg, FW_CFG_KERNEL_CMDLINE, 0);
- }
- fw_cfg_add_i32(fw_cfg, FW_CFG_INITRD_ADDR, initrd_base);
- fw_cfg_add_i32(fw_cfg, FW_CFG_INITRD_SIZE, initrd_size);
- fw_cfg_add_i16(fw_cfg, FW_CFG_BOOT_DEVICE, ppc_boot_device);
-
- fw_cfg_add_i16(fw_cfg, FW_CFG_PPC_WIDTH, graphic_width);
- fw_cfg_add_i16(fw_cfg, FW_CFG_PPC_HEIGHT, graphic_height);
- fw_cfg_add_i16(fw_cfg, FW_CFG_PPC_DEPTH, graphic_depth);
-
- fw_cfg_add_i32(fw_cfg, FW_CFG_PPC_IS_KVM, kvm_enabled());
- if (kvm_enabled()) {
-#ifdef CONFIG_KVM
- uint8_t *hypercall;
-
- fw_cfg_add_i32(fw_cfg, FW_CFG_PPC_TBFREQ, kvmppc_get_tbfreq());
- hypercall = g_malloc(16);
- kvmppc_get_hypercall(env, hypercall, 16);
- fw_cfg_add_bytes(fw_cfg, FW_CFG_PPC_KVM_HC, hypercall, 16);
- fw_cfg_add_i32(fw_cfg, FW_CFG_PPC_KVM_PID, getpid());
-#endif
- } else {
- fw_cfg_add_i32(fw_cfg, FW_CFG_PPC_TBFREQ, get_ticks_per_sec());
- }
-
- qemu_register_boot_set(fw_cfg_boot_set, fw_cfg);
-}
-
-static QEMUMachine heathrow_machine = {
- .name = "g3beige",
- .desc = "Heathrow based PowerMAC",
- .init = ppc_heathrow_init,
- .max_cpus = MAX_CPUS,
-#ifndef TARGET_PPC64
- .is_default = 1,
-#endif
-};
-
-static void heathrow_machine_init(void)
-{
- qemu_register_machine(&heathrow_machine);
-}
-
-machine_init(heathrow_machine_init);
diff --git a/hw/ppc_prep.c b/hw/ppc_prep.c
deleted file mode 100644
index bf15730d8..000000000
--- a/hw/ppc_prep.c
+++ /dev/null
@@ -1,704 +0,0 @@
-/*
- * QEMU PPC PREP hardware System Emulator
- *
- * Copyright (c) 2003-2007 Jocelyn Mayer
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
- * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
- * THE SOFTWARE.
- */
-#include "hw.h"
-#include "nvram.h"
-#include "pc.h"
-#include "serial.h"
-#include "fdc.h"
-#include "net.h"
-#include "sysemu.h"
-#include "isa.h"
-#include "pci.h"
-#include "pci_host.h"
-#include "ppc.h"
-#include "boards.h"
-#include "qemu-log.h"
-#include "ide.h"
-#include "loader.h"
-#include "mc146818rtc.h"
-#include "blockdev.h"
-#include "arch_init.h"
-#include "exec-memory.h"
-
-//#define HARD_DEBUG_PPC_IO
-//#define DEBUG_PPC_IO
-
-/* SMP is not enabled, for now */
-#define MAX_CPUS 1
-
-#define MAX_IDE_BUS 2
-
-#define BIOS_SIZE (1024 * 1024)
-#define BIOS_FILENAME "ppc_rom.bin"
-#define KERNEL_LOAD_ADDR 0x01000000
-#define INITRD_LOAD_ADDR 0x01800000
-
-#if defined (HARD_DEBUG_PPC_IO) && !defined (DEBUG_PPC_IO)
-#define DEBUG_PPC_IO
-#endif
-
-#if defined (HARD_DEBUG_PPC_IO)
-#define PPC_IO_DPRINTF(fmt, ...) \
-do { \
- if (qemu_loglevel_mask(CPU_LOG_IOPORT)) { \
- qemu_log("%s: " fmt, __func__ , ## __VA_ARGS__); \
- } else { \
- printf("%s : " fmt, __func__ , ## __VA_ARGS__); \
- } \
-} while (0)
-#elif defined (DEBUG_PPC_IO)
-#define PPC_IO_DPRINTF(fmt, ...) \
-qemu_log_mask(CPU_LOG_IOPORT, fmt, ## __VA_ARGS__)
-#else
-#define PPC_IO_DPRINTF(fmt, ...) do { } while (0)
-#endif
-
-/* Constants for devices init */
-static const int ide_iobase[2] = { 0x1f0, 0x170 };
-static const int ide_iobase2[2] = { 0x3f6, 0x376 };
-static const int ide_irq[2] = { 13, 13 };
-
-#define NE2000_NB_MAX 6
-
-static uint32_t ne2000_io[NE2000_NB_MAX] = { 0x300, 0x320, 0x340, 0x360, 0x280, 0x380 };
-static int ne2000_irq[NE2000_NB_MAX] = { 9, 10, 11, 3, 4, 5 };
-
-/* ISA IO ports bridge */
-#define PPC_IO_BASE 0x80000000
-
-/* PowerPC control and status registers */
-#if 0 // Not used
-static struct {
- /* IDs */
- uint32_t veni_devi;
- uint32_t revi;
- /* Control and status */
- uint32_t gcsr;
- uint32_t xcfr;
- uint32_t ct32;
- uint32_t mcsr;
- /* General purpose registers */
- uint32_t gprg[6];
- /* Exceptions */
- uint32_t feen;
- uint32_t fest;
- uint32_t fema;
- uint32_t fecl;
- uint32_t eeen;
- uint32_t eest;
- uint32_t eecl;
- uint32_t eeint;
- uint32_t eemck0;
- uint32_t eemck1;
- /* Error diagnostic */
-} XCSR;
-
-static void PPC_XCSR_writeb (void *opaque,
- hwaddr addr, uint32_t value)
-{
- printf("%s: 0x" TARGET_FMT_plx " => 0x%08" PRIx32 "\n", __func__, addr,
- value);
-}
-
-static void PPC_XCSR_writew (void *opaque,
- hwaddr addr, uint32_t value)
-{
- printf("%s: 0x" TARGET_FMT_plx " => 0x%08" PRIx32 "\n", __func__, addr,
- value);
-}
-
-static void PPC_XCSR_writel (void *opaque,
- hwaddr addr, uint32_t value)
-{
- printf("%s: 0x" TARGET_FMT_plx " => 0x%08" PRIx32 "\n", __func__, addr,
- value);
-}
-
-static uint32_t PPC_XCSR_readb (void *opaque, hwaddr addr)
-{
- uint32_t retval = 0;
-
- printf("%s: 0x" TARGET_FMT_plx " <= %08" PRIx32 "\n", __func__, addr,
- retval);
-
- return retval;
-}
-
-static uint32_t PPC_XCSR_readw (void *opaque, hwaddr addr)
-{
- uint32_t retval = 0;
-
- printf("%s: 0x" TARGET_FMT_plx " <= %08" PRIx32 "\n", __func__, addr,
- retval);
-
- return retval;
-}
-
-static uint32_t PPC_XCSR_readl (void *opaque, hwaddr addr)
-{
- uint32_t retval = 0;
-
- printf("%s: 0x" TARGET_FMT_plx " <= %08" PRIx32 "\n", __func__, addr,
- retval);
-
- return retval;
-}
-
-static const MemoryRegionOps PPC_XCSR_ops = {
- .old_mmio = {
- .read = { PPC_XCSR_readb, PPC_XCSR_readw, PPC_XCSR_readl, },
- .write = { PPC_XCSR_writeb, PPC_XCSR_writew, PPC_XCSR_writel, },
- },
- .endianness = DEVICE_LITTLE_ENDIAN,
-};
-
-#endif
-
-/* Fake super-io ports for PREP platform (Intel 82378ZB) */
-typedef struct sysctrl_t {
- qemu_irq reset_irq;
- M48t59State *nvram;
- uint8_t state;
- uint8_t syscontrol;
- uint8_t fake_io[2];
- int contiguous_map;
- int endian;
-} sysctrl_t;
-
-enum {
- STATE_HARDFILE = 0x01,
-};
-
-static sysctrl_t *sysctrl;
-
-static void PREP_io_write (void *opaque, uint32_t addr, uint32_t val)
-{
- sysctrl_t *sysctrl = opaque;
-
- PPC_IO_DPRINTF("0x%08" PRIx32 " => 0x%02" PRIx32 "\n", addr - PPC_IO_BASE,
- val);
- sysctrl->fake_io[addr - 0x0398] = val;
-}
-
-static uint32_t PREP_io_read (void *opaque, uint32_t addr)
-{
- sysctrl_t *sysctrl = opaque;
-
- PPC_IO_DPRINTF("0x%08" PRIx32 " <= 0x%02" PRIx32 "\n", addr - PPC_IO_BASE,
- sysctrl->fake_io[addr - 0x0398]);
- return sysctrl->fake_io[addr - 0x0398];
-}
-
-static void PREP_io_800_writeb (void *opaque, uint32_t addr, uint32_t val)
-{
- sysctrl_t *sysctrl = opaque;
-
- PPC_IO_DPRINTF("0x%08" PRIx32 " => 0x%02" PRIx32 "\n",
- addr - PPC_IO_BASE, val);
- switch (addr) {
- case 0x0092:
- /* Special port 92 */
- /* Check soft reset asked */
- if (val & 0x01) {
- qemu_irq_raise(sysctrl->reset_irq);
- } else {
- qemu_irq_lower(sysctrl->reset_irq);
- }
- /* Check LE mode */
- if (val & 0x02) {
- sysctrl->endian = 1;
- } else {
- sysctrl->endian = 0;
- }
- break;
- case 0x0800:
- /* Motorola CPU configuration register : read-only */
- break;
- case 0x0802:
- /* Motorola base module feature register : read-only */
- break;
- case 0x0803:
- /* Motorola base module status register : read-only */
- break;
- case 0x0808:
- /* Hardfile light register */
- if (val & 1)
- sysctrl->state |= STATE_HARDFILE;
- else
- sysctrl->state &= ~STATE_HARDFILE;
- break;
- case 0x0810:
- /* Password protect 1 register */
- if (sysctrl->nvram != NULL)
- m48t59_toggle_lock(sysctrl->nvram, 1);
- break;
- case 0x0812:
- /* Password protect 2 register */
- if (sysctrl->nvram != NULL)
- m48t59_toggle_lock(sysctrl->nvram, 2);
- break;
- case 0x0814:
- /* L2 invalidate register */
- // tlb_flush(first_cpu, 1);
- break;
- case 0x081C:
- /* system control register */
- sysctrl->syscontrol = val & 0x0F;
- break;
- case 0x0850:
- /* I/O map type register */
- sysctrl->contiguous_map = val & 0x01;
- break;
- default:
- printf("ERROR: unaffected IO port write: %04" PRIx32
- " => %02" PRIx32"\n", addr, val);
- break;
- }
-}
-
-static uint32_t PREP_io_800_readb (void *opaque, uint32_t addr)
-{
- sysctrl_t *sysctrl = opaque;
- uint32_t retval = 0xFF;
-
- switch (addr) {
- case 0x0092:
- /* Special port 92 */
- retval = 0x00;
- break;
- case 0x0800:
- /* Motorola CPU configuration register */
- retval = 0xEF; /* MPC750 */
- break;
- case 0x0802:
- /* Motorola Base module feature register */
- retval = 0xAD; /* No ESCC, PMC slot neither ethernet */
- break;
- case 0x0803:
- /* Motorola base module status register */
- retval = 0xE0; /* Standard MPC750 */
- break;
- case 0x080C:
- /* Equipment present register:
- * no L2 cache
- * no upgrade processor
- * no cards in PCI slots
- * SCSI fuse is bad
- */
- retval = 0x3C;
- break;
- case 0x0810:
- /* Motorola base module extended feature register */
- retval = 0x39; /* No USB, CF and PCI bridge. NVRAM present */
- break;
- case 0x0814:
- /* L2 invalidate: don't care */
- break;
- case 0x0818:
- /* Keylock */
- retval = 0x00;
- break;
- case 0x081C:
- /* system control register
- * 7 - 6 / 1 - 0: L2 cache enable
- */
- retval = sysctrl->syscontrol;
- break;
- case 0x0823:
- /* */
- retval = 0x03; /* no L2 cache */
- break;
- case 0x0850:
- /* I/O map type register */
- retval = sysctrl->contiguous_map;
- break;
- default:
- printf("ERROR: unaffected IO port: %04" PRIx32 " read\n", addr);
- break;
- }
- PPC_IO_DPRINTF("0x%08" PRIx32 " <= 0x%02" PRIx32 "\n",
- addr - PPC_IO_BASE, retval);
-
- return retval;
-}
-
-static inline hwaddr prep_IO_address(sysctrl_t *sysctrl,
- hwaddr addr)
-{
- if (sysctrl->contiguous_map == 0) {
- /* 64 KB contiguous space for IOs */
- addr &= 0xFFFF;
- } else {
- /* 8 MB non-contiguous space for IOs */
- addr = (addr & 0x1F) | ((addr & 0x007FFF000) >> 7);
- }
-
- return addr;
-}
-
-static void PPC_prep_io_writeb (void *opaque, hwaddr addr,
- uint32_t value)
-{
- sysctrl_t *sysctrl = opaque;
-
- addr = prep_IO_address(sysctrl, addr);
- cpu_outb(addr, value);
-}
-
-static uint32_t PPC_prep_io_readb (void *opaque, hwaddr addr)
-{
- sysctrl_t *sysctrl = opaque;
- uint32_t ret;
-
- addr = prep_IO_address(sysctrl, addr);
- ret = cpu_inb(addr);
-
- return ret;
-}
-
-static void PPC_prep_io_writew (void *opaque, hwaddr addr,
- uint32_t value)
-{
- sysctrl_t *sysctrl = opaque;
-
- addr = prep_IO_address(sysctrl, addr);
- PPC_IO_DPRINTF("0x" TARGET_FMT_plx " => 0x%08" PRIx32 "\n", addr, value);
- cpu_outw(addr, value);
-}
-
-static uint32_t PPC_prep_io_readw (void *opaque, hwaddr addr)
-{
- sysctrl_t *sysctrl = opaque;
- uint32_t ret;
-
- addr = prep_IO_address(sysctrl, addr);
- ret = cpu_inw(addr);
- PPC_IO_DPRINTF("0x" TARGET_FMT_plx " <= 0x%08" PRIx32 "\n", addr, ret);
-
- return ret;
-}
-
-static void PPC_prep_io_writel (void *opaque, hwaddr addr,
- uint32_t value)
-{
- sysctrl_t *sysctrl = opaque;
-
- addr = prep_IO_address(sysctrl, addr);
- PPC_IO_DPRINTF("0x" TARGET_FMT_plx " => 0x%08" PRIx32 "\n", addr, value);
- cpu_outl(addr, value);
-}
-
-static uint32_t PPC_prep_io_readl (void *opaque, hwaddr addr)
-{
- sysctrl_t *sysctrl = opaque;
- uint32_t ret;
-
- addr = prep_IO_address(sysctrl, addr);
- ret = cpu_inl(addr);
- PPC_IO_DPRINTF("0x" TARGET_FMT_plx " <= 0x%08" PRIx32 "\n", addr, ret);
-
- return ret;
-}
-
-static const MemoryRegionOps PPC_prep_io_ops = {
- .old_mmio = {
- .read = { PPC_prep_io_readb, PPC_prep_io_readw, PPC_prep_io_readl },
- .write = { PPC_prep_io_writeb, PPC_prep_io_writew, PPC_prep_io_writel },
- },
- .endianness = DEVICE_LITTLE_ENDIAN,
-};
-
-#define NVRAM_SIZE 0x2000
-
-static void cpu_request_exit(void *opaque, int irq, int level)
-{
- CPUPPCState *env = cpu_single_env;
-
- if (env && level) {
- cpu_exit(env);
- }
-}
-
-static void ppc_prep_reset(void *opaque)
-{
- PowerPCCPU *cpu = opaque;
-
- cpu_reset(CPU(cpu));
-}
-
-/* PowerPC PREP hardware initialisation */
-static void ppc_prep_init(QEMUMachineInitArgs *args)
-{
- ram_addr_t ram_size = args->ram_size;
- const char *cpu_model = args->cpu_model;
- const char *kernel_filename = args->kernel_filename;
- const char *kernel_cmdline = args->kernel_cmdline;
- const char *initrd_filename = args->initrd_filename;
- const char *boot_device = args->boot_device;
- MemoryRegion *sysmem = get_system_memory();
- PowerPCCPU *cpu = NULL;
- CPUPPCState *env = NULL;
- char *filename;
- nvram_t nvram;
- M48t59State *m48t59;
- MemoryRegion *PPC_io_memory = g_new(MemoryRegion, 1);
-#if 0
- MemoryRegion *xcsr = g_new(MemoryRegion, 1);
-#endif
- int linux_boot, i, nb_nics1, bios_size;
- MemoryRegion *ram = g_new(MemoryRegion, 1);
- MemoryRegion *bios = g_new(MemoryRegion, 1);
- uint32_t kernel_base, initrd_base;
- long kernel_size, initrd_size;
- DeviceState *dev;
- PCIHostState *pcihost;
- PCIBus *pci_bus;
- PCIDevice *pci;
- ISABus *isa_bus;
- qemu_irq *cpu_exit_irq;
- int ppc_boot_device;
- DriveInfo *hd[MAX_IDE_BUS * MAX_IDE_DEVS];
- DriveInfo *fd[MAX_FD];
-
- sysctrl = g_malloc0(sizeof(sysctrl_t));
-
- linux_boot = (kernel_filename != NULL);
-
- /* init CPUs */
- if (cpu_model == NULL)
- cpu_model = "602";
- for (i = 0; i < smp_cpus; i++) {
- cpu = cpu_ppc_init(cpu_model);
- if (cpu == NULL) {
- fprintf(stderr, "Unable to find PowerPC CPU definition\n");
- exit(1);
- }
- env = &cpu->env;
-
- if (env->flags & POWERPC_FLAG_RTC_CLK) {
- /* POWER / PowerPC 601 RTC clock frequency is 7.8125 MHz */
- cpu_ppc_tb_init(env, 7812500UL);
- } else {
- /* Set time-base frequency to 100 Mhz */
- cpu_ppc_tb_init(env, 100UL * 1000UL * 1000UL);
- }
- qemu_register_reset(ppc_prep_reset, cpu);
- }
-
- /* allocate RAM */
- memory_region_init_ram(ram, "ppc_prep.ram", ram_size);
- vmstate_register_ram_global(ram);
- memory_region_add_subregion(sysmem, 0, ram);
-
- /* allocate and load BIOS */
- memory_region_init_ram(bios, "ppc_prep.bios", BIOS_SIZE);
- memory_region_set_readonly(bios, true);
- memory_region_add_subregion(sysmem, (uint32_t)(-BIOS_SIZE), bios);
- vmstate_register_ram_global(bios);
- if (bios_name == NULL)
- bios_name = BIOS_FILENAME;
- filename = qemu_find_file(QEMU_FILE_TYPE_BIOS, bios_name);
- if (filename) {
- bios_size = get_image_size(filename);
- } else {
- bios_size = -1;
- }
- if (bios_size > 0 && bios_size <= BIOS_SIZE) {
- hwaddr bios_addr;
- bios_size = (bios_size + 0xfff) & ~0xfff;
- bios_addr = (uint32_t)(-bios_size);
- bios_size = load_image_targphys(filename, bios_addr, bios_size);
- }
- if (bios_size < 0 || bios_size > BIOS_SIZE) {
- hw_error("qemu: could not load PPC PREP bios '%s'\n", bios_name);
- }
- if (filename) {
- g_free(filename);
- }
-
- if (linux_boot) {
- kernel_base = KERNEL_LOAD_ADDR;
- /* now we can load the kernel */
- kernel_size = load_image_targphys(kernel_filename, kernel_base,
- ram_size - kernel_base);
- if (kernel_size < 0) {
- hw_error("qemu: could not load kernel '%s'\n", kernel_filename);
- exit(1);
- }
- /* load initrd */
- if (initrd_filename) {
- initrd_base = INITRD_LOAD_ADDR;
- initrd_size = load_image_targphys(initrd_filename, initrd_base,
- ram_size - initrd_base);
- if (initrd_size < 0) {
- hw_error("qemu: could not load initial ram disk '%s'\n",
- initrd_filename);
- }
- } else {
- initrd_base = 0;
- initrd_size = 0;
- }
- ppc_boot_device = 'm';
- } else {
- kernel_base = 0;
- kernel_size = 0;
- initrd_base = 0;
- initrd_size = 0;
- ppc_boot_device = '\0';
- /* For now, OHW cannot boot from the network. */
- for (i = 0; boot_device[i] != '\0'; i++) {
- if (boot_device[i] >= 'a' && boot_device[i] <= 'f') {
- ppc_boot_device = boot_device[i];
- break;
- }
- }
- if (ppc_boot_device == '\0') {
- fprintf(stderr, "No valid boot device for Mac99 machine\n");
- exit(1);
- }
- }
-
- if (PPC_INPUT(env) != PPC_FLAGS_INPUT_6xx) {
- hw_error("Only 6xx bus is supported on PREP machine\n");
- }
-
- dev = qdev_create(NULL, "raven-pcihost");
- pcihost = PCI_HOST_BRIDGE(dev);
- pcihost->address_space = get_system_memory();
- object_property_add_child(qdev_get_machine(), "raven", OBJECT(dev), NULL);
- qdev_init_nofail(dev);
- pci_bus = (PCIBus *)qdev_get_child_bus(dev, "pci.0");
- if (pci_bus == NULL) {
- fprintf(stderr, "Couldn't create PCI host controller.\n");
- exit(1);
- }
-
- /* PCI -> ISA bridge */
- pci = pci_create_simple(pci_bus, PCI_DEVFN(1, 0), "i82378");
- cpu_exit_irq = qemu_allocate_irqs(cpu_request_exit, NULL, 1);
- qdev_connect_gpio_out(&pci->qdev, 0,
- first_cpu->irq_inputs[PPC6xx_INPUT_INT]);
- qdev_connect_gpio_out(&pci->qdev, 1, *cpu_exit_irq);
- sysbus_connect_irq(&pcihost->busdev, 0, qdev_get_gpio_in(&pci->qdev, 9));
- sysbus_connect_irq(&pcihost->busdev, 1, qdev_get_gpio_in(&pci->qdev, 11));
- sysbus_connect_irq(&pcihost->busdev, 2, qdev_get_gpio_in(&pci->qdev, 9));
- sysbus_connect_irq(&pcihost->busdev, 3, qdev_get_gpio_in(&pci->qdev, 11));
- isa_bus = DO_UPCAST(ISABus, qbus, qdev_get_child_bus(&pci->qdev, "isa.0"));
-
- /* Register 8 MB of ISA IO space (needed for non-contiguous map) */
- memory_region_init_io(PPC_io_memory, &PPC_prep_io_ops, sysctrl,
- "ppc-io", 0x00800000);
- memory_region_add_subregion(sysmem, 0x80000000, PPC_io_memory);
-
- /* init basic PC hardware */
- pci_vga_init(pci_bus);
-
- if (serial_hds[0])
- serial_isa_init(isa_bus, 0, serial_hds[0]);
- nb_nics1 = nb_nics;
- if (nb_nics1 > NE2000_NB_MAX)
- nb_nics1 = NE2000_NB_MAX;
- for(i = 0; i < nb_nics1; i++) {
- if (nd_table[i].model == NULL) {
- nd_table[i].model = g_strdup("ne2k_isa");
- }
- if (strcmp(nd_table[i].model, "ne2k_isa") == 0) {
- isa_ne2000_init(isa_bus, ne2000_io[i], ne2000_irq[i],
- &nd_table[i]);
- } else {
- pci_nic_init_nofail(&nd_table[i], "ne2k_pci", NULL);
- }
- }
-
- ide_drive_get(hd, MAX_IDE_BUS);
- for(i = 0; i < MAX_IDE_BUS; i++) {
- isa_ide_init(isa_bus, ide_iobase[i], ide_iobase2[i], ide_irq[i],
- hd[2 * i],
- hd[2 * i + 1]);
- }
- isa_create_simple(isa_bus, "i8042");
-
- // SB16_init();
-
- for(i = 0; i < MAX_FD; i++) {
- fd[i] = drive_get(IF_FLOPPY, 0, i);
- }
- fdctrl_init_isa(isa_bus, fd);
-
- /* Register fake IO ports for PREP */
- sysctrl->reset_irq = first_cpu->irq_inputs[PPC6xx_INPUT_HRESET];
- register_ioport_read(0x398, 2, 1, &PREP_io_read, sysctrl);
- register_ioport_write(0x398, 2, 1, &PREP_io_write, sysctrl);
- /* System control ports */
- register_ioport_read(0x0092, 0x01, 1, &PREP_io_800_readb, sysctrl);
- register_ioport_write(0x0092, 0x01, 1, &PREP_io_800_writeb, sysctrl);
- register_ioport_read(0x0800, 0x52, 1, &PREP_io_800_readb, sysctrl);
- register_ioport_write(0x0800, 0x52, 1, &PREP_io_800_writeb, sysctrl);
- /* PowerPC control and status register group */
-#if 0
- memory_region_init_io(xcsr, &PPC_XCSR_ops, NULL, "ppc-xcsr", 0x1000);
- memory_region_add_subregion(sysmem, 0xFEFF0000, xcsr);
-#endif
-
- if (usb_enabled(false)) {
- pci_create_simple(pci_bus, -1, "pci-ohci");
- }
-
- m48t59 = m48t59_init_isa(isa_bus, 0x0074, NVRAM_SIZE, 59);
- if (m48t59 == NULL)
- return;
- sysctrl->nvram = m48t59;
-
- /* Initialise NVRAM */
- nvram.opaque = m48t59;
- nvram.read_fn = &m48t59_read;
- nvram.write_fn = &m48t59_write;
- PPC_NVRAM_set_params(&nvram, NVRAM_SIZE, "PREP", ram_size, ppc_boot_device,
- kernel_base, kernel_size,
- kernel_cmdline,
- initrd_base, initrd_size,
- /* XXX: need an option to load a NVRAM image */
- 0,
- graphic_width, graphic_height, graphic_depth);
-
- /* Special port to get debug messages from Open-Firmware */
- register_ioport_write(0x0F00, 4, 1, &PPC_debug_write, NULL);
-
- /* Initialize audio subsystem */
- audio_init(isa_bus, pci_bus);
-}
-
-static QEMUMachine prep_machine = {
- .name = "prep",
- .desc = "PowerPC PREP platform",
- .init = ppc_prep_init,
- .max_cpus = MAX_CPUS,
-};
-
-static void prep_machine_init(void)
-{
- qemu_register_machine(&prep_machine);
-}
-
-machine_init(prep_machine_init);
diff --git a/hw/ppce500_pci.c b/hw/ppce500_pci.c
deleted file mode 100644
index 2ff7438d0..000000000
--- a/hw/ppce500_pci.c
+++ /dev/null
@@ -1,393 +0,0 @@
-/*
- * QEMU PowerPC E500 embedded processors pci controller emulation
- *
- * Copyright (C) 2009 Freescale Semiconductor, Inc. All rights reserved.
- *
- * Author: Yu Liu, <yu.liu@freescale.com>
- *
- * This file is derived from hw/ppc4xx_pci.c,
- * the copyright for that material belongs to the original owners.
- *
- * This is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- */
-
-#include "hw.h"
-#include "pci.h"
-#include "pci_host.h"
-#include "bswap.h"
-
-#ifdef DEBUG_PCI
-#define pci_debug(fmt, ...) fprintf(stderr, fmt, ## __VA_ARGS__)
-#else
-#define pci_debug(fmt, ...)
-#endif
-
-#define PCIE500_CFGADDR 0x0
-#define PCIE500_CFGDATA 0x4
-#define PCIE500_REG_BASE 0xC00
-#define PCIE500_ALL_SIZE 0x1000
-#define PCIE500_REG_SIZE (PCIE500_ALL_SIZE - PCIE500_REG_BASE)
-
-#define PCIE500_PCI_IOLEN 0x10000ULL
-
-#define PPCE500_PCI_CONFIG_ADDR 0x0
-#define PPCE500_PCI_CONFIG_DATA 0x4
-#define PPCE500_PCI_INTACK 0x8
-
-#define PPCE500_PCI_OW1 (0xC20 - PCIE500_REG_BASE)
-#define PPCE500_PCI_OW2 (0xC40 - PCIE500_REG_BASE)
-#define PPCE500_PCI_OW3 (0xC60 - PCIE500_REG_BASE)
-#define PPCE500_PCI_OW4 (0xC80 - PCIE500_REG_BASE)
-#define PPCE500_PCI_IW3 (0xDA0 - PCIE500_REG_BASE)
-#define PPCE500_PCI_IW2 (0xDC0 - PCIE500_REG_BASE)
-#define PPCE500_PCI_IW1 (0xDE0 - PCIE500_REG_BASE)
-
-#define PPCE500_PCI_GASKET_TIMR (0xE20 - PCIE500_REG_BASE)
-
-#define PCI_POTAR 0x0
-#define PCI_POTEAR 0x4
-#define PCI_POWBAR 0x8
-#define PCI_POWAR 0x10
-
-#define PCI_PITAR 0x0
-#define PCI_PIWBAR 0x8
-#define PCI_PIWBEAR 0xC
-#define PCI_PIWAR 0x10
-
-#define PPCE500_PCI_NR_POBS 5
-#define PPCE500_PCI_NR_PIBS 3
-
-struct pci_outbound {
- uint32_t potar;
- uint32_t potear;
- uint32_t powbar;
- uint32_t powar;
-};
-
-struct pci_inbound {
- uint32_t pitar;
- uint32_t piwbar;
- uint32_t piwbear;
- uint32_t piwar;
-};
-
-#define TYPE_PPC_E500_PCI_HOST_BRIDGE "e500-pcihost"
-
-#define PPC_E500_PCI_HOST_BRIDGE(obj) \
- OBJECT_CHECK(PPCE500PCIState, (obj), TYPE_PPC_E500_PCI_HOST_BRIDGE)
-
-struct PPCE500PCIState {
- PCIHostState parent_obj;
-
- struct pci_outbound pob[PPCE500_PCI_NR_POBS];
- struct pci_inbound pib[PPCE500_PCI_NR_PIBS];
- uint32_t gasket_time;
- qemu_irq irq[4];
- /* mmio maps */
- MemoryRegion container;
- MemoryRegion iomem;
- MemoryRegion pio;
-};
-
-typedef struct PPCE500PCIState PPCE500PCIState;
-
-static uint64_t pci_reg_read4(void *opaque, hwaddr addr,
- unsigned size)
-{
- PPCE500PCIState *pci = opaque;
- unsigned long win;
- uint32_t value = 0;
- int idx;
-
- win = addr & 0xfe0;
-
- switch (win) {
- case PPCE500_PCI_OW1:
- case PPCE500_PCI_OW2:
- case PPCE500_PCI_OW3:
- case PPCE500_PCI_OW4:
- idx = (addr >> 5) & 0x7;
- switch (addr & 0xC) {
- case PCI_POTAR:
- value = pci->pob[idx].potar;
- break;
- case PCI_POTEAR:
- value = pci->pob[idx].potear;
- break;
- case PCI_POWBAR:
- value = pci->pob[idx].powbar;
- break;
- case PCI_POWAR:
- value = pci->pob[idx].powar;
- break;
- default:
- break;
- }
- break;
-
- case PPCE500_PCI_IW3:
- case PPCE500_PCI_IW2:
- case PPCE500_PCI_IW1:
- idx = ((addr >> 5) & 0x3) - 1;
- switch (addr & 0xC) {
- case PCI_PITAR:
- value = pci->pib[idx].pitar;
- break;
- case PCI_PIWBAR:
- value = pci->pib[idx].piwbar;
- break;
- case PCI_PIWBEAR:
- value = pci->pib[idx].piwbear;
- break;
- case PCI_PIWAR:
- value = pci->pib[idx].piwar;
- break;
- default:
- break;
- };
- break;
-
- case PPCE500_PCI_GASKET_TIMR:
- value = pci->gasket_time;
- break;
-
- default:
- break;
- }
-
- pci_debug("%s: win:%lx(addr:" TARGET_FMT_plx ") -> value:%x\n", __func__,
- win, addr, value);
- return value;
-}
-
-static void pci_reg_write4(void *opaque, hwaddr addr,
- uint64_t value, unsigned size)
-{
- PPCE500PCIState *pci = opaque;
- unsigned long win;
- int idx;
-
- win = addr & 0xfe0;
-
- pci_debug("%s: value:%x -> win:%lx(addr:" TARGET_FMT_plx ")\n",
- __func__, (unsigned)value, win, addr);
-
- switch (win) {
- case PPCE500_PCI_OW1:
- case PPCE500_PCI_OW2:
- case PPCE500_PCI_OW3:
- case PPCE500_PCI_OW4:
- idx = (addr >> 5) & 0x7;
- switch (addr & 0xC) {
- case PCI_POTAR:
- pci->pob[idx].potar = value;
- break;
- case PCI_POTEAR:
- pci->pob[idx].potear = value;
- break;
- case PCI_POWBAR:
- pci->pob[idx].powbar = value;
- break;
- case PCI_POWAR:
- pci->pob[idx].powar = value;
- break;
- default:
- break;
- };
- break;
-
- case PPCE500_PCI_IW3:
- case PPCE500_PCI_IW2:
- case PPCE500_PCI_IW1:
- idx = ((addr >> 5) & 0x3) - 1;
- switch (addr & 0xC) {
- case PCI_PITAR:
- pci->pib[idx].pitar = value;
- break;
- case PCI_PIWBAR:
- pci->pib[idx].piwbar = value;
- break;
- case PCI_PIWBEAR:
- pci->pib[idx].piwbear = value;
- break;
- case PCI_PIWAR:
- pci->pib[idx].piwar = value;
- break;
- default:
- break;
- };
- break;
-
- case PPCE500_PCI_GASKET_TIMR:
- pci->gasket_time = value;
- break;
-
- default:
- break;
- };
-}
-
-static const MemoryRegionOps e500_pci_reg_ops = {
- .read = pci_reg_read4,
- .write = pci_reg_write4,
- .endianness = DEVICE_BIG_ENDIAN,
-};
-
-static int mpc85xx_pci_map_irq(PCIDevice *pci_dev, int irq_num)
-{
- int devno = pci_dev->devfn >> 3, ret = 0;
-
- switch (devno) {
- /* Two PCI slot */
- case 0x11:
- case 0x12:
- ret = (irq_num + devno - 0x10) % 4;
- break;
- default:
- printf("Error:%s:unknown dev number\n", __func__);
- }
-
- pci_debug("%s: devfn %x irq %d -> %d devno:%x\n", __func__,
- pci_dev->devfn, irq_num, ret, devno);
-
- return ret;
-}
-
-static void mpc85xx_pci_set_irq(void *opaque, int irq_num, int level)
-{
- qemu_irq *pic = opaque;
-
- pci_debug("%s: PCI irq %d, level:%d\n", __func__, irq_num, level);
-
- qemu_set_irq(pic[irq_num], level);
-}
-
-static const VMStateDescription vmstate_pci_outbound = {
- .name = "pci_outbound",
- .version_id = 0,
- .minimum_version_id = 0,
- .minimum_version_id_old = 0,
- .fields = (VMStateField[]) {
- VMSTATE_UINT32(potar, struct pci_outbound),
- VMSTATE_UINT32(potear, struct pci_outbound),
- VMSTATE_UINT32(powbar, struct pci_outbound),
- VMSTATE_UINT32(powar, struct pci_outbound),
- VMSTATE_END_OF_LIST()
- }
-};
-
-static const VMStateDescription vmstate_pci_inbound = {
- .name = "pci_inbound",
- .version_id = 0,
- .minimum_version_id = 0,
- .minimum_version_id_old = 0,
- .fields = (VMStateField[]) {
- VMSTATE_UINT32(pitar, struct pci_inbound),
- VMSTATE_UINT32(piwbar, struct pci_inbound),
- VMSTATE_UINT32(piwbear, struct pci_inbound),
- VMSTATE_UINT32(piwar, struct pci_inbound),
- VMSTATE_END_OF_LIST()
- }
-};
-
-static const VMStateDescription vmstate_ppce500_pci = {
- .name = "ppce500_pci",
- .version_id = 1,
- .minimum_version_id = 1,
- .minimum_version_id_old = 1,
- .fields = (VMStateField[]) {
- VMSTATE_STRUCT_ARRAY(pob, PPCE500PCIState, PPCE500_PCI_NR_POBS, 1,
- vmstate_pci_outbound, struct pci_outbound),
- VMSTATE_STRUCT_ARRAY(pib, PPCE500PCIState, PPCE500_PCI_NR_PIBS, 1,
- vmstate_pci_outbound, struct pci_inbound),
- VMSTATE_UINT32(gasket_time, PPCE500PCIState),
- VMSTATE_END_OF_LIST()
- }
-};
-
-#include "exec-memory.h"
-
-static int e500_pcihost_initfn(SysBusDevice *dev)
-{
- PCIHostState *h;
- PPCE500PCIState *s;
- PCIBus *b;
- int i;
- MemoryRegion *address_space_mem = get_system_memory();
-
- h = PCI_HOST_BRIDGE(dev);
- s = PPC_E500_PCI_HOST_BRIDGE(dev);
-
- for (i = 0; i < ARRAY_SIZE(s->irq); i++) {
- sysbus_init_irq(dev, &s->irq[i]);
- }
-
- memory_region_init(&s->pio, "pci-pio", PCIE500_PCI_IOLEN);
-
- b = pci_register_bus(DEVICE(dev), NULL, mpc85xx_pci_set_irq,
- mpc85xx_pci_map_irq, s->irq, address_space_mem,
- &s->pio, PCI_DEVFN(0x11, 0), 4);
- h->bus = b;
-
- pci_create_simple(b, 0, "e500-host-bridge");
-
- memory_region_init(&s->container, "pci-container", PCIE500_ALL_SIZE);
- memory_region_init_io(&h->conf_mem, &pci_host_conf_be_ops, h,
- "pci-conf-idx", 4);
- memory_region_init_io(&h->data_mem, &pci_host_data_le_ops, h,
- "pci-conf-data", 4);
- memory_region_init_io(&s->iomem, &e500_pci_reg_ops, s,
- "pci.reg", PCIE500_REG_SIZE);
- memory_region_add_subregion(&s->container, PCIE500_CFGADDR, &h->conf_mem);
- memory_region_add_subregion(&s->container, PCIE500_CFGDATA, &h->data_mem);
- memory_region_add_subregion(&s->container, PCIE500_REG_BASE, &s->iomem);
- sysbus_init_mmio(dev, &s->container);
- sysbus_init_mmio(dev, &s->pio);
-
- return 0;
-}
-
-static void e500_host_bridge_class_init(ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS(klass);
- PCIDeviceClass *k = PCI_DEVICE_CLASS(klass);
-
- k->vendor_id = PCI_VENDOR_ID_FREESCALE;
- k->device_id = PCI_DEVICE_ID_MPC8533E;
- k->class_id = PCI_CLASS_PROCESSOR_POWERPC;
- dc->desc = "Host bridge";
-}
-
-static const TypeInfo e500_host_bridge_info = {
- .name = "e500-host-bridge",
- .parent = TYPE_PCI_DEVICE,
- .instance_size = sizeof(PCIDevice),
- .class_init = e500_host_bridge_class_init,
-};
-
-static void e500_pcihost_class_init(ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS(klass);
- SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
-
- k->init = e500_pcihost_initfn;
- dc->vmsd = &vmstate_ppce500_pci;
-}
-
-static const TypeInfo e500_pcihost_info = {
- .name = TYPE_PPC_E500_PCI_HOST_BRIDGE,
- .parent = TYPE_PCI_HOST_BRIDGE,
- .instance_size = sizeof(PPCE500PCIState),
- .class_init = e500_pcihost_class_init,
-};
-
-static void e500_pci_register_types(void)
-{
- type_register_static(&e500_pcihost_info);
- type_register_static(&e500_host_bridge_info);
-}
-
-type_init(e500_pci_register_types)
diff --git a/hw/ppce500_spin.c b/hw/ppce500_spin.c
deleted file mode 100644
index c1a155bd3..000000000
--- a/hw/ppce500_spin.c
+++ /dev/null
@@ -1,227 +0,0 @@
-/*
- * QEMU PowerPC e500v2 ePAPR spinning code
- *
- * Copyright (C) 2011 Freescale Semiconductor, Inc. All rights reserved.
- *
- * Author: Alexander Graf, <agraf@suse.de>
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, see <http://www.gnu.org/licenses/>.
- *
- * This code is not really a device, but models an interface that usually
- * firmware takes care of. It's used when QEMU plays the role of firmware.
- *
- * Specification:
- *
- * https://www.power.org/resources/downloads/Power_ePAPR_APPROVED_v1.1.pdf
- *
- */
-
-#include "hw.h"
-#include "sysemu.h"
-#include "sysbus.h"
-#include "kvm.h"
-
-#define MAX_CPUS 32
-
-typedef struct spin_info {
- uint64_t addr;
- uint64_t r3;
- uint32_t resv;
- uint32_t pir;
- uint64_t reserved;
-} QEMU_PACKED SpinInfo;
-
-typedef struct spin_state {
- SysBusDevice busdev;
- MemoryRegion iomem;
- SpinInfo spin[MAX_CPUS];
-} SpinState;
-
-typedef struct spin_kick {
- PowerPCCPU *cpu;
- SpinInfo *spin;
-} SpinKick;
-
-static void spin_reset(void *opaque)
-{
- SpinState *s = opaque;
- int i;
-
- for (i = 0; i < MAX_CPUS; i++) {
- SpinInfo *info = &s->spin[i];
-
- info->pir = i;
- info->r3 = i;
- info->addr = 1;
- }
-}
-
-/* Create -kernel TLB entries for BookE, linearly spanning 256MB. */
-static inline hwaddr booke206_page_size_to_tlb(uint64_t size)
-{
- return (ffs(size >> 10) - 1) >> 1;
-}
-
-static void mmubooke_create_initial_mapping(CPUPPCState *env,
- target_ulong va,
- hwaddr pa,
- hwaddr len)
-{
- ppcmas_tlb_t *tlb = booke206_get_tlbm(env, 1, 0, 1);
- hwaddr size;
-
- size = (booke206_page_size_to_tlb(len) << MAS1_TSIZE_SHIFT);
- tlb->mas1 = MAS1_VALID | size;
- tlb->mas2 = (va & TARGET_PAGE_MASK) | MAS2_M;
- tlb->mas7_3 = pa & TARGET_PAGE_MASK;
- tlb->mas7_3 |= MAS3_UR | MAS3_UW | MAS3_UX | MAS3_SR | MAS3_SW | MAS3_SX;
- env->tlb_dirty = true;
-}
-
-static void spin_kick(void *data)
-{
- SpinKick *kick = data;
- CPUState *cpu = CPU(kick->cpu);
- CPUPPCState *env = &kick->cpu->env;
- SpinInfo *curspin = kick->spin;
- hwaddr map_size = 64 * 1024 * 1024;
- hwaddr map_start;
-
- cpu_synchronize_state(env);
- stl_p(&curspin->pir, env->spr[SPR_PIR]);
- env->nip = ldq_p(&curspin->addr) & (map_size - 1);
- env->gpr[3] = ldq_p(&curspin->r3);
- env->gpr[4] = 0;
- env->gpr[5] = 0;
- env->gpr[6] = 0;
- env->gpr[7] = map_size;
- env->gpr[8] = 0;
- env->gpr[9] = 0;
-
- map_start = ldq_p(&curspin->addr) & ~(map_size - 1);
- mmubooke_create_initial_mapping(env, 0, map_start, map_size);
-
- env->halted = 0;
- env->exception_index = -1;
- cpu->stopped = false;
- qemu_cpu_kick(cpu);
-}
-
-static void spin_write(void *opaque, hwaddr addr, uint64_t value,
- unsigned len)
-{
- SpinState *s = opaque;
- int env_idx = addr / sizeof(SpinInfo);
- CPUPPCState *env;
- SpinInfo *curspin = &s->spin[env_idx];
- uint8_t *curspin_p = (uint8_t*)curspin;
-
- for (env = first_cpu; env != NULL; env = env->next_cpu) {
- if (env->cpu_index == env_idx) {
- break;
- }
- }
-
- if (!env) {
- /* Unknown CPU */
- return;
- }
-
- if (!env->cpu_index) {
- /* primary CPU doesn't spin */
- return;
- }
-
- curspin_p = &curspin_p[addr % sizeof(SpinInfo)];
- switch (len) {
- case 1:
- stb_p(curspin_p, value);
- break;
- case 2:
- stw_p(curspin_p, value);
- break;
- case 4:
- stl_p(curspin_p, value);
- break;
- }
-
- if (!(ldq_p(&curspin->addr) & 1)) {
- /* run CPU */
- SpinKick kick = {
- .cpu = ppc_env_get_cpu(env),
- .spin = curspin,
- };
-
- run_on_cpu(CPU(kick.cpu), spin_kick, &kick);
- }
-}
-
-static uint64_t spin_read(void *opaque, hwaddr addr, unsigned len)
-{
- SpinState *s = opaque;
- uint8_t *spin_p = &((uint8_t*)s->spin)[addr];
-
- switch (len) {
- case 1:
- return ldub_p(spin_p);
- case 2:
- return lduw_p(spin_p);
- case 4:
- return ldl_p(spin_p);
- default:
- hw_error("ppce500: unexpected %s with len = %u", __func__, len);
- }
-}
-
-static const MemoryRegionOps spin_rw_ops = {
- .read = spin_read,
- .write = spin_write,
- .endianness = DEVICE_BIG_ENDIAN,
-};
-
-static int ppce500_spin_initfn(SysBusDevice *dev)
-{
- SpinState *s;
-
- s = FROM_SYSBUS(SpinState, sysbus_from_qdev(dev));
-
- memory_region_init_io(&s->iomem, &spin_rw_ops, s, "e500 spin pv device",
- sizeof(SpinInfo) * MAX_CPUS);
- sysbus_init_mmio(dev, &s->iomem);
-
- qemu_register_reset(spin_reset, s);
-
- return 0;
-}
-
-static void ppce500_spin_class_init(ObjectClass *klass, void *data)
-{
- SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
-
- k->init = ppce500_spin_initfn;
-}
-
-static TypeInfo ppce500_spin_info = {
- .name = "e500-spin",
- .parent = TYPE_SYS_BUS_DEVICE,
- .instance_size = sizeof(SpinState),
- .class_init = ppce500_spin_class_init,
-};
-
-static void ppce500_spin_register_types(void)
-{
- type_register_static(&ppce500_spin_info);
-}
-
-type_init(ppce500_spin_register_types)
diff --git a/hw/prep_pci.c b/hw/prep_pci.c
deleted file mode 100644
index 0bc479cd1..000000000
--- a/hw/prep_pci.c
+++ /dev/null
@@ -1,208 +0,0 @@
-/*
- * QEMU PREP PCI host
- *
- * Copyright (c) 2006 Fabrice Bellard
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
- * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
- * THE SOFTWARE.
- */
-
-#include "hw.h"
-#include "pci.h"
-#include "pci_host.h"
-#include "pc.h"
-#include "exec-memory.h"
-
-#define TYPE_RAVEN_PCI_HOST_BRIDGE "raven-pcihost"
-
-#define RAVEN_PCI_HOST_BRIDGE(obj) \
- OBJECT_CHECK(PREPPCIState, (obj), TYPE_RAVEN_PCI_HOST_BRIDGE)
-
-typedef struct PRePPCIState {
- PCIHostState parent_obj;
-
- MemoryRegion intack;
- qemu_irq irq[4];
-} PREPPCIState;
-
-typedef struct RavenPCIState {
- PCIDevice dev;
-} RavenPCIState;
-
-static inline uint32_t PPC_PCIIO_config(hwaddr addr)
-{
- int i;
-
- for (i = 0; i < 11; i++) {
- if ((addr & (1 << (11 + i))) != 0) {
- break;
- }
- }
- return (addr & 0x7ff) | (i << 11);
-}
-
-static void ppc_pci_io_write(void *opaque, hwaddr addr,
- uint64_t val, unsigned int size)
-{
- PREPPCIState *s = opaque;
- PCIHostState *phb = PCI_HOST_BRIDGE(s);
- pci_data_write(phb->bus, PPC_PCIIO_config(addr), val, size);
-}
-
-static uint64_t ppc_pci_io_read(void *opaque, hwaddr addr,
- unsigned int size)
-{
- PREPPCIState *s = opaque;
- PCIHostState *phb = PCI_HOST_BRIDGE(s);
- return pci_data_read(phb->bus, PPC_PCIIO_config(addr), size);
-}
-
-static const MemoryRegionOps PPC_PCIIO_ops = {
- .read = ppc_pci_io_read,
- .write = ppc_pci_io_write,
- .endianness = DEVICE_LITTLE_ENDIAN,
-};
-
-static uint64_t ppc_intack_read(void *opaque, hwaddr addr,
- unsigned int size)
-{
- return pic_read_irq(isa_pic);
-}
-
-static const MemoryRegionOps PPC_intack_ops = {
- .read = ppc_intack_read,
- .valid = {
- .max_access_size = 1,
- },
-};
-
-static int prep_map_irq(PCIDevice *pci_dev, int irq_num)
-{
- return (irq_num + (pci_dev->devfn >> 3)) & 1;
-}
-
-static void prep_set_irq(void *opaque, int irq_num, int level)
-{
- qemu_irq *pic = opaque;
-
- qemu_set_irq(pic[irq_num] , level);
-}
-
-static int raven_pcihost_init(SysBusDevice *dev)
-{
- PCIHostState *h = PCI_HOST_BRIDGE(dev);
- PREPPCIState *s = RAVEN_PCI_HOST_BRIDGE(dev);
- MemoryRegion *address_space_mem = get_system_memory();
- MemoryRegion *address_space_io = get_system_io();
- PCIBus *bus;
- int i;
-
- for (i = 0; i < 4; i++) {
- sysbus_init_irq(dev, &s->irq[i]);
- }
-
- bus = pci_register_bus(DEVICE(dev), NULL,
- prep_set_irq, prep_map_irq, s->irq,
- address_space_mem, address_space_io, 0, 4);
- h->bus = bus;
-
- memory_region_init_io(&h->conf_mem, &pci_host_conf_be_ops, s,
- "pci-conf-idx", 1);
- sysbus_add_io(dev, 0xcf8, &h->conf_mem);
- sysbus_init_ioports(&h->busdev, 0xcf8, 1);
-
- memory_region_init_io(&h->data_mem, &pci_host_data_be_ops, s,
- "pci-conf-data", 1);
- sysbus_add_io(dev, 0xcfc, &h->data_mem);
- sysbus_init_ioports(&h->busdev, 0xcfc, 1);
-
- memory_region_init_io(&h->mmcfg, &PPC_PCIIO_ops, s, "pciio", 0x00400000);
- memory_region_add_subregion(address_space_mem, 0x80800000, &h->mmcfg);
-
- memory_region_init_io(&s->intack, &PPC_intack_ops, s, "pci-intack", 1);
- memory_region_add_subregion(address_space_mem, 0xbffffff0, &s->intack);
- pci_create_simple(bus, 0, "raven");
-
- return 0;
-}
-
-static int raven_init(PCIDevice *d)
-{
- d->config[0x0C] = 0x08; // cache_line_size
- d->config[0x0D] = 0x10; // latency_timer
- d->config[0x34] = 0x00; // capabilities_pointer
-
- return 0;
-}
-
-static const VMStateDescription vmstate_raven = {
- .name = "raven",
- .version_id = 0,
- .minimum_version_id = 0,
- .fields = (VMStateField[]) {
- VMSTATE_PCI_DEVICE(dev, RavenPCIState),
- VMSTATE_END_OF_LIST()
- },
-};
-
-static void raven_class_init(ObjectClass *klass, void *data)
-{
- PCIDeviceClass *k = PCI_DEVICE_CLASS(klass);
- DeviceClass *dc = DEVICE_CLASS(klass);
-
- k->init = raven_init;
- k->vendor_id = PCI_VENDOR_ID_MOTOROLA;
- k->device_id = PCI_DEVICE_ID_MOTOROLA_RAVEN;
- k->revision = 0x00;
- k->class_id = PCI_CLASS_BRIDGE_HOST;
- dc->desc = "PReP Host Bridge - Motorola Raven";
- dc->vmsd = &vmstate_raven;
- dc->no_user = 1;
-}
-
-static const TypeInfo raven_info = {
- .name = "raven",
- .parent = TYPE_PCI_DEVICE,
- .instance_size = sizeof(RavenPCIState),
- .class_init = raven_class_init,
-};
-
-static void raven_pcihost_class_init(ObjectClass *klass, void *data)
-{
- SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
- DeviceClass *dc = DEVICE_CLASS(klass);
-
- k->init = raven_pcihost_init;
- dc->fw_name = "pci";
- dc->no_user = 1;
-}
-
-static const TypeInfo raven_pcihost_info = {
- .name = TYPE_RAVEN_PCI_HOST_BRIDGE,
- .parent = TYPE_PCI_HOST_BRIDGE,
- .instance_size = sizeof(PREPPCIState),
- .class_init = raven_pcihost_class_init,
-};
-
-static void raven_register_types(void)
-{
- type_register_static(&raven_pcihost_info);
- type_register_static(&raven_info);
-}
-
-type_init(raven_register_types)
diff --git a/hw/primecell.h b/hw/primecell.h
deleted file mode 100644
index 7337c3b3c..000000000
--- a/hw/primecell.h
+++ /dev/null
@@ -1,12 +0,0 @@
-#ifndef PRIMECELL_H
-#define PRIMECELL_H
-
-/* Declarations for ARM PrimeCell based periperals. */
-/* Also includes some devices that are currently only used by the
- ARM boards. */
-
-/* arm_sysctl GPIO lines */
-#define ARM_SYSCTL_GPIO_MMC_WPROT 0
-#define ARM_SYSCTL_GPIO_MMC_CARDIN 1
-
-#endif
diff --git a/hw/ps2.c b/hw/ps2.c
deleted file mode 100644
index f93cd24d9..000000000
--- a/hw/ps2.c
+++ /dev/null
@@ -1,676 +0,0 @@
-/*
- * QEMU PS/2 keyboard/mouse emulation
- *
- * Copyright (c) 2003 Fabrice Bellard
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
- * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
- * THE SOFTWARE.
- */
-#include "hw.h"
-#include "ps2.h"
-#include "console.h"
-#include "sysemu.h"
-
-/* debug PC keyboard */
-//#define DEBUG_KBD
-
-/* debug PC keyboard : only mouse */
-//#define DEBUG_MOUSE
-
-/* Keyboard Commands */
-#define KBD_CMD_SET_LEDS 0xED /* Set keyboard leds */
-#define KBD_CMD_ECHO 0xEE
-#define KBD_CMD_SCANCODE 0xF0 /* Get/set scancode set */
-#define KBD_CMD_GET_ID 0xF2 /* get keyboard ID */
-#define KBD_CMD_SET_RATE 0xF3 /* Set typematic rate */
-#define KBD_CMD_ENABLE 0xF4 /* Enable scanning */
-#define KBD_CMD_RESET_DISABLE 0xF5 /* reset and disable scanning */
-#define KBD_CMD_RESET_ENABLE 0xF6 /* reset and enable scanning */
-#define KBD_CMD_RESET 0xFF /* Reset */
-
-/* Keyboard Replies */
-#define KBD_REPLY_POR 0xAA /* Power on reset */
-#define KBD_REPLY_ID 0xAB /* Keyboard ID */
-#define KBD_REPLY_ACK 0xFA /* Command ACK */
-#define KBD_REPLY_RESEND 0xFE /* Command NACK, send the cmd again */
-
-/* Mouse Commands */
-#define AUX_SET_SCALE11 0xE6 /* Set 1:1 scaling */
-#define AUX_SET_SCALE21 0xE7 /* Set 2:1 scaling */
-#define AUX_SET_RES 0xE8 /* Set resolution */
-#define AUX_GET_SCALE 0xE9 /* Get scaling factor */
-#define AUX_SET_STREAM 0xEA /* Set stream mode */
-#define AUX_POLL 0xEB /* Poll */
-#define AUX_RESET_WRAP 0xEC /* Reset wrap mode */
-#define AUX_SET_WRAP 0xEE /* Set wrap mode */
-#define AUX_SET_REMOTE 0xF0 /* Set remote mode */
-#define AUX_GET_TYPE 0xF2 /* Get type */
-#define AUX_SET_SAMPLE 0xF3 /* Set sample rate */
-#define AUX_ENABLE_DEV 0xF4 /* Enable aux device */
-#define AUX_DISABLE_DEV 0xF5 /* Disable aux device */
-#define AUX_SET_DEFAULT 0xF6
-#define AUX_RESET 0xFF /* Reset aux device */
-#define AUX_ACK 0xFA /* Command byte ACK. */
-
-#define MOUSE_STATUS_REMOTE 0x40
-#define MOUSE_STATUS_ENABLED 0x20
-#define MOUSE_STATUS_SCALE21 0x10
-
-#define PS2_QUEUE_SIZE 256
-
-typedef struct {
- uint8_t data[PS2_QUEUE_SIZE];
- int rptr, wptr, count;
-} PS2Queue;
-
-typedef struct {
- PS2Queue queue;
- int32_t write_cmd;
- void (*update_irq)(void *, int);
- void *update_arg;
-} PS2State;
-
-typedef struct {
- PS2State common;
- int scan_enabled;
- /* QEMU uses translated PC scancodes internally. To avoid multiple
- conversions we do the translation (if any) in the PS/2 emulation
- not the keyboard controller. */
- int translate;
- int scancode_set; /* 1=XT, 2=AT, 3=PS/2 */
- int ledstate;
-} PS2KbdState;
-
-typedef struct {
- PS2State common;
- uint8_t mouse_status;
- uint8_t mouse_resolution;
- uint8_t mouse_sample_rate;
- uint8_t mouse_wrap;
- uint8_t mouse_type; /* 0 = PS2, 3 = IMPS/2, 4 = IMEX */
- uint8_t mouse_detect_state;
- int mouse_dx; /* current values, needed for 'poll' mode */
- int mouse_dy;
- int mouse_dz;
- uint8_t mouse_buttons;
-} PS2MouseState;
-
-/* Table to convert from PC scancodes to raw scancodes. */
-static const unsigned char ps2_raw_keycode[128] = {
- 0, 118, 22, 30, 38, 37, 46, 54, 61, 62, 70, 69, 78, 85, 102, 13,
- 21, 29, 36, 45, 44, 53, 60, 67, 68, 77, 84, 91, 90, 20, 28, 27,
- 35, 43, 52, 51, 59, 66, 75, 76, 82, 14, 18, 93, 26, 34, 33, 42,
- 50, 49, 58, 65, 73, 74, 89, 124, 17, 41, 88, 5, 6, 4, 12, 3,
- 11, 2, 10, 1, 9, 119, 126, 108, 117, 125, 123, 107, 115, 116, 121, 105,
-114, 122, 112, 113, 127, 96, 97, 120, 7, 15, 23, 31, 39, 47, 55, 63,
- 71, 79, 86, 94, 8, 16, 24, 32, 40, 48, 56, 64, 72, 80, 87, 111,
- 19, 25, 57, 81, 83, 92, 95, 98, 99, 100, 101, 103, 104, 106, 109, 110
-};
-static const unsigned char ps2_raw_keycode_set3[128] = {
- 0, 8, 22, 30, 38, 37, 46, 54, 61, 62, 70, 69, 78, 85, 102, 13,
- 21, 29, 36, 45, 44, 53, 60, 67, 68, 77, 84, 91, 90, 17, 28, 27,
- 35, 43, 52, 51, 59, 66, 75, 76, 82, 14, 18, 92, 26, 34, 33, 42,
- 50, 49, 58, 65, 73, 74, 89, 126, 25, 41, 20, 7, 15, 23, 31, 39,
- 47, 2, 63, 71, 79, 118, 95, 108, 117, 125, 132, 107, 115, 116, 124, 105,
-114, 122, 112, 113, 127, 96, 97, 86, 94, 15, 23, 31, 39, 47, 55, 63,
- 71, 79, 86, 94, 8, 16, 24, 32, 40, 48, 56, 64, 72, 80, 87, 111,
- 19, 25, 57, 81, 83, 92, 95, 98, 99, 100, 101, 103, 104, 106, 109, 110
-};
-
-void ps2_queue(void *opaque, int b)
-{
- PS2State *s = (PS2State *)opaque;
- PS2Queue *q = &s->queue;
-
- if (q->count >= PS2_QUEUE_SIZE)
- return;
- q->data[q->wptr] = b;
- if (++q->wptr == PS2_QUEUE_SIZE)
- q->wptr = 0;
- q->count++;
- s->update_irq(s->update_arg, 1);
-}
-
-/*
- keycode is expressed as follow:
- bit 7 - 0 key pressed, 1 = key released
- bits 6-0 - translated scancode set 2
- */
-static void ps2_put_keycode(void *opaque, int keycode)
-{
- PS2KbdState *s = opaque;
-
- qemu_system_wakeup_request(QEMU_WAKEUP_REASON_OTHER);
- /* XXX: add support for scancode set 1 */
- if (!s->translate && keycode < 0xe0 && s->scancode_set > 1) {
- if (keycode & 0x80) {
- ps2_queue(&s->common, 0xf0);
- }
- if (s->scancode_set == 2) {
- keycode = ps2_raw_keycode[keycode & 0x7f];
- } else if (s->scancode_set == 3) {
- keycode = ps2_raw_keycode_set3[keycode & 0x7f];
- }
- }
- ps2_queue(&s->common, keycode);
-}
-
-uint32_t ps2_read_data(void *opaque)
-{
- PS2State *s = (PS2State *)opaque;
- PS2Queue *q;
- int val, index;
-
- q = &s->queue;
- if (q->count == 0) {
- /* NOTE: if no data left, we return the last keyboard one
- (needed for EMM386) */
- /* XXX: need a timer to do things correctly */
- index = q->rptr - 1;
- if (index < 0)
- index = PS2_QUEUE_SIZE - 1;
- val = q->data[index];
- } else {
- val = q->data[q->rptr];
- if (++q->rptr == PS2_QUEUE_SIZE)
- q->rptr = 0;
- q->count--;
- /* reading deasserts IRQ */
- s->update_irq(s->update_arg, 0);
- /* reassert IRQs if data left */
- s->update_irq(s->update_arg, q->count != 0);
- }
- return val;
-}
-
-static void ps2_set_ledstate(PS2KbdState *s, int ledstate)
-{
- s->ledstate = ledstate;
- kbd_put_ledstate(ledstate);
-}
-
-static void ps2_reset_keyboard(PS2KbdState *s)
-{
- s->scan_enabled = 1;
- s->scancode_set = 2;
- ps2_set_ledstate(s, 0);
-}
-
-void ps2_write_keyboard(void *opaque, int val)
-{
- PS2KbdState *s = (PS2KbdState *)opaque;
-
- switch(s->common.write_cmd) {
- default:
- case -1:
- switch(val) {
- case 0x00:
- ps2_queue(&s->common, KBD_REPLY_ACK);
- break;
- case 0x05:
- ps2_queue(&s->common, KBD_REPLY_RESEND);
- break;
- case KBD_CMD_GET_ID:
- ps2_queue(&s->common, KBD_REPLY_ACK);
- /* We emulate a MF2 AT keyboard here */
- ps2_queue(&s->common, KBD_REPLY_ID);
- if (s->translate)
- ps2_queue(&s->common, 0x41);
- else
- ps2_queue(&s->common, 0x83);
- break;
- case KBD_CMD_ECHO:
- ps2_queue(&s->common, KBD_CMD_ECHO);
- break;
- case KBD_CMD_ENABLE:
- s->scan_enabled = 1;
- ps2_queue(&s->common, KBD_REPLY_ACK);
- break;
- case KBD_CMD_SCANCODE:
- case KBD_CMD_SET_LEDS:
- case KBD_CMD_SET_RATE:
- s->common.write_cmd = val;
- ps2_queue(&s->common, KBD_REPLY_ACK);
- break;
- case KBD_CMD_RESET_DISABLE:
- ps2_reset_keyboard(s);
- s->scan_enabled = 0;
- ps2_queue(&s->common, KBD_REPLY_ACK);
- break;
- case KBD_CMD_RESET_ENABLE:
- ps2_reset_keyboard(s);
- s->scan_enabled = 1;
- ps2_queue(&s->common, KBD_REPLY_ACK);
- break;
- case KBD_CMD_RESET:
- ps2_reset_keyboard(s);
- ps2_queue(&s->common, KBD_REPLY_ACK);
- ps2_queue(&s->common, KBD_REPLY_POR);
- break;
- default:
- ps2_queue(&s->common, KBD_REPLY_ACK);
- break;
- }
- break;
- case KBD_CMD_SCANCODE:
- if (val == 0) {
- if (s->scancode_set == 1)
- ps2_put_keycode(s, 0x43);
- else if (s->scancode_set == 2)
- ps2_put_keycode(s, 0x41);
- else if (s->scancode_set == 3)
- ps2_put_keycode(s, 0x3f);
- } else {
- if (val >= 1 && val <= 3)
- s->scancode_set = val;
- ps2_queue(&s->common, KBD_REPLY_ACK);
- }
- s->common.write_cmd = -1;
- break;
- case KBD_CMD_SET_LEDS:
- ps2_set_ledstate(s, val);
- ps2_queue(&s->common, KBD_REPLY_ACK);
- s->common.write_cmd = -1;
- break;
- case KBD_CMD_SET_RATE:
- ps2_queue(&s->common, KBD_REPLY_ACK);
- s->common.write_cmd = -1;
- break;
- }
-}
-
-/* Set the scancode translation mode.
- 0 = raw scancodes.
- 1 = translated scancodes (used by qemu internally). */
-
-void ps2_keyboard_set_translation(void *opaque, int mode)
-{
- PS2KbdState *s = (PS2KbdState *)opaque;
- s->translate = mode;
-}
-
-static void ps2_mouse_send_packet(PS2MouseState *s)
-{
- unsigned int b;
- int dx1, dy1, dz1;
-
- dx1 = s->mouse_dx;
- dy1 = s->mouse_dy;
- dz1 = s->mouse_dz;
- /* XXX: increase range to 8 bits ? */
- if (dx1 > 127)
- dx1 = 127;
- else if (dx1 < -127)
- dx1 = -127;
- if (dy1 > 127)
- dy1 = 127;
- else if (dy1 < -127)
- dy1 = -127;
- b = 0x08 | ((dx1 < 0) << 4) | ((dy1 < 0) << 5) | (s->mouse_buttons & 0x07);
- ps2_queue(&s->common, b);
- ps2_queue(&s->common, dx1 & 0xff);
- ps2_queue(&s->common, dy1 & 0xff);
- /* extra byte for IMPS/2 or IMEX */
- switch(s->mouse_type) {
- default:
- break;
- case 3:
- if (dz1 > 127)
- dz1 = 127;
- else if (dz1 < -127)
- dz1 = -127;
- ps2_queue(&s->common, dz1 & 0xff);
- break;
- case 4:
- if (dz1 > 7)
- dz1 = 7;
- else if (dz1 < -7)
- dz1 = -7;
- b = (dz1 & 0x0f) | ((s->mouse_buttons & 0x18) << 1);
- ps2_queue(&s->common, b);
- break;
- }
-
- /* update deltas */
- s->mouse_dx -= dx1;
- s->mouse_dy -= dy1;
- s->mouse_dz -= dz1;
-}
-
-static void ps2_mouse_event(void *opaque,
- int dx, int dy, int dz, int buttons_state)
-{
- PS2MouseState *s = opaque;
-
- /* check if deltas are recorded when disabled */
- if (!(s->mouse_status & MOUSE_STATUS_ENABLED))
- return;
-
- s->mouse_dx += dx;
- s->mouse_dy -= dy;
- s->mouse_dz += dz;
- /* XXX: SDL sometimes generates nul events: we delete them */
- if (s->mouse_dx == 0 && s->mouse_dy == 0 && s->mouse_dz == 0 &&
- s->mouse_buttons == buttons_state)
- return;
- s->mouse_buttons = buttons_state;
-
- if (buttons_state) {
- qemu_system_wakeup_request(QEMU_WAKEUP_REASON_OTHER);
- }
-
- if (!(s->mouse_status & MOUSE_STATUS_REMOTE) &&
- (s->common.queue.count < (PS2_QUEUE_SIZE - 16))) {
- for(;;) {
- /* if not remote, send event. Multiple events are sent if
- too big deltas */
- ps2_mouse_send_packet(s);
- if (s->mouse_dx == 0 && s->mouse_dy == 0 && s->mouse_dz == 0)
- break;
- }
- }
-}
-
-void ps2_mouse_fake_event(void *opaque)
-{
- ps2_mouse_event(opaque, 1, 0, 0, 0);
-}
-
-void ps2_write_mouse(void *opaque, int val)
-{
- PS2MouseState *s = (PS2MouseState *)opaque;
-#ifdef DEBUG_MOUSE
- printf("kbd: write mouse 0x%02x\n", val);
-#endif
- switch(s->common.write_cmd) {
- default:
- case -1:
- /* mouse command */
- if (s->mouse_wrap) {
- if (val == AUX_RESET_WRAP) {
- s->mouse_wrap = 0;
- ps2_queue(&s->common, AUX_ACK);
- return;
- } else if (val != AUX_RESET) {
- ps2_queue(&s->common, val);
- return;
- }
- }
- switch(val) {
- case AUX_SET_SCALE11:
- s->mouse_status &= ~MOUSE_STATUS_SCALE21;
- ps2_queue(&s->common, AUX_ACK);
- break;
- case AUX_SET_SCALE21:
- s->mouse_status |= MOUSE_STATUS_SCALE21;
- ps2_queue(&s->common, AUX_ACK);
- break;
- case AUX_SET_STREAM:
- s->mouse_status &= ~MOUSE_STATUS_REMOTE;
- ps2_queue(&s->common, AUX_ACK);
- break;
- case AUX_SET_WRAP:
- s->mouse_wrap = 1;
- ps2_queue(&s->common, AUX_ACK);
- break;
- case AUX_SET_REMOTE:
- s->mouse_status |= MOUSE_STATUS_REMOTE;
- ps2_queue(&s->common, AUX_ACK);
- break;
- case AUX_GET_TYPE:
- ps2_queue(&s->common, AUX_ACK);
- ps2_queue(&s->common, s->mouse_type);
- break;
- case AUX_SET_RES:
- case AUX_SET_SAMPLE:
- s->common.write_cmd = val;
- ps2_queue(&s->common, AUX_ACK);
- break;
- case AUX_GET_SCALE:
- ps2_queue(&s->common, AUX_ACK);
- ps2_queue(&s->common, s->mouse_status);
- ps2_queue(&s->common, s->mouse_resolution);
- ps2_queue(&s->common, s->mouse_sample_rate);
- break;
- case AUX_POLL:
- ps2_queue(&s->common, AUX_ACK);
- ps2_mouse_send_packet(s);
- break;
- case AUX_ENABLE_DEV:
- s->mouse_status |= MOUSE_STATUS_ENABLED;
- ps2_queue(&s->common, AUX_ACK);
- break;
- case AUX_DISABLE_DEV:
- s->mouse_status &= ~MOUSE_STATUS_ENABLED;
- ps2_queue(&s->common, AUX_ACK);
- break;
- case AUX_SET_DEFAULT:
- s->mouse_sample_rate = 100;
- s->mouse_resolution = 2;
- s->mouse_status = 0;
- ps2_queue(&s->common, AUX_ACK);
- break;
- case AUX_RESET:
- s->mouse_sample_rate = 100;
- s->mouse_resolution = 2;
- s->mouse_status = 0;
- s->mouse_type = 0;
- ps2_queue(&s->common, AUX_ACK);
- ps2_queue(&s->common, 0xaa);
- ps2_queue(&s->common, s->mouse_type);
- break;
- default:
- break;
- }
- break;
- case AUX_SET_SAMPLE:
- s->mouse_sample_rate = val;
- /* detect IMPS/2 or IMEX */
- switch(s->mouse_detect_state) {
- default:
- case 0:
- if (val == 200)
- s->mouse_detect_state = 1;
- break;
- case 1:
- if (val == 100)
- s->mouse_detect_state = 2;
- else if (val == 200)
- s->mouse_detect_state = 3;
- else
- s->mouse_detect_state = 0;
- break;
- case 2:
- if (val == 80)
- s->mouse_type = 3; /* IMPS/2 */
- s->mouse_detect_state = 0;
- break;
- case 3:
- if (val == 80)
- s->mouse_type = 4; /* IMEX */
- s->mouse_detect_state = 0;
- break;
- }
- ps2_queue(&s->common, AUX_ACK);
- s->common.write_cmd = -1;
- break;
- case AUX_SET_RES:
- s->mouse_resolution = val;
- ps2_queue(&s->common, AUX_ACK);
- s->common.write_cmd = -1;
- break;
- }
-}
-
-static void ps2_common_reset(PS2State *s)
-{
- PS2Queue *q;
- s->write_cmd = -1;
- q = &s->queue;
- q->rptr = 0;
- q->wptr = 0;
- q->count = 0;
- s->update_irq(s->update_arg, 0);
-}
-
-static void ps2_kbd_reset(void *opaque)
-{
- PS2KbdState *s = (PS2KbdState *) opaque;
-
- ps2_common_reset(&s->common);
- s->scan_enabled = 0;
- s->translate = 0;
- s->scancode_set = 0;
-}
-
-static void ps2_mouse_reset(void *opaque)
-{
- PS2MouseState *s = (PS2MouseState *) opaque;
-
- ps2_common_reset(&s->common);
- s->mouse_status = 0;
- s->mouse_resolution = 0;
- s->mouse_sample_rate = 0;
- s->mouse_wrap = 0;
- s->mouse_type = 0;
- s->mouse_detect_state = 0;
- s->mouse_dx = 0;
- s->mouse_dy = 0;
- s->mouse_dz = 0;
- s->mouse_buttons = 0;
-}
-
-static const VMStateDescription vmstate_ps2_common = {
- .name = "PS2 Common State",
- .version_id = 3,
- .minimum_version_id = 2,
- .minimum_version_id_old = 2,
- .fields = (VMStateField []) {
- VMSTATE_INT32(write_cmd, PS2State),
- VMSTATE_INT32(queue.rptr, PS2State),
- VMSTATE_INT32(queue.wptr, PS2State),
- VMSTATE_INT32(queue.count, PS2State),
- VMSTATE_BUFFER(queue.data, PS2State),
- VMSTATE_END_OF_LIST()
- }
-};
-
-static bool ps2_keyboard_ledstate_needed(void *opaque)
-{
- PS2KbdState *s = opaque;
-
- return s->ledstate != 0; /* 0 is default state */
-}
-
-static int ps2_kbd_ledstate_post_load(void *opaque, int version_id)
-{
- PS2KbdState *s = opaque;
-
- kbd_put_ledstate(s->ledstate);
- return 0;
-}
-
-static const VMStateDescription vmstate_ps2_keyboard_ledstate = {
- .name = "ps2kbd/ledstate",
- .version_id = 3,
- .minimum_version_id = 2,
- .minimum_version_id_old = 2,
- .post_load = ps2_kbd_ledstate_post_load,
- .fields = (VMStateField []) {
- VMSTATE_INT32(ledstate, PS2KbdState),
- VMSTATE_END_OF_LIST()
- }
-};
-
-static int ps2_kbd_post_load(void* opaque, int version_id)
-{
- PS2KbdState *s = (PS2KbdState*)opaque;
-
- if (version_id == 2)
- s->scancode_set=2;
- return 0;
-}
-
-static const VMStateDescription vmstate_ps2_keyboard = {
- .name = "ps2kbd",
- .version_id = 3,
- .minimum_version_id = 2,
- .minimum_version_id_old = 2,
- .post_load = ps2_kbd_post_load,
- .fields = (VMStateField []) {
- VMSTATE_STRUCT(common, PS2KbdState, 0, vmstate_ps2_common, PS2State),
- VMSTATE_INT32(scan_enabled, PS2KbdState),
- VMSTATE_INT32(translate, PS2KbdState),
- VMSTATE_INT32_V(scancode_set, PS2KbdState,3),
- VMSTATE_END_OF_LIST()
- },
- .subsections = (VMStateSubsection []) {
- {
- .vmsd = &vmstate_ps2_keyboard_ledstate,
- .needed = ps2_keyboard_ledstate_needed,
- }, {
- /* empty */
- }
- }
-};
-
-static const VMStateDescription vmstate_ps2_mouse = {
- .name = "ps2mouse",
- .version_id = 2,
- .minimum_version_id = 2,
- .minimum_version_id_old = 2,
- .fields = (VMStateField []) {
- VMSTATE_STRUCT(common, PS2MouseState, 0, vmstate_ps2_common, PS2State),
- VMSTATE_UINT8(mouse_status, PS2MouseState),
- VMSTATE_UINT8(mouse_resolution, PS2MouseState),
- VMSTATE_UINT8(mouse_sample_rate, PS2MouseState),
- VMSTATE_UINT8(mouse_wrap, PS2MouseState),
- VMSTATE_UINT8(mouse_type, PS2MouseState),
- VMSTATE_UINT8(mouse_detect_state, PS2MouseState),
- VMSTATE_INT32(mouse_dx, PS2MouseState),
- VMSTATE_INT32(mouse_dy, PS2MouseState),
- VMSTATE_INT32(mouse_dz, PS2MouseState),
- VMSTATE_UINT8(mouse_buttons, PS2MouseState),
- VMSTATE_END_OF_LIST()
- }
-};
-
-void *ps2_kbd_init(void (*update_irq)(void *, int), void *update_arg)
-{
- PS2KbdState *s = (PS2KbdState *)g_malloc0(sizeof(PS2KbdState));
-
- s->common.update_irq = update_irq;
- s->common.update_arg = update_arg;
- s->scancode_set = 2;
- vmstate_register(NULL, 0, &vmstate_ps2_keyboard, s);
- qemu_add_kbd_event_handler(ps2_put_keycode, s);
- qemu_register_reset(ps2_kbd_reset, s);
- return s;
-}
-
-void *ps2_mouse_init(void (*update_irq)(void *, int), void *update_arg)
-{
- PS2MouseState *s = (PS2MouseState *)g_malloc0(sizeof(PS2MouseState));
-
- s->common.update_irq = update_irq;
- s->common.update_arg = update_arg;
- vmstate_register(NULL, 0, &vmstate_ps2_mouse, s);
- qemu_add_mouse_event_handler(ps2_mouse_event, s, 0, "QEMU PS/2 Mouse");
- qemu_register_reset(ps2_mouse_reset, s);
- return s;
-}
diff --git a/hw/ps2.h b/hw/ps2.h
deleted file mode 100644
index 7c45ce7ce..000000000
--- a/hw/ps2.h
+++ /dev/null
@@ -1,38 +0,0 @@
-/*
- * QEMU PS/2 keyboard/mouse emulation
- *
- * Copyright (C) 2003 Fabrice Bellard
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
- * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
- * THE SOFTWARE.
- */
-
-#ifndef HW_PS2_H
-#define HW_PS2_H
-
-/* ps2.c */
-void *ps2_kbd_init(void (*update_irq)(void *, int), void *update_arg);
-void *ps2_mouse_init(void (*update_irq)(void *, int), void *update_arg);
-void ps2_write_mouse(void *, int val);
-void ps2_write_keyboard(void *, int val);
-uint32_t ps2_read_data(void *);
-void ps2_queue(void *, int b);
-void ps2_keyboard_set_translation(void *opaque, int mode);
-void ps2_mouse_fake_event(void *opaque);
-
-#endif /* !HW_PS2_H */
diff --git a/hw/ptimer.c b/hw/ptimer.c
deleted file mode 100644
index bc0b3f802..000000000
--- a/hw/ptimer.c
+++ /dev/null
@@ -1,231 +0,0 @@
-/*
- * General purpose implementation of a simple periodic countdown timer.
- *
- * Copyright (c) 2007 CodeSourcery.
- *
- * This code is licensed under the GNU LGPL.
- */
-#include "hw.h"
-#include "qemu-timer.h"
-#include "ptimer.h"
-#include "host-utils.h"
-
-struct ptimer_state
-{
- uint8_t enabled; /* 0 = disabled, 1 = periodic, 2 = oneshot. */
- uint64_t limit;
- uint64_t delta;
- uint32_t period_frac;
- int64_t period;
- int64_t last_event;
- int64_t next_event;
- QEMUBH *bh;
- QEMUTimer *timer;
-};
-
-/* Use a bottom-half routine to avoid reentrancy issues. */
-static void ptimer_trigger(ptimer_state *s)
-{
- if (s->bh) {
- qemu_bh_schedule(s->bh);
- }
-}
-
-static void ptimer_reload(ptimer_state *s)
-{
- if (s->delta == 0) {
- ptimer_trigger(s);
- s->delta = s->limit;
- }
- if (s->delta == 0 || s->period == 0) {
- fprintf(stderr, "Timer with period zero, disabling\n");
- s->enabled = 0;
- return;
- }
-
- s->last_event = s->next_event;
- s->next_event = s->last_event + s->delta * s->period;
- if (s->period_frac) {
- s->next_event += ((int64_t)s->period_frac * s->delta) >> 32;
- }
- qemu_mod_timer(s->timer, s->next_event);
-}
-
-static void ptimer_tick(void *opaque)
-{
- ptimer_state *s = (ptimer_state *)opaque;
- ptimer_trigger(s);
- s->delta = 0;
- if (s->enabled == 2) {
- s->enabled = 0;
- } else {
- ptimer_reload(s);
- }
-}
-
-uint64_t ptimer_get_count(ptimer_state *s)
-{
- int64_t now;
- uint64_t counter;
-
- if (s->enabled) {
- now = qemu_get_clock_ns(vm_clock);
- /* Figure out the current counter value. */
- if (now - s->next_event > 0
- || s->period == 0) {
- /* Prevent timer underflowing if it should already have
- triggered. */
- counter = 0;
- } else {
- uint64_t rem;
- uint64_t div;
- int clz1, clz2;
- int shift;
-
- /* We need to divide time by period, where time is stored in
- rem (64-bit integer) and period is stored in period/period_frac
- (64.32 fixed point).
-
- Doing full precision division is hard, so scale values and
- do a 64-bit division. The result should be rounded down,
- so that the rounding error never causes the timer to go
- backwards.
- */
-
- rem = s->next_event - now;
- div = s->period;
-
- clz1 = clz64(rem);
- clz2 = clz64(div);
- shift = clz1 < clz2 ? clz1 : clz2;
-
- rem <<= shift;
- div <<= shift;
- if (shift >= 32) {
- div |= ((uint64_t)s->period_frac << (shift - 32));
- } else {
- if (shift != 0)
- div |= (s->period_frac >> (32 - shift));
- /* Look at remaining bits of period_frac and round div up if
- necessary. */
- if ((uint32_t)(s->period_frac << shift))
- div += 1;
- }
- counter = rem / div;
- }
- } else {
- counter = s->delta;
- }
- return counter;
-}
-
-void ptimer_set_count(ptimer_state *s, uint64_t count)
-{
- s->delta = count;
- if (s->enabled) {
- s->next_event = qemu_get_clock_ns(vm_clock);
- ptimer_reload(s);
- }
-}
-
-void ptimer_run(ptimer_state *s, int oneshot)
-{
- if (s->enabled) {
- return;
- }
- if (s->period == 0) {
- fprintf(stderr, "Timer with period zero, disabling\n");
- return;
- }
- s->enabled = oneshot ? 2 : 1;
- s->next_event = qemu_get_clock_ns(vm_clock);
- ptimer_reload(s);
-}
-
-/* Pause a timer. Note that this may cause it to "lose" time, even if it
- is immediately restarted. */
-void ptimer_stop(ptimer_state *s)
-{
- if (!s->enabled)
- return;
-
- s->delta = ptimer_get_count(s);
- qemu_del_timer(s->timer);
- s->enabled = 0;
-}
-
-/* Set counter increment interval in nanoseconds. */
-void ptimer_set_period(ptimer_state *s, int64_t period)
-{
- s->period = period;
- s->period_frac = 0;
- if (s->enabled) {
- s->next_event = qemu_get_clock_ns(vm_clock);
- ptimer_reload(s);
- }
-}
-
-/* Set counter frequency in Hz. */
-void ptimer_set_freq(ptimer_state *s, uint32_t freq)
-{
- s->period = 1000000000ll / freq;
- s->period_frac = (1000000000ll << 32) / freq;
- if (s->enabled) {
- s->next_event = qemu_get_clock_ns(vm_clock);
- ptimer_reload(s);
- }
-}
-
-/* Set the initial countdown value. If reload is nonzero then also set
- count = limit. */
-void ptimer_set_limit(ptimer_state *s, uint64_t limit, int reload)
-{
- /*
- * Artificially limit timeout rate to something
- * achievable under QEMU. Otherwise, QEMU spends all
- * its time generating timer interrupts, and there
- * is no forward progress.
- * About ten microseconds is the fastest that really works
- * on the current generation of host machines.
- */
-
- if (limit * s->period < 10000 && s->period) {
- limit = 10000 / s->period;
- }
-
- s->limit = limit;
- if (reload)
- s->delta = limit;
- if (s->enabled && reload) {
- s->next_event = qemu_get_clock_ns(vm_clock);
- ptimer_reload(s);
- }
-}
-
-const VMStateDescription vmstate_ptimer = {
- .name = "ptimer",
- .version_id = 1,
- .minimum_version_id = 1,
- .minimum_version_id_old = 1,
- .fields = (VMStateField[]) {
- VMSTATE_UINT8(enabled, ptimer_state),
- VMSTATE_UINT64(limit, ptimer_state),
- VMSTATE_UINT64(delta, ptimer_state),
- VMSTATE_UINT32(period_frac, ptimer_state),
- VMSTATE_INT64(period, ptimer_state),
- VMSTATE_INT64(last_event, ptimer_state),
- VMSTATE_INT64(next_event, ptimer_state),
- VMSTATE_TIMER(timer, ptimer_state),
- VMSTATE_END_OF_LIST()
- }
-};
-
-ptimer_state *ptimer_init(QEMUBH *bh)
-{
- ptimer_state *s;
-
- s = (ptimer_state *)g_malloc0(sizeof(ptimer_state));
- s->bh = bh;
- s->timer = qemu_new_timer_ns(vm_clock, ptimer_tick, s);
- return s;
-}
diff --git a/hw/ptimer.h b/hw/ptimer.h
deleted file mode 100644
index 6638f6132..000000000
--- a/hw/ptimer.h
+++ /dev/null
@@ -1,39 +0,0 @@
-/*
- * General purpose implementation of a simple periodic countdown timer.
- *
- * Copyright (c) 2007 CodeSourcery.
- *
- * This code is licensed under the GNU LGPL.
- */
-#ifndef PTIMER_H
-#define PTIMER_H
-
-#include "qemu-common.h"
-#include "qemu-timer.h"
-#include "vmstate.h"
-
-/* ptimer.c */
-typedef struct ptimer_state ptimer_state;
-typedef void (*ptimer_cb)(void *opaque);
-
-ptimer_state *ptimer_init(QEMUBH *bh);
-void ptimer_set_period(ptimer_state *s, int64_t period);
-void ptimer_set_freq(ptimer_state *s, uint32_t freq);
-void ptimer_set_limit(ptimer_state *s, uint64_t limit, int reload);
-uint64_t ptimer_get_count(ptimer_state *s);
-void ptimer_set_count(ptimer_state *s, uint64_t count);
-void ptimer_run(ptimer_state *s, int oneshot);
-void ptimer_stop(ptimer_state *s);
-
-extern const VMStateDescription vmstate_ptimer;
-
-#define VMSTATE_PTIMER(_field, _state) { \
- .name = (stringify(_field)), \
- .version_id = (1), \
- .vmsd = &vmstate_ptimer, \
- .size = sizeof(ptimer_state *), \
- .flags = VMS_STRUCT|VMS_POINTER, \
- .offset = vmstate_offset_pointer(_state, _field, ptimer_state), \
-}
-
-#endif
diff --git a/hw/puv3.c b/hw/puv3.c
deleted file mode 100644
index 764799cff..000000000
--- a/hw/puv3.c
+++ /dev/null
@@ -1,133 +0,0 @@
-/*
- * Generic PKUnity SoC machine and board descriptor
- *
- * Copyright (C) 2010-2012 Guan Xuetao
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License version 2 as
- * published by the Free Software Foundation, or any later version.
- * See the COPYING file in the top-level directory.
- */
-#include "console.h"
-#include "elf.h"
-#include "exec-memory.h"
-#include "sysbus.h"
-#include "boards.h"
-#include "loader.h"
-#include "pc.h"
-
-#undef DEBUG_PUV3
-#include "puv3.h"
-
-#define KERNEL_LOAD_ADDR 0x03000000
-#define KERNEL_MAX_SIZE 0x00800000 /* Just a guess */
-
-static void puv3_intc_cpu_handler(void *opaque, int irq, int level)
-{
- CPUUniCore32State *env = opaque;
-
- assert(irq == 0);
- if (level) {
- cpu_interrupt(env, CPU_INTERRUPT_HARD);
- } else {
- cpu_reset_interrupt(env, CPU_INTERRUPT_HARD);
- }
-}
-
-static void puv3_soc_init(CPUUniCore32State *env)
-{
- qemu_irq *cpu_intc, irqs[PUV3_IRQS_NR];
- DeviceState *dev;
- MemoryRegion *i8042 = g_new(MemoryRegion, 1);
- int i;
-
- /* Initialize interrupt controller */
- cpu_intc = qemu_allocate_irqs(puv3_intc_cpu_handler, env, 1);
- dev = sysbus_create_simple("puv3_intc", PUV3_INTC_BASE, *cpu_intc);
- for (i = 0; i < PUV3_IRQS_NR; i++) {
- irqs[i] = qdev_get_gpio_in(dev, i);
- }
-
- /* Initialize minimal necessary devices for kernel booting */
- sysbus_create_simple("puv3_pm", PUV3_PM_BASE, NULL);
- sysbus_create_simple("puv3_dma", PUV3_DMA_BASE, NULL);
- sysbus_create_simple("puv3_ost", PUV3_OST_BASE, irqs[PUV3_IRQS_OST0]);
- sysbus_create_varargs("puv3_gpio", PUV3_GPIO_BASE,
- irqs[PUV3_IRQS_GPIOLOW0], irqs[PUV3_IRQS_GPIOLOW1],
- irqs[PUV3_IRQS_GPIOLOW2], irqs[PUV3_IRQS_GPIOLOW3],
- irqs[PUV3_IRQS_GPIOLOW4], irqs[PUV3_IRQS_GPIOLOW5],
- irqs[PUV3_IRQS_GPIOLOW6], irqs[PUV3_IRQS_GPIOLOW7],
- irqs[PUV3_IRQS_GPIOHIGH], NULL);
-
- /* Keyboard (i8042), mouse disabled for nographic */
- i8042_mm_init(irqs[PUV3_IRQS_PS2_KBD], NULL, i8042, PUV3_REGS_OFFSET, 4);
- memory_region_add_subregion(get_system_memory(), PUV3_PS2_BASE, i8042);
-}
-
-static void puv3_board_init(CPUUniCore32State *env, ram_addr_t ram_size)
-{
- MemoryRegion *ram_memory = g_new(MemoryRegion, 1);
-
- /* SDRAM at address zero. */
- memory_region_init_ram(ram_memory, "puv3.ram", ram_size);
- vmstate_register_ram_global(ram_memory);
- memory_region_add_subregion(get_system_memory(), 0, ram_memory);
-}
-
-static void puv3_load_kernel(const char *kernel_filename)
-{
- int size;
-
- assert(kernel_filename != NULL);
-
- /* only zImage format supported */
- size = load_image_targphys(kernel_filename, KERNEL_LOAD_ADDR,
- KERNEL_MAX_SIZE);
- if (size < 0) {
- hw_error("Load kernel error: '%s'\n", kernel_filename);
- }
-
- /* cheat curses that we have a graphic console, only under ocd console */
- graphic_console_init(NULL, NULL, NULL, NULL, NULL);
-}
-
-static void puv3_init(QEMUMachineInitArgs *args)
-{
- ram_addr_t ram_size = args->ram_size;
- const char *cpu_model = args->cpu_model;
- const char *kernel_filename = args->kernel_filename;
- const char *initrd_filename = args->initrd_filename;
- CPUUniCore32State *env;
-
- if (initrd_filename) {
- hw_error("Please use kernel built-in initramdisk.\n");
- }
-
- if (!cpu_model) {
- cpu_model = "UniCore-II";
- }
-
- env = cpu_init(cpu_model);
- if (!env) {
- hw_error("Unable to find CPU definition\n");
- }
-
- puv3_soc_init(env);
- puv3_board_init(env, ram_size);
- puv3_load_kernel(kernel_filename);
-}
-
-static QEMUMachine puv3_machine = {
- .name = "puv3",
- .desc = "PKUnity Version-3 based on UniCore32",
- .init = puv3_init,
- .is_default = 1,
- .use_scsi = 0,
-};
-
-static void puv3_machine_init(void)
-{
- qemu_register_machine(&puv3_machine);
-}
-
-machine_init(puv3_machine_init)
diff --git a/hw/puv3.h b/hw/puv3.h
deleted file mode 100644
index f37adcb66..000000000
--- a/hw/puv3.h
+++ /dev/null
@@ -1,49 +0,0 @@
-/*
- * Misc PKUnity SoC declarations
- *
- * Copyright (C) 2010-2012 Guan Xuetao
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License version 2 as
- * published by the Free Software Foundation, or any later version.
- * See the COPYING file in the top-level directory.
- */
-#ifndef QEMU_HW_PUV3_H
-#define QEMU_HW_PUV3_H
-
-#define PUV3_REGS_OFFSET (0x1000) /* 4K is reasonable */
-
-/* PKUnity System bus (AHB): 0xc0000000 - 0xedffffff (640MB) */
-#define PUV3_DMA_BASE (0xc0200000) /* AHB-4 */
-
-/* PKUnity Peripheral bus (APB): 0xee000000 - 0xefffffff (128MB) */
-#define PUV3_GPIO_BASE (0xee500000) /* APB-5 */
-#define PUV3_INTC_BASE (0xee600000) /* APB-6 */
-#define PUV3_OST_BASE (0xee800000) /* APB-8 */
-#define PUV3_PM_BASE (0xeea00000) /* APB-10 */
-#define PUV3_PS2_BASE (0xeeb00000) /* APB-11 */
-
-/* Hardware interrupts */
-#define PUV3_IRQS_NR (32)
-
-#define PUV3_IRQS_GPIOLOW0 (0)
-#define PUV3_IRQS_GPIOLOW1 (1)
-#define PUV3_IRQS_GPIOLOW2 (2)
-#define PUV3_IRQS_GPIOLOW3 (3)
-#define PUV3_IRQS_GPIOLOW4 (4)
-#define PUV3_IRQS_GPIOLOW5 (5)
-#define PUV3_IRQS_GPIOLOW6 (6)
-#define PUV3_IRQS_GPIOLOW7 (7)
-#define PUV3_IRQS_GPIOHIGH (8)
-#define PUV3_IRQS_PS2_KBD (22)
-#define PUV3_IRQS_PS2_AUX (23)
-#define PUV3_IRQS_OST0 (26)
-
-/* All puv3_*.c use DPRINTF for debug. */
-#ifdef DEBUG_PUV3
-#define DPRINTF(fmt, ...) printf("%s: " fmt , __func__, ## __VA_ARGS__)
-#else
-#define DPRINTF(fmt, ...) do {} while (0)
-#endif
-
-#endif /* !QEMU_HW_PUV3_H */
diff --git a/hw/puv3_dma.c b/hw/puv3_dma.c
deleted file mode 100644
index 9de63b4c3..000000000
--- a/hw/puv3_dma.c
+++ /dev/null
@@ -1,109 +0,0 @@
-/*
- * DMA device simulation in PKUnity SoC
- *
- * Copyright (C) 2010-2012 Guan Xuetao
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License version 2 as
- * published by the Free Software Foundation, or any later version.
- * See the COPYING file in the top-level directory.
- */
-#include "hw.h"
-#include "sysbus.h"
-
-#undef DEBUG_PUV3
-#include "puv3.h"
-
-#define PUV3_DMA_CH_NR (6)
-#define PUV3_DMA_CH_MASK (0xff)
-#define PUV3_DMA_CH(offset) ((offset) >> 8)
-
-typedef struct {
- SysBusDevice busdev;
- MemoryRegion iomem;
- uint32_t reg_CFG[PUV3_DMA_CH_NR];
-} PUV3DMAState;
-
-static uint64_t puv3_dma_read(void *opaque, hwaddr offset,
- unsigned size)
-{
- PUV3DMAState *s = opaque;
- uint32_t ret = 0;
-
- assert(PUV3_DMA_CH(offset) < PUV3_DMA_CH_NR);
-
- switch (offset & PUV3_DMA_CH_MASK) {
- case 0x10:
- ret = s->reg_CFG[PUV3_DMA_CH(offset)];
- break;
- default:
- DPRINTF("Bad offset 0x%x\n", offset);
- }
- DPRINTF("offset 0x%x, value 0x%x\n", offset, ret);
-
- return ret;
-}
-
-static void puv3_dma_write(void *opaque, hwaddr offset,
- uint64_t value, unsigned size)
-{
- PUV3DMAState *s = opaque;
-
- assert(PUV3_DMA_CH(offset) < PUV3_DMA_CH_NR);
-
- switch (offset & PUV3_DMA_CH_MASK) {
- case 0x10:
- s->reg_CFG[PUV3_DMA_CH(offset)] = value;
- break;
- default:
- DPRINTF("Bad offset 0x%x\n", offset);
- }
- DPRINTF("offset 0x%x, value 0x%x\n", offset, value);
-}
-
-static const MemoryRegionOps puv3_dma_ops = {
- .read = puv3_dma_read,
- .write = puv3_dma_write,
- .impl = {
- .min_access_size = 4,
- .max_access_size = 4,
- },
- .endianness = DEVICE_NATIVE_ENDIAN,
-};
-
-static int puv3_dma_init(SysBusDevice *dev)
-{
- PUV3DMAState *s = FROM_SYSBUS(PUV3DMAState, dev);
- int i;
-
- for (i = 0; i < PUV3_DMA_CH_NR; i++) {
- s->reg_CFG[i] = 0x0;
- }
-
- memory_region_init_io(&s->iomem, &puv3_dma_ops, s, "puv3_dma",
- PUV3_REGS_OFFSET);
- sysbus_init_mmio(dev, &s->iomem);
-
- return 0;
-}
-
-static void puv3_dma_class_init(ObjectClass *klass, void *data)
-{
- SysBusDeviceClass *sdc = SYS_BUS_DEVICE_CLASS(klass);
-
- sdc->init = puv3_dma_init;
-}
-
-static const TypeInfo puv3_dma_info = {
- .name = "puv3_dma",
- .parent = TYPE_SYS_BUS_DEVICE,
- .instance_size = sizeof(PUV3DMAState),
- .class_init = puv3_dma_class_init,
-};
-
-static void puv3_dma_register_type(void)
-{
- type_register_static(&puv3_dma_info);
-}
-
-type_init(puv3_dma_register_type)
diff --git a/hw/puv3_gpio.c b/hw/puv3_gpio.c
deleted file mode 100644
index 152248d29..000000000
--- a/hw/puv3_gpio.c
+++ /dev/null
@@ -1,141 +0,0 @@
-/*
- * GPIO device simulation in PKUnity SoC
- *
- * Copyright (C) 2010-2012 Guan Xuetao
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License version 2 as
- * published by the Free Software Foundation, or any later version.
- * See the COPYING file in the top-level directory.
- */
-#include "hw.h"
-#include "sysbus.h"
-
-#undef DEBUG_PUV3
-#include "puv3.h"
-
-typedef struct {
- SysBusDevice busdev;
- MemoryRegion iomem;
- qemu_irq irq[9];
-
- uint32_t reg_GPLR;
- uint32_t reg_GPDR;
- uint32_t reg_GPIR;
-} PUV3GPIOState;
-
-static uint64_t puv3_gpio_read(void *opaque, hwaddr offset,
- unsigned size)
-{
- PUV3GPIOState *s = opaque;
- uint32_t ret = 0;
-
- switch (offset) {
- case 0x00:
- ret = s->reg_GPLR;
- break;
- case 0x04:
- ret = s->reg_GPDR;
- break;
- case 0x20:
- ret = s->reg_GPIR;
- break;
- default:
- DPRINTF("Bad offset 0x%x\n", offset);
- }
- DPRINTF("offset 0x%x, value 0x%x\n", offset, ret);
-
- return ret;
-}
-
-static void puv3_gpio_write(void *opaque, hwaddr offset,
- uint64_t value, unsigned size)
-{
- PUV3GPIOState *s = opaque;
-
- DPRINTF("offset 0x%x, value 0x%x\n", offset, value);
- switch (offset) {
- case 0x04:
- s->reg_GPDR = value;
- break;
- case 0x08:
- if (s->reg_GPDR & value) {
- s->reg_GPLR |= value;
- } else {
- DPRINTF("Write gpio input port error!");
- }
- break;
- case 0x0c:
- if (s->reg_GPDR & value) {
- s->reg_GPLR &= ~value;
- } else {
- DPRINTF("Write gpio input port error!");
- }
- break;
- case 0x10: /* GRER */
- case 0x14: /* GFER */
- case 0x18: /* GEDR */
- break;
- case 0x20: /* GPIR */
- s->reg_GPIR = value;
- break;
- default:
- DPRINTF("Bad offset 0x%x\n", offset);
- }
-}
-
-static const MemoryRegionOps puv3_gpio_ops = {
- .read = puv3_gpio_read,
- .write = puv3_gpio_write,
- .impl = {
- .min_access_size = 4,
- .max_access_size = 4,
- },
- .endianness = DEVICE_NATIVE_ENDIAN,
-};
-
-static int puv3_gpio_init(SysBusDevice *dev)
-{
- PUV3GPIOState *s = FROM_SYSBUS(PUV3GPIOState, dev);
-
- s->reg_GPLR = 0;
- s->reg_GPDR = 0;
-
- /* FIXME: these irqs not handled yet */
- sysbus_init_irq(dev, &s->irq[PUV3_IRQS_GPIOLOW0]);
- sysbus_init_irq(dev, &s->irq[PUV3_IRQS_GPIOLOW1]);
- sysbus_init_irq(dev, &s->irq[PUV3_IRQS_GPIOLOW2]);
- sysbus_init_irq(dev, &s->irq[PUV3_IRQS_GPIOLOW3]);
- sysbus_init_irq(dev, &s->irq[PUV3_IRQS_GPIOLOW4]);
- sysbus_init_irq(dev, &s->irq[PUV3_IRQS_GPIOLOW5]);
- sysbus_init_irq(dev, &s->irq[PUV3_IRQS_GPIOLOW6]);
- sysbus_init_irq(dev, &s->irq[PUV3_IRQS_GPIOLOW7]);
- sysbus_init_irq(dev, &s->irq[PUV3_IRQS_GPIOHIGH]);
-
- memory_region_init_io(&s->iomem, &puv3_gpio_ops, s, "puv3_gpio",
- PUV3_REGS_OFFSET);
- sysbus_init_mmio(dev, &s->iomem);
-
- return 0;
-}
-
-static void puv3_gpio_class_init(ObjectClass *klass, void *data)
-{
- SysBusDeviceClass *sdc = SYS_BUS_DEVICE_CLASS(klass);
-
- sdc->init = puv3_gpio_init;
-}
-
-static const TypeInfo puv3_gpio_info = {
- .name = "puv3_gpio",
- .parent = TYPE_SYS_BUS_DEVICE,
- .instance_size = sizeof(PUV3GPIOState),
- .class_init = puv3_gpio_class_init,
-};
-
-static void puv3_gpio_register_type(void)
-{
- type_register_static(&puv3_gpio_info);
-}
-
-type_init(puv3_gpio_register_type)
diff --git a/hw/puv3_intc.c b/hw/puv3_intc.c
deleted file mode 100644
index 07f564906..000000000
--- a/hw/puv3_intc.c
+++ /dev/null
@@ -1,135 +0,0 @@
-/*
- * INTC device simulation in PKUnity SoC
- *
- * Copyright (C) 2010-2012 Guan Xuetao
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License version 2 as
- * published by the Free Software Foundation, or any later version.
- * See the COPYING file in the top-level directory.
- */
-#include "sysbus.h"
-
-#undef DEBUG_PUV3
-#include "puv3.h"
-
-typedef struct {
- SysBusDevice busdev;
- MemoryRegion iomem;
- qemu_irq parent_irq;
-
- uint32_t reg_ICMR;
- uint32_t reg_ICPR;
-} PUV3INTCState;
-
-/* Update interrupt status after enabled or pending bits have been changed. */
-static void puv3_intc_update(PUV3INTCState *s)
-{
- if (s->reg_ICMR & s->reg_ICPR) {
- qemu_irq_raise(s->parent_irq);
- } else {
- qemu_irq_lower(s->parent_irq);
- }
-}
-
-/* Process a change in an external INTC input. */
-static void puv3_intc_handler(void *opaque, int irq, int level)
-{
- PUV3INTCState *s = opaque;
-
- DPRINTF("irq 0x%x, level 0x%x\n", irq, level);
- if (level) {
- s->reg_ICPR |= (1 << irq);
- } else {
- s->reg_ICPR &= ~(1 << irq);
- }
- puv3_intc_update(s);
-}
-
-static uint64_t puv3_intc_read(void *opaque, hwaddr offset,
- unsigned size)
-{
- PUV3INTCState *s = opaque;
- uint32_t ret = 0;
-
- switch (offset) {
- case 0x04: /* INTC_ICMR */
- ret = s->reg_ICMR;
- break;
- case 0x0c: /* INTC_ICIP */
- ret = s->reg_ICPR; /* the same value with ICPR */
- break;
- default:
- DPRINTF("Bad offset %x\n", (int)offset);
- }
- DPRINTF("offset 0x%x, value 0x%x\n", offset, ret);
- return ret;
-}
-
-static void puv3_intc_write(void *opaque, hwaddr offset,
- uint64_t value, unsigned size)
-{
- PUV3INTCState *s = opaque;
-
- DPRINTF("offset 0x%x, value 0x%x\n", offset, value);
- switch (offset) {
- case 0x00: /* INTC_ICLR */
- case 0x14: /* INTC_ICCR */
- break;
- case 0x04: /* INTC_ICMR */
- s->reg_ICMR = value;
- break;
- default:
- DPRINTF("Bad offset 0x%x\n", (int)offset);
- return;
- }
- puv3_intc_update(s);
-}
-
-static const MemoryRegionOps puv3_intc_ops = {
- .read = puv3_intc_read,
- .write = puv3_intc_write,
- .impl = {
- .min_access_size = 4,
- .max_access_size = 4,
- },
- .endianness = DEVICE_NATIVE_ENDIAN,
-};
-
-static int puv3_intc_init(SysBusDevice *dev)
-{
- PUV3INTCState *s = FROM_SYSBUS(PUV3INTCState, dev);
-
- qdev_init_gpio_in(&s->busdev.qdev, puv3_intc_handler, PUV3_IRQS_NR);
- sysbus_init_irq(&s->busdev, &s->parent_irq);
-
- s->reg_ICMR = 0;
- s->reg_ICPR = 0;
-
- memory_region_init_io(&s->iomem, &puv3_intc_ops, s, "puv3_intc",
- PUV3_REGS_OFFSET);
- sysbus_init_mmio(dev, &s->iomem);
-
- return 0;
-}
-
-static void puv3_intc_class_init(ObjectClass *klass, void *data)
-{
- SysBusDeviceClass *sdc = SYS_BUS_DEVICE_CLASS(klass);
-
- sdc->init = puv3_intc_init;
-}
-
-static const TypeInfo puv3_intc_info = {
- .name = "puv3_intc",
- .parent = TYPE_SYS_BUS_DEVICE,
- .instance_size = sizeof(PUV3INTCState),
- .class_init = puv3_intc_class_init,
-};
-
-static void puv3_intc_register_type(void)
-{
- type_register_static(&puv3_intc_info);
-}
-
-type_init(puv3_intc_register_type)
diff --git a/hw/puv3_ost.c b/hw/puv3_ost.c
deleted file mode 100644
index 14c6f21a7..000000000
--- a/hw/puv3_ost.c
+++ /dev/null
@@ -1,151 +0,0 @@
-/*
- * OSTimer device simulation in PKUnity SoC
- *
- * Copyright (C) 2010-2012 Guan Xuetao
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License version 2 as
- * published by the Free Software Foundation, or any later version.
- * See the COPYING file in the top-level directory.
- */
-#include "sysbus.h"
-#include "ptimer.h"
-
-#undef DEBUG_PUV3
-#include "puv3.h"
-
-/* puv3 ostimer implementation. */
-typedef struct {
- SysBusDevice busdev;
- MemoryRegion iomem;
- QEMUBH *bh;
- qemu_irq irq;
- ptimer_state *ptimer;
-
- uint32_t reg_OSMR0;
- uint32_t reg_OSCR;
- uint32_t reg_OSSR;
- uint32_t reg_OIER;
-} PUV3OSTState;
-
-static uint64_t puv3_ost_read(void *opaque, hwaddr offset,
- unsigned size)
-{
- PUV3OSTState *s = opaque;
- uint32_t ret = 0;
-
- switch (offset) {
- case 0x10: /* Counter Register */
- ret = s->reg_OSMR0 - (uint32_t)ptimer_get_count(s->ptimer);
- break;
- case 0x14: /* Status Register */
- ret = s->reg_OSSR;
- break;
- case 0x1c: /* Interrupt Enable Register */
- ret = s->reg_OIER;
- break;
- default:
- DPRINTF("Bad offset %x\n", (int)offset);
- }
- DPRINTF("offset 0x%x, value 0x%x\n", offset, ret);
- return ret;
-}
-
-static void puv3_ost_write(void *opaque, hwaddr offset,
- uint64_t value, unsigned size)
-{
- PUV3OSTState *s = opaque;
-
- DPRINTF("offset 0x%x, value 0x%x\n", offset, value);
- switch (offset) {
- case 0x00: /* Match Register 0 */
- s->reg_OSMR0 = value;
- if (s->reg_OSMR0 > s->reg_OSCR) {
- ptimer_set_count(s->ptimer, s->reg_OSMR0 - s->reg_OSCR);
- } else {
- ptimer_set_count(s->ptimer, s->reg_OSMR0 +
- (0xffffffff - s->reg_OSCR));
- }
- ptimer_run(s->ptimer, 2);
- break;
- case 0x14: /* Status Register */
- assert(value == 0);
- if (s->reg_OSSR) {
- s->reg_OSSR = value;
- qemu_irq_lower(s->irq);
- }
- break;
- case 0x1c: /* Interrupt Enable Register */
- s->reg_OIER = value;
- break;
- default:
- DPRINTF("Bad offset %x\n", (int)offset);
- }
-}
-
-static const MemoryRegionOps puv3_ost_ops = {
- .read = puv3_ost_read,
- .write = puv3_ost_write,
- .impl = {
- .min_access_size = 4,
- .max_access_size = 4,
- },
- .endianness = DEVICE_NATIVE_ENDIAN,
-};
-
-static void puv3_ost_tick(void *opaque)
-{
- PUV3OSTState *s = opaque;
-
- DPRINTF("ost hit when ptimer counter from 0x%x to 0x%x!\n",
- s->reg_OSCR, s->reg_OSMR0);
-
- s->reg_OSCR = s->reg_OSMR0;
- if (s->reg_OIER) {
- s->reg_OSSR = 1;
- qemu_irq_raise(s->irq);
- }
-}
-
-static int puv3_ost_init(SysBusDevice *dev)
-{
- PUV3OSTState *s = FROM_SYSBUS(PUV3OSTState, dev);
-
- s->reg_OIER = 0;
- s->reg_OSSR = 0;
- s->reg_OSMR0 = 0;
- s->reg_OSCR = 0;
-
- sysbus_init_irq(dev, &s->irq);
-
- s->bh = qemu_bh_new(puv3_ost_tick, s);
- s->ptimer = ptimer_init(s->bh);
- ptimer_set_freq(s->ptimer, 50 * 1000 * 1000);
-
- memory_region_init_io(&s->iomem, &puv3_ost_ops, s, "puv3_ost",
- PUV3_REGS_OFFSET);
- sysbus_init_mmio(dev, &s->iomem);
-
- return 0;
-}
-
-static void puv3_ost_class_init(ObjectClass *klass, void *data)
-{
- SysBusDeviceClass *sdc = SYS_BUS_DEVICE_CLASS(klass);
-
- sdc->init = puv3_ost_init;
-}
-
-static const TypeInfo puv3_ost_info = {
- .name = "puv3_ost",
- .parent = TYPE_SYS_BUS_DEVICE,
- .instance_size = sizeof(PUV3OSTState),
- .class_init = puv3_ost_class_init,
-};
-
-static void puv3_ost_register_type(void)
-{
- type_register_static(&puv3_ost_info);
-}
-
-type_init(puv3_ost_register_type)
diff --git a/hw/puv3_pm.c b/hw/puv3_pm.c
deleted file mode 100644
index 87a687afa..000000000
--- a/hw/puv3_pm.c
+++ /dev/null
@@ -1,149 +0,0 @@
-/*
- * Power Management device simulation in PKUnity SoC
- *
- * Copyright (C) 2010-2012 Guan Xuetao
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License version 2 as
- * published by the Free Software Foundation, or any later version.
- * See the COPYING file in the top-level directory.
- */
-#include "hw.h"
-#include "sysbus.h"
-
-#undef DEBUG_PUV3
-#include "puv3.h"
-
-typedef struct {
- SysBusDevice busdev;
- MemoryRegion iomem;
-
- uint32_t reg_PMCR;
- uint32_t reg_PCGR;
- uint32_t reg_PLL_SYS_CFG;
- uint32_t reg_PLL_DDR_CFG;
- uint32_t reg_PLL_VGA_CFG;
- uint32_t reg_DIVCFG;
-} PUV3PMState;
-
-static uint64_t puv3_pm_read(void *opaque, hwaddr offset,
- unsigned size)
-{
- PUV3PMState *s = opaque;
- uint32_t ret = 0;
-
- switch (offset) {
- case 0x14:
- ret = s->reg_PCGR;
- break;
- case 0x18:
- ret = s->reg_PLL_SYS_CFG;
- break;
- case 0x1c:
- ret = s->reg_PLL_DDR_CFG;
- break;
- case 0x20:
- ret = s->reg_PLL_VGA_CFG;
- break;
- case 0x24:
- ret = s->reg_DIVCFG;
- break;
- case 0x28: /* PLL SYS STATUS */
- ret = 0x00002401;
- break;
- case 0x2c: /* PLL DDR STATUS */
- ret = 0x00100c00;
- break;
- case 0x30: /* PLL VGA STATUS */
- ret = 0x00003801;
- break;
- case 0x34: /* DIV STATUS */
- ret = 0x22f52015;
- break;
- case 0x38: /* SW RESET */
- ret = 0x0;
- break;
- case 0x44: /* PLL DFC DONE */
- ret = 0x7;
- break;
- default:
- DPRINTF("Bad offset 0x%x\n", offset);
- }
- DPRINTF("offset 0x%x, value 0x%x\n", offset, ret);
-
- return ret;
-}
-
-static void puv3_pm_write(void *opaque, hwaddr offset,
- uint64_t value, unsigned size)
-{
- PUV3PMState *s = opaque;
-
- switch (offset) {
- case 0x0:
- s->reg_PMCR = value;
- break;
- case 0x14:
- s->reg_PCGR = value;
- break;
- case 0x18:
- s->reg_PLL_SYS_CFG = value;
- break;
- case 0x1c:
- s->reg_PLL_DDR_CFG = value;
- break;
- case 0x20:
- s->reg_PLL_VGA_CFG = value;
- break;
- case 0x24:
- case 0x38:
- break;
- default:
- DPRINTF("Bad offset 0x%x\n", offset);
- }
- DPRINTF("offset 0x%x, value 0x%x\n", offset, value);
-}
-
-static const MemoryRegionOps puv3_pm_ops = {
- .read = puv3_pm_read,
- .write = puv3_pm_write,
- .impl = {
- .min_access_size = 4,
- .max_access_size = 4,
- },
- .endianness = DEVICE_NATIVE_ENDIAN,
-};
-
-static int puv3_pm_init(SysBusDevice *dev)
-{
- PUV3PMState *s = FROM_SYSBUS(PUV3PMState, dev);
-
- s->reg_PCGR = 0x0;
-
- memory_region_init_io(&s->iomem, &puv3_pm_ops, s, "puv3_pm",
- PUV3_REGS_OFFSET);
- sysbus_init_mmio(dev, &s->iomem);
-
- return 0;
-}
-
-static void puv3_pm_class_init(ObjectClass *klass, void *data)
-{
- SysBusDeviceClass *sdc = SYS_BUS_DEVICE_CLASS(klass);
-
- sdc->init = puv3_pm_init;
-}
-
-static const TypeInfo puv3_pm_info = {
- .name = "puv3_pm",
- .parent = TYPE_SYS_BUS_DEVICE,
- .instance_size = sizeof(PUV3PMState),
- .class_init = puv3_pm_class_init,
-};
-
-static void puv3_pm_register_type(void)
-{
- type_register_static(&puv3_pm_info);
-}
-
-type_init(puv3_pm_register_type)
diff --git a/hw/pxa.h b/hw/pxa.h
deleted file mode 100644
index 49ac820ea..000000000
--- a/hw/pxa.h
+++ /dev/null
@@ -1,191 +0,0 @@
-/*
- * Intel XScale PXA255/270 processor support.
- *
- * Copyright (c) 2006 Openedhand Ltd.
- * Written by Andrzej Zaborowski <balrog@zabor.org>
- *
- * This code is licensed under the GNU GPL v2.
- */
-#ifndef PXA_H
-# define PXA_H "pxa.h"
-
-#include "memory.h"
-
-/* Interrupt numbers */
-# define PXA2XX_PIC_SSP3 0
-# define PXA2XX_PIC_USBH2 2
-# define PXA2XX_PIC_USBH1 3
-# define PXA2XX_PIC_KEYPAD 4
-# define PXA2XX_PIC_PWRI2C 6
-# define PXA25X_PIC_HWUART 7
-# define PXA27X_PIC_OST_4_11 7
-# define PXA2XX_PIC_GPIO_0 8
-# define PXA2XX_PIC_GPIO_1 9
-# define PXA2XX_PIC_GPIO_X 10
-# define PXA2XX_PIC_I2S 13
-# define PXA26X_PIC_ASSP 15
-# define PXA25X_PIC_NSSP 16
-# define PXA27X_PIC_SSP2 16
-# define PXA2XX_PIC_LCD 17
-# define PXA2XX_PIC_I2C 18
-# define PXA2XX_PIC_ICP 19
-# define PXA2XX_PIC_STUART 20
-# define PXA2XX_PIC_BTUART 21
-# define PXA2XX_PIC_FFUART 22
-# define PXA2XX_PIC_MMC 23
-# define PXA2XX_PIC_SSP 24
-# define PXA2XX_PIC_DMA 25
-# define PXA2XX_PIC_OST_0 26
-# define PXA2XX_PIC_RTC1HZ 30
-# define PXA2XX_PIC_RTCALARM 31
-
-/* DMA requests */
-# define PXA2XX_RX_RQ_I2S 2
-# define PXA2XX_TX_RQ_I2S 3
-# define PXA2XX_RX_RQ_BTUART 4
-# define PXA2XX_TX_RQ_BTUART 5
-# define PXA2XX_RX_RQ_FFUART 6
-# define PXA2XX_TX_RQ_FFUART 7
-# define PXA2XX_RX_RQ_SSP1 13
-# define PXA2XX_TX_RQ_SSP1 14
-# define PXA2XX_RX_RQ_SSP2 15
-# define PXA2XX_TX_RQ_SSP2 16
-# define PXA2XX_RX_RQ_ICP 17
-# define PXA2XX_TX_RQ_ICP 18
-# define PXA2XX_RX_RQ_STUART 19
-# define PXA2XX_TX_RQ_STUART 20
-# define PXA2XX_RX_RQ_MMCI 21
-# define PXA2XX_TX_RQ_MMCI 22
-# define PXA2XX_USB_RQ(x) ((x) + 24)
-# define PXA2XX_RX_RQ_SSP3 66
-# define PXA2XX_TX_RQ_SSP3 67
-
-# define PXA2XX_SDRAM_BASE 0xa0000000
-# define PXA2XX_INTERNAL_BASE 0x5c000000
-# define PXA2XX_INTERNAL_SIZE 0x40000
-
-/* pxa2xx_pic.c */
-DeviceState *pxa2xx_pic_init(hwaddr base, ARMCPU *cpu);
-
-/* pxa2xx_gpio.c */
-DeviceState *pxa2xx_gpio_init(hwaddr base,
- CPUARMState *env, DeviceState *pic, int lines);
-void pxa2xx_gpio_read_notifier(DeviceState *dev, qemu_irq handler);
-
-/* pxa2xx_dma.c */
-DeviceState *pxa255_dma_init(hwaddr base, qemu_irq irq);
-DeviceState *pxa27x_dma_init(hwaddr base, qemu_irq irq);
-
-/* pxa2xx_lcd.c */
-typedef struct PXA2xxLCDState PXA2xxLCDState;
-PXA2xxLCDState *pxa2xx_lcdc_init(MemoryRegion *sysmem,
- hwaddr base, qemu_irq irq);
-void pxa2xx_lcd_vsync_notifier(PXA2xxLCDState *s, qemu_irq handler);
-void pxa2xx_lcdc_oritentation(void *opaque, int angle);
-
-/* pxa2xx_mmci.c */
-typedef struct PXA2xxMMCIState PXA2xxMMCIState;
-PXA2xxMMCIState *pxa2xx_mmci_init(MemoryRegion *sysmem,
- hwaddr base,
- BlockDriverState *bd, qemu_irq irq,
- qemu_irq rx_dma, qemu_irq tx_dma);
-void pxa2xx_mmci_handlers(PXA2xxMMCIState *s, qemu_irq readonly,
- qemu_irq coverswitch);
-
-/* pxa2xx_pcmcia.c */
-typedef struct PXA2xxPCMCIAState PXA2xxPCMCIAState;
-PXA2xxPCMCIAState *pxa2xx_pcmcia_init(MemoryRegion *sysmem,
- hwaddr base);
-int pxa2xx_pcmcia_attach(void *opaque, PCMCIACardState *card);
-int pxa2xx_pcmcia_dettach(void *opaque);
-void pxa2xx_pcmcia_set_irq_cb(void *opaque, qemu_irq irq, qemu_irq cd_irq);
-
-/* pxa2xx_keypad.c */
-struct keymap {
- int column;
- int row;
-};
-typedef struct PXA2xxKeyPadState PXA2xxKeyPadState;
-PXA2xxKeyPadState *pxa27x_keypad_init(MemoryRegion *sysmem,
- hwaddr base,
- qemu_irq irq);
-void pxa27x_register_keypad(PXA2xxKeyPadState *kp, struct keymap *map,
- int size);
-
-/* pxa2xx.c */
-typedef struct PXA2xxI2CState PXA2xxI2CState;
-PXA2xxI2CState *pxa2xx_i2c_init(hwaddr base,
- qemu_irq irq, uint32_t page_size);
-i2c_bus *pxa2xx_i2c_bus(PXA2xxI2CState *s);
-
-typedef struct PXA2xxI2SState PXA2xxI2SState;
-typedef struct PXA2xxFIrState PXA2xxFIrState;
-
-typedef struct {
- ARMCPU *cpu;
- DeviceState *pic;
- qemu_irq reset;
- MemoryRegion sdram;
- MemoryRegion internal;
- MemoryRegion cm_iomem;
- MemoryRegion mm_iomem;
- MemoryRegion pm_iomem;
- DeviceState *dma;
- DeviceState *gpio;
- PXA2xxLCDState *lcd;
- SSIBus **ssp;
- PXA2xxI2CState *i2c[2];
- PXA2xxMMCIState *mmc;
- PXA2xxPCMCIAState *pcmcia[2];
- PXA2xxI2SState *i2s;
- PXA2xxFIrState *fir;
- PXA2xxKeyPadState *kp;
-
- /* Power management */
- hwaddr pm_base;
- uint32_t pm_regs[0x40];
-
- /* Clock management */
- hwaddr cm_base;
- uint32_t cm_regs[4];
- uint32_t clkcfg;
-
- /* Memory management */
- hwaddr mm_base;
- uint32_t mm_regs[0x1a];
-
- /* Performance monitoring */
- uint32_t pmnc;
-} PXA2xxState;
-
-struct PXA2xxI2SState {
- MemoryRegion iomem;
- qemu_irq irq;
- qemu_irq rx_dma;
- qemu_irq tx_dma;
- void (*data_req)(void *, int, int);
-
- uint32_t control[2];
- uint32_t status;
- uint32_t mask;
- uint32_t clk;
-
- int enable;
- int rx_len;
- int tx_len;
- void (*codec_out)(void *, uint32_t);
- uint32_t (*codec_in)(void *);
- void *opaque;
-
- int fifo_len;
- uint32_t fifo[16];
-};
-
-# define PA_FMT "0x%08lx"
-# define REG_FMT "0x" TARGET_FMT_plx
-
-PXA2xxState *pxa270_init(MemoryRegion *address_space, unsigned int sdram_size,
- const char *revision);
-PXA2xxState *pxa255_init(MemoryRegion *address_space, unsigned int sdram_size);
-
-#endif /* PXA_H */
diff --git a/hw/pxa2xx.c b/hw/pxa2xx.c
deleted file mode 100644
index e61697920..000000000
--- a/hw/pxa2xx.c
+++ /dev/null
@@ -1,2291 +0,0 @@
-/*
- * Intel XScale PXA255/270 processor support.
- *
- * Copyright (c) 2006 Openedhand Ltd.
- * Written by Andrzej Zaborowski <balrog@zabor.org>
- *
- * This code is licensed under the GPL.
- */
-
-#include "sysbus.h"
-#include "pxa.h"
-#include "sysemu.h"
-#include "serial.h"
-#include "i2c.h"
-#include "ssi.h"
-#include "qemu-char.h"
-#include "blockdev.h"
-
-static struct {
- hwaddr io_base;
- int irqn;
-} pxa255_serial[] = {
- { 0x40100000, PXA2XX_PIC_FFUART },
- { 0x40200000, PXA2XX_PIC_BTUART },
- { 0x40700000, PXA2XX_PIC_STUART },
- { 0x41600000, PXA25X_PIC_HWUART },
- { 0, 0 }
-}, pxa270_serial[] = {
- { 0x40100000, PXA2XX_PIC_FFUART },
- { 0x40200000, PXA2XX_PIC_BTUART },
- { 0x40700000, PXA2XX_PIC_STUART },
- { 0, 0 }
-};
-
-typedef struct PXASSPDef {
- hwaddr io_base;
- int irqn;
-} PXASSPDef;
-
-#if 0
-static PXASSPDef pxa250_ssp[] = {
- { 0x41000000, PXA2XX_PIC_SSP },
- { 0, 0 }
-};
-#endif
-
-static PXASSPDef pxa255_ssp[] = {
- { 0x41000000, PXA2XX_PIC_SSP },
- { 0x41400000, PXA25X_PIC_NSSP },
- { 0, 0 }
-};
-
-#if 0
-static PXASSPDef pxa26x_ssp[] = {
- { 0x41000000, PXA2XX_PIC_SSP },
- { 0x41400000, PXA25X_PIC_NSSP },
- { 0x41500000, PXA26X_PIC_ASSP },
- { 0, 0 }
-};
-#endif
-
-static PXASSPDef pxa27x_ssp[] = {
- { 0x41000000, PXA2XX_PIC_SSP },
- { 0x41700000, PXA27X_PIC_SSP2 },
- { 0x41900000, PXA2XX_PIC_SSP3 },
- { 0, 0 }
-};
-
-#define PMCR 0x00 /* Power Manager Control register */
-#define PSSR 0x04 /* Power Manager Sleep Status register */
-#define PSPR 0x08 /* Power Manager Scratch-Pad register */
-#define PWER 0x0c /* Power Manager Wake-Up Enable register */
-#define PRER 0x10 /* Power Manager Rising-Edge Detect Enable register */
-#define PFER 0x14 /* Power Manager Falling-Edge Detect Enable register */
-#define PEDR 0x18 /* Power Manager Edge-Detect Status register */
-#define PCFR 0x1c /* Power Manager General Configuration register */
-#define PGSR0 0x20 /* Power Manager GPIO Sleep-State register 0 */
-#define PGSR1 0x24 /* Power Manager GPIO Sleep-State register 1 */
-#define PGSR2 0x28 /* Power Manager GPIO Sleep-State register 2 */
-#define PGSR3 0x2c /* Power Manager GPIO Sleep-State register 3 */
-#define RCSR 0x30 /* Reset Controller Status register */
-#define PSLR 0x34 /* Power Manager Sleep Configuration register */
-#define PTSR 0x38 /* Power Manager Standby Configuration register */
-#define PVCR 0x40 /* Power Manager Voltage Change Control register */
-#define PUCR 0x4c /* Power Manager USIM Card Control/Status register */
-#define PKWR 0x50 /* Power Manager Keyboard Wake-Up Enable register */
-#define PKSR 0x54 /* Power Manager Keyboard Level-Detect Status */
-#define PCMD0 0x80 /* Power Manager I2C Command register File 0 */
-#define PCMD31 0xfc /* Power Manager I2C Command register File 31 */
-
-static uint64_t pxa2xx_pm_read(void *opaque, hwaddr addr,
- unsigned size)
-{
- PXA2xxState *s = (PXA2xxState *) opaque;
-
- switch (addr) {
- case PMCR ... PCMD31:
- if (addr & 3)
- goto fail;
-
- return s->pm_regs[addr >> 2];
- default:
- fail:
- printf("%s: Bad register " REG_FMT "\n", __FUNCTION__, addr);
- break;
- }
- return 0;
-}
-
-static void pxa2xx_pm_write(void *opaque, hwaddr addr,
- uint64_t value, unsigned size)
-{
- PXA2xxState *s = (PXA2xxState *) opaque;
-
- switch (addr) {
- case PMCR:
- /* Clear the write-one-to-clear bits... */
- s->pm_regs[addr >> 2] &= ~(value & 0x2a);
- /* ...and set the plain r/w bits */
- s->pm_regs[addr >> 2] &= ~0x15;
- s->pm_regs[addr >> 2] |= value & 0x15;
- break;
-
- case PSSR: /* Read-clean registers */
- case RCSR:
- case PKSR:
- s->pm_regs[addr >> 2] &= ~value;
- break;
-
- default: /* Read-write registers */
- if (!(addr & 3)) {
- s->pm_regs[addr >> 2] = value;
- break;
- }
-
- printf("%s: Bad register " REG_FMT "\n", __FUNCTION__, addr);
- break;
- }
-}
-
-static const MemoryRegionOps pxa2xx_pm_ops = {
- .read = pxa2xx_pm_read,
- .write = pxa2xx_pm_write,
- .endianness = DEVICE_NATIVE_ENDIAN,
-};
-
-static const VMStateDescription vmstate_pxa2xx_pm = {
- .name = "pxa2xx_pm",
- .version_id = 0,
- .minimum_version_id = 0,
- .minimum_version_id_old = 0,
- .fields = (VMStateField[]) {
- VMSTATE_UINT32_ARRAY(pm_regs, PXA2xxState, 0x40),
- VMSTATE_END_OF_LIST()
- }
-};
-
-#define CCCR 0x00 /* Core Clock Configuration register */
-#define CKEN 0x04 /* Clock Enable register */
-#define OSCC 0x08 /* Oscillator Configuration register */
-#define CCSR 0x0c /* Core Clock Status register */
-
-static uint64_t pxa2xx_cm_read(void *opaque, hwaddr addr,
- unsigned size)
-{
- PXA2xxState *s = (PXA2xxState *) opaque;
-
- switch (addr) {
- case CCCR:
- case CKEN:
- case OSCC:
- return s->cm_regs[addr >> 2];
-
- case CCSR:
- return s->cm_regs[CCCR >> 2] | (3 << 28);
-
- default:
- printf("%s: Bad register " REG_FMT "\n", __FUNCTION__, addr);
- break;
- }
- return 0;
-}
-
-static void pxa2xx_cm_write(void *opaque, hwaddr addr,
- uint64_t value, unsigned size)
-{
- PXA2xxState *s = (PXA2xxState *) opaque;
-
- switch (addr) {
- case CCCR:
- case CKEN:
- s->cm_regs[addr >> 2] = value;
- break;
-
- case OSCC:
- s->cm_regs[addr >> 2] &= ~0x6c;
- s->cm_regs[addr >> 2] |= value & 0x6e;
- if ((value >> 1) & 1) /* OON */
- s->cm_regs[addr >> 2] |= 1 << 0; /* Oscillator is now stable */
- break;
-
- default:
- printf("%s: Bad register " REG_FMT "\n", __FUNCTION__, addr);
- break;
- }
-}
-
-static const MemoryRegionOps pxa2xx_cm_ops = {
- .read = pxa2xx_cm_read,
- .write = pxa2xx_cm_write,
- .endianness = DEVICE_NATIVE_ENDIAN,
-};
-
-static const VMStateDescription vmstate_pxa2xx_cm = {
- .name = "pxa2xx_cm",
- .version_id = 0,
- .minimum_version_id = 0,
- .minimum_version_id_old = 0,
- .fields = (VMStateField[]) {
- VMSTATE_UINT32_ARRAY(cm_regs, PXA2xxState, 4),
- VMSTATE_UINT32(clkcfg, PXA2xxState),
- VMSTATE_UINT32(pmnc, PXA2xxState),
- VMSTATE_END_OF_LIST()
- }
-};
-
-static int pxa2xx_clkcfg_read(CPUARMState *env, const ARMCPRegInfo *ri,
- uint64_t *value)
-{
- PXA2xxState *s = (PXA2xxState *)ri->opaque;
- *value = s->clkcfg;
- return 0;
-}
-
-static int pxa2xx_clkcfg_write(CPUARMState *env, const ARMCPRegInfo *ri,
- uint64_t value)
-{
- PXA2xxState *s = (PXA2xxState *)ri->opaque;
- s->clkcfg = value & 0xf;
- if (value & 2) {
- printf("%s: CPU frequency change attempt\n", __func__);
- }
- return 0;
-}
-
-static int pxa2xx_pwrmode_write(CPUARMState *env, const ARMCPRegInfo *ri,
- uint64_t value)
-{
- PXA2xxState *s = (PXA2xxState *)ri->opaque;
- static const char *pwrmode[8] = {
- "Normal", "Idle", "Deep-idle", "Standby",
- "Sleep", "reserved (!)", "reserved (!)", "Deep-sleep",
- };
-
- if (value & 8) {
- printf("%s: CPU voltage change attempt\n", __func__);
- }
- switch (value & 7) {
- case 0:
- /* Do nothing */
- break;
-
- case 1:
- /* Idle */
- if (!(s->cm_regs[CCCR >> 2] & (1 << 31))) { /* CPDIS */
- cpu_interrupt(&s->cpu->env, CPU_INTERRUPT_HALT);
- break;
- }
- /* Fall through. */
-
- case 2:
- /* Deep-Idle */
- cpu_interrupt(&s->cpu->env, CPU_INTERRUPT_HALT);
- s->pm_regs[RCSR >> 2] |= 0x8; /* Set GPR */
- goto message;
-
- case 3:
- s->cpu->env.uncached_cpsr =
- ARM_CPU_MODE_SVC | CPSR_A | CPSR_F | CPSR_I;
- s->cpu->env.cp15.c1_sys = 0;
- s->cpu->env.cp15.c1_coproc = 0;
- s->cpu->env.cp15.c2_base0 = 0;
- s->cpu->env.cp15.c3 = 0;
- s->pm_regs[PSSR >> 2] |= 0x8; /* Set STS */
- s->pm_regs[RCSR >> 2] |= 0x8; /* Set GPR */
-
- /*
- * The scratch-pad register is almost universally used
- * for storing the return address on suspend. For the
- * lack of a resuming bootloader, perform a jump
- * directly to that address.
- */
- memset(s->cpu->env.regs, 0, 4 * 15);
- s->cpu->env.regs[15] = s->pm_regs[PSPR >> 2];
-
-#if 0
- buffer = 0xe59ff000; /* ldr pc, [pc, #0] */
- cpu_physical_memory_write(0, &buffer, 4);
- buffer = s->pm_regs[PSPR >> 2];
- cpu_physical_memory_write(8, &buffer, 4);
-#endif
-
- /* Suspend */
- cpu_interrupt(cpu_single_env, CPU_INTERRUPT_HALT);
-
- goto message;
-
- default:
- message:
- printf("%s: machine entered %s mode\n", __func__,
- pwrmode[value & 7]);
- }
-
- return 0;
-}
-
-static int pxa2xx_cppmnc_read(CPUARMState *env, const ARMCPRegInfo *ri,
- uint64_t *value)
-{
- PXA2xxState *s = (PXA2xxState *)ri->opaque;
- *value = s->pmnc;
- return 0;
-}
-
-static int pxa2xx_cppmnc_write(CPUARMState *env, const ARMCPRegInfo *ri,
- uint64_t value)
-{
- PXA2xxState *s = (PXA2xxState *)ri->opaque;
- s->pmnc = value;
- return 0;
-}
-
-static int pxa2xx_cpccnt_read(CPUARMState *env, const ARMCPRegInfo *ri,
- uint64_t *value)
-{
- PXA2xxState *s = (PXA2xxState *)ri->opaque;
- if (s->pmnc & 1) {
- *value = qemu_get_clock_ns(vm_clock);
- } else {
- *value = 0;
- }
- return 0;
-}
-
-static const ARMCPRegInfo pxa_cp_reginfo[] = {
- /* cp14 crn==1: perf registers */
- { .name = "CPPMNC", .cp = 14, .crn = 1, .crm = 0, .opc1 = 0, .opc2 = 0,
- .access = PL1_RW,
- .readfn = pxa2xx_cppmnc_read, .writefn = pxa2xx_cppmnc_write },
- { .name = "CPCCNT", .cp = 14, .crn = 1, .crm = 1, .opc1 = 0, .opc2 = 0,
- .access = PL1_RW,
- .readfn = pxa2xx_cpccnt_read, .writefn = arm_cp_write_ignore },
- { .name = "CPINTEN", .cp = 14, .crn = 1, .crm = 4, .opc1 = 0, .opc2 = 0,
- .access = PL1_RW, .type = ARM_CP_CONST, .resetvalue = 0 },
- { .name = "CPFLAG", .cp = 14, .crn = 1, .crm = 5, .opc1 = 0, .opc2 = 0,
- .access = PL1_RW, .type = ARM_CP_CONST, .resetvalue = 0 },
- { .name = "CPEVTSEL", .cp = 14, .crn = 1, .crm = 8, .opc1 = 0, .opc2 = 0,
- .access = PL1_RW, .type = ARM_CP_CONST, .resetvalue = 0 },
- /* cp14 crn==2: performance count registers */
- { .name = "CPPMN0", .cp = 14, .crn = 2, .crm = 0, .opc1 = 0, .opc2 = 0,
- .access = PL1_RW, .type = ARM_CP_CONST, .resetvalue = 0 },
- { .name = "CPPMN1", .cp = 14, .crn = 2, .crm = 1, .opc1 = 0, .opc2 = 0,
- .access = PL1_RW, .type = ARM_CP_CONST, .resetvalue = 0 },
- { .name = "CPPMN2", .cp = 14, .crn = 2, .crm = 2, .opc1 = 0, .opc2 = 0,
- .access = PL1_RW, .type = ARM_CP_CONST, .resetvalue = 0 },
- { .name = "CPPMN3", .cp = 14, .crn = 2, .crm = 3, .opc1 = 0, .opc2 = 0,
- .access = PL1_RW, .type = ARM_CP_CONST, .resetvalue = 0 },
- /* cp14 crn==6: CLKCFG */
- { .name = "CLKCFG", .cp = 14, .crn = 6, .crm = 0, .opc1 = 0, .opc2 = 0,
- .access = PL1_RW,
- .readfn = pxa2xx_clkcfg_read, .writefn = pxa2xx_clkcfg_write },
- /* cp14 crn==7: PWRMODE */
- { .name = "PWRMODE", .cp = 14, .crn = 7, .crm = 0, .opc1 = 0, .opc2 = 0,
- .access = PL1_RW,
- .readfn = arm_cp_read_zero, .writefn = pxa2xx_pwrmode_write },
- REGINFO_SENTINEL
-};
-
-static void pxa2xx_setup_cp14(PXA2xxState *s)
-{
- define_arm_cp_regs_with_opaque(s->cpu, pxa_cp_reginfo, s);
-}
-
-#define MDCNFG 0x00 /* SDRAM Configuration register */
-#define MDREFR 0x04 /* SDRAM Refresh Control register */
-#define MSC0 0x08 /* Static Memory Control register 0 */
-#define MSC1 0x0c /* Static Memory Control register 1 */
-#define MSC2 0x10 /* Static Memory Control register 2 */
-#define MECR 0x14 /* Expansion Memory Bus Config register */
-#define SXCNFG 0x1c /* Synchronous Static Memory Config register */
-#define MCMEM0 0x28 /* PC Card Memory Socket 0 Timing register */
-#define MCMEM1 0x2c /* PC Card Memory Socket 1 Timing register */
-#define MCATT0 0x30 /* PC Card Attribute Socket 0 register */
-#define MCATT1 0x34 /* PC Card Attribute Socket 1 register */
-#define MCIO0 0x38 /* PC Card I/O Socket 0 Timing register */
-#define MCIO1 0x3c /* PC Card I/O Socket 1 Timing register */
-#define MDMRS 0x40 /* SDRAM Mode Register Set Config register */
-#define BOOT_DEF 0x44 /* Boot-time Default Configuration register */
-#define ARB_CNTL 0x48 /* Arbiter Control register */
-#define BSCNTR0 0x4c /* Memory Buffer Strength Control register 0 */
-#define BSCNTR1 0x50 /* Memory Buffer Strength Control register 1 */
-#define LCDBSCNTR 0x54 /* LCD Buffer Strength Control register */
-#define MDMRSLP 0x58 /* Low Power SDRAM Mode Set Config register */
-#define BSCNTR2 0x5c /* Memory Buffer Strength Control register 2 */
-#define BSCNTR3 0x60 /* Memory Buffer Strength Control register 3 */
-#define SA1110 0x64 /* SA-1110 Memory Compatibility register */
-
-static uint64_t pxa2xx_mm_read(void *opaque, hwaddr addr,
- unsigned size)
-{
- PXA2xxState *s = (PXA2xxState *) opaque;
-
- switch (addr) {
- case MDCNFG ... SA1110:
- if ((addr & 3) == 0)
- return s->mm_regs[addr >> 2];
-
- default:
- printf("%s: Bad register " REG_FMT "\n", __FUNCTION__, addr);
- break;
- }
- return 0;
-}
-
-static void pxa2xx_mm_write(void *opaque, hwaddr addr,
- uint64_t value, unsigned size)
-{
- PXA2xxState *s = (PXA2xxState *) opaque;
-
- switch (addr) {
- case MDCNFG ... SA1110:
- if ((addr & 3) == 0) {
- s->mm_regs[addr >> 2] = value;
- break;
- }
-
- default:
- printf("%s: Bad register " REG_FMT "\n", __FUNCTION__, addr);
- break;
- }
-}
-
-static const MemoryRegionOps pxa2xx_mm_ops = {
- .read = pxa2xx_mm_read,
- .write = pxa2xx_mm_write,
- .endianness = DEVICE_NATIVE_ENDIAN,
-};
-
-static const VMStateDescription vmstate_pxa2xx_mm = {
- .name = "pxa2xx_mm",
- .version_id = 0,
- .minimum_version_id = 0,
- .minimum_version_id_old = 0,
- .fields = (VMStateField[]) {
- VMSTATE_UINT32_ARRAY(mm_regs, PXA2xxState, 0x1a),
- VMSTATE_END_OF_LIST()
- }
-};
-
-/* Synchronous Serial Ports */
-typedef struct {
- SysBusDevice busdev;
- MemoryRegion iomem;
- qemu_irq irq;
- int enable;
- SSIBus *bus;
-
- uint32_t sscr[2];
- uint32_t sspsp;
- uint32_t ssto;
- uint32_t ssitr;
- uint32_t sssr;
- uint8_t sstsa;
- uint8_t ssrsa;
- uint8_t ssacd;
-
- uint32_t rx_fifo[16];
- int rx_level;
- int rx_start;
-} PXA2xxSSPState;
-
-#define SSCR0 0x00 /* SSP Control register 0 */
-#define SSCR1 0x04 /* SSP Control register 1 */
-#define SSSR 0x08 /* SSP Status register */
-#define SSITR 0x0c /* SSP Interrupt Test register */
-#define SSDR 0x10 /* SSP Data register */
-#define SSTO 0x28 /* SSP Time-Out register */
-#define SSPSP 0x2c /* SSP Programmable Serial Protocol register */
-#define SSTSA 0x30 /* SSP TX Time Slot Active register */
-#define SSRSA 0x34 /* SSP RX Time Slot Active register */
-#define SSTSS 0x38 /* SSP Time Slot Status register */
-#define SSACD 0x3c /* SSP Audio Clock Divider register */
-
-/* Bitfields for above registers */
-#define SSCR0_SPI(x) (((x) & 0x30) == 0x00)
-#define SSCR0_SSP(x) (((x) & 0x30) == 0x10)
-#define SSCR0_UWIRE(x) (((x) & 0x30) == 0x20)
-#define SSCR0_PSP(x) (((x) & 0x30) == 0x30)
-#define SSCR0_SSE (1 << 7)
-#define SSCR0_RIM (1 << 22)
-#define SSCR0_TIM (1 << 23)
-#define SSCR0_MOD (1 << 31)
-#define SSCR0_DSS(x) (((((x) >> 16) & 0x10) | ((x) & 0xf)) + 1)
-#define SSCR1_RIE (1 << 0)
-#define SSCR1_TIE (1 << 1)
-#define SSCR1_LBM (1 << 2)
-#define SSCR1_MWDS (1 << 5)
-#define SSCR1_TFT(x) ((((x) >> 6) & 0xf) + 1)
-#define SSCR1_RFT(x) ((((x) >> 10) & 0xf) + 1)
-#define SSCR1_EFWR (1 << 14)
-#define SSCR1_PINTE (1 << 18)
-#define SSCR1_TINTE (1 << 19)
-#define SSCR1_RSRE (1 << 20)
-#define SSCR1_TSRE (1 << 21)
-#define SSCR1_EBCEI (1 << 29)
-#define SSITR_INT (7 << 5)
-#define SSSR_TNF (1 << 2)
-#define SSSR_RNE (1 << 3)
-#define SSSR_TFS (1 << 5)
-#define SSSR_RFS (1 << 6)
-#define SSSR_ROR (1 << 7)
-#define SSSR_PINT (1 << 18)
-#define SSSR_TINT (1 << 19)
-#define SSSR_EOC (1 << 20)
-#define SSSR_TUR (1 << 21)
-#define SSSR_BCE (1 << 23)
-#define SSSR_RW 0x00bc0080
-
-static void pxa2xx_ssp_int_update(PXA2xxSSPState *s)
-{
- int level = 0;
-
- level |= s->ssitr & SSITR_INT;
- level |= (s->sssr & SSSR_BCE) && (s->sscr[1] & SSCR1_EBCEI);
- level |= (s->sssr & SSSR_TUR) && !(s->sscr[0] & SSCR0_TIM);
- level |= (s->sssr & SSSR_EOC) && (s->sssr & (SSSR_TINT | SSSR_PINT));
- level |= (s->sssr & SSSR_TINT) && (s->sscr[1] & SSCR1_TINTE);
- level |= (s->sssr & SSSR_PINT) && (s->sscr[1] & SSCR1_PINTE);
- level |= (s->sssr & SSSR_ROR) && !(s->sscr[0] & SSCR0_RIM);
- level |= (s->sssr & SSSR_RFS) && (s->sscr[1] & SSCR1_RIE);
- level |= (s->sssr & SSSR_TFS) && (s->sscr[1] & SSCR1_TIE);
- qemu_set_irq(s->irq, !!level);
-}
-
-static void pxa2xx_ssp_fifo_update(PXA2xxSSPState *s)
-{
- s->sssr &= ~(0xf << 12); /* Clear RFL */
- s->sssr &= ~(0xf << 8); /* Clear TFL */
- s->sssr &= ~SSSR_TFS;
- s->sssr &= ~SSSR_TNF;
- if (s->enable) {
- s->sssr |= ((s->rx_level - 1) & 0xf) << 12;
- if (s->rx_level >= SSCR1_RFT(s->sscr[1]))
- s->sssr |= SSSR_RFS;
- else
- s->sssr &= ~SSSR_RFS;
- if (s->rx_level)
- s->sssr |= SSSR_RNE;
- else
- s->sssr &= ~SSSR_RNE;
- /* TX FIFO is never filled, so it is always in underrun
- condition if SSP is enabled */
- s->sssr |= SSSR_TFS;
- s->sssr |= SSSR_TNF;
- }
-
- pxa2xx_ssp_int_update(s);
-}
-
-static uint64_t pxa2xx_ssp_read(void *opaque, hwaddr addr,
- unsigned size)
-{
- PXA2xxSSPState *s = (PXA2xxSSPState *) opaque;
- uint32_t retval;
-
- switch (addr) {
- case SSCR0:
- return s->sscr[0];
- case SSCR1:
- return s->sscr[1];
- case SSPSP:
- return s->sspsp;
- case SSTO:
- return s->ssto;
- case SSITR:
- return s->ssitr;
- case SSSR:
- return s->sssr | s->ssitr;
- case SSDR:
- if (!s->enable)
- return 0xffffffff;
- if (s->rx_level < 1) {
- printf("%s: SSP Rx Underrun\n", __FUNCTION__);
- return 0xffffffff;
- }
- s->rx_level --;
- retval = s->rx_fifo[s->rx_start ++];
- s->rx_start &= 0xf;
- pxa2xx_ssp_fifo_update(s);
- return retval;
- case SSTSA:
- return s->sstsa;
- case SSRSA:
- return s->ssrsa;
- case SSTSS:
- return 0;
- case SSACD:
- return s->ssacd;
- default:
- printf("%s: Bad register " REG_FMT "\n", __FUNCTION__, addr);
- break;
- }
- return 0;
-}
-
-static void pxa2xx_ssp_write(void *opaque, hwaddr addr,
- uint64_t value64, unsigned size)
-{
- PXA2xxSSPState *s = (PXA2xxSSPState *) opaque;
- uint32_t value = value64;
-
- switch (addr) {
- case SSCR0:
- s->sscr[0] = value & 0xc7ffffff;
- s->enable = value & SSCR0_SSE;
- if (value & SSCR0_MOD)
- printf("%s: Attempt to use network mode\n", __FUNCTION__);
- if (s->enable && SSCR0_DSS(value) < 4)
- printf("%s: Wrong data size: %i bits\n", __FUNCTION__,
- SSCR0_DSS(value));
- if (!(value & SSCR0_SSE)) {
- s->sssr = 0;
- s->ssitr = 0;
- s->rx_level = 0;
- }
- pxa2xx_ssp_fifo_update(s);
- break;
-
- case SSCR1:
- s->sscr[1] = value;
- if (value & (SSCR1_LBM | SSCR1_EFWR))
- printf("%s: Attempt to use SSP test mode\n", __FUNCTION__);
- pxa2xx_ssp_fifo_update(s);
- break;
-
- case SSPSP:
- s->sspsp = value;
- break;
-
- case SSTO:
- s->ssto = value;
- break;
-
- case SSITR:
- s->ssitr = value & SSITR_INT;
- pxa2xx_ssp_int_update(s);
- break;
-
- case SSSR:
- s->sssr &= ~(value & SSSR_RW);
- pxa2xx_ssp_int_update(s);
- break;
-
- case SSDR:
- if (SSCR0_UWIRE(s->sscr[0])) {
- if (s->sscr[1] & SSCR1_MWDS)
- value &= 0xffff;
- else
- value &= 0xff;
- } else
- /* Note how 32bits overflow does no harm here */
- value &= (1 << SSCR0_DSS(s->sscr[0])) - 1;
-
- /* Data goes from here to the Tx FIFO and is shifted out from
- * there directly to the slave, no need to buffer it.
- */
- if (s->enable) {
- uint32_t readval;
- readval = ssi_transfer(s->bus, value);
- if (s->rx_level < 0x10) {
- s->rx_fifo[(s->rx_start + s->rx_level ++) & 0xf] = readval;
- } else {
- s->sssr |= SSSR_ROR;
- }
- }
- pxa2xx_ssp_fifo_update(s);
- break;
-
- case SSTSA:
- s->sstsa = value;
- break;
-
- case SSRSA:
- s->ssrsa = value;
- break;
-
- case SSACD:
- s->ssacd = value;
- break;
-
- default:
- printf("%s: Bad register " REG_FMT "\n", __FUNCTION__, addr);
- break;
- }
-}
-
-static const MemoryRegionOps pxa2xx_ssp_ops = {
- .read = pxa2xx_ssp_read,
- .write = pxa2xx_ssp_write,
- .endianness = DEVICE_NATIVE_ENDIAN,
-};
-
-static void pxa2xx_ssp_save(QEMUFile *f, void *opaque)
-{
- PXA2xxSSPState *s = (PXA2xxSSPState *) opaque;
- int i;
-
- qemu_put_be32(f, s->enable);
-
- qemu_put_be32s(f, &s->sscr[0]);
- qemu_put_be32s(f, &s->sscr[1]);
- qemu_put_be32s(f, &s->sspsp);
- qemu_put_be32s(f, &s->ssto);
- qemu_put_be32s(f, &s->ssitr);
- qemu_put_be32s(f, &s->sssr);
- qemu_put_8s(f, &s->sstsa);
- qemu_put_8s(f, &s->ssrsa);
- qemu_put_8s(f, &s->ssacd);
-
- qemu_put_byte(f, s->rx_level);
- for (i = 0; i < s->rx_level; i ++)
- qemu_put_byte(f, s->rx_fifo[(s->rx_start + i) & 0xf]);
-}
-
-static int pxa2xx_ssp_load(QEMUFile *f, void *opaque, int version_id)
-{
- PXA2xxSSPState *s = (PXA2xxSSPState *) opaque;
- int i;
-
- s->enable = qemu_get_be32(f);
-
- qemu_get_be32s(f, &s->sscr[0]);
- qemu_get_be32s(f, &s->sscr[1]);
- qemu_get_be32s(f, &s->sspsp);
- qemu_get_be32s(f, &s->ssto);
- qemu_get_be32s(f, &s->ssitr);
- qemu_get_be32s(f, &s->sssr);
- qemu_get_8s(f, &s->sstsa);
- qemu_get_8s(f, &s->ssrsa);
- qemu_get_8s(f, &s->ssacd);
-
- s->rx_level = qemu_get_byte(f);
- s->rx_start = 0;
- for (i = 0; i < s->rx_level; i ++)
- s->rx_fifo[i] = qemu_get_byte(f);
-
- return 0;
-}
-
-static int pxa2xx_ssp_init(SysBusDevice *dev)
-{
- PXA2xxSSPState *s = FROM_SYSBUS(PXA2xxSSPState, dev);
-
- sysbus_init_irq(dev, &s->irq);
-
- memory_region_init_io(&s->iomem, &pxa2xx_ssp_ops, s, "pxa2xx-ssp", 0x1000);
- sysbus_init_mmio(dev, &s->iomem);
- register_savevm(&dev->qdev, "pxa2xx_ssp", -1, 0,
- pxa2xx_ssp_save, pxa2xx_ssp_load, s);
-
- s->bus = ssi_create_bus(&dev->qdev, "ssi");
- return 0;
-}
-
-/* Real-Time Clock */
-#define RCNR 0x00 /* RTC Counter register */
-#define RTAR 0x04 /* RTC Alarm register */
-#define RTSR 0x08 /* RTC Status register */
-#define RTTR 0x0c /* RTC Timer Trim register */
-#define RDCR 0x10 /* RTC Day Counter register */
-#define RYCR 0x14 /* RTC Year Counter register */
-#define RDAR1 0x18 /* RTC Wristwatch Day Alarm register 1 */
-#define RYAR1 0x1c /* RTC Wristwatch Year Alarm register 1 */
-#define RDAR2 0x20 /* RTC Wristwatch Day Alarm register 2 */
-#define RYAR2 0x24 /* RTC Wristwatch Year Alarm register 2 */
-#define SWCR 0x28 /* RTC Stopwatch Counter register */
-#define SWAR1 0x2c /* RTC Stopwatch Alarm register 1 */
-#define SWAR2 0x30 /* RTC Stopwatch Alarm register 2 */
-#define RTCPICR 0x34 /* RTC Periodic Interrupt Counter register */
-#define PIAR 0x38 /* RTC Periodic Interrupt Alarm register */
-
-typedef struct {
- SysBusDevice busdev;
- MemoryRegion iomem;
- uint32_t rttr;
- uint32_t rtsr;
- uint32_t rtar;
- uint32_t rdar1;
- uint32_t rdar2;
- uint32_t ryar1;
- uint32_t ryar2;
- uint32_t swar1;
- uint32_t swar2;
- uint32_t piar;
- uint32_t last_rcnr;
- uint32_t last_rdcr;
- uint32_t last_rycr;
- uint32_t last_swcr;
- uint32_t last_rtcpicr;
- int64_t last_hz;
- int64_t last_sw;
- int64_t last_pi;
- QEMUTimer *rtc_hz;
- QEMUTimer *rtc_rdal1;
- QEMUTimer *rtc_rdal2;
- QEMUTimer *rtc_swal1;
- QEMUTimer *rtc_swal2;
- QEMUTimer *rtc_pi;
- qemu_irq rtc_irq;
-} PXA2xxRTCState;
-
-static inline void pxa2xx_rtc_int_update(PXA2xxRTCState *s)
-{
- qemu_set_irq(s->rtc_irq, !!(s->rtsr & 0x2553));
-}
-
-static void pxa2xx_rtc_hzupdate(PXA2xxRTCState *s)
-{
- int64_t rt = qemu_get_clock_ms(rtc_clock);
- s->last_rcnr += ((rt - s->last_hz) << 15) /
- (1000 * ((s->rttr & 0xffff) + 1));
- s->last_rdcr += ((rt - s->last_hz) << 15) /
- (1000 * ((s->rttr & 0xffff) + 1));
- s->last_hz = rt;
-}
-
-static void pxa2xx_rtc_swupdate(PXA2xxRTCState *s)
-{
- int64_t rt = qemu_get_clock_ms(rtc_clock);
- if (s->rtsr & (1 << 12))
- s->last_swcr += (rt - s->last_sw) / 10;
- s->last_sw = rt;
-}
-
-static void pxa2xx_rtc_piupdate(PXA2xxRTCState *s)
-{
- int64_t rt = qemu_get_clock_ms(rtc_clock);
- if (s->rtsr & (1 << 15))
- s->last_swcr += rt - s->last_pi;
- s->last_pi = rt;
-}
-
-static inline void pxa2xx_rtc_alarm_update(PXA2xxRTCState *s,
- uint32_t rtsr)
-{
- if ((rtsr & (1 << 2)) && !(rtsr & (1 << 0)))
- qemu_mod_timer(s->rtc_hz, s->last_hz +
- (((s->rtar - s->last_rcnr) * 1000 *
- ((s->rttr & 0xffff) + 1)) >> 15));
- else
- qemu_del_timer(s->rtc_hz);
-
- if ((rtsr & (1 << 5)) && !(rtsr & (1 << 4)))
- qemu_mod_timer(s->rtc_rdal1, s->last_hz +
- (((s->rdar1 - s->last_rdcr) * 1000 *
- ((s->rttr & 0xffff) + 1)) >> 15)); /* TODO: fixup */
- else
- qemu_del_timer(s->rtc_rdal1);
-
- if ((rtsr & (1 << 7)) && !(rtsr & (1 << 6)))
- qemu_mod_timer(s->rtc_rdal2, s->last_hz +
- (((s->rdar2 - s->last_rdcr) * 1000 *
- ((s->rttr & 0xffff) + 1)) >> 15)); /* TODO: fixup */
- else
- qemu_del_timer(s->rtc_rdal2);
-
- if ((rtsr & 0x1200) == 0x1200 && !(rtsr & (1 << 8)))
- qemu_mod_timer(s->rtc_swal1, s->last_sw +
- (s->swar1 - s->last_swcr) * 10); /* TODO: fixup */
- else
- qemu_del_timer(s->rtc_swal1);
-
- if ((rtsr & 0x1800) == 0x1800 && !(rtsr & (1 << 10)))
- qemu_mod_timer(s->rtc_swal2, s->last_sw +
- (s->swar2 - s->last_swcr) * 10); /* TODO: fixup */
- else
- qemu_del_timer(s->rtc_swal2);
-
- if ((rtsr & 0xc000) == 0xc000 && !(rtsr & (1 << 13)))
- qemu_mod_timer(s->rtc_pi, s->last_pi +
- (s->piar & 0xffff) - s->last_rtcpicr);
- else
- qemu_del_timer(s->rtc_pi);
-}
-
-static inline void pxa2xx_rtc_hz_tick(void *opaque)
-{
- PXA2xxRTCState *s = (PXA2xxRTCState *) opaque;
- s->rtsr |= (1 << 0);
- pxa2xx_rtc_alarm_update(s, s->rtsr);
- pxa2xx_rtc_int_update(s);
-}
-
-static inline void pxa2xx_rtc_rdal1_tick(void *opaque)
-{
- PXA2xxRTCState *s = (PXA2xxRTCState *) opaque;
- s->rtsr |= (1 << 4);
- pxa2xx_rtc_alarm_update(s, s->rtsr);
- pxa2xx_rtc_int_update(s);
-}
-
-static inline void pxa2xx_rtc_rdal2_tick(void *opaque)
-{
- PXA2xxRTCState *s = (PXA2xxRTCState *) opaque;
- s->rtsr |= (1 << 6);
- pxa2xx_rtc_alarm_update(s, s->rtsr);
- pxa2xx_rtc_int_update(s);
-}
-
-static inline void pxa2xx_rtc_swal1_tick(void *opaque)
-{
- PXA2xxRTCState *s = (PXA2xxRTCState *) opaque;
- s->rtsr |= (1 << 8);
- pxa2xx_rtc_alarm_update(s, s->rtsr);
- pxa2xx_rtc_int_update(s);
-}
-
-static inline void pxa2xx_rtc_swal2_tick(void *opaque)
-{
- PXA2xxRTCState *s = (PXA2xxRTCState *) opaque;
- s->rtsr |= (1 << 10);
- pxa2xx_rtc_alarm_update(s, s->rtsr);
- pxa2xx_rtc_int_update(s);
-}
-
-static inline void pxa2xx_rtc_pi_tick(void *opaque)
-{
- PXA2xxRTCState *s = (PXA2xxRTCState *) opaque;
- s->rtsr |= (1 << 13);
- pxa2xx_rtc_piupdate(s);
- s->last_rtcpicr = 0;
- pxa2xx_rtc_alarm_update(s, s->rtsr);
- pxa2xx_rtc_int_update(s);
-}
-
-static uint64_t pxa2xx_rtc_read(void *opaque, hwaddr addr,
- unsigned size)
-{
- PXA2xxRTCState *s = (PXA2xxRTCState *) opaque;
-
- switch (addr) {
- case RTTR:
- return s->rttr;
- case RTSR:
- return s->rtsr;
- case RTAR:
- return s->rtar;
- case RDAR1:
- return s->rdar1;
- case RDAR2:
- return s->rdar2;
- case RYAR1:
- return s->ryar1;
- case RYAR2:
- return s->ryar2;
- case SWAR1:
- return s->swar1;
- case SWAR2:
- return s->swar2;
- case PIAR:
- return s->piar;
- case RCNR:
- return s->last_rcnr + ((qemu_get_clock_ms(rtc_clock) - s->last_hz) << 15) /
- (1000 * ((s->rttr & 0xffff) + 1));
- case RDCR:
- return s->last_rdcr + ((qemu_get_clock_ms(rtc_clock) - s->last_hz) << 15) /
- (1000 * ((s->rttr & 0xffff) + 1));
- case RYCR:
- return s->last_rycr;
- case SWCR:
- if (s->rtsr & (1 << 12))
- return s->last_swcr + (qemu_get_clock_ms(rtc_clock) - s->last_sw) / 10;
- else
- return s->last_swcr;
- default:
- printf("%s: Bad register " REG_FMT "\n", __FUNCTION__, addr);
- break;
- }
- return 0;
-}
-
-static void pxa2xx_rtc_write(void *opaque, hwaddr addr,
- uint64_t value64, unsigned size)
-{
- PXA2xxRTCState *s = (PXA2xxRTCState *) opaque;
- uint32_t value = value64;
-
- switch (addr) {
- case RTTR:
- if (!(s->rttr & (1 << 31))) {
- pxa2xx_rtc_hzupdate(s);
- s->rttr = value;
- pxa2xx_rtc_alarm_update(s, s->rtsr);
- }
- break;
-
- case RTSR:
- if ((s->rtsr ^ value) & (1 << 15))
- pxa2xx_rtc_piupdate(s);
-
- if ((s->rtsr ^ value) & (1 << 12))
- pxa2xx_rtc_swupdate(s);
-
- if (((s->rtsr ^ value) & 0x4aac) | (value & ~0xdaac))
- pxa2xx_rtc_alarm_update(s, value);
-
- s->rtsr = (value & 0xdaac) | (s->rtsr & ~(value & ~0xdaac));
- pxa2xx_rtc_int_update(s);
- break;
-
- case RTAR:
- s->rtar = value;
- pxa2xx_rtc_alarm_update(s, s->rtsr);
- break;
-
- case RDAR1:
- s->rdar1 = value;
- pxa2xx_rtc_alarm_update(s, s->rtsr);
- break;
-
- case RDAR2:
- s->rdar2 = value;
- pxa2xx_rtc_alarm_update(s, s->rtsr);
- break;
-
- case RYAR1:
- s->ryar1 = value;
- pxa2xx_rtc_alarm_update(s, s->rtsr);
- break;
-
- case RYAR2:
- s->ryar2 = value;
- pxa2xx_rtc_alarm_update(s, s->rtsr);
- break;
-
- case SWAR1:
- pxa2xx_rtc_swupdate(s);
- s->swar1 = value;
- s->last_swcr = 0;
- pxa2xx_rtc_alarm_update(s, s->rtsr);
- break;
-
- case SWAR2:
- s->swar2 = value;
- pxa2xx_rtc_alarm_update(s, s->rtsr);
- break;
-
- case PIAR:
- s->piar = value;
- pxa2xx_rtc_alarm_update(s, s->rtsr);
- break;
-
- case RCNR:
- pxa2xx_rtc_hzupdate(s);
- s->last_rcnr = value;
- pxa2xx_rtc_alarm_update(s, s->rtsr);
- break;
-
- case RDCR:
- pxa2xx_rtc_hzupdate(s);
- s->last_rdcr = value;
- pxa2xx_rtc_alarm_update(s, s->rtsr);
- break;
-
- case RYCR:
- s->last_rycr = value;
- break;
-
- case SWCR:
- pxa2xx_rtc_swupdate(s);
- s->last_swcr = value;
- pxa2xx_rtc_alarm_update(s, s->rtsr);
- break;
-
- case RTCPICR:
- pxa2xx_rtc_piupdate(s);
- s->last_rtcpicr = value & 0xffff;
- pxa2xx_rtc_alarm_update(s, s->rtsr);
- break;
-
- default:
- printf("%s: Bad register " REG_FMT "\n", __FUNCTION__, addr);
- }
-}
-
-static const MemoryRegionOps pxa2xx_rtc_ops = {
- .read = pxa2xx_rtc_read,
- .write = pxa2xx_rtc_write,
- .endianness = DEVICE_NATIVE_ENDIAN,
-};
-
-static int pxa2xx_rtc_init(SysBusDevice *dev)
-{
- PXA2xxRTCState *s = FROM_SYSBUS(PXA2xxRTCState, dev);
- struct tm tm;
- int wom;
-
- s->rttr = 0x7fff;
- s->rtsr = 0;
-
- qemu_get_timedate(&tm, 0);
- wom = ((tm.tm_mday - 1) / 7) + 1;
-
- s->last_rcnr = (uint32_t) mktimegm(&tm);
- s->last_rdcr = (wom << 20) | ((tm.tm_wday + 1) << 17) |
- (tm.tm_hour << 12) | (tm.tm_min << 6) | tm.tm_sec;
- s->last_rycr = ((tm.tm_year + 1900) << 9) |
- ((tm.tm_mon + 1) << 5) | tm.tm_mday;
- s->last_swcr = (tm.tm_hour << 19) |
- (tm.tm_min << 13) | (tm.tm_sec << 7);
- s->last_rtcpicr = 0;
- s->last_hz = s->last_sw = s->last_pi = qemu_get_clock_ms(rtc_clock);
-
- s->rtc_hz = qemu_new_timer_ms(rtc_clock, pxa2xx_rtc_hz_tick, s);
- s->rtc_rdal1 = qemu_new_timer_ms(rtc_clock, pxa2xx_rtc_rdal1_tick, s);
- s->rtc_rdal2 = qemu_new_timer_ms(rtc_clock, pxa2xx_rtc_rdal2_tick, s);
- s->rtc_swal1 = qemu_new_timer_ms(rtc_clock, pxa2xx_rtc_swal1_tick, s);
- s->rtc_swal2 = qemu_new_timer_ms(rtc_clock, pxa2xx_rtc_swal2_tick, s);
- s->rtc_pi = qemu_new_timer_ms(rtc_clock, pxa2xx_rtc_pi_tick, s);
-
- sysbus_init_irq(dev, &s->rtc_irq);
-
- memory_region_init_io(&s->iomem, &pxa2xx_rtc_ops, s, "pxa2xx-rtc", 0x10000);
- sysbus_init_mmio(dev, &s->iomem);
-
- return 0;
-}
-
-static void pxa2xx_rtc_pre_save(void *opaque)
-{
- PXA2xxRTCState *s = (PXA2xxRTCState *) opaque;
-
- pxa2xx_rtc_hzupdate(s);
- pxa2xx_rtc_piupdate(s);
- pxa2xx_rtc_swupdate(s);
-}
-
-static int pxa2xx_rtc_post_load(void *opaque, int version_id)
-{
- PXA2xxRTCState *s = (PXA2xxRTCState *) opaque;
-
- pxa2xx_rtc_alarm_update(s, s->rtsr);
-
- return 0;
-}
-
-static const VMStateDescription vmstate_pxa2xx_rtc_regs = {
- .name = "pxa2xx_rtc",
- .version_id = 0,
- .minimum_version_id = 0,
- .minimum_version_id_old = 0,
- .pre_save = pxa2xx_rtc_pre_save,
- .post_load = pxa2xx_rtc_post_load,
- .fields = (VMStateField[]) {
- VMSTATE_UINT32(rttr, PXA2xxRTCState),
- VMSTATE_UINT32(rtsr, PXA2xxRTCState),
- VMSTATE_UINT32(rtar, PXA2xxRTCState),
- VMSTATE_UINT32(rdar1, PXA2xxRTCState),
- VMSTATE_UINT32(rdar2, PXA2xxRTCState),
- VMSTATE_UINT32(ryar1, PXA2xxRTCState),
- VMSTATE_UINT32(ryar2, PXA2xxRTCState),
- VMSTATE_UINT32(swar1, PXA2xxRTCState),
- VMSTATE_UINT32(swar2, PXA2xxRTCState),
- VMSTATE_UINT32(piar, PXA2xxRTCState),
- VMSTATE_UINT32(last_rcnr, PXA2xxRTCState),
- VMSTATE_UINT32(last_rdcr, PXA2xxRTCState),
- VMSTATE_UINT32(last_rycr, PXA2xxRTCState),
- VMSTATE_UINT32(last_swcr, PXA2xxRTCState),
- VMSTATE_UINT32(last_rtcpicr, PXA2xxRTCState),
- VMSTATE_INT64(last_hz, PXA2xxRTCState),
- VMSTATE_INT64(last_sw, PXA2xxRTCState),
- VMSTATE_INT64(last_pi, PXA2xxRTCState),
- VMSTATE_END_OF_LIST(),
- },
-};
-
-static void pxa2xx_rtc_sysbus_class_init(ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS(klass);
- SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
-
- k->init = pxa2xx_rtc_init;
- dc->desc = "PXA2xx RTC Controller";
- dc->vmsd = &vmstate_pxa2xx_rtc_regs;
-}
-
-static TypeInfo pxa2xx_rtc_sysbus_info = {
- .name = "pxa2xx_rtc",
- .parent = TYPE_SYS_BUS_DEVICE,
- .instance_size = sizeof(PXA2xxRTCState),
- .class_init = pxa2xx_rtc_sysbus_class_init,
-};
-
-/* I2C Interface */
-typedef struct {
- I2CSlave i2c;
- PXA2xxI2CState *host;
-} PXA2xxI2CSlaveState;
-
-struct PXA2xxI2CState {
- SysBusDevice busdev;
- MemoryRegion iomem;
- PXA2xxI2CSlaveState *slave;
- i2c_bus *bus;
- qemu_irq irq;
- uint32_t offset;
- uint32_t region_size;
-
- uint16_t control;
- uint16_t status;
- uint8_t ibmr;
- uint8_t data;
-};
-
-#define IBMR 0x80 /* I2C Bus Monitor register */
-#define IDBR 0x88 /* I2C Data Buffer register */
-#define ICR 0x90 /* I2C Control register */
-#define ISR 0x98 /* I2C Status register */
-#define ISAR 0xa0 /* I2C Slave Address register */
-
-static void pxa2xx_i2c_update(PXA2xxI2CState *s)
-{
- uint16_t level = 0;
- level |= s->status & s->control & (1 << 10); /* BED */
- level |= (s->status & (1 << 7)) && (s->control & (1 << 9)); /* IRF */
- level |= (s->status & (1 << 6)) && (s->control & (1 << 8)); /* ITE */
- level |= s->status & (1 << 9); /* SAD */
- qemu_set_irq(s->irq, !!level);
-}
-
-/* These are only stubs now. */
-static void pxa2xx_i2c_event(I2CSlave *i2c, enum i2c_event event)
-{
- PXA2xxI2CSlaveState *slave = FROM_I2C_SLAVE(PXA2xxI2CSlaveState, i2c);
- PXA2xxI2CState *s = slave->host;
-
- switch (event) {
- case I2C_START_SEND:
- s->status |= (1 << 9); /* set SAD */
- s->status &= ~(1 << 0); /* clear RWM */
- break;
- case I2C_START_RECV:
- s->status |= (1 << 9); /* set SAD */
- s->status |= 1 << 0; /* set RWM */
- break;
- case I2C_FINISH:
- s->status |= (1 << 4); /* set SSD */
- break;
- case I2C_NACK:
- s->status |= 1 << 1; /* set ACKNAK */
- break;
- }
- pxa2xx_i2c_update(s);
-}
-
-static int pxa2xx_i2c_rx(I2CSlave *i2c)
-{
- PXA2xxI2CSlaveState *slave = FROM_I2C_SLAVE(PXA2xxI2CSlaveState, i2c);
- PXA2xxI2CState *s = slave->host;
- if ((s->control & (1 << 14)) || !(s->control & (1 << 6)))
- return 0;
-
- if (s->status & (1 << 0)) { /* RWM */
- s->status |= 1 << 6; /* set ITE */
- }
- pxa2xx_i2c_update(s);
-
- return s->data;
-}
-
-static int pxa2xx_i2c_tx(I2CSlave *i2c, uint8_t data)
-{
- PXA2xxI2CSlaveState *slave = FROM_I2C_SLAVE(PXA2xxI2CSlaveState, i2c);
- PXA2xxI2CState *s = slave->host;
- if ((s->control & (1 << 14)) || !(s->control & (1 << 6)))
- return 1;
-
- if (!(s->status & (1 << 0))) { /* RWM */
- s->status |= 1 << 7; /* set IRF */
- s->data = data;
- }
- pxa2xx_i2c_update(s);
-
- return 1;
-}
-
-static uint64_t pxa2xx_i2c_read(void *opaque, hwaddr addr,
- unsigned size)
-{
- PXA2xxI2CState *s = (PXA2xxI2CState *) opaque;
-
- addr -= s->offset;
- switch (addr) {
- case ICR:
- return s->control;
- case ISR:
- return s->status | (i2c_bus_busy(s->bus) << 2);
- case ISAR:
- return s->slave->i2c.address;
- case IDBR:
- return s->data;
- case IBMR:
- if (s->status & (1 << 2))
- s->ibmr ^= 3; /* Fake SCL and SDA pin changes */
- else
- s->ibmr = 0;
- return s->ibmr;
- default:
- printf("%s: Bad register " REG_FMT "\n", __FUNCTION__, addr);
- break;
- }
- return 0;
-}
-
-static void pxa2xx_i2c_write(void *opaque, hwaddr addr,
- uint64_t value64, unsigned size)
-{
- PXA2xxI2CState *s = (PXA2xxI2CState *) opaque;
- uint32_t value = value64;
- int ack;
-
- addr -= s->offset;
- switch (addr) {
- case ICR:
- s->control = value & 0xfff7;
- if ((value & (1 << 3)) && (value & (1 << 6))) { /* TB and IUE */
- /* TODO: slave mode */
- if (value & (1 << 0)) { /* START condition */
- if (s->data & 1)
- s->status |= 1 << 0; /* set RWM */
- else
- s->status &= ~(1 << 0); /* clear RWM */
- ack = !i2c_start_transfer(s->bus, s->data >> 1, s->data & 1);
- } else {
- if (s->status & (1 << 0)) { /* RWM */
- s->data = i2c_recv(s->bus);
- if (value & (1 << 2)) /* ACKNAK */
- i2c_nack(s->bus);
- ack = 1;
- } else
- ack = !i2c_send(s->bus, s->data);
- }
-
- if (value & (1 << 1)) /* STOP condition */
- i2c_end_transfer(s->bus);
-
- if (ack) {
- if (value & (1 << 0)) /* START condition */
- s->status |= 1 << 6; /* set ITE */
- else
- if (s->status & (1 << 0)) /* RWM */
- s->status |= 1 << 7; /* set IRF */
- else
- s->status |= 1 << 6; /* set ITE */
- s->status &= ~(1 << 1); /* clear ACKNAK */
- } else {
- s->status |= 1 << 6; /* set ITE */
- s->status |= 1 << 10; /* set BED */
- s->status |= 1 << 1; /* set ACKNAK */
- }
- }
- if (!(value & (1 << 3)) && (value & (1 << 6))) /* !TB and IUE */
- if (value & (1 << 4)) /* MA */
- i2c_end_transfer(s->bus);
- pxa2xx_i2c_update(s);
- break;
-
- case ISR:
- s->status &= ~(value & 0x07f0);
- pxa2xx_i2c_update(s);
- break;
-
- case ISAR:
- i2c_set_slave_address(&s->slave->i2c, value & 0x7f);
- break;
-
- case IDBR:
- s->data = value & 0xff;
- break;
-
- default:
- printf("%s: Bad register " REG_FMT "\n", __FUNCTION__, addr);
- }
-}
-
-static const MemoryRegionOps pxa2xx_i2c_ops = {
- .read = pxa2xx_i2c_read,
- .write = pxa2xx_i2c_write,
- .endianness = DEVICE_NATIVE_ENDIAN,
-};
-
-static const VMStateDescription vmstate_pxa2xx_i2c_slave = {
- .name = "pxa2xx_i2c_slave",
- .version_id = 1,
- .minimum_version_id = 1,
- .minimum_version_id_old = 1,
- .fields = (VMStateField []) {
- VMSTATE_I2C_SLAVE(i2c, PXA2xxI2CSlaveState),
- VMSTATE_END_OF_LIST()
- }
-};
-
-static const VMStateDescription vmstate_pxa2xx_i2c = {
- .name = "pxa2xx_i2c",
- .version_id = 1,
- .minimum_version_id = 1,
- .minimum_version_id_old = 1,
- .fields = (VMStateField []) {
- VMSTATE_UINT16(control, PXA2xxI2CState),
- VMSTATE_UINT16(status, PXA2xxI2CState),
- VMSTATE_UINT8(ibmr, PXA2xxI2CState),
- VMSTATE_UINT8(data, PXA2xxI2CState),
- VMSTATE_STRUCT_POINTER(slave, PXA2xxI2CState,
- vmstate_pxa2xx_i2c_slave, PXA2xxI2CSlaveState *),
- VMSTATE_END_OF_LIST()
- }
-};
-
-static int pxa2xx_i2c_slave_init(I2CSlave *i2c)
-{
- /* Nothing to do. */
- return 0;
-}
-
-static void pxa2xx_i2c_slave_class_init(ObjectClass *klass, void *data)
-{
- I2CSlaveClass *k = I2C_SLAVE_CLASS(klass);
-
- k->init = pxa2xx_i2c_slave_init;
- k->event = pxa2xx_i2c_event;
- k->recv = pxa2xx_i2c_rx;
- k->send = pxa2xx_i2c_tx;
-}
-
-static TypeInfo pxa2xx_i2c_slave_info = {
- .name = "pxa2xx-i2c-slave",
- .parent = TYPE_I2C_SLAVE,
- .instance_size = sizeof(PXA2xxI2CSlaveState),
- .class_init = pxa2xx_i2c_slave_class_init,
-};
-
-PXA2xxI2CState *pxa2xx_i2c_init(hwaddr base,
- qemu_irq irq, uint32_t region_size)
-{
- DeviceState *dev;
- SysBusDevice *i2c_dev;
- PXA2xxI2CState *s;
-
- i2c_dev = sysbus_from_qdev(qdev_create(NULL, "pxa2xx_i2c"));
- qdev_prop_set_uint32(&i2c_dev->qdev, "size", region_size + 1);
- qdev_prop_set_uint32(&i2c_dev->qdev, "offset", base & region_size);
-
- qdev_init_nofail(&i2c_dev->qdev);
-
- sysbus_mmio_map(i2c_dev, 0, base & ~region_size);
- sysbus_connect_irq(i2c_dev, 0, irq);
-
- s = FROM_SYSBUS(PXA2xxI2CState, i2c_dev);
- /* FIXME: Should the slave device really be on a separate bus? */
- dev = i2c_create_slave(i2c_init_bus(NULL, "dummy"), "pxa2xx-i2c-slave", 0);
- s->slave = FROM_I2C_SLAVE(PXA2xxI2CSlaveState, I2C_SLAVE_FROM_QDEV(dev));
- s->slave->host = s;
-
- return s;
-}
-
-static int pxa2xx_i2c_initfn(SysBusDevice *dev)
-{
- PXA2xxI2CState *s = FROM_SYSBUS(PXA2xxI2CState, dev);
-
- s->bus = i2c_init_bus(&dev->qdev, "i2c");
-
- memory_region_init_io(&s->iomem, &pxa2xx_i2c_ops, s,
- "pxa2xx-i2x", s->region_size);
- sysbus_init_mmio(dev, &s->iomem);
- sysbus_init_irq(dev, &s->irq);
-
- return 0;
-}
-
-i2c_bus *pxa2xx_i2c_bus(PXA2xxI2CState *s)
-{
- return s->bus;
-}
-
-static Property pxa2xx_i2c_properties[] = {
- DEFINE_PROP_UINT32("size", PXA2xxI2CState, region_size, 0x10000),
- DEFINE_PROP_UINT32("offset", PXA2xxI2CState, offset, 0),
- DEFINE_PROP_END_OF_LIST(),
-};
-
-static void pxa2xx_i2c_class_init(ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS(klass);
- SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
-
- k->init = pxa2xx_i2c_initfn;
- dc->desc = "PXA2xx I2C Bus Controller";
- dc->vmsd = &vmstate_pxa2xx_i2c;
- dc->props = pxa2xx_i2c_properties;
-}
-
-static TypeInfo pxa2xx_i2c_info = {
- .name = "pxa2xx_i2c",
- .parent = TYPE_SYS_BUS_DEVICE,
- .instance_size = sizeof(PXA2xxI2CState),
- .class_init = pxa2xx_i2c_class_init,
-};
-
-/* PXA Inter-IC Sound Controller */
-static void pxa2xx_i2s_reset(PXA2xxI2SState *i2s)
-{
- i2s->rx_len = 0;
- i2s->tx_len = 0;
- i2s->fifo_len = 0;
- i2s->clk = 0x1a;
- i2s->control[0] = 0x00;
- i2s->control[1] = 0x00;
- i2s->status = 0x00;
- i2s->mask = 0x00;
-}
-
-#define SACR_TFTH(val) ((val >> 8) & 0xf)
-#define SACR_RFTH(val) ((val >> 12) & 0xf)
-#define SACR_DREC(val) (val & (1 << 3))
-#define SACR_DPRL(val) (val & (1 << 4))
-
-static inline void pxa2xx_i2s_update(PXA2xxI2SState *i2s)
-{
- int rfs, tfs;
- rfs = SACR_RFTH(i2s->control[0]) < i2s->rx_len &&
- !SACR_DREC(i2s->control[1]);
- tfs = (i2s->tx_len || i2s->fifo_len < SACR_TFTH(i2s->control[0])) &&
- i2s->enable && !SACR_DPRL(i2s->control[1]);
-
- qemu_set_irq(i2s->rx_dma, rfs);
- qemu_set_irq(i2s->tx_dma, tfs);
-
- i2s->status &= 0xe0;
- if (i2s->fifo_len < 16 || !i2s->enable)
- i2s->status |= 1 << 0; /* TNF */
- if (i2s->rx_len)
- i2s->status |= 1 << 1; /* RNE */
- if (i2s->enable)
- i2s->status |= 1 << 2; /* BSY */
- if (tfs)
- i2s->status |= 1 << 3; /* TFS */
- if (rfs)
- i2s->status |= 1 << 4; /* RFS */
- if (!(i2s->tx_len && i2s->enable))
- i2s->status |= i2s->fifo_len << 8; /* TFL */
- i2s->status |= MAX(i2s->rx_len, 0xf) << 12; /* RFL */
-
- qemu_set_irq(i2s->irq, i2s->status & i2s->mask);
-}
-
-#define SACR0 0x00 /* Serial Audio Global Control register */
-#define SACR1 0x04 /* Serial Audio I2S/MSB-Justified Control register */
-#define SASR0 0x0c /* Serial Audio Interface and FIFO Status register */
-#define SAIMR 0x14 /* Serial Audio Interrupt Mask register */
-#define SAICR 0x18 /* Serial Audio Interrupt Clear register */
-#define SADIV 0x60 /* Serial Audio Clock Divider register */
-#define SADR 0x80 /* Serial Audio Data register */
-
-static uint64_t pxa2xx_i2s_read(void *opaque, hwaddr addr,
- unsigned size)
-{
- PXA2xxI2SState *s = (PXA2xxI2SState *) opaque;
-
- switch (addr) {
- case SACR0:
- return s->control[0];
- case SACR1:
- return s->control[1];
- case SASR0:
- return s->status;
- case SAIMR:
- return s->mask;
- case SAICR:
- return 0;
- case SADIV:
- return s->clk;
- case SADR:
- if (s->rx_len > 0) {
- s->rx_len --;
- pxa2xx_i2s_update(s);
- return s->codec_in(s->opaque);
- }
- return 0;
- default:
- printf("%s: Bad register " REG_FMT "\n", __FUNCTION__, addr);
- break;
- }
- return 0;
-}
-
-static void pxa2xx_i2s_write(void *opaque, hwaddr addr,
- uint64_t value, unsigned size)
-{
- PXA2xxI2SState *s = (PXA2xxI2SState *) opaque;
- uint32_t *sample;
-
- switch (addr) {
- case SACR0:
- if (value & (1 << 3)) /* RST */
- pxa2xx_i2s_reset(s);
- s->control[0] = value & 0xff3d;
- if (!s->enable && (value & 1) && s->tx_len) { /* ENB */
- for (sample = s->fifo; s->fifo_len > 0; s->fifo_len --, sample ++)
- s->codec_out(s->opaque, *sample);
- s->status &= ~(1 << 7); /* I2SOFF */
- }
- if (value & (1 << 4)) /* EFWR */
- printf("%s: Attempt to use special function\n", __FUNCTION__);
- s->enable = (value & 9) == 1; /* ENB && !RST*/
- pxa2xx_i2s_update(s);
- break;
- case SACR1:
- s->control[1] = value & 0x0039;
- if (value & (1 << 5)) /* ENLBF */
- printf("%s: Attempt to use loopback function\n", __FUNCTION__);
- if (value & (1 << 4)) /* DPRL */
- s->fifo_len = 0;
- pxa2xx_i2s_update(s);
- break;
- case SAIMR:
- s->mask = value & 0x0078;
- pxa2xx_i2s_update(s);
- break;
- case SAICR:
- s->status &= ~(value & (3 << 5));
- pxa2xx_i2s_update(s);
- break;
- case SADIV:
- s->clk = value & 0x007f;
- break;
- case SADR:
- if (s->tx_len && s->enable) {
- s->tx_len --;
- pxa2xx_i2s_update(s);
- s->codec_out(s->opaque, value);
- } else if (s->fifo_len < 16) {
- s->fifo[s->fifo_len ++] = value;
- pxa2xx_i2s_update(s);
- }
- break;
- default:
- printf("%s: Bad register " REG_FMT "\n", __FUNCTION__, addr);
- }
-}
-
-static const MemoryRegionOps pxa2xx_i2s_ops = {
- .read = pxa2xx_i2s_read,
- .write = pxa2xx_i2s_write,
- .endianness = DEVICE_NATIVE_ENDIAN,
-};
-
-static const VMStateDescription vmstate_pxa2xx_i2s = {
- .name = "pxa2xx_i2s",
- .version_id = 0,
- .minimum_version_id = 0,
- .minimum_version_id_old = 0,
- .fields = (VMStateField[]) {
- VMSTATE_UINT32_ARRAY(control, PXA2xxI2SState, 2),
- VMSTATE_UINT32(status, PXA2xxI2SState),
- VMSTATE_UINT32(mask, PXA2xxI2SState),
- VMSTATE_UINT32(clk, PXA2xxI2SState),
- VMSTATE_INT32(enable, PXA2xxI2SState),
- VMSTATE_INT32(rx_len, PXA2xxI2SState),
- VMSTATE_INT32(tx_len, PXA2xxI2SState),
- VMSTATE_INT32(fifo_len, PXA2xxI2SState),
- VMSTATE_END_OF_LIST()
- }
-};
-
-static void pxa2xx_i2s_data_req(void *opaque, int tx, int rx)
-{
- PXA2xxI2SState *s = (PXA2xxI2SState *) opaque;
- uint32_t *sample;
-
- /* Signal FIFO errors */
- if (s->enable && s->tx_len)
- s->status |= 1 << 5; /* TUR */
- if (s->enable && s->rx_len)
- s->status |= 1 << 6; /* ROR */
-
- /* Should be tx - MIN(tx, s->fifo_len) but we don't really need to
- * handle the cases where it makes a difference. */
- s->tx_len = tx - s->fifo_len;
- s->rx_len = rx;
- /* Note that is s->codec_out wasn't set, we wouldn't get called. */
- if (s->enable)
- for (sample = s->fifo; s->fifo_len; s->fifo_len --, sample ++)
- s->codec_out(s->opaque, *sample);
- pxa2xx_i2s_update(s);
-}
-
-static PXA2xxI2SState *pxa2xx_i2s_init(MemoryRegion *sysmem,
- hwaddr base,
- qemu_irq irq, qemu_irq rx_dma, qemu_irq tx_dma)
-{
- PXA2xxI2SState *s = (PXA2xxI2SState *)
- g_malloc0(sizeof(PXA2xxI2SState));
-
- s->irq = irq;
- s->rx_dma = rx_dma;
- s->tx_dma = tx_dma;
- s->data_req = pxa2xx_i2s_data_req;
-
- pxa2xx_i2s_reset(s);
-
- memory_region_init_io(&s->iomem, &pxa2xx_i2s_ops, s,
- "pxa2xx-i2s", 0x100000);
- memory_region_add_subregion(sysmem, base, &s->iomem);
-
- vmstate_register(NULL, base, &vmstate_pxa2xx_i2s, s);
-
- return s;
-}
-
-/* PXA Fast Infra-red Communications Port */
-struct PXA2xxFIrState {
- MemoryRegion iomem;
- qemu_irq irq;
- qemu_irq rx_dma;
- qemu_irq tx_dma;
- int enable;
- CharDriverState *chr;
-
- uint8_t control[3];
- uint8_t status[2];
-
- int rx_len;
- int rx_start;
- uint8_t rx_fifo[64];
-};
-
-static void pxa2xx_fir_reset(PXA2xxFIrState *s)
-{
- s->control[0] = 0x00;
- s->control[1] = 0x00;
- s->control[2] = 0x00;
- s->status[0] = 0x00;
- s->status[1] = 0x00;
- s->enable = 0;
-}
-
-static inline void pxa2xx_fir_update(PXA2xxFIrState *s)
-{
- static const int tresh[4] = { 8, 16, 32, 0 };
- int intr = 0;
- if ((s->control[0] & (1 << 4)) && /* RXE */
- s->rx_len >= tresh[s->control[2] & 3]) /* TRIG */
- s->status[0] |= 1 << 4; /* RFS */
- else
- s->status[0] &= ~(1 << 4); /* RFS */
- if (s->control[0] & (1 << 3)) /* TXE */
- s->status[0] |= 1 << 3; /* TFS */
- else
- s->status[0] &= ~(1 << 3); /* TFS */
- if (s->rx_len)
- s->status[1] |= 1 << 2; /* RNE */
- else
- s->status[1] &= ~(1 << 2); /* RNE */
- if (s->control[0] & (1 << 4)) /* RXE */
- s->status[1] |= 1 << 0; /* RSY */
- else
- s->status[1] &= ~(1 << 0); /* RSY */
-
- intr |= (s->control[0] & (1 << 5)) && /* RIE */
- (s->status[0] & (1 << 4)); /* RFS */
- intr |= (s->control[0] & (1 << 6)) && /* TIE */
- (s->status[0] & (1 << 3)); /* TFS */
- intr |= (s->control[2] & (1 << 4)) && /* TRAIL */
- (s->status[0] & (1 << 6)); /* EOC */
- intr |= (s->control[0] & (1 << 2)) && /* TUS */
- (s->status[0] & (1 << 1)); /* TUR */
- intr |= s->status[0] & 0x25; /* FRE, RAB, EIF */
-
- qemu_set_irq(s->rx_dma, (s->status[0] >> 4) & 1);
- qemu_set_irq(s->tx_dma, (s->status[0] >> 3) & 1);
-
- qemu_set_irq(s->irq, intr && s->enable);
-}
-
-#define ICCR0 0x00 /* FICP Control register 0 */
-#define ICCR1 0x04 /* FICP Control register 1 */
-#define ICCR2 0x08 /* FICP Control register 2 */
-#define ICDR 0x0c /* FICP Data register */
-#define ICSR0 0x14 /* FICP Status register 0 */
-#define ICSR1 0x18 /* FICP Status register 1 */
-#define ICFOR 0x1c /* FICP FIFO Occupancy Status register */
-
-static uint64_t pxa2xx_fir_read(void *opaque, hwaddr addr,
- unsigned size)
-{
- PXA2xxFIrState *s = (PXA2xxFIrState *) opaque;
- uint8_t ret;
-
- switch (addr) {
- case ICCR0:
- return s->control[0];
- case ICCR1:
- return s->control[1];
- case ICCR2:
- return s->control[2];
- case ICDR:
- s->status[0] &= ~0x01;
- s->status[1] &= ~0x72;
- if (s->rx_len) {
- s->rx_len --;
- ret = s->rx_fifo[s->rx_start ++];
- s->rx_start &= 63;
- pxa2xx_fir_update(s);
- return ret;
- }
- printf("%s: Rx FIFO underrun.\n", __FUNCTION__);
- break;
- case ICSR0:
- return s->status[0];
- case ICSR1:
- return s->status[1] | (1 << 3); /* TNF */
- case ICFOR:
- return s->rx_len;
- default:
- printf("%s: Bad register " REG_FMT "\n", __FUNCTION__, addr);
- break;
- }
- return 0;
-}
-
-static void pxa2xx_fir_write(void *opaque, hwaddr addr,
- uint64_t value64, unsigned size)
-{
- PXA2xxFIrState *s = (PXA2xxFIrState *) opaque;
- uint32_t value = value64;
- uint8_t ch;
-
- switch (addr) {
- case ICCR0:
- s->control[0] = value;
- if (!(value & (1 << 4))) /* RXE */
- s->rx_len = s->rx_start = 0;
- if (!(value & (1 << 3))) { /* TXE */
- /* Nop */
- }
- s->enable = value & 1; /* ITR */
- if (!s->enable)
- s->status[0] = 0;
- pxa2xx_fir_update(s);
- break;
- case ICCR1:
- s->control[1] = value;
- break;
- case ICCR2:
- s->control[2] = value & 0x3f;
- pxa2xx_fir_update(s);
- break;
- case ICDR:
- if (s->control[2] & (1 << 2)) /* TXP */
- ch = value;
- else
- ch = ~value;
- if (s->chr && s->enable && (s->control[0] & (1 << 3))) /* TXE */
- qemu_chr_fe_write(s->chr, &ch, 1);
- break;
- case ICSR0:
- s->status[0] &= ~(value & 0x66);
- pxa2xx_fir_update(s);
- break;
- case ICFOR:
- break;
- default:
- printf("%s: Bad register " REG_FMT "\n", __FUNCTION__, addr);
- }
-}
-
-static const MemoryRegionOps pxa2xx_fir_ops = {
- .read = pxa2xx_fir_read,
- .write = pxa2xx_fir_write,
- .endianness = DEVICE_NATIVE_ENDIAN,
-};
-
-static int pxa2xx_fir_is_empty(void *opaque)
-{
- PXA2xxFIrState *s = (PXA2xxFIrState *) opaque;
- return (s->rx_len < 64);
-}
-
-static void pxa2xx_fir_rx(void *opaque, const uint8_t *buf, int size)
-{
- PXA2xxFIrState *s = (PXA2xxFIrState *) opaque;
- if (!(s->control[0] & (1 << 4))) /* RXE */
- return;
-
- while (size --) {
- s->status[1] |= 1 << 4; /* EOF */
- if (s->rx_len >= 64) {
- s->status[1] |= 1 << 6; /* ROR */
- break;
- }
-
- if (s->control[2] & (1 << 3)) /* RXP */
- s->rx_fifo[(s->rx_start + s->rx_len ++) & 63] = *(buf ++);
- else
- s->rx_fifo[(s->rx_start + s->rx_len ++) & 63] = ~*(buf ++);
- }
-
- pxa2xx_fir_update(s);
-}
-
-static void pxa2xx_fir_event(void *opaque, int event)
-{
-}
-
-static void pxa2xx_fir_save(QEMUFile *f, void *opaque)
-{
- PXA2xxFIrState *s = (PXA2xxFIrState *) opaque;
- int i;
-
- qemu_put_be32(f, s->enable);
-
- qemu_put_8s(f, &s->control[0]);
- qemu_put_8s(f, &s->control[1]);
- qemu_put_8s(f, &s->control[2]);
- qemu_put_8s(f, &s->status[0]);
- qemu_put_8s(f, &s->status[1]);
-
- qemu_put_byte(f, s->rx_len);
- for (i = 0; i < s->rx_len; i ++)
- qemu_put_byte(f, s->rx_fifo[(s->rx_start + i) & 63]);
-}
-
-static int pxa2xx_fir_load(QEMUFile *f, void *opaque, int version_id)
-{
- PXA2xxFIrState *s = (PXA2xxFIrState *) opaque;
- int i;
-
- s->enable = qemu_get_be32(f);
-
- qemu_get_8s(f, &s->control[0]);
- qemu_get_8s(f, &s->control[1]);
- qemu_get_8s(f, &s->control[2]);
- qemu_get_8s(f, &s->status[0]);
- qemu_get_8s(f, &s->status[1]);
-
- s->rx_len = qemu_get_byte(f);
- s->rx_start = 0;
- for (i = 0; i < s->rx_len; i ++)
- s->rx_fifo[i] = qemu_get_byte(f);
-
- return 0;
-}
-
-static PXA2xxFIrState *pxa2xx_fir_init(MemoryRegion *sysmem,
- hwaddr base,
- qemu_irq irq, qemu_irq rx_dma, qemu_irq tx_dma,
- CharDriverState *chr)
-{
- PXA2xxFIrState *s = (PXA2xxFIrState *)
- g_malloc0(sizeof(PXA2xxFIrState));
-
- s->irq = irq;
- s->rx_dma = rx_dma;
- s->tx_dma = tx_dma;
- s->chr = chr;
-
- pxa2xx_fir_reset(s);
-
- memory_region_init_io(&s->iomem, &pxa2xx_fir_ops, s, "pxa2xx-fir", 0x1000);
- memory_region_add_subregion(sysmem, base, &s->iomem);
-
- if (chr)
- qemu_chr_add_handlers(chr, pxa2xx_fir_is_empty,
- pxa2xx_fir_rx, pxa2xx_fir_event, s);
-
- register_savevm(NULL, "pxa2xx_fir", 0, 0, pxa2xx_fir_save,
- pxa2xx_fir_load, s);
-
- return s;
-}
-
-static void pxa2xx_reset(void *opaque, int line, int level)
-{
- PXA2xxState *s = (PXA2xxState *) opaque;
-
- if (level && (s->pm_regs[PCFR >> 2] & 0x10)) { /* GPR_EN */
- cpu_reset(CPU(s->cpu));
- /* TODO: reset peripherals */
- }
-}
-
-/* Initialise a PXA270 integrated chip (ARM based core). */
-PXA2xxState *pxa270_init(MemoryRegion *address_space,
- unsigned int sdram_size, const char *revision)
-{
- PXA2xxState *s;
- int i;
- DriveInfo *dinfo;
- s = (PXA2xxState *) g_malloc0(sizeof(PXA2xxState));
-
- if (revision && strncmp(revision, "pxa27", 5)) {
- fprintf(stderr, "Machine requires a PXA27x processor.\n");
- exit(1);
- }
- if (!revision)
- revision = "pxa270";
-
- s->cpu = cpu_arm_init(revision);
- if (s->cpu == NULL) {
- fprintf(stderr, "Unable to find CPU definition\n");
- exit(1);
- }
- s->reset = qemu_allocate_irqs(pxa2xx_reset, s, 1)[0];
-
- /* SDRAM & Internal Memory Storage */
- memory_region_init_ram(&s->sdram, "pxa270.sdram", sdram_size);
- vmstate_register_ram_global(&s->sdram);
- memory_region_add_subregion(address_space, PXA2XX_SDRAM_BASE, &s->sdram);
- memory_region_init_ram(&s->internal, "pxa270.internal", 0x40000);
- vmstate_register_ram_global(&s->internal);
- memory_region_add_subregion(address_space, PXA2XX_INTERNAL_BASE,
- &s->internal);
-
- s->pic = pxa2xx_pic_init(0x40d00000, s->cpu);
-
- s->dma = pxa27x_dma_init(0x40000000,
- qdev_get_gpio_in(s->pic, PXA2XX_PIC_DMA));
-
- sysbus_create_varargs("pxa27x-timer", 0x40a00000,
- qdev_get_gpio_in(s->pic, PXA2XX_PIC_OST_0 + 0),
- qdev_get_gpio_in(s->pic, PXA2XX_PIC_OST_0 + 1),
- qdev_get_gpio_in(s->pic, PXA2XX_PIC_OST_0 + 2),
- qdev_get_gpio_in(s->pic, PXA2XX_PIC_OST_0 + 3),
- qdev_get_gpio_in(s->pic, PXA27X_PIC_OST_4_11),
- NULL);
-
- s->gpio = pxa2xx_gpio_init(0x40e00000, &s->cpu->env, s->pic, 121);
-
- dinfo = drive_get(IF_SD, 0, 0);
- if (!dinfo) {
- fprintf(stderr, "qemu: missing SecureDigital device\n");
- exit(1);
- }
- s->mmc = pxa2xx_mmci_init(address_space, 0x41100000, dinfo->bdrv,
- qdev_get_gpio_in(s->pic, PXA2XX_PIC_MMC),
- qdev_get_gpio_in(s->dma, PXA2XX_RX_RQ_MMCI),
- qdev_get_gpio_in(s->dma, PXA2XX_TX_RQ_MMCI));
-
- for (i = 0; pxa270_serial[i].io_base; i++) {
- if (serial_hds[i]) {
- serial_mm_init(address_space, pxa270_serial[i].io_base, 2,
- qdev_get_gpio_in(s->pic, pxa270_serial[i].irqn),
- 14857000 / 16, serial_hds[i],
- DEVICE_NATIVE_ENDIAN);
- } else {
- break;
- }
- }
- if (serial_hds[i])
- s->fir = pxa2xx_fir_init(address_space, 0x40800000,
- qdev_get_gpio_in(s->pic, PXA2XX_PIC_ICP),
- qdev_get_gpio_in(s->dma, PXA2XX_RX_RQ_ICP),
- qdev_get_gpio_in(s->dma, PXA2XX_TX_RQ_ICP),
- serial_hds[i]);
-
- s->lcd = pxa2xx_lcdc_init(address_space, 0x44000000,
- qdev_get_gpio_in(s->pic, PXA2XX_PIC_LCD));
-
- s->cm_base = 0x41300000;
- s->cm_regs[CCCR >> 2] = 0x02000210; /* 416.0 MHz */
- s->clkcfg = 0x00000009; /* Turbo mode active */
- memory_region_init_io(&s->cm_iomem, &pxa2xx_cm_ops, s, "pxa2xx-cm", 0x1000);
- memory_region_add_subregion(address_space, s->cm_base, &s->cm_iomem);
- vmstate_register(NULL, 0, &vmstate_pxa2xx_cm, s);
-
- pxa2xx_setup_cp14(s);
-
- s->mm_base = 0x48000000;
- s->mm_regs[MDMRS >> 2] = 0x00020002;
- s->mm_regs[MDREFR >> 2] = 0x03ca4000;
- s->mm_regs[MECR >> 2] = 0x00000001; /* Two PC Card sockets */
- memory_region_init_io(&s->mm_iomem, &pxa2xx_mm_ops, s, "pxa2xx-mm", 0x1000);
- memory_region_add_subregion(address_space, s->mm_base, &s->mm_iomem);
- vmstate_register(NULL, 0, &vmstate_pxa2xx_mm, s);
-
- s->pm_base = 0x40f00000;
- memory_region_init_io(&s->pm_iomem, &pxa2xx_pm_ops, s, "pxa2xx-pm", 0x100);
- memory_region_add_subregion(address_space, s->pm_base, &s->pm_iomem);
- vmstate_register(NULL, 0, &vmstate_pxa2xx_pm, s);
-
- for (i = 0; pxa27x_ssp[i].io_base; i ++);
- s->ssp = (SSIBus **)g_malloc0(sizeof(SSIBus *) * i);
- for (i = 0; pxa27x_ssp[i].io_base; i ++) {
- DeviceState *dev;
- dev = sysbus_create_simple("pxa2xx-ssp", pxa27x_ssp[i].io_base,
- qdev_get_gpio_in(s->pic, pxa27x_ssp[i].irqn));
- s->ssp[i] = (SSIBus *)qdev_get_child_bus(dev, "ssi");
- }
-
- if (usb_enabled(false)) {
- sysbus_create_simple("sysbus-ohci", 0x4c000000,
- qdev_get_gpio_in(s->pic, PXA2XX_PIC_USBH1));
- }
-
- s->pcmcia[0] = pxa2xx_pcmcia_init(address_space, 0x20000000);
- s->pcmcia[1] = pxa2xx_pcmcia_init(address_space, 0x30000000);
-
- sysbus_create_simple("pxa2xx_rtc", 0x40900000,
- qdev_get_gpio_in(s->pic, PXA2XX_PIC_RTCALARM));
-
- s->i2c[0] = pxa2xx_i2c_init(0x40301600,
- qdev_get_gpio_in(s->pic, PXA2XX_PIC_I2C), 0xffff);
- s->i2c[1] = pxa2xx_i2c_init(0x40f00100,
- qdev_get_gpio_in(s->pic, PXA2XX_PIC_PWRI2C), 0xff);
-
- s->i2s = pxa2xx_i2s_init(address_space, 0x40400000,
- qdev_get_gpio_in(s->pic, PXA2XX_PIC_I2S),
- qdev_get_gpio_in(s->dma, PXA2XX_RX_RQ_I2S),
- qdev_get_gpio_in(s->dma, PXA2XX_TX_RQ_I2S));
-
- s->kp = pxa27x_keypad_init(address_space, 0x41500000,
- qdev_get_gpio_in(s->pic, PXA2XX_PIC_KEYPAD));
-
- /* GPIO1 resets the processor */
- /* The handler can be overridden by board-specific code */
- qdev_connect_gpio_out(s->gpio, 1, s->reset);
- return s;
-}
-
-/* Initialise a PXA255 integrated chip (ARM based core). */
-PXA2xxState *pxa255_init(MemoryRegion *address_space, unsigned int sdram_size)
-{
- PXA2xxState *s;
- int i;
- DriveInfo *dinfo;
-
- s = (PXA2xxState *) g_malloc0(sizeof(PXA2xxState));
-
- s->cpu = cpu_arm_init("pxa255");
- if (s->cpu == NULL) {
- fprintf(stderr, "Unable to find CPU definition\n");
- exit(1);
- }
- s->reset = qemu_allocate_irqs(pxa2xx_reset, s, 1)[0];
-
- /* SDRAM & Internal Memory Storage */
- memory_region_init_ram(&s->sdram, "pxa255.sdram", sdram_size);
- vmstate_register_ram_global(&s->sdram);
- memory_region_add_subregion(address_space, PXA2XX_SDRAM_BASE, &s->sdram);
- memory_region_init_ram(&s->internal, "pxa255.internal",
- PXA2XX_INTERNAL_SIZE);
- vmstate_register_ram_global(&s->internal);
- memory_region_add_subregion(address_space, PXA2XX_INTERNAL_BASE,
- &s->internal);
-
- s->pic = pxa2xx_pic_init(0x40d00000, s->cpu);
-
- s->dma = pxa255_dma_init(0x40000000,
- qdev_get_gpio_in(s->pic, PXA2XX_PIC_DMA));
-
- sysbus_create_varargs("pxa25x-timer", 0x40a00000,
- qdev_get_gpio_in(s->pic, PXA2XX_PIC_OST_0 + 0),
- qdev_get_gpio_in(s->pic, PXA2XX_PIC_OST_0 + 1),
- qdev_get_gpio_in(s->pic, PXA2XX_PIC_OST_0 + 2),
- qdev_get_gpio_in(s->pic, PXA2XX_PIC_OST_0 + 3),
- NULL);
-
- s->gpio = pxa2xx_gpio_init(0x40e00000, &s->cpu->env, s->pic, 85);
-
- dinfo = drive_get(IF_SD, 0, 0);
- if (!dinfo) {
- fprintf(stderr, "qemu: missing SecureDigital device\n");
- exit(1);
- }
- s->mmc = pxa2xx_mmci_init(address_space, 0x41100000, dinfo->bdrv,
- qdev_get_gpio_in(s->pic, PXA2XX_PIC_MMC),
- qdev_get_gpio_in(s->dma, PXA2XX_RX_RQ_MMCI),
- qdev_get_gpio_in(s->dma, PXA2XX_TX_RQ_MMCI));
-
- for (i = 0; pxa255_serial[i].io_base; i++) {
- if (serial_hds[i]) {
- serial_mm_init(address_space, pxa255_serial[i].io_base, 2,
- qdev_get_gpio_in(s->pic, pxa255_serial[i].irqn),
- 14745600 / 16, serial_hds[i],
- DEVICE_NATIVE_ENDIAN);
- } else {
- break;
- }
- }
- if (serial_hds[i])
- s->fir = pxa2xx_fir_init(address_space, 0x40800000,
- qdev_get_gpio_in(s->pic, PXA2XX_PIC_ICP),
- qdev_get_gpio_in(s->dma, PXA2XX_RX_RQ_ICP),
- qdev_get_gpio_in(s->dma, PXA2XX_TX_RQ_ICP),
- serial_hds[i]);
-
- s->lcd = pxa2xx_lcdc_init(address_space, 0x44000000,
- qdev_get_gpio_in(s->pic, PXA2XX_PIC_LCD));
-
- s->cm_base = 0x41300000;
- s->cm_regs[CCCR >> 2] = 0x02000210; /* 416.0 MHz */
- s->clkcfg = 0x00000009; /* Turbo mode active */
- memory_region_init_io(&s->cm_iomem, &pxa2xx_cm_ops, s, "pxa2xx-cm", 0x1000);
- memory_region_add_subregion(address_space, s->cm_base, &s->cm_iomem);
- vmstate_register(NULL, 0, &vmstate_pxa2xx_cm, s);
-
- pxa2xx_setup_cp14(s);
-
- s->mm_base = 0x48000000;
- s->mm_regs[MDMRS >> 2] = 0x00020002;
- s->mm_regs[MDREFR >> 2] = 0x03ca4000;
- s->mm_regs[MECR >> 2] = 0x00000001; /* Two PC Card sockets */
- memory_region_init_io(&s->mm_iomem, &pxa2xx_mm_ops, s, "pxa2xx-mm", 0x1000);
- memory_region_add_subregion(address_space, s->mm_base, &s->mm_iomem);
- vmstate_register(NULL, 0, &vmstate_pxa2xx_mm, s);
-
- s->pm_base = 0x40f00000;
- memory_region_init_io(&s->pm_iomem, &pxa2xx_pm_ops, s, "pxa2xx-pm", 0x100);
- memory_region_add_subregion(address_space, s->pm_base, &s->pm_iomem);
- vmstate_register(NULL, 0, &vmstate_pxa2xx_pm, s);
-
- for (i = 0; pxa255_ssp[i].io_base; i ++);
- s->ssp = (SSIBus **)g_malloc0(sizeof(SSIBus *) * i);
- for (i = 0; pxa255_ssp[i].io_base; i ++) {
- DeviceState *dev;
- dev = sysbus_create_simple("pxa2xx-ssp", pxa255_ssp[i].io_base,
- qdev_get_gpio_in(s->pic, pxa255_ssp[i].irqn));
- s->ssp[i] = (SSIBus *)qdev_get_child_bus(dev, "ssi");
- }
-
- if (usb_enabled(false)) {
- sysbus_create_simple("sysbus-ohci", 0x4c000000,
- qdev_get_gpio_in(s->pic, PXA2XX_PIC_USBH1));
- }
-
- s->pcmcia[0] = pxa2xx_pcmcia_init(address_space, 0x20000000);
- s->pcmcia[1] = pxa2xx_pcmcia_init(address_space, 0x30000000);
-
- sysbus_create_simple("pxa2xx_rtc", 0x40900000,
- qdev_get_gpio_in(s->pic, PXA2XX_PIC_RTCALARM));
-
- s->i2c[0] = pxa2xx_i2c_init(0x40301600,
- qdev_get_gpio_in(s->pic, PXA2XX_PIC_I2C), 0xffff);
- s->i2c[1] = pxa2xx_i2c_init(0x40f00100,
- qdev_get_gpio_in(s->pic, PXA2XX_PIC_PWRI2C), 0xff);
-
- s->i2s = pxa2xx_i2s_init(address_space, 0x40400000,
- qdev_get_gpio_in(s->pic, PXA2XX_PIC_I2S),
- qdev_get_gpio_in(s->dma, PXA2XX_RX_RQ_I2S),
- qdev_get_gpio_in(s->dma, PXA2XX_TX_RQ_I2S));
-
- /* GPIO1 resets the processor */
- /* The handler can be overridden by board-specific code */
- qdev_connect_gpio_out(s->gpio, 1, s->reset);
- return s;
-}
-
-static void pxa2xx_ssp_class_init(ObjectClass *klass, void *data)
-{
- SysBusDeviceClass *sdc = SYS_BUS_DEVICE_CLASS(klass);
-
- sdc->init = pxa2xx_ssp_init;
-}
-
-static TypeInfo pxa2xx_ssp_info = {
- .name = "pxa2xx-ssp",
- .parent = TYPE_SYS_BUS_DEVICE,
- .instance_size = sizeof(PXA2xxSSPState),
- .class_init = pxa2xx_ssp_class_init,
-};
-
-static void pxa2xx_register_types(void)
-{
- type_register_static(&pxa2xx_i2c_slave_info);
- type_register_static(&pxa2xx_ssp_info);
- type_register_static(&pxa2xx_i2c_info);
- type_register_static(&pxa2xx_rtc_sysbus_info);
-}
-
-type_init(pxa2xx_register_types)
diff --git a/hw/pxa2xx_dma.c b/hw/pxa2xx_dma.c
deleted file mode 100644
index dbea1d209..000000000
--- a/hw/pxa2xx_dma.c
+++ /dev/null
@@ -1,574 +0,0 @@
-/*
- * Intel XScale PXA255/270 DMA controller.
- *
- * Copyright (c) 2006 Openedhand Ltd.
- * Copyright (c) 2006 Thorsten Zitterell
- * Written by Andrzej Zaborowski <balrog@zabor.org>
- *
- * This code is licensed under the GPL.
- */
-
-#include "hw.h"
-#include "pxa.h"
-#include "sysbus.h"
-
-#define PXA255_DMA_NUM_CHANNELS 16
-#define PXA27X_DMA_NUM_CHANNELS 32
-
-#define PXA2XX_DMA_NUM_REQUESTS 75
-
-typedef struct {
- uint32_t descr;
- uint32_t src;
- uint32_t dest;
- uint32_t cmd;
- uint32_t state;
- int request;
-} PXA2xxDMAChannel;
-
-typedef struct PXA2xxDMAState {
- SysBusDevice busdev;
- MemoryRegion iomem;
- qemu_irq irq;
-
- uint32_t stopintr;
- uint32_t eorintr;
- uint32_t rasintr;
- uint32_t startintr;
- uint32_t endintr;
-
- uint32_t align;
- uint32_t pio;
-
- int channels;
- PXA2xxDMAChannel *chan;
-
- uint8_t req[PXA2XX_DMA_NUM_REQUESTS];
-
- /* Flag to avoid recursive DMA invocations. */
- int running;
-} PXA2xxDMAState;
-
-#define DCSR0 0x0000 /* DMA Control / Status register for Channel 0 */
-#define DCSR31 0x007c /* DMA Control / Status register for Channel 31 */
-#define DALGN 0x00a0 /* DMA Alignment register */
-#define DPCSR 0x00a4 /* DMA Programmed I/O Control Status register */
-#define DRQSR0 0x00e0 /* DMA DREQ<0> Status register */
-#define DRQSR1 0x00e4 /* DMA DREQ<1> Status register */
-#define DRQSR2 0x00e8 /* DMA DREQ<2> Status register */
-#define DINT 0x00f0 /* DMA Interrupt register */
-#define DRCMR0 0x0100 /* Request to Channel Map register 0 */
-#define DRCMR63 0x01fc /* Request to Channel Map register 63 */
-#define D_CH0 0x0200 /* Channel 0 Descriptor start */
-#define DRCMR64 0x1100 /* Request to Channel Map register 64 */
-#define DRCMR74 0x1128 /* Request to Channel Map register 74 */
-
-/* Per-channel register */
-#define DDADR 0x00
-#define DSADR 0x01
-#define DTADR 0x02
-#define DCMD 0x03
-
-/* Bit-field masks */
-#define DRCMR_CHLNUM 0x1f
-#define DRCMR_MAPVLD (1 << 7)
-#define DDADR_STOP (1 << 0)
-#define DDADR_BREN (1 << 1)
-#define DCMD_LEN 0x1fff
-#define DCMD_WIDTH(x) (1 << ((((x) >> 14) & 3) - 1))
-#define DCMD_SIZE(x) (4 << (((x) >> 16) & 3))
-#define DCMD_FLYBYT (1 << 19)
-#define DCMD_FLYBYS (1 << 20)
-#define DCMD_ENDIRQEN (1 << 21)
-#define DCMD_STARTIRQEN (1 << 22)
-#define DCMD_CMPEN (1 << 25)
-#define DCMD_FLOWTRG (1 << 28)
-#define DCMD_FLOWSRC (1 << 29)
-#define DCMD_INCTRGADDR (1 << 30)
-#define DCMD_INCSRCADDR (1 << 31)
-#define DCSR_BUSERRINTR (1 << 0)
-#define DCSR_STARTINTR (1 << 1)
-#define DCSR_ENDINTR (1 << 2)
-#define DCSR_STOPINTR (1 << 3)
-#define DCSR_RASINTR (1 << 4)
-#define DCSR_REQPEND (1 << 8)
-#define DCSR_EORINT (1 << 9)
-#define DCSR_CMPST (1 << 10)
-#define DCSR_MASKRUN (1 << 22)
-#define DCSR_RASIRQEN (1 << 23)
-#define DCSR_CLRCMPST (1 << 24)
-#define DCSR_SETCMPST (1 << 25)
-#define DCSR_EORSTOPEN (1 << 26)
-#define DCSR_EORJMPEN (1 << 27)
-#define DCSR_EORIRQEN (1 << 28)
-#define DCSR_STOPIRQEN (1 << 29)
-#define DCSR_NODESCFETCH (1 << 30)
-#define DCSR_RUN (1 << 31)
-
-static inline void pxa2xx_dma_update(PXA2xxDMAState *s, int ch)
-{
- if (ch >= 0) {
- if ((s->chan[ch].state & DCSR_STOPIRQEN) &&
- (s->chan[ch].state & DCSR_STOPINTR))
- s->stopintr |= 1 << ch;
- else
- s->stopintr &= ~(1 << ch);
-
- if ((s->chan[ch].state & DCSR_EORIRQEN) &&
- (s->chan[ch].state & DCSR_EORINT))
- s->eorintr |= 1 << ch;
- else
- s->eorintr &= ~(1 << ch);
-
- if ((s->chan[ch].state & DCSR_RASIRQEN) &&
- (s->chan[ch].state & DCSR_RASINTR))
- s->rasintr |= 1 << ch;
- else
- s->rasintr &= ~(1 << ch);
-
- if (s->chan[ch].state & DCSR_STARTINTR)
- s->startintr |= 1 << ch;
- else
- s->startintr &= ~(1 << ch);
-
- if (s->chan[ch].state & DCSR_ENDINTR)
- s->endintr |= 1 << ch;
- else
- s->endintr &= ~(1 << ch);
- }
-
- if (s->stopintr | s->eorintr | s->rasintr | s->startintr | s->endintr)
- qemu_irq_raise(s->irq);
- else
- qemu_irq_lower(s->irq);
-}
-
-static inline void pxa2xx_dma_descriptor_fetch(
- PXA2xxDMAState *s, int ch)
-{
- uint32_t desc[4];
- hwaddr daddr = s->chan[ch].descr & ~0xf;
- if ((s->chan[ch].descr & DDADR_BREN) && (s->chan[ch].state & DCSR_CMPST))
- daddr += 32;
-
- cpu_physical_memory_read(daddr, (uint8_t *) desc, 16);
- s->chan[ch].descr = desc[DDADR];
- s->chan[ch].src = desc[DSADR];
- s->chan[ch].dest = desc[DTADR];
- s->chan[ch].cmd = desc[DCMD];
-
- if (s->chan[ch].cmd & DCMD_FLOWSRC)
- s->chan[ch].src &= ~3;
- if (s->chan[ch].cmd & DCMD_FLOWTRG)
- s->chan[ch].dest &= ~3;
-
- if (s->chan[ch].cmd & (DCMD_CMPEN | DCMD_FLYBYS | DCMD_FLYBYT))
- printf("%s: unsupported mode in channel %i\n", __FUNCTION__, ch);
-
- if (s->chan[ch].cmd & DCMD_STARTIRQEN)
- s->chan[ch].state |= DCSR_STARTINTR;
-}
-
-static void pxa2xx_dma_run(PXA2xxDMAState *s)
-{
- int c, srcinc, destinc;
- uint32_t n, size;
- uint32_t width;
- uint32_t length;
- uint8_t buffer[32];
- PXA2xxDMAChannel *ch;
-
- if (s->running ++)
- return;
-
- while (s->running) {
- s->running = 1;
- for (c = 0; c < s->channels; c ++) {
- ch = &s->chan[c];
-
- while ((ch->state & DCSR_RUN) && !(ch->state & DCSR_STOPINTR)) {
- /* Test for pending requests */
- if ((ch->cmd & (DCMD_FLOWSRC | DCMD_FLOWTRG)) && !ch->request)
- break;
-
- length = ch->cmd & DCMD_LEN;
- size = DCMD_SIZE(ch->cmd);
- width = DCMD_WIDTH(ch->cmd);
-
- srcinc = (ch->cmd & DCMD_INCSRCADDR) ? width : 0;
- destinc = (ch->cmd & DCMD_INCTRGADDR) ? width : 0;
-
- while (length) {
- size = MIN(length, size);
-
- for (n = 0; n < size; n += width) {
- cpu_physical_memory_read(ch->src, buffer + n, width);
- ch->src += srcinc;
- }
-
- for (n = 0; n < size; n += width) {
- cpu_physical_memory_write(ch->dest, buffer + n, width);
- ch->dest += destinc;
- }
-
- length -= size;
-
- if ((ch->cmd & (DCMD_FLOWSRC | DCMD_FLOWTRG)) &&
- !ch->request) {
- ch->state |= DCSR_EORINT;
- if (ch->state & DCSR_EORSTOPEN)
- ch->state |= DCSR_STOPINTR;
- if ((ch->state & DCSR_EORJMPEN) &&
- !(ch->state & DCSR_NODESCFETCH))
- pxa2xx_dma_descriptor_fetch(s, c);
- break;
- }
- }
-
- ch->cmd = (ch->cmd & ~DCMD_LEN) | length;
-
- /* Is the transfer complete now? */
- if (!length) {
- if (ch->cmd & DCMD_ENDIRQEN)
- ch->state |= DCSR_ENDINTR;
-
- if ((ch->state & DCSR_NODESCFETCH) ||
- (ch->descr & DDADR_STOP) ||
- (ch->state & DCSR_EORSTOPEN)) {
- ch->state |= DCSR_STOPINTR;
- ch->state &= ~DCSR_RUN;
-
- break;
- }
-
- ch->state |= DCSR_STOPINTR;
- break;
- }
- }
- }
-
- s->running --;
- }
-}
-
-static uint64_t pxa2xx_dma_read(void *opaque, hwaddr offset,
- unsigned size)
-{
- PXA2xxDMAState *s = (PXA2xxDMAState *) opaque;
- unsigned int channel;
-
- if (size != 4) {
- hw_error("%s: Bad access width\n", __FUNCTION__);
- return 5;
- }
-
- switch (offset) {
- case DRCMR64 ... DRCMR74:
- offset -= DRCMR64 - DRCMR0 - (64 << 2);
- /* Fall through */
- case DRCMR0 ... DRCMR63:
- channel = (offset - DRCMR0) >> 2;
- return s->req[channel];
-
- case DRQSR0:
- case DRQSR1:
- case DRQSR2:
- return 0;
-
- case DCSR0 ... DCSR31:
- channel = offset >> 2;
- if (s->chan[channel].request)
- return s->chan[channel].state | DCSR_REQPEND;
- return s->chan[channel].state;
-
- case DINT:
- return s->stopintr | s->eorintr | s->rasintr |
- s->startintr | s->endintr;
-
- case DALGN:
- return s->align;
-
- case DPCSR:
- return s->pio;
- }
-
- if (offset >= D_CH0 && offset < D_CH0 + (s->channels << 4)) {
- channel = (offset - D_CH0) >> 4;
- switch ((offset & 0x0f) >> 2) {
- case DDADR:
- return s->chan[channel].descr;
- case DSADR:
- return s->chan[channel].src;
- case DTADR:
- return s->chan[channel].dest;
- case DCMD:
- return s->chan[channel].cmd;
- }
- }
-
- hw_error("%s: Bad offset 0x" TARGET_FMT_plx "\n", __FUNCTION__, offset);
- return 7;
-}
-
-static void pxa2xx_dma_write(void *opaque, hwaddr offset,
- uint64_t value, unsigned size)
-{
- PXA2xxDMAState *s = (PXA2xxDMAState *) opaque;
- unsigned int channel;
-
- if (size != 4) {
- hw_error("%s: Bad access width\n", __FUNCTION__);
- return;
- }
-
- switch (offset) {
- case DRCMR64 ... DRCMR74:
- offset -= DRCMR64 - DRCMR0 - (64 << 2);
- /* Fall through */
- case DRCMR0 ... DRCMR63:
- channel = (offset - DRCMR0) >> 2;
-
- if (value & DRCMR_MAPVLD)
- if ((value & DRCMR_CHLNUM) > s->channels)
- hw_error("%s: Bad DMA channel %i\n",
- __FUNCTION__, (unsigned)value & DRCMR_CHLNUM);
-
- s->req[channel] = value;
- break;
-
- case DRQSR0:
- case DRQSR1:
- case DRQSR2:
- /* Nothing to do */
- break;
-
- case DCSR0 ... DCSR31:
- channel = offset >> 2;
- s->chan[channel].state &= 0x0000071f & ~(value &
- (DCSR_EORINT | DCSR_ENDINTR |
- DCSR_STARTINTR | DCSR_BUSERRINTR));
- s->chan[channel].state |= value & 0xfc800000;
-
- if (s->chan[channel].state & DCSR_STOPIRQEN)
- s->chan[channel].state &= ~DCSR_STOPINTR;
-
- if (value & DCSR_NODESCFETCH) {
- /* No-descriptor-fetch mode */
- if (value & DCSR_RUN) {
- s->chan[channel].state &= ~DCSR_STOPINTR;
- pxa2xx_dma_run(s);
- }
- } else {
- /* Descriptor-fetch mode */
- if (value & DCSR_RUN) {
- s->chan[channel].state &= ~DCSR_STOPINTR;
- pxa2xx_dma_descriptor_fetch(s, channel);
- pxa2xx_dma_run(s);
- }
- }
-
- /* Shouldn't matter as our DMA is synchronous. */
- if (!(value & (DCSR_RUN | DCSR_MASKRUN)))
- s->chan[channel].state |= DCSR_STOPINTR;
-
- if (value & DCSR_CLRCMPST)
- s->chan[channel].state &= ~DCSR_CMPST;
- if (value & DCSR_SETCMPST)
- s->chan[channel].state |= DCSR_CMPST;
-
- pxa2xx_dma_update(s, channel);
- break;
-
- case DALGN:
- s->align = value;
- break;
-
- case DPCSR:
- s->pio = value & 0x80000001;
- break;
-
- default:
- if (offset >= D_CH0 && offset < D_CH0 + (s->channels << 4)) {
- channel = (offset - D_CH0) >> 4;
- switch ((offset & 0x0f) >> 2) {
- case DDADR:
- s->chan[channel].descr = value;
- break;
- case DSADR:
- s->chan[channel].src = value;
- break;
- case DTADR:
- s->chan[channel].dest = value;
- break;
- case DCMD:
- s->chan[channel].cmd = value;
- break;
- default:
- goto fail;
- }
-
- break;
- }
- fail:
- hw_error("%s: Bad offset " TARGET_FMT_plx "\n", __FUNCTION__, offset);
- }
-}
-
-static const MemoryRegionOps pxa2xx_dma_ops = {
- .read = pxa2xx_dma_read,
- .write = pxa2xx_dma_write,
- .endianness = DEVICE_NATIVE_ENDIAN,
-};
-
-static void pxa2xx_dma_request(void *opaque, int req_num, int on)
-{
- PXA2xxDMAState *s = opaque;
- int ch;
- if (req_num < 0 || req_num >= PXA2XX_DMA_NUM_REQUESTS)
- hw_error("%s: Bad DMA request %i\n", __FUNCTION__, req_num);
-
- if (!(s->req[req_num] & DRCMR_MAPVLD))
- return;
- ch = s->req[req_num] & DRCMR_CHLNUM;
-
- if (!s->chan[ch].request && on)
- s->chan[ch].state |= DCSR_RASINTR;
- else
- s->chan[ch].state &= ~DCSR_RASINTR;
- if (s->chan[ch].request && !on)
- s->chan[ch].state |= DCSR_EORINT;
-
- s->chan[ch].request = on;
- if (on) {
- pxa2xx_dma_run(s);
- pxa2xx_dma_update(s, ch);
- }
-}
-
-static int pxa2xx_dma_init(SysBusDevice *dev)
-{
- int i;
- PXA2xxDMAState *s;
- s = FROM_SYSBUS(PXA2xxDMAState, dev);
-
- if (s->channels <= 0) {
- return -1;
- }
-
- s->chan = g_malloc0(sizeof(PXA2xxDMAChannel) * s->channels);
-
- memset(s->chan, 0, sizeof(PXA2xxDMAChannel) * s->channels);
- for (i = 0; i < s->channels; i ++)
- s->chan[i].state = DCSR_STOPINTR;
-
- memset(s->req, 0, sizeof(uint8_t) * PXA2XX_DMA_NUM_REQUESTS);
-
- qdev_init_gpio_in(&dev->qdev, pxa2xx_dma_request, PXA2XX_DMA_NUM_REQUESTS);
-
- memory_region_init_io(&s->iomem, &pxa2xx_dma_ops, s,
- "pxa2xx.dma", 0x00010000);
- sysbus_init_mmio(dev, &s->iomem);
- sysbus_init_irq(dev, &s->irq);
-
- return 0;
-}
-
-DeviceState *pxa27x_dma_init(hwaddr base, qemu_irq irq)
-{
- DeviceState *dev;
-
- dev = qdev_create(NULL, "pxa2xx-dma");
- qdev_prop_set_int32(dev, "channels", PXA27X_DMA_NUM_CHANNELS);
- qdev_init_nofail(dev);
-
- sysbus_mmio_map(sysbus_from_qdev(dev), 0, base);
- sysbus_connect_irq(sysbus_from_qdev(dev), 0, irq);
-
- return dev;
-}
-
-DeviceState *pxa255_dma_init(hwaddr base, qemu_irq irq)
-{
- DeviceState *dev;
-
- dev = qdev_create(NULL, "pxa2xx-dma");
- qdev_prop_set_int32(dev, "channels", PXA27X_DMA_NUM_CHANNELS);
- qdev_init_nofail(dev);
-
- sysbus_mmio_map(sysbus_from_qdev(dev), 0, base);
- sysbus_connect_irq(sysbus_from_qdev(dev), 0, irq);
-
- return dev;
-}
-
-static bool is_version_0(void *opaque, int version_id)
-{
- return version_id == 0;
-}
-
-static VMStateDescription vmstate_pxa2xx_dma_chan = {
- .name = "pxa2xx_dma_chan",
- .version_id = 1,
- .minimum_version_id = 1,
- .minimum_version_id_old = 1,
- .fields = (VMStateField[]) {
- VMSTATE_UINT32(descr, PXA2xxDMAChannel),
- VMSTATE_UINT32(src, PXA2xxDMAChannel),
- VMSTATE_UINT32(dest, PXA2xxDMAChannel),
- VMSTATE_UINT32(cmd, PXA2xxDMAChannel),
- VMSTATE_UINT32(state, PXA2xxDMAChannel),
- VMSTATE_INT32(request, PXA2xxDMAChannel),
- VMSTATE_END_OF_LIST(),
- },
-};
-
-static VMStateDescription vmstate_pxa2xx_dma = {
- .name = "pxa2xx_dma",
- .version_id = 1,
- .minimum_version_id = 0,
- .minimum_version_id_old = 0,
- .fields = (VMStateField[]) {
- VMSTATE_UNUSED_TEST(is_version_0, 4),
- VMSTATE_UINT32(stopintr, PXA2xxDMAState),
- VMSTATE_UINT32(eorintr, PXA2xxDMAState),
- VMSTATE_UINT32(rasintr, PXA2xxDMAState),
- VMSTATE_UINT32(startintr, PXA2xxDMAState),
- VMSTATE_UINT32(endintr, PXA2xxDMAState),
- VMSTATE_UINT32(align, PXA2xxDMAState),
- VMSTATE_UINT32(pio, PXA2xxDMAState),
- VMSTATE_BUFFER(req, PXA2xxDMAState),
- VMSTATE_STRUCT_VARRAY_POINTER_INT32(chan, PXA2xxDMAState, channels,
- vmstate_pxa2xx_dma_chan, PXA2xxDMAChannel),
- VMSTATE_END_OF_LIST(),
- },
-};
-
-static Property pxa2xx_dma_properties[] = {
- DEFINE_PROP_INT32("channels", PXA2xxDMAState, channels, -1),
- DEFINE_PROP_END_OF_LIST(),
-};
-
-static void pxa2xx_dma_class_init(ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS(klass);
- SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
-
- k->init = pxa2xx_dma_init;
- dc->desc = "PXA2xx DMA controller";
- dc->vmsd = &vmstate_pxa2xx_dma;
- dc->props = pxa2xx_dma_properties;
-}
-
-static TypeInfo pxa2xx_dma_info = {
- .name = "pxa2xx-dma",
- .parent = TYPE_SYS_BUS_DEVICE,
- .instance_size = sizeof(PXA2xxDMAState),
- .class_init = pxa2xx_dma_class_init,
-};
-
-static void pxa2xx_dma_register_types(void)
-{
- type_register_static(&pxa2xx_dma_info);
-}
-
-type_init(pxa2xx_dma_register_types)
diff --git a/hw/pxa2xx_gpio.c b/hw/pxa2xx_gpio.c
deleted file mode 100644
index 7aaf4092d..000000000
--- a/hw/pxa2xx_gpio.c
+++ /dev/null
@@ -1,349 +0,0 @@
-/*
- * Intel XScale PXA255/270 GPIO controller emulation.
- *
- * Copyright (c) 2006 Openedhand Ltd.
- * Written by Andrzej Zaborowski <balrog@zabor.org>
- *
- * This code is licensed under the GPL.
- */
-
-#include "hw.h"
-#include "sysbus.h"
-#include "pxa.h"
-
-#define PXA2XX_GPIO_BANKS 4
-
-typedef struct PXA2xxGPIOInfo PXA2xxGPIOInfo;
-struct PXA2xxGPIOInfo {
- SysBusDevice busdev;
- MemoryRegion iomem;
- qemu_irq irq0, irq1, irqX;
- int lines;
- int ncpu;
- ARMCPU *cpu;
-
- /* XXX: GNU C vectors are more suitable */
- uint32_t ilevel[PXA2XX_GPIO_BANKS];
- uint32_t olevel[PXA2XX_GPIO_BANKS];
- uint32_t dir[PXA2XX_GPIO_BANKS];
- uint32_t rising[PXA2XX_GPIO_BANKS];
- uint32_t falling[PXA2XX_GPIO_BANKS];
- uint32_t status[PXA2XX_GPIO_BANKS];
- uint32_t gpsr[PXA2XX_GPIO_BANKS];
- uint32_t gafr[PXA2XX_GPIO_BANKS * 2];
-
- uint32_t prev_level[PXA2XX_GPIO_BANKS];
- qemu_irq handler[PXA2XX_GPIO_BANKS * 32];
- qemu_irq read_notify;
-};
-
-static struct {
- enum {
- GPIO_NONE,
- GPLR,
- GPSR,
- GPCR,
- GPDR,
- GRER,
- GFER,
- GEDR,
- GAFR_L,
- GAFR_U,
- } reg;
- int bank;
-} pxa2xx_gpio_regs[0x200] = {
- [0 ... 0x1ff] = { GPIO_NONE, 0 },
-#define PXA2XX_REG(reg, a0, a1, a2, a3) \
- [a0] = { reg, 0 }, [a1] = { reg, 1 }, [a2] = { reg, 2 }, [a3] = { reg, 3 },
-
- PXA2XX_REG(GPLR, 0x000, 0x004, 0x008, 0x100)
- PXA2XX_REG(GPSR, 0x018, 0x01c, 0x020, 0x118)
- PXA2XX_REG(GPCR, 0x024, 0x028, 0x02c, 0x124)
- PXA2XX_REG(GPDR, 0x00c, 0x010, 0x014, 0x10c)
- PXA2XX_REG(GRER, 0x030, 0x034, 0x038, 0x130)
- PXA2XX_REG(GFER, 0x03c, 0x040, 0x044, 0x13c)
- PXA2XX_REG(GEDR, 0x048, 0x04c, 0x050, 0x148)
- PXA2XX_REG(GAFR_L, 0x054, 0x05c, 0x064, 0x06c)
- PXA2XX_REG(GAFR_U, 0x058, 0x060, 0x068, 0x070)
-};
-
-static void pxa2xx_gpio_irq_update(PXA2xxGPIOInfo *s)
-{
- if (s->status[0] & (1 << 0))
- qemu_irq_raise(s->irq0);
- else
- qemu_irq_lower(s->irq0);
-
- if (s->status[0] & (1 << 1))
- qemu_irq_raise(s->irq1);
- else
- qemu_irq_lower(s->irq1);
-
- if ((s->status[0] & ~3) | s->status[1] | s->status[2] | s->status[3])
- qemu_irq_raise(s->irqX);
- else
- qemu_irq_lower(s->irqX);
-}
-
-/* Bitmap of pins used as standby and sleep wake-up sources. */
-static const int pxa2xx_gpio_wake[PXA2XX_GPIO_BANKS] = {
- 0x8003fe1b, 0x002001fc, 0xec080000, 0x0012007f,
-};
-
-static void pxa2xx_gpio_set(void *opaque, int line, int level)
-{
- PXA2xxGPIOInfo *s = (PXA2xxGPIOInfo *) opaque;
- int bank;
- uint32_t mask;
-
- if (line >= s->lines) {
- printf("%s: No GPIO pin %i\n", __FUNCTION__, line);
- return;
- }
-
- bank = line >> 5;
- mask = 1 << (line & 31);
-
- if (level) {
- s->status[bank] |= s->rising[bank] & mask &
- ~s->ilevel[bank] & ~s->dir[bank];
- s->ilevel[bank] |= mask;
- } else {
- s->status[bank] |= s->falling[bank] & mask &
- s->ilevel[bank] & ~s->dir[bank];
- s->ilevel[bank] &= ~mask;
- }
-
- if (s->status[bank] & mask)
- pxa2xx_gpio_irq_update(s);
-
- /* Wake-up GPIOs */
- if (s->cpu->env.halted && (mask & ~s->dir[bank] & pxa2xx_gpio_wake[bank])) {
- cpu_interrupt(&s->cpu->env, CPU_INTERRUPT_EXITTB);
- }
-}
-
-static void pxa2xx_gpio_handler_update(PXA2xxGPIOInfo *s) {
- uint32_t level, diff;
- int i, bit, line;
- for (i = 0; i < PXA2XX_GPIO_BANKS; i ++) {
- level = s->olevel[i] & s->dir[i];
-
- for (diff = s->prev_level[i] ^ level; diff; diff ^= 1 << bit) {
- bit = ffs(diff) - 1;
- line = bit + 32 * i;
- qemu_set_irq(s->handler[line], (level >> bit) & 1);
- }
-
- s->prev_level[i] = level;
- }
-}
-
-static uint64_t pxa2xx_gpio_read(void *opaque, hwaddr offset,
- unsigned size)
-{
- PXA2xxGPIOInfo *s = (PXA2xxGPIOInfo *) opaque;
- uint32_t ret;
- int bank;
- if (offset >= 0x200)
- return 0;
-
- bank = pxa2xx_gpio_regs[offset].bank;
- switch (pxa2xx_gpio_regs[offset].reg) {
- case GPDR: /* GPIO Pin-Direction registers */
- return s->dir[bank];
-
- case GPSR: /* GPIO Pin-Output Set registers */
- printf("%s: Read from a write-only register " REG_FMT "\n",
- __FUNCTION__, offset);
- return s->gpsr[bank]; /* Return last written value. */
-
- case GPCR: /* GPIO Pin-Output Clear registers */
- printf("%s: Read from a write-only register " REG_FMT "\n",
- __FUNCTION__, offset);
- return 31337; /* Specified as unpredictable in the docs. */
-
- case GRER: /* GPIO Rising-Edge Detect Enable registers */
- return s->rising[bank];
-
- case GFER: /* GPIO Falling-Edge Detect Enable registers */
- return s->falling[bank];
-
- case GAFR_L: /* GPIO Alternate Function registers */
- return s->gafr[bank * 2];
-
- case GAFR_U: /* GPIO Alternate Function registers */
- return s->gafr[bank * 2 + 1];
-
- case GPLR: /* GPIO Pin-Level registers */
- ret = (s->olevel[bank] & s->dir[bank]) |
- (s->ilevel[bank] & ~s->dir[bank]);
- qemu_irq_raise(s->read_notify);
- return ret;
-
- case GEDR: /* GPIO Edge Detect Status registers */
- return s->status[bank];
-
- default:
- hw_error("%s: Bad offset " REG_FMT "\n", __FUNCTION__, offset);
- }
-
- return 0;
-}
-
-static void pxa2xx_gpio_write(void *opaque, hwaddr offset,
- uint64_t value, unsigned size)
-{
- PXA2xxGPIOInfo *s = (PXA2xxGPIOInfo *) opaque;
- int bank;
- if (offset >= 0x200)
- return;
-
- bank = pxa2xx_gpio_regs[offset].bank;
- switch (pxa2xx_gpio_regs[offset].reg) {
- case GPDR: /* GPIO Pin-Direction registers */
- s->dir[bank] = value;
- pxa2xx_gpio_handler_update(s);
- break;
-
- case GPSR: /* GPIO Pin-Output Set registers */
- s->olevel[bank] |= value;
- pxa2xx_gpio_handler_update(s);
- s->gpsr[bank] = value;
- break;
-
- case GPCR: /* GPIO Pin-Output Clear registers */
- s->olevel[bank] &= ~value;
- pxa2xx_gpio_handler_update(s);
- break;
-
- case GRER: /* GPIO Rising-Edge Detect Enable registers */
- s->rising[bank] = value;
- break;
-
- case GFER: /* GPIO Falling-Edge Detect Enable registers */
- s->falling[bank] = value;
- break;
-
- case GAFR_L: /* GPIO Alternate Function registers */
- s->gafr[bank * 2] = value;
- break;
-
- case GAFR_U: /* GPIO Alternate Function registers */
- s->gafr[bank * 2 + 1] = value;
- break;
-
- case GEDR: /* GPIO Edge Detect Status registers */
- s->status[bank] &= ~value;
- pxa2xx_gpio_irq_update(s);
- break;
-
- default:
- hw_error("%s: Bad offset " REG_FMT "\n", __FUNCTION__, offset);
- }
-}
-
-static const MemoryRegionOps pxa_gpio_ops = {
- .read = pxa2xx_gpio_read,
- .write = pxa2xx_gpio_write,
- .endianness = DEVICE_NATIVE_ENDIAN,
-};
-
-DeviceState *pxa2xx_gpio_init(hwaddr base,
- CPUARMState *env, DeviceState *pic, int lines)
-{
- DeviceState *dev;
-
- dev = qdev_create(NULL, "pxa2xx-gpio");
- qdev_prop_set_int32(dev, "lines", lines);
- qdev_prop_set_int32(dev, "ncpu", env->cpu_index);
- qdev_init_nofail(dev);
-
- sysbus_mmio_map(sysbus_from_qdev(dev), 0, base);
- sysbus_connect_irq(sysbus_from_qdev(dev), 0,
- qdev_get_gpio_in(pic, PXA2XX_PIC_GPIO_0));
- sysbus_connect_irq(sysbus_from_qdev(dev), 1,
- qdev_get_gpio_in(pic, PXA2XX_PIC_GPIO_1));
- sysbus_connect_irq(sysbus_from_qdev(dev), 2,
- qdev_get_gpio_in(pic, PXA2XX_PIC_GPIO_X));
-
- return dev;
-}
-
-static int pxa2xx_gpio_initfn(SysBusDevice *dev)
-{
- PXA2xxGPIOInfo *s;
-
- s = FROM_SYSBUS(PXA2xxGPIOInfo, dev);
-
- s->cpu = arm_env_get_cpu(qemu_get_cpu(s->ncpu));
-
- qdev_init_gpio_in(&dev->qdev, pxa2xx_gpio_set, s->lines);
- qdev_init_gpio_out(&dev->qdev, s->handler, s->lines);
-
- memory_region_init_io(&s->iomem, &pxa_gpio_ops, s, "pxa2xx-gpio", 0x1000);
- sysbus_init_mmio(dev, &s->iomem);
- sysbus_init_irq(dev, &s->irq0);
- sysbus_init_irq(dev, &s->irq1);
- sysbus_init_irq(dev, &s->irqX);
-
- return 0;
-}
-
-/*
- * Registers a callback to notify on GPLR reads. This normally
- * shouldn't be needed but it is used for the hack on Spitz machines.
- */
-void pxa2xx_gpio_read_notifier(DeviceState *dev, qemu_irq handler)
-{
- PXA2xxGPIOInfo *s = FROM_SYSBUS(PXA2xxGPIOInfo, sysbus_from_qdev(dev));
- s->read_notify = handler;
-}
-
-static const VMStateDescription vmstate_pxa2xx_gpio_regs = {
- .name = "pxa2xx-gpio",
- .version_id = 1,
- .minimum_version_id = 1,
- .minimum_version_id_old = 1,
- .fields = (VMStateField []) {
- VMSTATE_INT32(lines, PXA2xxGPIOInfo),
- VMSTATE_UINT32_ARRAY(ilevel, PXA2xxGPIOInfo, PXA2XX_GPIO_BANKS),
- VMSTATE_UINT32_ARRAY(olevel, PXA2xxGPIOInfo, PXA2XX_GPIO_BANKS),
- VMSTATE_UINT32_ARRAY(dir, PXA2xxGPIOInfo, PXA2XX_GPIO_BANKS),
- VMSTATE_UINT32_ARRAY(rising, PXA2xxGPIOInfo, PXA2XX_GPIO_BANKS),
- VMSTATE_UINT32_ARRAY(falling, PXA2xxGPIOInfo, PXA2XX_GPIO_BANKS),
- VMSTATE_UINT32_ARRAY(status, PXA2xxGPIOInfo, PXA2XX_GPIO_BANKS),
- VMSTATE_UINT32_ARRAY(gafr, PXA2xxGPIOInfo, PXA2XX_GPIO_BANKS * 2),
- VMSTATE_END_OF_LIST(),
- },
-};
-
-static Property pxa2xx_gpio_properties[] = {
- DEFINE_PROP_INT32("lines", PXA2xxGPIOInfo, lines, 0),
- DEFINE_PROP_INT32("ncpu", PXA2xxGPIOInfo, ncpu, 0),
- DEFINE_PROP_END_OF_LIST(),
-};
-
-static void pxa2xx_gpio_class_init(ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS(klass);
- SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
-
- k->init = pxa2xx_gpio_initfn;
- dc->desc = "PXA2xx GPIO controller";
- dc->props = pxa2xx_gpio_properties;
-}
-
-static TypeInfo pxa2xx_gpio_info = {
- .name = "pxa2xx-gpio",
- .parent = TYPE_SYS_BUS_DEVICE,
- .instance_size = sizeof(PXA2xxGPIOInfo),
- .class_init = pxa2xx_gpio_class_init,
-};
-
-static void pxa2xx_gpio_register_types(void)
-{
- type_register_static(&pxa2xx_gpio_info);
-}
-
-type_init(pxa2xx_gpio_register_types)
diff --git a/hw/pxa2xx_keypad.c b/hw/pxa2xx_keypad.c
deleted file mode 100644
index 257984c42..000000000
--- a/hw/pxa2xx_keypad.c
+++ /dev/null
@@ -1,335 +0,0 @@
-/*
- * Intel PXA27X Keypad Controller emulation.
- *
- * Copyright (c) 2007 MontaVista Software, Inc
- * Written by Armin Kuster <akuster@kama-aina.net>
- * or <Akuster@mvista.com>
- *
- * This code is licensed under the GPLv2.
- *
- * Contributions after 2012-01-13 are licensed under the terms of the
- * GNU GPL, version 2 or (at your option) any later version.
- */
-
-#include "hw.h"
-#include "pxa.h"
-#include "console.h"
-
-/*
- * Keypad
- */
-#define KPC 0x00 /* Keypad Interface Control register */
-#define KPDK 0x08 /* Keypad Interface Direct Key register */
-#define KPREC 0x10 /* Keypad Interface Rotary Encoder register */
-#define KPMK 0x18 /* Keypad Interface Matrix Key register */
-#define KPAS 0x20 /* Keypad Interface Automatic Scan register */
-#define KPASMKP0 0x28 /* Keypad Interface Automatic Scan Multiple
- Key Presser register 0 */
-#define KPASMKP1 0x30 /* Keypad Interface Automatic Scan Multiple
- Key Presser register 1 */
-#define KPASMKP2 0x38 /* Keypad Interface Automatic Scan Multiple
- Key Presser register 2 */
-#define KPASMKP3 0x40 /* Keypad Interface Automatic Scan Multiple
- Key Presser register 3 */
-#define KPKDI 0x48 /* Keypad Interface Key Debounce Interval
- register */
-
-/* Keypad defines */
-#define KPC_AS (0x1 << 30) /* Automatic Scan bit */
-#define KPC_ASACT (0x1 << 29) /* Automatic Scan on Activity */
-#define KPC_MI (0x1 << 22) /* Matrix interrupt bit */
-#define KPC_IMKP (0x1 << 21) /* Ignore Multiple Key Press */
-#define KPC_MS7 (0x1 << 20) /* Matrix scan line 7 */
-#define KPC_MS6 (0x1 << 19) /* Matrix scan line 6 */
-#define KPC_MS5 (0x1 << 18) /* Matrix scan line 5 */
-#define KPC_MS4 (0x1 << 17) /* Matrix scan line 4 */
-#define KPC_MS3 (0x1 << 16) /* Matrix scan line 3 */
-#define KPC_MS2 (0x1 << 15) /* Matrix scan line 2 */
-#define KPC_MS1 (0x1 << 14) /* Matrix scan line 1 */
-#define KPC_MS0 (0x1 << 13) /* Matrix scan line 0 */
-#define KPC_ME (0x1 << 12) /* Matrix Keypad Enable */
-#define KPC_MIE (0x1 << 11) /* Matrix Interrupt Enable */
-#define KPC_DK_DEB_SEL (0x1 << 9) /* Direct Keypad Debounce Select */
-#define KPC_DI (0x1 << 5) /* Direct key interrupt bit */
-#define KPC_RE_ZERO_DEB (0x1 << 4) /* Rotary Encoder Zero Debounce */
-#define KPC_REE1 (0x1 << 3) /* Rotary Encoder1 Enable */
-#define KPC_REE0 (0x1 << 2) /* Rotary Encoder0 Enable */
-#define KPC_DE (0x1 << 1) /* Direct Keypad Enable */
-#define KPC_DIE (0x1 << 0) /* Direct Keypad interrupt Enable */
-
-#define KPDK_DKP (0x1 << 31)
-#define KPDK_DK7 (0x1 << 7)
-#define KPDK_DK6 (0x1 << 6)
-#define KPDK_DK5 (0x1 << 5)
-#define KPDK_DK4 (0x1 << 4)
-#define KPDK_DK3 (0x1 << 3)
-#define KPDK_DK2 (0x1 << 2)
-#define KPDK_DK1 (0x1 << 1)
-#define KPDK_DK0 (0x1 << 0)
-
-#define KPREC_OF1 (0x1 << 31)
-#define KPREC_UF1 (0x1 << 30)
-#define KPREC_OF0 (0x1 << 15)
-#define KPREC_UF0 (0x1 << 14)
-
-#define KPMK_MKP (0x1 << 31)
-#define KPAS_SO (0x1 << 31)
-#define KPASMKPx_SO (0x1 << 31)
-
-
-#define KPASMKPx_MKC(row, col) (1 << (row + 16 * (col % 2)))
-
-#define PXAKBD_MAXROW 8
-#define PXAKBD_MAXCOL 8
-
-struct PXA2xxKeyPadState {
- MemoryRegion iomem;
- qemu_irq irq;
- struct keymap *map;
- int pressed_cnt;
- int alt_code;
-
- uint32_t kpc;
- uint32_t kpdk;
- uint32_t kprec;
- uint32_t kpmk;
- uint32_t kpas;
- uint32_t kpasmkp[4];
- uint32_t kpkdi;
-};
-
-static void pxa27x_keypad_find_pressed_key(PXA2xxKeyPadState *kp, int *row, int *col)
-{
- int i;
- for (i = 0; i < 4; i++)
- {
- *col = i * 2;
- for (*row = 0; *row < 8; (*row)++) {
- if (kp->kpasmkp[i] & (1 << *row))
- return;
- }
- *col = i * 2 + 1;
- for (*row = 0; *row < 8; (*row)++) {
- if (kp->kpasmkp[i] & (1 << (*row + 16)))
- return;
- }
- }
-}
-
-static void pxa27x_keyboard_event (PXA2xxKeyPadState *kp, int keycode)
-{
- int row, col, rel, assert_irq = 0;
- uint32_t val;
-
- if (keycode == 0xe0) {
- kp->alt_code = 1;
- return;
- }
-
- if(!(kp->kpc & KPC_ME)) /* skip if not enabled */
- return;
-
- rel = (keycode & 0x80) ? 1 : 0; /* key release from qemu */
- keycode &= ~0x80; /* strip qemu key release bit */
- if (kp->alt_code) {
- keycode |= 0x80;
- kp->alt_code = 0;
- }
-
- row = kp->map[keycode].row;
- col = kp->map[keycode].column;
- if (row == -1 || col == -1) {
- return;
- }
-
- val = KPASMKPx_MKC(row, col);
- if (rel) {
- if (kp->kpasmkp[col / 2] & val) {
- kp->kpasmkp[col / 2] &= ~val;
- kp->pressed_cnt--;
- assert_irq = 1;
- }
- } else {
- if (!(kp->kpasmkp[col / 2] & val)) {
- kp->kpasmkp[col / 2] |= val;
- kp->pressed_cnt++;
- assert_irq = 1;
- }
- }
- kp->kpas = ((kp->pressed_cnt & 0x1f) << 26) | (0xf << 4) | 0xf;
- if (kp->pressed_cnt == 1) {
- kp->kpas &= ~((0xf << 4) | 0xf);
- if (rel) {
- pxa27x_keypad_find_pressed_key(kp, &row, &col);
- }
- kp->kpas |= ((row & 0xf) << 4) | (col & 0xf);
- }
-
- if (!(kp->kpc & (KPC_AS | KPC_ASACT)))
- assert_irq = 0;
-
- if (assert_irq && (kp->kpc & KPC_MIE)) {
- kp->kpc |= KPC_MI;
- qemu_irq_raise(kp->irq);
- }
-}
-
-static uint64_t pxa2xx_keypad_read(void *opaque, hwaddr offset,
- unsigned size)
-{
- PXA2xxKeyPadState *s = (PXA2xxKeyPadState *) opaque;
- uint32_t tmp;
-
- switch (offset) {
- case KPC:
- tmp = s->kpc;
- if(tmp & KPC_MI)
- s->kpc &= ~(KPC_MI);
- if(tmp & KPC_DI)
- s->kpc &= ~(KPC_DI);
- qemu_irq_lower(s->irq);
- return tmp;
- break;
- case KPDK:
- return s->kpdk;
- break;
- case KPREC:
- tmp = s->kprec;
- if(tmp & KPREC_OF1)
- s->kprec &= ~(KPREC_OF1);
- if(tmp & KPREC_UF1)
- s->kprec &= ~(KPREC_UF1);
- if(tmp & KPREC_OF0)
- s->kprec &= ~(KPREC_OF0);
- if(tmp & KPREC_UF0)
- s->kprec &= ~(KPREC_UF0);
- return tmp;
- break;
- case KPMK:
- tmp = s->kpmk;
- if(tmp & KPMK_MKP)
- s->kpmk &= ~(KPMK_MKP);
- return tmp;
- break;
- case KPAS:
- return s->kpas;
- break;
- case KPASMKP0:
- return s->kpasmkp[0];
- break;
- case KPASMKP1:
- return s->kpasmkp[1];
- break;
- case KPASMKP2:
- return s->kpasmkp[2];
- break;
- case KPASMKP3:
- return s->kpasmkp[3];
- break;
- case KPKDI:
- return s->kpkdi;
- break;
- default:
- hw_error("%s: Bad offset " REG_FMT "\n", __FUNCTION__, offset);
- }
-
- return 0;
-}
-
-static void pxa2xx_keypad_write(void *opaque, hwaddr offset,
- uint64_t value, unsigned size)
-{
- PXA2xxKeyPadState *s = (PXA2xxKeyPadState *) opaque;
-
- switch (offset) {
- case KPC:
- s->kpc = value;
- if (s->kpc & KPC_AS) {
- s->kpc &= ~(KPC_AS);
- }
- break;
- case KPDK:
- s->kpdk = value;
- break;
- case KPREC:
- s->kprec = value;
- break;
- case KPMK:
- s->kpmk = value;
- break;
- case KPAS:
- s->kpas = value;
- break;
- case KPASMKP0:
- s->kpasmkp[0] = value;
- break;
- case KPASMKP1:
- s->kpasmkp[1] = value;
- break;
- case KPASMKP2:
- s->kpasmkp[2] = value;
- break;
- case KPASMKP3:
- s->kpasmkp[3] = value;
- break;
- case KPKDI:
- s->kpkdi = value;
- break;
-
- default:
- hw_error("%s: Bad offset " REG_FMT "\n", __FUNCTION__, offset);
- }
-}
-
-static const MemoryRegionOps pxa2xx_keypad_ops = {
- .read = pxa2xx_keypad_read,
- .write = pxa2xx_keypad_write,
- .endianness = DEVICE_NATIVE_ENDIAN,
-};
-
-static const VMStateDescription vmstate_pxa2xx_keypad = {
- .name = "pxa2xx_keypad",
- .version_id = 0,
- .minimum_version_id = 0,
- .minimum_version_id_old = 0,
- .fields = (VMStateField[]) {
- VMSTATE_UINT32(kpc, PXA2xxKeyPadState),
- VMSTATE_UINT32(kpdk, PXA2xxKeyPadState),
- VMSTATE_UINT32(kprec, PXA2xxKeyPadState),
- VMSTATE_UINT32(kpmk, PXA2xxKeyPadState),
- VMSTATE_UINT32(kpas, PXA2xxKeyPadState),
- VMSTATE_UINT32_ARRAY(kpasmkp, PXA2xxKeyPadState, 4),
- VMSTATE_UINT32(kpkdi, PXA2xxKeyPadState),
- VMSTATE_END_OF_LIST()
- }
-};
-
-PXA2xxKeyPadState *pxa27x_keypad_init(MemoryRegion *sysmem,
- hwaddr base,
- qemu_irq irq)
-{
- PXA2xxKeyPadState *s;
-
- s = (PXA2xxKeyPadState *) g_malloc0(sizeof(PXA2xxKeyPadState));
- s->irq = irq;
-
- memory_region_init_io(&s->iomem, &pxa2xx_keypad_ops, s,
- "pxa2xx-keypad", 0x00100000);
- memory_region_add_subregion(sysmem, base, &s->iomem);
-
- vmstate_register(NULL, 0, &vmstate_pxa2xx_keypad, s);
-
- return s;
-}
-
-void pxa27x_register_keypad(PXA2xxKeyPadState *kp, struct keymap *map,
- int size)
-{
- if(!map || size < 0x80) {
- fprintf(stderr, "%s - No PXA keypad map defined\n", __FUNCTION__);
- exit(-1);
- }
-
- kp->map = map;
- qemu_add_kbd_event_handler((QEMUPutKBDEvent *) pxa27x_keyboard_event, kp);
-}
diff --git a/hw/pxa2xx_lcd.c b/hw/pxa2xx_lcd.c
deleted file mode 100644
index b53dfaf3c..000000000
--- a/hw/pxa2xx_lcd.c
+++ /dev/null
@@ -1,1051 +0,0 @@
-/*
- * Intel XScale PXA255/270 LCDC emulation.
- *
- * Copyright (c) 2006 Openedhand Ltd.
- * Written by Andrzej Zaborowski <balrog@zabor.org>
- *
- * This code is licensed under the GPLv2.
- *
- * Contributions after 2012-01-13 are licensed under the terms of the
- * GNU GPL, version 2 or (at your option) any later version.
- */
-
-#include "hw.h"
-#include "console.h"
-#include "pxa.h"
-#include "pixel_ops.h"
-/* FIXME: For graphic_rotate. Should probably be done in common code. */
-#include "sysemu.h"
-#include "framebuffer.h"
-
-struct DMAChannel {
- uint32_t branch;
- uint8_t up;
- uint8_t palette[1024];
- uint8_t pbuffer[1024];
- void (*redraw)(PXA2xxLCDState *s, hwaddr addr,
- int *miny, int *maxy);
-
- uint32_t descriptor;
- uint32_t source;
- uint32_t id;
- uint32_t command;
-};
-
-struct PXA2xxLCDState {
- MemoryRegion *sysmem;
- MemoryRegion iomem;
- qemu_irq irq;
- int irqlevel;
-
- int invalidated;
- DisplayState *ds;
- drawfn *line_fn[2];
- int dest_width;
- int xres, yres;
- int pal_for;
- int transp;
- enum {
- pxa_lcdc_2bpp = 1,
- pxa_lcdc_4bpp = 2,
- pxa_lcdc_8bpp = 3,
- pxa_lcdc_16bpp = 4,
- pxa_lcdc_18bpp = 5,
- pxa_lcdc_18pbpp = 6,
- pxa_lcdc_19bpp = 7,
- pxa_lcdc_19pbpp = 8,
- pxa_lcdc_24bpp = 9,
- pxa_lcdc_25bpp = 10,
- } bpp;
-
- uint32_t control[6];
- uint32_t status[2];
- uint32_t ovl1c[2];
- uint32_t ovl2c[2];
- uint32_t ccr;
- uint32_t cmdcr;
- uint32_t trgbr;
- uint32_t tcr;
- uint32_t liidr;
- uint8_t bscntr;
-
- struct DMAChannel dma_ch[7];
-
- qemu_irq vsync_cb;
- int orientation;
-};
-
-typedef struct QEMU_PACKED {
- uint32_t fdaddr;
- uint32_t fsaddr;
- uint32_t fidr;
- uint32_t ldcmd;
-} PXAFrameDescriptor;
-
-#define LCCR0 0x000 /* LCD Controller Control register 0 */
-#define LCCR1 0x004 /* LCD Controller Control register 1 */
-#define LCCR2 0x008 /* LCD Controller Control register 2 */
-#define LCCR3 0x00c /* LCD Controller Control register 3 */
-#define LCCR4 0x010 /* LCD Controller Control register 4 */
-#define LCCR5 0x014 /* LCD Controller Control register 5 */
-
-#define FBR0 0x020 /* DMA Channel 0 Frame Branch register */
-#define FBR1 0x024 /* DMA Channel 1 Frame Branch register */
-#define FBR2 0x028 /* DMA Channel 2 Frame Branch register */
-#define FBR3 0x02c /* DMA Channel 3 Frame Branch register */
-#define FBR4 0x030 /* DMA Channel 4 Frame Branch register */
-#define FBR5 0x110 /* DMA Channel 5 Frame Branch register */
-#define FBR6 0x114 /* DMA Channel 6 Frame Branch register */
-
-#define LCSR1 0x034 /* LCD Controller Status register 1 */
-#define LCSR0 0x038 /* LCD Controller Status register 0 */
-#define LIIDR 0x03c /* LCD Controller Interrupt ID register */
-
-#define TRGBR 0x040 /* TMED RGB Seed register */
-#define TCR 0x044 /* TMED Control register */
-
-#define OVL1C1 0x050 /* Overlay 1 Control register 1 */
-#define OVL1C2 0x060 /* Overlay 1 Control register 2 */
-#define OVL2C1 0x070 /* Overlay 2 Control register 1 */
-#define OVL2C2 0x080 /* Overlay 2 Control register 2 */
-#define CCR 0x090 /* Cursor Control register */
-
-#define CMDCR 0x100 /* Command Control register */
-#define PRSR 0x104 /* Panel Read Status register */
-
-#define PXA_LCDDMA_CHANS 7
-#define DMA_FDADR 0x00 /* Frame Descriptor Address register */
-#define DMA_FSADR 0x04 /* Frame Source Address register */
-#define DMA_FIDR 0x08 /* Frame ID register */
-#define DMA_LDCMD 0x0c /* Command register */
-
-/* LCD Buffer Strength Control register */
-#define BSCNTR 0x04000054
-
-/* Bitfield masks */
-#define LCCR0_ENB (1 << 0)
-#define LCCR0_CMS (1 << 1)
-#define LCCR0_SDS (1 << 2)
-#define LCCR0_LDM (1 << 3)
-#define LCCR0_SOFM0 (1 << 4)
-#define LCCR0_IUM (1 << 5)
-#define LCCR0_EOFM0 (1 << 6)
-#define LCCR0_PAS (1 << 7)
-#define LCCR0_DPD (1 << 9)
-#define LCCR0_DIS (1 << 10)
-#define LCCR0_QDM (1 << 11)
-#define LCCR0_PDD (0xff << 12)
-#define LCCR0_BSM0 (1 << 20)
-#define LCCR0_OUM (1 << 21)
-#define LCCR0_LCDT (1 << 22)
-#define LCCR0_RDSTM (1 << 23)
-#define LCCR0_CMDIM (1 << 24)
-#define LCCR0_OUC (1 << 25)
-#define LCCR0_LDDALT (1 << 26)
-#define LCCR1_PPL(x) ((x) & 0x3ff)
-#define LCCR2_LPP(x) ((x) & 0x3ff)
-#define LCCR3_API (15 << 16)
-#define LCCR3_BPP(x) ((((x) >> 24) & 7) | (((x) >> 26) & 8))
-#define LCCR3_PDFOR(x) (((x) >> 30) & 3)
-#define LCCR4_K1(x) (((x) >> 0) & 7)
-#define LCCR4_K2(x) (((x) >> 3) & 7)
-#define LCCR4_K3(x) (((x) >> 6) & 7)
-#define LCCR4_PALFOR(x) (((x) >> 15) & 3)
-#define LCCR5_SOFM(ch) (1 << (ch - 1))
-#define LCCR5_EOFM(ch) (1 << (ch + 7))
-#define LCCR5_BSM(ch) (1 << (ch + 15))
-#define LCCR5_IUM(ch) (1 << (ch + 23))
-#define OVLC1_EN (1 << 31)
-#define CCR_CEN (1 << 31)
-#define FBR_BRA (1 << 0)
-#define FBR_BINT (1 << 1)
-#define FBR_SRCADDR (0xfffffff << 4)
-#define LCSR0_LDD (1 << 0)
-#define LCSR0_SOF0 (1 << 1)
-#define LCSR0_BER (1 << 2)
-#define LCSR0_ABC (1 << 3)
-#define LCSR0_IU0 (1 << 4)
-#define LCSR0_IU1 (1 << 5)
-#define LCSR0_OU (1 << 6)
-#define LCSR0_QD (1 << 7)
-#define LCSR0_EOF0 (1 << 8)
-#define LCSR0_BS0 (1 << 9)
-#define LCSR0_SINT (1 << 10)
-#define LCSR0_RDST (1 << 11)
-#define LCSR0_CMDINT (1 << 12)
-#define LCSR0_BERCH(x) (((x) & 7) << 28)
-#define LCSR1_SOF(ch) (1 << (ch - 1))
-#define LCSR1_EOF(ch) (1 << (ch + 7))
-#define LCSR1_BS(ch) (1 << (ch + 15))
-#define LCSR1_IU(ch) (1 << (ch + 23))
-#define LDCMD_LENGTH(x) ((x) & 0x001ffffc)
-#define LDCMD_EOFINT (1 << 21)
-#define LDCMD_SOFINT (1 << 22)
-#define LDCMD_PAL (1 << 26)
-
-/* Route internal interrupt lines to the global IC */
-static void pxa2xx_lcdc_int_update(PXA2xxLCDState *s)
-{
- int level = 0;
- level |= (s->status[0] & LCSR0_LDD) && !(s->control[0] & LCCR0_LDM);
- level |= (s->status[0] & LCSR0_SOF0) && !(s->control[0] & LCCR0_SOFM0);
- level |= (s->status[0] & LCSR0_IU0) && !(s->control[0] & LCCR0_IUM);
- level |= (s->status[0] & LCSR0_IU1) && !(s->control[5] & LCCR5_IUM(1));
- level |= (s->status[0] & LCSR0_OU) && !(s->control[0] & LCCR0_OUM);
- level |= (s->status[0] & LCSR0_QD) && !(s->control[0] & LCCR0_QDM);
- level |= (s->status[0] & LCSR0_EOF0) && !(s->control[0] & LCCR0_EOFM0);
- level |= (s->status[0] & LCSR0_BS0) && !(s->control[0] & LCCR0_BSM0);
- level |= (s->status[0] & LCSR0_RDST) && !(s->control[0] & LCCR0_RDSTM);
- level |= (s->status[0] & LCSR0_CMDINT) && !(s->control[0] & LCCR0_CMDIM);
- level |= (s->status[1] & ~s->control[5]);
-
- qemu_set_irq(s->irq, !!level);
- s->irqlevel = level;
-}
-
-/* Set Branch Status interrupt high and poke associated registers */
-static inline void pxa2xx_dma_bs_set(PXA2xxLCDState *s, int ch)
-{
- int unmasked;
- if (ch == 0) {
- s->status[0] |= LCSR0_BS0;
- unmasked = !(s->control[0] & LCCR0_BSM0);
- } else {
- s->status[1] |= LCSR1_BS(ch);
- unmasked = !(s->control[5] & LCCR5_BSM(ch));
- }
-
- if (unmasked) {
- if (s->irqlevel)
- s->status[0] |= LCSR0_SINT;
- else
- s->liidr = s->dma_ch[ch].id;
- }
-}
-
-/* Set Start Of Frame Status interrupt high and poke associated registers */
-static inline void pxa2xx_dma_sof_set(PXA2xxLCDState *s, int ch)
-{
- int unmasked;
- if (!(s->dma_ch[ch].command & LDCMD_SOFINT))
- return;
-
- if (ch == 0) {
- s->status[0] |= LCSR0_SOF0;
- unmasked = !(s->control[0] & LCCR0_SOFM0);
- } else {
- s->status[1] |= LCSR1_SOF(ch);
- unmasked = !(s->control[5] & LCCR5_SOFM(ch));
- }
-
- if (unmasked) {
- if (s->irqlevel)
- s->status[0] |= LCSR0_SINT;
- else
- s->liidr = s->dma_ch[ch].id;
- }
-}
-
-/* Set End Of Frame Status interrupt high and poke associated registers */
-static inline void pxa2xx_dma_eof_set(PXA2xxLCDState *s, int ch)
-{
- int unmasked;
- if (!(s->dma_ch[ch].command & LDCMD_EOFINT))
- return;
-
- if (ch == 0) {
- s->status[0] |= LCSR0_EOF0;
- unmasked = !(s->control[0] & LCCR0_EOFM0);
- } else {
- s->status[1] |= LCSR1_EOF(ch);
- unmasked = !(s->control[5] & LCCR5_EOFM(ch));
- }
-
- if (unmasked) {
- if (s->irqlevel)
- s->status[0] |= LCSR0_SINT;
- else
- s->liidr = s->dma_ch[ch].id;
- }
-}
-
-/* Set Bus Error Status interrupt high and poke associated registers */
-static inline void pxa2xx_dma_ber_set(PXA2xxLCDState *s, int ch)
-{
- s->status[0] |= LCSR0_BERCH(ch) | LCSR0_BER;
- if (s->irqlevel)
- s->status[0] |= LCSR0_SINT;
- else
- s->liidr = s->dma_ch[ch].id;
-}
-
-/* Set Read Status interrupt high and poke associated registers */
-static inline void pxa2xx_dma_rdst_set(PXA2xxLCDState *s)
-{
- s->status[0] |= LCSR0_RDST;
- if (s->irqlevel && !(s->control[0] & LCCR0_RDSTM))
- s->status[0] |= LCSR0_SINT;
-}
-
-/* Load new Frame Descriptors from DMA */
-static void pxa2xx_descriptor_load(PXA2xxLCDState *s)
-{
- PXAFrameDescriptor desc;
- hwaddr descptr;
- int i;
-
- for (i = 0; i < PXA_LCDDMA_CHANS; i ++) {
- s->dma_ch[i].source = 0;
-
- if (!s->dma_ch[i].up)
- continue;
-
- if (s->dma_ch[i].branch & FBR_BRA) {
- descptr = s->dma_ch[i].branch & FBR_SRCADDR;
- if (s->dma_ch[i].branch & FBR_BINT)
- pxa2xx_dma_bs_set(s, i);
- s->dma_ch[i].branch &= ~FBR_BRA;
- } else
- descptr = s->dma_ch[i].descriptor;
-
- if (!((descptr >= PXA2XX_SDRAM_BASE && descptr +
- sizeof(desc) <= PXA2XX_SDRAM_BASE + ram_size) ||
- (descptr >= PXA2XX_INTERNAL_BASE && descptr + sizeof(desc) <=
- PXA2XX_INTERNAL_BASE + PXA2XX_INTERNAL_SIZE))) {
- continue;
- }
-
- cpu_physical_memory_read(descptr, (void *)&desc, sizeof(desc));
- s->dma_ch[i].descriptor = tswap32(desc.fdaddr);
- s->dma_ch[i].source = tswap32(desc.fsaddr);
- s->dma_ch[i].id = tswap32(desc.fidr);
- s->dma_ch[i].command = tswap32(desc.ldcmd);
- }
-}
-
-static uint64_t pxa2xx_lcdc_read(void *opaque, hwaddr offset,
- unsigned size)
-{
- PXA2xxLCDState *s = (PXA2xxLCDState *) opaque;
- int ch;
-
- switch (offset) {
- case LCCR0:
- return s->control[0];
- case LCCR1:
- return s->control[1];
- case LCCR2:
- return s->control[2];
- case LCCR3:
- return s->control[3];
- case LCCR4:
- return s->control[4];
- case LCCR5:
- return s->control[5];
-
- case OVL1C1:
- return s->ovl1c[0];
- case OVL1C2:
- return s->ovl1c[1];
- case OVL2C1:
- return s->ovl2c[0];
- case OVL2C2:
- return s->ovl2c[1];
-
- case CCR:
- return s->ccr;
-
- case CMDCR:
- return s->cmdcr;
-
- case TRGBR:
- return s->trgbr;
- case TCR:
- return s->tcr;
-
- case 0x200 ... 0x1000: /* DMA per-channel registers */
- ch = (offset - 0x200) >> 4;
- if (!(ch >= 0 && ch < PXA_LCDDMA_CHANS))
- goto fail;
-
- switch (offset & 0xf) {
- case DMA_FDADR:
- return s->dma_ch[ch].descriptor;
- case DMA_FSADR:
- return s->dma_ch[ch].source;
- case DMA_FIDR:
- return s->dma_ch[ch].id;
- case DMA_LDCMD:
- return s->dma_ch[ch].command;
- default:
- goto fail;
- }
-
- case FBR0:
- return s->dma_ch[0].branch;
- case FBR1:
- return s->dma_ch[1].branch;
- case FBR2:
- return s->dma_ch[2].branch;
- case FBR3:
- return s->dma_ch[3].branch;
- case FBR4:
- return s->dma_ch[4].branch;
- case FBR5:
- return s->dma_ch[5].branch;
- case FBR6:
- return s->dma_ch[6].branch;
-
- case BSCNTR:
- return s->bscntr;
-
- case PRSR:
- return 0;
-
- case LCSR0:
- return s->status[0];
- case LCSR1:
- return s->status[1];
- case LIIDR:
- return s->liidr;
-
- default:
- fail:
- hw_error("%s: Bad offset " REG_FMT "\n", __FUNCTION__, offset);
- }
-
- return 0;
-}
-
-static void pxa2xx_lcdc_write(void *opaque, hwaddr offset,
- uint64_t value, unsigned size)
-{
- PXA2xxLCDState *s = (PXA2xxLCDState *) opaque;
- int ch;
-
- switch (offset) {
- case LCCR0:
- /* ACK Quick Disable done */
- if ((s->control[0] & LCCR0_ENB) && !(value & LCCR0_ENB))
- s->status[0] |= LCSR0_QD;
-
- if (!(s->control[0] & LCCR0_LCDT) && (value & LCCR0_LCDT))
- printf("%s: internal frame buffer unsupported\n", __FUNCTION__);
-
- if ((s->control[3] & LCCR3_API) &&
- (value & LCCR0_ENB) && !(value & LCCR0_LCDT))
- s->status[0] |= LCSR0_ABC;
-
- s->control[0] = value & 0x07ffffff;
- pxa2xx_lcdc_int_update(s);
-
- s->dma_ch[0].up = !!(value & LCCR0_ENB);
- s->dma_ch[1].up = (s->ovl1c[0] & OVLC1_EN) || (value & LCCR0_SDS);
- break;
-
- case LCCR1:
- s->control[1] = value;
- break;
-
- case LCCR2:
- s->control[2] = value;
- break;
-
- case LCCR3:
- s->control[3] = value & 0xefffffff;
- s->bpp = LCCR3_BPP(value);
- break;
-
- case LCCR4:
- s->control[4] = value & 0x83ff81ff;
- break;
-
- case LCCR5:
- s->control[5] = value & 0x3f3f3f3f;
- break;
-
- case OVL1C1:
- if (!(s->ovl1c[0] & OVLC1_EN) && (value & OVLC1_EN))
- printf("%s: Overlay 1 not supported\n", __FUNCTION__);
-
- s->ovl1c[0] = value & 0x80ffffff;
- s->dma_ch[1].up = (value & OVLC1_EN) || (s->control[0] & LCCR0_SDS);
- break;
-
- case OVL1C2:
- s->ovl1c[1] = value & 0x000fffff;
- break;
-
- case OVL2C1:
- if (!(s->ovl2c[0] & OVLC1_EN) && (value & OVLC1_EN))
- printf("%s: Overlay 2 not supported\n", __FUNCTION__);
-
- s->ovl2c[0] = value & 0x80ffffff;
- s->dma_ch[2].up = !!(value & OVLC1_EN);
- s->dma_ch[3].up = !!(value & OVLC1_EN);
- s->dma_ch[4].up = !!(value & OVLC1_EN);
- break;
-
- case OVL2C2:
- s->ovl2c[1] = value & 0x007fffff;
- break;
-
- case CCR:
- if (!(s->ccr & CCR_CEN) && (value & CCR_CEN))
- printf("%s: Hardware cursor unimplemented\n", __FUNCTION__);
-
- s->ccr = value & 0x81ffffe7;
- s->dma_ch[5].up = !!(value & CCR_CEN);
- break;
-
- case CMDCR:
- s->cmdcr = value & 0xff;
- break;
-
- case TRGBR:
- s->trgbr = value & 0x00ffffff;
- break;
-
- case TCR:
- s->tcr = value & 0x7fff;
- break;
-
- case 0x200 ... 0x1000: /* DMA per-channel registers */
- ch = (offset - 0x200) >> 4;
- if (!(ch >= 0 && ch < PXA_LCDDMA_CHANS))
- goto fail;
-
- switch (offset & 0xf) {
- case DMA_FDADR:
- s->dma_ch[ch].descriptor = value & 0xfffffff0;
- break;
-
- default:
- goto fail;
- }
- break;
-
- case FBR0:
- s->dma_ch[0].branch = value & 0xfffffff3;
- break;
- case FBR1:
- s->dma_ch[1].branch = value & 0xfffffff3;
- break;
- case FBR2:
- s->dma_ch[2].branch = value & 0xfffffff3;
- break;
- case FBR3:
- s->dma_ch[3].branch = value & 0xfffffff3;
- break;
- case FBR4:
- s->dma_ch[4].branch = value & 0xfffffff3;
- break;
- case FBR5:
- s->dma_ch[5].branch = value & 0xfffffff3;
- break;
- case FBR6:
- s->dma_ch[6].branch = value & 0xfffffff3;
- break;
-
- case BSCNTR:
- s->bscntr = value & 0xf;
- break;
-
- case PRSR:
- break;
-
- case LCSR0:
- s->status[0] &= ~(value & 0xfff);
- if (value & LCSR0_BER)
- s->status[0] &= ~LCSR0_BERCH(7);
- break;
-
- case LCSR1:
- s->status[1] &= ~(value & 0x3e3f3f);
- break;
-
- default:
- fail:
- hw_error("%s: Bad offset " REG_FMT "\n", __FUNCTION__, offset);
- }
-}
-
-static const MemoryRegionOps pxa2xx_lcdc_ops = {
- .read = pxa2xx_lcdc_read,
- .write = pxa2xx_lcdc_write,
- .endianness = DEVICE_NATIVE_ENDIAN,
-};
-
-/* Load new palette for a given DMA channel, convert to internal format */
-static void pxa2xx_palette_parse(PXA2xxLCDState *s, int ch, int bpp)
-{
- int i, n, format, r, g, b, alpha;
- uint32_t *dest;
- uint8_t *src;
- s->pal_for = LCCR4_PALFOR(s->control[4]);
- format = s->pal_for;
-
- switch (bpp) {
- case pxa_lcdc_2bpp:
- n = 4;
- break;
- case pxa_lcdc_4bpp:
- n = 16;
- break;
- case pxa_lcdc_8bpp:
- n = 256;
- break;
- default:
- format = 0;
- return;
- }
-
- src = (uint8_t *) s->dma_ch[ch].pbuffer;
- dest = (uint32_t *) s->dma_ch[ch].palette;
- alpha = r = g = b = 0;
-
- for (i = 0; i < n; i ++) {
- switch (format) {
- case 0: /* 16 bpp, no transparency */
- alpha = 0;
- if (s->control[0] & LCCR0_CMS) {
- r = g = b = *(uint16_t *) src & 0xff;
- }
- else {
- r = (*(uint16_t *) src & 0xf800) >> 8;
- g = (*(uint16_t *) src & 0x07e0) >> 3;
- b = (*(uint16_t *) src & 0x001f) << 3;
- }
- src += 2;
- break;
- case 1: /* 16 bpp plus transparency */
- alpha = *(uint16_t *) src & (1 << 24);
- if (s->control[0] & LCCR0_CMS)
- r = g = b = *(uint16_t *) src & 0xff;
- else {
- r = (*(uint16_t *) src & 0xf800) >> 8;
- g = (*(uint16_t *) src & 0x07e0) >> 3;
- b = (*(uint16_t *) src & 0x001f) << 3;
- }
- src += 2;
- break;
- case 2: /* 18 bpp plus transparency */
- alpha = *(uint32_t *) src & (1 << 24);
- if (s->control[0] & LCCR0_CMS)
- r = g = b = *(uint32_t *) src & 0xff;
- else {
- r = (*(uint32_t *) src & 0xf80000) >> 16;
- g = (*(uint32_t *) src & 0x00fc00) >> 8;
- b = (*(uint32_t *) src & 0x0000f8);
- }
- src += 4;
- break;
- case 3: /* 24 bpp plus transparency */
- alpha = *(uint32_t *) src & (1 << 24);
- if (s->control[0] & LCCR0_CMS)
- r = g = b = *(uint32_t *) src & 0xff;
- else {
- r = (*(uint32_t *) src & 0xff0000) >> 16;
- g = (*(uint32_t *) src & 0x00ff00) >> 8;
- b = (*(uint32_t *) src & 0x0000ff);
- }
- src += 4;
- break;
- }
- switch (ds_get_bits_per_pixel(s->ds)) {
- case 8:
- *dest = rgb_to_pixel8(r, g, b) | alpha;
- break;
- case 15:
- *dest = rgb_to_pixel15(r, g, b) | alpha;
- break;
- case 16:
- *dest = rgb_to_pixel16(r, g, b) | alpha;
- break;
- case 24:
- *dest = rgb_to_pixel24(r, g, b) | alpha;
- break;
- case 32:
- *dest = rgb_to_pixel32(r, g, b) | alpha;
- break;
- }
- dest ++;
- }
-}
-
-static void pxa2xx_lcdc_dma0_redraw_rot0(PXA2xxLCDState *s,
- hwaddr addr, int *miny, int *maxy)
-{
- int src_width, dest_width;
- drawfn fn = NULL;
- if (s->dest_width)
- fn = s->line_fn[s->transp][s->bpp];
- if (!fn)
- return;
-
- src_width = (s->xres + 3) & ~3; /* Pad to a 4 pixels multiple */
- if (s->bpp == pxa_lcdc_19pbpp || s->bpp == pxa_lcdc_18pbpp)
- src_width *= 3;
- else if (s->bpp > pxa_lcdc_16bpp)
- src_width *= 4;
- else if (s->bpp > pxa_lcdc_8bpp)
- src_width *= 2;
-
- dest_width = s->xres * s->dest_width;
- *miny = 0;
- framebuffer_update_display(s->ds, s->sysmem,
- addr, s->xres, s->yres,
- src_width, dest_width, s->dest_width,
- s->invalidated,
- fn, s->dma_ch[0].palette, miny, maxy);
-}
-
-static void pxa2xx_lcdc_dma0_redraw_rot90(PXA2xxLCDState *s,
- hwaddr addr, int *miny, int *maxy)
-{
- int src_width, dest_width;
- drawfn fn = NULL;
- if (s->dest_width)
- fn = s->line_fn[s->transp][s->bpp];
- if (!fn)
- return;
-
- src_width = (s->xres + 3) & ~3; /* Pad to a 4 pixels multiple */
- if (s->bpp == pxa_lcdc_19pbpp || s->bpp == pxa_lcdc_18pbpp)
- src_width *= 3;
- else if (s->bpp > pxa_lcdc_16bpp)
- src_width *= 4;
- else if (s->bpp > pxa_lcdc_8bpp)
- src_width *= 2;
-
- dest_width = s->yres * s->dest_width;
- *miny = 0;
- framebuffer_update_display(s->ds, s->sysmem,
- addr, s->xres, s->yres,
- src_width, s->dest_width, -dest_width,
- s->invalidated,
- fn, s->dma_ch[0].palette,
- miny, maxy);
-}
-
-static void pxa2xx_lcdc_dma0_redraw_rot180(PXA2xxLCDState *s,
- hwaddr addr, int *miny, int *maxy)
-{
- int src_width, dest_width;
- drawfn fn = NULL;
- if (s->dest_width) {
- fn = s->line_fn[s->transp][s->bpp];
- }
- if (!fn) {
- return;
- }
-
- src_width = (s->xres + 3) & ~3; /* Pad to a 4 pixels multiple */
- if (s->bpp == pxa_lcdc_19pbpp || s->bpp == pxa_lcdc_18pbpp) {
- src_width *= 3;
- } else if (s->bpp > pxa_lcdc_16bpp) {
- src_width *= 4;
- } else if (s->bpp > pxa_lcdc_8bpp) {
- src_width *= 2;
- }
-
- dest_width = s->xres * s->dest_width;
- *miny = 0;
- framebuffer_update_display(s->ds, s->sysmem,
- addr, s->xres, s->yres,
- src_width, -dest_width, -s->dest_width,
- s->invalidated,
- fn, s->dma_ch[0].palette, miny, maxy);
-}
-
-static void pxa2xx_lcdc_dma0_redraw_rot270(PXA2xxLCDState *s,
- hwaddr addr, int *miny, int *maxy)
-{
- int src_width, dest_width;
- drawfn fn = NULL;
- if (s->dest_width) {
- fn = s->line_fn[s->transp][s->bpp];
- }
- if (!fn) {
- return;
- }
-
- src_width = (s->xres + 3) & ~3; /* Pad to a 4 pixels multiple */
- if (s->bpp == pxa_lcdc_19pbpp || s->bpp == pxa_lcdc_18pbpp) {
- src_width *= 3;
- } else if (s->bpp > pxa_lcdc_16bpp) {
- src_width *= 4;
- } else if (s->bpp > pxa_lcdc_8bpp) {
- src_width *= 2;
- }
-
- dest_width = s->yres * s->dest_width;
- *miny = 0;
- framebuffer_update_display(s->ds, s->sysmem,
- addr, s->xres, s->yres,
- src_width, -s->dest_width, dest_width,
- s->invalidated,
- fn, s->dma_ch[0].palette,
- miny, maxy);
-}
-
-static void pxa2xx_lcdc_resize(PXA2xxLCDState *s)
-{
- int width, height;
- if (!(s->control[0] & LCCR0_ENB))
- return;
-
- width = LCCR1_PPL(s->control[1]) + 1;
- height = LCCR2_LPP(s->control[2]) + 1;
-
- if (width != s->xres || height != s->yres) {
- if (s->orientation == 90 || s->orientation == 270) {
- qemu_console_resize(s->ds, height, width);
- } else {
- qemu_console_resize(s->ds, width, height);
- }
- s->invalidated = 1;
- s->xres = width;
- s->yres = height;
- }
-}
-
-static void pxa2xx_update_display(void *opaque)
-{
- PXA2xxLCDState *s = (PXA2xxLCDState *) opaque;
- hwaddr fbptr;
- int miny, maxy;
- int ch;
- if (!(s->control[0] & LCCR0_ENB))
- return;
-
- pxa2xx_descriptor_load(s);
-
- pxa2xx_lcdc_resize(s);
- miny = s->yres;
- maxy = 0;
- s->transp = s->dma_ch[2].up || s->dma_ch[3].up;
- /* Note: With overlay planes the order depends on LCCR0 bit 25. */
- for (ch = 0; ch < PXA_LCDDMA_CHANS; ch ++)
- if (s->dma_ch[ch].up) {
- if (!s->dma_ch[ch].source) {
- pxa2xx_dma_ber_set(s, ch);
- continue;
- }
- fbptr = s->dma_ch[ch].source;
- if (!((fbptr >= PXA2XX_SDRAM_BASE &&
- fbptr <= PXA2XX_SDRAM_BASE + ram_size) ||
- (fbptr >= PXA2XX_INTERNAL_BASE &&
- fbptr <= PXA2XX_INTERNAL_BASE + PXA2XX_INTERNAL_SIZE))) {
- pxa2xx_dma_ber_set(s, ch);
- continue;
- }
-
- if (s->dma_ch[ch].command & LDCMD_PAL) {
- cpu_physical_memory_read(fbptr, s->dma_ch[ch].pbuffer,
- MAX(LDCMD_LENGTH(s->dma_ch[ch].command),
- sizeof(s->dma_ch[ch].pbuffer)));
- pxa2xx_palette_parse(s, ch, s->bpp);
- } else {
- /* Do we need to reparse palette */
- if (LCCR4_PALFOR(s->control[4]) != s->pal_for)
- pxa2xx_palette_parse(s, ch, s->bpp);
-
- /* ACK frame start */
- pxa2xx_dma_sof_set(s, ch);
-
- s->dma_ch[ch].redraw(s, fbptr, &miny, &maxy);
- s->invalidated = 0;
-
- /* ACK frame completed */
- pxa2xx_dma_eof_set(s, ch);
- }
- }
-
- if (s->control[0] & LCCR0_DIS) {
- /* ACK last frame completed */
- s->control[0] &= ~LCCR0_ENB;
- s->status[0] |= LCSR0_LDD;
- }
-
- if (miny >= 0) {
- switch (s->orientation) {
- case 0:
- dpy_gfx_update(s->ds, 0, miny, s->xres, maxy - miny + 1);
- break;
- case 90:
- dpy_gfx_update(s->ds, miny, 0, maxy - miny + 1, s->xres);
- break;
- case 180:
- maxy = s->yres - maxy - 1;
- miny = s->yres - miny - 1;
- dpy_gfx_update(s->ds, 0, maxy, s->xres, miny - maxy + 1);
- break;
- case 270:
- maxy = s->yres - maxy - 1;
- miny = s->yres - miny - 1;
- dpy_gfx_update(s->ds, maxy, 0, miny - maxy + 1, s->xres);
- break;
- }
- }
- pxa2xx_lcdc_int_update(s);
-
- qemu_irq_raise(s->vsync_cb);
-}
-
-static void pxa2xx_invalidate_display(void *opaque)
-{
- PXA2xxLCDState *s = (PXA2xxLCDState *) opaque;
- s->invalidated = 1;
-}
-
-static void pxa2xx_lcdc_orientation(void *opaque, int angle)
-{
- PXA2xxLCDState *s = (PXA2xxLCDState *) opaque;
-
- switch (angle) {
- case 0:
- s->dma_ch[0].redraw = pxa2xx_lcdc_dma0_redraw_rot0;
- break;
- case 90:
- s->dma_ch[0].redraw = pxa2xx_lcdc_dma0_redraw_rot90;
- break;
- case 180:
- s->dma_ch[0].redraw = pxa2xx_lcdc_dma0_redraw_rot180;
- break;
- case 270:
- s->dma_ch[0].redraw = pxa2xx_lcdc_dma0_redraw_rot270;
- break;
- }
-
- s->orientation = angle;
- s->xres = s->yres = -1;
- pxa2xx_lcdc_resize(s);
-}
-
-static const VMStateDescription vmstate_dma_channel = {
- .name = "dma_channel",
- .version_id = 0,
- .minimum_version_id = 0,
- .minimum_version_id_old = 0,
- .fields = (VMStateField[]) {
- VMSTATE_UINT32(branch, struct DMAChannel),
- VMSTATE_UINT8(up, struct DMAChannel),
- VMSTATE_BUFFER(pbuffer, struct DMAChannel),
- VMSTATE_UINT32(descriptor, struct DMAChannel),
- VMSTATE_UINT32(source, struct DMAChannel),
- VMSTATE_UINT32(id, struct DMAChannel),
- VMSTATE_UINT32(command, struct DMAChannel),
- VMSTATE_END_OF_LIST()
- }
-};
-
-static int pxa2xx_lcdc_post_load(void *opaque, int version_id)
-{
- PXA2xxLCDState *s = opaque;
-
- s->bpp = LCCR3_BPP(s->control[3]);
- s->xres = s->yres = s->pal_for = -1;
-
- return 0;
-}
-
-static const VMStateDescription vmstate_pxa2xx_lcdc = {
- .name = "pxa2xx_lcdc",
- .version_id = 0,
- .minimum_version_id = 0,
- .minimum_version_id_old = 0,
- .post_load = pxa2xx_lcdc_post_load,
- .fields = (VMStateField[]) {
- VMSTATE_INT32(irqlevel, PXA2xxLCDState),
- VMSTATE_INT32(transp, PXA2xxLCDState),
- VMSTATE_UINT32_ARRAY(control, PXA2xxLCDState, 6),
- VMSTATE_UINT32_ARRAY(status, PXA2xxLCDState, 2),
- VMSTATE_UINT32_ARRAY(ovl1c, PXA2xxLCDState, 2),
- VMSTATE_UINT32_ARRAY(ovl2c, PXA2xxLCDState, 2),
- VMSTATE_UINT32(ccr, PXA2xxLCDState),
- VMSTATE_UINT32(cmdcr, PXA2xxLCDState),
- VMSTATE_UINT32(trgbr, PXA2xxLCDState),
- VMSTATE_UINT32(tcr, PXA2xxLCDState),
- VMSTATE_UINT32(liidr, PXA2xxLCDState),
- VMSTATE_UINT8(bscntr, PXA2xxLCDState),
- VMSTATE_STRUCT_ARRAY(dma_ch, PXA2xxLCDState, 7, 0,
- vmstate_dma_channel, struct DMAChannel),
- VMSTATE_END_OF_LIST()
- }
-};
-
-#define BITS 8
-#include "pxa2xx_template.h"
-#define BITS 15
-#include "pxa2xx_template.h"
-#define BITS 16
-#include "pxa2xx_template.h"
-#define BITS 24
-#include "pxa2xx_template.h"
-#define BITS 32
-#include "pxa2xx_template.h"
-
-PXA2xxLCDState *pxa2xx_lcdc_init(MemoryRegion *sysmem,
- hwaddr base, qemu_irq irq)
-{
- PXA2xxLCDState *s;
-
- s = (PXA2xxLCDState *) g_malloc0(sizeof(PXA2xxLCDState));
- s->invalidated = 1;
- s->irq = irq;
- s->sysmem = sysmem;
-
- pxa2xx_lcdc_orientation(s, graphic_rotate);
-
- memory_region_init_io(&s->iomem, &pxa2xx_lcdc_ops, s,
- "pxa2xx-lcd-controller", 0x00100000);
- memory_region_add_subregion(sysmem, base, &s->iomem);
-
- s->ds = graphic_console_init(pxa2xx_update_display,
- pxa2xx_invalidate_display,
- NULL, NULL, s);
-
- switch (ds_get_bits_per_pixel(s->ds)) {
- case 0:
- s->dest_width = 0;
- break;
- case 8:
- s->line_fn[0] = pxa2xx_draw_fn_8;
- s->line_fn[1] = pxa2xx_draw_fn_8t;
- s->dest_width = 1;
- break;
- case 15:
- s->line_fn[0] = pxa2xx_draw_fn_15;
- s->line_fn[1] = pxa2xx_draw_fn_15t;
- s->dest_width = 2;
- break;
- case 16:
- s->line_fn[0] = pxa2xx_draw_fn_16;
- s->line_fn[1] = pxa2xx_draw_fn_16t;
- s->dest_width = 2;
- break;
- case 24:
- s->line_fn[0] = pxa2xx_draw_fn_24;
- s->line_fn[1] = pxa2xx_draw_fn_24t;
- s->dest_width = 3;
- break;
- case 32:
- s->line_fn[0] = pxa2xx_draw_fn_32;
- s->line_fn[1] = pxa2xx_draw_fn_32t;
- s->dest_width = 4;
- break;
- default:
- fprintf(stderr, "%s: Bad color depth\n", __FUNCTION__);
- exit(1);
- }
-
- vmstate_register(NULL, 0, &vmstate_pxa2xx_lcdc, s);
-
- return s;
-}
-
-void pxa2xx_lcd_vsync_notifier(PXA2xxLCDState *s, qemu_irq handler)
-{
- s->vsync_cb = handler;
-}
diff --git a/hw/pxa2xx_mmci.c b/hw/pxa2xx_mmci.c
deleted file mode 100644
index 358996871..000000000
--- a/hw/pxa2xx_mmci.c
+++ /dev/null
@@ -1,553 +0,0 @@
-/*
- * Intel XScale PXA255/270 MultiMediaCard/SD/SDIO Controller emulation.
- *
- * Copyright (c) 2006 Openedhand Ltd.
- * Written by Andrzej Zaborowski <balrog@zabor.org>
- *
- * This code is licensed under the GPLv2.
- *
- * Contributions after 2012-01-13 are licensed under the terms of the
- * GNU GPL, version 2 or (at your option) any later version.
- */
-
-#include "hw.h"
-#include "pxa.h"
-#include "sd.h"
-#include "qdev.h"
-
-struct PXA2xxMMCIState {
- MemoryRegion iomem;
- qemu_irq irq;
- qemu_irq rx_dma;
- qemu_irq tx_dma;
-
- SDState *card;
-
- uint32_t status;
- uint32_t clkrt;
- uint32_t spi;
- uint32_t cmdat;
- uint32_t resp_tout;
- uint32_t read_tout;
- int blklen;
- int numblk;
- uint32_t intmask;
- uint32_t intreq;
- int cmd;
- uint32_t arg;
-
- int active;
- int bytesleft;
- uint8_t tx_fifo[64];
- int tx_start;
- int tx_len;
- uint8_t rx_fifo[32];
- int rx_start;
- int rx_len;
- uint16_t resp_fifo[9];
- int resp_len;
-
- int cmdreq;
- int ac_width;
-};
-
-#define MMC_STRPCL 0x00 /* MMC Clock Start/Stop register */
-#define MMC_STAT 0x04 /* MMC Status register */
-#define MMC_CLKRT 0x08 /* MMC Clock Rate register */
-#define MMC_SPI 0x0c /* MMC SPI Mode register */
-#define MMC_CMDAT 0x10 /* MMC Command/Data register */
-#define MMC_RESTO 0x14 /* MMC Response Time-Out register */
-#define MMC_RDTO 0x18 /* MMC Read Time-Out register */
-#define MMC_BLKLEN 0x1c /* MMC Block Length register */
-#define MMC_NUMBLK 0x20 /* MMC Number of Blocks register */
-#define MMC_PRTBUF 0x24 /* MMC Buffer Partly Full register */
-#define MMC_I_MASK 0x28 /* MMC Interrupt Mask register */
-#define MMC_I_REG 0x2c /* MMC Interrupt Request register */
-#define MMC_CMD 0x30 /* MMC Command register */
-#define MMC_ARGH 0x34 /* MMC Argument High register */
-#define MMC_ARGL 0x38 /* MMC Argument Low register */
-#define MMC_RES 0x3c /* MMC Response FIFO */
-#define MMC_RXFIFO 0x40 /* MMC Receive FIFO */
-#define MMC_TXFIFO 0x44 /* MMC Transmit FIFO */
-#define MMC_RDWAIT 0x48 /* MMC RD_WAIT register */
-#define MMC_BLKS_REM 0x4c /* MMC Blocks Remaining register */
-
-/* Bitfield masks */
-#define STRPCL_STOP_CLK (1 << 0)
-#define STRPCL_STRT_CLK (1 << 1)
-#define STAT_TOUT_RES (1 << 1)
-#define STAT_CLK_EN (1 << 8)
-#define STAT_DATA_DONE (1 << 11)
-#define STAT_PRG_DONE (1 << 12)
-#define STAT_END_CMDRES (1 << 13)
-#define SPI_SPI_MODE (1 << 0)
-#define CMDAT_RES_TYPE (3 << 0)
-#define CMDAT_DATA_EN (1 << 2)
-#define CMDAT_WR_RD (1 << 3)
-#define CMDAT_DMA_EN (1 << 7)
-#define CMDAT_STOP_TRAN (1 << 10)
-#define INT_DATA_DONE (1 << 0)
-#define INT_PRG_DONE (1 << 1)
-#define INT_END_CMD (1 << 2)
-#define INT_STOP_CMD (1 << 3)
-#define INT_CLK_OFF (1 << 4)
-#define INT_RXFIFO_REQ (1 << 5)
-#define INT_TXFIFO_REQ (1 << 6)
-#define INT_TINT (1 << 7)
-#define INT_DAT_ERR (1 << 8)
-#define INT_RES_ERR (1 << 9)
-#define INT_RD_STALLED (1 << 10)
-#define INT_SDIO_INT (1 << 11)
-#define INT_SDIO_SACK (1 << 12)
-#define PRTBUF_PRT_BUF (1 << 0)
-
-/* Route internal interrupt lines to the global IC and DMA */
-static void pxa2xx_mmci_int_update(PXA2xxMMCIState *s)
-{
- uint32_t mask = s->intmask;
- if (s->cmdat & CMDAT_DMA_EN) {
- mask |= INT_RXFIFO_REQ | INT_TXFIFO_REQ;
-
- qemu_set_irq(s->rx_dma, !!(s->intreq & INT_RXFIFO_REQ));
- qemu_set_irq(s->tx_dma, !!(s->intreq & INT_TXFIFO_REQ));
- }
-
- qemu_set_irq(s->irq, !!(s->intreq & ~mask));
-}
-
-static void pxa2xx_mmci_fifo_update(PXA2xxMMCIState *s)
-{
- if (!s->active)
- return;
-
- if (s->cmdat & CMDAT_WR_RD) {
- while (s->bytesleft && s->tx_len) {
- sd_write_data(s->card, s->tx_fifo[s->tx_start ++]);
- s->tx_start &= 0x1f;
- s->tx_len --;
- s->bytesleft --;
- }
- if (s->bytesleft)
- s->intreq |= INT_TXFIFO_REQ;
- } else
- while (s->bytesleft && s->rx_len < 32) {
- s->rx_fifo[(s->rx_start + (s->rx_len ++)) & 0x1f] =
- sd_read_data(s->card);
- s->bytesleft --;
- s->intreq |= INT_RXFIFO_REQ;
- }
-
- if (!s->bytesleft) {
- s->active = 0;
- s->intreq |= INT_DATA_DONE;
- s->status |= STAT_DATA_DONE;
-
- if (s->cmdat & CMDAT_WR_RD) {
- s->intreq |= INT_PRG_DONE;
- s->status |= STAT_PRG_DONE;
- }
- }
-
- pxa2xx_mmci_int_update(s);
-}
-
-static void pxa2xx_mmci_wakequeues(PXA2xxMMCIState *s)
-{
- int rsplen, i;
- SDRequest request;
- uint8_t response[16];
-
- s->active = 1;
- s->rx_len = 0;
- s->tx_len = 0;
- s->cmdreq = 0;
-
- request.cmd = s->cmd;
- request.arg = s->arg;
- request.crc = 0; /* FIXME */
-
- rsplen = sd_do_command(s->card, &request, response);
- s->intreq |= INT_END_CMD;
-
- memset(s->resp_fifo, 0, sizeof(s->resp_fifo));
- switch (s->cmdat & CMDAT_RES_TYPE) {
-#define PXAMMCI_RESP(wd, value0, value1) \
- s->resp_fifo[(wd) + 0] |= (value0); \
- s->resp_fifo[(wd) + 1] |= (value1) << 8;
- case 0: /* No response */
- goto complete;
-
- case 1: /* R1, R4, R5 or R6 */
- if (rsplen < 4)
- goto timeout;
- goto complete;
-
- case 2: /* R2 */
- if (rsplen < 16)
- goto timeout;
- goto complete;
-
- case 3: /* R3 */
- if (rsplen < 4)
- goto timeout;
- goto complete;
-
- complete:
- for (i = 0; rsplen > 0; i ++, rsplen -= 2) {
- PXAMMCI_RESP(i, response[i * 2], response[i * 2 + 1]);
- }
- s->status |= STAT_END_CMDRES;
-
- if (!(s->cmdat & CMDAT_DATA_EN))
- s->active = 0;
- else
- s->bytesleft = s->numblk * s->blklen;
-
- s->resp_len = 0;
- break;
-
- timeout:
- s->active = 0;
- s->status |= STAT_TOUT_RES;
- break;
- }
-
- pxa2xx_mmci_fifo_update(s);
-}
-
-static uint32_t pxa2xx_mmci_read(void *opaque, hwaddr offset)
-{
- PXA2xxMMCIState *s = (PXA2xxMMCIState *) opaque;
- uint32_t ret;
-
- switch (offset) {
- case MMC_STRPCL:
- return 0;
- case MMC_STAT:
- return s->status;
- case MMC_CLKRT:
- return s->clkrt;
- case MMC_SPI:
- return s->spi;
- case MMC_CMDAT:
- return s->cmdat;
- case MMC_RESTO:
- return s->resp_tout;
- case MMC_RDTO:
- return s->read_tout;
- case MMC_BLKLEN:
- return s->blklen;
- case MMC_NUMBLK:
- return s->numblk;
- case MMC_PRTBUF:
- return 0;
- case MMC_I_MASK:
- return s->intmask;
- case MMC_I_REG:
- return s->intreq;
- case MMC_CMD:
- return s->cmd | 0x40;
- case MMC_ARGH:
- return s->arg >> 16;
- case MMC_ARGL:
- return s->arg & 0xffff;
- case MMC_RES:
- if (s->resp_len < 9)
- return s->resp_fifo[s->resp_len ++];
- return 0;
- case MMC_RXFIFO:
- ret = 0;
- while (s->ac_width -- && s->rx_len) {
- ret |= s->rx_fifo[s->rx_start ++] << (s->ac_width << 3);
- s->rx_start &= 0x1f;
- s->rx_len --;
- }
- s->intreq &= ~INT_RXFIFO_REQ;
- pxa2xx_mmci_fifo_update(s);
- return ret;
- case MMC_RDWAIT:
- return 0;
- case MMC_BLKS_REM:
- return s->numblk;
- default:
- hw_error("%s: Bad offset " REG_FMT "\n", __FUNCTION__, offset);
- }
-
- return 0;
-}
-
-static void pxa2xx_mmci_write(void *opaque,
- hwaddr offset, uint32_t value)
-{
- PXA2xxMMCIState *s = (PXA2xxMMCIState *) opaque;
-
- switch (offset) {
- case MMC_STRPCL:
- if (value & STRPCL_STRT_CLK) {
- s->status |= STAT_CLK_EN;
- s->intreq &= ~INT_CLK_OFF;
-
- if (s->cmdreq && !(s->cmdat & CMDAT_STOP_TRAN)) {
- s->status &= STAT_CLK_EN;
- pxa2xx_mmci_wakequeues(s);
- }
- }
-
- if (value & STRPCL_STOP_CLK) {
- s->status &= ~STAT_CLK_EN;
- s->intreq |= INT_CLK_OFF;
- s->active = 0;
- }
-
- pxa2xx_mmci_int_update(s);
- break;
-
- case MMC_CLKRT:
- s->clkrt = value & 7;
- break;
-
- case MMC_SPI:
- s->spi = value & 0xf;
- if (value & SPI_SPI_MODE)
- printf("%s: attempted to use card in SPI mode\n", __FUNCTION__);
- break;
-
- case MMC_CMDAT:
- s->cmdat = value & 0x3dff;
- s->active = 0;
- s->cmdreq = 1;
- if (!(value & CMDAT_STOP_TRAN)) {
- s->status &= STAT_CLK_EN;
-
- if (s->status & STAT_CLK_EN)
- pxa2xx_mmci_wakequeues(s);
- }
-
- pxa2xx_mmci_int_update(s);
- break;
-
- case MMC_RESTO:
- s->resp_tout = value & 0x7f;
- break;
-
- case MMC_RDTO:
- s->read_tout = value & 0xffff;
- break;
-
- case MMC_BLKLEN:
- s->blklen = value & 0xfff;
- break;
-
- case MMC_NUMBLK:
- s->numblk = value & 0xffff;
- break;
-
- case MMC_PRTBUF:
- if (value & PRTBUF_PRT_BUF) {
- s->tx_start ^= 32;
- s->tx_len = 0;
- }
- pxa2xx_mmci_fifo_update(s);
- break;
-
- case MMC_I_MASK:
- s->intmask = value & 0x1fff;
- pxa2xx_mmci_int_update(s);
- break;
-
- case MMC_CMD:
- s->cmd = value & 0x3f;
- break;
-
- case MMC_ARGH:
- s->arg &= 0x0000ffff;
- s->arg |= value << 16;
- break;
-
- case MMC_ARGL:
- s->arg &= 0xffff0000;
- s->arg |= value & 0x0000ffff;
- break;
-
- case MMC_TXFIFO:
- while (s->ac_width -- && s->tx_len < 0x20)
- s->tx_fifo[(s->tx_start + (s->tx_len ++)) & 0x1f] =
- (value >> (s->ac_width << 3)) & 0xff;
- s->intreq &= ~INT_TXFIFO_REQ;
- pxa2xx_mmci_fifo_update(s);
- break;
-
- case MMC_RDWAIT:
- case MMC_BLKS_REM:
- break;
-
- default:
- hw_error("%s: Bad offset " REG_FMT "\n", __FUNCTION__, offset);
- }
-}
-
-static uint32_t pxa2xx_mmci_readb(void *opaque, hwaddr offset)
-{
- PXA2xxMMCIState *s = (PXA2xxMMCIState *) opaque;
- s->ac_width = 1;
- return pxa2xx_mmci_read(opaque, offset);
-}
-
-static uint32_t pxa2xx_mmci_readh(void *opaque, hwaddr offset)
-{
- PXA2xxMMCIState *s = (PXA2xxMMCIState *) opaque;
- s->ac_width = 2;
- return pxa2xx_mmci_read(opaque, offset);
-}
-
-static uint32_t pxa2xx_mmci_readw(void *opaque, hwaddr offset)
-{
- PXA2xxMMCIState *s = (PXA2xxMMCIState *) opaque;
- s->ac_width = 4;
- return pxa2xx_mmci_read(opaque, offset);
-}
-
-static void pxa2xx_mmci_writeb(void *opaque,
- hwaddr offset, uint32_t value)
-{
- PXA2xxMMCIState *s = (PXA2xxMMCIState *) opaque;
- s->ac_width = 1;
- pxa2xx_mmci_write(opaque, offset, value);
-}
-
-static void pxa2xx_mmci_writeh(void *opaque,
- hwaddr offset, uint32_t value)
-{
- PXA2xxMMCIState *s = (PXA2xxMMCIState *) opaque;
- s->ac_width = 2;
- pxa2xx_mmci_write(opaque, offset, value);
-}
-
-static void pxa2xx_mmci_writew(void *opaque,
- hwaddr offset, uint32_t value)
-{
- PXA2xxMMCIState *s = (PXA2xxMMCIState *) opaque;
- s->ac_width = 4;
- pxa2xx_mmci_write(opaque, offset, value);
-}
-
-static const MemoryRegionOps pxa2xx_mmci_ops = {
- .old_mmio = {
- .read = { pxa2xx_mmci_readb,
- pxa2xx_mmci_readh,
- pxa2xx_mmci_readw, },
- .write = { pxa2xx_mmci_writeb,
- pxa2xx_mmci_writeh,
- pxa2xx_mmci_writew, },
- },
- .endianness = DEVICE_NATIVE_ENDIAN,
-};
-
-static void pxa2xx_mmci_save(QEMUFile *f, void *opaque)
-{
- PXA2xxMMCIState *s = (PXA2xxMMCIState *) opaque;
- int i;
-
- qemu_put_be32s(f, &s->status);
- qemu_put_be32s(f, &s->clkrt);
- qemu_put_be32s(f, &s->spi);
- qemu_put_be32s(f, &s->cmdat);
- qemu_put_be32s(f, &s->resp_tout);
- qemu_put_be32s(f, &s->read_tout);
- qemu_put_be32(f, s->blklen);
- qemu_put_be32(f, s->numblk);
- qemu_put_be32s(f, &s->intmask);
- qemu_put_be32s(f, &s->intreq);
- qemu_put_be32(f, s->cmd);
- qemu_put_be32s(f, &s->arg);
- qemu_put_be32(f, s->cmdreq);
- qemu_put_be32(f, s->active);
- qemu_put_be32(f, s->bytesleft);
-
- qemu_put_byte(f, s->tx_len);
- for (i = 0; i < s->tx_len; i ++)
- qemu_put_byte(f, s->tx_fifo[(s->tx_start + i) & 63]);
-
- qemu_put_byte(f, s->rx_len);
- for (i = 0; i < s->rx_len; i ++)
- qemu_put_byte(f, s->rx_fifo[(s->rx_start + i) & 31]);
-
- qemu_put_byte(f, s->resp_len);
- for (i = s->resp_len; i < 9; i ++)
- qemu_put_be16s(f, &s->resp_fifo[i]);
-}
-
-static int pxa2xx_mmci_load(QEMUFile *f, void *opaque, int version_id)
-{
- PXA2xxMMCIState *s = (PXA2xxMMCIState *) opaque;
- int i;
-
- qemu_get_be32s(f, &s->status);
- qemu_get_be32s(f, &s->clkrt);
- qemu_get_be32s(f, &s->spi);
- qemu_get_be32s(f, &s->cmdat);
- qemu_get_be32s(f, &s->resp_tout);
- qemu_get_be32s(f, &s->read_tout);
- s->blklen = qemu_get_be32(f);
- s->numblk = qemu_get_be32(f);
- qemu_get_be32s(f, &s->intmask);
- qemu_get_be32s(f, &s->intreq);
- s->cmd = qemu_get_be32(f);
- qemu_get_be32s(f, &s->arg);
- s->cmdreq = qemu_get_be32(f);
- s->active = qemu_get_be32(f);
- s->bytesleft = qemu_get_be32(f);
-
- s->tx_len = qemu_get_byte(f);
- s->tx_start = 0;
- if (s->tx_len >= sizeof(s->tx_fifo) || s->tx_len < 0)
- return -EINVAL;
- for (i = 0; i < s->tx_len; i ++)
- s->tx_fifo[i] = qemu_get_byte(f);
-
- s->rx_len = qemu_get_byte(f);
- s->rx_start = 0;
- if (s->rx_len >= sizeof(s->rx_fifo) || s->rx_len < 0)
- return -EINVAL;
- for (i = 0; i < s->rx_len; i ++)
- s->rx_fifo[i] = qemu_get_byte(f);
-
- s->resp_len = qemu_get_byte(f);
- if (s->resp_len > 9 || s->resp_len < 0)
- return -EINVAL;
- for (i = s->resp_len; i < 9; i ++)
- qemu_get_be16s(f, &s->resp_fifo[i]);
-
- return 0;
-}
-
-PXA2xxMMCIState *pxa2xx_mmci_init(MemoryRegion *sysmem,
- hwaddr base,
- BlockDriverState *bd, qemu_irq irq,
- qemu_irq rx_dma, qemu_irq tx_dma)
-{
- PXA2xxMMCIState *s;
-
- s = (PXA2xxMMCIState *) g_malloc0(sizeof(PXA2xxMMCIState));
- s->irq = irq;
- s->rx_dma = rx_dma;
- s->tx_dma = tx_dma;
-
- memory_region_init_io(&s->iomem, &pxa2xx_mmci_ops, s,
- "pxa2xx-mmci", 0x00100000);
- memory_region_add_subregion(sysmem, base, &s->iomem);
-
- /* Instantiate the actual storage */
- s->card = sd_init(bd, 0);
-
- register_savevm(NULL, "pxa2xx_mmci", 0, 0,
- pxa2xx_mmci_save, pxa2xx_mmci_load, s);
-
- return s;
-}
-
-void pxa2xx_mmci_handlers(PXA2xxMMCIState *s, qemu_irq readonly,
- qemu_irq coverswitch)
-{
- sd_set_cb(s->card, readonly, coverswitch);
-}
diff --git a/hw/pxa2xx_pcmcia.c b/hw/pxa2xx_pcmcia.c
deleted file mode 100644
index 3a79c728a..000000000
--- a/hw/pxa2xx_pcmcia.c
+++ /dev/null
@@ -1,207 +0,0 @@
-/*
- * Intel XScale PXA255/270 PC Card and CompactFlash Interface.
- *
- * Copyright (c) 2006 Openedhand Ltd.
- * Written by Andrzej Zaborowski <balrog@zabor.org>
- *
- * This code is licensed under the GPLv2.
- *
- * Contributions after 2012-01-13 are licensed under the terms of the
- * GNU GPL, version 2 or (at your option) any later version.
- */
-
-#include "hw.h"
-#include "pcmcia.h"
-#include "pxa.h"
-
-
-struct PXA2xxPCMCIAState {
- PCMCIASocket slot;
- PCMCIACardState *card;
- MemoryRegion common_iomem;
- MemoryRegion attr_iomem;
- MemoryRegion iomem;
-
- qemu_irq irq;
- qemu_irq cd_irq;
-};
-
-static uint64_t pxa2xx_pcmcia_common_read(void *opaque,
- hwaddr offset, unsigned size)
-{
- PXA2xxPCMCIAState *s = (PXA2xxPCMCIAState *) opaque;
-
- if (s->slot.attached) {
- return s->card->common_read(s->card->state, offset);
- }
-
- return 0;
-}
-
-static void pxa2xx_pcmcia_common_write(void *opaque, hwaddr offset,
- uint64_t value, unsigned size)
-{
- PXA2xxPCMCIAState *s = (PXA2xxPCMCIAState *) opaque;
-
- if (s->slot.attached) {
- s->card->common_write(s->card->state, offset, value);
- }
-}
-
-static uint64_t pxa2xx_pcmcia_attr_read(void *opaque,
- hwaddr offset, unsigned size)
-{
- PXA2xxPCMCIAState *s = (PXA2xxPCMCIAState *) opaque;
-
- if (s->slot.attached) {
- return s->card->attr_read(s->card->state, offset);
- }
-
- return 0;
-}
-
-static void pxa2xx_pcmcia_attr_write(void *opaque, hwaddr offset,
- uint64_t value, unsigned size)
-{
- PXA2xxPCMCIAState *s = (PXA2xxPCMCIAState *) opaque;
-
- if (s->slot.attached) {
- s->card->attr_write(s->card->state, offset, value);
- }
-}
-
-static uint64_t pxa2xx_pcmcia_io_read(void *opaque,
- hwaddr offset, unsigned size)
-{
- PXA2xxPCMCIAState *s = (PXA2xxPCMCIAState *) opaque;
-
- if (s->slot.attached) {
- return s->card->io_read(s->card->state, offset);
- }
-
- return 0;
-}
-
-static void pxa2xx_pcmcia_io_write(void *opaque, hwaddr offset,
- uint64_t value, unsigned size)
-{
- PXA2xxPCMCIAState *s = (PXA2xxPCMCIAState *) opaque;
-
- if (s->slot.attached) {
- s->card->io_write(s->card->state, offset, value);
- }
-}
-
-static const MemoryRegionOps pxa2xx_pcmcia_common_ops = {
- .read = pxa2xx_pcmcia_common_read,
- .write = pxa2xx_pcmcia_common_write,
- .endianness = DEVICE_NATIVE_ENDIAN
-};
-
-static const MemoryRegionOps pxa2xx_pcmcia_attr_ops = {
- .read = pxa2xx_pcmcia_attr_read,
- .write = pxa2xx_pcmcia_attr_write,
- .endianness = DEVICE_NATIVE_ENDIAN
-};
-
-static const MemoryRegionOps pxa2xx_pcmcia_io_ops = {
- .read = pxa2xx_pcmcia_io_read,
- .write = pxa2xx_pcmcia_io_write,
- .endianness = DEVICE_NATIVE_ENDIAN
-};
-
-static void pxa2xx_pcmcia_set_irq(void *opaque, int line, int level)
-{
- PXA2xxPCMCIAState *s = (PXA2xxPCMCIAState *) opaque;
- if (!s->irq)
- return;
-
- qemu_set_irq(s->irq, level);
-}
-
-PXA2xxPCMCIAState *pxa2xx_pcmcia_init(MemoryRegion *sysmem,
- hwaddr base)
-{
- PXA2xxPCMCIAState *s;
-
- s = (PXA2xxPCMCIAState *)
- g_malloc0(sizeof(PXA2xxPCMCIAState));
-
- /* Socket I/O Memory Space */
- memory_region_init_io(&s->iomem, &pxa2xx_pcmcia_io_ops, s,
- "pxa2xx-pcmcia-io", 0x04000000);
- memory_region_add_subregion(sysmem, base | 0x00000000,
- &s->iomem);
-
- /* Then next 64 MB is reserved */
-
- /* Socket Attribute Memory Space */
- memory_region_init_io(&s->attr_iomem, &pxa2xx_pcmcia_attr_ops, s,
- "pxa2xx-pcmcia-attribute", 0x04000000);
- memory_region_add_subregion(sysmem, base | 0x08000000,
- &s->attr_iomem);
-
- /* Socket Common Memory Space */
- memory_region_init_io(&s->common_iomem, &pxa2xx_pcmcia_common_ops, s,
- "pxa2xx-pcmcia-common", 0x04000000);
- memory_region_add_subregion(sysmem, base | 0x0c000000,
- &s->common_iomem);
-
- if (base == 0x30000000)
- s->slot.slot_string = "PXA PC Card Socket 1";
- else
- s->slot.slot_string = "PXA PC Card Socket 0";
- s->slot.irq = qemu_allocate_irqs(pxa2xx_pcmcia_set_irq, s, 1)[0];
- pcmcia_socket_register(&s->slot);
-
- return s;
-}
-
-/* Insert a new card into a slot */
-int pxa2xx_pcmcia_attach(void *opaque, PCMCIACardState *card)
-{
- PXA2xxPCMCIAState *s = (PXA2xxPCMCIAState *) opaque;
- if (s->slot.attached)
- return -EEXIST;
-
- if (s->cd_irq) {
- qemu_irq_raise(s->cd_irq);
- }
-
- s->card = card;
-
- s->slot.attached = 1;
- s->card->slot = &s->slot;
- s->card->attach(s->card->state);
-
- return 0;
-}
-
-/* Eject card from the slot */
-int pxa2xx_pcmcia_dettach(void *opaque)
-{
- PXA2xxPCMCIAState *s = (PXA2xxPCMCIAState *) opaque;
- if (!s->slot.attached)
- return -ENOENT;
-
- s->card->detach(s->card->state);
- s->card->slot = NULL;
- s->card = NULL;
-
- s->slot.attached = 0;
-
- if (s->irq)
- qemu_irq_lower(s->irq);
- if (s->cd_irq)
- qemu_irq_lower(s->cd_irq);
-
- return 0;
-}
-
-/* Who to notify on card events */
-void pxa2xx_pcmcia_set_irq_cb(void *opaque, qemu_irq irq, qemu_irq cd_irq)
-{
- PXA2xxPCMCIAState *s = (PXA2xxPCMCIAState *) opaque;
- s->irq = irq;
- s->cd_irq = cd_irq;
-}
diff --git a/hw/pxa2xx_pic.c b/hw/pxa2xx_pic.c
deleted file mode 100644
index 70b2b79d0..000000000
--- a/hw/pxa2xx_pic.c
+++ /dev/null
@@ -1,334 +0,0 @@
-/*
- * Intel XScale PXA Programmable Interrupt Controller.
- *
- * Copyright (c) 2006 Openedhand Ltd.
- * Copyright (c) 2006 Thorsten Zitterell
- * Written by Andrzej Zaborowski <balrog@zabor.org>
- *
- * This code is licensed under the GPL.
- */
-
-#include "hw.h"
-#include "pxa.h"
-#include "sysbus.h"
-
-#define ICIP 0x00 /* Interrupt Controller IRQ Pending register */
-#define ICMR 0x04 /* Interrupt Controller Mask register */
-#define ICLR 0x08 /* Interrupt Controller Level register */
-#define ICFP 0x0c /* Interrupt Controller FIQ Pending register */
-#define ICPR 0x10 /* Interrupt Controller Pending register */
-#define ICCR 0x14 /* Interrupt Controller Control register */
-#define ICHP 0x18 /* Interrupt Controller Highest Priority register */
-#define IPR0 0x1c /* Interrupt Controller Priority register 0 */
-#define IPR31 0x98 /* Interrupt Controller Priority register 31 */
-#define ICIP2 0x9c /* Interrupt Controller IRQ Pending register 2 */
-#define ICMR2 0xa0 /* Interrupt Controller Mask register 2 */
-#define ICLR2 0xa4 /* Interrupt Controller Level register 2 */
-#define ICFP2 0xa8 /* Interrupt Controller FIQ Pending register 2 */
-#define ICPR2 0xac /* Interrupt Controller Pending register 2 */
-#define IPR32 0xb0 /* Interrupt Controller Priority register 32 */
-#define IPR39 0xcc /* Interrupt Controller Priority register 39 */
-
-#define PXA2XX_PIC_SRCS 40
-
-typedef struct {
- SysBusDevice busdev;
- MemoryRegion iomem;
- ARMCPU *cpu;
- uint32_t int_enabled[2];
- uint32_t int_pending[2];
- uint32_t is_fiq[2];
- uint32_t int_idle;
- uint32_t priority[PXA2XX_PIC_SRCS];
-} PXA2xxPICState;
-
-static void pxa2xx_pic_update(void *opaque)
-{
- uint32_t mask[2];
- PXA2xxPICState *s = (PXA2xxPICState *) opaque;
-
- if (s->cpu->env.halted) {
- mask[0] = s->int_pending[0] & (s->int_enabled[0] | s->int_idle);
- mask[1] = s->int_pending[1] & (s->int_enabled[1] | s->int_idle);
- if (mask[0] || mask[1]) {
- cpu_interrupt(&s->cpu->env, CPU_INTERRUPT_EXITTB);
- }
- }
-
- mask[0] = s->int_pending[0] & s->int_enabled[0];
- mask[1] = s->int_pending[1] & s->int_enabled[1];
-
- if ((mask[0] & s->is_fiq[0]) || (mask[1] & s->is_fiq[1])) {
- cpu_interrupt(&s->cpu->env, CPU_INTERRUPT_FIQ);
- } else {
- cpu_reset_interrupt(&s->cpu->env, CPU_INTERRUPT_FIQ);
- }
-
- if ((mask[0] & ~s->is_fiq[0]) || (mask[1] & ~s->is_fiq[1])) {
- cpu_interrupt(&s->cpu->env, CPU_INTERRUPT_HARD);
- } else {
- cpu_reset_interrupt(&s->cpu->env, CPU_INTERRUPT_HARD);
- }
-}
-
-/* Note: Here level means state of the signal on a pin, not
- * IRQ/FIQ distinction as in PXA Developer Manual. */
-static void pxa2xx_pic_set_irq(void *opaque, int irq, int level)
-{
- PXA2xxPICState *s = (PXA2xxPICState *) opaque;
- int int_set = (irq >= 32);
- irq &= 31;
-
- if (level)
- s->int_pending[int_set] |= 1 << irq;
- else
- s->int_pending[int_set] &= ~(1 << irq);
-
- pxa2xx_pic_update(opaque);
-}
-
-static inline uint32_t pxa2xx_pic_highest(PXA2xxPICState *s) {
- int i, int_set, irq;
- uint32_t bit, mask[2];
- uint32_t ichp = 0x003f003f; /* Both IDs invalid */
-
- mask[0] = s->int_pending[0] & s->int_enabled[0];
- mask[1] = s->int_pending[1] & s->int_enabled[1];
-
- for (i = PXA2XX_PIC_SRCS - 1; i >= 0; i --) {
- irq = s->priority[i] & 0x3f;
- if ((s->priority[i] & (1 << 31)) && irq < PXA2XX_PIC_SRCS) {
- /* Source peripheral ID is valid. */
- bit = 1 << (irq & 31);
- int_set = (irq >= 32);
-
- if (mask[int_set] & bit & s->is_fiq[int_set]) {
- /* FIQ asserted */
- ichp &= 0xffff0000;
- ichp |= (1 << 15) | irq;
- }
-
- if (mask[int_set] & bit & ~s->is_fiq[int_set]) {
- /* IRQ asserted */
- ichp &= 0x0000ffff;
- ichp |= (1 << 31) | (irq << 16);
- }
- }
- }
-
- return ichp;
-}
-
-static uint64_t pxa2xx_pic_mem_read(void *opaque, hwaddr offset,
- unsigned size)
-{
- PXA2xxPICState *s = (PXA2xxPICState *) opaque;
-
- switch (offset) {
- case ICIP: /* IRQ Pending register */
- return s->int_pending[0] & ~s->is_fiq[0] & s->int_enabled[0];
- case ICIP2: /* IRQ Pending register 2 */
- return s->int_pending[1] & ~s->is_fiq[1] & s->int_enabled[1];
- case ICMR: /* Mask register */
- return s->int_enabled[0];
- case ICMR2: /* Mask register 2 */
- return s->int_enabled[1];
- case ICLR: /* Level register */
- return s->is_fiq[0];
- case ICLR2: /* Level register 2 */
- return s->is_fiq[1];
- case ICCR: /* Idle mask */
- return (s->int_idle == 0);
- case ICFP: /* FIQ Pending register */
- return s->int_pending[0] & s->is_fiq[0] & s->int_enabled[0];
- case ICFP2: /* FIQ Pending register 2 */
- return s->int_pending[1] & s->is_fiq[1] & s->int_enabled[1];
- case ICPR: /* Pending register */
- return s->int_pending[0];
- case ICPR2: /* Pending register 2 */
- return s->int_pending[1];
- case IPR0 ... IPR31:
- return s->priority[0 + ((offset - IPR0 ) >> 2)];
- case IPR32 ... IPR39:
- return s->priority[32 + ((offset - IPR32) >> 2)];
- case ICHP: /* Highest Priority register */
- return pxa2xx_pic_highest(s);
- default:
- printf("%s: Bad register offset " REG_FMT "\n", __FUNCTION__, offset);
- return 0;
- }
-}
-
-static void pxa2xx_pic_mem_write(void *opaque, hwaddr offset,
- uint64_t value, unsigned size)
-{
- PXA2xxPICState *s = (PXA2xxPICState *) opaque;
-
- switch (offset) {
- case ICMR: /* Mask register */
- s->int_enabled[0] = value;
- break;
- case ICMR2: /* Mask register 2 */
- s->int_enabled[1] = value;
- break;
- case ICLR: /* Level register */
- s->is_fiq[0] = value;
- break;
- case ICLR2: /* Level register 2 */
- s->is_fiq[1] = value;
- break;
- case ICCR: /* Idle mask */
- s->int_idle = (value & 1) ? 0 : ~0;
- break;
- case IPR0 ... IPR31:
- s->priority[0 + ((offset - IPR0 ) >> 2)] = value & 0x8000003f;
- break;
- case IPR32 ... IPR39:
- s->priority[32 + ((offset - IPR32) >> 2)] = value & 0x8000003f;
- break;
- default:
- printf("%s: Bad register offset " REG_FMT "\n", __FUNCTION__, offset);
- return;
- }
- pxa2xx_pic_update(opaque);
-}
-
-/* Interrupt Controller Coprocessor Space Register Mapping */
-static const int pxa2xx_cp_reg_map[0x10] = {
- [0x0 ... 0xf] = -1,
- [0x0] = ICIP,
- [0x1] = ICMR,
- [0x2] = ICLR,
- [0x3] = ICFP,
- [0x4] = ICPR,
- [0x5] = ICHP,
- [0x6] = ICIP2,
- [0x7] = ICMR2,
- [0x8] = ICLR2,
- [0x9] = ICFP2,
- [0xa] = ICPR2,
-};
-
-static int pxa2xx_pic_cp_read(CPUARMState *env, const ARMCPRegInfo *ri,
- uint64_t *value)
-{
- int offset = pxa2xx_cp_reg_map[ri->crn];
- *value = pxa2xx_pic_mem_read(ri->opaque, offset, 4);
- return 0;
-}
-
-static int pxa2xx_pic_cp_write(CPUARMState *env, const ARMCPRegInfo *ri,
- uint64_t value)
-{
- int offset = pxa2xx_cp_reg_map[ri->crn];
- pxa2xx_pic_mem_write(ri->opaque, offset, value, 4);
- return 0;
-}
-
-#define REGINFO_FOR_PIC_CP(NAME, CRN) \
- { .name = NAME, .cp = 6, .crn = CRN, .crm = 0, .opc1 = 0, .opc2 = 0, \
- .access = PL1_RW, \
- .readfn = pxa2xx_pic_cp_read, .writefn = pxa2xx_pic_cp_write }
-
-static const ARMCPRegInfo pxa_pic_cp_reginfo[] = {
- REGINFO_FOR_PIC_CP("ICIP", 0),
- REGINFO_FOR_PIC_CP("ICMR", 1),
- REGINFO_FOR_PIC_CP("ICLR", 2),
- REGINFO_FOR_PIC_CP("ICFP", 3),
- REGINFO_FOR_PIC_CP("ICPR", 4),
- REGINFO_FOR_PIC_CP("ICHP", 5),
- REGINFO_FOR_PIC_CP("ICIP2", 6),
- REGINFO_FOR_PIC_CP("ICMR2", 7),
- REGINFO_FOR_PIC_CP("ICLR2", 8),
- REGINFO_FOR_PIC_CP("ICFP2", 9),
- REGINFO_FOR_PIC_CP("ICPR2", 0xa),
- REGINFO_SENTINEL
-};
-
-static const MemoryRegionOps pxa2xx_pic_ops = {
- .read = pxa2xx_pic_mem_read,
- .write = pxa2xx_pic_mem_write,
- .endianness = DEVICE_NATIVE_ENDIAN,
-};
-
-static int pxa2xx_pic_post_load(void *opaque, int version_id)
-{
- pxa2xx_pic_update(opaque);
- return 0;
-}
-
-DeviceState *pxa2xx_pic_init(hwaddr base, ARMCPU *cpu)
-{
- CPUARMState *env = &cpu->env;
- DeviceState *dev = qdev_create(NULL, "pxa2xx_pic");
- PXA2xxPICState *s = FROM_SYSBUS(PXA2xxPICState, sysbus_from_qdev(dev));
-
- s->cpu = cpu;
-
- s->int_pending[0] = 0;
- s->int_pending[1] = 0;
- s->int_enabled[0] = 0;
- s->int_enabled[1] = 0;
- s->is_fiq[0] = 0;
- s->is_fiq[1] = 0;
-
- qdev_init_nofail(dev);
-
- qdev_init_gpio_in(dev, pxa2xx_pic_set_irq, PXA2XX_PIC_SRCS);
-
- /* Enable IC memory-mapped registers access. */
- memory_region_init_io(&s->iomem, &pxa2xx_pic_ops, s,
- "pxa2xx-pic", 0x00100000);
- sysbus_init_mmio(sysbus_from_qdev(dev), &s->iomem);
- sysbus_mmio_map(sysbus_from_qdev(dev), 0, base);
-
- /* Enable IC coprocessor access. */
- define_arm_cp_regs_with_opaque(arm_env_get_cpu(env), pxa_pic_cp_reginfo, s);
-
- return dev;
-}
-
-static VMStateDescription vmstate_pxa2xx_pic_regs = {
- .name = "pxa2xx_pic",
- .version_id = 0,
- .minimum_version_id = 0,
- .minimum_version_id_old = 0,
- .post_load = pxa2xx_pic_post_load,
- .fields = (VMStateField[]) {
- VMSTATE_UINT32_ARRAY(int_enabled, PXA2xxPICState, 2),
- VMSTATE_UINT32_ARRAY(int_pending, PXA2xxPICState, 2),
- VMSTATE_UINT32_ARRAY(is_fiq, PXA2xxPICState, 2),
- VMSTATE_UINT32(int_idle, PXA2xxPICState),
- VMSTATE_UINT32_ARRAY(priority, PXA2xxPICState, PXA2XX_PIC_SRCS),
- VMSTATE_END_OF_LIST(),
- },
-};
-
-static int pxa2xx_pic_initfn(SysBusDevice *dev)
-{
- return 0;
-}
-
-static void pxa2xx_pic_class_init(ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS(klass);
- SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
-
- k->init = pxa2xx_pic_initfn;
- dc->desc = "PXA2xx PIC";
- dc->vmsd = &vmstate_pxa2xx_pic_regs;
-}
-
-static TypeInfo pxa2xx_pic_info = {
- .name = "pxa2xx_pic",
- .parent = TYPE_SYS_BUS_DEVICE,
- .instance_size = sizeof(PXA2xxPICState),
- .class_init = pxa2xx_pic_class_init,
-};
-
-static void pxa2xx_pic_register_types(void)
-{
- type_register_static(&pxa2xx_pic_info);
-}
-
-type_init(pxa2xx_pic_register_types)
diff --git a/hw/pxa2xx_timer.c b/hw/pxa2xx_timer.c
deleted file mode 100644
index 8242d26c3..000000000
--- a/hw/pxa2xx_timer.c
+++ /dev/null
@@ -1,536 +0,0 @@
-/*
- * Intel XScale PXA255/270 OS Timers.
- *
- * Copyright (c) 2006 Openedhand Ltd.
- * Copyright (c) 2006 Thorsten Zitterell
- *
- * This code is licensed under the GPL.
- */
-
-#include "hw.h"
-#include "qemu-timer.h"
-#include "sysemu.h"
-#include "pxa.h"
-#include "sysbus.h"
-
-#define OSMR0 0x00
-#define OSMR1 0x04
-#define OSMR2 0x08
-#define OSMR3 0x0c
-#define OSMR4 0x80
-#define OSMR5 0x84
-#define OSMR6 0x88
-#define OSMR7 0x8c
-#define OSMR8 0x90
-#define OSMR9 0x94
-#define OSMR10 0x98
-#define OSMR11 0x9c
-#define OSCR 0x10 /* OS Timer Count */
-#define OSCR4 0x40
-#define OSCR5 0x44
-#define OSCR6 0x48
-#define OSCR7 0x4c
-#define OSCR8 0x50
-#define OSCR9 0x54
-#define OSCR10 0x58
-#define OSCR11 0x5c
-#define OSSR 0x14 /* Timer status register */
-#define OWER 0x18
-#define OIER 0x1c /* Interrupt enable register 3-0 to E3-E0 */
-#define OMCR4 0xc0 /* OS Match Control registers */
-#define OMCR5 0xc4
-#define OMCR6 0xc8
-#define OMCR7 0xcc
-#define OMCR8 0xd0
-#define OMCR9 0xd4
-#define OMCR10 0xd8
-#define OMCR11 0xdc
-#define OSNR 0x20
-
-#define PXA25X_FREQ 3686400 /* 3.6864 MHz */
-#define PXA27X_FREQ 3250000 /* 3.25 MHz */
-
-static int pxa2xx_timer4_freq[8] = {
- [0] = 0,
- [1] = 32768,
- [2] = 1000,
- [3] = 1,
- [4] = 1000000,
- /* [5] is the "Externally supplied clock". Assign if necessary. */
- [5 ... 7] = 0,
-};
-
-typedef struct PXA2xxTimerInfo PXA2xxTimerInfo;
-
-typedef struct {
- uint32_t value;
- qemu_irq irq;
- QEMUTimer *qtimer;
- int num;
- PXA2xxTimerInfo *info;
-} PXA2xxTimer0;
-
-typedef struct {
- PXA2xxTimer0 tm;
- int32_t oldclock;
- int32_t clock;
- uint64_t lastload;
- uint32_t freq;
- uint32_t control;
-} PXA2xxTimer4;
-
-struct PXA2xxTimerInfo {
- SysBusDevice busdev;
- MemoryRegion iomem;
- uint32_t flags;
-
- int32_t clock;
- int32_t oldclock;
- uint64_t lastload;
- uint32_t freq;
- PXA2xxTimer0 timer[4];
- uint32_t events;
- uint32_t irq_enabled;
- uint32_t reset3;
- uint32_t snapshot;
-
- qemu_irq irq4;
- PXA2xxTimer4 tm4[8];
-};
-
-#define PXA2XX_TIMER_HAVE_TM4 0
-
-static inline int pxa2xx_timer_has_tm4(PXA2xxTimerInfo *s)
-{
- return s->flags & (1 << PXA2XX_TIMER_HAVE_TM4);
-}
-
-static void pxa2xx_timer_update(void *opaque, uint64_t now_qemu)
-{
- PXA2xxTimerInfo *s = (PXA2xxTimerInfo *) opaque;
- int i;
- uint32_t now_vm;
- uint64_t new_qemu;
-
- now_vm = s->clock +
- muldiv64(now_qemu - s->lastload, s->freq, get_ticks_per_sec());
-
- for (i = 0; i < 4; i ++) {
- new_qemu = now_qemu + muldiv64((uint32_t) (s->timer[i].value - now_vm),
- get_ticks_per_sec(), s->freq);
- qemu_mod_timer(s->timer[i].qtimer, new_qemu);
- }
-}
-
-static void pxa2xx_timer_update4(void *opaque, uint64_t now_qemu, int n)
-{
- PXA2xxTimerInfo *s = (PXA2xxTimerInfo *) opaque;
- uint32_t now_vm;
- uint64_t new_qemu;
- static const int counters[8] = { 0, 0, 0, 0, 4, 4, 6, 6 };
- int counter;
-
- if (s->tm4[n].control & (1 << 7))
- counter = n;
- else
- counter = counters[n];
-
- if (!s->tm4[counter].freq) {
- qemu_del_timer(s->tm4[n].tm.qtimer);
- return;
- }
-
- now_vm = s->tm4[counter].clock + muldiv64(now_qemu -
- s->tm4[counter].lastload,
- s->tm4[counter].freq, get_ticks_per_sec());
-
- new_qemu = now_qemu + muldiv64((uint32_t) (s->tm4[n].tm.value - now_vm),
- get_ticks_per_sec(), s->tm4[counter].freq);
- qemu_mod_timer(s->tm4[n].tm.qtimer, new_qemu);
-}
-
-static uint64_t pxa2xx_timer_read(void *opaque, hwaddr offset,
- unsigned size)
-{
- PXA2xxTimerInfo *s = (PXA2xxTimerInfo *) opaque;
- int tm = 0;
-
- switch (offset) {
- case OSMR3: tm ++;
- case OSMR2: tm ++;
- case OSMR1: tm ++;
- case OSMR0:
- return s->timer[tm].value;
- case OSMR11: tm ++;
- case OSMR10: tm ++;
- case OSMR9: tm ++;
- case OSMR8: tm ++;
- case OSMR7: tm ++;
- case OSMR6: tm ++;
- case OSMR5: tm ++;
- case OSMR4:
- if (!pxa2xx_timer_has_tm4(s))
- goto badreg;
- return s->tm4[tm].tm.value;
- case OSCR:
- return s->clock + muldiv64(qemu_get_clock_ns(vm_clock) -
- s->lastload, s->freq, get_ticks_per_sec());
- case OSCR11: tm ++;
- case OSCR10: tm ++;
- case OSCR9: tm ++;
- case OSCR8: tm ++;
- case OSCR7: tm ++;
- case OSCR6: tm ++;
- case OSCR5: tm ++;
- case OSCR4:
- if (!pxa2xx_timer_has_tm4(s))
- goto badreg;
-
- if ((tm == 9 - 4 || tm == 11 - 4) && (s->tm4[tm].control & (1 << 9))) {
- if (s->tm4[tm - 1].freq)
- s->snapshot = s->tm4[tm - 1].clock + muldiv64(
- qemu_get_clock_ns(vm_clock) -
- s->tm4[tm - 1].lastload,
- s->tm4[tm - 1].freq, get_ticks_per_sec());
- else
- s->snapshot = s->tm4[tm - 1].clock;
- }
-
- if (!s->tm4[tm].freq)
- return s->tm4[tm].clock;
- return s->tm4[tm].clock + muldiv64(qemu_get_clock_ns(vm_clock) -
- s->tm4[tm].lastload, s->tm4[tm].freq, get_ticks_per_sec());
- case OIER:
- return s->irq_enabled;
- case OSSR: /* Status register */
- return s->events;
- case OWER:
- return s->reset3;
- case OMCR11: tm ++;
- case OMCR10: tm ++;
- case OMCR9: tm ++;
- case OMCR8: tm ++;
- case OMCR7: tm ++;
- case OMCR6: tm ++;
- case OMCR5: tm ++;
- case OMCR4:
- if (!pxa2xx_timer_has_tm4(s))
- goto badreg;
- return s->tm4[tm].control;
- case OSNR:
- return s->snapshot;
- default:
- badreg:
- hw_error("pxa2xx_timer_read: Bad offset " REG_FMT "\n", offset);
- }
-
- return 0;
-}
-
-static void pxa2xx_timer_write(void *opaque, hwaddr offset,
- uint64_t value, unsigned size)
-{
- int i, tm = 0;
- PXA2xxTimerInfo *s = (PXA2xxTimerInfo *) opaque;
-
- switch (offset) {
- case OSMR3: tm ++;
- case OSMR2: tm ++;
- case OSMR1: tm ++;
- case OSMR0:
- s->timer[tm].value = value;
- pxa2xx_timer_update(s, qemu_get_clock_ns(vm_clock));
- break;
- case OSMR11: tm ++;
- case OSMR10: tm ++;
- case OSMR9: tm ++;
- case OSMR8: tm ++;
- case OSMR7: tm ++;
- case OSMR6: tm ++;
- case OSMR5: tm ++;
- case OSMR4:
- if (!pxa2xx_timer_has_tm4(s))
- goto badreg;
- s->tm4[tm].tm.value = value;
- pxa2xx_timer_update4(s, qemu_get_clock_ns(vm_clock), tm);
- break;
- case OSCR:
- s->oldclock = s->clock;
- s->lastload = qemu_get_clock_ns(vm_clock);
- s->clock = value;
- pxa2xx_timer_update(s, s->lastload);
- break;
- case OSCR11: tm ++;
- case OSCR10: tm ++;
- case OSCR9: tm ++;
- case OSCR8: tm ++;
- case OSCR7: tm ++;
- case OSCR6: tm ++;
- case OSCR5: tm ++;
- case OSCR4:
- if (!pxa2xx_timer_has_tm4(s))
- goto badreg;
- s->tm4[tm].oldclock = s->tm4[tm].clock;
- s->tm4[tm].lastload = qemu_get_clock_ns(vm_clock);
- s->tm4[tm].clock = value;
- pxa2xx_timer_update4(s, s->tm4[tm].lastload, tm);
- break;
- case OIER:
- s->irq_enabled = value & 0xfff;
- break;
- case OSSR: /* Status register */
- value &= s->events;
- s->events &= ~value;
- for (i = 0; i < 4; i ++, value >>= 1)
- if (value & 1)
- qemu_irq_lower(s->timer[i].irq);
- if (pxa2xx_timer_has_tm4(s) && !(s->events & 0xff0) && value)
- qemu_irq_lower(s->irq4);
- break;
- case OWER: /* XXX: Reset on OSMR3 match? */
- s->reset3 = value;
- break;
- case OMCR7: tm ++;
- case OMCR6: tm ++;
- case OMCR5: tm ++;
- case OMCR4:
- if (!pxa2xx_timer_has_tm4(s))
- goto badreg;
- s->tm4[tm].control = value & 0x0ff;
- /* XXX Stop if running (shouldn't happen) */
- if ((value & (1 << 7)) || tm == 0)
- s->tm4[tm].freq = pxa2xx_timer4_freq[value & 7];
- else {
- s->tm4[tm].freq = 0;
- pxa2xx_timer_update4(s, qemu_get_clock_ns(vm_clock), tm);
- }
- break;
- case OMCR11: tm ++;
- case OMCR10: tm ++;
- case OMCR9: tm ++;
- case OMCR8: tm += 4;
- if (!pxa2xx_timer_has_tm4(s))
- goto badreg;
- s->tm4[tm].control = value & 0x3ff;
- /* XXX Stop if running (shouldn't happen) */
- if ((value & (1 << 7)) || !(tm & 1))
- s->tm4[tm].freq =
- pxa2xx_timer4_freq[(value & (1 << 8)) ? 0 : (value & 7)];
- else {
- s->tm4[tm].freq = 0;
- pxa2xx_timer_update4(s, qemu_get_clock_ns(vm_clock), tm);
- }
- break;
- default:
- badreg:
- hw_error("pxa2xx_timer_write: Bad offset " REG_FMT "\n", offset);
- }
-}
-
-static const MemoryRegionOps pxa2xx_timer_ops = {
- .read = pxa2xx_timer_read,
- .write = pxa2xx_timer_write,
- .endianness = DEVICE_NATIVE_ENDIAN,
-};
-
-static void pxa2xx_timer_tick(void *opaque)
-{
- PXA2xxTimer0 *t = (PXA2xxTimer0 *) opaque;
- PXA2xxTimerInfo *i = t->info;
-
- if (i->irq_enabled & (1 << t->num)) {
- i->events |= 1 << t->num;
- qemu_irq_raise(t->irq);
- }
-
- if (t->num == 3)
- if (i->reset3 & 1) {
- i->reset3 = 0;
- qemu_system_reset_request();
- }
-}
-
-static void pxa2xx_timer_tick4(void *opaque)
-{
- PXA2xxTimer4 *t = (PXA2xxTimer4 *) opaque;
- PXA2xxTimerInfo *i = (PXA2xxTimerInfo *) t->tm.info;
-
- pxa2xx_timer_tick(&t->tm);
- if (t->control & (1 << 3))
- t->clock = 0;
- if (t->control & (1 << 6))
- pxa2xx_timer_update4(i, qemu_get_clock_ns(vm_clock), t->tm.num - 4);
- if (i->events & 0xff0)
- qemu_irq_raise(i->irq4);
-}
-
-static int pxa25x_timer_post_load(void *opaque, int version_id)
-{
- PXA2xxTimerInfo *s = (PXA2xxTimerInfo *) opaque;
- int64_t now;
- int i;
-
- now = qemu_get_clock_ns(vm_clock);
- pxa2xx_timer_update(s, now);
-
- if (pxa2xx_timer_has_tm4(s))
- for (i = 0; i < 8; i ++)
- pxa2xx_timer_update4(s, now, i);
-
- return 0;
-}
-
-static int pxa2xx_timer_init(SysBusDevice *dev)
-{
- int i;
- PXA2xxTimerInfo *s;
-
- s = FROM_SYSBUS(PXA2xxTimerInfo, dev);
- s->irq_enabled = 0;
- s->oldclock = 0;
- s->clock = 0;
- s->lastload = qemu_get_clock_ns(vm_clock);
- s->reset3 = 0;
-
- for (i = 0; i < 4; i ++) {
- s->timer[i].value = 0;
- sysbus_init_irq(dev, &s->timer[i].irq);
- s->timer[i].info = s;
- s->timer[i].num = i;
- s->timer[i].qtimer = qemu_new_timer_ns(vm_clock,
- pxa2xx_timer_tick, &s->timer[i]);
- }
- if (s->flags & (1 << PXA2XX_TIMER_HAVE_TM4)) {
- sysbus_init_irq(dev, &s->irq4);
-
- for (i = 0; i < 8; i ++) {
- s->tm4[i].tm.value = 0;
- s->tm4[i].tm.info = s;
- s->tm4[i].tm.num = i + 4;
- s->tm4[i].freq = 0;
- s->tm4[i].control = 0x0;
- s->tm4[i].tm.qtimer = qemu_new_timer_ns(vm_clock,
- pxa2xx_timer_tick4, &s->tm4[i]);
- }
- }
-
- memory_region_init_io(&s->iomem, &pxa2xx_timer_ops, s,
- "pxa2xx-timer", 0x00001000);
- sysbus_init_mmio(dev, &s->iomem);
-
- return 0;
-}
-
-static const VMStateDescription vmstate_pxa2xx_timer0_regs = {
- .name = "pxa2xx_timer0",
- .version_id = 2,
- .minimum_version_id = 2,
- .minimum_version_id_old = 2,
- .fields = (VMStateField[]) {
- VMSTATE_UINT32(value, PXA2xxTimer0),
- VMSTATE_END_OF_LIST(),
- },
-};
-
-static const VMStateDescription vmstate_pxa2xx_timer4_regs = {
- .name = "pxa2xx_timer4",
- .version_id = 1,
- .minimum_version_id = 1,
- .minimum_version_id_old = 1,
- .fields = (VMStateField[]) {
- VMSTATE_STRUCT(tm, PXA2xxTimer4, 1,
- vmstate_pxa2xx_timer0_regs, PXA2xxTimer0),
- VMSTATE_INT32(oldclock, PXA2xxTimer4),
- VMSTATE_INT32(clock, PXA2xxTimer4),
- VMSTATE_UINT64(lastload, PXA2xxTimer4),
- VMSTATE_UINT32(freq, PXA2xxTimer4),
- VMSTATE_UINT32(control, PXA2xxTimer4),
- VMSTATE_END_OF_LIST(),
- },
-};
-
-static bool pxa2xx_timer_has_tm4_test(void *opaque, int version_id)
-{
- return pxa2xx_timer_has_tm4(opaque);
-}
-
-static const VMStateDescription vmstate_pxa2xx_timer_regs = {
- .name = "pxa2xx_timer",
- .version_id = 1,
- .minimum_version_id = 1,
- .minimum_version_id_old = 1,
- .post_load = pxa25x_timer_post_load,
- .fields = (VMStateField[]) {
- VMSTATE_INT32(clock, PXA2xxTimerInfo),
- VMSTATE_INT32(oldclock, PXA2xxTimerInfo),
- VMSTATE_UINT64(lastload, PXA2xxTimerInfo),
- VMSTATE_STRUCT_ARRAY(timer, PXA2xxTimerInfo, 4, 1,
- vmstate_pxa2xx_timer0_regs, PXA2xxTimer0),
- VMSTATE_UINT32(events, PXA2xxTimerInfo),
- VMSTATE_UINT32(irq_enabled, PXA2xxTimerInfo),
- VMSTATE_UINT32(reset3, PXA2xxTimerInfo),
- VMSTATE_UINT32(snapshot, PXA2xxTimerInfo),
- VMSTATE_STRUCT_ARRAY_TEST(tm4, PXA2xxTimerInfo, 8,
- pxa2xx_timer_has_tm4_test, 0,
- vmstate_pxa2xx_timer4_regs, PXA2xxTimer4),
- VMSTATE_END_OF_LIST(),
- }
-};
-
-static Property pxa25x_timer_dev_properties[] = {
- DEFINE_PROP_UINT32("freq", PXA2xxTimerInfo, freq, PXA25X_FREQ),
- DEFINE_PROP_BIT("tm4", PXA2xxTimerInfo, flags,
- PXA2XX_TIMER_HAVE_TM4, false),
- DEFINE_PROP_END_OF_LIST(),
-};
-
-static void pxa25x_timer_dev_class_init(ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS(klass);
- SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
-
- k->init = pxa2xx_timer_init;
- dc->desc = "PXA25x timer";
- dc->vmsd = &vmstate_pxa2xx_timer_regs;
- dc->props = pxa25x_timer_dev_properties;
-}
-
-static TypeInfo pxa25x_timer_dev_info = {
- .name = "pxa25x-timer",
- .parent = TYPE_SYS_BUS_DEVICE,
- .instance_size = sizeof(PXA2xxTimerInfo),
- .class_init = pxa25x_timer_dev_class_init,
-};
-
-static Property pxa27x_timer_dev_properties[] = {
- DEFINE_PROP_UINT32("freq", PXA2xxTimerInfo, freq, PXA27X_FREQ),
- DEFINE_PROP_BIT("tm4", PXA2xxTimerInfo, flags,
- PXA2XX_TIMER_HAVE_TM4, true),
- DEFINE_PROP_END_OF_LIST(),
-};
-
-static void pxa27x_timer_dev_class_init(ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS(klass);
- SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
-
- k->init = pxa2xx_timer_init;
- dc->desc = "PXA27x timer";
- dc->vmsd = &vmstate_pxa2xx_timer_regs;
- dc->props = pxa27x_timer_dev_properties;
-}
-
-static TypeInfo pxa27x_timer_dev_info = {
- .name = "pxa27x-timer",
- .parent = TYPE_SYS_BUS_DEVICE,
- .instance_size = sizeof(PXA2xxTimerInfo),
- .class_init = pxa27x_timer_dev_class_init,
-};
-
-static void pxa2xx_timer_register_types(void)
-{
- type_register_static(&pxa25x_timer_dev_info);
- type_register_static(&pxa27x_timer_dev_info);
-}
-
-type_init(pxa2xx_timer_register_types)
diff --git a/hw/q35.c b/hw/q35.c
deleted file mode 100644
index efebc2786..000000000
--- a/hw/q35.c
+++ /dev/null
@@ -1,309 +0,0 @@
-/*
- * QEMU MCH/ICH9 PCI Bridge Emulation
- *
- * Copyright (c) 2006 Fabrice Bellard
- * Copyright (c) 2009, 2010, 2011
- * Isaku Yamahata <yamahata at valinux co jp>
- * VA Linux Systems Japan K.K.
- * Copyright (C) 2012 Jason Baron <jbaron@redhat.com>
- *
- * This is based on piix_pci.c, but heavily modified.
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
- * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
- * THE SOFTWARE.
- */
-#include "hw.h"
-#include "q35.h"
-
-/****************************************************************************
- * Q35 host
- */
-
-static int q35_host_init(SysBusDevice *dev)
-{
- PCIBus *b;
- PCIHostState *pci = FROM_SYSBUS(PCIHostState, dev);
- Q35PCIHost *s = Q35_HOST_DEVICE(&dev->qdev);
-
- memory_region_init_io(&pci->conf_mem, &pci_host_conf_le_ops, pci,
- "pci-conf-idx", 4);
- sysbus_add_io(dev, MCH_HOST_BRIDGE_CONFIG_ADDR, &pci->conf_mem);
- sysbus_init_ioports(&pci->busdev, MCH_HOST_BRIDGE_CONFIG_ADDR, 4);
-
- memory_region_init_io(&pci->data_mem, &pci_host_data_le_ops, pci,
- "pci-conf-data", 4);
- sysbus_add_io(dev, MCH_HOST_BRIDGE_CONFIG_DATA, &pci->data_mem);
- sysbus_init_ioports(&pci->busdev, MCH_HOST_BRIDGE_CONFIG_DATA, 4);
-
- if (pcie_host_init(&s->host) < 0) {
- return -1;
- }
- b = pci_bus_new(&s->host.pci.busdev.qdev, "pcie.0",
- s->mch.pci_address_space, s->mch.address_space_io, 0);
- s->host.pci.bus = b;
- qdev_set_parent_bus(DEVICE(&s->mch), BUS(b));
- qdev_init_nofail(DEVICE(&s->mch));
-
- return 0;
-}
-
-static Property mch_props[] = {
- DEFINE_PROP_UINT64("MCFG", Q35PCIHost, host.base_addr,
- MCH_HOST_BRIDGE_PCIEXBAR_DEFAULT),
- DEFINE_PROP_END_OF_LIST(),
-};
-
-static void q35_host_class_init(ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS(klass);
- SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
-
- k->init = q35_host_init;
- dc->props = mch_props;
-}
-
-static void q35_host_initfn(Object *obj)
-{
- Q35PCIHost *s = Q35_HOST_DEVICE(obj);
-
- object_initialize(&s->mch, TYPE_MCH_PCI_DEVICE);
- object_property_add_child(OBJECT(s), "mch", OBJECT(&s->mch), NULL);
- qdev_prop_set_uint32(DEVICE(&s->mch), "addr", PCI_DEVFN(0, 0));
- qdev_prop_set_bit(DEVICE(&s->mch), "multifunction", false);
-}
-
-static const TypeInfo q35_host_info = {
- .name = TYPE_Q35_HOST_DEVICE,
- .parent = TYPE_PCIE_HOST_BRIDGE,
- .instance_size = sizeof(Q35PCIHost),
- .instance_init = q35_host_initfn,
- .class_init = q35_host_class_init,
-};
-
-/****************************************************************************
- * MCH D0:F0
- */
-
-/* PCIe MMCFG */
-static void mch_update_pciexbar(MCHPCIState *mch)
-{
- PCIDevice *pci_dev = &mch->d;
- BusState *bus = qdev_get_parent_bus(&pci_dev->qdev);
- DeviceState *qdev = bus->parent;
- Q35PCIHost *s = Q35_HOST_DEVICE(qdev);
-
- uint64_t pciexbar;
- int enable;
- uint64_t addr;
- uint64_t addr_mask;
- uint32_t length;
-
- pciexbar = pci_get_quad(pci_dev->config + MCH_HOST_BRIDGE_PCIEXBAR);
- enable = pciexbar & MCH_HOST_BRIDGE_PCIEXBAREN;
- addr_mask = MCH_HOST_BRIDGE_PCIEXBAR_ADMSK;
- switch (pciexbar & MCH_HOST_BRIDGE_PCIEXBAR_LENGTH_MASK) {
- case MCH_HOST_BRIDGE_PCIEXBAR_LENGTH_256M:
- length = 256 * 1024 * 1024;
- break;
- case MCH_HOST_BRIDGE_PCIEXBAR_LENGTH_128M:
- length = 128 * 1024 * 1024;
- addr_mask |= MCH_HOST_BRIDGE_PCIEXBAR_128ADMSK |
- MCH_HOST_BRIDGE_PCIEXBAR_64ADMSK;
- break;
- case MCH_HOST_BRIDGE_PCIEXBAR_LENGTH_64M:
- length = 64 * 1024 * 1024;
- addr_mask |= MCH_HOST_BRIDGE_PCIEXBAR_64ADMSK;
- break;
- case MCH_HOST_BRIDGE_PCIEXBAR_LENGTH_RVD:
- default:
- enable = 0;
- length = 0;
- abort();
- break;
- }
- addr = pciexbar & addr_mask;
- pcie_host_mmcfg_update(&s->host, enable, addr, length);
-}
-
-/* PAM */
-static void mch_update_pam(MCHPCIState *mch)
-{
- int i;
-
- memory_region_transaction_begin();
- for (i = 0; i < 13; i++) {
- pam_update(&mch->pam_regions[i], i,
- mch->d.config[MCH_HOST_BRIDGE_PAM0 + ((i + 1) / 2)]);
- }
- memory_region_transaction_commit();
-}
-
-/* SMRAM */
-static void mch_update_smram(MCHPCIState *mch)
-{
- memory_region_transaction_begin();
- smram_update(&mch->smram_region, mch->d.config[MCH_HOST_BRDIGE_SMRAM],
- mch->smm_enabled);
- memory_region_transaction_commit();
-}
-
-static void mch_set_smm(int smm, void *arg)
-{
- MCHPCIState *mch = arg;
-
- memory_region_transaction_begin();
- smram_set_smm(&mch->smm_enabled, smm, mch->d.config[MCH_HOST_BRDIGE_SMRAM],
- &mch->smram_region);
- memory_region_transaction_commit();
-}
-
-static void mch_write_config(PCIDevice *d,
- uint32_t address, uint32_t val, int len)
-{
- MCHPCIState *mch = MCH_PCI_DEVICE(d);
-
- /* XXX: implement SMRAM.D_LOCK */
- pci_default_write_config(d, address, val, len);
-
- if (ranges_overlap(address, len, MCH_HOST_BRIDGE_PAM0,
- MCH_HOST_BRIDGE_PAM_SIZE)) {
- mch_update_pam(mch);
- }
-
- if (ranges_overlap(address, len, MCH_HOST_BRIDGE_PCIEXBAR,
- MCH_HOST_BRIDGE_PCIEXBAR_SIZE)) {
- mch_update_pciexbar(mch);
- }
-
- if (ranges_overlap(address, len, MCH_HOST_BRDIGE_SMRAM,
- MCH_HOST_BRDIGE_SMRAM_SIZE)) {
- mch_update_smram(mch);
- }
-}
-
-static void mch_update(MCHPCIState *mch)
-{
- mch_update_pciexbar(mch);
- mch_update_pam(mch);
- mch_update_smram(mch);
-}
-
-static int mch_post_load(void *opaque, int version_id)
-{
- MCHPCIState *mch = opaque;
- mch_update(mch);
- return 0;
-}
-
-static const VMStateDescription vmstate_mch = {
- .name = "mch",
- .version_id = 1,
- .minimum_version_id = 1,
- .minimum_version_id_old = 1,
- .post_load = mch_post_load,
- .fields = (VMStateField []) {
- VMSTATE_PCI_DEVICE(d, MCHPCIState),
- VMSTATE_UINT8(smm_enabled, MCHPCIState),
- VMSTATE_END_OF_LIST()
- }
-};
-
-static void mch_reset(DeviceState *qdev)
-{
- PCIDevice *d = PCI_DEVICE(qdev);
- MCHPCIState *mch = MCH_PCI_DEVICE(d);
-
- pci_set_quad(d->config + MCH_HOST_BRIDGE_PCIEXBAR,
- MCH_HOST_BRIDGE_PCIEXBAR_DEFAULT);
-
- d->config[MCH_HOST_BRDIGE_SMRAM] = MCH_HOST_BRIDGE_SMRAM_DEFAULT;
-
- mch_update(mch);
-}
-
-static int mch_init(PCIDevice *d)
-{
- int i;
- hwaddr pci_hole64_size;
- MCHPCIState *mch = MCH_PCI_DEVICE(d);
-
- /* setup pci memory regions */
- memory_region_init_alias(&mch->pci_hole, "pci-hole",
- mch->pci_address_space,
- mch->below_4g_mem_size,
- 0x100000000ULL - mch->below_4g_mem_size);
- memory_region_add_subregion(mch->system_memory, mch->below_4g_mem_size,
- &mch->pci_hole);
- pci_hole64_size = (sizeof(hwaddr) == 4 ? 0 :
- ((uint64_t)1 << 62));
- memory_region_init_alias(&mch->pci_hole_64bit, "pci-hole64",
- mch->pci_address_space,
- 0x100000000ULL + mch->above_4g_mem_size,
- pci_hole64_size);
- if (pci_hole64_size) {
- memory_region_add_subregion(mch->system_memory,
- 0x100000000ULL + mch->above_4g_mem_size,
- &mch->pci_hole_64bit);
- }
- /* smram */
- cpu_smm_register(&mch_set_smm, mch);
- memory_region_init_alias(&mch->smram_region, "smram-region",
- mch->pci_address_space, 0xa0000, 0x20000);
- memory_region_add_subregion_overlap(mch->system_memory, 0xa0000,
- &mch->smram_region, 1);
- memory_region_set_enabled(&mch->smram_region, false);
- init_pam(mch->ram_memory, mch->system_memory, mch->pci_address_space,
- &mch->pam_regions[0], PAM_BIOS_BASE, PAM_BIOS_SIZE);
- for (i = 0; i < 12; ++i) {
- init_pam(mch->ram_memory, mch->system_memory, mch->pci_address_space,
- &mch->pam_regions[i+1], PAM_EXPAN_BASE + i * PAM_EXPAN_SIZE,
- PAM_EXPAN_SIZE);
- }
- return 0;
-}
-
-static void mch_class_init(ObjectClass *klass, void *data)
-{
- PCIDeviceClass *k = PCI_DEVICE_CLASS(klass);
- DeviceClass *dc = DEVICE_CLASS(klass);
-
- k->init = mch_init;
- k->config_write = mch_write_config;
- dc->reset = mch_reset;
- dc->desc = "Host bridge";
- dc->vmsd = &vmstate_mch;
- k->vendor_id = PCI_VENDOR_ID_INTEL;
- k->device_id = PCI_DEVICE_ID_INTEL_Q35_MCH;
- k->revision = MCH_HOST_BRIDGE_REVISION_DEFUALT;
- k->class_id = PCI_CLASS_BRIDGE_HOST;
-}
-
-static const TypeInfo mch_info = {
- .name = TYPE_MCH_PCI_DEVICE,
- .parent = TYPE_PCI_DEVICE,
- .instance_size = sizeof(MCHPCIState),
- .class_init = mch_class_init,
-};
-
-static void q35_register(void)
-{
- type_register_static(&mch_info);
- type_register_static(&q35_host_info);
-}
-
-type_init(q35_register);
diff --git a/hw/q35.h b/hw/q35.h
deleted file mode 100644
index e34f7c165..000000000
--- a/hw/q35.h
+++ /dev/null
@@ -1,150 +0,0 @@
-/*
- * q35.h
- *
- * Copyright (c) 2009 Isaku Yamahata <yamahata at valinux co jp>
- * VA Linux Systems Japan K.K.
- * Copyright (C) 2012 Jason Baron <jbaron@redhat.com>
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, see <http://www.gnu.org/licenses/>
- */
-
-#ifndef HW_Q35_H
-#define HW_Q35_H
-
-#include "hw.h"
-#include "range.h"
-#include "isa.h"
-#include "sysbus.h"
-#include "pc.h"
-#include "apm.h"
-#include "apic.h"
-#include "pci.h"
-#include "pcie_host.h"
-#include "acpi.h"
-#include "acpi_ich9.h"
-#include "pam.h"
-
-#define TYPE_Q35_HOST_DEVICE "q35-pcihost"
-#define Q35_HOST_DEVICE(obj) \
- OBJECT_CHECK(Q35PCIHost, (obj), TYPE_Q35_HOST_DEVICE)
-
-#define TYPE_MCH_PCI_DEVICE "mch"
-#define MCH_PCI_DEVICE(obj) \
- OBJECT_CHECK(MCHPCIState, (obj), TYPE_MCH_PCI_DEVICE)
-
-typedef struct MCHPCIState {
- PCIDevice d;
- MemoryRegion *ram_memory;
- MemoryRegion *pci_address_space;
- MemoryRegion *system_memory;
- MemoryRegion *address_space_io;
- PAMMemoryRegion pam_regions[13];
- MemoryRegion smram_region;
- MemoryRegion pci_hole;
- MemoryRegion pci_hole_64bit;
- uint8_t smm_enabled;
- ram_addr_t below_4g_mem_size;
- ram_addr_t above_4g_mem_size;
-} MCHPCIState;
-
-typedef struct Q35PCIHost {
- PCIExpressHost host;
- MCHPCIState mch;
-} Q35PCIHost;
-
-#define Q35_MASK(bit, ms_bit, ls_bit) \
-((uint##bit##_t)(((1ULL << ((ms_bit) + 1)) - 1) & ~((1ULL << ls_bit) - 1)))
-
-/*
- * gmch part
- */
-
-/* PCI configuration */
-#define MCH_HOST_BRIDGE "MCH"
-
-#define MCH_HOST_BRIDGE_CONFIG_ADDR 0xcf8
-#define MCH_HOST_BRIDGE_CONFIG_DATA 0xcfc
-
-/* D0:F0 configuration space */
-#define MCH_HOST_BRIDGE_REVISION_DEFUALT 0x0
-
-#define MCH_HOST_BRIDGE_PCIEXBAR 0x60 /* 64bit register */
-#define MCH_HOST_BRIDGE_PCIEXBAR_SIZE 8 /* 64bit register */
-#define MCH_HOST_BRIDGE_PCIEXBAR_DEFAULT 0xb0000000
-#define MCH_HOST_BRIDGE_PCIEXBAR_ADMSK Q35_MASK(64, 35, 28)
-#define MCH_HOST_BRIDGE_PCIEXBAR_128ADMSK ((uint64_t)(1 << 26))
-#define MCH_HOST_BRIDGE_PCIEXBAR_64ADMSK ((uint64_t)(1 << 25))
-#define MCH_HOST_BRIDGE_PCIEXBAR_LENGTH_MASK ((uint64_t)(0x3 << 1))
-#define MCH_HOST_BRIDGE_PCIEXBAR_LENGTH_256M ((uint64_t)(0x0 << 1))
-#define MCH_HOST_BRIDGE_PCIEXBAR_LENGTH_128M ((uint64_t)(0x1 << 1))
-#define MCH_HOST_BRIDGE_PCIEXBAR_LENGTH_64M ((uint64_t)(0x2 << 1))
-#define MCH_HOST_BRIDGE_PCIEXBAR_LENGTH_RVD ((uint64_t)(0x3 << 1))
-#define MCH_HOST_BRIDGE_PCIEXBAREN ((uint64_t)1)
-
-#define MCH_HOST_BRIDGE_PAM_NB 7
-#define MCH_HOST_BRIDGE_PAM_SIZE 7
-#define MCH_HOST_BRIDGE_PAM0 0x90
-#define MCH_HOST_BRIDGE_PAM_BIOS_AREA 0xf0000
-#define MCH_HOST_BRIDGE_PAM_AREA_SIZE 0x10000 /* 16KB */
-#define MCH_HOST_BRIDGE_PAM1 0x91
-#define MCH_HOST_BRIDGE_PAM_EXPAN_AREA 0xc0000
-#define MCH_HOST_BRIDGE_PAM_EXPAN_SIZE 0x04000
-#define MCH_HOST_BRIDGE_PAM2 0x92
-#define MCH_HOST_BRIDGE_PAM3 0x93
-#define MCH_HOST_BRIDGE_PAM4 0x94
-#define MCH_HOST_BRIDGE_PAM_EXBIOS_AREA 0xe0000
-#define MCH_HOST_BRIDGE_PAM_EXBIOS_SIZE 0x04000
-#define MCH_HOST_BRIDGE_PAM5 0x95
-#define MCH_HOST_BRIDGE_PAM6 0x96
-#define MCH_HOST_BRIDGE_PAM_WE_HI ((uint8_t)(0x2 << 4))
-#define MCH_HOST_BRIDGE_PAM_RE_HI ((uint8_t)(0x1 << 4))
-#define MCH_HOST_BRIDGE_PAM_HI_MASK ((uint8_t)(0x3 << 4))
-#define MCH_HOST_BRIDGE_PAM_WE_LO ((uint8_t)0x2)
-#define MCH_HOST_BRIDGE_PAM_RE_LO ((uint8_t)0x1)
-#define MCH_HOST_BRIDGE_PAM_LO_MASK ((uint8_t)0x3)
-#define MCH_HOST_BRIDGE_PAM_WE ((uint8_t)0x2)
-#define MCH_HOST_BRIDGE_PAM_RE ((uint8_t)0x1)
-#define MCH_HOST_BRIDGE_PAM_MASK ((uint8_t)0x3)
-
-#define MCH_HOST_BRDIGE_SMRAM 0x9d
-#define MCH_HOST_BRDIGE_SMRAM_SIZE 1
-#define MCH_HOST_BRIDGE_SMRAM_DEFAULT ((uint8_t)0x2)
-#define MCH_HOST_BRIDGE_SMRAM_D_OPEN ((uint8_t)(1 << 6))
-#define MCH_HOST_BRIDGE_SMRAM_D_CLS ((uint8_t)(1 << 5))
-#define MCH_HOST_BRIDGE_SMRAM_D_LCK ((uint8_t)(1 << 4))
-#define MCH_HOST_BRIDGE_SMRAM_G_SMRAME ((uint8_t)(1 << 3))
-#define MCH_HOST_BRIDGE_SMRAM_C_BASE_SEG_MASK ((uint8_t)0x7)
-#define MCH_HOST_BRIDGE_SMRAM_C_BASE_SEG ((uint8_t)0x2) /* hardwired to b010 */
-#define MCH_HOST_BRIDGE_SMRAM_C_BASE 0xa0000
-#define MCH_HOST_BRIDGE_SMRAM_C_END 0xc0000
-#define MCH_HOST_BRIDGE_SMRAM_C_SIZE 0x20000
-#define MCH_HOST_BRIDGE_UPPER_SYSTEM_BIOS_END 0x100000
-
-#define MCH_HOST_BRIDGE_ESMRAMC 0x9e
-#define MCH_HOST_BRDIGE_ESMRAMC_H_SMRAME ((uint8_t)(1 << 6))
-#define MCH_HOST_BRDIGE_ESMRAMC_E_SMERR ((uint8_t)(1 << 5))
-#define MCH_HOST_BRDIGE_ESMRAMC_SM_CACHE ((uint8_t)(1 << 4))
-#define MCH_HOST_BRDIGE_ESMRAMC_SM_L1 ((uint8_t)(1 << 3))
-#define MCH_HOST_BRDIGE_ESMRAMC_SM_L2 ((uint8_t)(1 << 2))
-#define MCH_HOST_BRDIGE_ESMRAMC_TSEG_SZ_MASK ((uint8_t)(0x3 << 1))
-#define MCH_HOST_BRDIGE_ESMRAMC_TSEG_SZ_1MB ((uint8_t)(0x0 << 1))
-#define MCH_HOST_BRDIGE_ESMRAMC_TSEG_SZ_2MB ((uint8_t)(0x1 << 1))
-#define MCH_HOST_BRDIGE_ESMRAMC_TSEG_SZ_8MB ((uint8_t)(0x2 << 1))
-#define MCH_HOST_BRDIGE_ESMRAMC_T_EN ((uint8_t)1)
-
-/* D1:F0 PCIE* port*/
-#define MCH_PCIE_DEV 1
-#define MCH_PCIE_FUNC 0
-
-#endif /* HW_Q35_H */
diff --git a/hw/qdev-addr.c b/hw/qdev-addr.c
deleted file mode 100644
index ea32c31ab..000000000
--- a/hw/qdev-addr.c
+++ /dev/null
@@ -1,77 +0,0 @@
-#include "qdev.h"
-#include "qdev-addr.h"
-#include "hwaddr.h"
-#include "qapi/qapi-visit-core.h"
-
-/* --- target physical address --- */
-
-static int parse_taddr(DeviceState *dev, Property *prop, const char *str)
-{
- hwaddr *ptr = qdev_get_prop_ptr(dev, prop);
-
- *ptr = strtoull(str, NULL, 16);
- return 0;
-}
-
-static int print_taddr(DeviceState *dev, Property *prop, char *dest, size_t len)
-{
- hwaddr *ptr = qdev_get_prop_ptr(dev, prop);
- return snprintf(dest, len, "0x" TARGET_FMT_plx, *ptr);
-}
-
-static void get_taddr(Object *obj, Visitor *v, void *opaque,
- const char *name, Error **errp)
-{
- DeviceState *dev = DEVICE(obj);
- Property *prop = opaque;
- hwaddr *ptr = qdev_get_prop_ptr(dev, prop);
- int64_t value;
-
- value = *ptr;
- visit_type_int64(v, &value, name, errp);
-}
-
-static void set_taddr(Object *obj, Visitor *v, void *opaque,
- const char *name, Error **errp)
-{
- DeviceState *dev = DEVICE(obj);
- Property *prop = opaque;
- hwaddr *ptr = qdev_get_prop_ptr(dev, prop);
- Error *local_err = NULL;
- int64_t value;
-
- if (dev->state != DEV_STATE_CREATED) {
- error_set(errp, QERR_PERMISSION_DENIED);
- return;
- }
-
- visit_type_int64(v, &value, name, &local_err);
- if (local_err) {
- error_propagate(errp, local_err);
- return;
- }
- if ((uint64_t)value <= (uint64_t) ~(hwaddr)0) {
- *ptr = value;
- } else {
- error_set(errp, QERR_PROPERTY_VALUE_OUT_OF_RANGE,
- dev->id?:"", name, value, (uint64_t) 0,
- (uint64_t) ~(hwaddr)0);
- }
-}
-
-
-PropertyInfo qdev_prop_taddr = {
- .name = "taddr",
- .parse = parse_taddr,
- .print = print_taddr,
- .get = get_taddr,
- .set = set_taddr,
-};
-
-void qdev_prop_set_taddr(DeviceState *dev, const char *name, hwaddr value)
-{
- Error *errp = NULL;
- object_property_set_int(OBJECT(dev), value, name, &errp);
- assert(!errp);
-
-}
diff --git a/hw/qdev-addr.h b/hw/qdev-addr.h
deleted file mode 100644
index ea5ecb4d7..000000000
--- a/hw/qdev-addr.h
+++ /dev/null
@@ -1,5 +0,0 @@
-#define DEFINE_PROP_TADDR(_n, _s, _f, _d) \
- DEFINE_PROP_DEFAULT(_n, _s, _f, _d, qdev_prop_taddr, hwaddr)
-
-extern PropertyInfo qdev_prop_taddr;
-void qdev_prop_set_taddr(DeviceState *dev, const char *name, hwaddr value);
diff --git a/hw/qdev-core.h b/hw/qdev-core.h
deleted file mode 100644
index fff7f0f5a..000000000
--- a/hw/qdev-core.h
+++ /dev/null
@@ -1,233 +0,0 @@
-#ifndef QDEV_CORE_H
-#define QDEV_CORE_H
-
-#include "qemu-queue.h"
-#include "qemu-option.h"
-#include "qemu/object.h"
-#include "hw/irq.h"
-#include "error.h"
-
-typedef struct Property Property;
-
-typedef struct PropertyInfo PropertyInfo;
-
-typedef struct CompatProperty CompatProperty;
-
-typedef struct BusState BusState;
-
-typedef struct BusClass BusClass;
-
-enum DevState {
- DEV_STATE_CREATED = 1,
- DEV_STATE_INITIALIZED,
-};
-
-enum {
- DEV_NVECTORS_UNSPECIFIED = -1,
-};
-
-#define TYPE_DEVICE "device"
-#define DEVICE(obj) OBJECT_CHECK(DeviceState, (obj), TYPE_DEVICE)
-#define DEVICE_CLASS(klass) OBJECT_CLASS_CHECK(DeviceClass, (klass), TYPE_DEVICE)
-#define DEVICE_GET_CLASS(obj) OBJECT_GET_CLASS(DeviceClass, (obj), TYPE_DEVICE)
-
-typedef int (*qdev_initfn)(DeviceState *dev);
-typedef int (*qdev_event)(DeviceState *dev);
-typedef void (*qdev_resetfn)(DeviceState *dev);
-
-struct VMStateDescription;
-
-typedef struct DeviceClass {
- ObjectClass parent_class;
-
- const char *fw_name;
- const char *desc;
- Property *props;
- int no_user;
-
- /* callbacks */
- void (*reset)(DeviceState *dev);
-
- /* device state */
- const struct VMStateDescription *vmsd;
-
- /* Private to qdev / bus. */
- qdev_initfn init;
- qdev_event unplug;
- qdev_event exit;
- const char *bus_type;
-} DeviceClass;
-
-/* This structure should not be accessed directly. We declare it here
- so that it can be embedded in individual device state structures. */
-struct DeviceState {
- Object parent_obj;
-
- const char *id;
- enum DevState state;
- QemuOpts *opts;
- int hotplugged;
- BusState *parent_bus;
- int num_gpio_out;
- qemu_irq *gpio_out;
- int num_gpio_in;
- qemu_irq *gpio_in;
- QLIST_HEAD(, BusState) child_bus;
- int num_child_bus;
- int instance_id_alias;
- int alias_required_for_version;
-};
-
-#define TYPE_BUS "bus"
-#define BUS(obj) OBJECT_CHECK(BusState, (obj), TYPE_BUS)
-#define BUS_CLASS(klass) OBJECT_CLASS_CHECK(BusClass, (klass), TYPE_BUS)
-#define BUS_GET_CLASS(obj) OBJECT_GET_CLASS(BusClass, (obj), TYPE_BUS)
-
-struct BusClass {
- ObjectClass parent_class;
-
- /* FIXME first arg should be BusState */
- void (*print_dev)(Monitor *mon, DeviceState *dev, int indent);
- char *(*get_dev_path)(DeviceState *dev);
- /*
- * This callback is used to create Open Firmware device path in accordance
- * with OF spec http://forthworks.com/standards/of1275.pdf. Individual bus
- * bindings can be found at http://playground.sun.com/1275/bindings/.
- */
- char *(*get_fw_dev_path)(DeviceState *dev);
- int (*reset)(BusState *bus);
-};
-
-typedef struct BusChild {
- DeviceState *child;
- int index;
- QTAILQ_ENTRY(BusChild) sibling;
-} BusChild;
-
-/**
- * BusState:
- */
-struct BusState {
- Object obj;
- DeviceState *parent;
- const char *name;
- int allow_hotplug;
- int max_index;
- QTAILQ_HEAD(ChildrenHead, BusChild) children;
- QLIST_ENTRY(BusState) sibling;
-};
-
-struct Property {
- const char *name;
- PropertyInfo *info;
- int offset;
- uint8_t bitnr;
- uint8_t qtype;
- int64_t defval;
-};
-
-struct PropertyInfo {
- const char *name;
- const char *legacy_name;
- const char **enum_table;
- int (*parse)(DeviceState *dev, Property *prop, const char *str);
- int (*print)(DeviceState *dev, Property *prop, char *dest, size_t len);
- ObjectPropertyAccessor *get;
- ObjectPropertyAccessor *set;
- ObjectPropertyRelease *release;
-};
-
-typedef struct GlobalProperty {
- const char *driver;
- const char *property;
- const char *value;
- QTAILQ_ENTRY(GlobalProperty) next;
-} GlobalProperty;
-
-/*** Board API. This should go away once we have a machine config file. ***/
-
-DeviceState *qdev_create(BusState *bus, const char *name);
-DeviceState *qdev_try_create(BusState *bus, const char *name);
-int qdev_init(DeviceState *dev) QEMU_WARN_UNUSED_RESULT;
-void qdev_init_nofail(DeviceState *dev);
-void qdev_set_legacy_instance_id(DeviceState *dev, int alias_id,
- int required_for_version);
-void qdev_unplug(DeviceState *dev, Error **errp);
-void qdev_free(DeviceState *dev);
-int qdev_simple_unplug_cb(DeviceState *dev);
-void qdev_machine_creation_done(void);
-bool qdev_machine_modified(void);
-
-qemu_irq qdev_get_gpio_in(DeviceState *dev, int n);
-void qdev_connect_gpio_out(DeviceState *dev, int n, qemu_irq pin);
-
-BusState *qdev_get_child_bus(DeviceState *dev, const char *name);
-
-/*** Device API. ***/
-
-/* Register device properties. */
-/* GPIO inputs also double as IRQ sinks. */
-void qdev_init_gpio_in(DeviceState *dev, qemu_irq_handler handler, int n);
-void qdev_init_gpio_out(DeviceState *dev, qemu_irq *pins, int n);
-
-BusState *qdev_get_parent_bus(DeviceState *dev);
-
-/*** BUS API. ***/
-
-DeviceState *qdev_find_recursive(BusState *bus, const char *id);
-
-/* Returns 0 to walk children, > 0 to skip walk, < 0 to terminate walk. */
-typedef int (qbus_walkerfn)(BusState *bus, void *opaque);
-typedef int (qdev_walkerfn)(DeviceState *dev, void *opaque);
-
-void qbus_create_inplace(BusState *bus, const char *typename,
- DeviceState *parent, const char *name);
-BusState *qbus_create(const char *typename, DeviceState *parent, const char *name);
-/* Returns > 0 if either devfn or busfn skip walk somewhere in cursion,
- * < 0 if either devfn or busfn terminate walk somewhere in cursion,
- * 0 otherwise. */
-int qbus_walk_children(BusState *bus, qdev_walkerfn *devfn,
- qbus_walkerfn *busfn, void *opaque);
-int qdev_walk_children(DeviceState *dev, qdev_walkerfn *devfn,
- qbus_walkerfn *busfn, void *opaque);
-void qdev_reset_all(DeviceState *dev);
-void qbus_reset_all_fn(void *opaque);
-
-void qbus_free(BusState *bus);
-
-#define FROM_QBUS(type, dev) DO_UPCAST(type, qbus, dev)
-
-/* This should go away once we get rid of the NULL bus hack */
-BusState *sysbus_get_default(void);
-
-char *qdev_get_fw_dev_path(DeviceState *dev);
-
-/**
- * @qdev_machine_init
- *
- * Initialize platform devices before machine init. This is a hack until full
- * support for composition is added.
- */
-void qdev_machine_init(void);
-
-/**
- * @device_reset
- *
- * Reset a single device (by calling the reset method).
- */
-void device_reset(DeviceState *dev);
-
-const struct VMStateDescription *qdev_get_vmsd(DeviceState *dev);
-
-const char *qdev_fw_name(DeviceState *dev);
-
-Object *qdev_get_machine(void);
-
-/* FIXME: make this a link<> */
-void qdev_set_parent_bus(DeviceState *dev, BusState *bus);
-
-extern int qdev_hotplug;
-
-char *qdev_get_dev_path(DeviceState *dev);
-
-#endif
diff --git a/hw/qdev-dma.h b/hw/qdev-dma.h
deleted file mode 100644
index 6812735e3..000000000
--- a/hw/qdev-dma.h
+++ /dev/null
@@ -1,10 +0,0 @@
-/*
- * Support for dma_addr_t typed properties
- *
- * Copyright (C) 2012 David Gibson, IBM Corporation.
- *
- * This work is licensed under the terms of the GNU GPL, version 2 or later.
- * See the COPYING file in the top-level directory.
- */
-#define DEFINE_PROP_DMAADDR(_n, _s, _f, _d) \
- DEFINE_PROP_HEX64(_n, _s, _f, _d)
diff --git a/hw/qdev-monitor.c b/hw/qdev-monitor.c
deleted file mode 100644
index a1b4d6ae5..000000000
--- a/hw/qdev-monitor.c
+++ /dev/null
@@ -1,616 +0,0 @@
-/*
- * Dynamic device configuration and creation.
- *
- * Copyright (c) 2009 CodeSourcery
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, see <http://www.gnu.org/licenses/>.
- */
-
-#include "qdev.h"
-#include "monitor.h"
-#include "qmp-commands.h"
-#include "arch_init.h"
-
-/*
- * Aliases were a bad idea from the start. Let's keep them
- * from spreading further.
- */
-typedef struct QDevAlias
-{
- const char *typename;
- const char *alias;
- uint32_t arch_mask;
-} QDevAlias;
-
-static const QDevAlias qdev_alias_table[] = {
- { "virtio-blk-pci", "virtio-blk", QEMU_ARCH_ALL & ~QEMU_ARCH_S390X },
- { "virtio-net-pci", "virtio-net", QEMU_ARCH_ALL & ~QEMU_ARCH_S390X },
- { "virtio-serial-pci", "virtio-serial", QEMU_ARCH_ALL & ~QEMU_ARCH_S390X },
- { "virtio-balloon-pci", "virtio-balloon",
- QEMU_ARCH_ALL & ~QEMU_ARCH_S390X },
- { "virtio-blk-s390", "virtio-blk", QEMU_ARCH_S390X },
- { "virtio-net-s390", "virtio-net", QEMU_ARCH_S390X },
- { "virtio-serial-s390", "virtio-serial", QEMU_ARCH_S390X },
- { "lsi53c895a", "lsi" },
- { "ich9-ahci", "ahci" },
- { "kvm-pci-assign", "pci-assign" },
- { }
-};
-
-static const char *qdev_class_get_alias(DeviceClass *dc)
-{
- const char *typename = object_class_get_name(OBJECT_CLASS(dc));
- int i;
-
- for (i = 0; qdev_alias_table[i].typename; i++) {
- if (qdev_alias_table[i].arch_mask &&
- !(qdev_alias_table[i].arch_mask & arch_type)) {
- continue;
- }
-
- if (strcmp(qdev_alias_table[i].typename, typename) == 0) {
- return qdev_alias_table[i].alias;
- }
- }
-
- return NULL;
-}
-
-static bool qdev_class_has_alias(DeviceClass *dc)
-{
- return (qdev_class_get_alias(dc) != NULL);
-}
-
-static void qdev_print_devinfo(ObjectClass *klass, void *opaque)
-{
- DeviceClass *dc;
- bool *show_no_user = opaque;
-
- dc = (DeviceClass *)object_class_dynamic_cast(klass, TYPE_DEVICE);
-
- if (!dc || (show_no_user && !*show_no_user && dc->no_user)) {
- return;
- }
-
- error_printf("name \"%s\"", object_class_get_name(klass));
- if (dc->bus_type) {
- error_printf(", bus %s", dc->bus_type);
- }
- if (qdev_class_has_alias(dc)) {
- error_printf(", alias \"%s\"", qdev_class_get_alias(dc));
- }
- if (dc->desc) {
- error_printf(", desc \"%s\"", dc->desc);
- }
- if (dc->no_user) {
- error_printf(", no-user");
- }
- error_printf("\n");
-}
-
-static int set_property(const char *name, const char *value, void *opaque)
-{
- DeviceState *dev = opaque;
-
- if (strcmp(name, "driver") == 0)
- return 0;
- if (strcmp(name, "bus") == 0)
- return 0;
-
- if (qdev_prop_parse(dev, name, value) == -1) {
- return -1;
- }
- return 0;
-}
-
-static const char *find_typename_by_alias(const char *alias)
-{
- int i;
-
- for (i = 0; qdev_alias_table[i].alias; i++) {
- if (qdev_alias_table[i].arch_mask &&
- !(qdev_alias_table[i].arch_mask & arch_type)) {
- continue;
- }
-
- if (strcmp(qdev_alias_table[i].alias, alias) == 0) {
- return qdev_alias_table[i].typename;
- }
- }
-
- return NULL;
-}
-
-int qdev_device_help(QemuOpts *opts)
-{
- const char *driver;
- Property *prop;
- ObjectClass *klass;
-
- driver = qemu_opt_get(opts, "driver");
- if (driver && is_help_option(driver)) {
- bool show_no_user = false;
- object_class_foreach(qdev_print_devinfo, TYPE_DEVICE, false, &show_no_user);
- return 1;
- }
-
- if (!driver || !qemu_opt_has_help_opt(opts)) {
- return 0;
- }
-
- klass = object_class_by_name(driver);
- if (!klass) {
- const char *typename = find_typename_by_alias(driver);
-
- if (typename) {
- driver = typename;
- klass = object_class_by_name(driver);
- }
- }
-
- if (!klass) {
- return 0;
- }
- do {
- for (prop = DEVICE_CLASS(klass)->props; prop && prop->name; prop++) {
- /*
- * TODO Properties without a parser are just for dirty hacks.
- * qdev_prop_ptr is the only such PropertyInfo. It's marked
- * for removal. This conditional should be removed along with
- * it.
- */
- if (!prop->info->set) {
- continue; /* no way to set it, don't show */
- }
- error_printf("%s.%s=%s\n", driver, prop->name,
- prop->info->legacy_name ?: prop->info->name);
- }
- klass = object_class_get_parent(klass);
- } while (klass != object_class_by_name(TYPE_DEVICE));
- return 1;
-}
-
-static Object *qdev_get_peripheral(void)
-{
- static Object *dev;
-
- if (dev == NULL) {
- dev = container_get(qdev_get_machine(), "/peripheral");
- }
-
- return dev;
-}
-
-static Object *qdev_get_peripheral_anon(void)
-{
- static Object *dev;
-
- if (dev == NULL) {
- dev = container_get(qdev_get_machine(), "/peripheral-anon");
- }
-
- return dev;
-}
-
-static void qbus_list_bus(DeviceState *dev)
-{
- BusState *child;
- const char *sep = " ";
-
- error_printf("child busses at \"%s\":",
- dev->id ? dev->id : object_get_typename(OBJECT(dev)));
- QLIST_FOREACH(child, &dev->child_bus, sibling) {
- error_printf("%s\"%s\"", sep, child->name);
- sep = ", ";
- }
- error_printf("\n");
-}
-
-static void qbus_list_dev(BusState *bus)
-{
- BusChild *kid;
- const char *sep = " ";
-
- error_printf("devices at \"%s\":", bus->name);
- QTAILQ_FOREACH(kid, &bus->children, sibling) {
- DeviceState *dev = kid->child;
- error_printf("%s\"%s\"", sep, object_get_typename(OBJECT(dev)));
- if (dev->id)
- error_printf("/\"%s\"", dev->id);
- sep = ", ";
- }
- error_printf("\n");
-}
-
-static BusState *qbus_find_bus(DeviceState *dev, char *elem)
-{
- BusState *child;
-
- QLIST_FOREACH(child, &dev->child_bus, sibling) {
- if (strcmp(child->name, elem) == 0) {
- return child;
- }
- }
- return NULL;
-}
-
-static DeviceState *qbus_find_dev(BusState *bus, char *elem)
-{
- BusChild *kid;
-
- /*
- * try to match in order:
- * (1) instance id, if present
- * (2) driver name
- * (3) driver alias, if present
- */
- QTAILQ_FOREACH(kid, &bus->children, sibling) {
- DeviceState *dev = kid->child;
- if (dev->id && strcmp(dev->id, elem) == 0) {
- return dev;
- }
- }
- QTAILQ_FOREACH(kid, &bus->children, sibling) {
- DeviceState *dev = kid->child;
- if (strcmp(object_get_typename(OBJECT(dev)), elem) == 0) {
- return dev;
- }
- }
- QTAILQ_FOREACH(kid, &bus->children, sibling) {
- DeviceState *dev = kid->child;
- DeviceClass *dc = DEVICE_GET_CLASS(dev);
-
- if (qdev_class_has_alias(dc) &&
- strcmp(qdev_class_get_alias(dc), elem) == 0) {
- return dev;
- }
- }
- return NULL;
-}
-
-static BusState *qbus_find_recursive(BusState *bus, const char *name,
- const char *bus_typename)
-{
- BusChild *kid;
- BusState *child, *ret;
- int match = 1;
-
- if (name && (strcmp(bus->name, name) != 0)) {
- match = 0;
- }
- if (bus_typename && !object_dynamic_cast(OBJECT(bus), bus_typename)) {
- match = 0;
- }
- if (match) {
- return bus;
- }
-
- QTAILQ_FOREACH(kid, &bus->children, sibling) {
- DeviceState *dev = kid->child;
- QLIST_FOREACH(child, &dev->child_bus, sibling) {
- ret = qbus_find_recursive(child, name, bus_typename);
- if (ret) {
- return ret;
- }
- }
- }
- return NULL;
-}
-
-static BusState *qbus_find(const char *path)
-{
- DeviceState *dev;
- BusState *bus;
- char elem[128];
- int pos, len;
-
- /* find start element */
- if (path[0] == '/') {
- bus = sysbus_get_default();
- pos = 0;
- } else {
- if (sscanf(path, "%127[^/]%n", elem, &len) != 1) {
- assert(!path[0]);
- elem[0] = len = 0;
- }
- bus = qbus_find_recursive(sysbus_get_default(), elem, NULL);
- if (!bus) {
- qerror_report(QERR_BUS_NOT_FOUND, elem);
- return NULL;
- }
- pos = len;
- }
-
- for (;;) {
- assert(path[pos] == '/' || !path[pos]);
- while (path[pos] == '/') {
- pos++;
- }
- if (path[pos] == '\0') {
- return bus;
- }
-
- /* find device */
- if (sscanf(path+pos, "%127[^/]%n", elem, &len) != 1) {
- assert(0);
- elem[0] = len = 0;
- }
- pos += len;
- dev = qbus_find_dev(bus, elem);
- if (!dev) {
- qerror_report(QERR_DEVICE_NOT_FOUND, elem);
- if (!monitor_cur_is_qmp()) {
- qbus_list_dev(bus);
- }
- return NULL;
- }
-
- assert(path[pos] == '/' || !path[pos]);
- while (path[pos] == '/') {
- pos++;
- }
- if (path[pos] == '\0') {
- /* last specified element is a device. If it has exactly
- * one child bus accept it nevertheless */
- switch (dev->num_child_bus) {
- case 0:
- qerror_report(QERR_DEVICE_NO_BUS, elem);
- return NULL;
- case 1:
- return QLIST_FIRST(&dev->child_bus);
- default:
- qerror_report(QERR_DEVICE_MULTIPLE_BUSSES, elem);
- if (!monitor_cur_is_qmp()) {
- qbus_list_bus(dev);
- }
- return NULL;
- }
- }
-
- /* find bus */
- if (sscanf(path+pos, "%127[^/]%n", elem, &len) != 1) {
- assert(0);
- elem[0] = len = 0;
- }
- pos += len;
- bus = qbus_find_bus(dev, elem);
- if (!bus) {
- qerror_report(QERR_BUS_NOT_FOUND, elem);
- if (!monitor_cur_is_qmp()) {
- qbus_list_bus(dev);
- }
- return NULL;
- }
- }
-}
-
-DeviceState *qdev_device_add(QemuOpts *opts)
-{
- ObjectClass *obj;
- DeviceClass *k;
- const char *driver, *path, *id;
- DeviceState *qdev;
- BusState *bus;
-
- driver = qemu_opt_get(opts, "driver");
- if (!driver) {
- qerror_report(QERR_MISSING_PARAMETER, "driver");
- return NULL;
- }
-
- /* find driver */
- obj = object_class_by_name(driver);
- if (!obj) {
- const char *typename = find_typename_by_alias(driver);
-
- if (typename) {
- driver = typename;
- obj = object_class_by_name(driver);
- }
- }
-
- if (!obj) {
- qerror_report(QERR_INVALID_PARAMETER_VALUE, "driver", "device type");
- return NULL;
- }
-
- k = DEVICE_CLASS(obj);
-
- /* find bus */
- path = qemu_opt_get(opts, "bus");
- if (path != NULL) {
- bus = qbus_find(path);
- if (!bus) {
- return NULL;
- }
- if (!object_dynamic_cast(OBJECT(bus), k->bus_type)) {
- qerror_report(QERR_BAD_BUS_FOR_DEVICE,
- driver, object_get_typename(OBJECT(bus)));
- return NULL;
- }
- } else {
- bus = qbus_find_recursive(sysbus_get_default(), NULL, k->bus_type);
- if (!bus) {
- qerror_report(QERR_NO_BUS_FOR_DEVICE,
- k->bus_type, driver);
- return NULL;
- }
- }
- if (qdev_hotplug && !bus->allow_hotplug) {
- qerror_report(QERR_BUS_NO_HOTPLUG, bus->name);
- return NULL;
- }
-
- if (!bus) {
- bus = sysbus_get_default();
- }
-
- /* create device, set properties */
- qdev = DEVICE(object_new(driver));
- qdev_set_parent_bus(qdev, bus);
-
- id = qemu_opts_id(opts);
- if (id) {
- qdev->id = id;
- }
- if (qemu_opt_foreach(opts, set_property, qdev, 1) != 0) {
- qdev_free(qdev);
- return NULL;
- }
- if (qdev->id) {
- object_property_add_child(qdev_get_peripheral(), qdev->id,
- OBJECT(qdev), NULL);
- } else {
- static int anon_count;
- gchar *name = g_strdup_printf("device[%d]", anon_count++);
- object_property_add_child(qdev_get_peripheral_anon(), name,
- OBJECT(qdev), NULL);
- g_free(name);
- }
- if (qdev_init(qdev) < 0) {
- qerror_report(QERR_DEVICE_INIT_FAILED, driver);
- return NULL;
- }
- qdev->opts = opts;
- return qdev;
-}
-
-
-#define qdev_printf(fmt, ...) monitor_printf(mon, "%*s" fmt, indent, "", ## __VA_ARGS__)
-static void qbus_print(Monitor *mon, BusState *bus, int indent);
-
-static void qdev_print_props(Monitor *mon, DeviceState *dev, Property *props,
- int indent)
-{
- if (!props)
- return;
- for (; props->name; props++) {
- Error *err = NULL;
- char *value;
- char *legacy_name = g_strdup_printf("legacy-%s", props->name);
- if (object_property_get_type(OBJECT(dev), legacy_name, NULL)) {
- value = object_property_get_str(OBJECT(dev), legacy_name, &err);
- } else {
- value = object_property_print(OBJECT(dev), props->name, &err);
- }
- g_free(legacy_name);
-
- if (err) {
- error_free(err);
- continue;
- }
- qdev_printf("%s = %s\n", props->name,
- value && *value ? value : "<null>");
- g_free(value);
- }
-}
-
-static void bus_print_dev(BusState *bus, Monitor *mon, DeviceState *dev, int indent)
-{
- BusClass *bc = BUS_GET_CLASS(bus);
-
- if (bc->print_dev) {
- bc->print_dev(mon, dev, indent);
- }
-}
-
-static void qdev_print(Monitor *mon, DeviceState *dev, int indent)
-{
- ObjectClass *class;
- BusState *child;
- qdev_printf("dev: %s, id \"%s\"\n", object_get_typename(OBJECT(dev)),
- dev->id ? dev->id : "");
- indent += 2;
- if (dev->num_gpio_in) {
- qdev_printf("gpio-in %d\n", dev->num_gpio_in);
- }
- if (dev->num_gpio_out) {
- qdev_printf("gpio-out %d\n", dev->num_gpio_out);
- }
- class = object_get_class(OBJECT(dev));
- do {
- qdev_print_props(mon, dev, DEVICE_CLASS(class)->props, indent);
- class = object_class_get_parent(class);
- } while (class != object_class_by_name(TYPE_DEVICE));
- bus_print_dev(dev->parent_bus, mon, dev, indent);
- QLIST_FOREACH(child, &dev->child_bus, sibling) {
- qbus_print(mon, child, indent);
- }
-}
-
-static void qbus_print(Monitor *mon, BusState *bus, int indent)
-{
- BusChild *kid;
-
- qdev_printf("bus: %s\n", bus->name);
- indent += 2;
- qdev_printf("type %s\n", object_get_typename(OBJECT(bus)));
- QTAILQ_FOREACH(kid, &bus->children, sibling) {
- DeviceState *dev = kid->child;
- qdev_print(mon, dev, indent);
- }
-}
-#undef qdev_printf
-
-void do_info_qtree(Monitor *mon)
-{
- if (sysbus_get_default())
- qbus_print(mon, sysbus_get_default(), 0);
-}
-
-void do_info_qdm(Monitor *mon)
-{
- object_class_foreach(qdev_print_devinfo, TYPE_DEVICE, false, NULL);
-}
-
-int do_device_add(Monitor *mon, const QDict *qdict, QObject **ret_data)
-{
- Error *local_err = NULL;
- QemuOpts *opts;
-
- opts = qemu_opts_from_qdict(qemu_find_opts("device"), qdict, &local_err);
- if (error_is_set(&local_err)) {
- qerror_report_err(local_err);
- error_free(local_err);
- return -1;
- }
- if (!monitor_cur_is_qmp() && qdev_device_help(opts)) {
- qemu_opts_del(opts);
- return 0;
- }
- if (!qdev_device_add(opts)) {
- qemu_opts_del(opts);
- return -1;
- }
- return 0;
-}
-
-void qmp_device_del(const char *id, Error **errp)
-{
- DeviceState *dev;
-
- dev = qdev_find_recursive(sysbus_get_default(), id);
- if (NULL == dev) {
- error_set(errp, QERR_DEVICE_NOT_FOUND, id);
- return;
- }
-
- qdev_unplug(dev, errp);
-}
-
-void qdev_machine_init(void)
-{
- qdev_get_peripheral_anon();
- qdev_get_peripheral();
-}
diff --git a/hw/qdev-monitor.h b/hw/qdev-monitor.h
deleted file mode 100644
index 220ceba4c..000000000
--- a/hw/qdev-monitor.h
+++ /dev/null
@@ -1,16 +0,0 @@
-#ifndef QEMU_QDEV_MONITOR_H
-#define QEMU_QDEV_MONITOR_H
-
-#include "qdev-core.h"
-#include "monitor.h"
-
-/*** monitor commands ***/
-
-void do_info_qtree(Monitor *mon);
-void do_info_qdm(Monitor *mon);
-int do_device_add(Monitor *mon, const QDict *qdict, QObject **ret_data);
-int do_device_del(Monitor *mon, const QDict *qdict, QObject **ret_data);
-int qdev_device_help(QemuOpts *opts);
-DeviceState *qdev_device_add(QemuOpts *opts);
-
-#endif
diff --git a/hw/qdev-properties.c b/hw/qdev-properties.c
deleted file mode 100644
index 81d901c6c..000000000
--- a/hw/qdev-properties.c
+++ /dev/null
@@ -1,1281 +0,0 @@
-#include "net.h"
-#include "qdev.h"
-#include "qerror.h"
-#include "blockdev.h"
-#include "hw/block-common.h"
-#include "net/hub.h"
-#include "qapi/qapi-visit-core.h"
-
-void *qdev_get_prop_ptr(DeviceState *dev, Property *prop)
-{
- void *ptr = dev;
- ptr += prop->offset;
- return ptr;
-}
-
-static void get_pointer(Object *obj, Visitor *v, Property *prop,
- const char *(*print)(void *ptr),
- const char *name, Error **errp)
-{
- DeviceState *dev = DEVICE(obj);
- void **ptr = qdev_get_prop_ptr(dev, prop);
- char *p;
-
- p = (char *) (*ptr ? print(*ptr) : "");
- visit_type_str(v, &p, name, errp);
-}
-
-static void set_pointer(Object *obj, Visitor *v, Property *prop,
- int (*parse)(DeviceState *dev, const char *str,
- void **ptr),
- const char *name, Error **errp)
-{
- DeviceState *dev = DEVICE(obj);
- Error *local_err = NULL;
- void **ptr = qdev_get_prop_ptr(dev, prop);
- char *str;
- int ret;
-
- if (dev->state != DEV_STATE_CREATED) {
- error_set(errp, QERR_PERMISSION_DENIED);
- return;
- }
-
- visit_type_str(v, &str, name, &local_err);
- if (local_err) {
- error_propagate(errp, local_err);
- return;
- }
- if (!*str) {
- g_free(str);
- *ptr = NULL;
- return;
- }
- ret = parse(dev, str, ptr);
- error_set_from_qdev_prop_error(errp, ret, dev, prop, str);
- g_free(str);
-}
-
-static void get_enum(Object *obj, Visitor *v, void *opaque,
- const char *name, Error **errp)
-{
- DeviceState *dev = DEVICE(obj);
- Property *prop = opaque;
- int *ptr = qdev_get_prop_ptr(dev, prop);
-
- visit_type_enum(v, ptr, prop->info->enum_table,
- prop->info->name, prop->name, errp);
-}
-
-static void set_enum(Object *obj, Visitor *v, void *opaque,
- const char *name, Error **errp)
-{
- DeviceState *dev = DEVICE(obj);
- Property *prop = opaque;
- int *ptr = qdev_get_prop_ptr(dev, prop);
-
- if (dev->state != DEV_STATE_CREATED) {
- error_set(errp, QERR_PERMISSION_DENIED);
- return;
- }
-
- visit_type_enum(v, ptr, prop->info->enum_table,
- prop->info->name, prop->name, errp);
-}
-
-/* Bit */
-
-static uint32_t qdev_get_prop_mask(Property *prop)
-{
- assert(prop->info == &qdev_prop_bit);
- return 0x1 << prop->bitnr;
-}
-
-static void bit_prop_set(DeviceState *dev, Property *props, bool val)
-{
- uint32_t *p = qdev_get_prop_ptr(dev, props);
- uint32_t mask = qdev_get_prop_mask(props);
- if (val)
- *p |= mask;
- else
- *p &= ~mask;
-}
-
-static int print_bit(DeviceState *dev, Property *prop, char *dest, size_t len)
-{
- uint32_t *p = qdev_get_prop_ptr(dev, prop);
- return snprintf(dest, len, (*p & qdev_get_prop_mask(prop)) ? "on" : "off");
-}
-
-static void get_bit(Object *obj, Visitor *v, void *opaque,
- const char *name, Error **errp)
-{
- DeviceState *dev = DEVICE(obj);
- Property *prop = opaque;
- uint32_t *p = qdev_get_prop_ptr(dev, prop);
- bool value = (*p & qdev_get_prop_mask(prop)) != 0;
-
- visit_type_bool(v, &value, name, errp);
-}
-
-static void set_bit(Object *obj, Visitor *v, void *opaque,
- const char *name, Error **errp)
-{
- DeviceState *dev = DEVICE(obj);
- Property *prop = opaque;
- Error *local_err = NULL;
- bool value;
-
- if (dev->state != DEV_STATE_CREATED) {
- error_set(errp, QERR_PERMISSION_DENIED);
- return;
- }
-
- visit_type_bool(v, &value, name, &local_err);
- if (local_err) {
- error_propagate(errp, local_err);
- return;
- }
- bit_prop_set(dev, prop, value);
-}
-
-PropertyInfo qdev_prop_bit = {
- .name = "boolean",
- .legacy_name = "on/off",
- .print = print_bit,
- .get = get_bit,
- .set = set_bit,
-};
-
-/* --- 8bit integer --- */
-
-static void get_uint8(Object *obj, Visitor *v, void *opaque,
- const char *name, Error **errp)
-{
- DeviceState *dev = DEVICE(obj);
- Property *prop = opaque;
- uint8_t *ptr = qdev_get_prop_ptr(dev, prop);
-
- visit_type_uint8(v, ptr, name, errp);
-}
-
-static void set_uint8(Object *obj, Visitor *v, void *opaque,
- const char *name, Error **errp)
-{
- DeviceState *dev = DEVICE(obj);
- Property *prop = opaque;
- uint8_t *ptr = qdev_get_prop_ptr(dev, prop);
-
- if (dev->state != DEV_STATE_CREATED) {
- error_set(errp, QERR_PERMISSION_DENIED);
- return;
- }
-
- visit_type_uint8(v, ptr, name, errp);
-}
-
-PropertyInfo qdev_prop_uint8 = {
- .name = "uint8",
- .get = get_uint8,
- .set = set_uint8,
-};
-
-/* --- 8bit hex value --- */
-
-static int parse_hex8(DeviceState *dev, Property *prop, const char *str)
-{
- uint8_t *ptr = qdev_get_prop_ptr(dev, prop);
- char *end;
-
- if (str[0] != '0' || str[1] != 'x') {
- return -EINVAL;
- }
-
- *ptr = strtoul(str, &end, 16);
- if ((*end != '\0') || (end == str)) {
- return -EINVAL;
- }
-
- return 0;
-}
-
-static int print_hex8(DeviceState *dev, Property *prop, char *dest, size_t len)
-{
- uint8_t *ptr = qdev_get_prop_ptr(dev, prop);
- return snprintf(dest, len, "0x%" PRIx8, *ptr);
-}
-
-PropertyInfo qdev_prop_hex8 = {
- .name = "uint8",
- .legacy_name = "hex8",
- .parse = parse_hex8,
- .print = print_hex8,
- .get = get_uint8,
- .set = set_uint8,
-};
-
-/* --- 16bit integer --- */
-
-static void get_uint16(Object *obj, Visitor *v, void *opaque,
- const char *name, Error **errp)
-{
- DeviceState *dev = DEVICE(obj);
- Property *prop = opaque;
- uint16_t *ptr = qdev_get_prop_ptr(dev, prop);
-
- visit_type_uint16(v, ptr, name, errp);
-}
-
-static void set_uint16(Object *obj, Visitor *v, void *opaque,
- const char *name, Error **errp)
-{
- DeviceState *dev = DEVICE(obj);
- Property *prop = opaque;
- uint16_t *ptr = qdev_get_prop_ptr(dev, prop);
-
- if (dev->state != DEV_STATE_CREATED) {
- error_set(errp, QERR_PERMISSION_DENIED);
- return;
- }
-
- visit_type_uint16(v, ptr, name, errp);
-}
-
-PropertyInfo qdev_prop_uint16 = {
- .name = "uint16",
- .get = get_uint16,
- .set = set_uint16,
-};
-
-/* --- 32bit integer --- */
-
-static void get_uint32(Object *obj, Visitor *v, void *opaque,
- const char *name, Error **errp)
-{
- DeviceState *dev = DEVICE(obj);
- Property *prop = opaque;
- uint32_t *ptr = qdev_get_prop_ptr(dev, prop);
-
- visit_type_uint32(v, ptr, name, errp);
-}
-
-static void set_uint32(Object *obj, Visitor *v, void *opaque,
- const char *name, Error **errp)
-{
- DeviceState *dev = DEVICE(obj);
- Property *prop = opaque;
- uint32_t *ptr = qdev_get_prop_ptr(dev, prop);
-
- if (dev->state != DEV_STATE_CREATED) {
- error_set(errp, QERR_PERMISSION_DENIED);
- return;
- }
-
- visit_type_uint32(v, ptr, name, errp);
-}
-
-static void get_int32(Object *obj, Visitor *v, void *opaque,
- const char *name, Error **errp)
-{
- DeviceState *dev = DEVICE(obj);
- Property *prop = opaque;
- int32_t *ptr = qdev_get_prop_ptr(dev, prop);
-
- visit_type_int32(v, ptr, name, errp);
-}
-
-static void set_int32(Object *obj, Visitor *v, void *opaque,
- const char *name, Error **errp)
-{
- DeviceState *dev = DEVICE(obj);
- Property *prop = opaque;
- int32_t *ptr = qdev_get_prop_ptr(dev, prop);
-
- if (dev->state != DEV_STATE_CREATED) {
- error_set(errp, QERR_PERMISSION_DENIED);
- return;
- }
-
- visit_type_int32(v, ptr, name, errp);
-}
-
-PropertyInfo qdev_prop_uint32 = {
- .name = "uint32",
- .get = get_uint32,
- .set = set_uint32,
-};
-
-PropertyInfo qdev_prop_int32 = {
- .name = "int32",
- .get = get_int32,
- .set = set_int32,
-};
-
-/* --- 32bit hex value --- */
-
-static int parse_hex32(DeviceState *dev, Property *prop, const char *str)
-{
- uint32_t *ptr = qdev_get_prop_ptr(dev, prop);
- char *end;
-
- if (str[0] != '0' || str[1] != 'x') {
- return -EINVAL;
- }
-
- *ptr = strtoul(str, &end, 16);
- if ((*end != '\0') || (end == str)) {
- return -EINVAL;
- }
-
- return 0;
-}
-
-static int print_hex32(DeviceState *dev, Property *prop, char *dest, size_t len)
-{
- uint32_t *ptr = qdev_get_prop_ptr(dev, prop);
- return snprintf(dest, len, "0x%" PRIx32, *ptr);
-}
-
-PropertyInfo qdev_prop_hex32 = {
- .name = "uint32",
- .legacy_name = "hex32",
- .parse = parse_hex32,
- .print = print_hex32,
- .get = get_uint32,
- .set = set_uint32,
-};
-
-/* --- 64bit integer --- */
-
-static void get_uint64(Object *obj, Visitor *v, void *opaque,
- const char *name, Error **errp)
-{
- DeviceState *dev = DEVICE(obj);
- Property *prop = opaque;
- uint64_t *ptr = qdev_get_prop_ptr(dev, prop);
-
- visit_type_uint64(v, ptr, name, errp);
-}
-
-static void set_uint64(Object *obj, Visitor *v, void *opaque,
- const char *name, Error **errp)
-{
- DeviceState *dev = DEVICE(obj);
- Property *prop = opaque;
- uint64_t *ptr = qdev_get_prop_ptr(dev, prop);
-
- if (dev->state != DEV_STATE_CREATED) {
- error_set(errp, QERR_PERMISSION_DENIED);
- return;
- }
-
- visit_type_uint64(v, ptr, name, errp);
-}
-
-PropertyInfo qdev_prop_uint64 = {
- .name = "uint64",
- .get = get_uint64,
- .set = set_uint64,
-};
-
-/* --- 64bit hex value --- */
-
-static int parse_hex64(DeviceState *dev, Property *prop, const char *str)
-{
- uint64_t *ptr = qdev_get_prop_ptr(dev, prop);
- char *end;
-
- if (str[0] != '0' || str[1] != 'x') {
- return -EINVAL;
- }
-
- *ptr = strtoull(str, &end, 16);
- if ((*end != '\0') || (end == str)) {
- return -EINVAL;
- }
-
- return 0;
-}
-
-static int print_hex64(DeviceState *dev, Property *prop, char *dest, size_t len)
-{
- uint64_t *ptr = qdev_get_prop_ptr(dev, prop);
- return snprintf(dest, len, "0x%" PRIx64, *ptr);
-}
-
-PropertyInfo qdev_prop_hex64 = {
- .name = "uint64",
- .legacy_name = "hex64",
- .parse = parse_hex64,
- .print = print_hex64,
- .get = get_uint64,
- .set = set_uint64,
-};
-
-/* --- string --- */
-
-static void release_string(Object *obj, const char *name, void *opaque)
-{
- Property *prop = opaque;
- g_free(*(char **)qdev_get_prop_ptr(DEVICE(obj), prop));
-}
-
-static int print_string(DeviceState *dev, Property *prop, char *dest, size_t len)
-{
- char **ptr = qdev_get_prop_ptr(dev, prop);
- if (!*ptr)
- return snprintf(dest, len, "<null>");
- return snprintf(dest, len, "\"%s\"", *ptr);
-}
-
-static void get_string(Object *obj, Visitor *v, void *opaque,
- const char *name, Error **errp)
-{
- DeviceState *dev = DEVICE(obj);
- Property *prop = opaque;
- char **ptr = qdev_get_prop_ptr(dev, prop);
-
- if (!*ptr) {
- char *str = (char *)"";
- visit_type_str(v, &str, name, errp);
- } else {
- visit_type_str(v, ptr, name, errp);
- }
-}
-
-static void set_string(Object *obj, Visitor *v, void *opaque,
- const char *name, Error **errp)
-{
- DeviceState *dev = DEVICE(obj);
- Property *prop = opaque;
- char **ptr = qdev_get_prop_ptr(dev, prop);
- Error *local_err = NULL;
- char *str;
-
- if (dev->state != DEV_STATE_CREATED) {
- error_set(errp, QERR_PERMISSION_DENIED);
- return;
- }
-
- visit_type_str(v, &str, name, &local_err);
- if (local_err) {
- error_propagate(errp, local_err);
- return;
- }
- if (*ptr) {
- g_free(*ptr);
- }
- *ptr = str;
-}
-
-PropertyInfo qdev_prop_string = {
- .name = "string",
- .print = print_string,
- .release = release_string,
- .get = get_string,
- .set = set_string,
-};
-
-/* --- drive --- */
-
-static int parse_drive(DeviceState *dev, const char *str, void **ptr)
-{
- BlockDriverState *bs;
-
- bs = bdrv_find(str);
- if (bs == NULL)
- return -ENOENT;
- if (bdrv_attach_dev(bs, dev) < 0)
- return -EEXIST;
- *ptr = bs;
- return 0;
-}
-
-static void release_drive(Object *obj, const char *name, void *opaque)
-{
- DeviceState *dev = DEVICE(obj);
- Property *prop = opaque;
- BlockDriverState **ptr = qdev_get_prop_ptr(dev, prop);
-
- if (*ptr) {
- bdrv_detach_dev(*ptr, dev);
- blockdev_auto_del(*ptr);
- }
-}
-
-static const char *print_drive(void *ptr)
-{
- return bdrv_get_device_name(ptr);
-}
-
-static void get_drive(Object *obj, Visitor *v, void *opaque,
- const char *name, Error **errp)
-{
- get_pointer(obj, v, opaque, print_drive, name, errp);
-}
-
-static void set_drive(Object *obj, Visitor *v, void *opaque,
- const char *name, Error **errp)
-{
- set_pointer(obj, v, opaque, parse_drive, name, errp);
-}
-
-PropertyInfo qdev_prop_drive = {
- .name = "drive",
- .get = get_drive,
- .set = set_drive,
- .release = release_drive,
-};
-
-/* --- character device --- */
-
-static int parse_chr(DeviceState *dev, const char *str, void **ptr)
-{
- CharDriverState *chr = qemu_chr_find(str);
- if (chr == NULL) {
- return -ENOENT;
- }
- if (chr->avail_connections < 1) {
- return -EEXIST;
- }
- *ptr = chr;
- --chr->avail_connections;
- return 0;
-}
-
-static void release_chr(Object *obj, const char *name, void *opaque)
-{
- DeviceState *dev = DEVICE(obj);
- Property *prop = opaque;
- CharDriverState **ptr = qdev_get_prop_ptr(dev, prop);
-
- if (*ptr) {
- qemu_chr_add_handlers(*ptr, NULL, NULL, NULL, NULL);
- }
-}
-
-
-static const char *print_chr(void *ptr)
-{
- CharDriverState *chr = ptr;
-
- return chr->label ? chr->label : "";
-}
-
-static void get_chr(Object *obj, Visitor *v, void *opaque,
- const char *name, Error **errp)
-{
- get_pointer(obj, v, opaque, print_chr, name, errp);
-}
-
-static void set_chr(Object *obj, Visitor *v, void *opaque,
- const char *name, Error **errp)
-{
- set_pointer(obj, v, opaque, parse_chr, name, errp);
-}
-
-PropertyInfo qdev_prop_chr = {
- .name = "chr",
- .get = get_chr,
- .set = set_chr,
- .release = release_chr,
-};
-
-/* --- netdev device --- */
-
-static int parse_netdev(DeviceState *dev, const char *str, void **ptr)
-{
- NetClientState *netdev = qemu_find_netdev(str);
-
- if (netdev == NULL) {
- return -ENOENT;
- }
- if (netdev->peer) {
- return -EEXIST;
- }
- *ptr = netdev;
- return 0;
-}
-
-static const char *print_netdev(void *ptr)
-{
- NetClientState *netdev = ptr;
-
- return netdev->name ? netdev->name : "";
-}
-
-static void get_netdev(Object *obj, Visitor *v, void *opaque,
- const char *name, Error **errp)
-{
- get_pointer(obj, v, opaque, print_netdev, name, errp);
-}
-
-static void set_netdev(Object *obj, Visitor *v, void *opaque,
- const char *name, Error **errp)
-{
- set_pointer(obj, v, opaque, parse_netdev, name, errp);
-}
-
-PropertyInfo qdev_prop_netdev = {
- .name = "netdev",
- .get = get_netdev,
- .set = set_netdev,
-};
-
-/* --- vlan --- */
-
-static int print_vlan(DeviceState *dev, Property *prop, char *dest, size_t len)
-{
- NetClientState **ptr = qdev_get_prop_ptr(dev, prop);
-
- if (*ptr) {
- int id;
- if (!net_hub_id_for_client(*ptr, &id)) {
- return snprintf(dest, len, "%d", id);
- }
- }
-
- return snprintf(dest, len, "<null>");
-}
-
-static void get_vlan(Object *obj, Visitor *v, void *opaque,
- const char *name, Error **errp)
-{
- DeviceState *dev = DEVICE(obj);
- Property *prop = opaque;
- NetClientState **ptr = qdev_get_prop_ptr(dev, prop);
- int32_t id = -1;
-
- if (*ptr) {
- int hub_id;
- if (!net_hub_id_for_client(*ptr, &hub_id)) {
- id = hub_id;
- }
- }
-
- visit_type_int32(v, &id, name, errp);
-}
-
-static void set_vlan(Object *obj, Visitor *v, void *opaque,
- const char *name, Error **errp)
-{
- DeviceState *dev = DEVICE(obj);
- Property *prop = opaque;
- NetClientState **ptr = qdev_get_prop_ptr(dev, prop);
- Error *local_err = NULL;
- int32_t id;
- NetClientState *hubport;
-
- if (dev->state != DEV_STATE_CREATED) {
- error_set(errp, QERR_PERMISSION_DENIED);
- return;
- }
-
- visit_type_int32(v, &id, name, &local_err);
- if (local_err) {
- error_propagate(errp, local_err);
- return;
- }
- if (id == -1) {
- *ptr = NULL;
- return;
- }
-
- hubport = net_hub_port_find(id);
- if (!hubport) {
- error_set(errp, QERR_INVALID_PARAMETER_VALUE,
- name, prop->info->name);
- return;
- }
- *ptr = hubport;
-}
-
-PropertyInfo qdev_prop_vlan = {
- .name = "vlan",
- .print = print_vlan,
- .get = get_vlan,
- .set = set_vlan,
-};
-
-/* --- pointer --- */
-
-/* Not a proper property, just for dirty hacks. TODO Remove it! */
-PropertyInfo qdev_prop_ptr = {
- .name = "ptr",
-};
-
-/* --- mac address --- */
-
-/*
- * accepted syntax versions:
- * 01:02:03:04:05:06
- * 01-02-03-04-05-06
- */
-static void get_mac(Object *obj, Visitor *v, void *opaque,
- const char *name, Error **errp)
-{
- DeviceState *dev = DEVICE(obj);
- Property *prop = opaque;
- MACAddr *mac = qdev_get_prop_ptr(dev, prop);
- char buffer[2 * 6 + 5 + 1];
- char *p = buffer;
-
- snprintf(buffer, sizeof(buffer), "%02x:%02x:%02x:%02x:%02x:%02x",
- mac->a[0], mac->a[1], mac->a[2],
- mac->a[3], mac->a[4], mac->a[5]);
-
- visit_type_str(v, &p, name, errp);
-}
-
-static void set_mac(Object *obj, Visitor *v, void *opaque,
- const char *name, Error **errp)
-{
- DeviceState *dev = DEVICE(obj);
- Property *prop = opaque;
- MACAddr *mac = qdev_get_prop_ptr(dev, prop);
- Error *local_err = NULL;
- int i, pos;
- char *str, *p;
-
- if (dev->state != DEV_STATE_CREATED) {
- error_set(errp, QERR_PERMISSION_DENIED);
- return;
- }
-
- visit_type_str(v, &str, name, &local_err);
- if (local_err) {
- error_propagate(errp, local_err);
- return;
- }
-
- for (i = 0, pos = 0; i < 6; i++, pos += 3) {
- if (!qemu_isxdigit(str[pos]))
- goto inval;
- if (!qemu_isxdigit(str[pos+1]))
- goto inval;
- if (i == 5) {
- if (str[pos+2] != '\0')
- goto inval;
- } else {
- if (str[pos+2] != ':' && str[pos+2] != '-')
- goto inval;
- }
- mac->a[i] = strtol(str+pos, &p, 16);
- }
- g_free(str);
- return;
-
-inval:
- error_set_from_qdev_prop_error(errp, EINVAL, dev, prop, str);
- g_free(str);
-}
-
-PropertyInfo qdev_prop_macaddr = {
- .name = "macaddr",
- .get = get_mac,
- .set = set_mac,
-};
-
-/* --- lost tick policy --- */
-
-static const char *lost_tick_policy_table[LOST_TICK_MAX+1] = {
- [LOST_TICK_DISCARD] = "discard",
- [LOST_TICK_DELAY] = "delay",
- [LOST_TICK_MERGE] = "merge",
- [LOST_TICK_SLEW] = "slew",
- [LOST_TICK_MAX] = NULL,
-};
-
-QEMU_BUILD_BUG_ON(sizeof(LostTickPolicy) != sizeof(int));
-
-PropertyInfo qdev_prop_losttickpolicy = {
- .name = "LostTickPolicy",
- .enum_table = lost_tick_policy_table,
- .get = get_enum,
- .set = set_enum,
-};
-
-/* --- BIOS CHS translation */
-
-static const char *bios_chs_trans_table[] = {
- [BIOS_ATA_TRANSLATION_AUTO] = "auto",
- [BIOS_ATA_TRANSLATION_NONE] = "none",
- [BIOS_ATA_TRANSLATION_LBA] = "lba",
-};
-
-PropertyInfo qdev_prop_bios_chs_trans = {
- .name = "bios-chs-trans",
- .enum_table = bios_chs_trans_table,
- .get = get_enum,
- .set = set_enum,
-};
-
-/* --- pci address --- */
-
-/*
- * bus-local address, i.e. "$slot" or "$slot.$fn"
- */
-static void set_pci_devfn(Object *obj, Visitor *v, void *opaque,
- const char *name, Error **errp)
-{
- DeviceState *dev = DEVICE(obj);
- Property *prop = opaque;
- int32_t value, *ptr = qdev_get_prop_ptr(dev, prop);
- unsigned int slot, fn, n;
- Error *local_err = NULL;
- char *str;
-
- if (dev->state != DEV_STATE_CREATED) {
- error_set(errp, QERR_PERMISSION_DENIED);
- return;
- }
-
- visit_type_str(v, &str, name, &local_err);
- if (local_err) {
- error_free(local_err);
- local_err = NULL;
- visit_type_int32(v, &value, name, &local_err);
- if (local_err) {
- error_propagate(errp, local_err);
- } else if (value < -1 || value > 255) {
- error_set(errp, QERR_INVALID_PARAMETER_VALUE, name ? name : "null",
- "pci_devfn");
- } else {
- *ptr = value;
- }
- return;
- }
-
- if (sscanf(str, "%x.%x%n", &slot, &fn, &n) != 2) {
- fn = 0;
- if (sscanf(str, "%x%n", &slot, &n) != 1) {
- goto invalid;
- }
- }
- if (str[n] != '\0' || fn > 7 || slot > 31) {
- goto invalid;
- }
- *ptr = slot << 3 | fn;
- g_free(str);
- return;
-
-invalid:
- error_set_from_qdev_prop_error(errp, EINVAL, dev, prop, str);
- g_free(str);
-}
-
-static int print_pci_devfn(DeviceState *dev, Property *prop, char *dest, size_t len)
-{
- int32_t *ptr = qdev_get_prop_ptr(dev, prop);
-
- if (*ptr == -1) {
- return snprintf(dest, len, "<unset>");
- } else {
- return snprintf(dest, len, "%02x.%x", *ptr >> 3, *ptr & 7);
- }
-}
-
-PropertyInfo qdev_prop_pci_devfn = {
- .name = "int32",
- .legacy_name = "pci-devfn",
- .print = print_pci_devfn,
- .get = get_int32,
- .set = set_pci_devfn,
-};
-
-/* --- blocksize --- */
-
-static void set_blocksize(Object *obj, Visitor *v, void *opaque,
- const char *name, Error **errp)
-{
- DeviceState *dev = DEVICE(obj);
- Property *prop = opaque;
- uint16_t value, *ptr = qdev_get_prop_ptr(dev, prop);
- Error *local_err = NULL;
- const int64_t min = 512;
- const int64_t max = 32768;
-
- if (dev->state != DEV_STATE_CREATED) {
- error_set(errp, QERR_PERMISSION_DENIED);
- return;
- }
-
- visit_type_uint16(v, &value, name, &local_err);
- if (local_err) {
- error_propagate(errp, local_err);
- return;
- }
- if (value < min || value > max) {
- error_set(errp, QERR_PROPERTY_VALUE_OUT_OF_RANGE,
- dev->id?:"", name, (int64_t)value, min, max);
- return;
- }
-
- /* We rely on power-of-2 blocksizes for bitmasks */
- if ((value & (value - 1)) != 0) {
- error_set(errp, QERR_PROPERTY_VALUE_NOT_POWER_OF_2,
- dev->id?:"", name, (int64_t)value);
- return;
- }
-
- *ptr = value;
-}
-
-PropertyInfo qdev_prop_blocksize = {
- .name = "blocksize",
- .get = get_uint16,
- .set = set_blocksize,
-};
-
-/* --- pci host address --- */
-
-static void get_pci_host_devaddr(Object *obj, Visitor *v, void *opaque,
- const char *name, Error **errp)
-{
- DeviceState *dev = DEVICE(obj);
- Property *prop = opaque;
- PCIHostDeviceAddress *addr = qdev_get_prop_ptr(dev, prop);
- char buffer[] = "xxxx:xx:xx.x";
- char *p = buffer;
- int rc = 0;
-
- rc = snprintf(buffer, sizeof(buffer), "%04x:%02x:%02x.%d",
- addr->domain, addr->bus, addr->slot, addr->function);
- assert(rc == sizeof(buffer) - 1);
-
- visit_type_str(v, &p, name, errp);
-}
-
-/*
- * Parse [<domain>:]<bus>:<slot>.<func>
- * if <domain> is not supplied, it's assumed to be 0.
- */
-static void set_pci_host_devaddr(Object *obj, Visitor *v, void *opaque,
- const char *name, Error **errp)
-{
- DeviceState *dev = DEVICE(obj);
- Property *prop = opaque;
- PCIHostDeviceAddress *addr = qdev_get_prop_ptr(dev, prop);
- Error *local_err = NULL;
- char *str, *p;
- char *e;
- unsigned long val;
- unsigned long dom = 0, bus = 0;
- unsigned int slot = 0, func = 0;
-
- if (dev->state != DEV_STATE_CREATED) {
- error_set(errp, QERR_PERMISSION_DENIED);
- return;
- }
-
- visit_type_str(v, &str, name, &local_err);
- if (local_err) {
- error_propagate(errp, local_err);
- return;
- }
-
- p = str;
- val = strtoul(p, &e, 16);
- if (e == p || *e != ':') {
- goto inval;
- }
- bus = val;
-
- p = e + 1;
- val = strtoul(p, &e, 16);
- if (e == p) {
- goto inval;
- }
- if (*e == ':') {
- dom = bus;
- bus = val;
- p = e + 1;
- val = strtoul(p, &e, 16);
- if (e == p) {
- goto inval;
- }
- }
- slot = val;
-
- if (*e != '.') {
- goto inval;
- }
- p = e + 1;
- val = strtoul(p, &e, 10);
- if (e == p) {
- goto inval;
- }
- func = val;
-
- if (dom > 0xffff || bus > 0xff || slot > 0x1f || func > 7) {
- goto inval;
- }
-
- if (*e) {
- goto inval;
- }
-
- addr->domain = dom;
- addr->bus = bus;
- addr->slot = slot;
- addr->function = func;
-
- g_free(str);
- return;
-
-inval:
- error_set_from_qdev_prop_error(errp, EINVAL, dev, prop, str);
- g_free(str);
-}
-
-PropertyInfo qdev_prop_pci_host_devaddr = {
- .name = "pci-host-devaddr",
- .get = get_pci_host_devaddr,
- .set = set_pci_host_devaddr,
-};
-
-/* --- public helpers --- */
-
-static Property *qdev_prop_walk(Property *props, const char *name)
-{
- if (!props)
- return NULL;
- while (props->name) {
- if (strcmp(props->name, name) == 0)
- return props;
- props++;
- }
- return NULL;
-}
-
-static Property *qdev_prop_find(DeviceState *dev, const char *name)
-{
- ObjectClass *class;
- Property *prop;
-
- /* device properties */
- class = object_get_class(OBJECT(dev));
- do {
- prop = qdev_prop_walk(DEVICE_CLASS(class)->props, name);
- if (prop) {
- return prop;
- }
- class = object_class_get_parent(class);
- } while (class != object_class_by_name(TYPE_DEVICE));
-
- return NULL;
-}
-
-void error_set_from_qdev_prop_error(Error **errp, int ret, DeviceState *dev,
- Property *prop, const char *value)
-{
- switch (ret) {
- case -EEXIST:
- error_set(errp, QERR_PROPERTY_VALUE_IN_USE,
- object_get_typename(OBJECT(dev)), prop->name, value);
- break;
- default:
- case -EINVAL:
- error_set(errp, QERR_PROPERTY_VALUE_BAD,
- object_get_typename(OBJECT(dev)), prop->name, value);
- break;
- case -ENOENT:
- error_set(errp, QERR_PROPERTY_VALUE_NOT_FOUND,
- object_get_typename(OBJECT(dev)), prop->name, value);
- break;
- case 0:
- break;
- }
-}
-
-int qdev_prop_parse(DeviceState *dev, const char *name, const char *value)
-{
- char *legacy_name;
- Error *err = NULL;
-
- legacy_name = g_strdup_printf("legacy-%s", name);
- if (object_property_get_type(OBJECT(dev), legacy_name, NULL)) {
- object_property_parse(OBJECT(dev), value, legacy_name, &err);
- } else {
- object_property_parse(OBJECT(dev), value, name, &err);
- }
- g_free(legacy_name);
-
- if (err) {
- qerror_report_err(err);
- error_free(err);
- return -1;
- }
- return 0;
-}
-
-void qdev_prop_set_bit(DeviceState *dev, const char *name, bool value)
-{
- Error *errp = NULL;
- object_property_set_bool(OBJECT(dev), value, name, &errp);
- assert_no_error(errp);
-}
-
-void qdev_prop_set_uint8(DeviceState *dev, const char *name, uint8_t value)
-{
- Error *errp = NULL;
- object_property_set_int(OBJECT(dev), value, name, &errp);
- assert_no_error(errp);
-}
-
-void qdev_prop_set_uint16(DeviceState *dev, const char *name, uint16_t value)
-{
- Error *errp = NULL;
- object_property_set_int(OBJECT(dev), value, name, &errp);
- assert_no_error(errp);
-}
-
-void qdev_prop_set_uint32(DeviceState *dev, const char *name, uint32_t value)
-{
- Error *errp = NULL;
- object_property_set_int(OBJECT(dev), value, name, &errp);
- assert_no_error(errp);
-}
-
-void qdev_prop_set_int32(DeviceState *dev, const char *name, int32_t value)
-{
- Error *errp = NULL;
- object_property_set_int(OBJECT(dev), value, name, &errp);
- assert_no_error(errp);
-}
-
-void qdev_prop_set_uint64(DeviceState *dev, const char *name, uint64_t value)
-{
- Error *errp = NULL;
- object_property_set_int(OBJECT(dev), value, name, &errp);
- assert_no_error(errp);
-}
-
-void qdev_prop_set_string(DeviceState *dev, const char *name, const char *value)
-{
- Error *errp = NULL;
- object_property_set_str(OBJECT(dev), value, name, &errp);
- assert_no_error(errp);
-}
-
-int qdev_prop_set_drive(DeviceState *dev, const char *name, BlockDriverState *value)
-{
- Error *errp = NULL;
- const char *bdrv_name = value ? bdrv_get_device_name(value) : "";
- object_property_set_str(OBJECT(dev), bdrv_name,
- name, &errp);
- if (errp) {
- qerror_report_err(errp);
- error_free(errp);
- return -1;
- }
- return 0;
-}
-
-void qdev_prop_set_drive_nofail(DeviceState *dev, const char *name, BlockDriverState *value)
-{
- if (qdev_prop_set_drive(dev, name, value) < 0) {
- exit(1);
- }
-}
-void qdev_prop_set_chr(DeviceState *dev, const char *name, CharDriverState *value)
-{
- Error *errp = NULL;
- assert(!value || value->label);
- object_property_set_str(OBJECT(dev),
- value ? value->label : "", name, &errp);
- assert_no_error(errp);
-}
-
-void qdev_prop_set_netdev(DeviceState *dev, const char *name, NetClientState *value)
-{
- Error *errp = NULL;
- assert(!value || value->name);
- object_property_set_str(OBJECT(dev),
- value ? value->name : "", name, &errp);
- assert_no_error(errp);
-}
-
-void qdev_prop_set_macaddr(DeviceState *dev, const char *name, uint8_t *value)
-{
- Error *errp = NULL;
- char str[2 * 6 + 5 + 1];
- snprintf(str, sizeof(str), "%02x:%02x:%02x:%02x:%02x:%02x",
- value[0], value[1], value[2], value[3], value[4], value[5]);
-
- object_property_set_str(OBJECT(dev), str, name, &errp);
- assert_no_error(errp);
-}
-
-void qdev_prop_set_enum(DeviceState *dev, const char *name, int value)
-{
- Property *prop;
- Error *errp = NULL;
-
- prop = qdev_prop_find(dev, name);
- object_property_set_str(OBJECT(dev), prop->info->enum_table[value],
- name, &errp);
- assert_no_error(errp);
-}
-
-void qdev_prop_set_ptr(DeviceState *dev, const char *name, void *value)
-{
- Property *prop;
- void **ptr;
-
- prop = qdev_prop_find(dev, name);
- assert(prop && prop->info == &qdev_prop_ptr);
- ptr = qdev_get_prop_ptr(dev, prop);
- *ptr = value;
-}
-
-static QTAILQ_HEAD(, GlobalProperty) global_props = QTAILQ_HEAD_INITIALIZER(global_props);
-
-static void qdev_prop_register_global(GlobalProperty *prop)
-{
- QTAILQ_INSERT_TAIL(&global_props, prop, next);
-}
-
-void qdev_prop_register_global_list(GlobalProperty *props)
-{
- int i;
-
- for (i = 0; props[i].driver != NULL; i++) {
- qdev_prop_register_global(props+i);
- }
-}
-
-void qdev_prop_set_globals(DeviceState *dev)
-{
- ObjectClass *class = object_get_class(OBJECT(dev));
-
- do {
- GlobalProperty *prop;
- QTAILQ_FOREACH(prop, &global_props, next) {
- if (strcmp(object_class_get_name(class), prop->driver) != 0) {
- continue;
- }
- if (qdev_prop_parse(dev, prop->property, prop->value) != 0) {
- exit(1);
- }
- }
- class = object_class_get_parent(class);
- } while (class);
-}
-
-static int qdev_add_one_global(QemuOpts *opts, void *opaque)
-{
- GlobalProperty *g;
-
- g = g_malloc0(sizeof(*g));
- g->driver = qemu_opt_get(opts, "driver");
- g->property = qemu_opt_get(opts, "property");
- g->value = qemu_opt_get(opts, "value");
- qdev_prop_register_global(g);
- return 0;
-}
-
-void qemu_add_globals(void)
-{
- qemu_opts_foreach(qemu_find_opts("global"), qdev_add_one_global, NULL, 0);
-}
diff --git a/hw/qdev-properties.h b/hw/qdev-properties.h
deleted file mode 100644
index 5b046abb2..000000000
--- a/hw/qdev-properties.h
+++ /dev/null
@@ -1,130 +0,0 @@
-#ifndef QEMU_QDEV_PROPERTIES_H
-#define QEMU_QDEV_PROPERTIES_H
-
-#include "qdev-core.h"
-
-/*** qdev-properties.c ***/
-
-extern PropertyInfo qdev_prop_bit;
-extern PropertyInfo qdev_prop_uint8;
-extern PropertyInfo qdev_prop_uint16;
-extern PropertyInfo qdev_prop_uint32;
-extern PropertyInfo qdev_prop_int32;
-extern PropertyInfo qdev_prop_uint64;
-extern PropertyInfo qdev_prop_hex8;
-extern PropertyInfo qdev_prop_hex32;
-extern PropertyInfo qdev_prop_hex64;
-extern PropertyInfo qdev_prop_string;
-extern PropertyInfo qdev_prop_chr;
-extern PropertyInfo qdev_prop_ptr;
-extern PropertyInfo qdev_prop_macaddr;
-extern PropertyInfo qdev_prop_losttickpolicy;
-extern PropertyInfo qdev_prop_bios_chs_trans;
-extern PropertyInfo qdev_prop_drive;
-extern PropertyInfo qdev_prop_netdev;
-extern PropertyInfo qdev_prop_vlan;
-extern PropertyInfo qdev_prop_pci_devfn;
-extern PropertyInfo qdev_prop_blocksize;
-extern PropertyInfo qdev_prop_pci_host_devaddr;
-
-#define DEFINE_PROP(_name, _state, _field, _prop, _type) { \
- .name = (_name), \
- .info = &(_prop), \
- .offset = offsetof(_state, _field) \
- + type_check(_type,typeof_field(_state, _field)), \
- }
-#define DEFINE_PROP_DEFAULT(_name, _state, _field, _defval, _prop, _type) { \
- .name = (_name), \
- .info = &(_prop), \
- .offset = offsetof(_state, _field) \
- + type_check(_type,typeof_field(_state, _field)), \
- .qtype = QTYPE_QINT, \
- .defval = (_type)_defval, \
- }
-#define DEFINE_PROP_BIT(_name, _state, _field, _bit, _defval) { \
- .name = (_name), \
- .info = &(qdev_prop_bit), \
- .bitnr = (_bit), \
- .offset = offsetof(_state, _field) \
- + type_check(uint32_t,typeof_field(_state, _field)), \
- .qtype = QTYPE_QBOOL, \
- .defval = (bool)_defval, \
- }
-
-#define DEFINE_PROP_UINT8(_n, _s, _f, _d) \
- DEFINE_PROP_DEFAULT(_n, _s, _f, _d, qdev_prop_uint8, uint8_t)
-#define DEFINE_PROP_UINT16(_n, _s, _f, _d) \
- DEFINE_PROP_DEFAULT(_n, _s, _f, _d, qdev_prop_uint16, uint16_t)
-#define DEFINE_PROP_UINT32(_n, _s, _f, _d) \
- DEFINE_PROP_DEFAULT(_n, _s, _f, _d, qdev_prop_uint32, uint32_t)
-#define DEFINE_PROP_INT32(_n, _s, _f, _d) \
- DEFINE_PROP_DEFAULT(_n, _s, _f, _d, qdev_prop_int32, int32_t)
-#define DEFINE_PROP_UINT64(_n, _s, _f, _d) \
- DEFINE_PROP_DEFAULT(_n, _s, _f, _d, qdev_prop_uint64, uint64_t)
-#define DEFINE_PROP_HEX8(_n, _s, _f, _d) \
- DEFINE_PROP_DEFAULT(_n, _s, _f, _d, qdev_prop_hex8, uint8_t)
-#define DEFINE_PROP_HEX32(_n, _s, _f, _d) \
- DEFINE_PROP_DEFAULT(_n, _s, _f, _d, qdev_prop_hex32, uint32_t)
-#define DEFINE_PROP_HEX64(_n, _s, _f, _d) \
- DEFINE_PROP_DEFAULT(_n, _s, _f, _d, qdev_prop_hex64, uint64_t)
-#define DEFINE_PROP_PCI_DEVFN(_n, _s, _f, _d) \
- DEFINE_PROP_DEFAULT(_n, _s, _f, _d, qdev_prop_pci_devfn, int32_t)
-
-#define DEFINE_PROP_PTR(_n, _s, _f) \
- DEFINE_PROP(_n, _s, _f, qdev_prop_ptr, void*)
-#define DEFINE_PROP_CHR(_n, _s, _f) \
- DEFINE_PROP(_n, _s, _f, qdev_prop_chr, CharDriverState*)
-#define DEFINE_PROP_STRING(_n, _s, _f) \
- DEFINE_PROP(_n, _s, _f, qdev_prop_string, char*)
-#define DEFINE_PROP_NETDEV(_n, _s, _f) \
- DEFINE_PROP(_n, _s, _f, qdev_prop_netdev, NetClientState*)
-#define DEFINE_PROP_VLAN(_n, _s, _f) \
- DEFINE_PROP(_n, _s, _f, qdev_prop_vlan, NetClientState*)
-#define DEFINE_PROP_DRIVE(_n, _s, _f) \
- DEFINE_PROP(_n, _s, _f, qdev_prop_drive, BlockDriverState *)
-#define DEFINE_PROP_MACADDR(_n, _s, _f) \
- DEFINE_PROP(_n, _s, _f, qdev_prop_macaddr, MACAddr)
-#define DEFINE_PROP_LOSTTICKPOLICY(_n, _s, _f, _d) \
- DEFINE_PROP_DEFAULT(_n, _s, _f, _d, qdev_prop_losttickpolicy, \
- LostTickPolicy)
-#define DEFINE_PROP_BIOS_CHS_TRANS(_n, _s, _f, _d) \
- DEFINE_PROP_DEFAULT(_n, _s, _f, _d, qdev_prop_bios_chs_trans, int)
-#define DEFINE_PROP_BLOCKSIZE(_n, _s, _f, _d) \
- DEFINE_PROP_DEFAULT(_n, _s, _f, _d, qdev_prop_blocksize, uint16_t)
-#define DEFINE_PROP_PCI_HOST_DEVADDR(_n, _s, _f) \
- DEFINE_PROP(_n, _s, _f, qdev_prop_pci_host_devaddr, PCIHostDeviceAddress)
-
-#define DEFINE_PROP_END_OF_LIST() \
- {}
-
-/* Set properties between creation and init. */
-void *qdev_get_prop_ptr(DeviceState *dev, Property *prop);
-int qdev_prop_parse(DeviceState *dev, const char *name, const char *value);
-void qdev_prop_set_bit(DeviceState *dev, const char *name, bool value);
-void qdev_prop_set_uint8(DeviceState *dev, const char *name, uint8_t value);
-void qdev_prop_set_uint16(DeviceState *dev, const char *name, uint16_t value);
-void qdev_prop_set_uint32(DeviceState *dev, const char *name, uint32_t value);
-void qdev_prop_set_int32(DeviceState *dev, const char *name, int32_t value);
-void qdev_prop_set_uint64(DeviceState *dev, const char *name, uint64_t value);
-void qdev_prop_set_string(DeviceState *dev, const char *name, const char *value);
-void qdev_prop_set_chr(DeviceState *dev, const char *name, CharDriverState *value);
-void qdev_prop_set_netdev(DeviceState *dev, const char *name, NetClientState *value);
-int qdev_prop_set_drive(DeviceState *dev, const char *name, BlockDriverState *value) QEMU_WARN_UNUSED_RESULT;
-void qdev_prop_set_drive_nofail(DeviceState *dev, const char *name, BlockDriverState *value);
-void qdev_prop_set_macaddr(DeviceState *dev, const char *name, uint8_t *value);
-void qdev_prop_set_enum(DeviceState *dev, const char *name, int value);
-/* FIXME: Remove opaque pointer properties. */
-void qdev_prop_set_ptr(DeviceState *dev, const char *name, void *value);
-
-void qdev_prop_register_global_list(GlobalProperty *props);
-void qdev_prop_set_globals(DeviceState *dev);
-void error_set_from_qdev_prop_error(Error **errp, int ret, DeviceState *dev,
- Property *prop, const char *value);
-
-/**
- * @qdev_property_add_static - add a @Property to a device referencing a
- * field in a struct.
- */
-void qdev_property_add_static(DeviceState *dev, Property *prop, Error **errp);
-
-#endif
diff --git a/hw/qdev.c b/hw/qdev.c
deleted file mode 100644
index 788b4da55..000000000
--- a/hw/qdev.c
+++ /dev/null
@@ -1,798 +0,0 @@
-/*
- * Dynamic device configuration and creation.
- *
- * Copyright (c) 2009 CodeSourcery
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, see <http://www.gnu.org/licenses/>.
- */
-
-/* The theory here is that it should be possible to create a machine without
- knowledge of specific devices. Historically board init routines have
- passed a bunch of arguments to each device, requiring the board know
- exactly which device it is dealing with. This file provides an abstract
- API for device configuration and initialization. Devices will generally
- inherit from a particular bus (e.g. PCI or I2C) rather than
- this API directly. */
-
-#include "net.h"
-#include "qdev.h"
-#include "sysemu.h"
-#include "error.h"
-#include "qapi/qapi-visit-core.h"
-
-int qdev_hotplug = 0;
-static bool qdev_hot_added = false;
-static bool qdev_hot_removed = false;
-
-const VMStateDescription *qdev_get_vmsd(DeviceState *dev)
-{
- DeviceClass *dc = DEVICE_GET_CLASS(dev);
- return dc->vmsd;
-}
-
-const char *qdev_fw_name(DeviceState *dev)
-{
- DeviceClass *dc = DEVICE_GET_CLASS(dev);
-
- if (dc->fw_name) {
- return dc->fw_name;
- }
-
- return object_get_typename(OBJECT(dev));
-}
-
-static void qdev_property_add_legacy(DeviceState *dev, Property *prop,
- Error **errp);
-
-static void bus_remove_child(BusState *bus, DeviceState *child)
-{
- BusChild *kid;
-
- QTAILQ_FOREACH(kid, &bus->children, sibling) {
- if (kid->child == child) {
- char name[32];
-
- snprintf(name, sizeof(name), "child[%d]", kid->index);
- QTAILQ_REMOVE(&bus->children, kid, sibling);
- object_property_del(OBJECT(bus), name, NULL);
- g_free(kid);
- return;
- }
- }
-}
-
-static void bus_add_child(BusState *bus, DeviceState *child)
-{
- char name[32];
- BusChild *kid = g_malloc0(sizeof(*kid));
-
- if (qdev_hotplug) {
- assert(bus->allow_hotplug);
- }
-
- kid->index = bus->max_index++;
- kid->child = child;
-
- QTAILQ_INSERT_HEAD(&bus->children, kid, sibling);
-
- snprintf(name, sizeof(name), "child[%d]", kid->index);
- object_property_add_link(OBJECT(bus), name,
- object_get_typename(OBJECT(child)),
- (Object **)&kid->child,
- NULL);
-}
-
-void qdev_set_parent_bus(DeviceState *dev, BusState *bus)
-{
- dev->parent_bus = bus;
- bus_add_child(bus, dev);
-}
-
-/* Create a new device. This only initializes the device state structure
- and allows properties to be set. qdev_init should be called to
- initialize the actual device emulation. */
-DeviceState *qdev_create(BusState *bus, const char *name)
-{
- DeviceState *dev;
-
- dev = qdev_try_create(bus, name);
- if (!dev) {
- if (bus) {
- hw_error("Unknown device '%s' for bus '%s'\n", name,
- object_get_typename(OBJECT(bus)));
- } else {
- hw_error("Unknown device '%s' for default sysbus\n", name);
- }
- }
-
- return dev;
-}
-
-DeviceState *qdev_try_create(BusState *bus, const char *type)
-{
- DeviceState *dev;
-
- if (object_class_by_name(type) == NULL) {
- return NULL;
- }
- dev = DEVICE(object_new(type));
- if (!dev) {
- return NULL;
- }
-
- if (!bus) {
- bus = sysbus_get_default();
- }
-
- qdev_set_parent_bus(dev, bus);
-
- return dev;
-}
-
-/* Initialize a device. Device properties should be set before calling
- this function. IRQs and MMIO regions should be connected/mapped after
- calling this function.
- On failure, destroy the device and return negative value.
- Return 0 on success. */
-int qdev_init(DeviceState *dev)
-{
- DeviceClass *dc = DEVICE_GET_CLASS(dev);
- int rc;
-
- assert(dev->state == DEV_STATE_CREATED);
-
- rc = dc->init(dev);
- if (rc < 0) {
- qdev_free(dev);
- return rc;
- }
-
- if (!OBJECT(dev)->parent) {
- static int unattached_count = 0;
- gchar *name = g_strdup_printf("device[%d]", unattached_count++);
-
- object_property_add_child(container_get(qdev_get_machine(),
- "/unattached"),
- name, OBJECT(dev), NULL);
- g_free(name);
- }
-
- if (qdev_get_vmsd(dev)) {
- vmstate_register_with_alias_id(dev, -1, qdev_get_vmsd(dev), dev,
- dev->instance_id_alias,
- dev->alias_required_for_version);
- }
- dev->state = DEV_STATE_INITIALIZED;
- if (dev->hotplugged) {
- device_reset(dev);
- }
- return 0;
-}
-
-void qdev_set_legacy_instance_id(DeviceState *dev, int alias_id,
- int required_for_version)
-{
- assert(dev->state == DEV_STATE_CREATED);
- dev->instance_id_alias = alias_id;
- dev->alias_required_for_version = required_for_version;
-}
-
-void qdev_unplug(DeviceState *dev, Error **errp)
-{
- DeviceClass *dc = DEVICE_GET_CLASS(dev);
-
- if (!dev->parent_bus->allow_hotplug) {
- error_set(errp, QERR_BUS_NO_HOTPLUG, dev->parent_bus->name);
- return;
- }
- assert(dc->unplug != NULL);
-
- qdev_hot_removed = true;
-
- if (dc->unplug(dev) < 0) {
- error_set(errp, QERR_UNDEFINED_ERROR);
- return;
- }
-}
-
-static int qdev_reset_one(DeviceState *dev, void *opaque)
-{
- device_reset(dev);
-
- return 0;
-}
-
-static int qbus_reset_one(BusState *bus, void *opaque)
-{
- BusClass *bc = BUS_GET_CLASS(bus);
- if (bc->reset) {
- return bc->reset(bus);
- }
- return 0;
-}
-
-void qdev_reset_all(DeviceState *dev)
-{
- qdev_walk_children(dev, qdev_reset_one, qbus_reset_one, NULL);
-}
-
-void qbus_reset_all_fn(void *opaque)
-{
- BusState *bus = opaque;
- qbus_walk_children(bus, qdev_reset_one, qbus_reset_one, NULL);
-}
-
-/* can be used as ->unplug() callback for the simple cases */
-int qdev_simple_unplug_cb(DeviceState *dev)
-{
- /* just zap it */
- qdev_free(dev);
- return 0;
-}
-
-
-/* Like qdev_init(), but terminate program via error_report() instead of
- returning an error value. This is okay during machine creation.
- Don't use for hotplug, because there callers need to recover from
- failure. Exception: if you know the device's init() callback can't
- fail, then qdev_init_nofail() can't fail either, and is therefore
- usable even then. But relying on the device implementation that
- way is somewhat unclean, and best avoided. */
-void qdev_init_nofail(DeviceState *dev)
-{
- const char *typename = object_get_typename(OBJECT(dev));
-
- if (qdev_init(dev) < 0) {
- error_report("Initialization of device %s failed", typename);
- exit(1);
- }
-}
-
-/* Unlink device from bus and free the structure. */
-void qdev_free(DeviceState *dev)
-{
- object_delete(OBJECT(dev));
-}
-
-void qdev_machine_creation_done(void)
-{
- /*
- * ok, initial machine setup is done, starting from now we can
- * only create hotpluggable devices
- */
- qdev_hotplug = 1;
-}
-
-bool qdev_machine_modified(void)
-{
- return qdev_hot_added || qdev_hot_removed;
-}
-
-BusState *qdev_get_parent_bus(DeviceState *dev)
-{
- return dev->parent_bus;
-}
-
-void qdev_init_gpio_in(DeviceState *dev, qemu_irq_handler handler, int n)
-{
- dev->gpio_in = qemu_extend_irqs(dev->gpio_in, dev->num_gpio_in, handler,
- dev, n);
- dev->num_gpio_in += n;
-}
-
-void qdev_init_gpio_out(DeviceState *dev, qemu_irq *pins, int n)
-{
- assert(dev->num_gpio_out == 0);
- dev->num_gpio_out = n;
- dev->gpio_out = pins;
-}
-
-qemu_irq qdev_get_gpio_in(DeviceState *dev, int n)
-{
- assert(n >= 0 && n < dev->num_gpio_in);
- return dev->gpio_in[n];
-}
-
-void qdev_connect_gpio_out(DeviceState * dev, int n, qemu_irq pin)
-{
- assert(n >= 0 && n < dev->num_gpio_out);
- dev->gpio_out[n] = pin;
-}
-
-void qdev_set_nic_properties(DeviceState *dev, NICInfo *nd)
-{
- qdev_prop_set_macaddr(dev, "mac", nd->macaddr.a);
- if (nd->netdev)
- qdev_prop_set_netdev(dev, "netdev", nd->netdev);
- if (nd->nvectors != DEV_NVECTORS_UNSPECIFIED &&
- object_property_find(OBJECT(dev), "vectors", NULL)) {
- qdev_prop_set_uint32(dev, "vectors", nd->nvectors);
- }
- nd->instantiated = 1;
-}
-
-BusState *qdev_get_child_bus(DeviceState *dev, const char *name)
-{
- BusState *bus;
-
- QLIST_FOREACH(bus, &dev->child_bus, sibling) {
- if (strcmp(name, bus->name) == 0) {
- return bus;
- }
- }
- return NULL;
-}
-
-int qbus_walk_children(BusState *bus, qdev_walkerfn *devfn,
- qbus_walkerfn *busfn, void *opaque)
-{
- BusChild *kid;
- int err;
-
- if (busfn) {
- err = busfn(bus, opaque);
- if (err) {
- return err;
- }
- }
-
- QTAILQ_FOREACH(kid, &bus->children, sibling) {
- err = qdev_walk_children(kid->child, devfn, busfn, opaque);
- if (err < 0) {
- return err;
- }
- }
-
- return 0;
-}
-
-int qdev_walk_children(DeviceState *dev, qdev_walkerfn *devfn,
- qbus_walkerfn *busfn, void *opaque)
-{
- BusState *bus;
- int err;
-
- if (devfn) {
- err = devfn(dev, opaque);
- if (err) {
- return err;
- }
- }
-
- QLIST_FOREACH(bus, &dev->child_bus, sibling) {
- err = qbus_walk_children(bus, devfn, busfn, opaque);
- if (err < 0) {
- return err;
- }
- }
-
- return 0;
-}
-
-DeviceState *qdev_find_recursive(BusState *bus, const char *id)
-{
- BusChild *kid;
- DeviceState *ret;
- BusState *child;
-
- QTAILQ_FOREACH(kid, &bus->children, sibling) {
- DeviceState *dev = kid->child;
-
- if (dev->id && strcmp(dev->id, id) == 0) {
- return dev;
- }
-
- QLIST_FOREACH(child, &dev->child_bus, sibling) {
- ret = qdev_find_recursive(child, id);
- if (ret) {
- return ret;
- }
- }
- }
- return NULL;
-}
-
-static void qbus_realize(BusState *bus)
-{
- const char *typename = object_get_typename(OBJECT(bus));
- char *buf;
- int i,len;
-
- if (bus->name) {
- /* use supplied name */
- } else if (bus->parent && bus->parent->id) {
- /* parent device has id -> use it for bus name */
- len = strlen(bus->parent->id) + 16;
- buf = g_malloc(len);
- snprintf(buf, len, "%s.%d", bus->parent->id, bus->parent->num_child_bus);
- bus->name = buf;
- } else {
- /* no id -> use lowercase bus type for bus name */
- len = strlen(typename) + 16;
- buf = g_malloc(len);
- len = snprintf(buf, len, "%s.%d", typename,
- bus->parent ? bus->parent->num_child_bus : 0);
- for (i = 0; i < len; i++)
- buf[i] = qemu_tolower(buf[i]);
- bus->name = buf;
- }
-
- if (bus->parent) {
- QLIST_INSERT_HEAD(&bus->parent->child_bus, bus, sibling);
- bus->parent->num_child_bus++;
- object_property_add_child(OBJECT(bus->parent), bus->name, OBJECT(bus), NULL);
- } else if (bus != sysbus_get_default()) {
- /* TODO: once all bus devices are qdevified,
- only reset handler for main_system_bus should be registered here. */
- qemu_register_reset(qbus_reset_all_fn, bus);
- }
-}
-
-void qbus_create_inplace(BusState *bus, const char *typename,
- DeviceState *parent, const char *name)
-{
- object_initialize(bus, typename);
-
- bus->parent = parent;
- bus->name = name ? g_strdup(name) : NULL;
- qbus_realize(bus);
-}
-
-BusState *qbus_create(const char *typename, DeviceState *parent, const char *name)
-{
- BusState *bus;
-
- bus = BUS(object_new(typename));
-
- bus->parent = parent;
- bus->name = name ? g_strdup(name) : NULL;
- qbus_realize(bus);
-
- return bus;
-}
-
-void qbus_free(BusState *bus)
-{
- object_delete(OBJECT(bus));
-}
-
-static char *bus_get_fw_dev_path(BusState *bus, DeviceState *dev)
-{
- BusClass *bc = BUS_GET_CLASS(bus);
-
- if (bc->get_fw_dev_path) {
- return bc->get_fw_dev_path(dev);
- }
-
- return NULL;
-}
-
-static int qdev_get_fw_dev_path_helper(DeviceState *dev, char *p, int size)
-{
- int l = 0;
-
- if (dev && dev->parent_bus) {
- char *d;
- l = qdev_get_fw_dev_path_helper(dev->parent_bus->parent, p, size);
- d = bus_get_fw_dev_path(dev->parent_bus, dev);
- if (d) {
- l += snprintf(p + l, size - l, "%s", d);
- g_free(d);
- } else {
- l += snprintf(p + l, size - l, "%s", object_get_typename(OBJECT(dev)));
- }
- }
- l += snprintf(p + l , size - l, "/");
-
- return l;
-}
-
-char* qdev_get_fw_dev_path(DeviceState *dev)
-{
- char path[128];
- int l;
-
- l = qdev_get_fw_dev_path_helper(dev, path, 128);
-
- path[l-1] = '\0';
-
- return g_strdup(path);
-}
-
-char *qdev_get_dev_path(DeviceState *dev)
-{
- BusClass *bc;
-
- if (!dev || !dev->parent_bus) {
- return NULL;
- }
-
- bc = BUS_GET_CLASS(dev->parent_bus);
- if (bc->get_dev_path) {
- return bc->get_dev_path(dev);
- }
-
- return NULL;
-}
-
-/**
- * Legacy property handling
- */
-
-static void qdev_get_legacy_property(Object *obj, Visitor *v, void *opaque,
- const char *name, Error **errp)
-{
- DeviceState *dev = DEVICE(obj);
- Property *prop = opaque;
-
- char buffer[1024];
- char *ptr = buffer;
-
- prop->info->print(dev, prop, buffer, sizeof(buffer));
- visit_type_str(v, &ptr, name, errp);
-}
-
-static void qdev_set_legacy_property(Object *obj, Visitor *v, void *opaque,
- const char *name, Error **errp)
-{
- DeviceState *dev = DEVICE(obj);
- Property *prop = opaque;
- Error *local_err = NULL;
- char *ptr = NULL;
- int ret;
-
- if (dev->state != DEV_STATE_CREATED) {
- error_set(errp, QERR_PERMISSION_DENIED);
- return;
- }
-
- visit_type_str(v, &ptr, name, &local_err);
- if (local_err) {
- error_propagate(errp, local_err);
- return;
- }
-
- ret = prop->info->parse(dev, prop, ptr);
- error_set_from_qdev_prop_error(errp, ret, dev, prop, ptr);
- g_free(ptr);
-}
-
-/**
- * @qdev_add_legacy_property - adds a legacy property
- *
- * Do not use this is new code! Properties added through this interface will
- * be given names and types in the "legacy" namespace.
- *
- * Legacy properties are string versions of other OOM properties. The format
- * of the string depends on the property type.
- */
-void qdev_property_add_legacy(DeviceState *dev, Property *prop,
- Error **errp)
-{
- gchar *name, *type;
-
- /* Register pointer properties as legacy properties */
- if (!prop->info->print && !prop->info->parse &&
- (prop->info->set || prop->info->get)) {
- return;
- }
-
- name = g_strdup_printf("legacy-%s", prop->name);
- type = g_strdup_printf("legacy<%s>",
- prop->info->legacy_name ?: prop->info->name);
-
- object_property_add(OBJECT(dev), name, type,
- prop->info->print ? qdev_get_legacy_property : prop->info->get,
- prop->info->parse ? qdev_set_legacy_property : prop->info->set,
- NULL,
- prop, errp);
-
- g_free(type);
- g_free(name);
-}
-
-/**
- * @qdev_property_add_static - add a @Property to a device.
- *
- * Static properties access data in a struct. The actual type of the
- * property and the field depends on the property type.
- */
-void qdev_property_add_static(DeviceState *dev, Property *prop,
- Error **errp)
-{
- Error *local_err = NULL;
- Object *obj = OBJECT(dev);
-
- /*
- * TODO qdev_prop_ptr does not have getters or setters. It must
- * go now that it can be replaced with links. The test should be
- * removed along with it: all static properties are read/write.
- */
- if (!prop->info->get && !prop->info->set) {
- return;
- }
-
- object_property_add(obj, prop->name, prop->info->name,
- prop->info->get, prop->info->set,
- prop->info->release,
- prop, &local_err);
-
- if (local_err) {
- error_propagate(errp, local_err);
- return;
- }
- if (prop->qtype == QTYPE_NONE) {
- return;
- }
-
- if (prop->qtype == QTYPE_QBOOL) {
- object_property_set_bool(obj, prop->defval, prop->name, &local_err);
- } else if (prop->info->enum_table) {
- object_property_set_str(obj, prop->info->enum_table[prop->defval],
- prop->name, &local_err);
- } else if (prop->qtype == QTYPE_QINT) {
- object_property_set_int(obj, prop->defval, prop->name, &local_err);
- }
- assert_no_error(local_err);
-}
-
-static void device_initfn(Object *obj)
-{
- DeviceState *dev = DEVICE(obj);
- ObjectClass *class;
- Property *prop;
-
- if (qdev_hotplug) {
- dev->hotplugged = 1;
- qdev_hot_added = true;
- }
-
- dev->instance_id_alias = -1;
- dev->state = DEV_STATE_CREATED;
-
- class = object_get_class(OBJECT(dev));
- do {
- for (prop = DEVICE_CLASS(class)->props; prop && prop->name; prop++) {
- qdev_property_add_legacy(dev, prop, NULL);
- qdev_property_add_static(dev, prop, NULL);
- }
- class = object_class_get_parent(class);
- } while (class != object_class_by_name(TYPE_DEVICE));
- qdev_prop_set_globals(dev);
-
- object_property_add_link(OBJECT(dev), "parent_bus", TYPE_BUS,
- (Object **)&dev->parent_bus, NULL);
-}
-
-/* Unlink device from bus and free the structure. */
-static void device_finalize(Object *obj)
-{
- DeviceState *dev = DEVICE(obj);
- BusState *bus;
- DeviceClass *dc = DEVICE_GET_CLASS(dev);
-
- if (dev->state == DEV_STATE_INITIALIZED) {
- while (dev->num_child_bus) {
- bus = QLIST_FIRST(&dev->child_bus);
- qbus_free(bus);
- }
- if (qdev_get_vmsd(dev)) {
- vmstate_unregister(dev, qdev_get_vmsd(dev), dev);
- }
- if (dc->exit) {
- dc->exit(dev);
- }
- if (dev->opts) {
- qemu_opts_del(dev->opts);
- }
- }
-}
-
-static void device_class_base_init(ObjectClass *class, void *data)
-{
- DeviceClass *klass = DEVICE_CLASS(class);
-
- /* We explicitly look up properties in the superclasses,
- * so do not propagate them to the subclasses.
- */
- klass->props = NULL;
-}
-
-static void qdev_remove_from_bus(Object *obj)
-{
- DeviceState *dev = DEVICE(obj);
-
- bus_remove_child(dev->parent_bus, dev);
-}
-
-static void device_class_init(ObjectClass *class, void *data)
-{
- class->unparent = qdev_remove_from_bus;
-}
-
-void device_reset(DeviceState *dev)
-{
- DeviceClass *klass = DEVICE_GET_CLASS(dev);
-
- if (klass->reset) {
- klass->reset(dev);
- }
-}
-
-Object *qdev_get_machine(void)
-{
- static Object *dev;
-
- if (dev == NULL) {
- dev = container_get(object_get_root(), "/machine");
- }
-
- return dev;
-}
-
-static TypeInfo device_type_info = {
- .name = TYPE_DEVICE,
- .parent = TYPE_OBJECT,
- .instance_size = sizeof(DeviceState),
- .instance_init = device_initfn,
- .instance_finalize = device_finalize,
- .class_base_init = device_class_base_init,
- .class_init = device_class_init,
- .abstract = true,
- .class_size = sizeof(DeviceClass),
-};
-
-static void qbus_initfn(Object *obj)
-{
- BusState *bus = BUS(obj);
-
- QTAILQ_INIT(&bus->children);
-}
-
-static void qbus_finalize(Object *obj)
-{
- BusState *bus = BUS(obj);
- BusChild *kid;
-
- while ((kid = QTAILQ_FIRST(&bus->children)) != NULL) {
- DeviceState *dev = kid->child;
- qdev_free(dev);
- }
- if (bus->parent) {
- QLIST_REMOVE(bus, sibling);
- bus->parent->num_child_bus--;
- } else {
- assert(bus != sysbus_get_default()); /* main_system_bus is never freed */
- qemu_unregister_reset(qbus_reset_all_fn, bus);
- }
- g_free((char *)bus->name);
-}
-
-static const TypeInfo bus_info = {
- .name = TYPE_BUS,
- .parent = TYPE_OBJECT,
- .instance_size = sizeof(BusState),
- .abstract = true,
- .class_size = sizeof(BusClass),
- .instance_init = qbus_initfn,
- .instance_finalize = qbus_finalize,
-};
-
-static void qdev_register_types(void)
-{
- type_register_static(&bus_info);
- type_register_static(&device_type_info);
-}
-
-type_init(qdev_register_types)
diff --git a/hw/qdev.h b/hw/qdev.h
deleted file mode 100644
index 365b8d6ca..000000000
--- a/hw/qdev.h
+++ /dev/null
@@ -1,9 +0,0 @@
-#ifndef QDEV_H
-#define QDEV_H
-
-#include "hw/hw.h"
-#include "qdev-core.h"
-#include "qdev-properties.h"
-#include "qdev-monitor.h"
-
-#endif
diff --git a/hw/qxl-logger.c b/hw/qxl-logger.c
deleted file mode 100644
index fe2878c83..000000000
--- a/hw/qxl-logger.c
+++ /dev/null
@@ -1,275 +0,0 @@
-/*
- * qxl command logging -- for debug purposes
- *
- * Copyright (C) 2010 Red Hat, Inc.
- *
- * maintained by Gerd Hoffmann <kraxel@redhat.com>
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License as
- * published by the Free Software Foundation; either version 2 or
- * (at your option) version 3 of the License.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, see <http://www.gnu.org/licenses/>.
- */
-
-#include "qemu-timer.h"
-#include "qxl.h"
-
-static const char *qxl_type[] = {
- [ QXL_CMD_NOP ] = "nop",
- [ QXL_CMD_DRAW ] = "draw",
- [ QXL_CMD_UPDATE ] = "update",
- [ QXL_CMD_CURSOR ] = "cursor",
- [ QXL_CMD_MESSAGE ] = "message",
- [ QXL_CMD_SURFACE ] = "surface",
-};
-
-static const char *qxl_draw_type[] = {
- [ QXL_DRAW_NOP ] = "nop",
- [ QXL_DRAW_FILL ] = "fill",
- [ QXL_DRAW_OPAQUE ] = "opaque",
- [ QXL_DRAW_COPY ] = "copy",
- [ QXL_COPY_BITS ] = "copy-bits",
- [ QXL_DRAW_BLEND ] = "blend",
- [ QXL_DRAW_BLACKNESS ] = "blackness",
- [ QXL_DRAW_WHITENESS ] = "whitemess",
- [ QXL_DRAW_INVERS ] = "invers",
- [ QXL_DRAW_ROP3 ] = "rop3",
- [ QXL_DRAW_STROKE ] = "stroke",
- [ QXL_DRAW_TEXT ] = "text",
- [ QXL_DRAW_TRANSPARENT ] = "transparent",
- [ QXL_DRAW_ALPHA_BLEND ] = "alpha-blend",
-};
-
-static const char *qxl_draw_effect[] = {
- [ QXL_EFFECT_BLEND ] = "blend",
- [ QXL_EFFECT_OPAQUE ] = "opaque",
- [ QXL_EFFECT_REVERT_ON_DUP ] = "revert-on-dup",
- [ QXL_EFFECT_BLACKNESS_ON_DUP ] = "blackness-on-dup",
- [ QXL_EFFECT_WHITENESS_ON_DUP ] = "whiteness-on-dup",
- [ QXL_EFFECT_NOP_ON_DUP ] = "nop-on-dup",
- [ QXL_EFFECT_NOP ] = "nop",
- [ QXL_EFFECT_OPAQUE_BRUSH ] = "opaque-brush",
-};
-
-static const char *qxl_surface_cmd[] = {
- [ QXL_SURFACE_CMD_CREATE ] = "create",
- [ QXL_SURFACE_CMD_DESTROY ] = "destroy",
-};
-
-static const char *spice_surface_fmt[] = {
- [ SPICE_SURFACE_FMT_INVALID ] = "invalid",
- [ SPICE_SURFACE_FMT_1_A ] = "alpha/1",
- [ SPICE_SURFACE_FMT_8_A ] = "alpha/8",
- [ SPICE_SURFACE_FMT_16_555 ] = "555/16",
- [ SPICE_SURFACE_FMT_16_565 ] = "565/16",
- [ SPICE_SURFACE_FMT_32_xRGB ] = "xRGB/32",
- [ SPICE_SURFACE_FMT_32_ARGB ] = "ARGB/32",
-};
-
-static const char *qxl_cursor_cmd[] = {
- [ QXL_CURSOR_SET ] = "set",
- [ QXL_CURSOR_MOVE ] = "move",
- [ QXL_CURSOR_HIDE ] = "hide",
- [ QXL_CURSOR_TRAIL ] = "trail",
-};
-
-static const char *spice_cursor_type[] = {
- [ SPICE_CURSOR_TYPE_ALPHA ] = "alpha",
- [ SPICE_CURSOR_TYPE_MONO ] = "mono",
- [ SPICE_CURSOR_TYPE_COLOR4 ] = "color4",
- [ SPICE_CURSOR_TYPE_COLOR8 ] = "color8",
- [ SPICE_CURSOR_TYPE_COLOR16 ] = "color16",
- [ SPICE_CURSOR_TYPE_COLOR24 ] = "color24",
- [ SPICE_CURSOR_TYPE_COLOR32 ] = "color32",
-};
-
-static const char *qxl_v2n(const char *n[], size_t l, int v)
-{
- if (v >= l || !n[v]) {
- return "???";
- }
- return n[v];
-}
-#define qxl_name(_list, _value) qxl_v2n(_list, ARRAY_SIZE(_list), _value)
-
-static int qxl_log_image(PCIQXLDevice *qxl, QXLPHYSICAL addr, int group_id)
-{
- QXLImage *image;
- QXLImageDescriptor *desc;
-
- image = qxl_phys2virt(qxl, addr, group_id);
- if (!image) {
- return 1;
- }
- desc = &image->descriptor;
- fprintf(stderr, " (id %" PRIx64 " type %d flags %d width %d height %d",
- desc->id, desc->type, desc->flags, desc->width, desc->height);
- switch (desc->type) {
- case SPICE_IMAGE_TYPE_BITMAP:
- fprintf(stderr, ", fmt %d flags %d x %d y %d stride %d"
- " palette %" PRIx64 " data %" PRIx64,
- image->bitmap.format, image->bitmap.flags,
- image->bitmap.x, image->bitmap.y,
- image->bitmap.stride,
- image->bitmap.palette, image->bitmap.data);
- break;
- }
- fprintf(stderr, ")");
- return 0;
-}
-
-static void qxl_log_rect(QXLRect *rect)
-{
- fprintf(stderr, " %dx%d+%d+%d",
- rect->right - rect->left,
- rect->bottom - rect->top,
- rect->left, rect->top);
-}
-
-static int qxl_log_cmd_draw_copy(PCIQXLDevice *qxl, QXLCopy *copy,
- int group_id)
-{
- int ret;
-
- fprintf(stderr, " src %" PRIx64,
- copy->src_bitmap);
- ret = qxl_log_image(qxl, copy->src_bitmap, group_id);
- if (ret != 0) {
- return ret;
- }
- fprintf(stderr, " area");
- qxl_log_rect(&copy->src_area);
- fprintf(stderr, " rop %d", copy->rop_descriptor);
- return 0;
-}
-
-static int qxl_log_cmd_draw(PCIQXLDevice *qxl, QXLDrawable *draw, int group_id)
-{
- fprintf(stderr, ": surface_id %d type %s effect %s",
- draw->surface_id,
- qxl_name(qxl_draw_type, draw->type),
- qxl_name(qxl_draw_effect, draw->effect));
- switch (draw->type) {
- case QXL_DRAW_COPY:
- return qxl_log_cmd_draw_copy(qxl, &draw->u.copy, group_id);
- break;
- }
- return 0;
-}
-
-static int qxl_log_cmd_draw_compat(PCIQXLDevice *qxl, QXLCompatDrawable *draw,
- int group_id)
-{
- fprintf(stderr, ": type %s effect %s",
- qxl_name(qxl_draw_type, draw->type),
- qxl_name(qxl_draw_effect, draw->effect));
- if (draw->bitmap_offset) {
- fprintf(stderr, ": bitmap %d",
- draw->bitmap_offset);
- qxl_log_rect(&draw->bitmap_area);
- }
- switch (draw->type) {
- case QXL_DRAW_COPY:
- return qxl_log_cmd_draw_copy(qxl, &draw->u.copy, group_id);
- break;
- }
- return 0;
-}
-
-static void qxl_log_cmd_surface(PCIQXLDevice *qxl, QXLSurfaceCmd *cmd)
-{
- fprintf(stderr, ": %s id %d",
- qxl_name(qxl_surface_cmd, cmd->type),
- cmd->surface_id);
- if (cmd->type == QXL_SURFACE_CMD_CREATE) {
- fprintf(stderr, " size %dx%d stride %d format %s (count %d, max %d)",
- cmd->u.surface_create.width,
- cmd->u.surface_create.height,
- cmd->u.surface_create.stride,
- qxl_name(spice_surface_fmt, cmd->u.surface_create.format),
- qxl->guest_surfaces.count, qxl->guest_surfaces.max);
- }
- if (cmd->type == QXL_SURFACE_CMD_DESTROY) {
- fprintf(stderr, " (count %d)", qxl->guest_surfaces.count);
- }
-}
-
-int qxl_log_cmd_cursor(PCIQXLDevice *qxl, QXLCursorCmd *cmd, int group_id)
-{
- QXLCursor *cursor;
-
- fprintf(stderr, ": %s",
- qxl_name(qxl_cursor_cmd, cmd->type));
- switch (cmd->type) {
- case QXL_CURSOR_SET:
- fprintf(stderr, " +%d+%d visible %s, shape @ 0x%" PRIx64,
- cmd->u.set.position.x,
- cmd->u.set.position.y,
- cmd->u.set.visible ? "yes" : "no",
- cmd->u.set.shape);
- cursor = qxl_phys2virt(qxl, cmd->u.set.shape, group_id);
- if (!cursor) {
- return 1;
- }
- fprintf(stderr, " type %s size %dx%d hot-spot +%d+%d"
- " unique 0x%" PRIx64 " data-size %d",
- qxl_name(spice_cursor_type, cursor->header.type),
- cursor->header.width, cursor->header.height,
- cursor->header.hot_spot_x, cursor->header.hot_spot_y,
- cursor->header.unique, cursor->data_size);
- break;
- case QXL_CURSOR_MOVE:
- fprintf(stderr, " +%d+%d", cmd->u.position.x, cmd->u.position.y);
- break;
- }
- return 0;
-}
-
-int qxl_log_command(PCIQXLDevice *qxl, const char *ring, QXLCommandExt *ext)
-{
- bool compat = ext->flags & QXL_COMMAND_FLAG_COMPAT;
- void *data;
- int ret;
-
- if (!qxl->cmdlog) {
- return 0;
- }
- fprintf(stderr, "%" PRId64 " qxl-%d/%s:", qemu_get_clock_ns(vm_clock),
- qxl->id, ring);
- fprintf(stderr, " cmd @ 0x%" PRIx64 " %s%s", ext->cmd.data,
- qxl_name(qxl_type, ext->cmd.type),
- compat ? "(compat)" : "");
-
- data = qxl_phys2virt(qxl, ext->cmd.data, ext->group_id);
- if (!data) {
- return 1;
- }
- switch (ext->cmd.type) {
- case QXL_CMD_DRAW:
- if (!compat) {
- ret = qxl_log_cmd_draw(qxl, data, ext->group_id);
- } else {
- ret = qxl_log_cmd_draw_compat(qxl, data, ext->group_id);
- }
- if (ret) {
- return ret;
- }
- break;
- case QXL_CMD_SURFACE:
- qxl_log_cmd_surface(qxl, data);
- break;
- case QXL_CMD_CURSOR:
- qxl_log_cmd_cursor(qxl, data, ext->group_id);
- break;
- }
- fprintf(stderr, "\n");
- return 0;
-}
diff --git a/hw/qxl-render.c b/hw/qxl-render.c
deleted file mode 100644
index 98ecb2140..000000000
--- a/hw/qxl-render.c
+++ /dev/null
@@ -1,277 +0,0 @@
-/*
- * qxl local rendering (aka display on sdl/vnc)
- *
- * Copyright (C) 2010 Red Hat, Inc.
- *
- * maintained by Gerd Hoffmann <kraxel@redhat.com>
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License as
- * published by the Free Software Foundation; either version 2 or
- * (at your option) version 3 of the License.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, see <http://www.gnu.org/licenses/>.
- */
-
-#include "qxl.h"
-
-static void qxl_blit(PCIQXLDevice *qxl, QXLRect *rect)
-{
- uint8_t *src;
- uint8_t *dst = ds_get_data(qxl->vga.ds);
- int len, i;
-
- if (is_buffer_shared(qxl->vga.ds->surface)) {
- return;
- }
- if (!qxl->guest_primary.data) {
- trace_qxl_render_blit_guest_primary_initialized();
- qxl->guest_primary.data = memory_region_get_ram_ptr(&qxl->vga.vram);
- }
- trace_qxl_render_blit(qxl->guest_primary.qxl_stride,
- rect->left, rect->right, rect->top, rect->bottom);
- src = qxl->guest_primary.data;
- if (qxl->guest_primary.qxl_stride < 0) {
- /* qxl surface is upside down, walk src scanlines
- * in reverse order to flip it */
- src += (qxl->guest_primary.surface.height - rect->top - 1) *
- qxl->guest_primary.abs_stride;
- } else {
- src += rect->top * qxl->guest_primary.abs_stride;
- }
- dst += rect->top * qxl->guest_primary.abs_stride;
- src += rect->left * qxl->guest_primary.bytes_pp;
- dst += rect->left * qxl->guest_primary.bytes_pp;
- len = (rect->right - rect->left) * qxl->guest_primary.bytes_pp;
-
- for (i = rect->top; i < rect->bottom; i++) {
- memcpy(dst, src, len);
- dst += qxl->guest_primary.abs_stride;
- src += qxl->guest_primary.qxl_stride;
- }
-}
-
-void qxl_render_resize(PCIQXLDevice *qxl)
-{
- QXLSurfaceCreate *sc = &qxl->guest_primary.surface;
-
- qxl->guest_primary.qxl_stride = sc->stride;
- qxl->guest_primary.abs_stride = abs(sc->stride);
- qxl->guest_primary.resized++;
- switch (sc->format) {
- case SPICE_SURFACE_FMT_16_555:
- qxl->guest_primary.bytes_pp = 2;
- qxl->guest_primary.bits_pp = 15;
- break;
- case SPICE_SURFACE_FMT_16_565:
- qxl->guest_primary.bytes_pp = 2;
- qxl->guest_primary.bits_pp = 16;
- break;
- case SPICE_SURFACE_FMT_32_xRGB:
- case SPICE_SURFACE_FMT_32_ARGB:
- qxl->guest_primary.bytes_pp = 4;
- qxl->guest_primary.bits_pp = 32;
- break;
- default:
- fprintf(stderr, "%s: unhandled format: %x\n", __FUNCTION__,
- qxl->guest_primary.surface.format);
- qxl->guest_primary.bytes_pp = 4;
- qxl->guest_primary.bits_pp = 32;
- break;
- }
-}
-
-static void qxl_set_rect_to_surface(PCIQXLDevice *qxl, QXLRect *area)
-{
- area->left = 0;
- area->right = qxl->guest_primary.surface.width;
- area->top = 0;
- area->bottom = qxl->guest_primary.surface.height;
-}
-
-static void qxl_render_update_area_unlocked(PCIQXLDevice *qxl)
-{
- VGACommonState *vga = &qxl->vga;
- int i;
-
- if (qxl->guest_primary.resized) {
- qxl->guest_primary.resized = 0;
- qxl->guest_primary.data = memory_region_get_ram_ptr(&qxl->vga.vram);
- qxl_set_rect_to_surface(qxl, &qxl->dirty[0]);
- qxl->num_dirty_rects = 1;
- trace_qxl_render_guest_primary_resized(
- qxl->guest_primary.surface.width,
- qxl->guest_primary.surface.height,
- qxl->guest_primary.qxl_stride,
- qxl->guest_primary.bytes_pp,
- qxl->guest_primary.bits_pp);
- if (qxl->guest_primary.qxl_stride > 0) {
- qemu_free_displaysurface(vga->ds);
- qemu_create_displaysurface_from(qxl->guest_primary.surface.width,
- qxl->guest_primary.surface.height,
- qxl->guest_primary.bits_pp,
- qxl->guest_primary.abs_stride,
- qxl->guest_primary.data);
- } else {
- qemu_resize_displaysurface(vga->ds,
- qxl->guest_primary.surface.width,
- qxl->guest_primary.surface.height);
- }
- dpy_gfx_resize(vga->ds);
- }
- for (i = 0; i < qxl->num_dirty_rects; i++) {
- if (qemu_spice_rect_is_empty(qxl->dirty+i)) {
- break;
- }
- qxl_blit(qxl, qxl->dirty+i);
- dpy_gfx_update(vga->ds,
- qxl->dirty[i].left, qxl->dirty[i].top,
- qxl->dirty[i].right - qxl->dirty[i].left,
- qxl->dirty[i].bottom - qxl->dirty[i].top);
- }
- qxl->num_dirty_rects = 0;
-}
-
-/*
- * use ssd.lock to protect render_update_cookie_num.
- * qxl_render_update is called by io thread or vcpu thread, and the completion
- * callbacks are called by spice_server thread, defering to bh called from the
- * io thread.
- */
-void qxl_render_update(PCIQXLDevice *qxl)
-{
- QXLCookie *cookie;
-
- qemu_mutex_lock(&qxl->ssd.lock);
-
- if (!runstate_is_running() || !qxl->guest_primary.commands) {
- qxl_render_update_area_unlocked(qxl);
- qemu_mutex_unlock(&qxl->ssd.lock);
- return;
- }
-
- qxl->guest_primary.commands = 0;
- qxl->render_update_cookie_num++;
- qemu_mutex_unlock(&qxl->ssd.lock);
- cookie = qxl_cookie_new(QXL_COOKIE_TYPE_RENDER_UPDATE_AREA,
- 0);
- qxl_set_rect_to_surface(qxl, &cookie->u.render.area);
- qxl_spice_update_area(qxl, 0, &cookie->u.render.area, NULL,
- 0, 1 /* clear_dirty_region */, QXL_ASYNC, cookie);
-}
-
-void qxl_render_update_area_bh(void *opaque)
-{
- PCIQXLDevice *qxl = opaque;
-
- qemu_mutex_lock(&qxl->ssd.lock);
- qxl_render_update_area_unlocked(qxl);
- qemu_mutex_unlock(&qxl->ssd.lock);
-}
-
-void qxl_render_update_area_done(PCIQXLDevice *qxl, QXLCookie *cookie)
-{
- qemu_mutex_lock(&qxl->ssd.lock);
- trace_qxl_render_update_area_done(cookie);
- qemu_bh_schedule(qxl->update_area_bh);
- qxl->render_update_cookie_num--;
- qemu_mutex_unlock(&qxl->ssd.lock);
- g_free(cookie);
-}
-
-static QEMUCursor *qxl_cursor(PCIQXLDevice *qxl, QXLCursor *cursor)
-{
- QEMUCursor *c;
- uint8_t *image, *mask;
- size_t size;
-
- c = cursor_alloc(cursor->header.width, cursor->header.height);
- c->hot_x = cursor->header.hot_spot_x;
- c->hot_y = cursor->header.hot_spot_y;
- switch (cursor->header.type) {
- case SPICE_CURSOR_TYPE_ALPHA:
- size = cursor->header.width * cursor->header.height * sizeof(uint32_t);
- memcpy(c->data, cursor->chunk.data, size);
- if (qxl->debug > 2) {
- cursor_print_ascii_art(c, "qxl/alpha");
- }
- break;
- case SPICE_CURSOR_TYPE_MONO:
- mask = cursor->chunk.data;
- image = mask + cursor_get_mono_bpl(c) * c->width;
- cursor_set_mono(c, 0xffffff, 0x000000, image, 1, mask);
- if (qxl->debug > 2) {
- cursor_print_ascii_art(c, "qxl/mono");
- }
- break;
- default:
- fprintf(stderr, "%s: not implemented: type %d\n",
- __FUNCTION__, cursor->header.type);
- goto fail;
- }
- return c;
-
-fail:
- cursor_put(c);
- return NULL;
-}
-
-
-/* called from spice server thread context only */
-int qxl_render_cursor(PCIQXLDevice *qxl, QXLCommandExt *ext)
-{
- QXLCursorCmd *cmd = qxl_phys2virt(qxl, ext->cmd.data, ext->group_id);
- QXLCursor *cursor;
- QEMUCursor *c;
-
- if (!cmd) {
- return 1;
- }
-
- if (!dpy_cursor_define_supported(qxl->ssd.ds)) {
- return 0;
- }
-
- if (qxl->debug > 1 && cmd->type != QXL_CURSOR_MOVE) {
- fprintf(stderr, "%s", __FUNCTION__);
- qxl_log_cmd_cursor(qxl, cmd, ext->group_id);
- fprintf(stderr, "\n");
- }
- switch (cmd->type) {
- case QXL_CURSOR_SET:
- cursor = qxl_phys2virt(qxl, cmd->u.set.shape, ext->group_id);
- if (!cursor) {
- return 1;
- }
- if (cursor->chunk.data_size != cursor->data_size) {
- fprintf(stderr, "%s: multiple chunks\n", __FUNCTION__);
- return 1;
- }
- c = qxl_cursor(qxl, cursor);
- if (c == NULL) {
- c = cursor_builtin_left_ptr();
- }
- qemu_mutex_lock(&qxl->ssd.lock);
- if (qxl->ssd.cursor) {
- cursor_put(qxl->ssd.cursor);
- }
- qxl->ssd.cursor = c;
- qxl->ssd.mouse_x = cmd->u.set.position.x;
- qxl->ssd.mouse_y = cmd->u.set.position.y;
- qemu_mutex_unlock(&qxl->ssd.lock);
- break;
- case QXL_CURSOR_MOVE:
- qemu_mutex_lock(&qxl->ssd.lock);
- qxl->ssd.mouse_x = cmd->u.position.x;
- qxl->ssd.mouse_y = cmd->u.position.y;
- qemu_mutex_unlock(&qxl->ssd.lock);
- break;
- }
- return 0;
-}
diff --git a/hw/qxl.c b/hw/qxl.c
deleted file mode 100644
index 96887c4aa..000000000
--- a/hw/qxl.c
+++ /dev/null
@@ -1,2348 +0,0 @@
-/*
- * Copyright (C) 2010 Red Hat, Inc.
- *
- * written by Yaniv Kamay, Izik Eidus, Gerd Hoffmann
- * maintained by Gerd Hoffmann <kraxel@redhat.com>
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License as
- * published by the Free Software Foundation; either version 2 or
- * (at your option) version 3 of the License.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, see <http://www.gnu.org/licenses/>.
- */
-
-#include <zlib.h>
-
-#include "qemu-common.h"
-#include "qemu-timer.h"
-#include "qemu-queue.h"
-#include "monitor.h"
-#include "sysemu.h"
-#include "trace.h"
-
-#include "qxl.h"
-
-/*
- * NOTE: SPICE_RING_PROD_ITEM accesses memory on the pci bar and as
- * such can be changed by the guest, so to avoid a guest trigerrable
- * abort we just qxl_set_guest_bug and set the return to NULL. Still
- * it may happen as a result of emulator bug as well.
- */
-#undef SPICE_RING_PROD_ITEM
-#define SPICE_RING_PROD_ITEM(qxl, r, ret) { \
- typeof(r) start = r; \
- typeof(r) end = r + 1; \
- uint32_t prod = (r)->prod & SPICE_RING_INDEX_MASK(r); \
- typeof(&(r)->items[prod]) m_item = &(r)->items[prod]; \
- if (!((uint8_t*)m_item >= (uint8_t*)(start) && (uint8_t*)(m_item + 1) <= (uint8_t*)(end))) { \
- qxl_set_guest_bug(qxl, "SPICE_RING_PROD_ITEM indices mismatch " \
- "! %p <= %p < %p", (uint8_t *)start, \
- (uint8_t *)m_item, (uint8_t *)end); \
- ret = NULL; \
- } else { \
- ret = &m_item->el; \
- } \
- }
-
-#undef SPICE_RING_CONS_ITEM
-#define SPICE_RING_CONS_ITEM(qxl, r, ret) { \
- typeof(r) start = r; \
- typeof(r) end = r + 1; \
- uint32_t cons = (r)->cons & SPICE_RING_INDEX_MASK(r); \
- typeof(&(r)->items[cons]) m_item = &(r)->items[cons]; \
- if (!((uint8_t*)m_item >= (uint8_t*)(start) && (uint8_t*)(m_item + 1) <= (uint8_t*)(end))) { \
- qxl_set_guest_bug(qxl, "SPICE_RING_CONS_ITEM indices mismatch " \
- "! %p <= %p < %p", (uint8_t *)start, \
- (uint8_t *)m_item, (uint8_t *)end); \
- ret = NULL; \
- } else { \
- ret = &m_item->el; \
- } \
- }
-
-#undef ALIGN
-#define ALIGN(a, b) (((a) + ((b) - 1)) & ~((b) - 1))
-
-#define PIXEL_SIZE 0.2936875 //1280x1024 is 14.8" x 11.9"
-
-#define QXL_MODE(_x, _y, _b, _o) \
- { .x_res = _x, \
- .y_res = _y, \
- .bits = _b, \
- .stride = (_x) * (_b) / 8, \
- .x_mili = PIXEL_SIZE * (_x), \
- .y_mili = PIXEL_SIZE * (_y), \
- .orientation = _o, \
- }
-
-#define QXL_MODE_16_32(x_res, y_res, orientation) \
- QXL_MODE(x_res, y_res, 16, orientation), \
- QXL_MODE(x_res, y_res, 32, orientation)
-
-#define QXL_MODE_EX(x_res, y_res) \
- QXL_MODE_16_32(x_res, y_res, 0), \
- QXL_MODE_16_32(y_res, x_res, 1), \
- QXL_MODE_16_32(x_res, y_res, 2), \
- QXL_MODE_16_32(y_res, x_res, 3)
-
-static QXLMode qxl_modes[] = {
- QXL_MODE_EX(640, 480),
- QXL_MODE_EX(800, 480),
- QXL_MODE_EX(800, 600),
- QXL_MODE_EX(832, 624),
- QXL_MODE_EX(960, 640),
- QXL_MODE_EX(1024, 600),
- QXL_MODE_EX(1024, 768),
- QXL_MODE_EX(1152, 864),
- QXL_MODE_EX(1152, 870),
- QXL_MODE_EX(1280, 720),
- QXL_MODE_EX(1280, 760),
- QXL_MODE_EX(1280, 768),
- QXL_MODE_EX(1280, 800),
- QXL_MODE_EX(1280, 960),
- QXL_MODE_EX(1280, 1024),
- QXL_MODE_EX(1360, 768),
- QXL_MODE_EX(1366, 768),
- QXL_MODE_EX(1400, 1050),
- QXL_MODE_EX(1440, 900),
- QXL_MODE_EX(1600, 900),
- QXL_MODE_EX(1600, 1200),
- QXL_MODE_EX(1680, 1050),
- QXL_MODE_EX(1920, 1080),
- /* these modes need more than 8 MB video memory */
- QXL_MODE_EX(1920, 1200),
- QXL_MODE_EX(1920, 1440),
- QXL_MODE_EX(2048, 1536),
- QXL_MODE_EX(2560, 1440),
- QXL_MODE_EX(2560, 1600),
- /* these modes need more than 16 MB video memory */
- QXL_MODE_EX(2560, 2048),
- QXL_MODE_EX(2800, 2100),
- QXL_MODE_EX(3200, 2400),
-};
-
-static PCIQXLDevice *qxl0;
-
-static void qxl_send_events(PCIQXLDevice *d, uint32_t events);
-static int qxl_destroy_primary(PCIQXLDevice *d, qxl_async_io async);
-static void qxl_reset_memslots(PCIQXLDevice *d);
-static void qxl_reset_surfaces(PCIQXLDevice *d);
-static void qxl_ring_set_dirty(PCIQXLDevice *qxl);
-
-void qxl_set_guest_bug(PCIQXLDevice *qxl, const char *msg, ...)
-{
- trace_qxl_set_guest_bug(qxl->id);
- qxl_send_events(qxl, QXL_INTERRUPT_ERROR);
- qxl->guest_bug = 1;
- if (qxl->guestdebug) {
- va_list ap;
- va_start(ap, msg);
- fprintf(stderr, "qxl-%d: guest bug: ", qxl->id);
- vfprintf(stderr, msg, ap);
- fprintf(stderr, "\n");
- va_end(ap);
- }
-}
-
-static void qxl_clear_guest_bug(PCIQXLDevice *qxl)
-{
- qxl->guest_bug = 0;
-}
-
-void qxl_spice_update_area(PCIQXLDevice *qxl, uint32_t surface_id,
- struct QXLRect *area, struct QXLRect *dirty_rects,
- uint32_t num_dirty_rects,
- uint32_t clear_dirty_region,
- qxl_async_io async, struct QXLCookie *cookie)
-{
- trace_qxl_spice_update_area(qxl->id, surface_id, area->left, area->right,
- area->top, area->bottom);
- trace_qxl_spice_update_area_rest(qxl->id, num_dirty_rects,
- clear_dirty_region);
- if (async == QXL_SYNC) {
- qxl->ssd.worker->update_area(qxl->ssd.worker, surface_id, area,
- dirty_rects, num_dirty_rects, clear_dirty_region);
- } else {
- assert(cookie != NULL);
- spice_qxl_update_area_async(&qxl->ssd.qxl, surface_id, area,
- clear_dirty_region, (uintptr_t)cookie);
- }
-}
-
-static void qxl_spice_destroy_surface_wait_complete(PCIQXLDevice *qxl,
- uint32_t id)
-{
- trace_qxl_spice_destroy_surface_wait_complete(qxl->id, id);
- qemu_mutex_lock(&qxl->track_lock);
- qxl->guest_surfaces.cmds[id] = 0;
- qxl->guest_surfaces.count--;
- qemu_mutex_unlock(&qxl->track_lock);
-}
-
-static void qxl_spice_destroy_surface_wait(PCIQXLDevice *qxl, uint32_t id,
- qxl_async_io async)
-{
- QXLCookie *cookie;
-
- trace_qxl_spice_destroy_surface_wait(qxl->id, id, async);
- if (async) {
- cookie = qxl_cookie_new(QXL_COOKIE_TYPE_IO,
- QXL_IO_DESTROY_SURFACE_ASYNC);
- cookie->u.surface_id = id;
- spice_qxl_destroy_surface_async(&qxl->ssd.qxl, id, (uintptr_t)cookie);
- } else {
- qxl->ssd.worker->destroy_surface_wait(qxl->ssd.worker, id);
- qxl_spice_destroy_surface_wait_complete(qxl, id);
- }
-}
-
-static void qxl_spice_flush_surfaces_async(PCIQXLDevice *qxl)
-{
- trace_qxl_spice_flush_surfaces_async(qxl->id, qxl->guest_surfaces.count,
- qxl->num_free_res);
- spice_qxl_flush_surfaces_async(&qxl->ssd.qxl,
- (uintptr_t)qxl_cookie_new(QXL_COOKIE_TYPE_IO,
- QXL_IO_FLUSH_SURFACES_ASYNC));
-}
-
-void qxl_spice_loadvm_commands(PCIQXLDevice *qxl, struct QXLCommandExt *ext,
- uint32_t count)
-{
- trace_qxl_spice_loadvm_commands(qxl->id, ext, count);
- qxl->ssd.worker->loadvm_commands(qxl->ssd.worker, ext, count);
-}
-
-void qxl_spice_oom(PCIQXLDevice *qxl)
-{
- trace_qxl_spice_oom(qxl->id);
- qxl->ssd.worker->oom(qxl->ssd.worker);
-}
-
-void qxl_spice_reset_memslots(PCIQXLDevice *qxl)
-{
- trace_qxl_spice_reset_memslots(qxl->id);
- qxl->ssd.worker->reset_memslots(qxl->ssd.worker);
-}
-
-static void qxl_spice_destroy_surfaces_complete(PCIQXLDevice *qxl)
-{
- trace_qxl_spice_destroy_surfaces_complete(qxl->id);
- qemu_mutex_lock(&qxl->track_lock);
- memset(qxl->guest_surfaces.cmds, 0,
- sizeof(qxl->guest_surfaces.cmds) * qxl->ssd.num_surfaces);
- qxl->guest_surfaces.count = 0;
- qemu_mutex_unlock(&qxl->track_lock);
-}
-
-static void qxl_spice_destroy_surfaces(PCIQXLDevice *qxl, qxl_async_io async)
-{
- trace_qxl_spice_destroy_surfaces(qxl->id, async);
- if (async) {
- spice_qxl_destroy_surfaces_async(&qxl->ssd.qxl,
- (uintptr_t)qxl_cookie_new(QXL_COOKIE_TYPE_IO,
- QXL_IO_DESTROY_ALL_SURFACES_ASYNC));
- } else {
- qxl->ssd.worker->destroy_surfaces(qxl->ssd.worker);
- qxl_spice_destroy_surfaces_complete(qxl);
- }
-}
-
-static void qxl_spice_monitors_config_async(PCIQXLDevice *qxl, int replay)
-{
- trace_qxl_spice_monitors_config(qxl->id);
- if (replay) {
- /*
- * don't use QXL_COOKIE_TYPE_IO:
- * - we are not running yet (post_load), we will assert
- * in send_events
- * - this is not a guest io, but a reply, so async_io isn't set.
- */
- spice_qxl_monitors_config_async(&qxl->ssd.qxl,
- qxl->guest_monitors_config,
- MEMSLOT_GROUP_GUEST,
- (uintptr_t)qxl_cookie_new(
- QXL_COOKIE_TYPE_POST_LOAD_MONITORS_CONFIG,
- 0));
- } else {
- qxl->guest_monitors_config = qxl->ram->monitors_config;
- spice_qxl_monitors_config_async(&qxl->ssd.qxl,
- qxl->ram->monitors_config,
- MEMSLOT_GROUP_GUEST,
- (uintptr_t)qxl_cookie_new(QXL_COOKIE_TYPE_IO,
- QXL_IO_MONITORS_CONFIG_ASYNC));
- }
-}
-
-void qxl_spice_reset_image_cache(PCIQXLDevice *qxl)
-{
- trace_qxl_spice_reset_image_cache(qxl->id);
- qxl->ssd.worker->reset_image_cache(qxl->ssd.worker);
-}
-
-void qxl_spice_reset_cursor(PCIQXLDevice *qxl)
-{
- trace_qxl_spice_reset_cursor(qxl->id);
- qxl->ssd.worker->reset_cursor(qxl->ssd.worker);
- qemu_mutex_lock(&qxl->track_lock);
- qxl->guest_cursor = 0;
- qemu_mutex_unlock(&qxl->track_lock);
- if (qxl->ssd.cursor) {
- cursor_put(qxl->ssd.cursor);
- }
- qxl->ssd.cursor = cursor_builtin_hidden();
-}
-
-
-static inline uint32_t msb_mask(uint32_t val)
-{
- uint32_t mask;
-
- do {
- mask = ~(val - 1) & val;
- val &= ~mask;
- } while (mask < val);
-
- return mask;
-}
-
-static ram_addr_t qxl_rom_size(void)
-{
- uint32_t rom_size = sizeof(QXLRom) + sizeof(QXLModes) + sizeof(qxl_modes);
-
- rom_size = MAX(rom_size, TARGET_PAGE_SIZE);
- rom_size = msb_mask(rom_size * 2 - 1);
- return rom_size;
-}
-
-static void init_qxl_rom(PCIQXLDevice *d)
-{
- QXLRom *rom = memory_region_get_ram_ptr(&d->rom_bar);
- QXLModes *modes = (QXLModes *)(rom + 1);
- uint32_t ram_header_size;
- uint32_t surface0_area_size;
- uint32_t num_pages;
- uint32_t fb;
- int i, n;
-
- memset(rom, 0, d->rom_size);
-
- rom->magic = cpu_to_le32(QXL_ROM_MAGIC);
- rom->id = cpu_to_le32(d->id);
- rom->log_level = cpu_to_le32(d->guestdebug);
- rom->modes_offset = cpu_to_le32(sizeof(QXLRom));
-
- rom->slot_gen_bits = MEMSLOT_GENERATION_BITS;
- rom->slot_id_bits = MEMSLOT_SLOT_BITS;
- rom->slots_start = 1;
- rom->slots_end = NUM_MEMSLOTS - 1;
- rom->n_surfaces = cpu_to_le32(d->ssd.num_surfaces);
-
- for (i = 0, n = 0; i < ARRAY_SIZE(qxl_modes); i++) {
- fb = qxl_modes[i].y_res * qxl_modes[i].stride;
- if (fb > d->vgamem_size) {
- continue;
- }
- modes->modes[n].id = cpu_to_le32(i);
- modes->modes[n].x_res = cpu_to_le32(qxl_modes[i].x_res);
- modes->modes[n].y_res = cpu_to_le32(qxl_modes[i].y_res);
- modes->modes[n].bits = cpu_to_le32(qxl_modes[i].bits);
- modes->modes[n].stride = cpu_to_le32(qxl_modes[i].stride);
- modes->modes[n].x_mili = cpu_to_le32(qxl_modes[i].x_mili);
- modes->modes[n].y_mili = cpu_to_le32(qxl_modes[i].y_mili);
- modes->modes[n].orientation = cpu_to_le32(qxl_modes[i].orientation);
- n++;
- }
- modes->n_modes = cpu_to_le32(n);
-
- ram_header_size = ALIGN(sizeof(QXLRam), 4096);
- surface0_area_size = ALIGN(d->vgamem_size, 4096);
- num_pages = d->vga.vram_size;
- num_pages -= ram_header_size;
- num_pages -= surface0_area_size;
- num_pages = num_pages / TARGET_PAGE_SIZE;
-
- rom->draw_area_offset = cpu_to_le32(0);
- rom->surface0_area_size = cpu_to_le32(surface0_area_size);
- rom->pages_offset = cpu_to_le32(surface0_area_size);
- rom->num_pages = cpu_to_le32(num_pages);
- rom->ram_header_offset = cpu_to_le32(d->vga.vram_size - ram_header_size);
-
- d->shadow_rom = *rom;
- d->rom = rom;
- d->modes = modes;
-}
-
-static void init_qxl_ram(PCIQXLDevice *d)
-{
- uint8_t *buf;
- uint64_t *item;
-
- buf = d->vga.vram_ptr;
- d->ram = (QXLRam *)(buf + le32_to_cpu(d->shadow_rom.ram_header_offset));
- d->ram->magic = cpu_to_le32(QXL_RAM_MAGIC);
- d->ram->int_pending = cpu_to_le32(0);
- d->ram->int_mask = cpu_to_le32(0);
- d->ram->update_surface = 0;
- SPICE_RING_INIT(&d->ram->cmd_ring);
- SPICE_RING_INIT(&d->ram->cursor_ring);
- SPICE_RING_INIT(&d->ram->release_ring);
- SPICE_RING_PROD_ITEM(d, &d->ram->release_ring, item);
- assert(item);
- *item = 0;
- qxl_ring_set_dirty(d);
-}
-
-/* can be called from spice server thread context */
-static void qxl_set_dirty(MemoryRegion *mr, ram_addr_t addr, ram_addr_t end)
-{
- memory_region_set_dirty(mr, addr, end - addr);
-}
-
-static void qxl_rom_set_dirty(PCIQXLDevice *qxl)
-{
- qxl_set_dirty(&qxl->rom_bar, 0, qxl->rom_size);
-}
-
-/* called from spice server thread context only */
-static void qxl_ram_set_dirty(PCIQXLDevice *qxl, void *ptr)
-{
- void *base = qxl->vga.vram_ptr;
- intptr_t offset;
-
- offset = ptr - base;
- offset &= ~(TARGET_PAGE_SIZE-1);
- assert(offset < qxl->vga.vram_size);
- qxl_set_dirty(&qxl->vga.vram, offset, offset + TARGET_PAGE_SIZE);
-}
-
-/* can be called from spice server thread context */
-static void qxl_ring_set_dirty(PCIQXLDevice *qxl)
-{
- ram_addr_t addr = qxl->shadow_rom.ram_header_offset;
- ram_addr_t end = qxl->vga.vram_size;
- qxl_set_dirty(&qxl->vga.vram, addr, end);
-}
-
-/*
- * keep track of some command state, for savevm/loadvm.
- * called from spice server thread context only
- */
-static int qxl_track_command(PCIQXLDevice *qxl, struct QXLCommandExt *ext)
-{
- switch (le32_to_cpu(ext->cmd.type)) {
- case QXL_CMD_SURFACE:
- {
- QXLSurfaceCmd *cmd = qxl_phys2virt(qxl, ext->cmd.data, ext->group_id);
-
- if (!cmd) {
- return 1;
- }
- uint32_t id = le32_to_cpu(cmd->surface_id);
-
- if (id >= qxl->ssd.num_surfaces) {
- qxl_set_guest_bug(qxl, "QXL_CMD_SURFACE id %d >= %d", id,
- qxl->ssd.num_surfaces);
- return 1;
- }
- if (cmd->type == QXL_SURFACE_CMD_CREATE &&
- (cmd->u.surface_create.stride & 0x03) != 0) {
- qxl_set_guest_bug(qxl, "QXL_CMD_SURFACE stride = %d %% 4 != 0\n",
- cmd->u.surface_create.stride);
- return 1;
- }
- qemu_mutex_lock(&qxl->track_lock);
- if (cmd->type == QXL_SURFACE_CMD_CREATE) {
- qxl->guest_surfaces.cmds[id] = ext->cmd.data;
- qxl->guest_surfaces.count++;
- if (qxl->guest_surfaces.max < qxl->guest_surfaces.count)
- qxl->guest_surfaces.max = qxl->guest_surfaces.count;
- }
- if (cmd->type == QXL_SURFACE_CMD_DESTROY) {
- qxl->guest_surfaces.cmds[id] = 0;
- qxl->guest_surfaces.count--;
- }
- qemu_mutex_unlock(&qxl->track_lock);
- break;
- }
- case QXL_CMD_CURSOR:
- {
- QXLCursorCmd *cmd = qxl_phys2virt(qxl, ext->cmd.data, ext->group_id);
-
- if (!cmd) {
- return 1;
- }
- if (cmd->type == QXL_CURSOR_SET) {
- qemu_mutex_lock(&qxl->track_lock);
- qxl->guest_cursor = ext->cmd.data;
- qemu_mutex_unlock(&qxl->track_lock);
- }
- break;
- }
- }
- return 0;
-}
-
-/* spice display interface callbacks */
-
-static void interface_attach_worker(QXLInstance *sin, QXLWorker *qxl_worker)
-{
- PCIQXLDevice *qxl = container_of(sin, PCIQXLDevice, ssd.qxl);
-
- trace_qxl_interface_attach_worker(qxl->id);
- qxl->ssd.worker = qxl_worker;
-}
-
-static void interface_set_compression_level(QXLInstance *sin, int level)
-{
- PCIQXLDevice *qxl = container_of(sin, PCIQXLDevice, ssd.qxl);
-
- trace_qxl_interface_set_compression_level(qxl->id, level);
- qxl->shadow_rom.compression_level = cpu_to_le32(level);
- qxl->rom->compression_level = cpu_to_le32(level);
- qxl_rom_set_dirty(qxl);
-}
-
-static void interface_set_mm_time(QXLInstance *sin, uint32_t mm_time)
-{
- PCIQXLDevice *qxl = container_of(sin, PCIQXLDevice, ssd.qxl);
-
- trace_qxl_interface_set_mm_time(qxl->id, mm_time);
- qxl->shadow_rom.mm_clock = cpu_to_le32(mm_time);
- qxl->rom->mm_clock = cpu_to_le32(mm_time);
- qxl_rom_set_dirty(qxl);
-}
-
-static void interface_get_init_info(QXLInstance *sin, QXLDevInitInfo *info)
-{
- PCIQXLDevice *qxl = container_of(sin, PCIQXLDevice, ssd.qxl);
-
- trace_qxl_interface_get_init_info(qxl->id);
- info->memslot_gen_bits = MEMSLOT_GENERATION_BITS;
- info->memslot_id_bits = MEMSLOT_SLOT_BITS;
- info->num_memslots = NUM_MEMSLOTS;
- info->num_memslots_groups = NUM_MEMSLOTS_GROUPS;
- info->internal_groupslot_id = 0;
- info->qxl_ram_size = le32_to_cpu(qxl->shadow_rom.num_pages) << TARGET_PAGE_BITS;
- info->n_surfaces = qxl->ssd.num_surfaces;
-}
-
-static const char *qxl_mode_to_string(int mode)
-{
- switch (mode) {
- case QXL_MODE_COMPAT:
- return "compat";
- case QXL_MODE_NATIVE:
- return "native";
- case QXL_MODE_UNDEFINED:
- return "undefined";
- case QXL_MODE_VGA:
- return "vga";
- }
- return "INVALID";
-}
-
-static const char *io_port_to_string(uint32_t io_port)
-{
- if (io_port >= QXL_IO_RANGE_SIZE) {
- return "out of range";
- }
- static const char *io_port_to_string[QXL_IO_RANGE_SIZE + 1] = {
- [QXL_IO_NOTIFY_CMD] = "QXL_IO_NOTIFY_CMD",
- [QXL_IO_NOTIFY_CURSOR] = "QXL_IO_NOTIFY_CURSOR",
- [QXL_IO_UPDATE_AREA] = "QXL_IO_UPDATE_AREA",
- [QXL_IO_UPDATE_IRQ] = "QXL_IO_UPDATE_IRQ",
- [QXL_IO_NOTIFY_OOM] = "QXL_IO_NOTIFY_OOM",
- [QXL_IO_RESET] = "QXL_IO_RESET",
- [QXL_IO_SET_MODE] = "QXL_IO_SET_MODE",
- [QXL_IO_LOG] = "QXL_IO_LOG",
- [QXL_IO_MEMSLOT_ADD] = "QXL_IO_MEMSLOT_ADD",
- [QXL_IO_MEMSLOT_DEL] = "QXL_IO_MEMSLOT_DEL",
- [QXL_IO_DETACH_PRIMARY] = "QXL_IO_DETACH_PRIMARY",
- [QXL_IO_ATTACH_PRIMARY] = "QXL_IO_ATTACH_PRIMARY",
- [QXL_IO_CREATE_PRIMARY] = "QXL_IO_CREATE_PRIMARY",
- [QXL_IO_DESTROY_PRIMARY] = "QXL_IO_DESTROY_PRIMARY",
- [QXL_IO_DESTROY_SURFACE_WAIT] = "QXL_IO_DESTROY_SURFACE_WAIT",
- [QXL_IO_DESTROY_ALL_SURFACES] = "QXL_IO_DESTROY_ALL_SURFACES",
- [QXL_IO_UPDATE_AREA_ASYNC] = "QXL_IO_UPDATE_AREA_ASYNC",
- [QXL_IO_MEMSLOT_ADD_ASYNC] = "QXL_IO_MEMSLOT_ADD_ASYNC",
- [QXL_IO_CREATE_PRIMARY_ASYNC] = "QXL_IO_CREATE_PRIMARY_ASYNC",
- [QXL_IO_DESTROY_PRIMARY_ASYNC] = "QXL_IO_DESTROY_PRIMARY_ASYNC",
- [QXL_IO_DESTROY_SURFACE_ASYNC] = "QXL_IO_DESTROY_SURFACE_ASYNC",
- [QXL_IO_DESTROY_ALL_SURFACES_ASYNC]
- = "QXL_IO_DESTROY_ALL_SURFACES_ASYNC",
- [QXL_IO_FLUSH_SURFACES_ASYNC] = "QXL_IO_FLUSH_SURFACES_ASYNC",
- [QXL_IO_FLUSH_RELEASE] = "QXL_IO_FLUSH_RELEASE",
- [QXL_IO_MONITORS_CONFIG_ASYNC] = "QXL_IO_MONITORS_CONFIG_ASYNC",
- };
- return io_port_to_string[io_port];
-}
-
-/* called from spice server thread context only */
-static int interface_get_command(QXLInstance *sin, struct QXLCommandExt *ext)
-{
- PCIQXLDevice *qxl = container_of(sin, PCIQXLDevice, ssd.qxl);
- SimpleSpiceUpdate *update;
- QXLCommandRing *ring;
- QXLCommand *cmd;
- int notify, ret;
-
- trace_qxl_ring_command_check(qxl->id, qxl_mode_to_string(qxl->mode));
-
- switch (qxl->mode) {
- case QXL_MODE_VGA:
- ret = false;
- qemu_mutex_lock(&qxl->ssd.lock);
- update = QTAILQ_FIRST(&qxl->ssd.updates);
- if (update != NULL) {
- QTAILQ_REMOVE(&qxl->ssd.updates, update, next);
- *ext = update->ext;
- ret = true;
- }
- qemu_mutex_unlock(&qxl->ssd.lock);
- if (ret) {
- trace_qxl_ring_command_get(qxl->id, qxl_mode_to_string(qxl->mode));
- qxl_log_command(qxl, "vga", ext);
- }
- return ret;
- case QXL_MODE_COMPAT:
- case QXL_MODE_NATIVE:
- case QXL_MODE_UNDEFINED:
- ring = &qxl->ram->cmd_ring;
- if (qxl->guest_bug || SPICE_RING_IS_EMPTY(ring)) {
- return false;
- }
- SPICE_RING_CONS_ITEM(qxl, ring, cmd);
- if (!cmd) {
- return false;
- }
- ext->cmd = *cmd;
- ext->group_id = MEMSLOT_GROUP_GUEST;
- ext->flags = qxl->cmdflags;
- SPICE_RING_POP(ring, notify);
- qxl_ring_set_dirty(qxl);
- if (notify) {
- qxl_send_events(qxl, QXL_INTERRUPT_DISPLAY);
- }
- qxl->guest_primary.commands++;
- qxl_track_command(qxl, ext);
- qxl_log_command(qxl, "cmd", ext);
- trace_qxl_ring_command_get(qxl->id, qxl_mode_to_string(qxl->mode));
- return true;
- default:
- return false;
- }
-}
-
-/* called from spice server thread context only */
-static int interface_req_cmd_notification(QXLInstance *sin)
-{
- PCIQXLDevice *qxl = container_of(sin, PCIQXLDevice, ssd.qxl);
- int wait = 1;
-
- trace_qxl_ring_command_req_notification(qxl->id);
- switch (qxl->mode) {
- case QXL_MODE_COMPAT:
- case QXL_MODE_NATIVE:
- case QXL_MODE_UNDEFINED:
- SPICE_RING_CONS_WAIT(&qxl->ram->cmd_ring, wait);
- qxl_ring_set_dirty(qxl);
- break;
- default:
- /* nothing */
- break;
- }
- return wait;
-}
-
-/* called from spice server thread context only */
-static inline void qxl_push_free_res(PCIQXLDevice *d, int flush)
-{
- QXLReleaseRing *ring = &d->ram->release_ring;
- uint64_t *item;
- int notify;
-
-#define QXL_FREE_BUNCH_SIZE 32
-
- if (ring->prod - ring->cons + 1 == ring->num_items) {
- /* ring full -- can't push */
- return;
- }
- if (!flush && d->oom_running) {
- /* collect everything from oom handler before pushing */
- return;
- }
- if (!flush && d->num_free_res < QXL_FREE_BUNCH_SIZE) {
- /* collect a bit more before pushing */
- return;
- }
-
- SPICE_RING_PUSH(ring, notify);
- trace_qxl_ring_res_push(d->id, qxl_mode_to_string(d->mode),
- d->guest_surfaces.count, d->num_free_res,
- d->last_release, notify ? "yes" : "no");
- trace_qxl_ring_res_push_rest(d->id, ring->prod - ring->cons,
- ring->num_items, ring->prod, ring->cons);
- if (notify) {
- qxl_send_events(d, QXL_INTERRUPT_DISPLAY);
- }
- SPICE_RING_PROD_ITEM(d, ring, item);
- if (!item) {
- return;
- }
- *item = 0;
- d->num_free_res = 0;
- d->last_release = NULL;
- qxl_ring_set_dirty(d);
-}
-
-/* called from spice server thread context only */
-static void interface_release_resource(QXLInstance *sin,
- struct QXLReleaseInfoExt ext)
-{
- PCIQXLDevice *qxl = container_of(sin, PCIQXLDevice, ssd.qxl);
- QXLReleaseRing *ring;
- uint64_t *item, id;
-
- if (ext.group_id == MEMSLOT_GROUP_HOST) {
- /* host group -> vga mode update request */
- qemu_spice_destroy_update(&qxl->ssd, (void *)(intptr_t)ext.info->id);
- return;
- }
-
- /*
- * ext->info points into guest-visible memory
- * pci bar 0, $command.release_info
- */
- ring = &qxl->ram->release_ring;
- SPICE_RING_PROD_ITEM(qxl, ring, item);
- if (!item) {
- return;
- }
- if (*item == 0) {
- /* stick head into the ring */
- id = ext.info->id;
- ext.info->next = 0;
- qxl_ram_set_dirty(qxl, &ext.info->next);
- *item = id;
- qxl_ring_set_dirty(qxl);
- } else {
- /* append item to the list */
- qxl->last_release->next = ext.info->id;
- qxl_ram_set_dirty(qxl, &qxl->last_release->next);
- ext.info->next = 0;
- qxl_ram_set_dirty(qxl, &ext.info->next);
- }
- qxl->last_release = ext.info;
- qxl->num_free_res++;
- trace_qxl_ring_res_put(qxl->id, qxl->num_free_res);
- qxl_push_free_res(qxl, 0);
-}
-
-/* called from spice server thread context only */
-static int interface_get_cursor_command(QXLInstance *sin, struct QXLCommandExt *ext)
-{
- PCIQXLDevice *qxl = container_of(sin, PCIQXLDevice, ssd.qxl);
- QXLCursorRing *ring;
- QXLCommand *cmd;
- int notify;
-
- trace_qxl_ring_cursor_check(qxl->id, qxl_mode_to_string(qxl->mode));
-
- switch (qxl->mode) {
- case QXL_MODE_COMPAT:
- case QXL_MODE_NATIVE:
- case QXL_MODE_UNDEFINED:
- ring = &qxl->ram->cursor_ring;
- if (SPICE_RING_IS_EMPTY(ring)) {
- return false;
- }
- SPICE_RING_CONS_ITEM(qxl, ring, cmd);
- if (!cmd) {
- return false;
- }
- ext->cmd = *cmd;
- ext->group_id = MEMSLOT_GROUP_GUEST;
- ext->flags = qxl->cmdflags;
- SPICE_RING_POP(ring, notify);
- qxl_ring_set_dirty(qxl);
- if (notify) {
- qxl_send_events(qxl, QXL_INTERRUPT_CURSOR);
- }
- qxl->guest_primary.commands++;
- qxl_track_command(qxl, ext);
- qxl_log_command(qxl, "csr", ext);
- if (qxl->id == 0) {
- qxl_render_cursor(qxl, ext);
- }
- trace_qxl_ring_cursor_get(qxl->id, qxl_mode_to_string(qxl->mode));
- return true;
- default:
- return false;
- }
-}
-
-/* called from spice server thread context only */
-static int interface_req_cursor_notification(QXLInstance *sin)
-{
- PCIQXLDevice *qxl = container_of(sin, PCIQXLDevice, ssd.qxl);
- int wait = 1;
-
- trace_qxl_ring_cursor_req_notification(qxl->id);
- switch (qxl->mode) {
- case QXL_MODE_COMPAT:
- case QXL_MODE_NATIVE:
- case QXL_MODE_UNDEFINED:
- SPICE_RING_CONS_WAIT(&qxl->ram->cursor_ring, wait);
- qxl_ring_set_dirty(qxl);
- break;
- default:
- /* nothing */
- break;
- }
- return wait;
-}
-
-/* called from spice server thread context */
-static void interface_notify_update(QXLInstance *sin, uint32_t update_id)
-{
- /*
- * Called by spice-server as a result of a QXL_CMD_UPDATE which is not in
- * use by xf86-video-qxl and is defined out in the qxl windows driver.
- * Probably was at some earlier version that is prior to git start (2009),
- * and is still guest trigerrable.
- */
- fprintf(stderr, "%s: deprecated\n", __func__);
-}
-
-/* called from spice server thread context only */
-static int interface_flush_resources(QXLInstance *sin)
-{
- PCIQXLDevice *qxl = container_of(sin, PCIQXLDevice, ssd.qxl);
- int ret;
-
- ret = qxl->num_free_res;
- if (ret) {
- qxl_push_free_res(qxl, 1);
- }
- return ret;
-}
-
-static void qxl_create_guest_primary_complete(PCIQXLDevice *d);
-
-/* called from spice server thread context only */
-static void interface_async_complete_io(PCIQXLDevice *qxl, QXLCookie *cookie)
-{
- uint32_t current_async;
-
- qemu_mutex_lock(&qxl->async_lock);
- current_async = qxl->current_async;
- qxl->current_async = QXL_UNDEFINED_IO;
- qemu_mutex_unlock(&qxl->async_lock);
-
- trace_qxl_interface_async_complete_io(qxl->id, current_async, cookie);
- if (!cookie) {
- fprintf(stderr, "qxl: %s: error, cookie is NULL\n", __func__);
- return;
- }
- if (cookie && current_async != cookie->io) {
- fprintf(stderr,
- "qxl: %s: error: current_async = %d != %"
- PRId64 " = cookie->io\n", __func__, current_async, cookie->io);
- }
- switch (current_async) {
- case QXL_IO_MEMSLOT_ADD_ASYNC:
- case QXL_IO_DESTROY_PRIMARY_ASYNC:
- case QXL_IO_UPDATE_AREA_ASYNC:
- case QXL_IO_FLUSH_SURFACES_ASYNC:
- case QXL_IO_MONITORS_CONFIG_ASYNC:
- break;
- case QXL_IO_CREATE_PRIMARY_ASYNC:
- qxl_create_guest_primary_complete(qxl);
- break;
- case QXL_IO_DESTROY_ALL_SURFACES_ASYNC:
- qxl_spice_destroy_surfaces_complete(qxl);
- break;
- case QXL_IO_DESTROY_SURFACE_ASYNC:
- qxl_spice_destroy_surface_wait_complete(qxl, cookie->u.surface_id);
- break;
- default:
- fprintf(stderr, "qxl: %s: unexpected current_async %d\n", __func__,
- current_async);
- }
- qxl_send_events(qxl, QXL_INTERRUPT_IO_CMD);
-}
-
-/* called from spice server thread context only */
-static void interface_update_area_complete(QXLInstance *sin,
- uint32_t surface_id,
- QXLRect *dirty, uint32_t num_updated_rects)
-{
- PCIQXLDevice *qxl = container_of(sin, PCIQXLDevice, ssd.qxl);
- int i;
- int qxl_i;
-
- qemu_mutex_lock(&qxl->ssd.lock);
- if (surface_id != 0 || !qxl->render_update_cookie_num) {
- qemu_mutex_unlock(&qxl->ssd.lock);
- return;
- }
- trace_qxl_interface_update_area_complete(qxl->id, surface_id, dirty->left,
- dirty->right, dirty->top, dirty->bottom);
- trace_qxl_interface_update_area_complete_rest(qxl->id, num_updated_rects);
- if (qxl->num_dirty_rects + num_updated_rects > QXL_NUM_DIRTY_RECTS) {
- /*
- * overflow - treat this as a full update. Not expected to be common.
- */
- trace_qxl_interface_update_area_complete_overflow(qxl->id,
- QXL_NUM_DIRTY_RECTS);
- qxl->guest_primary.resized = 1;
- }
- if (qxl->guest_primary.resized) {
- /*
- * Don't bother copying or scheduling the bh since we will flip
- * the whole area anyway on completion of the update_area async call
- */
- qemu_mutex_unlock(&qxl->ssd.lock);
- return;
- }
- qxl_i = qxl->num_dirty_rects;
- for (i = 0; i < num_updated_rects; i++) {
- qxl->dirty[qxl_i++] = dirty[i];
- }
- qxl->num_dirty_rects += num_updated_rects;
- trace_qxl_interface_update_area_complete_schedule_bh(qxl->id,
- qxl->num_dirty_rects);
- qemu_bh_schedule(qxl->update_area_bh);
- qemu_mutex_unlock(&qxl->ssd.lock);
-}
-
-/* called from spice server thread context only */
-static void interface_async_complete(QXLInstance *sin, uint64_t cookie_token)
-{
- PCIQXLDevice *qxl = container_of(sin, PCIQXLDevice, ssd.qxl);
- QXLCookie *cookie = (QXLCookie *)(uintptr_t)cookie_token;
-
- switch (cookie->type) {
- case QXL_COOKIE_TYPE_IO:
- interface_async_complete_io(qxl, cookie);
- g_free(cookie);
- break;
- case QXL_COOKIE_TYPE_RENDER_UPDATE_AREA:
- qxl_render_update_area_done(qxl, cookie);
- break;
- case QXL_COOKIE_TYPE_POST_LOAD_MONITORS_CONFIG:
- break;
- default:
- fprintf(stderr, "qxl: %s: unexpected cookie type %d\n",
- __func__, cookie->type);
- g_free(cookie);
- }
-}
-
-/* called from spice server thread context only */
-static void interface_set_client_capabilities(QXLInstance *sin,
- uint8_t client_present,
- uint8_t caps[58])
-{
- PCIQXLDevice *qxl = container_of(sin, PCIQXLDevice, ssd.qxl);
-
- if (runstate_check(RUN_STATE_INMIGRATE) ||
- runstate_check(RUN_STATE_POSTMIGRATE)) {
- return;
- }
-
- qxl->shadow_rom.client_present = client_present;
- memcpy(qxl->shadow_rom.client_capabilities, caps, sizeof(caps));
- qxl->rom->client_present = client_present;
- memcpy(qxl->rom->client_capabilities, caps, sizeof(caps));
- qxl_rom_set_dirty(qxl);
-
- qxl_send_events(qxl, QXL_INTERRUPT_CLIENT);
-}
-
-static uint32_t qxl_crc32(const uint8_t *p, unsigned len)
-{
- /*
- * zlib xors the seed with 0xffffffff, and xors the result
- * again with 0xffffffff; Both are not done with linux's crc32,
- * which we want to be compatible with, so undo that.
- */
- return crc32(0xffffffff, p, len) ^ 0xffffffff;
-}
-
-/* called from main context only */
-static int interface_client_monitors_config(QXLInstance *sin,
- VDAgentMonitorsConfig *monitors_config)
-{
- PCIQXLDevice *qxl = container_of(sin, PCIQXLDevice, ssd.qxl);
- QXLRom *rom = memory_region_get_ram_ptr(&qxl->rom_bar);
- int i;
-
- /*
- * Older windows drivers set int_mask to 0 when their ISR is called,
- * then later set it to ~0. So it doesn't relate to the actual interrupts
- * handled. However, they are old, so clearly they don't support this
- * interrupt
- */
- if (qxl->ram->int_mask == 0 || qxl->ram->int_mask == ~0 ||
- !(qxl->ram->int_mask & QXL_INTERRUPT_CLIENT_MONITORS_CONFIG)) {
- trace_qxl_client_monitors_config_unsupported_by_guest(qxl->id,
- qxl->ram->int_mask,
- monitors_config);
- return 0;
- }
- if (!monitors_config) {
- return 1;
- }
- memset(&rom->client_monitors_config, 0,
- sizeof(rom->client_monitors_config));
- rom->client_monitors_config.count = monitors_config->num_of_monitors;
- /* monitors_config->flags ignored */
- if (rom->client_monitors_config.count >=
- ARRAY_SIZE(rom->client_monitors_config.heads)) {
- trace_qxl_client_monitors_config_capped(qxl->id,
- monitors_config->num_of_monitors,
- ARRAY_SIZE(rom->client_monitors_config.heads));
- rom->client_monitors_config.count =
- ARRAY_SIZE(rom->client_monitors_config.heads);
- }
- for (i = 0 ; i < rom->client_monitors_config.count ; ++i) {
- VDAgentMonConfig *monitor = &monitors_config->monitors[i];
- QXLURect *rect = &rom->client_monitors_config.heads[i];
- /* monitor->depth ignored */
- rect->left = monitor->x;
- rect->top = monitor->y;
- rect->right = monitor->x + monitor->width;
- rect->bottom = monitor->y + monitor->height;
- }
- rom->client_monitors_config_crc = qxl_crc32(
- (const uint8_t *)&rom->client_monitors_config,
- sizeof(rom->client_monitors_config));
- trace_qxl_client_monitors_config_crc(qxl->id,
- sizeof(rom->client_monitors_config),
- rom->client_monitors_config_crc);
-
- trace_qxl_interrupt_client_monitors_config(qxl->id,
- rom->client_monitors_config.count,
- rom->client_monitors_config.heads);
- qxl_send_events(qxl, QXL_INTERRUPT_CLIENT_MONITORS_CONFIG);
- return 1;
-}
-
-static const QXLInterface qxl_interface = {
- .base.type = SPICE_INTERFACE_QXL,
- .base.description = "qxl gpu",
- .base.major_version = SPICE_INTERFACE_QXL_MAJOR,
- .base.minor_version = SPICE_INTERFACE_QXL_MINOR,
-
- .attache_worker = interface_attach_worker,
- .set_compression_level = interface_set_compression_level,
- .set_mm_time = interface_set_mm_time,
- .get_init_info = interface_get_init_info,
-
- /* the callbacks below are called from spice server thread context */
- .get_command = interface_get_command,
- .req_cmd_notification = interface_req_cmd_notification,
- .release_resource = interface_release_resource,
- .get_cursor_command = interface_get_cursor_command,
- .req_cursor_notification = interface_req_cursor_notification,
- .notify_update = interface_notify_update,
- .flush_resources = interface_flush_resources,
- .async_complete = interface_async_complete,
- .update_area_complete = interface_update_area_complete,
- .set_client_capabilities = interface_set_client_capabilities,
- .client_monitors_config = interface_client_monitors_config,
-};
-
-static void qxl_enter_vga_mode(PCIQXLDevice *d)
-{
- if (d->mode == QXL_MODE_VGA) {
- return;
- }
- trace_qxl_enter_vga_mode(d->id);
- qemu_spice_create_host_primary(&d->ssd);
- d->mode = QXL_MODE_VGA;
- dpy_gfx_resize(d->ssd.ds);
- vga_dirty_log_start(&d->vga);
-}
-
-static void qxl_exit_vga_mode(PCIQXLDevice *d)
-{
- if (d->mode != QXL_MODE_VGA) {
- return;
- }
- trace_qxl_exit_vga_mode(d->id);
- vga_dirty_log_stop(&d->vga);
- qxl_destroy_primary(d, QXL_SYNC);
-}
-
-static void qxl_update_irq(PCIQXLDevice *d)
-{
- uint32_t pending = le32_to_cpu(d->ram->int_pending);
- uint32_t mask = le32_to_cpu(d->ram->int_mask);
- int level = !!(pending & mask);
- qemu_set_irq(d->pci.irq[0], level);
- qxl_ring_set_dirty(d);
-}
-
-static void qxl_check_state(PCIQXLDevice *d)
-{
- QXLRam *ram = d->ram;
- int spice_display_running = qemu_spice_display_is_running(&d->ssd);
-
- assert(!spice_display_running || SPICE_RING_IS_EMPTY(&ram->cmd_ring));
- assert(!spice_display_running || SPICE_RING_IS_EMPTY(&ram->cursor_ring));
-}
-
-static void qxl_reset_state(PCIQXLDevice *d)
-{
- QXLRom *rom = d->rom;
-
- qxl_check_state(d);
- d->shadow_rom.update_id = cpu_to_le32(0);
- *rom = d->shadow_rom;
- qxl_rom_set_dirty(d);
- init_qxl_ram(d);
- d->num_free_res = 0;
- d->last_release = NULL;
- memset(&d->ssd.dirty, 0, sizeof(d->ssd.dirty));
-}
-
-static void qxl_soft_reset(PCIQXLDevice *d)
-{
- trace_qxl_soft_reset(d->id);
- qxl_check_state(d);
- qxl_clear_guest_bug(d);
- d->current_async = QXL_UNDEFINED_IO;
-
- if (d->id == 0) {
- qxl_enter_vga_mode(d);
- } else {
- d->mode = QXL_MODE_UNDEFINED;
- }
-}
-
-static void qxl_hard_reset(PCIQXLDevice *d, int loadvm)
-{
- trace_qxl_hard_reset(d->id, loadvm);
-
- qxl_spice_reset_cursor(d);
- qxl_spice_reset_image_cache(d);
- qxl_reset_surfaces(d);
- qxl_reset_memslots(d);
-
- /* pre loadvm reset must not touch QXLRam. This lives in
- * device memory, is migrated together with RAM and thus
- * already loaded at this point */
- if (!loadvm) {
- qxl_reset_state(d);
- }
- qemu_spice_create_host_memslot(&d->ssd);
- qxl_soft_reset(d);
-}
-
-static void qxl_reset_handler(DeviceState *dev)
-{
- PCIQXLDevice *d = DO_UPCAST(PCIQXLDevice, pci.qdev, dev);
-
- qxl_hard_reset(d, 0);
-}
-
-static void qxl_vga_ioport_write(void *opaque, uint32_t addr, uint32_t val)
-{
- VGACommonState *vga = opaque;
- PCIQXLDevice *qxl = container_of(vga, PCIQXLDevice, vga);
-
- trace_qxl_io_write_vga(qxl->id, qxl_mode_to_string(qxl->mode), addr, val);
- if (qxl->mode != QXL_MODE_VGA) {
- qxl_destroy_primary(qxl, QXL_SYNC);
- qxl_soft_reset(qxl);
- }
- vga_ioport_write(opaque, addr, val);
-}
-
-static const MemoryRegionPortio qxl_vga_portio_list[] = {
- { 0x04, 2, 1, .read = vga_ioport_read,
- .write = qxl_vga_ioport_write }, /* 3b4 */
- { 0x0a, 1, 1, .read = vga_ioport_read,
- .write = qxl_vga_ioport_write }, /* 3ba */
- { 0x10, 16, 1, .read = vga_ioport_read,
- .write = qxl_vga_ioport_write }, /* 3c0 */
- { 0x24, 2, 1, .read = vga_ioport_read,
- .write = qxl_vga_ioport_write }, /* 3d4 */
- { 0x2a, 1, 1, .read = vga_ioport_read,
- .write = qxl_vga_ioport_write }, /* 3da */
- PORTIO_END_OF_LIST(),
-};
-
-static int qxl_add_memslot(PCIQXLDevice *d, uint32_t slot_id, uint64_t delta,
- qxl_async_io async)
-{
- static const int regions[] = {
- QXL_RAM_RANGE_INDEX,
- QXL_VRAM_RANGE_INDEX,
- QXL_VRAM64_RANGE_INDEX,
- };
- uint64_t guest_start;
- uint64_t guest_end;
- int pci_region;
- pcibus_t pci_start;
- pcibus_t pci_end;
- intptr_t virt_start;
- QXLDevMemSlot memslot;
- int i;
-
- guest_start = le64_to_cpu(d->guest_slots[slot_id].slot.mem_start);
- guest_end = le64_to_cpu(d->guest_slots[slot_id].slot.mem_end);
-
- trace_qxl_memslot_add_guest(d->id, slot_id, guest_start, guest_end);
-
- if (slot_id >= NUM_MEMSLOTS) {
- qxl_set_guest_bug(d, "%s: slot_id >= NUM_MEMSLOTS %d >= %d", __func__,
- slot_id, NUM_MEMSLOTS);
- return 1;
- }
- if (guest_start > guest_end) {
- qxl_set_guest_bug(d, "%s: guest_start > guest_end 0x%" PRIx64
- " > 0x%" PRIx64, __func__, guest_start, guest_end);
- return 1;
- }
-
- for (i = 0; i < ARRAY_SIZE(regions); i++) {
- pci_region = regions[i];
- pci_start = d->pci.io_regions[pci_region].addr;
- pci_end = pci_start + d->pci.io_regions[pci_region].size;
- /* mapped? */
- if (pci_start == -1) {
- continue;
- }
- /* start address in range ? */
- if (guest_start < pci_start || guest_start > pci_end) {
- continue;
- }
- /* end address in range ? */
- if (guest_end > pci_end) {
- continue;
- }
- /* passed */
- break;
- }
- if (i == ARRAY_SIZE(regions)) {
- qxl_set_guest_bug(d, "%s: finished loop without match", __func__);
- return 1;
- }
-
- switch (pci_region) {
- case QXL_RAM_RANGE_INDEX:
- virt_start = (intptr_t)memory_region_get_ram_ptr(&d->vga.vram);
- break;
- case QXL_VRAM_RANGE_INDEX:
- case 4 /* vram 64bit */:
- virt_start = (intptr_t)memory_region_get_ram_ptr(&d->vram_bar);
- break;
- default:
- /* should not happen */
- qxl_set_guest_bug(d, "%s: pci_region = %d", __func__, pci_region);
- return 1;
- }
-
- memslot.slot_id = slot_id;
- memslot.slot_group_id = MEMSLOT_GROUP_GUEST; /* guest group */
- memslot.virt_start = virt_start + (guest_start - pci_start);
- memslot.virt_end = virt_start + (guest_end - pci_start);
- memslot.addr_delta = memslot.virt_start - delta;
- memslot.generation = d->rom->slot_generation = 0;
- qxl_rom_set_dirty(d);
-
- qemu_spice_add_memslot(&d->ssd, &memslot, async);
- d->guest_slots[slot_id].ptr = (void*)memslot.virt_start;
- d->guest_slots[slot_id].size = memslot.virt_end - memslot.virt_start;
- d->guest_slots[slot_id].delta = delta;
- d->guest_slots[slot_id].active = 1;
- return 0;
-}
-
-static void qxl_del_memslot(PCIQXLDevice *d, uint32_t slot_id)
-{
- qemu_spice_del_memslot(&d->ssd, MEMSLOT_GROUP_HOST, slot_id);
- d->guest_slots[slot_id].active = 0;
-}
-
-static void qxl_reset_memslots(PCIQXLDevice *d)
-{
- qxl_spice_reset_memslots(d);
- memset(&d->guest_slots, 0, sizeof(d->guest_slots));
-}
-
-static void qxl_reset_surfaces(PCIQXLDevice *d)
-{
- trace_qxl_reset_surfaces(d->id);
- d->mode = QXL_MODE_UNDEFINED;
- qxl_spice_destroy_surfaces(d, QXL_SYNC);
-}
-
-/* can be also called from spice server thread context */
-void *qxl_phys2virt(PCIQXLDevice *qxl, QXLPHYSICAL pqxl, int group_id)
-{
- uint64_t phys = le64_to_cpu(pqxl);
- uint32_t slot = (phys >> (64 - 8)) & 0xff;
- uint64_t offset = phys & 0xffffffffffff;
-
- switch (group_id) {
- case MEMSLOT_GROUP_HOST:
- return (void *)(intptr_t)offset;
- case MEMSLOT_GROUP_GUEST:
- if (slot >= NUM_MEMSLOTS) {
- qxl_set_guest_bug(qxl, "slot too large %d >= %d", slot,
- NUM_MEMSLOTS);
- return NULL;
- }
- if (!qxl->guest_slots[slot].active) {
- qxl_set_guest_bug(qxl, "inactive slot %d\n", slot);
- return NULL;
- }
- if (offset < qxl->guest_slots[slot].delta) {
- qxl_set_guest_bug(qxl,
- "slot %d offset %"PRIu64" < delta %"PRIu64"\n",
- slot, offset, qxl->guest_slots[slot].delta);
- return NULL;
- }
- offset -= qxl->guest_slots[slot].delta;
- if (offset > qxl->guest_slots[slot].size) {
- qxl_set_guest_bug(qxl,
- "slot %d offset %"PRIu64" > size %"PRIu64"\n",
- slot, offset, qxl->guest_slots[slot].size);
- return NULL;
- }
- return qxl->guest_slots[slot].ptr + offset;
- }
- return NULL;
-}
-
-static void qxl_create_guest_primary_complete(PCIQXLDevice *qxl)
-{
- /* for local rendering */
- qxl_render_resize(qxl);
-}
-
-static void qxl_create_guest_primary(PCIQXLDevice *qxl, int loadvm,
- qxl_async_io async)
-{
- QXLDevSurfaceCreate surface;
- QXLSurfaceCreate *sc = &qxl->guest_primary.surface;
- int size;
- int requested_height = le32_to_cpu(sc->height);
- int requested_stride = le32_to_cpu(sc->stride);
-
- size = abs(requested_stride) * requested_height;
- if (size > qxl->vgamem_size) {
- qxl_set_guest_bug(qxl, "%s: requested primary larger then framebuffer"
- " size", __func__);
- return;
- }
-
- if (qxl->mode == QXL_MODE_NATIVE) {
- qxl_set_guest_bug(qxl, "%s: nop since already in QXL_MODE_NATIVE",
- __func__);
- }
- qxl_exit_vga_mode(qxl);
-
- surface.format = le32_to_cpu(sc->format);
- surface.height = le32_to_cpu(sc->height);
- surface.mem = le64_to_cpu(sc->mem);
- surface.position = le32_to_cpu(sc->position);
- surface.stride = le32_to_cpu(sc->stride);
- surface.width = le32_to_cpu(sc->width);
- surface.type = le32_to_cpu(sc->type);
- surface.flags = le32_to_cpu(sc->flags);
- trace_qxl_create_guest_primary(qxl->id, sc->width, sc->height, sc->mem,
- sc->format, sc->position);
- trace_qxl_create_guest_primary_rest(qxl->id, sc->stride, sc->type,
- sc->flags);
-
- if ((surface.stride & 0x3) != 0) {
- qxl_set_guest_bug(qxl, "primary surface stride = %d %% 4 != 0",
- surface.stride);
- return;
- }
-
- surface.mouse_mode = true;
- surface.group_id = MEMSLOT_GROUP_GUEST;
- if (loadvm) {
- surface.flags |= QXL_SURF_FLAG_KEEP_DATA;
- }
-
- qxl->mode = QXL_MODE_NATIVE;
- qxl->cmdflags = 0;
- qemu_spice_create_primary_surface(&qxl->ssd, 0, &surface, async);
-
- if (async == QXL_SYNC) {
- qxl_create_guest_primary_complete(qxl);
- }
-}
-
-/* return 1 if surface destoy was initiated (in QXL_ASYNC case) or
- * done (in QXL_SYNC case), 0 otherwise. */
-static int qxl_destroy_primary(PCIQXLDevice *d, qxl_async_io async)
-{
- if (d->mode == QXL_MODE_UNDEFINED) {
- return 0;
- }
- trace_qxl_destroy_primary(d->id);
- d->mode = QXL_MODE_UNDEFINED;
- qemu_spice_destroy_primary_surface(&d->ssd, 0, async);
- qxl_spice_reset_cursor(d);
- return 1;
-}
-
-static void qxl_set_mode(PCIQXLDevice *d, int modenr, int loadvm)
-{
- pcibus_t start = d->pci.io_regions[QXL_RAM_RANGE_INDEX].addr;
- pcibus_t end = d->pci.io_regions[QXL_RAM_RANGE_INDEX].size + start;
- QXLMode *mode = d->modes->modes + modenr;
- uint64_t devmem = d->pci.io_regions[QXL_RAM_RANGE_INDEX].addr;
- QXLMemSlot slot = {
- .mem_start = start,
- .mem_end = end
- };
- QXLSurfaceCreate surface = {
- .width = mode->x_res,
- .height = mode->y_res,
- .stride = -mode->x_res * 4,
- .format = SPICE_SURFACE_FMT_32_xRGB,
- .flags = loadvm ? QXL_SURF_FLAG_KEEP_DATA : 0,
- .mouse_mode = true,
- .mem = devmem + d->shadow_rom.draw_area_offset,
- };
-
- trace_qxl_set_mode(d->id, modenr, mode->x_res, mode->y_res, mode->bits,
- devmem);
- if (!loadvm) {
- qxl_hard_reset(d, 0);
- }
-
- d->guest_slots[0].slot = slot;
- assert(qxl_add_memslot(d, 0, devmem, QXL_SYNC) == 0);
-
- d->guest_primary.surface = surface;
- qxl_create_guest_primary(d, 0, QXL_SYNC);
-
- d->mode = QXL_MODE_COMPAT;
- d->cmdflags = QXL_COMMAND_FLAG_COMPAT;
- if (mode->bits == 16) {
- d->cmdflags |= QXL_COMMAND_FLAG_COMPAT_16BPP;
- }
- d->shadow_rom.mode = cpu_to_le32(modenr);
- d->rom->mode = cpu_to_le32(modenr);
- qxl_rom_set_dirty(d);
-}
-
-static void ioport_write(void *opaque, hwaddr addr,
- uint64_t val, unsigned size)
-{
- PCIQXLDevice *d = opaque;
- uint32_t io_port = addr;
- qxl_async_io async = QXL_SYNC;
- uint32_t orig_io_port = io_port;
-
- if (d->guest_bug && io_port != QXL_IO_RESET) {
- return;
- }
-
- if (d->revision <= QXL_REVISION_STABLE_V10 &&
- io_port > QXL_IO_FLUSH_RELEASE) {
- qxl_set_guest_bug(d, "unsupported io %d for revision %d\n",
- io_port, d->revision);
- return;
- }
-
- switch (io_port) {
- case QXL_IO_RESET:
- case QXL_IO_SET_MODE:
- case QXL_IO_MEMSLOT_ADD:
- case QXL_IO_MEMSLOT_DEL:
- case QXL_IO_CREATE_PRIMARY:
- case QXL_IO_UPDATE_IRQ:
- case QXL_IO_LOG:
- case QXL_IO_MEMSLOT_ADD_ASYNC:
- case QXL_IO_CREATE_PRIMARY_ASYNC:
- break;
- default:
- if (d->mode != QXL_MODE_VGA) {
- break;
- }
- trace_qxl_io_unexpected_vga_mode(d->id,
- addr, val, io_port_to_string(io_port));
- /* be nice to buggy guest drivers */
- if (io_port >= QXL_IO_UPDATE_AREA_ASYNC &&
- io_port < QXL_IO_RANGE_SIZE) {
- qxl_send_events(d, QXL_INTERRUPT_IO_CMD);
- }
- return;
- }
-
- /* we change the io_port to avoid ifdeffery in the main switch */
- orig_io_port = io_port;
- switch (io_port) {
- case QXL_IO_UPDATE_AREA_ASYNC:
- io_port = QXL_IO_UPDATE_AREA;
- goto async_common;
- case QXL_IO_MEMSLOT_ADD_ASYNC:
- io_port = QXL_IO_MEMSLOT_ADD;
- goto async_common;
- case QXL_IO_CREATE_PRIMARY_ASYNC:
- io_port = QXL_IO_CREATE_PRIMARY;
- goto async_common;
- case QXL_IO_DESTROY_PRIMARY_ASYNC:
- io_port = QXL_IO_DESTROY_PRIMARY;
- goto async_common;
- case QXL_IO_DESTROY_SURFACE_ASYNC:
- io_port = QXL_IO_DESTROY_SURFACE_WAIT;
- goto async_common;
- case QXL_IO_DESTROY_ALL_SURFACES_ASYNC:
- io_port = QXL_IO_DESTROY_ALL_SURFACES;
- goto async_common;
- case QXL_IO_FLUSH_SURFACES_ASYNC:
- case QXL_IO_MONITORS_CONFIG_ASYNC:
-async_common:
- async = QXL_ASYNC;
- qemu_mutex_lock(&d->async_lock);
- if (d->current_async != QXL_UNDEFINED_IO) {
- qxl_set_guest_bug(d, "%d async started before last (%d) complete",
- io_port, d->current_async);
- qemu_mutex_unlock(&d->async_lock);
- return;
- }
- d->current_async = orig_io_port;
- qemu_mutex_unlock(&d->async_lock);
- break;
- default:
- break;
- }
- trace_qxl_io_write(d->id, qxl_mode_to_string(d->mode), addr, val, size,
- async);
-
- switch (io_port) {
- case QXL_IO_UPDATE_AREA:
- {
- QXLCookie *cookie = NULL;
- QXLRect update = d->ram->update_area;
-
- if (d->ram->update_surface > d->ssd.num_surfaces) {
- qxl_set_guest_bug(d, "QXL_IO_UPDATE_AREA: invalid surface id %d\n",
- d->ram->update_surface);
- break;
- }
- if (update.left >= update.right || update.top >= update.bottom ||
- update.left < 0 || update.top < 0) {
- qxl_set_guest_bug(d,
- "QXL_IO_UPDATE_AREA: invalid area (%ux%u)x(%ux%u)\n",
- update.left, update.top, update.right, update.bottom);
- break;
- }
- if (async == QXL_ASYNC) {
- cookie = qxl_cookie_new(QXL_COOKIE_TYPE_IO,
- QXL_IO_UPDATE_AREA_ASYNC);
- cookie->u.area = update;
- }
- qxl_spice_update_area(d, d->ram->update_surface,
- cookie ? &cookie->u.area : &update,
- NULL, 0, 0, async, cookie);
- break;
- }
- case QXL_IO_NOTIFY_CMD:
- qemu_spice_wakeup(&d->ssd);
- break;
- case QXL_IO_NOTIFY_CURSOR:
- qemu_spice_wakeup(&d->ssd);
- break;
- case QXL_IO_UPDATE_IRQ:
- qxl_update_irq(d);
- break;
- case QXL_IO_NOTIFY_OOM:
- if (!SPICE_RING_IS_EMPTY(&d->ram->release_ring)) {
- break;
- }
- d->oom_running = 1;
- qxl_spice_oom(d);
- d->oom_running = 0;
- break;
- case QXL_IO_SET_MODE:
- qxl_set_mode(d, val, 0);
- break;
- case QXL_IO_LOG:
- trace_qxl_io_log(d->id, d->ram->log_buf);
- if (d->guestdebug) {
- fprintf(stderr, "qxl/guest-%d: %" PRId64 ": %s", d->id,
- qemu_get_clock_ns(vm_clock), d->ram->log_buf);
- }
- break;
- case QXL_IO_RESET:
- qxl_hard_reset(d, 0);
- break;
- case QXL_IO_MEMSLOT_ADD:
- if (val >= NUM_MEMSLOTS) {
- qxl_set_guest_bug(d, "QXL_IO_MEMSLOT_ADD: val out of range");
- break;
- }
- if (d->guest_slots[val].active) {
- qxl_set_guest_bug(d,
- "QXL_IO_MEMSLOT_ADD: memory slot already active");
- break;
- }
- d->guest_slots[val].slot = d->ram->mem_slot;
- qxl_add_memslot(d, val, 0, async);
- break;
- case QXL_IO_MEMSLOT_DEL:
- if (val >= NUM_MEMSLOTS) {
- qxl_set_guest_bug(d, "QXL_IO_MEMSLOT_DEL: val out of range");
- break;
- }
- qxl_del_memslot(d, val);
- break;
- case QXL_IO_CREATE_PRIMARY:
- if (val != 0) {
- qxl_set_guest_bug(d, "QXL_IO_CREATE_PRIMARY (async=%d): val != 0",
- async);
- goto cancel_async;
- }
- d->guest_primary.surface = d->ram->create_surface;
- qxl_create_guest_primary(d, 0, async);
- break;
- case QXL_IO_DESTROY_PRIMARY:
- if (val != 0) {
- qxl_set_guest_bug(d, "QXL_IO_DESTROY_PRIMARY (async=%d): val != 0",
- async);
- goto cancel_async;
- }
- if (!qxl_destroy_primary(d, async)) {
- trace_qxl_io_destroy_primary_ignored(d->id,
- qxl_mode_to_string(d->mode));
- goto cancel_async;
- }
- break;
- case QXL_IO_DESTROY_SURFACE_WAIT:
- if (val >= d->ssd.num_surfaces) {
- qxl_set_guest_bug(d, "QXL_IO_DESTROY_SURFACE (async=%d):"
- "%" PRIu64 " >= NUM_SURFACES", async, val);
- goto cancel_async;
- }
- qxl_spice_destroy_surface_wait(d, val, async);
- break;
- case QXL_IO_FLUSH_RELEASE: {
- QXLReleaseRing *ring = &d->ram->release_ring;
- if (ring->prod - ring->cons + 1 == ring->num_items) {
- fprintf(stderr,
- "ERROR: no flush, full release ring [p%d,%dc]\n",
- ring->prod, ring->cons);
- }
- qxl_push_free_res(d, 1 /* flush */);
- break;
- }
- case QXL_IO_FLUSH_SURFACES_ASYNC:
- qxl_spice_flush_surfaces_async(d);
- break;
- case QXL_IO_DESTROY_ALL_SURFACES:
- d->mode = QXL_MODE_UNDEFINED;
- qxl_spice_destroy_surfaces(d, async);
- break;
- case QXL_IO_MONITORS_CONFIG_ASYNC:
- qxl_spice_monitors_config_async(d, 0);
- break;
- default:
- qxl_set_guest_bug(d, "%s: unexpected ioport=0x%x\n", __func__, io_port);
- }
- return;
-cancel_async:
- if (async) {
- qxl_send_events(d, QXL_INTERRUPT_IO_CMD);
- qemu_mutex_lock(&d->async_lock);
- d->current_async = QXL_UNDEFINED_IO;
- qemu_mutex_unlock(&d->async_lock);
- }
-}
-
-static uint64_t ioport_read(void *opaque, hwaddr addr,
- unsigned size)
-{
- PCIQXLDevice *qxl = opaque;
-
- trace_qxl_io_read_unexpected(qxl->id);
- return 0xff;
-}
-
-static const MemoryRegionOps qxl_io_ops = {
- .read = ioport_read,
- .write = ioport_write,
- .valid = {
- .min_access_size = 1,
- .max_access_size = 1,
- },
-};
-
-static void pipe_read(void *opaque)
-{
- PCIQXLDevice *d = opaque;
- char dummy;
- int len;
-
- do {
- len = read(d->pipe[0], &dummy, sizeof(dummy));
- } while (len == sizeof(dummy));
- qxl_update_irq(d);
-}
-
-static void qxl_send_events(PCIQXLDevice *d, uint32_t events)
-{
- uint32_t old_pending;
- uint32_t le_events = cpu_to_le32(events);
-
- trace_qxl_send_events(d->id, events);
- if (!qemu_spice_display_is_running(&d->ssd)) {
- /* spice-server tracks guest running state and should not do this */
- fprintf(stderr, "%s: spice-server bug: guest stopped, ignoring\n",
- __func__);
- trace_qxl_send_events_vm_stopped(d->id, events);
- return;
- }
- old_pending = __sync_fetch_and_or(&d->ram->int_pending, le_events);
- if ((old_pending & le_events) == le_events) {
- return;
- }
- if (qemu_thread_is_self(&d->main)) {
- qxl_update_irq(d);
- } else {
- if (write(d->pipe[1], d, 1) != 1) {
- dprint(d, 1, "%s: write to pipe failed\n", __func__);
- }
- }
-}
-
-static void init_pipe_signaling(PCIQXLDevice *d)
-{
- if (pipe(d->pipe) < 0) {
- fprintf(stderr, "%s:%s: qxl pipe creation failed\n",
- __FILE__, __func__);
- exit(1);
- }
- fcntl(d->pipe[0], F_SETFL, O_NONBLOCK);
- fcntl(d->pipe[1], F_SETFL, O_NONBLOCK);
- fcntl(d->pipe[0], F_SETOWN, getpid());
-
- qemu_thread_get_self(&d->main);
- qemu_set_fd_handler(d->pipe[0], pipe_read, NULL, d);
-}
-
-/* graphics console */
-
-static void qxl_hw_update(void *opaque)
-{
- PCIQXLDevice *qxl = opaque;
- VGACommonState *vga = &qxl->vga;
-
- switch (qxl->mode) {
- case QXL_MODE_VGA:
- vga->update(vga);
- break;
- case QXL_MODE_COMPAT:
- case QXL_MODE_NATIVE:
- qxl_render_update(qxl);
- break;
- default:
- break;
- }
-}
-
-static void qxl_hw_invalidate(void *opaque)
-{
- PCIQXLDevice *qxl = opaque;
- VGACommonState *vga = &qxl->vga;
-
- vga->invalidate(vga);
-}
-
-static void qxl_hw_screen_dump(void *opaque, const char *filename, bool cswitch,
- Error **errp)
-{
- PCIQXLDevice *qxl = opaque;
- VGACommonState *vga = &qxl->vga;
-
- switch (qxl->mode) {
- case QXL_MODE_COMPAT:
- case QXL_MODE_NATIVE:
- qxl_render_update(qxl);
- ppm_save(filename, qxl->ssd.ds->surface, errp);
- break;
- case QXL_MODE_VGA:
- vga->screen_dump(vga, filename, cswitch, errp);
- break;
- default:
- break;
- }
-}
-
-static void qxl_hw_text_update(void *opaque, console_ch_t *chardata)
-{
- PCIQXLDevice *qxl = opaque;
- VGACommonState *vga = &qxl->vga;
-
- if (qxl->mode == QXL_MODE_VGA) {
- vga->text_update(vga, chardata);
- return;
- }
-}
-
-static void qxl_dirty_surfaces(PCIQXLDevice *qxl)
-{
- uintptr_t vram_start;
- int i;
-
- if (qxl->mode != QXL_MODE_NATIVE && qxl->mode != QXL_MODE_COMPAT) {
- return;
- }
-
- /* dirty the primary surface */
- qxl_set_dirty(&qxl->vga.vram, qxl->shadow_rom.draw_area_offset,
- qxl->shadow_rom.surface0_area_size);
-
- vram_start = (uintptr_t)memory_region_get_ram_ptr(&qxl->vram_bar);
-
- /* dirty the off-screen surfaces */
- for (i = 0; i < qxl->ssd.num_surfaces; i++) {
- QXLSurfaceCmd *cmd;
- intptr_t surface_offset;
- int surface_size;
-
- if (qxl->guest_surfaces.cmds[i] == 0) {
- continue;
- }
-
- cmd = qxl_phys2virt(qxl, qxl->guest_surfaces.cmds[i],
- MEMSLOT_GROUP_GUEST);
- assert(cmd);
- assert(cmd->type == QXL_SURFACE_CMD_CREATE);
- surface_offset = (intptr_t)qxl_phys2virt(qxl,
- cmd->u.surface_create.data,
- MEMSLOT_GROUP_GUEST);
- assert(surface_offset);
- surface_offset -= vram_start;
- surface_size = cmd->u.surface_create.height *
- abs(cmd->u.surface_create.stride);
- trace_qxl_surfaces_dirty(qxl->id, i, (int)surface_offset, surface_size);
- qxl_set_dirty(&qxl->vram_bar, surface_offset, surface_size);
- }
-}
-
-static void qxl_vm_change_state_handler(void *opaque, int running,
- RunState state)
-{
- PCIQXLDevice *qxl = opaque;
-
- if (running) {
- /*
- * if qxl_send_events was called from spice server context before
- * migration ended, qxl_update_irq for these events might not have been
- * called
- */
- qxl_update_irq(qxl);
- } else {
- /* make sure surfaces are saved before migration */
- qxl_dirty_surfaces(qxl);
- }
-}
-
-/* display change listener */
-
-static void display_update(struct DisplayState *ds, int x, int y, int w, int h)
-{
- if (qxl0->mode == QXL_MODE_VGA) {
- qemu_spice_display_update(&qxl0->ssd, x, y, w, h);
- }
-}
-
-static void display_resize(struct DisplayState *ds)
-{
- if (qxl0->mode == QXL_MODE_VGA) {
- qemu_spice_display_resize(&qxl0->ssd);
- }
-}
-
-static void display_refresh(struct DisplayState *ds)
-{
- if (qxl0->mode == QXL_MODE_VGA) {
- qemu_spice_display_refresh(&qxl0->ssd);
- } else {
- qemu_mutex_lock(&qxl0->ssd.lock);
- qemu_spice_cursor_refresh_unlocked(&qxl0->ssd);
- qemu_mutex_unlock(&qxl0->ssd.lock);
- }
-}
-
-static DisplayChangeListener display_listener = {
- .dpy_gfx_update = display_update,
- .dpy_gfx_resize = display_resize,
- .dpy_refresh = display_refresh,
-};
-
-static void qxl_init_ramsize(PCIQXLDevice *qxl)
-{
- /* vga mode framebuffer / primary surface (bar 0, first part) */
- if (qxl->vgamem_size_mb < 8) {
- qxl->vgamem_size_mb = 8;
- }
- qxl->vgamem_size = qxl->vgamem_size_mb * 1024 * 1024;
-
- /* vga ram (bar 0, total) */
- if (qxl->ram_size_mb != -1) {
- qxl->vga.vram_size = qxl->ram_size_mb * 1024 * 1024;
- }
- if (qxl->vga.vram_size < qxl->vgamem_size * 2) {
- qxl->vga.vram_size = qxl->vgamem_size * 2;
- }
-
- /* vram32 (surfaces, 32bit, bar 1) */
- if (qxl->vram32_size_mb != -1) {
- qxl->vram32_size = qxl->vram32_size_mb * 1024 * 1024;
- }
- if (qxl->vram32_size < 4096) {
- qxl->vram32_size = 4096;
- }
-
- /* vram (surfaces, 64bit, bar 4+5) */
- if (qxl->vram_size_mb != -1) {
- qxl->vram_size = qxl->vram_size_mb * 1024 * 1024;
- }
- if (qxl->vram_size < qxl->vram32_size) {
- qxl->vram_size = qxl->vram32_size;
- }
-
- if (qxl->revision == 1) {
- qxl->vram32_size = 4096;
- qxl->vram_size = 4096;
- }
- qxl->vgamem_size = msb_mask(qxl->vgamem_size * 2 - 1);
- qxl->vga.vram_size = msb_mask(qxl->vga.vram_size * 2 - 1);
- qxl->vram32_size = msb_mask(qxl->vram32_size * 2 - 1);
- qxl->vram_size = msb_mask(qxl->vram_size * 2 - 1);
-}
-
-static int qxl_init_common(PCIQXLDevice *qxl)
-{
- uint8_t* config = qxl->pci.config;
- uint32_t pci_device_rev;
- uint32_t io_size;
-
- qxl->mode = QXL_MODE_UNDEFINED;
- qxl->generation = 1;
- qxl->num_memslots = NUM_MEMSLOTS;
- qemu_mutex_init(&qxl->track_lock);
- qemu_mutex_init(&qxl->async_lock);
- qxl->current_async = QXL_UNDEFINED_IO;
- qxl->guest_bug = 0;
-
- switch (qxl->revision) {
- case 1: /* spice 0.4 -- qxl-1 */
- pci_device_rev = QXL_REVISION_STABLE_V04;
- io_size = 8;
- break;
- case 2: /* spice 0.6 -- qxl-2 */
- pci_device_rev = QXL_REVISION_STABLE_V06;
- io_size = 16;
- break;
- case 3: /* qxl-3 */
- pci_device_rev = QXL_REVISION_STABLE_V10;
- io_size = 32; /* PCI region size must be pow2 */
- break;
- case 4: /* qxl-4 */
- pci_device_rev = QXL_REVISION_STABLE_V12;
- io_size = msb_mask(QXL_IO_RANGE_SIZE * 2 - 1);
- break;
- default:
- error_report("Invalid revision %d for qxl device (max %d)",
- qxl->revision, QXL_DEFAULT_REVISION);
- return -1;
- }
-
- pci_set_byte(&config[PCI_REVISION_ID], pci_device_rev);
- pci_set_byte(&config[PCI_INTERRUPT_PIN], 1);
-
- qxl->rom_size = qxl_rom_size();
- memory_region_init_ram(&qxl->rom_bar, "qxl.vrom", qxl->rom_size);
- vmstate_register_ram(&qxl->rom_bar, &qxl->pci.qdev);
- init_qxl_rom(qxl);
- init_qxl_ram(qxl);
-
- qxl->guest_surfaces.cmds = g_new0(QXLPHYSICAL, qxl->ssd.num_surfaces);
- memory_region_init_ram(&qxl->vram_bar, "qxl.vram", qxl->vram_size);
- vmstate_register_ram(&qxl->vram_bar, &qxl->pci.qdev);
- memory_region_init_alias(&qxl->vram32_bar, "qxl.vram32", &qxl->vram_bar,
- 0, qxl->vram32_size);
-
- memory_region_init_io(&qxl->io_bar, &qxl_io_ops, qxl,
- "qxl-ioports", io_size);
- if (qxl->id == 0) {
- vga_dirty_log_start(&qxl->vga);
- }
- memory_region_set_flush_coalesced(&qxl->io_bar);
-
-
- pci_register_bar(&qxl->pci, QXL_IO_RANGE_INDEX,
- PCI_BASE_ADDRESS_SPACE_IO, &qxl->io_bar);
-
- pci_register_bar(&qxl->pci, QXL_ROM_RANGE_INDEX,
- PCI_BASE_ADDRESS_SPACE_MEMORY, &qxl->rom_bar);
-
- pci_register_bar(&qxl->pci, QXL_RAM_RANGE_INDEX,
- PCI_BASE_ADDRESS_SPACE_MEMORY, &qxl->vga.vram);
-
- pci_register_bar(&qxl->pci, QXL_VRAM_RANGE_INDEX,
- PCI_BASE_ADDRESS_SPACE_MEMORY, &qxl->vram32_bar);
-
- if (qxl->vram32_size < qxl->vram_size) {
- /*
- * Make the 64bit vram bar show up only in case it is
- * configured to be larger than the 32bit vram bar.
- */
- pci_register_bar(&qxl->pci, QXL_VRAM64_RANGE_INDEX,
- PCI_BASE_ADDRESS_SPACE_MEMORY |
- PCI_BASE_ADDRESS_MEM_TYPE_64 |
- PCI_BASE_ADDRESS_MEM_PREFETCH,
- &qxl->vram_bar);
- }
-
- /* print pci bar details */
- dprint(qxl, 1, "ram/%s: %d MB [region 0]\n",
- qxl->id == 0 ? "pri" : "sec",
- qxl->vga.vram_size / (1024*1024));
- dprint(qxl, 1, "vram/32: %d MB [region 1]\n",
- qxl->vram32_size / (1024*1024));
- dprint(qxl, 1, "vram/64: %d MB %s\n",
- qxl->vram_size / (1024*1024),
- qxl->vram32_size < qxl->vram_size ? "[region 4]" : "[unmapped]");
-
- qxl->ssd.qxl.base.sif = &qxl_interface.base;
- qxl->ssd.qxl.id = qxl->id;
- if (qemu_spice_add_interface(&qxl->ssd.qxl.base) != 0) {
- error_report("qxl interface %d.%d not supported by spice-server\n",
- SPICE_INTERFACE_QXL_MAJOR, SPICE_INTERFACE_QXL_MINOR);
- return -1;
- }
- qemu_add_vm_change_state_handler(qxl_vm_change_state_handler, qxl);
-
- init_pipe_signaling(qxl);
- qxl_reset_state(qxl);
-
- qxl->update_area_bh = qemu_bh_new(qxl_render_update_area_bh, qxl);
-
- return 0;
-}
-
-static int qxl_init_primary(PCIDevice *dev)
-{
- PCIQXLDevice *qxl = DO_UPCAST(PCIQXLDevice, pci, dev);
- VGACommonState *vga = &qxl->vga;
- PortioList *qxl_vga_port_list = g_new(PortioList, 1);
- int rc;
-
- qxl->id = 0;
- qxl_init_ramsize(qxl);
- vga->vram_size_mb = qxl->vga.vram_size >> 20;
- vga_common_init(vga);
- vga_init(vga, pci_address_space(dev), pci_address_space_io(dev), false);
- portio_list_init(qxl_vga_port_list, qxl_vga_portio_list, vga, "vga");
- portio_list_add(qxl_vga_port_list, pci_address_space_io(dev), 0x3b0);
-
- vga->ds = graphic_console_init(qxl_hw_update, qxl_hw_invalidate,
- qxl_hw_screen_dump, qxl_hw_text_update, qxl);
- qemu_spice_display_init_common(&qxl->ssd, vga->ds);
-
- qxl0 = qxl;
-
- rc = qxl_init_common(qxl);
- if (rc != 0) {
- return rc;
- }
-
- register_displaychangelistener(vga->ds, &display_listener);
- return rc;
-}
-
-static int qxl_init_secondary(PCIDevice *dev)
-{
- static int device_id = 1;
- PCIQXLDevice *qxl = DO_UPCAST(PCIQXLDevice, pci, dev);
-
- qxl->id = device_id++;
- qxl_init_ramsize(qxl);
- memory_region_init_ram(&qxl->vga.vram, "qxl.vgavram", qxl->vga.vram_size);
- vmstate_register_ram(&qxl->vga.vram, &qxl->pci.qdev);
- qxl->vga.vram_ptr = memory_region_get_ram_ptr(&qxl->vga.vram);
-
- return qxl_init_common(qxl);
-}
-
-static void qxl_pre_save(void *opaque)
-{
- PCIQXLDevice* d = opaque;
- uint8_t *ram_start = d->vga.vram_ptr;
-
- trace_qxl_pre_save(d->id);
- if (d->last_release == NULL) {
- d->last_release_offset = 0;
- } else {
- d->last_release_offset = (uint8_t *)d->last_release - ram_start;
- }
- assert(d->last_release_offset < d->vga.vram_size);
-}
-
-static int qxl_pre_load(void *opaque)
-{
- PCIQXLDevice* d = opaque;
-
- trace_qxl_pre_load(d->id);
- qxl_hard_reset(d, 1);
- qxl_exit_vga_mode(d);
- return 0;
-}
-
-static void qxl_create_memslots(PCIQXLDevice *d)
-{
- int i;
-
- for (i = 0; i < NUM_MEMSLOTS; i++) {
- if (!d->guest_slots[i].active) {
- continue;
- }
- qxl_add_memslot(d, i, 0, QXL_SYNC);
- }
-}
-
-static int qxl_post_load(void *opaque, int version)
-{
- PCIQXLDevice* d = opaque;
- uint8_t *ram_start = d->vga.vram_ptr;
- QXLCommandExt *cmds;
- int in, out, newmode;
-
- assert(d->last_release_offset < d->vga.vram_size);
- if (d->last_release_offset == 0) {
- d->last_release = NULL;
- } else {
- d->last_release = (QXLReleaseInfo *)(ram_start + d->last_release_offset);
- }
-
- d->modes = (QXLModes*)((uint8_t*)d->rom + d->rom->modes_offset);
-
- trace_qxl_post_load(d->id, qxl_mode_to_string(d->mode));
- newmode = d->mode;
- d->mode = QXL_MODE_UNDEFINED;
-
- switch (newmode) {
- case QXL_MODE_UNDEFINED:
- qxl_create_memslots(d);
- break;
- case QXL_MODE_VGA:
- qxl_create_memslots(d);
- qxl_enter_vga_mode(d);
- break;
- case QXL_MODE_NATIVE:
- qxl_create_memslots(d);
- qxl_create_guest_primary(d, 1, QXL_SYNC);
-
- /* replay surface-create and cursor-set commands */
- cmds = g_malloc0(sizeof(QXLCommandExt) * (d->ssd.num_surfaces + 1));
- for (in = 0, out = 0; in < d->ssd.num_surfaces; in++) {
- if (d->guest_surfaces.cmds[in] == 0) {
- continue;
- }
- cmds[out].cmd.data = d->guest_surfaces.cmds[in];
- cmds[out].cmd.type = QXL_CMD_SURFACE;
- cmds[out].group_id = MEMSLOT_GROUP_GUEST;
- out++;
- }
- if (d->guest_cursor) {
- cmds[out].cmd.data = d->guest_cursor;
- cmds[out].cmd.type = QXL_CMD_CURSOR;
- cmds[out].group_id = MEMSLOT_GROUP_GUEST;
- out++;
- }
- qxl_spice_loadvm_commands(d, cmds, out);
- g_free(cmds);
- if (d->guest_monitors_config) {
- qxl_spice_monitors_config_async(d, 1);
- }
- break;
- case QXL_MODE_COMPAT:
- /* note: no need to call qxl_create_memslots, qxl_set_mode
- * creates the mem slot. */
- qxl_set_mode(d, d->shadow_rom.mode, 1);
- break;
- }
- return 0;
-}
-
-#define QXL_SAVE_VERSION 21
-
-static bool qxl_monitors_config_needed(void *opaque)
-{
- PCIQXLDevice *qxl = opaque;
-
- return qxl->guest_monitors_config != 0;
-}
-
-
-static VMStateDescription qxl_memslot = {
- .name = "qxl-memslot",
- .version_id = QXL_SAVE_VERSION,
- .minimum_version_id = QXL_SAVE_VERSION,
- .fields = (VMStateField[]) {
- VMSTATE_UINT64(slot.mem_start, struct guest_slots),
- VMSTATE_UINT64(slot.mem_end, struct guest_slots),
- VMSTATE_UINT32(active, struct guest_slots),
- VMSTATE_END_OF_LIST()
- }
-};
-
-static VMStateDescription qxl_surface = {
- .name = "qxl-surface",
- .version_id = QXL_SAVE_VERSION,
- .minimum_version_id = QXL_SAVE_VERSION,
- .fields = (VMStateField[]) {
- VMSTATE_UINT32(width, QXLSurfaceCreate),
- VMSTATE_UINT32(height, QXLSurfaceCreate),
- VMSTATE_INT32(stride, QXLSurfaceCreate),
- VMSTATE_UINT32(format, QXLSurfaceCreate),
- VMSTATE_UINT32(position, QXLSurfaceCreate),
- VMSTATE_UINT32(mouse_mode, QXLSurfaceCreate),
- VMSTATE_UINT32(flags, QXLSurfaceCreate),
- VMSTATE_UINT32(type, QXLSurfaceCreate),
- VMSTATE_UINT64(mem, QXLSurfaceCreate),
- VMSTATE_END_OF_LIST()
- }
-};
-
-static VMStateDescription qxl_vmstate_monitors_config = {
- .name = "qxl/monitors-config",
- .version_id = 1,
- .minimum_version_id = 1,
- .fields = (VMStateField[]) {
- VMSTATE_UINT64(guest_monitors_config, PCIQXLDevice),
- VMSTATE_END_OF_LIST()
- },
-};
-
-static VMStateDescription qxl_vmstate = {
- .name = "qxl",
- .version_id = QXL_SAVE_VERSION,
- .minimum_version_id = QXL_SAVE_VERSION,
- .pre_save = qxl_pre_save,
- .pre_load = qxl_pre_load,
- .post_load = qxl_post_load,
- .fields = (VMStateField[]) {
- VMSTATE_PCI_DEVICE(pci, PCIQXLDevice),
- VMSTATE_STRUCT(vga, PCIQXLDevice, 0, vmstate_vga_common, VGACommonState),
- VMSTATE_UINT32(shadow_rom.mode, PCIQXLDevice),
- VMSTATE_UINT32(num_free_res, PCIQXLDevice),
- VMSTATE_UINT32(last_release_offset, PCIQXLDevice),
- VMSTATE_UINT32(mode, PCIQXLDevice),
- VMSTATE_UINT32(ssd.unique, PCIQXLDevice),
- VMSTATE_INT32_EQUAL(num_memslots, PCIQXLDevice),
- VMSTATE_STRUCT_ARRAY(guest_slots, PCIQXLDevice, NUM_MEMSLOTS, 0,
- qxl_memslot, struct guest_slots),
- VMSTATE_STRUCT(guest_primary.surface, PCIQXLDevice, 0,
- qxl_surface, QXLSurfaceCreate),
- VMSTATE_INT32_EQUAL(ssd.num_surfaces, PCIQXLDevice),
- VMSTATE_VARRAY_INT32(guest_surfaces.cmds, PCIQXLDevice,
- ssd.num_surfaces, 0,
- vmstate_info_uint64, uint64_t),
- VMSTATE_UINT64(guest_cursor, PCIQXLDevice),
- VMSTATE_END_OF_LIST()
- },
- .subsections = (VMStateSubsection[]) {
- {
- .vmsd = &qxl_vmstate_monitors_config,
- .needed = qxl_monitors_config_needed,
- }, {
- /* empty */
- }
- }
-};
-
-static Property qxl_properties[] = {
- DEFINE_PROP_UINT32("ram_size", PCIQXLDevice, vga.vram_size,
- 64 * 1024 * 1024),
- DEFINE_PROP_UINT32("vram_size", PCIQXLDevice, vram32_size,
- 64 * 1024 * 1024),
- DEFINE_PROP_UINT32("revision", PCIQXLDevice, revision,
- QXL_DEFAULT_REVISION),
- DEFINE_PROP_UINT32("debug", PCIQXLDevice, debug, 0),
- DEFINE_PROP_UINT32("guestdebug", PCIQXLDevice, guestdebug, 0),
- DEFINE_PROP_UINT32("cmdlog", PCIQXLDevice, cmdlog, 0),
- DEFINE_PROP_UINT32("ram_size_mb", PCIQXLDevice, ram_size_mb, -1),
- DEFINE_PROP_UINT32("vram_size_mb", PCIQXLDevice, vram32_size_mb, -1),
- DEFINE_PROP_UINT32("vram64_size_mb", PCIQXLDevice, vram_size_mb, -1),
- DEFINE_PROP_UINT32("vgamem_mb", PCIQXLDevice, vgamem_size_mb, 16),
- DEFINE_PROP_INT32("surfaces", PCIQXLDevice, ssd.num_surfaces, 1024),
- DEFINE_PROP_END_OF_LIST(),
-};
-
-static void qxl_primary_class_init(ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS(klass);
- PCIDeviceClass *k = PCI_DEVICE_CLASS(klass);
-
- k->no_hotplug = 1;
- k->init = qxl_init_primary;
- k->romfile = "vgabios-qxl.bin";
- k->vendor_id = REDHAT_PCI_VENDOR_ID;
- k->device_id = QXL_DEVICE_ID_STABLE;
- k->class_id = PCI_CLASS_DISPLAY_VGA;
- dc->desc = "Spice QXL GPU (primary, vga compatible)";
- dc->reset = qxl_reset_handler;
- dc->vmsd = &qxl_vmstate;
- dc->props = qxl_properties;
-}
-
-static TypeInfo qxl_primary_info = {
- .name = "qxl-vga",
- .parent = TYPE_PCI_DEVICE,
- .instance_size = sizeof(PCIQXLDevice),
- .class_init = qxl_primary_class_init,
-};
-
-static void qxl_secondary_class_init(ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS(klass);
- PCIDeviceClass *k = PCI_DEVICE_CLASS(klass);
-
- k->init = qxl_init_secondary;
- k->vendor_id = REDHAT_PCI_VENDOR_ID;
- k->device_id = QXL_DEVICE_ID_STABLE;
- k->class_id = PCI_CLASS_DISPLAY_OTHER;
- dc->desc = "Spice QXL GPU (secondary)";
- dc->reset = qxl_reset_handler;
- dc->vmsd = &qxl_vmstate;
- dc->props = qxl_properties;
-}
-
-static TypeInfo qxl_secondary_info = {
- .name = "qxl",
- .parent = TYPE_PCI_DEVICE,
- .instance_size = sizeof(PCIQXLDevice),
- .class_init = qxl_secondary_class_init,
-};
-
-static void qxl_register_types(void)
-{
- type_register_static(&qxl_primary_info);
- type_register_static(&qxl_secondary_info);
-}
-
-type_init(qxl_register_types)
diff --git a/hw/qxl.h b/hw/qxl.h
deleted file mode 100644
index e583cfb75..000000000
--- a/hw/qxl.h
+++ /dev/null
@@ -1,160 +0,0 @@
-#include "qemu-common.h"
-
-#include "console.h"
-#include "hw.h"
-#include "pci.h"
-#include "vga_int.h"
-#include "qemu-thread.h"
-
-#include "ui/qemu-spice.h"
-#include "ui/spice-display.h"
-
-enum qxl_mode {
- QXL_MODE_UNDEFINED,
- QXL_MODE_VGA,
- QXL_MODE_COMPAT, /* spice 0.4.x */
- QXL_MODE_NATIVE,
-};
-
-#ifndef QXL_VRAM64_RANGE_INDEX
-#define QXL_VRAM64_RANGE_INDEX 4
-#endif
-
-#define QXL_UNDEFINED_IO UINT32_MAX
-
-#define QXL_NUM_DIRTY_RECTS 64
-
-typedef struct PCIQXLDevice {
- PCIDevice pci;
- SimpleSpiceDisplay ssd;
- int id;
- uint32_t debug;
- uint32_t guestdebug;
- uint32_t cmdlog;
-
- uint32_t guest_bug;
-
- enum qxl_mode mode;
- uint32_t cmdflags;
- int generation;
- uint32_t revision;
-
- int32_t num_memslots;
-
- uint32_t current_async;
- QemuMutex async_lock;
-
- struct guest_slots {
- QXLMemSlot slot;
- void *ptr;
- uint64_t size;
- uint64_t delta;
- uint32_t active;
- } guest_slots[NUM_MEMSLOTS];
-
- struct guest_primary {
- QXLSurfaceCreate surface;
- uint32_t commands;
- uint32_t resized;
- int32_t qxl_stride;
- uint32_t abs_stride;
- uint32_t bits_pp;
- uint32_t bytes_pp;
- uint8_t *data;
- } guest_primary;
-
- struct surfaces {
- QXLPHYSICAL *cmds;
- uint32_t count;
- uint32_t max;
- } guest_surfaces;
- QXLPHYSICAL guest_cursor;
-
- QXLPHYSICAL guest_monitors_config;
-
- QemuMutex track_lock;
-
- /* thread signaling */
- QemuThread main;
- int pipe[2];
-
- /* ram pci bar */
- QXLRam *ram;
- VGACommonState vga;
- uint32_t num_free_res;
- QXLReleaseInfo *last_release;
- uint32_t last_release_offset;
- uint32_t oom_running;
- uint32_t vgamem_size;
-
- /* rom pci bar */
- QXLRom shadow_rom;
- QXLRom *rom;
- QXLModes *modes;
- uint32_t rom_size;
- MemoryRegion rom_bar;
-
- /* vram pci bar */
- uint32_t vram_size;
- MemoryRegion vram_bar;
- uint32_t vram32_size;
- MemoryRegion vram32_bar;
-
- /* io bar */
- MemoryRegion io_bar;
-
- /* user-friendly properties (in megabytes) */
- uint32_t ram_size_mb;
- uint32_t vram_size_mb;
- uint32_t vram32_size_mb;
- uint32_t vgamem_size_mb;
-
- /* qxl_render_update state */
- int render_update_cookie_num;
- int num_dirty_rects;
- QXLRect dirty[QXL_NUM_DIRTY_RECTS];
- QEMUBH *update_area_bh;
-} PCIQXLDevice;
-
-#define PANIC_ON(x) if ((x)) { \
- printf("%s: PANIC %s failed\n", __FUNCTION__, #x); \
- abort(); \
-}
-
-#define dprint(_qxl, _level, _fmt, ...) \
- do { \
- if (_qxl->debug >= _level) { \
- fprintf(stderr, "qxl-%d: ", _qxl->id); \
- fprintf(stderr, _fmt, ## __VA_ARGS__); \
- } \
- } while (0)
-
-#define QXL_DEFAULT_REVISION QXL_REVISION_STABLE_V12
-
-/* qxl.c */
-void *qxl_phys2virt(PCIQXLDevice *qxl, QXLPHYSICAL phys, int group_id);
-void qxl_set_guest_bug(PCIQXLDevice *qxl, const char *msg, ...)
- GCC_FMT_ATTR(2, 3);
-
-void qxl_spice_update_area(PCIQXLDevice *qxl, uint32_t surface_id,
- struct QXLRect *area, struct QXLRect *dirty_rects,
- uint32_t num_dirty_rects,
- uint32_t clear_dirty_region,
- qxl_async_io async, QXLCookie *cookie);
-void qxl_spice_loadvm_commands(PCIQXLDevice *qxl, struct QXLCommandExt *ext,
- uint32_t count);
-void qxl_spice_oom(PCIQXLDevice *qxl);
-void qxl_spice_reset_memslots(PCIQXLDevice *qxl);
-void qxl_spice_reset_image_cache(PCIQXLDevice *qxl);
-void qxl_spice_reset_cursor(PCIQXLDevice *qxl);
-
-/* qxl-logger.c */
-int qxl_log_cmd_cursor(PCIQXLDevice *qxl, QXLCursorCmd *cmd, int group_id);
-int qxl_log_command(PCIQXLDevice *qxl, const char *ring, QXLCommandExt *ext);
-
-/* qxl-render.c */
-void qxl_render_resize(PCIQXLDevice *qxl);
-void qxl_render_update(PCIQXLDevice *qxl);
-int qxl_render_cursor(PCIQXLDevice *qxl, QXLCommandExt *ext);
-void qxl_render_update_area_done(PCIQXLDevice *qxl, QXLCookie *cookie);
-void qxl_render_update_area_bh(void *opaque);
diff --git a/hw/r2d.c b/hw/r2d.c
deleted file mode 100644
index 66212e9cd..000000000
--- a/hw/r2d.c
+++ /dev/null
@@ -1,357 +0,0 @@
-/*
- * Renesas SH7751R R2D-PLUS emulation
- *
- * Copyright (c) 2007 Magnus Damm
- * Copyright (c) 2008 Paul Mundt
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
- * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
- * THE SOFTWARE.
- */
-
-#include "sysbus.h"
-#include "hw.h"
-#include "sh.h"
-#include "devices.h"
-#include "sysemu.h"
-#include "boards.h"
-#include "pci.h"
-#include "net.h"
-#include "sh7750_regs.h"
-#include "ide.h"
-#include "loader.h"
-#include "usb.h"
-#include "flash.h"
-#include "blockdev.h"
-#include "exec-memory.h"
-
-#define FLASH_BASE 0x00000000
-#define FLASH_SIZE 0x02000000
-
-#define SDRAM_BASE 0x0c000000 /* Physical location of SDRAM: Area 3 */
-#define SDRAM_SIZE 0x04000000
-
-#define SM501_VRAM_SIZE 0x800000
-
-#define BOOT_PARAMS_OFFSET 0x0010000
-/* CONFIG_BOOT_LINK_OFFSET of Linux kernel */
-#define LINUX_LOAD_OFFSET 0x0800000
-#define INITRD_LOAD_OFFSET 0x1800000
-
-#define PA_IRLMSK 0x00
-#define PA_POWOFF 0x30
-#define PA_VERREG 0x32
-#define PA_OUTPORT 0x36
-
-typedef struct {
- uint16_t bcr;
- uint16_t irlmsk;
- uint16_t irlmon;
- uint16_t cfctl;
- uint16_t cfpow;
- uint16_t dispctl;
- uint16_t sdmpow;
- uint16_t rtcce;
- uint16_t pcicd;
- uint16_t voyagerrts;
- uint16_t cfrst;
- uint16_t admrts;
- uint16_t extrst;
- uint16_t cfcdintclr;
- uint16_t keyctlclr;
- uint16_t pad0;
- uint16_t pad1;
- uint16_t verreg;
- uint16_t inport;
- uint16_t outport;
- uint16_t bverreg;
-
-/* output pin */
- qemu_irq irl;
- MemoryRegion iomem;
-} r2d_fpga_t;
-
-enum r2d_fpga_irq {
- PCI_INTD, CF_IDE, CF_CD, PCI_INTC, SM501, KEY, RTC_A, RTC_T,
- SDCARD, PCI_INTA, PCI_INTB, EXT, TP,
- NR_IRQS
-};
-
-static const struct { short irl; uint16_t msk; } irqtab[NR_IRQS] = {
- [CF_IDE] = { 1, 1<<9 },
- [CF_CD] = { 2, 1<<8 },
- [PCI_INTA] = { 9, 1<<14 },
- [PCI_INTB] = { 10, 1<<13 },
- [PCI_INTC] = { 3, 1<<12 },
- [PCI_INTD] = { 0, 1<<11 },
- [SM501] = { 4, 1<<10 },
- [KEY] = { 5, 1<<6 },
- [RTC_A] = { 6, 1<<5 },
- [RTC_T] = { 7, 1<<4 },
- [SDCARD] = { 8, 1<<7 },
- [EXT] = { 11, 1<<0 },
- [TP] = { 12, 1<<15 },
-};
-
-static void update_irl(r2d_fpga_t *fpga)
-{
- int i, irl = 15;
- for (i = 0; i < NR_IRQS; i++)
- if (fpga->irlmon & fpga->irlmsk & irqtab[i].msk)
- if (irqtab[i].irl < irl)
- irl = irqtab[i].irl;
- qemu_set_irq(fpga->irl, irl ^ 15);
-}
-
-static void r2d_fpga_irq_set(void *opaque, int n, int level)
-{
- r2d_fpga_t *fpga = opaque;
- if (level)
- fpga->irlmon |= irqtab[n].msk;
- else
- fpga->irlmon &= ~irqtab[n].msk;
- update_irl(fpga);
-}
-
-static uint32_t r2d_fpga_read(void *opaque, hwaddr addr)
-{
- r2d_fpga_t *s = opaque;
-
- switch (addr) {
- case PA_IRLMSK:
- return s->irlmsk;
- case PA_OUTPORT:
- return s->outport;
- case PA_POWOFF:
- return 0x00;
- case PA_VERREG:
- return 0x10;
- }
-
- return 0;
-}
-
-static void
-r2d_fpga_write(void *opaque, hwaddr addr, uint32_t value)
-{
- r2d_fpga_t *s = opaque;
-
- switch (addr) {
- case PA_IRLMSK:
- s->irlmsk = value;
- update_irl(s);
- break;
- case PA_OUTPORT:
- s->outport = value;
- break;
- case PA_POWOFF:
- if (value & 1) {
- qemu_system_shutdown_request();
- }
- break;
- case PA_VERREG:
- /* Discard writes */
- break;
- }
-}
-
-static const MemoryRegionOps r2d_fpga_ops = {
- .old_mmio = {
- .read = { r2d_fpga_read, r2d_fpga_read, NULL, },
- .write = { r2d_fpga_write, r2d_fpga_write, NULL, },
- },
- .endianness = DEVICE_NATIVE_ENDIAN,
-};
-
-static qemu_irq *r2d_fpga_init(MemoryRegion *sysmem,
- hwaddr base, qemu_irq irl)
-{
- r2d_fpga_t *s;
-
- s = g_malloc0(sizeof(r2d_fpga_t));
-
- s->irl = irl;
-
- memory_region_init_io(&s->iomem, &r2d_fpga_ops, s, "r2d-fpga", 0x40);
- memory_region_add_subregion(sysmem, base, &s->iomem);
- return qemu_allocate_irqs(r2d_fpga_irq_set, s, NR_IRQS);
-}
-
-typedef struct ResetData {
- SuperHCPU *cpu;
- uint32_t vector;
-} ResetData;
-
-static void main_cpu_reset(void *opaque)
-{
- ResetData *s = (ResetData *)opaque;
- CPUSH4State *env = &s->cpu->env;
-
- cpu_reset(CPU(s->cpu));
- env->pc = s->vector;
-}
-
-static struct QEMU_PACKED
-{
- int mount_root_rdonly;
- int ramdisk_flags;
- int orig_root_dev;
- int loader_type;
- int initrd_start;
- int initrd_size;
-
- char pad[232];
-
- char kernel_cmdline[256];
-} boot_params;
-
-static void r2d_init(QEMUMachineInitArgs *args)
-{
- const char *cpu_model = args->cpu_model;
- const char *kernel_filename = args->kernel_filename;
- const char *kernel_cmdline = args->kernel_cmdline;
- const char *initrd_filename = args->initrd_filename;
- SuperHCPU *cpu;
- CPUSH4State *env;
- ResetData *reset_info;
- struct SH7750State *s;
- MemoryRegion *sdram = g_new(MemoryRegion, 1);
- qemu_irq *irq;
- DriveInfo *dinfo;
- int i;
- DeviceState *dev;
- SysBusDevice *busdev;
- MemoryRegion *address_space_mem = get_system_memory();
-
- if (cpu_model == NULL) {
- cpu_model = "SH7751R";
- }
-
- cpu = cpu_sh4_init(cpu_model);
- if (cpu == NULL) {
- fprintf(stderr, "Unable to find CPU definition\n");
- exit(1);
- }
- env = &cpu->env;
-
- reset_info = g_malloc0(sizeof(ResetData));
- reset_info->cpu = cpu;
- reset_info->vector = env->pc;
- qemu_register_reset(main_cpu_reset, reset_info);
-
- /* Allocate memory space */
- memory_region_init_ram(sdram, "r2d.sdram", SDRAM_SIZE);
- vmstate_register_ram_global(sdram);
- memory_region_add_subregion(address_space_mem, SDRAM_BASE, sdram);
- /* Register peripherals */
- s = sh7750_init(env, address_space_mem);
- irq = r2d_fpga_init(address_space_mem, 0x04000000, sh7750_irl(s));
-
- dev = qdev_create(NULL, "sh_pci");
- busdev = sysbus_from_qdev(dev);
- qdev_init_nofail(dev);
- sysbus_mmio_map(busdev, 0, P4ADDR(0x1e200000));
- sysbus_mmio_map(busdev, 1, A7ADDR(0x1e200000));
- sysbus_connect_irq(busdev, 0, irq[PCI_INTA]);
- sysbus_connect_irq(busdev, 1, irq[PCI_INTB]);
- sysbus_connect_irq(busdev, 2, irq[PCI_INTC]);
- sysbus_connect_irq(busdev, 3, irq[PCI_INTD]);
-
- sm501_init(address_space_mem, 0x10000000, SM501_VRAM_SIZE,
- irq[SM501], serial_hds[2]);
-
- /* onboard CF (True IDE mode, Master only). */
- dinfo = drive_get(IF_IDE, 0, 0);
- mmio_ide_init(0x14001000, 0x1400080c, address_space_mem, irq[CF_IDE], 1,
- dinfo, NULL);
-
- /* onboard flash memory */
- dinfo = drive_get(IF_PFLASH, 0, 0);
- pflash_cfi02_register(0x0, NULL, "r2d.flash", FLASH_SIZE,
- dinfo ? dinfo->bdrv : NULL, (16 * 1024),
- FLASH_SIZE >> 16,
- 1, 4, 0x0000, 0x0000, 0x0000, 0x0000,
- 0x555, 0x2aa, 0);
-
- /* NIC: rtl8139 on-board, and 2 slots. */
- for (i = 0; i < nb_nics; i++)
- pci_nic_init_nofail(&nd_table[i], "rtl8139", i==0 ? "2" : NULL);
-
- /* USB keyboard */
- usbdevice_create("keyboard");
-
- /* Todo: register on board registers */
- memset(&boot_params, 0, sizeof(boot_params));
-
- if (kernel_filename) {
- int kernel_size;
-
- kernel_size = load_image_targphys(kernel_filename,
- SDRAM_BASE + LINUX_LOAD_OFFSET,
- INITRD_LOAD_OFFSET - LINUX_LOAD_OFFSET);
- if (kernel_size < 0) {
- fprintf(stderr, "qemu: could not load kernel '%s'\n", kernel_filename);
- exit(1);
- }
-
- /* initialization which should be done by firmware */
- stl_phys(SH7750_BCR1, 1<<3); /* cs3 SDRAM */
- stw_phys(SH7750_BCR2, 3<<(3*2)); /* cs3 32bit */
- reset_info->vector = (SDRAM_BASE + LINUX_LOAD_OFFSET) | 0xa0000000; /* Start from P2 area */
- }
-
- if (initrd_filename) {
- int initrd_size;
-
- initrd_size = load_image_targphys(initrd_filename,
- SDRAM_BASE + INITRD_LOAD_OFFSET,
- SDRAM_SIZE - INITRD_LOAD_OFFSET);
-
- if (initrd_size < 0) {
- fprintf(stderr, "qemu: could not load initrd '%s'\n", initrd_filename);
- exit(1);
- }
-
- /* initialization which should be done by firmware */
- boot_params.loader_type = 1;
- boot_params.initrd_start = INITRD_LOAD_OFFSET;
- boot_params.initrd_size = initrd_size;
- }
-
- if (kernel_cmdline) {
- /* I see no evidence that this .kernel_cmdline buffer requires
- NUL-termination, so using strncpy should be ok. */
- strncpy(boot_params.kernel_cmdline, kernel_cmdline,
- sizeof(boot_params.kernel_cmdline));
- }
-
- rom_add_blob_fixed("boot_params", &boot_params, sizeof(boot_params),
- SDRAM_BASE + BOOT_PARAMS_OFFSET);
-}
-
-static QEMUMachine r2d_machine = {
- .name = "r2d",
- .desc = "r2d-plus board",
- .init = r2d_init,
-};
-
-static void r2d_machine_init(void)
-{
- qemu_register_machine(&r2d_machine);
-}
-
-machine_init(r2d_machine_init);
diff --git a/hw/rc4030.c b/hw/rc4030.c
deleted file mode 100644
index e0024c87e..000000000
--- a/hw/rc4030.c
+++ /dev/null
@@ -1,825 +0,0 @@
-/*
- * QEMU JAZZ RC4030 chipset
- *
- * Copyright (c) 2007-2009 Herve Poussineau
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
- * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
- * THE SOFTWARE.
- */
-
-#include "hw.h"
-#include "mips.h"
-#include "qemu-timer.h"
-
-/********************************************************/
-/* debug rc4030 */
-
-//#define DEBUG_RC4030
-//#define DEBUG_RC4030_DMA
-
-#ifdef DEBUG_RC4030
-#define DPRINTF(fmt, ...) \
-do { printf("rc4030: " fmt , ## __VA_ARGS__); } while (0)
-static const char* irq_names[] = { "parallel", "floppy", "sound", "video",
- "network", "scsi", "keyboard", "mouse", "serial0", "serial1" };
-#else
-#define DPRINTF(fmt, ...)
-#endif
-
-#define RC4030_ERROR(fmt, ...) \
-do { fprintf(stderr, "rc4030 ERROR: %s: " fmt, __func__ , ## __VA_ARGS__); } while (0)
-
-/********************************************************/
-/* rc4030 emulation */
-
-typedef struct dma_pagetable_entry {
- int32_t frame;
- int32_t owner;
-} QEMU_PACKED dma_pagetable_entry;
-
-#define DMA_PAGESIZE 4096
-#define DMA_REG_ENABLE 1
-#define DMA_REG_COUNT 2
-#define DMA_REG_ADDRESS 3
-
-#define DMA_FLAG_ENABLE 0x0001
-#define DMA_FLAG_MEM_TO_DEV 0x0002
-#define DMA_FLAG_TC_INTR 0x0100
-#define DMA_FLAG_MEM_INTR 0x0200
-#define DMA_FLAG_ADDR_INTR 0x0400
-
-typedef struct rc4030State
-{
- uint32_t config; /* 0x0000: RC4030 config register */
- uint32_t revision; /* 0x0008: RC4030 Revision register */
- uint32_t invalid_address_register; /* 0x0010: Invalid Address register */
-
- /* DMA */
- uint32_t dma_regs[8][4];
- uint32_t dma_tl_base; /* 0x0018: DMA transl. table base */
- uint32_t dma_tl_limit; /* 0x0020: DMA transl. table limit */
-
- /* cache */
- uint32_t cache_maint; /* 0x0030: Cache Maintenance */
- uint32_t remote_failed_address; /* 0x0038: Remote Failed Address */
- uint32_t memory_failed_address; /* 0x0040: Memory Failed Address */
- uint32_t cache_ptag; /* 0x0048: I/O Cache Physical Tag */
- uint32_t cache_ltag; /* 0x0050: I/O Cache Logical Tag */
- uint32_t cache_bmask; /* 0x0058: I/O Cache Byte Mask */
-
- uint32_t nmi_interrupt; /* 0x0200: interrupt source */
- uint32_t offset210;
- uint32_t nvram_protect; /* 0x0220: NV ram protect register */
- uint32_t rem_speed[16];
- uint32_t imr_jazz; /* Local bus int enable mask */
- uint32_t isr_jazz; /* Local bus int source */
-
- /* timer */
- QEMUTimer *periodic_timer;
- uint32_t itr; /* Interval timer reload */
-
- qemu_irq timer_irq;
- qemu_irq jazz_bus_irq;
-
- MemoryRegion iomem_chipset;
- MemoryRegion iomem_jazzio;
-} rc4030State;
-
-static void set_next_tick(rc4030State *s)
-{
- qemu_irq_lower(s->timer_irq);
- uint32_t tm_hz;
-
- tm_hz = 1000 / (s->itr + 1);
-
- qemu_mod_timer(s->periodic_timer, qemu_get_clock_ns(vm_clock) +
- get_ticks_per_sec() / tm_hz);
-}
-
-/* called for accesses to rc4030 */
-static uint32_t rc4030_readl(void *opaque, hwaddr addr)
-{
- rc4030State *s = opaque;
- uint32_t val;
-
- addr &= 0x3fff;
- switch (addr & ~0x3) {
- /* Global config register */
- case 0x0000:
- val = s->config;
- break;
- /* Revision register */
- case 0x0008:
- val = s->revision;
- break;
- /* Invalid Address register */
- case 0x0010:
- val = s->invalid_address_register;
- break;
- /* DMA transl. table base */
- case 0x0018:
- val = s->dma_tl_base;
- break;
- /* DMA transl. table limit */
- case 0x0020:
- val = s->dma_tl_limit;
- break;
- /* Remote Failed Address */
- case 0x0038:
- val = s->remote_failed_address;
- break;
- /* Memory Failed Address */
- case 0x0040:
- val = s->memory_failed_address;
- break;
- /* I/O Cache Byte Mask */
- case 0x0058:
- val = s->cache_bmask;
- /* HACK */
- if (s->cache_bmask == (uint32_t)-1)
- s->cache_bmask = 0;
- break;
- /* Remote Speed Registers */
- case 0x0070:
- case 0x0078:
- case 0x0080:
- case 0x0088:
- case 0x0090:
- case 0x0098:
- case 0x00a0:
- case 0x00a8:
- case 0x00b0:
- case 0x00b8:
- case 0x00c0:
- case 0x00c8:
- case 0x00d0:
- case 0x00d8:
- case 0x00e0:
- case 0x00e8:
- val = s->rem_speed[(addr - 0x0070) >> 3];
- break;
- /* DMA channel base address */
- case 0x0100:
- case 0x0108:
- case 0x0110:
- case 0x0118:
- case 0x0120:
- case 0x0128:
- case 0x0130:
- case 0x0138:
- case 0x0140:
- case 0x0148:
- case 0x0150:
- case 0x0158:
- case 0x0160:
- case 0x0168:
- case 0x0170:
- case 0x0178:
- case 0x0180:
- case 0x0188:
- case 0x0190:
- case 0x0198:
- case 0x01a0:
- case 0x01a8:
- case 0x01b0:
- case 0x01b8:
- case 0x01c0:
- case 0x01c8:
- case 0x01d0:
- case 0x01d8:
- case 0x01e0:
- case 0x01e8:
- case 0x01f0:
- case 0x01f8:
- {
- int entry = (addr - 0x0100) >> 5;
- int idx = (addr & 0x1f) >> 3;
- val = s->dma_regs[entry][idx];
- }
- break;
- /* Interrupt source */
- case 0x0200:
- val = s->nmi_interrupt;
- break;
- /* Error type */
- case 0x0208:
- val = 0;
- break;
- /* Offset 0x0210 */
- case 0x0210:
- val = s->offset210;
- break;
- /* NV ram protect register */
- case 0x0220:
- val = s->nvram_protect;
- break;
- /* Interval timer count */
- case 0x0230:
- val = 0;
- qemu_irq_lower(s->timer_irq);
- break;
- /* EISA interrupt */
- case 0x0238:
- val = 7; /* FIXME: should be read from EISA controller */
- break;
- default:
- RC4030_ERROR("invalid read [" TARGET_FMT_plx "]\n", addr);
- val = 0;
- break;
- }
-
- if ((addr & ~3) != 0x230) {
- DPRINTF("read 0x%02x at " TARGET_FMT_plx "\n", val, addr);
- }
-
- return val;
-}
-
-static uint32_t rc4030_readw(void *opaque, hwaddr addr)
-{
- uint32_t v = rc4030_readl(opaque, addr & ~0x3);
- if (addr & 0x2)
- return v >> 16;
- else
- return v & 0xffff;
-}
-
-static uint32_t rc4030_readb(void *opaque, hwaddr addr)
-{
- uint32_t v = rc4030_readl(opaque, addr & ~0x3);
- return (v >> (8 * (addr & 0x3))) & 0xff;
-}
-
-static void rc4030_writel(void *opaque, hwaddr addr, uint32_t val)
-{
- rc4030State *s = opaque;
- addr &= 0x3fff;
-
- DPRINTF("write 0x%02x at " TARGET_FMT_plx "\n", val, addr);
-
- switch (addr & ~0x3) {
- /* Global config register */
- case 0x0000:
- s->config = val;
- break;
- /* DMA transl. table base */
- case 0x0018:
- s->dma_tl_base = val;
- break;
- /* DMA transl. table limit */
- case 0x0020:
- s->dma_tl_limit = val;
- break;
- /* DMA transl. table invalidated */
- case 0x0028:
- break;
- /* Cache Maintenance */
- case 0x0030:
- s->cache_maint = val;
- break;
- /* I/O Cache Physical Tag */
- case 0x0048:
- s->cache_ptag = val;
- break;
- /* I/O Cache Logical Tag */
- case 0x0050:
- s->cache_ltag = val;
- break;
- /* I/O Cache Byte Mask */
- case 0x0058:
- s->cache_bmask |= val; /* HACK */
- break;
- /* I/O Cache Buffer Window */
- case 0x0060:
- /* HACK */
- if (s->cache_ltag == 0x80000001 && s->cache_bmask == 0xf0f0f0f) {
- hwaddr dest = s->cache_ptag & ~0x1;
- dest += (s->cache_maint & 0x3) << 3;
- cpu_physical_memory_write(dest, &val, 4);
- }
- break;
- /* Remote Speed Registers */
- case 0x0070:
- case 0x0078:
- case 0x0080:
- case 0x0088:
- case 0x0090:
- case 0x0098:
- case 0x00a0:
- case 0x00a8:
- case 0x00b0:
- case 0x00b8:
- case 0x00c0:
- case 0x00c8:
- case 0x00d0:
- case 0x00d8:
- case 0x00e0:
- case 0x00e8:
- s->rem_speed[(addr - 0x0070) >> 3] = val;
- break;
- /* DMA channel base address */
- case 0x0100:
- case 0x0108:
- case 0x0110:
- case 0x0118:
- case 0x0120:
- case 0x0128:
- case 0x0130:
- case 0x0138:
- case 0x0140:
- case 0x0148:
- case 0x0150:
- case 0x0158:
- case 0x0160:
- case 0x0168:
- case 0x0170:
- case 0x0178:
- case 0x0180:
- case 0x0188:
- case 0x0190:
- case 0x0198:
- case 0x01a0:
- case 0x01a8:
- case 0x01b0:
- case 0x01b8:
- case 0x01c0:
- case 0x01c8:
- case 0x01d0:
- case 0x01d8:
- case 0x01e0:
- case 0x01e8:
- case 0x01f0:
- case 0x01f8:
- {
- int entry = (addr - 0x0100) >> 5;
- int idx = (addr & 0x1f) >> 3;
- s->dma_regs[entry][idx] = val;
- }
- break;
- /* Offset 0x0210 */
- case 0x0210:
- s->offset210 = val;
- break;
- /* Interval timer reload */
- case 0x0228:
- s->itr = val;
- qemu_irq_lower(s->timer_irq);
- set_next_tick(s);
- break;
- /* EISA interrupt */
- case 0x0238:
- break;
- default:
- RC4030_ERROR("invalid write of 0x%02x at [" TARGET_FMT_plx "]\n", val, addr);
- break;
- }
-}
-
-static void rc4030_writew(void *opaque, hwaddr addr, uint32_t val)
-{
- uint32_t old_val = rc4030_readl(opaque, addr & ~0x3);
-
- if (addr & 0x2)
- val = (val << 16) | (old_val & 0x0000ffff);
- else
- val = val | (old_val & 0xffff0000);
- rc4030_writel(opaque, addr & ~0x3, val);
-}
-
-static void rc4030_writeb(void *opaque, hwaddr addr, uint32_t val)
-{
- uint32_t old_val = rc4030_readl(opaque, addr & ~0x3);
-
- switch (addr & 3) {
- case 0:
- val = val | (old_val & 0xffffff00);
- break;
- case 1:
- val = (val << 8) | (old_val & 0xffff00ff);
- break;
- case 2:
- val = (val << 16) | (old_val & 0xff00ffff);
- break;
- case 3:
- val = (val << 24) | (old_val & 0x00ffffff);
- break;
- }
- rc4030_writel(opaque, addr & ~0x3, val);
-}
-
-static const MemoryRegionOps rc4030_ops = {
- .old_mmio = {
- .read = { rc4030_readb, rc4030_readw, rc4030_readl, },
- .write = { rc4030_writeb, rc4030_writew, rc4030_writel, },
- },
- .endianness = DEVICE_NATIVE_ENDIAN,
-};
-
-static void update_jazz_irq(rc4030State *s)
-{
- uint16_t pending;
-
- pending = s->isr_jazz & s->imr_jazz;
-
-#ifdef DEBUG_RC4030
- if (s->isr_jazz != 0) {
- uint32_t irq = 0;
- DPRINTF("pending irqs:");
- for (irq = 0; irq < ARRAY_SIZE(irq_names); irq++) {
- if (s->isr_jazz & (1 << irq)) {
- printf(" %s", irq_names[irq]);
- if (!(s->imr_jazz & (1 << irq))) {
- printf("(ignored)");
- }
- }
- }
- printf("\n");
- }
-#endif
-
- if (pending != 0)
- qemu_irq_raise(s->jazz_bus_irq);
- else
- qemu_irq_lower(s->jazz_bus_irq);
-}
-
-static void rc4030_irq_jazz_request(void *opaque, int irq, int level)
-{
- rc4030State *s = opaque;
-
- if (level) {
- s->isr_jazz |= 1 << irq;
- } else {
- s->isr_jazz &= ~(1 << irq);
- }
-
- update_jazz_irq(s);
-}
-
-static void rc4030_periodic_timer(void *opaque)
-{
- rc4030State *s = opaque;
-
- set_next_tick(s);
- qemu_irq_raise(s->timer_irq);
-}
-
-static uint32_t jazzio_readw(void *opaque, hwaddr addr)
-{
- rc4030State *s = opaque;
- uint32_t val;
- uint32_t irq;
- addr &= 0xfff;
-
- switch (addr) {
- /* Local bus int source */
- case 0x00: {
- uint32_t pending = s->isr_jazz & s->imr_jazz;
- val = 0;
- irq = 0;
- while (pending) {
- if (pending & 1) {
- DPRINTF("returning irq %s\n", irq_names[irq]);
- val = (irq + 1) << 2;
- break;
- }
- irq++;
- pending >>= 1;
- }
- break;
- }
- /* Local bus int enable mask */
- case 0x02:
- val = s->imr_jazz;
- break;
- default:
- RC4030_ERROR("(jazz io controller) invalid read [" TARGET_FMT_plx "]\n", addr);
- val = 0;
- }
-
- DPRINTF("(jazz io controller) read 0x%04x at " TARGET_FMT_plx "\n", val, addr);
-
- return val;
-}
-
-static uint32_t jazzio_readb(void *opaque, hwaddr addr)
-{
- uint32_t v;
- v = jazzio_readw(opaque, addr & ~0x1);
- return (v >> (8 * (addr & 0x1))) & 0xff;
-}
-
-static uint32_t jazzio_readl(void *opaque, hwaddr addr)
-{
- uint32_t v;
- v = jazzio_readw(opaque, addr);
- v |= jazzio_readw(opaque, addr + 2) << 16;
- return v;
-}
-
-static void jazzio_writew(void *opaque, hwaddr addr, uint32_t val)
-{
- rc4030State *s = opaque;
- addr &= 0xfff;
-
- DPRINTF("(jazz io controller) write 0x%04x at " TARGET_FMT_plx "\n", val, addr);
-
- switch (addr) {
- /* Local bus int enable mask */
- case 0x02:
- s->imr_jazz = val;
- update_jazz_irq(s);
- break;
- default:
- RC4030_ERROR("(jazz io controller) invalid write of 0x%04x at [" TARGET_FMT_plx "]\n", val, addr);
- break;
- }
-}
-
-static void jazzio_writeb(void *opaque, hwaddr addr, uint32_t val)
-{
- uint32_t old_val = jazzio_readw(opaque, addr & ~0x1);
-
- switch (addr & 1) {
- case 0:
- val = val | (old_val & 0xff00);
- break;
- case 1:
- val = (val << 8) | (old_val & 0x00ff);
- break;
- }
- jazzio_writew(opaque, addr & ~0x1, val);
-}
-
-static void jazzio_writel(void *opaque, hwaddr addr, uint32_t val)
-{
- jazzio_writew(opaque, addr, val & 0xffff);
- jazzio_writew(opaque, addr + 2, (val >> 16) & 0xffff);
-}
-
-static const MemoryRegionOps jazzio_ops = {
- .old_mmio = {
- .read = { jazzio_readb, jazzio_readw, jazzio_readl, },
- .write = { jazzio_writeb, jazzio_writew, jazzio_writel, },
- },
- .endianness = DEVICE_NATIVE_ENDIAN,
-};
-
-static void rc4030_reset(void *opaque)
-{
- rc4030State *s = opaque;
- int i;
-
- s->config = 0x410; /* some boards seem to accept 0x104 too */
- s->revision = 1;
- s->invalid_address_register = 0;
-
- memset(s->dma_regs, 0, sizeof(s->dma_regs));
- s->dma_tl_base = s->dma_tl_limit = 0;
-
- s->remote_failed_address = s->memory_failed_address = 0;
- s->cache_maint = 0;
- s->cache_ptag = s->cache_ltag = 0;
- s->cache_bmask = 0;
-
- s->offset210 = 0x18186;
- s->nvram_protect = 7;
- for (i = 0; i < 15; i++)
- s->rem_speed[i] = 7;
- s->imr_jazz = 0x10; /* XXX: required by firmware, but why? */
- s->isr_jazz = 0;
-
- s->itr = 0;
-
- qemu_irq_lower(s->timer_irq);
- qemu_irq_lower(s->jazz_bus_irq);
-}
-
-static int rc4030_load(QEMUFile *f, void *opaque, int version_id)
-{
- rc4030State* s = opaque;
- int i, j;
-
- if (version_id != 2)
- return -EINVAL;
-
- s->config = qemu_get_be32(f);
- s->invalid_address_register = qemu_get_be32(f);
- for (i = 0; i < 8; i++)
- for (j = 0; j < 4; j++)
- s->dma_regs[i][j] = qemu_get_be32(f);
- s->dma_tl_base = qemu_get_be32(f);
- s->dma_tl_limit = qemu_get_be32(f);
- s->cache_maint = qemu_get_be32(f);
- s->remote_failed_address = qemu_get_be32(f);
- s->memory_failed_address = qemu_get_be32(f);
- s->cache_ptag = qemu_get_be32(f);
- s->cache_ltag = qemu_get_be32(f);
- s->cache_bmask = qemu_get_be32(f);
- s->offset210 = qemu_get_be32(f);
- s->nvram_protect = qemu_get_be32(f);
- for (i = 0; i < 15; i++)
- s->rem_speed[i] = qemu_get_be32(f);
- s->imr_jazz = qemu_get_be32(f);
- s->isr_jazz = qemu_get_be32(f);
- s->itr = qemu_get_be32(f);
-
- set_next_tick(s);
- update_jazz_irq(s);
-
- return 0;
-}
-
-static void rc4030_save(QEMUFile *f, void *opaque)
-{
- rc4030State* s = opaque;
- int i, j;
-
- qemu_put_be32(f, s->config);
- qemu_put_be32(f, s->invalid_address_register);
- for (i = 0; i < 8; i++)
- for (j = 0; j < 4; j++)
- qemu_put_be32(f, s->dma_regs[i][j]);
- qemu_put_be32(f, s->dma_tl_base);
- qemu_put_be32(f, s->dma_tl_limit);
- qemu_put_be32(f, s->cache_maint);
- qemu_put_be32(f, s->remote_failed_address);
- qemu_put_be32(f, s->memory_failed_address);
- qemu_put_be32(f, s->cache_ptag);
- qemu_put_be32(f, s->cache_ltag);
- qemu_put_be32(f, s->cache_bmask);
- qemu_put_be32(f, s->offset210);
- qemu_put_be32(f, s->nvram_protect);
- for (i = 0; i < 15; i++)
- qemu_put_be32(f, s->rem_speed[i]);
- qemu_put_be32(f, s->imr_jazz);
- qemu_put_be32(f, s->isr_jazz);
- qemu_put_be32(f, s->itr);
-}
-
-void rc4030_dma_memory_rw(void *opaque, hwaddr addr, uint8_t *buf, int len, int is_write)
-{
- rc4030State *s = opaque;
- hwaddr entry_addr;
- hwaddr phys_addr;
- dma_pagetable_entry entry;
- int index;
- int ncpy, i;
-
- i = 0;
- for (;;) {
- if (i == len) {
- break;
- }
-
- ncpy = DMA_PAGESIZE - (addr & (DMA_PAGESIZE - 1));
- if (ncpy > len - i)
- ncpy = len - i;
-
- /* Get DMA translation table entry */
- index = addr / DMA_PAGESIZE;
- if (index >= s->dma_tl_limit / sizeof(dma_pagetable_entry)) {
- break;
- }
- entry_addr = s->dma_tl_base + index * sizeof(dma_pagetable_entry);
- /* XXX: not sure. should we really use only lowest bits? */
- entry_addr &= 0x7fffffff;
- cpu_physical_memory_read(entry_addr, &entry, sizeof(entry));
-
- /* Read/write data at right place */
- phys_addr = entry.frame + (addr & (DMA_PAGESIZE - 1));
- cpu_physical_memory_rw(phys_addr, &buf[i], ncpy, is_write);
-
- i += ncpy;
- addr += ncpy;
- }
-}
-
-static void rc4030_do_dma(void *opaque, int n, uint8_t *buf, int len, int is_write)
-{
- rc4030State *s = opaque;
- hwaddr dma_addr;
- int dev_to_mem;
-
- s->dma_regs[n][DMA_REG_ENABLE] &= ~(DMA_FLAG_TC_INTR | DMA_FLAG_MEM_INTR | DMA_FLAG_ADDR_INTR);
-
- /* Check DMA channel consistency */
- dev_to_mem = (s->dma_regs[n][DMA_REG_ENABLE] & DMA_FLAG_MEM_TO_DEV) ? 0 : 1;
- if (!(s->dma_regs[n][DMA_REG_ENABLE] & DMA_FLAG_ENABLE) ||
- (is_write != dev_to_mem)) {
- s->dma_regs[n][DMA_REG_ENABLE] |= DMA_FLAG_MEM_INTR;
- s->nmi_interrupt |= 1 << n;
- return;
- }
-
- /* Get start address and len */
- if (len > s->dma_regs[n][DMA_REG_COUNT])
- len = s->dma_regs[n][DMA_REG_COUNT];
- dma_addr = s->dma_regs[n][DMA_REG_ADDRESS];
-
- /* Read/write data at right place */
- rc4030_dma_memory_rw(opaque, dma_addr, buf, len, is_write);
-
- s->dma_regs[n][DMA_REG_ENABLE] |= DMA_FLAG_TC_INTR;
- s->dma_regs[n][DMA_REG_COUNT] -= len;
-
-#ifdef DEBUG_RC4030_DMA
- {
- int i, j;
- printf("rc4030 dma: Copying %d bytes %s host %p\n",
- len, is_write ? "from" : "to", buf);
- for (i = 0; i < len; i += 16) {
- int n = 16;
- if (n > len - i) {
- n = len - i;
- }
- for (j = 0; j < n; j++)
- printf("%02x ", buf[i + j]);
- while (j++ < 16)
- printf(" ");
- printf("| ");
- for (j = 0; j < n; j++)
- printf("%c", isprint(buf[i + j]) ? buf[i + j] : '.');
- printf("\n");
- }
- }
-#endif
-}
-
-struct rc4030DMAState {
- void *opaque;
- int n;
-};
-
-void rc4030_dma_read(void *dma, uint8_t *buf, int len)
-{
- rc4030_dma s = dma;
- rc4030_do_dma(s->opaque, s->n, buf, len, 0);
-}
-
-void rc4030_dma_write(void *dma, uint8_t *buf, int len)
-{
- rc4030_dma s = dma;
- rc4030_do_dma(s->opaque, s->n, buf, len, 1);
-}
-
-static rc4030_dma *rc4030_allocate_dmas(void *opaque, int n)
-{
- rc4030_dma *s;
- struct rc4030DMAState *p;
- int i;
-
- s = (rc4030_dma *)g_malloc0(sizeof(rc4030_dma) * n);
- p = (struct rc4030DMAState *)g_malloc0(sizeof(struct rc4030DMAState) * n);
- for (i = 0; i < n; i++) {
- p->opaque = opaque;
- p->n = i;
- s[i] = p;
- p++;
- }
- return s;
-}
-
-void *rc4030_init(qemu_irq timer, qemu_irq jazz_bus,
- qemu_irq **irqs, rc4030_dma **dmas,
- MemoryRegion *sysmem)
-{
- rc4030State *s;
-
- s = g_malloc0(sizeof(rc4030State));
-
- *irqs = qemu_allocate_irqs(rc4030_irq_jazz_request, s, 16);
- *dmas = rc4030_allocate_dmas(s, 4);
-
- s->periodic_timer = qemu_new_timer_ns(vm_clock, rc4030_periodic_timer, s);
- s->timer_irq = timer;
- s->jazz_bus_irq = jazz_bus;
-
- qemu_register_reset(rc4030_reset, s);
- register_savevm(NULL, "rc4030", 0, 2, rc4030_save, rc4030_load, s);
- rc4030_reset(s);
-
- memory_region_init_io(&s->iomem_chipset, &rc4030_ops, s,
- "rc4030.chipset", 0x300);
- memory_region_add_subregion(sysmem, 0x80000000, &s->iomem_chipset);
- memory_region_init_io(&s->iomem_jazzio, &jazzio_ops, s,
- "rc4030.jazzio", 0x00001000);
- memory_region_add_subregion(sysmem, 0xf0000000, &s->iomem_jazzio);
-
- return s;
-}
diff --git a/hw/realview.c b/hw/realview.c
deleted file mode 100644
index e789c159a..000000000
--- a/hw/realview.c
+++ /dev/null
@@ -1,400 +0,0 @@
-/*
- * ARM RealView Baseboard System emulation.
- *
- * Copyright (c) 2006-2007 CodeSourcery.
- * Written by Paul Brook
- *
- * This code is licensed under the GPL.
- */
-
-#include "sysbus.h"
-#include "arm-misc.h"
-#include "primecell.h"
-#include "devices.h"
-#include "pci.h"
-#include "net.h"
-#include "sysemu.h"
-#include "boards.h"
-#include "i2c.h"
-#include "blockdev.h"
-#include "exec-memory.h"
-
-#define SMP_BOOT_ADDR 0xe0000000
-#define SMP_BOOTREG_ADDR 0x10000030
-
-/* Board init. */
-
-static struct arm_boot_info realview_binfo = {
- .smp_loader_start = SMP_BOOT_ADDR,
- .smp_bootreg_addr = SMP_BOOTREG_ADDR,
-};
-
-/* The following two lists must be consistent. */
-enum realview_board_type {
- BOARD_EB,
- BOARD_EB_MPCORE,
- BOARD_PB_A8,
- BOARD_PBX_A9,
-};
-
-static const int realview_board_id[] = {
- 0x33b,
- 0x33b,
- 0x769,
- 0x76d
-};
-
-static void realview_init(QEMUMachineInitArgs *args,
- enum realview_board_type board_type)
-{
- ARMCPU *cpu = NULL;
- CPUARMState *env;
- MemoryRegion *sysmem = get_system_memory();
- MemoryRegion *ram_lo = g_new(MemoryRegion, 1);
- MemoryRegion *ram_hi = g_new(MemoryRegion, 1);
- MemoryRegion *ram_alias = g_new(MemoryRegion, 1);
- MemoryRegion *ram_hack = g_new(MemoryRegion, 1);
- DeviceState *dev, *sysctl, *gpio2, *pl041;
- SysBusDevice *busdev;
- qemu_irq *irqp;
- qemu_irq pic[64];
- qemu_irq mmc_irq[2];
- PCIBus *pci_bus;
- NICInfo *nd;
- i2c_bus *i2c;
- int n;
- int done_nic = 0;
- qemu_irq cpu_irq[4];
- int is_mpcore = 0;
- int is_pb = 0;
- uint32_t proc_id = 0;
- uint32_t sys_id;
- ram_addr_t low_ram_size;
- ram_addr_t ram_size = args->ram_size;
-
- switch (board_type) {
- case BOARD_EB:
- break;
- case BOARD_EB_MPCORE:
- is_mpcore = 1;
- break;
- case BOARD_PB_A8:
- is_pb = 1;
- break;
- case BOARD_PBX_A9:
- is_mpcore = 1;
- is_pb = 1;
- break;
- }
- for (n = 0; n < smp_cpus; n++) {
- cpu = cpu_arm_init(args->cpu_model);
- if (!cpu) {
- fprintf(stderr, "Unable to find CPU definition\n");
- exit(1);
- }
- irqp = arm_pic_init_cpu(cpu);
- cpu_irq[n] = irqp[ARM_PIC_CPU_IRQ];
- }
- env = &cpu->env;
- if (arm_feature(env, ARM_FEATURE_V7)) {
- if (is_mpcore) {
- proc_id = 0x0c000000;
- } else {
- proc_id = 0x0e000000;
- }
- } else if (arm_feature(env, ARM_FEATURE_V6K)) {
- proc_id = 0x06000000;
- } else if (arm_feature(env, ARM_FEATURE_V6)) {
- proc_id = 0x04000000;
- } else {
- proc_id = 0x02000000;
- }
-
- if (is_pb && ram_size > 0x20000000) {
- /* Core tile RAM. */
- low_ram_size = ram_size - 0x20000000;
- ram_size = 0x20000000;
- memory_region_init_ram(ram_lo, "realview.lowmem", low_ram_size);
- vmstate_register_ram_global(ram_lo);
- memory_region_add_subregion(sysmem, 0x20000000, ram_lo);
- }
-
- memory_region_init_ram(ram_hi, "realview.highmem", ram_size);
- vmstate_register_ram_global(ram_hi);
- low_ram_size = ram_size;
- if (low_ram_size > 0x10000000)
- low_ram_size = 0x10000000;
- /* SDRAM at address zero. */
- memory_region_init_alias(ram_alias, "realview.alias",
- ram_hi, 0, low_ram_size);
- memory_region_add_subregion(sysmem, 0, ram_alias);
- if (is_pb) {
- /* And again at a high address. */
- memory_region_add_subregion(sysmem, 0x70000000, ram_hi);
- } else {
- ram_size = low_ram_size;
- }
-
- sys_id = is_pb ? 0x01780500 : 0xc1400400;
- sysctl = qdev_create(NULL, "realview_sysctl");
- qdev_prop_set_uint32(sysctl, "sys_id", sys_id);
- qdev_prop_set_uint32(sysctl, "proc_id", proc_id);
- qdev_init_nofail(sysctl);
- sysbus_mmio_map(sysbus_from_qdev(sysctl), 0, 0x10000000);
-
- if (is_mpcore) {
- hwaddr periphbase;
- dev = qdev_create(NULL, is_pb ? "a9mpcore_priv": "realview_mpcore");
- qdev_prop_set_uint32(dev, "num-cpu", smp_cpus);
- qdev_init_nofail(dev);
- busdev = sysbus_from_qdev(dev);
- if (is_pb) {
- periphbase = 0x1f000000;
- } else {
- periphbase = 0x10100000;
- }
- sysbus_mmio_map(busdev, 0, periphbase);
- for (n = 0; n < smp_cpus; n++) {
- sysbus_connect_irq(busdev, n, cpu_irq[n]);
- }
- sysbus_create_varargs("l2x0", periphbase + 0x2000, NULL);
- /* Both A9 and 11MPCore put the GIC CPU i/f at base + 0x100 */
- realview_binfo.gic_cpu_if_addr = periphbase + 0x100;
- } else {
- uint32_t gic_addr = is_pb ? 0x1e000000 : 0x10040000;
- /* For now just create the nIRQ GIC, and ignore the others. */
- dev = sysbus_create_simple("realview_gic", gic_addr, cpu_irq[0]);
- }
- for (n = 0; n < 64; n++) {
- pic[n] = qdev_get_gpio_in(dev, n);
- }
-
- pl041 = qdev_create(NULL, "pl041");
- qdev_prop_set_uint32(pl041, "nc_fifo_depth", 512);
- qdev_init_nofail(pl041);
- sysbus_mmio_map(sysbus_from_qdev(pl041), 0, 0x10004000);
- sysbus_connect_irq(sysbus_from_qdev(pl041), 0, pic[19]);
-
- sysbus_create_simple("pl050_keyboard", 0x10006000, pic[20]);
- sysbus_create_simple("pl050_mouse", 0x10007000, pic[21]);
-
- sysbus_create_simple("pl011", 0x10009000, pic[12]);
- sysbus_create_simple("pl011", 0x1000a000, pic[13]);
- sysbus_create_simple("pl011", 0x1000b000, pic[14]);
- sysbus_create_simple("pl011", 0x1000c000, pic[15]);
-
- /* DMA controller is optional, apparently. */
- sysbus_create_simple("pl081", 0x10030000, pic[24]);
-
- sysbus_create_simple("sp804", 0x10011000, pic[4]);
- sysbus_create_simple("sp804", 0x10012000, pic[5]);
-
- sysbus_create_simple("pl061", 0x10013000, pic[6]);
- sysbus_create_simple("pl061", 0x10014000, pic[7]);
- gpio2 = sysbus_create_simple("pl061", 0x10015000, pic[8]);
-
- sysbus_create_simple("pl111", 0x10020000, pic[23]);
-
- dev = sysbus_create_varargs("pl181", 0x10005000, pic[17], pic[18], NULL);
- /* Wire up MMC card detect and read-only signals. These have
- * to go to both the PL061 GPIO and the sysctl register.
- * Note that the PL181 orders these lines (readonly,inserted)
- * and the PL061 has them the other way about. Also the card
- * detect line is inverted.
- */
- mmc_irq[0] = qemu_irq_split(
- qdev_get_gpio_in(sysctl, ARM_SYSCTL_GPIO_MMC_WPROT),
- qdev_get_gpio_in(gpio2, 1));
- mmc_irq[1] = qemu_irq_split(
- qdev_get_gpio_in(sysctl, ARM_SYSCTL_GPIO_MMC_CARDIN),
- qemu_irq_invert(qdev_get_gpio_in(gpio2, 0)));
- qdev_connect_gpio_out(dev, 0, mmc_irq[0]);
- qdev_connect_gpio_out(dev, 1, mmc_irq[1]);
-
- sysbus_create_simple("pl031", 0x10017000, pic[10]);
-
- if (!is_pb) {
- dev = qdev_create(NULL, "realview_pci");
- busdev = sysbus_from_qdev(dev);
- qdev_init_nofail(dev);
- sysbus_mmio_map(busdev, 0, 0x61000000); /* PCI self-config */
- sysbus_mmio_map(busdev, 1, 0x62000000); /* PCI config */
- sysbus_mmio_map(busdev, 2, 0x63000000); /* PCI I/O */
- sysbus_connect_irq(busdev, 0, pic[48]);
- sysbus_connect_irq(busdev, 1, pic[49]);
- sysbus_connect_irq(busdev, 2, pic[50]);
- sysbus_connect_irq(busdev, 3, pic[51]);
- pci_bus = (PCIBus *)qdev_get_child_bus(dev, "pci");
- if (usb_enabled(false)) {
- pci_create_simple(pci_bus, -1, "pci-ohci");
- }
- n = drive_get_max_bus(IF_SCSI);
- while (n >= 0) {
- pci_create_simple(pci_bus, -1, "lsi53c895a");
- n--;
- }
- }
- for(n = 0; n < nb_nics; n++) {
- nd = &nd_table[n];
-
- if (!done_nic && (!nd->model ||
- strcmp(nd->model, is_pb ? "lan9118" : "smc91c111") == 0)) {
- if (is_pb) {
- lan9118_init(nd, 0x4e000000, pic[28]);
- } else {
- smc91c111_init(nd, 0x4e000000, pic[28]);
- }
- done_nic = 1;
- } else {
- pci_nic_init_nofail(nd, "rtl8139", NULL);
- }
- }
-
- dev = sysbus_create_simple("versatile_i2c", 0x10002000, NULL);
- i2c = (i2c_bus *)qdev_get_child_bus(dev, "i2c");
- i2c_create_slave(i2c, "ds1338", 0x68);
-
- /* Memory map for RealView Emulation Baseboard: */
- /* 0x10000000 System registers. */
- /* 0x10001000 System controller. */
- /* 0x10002000 Two-Wire Serial Bus. */
- /* 0x10003000 Reserved. */
- /* 0x10004000 AACI. */
- /* 0x10005000 MCI. */
- /* 0x10006000 KMI0. */
- /* 0x10007000 KMI1. */
- /* 0x10008000 Character LCD. (EB) */
- /* 0x10009000 UART0. */
- /* 0x1000a000 UART1. */
- /* 0x1000b000 UART2. */
- /* 0x1000c000 UART3. */
- /* 0x1000d000 SSPI. */
- /* 0x1000e000 SCI. */
- /* 0x1000f000 Reserved. */
- /* 0x10010000 Watchdog. */
- /* 0x10011000 Timer 0+1. */
- /* 0x10012000 Timer 2+3. */
- /* 0x10013000 GPIO 0. */
- /* 0x10014000 GPIO 1. */
- /* 0x10015000 GPIO 2. */
- /* 0x10002000 Two-Wire Serial Bus - DVI. (PB) */
- /* 0x10017000 RTC. */
- /* 0x10018000 DMC. */
- /* 0x10019000 PCI controller config. */
- /* 0x10020000 CLCD. */
- /* 0x10030000 DMA Controller. */
- /* 0x10040000 GIC1. (EB) */
- /* 0x10050000 GIC2. (EB) */
- /* 0x10060000 GIC3. (EB) */
- /* 0x10070000 GIC4. (EB) */
- /* 0x10080000 SMC. */
- /* 0x1e000000 GIC1. (PB) */
- /* 0x1e001000 GIC2. (PB) */
- /* 0x1e002000 GIC3. (PB) */
- /* 0x1e003000 GIC4. (PB) */
- /* 0x40000000 NOR flash. */
- /* 0x44000000 DoC flash. */
- /* 0x48000000 SRAM. */
- /* 0x4c000000 Configuration flash. */
- /* 0x4e000000 Ethernet. */
- /* 0x4f000000 USB. */
- /* 0x50000000 PISMO. */
- /* 0x54000000 PISMO. */
- /* 0x58000000 PISMO. */
- /* 0x5c000000 PISMO. */
- /* 0x60000000 PCI. */
- /* 0x61000000 PCI Self Config. */
- /* 0x62000000 PCI Config. */
- /* 0x63000000 PCI IO. */
- /* 0x64000000 PCI mem 0. */
- /* 0x68000000 PCI mem 1. */
- /* 0x6c000000 PCI mem 2. */
-
- /* ??? Hack to map an additional page of ram for the secondary CPU
- startup code. I guess this works on real hardware because the
- BootROM happens to be in ROM/flash or in memory that isn't clobbered
- until after Linux boots the secondary CPUs. */
- memory_region_init_ram(ram_hack, "realview.hack", 0x1000);
- vmstate_register_ram_global(ram_hack);
- memory_region_add_subregion(sysmem, SMP_BOOT_ADDR, ram_hack);
-
- realview_binfo.ram_size = ram_size;
- realview_binfo.kernel_filename = args->kernel_filename;
- realview_binfo.kernel_cmdline = args->kernel_cmdline;
- realview_binfo.initrd_filename = args->initrd_filename;
- realview_binfo.nb_cpus = smp_cpus;
- realview_binfo.board_id = realview_board_id[board_type];
- realview_binfo.loader_start = (board_type == BOARD_PB_A8 ? 0x70000000 : 0);
- arm_load_kernel(arm_env_get_cpu(first_cpu), &realview_binfo);
-}
-
-static void realview_eb_init(QEMUMachineInitArgs *args)
-{
- if (!args->cpu_model) {
- args->cpu_model = "arm926";
- }
- realview_init(args, BOARD_EB);
-}
-
-static void realview_eb_mpcore_init(QEMUMachineInitArgs *args)
-{
- if (!args->cpu_model) {
- args->cpu_model = "arm11mpcore";
- }
- realview_init(args, BOARD_EB_MPCORE);
-}
-
-static void realview_pb_a8_init(QEMUMachineInitArgs *args)
-{
- if (!args->cpu_model) {
- args->cpu_model = "cortex-a8";
- }
- realview_init(args, BOARD_PB_A8);
-}
-
-static void realview_pbx_a9_init(QEMUMachineInitArgs *args)
-{
- if (!args->cpu_model) {
- args->cpu_model = "cortex-a9";
- }
- realview_init(args, BOARD_PBX_A9);
-}
-
-static QEMUMachine realview_eb_machine = {
- .name = "realview-eb",
- .desc = "ARM RealView Emulation Baseboard (ARM926EJ-S)",
- .init = realview_eb_init,
- .use_scsi = 1,
-};
-
-static QEMUMachine realview_eb_mpcore_machine = {
- .name = "realview-eb-mpcore",
- .desc = "ARM RealView Emulation Baseboard (ARM11MPCore)",
- .init = realview_eb_mpcore_init,
- .use_scsi = 1,
- .max_cpus = 4,
-};
-
-static QEMUMachine realview_pb_a8_machine = {
- .name = "realview-pb-a8",
- .desc = "ARM RealView Platform Baseboard for Cortex-A8",
- .init = realview_pb_a8_init,
-};
-
-static QEMUMachine realview_pbx_a9_machine = {
- .name = "realview-pbx-a9",
- .desc = "ARM RealView Platform Baseboard Explore for Cortex-A9",
- .init = realview_pbx_a9_init,
- .use_scsi = 1,
- .max_cpus = 4,
-};
-
-static void realview_machine_init(void)
-{
- qemu_register_machine(&realview_eb_machine);
- qemu_register_machine(&realview_eb_mpcore_machine);
- qemu_register_machine(&realview_pb_a8_machine);
- qemu_register_machine(&realview_pbx_a9_machine);
-}
-
-machine_init(realview_machine_init);
diff --git a/hw/realview_gic.c b/hw/realview_gic.c
deleted file mode 100644
index 5bc37a712..000000000
--- a/hw/realview_gic.c
+++ /dev/null
@@ -1,74 +0,0 @@
-/*
- * ARM RealView Emulation Baseboard Interrupt Controller
- *
- * Copyright (c) 2006-2007 CodeSourcery.
- * Written by Paul Brook
- *
- * This code is licensed under the GPL.
- */
-
-#include "sysbus.h"
-
-typedef struct {
- SysBusDevice busdev;
- DeviceState *gic;
- MemoryRegion container;
-} RealViewGICState;
-
-static void realview_gic_set_irq(void *opaque, int irq, int level)
-{
- RealViewGICState *s = (RealViewGICState *)opaque;
- qemu_set_irq(qdev_get_gpio_in(s->gic, irq), level);
-}
-
-static int realview_gic_init(SysBusDevice *dev)
-{
- RealViewGICState *s = FROM_SYSBUS(RealViewGICState, dev);
- SysBusDevice *busdev;
- /* The GICs on the RealView boards have a fixed nonconfigurable
- * number of interrupt lines, so we don't need to expose this as
- * a qdev property.
- */
- int numirq = 96;
-
- s->gic = qdev_create(NULL, "arm_gic");
- qdev_prop_set_uint32(s->gic, "num-cpu", 1);
- qdev_prop_set_uint32(s->gic, "num-irq", numirq);
- qdev_init_nofail(s->gic);
- busdev = sysbus_from_qdev(s->gic);
-
- /* Pass through outbound IRQ lines from the GIC */
- sysbus_pass_irq(dev, busdev);
-
- /* Pass through inbound GPIO lines to the GIC */
- qdev_init_gpio_in(&s->busdev.qdev, realview_gic_set_irq, numirq - 32);
-
- memory_region_init(&s->container, "realview-gic-container", 0x2000);
- memory_region_add_subregion(&s->container, 0,
- sysbus_mmio_get_region(busdev, 1));
- memory_region_add_subregion(&s->container, 0x1000,
- sysbus_mmio_get_region(busdev, 0));
- sysbus_init_mmio(dev, &s->container);
- return 0;
-}
-
-static void realview_gic_class_init(ObjectClass *klass, void *data)
-{
- SysBusDeviceClass *sdc = SYS_BUS_DEVICE_CLASS(klass);
-
- sdc->init = realview_gic_init;
-}
-
-static TypeInfo realview_gic_info = {
- .name = "realview_gic",
- .parent = TYPE_SYS_BUS_DEVICE,
- .instance_size = sizeof(RealViewGICState),
- .class_init = realview_gic_class_init,
-};
-
-static void realview_gic_register_types(void)
-{
- type_register_static(&realview_gic_info);
-}
-
-type_init(realview_gic_register_types)
diff --git a/hw/rtl8139.c b/hw/rtl8139.c
deleted file mode 100644
index e3aa8bfb1..000000000
--- a/hw/rtl8139.c
+++ /dev/null
@@ -1,3554 +0,0 @@
-/**
- * QEMU RTL8139 emulation
- *
- * Copyright (c) 2006 Igor Kovalenko
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
- * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
- * THE SOFTWARE.
-
- * Modifications:
- * 2006-Jan-28 Mark Malakanov : TSAD and CSCR implementation (for Windows driver)
- *
- * 2006-Apr-28 Juergen Lock : EEPROM emulation changes for FreeBSD driver
- * HW revision ID changes for FreeBSD driver
- *
- * 2006-Jul-01 Igor Kovalenko : Implemented loopback mode for FreeBSD driver
- * Corrected packet transfer reassembly routine for 8139C+ mode
- * Rearranged debugging print statements
- * Implemented PCI timer interrupt (disabled by default)
- * Implemented Tally Counters, increased VM load/save version
- * Implemented IP/TCP/UDP checksum task offloading
- *
- * 2006-Jul-04 Igor Kovalenko : Implemented TCP segmentation offloading
- * Fixed MTU=1500 for produced ethernet frames
- *
- * 2006-Jul-09 Igor Kovalenko : Fixed TCP header length calculation while processing
- * segmentation offloading
- * Removed slirp.h dependency
- * Added rx/tx buffer reset when enabling rx/tx operation
- *
- * 2010-Feb-04 Frediano Ziglio: Rewrote timer support using QEMU timer only
- * when strictly needed (required for for
- * Darwin)
- * 2011-Mar-22 Benjamin Poirier: Implemented VLAN offloading
- */
-
-/* For crc32 */
-#include <zlib.h>
-
-#include "hw.h"
-#include "pci.h"
-#include "dma.h"
-#include "qemu-timer.h"
-#include "net.h"
-#include "loader.h"
-#include "sysemu.h"
-#include "iov.h"
-
-/* debug RTL8139 card */
-//#define DEBUG_RTL8139 1
-
-#define PCI_FREQUENCY 33000000L
-
-#define SET_MASKED(input, mask, curr) \
- ( ( (input) & ~(mask) ) | ( (curr) & (mask) ) )
-
-/* arg % size for size which is a power of 2 */
-#define MOD2(input, size) \
- ( ( input ) & ( size - 1 ) )
-
-#define ETHER_ADDR_LEN 6
-#define ETHER_TYPE_LEN 2
-#define ETH_HLEN (ETHER_ADDR_LEN * 2 + ETHER_TYPE_LEN)
-#define ETH_P_IP 0x0800 /* Internet Protocol packet */
-#define ETH_P_8021Q 0x8100 /* 802.1Q VLAN Extended Header */
-#define ETH_MTU 1500
-
-#define VLAN_TCI_LEN 2
-#define VLAN_HLEN (ETHER_TYPE_LEN + VLAN_TCI_LEN)
-
-#if defined (DEBUG_RTL8139)
-# define DPRINTF(fmt, ...) \
- do { fprintf(stderr, "RTL8139: " fmt, ## __VA_ARGS__); } while (0)
-#else
-static inline GCC_FMT_ATTR(1, 2) int DPRINTF(const char *fmt, ...)
-{
- return 0;
-}
-#endif
-
-/* Symbolic offsets to registers. */
-enum RTL8139_registers {
- MAC0 = 0, /* Ethernet hardware address. */
- MAR0 = 8, /* Multicast filter. */
- TxStatus0 = 0x10,/* Transmit status (Four 32bit registers). C mode only */
- /* Dump Tally Conter control register(64bit). C+ mode only */
- TxAddr0 = 0x20, /* Tx descriptors (also four 32bit). */
- RxBuf = 0x30,
- ChipCmd = 0x37,
- RxBufPtr = 0x38,
- RxBufAddr = 0x3A,
- IntrMask = 0x3C,
- IntrStatus = 0x3E,
- TxConfig = 0x40,
- RxConfig = 0x44,
- Timer = 0x48, /* A general-purpose counter. */
- RxMissed = 0x4C, /* 24 bits valid, write clears. */
- Cfg9346 = 0x50,
- Config0 = 0x51,
- Config1 = 0x52,
- FlashReg = 0x54,
- MediaStatus = 0x58,
- Config3 = 0x59,
- Config4 = 0x5A, /* absent on RTL-8139A */
- HltClk = 0x5B,
- MultiIntr = 0x5C,
- PCIRevisionID = 0x5E,
- TxSummary = 0x60, /* TSAD register. Transmit Status of All Descriptors*/
- BasicModeCtrl = 0x62,
- BasicModeStatus = 0x64,
- NWayAdvert = 0x66,
- NWayLPAR = 0x68,
- NWayExpansion = 0x6A,
- /* Undocumented registers, but required for proper operation. */
- FIFOTMS = 0x70, /* FIFO Control and test. */
- CSCR = 0x74, /* Chip Status and Configuration Register. */
- PARA78 = 0x78,
- PARA7c = 0x7c, /* Magic transceiver parameter register. */
- Config5 = 0xD8, /* absent on RTL-8139A */
- /* C+ mode */
- TxPoll = 0xD9, /* Tell chip to check Tx descriptors for work */
- RxMaxSize = 0xDA, /* Max size of an Rx packet (8169 only) */
- CpCmd = 0xE0, /* C+ Command register (C+ mode only) */
- IntrMitigate = 0xE2, /* rx/tx interrupt mitigation control */
- RxRingAddrLO = 0xE4, /* 64-bit start addr of Rx ring */
- RxRingAddrHI = 0xE8, /* 64-bit start addr of Rx ring */
- TxThresh = 0xEC, /* Early Tx threshold */
-};
-
-enum ClearBitMasks {
- MultiIntrClear = 0xF000,
- ChipCmdClear = 0xE2,
- Config1Clear = (1<<7)|(1<<6)|(1<<3)|(1<<2)|(1<<1),
-};
-
-enum ChipCmdBits {
- CmdReset = 0x10,
- CmdRxEnb = 0x08,
- CmdTxEnb = 0x04,
- RxBufEmpty = 0x01,
-};
-
-/* C+ mode */
-enum CplusCmdBits {
- CPlusRxVLAN = 0x0040, /* enable receive VLAN detagging */
- CPlusRxChkSum = 0x0020, /* enable receive checksum offloading */
- CPlusRxEnb = 0x0002,
- CPlusTxEnb = 0x0001,
-};
-
-/* Interrupt register bits, using my own meaningful names. */
-enum IntrStatusBits {
- PCIErr = 0x8000,
- PCSTimeout = 0x4000,
- RxFIFOOver = 0x40,
- RxUnderrun = 0x20, /* Packet Underrun / Link Change */
- RxOverflow = 0x10,
- TxErr = 0x08,
- TxOK = 0x04,
- RxErr = 0x02,
- RxOK = 0x01,
-
- RxAckBits = RxFIFOOver | RxOverflow | RxOK,
-};
-
-enum TxStatusBits {
- TxHostOwns = 0x2000,
- TxUnderrun = 0x4000,
- TxStatOK = 0x8000,
- TxOutOfWindow = 0x20000000,
- TxAborted = 0x40000000,
- TxCarrierLost = 0x80000000,
-};
-enum RxStatusBits {
- RxMulticast = 0x8000,
- RxPhysical = 0x4000,
- RxBroadcast = 0x2000,
- RxBadSymbol = 0x0020,
- RxRunt = 0x0010,
- RxTooLong = 0x0008,
- RxCRCErr = 0x0004,
- RxBadAlign = 0x0002,
- RxStatusOK = 0x0001,
-};
-
-/* Bits in RxConfig. */
-enum rx_mode_bits {
- AcceptErr = 0x20,
- AcceptRunt = 0x10,
- AcceptBroadcast = 0x08,
- AcceptMulticast = 0x04,
- AcceptMyPhys = 0x02,
- AcceptAllPhys = 0x01,
-};
-
-/* Bits in TxConfig. */
-enum tx_config_bits {
-
- /* Interframe Gap Time. Only TxIFG96 doesn't violate IEEE 802.3 */
- TxIFGShift = 24,
- TxIFG84 = (0 << TxIFGShift), /* 8.4us / 840ns (10 / 100Mbps) */
- TxIFG88 = (1 << TxIFGShift), /* 8.8us / 880ns (10 / 100Mbps) */
- TxIFG92 = (2 << TxIFGShift), /* 9.2us / 920ns (10 / 100Mbps) */
- TxIFG96 = (3 << TxIFGShift), /* 9.6us / 960ns (10 / 100Mbps) */
-
- TxLoopBack = (1 << 18) | (1 << 17), /* enable loopback test mode */
- TxCRC = (1 << 16), /* DISABLE appending CRC to end of Tx packets */
- TxClearAbt = (1 << 0), /* Clear abort (WO) */
- TxDMAShift = 8, /* DMA burst value (0-7) is shifted this many bits */
- TxRetryShift = 4, /* TXRR value (0-15) is shifted this many bits */
-
- TxVersionMask = 0x7C800000, /* mask out version bits 30-26, 23 */
-};
-
-
-/* Transmit Status of All Descriptors (TSAD) Register */
-enum TSAD_bits {
- TSAD_TOK3 = 1<<15, // TOK bit of Descriptor 3
- TSAD_TOK2 = 1<<14, // TOK bit of Descriptor 2
- TSAD_TOK1 = 1<<13, // TOK bit of Descriptor 1
- TSAD_TOK0 = 1<<12, // TOK bit of Descriptor 0
- TSAD_TUN3 = 1<<11, // TUN bit of Descriptor 3
- TSAD_TUN2 = 1<<10, // TUN bit of Descriptor 2
- TSAD_TUN1 = 1<<9, // TUN bit of Descriptor 1
- TSAD_TUN0 = 1<<8, // TUN bit of Descriptor 0
- TSAD_TABT3 = 1<<07, // TABT bit of Descriptor 3
- TSAD_TABT2 = 1<<06, // TABT bit of Descriptor 2
- TSAD_TABT1 = 1<<05, // TABT bit of Descriptor 1
- TSAD_TABT0 = 1<<04, // TABT bit of Descriptor 0
- TSAD_OWN3 = 1<<03, // OWN bit of Descriptor 3
- TSAD_OWN2 = 1<<02, // OWN bit of Descriptor 2
- TSAD_OWN1 = 1<<01, // OWN bit of Descriptor 1
- TSAD_OWN0 = 1<<00, // OWN bit of Descriptor 0
-};
-
-
-/* Bits in Config1 */
-enum Config1Bits {
- Cfg1_PM_Enable = 0x01,
- Cfg1_VPD_Enable = 0x02,
- Cfg1_PIO = 0x04,
- Cfg1_MMIO = 0x08,
- LWAKE = 0x10, /* not on 8139, 8139A */
- Cfg1_Driver_Load = 0x20,
- Cfg1_LED0 = 0x40,
- Cfg1_LED1 = 0x80,
- SLEEP = (1 << 1), /* only on 8139, 8139A */
- PWRDN = (1 << 0), /* only on 8139, 8139A */
-};
-
-/* Bits in Config3 */
-enum Config3Bits {
- Cfg3_FBtBEn = (1 << 0), /* 1 = Fast Back to Back */
- Cfg3_FuncRegEn = (1 << 1), /* 1 = enable CardBus Function registers */
- Cfg3_CLKRUN_En = (1 << 2), /* 1 = enable CLKRUN */
- Cfg3_CardB_En = (1 << 3), /* 1 = enable CardBus registers */
- Cfg3_LinkUp = (1 << 4), /* 1 = wake up on link up */
- Cfg3_Magic = (1 << 5), /* 1 = wake up on Magic Packet (tm) */
- Cfg3_PARM_En = (1 << 6), /* 0 = software can set twister parameters */
- Cfg3_GNTSel = (1 << 7), /* 1 = delay 1 clock from PCI GNT signal */
-};
-
-/* Bits in Config4 */
-enum Config4Bits {
- LWPTN = (1 << 2), /* not on 8139, 8139A */
-};
-
-/* Bits in Config5 */
-enum Config5Bits {
- Cfg5_PME_STS = (1 << 0), /* 1 = PCI reset resets PME_Status */
- Cfg5_LANWake = (1 << 1), /* 1 = enable LANWake signal */
- Cfg5_LDPS = (1 << 2), /* 0 = save power when link is down */
- Cfg5_FIFOAddrPtr = (1 << 3), /* Realtek internal SRAM testing */
- Cfg5_UWF = (1 << 4), /* 1 = accept unicast wakeup frame */
- Cfg5_MWF = (1 << 5), /* 1 = accept multicast wakeup frame */
- Cfg5_BWF = (1 << 6), /* 1 = accept broadcast wakeup frame */
-};
-
-enum RxConfigBits {
- /* rx fifo threshold */
- RxCfgFIFOShift = 13,
- RxCfgFIFONone = (7 << RxCfgFIFOShift),
-
- /* Max DMA burst */
- RxCfgDMAShift = 8,
- RxCfgDMAUnlimited = (7 << RxCfgDMAShift),
-
- /* rx ring buffer length */
- RxCfgRcv8K = 0,
- RxCfgRcv16K = (1 << 11),
- RxCfgRcv32K = (1 << 12),
- RxCfgRcv64K = (1 << 11) | (1 << 12),
-
- /* Disable packet wrap at end of Rx buffer. (not possible with 64k) */
- RxNoWrap = (1 << 7),
-};
-
-/* Twister tuning parameters from RealTek.
- Completely undocumented, but required to tune bad links on some boards. */
-/*
-enum CSCRBits {
- CSCR_LinkOKBit = 0x0400,
- CSCR_LinkChangeBit = 0x0800,
- CSCR_LinkStatusBits = 0x0f000,
- CSCR_LinkDownOffCmd = 0x003c0,
- CSCR_LinkDownCmd = 0x0f3c0,
-*/
-enum CSCRBits {
- CSCR_Testfun = 1<<15, /* 1 = Auto-neg speeds up internal timer, WO, def 0 */
- CSCR_LD = 1<<9, /* Active low TPI link disable signal. When low, TPI still transmits link pulses and TPI stays in good link state. def 1*/
- CSCR_HEART_BIT = 1<<8, /* 1 = HEART BEAT enable, 0 = HEART BEAT disable. HEART BEAT function is only valid in 10Mbps mode. def 1*/
- CSCR_JBEN = 1<<7, /* 1 = enable jabber function. 0 = disable jabber function, def 1*/
- CSCR_F_LINK_100 = 1<<6, /* Used to login force good link in 100Mbps for diagnostic purposes. 1 = DISABLE, 0 = ENABLE. def 1*/
- CSCR_F_Connect = 1<<5, /* Assertion of this bit forces the disconnect function to be bypassed. def 0*/
- CSCR_Con_status = 1<<3, /* This bit indicates the status of the connection. 1 = valid connected link detected; 0 = disconnected link detected. RO def 0*/
- CSCR_Con_status_En = 1<<2, /* Assertion of this bit configures LED1 pin to indicate connection status. def 0*/
- CSCR_PASS_SCR = 1<<0, /* Bypass Scramble, def 0*/
-};
-
-enum Cfg9346Bits {
- Cfg9346_Normal = 0x00,
- Cfg9346_Autoload = 0x40,
- Cfg9346_Programming = 0x80,
- Cfg9346_ConfigWrite = 0xC0,
-};
-
-typedef enum {
- CH_8139 = 0,
- CH_8139_K,
- CH_8139A,
- CH_8139A_G,
- CH_8139B,
- CH_8130,
- CH_8139C,
- CH_8100,
- CH_8100B_8139D,
- CH_8101,
-} chip_t;
-
-enum chip_flags {
- HasHltClk = (1 << 0),
- HasLWake = (1 << 1),
-};
-
-#define HW_REVID(b30, b29, b28, b27, b26, b23, b22) \
- (b30<<30 | b29<<29 | b28<<28 | b27<<27 | b26<<26 | b23<<23 | b22<<22)
-#define HW_REVID_MASK HW_REVID(1, 1, 1, 1, 1, 1, 1)
-
-#define RTL8139_PCI_REVID_8139 0x10
-#define RTL8139_PCI_REVID_8139CPLUS 0x20
-
-#define RTL8139_PCI_REVID RTL8139_PCI_REVID_8139CPLUS
-
-/* Size is 64 * 16bit words */
-#define EEPROM_9346_ADDR_BITS 6
-#define EEPROM_9346_SIZE (1 << EEPROM_9346_ADDR_BITS)
-#define EEPROM_9346_ADDR_MASK (EEPROM_9346_SIZE - 1)
-
-enum Chip9346Operation
-{
- Chip9346_op_mask = 0xc0, /* 10 zzzzzz */
- Chip9346_op_read = 0x80, /* 10 AAAAAA */
- Chip9346_op_write = 0x40, /* 01 AAAAAA D(15)..D(0) */
- Chip9346_op_ext_mask = 0xf0, /* 11 zzzzzz */
- Chip9346_op_write_enable = 0x30, /* 00 11zzzz */
- Chip9346_op_write_all = 0x10, /* 00 01zzzz */
- Chip9346_op_write_disable = 0x00, /* 00 00zzzz */
-};
-
-enum Chip9346Mode
-{
- Chip9346_none = 0,
- Chip9346_enter_command_mode,
- Chip9346_read_command,
- Chip9346_data_read, /* from output register */
- Chip9346_data_write, /* to input register, then to contents at specified address */
- Chip9346_data_write_all, /* to input register, then filling contents */
-};
-
-typedef struct EEprom9346
-{
- uint16_t contents[EEPROM_9346_SIZE];
- int mode;
- uint32_t tick;
- uint8_t address;
- uint16_t input;
- uint16_t output;
-
- uint8_t eecs;
- uint8_t eesk;
- uint8_t eedi;
- uint8_t eedo;
-} EEprom9346;
-
-typedef struct RTL8139TallyCounters
-{
- /* Tally counters */
- uint64_t TxOk;
- uint64_t RxOk;
- uint64_t TxERR;
- uint32_t RxERR;
- uint16_t MissPkt;
- uint16_t FAE;
- uint32_t Tx1Col;
- uint32_t TxMCol;
- uint64_t RxOkPhy;
- uint64_t RxOkBrd;
- uint32_t RxOkMul;
- uint16_t TxAbt;
- uint16_t TxUndrn;
-} RTL8139TallyCounters;
-
-/* Clears all tally counters */
-static void RTL8139TallyCounters_clear(RTL8139TallyCounters* counters);
-
-typedef struct RTL8139State {
- PCIDevice dev;
- uint8_t phys[8]; /* mac address */
- uint8_t mult[8]; /* multicast mask array */
-
- uint32_t TxStatus[4]; /* TxStatus0 in C mode*/ /* also DTCCR[0] and DTCCR[1] in C+ mode */
- uint32_t TxAddr[4]; /* TxAddr0 */
- uint32_t RxBuf; /* Receive buffer */
- uint32_t RxBufferSize;/* internal variable, receive ring buffer size in C mode */
- uint32_t RxBufPtr;
- uint32_t RxBufAddr;
-
- uint16_t IntrStatus;
- uint16_t IntrMask;
-
- uint32_t TxConfig;
- uint32_t RxConfig;
- uint32_t RxMissed;
-
- uint16_t CSCR;
-
- uint8_t Cfg9346;
- uint8_t Config0;
- uint8_t Config1;
- uint8_t Config3;
- uint8_t Config4;
- uint8_t Config5;
-
- uint8_t clock_enabled;
- uint8_t bChipCmdState;
-
- uint16_t MultiIntr;
-
- uint16_t BasicModeCtrl;
- uint16_t BasicModeStatus;
- uint16_t NWayAdvert;
- uint16_t NWayLPAR;
- uint16_t NWayExpansion;
-
- uint16_t CpCmd;
- uint8_t TxThresh;
-
- NICState *nic;
- NICConf conf;
-
- /* C ring mode */
- uint32_t currTxDesc;
-
- /* C+ mode */
- uint32_t cplus_enabled;
-
- uint32_t currCPlusRxDesc;
- uint32_t currCPlusTxDesc;
-
- uint32_t RxRingAddrLO;
- uint32_t RxRingAddrHI;
-
- EEprom9346 eeprom;
-
- uint32_t TCTR;
- uint32_t TimerInt;
- int64_t TCTR_base;
-
- /* Tally counters */
- RTL8139TallyCounters tally_counters;
-
- /* Non-persistent data */
- uint8_t *cplus_txbuffer;
- int cplus_txbuffer_len;
- int cplus_txbuffer_offset;
-
- /* PCI interrupt timer */
- QEMUTimer *timer;
- int64_t TimerExpire;
-
- MemoryRegion bar_io;
- MemoryRegion bar_mem;
-
- /* Support migration to/from old versions */
- int rtl8139_mmio_io_addr_dummy;
-} RTL8139State;
-
-/* Writes tally counters to memory via DMA */
-static void RTL8139TallyCounters_dma_write(RTL8139State *s, dma_addr_t tc_addr);
-
-static void rtl8139_set_next_tctr_time(RTL8139State *s, int64_t current_time);
-
-static void prom9346_decode_command(EEprom9346 *eeprom, uint8_t command)
-{
- DPRINTF("eeprom command 0x%02x\n", command);
-
- switch (command & Chip9346_op_mask)
- {
- case Chip9346_op_read:
- {
- eeprom->address = command & EEPROM_9346_ADDR_MASK;
- eeprom->output = eeprom->contents[eeprom->address];
- eeprom->eedo = 0;
- eeprom->tick = 0;
- eeprom->mode = Chip9346_data_read;
- DPRINTF("eeprom read from address 0x%02x data=0x%04x\n",
- eeprom->address, eeprom->output);
- }
- break;
-
- case Chip9346_op_write:
- {
- eeprom->address = command & EEPROM_9346_ADDR_MASK;
- eeprom->input = 0;
- eeprom->tick = 0;
- eeprom->mode = Chip9346_none; /* Chip9346_data_write */
- DPRINTF("eeprom begin write to address 0x%02x\n",
- eeprom->address);
- }
- break;
- default:
- eeprom->mode = Chip9346_none;
- switch (command & Chip9346_op_ext_mask)
- {
- case Chip9346_op_write_enable:
- DPRINTF("eeprom write enabled\n");
- break;
- case Chip9346_op_write_all:
- DPRINTF("eeprom begin write all\n");
- break;
- case Chip9346_op_write_disable:
- DPRINTF("eeprom write disabled\n");
- break;
- }
- break;
- }
-}
-
-static void prom9346_shift_clock(EEprom9346 *eeprom)
-{
- int bit = eeprom->eedi?1:0;
-
- ++ eeprom->tick;
-
- DPRINTF("eeprom: tick %d eedi=%d eedo=%d\n", eeprom->tick, eeprom->eedi,
- eeprom->eedo);
-
- switch (eeprom->mode)
- {
- case Chip9346_enter_command_mode:
- if (bit)
- {
- eeprom->mode = Chip9346_read_command;
- eeprom->tick = 0;
- eeprom->input = 0;
- DPRINTF("eeprom: +++ synchronized, begin command read\n");
- }
- break;
-
- case Chip9346_read_command:
- eeprom->input = (eeprom->input << 1) | (bit & 1);
- if (eeprom->tick == 8)
- {
- prom9346_decode_command(eeprom, eeprom->input & 0xff);
- }
- break;
-
- case Chip9346_data_read:
- eeprom->eedo = (eeprom->output & 0x8000)?1:0;
- eeprom->output <<= 1;
- if (eeprom->tick == 16)
- {
-#if 1
- // the FreeBSD drivers (rl and re) don't explicitly toggle
- // CS between reads (or does setting Cfg9346 to 0 count too?),
- // so we need to enter wait-for-command state here
- eeprom->mode = Chip9346_enter_command_mode;
- eeprom->input = 0;
- eeprom->tick = 0;
-
- DPRINTF("eeprom: +++ end of read, awaiting next command\n");
-#else
- // original behaviour
- ++eeprom->address;
- eeprom->address &= EEPROM_9346_ADDR_MASK;
- eeprom->output = eeprom->contents[eeprom->address];
- eeprom->tick = 0;
-
- DPRINTF("eeprom: +++ read next address 0x%02x data=0x%04x\n",
- eeprom->address, eeprom->output);
-#endif
- }
- break;
-
- case Chip9346_data_write:
- eeprom->input = (eeprom->input << 1) | (bit & 1);
- if (eeprom->tick == 16)
- {
- DPRINTF("eeprom write to address 0x%02x data=0x%04x\n",
- eeprom->address, eeprom->input);
-
- eeprom->contents[eeprom->address] = eeprom->input;
- eeprom->mode = Chip9346_none; /* waiting for next command after CS cycle */
- eeprom->tick = 0;
- eeprom->input = 0;
- }
- break;
-
- case Chip9346_data_write_all:
- eeprom->input = (eeprom->input << 1) | (bit & 1);
- if (eeprom->tick == 16)
- {
- int i;
- for (i = 0; i < EEPROM_9346_SIZE; i++)
- {
- eeprom->contents[i] = eeprom->input;
- }
- DPRINTF("eeprom filled with data=0x%04x\n", eeprom->input);
-
- eeprom->mode = Chip9346_enter_command_mode;
- eeprom->tick = 0;
- eeprom->input = 0;
- }
- break;
-
- default:
- break;
- }
-}
-
-static int prom9346_get_wire(RTL8139State *s)
-{
- EEprom9346 *eeprom = &s->eeprom;
- if (!eeprom->eecs)
- return 0;
-
- return eeprom->eedo;
-}
-
-/* FIXME: This should be merged into/replaced by eeprom93xx.c. */
-static void prom9346_set_wire(RTL8139State *s, int eecs, int eesk, int eedi)
-{
- EEprom9346 *eeprom = &s->eeprom;
- uint8_t old_eecs = eeprom->eecs;
- uint8_t old_eesk = eeprom->eesk;
-
- eeprom->eecs = eecs;
- eeprom->eesk = eesk;
- eeprom->eedi = eedi;
-
- DPRINTF("eeprom: +++ wires CS=%d SK=%d DI=%d DO=%d\n", eeprom->eecs,
- eeprom->eesk, eeprom->eedi, eeprom->eedo);
-
- if (!old_eecs && eecs)
- {
- /* Synchronize start */
- eeprom->tick = 0;
- eeprom->input = 0;
- eeprom->output = 0;
- eeprom->mode = Chip9346_enter_command_mode;
-
- DPRINTF("=== eeprom: begin access, enter command mode\n");
- }
-
- if (!eecs)
- {
- DPRINTF("=== eeprom: end access\n");
- return;
- }
-
- if (!old_eesk && eesk)
- {
- /* SK front rules */
- prom9346_shift_clock(eeprom);
- }
-}
-
-static void rtl8139_update_irq(RTL8139State *s)
-{
- int isr;
- isr = (s->IntrStatus & s->IntrMask) & 0xffff;
-
- DPRINTF("Set IRQ to %d (%04x %04x)\n", isr ? 1 : 0, s->IntrStatus,
- s->IntrMask);
-
- qemu_set_irq(s->dev.irq[0], (isr != 0));
-}
-
-static int rtl8139_RxWrap(RTL8139State *s)
-{
- /* wrapping enabled; assume 1.5k more buffer space if size < 65536 */
- return (s->RxConfig & (1 << 7));
-}
-
-static int rtl8139_receiver_enabled(RTL8139State *s)
-{
- return s->bChipCmdState & CmdRxEnb;
-}
-
-static int rtl8139_transmitter_enabled(RTL8139State *s)
-{
- return s->bChipCmdState & CmdTxEnb;
-}
-
-static int rtl8139_cp_receiver_enabled(RTL8139State *s)
-{
- return s->CpCmd & CPlusRxEnb;
-}
-
-static int rtl8139_cp_transmitter_enabled(RTL8139State *s)
-{
- return s->CpCmd & CPlusTxEnb;
-}
-
-static void rtl8139_write_buffer(RTL8139State *s, const void *buf, int size)
-{
- if (s->RxBufAddr + size > s->RxBufferSize)
- {
- int wrapped = MOD2(s->RxBufAddr + size, s->RxBufferSize);
-
- /* write packet data */
- if (wrapped && !(s->RxBufferSize < 65536 && rtl8139_RxWrap(s)))
- {
- DPRINTF(">>> rx packet wrapped in buffer at %d\n", size - wrapped);
-
- if (size > wrapped)
- {
- pci_dma_write(&s->dev, s->RxBuf + s->RxBufAddr,
- buf, size-wrapped);
- }
-
- /* reset buffer pointer */
- s->RxBufAddr = 0;
-
- pci_dma_write(&s->dev, s->RxBuf + s->RxBufAddr,
- buf + (size-wrapped), wrapped);
-
- s->RxBufAddr = wrapped;
-
- return;
- }
- }
-
- /* non-wrapping path or overwrapping enabled */
- pci_dma_write(&s->dev, s->RxBuf + s->RxBufAddr, buf, size);
-
- s->RxBufAddr += size;
-}
-
-#define MIN_BUF_SIZE 60
-static inline dma_addr_t rtl8139_addr64(uint32_t low, uint32_t high)
-{
- return low | ((uint64_t)high << 32);
-}
-
-/* Workaround for buggy guest driver such as linux who allocates rx
- * rings after the receiver were enabled. */
-static bool rtl8139_cp_rx_valid(RTL8139State *s)
-{
- return !(s->RxRingAddrLO == 0 && s->RxRingAddrHI == 0);
-}
-
-static int rtl8139_can_receive(NetClientState *nc)
-{
- RTL8139State *s = DO_UPCAST(NICState, nc, nc)->opaque;
- int avail;
-
- /* Receive (drop) packets if card is disabled. */
- if (!s->clock_enabled)
- return 1;
- if (!rtl8139_receiver_enabled(s))
- return 1;
-
- if (rtl8139_cp_receiver_enabled(s) && rtl8139_cp_rx_valid(s)) {
- /* ??? Flow control not implemented in c+ mode.
- This is a hack to work around slirp deficiencies anyway. */
- return 1;
- } else {
- avail = MOD2(s->RxBufferSize + s->RxBufPtr - s->RxBufAddr,
- s->RxBufferSize);
- return (avail == 0 || avail >= 1514 || (s->IntrMask & RxOverflow));
- }
-}
-
-static ssize_t rtl8139_do_receive(NetClientState *nc, const uint8_t *buf, size_t size_, int do_interrupt)
-{
- RTL8139State *s = DO_UPCAST(NICState, nc, nc)->opaque;
- /* size is the length of the buffer passed to the driver */
- int size = size_;
- const uint8_t *dot1q_buf = NULL;
-
- uint32_t packet_header = 0;
-
- uint8_t buf1[MIN_BUF_SIZE + VLAN_HLEN];
- static const uint8_t broadcast_macaddr[6] =
- { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
-
- DPRINTF(">>> received len=%d\n", size);
-
- /* test if board clock is stopped */
- if (!s->clock_enabled)
- {
- DPRINTF("stopped ==========================\n");
- return -1;
- }
-
- /* first check if receiver is enabled */
-
- if (!rtl8139_receiver_enabled(s))
- {
- DPRINTF("receiver disabled ================\n");
- return -1;
- }
-
- /* XXX: check this */
- if (s->RxConfig & AcceptAllPhys) {
- /* promiscuous: receive all */
- DPRINTF(">>> packet received in promiscuous mode\n");
-
- } else {
- if (!memcmp(buf, broadcast_macaddr, 6)) {
- /* broadcast address */
- if (!(s->RxConfig & AcceptBroadcast))
- {
- DPRINTF(">>> broadcast packet rejected\n");
-
- /* update tally counter */
- ++s->tally_counters.RxERR;
-
- return size;
- }
-
- packet_header |= RxBroadcast;
-
- DPRINTF(">>> broadcast packet received\n");
-
- /* update tally counter */
- ++s->tally_counters.RxOkBrd;
-
- } else if (buf[0] & 0x01) {
- /* multicast */
- if (!(s->RxConfig & AcceptMulticast))
- {
- DPRINTF(">>> multicast packet rejected\n");
-
- /* update tally counter */
- ++s->tally_counters.RxERR;
-
- return size;
- }
-
- int mcast_idx = compute_mcast_idx(buf);
-
- if (!(s->mult[mcast_idx >> 3] & (1 << (mcast_idx & 7))))
- {
- DPRINTF(">>> multicast address mismatch\n");
-
- /* update tally counter */
- ++s->tally_counters.RxERR;
-
- return size;
- }
-
- packet_header |= RxMulticast;
-
- DPRINTF(">>> multicast packet received\n");
-
- /* update tally counter */
- ++s->tally_counters.RxOkMul;
-
- } else if (s->phys[0] == buf[0] &&
- s->phys[1] == buf[1] &&
- s->phys[2] == buf[2] &&
- s->phys[3] == buf[3] &&
- s->phys[4] == buf[4] &&
- s->phys[5] == buf[5]) {
- /* match */
- if (!(s->RxConfig & AcceptMyPhys))
- {
- DPRINTF(">>> rejecting physical address matching packet\n");
-
- /* update tally counter */
- ++s->tally_counters.RxERR;
-
- return size;
- }
-
- packet_header |= RxPhysical;
-
- DPRINTF(">>> physical address matching packet received\n");
-
- /* update tally counter */
- ++s->tally_counters.RxOkPhy;
-
- } else {
-
- DPRINTF(">>> unknown packet\n");
-
- /* update tally counter */
- ++s->tally_counters.RxERR;
-
- return size;
- }
- }
-
- /* if too small buffer, then expand it
- * Include some tailroom in case a vlan tag is later removed. */
- if (size < MIN_BUF_SIZE + VLAN_HLEN) {
- memcpy(buf1, buf, size);
- memset(buf1 + size, 0, MIN_BUF_SIZE + VLAN_HLEN - size);
- buf = buf1;
- if (size < MIN_BUF_SIZE) {
- size = MIN_BUF_SIZE;
- }
- }
-
- if (rtl8139_cp_receiver_enabled(s))
- {
- if (!rtl8139_cp_rx_valid(s)) {
- return size;
- }
-
- DPRINTF("in C+ Rx mode ================\n");
-
- /* begin C+ receiver mode */
-
-/* w0 ownership flag */
-#define CP_RX_OWN (1<<31)
-/* w0 end of ring flag */
-#define CP_RX_EOR (1<<30)
-/* w0 bits 0...12 : buffer size */
-#define CP_RX_BUFFER_SIZE_MASK ((1<<13) - 1)
-/* w1 tag available flag */
-#define CP_RX_TAVA (1<<16)
-/* w1 bits 0...15 : VLAN tag */
-#define CP_RX_VLAN_TAG_MASK ((1<<16) - 1)
-/* w2 low 32bit of Rx buffer ptr */
-/* w3 high 32bit of Rx buffer ptr */
-
- int descriptor = s->currCPlusRxDesc;
- dma_addr_t cplus_rx_ring_desc;
-
- cplus_rx_ring_desc = rtl8139_addr64(s->RxRingAddrLO, s->RxRingAddrHI);
- cplus_rx_ring_desc += 16 * descriptor;
-
- DPRINTF("+++ C+ mode reading RX descriptor %d from host memory at "
- "%08x %08x = "DMA_ADDR_FMT"\n", descriptor, s->RxRingAddrHI,
- s->RxRingAddrLO, cplus_rx_ring_desc);
-
- uint32_t val, rxdw0,rxdw1,rxbufLO,rxbufHI;
-
- pci_dma_read(&s->dev, cplus_rx_ring_desc, &val, 4);
- rxdw0 = le32_to_cpu(val);
- pci_dma_read(&s->dev, cplus_rx_ring_desc+4, &val, 4);
- rxdw1 = le32_to_cpu(val);
- pci_dma_read(&s->dev, cplus_rx_ring_desc+8, &val, 4);
- rxbufLO = le32_to_cpu(val);
- pci_dma_read(&s->dev, cplus_rx_ring_desc+12, &val, 4);
- rxbufHI = le32_to_cpu(val);
-
- DPRINTF("+++ C+ mode RX descriptor %d %08x %08x %08x %08x\n",
- descriptor, rxdw0, rxdw1, rxbufLO, rxbufHI);
-
- if (!(rxdw0 & CP_RX_OWN))
- {
- DPRINTF("C+ Rx mode : descriptor %d is owned by host\n",
- descriptor);
-
- s->IntrStatus |= RxOverflow;
- ++s->RxMissed;
-
- /* update tally counter */
- ++s->tally_counters.RxERR;
- ++s->tally_counters.MissPkt;
-
- rtl8139_update_irq(s);
- return size_;
- }
-
- uint32_t rx_space = rxdw0 & CP_RX_BUFFER_SIZE_MASK;
-
- /* write VLAN info to descriptor variables. */
- if (s->CpCmd & CPlusRxVLAN && be16_to_cpup((uint16_t *)
- &buf[ETHER_ADDR_LEN * 2]) == ETH_P_8021Q) {
- dot1q_buf = &buf[ETHER_ADDR_LEN * 2];
- size -= VLAN_HLEN;
- /* if too small buffer, use the tailroom added duing expansion */
- if (size < MIN_BUF_SIZE) {
- size = MIN_BUF_SIZE;
- }
-
- rxdw1 &= ~CP_RX_VLAN_TAG_MASK;
- /* BE + ~le_to_cpu()~ + cpu_to_le() = BE */
- rxdw1 |= CP_RX_TAVA | le16_to_cpup((uint16_t *)
- &dot1q_buf[ETHER_TYPE_LEN]);
-
- DPRINTF("C+ Rx mode : extracted vlan tag with tci: ""%u\n",
- be16_to_cpup((uint16_t *)&dot1q_buf[ETHER_TYPE_LEN]));
- } else {
- /* reset VLAN tag flag */
- rxdw1 &= ~CP_RX_TAVA;
- }
-
- /* TODO: scatter the packet over available receive ring descriptors space */
-
- if (size+4 > rx_space)
- {
- DPRINTF("C+ Rx mode : descriptor %d size %d received %d + 4\n",
- descriptor, rx_space, size);
-
- s->IntrStatus |= RxOverflow;
- ++s->RxMissed;
-
- /* update tally counter */
- ++s->tally_counters.RxERR;
- ++s->tally_counters.MissPkt;
-
- rtl8139_update_irq(s);
- return size_;
- }
-
- dma_addr_t rx_addr = rtl8139_addr64(rxbufLO, rxbufHI);
-
- /* receive/copy to target memory */
- if (dot1q_buf) {
- pci_dma_write(&s->dev, rx_addr, buf, 2 * ETHER_ADDR_LEN);
- pci_dma_write(&s->dev, rx_addr + 2 * ETHER_ADDR_LEN,
- buf + 2 * ETHER_ADDR_LEN + VLAN_HLEN,
- size - 2 * ETHER_ADDR_LEN);
- } else {
- pci_dma_write(&s->dev, rx_addr, buf, size);
- }
-
- if (s->CpCmd & CPlusRxChkSum)
- {
- /* do some packet checksumming */
- }
-
- /* write checksum */
- val = cpu_to_le32(crc32(0, buf, size_));
- pci_dma_write(&s->dev, rx_addr+size, (uint8_t *)&val, 4);
-
-/* first segment of received packet flag */
-#define CP_RX_STATUS_FS (1<<29)
-/* last segment of received packet flag */
-#define CP_RX_STATUS_LS (1<<28)
-/* multicast packet flag */
-#define CP_RX_STATUS_MAR (1<<26)
-/* physical-matching packet flag */
-#define CP_RX_STATUS_PAM (1<<25)
-/* broadcast packet flag */
-#define CP_RX_STATUS_BAR (1<<24)
-/* runt packet flag */
-#define CP_RX_STATUS_RUNT (1<<19)
-/* crc error flag */
-#define CP_RX_STATUS_CRC (1<<18)
-/* IP checksum error flag */
-#define CP_RX_STATUS_IPF (1<<15)
-/* UDP checksum error flag */
-#define CP_RX_STATUS_UDPF (1<<14)
-/* TCP checksum error flag */
-#define CP_RX_STATUS_TCPF (1<<13)
-
- /* transfer ownership to target */
- rxdw0 &= ~CP_RX_OWN;
-
- /* set first segment bit */
- rxdw0 |= CP_RX_STATUS_FS;
-
- /* set last segment bit */
- rxdw0 |= CP_RX_STATUS_LS;
-
- /* set received packet type flags */
- if (packet_header & RxBroadcast)
- rxdw0 |= CP_RX_STATUS_BAR;
- if (packet_header & RxMulticast)
- rxdw0 |= CP_RX_STATUS_MAR;
- if (packet_header & RxPhysical)
- rxdw0 |= CP_RX_STATUS_PAM;
-
- /* set received size */
- rxdw0 &= ~CP_RX_BUFFER_SIZE_MASK;
- rxdw0 |= (size+4);
-
- /* update ring data */
- val = cpu_to_le32(rxdw0);
- pci_dma_write(&s->dev, cplus_rx_ring_desc, (uint8_t *)&val, 4);
- val = cpu_to_le32(rxdw1);
- pci_dma_write(&s->dev, cplus_rx_ring_desc+4, (uint8_t *)&val, 4);
-
- /* update tally counter */
- ++s->tally_counters.RxOk;
-
- /* seek to next Rx descriptor */
- if (rxdw0 & CP_RX_EOR)
- {
- s->currCPlusRxDesc = 0;
- }
- else
- {
- ++s->currCPlusRxDesc;
- }
-
- DPRINTF("done C+ Rx mode ----------------\n");
-
- }
- else
- {
- DPRINTF("in ring Rx mode ================\n");
-
- /* begin ring receiver mode */
- int avail = MOD2(s->RxBufferSize + s->RxBufPtr - s->RxBufAddr, s->RxBufferSize);
-
- /* if receiver buffer is empty then avail == 0 */
-
- if (avail != 0 && size + 8 >= avail)
- {
- DPRINTF("rx overflow: rx buffer length %d head 0x%04x "
- "read 0x%04x === available 0x%04x need 0x%04x\n",
- s->RxBufferSize, s->RxBufAddr, s->RxBufPtr, avail, size + 8);
-
- s->IntrStatus |= RxOverflow;
- ++s->RxMissed;
- rtl8139_update_irq(s);
- return size_;
- }
-
- packet_header |= RxStatusOK;
-
- packet_header |= (((size+4) << 16) & 0xffff0000);
-
- /* write header */
- uint32_t val = cpu_to_le32(packet_header);
-
- rtl8139_write_buffer(s, (uint8_t *)&val, 4);
-
- rtl8139_write_buffer(s, buf, size);
-
- /* write checksum */
- val = cpu_to_le32(crc32(0, buf, size));
- rtl8139_write_buffer(s, (uint8_t *)&val, 4);
-
- /* correct buffer write pointer */
- s->RxBufAddr = MOD2((s->RxBufAddr + 3) & ~0x3, s->RxBufferSize);
-
- /* now we can signal we have received something */
-
- DPRINTF("received: rx buffer length %d head 0x%04x read 0x%04x\n",
- s->RxBufferSize, s->RxBufAddr, s->RxBufPtr);
- }
-
- s->IntrStatus |= RxOK;
-
- if (do_interrupt)
- {
- rtl8139_update_irq(s);
- }
-
- return size_;
-}
-
-static ssize_t rtl8139_receive(NetClientState *nc, const uint8_t *buf, size_t size)
-{
- return rtl8139_do_receive(nc, buf, size, 1);
-}
-
-static void rtl8139_reset_rxring(RTL8139State *s, uint32_t bufferSize)
-{
- s->RxBufferSize = bufferSize;
- s->RxBufPtr = 0;
- s->RxBufAddr = 0;
-}
-
-static void rtl8139_reset(DeviceState *d)
-{
- RTL8139State *s = container_of(d, RTL8139State, dev.qdev);
- int i;
-
- /* restore MAC address */
- memcpy(s->phys, s->conf.macaddr.a, 6);
-
- /* reset interrupt mask */
- s->IntrStatus = 0;
- s->IntrMask = 0;
-
- rtl8139_update_irq(s);
-
- /* mark all status registers as owned by host */
- for (i = 0; i < 4; ++i)
- {
- s->TxStatus[i] = TxHostOwns;
- }
-
- s->currTxDesc = 0;
- s->currCPlusRxDesc = 0;
- s->currCPlusTxDesc = 0;
-
- s->RxRingAddrLO = 0;
- s->RxRingAddrHI = 0;
-
- s->RxBuf = 0;
-
- rtl8139_reset_rxring(s, 8192);
-
- /* ACK the reset */
- s->TxConfig = 0;
-
-#if 0
-// s->TxConfig |= HW_REVID(1, 0, 0, 0, 0, 0, 0); // RTL-8139 HasHltClk
- s->clock_enabled = 0;
-#else
- s->TxConfig |= HW_REVID(1, 1, 1, 0, 1, 1, 0); // RTL-8139C+ HasLWake
- s->clock_enabled = 1;
-#endif
-
- s->bChipCmdState = CmdReset; /* RxBufEmpty bit is calculated on read from ChipCmd */;
-
- /* set initial state data */
- s->Config0 = 0x0; /* No boot ROM */
- s->Config1 = 0xC; /* IO mapped and MEM mapped registers available */
- s->Config3 = 0x1; /* fast back-to-back compatible */
- s->Config5 = 0x0;
-
- s->CSCR = CSCR_F_LINK_100 | CSCR_HEART_BIT | CSCR_LD;
-
- s->CpCmd = 0x0; /* reset C+ mode */
- s->cplus_enabled = 0;
-
-
-// s->BasicModeCtrl = 0x3100; // 100Mbps, full duplex, autonegotiation
-// s->BasicModeCtrl = 0x2100; // 100Mbps, full duplex
- s->BasicModeCtrl = 0x1000; // autonegotiation
-
- s->BasicModeStatus = 0x7809;
- //s->BasicModeStatus |= 0x0040; /* UTP medium */
- s->BasicModeStatus |= 0x0020; /* autonegotiation completed */
- s->BasicModeStatus |= 0x0004; /* link is up */
-
- s->NWayAdvert = 0x05e1; /* all modes, full duplex */
- s->NWayLPAR = 0x05e1; /* all modes, full duplex */
- s->NWayExpansion = 0x0001; /* autonegotiation supported */
-
- /* also reset timer and disable timer interrupt */
- s->TCTR = 0;
- s->TimerInt = 0;
- s->TCTR_base = 0;
-
- /* reset tally counters */
- RTL8139TallyCounters_clear(&s->tally_counters);
-}
-
-static void RTL8139TallyCounters_clear(RTL8139TallyCounters* counters)
-{
- counters->TxOk = 0;
- counters->RxOk = 0;
- counters->TxERR = 0;
- counters->RxERR = 0;
- counters->MissPkt = 0;
- counters->FAE = 0;
- counters->Tx1Col = 0;
- counters->TxMCol = 0;
- counters->RxOkPhy = 0;
- counters->RxOkBrd = 0;
- counters->RxOkMul = 0;
- counters->TxAbt = 0;
- counters->TxUndrn = 0;
-}
-
-static void RTL8139TallyCounters_dma_write(RTL8139State *s, dma_addr_t tc_addr)
-{
- RTL8139TallyCounters *tally_counters = &s->tally_counters;
- uint16_t val16;
- uint32_t val32;
- uint64_t val64;
-
- val64 = cpu_to_le64(tally_counters->TxOk);
- pci_dma_write(&s->dev, tc_addr + 0, (uint8_t *)&val64, 8);
-
- val64 = cpu_to_le64(tally_counters->RxOk);
- pci_dma_write(&s->dev, tc_addr + 8, (uint8_t *)&val64, 8);
-
- val64 = cpu_to_le64(tally_counters->TxERR);
- pci_dma_write(&s->dev, tc_addr + 16, (uint8_t *)&val64, 8);
-
- val32 = cpu_to_le32(tally_counters->RxERR);
- pci_dma_write(&s->dev, tc_addr + 24, (uint8_t *)&val32, 4);
-
- val16 = cpu_to_le16(tally_counters->MissPkt);
- pci_dma_write(&s->dev, tc_addr + 28, (uint8_t *)&val16, 2);
-
- val16 = cpu_to_le16(tally_counters->FAE);
- pci_dma_write(&s->dev, tc_addr + 30, (uint8_t *)&val16, 2);
-
- val32 = cpu_to_le32(tally_counters->Tx1Col);
- pci_dma_write(&s->dev, tc_addr + 32, (uint8_t *)&val32, 4);
-
- val32 = cpu_to_le32(tally_counters->TxMCol);
- pci_dma_write(&s->dev, tc_addr + 36, (uint8_t *)&val32, 4);
-
- val64 = cpu_to_le64(tally_counters->RxOkPhy);
- pci_dma_write(&s->dev, tc_addr + 40, (uint8_t *)&val64, 8);
-
- val64 = cpu_to_le64(tally_counters->RxOkBrd);
- pci_dma_write(&s->dev, tc_addr + 48, (uint8_t *)&val64, 8);
-
- val32 = cpu_to_le32(tally_counters->RxOkMul);
- pci_dma_write(&s->dev, tc_addr + 56, (uint8_t *)&val32, 4);
-
- val16 = cpu_to_le16(tally_counters->TxAbt);
- pci_dma_write(&s->dev, tc_addr + 60, (uint8_t *)&val16, 2);
-
- val16 = cpu_to_le16(tally_counters->TxUndrn);
- pci_dma_write(&s->dev, tc_addr + 62, (uint8_t *)&val16, 2);
-}
-
-/* Loads values of tally counters from VM state file */
-
-static const VMStateDescription vmstate_tally_counters = {
- .name = "tally_counters",
- .version_id = 1,
- .minimum_version_id = 1,
- .minimum_version_id_old = 1,
- .fields = (VMStateField []) {
- VMSTATE_UINT64(TxOk, RTL8139TallyCounters),
- VMSTATE_UINT64(RxOk, RTL8139TallyCounters),
- VMSTATE_UINT64(TxERR, RTL8139TallyCounters),
- VMSTATE_UINT32(RxERR, RTL8139TallyCounters),
- VMSTATE_UINT16(MissPkt, RTL8139TallyCounters),
- VMSTATE_UINT16(FAE, RTL8139TallyCounters),
- VMSTATE_UINT32(Tx1Col, RTL8139TallyCounters),
- VMSTATE_UINT32(TxMCol, RTL8139TallyCounters),
- VMSTATE_UINT64(RxOkPhy, RTL8139TallyCounters),
- VMSTATE_UINT64(RxOkBrd, RTL8139TallyCounters),
- VMSTATE_UINT16(TxAbt, RTL8139TallyCounters),
- VMSTATE_UINT16(TxUndrn, RTL8139TallyCounters),
- VMSTATE_END_OF_LIST()
- }
-};
-
-static void rtl8139_ChipCmd_write(RTL8139State *s, uint32_t val)
-{
- val &= 0xff;
-
- DPRINTF("ChipCmd write val=0x%08x\n", val);
-
- if (val & CmdReset)
- {
- DPRINTF("ChipCmd reset\n");
- rtl8139_reset(&s->dev.qdev);
- }
- if (val & CmdRxEnb)
- {
- DPRINTF("ChipCmd enable receiver\n");
-
- s->currCPlusRxDesc = 0;
- }
- if (val & CmdTxEnb)
- {
- DPRINTF("ChipCmd enable transmitter\n");
-
- s->currCPlusTxDesc = 0;
- }
-
- /* mask unwritable bits */
- val = SET_MASKED(val, 0xe3, s->bChipCmdState);
-
- /* Deassert reset pin before next read */
- val &= ~CmdReset;
-
- s->bChipCmdState = val;
-}
-
-static int rtl8139_RxBufferEmpty(RTL8139State *s)
-{
- int unread = MOD2(s->RxBufferSize + s->RxBufAddr - s->RxBufPtr, s->RxBufferSize);
-
- if (unread != 0)
- {
- DPRINTF("receiver buffer data available 0x%04x\n", unread);
- return 0;
- }
-
- DPRINTF("receiver buffer is empty\n");
-
- return 1;
-}
-
-static uint32_t rtl8139_ChipCmd_read(RTL8139State *s)
-{
- uint32_t ret = s->bChipCmdState;
-
- if (rtl8139_RxBufferEmpty(s))
- ret |= RxBufEmpty;
-
- DPRINTF("ChipCmd read val=0x%04x\n", ret);
-
- return ret;
-}
-
-static void rtl8139_CpCmd_write(RTL8139State *s, uint32_t val)
-{
- val &= 0xffff;
-
- DPRINTF("C+ command register write(w) val=0x%04x\n", val);
-
- s->cplus_enabled = 1;
-
- /* mask unwritable bits */
- val = SET_MASKED(val, 0xff84, s->CpCmd);
-
- s->CpCmd = val;
-}
-
-static uint32_t rtl8139_CpCmd_read(RTL8139State *s)
-{
- uint32_t ret = s->CpCmd;
-
- DPRINTF("C+ command register read(w) val=0x%04x\n", ret);
-
- return ret;
-}
-
-static void rtl8139_IntrMitigate_write(RTL8139State *s, uint32_t val)
-{
- DPRINTF("C+ IntrMitigate register write(w) val=0x%04x\n", val);
-}
-
-static uint32_t rtl8139_IntrMitigate_read(RTL8139State *s)
-{
- uint32_t ret = 0;
-
- DPRINTF("C+ IntrMitigate register read(w) val=0x%04x\n", ret);
-
- return ret;
-}
-
-static int rtl8139_config_writable(RTL8139State *s)
-{
- if ((s->Cfg9346 & Chip9346_op_mask) == Cfg9346_ConfigWrite)
- {
- return 1;
- }
-
- DPRINTF("Configuration registers are write-protected\n");
-
- return 0;
-}
-
-static void rtl8139_BasicModeCtrl_write(RTL8139State *s, uint32_t val)
-{
- val &= 0xffff;
-
- DPRINTF("BasicModeCtrl register write(w) val=0x%04x\n", val);
-
- /* mask unwritable bits */
- uint32_t mask = 0x4cff;
-
- if (1 || !rtl8139_config_writable(s))
- {
- /* Speed setting and autonegotiation enable bits are read-only */
- mask |= 0x3000;
- /* Duplex mode setting is read-only */
- mask |= 0x0100;
- }
-
- val = SET_MASKED(val, mask, s->BasicModeCtrl);
-
- s->BasicModeCtrl = val;
-}
-
-static uint32_t rtl8139_BasicModeCtrl_read(RTL8139State *s)
-{
- uint32_t ret = s->BasicModeCtrl;
-
- DPRINTF("BasicModeCtrl register read(w) val=0x%04x\n", ret);
-
- return ret;
-}
-
-static void rtl8139_BasicModeStatus_write(RTL8139State *s, uint32_t val)
-{
- val &= 0xffff;
-
- DPRINTF("BasicModeStatus register write(w) val=0x%04x\n", val);
-
- /* mask unwritable bits */
- val = SET_MASKED(val, 0xff3f, s->BasicModeStatus);
-
- s->BasicModeStatus = val;
-}
-
-static uint32_t rtl8139_BasicModeStatus_read(RTL8139State *s)
-{
- uint32_t ret = s->BasicModeStatus;
-
- DPRINTF("BasicModeStatus register read(w) val=0x%04x\n", ret);
-
- return ret;
-}
-
-static void rtl8139_Cfg9346_write(RTL8139State *s, uint32_t val)
-{
- val &= 0xff;
-
- DPRINTF("Cfg9346 write val=0x%02x\n", val);
-
- /* mask unwritable bits */
- val = SET_MASKED(val, 0x31, s->Cfg9346);
-
- uint32_t opmode = val & 0xc0;
- uint32_t eeprom_val = val & 0xf;
-
- if (opmode == 0x80) {
- /* eeprom access */
- int eecs = (eeprom_val & 0x08)?1:0;
- int eesk = (eeprom_val & 0x04)?1:0;
- int eedi = (eeprom_val & 0x02)?1:0;
- prom9346_set_wire(s, eecs, eesk, eedi);
- } else if (opmode == 0x40) {
- /* Reset. */
- val = 0;
- rtl8139_reset(&s->dev.qdev);
- }
-
- s->Cfg9346 = val;
-}
-
-static uint32_t rtl8139_Cfg9346_read(RTL8139State *s)
-{
- uint32_t ret = s->Cfg9346;
-
- uint32_t opmode = ret & 0xc0;
-
- if (opmode == 0x80)
- {
- /* eeprom access */
- int eedo = prom9346_get_wire(s);
- if (eedo)
- {
- ret |= 0x01;
- }
- else
- {
- ret &= ~0x01;
- }
- }
-
- DPRINTF("Cfg9346 read val=0x%02x\n", ret);
-
- return ret;
-}
-
-static void rtl8139_Config0_write(RTL8139State *s, uint32_t val)
-{
- val &= 0xff;
-
- DPRINTF("Config0 write val=0x%02x\n", val);
-
- if (!rtl8139_config_writable(s)) {
- return;
- }
-
- /* mask unwritable bits */
- val = SET_MASKED(val, 0xf8, s->Config0);
-
- s->Config0 = val;
-}
-
-static uint32_t rtl8139_Config0_read(RTL8139State *s)
-{
- uint32_t ret = s->Config0;
-
- DPRINTF("Config0 read val=0x%02x\n", ret);
-
- return ret;
-}
-
-static void rtl8139_Config1_write(RTL8139State *s, uint32_t val)
-{
- val &= 0xff;
-
- DPRINTF("Config1 write val=0x%02x\n", val);
-
- if (!rtl8139_config_writable(s)) {
- return;
- }
-
- /* mask unwritable bits */
- val = SET_MASKED(val, 0xC, s->Config1);
-
- s->Config1 = val;
-}
-
-static uint32_t rtl8139_Config1_read(RTL8139State *s)
-{
- uint32_t ret = s->Config1;
-
- DPRINTF("Config1 read val=0x%02x\n", ret);
-
- return ret;
-}
-
-static void rtl8139_Config3_write(RTL8139State *s, uint32_t val)
-{
- val &= 0xff;
-
- DPRINTF("Config3 write val=0x%02x\n", val);
-
- if (!rtl8139_config_writable(s)) {
- return;
- }
-
- /* mask unwritable bits */
- val = SET_MASKED(val, 0x8F, s->Config3);
-
- s->Config3 = val;
-}
-
-static uint32_t rtl8139_Config3_read(RTL8139State *s)
-{
- uint32_t ret = s->Config3;
-
- DPRINTF("Config3 read val=0x%02x\n", ret);
-
- return ret;
-}
-
-static void rtl8139_Config4_write(RTL8139State *s, uint32_t val)
-{
- val &= 0xff;
-
- DPRINTF("Config4 write val=0x%02x\n", val);
-
- if (!rtl8139_config_writable(s)) {
- return;
- }
-
- /* mask unwritable bits */
- val = SET_MASKED(val, 0x0a, s->Config4);
-
- s->Config4 = val;
-}
-
-static uint32_t rtl8139_Config4_read(RTL8139State *s)
-{
- uint32_t ret = s->Config4;
-
- DPRINTF("Config4 read val=0x%02x\n", ret);
-
- return ret;
-}
-
-static void rtl8139_Config5_write(RTL8139State *s, uint32_t val)
-{
- val &= 0xff;
-
- DPRINTF("Config5 write val=0x%02x\n", val);
-
- /* mask unwritable bits */
- val = SET_MASKED(val, 0x80, s->Config5);
-
- s->Config5 = val;
-}
-
-static uint32_t rtl8139_Config5_read(RTL8139State *s)
-{
- uint32_t ret = s->Config5;
-
- DPRINTF("Config5 read val=0x%02x\n", ret);
-
- return ret;
-}
-
-static void rtl8139_TxConfig_write(RTL8139State *s, uint32_t val)
-{
- if (!rtl8139_transmitter_enabled(s))
- {
- DPRINTF("transmitter disabled; no TxConfig write val=0x%08x\n", val);
- return;
- }
-
- DPRINTF("TxConfig write val=0x%08x\n", val);
-
- val = SET_MASKED(val, TxVersionMask | 0x8070f80f, s->TxConfig);
-
- s->TxConfig = val;
-}
-
-static void rtl8139_TxConfig_writeb(RTL8139State *s, uint32_t val)
-{
- DPRINTF("RTL8139C TxConfig via write(b) val=0x%02x\n", val);
-
- uint32_t tc = s->TxConfig;
- tc &= 0xFFFFFF00;
- tc |= (val & 0x000000FF);
- rtl8139_TxConfig_write(s, tc);
-}
-
-static uint32_t rtl8139_TxConfig_read(RTL8139State *s)
-{
- uint32_t ret = s->TxConfig;
-
- DPRINTF("TxConfig read val=0x%04x\n", ret);
-
- return ret;
-}
-
-static void rtl8139_RxConfig_write(RTL8139State *s, uint32_t val)
-{
- DPRINTF("RxConfig write val=0x%08x\n", val);
-
- /* mask unwritable bits */
- val = SET_MASKED(val, 0xf0fc0040, s->RxConfig);
-
- s->RxConfig = val;
-
- /* reset buffer size and read/write pointers */
- rtl8139_reset_rxring(s, 8192 << ((s->RxConfig >> 11) & 0x3));
-
- DPRINTF("RxConfig write reset buffer size to %d\n", s->RxBufferSize);
-}
-
-static uint32_t rtl8139_RxConfig_read(RTL8139State *s)
-{
- uint32_t ret = s->RxConfig;
-
- DPRINTF("RxConfig read val=0x%08x\n", ret);
-
- return ret;
-}
-
-static void rtl8139_transfer_frame(RTL8139State *s, uint8_t *buf, int size,
- int do_interrupt, const uint8_t *dot1q_buf)
-{
- struct iovec *iov = NULL;
-
- if (!size)
- {
- DPRINTF("+++ empty ethernet frame\n");
- return;
- }
-
- if (dot1q_buf && size >= ETHER_ADDR_LEN * 2) {
- iov = (struct iovec[3]) {
- { .iov_base = buf, .iov_len = ETHER_ADDR_LEN * 2 },
- { .iov_base = (void *) dot1q_buf, .iov_len = VLAN_HLEN },
- { .iov_base = buf + ETHER_ADDR_LEN * 2,
- .iov_len = size - ETHER_ADDR_LEN * 2 },
- };
- }
-
- if (TxLoopBack == (s->TxConfig & TxLoopBack))
- {
- size_t buf2_size;
- uint8_t *buf2;
-
- if (iov) {
- buf2_size = iov_size(iov, 3);
- buf2 = g_malloc(buf2_size);
- iov_to_buf(iov, 3, 0, buf2, buf2_size);
- buf = buf2;
- }
-
- DPRINTF("+++ transmit loopback mode\n");
- rtl8139_do_receive(&s->nic->nc, buf, size, do_interrupt);
-
- if (iov) {
- g_free(buf2);
- }
- }
- else
- {
- if (iov) {
- qemu_sendv_packet(&s->nic->nc, iov, 3);
- } else {
- qemu_send_packet(&s->nic->nc, buf, size);
- }
- }
-}
-
-static int rtl8139_transmit_one(RTL8139State *s, int descriptor)
-{
- if (!rtl8139_transmitter_enabled(s))
- {
- DPRINTF("+++ cannot transmit from descriptor %d: transmitter "
- "disabled\n", descriptor);
- return 0;
- }
-
- if (s->TxStatus[descriptor] & TxHostOwns)
- {
- DPRINTF("+++ cannot transmit from descriptor %d: owned by host "
- "(%08x)\n", descriptor, s->TxStatus[descriptor]);
- return 0;
- }
-
- DPRINTF("+++ transmitting from descriptor %d\n", descriptor);
-
- int txsize = s->TxStatus[descriptor] & 0x1fff;
- uint8_t txbuffer[0x2000];
-
- DPRINTF("+++ transmit reading %d bytes from host memory at 0x%08x\n",
- txsize, s->TxAddr[descriptor]);
-
- pci_dma_read(&s->dev, s->TxAddr[descriptor], txbuffer, txsize);
-
- /* Mark descriptor as transferred */
- s->TxStatus[descriptor] |= TxHostOwns;
- s->TxStatus[descriptor] |= TxStatOK;
-
- rtl8139_transfer_frame(s, txbuffer, txsize, 0, NULL);
-
- DPRINTF("+++ transmitted %d bytes from descriptor %d\n", txsize,
- descriptor);
-
- /* update interrupt */
- s->IntrStatus |= TxOK;
- rtl8139_update_irq(s);
-
- return 1;
-}
-
-/* structures and macros for task offloading */
-typedef struct ip_header
-{
- uint8_t ip_ver_len; /* version and header length */
- uint8_t ip_tos; /* type of service */
- uint16_t ip_len; /* total length */
- uint16_t ip_id; /* identification */
- uint16_t ip_off; /* fragment offset field */
- uint8_t ip_ttl; /* time to live */
- uint8_t ip_p; /* protocol */
- uint16_t ip_sum; /* checksum */
- uint32_t ip_src,ip_dst; /* source and dest address */
-} ip_header;
-
-#define IP_HEADER_VERSION_4 4
-#define IP_HEADER_VERSION(ip) ((ip->ip_ver_len >> 4)&0xf)
-#define IP_HEADER_LENGTH(ip) (((ip->ip_ver_len)&0xf) << 2)
-
-typedef struct tcp_header
-{
- uint16_t th_sport; /* source port */
- uint16_t th_dport; /* destination port */
- uint32_t th_seq; /* sequence number */
- uint32_t th_ack; /* acknowledgement number */
- uint16_t th_offset_flags; /* data offset, reserved 6 bits, TCP protocol flags */
- uint16_t th_win; /* window */
- uint16_t th_sum; /* checksum */
- uint16_t th_urp; /* urgent pointer */
-} tcp_header;
-
-typedef struct udp_header
-{
- uint16_t uh_sport; /* source port */
- uint16_t uh_dport; /* destination port */
- uint16_t uh_ulen; /* udp length */
- uint16_t uh_sum; /* udp checksum */
-} udp_header;
-
-typedef struct ip_pseudo_header
-{
- uint32_t ip_src;
- uint32_t ip_dst;
- uint8_t zeros;
- uint8_t ip_proto;
- uint16_t ip_payload;
-} ip_pseudo_header;
-
-#define IP_PROTO_TCP 6
-#define IP_PROTO_UDP 17
-
-#define TCP_HEADER_DATA_OFFSET(tcp) (((be16_to_cpu(tcp->th_offset_flags) >> 12)&0xf) << 2)
-#define TCP_FLAGS_ONLY(flags) ((flags)&0x3f)
-#define TCP_HEADER_FLAGS(tcp) TCP_FLAGS_ONLY(be16_to_cpu(tcp->th_offset_flags))
-
-#define TCP_HEADER_CLEAR_FLAGS(tcp, off) ((tcp)->th_offset_flags &= cpu_to_be16(~TCP_FLAGS_ONLY(off)))
-
-#define TCP_FLAG_FIN 0x01
-#define TCP_FLAG_PUSH 0x08
-
-/* produces ones' complement sum of data */
-static uint16_t ones_complement_sum(uint8_t *data, size_t len)
-{
- uint32_t result = 0;
-
- for (; len > 1; data+=2, len-=2)
- {
- result += *(uint16_t*)data;
- }
-
- /* add the remainder byte */
- if (len)
- {
- uint8_t odd[2] = {*data, 0};
- result += *(uint16_t*)odd;
- }
-
- while (result>>16)
- result = (result & 0xffff) + (result >> 16);
-
- return result;
-}
-
-static uint16_t ip_checksum(void *data, size_t len)
-{
- return ~ones_complement_sum((uint8_t*)data, len);
-}
-
-static int rtl8139_cplus_transmit_one(RTL8139State *s)
-{
- if (!rtl8139_transmitter_enabled(s))
- {
- DPRINTF("+++ C+ mode: transmitter disabled\n");
- return 0;
- }
-
- if (!rtl8139_cp_transmitter_enabled(s))
- {
- DPRINTF("+++ C+ mode: C+ transmitter disabled\n");
- return 0 ;
- }
-
- int descriptor = s->currCPlusTxDesc;
-
- dma_addr_t cplus_tx_ring_desc = rtl8139_addr64(s->TxAddr[0], s->TxAddr[1]);
-
- /* Normal priority ring */
- cplus_tx_ring_desc += 16 * descriptor;
-
- DPRINTF("+++ C+ mode reading TX descriptor %d from host memory at "
- "%08x %08x = 0x"DMA_ADDR_FMT"\n", descriptor, s->TxAddr[1],
- s->TxAddr[0], cplus_tx_ring_desc);
-
- uint32_t val, txdw0,txdw1,txbufLO,txbufHI;
-
- pci_dma_read(&s->dev, cplus_tx_ring_desc, (uint8_t *)&val, 4);
- txdw0 = le32_to_cpu(val);
- pci_dma_read(&s->dev, cplus_tx_ring_desc+4, (uint8_t *)&val, 4);
- txdw1 = le32_to_cpu(val);
- pci_dma_read(&s->dev, cplus_tx_ring_desc+8, (uint8_t *)&val, 4);
- txbufLO = le32_to_cpu(val);
- pci_dma_read(&s->dev, cplus_tx_ring_desc+12, (uint8_t *)&val, 4);
- txbufHI = le32_to_cpu(val);
-
- DPRINTF("+++ C+ mode TX descriptor %d %08x %08x %08x %08x\n", descriptor,
- txdw0, txdw1, txbufLO, txbufHI);
-
-/* w0 ownership flag */
-#define CP_TX_OWN (1<<31)
-/* w0 end of ring flag */
-#define CP_TX_EOR (1<<30)
-/* first segment of received packet flag */
-#define CP_TX_FS (1<<29)
-/* last segment of received packet flag */
-#define CP_TX_LS (1<<28)
-/* large send packet flag */
-#define CP_TX_LGSEN (1<<27)
-/* large send MSS mask, bits 16...25 */
-#define CP_TC_LGSEN_MSS_MASK ((1 << 12) - 1)
-
-/* IP checksum offload flag */
-#define CP_TX_IPCS (1<<18)
-/* UDP checksum offload flag */
-#define CP_TX_UDPCS (1<<17)
-/* TCP checksum offload flag */
-#define CP_TX_TCPCS (1<<16)
-
-/* w0 bits 0...15 : buffer size */
-#define CP_TX_BUFFER_SIZE (1<<16)
-#define CP_TX_BUFFER_SIZE_MASK (CP_TX_BUFFER_SIZE - 1)
-/* w1 add tag flag */
-#define CP_TX_TAGC (1<<17)
-/* w1 bits 0...15 : VLAN tag (big endian) */
-#define CP_TX_VLAN_TAG_MASK ((1<<16) - 1)
-/* w2 low 32bit of Rx buffer ptr */
-/* w3 high 32bit of Rx buffer ptr */
-
-/* set after transmission */
-/* FIFO underrun flag */
-#define CP_TX_STATUS_UNF (1<<25)
-/* transmit error summary flag, valid if set any of three below */
-#define CP_TX_STATUS_TES (1<<23)
-/* out-of-window collision flag */
-#define CP_TX_STATUS_OWC (1<<22)
-/* link failure flag */
-#define CP_TX_STATUS_LNKF (1<<21)
-/* excessive collisions flag */
-#define CP_TX_STATUS_EXC (1<<20)
-
- if (!(txdw0 & CP_TX_OWN))
- {
- DPRINTF("C+ Tx mode : descriptor %d is owned by host\n", descriptor);
- return 0 ;
- }
-
- DPRINTF("+++ C+ Tx mode : transmitting from descriptor %d\n", descriptor);
-
- if (txdw0 & CP_TX_FS)
- {
- DPRINTF("+++ C+ Tx mode : descriptor %d is first segment "
- "descriptor\n", descriptor);
-
- /* reset internal buffer offset */
- s->cplus_txbuffer_offset = 0;
- }
-
- int txsize = txdw0 & CP_TX_BUFFER_SIZE_MASK;
- dma_addr_t tx_addr = rtl8139_addr64(txbufLO, txbufHI);
-
- /* make sure we have enough space to assemble the packet */
- if (!s->cplus_txbuffer)
- {
- s->cplus_txbuffer_len = CP_TX_BUFFER_SIZE;
- s->cplus_txbuffer = g_malloc(s->cplus_txbuffer_len);
- s->cplus_txbuffer_offset = 0;
-
- DPRINTF("+++ C+ mode transmission buffer allocated space %d\n",
- s->cplus_txbuffer_len);
- }
-
- if (s->cplus_txbuffer_offset + txsize >= s->cplus_txbuffer_len)
- {
- /* The spec didn't tell the maximum size, stick to CP_TX_BUFFER_SIZE */
- txsize = s->cplus_txbuffer_len - s->cplus_txbuffer_offset;
- DPRINTF("+++ C+ mode transmission buffer overrun, truncated descriptor"
- "length to %d\n", txsize);
- }
-
- if (!s->cplus_txbuffer)
- {
- /* out of memory */
-
- DPRINTF("+++ C+ mode transmiter failed to reallocate %d bytes\n",
- s->cplus_txbuffer_len);
-
- /* update tally counter */
- ++s->tally_counters.TxERR;
- ++s->tally_counters.TxAbt;
-
- return 0;
- }
-
- /* append more data to the packet */
-
- DPRINTF("+++ C+ mode transmit reading %d bytes from host memory at "
- DMA_ADDR_FMT" to offset %d\n", txsize, tx_addr,
- s->cplus_txbuffer_offset);
-
- pci_dma_read(&s->dev, tx_addr,
- s->cplus_txbuffer + s->cplus_txbuffer_offset, txsize);
- s->cplus_txbuffer_offset += txsize;
-
- /* seek to next Rx descriptor */
- if (txdw0 & CP_TX_EOR)
- {
- s->currCPlusTxDesc = 0;
- }
- else
- {
- ++s->currCPlusTxDesc;
- if (s->currCPlusTxDesc >= 64)
- s->currCPlusTxDesc = 0;
- }
-
- /* transfer ownership to target */
- txdw0 &= ~CP_RX_OWN;
-
- /* reset error indicator bits */
- txdw0 &= ~CP_TX_STATUS_UNF;
- txdw0 &= ~CP_TX_STATUS_TES;
- txdw0 &= ~CP_TX_STATUS_OWC;
- txdw0 &= ~CP_TX_STATUS_LNKF;
- txdw0 &= ~CP_TX_STATUS_EXC;
-
- /* update ring data */
- val = cpu_to_le32(txdw0);
- pci_dma_write(&s->dev, cplus_tx_ring_desc, (uint8_t *)&val, 4);
-
- /* Now decide if descriptor being processed is holding the last segment of packet */
- if (txdw0 & CP_TX_LS)
- {
- uint8_t dot1q_buffer_space[VLAN_HLEN];
- uint16_t *dot1q_buffer;
-
- DPRINTF("+++ C+ Tx mode : descriptor %d is last segment descriptor\n",
- descriptor);
-
- /* can transfer fully assembled packet */
-
- uint8_t *saved_buffer = s->cplus_txbuffer;
- int saved_size = s->cplus_txbuffer_offset;
- int saved_buffer_len = s->cplus_txbuffer_len;
-
- /* create vlan tag */
- if (txdw1 & CP_TX_TAGC) {
- /* the vlan tag is in BE byte order in the descriptor
- * BE + le_to_cpu() + ~swap()~ = cpu */
- DPRINTF("+++ C+ Tx mode : inserting vlan tag with ""tci: %u\n",
- bswap16(txdw1 & CP_TX_VLAN_TAG_MASK));
-
- dot1q_buffer = (uint16_t *) dot1q_buffer_space;
- dot1q_buffer[0] = cpu_to_be16(ETH_P_8021Q);
- /* BE + le_to_cpu() + ~cpu_to_le()~ = BE */
- dot1q_buffer[1] = cpu_to_le16(txdw1 & CP_TX_VLAN_TAG_MASK);
- } else {
- dot1q_buffer = NULL;
- }
-
- /* reset the card space to protect from recursive call */
- s->cplus_txbuffer = NULL;
- s->cplus_txbuffer_offset = 0;
- s->cplus_txbuffer_len = 0;
-
- if (txdw0 & (CP_TX_IPCS | CP_TX_UDPCS | CP_TX_TCPCS | CP_TX_LGSEN))
- {
- DPRINTF("+++ C+ mode offloaded task checksum\n");
-
- /* ip packet header */
- ip_header *ip = NULL;
- int hlen = 0;
- uint8_t ip_protocol = 0;
- uint16_t ip_data_len = 0;
-
- uint8_t *eth_payload_data = NULL;
- size_t eth_payload_len = 0;
-
- int proto = be16_to_cpu(*(uint16_t *)(saved_buffer + 12));
- if (proto == ETH_P_IP)
- {
- DPRINTF("+++ C+ mode has IP packet\n");
-
- /* not aligned */
- eth_payload_data = saved_buffer + ETH_HLEN;
- eth_payload_len = saved_size - ETH_HLEN;
-
- ip = (ip_header*)eth_payload_data;
-
- if (IP_HEADER_VERSION(ip) != IP_HEADER_VERSION_4) {
- DPRINTF("+++ C+ mode packet has bad IP version %d "
- "expected %d\n", IP_HEADER_VERSION(ip),
- IP_HEADER_VERSION_4);
- ip = NULL;
- } else {
- hlen = IP_HEADER_LENGTH(ip);
- ip_protocol = ip->ip_p;
- ip_data_len = be16_to_cpu(ip->ip_len) - hlen;
- }
- }
-
- if (ip)
- {
- if (txdw0 & CP_TX_IPCS)
- {
- DPRINTF("+++ C+ mode need IP checksum\n");
-
- if (hlen<sizeof(ip_header) || hlen>eth_payload_len) {/* min header length */
- /* bad packet header len */
- /* or packet too short */
- }
- else
- {
- ip->ip_sum = 0;
- ip->ip_sum = ip_checksum(ip, hlen);
- DPRINTF("+++ C+ mode IP header len=%d checksum=%04x\n",
- hlen, ip->ip_sum);
- }
- }
-
- if ((txdw0 & CP_TX_LGSEN) && ip_protocol == IP_PROTO_TCP)
- {
- int large_send_mss = (txdw0 >> 16) & CP_TC_LGSEN_MSS_MASK;
-
- DPRINTF("+++ C+ mode offloaded task TSO MTU=%d IP data %d "
- "frame data %d specified MSS=%d\n", ETH_MTU,
- ip_data_len, saved_size - ETH_HLEN, large_send_mss);
-
- int tcp_send_offset = 0;
- int send_count = 0;
-
- /* maximum IP header length is 60 bytes */
- uint8_t saved_ip_header[60];
-
- /* save IP header template; data area is used in tcp checksum calculation */
- memcpy(saved_ip_header, eth_payload_data, hlen);
-
- /* a placeholder for checksum calculation routine in tcp case */
- uint8_t *data_to_checksum = eth_payload_data + hlen - 12;
- // size_t data_to_checksum_len = eth_payload_len - hlen + 12;
-
- /* pointer to TCP header */
- tcp_header *p_tcp_hdr = (tcp_header*)(eth_payload_data + hlen);
-
- int tcp_hlen = TCP_HEADER_DATA_OFFSET(p_tcp_hdr);
-
- /* ETH_MTU = ip header len + tcp header len + payload */
- int tcp_data_len = ip_data_len - tcp_hlen;
- int tcp_chunk_size = ETH_MTU - hlen - tcp_hlen;
-
- DPRINTF("+++ C+ mode TSO IP data len %d TCP hlen %d TCP "
- "data len %d TCP chunk size %d\n", ip_data_len,
- tcp_hlen, tcp_data_len, tcp_chunk_size);
-
- /* note the cycle below overwrites IP header data,
- but restores it from saved_ip_header before sending packet */
-
- int is_last_frame = 0;
-
- for (tcp_send_offset = 0; tcp_send_offset < tcp_data_len; tcp_send_offset += tcp_chunk_size)
- {
- uint16_t chunk_size = tcp_chunk_size;
-
- /* check if this is the last frame */
- if (tcp_send_offset + tcp_chunk_size >= tcp_data_len)
- {
- is_last_frame = 1;
- chunk_size = tcp_data_len - tcp_send_offset;
- }
-
- DPRINTF("+++ C+ mode TSO TCP seqno %08x\n",
- be32_to_cpu(p_tcp_hdr->th_seq));
-
- /* add 4 TCP pseudoheader fields */
- /* copy IP source and destination fields */
- memcpy(data_to_checksum, saved_ip_header + 12, 8);
-
- DPRINTF("+++ C+ mode TSO calculating TCP checksum for "
- "packet with %d bytes data\n", tcp_hlen +
- chunk_size);
-
- if (tcp_send_offset)
- {
- memcpy((uint8_t*)p_tcp_hdr + tcp_hlen, (uint8_t*)p_tcp_hdr + tcp_hlen + tcp_send_offset, chunk_size);
- }
-
- /* keep PUSH and FIN flags only for the last frame */
- if (!is_last_frame)
- {
- TCP_HEADER_CLEAR_FLAGS(p_tcp_hdr, TCP_FLAG_PUSH|TCP_FLAG_FIN);
- }
-
- /* recalculate TCP checksum */
- ip_pseudo_header *p_tcpip_hdr = (ip_pseudo_header *)data_to_checksum;
- p_tcpip_hdr->zeros = 0;
- p_tcpip_hdr->ip_proto = IP_PROTO_TCP;
- p_tcpip_hdr->ip_payload = cpu_to_be16(tcp_hlen + chunk_size);
-
- p_tcp_hdr->th_sum = 0;
-
- int tcp_checksum = ip_checksum(data_to_checksum, tcp_hlen + chunk_size + 12);
- DPRINTF("+++ C+ mode TSO TCP checksum %04x\n",
- tcp_checksum);
-
- p_tcp_hdr->th_sum = tcp_checksum;
-
- /* restore IP header */
- memcpy(eth_payload_data, saved_ip_header, hlen);
-
- /* set IP data length and recalculate IP checksum */
- ip->ip_len = cpu_to_be16(hlen + tcp_hlen + chunk_size);
-
- /* increment IP id for subsequent frames */
- ip->ip_id = cpu_to_be16(tcp_send_offset/tcp_chunk_size + be16_to_cpu(ip->ip_id));
-
- ip->ip_sum = 0;
- ip->ip_sum = ip_checksum(eth_payload_data, hlen);
- DPRINTF("+++ C+ mode TSO IP header len=%d "
- "checksum=%04x\n", hlen, ip->ip_sum);
-
- int tso_send_size = ETH_HLEN + hlen + tcp_hlen + chunk_size;
- DPRINTF("+++ C+ mode TSO transferring packet size "
- "%d\n", tso_send_size);
- rtl8139_transfer_frame(s, saved_buffer, tso_send_size,
- 0, (uint8_t *) dot1q_buffer);
-
- /* add transferred count to TCP sequence number */
- p_tcp_hdr->th_seq = cpu_to_be32(chunk_size + be32_to_cpu(p_tcp_hdr->th_seq));
- ++send_count;
- }
-
- /* Stop sending this frame */
- saved_size = 0;
- }
- else if (txdw0 & (CP_TX_TCPCS|CP_TX_UDPCS))
- {
- DPRINTF("+++ C+ mode need TCP or UDP checksum\n");
-
- /* maximum IP header length is 60 bytes */
- uint8_t saved_ip_header[60];
- memcpy(saved_ip_header, eth_payload_data, hlen);
-
- uint8_t *data_to_checksum = eth_payload_data + hlen - 12;
- // size_t data_to_checksum_len = eth_payload_len - hlen + 12;
-
- /* add 4 TCP pseudoheader fields */
- /* copy IP source and destination fields */
- memcpy(data_to_checksum, saved_ip_header + 12, 8);
-
- if ((txdw0 & CP_TX_TCPCS) && ip_protocol == IP_PROTO_TCP)
- {
- DPRINTF("+++ C+ mode calculating TCP checksum for "
- "packet with %d bytes data\n", ip_data_len);
-
- ip_pseudo_header *p_tcpip_hdr = (ip_pseudo_header *)data_to_checksum;
- p_tcpip_hdr->zeros = 0;
- p_tcpip_hdr->ip_proto = IP_PROTO_TCP;
- p_tcpip_hdr->ip_payload = cpu_to_be16(ip_data_len);
-
- tcp_header* p_tcp_hdr = (tcp_header *) (data_to_checksum+12);
-
- p_tcp_hdr->th_sum = 0;
-
- int tcp_checksum = ip_checksum(data_to_checksum, ip_data_len + 12);
- DPRINTF("+++ C+ mode TCP checksum %04x\n",
- tcp_checksum);
-
- p_tcp_hdr->th_sum = tcp_checksum;
- }
- else if ((txdw0 & CP_TX_UDPCS) && ip_protocol == IP_PROTO_UDP)
- {
- DPRINTF("+++ C+ mode calculating UDP checksum for "
- "packet with %d bytes data\n", ip_data_len);
-
- ip_pseudo_header *p_udpip_hdr = (ip_pseudo_header *)data_to_checksum;
- p_udpip_hdr->zeros = 0;
- p_udpip_hdr->ip_proto = IP_PROTO_UDP;
- p_udpip_hdr->ip_payload = cpu_to_be16(ip_data_len);
-
- udp_header *p_udp_hdr = (udp_header *) (data_to_checksum+12);
-
- p_udp_hdr->uh_sum = 0;
-
- int udp_checksum = ip_checksum(data_to_checksum, ip_data_len + 12);
- DPRINTF("+++ C+ mode UDP checksum %04x\n",
- udp_checksum);
-
- p_udp_hdr->uh_sum = udp_checksum;
- }
-
- /* restore IP header */
- memcpy(eth_payload_data, saved_ip_header, hlen);
- }
- }
- }
-
- /* update tally counter */
- ++s->tally_counters.TxOk;
-
- DPRINTF("+++ C+ mode transmitting %d bytes packet\n", saved_size);
-
- rtl8139_transfer_frame(s, saved_buffer, saved_size, 1,
- (uint8_t *) dot1q_buffer);
-
- /* restore card space if there was no recursion and reset offset */
- if (!s->cplus_txbuffer)
- {
- s->cplus_txbuffer = saved_buffer;
- s->cplus_txbuffer_len = saved_buffer_len;
- s->cplus_txbuffer_offset = 0;
- }
- else
- {
- g_free(saved_buffer);
- }
- }
- else
- {
- DPRINTF("+++ C+ mode transmission continue to next descriptor\n");
- }
-
- return 1;
-}
-
-static void rtl8139_cplus_transmit(RTL8139State *s)
-{
- int txcount = 0;
-
- while (rtl8139_cplus_transmit_one(s))
- {
- ++txcount;
- }
-
- /* Mark transfer completed */
- if (!txcount)
- {
- DPRINTF("C+ mode : transmitter queue stalled, current TxDesc = %d\n",
- s->currCPlusTxDesc);
- }
- else
- {
- /* update interrupt status */
- s->IntrStatus |= TxOK;
- rtl8139_update_irq(s);
- }
-}
-
-static void rtl8139_transmit(RTL8139State *s)
-{
- int descriptor = s->currTxDesc, txcount = 0;
-
- /*while*/
- if (rtl8139_transmit_one(s, descriptor))
- {
- ++s->currTxDesc;
- s->currTxDesc %= 4;
- ++txcount;
- }
-
- /* Mark transfer completed */
- if (!txcount)
- {
- DPRINTF("transmitter queue stalled, current TxDesc = %d\n",
- s->currTxDesc);
- }
-}
-
-static void rtl8139_TxStatus_write(RTL8139State *s, uint32_t txRegOffset, uint32_t val)
-{
-
- int descriptor = txRegOffset/4;
-
- /* handle C+ transmit mode register configuration */
-
- if (s->cplus_enabled)
- {
- DPRINTF("RTL8139C+ DTCCR write offset=0x%x val=0x%08x "
- "descriptor=%d\n", txRegOffset, val, descriptor);
-
- /* handle Dump Tally Counters command */
- s->TxStatus[descriptor] = val;
-
- if (descriptor == 0 && (val & 0x8))
- {
- hwaddr tc_addr = rtl8139_addr64(s->TxStatus[0] & ~0x3f, s->TxStatus[1]);
-
- /* dump tally counters to specified memory location */
- RTL8139TallyCounters_dma_write(s, tc_addr);
-
- /* mark dump completed */
- s->TxStatus[0] &= ~0x8;
- }
-
- return;
- }
-
- DPRINTF("TxStatus write offset=0x%x val=0x%08x descriptor=%d\n",
- txRegOffset, val, descriptor);
-
- /* mask only reserved bits */
- val &= ~0xff00c000; /* these bits are reset on write */
- val = SET_MASKED(val, 0x00c00000, s->TxStatus[descriptor]);
-
- s->TxStatus[descriptor] = val;
-
- /* attempt to start transmission */
- rtl8139_transmit(s);
-}
-
-static uint32_t rtl8139_TxStatus_TxAddr_read(RTL8139State *s, uint32_t regs[],
- uint32_t base, uint8_t addr,
- int size)
-{
- uint32_t reg = (addr - base) / 4;
- uint32_t offset = addr & 0x3;
- uint32_t ret = 0;
-
- if (addr & (size - 1)) {
- DPRINTF("not implemented read for TxStatus/TxAddr "
- "addr=0x%x size=0x%x\n", addr, size);
- return ret;
- }
-
- switch (size) {
- case 1: /* fall through */
- case 2: /* fall through */
- case 4:
- ret = (regs[reg] >> offset * 8) & (((uint64_t)1 << (size * 8)) - 1);
- DPRINTF("TxStatus/TxAddr[%d] read addr=0x%x size=0x%x val=0x%08x\n",
- reg, addr, size, ret);
- break;
- default:
- DPRINTF("unsupported size 0x%x of TxStatus/TxAddr reading\n", size);
- break;
- }
-
- return ret;
-}
-
-static uint16_t rtl8139_TSAD_read(RTL8139State *s)
-{
- uint16_t ret = 0;
-
- /* Simulate TSAD, it is read only anyway */
-
- ret = ((s->TxStatus[3] & TxStatOK )?TSAD_TOK3:0)
- |((s->TxStatus[2] & TxStatOK )?TSAD_TOK2:0)
- |((s->TxStatus[1] & TxStatOK )?TSAD_TOK1:0)
- |((s->TxStatus[0] & TxStatOK )?TSAD_TOK0:0)
-
- |((s->TxStatus[3] & TxUnderrun)?TSAD_TUN3:0)
- |((s->TxStatus[2] & TxUnderrun)?TSAD_TUN2:0)
- |((s->TxStatus[1] & TxUnderrun)?TSAD_TUN1:0)
- |((s->TxStatus[0] & TxUnderrun)?TSAD_TUN0:0)
-
- |((s->TxStatus[3] & TxAborted )?TSAD_TABT3:0)
- |((s->TxStatus[2] & TxAborted )?TSAD_TABT2:0)
- |((s->TxStatus[1] & TxAborted )?TSAD_TABT1:0)
- |((s->TxStatus[0] & TxAborted )?TSAD_TABT0:0)
-
- |((s->TxStatus[3] & TxHostOwns )?TSAD_OWN3:0)
- |((s->TxStatus[2] & TxHostOwns )?TSAD_OWN2:0)
- |((s->TxStatus[1] & TxHostOwns )?TSAD_OWN1:0)
- |((s->TxStatus[0] & TxHostOwns )?TSAD_OWN0:0) ;
-
-
- DPRINTF("TSAD read val=0x%04x\n", ret);
-
- return ret;
-}
-
-static uint16_t rtl8139_CSCR_read(RTL8139State *s)
-{
- uint16_t ret = s->CSCR;
-
- DPRINTF("CSCR read val=0x%04x\n", ret);
-
- return ret;
-}
-
-static void rtl8139_TxAddr_write(RTL8139State *s, uint32_t txAddrOffset, uint32_t val)
-{
- DPRINTF("TxAddr write offset=0x%x val=0x%08x\n", txAddrOffset, val);
-
- s->TxAddr[txAddrOffset/4] = val;
-}
-
-static uint32_t rtl8139_TxAddr_read(RTL8139State *s, uint32_t txAddrOffset)
-{
- uint32_t ret = s->TxAddr[txAddrOffset/4];
-
- DPRINTF("TxAddr read offset=0x%x val=0x%08x\n", txAddrOffset, ret);
-
- return ret;
-}
-
-static void rtl8139_RxBufPtr_write(RTL8139State *s, uint32_t val)
-{
- DPRINTF("RxBufPtr write val=0x%04x\n", val);
-
- /* this value is off by 16 */
- s->RxBufPtr = MOD2(val + 0x10, s->RxBufferSize);
-
- DPRINTF(" CAPR write: rx buffer length %d head 0x%04x read 0x%04x\n",
- s->RxBufferSize, s->RxBufAddr, s->RxBufPtr);
-}
-
-static uint32_t rtl8139_RxBufPtr_read(RTL8139State *s)
-{
- /* this value is off by 16 */
- uint32_t ret = s->RxBufPtr - 0x10;
-
- DPRINTF("RxBufPtr read val=0x%04x\n", ret);
-
- return ret;
-}
-
-static uint32_t rtl8139_RxBufAddr_read(RTL8139State *s)
-{
- /* this value is NOT off by 16 */
- uint32_t ret = s->RxBufAddr;
-
- DPRINTF("RxBufAddr read val=0x%04x\n", ret);
-
- return ret;
-}
-
-static void rtl8139_RxBuf_write(RTL8139State *s, uint32_t val)
-{
- DPRINTF("RxBuf write val=0x%08x\n", val);
-
- s->RxBuf = val;
-
- /* may need to reset rxring here */
-}
-
-static uint32_t rtl8139_RxBuf_read(RTL8139State *s)
-{
- uint32_t ret = s->RxBuf;
-
- DPRINTF("RxBuf read val=0x%08x\n", ret);
-
- return ret;
-}
-
-static void rtl8139_IntrMask_write(RTL8139State *s, uint32_t val)
-{
- DPRINTF("IntrMask write(w) val=0x%04x\n", val);
-
- /* mask unwritable bits */
- val = SET_MASKED(val, 0x1e00, s->IntrMask);
-
- s->IntrMask = val;
-
- rtl8139_set_next_tctr_time(s, qemu_get_clock_ns(vm_clock));
- rtl8139_update_irq(s);
-
-}
-
-static uint32_t rtl8139_IntrMask_read(RTL8139State *s)
-{
- uint32_t ret = s->IntrMask;
-
- DPRINTF("IntrMask read(w) val=0x%04x\n", ret);
-
- return ret;
-}
-
-static void rtl8139_IntrStatus_write(RTL8139State *s, uint32_t val)
-{
- DPRINTF("IntrStatus write(w) val=0x%04x\n", val);
-
-#if 0
-
- /* writing to ISR has no effect */
-
- return;
-
-#else
- uint16_t newStatus = s->IntrStatus & ~val;
-
- /* mask unwritable bits */
- newStatus = SET_MASKED(newStatus, 0x1e00, s->IntrStatus);
-
- /* writing 1 to interrupt status register bit clears it */
- s->IntrStatus = 0;
- rtl8139_update_irq(s);
-
- s->IntrStatus = newStatus;
- /*
- * Computing if we miss an interrupt here is not that correct but
- * considered that we should have had already an interrupt
- * and probably emulated is slower is better to assume this resetting was
- * done before testing on previous rtl8139_update_irq lead to IRQ losing
- */
- rtl8139_set_next_tctr_time(s, qemu_get_clock_ns(vm_clock));
- rtl8139_update_irq(s);
-
-#endif
-}
-
-static uint32_t rtl8139_IntrStatus_read(RTL8139State *s)
-{
- rtl8139_set_next_tctr_time(s, qemu_get_clock_ns(vm_clock));
-
- uint32_t ret = s->IntrStatus;
-
- DPRINTF("IntrStatus read(w) val=0x%04x\n", ret);
-
-#if 0
-
- /* reading ISR clears all interrupts */
- s->IntrStatus = 0;
-
- rtl8139_update_irq(s);
-
-#endif
-
- return ret;
-}
-
-static void rtl8139_MultiIntr_write(RTL8139State *s, uint32_t val)
-{
- DPRINTF("MultiIntr write(w) val=0x%04x\n", val);
-
- /* mask unwritable bits */
- val = SET_MASKED(val, 0xf000, s->MultiIntr);
-
- s->MultiIntr = val;
-}
-
-static uint32_t rtl8139_MultiIntr_read(RTL8139State *s)
-{
- uint32_t ret = s->MultiIntr;
-
- DPRINTF("MultiIntr read(w) val=0x%04x\n", ret);
-
- return ret;
-}
-
-static void rtl8139_io_writeb(void *opaque, uint8_t addr, uint32_t val)
-{
- RTL8139State *s = opaque;
-
- switch (addr)
- {
- case MAC0 ... MAC0+5:
- s->phys[addr - MAC0] = val;
- break;
- case MAC0+6 ... MAC0+7:
- /* reserved */
- break;
- case MAR0 ... MAR0+7:
- s->mult[addr - MAR0] = val;
- break;
- case ChipCmd:
- rtl8139_ChipCmd_write(s, val);
- break;
- case Cfg9346:
- rtl8139_Cfg9346_write(s, val);
- break;
- case TxConfig: /* windows driver sometimes writes using byte-lenth call */
- rtl8139_TxConfig_writeb(s, val);
- break;
- case Config0:
- rtl8139_Config0_write(s, val);
- break;
- case Config1:
- rtl8139_Config1_write(s, val);
- break;
- case Config3:
- rtl8139_Config3_write(s, val);
- break;
- case Config4:
- rtl8139_Config4_write(s, val);
- break;
- case Config5:
- rtl8139_Config5_write(s, val);
- break;
- case MediaStatus:
- /* ignore */
- DPRINTF("not implemented write(b) to MediaStatus val=0x%02x\n",
- val);
- break;
-
- case HltClk:
- DPRINTF("HltClk write val=0x%08x\n", val);
- if (val == 'R')
- {
- s->clock_enabled = 1;
- }
- else if (val == 'H')
- {
- s->clock_enabled = 0;
- }
- break;
-
- case TxThresh:
- DPRINTF("C+ TxThresh write(b) val=0x%02x\n", val);
- s->TxThresh = val;
- break;
-
- case TxPoll:
- DPRINTF("C+ TxPoll write(b) val=0x%02x\n", val);
- if (val & (1 << 7))
- {
- DPRINTF("C+ TxPoll high priority transmission (not "
- "implemented)\n");
- //rtl8139_cplus_transmit(s);
- }
- if (val & (1 << 6))
- {
- DPRINTF("C+ TxPoll normal priority transmission\n");
- rtl8139_cplus_transmit(s);
- }
-
- break;
-
- default:
- DPRINTF("not implemented write(b) addr=0x%x val=0x%02x\n", addr,
- val);
- break;
- }
-}
-
-static void rtl8139_io_writew(void *opaque, uint8_t addr, uint32_t val)
-{
- RTL8139State *s = opaque;
-
- switch (addr)
- {
- case IntrMask:
- rtl8139_IntrMask_write(s, val);
- break;
-
- case IntrStatus:
- rtl8139_IntrStatus_write(s, val);
- break;
-
- case MultiIntr:
- rtl8139_MultiIntr_write(s, val);
- break;
-
- case RxBufPtr:
- rtl8139_RxBufPtr_write(s, val);
- break;
-
- case BasicModeCtrl:
- rtl8139_BasicModeCtrl_write(s, val);
- break;
- case BasicModeStatus:
- rtl8139_BasicModeStatus_write(s, val);
- break;
- case NWayAdvert:
- DPRINTF("NWayAdvert write(w) val=0x%04x\n", val);
- s->NWayAdvert = val;
- break;
- case NWayLPAR:
- DPRINTF("forbidden NWayLPAR write(w) val=0x%04x\n", val);
- break;
- case NWayExpansion:
- DPRINTF("NWayExpansion write(w) val=0x%04x\n", val);
- s->NWayExpansion = val;
- break;
-
- case CpCmd:
- rtl8139_CpCmd_write(s, val);
- break;
-
- case IntrMitigate:
- rtl8139_IntrMitigate_write(s, val);
- break;
-
- default:
- DPRINTF("ioport write(w) addr=0x%x val=0x%04x via write(b)\n",
- addr, val);
-
- rtl8139_io_writeb(opaque, addr, val & 0xff);
- rtl8139_io_writeb(opaque, addr + 1, (val >> 8) & 0xff);
- break;
- }
-}
-
-static void rtl8139_set_next_tctr_time(RTL8139State *s, int64_t current_time)
-{
- int64_t pci_time, next_time;
- uint32_t low_pci;
-
- DPRINTF("entered rtl8139_set_next_tctr_time\n");
-
- if (s->TimerExpire && current_time >= s->TimerExpire) {
- s->IntrStatus |= PCSTimeout;
- rtl8139_update_irq(s);
- }
-
- /* Set QEMU timer only if needed that is
- * - TimerInt <> 0 (we have a timer)
- * - mask = 1 (we want an interrupt timer)
- * - irq = 0 (irq is not already active)
- * If any of above change we need to compute timer again
- * Also we must check if timer is passed without QEMU timer
- */
- s->TimerExpire = 0;
- if (!s->TimerInt) {
- return;
- }
-
- pci_time = muldiv64(current_time - s->TCTR_base, PCI_FREQUENCY,
- get_ticks_per_sec());
- low_pci = pci_time & 0xffffffff;
- pci_time = pci_time - low_pci + s->TimerInt;
- if (low_pci >= s->TimerInt) {
- pci_time += 0x100000000LL;
- }
- next_time = s->TCTR_base + muldiv64(pci_time, get_ticks_per_sec(),
- PCI_FREQUENCY);
- s->TimerExpire = next_time;
-
- if ((s->IntrMask & PCSTimeout) != 0 && (s->IntrStatus & PCSTimeout) == 0) {
- qemu_mod_timer(s->timer, next_time);
- }
-}
-
-static void rtl8139_io_writel(void *opaque, uint8_t addr, uint32_t val)
-{
- RTL8139State *s = opaque;
-
- switch (addr)
- {
- case RxMissed:
- DPRINTF("RxMissed clearing on write\n");
- s->RxMissed = 0;
- break;
-
- case TxConfig:
- rtl8139_TxConfig_write(s, val);
- break;
-
- case RxConfig:
- rtl8139_RxConfig_write(s, val);
- break;
-
- case TxStatus0 ... TxStatus0+4*4-1:
- rtl8139_TxStatus_write(s, addr-TxStatus0, val);
- break;
-
- case TxAddr0 ... TxAddr0+4*4-1:
- rtl8139_TxAddr_write(s, addr-TxAddr0, val);
- break;
-
- case RxBuf:
- rtl8139_RxBuf_write(s, val);
- break;
-
- case RxRingAddrLO:
- DPRINTF("C+ RxRing low bits write val=0x%08x\n", val);
- s->RxRingAddrLO = val;
- break;
-
- case RxRingAddrHI:
- DPRINTF("C+ RxRing high bits write val=0x%08x\n", val);
- s->RxRingAddrHI = val;
- break;
-
- case Timer:
- DPRINTF("TCTR Timer reset on write\n");
- s->TCTR_base = qemu_get_clock_ns(vm_clock);
- rtl8139_set_next_tctr_time(s, s->TCTR_base);
- break;
-
- case FlashReg:
- DPRINTF("FlashReg TimerInt write val=0x%08x\n", val);
- if (s->TimerInt != val) {
- s->TimerInt = val;
- rtl8139_set_next_tctr_time(s, qemu_get_clock_ns(vm_clock));
- }
- break;
-
- default:
- DPRINTF("ioport write(l) addr=0x%x val=0x%08x via write(b)\n",
- addr, val);
- rtl8139_io_writeb(opaque, addr, val & 0xff);
- rtl8139_io_writeb(opaque, addr + 1, (val >> 8) & 0xff);
- rtl8139_io_writeb(opaque, addr + 2, (val >> 16) & 0xff);
- rtl8139_io_writeb(opaque, addr + 3, (val >> 24) & 0xff);
- break;
- }
-}
-
-static uint32_t rtl8139_io_readb(void *opaque, uint8_t addr)
-{
- RTL8139State *s = opaque;
- int ret;
-
- switch (addr)
- {
- case MAC0 ... MAC0+5:
- ret = s->phys[addr - MAC0];
- break;
- case MAC0+6 ... MAC0+7:
- ret = 0;
- break;
- case MAR0 ... MAR0+7:
- ret = s->mult[addr - MAR0];
- break;
- case TxStatus0 ... TxStatus0+4*4-1:
- ret = rtl8139_TxStatus_TxAddr_read(s, s->TxStatus, TxStatus0,
- addr, 1);
- break;
- case ChipCmd:
- ret = rtl8139_ChipCmd_read(s);
- break;
- case Cfg9346:
- ret = rtl8139_Cfg9346_read(s);
- break;
- case Config0:
- ret = rtl8139_Config0_read(s);
- break;
- case Config1:
- ret = rtl8139_Config1_read(s);
- break;
- case Config3:
- ret = rtl8139_Config3_read(s);
- break;
- case Config4:
- ret = rtl8139_Config4_read(s);
- break;
- case Config5:
- ret = rtl8139_Config5_read(s);
- break;
-
- case MediaStatus:
- /* The LinkDown bit of MediaStatus is inverse with link status */
- ret = 0xd0 | (~s->BasicModeStatus & 0x04);
- DPRINTF("MediaStatus read 0x%x\n", ret);
- break;
-
- case HltClk:
- ret = s->clock_enabled;
- DPRINTF("HltClk read 0x%x\n", ret);
- break;
-
- case PCIRevisionID:
- ret = RTL8139_PCI_REVID;
- DPRINTF("PCI Revision ID read 0x%x\n", ret);
- break;
-
- case TxThresh:
- ret = s->TxThresh;
- DPRINTF("C+ TxThresh read(b) val=0x%02x\n", ret);
- break;
-
- case 0x43: /* Part of TxConfig register. Windows driver tries to read it */
- ret = s->TxConfig >> 24;
- DPRINTF("RTL8139C TxConfig at 0x43 read(b) val=0x%02x\n", ret);
- break;
-
- default:
- DPRINTF("not implemented read(b) addr=0x%x\n", addr);
- ret = 0;
- break;
- }
-
- return ret;
-}
-
-static uint32_t rtl8139_io_readw(void *opaque, uint8_t addr)
-{
- RTL8139State *s = opaque;
- uint32_t ret;
-
- switch (addr)
- {
- case TxAddr0 ... TxAddr0+4*4-1:
- ret = rtl8139_TxStatus_TxAddr_read(s, s->TxAddr, TxAddr0, addr, 2);
- break;
- case IntrMask:
- ret = rtl8139_IntrMask_read(s);
- break;
-
- case IntrStatus:
- ret = rtl8139_IntrStatus_read(s);
- break;
-
- case MultiIntr:
- ret = rtl8139_MultiIntr_read(s);
- break;
-
- case RxBufPtr:
- ret = rtl8139_RxBufPtr_read(s);
- break;
-
- case RxBufAddr:
- ret = rtl8139_RxBufAddr_read(s);
- break;
-
- case BasicModeCtrl:
- ret = rtl8139_BasicModeCtrl_read(s);
- break;
- case BasicModeStatus:
- ret = rtl8139_BasicModeStatus_read(s);
- break;
- case NWayAdvert:
- ret = s->NWayAdvert;
- DPRINTF("NWayAdvert read(w) val=0x%04x\n", ret);
- break;
- case NWayLPAR:
- ret = s->NWayLPAR;
- DPRINTF("NWayLPAR read(w) val=0x%04x\n", ret);
- break;
- case NWayExpansion:
- ret = s->NWayExpansion;
- DPRINTF("NWayExpansion read(w) val=0x%04x\n", ret);
- break;
-
- case CpCmd:
- ret = rtl8139_CpCmd_read(s);
- break;
-
- case IntrMitigate:
- ret = rtl8139_IntrMitigate_read(s);
- break;
-
- case TxSummary:
- ret = rtl8139_TSAD_read(s);
- break;
-
- case CSCR:
- ret = rtl8139_CSCR_read(s);
- break;
-
- default:
- DPRINTF("ioport read(w) addr=0x%x via read(b)\n", addr);
-
- ret = rtl8139_io_readb(opaque, addr);
- ret |= rtl8139_io_readb(opaque, addr + 1) << 8;
-
- DPRINTF("ioport read(w) addr=0x%x val=0x%04x\n", addr, ret);
- break;
- }
-
- return ret;
-}
-
-static uint32_t rtl8139_io_readl(void *opaque, uint8_t addr)
-{
- RTL8139State *s = opaque;
- uint32_t ret;
-
- switch (addr)
- {
- case RxMissed:
- ret = s->RxMissed;
-
- DPRINTF("RxMissed read val=0x%08x\n", ret);
- break;
-
- case TxConfig:
- ret = rtl8139_TxConfig_read(s);
- break;
-
- case RxConfig:
- ret = rtl8139_RxConfig_read(s);
- break;
-
- case TxStatus0 ... TxStatus0+4*4-1:
- ret = rtl8139_TxStatus_TxAddr_read(s, s->TxStatus, TxStatus0,
- addr, 4);
- break;
-
- case TxAddr0 ... TxAddr0+4*4-1:
- ret = rtl8139_TxAddr_read(s, addr-TxAddr0);
- break;
-
- case RxBuf:
- ret = rtl8139_RxBuf_read(s);
- break;
-
- case RxRingAddrLO:
- ret = s->RxRingAddrLO;
- DPRINTF("C+ RxRing low bits read val=0x%08x\n", ret);
- break;
-
- case RxRingAddrHI:
- ret = s->RxRingAddrHI;
- DPRINTF("C+ RxRing high bits read val=0x%08x\n", ret);
- break;
-
- case Timer:
- ret = muldiv64(qemu_get_clock_ns(vm_clock) - s->TCTR_base,
- PCI_FREQUENCY, get_ticks_per_sec());
- DPRINTF("TCTR Timer read val=0x%08x\n", ret);
- break;
-
- case FlashReg:
- ret = s->TimerInt;
- DPRINTF("FlashReg TimerInt read val=0x%08x\n", ret);
- break;
-
- default:
- DPRINTF("ioport read(l) addr=0x%x via read(b)\n", addr);
-
- ret = rtl8139_io_readb(opaque, addr);
- ret |= rtl8139_io_readb(opaque, addr + 1) << 8;
- ret |= rtl8139_io_readb(opaque, addr + 2) << 16;
- ret |= rtl8139_io_readb(opaque, addr + 3) << 24;
-
- DPRINTF("read(l) addr=0x%x val=%08x\n", addr, ret);
- break;
- }
-
- return ret;
-}
-
-/* */
-
-static void rtl8139_mmio_writeb(void *opaque, hwaddr addr, uint32_t val)
-{
- rtl8139_io_writeb(opaque, addr & 0xFF, val);
-}
-
-static void rtl8139_mmio_writew(void *opaque, hwaddr addr, uint32_t val)
-{
- rtl8139_io_writew(opaque, addr & 0xFF, val);
-}
-
-static void rtl8139_mmio_writel(void *opaque, hwaddr addr, uint32_t val)
-{
- rtl8139_io_writel(opaque, addr & 0xFF, val);
-}
-
-static uint32_t rtl8139_mmio_readb(void *opaque, hwaddr addr)
-{
- return rtl8139_io_readb(opaque, addr & 0xFF);
-}
-
-static uint32_t rtl8139_mmio_readw(void *opaque, hwaddr addr)
-{
- uint32_t val = rtl8139_io_readw(opaque, addr & 0xFF);
- return val;
-}
-
-static uint32_t rtl8139_mmio_readl(void *opaque, hwaddr addr)
-{
- uint32_t val = rtl8139_io_readl(opaque, addr & 0xFF);
- return val;
-}
-
-static int rtl8139_post_load(void *opaque, int version_id)
-{
- RTL8139State* s = opaque;
- rtl8139_set_next_tctr_time(s, qemu_get_clock_ns(vm_clock));
- if (version_id < 4) {
- s->cplus_enabled = s->CpCmd != 0;
- }
-
- /* nc.link_down can't be migrated, so infer link_down according
- * to link status bit in BasicModeStatus */
- s->nic->nc.link_down = (s->BasicModeStatus & 0x04) == 0;
-
- return 0;
-}
-
-static bool rtl8139_hotplug_ready_needed(void *opaque)
-{
- return qdev_machine_modified();
-}
-
-static const VMStateDescription vmstate_rtl8139_hotplug_ready ={
- .name = "rtl8139/hotplug_ready",
- .version_id = 1,
- .minimum_version_id = 1,
- .minimum_version_id_old = 1,
- .fields = (VMStateField []) {
- VMSTATE_END_OF_LIST()
- }
-};
-
-static void rtl8139_pre_save(void *opaque)
-{
- RTL8139State* s = opaque;
- int64_t current_time = qemu_get_clock_ns(vm_clock);
-
- /* set IntrStatus correctly */
- rtl8139_set_next_tctr_time(s, current_time);
- s->TCTR = muldiv64(current_time - s->TCTR_base, PCI_FREQUENCY,
- get_ticks_per_sec());
- s->rtl8139_mmio_io_addr_dummy = 0;
-}
-
-static const VMStateDescription vmstate_rtl8139 = {
- .name = "rtl8139",
- .version_id = 4,
- .minimum_version_id = 3,
- .minimum_version_id_old = 3,
- .post_load = rtl8139_post_load,
- .pre_save = rtl8139_pre_save,
- .fields = (VMStateField []) {
- VMSTATE_PCI_DEVICE(dev, RTL8139State),
- VMSTATE_PARTIAL_BUFFER(phys, RTL8139State, 6),
- VMSTATE_BUFFER(mult, RTL8139State),
- VMSTATE_UINT32_ARRAY(TxStatus, RTL8139State, 4),
- VMSTATE_UINT32_ARRAY(TxAddr, RTL8139State, 4),
-
- VMSTATE_UINT32(RxBuf, RTL8139State),
- VMSTATE_UINT32(RxBufferSize, RTL8139State),
- VMSTATE_UINT32(RxBufPtr, RTL8139State),
- VMSTATE_UINT32(RxBufAddr, RTL8139State),
-
- VMSTATE_UINT16(IntrStatus, RTL8139State),
- VMSTATE_UINT16(IntrMask, RTL8139State),
-
- VMSTATE_UINT32(TxConfig, RTL8139State),
- VMSTATE_UINT32(RxConfig, RTL8139State),
- VMSTATE_UINT32(RxMissed, RTL8139State),
- VMSTATE_UINT16(CSCR, RTL8139State),
-
- VMSTATE_UINT8(Cfg9346, RTL8139State),
- VMSTATE_UINT8(Config0, RTL8139State),
- VMSTATE_UINT8(Config1, RTL8139State),
- VMSTATE_UINT8(Config3, RTL8139State),
- VMSTATE_UINT8(Config4, RTL8139State),
- VMSTATE_UINT8(Config5, RTL8139State),
-
- VMSTATE_UINT8(clock_enabled, RTL8139State),
- VMSTATE_UINT8(bChipCmdState, RTL8139State),
-
- VMSTATE_UINT16(MultiIntr, RTL8139State),
-
- VMSTATE_UINT16(BasicModeCtrl, RTL8139State),
- VMSTATE_UINT16(BasicModeStatus, RTL8139State),
- VMSTATE_UINT16(NWayAdvert, RTL8139State),
- VMSTATE_UINT16(NWayLPAR, RTL8139State),
- VMSTATE_UINT16(NWayExpansion, RTL8139State),
-
- VMSTATE_UINT16(CpCmd, RTL8139State),
- VMSTATE_UINT8(TxThresh, RTL8139State),
-
- VMSTATE_UNUSED(4),
- VMSTATE_MACADDR(conf.macaddr, RTL8139State),
- VMSTATE_INT32(rtl8139_mmio_io_addr_dummy, RTL8139State),
-
- VMSTATE_UINT32(currTxDesc, RTL8139State),
- VMSTATE_UINT32(currCPlusRxDesc, RTL8139State),
- VMSTATE_UINT32(currCPlusTxDesc, RTL8139State),
- VMSTATE_UINT32(RxRingAddrLO, RTL8139State),
- VMSTATE_UINT32(RxRingAddrHI, RTL8139State),
-
- VMSTATE_UINT16_ARRAY(eeprom.contents, RTL8139State, EEPROM_9346_SIZE),
- VMSTATE_INT32(eeprom.mode, RTL8139State),
- VMSTATE_UINT32(eeprom.tick, RTL8139State),
- VMSTATE_UINT8(eeprom.address, RTL8139State),
- VMSTATE_UINT16(eeprom.input, RTL8139State),
- VMSTATE_UINT16(eeprom.output, RTL8139State),
-
- VMSTATE_UINT8(eeprom.eecs, RTL8139State),
- VMSTATE_UINT8(eeprom.eesk, RTL8139State),
- VMSTATE_UINT8(eeprom.eedi, RTL8139State),
- VMSTATE_UINT8(eeprom.eedo, RTL8139State),
-
- VMSTATE_UINT32(TCTR, RTL8139State),
- VMSTATE_UINT32(TimerInt, RTL8139State),
- VMSTATE_INT64(TCTR_base, RTL8139State),
-
- VMSTATE_STRUCT(tally_counters, RTL8139State, 0,
- vmstate_tally_counters, RTL8139TallyCounters),
-
- VMSTATE_UINT32_V(cplus_enabled, RTL8139State, 4),
- VMSTATE_END_OF_LIST()
- },
- .subsections = (VMStateSubsection []) {
- {
- .vmsd = &vmstate_rtl8139_hotplug_ready,
- .needed = rtl8139_hotplug_ready_needed,
- }, {
- /* empty */
- }
- }
-};
-
-/***********************************************************/
-/* PCI RTL8139 definitions */
-
-static void rtl8139_ioport_write(void *opaque, hwaddr addr,
- uint64_t val, unsigned size)
-{
- switch (size) {
- case 1:
- rtl8139_io_writeb(opaque, addr, val);
- break;
- case 2:
- rtl8139_io_writew(opaque, addr, val);
- break;
- case 4:
- rtl8139_io_writel(opaque, addr, val);
- break;
- }
-}
-
-static uint64_t rtl8139_ioport_read(void *opaque, hwaddr addr,
- unsigned size)
-{
- switch (size) {
- case 1:
- return rtl8139_io_readb(opaque, addr);
- case 2:
- return rtl8139_io_readw(opaque, addr);
- case 4:
- return rtl8139_io_readl(opaque, addr);
- }
-
- return -1;
-}
-
-static const MemoryRegionOps rtl8139_io_ops = {
- .read = rtl8139_ioport_read,
- .write = rtl8139_ioport_write,
- .impl = {
- .min_access_size = 1,
- .max_access_size = 4,
- },
- .endianness = DEVICE_LITTLE_ENDIAN,
-};
-
-static const MemoryRegionOps rtl8139_mmio_ops = {
- .old_mmio = {
- .read = {
- rtl8139_mmio_readb,
- rtl8139_mmio_readw,
- rtl8139_mmio_readl,
- },
- .write = {
- rtl8139_mmio_writeb,
- rtl8139_mmio_writew,
- rtl8139_mmio_writel,
- },
- },
- .endianness = DEVICE_LITTLE_ENDIAN,
-};
-
-static void rtl8139_timer(void *opaque)
-{
- RTL8139State *s = opaque;
-
- if (!s->clock_enabled)
- {
- DPRINTF(">>> timer: clock is not running\n");
- return;
- }
-
- s->IntrStatus |= PCSTimeout;
- rtl8139_update_irq(s);
- rtl8139_set_next_tctr_time(s, qemu_get_clock_ns(vm_clock));
-}
-
-static void rtl8139_cleanup(NetClientState *nc)
-{
- RTL8139State *s = DO_UPCAST(NICState, nc, nc)->opaque;
-
- s->nic = NULL;
-}
-
-static void pci_rtl8139_uninit(PCIDevice *dev)
-{
- RTL8139State *s = DO_UPCAST(RTL8139State, dev, dev);
-
- memory_region_destroy(&s->bar_io);
- memory_region_destroy(&s->bar_mem);
- if (s->cplus_txbuffer) {
- g_free(s->cplus_txbuffer);
- s->cplus_txbuffer = NULL;
- }
- qemu_del_timer(s->timer);
- qemu_free_timer(s->timer);
- qemu_del_net_client(&s->nic->nc);
-}
-
-static void rtl8139_set_link_status(NetClientState *nc)
-{
- RTL8139State *s = DO_UPCAST(NICState, nc, nc)->opaque;
-
- if (nc->link_down) {
- s->BasicModeStatus &= ~0x04;
- } else {
- s->BasicModeStatus |= 0x04;
- }
-
- s->IntrStatus |= RxUnderrun;
- rtl8139_update_irq(s);
-}
-
-static NetClientInfo net_rtl8139_info = {
- .type = NET_CLIENT_OPTIONS_KIND_NIC,
- .size = sizeof(NICState),
- .can_receive = rtl8139_can_receive,
- .receive = rtl8139_receive,
- .cleanup = rtl8139_cleanup,
- .link_status_changed = rtl8139_set_link_status,
-};
-
-static int pci_rtl8139_init(PCIDevice *dev)
-{
- RTL8139State * s = DO_UPCAST(RTL8139State, dev, dev);
- uint8_t *pci_conf;
-
- pci_conf = s->dev.config;
- pci_conf[PCI_INTERRUPT_PIN] = 1; /* interrupt pin A */
- /* TODO: start of capability list, but no capability
- * list bit in status register, and offset 0xdc seems unused. */
- pci_conf[PCI_CAPABILITY_LIST] = 0xdc;
-
- memory_region_init_io(&s->bar_io, &rtl8139_io_ops, s, "rtl8139", 0x100);
- memory_region_init_io(&s->bar_mem, &rtl8139_mmio_ops, s, "rtl8139", 0x100);
- pci_register_bar(&s->dev, 0, PCI_BASE_ADDRESS_SPACE_IO, &s->bar_io);
- pci_register_bar(&s->dev, 1, PCI_BASE_ADDRESS_SPACE_MEMORY, &s->bar_mem);
-
- qemu_macaddr_default_if_unset(&s->conf.macaddr);
-
- /* prepare eeprom */
- s->eeprom.contents[0] = 0x8129;
-#if 1
- /* PCI vendor and device ID should be mirrored here */
- s->eeprom.contents[1] = PCI_VENDOR_ID_REALTEK;
- s->eeprom.contents[2] = PCI_DEVICE_ID_REALTEK_8139;
-#endif
- s->eeprom.contents[7] = s->conf.macaddr.a[0] | s->conf.macaddr.a[1] << 8;
- s->eeprom.contents[8] = s->conf.macaddr.a[2] | s->conf.macaddr.a[3] << 8;
- s->eeprom.contents[9] = s->conf.macaddr.a[4] | s->conf.macaddr.a[5] << 8;
-
- s->nic = qemu_new_nic(&net_rtl8139_info, &s->conf,
- object_get_typename(OBJECT(dev)), dev->qdev.id, s);
- qemu_format_nic_info_str(&s->nic->nc, s->conf.macaddr.a);
-
- s->cplus_txbuffer = NULL;
- s->cplus_txbuffer_len = 0;
- s->cplus_txbuffer_offset = 0;
-
- s->TimerExpire = 0;
- s->timer = qemu_new_timer_ns(vm_clock, rtl8139_timer, s);
- rtl8139_set_next_tctr_time(s, qemu_get_clock_ns(vm_clock));
-
- add_boot_device_path(s->conf.bootindex, &dev->qdev, "/ethernet-phy@0");
-
- return 0;
-}
-
-static Property rtl8139_properties[] = {
- DEFINE_NIC_PROPERTIES(RTL8139State, conf),
- DEFINE_PROP_END_OF_LIST(),
-};
-
-static void rtl8139_class_init(ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS(klass);
- PCIDeviceClass *k = PCI_DEVICE_CLASS(klass);
-
- k->init = pci_rtl8139_init;
- k->exit = pci_rtl8139_uninit;
- k->romfile = "pxe-rtl8139.rom";
- k->vendor_id = PCI_VENDOR_ID_REALTEK;
- k->device_id = PCI_DEVICE_ID_REALTEK_8139;
- k->revision = RTL8139_PCI_REVID; /* >=0x20 is for 8139C+ */
- k->class_id = PCI_CLASS_NETWORK_ETHERNET;
- dc->reset = rtl8139_reset;
- dc->vmsd = &vmstate_rtl8139;
- dc->props = rtl8139_properties;
-}
-
-static TypeInfo rtl8139_info = {
- .name = "rtl8139",
- .parent = TYPE_PCI_DEVICE,
- .instance_size = sizeof(RTL8139State),
- .class_init = rtl8139_class_init,
-};
-
-static void rtl8139_register_types(void)
-{
- type_register_static(&rtl8139_info);
-}
-
-type_init(rtl8139_register_types)
diff --git a/hw/s390-virtio-bus.c b/hw/s390-virtio-bus.c
deleted file mode 100644
index e0ac2d1ec..000000000
--- a/hw/s390-virtio-bus.c
+++ /dev/null
@@ -1,571 +0,0 @@
-/*
- * QEMU S390 virtio target
- *
- * Copyright (c) 2009 Alexander Graf <agraf@suse.de>
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, see <http://www.gnu.org/licenses/>.
- */
-
-#include "hw.h"
-#include "block.h"
-#include "sysemu.h"
-#include "net.h"
-#include "boards.h"
-#include "monitor.h"
-#include "loader.h"
-#include "elf.h"
-#include "hw/virtio.h"
-#include "hw/virtio-rng.h"
-#include "hw/virtio-serial.h"
-#include "hw/virtio-net.h"
-#include "hw/sysbus.h"
-#include "kvm.h"
-
-#include "hw/s390-virtio-bus.h"
-
-/* #define DEBUG_S390 */
-
-#ifdef DEBUG_S390
-#define dprintf(fmt, ...) \
- do { fprintf(stderr, fmt, ## __VA_ARGS__); } while (0)
-#else
-#define dprintf(fmt, ...) \
- do { } while (0)
-#endif
-
-#define VIRTIO_EXT_CODE 0x2603
-
-static const TypeInfo s390_virtio_bus_info = {
- .name = TYPE_S390_VIRTIO_BUS,
- .parent = TYPE_BUS,
- .instance_size = sizeof(VirtIOS390Bus),
-};
-
-static const VirtIOBindings virtio_s390_bindings;
-
-static ram_addr_t s390_virtio_device_num_vq(VirtIOS390Device *dev);
-
-/* length of VirtIO device pages */
-const hwaddr virtio_size = S390_DEVICE_PAGES * TARGET_PAGE_SIZE;
-
-static void s390_virtio_bus_reset(void *opaque)
-{
- VirtIOS390Bus *bus = opaque;
- bus->next_ring = bus->dev_page + TARGET_PAGE_SIZE;
-}
-
-void s390_virtio_reset_idx(VirtIOS390Device *dev)
-{
- int i;
- hwaddr idx_addr;
- uint8_t num_vq;
-
- num_vq = s390_virtio_device_num_vq(dev);
- for (i = 0; i < num_vq; i++) {
- idx_addr = virtio_queue_get_avail_addr(dev->vdev, i) +
- VIRTIO_VRING_AVAIL_IDX_OFFS;
- stw_phys(idx_addr, 0);
- idx_addr = virtio_queue_get_used_addr(dev->vdev, i) +
- VIRTIO_VRING_USED_IDX_OFFS;
- stw_phys(idx_addr, 0);
- }
-}
-
-VirtIOS390Bus *s390_virtio_bus_init(ram_addr_t *ram_size)
-{
- VirtIOS390Bus *bus;
- BusState *_bus;
- DeviceState *dev;
-
- /* Create bridge device */
- dev = qdev_create(NULL, "s390-virtio-bridge");
- qdev_init_nofail(dev);
-
- /* Create bus on bridge device */
-
- _bus = qbus_create(TYPE_S390_VIRTIO_BUS, dev, "s390-virtio");
- bus = DO_UPCAST(VirtIOS390Bus, bus, _bus);
-
- bus->dev_page = *ram_size;
- bus->dev_offs = bus->dev_page;
- bus->next_ring = bus->dev_page + TARGET_PAGE_SIZE;
-
- /* Enable hotplugging */
- _bus->allow_hotplug = 1;
-
- /* Allocate RAM for VirtIO device pages (descriptors, queues, rings) */
- *ram_size += S390_DEVICE_PAGES * TARGET_PAGE_SIZE;
-
- qemu_register_reset(s390_virtio_bus_reset, bus);
- return bus;
-}
-
-static void s390_virtio_irq(CPUS390XState *env, int config_change, uint64_t token)
-{
- if (kvm_enabled()) {
- kvm_s390_virtio_irq(env, config_change, token);
- } else {
- cpu_inject_ext(env, VIRTIO_EXT_CODE, config_change, token);
- }
-}
-
-static int s390_virtio_device_init(VirtIOS390Device *dev, VirtIODevice *vdev)
-{
- VirtIOS390Bus *bus;
- int dev_len;
-
- bus = DO_UPCAST(VirtIOS390Bus, bus, dev->qdev.parent_bus);
- dev->vdev = vdev;
- dev->dev_offs = bus->dev_offs;
- dev->feat_len = sizeof(uint32_t); /* always keep 32 bits features */
-
- dev_len = VIRTIO_DEV_OFFS_CONFIG;
- dev_len += s390_virtio_device_num_vq(dev) * VIRTIO_VQCONFIG_LEN;
- dev_len += dev->feat_len * 2;
- dev_len += vdev->config_len;
-
- bus->dev_offs += dev_len;
-
- virtio_bind_device(vdev, &virtio_s390_bindings, dev);
- dev->host_features = vdev->get_features(vdev, dev->host_features);
- s390_virtio_device_sync(dev);
- s390_virtio_reset_idx(dev);
- if (dev->qdev.hotplugged) {
- S390CPU *cpu = s390_cpu_addr2state(0);
- CPUS390XState *env = &cpu->env;
- s390_virtio_irq(env, VIRTIO_PARAM_DEV_ADD, dev->dev_offs);
- }
-
- return 0;
-}
-
-static int s390_virtio_net_init(VirtIOS390Device *dev)
-{
- VirtIODevice *vdev;
-
- vdev = virtio_net_init((DeviceState *)dev, &dev->nic, &dev->net);
- if (!vdev) {
- return -1;
- }
-
- return s390_virtio_device_init(dev, vdev);
-}
-
-static int s390_virtio_blk_init(VirtIOS390Device *dev)
-{
- VirtIODevice *vdev;
-
- vdev = virtio_blk_init((DeviceState *)dev, &dev->blk);
- if (!vdev) {
- return -1;
- }
-
- return s390_virtio_device_init(dev, vdev);
-}
-
-static int s390_virtio_serial_init(VirtIOS390Device *dev)
-{
- VirtIOS390Bus *bus;
- VirtIODevice *vdev;
- int r;
-
- bus = DO_UPCAST(VirtIOS390Bus, bus, dev->qdev.parent_bus);
-
- vdev = virtio_serial_init((DeviceState *)dev, &dev->serial);
- if (!vdev) {
- return -1;
- }
-
- r = s390_virtio_device_init(dev, vdev);
- if (!r) {
- bus->console = dev;
- }
-
- return r;
-}
-
-static int s390_virtio_scsi_init(VirtIOS390Device *dev)
-{
- VirtIODevice *vdev;
-
- vdev = virtio_scsi_init((DeviceState *)dev, &dev->scsi);
- if (!vdev) {
- return -1;
- }
-
- return s390_virtio_device_init(dev, vdev);
-}
-
-static int s390_virtio_rng_init(VirtIOS390Device *dev)
-{
- VirtIODevice *vdev;
-
- vdev = virtio_rng_init((DeviceState *)dev, &dev->rng);
- if (!vdev) {
- return -1;
- }
-
- return s390_virtio_device_init(dev, vdev);
-}
-
-static uint64_t s390_virtio_device_vq_token(VirtIOS390Device *dev, int vq)
-{
- ram_addr_t token_off;
-
- token_off = (dev->dev_offs + VIRTIO_DEV_OFFS_CONFIG) +
- (vq * VIRTIO_VQCONFIG_LEN) +
- VIRTIO_VQCONFIG_OFFS_TOKEN;
-
- return ldq_be_phys(token_off);
-}
-
-static ram_addr_t s390_virtio_device_num_vq(VirtIOS390Device *dev)
-{
- VirtIODevice *vdev = dev->vdev;
- int num_vq;
-
- for (num_vq = 0; num_vq < VIRTIO_PCI_QUEUE_MAX; num_vq++) {
- if (!virtio_queue_get_num(vdev, num_vq)) {
- break;
- }
- }
-
- return num_vq;
-}
-
-static ram_addr_t s390_virtio_next_ring(VirtIOS390Bus *bus)
-{
- ram_addr_t r = bus->next_ring;
-
- bus->next_ring += VIRTIO_RING_LEN;
- return r;
-}
-
-void s390_virtio_device_sync(VirtIOS390Device *dev)
-{
- VirtIOS390Bus *bus = DO_UPCAST(VirtIOS390Bus, bus, dev->qdev.parent_bus);
- ram_addr_t cur_offs;
- uint8_t num_vq;
- int i;
-
- virtio_reset(dev->vdev);
-
- /* Sync dev space */
- stb_phys(dev->dev_offs + VIRTIO_DEV_OFFS_TYPE, dev->vdev->device_id);
-
- stb_phys(dev->dev_offs + VIRTIO_DEV_OFFS_NUM_VQ, s390_virtio_device_num_vq(dev));
- stb_phys(dev->dev_offs + VIRTIO_DEV_OFFS_FEATURE_LEN, dev->feat_len);
-
- stb_phys(dev->dev_offs + VIRTIO_DEV_OFFS_CONFIG_LEN, dev->vdev->config_len);
-
- num_vq = s390_virtio_device_num_vq(dev);
- stb_phys(dev->dev_offs + VIRTIO_DEV_OFFS_NUM_VQ, num_vq);
-
- /* Sync virtqueues */
- for (i = 0; i < num_vq; i++) {
- ram_addr_t vq = (dev->dev_offs + VIRTIO_DEV_OFFS_CONFIG) +
- (i * VIRTIO_VQCONFIG_LEN);
- ram_addr_t vring;
-
- vring = s390_virtio_next_ring(bus);
- virtio_queue_set_addr(dev->vdev, i, vring);
- virtio_queue_set_vector(dev->vdev, i, i);
- stq_be_phys(vq + VIRTIO_VQCONFIG_OFFS_ADDRESS, vring);
- stw_be_phys(vq + VIRTIO_VQCONFIG_OFFS_NUM, virtio_queue_get_num(dev->vdev, i));
- }
-
- cur_offs = dev->dev_offs;
- cur_offs += VIRTIO_DEV_OFFS_CONFIG;
- cur_offs += num_vq * VIRTIO_VQCONFIG_LEN;
-
- /* Sync feature bitmap */
- stl_le_phys(cur_offs, dev->host_features);
-
- dev->feat_offs = cur_offs + dev->feat_len;
- cur_offs += dev->feat_len * 2;
-
- /* Sync config space */
- if (dev->vdev->get_config) {
- dev->vdev->get_config(dev->vdev, dev->vdev->config);
- }
-
- cpu_physical_memory_write(cur_offs,
- dev->vdev->config, dev->vdev->config_len);
- cur_offs += dev->vdev->config_len;
-}
-
-void s390_virtio_device_update_status(VirtIOS390Device *dev)
-{
- VirtIODevice *vdev = dev->vdev;
- uint32_t features;
-
- virtio_set_status(vdev, ldub_phys(dev->dev_offs + VIRTIO_DEV_OFFS_STATUS));
-
- /* Update guest supported feature bitmap */
-
- features = bswap32(ldl_be_phys(dev->feat_offs));
- virtio_set_features(vdev, features);
-}
-
-VirtIOS390Device *s390_virtio_bus_console(VirtIOS390Bus *bus)
-{
- return bus->console;
-}
-
-/* Find a device by vring address */
-VirtIOS390Device *s390_virtio_bus_find_vring(VirtIOS390Bus *bus,
- ram_addr_t mem,
- int *vq_num)
-{
- BusChild *kid;
- int i;
-
- QTAILQ_FOREACH(kid, &bus->bus.children, sibling) {
- VirtIOS390Device *dev = (VirtIOS390Device *)kid->child;
-
- for(i = 0; i < VIRTIO_PCI_QUEUE_MAX; i++) {
- if (!virtio_queue_get_addr(dev->vdev, i))
- break;
- if (virtio_queue_get_addr(dev->vdev, i) == mem) {
- if (vq_num) {
- *vq_num = i;
- }
- return dev;
- }
- }
- }
-
- return NULL;
-}
-
-/* Find a device by device descriptor location */
-VirtIOS390Device *s390_virtio_bus_find_mem(VirtIOS390Bus *bus, ram_addr_t mem)
-{
- BusChild *kid;
-
- QTAILQ_FOREACH(kid, &bus->bus.children, sibling) {
- VirtIOS390Device *dev = (VirtIOS390Device *)kid->child;
- if (dev->dev_offs == mem) {
- return dev;
- }
- }
-
- return NULL;
-}
-
-static void virtio_s390_notify(void *opaque, uint16_t vector)
-{
- VirtIOS390Device *dev = (VirtIOS390Device*)opaque;
- uint64_t token = s390_virtio_device_vq_token(dev, vector);
- S390CPU *cpu = s390_cpu_addr2state(0);
- CPUS390XState *env = &cpu->env;
-
- s390_virtio_irq(env, 0, token);
-}
-
-static unsigned virtio_s390_get_features(void *opaque)
-{
- VirtIOS390Device *dev = (VirtIOS390Device*)opaque;
- return dev->host_features;
-}
-
-/**************** S390 Virtio Bus Device Descriptions *******************/
-
-static const VirtIOBindings virtio_s390_bindings = {
- .notify = virtio_s390_notify,
- .get_features = virtio_s390_get_features,
-};
-
-static Property s390_virtio_net_properties[] = {
- DEFINE_NIC_PROPERTIES(VirtIOS390Device, nic),
- DEFINE_PROP_UINT32("x-txtimer", VirtIOS390Device,
- net.txtimer, TX_TIMER_INTERVAL),
- DEFINE_PROP_INT32("x-txburst", VirtIOS390Device,
- net.txburst, TX_BURST),
- DEFINE_PROP_STRING("tx", VirtIOS390Device, net.tx),
- DEFINE_PROP_END_OF_LIST(),
-};
-
-static void s390_virtio_net_class_init(ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS(klass);
- VirtIOS390DeviceClass *k = VIRTIO_S390_DEVICE_CLASS(klass);
-
- k->init = s390_virtio_net_init;
- dc->props = s390_virtio_net_properties;
-}
-
-static TypeInfo s390_virtio_net = {
- .name = "virtio-net-s390",
- .parent = TYPE_VIRTIO_S390_DEVICE,
- .instance_size = sizeof(VirtIOS390Device),
- .class_init = s390_virtio_net_class_init,
-};
-
-static Property s390_virtio_blk_properties[] = {
- DEFINE_BLOCK_PROPERTIES(VirtIOS390Device, blk.conf),
- DEFINE_BLOCK_CHS_PROPERTIES(VirtIOS390Device, blk.conf),
- DEFINE_PROP_STRING("serial", VirtIOS390Device, blk.serial),
-#ifdef __linux__
- DEFINE_PROP_BIT("scsi", VirtIOS390Device, blk.scsi, 0, true),
-#endif
- DEFINE_PROP_END_OF_LIST(),
-};
-
-static void s390_virtio_blk_class_init(ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS(klass);
- VirtIOS390DeviceClass *k = VIRTIO_S390_DEVICE_CLASS(klass);
-
- k->init = s390_virtio_blk_init;
- dc->props = s390_virtio_blk_properties;
-}
-
-static TypeInfo s390_virtio_blk = {
- .name = "virtio-blk-s390",
- .parent = TYPE_VIRTIO_S390_DEVICE,
- .instance_size = sizeof(VirtIOS390Device),
- .class_init = s390_virtio_blk_class_init,
-};
-
-static Property s390_virtio_serial_properties[] = {
- DEFINE_PROP_UINT32("max_ports", VirtIOS390Device,
- serial.max_virtserial_ports, 31),
- DEFINE_PROP_END_OF_LIST(),
-};
-
-static void s390_virtio_serial_class_init(ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS(klass);
- VirtIOS390DeviceClass *k = VIRTIO_S390_DEVICE_CLASS(klass);
-
- k->init = s390_virtio_serial_init;
- dc->props = s390_virtio_serial_properties;
-}
-
-static TypeInfo s390_virtio_serial = {
- .name = "virtio-serial-s390",
- .parent = TYPE_VIRTIO_S390_DEVICE,
- .instance_size = sizeof(VirtIOS390Device),
- .class_init = s390_virtio_serial_class_init,
-};
-
-static void s390_virtio_rng_initfn(Object *obj)
-{
- VirtIOS390Device *dev = VIRTIO_S390_DEVICE(obj);
-
- object_property_add_link(obj, "rng", TYPE_RNG_BACKEND,
- (Object **)&dev->rng.rng, NULL);
-}
-
-static void s390_virtio_rng_class_init(ObjectClass *klass, void *data)
-{
- VirtIOS390DeviceClass *k = VIRTIO_S390_DEVICE_CLASS(klass);
-
- k->init = s390_virtio_rng_init;
-}
-
-static TypeInfo s390_virtio_rng = {
- .name = "virtio-rng-s390",
- .parent = TYPE_VIRTIO_S390_DEVICE,
- .instance_size = sizeof(VirtIOS390Device),
- .instance_init = s390_virtio_rng_initfn,
- .class_init = s390_virtio_rng_class_init,
-};
-
-static int s390_virtio_busdev_init(DeviceState *dev)
-{
- VirtIOS390Device *_dev = (VirtIOS390Device *)dev;
- VirtIOS390DeviceClass *_info = VIRTIO_S390_DEVICE_GET_CLASS(dev);
-
- return _info->init(_dev);
-}
-
-static void virtio_s390_device_class_init(ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS(klass);
-
- dc->init = s390_virtio_busdev_init;
- dc->bus_type = TYPE_S390_VIRTIO_BUS;
- dc->unplug = qdev_simple_unplug_cb;
-}
-
-static TypeInfo virtio_s390_device_info = {
- .name = TYPE_VIRTIO_S390_DEVICE,
- .parent = TYPE_DEVICE,
- .instance_size = sizeof(VirtIOS390Device),
- .class_init = virtio_s390_device_class_init,
- .class_size = sizeof(VirtIOS390DeviceClass),
- .abstract = true,
-};
-
-static Property s390_virtio_scsi_properties[] = {
- DEFINE_VIRTIO_SCSI_PROPERTIES(VirtIOS390Device, host_features, scsi),
- DEFINE_PROP_END_OF_LIST(),
-};
-
-static void s390_virtio_scsi_class_init(ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS(klass);
- VirtIOS390DeviceClass *k = VIRTIO_S390_DEVICE_CLASS(klass);
-
- k->init = s390_virtio_scsi_init;
- dc->props = s390_virtio_scsi_properties;
-}
-
-static TypeInfo s390_virtio_scsi = {
- .name = "virtio-scsi-s390",
- .parent = TYPE_VIRTIO_S390_DEVICE,
- .instance_size = sizeof(VirtIOS390Device),
- .class_init = s390_virtio_scsi_class_init,
-};
-
-/***************** S390 Virtio Bus Bridge Device *******************/
-/* Only required to have the virtio bus as child in the system bus */
-
-static int s390_virtio_bridge_init(SysBusDevice *dev)
-{
- /* nothing */
- return 0;
-}
-
-static void s390_virtio_bridge_class_init(ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS(klass);
- SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
-
- k->init = s390_virtio_bridge_init;
- dc->no_user = 1;
-}
-
-static TypeInfo s390_virtio_bridge_info = {
- .name = "s390-virtio-bridge",
- .parent = TYPE_SYS_BUS_DEVICE,
- .instance_size = sizeof(SysBusDevice),
- .class_init = s390_virtio_bridge_class_init,
-};
-
-static void s390_virtio_register_types(void)
-{
- type_register_static(&s390_virtio_bus_info);
- type_register_static(&virtio_s390_device_info);
- type_register_static(&s390_virtio_serial);
- type_register_static(&s390_virtio_blk);
- type_register_static(&s390_virtio_net);
- type_register_static(&s390_virtio_scsi);
- type_register_static(&s390_virtio_rng);
- type_register_static(&s390_virtio_bridge_info);
-}
-
-type_init(s390_virtio_register_types)
diff --git a/hw/s390-virtio-bus.h b/hw/s390-virtio-bus.h
deleted file mode 100644
index a83afe785..000000000
--- a/hw/s390-virtio-bus.h
+++ /dev/null
@@ -1,102 +0,0 @@
-/*
- * QEMU S390x VirtIO BUS definitions
- *
- * Copyright (c) 2009 Alexander Graf <agraf@suse.de>
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, see <http://www.gnu.org/licenses/>.
- */
-
-#include "virtio-blk.h"
-#include "virtio-net.h"
-#include "virtio-rng.h"
-#include "virtio-serial.h"
-#include "virtio-scsi.h"
-
-#define VIRTIO_DEV_OFFS_TYPE 0 /* 8 bits */
-#define VIRTIO_DEV_OFFS_NUM_VQ 1 /* 8 bits */
-#define VIRTIO_DEV_OFFS_FEATURE_LEN 2 /* 8 bits */
-#define VIRTIO_DEV_OFFS_CONFIG_LEN 3 /* 8 bits */
-#define VIRTIO_DEV_OFFS_STATUS 4 /* 8 bits */
-#define VIRTIO_DEV_OFFS_CONFIG 5 /* dynamic */
-
-#define VIRTIO_VQCONFIG_OFFS_TOKEN 0 /* 64 bits */
-#define VIRTIO_VQCONFIG_OFFS_ADDRESS 8 /* 64 bits */
-#define VIRTIO_VQCONFIG_OFFS_NUM 16 /* 16 bits */
-#define VIRTIO_VQCONFIG_LEN 24
-
-#define VIRTIO_RING_LEN (TARGET_PAGE_SIZE * 3)
-#define VIRTIO_VRING_AVAIL_IDX_OFFS 2
-#define VIRTIO_VRING_USED_IDX_OFFS 2
-#define S390_DEVICE_PAGES 512
-
-#define VIRTIO_PARAM_MASK 0xff
-#define VIRTIO_PARAM_VRING_INTERRUPT 0x0
-#define VIRTIO_PARAM_CONFIG_CHANGED 0x1
-#define VIRTIO_PARAM_DEV_ADD 0x2
-
-#define TYPE_VIRTIO_S390_DEVICE "virtio-s390-device"
-#define VIRTIO_S390_DEVICE(obj) \
- OBJECT_CHECK(VirtIOS390Device, (obj), TYPE_VIRTIO_S390_DEVICE)
-#define VIRTIO_S390_DEVICE_CLASS(klass) \
- OBJECT_CLASS_CHECK(VirtIOS390DeviceClass, (klass), TYPE_VIRTIO_S390_DEVICE)
-#define VIRTIO_S390_DEVICE_GET_CLASS(obj) \
- OBJECT_GET_CLASS(VirtIOS390DeviceClass, (obj), TYPE_VIRTIO_S390_DEVICE)
-
-#define TYPE_S390_VIRTIO_BUS "s390-virtio-bus"
-#define S390_VIRTIO_BUS(obj) \
- OBJECT_CHECK(VirtIOS390Bus, (obj), TYPE_S390_VIRTIO_BUS)
-
-typedef struct VirtIOS390Device VirtIOS390Device;
-
-typedef struct VirtIOS390DeviceClass {
- DeviceClass qdev;
- int (*init)(VirtIOS390Device *dev);
-} VirtIOS390DeviceClass;
-
-struct VirtIOS390Device {
- DeviceState qdev;
- ram_addr_t dev_offs;
- ram_addr_t feat_offs;
- uint8_t feat_len;
- VirtIODevice *vdev;
- VirtIOBlkConf blk;
- NICConf nic;
- uint32_t host_features;
- virtio_serial_conf serial;
- virtio_net_conf net;
- VirtIOSCSIConf scsi;
- VirtIORNGConf rng;
-};
-
-typedef struct VirtIOS390Bus {
- BusState bus;
-
- VirtIOS390Device *console;
- ram_addr_t dev_page;
- ram_addr_t dev_offs;
- ram_addr_t next_ring;
-} VirtIOS390Bus;
-
-
-void s390_virtio_device_update_status(VirtIOS390Device *dev);
-
-VirtIOS390Device *s390_virtio_bus_console(VirtIOS390Bus *bus);
-VirtIOS390Bus *s390_virtio_bus_init(ram_addr_t *ram_size);
-
-VirtIOS390Device *s390_virtio_bus_find_vring(VirtIOS390Bus *bus,
- ram_addr_t mem, int *vq_num);
-VirtIOS390Device *s390_virtio_bus_find_mem(VirtIOS390Bus *bus, ram_addr_t mem);
-void s390_virtio_device_sync(VirtIOS390Device *dev);
-void s390_virtio_reset_idx(VirtIOS390Device *dev);
-
diff --git a/hw/s390-virtio.c b/hw/s390-virtio.c
deleted file mode 100644
index ca1bb0981..000000000
--- a/hw/s390-virtio.c
+++ /dev/null
@@ -1,354 +0,0 @@
-/*
- * QEMU S390 virtio target
- *
- * Copyright (c) 2009 Alexander Graf <agraf@suse.de>
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, see <http://www.gnu.org/licenses/>.
- */
-
-#include "hw.h"
-#include "block.h"
-#include "blockdev.h"
-#include "sysemu.h"
-#include "net.h"
-#include "boards.h"
-#include "monitor.h"
-#include "loader.h"
-#include "elf.h"
-#include "hw/virtio.h"
-#include "hw/sysbus.h"
-#include "kvm.h"
-#include "exec-memory.h"
-
-#include "hw/s390-virtio-bus.h"
-#include "hw/s390x/sclp.h"
-
-//#define DEBUG_S390
-
-#ifdef DEBUG_S390
-#define dprintf(fmt, ...) \
- do { fprintf(stderr, fmt, ## __VA_ARGS__); } while (0)
-#else
-#define dprintf(fmt, ...) \
- do { } while (0)
-#endif
-
-#define KVM_S390_VIRTIO_NOTIFY 0
-#define KVM_S390_VIRTIO_RESET 1
-#define KVM_S390_VIRTIO_SET_STATUS 2
-
-#define KERN_IMAGE_START 0x010000UL
-#define KERN_PARM_AREA 0x010480UL
-#define INITRD_START 0x800000UL
-#define INITRD_PARM_START 0x010408UL
-#define INITRD_PARM_SIZE 0x010410UL
-#define PARMFILE_START 0x001000UL
-
-#define ZIPL_START 0x009000UL
-#define ZIPL_LOAD_ADDR 0x009000UL
-#define ZIPL_FILENAME "s390-zipl.rom"
-
-#define MAX_BLK_DEVS 10
-
-static VirtIOS390Bus *s390_bus;
-static S390CPU **ipi_states;
-
-S390CPU *s390_cpu_addr2state(uint16_t cpu_addr)
-{
- if (cpu_addr >= smp_cpus) {
- return NULL;
- }
-
- return ipi_states[cpu_addr];
-}
-
-int s390_virtio_hypercall(CPUS390XState *env, uint64_t mem, uint64_t hypercall)
-{
- int r = 0, i;
-
- dprintf("KVM hypercall: %ld\n", hypercall);
- switch (hypercall) {
- case KVM_S390_VIRTIO_NOTIFY:
- if (mem > ram_size) {
- VirtIOS390Device *dev = s390_virtio_bus_find_vring(s390_bus,
- mem, &i);
- if (dev) {
- virtio_queue_notify(dev->vdev, i);
- } else {
- r = -EINVAL;
- }
- } else {
- /* Early printk */
- }
- break;
- case KVM_S390_VIRTIO_RESET:
- {
- VirtIOS390Device *dev;
-
- dev = s390_virtio_bus_find_mem(s390_bus, mem);
- virtio_reset(dev->vdev);
- stb_phys(dev->dev_offs + VIRTIO_DEV_OFFS_STATUS, 0);
- s390_virtio_device_sync(dev);
- s390_virtio_reset_idx(dev);
- break;
- }
- case KVM_S390_VIRTIO_SET_STATUS:
- {
- VirtIOS390Device *dev;
-
- dev = s390_virtio_bus_find_mem(s390_bus, mem);
- if (dev) {
- s390_virtio_device_update_status(dev);
- } else {
- r = -EINVAL;
- }
- break;
- }
- default:
- r = -EINVAL;
- break;
- }
-
- return r;
-}
-
-/*
- * The number of running CPUs. On s390 a shutdown is the state of all CPUs
- * being either stopped or disabled (for interrupts) waiting. We have to
- * track this number to call the shutdown sequence accordingly. This
- * number is modified either on startup or while holding the big qemu lock.
- */
-static unsigned s390_running_cpus;
-
-void s390_add_running_cpu(CPUS390XState *env)
-{
- if (env->halted) {
- s390_running_cpus++;
- env->halted = 0;
- env->exception_index = -1;
- }
-}
-
-unsigned s390_del_running_cpu(CPUS390XState *env)
-{
- if (env->halted == 0) {
- assert(s390_running_cpus >= 1);
- s390_running_cpus--;
- env->halted = 1;
- env->exception_index = EXCP_HLT;
- }
- return s390_running_cpus;
-}
-
-/* PC hardware initialisation */
-static void s390_init(QEMUMachineInitArgs *args)
-{
- ram_addr_t my_ram_size = args->ram_size;
- const char *cpu_model = args->cpu_model;
- const char *kernel_filename = args->kernel_filename;
- const char *kernel_cmdline = args->kernel_cmdline;
- const char *initrd_filename = args->initrd_filename;
- CPUS390XState *env = NULL;
- MemoryRegion *sysmem = get_system_memory();
- MemoryRegion *ram = g_new(MemoryRegion, 1);
- ram_addr_t kernel_size = 0;
- ram_addr_t initrd_offset;
- ram_addr_t initrd_size = 0;
- int shift = 0;
- uint8_t *storage_keys;
- void *virtio_region;
- hwaddr virtio_region_len;
- hwaddr virtio_region_start;
- int i;
-
- /* s390x ram size detection needs a 16bit multiplier + an increment. So
- guests > 64GB can be specified in 2MB steps etc. */
- while ((my_ram_size >> (20 + shift)) > 65535) {
- shift++;
- }
- my_ram_size = my_ram_size >> (20 + shift) << (20 + shift);
-
- /* lets propagate the changed ram size into the global variable. */
- ram_size = my_ram_size;
-
- /* get a BUS */
- s390_bus = s390_virtio_bus_init(&my_ram_size);
- s390_sclp_init();
-
- /* allocate RAM */
- memory_region_init_ram(ram, "s390.ram", my_ram_size);
- vmstate_register_ram_global(ram);
- memory_region_add_subregion(sysmem, 0, ram);
-
- /* clear virtio region */
- virtio_region_len = my_ram_size - ram_size;
- virtio_region_start = ram_size;
- virtio_region = cpu_physical_memory_map(virtio_region_start,
- &virtio_region_len, true);
- memset(virtio_region, 0, virtio_region_len);
- cpu_physical_memory_unmap(virtio_region, virtio_region_len, 1,
- virtio_region_len);
-
- /* allocate storage keys */
- storage_keys = g_malloc0(my_ram_size / TARGET_PAGE_SIZE);
-
- /* init CPUs */
- if (cpu_model == NULL) {
- cpu_model = "host";
- }
-
- ipi_states = g_malloc(sizeof(S390CPU *) * smp_cpus);
-
- for (i = 0; i < smp_cpus; i++) {
- S390CPU *cpu;
- CPUS390XState *tmp_env;
-
- cpu = cpu_s390x_init(cpu_model);
- tmp_env = &cpu->env;
- if (!env) {
- env = tmp_env;
- }
- ipi_states[i] = cpu;
- tmp_env->halted = 1;
- tmp_env->exception_index = EXCP_HLT;
- tmp_env->storage_keys = storage_keys;
- }
-
- /* One CPU has to run */
- s390_add_running_cpu(env);
-
- if (kernel_filename) {
-
- kernel_size = load_elf(kernel_filename, NULL, NULL, NULL, NULL,
- NULL, 1, ELF_MACHINE, 0);
- if (kernel_size == -1UL) {
- kernel_size = load_image_targphys(kernel_filename, 0, ram_size);
- }
- if (kernel_size == -1UL) {
- fprintf(stderr, "qemu: could not load kernel '%s'\n",
- kernel_filename);
- exit(1);
- }
- /*
- * we can not rely on the ELF entry point, since up to 3.2 this
- * value was 0x800 (the SALIPL loader) and it wont work. For
- * all (Linux) cases 0x10000 (KERN_IMAGE_START) should be fine.
- */
- env->psw.addr = KERN_IMAGE_START;
- env->psw.mask = 0x0000000180000000ULL;
- } else {
- ram_addr_t bios_size = 0;
- char *bios_filename;
-
- /* Load zipl bootloader */
- if (bios_name == NULL) {
- bios_name = ZIPL_FILENAME;
- }
-
- bios_filename = qemu_find_file(QEMU_FILE_TYPE_BIOS, bios_name);
- bios_size = load_image_targphys(bios_filename, ZIPL_LOAD_ADDR, 4096);
- g_free(bios_filename);
-
- if ((long)bios_size < 0) {
- hw_error("could not load bootloader '%s'\n", bios_name);
- }
-
- if (bios_size > 4096) {
- hw_error("stage1 bootloader is > 4k\n");
- }
-
- env->psw.addr = ZIPL_START;
- env->psw.mask = 0x0000000180000000ULL;
- }
-
- if (initrd_filename) {
- initrd_offset = INITRD_START;
- while (kernel_size + 0x100000 > initrd_offset) {
- initrd_offset += 0x100000;
- }
- initrd_size = load_image_targphys(initrd_filename, initrd_offset,
- ram_size - initrd_offset);
- if (initrd_size == -1UL) {
- fprintf(stderr, "qemu: could not load initrd '%s'\n",
- initrd_filename);
- exit(1);
- }
-
- /* we have to overwrite values in the kernel image, which are "rom" */
- stq_p(rom_ptr(INITRD_PARM_START), initrd_offset);
- stq_p(rom_ptr(INITRD_PARM_SIZE), initrd_size);
- }
-
- if (rom_ptr(KERN_PARM_AREA)) {
- /* we have to overwrite values in the kernel image, which are "rom" */
- memcpy(rom_ptr(KERN_PARM_AREA), kernel_cmdline,
- strlen(kernel_cmdline) + 1);
- }
-
- /* Create VirtIO network adapters */
- for(i = 0; i < nb_nics; i++) {
- NICInfo *nd = &nd_table[i];
- DeviceState *dev;
-
- if (!nd->model) {
- nd->model = g_strdup("virtio");
- }
-
- if (strcmp(nd->model, "virtio")) {
- fprintf(stderr, "S390 only supports VirtIO nics\n");
- exit(1);
- }
-
- dev = qdev_create((BusState *)s390_bus, "virtio-net-s390");
- qdev_set_nic_properties(dev, nd);
- qdev_init_nofail(dev);
- }
-
- /* Create VirtIO disk drives */
- for(i = 0; i < MAX_BLK_DEVS; i++) {
- DriveInfo *dinfo;
- DeviceState *dev;
-
- dinfo = drive_get(IF_IDE, 0, i);
- if (!dinfo) {
- continue;
- }
-
- dev = qdev_create((BusState *)s390_bus, "virtio-blk-s390");
- qdev_prop_set_drive_nofail(dev, "drive", dinfo->bdrv);
- qdev_init_nofail(dev);
- }
-}
-
-static QEMUMachine s390_machine = {
- .name = "s390-virtio",
- .alias = "s390",
- .desc = "VirtIO based S390 machine",
- .init = s390_init,
- .no_cdrom = 1,
- .no_floppy = 1,
- .no_serial = 1,
- .no_parallel = 1,
- .no_sdcard = 1,
- .use_virtcon = 1,
- .max_cpus = 255,
- .is_default = 1,
-};
-
-static void s390_machine_init(void)
-{
- qemu_register_machine(&s390_machine);
-}
-
-machine_init(s390_machine_init);
diff --git a/hw/s390x/Makefile.objs b/hw/s390x/Makefile.objs
index 096dfcd6a..77e121844 100644
--- a/hw/s390x/Makefile.objs
+++ b/hw/s390x/Makefile.objs
@@ -1,6 +1,9 @@
obj-y = s390-virtio-bus.o s390-virtio.o
-
-obj-y := $(addprefix ../,$(obj-y))
+obj-y += s390-virtio-hcall.o
obj-y += sclp.o
obj-y += event-facility.o
-obj-y += sclpquiesce.o sclpconsole.o
+obj-y += sclpquiesce.o
+obj-y += ipl.o
+obj-y += css.o
+obj-y += s390-virtio-ccw.o
+obj-y += virtio-ccw.o
diff --git a/hw/s390x/css.c b/hw/s390x/css.c
new file mode 100644
index 000000000..93b0b9733
--- /dev/null
+++ b/hw/s390x/css.c
@@ -0,0 +1,1280 @@
+/*
+ * Channel subsystem base support.
+ *
+ * Copyright 2012 IBM Corp.
+ * Author(s): Cornelia Huck <cornelia.huck@de.ibm.com>
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or (at
+ * your option) any later version. See the COPYING file in the top-level
+ * directory.
+ */
+
+#include <hw/qdev.h>
+#include "qemu/bitops.h"
+#include "cpu.h"
+#include "ioinst.h"
+#include "css.h"
+#include "trace.h"
+
+typedef struct CrwContainer {
+ CRW crw;
+ QTAILQ_ENTRY(CrwContainer) sibling;
+} CrwContainer;
+
+typedef struct ChpInfo {
+ uint8_t in_use;
+ uint8_t type;
+ uint8_t is_virtual;
+} ChpInfo;
+
+typedef struct SubchSet {
+ SubchDev *sch[MAX_SCHID + 1];
+ unsigned long schids_used[BITS_TO_LONGS(MAX_SCHID + 1)];
+ unsigned long devnos_used[BITS_TO_LONGS(MAX_SCHID + 1)];
+} SubchSet;
+
+typedef struct CssImage {
+ SubchSet *sch_set[MAX_SSID + 1];
+ ChpInfo chpids[MAX_CHPID + 1];
+} CssImage;
+
+typedef struct ChannelSubSys {
+ QTAILQ_HEAD(, CrwContainer) pending_crws;
+ bool do_crw_mchk;
+ bool crws_lost;
+ uint8_t max_cssid;
+ uint8_t max_ssid;
+ bool chnmon_active;
+ uint64_t chnmon_area;
+ CssImage *css[MAX_CSSID + 1];
+ uint8_t default_cssid;
+} ChannelSubSys;
+
+static ChannelSubSys *channel_subsys;
+
+int css_create_css_image(uint8_t cssid, bool default_image)
+{
+ trace_css_new_image(cssid, default_image ? "(default)" : "");
+ if (cssid > MAX_CSSID) {
+ return -EINVAL;
+ }
+ if (channel_subsys->css[cssid]) {
+ return -EBUSY;
+ }
+ channel_subsys->css[cssid] = g_malloc0(sizeof(CssImage));
+ if (default_image) {
+ channel_subsys->default_cssid = cssid;
+ }
+ return 0;
+}
+
+uint16_t css_build_subchannel_id(SubchDev *sch)
+{
+ if (channel_subsys->max_cssid > 0) {
+ return (sch->cssid << 8) | (1 << 3) | (sch->ssid << 1) | 1;
+ }
+ return (sch->ssid << 1) | 1;
+}
+
+static void css_inject_io_interrupt(SubchDev *sch)
+{
+ S390CPU *cpu = s390_cpu_addr2state(0);
+ uint8_t isc = (sch->curr_status.pmcw.flags & PMCW_FLAGS_MASK_ISC) >> 11;
+
+ trace_css_io_interrupt(sch->cssid, sch->ssid, sch->schid,
+ sch->curr_status.pmcw.intparm, isc, "");
+ s390_io_interrupt(cpu,
+ css_build_subchannel_id(sch),
+ sch->schid,
+ sch->curr_status.pmcw.intparm,
+ isc << 27);
+}
+
+void css_conditional_io_interrupt(SubchDev *sch)
+{
+ /*
+ * If the subchannel is not currently status pending, make it pending
+ * with alert status.
+ */
+ if (!(sch->curr_status.scsw.ctrl & SCSW_STCTL_STATUS_PEND)) {
+ S390CPU *cpu = s390_cpu_addr2state(0);
+ uint8_t isc = (sch->curr_status.pmcw.flags & PMCW_FLAGS_MASK_ISC) >> 11;
+
+ trace_css_io_interrupt(sch->cssid, sch->ssid, sch->schid,
+ sch->curr_status.pmcw.intparm, isc,
+ "(unsolicited)");
+ sch->curr_status.scsw.ctrl &= ~SCSW_CTRL_MASK_STCTL;
+ sch->curr_status.scsw.ctrl |=
+ SCSW_STCTL_ALERT | SCSW_STCTL_STATUS_PEND;
+ /* Inject an I/O interrupt. */
+ s390_io_interrupt(cpu,
+ css_build_subchannel_id(sch),
+ sch->schid,
+ sch->curr_status.pmcw.intparm,
+ isc << 27);
+ }
+}
+
+static void sch_handle_clear_func(SubchDev *sch)
+{
+ PMCW *p = &sch->curr_status.pmcw;
+ SCSW *s = &sch->curr_status.scsw;
+ int path;
+
+ /* Path management: In our simple css, we always choose the only path. */
+ path = 0x80;
+
+ /* Reset values prior to 'issueing the clear signal'. */
+ p->lpum = 0;
+ p->pom = 0xff;
+ s->flags &= ~SCSW_FLAGS_MASK_PNO;
+
+ /* We always 'attempt to issue the clear signal', and we always succeed. */
+ sch->orb = NULL;
+ sch->channel_prog = 0x0;
+ sch->last_cmd_valid = false;
+ s->ctrl &= ~SCSW_ACTL_CLEAR_PEND;
+ s->ctrl |= SCSW_STCTL_STATUS_PEND;
+
+ s->dstat = 0;
+ s->cstat = 0;
+ p->lpum = path;
+
+}
+
+static void sch_handle_halt_func(SubchDev *sch)
+{
+
+ PMCW *p = &sch->curr_status.pmcw;
+ SCSW *s = &sch->curr_status.scsw;
+ int path;
+
+ /* Path management: In our simple css, we always choose the only path. */
+ path = 0x80;
+
+ /* We always 'attempt to issue the halt signal', and we always succeed. */
+ sch->orb = NULL;
+ sch->channel_prog = 0x0;
+ sch->last_cmd_valid = false;
+ s->ctrl &= ~SCSW_ACTL_HALT_PEND;
+ s->ctrl |= SCSW_STCTL_STATUS_PEND;
+
+ if ((s->ctrl & (SCSW_ACTL_SUBCH_ACTIVE | SCSW_ACTL_DEVICE_ACTIVE)) ||
+ !((s->ctrl & SCSW_ACTL_START_PEND) ||
+ (s->ctrl & SCSW_ACTL_SUSP))) {
+ s->dstat = SCSW_DSTAT_DEVICE_END;
+ }
+ s->cstat = 0;
+ p->lpum = path;
+
+}
+
+static void copy_sense_id_to_guest(SenseId *dest, SenseId *src)
+{
+ int i;
+
+ dest->reserved = src->reserved;
+ dest->cu_type = cpu_to_be16(src->cu_type);
+ dest->cu_model = src->cu_model;
+ dest->dev_type = cpu_to_be16(src->dev_type);
+ dest->dev_model = src->dev_model;
+ dest->unused = src->unused;
+ for (i = 0; i < ARRAY_SIZE(dest->ciw); i++) {
+ dest->ciw[i].type = src->ciw[i].type;
+ dest->ciw[i].command = src->ciw[i].command;
+ dest->ciw[i].count = cpu_to_be16(src->ciw[i].count);
+ }
+}
+
+static CCW1 copy_ccw_from_guest(hwaddr addr)
+{
+ CCW1 tmp;
+ CCW1 ret;
+
+ cpu_physical_memory_read(addr, &tmp, sizeof(tmp));
+ ret.cmd_code = tmp.cmd_code;
+ ret.flags = tmp.flags;
+ ret.count = be16_to_cpu(tmp.count);
+ ret.cda = be32_to_cpu(tmp.cda);
+
+ return ret;
+}
+
+static int css_interpret_ccw(SubchDev *sch, hwaddr ccw_addr)
+{
+ int ret;
+ bool check_len;
+ int len;
+ CCW1 ccw;
+
+ if (!ccw_addr) {
+ return -EIO;
+ }
+
+ ccw = copy_ccw_from_guest(ccw_addr);
+
+ /* Check for invalid command codes. */
+ if ((ccw.cmd_code & 0x0f) == 0) {
+ return -EINVAL;
+ }
+ if (((ccw.cmd_code & 0x0f) == CCW_CMD_TIC) &&
+ ((ccw.cmd_code & 0xf0) != 0)) {
+ return -EINVAL;
+ }
+
+ if (ccw.flags & CCW_FLAG_SUSPEND) {
+ return -EINPROGRESS;
+ }
+
+ check_len = !((ccw.flags & CCW_FLAG_SLI) && !(ccw.flags & CCW_FLAG_DC));
+
+ /* Look at the command. */
+ switch (ccw.cmd_code) {
+ case CCW_CMD_NOOP:
+ /* Nothing to do. */
+ ret = 0;
+ break;
+ case CCW_CMD_BASIC_SENSE:
+ if (check_len) {
+ if (ccw.count != sizeof(sch->sense_data)) {
+ ret = -EINVAL;
+ break;
+ }
+ }
+ len = MIN(ccw.count, sizeof(sch->sense_data));
+ cpu_physical_memory_write(ccw.cda, sch->sense_data, len);
+ sch->curr_status.scsw.count = ccw.count - len;
+ memset(sch->sense_data, 0, sizeof(sch->sense_data));
+ ret = 0;
+ break;
+ case CCW_CMD_SENSE_ID:
+ {
+ SenseId sense_id;
+
+ copy_sense_id_to_guest(&sense_id, &sch->id);
+ /* Sense ID information is device specific. */
+ if (check_len) {
+ if (ccw.count != sizeof(sense_id)) {
+ ret = -EINVAL;
+ break;
+ }
+ }
+ len = MIN(ccw.count, sizeof(sense_id));
+ /*
+ * Only indicate 0xff in the first sense byte if we actually
+ * have enough place to store at least bytes 0-3.
+ */
+ if (len >= 4) {
+ sense_id.reserved = 0xff;
+ } else {
+ sense_id.reserved = 0;
+ }
+ cpu_physical_memory_write(ccw.cda, &sense_id, len);
+ sch->curr_status.scsw.count = ccw.count - len;
+ ret = 0;
+ break;
+ }
+ case CCW_CMD_TIC:
+ if (sch->last_cmd_valid && (sch->last_cmd.cmd_code == CCW_CMD_TIC)) {
+ ret = -EINVAL;
+ break;
+ }
+ if (ccw.flags & (CCW_FLAG_CC | CCW_FLAG_DC)) {
+ ret = -EINVAL;
+ break;
+ }
+ sch->channel_prog = ccw.cda;
+ ret = -EAGAIN;
+ break;
+ default:
+ if (sch->ccw_cb) {
+ /* Handle device specific commands. */
+ ret = sch->ccw_cb(sch, ccw);
+ } else {
+ ret = -ENOSYS;
+ }
+ break;
+ }
+ sch->last_cmd = ccw;
+ sch->last_cmd_valid = true;
+ if (ret == 0) {
+ if (ccw.flags & CCW_FLAG_CC) {
+ sch->channel_prog += 8;
+ ret = -EAGAIN;
+ }
+ }
+
+ return ret;
+}
+
+static void sch_handle_start_func(SubchDev *sch)
+{
+
+ PMCW *p = &sch->curr_status.pmcw;
+ SCSW *s = &sch->curr_status.scsw;
+ ORB *orb = sch->orb;
+ int path;
+ int ret;
+
+ /* Path management: In our simple css, we always choose the only path. */
+ path = 0x80;
+
+ if (!(s->ctrl & SCSW_ACTL_SUSP)) {
+ /* Look at the orb and try to execute the channel program. */
+ p->intparm = orb->intparm;
+ if (!(orb->lpm & path)) {
+ /* Generate a deferred cc 3 condition. */
+ s->flags |= SCSW_FLAGS_MASK_CC;
+ s->ctrl &= ~SCSW_CTRL_MASK_STCTL;
+ s->ctrl |= (SCSW_STCTL_ALERT | SCSW_STCTL_STATUS_PEND);
+ return;
+ }
+ } else {
+ s->ctrl &= ~(SCSW_ACTL_SUSP | SCSW_ACTL_RESUME_PEND);
+ }
+ sch->last_cmd_valid = false;
+ do {
+ ret = css_interpret_ccw(sch, sch->channel_prog);
+ switch (ret) {
+ case -EAGAIN:
+ /* ccw chain, continue processing */
+ break;
+ case 0:
+ /* success */
+ s->ctrl &= ~SCSW_ACTL_START_PEND;
+ s->ctrl &= ~SCSW_CTRL_MASK_STCTL;
+ s->ctrl |= SCSW_STCTL_PRIMARY | SCSW_STCTL_SECONDARY |
+ SCSW_STCTL_STATUS_PEND;
+ s->dstat = SCSW_DSTAT_CHANNEL_END | SCSW_DSTAT_DEVICE_END;
+ break;
+ case -ENOSYS:
+ /* unsupported command, generate unit check (command reject) */
+ s->ctrl &= ~SCSW_ACTL_START_PEND;
+ s->dstat = SCSW_DSTAT_UNIT_CHECK;
+ /* Set sense bit 0 in ecw0. */
+ sch->sense_data[0] = 0x80;
+ s->ctrl &= ~SCSW_CTRL_MASK_STCTL;
+ s->ctrl |= SCSW_STCTL_PRIMARY | SCSW_STCTL_SECONDARY |
+ SCSW_STCTL_ALERT | SCSW_STCTL_STATUS_PEND;
+ break;
+ case -EFAULT:
+ /* memory problem, generate channel data check */
+ s->ctrl &= ~SCSW_ACTL_START_PEND;
+ s->cstat = SCSW_CSTAT_DATA_CHECK;
+ s->ctrl &= ~SCSW_CTRL_MASK_STCTL;
+ s->ctrl |= SCSW_STCTL_PRIMARY | SCSW_STCTL_SECONDARY |
+ SCSW_STCTL_ALERT | SCSW_STCTL_STATUS_PEND;
+ break;
+ case -EBUSY:
+ /* subchannel busy, generate deferred cc 1 */
+ s->flags &= ~SCSW_FLAGS_MASK_CC;
+ s->flags |= (1 << 8);
+ s->ctrl &= ~SCSW_CTRL_MASK_STCTL;
+ s->ctrl |= SCSW_STCTL_ALERT | SCSW_STCTL_STATUS_PEND;
+ break;
+ case -EINPROGRESS:
+ /* channel program has been suspended */
+ s->ctrl &= ~SCSW_ACTL_START_PEND;
+ s->ctrl |= SCSW_ACTL_SUSP;
+ break;
+ default:
+ /* error, generate channel program check */
+ s->ctrl &= ~SCSW_ACTL_START_PEND;
+ s->cstat = SCSW_CSTAT_PROG_CHECK;
+ s->ctrl &= ~SCSW_CTRL_MASK_STCTL;
+ s->ctrl |= SCSW_STCTL_PRIMARY | SCSW_STCTL_SECONDARY |
+ SCSW_STCTL_ALERT | SCSW_STCTL_STATUS_PEND;
+ break;
+ }
+ } while (ret == -EAGAIN);
+
+}
+
+/*
+ * On real machines, this would run asynchronously to the main vcpus.
+ * We might want to make some parts of the ssch handling (interpreting
+ * read/writes) asynchronous later on if we start supporting more than
+ * our current very simple devices.
+ */
+static void do_subchannel_work(SubchDev *sch)
+{
+
+ SCSW *s = &sch->curr_status.scsw;
+
+ if (s->ctrl & SCSW_FCTL_CLEAR_FUNC) {
+ sch_handle_clear_func(sch);
+ } else if (s->ctrl & SCSW_FCTL_HALT_FUNC) {
+ sch_handle_halt_func(sch);
+ } else if (s->ctrl & SCSW_FCTL_START_FUNC) {
+ sch_handle_start_func(sch);
+ } else {
+ /* Cannot happen. */
+ return;
+ }
+ css_inject_io_interrupt(sch);
+}
+
+static void copy_pmcw_to_guest(PMCW *dest, const PMCW *src)
+{
+ int i;
+
+ dest->intparm = cpu_to_be32(src->intparm);
+ dest->flags = cpu_to_be16(src->flags);
+ dest->devno = cpu_to_be16(src->devno);
+ dest->lpm = src->lpm;
+ dest->pnom = src->pnom;
+ dest->lpum = src->lpum;
+ dest->pim = src->pim;
+ dest->mbi = cpu_to_be16(src->mbi);
+ dest->pom = src->pom;
+ dest->pam = src->pam;
+ for (i = 0; i < ARRAY_SIZE(dest->chpid); i++) {
+ dest->chpid[i] = src->chpid[i];
+ }
+ dest->chars = cpu_to_be32(src->chars);
+}
+
+static void copy_scsw_to_guest(SCSW *dest, const SCSW *src)
+{
+ dest->flags = cpu_to_be16(src->flags);
+ dest->ctrl = cpu_to_be16(src->ctrl);
+ dest->cpa = cpu_to_be32(src->cpa);
+ dest->dstat = src->dstat;
+ dest->cstat = src->cstat;
+ dest->count = cpu_to_be16(src->count);
+}
+
+static void copy_schib_to_guest(SCHIB *dest, const SCHIB *src)
+{
+ int i;
+
+ copy_pmcw_to_guest(&dest->pmcw, &src->pmcw);
+ copy_scsw_to_guest(&dest->scsw, &src->scsw);
+ dest->mba = cpu_to_be64(src->mba);
+ for (i = 0; i < ARRAY_SIZE(dest->mda); i++) {
+ dest->mda[i] = src->mda[i];
+ }
+}
+
+int css_do_stsch(SubchDev *sch, SCHIB *schib)
+{
+ /* Use current status. */
+ copy_schib_to_guest(schib, &sch->curr_status);
+ return 0;
+}
+
+static void copy_pmcw_from_guest(PMCW *dest, const PMCW *src)
+{
+ int i;
+
+ dest->intparm = be32_to_cpu(src->intparm);
+ dest->flags = be16_to_cpu(src->flags);
+ dest->devno = be16_to_cpu(src->devno);
+ dest->lpm = src->lpm;
+ dest->pnom = src->pnom;
+ dest->lpum = src->lpum;
+ dest->pim = src->pim;
+ dest->mbi = be16_to_cpu(src->mbi);
+ dest->pom = src->pom;
+ dest->pam = src->pam;
+ for (i = 0; i < ARRAY_SIZE(dest->chpid); i++) {
+ dest->chpid[i] = src->chpid[i];
+ }
+ dest->chars = be32_to_cpu(src->chars);
+}
+
+static void copy_scsw_from_guest(SCSW *dest, const SCSW *src)
+{
+ dest->flags = be16_to_cpu(src->flags);
+ dest->ctrl = be16_to_cpu(src->ctrl);
+ dest->cpa = be32_to_cpu(src->cpa);
+ dest->dstat = src->dstat;
+ dest->cstat = src->cstat;
+ dest->count = be16_to_cpu(src->count);
+}
+
+static void copy_schib_from_guest(SCHIB *dest, const SCHIB *src)
+{
+ int i;
+
+ copy_pmcw_from_guest(&dest->pmcw, &src->pmcw);
+ copy_scsw_from_guest(&dest->scsw, &src->scsw);
+ dest->mba = be64_to_cpu(src->mba);
+ for (i = 0; i < ARRAY_SIZE(dest->mda); i++) {
+ dest->mda[i] = src->mda[i];
+ }
+}
+
+int css_do_msch(SubchDev *sch, SCHIB *orig_schib)
+{
+ SCSW *s = &sch->curr_status.scsw;
+ PMCW *p = &sch->curr_status.pmcw;
+ int ret;
+ SCHIB schib;
+
+ if (!(sch->curr_status.pmcw.flags & PMCW_FLAGS_MASK_DNV)) {
+ ret = 0;
+ goto out;
+ }
+
+ if (s->ctrl & SCSW_STCTL_STATUS_PEND) {
+ ret = -EINPROGRESS;
+ goto out;
+ }
+
+ if (s->ctrl &
+ (SCSW_FCTL_START_FUNC|SCSW_FCTL_HALT_FUNC|SCSW_FCTL_CLEAR_FUNC)) {
+ ret = -EBUSY;
+ goto out;
+ }
+
+ copy_schib_from_guest(&schib, orig_schib);
+ /* Only update the program-modifiable fields. */
+ p->intparm = schib.pmcw.intparm;
+ p->flags &= ~(PMCW_FLAGS_MASK_ISC | PMCW_FLAGS_MASK_ENA |
+ PMCW_FLAGS_MASK_LM | PMCW_FLAGS_MASK_MME |
+ PMCW_FLAGS_MASK_MP);
+ p->flags |= schib.pmcw.flags &
+ (PMCW_FLAGS_MASK_ISC | PMCW_FLAGS_MASK_ENA |
+ PMCW_FLAGS_MASK_LM | PMCW_FLAGS_MASK_MME |
+ PMCW_FLAGS_MASK_MP);
+ p->lpm = schib.pmcw.lpm;
+ p->mbi = schib.pmcw.mbi;
+ p->pom = schib.pmcw.pom;
+ p->chars &= ~(PMCW_CHARS_MASK_MBFC | PMCW_CHARS_MASK_CSENSE);
+ p->chars |= schib.pmcw.chars &
+ (PMCW_CHARS_MASK_MBFC | PMCW_CHARS_MASK_CSENSE);
+ sch->curr_status.mba = schib.mba;
+
+ ret = 0;
+
+out:
+ return ret;
+}
+
+int css_do_xsch(SubchDev *sch)
+{
+ SCSW *s = &sch->curr_status.scsw;
+ PMCW *p = &sch->curr_status.pmcw;
+ int ret;
+
+ if (!(p->flags & (PMCW_FLAGS_MASK_DNV | PMCW_FLAGS_MASK_ENA))) {
+ ret = -ENODEV;
+ goto out;
+ }
+
+ if (!(s->ctrl & SCSW_CTRL_MASK_FCTL) ||
+ ((s->ctrl & SCSW_CTRL_MASK_FCTL) != SCSW_FCTL_START_FUNC) ||
+ (!(s->ctrl &
+ (SCSW_ACTL_RESUME_PEND | SCSW_ACTL_START_PEND | SCSW_ACTL_SUSP))) ||
+ (s->ctrl & SCSW_ACTL_SUBCH_ACTIVE)) {
+ ret = -EINPROGRESS;
+ goto out;
+ }
+
+ if (s->ctrl & SCSW_CTRL_MASK_STCTL) {
+ ret = -EBUSY;
+ goto out;
+ }
+
+ /* Cancel the current operation. */
+ s->ctrl &= ~(SCSW_FCTL_START_FUNC |
+ SCSW_ACTL_RESUME_PEND |
+ SCSW_ACTL_START_PEND |
+ SCSW_ACTL_SUSP);
+ sch->channel_prog = 0x0;
+ sch->last_cmd_valid = false;
+ sch->orb = NULL;
+ s->dstat = 0;
+ s->cstat = 0;
+ ret = 0;
+
+out:
+ return ret;
+}
+
+int css_do_csch(SubchDev *sch)
+{
+ SCSW *s = &sch->curr_status.scsw;
+ PMCW *p = &sch->curr_status.pmcw;
+ int ret;
+
+ if (!(p->flags & (PMCW_FLAGS_MASK_DNV | PMCW_FLAGS_MASK_ENA))) {
+ ret = -ENODEV;
+ goto out;
+ }
+
+ /* Trigger the clear function. */
+ s->ctrl &= ~(SCSW_CTRL_MASK_FCTL | SCSW_CTRL_MASK_ACTL);
+ s->ctrl |= SCSW_FCTL_CLEAR_FUNC | SCSW_FCTL_CLEAR_FUNC;
+
+ do_subchannel_work(sch);
+ ret = 0;
+
+out:
+ return ret;
+}
+
+int css_do_hsch(SubchDev *sch)
+{
+ SCSW *s = &sch->curr_status.scsw;
+ PMCW *p = &sch->curr_status.pmcw;
+ int ret;
+
+ if (!(p->flags & (PMCW_FLAGS_MASK_DNV | PMCW_FLAGS_MASK_ENA))) {
+ ret = -ENODEV;
+ goto out;
+ }
+
+ if (((s->ctrl & SCSW_CTRL_MASK_STCTL) == SCSW_STCTL_STATUS_PEND) ||
+ (s->ctrl & (SCSW_STCTL_PRIMARY |
+ SCSW_STCTL_SECONDARY |
+ SCSW_STCTL_ALERT))) {
+ ret = -EINPROGRESS;
+ goto out;
+ }
+
+ if (s->ctrl & (SCSW_FCTL_HALT_FUNC | SCSW_FCTL_CLEAR_FUNC)) {
+ ret = -EBUSY;
+ goto out;
+ }
+
+ /* Trigger the halt function. */
+ s->ctrl |= SCSW_FCTL_HALT_FUNC;
+ s->ctrl &= ~SCSW_FCTL_START_FUNC;
+ if (((s->ctrl & SCSW_CTRL_MASK_ACTL) ==
+ (SCSW_ACTL_SUBCH_ACTIVE | SCSW_ACTL_DEVICE_ACTIVE)) &&
+ ((s->ctrl & SCSW_CTRL_MASK_STCTL) == SCSW_STCTL_INTERMEDIATE)) {
+ s->ctrl &= ~SCSW_STCTL_STATUS_PEND;
+ }
+ s->ctrl |= SCSW_ACTL_HALT_PEND;
+
+ do_subchannel_work(sch);
+ ret = 0;
+
+out:
+ return ret;
+}
+
+static void css_update_chnmon(SubchDev *sch)
+{
+ if (!(sch->curr_status.pmcw.flags & PMCW_FLAGS_MASK_MME)) {
+ /* Not active. */
+ return;
+ }
+ /* The counter is conveniently located at the beginning of the struct. */
+ if (sch->curr_status.pmcw.chars & PMCW_CHARS_MASK_MBFC) {
+ /* Format 1, per-subchannel area. */
+ uint32_t count;
+
+ count = ldl_phys(sch->curr_status.mba);
+ count++;
+ stl_phys(sch->curr_status.mba, count);
+ } else {
+ /* Format 0, global area. */
+ uint32_t offset;
+ uint16_t count;
+
+ offset = sch->curr_status.pmcw.mbi << 5;
+ count = lduw_phys(channel_subsys->chnmon_area + offset);
+ count++;
+ stw_phys(channel_subsys->chnmon_area + offset, count);
+ }
+}
+
+int css_do_ssch(SubchDev *sch, ORB *orb)
+{
+ SCSW *s = &sch->curr_status.scsw;
+ PMCW *p = &sch->curr_status.pmcw;
+ int ret;
+
+ if (!(p->flags & (PMCW_FLAGS_MASK_DNV | PMCW_FLAGS_MASK_ENA))) {
+ ret = -ENODEV;
+ goto out;
+ }
+
+ if (s->ctrl & SCSW_STCTL_STATUS_PEND) {
+ ret = -EINPROGRESS;
+ goto out;
+ }
+
+ if (s->ctrl & (SCSW_FCTL_START_FUNC |
+ SCSW_FCTL_HALT_FUNC |
+ SCSW_FCTL_CLEAR_FUNC)) {
+ ret = -EBUSY;
+ goto out;
+ }
+
+ /* If monitoring is active, update counter. */
+ if (channel_subsys->chnmon_active) {
+ css_update_chnmon(sch);
+ }
+ sch->orb = orb;
+ sch->channel_prog = orb->cpa;
+ /* Trigger the start function. */
+ s->ctrl |= (SCSW_FCTL_START_FUNC | SCSW_ACTL_START_PEND);
+ s->flags &= ~SCSW_FLAGS_MASK_PNO;
+
+ do_subchannel_work(sch);
+ ret = 0;
+
+out:
+ return ret;
+}
+
+static void copy_irb_to_guest(IRB *dest, const IRB *src)
+{
+ int i;
+
+ copy_scsw_to_guest(&dest->scsw, &src->scsw);
+
+ for (i = 0; i < ARRAY_SIZE(dest->esw); i++) {
+ dest->esw[i] = cpu_to_be32(src->esw[i]);
+ }
+ for (i = 0; i < ARRAY_SIZE(dest->ecw); i++) {
+ dest->ecw[i] = cpu_to_be32(src->ecw[i]);
+ }
+ for (i = 0; i < ARRAY_SIZE(dest->emw); i++) {
+ dest->emw[i] = cpu_to_be32(src->emw[i]);
+ }
+}
+
+int css_do_tsch(SubchDev *sch, IRB *target_irb)
+{
+ SCSW *s = &sch->curr_status.scsw;
+ PMCW *p = &sch->curr_status.pmcw;
+ uint16_t stctl;
+ uint16_t fctl;
+ uint16_t actl;
+ IRB irb;
+ int ret;
+
+ if (!(p->flags & (PMCW_FLAGS_MASK_DNV | PMCW_FLAGS_MASK_ENA))) {
+ ret = 3;
+ goto out;
+ }
+
+ stctl = s->ctrl & SCSW_CTRL_MASK_STCTL;
+ fctl = s->ctrl & SCSW_CTRL_MASK_FCTL;
+ actl = s->ctrl & SCSW_CTRL_MASK_ACTL;
+
+ /* Prepare the irb for the guest. */
+ memset(&irb, 0, sizeof(IRB));
+
+ /* Copy scsw from current status. */
+ memcpy(&irb.scsw, s, sizeof(SCSW));
+ if (stctl & SCSW_STCTL_STATUS_PEND) {
+ if (s->cstat & (SCSW_CSTAT_DATA_CHECK |
+ SCSW_CSTAT_CHN_CTRL_CHK |
+ SCSW_CSTAT_INTF_CTRL_CHK)) {
+ irb.scsw.flags |= SCSW_FLAGS_MASK_ESWF;
+ irb.esw[0] = 0x04804000;
+ } else {
+ irb.esw[0] = 0x00800000;
+ }
+ /* If a unit check is pending, copy sense data. */
+ if ((s->dstat & SCSW_DSTAT_UNIT_CHECK) &&
+ (p->chars & PMCW_CHARS_MASK_CSENSE)) {
+ irb.scsw.flags |= SCSW_FLAGS_MASK_ESWF | SCSW_FLAGS_MASK_ECTL;
+ memcpy(irb.ecw, sch->sense_data, sizeof(sch->sense_data));
+ irb.esw[1] = 0x01000000 | (sizeof(sch->sense_data) << 8);
+ }
+ }
+ /* Store the irb to the guest. */
+ copy_irb_to_guest(target_irb, &irb);
+
+ /* Clear conditions on subchannel, if applicable. */
+ if (stctl & SCSW_STCTL_STATUS_PEND) {
+ s->ctrl &= ~SCSW_CTRL_MASK_STCTL;
+ if ((stctl != (SCSW_STCTL_INTERMEDIATE | SCSW_STCTL_STATUS_PEND)) ||
+ ((fctl & SCSW_FCTL_HALT_FUNC) &&
+ (actl & SCSW_ACTL_SUSP))) {
+ s->ctrl &= ~SCSW_CTRL_MASK_FCTL;
+ }
+ if (stctl != (SCSW_STCTL_INTERMEDIATE | SCSW_STCTL_STATUS_PEND)) {
+ s->flags &= ~SCSW_FLAGS_MASK_PNO;
+ s->ctrl &= ~(SCSW_ACTL_RESUME_PEND |
+ SCSW_ACTL_START_PEND |
+ SCSW_ACTL_HALT_PEND |
+ SCSW_ACTL_CLEAR_PEND |
+ SCSW_ACTL_SUSP);
+ } else {
+ if ((actl & SCSW_ACTL_SUSP) &&
+ (fctl & SCSW_FCTL_START_FUNC)) {
+ s->flags &= ~SCSW_FLAGS_MASK_PNO;
+ if (fctl & SCSW_FCTL_HALT_FUNC) {
+ s->ctrl &= ~(SCSW_ACTL_RESUME_PEND |
+ SCSW_ACTL_START_PEND |
+ SCSW_ACTL_HALT_PEND |
+ SCSW_ACTL_CLEAR_PEND |
+ SCSW_ACTL_SUSP);
+ } else {
+ s->ctrl &= ~SCSW_ACTL_RESUME_PEND;
+ }
+ }
+ }
+ /* Clear pending sense data. */
+ if (p->chars & PMCW_CHARS_MASK_CSENSE) {
+ memset(sch->sense_data, 0 , sizeof(sch->sense_data));
+ }
+ }
+
+ ret = ((stctl & SCSW_STCTL_STATUS_PEND) == 0);
+
+out:
+ return ret;
+}
+
+static void copy_crw_to_guest(CRW *dest, const CRW *src)
+{
+ dest->flags = cpu_to_be16(src->flags);
+ dest->rsid = cpu_to_be16(src->rsid);
+}
+
+int css_do_stcrw(CRW *crw)
+{
+ CrwContainer *crw_cont;
+ int ret;
+
+ crw_cont = QTAILQ_FIRST(&channel_subsys->pending_crws);
+ if (crw_cont) {
+ QTAILQ_REMOVE(&channel_subsys->pending_crws, crw_cont, sibling);
+ copy_crw_to_guest(crw, &crw_cont->crw);
+ g_free(crw_cont);
+ ret = 0;
+ } else {
+ /* List was empty, turn crw machine checks on again. */
+ memset(crw, 0, sizeof(*crw));
+ channel_subsys->do_crw_mchk = true;
+ ret = 1;
+ }
+
+ return ret;
+}
+
+int css_do_tpi(IOIntCode *int_code, int lowcore)
+{
+ /* No pending interrupts for !KVM. */
+ return 0;
+ }
+
+int css_collect_chp_desc(int m, uint8_t cssid, uint8_t f_chpid, uint8_t l_chpid,
+ int rfmt, void *buf)
+{
+ int i, desc_size;
+ uint32_t words[8];
+ uint32_t chpid_type_word;
+ CssImage *css;
+
+ if (!m && !cssid) {
+ css = channel_subsys->css[channel_subsys->default_cssid];
+ } else {
+ css = channel_subsys->css[cssid];
+ }
+ if (!css) {
+ return 0;
+ }
+ desc_size = 0;
+ for (i = f_chpid; i <= l_chpid; i++) {
+ if (css->chpids[i].in_use) {
+ chpid_type_word = 0x80000000 | (css->chpids[i].type << 8) | i;
+ if (rfmt == 0) {
+ words[0] = cpu_to_be32(chpid_type_word);
+ words[1] = 0;
+ memcpy(buf + desc_size, words, 8);
+ desc_size += 8;
+ } else if (rfmt == 1) {
+ words[0] = cpu_to_be32(chpid_type_word);
+ words[1] = 0;
+ words[2] = 0;
+ words[3] = 0;
+ words[4] = 0;
+ words[5] = 0;
+ words[6] = 0;
+ words[7] = 0;
+ memcpy(buf + desc_size, words, 32);
+ desc_size += 32;
+ }
+ }
+ }
+ return desc_size;
+}
+
+void css_do_schm(uint8_t mbk, int update, int dct, uint64_t mbo)
+{
+ /* dct is currently ignored (not really meaningful for our devices) */
+ /* TODO: Don't ignore mbk. */
+ if (update && !channel_subsys->chnmon_active) {
+ /* Enable measuring. */
+ channel_subsys->chnmon_area = mbo;
+ channel_subsys->chnmon_active = true;
+ }
+ if (!update && channel_subsys->chnmon_active) {
+ /* Disable measuring. */
+ channel_subsys->chnmon_area = 0;
+ channel_subsys->chnmon_active = false;
+ }
+}
+
+int css_do_rsch(SubchDev *sch)
+{
+ SCSW *s = &sch->curr_status.scsw;
+ PMCW *p = &sch->curr_status.pmcw;
+ int ret;
+
+ if (!(p->flags & (PMCW_FLAGS_MASK_DNV | PMCW_FLAGS_MASK_ENA))) {
+ ret = -ENODEV;
+ goto out;
+ }
+
+ if (s->ctrl & SCSW_STCTL_STATUS_PEND) {
+ ret = -EINPROGRESS;
+ goto out;
+ }
+
+ if (((s->ctrl & SCSW_CTRL_MASK_FCTL) != SCSW_FCTL_START_FUNC) ||
+ (s->ctrl & SCSW_ACTL_RESUME_PEND) ||
+ (!(s->ctrl & SCSW_ACTL_SUSP))) {
+ ret = -EINVAL;
+ goto out;
+ }
+
+ /* If monitoring is active, update counter. */
+ if (channel_subsys->chnmon_active) {
+ css_update_chnmon(sch);
+ }
+
+ s->ctrl |= SCSW_ACTL_RESUME_PEND;
+ do_subchannel_work(sch);
+ ret = 0;
+
+out:
+ return ret;
+}
+
+int css_do_rchp(uint8_t cssid, uint8_t chpid)
+{
+ uint8_t real_cssid;
+
+ if (cssid > channel_subsys->max_cssid) {
+ return -EINVAL;
+ }
+ if (channel_subsys->max_cssid == 0) {
+ real_cssid = channel_subsys->default_cssid;
+ } else {
+ real_cssid = cssid;
+ }
+ if (!channel_subsys->css[real_cssid]) {
+ return -EINVAL;
+ }
+
+ if (!channel_subsys->css[real_cssid]->chpids[chpid].in_use) {
+ return -ENODEV;
+ }
+
+ if (!channel_subsys->css[real_cssid]->chpids[chpid].is_virtual) {
+ fprintf(stderr,
+ "rchp unsupported for non-virtual chpid %x.%02x!\n",
+ real_cssid, chpid);
+ return -ENODEV;
+ }
+
+ /* We don't really use a channel path, so we're done here. */
+ css_queue_crw(CRW_RSC_CHP, CRW_ERC_INIT,
+ channel_subsys->max_cssid > 0 ? 1 : 0, chpid);
+ if (channel_subsys->max_cssid > 0) {
+ css_queue_crw(CRW_RSC_CHP, CRW_ERC_INIT, 0, real_cssid << 8);
+ }
+ return 0;
+}
+
+bool css_schid_final(int m, uint8_t cssid, uint8_t ssid, uint16_t schid)
+{
+ SubchSet *set;
+ uint8_t real_cssid;
+
+ real_cssid = (!m && (cssid == 0)) ? channel_subsys->default_cssid : cssid;
+ if (real_cssid > MAX_CSSID || ssid > MAX_SSID ||
+ !channel_subsys->css[real_cssid] ||
+ !channel_subsys->css[real_cssid]->sch_set[ssid]) {
+ return true;
+ }
+ set = channel_subsys->css[real_cssid]->sch_set[ssid];
+ return schid > find_last_bit(set->schids_used,
+ (MAX_SCHID + 1) / sizeof(unsigned long));
+}
+
+static int css_add_virtual_chpid(uint8_t cssid, uint8_t chpid, uint8_t type)
+{
+ CssImage *css;
+
+ trace_css_chpid_add(cssid, chpid, type);
+ if (cssid > MAX_CSSID) {
+ return -EINVAL;
+ }
+ css = channel_subsys->css[cssid];
+ if (!css) {
+ return -EINVAL;
+ }
+ if (css->chpids[chpid].in_use) {
+ return -EEXIST;
+ }
+ css->chpids[chpid].in_use = 1;
+ css->chpids[chpid].type = type;
+ css->chpids[chpid].is_virtual = 1;
+
+ css_generate_chp_crws(cssid, chpid);
+
+ return 0;
+}
+
+void css_sch_build_virtual_schib(SubchDev *sch, uint8_t chpid, uint8_t type)
+{
+ PMCW *p = &sch->curr_status.pmcw;
+ SCSW *s = &sch->curr_status.scsw;
+ int i;
+ CssImage *css = channel_subsys->css[sch->cssid];
+
+ assert(css != NULL);
+ memset(p, 0, sizeof(PMCW));
+ p->flags |= PMCW_FLAGS_MASK_DNV;
+ p->devno = sch->devno;
+ /* single path */
+ p->pim = 0x80;
+ p->pom = 0xff;
+ p->pam = 0x80;
+ p->chpid[0] = chpid;
+ if (!css->chpids[chpid].in_use) {
+ css_add_virtual_chpid(sch->cssid, chpid, type);
+ }
+
+ memset(s, 0, sizeof(SCSW));
+ sch->curr_status.mba = 0;
+ for (i = 0; i < ARRAY_SIZE(sch->curr_status.mda); i++) {
+ sch->curr_status.mda[i] = 0;
+ }
+}
+
+SubchDev *css_find_subch(uint8_t m, uint8_t cssid, uint8_t ssid, uint16_t schid)
+{
+ uint8_t real_cssid;
+
+ real_cssid = (!m && (cssid == 0)) ? channel_subsys->default_cssid : cssid;
+
+ if (!channel_subsys->css[real_cssid]) {
+ return NULL;
+ }
+
+ if (!channel_subsys->css[real_cssid]->sch_set[ssid]) {
+ return NULL;
+ }
+
+ return channel_subsys->css[real_cssid]->sch_set[ssid]->sch[schid];
+}
+
+bool css_subch_visible(SubchDev *sch)
+{
+ if (sch->ssid > channel_subsys->max_ssid) {
+ return false;
+ }
+
+ if (sch->cssid != channel_subsys->default_cssid) {
+ return (channel_subsys->max_cssid > 0);
+ }
+
+ return true;
+}
+
+bool css_present(uint8_t cssid)
+{
+ return (channel_subsys->css[cssid] != NULL);
+}
+
+bool css_devno_used(uint8_t cssid, uint8_t ssid, uint16_t devno)
+{
+ if (!channel_subsys->css[cssid]) {
+ return false;
+ }
+ if (!channel_subsys->css[cssid]->sch_set[ssid]) {
+ return false;
+ }
+
+ return !!test_bit(devno,
+ channel_subsys->css[cssid]->sch_set[ssid]->devnos_used);
+}
+
+void css_subch_assign(uint8_t cssid, uint8_t ssid, uint16_t schid,
+ uint16_t devno, SubchDev *sch)
+{
+ CssImage *css;
+ SubchSet *s_set;
+
+ trace_css_assign_subch(sch ? "assign" : "deassign", cssid, ssid, schid,
+ devno);
+ if (!channel_subsys->css[cssid]) {
+ fprintf(stderr,
+ "Suspicious call to %s (%x.%x.%04x) for non-existing css!\n",
+ __func__, cssid, ssid, schid);
+ return;
+ }
+ css = channel_subsys->css[cssid];
+
+ if (!css->sch_set[ssid]) {
+ css->sch_set[ssid] = g_malloc0(sizeof(SubchSet));
+ }
+ s_set = css->sch_set[ssid];
+
+ s_set->sch[schid] = sch;
+ if (sch) {
+ set_bit(schid, s_set->schids_used);
+ set_bit(devno, s_set->devnos_used);
+ } else {
+ clear_bit(schid, s_set->schids_used);
+ clear_bit(devno, s_set->devnos_used);
+ }
+}
+
+void css_queue_crw(uint8_t rsc, uint8_t erc, int chain, uint16_t rsid)
+{
+ CrwContainer *crw_cont;
+
+ trace_css_crw(rsc, erc, rsid, chain ? "(chained)" : "");
+ /* TODO: Maybe use a static crw pool? */
+ crw_cont = g_try_malloc0(sizeof(CrwContainer));
+ if (!crw_cont) {
+ channel_subsys->crws_lost = true;
+ return;
+ }
+ crw_cont->crw.flags = (rsc << 8) | erc;
+ if (chain) {
+ crw_cont->crw.flags |= CRW_FLAGS_MASK_C;
+ }
+ crw_cont->crw.rsid = rsid;
+ if (channel_subsys->crws_lost) {
+ crw_cont->crw.flags |= CRW_FLAGS_MASK_R;
+ channel_subsys->crws_lost = false;
+ }
+
+ QTAILQ_INSERT_TAIL(&channel_subsys->pending_crws, crw_cont, sibling);
+
+ if (channel_subsys->do_crw_mchk) {
+ S390CPU *cpu = s390_cpu_addr2state(0);
+
+ channel_subsys->do_crw_mchk = false;
+ /* Inject crw pending machine check. */
+ s390_crw_mchk(cpu);
+ }
+}
+
+void css_generate_sch_crws(uint8_t cssid, uint8_t ssid, uint16_t schid,
+ int hotplugged, int add)
+{
+ uint8_t guest_cssid;
+ bool chain_crw;
+
+ if (add && !hotplugged) {
+ return;
+ }
+ if (channel_subsys->max_cssid == 0) {
+ /* Default cssid shows up as 0. */
+ guest_cssid = (cssid == channel_subsys->default_cssid) ? 0 : cssid;
+ } else {
+ /* Show real cssid to the guest. */
+ guest_cssid = cssid;
+ }
+ /*
+ * Only notify for higher subchannel sets/channel subsystems if the
+ * guest has enabled it.
+ */
+ if ((ssid > channel_subsys->max_ssid) ||
+ (guest_cssid > channel_subsys->max_cssid) ||
+ ((channel_subsys->max_cssid == 0) &&
+ (cssid != channel_subsys->default_cssid))) {
+ return;
+ }
+ chain_crw = (channel_subsys->max_ssid > 0) ||
+ (channel_subsys->max_cssid > 0);
+ css_queue_crw(CRW_RSC_SUBCH, CRW_ERC_IPI, chain_crw ? 1 : 0, schid);
+ if (chain_crw) {
+ css_queue_crw(CRW_RSC_SUBCH, CRW_ERC_IPI, 0,
+ (guest_cssid << 8) | (ssid << 4));
+ }
+}
+
+void css_generate_chp_crws(uint8_t cssid, uint8_t chpid)
+{
+ /* TODO */
+}
+
+int css_enable_mcsse(void)
+{
+ trace_css_enable_facility("mcsse");
+ channel_subsys->max_cssid = MAX_CSSID;
+ return 0;
+}
+
+int css_enable_mss(void)
+{
+ trace_css_enable_facility("mss");
+ channel_subsys->max_ssid = MAX_SSID;
+ return 0;
+}
+
+static void css_init(void)
+{
+ channel_subsys = g_malloc0(sizeof(*channel_subsys));
+ QTAILQ_INIT(&channel_subsys->pending_crws);
+ channel_subsys->do_crw_mchk = true;
+ channel_subsys->crws_lost = false;
+ channel_subsys->chnmon_active = false;
+}
+machine_init(css_init);
+
+void css_reset_sch(SubchDev *sch)
+{
+ PMCW *p = &sch->curr_status.pmcw;
+
+ p->intparm = 0;
+ p->flags &= ~(PMCW_FLAGS_MASK_ISC | PMCW_FLAGS_MASK_ENA |
+ PMCW_FLAGS_MASK_LM | PMCW_FLAGS_MASK_MME |
+ PMCW_FLAGS_MASK_MP | PMCW_FLAGS_MASK_TF);
+ p->flags |= PMCW_FLAGS_MASK_DNV;
+ p->devno = sch->devno;
+ p->pim = 0x80;
+ p->lpm = p->pim;
+ p->pnom = 0;
+ p->lpum = 0;
+ p->mbi = 0;
+ p->pom = 0xff;
+ p->pam = 0x80;
+ p->chars &= ~(PMCW_CHARS_MASK_MBFC | PMCW_CHARS_MASK_XMWME |
+ PMCW_CHARS_MASK_CSENSE);
+
+ memset(&sch->curr_status.scsw, 0, sizeof(sch->curr_status.scsw));
+ sch->curr_status.mba = 0;
+
+ sch->channel_prog = 0x0;
+ sch->last_cmd_valid = false;
+ sch->orb = NULL;
+}
+
+void css_reset(void)
+{
+ CrwContainer *crw_cont;
+
+ /* Clean up monitoring. */
+ channel_subsys->chnmon_active = false;
+ channel_subsys->chnmon_area = 0;
+
+ /* Clear pending CRWs. */
+ while ((crw_cont = QTAILQ_FIRST(&channel_subsys->pending_crws))) {
+ QTAILQ_REMOVE(&channel_subsys->pending_crws, crw_cont, sibling);
+ g_free(crw_cont);
+ }
+ channel_subsys->do_crw_mchk = true;
+ channel_subsys->crws_lost = false;
+
+ /* Reset maximum ids. */
+ channel_subsys->max_cssid = 0;
+ channel_subsys->max_ssid = 0;
+}
diff --git a/hw/s390x/css.h b/hw/s390x/css.h
new file mode 100644
index 000000000..b536ab595
--- /dev/null
+++ b/hw/s390x/css.h
@@ -0,0 +1,100 @@
+/*
+ * Channel subsystem structures and definitions.
+ *
+ * Copyright 2012 IBM Corp.
+ * Author(s): Cornelia Huck <cornelia.huck@de.ibm.com>
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or (at
+ * your option) any later version. See the COPYING file in the top-level
+ * directory.
+ */
+
+#ifndef CSS_H
+#define CSS_H
+
+#include "ioinst.h"
+
+/* Channel subsystem constants. */
+#define MAX_SCHID 65535
+#define MAX_SSID 3
+#define MAX_CSSID 254 /* 255 is reserved */
+#define MAX_CHPID 255
+
+#define MAX_CIWS 62
+
+typedef struct CIW {
+ uint8_t type;
+ uint8_t command;
+ uint16_t count;
+} QEMU_PACKED CIW;
+
+typedef struct SenseId {
+ /* common part */
+ uint8_t reserved; /* always 0x'FF' */
+ uint16_t cu_type; /* control unit type */
+ uint8_t cu_model; /* control unit model */
+ uint16_t dev_type; /* device type */
+ uint8_t dev_model; /* device model */
+ uint8_t unused; /* padding byte */
+ /* extended part */
+ CIW ciw[MAX_CIWS]; /* variable # of CIWs */
+} QEMU_PACKED SenseId;
+
+/* Channel measurements, from linux/drivers/s390/cio/cmf.c. */
+typedef struct CMB {
+ uint16_t ssch_rsch_count;
+ uint16_t sample_count;
+ uint32_t device_connect_time;
+ uint32_t function_pending_time;
+ uint32_t device_disconnect_time;
+ uint32_t control_unit_queuing_time;
+ uint32_t device_active_only_time;
+ uint32_t reserved[2];
+} QEMU_PACKED CMB;
+
+typedef struct CMBE {
+ uint32_t ssch_rsch_count;
+ uint32_t sample_count;
+ uint32_t device_connect_time;
+ uint32_t function_pending_time;
+ uint32_t device_disconnect_time;
+ uint32_t control_unit_queuing_time;
+ uint32_t device_active_only_time;
+ uint32_t device_busy_time;
+ uint32_t initial_command_response_time;
+ uint32_t reserved[7];
+} QEMU_PACKED CMBE;
+
+struct SubchDev {
+ /* channel-subsystem related things: */
+ uint8_t cssid;
+ uint8_t ssid;
+ uint16_t schid;
+ uint16_t devno;
+ SCHIB curr_status;
+ uint8_t sense_data[32];
+ hwaddr channel_prog;
+ CCW1 last_cmd;
+ bool last_cmd_valid;
+ ORB *orb;
+ /* transport-provided data: */
+ int (*ccw_cb) (SubchDev *, CCW1);
+ SenseId id;
+ void *driver_data;
+};
+
+typedef SubchDev *(*css_subch_cb_func)(uint8_t m, uint8_t cssid, uint8_t ssid,
+ uint16_t schid);
+int css_create_css_image(uint8_t cssid, bool default_image);
+bool css_devno_used(uint8_t cssid, uint8_t ssid, uint16_t devno);
+void css_subch_assign(uint8_t cssid, uint8_t ssid, uint16_t schid,
+ uint16_t devno, SubchDev *sch);
+void css_sch_build_virtual_schib(SubchDev *sch, uint8_t chpid, uint8_t type);
+uint16_t css_build_subchannel_id(SubchDev *sch);
+void css_reset(void);
+void css_reset_sch(SubchDev *sch);
+void css_queue_crw(uint8_t rsc, uint8_t erc, int chain, uint16_t rsid);
+void css_generate_sch_crws(uint8_t cssid, uint8_t ssid, uint16_t schid,
+ int hotplugged, int add);
+void css_generate_chp_crws(uint8_t cssid, uint8_t chpid);
+#endif
diff --git a/hw/s390x/event-facility.c b/hw/s390x/event-facility.c
index bc9cea9e1..0faade076 100644
--- a/hw/s390x/event-facility.c
+++ b/hw/s390x/event-facility.c
@@ -15,11 +15,11 @@
*
*/
-#include "monitor.h"
-#include "sysemu.h"
+#include "monitor/monitor.h"
+#include "sysemu/sysemu.h"
-#include "sclp.h"
-#include "event-facility.h"
+#include "hw/s390x/sclp.h"
+#include "hw/s390x/event-facility.h"
typedef struct EventTypesBus {
BusState qbus;
@@ -345,7 +345,7 @@ static void init_event_facility_class(ObjectClass *klass, void *data)
k->init = init_event_facility;
}
-static TypeInfo s390_sclp_event_facility_info = {
+static const TypeInfo s390_sclp_event_facility_info = {
.name = "s390-sclp-event-facility",
.parent = TYPE_DEVICE_S390_SCLP,
.instance_size = sizeof(S390SCLPDevice),
@@ -380,7 +380,7 @@ static void event_class_init(ObjectClass *klass, void *data)
dc->exit = event_qdev_exit;
}
-static TypeInfo s390_sclp_event_type_info = {
+static const TypeInfo s390_sclp_event_type_info = {
.name = TYPE_SCLP_EVENT,
.parent = TYPE_DEVICE,
.instance_size = sizeof(SCLPEvent),
diff --git a/hw/s390x/event-facility.h b/hw/s390x/event-facility.h
deleted file mode 100644
index 30af0a76a..000000000
--- a/hw/s390x/event-facility.h
+++ /dev/null
@@ -1,96 +0,0 @@
-/*
- * SCLP
- * Event Facility definitions
- *
- * Copyright IBM, Corp. 2012
- *
- * Authors:
- * Heinz Graalfs <graalfs@de.ibm.com>
- *
- * This work is licensed under the terms of the GNU GPL, version 2 or (at your
- * option) any later version. See the COPYING file in the top-level directory.
- *
- */
-
-#ifndef HW_S390_SCLP_EVENT_FACILITY_H
-#define HW_S390_SCLP_EVENT_FACILITY_H
-
-#include <hw/qdev.h>
-#include "qemu-thread.h"
-
-/* SCLP event types */
-#define SCLP_EVENT_ASCII_CONSOLE_DATA 0x1a
-#define SCLP_EVENT_SIGNAL_QUIESCE 0x1d
-
-/* SCLP event masks */
-#define SCLP_EVENT_MASK_SIGNAL_QUIESCE 0x00000008
-#define SCLP_EVENT_MASK_MSG_ASCII 0x00000040
-
-#define SCLP_UNCONDITIONAL_READ 0x00
-#define SCLP_SELECTIVE_READ 0x01
-
-#define TYPE_SCLP_EVENT "s390-sclp-event-type"
-#define SCLP_EVENT(obj) \
- OBJECT_CHECK(SCLPEvent, (obj), TYPE_SCLP_EVENT)
-#define SCLP_EVENT_CLASS(klass) \
- OBJECT_CLASS_CHECK(SCLPEventClass, (klass), TYPE_SCLP_EVENT)
-#define SCLP_EVENT_GET_CLASS(obj) \
- OBJECT_GET_CLASS(SCLPEventClass, (obj), TYPE_SCLP_EVENT)
-
-typedef struct WriteEventMask {
- SCCBHeader h;
- uint16_t _reserved;
- uint16_t mask_length;
- uint32_t cp_receive_mask;
- uint32_t cp_send_mask;
- uint32_t send_mask;
- uint32_t receive_mask;
-} QEMU_PACKED WriteEventMask;
-
-typedef struct EventBufferHeader {
- uint16_t length;
- uint8_t type;
- uint8_t flags;
- uint16_t _reserved;
-} QEMU_PACKED EventBufferHeader;
-
-typedef struct WriteEventData {
- SCCBHeader h;
- EventBufferHeader ebh;
-} QEMU_PACKED WriteEventData;
-
-typedef struct ReadEventData {
- SCCBHeader h;
- EventBufferHeader ebh;
- uint32_t mask;
-} QEMU_PACKED ReadEventData;
-
-typedef struct SCLPEvent {
- DeviceState qdev;
- bool event_pending;
- uint32_t event_type;
- char *name;
-} SCLPEvent;
-
-typedef struct SCLPEventClass {
- DeviceClass parent_class;
- int (*init)(SCLPEvent *event);
- int (*exit)(SCLPEvent *event);
-
- /* get SCLP's send mask */
- unsigned int (*get_send_mask)(void);
-
- /* get SCLP's receive mask */
- unsigned int (*get_receive_mask)(void);
-
- int (*read_event_data)(SCLPEvent *event, EventBufferHeader *evt_buf_hdr,
- int *slen);
-
- int (*write_event_data)(SCLPEvent *event, EventBufferHeader *evt_buf_hdr);
-
- /* returns the supported event type */
- int (*event_type)(void);
-
-} SCLPEventClass;
-
-#endif
diff --git a/hw/s390x/ipl.c b/hw/s390x/ipl.c
new file mode 100644
index 000000000..d69adb2f5
--- /dev/null
+++ b/hw/s390x/ipl.c
@@ -0,0 +1,199 @@
+/*
+ * bootloader support
+ *
+ * Copyright IBM, Corp. 2012
+ *
+ * Authors:
+ * Christian Borntraeger <borntraeger@de.ibm.com>
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or (at your
+ * option) any later version. See the COPYING file in the top-level directory.
+ *
+ */
+
+#include "sysemu/sysemu.h"
+#include "cpu.h"
+#include "elf.h"
+#include "hw/loader.h"
+#include "hw/sysbus.h"
+#include "hw/s390x/virtio-ccw.h"
+#include "hw/s390x/css.h"
+
+#define KERN_IMAGE_START 0x010000UL
+#define KERN_PARM_AREA 0x010480UL
+#define INITRD_START 0x800000UL
+#define INITRD_PARM_START 0x010408UL
+#define INITRD_PARM_SIZE 0x010410UL
+#define PARMFILE_START 0x001000UL
+#define ZIPL_IMAGE_START 0x009000UL
+#define IPL_PSW_MASK (PSW_MASK_32 | PSW_MASK_64)
+
+#define TYPE_S390_IPL "s390-ipl"
+#define S390_IPL(obj) \
+ OBJECT_CHECK(S390IPLState, (obj), TYPE_S390_IPL)
+#if 0
+#define S390_IPL_CLASS(klass) \
+ OBJECT_CLASS_CHECK(S390IPLState, (klass), TYPE_S390_IPL)
+#define S390_IPL_GET_CLASS(obj) \
+ OBJECT_GET_CLASS(S390IPLState, (obj), TYPE_S390_IPL)
+#endif
+
+typedef struct S390IPLClass {
+ /*< private >*/
+ SysBusDeviceClass parent_class;
+ /*< public >*/
+
+ void (*parent_reset) (SysBusDevice *dev);
+} S390IPLClass;
+
+typedef struct S390IPLState {
+ /*< private >*/
+ SysBusDevice parent_obj;
+ uint64_t start_addr;
+
+ /*< public >*/
+ char *kernel;
+ char *initrd;
+ char *cmdline;
+ char *firmware;
+} S390IPLState;
+
+
+static int s390_ipl_init(SysBusDevice *dev)
+{
+ S390IPLState *ipl = S390_IPL(dev);
+ ram_addr_t kernel_size = 0;
+
+ if (!ipl->kernel) {
+ ram_addr_t bios_size = 0;
+ char *bios_filename;
+
+ /* Load zipl bootloader */
+ if (bios_name == NULL) {
+ bios_name = ipl->firmware;
+ }
+
+ bios_filename = qemu_find_file(QEMU_FILE_TYPE_BIOS, bios_name);
+ if (bios_filename == NULL) {
+ hw_error("could not find stage1 bootloader\n");
+ }
+
+ bios_size = load_elf(bios_filename, NULL, NULL, &ipl->start_addr, NULL,
+ NULL, 1, ELF_MACHINE, 0);
+ if (bios_size == -1UL) {
+ bios_size = load_image_targphys(bios_filename, ZIPL_IMAGE_START,
+ 4096);
+ ipl->start_addr = ZIPL_IMAGE_START;
+ if (bios_size > 4096) {
+ hw_error("stage1 bootloader is > 4k\n");
+ }
+ }
+ g_free(bios_filename);
+
+ if ((long)bios_size < 0) {
+ hw_error("could not load bootloader '%s'\n", bios_name);
+ }
+ return 0;
+ } else {
+ kernel_size = load_elf(ipl->kernel, NULL, NULL, NULL, NULL,
+ NULL, 1, ELF_MACHINE, 0);
+ if (kernel_size == -1UL) {
+ kernel_size = load_image_targphys(ipl->kernel, 0, ram_size);
+ }
+ if (kernel_size == -1UL) {
+ fprintf(stderr, "could not load kernel '%s'\n", ipl->kernel);
+ return -1;
+ }
+ /* we have to overwrite values in the kernel image, which are "rom" */
+ strcpy(rom_ptr(KERN_PARM_AREA), ipl->cmdline);
+
+ /*
+ * we can not rely on the ELF entry point, since up to 3.2 this
+ * value was 0x800 (the SALIPL loader) and it wont work. For
+ * all (Linux) cases 0x10000 (KERN_IMAGE_START) should be fine.
+ */
+ ipl->start_addr = KERN_IMAGE_START;
+ }
+ if (ipl->initrd) {
+ ram_addr_t initrd_offset, initrd_size;
+
+ initrd_offset = INITRD_START;
+ while (kernel_size + 0x100000 > initrd_offset) {
+ initrd_offset += 0x100000;
+ }
+ initrd_size = load_image_targphys(ipl->initrd, initrd_offset,
+ ram_size - initrd_offset);
+ if (initrd_size == -1UL) {
+ fprintf(stderr, "qemu: could not load initrd '%s'\n", ipl->initrd);
+ exit(1);
+ }
+
+ /* we have to overwrite values in the kernel image, which are "rom" */
+ stq_p(rom_ptr(INITRD_PARM_START), initrd_offset);
+ stq_p(rom_ptr(INITRD_PARM_SIZE), initrd_size);
+ }
+
+ return 0;
+}
+
+static Property s390_ipl_properties[] = {
+ DEFINE_PROP_STRING("kernel", S390IPLState, kernel),
+ DEFINE_PROP_STRING("initrd", S390IPLState, initrd),
+ DEFINE_PROP_STRING("cmdline", S390IPLState, cmdline),
+ DEFINE_PROP_STRING("firmware", S390IPLState, firmware),
+ DEFINE_PROP_END_OF_LIST(),
+};
+
+static void s390_ipl_reset(DeviceState *dev)
+{
+ S390IPLState *ipl = S390_IPL(dev);
+ S390CPU *cpu = S390_CPU(qemu_get_cpu(0));
+ CPUS390XState *env = &cpu->env;
+
+ env->psw.addr = ipl->start_addr;
+ env->psw.mask = IPL_PSW_MASK;
+
+ if (!ipl->kernel) {
+ /* Tell firmware, if there is a preferred boot device */
+ env->regs[7] = -1;
+ DeviceState *dev_st = get_boot_device(0);
+ if (dev_st) {
+ VirtioCcwDevice *ccw_dev = (VirtioCcwDevice *) object_dynamic_cast(
+ OBJECT(qdev_get_parent_bus(dev_st)->parent),
+ TYPE_VIRTIO_CCW_DEVICE);
+
+ if (ccw_dev) {
+ env->regs[7] = ccw_dev->sch->cssid << 24 |
+ ccw_dev->sch->ssid << 16 |
+ ccw_dev->sch->devno;
+ }
+ }
+ }
+
+ s390_add_running_cpu(cpu);
+}
+
+static void s390_ipl_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
+
+ k->init = s390_ipl_init;
+ dc->props = s390_ipl_properties;
+ dc->reset = s390_ipl_reset;
+ dc->no_user = 1;
+}
+
+static const TypeInfo s390_ipl_info = {
+ .class_init = s390_ipl_class_init,
+ .parent = TYPE_SYS_BUS_DEVICE,
+ .name = "s390-ipl",
+ .instance_size = sizeof(S390IPLState),
+};
+
+static void s390_ipl_register_types(void)
+{
+ type_register_static(&s390_ipl_info);
+}
+
+type_init(s390_ipl_register_types)
diff --git a/hw/s390x/s390-virtio-bus.c b/hw/s390x/s390-virtio-bus.c
new file mode 100644
index 000000000..f0aa9414f
--- /dev/null
+++ b/hw/s390x/s390-virtio-bus.c
@@ -0,0 +1,738 @@
+/*
+ * QEMU S390 virtio target
+ *
+ * Copyright (c) 2009 Alexander Graf <agraf@suse.de>
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "hw/hw.h"
+#include "block/block.h"
+#include "sysemu/sysemu.h"
+#include "hw/boards.h"
+#include "monitor/monitor.h"
+#include "hw/loader.h"
+#include "elf.h"
+#include "hw/virtio/virtio.h"
+#include "hw/virtio/virtio-rng.h"
+#include "hw/virtio/virtio-serial.h"
+#include "hw/virtio/virtio-net.h"
+#include "hw/virtio/vhost-scsi.h"
+#include "hw/sysbus.h"
+#include "sysemu/kvm.h"
+
+#include "hw/s390x/s390-virtio-bus.h"
+#include "hw/virtio/virtio-bus.h"
+
+/* #define DEBUG_S390 */
+
+#ifdef DEBUG_S390
+#define DPRINTF(fmt, ...) \
+ do { fprintf(stderr, fmt, ## __VA_ARGS__); } while (0)
+#else
+#define DPRINTF(fmt, ...) \
+ do { } while (0)
+#endif
+
+#define VIRTIO_EXT_CODE 0x2603
+
+static void virtio_s390_bus_new(VirtioBusState *bus, VirtIOS390Device *dev);
+
+static const TypeInfo s390_virtio_bus_info = {
+ .name = TYPE_S390_VIRTIO_BUS,
+ .parent = TYPE_BUS,
+ .instance_size = sizeof(VirtIOS390Bus),
+};
+
+static ram_addr_t s390_virtio_device_num_vq(VirtIOS390Device *dev);
+
+/* length of VirtIO device pages */
+const hwaddr virtio_size = S390_DEVICE_PAGES * TARGET_PAGE_SIZE;
+
+static void s390_virtio_bus_reset(void *opaque)
+{
+ VirtIOS390Bus *bus = opaque;
+ bus->next_ring = bus->dev_page + TARGET_PAGE_SIZE;
+}
+
+void s390_virtio_reset_idx(VirtIOS390Device *dev)
+{
+ int i;
+ hwaddr idx_addr;
+ uint8_t num_vq;
+
+ num_vq = s390_virtio_device_num_vq(dev);
+ for (i = 0; i < num_vq; i++) {
+ idx_addr = virtio_queue_get_avail_addr(dev->vdev, i) +
+ VIRTIO_VRING_AVAIL_IDX_OFFS;
+ stw_phys(idx_addr, 0);
+ idx_addr = virtio_queue_get_used_addr(dev->vdev, i) +
+ VIRTIO_VRING_USED_IDX_OFFS;
+ stw_phys(idx_addr, 0);
+ }
+}
+
+VirtIOS390Bus *s390_virtio_bus_init(ram_addr_t *ram_size)
+{
+ VirtIOS390Bus *bus;
+ BusState *_bus;
+ DeviceState *dev;
+
+ /* Create bridge device */
+ dev = qdev_create(NULL, "s390-virtio-bridge");
+ qdev_init_nofail(dev);
+
+ /* Create bus on bridge device */
+
+ _bus = qbus_create(TYPE_S390_VIRTIO_BUS, dev, "s390-virtio");
+ bus = DO_UPCAST(VirtIOS390Bus, bus, _bus);
+
+ bus->dev_page = *ram_size;
+ bus->dev_offs = bus->dev_page;
+ bus->next_ring = bus->dev_page + TARGET_PAGE_SIZE;
+
+ /* Enable hotplugging */
+ _bus->allow_hotplug = 1;
+
+ /* Allocate RAM for VirtIO device pages (descriptors, queues, rings) */
+ *ram_size += S390_DEVICE_PAGES * TARGET_PAGE_SIZE;
+
+ qemu_register_reset(s390_virtio_bus_reset, bus);
+ return bus;
+}
+
+static void s390_virtio_irq(S390CPU *cpu, int config_change, uint64_t token)
+{
+ if (kvm_enabled()) {
+ kvm_s390_virtio_irq(cpu, config_change, token);
+ } else {
+ cpu_inject_ext(cpu, VIRTIO_EXT_CODE, config_change, token);
+ }
+}
+
+static int s390_virtio_device_init(VirtIOS390Device *dev, VirtIODevice *vdev)
+{
+ VirtIOS390Bus *bus;
+ int dev_len;
+
+ bus = DO_UPCAST(VirtIOS390Bus, bus, dev->qdev.parent_bus);
+ dev->vdev = vdev;
+ dev->dev_offs = bus->dev_offs;
+ dev->feat_len = sizeof(uint32_t); /* always keep 32 bits features */
+
+ dev_len = VIRTIO_DEV_OFFS_CONFIG;
+ dev_len += s390_virtio_device_num_vq(dev) * VIRTIO_VQCONFIG_LEN;
+ dev_len += dev->feat_len * 2;
+ dev_len += virtio_bus_get_vdev_config_len(&dev->bus);
+
+ bus->dev_offs += dev_len;
+
+ dev->host_features = virtio_bus_get_vdev_features(&dev->bus,
+ dev->host_features);
+ s390_virtio_device_sync(dev);
+ s390_virtio_reset_idx(dev);
+ if (dev->qdev.hotplugged) {
+ S390CPU *cpu = s390_cpu_addr2state(0);
+ s390_virtio_irq(cpu, VIRTIO_PARAM_DEV_ADD, dev->dev_offs);
+ }
+
+ return 0;
+}
+
+static int s390_virtio_net_init(VirtIOS390Device *s390_dev)
+{
+ DeviceState *qdev = DEVICE(s390_dev);
+ VirtIONetS390 *dev = VIRTIO_NET_S390(s390_dev);
+ DeviceState *vdev = DEVICE(&dev->vdev);
+
+ virtio_net_set_config_size(&dev->vdev, s390_dev->host_features);
+ virtio_net_set_netclient_name(&dev->vdev, qdev->id,
+ object_get_typename(OBJECT(qdev)));
+ qdev_set_parent_bus(vdev, BUS(&s390_dev->bus));
+ if (qdev_init(vdev) < 0) {
+ return -1;
+ }
+
+ return s390_virtio_device_init(s390_dev, VIRTIO_DEVICE(vdev));
+}
+
+static void s390_virtio_net_instance_init(Object *obj)
+{
+ VirtIONetS390 *dev = VIRTIO_NET_S390(obj);
+ object_initialize(OBJECT(&dev->vdev), TYPE_VIRTIO_NET);
+ object_property_add_child(obj, "virtio-backend", OBJECT(&dev->vdev), NULL);
+}
+
+static int s390_virtio_blk_init(VirtIOS390Device *s390_dev)
+{
+ VirtIOBlkS390 *dev = VIRTIO_BLK_S390(s390_dev);
+ DeviceState *vdev = DEVICE(&dev->vdev);
+ virtio_blk_set_conf(vdev, &(dev->blk));
+ qdev_set_parent_bus(vdev, BUS(&s390_dev->bus));
+ if (qdev_init(vdev) < 0) {
+ return -1;
+ }
+ return s390_virtio_device_init(s390_dev, VIRTIO_DEVICE(vdev));
+}
+
+static void s390_virtio_blk_instance_init(Object *obj)
+{
+ VirtIOBlkS390 *dev = VIRTIO_BLK_S390(obj);
+ object_initialize(OBJECT(&dev->vdev), TYPE_VIRTIO_BLK);
+ object_property_add_child(obj, "virtio-backend", OBJECT(&dev->vdev), NULL);
+}
+
+static int s390_virtio_serial_init(VirtIOS390Device *s390_dev)
+{
+ VirtIOSerialS390 *dev = VIRTIO_SERIAL_S390(s390_dev);
+ DeviceState *vdev = DEVICE(&dev->vdev);
+ DeviceState *qdev = DEVICE(s390_dev);
+ VirtIOS390Bus *bus;
+ int r;
+ char *bus_name;
+
+ bus = DO_UPCAST(VirtIOS390Bus, bus, qdev->parent_bus);
+
+ /*
+ * For command line compatibility, this sets the virtio-serial-device bus
+ * name as before.
+ */
+ if (qdev->id) {
+ bus_name = g_strdup_printf("%s.0", qdev->id);
+ virtio_device_set_child_bus_name(VIRTIO_DEVICE(vdev), bus_name);
+ g_free(bus_name);
+ }
+
+ qdev_set_parent_bus(vdev, BUS(&s390_dev->bus));
+ if (qdev_init(vdev) < 0) {
+ return -1;
+ }
+
+ r = s390_virtio_device_init(s390_dev, VIRTIO_DEVICE(vdev));
+ if (!r) {
+ bus->console = s390_dev;
+ }
+
+ return r;
+}
+
+static void s390_virtio_serial_instance_init(Object *obj)
+{
+ VirtIOSerialS390 *dev = VIRTIO_SERIAL_S390(obj);
+ object_initialize(OBJECT(&dev->vdev), TYPE_VIRTIO_SERIAL);
+ object_property_add_child(obj, "virtio-backend", OBJECT(&dev->vdev), NULL);
+}
+
+static int s390_virtio_scsi_init(VirtIOS390Device *s390_dev)
+{
+ VirtIOSCSIS390 *dev = VIRTIO_SCSI_S390(s390_dev);
+ DeviceState *vdev = DEVICE(&dev->vdev);
+ DeviceState *qdev = DEVICE(s390_dev);
+ char *bus_name;
+
+ /*
+ * For command line compatibility, this sets the virtio-scsi-device bus
+ * name as before.
+ */
+ if (qdev->id) {
+ bus_name = g_strdup_printf("%s.0", qdev->id);
+ virtio_device_set_child_bus_name(VIRTIO_DEVICE(vdev), bus_name);
+ g_free(bus_name);
+ }
+
+ qdev_set_parent_bus(vdev, BUS(&s390_dev->bus));
+ if (qdev_init(vdev) < 0) {
+ return -1;
+ }
+
+ return s390_virtio_device_init(s390_dev, VIRTIO_DEVICE(vdev));
+}
+
+static void s390_virtio_scsi_instance_init(Object *obj)
+{
+ VirtIOSCSIS390 *dev = VIRTIO_SCSI_S390(obj);
+ object_initialize(OBJECT(&dev->vdev), TYPE_VIRTIO_SCSI);
+ object_property_add_child(obj, "virtio-backend", OBJECT(&dev->vdev), NULL);
+}
+
+#ifdef CONFIG_VHOST_SCSI
+static int s390_vhost_scsi_init(VirtIOS390Device *s390_dev)
+{
+ VHostSCSIS390 *dev = VHOST_SCSI_S390(s390_dev);
+ DeviceState *vdev = DEVICE(&dev->vdev);
+
+ qdev_set_parent_bus(vdev, BUS(&s390_dev->bus));
+ if (qdev_init(vdev) < 0) {
+ return -1;
+ }
+
+ return s390_virtio_device_init(s390_dev, VIRTIO_DEVICE(vdev));
+}
+
+static void s390_vhost_scsi_instance_init(Object *obj)
+{
+ VHostSCSIS390 *dev = VHOST_SCSI_S390(obj);
+ object_initialize(OBJECT(&dev->vdev), TYPE_VHOST_SCSI);
+ object_property_add_child(obj, "virtio-backend", OBJECT(&dev->vdev), NULL);
+}
+#endif
+
+
+static int s390_virtio_rng_init(VirtIOS390Device *s390_dev)
+{
+ VirtIORNGS390 *dev = VIRTIO_RNG_S390(s390_dev);
+ DeviceState *vdev = DEVICE(&dev->vdev);
+
+ qdev_set_parent_bus(vdev, BUS(&s390_dev->bus));
+ if (qdev_init(vdev) < 0) {
+ return -1;
+ }
+
+ object_property_set_link(OBJECT(dev),
+ OBJECT(dev->vdev.conf.rng), "rng",
+ NULL);
+
+ return s390_virtio_device_init(s390_dev, VIRTIO_DEVICE(vdev));
+}
+
+static void s390_virtio_rng_instance_init(Object *obj)
+{
+ VirtIORNGS390 *dev = VIRTIO_RNG_S390(obj);
+ object_initialize(OBJECT(&dev->vdev), TYPE_VIRTIO_RNG);
+ object_property_add_child(obj, "virtio-backend", OBJECT(&dev->vdev), NULL);
+ object_property_add_link(obj, "rng", TYPE_RNG_BACKEND,
+ (Object **)&dev->vdev.conf.rng, NULL);
+}
+
+static uint64_t s390_virtio_device_vq_token(VirtIOS390Device *dev, int vq)
+{
+ ram_addr_t token_off;
+
+ token_off = (dev->dev_offs + VIRTIO_DEV_OFFS_CONFIG) +
+ (vq * VIRTIO_VQCONFIG_LEN) +
+ VIRTIO_VQCONFIG_OFFS_TOKEN;
+
+ return ldq_be_phys(token_off);
+}
+
+static ram_addr_t s390_virtio_device_num_vq(VirtIOS390Device *dev)
+{
+ VirtIODevice *vdev = dev->vdev;
+ int num_vq;
+
+ for (num_vq = 0; num_vq < VIRTIO_PCI_QUEUE_MAX; num_vq++) {
+ if (!virtio_queue_get_num(vdev, num_vq)) {
+ break;
+ }
+ }
+
+ return num_vq;
+}
+
+static ram_addr_t s390_virtio_next_ring(VirtIOS390Bus *bus)
+{
+ ram_addr_t r = bus->next_ring;
+
+ bus->next_ring += VIRTIO_RING_LEN;
+ return r;
+}
+
+void s390_virtio_device_sync(VirtIOS390Device *dev)
+{
+ VirtIOS390Bus *bus = DO_UPCAST(VirtIOS390Bus, bus, dev->qdev.parent_bus);
+ ram_addr_t cur_offs;
+ uint8_t num_vq;
+ int i;
+
+ virtio_reset(dev->vdev);
+
+ /* Sync dev space */
+ stb_phys(dev->dev_offs + VIRTIO_DEV_OFFS_TYPE, dev->vdev->device_id);
+
+ stb_phys(dev->dev_offs + VIRTIO_DEV_OFFS_NUM_VQ, s390_virtio_device_num_vq(dev));
+ stb_phys(dev->dev_offs + VIRTIO_DEV_OFFS_FEATURE_LEN, dev->feat_len);
+
+ stb_phys(dev->dev_offs + VIRTIO_DEV_OFFS_CONFIG_LEN, dev->vdev->config_len);
+
+ num_vq = s390_virtio_device_num_vq(dev);
+ stb_phys(dev->dev_offs + VIRTIO_DEV_OFFS_NUM_VQ, num_vq);
+
+ /* Sync virtqueues */
+ for (i = 0; i < num_vq; i++) {
+ ram_addr_t vq = (dev->dev_offs + VIRTIO_DEV_OFFS_CONFIG) +
+ (i * VIRTIO_VQCONFIG_LEN);
+ ram_addr_t vring;
+
+ vring = s390_virtio_next_ring(bus);
+ virtio_queue_set_addr(dev->vdev, i, vring);
+ virtio_queue_set_vector(dev->vdev, i, i);
+ stq_be_phys(vq + VIRTIO_VQCONFIG_OFFS_ADDRESS, vring);
+ stw_be_phys(vq + VIRTIO_VQCONFIG_OFFS_NUM, virtio_queue_get_num(dev->vdev, i));
+ }
+
+ cur_offs = dev->dev_offs;
+ cur_offs += VIRTIO_DEV_OFFS_CONFIG;
+ cur_offs += num_vq * VIRTIO_VQCONFIG_LEN;
+
+ /* Sync feature bitmap */
+ stl_le_phys(cur_offs, dev->host_features);
+
+ dev->feat_offs = cur_offs + dev->feat_len;
+ cur_offs += dev->feat_len * 2;
+
+ /* Sync config space */
+ virtio_bus_get_vdev_config(&dev->bus, dev->vdev->config);
+
+ cpu_physical_memory_write(cur_offs,
+ dev->vdev->config, dev->vdev->config_len);
+ cur_offs += dev->vdev->config_len;
+}
+
+void s390_virtio_device_update_status(VirtIOS390Device *dev)
+{
+ VirtIODevice *vdev = dev->vdev;
+ uint32_t features;
+
+ virtio_set_status(vdev, ldub_phys(dev->dev_offs + VIRTIO_DEV_OFFS_STATUS));
+
+ /* Update guest supported feature bitmap */
+
+ features = bswap32(ldl_be_phys(dev->feat_offs));
+ virtio_set_features(vdev, features);
+}
+
+VirtIOS390Device *s390_virtio_bus_console(VirtIOS390Bus *bus)
+{
+ return bus->console;
+}
+
+/* Find a device by vring address */
+VirtIOS390Device *s390_virtio_bus_find_vring(VirtIOS390Bus *bus,
+ ram_addr_t mem,
+ int *vq_num)
+{
+ BusChild *kid;
+ int i;
+
+ QTAILQ_FOREACH(kid, &bus->bus.children, sibling) {
+ VirtIOS390Device *dev = (VirtIOS390Device *)kid->child;
+
+ for(i = 0; i < VIRTIO_PCI_QUEUE_MAX; i++) {
+ if (!virtio_queue_get_addr(dev->vdev, i))
+ break;
+ if (virtio_queue_get_addr(dev->vdev, i) == mem) {
+ if (vq_num) {
+ *vq_num = i;
+ }
+ return dev;
+ }
+ }
+ }
+
+ return NULL;
+}
+
+/* Find a device by device descriptor location */
+VirtIOS390Device *s390_virtio_bus_find_mem(VirtIOS390Bus *bus, ram_addr_t mem)
+{
+ BusChild *kid;
+
+ QTAILQ_FOREACH(kid, &bus->bus.children, sibling) {
+ VirtIOS390Device *dev = (VirtIOS390Device *)kid->child;
+ if (dev->dev_offs == mem) {
+ return dev;
+ }
+ }
+
+ return NULL;
+}
+
+/* DeviceState to VirtIOS390Device. Note: used on datapath,
+ * be careful and test performance if you change this.
+ */
+static inline VirtIOS390Device *to_virtio_s390_device_fast(DeviceState *d)
+{
+ return container_of(d, VirtIOS390Device, qdev);
+}
+
+/* DeviceState to VirtIOS390Device. TODO: use QOM. */
+static inline VirtIOS390Device *to_virtio_s390_device(DeviceState *d)
+{
+ return container_of(d, VirtIOS390Device, qdev);
+}
+
+static void virtio_s390_notify(DeviceState *d, uint16_t vector)
+{
+ VirtIOS390Device *dev = to_virtio_s390_device_fast(d);
+ uint64_t token = s390_virtio_device_vq_token(dev, vector);
+ S390CPU *cpu = s390_cpu_addr2state(0);
+
+ s390_virtio_irq(cpu, 0, token);
+}
+
+static unsigned virtio_s390_get_features(DeviceState *d)
+{
+ VirtIOS390Device *dev = to_virtio_s390_device(d);
+ return dev->host_features;
+}
+
+/**************** S390 Virtio Bus Device Descriptions *******************/
+
+static Property s390_virtio_net_properties[] = {
+ DEFINE_NIC_PROPERTIES(VirtIONetS390, vdev.nic_conf),
+ DEFINE_VIRTIO_NET_FEATURES(VirtIOS390Device, host_features),
+ DEFINE_VIRTIO_NET_PROPERTIES(VirtIONetS390, vdev.net_conf),
+ DEFINE_PROP_END_OF_LIST(),
+};
+
+static void s390_virtio_net_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ VirtIOS390DeviceClass *k = VIRTIO_S390_DEVICE_CLASS(klass);
+
+ k->init = s390_virtio_net_init;
+ dc->props = s390_virtio_net_properties;
+}
+
+static const TypeInfo s390_virtio_net = {
+ .name = TYPE_VIRTIO_NET_S390,
+ .parent = TYPE_VIRTIO_S390_DEVICE,
+ .instance_size = sizeof(VirtIONetS390),
+ .instance_init = s390_virtio_net_instance_init,
+ .class_init = s390_virtio_net_class_init,
+};
+
+static Property s390_virtio_blk_properties[] = {
+ DEFINE_VIRTIO_BLK_PROPERTIES(VirtIOBlkS390, blk),
+ DEFINE_PROP_END_OF_LIST(),
+};
+
+static void s390_virtio_blk_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ VirtIOS390DeviceClass *k = VIRTIO_S390_DEVICE_CLASS(klass);
+
+ k->init = s390_virtio_blk_init;
+ dc->props = s390_virtio_blk_properties;
+}
+
+static const TypeInfo s390_virtio_blk = {
+ .name = "virtio-blk-s390",
+ .parent = TYPE_VIRTIO_S390_DEVICE,
+ .instance_size = sizeof(VirtIOBlkS390),
+ .instance_init = s390_virtio_blk_instance_init,
+ .class_init = s390_virtio_blk_class_init,
+};
+
+static Property s390_virtio_serial_properties[] = {
+ DEFINE_VIRTIO_SERIAL_PROPERTIES(VirtIOSerialS390, vdev.serial),
+ DEFINE_PROP_END_OF_LIST(),
+};
+
+static void s390_virtio_serial_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ VirtIOS390DeviceClass *k = VIRTIO_S390_DEVICE_CLASS(klass);
+
+ k->init = s390_virtio_serial_init;
+ dc->props = s390_virtio_serial_properties;
+}
+
+static const TypeInfo s390_virtio_serial = {
+ .name = TYPE_VIRTIO_SERIAL_S390,
+ .parent = TYPE_VIRTIO_S390_DEVICE,
+ .instance_size = sizeof(VirtIOSerialS390),
+ .instance_init = s390_virtio_serial_instance_init,
+ .class_init = s390_virtio_serial_class_init,
+};
+
+static Property s390_virtio_rng_properties[] = {
+ DEFINE_VIRTIO_COMMON_FEATURES(VirtIOS390Device, host_features),
+ DEFINE_VIRTIO_RNG_PROPERTIES(VirtIORNGS390, vdev.conf),
+ DEFINE_PROP_END_OF_LIST(),
+};
+
+static void s390_virtio_rng_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ VirtIOS390DeviceClass *k = VIRTIO_S390_DEVICE_CLASS(klass);
+
+ k->init = s390_virtio_rng_init;
+ dc->props = s390_virtio_rng_properties;
+}
+
+static const TypeInfo s390_virtio_rng = {
+ .name = TYPE_VIRTIO_RNG_S390,
+ .parent = TYPE_VIRTIO_S390_DEVICE,
+ .instance_size = sizeof(VirtIORNGS390),
+ .instance_init = s390_virtio_rng_instance_init,
+ .class_init = s390_virtio_rng_class_init,
+};
+
+static int s390_virtio_busdev_init(DeviceState *dev)
+{
+ VirtIOS390Device *_dev = (VirtIOS390Device *)dev;
+ VirtIOS390DeviceClass *_info = VIRTIO_S390_DEVICE_GET_CLASS(dev);
+
+ virtio_s390_bus_new(&_dev->bus, _dev);
+
+ return _info->init(_dev);
+}
+
+static void s390_virtio_busdev_reset(DeviceState *dev)
+{
+ VirtIOS390Device *_dev = (VirtIOS390Device *)dev;
+
+ virtio_reset(_dev->vdev);
+}
+
+static void virtio_s390_device_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+
+ dc->init = s390_virtio_busdev_init;
+ dc->bus_type = TYPE_S390_VIRTIO_BUS;
+ dc->unplug = qdev_simple_unplug_cb;
+ dc->reset = s390_virtio_busdev_reset;
+}
+
+static const TypeInfo virtio_s390_device_info = {
+ .name = TYPE_VIRTIO_S390_DEVICE,
+ .parent = TYPE_DEVICE,
+ .instance_size = sizeof(VirtIOS390Device),
+ .class_init = virtio_s390_device_class_init,
+ .class_size = sizeof(VirtIOS390DeviceClass),
+ .abstract = true,
+};
+
+static Property s390_virtio_scsi_properties[] = {
+ DEFINE_VIRTIO_SCSI_PROPERTIES(VirtIOSCSIS390, vdev.parent_obj.conf),
+ DEFINE_VIRTIO_SCSI_FEATURES(VirtIOS390Device, host_features),
+ DEFINE_PROP_END_OF_LIST(),
+};
+
+static void s390_virtio_scsi_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ VirtIOS390DeviceClass *k = VIRTIO_S390_DEVICE_CLASS(klass);
+
+ k->init = s390_virtio_scsi_init;
+ dc->props = s390_virtio_scsi_properties;
+}
+
+static const TypeInfo s390_virtio_scsi = {
+ .name = TYPE_VIRTIO_SCSI_S390,
+ .parent = TYPE_VIRTIO_S390_DEVICE,
+ .instance_size = sizeof(VirtIOSCSIS390),
+ .instance_init = s390_virtio_scsi_instance_init,
+ .class_init = s390_virtio_scsi_class_init,
+};
+
+#ifdef CONFIG_VHOST_SCSI
+static Property s390_vhost_scsi_properties[] = {
+ DEFINE_VIRTIO_COMMON_FEATURES(VirtIOS390Device, host_features),
+ DEFINE_VHOST_SCSI_PROPERTIES(VHostSCSIS390, vdev.parent_obj.conf),
+ DEFINE_PROP_END_OF_LIST(),
+};
+
+static void s390_vhost_scsi_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ VirtIOS390DeviceClass *k = VIRTIO_S390_DEVICE_CLASS(klass);
+
+ k->init = s390_vhost_scsi_init;
+ dc->props = s390_vhost_scsi_properties;
+}
+
+static const TypeInfo s390_vhost_scsi = {
+ .name = TYPE_VHOST_SCSI_S390,
+ .parent = TYPE_VIRTIO_S390_DEVICE,
+ .instance_size = sizeof(VHostSCSIS390),
+ .instance_init = s390_vhost_scsi_instance_init,
+ .class_init = s390_vhost_scsi_class_init,
+};
+#endif
+
+/***************** S390 Virtio Bus Bridge Device *******************/
+/* Only required to have the virtio bus as child in the system bus */
+
+static int s390_virtio_bridge_init(SysBusDevice *dev)
+{
+ /* nothing */
+ return 0;
+}
+
+static void s390_virtio_bridge_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
+
+ k->init = s390_virtio_bridge_init;
+ dc->no_user = 1;
+}
+
+static const TypeInfo s390_virtio_bridge_info = {
+ .name = "s390-virtio-bridge",
+ .parent = TYPE_SYS_BUS_DEVICE,
+ .instance_size = sizeof(SysBusDevice),
+ .class_init = s390_virtio_bridge_class_init,
+};
+
+/* virtio-s390-bus */
+
+static void virtio_s390_bus_new(VirtioBusState *bus, VirtIOS390Device *dev)
+{
+ DeviceState *qdev = DEVICE(dev);
+ BusState *qbus;
+ char virtio_bus_name[] = "virtio-bus";
+
+ qbus_create_inplace((BusState *)bus, TYPE_VIRTIO_S390_BUS, qdev,
+ virtio_bus_name);
+ qbus = BUS(bus);
+ qbus->allow_hotplug = 1;
+}
+
+static void virtio_s390_bus_class_init(ObjectClass *klass, void *data)
+{
+ VirtioBusClass *k = VIRTIO_BUS_CLASS(klass);
+ BusClass *bus_class = BUS_CLASS(klass);
+ bus_class->max_dev = 1;
+ k->notify = virtio_s390_notify;
+ k->get_features = virtio_s390_get_features;
+}
+
+static const TypeInfo virtio_s390_bus_info = {
+ .name = TYPE_VIRTIO_S390_BUS,
+ .parent = TYPE_VIRTIO_BUS,
+ .instance_size = sizeof(VirtioS390BusState),
+ .class_init = virtio_s390_bus_class_init,
+};
+
+static void s390_virtio_register_types(void)
+{
+ type_register_static(&virtio_s390_bus_info);
+ type_register_static(&s390_virtio_bus_info);
+ type_register_static(&virtio_s390_device_info);
+ type_register_static(&s390_virtio_serial);
+ type_register_static(&s390_virtio_blk);
+ type_register_static(&s390_virtio_net);
+ type_register_static(&s390_virtio_scsi);
+#ifdef CONFIG_VHOST_SCSI
+ type_register_static(&s390_vhost_scsi);
+#endif
+ type_register_static(&s390_virtio_rng);
+ type_register_static(&s390_virtio_bridge_info);
+}
+
+type_init(s390_virtio_register_types)
diff --git a/hw/s390x/s390-virtio-bus.h b/hw/s390x/s390-virtio-bus.h
new file mode 100644
index 000000000..ac81bd89e
--- /dev/null
+++ b/hw/s390x/s390-virtio-bus.h
@@ -0,0 +1,187 @@
+/*
+ * QEMU S390x VirtIO BUS definitions
+ *
+ * Copyright (c) 2009 Alexander Graf <agraf@suse.de>
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, see <http://www.gnu.org/licenses/>.
+ */
+#ifndef HW_S390_VIRTIO_BUS_H
+#define HW_S390_VIRTIO_BUS_H 1
+
+#include "hw/virtio/virtio-blk.h"
+#include "hw/virtio/virtio-net.h"
+#include "hw/virtio/virtio-rng.h"
+#include "hw/virtio/virtio-serial.h"
+#include "hw/virtio/virtio-scsi.h"
+#include "hw/virtio/virtio-bus.h"
+#ifdef CONFIG_VHOST_SCSI
+#include "hw/virtio/vhost-scsi.h"
+#endif
+
+#define VIRTIO_DEV_OFFS_TYPE 0 /* 8 bits */
+#define VIRTIO_DEV_OFFS_NUM_VQ 1 /* 8 bits */
+#define VIRTIO_DEV_OFFS_FEATURE_LEN 2 /* 8 bits */
+#define VIRTIO_DEV_OFFS_CONFIG_LEN 3 /* 8 bits */
+#define VIRTIO_DEV_OFFS_STATUS 4 /* 8 bits */
+#define VIRTIO_DEV_OFFS_CONFIG 5 /* dynamic */
+
+#define VIRTIO_VQCONFIG_OFFS_TOKEN 0 /* 64 bits */
+#define VIRTIO_VQCONFIG_OFFS_ADDRESS 8 /* 64 bits */
+#define VIRTIO_VQCONFIG_OFFS_NUM 16 /* 16 bits */
+#define VIRTIO_VQCONFIG_LEN 24
+
+#define VIRTIO_RING_LEN (TARGET_PAGE_SIZE * 3)
+#define VIRTIO_VRING_AVAIL_IDX_OFFS 2
+#define VIRTIO_VRING_USED_IDX_OFFS 2
+#define S390_DEVICE_PAGES 512
+
+#define VIRTIO_PARAM_MASK 0xff
+#define VIRTIO_PARAM_VRING_INTERRUPT 0x0
+#define VIRTIO_PARAM_CONFIG_CHANGED 0x1
+#define VIRTIO_PARAM_DEV_ADD 0x2
+
+#define TYPE_VIRTIO_S390_DEVICE "virtio-s390-device"
+#define VIRTIO_S390_DEVICE(obj) \
+ OBJECT_CHECK(VirtIOS390Device, (obj), TYPE_VIRTIO_S390_DEVICE)
+#define VIRTIO_S390_DEVICE_CLASS(klass) \
+ OBJECT_CLASS_CHECK(VirtIOS390DeviceClass, (klass), TYPE_VIRTIO_S390_DEVICE)
+#define VIRTIO_S390_DEVICE_GET_CLASS(obj) \
+ OBJECT_GET_CLASS(VirtIOS390DeviceClass, (obj), TYPE_VIRTIO_S390_DEVICE)
+
+#define TYPE_S390_VIRTIO_BUS "s390-virtio-bus"
+#define S390_VIRTIO_BUS(obj) \
+ OBJECT_CHECK(VirtIOS390Bus, (obj), TYPE_S390_VIRTIO_BUS)
+
+/* virtio-s390-bus */
+
+typedef struct VirtioBusState VirtioS390BusState;
+typedef struct VirtioBusClass VirtioS390BusClass;
+
+#define TYPE_VIRTIO_S390_BUS "virtio-s390-bus"
+#define VIRTIO_S390_BUS(obj) \
+ OBJECT_CHECK(VirtioS390BusState, (obj), TYPE_VIRTIO_S390_BUS)
+#define VIRTIO_S390_BUS_GET_CLASS(obj) \
+ OBJECT_GET_CLASS(VirtioS390BusClass, obj, TYPE_VIRTIO_S390_BUS)
+#define VIRTIO_S390_BUS_CLASS(klass) \
+ OBJECT_CLASS_CHECK(VirtioS390BusClass, klass, TYPE_VIRTIO_S390_BUS)
+
+
+typedef struct VirtIOS390Device VirtIOS390Device;
+
+typedef struct VirtIOS390DeviceClass {
+ DeviceClass qdev;
+ int (*init)(VirtIOS390Device *dev);
+} VirtIOS390DeviceClass;
+
+struct VirtIOS390Device {
+ DeviceState qdev;
+ ram_addr_t dev_offs;
+ ram_addr_t feat_offs;
+ uint8_t feat_len;
+ VirtIODevice *vdev;
+ uint32_t host_features;
+ VirtioBusState bus;
+};
+
+typedef struct VirtIOS390Bus {
+ BusState bus;
+
+ VirtIOS390Device *console;
+ ram_addr_t dev_page;
+ ram_addr_t dev_offs;
+ ram_addr_t next_ring;
+} VirtIOS390Bus;
+
+
+void s390_virtio_device_update_status(VirtIOS390Device *dev);
+
+VirtIOS390Device *s390_virtio_bus_console(VirtIOS390Bus *bus);
+VirtIOS390Bus *s390_virtio_bus_init(ram_addr_t *ram_size);
+
+VirtIOS390Device *s390_virtio_bus_find_vring(VirtIOS390Bus *bus,
+ ram_addr_t mem, int *vq_num);
+VirtIOS390Device *s390_virtio_bus_find_mem(VirtIOS390Bus *bus, ram_addr_t mem);
+void s390_virtio_device_sync(VirtIOS390Device *dev);
+void s390_virtio_reset_idx(VirtIOS390Device *dev);
+
+/* virtio-blk-s390 */
+
+#define TYPE_VIRTIO_BLK_S390 "virtio-blk-s390"
+#define VIRTIO_BLK_S390(obj) \
+ OBJECT_CHECK(VirtIOBlkS390, (obj), TYPE_VIRTIO_BLK_S390)
+
+typedef struct VirtIOBlkS390 {
+ VirtIOS390Device parent_obj;
+ VirtIOBlock vdev;
+ VirtIOBlkConf blk;
+} VirtIOBlkS390;
+
+/* virtio-scsi-s390 */
+
+#define TYPE_VIRTIO_SCSI_S390 "virtio-scsi-s390"
+#define VIRTIO_SCSI_S390(obj) \
+ OBJECT_CHECK(VirtIOSCSIS390, (obj), TYPE_VIRTIO_SCSI_S390)
+
+typedef struct VirtIOSCSIS390 {
+ VirtIOS390Device parent_obj;
+ VirtIOSCSI vdev;
+} VirtIOSCSIS390;
+
+/* virtio-serial-s390 */
+
+#define TYPE_VIRTIO_SERIAL_S390 "virtio-serial-s390"
+#define VIRTIO_SERIAL_S390(obj) \
+ OBJECT_CHECK(VirtIOSerialS390, (obj), TYPE_VIRTIO_SERIAL_S390)
+
+typedef struct VirtIOSerialS390 {
+ VirtIOS390Device parent_obj;
+ VirtIOSerial vdev;
+} VirtIOSerialS390;
+
+/* virtio-net-s390 */
+
+#define TYPE_VIRTIO_NET_S390 "virtio-net-s390"
+#define VIRTIO_NET_S390(obj) \
+ OBJECT_CHECK(VirtIONetS390, (obj), TYPE_VIRTIO_NET_S390)
+
+typedef struct VirtIONetS390 {
+ VirtIOS390Device parent_obj;
+ VirtIONet vdev;
+} VirtIONetS390;
+
+/* vhost-scsi-s390 */
+
+#ifdef CONFIG_VHOST_SCSI
+#define TYPE_VHOST_SCSI_S390 "vhost-scsi-s390"
+#define VHOST_SCSI_S390(obj) \
+ OBJECT_CHECK(VHostSCSIS390, (obj), TYPE_VHOST_SCSI_S390)
+
+typedef struct VHostSCSIS390 {
+ VirtIOS390Device parent_obj;
+ VHostSCSI vdev;
+} VHostSCSIS390;
+#endif
+
+/* virtio-rng-s390 */
+
+#define TYPE_VIRTIO_RNG_S390 "virtio-rng-s390"
+#define VIRTIO_RNG_S390(obj) \
+ OBJECT_CHECK(VirtIORNGS390, (obj), TYPE_VIRTIO_RNG_S390)
+
+typedef struct VirtIORNGS390 {
+ VirtIOS390Device parent_obj;
+ VirtIORNG vdev;
+} VirtIORNGS390;
+
+#endif
diff --git a/hw/s390x/s390-virtio-ccw.c b/hw/s390x/s390-virtio-ccw.c
new file mode 100644
index 000000000..aebbbf175
--- /dev/null
+++ b/hw/s390x/s390-virtio-ccw.c
@@ -0,0 +1,137 @@
+/*
+ * virtio ccw machine
+ *
+ * Copyright 2012 IBM Corp.
+ * Author(s): Cornelia Huck <cornelia.huck@de.ibm.com>
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or (at
+ * your option) any later version. See the COPYING file in the top-level
+ * directory.
+ */
+
+#include "hw/boards.h"
+#include "exec/address-spaces.h"
+#include "s390-virtio.h"
+#include "hw/s390x/sclp.h"
+#include "ioinst.h"
+#include "css.h"
+#include "virtio-ccw.h"
+
+static int virtio_ccw_hcall_notify(const uint64_t *args)
+{
+ uint64_t subch_id = args[0];
+ uint64_t queue = args[1];
+ SubchDev *sch;
+ int cssid, ssid, schid, m;
+
+ if (ioinst_disassemble_sch_ident(subch_id, &m, &cssid, &ssid, &schid)) {
+ return -EINVAL;
+ }
+ sch = css_find_subch(m, cssid, ssid, schid);
+ if (!sch || !css_subch_visible(sch)) {
+ return -EINVAL;
+ }
+ if (queue >= VIRTIO_PCI_QUEUE_MAX) {
+ return -EINVAL;
+ }
+ virtio_queue_notify(virtio_ccw_get_vdev(sch), queue);
+ return 0;
+
+}
+
+static int virtio_ccw_hcall_early_printk(const uint64_t *args)
+{
+ uint64_t mem = args[0];
+
+ if (mem < ram_size) {
+ /* Early printk */
+ return 0;
+ }
+ return -EINVAL;
+}
+
+static void virtio_ccw_register_hcalls(void)
+{
+ s390_register_virtio_hypercall(KVM_S390_VIRTIO_CCW_NOTIFY,
+ virtio_ccw_hcall_notify);
+ /* Tolerate early printk. */
+ s390_register_virtio_hypercall(KVM_S390_VIRTIO_NOTIFY,
+ virtio_ccw_hcall_early_printk);
+}
+
+static void ccw_init(QEMUMachineInitArgs *args)
+{
+ ram_addr_t my_ram_size = args->ram_size;
+ MemoryRegion *sysmem = get_system_memory();
+ MemoryRegion *ram = g_new(MemoryRegion, 1);
+ int shift = 0;
+ uint8_t *storage_keys;
+ int ret;
+ VirtualCssBus *css_bus;
+
+ /* s390x ram size detection needs a 16bit multiplier + an increment. So
+ guests > 64GB can be specified in 2MB steps etc. */
+ while ((my_ram_size >> (20 + shift)) > 65535) {
+ shift++;
+ }
+ my_ram_size = my_ram_size >> (20 + shift) << (20 + shift);
+
+ /* let's propagate the changed ram size into the global variable. */
+ ram_size = my_ram_size;
+
+ /* get a BUS */
+ css_bus = virtual_css_bus_init();
+ s390_sclp_init();
+ s390_init_ipl_dev(args->kernel_filename, args->kernel_cmdline,
+ args->initrd_filename, "s390-ccw.img");
+
+ /* register hypercalls */
+ virtio_ccw_register_hcalls();
+
+ /* allocate RAM */
+ memory_region_init_ram(ram, NULL, "s390.ram", my_ram_size);
+ vmstate_register_ram_global(ram);
+ memory_region_add_subregion(sysmem, 0, ram);
+
+ /* allocate storage keys */
+ storage_keys = g_malloc0(my_ram_size / TARGET_PAGE_SIZE);
+
+ /* init CPUs */
+ s390_init_cpus(args->cpu_model, storage_keys);
+
+ if (kvm_enabled()) {
+ kvm_s390_enable_css_support(s390_cpu_addr2state(0));
+ }
+ /*
+ * Create virtual css and set it as default so that non mcss-e
+ * enabled guests only see virtio devices.
+ */
+ ret = css_create_css_image(VIRTUAL_CSSID, true);
+ assert(ret == 0);
+
+ /* Create VirtIO network adapters */
+ s390_create_virtio_net(BUS(css_bus), "virtio-net-ccw");
+}
+
+static QEMUMachine ccw_machine = {
+ .name = "s390-ccw-virtio",
+ .alias = "s390-ccw",
+ .desc = "VirtIO-ccw based S390 machine",
+ .init = ccw_init,
+ .block_default_type = IF_VIRTIO,
+ .no_cdrom = 1,
+ .no_floppy = 1,
+ .no_serial = 1,
+ .no_parallel = 1,
+ .no_sdcard = 1,
+ .use_sclp = 1,
+ .max_cpus = 255,
+ DEFAULT_MACHINE_OPTIONS,
+};
+
+static void ccw_machine_init(void)
+{
+ qemu_register_machine(&ccw_machine);
+}
+
+machine_init(ccw_machine_init)
diff --git a/hw/s390x/s390-virtio-hcall.c b/hw/s390x/s390-virtio-hcall.c
new file mode 100644
index 000000000..ee626493c
--- /dev/null
+++ b/hw/s390x/s390-virtio-hcall.c
@@ -0,0 +1,36 @@
+/*
+ * Support for virtio hypercalls on s390
+ *
+ * Copyright 2012 IBM Corp.
+ * Author(s): Cornelia Huck <cornelia.huck@de.ibm.com>
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or (at
+ * your option) any later version. See the COPYING file in the top-level
+ * directory.
+ */
+
+#include "cpu.h"
+#include "hw/s390x/s390-virtio.h"
+
+#define MAX_DIAG_SUBCODES 255
+
+static s390_virtio_fn s390_diag500_table[MAX_DIAG_SUBCODES];
+
+void s390_register_virtio_hypercall(uint64_t code, s390_virtio_fn fn)
+{
+ assert(code < MAX_DIAG_SUBCODES);
+ assert(!s390_diag500_table[code]);
+
+ s390_diag500_table[code] = fn;
+}
+
+int s390_virtio_hypercall(CPUS390XState *env)
+{
+ s390_virtio_fn fn = s390_diag500_table[env->regs[1]];
+
+ if (!fn) {
+ return -EINVAL;
+ }
+
+ return fn(&env->regs[2]);
+}
diff --git a/hw/s390x/s390-virtio.c b/hw/s390x/s390-virtio.c
new file mode 100644
index 000000000..439d7323e
--- /dev/null
+++ b/hw/s390x/s390-virtio.c
@@ -0,0 +1,304 @@
+/*
+ * QEMU S390 virtio target
+ *
+ * Copyright (c) 2009 Alexander Graf <agraf@suse.de>
+ * Copyright IBM Corp 2012
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * Contributions after 2012-10-29 are licensed under the terms of the
+ * GNU GPL, version 2 or (at your option) any later version.
+ *
+ * You should have received a copy of the GNU (Lesser) General Public
+ * License along with this library; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "hw/hw.h"
+#include "block/block.h"
+#include "sysemu/blockdev.h"
+#include "sysemu/sysemu.h"
+#include "net/net.h"
+#include "hw/boards.h"
+#include "monitor/monitor.h"
+#include "hw/loader.h"
+#include "hw/virtio/virtio.h"
+#include "hw/sysbus.h"
+#include "sysemu/kvm.h"
+#include "exec/address-spaces.h"
+
+#include "hw/s390x/s390-virtio-bus.h"
+#include "hw/s390x/sclp.h"
+#include "hw/s390x/s390-virtio.h"
+
+//#define DEBUG_S390
+
+#ifdef DEBUG_S390
+#define DPRINTF(fmt, ...) \
+ do { fprintf(stderr, fmt, ## __VA_ARGS__); } while (0)
+#else
+#define DPRINTF(fmt, ...) \
+ do { } while (0)
+#endif
+
+#define MAX_BLK_DEVS 10
+#define ZIPL_FILENAME "s390-zipl.rom"
+
+static VirtIOS390Bus *s390_bus;
+static S390CPU **ipi_states;
+
+S390CPU *s390_cpu_addr2state(uint16_t cpu_addr)
+{
+ if (cpu_addr >= smp_cpus) {
+ return NULL;
+ }
+
+ return ipi_states[cpu_addr];
+}
+
+static int s390_virtio_hcall_notify(const uint64_t *args)
+{
+ uint64_t mem = args[0];
+ int r = 0, i;
+
+ if (mem > ram_size) {
+ VirtIOS390Device *dev = s390_virtio_bus_find_vring(s390_bus, mem, &i);
+ if (dev) {
+ virtio_queue_notify(dev->vdev, i);
+ } else {
+ r = -EINVAL;
+ }
+ } else {
+ /* Early printk */
+ }
+ return r;
+}
+
+static int s390_virtio_hcall_reset(const uint64_t *args)
+{
+ uint64_t mem = args[0];
+ VirtIOS390Device *dev;
+
+ dev = s390_virtio_bus_find_mem(s390_bus, mem);
+ if (dev == NULL) {
+ return -EINVAL;
+ }
+ virtio_reset(dev->vdev);
+ stb_phys(dev->dev_offs + VIRTIO_DEV_OFFS_STATUS, 0);
+ s390_virtio_device_sync(dev);
+ s390_virtio_reset_idx(dev);
+
+ return 0;
+}
+
+static int s390_virtio_hcall_set_status(const uint64_t *args)
+{
+ uint64_t mem = args[0];
+ int r = 0;
+ VirtIOS390Device *dev;
+
+ dev = s390_virtio_bus_find_mem(s390_bus, mem);
+ if (dev) {
+ s390_virtio_device_update_status(dev);
+ } else {
+ r = -EINVAL;
+ }
+ return r;
+}
+
+static void s390_virtio_register_hcalls(void)
+{
+ s390_register_virtio_hypercall(KVM_S390_VIRTIO_NOTIFY,
+ s390_virtio_hcall_notify);
+ s390_register_virtio_hypercall(KVM_S390_VIRTIO_RESET,
+ s390_virtio_hcall_reset);
+ s390_register_virtio_hypercall(KVM_S390_VIRTIO_SET_STATUS,
+ s390_virtio_hcall_set_status);
+}
+
+/*
+ * The number of running CPUs. On s390 a shutdown is the state of all CPUs
+ * being either stopped or disabled (for interrupts) waiting. We have to
+ * track this number to call the shutdown sequence accordingly. This
+ * number is modified either on startup or while holding the big qemu lock.
+ */
+static unsigned s390_running_cpus;
+
+void s390_add_running_cpu(S390CPU *cpu)
+{
+ CPUState *cs = CPU(cpu);
+ CPUS390XState *env = &cpu->env;
+
+ if (cs->halted) {
+ s390_running_cpus++;
+ cs->halted = 0;
+ env->exception_index = -1;
+ }
+}
+
+unsigned s390_del_running_cpu(S390CPU *cpu)
+{
+ CPUState *cs = CPU(cpu);
+ CPUS390XState *env = &cpu->env;
+
+ if (cs->halted == 0) {
+ assert(s390_running_cpus >= 1);
+ s390_running_cpus--;
+ cs->halted = 1;
+ env->exception_index = EXCP_HLT;
+ }
+ return s390_running_cpus;
+}
+
+void s390_init_ipl_dev(const char *kernel_filename,
+ const char *kernel_cmdline,
+ const char *initrd_filename,
+ const char *firmware)
+{
+ DeviceState *dev;
+
+ dev = qdev_create(NULL, "s390-ipl");
+ if (kernel_filename) {
+ qdev_prop_set_string(dev, "kernel", kernel_filename);
+ }
+ if (initrd_filename) {
+ qdev_prop_set_string(dev, "initrd", initrd_filename);
+ }
+ qdev_prop_set_string(dev, "cmdline", kernel_cmdline);
+ qdev_prop_set_string(dev, "firmware", firmware);
+ qdev_init_nofail(dev);
+}
+
+void s390_init_cpus(const char *cpu_model, uint8_t *storage_keys)
+{
+ int i;
+
+ if (cpu_model == NULL) {
+ cpu_model = "host";
+ }
+
+ ipi_states = g_malloc(sizeof(S390CPU *) * smp_cpus);
+
+ for (i = 0; i < smp_cpus; i++) {
+ S390CPU *cpu;
+ CPUState *cs;
+
+ cpu = cpu_s390x_init(cpu_model);
+ cs = CPU(cpu);
+
+ ipi_states[i] = cpu;
+ cs->halted = 1;
+ cpu->env.exception_index = EXCP_HLT;
+ cpu->env.storage_keys = storage_keys;
+ }
+}
+
+
+void s390_create_virtio_net(BusState *bus, const char *name)
+{
+ int i;
+
+ for (i = 0; i < nb_nics; i++) {
+ NICInfo *nd = &nd_table[i];
+ DeviceState *dev;
+
+ if (!nd->model) {
+ nd->model = g_strdup("virtio");
+ }
+
+ if (strcmp(nd->model, "virtio")) {
+ fprintf(stderr, "S390 only supports VirtIO nics\n");
+ exit(1);
+ }
+
+ dev = qdev_create(bus, name);
+ qdev_set_nic_properties(dev, nd);
+ qdev_init_nofail(dev);
+ }
+}
+
+/* PC hardware initialisation */
+static void s390_init(QEMUMachineInitArgs *args)
+{
+ ram_addr_t my_ram_size = args->ram_size;
+ MemoryRegion *sysmem = get_system_memory();
+ MemoryRegion *ram = g_new(MemoryRegion, 1);
+ int shift = 0;
+ uint8_t *storage_keys;
+ void *virtio_region;
+ hwaddr virtio_region_len;
+ hwaddr virtio_region_start;
+
+ /* s390x ram size detection needs a 16bit multiplier + an increment. So
+ guests > 64GB can be specified in 2MB steps etc. */
+ while ((my_ram_size >> (20 + shift)) > 65535) {
+ shift++;
+ }
+ my_ram_size = my_ram_size >> (20 + shift) << (20 + shift);
+
+ /* let's propagate the changed ram size into the global variable. */
+ ram_size = my_ram_size;
+
+ /* get a BUS */
+ s390_bus = s390_virtio_bus_init(&my_ram_size);
+ s390_sclp_init();
+ s390_init_ipl_dev(args->kernel_filename, args->kernel_cmdline,
+ args->initrd_filename, ZIPL_FILENAME);
+
+ /* register hypercalls */
+ s390_virtio_register_hcalls();
+
+ /* allocate RAM */
+ memory_region_init_ram(ram, NULL, "s390.ram", my_ram_size);
+ vmstate_register_ram_global(ram);
+ memory_region_add_subregion(sysmem, 0, ram);
+
+ /* clear virtio region */
+ virtio_region_len = my_ram_size - ram_size;
+ virtio_region_start = ram_size;
+ virtio_region = cpu_physical_memory_map(virtio_region_start,
+ &virtio_region_len, true);
+ memset(virtio_region, 0, virtio_region_len);
+ cpu_physical_memory_unmap(virtio_region, virtio_region_len, 1,
+ virtio_region_len);
+
+ /* allocate storage keys */
+ storage_keys = g_malloc0(my_ram_size / TARGET_PAGE_SIZE);
+
+ /* init CPUs */
+ s390_init_cpus(args->cpu_model, storage_keys);
+
+ /* Create VirtIO network adapters */
+ s390_create_virtio_net((BusState *)s390_bus, "virtio-net-s390");
+}
+
+static QEMUMachine s390_machine = {
+ .name = "s390-virtio",
+ .alias = "s390",
+ .desc = "VirtIO based S390 machine",
+ .init = s390_init,
+ .block_default_type = IF_VIRTIO,
+ .no_cdrom = 1,
+ .no_floppy = 1,
+ .no_serial = 1,
+ .no_parallel = 1,
+ .no_sdcard = 1,
+ .use_virtcon = 1,
+ .max_cpus = 255,
+ .is_default = 1,
+ DEFAULT_MACHINE_OPTIONS,
+};
+
+static void s390_machine_init(void)
+{
+ qemu_register_machine(&s390_machine);
+}
+
+machine_init(s390_machine_init);
diff --git a/hw/s390x/s390-virtio.h b/hw/s390x/s390-virtio.h
new file mode 100644
index 000000000..5c405e775
--- /dev/null
+++ b/hw/s390x/s390-virtio.h
@@ -0,0 +1,29 @@
+/*
+ * Virtio interfaces for s390
+ *
+ * Copyright 2012 IBM Corp.
+ * Author(s): Cornelia Huck <cornelia.huck@de.ibm.com>
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or (at
+ * your option) any later version. See the COPYING file in the top-level
+ * directory.
+ */
+
+#ifndef HW_S390_VIRTIO_H
+#define HW_S390_VIRTIO_H 1
+
+#define KVM_S390_VIRTIO_NOTIFY 0
+#define KVM_S390_VIRTIO_RESET 1
+#define KVM_S390_VIRTIO_SET_STATUS 2
+#define KVM_S390_VIRTIO_CCW_NOTIFY 3
+
+typedef int (*s390_virtio_fn)(const uint64_t *args);
+void s390_register_virtio_hypercall(uint64_t code, s390_virtio_fn fn);
+
+void s390_init_cpus(const char *cpu_model, uint8_t *storage_keys);
+void s390_init_ipl_dev(const char *kernel_filename,
+ const char *kernel_cmdline,
+ const char *initrd_filename,
+ const char *firmware);
+void s390_create_virtio_net(BusState *bus, const char *name);
+#endif
diff --git a/hw/s390x/sclp.c b/hw/s390x/sclp.c
index 5c274fa03..86d6ae002 100644
--- a/hw/s390x/sclp.c
+++ b/hw/s390x/sclp.c
@@ -13,10 +13,10 @@
*/
#include "cpu.h"
-#include "kvm.h"
-#include "memory.h"
+#include "sysemu/kvm.h"
+#include "exec/memory.h"
-#include "sclp.h"
+#include "hw/s390x/sclp.h"
static inline S390SCLPDevice *get_event_facility(void)
{
@@ -146,7 +146,7 @@ static void s390_sclp_device_class_init(ObjectClass *klass, void *data)
dc->init = s390_sclp_dev_init;
}
-static TypeInfo s390_sclp_device_info = {
+static const TypeInfo s390_sclp_device_info = {
.name = TYPE_DEVICE_S390_SCLP,
.parent = TYPE_SYS_BUS_DEVICE,
.instance_size = sizeof(S390SCLPDevice),
diff --git a/hw/s390x/sclp.h b/hw/s390x/sclp.h
deleted file mode 100644
index fe89dadd6..000000000
--- a/hw/s390x/sclp.h
+++ /dev/null
@@ -1,118 +0,0 @@
-/*
- * SCLP Support
- *
- * Copyright IBM, Corp. 2012
- *
- * Authors:
- * Christian Borntraeger <borntraeger@de.ibm.com>
- *
- * This work is licensed under the terms of the GNU GPL, version 2 or (at your
- * option) any later version. See the COPYING file in the top-level directory.
- *
- */
-
-#ifndef HW_S390_SCLP_H
-#define HW_S390_SCLP_H
-
-#include <hw/sysbus.h>
-#include <hw/qdev.h>
-
-/* SCLP command codes */
-#define SCLP_CMDW_READ_SCP_INFO 0x00020001
-#define SCLP_CMDW_READ_SCP_INFO_FORCED 0x00120001
-#define SCLP_CMD_READ_EVENT_DATA 0x00770005
-#define SCLP_CMD_WRITE_EVENT_DATA 0x00760005
-#define SCLP_CMD_READ_EVENT_DATA 0x00770005
-#define SCLP_CMD_WRITE_EVENT_DATA 0x00760005
-#define SCLP_CMD_WRITE_EVENT_MASK 0x00780005
-
-/* SCLP response codes */
-#define SCLP_RC_NORMAL_READ_COMPLETION 0x0010
-#define SCLP_RC_NORMAL_COMPLETION 0x0020
-#define SCLP_RC_INVALID_SCLP_COMMAND 0x01f0
-#define SCLP_RC_CONTAINED_EQUIPMENT_CHECK 0x0340
-#define SCLP_RC_INSUFFICIENT_SCCB_LENGTH 0x0300
-#define SCLP_RC_INVALID_FUNCTION 0x40f0
-#define SCLP_RC_NO_EVENT_BUFFERS_STORED 0x60f0
-#define SCLP_RC_INVALID_SELECTION_MASK 0x70f0
-#define SCLP_RC_INCONSISTENT_LENGTHS 0x72f0
-#define SCLP_RC_EVENT_BUFFER_SYNTAX_ERROR 0x73f0
-#define SCLP_RC_INVALID_MASK_LENGTH 0x74f0
-
-
-/* Service Call Control Block (SCCB) and its elements */
-
-#define SCCB_SIZE 4096
-
-#define SCLP_VARIABLE_LENGTH_RESPONSE 0x80
-#define SCLP_EVENT_BUFFER_ACCEPTED 0x80
-
-#define SCLP_FC_NORMAL_WRITE 0
-
-/*
- * Normally packed structures are not the right thing to do, since all code
- * must take care of endianess. We cant use ldl_phys and friends for two
- * reasons, though:
- * - some of the embedded structures below the SCCB can appear multiple times
- * at different locations, so there is no fixed offset
- * - we work on a private copy of the SCCB, since there are several length
- * fields, that would cause a security nightmare if we allow the guest to
- * alter the structure while we parse it. We cannot use ldl_p and friends
- * either without doing pointer arithmetics
- * So we have to double check that all users of sclp data structures use the
- * right endianess wrappers.
- */
-typedef struct SCCBHeader {
- uint16_t length;
- uint8_t function_code;
- uint8_t control_mask[3];
- uint16_t response_code;
-} QEMU_PACKED SCCBHeader;
-
-#define SCCB_DATA_LEN (SCCB_SIZE - sizeof(SCCBHeader))
-
-typedef struct ReadInfo {
- SCCBHeader h;
- uint16_t rnmax;
- uint8_t rnsize;
-} QEMU_PACKED ReadInfo;
-
-typedef struct SCCB {
- SCCBHeader h;
- char data[SCCB_DATA_LEN];
- } QEMU_PACKED SCCB;
-
-static inline int sccb_data_len(SCCB *sccb)
-{
- return be16_to_cpu(sccb->h.length) - sizeof(sccb->h);
-}
-
-#define TYPE_DEVICE_S390_SCLP "s390-sclp-device"
-#define SCLP_S390_DEVICE(obj) \
- OBJECT_CHECK(S390SCLPDevice, (obj), TYPE_DEVICE_S390_SCLP)
-#define SCLP_S390_DEVICE_CLASS(klass) \
- OBJECT_CLASS_CHECK(S390SCLPDeviceClass, (klass), \
- TYPE_DEVICE_S390_SCLP)
-#define SCLP_S390_DEVICE_GET_CLASS(obj) \
- OBJECT_GET_CLASS(S390SCLPDeviceClass, (obj), \
- TYPE_DEVICE_S390_SCLP)
-
-typedef struct SCLPEventFacility SCLPEventFacility;
-
-typedef struct S390SCLPDevice {
- SysBusDevice busdev;
- SCLPEventFacility *ef;
- void (*sclp_command_handler)(SCLPEventFacility *ef, SCCB *sccb,
- uint64_t code);
- bool (*event_pending)(SCLPEventFacility *ef);
-} S390SCLPDevice;
-
-typedef struct S390SCLPDeviceClass {
- DeviceClass qdev;
- int (*init)(S390SCLPDevice *sdev);
-} S390SCLPDeviceClass;
-
-void s390_sclp_init(void);
-void sclp_service_interrupt(uint32_t sccb);
-
-#endif
diff --git a/hw/s390x/sclpconsole.c b/hw/s390x/sclpconsole.c
deleted file mode 100644
index 0ec5623f5..000000000
--- a/hw/s390x/sclpconsole.c
+++ /dev/null
@@ -1,306 +0,0 @@
-/*
- * SCLP event type
- * Ascii Console Data (VT220 Console)
- *
- * Copyright IBM, Corp. 2012
- *
- * Authors:
- * Heinz Graalfs <graalfs@de.ibm.com>
- *
- * This work is licensed under the terms of the GNU GPL, version 2 or (at your
- * option) any later version. See the COPYING file in the top-level directory.
- *
- */
-
-#include <hw/qdev.h>
-#include "qemu-thread.h"
-
-#include "sclp.h"
-#include "event-facility.h"
-
-typedef struct ASCIIConsoleData {
- EventBufferHeader ebh;
- char data[0];
-} QEMU_PACKED ASCIIConsoleData;
-
-/* max size for ASCII data in 4K SCCB page */
-#define SIZE_BUFFER_VT220 4080
-
-typedef struct SCLPConsole {
- SCLPEvent event;
- CharDriverState *chr;
- /* io vector */
- uint8_t *iov; /* iov buffer pointer */
- uint8_t *iov_sclp; /* pointer to SCLP read offset */
- uint8_t *iov_bs; /* pointer byte stream read offset */
- uint32_t iov_data_len; /* length of byte stream in buffer */
- uint32_t iov_sclp_rest; /* length of byte stream not read via SCLP */
- qemu_irq irq_read_vt220;
-} SCLPConsole;
-
-/* character layer call-back functions */
-
-/* Return number of bytes that fit into iov buffer */
-static int chr_can_read(void *opaque)
-{
- int can_read;
- SCLPConsole *scon = opaque;
-
- can_read = SIZE_BUFFER_VT220 - scon->iov_data_len;
-
- return can_read;
-}
-
-/* Receive n bytes from character layer, save in iov buffer,
- * and set event pending */
-static void receive_from_chr_layer(SCLPConsole *scon, const uint8_t *buf,
- int size)
-{
- assert(scon->iov);
-
- /* read data must fit into current buffer */
- assert(size <= SIZE_BUFFER_VT220 - scon->iov_data_len);
-
- /* put byte-stream from character layer into buffer */
- memcpy(scon->iov_bs, buf, size);
- scon->iov_data_len += size;
- scon->iov_sclp_rest += size;
- scon->iov_bs += size;
- scon->event.event_pending = true;
-}
-
-/* Send data from a char device over to the guest */
-static void chr_read(void *opaque, const uint8_t *buf, int size)
-{
- SCLPConsole *scon = opaque;
-
- assert(scon);
-
- receive_from_chr_layer(scon, buf, size);
- /* trigger SCLP read operation */
- qemu_irq_raise(scon->irq_read_vt220);
-}
-
-static void chr_event(void *opaque, int event)
-{
- SCLPConsole *scon = opaque;
-
- switch (event) {
- case CHR_EVENT_OPENED:
- if (!scon->iov) {
- scon->iov = g_malloc0(SIZE_BUFFER_VT220);
- scon->iov_sclp = scon->iov;
- scon->iov_bs = scon->iov;
- scon->iov_data_len = 0;
- scon->iov_sclp_rest = 0;
- }
- break;
- case CHR_EVENT_CLOSED:
- if (scon->iov) {
- g_free(scon->iov);
- scon->iov = NULL;
- }
- break;
- }
-}
-
-/* functions to be called by event facility */
-
-static int event_type(void)
-{
- return SCLP_EVENT_ASCII_CONSOLE_DATA;
-}
-
-static unsigned int send_mask(void)
-{
- return SCLP_EVENT_MASK_MSG_ASCII;
-}
-
-static unsigned int receive_mask(void)
-{
- return SCLP_EVENT_MASK_MSG_ASCII;
-}
-
-/* triggered by SCLP's read_event_data -
- * copy console data byte-stream into provided (SCLP) buffer
- */
-static void get_console_data(SCLPEvent *event, uint8_t *buf, size_t *size,
- int avail)
-{
- SCLPConsole *cons = DO_UPCAST(SCLPConsole, event, event);
-
- /* first byte is hex 0 saying an ascii string follows */
- *buf++ = '\0';
- avail--;
- /* if all data fit into provided SCLP buffer */
- if (avail >= cons->iov_sclp_rest) {
- /* copy character byte-stream to SCLP buffer */
- memcpy(buf, cons->iov_sclp, cons->iov_sclp_rest);
- *size = cons->iov_sclp_rest + 1;
- cons->iov_sclp = cons->iov;
- cons->iov_bs = cons->iov;
- cons->iov_data_len = 0;
- cons->iov_sclp_rest = 0;
- event->event_pending = false;
- /* data provided and no more data pending */
- } else {
- /* if provided buffer is too small, just copy part */
- memcpy(buf, cons->iov_sclp, avail);
- *size = avail + 1;
- cons->iov_sclp_rest -= avail;
- cons->iov_sclp += avail;
- /* more data pending */
- }
-}
-
-static int read_event_data(SCLPEvent *event, EventBufferHeader *evt_buf_hdr,
- int *slen)
-{
- int avail;
- size_t src_len;
- uint8_t *to;
- ASCIIConsoleData *acd = (ASCIIConsoleData *) evt_buf_hdr;
-
- if (!event->event_pending) {
- /* no data pending */
- return 0;
- }
-
- to = (uint8_t *)&acd->data;
- avail = *slen - sizeof(ASCIIConsoleData);
- get_console_data(event, to, &src_len, avail);
-
- acd->ebh.length = cpu_to_be16(sizeof(ASCIIConsoleData) + src_len);
- acd->ebh.type = SCLP_EVENT_ASCII_CONSOLE_DATA;
- acd->ebh.flags |= SCLP_EVENT_BUFFER_ACCEPTED;
- *slen = avail - src_len;
-
- return 1;
-}
-
-/* triggered by SCLP's write_event_data
- * - write console data into character layer
- * returns < 0 if an error occured
- */
-static ssize_t write_console_data(SCLPEvent *event, const uint8_t *buf,
- size_t len)
-{
- ssize_t ret = 0;
- const uint8_t *iov_offset;
- SCLPConsole *scon = DO_UPCAST(SCLPConsole, event, event);
-
- if (!scon->chr) {
- /* If there's no backend, we can just say we consumed all data. */
- return len;
- }
-
- iov_offset = buf;
- while (len > 0) {
- ret = qemu_chr_fe_write(scon->chr, buf, len);
- if (ret == 0) {
- /* a pty doesn't seem to be connected - no error */
- len = 0;
- } else if (ret == -EAGAIN || (ret > 0 && ret < len)) {
- len -= ret;
- iov_offset += ret;
- } else {
- len = 0;
- }
- }
-
- return ret;
-}
-
-static int write_event_data(SCLPEvent *event, EventBufferHeader *evt_buf_hdr)
-{
- int rc;
- int length;
- ssize_t written;
- ASCIIConsoleData *acd = (ASCIIConsoleData *) evt_buf_hdr;
-
- length = be16_to_cpu(evt_buf_hdr->length) - sizeof(EventBufferHeader);
- written = write_console_data(event, (uint8_t *)acd->data, length);
-
- rc = SCLP_RC_NORMAL_COMPLETION;
- /* set event buffer accepted flag */
- evt_buf_hdr->flags |= SCLP_EVENT_BUFFER_ACCEPTED;
-
- /* written will be zero if a pty is not connected - don't treat as error */
- if (written < 0) {
- /* event buffer not accepted due to error in character layer */
- evt_buf_hdr->flags &= ~(SCLP_EVENT_BUFFER_ACCEPTED);
- rc = SCLP_RC_CONTAINED_EQUIPMENT_CHECK;
- }
-
- return rc;
-}
-
-static void trigger_ascii_console_data(void *env, int n, int level)
-{
- sclp_service_interrupt(0);
-}
-
-/* qemu object creation and initialization functions */
-
-/* tell character layer our call-back functions */
-static int console_init(SCLPEvent *event)
-{
- static bool console_available;
-
- SCLPConsole *scon = DO_UPCAST(SCLPConsole, event, event);
-
- if (console_available) {
- error_report("Multiple VT220 operator consoles are not supported");
- return -1;
- }
- console_available = true;
- event->event_type = SCLP_EVENT_ASCII_CONSOLE_DATA;
- if (scon->chr) {
- qemu_chr_add_handlers(scon->chr, chr_can_read,
- chr_read, chr_event, scon);
- }
- scon->irq_read_vt220 = *qemu_allocate_irqs(trigger_ascii_console_data,
- NULL, 1);
-
- return 0;
-}
-
-static int console_exit(SCLPEvent *event)
-{
- return 0;
-}
-
-static Property console_properties[] = {
- DEFINE_PROP_CHR("chardev", SCLPConsole, chr),
- DEFINE_PROP_END_OF_LIST(),
-};
-
-static void console_class_init(ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS(klass);
- SCLPEventClass *ec = SCLP_EVENT_CLASS(klass);
-
- dc->props = console_properties;
- ec->init = console_init;
- ec->exit = console_exit;
- ec->get_send_mask = send_mask;
- ec->get_receive_mask = receive_mask;
- ec->event_type = event_type;
- ec->read_event_data = read_event_data;
- ec->write_event_data = write_event_data;
-}
-
-static TypeInfo sclp_console_info = {
- .name = "sclpconsole",
- .parent = TYPE_SCLP_EVENT,
- .instance_size = sizeof(SCLPConsole),
- .class_init = console_class_init,
- .class_size = sizeof(SCLPEventClass),
-};
-
-static void register_types(void)
-{
- type_register_static(&sclp_console_info);
-}
-
-type_init(register_types)
diff --git a/hw/s390x/sclpquiesce.c b/hw/s390x/sclpquiesce.c
index 9a773b87f..5fadc86d4 100644
--- a/hw/s390x/sclpquiesce.c
+++ b/hw/s390x/sclpquiesce.c
@@ -12,9 +12,9 @@
*
*/
#include <hw/qdev.h>
-#include "sysemu.h"
-#include "sclp.h"
-#include "event-facility.h"
+#include "sysemu/sysemu.h"
+#include "hw/s390x/sclp.h"
+#include "hw/s390x/event-facility.h"
typedef struct SignalQuiesce {
EventBufferHeader ebh;
@@ -107,7 +107,7 @@ static void quiesce_class_init(ObjectClass *klass, void *data)
k->write_event_data = NULL;
}
-static TypeInfo sclp_quiesce_info = {
+static const TypeInfo sclp_quiesce_info = {
.name = "sclpquiesce",
.parent = TYPE_SCLP_EVENT,
.instance_size = sizeof(SCLPEvent),
diff --git a/hw/s390x/virtio-ccw.c b/hw/s390x/virtio-ccw.c
new file mode 100644
index 000000000..8835bd433
--- /dev/null
+++ b/hw/s390x/virtio-ccw.c
@@ -0,0 +1,1342 @@
+/*
+ * virtio ccw target implementation
+ *
+ * Copyright 2012 IBM Corp.
+ * Author(s): Cornelia Huck <cornelia.huck@de.ibm.com>
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or (at
+ * your option) any later version. See the COPYING file in the top-level
+ * directory.
+ */
+
+#include "hw/hw.h"
+#include "block/block.h"
+#include "sysemu/blockdev.h"
+#include "sysemu/sysemu.h"
+#include "net/net.h"
+#include "monitor/monitor.h"
+#include "hw/virtio/virtio.h"
+#include "hw/virtio/virtio-serial.h"
+#include "hw/virtio/virtio-net.h"
+#include "hw/sysbus.h"
+#include "qemu/bitops.h"
+#include "hw/virtio/virtio-bus.h"
+
+#include "ioinst.h"
+#include "css.h"
+#include "virtio-ccw.h"
+#include "trace.h"
+
+static void virtio_ccw_bus_new(VirtioBusState *bus, VirtioCcwDevice *dev);
+
+static int virtual_css_bus_reset(BusState *qbus)
+{
+ /* This should actually be modelled via the generic css */
+ css_reset();
+
+ /* we dont traverse ourself, return 0 */
+ return 0;
+}
+
+
+static void virtual_css_bus_class_init(ObjectClass *klass, void *data)
+{
+ BusClass *k = BUS_CLASS(klass);
+
+ k->reset = virtual_css_bus_reset;
+}
+
+static const TypeInfo virtual_css_bus_info = {
+ .name = TYPE_VIRTUAL_CSS_BUS,
+ .parent = TYPE_BUS,
+ .instance_size = sizeof(VirtualCssBus),
+ .class_init = virtual_css_bus_class_init,
+};
+
+VirtIODevice *virtio_ccw_get_vdev(SubchDev *sch)
+{
+ VirtIODevice *vdev = NULL;
+
+ if (sch->driver_data) {
+ vdev = ((VirtioCcwDevice *)sch->driver_data)->vdev;
+ }
+ return vdev;
+}
+
+static int virtio_ccw_set_guest2host_notifier(VirtioCcwDevice *dev, int n,
+ bool assign, bool set_handler)
+{
+ VirtQueue *vq = virtio_get_queue(dev->vdev, n);
+ EventNotifier *notifier = virtio_queue_get_host_notifier(vq);
+ int r = 0;
+ SubchDev *sch = dev->sch;
+ uint32_t sch_id = (css_build_subchannel_id(sch) << 16) | sch->schid;
+
+ if (assign) {
+ r = event_notifier_init(notifier, 1);
+ if (r < 0) {
+ error_report("%s: unable to init event notifier: %d", __func__, r);
+ return r;
+ }
+ virtio_queue_set_host_notifier_fd_handler(vq, true, set_handler);
+ r = s390_assign_subch_ioeventfd(notifier, sch_id, n, assign);
+ if (r < 0) {
+ error_report("%s: unable to assign ioeventfd: %d", __func__, r);
+ virtio_queue_set_host_notifier_fd_handler(vq, false, false);
+ event_notifier_cleanup(notifier);
+ return r;
+ }
+ } else {
+ virtio_queue_set_host_notifier_fd_handler(vq, false, false);
+ s390_assign_subch_ioeventfd(notifier, sch_id, n, assign);
+ event_notifier_cleanup(notifier);
+ }
+ return r;
+}
+
+static void virtio_ccw_start_ioeventfd(VirtioCcwDevice *dev)
+{
+ int n, r;
+
+ if (!(dev->flags & VIRTIO_CCW_FLAG_USE_IOEVENTFD) ||
+ dev->ioeventfd_disabled ||
+ dev->ioeventfd_started) {
+ return;
+ }
+ for (n = 0; n < VIRTIO_PCI_QUEUE_MAX; n++) {
+ if (!virtio_queue_get_num(dev->vdev, n)) {
+ continue;
+ }
+ r = virtio_ccw_set_guest2host_notifier(dev, n, true, true);
+ if (r < 0) {
+ goto assign_error;
+ }
+ }
+ dev->ioeventfd_started = true;
+ return;
+
+ assign_error:
+ while (--n >= 0) {
+ if (!virtio_queue_get_num(dev->vdev, n)) {
+ continue;
+ }
+ r = virtio_ccw_set_guest2host_notifier(dev, n, false, false);
+ assert(r >= 0);
+ }
+ dev->ioeventfd_started = false;
+ /* Disable ioeventfd for this device. */
+ dev->flags &= ~VIRTIO_CCW_FLAG_USE_IOEVENTFD;
+ error_report("%s: failed. Fallback to userspace (slower).", __func__);
+}
+
+static void virtio_ccw_stop_ioeventfd(VirtioCcwDevice *dev)
+{
+ int n, r;
+
+ if (!dev->ioeventfd_started) {
+ return;
+ }
+ for (n = 0; n < VIRTIO_PCI_QUEUE_MAX; n++) {
+ if (!virtio_queue_get_num(dev->vdev, n)) {
+ continue;
+ }
+ r = virtio_ccw_set_guest2host_notifier(dev, n, false, false);
+ assert(r >= 0);
+ }
+ dev->ioeventfd_started = false;
+}
+
+VirtualCssBus *virtual_css_bus_init(void)
+{
+ VirtualCssBus *cbus;
+ BusState *bus;
+ DeviceState *dev;
+
+ /* Create bridge device */
+ dev = qdev_create(NULL, "virtual-css-bridge");
+ qdev_init_nofail(dev);
+
+ /* Create bus on bridge device */
+ bus = qbus_create(TYPE_VIRTUAL_CSS_BUS, dev, "virtual-css");
+ cbus = VIRTUAL_CSS_BUS(bus);
+
+ /* Enable hotplugging */
+ bus->allow_hotplug = 1;
+
+ return cbus;
+}
+
+/* Communication blocks used by several channel commands. */
+typedef struct VqInfoBlock {
+ uint64_t queue;
+ uint32_t align;
+ uint16_t index;
+ uint16_t num;
+} QEMU_PACKED VqInfoBlock;
+
+typedef struct VqConfigBlock {
+ uint16_t index;
+ uint16_t num_max;
+} QEMU_PACKED VqConfigBlock;
+
+typedef struct VirtioFeatDesc {
+ uint32_t features;
+ uint8_t index;
+} QEMU_PACKED VirtioFeatDesc;
+
+/* Specify where the virtqueues for the subchannel are in guest memory. */
+static int virtio_ccw_set_vqs(SubchDev *sch, uint64_t addr, uint32_t align,
+ uint16_t index, uint16_t num)
+{
+ VirtioCcwDevice *dev = sch->driver_data;
+
+ if (index > VIRTIO_PCI_QUEUE_MAX) {
+ return -EINVAL;
+ }
+
+ /* Current code in virtio.c relies on 4K alignment. */
+ if (addr && (align != 4096)) {
+ return -EINVAL;
+ }
+
+ if (!dev) {
+ return -EINVAL;
+ }
+
+ virtio_queue_set_addr(dev->vdev, index, addr);
+ if (!addr) {
+ virtio_queue_set_vector(dev->vdev, index, 0);
+ } else {
+ /* Fail if we don't have a big enough queue. */
+ /* TODO: Add interface to handle vring.num changing */
+ if (virtio_queue_get_num(dev->vdev, index) > num) {
+ return -EINVAL;
+ }
+ virtio_queue_set_vector(dev->vdev, index, index);
+ }
+ /* tell notify handler in case of config change */
+ dev->vdev->config_vector = VIRTIO_PCI_QUEUE_MAX;
+ return 0;
+}
+
+static int virtio_ccw_cb(SubchDev *sch, CCW1 ccw)
+{
+ int ret;
+ VqInfoBlock info;
+ uint8_t status;
+ VirtioFeatDesc features;
+ void *config;
+ hwaddr indicators;
+ VqConfigBlock vq_config;
+ VirtioCcwDevice *dev = sch->driver_data;
+ bool check_len;
+ int len;
+ hwaddr hw_len;
+
+ if (!dev) {
+ return -EINVAL;
+ }
+
+ trace_virtio_ccw_interpret_ccw(sch->cssid, sch->ssid, sch->schid,
+ ccw.cmd_code);
+ check_len = !((ccw.flags & CCW_FLAG_SLI) && !(ccw.flags & CCW_FLAG_DC));
+
+ /* Look at the command. */
+ switch (ccw.cmd_code) {
+ case CCW_CMD_SET_VQ:
+ if (check_len) {
+ if (ccw.count != sizeof(info)) {
+ ret = -EINVAL;
+ break;
+ }
+ } else if (ccw.count < sizeof(info)) {
+ /* Can't execute command. */
+ ret = -EINVAL;
+ break;
+ }
+ if (!ccw.cda) {
+ ret = -EFAULT;
+ } else {
+ info.queue = ldq_phys(ccw.cda);
+ info.align = ldl_phys(ccw.cda + sizeof(info.queue));
+ info.index = lduw_phys(ccw.cda + sizeof(info.queue)
+ + sizeof(info.align));
+ info.num = lduw_phys(ccw.cda + sizeof(info.queue)
+ + sizeof(info.align)
+ + sizeof(info.index));
+ ret = virtio_ccw_set_vqs(sch, info.queue, info.align, info.index,
+ info.num);
+ sch->curr_status.scsw.count = 0;
+ }
+ break;
+ case CCW_CMD_VDEV_RESET:
+ virtio_ccw_stop_ioeventfd(dev);
+ virtio_reset(dev->vdev);
+ ret = 0;
+ break;
+ case CCW_CMD_READ_FEAT:
+ if (check_len) {
+ if (ccw.count != sizeof(features)) {
+ ret = -EINVAL;
+ break;
+ }
+ } else if (ccw.count < sizeof(features)) {
+ /* Can't execute command. */
+ ret = -EINVAL;
+ break;
+ }
+ if (!ccw.cda) {
+ ret = -EFAULT;
+ } else {
+ features.index = ldub_phys(ccw.cda + sizeof(features.features));
+ if (features.index < ARRAY_SIZE(dev->host_features)) {
+ features.features = dev->host_features[features.index];
+ } else {
+ /* Return zeroes if the guest supports more feature bits. */
+ features.features = 0;
+ }
+ stl_le_phys(ccw.cda, features.features);
+ sch->curr_status.scsw.count = ccw.count - sizeof(features);
+ ret = 0;
+ }
+ break;
+ case CCW_CMD_WRITE_FEAT:
+ if (check_len) {
+ if (ccw.count != sizeof(features)) {
+ ret = -EINVAL;
+ break;
+ }
+ } else if (ccw.count < sizeof(features)) {
+ /* Can't execute command. */
+ ret = -EINVAL;
+ break;
+ }
+ if (!ccw.cda) {
+ ret = -EFAULT;
+ } else {
+ features.index = ldub_phys(ccw.cda + sizeof(features.features));
+ features.features = ldl_le_phys(ccw.cda);
+ if (features.index < ARRAY_SIZE(dev->host_features)) {
+ virtio_bus_set_vdev_features(&dev->bus, features.features);
+ dev->vdev->guest_features = features.features;
+ } else {
+ /*
+ * If the guest supports more feature bits, assert that it
+ * passes us zeroes for those we don't support.
+ */
+ if (features.features) {
+ fprintf(stderr, "Guest bug: features[%i]=%x (expected 0)\n",
+ features.index, features.features);
+ /* XXX: do a unit check here? */
+ }
+ }
+ sch->curr_status.scsw.count = ccw.count - sizeof(features);
+ ret = 0;
+ }
+ break;
+ case CCW_CMD_READ_CONF:
+ if (check_len) {
+ if (ccw.count > dev->vdev->config_len) {
+ ret = -EINVAL;
+ break;
+ }
+ }
+ len = MIN(ccw.count, dev->vdev->config_len);
+ if (!ccw.cda) {
+ ret = -EFAULT;
+ } else {
+ virtio_bus_get_vdev_config(&dev->bus, dev->vdev->config);
+ /* XXX config space endianness */
+ cpu_physical_memory_write(ccw.cda, dev->vdev->config, len);
+ sch->curr_status.scsw.count = ccw.count - len;
+ ret = 0;
+ }
+ break;
+ case CCW_CMD_WRITE_CONF:
+ if (check_len) {
+ if (ccw.count > dev->vdev->config_len) {
+ ret = -EINVAL;
+ break;
+ }
+ }
+ len = MIN(ccw.count, dev->vdev->config_len);
+ hw_len = len;
+ if (!ccw.cda) {
+ ret = -EFAULT;
+ } else {
+ config = cpu_physical_memory_map(ccw.cda, &hw_len, 0);
+ if (!config) {
+ ret = -EFAULT;
+ } else {
+ len = hw_len;
+ /* XXX config space endianness */
+ memcpy(dev->vdev->config, config, len);
+ cpu_physical_memory_unmap(config, hw_len, 0, hw_len);
+ virtio_bus_set_vdev_config(&dev->bus, dev->vdev->config);
+ sch->curr_status.scsw.count = ccw.count - len;
+ ret = 0;
+ }
+ }
+ break;
+ case CCW_CMD_WRITE_STATUS:
+ if (check_len) {
+ if (ccw.count != sizeof(status)) {
+ ret = -EINVAL;
+ break;
+ }
+ } else if (ccw.count < sizeof(status)) {
+ /* Can't execute command. */
+ ret = -EINVAL;
+ break;
+ }
+ if (!ccw.cda) {
+ ret = -EFAULT;
+ } else {
+ status = ldub_phys(ccw.cda);
+ if (!(status & VIRTIO_CONFIG_S_DRIVER_OK)) {
+ virtio_ccw_stop_ioeventfd(dev);
+ }
+ virtio_set_status(dev->vdev, status);
+ if (dev->vdev->status == 0) {
+ virtio_reset(dev->vdev);
+ }
+ if (status & VIRTIO_CONFIG_S_DRIVER_OK) {
+ virtio_ccw_start_ioeventfd(dev);
+ }
+ sch->curr_status.scsw.count = ccw.count - sizeof(status);
+ ret = 0;
+ }
+ break;
+ case CCW_CMD_SET_IND:
+ if (check_len) {
+ if (ccw.count != sizeof(indicators)) {
+ ret = -EINVAL;
+ break;
+ }
+ } else if (ccw.count < sizeof(indicators)) {
+ /* Can't execute command. */
+ ret = -EINVAL;
+ break;
+ }
+ if (!ccw.cda) {
+ ret = -EFAULT;
+ } else {
+ indicators = ldq_phys(ccw.cda);
+ dev->indicators = indicators;
+ sch->curr_status.scsw.count = ccw.count - sizeof(indicators);
+ ret = 0;
+ }
+ break;
+ case CCW_CMD_SET_CONF_IND:
+ if (check_len) {
+ if (ccw.count != sizeof(indicators)) {
+ ret = -EINVAL;
+ break;
+ }
+ } else if (ccw.count < sizeof(indicators)) {
+ /* Can't execute command. */
+ ret = -EINVAL;
+ break;
+ }
+ if (!ccw.cda) {
+ ret = -EFAULT;
+ } else {
+ indicators = ldq_phys(ccw.cda);
+ dev->indicators2 = indicators;
+ sch->curr_status.scsw.count = ccw.count - sizeof(indicators);
+ ret = 0;
+ }
+ break;
+ case CCW_CMD_READ_VQ_CONF:
+ if (check_len) {
+ if (ccw.count != sizeof(vq_config)) {
+ ret = -EINVAL;
+ break;
+ }
+ } else if (ccw.count < sizeof(vq_config)) {
+ /* Can't execute command. */
+ ret = -EINVAL;
+ break;
+ }
+ if (!ccw.cda) {
+ ret = -EFAULT;
+ } else {
+ vq_config.index = lduw_phys(ccw.cda);
+ vq_config.num_max = virtio_queue_get_num(dev->vdev,
+ vq_config.index);
+ stw_phys(ccw.cda + sizeof(vq_config.index), vq_config.num_max);
+ sch->curr_status.scsw.count = ccw.count - sizeof(vq_config);
+ ret = 0;
+ }
+ break;
+ default:
+ ret = -ENOSYS;
+ break;
+ }
+ return ret;
+}
+
+static int virtio_ccw_device_init(VirtioCcwDevice *dev, VirtIODevice *vdev)
+{
+ unsigned int cssid = 0;
+ unsigned int ssid = 0;
+ unsigned int schid;
+ unsigned int devno;
+ bool have_devno = false;
+ bool found = false;
+ SubchDev *sch;
+ int ret;
+ int num;
+ DeviceState *parent = DEVICE(dev);
+
+ sch = g_malloc0(sizeof(SubchDev));
+
+ sch->driver_data = dev;
+ dev->sch = sch;
+
+ dev->vdev = vdev;
+ dev->indicators = 0;
+
+ /* Initialize subchannel structure. */
+ sch->channel_prog = 0x0;
+ sch->last_cmd_valid = false;
+ sch->orb = NULL;
+ /*
+ * Use a device number if provided. Otherwise, fall back to subchannel
+ * number.
+ */
+ if (dev->bus_id) {
+ num = sscanf(dev->bus_id, "%x.%x.%04x", &cssid, &ssid, &devno);
+ if (num == 3) {
+ if ((cssid > MAX_CSSID) || (ssid > MAX_SSID)) {
+ ret = -EINVAL;
+ error_report("Invalid cssid or ssid: cssid %x, ssid %x",
+ cssid, ssid);
+ goto out_err;
+ }
+ /* Enforce use of virtual cssid. */
+ if (cssid != VIRTUAL_CSSID) {
+ ret = -EINVAL;
+ error_report("cssid %x not valid for virtio devices", cssid);
+ goto out_err;
+ }
+ if (css_devno_used(cssid, ssid, devno)) {
+ ret = -EEXIST;
+ error_report("Device %x.%x.%04x already exists", cssid, ssid,
+ devno);
+ goto out_err;
+ }
+ sch->cssid = cssid;
+ sch->ssid = ssid;
+ sch->devno = devno;
+ have_devno = true;
+ } else {
+ ret = -EINVAL;
+ error_report("Malformed devno parameter '%s'", dev->bus_id);
+ goto out_err;
+ }
+ }
+
+ /* Find the next free id. */
+ if (have_devno) {
+ for (schid = 0; schid <= MAX_SCHID; schid++) {
+ if (!css_find_subch(1, cssid, ssid, schid)) {
+ sch->schid = schid;
+ css_subch_assign(cssid, ssid, schid, devno, sch);
+ found = true;
+ break;
+ }
+ }
+ if (!found) {
+ ret = -ENODEV;
+ error_report("No free subchannel found for %x.%x.%04x", cssid, ssid,
+ devno);
+ goto out_err;
+ }
+ trace_virtio_ccw_new_device(cssid, ssid, schid, devno,
+ "user-configured");
+ } else {
+ cssid = VIRTUAL_CSSID;
+ for (ssid = 0; ssid <= MAX_SSID; ssid++) {
+ for (schid = 0; schid <= MAX_SCHID; schid++) {
+ if (!css_find_subch(1, cssid, ssid, schid)) {
+ sch->cssid = cssid;
+ sch->ssid = ssid;
+ sch->schid = schid;
+ devno = schid;
+ /*
+ * If the devno is already taken, look further in this
+ * subchannel set.
+ */
+ while (css_devno_used(cssid, ssid, devno)) {
+ if (devno == MAX_SCHID) {
+ devno = 0;
+ } else if (devno == schid - 1) {
+ ret = -ENODEV;
+ error_report("No free devno found");
+ goto out_err;
+ } else {
+ devno++;
+ }
+ }
+ sch->devno = devno;
+ css_subch_assign(cssid, ssid, schid, devno, sch);
+ found = true;
+ break;
+ }
+ }
+ if (found) {
+ break;
+ }
+ }
+ if (!found) {
+ ret = -ENODEV;
+ error_report("Virtual channel subsystem is full!");
+ goto out_err;
+ }
+ trace_virtio_ccw_new_device(cssid, ssid, schid, devno,
+ "auto-configured");
+ }
+
+ /* Build initial schib. */
+ css_sch_build_virtual_schib(sch, 0, VIRTIO_CCW_CHPID_TYPE);
+
+ sch->ccw_cb = virtio_ccw_cb;
+
+ /* Build senseid data. */
+ memset(&sch->id, 0, sizeof(SenseId));
+ sch->id.reserved = 0xff;
+ sch->id.cu_type = VIRTIO_CCW_CU_TYPE;
+ sch->id.cu_model = dev->vdev->device_id;
+
+ /* Only the first 32 feature bits are used. */
+ dev->host_features[0] = virtio_bus_get_vdev_features(&dev->bus,
+ dev->host_features[0]);
+
+ dev->host_features[0] |= 0x1 << VIRTIO_F_NOTIFY_ON_EMPTY;
+ dev->host_features[0] |= 0x1 << VIRTIO_F_BAD_FEATURE;
+
+ css_generate_sch_crws(sch->cssid, sch->ssid, sch->schid,
+ parent->hotplugged, 1);
+ return 0;
+
+out_err:
+ dev->sch = NULL;
+ g_free(sch);
+ return ret;
+}
+
+static int virtio_ccw_exit(VirtioCcwDevice *dev)
+{
+ SubchDev *sch = dev->sch;
+
+ virtio_ccw_stop_ioeventfd(dev);
+ if (sch) {
+ css_subch_assign(sch->cssid, sch->ssid, sch->schid, sch->devno, NULL);
+ g_free(sch);
+ }
+ dev->indicators = 0;
+ return 0;
+}
+
+static int virtio_ccw_net_init(VirtioCcwDevice *ccw_dev)
+{
+ DeviceState *qdev = DEVICE(ccw_dev);
+ VirtIONetCcw *dev = VIRTIO_NET_CCW(ccw_dev);
+ DeviceState *vdev = DEVICE(&dev->vdev);
+
+ virtio_net_set_config_size(&dev->vdev, ccw_dev->host_features[0]);
+ virtio_net_set_netclient_name(&dev->vdev, qdev->id,
+ object_get_typename(OBJECT(qdev)));
+ qdev_set_parent_bus(vdev, BUS(&ccw_dev->bus));
+ if (qdev_init(vdev) < 0) {
+ return -1;
+ }
+
+ return virtio_ccw_device_init(ccw_dev, VIRTIO_DEVICE(vdev));
+}
+
+static void virtio_ccw_net_instance_init(Object *obj)
+{
+ VirtIONetCcw *dev = VIRTIO_NET_CCW(obj);
+ object_initialize(OBJECT(&dev->vdev), TYPE_VIRTIO_NET);
+ object_property_add_child(obj, "virtio-backend", OBJECT(&dev->vdev), NULL);
+}
+
+static int virtio_ccw_blk_init(VirtioCcwDevice *ccw_dev)
+{
+ VirtIOBlkCcw *dev = VIRTIO_BLK_CCW(ccw_dev);
+ DeviceState *vdev = DEVICE(&dev->vdev);
+ virtio_blk_set_conf(vdev, &(dev->blk));
+ qdev_set_parent_bus(vdev, BUS(&ccw_dev->bus));
+ if (qdev_init(vdev) < 0) {
+ return -1;
+ }
+
+ return virtio_ccw_device_init(ccw_dev, VIRTIO_DEVICE(vdev));
+}
+
+static void virtio_ccw_blk_instance_init(Object *obj)
+{
+ VirtIOBlkCcw *dev = VIRTIO_BLK_CCW(obj);
+ object_initialize(OBJECT(&dev->vdev), TYPE_VIRTIO_BLK);
+ object_property_add_child(obj, "virtio-backend", OBJECT(&dev->vdev), NULL);
+}
+
+static int virtio_ccw_serial_init(VirtioCcwDevice *ccw_dev)
+{
+ VirtioSerialCcw *dev = VIRTIO_SERIAL_CCW(ccw_dev);
+ DeviceState *vdev = DEVICE(&dev->vdev);
+ DeviceState *proxy = DEVICE(ccw_dev);
+ char *bus_name;
+
+ /*
+ * For command line compatibility, this sets the virtio-serial-device bus
+ * name as before.
+ */
+ if (proxy->id) {
+ bus_name = g_strdup_printf("%s.0", proxy->id);
+ virtio_device_set_child_bus_name(VIRTIO_DEVICE(vdev), bus_name);
+ g_free(bus_name);
+ }
+
+ qdev_set_parent_bus(vdev, BUS(&ccw_dev->bus));
+ if (qdev_init(vdev) < 0) {
+ return -1;
+ }
+
+ return virtio_ccw_device_init(ccw_dev, VIRTIO_DEVICE(vdev));
+}
+
+
+static void virtio_ccw_serial_instance_init(Object *obj)
+{
+ VirtioSerialCcw *dev = VIRTIO_SERIAL_CCW(obj);
+ object_initialize(OBJECT(&dev->vdev), TYPE_VIRTIO_SERIAL);
+ object_property_add_child(obj, "virtio-backend", OBJECT(&dev->vdev), NULL);
+}
+
+static int virtio_ccw_balloon_init(VirtioCcwDevice *ccw_dev)
+{
+ VirtIOBalloonCcw *dev = VIRTIO_BALLOON_CCW(ccw_dev);
+ DeviceState *vdev = DEVICE(&dev->vdev);
+
+ qdev_set_parent_bus(vdev, BUS(&ccw_dev->bus));
+ if (qdev_init(vdev) < 0) {
+ return -1;
+ }
+
+ return virtio_ccw_device_init(ccw_dev, VIRTIO_DEVICE(vdev));
+}
+
+static void balloon_ccw_stats_get_all(Object *obj, struct Visitor *v,
+ void *opaque, const char *name,
+ Error **errp)
+{
+ VirtIOBalloonCcw *dev = opaque;
+ object_property_get(OBJECT(&dev->vdev), v, "guest-stats", errp);
+}
+
+static void balloon_ccw_stats_get_poll_interval(Object *obj, struct Visitor *v,
+ void *opaque, const char *name,
+ Error **errp)
+{
+ VirtIOBalloonCcw *dev = opaque;
+ object_property_get(OBJECT(&dev->vdev), v, "guest-stats-polling-interval",
+ errp);
+}
+
+static void balloon_ccw_stats_set_poll_interval(Object *obj, struct Visitor *v,
+ void *opaque, const char *name,
+ Error **errp)
+{
+ VirtIOBalloonCcw *dev = opaque;
+ object_property_set(OBJECT(&dev->vdev), v, "guest-stats-polling-interval",
+ errp);
+}
+
+static void virtio_ccw_balloon_instance_init(Object *obj)
+{
+ VirtIOBalloonCcw *dev = VIRTIO_BALLOON_CCW(obj);
+ object_initialize(OBJECT(&dev->vdev), TYPE_VIRTIO_BALLOON);
+ object_property_add_child(obj, "virtio-backend", OBJECT(&dev->vdev), NULL);
+
+ object_property_add(obj, "guest-stats", "guest statistics",
+ balloon_ccw_stats_get_all, NULL, NULL, dev, NULL);
+
+ object_property_add(obj, "guest-stats-polling-interval", "int",
+ balloon_ccw_stats_get_poll_interval,
+ balloon_ccw_stats_set_poll_interval,
+ NULL, dev, NULL);
+}
+
+static int virtio_ccw_scsi_init(VirtioCcwDevice *ccw_dev)
+{
+ VirtIOSCSICcw *dev = VIRTIO_SCSI_CCW(ccw_dev);
+ DeviceState *vdev = DEVICE(&dev->vdev);
+ DeviceState *qdev = DEVICE(ccw_dev);
+ char *bus_name;
+
+ /*
+ * For command line compatibility, this sets the virtio-scsi-device bus
+ * name as before.
+ */
+ if (qdev->id) {
+ bus_name = g_strdup_printf("%s.0", qdev->id);
+ virtio_device_set_child_bus_name(VIRTIO_DEVICE(vdev), bus_name);
+ g_free(bus_name);
+ }
+
+ qdev_set_parent_bus(vdev, BUS(&ccw_dev->bus));
+ if (qdev_init(vdev) < 0) {
+ return -1;
+ }
+
+ return virtio_ccw_device_init(ccw_dev, VIRTIO_DEVICE(vdev));
+}
+
+static void virtio_ccw_scsi_instance_init(Object *obj)
+{
+ VirtIOSCSICcw *dev = VIRTIO_SCSI_CCW(obj);
+ object_initialize(OBJECT(&dev->vdev), TYPE_VIRTIO_SCSI);
+ object_property_add_child(obj, "virtio-backend", OBJECT(&dev->vdev), NULL);
+}
+
+#ifdef CONFIG_VHOST_SCSI
+static int vhost_ccw_scsi_init(VirtioCcwDevice *ccw_dev)
+{
+ VHostSCSICcw *dev = VHOST_SCSI_CCW(ccw_dev);
+ DeviceState *vdev = DEVICE(&dev->vdev);
+
+ qdev_set_parent_bus(vdev, BUS(&ccw_dev->bus));
+ if (qdev_init(vdev) < 0) {
+ return -1;
+ }
+
+ return virtio_ccw_device_init(ccw_dev, VIRTIO_DEVICE(vdev));
+}
+
+static void vhost_ccw_scsi_instance_init(Object *obj)
+{
+ VHostSCSICcw *dev = VHOST_SCSI_CCW(obj);
+ object_initialize(OBJECT(&dev->vdev), TYPE_VHOST_SCSI);
+ object_property_add_child(obj, "virtio-backend", OBJECT(&dev->vdev), NULL);
+}
+#endif
+
+static int virtio_ccw_rng_init(VirtioCcwDevice *ccw_dev)
+{
+ VirtIORNGCcw *dev = VIRTIO_RNG_CCW(ccw_dev);
+ DeviceState *vdev = DEVICE(&dev->vdev);
+
+ qdev_set_parent_bus(vdev, BUS(&ccw_dev->bus));
+ if (qdev_init(vdev) < 0) {
+ return -1;
+ }
+
+ object_property_set_link(OBJECT(dev),
+ OBJECT(dev->vdev.conf.rng), "rng",
+ NULL);
+
+ return virtio_ccw_device_init(ccw_dev, VIRTIO_DEVICE(vdev));
+}
+
+/* DeviceState to VirtioCcwDevice. Note: used on datapath,
+ * be careful and test performance if you change this.
+ */
+static inline VirtioCcwDevice *to_virtio_ccw_dev_fast(DeviceState *d)
+{
+ return container_of(d, VirtioCcwDevice, parent_obj);
+}
+
+static void virtio_ccw_notify(DeviceState *d, uint16_t vector)
+{
+ VirtioCcwDevice *dev = to_virtio_ccw_dev_fast(d);
+ SubchDev *sch = dev->sch;
+ uint64_t indicators;
+
+ if (vector >= 128) {
+ return;
+ }
+
+ if (vector < VIRTIO_PCI_QUEUE_MAX) {
+ if (!dev->indicators) {
+ return;
+ }
+ indicators = ldq_phys(dev->indicators);
+ indicators |= 1ULL << vector;
+ stq_phys(dev->indicators, indicators);
+ } else {
+ if (!dev->indicators2) {
+ return;
+ }
+ vector = 0;
+ indicators = ldq_phys(dev->indicators2);
+ indicators |= 1ULL << vector;
+ stq_phys(dev->indicators2, indicators);
+ }
+
+ css_conditional_io_interrupt(sch);
+
+}
+
+static unsigned virtio_ccw_get_features(DeviceState *d)
+{
+ VirtioCcwDevice *dev = VIRTIO_CCW_DEVICE(d);
+
+ /* Only the first 32 feature bits are used. */
+ return dev->host_features[0];
+}
+
+static void virtio_ccw_reset(DeviceState *d)
+{
+ VirtioCcwDevice *dev = VIRTIO_CCW_DEVICE(d);
+
+ virtio_ccw_stop_ioeventfd(dev);
+ virtio_reset(dev->vdev);
+ css_reset_sch(dev->sch);
+ dev->indicators = 0;
+ dev->indicators2 = 0;
+}
+
+static void virtio_ccw_vmstate_change(DeviceState *d, bool running)
+{
+ VirtioCcwDevice *dev = VIRTIO_CCW_DEVICE(d);
+
+ if (running) {
+ virtio_ccw_start_ioeventfd(dev);
+ } else {
+ virtio_ccw_stop_ioeventfd(dev);
+ }
+}
+
+static bool virtio_ccw_query_guest_notifiers(DeviceState *d)
+{
+ VirtioCcwDevice *dev = VIRTIO_CCW_DEVICE(d);
+
+ return !!(dev->sch->curr_status.pmcw.flags & PMCW_FLAGS_MASK_ENA);
+}
+
+static int virtio_ccw_set_host_notifier(DeviceState *d, int n, bool assign)
+{
+ VirtioCcwDevice *dev = VIRTIO_CCW_DEVICE(d);
+
+ /* Stop using the generic ioeventfd, we are doing eventfd handling
+ * ourselves below */
+ dev->ioeventfd_disabled = assign;
+ if (assign) {
+ virtio_ccw_stop_ioeventfd(dev);
+ }
+ return virtio_ccw_set_guest2host_notifier(dev, n, assign, false);
+}
+
+static int virtio_ccw_set_guest_notifier(VirtioCcwDevice *dev, int n,
+ bool assign, bool with_irqfd)
+{
+ VirtQueue *vq = virtio_get_queue(dev->vdev, n);
+ EventNotifier *notifier = virtio_queue_get_guest_notifier(vq);
+ VirtioDeviceClass *k = VIRTIO_DEVICE_GET_CLASS(dev->vdev);
+
+ if (assign) {
+ int r = event_notifier_init(notifier, 0);
+
+ if (r < 0) {
+ return r;
+ }
+ virtio_queue_set_guest_notifier_fd_handler(vq, true, with_irqfd);
+ /* We do not support irqfd for classic I/O interrupts, because the
+ * classic interrupts are intermixed with the subchannel status, that
+ * is queried with test subchannel. We want to use vhost, though.
+ * Lets make sure to have vhost running and wire up the irq fd to
+ * land in qemu (and only the irq fd) in this code.
+ */
+ if (k->guest_notifier_mask) {
+ k->guest_notifier_mask(dev->vdev, n, false);
+ }
+ /* get lost events and re-inject */
+ if (k->guest_notifier_pending &&
+ k->guest_notifier_pending(dev->vdev, n)) {
+ event_notifier_set(notifier);
+ }
+ } else {
+ if (k->guest_notifier_mask) {
+ k->guest_notifier_mask(dev->vdev, n, true);
+ }
+ virtio_queue_set_guest_notifier_fd_handler(vq, false, with_irqfd);
+ event_notifier_cleanup(notifier);
+ }
+ return 0;
+}
+
+static int virtio_ccw_set_guest_notifiers(DeviceState *d, int nvqs,
+ bool assigned)
+{
+ VirtioCcwDevice *dev = VIRTIO_CCW_DEVICE(d);
+ VirtIODevice *vdev = dev->vdev;
+ int r, n;
+
+ for (n = 0; n < nvqs; n++) {
+ if (!virtio_queue_get_num(vdev, n)) {
+ break;
+ }
+ /* false -> true, as soon as irqfd works */
+ r = virtio_ccw_set_guest_notifier(dev, n, assigned, false);
+ if (r < 0) {
+ goto assign_error;
+ }
+ }
+ return 0;
+
+assign_error:
+ while (--n >= 0) {
+ virtio_ccw_set_guest_notifier(dev, n, !assigned, false);
+ }
+ return r;
+}
+
+/**************** Virtio-ccw Bus Device Descriptions *******************/
+
+static Property virtio_ccw_net_properties[] = {
+ DEFINE_PROP_STRING("devno", VirtioCcwDevice, bus_id),
+ DEFINE_VIRTIO_NET_FEATURES(VirtioCcwDevice, host_features[0]),
+ DEFINE_VIRTIO_NET_PROPERTIES(VirtIONetCcw, vdev.net_conf),
+ DEFINE_NIC_PROPERTIES(VirtIONetCcw, vdev.nic_conf),
+ DEFINE_PROP_BIT("ioeventfd", VirtioCcwDevice, flags,
+ VIRTIO_CCW_FLAG_USE_IOEVENTFD_BIT, true),
+ DEFINE_PROP_END_OF_LIST(),
+};
+
+static void virtio_ccw_net_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ VirtIOCCWDeviceClass *k = VIRTIO_CCW_DEVICE_CLASS(klass);
+
+ k->init = virtio_ccw_net_init;
+ k->exit = virtio_ccw_exit;
+ dc->reset = virtio_ccw_reset;
+ dc->props = virtio_ccw_net_properties;
+}
+
+static const TypeInfo virtio_ccw_net = {
+ .name = TYPE_VIRTIO_NET_CCW,
+ .parent = TYPE_VIRTIO_CCW_DEVICE,
+ .instance_size = sizeof(VirtIONetCcw),
+ .instance_init = virtio_ccw_net_instance_init,
+ .class_init = virtio_ccw_net_class_init,
+};
+
+static Property virtio_ccw_blk_properties[] = {
+ DEFINE_PROP_STRING("devno", VirtioCcwDevice, bus_id),
+ DEFINE_VIRTIO_BLK_FEATURES(VirtioCcwDevice, host_features[0]),
+ DEFINE_VIRTIO_BLK_PROPERTIES(VirtIOBlkCcw, blk),
+ DEFINE_PROP_BIT("ioeventfd", VirtioCcwDevice, flags,
+ VIRTIO_CCW_FLAG_USE_IOEVENTFD_BIT, true),
+#ifdef CONFIG_VIRTIO_BLK_DATA_PLANE
+ DEFINE_PROP_BIT("x-data-plane", VirtIOBlkCcw, blk.data_plane, 0, false),
+#endif
+ DEFINE_PROP_END_OF_LIST(),
+};
+
+static void virtio_ccw_blk_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ VirtIOCCWDeviceClass *k = VIRTIO_CCW_DEVICE_CLASS(klass);
+
+ k->init = virtio_ccw_blk_init;
+ k->exit = virtio_ccw_exit;
+ dc->reset = virtio_ccw_reset;
+ dc->props = virtio_ccw_blk_properties;
+}
+
+static const TypeInfo virtio_ccw_blk = {
+ .name = TYPE_VIRTIO_BLK_CCW,
+ .parent = TYPE_VIRTIO_CCW_DEVICE,
+ .instance_size = sizeof(VirtIOBlkCcw),
+ .instance_init = virtio_ccw_blk_instance_init,
+ .class_init = virtio_ccw_blk_class_init,
+};
+
+static Property virtio_ccw_serial_properties[] = {
+ DEFINE_PROP_STRING("devno", VirtioCcwDevice, bus_id),
+ DEFINE_VIRTIO_SERIAL_PROPERTIES(VirtioSerialCcw, vdev.serial),
+ DEFINE_VIRTIO_COMMON_FEATURES(VirtioCcwDevice, host_features[0]),
+ DEFINE_PROP_BIT("ioeventfd", VirtioCcwDevice, flags,
+ VIRTIO_CCW_FLAG_USE_IOEVENTFD_BIT, true),
+ DEFINE_PROP_END_OF_LIST(),
+};
+
+static void virtio_ccw_serial_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ VirtIOCCWDeviceClass *k = VIRTIO_CCW_DEVICE_CLASS(klass);
+
+ k->init = virtio_ccw_serial_init;
+ k->exit = virtio_ccw_exit;
+ dc->reset = virtio_ccw_reset;
+ dc->props = virtio_ccw_serial_properties;
+}
+
+static const TypeInfo virtio_ccw_serial = {
+ .name = TYPE_VIRTIO_SERIAL_CCW,
+ .parent = TYPE_VIRTIO_CCW_DEVICE,
+ .instance_size = sizeof(VirtioSerialCcw),
+ .instance_init = virtio_ccw_serial_instance_init,
+ .class_init = virtio_ccw_serial_class_init,
+};
+
+static Property virtio_ccw_balloon_properties[] = {
+ DEFINE_PROP_STRING("devno", VirtioCcwDevice, bus_id),
+ DEFINE_VIRTIO_COMMON_FEATURES(VirtioCcwDevice, host_features[0]),
+ DEFINE_PROP_BIT("ioeventfd", VirtioCcwDevice, flags,
+ VIRTIO_CCW_FLAG_USE_IOEVENTFD_BIT, true),
+ DEFINE_PROP_END_OF_LIST(),
+};
+
+static void virtio_ccw_balloon_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ VirtIOCCWDeviceClass *k = VIRTIO_CCW_DEVICE_CLASS(klass);
+
+ k->init = virtio_ccw_balloon_init;
+ k->exit = virtio_ccw_exit;
+ dc->reset = virtio_ccw_reset;
+ dc->props = virtio_ccw_balloon_properties;
+}
+
+static const TypeInfo virtio_ccw_balloon = {
+ .name = TYPE_VIRTIO_BALLOON_CCW,
+ .parent = TYPE_VIRTIO_CCW_DEVICE,
+ .instance_size = sizeof(VirtIOBalloonCcw),
+ .instance_init = virtio_ccw_balloon_instance_init,
+ .class_init = virtio_ccw_balloon_class_init,
+};
+
+static Property virtio_ccw_scsi_properties[] = {
+ DEFINE_PROP_STRING("devno", VirtioCcwDevice, bus_id),
+ DEFINE_VIRTIO_SCSI_PROPERTIES(VirtIOSCSICcw, vdev.parent_obj.conf),
+ DEFINE_VIRTIO_SCSI_FEATURES(VirtioCcwDevice, host_features[0]),
+ DEFINE_PROP_BIT("ioeventfd", VirtioCcwDevice, flags,
+ VIRTIO_CCW_FLAG_USE_IOEVENTFD_BIT, true),
+ DEFINE_PROP_END_OF_LIST(),
+};
+
+static void virtio_ccw_scsi_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ VirtIOCCWDeviceClass *k = VIRTIO_CCW_DEVICE_CLASS(klass);
+
+ k->init = virtio_ccw_scsi_init;
+ k->exit = virtio_ccw_exit;
+ dc->reset = virtio_ccw_reset;
+ dc->props = virtio_ccw_scsi_properties;
+}
+
+static const TypeInfo virtio_ccw_scsi = {
+ .name = TYPE_VIRTIO_SCSI_CCW,
+ .parent = TYPE_VIRTIO_CCW_DEVICE,
+ .instance_size = sizeof(VirtIOSCSICcw),
+ .instance_init = virtio_ccw_scsi_instance_init,
+ .class_init = virtio_ccw_scsi_class_init,
+};
+
+#ifdef CONFIG_VHOST_SCSI
+static Property vhost_ccw_scsi_properties[] = {
+ DEFINE_PROP_STRING("devno", VirtioCcwDevice, bus_id),
+ DEFINE_VHOST_SCSI_PROPERTIES(VirtIOSCSICcw, vdev.parent_obj.conf),
+ DEFINE_VIRTIO_COMMON_FEATURES(VirtioCcwDevice, host_features[0]),
+ DEFINE_PROP_END_OF_LIST(),
+};
+
+static void vhost_ccw_scsi_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ VirtIOCCWDeviceClass *k = VIRTIO_CCW_DEVICE_CLASS(klass);
+
+ k->init = vhost_ccw_scsi_init;
+ k->exit = virtio_ccw_exit;
+ dc->reset = virtio_ccw_reset;
+ dc->props = vhost_ccw_scsi_properties;
+}
+
+static const TypeInfo vhost_ccw_scsi = {
+ .name = TYPE_VHOST_SCSI_CCW,
+ .parent = TYPE_VIRTIO_CCW_DEVICE,
+ .instance_size = sizeof(VirtIOSCSICcw),
+ .instance_init = vhost_ccw_scsi_instance_init,
+ .class_init = vhost_ccw_scsi_class_init,
+};
+#endif
+
+static void virtio_ccw_rng_instance_init(Object *obj)
+{
+ VirtIORNGCcw *dev = VIRTIO_RNG_CCW(obj);
+ object_initialize(OBJECT(&dev->vdev), TYPE_VIRTIO_RNG);
+ object_property_add_child(obj, "virtio-backend", OBJECT(&dev->vdev), NULL);
+ object_property_add_link(obj, "rng", TYPE_RNG_BACKEND,
+ (Object **)&dev->vdev.conf.rng, NULL);
+}
+
+static Property virtio_ccw_rng_properties[] = {
+ DEFINE_PROP_STRING("devno", VirtioCcwDevice, bus_id),
+ DEFINE_VIRTIO_COMMON_FEATURES(VirtioCcwDevice, host_features[0]),
+ DEFINE_VIRTIO_RNG_PROPERTIES(VirtIORNGCcw, vdev.conf),
+ DEFINE_PROP_BIT("ioeventfd", VirtioCcwDevice, flags,
+ VIRTIO_CCW_FLAG_USE_IOEVENTFD_BIT, true),
+ DEFINE_PROP_END_OF_LIST(),
+};
+
+static void virtio_ccw_rng_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ VirtIOCCWDeviceClass *k = VIRTIO_CCW_DEVICE_CLASS(klass);
+
+ k->init = virtio_ccw_rng_init;
+ k->exit = virtio_ccw_exit;
+ dc->reset = virtio_ccw_reset;
+ dc->props = virtio_ccw_rng_properties;
+}
+
+static const TypeInfo virtio_ccw_rng = {
+ .name = TYPE_VIRTIO_RNG_CCW,
+ .parent = TYPE_VIRTIO_CCW_DEVICE,
+ .instance_size = sizeof(VirtIORNGCcw),
+ .instance_init = virtio_ccw_rng_instance_init,
+ .class_init = virtio_ccw_rng_class_init,
+};
+
+static int virtio_ccw_busdev_init(DeviceState *dev)
+{
+ VirtioCcwDevice *_dev = (VirtioCcwDevice *)dev;
+ VirtIOCCWDeviceClass *_info = VIRTIO_CCW_DEVICE_GET_CLASS(dev);
+
+ virtio_ccw_bus_new(&_dev->bus, _dev);
+
+ return _info->init(_dev);
+}
+
+static int virtio_ccw_busdev_exit(DeviceState *dev)
+{
+ VirtioCcwDevice *_dev = (VirtioCcwDevice *)dev;
+ VirtIOCCWDeviceClass *_info = VIRTIO_CCW_DEVICE_GET_CLASS(dev);
+
+ return _info->exit(_dev);
+}
+
+static int virtio_ccw_busdev_unplug(DeviceState *dev)
+{
+ VirtioCcwDevice *_dev = (VirtioCcwDevice *)dev;
+ SubchDev *sch = _dev->sch;
+
+ /*
+ * We should arrive here only for device_del, since we don't support
+ * direct hot(un)plug of channels, but only through virtio.
+ */
+ assert(sch != NULL);
+ /* Subchannel is now disabled and no longer valid. */
+ sch->curr_status.pmcw.flags &= ~(PMCW_FLAGS_MASK_ENA |
+ PMCW_FLAGS_MASK_DNV);
+
+ css_generate_sch_crws(sch->cssid, sch->ssid, sch->schid, 1, 0);
+
+ qdev_free(dev);
+ return 0;
+}
+
+static void virtio_ccw_device_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+
+ dc->init = virtio_ccw_busdev_init;
+ dc->exit = virtio_ccw_busdev_exit;
+ dc->unplug = virtio_ccw_busdev_unplug;
+ dc->bus_type = TYPE_VIRTUAL_CSS_BUS;
+
+}
+
+static const TypeInfo virtio_ccw_device_info = {
+ .name = TYPE_VIRTIO_CCW_DEVICE,
+ .parent = TYPE_DEVICE,
+ .instance_size = sizeof(VirtioCcwDevice),
+ .class_init = virtio_ccw_device_class_init,
+ .class_size = sizeof(VirtIOCCWDeviceClass),
+ .abstract = true,
+};
+
+/***************** Virtual-css Bus Bridge Device ********************/
+/* Only required to have the virtio bus as child in the system bus */
+
+static int virtual_css_bridge_init(SysBusDevice *dev)
+{
+ /* nothing */
+ return 0;
+}
+
+static void virtual_css_bridge_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
+
+ k->init = virtual_css_bridge_init;
+ dc->no_user = 1;
+}
+
+static const TypeInfo virtual_css_bridge_info = {
+ .name = "virtual-css-bridge",
+ .parent = TYPE_SYS_BUS_DEVICE,
+ .instance_size = sizeof(SysBusDevice),
+ .class_init = virtual_css_bridge_class_init,
+};
+
+/* virtio-ccw-bus */
+
+static void virtio_ccw_bus_new(VirtioBusState *bus, VirtioCcwDevice *dev)
+{
+ DeviceState *qdev = DEVICE(dev);
+ BusState *qbus;
+ char virtio_bus_name[] = "virtio-bus";
+
+ qbus_create_inplace((BusState *)bus, TYPE_VIRTIO_CCW_BUS, qdev,
+ virtio_bus_name);
+ qbus = BUS(bus);
+ qbus->allow_hotplug = 1;
+}
+
+static void virtio_ccw_bus_class_init(ObjectClass *klass, void *data)
+{
+ VirtioBusClass *k = VIRTIO_BUS_CLASS(klass);
+ BusClass *bus_class = BUS_CLASS(klass);
+
+ bus_class->max_dev = 1;
+ k->notify = virtio_ccw_notify;
+ k->get_features = virtio_ccw_get_features;
+ k->vmstate_change = virtio_ccw_vmstate_change;
+ k->query_guest_notifiers = virtio_ccw_query_guest_notifiers;
+ k->set_host_notifier = virtio_ccw_set_host_notifier;
+ k->set_guest_notifiers = virtio_ccw_set_guest_notifiers;
+}
+
+static const TypeInfo virtio_ccw_bus_info = {
+ .name = TYPE_VIRTIO_CCW_BUS,
+ .parent = TYPE_VIRTIO_BUS,
+ .instance_size = sizeof(VirtioCcwBusState),
+ .class_init = virtio_ccw_bus_class_init,
+};
+
+static void virtio_ccw_register(void)
+{
+ type_register_static(&virtio_ccw_bus_info);
+ type_register_static(&virtual_css_bus_info);
+ type_register_static(&virtio_ccw_device_info);
+ type_register_static(&virtio_ccw_serial);
+ type_register_static(&virtio_ccw_blk);
+ type_register_static(&virtio_ccw_net);
+ type_register_static(&virtio_ccw_balloon);
+ type_register_static(&virtio_ccw_scsi);
+#ifdef CONFIG_VHOST_SCSI
+ type_register_static(&vhost_ccw_scsi);
+#endif
+ type_register_static(&virtio_ccw_rng);
+ type_register_static(&virtual_css_bridge_info);
+}
+
+type_init(virtio_ccw_register)
diff --git a/hw/s390x/virtio-ccw.h b/hw/s390x/virtio-ccw.h
new file mode 100644
index 000000000..96d6f5d5b
--- /dev/null
+++ b/hw/s390x/virtio-ccw.h
@@ -0,0 +1,184 @@
+/*
+ * virtio ccw target definitions
+ *
+ * Copyright 2012 IBM Corp.
+ * Author(s): Cornelia Huck <cornelia.huck@de.ibm.com>
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or (at
+ * your option) any later version. See the COPYING file in the top-level
+ * directory.
+ */
+
+#ifndef HW_S390X_VIRTIO_CCW_H
+#define HW_S390X_VIRTIO_CCW_H
+
+#include <hw/virtio/virtio-blk.h>
+#include <hw/virtio/virtio-net.h>
+#include <hw/virtio/virtio-serial.h>
+#include <hw/virtio/virtio-scsi.h>
+#ifdef CONFIG_VHOST_SCSI
+#include <hw/virtio/vhost-scsi.h>
+#endif
+#include <hw/virtio/virtio-balloon.h>
+#include <hw/virtio/virtio-rng.h>
+#include <hw/virtio/virtio-bus.h>
+
+#define VIRTUAL_CSSID 0xfe
+
+#define VIRTIO_CCW_CU_TYPE 0x3832
+#define VIRTIO_CCW_CHPID_TYPE 0x32
+
+#define CCW_CMD_SET_VQ 0x13
+#define CCW_CMD_VDEV_RESET 0x33
+#define CCW_CMD_READ_FEAT 0x12
+#define CCW_CMD_WRITE_FEAT 0x11
+#define CCW_CMD_READ_CONF 0x22
+#define CCW_CMD_WRITE_CONF 0x21
+#define CCW_CMD_WRITE_STATUS 0x31
+#define CCW_CMD_SET_IND 0x43
+#define CCW_CMD_SET_CONF_IND 0x53
+#define CCW_CMD_READ_VQ_CONF 0x32
+
+#define TYPE_VIRTIO_CCW_DEVICE "virtio-ccw-device"
+#define VIRTIO_CCW_DEVICE(obj) \
+ OBJECT_CHECK(VirtioCcwDevice, (obj), TYPE_VIRTIO_CCW_DEVICE)
+#define VIRTIO_CCW_DEVICE_CLASS(klass) \
+ OBJECT_CLASS_CHECK(VirtIOCCWDeviceClass, (klass), TYPE_VIRTIO_CCW_DEVICE)
+#define VIRTIO_CCW_DEVICE_GET_CLASS(obj) \
+ OBJECT_GET_CLASS(VirtIOCCWDeviceClass, (obj), TYPE_VIRTIO_CCW_DEVICE)
+
+typedef struct VirtioBusState VirtioCcwBusState;
+typedef struct VirtioBusClass VirtioCcwBusClass;
+
+#define TYPE_VIRTIO_CCW_BUS "virtio-ccw-bus"
+#define VIRTIO_CCW_BUS(obj) \
+ OBJECT_CHECK(VirtioCcwBus, (obj), TYPE_VIRTIO_CCW_BUS)
+#define VIRTIO_CCW_BUS_GET_CLASS(obj) \
+ OBJECT_CHECK(VirtioCcwBusState, (obj), TYPE_VIRTIO_CCW_BUS)
+#define VIRTIO_CCW_BUS_CLASS(klass) \
+ OBJECT_CLASS_CHECK(VirtioCcwBusClass, klass, TYPE_VIRTIO_CCW_BUS)
+
+typedef struct VirtioCcwDevice VirtioCcwDevice;
+
+typedef struct VirtIOCCWDeviceClass {
+ DeviceClass parent_class;
+ int (*init)(VirtioCcwDevice *dev);
+ int (*exit)(VirtioCcwDevice *dev);
+} VirtIOCCWDeviceClass;
+
+/* Change here if we want to support more feature bits. */
+#define VIRTIO_CCW_FEATURE_SIZE 1
+
+/* Performance improves when virtqueue kick processing is decoupled from the
+ * vcpu thread using ioeventfd for some devices. */
+#define VIRTIO_CCW_FLAG_USE_IOEVENTFD_BIT 1
+#define VIRTIO_CCW_FLAG_USE_IOEVENTFD (1 << VIRTIO_CCW_FLAG_USE_IOEVENTFD_BIT)
+
+struct VirtioCcwDevice {
+ DeviceState parent_obj;
+ SubchDev *sch;
+ VirtIODevice *vdev;
+ char *bus_id;
+ uint32_t host_features[VIRTIO_CCW_FEATURE_SIZE];
+ VirtioBusState bus;
+ bool ioeventfd_started;
+ bool ioeventfd_disabled;
+ uint32_t flags;
+ /* Guest provided values: */
+ hwaddr indicators;
+ hwaddr indicators2;
+};
+
+/* virtual css bus type */
+typedef struct VirtualCssBus {
+ BusState parent_obj;
+} VirtualCssBus;
+
+#define TYPE_VIRTUAL_CSS_BUS "virtual-css-bus"
+#define VIRTUAL_CSS_BUS(obj) \
+ OBJECT_CHECK(VirtualCssBus, (obj), TYPE_VIRTUAL_CSS_BUS)
+
+/* virtio-scsi-ccw */
+
+#define TYPE_VIRTIO_SCSI_CCW "virtio-scsi-ccw"
+#define VIRTIO_SCSI_CCW(obj) \
+ OBJECT_CHECK(VirtIOSCSICcw, (obj), TYPE_VIRTIO_SCSI_CCW)
+
+typedef struct VirtIOSCSICcw {
+ VirtioCcwDevice parent_obj;
+ VirtIOSCSI vdev;
+} VirtIOSCSICcw;
+
+#ifdef CONFIG_VHOST_SCSI
+/* vhost-scsi-ccw */
+
+#define TYPE_VHOST_SCSI_CCW "vhost-scsi-ccw"
+#define VHOST_SCSI_CCW(obj) \
+ OBJECT_CHECK(VHostSCSICcw, (obj), TYPE_VHOST_SCSI_CCW)
+
+typedef struct VHostSCSICcw {
+ VirtioCcwDevice parent_obj;
+ VHostSCSI vdev;
+} VHostSCSICcw;
+#endif
+
+/* virtio-blk-ccw */
+
+#define TYPE_VIRTIO_BLK_CCW "virtio-blk-ccw"
+#define VIRTIO_BLK_CCW(obj) \
+ OBJECT_CHECK(VirtIOBlkCcw, (obj), TYPE_VIRTIO_BLK_CCW)
+
+typedef struct VirtIOBlkCcw {
+ VirtioCcwDevice parent_obj;
+ VirtIOBlock vdev;
+ VirtIOBlkConf blk;
+} VirtIOBlkCcw;
+
+/* virtio-balloon-ccw */
+
+#define TYPE_VIRTIO_BALLOON_CCW "virtio-balloon-ccw"
+#define VIRTIO_BALLOON_CCW(obj) \
+ OBJECT_CHECK(VirtIOBalloonCcw, (obj), TYPE_VIRTIO_BALLOON_CCW)
+
+typedef struct VirtIOBalloonCcw {
+ VirtioCcwDevice parent_obj;
+ VirtIOBalloon vdev;
+} VirtIOBalloonCcw;
+
+/* virtio-serial-ccw */
+
+#define TYPE_VIRTIO_SERIAL_CCW "virtio-serial-ccw"
+#define VIRTIO_SERIAL_CCW(obj) \
+ OBJECT_CHECK(VirtioSerialCcw, (obj), TYPE_VIRTIO_SERIAL_CCW)
+
+typedef struct VirtioSerialCcw {
+ VirtioCcwDevice parent_obj;
+ VirtIOSerial vdev;
+} VirtioSerialCcw;
+
+/* virtio-net-ccw */
+
+#define TYPE_VIRTIO_NET_CCW "virtio-net-ccw"
+#define VIRTIO_NET_CCW(obj) \
+ OBJECT_CHECK(VirtIONetCcw, (obj), TYPE_VIRTIO_NET_CCW)
+
+typedef struct VirtIONetCcw {
+ VirtioCcwDevice parent_obj;
+ VirtIONet vdev;
+} VirtIONetCcw;
+
+/* virtio-rng-ccw */
+
+#define TYPE_VIRTIO_RNG_CCW "virtio-rng-ccw"
+#define VIRTIO_RNG_CCW(obj) \
+ OBJECT_CHECK(VirtIORNGCcw, (obj), TYPE_VIRTIO_RNG_CCW)
+
+typedef struct VirtIORNGCcw {
+ VirtioCcwDevice parent_obj;
+ VirtIORNG vdev;
+} VirtIORNGCcw;
+
+VirtualCssBus *virtual_css_bus_init(void);
+void virtio_ccw_device_update_status(SubchDev *sch);
+VirtIODevice *virtio_ccw_get_vdev(SubchDev *sch);
+#endif
diff --git a/hw/sb16.c b/hw/sb16.c
deleted file mode 100644
index 523ab0d5f..000000000
--- a/hw/sb16.c
+++ /dev/null
@@ -1,1424 +0,0 @@
-/*
- * QEMU Soundblaster 16 emulation
- *
- * Copyright (c) 2003-2005 Vassili Karpov (malc)
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
- * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
- * THE SOFTWARE.
- */
-#include "hw.h"
-#include "audiodev.h"
-#include "audio/audio.h"
-#include "isa.h"
-#include "qdev.h"
-#include "qemu-timer.h"
-#include "host-utils.h"
-
-#define dolog(...) AUD_log ("sb16", __VA_ARGS__)
-
-/* #define DEBUG */
-/* #define DEBUG_SB16_MOST */
-
-#ifdef DEBUG
-#define ldebug(...) dolog (__VA_ARGS__)
-#else
-#define ldebug(...)
-#endif
-
-#define IO_READ_PROTO(name) \
- uint32_t name (void *opaque, uint32_t nport)
-#define IO_WRITE_PROTO(name) \
- void name (void *opaque, uint32_t nport, uint32_t val)
-
-static const char e3[] = "COPYRIGHT (C) CREATIVE TECHNOLOGY LTD, 1992.";
-
-typedef struct SB16State {
- ISADevice dev;
- QEMUSoundCard card;
- qemu_irq pic;
- uint32_t irq;
- uint32_t dma;
- uint32_t hdma;
- uint32_t port;
- uint32_t ver;
-
- int in_index;
- int out_data_len;
- int fmt_stereo;
- int fmt_signed;
- int fmt_bits;
- audfmt_e fmt;
- int dma_auto;
- int block_size;
- int fifo;
- int freq;
- int time_const;
- int speaker;
- int needed_bytes;
- int cmd;
- int use_hdma;
- int highspeed;
- int can_write;
-
- int v2x6;
-
- uint8_t csp_param;
- uint8_t csp_value;
- uint8_t csp_mode;
- uint8_t csp_regs[256];
- uint8_t csp_index;
- uint8_t csp_reg83[4];
- int csp_reg83r;
- int csp_reg83w;
-
- uint8_t in2_data[10];
- uint8_t out_data[50];
- uint8_t test_reg;
- uint8_t last_read_byte;
- int nzero;
-
- int left_till_irq;
-
- int dma_running;
- int bytes_per_second;
- int align;
- int audio_free;
- SWVoiceOut *voice;
-
- QEMUTimer *aux_ts;
- /* mixer state */
- int mixer_nreg;
- uint8_t mixer_regs[256];
-} SB16State;
-
-static void SB_audio_callback (void *opaque, int free);
-
-static int magic_of_irq (int irq)
-{
- switch (irq) {
- case 5:
- return 2;
- case 7:
- return 4;
- case 9:
- return 1;
- case 10:
- return 8;
- default:
- dolog ("bad irq %d\n", irq);
- return 2;
- }
-}
-
-static int irq_of_magic (int magic)
-{
- switch (magic) {
- case 1:
- return 9;
- case 2:
- return 5;
- case 4:
- return 7;
- case 8:
- return 10;
- default:
- dolog ("bad irq magic %d\n", magic);
- return -1;
- }
-}
-
-#if 0
-static void log_dsp (SB16State *dsp)
-{
- ldebug ("%s:%s:%d:%s:dmasize=%d:freq=%d:const=%d:speaker=%d\n",
- dsp->fmt_stereo ? "Stereo" : "Mono",
- dsp->fmt_signed ? "Signed" : "Unsigned",
- dsp->fmt_bits,
- dsp->dma_auto ? "Auto" : "Single",
- dsp->block_size,
- dsp->freq,
- dsp->time_const,
- dsp->speaker);
-}
-#endif
-
-static void speaker (SB16State *s, int on)
-{
- s->speaker = on;
- /* AUD_enable (s->voice, on); */
-}
-
-static void control (SB16State *s, int hold)
-{
- int dma = s->use_hdma ? s->hdma : s->dma;
- s->dma_running = hold;
-
- ldebug ("hold %d high %d dma %d\n", hold, s->use_hdma, dma);
-
- if (hold) {
- DMA_hold_DREQ (dma);
- AUD_set_active_out (s->voice, 1);
- }
- else {
- DMA_release_DREQ (dma);
- AUD_set_active_out (s->voice, 0);
- }
-}
-
-static void aux_timer (void *opaque)
-{
- SB16State *s = opaque;
- s->can_write = 1;
- qemu_irq_raise (s->pic);
-}
-
-#define DMA8_AUTO 1
-#define DMA8_HIGH 2
-
-static void continue_dma8 (SB16State *s)
-{
- if (s->freq > 0) {
- struct audsettings as;
-
- s->audio_free = 0;
-
- as.freq = s->freq;
- as.nchannels = 1 << s->fmt_stereo;
- as.fmt = s->fmt;
- as.endianness = 0;
-
- s->voice = AUD_open_out (
- &s->card,
- s->voice,
- "sb16",
- s,
- SB_audio_callback,
- &as
- );
- }
-
- control (s, 1);
-}
-
-static void dma_cmd8 (SB16State *s, int mask, int dma_len)
-{
- s->fmt = AUD_FMT_U8;
- s->use_hdma = 0;
- s->fmt_bits = 8;
- s->fmt_signed = 0;
- s->fmt_stereo = (s->mixer_regs[0x0e] & 2) != 0;
- if (-1 == s->time_const) {
- if (s->freq <= 0)
- s->freq = 11025;
- }
- else {
- int tmp = (256 - s->time_const);
- s->freq = (1000000 + (tmp / 2)) / tmp;
- }
-
- if (dma_len != -1) {
- s->block_size = dma_len << s->fmt_stereo;
- }
- else {
- /* This is apparently the only way to make both Act1/PL
- and SecondReality/FC work
-
- Act1 sets block size via command 0x48 and it's an odd number
- SR does the same with even number
- Both use stereo, and Creatives own documentation states that
- 0x48 sets block size in bytes less one.. go figure */
- s->block_size &= ~s->fmt_stereo;
- }
-
- s->freq >>= s->fmt_stereo;
- s->left_till_irq = s->block_size;
- s->bytes_per_second = (s->freq << s->fmt_stereo);
- /* s->highspeed = (mask & DMA8_HIGH) != 0; */
- s->dma_auto = (mask & DMA8_AUTO) != 0;
- s->align = (1 << s->fmt_stereo) - 1;
-
- if (s->block_size & s->align) {
- dolog ("warning: misaligned block size %d, alignment %d\n",
- s->block_size, s->align + 1);
- }
-
- ldebug ("freq %d, stereo %d, sign %d, bits %d, "
- "dma %d, auto %d, fifo %d, high %d\n",
- s->freq, s->fmt_stereo, s->fmt_signed, s->fmt_bits,
- s->block_size, s->dma_auto, s->fifo, s->highspeed);
-
- continue_dma8 (s);
- speaker (s, 1);
-}
-
-static void dma_cmd (SB16State *s, uint8_t cmd, uint8_t d0, int dma_len)
-{
- s->use_hdma = cmd < 0xc0;
- s->fifo = (cmd >> 1) & 1;
- s->dma_auto = (cmd >> 2) & 1;
- s->fmt_signed = (d0 >> 4) & 1;
- s->fmt_stereo = (d0 >> 5) & 1;
-
- switch (cmd >> 4) {
- case 11:
- s->fmt_bits = 16;
- break;
-
- case 12:
- s->fmt_bits = 8;
- break;
- }
-
- if (-1 != s->time_const) {
-#if 1
- int tmp = 256 - s->time_const;
- s->freq = (1000000 + (tmp / 2)) / tmp;
-#else
- /* s->freq = 1000000 / ((255 - s->time_const) << s->fmt_stereo); */
- s->freq = 1000000 / ((255 - s->time_const));
-#endif
- s->time_const = -1;
- }
-
- s->block_size = dma_len + 1;
- s->block_size <<= (s->fmt_bits == 16);
- if (!s->dma_auto) {
- /* It is clear that for DOOM and auto-init this value
- shouldn't take stereo into account, while Miles Sound Systems
- setsound.exe with single transfer mode wouldn't work without it
- wonders of SB16 yet again */
- s->block_size <<= s->fmt_stereo;
- }
-
- ldebug ("freq %d, stereo %d, sign %d, bits %d, "
- "dma %d, auto %d, fifo %d, high %d\n",
- s->freq, s->fmt_stereo, s->fmt_signed, s->fmt_bits,
- s->block_size, s->dma_auto, s->fifo, s->highspeed);
-
- if (16 == s->fmt_bits) {
- if (s->fmt_signed) {
- s->fmt = AUD_FMT_S16;
- }
- else {
- s->fmt = AUD_FMT_U16;
- }
- }
- else {
- if (s->fmt_signed) {
- s->fmt = AUD_FMT_S8;
- }
- else {
- s->fmt = AUD_FMT_U8;
- }
- }
-
- s->left_till_irq = s->block_size;
-
- s->bytes_per_second = (s->freq << s->fmt_stereo) << (s->fmt_bits == 16);
- s->highspeed = 0;
- s->align = (1 << (s->fmt_stereo + (s->fmt_bits == 16))) - 1;
- if (s->block_size & s->align) {
- dolog ("warning: misaligned block size %d, alignment %d\n",
- s->block_size, s->align + 1);
- }
-
- if (s->freq) {
- struct audsettings as;
-
- s->audio_free = 0;
-
- as.freq = s->freq;
- as.nchannels = 1 << s->fmt_stereo;
- as.fmt = s->fmt;
- as.endianness = 0;
-
- s->voice = AUD_open_out (
- &s->card,
- s->voice,
- "sb16",
- s,
- SB_audio_callback,
- &as
- );
- }
-
- control (s, 1);
- speaker (s, 1);
-}
-
-static inline void dsp_out_data (SB16State *s, uint8_t val)
-{
- ldebug ("outdata %#x\n", val);
- if ((size_t) s->out_data_len < sizeof (s->out_data)) {
- s->out_data[s->out_data_len++] = val;
- }
-}
-
-static inline uint8_t dsp_get_data (SB16State *s)
-{
- if (s->in_index) {
- return s->in2_data[--s->in_index];
- }
- else {
- dolog ("buffer underflow\n");
- return 0;
- }
-}
-
-static void command (SB16State *s, uint8_t cmd)
-{
- ldebug ("command %#x\n", cmd);
-
- if (cmd > 0xaf && cmd < 0xd0) {
- if (cmd & 8) {
- dolog ("ADC not yet supported (command %#x)\n", cmd);
- }
-
- switch (cmd >> 4) {
- case 11:
- case 12:
- break;
- default:
- dolog ("%#x wrong bits\n", cmd);
- }
- s->needed_bytes = 3;
- }
- else {
- s->needed_bytes = 0;
-
- switch (cmd) {
- case 0x03:
- dsp_out_data (s, 0x10); /* s->csp_param); */
- goto warn;
-
- case 0x04:
- s->needed_bytes = 1;
- goto warn;
-
- case 0x05:
- s->needed_bytes = 2;
- goto warn;
-
- case 0x08:
- /* __asm__ ("int3"); */
- goto warn;
-
- case 0x0e:
- s->needed_bytes = 2;
- goto warn;
-
- case 0x09:
- dsp_out_data (s, 0xf8);
- goto warn;
-
- case 0x0f:
- s->needed_bytes = 1;
- goto warn;
-
- case 0x10:
- s->needed_bytes = 1;
- goto warn;
-
- case 0x14:
- s->needed_bytes = 2;
- s->block_size = 0;
- break;
-
- case 0x1c: /* Auto-Initialize DMA DAC, 8-bit */
- dma_cmd8 (s, DMA8_AUTO, -1);
- break;
-
- case 0x20: /* Direct ADC, Juice/PL */
- dsp_out_data (s, 0xff);
- goto warn;
-
- case 0x35:
- dolog ("0x35 - MIDI command not implemented\n");
- break;
-
- case 0x40:
- s->freq = -1;
- s->time_const = -1;
- s->needed_bytes = 1;
- break;
-
- case 0x41:
- s->freq = -1;
- s->time_const = -1;
- s->needed_bytes = 2;
- break;
-
- case 0x42:
- s->freq = -1;
- s->time_const = -1;
- s->needed_bytes = 2;
- goto warn;
-
- case 0x45:
- dsp_out_data (s, 0xaa);
- goto warn;
-
- case 0x47: /* Continue Auto-Initialize DMA 16bit */
- break;
-
- case 0x48:
- s->needed_bytes = 2;
- break;
-
- case 0x74:
- s->needed_bytes = 2; /* DMA DAC, 4-bit ADPCM */
- dolog ("0x75 - DMA DAC, 4-bit ADPCM not implemented\n");
- break;
-
- case 0x75: /* DMA DAC, 4-bit ADPCM Reference */
- s->needed_bytes = 2;
- dolog ("0x74 - DMA DAC, 4-bit ADPCM Reference not implemented\n");
- break;
-
- case 0x76: /* DMA DAC, 2.6-bit ADPCM */
- s->needed_bytes = 2;
- dolog ("0x74 - DMA DAC, 2.6-bit ADPCM not implemented\n");
- break;
-
- case 0x77: /* DMA DAC, 2.6-bit ADPCM Reference */
- s->needed_bytes = 2;
- dolog ("0x74 - DMA DAC, 2.6-bit ADPCM Reference not implemented\n");
- break;
-
- case 0x7d:
- dolog ("0x7d - Autio-Initialize DMA DAC, 4-bit ADPCM Reference\n");
- dolog ("not implemented\n");
- break;
-
- case 0x7f:
- dolog (
- "0x7d - Autio-Initialize DMA DAC, 2.6-bit ADPCM Reference\n"
- );
- dolog ("not implemented\n");
- break;
-
- case 0x80:
- s->needed_bytes = 2;
- break;
-
- case 0x90:
- case 0x91:
- dma_cmd8 (s, ((cmd & 1) == 0) | DMA8_HIGH, -1);
- break;
-
- case 0xd0: /* halt DMA operation. 8bit */
- control (s, 0);
- break;
-
- case 0xd1: /* speaker on */
- speaker (s, 1);
- break;
-
- case 0xd3: /* speaker off */
- speaker (s, 0);
- break;
-
- case 0xd4: /* continue DMA operation. 8bit */
- /* KQ6 (or maybe Sierras audblst.drv in general) resets
- the frequency between halt/continue */
- continue_dma8 (s);
- break;
-
- case 0xd5: /* halt DMA operation. 16bit */
- control (s, 0);
- break;
-
- case 0xd6: /* continue DMA operation. 16bit */
- control (s, 1);
- break;
-
- case 0xd9: /* exit auto-init DMA after this block. 16bit */
- s->dma_auto = 0;
- break;
-
- case 0xda: /* exit auto-init DMA after this block. 8bit */
- s->dma_auto = 0;
- break;
-
- case 0xe0: /* DSP identification */
- s->needed_bytes = 1;
- break;
-
- case 0xe1:
- dsp_out_data (s, s->ver & 0xff);
- dsp_out_data (s, s->ver >> 8);
- break;
-
- case 0xe2:
- s->needed_bytes = 1;
- goto warn;
-
- case 0xe3:
- {
- int i;
- for (i = sizeof (e3) - 1; i >= 0; --i)
- dsp_out_data (s, e3[i]);
- }
- break;
-
- case 0xe4: /* write test reg */
- s->needed_bytes = 1;
- break;
-
- case 0xe7:
- dolog ("Attempt to probe for ESS (0xe7)?\n");
- break;
-
- case 0xe8: /* read test reg */
- dsp_out_data (s, s->test_reg);
- break;
-
- case 0xf2:
- case 0xf3:
- dsp_out_data (s, 0xaa);
- s->mixer_regs[0x82] |= (cmd == 0xf2) ? 1 : 2;
- qemu_irq_raise (s->pic);
- break;
-
- case 0xf9:
- s->needed_bytes = 1;
- goto warn;
-
- case 0xfa:
- dsp_out_data (s, 0);
- goto warn;
-
- case 0xfc: /* FIXME */
- dsp_out_data (s, 0);
- goto warn;
-
- default:
- dolog ("Unrecognized command %#x\n", cmd);
- break;
- }
- }
-
- if (!s->needed_bytes) {
- ldebug ("\n");
- }
-
- exit:
- if (!s->needed_bytes) {
- s->cmd = -1;
- }
- else {
- s->cmd = cmd;
- }
- return;
-
- warn:
- dolog ("warning: command %#x,%d is not truly understood yet\n",
- cmd, s->needed_bytes);
- goto exit;
-
-}
-
-static uint16_t dsp_get_lohi (SB16State *s)
-{
- uint8_t hi = dsp_get_data (s);
- uint8_t lo = dsp_get_data (s);
- return (hi << 8) | lo;
-}
-
-static uint16_t dsp_get_hilo (SB16State *s)
-{
- uint8_t lo = dsp_get_data (s);
- uint8_t hi = dsp_get_data (s);
- return (hi << 8) | lo;
-}
-
-static void complete (SB16State *s)
-{
- int d0, d1, d2;
- ldebug ("complete command %#x, in_index %d, needed_bytes %d\n",
- s->cmd, s->in_index, s->needed_bytes);
-
- if (s->cmd > 0xaf && s->cmd < 0xd0) {
- d2 = dsp_get_data (s);
- d1 = dsp_get_data (s);
- d0 = dsp_get_data (s);
-
- if (s->cmd & 8) {
- dolog ("ADC params cmd = %#x d0 = %d, d1 = %d, d2 = %d\n",
- s->cmd, d0, d1, d2);
- }
- else {
- ldebug ("cmd = %#x d0 = %d, d1 = %d, d2 = %d\n",
- s->cmd, d0, d1, d2);
- dma_cmd (s, s->cmd, d0, d1 + (d2 << 8));
- }
- }
- else {
- switch (s->cmd) {
- case 0x04:
- s->csp_mode = dsp_get_data (s);
- s->csp_reg83r = 0;
- s->csp_reg83w = 0;
- ldebug ("CSP command 0x04: mode=%#x\n", s->csp_mode);
- break;
-
- case 0x05:
- s->csp_param = dsp_get_data (s);
- s->csp_value = dsp_get_data (s);
- ldebug ("CSP command 0x05: param=%#x value=%#x\n",
- s->csp_param,
- s->csp_value);
- break;
-
- case 0x0e:
- d0 = dsp_get_data (s);
- d1 = dsp_get_data (s);
- ldebug ("write CSP register %d <- %#x\n", d1, d0);
- if (d1 == 0x83) {
- ldebug ("0x83[%d] <- %#x\n", s->csp_reg83r, d0);
- s->csp_reg83[s->csp_reg83r % 4] = d0;
- s->csp_reg83r += 1;
- }
- else {
- s->csp_regs[d1] = d0;
- }
- break;
-
- case 0x0f:
- d0 = dsp_get_data (s);
- ldebug ("read CSP register %#x -> %#x, mode=%#x\n",
- d0, s->csp_regs[d0], s->csp_mode);
- if (d0 == 0x83) {
- ldebug ("0x83[%d] -> %#x\n",
- s->csp_reg83w,
- s->csp_reg83[s->csp_reg83w % 4]);
- dsp_out_data (s, s->csp_reg83[s->csp_reg83w % 4]);
- s->csp_reg83w += 1;
- }
- else {
- dsp_out_data (s, s->csp_regs[d0]);
- }
- break;
-
- case 0x10:
- d0 = dsp_get_data (s);
- dolog ("cmd 0x10 d0=%#x\n", d0);
- break;
-
- case 0x14:
- dma_cmd8 (s, 0, dsp_get_lohi (s) + 1);
- break;
-
- case 0x40:
- s->time_const = dsp_get_data (s);
- ldebug ("set time const %d\n", s->time_const);
- break;
-
- case 0x42: /* FT2 sets output freq with this, go figure */
-#if 0
- dolog ("cmd 0x42 might not do what it think it should\n");
-#endif
- case 0x41:
- s->freq = dsp_get_hilo (s);
- ldebug ("set freq %d\n", s->freq);
- break;
-
- case 0x48:
- s->block_size = dsp_get_lohi (s) + 1;
- ldebug ("set dma block len %d\n", s->block_size);
- break;
-
- case 0x74:
- case 0x75:
- case 0x76:
- case 0x77:
- /* ADPCM stuff, ignore */
- break;
-
- case 0x80:
- {
- int freq, samples, bytes;
- int64_t ticks;
-
- freq = s->freq > 0 ? s->freq : 11025;
- samples = dsp_get_lohi (s) + 1;
- bytes = samples << s->fmt_stereo << (s->fmt_bits == 16);
- ticks = muldiv64 (bytes, get_ticks_per_sec (), freq);
- if (ticks < get_ticks_per_sec () / 1024) {
- qemu_irq_raise (s->pic);
- }
- else {
- if (s->aux_ts) {
- qemu_mod_timer (
- s->aux_ts,
- qemu_get_clock_ns (vm_clock) + ticks
- );
- }
- }
- ldebug ("mix silence %d %d %" PRId64 "\n", samples, bytes, ticks);
- }
- break;
-
- case 0xe0:
- d0 = dsp_get_data (s);
- s->out_data_len = 0;
- ldebug ("E0 data = %#x\n", d0);
- dsp_out_data (s, ~d0);
- break;
-
- case 0xe2:
-#ifdef DEBUG
- d0 = dsp_get_data (s);
- dolog ("E2 = %#x\n", d0);
-#endif
- break;
-
- case 0xe4:
- s->test_reg = dsp_get_data (s);
- break;
-
- case 0xf9:
- d0 = dsp_get_data (s);
- ldebug ("command 0xf9 with %#x\n", d0);
- switch (d0) {
- case 0x0e:
- dsp_out_data (s, 0xff);
- break;
-
- case 0x0f:
- dsp_out_data (s, 0x07);
- break;
-
- case 0x37:
- dsp_out_data (s, 0x38);
- break;
-
- default:
- dsp_out_data (s, 0x00);
- break;
- }
- break;
-
- default:
- dolog ("complete: unrecognized command %#x\n", s->cmd);
- return;
- }
- }
-
- ldebug ("\n");
- s->cmd = -1;
-}
-
-static void legacy_reset (SB16State *s)
-{
- struct audsettings as;
-
- s->freq = 11025;
- s->fmt_signed = 0;
- s->fmt_bits = 8;
- s->fmt_stereo = 0;
-
- as.freq = s->freq;
- as.nchannels = 1;
- as.fmt = AUD_FMT_U8;
- as.endianness = 0;
-
- s->voice = AUD_open_out (
- &s->card,
- s->voice,
- "sb16",
- s,
- SB_audio_callback,
- &as
- );
-
- /* Not sure about that... */
- /* AUD_set_active_out (s->voice, 1); */
-}
-
-static void reset (SB16State *s)
-{
- qemu_irq_lower (s->pic);
- if (s->dma_auto) {
- qemu_irq_raise (s->pic);
- qemu_irq_lower (s->pic);
- }
-
- s->mixer_regs[0x82] = 0;
- s->dma_auto = 0;
- s->in_index = 0;
- s->out_data_len = 0;
- s->left_till_irq = 0;
- s->needed_bytes = 0;
- s->block_size = -1;
- s->nzero = 0;
- s->highspeed = 0;
- s->v2x6 = 0;
- s->cmd = -1;
-
- dsp_out_data (s, 0xaa);
- speaker (s, 0);
- control (s, 0);
- legacy_reset (s);
-}
-
-static IO_WRITE_PROTO (dsp_write)
-{
- SB16State *s = opaque;
- int iport;
-
- iport = nport - s->port;
-
- ldebug ("write %#x <- %#x\n", nport, val);
- switch (iport) {
- case 0x06:
- switch (val) {
- case 0x00:
- if (s->v2x6 == 1) {
- reset (s);
- }
- s->v2x6 = 0;
- break;
-
- case 0x01:
- case 0x03: /* FreeBSD kludge */
- s->v2x6 = 1;
- break;
-
- case 0xc6:
- s->v2x6 = 0; /* Prince of Persia, csp.sys, diagnose.exe */
- break;
-
- case 0xb8: /* Panic */
- reset (s);
- break;
-
- case 0x39:
- dsp_out_data (s, 0x38);
- reset (s);
- s->v2x6 = 0x39;
- break;
-
- default:
- s->v2x6 = val;
- break;
- }
- break;
-
- case 0x0c: /* write data or command | write status */
-/* if (s->highspeed) */
-/* break; */
-
- if (0 == s->needed_bytes) {
- command (s, val);
-#if 0
- if (0 == s->needed_bytes) {
- log_dsp (s);
- }
-#endif
- }
- else {
- if (s->in_index == sizeof (s->in2_data)) {
- dolog ("in data overrun\n");
- }
- else {
- s->in2_data[s->in_index++] = val;
- if (s->in_index == s->needed_bytes) {
- s->needed_bytes = 0;
- complete (s);
-#if 0
- log_dsp (s);
-#endif
- }
- }
- }
- break;
-
- default:
- ldebug ("(nport=%#x, val=%#x)\n", nport, val);
- break;
- }
-}
-
-static IO_READ_PROTO (dsp_read)
-{
- SB16State *s = opaque;
- int iport, retval, ack = 0;
-
- iport = nport - s->port;
-
- switch (iport) {
- case 0x06: /* reset */
- retval = 0xff;
- break;
-
- case 0x0a: /* read data */
- if (s->out_data_len) {
- retval = s->out_data[--s->out_data_len];
- s->last_read_byte = retval;
- }
- else {
- if (s->cmd != -1) {
- dolog ("empty output buffer for command %#x\n",
- s->cmd);
- }
- retval = s->last_read_byte;
- /* goto error; */
- }
- break;
-
- case 0x0c: /* 0 can write */
- retval = s->can_write ? 0 : 0x80;
- break;
-
- case 0x0d: /* timer interrupt clear */
- /* dolog ("timer interrupt clear\n"); */
- retval = 0;
- break;
-
- case 0x0e: /* data available status | irq 8 ack */
- retval = (!s->out_data_len || s->highspeed) ? 0 : 0x80;
- if (s->mixer_regs[0x82] & 1) {
- ack = 1;
- s->mixer_regs[0x82] &= 1;
- qemu_irq_lower (s->pic);
- }
- break;
-
- case 0x0f: /* irq 16 ack */
- retval = 0xff;
- if (s->mixer_regs[0x82] & 2) {
- ack = 1;
- s->mixer_regs[0x82] &= 2;
- qemu_irq_lower (s->pic);
- }
- break;
-
- default:
- goto error;
- }
-
- if (!ack) {
- ldebug ("read %#x -> %#x\n", nport, retval);
- }
-
- return retval;
-
- error:
- dolog ("warning: dsp_read %#x error\n", nport);
- return 0xff;
-}
-
-static void reset_mixer (SB16State *s)
-{
- int i;
-
- memset (s->mixer_regs, 0xff, 0x7f);
- memset (s->mixer_regs + 0x83, 0xff, sizeof (s->mixer_regs) - 0x83);
-
- s->mixer_regs[0x02] = 4; /* master volume 3bits */
- s->mixer_regs[0x06] = 4; /* MIDI volume 3bits */
- s->mixer_regs[0x08] = 0; /* CD volume 3bits */
- s->mixer_regs[0x0a] = 0; /* voice volume 2bits */
-
- /* d5=input filt, d3=lowpass filt, d1,d2=input source */
- s->mixer_regs[0x0c] = 0;
-
- /* d5=output filt, d1=stereo switch */
- s->mixer_regs[0x0e] = 0;
-
- /* voice volume L d5,d7, R d1,d3 */
- s->mixer_regs[0x04] = (4 << 5) | (4 << 1);
- /* master ... */
- s->mixer_regs[0x22] = (4 << 5) | (4 << 1);
- /* MIDI ... */
- s->mixer_regs[0x26] = (4 << 5) | (4 << 1);
-
- for (i = 0x30; i < 0x48; i++) {
- s->mixer_regs[i] = 0x20;
- }
-}
-
-static IO_WRITE_PROTO (mixer_write_indexb)
-{
- SB16State *s = opaque;
- (void) nport;
- s->mixer_nreg = val;
-}
-
-static IO_WRITE_PROTO (mixer_write_datab)
-{
- SB16State *s = opaque;
-
- (void) nport;
- ldebug ("mixer_write [%#x] <- %#x\n", s->mixer_nreg, val);
-
- switch (s->mixer_nreg) {
- case 0x00:
- reset_mixer (s);
- break;
-
- case 0x80:
- {
- int irq = irq_of_magic (val);
- ldebug ("setting irq to %d (val=%#x)\n", irq, val);
- if (irq > 0) {
- s->irq = irq;
- }
- }
- break;
-
- case 0x81:
- {
- int dma, hdma;
-
- dma = ctz32 (val & 0xf);
- hdma = ctz32 (val & 0xf0);
- if (dma != s->dma || hdma != s->hdma) {
- dolog (
- "attempt to change DMA "
- "8bit %d(%d), 16bit %d(%d) (val=%#x)\n",
- dma, s->dma, hdma, s->hdma, val);
- }
-#if 0
- s->dma = dma;
- s->hdma = hdma;
-#endif
- }
- break;
-
- case 0x82:
- dolog ("attempt to write into IRQ status register (val=%#x)\n",
- val);
- return;
-
- default:
- if (s->mixer_nreg >= 0x80) {
- ldebug ("attempt to write mixer[%#x] <- %#x\n", s->mixer_nreg, val);
- }
- break;
- }
-
- s->mixer_regs[s->mixer_nreg] = val;
-}
-
-static IO_WRITE_PROTO (mixer_write_indexw)
-{
- mixer_write_indexb (opaque, nport, val & 0xff);
- mixer_write_datab (opaque, nport, (val >> 8) & 0xff);
-}
-
-static IO_READ_PROTO (mixer_read)
-{
- SB16State *s = opaque;
-
- (void) nport;
-#ifndef DEBUG_SB16_MOST
- if (s->mixer_nreg != 0x82) {
- ldebug ("mixer_read[%#x] -> %#x\n",
- s->mixer_nreg, s->mixer_regs[s->mixer_nreg]);
- }
-#else
- ldebug ("mixer_read[%#x] -> %#x\n",
- s->mixer_nreg, s->mixer_regs[s->mixer_nreg]);
-#endif
- return s->mixer_regs[s->mixer_nreg];
-}
-
-static int write_audio (SB16State *s, int nchan, int dma_pos,
- int dma_len, int len)
-{
- int temp, net;
- uint8_t tmpbuf[4096];
-
- temp = len;
- net = 0;
-
- while (temp) {
- int left = dma_len - dma_pos;
- int copied;
- size_t to_copy;
-
- to_copy = audio_MIN (temp, left);
- if (to_copy > sizeof (tmpbuf)) {
- to_copy = sizeof (tmpbuf);
- }
-
- copied = DMA_read_memory (nchan, tmpbuf, dma_pos, to_copy);
- copied = AUD_write (s->voice, tmpbuf, copied);
-
- temp -= copied;
- dma_pos = (dma_pos + copied) % dma_len;
- net += copied;
-
- if (!copied) {
- break;
- }
- }
-
- return net;
-}
-
-static int SB_read_DMA (void *opaque, int nchan, int dma_pos, int dma_len)
-{
- SB16State *s = opaque;
- int till, copy, written, free;
-
- if (s->block_size <= 0) {
- dolog ("invalid block size=%d nchan=%d dma_pos=%d dma_len=%d\n",
- s->block_size, nchan, dma_pos, dma_len);
- return dma_pos;
- }
-
- if (s->left_till_irq < 0) {
- s->left_till_irq = s->block_size;
- }
-
- if (s->voice) {
- free = s->audio_free & ~s->align;
- if ((free <= 0) || !dma_len) {
- return dma_pos;
- }
- }
- else {
- free = dma_len;
- }
-
- copy = free;
- till = s->left_till_irq;
-
-#ifdef DEBUG_SB16_MOST
- dolog ("pos:%06d %d till:%d len:%d\n",
- dma_pos, free, till, dma_len);
-#endif
-
- if (till <= copy) {
- if (0 == s->dma_auto) {
- copy = till;
- }
- }
-
- written = write_audio (s, nchan, dma_pos, dma_len, copy);
- dma_pos = (dma_pos + written) % dma_len;
- s->left_till_irq -= written;
-
- if (s->left_till_irq <= 0) {
- s->mixer_regs[0x82] |= (nchan & 4) ? 2 : 1;
- qemu_irq_raise (s->pic);
- if (0 == s->dma_auto) {
- control (s, 0);
- speaker (s, 0);
- }
- }
-
-#ifdef DEBUG_SB16_MOST
- ldebug ("pos %5d free %5d size %5d till % 5d copy %5d written %5d size %5d\n",
- dma_pos, free, dma_len, s->left_till_irq, copy, written,
- s->block_size);
-#endif
-
- while (s->left_till_irq <= 0) {
- s->left_till_irq = s->block_size + s->left_till_irq;
- }
-
- return dma_pos;
-}
-
-static void SB_audio_callback (void *opaque, int free)
-{
- SB16State *s = opaque;
- s->audio_free = free;
-}
-
-static int sb16_post_load (void *opaque, int version_id)
-{
- SB16State *s = opaque;
-
- if (s->voice) {
- AUD_close_out (&s->card, s->voice);
- s->voice = NULL;
- }
-
- if (s->dma_running) {
- if (s->freq) {
- struct audsettings as;
-
- s->audio_free = 0;
-
- as.freq = s->freq;
- as.nchannels = 1 << s->fmt_stereo;
- as.fmt = s->fmt;
- as.endianness = 0;
-
- s->voice = AUD_open_out (
- &s->card,
- s->voice,
- "sb16",
- s,
- SB_audio_callback,
- &as
- );
- }
-
- control (s, 1);
- speaker (s, s->speaker);
- }
- return 0;
-}
-
-static const VMStateDescription vmstate_sb16 = {
- .name = "sb16",
- .version_id = 1,
- .minimum_version_id = 1,
- .minimum_version_id_old = 1,
- .post_load = sb16_post_load,
- .fields = (VMStateField []) {
- VMSTATE_UINT32 (irq, SB16State),
- VMSTATE_UINT32 (dma, SB16State),
- VMSTATE_UINT32 (hdma, SB16State),
- VMSTATE_UINT32 (port, SB16State),
- VMSTATE_UINT32 (ver, SB16State),
- VMSTATE_INT32 (in_index, SB16State),
- VMSTATE_INT32 (out_data_len, SB16State),
- VMSTATE_INT32 (fmt_stereo, SB16State),
- VMSTATE_INT32 (fmt_signed, SB16State),
- VMSTATE_INT32 (fmt_bits, SB16State),
- VMSTATE_UINT32 (fmt, SB16State),
- VMSTATE_INT32 (dma_auto, SB16State),
- VMSTATE_INT32 (block_size, SB16State),
- VMSTATE_INT32 (fifo, SB16State),
- VMSTATE_INT32 (freq, SB16State),
- VMSTATE_INT32 (time_const, SB16State),
- VMSTATE_INT32 (speaker, SB16State),
- VMSTATE_INT32 (needed_bytes, SB16State),
- VMSTATE_INT32 (cmd, SB16State),
- VMSTATE_INT32 (use_hdma, SB16State),
- VMSTATE_INT32 (highspeed, SB16State),
- VMSTATE_INT32 (can_write, SB16State),
- VMSTATE_INT32 (v2x6, SB16State),
-
- VMSTATE_UINT8 (csp_param, SB16State),
- VMSTATE_UINT8 (csp_value, SB16State),
- VMSTATE_UINT8 (csp_mode, SB16State),
- VMSTATE_UINT8 (csp_param, SB16State),
- VMSTATE_BUFFER (csp_regs, SB16State),
- VMSTATE_UINT8 (csp_index, SB16State),
- VMSTATE_BUFFER (csp_reg83, SB16State),
- VMSTATE_INT32 (csp_reg83r, SB16State),
- VMSTATE_INT32 (csp_reg83w, SB16State),
-
- VMSTATE_BUFFER (in2_data, SB16State),
- VMSTATE_BUFFER (out_data, SB16State),
- VMSTATE_UINT8 (test_reg, SB16State),
- VMSTATE_UINT8 (last_read_byte, SB16State),
-
- VMSTATE_INT32 (nzero, SB16State),
- VMSTATE_INT32 (left_till_irq, SB16State),
- VMSTATE_INT32 (dma_running, SB16State),
- VMSTATE_INT32 (bytes_per_second, SB16State),
- VMSTATE_INT32 (align, SB16State),
-
- VMSTATE_INT32 (mixer_nreg, SB16State),
- VMSTATE_BUFFER (mixer_regs, SB16State),
-
- VMSTATE_END_OF_LIST ()
- }
-};
-
-static const MemoryRegionPortio sb16_ioport_list[] = {
- { 4, 1, 1, .write = mixer_write_indexb },
- { 4, 1, 2, .write = mixer_write_indexw },
- { 5, 1, 1, .read = mixer_read, .write = mixer_write_datab },
- { 6, 1, 1, .read = dsp_read, .write = dsp_write },
- { 10, 1, 1, .read = dsp_read },
- { 12, 1, 1, .write = dsp_write },
- { 12, 4, 1, .read = dsp_read },
- PORTIO_END_OF_LIST (),
-};
-
-
-static int sb16_initfn (ISADevice *dev)
-{
- SB16State *s;
-
- s = DO_UPCAST (SB16State, dev, dev);
-
- s->cmd = -1;
- isa_init_irq (dev, &s->pic, s->irq);
-
- s->mixer_regs[0x80] = magic_of_irq (s->irq);
- s->mixer_regs[0x81] = (1 << s->dma) | (1 << s->hdma);
- s->mixer_regs[0x82] = 2 << 5;
-
- s->csp_regs[5] = 1;
- s->csp_regs[9] = 0xf8;
-
- reset_mixer (s);
- s->aux_ts = qemu_new_timer_ns (vm_clock, aux_timer, s);
- if (!s->aux_ts) {
- dolog ("warning: Could not create auxiliary timer\n");
- }
-
- isa_register_portio_list (dev, s->port, sb16_ioport_list, s, "sb16");
-
- DMA_register_channel (s->hdma, SB_read_DMA, s);
- DMA_register_channel (s->dma, SB_read_DMA, s);
- s->can_write = 1;
-
- AUD_register_card ("sb16", &s->card);
- return 0;
-}
-
-int SB16_init (ISABus *bus)
-{
- isa_create_simple (bus, "sb16");
- return 0;
-}
-
-static Property sb16_properties[] = {
- DEFINE_PROP_HEX32 ("version", SB16State, ver, 0x0405), /* 4.5 */
- DEFINE_PROP_HEX32 ("iobase", SB16State, port, 0x220),
- DEFINE_PROP_UINT32 ("irq", SB16State, irq, 5),
- DEFINE_PROP_UINT32 ("dma", SB16State, dma, 1),
- DEFINE_PROP_UINT32 ("dma16", SB16State, hdma, 5),
- DEFINE_PROP_END_OF_LIST (),
-};
-
-static void sb16_class_initfn (ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS (klass);
- ISADeviceClass *ic = ISA_DEVICE_CLASS (klass);
- ic->init = sb16_initfn;
- dc->desc = "Creative Sound Blaster 16";
- dc->vmsd = &vmstate_sb16;
- dc->props = sb16_properties;
-}
-
-static TypeInfo sb16_info = {
- .name = "sb16",
- .parent = TYPE_ISA_DEVICE,
- .instance_size = sizeof (SB16State),
- .class_init = sb16_class_initfn,
-};
-
-static void sb16_register_types (void)
-{
- type_register_static (&sb16_info);
-}
-
-type_init (sb16_register_types)
diff --git a/hw/sbi.c b/hw/sbi.c
deleted file mode 100644
index ca78a384c..000000000
--- a/hw/sbi.c
+++ /dev/null
@@ -1,156 +0,0 @@
-/*
- * QEMU Sparc SBI interrupt controller emulation
- *
- * Based on slavio_intctl, copyright (c) 2003-2005 Fabrice Bellard
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
- * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
- * THE SOFTWARE.
- */
-
-#include "sysbus.h"
-
-//#define DEBUG_IRQ
-
-#ifdef DEBUG_IRQ
-#define DPRINTF(fmt, ...) \
- do { printf("IRQ: " fmt , ## __VA_ARGS__); } while (0)
-#else
-#define DPRINTF(fmt, ...)
-#endif
-
-#define MAX_CPUS 16
-
-#define SBI_NREGS 16
-
-typedef struct SBIState {
- SysBusDevice busdev;
- MemoryRegion iomem;
- uint32_t regs[SBI_NREGS];
- uint32_t intreg_pending[MAX_CPUS];
- qemu_irq cpu_irqs[MAX_CPUS];
- uint32_t pil_out[MAX_CPUS];
-} SBIState;
-
-#define SBI_SIZE (SBI_NREGS * 4)
-
-static void sbi_set_irq(void *opaque, int irq, int level)
-{
-}
-
-static uint64_t sbi_mem_read(void *opaque, hwaddr addr,
- unsigned size)
-{
- SBIState *s = opaque;
- uint32_t saddr, ret;
-
- saddr = addr >> 2;
- switch (saddr) {
- default:
- ret = s->regs[saddr];
- break;
- }
- DPRINTF("read system reg 0x" TARGET_FMT_plx " = %x\n", addr, ret);
-
- return ret;
-}
-
-static void sbi_mem_write(void *opaque, hwaddr addr,
- uint64_t val, unsigned dize)
-{
- SBIState *s = opaque;
- uint32_t saddr;
-
- saddr = addr >> 2;
- DPRINTF("write system reg 0x" TARGET_FMT_plx " = %x\n", addr, (int)val);
- switch (saddr) {
- default:
- s->regs[saddr] = val;
- break;
- }
-}
-
-static const MemoryRegionOps sbi_mem_ops = {
- .read = sbi_mem_read,
- .write = sbi_mem_write,
- .endianness = DEVICE_NATIVE_ENDIAN,
- .valid = {
- .min_access_size = 4,
- .max_access_size = 4,
- },
-};
-
-static const VMStateDescription vmstate_sbi = {
- .name ="sbi",
- .version_id = 1,
- .minimum_version_id = 1,
- .minimum_version_id_old = 1,
- .fields = (VMStateField []) {
- VMSTATE_UINT32_ARRAY(intreg_pending, SBIState, MAX_CPUS),
- VMSTATE_END_OF_LIST()
- }
-};
-
-static void sbi_reset(DeviceState *d)
-{
- SBIState *s = container_of(d, SBIState, busdev.qdev);
- unsigned int i;
-
- for (i = 0; i < MAX_CPUS; i++) {
- s->intreg_pending[i] = 0;
- }
-}
-
-static int sbi_init1(SysBusDevice *dev)
-{
- SBIState *s = FROM_SYSBUS(SBIState, dev);
- unsigned int i;
-
- qdev_init_gpio_in(&dev->qdev, sbi_set_irq, 32 + MAX_CPUS);
- for (i = 0; i < MAX_CPUS; i++) {
- sysbus_init_irq(dev, &s->cpu_irqs[i]);
- }
-
- memory_region_init_io(&s->iomem, &sbi_mem_ops, s, "sbi", SBI_SIZE);
- sysbus_init_mmio(dev, &s->iomem);
-
- return 0;
-}
-
-static void sbi_class_init(ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS(klass);
- SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
-
- k->init = sbi_init1;
- dc->reset = sbi_reset;
- dc->vmsd = &vmstate_sbi;
-}
-
-static TypeInfo sbi_info = {
- .name = "sbi",
- .parent = TYPE_SYS_BUS_DEVICE,
- .instance_size = sizeof(SBIState),
- .class_init = sbi_class_init,
-};
-
-static void sbi_register_types(void)
-{
- type_register_static(&sbi_info);
-}
-
-type_init(sbi_register_types)
diff --git a/hw/scsi-bus.c b/hw/scsi-bus.c
deleted file mode 100644
index dfb263121..000000000
--- a/hw/scsi-bus.c
+++ /dev/null
@@ -1,1881 +0,0 @@
-#include "hw.h"
-#include "qemu-error.h"
-#include "scsi.h"
-#include "scsi-defs.h"
-#include "qdev.h"
-#include "blockdev.h"
-#include "trace.h"
-#include "dma.h"
-
-static char *scsibus_get_dev_path(DeviceState *dev);
-static char *scsibus_get_fw_dev_path(DeviceState *dev);
-static int scsi_req_parse(SCSICommand *cmd, SCSIDevice *dev, uint8_t *buf);
-static void scsi_req_dequeue(SCSIRequest *req);
-
-static Property scsi_props[] = {
- DEFINE_PROP_UINT32("channel", SCSIDevice, channel, 0),
- DEFINE_PROP_UINT32("scsi-id", SCSIDevice, id, -1),
- DEFINE_PROP_UINT32("lun", SCSIDevice, lun, -1),
- DEFINE_PROP_END_OF_LIST(),
-};
-
-static void scsi_bus_class_init(ObjectClass *klass, void *data)
-{
- BusClass *k = BUS_CLASS(klass);
-
- k->get_dev_path = scsibus_get_dev_path;
- k->get_fw_dev_path = scsibus_get_fw_dev_path;
-}
-
-static const TypeInfo scsi_bus_info = {
- .name = TYPE_SCSI_BUS,
- .parent = TYPE_BUS,
- .instance_size = sizeof(SCSIBus),
- .class_init = scsi_bus_class_init,
-};
-static int next_scsi_bus;
-
-static int scsi_device_init(SCSIDevice *s)
-{
- SCSIDeviceClass *sc = SCSI_DEVICE_GET_CLASS(s);
- if (sc->init) {
- return sc->init(s);
- }
- return 0;
-}
-
-static void scsi_device_destroy(SCSIDevice *s)
-{
- SCSIDeviceClass *sc = SCSI_DEVICE_GET_CLASS(s);
- if (sc->destroy) {
- sc->destroy(s);
- }
-}
-
-static SCSIRequest *scsi_device_alloc_req(SCSIDevice *s, uint32_t tag, uint32_t lun,
- uint8_t *buf, void *hba_private)
-{
- SCSIDeviceClass *sc = SCSI_DEVICE_GET_CLASS(s);
- if (sc->alloc_req) {
- return sc->alloc_req(s, tag, lun, buf, hba_private);
- }
-
- return NULL;
-}
-
-static void scsi_device_unit_attention_reported(SCSIDevice *s)
-{
- SCSIDeviceClass *sc = SCSI_DEVICE_GET_CLASS(s);
- if (sc->unit_attention_reported) {
- sc->unit_attention_reported(s);
- }
-}
-
-/* Create a scsi bus, and attach devices to it. */
-void scsi_bus_new(SCSIBus *bus, DeviceState *host, const SCSIBusInfo *info)
-{
- qbus_create_inplace(&bus->qbus, TYPE_SCSI_BUS, host, NULL);
- bus->busnr = next_scsi_bus++;
- bus->info = info;
- bus->qbus.allow_hotplug = 1;
-}
-
-static void scsi_dma_restart_bh(void *opaque)
-{
- SCSIDevice *s = opaque;
- SCSIRequest *req, *next;
-
- qemu_bh_delete(s->bh);
- s->bh = NULL;
-
- QTAILQ_FOREACH_SAFE(req, &s->requests, next, next) {
- scsi_req_ref(req);
- if (req->retry) {
- req->retry = false;
- switch (req->cmd.mode) {
- case SCSI_XFER_FROM_DEV:
- case SCSI_XFER_TO_DEV:
- scsi_req_continue(req);
- break;
- case SCSI_XFER_NONE:
- assert(!req->sg);
- scsi_req_dequeue(req);
- scsi_req_enqueue(req);
- break;
- }
- }
- scsi_req_unref(req);
- }
-}
-
-void scsi_req_retry(SCSIRequest *req)
-{
- /* No need to save a reference, because scsi_dma_restart_bh just
- * looks at the request list. */
- req->retry = true;
-}
-
-static void scsi_dma_restart_cb(void *opaque, int running, RunState state)
-{
- SCSIDevice *s = opaque;
-
- if (!running) {
- return;
- }
- if (!s->bh) {
- s->bh = qemu_bh_new(scsi_dma_restart_bh, s);
- qemu_bh_schedule(s->bh);
- }
-}
-
-static int scsi_qdev_init(DeviceState *qdev)
-{
- SCSIDevice *dev = SCSI_DEVICE(qdev);
- SCSIBus *bus = DO_UPCAST(SCSIBus, qbus, dev->qdev.parent_bus);
- SCSIDevice *d;
- int rc = -1;
-
- if (dev->channel > bus->info->max_channel) {
- error_report("bad scsi channel id: %d", dev->channel);
- goto err;
- }
- if (dev->id != -1 && dev->id > bus->info->max_target) {
- error_report("bad scsi device id: %d", dev->id);
- goto err;
- }
- if (dev->lun != -1 && dev->lun > bus->info->max_lun) {
- error_report("bad scsi device lun: %d", dev->lun);
- goto err;
- }
-
- if (dev->id == -1) {
- int id = -1;
- if (dev->lun == -1) {
- dev->lun = 0;
- }
- do {
- d = scsi_device_find(bus, dev->channel, ++id, dev->lun);
- } while (d && d->lun == dev->lun && id < bus->info->max_target);
- if (d && d->lun == dev->lun) {
- error_report("no free target");
- goto err;
- }
- dev->id = id;
- } else if (dev->lun == -1) {
- int lun = -1;
- do {
- d = scsi_device_find(bus, dev->channel, dev->id, ++lun);
- } while (d && d->lun == lun && lun < bus->info->max_lun);
- if (d && d->lun == lun) {
- error_report("no free lun");
- goto err;
- }
- dev->lun = lun;
- } else {
- d = scsi_device_find(bus, dev->channel, dev->id, dev->lun);
- assert(d);
- if (d->lun == dev->lun && dev != d) {
- qdev_free(&d->qdev);
- }
- }
-
- QTAILQ_INIT(&dev->requests);
- rc = scsi_device_init(dev);
- if (rc == 0) {
- dev->vmsentry = qemu_add_vm_change_state_handler(scsi_dma_restart_cb,
- dev);
- }
-
- if (bus->info->hotplug) {
- bus->info->hotplug(bus, dev);
- }
-
-err:
- return rc;
-}
-
-static int scsi_qdev_exit(DeviceState *qdev)
-{
- SCSIDevice *dev = SCSI_DEVICE(qdev);
-
- if (dev->vmsentry) {
- qemu_del_vm_change_state_handler(dev->vmsentry);
- }
- scsi_device_destroy(dev);
- return 0;
-}
-
-/* handle legacy '-drive if=scsi,...' cmd line args */
-SCSIDevice *scsi_bus_legacy_add_drive(SCSIBus *bus, BlockDriverState *bdrv,
- int unit, bool removable, int bootindex)
-{
- const char *driver;
- DeviceState *dev;
-
- driver = bdrv_is_sg(bdrv) ? "scsi-generic" : "scsi-disk";
- dev = qdev_create(&bus->qbus, driver);
- qdev_prop_set_uint32(dev, "scsi-id", unit);
- if (bootindex >= 0) {
- qdev_prop_set_int32(dev, "bootindex", bootindex);
- }
- if (object_property_find(OBJECT(dev), "removable", NULL)) {
- qdev_prop_set_bit(dev, "removable", removable);
- }
- if (qdev_prop_set_drive(dev, "drive", bdrv) < 0) {
- qdev_free(dev);
- return NULL;
- }
- if (qdev_init(dev) < 0)
- return NULL;
- return SCSI_DEVICE(dev);
-}
-
-int scsi_bus_legacy_handle_cmdline(SCSIBus *bus)
-{
- Location loc;
- DriveInfo *dinfo;
- int res = 0, unit;
-
- loc_push_none(&loc);
- for (unit = 0; unit <= bus->info->max_target; unit++) {
- dinfo = drive_get(IF_SCSI, bus->busnr, unit);
- if (dinfo == NULL) {
- continue;
- }
- qemu_opts_loc_restore(dinfo->opts);
- if (!scsi_bus_legacy_add_drive(bus, dinfo->bdrv, unit, false, -1)) {
- res = -1;
- break;
- }
- }
- loc_pop(&loc);
- return res;
-}
-
-static int32_t scsi_invalid_field(SCSIRequest *req, uint8_t *buf)
-{
- scsi_req_build_sense(req, SENSE_CODE(INVALID_FIELD));
- scsi_req_complete(req, CHECK_CONDITION);
- return 0;
-}
-
-static const struct SCSIReqOps reqops_invalid_field = {
- .size = sizeof(SCSIRequest),
- .send_command = scsi_invalid_field
-};
-
-/* SCSIReqOps implementation for invalid commands. */
-
-static int32_t scsi_invalid_command(SCSIRequest *req, uint8_t *buf)
-{
- scsi_req_build_sense(req, SENSE_CODE(INVALID_OPCODE));
- scsi_req_complete(req, CHECK_CONDITION);
- return 0;
-}
-
-static const struct SCSIReqOps reqops_invalid_opcode = {
- .size = sizeof(SCSIRequest),
- .send_command = scsi_invalid_command
-};
-
-/* SCSIReqOps implementation for unit attention conditions. */
-
-static int32_t scsi_unit_attention(SCSIRequest *req, uint8_t *buf)
-{
- if (req->dev && req->dev->unit_attention.key == UNIT_ATTENTION) {
- scsi_req_build_sense(req, req->dev->unit_attention);
- } else if (req->bus->unit_attention.key == UNIT_ATTENTION) {
- scsi_req_build_sense(req, req->bus->unit_attention);
- }
- scsi_req_complete(req, CHECK_CONDITION);
- return 0;
-}
-
-static const struct SCSIReqOps reqops_unit_attention = {
- .size = sizeof(SCSIRequest),
- .send_command = scsi_unit_attention
-};
-
-/* SCSIReqOps implementation for REPORT LUNS and for commands sent to
- an invalid LUN. */
-
-typedef struct SCSITargetReq SCSITargetReq;
-
-struct SCSITargetReq {
- SCSIRequest req;
- int len;
- uint8_t buf[2056];
-};
-
-static void store_lun(uint8_t *outbuf, int lun)
-{
- if (lun < 256) {
- outbuf[1] = lun;
- return;
- }
- outbuf[1] = (lun & 255);
- outbuf[0] = (lun >> 8) | 0x40;
-}
-
-static bool scsi_target_emulate_report_luns(SCSITargetReq *r)
-{
- BusChild *kid;
- int i, len, n;
- int channel, id;
- bool found_lun0;
-
- if (r->req.cmd.xfer < 16) {
- return false;
- }
- if (r->req.cmd.buf[2] > 2) {
- return false;
- }
- channel = r->req.dev->channel;
- id = r->req.dev->id;
- found_lun0 = false;
- n = 0;
- QTAILQ_FOREACH(kid, &r->req.bus->qbus.children, sibling) {
- DeviceState *qdev = kid->child;
- SCSIDevice *dev = SCSI_DEVICE(qdev);
-
- if (dev->channel == channel && dev->id == id) {
- if (dev->lun == 0) {
- found_lun0 = true;
- }
- n += 8;
- }
- }
- if (!found_lun0) {
- n += 8;
- }
- len = MIN(n + 8, r->req.cmd.xfer & ~7);
- if (len > sizeof(r->buf)) {
- /* TODO: > 256 LUNs? */
- return false;
- }
-
- memset(r->buf, 0, len);
- stl_be_p(&r->buf, n);
- i = found_lun0 ? 8 : 16;
- QTAILQ_FOREACH(kid, &r->req.bus->qbus.children, sibling) {
- DeviceState *qdev = kid->child;
- SCSIDevice *dev = SCSI_DEVICE(qdev);
-
- if (dev->channel == channel && dev->id == id) {
- store_lun(&r->buf[i], dev->lun);
- i += 8;
- }
- }
- assert(i == n + 8);
- r->len = len;
- return true;
-}
-
-static bool scsi_target_emulate_inquiry(SCSITargetReq *r)
-{
- assert(r->req.dev->lun != r->req.lun);
- if (r->req.cmd.buf[1] & 0x2) {
- /* Command support data - optional, not implemented */
- return false;
- }
-
- if (r->req.cmd.buf[1] & 0x1) {
- /* Vital product data */
- uint8_t page_code = r->req.cmd.buf[2];
- r->buf[r->len++] = page_code ; /* this page */
- r->buf[r->len++] = 0x00;
-
- switch (page_code) {
- case 0x00: /* Supported page codes, mandatory */
- {
- int pages;
- pages = r->len++;
- r->buf[r->len++] = 0x00; /* list of supported pages (this page) */
- r->buf[pages] = r->len - pages - 1; /* number of pages */
- break;
- }
- default:
- return false;
- }
- /* done with EVPD */
- assert(r->len < sizeof(r->buf));
- r->len = MIN(r->req.cmd.xfer, r->len);
- return true;
- }
-
- /* Standard INQUIRY data */
- if (r->req.cmd.buf[2] != 0) {
- return false;
- }
-
- /* PAGE CODE == 0 */
- r->len = MIN(r->req.cmd.xfer, 36);
- memset(r->buf, 0, r->len);
- if (r->req.lun != 0) {
- r->buf[0] = TYPE_NO_LUN;
- } else {
- r->buf[0] = TYPE_NOT_PRESENT | TYPE_INACTIVE;
- r->buf[2] = 5; /* Version */
- r->buf[3] = 2 | 0x10; /* HiSup, response data format */
- r->buf[4] = r->len - 5; /* Additional Length = (Len - 1) - 4 */
- r->buf[7] = 0x10 | (r->req.bus->info->tcq ? 0x02 : 0); /* Sync, TCQ. */
- memcpy(&r->buf[8], "QEMU ", 8);
- memcpy(&r->buf[16], "QEMU TARGET ", 16);
- pstrcpy((char *) &r->buf[32], 4, qemu_get_version());
- }
- return true;
-}
-
-static int32_t scsi_target_send_command(SCSIRequest *req, uint8_t *buf)
-{
- SCSITargetReq *r = DO_UPCAST(SCSITargetReq, req, req);
-
- switch (buf[0]) {
- case REPORT_LUNS:
- if (!scsi_target_emulate_report_luns(r)) {
- goto illegal_request;
- }
- break;
- case INQUIRY:
- if (!scsi_target_emulate_inquiry(r)) {
- goto illegal_request;
- }
- break;
- case REQUEST_SENSE:
- r->len = scsi_device_get_sense(r->req.dev, r->buf,
- MIN(req->cmd.xfer, sizeof r->buf),
- (req->cmd.buf[1] & 1) == 0);
- if (r->req.dev->sense_is_ua) {
- scsi_device_unit_attention_reported(req->dev);
- r->req.dev->sense_len = 0;
- r->req.dev->sense_is_ua = false;
- }
- break;
- default:
- scsi_req_build_sense(req, SENSE_CODE(LUN_NOT_SUPPORTED));
- scsi_req_complete(req, CHECK_CONDITION);
- return 0;
- illegal_request:
- scsi_req_build_sense(req, SENSE_CODE(INVALID_FIELD));
- scsi_req_complete(req, CHECK_CONDITION);
- return 0;
- }
-
- if (!r->len) {
- scsi_req_complete(req, GOOD);
- }
- return r->len;
-}
-
-static void scsi_target_read_data(SCSIRequest *req)
-{
- SCSITargetReq *r = DO_UPCAST(SCSITargetReq, req, req);
- uint32_t n;
-
- n = r->len;
- if (n > 0) {
- r->len = 0;
- scsi_req_data(&r->req, n);
- } else {
- scsi_req_complete(&r->req, GOOD);
- }
-}
-
-static uint8_t *scsi_target_get_buf(SCSIRequest *req)
-{
- SCSITargetReq *r = DO_UPCAST(SCSITargetReq, req, req);
-
- return r->buf;
-}
-
-static const struct SCSIReqOps reqops_target_command = {
- .size = sizeof(SCSITargetReq),
- .send_command = scsi_target_send_command,
- .read_data = scsi_target_read_data,
- .get_buf = scsi_target_get_buf,
-};
-
-
-SCSIRequest *scsi_req_alloc(const SCSIReqOps *reqops, SCSIDevice *d,
- uint32_t tag, uint32_t lun, void *hba_private)
-{
- SCSIRequest *req;
-
- req = g_malloc0(reqops->size);
- req->refcount = 1;
- req->bus = scsi_bus_from_device(d);
- req->dev = d;
- req->tag = tag;
- req->lun = lun;
- req->hba_private = hba_private;
- req->status = -1;
- req->sense_len = 0;
- req->ops = reqops;
- trace_scsi_req_alloc(req->dev->id, req->lun, req->tag);
- return req;
-}
-
-SCSIRequest *scsi_req_new(SCSIDevice *d, uint32_t tag, uint32_t lun,
- uint8_t *buf, void *hba_private)
-{
- SCSIBus *bus = DO_UPCAST(SCSIBus, qbus, d->qdev.parent_bus);
- SCSIRequest *req;
- SCSICommand cmd;
-
- if (scsi_req_parse(&cmd, d, buf) != 0) {
- trace_scsi_req_parse_bad(d->id, lun, tag, buf[0]);
- req = scsi_req_alloc(&reqops_invalid_opcode, d, tag, lun, hba_private);
- } else {
- trace_scsi_req_parsed(d->id, lun, tag, buf[0],
- cmd.mode, cmd.xfer);
- if (cmd.lba != -1) {
- trace_scsi_req_parsed_lba(d->id, lun, tag, buf[0],
- cmd.lba);
- }
-
- if (cmd.xfer > INT32_MAX) {
- req = scsi_req_alloc(&reqops_invalid_field, d, tag, lun, hba_private);
- } else if ((d->unit_attention.key == UNIT_ATTENTION ||
- bus->unit_attention.key == UNIT_ATTENTION) &&
- (buf[0] != INQUIRY &&
- buf[0] != REPORT_LUNS &&
- buf[0] != GET_CONFIGURATION &&
- buf[0] != GET_EVENT_STATUS_NOTIFICATION &&
-
- /*
- * If we already have a pending unit attention condition,
- * report this one before triggering another one.
- */
- !(buf[0] == REQUEST_SENSE && d->sense_is_ua))) {
- req = scsi_req_alloc(&reqops_unit_attention, d, tag, lun,
- hba_private);
- } else if (lun != d->lun ||
- buf[0] == REPORT_LUNS ||
- (buf[0] == REQUEST_SENSE && d->sense_len)) {
- req = scsi_req_alloc(&reqops_target_command, d, tag, lun,
- hba_private);
- } else {
- req = scsi_device_alloc_req(d, tag, lun, buf, hba_private);
- }
- }
-
- req->cmd = cmd;
- req->resid = req->cmd.xfer;
-
- switch (buf[0]) {
- case INQUIRY:
- trace_scsi_inquiry(d->id, lun, tag, cmd.buf[1], cmd.buf[2]);
- break;
- case TEST_UNIT_READY:
- trace_scsi_test_unit_ready(d->id, lun, tag);
- break;
- case REPORT_LUNS:
- trace_scsi_report_luns(d->id, lun, tag);
- break;
- case REQUEST_SENSE:
- trace_scsi_request_sense(d->id, lun, tag);
- break;
- default:
- break;
- }
-
- return req;
-}
-
-uint8_t *scsi_req_get_buf(SCSIRequest *req)
-{
- return req->ops->get_buf(req);
-}
-
-static void scsi_clear_unit_attention(SCSIRequest *req)
-{
- SCSISense *ua;
- if (req->dev->unit_attention.key != UNIT_ATTENTION &&
- req->bus->unit_attention.key != UNIT_ATTENTION) {
- return;
- }
-
- /*
- * If an INQUIRY command enters the enabled command state,
- * the device server shall [not] clear any unit attention condition;
- * See also MMC-6, paragraphs 6.5 and 6.6.2.
- */
- if (req->cmd.buf[0] == INQUIRY ||
- req->cmd.buf[0] == GET_CONFIGURATION ||
- req->cmd.buf[0] == GET_EVENT_STATUS_NOTIFICATION) {
- return;
- }
-
- if (req->dev->unit_attention.key == UNIT_ATTENTION) {
- ua = &req->dev->unit_attention;
- } else {
- ua = &req->bus->unit_attention;
- }
-
- /*
- * If a REPORT LUNS command enters the enabled command state, [...]
- * the device server shall clear any pending unit attention condition
- * with an additional sense code of REPORTED LUNS DATA HAS CHANGED.
- */
- if (req->cmd.buf[0] == REPORT_LUNS &&
- !(ua->asc == SENSE_CODE(REPORTED_LUNS_CHANGED).asc &&
- ua->ascq == SENSE_CODE(REPORTED_LUNS_CHANGED).ascq)) {
- return;
- }
-
- *ua = SENSE_CODE(NO_SENSE);
-}
-
-int scsi_req_get_sense(SCSIRequest *req, uint8_t *buf, int len)
-{
- int ret;
-
- assert(len >= 14);
- if (!req->sense_len) {
- return 0;
- }
-
- ret = scsi_build_sense(req->sense, req->sense_len, buf, len, true);
-
- /*
- * FIXME: clearing unit attention conditions upon autosense should be done
- * only if the UA_INTLCK_CTRL field in the Control mode page is set to 00b
- * (SAM-5, 5.14).
- *
- * We assume UA_INTLCK_CTRL to be 00b for HBAs that support autosense, and
- * 10b for HBAs that do not support it (do not call scsi_req_get_sense).
- * Here we handle unit attention clearing for UA_INTLCK_CTRL == 00b.
- */
- if (req->dev->sense_is_ua) {
- scsi_device_unit_attention_reported(req->dev);
- req->dev->sense_len = 0;
- req->dev->sense_is_ua = false;
- }
- return ret;
-}
-
-int scsi_device_get_sense(SCSIDevice *dev, uint8_t *buf, int len, bool fixed)
-{
- return scsi_build_sense(dev->sense, dev->sense_len, buf, len, fixed);
-}
-
-void scsi_req_build_sense(SCSIRequest *req, SCSISense sense)
-{
- trace_scsi_req_build_sense(req->dev->id, req->lun, req->tag,
- sense.key, sense.asc, sense.ascq);
- memset(req->sense, 0, 18);
- req->sense[0] = 0x70;
- req->sense[2] = sense.key;
- req->sense[7] = 10;
- req->sense[12] = sense.asc;
- req->sense[13] = sense.ascq;
- req->sense_len = 18;
-}
-
-static void scsi_req_enqueue_internal(SCSIRequest *req)
-{
- assert(!req->enqueued);
- scsi_req_ref(req);
- if (req->bus->info->get_sg_list) {
- req->sg = req->bus->info->get_sg_list(req);
- } else {
- req->sg = NULL;
- }
- req->enqueued = true;
- QTAILQ_INSERT_TAIL(&req->dev->requests, req, next);
-}
-
-int32_t scsi_req_enqueue(SCSIRequest *req)
-{
- int32_t rc;
-
- assert(!req->retry);
- scsi_req_enqueue_internal(req);
- scsi_req_ref(req);
- rc = req->ops->send_command(req, req->cmd.buf);
- scsi_req_unref(req);
- return rc;
-}
-
-static void scsi_req_dequeue(SCSIRequest *req)
-{
- trace_scsi_req_dequeue(req->dev->id, req->lun, req->tag);
- req->retry = false;
- if (req->enqueued) {
- QTAILQ_REMOVE(&req->dev->requests, req, next);
- req->enqueued = false;
- scsi_req_unref(req);
- }
-}
-
-static int scsi_get_performance_length(int num_desc, int type, int data_type)
-{
- /* MMC-6, paragraph 6.7. */
- switch (type) {
- case 0:
- if ((data_type & 3) == 0) {
- /* Each descriptor is as in Table 295 - Nominal performance. */
- return 16 * num_desc + 8;
- } else {
- /* Each descriptor is as in Table 296 - Exceptions. */
- return 6 * num_desc + 8;
- }
- case 1:
- case 4:
- case 5:
- return 8 * num_desc + 8;
- case 2:
- return 2048 * num_desc + 8;
- case 3:
- return 16 * num_desc + 8;
- default:
- return 8;
- }
-}
-
-static int ata_passthrough_xfer_unit(SCSIDevice *dev, uint8_t *buf)
-{
- int byte_block = (buf[2] >> 2) & 0x1;
- int type = (buf[2] >> 4) & 0x1;
- int xfer_unit;
-
- if (byte_block) {
- if (type) {
- xfer_unit = dev->blocksize;
- } else {
- xfer_unit = 512;
- }
- } else {
- xfer_unit = 1;
- }
-
- return xfer_unit;
-}
-
-static int ata_passthrough_12_xfer_size(SCSIDevice *dev, uint8_t *buf)
-{
- int length = buf[2] & 0x3;
- int xfer;
- int unit = ata_passthrough_xfer_unit(dev, buf);
-
- switch (length) {
- case 0:
- case 3: /* USB-specific. */
- default:
- xfer = 0;
- break;
- case 1:
- xfer = buf[3];
- break;
- case 2:
- xfer = buf[4];
- break;
- }
-
- return xfer * unit;
-}
-
-static int ata_passthrough_16_xfer_size(SCSIDevice *dev, uint8_t *buf)
-{
- int extend = buf[1] & 0x1;
- int length = buf[2] & 0x3;
- int xfer;
- int unit = ata_passthrough_xfer_unit(dev, buf);
-
- switch (length) {
- case 0:
- case 3: /* USB-specific. */
- default:
- xfer = 0;
- break;
- case 1:
- xfer = buf[4];
- xfer |= (extend ? buf[3] << 8 : 0);
- break;
- case 2:
- xfer = buf[6];
- xfer |= (extend ? buf[5] << 8 : 0);
- break;
- }
-
- return xfer * unit;
-}
-
-uint32_t scsi_data_cdb_length(uint8_t *buf)
-{
- if ((buf[0] >> 5) == 0 && buf[4] == 0) {
- return 256;
- } else {
- return scsi_cdb_length(buf);
- }
-}
-
-uint32_t scsi_cdb_length(uint8_t *buf)
-{
- switch (buf[0] >> 5) {
- case 0:
- return buf[4];
- break;
- case 1:
- case 2:
- return lduw_be_p(&buf[7]);
- break;
- case 4:
- return ldl_be_p(&buf[10]) & 0xffffffffULL;
- break;
- case 5:
- return ldl_be_p(&buf[6]) & 0xffffffffULL;
- break;
- default:
- return -1;
- }
-}
-
-static int scsi_req_length(SCSICommand *cmd, SCSIDevice *dev, uint8_t *buf)
-{
- cmd->xfer = scsi_cdb_length(buf);
- switch (buf[0]) {
- case TEST_UNIT_READY:
- case REWIND:
- case START_STOP:
- case SET_CAPACITY:
- case WRITE_FILEMARKS:
- case WRITE_FILEMARKS_16:
- case SPACE:
- case RESERVE:
- case RELEASE:
- case ERASE:
- case ALLOW_MEDIUM_REMOVAL:
- case VERIFY_10:
- case SEEK_10:
- case SYNCHRONIZE_CACHE:
- case SYNCHRONIZE_CACHE_16:
- case LOCATE_16:
- case LOCK_UNLOCK_CACHE:
- case SET_CD_SPEED:
- case SET_LIMITS:
- case WRITE_LONG_10:
- case UPDATE_BLOCK:
- case RESERVE_TRACK:
- case SET_READ_AHEAD:
- case PRE_FETCH:
- case PRE_FETCH_16:
- case ALLOW_OVERWRITE:
- cmd->xfer = 0;
- break;
- case MODE_SENSE:
- break;
- case WRITE_SAME_10:
- case WRITE_SAME_16:
- cmd->xfer = dev->blocksize;
- break;
- case READ_CAPACITY_10:
- cmd->xfer = 8;
- break;
- case READ_BLOCK_LIMITS:
- cmd->xfer = 6;
- break;
- case SEND_VOLUME_TAG:
- /* GPCMD_SET_STREAMING from multimedia commands. */
- if (dev->type == TYPE_ROM) {
- cmd->xfer = buf[10] | (buf[9] << 8);
- } else {
- cmd->xfer = buf[9] | (buf[8] << 8);
- }
- break;
- case WRITE_6:
- /* length 0 means 256 blocks */
- if (cmd->xfer == 0) {
- cmd->xfer = 256;
- }
- case WRITE_10:
- case WRITE_VERIFY_10:
- case WRITE_12:
- case WRITE_VERIFY_12:
- case WRITE_16:
- case WRITE_VERIFY_16:
- cmd->xfer *= dev->blocksize;
- break;
- case READ_6:
- case READ_REVERSE:
- /* length 0 means 256 blocks */
- if (cmd->xfer == 0) {
- cmd->xfer = 256;
- }
- case READ_10:
- case RECOVER_BUFFERED_DATA:
- case READ_12:
- case READ_16:
- cmd->xfer *= dev->blocksize;
- break;
- case FORMAT_UNIT:
- /* MMC mandates the parameter list to be 12-bytes long. Parameters
- * for block devices are restricted to the header right now. */
- if (dev->type == TYPE_ROM && (buf[1] & 16)) {
- cmd->xfer = 12;
- } else {
- cmd->xfer = (buf[1] & 16) == 0 ? 0 : (buf[1] & 32 ? 8 : 4);
- }
- break;
- case INQUIRY:
- case RECEIVE_DIAGNOSTIC:
- case SEND_DIAGNOSTIC:
- cmd->xfer = buf[4] | (buf[3] << 8);
- break;
- case READ_CD:
- case READ_BUFFER:
- case WRITE_BUFFER:
- case SEND_CUE_SHEET:
- cmd->xfer = buf[8] | (buf[7] << 8) | (buf[6] << 16);
- break;
- case PERSISTENT_RESERVE_OUT:
- cmd->xfer = ldl_be_p(&buf[5]) & 0xffffffffULL;
- break;
- case ERASE_12:
- if (dev->type == TYPE_ROM) {
- /* MMC command GET PERFORMANCE. */
- cmd->xfer = scsi_get_performance_length(buf[9] | (buf[8] << 8),
- buf[10], buf[1] & 0x1f);
- }
- break;
- case MECHANISM_STATUS:
- case READ_DVD_STRUCTURE:
- case SEND_DVD_STRUCTURE:
- case MAINTENANCE_OUT:
- case MAINTENANCE_IN:
- if (dev->type == TYPE_ROM) {
- /* GPCMD_REPORT_KEY and GPCMD_SEND_KEY from multi media commands */
- cmd->xfer = buf[9] | (buf[8] << 8);
- }
- break;
- case ATA_PASSTHROUGH_12:
- if (dev->type == TYPE_ROM) {
- /* BLANK command of MMC */
- cmd->xfer = 0;
- } else {
- cmd->xfer = ata_passthrough_12_xfer_size(dev, buf);
- }
- break;
- case ATA_PASSTHROUGH_16:
- cmd->xfer = ata_passthrough_16_xfer_size(dev, buf);
- break;
- }
- return 0;
-}
-
-static int scsi_req_stream_length(SCSICommand *cmd, SCSIDevice *dev, uint8_t *buf)
-{
- switch (buf[0]) {
- /* stream commands */
- case ERASE_12:
- case ERASE_16:
- cmd->xfer = 0;
- break;
- case READ_6:
- case READ_REVERSE:
- case RECOVER_BUFFERED_DATA:
- case WRITE_6:
- cmd->xfer = buf[4] | (buf[3] << 8) | (buf[2] << 16);
- if (buf[1] & 0x01) { /* fixed */
- cmd->xfer *= dev->blocksize;
- }
- break;
- case READ_16:
- case READ_REVERSE_16:
- case VERIFY_16:
- case WRITE_16:
- cmd->xfer = buf[14] | (buf[13] << 8) | (buf[12] << 16);
- if (buf[1] & 0x01) { /* fixed */
- cmd->xfer *= dev->blocksize;
- }
- break;
- case REWIND:
- case LOAD_UNLOAD:
- cmd->xfer = 0;
- break;
- case SPACE_16:
- cmd->xfer = buf[13] | (buf[12] << 8);
- break;
- case READ_POSITION:
- switch (buf[1] & 0x1f) /* operation code */ {
- case SHORT_FORM_BLOCK_ID:
- case SHORT_FORM_VENDOR_SPECIFIC:
- cmd->xfer = 20;
- break;
- case LONG_FORM:
- cmd->xfer = 32;
- break;
- case EXTENDED_FORM:
- cmd->xfer = buf[8] | (buf[7] << 8);
- break;
- default:
- return -1;
- }
-
- break;
- case FORMAT_UNIT:
- cmd->xfer = buf[4] | (buf[3] << 8);
- break;
- /* generic commands */
- default:
- return scsi_req_length(cmd, dev, buf);
- }
- return 0;
-}
-
-static int scsi_req_medium_changer_length(SCSICommand *cmd, SCSIDevice *dev, uint8_t *buf)
-{
- switch (buf[0]) {
- /* medium changer commands */
- case EXCHANGE_MEDIUM:
- case INITIALIZE_ELEMENT_STATUS:
- case INITIALIZE_ELEMENT_STATUS_WITH_RANGE:
- case MOVE_MEDIUM:
- case POSITION_TO_ELEMENT:
- cmd->xfer = 0;
- break;
- case READ_ELEMENT_STATUS:
- cmd->xfer = buf[9] | (buf[8] << 8) | (buf[7] << 16);
- break;
-
- /* generic commands */
- default:
- return scsi_req_length(cmd, dev, buf);
- }
- return 0;
-}
-
-
-static void scsi_cmd_xfer_mode(SCSICommand *cmd)
-{
- if (!cmd->xfer) {
- cmd->mode = SCSI_XFER_NONE;
- return;
- }
- switch (cmd->buf[0]) {
- case WRITE_6:
- case WRITE_10:
- case WRITE_VERIFY_10:
- case WRITE_12:
- case WRITE_VERIFY_12:
- case WRITE_16:
- case WRITE_VERIFY_16:
- case COPY:
- case COPY_VERIFY:
- case COMPARE:
- case CHANGE_DEFINITION:
- case LOG_SELECT:
- case MODE_SELECT:
- case MODE_SELECT_10:
- case SEND_DIAGNOSTIC:
- case WRITE_BUFFER:
- case FORMAT_UNIT:
- case REASSIGN_BLOCKS:
- case SEARCH_EQUAL:
- case SEARCH_HIGH:
- case SEARCH_LOW:
- case UPDATE_BLOCK:
- case WRITE_LONG_10:
- case WRITE_SAME_10:
- case WRITE_SAME_16:
- case UNMAP:
- case SEARCH_HIGH_12:
- case SEARCH_EQUAL_12:
- case SEARCH_LOW_12:
- case MEDIUM_SCAN:
- case SEND_VOLUME_TAG:
- case SEND_CUE_SHEET:
- case SEND_DVD_STRUCTURE:
- case PERSISTENT_RESERVE_OUT:
- case MAINTENANCE_OUT:
- cmd->mode = SCSI_XFER_TO_DEV;
- break;
- case ATA_PASSTHROUGH_12:
- case ATA_PASSTHROUGH_16:
- /* T_DIR */
- cmd->mode = (cmd->buf[2] & 0x8) ?
- SCSI_XFER_FROM_DEV : SCSI_XFER_TO_DEV;
- break;
- default:
- cmd->mode = SCSI_XFER_FROM_DEV;
- break;
- }
-}
-
-static uint64_t scsi_cmd_lba(SCSICommand *cmd)
-{
- uint8_t *buf = cmd->buf;
- uint64_t lba;
-
- switch (buf[0] >> 5) {
- case 0:
- lba = ldl_be_p(&buf[0]) & 0x1fffff;
- break;
- case 1:
- case 2:
- case 5:
- lba = ldl_be_p(&buf[2]) & 0xffffffffULL;
- break;
- case 4:
- lba = ldq_be_p(&buf[2]);
- break;
- default:
- lba = -1;
-
- }
- return lba;
-}
-
-int scsi_req_parse(SCSICommand *cmd, SCSIDevice *dev, uint8_t *buf)
-{
- int rc;
-
- switch (buf[0] >> 5) {
- case 0:
- cmd->len = 6;
- break;
- case 1:
- case 2:
- cmd->len = 10;
- break;
- case 4:
- cmd->len = 16;
- break;
- case 5:
- cmd->len = 12;
- break;
- default:
- return -1;
- }
-
- switch (dev->type) {
- case TYPE_TAPE:
- rc = scsi_req_stream_length(cmd, dev, buf);
- break;
- case TYPE_MEDIUM_CHANGER:
- rc = scsi_req_medium_changer_length(cmd, dev, buf);
- break;
- default:
- rc = scsi_req_length(cmd, dev, buf);
- break;
- }
-
- if (rc != 0)
- return rc;
-
- memcpy(cmd->buf, buf, cmd->len);
- scsi_cmd_xfer_mode(cmd);
- cmd->lba = scsi_cmd_lba(cmd);
- return 0;
-}
-
-void scsi_device_report_change(SCSIDevice *dev, SCSISense sense)
-{
- SCSIBus *bus = DO_UPCAST(SCSIBus, qbus, dev->qdev.parent_bus);
-
- scsi_device_set_ua(dev, sense);
- if (bus->info->change) {
- bus->info->change(bus, dev, sense);
- }
-}
-
-/*
- * Predefined sense codes
- */
-
-/* No sense data available */
-const struct SCSISense sense_code_NO_SENSE = {
- .key = NO_SENSE , .asc = 0x00 , .ascq = 0x00
-};
-
-/* LUN not ready, Manual intervention required */
-const struct SCSISense sense_code_LUN_NOT_READY = {
- .key = NOT_READY, .asc = 0x04, .ascq = 0x03
-};
-
-/* LUN not ready, Medium not present */
-const struct SCSISense sense_code_NO_MEDIUM = {
- .key = NOT_READY, .asc = 0x3a, .ascq = 0x00
-};
-
-/* LUN not ready, medium removal prevented */
-const struct SCSISense sense_code_NOT_READY_REMOVAL_PREVENTED = {
- .key = NOT_READY, .asc = 0x53, .ascq = 0x02
-};
-
-/* Hardware error, internal target failure */
-const struct SCSISense sense_code_TARGET_FAILURE = {
- .key = HARDWARE_ERROR, .asc = 0x44, .ascq = 0x00
-};
-
-/* Illegal request, invalid command operation code */
-const struct SCSISense sense_code_INVALID_OPCODE = {
- .key = ILLEGAL_REQUEST, .asc = 0x20, .ascq = 0x00
-};
-
-/* Illegal request, LBA out of range */
-const struct SCSISense sense_code_LBA_OUT_OF_RANGE = {
- .key = ILLEGAL_REQUEST, .asc = 0x21, .ascq = 0x00
-};
-
-/* Illegal request, Invalid field in CDB */
-const struct SCSISense sense_code_INVALID_FIELD = {
- .key = ILLEGAL_REQUEST, .asc = 0x24, .ascq = 0x00
-};
-
-/* Illegal request, Invalid field in parameter list */
-const struct SCSISense sense_code_INVALID_PARAM = {
- .key = ILLEGAL_REQUEST, .asc = 0x26, .ascq = 0x00
-};
-
-/* Illegal request, Parameter list length error */
-const struct SCSISense sense_code_INVALID_PARAM_LEN = {
- .key = ILLEGAL_REQUEST, .asc = 0x1a, .ascq = 0x00
-};
-
-/* Illegal request, LUN not supported */
-const struct SCSISense sense_code_LUN_NOT_SUPPORTED = {
- .key = ILLEGAL_REQUEST, .asc = 0x25, .ascq = 0x00
-};
-
-/* Illegal request, Saving parameters not supported */
-const struct SCSISense sense_code_SAVING_PARAMS_NOT_SUPPORTED = {
- .key = ILLEGAL_REQUEST, .asc = 0x39, .ascq = 0x00
-};
-
-/* Illegal request, Incompatible medium installed */
-const struct SCSISense sense_code_INCOMPATIBLE_FORMAT = {
- .key = ILLEGAL_REQUEST, .asc = 0x30, .ascq = 0x00
-};
-
-/* Illegal request, medium removal prevented */
-const struct SCSISense sense_code_ILLEGAL_REQ_REMOVAL_PREVENTED = {
- .key = ILLEGAL_REQUEST, .asc = 0x53, .ascq = 0x02
-};
-
-/* Command aborted, I/O process terminated */
-const struct SCSISense sense_code_IO_ERROR = {
- .key = ABORTED_COMMAND, .asc = 0x00, .ascq = 0x06
-};
-
-/* Command aborted, I_T Nexus loss occurred */
-const struct SCSISense sense_code_I_T_NEXUS_LOSS = {
- .key = ABORTED_COMMAND, .asc = 0x29, .ascq = 0x07
-};
-
-/* Command aborted, Logical Unit failure */
-const struct SCSISense sense_code_LUN_FAILURE = {
- .key = ABORTED_COMMAND, .asc = 0x3e, .ascq = 0x01
-};
-
-/* Unit attention, Capacity data has changed */
-const struct SCSISense sense_code_CAPACITY_CHANGED = {
- .key = UNIT_ATTENTION, .asc = 0x2a, .ascq = 0x09
-};
-
-/* Unit attention, Power on, reset or bus device reset occurred */
-const struct SCSISense sense_code_RESET = {
- .key = UNIT_ATTENTION, .asc = 0x29, .ascq = 0x00
-};
-
-/* Unit attention, No medium */
-const struct SCSISense sense_code_UNIT_ATTENTION_NO_MEDIUM = {
- .key = UNIT_ATTENTION, .asc = 0x3a, .ascq = 0x00
-};
-
-/* Unit attention, Medium may have changed */
-const struct SCSISense sense_code_MEDIUM_CHANGED = {
- .key = UNIT_ATTENTION, .asc = 0x28, .ascq = 0x00
-};
-
-/* Unit attention, Reported LUNs data has changed */
-const struct SCSISense sense_code_REPORTED_LUNS_CHANGED = {
- .key = UNIT_ATTENTION, .asc = 0x3f, .ascq = 0x0e
-};
-
-/* Unit attention, Device internal reset */
-const struct SCSISense sense_code_DEVICE_INTERNAL_RESET = {
- .key = UNIT_ATTENTION, .asc = 0x29, .ascq = 0x04
-};
-
-/* Data Protection, Write Protected */
-const struct SCSISense sense_code_WRITE_PROTECTED = {
- .key = DATA_PROTECT, .asc = 0x27, .ascq = 0x00
-};
-
-/*
- * scsi_build_sense
- *
- * Convert between fixed and descriptor sense buffers
- */
-int scsi_build_sense(uint8_t *in_buf, int in_len,
- uint8_t *buf, int len, bool fixed)
-{
- bool fixed_in;
- SCSISense sense;
- if (!fixed && len < 8) {
- return 0;
- }
-
- if (in_len == 0) {
- sense.key = NO_SENSE;
- sense.asc = 0;
- sense.ascq = 0;
- } else {
- fixed_in = (in_buf[0] & 2) == 0;
-
- if (fixed == fixed_in) {
- memcpy(buf, in_buf, MIN(len, in_len));
- return MIN(len, in_len);
- }
-
- if (fixed_in) {
- sense.key = in_buf[2];
- sense.asc = in_buf[12];
- sense.ascq = in_buf[13];
- } else {
- sense.key = in_buf[1];
- sense.asc = in_buf[2];
- sense.ascq = in_buf[3];
- }
- }
-
- memset(buf, 0, len);
- if (fixed) {
- /* Return fixed format sense buffer */
- buf[0] = 0x70;
- buf[2] = sense.key;
- buf[7] = 10;
- buf[12] = sense.asc;
- buf[13] = sense.ascq;
- return MIN(len, 18);
- } else {
- /* Return descriptor format sense buffer */
- buf[0] = 0x72;
- buf[1] = sense.key;
- buf[2] = sense.asc;
- buf[3] = sense.ascq;
- return 8;
- }
-}
-
-static const char *scsi_command_name(uint8_t cmd)
-{
- static const char *names[] = {
- [ TEST_UNIT_READY ] = "TEST_UNIT_READY",
- [ REWIND ] = "REWIND",
- [ REQUEST_SENSE ] = "REQUEST_SENSE",
- [ FORMAT_UNIT ] = "FORMAT_UNIT",
- [ READ_BLOCK_LIMITS ] = "READ_BLOCK_LIMITS",
- [ REASSIGN_BLOCKS ] = "REASSIGN_BLOCKS/INITIALIZE ELEMENT STATUS",
- /* LOAD_UNLOAD and INITIALIZE_ELEMENT_STATUS use the same operation code */
- [ READ_6 ] = "READ_6",
- [ WRITE_6 ] = "WRITE_6",
- [ SET_CAPACITY ] = "SET_CAPACITY",
- [ READ_REVERSE ] = "READ_REVERSE",
- [ WRITE_FILEMARKS ] = "WRITE_FILEMARKS",
- [ SPACE ] = "SPACE",
- [ INQUIRY ] = "INQUIRY",
- [ RECOVER_BUFFERED_DATA ] = "RECOVER_BUFFERED_DATA",
- [ MAINTENANCE_IN ] = "MAINTENANCE_IN",
- [ MAINTENANCE_OUT ] = "MAINTENANCE_OUT",
- [ MODE_SELECT ] = "MODE_SELECT",
- [ RESERVE ] = "RESERVE",
- [ RELEASE ] = "RELEASE",
- [ COPY ] = "COPY",
- [ ERASE ] = "ERASE",
- [ MODE_SENSE ] = "MODE_SENSE",
- [ START_STOP ] = "START_STOP/LOAD_UNLOAD",
- /* LOAD_UNLOAD and START_STOP use the same operation code */
- [ RECEIVE_DIAGNOSTIC ] = "RECEIVE_DIAGNOSTIC",
- [ SEND_DIAGNOSTIC ] = "SEND_DIAGNOSTIC",
- [ ALLOW_MEDIUM_REMOVAL ] = "ALLOW_MEDIUM_REMOVAL",
- [ READ_CAPACITY_10 ] = "READ_CAPACITY_10",
- [ READ_10 ] = "READ_10",
- [ WRITE_10 ] = "WRITE_10",
- [ SEEK_10 ] = "SEEK_10/POSITION_TO_ELEMENT",
- /* SEEK_10 and POSITION_TO_ELEMENT use the same operation code */
- [ WRITE_VERIFY_10 ] = "WRITE_VERIFY_10",
- [ VERIFY_10 ] = "VERIFY_10",
- [ SEARCH_HIGH ] = "SEARCH_HIGH",
- [ SEARCH_EQUAL ] = "SEARCH_EQUAL",
- [ SEARCH_LOW ] = "SEARCH_LOW",
- [ SET_LIMITS ] = "SET_LIMITS",
- [ PRE_FETCH ] = "PRE_FETCH/READ_POSITION",
- /* READ_POSITION and PRE_FETCH use the same operation code */
- [ SYNCHRONIZE_CACHE ] = "SYNCHRONIZE_CACHE",
- [ LOCK_UNLOCK_CACHE ] = "LOCK_UNLOCK_CACHE",
- [ READ_DEFECT_DATA ] = "READ_DEFECT_DATA/INITIALIZE_ELEMENT_STATUS_WITH_RANGE",
- /* READ_DEFECT_DATA and INITIALIZE_ELEMENT_STATUS_WITH_RANGE use the same operation code */
- [ MEDIUM_SCAN ] = "MEDIUM_SCAN",
- [ COMPARE ] = "COMPARE",
- [ COPY_VERIFY ] = "COPY_VERIFY",
- [ WRITE_BUFFER ] = "WRITE_BUFFER",
- [ READ_BUFFER ] = "READ_BUFFER",
- [ UPDATE_BLOCK ] = "UPDATE_BLOCK",
- [ READ_LONG_10 ] = "READ_LONG_10",
- [ WRITE_LONG_10 ] = "WRITE_LONG_10",
- [ CHANGE_DEFINITION ] = "CHANGE_DEFINITION",
- [ WRITE_SAME_10 ] = "WRITE_SAME_10",
- [ UNMAP ] = "UNMAP",
- [ READ_TOC ] = "READ_TOC",
- [ REPORT_DENSITY_SUPPORT ] = "REPORT_DENSITY_SUPPORT",
- [ SANITIZE ] = "SANITIZE",
- [ GET_CONFIGURATION ] = "GET_CONFIGURATION",
- [ LOG_SELECT ] = "LOG_SELECT",
- [ LOG_SENSE ] = "LOG_SENSE",
- [ MODE_SELECT_10 ] = "MODE_SELECT_10",
- [ RESERVE_10 ] = "RESERVE_10",
- [ RELEASE_10 ] = "RELEASE_10",
- [ MODE_SENSE_10 ] = "MODE_SENSE_10",
- [ PERSISTENT_RESERVE_IN ] = "PERSISTENT_RESERVE_IN",
- [ PERSISTENT_RESERVE_OUT ] = "PERSISTENT_RESERVE_OUT",
- [ WRITE_FILEMARKS_16 ] = "WRITE_FILEMARKS_16",
- [ EXTENDED_COPY ] = "EXTENDED_COPY",
- [ ATA_PASSTHROUGH_16 ] = "ATA_PASSTHROUGH_16",
- [ ACCESS_CONTROL_IN ] = "ACCESS_CONTROL_IN",
- [ ACCESS_CONTROL_OUT ] = "ACCESS_CONTROL_OUT",
- [ READ_16 ] = "READ_16",
- [ COMPARE_AND_WRITE ] = "COMPARE_AND_WRITE",
- [ WRITE_16 ] = "WRITE_16",
- [ WRITE_VERIFY_16 ] = "WRITE_VERIFY_16",
- [ VERIFY_16 ] = "VERIFY_16",
- [ PRE_FETCH_16 ] = "PRE_FETCH_16",
- [ SYNCHRONIZE_CACHE_16 ] = "SPACE_16/SYNCHRONIZE_CACHE_16",
- /* SPACE_16 and SYNCHRONIZE_CACHE_16 use the same operation code */
- [ LOCATE_16 ] = "LOCATE_16",
- [ WRITE_SAME_16 ] = "ERASE_16/WRITE_SAME_16",
- /* ERASE_16 and WRITE_SAME_16 use the same operation code */
- [ SERVICE_ACTION_IN_16 ] = "SERVICE_ACTION_IN_16",
- [ WRITE_LONG_16 ] = "WRITE_LONG_16",
- [ REPORT_LUNS ] = "REPORT_LUNS",
- [ ATA_PASSTHROUGH_12 ] = "BLANK/ATA_PASSTHROUGH_12",
- [ MOVE_MEDIUM ] = "MOVE_MEDIUM",
- [ EXCHANGE_MEDIUM ] = "EXCHANGE MEDIUM",
- [ READ_12 ] = "READ_12",
- [ WRITE_12 ] = "WRITE_12",
- [ ERASE_12 ] = "ERASE_12/GET_PERFORMANCE",
- /* ERASE_12 and GET_PERFORMANCE use the same operation code */
- [ SERVICE_ACTION_IN_12 ] = "SERVICE_ACTION_IN_12",
- [ WRITE_VERIFY_12 ] = "WRITE_VERIFY_12",
- [ VERIFY_12 ] = "VERIFY_12",
- [ SEARCH_HIGH_12 ] = "SEARCH_HIGH_12",
- [ SEARCH_EQUAL_12 ] = "SEARCH_EQUAL_12",
- [ SEARCH_LOW_12 ] = "SEARCH_LOW_12",
- [ READ_ELEMENT_STATUS ] = "READ_ELEMENT_STATUS",
- [ SEND_VOLUME_TAG ] = "SEND_VOLUME_TAG/SET_STREAMING",
- /* SEND_VOLUME_TAG and SET_STREAMING use the same operation code */
- [ READ_CD ] = "READ_CD",
- [ READ_DEFECT_DATA_12 ] = "READ_DEFECT_DATA_12",
- [ READ_DVD_STRUCTURE ] = "READ_DVD_STRUCTURE",
- [ RESERVE_TRACK ] = "RESERVE_TRACK",
- [ SEND_CUE_SHEET ] = "SEND_CUE_SHEET",
- [ SEND_DVD_STRUCTURE ] = "SEND_DVD_STRUCTURE",
- [ SET_CD_SPEED ] = "SET_CD_SPEED",
- [ SET_READ_AHEAD ] = "SET_READ_AHEAD",
- [ ALLOW_OVERWRITE ] = "ALLOW_OVERWRITE",
- [ MECHANISM_STATUS ] = "MECHANISM_STATUS",
- };
-
- if (cmd >= ARRAY_SIZE(names) || names[cmd] == NULL)
- return "*UNKNOWN*";
- return names[cmd];
-}
-
-SCSIRequest *scsi_req_ref(SCSIRequest *req)
-{
- assert(req->refcount > 0);
- req->refcount++;
- return req;
-}
-
-void scsi_req_unref(SCSIRequest *req)
-{
- assert(req->refcount > 0);
- if (--req->refcount == 0) {
- SCSIBus *bus = DO_UPCAST(SCSIBus, qbus, req->dev->qdev.parent_bus);
- if (bus->info->free_request && req->hba_private) {
- bus->info->free_request(bus, req->hba_private);
- }
- if (req->ops->free_req) {
- req->ops->free_req(req);
- }
- g_free(req);
- }
-}
-
-/* Tell the device that we finished processing this chunk of I/O. It
- will start the next chunk or complete the command. */
-void scsi_req_continue(SCSIRequest *req)
-{
- trace_scsi_req_continue(req->dev->id, req->lun, req->tag);
- if (req->cmd.mode == SCSI_XFER_TO_DEV) {
- req->ops->write_data(req);
- } else {
- req->ops->read_data(req);
- }
-}
-
-/* Called by the devices when data is ready for the HBA. The HBA should
- start a DMA operation to read or fill the device's data buffer.
- Once it completes, calling scsi_req_continue will restart I/O. */
-void scsi_req_data(SCSIRequest *req, int len)
-{
- uint8_t *buf;
- if (req->io_canceled) {
- trace_scsi_req_data_canceled(req->dev->id, req->lun, req->tag, len);
- return;
- }
- trace_scsi_req_data(req->dev->id, req->lun, req->tag, len);
- assert(req->cmd.mode != SCSI_XFER_NONE);
- if (!req->sg) {
- req->resid -= len;
- req->bus->info->transfer_data(req, len);
- return;
- }
-
- /* If the device calls scsi_req_data and the HBA specified a
- * scatter/gather list, the transfer has to happen in a single
- * step. */
- assert(!req->dma_started);
- req->dma_started = true;
-
- buf = scsi_req_get_buf(req);
- if (req->cmd.mode == SCSI_XFER_FROM_DEV) {
- req->resid = dma_buf_read(buf, len, req->sg);
- } else {
- req->resid = dma_buf_write(buf, len, req->sg);
- }
- scsi_req_continue(req);
-}
-
-void scsi_req_print(SCSIRequest *req)
-{
- FILE *fp = stderr;
- int i;
-
- fprintf(fp, "[%s id=%d] %s",
- req->dev->qdev.parent_bus->name,
- req->dev->id,
- scsi_command_name(req->cmd.buf[0]));
- for (i = 1; i < req->cmd.len; i++) {
- fprintf(fp, " 0x%02x", req->cmd.buf[i]);
- }
- switch (req->cmd.mode) {
- case SCSI_XFER_NONE:
- fprintf(fp, " - none\n");
- break;
- case SCSI_XFER_FROM_DEV:
- fprintf(fp, " - from-dev len=%zd\n", req->cmd.xfer);
- break;
- case SCSI_XFER_TO_DEV:
- fprintf(fp, " - to-dev len=%zd\n", req->cmd.xfer);
- break;
- default:
- fprintf(fp, " - Oops\n");
- break;
- }
-}
-
-void scsi_req_complete(SCSIRequest *req, int status)
-{
- assert(req->status == -1);
- req->status = status;
-
- assert(req->sense_len <= sizeof(req->sense));
- if (status == GOOD) {
- req->sense_len = 0;
- }
-
- if (req->sense_len) {
- memcpy(req->dev->sense, req->sense, req->sense_len);
- req->dev->sense_len = req->sense_len;
- req->dev->sense_is_ua = (req->ops == &reqops_unit_attention);
- } else {
- req->dev->sense_len = 0;
- req->dev->sense_is_ua = false;
- }
-
- /*
- * Unit attention state is now stored in the device's sense buffer
- * if the HBA didn't do autosense. Clear the pending unit attention
- * flags.
- */
- scsi_clear_unit_attention(req);
-
- scsi_req_ref(req);
- scsi_req_dequeue(req);
- req->bus->info->complete(req, req->status, req->resid);
- scsi_req_unref(req);
-}
-
-void scsi_req_cancel(SCSIRequest *req)
-{
- trace_scsi_req_cancel(req->dev->id, req->lun, req->tag);
- if (!req->enqueued) {
- return;
- }
- scsi_req_ref(req);
- scsi_req_dequeue(req);
- req->io_canceled = true;
- if (req->ops->cancel_io) {
- req->ops->cancel_io(req);
- }
- if (req->bus->info->cancel) {
- req->bus->info->cancel(req);
- }
- scsi_req_unref(req);
-}
-
-void scsi_req_abort(SCSIRequest *req, int status)
-{
- if (!req->enqueued) {
- return;
- }
- scsi_req_ref(req);
- scsi_req_dequeue(req);
- req->io_canceled = true;
- if (req->ops->cancel_io) {
- req->ops->cancel_io(req);
- }
- scsi_req_complete(req, status);
- scsi_req_unref(req);
-}
-
-static int scsi_ua_precedence(SCSISense sense)
-{
- if (sense.key != UNIT_ATTENTION) {
- return INT_MAX;
- }
- if (sense.asc == 0x29 && sense.ascq == 0x04) {
- /* DEVICE INTERNAL RESET goes with POWER ON OCCURRED */
- return 1;
- } else if (sense.asc == 0x3F && sense.ascq == 0x01) {
- /* MICROCODE HAS BEEN CHANGED goes with SCSI BUS RESET OCCURRED */
- return 2;
- } else if (sense.asc == 0x29 && (sense.ascq == 0x05 || sense.ascq == 0x06)) {
- /* These two go with "all others". */
- ;
- } else if (sense.asc == 0x29 && sense.ascq <= 0x07) {
- /* POWER ON, RESET OR BUS DEVICE RESET OCCURRED = 0
- * POWER ON OCCURRED = 1
- * SCSI BUS RESET OCCURRED = 2
- * BUS DEVICE RESET FUNCTION OCCURRED = 3
- * I_T NEXUS LOSS OCCURRED = 7
- */
- return sense.ascq;
- } else if (sense.asc == 0x2F && sense.ascq == 0x01) {
- /* COMMANDS CLEARED BY POWER LOSS NOTIFICATION */
- return 8;
- }
- return (sense.asc << 8) | sense.ascq;
-}
-
-void scsi_device_set_ua(SCSIDevice *sdev, SCSISense sense)
-{
- int prec1, prec2;
- if (sense.key != UNIT_ATTENTION) {
- return;
- }
- trace_scsi_device_set_ua(sdev->id, sdev->lun, sense.key,
- sense.asc, sense.ascq);
-
- /*
- * Override a pre-existing unit attention condition, except for a more
- * important reset condition.
- */
- prec1 = scsi_ua_precedence(sdev->unit_attention);
- prec2 = scsi_ua_precedence(sense);
- if (prec2 < prec1) {
- sdev->unit_attention = sense;
- }
-}
-
-void scsi_device_purge_requests(SCSIDevice *sdev, SCSISense sense)
-{
- SCSIRequest *req;
-
- while (!QTAILQ_EMPTY(&sdev->requests)) {
- req = QTAILQ_FIRST(&sdev->requests);
- scsi_req_cancel(req);
- }
-
- scsi_device_set_ua(sdev, sense);
-}
-
-static char *scsibus_get_dev_path(DeviceState *dev)
-{
- SCSIDevice *d = DO_UPCAST(SCSIDevice, qdev, dev);
- DeviceState *hba = dev->parent_bus->parent;
- char *id;
- char *path;
-
- id = qdev_get_dev_path(hba);
- if (id) {
- path = g_strdup_printf("%s/%d:%d:%d", id, d->channel, d->id, d->lun);
- } else {
- path = g_strdup_printf("%d:%d:%d", d->channel, d->id, d->lun);
- }
- g_free(id);
- return path;
-}
-
-static char *scsibus_get_fw_dev_path(DeviceState *dev)
-{
- SCSIDevice *d = SCSI_DEVICE(dev);
- return g_strdup_printf("channel@%x/%s@%x,%x", d->channel,
- qdev_fw_name(dev), d->id, d->lun);
-}
-
-SCSIDevice *scsi_device_find(SCSIBus *bus, int channel, int id, int lun)
-{
- BusChild *kid;
- SCSIDevice *target_dev = NULL;
-
- QTAILQ_FOREACH_REVERSE(kid, &bus->qbus.children, ChildrenHead, sibling) {
- DeviceState *qdev = kid->child;
- SCSIDevice *dev = SCSI_DEVICE(qdev);
-
- if (dev->channel == channel && dev->id == id) {
- if (dev->lun == lun) {
- return dev;
- }
- target_dev = dev;
- }
- }
- return target_dev;
-}
-
-/* SCSI request list. For simplicity, pv points to the whole device */
-
-static void put_scsi_requests(QEMUFile *f, void *pv, size_t size)
-{
- SCSIDevice *s = pv;
- SCSIBus *bus = DO_UPCAST(SCSIBus, qbus, s->qdev.parent_bus);
- SCSIRequest *req;
-
- QTAILQ_FOREACH(req, &s->requests, next) {
- assert(!req->io_canceled);
- assert(req->status == -1);
- assert(req->enqueued);
-
- qemu_put_sbyte(f, req->retry ? 1 : 2);
- qemu_put_buffer(f, req->cmd.buf, sizeof(req->cmd.buf));
- qemu_put_be32s(f, &req->tag);
- qemu_put_be32s(f, &req->lun);
- if (bus->info->save_request) {
- bus->info->save_request(f, req);
- }
- if (req->ops->save_request) {
- req->ops->save_request(f, req);
- }
- }
- qemu_put_sbyte(f, 0);
-}
-
-static int get_scsi_requests(QEMUFile *f, void *pv, size_t size)
-{
- SCSIDevice *s = pv;
- SCSIBus *bus = DO_UPCAST(SCSIBus, qbus, s->qdev.parent_bus);
- int8_t sbyte;
-
- while ((sbyte = qemu_get_sbyte(f)) > 0) {
- uint8_t buf[SCSI_CMD_BUF_SIZE];
- uint32_t tag;
- uint32_t lun;
- SCSIRequest *req;
-
- qemu_get_buffer(f, buf, sizeof(buf));
- qemu_get_be32s(f, &tag);
- qemu_get_be32s(f, &lun);
- req = scsi_req_new(s, tag, lun, buf, NULL);
- req->retry = (sbyte == 1);
- if (bus->info->load_request) {
- req->hba_private = bus->info->load_request(f, req);
- }
- if (req->ops->load_request) {
- req->ops->load_request(f, req);
- }
-
- /* Just restart it later. */
- scsi_req_enqueue_internal(req);
-
- /* At this point, the request will be kept alive by the reference
- * added by scsi_req_enqueue_internal, so we can release our reference.
- * The HBA of course will add its own reference in the load_request
- * callback if it needs to hold on the SCSIRequest.
- */
- scsi_req_unref(req);
- }
-
- return 0;
-}
-
-static int scsi_qdev_unplug(DeviceState *qdev)
-{
- SCSIDevice *dev = SCSI_DEVICE(qdev);
- SCSIBus *bus = DO_UPCAST(SCSIBus, qbus, dev->qdev.parent_bus);
-
- if (bus->info->hot_unplug) {
- bus->info->hot_unplug(bus, dev);
- }
- return qdev_simple_unplug_cb(qdev);
-}
-
-static const VMStateInfo vmstate_info_scsi_requests = {
- .name = "scsi-requests",
- .get = get_scsi_requests,
- .put = put_scsi_requests,
-};
-
-const VMStateDescription vmstate_scsi_device = {
- .name = "SCSIDevice",
- .version_id = 1,
- .minimum_version_id = 1,
- .minimum_version_id_old = 1,
- .fields = (VMStateField[]) {
- VMSTATE_UINT8(unit_attention.key, SCSIDevice),
- VMSTATE_UINT8(unit_attention.asc, SCSIDevice),
- VMSTATE_UINT8(unit_attention.ascq, SCSIDevice),
- VMSTATE_BOOL(sense_is_ua, SCSIDevice),
- VMSTATE_UINT8_ARRAY(sense, SCSIDevice, SCSI_SENSE_BUF_SIZE),
- VMSTATE_UINT32(sense_len, SCSIDevice),
- {
- .name = "requests",
- .version_id = 0,
- .field_exists = NULL,
- .size = 0, /* ouch */
- .info = &vmstate_info_scsi_requests,
- .flags = VMS_SINGLE,
- .offset = 0,
- },
- VMSTATE_END_OF_LIST()
- }
-};
-
-static void scsi_device_class_init(ObjectClass *klass, void *data)
-{
- DeviceClass *k = DEVICE_CLASS(klass);
- k->bus_type = TYPE_SCSI_BUS;
- k->init = scsi_qdev_init;
- k->unplug = scsi_qdev_unplug;
- k->exit = scsi_qdev_exit;
- k->props = scsi_props;
-}
-
-static TypeInfo scsi_device_type_info = {
- .name = TYPE_SCSI_DEVICE,
- .parent = TYPE_DEVICE,
- .instance_size = sizeof(SCSIDevice),
- .abstract = true,
- .class_size = sizeof(SCSIDeviceClass),
- .class_init = scsi_device_class_init,
-};
-
-static void scsi_register_types(void)
-{
- type_register_static(&scsi_bus_info);
- type_register_static(&scsi_device_type_info);
-}
-
-type_init(scsi_register_types)
diff --git a/hw/scsi-defs.h b/hw/scsi-defs.h
deleted file mode 100644
index d7a401912..000000000
--- a/hw/scsi-defs.h
+++ /dev/null
@@ -1,303 +0,0 @@
-/* Copyright (C) 1998, 1999 Free Software Foundation, Inc.
- This file is part of the GNU C Library.
-
- The GNU C Library is free software; you can redistribute it and/or
- modify it under the terms of the GNU Lesser General Public
- License as published by the Free Software Foundation; either
- version 2.1 of the License, or (at your option) any later version.
-
- The GNU C Library is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- Lesser General Public License for more details.
-
- You should have received a copy of the GNU Lesser General Public
- License along with this library; if not, see <http://www.gnu.org/licenses/>.
-*/
-
-/*
- * This header file contains public constants and structures used by
- * the scsi code for linux.
- */
-
-/*
- * SCSI opcodes
- */
-
-#define TEST_UNIT_READY 0x00
-#define REWIND 0x01
-#define REQUEST_SENSE 0x03
-#define FORMAT_UNIT 0x04
-#define READ_BLOCK_LIMITS 0x05
-#define INITIALIZE_ELEMENT_STATUS 0x07
-#define REASSIGN_BLOCKS 0x07
-#define READ_6 0x08
-#define WRITE_6 0x0a
-#define SET_CAPACITY 0x0b
-#define READ_REVERSE 0x0f
-#define WRITE_FILEMARKS 0x10
-#define SPACE 0x11
-#define INQUIRY 0x12
-#define RECOVER_BUFFERED_DATA 0x14
-#define MODE_SELECT 0x15
-#define RESERVE 0x16
-#define RELEASE 0x17
-#define COPY 0x18
-#define ERASE 0x19
-#define MODE_SENSE 0x1a
-#define LOAD_UNLOAD 0x1b
-#define START_STOP 0x1b
-#define RECEIVE_DIAGNOSTIC 0x1c
-#define SEND_DIAGNOSTIC 0x1d
-#define ALLOW_MEDIUM_REMOVAL 0x1e
-#define READ_CAPACITY_10 0x25
-#define READ_10 0x28
-#define WRITE_10 0x2a
-#define SEEK_10 0x2b
-#define LOCATE_10 0x2b
-#define POSITION_TO_ELEMENT 0x2b
-#define WRITE_VERIFY_10 0x2e
-#define VERIFY_10 0x2f
-#define SEARCH_HIGH 0x30
-#define SEARCH_EQUAL 0x31
-#define SEARCH_LOW 0x32
-#define SET_LIMITS 0x33
-#define PRE_FETCH 0x34
-#define READ_POSITION 0x34
-#define SYNCHRONIZE_CACHE 0x35
-#define LOCK_UNLOCK_CACHE 0x36
-#define INITIALIZE_ELEMENT_STATUS_WITH_RANGE 0x37
-#define READ_DEFECT_DATA 0x37
-#define MEDIUM_SCAN 0x38
-#define COMPARE 0x39
-#define COPY_VERIFY 0x3a
-#define WRITE_BUFFER 0x3b
-#define READ_BUFFER 0x3c
-#define UPDATE_BLOCK 0x3d
-#define READ_LONG_10 0x3e
-#define WRITE_LONG_10 0x3f
-#define CHANGE_DEFINITION 0x40
-#define WRITE_SAME_10 0x41
-#define UNMAP 0x42
-#define READ_TOC 0x43
-#define REPORT_DENSITY_SUPPORT 0x44
-#define GET_CONFIGURATION 0x46
-#define SANITIZE 0x48
-#define GET_EVENT_STATUS_NOTIFICATION 0x4a
-#define LOG_SELECT 0x4c
-#define LOG_SENSE 0x4d
-#define READ_DISC_INFORMATION 0x51
-#define RESERVE_TRACK 0x53
-#define MODE_SELECT_10 0x55
-#define RESERVE_10 0x56
-#define RELEASE_10 0x57
-#define MODE_SENSE_10 0x5a
-#define SEND_CUE_SHEET 0x5d
-#define PERSISTENT_RESERVE_IN 0x5e
-#define PERSISTENT_RESERVE_OUT 0x5f
-#define VARLENGTH_CDB 0x7f
-#define WRITE_FILEMARKS_16 0x80
-#define READ_REVERSE_16 0x81
-#define ALLOW_OVERWRITE 0x82
-#define EXTENDED_COPY 0x83
-#define ATA_PASSTHROUGH_16 0x85
-#define ACCESS_CONTROL_IN 0x86
-#define ACCESS_CONTROL_OUT 0x87
-#define READ_16 0x88
-#define COMPARE_AND_WRITE 0x89
-#define WRITE_16 0x8a
-#define WRITE_VERIFY_16 0x8e
-#define VERIFY_16 0x8f
-#define PRE_FETCH_16 0x90
-#define SPACE_16 0x91
-#define SYNCHRONIZE_CACHE_16 0x91
-#define LOCATE_16 0x92
-#define WRITE_SAME_16 0x93
-#define ERASE_16 0x93
-#define SERVICE_ACTION_IN_16 0x9e
-#define WRITE_LONG_16 0x9f
-#define REPORT_LUNS 0xa0
-#define ATA_PASSTHROUGH_12 0xa1
-#define MAINTENANCE_IN 0xa3
-#define MAINTENANCE_OUT 0xa4
-#define MOVE_MEDIUM 0xa5
-#define EXCHANGE_MEDIUM 0xa6
-#define SET_READ_AHEAD 0xa7
-#define READ_12 0xa8
-#define WRITE_12 0xaa
-#define SERVICE_ACTION_IN_12 0xab
-#define ERASE_12 0xac
-#define READ_DVD_STRUCTURE 0xad
-#define WRITE_VERIFY_12 0xae
-#define VERIFY_12 0xaf
-#define SEARCH_HIGH_12 0xb0
-#define SEARCH_EQUAL_12 0xb1
-#define SEARCH_LOW_12 0xb2
-#define READ_ELEMENT_STATUS 0xb8
-#define SEND_VOLUME_TAG 0xb6
-#define READ_DEFECT_DATA_12 0xb7
-#define SET_CD_SPEED 0xbb
-#define MECHANISM_STATUS 0xbd
-#define READ_CD 0xbe
-#define SEND_DVD_STRUCTURE 0xbf
-
-/*
- * SERVICE ACTION IN subcodes
- */
-#define SAI_READ_CAPACITY_16 0x10
-
-/*
- * READ POSITION service action codes
- */
-#define SHORT_FORM_BLOCK_ID 0x00
-#define SHORT_FORM_VENDOR_SPECIFIC 0x01
-#define LONG_FORM 0x06
-#define EXTENDED_FORM 0x08
-
-/*
- * SAM Status codes
- */
-
-#define GOOD 0x00
-#define CHECK_CONDITION 0x02
-#define CONDITION_GOOD 0x04
-#define BUSY 0x08
-#define INTERMEDIATE_GOOD 0x10
-#define INTERMEDIATE_C_GOOD 0x14
-#define RESERVATION_CONFLICT 0x18
-#define COMMAND_TERMINATED 0x22
-#define TASK_SET_FULL 0x28
-#define ACA_ACTIVE 0x30
-#define TASK_ABORTED 0x40
-
-#define STATUS_MASK 0x3e
-
-/*
- * SENSE KEYS
- */
-
-#define NO_SENSE 0x00
-#define RECOVERED_ERROR 0x01
-#define NOT_READY 0x02
-#define MEDIUM_ERROR 0x03
-#define HARDWARE_ERROR 0x04
-#define ILLEGAL_REQUEST 0x05
-#define UNIT_ATTENTION 0x06
-#define DATA_PROTECT 0x07
-#define BLANK_CHECK 0x08
-#define COPY_ABORTED 0x0a
-#define ABORTED_COMMAND 0x0b
-#define VOLUME_OVERFLOW 0x0d
-#define MISCOMPARE 0x0e
-
-
-/*
- * DEVICE TYPES
- */
-
-#define TYPE_DISK 0x00
-#define TYPE_TAPE 0x01
-#define TYPE_PRINTER 0x02
-#define TYPE_PROCESSOR 0x03 /* HP scanners use this */
-#define TYPE_WORM 0x04 /* Treated as ROM by our system */
-#define TYPE_ROM 0x05
-#define TYPE_SCANNER 0x06
-#define TYPE_MOD 0x07 /* Magneto-optical disk -
- * - treated as TYPE_DISK */
-#define TYPE_MEDIUM_CHANGER 0x08
-#define TYPE_STORAGE_ARRAY 0x0c /* Storage array device */
-#define TYPE_ENCLOSURE 0x0d /* Enclosure Services Device */
-#define TYPE_RBC 0x0e /* Simplified Direct-Access Device */
-#define TYPE_OSD 0x11 /* Object-storage Device */
-#define TYPE_WLUN 0x1e /* Well known LUN */
-#define TYPE_NOT_PRESENT 0x1f
-#define TYPE_INACTIVE 0x20
-#define TYPE_NO_LUN 0x7f
-
-/* Mode page codes for mode sense/set */
-#define MODE_PAGE_R_W_ERROR 0x01
-#define MODE_PAGE_HD_GEOMETRY 0x04
-#define MODE_PAGE_FLEXIBLE_DISK_GEOMETRY 0x05
-#define MODE_PAGE_CACHING 0x08
-#define MODE_PAGE_AUDIO_CTL 0x0e
-#define MODE_PAGE_POWER 0x1a
-#define MODE_PAGE_FAULT_FAIL 0x1c
-#define MODE_PAGE_TO_PROTECT 0x1d
-#define MODE_PAGE_CAPABILITIES 0x2a
-#define MODE_PAGE_ALLS 0x3f
-/* Not in Mt. Fuji, but in ATAPI 2.6 -- depricated now in favor
- * of MODE_PAGE_SENSE_POWER */
-#define MODE_PAGE_CDROM 0x0d
-
-/* Event notification classes for GET EVENT STATUS NOTIFICATION */
-#define GESN_NO_EVENTS 0
-#define GESN_OPERATIONAL_CHANGE 1
-#define GESN_POWER_MANAGEMENT 2
-#define GESN_EXTERNAL_REQUEST 3
-#define GESN_MEDIA 4
-#define GESN_MULTIPLE_HOSTS 5
-#define GESN_DEVICE_BUSY 6
-
-/* Event codes for MEDIA event status notification */
-#define MEC_NO_CHANGE 0
-#define MEC_EJECT_REQUESTED 1
-#define MEC_NEW_MEDIA 2
-#define MEC_MEDIA_REMOVAL 3 /* only for media changers */
-#define MEC_MEDIA_CHANGED 4 /* only for media changers */
-#define MEC_BG_FORMAT_COMPLETED 5 /* MRW or DVD+RW b/g format completed */
-#define MEC_BG_FORMAT_RESTARTED 6 /* MRW or DVD+RW b/g format restarted */
-
-#define MS_TRAY_OPEN 1
-#define MS_MEDIA_PRESENT 2
-
-/*
- * Based on values from <linux/cdrom.h> but extending CD_MINS
- * to the maximum common size allowed by the Orange's Book ATIP
- *
- * 90 and 99 min CDs are also available but using them as the
- * upper limit reduces the effectiveness of the heuristic to
- * detect DVDs burned to less than 25% of their maximum capacity
- */
-
-/* Some generally useful CD-ROM information */
-#define CD_MINS 80 /* max. minutes per CD */
-#define CD_SECS 60 /* seconds per minute */
-#define CD_FRAMES 75 /* frames per second */
-#define CD_FRAMESIZE 2048 /* bytes per frame, "cooked" mode */
-#define CD_MAX_BYTES (CD_MINS * CD_SECS * CD_FRAMES * CD_FRAMESIZE)
-#define CD_MAX_SECTORS (CD_MAX_BYTES / 512)
-
-/*
- * The MMC values are not IDE specific and might need to be moved
- * to a common header if they are also needed for the SCSI emulation
- */
-
-/* Profile list from MMC-6 revision 1 table 91 */
-#define MMC_PROFILE_NONE 0x0000
-#define MMC_PROFILE_CD_ROM 0x0008
-#define MMC_PROFILE_CD_R 0x0009
-#define MMC_PROFILE_CD_RW 0x000A
-#define MMC_PROFILE_DVD_ROM 0x0010
-#define MMC_PROFILE_DVD_R_SR 0x0011
-#define MMC_PROFILE_DVD_RAM 0x0012
-#define MMC_PROFILE_DVD_RW_RO 0x0013
-#define MMC_PROFILE_DVD_RW_SR 0x0014
-#define MMC_PROFILE_DVD_R_DL_SR 0x0015
-#define MMC_PROFILE_DVD_R_DL_JR 0x0016
-#define MMC_PROFILE_DVD_RW_DL 0x0017
-#define MMC_PROFILE_DVD_DDR 0x0018
-#define MMC_PROFILE_DVD_PLUS_RW 0x001A
-#define MMC_PROFILE_DVD_PLUS_R 0x001B
-#define MMC_PROFILE_DVD_PLUS_RW_DL 0x002A
-#define MMC_PROFILE_DVD_PLUS_R_DL 0x002B
-#define MMC_PROFILE_BD_ROM 0x0040
-#define MMC_PROFILE_BD_R_SRM 0x0041
-#define MMC_PROFILE_BD_R_RRM 0x0042
-#define MMC_PROFILE_BD_RE 0x0043
-#define MMC_PROFILE_HDDVD_ROM 0x0050
-#define MMC_PROFILE_HDDVD_R 0x0051
-#define MMC_PROFILE_HDDVD_RAM 0x0052
-#define MMC_PROFILE_HDDVD_RW 0x0053
-#define MMC_PROFILE_HDDVD_R_DL 0x0058
-#define MMC_PROFILE_HDDVD_RW_DL 0x005A
-#define MMC_PROFILE_INVALID 0xFFFF
diff --git a/hw/scsi-disk.c b/hw/scsi-disk.c
deleted file mode 100644
index 49b5686a9..000000000
--- a/hw/scsi-disk.c
+++ /dev/null
@@ -1,2501 +0,0 @@
-/*
- * SCSI Device emulation
- *
- * Copyright (c) 2006 CodeSourcery.
- * Based on code by Fabrice Bellard
- *
- * Written by Paul Brook
- * Modifications:
- * 2009-Dec-12 Artyom Tarasenko : implemented stamdard inquiry for the case
- * when the allocation length of CDB is smaller
- * than 36.
- * 2009-Oct-13 Artyom Tarasenko : implemented the block descriptor in the
- * MODE SENSE response.
- *
- * This code is licensed under the LGPL.
- *
- * Note that this file only handles the SCSI architecture model and device
- * commands. Emulation of interface/link layer protocols is handled by
- * the host adapter emulator.
- */
-
-//#define DEBUG_SCSI
-
-#ifdef DEBUG_SCSI
-#define DPRINTF(fmt, ...) \
-do { printf("scsi-disk: " fmt , ## __VA_ARGS__); } while (0)
-#else
-#define DPRINTF(fmt, ...) do {} while(0)
-#endif
-
-#include "qemu-common.h"
-#include "qemu-error.h"
-#include "scsi.h"
-#include "scsi-defs.h"
-#include "sysemu.h"
-#include "blockdev.h"
-#include "hw/block-common.h"
-#include "dma.h"
-
-#ifdef __linux
-#include <scsi/sg.h>
-#endif
-
-#define SCSI_DMA_BUF_SIZE 131072
-#define SCSI_MAX_INQUIRY_LEN 256
-#define SCSI_MAX_MODE_LEN 256
-
-typedef struct SCSIDiskState SCSIDiskState;
-
-typedef struct SCSIDiskReq {
- SCSIRequest req;
- /* Both sector and sector_count are in terms of qemu 512 byte blocks. */
- uint64_t sector;
- uint32_t sector_count;
- uint32_t buflen;
- bool started;
- struct iovec iov;
- QEMUIOVector qiov;
- BlockAcctCookie acct;
-} SCSIDiskReq;
-
-#define SCSI_DISK_F_REMOVABLE 0
-#define SCSI_DISK_F_DPOFUA 1
-
-struct SCSIDiskState
-{
- SCSIDevice qdev;
- uint32_t features;
- bool media_changed;
- bool media_event;
- bool eject_request;
- uint64_t wwn;
- QEMUBH *bh;
- char *version;
- char *serial;
- char *vendor;
- char *product;
- bool tray_open;
- bool tray_locked;
-};
-
-static int scsi_handle_rw_error(SCSIDiskReq *r, int error);
-
-static void scsi_free_request(SCSIRequest *req)
-{
- SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
-
- if (r->iov.iov_base) {
- qemu_vfree(r->iov.iov_base);
- }
-}
-
-/* Helper function for command completion with sense. */
-static void scsi_check_condition(SCSIDiskReq *r, SCSISense sense)
-{
- DPRINTF("Command complete tag=0x%x sense=%d/%d/%d\n",
- r->req.tag, sense.key, sense.asc, sense.ascq);
- scsi_req_build_sense(&r->req, sense);
- scsi_req_complete(&r->req, CHECK_CONDITION);
-}
-
-/* Cancel a pending data transfer. */
-static void scsi_cancel_io(SCSIRequest *req)
-{
- SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
-
- DPRINTF("Cancel tag=0x%x\n", req->tag);
- if (r->req.aiocb) {
- bdrv_aio_cancel(r->req.aiocb);
-
- /* This reference was left in by scsi_*_data. We take ownership of
- * it the moment scsi_req_cancel is called, independent of whether
- * bdrv_aio_cancel completes the request or not. */
- scsi_req_unref(&r->req);
- }
- r->req.aiocb = NULL;
-}
-
-static uint32_t scsi_init_iovec(SCSIDiskReq *r, size_t size)
-{
- SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
-
- if (!r->iov.iov_base) {
- r->buflen = size;
- r->iov.iov_base = qemu_blockalign(s->qdev.conf.bs, r->buflen);
- }
- r->iov.iov_len = MIN(r->sector_count * 512, r->buflen);
- qemu_iovec_init_external(&r->qiov, &r->iov, 1);
- return r->qiov.size / 512;
-}
-
-static void scsi_disk_save_request(QEMUFile *f, SCSIRequest *req)
-{
- SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
-
- qemu_put_be64s(f, &r->sector);
- qemu_put_be32s(f, &r->sector_count);
- qemu_put_be32s(f, &r->buflen);
- if (r->buflen) {
- if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
- qemu_put_buffer(f, r->iov.iov_base, r->iov.iov_len);
- } else if (!req->retry) {
- uint32_t len = r->iov.iov_len;
- qemu_put_be32s(f, &len);
- qemu_put_buffer(f, r->iov.iov_base, r->iov.iov_len);
- }
- }
-}
-
-static void scsi_disk_load_request(QEMUFile *f, SCSIRequest *req)
-{
- SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
-
- qemu_get_be64s(f, &r->sector);
- qemu_get_be32s(f, &r->sector_count);
- qemu_get_be32s(f, &r->buflen);
- if (r->buflen) {
- scsi_init_iovec(r, r->buflen);
- if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
- qemu_get_buffer(f, r->iov.iov_base, r->iov.iov_len);
- } else if (!r->req.retry) {
- uint32_t len;
- qemu_get_be32s(f, &len);
- r->iov.iov_len = len;
- assert(r->iov.iov_len <= r->buflen);
- qemu_get_buffer(f, r->iov.iov_base, r->iov.iov_len);
- }
- }
-
- qemu_iovec_init_external(&r->qiov, &r->iov, 1);
-}
-
-static void scsi_aio_complete(void *opaque, int ret)
-{
- SCSIDiskReq *r = (SCSIDiskReq *)opaque;
- SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
-
- assert(r->req.aiocb != NULL);
- r->req.aiocb = NULL;
- bdrv_acct_done(s->qdev.conf.bs, &r->acct);
-
- if (ret < 0) {
- if (scsi_handle_rw_error(r, -ret)) {
- goto done;
- }
- }
-
- scsi_req_complete(&r->req, GOOD);
-
-done:
- if (!r->req.io_canceled) {
- scsi_req_unref(&r->req);
- }
-}
-
-static bool scsi_is_cmd_fua(SCSICommand *cmd)
-{
- switch (cmd->buf[0]) {
- case READ_10:
- case READ_12:
- case READ_16:
- case WRITE_10:
- case WRITE_12:
- case WRITE_16:
- return (cmd->buf[1] & 8) != 0;
-
- case VERIFY_10:
- case VERIFY_12:
- case VERIFY_16:
- case WRITE_VERIFY_10:
- case WRITE_VERIFY_12:
- case WRITE_VERIFY_16:
- return true;
-
- case READ_6:
- case WRITE_6:
- default:
- return false;
- }
-}
-
-static void scsi_write_do_fua(SCSIDiskReq *r)
-{
- SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
-
- if (scsi_is_cmd_fua(&r->req.cmd)) {
- bdrv_acct_start(s->qdev.conf.bs, &r->acct, 0, BDRV_ACCT_FLUSH);
- r->req.aiocb = bdrv_aio_flush(s->qdev.conf.bs, scsi_aio_complete, r);
- return;
- }
-
- scsi_req_complete(&r->req, GOOD);
- if (!r->req.io_canceled) {
- scsi_req_unref(&r->req);
- }
-}
-
-static void scsi_dma_complete(void *opaque, int ret)
-{
- SCSIDiskReq *r = (SCSIDiskReq *)opaque;
- SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
-
- assert(r->req.aiocb != NULL);
- r->req.aiocb = NULL;
- bdrv_acct_done(s->qdev.conf.bs, &r->acct);
-
- if (ret < 0) {
- if (scsi_handle_rw_error(r, -ret)) {
- goto done;
- }
- }
-
- r->sector += r->sector_count;
- r->sector_count = 0;
- if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
- scsi_write_do_fua(r);
- return;
- } else {
- scsi_req_complete(&r->req, GOOD);
- }
-
-done:
- if (!r->req.io_canceled) {
- scsi_req_unref(&r->req);
- }
-}
-
-static void scsi_read_complete(void * opaque, int ret)
-{
- SCSIDiskReq *r = (SCSIDiskReq *)opaque;
- SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
- int n;
-
- assert(r->req.aiocb != NULL);
- r->req.aiocb = NULL;
- bdrv_acct_done(s->qdev.conf.bs, &r->acct);
-
- if (ret < 0) {
- if (scsi_handle_rw_error(r, -ret)) {
- goto done;
- }
- }
-
- DPRINTF("Data ready tag=0x%x len=%zd\n", r->req.tag, r->qiov.size);
-
- n = r->qiov.size / 512;
- r->sector += n;
- r->sector_count -= n;
- scsi_req_data(&r->req, r->qiov.size);
-
-done:
- if (!r->req.io_canceled) {
- scsi_req_unref(&r->req);
- }
-}
-
-/* Actually issue a read to the block device. */
-static void scsi_do_read(void *opaque, int ret)
-{
- SCSIDiskReq *r = opaque;
- SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
- uint32_t n;
-
- if (r->req.aiocb != NULL) {
- r->req.aiocb = NULL;
- bdrv_acct_done(s->qdev.conf.bs, &r->acct);
- }
-
- if (ret < 0) {
- if (scsi_handle_rw_error(r, -ret)) {
- goto done;
- }
- }
-
- if (r->req.io_canceled) {
- return;
- }
-
- /* The request is used as the AIO opaque value, so add a ref. */
- scsi_req_ref(&r->req);
-
- if (r->req.sg) {
- dma_acct_start(s->qdev.conf.bs, &r->acct, r->req.sg, BDRV_ACCT_READ);
- r->req.resid -= r->req.sg->size;
- r->req.aiocb = dma_bdrv_read(s->qdev.conf.bs, r->req.sg, r->sector,
- scsi_dma_complete, r);
- } else {
- n = scsi_init_iovec(r, SCSI_DMA_BUF_SIZE);
- bdrv_acct_start(s->qdev.conf.bs, &r->acct, n * BDRV_SECTOR_SIZE, BDRV_ACCT_READ);
- r->req.aiocb = bdrv_aio_readv(s->qdev.conf.bs, r->sector, &r->qiov, n,
- scsi_read_complete, r);
- }
-
-done:
- if (!r->req.io_canceled) {
- scsi_req_unref(&r->req);
- }
-}
-
-/* Read more data from scsi device into buffer. */
-static void scsi_read_data(SCSIRequest *req)
-{
- SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
- SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
- bool first;
-
- DPRINTF("Read sector_count=%d\n", r->sector_count);
- if (r->sector_count == 0) {
- /* This also clears the sense buffer for REQUEST SENSE. */
- scsi_req_complete(&r->req, GOOD);
- return;
- }
-
- /* No data transfer may already be in progress */
- assert(r->req.aiocb == NULL);
-
- /* The request is used as the AIO opaque value, so add a ref. */
- scsi_req_ref(&r->req);
- if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
- DPRINTF("Data transfer direction invalid\n");
- scsi_read_complete(r, -EINVAL);
- return;
- }
-
- if (s->tray_open) {
- scsi_read_complete(r, -ENOMEDIUM);
- return;
- }
-
- first = !r->started;
- r->started = true;
- if (first && scsi_is_cmd_fua(&r->req.cmd)) {
- bdrv_acct_start(s->qdev.conf.bs, &r->acct, 0, BDRV_ACCT_FLUSH);
- r->req.aiocb = bdrv_aio_flush(s->qdev.conf.bs, scsi_do_read, r);
- } else {
- scsi_do_read(r, 0);
- }
-}
-
-/*
- * scsi_handle_rw_error has two return values. 0 means that the error
- * must be ignored, 1 means that the error has been processed and the
- * caller should not do anything else for this request. Note that
- * scsi_handle_rw_error always manages its reference counts, independent
- * of the return value.
- */
-static int scsi_handle_rw_error(SCSIDiskReq *r, int error)
-{
- bool is_read = (r->req.cmd.xfer == SCSI_XFER_FROM_DEV);
- SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
- BlockErrorAction action = bdrv_get_error_action(s->qdev.conf.bs, is_read, error);
-
- if (action == BDRV_ACTION_REPORT) {
- switch (error) {
- case ENOMEDIUM:
- scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
- break;
- case ENOMEM:
- scsi_check_condition(r, SENSE_CODE(TARGET_FAILURE));
- break;
- case EINVAL:
- scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
- break;
- default:
- scsi_check_condition(r, SENSE_CODE(IO_ERROR));
- break;
- }
- }
- bdrv_error_action(s->qdev.conf.bs, action, is_read, error);
- if (action == BDRV_ACTION_STOP) {
- scsi_req_retry(&r->req);
- }
- return action != BDRV_ACTION_IGNORE;
-}
-
-static void scsi_write_complete(void * opaque, int ret)
-{
- SCSIDiskReq *r = (SCSIDiskReq *)opaque;
- SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
- uint32_t n;
-
- if (r->req.aiocb != NULL) {
- r->req.aiocb = NULL;
- bdrv_acct_done(s->qdev.conf.bs, &r->acct);
- }
-
- if (ret < 0) {
- if (scsi_handle_rw_error(r, -ret)) {
- goto done;
- }
- }
-
- n = r->qiov.size / 512;
- r->sector += n;
- r->sector_count -= n;
- if (r->sector_count == 0) {
- scsi_write_do_fua(r);
- return;
- } else {
- scsi_init_iovec(r, SCSI_DMA_BUF_SIZE);
- DPRINTF("Write complete tag=0x%x more=%zd\n", r->req.tag, r->qiov.size);
- scsi_req_data(&r->req, r->qiov.size);
- }
-
-done:
- if (!r->req.io_canceled) {
- scsi_req_unref(&r->req);
- }
-}
-
-static void scsi_write_data(SCSIRequest *req)
-{
- SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
- SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
- uint32_t n;
-
- /* No data transfer may already be in progress */
- assert(r->req.aiocb == NULL);
-
- /* The request is used as the AIO opaque value, so add a ref. */
- scsi_req_ref(&r->req);
- if (r->req.cmd.mode != SCSI_XFER_TO_DEV) {
- DPRINTF("Data transfer direction invalid\n");
- scsi_write_complete(r, -EINVAL);
- return;
- }
-
- if (!r->req.sg && !r->qiov.size) {
- /* Called for the first time. Ask the driver to send us more data. */
- r->started = true;
- scsi_write_complete(r, 0);
- return;
- }
- if (s->tray_open) {
- scsi_write_complete(r, -ENOMEDIUM);
- return;
- }
-
- if (r->req.cmd.buf[0] == VERIFY_10 || r->req.cmd.buf[0] == VERIFY_12 ||
- r->req.cmd.buf[0] == VERIFY_16) {
- if (r->req.sg) {
- scsi_dma_complete(r, 0);
- } else {
- scsi_write_complete(r, 0);
- }
- return;
- }
-
- if (r->req.sg) {
- dma_acct_start(s->qdev.conf.bs, &r->acct, r->req.sg, BDRV_ACCT_WRITE);
- r->req.resid -= r->req.sg->size;
- r->req.aiocb = dma_bdrv_write(s->qdev.conf.bs, r->req.sg, r->sector,
- scsi_dma_complete, r);
- } else {
- n = r->qiov.size / 512;
- bdrv_acct_start(s->qdev.conf.bs, &r->acct, n * BDRV_SECTOR_SIZE, BDRV_ACCT_WRITE);
- r->req.aiocb = bdrv_aio_writev(s->qdev.conf.bs, r->sector, &r->qiov, n,
- scsi_write_complete, r);
- }
-}
-
-/* Return a pointer to the data buffer. */
-static uint8_t *scsi_get_buf(SCSIRequest *req)
-{
- SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
-
- return (uint8_t *)r->iov.iov_base;
-}
-
-static int scsi_disk_emulate_inquiry(SCSIRequest *req, uint8_t *outbuf)
-{
- SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
- int buflen = 0;
- int start;
-
- if (req->cmd.buf[1] & 0x1) {
- /* Vital product data */
- uint8_t page_code = req->cmd.buf[2];
-
- outbuf[buflen++] = s->qdev.type & 0x1f;
- outbuf[buflen++] = page_code ; // this page
- outbuf[buflen++] = 0x00;
- outbuf[buflen++] = 0x00;
- start = buflen;
-
- switch (page_code) {
- case 0x00: /* Supported page codes, mandatory */
- {
- DPRINTF("Inquiry EVPD[Supported pages] "
- "buffer size %zd\n", req->cmd.xfer);
- outbuf[buflen++] = 0x00; // list of supported pages (this page)
- if (s->serial) {
- outbuf[buflen++] = 0x80; // unit serial number
- }
- outbuf[buflen++] = 0x83; // device identification
- if (s->qdev.type == TYPE_DISK) {
- outbuf[buflen++] = 0xb0; // block limits
- outbuf[buflen++] = 0xb2; // thin provisioning
- }
- break;
- }
- case 0x80: /* Device serial number, optional */
- {
- int l;
-
- if (!s->serial) {
- DPRINTF("Inquiry (EVPD[Serial number] not supported\n");
- return -1;
- }
-
- l = strlen(s->serial);
- if (l > 20) {
- l = 20;
- }
-
- DPRINTF("Inquiry EVPD[Serial number] "
- "buffer size %zd\n", req->cmd.xfer);
- memcpy(outbuf+buflen, s->serial, l);
- buflen += l;
- break;
- }
-
- case 0x83: /* Device identification page, mandatory */
- {
- const char *str = s->serial ?: bdrv_get_device_name(s->qdev.conf.bs);
- int max_len = s->serial ? 20 : 255 - 8;
- int id_len = strlen(str);
-
- if (id_len > max_len) {
- id_len = max_len;
- }
- DPRINTF("Inquiry EVPD[Device identification] "
- "buffer size %zd\n", req->cmd.xfer);
-
- outbuf[buflen++] = 0x2; // ASCII
- outbuf[buflen++] = 0; // not officially assigned
- outbuf[buflen++] = 0; // reserved
- outbuf[buflen++] = id_len; // length of data following
- memcpy(outbuf+buflen, str, id_len);
- buflen += id_len;
-
- if (s->wwn) {
- outbuf[buflen++] = 0x1; // Binary
- outbuf[buflen++] = 0x3; // NAA
- outbuf[buflen++] = 0; // reserved
- outbuf[buflen++] = 8;
- stq_be_p(&outbuf[buflen], s->wwn);
- buflen += 8;
- }
- break;
- }
- case 0xb0: /* block limits */
- {
- unsigned int unmap_sectors =
- s->qdev.conf.discard_granularity / s->qdev.blocksize;
- unsigned int min_io_size =
- s->qdev.conf.min_io_size / s->qdev.blocksize;
- unsigned int opt_io_size =
- s->qdev.conf.opt_io_size / s->qdev.blocksize;
-
- if (s->qdev.type == TYPE_ROM) {
- DPRINTF("Inquiry (EVPD[%02X] not supported for CDROM\n",
- page_code);
- return -1;
- }
- /* required VPD size with unmap support */
- buflen = 0x40;
- memset(outbuf + 4, 0, buflen - 4);
-
- /* optimal transfer length granularity */
- outbuf[6] = (min_io_size >> 8) & 0xff;
- outbuf[7] = min_io_size & 0xff;
-
- /* optimal transfer length */
- outbuf[12] = (opt_io_size >> 24) & 0xff;
- outbuf[13] = (opt_io_size >> 16) & 0xff;
- outbuf[14] = (opt_io_size >> 8) & 0xff;
- outbuf[15] = opt_io_size & 0xff;
-
- /* optimal unmap granularity */
- outbuf[28] = (unmap_sectors >> 24) & 0xff;
- outbuf[29] = (unmap_sectors >> 16) & 0xff;
- outbuf[30] = (unmap_sectors >> 8) & 0xff;
- outbuf[31] = unmap_sectors & 0xff;
- break;
- }
- case 0xb2: /* thin provisioning */
- {
- buflen = 8;
- outbuf[4] = 0;
- outbuf[5] = 0xe0; /* unmap & write_same 10/16 all supported */
- outbuf[6] = s->qdev.conf.discard_granularity ? 2 : 1;
- outbuf[7] = 0;
- break;
- }
- default:
- return -1;
- }
- /* done with EVPD */
- assert(buflen - start <= 255);
- outbuf[start - 1] = buflen - start;
- return buflen;
- }
-
- /* Standard INQUIRY data */
- if (req->cmd.buf[2] != 0) {
- return -1;
- }
-
- /* PAGE CODE == 0 */
- buflen = req->cmd.xfer;
- if (buflen > SCSI_MAX_INQUIRY_LEN) {
- buflen = SCSI_MAX_INQUIRY_LEN;
- }
-
- outbuf[0] = s->qdev.type & 0x1f;
- outbuf[1] = (s->features & (1 << SCSI_DISK_F_REMOVABLE)) ? 0x80 : 0;
-
- strpadcpy((char *) &outbuf[16], 16, s->product, ' ');
- strpadcpy((char *) &outbuf[8], 8, s->vendor, ' ');
-
- memset(&outbuf[32], 0, 4);
- memcpy(&outbuf[32], s->version, MIN(4, strlen(s->version)));
- /*
- * We claim conformance to SPC-3, which is required for guests
- * to ask for modern features like READ CAPACITY(16) or the
- * block characteristics VPD page by default. Not all of SPC-3
- * is actually implemented, but we're good enough.
- */
- outbuf[2] = 5;
- outbuf[3] = 2 | 0x10; /* Format 2, HiSup */
-
- if (buflen > 36) {
- outbuf[4] = buflen - 5; /* Additional Length = (Len - 1) - 4 */
- } else {
- /* If the allocation length of CDB is too small,
- the additional length is not adjusted */
- outbuf[4] = 36 - 5;
- }
-
- /* Sync data transfer and TCQ. */
- outbuf[7] = 0x10 | (req->bus->info->tcq ? 0x02 : 0);
- return buflen;
-}
-
-static inline bool media_is_dvd(SCSIDiskState *s)
-{
- uint64_t nb_sectors;
- if (s->qdev.type != TYPE_ROM) {
- return false;
- }
- if (!bdrv_is_inserted(s->qdev.conf.bs)) {
- return false;
- }
- bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
- return nb_sectors > CD_MAX_SECTORS;
-}
-
-static inline bool media_is_cd(SCSIDiskState *s)
-{
- uint64_t nb_sectors;
- if (s->qdev.type != TYPE_ROM) {
- return false;
- }
- if (!bdrv_is_inserted(s->qdev.conf.bs)) {
- return false;
- }
- bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
- return nb_sectors <= CD_MAX_SECTORS;
-}
-
-static int scsi_read_disc_information(SCSIDiskState *s, SCSIDiskReq *r,
- uint8_t *outbuf)
-{
- uint8_t type = r->req.cmd.buf[1] & 7;
-
- if (s->qdev.type != TYPE_ROM) {
- return -1;
- }
-
- /* Types 1/2 are only defined for Blu-Ray. */
- if (type != 0) {
- scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
- return -1;
- }
-
- memset(outbuf, 0, 34);
- outbuf[1] = 32;
- outbuf[2] = 0xe; /* last session complete, disc finalized */
- outbuf[3] = 1; /* first track on disc */
- outbuf[4] = 1; /* # of sessions */
- outbuf[5] = 1; /* first track of last session */
- outbuf[6] = 1; /* last track of last session */
- outbuf[7] = 0x20; /* unrestricted use */
- outbuf[8] = 0x00; /* CD-ROM or DVD-ROM */
- /* 9-10-11: most significant byte corresponding bytes 4-5-6 */
- /* 12-23: not meaningful for CD-ROM or DVD-ROM */
- /* 24-31: disc bar code */
- /* 32: disc application code */
- /* 33: number of OPC tables */
-
- return 34;
-}
-
-static int scsi_read_dvd_structure(SCSIDiskState *s, SCSIDiskReq *r,
- uint8_t *outbuf)
-{
- static const int rds_caps_size[5] = {
- [0] = 2048 + 4,
- [1] = 4 + 4,
- [3] = 188 + 4,
- [4] = 2048 + 4,
- };
-
- uint8_t media = r->req.cmd.buf[1];
- uint8_t layer = r->req.cmd.buf[6];
- uint8_t format = r->req.cmd.buf[7];
- int size = -1;
-
- if (s->qdev.type != TYPE_ROM) {
- return -1;
- }
- if (media != 0) {
- scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
- return -1;
- }
-
- if (format != 0xff) {
- if (s->tray_open || !bdrv_is_inserted(s->qdev.conf.bs)) {
- scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
- return -1;
- }
- if (media_is_cd(s)) {
- scsi_check_condition(r, SENSE_CODE(INCOMPATIBLE_FORMAT));
- return -1;
- }
- if (format >= ARRAY_SIZE(rds_caps_size)) {
- return -1;
- }
- size = rds_caps_size[format];
- memset(outbuf, 0, size);
- }
-
- switch (format) {
- case 0x00: {
- /* Physical format information */
- uint64_t nb_sectors;
- if (layer != 0) {
- goto fail;
- }
- bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
-
- outbuf[4] = 1; /* DVD-ROM, part version 1 */
- outbuf[5] = 0xf; /* 120mm disc, minimum rate unspecified */
- outbuf[6] = 1; /* one layer, read-only (per MMC-2 spec) */
- outbuf[7] = 0; /* default densities */
-
- stl_be_p(&outbuf[12], (nb_sectors >> 2) - 1); /* end sector */
- stl_be_p(&outbuf[16], (nb_sectors >> 2) - 1); /* l0 end sector */
- break;
- }
-
- case 0x01: /* DVD copyright information, all zeros */
- break;
-
- case 0x03: /* BCA information - invalid field for no BCA info */
- return -1;
-
- case 0x04: /* DVD disc manufacturing information, all zeros */
- break;
-
- case 0xff: { /* List capabilities */
- int i;
- size = 4;
- for (i = 0; i < ARRAY_SIZE(rds_caps_size); i++) {
- if (!rds_caps_size[i]) {
- continue;
- }
- outbuf[size] = i;
- outbuf[size + 1] = 0x40; /* Not writable, readable */
- stw_be_p(&outbuf[size + 2], rds_caps_size[i]);
- size += 4;
- }
- break;
- }
-
- default:
- return -1;
- }
-
- /* Size of buffer, not including 2 byte size field */
- stw_be_p(outbuf, size - 2);
- return size;
-
-fail:
- return -1;
-}
-
-static int scsi_event_status_media(SCSIDiskState *s, uint8_t *outbuf)
-{
- uint8_t event_code, media_status;
-
- media_status = 0;
- if (s->tray_open) {
- media_status = MS_TRAY_OPEN;
- } else if (bdrv_is_inserted(s->qdev.conf.bs)) {
- media_status = MS_MEDIA_PRESENT;
- }
-
- /* Event notification descriptor */
- event_code = MEC_NO_CHANGE;
- if (media_status != MS_TRAY_OPEN) {
- if (s->media_event) {
- event_code = MEC_NEW_MEDIA;
- s->media_event = false;
- } else if (s->eject_request) {
- event_code = MEC_EJECT_REQUESTED;
- s->eject_request = false;
- }
- }
-
- outbuf[0] = event_code;
- outbuf[1] = media_status;
-
- /* These fields are reserved, just clear them. */
- outbuf[2] = 0;
- outbuf[3] = 0;
- return 4;
-}
-
-static int scsi_get_event_status_notification(SCSIDiskState *s, SCSIDiskReq *r,
- uint8_t *outbuf)
-{
- int size;
- uint8_t *buf = r->req.cmd.buf;
- uint8_t notification_class_request = buf[4];
- if (s->qdev.type != TYPE_ROM) {
- return -1;
- }
- if ((buf[1] & 1) == 0) {
- /* asynchronous */
- return -1;
- }
-
- size = 4;
- outbuf[0] = outbuf[1] = 0;
- outbuf[3] = 1 << GESN_MEDIA; /* supported events */
- if (notification_class_request & (1 << GESN_MEDIA)) {
- outbuf[2] = GESN_MEDIA;
- size += scsi_event_status_media(s, &outbuf[size]);
- } else {
- outbuf[2] = 0x80;
- }
- stw_be_p(outbuf, size - 4);
- return size;
-}
-
-static int scsi_get_configuration(SCSIDiskState *s, uint8_t *outbuf)
-{
- int current;
-
- if (s->qdev.type != TYPE_ROM) {
- return -1;
- }
- current = media_is_dvd(s) ? MMC_PROFILE_DVD_ROM : MMC_PROFILE_CD_ROM;
- memset(outbuf, 0, 40);
- stl_be_p(&outbuf[0], 36); /* Bytes after the data length field */
- stw_be_p(&outbuf[6], current);
- /* outbuf[8] - outbuf[19]: Feature 0 - Profile list */
- outbuf[10] = 0x03; /* persistent, current */
- outbuf[11] = 8; /* two profiles */
- stw_be_p(&outbuf[12], MMC_PROFILE_DVD_ROM);
- outbuf[14] = (current == MMC_PROFILE_DVD_ROM);
- stw_be_p(&outbuf[16], MMC_PROFILE_CD_ROM);
- outbuf[18] = (current == MMC_PROFILE_CD_ROM);
- /* outbuf[20] - outbuf[31]: Feature 1 - Core feature */
- stw_be_p(&outbuf[20], 1);
- outbuf[22] = 0x08 | 0x03; /* version 2, persistent, current */
- outbuf[23] = 8;
- stl_be_p(&outbuf[24], 1); /* SCSI */
- outbuf[28] = 1; /* DBE = 1, mandatory */
- /* outbuf[32] - outbuf[39]: Feature 3 - Removable media feature */
- stw_be_p(&outbuf[32], 3);
- outbuf[34] = 0x08 | 0x03; /* version 2, persistent, current */
- outbuf[35] = 4;
- outbuf[36] = 0x39; /* tray, load=1, eject=1, unlocked at powerup, lock=1 */
- /* TODO: Random readable, CD read, DVD read, drive serial number,
- power management */
- return 40;
-}
-
-static int scsi_emulate_mechanism_status(SCSIDiskState *s, uint8_t *outbuf)
-{
- if (s->qdev.type != TYPE_ROM) {
- return -1;
- }
- memset(outbuf, 0, 8);
- outbuf[5] = 1; /* CD-ROM */
- return 8;
-}
-
-static int mode_sense_page(SCSIDiskState *s, int page, uint8_t **p_outbuf,
- int page_control)
-{
- static const int mode_sense_valid[0x3f] = {
- [MODE_PAGE_HD_GEOMETRY] = (1 << TYPE_DISK),
- [MODE_PAGE_FLEXIBLE_DISK_GEOMETRY] = (1 << TYPE_DISK),
- [MODE_PAGE_CACHING] = (1 << TYPE_DISK) | (1 << TYPE_ROM),
- [MODE_PAGE_R_W_ERROR] = (1 << TYPE_DISK) | (1 << TYPE_ROM),
- [MODE_PAGE_AUDIO_CTL] = (1 << TYPE_ROM),
- [MODE_PAGE_CAPABILITIES] = (1 << TYPE_ROM),
- };
-
- uint8_t *p = *p_outbuf + 2;
- int length;
-
- if ((mode_sense_valid[page] & (1 << s->qdev.type)) == 0) {
- return -1;
- }
-
- /*
- * If Changeable Values are requested, a mask denoting those mode parameters
- * that are changeable shall be returned. As we currently don't support
- * parameter changes via MODE_SELECT all bits are returned set to zero.
- * The buffer was already menset to zero by the caller of this function.
- *
- * The offsets here are off by two compared to the descriptions in the
- * SCSI specs, because those include a 2-byte header. This is unfortunate,
- * but it is done so that offsets are consistent within our implementation
- * of MODE SENSE and MODE SELECT. MODE SELECT has to deal with both
- * 2-byte and 4-byte headers.
- */
- switch (page) {
- case MODE_PAGE_HD_GEOMETRY:
- length = 0x16;
- if (page_control == 1) { /* Changeable Values */
- break;
- }
- /* if a geometry hint is available, use it */
- p[0] = (s->qdev.conf.cyls >> 16) & 0xff;
- p[1] = (s->qdev.conf.cyls >> 8) & 0xff;
- p[2] = s->qdev.conf.cyls & 0xff;
- p[3] = s->qdev.conf.heads & 0xff;
- /* Write precomp start cylinder, disabled */
- p[4] = (s->qdev.conf.cyls >> 16) & 0xff;
- p[5] = (s->qdev.conf.cyls >> 8) & 0xff;
- p[6] = s->qdev.conf.cyls & 0xff;
- /* Reduced current start cylinder, disabled */
- p[7] = (s->qdev.conf.cyls >> 16) & 0xff;
- p[8] = (s->qdev.conf.cyls >> 8) & 0xff;
- p[9] = s->qdev.conf.cyls & 0xff;
- /* Device step rate [ns], 200ns */
- p[10] = 0;
- p[11] = 200;
- /* Landing zone cylinder */
- p[12] = 0xff;
- p[13] = 0xff;
- p[14] = 0xff;
- /* Medium rotation rate [rpm], 5400 rpm */
- p[18] = (5400 >> 8) & 0xff;
- p[19] = 5400 & 0xff;
- break;
-
- case MODE_PAGE_FLEXIBLE_DISK_GEOMETRY:
- length = 0x1e;
- if (page_control == 1) { /* Changeable Values */
- break;
- }
- /* Transfer rate [kbit/s], 5Mbit/s */
- p[0] = 5000 >> 8;
- p[1] = 5000 & 0xff;
- /* if a geometry hint is available, use it */
- p[2] = s->qdev.conf.heads & 0xff;
- p[3] = s->qdev.conf.secs & 0xff;
- p[4] = s->qdev.blocksize >> 8;
- p[6] = (s->qdev.conf.cyls >> 8) & 0xff;
- p[7] = s->qdev.conf.cyls & 0xff;
- /* Write precomp start cylinder, disabled */
- p[8] = (s->qdev.conf.cyls >> 8) & 0xff;
- p[9] = s->qdev.conf.cyls & 0xff;
- /* Reduced current start cylinder, disabled */
- p[10] = (s->qdev.conf.cyls >> 8) & 0xff;
- p[11] = s->qdev.conf.cyls & 0xff;
- /* Device step rate [100us], 100us */
- p[12] = 0;
- p[13] = 1;
- /* Device step pulse width [us], 1us */
- p[14] = 1;
- /* Device head settle delay [100us], 100us */
- p[15] = 0;
- p[16] = 1;
- /* Motor on delay [0.1s], 0.1s */
- p[17] = 1;
- /* Motor off delay [0.1s], 0.1s */
- p[18] = 1;
- /* Medium rotation rate [rpm], 5400 rpm */
- p[26] = (5400 >> 8) & 0xff;
- p[27] = 5400 & 0xff;
- break;
-
- case MODE_PAGE_CACHING:
- length = 0x12;
- if (page_control == 1 || /* Changeable Values */
- bdrv_enable_write_cache(s->qdev.conf.bs)) {
- p[0] = 4; /* WCE */
- }
- break;
-
- case MODE_PAGE_R_W_ERROR:
- length = 10;
- if (page_control == 1) { /* Changeable Values */
- break;
- }
- p[0] = 0x80; /* Automatic Write Reallocation Enabled */
- if (s->qdev.type == TYPE_ROM) {
- p[1] = 0x20; /* Read Retry Count */
- }
- break;
-
- case MODE_PAGE_AUDIO_CTL:
- length = 14;
- break;
-
- case MODE_PAGE_CAPABILITIES:
- length = 0x14;
- if (page_control == 1) { /* Changeable Values */
- break;
- }
-
- p[0] = 0x3b; /* CD-R & CD-RW read */
- p[1] = 0; /* Writing not supported */
- p[2] = 0x7f; /* Audio, composite, digital out,
- mode 2 form 1&2, multi session */
- p[3] = 0xff; /* CD DA, DA accurate, RW supported,
- RW corrected, C2 errors, ISRC,
- UPC, Bar code */
- p[4] = 0x2d | (s->tray_locked ? 2 : 0);
- /* Locking supported, jumper present, eject, tray */
- p[5] = 0; /* no volume & mute control, no
- changer */
- p[6] = (50 * 176) >> 8; /* 50x read speed */
- p[7] = (50 * 176) & 0xff;
- p[8] = 2 >> 8; /* Two volume levels */
- p[9] = 2 & 0xff;
- p[10] = 2048 >> 8; /* 2M buffer */
- p[11] = 2048 & 0xff;
- p[12] = (16 * 176) >> 8; /* 16x read speed current */
- p[13] = (16 * 176) & 0xff;
- p[16] = (16 * 176) >> 8; /* 16x write speed */
- p[17] = (16 * 176) & 0xff;
- p[18] = (16 * 176) >> 8; /* 16x write speed current */
- p[19] = (16 * 176) & 0xff;
- break;
-
- default:
- return -1;
- }
-
- assert(length < 256);
- (*p_outbuf)[0] = page;
- (*p_outbuf)[1] = length;
- *p_outbuf += length + 2;
- return length + 2;
-}
-
-static int scsi_disk_emulate_mode_sense(SCSIDiskReq *r, uint8_t *outbuf)
-{
- SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
- uint64_t nb_sectors;
- bool dbd;
- int page, buflen, ret, page_control;
- uint8_t *p;
- uint8_t dev_specific_param;
-
- dbd = (r->req.cmd.buf[1] & 0x8) != 0;
- page = r->req.cmd.buf[2] & 0x3f;
- page_control = (r->req.cmd.buf[2] & 0xc0) >> 6;
- DPRINTF("Mode Sense(%d) (page %d, xfer %zd, page_control %d)\n",
- (r->req.cmd.buf[0] == MODE_SENSE) ? 6 : 10, page, r->req.cmd.xfer, page_control);
- memset(outbuf, 0, r->req.cmd.xfer);
- p = outbuf;
-
- if (s->qdev.type == TYPE_DISK) {
- dev_specific_param = s->features & (1 << SCSI_DISK_F_DPOFUA) ? 0x10 : 0;
- if (bdrv_is_read_only(s->qdev.conf.bs)) {
- dev_specific_param |= 0x80; /* Readonly. */
- }
- } else {
- /* MMC prescribes that CD/DVD drives have no block descriptors,
- * and defines no device-specific parameter. */
- dev_specific_param = 0x00;
- dbd = true;
- }
-
- if (r->req.cmd.buf[0] == MODE_SENSE) {
- p[1] = 0; /* Default media type. */
- p[2] = dev_specific_param;
- p[3] = 0; /* Block descriptor length. */
- p += 4;
- } else { /* MODE_SENSE_10 */
- p[2] = 0; /* Default media type. */
- p[3] = dev_specific_param;
- p[6] = p[7] = 0; /* Block descriptor length. */
- p += 8;
- }
-
- bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
- if (!dbd && nb_sectors) {
- if (r->req.cmd.buf[0] == MODE_SENSE) {
- outbuf[3] = 8; /* Block descriptor length */
- } else { /* MODE_SENSE_10 */
- outbuf[7] = 8; /* Block descriptor length */
- }
- nb_sectors /= (s->qdev.blocksize / 512);
- if (nb_sectors > 0xffffff) {
- nb_sectors = 0;
- }
- p[0] = 0; /* media density code */
- p[1] = (nb_sectors >> 16) & 0xff;
- p[2] = (nb_sectors >> 8) & 0xff;
- p[3] = nb_sectors & 0xff;
- p[4] = 0; /* reserved */
- p[5] = 0; /* bytes 5-7 are the sector size in bytes */
- p[6] = s->qdev.blocksize >> 8;
- p[7] = 0;
- p += 8;
- }
-
- if (page_control == 3) {
- /* Saved Values */
- scsi_check_condition(r, SENSE_CODE(SAVING_PARAMS_NOT_SUPPORTED));
- return -1;
- }
-
- if (page == 0x3f) {
- for (page = 0; page <= 0x3e; page++) {
- mode_sense_page(s, page, &p, page_control);
- }
- } else {
- ret = mode_sense_page(s, page, &p, page_control);
- if (ret == -1) {
- return -1;
- }
- }
-
- buflen = p - outbuf;
- /*
- * The mode data length field specifies the length in bytes of the
- * following data that is available to be transferred. The mode data
- * length does not include itself.
- */
- if (r->req.cmd.buf[0] == MODE_SENSE) {
- outbuf[0] = buflen - 1;
- } else { /* MODE_SENSE_10 */
- outbuf[0] = ((buflen - 2) >> 8) & 0xff;
- outbuf[1] = (buflen - 2) & 0xff;
- }
- return buflen;
-}
-
-static int scsi_disk_emulate_read_toc(SCSIRequest *req, uint8_t *outbuf)
-{
- SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
- int start_track, format, msf, toclen;
- uint64_t nb_sectors;
-
- msf = req->cmd.buf[1] & 2;
- format = req->cmd.buf[2] & 0xf;
- start_track = req->cmd.buf[6];
- bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
- DPRINTF("Read TOC (track %d format %d msf %d)\n", start_track, format, msf >> 1);
- nb_sectors /= s->qdev.blocksize / 512;
- switch (format) {
- case 0:
- toclen = cdrom_read_toc(nb_sectors, outbuf, msf, start_track);
- break;
- case 1:
- /* multi session : only a single session defined */
- toclen = 12;
- memset(outbuf, 0, 12);
- outbuf[1] = 0x0a;
- outbuf[2] = 0x01;
- outbuf[3] = 0x01;
- break;
- case 2:
- toclen = cdrom_read_toc_raw(nb_sectors, outbuf, msf, start_track);
- break;
- default:
- return -1;
- }
- return toclen;
-}
-
-static int scsi_disk_emulate_start_stop(SCSIDiskReq *r)
-{
- SCSIRequest *req = &r->req;
- SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
- bool start = req->cmd.buf[4] & 1;
- bool loej = req->cmd.buf[4] & 2; /* load on start, eject on !start */
- int pwrcnd = req->cmd.buf[4] & 0xf0;
-
- if (pwrcnd) {
- /* eject/load only happens for power condition == 0 */
- return 0;
- }
-
- if ((s->features & (1 << SCSI_DISK_F_REMOVABLE)) && loej) {
- if (!start && !s->tray_open && s->tray_locked) {
- scsi_check_condition(r,
- bdrv_is_inserted(s->qdev.conf.bs)
- ? SENSE_CODE(ILLEGAL_REQ_REMOVAL_PREVENTED)
- : SENSE_CODE(NOT_READY_REMOVAL_PREVENTED));
- return -1;
- }
-
- if (s->tray_open != !start) {
- bdrv_eject(s->qdev.conf.bs, !start);
- s->tray_open = !start;
- }
- }
- return 0;
-}
-
-static void scsi_disk_emulate_read_data(SCSIRequest *req)
-{
- SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
- int buflen = r->iov.iov_len;
-
- if (buflen) {
- DPRINTF("Read buf_len=%d\n", buflen);
- r->iov.iov_len = 0;
- r->started = true;
- scsi_req_data(&r->req, buflen);
- return;
- }
-
- /* This also clears the sense buffer for REQUEST SENSE. */
- scsi_req_complete(&r->req, GOOD);
-}
-
-static int scsi_disk_check_mode_select(SCSIDiskState *s, int page,
- uint8_t *inbuf, int inlen)
-{
- uint8_t mode_current[SCSI_MAX_MODE_LEN];
- uint8_t mode_changeable[SCSI_MAX_MODE_LEN];
- uint8_t *p;
- int len, expected_len, changeable_len, i;
-
- /* The input buffer does not include the page header, so it is
- * off by 2 bytes.
- */
- expected_len = inlen + 2;
- if (expected_len > SCSI_MAX_MODE_LEN) {
- return -1;
- }
-
- p = mode_current;
- memset(mode_current, 0, inlen + 2);
- len = mode_sense_page(s, page, &p, 0);
- if (len < 0 || len != expected_len) {
- return -1;
- }
-
- p = mode_changeable;
- memset(mode_changeable, 0, inlen + 2);
- changeable_len = mode_sense_page(s, page, &p, 1);
- assert(changeable_len == len);
-
- /* Check that unchangeable bits are the same as what MODE SENSE
- * would return.
- */
- for (i = 2; i < len; i++) {
- if (((mode_current[i] ^ inbuf[i - 2]) & ~mode_changeable[i]) != 0) {
- return -1;
- }
- }
- return 0;
-}
-
-static void scsi_disk_apply_mode_select(SCSIDiskState *s, int page, uint8_t *p)
-{
- switch (page) {
- case MODE_PAGE_CACHING:
- bdrv_set_enable_write_cache(s->qdev.conf.bs, (p[0] & 4) != 0);
- break;
-
- default:
- break;
- }
-}
-
-static int mode_select_pages(SCSIDiskReq *r, uint8_t *p, int len, bool change)
-{
- SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
-
- while (len > 0) {
- int page, subpage, page_len;
-
- /* Parse both possible formats for the mode page headers. */
- page = p[0] & 0x3f;
- if (p[0] & 0x40) {
- if (len < 4) {
- goto invalid_param_len;
- }
- subpage = p[1];
- page_len = lduw_be_p(&p[2]);
- p += 4;
- len -= 4;
- } else {
- if (len < 2) {
- goto invalid_param_len;
- }
- subpage = 0;
- page_len = p[1];
- p += 2;
- len -= 2;
- }
-
- if (subpage) {
- goto invalid_param;
- }
- if (page_len > len) {
- goto invalid_param_len;
- }
-
- if (!change) {
- if (scsi_disk_check_mode_select(s, page, p, page_len) < 0) {
- goto invalid_param;
- }
- } else {
- scsi_disk_apply_mode_select(s, page, p);
- }
-
- p += page_len;
- len -= page_len;
- }
- return 0;
-
-invalid_param:
- scsi_check_condition(r, SENSE_CODE(INVALID_PARAM));
- return -1;
-
-invalid_param_len:
- scsi_check_condition(r, SENSE_CODE(INVALID_PARAM_LEN));
- return -1;
-}
-
-static void scsi_disk_emulate_mode_select(SCSIDiskReq *r, uint8_t *inbuf)
-{
- SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
- uint8_t *p = inbuf;
- int cmd = r->req.cmd.buf[0];
- int len = r->req.cmd.xfer;
- int hdr_len = (cmd == MODE_SELECT ? 4 : 8);
- int bd_len;
- int pass;
-
- /* We only support PF=1, SP=0. */
- if ((r->req.cmd.buf[1] & 0x11) != 0x10) {
- goto invalid_field;
- }
-
- if (len < hdr_len) {
- goto invalid_param_len;
- }
-
- bd_len = (cmd == MODE_SELECT ? p[3] : lduw_be_p(&p[6]));
- len -= hdr_len;
- p += hdr_len;
- if (len < bd_len) {
- goto invalid_param_len;
- }
- if (bd_len != 0 && bd_len != 8) {
- goto invalid_param;
- }
-
- len -= bd_len;
- p += bd_len;
-
- /* Ensure no change is made if there is an error! */
- for (pass = 0; pass < 2; pass++) {
- if (mode_select_pages(r, p, len, pass == 1) < 0) {
- assert(pass == 0);
- return;
- }
- }
- if (!bdrv_enable_write_cache(s->qdev.conf.bs)) {
- /* The request is used as the AIO opaque value, so add a ref. */
- scsi_req_ref(&r->req);
- bdrv_acct_start(s->qdev.conf.bs, &r->acct, 0, BDRV_ACCT_FLUSH);
- r->req.aiocb = bdrv_aio_flush(s->qdev.conf.bs, scsi_aio_complete, r);
- return;
- }
-
- scsi_req_complete(&r->req, GOOD);
- return;
-
-invalid_param:
- scsi_check_condition(r, SENSE_CODE(INVALID_PARAM));
- return;
-
-invalid_param_len:
- scsi_check_condition(r, SENSE_CODE(INVALID_PARAM_LEN));
- return;
-
-invalid_field:
- scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
-}
-
-static inline bool check_lba_range(SCSIDiskState *s,
- uint64_t sector_num, uint32_t nb_sectors)
-{
- /*
- * The first line tests that no overflow happens when computing the last
- * sector. The second line tests that the last accessed sector is in
- * range.
- *
- * Careful, the computations should not underflow for nb_sectors == 0,
- * and a 0-block read to the first LBA beyond the end of device is
- * valid.
- */
- return (sector_num <= sector_num + nb_sectors &&
- sector_num + nb_sectors <= s->qdev.max_lba + 1);
-}
-
-typedef struct UnmapCBData {
- SCSIDiskReq *r;
- uint8_t *inbuf;
- int count;
-} UnmapCBData;
-
-static void scsi_unmap_complete(void *opaque, int ret)
-{
- UnmapCBData *data = opaque;
- SCSIDiskReq *r = data->r;
- SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
- uint64_t sector_num;
- uint32_t nb_sectors;
-
- r->req.aiocb = NULL;
- if (ret < 0) {
- if (scsi_handle_rw_error(r, -ret)) {
- goto done;
- }
- }
-
- if (data->count > 0 && !r->req.io_canceled) {
- sector_num = ldq_be_p(&data->inbuf[0]);
- nb_sectors = ldl_be_p(&data->inbuf[8]) & 0xffffffffULL;
- if (!check_lba_range(s, sector_num, nb_sectors)) {
- scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE));
- goto done;
- }
-
- r->req.aiocb = bdrv_aio_discard(s->qdev.conf.bs,
- sector_num * (s->qdev.blocksize / 512),
- nb_sectors * (s->qdev.blocksize / 512),
- scsi_unmap_complete, data);
- data->count--;
- data->inbuf += 16;
- return;
- }
-
-done:
- if (data->count == 0) {
- scsi_req_complete(&r->req, GOOD);
- }
- if (!r->req.io_canceled) {
- scsi_req_unref(&r->req);
- }
- g_free(data);
-}
-
-static void scsi_disk_emulate_unmap(SCSIDiskReq *r, uint8_t *inbuf)
-{
- uint8_t *p = inbuf;
- int len = r->req.cmd.xfer;
- UnmapCBData *data;
-
- if (len < 8) {
- goto invalid_param_len;
- }
- if (len < lduw_be_p(&p[0]) + 2) {
- goto invalid_param_len;
- }
- if (len < lduw_be_p(&p[2]) + 8) {
- goto invalid_param_len;
- }
- if (lduw_be_p(&p[2]) & 15) {
- goto invalid_param_len;
- }
-
- data = g_new0(UnmapCBData, 1);
- data->r = r;
- data->inbuf = &p[8];
- data->count = lduw_be_p(&p[2]) >> 4;
-
- /* The matching unref is in scsi_unmap_complete, before data is freed. */
- scsi_req_ref(&r->req);
- scsi_unmap_complete(data, 0);
- return;
-
-invalid_param_len:
- scsi_check_condition(r, SENSE_CODE(INVALID_PARAM_LEN));
-}
-
-static void scsi_disk_emulate_write_data(SCSIRequest *req)
-{
- SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
-
- if (r->iov.iov_len) {
- int buflen = r->iov.iov_len;
- DPRINTF("Write buf_len=%d\n", buflen);
- r->iov.iov_len = 0;
- scsi_req_data(&r->req, buflen);
- return;
- }
-
- switch (req->cmd.buf[0]) {
- case MODE_SELECT:
- case MODE_SELECT_10:
- /* This also clears the sense buffer for REQUEST SENSE. */
- scsi_disk_emulate_mode_select(r, r->iov.iov_base);
- break;
-
- case UNMAP:
- scsi_disk_emulate_unmap(r, r->iov.iov_base);
- break;
-
- default:
- abort();
- }
-}
-
-static int32_t scsi_disk_emulate_command(SCSIRequest *req, uint8_t *buf)
-{
- SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
- SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
- uint64_t nb_sectors;
- uint8_t *outbuf;
- int buflen;
-
- switch (req->cmd.buf[0]) {
- case INQUIRY:
- case MODE_SENSE:
- case MODE_SENSE_10:
- case RESERVE:
- case RESERVE_10:
- case RELEASE:
- case RELEASE_10:
- case START_STOP:
- case ALLOW_MEDIUM_REMOVAL:
- case GET_CONFIGURATION:
- case GET_EVENT_STATUS_NOTIFICATION:
- case MECHANISM_STATUS:
- case REQUEST_SENSE:
- break;
-
- default:
- if (s->tray_open || !bdrv_is_inserted(s->qdev.conf.bs)) {
- scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
- return 0;
- }
- break;
- }
-
- /*
- * FIXME: we shouldn't return anything bigger than 4k, but the code
- * requires the buffer to be as big as req->cmd.xfer in several
- * places. So, do not allow CDBs with a very large ALLOCATION
- * LENGTH. The real fix would be to modify scsi_read_data and
- * dma_buf_read, so that they return data beyond the buflen
- * as all zeros.
- */
- if (req->cmd.xfer > 65536) {
- goto illegal_request;
- }
- r->buflen = MAX(4096, req->cmd.xfer);
-
- if (!r->iov.iov_base) {
- r->iov.iov_base = qemu_blockalign(s->qdev.conf.bs, r->buflen);
- }
-
- buflen = req->cmd.xfer;
- outbuf = r->iov.iov_base;
- memset(outbuf, 0, r->buflen);
- switch (req->cmd.buf[0]) {
- case TEST_UNIT_READY:
- assert(!s->tray_open && bdrv_is_inserted(s->qdev.conf.bs));
- break;
- case INQUIRY:
- buflen = scsi_disk_emulate_inquiry(req, outbuf);
- if (buflen < 0) {
- goto illegal_request;
- }
- break;
- case MODE_SENSE:
- case MODE_SENSE_10:
- buflen = scsi_disk_emulate_mode_sense(r, outbuf);
- if (buflen < 0) {
- goto illegal_request;
- }
- break;
- case READ_TOC:
- buflen = scsi_disk_emulate_read_toc(req, outbuf);
- if (buflen < 0) {
- goto illegal_request;
- }
- break;
- case RESERVE:
- if (req->cmd.buf[1] & 1) {
- goto illegal_request;
- }
- break;
- case RESERVE_10:
- if (req->cmd.buf[1] & 3) {
- goto illegal_request;
- }
- break;
- case RELEASE:
- if (req->cmd.buf[1] & 1) {
- goto illegal_request;
- }
- break;
- case RELEASE_10:
- if (req->cmd.buf[1] & 3) {
- goto illegal_request;
- }
- break;
- case START_STOP:
- if (scsi_disk_emulate_start_stop(r) < 0) {
- return 0;
- }
- break;
- case ALLOW_MEDIUM_REMOVAL:
- s->tray_locked = req->cmd.buf[4] & 1;
- bdrv_lock_medium(s->qdev.conf.bs, req->cmd.buf[4] & 1);
- break;
- case READ_CAPACITY_10:
- /* The normal LEN field for this command is zero. */
- memset(outbuf, 0, 8);
- bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
- if (!nb_sectors) {
- scsi_check_condition(r, SENSE_CODE(LUN_NOT_READY));
- return -1;
- }
- if ((req->cmd.buf[8] & 1) == 0 && req->cmd.lba) {
- goto illegal_request;
- }
- nb_sectors /= s->qdev.blocksize / 512;
- /* Returned value is the address of the last sector. */
- nb_sectors--;
- /* Remember the new size for read/write sanity checking. */
- s->qdev.max_lba = nb_sectors;
- /* Clip to 2TB, instead of returning capacity modulo 2TB. */
- if (nb_sectors > UINT32_MAX) {
- nb_sectors = UINT32_MAX;
- }
- outbuf[0] = (nb_sectors >> 24) & 0xff;
- outbuf[1] = (nb_sectors >> 16) & 0xff;
- outbuf[2] = (nb_sectors >> 8) & 0xff;
- outbuf[3] = nb_sectors & 0xff;
- outbuf[4] = 0;
- outbuf[5] = 0;
- outbuf[6] = s->qdev.blocksize >> 8;
- outbuf[7] = 0;
- break;
- case REQUEST_SENSE:
- /* Just return "NO SENSE". */
- buflen = scsi_build_sense(NULL, 0, outbuf, r->buflen,
- (req->cmd.buf[1] & 1) == 0);
- if (buflen < 0) {
- goto illegal_request;
- }
- break;
- case MECHANISM_STATUS:
- buflen = scsi_emulate_mechanism_status(s, outbuf);
- if (buflen < 0) {
- goto illegal_request;
- }
- break;
- case GET_CONFIGURATION:
- buflen = scsi_get_configuration(s, outbuf);
- if (buflen < 0) {
- goto illegal_request;
- }
- break;
- case GET_EVENT_STATUS_NOTIFICATION:
- buflen = scsi_get_event_status_notification(s, r, outbuf);
- if (buflen < 0) {
- goto illegal_request;
- }
- break;
- case READ_DISC_INFORMATION:
- buflen = scsi_read_disc_information(s, r, outbuf);
- if (buflen < 0) {
- goto illegal_request;
- }
- break;
- case READ_DVD_STRUCTURE:
- buflen = scsi_read_dvd_structure(s, r, outbuf);
- if (buflen < 0) {
- goto illegal_request;
- }
- break;
- case SERVICE_ACTION_IN_16:
- /* Service Action In subcommands. */
- if ((req->cmd.buf[1] & 31) == SAI_READ_CAPACITY_16) {
- DPRINTF("SAI READ CAPACITY(16)\n");
- memset(outbuf, 0, req->cmd.xfer);
- bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
- if (!nb_sectors) {
- scsi_check_condition(r, SENSE_CODE(LUN_NOT_READY));
- return -1;
- }
- if ((req->cmd.buf[14] & 1) == 0 && req->cmd.lba) {
- goto illegal_request;
- }
- nb_sectors /= s->qdev.blocksize / 512;
- /* Returned value is the address of the last sector. */
- nb_sectors--;
- /* Remember the new size for read/write sanity checking. */
- s->qdev.max_lba = nb_sectors;
- outbuf[0] = (nb_sectors >> 56) & 0xff;
- outbuf[1] = (nb_sectors >> 48) & 0xff;
- outbuf[2] = (nb_sectors >> 40) & 0xff;
- outbuf[3] = (nb_sectors >> 32) & 0xff;
- outbuf[4] = (nb_sectors >> 24) & 0xff;
- outbuf[5] = (nb_sectors >> 16) & 0xff;
- outbuf[6] = (nb_sectors >> 8) & 0xff;
- outbuf[7] = nb_sectors & 0xff;
- outbuf[8] = 0;
- outbuf[9] = 0;
- outbuf[10] = s->qdev.blocksize >> 8;
- outbuf[11] = 0;
- outbuf[12] = 0;
- outbuf[13] = get_physical_block_exp(&s->qdev.conf);
-
- /* set TPE bit if the format supports discard */
- if (s->qdev.conf.discard_granularity) {
- outbuf[14] = 0x80;
- }
-
- /* Protection, exponent and lowest lba field left blank. */
- break;
- }
- DPRINTF("Unsupported Service Action In\n");
- goto illegal_request;
- case SYNCHRONIZE_CACHE:
- /* The request is used as the AIO opaque value, so add a ref. */
- scsi_req_ref(&r->req);
- bdrv_acct_start(s->qdev.conf.bs, &r->acct, 0, BDRV_ACCT_FLUSH);
- r->req.aiocb = bdrv_aio_flush(s->qdev.conf.bs, scsi_aio_complete, r);
- return 0;
- case SEEK_10:
- DPRINTF("Seek(10) (sector %" PRId64 ")\n", r->req.cmd.lba);
- if (r->req.cmd.lba > s->qdev.max_lba) {
- goto illegal_lba;
- }
- break;
- case MODE_SELECT:
- DPRINTF("Mode Select(6) (len %lu)\n", (long)r->req.cmd.xfer);
- break;
- case MODE_SELECT_10:
- DPRINTF("Mode Select(10) (len %lu)\n", (long)r->req.cmd.xfer);
- break;
- case UNMAP:
- DPRINTF("Unmap (len %lu)\n", (long)r->req.cmd.xfer);
- break;
- case WRITE_SAME_10:
- case WRITE_SAME_16:
- nb_sectors = scsi_data_cdb_length(r->req.cmd.buf);
- if (bdrv_is_read_only(s->qdev.conf.bs)) {
- scsi_check_condition(r, SENSE_CODE(WRITE_PROTECTED));
- return 0;
- }
- if (!check_lba_range(s, r->req.cmd.lba, nb_sectors)) {
- goto illegal_lba;
- }
-
- /*
- * We only support WRITE SAME with the unmap bit set for now.
- */
- if (!(req->cmd.buf[1] & 0x8)) {
- goto illegal_request;
- }
-
- /* The request is used as the AIO opaque value, so add a ref. */
- scsi_req_ref(&r->req);
- r->req.aiocb = bdrv_aio_discard(s->qdev.conf.bs,
- r->req.cmd.lba * (s->qdev.blocksize / 512),
- nb_sectors * (s->qdev.blocksize / 512),
- scsi_aio_complete, r);
- return 0;
- default:
- DPRINTF("Unknown SCSI command (%2.2x)\n", buf[0]);
- scsi_check_condition(r, SENSE_CODE(INVALID_OPCODE));
- return 0;
- }
- assert(!r->req.aiocb);
- r->iov.iov_len = MIN(r->buflen, req->cmd.xfer);
- if (r->iov.iov_len == 0) {
- scsi_req_complete(&r->req, GOOD);
- }
- if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
- assert(r->iov.iov_len == req->cmd.xfer);
- return -r->iov.iov_len;
- } else {
- return r->iov.iov_len;
- }
-
-illegal_request:
- if (r->req.status == -1) {
- scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
- }
- return 0;
-
-illegal_lba:
- scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE));
- return 0;
-}
-
-/* Execute a scsi command. Returns the length of the data expected by the
- command. This will be Positive for data transfers from the device
- (eg. disk reads), negative for transfers to the device (eg. disk writes),
- and zero if the command does not transfer any data. */
-
-static int32_t scsi_disk_dma_command(SCSIRequest *req, uint8_t *buf)
-{
- SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
- SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
- uint32_t len;
- uint8_t command;
-
- command = buf[0];
-
- if (s->tray_open || !bdrv_is_inserted(s->qdev.conf.bs)) {
- scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
- return 0;
- }
-
- len = scsi_data_cdb_length(r->req.cmd.buf);
- switch (command) {
- case READ_6:
- case READ_10:
- case READ_12:
- case READ_16:
- DPRINTF("Read (sector %" PRId64 ", count %u)\n", r->req.cmd.lba, len);
- if (r->req.cmd.buf[1] & 0xe0) {
- goto illegal_request;
- }
- if (!check_lba_range(s, r->req.cmd.lba, len)) {
- goto illegal_lba;
- }
- r->sector = r->req.cmd.lba * (s->qdev.blocksize / 512);
- r->sector_count = len * (s->qdev.blocksize / 512);
- break;
- case WRITE_6:
- case WRITE_10:
- case WRITE_12:
- case WRITE_16:
- case WRITE_VERIFY_10:
- case WRITE_VERIFY_12:
- case WRITE_VERIFY_16:
- if (bdrv_is_read_only(s->qdev.conf.bs)) {
- scsi_check_condition(r, SENSE_CODE(WRITE_PROTECTED));
- return 0;
- }
- /* fallthrough */
- case VERIFY_10:
- case VERIFY_12:
- case VERIFY_16:
- DPRINTF("Write %s(sector %" PRId64 ", count %u)\n",
- (command & 0xe) == 0xe ? "And Verify " : "",
- r->req.cmd.lba, len);
- if (r->req.cmd.buf[1] & 0xe0) {
- goto illegal_request;
- }
- if (!check_lba_range(s, r->req.cmd.lba, len)) {
- goto illegal_lba;
- }
- r->sector = r->req.cmd.lba * (s->qdev.blocksize / 512);
- r->sector_count = len * (s->qdev.blocksize / 512);
- break;
- default:
- abort();
- illegal_request:
- scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
- return 0;
- illegal_lba:
- scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE));
- return 0;
- }
- if (r->sector_count == 0) {
- scsi_req_complete(&r->req, GOOD);
- }
- assert(r->iov.iov_len == 0);
- if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
- return -r->sector_count * 512;
- } else {
- return r->sector_count * 512;
- }
-}
-
-static void scsi_disk_reset(DeviceState *dev)
-{
- SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev.qdev, dev);
- uint64_t nb_sectors;
-
- scsi_device_purge_requests(&s->qdev, SENSE_CODE(RESET));
-
- bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
- nb_sectors /= s->qdev.blocksize / 512;
- if (nb_sectors) {
- nb_sectors--;
- }
- s->qdev.max_lba = nb_sectors;
-}
-
-static void scsi_destroy(SCSIDevice *dev)
-{
- SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
-
- scsi_device_purge_requests(&s->qdev, SENSE_CODE(NO_SENSE));
- blockdev_mark_auto_del(s->qdev.conf.bs);
-}
-
-static void scsi_disk_resize_cb(void *opaque)
-{
- SCSIDiskState *s = opaque;
-
- /* SPC lists this sense code as available only for
- * direct-access devices.
- */
- if (s->qdev.type == TYPE_DISK) {
- scsi_device_report_change(&s->qdev, SENSE_CODE(CAPACITY_CHANGED));
- }
-}
-
-static void scsi_cd_change_media_cb(void *opaque, bool load)
-{
- SCSIDiskState *s = opaque;
-
- /*
- * When a CD gets changed, we have to report an ejected state and
- * then a loaded state to guests so that they detect tray
- * open/close and media change events. Guests that do not use
- * GET_EVENT_STATUS_NOTIFICATION to detect such tray open/close
- * states rely on this behavior.
- *
- * media_changed governs the state machine used for unit attention
- * report. media_event is used by GET EVENT STATUS NOTIFICATION.
- */
- s->media_changed = load;
- s->tray_open = !load;
- scsi_device_set_ua(&s->qdev, SENSE_CODE(UNIT_ATTENTION_NO_MEDIUM));
- s->media_event = true;
- s->eject_request = false;
-}
-
-static void scsi_cd_eject_request_cb(void *opaque, bool force)
-{
- SCSIDiskState *s = opaque;
-
- s->eject_request = true;
- if (force) {
- s->tray_locked = false;
- }
-}
-
-static bool scsi_cd_is_tray_open(void *opaque)
-{
- return ((SCSIDiskState *)opaque)->tray_open;
-}
-
-static bool scsi_cd_is_medium_locked(void *opaque)
-{
- return ((SCSIDiskState *)opaque)->tray_locked;
-}
-
-static const BlockDevOps scsi_disk_removable_block_ops = {
- .change_media_cb = scsi_cd_change_media_cb,
- .eject_request_cb = scsi_cd_eject_request_cb,
- .is_tray_open = scsi_cd_is_tray_open,
- .is_medium_locked = scsi_cd_is_medium_locked,
-
- .resize_cb = scsi_disk_resize_cb,
-};
-
-static const BlockDevOps scsi_disk_block_ops = {
- .resize_cb = scsi_disk_resize_cb,
-};
-
-static void scsi_disk_unit_attention_reported(SCSIDevice *dev)
-{
- SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
- if (s->media_changed) {
- s->media_changed = false;
- scsi_device_set_ua(&s->qdev, SENSE_CODE(MEDIUM_CHANGED));
- }
-}
-
-static int scsi_initfn(SCSIDevice *dev)
-{
- SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
-
- if (!s->qdev.conf.bs) {
- error_report("drive property not set");
- return -1;
- }
-
- if (!(s->features & (1 << SCSI_DISK_F_REMOVABLE)) &&
- !bdrv_is_inserted(s->qdev.conf.bs)) {
- error_report("Device needs media, but drive is empty");
- return -1;
- }
-
- blkconf_serial(&s->qdev.conf, &s->serial);
- if (dev->type == TYPE_DISK
- && blkconf_geometry(&dev->conf, NULL, 65535, 255, 255) < 0) {
- return -1;
- }
-
- if (!s->version) {
- s->version = g_strdup(qemu_get_version());
- }
- if (!s->vendor) {
- s->vendor = g_strdup("QEMU");
- }
-
- if (bdrv_is_sg(s->qdev.conf.bs)) {
- error_report("unwanted /dev/sg*");
- return -1;
- }
-
- if (s->features & (1 << SCSI_DISK_F_REMOVABLE)) {
- bdrv_set_dev_ops(s->qdev.conf.bs, &scsi_disk_removable_block_ops, s);
- } else {
- bdrv_set_dev_ops(s->qdev.conf.bs, &scsi_disk_block_ops, s);
- }
- bdrv_set_buffer_alignment(s->qdev.conf.bs, s->qdev.blocksize);
-
- bdrv_iostatus_enable(s->qdev.conf.bs);
- add_boot_device_path(s->qdev.conf.bootindex, &dev->qdev, NULL);
- return 0;
-}
-
-static int scsi_hd_initfn(SCSIDevice *dev)
-{
- SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
- s->qdev.blocksize = s->qdev.conf.logical_block_size;
- s->qdev.type = TYPE_DISK;
- if (!s->product) {
- s->product = g_strdup("QEMU HARDDISK");
- }
- return scsi_initfn(&s->qdev);
-}
-
-static int scsi_cd_initfn(SCSIDevice *dev)
-{
- SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
- s->qdev.blocksize = 2048;
- s->qdev.type = TYPE_ROM;
- s->features |= 1 << SCSI_DISK_F_REMOVABLE;
- if (!s->product) {
- s->product = g_strdup("QEMU CD-ROM");
- }
- return scsi_initfn(&s->qdev);
-}
-
-static int scsi_disk_initfn(SCSIDevice *dev)
-{
- DriveInfo *dinfo;
-
- if (!dev->conf.bs) {
- return scsi_initfn(dev); /* ... and die there */
- }
-
- dinfo = drive_get_by_blockdev(dev->conf.bs);
- if (dinfo->media_cd) {
- return scsi_cd_initfn(dev);
- } else {
- return scsi_hd_initfn(dev);
- }
-}
-
-static const SCSIReqOps scsi_disk_emulate_reqops = {
- .size = sizeof(SCSIDiskReq),
- .free_req = scsi_free_request,
- .send_command = scsi_disk_emulate_command,
- .read_data = scsi_disk_emulate_read_data,
- .write_data = scsi_disk_emulate_write_data,
- .get_buf = scsi_get_buf,
-};
-
-static const SCSIReqOps scsi_disk_dma_reqops = {
- .size = sizeof(SCSIDiskReq),
- .free_req = scsi_free_request,
- .send_command = scsi_disk_dma_command,
- .read_data = scsi_read_data,
- .write_data = scsi_write_data,
- .cancel_io = scsi_cancel_io,
- .get_buf = scsi_get_buf,
- .load_request = scsi_disk_load_request,
- .save_request = scsi_disk_save_request,
-};
-
-static const SCSIReqOps *const scsi_disk_reqops_dispatch[256] = {
- [TEST_UNIT_READY] = &scsi_disk_emulate_reqops,
- [INQUIRY] = &scsi_disk_emulate_reqops,
- [MODE_SENSE] = &scsi_disk_emulate_reqops,
- [MODE_SENSE_10] = &scsi_disk_emulate_reqops,
- [START_STOP] = &scsi_disk_emulate_reqops,
- [ALLOW_MEDIUM_REMOVAL] = &scsi_disk_emulate_reqops,
- [READ_CAPACITY_10] = &scsi_disk_emulate_reqops,
- [READ_TOC] = &scsi_disk_emulate_reqops,
- [READ_DVD_STRUCTURE] = &scsi_disk_emulate_reqops,
- [READ_DISC_INFORMATION] = &scsi_disk_emulate_reqops,
- [GET_CONFIGURATION] = &scsi_disk_emulate_reqops,
- [GET_EVENT_STATUS_NOTIFICATION] = &scsi_disk_emulate_reqops,
- [MECHANISM_STATUS] = &scsi_disk_emulate_reqops,
- [SERVICE_ACTION_IN_16] = &scsi_disk_emulate_reqops,
- [REQUEST_SENSE] = &scsi_disk_emulate_reqops,
- [SYNCHRONIZE_CACHE] = &scsi_disk_emulate_reqops,
- [SEEK_10] = &scsi_disk_emulate_reqops,
- [MODE_SELECT] = &scsi_disk_emulate_reqops,
- [MODE_SELECT_10] = &scsi_disk_emulate_reqops,
- [UNMAP] = &scsi_disk_emulate_reqops,
- [WRITE_SAME_10] = &scsi_disk_emulate_reqops,
- [WRITE_SAME_16] = &scsi_disk_emulate_reqops,
-
- [READ_6] = &scsi_disk_dma_reqops,
- [READ_10] = &scsi_disk_dma_reqops,
- [READ_12] = &scsi_disk_dma_reqops,
- [READ_16] = &scsi_disk_dma_reqops,
- [VERIFY_10] = &scsi_disk_dma_reqops,
- [VERIFY_12] = &scsi_disk_dma_reqops,
- [VERIFY_16] = &scsi_disk_dma_reqops,
- [WRITE_6] = &scsi_disk_dma_reqops,
- [WRITE_10] = &scsi_disk_dma_reqops,
- [WRITE_12] = &scsi_disk_dma_reqops,
- [WRITE_16] = &scsi_disk_dma_reqops,
- [WRITE_VERIFY_10] = &scsi_disk_dma_reqops,
- [WRITE_VERIFY_12] = &scsi_disk_dma_reqops,
- [WRITE_VERIFY_16] = &scsi_disk_dma_reqops,
-};
-
-static SCSIRequest *scsi_new_request(SCSIDevice *d, uint32_t tag, uint32_t lun,
- uint8_t *buf, void *hba_private)
-{
- SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
- SCSIRequest *req;
- const SCSIReqOps *ops;
- uint8_t command;
-
- command = buf[0];
- ops = scsi_disk_reqops_dispatch[command];
- if (!ops) {
- ops = &scsi_disk_emulate_reqops;
- }
- req = scsi_req_alloc(ops, &s->qdev, tag, lun, hba_private);
-
-#ifdef DEBUG_SCSI
- DPRINTF("Command: lun=%d tag=0x%x data=0x%02x", lun, tag, buf[0]);
- {
- int i;
- for (i = 1; i < req->cmd.len; i++) {
- printf(" 0x%02x", buf[i]);
- }
- printf("\n");
- }
-#endif
-
- return req;
-}
-
-#ifdef __linux__
-static int get_device_type(SCSIDiskState *s)
-{
- BlockDriverState *bdrv = s->qdev.conf.bs;
- uint8_t cmd[16];
- uint8_t buf[36];
- uint8_t sensebuf[8];
- sg_io_hdr_t io_header;
- int ret;
-
- memset(cmd, 0, sizeof(cmd));
- memset(buf, 0, sizeof(buf));
- cmd[0] = INQUIRY;
- cmd[4] = sizeof(buf);
-
- memset(&io_header, 0, sizeof(io_header));
- io_header.interface_id = 'S';
- io_header.dxfer_direction = SG_DXFER_FROM_DEV;
- io_header.dxfer_len = sizeof(buf);
- io_header.dxferp = buf;
- io_header.cmdp = cmd;
- io_header.cmd_len = sizeof(cmd);
- io_header.mx_sb_len = sizeof(sensebuf);
- io_header.sbp = sensebuf;
- io_header.timeout = 6000; /* XXX */
-
- ret = bdrv_ioctl(bdrv, SG_IO, &io_header);
- if (ret < 0 || io_header.driver_status || io_header.host_status) {
- return -1;
- }
- s->qdev.type = buf[0];
- if (buf[1] & 0x80) {
- s->features |= 1 << SCSI_DISK_F_REMOVABLE;
- }
- return 0;
-}
-
-static int scsi_block_initfn(SCSIDevice *dev)
-{
- SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
- int sg_version;
- int rc;
-
- if (!s->qdev.conf.bs) {
- error_report("scsi-block: drive property not set");
- return -1;
- }
-
- /* check we are using a driver managing SG_IO (version 3 and after) */
- if (bdrv_ioctl(s->qdev.conf.bs, SG_GET_VERSION_NUM, &sg_version) < 0 ||
- sg_version < 30000) {
- error_report("scsi-block: scsi generic interface too old");
- return -1;
- }
-
- /* get device type from INQUIRY data */
- rc = get_device_type(s);
- if (rc < 0) {
- error_report("scsi-block: INQUIRY failed");
- return -1;
- }
-
- /* Make a guess for the block size, we'll fix it when the guest sends.
- * READ CAPACITY. If they don't, they likely would assume these sizes
- * anyway. (TODO: check in /sys).
- */
- if (s->qdev.type == TYPE_ROM || s->qdev.type == TYPE_WORM) {
- s->qdev.blocksize = 2048;
- } else {
- s->qdev.blocksize = 512;
- }
- return scsi_initfn(&s->qdev);
-}
-
-static SCSIRequest *scsi_block_new_request(SCSIDevice *d, uint32_t tag,
- uint32_t lun, uint8_t *buf,
- void *hba_private)
-{
- SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
-
- switch (buf[0]) {
- case READ_6:
- case READ_10:
- case READ_12:
- case READ_16:
- case VERIFY_10:
- case VERIFY_12:
- case VERIFY_16:
- case WRITE_6:
- case WRITE_10:
- case WRITE_12:
- case WRITE_16:
- case WRITE_VERIFY_10:
- case WRITE_VERIFY_12:
- case WRITE_VERIFY_16:
- /* If we are not using O_DIRECT, we might read stale data from the
- * host cache if writes were made using other commands than these
- * ones (such as WRITE SAME or EXTENDED COPY, etc.). So, without
- * O_DIRECT everything must go through SG_IO.
- */
- if (bdrv_get_flags(s->qdev.conf.bs) & BDRV_O_NOCACHE) {
- break;
- }
-
- /* MMC writing cannot be done via pread/pwrite, because it sometimes
- * involves writing beyond the maximum LBA or to negative LBA (lead-in).
- * And once you do these writes, reading from the block device is
- * unreliable, too. It is even possible that reads deliver random data
- * from the host page cache (this is probably a Linux bug).
- *
- * We might use scsi_disk_dma_reqops as long as no writing commands are
- * seen, but performance usually isn't paramount on optical media. So,
- * just make scsi-block operate the same as scsi-generic for them.
- */
- if (s->qdev.type != TYPE_ROM) {
- return scsi_req_alloc(&scsi_disk_dma_reqops, &s->qdev, tag, lun,
- hba_private);
- }
- }
-
- return scsi_req_alloc(&scsi_generic_req_ops, &s->qdev, tag, lun,
- hba_private);
-}
-#endif
-
-#define DEFINE_SCSI_DISK_PROPERTIES() \
- DEFINE_BLOCK_PROPERTIES(SCSIDiskState, qdev.conf), \
- DEFINE_PROP_STRING("ver", SCSIDiskState, version), \
- DEFINE_PROP_STRING("serial", SCSIDiskState, serial), \
- DEFINE_PROP_STRING("vendor", SCSIDiskState, vendor), \
- DEFINE_PROP_STRING("product", SCSIDiskState, product)
-
-static Property scsi_hd_properties[] = {
- DEFINE_SCSI_DISK_PROPERTIES(),
- DEFINE_PROP_BIT("removable", SCSIDiskState, features,
- SCSI_DISK_F_REMOVABLE, false),
- DEFINE_PROP_BIT("dpofua", SCSIDiskState, features,
- SCSI_DISK_F_DPOFUA, false),
- DEFINE_PROP_HEX64("wwn", SCSIDiskState, wwn, 0),
- DEFINE_BLOCK_CHS_PROPERTIES(SCSIDiskState, qdev.conf),
- DEFINE_PROP_END_OF_LIST(),
-};
-
-static const VMStateDescription vmstate_scsi_disk_state = {
- .name = "scsi-disk",
- .version_id = 1,
- .minimum_version_id = 1,
- .minimum_version_id_old = 1,
- .fields = (VMStateField[]) {
- VMSTATE_SCSI_DEVICE(qdev, SCSIDiskState),
- VMSTATE_BOOL(media_changed, SCSIDiskState),
- VMSTATE_BOOL(media_event, SCSIDiskState),
- VMSTATE_BOOL(eject_request, SCSIDiskState),
- VMSTATE_BOOL(tray_open, SCSIDiskState),
- VMSTATE_BOOL(tray_locked, SCSIDiskState),
- VMSTATE_END_OF_LIST()
- }
-};
-
-static void scsi_hd_class_initfn(ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS(klass);
- SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
-
- sc->init = scsi_hd_initfn;
- sc->destroy = scsi_destroy;
- sc->alloc_req = scsi_new_request;
- sc->unit_attention_reported = scsi_disk_unit_attention_reported;
- dc->fw_name = "disk";
- dc->desc = "virtual SCSI disk";
- dc->reset = scsi_disk_reset;
- dc->props = scsi_hd_properties;
- dc->vmsd = &vmstate_scsi_disk_state;
-}
-
-static TypeInfo scsi_hd_info = {
- .name = "scsi-hd",
- .parent = TYPE_SCSI_DEVICE,
- .instance_size = sizeof(SCSIDiskState),
- .class_init = scsi_hd_class_initfn,
-};
-
-static Property scsi_cd_properties[] = {
- DEFINE_SCSI_DISK_PROPERTIES(),
- DEFINE_PROP_HEX64("wwn", SCSIDiskState, wwn, 0),
- DEFINE_PROP_END_OF_LIST(),
-};
-
-static void scsi_cd_class_initfn(ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS(klass);
- SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
-
- sc->init = scsi_cd_initfn;
- sc->destroy = scsi_destroy;
- sc->alloc_req = scsi_new_request;
- sc->unit_attention_reported = scsi_disk_unit_attention_reported;
- dc->fw_name = "disk";
- dc->desc = "virtual SCSI CD-ROM";
- dc->reset = scsi_disk_reset;
- dc->props = scsi_cd_properties;
- dc->vmsd = &vmstate_scsi_disk_state;
-}
-
-static TypeInfo scsi_cd_info = {
- .name = "scsi-cd",
- .parent = TYPE_SCSI_DEVICE,
- .instance_size = sizeof(SCSIDiskState),
- .class_init = scsi_cd_class_initfn,
-};
-
-#ifdef __linux__
-static Property scsi_block_properties[] = {
- DEFINE_PROP_DRIVE("drive", SCSIDiskState, qdev.conf.bs),
- DEFINE_PROP_INT32("bootindex", SCSIDiskState, qdev.conf.bootindex, -1),
- DEFINE_PROP_END_OF_LIST(),
-};
-
-static void scsi_block_class_initfn(ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS(klass);
- SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
-
- sc->init = scsi_block_initfn;
- sc->destroy = scsi_destroy;
- sc->alloc_req = scsi_block_new_request;
- dc->fw_name = "disk";
- dc->desc = "SCSI block device passthrough";
- dc->reset = scsi_disk_reset;
- dc->props = scsi_block_properties;
- dc->vmsd = &vmstate_scsi_disk_state;
-}
-
-static TypeInfo scsi_block_info = {
- .name = "scsi-block",
- .parent = TYPE_SCSI_DEVICE,
- .instance_size = sizeof(SCSIDiskState),
- .class_init = scsi_block_class_initfn,
-};
-#endif
-
-static Property scsi_disk_properties[] = {
- DEFINE_SCSI_DISK_PROPERTIES(),
- DEFINE_PROP_BIT("removable", SCSIDiskState, features,
- SCSI_DISK_F_REMOVABLE, false),
- DEFINE_PROP_BIT("dpofua", SCSIDiskState, features,
- SCSI_DISK_F_DPOFUA, false),
- DEFINE_PROP_HEX64("wwn", SCSIDiskState, wwn, 0),
- DEFINE_PROP_END_OF_LIST(),
-};
-
-static void scsi_disk_class_initfn(ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS(klass);
- SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
-
- sc->init = scsi_disk_initfn;
- sc->destroy = scsi_destroy;
- sc->alloc_req = scsi_new_request;
- sc->unit_attention_reported = scsi_disk_unit_attention_reported;
- dc->fw_name = "disk";
- dc->desc = "virtual SCSI disk or CD-ROM (legacy)";
- dc->reset = scsi_disk_reset;
- dc->props = scsi_disk_properties;
- dc->vmsd = &vmstate_scsi_disk_state;
-}
-
-static TypeInfo scsi_disk_info = {
- .name = "scsi-disk",
- .parent = TYPE_SCSI_DEVICE,
- .instance_size = sizeof(SCSIDiskState),
- .class_init = scsi_disk_class_initfn,
-};
-
-static void scsi_disk_register_types(void)
-{
- type_register_static(&scsi_hd_info);
- type_register_static(&scsi_cd_info);
-#ifdef __linux__
- type_register_static(&scsi_block_info);
-#endif
- type_register_static(&scsi_disk_info);
-}
-
-type_init(scsi_disk_register_types)
diff --git a/hw/scsi-generic.c b/hw/scsi-generic.c
deleted file mode 100644
index d9045341b..000000000
--- a/hw/scsi-generic.c
+++ /dev/null
@@ -1,516 +0,0 @@
-/*
- * Generic SCSI Device support
- *
- * Copyright (c) 2007 Bull S.A.S.
- * Based on code by Paul Brook
- * Based on code by Fabrice Bellard
- *
- * Written by Laurent Vivier <Laurent.Vivier@bull.net>
- *
- * This code is licensed under the LGPL.
- *
- */
-
-#include "qemu-common.h"
-#include "qemu-error.h"
-#include "scsi.h"
-#include "blockdev.h"
-
-#ifdef __linux__
-
-//#define DEBUG_SCSI
-
-#ifdef DEBUG_SCSI
-#define DPRINTF(fmt, ...) \
-do { printf("scsi-generic: " fmt , ## __VA_ARGS__); } while (0)
-#else
-#define DPRINTF(fmt, ...) do {} while(0)
-#endif
-
-#define BADF(fmt, ...) \
-do { fprintf(stderr, "scsi-generic: " fmt , ## __VA_ARGS__); } while (0)
-
-#include <stdio.h>
-#include <sys/types.h>
-#include <sys/stat.h>
-#include <unistd.h>
-#include <scsi/sg.h>
-#include "scsi-defs.h"
-
-#define SCSI_SENSE_BUF_SIZE 96
-
-#define SG_ERR_DRIVER_TIMEOUT 0x06
-#define SG_ERR_DRIVER_SENSE 0x08
-
-#define SG_ERR_DID_OK 0x00
-#define SG_ERR_DID_NO_CONNECT 0x01
-#define SG_ERR_DID_BUS_BUSY 0x02
-#define SG_ERR_DID_TIME_OUT 0x03
-
-#ifndef MAX_UINT
-#define MAX_UINT ((unsigned int)-1)
-#endif
-
-typedef struct SCSIGenericReq {
- SCSIRequest req;
- uint8_t *buf;
- int buflen;
- int len;
- sg_io_hdr_t io_header;
-} SCSIGenericReq;
-
-static void scsi_generic_save_request(QEMUFile *f, SCSIRequest *req)
-{
- SCSIGenericReq *r = DO_UPCAST(SCSIGenericReq, req, req);
-
- qemu_put_sbe32s(f, &r->buflen);
- if (r->buflen && r->req.cmd.mode == SCSI_XFER_TO_DEV) {
- assert(!r->req.sg);
- qemu_put_buffer(f, r->buf, r->req.cmd.xfer);
- }
-}
-
-static void scsi_generic_load_request(QEMUFile *f, SCSIRequest *req)
-{
- SCSIGenericReq *r = DO_UPCAST(SCSIGenericReq, req, req);
-
- qemu_get_sbe32s(f, &r->buflen);
- if (r->buflen && r->req.cmd.mode == SCSI_XFER_TO_DEV) {
- assert(!r->req.sg);
- qemu_get_buffer(f, r->buf, r->req.cmd.xfer);
- }
-}
-
-static void scsi_free_request(SCSIRequest *req)
-{
- SCSIGenericReq *r = DO_UPCAST(SCSIGenericReq, req, req);
-
- g_free(r->buf);
-}
-
-/* Helper function for command completion. */
-static void scsi_command_complete(void *opaque, int ret)
-{
- int status;
- SCSIGenericReq *r = (SCSIGenericReq *)opaque;
-
- r->req.aiocb = NULL;
- if (r->io_header.driver_status & SG_ERR_DRIVER_SENSE) {
- r->req.sense_len = r->io_header.sb_len_wr;
- }
-
- if (ret != 0) {
- switch (ret) {
- case -EDOM:
- status = TASK_SET_FULL;
- break;
- case -ENOMEM:
- status = CHECK_CONDITION;
- scsi_req_build_sense(&r->req, SENSE_CODE(TARGET_FAILURE));
- break;
- default:
- status = CHECK_CONDITION;
- scsi_req_build_sense(&r->req, SENSE_CODE(IO_ERROR));
- break;
- }
- } else {
- if (r->io_header.host_status == SG_ERR_DID_NO_CONNECT ||
- r->io_header.host_status == SG_ERR_DID_BUS_BUSY ||
- r->io_header.host_status == SG_ERR_DID_TIME_OUT ||
- (r->io_header.driver_status & SG_ERR_DRIVER_TIMEOUT)) {
- status = BUSY;
- BADF("Driver Timeout\n");
- } else if (r->io_header.host_status) {
- status = CHECK_CONDITION;
- scsi_req_build_sense(&r->req, SENSE_CODE(I_T_NEXUS_LOSS));
- } else if (r->io_header.status) {
- status = r->io_header.status;
- } else if (r->io_header.driver_status & SG_ERR_DRIVER_SENSE) {
- status = CHECK_CONDITION;
- } else {
- status = GOOD;
- }
- }
- DPRINTF("Command complete 0x%p tag=0x%x status=%d\n",
- r, r->req.tag, status);
-
- scsi_req_complete(&r->req, status);
- if (!r->req.io_canceled) {
- scsi_req_unref(&r->req);
- }
-}
-
-/* Cancel a pending data transfer. */
-static void scsi_cancel_io(SCSIRequest *req)
-{
- SCSIGenericReq *r = DO_UPCAST(SCSIGenericReq, req, req);
-
- DPRINTF("Cancel tag=0x%x\n", req->tag);
- if (r->req.aiocb) {
- bdrv_aio_cancel(r->req.aiocb);
-
- /* This reference was left in by scsi_*_data. We take ownership of
- * it independent of whether bdrv_aio_cancel completes the request
- * or not. */
- scsi_req_unref(&r->req);
- }
- r->req.aiocb = NULL;
-}
-
-static int execute_command(BlockDriverState *bdrv,
- SCSIGenericReq *r, int direction,
- BlockDriverCompletionFunc *complete)
-{
- r->io_header.interface_id = 'S';
- r->io_header.dxfer_direction = direction;
- r->io_header.dxferp = r->buf;
- r->io_header.dxfer_len = r->buflen;
- r->io_header.cmdp = r->req.cmd.buf;
- r->io_header.cmd_len = r->req.cmd.len;
- r->io_header.mx_sb_len = sizeof(r->req.sense);
- r->io_header.sbp = r->req.sense;
- r->io_header.timeout = MAX_UINT;
- r->io_header.usr_ptr = r;
- r->io_header.flags |= SG_FLAG_DIRECT_IO;
-
- r->req.aiocb = bdrv_aio_ioctl(bdrv, SG_IO, &r->io_header, complete, r);
-
- return 0;
-}
-
-static void scsi_read_complete(void * opaque, int ret)
-{
- SCSIGenericReq *r = (SCSIGenericReq *)opaque;
- SCSIDevice *s = r->req.dev;
- int len;
-
- r->req.aiocb = NULL;
- if (ret) {
- DPRINTF("IO error ret %d\n", ret);
- scsi_command_complete(r, ret);
- return;
- }
- len = r->io_header.dxfer_len - r->io_header.resid;
- DPRINTF("Data ready tag=0x%x len=%d\n", r->req.tag, len);
-
- r->len = -1;
- if (len == 0) {
- scsi_command_complete(r, 0);
- } else {
- /* Snoop READ CAPACITY output to set the blocksize. */
- if (r->req.cmd.buf[0] == READ_CAPACITY_10) {
- s->blocksize = ldl_be_p(&r->buf[4]);
- s->max_lba = ldl_be_p(&r->buf[0]);
- } else if (r->req.cmd.buf[0] == SERVICE_ACTION_IN_16 &&
- (r->req.cmd.buf[1] & 31) == SAI_READ_CAPACITY_16) {
- s->blocksize = ldl_be_p(&r->buf[8]);
- s->max_lba = ldq_be_p(&r->buf[0]);
- }
- bdrv_set_buffer_alignment(s->conf.bs, s->blocksize);
-
- scsi_req_data(&r->req, len);
- if (!r->req.io_canceled) {
- scsi_req_unref(&r->req);
- }
- }
-}
-
-/* Read more data from scsi device into buffer. */
-static void scsi_read_data(SCSIRequest *req)
-{
- SCSIGenericReq *r = DO_UPCAST(SCSIGenericReq, req, req);
- SCSIDevice *s = r->req.dev;
- int ret;
-
- DPRINTF("scsi_read_data 0x%x\n", req->tag);
-
- /* The request is used as the AIO opaque value, so add a ref. */
- scsi_req_ref(&r->req);
- if (r->len == -1) {
- scsi_command_complete(r, 0);
- return;
- }
-
- ret = execute_command(s->conf.bs, r, SG_DXFER_FROM_DEV, scsi_read_complete);
- if (ret < 0) {
- scsi_command_complete(r, ret);
- }
-}
-
-static void scsi_write_complete(void * opaque, int ret)
-{
- SCSIGenericReq *r = (SCSIGenericReq *)opaque;
- SCSIDevice *s = r->req.dev;
-
- DPRINTF("scsi_write_complete() ret = %d\n", ret);
- r->req.aiocb = NULL;
- if (ret) {
- DPRINTF("IO error\n");
- scsi_command_complete(r, ret);
- return;
- }
-
- if (r->req.cmd.buf[0] == MODE_SELECT && r->req.cmd.buf[4] == 12 &&
- s->type == TYPE_TAPE) {
- s->blocksize = (r->buf[9] << 16) | (r->buf[10] << 8) | r->buf[11];
- DPRINTF("block size %d\n", s->blocksize);
- }
-
- scsi_command_complete(r, ret);
-}
-
-/* Write data to a scsi device. Returns nonzero on failure.
- The transfer may complete asynchronously. */
-static void scsi_write_data(SCSIRequest *req)
-{
- SCSIGenericReq *r = DO_UPCAST(SCSIGenericReq, req, req);
- SCSIDevice *s = r->req.dev;
- int ret;
-
- DPRINTF("scsi_write_data 0x%x\n", req->tag);
- if (r->len == 0) {
- r->len = r->buflen;
- scsi_req_data(&r->req, r->len);
- return;
- }
-
- /* The request is used as the AIO opaque value, so add a ref. */
- scsi_req_ref(&r->req);
- ret = execute_command(s->conf.bs, r, SG_DXFER_TO_DEV, scsi_write_complete);
- if (ret < 0) {
- scsi_command_complete(r, ret);
- }
-}
-
-/* Return a pointer to the data buffer. */
-static uint8_t *scsi_get_buf(SCSIRequest *req)
-{
- SCSIGenericReq *r = DO_UPCAST(SCSIGenericReq, req, req);
-
- return r->buf;
-}
-
-/* Execute a scsi command. Returns the length of the data expected by the
- command. This will be Positive for data transfers from the device
- (eg. disk reads), negative for transfers to the device (eg. disk writes),
- and zero if the command does not transfer any data. */
-
-static int32_t scsi_send_command(SCSIRequest *req, uint8_t *cmd)
-{
- SCSIGenericReq *r = DO_UPCAST(SCSIGenericReq, req, req);
- SCSIDevice *s = r->req.dev;
- int ret;
-
- DPRINTF("Command: lun=%d tag=0x%x len %zd data=0x%02x", lun, tag,
- r->req.cmd.xfer, cmd[0]);
-
-#ifdef DEBUG_SCSI
- {
- int i;
- for (i = 1; i < r->req.cmd.len; i++) {
- printf(" 0x%02x", cmd[i]);
- }
- printf("\n");
- }
-#endif
-
- if (r->req.cmd.xfer == 0) {
- if (r->buf != NULL)
- g_free(r->buf);
- r->buflen = 0;
- r->buf = NULL;
- /* The request is used as the AIO opaque value, so add a ref. */
- scsi_req_ref(&r->req);
- ret = execute_command(s->conf.bs, r, SG_DXFER_NONE, scsi_command_complete);
- if (ret < 0) {
- scsi_command_complete(r, ret);
- return 0;
- }
- return 0;
- }
-
- if (r->buflen != r->req.cmd.xfer) {
- if (r->buf != NULL)
- g_free(r->buf);
- r->buf = g_malloc(r->req.cmd.xfer);
- r->buflen = r->req.cmd.xfer;
- }
-
- memset(r->buf, 0, r->buflen);
- r->len = r->req.cmd.xfer;
- if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
- r->len = 0;
- return -r->req.cmd.xfer;
- } else {
- return r->req.cmd.xfer;
- }
-}
-
-static int get_stream_blocksize(BlockDriverState *bdrv)
-{
- uint8_t cmd[6];
- uint8_t buf[12];
- uint8_t sensebuf[8];
- sg_io_hdr_t io_header;
- int ret;
-
- memset(cmd, 0, sizeof(cmd));
- memset(buf, 0, sizeof(buf));
- cmd[0] = MODE_SENSE;
- cmd[4] = sizeof(buf);
-
- memset(&io_header, 0, sizeof(io_header));
- io_header.interface_id = 'S';
- io_header.dxfer_direction = SG_DXFER_FROM_DEV;
- io_header.dxfer_len = sizeof(buf);
- io_header.dxferp = buf;
- io_header.cmdp = cmd;
- io_header.cmd_len = sizeof(cmd);
- io_header.mx_sb_len = sizeof(sensebuf);
- io_header.sbp = sensebuf;
- io_header.timeout = 6000; /* XXX */
-
- ret = bdrv_ioctl(bdrv, SG_IO, &io_header);
- if (ret < 0 || io_header.driver_status || io_header.host_status) {
- return -1;
- }
- return (buf[9] << 16) | (buf[10] << 8) | buf[11];
-}
-
-static void scsi_generic_reset(DeviceState *dev)
-{
- SCSIDevice *s = SCSI_DEVICE(dev);
-
- scsi_device_purge_requests(s, SENSE_CODE(RESET));
-}
-
-static void scsi_destroy(SCSIDevice *s)
-{
- scsi_device_purge_requests(s, SENSE_CODE(NO_SENSE));
- blockdev_mark_auto_del(s->conf.bs);
-}
-
-static int scsi_generic_initfn(SCSIDevice *s)
-{
- int sg_version;
- struct sg_scsi_id scsiid;
-
- if (!s->conf.bs) {
- error_report("drive property not set");
- return -1;
- }
-
- if (bdrv_get_on_error(s->conf.bs, 0) != BLOCKDEV_ON_ERROR_ENOSPC) {
- error_report("Device doesn't support drive option werror");
- return -1;
- }
- if (bdrv_get_on_error(s->conf.bs, 1) != BLOCKDEV_ON_ERROR_REPORT) {
- error_report("Device doesn't support drive option rerror");
- return -1;
- }
-
- /* check we are using a driver managing SG_IO (version 3 and after */
- if (bdrv_ioctl(s->conf.bs, SG_GET_VERSION_NUM, &sg_version) < 0) {
- error_report("scsi generic interface not supported");
- return -1;
- }
- if (sg_version < 30000) {
- error_report("scsi generic interface too old");
- return -1;
- }
-
- /* get LUN of the /dev/sg? */
- if (bdrv_ioctl(s->conf.bs, SG_GET_SCSI_ID, &scsiid)) {
- error_report("SG_GET_SCSI_ID ioctl failed");
- return -1;
- }
-
- /* define device state */
- s->type = scsiid.scsi_type;
- DPRINTF("device type %d\n", s->type);
- if (s->type == TYPE_DISK || s->type == TYPE_ROM) {
- add_boot_device_path(s->conf.bootindex, &s->qdev, NULL);
- }
-
- switch (s->type) {
- case TYPE_TAPE:
- s->blocksize = get_stream_blocksize(s->conf.bs);
- if (s->blocksize == -1) {
- s->blocksize = 0;
- }
- break;
-
- /* Make a guess for block devices, we'll fix it when the guest sends.
- * READ CAPACITY. If they don't, they likely would assume these sizes
- * anyway. (TODO: they could also send MODE SENSE).
- */
- case TYPE_ROM:
- case TYPE_WORM:
- s->blocksize = 2048;
- break;
- default:
- s->blocksize = 512;
- break;
- }
-
- DPRINTF("block size %d\n", s->blocksize);
- return 0;
-}
-
-const SCSIReqOps scsi_generic_req_ops = {
- .size = sizeof(SCSIGenericReq),
- .free_req = scsi_free_request,
- .send_command = scsi_send_command,
- .read_data = scsi_read_data,
- .write_data = scsi_write_data,
- .cancel_io = scsi_cancel_io,
- .get_buf = scsi_get_buf,
- .load_request = scsi_generic_load_request,
- .save_request = scsi_generic_save_request,
-};
-
-static SCSIRequest *scsi_new_request(SCSIDevice *d, uint32_t tag, uint32_t lun,
- uint8_t *buf, void *hba_private)
-{
- SCSIRequest *req;
-
- req = scsi_req_alloc(&scsi_generic_req_ops, d, tag, lun, hba_private);
- return req;
-}
-
-static Property scsi_generic_properties[] = {
- DEFINE_PROP_DRIVE("drive", SCSIDevice, conf.bs),
- DEFINE_PROP_INT32("bootindex", SCSIDevice, conf.bootindex, -1),
- DEFINE_PROP_END_OF_LIST(),
-};
-
-static void scsi_generic_class_initfn(ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS(klass);
- SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
-
- sc->init = scsi_generic_initfn;
- sc->destroy = scsi_destroy;
- sc->alloc_req = scsi_new_request;
- dc->fw_name = "disk";
- dc->desc = "pass through generic scsi device (/dev/sg*)";
- dc->reset = scsi_generic_reset;
- dc->props = scsi_generic_properties;
- dc->vmsd = &vmstate_scsi_device;
-}
-
-static TypeInfo scsi_generic_info = {
- .name = "scsi-generic",
- .parent = TYPE_SCSI_DEVICE,
- .instance_size = sizeof(SCSIDevice),
- .class_init = scsi_generic_class_initfn,
-};
-
-static void scsi_generic_register_types(void)
-{
- type_register_static(&scsi_generic_info);
-}
-
-type_init(scsi_generic_register_types)
-
-#endif /* __linux__ */
diff --git a/hw/scsi.h b/hw/scsi.h
deleted file mode 100644
index b8f73577d..000000000
--- a/hw/scsi.h
+++ /dev/null
@@ -1,255 +0,0 @@
-#ifndef QEMU_HW_SCSI_H
-#define QEMU_HW_SCSI_H
-
-#include "qdev.h"
-#include "block.h"
-#include "hw/block-common.h"
-#include "sysemu.h"
-
-#define MAX_SCSI_DEVS 255
-
-#define SCSI_CMD_BUF_SIZE 16
-
-typedef struct SCSIBus SCSIBus;
-typedef struct SCSIBusInfo SCSIBusInfo;
-typedef struct SCSICommand SCSICommand;
-typedef struct SCSIDevice SCSIDevice;
-typedef struct SCSIRequest SCSIRequest;
-typedef struct SCSIReqOps SCSIReqOps;
-
-enum SCSIXferMode {
- SCSI_XFER_NONE, /* TEST_UNIT_READY, ... */
- SCSI_XFER_FROM_DEV, /* READ, INQUIRY, MODE_SENSE, ... */
- SCSI_XFER_TO_DEV, /* WRITE, MODE_SELECT, ... */
-};
-
-typedef struct SCSISense {
- uint8_t key;
- uint8_t asc;
- uint8_t ascq;
-} SCSISense;
-
-#define SCSI_SENSE_BUF_SIZE 96
-
-struct SCSICommand {
- uint8_t buf[SCSI_CMD_BUF_SIZE];
- int len;
- size_t xfer;
- uint64_t lba;
- enum SCSIXferMode mode;
-};
-
-struct SCSIRequest {
- SCSIBus *bus;
- SCSIDevice *dev;
- const SCSIReqOps *ops;
- uint32_t refcount;
- uint32_t tag;
- uint32_t lun;
- uint32_t status;
- size_t resid;
- SCSICommand cmd;
- BlockDriverAIOCB *aiocb;
- QEMUSGList *sg;
- bool dma_started;
- uint8_t sense[SCSI_SENSE_BUF_SIZE];
- uint32_t sense_len;
- bool enqueued;
- bool io_canceled;
- bool retry;
- void *hba_private;
- QTAILQ_ENTRY(SCSIRequest) next;
-};
-
-#define TYPE_SCSI_DEVICE "scsi-device"
-#define SCSI_DEVICE(obj) \
- OBJECT_CHECK(SCSIDevice, (obj), TYPE_SCSI_DEVICE)
-#define SCSI_DEVICE_CLASS(klass) \
- OBJECT_CLASS_CHECK(SCSIDeviceClass, (klass), TYPE_SCSI_DEVICE)
-#define SCSI_DEVICE_GET_CLASS(obj) \
- OBJECT_GET_CLASS(SCSIDeviceClass, (obj), TYPE_SCSI_DEVICE)
-
-typedef struct SCSIDeviceClass {
- DeviceClass parent_class;
- int (*init)(SCSIDevice *dev);
- void (*destroy)(SCSIDevice *s);
- SCSIRequest *(*alloc_req)(SCSIDevice *s, uint32_t tag, uint32_t lun,
- uint8_t *buf, void *hba_private);
- void (*unit_attention_reported)(SCSIDevice *s);
-} SCSIDeviceClass;
-
-struct SCSIDevice
-{
- DeviceState qdev;
- VMChangeStateEntry *vmsentry;
- QEMUBH *bh;
- uint32_t id;
- BlockConf conf;
- SCSISense unit_attention;
- bool sense_is_ua;
- uint8_t sense[SCSI_SENSE_BUF_SIZE];
- uint32_t sense_len;
- QTAILQ_HEAD(, SCSIRequest) requests;
- uint32_t channel;
- uint32_t lun;
- int blocksize;
- int type;
- uint64_t max_lba;
-};
-
-extern const VMStateDescription vmstate_scsi_device;
-
-#define VMSTATE_SCSI_DEVICE(_field, _state) { \
- .name = (stringify(_field)), \
- .size = sizeof(SCSIDevice), \
- .vmsd = &vmstate_scsi_device, \
- .flags = VMS_STRUCT, \
- .offset = vmstate_offset_value(_state, _field, SCSIDevice), \
-}
-
-/* cdrom.c */
-int cdrom_read_toc(int nb_sectors, uint8_t *buf, int msf, int start_track);
-int cdrom_read_toc_raw(int nb_sectors, uint8_t *buf, int msf, int session_num);
-
-/* scsi-bus.c */
-struct SCSIReqOps {
- size_t size;
- void (*free_req)(SCSIRequest *req);
- int32_t (*send_command)(SCSIRequest *req, uint8_t *buf);
- void (*read_data)(SCSIRequest *req);
- void (*write_data)(SCSIRequest *req);
- void (*cancel_io)(SCSIRequest *req);
- uint8_t *(*get_buf)(SCSIRequest *req);
-
- void (*save_request)(QEMUFile *f, SCSIRequest *req);
- void (*load_request)(QEMUFile *f, SCSIRequest *req);
-};
-
-struct SCSIBusInfo {
- int tcq;
- int max_channel, max_target, max_lun;
- void (*transfer_data)(SCSIRequest *req, uint32_t arg);
- void (*complete)(SCSIRequest *req, uint32_t arg, size_t resid);
- void (*cancel)(SCSIRequest *req);
- void (*hotplug)(SCSIBus *bus, SCSIDevice *dev);
- void (*hot_unplug)(SCSIBus *bus, SCSIDevice *dev);
- void (*change)(SCSIBus *bus, SCSIDevice *dev, SCSISense sense);
- QEMUSGList *(*get_sg_list)(SCSIRequest *req);
-
- void (*save_request)(QEMUFile *f, SCSIRequest *req);
- void *(*load_request)(QEMUFile *f, SCSIRequest *req);
- void (*free_request)(SCSIBus *bus, void *priv);
-};
-
-#define TYPE_SCSI_BUS "SCSI"
-#define SCSI_BUS(obj) OBJECT_CHECK(SCSIBus, (obj), TYPE_SCSI_BUS)
-
-struct SCSIBus {
- BusState qbus;
- int busnr;
-
- SCSISense unit_attention;
- const SCSIBusInfo *info;
-};
-
-void scsi_bus_new(SCSIBus *bus, DeviceState *host, const SCSIBusInfo *info);
-
-static inline SCSIBus *scsi_bus_from_device(SCSIDevice *d)
-{
- return DO_UPCAST(SCSIBus, qbus, d->qdev.parent_bus);
-}
-
-SCSIDevice *scsi_bus_legacy_add_drive(SCSIBus *bus, BlockDriverState *bdrv,
- int unit, bool removable, int bootindex);
-int scsi_bus_legacy_handle_cmdline(SCSIBus *bus);
-
-/*
- * Predefined sense codes
- */
-
-/* No sense data available */
-extern const struct SCSISense sense_code_NO_SENSE;
-/* LUN not ready, Manual intervention required */
-extern const struct SCSISense sense_code_LUN_NOT_READY;
-/* LUN not ready, Medium not present */
-extern const struct SCSISense sense_code_NO_MEDIUM;
-/* LUN not ready, medium removal prevented */
-extern const struct SCSISense sense_code_NOT_READY_REMOVAL_PREVENTED;
-/* Hardware error, internal target failure */
-extern const struct SCSISense sense_code_TARGET_FAILURE;
-/* Illegal request, invalid command operation code */
-extern const struct SCSISense sense_code_INVALID_OPCODE;
-/* Illegal request, LBA out of range */
-extern const struct SCSISense sense_code_LBA_OUT_OF_RANGE;
-/* Illegal request, Invalid field in CDB */
-extern const struct SCSISense sense_code_INVALID_FIELD;
-/* Illegal request, Invalid field in parameter list */
-extern const struct SCSISense sense_code_INVALID_PARAM;
-/* Illegal request, Parameter list length error */
-extern const struct SCSISense sense_code_INVALID_PARAM_LEN;
-/* Illegal request, LUN not supported */
-extern const struct SCSISense sense_code_LUN_NOT_SUPPORTED;
-/* Illegal request, Saving parameters not supported */
-extern const struct SCSISense sense_code_SAVING_PARAMS_NOT_SUPPORTED;
-/* Illegal request, Incompatible format */
-extern const struct SCSISense sense_code_INCOMPATIBLE_FORMAT;
-/* Illegal request, medium removal prevented */
-extern const struct SCSISense sense_code_ILLEGAL_REQ_REMOVAL_PREVENTED;
-/* Command aborted, I/O process terminated */
-extern const struct SCSISense sense_code_IO_ERROR;
-/* Command aborted, I_T Nexus loss occurred */
-extern const struct SCSISense sense_code_I_T_NEXUS_LOSS;
-/* Command aborted, Logical Unit failure */
-extern const struct SCSISense sense_code_LUN_FAILURE;
-/* LUN not ready, Capacity data has changed */
-extern const struct SCSISense sense_code_CAPACITY_CHANGED;
-/* LUN not ready, Medium not present */
-extern const struct SCSISense sense_code_UNIT_ATTENTION_NO_MEDIUM;
-/* Unit attention, Power on, reset or bus device reset occurred */
-extern const struct SCSISense sense_code_RESET;
-/* Unit attention, Medium may have changed*/
-extern const struct SCSISense sense_code_MEDIUM_CHANGED;
-/* Unit attention, Reported LUNs data has changed */
-extern const struct SCSISense sense_code_REPORTED_LUNS_CHANGED;
-/* Unit attention, Device internal reset */
-extern const struct SCSISense sense_code_DEVICE_INTERNAL_RESET;
-/* Data Protection, Write Protected */
-extern const struct SCSISense sense_code_WRITE_PROTECTED;
-
-#define SENSE_CODE(x) sense_code_ ## x
-
-uint32_t scsi_data_cdb_length(uint8_t *buf);
-uint32_t scsi_cdb_length(uint8_t *buf);
-int scsi_sense_valid(SCSISense sense);
-int scsi_build_sense(uint8_t *in_buf, int in_len,
- uint8_t *buf, int len, bool fixed);
-
-SCSIRequest *scsi_req_alloc(const SCSIReqOps *reqops, SCSIDevice *d,
- uint32_t tag, uint32_t lun, void *hba_private);
-SCSIRequest *scsi_req_new(SCSIDevice *d, uint32_t tag, uint32_t lun,
- uint8_t *buf, void *hba_private);
-int32_t scsi_req_enqueue(SCSIRequest *req);
-void scsi_req_free(SCSIRequest *req);
-SCSIRequest *scsi_req_ref(SCSIRequest *req);
-void scsi_req_unref(SCSIRequest *req);
-
-void scsi_req_build_sense(SCSIRequest *req, SCSISense sense);
-void scsi_req_print(SCSIRequest *req);
-void scsi_req_continue(SCSIRequest *req);
-void scsi_req_data(SCSIRequest *req, int len);
-void scsi_req_complete(SCSIRequest *req, int status);
-uint8_t *scsi_req_get_buf(SCSIRequest *req);
-int scsi_req_get_sense(SCSIRequest *req, uint8_t *buf, int len);
-void scsi_req_abort(SCSIRequest *req, int status);
-void scsi_req_cancel(SCSIRequest *req);
-void scsi_req_retry(SCSIRequest *req);
-void scsi_device_purge_requests(SCSIDevice *sdev, SCSISense sense);
-void scsi_device_set_ua(SCSIDevice *sdev, SCSISense sense);
-void scsi_device_report_change(SCSIDevice *dev, SCSISense sense);
-int scsi_device_get_sense(SCSIDevice *dev, uint8_t *buf, int len, bool fixed);
-SCSIDevice *scsi_device_find(SCSIBus *bus, int channel, int target, int lun);
-
-/* scsi-generic.c. */
-extern const SCSIReqOps scsi_generic_req_ops;
-
-#endif
diff --git a/hw/scsi/Makefile.objs b/hw/scsi/Makefile.objs
new file mode 100644
index 000000000..121ddc5cf
--- /dev/null
+++ b/hw/scsi/Makefile.objs
@@ -0,0 +1,13 @@
+common-obj-y += scsi-disk.o
+common-obj-y += scsi-generic.o scsi-bus.o
+common-obj-$(CONFIG_LSI_SCSI_PCI) += lsi53c895a.o
+common-obj-$(CONFIG_MEGASAS_SCSI_PCI) += megasas.o
+common-obj-$(CONFIG_VMW_PVSCSI_SCSI_PCI) += vmw_pvscsi.o
+common-obj-$(CONFIG_ESP) += esp.o
+common-obj-$(CONFIG_ESP_PCI) += esp-pci.o
+obj-$(CONFIG_PSERIES) += spapr_vscsi.o
+
+ifeq ($(CONFIG_VIRTIO),y)
+obj-y += virtio-scsi.o
+obj-$(CONFIG_VHOST_SCSI) += vhost-scsi.o
+endif
diff --git a/hw/scsi/esp-pci.c b/hw/scsi/esp-pci.c
new file mode 100644
index 000000000..d7ec1736c
--- /dev/null
+++ b/hw/scsi/esp-pci.c
@@ -0,0 +1,533 @@
+/*
+ * QEMU ESP/NCR53C9x emulation
+ *
+ * Copyright (c) 2005-2006 Fabrice Bellard
+ * Copyright (c) 2012 Herve Poussineau
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+#include "hw/pci/pci.h"
+#include "hw/nvram/eeprom93xx.h"
+#include "hw/scsi/esp.h"
+#include "trace.h"
+#include "qemu/log.h"
+
+#define TYPE_AM53C974_DEVICE "am53c974"
+
+#define PCI_ESP(obj) \
+ OBJECT_CHECK(PCIESPState, (obj), TYPE_AM53C974_DEVICE)
+
+#define DMA_CMD 0x0
+#define DMA_STC 0x1
+#define DMA_SPA 0x2
+#define DMA_WBC 0x3
+#define DMA_WAC 0x4
+#define DMA_STAT 0x5
+#define DMA_SMDLA 0x6
+#define DMA_WMAC 0x7
+
+#define DMA_CMD_MASK 0x03
+#define DMA_CMD_DIAG 0x04
+#define DMA_CMD_MDL 0x10
+#define DMA_CMD_INTE_P 0x20
+#define DMA_CMD_INTE_D 0x40
+#define DMA_CMD_DIR 0x80
+
+#define DMA_STAT_PWDN 0x01
+#define DMA_STAT_ERROR 0x02
+#define DMA_STAT_ABORT 0x04
+#define DMA_STAT_DONE 0x08
+#define DMA_STAT_SCSIINT 0x10
+#define DMA_STAT_BCMBLT 0x20
+
+#define SBAC_STATUS 0x1000
+
+typedef struct PCIESPState {
+ /*< private >*/
+ PCIDevice parent_obj;
+ /*< public >*/
+
+ MemoryRegion io;
+ uint32_t dma_regs[8];
+ uint32_t sbac;
+ ESPState esp;
+} PCIESPState;
+
+static void esp_pci_handle_idle(PCIESPState *pci, uint32_t val)
+{
+ trace_esp_pci_dma_idle(val);
+ esp_dma_enable(&pci->esp, 0, 0);
+}
+
+static void esp_pci_handle_blast(PCIESPState *pci, uint32_t val)
+{
+ trace_esp_pci_dma_blast(val);
+ qemu_log_mask(LOG_UNIMP, "am53c974: cmd BLAST not implemented\n");
+}
+
+static void esp_pci_handle_abort(PCIESPState *pci, uint32_t val)
+{
+ trace_esp_pci_dma_abort(val);
+ if (pci->esp.current_req) {
+ scsi_req_cancel(pci->esp.current_req);
+ }
+}
+
+static void esp_pci_handle_start(PCIESPState *pci, uint32_t val)
+{
+ trace_esp_pci_dma_start(val);
+
+ pci->dma_regs[DMA_WBC] = pci->dma_regs[DMA_STC];
+ pci->dma_regs[DMA_WAC] = pci->dma_regs[DMA_SPA];
+ pci->dma_regs[DMA_WMAC] = pci->dma_regs[DMA_SMDLA];
+
+ pci->dma_regs[DMA_STAT] &= ~(DMA_STAT_BCMBLT | DMA_STAT_SCSIINT
+ | DMA_STAT_DONE | DMA_STAT_ABORT
+ | DMA_STAT_ERROR | DMA_STAT_PWDN);
+
+ esp_dma_enable(&pci->esp, 0, 1);
+}
+
+static void esp_pci_dma_write(PCIESPState *pci, uint32_t saddr, uint32_t val)
+{
+ trace_esp_pci_dma_write(saddr, pci->dma_regs[saddr], val);
+ switch (saddr) {
+ case DMA_CMD:
+ pci->dma_regs[saddr] = val;
+ switch (val & DMA_CMD_MASK) {
+ case 0x0: /* IDLE */
+ esp_pci_handle_idle(pci, val);
+ break;
+ case 0x1: /* BLAST */
+ esp_pci_handle_blast(pci, val);
+ break;
+ case 0x2: /* ABORT */
+ esp_pci_handle_abort(pci, val);
+ break;
+ case 0x3: /* START */
+ esp_pci_handle_start(pci, val);
+ break;
+ default: /* can't happen */
+ abort();
+ }
+ break;
+ case DMA_STC:
+ case DMA_SPA:
+ case DMA_SMDLA:
+ pci->dma_regs[saddr] = val;
+ break;
+ case DMA_STAT:
+ if (!(pci->sbac & SBAC_STATUS)) {
+ /* clear some bits on write */
+ uint32_t mask = DMA_STAT_ERROR | DMA_STAT_ABORT | DMA_STAT_DONE;
+ pci->dma_regs[DMA_STAT] &= ~(val & mask);
+ }
+ break;
+ default:
+ trace_esp_pci_error_invalid_write_dma(val, saddr);
+ return;
+ }
+}
+
+static uint32_t esp_pci_dma_read(PCIESPState *pci, uint32_t saddr)
+{
+ uint32_t val;
+
+ val = pci->dma_regs[saddr];
+ if (saddr == DMA_STAT) {
+ if (pci->esp.rregs[ESP_RSTAT] & STAT_INT) {
+ val |= DMA_STAT_SCSIINT;
+ }
+ if (pci->sbac & SBAC_STATUS) {
+ pci->dma_regs[DMA_STAT] &= ~(DMA_STAT_ERROR | DMA_STAT_ABORT |
+ DMA_STAT_DONE);
+ }
+ }
+
+ trace_esp_pci_dma_read(saddr, val);
+ return val;
+}
+
+static void esp_pci_io_write(void *opaque, hwaddr addr,
+ uint64_t val, unsigned int size)
+{
+ PCIESPState *pci = opaque;
+
+ if (size < 4 || addr & 3) {
+ /* need to upgrade request: we only support 4-bytes accesses */
+ uint32_t current = 0, mask;
+ int shift;
+
+ if (addr < 0x40) {
+ current = pci->esp.wregs[addr >> 2];
+ } else if (addr < 0x60) {
+ current = pci->dma_regs[(addr - 0x40) >> 2];
+ } else if (addr < 0x74) {
+ current = pci->sbac;
+ }
+
+ shift = (4 - size) * 8;
+ mask = (~(uint32_t)0 << shift) >> shift;
+
+ shift = ((4 - (addr & 3)) & 3) * 8;
+ val <<= shift;
+ val |= current & ~(mask << shift);
+ addr &= ~3;
+ size = 4;
+ }
+
+ if (addr < 0x40) {
+ /* SCSI core reg */
+ esp_reg_write(&pci->esp, addr >> 2, val);
+ } else if (addr < 0x60) {
+ /* PCI DMA CCB */
+ esp_pci_dma_write(pci, (addr - 0x40) >> 2, val);
+ } else if (addr == 0x70) {
+ /* DMA SCSI Bus and control */
+ trace_esp_pci_sbac_write(pci->sbac, val);
+ pci->sbac = val;
+ } else {
+ trace_esp_pci_error_invalid_write((int)addr);
+ }
+}
+
+static uint64_t esp_pci_io_read(void *opaque, hwaddr addr,
+ unsigned int size)
+{
+ PCIESPState *pci = opaque;
+ uint32_t ret;
+
+ if (addr < 0x40) {
+ /* SCSI core reg */
+ ret = esp_reg_read(&pci->esp, addr >> 2);
+ } else if (addr < 0x60) {
+ /* PCI DMA CCB */
+ ret = esp_pci_dma_read(pci, (addr - 0x40) >> 2);
+ } else if (addr == 0x70) {
+ /* DMA SCSI Bus and control */
+ trace_esp_pci_sbac_read(pci->sbac);
+ ret = pci->sbac;
+ } else {
+ /* Invalid region */
+ trace_esp_pci_error_invalid_read((int)addr);
+ ret = 0;
+ }
+
+ /* give only requested data */
+ ret >>= (addr & 3) * 8;
+ ret &= ~(~(uint64_t)0 << (8 * size));
+
+ return ret;
+}
+
+static void esp_pci_dma_memory_rw(PCIESPState *pci, uint8_t *buf, int len,
+ DMADirection dir)
+{
+ dma_addr_t addr;
+ DMADirection expected_dir;
+
+ if (pci->dma_regs[DMA_CMD] & DMA_CMD_DIR) {
+ expected_dir = DMA_DIRECTION_FROM_DEVICE;
+ } else {
+ expected_dir = DMA_DIRECTION_TO_DEVICE;
+ }
+
+ if (dir != expected_dir) {
+ trace_esp_pci_error_invalid_dma_direction();
+ return;
+ }
+
+ if (pci->dma_regs[DMA_STAT] & DMA_CMD_MDL) {
+ qemu_log_mask(LOG_UNIMP, "am53c974: MDL transfer not implemented\n");
+ }
+
+ addr = pci->dma_regs[DMA_SPA];
+ if (pci->dma_regs[DMA_WBC] < len) {
+ len = pci->dma_regs[DMA_WBC];
+ }
+
+ pci_dma_rw(PCI_DEVICE(pci), addr, buf, len, dir);
+
+ /* update status registers */
+ pci->dma_regs[DMA_WBC] -= len;
+ pci->dma_regs[DMA_WAC] += len;
+}
+
+static void esp_pci_dma_memory_read(void *opaque, uint8_t *buf, int len)
+{
+ PCIESPState *pci = opaque;
+ esp_pci_dma_memory_rw(pci, buf, len, DMA_DIRECTION_TO_DEVICE);
+}
+
+static void esp_pci_dma_memory_write(void *opaque, uint8_t *buf, int len)
+{
+ PCIESPState *pci = opaque;
+ esp_pci_dma_memory_rw(pci, buf, len, DMA_DIRECTION_FROM_DEVICE);
+}
+
+static const MemoryRegionOps esp_pci_io_ops = {
+ .read = esp_pci_io_read,
+ .write = esp_pci_io_write,
+ .endianness = DEVICE_LITTLE_ENDIAN,
+ .impl = {
+ .min_access_size = 1,
+ .max_access_size = 4,
+ },
+};
+
+static void esp_pci_hard_reset(DeviceState *dev)
+{
+ PCIESPState *pci = PCI_ESP(dev);
+ esp_hard_reset(&pci->esp);
+ pci->dma_regs[DMA_CMD] &= ~(DMA_CMD_DIR | DMA_CMD_INTE_D | DMA_CMD_INTE_P
+ | DMA_CMD_MDL | DMA_CMD_DIAG | DMA_CMD_MASK);
+ pci->dma_regs[DMA_WBC] &= ~0xffff;
+ pci->dma_regs[DMA_WAC] = 0xffffffff;
+ pci->dma_regs[DMA_STAT] &= ~(DMA_STAT_BCMBLT | DMA_STAT_SCSIINT
+ | DMA_STAT_DONE | DMA_STAT_ABORT
+ | DMA_STAT_ERROR);
+ pci->dma_regs[DMA_WMAC] = 0xfffffffd;
+}
+
+static const VMStateDescription vmstate_esp_pci_scsi = {
+ .name = "pciespscsi",
+ .version_id = 0,
+ .minimum_version_id = 0,
+ .minimum_version_id_old = 0,
+ .fields = (VMStateField[]) {
+ VMSTATE_PCI_DEVICE(parent_obj, PCIESPState),
+ VMSTATE_BUFFER_UNSAFE(dma_regs, PCIESPState, 0, 8 * sizeof(uint32_t)),
+ VMSTATE_STRUCT(esp, PCIESPState, 0, vmstate_esp, ESPState),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+static void esp_pci_command_complete(SCSIRequest *req, uint32_t status,
+ size_t resid)
+{
+ ESPState *s = req->hba_private;
+ PCIESPState *pci = container_of(s, PCIESPState, esp);
+
+ esp_command_complete(req, status, resid);
+ pci->dma_regs[DMA_WBC] = 0;
+ pci->dma_regs[DMA_STAT] |= DMA_STAT_DONE;
+}
+
+static const struct SCSIBusInfo esp_pci_scsi_info = {
+ .tcq = false,
+ .max_target = ESP_MAX_DEVS,
+ .max_lun = 7,
+
+ .transfer_data = esp_transfer_data,
+ .complete = esp_pci_command_complete,
+ .cancel = esp_request_cancelled,
+};
+
+static int esp_pci_scsi_init(PCIDevice *dev)
+{
+ PCIESPState *pci = PCI_ESP(dev);
+ DeviceState *d = DEVICE(dev);
+ ESPState *s = &pci->esp;
+ uint8_t *pci_conf;
+ Error *err = NULL;
+
+ pci_conf = dev->config;
+
+ /* Interrupt pin A */
+ pci_conf[PCI_INTERRUPT_PIN] = 0x01;
+
+ s->dma_memory_read = esp_pci_dma_memory_read;
+ s->dma_memory_write = esp_pci_dma_memory_write;
+ s->dma_opaque = pci;
+ s->chip_id = TCHI_AM53C974;
+ memory_region_init_io(&pci->io, OBJECT(pci), &esp_pci_io_ops, pci,
+ "esp-io", 0x80);
+
+ pci_register_bar(dev, 0, PCI_BASE_ADDRESS_SPACE_IO, &pci->io);
+ s->irq = dev->irq[0];
+
+ scsi_bus_new(&s->bus, d, &esp_pci_scsi_info, NULL);
+ if (!d->hotplugged) {
+ scsi_bus_legacy_handle_cmdline(&s->bus, &err);
+ if (err != NULL) {
+ error_free(err);
+ return -1;
+ }
+ }
+ return 0;
+}
+
+static void esp_pci_scsi_uninit(PCIDevice *d)
+{
+ PCIESPState *pci = PCI_ESP(d);
+
+ memory_region_destroy(&pci->io);
+}
+
+static void esp_pci_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ PCIDeviceClass *k = PCI_DEVICE_CLASS(klass);
+
+ k->init = esp_pci_scsi_init;
+ k->exit = esp_pci_scsi_uninit;
+ k->vendor_id = PCI_VENDOR_ID_AMD;
+ k->device_id = PCI_DEVICE_ID_AMD_SCSI;
+ k->revision = 0x10;
+ k->class_id = PCI_CLASS_STORAGE_SCSI;
+ set_bit(DEVICE_CATEGORY_STORAGE, dc->categories);
+ dc->desc = "AMD Am53c974 PCscsi-PCI SCSI adapter";
+ dc->reset = esp_pci_hard_reset;
+ dc->vmsd = &vmstate_esp_pci_scsi;
+}
+
+static const TypeInfo esp_pci_info = {
+ .name = TYPE_AM53C974_DEVICE,
+ .parent = TYPE_PCI_DEVICE,
+ .instance_size = sizeof(PCIESPState),
+ .class_init = esp_pci_class_init,
+};
+
+typedef struct {
+ PCIESPState pci;
+ eeprom_t *eeprom;
+} DC390State;
+
+#define TYPE_DC390_DEVICE "dc390"
+#define DC390(obj) \
+ OBJECT_CHECK(DC390State, obj, TYPE_DC390_DEVICE)
+
+#define EE_ADAPT_SCSI_ID 64
+#define EE_MODE2 65
+#define EE_DELAY 66
+#define EE_TAG_CMD_NUM 67
+#define EE_ADAPT_OPTIONS 68
+#define EE_BOOT_SCSI_ID 69
+#define EE_BOOT_SCSI_LUN 70
+#define EE_CHKSUM1 126
+#define EE_CHKSUM2 127
+
+#define EE_ADAPT_OPTION_F6_F8_AT_BOOT 0x01
+#define EE_ADAPT_OPTION_BOOT_FROM_CDROM 0x02
+#define EE_ADAPT_OPTION_INT13 0x04
+#define EE_ADAPT_OPTION_SCAM_SUPPORT 0x08
+
+
+static uint32_t dc390_read_config(PCIDevice *dev, uint32_t addr, int l)
+{
+ DC390State *pci = DC390(dev);
+ uint32_t val;
+
+ val = pci_default_read_config(dev, addr, l);
+
+ if (addr == 0x00 && l == 1) {
+ /* First byte of address space is AND-ed with EEPROM DO line */
+ if (!eeprom93xx_read(pci->eeprom)) {
+ val &= ~0xff;
+ }
+ }
+
+ return val;
+}
+
+static void dc390_write_config(PCIDevice *dev,
+ uint32_t addr, uint32_t val, int l)
+{
+ DC390State *pci = DC390(dev);
+ if (addr == 0x80) {
+ /* EEPROM write */
+ int eesk = val & 0x80 ? 1 : 0;
+ int eedi = val & 0x40 ? 1 : 0;
+ eeprom93xx_write(pci->eeprom, 1, eesk, eedi);
+ } else if (addr == 0xc0) {
+ /* EEPROM CS low */
+ eeprom93xx_write(pci->eeprom, 0, 0, 0);
+ } else {
+ pci_default_write_config(dev, addr, val, l);
+ }
+}
+
+static int dc390_scsi_init(PCIDevice *dev)
+{
+ DC390State *pci = DC390(dev);
+ uint8_t *contents;
+ uint16_t chksum = 0;
+ int i, ret;
+
+ /* init base class */
+ ret = esp_pci_scsi_init(dev);
+ if (ret < 0) {
+ return ret;
+ }
+
+ /* EEPROM */
+ pci->eeprom = eeprom93xx_new(DEVICE(dev), 64);
+
+ /* set default eeprom values */
+ contents = (uint8_t *)eeprom93xx_data(pci->eeprom);
+
+ for (i = 0; i < 16; i++) {
+ contents[i * 2] = 0x57;
+ contents[i * 2 + 1] = 0x00;
+ }
+ contents[EE_ADAPT_SCSI_ID] = 7;
+ contents[EE_MODE2] = 0x0f;
+ contents[EE_TAG_CMD_NUM] = 0x04;
+ contents[EE_ADAPT_OPTIONS] = EE_ADAPT_OPTION_F6_F8_AT_BOOT
+ | EE_ADAPT_OPTION_BOOT_FROM_CDROM
+ | EE_ADAPT_OPTION_INT13;
+
+ /* update eeprom checksum */
+ for (i = 0; i < EE_CHKSUM1; i += 2) {
+ chksum += contents[i] + (((uint16_t)contents[i + 1]) << 8);
+ }
+ chksum = 0x1234 - chksum;
+ contents[EE_CHKSUM1] = chksum & 0xff;
+ contents[EE_CHKSUM2] = chksum >> 8;
+
+ return 0;
+}
+
+static void dc390_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ PCIDeviceClass *k = PCI_DEVICE_CLASS(klass);
+
+ k->init = dc390_scsi_init;
+ k->config_read = dc390_read_config;
+ k->config_write = dc390_write_config;
+ set_bit(DEVICE_CATEGORY_STORAGE, dc->categories);
+ dc->desc = "Tekram DC-390 SCSI adapter";
+}
+
+static const TypeInfo dc390_info = {
+ .name = "dc390",
+ .parent = TYPE_AM53C974_DEVICE,
+ .instance_size = sizeof(DC390State),
+ .class_init = dc390_class_init,
+};
+
+static void esp_pci_register_types(void)
+{
+ type_register_static(&esp_pci_info);
+ type_register_static(&dc390_info);
+}
+
+type_init(esp_pci_register_types)
diff --git a/hw/scsi/esp.c b/hw/scsi/esp.c
new file mode 100644
index 000000000..101e957d4
--- /dev/null
+++ b/hw/scsi/esp.c
@@ -0,0 +1,738 @@
+/*
+ * QEMU ESP/NCR53C9x emulation
+ *
+ * Copyright (c) 2005-2006 Fabrice Bellard
+ * Copyright (c) 2012 Herve Poussineau
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+#include "hw/sysbus.h"
+#include "hw/scsi/esp.h"
+#include "trace.h"
+#include "qemu/log.h"
+
+/*
+ * On Sparc32, this is the ESP (NCR53C90) part of chip STP2000 (Master I/O),
+ * also produced as NCR89C100. See
+ * http://www.ibiblio.org/pub/historic-linux/early-ports/Sparc/NCR/NCR89C100.txt
+ * and
+ * http://www.ibiblio.org/pub/historic-linux/early-ports/Sparc/NCR/NCR53C9X.txt
+ */
+
+static void esp_raise_irq(ESPState *s)
+{
+ if (!(s->rregs[ESP_RSTAT] & STAT_INT)) {
+ s->rregs[ESP_RSTAT] |= STAT_INT;
+ qemu_irq_raise(s->irq);
+ trace_esp_raise_irq();
+ }
+}
+
+static void esp_lower_irq(ESPState *s)
+{
+ if (s->rregs[ESP_RSTAT] & STAT_INT) {
+ s->rregs[ESP_RSTAT] &= ~STAT_INT;
+ qemu_irq_lower(s->irq);
+ trace_esp_lower_irq();
+ }
+}
+
+void esp_dma_enable(ESPState *s, int irq, int level)
+{
+ if (level) {
+ s->dma_enabled = 1;
+ trace_esp_dma_enable();
+ if (s->dma_cb) {
+ s->dma_cb(s);
+ s->dma_cb = NULL;
+ }
+ } else {
+ trace_esp_dma_disable();
+ s->dma_enabled = 0;
+ }
+}
+
+void esp_request_cancelled(SCSIRequest *req)
+{
+ ESPState *s = req->hba_private;
+
+ if (req == s->current_req) {
+ scsi_req_unref(s->current_req);
+ s->current_req = NULL;
+ s->current_dev = NULL;
+ }
+}
+
+static uint32_t get_cmd(ESPState *s, uint8_t *buf)
+{
+ uint32_t dmalen;
+ int target;
+
+ target = s->wregs[ESP_WBUSID] & BUSID_DID;
+ if (s->dma) {
+ dmalen = s->rregs[ESP_TCLO];
+ dmalen |= s->rregs[ESP_TCMID] << 8;
+ dmalen |= s->rregs[ESP_TCHI] << 16;
+ s->dma_memory_read(s->dma_opaque, buf, dmalen);
+ } else {
+ dmalen = s->ti_size;
+ memcpy(buf, s->ti_buf, dmalen);
+ buf[0] = buf[2] >> 5;
+ }
+ trace_esp_get_cmd(dmalen, target);
+
+ s->ti_size = 0;
+ s->ti_rptr = 0;
+ s->ti_wptr = 0;
+
+ if (s->current_req) {
+ /* Started a new command before the old one finished. Cancel it. */
+ scsi_req_cancel(s->current_req);
+ s->async_len = 0;
+ }
+
+ s->current_dev = scsi_device_find(&s->bus, 0, target, 0);
+ if (!s->current_dev) {
+ // No such drive
+ s->rregs[ESP_RSTAT] = 0;
+ s->rregs[ESP_RINTR] = INTR_DC;
+ s->rregs[ESP_RSEQ] = SEQ_0;
+ esp_raise_irq(s);
+ return 0;
+ }
+ return dmalen;
+}
+
+static void do_busid_cmd(ESPState *s, uint8_t *buf, uint8_t busid)
+{
+ int32_t datalen;
+ int lun;
+ SCSIDevice *current_lun;
+
+ trace_esp_do_busid_cmd(busid);
+ lun = busid & 7;
+ current_lun = scsi_device_find(&s->bus, 0, s->current_dev->id, lun);
+ s->current_req = scsi_req_new(current_lun, 0, lun, buf, s);
+ datalen = scsi_req_enqueue(s->current_req);
+ s->ti_size = datalen;
+ if (datalen != 0) {
+ s->rregs[ESP_RSTAT] = STAT_TC;
+ s->dma_left = 0;
+ s->dma_counter = 0;
+ if (datalen > 0) {
+ s->rregs[ESP_RSTAT] |= STAT_DI;
+ } else {
+ s->rregs[ESP_RSTAT] |= STAT_DO;
+ }
+ scsi_req_continue(s->current_req);
+ }
+ s->rregs[ESP_RINTR] = INTR_BS | INTR_FC;
+ s->rregs[ESP_RSEQ] = SEQ_CD;
+ esp_raise_irq(s);
+}
+
+static void do_cmd(ESPState *s, uint8_t *buf)
+{
+ uint8_t busid = buf[0];
+
+ do_busid_cmd(s, &buf[1], busid);
+}
+
+static void handle_satn(ESPState *s)
+{
+ uint8_t buf[32];
+ int len;
+
+ if (s->dma && !s->dma_enabled) {
+ s->dma_cb = handle_satn;
+ return;
+ }
+ len = get_cmd(s, buf);
+ if (len)
+ do_cmd(s, buf);
+}
+
+static void handle_s_without_atn(ESPState *s)
+{
+ uint8_t buf[32];
+ int len;
+
+ if (s->dma && !s->dma_enabled) {
+ s->dma_cb = handle_s_without_atn;
+ return;
+ }
+ len = get_cmd(s, buf);
+ if (len) {
+ do_busid_cmd(s, buf, 0);
+ }
+}
+
+static void handle_satn_stop(ESPState *s)
+{
+ if (s->dma && !s->dma_enabled) {
+ s->dma_cb = handle_satn_stop;
+ return;
+ }
+ s->cmdlen = get_cmd(s, s->cmdbuf);
+ if (s->cmdlen) {
+ trace_esp_handle_satn_stop(s->cmdlen);
+ s->do_cmd = 1;
+ s->rregs[ESP_RSTAT] = STAT_TC | STAT_CD;
+ s->rregs[ESP_RINTR] = INTR_BS | INTR_FC;
+ s->rregs[ESP_RSEQ] = SEQ_CD;
+ esp_raise_irq(s);
+ }
+}
+
+static void write_response(ESPState *s)
+{
+ trace_esp_write_response(s->status);
+ s->ti_buf[0] = s->status;
+ s->ti_buf[1] = 0;
+ if (s->dma) {
+ s->dma_memory_write(s->dma_opaque, s->ti_buf, 2);
+ s->rregs[ESP_RSTAT] = STAT_TC | STAT_ST;
+ s->rregs[ESP_RINTR] = INTR_BS | INTR_FC;
+ s->rregs[ESP_RSEQ] = SEQ_CD;
+ } else {
+ s->ti_size = 2;
+ s->ti_rptr = 0;
+ s->ti_wptr = 0;
+ s->rregs[ESP_RFLAGS] = 2;
+ }
+ esp_raise_irq(s);
+}
+
+static void esp_dma_done(ESPState *s)
+{
+ s->rregs[ESP_RSTAT] |= STAT_TC;
+ s->rregs[ESP_RINTR] = INTR_BS;
+ s->rregs[ESP_RSEQ] = 0;
+ s->rregs[ESP_RFLAGS] = 0;
+ s->rregs[ESP_TCLO] = 0;
+ s->rregs[ESP_TCMID] = 0;
+ s->rregs[ESP_TCHI] = 0;
+ esp_raise_irq(s);
+}
+
+static void esp_do_dma(ESPState *s)
+{
+ uint32_t len;
+ int to_device;
+
+ to_device = (s->ti_size < 0);
+ len = s->dma_left;
+ if (s->do_cmd) {
+ trace_esp_do_dma(s->cmdlen, len);
+ s->dma_memory_read(s->dma_opaque, &s->cmdbuf[s->cmdlen], len);
+ s->ti_size = 0;
+ s->cmdlen = 0;
+ s->do_cmd = 0;
+ do_cmd(s, s->cmdbuf);
+ return;
+ }
+ if (s->async_len == 0) {
+ /* Defer until data is available. */
+ return;
+ }
+ if (len > s->async_len) {
+ len = s->async_len;
+ }
+ if (to_device) {
+ s->dma_memory_read(s->dma_opaque, s->async_buf, len);
+ } else {
+ s->dma_memory_write(s->dma_opaque, s->async_buf, len);
+ }
+ s->dma_left -= len;
+ s->async_buf += len;
+ s->async_len -= len;
+ if (to_device)
+ s->ti_size += len;
+ else
+ s->ti_size -= len;
+ if (s->async_len == 0) {
+ scsi_req_continue(s->current_req);
+ /* If there is still data to be read from the device then
+ complete the DMA operation immediately. Otherwise defer
+ until the scsi layer has completed. */
+ if (to_device || s->dma_left != 0 || s->ti_size == 0) {
+ return;
+ }
+ }
+
+ /* Partially filled a scsi buffer. Complete immediately. */
+ esp_dma_done(s);
+}
+
+void esp_command_complete(SCSIRequest *req, uint32_t status,
+ size_t resid)
+{
+ ESPState *s = req->hba_private;
+
+ trace_esp_command_complete();
+ if (s->ti_size != 0) {
+ trace_esp_command_complete_unexpected();
+ }
+ s->ti_size = 0;
+ s->dma_left = 0;
+ s->async_len = 0;
+ if (status) {
+ trace_esp_command_complete_fail();
+ }
+ s->status = status;
+ s->rregs[ESP_RSTAT] = STAT_ST;
+ esp_dma_done(s);
+ if (s->current_req) {
+ scsi_req_unref(s->current_req);
+ s->current_req = NULL;
+ s->current_dev = NULL;
+ }
+}
+
+void esp_transfer_data(SCSIRequest *req, uint32_t len)
+{
+ ESPState *s = req->hba_private;
+
+ trace_esp_transfer_data(s->dma_left, s->ti_size);
+ s->async_len = len;
+ s->async_buf = scsi_req_get_buf(req);
+ if (s->dma_left) {
+ esp_do_dma(s);
+ } else if (s->dma_counter != 0 && s->ti_size <= 0) {
+ /* If this was the last part of a DMA transfer then the
+ completion interrupt is deferred to here. */
+ esp_dma_done(s);
+ }
+}
+
+static void handle_ti(ESPState *s)
+{
+ uint32_t dmalen, minlen;
+
+ if (s->dma && !s->dma_enabled) {
+ s->dma_cb = handle_ti;
+ return;
+ }
+
+ dmalen = s->rregs[ESP_TCLO];
+ dmalen |= s->rregs[ESP_TCMID] << 8;
+ dmalen |= s->rregs[ESP_TCHI] << 16;
+ if (dmalen==0) {
+ dmalen=0x10000;
+ }
+ s->dma_counter = dmalen;
+
+ if (s->do_cmd)
+ minlen = (dmalen < 32) ? dmalen : 32;
+ else if (s->ti_size < 0)
+ minlen = (dmalen < -s->ti_size) ? dmalen : -s->ti_size;
+ else
+ minlen = (dmalen < s->ti_size) ? dmalen : s->ti_size;
+ trace_esp_handle_ti(minlen);
+ if (s->dma) {
+ s->dma_left = minlen;
+ s->rregs[ESP_RSTAT] &= ~STAT_TC;
+ esp_do_dma(s);
+ } else if (s->do_cmd) {
+ trace_esp_handle_ti_cmd(s->cmdlen);
+ s->ti_size = 0;
+ s->cmdlen = 0;
+ s->do_cmd = 0;
+ do_cmd(s, s->cmdbuf);
+ return;
+ }
+}
+
+void esp_hard_reset(ESPState *s)
+{
+ memset(s->rregs, 0, ESP_REGS);
+ memset(s->wregs, 0, ESP_REGS);
+ s->rregs[ESP_TCHI] = s->chip_id;
+ s->ti_size = 0;
+ s->ti_rptr = 0;
+ s->ti_wptr = 0;
+ s->dma = 0;
+ s->do_cmd = 0;
+ s->dma_cb = NULL;
+
+ s->rregs[ESP_CFG1] = 7;
+}
+
+static void esp_soft_reset(ESPState *s)
+{
+ qemu_irq_lower(s->irq);
+ esp_hard_reset(s);
+}
+
+static void parent_esp_reset(ESPState *s, int irq, int level)
+{
+ if (level) {
+ esp_soft_reset(s);
+ }
+}
+
+uint64_t esp_reg_read(ESPState *s, uint32_t saddr)
+{
+ uint32_t old_val;
+
+ trace_esp_mem_readb(saddr, s->rregs[saddr]);
+ switch (saddr) {
+ case ESP_FIFO:
+ if (s->ti_size > 0) {
+ s->ti_size--;
+ if ((s->rregs[ESP_RSTAT] & STAT_PIO_MASK) == 0) {
+ /* Data out. */
+ qemu_log_mask(LOG_UNIMP,
+ "esp: PIO data read not implemented\n");
+ s->rregs[ESP_FIFO] = 0;
+ } else {
+ s->rregs[ESP_FIFO] = s->ti_buf[s->ti_rptr++];
+ }
+ esp_raise_irq(s);
+ }
+ if (s->ti_size == 0) {
+ s->ti_rptr = 0;
+ s->ti_wptr = 0;
+ }
+ break;
+ case ESP_RINTR:
+ /* Clear sequence step, interrupt register and all status bits
+ except TC */
+ old_val = s->rregs[ESP_RINTR];
+ s->rregs[ESP_RINTR] = 0;
+ s->rregs[ESP_RSTAT] &= ~STAT_TC;
+ s->rregs[ESP_RSEQ] = SEQ_CD;
+ esp_lower_irq(s);
+
+ return old_val;
+ default:
+ break;
+ }
+ return s->rregs[saddr];
+}
+
+void esp_reg_write(ESPState *s, uint32_t saddr, uint64_t val)
+{
+ trace_esp_mem_writeb(saddr, s->wregs[saddr], val);
+ switch (saddr) {
+ case ESP_TCLO:
+ case ESP_TCMID:
+ case ESP_TCHI:
+ s->rregs[ESP_RSTAT] &= ~STAT_TC;
+ break;
+ case ESP_FIFO:
+ if (s->do_cmd) {
+ s->cmdbuf[s->cmdlen++] = val & 0xff;
+ } else if (s->ti_size == TI_BUFSZ - 1) {
+ trace_esp_error_fifo_overrun();
+ } else {
+ s->ti_size++;
+ s->ti_buf[s->ti_wptr++] = val & 0xff;
+ }
+ break;
+ case ESP_CMD:
+ s->rregs[saddr] = val;
+ if (val & CMD_DMA) {
+ s->dma = 1;
+ /* Reload DMA counter. */
+ s->rregs[ESP_TCLO] = s->wregs[ESP_TCLO];
+ s->rregs[ESP_TCMID] = s->wregs[ESP_TCMID];
+ s->rregs[ESP_TCHI] = s->wregs[ESP_TCHI];
+ } else {
+ s->dma = 0;
+ }
+ switch(val & CMD_CMD) {
+ case CMD_NOP:
+ trace_esp_mem_writeb_cmd_nop(val);
+ break;
+ case CMD_FLUSH:
+ trace_esp_mem_writeb_cmd_flush(val);
+ //s->ti_size = 0;
+ s->rregs[ESP_RINTR] = INTR_FC;
+ s->rregs[ESP_RSEQ] = 0;
+ s->rregs[ESP_RFLAGS] = 0;
+ break;
+ case CMD_RESET:
+ trace_esp_mem_writeb_cmd_reset(val);
+ esp_soft_reset(s);
+ break;
+ case CMD_BUSRESET:
+ trace_esp_mem_writeb_cmd_bus_reset(val);
+ s->rregs[ESP_RINTR] = INTR_RST;
+ if (!(s->wregs[ESP_CFG1] & CFG1_RESREPT)) {
+ esp_raise_irq(s);
+ }
+ break;
+ case CMD_TI:
+ handle_ti(s);
+ break;
+ case CMD_ICCS:
+ trace_esp_mem_writeb_cmd_iccs(val);
+ write_response(s);
+ s->rregs[ESP_RINTR] = INTR_FC;
+ s->rregs[ESP_RSTAT] |= STAT_MI;
+ break;
+ case CMD_MSGACC:
+ trace_esp_mem_writeb_cmd_msgacc(val);
+ s->rregs[ESP_RINTR] = INTR_DC;
+ s->rregs[ESP_RSEQ] = 0;
+ s->rregs[ESP_RFLAGS] = 0;
+ esp_raise_irq(s);
+ break;
+ case CMD_PAD:
+ trace_esp_mem_writeb_cmd_pad(val);
+ s->rregs[ESP_RSTAT] = STAT_TC;
+ s->rregs[ESP_RINTR] = INTR_FC;
+ s->rregs[ESP_RSEQ] = 0;
+ break;
+ case CMD_SATN:
+ trace_esp_mem_writeb_cmd_satn(val);
+ break;
+ case CMD_RSTATN:
+ trace_esp_mem_writeb_cmd_rstatn(val);
+ break;
+ case CMD_SEL:
+ trace_esp_mem_writeb_cmd_sel(val);
+ handle_s_without_atn(s);
+ break;
+ case CMD_SELATN:
+ trace_esp_mem_writeb_cmd_selatn(val);
+ handle_satn(s);
+ break;
+ case CMD_SELATNS:
+ trace_esp_mem_writeb_cmd_selatns(val);
+ handle_satn_stop(s);
+ break;
+ case CMD_ENSEL:
+ trace_esp_mem_writeb_cmd_ensel(val);
+ s->rregs[ESP_RINTR] = 0;
+ break;
+ case CMD_DISSEL:
+ trace_esp_mem_writeb_cmd_dissel(val);
+ s->rregs[ESP_RINTR] = 0;
+ esp_raise_irq(s);
+ break;
+ default:
+ trace_esp_error_unhandled_command(val);
+ break;
+ }
+ break;
+ case ESP_WBUSID ... ESP_WSYNO:
+ break;
+ case ESP_CFG1:
+ case ESP_CFG2: case ESP_CFG3:
+ case ESP_RES3: case ESP_RES4:
+ s->rregs[saddr] = val;
+ break;
+ case ESP_WCCF ... ESP_WTEST:
+ break;
+ default:
+ trace_esp_error_invalid_write(val, saddr);
+ return;
+ }
+ s->wregs[saddr] = val;
+}
+
+static bool esp_mem_accepts(void *opaque, hwaddr addr,
+ unsigned size, bool is_write)
+{
+ return (size == 1) || (is_write && size == 4);
+}
+
+const VMStateDescription vmstate_esp = {
+ .name ="esp",
+ .version_id = 3,
+ .minimum_version_id = 3,
+ .minimum_version_id_old = 3,
+ .fields = (VMStateField []) {
+ VMSTATE_BUFFER(rregs, ESPState),
+ VMSTATE_BUFFER(wregs, ESPState),
+ VMSTATE_INT32(ti_size, ESPState),
+ VMSTATE_UINT32(ti_rptr, ESPState),
+ VMSTATE_UINT32(ti_wptr, ESPState),
+ VMSTATE_BUFFER(ti_buf, ESPState),
+ VMSTATE_UINT32(status, ESPState),
+ VMSTATE_UINT32(dma, ESPState),
+ VMSTATE_BUFFER(cmdbuf, ESPState),
+ VMSTATE_UINT32(cmdlen, ESPState),
+ VMSTATE_UINT32(do_cmd, ESPState),
+ VMSTATE_UINT32(dma_left, ESPState),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+#define TYPE_ESP "esp"
+#define ESP(obj) OBJECT_CHECK(SysBusESPState, (obj), TYPE_ESP)
+
+typedef struct {
+ /*< private >*/
+ SysBusDevice parent_obj;
+ /*< public >*/
+
+ MemoryRegion iomem;
+ uint32_t it_shift;
+ ESPState esp;
+} SysBusESPState;
+
+static void sysbus_esp_mem_write(void *opaque, hwaddr addr,
+ uint64_t val, unsigned int size)
+{
+ SysBusESPState *sysbus = opaque;
+ uint32_t saddr;
+
+ saddr = addr >> sysbus->it_shift;
+ esp_reg_write(&sysbus->esp, saddr, val);
+}
+
+static uint64_t sysbus_esp_mem_read(void *opaque, hwaddr addr,
+ unsigned int size)
+{
+ SysBusESPState *sysbus = opaque;
+ uint32_t saddr;
+
+ saddr = addr >> sysbus->it_shift;
+ return esp_reg_read(&sysbus->esp, saddr);
+}
+
+static const MemoryRegionOps sysbus_esp_mem_ops = {
+ .read = sysbus_esp_mem_read,
+ .write = sysbus_esp_mem_write,
+ .endianness = DEVICE_NATIVE_ENDIAN,
+ .valid.accepts = esp_mem_accepts,
+};
+
+void esp_init(hwaddr espaddr, int it_shift,
+ ESPDMAMemoryReadWriteFunc dma_memory_read,
+ ESPDMAMemoryReadWriteFunc dma_memory_write,
+ void *dma_opaque, qemu_irq irq, qemu_irq *reset,
+ qemu_irq *dma_enable)
+{
+ DeviceState *dev;
+ SysBusDevice *s;
+ SysBusESPState *sysbus;
+ ESPState *esp;
+
+ dev = qdev_create(NULL, TYPE_ESP);
+ sysbus = ESP(dev);
+ esp = &sysbus->esp;
+ esp->dma_memory_read = dma_memory_read;
+ esp->dma_memory_write = dma_memory_write;
+ esp->dma_opaque = dma_opaque;
+ sysbus->it_shift = it_shift;
+ /* XXX for now until rc4030 has been changed to use DMA enable signal */
+ esp->dma_enabled = 1;
+ qdev_init_nofail(dev);
+ s = SYS_BUS_DEVICE(dev);
+ sysbus_connect_irq(s, 0, irq);
+ sysbus_mmio_map(s, 0, espaddr);
+ *reset = qdev_get_gpio_in(dev, 0);
+ *dma_enable = qdev_get_gpio_in(dev, 1);
+}
+
+static const struct SCSIBusInfo esp_scsi_info = {
+ .tcq = false,
+ .max_target = ESP_MAX_DEVS,
+ .max_lun = 7,
+
+ .transfer_data = esp_transfer_data,
+ .complete = esp_command_complete,
+ .cancel = esp_request_cancelled
+};
+
+static void sysbus_esp_gpio_demux(void *opaque, int irq, int level)
+{
+ SysBusESPState *sysbus = ESP(opaque);
+ ESPState *s = &sysbus->esp;
+
+ switch (irq) {
+ case 0:
+ parent_esp_reset(s, irq, level);
+ break;
+ case 1:
+ esp_dma_enable(opaque, irq, level);
+ break;
+ }
+}
+
+static void sysbus_esp_realize(DeviceState *dev, Error **errp)
+{
+ SysBusDevice *sbd = SYS_BUS_DEVICE(dev);
+ SysBusESPState *sysbus = ESP(dev);
+ ESPState *s = &sysbus->esp;
+ Error *err = NULL;
+
+ sysbus_init_irq(sbd, &s->irq);
+ assert(sysbus->it_shift != -1);
+
+ s->chip_id = TCHI_FAS100A;
+ memory_region_init_io(&sysbus->iomem, OBJECT(sysbus), &sysbus_esp_mem_ops,
+ sysbus, "esp", ESP_REGS << sysbus->it_shift);
+ sysbus_init_mmio(sbd, &sysbus->iomem);
+
+ qdev_init_gpio_in(dev, sysbus_esp_gpio_demux, 2);
+
+ scsi_bus_new(&s->bus, dev, &esp_scsi_info, NULL);
+ scsi_bus_legacy_handle_cmdline(&s->bus, &err);
+ if (err != NULL) {
+ error_propagate(errp, err);
+ return;
+ }
+}
+
+static void sysbus_esp_hard_reset(DeviceState *dev)
+{
+ SysBusESPState *sysbus = ESP(dev);
+ esp_hard_reset(&sysbus->esp);
+}
+
+static const VMStateDescription vmstate_sysbus_esp_scsi = {
+ .name = "sysbusespscsi",
+ .version_id = 0,
+ .minimum_version_id = 0,
+ .minimum_version_id_old = 0,
+ .fields = (VMStateField[]) {
+ VMSTATE_STRUCT(esp, SysBusESPState, 0, vmstate_esp, ESPState),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+static void sysbus_esp_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+
+ dc->realize = sysbus_esp_realize;
+ dc->reset = sysbus_esp_hard_reset;
+ dc->vmsd = &vmstate_sysbus_esp_scsi;
+ set_bit(DEVICE_CATEGORY_STORAGE, dc->categories);
+}
+
+static const TypeInfo sysbus_esp_info = {
+ .name = TYPE_ESP,
+ .parent = TYPE_SYS_BUS_DEVICE,
+ .instance_size = sizeof(SysBusESPState),
+ .class_init = sysbus_esp_class_init,
+};
+
+static void esp_register_types(void)
+{
+ type_register_static(&sysbus_esp_info);
+}
+
+type_init(esp_register_types)
diff --git a/hw/scsi/lsi53c895a.c b/hw/scsi/lsi53c895a.c
new file mode 100644
index 000000000..611f2aa1b
--- /dev/null
+++ b/hw/scsi/lsi53c895a.c
@@ -0,0 +1,2159 @@
+/*
+ * QEMU LSI53C895A SCSI Host Bus Adapter emulation
+ *
+ * Copyright (c) 2006 CodeSourcery.
+ * Written by Paul Brook
+ *
+ * This code is licensed under the LGPL.
+ */
+
+/* ??? Need to check if the {read,write}[wl] routines work properly on
+ big-endian targets. */
+
+#include <assert.h>
+
+#include "hw/hw.h"
+#include "hw/pci/pci.h"
+#include "hw/scsi/scsi.h"
+#include "sysemu/dma.h"
+
+//#define DEBUG_LSI
+//#define DEBUG_LSI_REG
+
+#ifdef DEBUG_LSI
+#define DPRINTF(fmt, ...) \
+do { printf("lsi_scsi: " fmt , ## __VA_ARGS__); } while (0)
+#define BADF(fmt, ...) \
+do { fprintf(stderr, "lsi_scsi: error: " fmt , ## __VA_ARGS__); exit(1);} while (0)
+#else
+#define DPRINTF(fmt, ...) do {} while(0)
+#define BADF(fmt, ...) \
+do { fprintf(stderr, "lsi_scsi: error: " fmt , ## __VA_ARGS__);} while (0)
+#endif
+
+#define LSI_MAX_DEVS 7
+
+#define LSI_SCNTL0_TRG 0x01
+#define LSI_SCNTL0_AAP 0x02
+#define LSI_SCNTL0_EPC 0x08
+#define LSI_SCNTL0_WATN 0x10
+#define LSI_SCNTL0_START 0x20
+
+#define LSI_SCNTL1_SST 0x01
+#define LSI_SCNTL1_IARB 0x02
+#define LSI_SCNTL1_AESP 0x04
+#define LSI_SCNTL1_RST 0x08
+#define LSI_SCNTL1_CON 0x10
+#define LSI_SCNTL1_DHP 0x20
+#define LSI_SCNTL1_ADB 0x40
+#define LSI_SCNTL1_EXC 0x80
+
+#define LSI_SCNTL2_WSR 0x01
+#define LSI_SCNTL2_VUE0 0x02
+#define LSI_SCNTL2_VUE1 0x04
+#define LSI_SCNTL2_WSS 0x08
+#define LSI_SCNTL2_SLPHBEN 0x10
+#define LSI_SCNTL2_SLPMD 0x20
+#define LSI_SCNTL2_CHM 0x40
+#define LSI_SCNTL2_SDU 0x80
+
+#define LSI_ISTAT0_DIP 0x01
+#define LSI_ISTAT0_SIP 0x02
+#define LSI_ISTAT0_INTF 0x04
+#define LSI_ISTAT0_CON 0x08
+#define LSI_ISTAT0_SEM 0x10
+#define LSI_ISTAT0_SIGP 0x20
+#define LSI_ISTAT0_SRST 0x40
+#define LSI_ISTAT0_ABRT 0x80
+
+#define LSI_ISTAT1_SI 0x01
+#define LSI_ISTAT1_SRUN 0x02
+#define LSI_ISTAT1_FLSH 0x04
+
+#define LSI_SSTAT0_SDP0 0x01
+#define LSI_SSTAT0_RST 0x02
+#define LSI_SSTAT0_WOA 0x04
+#define LSI_SSTAT0_LOA 0x08
+#define LSI_SSTAT0_AIP 0x10
+#define LSI_SSTAT0_OLF 0x20
+#define LSI_SSTAT0_ORF 0x40
+#define LSI_SSTAT0_ILF 0x80
+
+#define LSI_SIST0_PAR 0x01
+#define LSI_SIST0_RST 0x02
+#define LSI_SIST0_UDC 0x04
+#define LSI_SIST0_SGE 0x08
+#define LSI_SIST0_RSL 0x10
+#define LSI_SIST0_SEL 0x20
+#define LSI_SIST0_CMP 0x40
+#define LSI_SIST0_MA 0x80
+
+#define LSI_SIST1_HTH 0x01
+#define LSI_SIST1_GEN 0x02
+#define LSI_SIST1_STO 0x04
+#define LSI_SIST1_SBMC 0x10
+
+#define LSI_SOCL_IO 0x01
+#define LSI_SOCL_CD 0x02
+#define LSI_SOCL_MSG 0x04
+#define LSI_SOCL_ATN 0x08
+#define LSI_SOCL_SEL 0x10
+#define LSI_SOCL_BSY 0x20
+#define LSI_SOCL_ACK 0x40
+#define LSI_SOCL_REQ 0x80
+
+#define LSI_DSTAT_IID 0x01
+#define LSI_DSTAT_SIR 0x04
+#define LSI_DSTAT_SSI 0x08
+#define LSI_DSTAT_ABRT 0x10
+#define LSI_DSTAT_BF 0x20
+#define LSI_DSTAT_MDPE 0x40
+#define LSI_DSTAT_DFE 0x80
+
+#define LSI_DCNTL_COM 0x01
+#define LSI_DCNTL_IRQD 0x02
+#define LSI_DCNTL_STD 0x04
+#define LSI_DCNTL_IRQM 0x08
+#define LSI_DCNTL_SSM 0x10
+#define LSI_DCNTL_PFEN 0x20
+#define LSI_DCNTL_PFF 0x40
+#define LSI_DCNTL_CLSE 0x80
+
+#define LSI_DMODE_MAN 0x01
+#define LSI_DMODE_BOF 0x02
+#define LSI_DMODE_ERMP 0x04
+#define LSI_DMODE_ERL 0x08
+#define LSI_DMODE_DIOM 0x10
+#define LSI_DMODE_SIOM 0x20
+
+#define LSI_CTEST2_DACK 0x01
+#define LSI_CTEST2_DREQ 0x02
+#define LSI_CTEST2_TEOP 0x04
+#define LSI_CTEST2_PCICIE 0x08
+#define LSI_CTEST2_CM 0x10
+#define LSI_CTEST2_CIO 0x20
+#define LSI_CTEST2_SIGP 0x40
+#define LSI_CTEST2_DDIR 0x80
+
+#define LSI_CTEST5_BL2 0x04
+#define LSI_CTEST5_DDIR 0x08
+#define LSI_CTEST5_MASR 0x10
+#define LSI_CTEST5_DFSN 0x20
+#define LSI_CTEST5_BBCK 0x40
+#define LSI_CTEST5_ADCK 0x80
+
+#define LSI_CCNTL0_DILS 0x01
+#define LSI_CCNTL0_DISFC 0x10
+#define LSI_CCNTL0_ENNDJ 0x20
+#define LSI_CCNTL0_PMJCTL 0x40
+#define LSI_CCNTL0_ENPMJ 0x80
+
+#define LSI_CCNTL1_EN64DBMV 0x01
+#define LSI_CCNTL1_EN64TIBMV 0x02
+#define LSI_CCNTL1_64TIMOD 0x04
+#define LSI_CCNTL1_DDAC 0x08
+#define LSI_CCNTL1_ZMOD 0x80
+
+/* Enable Response to Reselection */
+#define LSI_SCID_RRE 0x60
+
+#define LSI_CCNTL1_40BIT (LSI_CCNTL1_EN64TIBMV|LSI_CCNTL1_64TIMOD)
+
+#define PHASE_DO 0
+#define PHASE_DI 1
+#define PHASE_CMD 2
+#define PHASE_ST 3
+#define PHASE_MO 6
+#define PHASE_MI 7
+#define PHASE_MASK 7
+
+/* Maximum length of MSG IN data. */
+#define LSI_MAX_MSGIN_LEN 8
+
+/* Flag set if this is a tagged command. */
+#define LSI_TAG_VALID (1 << 16)
+
+typedef struct lsi_request {
+ SCSIRequest *req;
+ uint32_t tag;
+ uint32_t dma_len;
+ uint8_t *dma_buf;
+ uint32_t pending;
+ int out;
+ QTAILQ_ENTRY(lsi_request) next;
+} lsi_request;
+
+typedef struct {
+ /*< private >*/
+ PCIDevice parent_obj;
+ /*< public >*/
+
+ MemoryRegion mmio_io;
+ MemoryRegion ram_io;
+ MemoryRegion io_io;
+
+ int carry; /* ??? Should this be an a visible register somewhere? */
+ int status;
+ /* Action to take at the end of a MSG IN phase.
+ 0 = COMMAND, 1 = disconnect, 2 = DATA OUT, 3 = DATA IN. */
+ int msg_action;
+ int msg_len;
+ uint8_t msg[LSI_MAX_MSGIN_LEN];
+ /* 0 if SCRIPTS are running or stopped.
+ * 1 if a Wait Reselect instruction has been issued.
+ * 2 if processing DMA from lsi_execute_script.
+ * 3 if a DMA operation is in progress. */
+ int waiting;
+ SCSIBus bus;
+ int current_lun;
+ /* The tag is a combination of the device ID and the SCSI tag. */
+ uint32_t select_tag;
+ int command_complete;
+ QTAILQ_HEAD(, lsi_request) queue;
+ lsi_request *current;
+
+ uint32_t dsa;
+ uint32_t temp;
+ uint32_t dnad;
+ uint32_t dbc;
+ uint8_t istat0;
+ uint8_t istat1;
+ uint8_t dcmd;
+ uint8_t dstat;
+ uint8_t dien;
+ uint8_t sist0;
+ uint8_t sist1;
+ uint8_t sien0;
+ uint8_t sien1;
+ uint8_t mbox0;
+ uint8_t mbox1;
+ uint8_t dfifo;
+ uint8_t ctest2;
+ uint8_t ctest3;
+ uint8_t ctest4;
+ uint8_t ctest5;
+ uint8_t ccntl0;
+ uint8_t ccntl1;
+ uint32_t dsp;
+ uint32_t dsps;
+ uint8_t dmode;
+ uint8_t dcntl;
+ uint8_t scntl0;
+ uint8_t scntl1;
+ uint8_t scntl2;
+ uint8_t scntl3;
+ uint8_t sstat0;
+ uint8_t sstat1;
+ uint8_t scid;
+ uint8_t sxfer;
+ uint8_t socl;
+ uint8_t sdid;
+ uint8_t ssid;
+ uint8_t sfbr;
+ uint8_t stest1;
+ uint8_t stest2;
+ uint8_t stest3;
+ uint8_t sidl;
+ uint8_t stime0;
+ uint8_t respid0;
+ uint8_t respid1;
+ uint32_t mmrs;
+ uint32_t mmws;
+ uint32_t sfs;
+ uint32_t drs;
+ uint32_t sbms;
+ uint32_t dbms;
+ uint32_t dnad64;
+ uint32_t pmjad1;
+ uint32_t pmjad2;
+ uint32_t rbc;
+ uint32_t ua;
+ uint32_t ia;
+ uint32_t sbc;
+ uint32_t csbc;
+ uint32_t scratch[18]; /* SCRATCHA-SCRATCHR */
+ uint8_t sbr;
+
+ /* Script ram is stored as 32-bit words in host byteorder. */
+ uint32_t script_ram[2048];
+} LSIState;
+
+#define TYPE_LSI53C895A "lsi53c895a"
+
+#define LSI53C895A(obj) \
+ OBJECT_CHECK(LSIState, (obj), TYPE_LSI53C895A)
+
+static inline int lsi_irq_on_rsl(LSIState *s)
+{
+ return (s->sien0 & LSI_SIST0_RSL) && (s->scid & LSI_SCID_RRE);
+}
+
+static void lsi_soft_reset(LSIState *s)
+{
+ DPRINTF("Reset\n");
+ s->carry = 0;
+
+ s->msg_action = 0;
+ s->msg_len = 0;
+ s->waiting = 0;
+ s->dsa = 0;
+ s->dnad = 0;
+ s->dbc = 0;
+ s->temp = 0;
+ memset(s->scratch, 0, sizeof(s->scratch));
+ s->istat0 = 0;
+ s->istat1 = 0;
+ s->dcmd = 0x40;
+ s->dstat = LSI_DSTAT_DFE;
+ s->dien = 0;
+ s->sist0 = 0;
+ s->sist1 = 0;
+ s->sien0 = 0;
+ s->sien1 = 0;
+ s->mbox0 = 0;
+ s->mbox1 = 0;
+ s->dfifo = 0;
+ s->ctest2 = LSI_CTEST2_DACK;
+ s->ctest3 = 0;
+ s->ctest4 = 0;
+ s->ctest5 = 0;
+ s->ccntl0 = 0;
+ s->ccntl1 = 0;
+ s->dsp = 0;
+ s->dsps = 0;
+ s->dmode = 0;
+ s->dcntl = 0;
+ s->scntl0 = 0xc0;
+ s->scntl1 = 0;
+ s->scntl2 = 0;
+ s->scntl3 = 0;
+ s->sstat0 = 0;
+ s->sstat1 = 0;
+ s->scid = 7;
+ s->sxfer = 0;
+ s->socl = 0;
+ s->sdid = 0;
+ s->ssid = 0;
+ s->stest1 = 0;
+ s->stest2 = 0;
+ s->stest3 = 0;
+ s->sidl = 0;
+ s->stime0 = 0;
+ s->respid0 = 0x80;
+ s->respid1 = 0;
+ s->mmrs = 0;
+ s->mmws = 0;
+ s->sfs = 0;
+ s->drs = 0;
+ s->sbms = 0;
+ s->dbms = 0;
+ s->dnad64 = 0;
+ s->pmjad1 = 0;
+ s->pmjad2 = 0;
+ s->rbc = 0;
+ s->ua = 0;
+ s->ia = 0;
+ s->sbc = 0;
+ s->csbc = 0;
+ s->sbr = 0;
+ assert(QTAILQ_EMPTY(&s->queue));
+ assert(!s->current);
+}
+
+static int lsi_dma_40bit(LSIState *s)
+{
+ if ((s->ccntl1 & LSI_CCNTL1_40BIT) == LSI_CCNTL1_40BIT)
+ return 1;
+ return 0;
+}
+
+static int lsi_dma_ti64bit(LSIState *s)
+{
+ if ((s->ccntl1 & LSI_CCNTL1_EN64TIBMV) == LSI_CCNTL1_EN64TIBMV)
+ return 1;
+ return 0;
+}
+
+static int lsi_dma_64bit(LSIState *s)
+{
+ if ((s->ccntl1 & LSI_CCNTL1_EN64DBMV) == LSI_CCNTL1_EN64DBMV)
+ return 1;
+ return 0;
+}
+
+static uint8_t lsi_reg_readb(LSIState *s, int offset);
+static void lsi_reg_writeb(LSIState *s, int offset, uint8_t val);
+static void lsi_execute_script(LSIState *s);
+static void lsi_reselect(LSIState *s, lsi_request *p);
+
+static inline uint32_t read_dword(LSIState *s, uint32_t addr)
+{
+ uint32_t buf;
+
+ pci_dma_read(PCI_DEVICE(s), addr, &buf, 4);
+ return cpu_to_le32(buf);
+}
+
+static void lsi_stop_script(LSIState *s)
+{
+ s->istat1 &= ~LSI_ISTAT1_SRUN;
+}
+
+static void lsi_update_irq(LSIState *s)
+{
+ PCIDevice *d = PCI_DEVICE(s);
+ int level;
+ static int last_level;
+ lsi_request *p;
+
+ /* It's unclear whether the DIP/SIP bits should be cleared when the
+ Interrupt Status Registers are cleared or when istat0 is read.
+ We currently do the formwer, which seems to work. */
+ level = 0;
+ if (s->dstat) {
+ if (s->dstat & s->dien)
+ level = 1;
+ s->istat0 |= LSI_ISTAT0_DIP;
+ } else {
+ s->istat0 &= ~LSI_ISTAT0_DIP;
+ }
+
+ if (s->sist0 || s->sist1) {
+ if ((s->sist0 & s->sien0) || (s->sist1 & s->sien1))
+ level = 1;
+ s->istat0 |= LSI_ISTAT0_SIP;
+ } else {
+ s->istat0 &= ~LSI_ISTAT0_SIP;
+ }
+ if (s->istat0 & LSI_ISTAT0_INTF)
+ level = 1;
+
+ if (level != last_level) {
+ DPRINTF("Update IRQ level %d dstat %02x sist %02x%02x\n",
+ level, s->dstat, s->sist1, s->sist0);
+ last_level = level;
+ }
+ qemu_set_irq(d->irq[0], level);
+
+ if (!level && lsi_irq_on_rsl(s) && !(s->scntl1 & LSI_SCNTL1_CON)) {
+ DPRINTF("Handled IRQs & disconnected, looking for pending "
+ "processes\n");
+ QTAILQ_FOREACH(p, &s->queue, next) {
+ if (p->pending) {
+ lsi_reselect(s, p);
+ break;
+ }
+ }
+ }
+}
+
+/* Stop SCRIPTS execution and raise a SCSI interrupt. */
+static void lsi_script_scsi_interrupt(LSIState *s, int stat0, int stat1)
+{
+ uint32_t mask0;
+ uint32_t mask1;
+
+ DPRINTF("SCSI Interrupt 0x%02x%02x prev 0x%02x%02x\n",
+ stat1, stat0, s->sist1, s->sist0);
+ s->sist0 |= stat0;
+ s->sist1 |= stat1;
+ /* Stop processor on fatal or unmasked interrupt. As a special hack
+ we don't stop processing when raising STO. Instead continue
+ execution and stop at the next insn that accesses the SCSI bus. */
+ mask0 = s->sien0 | ~(LSI_SIST0_CMP | LSI_SIST0_SEL | LSI_SIST0_RSL);
+ mask1 = s->sien1 | ~(LSI_SIST1_GEN | LSI_SIST1_HTH);
+ mask1 &= ~LSI_SIST1_STO;
+ if (s->sist0 & mask0 || s->sist1 & mask1) {
+ lsi_stop_script(s);
+ }
+ lsi_update_irq(s);
+}
+
+/* Stop SCRIPTS execution and raise a DMA interrupt. */
+static void lsi_script_dma_interrupt(LSIState *s, int stat)
+{
+ DPRINTF("DMA Interrupt 0x%x prev 0x%x\n", stat, s->dstat);
+ s->dstat |= stat;
+ lsi_update_irq(s);
+ lsi_stop_script(s);
+}
+
+static inline void lsi_set_phase(LSIState *s, int phase)
+{
+ s->sstat1 = (s->sstat1 & ~PHASE_MASK) | phase;
+}
+
+static void lsi_bad_phase(LSIState *s, int out, int new_phase)
+{
+ /* Trigger a phase mismatch. */
+ if (s->ccntl0 & LSI_CCNTL0_ENPMJ) {
+ if ((s->ccntl0 & LSI_CCNTL0_PMJCTL)) {
+ s->dsp = out ? s->pmjad1 : s->pmjad2;
+ } else {
+ s->dsp = (s->scntl2 & LSI_SCNTL2_WSR ? s->pmjad2 : s->pmjad1);
+ }
+ DPRINTF("Data phase mismatch jump to %08x\n", s->dsp);
+ } else {
+ DPRINTF("Phase mismatch interrupt\n");
+ lsi_script_scsi_interrupt(s, LSI_SIST0_MA, 0);
+ lsi_stop_script(s);
+ }
+ lsi_set_phase(s, new_phase);
+}
+
+
+/* Resume SCRIPTS execution after a DMA operation. */
+static void lsi_resume_script(LSIState *s)
+{
+ if (s->waiting != 2) {
+ s->waiting = 0;
+ lsi_execute_script(s);
+ } else {
+ s->waiting = 0;
+ }
+}
+
+static void lsi_disconnect(LSIState *s)
+{
+ s->scntl1 &= ~LSI_SCNTL1_CON;
+ s->sstat1 &= ~PHASE_MASK;
+}
+
+static void lsi_bad_selection(LSIState *s, uint32_t id)
+{
+ DPRINTF("Selected absent target %d\n", id);
+ lsi_script_scsi_interrupt(s, 0, LSI_SIST1_STO);
+ lsi_disconnect(s);
+}
+
+/* Initiate a SCSI layer data transfer. */
+static void lsi_do_dma(LSIState *s, int out)
+{
+ PCIDevice *pci_dev;
+ uint32_t count;
+ dma_addr_t addr;
+ SCSIDevice *dev;
+
+ assert(s->current);
+ if (!s->current->dma_len) {
+ /* Wait until data is available. */
+ DPRINTF("DMA no data available\n");
+ return;
+ }
+
+ pci_dev = PCI_DEVICE(s);
+ dev = s->current->req->dev;
+ assert(dev);
+
+ count = s->dbc;
+ if (count > s->current->dma_len)
+ count = s->current->dma_len;
+
+ addr = s->dnad;
+ /* both 40 and Table Indirect 64-bit DMAs store upper bits in dnad64 */
+ if (lsi_dma_40bit(s) || lsi_dma_ti64bit(s))
+ addr |= ((uint64_t)s->dnad64 << 32);
+ else if (s->dbms)
+ addr |= ((uint64_t)s->dbms << 32);
+ else if (s->sbms)
+ addr |= ((uint64_t)s->sbms << 32);
+
+ DPRINTF("DMA addr=0x" DMA_ADDR_FMT " len=%d\n", addr, count);
+ s->csbc += count;
+ s->dnad += count;
+ s->dbc -= count;
+ if (s->current->dma_buf == NULL) {
+ s->current->dma_buf = scsi_req_get_buf(s->current->req);
+ }
+ /* ??? Set SFBR to first data byte. */
+ if (out) {
+ pci_dma_read(pci_dev, addr, s->current->dma_buf, count);
+ } else {
+ pci_dma_write(pci_dev, addr, s->current->dma_buf, count);
+ }
+ s->current->dma_len -= count;
+ if (s->current->dma_len == 0) {
+ s->current->dma_buf = NULL;
+ scsi_req_continue(s->current->req);
+ } else {
+ s->current->dma_buf += count;
+ lsi_resume_script(s);
+ }
+}
+
+
+/* Add a command to the queue. */
+static void lsi_queue_command(LSIState *s)
+{
+ lsi_request *p = s->current;
+
+ DPRINTF("Queueing tag=0x%x\n", p->tag);
+ assert(s->current != NULL);
+ assert(s->current->dma_len == 0);
+ QTAILQ_INSERT_TAIL(&s->queue, s->current, next);
+ s->current = NULL;
+
+ p->pending = 0;
+ p->out = (s->sstat1 & PHASE_MASK) == PHASE_DO;
+}
+
+/* Queue a byte for a MSG IN phase. */
+static void lsi_add_msg_byte(LSIState *s, uint8_t data)
+{
+ if (s->msg_len >= LSI_MAX_MSGIN_LEN) {
+ BADF("MSG IN data too long\n");
+ } else {
+ DPRINTF("MSG IN 0x%02x\n", data);
+ s->msg[s->msg_len++] = data;
+ }
+}
+
+/* Perform reselection to continue a command. */
+static void lsi_reselect(LSIState *s, lsi_request *p)
+{
+ int id;
+
+ assert(s->current == NULL);
+ QTAILQ_REMOVE(&s->queue, p, next);
+ s->current = p;
+
+ id = (p->tag >> 8) & 0xf;
+ s->ssid = id | 0x80;
+ /* LSI53C700 Family Compatibility, see LSI53C895A 4-73 */
+ if (!(s->dcntl & LSI_DCNTL_COM)) {
+ s->sfbr = 1 << (id & 0x7);
+ }
+ DPRINTF("Reselected target %d\n", id);
+ s->scntl1 |= LSI_SCNTL1_CON;
+ lsi_set_phase(s, PHASE_MI);
+ s->msg_action = p->out ? 2 : 3;
+ s->current->dma_len = p->pending;
+ lsi_add_msg_byte(s, 0x80);
+ if (s->current->tag & LSI_TAG_VALID) {
+ lsi_add_msg_byte(s, 0x20);
+ lsi_add_msg_byte(s, p->tag & 0xff);
+ }
+
+ if (lsi_irq_on_rsl(s)) {
+ lsi_script_scsi_interrupt(s, LSI_SIST0_RSL, 0);
+ }
+}
+
+static lsi_request *lsi_find_by_tag(LSIState *s, uint32_t tag)
+{
+ lsi_request *p;
+
+ QTAILQ_FOREACH(p, &s->queue, next) {
+ if (p->tag == tag) {
+ return p;
+ }
+ }
+
+ return NULL;
+}
+
+static void lsi_request_free(LSIState *s, lsi_request *p)
+{
+ if (p == s->current) {
+ s->current = NULL;
+ } else {
+ QTAILQ_REMOVE(&s->queue, p, next);
+ }
+ g_free(p);
+}
+
+static void lsi_request_cancelled(SCSIRequest *req)
+{
+ LSIState *s = LSI53C895A(req->bus->qbus.parent);
+ lsi_request *p = req->hba_private;
+
+ req->hba_private = NULL;
+ lsi_request_free(s, p);
+ scsi_req_unref(req);
+}
+
+/* Record that data is available for a queued command. Returns zero if
+ the device was reselected, nonzero if the IO is deferred. */
+static int lsi_queue_req(LSIState *s, SCSIRequest *req, uint32_t len)
+{
+ lsi_request *p = req->hba_private;
+
+ if (p->pending) {
+ BADF("Multiple IO pending for request %p\n", p);
+ }
+ p->pending = len;
+ /* Reselect if waiting for it, or if reselection triggers an IRQ
+ and the bus is free.
+ Since no interrupt stacking is implemented in the emulation, it
+ is also required that there are no pending interrupts waiting
+ for service from the device driver. */
+ if (s->waiting == 1 ||
+ (lsi_irq_on_rsl(s) && !(s->scntl1 & LSI_SCNTL1_CON) &&
+ !(s->istat0 & (LSI_ISTAT0_SIP | LSI_ISTAT0_DIP)))) {
+ /* Reselect device. */
+ lsi_reselect(s, p);
+ return 0;
+ } else {
+ DPRINTF("Queueing IO tag=0x%x\n", p->tag);
+ p->pending = len;
+ return 1;
+ }
+}
+
+ /* Callback to indicate that the SCSI layer has completed a command. */
+static void lsi_command_complete(SCSIRequest *req, uint32_t status, size_t resid)
+{
+ LSIState *s = LSI53C895A(req->bus->qbus.parent);
+ int out;
+
+ out = (s->sstat1 & PHASE_MASK) == PHASE_DO;
+ DPRINTF("Command complete status=%d\n", (int)status);
+ s->status = status;
+ s->command_complete = 2;
+ if (s->waiting && s->dbc != 0) {
+ /* Raise phase mismatch for short transfers. */
+ lsi_bad_phase(s, out, PHASE_ST);
+ } else {
+ lsi_set_phase(s, PHASE_ST);
+ }
+
+ if (req->hba_private == s->current) {
+ req->hba_private = NULL;
+ lsi_request_free(s, s->current);
+ scsi_req_unref(req);
+ }
+ lsi_resume_script(s);
+}
+
+ /* Callback to indicate that the SCSI layer has completed a transfer. */
+static void lsi_transfer_data(SCSIRequest *req, uint32_t len)
+{
+ LSIState *s = LSI53C895A(req->bus->qbus.parent);
+ int out;
+
+ assert(req->hba_private);
+ if (s->waiting == 1 || req->hba_private != s->current ||
+ (lsi_irq_on_rsl(s) && !(s->scntl1 & LSI_SCNTL1_CON))) {
+ if (lsi_queue_req(s, req, len)) {
+ return;
+ }
+ }
+
+ out = (s->sstat1 & PHASE_MASK) == PHASE_DO;
+
+ /* host adapter (re)connected */
+ DPRINTF("Data ready tag=0x%x len=%d\n", req->tag, len);
+ s->current->dma_len = len;
+ s->command_complete = 1;
+ if (s->waiting) {
+ if (s->waiting == 1 || s->dbc == 0) {
+ lsi_resume_script(s);
+ } else {
+ lsi_do_dma(s, out);
+ }
+ }
+}
+
+static void lsi_do_command(LSIState *s)
+{
+ SCSIDevice *dev;
+ uint8_t buf[16];
+ uint32_t id;
+ int n;
+
+ DPRINTF("Send command len=%d\n", s->dbc);
+ if (s->dbc > 16)
+ s->dbc = 16;
+ pci_dma_read(PCI_DEVICE(s), s->dnad, buf, s->dbc);
+ s->sfbr = buf[0];
+ s->command_complete = 0;
+
+ id = (s->select_tag >> 8) & 0xf;
+ dev = scsi_device_find(&s->bus, 0, id, s->current_lun);
+ if (!dev) {
+ lsi_bad_selection(s, id);
+ return;
+ }
+
+ assert(s->current == NULL);
+ s->current = g_malloc0(sizeof(lsi_request));
+ s->current->tag = s->select_tag;
+ s->current->req = scsi_req_new(dev, s->current->tag, s->current_lun, buf,
+ s->current);
+
+ n = scsi_req_enqueue(s->current->req);
+ if (n) {
+ if (n > 0) {
+ lsi_set_phase(s, PHASE_DI);
+ } else if (n < 0) {
+ lsi_set_phase(s, PHASE_DO);
+ }
+ scsi_req_continue(s->current->req);
+ }
+ if (!s->command_complete) {
+ if (n) {
+ /* Command did not complete immediately so disconnect. */
+ lsi_add_msg_byte(s, 2); /* SAVE DATA POINTER */
+ lsi_add_msg_byte(s, 4); /* DISCONNECT */
+ /* wait data */
+ lsi_set_phase(s, PHASE_MI);
+ s->msg_action = 1;
+ lsi_queue_command(s);
+ } else {
+ /* wait command complete */
+ lsi_set_phase(s, PHASE_DI);
+ }
+ }
+}
+
+static void lsi_do_status(LSIState *s)
+{
+ uint8_t status;
+ DPRINTF("Get status len=%d status=%d\n", s->dbc, s->status);
+ if (s->dbc != 1)
+ BADF("Bad Status move\n");
+ s->dbc = 1;
+ status = s->status;
+ s->sfbr = status;
+ pci_dma_write(PCI_DEVICE(s), s->dnad, &status, 1);
+ lsi_set_phase(s, PHASE_MI);
+ s->msg_action = 1;
+ lsi_add_msg_byte(s, 0); /* COMMAND COMPLETE */
+}
+
+static void lsi_do_msgin(LSIState *s)
+{
+ int len;
+ DPRINTF("Message in len=%d/%d\n", s->dbc, s->msg_len);
+ s->sfbr = s->msg[0];
+ len = s->msg_len;
+ if (len > s->dbc)
+ len = s->dbc;
+ pci_dma_write(PCI_DEVICE(s), s->dnad, s->msg, len);
+ /* Linux drivers rely on the last byte being in the SIDL. */
+ s->sidl = s->msg[len - 1];
+ s->msg_len -= len;
+ if (s->msg_len) {
+ memmove(s->msg, s->msg + len, s->msg_len);
+ } else {
+ /* ??? Check if ATN (not yet implemented) is asserted and maybe
+ switch to PHASE_MO. */
+ switch (s->msg_action) {
+ case 0:
+ lsi_set_phase(s, PHASE_CMD);
+ break;
+ case 1:
+ lsi_disconnect(s);
+ break;
+ case 2:
+ lsi_set_phase(s, PHASE_DO);
+ break;
+ case 3:
+ lsi_set_phase(s, PHASE_DI);
+ break;
+ default:
+ abort();
+ }
+ }
+}
+
+/* Read the next byte during a MSGOUT phase. */
+static uint8_t lsi_get_msgbyte(LSIState *s)
+{
+ uint8_t data;
+ pci_dma_read(PCI_DEVICE(s), s->dnad, &data, 1);
+ s->dnad++;
+ s->dbc--;
+ return data;
+}
+
+/* Skip the next n bytes during a MSGOUT phase. */
+static void lsi_skip_msgbytes(LSIState *s, unsigned int n)
+{
+ s->dnad += n;
+ s->dbc -= n;
+}
+
+static void lsi_do_msgout(LSIState *s)
+{
+ uint8_t msg;
+ int len;
+ uint32_t current_tag;
+ lsi_request *current_req, *p, *p_next;
+
+ if (s->current) {
+ current_tag = s->current->tag;
+ current_req = s->current;
+ } else {
+ current_tag = s->select_tag;
+ current_req = lsi_find_by_tag(s, current_tag);
+ }
+
+ DPRINTF("MSG out len=%d\n", s->dbc);
+ while (s->dbc) {
+ msg = lsi_get_msgbyte(s);
+ s->sfbr = msg;
+
+ switch (msg) {
+ case 0x04:
+ DPRINTF("MSG: Disconnect\n");
+ lsi_disconnect(s);
+ break;
+ case 0x08:
+ DPRINTF("MSG: No Operation\n");
+ lsi_set_phase(s, PHASE_CMD);
+ break;
+ case 0x01:
+ len = lsi_get_msgbyte(s);
+ msg = lsi_get_msgbyte(s);
+ (void)len; /* avoid a warning about unused variable*/
+ DPRINTF("Extended message 0x%x (len %d)\n", msg, len);
+ switch (msg) {
+ case 1:
+ DPRINTF("SDTR (ignored)\n");
+ lsi_skip_msgbytes(s, 2);
+ break;
+ case 3:
+ DPRINTF("WDTR (ignored)\n");
+ lsi_skip_msgbytes(s, 1);
+ break;
+ default:
+ goto bad;
+ }
+ break;
+ case 0x20: /* SIMPLE queue */
+ s->select_tag |= lsi_get_msgbyte(s) | LSI_TAG_VALID;
+ DPRINTF("SIMPLE queue tag=0x%x\n", s->select_tag & 0xff);
+ break;
+ case 0x21: /* HEAD of queue */
+ BADF("HEAD queue not implemented\n");
+ s->select_tag |= lsi_get_msgbyte(s) | LSI_TAG_VALID;
+ break;
+ case 0x22: /* ORDERED queue */
+ BADF("ORDERED queue not implemented\n");
+ s->select_tag |= lsi_get_msgbyte(s) | LSI_TAG_VALID;
+ break;
+ case 0x0d:
+ /* The ABORT TAG message clears the current I/O process only. */
+ DPRINTF("MSG: ABORT TAG tag=0x%x\n", current_tag);
+ if (current_req) {
+ scsi_req_cancel(current_req->req);
+ }
+ lsi_disconnect(s);
+ break;
+ case 0x06:
+ case 0x0e:
+ case 0x0c:
+ /* The ABORT message clears all I/O processes for the selecting
+ initiator on the specified logical unit of the target. */
+ if (msg == 0x06) {
+ DPRINTF("MSG: ABORT tag=0x%x\n", current_tag);
+ }
+ /* The CLEAR QUEUE message clears all I/O processes for all
+ initiators on the specified logical unit of the target. */
+ if (msg == 0x0e) {
+ DPRINTF("MSG: CLEAR QUEUE tag=0x%x\n", current_tag);
+ }
+ /* The BUS DEVICE RESET message clears all I/O processes for all
+ initiators on all logical units of the target. */
+ if (msg == 0x0c) {
+ DPRINTF("MSG: BUS DEVICE RESET tag=0x%x\n", current_tag);
+ }
+
+ /* clear the current I/O process */
+ if (s->current) {
+ scsi_req_cancel(s->current->req);
+ }
+
+ /* As the current implemented devices scsi_disk and scsi_generic
+ only support one LUN, we don't need to keep track of LUNs.
+ Clearing I/O processes for other initiators could be possible
+ for scsi_generic by sending a SG_SCSI_RESET to the /dev/sgX
+ device, but this is currently not implemented (and seems not
+ to be really necessary). So let's simply clear all queued
+ commands for the current device: */
+ QTAILQ_FOREACH_SAFE(p, &s->queue, next, p_next) {
+ if ((p->tag & 0x0000ff00) == (current_tag & 0x0000ff00)) {
+ scsi_req_cancel(p->req);
+ }
+ }
+
+ lsi_disconnect(s);
+ break;
+ default:
+ if ((msg & 0x80) == 0) {
+ goto bad;
+ }
+ s->current_lun = msg & 7;
+ DPRINTF("Select LUN %d\n", s->current_lun);
+ lsi_set_phase(s, PHASE_CMD);
+ break;
+ }
+ }
+ return;
+bad:
+ BADF("Unimplemented message 0x%02x\n", msg);
+ lsi_set_phase(s, PHASE_MI);
+ lsi_add_msg_byte(s, 7); /* MESSAGE REJECT */
+ s->msg_action = 0;
+}
+
+/* Sign extend a 24-bit value. */
+static inline int32_t sxt24(int32_t n)
+{
+ return (n << 8) >> 8;
+}
+
+#define LSI_BUF_SIZE 4096
+static void lsi_memcpy(LSIState *s, uint32_t dest, uint32_t src, int count)
+{
+ PCIDevice *d = PCI_DEVICE(s);
+ int n;
+ uint8_t buf[LSI_BUF_SIZE];
+
+ DPRINTF("memcpy dest 0x%08x src 0x%08x count %d\n", dest, src, count);
+ while (count) {
+ n = (count > LSI_BUF_SIZE) ? LSI_BUF_SIZE : count;
+ pci_dma_read(d, src, buf, n);
+ pci_dma_write(d, dest, buf, n);
+ src += n;
+ dest += n;
+ count -= n;
+ }
+}
+
+static void lsi_wait_reselect(LSIState *s)
+{
+ lsi_request *p;
+
+ DPRINTF("Wait Reselect\n");
+
+ QTAILQ_FOREACH(p, &s->queue, next) {
+ if (p->pending) {
+ lsi_reselect(s, p);
+ break;
+ }
+ }
+ if (s->current == NULL) {
+ s->waiting = 1;
+ }
+}
+
+static void lsi_execute_script(LSIState *s)
+{
+ PCIDevice *pci_dev = PCI_DEVICE(s);
+ uint32_t insn;
+ uint32_t addr, addr_high;
+ int opcode;
+ int insn_processed = 0;
+
+ s->istat1 |= LSI_ISTAT1_SRUN;
+again:
+ insn_processed++;
+ insn = read_dword(s, s->dsp);
+ if (!insn) {
+ /* If we receive an empty opcode increment the DSP by 4 bytes
+ instead of 8 and execute the next opcode at that location */
+ s->dsp += 4;
+ goto again;
+ }
+ addr = read_dword(s, s->dsp + 4);
+ addr_high = 0;
+ DPRINTF("SCRIPTS dsp=%08x opcode %08x arg %08x\n", s->dsp, insn, addr);
+ s->dsps = addr;
+ s->dcmd = insn >> 24;
+ s->dsp += 8;
+ switch (insn >> 30) {
+ case 0: /* Block move. */
+ if (s->sist1 & LSI_SIST1_STO) {
+ DPRINTF("Delayed select timeout\n");
+ lsi_stop_script(s);
+ break;
+ }
+ s->dbc = insn & 0xffffff;
+ s->rbc = s->dbc;
+ /* ??? Set ESA. */
+ s->ia = s->dsp - 8;
+ if (insn & (1 << 29)) {
+ /* Indirect addressing. */
+ addr = read_dword(s, addr);
+ } else if (insn & (1 << 28)) {
+ uint32_t buf[2];
+ int32_t offset;
+ /* Table indirect addressing. */
+
+ /* 32-bit Table indirect */
+ offset = sxt24(addr);
+ pci_dma_read(pci_dev, s->dsa + offset, buf, 8);
+ /* byte count is stored in bits 0:23 only */
+ s->dbc = cpu_to_le32(buf[0]) & 0xffffff;
+ s->rbc = s->dbc;
+ addr = cpu_to_le32(buf[1]);
+
+ /* 40-bit DMA, upper addr bits [39:32] stored in first DWORD of
+ * table, bits [31:24] */
+ if (lsi_dma_40bit(s))
+ addr_high = cpu_to_le32(buf[0]) >> 24;
+ else if (lsi_dma_ti64bit(s)) {
+ int selector = (cpu_to_le32(buf[0]) >> 24) & 0x1f;
+ switch (selector) {
+ case 0 ... 0x0f:
+ /* offset index into scratch registers since
+ * TI64 mode can use registers C to R */
+ addr_high = s->scratch[2 + selector];
+ break;
+ case 0x10:
+ addr_high = s->mmrs;
+ break;
+ case 0x11:
+ addr_high = s->mmws;
+ break;
+ case 0x12:
+ addr_high = s->sfs;
+ break;
+ case 0x13:
+ addr_high = s->drs;
+ break;
+ case 0x14:
+ addr_high = s->sbms;
+ break;
+ case 0x15:
+ addr_high = s->dbms;
+ break;
+ default:
+ BADF("Illegal selector specified (0x%x > 0x15)"
+ " for 64-bit DMA block move", selector);
+ break;
+ }
+ }
+ } else if (lsi_dma_64bit(s)) {
+ /* fetch a 3rd dword if 64-bit direct move is enabled and
+ only if we're not doing table indirect or indirect addressing */
+ s->dbms = read_dword(s, s->dsp);
+ s->dsp += 4;
+ s->ia = s->dsp - 12;
+ }
+ if ((s->sstat1 & PHASE_MASK) != ((insn >> 24) & 7)) {
+ DPRINTF("Wrong phase got %d expected %d\n",
+ s->sstat1 & PHASE_MASK, (insn >> 24) & 7);
+ lsi_script_scsi_interrupt(s, LSI_SIST0_MA, 0);
+ break;
+ }
+ s->dnad = addr;
+ s->dnad64 = addr_high;
+ switch (s->sstat1 & 0x7) {
+ case PHASE_DO:
+ s->waiting = 2;
+ lsi_do_dma(s, 1);
+ if (s->waiting)
+ s->waiting = 3;
+ break;
+ case PHASE_DI:
+ s->waiting = 2;
+ lsi_do_dma(s, 0);
+ if (s->waiting)
+ s->waiting = 3;
+ break;
+ case PHASE_CMD:
+ lsi_do_command(s);
+ break;
+ case PHASE_ST:
+ lsi_do_status(s);
+ break;
+ case PHASE_MO:
+ lsi_do_msgout(s);
+ break;
+ case PHASE_MI:
+ lsi_do_msgin(s);
+ break;
+ default:
+ BADF("Unimplemented phase %d\n", s->sstat1 & PHASE_MASK);
+ exit(1);
+ }
+ s->dfifo = s->dbc & 0xff;
+ s->ctest5 = (s->ctest5 & 0xfc) | ((s->dbc >> 8) & 3);
+ s->sbc = s->dbc;
+ s->rbc -= s->dbc;
+ s->ua = addr + s->dbc;
+ break;
+
+ case 1: /* IO or Read/Write instruction. */
+ opcode = (insn >> 27) & 7;
+ if (opcode < 5) {
+ uint32_t id;
+
+ if (insn & (1 << 25)) {
+ id = read_dword(s, s->dsa + sxt24(insn));
+ } else {
+ id = insn;
+ }
+ id = (id >> 16) & 0xf;
+ if (insn & (1 << 26)) {
+ addr = s->dsp + sxt24(addr);
+ }
+ s->dnad = addr;
+ switch (opcode) {
+ case 0: /* Select */
+ s->sdid = id;
+ if (s->scntl1 & LSI_SCNTL1_CON) {
+ DPRINTF("Already reselected, jumping to alternative address\n");
+ s->dsp = s->dnad;
+ break;
+ }
+ s->sstat0 |= LSI_SSTAT0_WOA;
+ s->scntl1 &= ~LSI_SCNTL1_IARB;
+ if (!scsi_device_find(&s->bus, 0, id, 0)) {
+ lsi_bad_selection(s, id);
+ break;
+ }
+ DPRINTF("Selected target %d%s\n",
+ id, insn & (1 << 3) ? " ATN" : "");
+ /* ??? Linux drivers compain when this is set. Maybe
+ it only applies in low-level mode (unimplemented).
+ lsi_script_scsi_interrupt(s, LSI_SIST0_CMP, 0); */
+ s->select_tag = id << 8;
+ s->scntl1 |= LSI_SCNTL1_CON;
+ if (insn & (1 << 3)) {
+ s->socl |= LSI_SOCL_ATN;
+ }
+ lsi_set_phase(s, PHASE_MO);
+ break;
+ case 1: /* Disconnect */
+ DPRINTF("Wait Disconnect\n");
+ s->scntl1 &= ~LSI_SCNTL1_CON;
+ break;
+ case 2: /* Wait Reselect */
+ if (!lsi_irq_on_rsl(s)) {
+ lsi_wait_reselect(s);
+ }
+ break;
+ case 3: /* Set */
+ DPRINTF("Set%s%s%s%s\n",
+ insn & (1 << 3) ? " ATN" : "",
+ insn & (1 << 6) ? " ACK" : "",
+ insn & (1 << 9) ? " TM" : "",
+ insn & (1 << 10) ? " CC" : "");
+ if (insn & (1 << 3)) {
+ s->socl |= LSI_SOCL_ATN;
+ lsi_set_phase(s, PHASE_MO);
+ }
+ if (insn & (1 << 9)) {
+ BADF("Target mode not implemented\n");
+ exit(1);
+ }
+ if (insn & (1 << 10))
+ s->carry = 1;
+ break;
+ case 4: /* Clear */
+ DPRINTF("Clear%s%s%s%s\n",
+ insn & (1 << 3) ? " ATN" : "",
+ insn & (1 << 6) ? " ACK" : "",
+ insn & (1 << 9) ? " TM" : "",
+ insn & (1 << 10) ? " CC" : "");
+ if (insn & (1 << 3)) {
+ s->socl &= ~LSI_SOCL_ATN;
+ }
+ if (insn & (1 << 10))
+ s->carry = 0;
+ break;
+ }
+ } else {
+ uint8_t op0;
+ uint8_t op1;
+ uint8_t data8;
+ int reg;
+ int operator;
+#ifdef DEBUG_LSI
+ static const char *opcode_names[3] =
+ {"Write", "Read", "Read-Modify-Write"};
+ static const char *operator_names[8] =
+ {"MOV", "SHL", "OR", "XOR", "AND", "SHR", "ADD", "ADC"};
+#endif
+
+ reg = ((insn >> 16) & 0x7f) | (insn & 0x80);
+ data8 = (insn >> 8) & 0xff;
+ opcode = (insn >> 27) & 7;
+ operator = (insn >> 24) & 7;
+ DPRINTF("%s reg 0x%x %s data8=0x%02x sfbr=0x%02x%s\n",
+ opcode_names[opcode - 5], reg,
+ operator_names[operator], data8, s->sfbr,
+ (insn & (1 << 23)) ? " SFBR" : "");
+ op0 = op1 = 0;
+ switch (opcode) {
+ case 5: /* From SFBR */
+ op0 = s->sfbr;
+ op1 = data8;
+ break;
+ case 6: /* To SFBR */
+ if (operator)
+ op0 = lsi_reg_readb(s, reg);
+ op1 = data8;
+ break;
+ case 7: /* Read-modify-write */
+ if (operator)
+ op0 = lsi_reg_readb(s, reg);
+ if (insn & (1 << 23)) {
+ op1 = s->sfbr;
+ } else {
+ op1 = data8;
+ }
+ break;
+ }
+
+ switch (operator) {
+ case 0: /* move */
+ op0 = op1;
+ break;
+ case 1: /* Shift left */
+ op1 = op0 >> 7;
+ op0 = (op0 << 1) | s->carry;
+ s->carry = op1;
+ break;
+ case 2: /* OR */
+ op0 |= op1;
+ break;
+ case 3: /* XOR */
+ op0 ^= op1;
+ break;
+ case 4: /* AND */
+ op0 &= op1;
+ break;
+ case 5: /* SHR */
+ op1 = op0 & 1;
+ op0 = (op0 >> 1) | (s->carry << 7);
+ s->carry = op1;
+ break;
+ case 6: /* ADD */
+ op0 += op1;
+ s->carry = op0 < op1;
+ break;
+ case 7: /* ADC */
+ op0 += op1 + s->carry;
+ if (s->carry)
+ s->carry = op0 <= op1;
+ else
+ s->carry = op0 < op1;
+ break;
+ }
+
+ switch (opcode) {
+ case 5: /* From SFBR */
+ case 7: /* Read-modify-write */
+ lsi_reg_writeb(s, reg, op0);
+ break;
+ case 6: /* To SFBR */
+ s->sfbr = op0;
+ break;
+ }
+ }
+ break;
+
+ case 2: /* Transfer Control. */
+ {
+ int cond;
+ int jmp;
+
+ if ((insn & 0x002e0000) == 0) {
+ DPRINTF("NOP\n");
+ break;
+ }
+ if (s->sist1 & LSI_SIST1_STO) {
+ DPRINTF("Delayed select timeout\n");
+ lsi_stop_script(s);
+ break;
+ }
+ cond = jmp = (insn & (1 << 19)) != 0;
+ if (cond == jmp && (insn & (1 << 21))) {
+ DPRINTF("Compare carry %d\n", s->carry == jmp);
+ cond = s->carry != 0;
+ }
+ if (cond == jmp && (insn & (1 << 17))) {
+ DPRINTF("Compare phase %d %c= %d\n",
+ (s->sstat1 & PHASE_MASK),
+ jmp ? '=' : '!',
+ ((insn >> 24) & 7));
+ cond = (s->sstat1 & PHASE_MASK) == ((insn >> 24) & 7);
+ }
+ if (cond == jmp && (insn & (1 << 18))) {
+ uint8_t mask;
+
+ mask = (~insn >> 8) & 0xff;
+ DPRINTF("Compare data 0x%x & 0x%x %c= 0x%x\n",
+ s->sfbr, mask, jmp ? '=' : '!', insn & mask);
+ cond = (s->sfbr & mask) == (insn & mask);
+ }
+ if (cond == jmp) {
+ if (insn & (1 << 23)) {
+ /* Relative address. */
+ addr = s->dsp + sxt24(addr);
+ }
+ switch ((insn >> 27) & 7) {
+ case 0: /* Jump */
+ DPRINTF("Jump to 0x%08x\n", addr);
+ s->dsp = addr;
+ break;
+ case 1: /* Call */
+ DPRINTF("Call 0x%08x\n", addr);
+ s->temp = s->dsp;
+ s->dsp = addr;
+ break;
+ case 2: /* Return */
+ DPRINTF("Return to 0x%08x\n", s->temp);
+ s->dsp = s->temp;
+ break;
+ case 3: /* Interrupt */
+ DPRINTF("Interrupt 0x%08x\n", s->dsps);
+ if ((insn & (1 << 20)) != 0) {
+ s->istat0 |= LSI_ISTAT0_INTF;
+ lsi_update_irq(s);
+ } else {
+ lsi_script_dma_interrupt(s, LSI_DSTAT_SIR);
+ }
+ break;
+ default:
+ DPRINTF("Illegal transfer control\n");
+ lsi_script_dma_interrupt(s, LSI_DSTAT_IID);
+ break;
+ }
+ } else {
+ DPRINTF("Control condition failed\n");
+ }
+ }
+ break;
+
+ case 3:
+ if ((insn & (1 << 29)) == 0) {
+ /* Memory move. */
+ uint32_t dest;
+ /* ??? The docs imply the destination address is loaded into
+ the TEMP register. However the Linux drivers rely on
+ the value being presrved. */
+ dest = read_dword(s, s->dsp);
+ s->dsp += 4;
+ lsi_memcpy(s, dest, addr, insn & 0xffffff);
+ } else {
+ uint8_t data[7];
+ int reg;
+ int n;
+ int i;
+
+ if (insn & (1 << 28)) {
+ addr = s->dsa + sxt24(addr);
+ }
+ n = (insn & 7);
+ reg = (insn >> 16) & 0xff;
+ if (insn & (1 << 24)) {
+ pci_dma_read(pci_dev, addr, data, n);
+ DPRINTF("Load reg 0x%x size %d addr 0x%08x = %08x\n", reg, n,
+ addr, *(int *)data);
+ for (i = 0; i < n; i++) {
+ lsi_reg_writeb(s, reg + i, data[i]);
+ }
+ } else {
+ DPRINTF("Store reg 0x%x size %d addr 0x%08x\n", reg, n, addr);
+ for (i = 0; i < n; i++) {
+ data[i] = lsi_reg_readb(s, reg + i);
+ }
+ pci_dma_write(pci_dev, addr, data, n);
+ }
+ }
+ }
+ if (insn_processed > 10000 && !s->waiting) {
+ /* Some windows drivers make the device spin waiting for a memory
+ location to change. If we have been executed a lot of code then
+ assume this is the case and force an unexpected device disconnect.
+ This is apparently sufficient to beat the drivers into submission.
+ */
+ if (!(s->sien0 & LSI_SIST0_UDC))
+ fprintf(stderr, "inf. loop with UDC masked\n");
+ lsi_script_scsi_interrupt(s, LSI_SIST0_UDC, 0);
+ lsi_disconnect(s);
+ } else if (s->istat1 & LSI_ISTAT1_SRUN && !s->waiting) {
+ if (s->dcntl & LSI_DCNTL_SSM) {
+ lsi_script_dma_interrupt(s, LSI_DSTAT_SSI);
+ } else {
+ goto again;
+ }
+ }
+ DPRINTF("SCRIPTS execution stopped\n");
+}
+
+static uint8_t lsi_reg_readb(LSIState *s, int offset)
+{
+ uint8_t tmp;
+#define CASE_GET_REG24(name, addr) \
+ case addr: return s->name & 0xff; \
+ case addr + 1: return (s->name >> 8) & 0xff; \
+ case addr + 2: return (s->name >> 16) & 0xff;
+
+#define CASE_GET_REG32(name, addr) \
+ case addr: return s->name & 0xff; \
+ case addr + 1: return (s->name >> 8) & 0xff; \
+ case addr + 2: return (s->name >> 16) & 0xff; \
+ case addr + 3: return (s->name >> 24) & 0xff;
+
+#ifdef DEBUG_LSI_REG
+ DPRINTF("Read reg %x\n", offset);
+#endif
+ switch (offset) {
+ case 0x00: /* SCNTL0 */
+ return s->scntl0;
+ case 0x01: /* SCNTL1 */
+ return s->scntl1;
+ case 0x02: /* SCNTL2 */
+ return s->scntl2;
+ case 0x03: /* SCNTL3 */
+ return s->scntl3;
+ case 0x04: /* SCID */
+ return s->scid;
+ case 0x05: /* SXFER */
+ return s->sxfer;
+ case 0x06: /* SDID */
+ return s->sdid;
+ case 0x07: /* GPREG0 */
+ return 0x7f;
+ case 0x08: /* Revision ID */
+ return 0x00;
+ case 0xa: /* SSID */
+ return s->ssid;
+ case 0xb: /* SBCL */
+ /* ??? This is not correct. However it's (hopefully) only
+ used for diagnostics, so should be ok. */
+ return 0;
+ case 0xc: /* DSTAT */
+ tmp = s->dstat | 0x80;
+ if ((s->istat0 & LSI_ISTAT0_INTF) == 0)
+ s->dstat = 0;
+ lsi_update_irq(s);
+ return tmp;
+ case 0x0d: /* SSTAT0 */
+ return s->sstat0;
+ case 0x0e: /* SSTAT1 */
+ return s->sstat1;
+ case 0x0f: /* SSTAT2 */
+ return s->scntl1 & LSI_SCNTL1_CON ? 0 : 2;
+ CASE_GET_REG32(dsa, 0x10)
+ case 0x14: /* ISTAT0 */
+ return s->istat0;
+ case 0x15: /* ISTAT1 */
+ return s->istat1;
+ case 0x16: /* MBOX0 */
+ return s->mbox0;
+ case 0x17: /* MBOX1 */
+ return s->mbox1;
+ case 0x18: /* CTEST0 */
+ return 0xff;
+ case 0x19: /* CTEST1 */
+ return 0;
+ case 0x1a: /* CTEST2 */
+ tmp = s->ctest2 | LSI_CTEST2_DACK | LSI_CTEST2_CM;
+ if (s->istat0 & LSI_ISTAT0_SIGP) {
+ s->istat0 &= ~LSI_ISTAT0_SIGP;
+ tmp |= LSI_CTEST2_SIGP;
+ }
+ return tmp;
+ case 0x1b: /* CTEST3 */
+ return s->ctest3;
+ CASE_GET_REG32(temp, 0x1c)
+ case 0x20: /* DFIFO */
+ return 0;
+ case 0x21: /* CTEST4 */
+ return s->ctest4;
+ case 0x22: /* CTEST5 */
+ return s->ctest5;
+ case 0x23: /* CTEST6 */
+ return 0;
+ CASE_GET_REG24(dbc, 0x24)
+ case 0x27: /* DCMD */
+ return s->dcmd;
+ CASE_GET_REG32(dnad, 0x28)
+ CASE_GET_REG32(dsp, 0x2c)
+ CASE_GET_REG32(dsps, 0x30)
+ CASE_GET_REG32(scratch[0], 0x34)
+ case 0x38: /* DMODE */
+ return s->dmode;
+ case 0x39: /* DIEN */
+ return s->dien;
+ case 0x3a: /* SBR */
+ return s->sbr;
+ case 0x3b: /* DCNTL */
+ return s->dcntl;
+ case 0x40: /* SIEN0 */
+ return s->sien0;
+ case 0x41: /* SIEN1 */
+ return s->sien1;
+ case 0x42: /* SIST0 */
+ tmp = s->sist0;
+ s->sist0 = 0;
+ lsi_update_irq(s);
+ return tmp;
+ case 0x43: /* SIST1 */
+ tmp = s->sist1;
+ s->sist1 = 0;
+ lsi_update_irq(s);
+ return tmp;
+ case 0x46: /* MACNTL */
+ return 0x0f;
+ case 0x47: /* GPCNTL0 */
+ return 0x0f;
+ case 0x48: /* STIME0 */
+ return s->stime0;
+ case 0x4a: /* RESPID0 */
+ return s->respid0;
+ case 0x4b: /* RESPID1 */
+ return s->respid1;
+ case 0x4d: /* STEST1 */
+ return s->stest1;
+ case 0x4e: /* STEST2 */
+ return s->stest2;
+ case 0x4f: /* STEST3 */
+ return s->stest3;
+ case 0x50: /* SIDL */
+ /* This is needed by the linux drivers. We currently only update it
+ during the MSG IN phase. */
+ return s->sidl;
+ case 0x52: /* STEST4 */
+ return 0xe0;
+ case 0x56: /* CCNTL0 */
+ return s->ccntl0;
+ case 0x57: /* CCNTL1 */
+ return s->ccntl1;
+ case 0x58: /* SBDL */
+ /* Some drivers peek at the data bus during the MSG IN phase. */
+ if ((s->sstat1 & PHASE_MASK) == PHASE_MI)
+ return s->msg[0];
+ return 0;
+ case 0x59: /* SBDL high */
+ return 0;
+ CASE_GET_REG32(mmrs, 0xa0)
+ CASE_GET_REG32(mmws, 0xa4)
+ CASE_GET_REG32(sfs, 0xa8)
+ CASE_GET_REG32(drs, 0xac)
+ CASE_GET_REG32(sbms, 0xb0)
+ CASE_GET_REG32(dbms, 0xb4)
+ CASE_GET_REG32(dnad64, 0xb8)
+ CASE_GET_REG32(pmjad1, 0xc0)
+ CASE_GET_REG32(pmjad2, 0xc4)
+ CASE_GET_REG32(rbc, 0xc8)
+ CASE_GET_REG32(ua, 0xcc)
+ CASE_GET_REG32(ia, 0xd4)
+ CASE_GET_REG32(sbc, 0xd8)
+ CASE_GET_REG32(csbc, 0xdc)
+ }
+ if (offset >= 0x5c && offset < 0xa0) {
+ int n;
+ int shift;
+ n = (offset - 0x58) >> 2;
+ shift = (offset & 3) * 8;
+ return (s->scratch[n] >> shift) & 0xff;
+ }
+ BADF("readb 0x%x\n", offset);
+ exit(1);
+#undef CASE_GET_REG24
+#undef CASE_GET_REG32
+}
+
+static void lsi_reg_writeb(LSIState *s, int offset, uint8_t val)
+{
+#define CASE_SET_REG24(name, addr) \
+ case addr : s->name &= 0xffffff00; s->name |= val; break; \
+ case addr + 1: s->name &= 0xffff00ff; s->name |= val << 8; break; \
+ case addr + 2: s->name &= 0xff00ffff; s->name |= val << 16; break;
+
+#define CASE_SET_REG32(name, addr) \
+ case addr : s->name &= 0xffffff00; s->name |= val; break; \
+ case addr + 1: s->name &= 0xffff00ff; s->name |= val << 8; break; \
+ case addr + 2: s->name &= 0xff00ffff; s->name |= val << 16; break; \
+ case addr + 3: s->name &= 0x00ffffff; s->name |= val << 24; break;
+
+#ifdef DEBUG_LSI_REG
+ DPRINTF("Write reg %x = %02x\n", offset, val);
+#endif
+ switch (offset) {
+ case 0x00: /* SCNTL0 */
+ s->scntl0 = val;
+ if (val & LSI_SCNTL0_START) {
+ BADF("Start sequence not implemented\n");
+ }
+ break;
+ case 0x01: /* SCNTL1 */
+ s->scntl1 = val & ~LSI_SCNTL1_SST;
+ if (val & LSI_SCNTL1_IARB) {
+ BADF("Immediate Arbritration not implemented\n");
+ }
+ if (val & LSI_SCNTL1_RST) {
+ if (!(s->sstat0 & LSI_SSTAT0_RST)) {
+ qbus_reset_all(&s->bus.qbus);
+ s->sstat0 |= LSI_SSTAT0_RST;
+ lsi_script_scsi_interrupt(s, LSI_SIST0_RST, 0);
+ }
+ } else {
+ s->sstat0 &= ~LSI_SSTAT0_RST;
+ }
+ break;
+ case 0x02: /* SCNTL2 */
+ val &= ~(LSI_SCNTL2_WSR | LSI_SCNTL2_WSS);
+ s->scntl2 = val;
+ break;
+ case 0x03: /* SCNTL3 */
+ s->scntl3 = val;
+ break;
+ case 0x04: /* SCID */
+ s->scid = val;
+ break;
+ case 0x05: /* SXFER */
+ s->sxfer = val;
+ break;
+ case 0x06: /* SDID */
+ if ((val & 0xf) != (s->ssid & 0xf))
+ BADF("Destination ID does not match SSID\n");
+ s->sdid = val & 0xf;
+ break;
+ case 0x07: /* GPREG0 */
+ break;
+ case 0x08: /* SFBR */
+ /* The CPU is not allowed to write to this register. However the
+ SCRIPTS register move instructions are. */
+ s->sfbr = val;
+ break;
+ case 0x0a: case 0x0b:
+ /* Openserver writes to these readonly registers on startup */
+ return;
+ case 0x0c: case 0x0d: case 0x0e: case 0x0f:
+ /* Linux writes to these readonly registers on startup. */
+ return;
+ CASE_SET_REG32(dsa, 0x10)
+ case 0x14: /* ISTAT0 */
+ s->istat0 = (s->istat0 & 0x0f) | (val & 0xf0);
+ if (val & LSI_ISTAT0_ABRT) {
+ lsi_script_dma_interrupt(s, LSI_DSTAT_ABRT);
+ }
+ if (val & LSI_ISTAT0_INTF) {
+ s->istat0 &= ~LSI_ISTAT0_INTF;
+ lsi_update_irq(s);
+ }
+ if (s->waiting == 1 && val & LSI_ISTAT0_SIGP) {
+ DPRINTF("Woken by SIGP\n");
+ s->waiting = 0;
+ s->dsp = s->dnad;
+ lsi_execute_script(s);
+ }
+ if (val & LSI_ISTAT0_SRST) {
+ qdev_reset_all(DEVICE(s));
+ }
+ break;
+ case 0x16: /* MBOX0 */
+ s->mbox0 = val;
+ break;
+ case 0x17: /* MBOX1 */
+ s->mbox1 = val;
+ break;
+ case 0x1a: /* CTEST2 */
+ s->ctest2 = val & LSI_CTEST2_PCICIE;
+ break;
+ case 0x1b: /* CTEST3 */
+ s->ctest3 = val & 0x0f;
+ break;
+ CASE_SET_REG32(temp, 0x1c)
+ case 0x21: /* CTEST4 */
+ if (val & 7) {
+ BADF("Unimplemented CTEST4-FBL 0x%x\n", val);
+ }
+ s->ctest4 = val;
+ break;
+ case 0x22: /* CTEST5 */
+ if (val & (LSI_CTEST5_ADCK | LSI_CTEST5_BBCK)) {
+ BADF("CTEST5 DMA increment not implemented\n");
+ }
+ s->ctest5 = val;
+ break;
+ CASE_SET_REG24(dbc, 0x24)
+ CASE_SET_REG32(dnad, 0x28)
+ case 0x2c: /* DSP[0:7] */
+ s->dsp &= 0xffffff00;
+ s->dsp |= val;
+ break;
+ case 0x2d: /* DSP[8:15] */
+ s->dsp &= 0xffff00ff;
+ s->dsp |= val << 8;
+ break;
+ case 0x2e: /* DSP[16:23] */
+ s->dsp &= 0xff00ffff;
+ s->dsp |= val << 16;
+ break;
+ case 0x2f: /* DSP[24:31] */
+ s->dsp &= 0x00ffffff;
+ s->dsp |= val << 24;
+ if ((s->dmode & LSI_DMODE_MAN) == 0
+ && (s->istat1 & LSI_ISTAT1_SRUN) == 0)
+ lsi_execute_script(s);
+ break;
+ CASE_SET_REG32(dsps, 0x30)
+ CASE_SET_REG32(scratch[0], 0x34)
+ case 0x38: /* DMODE */
+ if (val & (LSI_DMODE_SIOM | LSI_DMODE_DIOM)) {
+ BADF("IO mappings not implemented\n");
+ }
+ s->dmode = val;
+ break;
+ case 0x39: /* DIEN */
+ s->dien = val;
+ lsi_update_irq(s);
+ break;
+ case 0x3a: /* SBR */
+ s->sbr = val;
+ break;
+ case 0x3b: /* DCNTL */
+ s->dcntl = val & ~(LSI_DCNTL_PFF | LSI_DCNTL_STD);
+ if ((val & LSI_DCNTL_STD) && (s->istat1 & LSI_ISTAT1_SRUN) == 0)
+ lsi_execute_script(s);
+ break;
+ case 0x40: /* SIEN0 */
+ s->sien0 = val;
+ lsi_update_irq(s);
+ break;
+ case 0x41: /* SIEN1 */
+ s->sien1 = val;
+ lsi_update_irq(s);
+ break;
+ case 0x47: /* GPCNTL0 */
+ break;
+ case 0x48: /* STIME0 */
+ s->stime0 = val;
+ break;
+ case 0x49: /* STIME1 */
+ if (val & 0xf) {
+ DPRINTF("General purpose timer not implemented\n");
+ /* ??? Raising the interrupt immediately seems to be sufficient
+ to keep the FreeBSD driver happy. */
+ lsi_script_scsi_interrupt(s, 0, LSI_SIST1_GEN);
+ }
+ break;
+ case 0x4a: /* RESPID0 */
+ s->respid0 = val;
+ break;
+ case 0x4b: /* RESPID1 */
+ s->respid1 = val;
+ break;
+ case 0x4d: /* STEST1 */
+ s->stest1 = val;
+ break;
+ case 0x4e: /* STEST2 */
+ if (val & 1) {
+ BADF("Low level mode not implemented\n");
+ }
+ s->stest2 = val;
+ break;
+ case 0x4f: /* STEST3 */
+ if (val & 0x41) {
+ BADF("SCSI FIFO test mode not implemented\n");
+ }
+ s->stest3 = val;
+ break;
+ case 0x56: /* CCNTL0 */
+ s->ccntl0 = val;
+ break;
+ case 0x57: /* CCNTL1 */
+ s->ccntl1 = val;
+ break;
+ CASE_SET_REG32(mmrs, 0xa0)
+ CASE_SET_REG32(mmws, 0xa4)
+ CASE_SET_REG32(sfs, 0xa8)
+ CASE_SET_REG32(drs, 0xac)
+ CASE_SET_REG32(sbms, 0xb0)
+ CASE_SET_REG32(dbms, 0xb4)
+ CASE_SET_REG32(dnad64, 0xb8)
+ CASE_SET_REG32(pmjad1, 0xc0)
+ CASE_SET_REG32(pmjad2, 0xc4)
+ CASE_SET_REG32(rbc, 0xc8)
+ CASE_SET_REG32(ua, 0xcc)
+ CASE_SET_REG32(ia, 0xd4)
+ CASE_SET_REG32(sbc, 0xd8)
+ CASE_SET_REG32(csbc, 0xdc)
+ default:
+ if (offset >= 0x5c && offset < 0xa0) {
+ int n;
+ int shift;
+ n = (offset - 0x58) >> 2;
+ shift = (offset & 3) * 8;
+ s->scratch[n] &= ~(0xff << shift);
+ s->scratch[n] |= (val & 0xff) << shift;
+ } else {
+ BADF("Unhandled writeb 0x%x = 0x%x\n", offset, val);
+ }
+ }
+#undef CASE_SET_REG24
+#undef CASE_SET_REG32
+}
+
+static void lsi_mmio_write(void *opaque, hwaddr addr,
+ uint64_t val, unsigned size)
+{
+ LSIState *s = opaque;
+
+ lsi_reg_writeb(s, addr & 0xff, val);
+}
+
+static uint64_t lsi_mmio_read(void *opaque, hwaddr addr,
+ unsigned size)
+{
+ LSIState *s = opaque;
+
+ return lsi_reg_readb(s, addr & 0xff);
+}
+
+static const MemoryRegionOps lsi_mmio_ops = {
+ .read = lsi_mmio_read,
+ .write = lsi_mmio_write,
+ .endianness = DEVICE_NATIVE_ENDIAN,
+ .impl = {
+ .min_access_size = 1,
+ .max_access_size = 1,
+ },
+};
+
+static void lsi_ram_write(void *opaque, hwaddr addr,
+ uint64_t val, unsigned size)
+{
+ LSIState *s = opaque;
+ uint32_t newval;
+ uint32_t mask;
+ int shift;
+
+ newval = s->script_ram[addr >> 2];
+ shift = (addr & 3) * 8;
+ mask = ((uint64_t)1 << (size * 8)) - 1;
+ newval &= ~(mask << shift);
+ newval |= val << shift;
+ s->script_ram[addr >> 2] = newval;
+}
+
+static uint64_t lsi_ram_read(void *opaque, hwaddr addr,
+ unsigned size)
+{
+ LSIState *s = opaque;
+ uint32_t val;
+ uint32_t mask;
+
+ val = s->script_ram[addr >> 2];
+ mask = ((uint64_t)1 << (size * 8)) - 1;
+ val >>= (addr & 3) * 8;
+ return val & mask;
+}
+
+static const MemoryRegionOps lsi_ram_ops = {
+ .read = lsi_ram_read,
+ .write = lsi_ram_write,
+ .endianness = DEVICE_NATIVE_ENDIAN,
+};
+
+static uint64_t lsi_io_read(void *opaque, hwaddr addr,
+ unsigned size)
+{
+ LSIState *s = opaque;
+ return lsi_reg_readb(s, addr & 0xff);
+}
+
+static void lsi_io_write(void *opaque, hwaddr addr,
+ uint64_t val, unsigned size)
+{
+ LSIState *s = opaque;
+ lsi_reg_writeb(s, addr & 0xff, val);
+}
+
+static const MemoryRegionOps lsi_io_ops = {
+ .read = lsi_io_read,
+ .write = lsi_io_write,
+ .endianness = DEVICE_NATIVE_ENDIAN,
+ .impl = {
+ .min_access_size = 1,
+ .max_access_size = 1,
+ },
+};
+
+static void lsi_scsi_reset(DeviceState *dev)
+{
+ LSIState *s = LSI53C895A(dev);
+
+ lsi_soft_reset(s);
+}
+
+static void lsi_pre_save(void *opaque)
+{
+ LSIState *s = opaque;
+
+ if (s->current) {
+ assert(s->current->dma_buf == NULL);
+ assert(s->current->dma_len == 0);
+ }
+ assert(QTAILQ_EMPTY(&s->queue));
+}
+
+static const VMStateDescription vmstate_lsi_scsi = {
+ .name = "lsiscsi",
+ .version_id = 0,
+ .minimum_version_id = 0,
+ .minimum_version_id_old = 0,
+ .pre_save = lsi_pre_save,
+ .fields = (VMStateField []) {
+ VMSTATE_PCI_DEVICE(parent_obj, LSIState),
+
+ VMSTATE_INT32(carry, LSIState),
+ VMSTATE_INT32(status, LSIState),
+ VMSTATE_INT32(msg_action, LSIState),
+ VMSTATE_INT32(msg_len, LSIState),
+ VMSTATE_BUFFER(msg, LSIState),
+ VMSTATE_INT32(waiting, LSIState),
+
+ VMSTATE_UINT32(dsa, LSIState),
+ VMSTATE_UINT32(temp, LSIState),
+ VMSTATE_UINT32(dnad, LSIState),
+ VMSTATE_UINT32(dbc, LSIState),
+ VMSTATE_UINT8(istat0, LSIState),
+ VMSTATE_UINT8(istat1, LSIState),
+ VMSTATE_UINT8(dcmd, LSIState),
+ VMSTATE_UINT8(dstat, LSIState),
+ VMSTATE_UINT8(dien, LSIState),
+ VMSTATE_UINT8(sist0, LSIState),
+ VMSTATE_UINT8(sist1, LSIState),
+ VMSTATE_UINT8(sien0, LSIState),
+ VMSTATE_UINT8(sien1, LSIState),
+ VMSTATE_UINT8(mbox0, LSIState),
+ VMSTATE_UINT8(mbox1, LSIState),
+ VMSTATE_UINT8(dfifo, LSIState),
+ VMSTATE_UINT8(ctest2, LSIState),
+ VMSTATE_UINT8(ctest3, LSIState),
+ VMSTATE_UINT8(ctest4, LSIState),
+ VMSTATE_UINT8(ctest5, LSIState),
+ VMSTATE_UINT8(ccntl0, LSIState),
+ VMSTATE_UINT8(ccntl1, LSIState),
+ VMSTATE_UINT32(dsp, LSIState),
+ VMSTATE_UINT32(dsps, LSIState),
+ VMSTATE_UINT8(dmode, LSIState),
+ VMSTATE_UINT8(dcntl, LSIState),
+ VMSTATE_UINT8(scntl0, LSIState),
+ VMSTATE_UINT8(scntl1, LSIState),
+ VMSTATE_UINT8(scntl2, LSIState),
+ VMSTATE_UINT8(scntl3, LSIState),
+ VMSTATE_UINT8(sstat0, LSIState),
+ VMSTATE_UINT8(sstat1, LSIState),
+ VMSTATE_UINT8(scid, LSIState),
+ VMSTATE_UINT8(sxfer, LSIState),
+ VMSTATE_UINT8(socl, LSIState),
+ VMSTATE_UINT8(sdid, LSIState),
+ VMSTATE_UINT8(ssid, LSIState),
+ VMSTATE_UINT8(sfbr, LSIState),
+ VMSTATE_UINT8(stest1, LSIState),
+ VMSTATE_UINT8(stest2, LSIState),
+ VMSTATE_UINT8(stest3, LSIState),
+ VMSTATE_UINT8(sidl, LSIState),
+ VMSTATE_UINT8(stime0, LSIState),
+ VMSTATE_UINT8(respid0, LSIState),
+ VMSTATE_UINT8(respid1, LSIState),
+ VMSTATE_UINT32(mmrs, LSIState),
+ VMSTATE_UINT32(mmws, LSIState),
+ VMSTATE_UINT32(sfs, LSIState),
+ VMSTATE_UINT32(drs, LSIState),
+ VMSTATE_UINT32(sbms, LSIState),
+ VMSTATE_UINT32(dbms, LSIState),
+ VMSTATE_UINT32(dnad64, LSIState),
+ VMSTATE_UINT32(pmjad1, LSIState),
+ VMSTATE_UINT32(pmjad2, LSIState),
+ VMSTATE_UINT32(rbc, LSIState),
+ VMSTATE_UINT32(ua, LSIState),
+ VMSTATE_UINT32(ia, LSIState),
+ VMSTATE_UINT32(sbc, LSIState),
+ VMSTATE_UINT32(csbc, LSIState),
+ VMSTATE_BUFFER_UNSAFE(scratch, LSIState, 0, 18 * sizeof(uint32_t)),
+ VMSTATE_UINT8(sbr, LSIState),
+
+ VMSTATE_BUFFER_UNSAFE(script_ram, LSIState, 0, 2048 * sizeof(uint32_t)),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+static void lsi_scsi_uninit(PCIDevice *d)
+{
+ LSIState *s = LSI53C895A(d);
+
+ memory_region_destroy(&s->mmio_io);
+ memory_region_destroy(&s->ram_io);
+ memory_region_destroy(&s->io_io);
+}
+
+static const struct SCSIBusInfo lsi_scsi_info = {
+ .tcq = true,
+ .max_target = LSI_MAX_DEVS,
+ .max_lun = 0, /* LUN support is buggy */
+
+ .transfer_data = lsi_transfer_data,
+ .complete = lsi_command_complete,
+ .cancel = lsi_request_cancelled
+};
+
+static int lsi_scsi_init(PCIDevice *dev)
+{
+ LSIState *s = LSI53C895A(dev);
+ DeviceState *d = DEVICE(dev);
+ uint8_t *pci_conf;
+ Error *err = NULL;
+
+ pci_conf = dev->config;
+
+ /* PCI latency timer = 255 */
+ pci_conf[PCI_LATENCY_TIMER] = 0xff;
+ /* Interrupt pin A */
+ pci_conf[PCI_INTERRUPT_PIN] = 0x01;
+
+ memory_region_init_io(&s->mmio_io, OBJECT(s), &lsi_mmio_ops, s,
+ "lsi-mmio", 0x400);
+ memory_region_init_io(&s->ram_io, OBJECT(s), &lsi_ram_ops, s,
+ "lsi-ram", 0x2000);
+ memory_region_init_io(&s->io_io, OBJECT(s), &lsi_io_ops, s,
+ "lsi-io", 256);
+
+ pci_register_bar(dev, 0, PCI_BASE_ADDRESS_SPACE_IO, &s->io_io);
+ pci_register_bar(dev, 1, 0, &s->mmio_io);
+ pci_register_bar(dev, 2, PCI_BASE_ADDRESS_SPACE_MEMORY, &s->ram_io);
+ QTAILQ_INIT(&s->queue);
+
+ scsi_bus_new(&s->bus, d, &lsi_scsi_info, NULL);
+ if (!d->hotplugged) {
+ scsi_bus_legacy_handle_cmdline(&s->bus, &err);
+ if (err != NULL) {
+ error_free(err);
+ return -1;
+ }
+ }
+ return 0;
+}
+
+static void lsi_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ PCIDeviceClass *k = PCI_DEVICE_CLASS(klass);
+
+ k->init = lsi_scsi_init;
+ k->exit = lsi_scsi_uninit;
+ k->vendor_id = PCI_VENDOR_ID_LSI_LOGIC;
+ k->device_id = PCI_DEVICE_ID_LSI_53C895A;
+ k->class_id = PCI_CLASS_STORAGE_SCSI;
+ k->subsystem_id = 0x1000;
+ dc->reset = lsi_scsi_reset;
+ dc->vmsd = &vmstate_lsi_scsi;
+ set_bit(DEVICE_CATEGORY_STORAGE, dc->categories);
+}
+
+static const TypeInfo lsi_info = {
+ .name = TYPE_LSI53C895A,
+ .parent = TYPE_PCI_DEVICE,
+ .instance_size = sizeof(LSIState),
+ .class_init = lsi_class_init,
+};
+
+static void lsi53c895a_register_types(void)
+{
+ type_register_static(&lsi_info);
+}
+
+type_init(lsi53c895a_register_types)
diff --git a/hw/scsi/megasas.c b/hw/scsi/megasas.c
new file mode 100644
index 000000000..a6d528591
--- /dev/null
+++ b/hw/scsi/megasas.c
@@ -0,0 +1,2232 @@
+/*
+ * QEMU MegaRAID SAS 8708EM2 Host Bus Adapter emulation
+ * Based on the linux driver code at drivers/scsi/megaraid
+ *
+ * Copyright (c) 2009-2012 Hannes Reinecke, SUSE Labs
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "hw/hw.h"
+#include "hw/pci/pci.h"
+#include "sysemu/dma.h"
+#include "hw/pci/msix.h"
+#include "qemu/iov.h"
+#include "hw/scsi/scsi.h"
+#include "block/scsi.h"
+#include "trace.h"
+
+#include "mfi.h"
+
+#define MEGASAS_VERSION "1.70"
+#define MEGASAS_MAX_FRAMES 2048 /* Firmware limit at 65535 */
+#define MEGASAS_DEFAULT_FRAMES 1000 /* Windows requires this */
+#define MEGASAS_MAX_SGE 128 /* Firmware limit */
+#define MEGASAS_DEFAULT_SGE 80
+#define MEGASAS_MAX_SECTORS 0xFFFF /* No real limit */
+#define MEGASAS_MAX_ARRAYS 128
+
+#define MEGASAS_HBA_SERIAL "QEMU123456"
+#define NAA_LOCALLY_ASSIGNED_ID 0x3ULL
+#define IEEE_COMPANY_LOCALLY_ASSIGNED 0x525400
+
+#define MEGASAS_FLAG_USE_JBOD 0
+#define MEGASAS_MASK_USE_JBOD (1 << MEGASAS_FLAG_USE_JBOD)
+#define MEGASAS_FLAG_USE_MSIX 1
+#define MEGASAS_MASK_USE_MSIX (1 << MEGASAS_FLAG_USE_MSIX)
+#define MEGASAS_FLAG_USE_QUEUE64 2
+#define MEGASAS_MASK_USE_QUEUE64 (1 << MEGASAS_FLAG_USE_QUEUE64)
+
+static const char *mfi_frame_desc[] = {
+ "MFI init", "LD Read", "LD Write", "LD SCSI", "PD SCSI",
+ "MFI Doorbell", "MFI Abort", "MFI SMP", "MFI Stop"};
+
+typedef struct MegasasCmd {
+ uint32_t index;
+ uint16_t flags;
+ uint16_t count;
+ uint64_t context;
+
+ hwaddr pa;
+ hwaddr pa_size;
+ union mfi_frame *frame;
+ SCSIRequest *req;
+ QEMUSGList qsg;
+ void *iov_buf;
+ size_t iov_size;
+ size_t iov_offset;
+ struct MegasasState *state;
+} MegasasCmd;
+
+typedef struct MegasasState {
+ /*< private >*/
+ PCIDevice parent_obj;
+ /*< public >*/
+
+ MemoryRegion mmio_io;
+ MemoryRegion port_io;
+ MemoryRegion queue_io;
+ uint32_t frame_hi;
+
+ int fw_state;
+ uint32_t fw_sge;
+ uint32_t fw_cmds;
+ uint32_t flags;
+ int fw_luns;
+ int intr_mask;
+ int doorbell;
+ int busy;
+
+ MegasasCmd *event_cmd;
+ int event_locale;
+ int event_class;
+ int event_count;
+ int shutdown_event;
+ int boot_event;
+
+ uint64_t sas_addr;
+ char *hba_serial;
+
+ uint64_t reply_queue_pa;
+ void *reply_queue;
+ int reply_queue_len;
+ int reply_queue_head;
+ int reply_queue_tail;
+ uint64_t consumer_pa;
+ uint64_t producer_pa;
+
+ MegasasCmd frames[MEGASAS_MAX_FRAMES];
+
+ SCSIBus bus;
+} MegasasState;
+
+#define TYPE_MEGASAS "megasas"
+
+#define MEGASAS(obj) \
+ OBJECT_CHECK(MegasasState, (obj), TYPE_MEGASAS)
+
+#define MEGASAS_INTR_DISABLED_MASK 0xFFFFFFFF
+
+static bool megasas_intr_enabled(MegasasState *s)
+{
+ if ((s->intr_mask & MEGASAS_INTR_DISABLED_MASK) !=
+ MEGASAS_INTR_DISABLED_MASK) {
+ return true;
+ }
+ return false;
+}
+
+static bool megasas_use_queue64(MegasasState *s)
+{
+ return s->flags & MEGASAS_MASK_USE_QUEUE64;
+}
+
+static bool megasas_use_msix(MegasasState *s)
+{
+ return s->flags & MEGASAS_MASK_USE_MSIX;
+}
+
+static bool megasas_is_jbod(MegasasState *s)
+{
+ return s->flags & MEGASAS_MASK_USE_JBOD;
+}
+
+static void megasas_frame_set_cmd_status(unsigned long frame, uint8_t v)
+{
+ stb_phys(frame + offsetof(struct mfi_frame_header, cmd_status), v);
+}
+
+static void megasas_frame_set_scsi_status(unsigned long frame, uint8_t v)
+{
+ stb_phys(frame + offsetof(struct mfi_frame_header, scsi_status), v);
+}
+
+/*
+ * Context is considered opaque, but the HBA firmware is running
+ * in little endian mode. So convert it to little endian, too.
+ */
+static uint64_t megasas_frame_get_context(unsigned long frame)
+{
+ return ldq_le_phys(frame + offsetof(struct mfi_frame_header, context));
+}
+
+static bool megasas_frame_is_ieee_sgl(MegasasCmd *cmd)
+{
+ return cmd->flags & MFI_FRAME_IEEE_SGL;
+}
+
+static bool megasas_frame_is_sgl64(MegasasCmd *cmd)
+{
+ return cmd->flags & MFI_FRAME_SGL64;
+}
+
+static bool megasas_frame_is_sense64(MegasasCmd *cmd)
+{
+ return cmd->flags & MFI_FRAME_SENSE64;
+}
+
+static uint64_t megasas_sgl_get_addr(MegasasCmd *cmd,
+ union mfi_sgl *sgl)
+{
+ uint64_t addr;
+
+ if (megasas_frame_is_ieee_sgl(cmd)) {
+ addr = le64_to_cpu(sgl->sg_skinny->addr);
+ } else if (megasas_frame_is_sgl64(cmd)) {
+ addr = le64_to_cpu(sgl->sg64->addr);
+ } else {
+ addr = le32_to_cpu(sgl->sg32->addr);
+ }
+ return addr;
+}
+
+static uint32_t megasas_sgl_get_len(MegasasCmd *cmd,
+ union mfi_sgl *sgl)
+{
+ uint32_t len;
+
+ if (megasas_frame_is_ieee_sgl(cmd)) {
+ len = le32_to_cpu(sgl->sg_skinny->len);
+ } else if (megasas_frame_is_sgl64(cmd)) {
+ len = le32_to_cpu(sgl->sg64->len);
+ } else {
+ len = le32_to_cpu(sgl->sg32->len);
+ }
+ return len;
+}
+
+static union mfi_sgl *megasas_sgl_next(MegasasCmd *cmd,
+ union mfi_sgl *sgl)
+{
+ uint8_t *next = (uint8_t *)sgl;
+
+ if (megasas_frame_is_ieee_sgl(cmd)) {
+ next += sizeof(struct mfi_sg_skinny);
+ } else if (megasas_frame_is_sgl64(cmd)) {
+ next += sizeof(struct mfi_sg64);
+ } else {
+ next += sizeof(struct mfi_sg32);
+ }
+
+ if (next >= (uint8_t *)cmd->frame + cmd->pa_size) {
+ return NULL;
+ }
+ return (union mfi_sgl *)next;
+}
+
+static void megasas_soft_reset(MegasasState *s);
+
+static int megasas_map_sgl(MegasasState *s, MegasasCmd *cmd, union mfi_sgl *sgl)
+{
+ int i;
+ int iov_count = 0;
+ size_t iov_size = 0;
+
+ cmd->flags = le16_to_cpu(cmd->frame->header.flags);
+ iov_count = cmd->frame->header.sge_count;
+ if (iov_count > MEGASAS_MAX_SGE) {
+ trace_megasas_iovec_sgl_overflow(cmd->index, iov_count,
+ MEGASAS_MAX_SGE);
+ return iov_count;
+ }
+ pci_dma_sglist_init(&cmd->qsg, PCI_DEVICE(s), iov_count);
+ for (i = 0; i < iov_count; i++) {
+ dma_addr_t iov_pa, iov_size_p;
+
+ if (!sgl) {
+ trace_megasas_iovec_sgl_underflow(cmd->index, i);
+ goto unmap;
+ }
+ iov_pa = megasas_sgl_get_addr(cmd, sgl);
+ iov_size_p = megasas_sgl_get_len(cmd, sgl);
+ if (!iov_pa || !iov_size_p) {
+ trace_megasas_iovec_sgl_invalid(cmd->index, i,
+ iov_pa, iov_size_p);
+ goto unmap;
+ }
+ qemu_sglist_add(&cmd->qsg, iov_pa, iov_size_p);
+ sgl = megasas_sgl_next(cmd, sgl);
+ iov_size += (size_t)iov_size_p;
+ }
+ if (cmd->iov_size > iov_size) {
+ trace_megasas_iovec_overflow(cmd->index, iov_size, cmd->iov_size);
+ } else if (cmd->iov_size < iov_size) {
+ trace_megasas_iovec_underflow(cmd->iov_size, iov_size, cmd->iov_size);
+ }
+ cmd->iov_offset = 0;
+ return 0;
+unmap:
+ qemu_sglist_destroy(&cmd->qsg);
+ return iov_count - i;
+}
+
+static void megasas_unmap_sgl(MegasasCmd *cmd)
+{
+ qemu_sglist_destroy(&cmd->qsg);
+ cmd->iov_offset = 0;
+}
+
+/*
+ * passthrough sense and io sense are at the same offset
+ */
+static int megasas_build_sense(MegasasCmd *cmd, uint8_t *sense_ptr,
+ uint8_t sense_len)
+{
+ uint32_t pa_hi = 0, pa_lo;
+ hwaddr pa;
+
+ if (sense_len > cmd->frame->header.sense_len) {
+ sense_len = cmd->frame->header.sense_len;
+ }
+ if (sense_len) {
+ pa_lo = le32_to_cpu(cmd->frame->pass.sense_addr_lo);
+ if (megasas_frame_is_sense64(cmd)) {
+ pa_hi = le32_to_cpu(cmd->frame->pass.sense_addr_hi);
+ }
+ pa = ((uint64_t) pa_hi << 32) | pa_lo;
+ cpu_physical_memory_write(pa, sense_ptr, sense_len);
+ cmd->frame->header.sense_len = sense_len;
+ }
+ return sense_len;
+}
+
+static void megasas_write_sense(MegasasCmd *cmd, SCSISense sense)
+{
+ uint8_t sense_buf[SCSI_SENSE_BUF_SIZE];
+ uint8_t sense_len = 18;
+
+ memset(sense_buf, 0, sense_len);
+ sense_buf[0] = 0xf0;
+ sense_buf[2] = sense.key;
+ sense_buf[7] = 10;
+ sense_buf[12] = sense.asc;
+ sense_buf[13] = sense.ascq;
+ megasas_build_sense(cmd, sense_buf, sense_len);
+}
+
+static void megasas_copy_sense(MegasasCmd *cmd)
+{
+ uint8_t sense_buf[SCSI_SENSE_BUF_SIZE];
+ uint8_t sense_len;
+
+ sense_len = scsi_req_get_sense(cmd->req, sense_buf,
+ SCSI_SENSE_BUF_SIZE);
+ megasas_build_sense(cmd, sense_buf, sense_len);
+}
+
+/*
+ * Format an INQUIRY CDB
+ */
+static int megasas_setup_inquiry(uint8_t *cdb, int pg, int len)
+{
+ memset(cdb, 0, 6);
+ cdb[0] = INQUIRY;
+ if (pg > 0) {
+ cdb[1] = 0x1;
+ cdb[2] = pg;
+ }
+ cdb[3] = (len >> 8) & 0xff;
+ cdb[4] = (len & 0xff);
+ return len;
+}
+
+/*
+ * Encode lba and len into a READ_16/WRITE_16 CDB
+ */
+static void megasas_encode_lba(uint8_t *cdb, uint64_t lba,
+ uint32_t len, bool is_write)
+{
+ memset(cdb, 0x0, 16);
+ if (is_write) {
+ cdb[0] = WRITE_16;
+ } else {
+ cdb[0] = READ_16;
+ }
+ cdb[2] = (lba >> 56) & 0xff;
+ cdb[3] = (lba >> 48) & 0xff;
+ cdb[4] = (lba >> 40) & 0xff;
+ cdb[5] = (lba >> 32) & 0xff;
+ cdb[6] = (lba >> 24) & 0xff;
+ cdb[7] = (lba >> 16) & 0xff;
+ cdb[8] = (lba >> 8) & 0xff;
+ cdb[9] = (lba) & 0xff;
+ cdb[10] = (len >> 24) & 0xff;
+ cdb[11] = (len >> 16) & 0xff;
+ cdb[12] = (len >> 8) & 0xff;
+ cdb[13] = (len) & 0xff;
+}
+
+/*
+ * Utility functions
+ */
+static uint64_t megasas_fw_time(void)
+{
+ struct tm curtime;
+ uint64_t bcd_time;
+
+ qemu_get_timedate(&curtime, 0);
+ bcd_time = ((uint64_t)curtime.tm_sec & 0xff) << 48 |
+ ((uint64_t)curtime.tm_min & 0xff) << 40 |
+ ((uint64_t)curtime.tm_hour & 0xff) << 32 |
+ ((uint64_t)curtime.tm_mday & 0xff) << 24 |
+ ((uint64_t)curtime.tm_mon & 0xff) << 16 |
+ ((uint64_t)(curtime.tm_year + 1900) & 0xffff);
+
+ return bcd_time;
+}
+
+/*
+ * Default disk sata address
+ * 0x1221 is the magic number as
+ * present in real hardware,
+ * so use it here, too.
+ */
+static uint64_t megasas_get_sata_addr(uint16_t id)
+{
+ uint64_t addr = (0x1221ULL << 48);
+ return addr & (id << 24);
+}
+
+/*
+ * Frame handling
+ */
+static int megasas_next_index(MegasasState *s, int index, int limit)
+{
+ index++;
+ if (index == limit) {
+ index = 0;
+ }
+ return index;
+}
+
+static MegasasCmd *megasas_lookup_frame(MegasasState *s,
+ hwaddr frame)
+{
+ MegasasCmd *cmd = NULL;
+ int num = 0, index;
+
+ index = s->reply_queue_head;
+
+ while (num < s->fw_cmds) {
+ if (s->frames[index].pa && s->frames[index].pa == frame) {
+ cmd = &s->frames[index];
+ break;
+ }
+ index = megasas_next_index(s, index, s->fw_cmds);
+ num++;
+ }
+
+ return cmd;
+}
+
+static MegasasCmd *megasas_next_frame(MegasasState *s,
+ hwaddr frame)
+{
+ MegasasCmd *cmd = NULL;
+ int num = 0, index;
+
+ cmd = megasas_lookup_frame(s, frame);
+ if (cmd) {
+ trace_megasas_qf_found(cmd->index, cmd->pa);
+ return cmd;
+ }
+ index = s->reply_queue_head;
+ num = 0;
+ while (num < s->fw_cmds) {
+ if (!s->frames[index].pa) {
+ cmd = &s->frames[index];
+ break;
+ }
+ index = megasas_next_index(s, index, s->fw_cmds);
+ num++;
+ }
+ if (!cmd) {
+ trace_megasas_qf_failed(frame);
+ }
+ trace_megasas_qf_new(index, cmd);
+ return cmd;
+}
+
+static MegasasCmd *megasas_enqueue_frame(MegasasState *s,
+ hwaddr frame, uint64_t context, int count)
+{
+ MegasasCmd *cmd = NULL;
+ int frame_size = MFI_FRAME_SIZE * 16;
+ hwaddr frame_size_p = frame_size;
+
+ cmd = megasas_next_frame(s, frame);
+ /* All frames busy */
+ if (!cmd) {
+ return NULL;
+ }
+ if (!cmd->pa) {
+ cmd->pa = frame;
+ /* Map all possible frames */
+ cmd->frame = cpu_physical_memory_map(frame, &frame_size_p, 0);
+ if (frame_size_p != frame_size) {
+ trace_megasas_qf_map_failed(cmd->index, (unsigned long)frame);
+ if (cmd->frame) {
+ cpu_physical_memory_unmap(cmd->frame, frame_size_p, 0, 0);
+ cmd->frame = NULL;
+ cmd->pa = 0;
+ }
+ s->event_count++;
+ return NULL;
+ }
+ cmd->pa_size = frame_size_p;
+ cmd->context = context;
+ if (!megasas_use_queue64(s)) {
+ cmd->context &= (uint64_t)0xFFFFFFFF;
+ }
+ }
+ cmd->count = count;
+ s->busy++;
+
+ trace_megasas_qf_enqueue(cmd->index, cmd->count, cmd->context,
+ s->reply_queue_head, s->busy);
+
+ return cmd;
+}
+
+static void megasas_complete_frame(MegasasState *s, uint64_t context)
+{
+ PCIDevice *pci_dev = PCI_DEVICE(s);
+ int tail, queue_offset;
+
+ /* Decrement busy count */
+ s->busy--;
+
+ if (s->reply_queue_pa) {
+ /*
+ * Put command on the reply queue.
+ * Context is opaque, but emulation is running in
+ * little endian. So convert it.
+ */
+ tail = s->reply_queue_head;
+ if (megasas_use_queue64(s)) {
+ queue_offset = tail * sizeof(uint64_t);
+ stq_le_phys(s->reply_queue_pa + queue_offset, context);
+ } else {
+ queue_offset = tail * sizeof(uint32_t);
+ stl_le_phys(s->reply_queue_pa + queue_offset, context);
+ }
+ s->reply_queue_head = megasas_next_index(s, tail, s->fw_cmds);
+ trace_megasas_qf_complete(context, tail, queue_offset,
+ s->busy, s->doorbell);
+ }
+
+ if (megasas_intr_enabled(s)) {
+ /* Notify HBA */
+ s->doorbell++;
+ if (s->doorbell == 1) {
+ if (msix_enabled(pci_dev)) {
+ trace_megasas_msix_raise(0);
+ msix_notify(pci_dev, 0);
+ } else {
+ trace_megasas_irq_raise();
+ qemu_irq_raise(pci_dev->irq[0]);
+ }
+ }
+ } else {
+ trace_megasas_qf_complete_noirq(context);
+ }
+}
+
+static void megasas_reset_frames(MegasasState *s)
+{
+ int i;
+ MegasasCmd *cmd;
+
+ for (i = 0; i < s->fw_cmds; i++) {
+ cmd = &s->frames[i];
+ if (cmd->pa) {
+ cpu_physical_memory_unmap(cmd->frame, cmd->pa_size, 0, 0);
+ cmd->frame = NULL;
+ cmd->pa = 0;
+ }
+ }
+}
+
+static void megasas_abort_command(MegasasCmd *cmd)
+{
+ if (cmd->req) {
+ scsi_req_cancel(cmd->req);
+ cmd->req = NULL;
+ }
+}
+
+static int megasas_init_firmware(MegasasState *s, MegasasCmd *cmd)
+{
+ uint32_t pa_hi, pa_lo;
+ hwaddr iq_pa, initq_size;
+ struct mfi_init_qinfo *initq;
+ uint32_t flags;
+ int ret = MFI_STAT_OK;
+
+ pa_lo = le32_to_cpu(cmd->frame->init.qinfo_new_addr_lo);
+ pa_hi = le32_to_cpu(cmd->frame->init.qinfo_new_addr_hi);
+ iq_pa = (((uint64_t) pa_hi << 32) | pa_lo);
+ trace_megasas_init_firmware((uint64_t)iq_pa);
+ initq_size = sizeof(*initq);
+ initq = cpu_physical_memory_map(iq_pa, &initq_size, 0);
+ if (!initq || initq_size != sizeof(*initq)) {
+ trace_megasas_initq_map_failed(cmd->index);
+ s->event_count++;
+ ret = MFI_STAT_MEMORY_NOT_AVAILABLE;
+ goto out;
+ }
+ s->reply_queue_len = le32_to_cpu(initq->rq_entries) & 0xFFFF;
+ if (s->reply_queue_len > s->fw_cmds) {
+ trace_megasas_initq_mismatch(s->reply_queue_len, s->fw_cmds);
+ s->event_count++;
+ ret = MFI_STAT_INVALID_PARAMETER;
+ goto out;
+ }
+ pa_lo = le32_to_cpu(initq->rq_addr_lo);
+ pa_hi = le32_to_cpu(initq->rq_addr_hi);
+ s->reply_queue_pa = ((uint64_t) pa_hi << 32) | pa_lo;
+ pa_lo = le32_to_cpu(initq->ci_addr_lo);
+ pa_hi = le32_to_cpu(initq->ci_addr_hi);
+ s->consumer_pa = ((uint64_t) pa_hi << 32) | pa_lo;
+ pa_lo = le32_to_cpu(initq->pi_addr_lo);
+ pa_hi = le32_to_cpu(initq->pi_addr_hi);
+ s->producer_pa = ((uint64_t) pa_hi << 32) | pa_lo;
+ s->reply_queue_head = ldl_le_phys(s->producer_pa);
+ s->reply_queue_tail = ldl_le_phys(s->consumer_pa);
+ flags = le32_to_cpu(initq->flags);
+ if (flags & MFI_QUEUE_FLAG_CONTEXT64) {
+ s->flags |= MEGASAS_MASK_USE_QUEUE64;
+ }
+ trace_megasas_init_queue((unsigned long)s->reply_queue_pa,
+ s->reply_queue_len, s->reply_queue_head,
+ s->reply_queue_tail, flags);
+ megasas_reset_frames(s);
+ s->fw_state = MFI_FWSTATE_OPERATIONAL;
+out:
+ if (initq) {
+ cpu_physical_memory_unmap(initq, initq_size, 0, 0);
+ }
+ return ret;
+}
+
+static int megasas_map_dcmd(MegasasState *s, MegasasCmd *cmd)
+{
+ dma_addr_t iov_pa, iov_size;
+
+ cmd->flags = le16_to_cpu(cmd->frame->header.flags);
+ if (!cmd->frame->header.sge_count) {
+ trace_megasas_dcmd_zero_sge(cmd->index);
+ cmd->iov_size = 0;
+ return 0;
+ } else if (cmd->frame->header.sge_count > 1) {
+ trace_megasas_dcmd_invalid_sge(cmd->index,
+ cmd->frame->header.sge_count);
+ cmd->iov_size = 0;
+ return -1;
+ }
+ iov_pa = megasas_sgl_get_addr(cmd, &cmd->frame->dcmd.sgl);
+ iov_size = megasas_sgl_get_len(cmd, &cmd->frame->dcmd.sgl);
+ pci_dma_sglist_init(&cmd->qsg, PCI_DEVICE(s), 1);
+ qemu_sglist_add(&cmd->qsg, iov_pa, iov_size);
+ cmd->iov_size = iov_size;
+ return cmd->iov_size;
+}
+
+static void megasas_finish_dcmd(MegasasCmd *cmd, uint32_t iov_size)
+{
+ trace_megasas_finish_dcmd(cmd->index, iov_size);
+
+ if (cmd->frame->header.sge_count) {
+ qemu_sglist_destroy(&cmd->qsg);
+ }
+ if (iov_size > cmd->iov_size) {
+ if (megasas_frame_is_ieee_sgl(cmd)) {
+ cmd->frame->dcmd.sgl.sg_skinny->len = cpu_to_le32(iov_size);
+ } else if (megasas_frame_is_sgl64(cmd)) {
+ cmd->frame->dcmd.sgl.sg64->len = cpu_to_le32(iov_size);
+ } else {
+ cmd->frame->dcmd.sgl.sg32->len = cpu_to_le32(iov_size);
+ }
+ }
+ cmd->iov_size = 0;
+}
+
+static int megasas_ctrl_get_info(MegasasState *s, MegasasCmd *cmd)
+{
+ PCIDevice *pci_dev = PCI_DEVICE(s);
+ struct mfi_ctrl_info info;
+ size_t dcmd_size = sizeof(info);
+ BusChild *kid;
+ int num_ld_disks = 0;
+ uint16_t sdev_id;
+
+ memset(&info, 0x0, cmd->iov_size);
+ if (cmd->iov_size < dcmd_size) {
+ trace_megasas_dcmd_invalid_xfer_len(cmd->index, cmd->iov_size,
+ dcmd_size);
+ return MFI_STAT_INVALID_PARAMETER;
+ }
+
+ info.pci.vendor = cpu_to_le16(PCI_VENDOR_ID_LSI_LOGIC);
+ info.pci.device = cpu_to_le16(PCI_DEVICE_ID_LSI_SAS1078);
+ info.pci.subvendor = cpu_to_le16(PCI_VENDOR_ID_LSI_LOGIC);
+ info.pci.subdevice = cpu_to_le16(0x1013);
+
+ /*
+ * For some reason the firmware supports
+ * only up to 8 device ports.
+ * Despite supporting a far larger number
+ * of devices for the physical devices.
+ * So just display the first 8 devices
+ * in the device port list, independent
+ * of how many logical devices are actually
+ * present.
+ */
+ info.host.type = MFI_INFO_HOST_PCIE;
+ info.device.type = MFI_INFO_DEV_SAS3G;
+ info.device.port_count = 8;
+ QTAILQ_FOREACH(kid, &s->bus.qbus.children, sibling) {
+ SCSIDevice *sdev = DO_UPCAST(SCSIDevice, qdev, kid->child);
+
+ if (num_ld_disks < 8) {
+ sdev_id = ((sdev->id & 0xFF) >> 8) | (sdev->lun & 0xFF);
+ info.device.port_addr[num_ld_disks] =
+ cpu_to_le64(megasas_get_sata_addr(sdev_id));
+ }
+ num_ld_disks++;
+ }
+
+ memcpy(info.product_name, "MegaRAID SAS 8708EM2", 20);
+ snprintf(info.serial_number, 32, "%s", s->hba_serial);
+ snprintf(info.package_version, 0x60, "%s-QEMU", QEMU_VERSION);
+ memcpy(info.image_component[0].name, "APP", 3);
+ memcpy(info.image_component[0].version, MEGASAS_VERSION "-QEMU", 9);
+ memcpy(info.image_component[0].build_date, __DATE__, 11);
+ memcpy(info.image_component[0].build_time, __TIME__, 8);
+ info.image_component_count = 1;
+ if (pci_dev->has_rom) {
+ uint8_t biosver[32];
+ uint8_t *ptr;
+
+ ptr = memory_region_get_ram_ptr(&pci_dev->rom);
+ memcpy(biosver, ptr + 0x41, 31);
+ memcpy(info.image_component[1].name, "BIOS", 4);
+ memcpy(info.image_component[1].version, biosver,
+ strlen((const char *)biosver));
+ info.image_component_count++;
+ }
+ info.current_fw_time = cpu_to_le32(megasas_fw_time());
+ info.max_arms = 32;
+ info.max_spans = 8;
+ info.max_arrays = MEGASAS_MAX_ARRAYS;
+ info.max_lds = s->fw_luns;
+ info.max_cmds = cpu_to_le16(s->fw_cmds);
+ info.max_sg_elements = cpu_to_le16(s->fw_sge);
+ info.max_request_size = cpu_to_le32(MEGASAS_MAX_SECTORS);
+ info.lds_present = cpu_to_le16(num_ld_disks);
+ info.pd_present = cpu_to_le16(num_ld_disks);
+ info.pd_disks_present = cpu_to_le16(num_ld_disks);
+ info.hw_present = cpu_to_le32(MFI_INFO_HW_NVRAM |
+ MFI_INFO_HW_MEM |
+ MFI_INFO_HW_FLASH);
+ info.memory_size = cpu_to_le16(512);
+ info.nvram_size = cpu_to_le16(32);
+ info.flash_size = cpu_to_le16(16);
+ info.raid_levels = cpu_to_le32(MFI_INFO_RAID_0);
+ info.adapter_ops = cpu_to_le32(MFI_INFO_AOPS_RBLD_RATE |
+ MFI_INFO_AOPS_SELF_DIAGNOSTIC |
+ MFI_INFO_AOPS_MIXED_ARRAY);
+ info.ld_ops = cpu_to_le32(MFI_INFO_LDOPS_DISK_CACHE_POLICY |
+ MFI_INFO_LDOPS_ACCESS_POLICY |
+ MFI_INFO_LDOPS_IO_POLICY |
+ MFI_INFO_LDOPS_WRITE_POLICY |
+ MFI_INFO_LDOPS_READ_POLICY);
+ info.max_strips_per_io = cpu_to_le16(s->fw_sge);
+ info.stripe_sz_ops.min = 3;
+ info.stripe_sz_ops.max = ffs(MEGASAS_MAX_SECTORS + 1) - 1;
+ info.properties.pred_fail_poll_interval = cpu_to_le16(300);
+ info.properties.intr_throttle_cnt = cpu_to_le16(16);
+ info.properties.intr_throttle_timeout = cpu_to_le16(50);
+ info.properties.rebuild_rate = 30;
+ info.properties.patrol_read_rate = 30;
+ info.properties.bgi_rate = 30;
+ info.properties.cc_rate = 30;
+ info.properties.recon_rate = 30;
+ info.properties.cache_flush_interval = 4;
+ info.properties.spinup_drv_cnt = 2;
+ info.properties.spinup_delay = 6;
+ info.properties.ecc_bucket_size = 15;
+ info.properties.ecc_bucket_leak_rate = cpu_to_le16(1440);
+ info.properties.expose_encl_devices = 1;
+ info.properties.OnOffProperties = cpu_to_le32(MFI_CTRL_PROP_EnableJBOD);
+ info.pd_ops = cpu_to_le32(MFI_INFO_PDOPS_FORCE_ONLINE |
+ MFI_INFO_PDOPS_FORCE_OFFLINE);
+ info.pd_mix_support = cpu_to_le32(MFI_INFO_PDMIX_SAS |
+ MFI_INFO_PDMIX_SATA |
+ MFI_INFO_PDMIX_LD);
+
+ cmd->iov_size -= dma_buf_read((uint8_t *)&info, dcmd_size, &cmd->qsg);
+ return MFI_STAT_OK;
+}
+
+static int megasas_mfc_get_defaults(MegasasState *s, MegasasCmd *cmd)
+{
+ struct mfi_defaults info;
+ size_t dcmd_size = sizeof(struct mfi_defaults);
+
+ memset(&info, 0x0, dcmd_size);
+ if (cmd->iov_size < dcmd_size) {
+ trace_megasas_dcmd_invalid_xfer_len(cmd->index, cmd->iov_size,
+ dcmd_size);
+ return MFI_STAT_INVALID_PARAMETER;
+ }
+
+ info.sas_addr = cpu_to_le64(s->sas_addr);
+ info.stripe_size = 3;
+ info.flush_time = 4;
+ info.background_rate = 30;
+ info.allow_mix_in_enclosure = 1;
+ info.allow_mix_in_ld = 1;
+ info.direct_pd_mapping = 1;
+ /* Enable for BIOS support */
+ info.bios_enumerate_lds = 1;
+ info.disable_ctrl_r = 1;
+ info.expose_enclosure_devices = 1;
+ info.disable_preboot_cli = 1;
+ info.cluster_disable = 1;
+
+ cmd->iov_size -= dma_buf_read((uint8_t *)&info, dcmd_size, &cmd->qsg);
+ return MFI_STAT_OK;
+}
+
+static int megasas_dcmd_get_bios_info(MegasasState *s, MegasasCmd *cmd)
+{
+ struct mfi_bios_data info;
+ size_t dcmd_size = sizeof(info);
+
+ memset(&info, 0x0, dcmd_size);
+ if (cmd->iov_size < dcmd_size) {
+ trace_megasas_dcmd_invalid_xfer_len(cmd->index, cmd->iov_size,
+ dcmd_size);
+ return MFI_STAT_INVALID_PARAMETER;
+ }
+ info.continue_on_error = 1;
+ info.verbose = 1;
+ if (megasas_is_jbod(s)) {
+ info.expose_all_drives = 1;
+ }
+
+ cmd->iov_size -= dma_buf_read((uint8_t *)&info, dcmd_size, &cmd->qsg);
+ return MFI_STAT_OK;
+}
+
+static int megasas_dcmd_get_fw_time(MegasasState *s, MegasasCmd *cmd)
+{
+ uint64_t fw_time;
+ size_t dcmd_size = sizeof(fw_time);
+
+ fw_time = cpu_to_le64(megasas_fw_time());
+
+ cmd->iov_size -= dma_buf_read((uint8_t *)&fw_time, dcmd_size, &cmd->qsg);
+ return MFI_STAT_OK;
+}
+
+static int megasas_dcmd_set_fw_time(MegasasState *s, MegasasCmd *cmd)
+{
+ uint64_t fw_time;
+
+ /* This is a dummy; setting of firmware time is not allowed */
+ memcpy(&fw_time, cmd->frame->dcmd.mbox, sizeof(fw_time));
+
+ trace_megasas_dcmd_set_fw_time(cmd->index, fw_time);
+ fw_time = cpu_to_le64(megasas_fw_time());
+ return MFI_STAT_OK;
+}
+
+static int megasas_event_info(MegasasState *s, MegasasCmd *cmd)
+{
+ struct mfi_evt_log_state info;
+ size_t dcmd_size = sizeof(info);
+
+ memset(&info, 0, dcmd_size);
+
+ info.newest_seq_num = cpu_to_le32(s->event_count);
+ info.shutdown_seq_num = cpu_to_le32(s->shutdown_event);
+ info.boot_seq_num = cpu_to_le32(s->boot_event);
+
+ cmd->iov_size -= dma_buf_read((uint8_t *)&info, dcmd_size, &cmd->qsg);
+ return MFI_STAT_OK;
+}
+
+static int megasas_event_wait(MegasasState *s, MegasasCmd *cmd)
+{
+ union mfi_evt event;
+
+ if (cmd->iov_size < sizeof(struct mfi_evt_detail)) {
+ trace_megasas_dcmd_invalid_xfer_len(cmd->index, cmd->iov_size,
+ sizeof(struct mfi_evt_detail));
+ return MFI_STAT_INVALID_PARAMETER;
+ }
+ s->event_count = cpu_to_le32(cmd->frame->dcmd.mbox[0]);
+ event.word = cpu_to_le32(cmd->frame->dcmd.mbox[4]);
+ s->event_locale = event.members.locale;
+ s->event_class = event.members.class;
+ s->event_cmd = cmd;
+ /* Decrease busy count; event frame doesn't count here */
+ s->busy--;
+ cmd->iov_size = sizeof(struct mfi_evt_detail);
+ return MFI_STAT_INVALID_STATUS;
+}
+
+static int megasas_dcmd_pd_get_list(MegasasState *s, MegasasCmd *cmd)
+{
+ struct mfi_pd_list info;
+ size_t dcmd_size = sizeof(info);
+ BusChild *kid;
+ uint32_t offset, dcmd_limit, num_pd_disks = 0, max_pd_disks;
+ uint16_t sdev_id;
+
+ memset(&info, 0, dcmd_size);
+ offset = 8;
+ dcmd_limit = offset + sizeof(struct mfi_pd_address);
+ if (cmd->iov_size < dcmd_limit) {
+ trace_megasas_dcmd_invalid_xfer_len(cmd->index, cmd->iov_size,
+ dcmd_limit);
+ return MFI_STAT_INVALID_PARAMETER;
+ }
+
+ max_pd_disks = (cmd->iov_size - offset) / sizeof(struct mfi_pd_address);
+ if (max_pd_disks > s->fw_luns) {
+ max_pd_disks = s->fw_luns;
+ }
+
+ QTAILQ_FOREACH(kid, &s->bus.qbus.children, sibling) {
+ SCSIDevice *sdev = DO_UPCAST(SCSIDevice, qdev, kid->child);
+
+ sdev_id = ((sdev->id & 0xFF) >> 8) | (sdev->lun & 0xFF);
+ info.addr[num_pd_disks].device_id = cpu_to_le16(sdev_id);
+ info.addr[num_pd_disks].encl_device_id = 0xFFFF;
+ info.addr[num_pd_disks].encl_index = 0;
+ info.addr[num_pd_disks].slot_number = (sdev->id & 0xFF);
+ info.addr[num_pd_disks].scsi_dev_type = sdev->type;
+ info.addr[num_pd_disks].connect_port_bitmap = 0x1;
+ info.addr[num_pd_disks].sas_addr[0] =
+ cpu_to_le64(megasas_get_sata_addr(sdev_id));
+ num_pd_disks++;
+ offset += sizeof(struct mfi_pd_address);
+ }
+ trace_megasas_dcmd_pd_get_list(cmd->index, num_pd_disks,
+ max_pd_disks, offset);
+
+ info.size = cpu_to_le32(offset);
+ info.count = cpu_to_le32(num_pd_disks);
+
+ cmd->iov_size -= dma_buf_read((uint8_t *)&info, offset, &cmd->qsg);
+ return MFI_STAT_OK;
+}
+
+static int megasas_dcmd_pd_list_query(MegasasState *s, MegasasCmd *cmd)
+{
+ uint16_t flags;
+
+ /* mbox0 contains flags */
+ flags = le16_to_cpu(cmd->frame->dcmd.mbox[0]);
+ trace_megasas_dcmd_pd_list_query(cmd->index, flags);
+ if (flags == MR_PD_QUERY_TYPE_ALL ||
+ megasas_is_jbod(s)) {
+ return megasas_dcmd_pd_get_list(s, cmd);
+ }
+
+ return MFI_STAT_OK;
+}
+
+static int megasas_pd_get_info_submit(SCSIDevice *sdev, int lun,
+ MegasasCmd *cmd)
+{
+ struct mfi_pd_info *info = cmd->iov_buf;
+ size_t dcmd_size = sizeof(struct mfi_pd_info);
+ BlockConf *conf = &sdev->conf;
+ uint64_t pd_size;
+ uint16_t sdev_id = ((sdev->id & 0xFF) >> 8) | (lun & 0xFF);
+ uint8_t cmdbuf[6];
+ SCSIRequest *req;
+ size_t len, resid;
+
+ if (!cmd->iov_buf) {
+ cmd->iov_buf = g_malloc(dcmd_size);
+ memset(cmd->iov_buf, 0, dcmd_size);
+ info = cmd->iov_buf;
+ info->inquiry_data[0] = 0x7f; /* Force PQual 0x3, PType 0x1f */
+ info->vpd_page83[0] = 0x7f;
+ megasas_setup_inquiry(cmdbuf, 0, sizeof(info->inquiry_data));
+ req = scsi_req_new(sdev, cmd->index, lun, cmdbuf, cmd);
+ if (!req) {
+ trace_megasas_dcmd_req_alloc_failed(cmd->index,
+ "PD get info std inquiry");
+ g_free(cmd->iov_buf);
+ cmd->iov_buf = NULL;
+ return MFI_STAT_FLASH_ALLOC_FAIL;
+ }
+ trace_megasas_dcmd_internal_submit(cmd->index,
+ "PD get info std inquiry", lun);
+ len = scsi_req_enqueue(req);
+ if (len > 0) {
+ cmd->iov_size = len;
+ scsi_req_continue(req);
+ }
+ return MFI_STAT_INVALID_STATUS;
+ } else if (info->inquiry_data[0] != 0x7f && info->vpd_page83[0] == 0x7f) {
+ megasas_setup_inquiry(cmdbuf, 0x83, sizeof(info->vpd_page83));
+ req = scsi_req_new(sdev, cmd->index, lun, cmdbuf, cmd);
+ if (!req) {
+ trace_megasas_dcmd_req_alloc_failed(cmd->index,
+ "PD get info vpd inquiry");
+ return MFI_STAT_FLASH_ALLOC_FAIL;
+ }
+ trace_megasas_dcmd_internal_submit(cmd->index,
+ "PD get info vpd inquiry", lun);
+ len = scsi_req_enqueue(req);
+ if (len > 0) {
+ cmd->iov_size = len;
+ scsi_req_continue(req);
+ }
+ return MFI_STAT_INVALID_STATUS;
+ }
+ /* Finished, set FW state */
+ if ((info->inquiry_data[0] >> 5) == 0) {
+ if (megasas_is_jbod(cmd->state)) {
+ info->fw_state = cpu_to_le16(MFI_PD_STATE_SYSTEM);
+ } else {
+ info->fw_state = cpu_to_le16(MFI_PD_STATE_ONLINE);
+ }
+ } else {
+ info->fw_state = cpu_to_le16(MFI_PD_STATE_OFFLINE);
+ }
+
+ info->ref.v.device_id = cpu_to_le16(sdev_id);
+ info->state.ddf.pd_type = cpu_to_le16(MFI_PD_DDF_TYPE_IN_VD|
+ MFI_PD_DDF_TYPE_INTF_SAS);
+ bdrv_get_geometry(conf->bs, &pd_size);
+ info->raw_size = cpu_to_le64(pd_size);
+ info->non_coerced_size = cpu_to_le64(pd_size);
+ info->coerced_size = cpu_to_le64(pd_size);
+ info->encl_device_id = 0xFFFF;
+ info->slot_number = (sdev->id & 0xFF);
+ info->path_info.count = 1;
+ info->path_info.sas_addr[0] =
+ cpu_to_le64(megasas_get_sata_addr(sdev_id));
+ info->connected_port_bitmap = 0x1;
+ info->device_speed = 1;
+ info->link_speed = 1;
+ resid = dma_buf_read(cmd->iov_buf, dcmd_size, &cmd->qsg);
+ g_free(cmd->iov_buf);
+ cmd->iov_size = dcmd_size - resid;
+ cmd->iov_buf = NULL;
+ return MFI_STAT_OK;
+}
+
+static int megasas_dcmd_pd_get_info(MegasasState *s, MegasasCmd *cmd)
+{
+ size_t dcmd_size = sizeof(struct mfi_pd_info);
+ uint16_t pd_id;
+ SCSIDevice *sdev = NULL;
+ int retval = MFI_STAT_DEVICE_NOT_FOUND;
+
+ if (cmd->iov_size < dcmd_size) {
+ return MFI_STAT_INVALID_PARAMETER;
+ }
+
+ /* mbox0 has the ID */
+ pd_id = le16_to_cpu(cmd->frame->dcmd.mbox[0]);
+ sdev = scsi_device_find(&s->bus, 0, pd_id, 0);
+ trace_megasas_dcmd_pd_get_info(cmd->index, pd_id);
+
+ if (sdev) {
+ /* Submit inquiry */
+ retval = megasas_pd_get_info_submit(sdev, pd_id, cmd);
+ }
+
+ return retval;
+}
+
+static int megasas_dcmd_ld_get_list(MegasasState *s, MegasasCmd *cmd)
+{
+ struct mfi_ld_list info;
+ size_t dcmd_size = sizeof(info), resid;
+ uint32_t num_ld_disks = 0, max_ld_disks = s->fw_luns;
+ uint64_t ld_size;
+ BusChild *kid;
+
+ memset(&info, 0, dcmd_size);
+ if (cmd->iov_size < dcmd_size) {
+ trace_megasas_dcmd_invalid_xfer_len(cmd->index, cmd->iov_size,
+ dcmd_size);
+ return MFI_STAT_INVALID_PARAMETER;
+ }
+
+ if (megasas_is_jbod(s)) {
+ max_ld_disks = 0;
+ }
+ QTAILQ_FOREACH(kid, &s->bus.qbus.children, sibling) {
+ SCSIDevice *sdev = DO_UPCAST(SCSIDevice, qdev, kid->child);
+ BlockConf *conf = &sdev->conf;
+
+ if (num_ld_disks >= max_ld_disks) {
+ break;
+ }
+ /* Logical device size is in blocks */
+ bdrv_get_geometry(conf->bs, &ld_size);
+ info.ld_list[num_ld_disks].ld.v.target_id = sdev->id;
+ info.ld_list[num_ld_disks].ld.v.lun_id = sdev->lun;
+ info.ld_list[num_ld_disks].state = MFI_LD_STATE_OPTIMAL;
+ info.ld_list[num_ld_disks].size = cpu_to_le64(ld_size);
+ num_ld_disks++;
+ }
+ info.ld_count = cpu_to_le32(num_ld_disks);
+ trace_megasas_dcmd_ld_get_list(cmd->index, num_ld_disks, max_ld_disks);
+
+ resid = dma_buf_read((uint8_t *)&info, dcmd_size, &cmd->qsg);
+ cmd->iov_size = dcmd_size - resid;
+ return MFI_STAT_OK;
+}
+
+static int megasas_ld_get_info_submit(SCSIDevice *sdev, int lun,
+ MegasasCmd *cmd)
+{
+ struct mfi_ld_info *info = cmd->iov_buf;
+ size_t dcmd_size = sizeof(struct mfi_ld_info);
+ uint8_t cdb[6];
+ SCSIRequest *req;
+ ssize_t len, resid;
+ BlockConf *conf = &sdev->conf;
+ uint16_t sdev_id = ((sdev->id & 0xFF) >> 8) | (lun & 0xFF);
+ uint64_t ld_size;
+
+ if (!cmd->iov_buf) {
+ cmd->iov_buf = g_malloc(dcmd_size);
+ memset(cmd->iov_buf, 0x0, dcmd_size);
+ info = cmd->iov_buf;
+ megasas_setup_inquiry(cdb, 0x83, sizeof(info->vpd_page83));
+ req = scsi_req_new(sdev, cmd->index, lun, cdb, cmd);
+ if (!req) {
+ trace_megasas_dcmd_req_alloc_failed(cmd->index,
+ "LD get info vpd inquiry");
+ g_free(cmd->iov_buf);
+ cmd->iov_buf = NULL;
+ return MFI_STAT_FLASH_ALLOC_FAIL;
+ }
+ trace_megasas_dcmd_internal_submit(cmd->index,
+ "LD get info vpd inquiry", lun);
+ len = scsi_req_enqueue(req);
+ if (len > 0) {
+ cmd->iov_size = len;
+ scsi_req_continue(req);
+ }
+ return MFI_STAT_INVALID_STATUS;
+ }
+
+ info->ld_config.params.state = MFI_LD_STATE_OPTIMAL;
+ info->ld_config.properties.ld.v.target_id = lun;
+ info->ld_config.params.stripe_size = 3;
+ info->ld_config.params.num_drives = 1;
+ info->ld_config.params.is_consistent = 1;
+ /* Logical device size is in blocks */
+ bdrv_get_geometry(conf->bs, &ld_size);
+ info->size = cpu_to_le64(ld_size);
+ memset(info->ld_config.span, 0, sizeof(info->ld_config.span));
+ info->ld_config.span[0].start_block = 0;
+ info->ld_config.span[0].num_blocks = info->size;
+ info->ld_config.span[0].array_ref = cpu_to_le16(sdev_id);
+
+ resid = dma_buf_read(cmd->iov_buf, dcmd_size, &cmd->qsg);
+ g_free(cmd->iov_buf);
+ cmd->iov_size = dcmd_size - resid;
+ cmd->iov_buf = NULL;
+ return MFI_STAT_OK;
+}
+
+static int megasas_dcmd_ld_get_info(MegasasState *s, MegasasCmd *cmd)
+{
+ struct mfi_ld_info info;
+ size_t dcmd_size = sizeof(info);
+ uint16_t ld_id;
+ uint32_t max_ld_disks = s->fw_luns;
+ SCSIDevice *sdev = NULL;
+ int retval = MFI_STAT_DEVICE_NOT_FOUND;
+
+ if (cmd->iov_size < dcmd_size) {
+ return MFI_STAT_INVALID_PARAMETER;
+ }
+
+ /* mbox0 has the ID */
+ ld_id = le16_to_cpu(cmd->frame->dcmd.mbox[0]);
+ trace_megasas_dcmd_ld_get_info(cmd->index, ld_id);
+
+ if (megasas_is_jbod(s)) {
+ return MFI_STAT_DEVICE_NOT_FOUND;
+ }
+
+ if (ld_id < max_ld_disks) {
+ sdev = scsi_device_find(&s->bus, 0, ld_id, 0);
+ }
+
+ if (sdev) {
+ retval = megasas_ld_get_info_submit(sdev, ld_id, cmd);
+ }
+
+ return retval;
+}
+
+static int megasas_dcmd_cfg_read(MegasasState *s, MegasasCmd *cmd)
+{
+ uint8_t data[4096];
+ struct mfi_config_data *info;
+ int num_pd_disks = 0, array_offset, ld_offset;
+ BusChild *kid;
+
+ if (cmd->iov_size > 4096) {
+ return MFI_STAT_INVALID_PARAMETER;
+ }
+
+ QTAILQ_FOREACH(kid, &s->bus.qbus.children, sibling) {
+ num_pd_disks++;
+ }
+ info = (struct mfi_config_data *)&data;
+ /*
+ * Array mapping:
+ * - One array per SCSI device
+ * - One logical drive per SCSI device
+ * spanning the entire device
+ */
+ info->array_count = num_pd_disks;
+ info->array_size = sizeof(struct mfi_array) * num_pd_disks;
+ info->log_drv_count = num_pd_disks;
+ info->log_drv_size = sizeof(struct mfi_ld_config) * num_pd_disks;
+ info->spares_count = 0;
+ info->spares_size = sizeof(struct mfi_spare);
+ info->size = sizeof(struct mfi_config_data) + info->array_size +
+ info->log_drv_size;
+ if (info->size > 4096) {
+ return MFI_STAT_INVALID_PARAMETER;
+ }
+
+ array_offset = sizeof(struct mfi_config_data);
+ ld_offset = array_offset + sizeof(struct mfi_array) * num_pd_disks;
+
+ QTAILQ_FOREACH(kid, &s->bus.qbus.children, sibling) {
+ SCSIDevice *sdev = DO_UPCAST(SCSIDevice, qdev, kid->child);
+ BlockConf *conf = &sdev->conf;
+ uint16_t sdev_id = ((sdev->id & 0xFF) >> 8) | (sdev->lun & 0xFF);
+ struct mfi_array *array;
+ struct mfi_ld_config *ld;
+ uint64_t pd_size;
+ int i;
+
+ array = (struct mfi_array *)(data + array_offset);
+ bdrv_get_geometry(conf->bs, &pd_size);
+ array->size = cpu_to_le64(pd_size);
+ array->num_drives = 1;
+ array->array_ref = cpu_to_le16(sdev_id);
+ array->pd[0].ref.v.device_id = cpu_to_le16(sdev_id);
+ array->pd[0].ref.v.seq_num = 0;
+ array->pd[0].fw_state = MFI_PD_STATE_ONLINE;
+ array->pd[0].encl.pd = 0xFF;
+ array->pd[0].encl.slot = (sdev->id & 0xFF);
+ for (i = 1; i < MFI_MAX_ROW_SIZE; i++) {
+ array->pd[i].ref.v.device_id = 0xFFFF;
+ array->pd[i].ref.v.seq_num = 0;
+ array->pd[i].fw_state = MFI_PD_STATE_UNCONFIGURED_GOOD;
+ array->pd[i].encl.pd = 0xFF;
+ array->pd[i].encl.slot = 0xFF;
+ }
+ array_offset += sizeof(struct mfi_array);
+ ld = (struct mfi_ld_config *)(data + ld_offset);
+ memset(ld, 0, sizeof(struct mfi_ld_config));
+ ld->properties.ld.v.target_id = (sdev->id & 0xFF);
+ ld->properties.default_cache_policy = MR_LD_CACHE_READ_AHEAD |
+ MR_LD_CACHE_READ_ADAPTIVE;
+ ld->properties.current_cache_policy = MR_LD_CACHE_READ_AHEAD |
+ MR_LD_CACHE_READ_ADAPTIVE;
+ ld->params.state = MFI_LD_STATE_OPTIMAL;
+ ld->params.stripe_size = 3;
+ ld->params.num_drives = 1;
+ ld->params.span_depth = 1;
+ ld->params.is_consistent = 1;
+ ld->span[0].start_block = 0;
+ ld->span[0].num_blocks = cpu_to_le64(pd_size);
+ ld->span[0].array_ref = cpu_to_le16(sdev_id);
+ ld_offset += sizeof(struct mfi_ld_config);
+ }
+
+ cmd->iov_size -= dma_buf_read((uint8_t *)data, info->size, &cmd->qsg);
+ return MFI_STAT_OK;
+}
+
+static int megasas_dcmd_get_properties(MegasasState *s, MegasasCmd *cmd)
+{
+ struct mfi_ctrl_props info;
+ size_t dcmd_size = sizeof(info);
+
+ memset(&info, 0x0, dcmd_size);
+ if (cmd->iov_size < dcmd_size) {
+ trace_megasas_dcmd_invalid_xfer_len(cmd->index, cmd->iov_size,
+ dcmd_size);
+ return MFI_STAT_INVALID_PARAMETER;
+ }
+ info.pred_fail_poll_interval = cpu_to_le16(300);
+ info.intr_throttle_cnt = cpu_to_le16(16);
+ info.intr_throttle_timeout = cpu_to_le16(50);
+ info.rebuild_rate = 30;
+ info.patrol_read_rate = 30;
+ info.bgi_rate = 30;
+ info.cc_rate = 30;
+ info.recon_rate = 30;
+ info.cache_flush_interval = 4;
+ info.spinup_drv_cnt = 2;
+ info.spinup_delay = 6;
+ info.ecc_bucket_size = 15;
+ info.ecc_bucket_leak_rate = cpu_to_le16(1440);
+ info.expose_encl_devices = 1;
+
+ cmd->iov_size -= dma_buf_read((uint8_t *)&info, dcmd_size, &cmd->qsg);
+ return MFI_STAT_OK;
+}
+
+static int megasas_cache_flush(MegasasState *s, MegasasCmd *cmd)
+{
+ bdrv_drain_all();
+ return MFI_STAT_OK;
+}
+
+static int megasas_ctrl_shutdown(MegasasState *s, MegasasCmd *cmd)
+{
+ s->fw_state = MFI_FWSTATE_READY;
+ return MFI_STAT_OK;
+}
+
+static int megasas_cluster_reset_ld(MegasasState *s, MegasasCmd *cmd)
+{
+ return MFI_STAT_INVALID_DCMD;
+}
+
+static int megasas_dcmd_set_properties(MegasasState *s, MegasasCmd *cmd)
+{
+ struct mfi_ctrl_props info;
+ size_t dcmd_size = sizeof(info);
+
+ if (cmd->iov_size < dcmd_size) {
+ trace_megasas_dcmd_invalid_xfer_len(cmd->index, cmd->iov_size,
+ dcmd_size);
+ return MFI_STAT_INVALID_PARAMETER;
+ }
+ dma_buf_write((uint8_t *)&info, cmd->iov_size, &cmd->qsg);
+ trace_megasas_dcmd_unsupported(cmd->index, cmd->iov_size);
+ return MFI_STAT_OK;
+}
+
+static int megasas_dcmd_dummy(MegasasState *s, MegasasCmd *cmd)
+{
+ trace_megasas_dcmd_dummy(cmd->index, cmd->iov_size);
+ return MFI_STAT_OK;
+}
+
+static const struct dcmd_cmd_tbl_t {
+ int opcode;
+ const char *desc;
+ int (*func)(MegasasState *s, MegasasCmd *cmd);
+} dcmd_cmd_tbl[] = {
+ { MFI_DCMD_CTRL_MFI_HOST_MEM_ALLOC, "CTRL_HOST_MEM_ALLOC",
+ megasas_dcmd_dummy },
+ { MFI_DCMD_CTRL_GET_INFO, "CTRL_GET_INFO",
+ megasas_ctrl_get_info },
+ { MFI_DCMD_CTRL_GET_PROPERTIES, "CTRL_GET_PROPERTIES",
+ megasas_dcmd_get_properties },
+ { MFI_DCMD_CTRL_SET_PROPERTIES, "CTRL_SET_PROPERTIES",
+ megasas_dcmd_set_properties },
+ { MFI_DCMD_CTRL_ALARM_GET, "CTRL_ALARM_GET",
+ megasas_dcmd_dummy },
+ { MFI_DCMD_CTRL_ALARM_ENABLE, "CTRL_ALARM_ENABLE",
+ megasas_dcmd_dummy },
+ { MFI_DCMD_CTRL_ALARM_DISABLE, "CTRL_ALARM_DISABLE",
+ megasas_dcmd_dummy },
+ { MFI_DCMD_CTRL_ALARM_SILENCE, "CTRL_ALARM_SILENCE",
+ megasas_dcmd_dummy },
+ { MFI_DCMD_CTRL_ALARM_TEST, "CTRL_ALARM_TEST",
+ megasas_dcmd_dummy },
+ { MFI_DCMD_CTRL_EVENT_GETINFO, "CTRL_EVENT_GETINFO",
+ megasas_event_info },
+ { MFI_DCMD_CTRL_EVENT_GET, "CTRL_EVENT_GET",
+ megasas_dcmd_dummy },
+ { MFI_DCMD_CTRL_EVENT_WAIT, "CTRL_EVENT_WAIT",
+ megasas_event_wait },
+ { MFI_DCMD_CTRL_SHUTDOWN, "CTRL_SHUTDOWN",
+ megasas_ctrl_shutdown },
+ { MFI_DCMD_HIBERNATE_STANDBY, "CTRL_STANDBY",
+ megasas_dcmd_dummy },
+ { MFI_DCMD_CTRL_GET_TIME, "CTRL_GET_TIME",
+ megasas_dcmd_get_fw_time },
+ { MFI_DCMD_CTRL_SET_TIME, "CTRL_SET_TIME",
+ megasas_dcmd_set_fw_time },
+ { MFI_DCMD_CTRL_BIOS_DATA_GET, "CTRL_BIOS_DATA_GET",
+ megasas_dcmd_get_bios_info },
+ { MFI_DCMD_CTRL_FACTORY_DEFAULTS, "CTRL_FACTORY_DEFAULTS",
+ megasas_dcmd_dummy },
+ { MFI_DCMD_CTRL_MFC_DEFAULTS_GET, "CTRL_MFC_DEFAULTS_GET",
+ megasas_mfc_get_defaults },
+ { MFI_DCMD_CTRL_MFC_DEFAULTS_SET, "CTRL_MFC_DEFAULTS_SET",
+ megasas_dcmd_dummy },
+ { MFI_DCMD_CTRL_CACHE_FLUSH, "CTRL_CACHE_FLUSH",
+ megasas_cache_flush },
+ { MFI_DCMD_PD_GET_LIST, "PD_GET_LIST",
+ megasas_dcmd_pd_get_list },
+ { MFI_DCMD_PD_LIST_QUERY, "PD_LIST_QUERY",
+ megasas_dcmd_pd_list_query },
+ { MFI_DCMD_PD_GET_INFO, "PD_GET_INFO",
+ megasas_dcmd_pd_get_info },
+ { MFI_DCMD_PD_STATE_SET, "PD_STATE_SET",
+ megasas_dcmd_dummy },
+ { MFI_DCMD_PD_REBUILD, "PD_REBUILD",
+ megasas_dcmd_dummy },
+ { MFI_DCMD_PD_BLINK, "PD_BLINK",
+ megasas_dcmd_dummy },
+ { MFI_DCMD_PD_UNBLINK, "PD_UNBLINK",
+ megasas_dcmd_dummy },
+ { MFI_DCMD_LD_GET_LIST, "LD_GET_LIST",
+ megasas_dcmd_ld_get_list},
+ { MFI_DCMD_LD_GET_INFO, "LD_GET_INFO",
+ megasas_dcmd_ld_get_info },
+ { MFI_DCMD_LD_GET_PROP, "LD_GET_PROP",
+ megasas_dcmd_dummy },
+ { MFI_DCMD_LD_SET_PROP, "LD_SET_PROP",
+ megasas_dcmd_dummy },
+ { MFI_DCMD_LD_DELETE, "LD_DELETE",
+ megasas_dcmd_dummy },
+ { MFI_DCMD_CFG_READ, "CFG_READ",
+ megasas_dcmd_cfg_read },
+ { MFI_DCMD_CFG_ADD, "CFG_ADD",
+ megasas_dcmd_dummy },
+ { MFI_DCMD_CFG_CLEAR, "CFG_CLEAR",
+ megasas_dcmd_dummy },
+ { MFI_DCMD_CFG_FOREIGN_READ, "CFG_FOREIGN_READ",
+ megasas_dcmd_dummy },
+ { MFI_DCMD_CFG_FOREIGN_IMPORT, "CFG_FOREIGN_IMPORT",
+ megasas_dcmd_dummy },
+ { MFI_DCMD_BBU_STATUS, "BBU_STATUS",
+ megasas_dcmd_dummy },
+ { MFI_DCMD_BBU_CAPACITY_INFO, "BBU_CAPACITY_INFO",
+ megasas_dcmd_dummy },
+ { MFI_DCMD_BBU_DESIGN_INFO, "BBU_DESIGN_INFO",
+ megasas_dcmd_dummy },
+ { MFI_DCMD_BBU_PROP_GET, "BBU_PROP_GET",
+ megasas_dcmd_dummy },
+ { MFI_DCMD_CLUSTER, "CLUSTER",
+ megasas_dcmd_dummy },
+ { MFI_DCMD_CLUSTER_RESET_ALL, "CLUSTER_RESET_ALL",
+ megasas_dcmd_dummy },
+ { MFI_DCMD_CLUSTER_RESET_LD, "CLUSTER_RESET_LD",
+ megasas_cluster_reset_ld },
+ { -1, NULL, NULL }
+};
+
+static int megasas_handle_dcmd(MegasasState *s, MegasasCmd *cmd)
+{
+ int opcode, len;
+ int retval = 0;
+ const struct dcmd_cmd_tbl_t *cmdptr = dcmd_cmd_tbl;
+
+ opcode = le32_to_cpu(cmd->frame->dcmd.opcode);
+ trace_megasas_handle_dcmd(cmd->index, opcode);
+ len = megasas_map_dcmd(s, cmd);
+ if (len < 0) {
+ return MFI_STAT_MEMORY_NOT_AVAILABLE;
+ }
+ while (cmdptr->opcode != -1 && cmdptr->opcode != opcode) {
+ cmdptr++;
+ }
+ if (cmdptr->opcode == -1) {
+ trace_megasas_dcmd_unhandled(cmd->index, opcode, len);
+ retval = megasas_dcmd_dummy(s, cmd);
+ } else {
+ trace_megasas_dcmd_enter(cmd->index, cmdptr->desc, len);
+ retval = cmdptr->func(s, cmd);
+ }
+ if (retval != MFI_STAT_INVALID_STATUS) {
+ megasas_finish_dcmd(cmd, len);
+ }
+ return retval;
+}
+
+static int megasas_finish_internal_dcmd(MegasasCmd *cmd,
+ SCSIRequest *req)
+{
+ int opcode;
+ int retval = MFI_STAT_OK;
+ int lun = req->lun;
+
+ opcode = le32_to_cpu(cmd->frame->dcmd.opcode);
+ scsi_req_unref(req);
+ trace_megasas_dcmd_internal_finish(cmd->index, opcode, lun);
+ switch (opcode) {
+ case MFI_DCMD_PD_GET_INFO:
+ retval = megasas_pd_get_info_submit(req->dev, lun, cmd);
+ break;
+ case MFI_DCMD_LD_GET_INFO:
+ retval = megasas_ld_get_info_submit(req->dev, lun, cmd);
+ break;
+ default:
+ trace_megasas_dcmd_internal_invalid(cmd->index, opcode);
+ retval = MFI_STAT_INVALID_DCMD;
+ break;
+ }
+ if (retval != MFI_STAT_INVALID_STATUS) {
+ megasas_finish_dcmd(cmd, cmd->iov_size);
+ }
+ return retval;
+}
+
+static int megasas_enqueue_req(MegasasCmd *cmd, bool is_write)
+{
+ int len;
+
+ len = scsi_req_enqueue(cmd->req);
+ if (len < 0) {
+ len = -len;
+ }
+ if (len > 0) {
+ if (len > cmd->iov_size) {
+ if (is_write) {
+ trace_megasas_iov_write_overflow(cmd->index, len,
+ cmd->iov_size);
+ } else {
+ trace_megasas_iov_read_overflow(cmd->index, len,
+ cmd->iov_size);
+ }
+ }
+ if (len < cmd->iov_size) {
+ if (is_write) {
+ trace_megasas_iov_write_underflow(cmd->index, len,
+ cmd->iov_size);
+ } else {
+ trace_megasas_iov_read_underflow(cmd->index, len,
+ cmd->iov_size);
+ }
+ cmd->iov_size = len;
+ }
+ scsi_req_continue(cmd->req);
+ }
+ return len;
+}
+
+static int megasas_handle_scsi(MegasasState *s, MegasasCmd *cmd,
+ bool is_logical)
+{
+ uint8_t *cdb;
+ int len;
+ bool is_write;
+ struct SCSIDevice *sdev = NULL;
+
+ cdb = cmd->frame->pass.cdb;
+
+ if (cmd->frame->header.target_id < s->fw_luns) {
+ sdev = scsi_device_find(&s->bus, 0, cmd->frame->header.target_id,
+ cmd->frame->header.lun_id);
+ }
+ cmd->iov_size = le32_to_cpu(cmd->frame->header.data_len);
+ trace_megasas_handle_scsi(mfi_frame_desc[cmd->frame->header.frame_cmd],
+ is_logical, cmd->frame->header.target_id,
+ cmd->frame->header.lun_id, sdev, cmd->iov_size);
+
+ if (!sdev || (megasas_is_jbod(s) && is_logical)) {
+ trace_megasas_scsi_target_not_present(
+ mfi_frame_desc[cmd->frame->header.frame_cmd], is_logical,
+ cmd->frame->header.target_id, cmd->frame->header.lun_id);
+ return MFI_STAT_DEVICE_NOT_FOUND;
+ }
+
+ if (cmd->frame->header.cdb_len > 16) {
+ trace_megasas_scsi_invalid_cdb_len(
+ mfi_frame_desc[cmd->frame->header.frame_cmd], is_logical,
+ cmd->frame->header.target_id, cmd->frame->header.lun_id,
+ cmd->frame->header.cdb_len);
+ megasas_write_sense(cmd, SENSE_CODE(INVALID_OPCODE));
+ cmd->frame->header.scsi_status = CHECK_CONDITION;
+ s->event_count++;
+ return MFI_STAT_SCSI_DONE_WITH_ERROR;
+ }
+
+ if (megasas_map_sgl(s, cmd, &cmd->frame->pass.sgl)) {
+ megasas_write_sense(cmd, SENSE_CODE(TARGET_FAILURE));
+ cmd->frame->header.scsi_status = CHECK_CONDITION;
+ s->event_count++;
+ return MFI_STAT_SCSI_DONE_WITH_ERROR;
+ }
+
+ cmd->req = scsi_req_new(sdev, cmd->index,
+ cmd->frame->header.lun_id, cdb, cmd);
+ if (!cmd->req) {
+ trace_megasas_scsi_req_alloc_failed(
+ mfi_frame_desc[cmd->frame->header.frame_cmd],
+ cmd->frame->header.target_id, cmd->frame->header.lun_id);
+ megasas_write_sense(cmd, SENSE_CODE(NO_SENSE));
+ cmd->frame->header.scsi_status = BUSY;
+ s->event_count++;
+ return MFI_STAT_SCSI_DONE_WITH_ERROR;
+ }
+
+ is_write = (cmd->req->cmd.mode == SCSI_XFER_TO_DEV);
+ len = megasas_enqueue_req(cmd, is_write);
+ if (len > 0) {
+ if (is_write) {
+ trace_megasas_scsi_write_start(cmd->index, len);
+ } else {
+ trace_megasas_scsi_read_start(cmd->index, len);
+ }
+ } else {
+ trace_megasas_scsi_nodata(cmd->index);
+ }
+ return MFI_STAT_INVALID_STATUS;
+}
+
+static int megasas_handle_io(MegasasState *s, MegasasCmd *cmd)
+{
+ uint32_t lba_count, lba_start_hi, lba_start_lo;
+ uint64_t lba_start;
+ bool is_write = (cmd->frame->header.frame_cmd == MFI_CMD_LD_WRITE);
+ uint8_t cdb[16];
+ int len;
+ struct SCSIDevice *sdev = NULL;
+
+ lba_count = le32_to_cpu(cmd->frame->io.header.data_len);
+ lba_start_lo = le32_to_cpu(cmd->frame->io.lba_lo);
+ lba_start_hi = le32_to_cpu(cmd->frame->io.lba_hi);
+ lba_start = ((uint64_t)lba_start_hi << 32) | lba_start_lo;
+
+ if (cmd->frame->header.target_id < s->fw_luns) {
+ sdev = scsi_device_find(&s->bus, 0, cmd->frame->header.target_id,
+ cmd->frame->header.lun_id);
+ }
+
+ trace_megasas_handle_io(cmd->index,
+ mfi_frame_desc[cmd->frame->header.frame_cmd],
+ cmd->frame->header.target_id,
+ cmd->frame->header.lun_id,
+ (unsigned long)lba_start, (unsigned long)lba_count);
+ if (!sdev) {
+ trace_megasas_io_target_not_present(cmd->index,
+ mfi_frame_desc[cmd->frame->header.frame_cmd],
+ cmd->frame->header.target_id, cmd->frame->header.lun_id);
+ return MFI_STAT_DEVICE_NOT_FOUND;
+ }
+
+ if (cmd->frame->header.cdb_len > 16) {
+ trace_megasas_scsi_invalid_cdb_len(
+ mfi_frame_desc[cmd->frame->header.frame_cmd], 1,
+ cmd->frame->header.target_id, cmd->frame->header.lun_id,
+ cmd->frame->header.cdb_len);
+ megasas_write_sense(cmd, SENSE_CODE(INVALID_OPCODE));
+ cmd->frame->header.scsi_status = CHECK_CONDITION;
+ s->event_count++;
+ return MFI_STAT_SCSI_DONE_WITH_ERROR;
+ }
+
+ cmd->iov_size = lba_count * sdev->blocksize;
+ if (megasas_map_sgl(s, cmd, &cmd->frame->io.sgl)) {
+ megasas_write_sense(cmd, SENSE_CODE(TARGET_FAILURE));
+ cmd->frame->header.scsi_status = CHECK_CONDITION;
+ s->event_count++;
+ return MFI_STAT_SCSI_DONE_WITH_ERROR;
+ }
+
+ megasas_encode_lba(cdb, lba_start, lba_count, is_write);
+ cmd->req = scsi_req_new(sdev, cmd->index,
+ cmd->frame->header.lun_id, cdb, cmd);
+ if (!cmd->req) {
+ trace_megasas_scsi_req_alloc_failed(
+ mfi_frame_desc[cmd->frame->header.frame_cmd],
+ cmd->frame->header.target_id, cmd->frame->header.lun_id);
+ megasas_write_sense(cmd, SENSE_CODE(NO_SENSE));
+ cmd->frame->header.scsi_status = BUSY;
+ s->event_count++;
+ return MFI_STAT_SCSI_DONE_WITH_ERROR;
+ }
+ len = megasas_enqueue_req(cmd, is_write);
+ if (len > 0) {
+ if (is_write) {
+ trace_megasas_io_write_start(cmd->index, lba_start, lba_count, len);
+ } else {
+ trace_megasas_io_read_start(cmd->index, lba_start, lba_count, len);
+ }
+ }
+ return MFI_STAT_INVALID_STATUS;
+}
+
+static int megasas_finish_internal_command(MegasasCmd *cmd,
+ SCSIRequest *req, size_t resid)
+{
+ int retval = MFI_STAT_INVALID_CMD;
+
+ if (cmd->frame->header.frame_cmd == MFI_CMD_DCMD) {
+ cmd->iov_size -= resid;
+ retval = megasas_finish_internal_dcmd(cmd, req);
+ }
+ return retval;
+}
+
+static QEMUSGList *megasas_get_sg_list(SCSIRequest *req)
+{
+ MegasasCmd *cmd = req->hba_private;
+
+ if (cmd->frame->header.frame_cmd == MFI_CMD_DCMD) {
+ return NULL;
+ } else {
+ return &cmd->qsg;
+ }
+}
+
+static void megasas_xfer_complete(SCSIRequest *req, uint32_t len)
+{
+ MegasasCmd *cmd = req->hba_private;
+ uint8_t *buf;
+ uint32_t opcode;
+
+ trace_megasas_io_complete(cmd->index, len);
+
+ if (cmd->frame->header.frame_cmd != MFI_CMD_DCMD) {
+ scsi_req_continue(req);
+ return;
+ }
+
+ buf = scsi_req_get_buf(req);
+ opcode = le32_to_cpu(cmd->frame->dcmd.opcode);
+ if (opcode == MFI_DCMD_PD_GET_INFO && cmd->iov_buf) {
+ struct mfi_pd_info *info = cmd->iov_buf;
+
+ if (info->inquiry_data[0] == 0x7f) {
+ memset(info->inquiry_data, 0, sizeof(info->inquiry_data));
+ memcpy(info->inquiry_data, buf, len);
+ } else if (info->vpd_page83[0] == 0x7f) {
+ memset(info->vpd_page83, 0, sizeof(info->vpd_page83));
+ memcpy(info->vpd_page83, buf, len);
+ }
+ scsi_req_continue(req);
+ } else if (opcode == MFI_DCMD_LD_GET_INFO) {
+ struct mfi_ld_info *info = cmd->iov_buf;
+
+ if (cmd->iov_buf) {
+ memcpy(info->vpd_page83, buf, sizeof(info->vpd_page83));
+ scsi_req_continue(req);
+ }
+ }
+}
+
+static void megasas_command_complete(SCSIRequest *req, uint32_t status,
+ size_t resid)
+{
+ MegasasCmd *cmd = req->hba_private;
+ uint8_t cmd_status = MFI_STAT_OK;
+
+ trace_megasas_command_complete(cmd->index, status, resid);
+
+ if (cmd->req != req) {
+ /*
+ * Internal command complete
+ */
+ cmd_status = megasas_finish_internal_command(cmd, req, resid);
+ if (cmd_status == MFI_STAT_INVALID_STATUS) {
+ return;
+ }
+ } else {
+ req->status = status;
+ trace_megasas_scsi_complete(cmd->index, req->status,
+ cmd->iov_size, req->cmd.xfer);
+ if (req->status != GOOD) {
+ cmd_status = MFI_STAT_SCSI_DONE_WITH_ERROR;
+ }
+ if (req->status == CHECK_CONDITION) {
+ megasas_copy_sense(cmd);
+ }
+
+ megasas_unmap_sgl(cmd);
+ cmd->frame->header.scsi_status = req->status;
+ scsi_req_unref(cmd->req);
+ cmd->req = NULL;
+ }
+ cmd->frame->header.cmd_status = cmd_status;
+ megasas_complete_frame(cmd->state, cmd->context);
+}
+
+static void megasas_command_cancel(SCSIRequest *req)
+{
+ MegasasCmd *cmd = req->hba_private;
+
+ if (cmd) {
+ megasas_abort_command(cmd);
+ } else {
+ scsi_req_unref(req);
+ }
+}
+
+static int megasas_handle_abort(MegasasState *s, MegasasCmd *cmd)
+{
+ uint64_t abort_ctx = le64_to_cpu(cmd->frame->abort.abort_context);
+ hwaddr abort_addr, addr_hi, addr_lo;
+ MegasasCmd *abort_cmd;
+
+ addr_hi = le32_to_cpu(cmd->frame->abort.abort_mfi_addr_hi);
+ addr_lo = le32_to_cpu(cmd->frame->abort.abort_mfi_addr_lo);
+ abort_addr = ((uint64_t)addr_hi << 32) | addr_lo;
+
+ abort_cmd = megasas_lookup_frame(s, abort_addr);
+ if (!abort_cmd) {
+ trace_megasas_abort_no_cmd(cmd->index, abort_ctx);
+ s->event_count++;
+ return MFI_STAT_OK;
+ }
+ if (!megasas_use_queue64(s)) {
+ abort_ctx &= (uint64_t)0xFFFFFFFF;
+ }
+ if (abort_cmd->context != abort_ctx) {
+ trace_megasas_abort_invalid_context(cmd->index, abort_cmd->index,
+ abort_cmd->context);
+ s->event_count++;
+ return MFI_STAT_ABORT_NOT_POSSIBLE;
+ }
+ trace_megasas_abort_frame(cmd->index, abort_cmd->index);
+ megasas_abort_command(abort_cmd);
+ if (!s->event_cmd || abort_cmd != s->event_cmd) {
+ s->event_cmd = NULL;
+ }
+ s->event_count++;
+ return MFI_STAT_OK;
+}
+
+static void megasas_handle_frame(MegasasState *s, uint64_t frame_addr,
+ uint32_t frame_count)
+{
+ uint8_t frame_status = MFI_STAT_INVALID_CMD;
+ uint64_t frame_context;
+ MegasasCmd *cmd;
+
+ /*
+ * Always read 64bit context, top bits will be
+ * masked out if required in megasas_enqueue_frame()
+ */
+ frame_context = megasas_frame_get_context(frame_addr);
+
+ cmd = megasas_enqueue_frame(s, frame_addr, frame_context, frame_count);
+ if (!cmd) {
+ /* reply queue full */
+ trace_megasas_frame_busy(frame_addr);
+ megasas_frame_set_scsi_status(frame_addr, BUSY);
+ megasas_frame_set_cmd_status(frame_addr, MFI_STAT_SCSI_DONE_WITH_ERROR);
+ megasas_complete_frame(s, frame_context);
+ s->event_count++;
+ return;
+ }
+ switch (cmd->frame->header.frame_cmd) {
+ case MFI_CMD_INIT:
+ frame_status = megasas_init_firmware(s, cmd);
+ break;
+ case MFI_CMD_DCMD:
+ frame_status = megasas_handle_dcmd(s, cmd);
+ break;
+ case MFI_CMD_ABORT:
+ frame_status = megasas_handle_abort(s, cmd);
+ break;
+ case MFI_CMD_PD_SCSI_IO:
+ frame_status = megasas_handle_scsi(s, cmd, 0);
+ break;
+ case MFI_CMD_LD_SCSI_IO:
+ frame_status = megasas_handle_scsi(s, cmd, 1);
+ break;
+ case MFI_CMD_LD_READ:
+ case MFI_CMD_LD_WRITE:
+ frame_status = megasas_handle_io(s, cmd);
+ break;
+ default:
+ trace_megasas_unhandled_frame_cmd(cmd->index,
+ cmd->frame->header.frame_cmd);
+ s->event_count++;
+ break;
+ }
+ if (frame_status != MFI_STAT_INVALID_STATUS) {
+ if (cmd->frame) {
+ cmd->frame->header.cmd_status = frame_status;
+ } else {
+ megasas_frame_set_cmd_status(frame_addr, frame_status);
+ }
+ megasas_complete_frame(s, cmd->context);
+ }
+}
+
+static uint64_t megasas_mmio_read(void *opaque, hwaddr addr,
+ unsigned size)
+{
+ MegasasState *s = opaque;
+ uint32_t retval = 0;
+
+ switch (addr) {
+ case MFI_IDB:
+ retval = 0;
+ break;
+ case MFI_OMSG0:
+ case MFI_OSP0:
+ retval = (megasas_use_msix(s) ? MFI_FWSTATE_MSIX_SUPPORTED : 0) |
+ (s->fw_state & MFI_FWSTATE_MASK) |
+ ((s->fw_sge & 0xff) << 16) |
+ (s->fw_cmds & 0xFFFF);
+ break;
+ case MFI_OSTS:
+ if (megasas_intr_enabled(s) && s->doorbell) {
+ retval = MFI_1078_RM | 1;
+ }
+ break;
+ case MFI_OMSK:
+ retval = s->intr_mask;
+ break;
+ case MFI_ODCR0:
+ retval = s->doorbell;
+ break;
+ default:
+ trace_megasas_mmio_invalid_readl(addr);
+ break;
+ }
+ trace_megasas_mmio_readl(addr, retval);
+ return retval;
+}
+
+static void megasas_mmio_write(void *opaque, hwaddr addr,
+ uint64_t val, unsigned size)
+{
+ MegasasState *s = opaque;
+ PCIDevice *pci_dev = PCI_DEVICE(s);
+ uint64_t frame_addr;
+ uint32_t frame_count;
+ int i;
+
+ trace_megasas_mmio_writel(addr, val);
+ switch (addr) {
+ case MFI_IDB:
+ if (val & MFI_FWINIT_ABORT) {
+ /* Abort all pending cmds */
+ for (i = 0; i < s->fw_cmds; i++) {
+ megasas_abort_command(&s->frames[i]);
+ }
+ }
+ if (val & MFI_FWINIT_READY) {
+ /* move to FW READY */
+ megasas_soft_reset(s);
+ }
+ if (val & MFI_FWINIT_MFIMODE) {
+ /* discard MFIs */
+ }
+ break;
+ case MFI_OMSK:
+ s->intr_mask = val;
+ if (!megasas_intr_enabled(s) && !msix_enabled(pci_dev)) {
+ trace_megasas_irq_lower();
+ qemu_irq_lower(pci_dev->irq[0]);
+ }
+ if (megasas_intr_enabled(s)) {
+ trace_megasas_intr_enabled();
+ } else {
+ trace_megasas_intr_disabled();
+ }
+ break;
+ case MFI_ODCR0:
+ s->doorbell = 0;
+ if (s->producer_pa && megasas_intr_enabled(s)) {
+ /* Update reply queue pointer */
+ trace_megasas_qf_update(s->reply_queue_head, s->busy);
+ stl_le_phys(s->producer_pa, s->reply_queue_head);
+ if (!msix_enabled(pci_dev)) {
+ trace_megasas_irq_lower();
+ qemu_irq_lower(pci_dev->irq[0]);
+ }
+ }
+ break;
+ case MFI_IQPH:
+ /* Received high 32 bits of a 64 bit MFI frame address */
+ s->frame_hi = val;
+ break;
+ case MFI_IQPL:
+ /* Received low 32 bits of a 64 bit MFI frame address */
+ case MFI_IQP:
+ /* Received 32 bit MFI frame address */
+ frame_addr = (val & ~0x1F);
+ /* Add possible 64 bit offset */
+ frame_addr |= ((uint64_t)s->frame_hi << 32);
+ s->frame_hi = 0;
+ frame_count = (val >> 1) & 0xF;
+ megasas_handle_frame(s, frame_addr, frame_count);
+ break;
+ default:
+ trace_megasas_mmio_invalid_writel(addr, val);
+ break;
+ }
+}
+
+static const MemoryRegionOps megasas_mmio_ops = {
+ .read = megasas_mmio_read,
+ .write = megasas_mmio_write,
+ .endianness = DEVICE_LITTLE_ENDIAN,
+ .impl = {
+ .min_access_size = 8,
+ .max_access_size = 8,
+ }
+};
+
+static uint64_t megasas_port_read(void *opaque, hwaddr addr,
+ unsigned size)
+{
+ return megasas_mmio_read(opaque, addr & 0xff, size);
+}
+
+static void megasas_port_write(void *opaque, hwaddr addr,
+ uint64_t val, unsigned size)
+{
+ megasas_mmio_write(opaque, addr & 0xff, val, size);
+}
+
+static const MemoryRegionOps megasas_port_ops = {
+ .read = megasas_port_read,
+ .write = megasas_port_write,
+ .endianness = DEVICE_LITTLE_ENDIAN,
+ .impl = {
+ .min_access_size = 4,
+ .max_access_size = 4,
+ }
+};
+
+static uint64_t megasas_queue_read(void *opaque, hwaddr addr,
+ unsigned size)
+{
+ return 0;
+}
+
+static const MemoryRegionOps megasas_queue_ops = {
+ .read = megasas_queue_read,
+ .endianness = DEVICE_LITTLE_ENDIAN,
+ .impl = {
+ .min_access_size = 8,
+ .max_access_size = 8,
+ }
+};
+
+static void megasas_soft_reset(MegasasState *s)
+{
+ int i;
+ MegasasCmd *cmd;
+
+ trace_megasas_reset();
+ for (i = 0; i < s->fw_cmds; i++) {
+ cmd = &s->frames[i];
+ megasas_abort_command(cmd);
+ }
+ megasas_reset_frames(s);
+ s->reply_queue_len = s->fw_cmds;
+ s->reply_queue_pa = 0;
+ s->consumer_pa = 0;
+ s->producer_pa = 0;
+ s->fw_state = MFI_FWSTATE_READY;
+ s->doorbell = 0;
+ s->intr_mask = MEGASAS_INTR_DISABLED_MASK;
+ s->frame_hi = 0;
+ s->flags &= ~MEGASAS_MASK_USE_QUEUE64;
+ s->event_count++;
+ s->boot_event = s->event_count;
+}
+
+static void megasas_scsi_reset(DeviceState *dev)
+{
+ MegasasState *s = MEGASAS(dev);
+
+ megasas_soft_reset(s);
+}
+
+static const VMStateDescription vmstate_megasas = {
+ .name = "megasas",
+ .version_id = 0,
+ .minimum_version_id = 0,
+ .minimum_version_id_old = 0,
+ .fields = (VMStateField[]) {
+ VMSTATE_PCI_DEVICE(parent_obj, MegasasState),
+
+ VMSTATE_INT32(fw_state, MegasasState),
+ VMSTATE_INT32(intr_mask, MegasasState),
+ VMSTATE_INT32(doorbell, MegasasState),
+ VMSTATE_UINT64(reply_queue_pa, MegasasState),
+ VMSTATE_UINT64(consumer_pa, MegasasState),
+ VMSTATE_UINT64(producer_pa, MegasasState),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+static void megasas_scsi_uninit(PCIDevice *d)
+{
+ MegasasState *s = MEGASAS(d);
+
+#ifdef USE_MSIX
+ msix_uninit(d, &s->mmio_io);
+#endif
+ memory_region_destroy(&s->mmio_io);
+ memory_region_destroy(&s->port_io);
+ memory_region_destroy(&s->queue_io);
+}
+
+static const struct SCSIBusInfo megasas_scsi_info = {
+ .tcq = true,
+ .max_target = MFI_MAX_LD,
+ .max_lun = 255,
+
+ .transfer_data = megasas_xfer_complete,
+ .get_sg_list = megasas_get_sg_list,
+ .complete = megasas_command_complete,
+ .cancel = megasas_command_cancel,
+};
+
+static int megasas_scsi_init(PCIDevice *dev)
+{
+ DeviceState *d = DEVICE(dev);
+ MegasasState *s = MEGASAS(dev);
+ uint8_t *pci_conf;
+ int i, bar_type;
+ Error *err = NULL;
+
+ pci_conf = dev->config;
+
+ /* PCI latency timer = 0 */
+ pci_conf[PCI_LATENCY_TIMER] = 0;
+ /* Interrupt pin 1 */
+ pci_conf[PCI_INTERRUPT_PIN] = 0x01;
+
+ memory_region_init_io(&s->mmio_io, OBJECT(s), &megasas_mmio_ops, s,
+ "megasas-mmio", 0x4000);
+ memory_region_init_io(&s->port_io, OBJECT(s), &megasas_port_ops, s,
+ "megasas-io", 256);
+ memory_region_init_io(&s->queue_io, OBJECT(s), &megasas_queue_ops, s,
+ "megasas-queue", 0x40000);
+
+#ifdef USE_MSIX
+ /* MSI-X support is currently broken */
+ if (megasas_use_msix(s) &&
+ msix_init(dev, 15, &s->mmio_io, 0, 0x2000)) {
+ s->flags &= ~MEGASAS_MASK_USE_MSIX;
+ }
+#else
+ s->flags &= ~MEGASAS_MASK_USE_MSIX;
+#endif
+
+ bar_type = PCI_BASE_ADDRESS_SPACE_MEMORY | PCI_BASE_ADDRESS_MEM_TYPE_64;
+ pci_register_bar(dev, 0, bar_type, &s->mmio_io);
+ pci_register_bar(dev, 2, PCI_BASE_ADDRESS_SPACE_IO, &s->port_io);
+ pci_register_bar(dev, 3, bar_type, &s->queue_io);
+
+ if (megasas_use_msix(s)) {
+ msix_vector_use(dev, 0);
+ }
+
+ if (!s->sas_addr) {
+ s->sas_addr = ((NAA_LOCALLY_ASSIGNED_ID << 24) |
+ IEEE_COMPANY_LOCALLY_ASSIGNED) << 36;
+ s->sas_addr |= (pci_bus_num(dev->bus) << 16);
+ s->sas_addr |= (PCI_SLOT(dev->devfn) << 8);
+ s->sas_addr |= PCI_FUNC(dev->devfn);
+ }
+ if (!s->hba_serial) {
+ s->hba_serial = g_strdup(MEGASAS_HBA_SERIAL);
+ }
+ if (s->fw_sge >= MEGASAS_MAX_SGE - MFI_PASS_FRAME_SIZE) {
+ s->fw_sge = MEGASAS_MAX_SGE - MFI_PASS_FRAME_SIZE;
+ } else if (s->fw_sge >= 128 - MFI_PASS_FRAME_SIZE) {
+ s->fw_sge = 128 - MFI_PASS_FRAME_SIZE;
+ } else {
+ s->fw_sge = 64 - MFI_PASS_FRAME_SIZE;
+ }
+ if (s->fw_cmds > MEGASAS_MAX_FRAMES) {
+ s->fw_cmds = MEGASAS_MAX_FRAMES;
+ }
+ trace_megasas_init(s->fw_sge, s->fw_cmds,
+ megasas_use_msix(s) ? "MSI-X" : "INTx",
+ megasas_is_jbod(s) ? "jbod" : "raid");
+ s->fw_luns = (MFI_MAX_LD > MAX_SCSI_DEVS) ?
+ MAX_SCSI_DEVS : MFI_MAX_LD;
+ s->producer_pa = 0;
+ s->consumer_pa = 0;
+ for (i = 0; i < s->fw_cmds; i++) {
+ s->frames[i].index = i;
+ s->frames[i].context = -1;
+ s->frames[i].pa = 0;
+ s->frames[i].state = s;
+ }
+
+ scsi_bus_new(&s->bus, DEVICE(dev), &megasas_scsi_info, NULL);
+ if (!d->hotplugged) {
+ scsi_bus_legacy_handle_cmdline(&s->bus, &err);
+ if (err != NULL) {
+ error_free(err);
+ return -1;
+ }
+ }
+ return 0;
+}
+
+static Property megasas_properties[] = {
+ DEFINE_PROP_UINT32("max_sge", MegasasState, fw_sge,
+ MEGASAS_DEFAULT_SGE),
+ DEFINE_PROP_UINT32("max_cmds", MegasasState, fw_cmds,
+ MEGASAS_DEFAULT_FRAMES),
+ DEFINE_PROP_STRING("hba_serial", MegasasState, hba_serial),
+ DEFINE_PROP_HEX64("sas_address", MegasasState, sas_addr, 0),
+#ifdef USE_MSIX
+ DEFINE_PROP_BIT("use_msix", MegasasState, flags,
+ MEGASAS_FLAG_USE_MSIX, false),
+#endif
+ DEFINE_PROP_BIT("use_jbod", MegasasState, flags,
+ MEGASAS_FLAG_USE_JBOD, false),
+ DEFINE_PROP_END_OF_LIST(),
+};
+
+static void megasas_class_init(ObjectClass *oc, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(oc);
+ PCIDeviceClass *pc = PCI_DEVICE_CLASS(oc);
+
+ pc->init = megasas_scsi_init;
+ pc->exit = megasas_scsi_uninit;
+ pc->vendor_id = PCI_VENDOR_ID_LSI_LOGIC;
+ pc->device_id = PCI_DEVICE_ID_LSI_SAS1078;
+ pc->subsystem_vendor_id = PCI_VENDOR_ID_LSI_LOGIC;
+ pc->subsystem_id = 0x1013;
+ pc->class_id = PCI_CLASS_STORAGE_RAID;
+ dc->props = megasas_properties;
+ dc->reset = megasas_scsi_reset;
+ dc->vmsd = &vmstate_megasas;
+ set_bit(DEVICE_CATEGORY_STORAGE, dc->categories);
+ dc->desc = "LSI MegaRAID SAS 1078";
+}
+
+static const TypeInfo megasas_info = {
+ .name = TYPE_MEGASAS,
+ .parent = TYPE_PCI_DEVICE,
+ .instance_size = sizeof(MegasasState),
+ .class_init = megasas_class_init,
+};
+
+static void megasas_register_types(void)
+{
+ type_register_static(&megasas_info);
+}
+
+type_init(megasas_register_types)
diff --git a/hw/mfi.h b/hw/scsi/mfi.h
index cd8355bad..cd8355bad 100644
--- a/hw/mfi.h
+++ b/hw/scsi/mfi.h
diff --git a/hw/scsi/scsi-bus.c b/hw/scsi/scsi-bus.c
new file mode 100644
index 000000000..fbf9173fb
--- /dev/null
+++ b/hw/scsi/scsi-bus.c
@@ -0,0 +1,1907 @@
+#include "hw/hw.h"
+#include "qemu/error-report.h"
+#include "hw/scsi/scsi.h"
+#include "block/scsi.h"
+#include "hw/qdev.h"
+#include "sysemu/blockdev.h"
+#include "trace.h"
+#include "sysemu/dma.h"
+
+static char *scsibus_get_dev_path(DeviceState *dev);
+static char *scsibus_get_fw_dev_path(DeviceState *dev);
+static int scsi_req_parse(SCSICommand *cmd, SCSIDevice *dev, uint8_t *buf);
+static void scsi_req_dequeue(SCSIRequest *req);
+
+static Property scsi_props[] = {
+ DEFINE_PROP_UINT32("channel", SCSIDevice, channel, 0),
+ DEFINE_PROP_UINT32("scsi-id", SCSIDevice, id, -1),
+ DEFINE_PROP_UINT32("lun", SCSIDevice, lun, -1),
+ DEFINE_PROP_END_OF_LIST(),
+};
+
+static void scsi_bus_class_init(ObjectClass *klass, void *data)
+{
+ BusClass *k = BUS_CLASS(klass);
+
+ k->get_dev_path = scsibus_get_dev_path;
+ k->get_fw_dev_path = scsibus_get_fw_dev_path;
+}
+
+static const TypeInfo scsi_bus_info = {
+ .name = TYPE_SCSI_BUS,
+ .parent = TYPE_BUS,
+ .instance_size = sizeof(SCSIBus),
+ .class_init = scsi_bus_class_init,
+};
+static int next_scsi_bus;
+
+static int scsi_device_init(SCSIDevice *s)
+{
+ SCSIDeviceClass *sc = SCSI_DEVICE_GET_CLASS(s);
+ if (sc->init) {
+ return sc->init(s);
+ }
+ return 0;
+}
+
+static void scsi_device_destroy(SCSIDevice *s)
+{
+ SCSIDeviceClass *sc = SCSI_DEVICE_GET_CLASS(s);
+ if (sc->destroy) {
+ sc->destroy(s);
+ }
+}
+
+static SCSIRequest *scsi_device_alloc_req(SCSIDevice *s, uint32_t tag, uint32_t lun,
+ uint8_t *buf, void *hba_private)
+{
+ SCSIDeviceClass *sc = SCSI_DEVICE_GET_CLASS(s);
+ if (sc->alloc_req) {
+ return sc->alloc_req(s, tag, lun, buf, hba_private);
+ }
+
+ return NULL;
+}
+
+static void scsi_device_unit_attention_reported(SCSIDevice *s)
+{
+ SCSIDeviceClass *sc = SCSI_DEVICE_GET_CLASS(s);
+ if (sc->unit_attention_reported) {
+ sc->unit_attention_reported(s);
+ }
+}
+
+/* Create a scsi bus, and attach devices to it. */
+void scsi_bus_new(SCSIBus *bus, DeviceState *host, const SCSIBusInfo *info,
+ const char *bus_name)
+{
+ qbus_create_inplace(&bus->qbus, TYPE_SCSI_BUS, host, bus_name);
+ bus->busnr = next_scsi_bus++;
+ bus->info = info;
+ bus->qbus.allow_hotplug = 1;
+}
+
+static void scsi_dma_restart_bh(void *opaque)
+{
+ SCSIDevice *s = opaque;
+ SCSIRequest *req, *next;
+
+ qemu_bh_delete(s->bh);
+ s->bh = NULL;
+
+ QTAILQ_FOREACH_SAFE(req, &s->requests, next, next) {
+ scsi_req_ref(req);
+ if (req->retry) {
+ req->retry = false;
+ switch (req->cmd.mode) {
+ case SCSI_XFER_FROM_DEV:
+ case SCSI_XFER_TO_DEV:
+ scsi_req_continue(req);
+ break;
+ case SCSI_XFER_NONE:
+ assert(!req->sg);
+ scsi_req_dequeue(req);
+ scsi_req_enqueue(req);
+ break;
+ }
+ }
+ scsi_req_unref(req);
+ }
+}
+
+void scsi_req_retry(SCSIRequest *req)
+{
+ /* No need to save a reference, because scsi_dma_restart_bh just
+ * looks at the request list. */
+ req->retry = true;
+}
+
+static void scsi_dma_restart_cb(void *opaque, int running, RunState state)
+{
+ SCSIDevice *s = opaque;
+
+ if (!running) {
+ return;
+ }
+ if (!s->bh) {
+ s->bh = qemu_bh_new(scsi_dma_restart_bh, s);
+ qemu_bh_schedule(s->bh);
+ }
+}
+
+static int scsi_qdev_init(DeviceState *qdev)
+{
+ SCSIDevice *dev = SCSI_DEVICE(qdev);
+ SCSIBus *bus = DO_UPCAST(SCSIBus, qbus, dev->qdev.parent_bus);
+ SCSIDevice *d;
+ int rc = -1;
+
+ if (dev->channel > bus->info->max_channel) {
+ error_report("bad scsi channel id: %d", dev->channel);
+ goto err;
+ }
+ if (dev->id != -1 && dev->id > bus->info->max_target) {
+ error_report("bad scsi device id: %d", dev->id);
+ goto err;
+ }
+ if (dev->lun != -1 && dev->lun > bus->info->max_lun) {
+ error_report("bad scsi device lun: %d", dev->lun);
+ goto err;
+ }
+
+ if (dev->id == -1) {
+ int id = -1;
+ if (dev->lun == -1) {
+ dev->lun = 0;
+ }
+ do {
+ d = scsi_device_find(bus, dev->channel, ++id, dev->lun);
+ } while (d && d->lun == dev->lun && id < bus->info->max_target);
+ if (d && d->lun == dev->lun) {
+ error_report("no free target");
+ goto err;
+ }
+ dev->id = id;
+ } else if (dev->lun == -1) {
+ int lun = -1;
+ do {
+ d = scsi_device_find(bus, dev->channel, dev->id, ++lun);
+ } while (d && d->lun == lun && lun < bus->info->max_lun);
+ if (d && d->lun == lun) {
+ error_report("no free lun");
+ goto err;
+ }
+ dev->lun = lun;
+ } else {
+ d = scsi_device_find(bus, dev->channel, dev->id, dev->lun);
+ assert(d);
+ if (d->lun == dev->lun && dev != d) {
+ qdev_free(&d->qdev);
+ }
+ }
+
+ QTAILQ_INIT(&dev->requests);
+ rc = scsi_device_init(dev);
+ if (rc == 0) {
+ dev->vmsentry = qemu_add_vm_change_state_handler(scsi_dma_restart_cb,
+ dev);
+ }
+
+ if (bus->info->hotplug) {
+ bus->info->hotplug(bus, dev);
+ }
+
+err:
+ return rc;
+}
+
+static int scsi_qdev_exit(DeviceState *qdev)
+{
+ SCSIDevice *dev = SCSI_DEVICE(qdev);
+
+ if (dev->vmsentry) {
+ qemu_del_vm_change_state_handler(dev->vmsentry);
+ }
+ scsi_device_destroy(dev);
+ return 0;
+}
+
+/* handle legacy '-drive if=scsi,...' cmd line args */
+SCSIDevice *scsi_bus_legacy_add_drive(SCSIBus *bus, BlockDriverState *bdrv,
+ int unit, bool removable, int bootindex,
+ const char *serial, Error **errp)
+{
+ const char *driver;
+ DeviceState *dev;
+ Error *err = NULL;
+
+ driver = bdrv_is_sg(bdrv) ? "scsi-generic" : "scsi-disk";
+ dev = qdev_create(&bus->qbus, driver);
+ qdev_prop_set_uint32(dev, "scsi-id", unit);
+ if (bootindex >= 0) {
+ qdev_prop_set_int32(dev, "bootindex", bootindex);
+ }
+ if (object_property_find(OBJECT(dev), "removable", NULL)) {
+ qdev_prop_set_bit(dev, "removable", removable);
+ }
+ if (serial) {
+ qdev_prop_set_string(dev, "serial", serial);
+ }
+ if (qdev_prop_set_drive(dev, "drive", bdrv) < 0) {
+ error_setg(errp, "Setting drive property failed");
+ qdev_free(dev);
+ return NULL;
+ }
+ object_property_set_bool(OBJECT(dev), true, "realized", &err);
+ if (err != NULL) {
+ error_propagate(errp, err);
+ qdev_free(dev);
+ return NULL;
+ }
+ return SCSI_DEVICE(dev);
+}
+
+void scsi_bus_legacy_handle_cmdline(SCSIBus *bus, Error **errp)
+{
+ Location loc;
+ DriveInfo *dinfo;
+ int unit;
+ Error *err = NULL;
+
+ loc_push_none(&loc);
+ for (unit = 0; unit <= bus->info->max_target; unit++) {
+ dinfo = drive_get(IF_SCSI, bus->busnr, unit);
+ if (dinfo == NULL) {
+ continue;
+ }
+ qemu_opts_loc_restore(dinfo->opts);
+ scsi_bus_legacy_add_drive(bus, dinfo->bdrv, unit, false, -1, NULL,
+ &err);
+ if (err != NULL) {
+ error_propagate(errp, err);
+ break;
+ }
+ }
+ loc_pop(&loc);
+}
+
+static int32_t scsi_invalid_field(SCSIRequest *req, uint8_t *buf)
+{
+ scsi_req_build_sense(req, SENSE_CODE(INVALID_FIELD));
+ scsi_req_complete(req, CHECK_CONDITION);
+ return 0;
+}
+
+static const struct SCSIReqOps reqops_invalid_field = {
+ .size = sizeof(SCSIRequest),
+ .send_command = scsi_invalid_field
+};
+
+/* SCSIReqOps implementation for invalid commands. */
+
+static int32_t scsi_invalid_command(SCSIRequest *req, uint8_t *buf)
+{
+ scsi_req_build_sense(req, SENSE_CODE(INVALID_OPCODE));
+ scsi_req_complete(req, CHECK_CONDITION);
+ return 0;
+}
+
+static const struct SCSIReqOps reqops_invalid_opcode = {
+ .size = sizeof(SCSIRequest),
+ .send_command = scsi_invalid_command
+};
+
+/* SCSIReqOps implementation for unit attention conditions. */
+
+static int32_t scsi_unit_attention(SCSIRequest *req, uint8_t *buf)
+{
+ if (req->dev->unit_attention.key == UNIT_ATTENTION) {
+ scsi_req_build_sense(req, req->dev->unit_attention);
+ } else if (req->bus->unit_attention.key == UNIT_ATTENTION) {
+ scsi_req_build_sense(req, req->bus->unit_attention);
+ }
+ scsi_req_complete(req, CHECK_CONDITION);
+ return 0;
+}
+
+static const struct SCSIReqOps reqops_unit_attention = {
+ .size = sizeof(SCSIRequest),
+ .send_command = scsi_unit_attention
+};
+
+/* SCSIReqOps implementation for REPORT LUNS and for commands sent to
+ an invalid LUN. */
+
+typedef struct SCSITargetReq SCSITargetReq;
+
+struct SCSITargetReq {
+ SCSIRequest req;
+ int len;
+ uint8_t buf[2056];
+};
+
+static void store_lun(uint8_t *outbuf, int lun)
+{
+ if (lun < 256) {
+ outbuf[1] = lun;
+ return;
+ }
+ outbuf[1] = (lun & 255);
+ outbuf[0] = (lun >> 8) | 0x40;
+}
+
+static bool scsi_target_emulate_report_luns(SCSITargetReq *r)
+{
+ BusChild *kid;
+ int i, len, n;
+ int channel, id;
+ bool found_lun0;
+
+ if (r->req.cmd.xfer < 16) {
+ return false;
+ }
+ if (r->req.cmd.buf[2] > 2) {
+ return false;
+ }
+ channel = r->req.dev->channel;
+ id = r->req.dev->id;
+ found_lun0 = false;
+ n = 0;
+ QTAILQ_FOREACH(kid, &r->req.bus->qbus.children, sibling) {
+ DeviceState *qdev = kid->child;
+ SCSIDevice *dev = SCSI_DEVICE(qdev);
+
+ if (dev->channel == channel && dev->id == id) {
+ if (dev->lun == 0) {
+ found_lun0 = true;
+ }
+ n += 8;
+ }
+ }
+ if (!found_lun0) {
+ n += 8;
+ }
+ len = MIN(n + 8, r->req.cmd.xfer & ~7);
+ if (len > sizeof(r->buf)) {
+ /* TODO: > 256 LUNs? */
+ return false;
+ }
+
+ memset(r->buf, 0, len);
+ stl_be_p(&r->buf, n);
+ i = found_lun0 ? 8 : 16;
+ QTAILQ_FOREACH(kid, &r->req.bus->qbus.children, sibling) {
+ DeviceState *qdev = kid->child;
+ SCSIDevice *dev = SCSI_DEVICE(qdev);
+
+ if (dev->channel == channel && dev->id == id) {
+ store_lun(&r->buf[i], dev->lun);
+ i += 8;
+ }
+ }
+ assert(i == n + 8);
+ r->len = len;
+ return true;
+}
+
+static bool scsi_target_emulate_inquiry(SCSITargetReq *r)
+{
+ assert(r->req.dev->lun != r->req.lun);
+ if (r->req.cmd.buf[1] & 0x2) {
+ /* Command support data - optional, not implemented */
+ return false;
+ }
+
+ if (r->req.cmd.buf[1] & 0x1) {
+ /* Vital product data */
+ uint8_t page_code = r->req.cmd.buf[2];
+ r->buf[r->len++] = page_code ; /* this page */
+ r->buf[r->len++] = 0x00;
+
+ switch (page_code) {
+ case 0x00: /* Supported page codes, mandatory */
+ {
+ int pages;
+ pages = r->len++;
+ r->buf[r->len++] = 0x00; /* list of supported pages (this page) */
+ r->buf[pages] = r->len - pages - 1; /* number of pages */
+ break;
+ }
+ default:
+ return false;
+ }
+ /* done with EVPD */
+ assert(r->len < sizeof(r->buf));
+ r->len = MIN(r->req.cmd.xfer, r->len);
+ return true;
+ }
+
+ /* Standard INQUIRY data */
+ if (r->req.cmd.buf[2] != 0) {
+ return false;
+ }
+
+ /* PAGE CODE == 0 */
+ r->len = MIN(r->req.cmd.xfer, 36);
+ memset(r->buf, 0, r->len);
+ if (r->req.lun != 0) {
+ r->buf[0] = TYPE_NO_LUN;
+ } else {
+ r->buf[0] = TYPE_NOT_PRESENT | TYPE_INACTIVE;
+ r->buf[2] = 5; /* Version */
+ r->buf[3] = 2 | 0x10; /* HiSup, response data format */
+ r->buf[4] = r->len - 5; /* Additional Length = (Len - 1) - 4 */
+ r->buf[7] = 0x10 | (r->req.bus->info->tcq ? 0x02 : 0); /* Sync, TCQ. */
+ memcpy(&r->buf[8], "QEMU ", 8);
+ memcpy(&r->buf[16], "QEMU TARGET ", 16);
+ pstrcpy((char *) &r->buf[32], 4, qemu_get_version());
+ }
+ return true;
+}
+
+static int32_t scsi_target_send_command(SCSIRequest *req, uint8_t *buf)
+{
+ SCSITargetReq *r = DO_UPCAST(SCSITargetReq, req, req);
+
+ switch (buf[0]) {
+ case REPORT_LUNS:
+ if (!scsi_target_emulate_report_luns(r)) {
+ goto illegal_request;
+ }
+ break;
+ case INQUIRY:
+ if (!scsi_target_emulate_inquiry(r)) {
+ goto illegal_request;
+ }
+ break;
+ case REQUEST_SENSE:
+ r->len = scsi_device_get_sense(r->req.dev, r->buf,
+ MIN(req->cmd.xfer, sizeof r->buf),
+ (req->cmd.buf[1] & 1) == 0);
+ if (r->req.dev->sense_is_ua) {
+ scsi_device_unit_attention_reported(req->dev);
+ r->req.dev->sense_len = 0;
+ r->req.dev->sense_is_ua = false;
+ }
+ break;
+ default:
+ scsi_req_build_sense(req, SENSE_CODE(LUN_NOT_SUPPORTED));
+ scsi_req_complete(req, CHECK_CONDITION);
+ return 0;
+ illegal_request:
+ scsi_req_build_sense(req, SENSE_CODE(INVALID_FIELD));
+ scsi_req_complete(req, CHECK_CONDITION);
+ return 0;
+ }
+
+ if (!r->len) {
+ scsi_req_complete(req, GOOD);
+ }
+ return r->len;
+}
+
+static void scsi_target_read_data(SCSIRequest *req)
+{
+ SCSITargetReq *r = DO_UPCAST(SCSITargetReq, req, req);
+ uint32_t n;
+
+ n = r->len;
+ if (n > 0) {
+ r->len = 0;
+ scsi_req_data(&r->req, n);
+ } else {
+ scsi_req_complete(&r->req, GOOD);
+ }
+}
+
+static uint8_t *scsi_target_get_buf(SCSIRequest *req)
+{
+ SCSITargetReq *r = DO_UPCAST(SCSITargetReq, req, req);
+
+ return r->buf;
+}
+
+static const struct SCSIReqOps reqops_target_command = {
+ .size = sizeof(SCSITargetReq),
+ .send_command = scsi_target_send_command,
+ .read_data = scsi_target_read_data,
+ .get_buf = scsi_target_get_buf,
+};
+
+
+SCSIRequest *scsi_req_alloc(const SCSIReqOps *reqops, SCSIDevice *d,
+ uint32_t tag, uint32_t lun, void *hba_private)
+{
+ SCSIRequest *req;
+ SCSIBus *bus = scsi_bus_from_device(d);
+ BusState *qbus = BUS(bus);
+
+ req = g_malloc0(reqops->size);
+ req->refcount = 1;
+ req->bus = bus;
+ req->dev = d;
+ req->tag = tag;
+ req->lun = lun;
+ req->hba_private = hba_private;
+ req->status = -1;
+ req->sense_len = 0;
+ req->ops = reqops;
+ object_ref(OBJECT(d));
+ object_ref(OBJECT(qbus->parent));
+ trace_scsi_req_alloc(req->dev->id, req->lun, req->tag);
+ return req;
+}
+
+SCSIRequest *scsi_req_new(SCSIDevice *d, uint32_t tag, uint32_t lun,
+ uint8_t *buf, void *hba_private)
+{
+ SCSIBus *bus = DO_UPCAST(SCSIBus, qbus, d->qdev.parent_bus);
+ SCSIRequest *req;
+ SCSICommand cmd;
+
+ if (scsi_req_parse(&cmd, d, buf) != 0) {
+ trace_scsi_req_parse_bad(d->id, lun, tag, buf[0]);
+ req = scsi_req_alloc(&reqops_invalid_opcode, d, tag, lun, hba_private);
+ } else {
+ trace_scsi_req_parsed(d->id, lun, tag, buf[0],
+ cmd.mode, cmd.xfer);
+ if (cmd.lba != -1) {
+ trace_scsi_req_parsed_lba(d->id, lun, tag, buf[0],
+ cmd.lba);
+ }
+
+ if (cmd.xfer > INT32_MAX) {
+ req = scsi_req_alloc(&reqops_invalid_field, d, tag, lun, hba_private);
+ } else if ((d->unit_attention.key == UNIT_ATTENTION ||
+ bus->unit_attention.key == UNIT_ATTENTION) &&
+ (buf[0] != INQUIRY &&
+ buf[0] != REPORT_LUNS &&
+ buf[0] != GET_CONFIGURATION &&
+ buf[0] != GET_EVENT_STATUS_NOTIFICATION &&
+
+ /*
+ * If we already have a pending unit attention condition,
+ * report this one before triggering another one.
+ */
+ !(buf[0] == REQUEST_SENSE && d->sense_is_ua))) {
+ req = scsi_req_alloc(&reqops_unit_attention, d, tag, lun,
+ hba_private);
+ } else if (lun != d->lun ||
+ buf[0] == REPORT_LUNS ||
+ (buf[0] == REQUEST_SENSE && d->sense_len)) {
+ req = scsi_req_alloc(&reqops_target_command, d, tag, lun,
+ hba_private);
+ } else {
+ req = scsi_device_alloc_req(d, tag, lun, buf, hba_private);
+ }
+ }
+
+ req->cmd = cmd;
+ req->resid = req->cmd.xfer;
+
+ switch (buf[0]) {
+ case INQUIRY:
+ trace_scsi_inquiry(d->id, lun, tag, cmd.buf[1], cmd.buf[2]);
+ break;
+ case TEST_UNIT_READY:
+ trace_scsi_test_unit_ready(d->id, lun, tag);
+ break;
+ case REPORT_LUNS:
+ trace_scsi_report_luns(d->id, lun, tag);
+ break;
+ case REQUEST_SENSE:
+ trace_scsi_request_sense(d->id, lun, tag);
+ break;
+ default:
+ break;
+ }
+
+ return req;
+}
+
+uint8_t *scsi_req_get_buf(SCSIRequest *req)
+{
+ return req->ops->get_buf(req);
+}
+
+static void scsi_clear_unit_attention(SCSIRequest *req)
+{
+ SCSISense *ua;
+ if (req->dev->unit_attention.key != UNIT_ATTENTION &&
+ req->bus->unit_attention.key != UNIT_ATTENTION) {
+ return;
+ }
+
+ /*
+ * If an INQUIRY command enters the enabled command state,
+ * the device server shall [not] clear any unit attention condition;
+ * See also MMC-6, paragraphs 6.5 and 6.6.2.
+ */
+ if (req->cmd.buf[0] == INQUIRY ||
+ req->cmd.buf[0] == GET_CONFIGURATION ||
+ req->cmd.buf[0] == GET_EVENT_STATUS_NOTIFICATION) {
+ return;
+ }
+
+ if (req->dev->unit_attention.key == UNIT_ATTENTION) {
+ ua = &req->dev->unit_attention;
+ } else {
+ ua = &req->bus->unit_attention;
+ }
+
+ /*
+ * If a REPORT LUNS command enters the enabled command state, [...]
+ * the device server shall clear any pending unit attention condition
+ * with an additional sense code of REPORTED LUNS DATA HAS CHANGED.
+ */
+ if (req->cmd.buf[0] == REPORT_LUNS &&
+ !(ua->asc == SENSE_CODE(REPORTED_LUNS_CHANGED).asc &&
+ ua->ascq == SENSE_CODE(REPORTED_LUNS_CHANGED).ascq)) {
+ return;
+ }
+
+ *ua = SENSE_CODE(NO_SENSE);
+}
+
+int scsi_req_get_sense(SCSIRequest *req, uint8_t *buf, int len)
+{
+ int ret;
+
+ assert(len >= 14);
+ if (!req->sense_len) {
+ return 0;
+ }
+
+ ret = scsi_build_sense(req->sense, req->sense_len, buf, len, true);
+
+ /*
+ * FIXME: clearing unit attention conditions upon autosense should be done
+ * only if the UA_INTLCK_CTRL field in the Control mode page is set to 00b
+ * (SAM-5, 5.14).
+ *
+ * We assume UA_INTLCK_CTRL to be 00b for HBAs that support autosense, and
+ * 10b for HBAs that do not support it (do not call scsi_req_get_sense).
+ * Here we handle unit attention clearing for UA_INTLCK_CTRL == 00b.
+ */
+ if (req->dev->sense_is_ua) {
+ scsi_device_unit_attention_reported(req->dev);
+ req->dev->sense_len = 0;
+ req->dev->sense_is_ua = false;
+ }
+ return ret;
+}
+
+int scsi_device_get_sense(SCSIDevice *dev, uint8_t *buf, int len, bool fixed)
+{
+ return scsi_build_sense(dev->sense, dev->sense_len, buf, len, fixed);
+}
+
+void scsi_req_build_sense(SCSIRequest *req, SCSISense sense)
+{
+ trace_scsi_req_build_sense(req->dev->id, req->lun, req->tag,
+ sense.key, sense.asc, sense.ascq);
+ memset(req->sense, 0, 18);
+ req->sense[0] = 0x70;
+ req->sense[2] = sense.key;
+ req->sense[7] = 10;
+ req->sense[12] = sense.asc;
+ req->sense[13] = sense.ascq;
+ req->sense_len = 18;
+}
+
+static void scsi_req_enqueue_internal(SCSIRequest *req)
+{
+ assert(!req->enqueued);
+ scsi_req_ref(req);
+ if (req->bus->info->get_sg_list) {
+ req->sg = req->bus->info->get_sg_list(req);
+ } else {
+ req->sg = NULL;
+ }
+ req->enqueued = true;
+ QTAILQ_INSERT_TAIL(&req->dev->requests, req, next);
+}
+
+int32_t scsi_req_enqueue(SCSIRequest *req)
+{
+ int32_t rc;
+
+ assert(!req->retry);
+ scsi_req_enqueue_internal(req);
+ scsi_req_ref(req);
+ rc = req->ops->send_command(req, req->cmd.buf);
+ scsi_req_unref(req);
+ return rc;
+}
+
+static void scsi_req_dequeue(SCSIRequest *req)
+{
+ trace_scsi_req_dequeue(req->dev->id, req->lun, req->tag);
+ req->retry = false;
+ if (req->enqueued) {
+ QTAILQ_REMOVE(&req->dev->requests, req, next);
+ req->enqueued = false;
+ scsi_req_unref(req);
+ }
+}
+
+static int scsi_get_performance_length(int num_desc, int type, int data_type)
+{
+ /* MMC-6, paragraph 6.7. */
+ switch (type) {
+ case 0:
+ if ((data_type & 3) == 0) {
+ /* Each descriptor is as in Table 295 - Nominal performance. */
+ return 16 * num_desc + 8;
+ } else {
+ /* Each descriptor is as in Table 296 - Exceptions. */
+ return 6 * num_desc + 8;
+ }
+ case 1:
+ case 4:
+ case 5:
+ return 8 * num_desc + 8;
+ case 2:
+ return 2048 * num_desc + 8;
+ case 3:
+ return 16 * num_desc + 8;
+ default:
+ return 8;
+ }
+}
+
+static int ata_passthrough_xfer_unit(SCSIDevice *dev, uint8_t *buf)
+{
+ int byte_block = (buf[2] >> 2) & 0x1;
+ int type = (buf[2] >> 4) & 0x1;
+ int xfer_unit;
+
+ if (byte_block) {
+ if (type) {
+ xfer_unit = dev->blocksize;
+ } else {
+ xfer_unit = 512;
+ }
+ } else {
+ xfer_unit = 1;
+ }
+
+ return xfer_unit;
+}
+
+static int ata_passthrough_12_xfer_size(SCSIDevice *dev, uint8_t *buf)
+{
+ int length = buf[2] & 0x3;
+ int xfer;
+ int unit = ata_passthrough_xfer_unit(dev, buf);
+
+ switch (length) {
+ case 0:
+ case 3: /* USB-specific. */
+ default:
+ xfer = 0;
+ break;
+ case 1:
+ xfer = buf[3];
+ break;
+ case 2:
+ xfer = buf[4];
+ break;
+ }
+
+ return xfer * unit;
+}
+
+static int ata_passthrough_16_xfer_size(SCSIDevice *dev, uint8_t *buf)
+{
+ int extend = buf[1] & 0x1;
+ int length = buf[2] & 0x3;
+ int xfer;
+ int unit = ata_passthrough_xfer_unit(dev, buf);
+
+ switch (length) {
+ case 0:
+ case 3: /* USB-specific. */
+ default:
+ xfer = 0;
+ break;
+ case 1:
+ xfer = buf[4];
+ xfer |= (extend ? buf[3] << 8 : 0);
+ break;
+ case 2:
+ xfer = buf[6];
+ xfer |= (extend ? buf[5] << 8 : 0);
+ break;
+ }
+
+ return xfer * unit;
+}
+
+uint32_t scsi_data_cdb_length(uint8_t *buf)
+{
+ if ((buf[0] >> 5) == 0 && buf[4] == 0) {
+ return 256;
+ } else {
+ return scsi_cdb_length(buf);
+ }
+}
+
+uint32_t scsi_cdb_length(uint8_t *buf)
+{
+ switch (buf[0] >> 5) {
+ case 0:
+ return buf[4];
+ break;
+ case 1:
+ case 2:
+ return lduw_be_p(&buf[7]);
+ break;
+ case 4:
+ return ldl_be_p(&buf[10]) & 0xffffffffULL;
+ break;
+ case 5:
+ return ldl_be_p(&buf[6]) & 0xffffffffULL;
+ break;
+ default:
+ return -1;
+ }
+}
+
+static int scsi_req_length(SCSICommand *cmd, SCSIDevice *dev, uint8_t *buf)
+{
+ cmd->xfer = scsi_cdb_length(buf);
+ switch (buf[0]) {
+ case TEST_UNIT_READY:
+ case REWIND:
+ case START_STOP:
+ case SET_CAPACITY:
+ case WRITE_FILEMARKS:
+ case WRITE_FILEMARKS_16:
+ case SPACE:
+ case RESERVE:
+ case RELEASE:
+ case ERASE:
+ case ALLOW_MEDIUM_REMOVAL:
+ case VERIFY_10:
+ case SEEK_10:
+ case SYNCHRONIZE_CACHE:
+ case SYNCHRONIZE_CACHE_16:
+ case LOCATE_16:
+ case LOCK_UNLOCK_CACHE:
+ case SET_CD_SPEED:
+ case SET_LIMITS:
+ case WRITE_LONG_10:
+ case UPDATE_BLOCK:
+ case RESERVE_TRACK:
+ case SET_READ_AHEAD:
+ case PRE_FETCH:
+ case PRE_FETCH_16:
+ case ALLOW_OVERWRITE:
+ cmd->xfer = 0;
+ break;
+ case MODE_SENSE:
+ break;
+ case WRITE_SAME_10:
+ case WRITE_SAME_16:
+ cmd->xfer = dev->blocksize;
+ break;
+ case READ_CAPACITY_10:
+ cmd->xfer = 8;
+ break;
+ case READ_BLOCK_LIMITS:
+ cmd->xfer = 6;
+ break;
+ case SEND_VOLUME_TAG:
+ /* GPCMD_SET_STREAMING from multimedia commands. */
+ if (dev->type == TYPE_ROM) {
+ cmd->xfer = buf[10] | (buf[9] << 8);
+ } else {
+ cmd->xfer = buf[9] | (buf[8] << 8);
+ }
+ break;
+ case WRITE_6:
+ /* length 0 means 256 blocks */
+ if (cmd->xfer == 0) {
+ cmd->xfer = 256;
+ }
+ case WRITE_10:
+ case WRITE_VERIFY_10:
+ case WRITE_12:
+ case WRITE_VERIFY_12:
+ case WRITE_16:
+ case WRITE_VERIFY_16:
+ cmd->xfer *= dev->blocksize;
+ break;
+ case READ_6:
+ case READ_REVERSE:
+ /* length 0 means 256 blocks */
+ if (cmd->xfer == 0) {
+ cmd->xfer = 256;
+ }
+ case READ_10:
+ case RECOVER_BUFFERED_DATA:
+ case READ_12:
+ case READ_16:
+ cmd->xfer *= dev->blocksize;
+ break;
+ case FORMAT_UNIT:
+ /* MMC mandates the parameter list to be 12-bytes long. Parameters
+ * for block devices are restricted to the header right now. */
+ if (dev->type == TYPE_ROM && (buf[1] & 16)) {
+ cmd->xfer = 12;
+ } else {
+ cmd->xfer = (buf[1] & 16) == 0 ? 0 : (buf[1] & 32 ? 8 : 4);
+ }
+ break;
+ case INQUIRY:
+ case RECEIVE_DIAGNOSTIC:
+ case SEND_DIAGNOSTIC:
+ cmd->xfer = buf[4] | (buf[3] << 8);
+ break;
+ case READ_CD:
+ case READ_BUFFER:
+ case WRITE_BUFFER:
+ case SEND_CUE_SHEET:
+ cmd->xfer = buf[8] | (buf[7] << 8) | (buf[6] << 16);
+ break;
+ case PERSISTENT_RESERVE_OUT:
+ cmd->xfer = ldl_be_p(&buf[5]) & 0xffffffffULL;
+ break;
+ case ERASE_12:
+ if (dev->type == TYPE_ROM) {
+ /* MMC command GET PERFORMANCE. */
+ cmd->xfer = scsi_get_performance_length(buf[9] | (buf[8] << 8),
+ buf[10], buf[1] & 0x1f);
+ }
+ break;
+ case MECHANISM_STATUS:
+ case READ_DVD_STRUCTURE:
+ case SEND_DVD_STRUCTURE:
+ case MAINTENANCE_OUT:
+ case MAINTENANCE_IN:
+ if (dev->type == TYPE_ROM) {
+ /* GPCMD_REPORT_KEY and GPCMD_SEND_KEY from multi media commands */
+ cmd->xfer = buf[9] | (buf[8] << 8);
+ }
+ break;
+ case ATA_PASSTHROUGH_12:
+ if (dev->type == TYPE_ROM) {
+ /* BLANK command of MMC */
+ cmd->xfer = 0;
+ } else {
+ cmd->xfer = ata_passthrough_12_xfer_size(dev, buf);
+ }
+ break;
+ case ATA_PASSTHROUGH_16:
+ cmd->xfer = ata_passthrough_16_xfer_size(dev, buf);
+ break;
+ }
+ return 0;
+}
+
+static int scsi_req_stream_length(SCSICommand *cmd, SCSIDevice *dev, uint8_t *buf)
+{
+ switch (buf[0]) {
+ /* stream commands */
+ case ERASE_12:
+ case ERASE_16:
+ cmd->xfer = 0;
+ break;
+ case READ_6:
+ case READ_REVERSE:
+ case RECOVER_BUFFERED_DATA:
+ case WRITE_6:
+ cmd->xfer = buf[4] | (buf[3] << 8) | (buf[2] << 16);
+ if (buf[1] & 0x01) { /* fixed */
+ cmd->xfer *= dev->blocksize;
+ }
+ break;
+ case READ_16:
+ case READ_REVERSE_16:
+ case VERIFY_16:
+ case WRITE_16:
+ cmd->xfer = buf[14] | (buf[13] << 8) | (buf[12] << 16);
+ if (buf[1] & 0x01) { /* fixed */
+ cmd->xfer *= dev->blocksize;
+ }
+ break;
+ case REWIND:
+ case LOAD_UNLOAD:
+ cmd->xfer = 0;
+ break;
+ case SPACE_16:
+ cmd->xfer = buf[13] | (buf[12] << 8);
+ break;
+ case READ_POSITION:
+ switch (buf[1] & 0x1f) /* operation code */ {
+ case SHORT_FORM_BLOCK_ID:
+ case SHORT_FORM_VENDOR_SPECIFIC:
+ cmd->xfer = 20;
+ break;
+ case LONG_FORM:
+ cmd->xfer = 32;
+ break;
+ case EXTENDED_FORM:
+ cmd->xfer = buf[8] | (buf[7] << 8);
+ break;
+ default:
+ return -1;
+ }
+
+ break;
+ case FORMAT_UNIT:
+ cmd->xfer = buf[4] | (buf[3] << 8);
+ break;
+ /* generic commands */
+ default:
+ return scsi_req_length(cmd, dev, buf);
+ }
+ return 0;
+}
+
+static int scsi_req_medium_changer_length(SCSICommand *cmd, SCSIDevice *dev, uint8_t *buf)
+{
+ switch (buf[0]) {
+ /* medium changer commands */
+ case EXCHANGE_MEDIUM:
+ case INITIALIZE_ELEMENT_STATUS:
+ case INITIALIZE_ELEMENT_STATUS_WITH_RANGE:
+ case MOVE_MEDIUM:
+ case POSITION_TO_ELEMENT:
+ cmd->xfer = 0;
+ break;
+ case READ_ELEMENT_STATUS:
+ cmd->xfer = buf[9] | (buf[8] << 8) | (buf[7] << 16);
+ break;
+
+ /* generic commands */
+ default:
+ return scsi_req_length(cmd, dev, buf);
+ }
+ return 0;
+}
+
+
+static void scsi_cmd_xfer_mode(SCSICommand *cmd)
+{
+ if (!cmd->xfer) {
+ cmd->mode = SCSI_XFER_NONE;
+ return;
+ }
+ switch (cmd->buf[0]) {
+ case WRITE_6:
+ case WRITE_10:
+ case WRITE_VERIFY_10:
+ case WRITE_12:
+ case WRITE_VERIFY_12:
+ case WRITE_16:
+ case WRITE_VERIFY_16:
+ case COPY:
+ case COPY_VERIFY:
+ case COMPARE:
+ case CHANGE_DEFINITION:
+ case LOG_SELECT:
+ case MODE_SELECT:
+ case MODE_SELECT_10:
+ case SEND_DIAGNOSTIC:
+ case WRITE_BUFFER:
+ case FORMAT_UNIT:
+ case REASSIGN_BLOCKS:
+ case SEARCH_EQUAL:
+ case SEARCH_HIGH:
+ case SEARCH_LOW:
+ case UPDATE_BLOCK:
+ case WRITE_LONG_10:
+ case WRITE_SAME_10:
+ case WRITE_SAME_16:
+ case UNMAP:
+ case SEARCH_HIGH_12:
+ case SEARCH_EQUAL_12:
+ case SEARCH_LOW_12:
+ case MEDIUM_SCAN:
+ case SEND_VOLUME_TAG:
+ case SEND_CUE_SHEET:
+ case SEND_DVD_STRUCTURE:
+ case PERSISTENT_RESERVE_OUT:
+ case MAINTENANCE_OUT:
+ cmd->mode = SCSI_XFER_TO_DEV;
+ break;
+ case ATA_PASSTHROUGH_12:
+ case ATA_PASSTHROUGH_16:
+ /* T_DIR */
+ cmd->mode = (cmd->buf[2] & 0x8) ?
+ SCSI_XFER_FROM_DEV : SCSI_XFER_TO_DEV;
+ break;
+ default:
+ cmd->mode = SCSI_XFER_FROM_DEV;
+ break;
+ }
+}
+
+static uint64_t scsi_cmd_lba(SCSICommand *cmd)
+{
+ uint8_t *buf = cmd->buf;
+ uint64_t lba;
+
+ switch (buf[0] >> 5) {
+ case 0:
+ lba = ldl_be_p(&buf[0]) & 0x1fffff;
+ break;
+ case 1:
+ case 2:
+ case 5:
+ lba = ldl_be_p(&buf[2]) & 0xffffffffULL;
+ break;
+ case 4:
+ lba = ldq_be_p(&buf[2]);
+ break;
+ default:
+ lba = -1;
+
+ }
+ return lba;
+}
+
+int scsi_req_parse(SCSICommand *cmd, SCSIDevice *dev, uint8_t *buf)
+{
+ int rc;
+
+ switch (buf[0] >> 5) {
+ case 0:
+ cmd->len = 6;
+ break;
+ case 1:
+ case 2:
+ cmd->len = 10;
+ break;
+ case 4:
+ cmd->len = 16;
+ break;
+ case 5:
+ cmd->len = 12;
+ break;
+ default:
+ return -1;
+ }
+
+ switch (dev->type) {
+ case TYPE_TAPE:
+ rc = scsi_req_stream_length(cmd, dev, buf);
+ break;
+ case TYPE_MEDIUM_CHANGER:
+ rc = scsi_req_medium_changer_length(cmd, dev, buf);
+ break;
+ default:
+ rc = scsi_req_length(cmd, dev, buf);
+ break;
+ }
+
+ if (rc != 0)
+ return rc;
+
+ memcpy(cmd->buf, buf, cmd->len);
+ scsi_cmd_xfer_mode(cmd);
+ cmd->lba = scsi_cmd_lba(cmd);
+ return 0;
+}
+
+void scsi_device_report_change(SCSIDevice *dev, SCSISense sense)
+{
+ SCSIBus *bus = DO_UPCAST(SCSIBus, qbus, dev->qdev.parent_bus);
+
+ scsi_device_set_ua(dev, sense);
+ if (bus->info->change) {
+ bus->info->change(bus, dev, sense);
+ }
+}
+
+/*
+ * Predefined sense codes
+ */
+
+/* No sense data available */
+const struct SCSISense sense_code_NO_SENSE = {
+ .key = NO_SENSE , .asc = 0x00 , .ascq = 0x00
+};
+
+/* LUN not ready, Manual intervention required */
+const struct SCSISense sense_code_LUN_NOT_READY = {
+ .key = NOT_READY, .asc = 0x04, .ascq = 0x03
+};
+
+/* LUN not ready, Medium not present */
+const struct SCSISense sense_code_NO_MEDIUM = {
+ .key = NOT_READY, .asc = 0x3a, .ascq = 0x00
+};
+
+/* LUN not ready, medium removal prevented */
+const struct SCSISense sense_code_NOT_READY_REMOVAL_PREVENTED = {
+ .key = NOT_READY, .asc = 0x53, .ascq = 0x02
+};
+
+/* Hardware error, internal target failure */
+const struct SCSISense sense_code_TARGET_FAILURE = {
+ .key = HARDWARE_ERROR, .asc = 0x44, .ascq = 0x00
+};
+
+/* Illegal request, invalid command operation code */
+const struct SCSISense sense_code_INVALID_OPCODE = {
+ .key = ILLEGAL_REQUEST, .asc = 0x20, .ascq = 0x00
+};
+
+/* Illegal request, LBA out of range */
+const struct SCSISense sense_code_LBA_OUT_OF_RANGE = {
+ .key = ILLEGAL_REQUEST, .asc = 0x21, .ascq = 0x00
+};
+
+/* Illegal request, Invalid field in CDB */
+const struct SCSISense sense_code_INVALID_FIELD = {
+ .key = ILLEGAL_REQUEST, .asc = 0x24, .ascq = 0x00
+};
+
+/* Illegal request, Invalid field in parameter list */
+const struct SCSISense sense_code_INVALID_PARAM = {
+ .key = ILLEGAL_REQUEST, .asc = 0x26, .ascq = 0x00
+};
+
+/* Illegal request, Parameter list length error */
+const struct SCSISense sense_code_INVALID_PARAM_LEN = {
+ .key = ILLEGAL_REQUEST, .asc = 0x1a, .ascq = 0x00
+};
+
+/* Illegal request, LUN not supported */
+const struct SCSISense sense_code_LUN_NOT_SUPPORTED = {
+ .key = ILLEGAL_REQUEST, .asc = 0x25, .ascq = 0x00
+};
+
+/* Illegal request, Saving parameters not supported */
+const struct SCSISense sense_code_SAVING_PARAMS_NOT_SUPPORTED = {
+ .key = ILLEGAL_REQUEST, .asc = 0x39, .ascq = 0x00
+};
+
+/* Illegal request, Incompatible medium installed */
+const struct SCSISense sense_code_INCOMPATIBLE_FORMAT = {
+ .key = ILLEGAL_REQUEST, .asc = 0x30, .ascq = 0x00
+};
+
+/* Illegal request, medium removal prevented */
+const struct SCSISense sense_code_ILLEGAL_REQ_REMOVAL_PREVENTED = {
+ .key = ILLEGAL_REQUEST, .asc = 0x53, .ascq = 0x02
+};
+
+/* Command aborted, I/O process terminated */
+const struct SCSISense sense_code_IO_ERROR = {
+ .key = ABORTED_COMMAND, .asc = 0x00, .ascq = 0x06
+};
+
+/* Command aborted, I_T Nexus loss occurred */
+const struct SCSISense sense_code_I_T_NEXUS_LOSS = {
+ .key = ABORTED_COMMAND, .asc = 0x29, .ascq = 0x07
+};
+
+/* Command aborted, Logical Unit failure */
+const struct SCSISense sense_code_LUN_FAILURE = {
+ .key = ABORTED_COMMAND, .asc = 0x3e, .ascq = 0x01
+};
+
+/* Unit attention, Capacity data has changed */
+const struct SCSISense sense_code_CAPACITY_CHANGED = {
+ .key = UNIT_ATTENTION, .asc = 0x2a, .ascq = 0x09
+};
+
+/* Unit attention, Power on, reset or bus device reset occurred */
+const struct SCSISense sense_code_RESET = {
+ .key = UNIT_ATTENTION, .asc = 0x29, .ascq = 0x00
+};
+
+/* Unit attention, No medium */
+const struct SCSISense sense_code_UNIT_ATTENTION_NO_MEDIUM = {
+ .key = UNIT_ATTENTION, .asc = 0x3a, .ascq = 0x00
+};
+
+/* Unit attention, Medium may have changed */
+const struct SCSISense sense_code_MEDIUM_CHANGED = {
+ .key = UNIT_ATTENTION, .asc = 0x28, .ascq = 0x00
+};
+
+/* Unit attention, Reported LUNs data has changed */
+const struct SCSISense sense_code_REPORTED_LUNS_CHANGED = {
+ .key = UNIT_ATTENTION, .asc = 0x3f, .ascq = 0x0e
+};
+
+/* Unit attention, Device internal reset */
+const struct SCSISense sense_code_DEVICE_INTERNAL_RESET = {
+ .key = UNIT_ATTENTION, .asc = 0x29, .ascq = 0x04
+};
+
+/* Data Protection, Write Protected */
+const struct SCSISense sense_code_WRITE_PROTECTED = {
+ .key = DATA_PROTECT, .asc = 0x27, .ascq = 0x00
+};
+
+/*
+ * scsi_build_sense
+ *
+ * Convert between fixed and descriptor sense buffers
+ */
+int scsi_build_sense(uint8_t *in_buf, int in_len,
+ uint8_t *buf, int len, bool fixed)
+{
+ bool fixed_in;
+ SCSISense sense;
+ if (!fixed && len < 8) {
+ return 0;
+ }
+
+ if (in_len == 0) {
+ sense.key = NO_SENSE;
+ sense.asc = 0;
+ sense.ascq = 0;
+ } else {
+ fixed_in = (in_buf[0] & 2) == 0;
+
+ if (fixed == fixed_in) {
+ memcpy(buf, in_buf, MIN(len, in_len));
+ return MIN(len, in_len);
+ }
+
+ if (fixed_in) {
+ sense.key = in_buf[2];
+ sense.asc = in_buf[12];
+ sense.ascq = in_buf[13];
+ } else {
+ sense.key = in_buf[1];
+ sense.asc = in_buf[2];
+ sense.ascq = in_buf[3];
+ }
+ }
+
+ memset(buf, 0, len);
+ if (fixed) {
+ /* Return fixed format sense buffer */
+ buf[0] = 0x70;
+ buf[2] = sense.key;
+ buf[7] = 10;
+ buf[12] = sense.asc;
+ buf[13] = sense.ascq;
+ return MIN(len, 18);
+ } else {
+ /* Return descriptor format sense buffer */
+ buf[0] = 0x72;
+ buf[1] = sense.key;
+ buf[2] = sense.asc;
+ buf[3] = sense.ascq;
+ return 8;
+ }
+}
+
+static const char *scsi_command_name(uint8_t cmd)
+{
+ static const char *names[] = {
+ [ TEST_UNIT_READY ] = "TEST_UNIT_READY",
+ [ REWIND ] = "REWIND",
+ [ REQUEST_SENSE ] = "REQUEST_SENSE",
+ [ FORMAT_UNIT ] = "FORMAT_UNIT",
+ [ READ_BLOCK_LIMITS ] = "READ_BLOCK_LIMITS",
+ [ REASSIGN_BLOCKS ] = "REASSIGN_BLOCKS/INITIALIZE ELEMENT STATUS",
+ /* LOAD_UNLOAD and INITIALIZE_ELEMENT_STATUS use the same operation code */
+ [ READ_6 ] = "READ_6",
+ [ WRITE_6 ] = "WRITE_6",
+ [ SET_CAPACITY ] = "SET_CAPACITY",
+ [ READ_REVERSE ] = "READ_REVERSE",
+ [ WRITE_FILEMARKS ] = "WRITE_FILEMARKS",
+ [ SPACE ] = "SPACE",
+ [ INQUIRY ] = "INQUIRY",
+ [ RECOVER_BUFFERED_DATA ] = "RECOVER_BUFFERED_DATA",
+ [ MAINTENANCE_IN ] = "MAINTENANCE_IN",
+ [ MAINTENANCE_OUT ] = "MAINTENANCE_OUT",
+ [ MODE_SELECT ] = "MODE_SELECT",
+ [ RESERVE ] = "RESERVE",
+ [ RELEASE ] = "RELEASE",
+ [ COPY ] = "COPY",
+ [ ERASE ] = "ERASE",
+ [ MODE_SENSE ] = "MODE_SENSE",
+ [ START_STOP ] = "START_STOP/LOAD_UNLOAD",
+ /* LOAD_UNLOAD and START_STOP use the same operation code */
+ [ RECEIVE_DIAGNOSTIC ] = "RECEIVE_DIAGNOSTIC",
+ [ SEND_DIAGNOSTIC ] = "SEND_DIAGNOSTIC",
+ [ ALLOW_MEDIUM_REMOVAL ] = "ALLOW_MEDIUM_REMOVAL",
+ [ READ_CAPACITY_10 ] = "READ_CAPACITY_10",
+ [ READ_10 ] = "READ_10",
+ [ WRITE_10 ] = "WRITE_10",
+ [ SEEK_10 ] = "SEEK_10/POSITION_TO_ELEMENT",
+ /* SEEK_10 and POSITION_TO_ELEMENT use the same operation code */
+ [ WRITE_VERIFY_10 ] = "WRITE_VERIFY_10",
+ [ VERIFY_10 ] = "VERIFY_10",
+ [ SEARCH_HIGH ] = "SEARCH_HIGH",
+ [ SEARCH_EQUAL ] = "SEARCH_EQUAL",
+ [ SEARCH_LOW ] = "SEARCH_LOW",
+ [ SET_LIMITS ] = "SET_LIMITS",
+ [ PRE_FETCH ] = "PRE_FETCH/READ_POSITION",
+ /* READ_POSITION and PRE_FETCH use the same operation code */
+ [ SYNCHRONIZE_CACHE ] = "SYNCHRONIZE_CACHE",
+ [ LOCK_UNLOCK_CACHE ] = "LOCK_UNLOCK_CACHE",
+ [ READ_DEFECT_DATA ] = "READ_DEFECT_DATA/INITIALIZE_ELEMENT_STATUS_WITH_RANGE",
+ /* READ_DEFECT_DATA and INITIALIZE_ELEMENT_STATUS_WITH_RANGE use the same operation code */
+ [ MEDIUM_SCAN ] = "MEDIUM_SCAN",
+ [ COMPARE ] = "COMPARE",
+ [ COPY_VERIFY ] = "COPY_VERIFY",
+ [ WRITE_BUFFER ] = "WRITE_BUFFER",
+ [ READ_BUFFER ] = "READ_BUFFER",
+ [ UPDATE_BLOCK ] = "UPDATE_BLOCK",
+ [ READ_LONG_10 ] = "READ_LONG_10",
+ [ WRITE_LONG_10 ] = "WRITE_LONG_10",
+ [ CHANGE_DEFINITION ] = "CHANGE_DEFINITION",
+ [ WRITE_SAME_10 ] = "WRITE_SAME_10",
+ [ UNMAP ] = "UNMAP",
+ [ READ_TOC ] = "READ_TOC",
+ [ REPORT_DENSITY_SUPPORT ] = "REPORT_DENSITY_SUPPORT",
+ [ SANITIZE ] = "SANITIZE",
+ [ GET_CONFIGURATION ] = "GET_CONFIGURATION",
+ [ LOG_SELECT ] = "LOG_SELECT",
+ [ LOG_SENSE ] = "LOG_SENSE",
+ [ MODE_SELECT_10 ] = "MODE_SELECT_10",
+ [ RESERVE_10 ] = "RESERVE_10",
+ [ RELEASE_10 ] = "RELEASE_10",
+ [ MODE_SENSE_10 ] = "MODE_SENSE_10",
+ [ PERSISTENT_RESERVE_IN ] = "PERSISTENT_RESERVE_IN",
+ [ PERSISTENT_RESERVE_OUT ] = "PERSISTENT_RESERVE_OUT",
+ [ WRITE_FILEMARKS_16 ] = "WRITE_FILEMARKS_16",
+ [ EXTENDED_COPY ] = "EXTENDED_COPY",
+ [ ATA_PASSTHROUGH_16 ] = "ATA_PASSTHROUGH_16",
+ [ ACCESS_CONTROL_IN ] = "ACCESS_CONTROL_IN",
+ [ ACCESS_CONTROL_OUT ] = "ACCESS_CONTROL_OUT",
+ [ READ_16 ] = "READ_16",
+ [ COMPARE_AND_WRITE ] = "COMPARE_AND_WRITE",
+ [ WRITE_16 ] = "WRITE_16",
+ [ WRITE_VERIFY_16 ] = "WRITE_VERIFY_16",
+ [ VERIFY_16 ] = "VERIFY_16",
+ [ PRE_FETCH_16 ] = "PRE_FETCH_16",
+ [ SYNCHRONIZE_CACHE_16 ] = "SPACE_16/SYNCHRONIZE_CACHE_16",
+ /* SPACE_16 and SYNCHRONIZE_CACHE_16 use the same operation code */
+ [ LOCATE_16 ] = "LOCATE_16",
+ [ WRITE_SAME_16 ] = "ERASE_16/WRITE_SAME_16",
+ /* ERASE_16 and WRITE_SAME_16 use the same operation code */
+ [ SERVICE_ACTION_IN_16 ] = "SERVICE_ACTION_IN_16",
+ [ WRITE_LONG_16 ] = "WRITE_LONG_16",
+ [ REPORT_LUNS ] = "REPORT_LUNS",
+ [ ATA_PASSTHROUGH_12 ] = "BLANK/ATA_PASSTHROUGH_12",
+ [ MOVE_MEDIUM ] = "MOVE_MEDIUM",
+ [ EXCHANGE_MEDIUM ] = "EXCHANGE MEDIUM",
+ [ READ_12 ] = "READ_12",
+ [ WRITE_12 ] = "WRITE_12",
+ [ ERASE_12 ] = "ERASE_12/GET_PERFORMANCE",
+ /* ERASE_12 and GET_PERFORMANCE use the same operation code */
+ [ SERVICE_ACTION_IN_12 ] = "SERVICE_ACTION_IN_12",
+ [ WRITE_VERIFY_12 ] = "WRITE_VERIFY_12",
+ [ VERIFY_12 ] = "VERIFY_12",
+ [ SEARCH_HIGH_12 ] = "SEARCH_HIGH_12",
+ [ SEARCH_EQUAL_12 ] = "SEARCH_EQUAL_12",
+ [ SEARCH_LOW_12 ] = "SEARCH_LOW_12",
+ [ READ_ELEMENT_STATUS ] = "READ_ELEMENT_STATUS",
+ [ SEND_VOLUME_TAG ] = "SEND_VOLUME_TAG/SET_STREAMING",
+ /* SEND_VOLUME_TAG and SET_STREAMING use the same operation code */
+ [ READ_CD ] = "READ_CD",
+ [ READ_DEFECT_DATA_12 ] = "READ_DEFECT_DATA_12",
+ [ READ_DVD_STRUCTURE ] = "READ_DVD_STRUCTURE",
+ [ RESERVE_TRACK ] = "RESERVE_TRACK",
+ [ SEND_CUE_SHEET ] = "SEND_CUE_SHEET",
+ [ SEND_DVD_STRUCTURE ] = "SEND_DVD_STRUCTURE",
+ [ SET_CD_SPEED ] = "SET_CD_SPEED",
+ [ SET_READ_AHEAD ] = "SET_READ_AHEAD",
+ [ ALLOW_OVERWRITE ] = "ALLOW_OVERWRITE",
+ [ MECHANISM_STATUS ] = "MECHANISM_STATUS",
+ };
+
+ if (cmd >= ARRAY_SIZE(names) || names[cmd] == NULL)
+ return "*UNKNOWN*";
+ return names[cmd];
+}
+
+SCSIRequest *scsi_req_ref(SCSIRequest *req)
+{
+ assert(req->refcount > 0);
+ req->refcount++;
+ return req;
+}
+
+void scsi_req_unref(SCSIRequest *req)
+{
+ assert(req->refcount > 0);
+ if (--req->refcount == 0) {
+ BusState *qbus = req->dev->qdev.parent_bus;
+ SCSIBus *bus = DO_UPCAST(SCSIBus, qbus, qbus);
+
+ if (bus->info->free_request && req->hba_private) {
+ bus->info->free_request(bus, req->hba_private);
+ }
+ if (req->ops->free_req) {
+ req->ops->free_req(req);
+ }
+ object_unref(OBJECT(req->dev));
+ object_unref(OBJECT(qbus->parent));
+ g_free(req);
+ }
+}
+
+/* Tell the device that we finished processing this chunk of I/O. It
+ will start the next chunk or complete the command. */
+void scsi_req_continue(SCSIRequest *req)
+{
+ if (req->io_canceled) {
+ trace_scsi_req_continue_canceled(req->dev->id, req->lun, req->tag);
+ return;
+ }
+ trace_scsi_req_continue(req->dev->id, req->lun, req->tag);
+ if (req->cmd.mode == SCSI_XFER_TO_DEV) {
+ req->ops->write_data(req);
+ } else {
+ req->ops->read_data(req);
+ }
+}
+
+/* Called by the devices when data is ready for the HBA. The HBA should
+ start a DMA operation to read or fill the device's data buffer.
+ Once it completes, calling scsi_req_continue will restart I/O. */
+void scsi_req_data(SCSIRequest *req, int len)
+{
+ uint8_t *buf;
+ if (req->io_canceled) {
+ trace_scsi_req_data_canceled(req->dev->id, req->lun, req->tag, len);
+ return;
+ }
+ trace_scsi_req_data(req->dev->id, req->lun, req->tag, len);
+ assert(req->cmd.mode != SCSI_XFER_NONE);
+ if (!req->sg) {
+ req->resid -= len;
+ req->bus->info->transfer_data(req, len);
+ return;
+ }
+
+ /* If the device calls scsi_req_data and the HBA specified a
+ * scatter/gather list, the transfer has to happen in a single
+ * step. */
+ assert(!req->dma_started);
+ req->dma_started = true;
+
+ buf = scsi_req_get_buf(req);
+ if (req->cmd.mode == SCSI_XFER_FROM_DEV) {
+ req->resid = dma_buf_read(buf, len, req->sg);
+ } else {
+ req->resid = dma_buf_write(buf, len, req->sg);
+ }
+ scsi_req_continue(req);
+}
+
+void scsi_req_print(SCSIRequest *req)
+{
+ FILE *fp = stderr;
+ int i;
+
+ fprintf(fp, "[%s id=%d] %s",
+ req->dev->qdev.parent_bus->name,
+ req->dev->id,
+ scsi_command_name(req->cmd.buf[0]));
+ for (i = 1; i < req->cmd.len; i++) {
+ fprintf(fp, " 0x%02x", req->cmd.buf[i]);
+ }
+ switch (req->cmd.mode) {
+ case SCSI_XFER_NONE:
+ fprintf(fp, " - none\n");
+ break;
+ case SCSI_XFER_FROM_DEV:
+ fprintf(fp, " - from-dev len=%zd\n", req->cmd.xfer);
+ break;
+ case SCSI_XFER_TO_DEV:
+ fprintf(fp, " - to-dev len=%zd\n", req->cmd.xfer);
+ break;
+ default:
+ fprintf(fp, " - Oops\n");
+ break;
+ }
+}
+
+void scsi_req_complete(SCSIRequest *req, int status)
+{
+ assert(req->status == -1);
+ req->status = status;
+
+ assert(req->sense_len <= sizeof(req->sense));
+ if (status == GOOD) {
+ req->sense_len = 0;
+ }
+
+ if (req->sense_len) {
+ memcpy(req->dev->sense, req->sense, req->sense_len);
+ req->dev->sense_len = req->sense_len;
+ req->dev->sense_is_ua = (req->ops == &reqops_unit_attention);
+ } else {
+ req->dev->sense_len = 0;
+ req->dev->sense_is_ua = false;
+ }
+
+ /*
+ * Unit attention state is now stored in the device's sense buffer
+ * if the HBA didn't do autosense. Clear the pending unit attention
+ * flags.
+ */
+ scsi_clear_unit_attention(req);
+
+ scsi_req_ref(req);
+ scsi_req_dequeue(req);
+ req->bus->info->complete(req, req->status, req->resid);
+ scsi_req_unref(req);
+}
+
+void scsi_req_cancel(SCSIRequest *req)
+{
+ trace_scsi_req_cancel(req->dev->id, req->lun, req->tag);
+ if (!req->enqueued) {
+ return;
+ }
+ scsi_req_ref(req);
+ scsi_req_dequeue(req);
+ req->io_canceled = true;
+ if (req->ops->cancel_io) {
+ req->ops->cancel_io(req);
+ }
+ if (req->bus->info->cancel) {
+ req->bus->info->cancel(req);
+ }
+ scsi_req_unref(req);
+}
+
+void scsi_req_abort(SCSIRequest *req, int status)
+{
+ if (!req->enqueued) {
+ return;
+ }
+ scsi_req_ref(req);
+ scsi_req_dequeue(req);
+ req->io_canceled = true;
+ if (req->ops->cancel_io) {
+ req->ops->cancel_io(req);
+ }
+ scsi_req_complete(req, status);
+ scsi_req_unref(req);
+}
+
+static int scsi_ua_precedence(SCSISense sense)
+{
+ if (sense.key != UNIT_ATTENTION) {
+ return INT_MAX;
+ }
+ if (sense.asc == 0x29 && sense.ascq == 0x04) {
+ /* DEVICE INTERNAL RESET goes with POWER ON OCCURRED */
+ return 1;
+ } else if (sense.asc == 0x3F && sense.ascq == 0x01) {
+ /* MICROCODE HAS BEEN CHANGED goes with SCSI BUS RESET OCCURRED */
+ return 2;
+ } else if (sense.asc == 0x29 && (sense.ascq == 0x05 || sense.ascq == 0x06)) {
+ /* These two go with "all others". */
+ ;
+ } else if (sense.asc == 0x29 && sense.ascq <= 0x07) {
+ /* POWER ON, RESET OR BUS DEVICE RESET OCCURRED = 0
+ * POWER ON OCCURRED = 1
+ * SCSI BUS RESET OCCURRED = 2
+ * BUS DEVICE RESET FUNCTION OCCURRED = 3
+ * I_T NEXUS LOSS OCCURRED = 7
+ */
+ return sense.ascq;
+ } else if (sense.asc == 0x2F && sense.ascq == 0x01) {
+ /* COMMANDS CLEARED BY POWER LOSS NOTIFICATION */
+ return 8;
+ }
+ return (sense.asc << 8) | sense.ascq;
+}
+
+void scsi_device_set_ua(SCSIDevice *sdev, SCSISense sense)
+{
+ int prec1, prec2;
+ if (sense.key != UNIT_ATTENTION) {
+ return;
+ }
+ trace_scsi_device_set_ua(sdev->id, sdev->lun, sense.key,
+ sense.asc, sense.ascq);
+
+ /*
+ * Override a pre-existing unit attention condition, except for a more
+ * important reset condition.
+ */
+ prec1 = scsi_ua_precedence(sdev->unit_attention);
+ prec2 = scsi_ua_precedence(sense);
+ if (prec2 < prec1) {
+ sdev->unit_attention = sense;
+ }
+}
+
+void scsi_device_purge_requests(SCSIDevice *sdev, SCSISense sense)
+{
+ SCSIRequest *req;
+
+ while (!QTAILQ_EMPTY(&sdev->requests)) {
+ req = QTAILQ_FIRST(&sdev->requests);
+ scsi_req_cancel(req);
+ }
+
+ scsi_device_set_ua(sdev, sense);
+}
+
+static char *scsibus_get_dev_path(DeviceState *dev)
+{
+ SCSIDevice *d = DO_UPCAST(SCSIDevice, qdev, dev);
+ DeviceState *hba = dev->parent_bus->parent;
+ char *id;
+ char *path;
+
+ id = qdev_get_dev_path(hba);
+ if (id) {
+ path = g_strdup_printf("%s/%d:%d:%d", id, d->channel, d->id, d->lun);
+ } else {
+ path = g_strdup_printf("%d:%d:%d", d->channel, d->id, d->lun);
+ }
+ g_free(id);
+ return path;
+}
+
+static char *scsibus_get_fw_dev_path(DeviceState *dev)
+{
+ SCSIDevice *d = SCSI_DEVICE(dev);
+ return g_strdup_printf("channel@%x/%s@%x,%x", d->channel,
+ qdev_fw_name(dev), d->id, d->lun);
+}
+
+SCSIDevice *scsi_device_find(SCSIBus *bus, int channel, int id, int lun)
+{
+ BusChild *kid;
+ SCSIDevice *target_dev = NULL;
+
+ QTAILQ_FOREACH_REVERSE(kid, &bus->qbus.children, ChildrenHead, sibling) {
+ DeviceState *qdev = kid->child;
+ SCSIDevice *dev = SCSI_DEVICE(qdev);
+
+ if (dev->channel == channel && dev->id == id) {
+ if (dev->lun == lun) {
+ return dev;
+ }
+ target_dev = dev;
+ }
+ }
+ return target_dev;
+}
+
+/* SCSI request list. For simplicity, pv points to the whole device */
+
+static void put_scsi_requests(QEMUFile *f, void *pv, size_t size)
+{
+ SCSIDevice *s = pv;
+ SCSIBus *bus = DO_UPCAST(SCSIBus, qbus, s->qdev.parent_bus);
+ SCSIRequest *req;
+
+ QTAILQ_FOREACH(req, &s->requests, next) {
+ assert(!req->io_canceled);
+ assert(req->status == -1);
+ assert(req->enqueued);
+
+ qemu_put_sbyte(f, req->retry ? 1 : 2);
+ qemu_put_buffer(f, req->cmd.buf, sizeof(req->cmd.buf));
+ qemu_put_be32s(f, &req->tag);
+ qemu_put_be32s(f, &req->lun);
+ if (bus->info->save_request) {
+ bus->info->save_request(f, req);
+ }
+ if (req->ops->save_request) {
+ req->ops->save_request(f, req);
+ }
+ }
+ qemu_put_sbyte(f, 0);
+}
+
+static int get_scsi_requests(QEMUFile *f, void *pv, size_t size)
+{
+ SCSIDevice *s = pv;
+ SCSIBus *bus = DO_UPCAST(SCSIBus, qbus, s->qdev.parent_bus);
+ int8_t sbyte;
+
+ while ((sbyte = qemu_get_sbyte(f)) > 0) {
+ uint8_t buf[SCSI_CMD_BUF_SIZE];
+ uint32_t tag;
+ uint32_t lun;
+ SCSIRequest *req;
+
+ qemu_get_buffer(f, buf, sizeof(buf));
+ qemu_get_be32s(f, &tag);
+ qemu_get_be32s(f, &lun);
+ req = scsi_req_new(s, tag, lun, buf, NULL);
+ req->retry = (sbyte == 1);
+ if (bus->info->load_request) {
+ req->hba_private = bus->info->load_request(f, req);
+ }
+ if (req->ops->load_request) {
+ req->ops->load_request(f, req);
+ }
+
+ /* Just restart it later. */
+ scsi_req_enqueue_internal(req);
+
+ /* At this point, the request will be kept alive by the reference
+ * added by scsi_req_enqueue_internal, so we can release our reference.
+ * The HBA of course will add its own reference in the load_request
+ * callback if it needs to hold on the SCSIRequest.
+ */
+ scsi_req_unref(req);
+ }
+
+ return 0;
+}
+
+static int scsi_qdev_unplug(DeviceState *qdev)
+{
+ SCSIDevice *dev = SCSI_DEVICE(qdev);
+ SCSIBus *bus = DO_UPCAST(SCSIBus, qbus, dev->qdev.parent_bus);
+
+ if (bus->info->hot_unplug) {
+ bus->info->hot_unplug(bus, dev);
+ }
+ return qdev_simple_unplug_cb(qdev);
+}
+
+static const VMStateInfo vmstate_info_scsi_requests = {
+ .name = "scsi-requests",
+ .get = get_scsi_requests,
+ .put = put_scsi_requests,
+};
+
+const VMStateDescription vmstate_scsi_device = {
+ .name = "SCSIDevice",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .minimum_version_id_old = 1,
+ .fields = (VMStateField[]) {
+ VMSTATE_UINT8(unit_attention.key, SCSIDevice),
+ VMSTATE_UINT8(unit_attention.asc, SCSIDevice),
+ VMSTATE_UINT8(unit_attention.ascq, SCSIDevice),
+ VMSTATE_BOOL(sense_is_ua, SCSIDevice),
+ VMSTATE_UINT8_ARRAY(sense, SCSIDevice, SCSI_SENSE_BUF_SIZE),
+ VMSTATE_UINT32(sense_len, SCSIDevice),
+ {
+ .name = "requests",
+ .version_id = 0,
+ .field_exists = NULL,
+ .size = 0, /* ouch */
+ .info = &vmstate_info_scsi_requests,
+ .flags = VMS_SINGLE,
+ .offset = 0,
+ },
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+static void scsi_device_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *k = DEVICE_CLASS(klass);
+ set_bit(DEVICE_CATEGORY_STORAGE, k->categories);
+ k->bus_type = TYPE_SCSI_BUS;
+ k->init = scsi_qdev_init;
+ k->unplug = scsi_qdev_unplug;
+ k->exit = scsi_qdev_exit;
+ k->props = scsi_props;
+}
+
+static const TypeInfo scsi_device_type_info = {
+ .name = TYPE_SCSI_DEVICE,
+ .parent = TYPE_DEVICE,
+ .instance_size = sizeof(SCSIDevice),
+ .abstract = true,
+ .class_size = sizeof(SCSIDeviceClass),
+ .class_init = scsi_device_class_init,
+};
+
+static void scsi_register_types(void)
+{
+ type_register_static(&scsi_bus_info);
+ type_register_static(&scsi_device_type_info);
+}
+
+type_init(scsi_register_types)
diff --git a/hw/scsi/scsi-disk.c b/hw/scsi/scsi-disk.c
new file mode 100644
index 000000000..74e6a14c2
--- /dev/null
+++ b/hw/scsi/scsi-disk.c
@@ -0,0 +1,2546 @@
+/*
+ * SCSI Device emulation
+ *
+ * Copyright (c) 2006 CodeSourcery.
+ * Based on code by Fabrice Bellard
+ *
+ * Written by Paul Brook
+ * Modifications:
+ * 2009-Dec-12 Artyom Tarasenko : implemented stamdard inquiry for the case
+ * when the allocation length of CDB is smaller
+ * than 36.
+ * 2009-Oct-13 Artyom Tarasenko : implemented the block descriptor in the
+ * MODE SENSE response.
+ *
+ * This code is licensed under the LGPL.
+ *
+ * Note that this file only handles the SCSI architecture model and device
+ * commands. Emulation of interface/link layer protocols is handled by
+ * the host adapter emulator.
+ */
+
+//#define DEBUG_SCSI
+
+#ifdef DEBUG_SCSI
+#define DPRINTF(fmt, ...) \
+do { printf("scsi-disk: " fmt , ## __VA_ARGS__); } while (0)
+#else
+#define DPRINTF(fmt, ...) do {} while(0)
+#endif
+
+#include "qemu-common.h"
+#include "qemu/error-report.h"
+#include "hw/scsi/scsi.h"
+#include "block/scsi.h"
+#include "sysemu/sysemu.h"
+#include "sysemu/blockdev.h"
+#include "hw/block/block.h"
+#include "sysemu/dma.h"
+
+#ifdef __linux
+#include <scsi/sg.h>
+#endif
+
+#define SCSI_DMA_BUF_SIZE 131072
+#define SCSI_MAX_INQUIRY_LEN 256
+#define SCSI_MAX_MODE_LEN 256
+
+#define DEFAULT_DISCARD_GRANULARITY 4096
+
+typedef struct SCSIDiskState SCSIDiskState;
+
+typedef struct SCSIDiskReq {
+ SCSIRequest req;
+ /* Both sector and sector_count are in terms of qemu 512 byte blocks. */
+ uint64_t sector;
+ uint32_t sector_count;
+ uint32_t buflen;
+ bool started;
+ struct iovec iov;
+ QEMUIOVector qiov;
+ BlockAcctCookie acct;
+} SCSIDiskReq;
+
+#define SCSI_DISK_F_REMOVABLE 0
+#define SCSI_DISK_F_DPOFUA 1
+#define SCSI_DISK_F_NO_REMOVABLE_DEVOPS 2
+
+struct SCSIDiskState
+{
+ SCSIDevice qdev;
+ uint32_t features;
+ bool media_changed;
+ bool media_event;
+ bool eject_request;
+ uint64_t wwn;
+ QEMUBH *bh;
+ char *version;
+ char *serial;
+ char *vendor;
+ char *product;
+ bool tray_open;
+ bool tray_locked;
+};
+
+static int scsi_handle_rw_error(SCSIDiskReq *r, int error);
+
+static void scsi_free_request(SCSIRequest *req)
+{
+ SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
+
+ qemu_vfree(r->iov.iov_base);
+}
+
+/* Helper function for command completion with sense. */
+static void scsi_check_condition(SCSIDiskReq *r, SCSISense sense)
+{
+ DPRINTF("Command complete tag=0x%x sense=%d/%d/%d\n",
+ r->req.tag, sense.key, sense.asc, sense.ascq);
+ scsi_req_build_sense(&r->req, sense);
+ scsi_req_complete(&r->req, CHECK_CONDITION);
+}
+
+/* Cancel a pending data transfer. */
+static void scsi_cancel_io(SCSIRequest *req)
+{
+ SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
+
+ DPRINTF("Cancel tag=0x%x\n", req->tag);
+ if (r->req.aiocb) {
+ bdrv_aio_cancel(r->req.aiocb);
+
+ /* This reference was left in by scsi_*_data. We take ownership of
+ * it the moment scsi_req_cancel is called, independent of whether
+ * bdrv_aio_cancel completes the request or not. */
+ scsi_req_unref(&r->req);
+ }
+ r->req.aiocb = NULL;
+}
+
+static uint32_t scsi_init_iovec(SCSIDiskReq *r, size_t size)
+{
+ SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
+
+ if (!r->iov.iov_base) {
+ r->buflen = size;
+ r->iov.iov_base = qemu_blockalign(s->qdev.conf.bs, r->buflen);
+ }
+ r->iov.iov_len = MIN(r->sector_count * 512, r->buflen);
+ qemu_iovec_init_external(&r->qiov, &r->iov, 1);
+ return r->qiov.size / 512;
+}
+
+static void scsi_disk_save_request(QEMUFile *f, SCSIRequest *req)
+{
+ SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
+
+ qemu_put_be64s(f, &r->sector);
+ qemu_put_be32s(f, &r->sector_count);
+ qemu_put_be32s(f, &r->buflen);
+ if (r->buflen) {
+ if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
+ qemu_put_buffer(f, r->iov.iov_base, r->iov.iov_len);
+ } else if (!req->retry) {
+ uint32_t len = r->iov.iov_len;
+ qemu_put_be32s(f, &len);
+ qemu_put_buffer(f, r->iov.iov_base, r->iov.iov_len);
+ }
+ }
+}
+
+static void scsi_disk_load_request(QEMUFile *f, SCSIRequest *req)
+{
+ SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
+
+ qemu_get_be64s(f, &r->sector);
+ qemu_get_be32s(f, &r->sector_count);
+ qemu_get_be32s(f, &r->buflen);
+ if (r->buflen) {
+ scsi_init_iovec(r, r->buflen);
+ if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
+ qemu_get_buffer(f, r->iov.iov_base, r->iov.iov_len);
+ } else if (!r->req.retry) {
+ uint32_t len;
+ qemu_get_be32s(f, &len);
+ r->iov.iov_len = len;
+ assert(r->iov.iov_len <= r->buflen);
+ qemu_get_buffer(f, r->iov.iov_base, r->iov.iov_len);
+ }
+ }
+
+ qemu_iovec_init_external(&r->qiov, &r->iov, 1);
+}
+
+static void scsi_aio_complete(void *opaque, int ret)
+{
+ SCSIDiskReq *r = (SCSIDiskReq *)opaque;
+ SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
+
+ assert(r->req.aiocb != NULL);
+ r->req.aiocb = NULL;
+ bdrv_acct_done(s->qdev.conf.bs, &r->acct);
+ if (r->req.io_canceled) {
+ goto done;
+ }
+
+ if (ret < 0) {
+ if (scsi_handle_rw_error(r, -ret)) {
+ goto done;
+ }
+ }
+
+ scsi_req_complete(&r->req, GOOD);
+
+done:
+ if (!r->req.io_canceled) {
+ scsi_req_unref(&r->req);
+ }
+}
+
+static bool scsi_is_cmd_fua(SCSICommand *cmd)
+{
+ switch (cmd->buf[0]) {
+ case READ_10:
+ case READ_12:
+ case READ_16:
+ case WRITE_10:
+ case WRITE_12:
+ case WRITE_16:
+ return (cmd->buf[1] & 8) != 0;
+
+ case VERIFY_10:
+ case VERIFY_12:
+ case VERIFY_16:
+ case WRITE_VERIFY_10:
+ case WRITE_VERIFY_12:
+ case WRITE_VERIFY_16:
+ return true;
+
+ case READ_6:
+ case WRITE_6:
+ default:
+ return false;
+ }
+}
+
+static void scsi_write_do_fua(SCSIDiskReq *r)
+{
+ SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
+
+ if (r->req.io_canceled) {
+ goto done;
+ }
+
+ if (scsi_is_cmd_fua(&r->req.cmd)) {
+ bdrv_acct_start(s->qdev.conf.bs, &r->acct, 0, BDRV_ACCT_FLUSH);
+ r->req.aiocb = bdrv_aio_flush(s->qdev.conf.bs, scsi_aio_complete, r);
+ return;
+ }
+
+ scsi_req_complete(&r->req, GOOD);
+
+done:
+ if (!r->req.io_canceled) {
+ scsi_req_unref(&r->req);
+ }
+}
+
+static void scsi_dma_complete_noio(void *opaque, int ret)
+{
+ SCSIDiskReq *r = (SCSIDiskReq *)opaque;
+ SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
+
+ if (r->req.aiocb != NULL) {
+ r->req.aiocb = NULL;
+ bdrv_acct_done(s->qdev.conf.bs, &r->acct);
+ }
+ if (r->req.io_canceled) {
+ goto done;
+ }
+
+ if (ret < 0) {
+ if (scsi_handle_rw_error(r, -ret)) {
+ goto done;
+ }
+ }
+
+ r->sector += r->sector_count;
+ r->sector_count = 0;
+ if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
+ scsi_write_do_fua(r);
+ return;
+ } else {
+ scsi_req_complete(&r->req, GOOD);
+ }
+
+done:
+ if (!r->req.io_canceled) {
+ scsi_req_unref(&r->req);
+ }
+}
+
+static void scsi_dma_complete(void *opaque, int ret)
+{
+ SCSIDiskReq *r = (SCSIDiskReq *)opaque;
+
+ assert(r->req.aiocb != NULL);
+ scsi_dma_complete_noio(opaque, ret);
+}
+
+static void scsi_read_complete(void * opaque, int ret)
+{
+ SCSIDiskReq *r = (SCSIDiskReq *)opaque;
+ SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
+ int n;
+
+ assert(r->req.aiocb != NULL);
+ r->req.aiocb = NULL;
+ bdrv_acct_done(s->qdev.conf.bs, &r->acct);
+ if (r->req.io_canceled) {
+ goto done;
+ }
+
+ if (ret < 0) {
+ if (scsi_handle_rw_error(r, -ret)) {
+ goto done;
+ }
+ }
+
+ DPRINTF("Data ready tag=0x%x len=%zd\n", r->req.tag, r->qiov.size);
+
+ n = r->qiov.size / 512;
+ r->sector += n;
+ r->sector_count -= n;
+ scsi_req_data(&r->req, r->qiov.size);
+
+done:
+ if (!r->req.io_canceled) {
+ scsi_req_unref(&r->req);
+ }
+}
+
+/* Actually issue a read to the block device. */
+static void scsi_do_read(void *opaque, int ret)
+{
+ SCSIDiskReq *r = opaque;
+ SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
+ uint32_t n;
+
+ if (r->req.aiocb != NULL) {
+ r->req.aiocb = NULL;
+ bdrv_acct_done(s->qdev.conf.bs, &r->acct);
+ }
+ if (r->req.io_canceled) {
+ goto done;
+ }
+
+ if (ret < 0) {
+ if (scsi_handle_rw_error(r, -ret)) {
+ goto done;
+ }
+ }
+
+ /* The request is used as the AIO opaque value, so add a ref. */
+ scsi_req_ref(&r->req);
+
+ if (r->req.sg) {
+ dma_acct_start(s->qdev.conf.bs, &r->acct, r->req.sg, BDRV_ACCT_READ);
+ r->req.resid -= r->req.sg->size;
+ r->req.aiocb = dma_bdrv_read(s->qdev.conf.bs, r->req.sg, r->sector,
+ scsi_dma_complete, r);
+ } else {
+ n = scsi_init_iovec(r, SCSI_DMA_BUF_SIZE);
+ bdrv_acct_start(s->qdev.conf.bs, &r->acct, n * BDRV_SECTOR_SIZE, BDRV_ACCT_READ);
+ r->req.aiocb = bdrv_aio_readv(s->qdev.conf.bs, r->sector, &r->qiov, n,
+ scsi_read_complete, r);
+ }
+
+done:
+ if (!r->req.io_canceled) {
+ scsi_req_unref(&r->req);
+ }
+}
+
+/* Read more data from scsi device into buffer. */
+static void scsi_read_data(SCSIRequest *req)
+{
+ SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
+ SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
+ bool first;
+
+ DPRINTF("Read sector_count=%d\n", r->sector_count);
+ if (r->sector_count == 0) {
+ /* This also clears the sense buffer for REQUEST SENSE. */
+ scsi_req_complete(&r->req, GOOD);
+ return;
+ }
+
+ /* No data transfer may already be in progress */
+ assert(r->req.aiocb == NULL);
+
+ /* The request is used as the AIO opaque value, so add a ref. */
+ scsi_req_ref(&r->req);
+ if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
+ DPRINTF("Data transfer direction invalid\n");
+ scsi_read_complete(r, -EINVAL);
+ return;
+ }
+
+ if (s->tray_open) {
+ scsi_read_complete(r, -ENOMEDIUM);
+ return;
+ }
+
+ first = !r->started;
+ r->started = true;
+ if (first && scsi_is_cmd_fua(&r->req.cmd)) {
+ bdrv_acct_start(s->qdev.conf.bs, &r->acct, 0, BDRV_ACCT_FLUSH);
+ r->req.aiocb = bdrv_aio_flush(s->qdev.conf.bs, scsi_do_read, r);
+ } else {
+ scsi_do_read(r, 0);
+ }
+}
+
+/*
+ * scsi_handle_rw_error has two return values. 0 means that the error
+ * must be ignored, 1 means that the error has been processed and the
+ * caller should not do anything else for this request. Note that
+ * scsi_handle_rw_error always manages its reference counts, independent
+ * of the return value.
+ */
+static int scsi_handle_rw_error(SCSIDiskReq *r, int error)
+{
+ bool is_read = (r->req.cmd.xfer == SCSI_XFER_FROM_DEV);
+ SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
+ BlockErrorAction action = bdrv_get_error_action(s->qdev.conf.bs, is_read, error);
+
+ if (action == BDRV_ACTION_REPORT) {
+ switch (error) {
+ case ENOMEDIUM:
+ scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
+ break;
+ case ENOMEM:
+ scsi_check_condition(r, SENSE_CODE(TARGET_FAILURE));
+ break;
+ case EINVAL:
+ scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
+ break;
+ default:
+ scsi_check_condition(r, SENSE_CODE(IO_ERROR));
+ break;
+ }
+ }
+ bdrv_error_action(s->qdev.conf.bs, action, is_read, error);
+ if (action == BDRV_ACTION_STOP) {
+ scsi_req_retry(&r->req);
+ }
+ return action != BDRV_ACTION_IGNORE;
+}
+
+static void scsi_write_complete(void * opaque, int ret)
+{
+ SCSIDiskReq *r = (SCSIDiskReq *)opaque;
+ SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
+ uint32_t n;
+
+ if (r->req.aiocb != NULL) {
+ r->req.aiocb = NULL;
+ bdrv_acct_done(s->qdev.conf.bs, &r->acct);
+ }
+ if (r->req.io_canceled) {
+ goto done;
+ }
+
+ if (ret < 0) {
+ if (scsi_handle_rw_error(r, -ret)) {
+ goto done;
+ }
+ }
+
+ n = r->qiov.size / 512;
+ r->sector += n;
+ r->sector_count -= n;
+ if (r->sector_count == 0) {
+ scsi_write_do_fua(r);
+ return;
+ } else {
+ scsi_init_iovec(r, SCSI_DMA_BUF_SIZE);
+ DPRINTF("Write complete tag=0x%x more=%zd\n", r->req.tag, r->qiov.size);
+ scsi_req_data(&r->req, r->qiov.size);
+ }
+
+done:
+ if (!r->req.io_canceled) {
+ scsi_req_unref(&r->req);
+ }
+}
+
+static void scsi_write_data(SCSIRequest *req)
+{
+ SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
+ SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
+ uint32_t n;
+
+ /* No data transfer may already be in progress */
+ assert(r->req.aiocb == NULL);
+
+ /* The request is used as the AIO opaque value, so add a ref. */
+ scsi_req_ref(&r->req);
+ if (r->req.cmd.mode != SCSI_XFER_TO_DEV) {
+ DPRINTF("Data transfer direction invalid\n");
+ scsi_write_complete(r, -EINVAL);
+ return;
+ }
+
+ if (!r->req.sg && !r->qiov.size) {
+ /* Called for the first time. Ask the driver to send us more data. */
+ r->started = true;
+ scsi_write_complete(r, 0);
+ return;
+ }
+ if (s->tray_open) {
+ scsi_write_complete(r, -ENOMEDIUM);
+ return;
+ }
+
+ if (r->req.cmd.buf[0] == VERIFY_10 || r->req.cmd.buf[0] == VERIFY_12 ||
+ r->req.cmd.buf[0] == VERIFY_16) {
+ if (r->req.sg) {
+ scsi_dma_complete_noio(r, 0);
+ } else {
+ scsi_write_complete(r, 0);
+ }
+ return;
+ }
+
+ if (r->req.sg) {
+ dma_acct_start(s->qdev.conf.bs, &r->acct, r->req.sg, BDRV_ACCT_WRITE);
+ r->req.resid -= r->req.sg->size;
+ r->req.aiocb = dma_bdrv_write(s->qdev.conf.bs, r->req.sg, r->sector,
+ scsi_dma_complete, r);
+ } else {
+ n = r->qiov.size / 512;
+ bdrv_acct_start(s->qdev.conf.bs, &r->acct, n * BDRV_SECTOR_SIZE, BDRV_ACCT_WRITE);
+ r->req.aiocb = bdrv_aio_writev(s->qdev.conf.bs, r->sector, &r->qiov, n,
+ scsi_write_complete, r);
+ }
+}
+
+/* Return a pointer to the data buffer. */
+static uint8_t *scsi_get_buf(SCSIRequest *req)
+{
+ SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
+
+ return (uint8_t *)r->iov.iov_base;
+}
+
+static int scsi_disk_emulate_inquiry(SCSIRequest *req, uint8_t *outbuf)
+{
+ SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
+ int buflen = 0;
+ int start;
+
+ if (req->cmd.buf[1] & 0x1) {
+ /* Vital product data */
+ uint8_t page_code = req->cmd.buf[2];
+
+ outbuf[buflen++] = s->qdev.type & 0x1f;
+ outbuf[buflen++] = page_code ; // this page
+ outbuf[buflen++] = 0x00;
+ outbuf[buflen++] = 0x00;
+ start = buflen;
+
+ switch (page_code) {
+ case 0x00: /* Supported page codes, mandatory */
+ {
+ DPRINTF("Inquiry EVPD[Supported pages] "
+ "buffer size %zd\n", req->cmd.xfer);
+ outbuf[buflen++] = 0x00; // list of supported pages (this page)
+ if (s->serial) {
+ outbuf[buflen++] = 0x80; // unit serial number
+ }
+ outbuf[buflen++] = 0x83; // device identification
+ if (s->qdev.type == TYPE_DISK) {
+ outbuf[buflen++] = 0xb0; // block limits
+ outbuf[buflen++] = 0xb2; // thin provisioning
+ }
+ break;
+ }
+ case 0x80: /* Device serial number, optional */
+ {
+ int l;
+
+ if (!s->serial) {
+ DPRINTF("Inquiry (EVPD[Serial number] not supported\n");
+ return -1;
+ }
+
+ l = strlen(s->serial);
+ if (l > 20) {
+ l = 20;
+ }
+
+ DPRINTF("Inquiry EVPD[Serial number] "
+ "buffer size %zd\n", req->cmd.xfer);
+ memcpy(outbuf+buflen, s->serial, l);
+ buflen += l;
+ break;
+ }
+
+ case 0x83: /* Device identification page, mandatory */
+ {
+ const char *str = s->serial ?: bdrv_get_device_name(s->qdev.conf.bs);
+ int max_len = s->serial ? 20 : 255 - 8;
+ int id_len = strlen(str);
+
+ if (id_len > max_len) {
+ id_len = max_len;
+ }
+ DPRINTF("Inquiry EVPD[Device identification] "
+ "buffer size %zd\n", req->cmd.xfer);
+
+ outbuf[buflen++] = 0x2; // ASCII
+ outbuf[buflen++] = 0; // not officially assigned
+ outbuf[buflen++] = 0; // reserved
+ outbuf[buflen++] = id_len; // length of data following
+ memcpy(outbuf+buflen, str, id_len);
+ buflen += id_len;
+
+ if (s->wwn) {
+ outbuf[buflen++] = 0x1; // Binary
+ outbuf[buflen++] = 0x3; // NAA
+ outbuf[buflen++] = 0; // reserved
+ outbuf[buflen++] = 8;
+ stq_be_p(&outbuf[buflen], s->wwn);
+ buflen += 8;
+ }
+ break;
+ }
+ case 0xb0: /* block limits */
+ {
+ unsigned int unmap_sectors =
+ s->qdev.conf.discard_granularity / s->qdev.blocksize;
+ unsigned int min_io_size =
+ s->qdev.conf.min_io_size / s->qdev.blocksize;
+ unsigned int opt_io_size =
+ s->qdev.conf.opt_io_size / s->qdev.blocksize;
+
+ if (s->qdev.type == TYPE_ROM) {
+ DPRINTF("Inquiry (EVPD[%02X] not supported for CDROM\n",
+ page_code);
+ return -1;
+ }
+ /* required VPD size with unmap support */
+ buflen = 0x40;
+ memset(outbuf + 4, 0, buflen - 4);
+
+ /* optimal transfer length granularity */
+ outbuf[6] = (min_io_size >> 8) & 0xff;
+ outbuf[7] = min_io_size & 0xff;
+
+ /* optimal transfer length */
+ outbuf[12] = (opt_io_size >> 24) & 0xff;
+ outbuf[13] = (opt_io_size >> 16) & 0xff;
+ outbuf[14] = (opt_io_size >> 8) & 0xff;
+ outbuf[15] = opt_io_size & 0xff;
+
+ /* optimal unmap granularity */
+ outbuf[28] = (unmap_sectors >> 24) & 0xff;
+ outbuf[29] = (unmap_sectors >> 16) & 0xff;
+ outbuf[30] = (unmap_sectors >> 8) & 0xff;
+ outbuf[31] = unmap_sectors & 0xff;
+ break;
+ }
+ case 0xb2: /* thin provisioning */
+ {
+ buflen = 8;
+ outbuf[4] = 0;
+ outbuf[5] = 0xe0; /* unmap & write_same 10/16 all supported */
+ outbuf[6] = s->qdev.conf.discard_granularity ? 2 : 1;
+ outbuf[7] = 0;
+ break;
+ }
+ default:
+ return -1;
+ }
+ /* done with EVPD */
+ assert(buflen - start <= 255);
+ outbuf[start - 1] = buflen - start;
+ return buflen;
+ }
+
+ /* Standard INQUIRY data */
+ if (req->cmd.buf[2] != 0) {
+ return -1;
+ }
+
+ /* PAGE CODE == 0 */
+ buflen = req->cmd.xfer;
+ if (buflen > SCSI_MAX_INQUIRY_LEN) {
+ buflen = SCSI_MAX_INQUIRY_LEN;
+ }
+
+ outbuf[0] = s->qdev.type & 0x1f;
+ outbuf[1] = (s->features & (1 << SCSI_DISK_F_REMOVABLE)) ? 0x80 : 0;
+
+ strpadcpy((char *) &outbuf[16], 16, s->product, ' ');
+ strpadcpy((char *) &outbuf[8], 8, s->vendor, ' ');
+
+ memset(&outbuf[32], 0, 4);
+ memcpy(&outbuf[32], s->version, MIN(4, strlen(s->version)));
+ /*
+ * We claim conformance to SPC-3, which is required for guests
+ * to ask for modern features like READ CAPACITY(16) or the
+ * block characteristics VPD page by default. Not all of SPC-3
+ * is actually implemented, but we're good enough.
+ */
+ outbuf[2] = 5;
+ outbuf[3] = 2 | 0x10; /* Format 2, HiSup */
+
+ if (buflen > 36) {
+ outbuf[4] = buflen - 5; /* Additional Length = (Len - 1) - 4 */
+ } else {
+ /* If the allocation length of CDB is too small,
+ the additional length is not adjusted */
+ outbuf[4] = 36 - 5;
+ }
+
+ /* Sync data transfer and TCQ. */
+ outbuf[7] = 0x10 | (req->bus->info->tcq ? 0x02 : 0);
+ return buflen;
+}
+
+static inline bool media_is_dvd(SCSIDiskState *s)
+{
+ uint64_t nb_sectors;
+ if (s->qdev.type != TYPE_ROM) {
+ return false;
+ }
+ if (!bdrv_is_inserted(s->qdev.conf.bs)) {
+ return false;
+ }
+ bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
+ return nb_sectors > CD_MAX_SECTORS;
+}
+
+static inline bool media_is_cd(SCSIDiskState *s)
+{
+ uint64_t nb_sectors;
+ if (s->qdev.type != TYPE_ROM) {
+ return false;
+ }
+ if (!bdrv_is_inserted(s->qdev.conf.bs)) {
+ return false;
+ }
+ bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
+ return nb_sectors <= CD_MAX_SECTORS;
+}
+
+static int scsi_read_disc_information(SCSIDiskState *s, SCSIDiskReq *r,
+ uint8_t *outbuf)
+{
+ uint8_t type = r->req.cmd.buf[1] & 7;
+
+ if (s->qdev.type != TYPE_ROM) {
+ return -1;
+ }
+
+ /* Types 1/2 are only defined for Blu-Ray. */
+ if (type != 0) {
+ scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
+ return -1;
+ }
+
+ memset(outbuf, 0, 34);
+ outbuf[1] = 32;
+ outbuf[2] = 0xe; /* last session complete, disc finalized */
+ outbuf[3] = 1; /* first track on disc */
+ outbuf[4] = 1; /* # of sessions */
+ outbuf[5] = 1; /* first track of last session */
+ outbuf[6] = 1; /* last track of last session */
+ outbuf[7] = 0x20; /* unrestricted use */
+ outbuf[8] = 0x00; /* CD-ROM or DVD-ROM */
+ /* 9-10-11: most significant byte corresponding bytes 4-5-6 */
+ /* 12-23: not meaningful for CD-ROM or DVD-ROM */
+ /* 24-31: disc bar code */
+ /* 32: disc application code */
+ /* 33: number of OPC tables */
+
+ return 34;
+}
+
+static int scsi_read_dvd_structure(SCSIDiskState *s, SCSIDiskReq *r,
+ uint8_t *outbuf)
+{
+ static const int rds_caps_size[5] = {
+ [0] = 2048 + 4,
+ [1] = 4 + 4,
+ [3] = 188 + 4,
+ [4] = 2048 + 4,
+ };
+
+ uint8_t media = r->req.cmd.buf[1];
+ uint8_t layer = r->req.cmd.buf[6];
+ uint8_t format = r->req.cmd.buf[7];
+ int size = -1;
+
+ if (s->qdev.type != TYPE_ROM) {
+ return -1;
+ }
+ if (media != 0) {
+ scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
+ return -1;
+ }
+
+ if (format != 0xff) {
+ if (s->tray_open || !bdrv_is_inserted(s->qdev.conf.bs)) {
+ scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
+ return -1;
+ }
+ if (media_is_cd(s)) {
+ scsi_check_condition(r, SENSE_CODE(INCOMPATIBLE_FORMAT));
+ return -1;
+ }
+ if (format >= ARRAY_SIZE(rds_caps_size)) {
+ return -1;
+ }
+ size = rds_caps_size[format];
+ memset(outbuf, 0, size);
+ }
+
+ switch (format) {
+ case 0x00: {
+ /* Physical format information */
+ uint64_t nb_sectors;
+ if (layer != 0) {
+ goto fail;
+ }
+ bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
+
+ outbuf[4] = 1; /* DVD-ROM, part version 1 */
+ outbuf[5] = 0xf; /* 120mm disc, minimum rate unspecified */
+ outbuf[6] = 1; /* one layer, read-only (per MMC-2 spec) */
+ outbuf[7] = 0; /* default densities */
+
+ stl_be_p(&outbuf[12], (nb_sectors >> 2) - 1); /* end sector */
+ stl_be_p(&outbuf[16], (nb_sectors >> 2) - 1); /* l0 end sector */
+ break;
+ }
+
+ case 0x01: /* DVD copyright information, all zeros */
+ break;
+
+ case 0x03: /* BCA information - invalid field for no BCA info */
+ return -1;
+
+ case 0x04: /* DVD disc manufacturing information, all zeros */
+ break;
+
+ case 0xff: { /* List capabilities */
+ int i;
+ size = 4;
+ for (i = 0; i < ARRAY_SIZE(rds_caps_size); i++) {
+ if (!rds_caps_size[i]) {
+ continue;
+ }
+ outbuf[size] = i;
+ outbuf[size + 1] = 0x40; /* Not writable, readable */
+ stw_be_p(&outbuf[size + 2], rds_caps_size[i]);
+ size += 4;
+ }
+ break;
+ }
+
+ default:
+ return -1;
+ }
+
+ /* Size of buffer, not including 2 byte size field */
+ stw_be_p(outbuf, size - 2);
+ return size;
+
+fail:
+ return -1;
+}
+
+static int scsi_event_status_media(SCSIDiskState *s, uint8_t *outbuf)
+{
+ uint8_t event_code, media_status;
+
+ media_status = 0;
+ if (s->tray_open) {
+ media_status = MS_TRAY_OPEN;
+ } else if (bdrv_is_inserted(s->qdev.conf.bs)) {
+ media_status = MS_MEDIA_PRESENT;
+ }
+
+ /* Event notification descriptor */
+ event_code = MEC_NO_CHANGE;
+ if (media_status != MS_TRAY_OPEN) {
+ if (s->media_event) {
+ event_code = MEC_NEW_MEDIA;
+ s->media_event = false;
+ } else if (s->eject_request) {
+ event_code = MEC_EJECT_REQUESTED;
+ s->eject_request = false;
+ }
+ }
+
+ outbuf[0] = event_code;
+ outbuf[1] = media_status;
+
+ /* These fields are reserved, just clear them. */
+ outbuf[2] = 0;
+ outbuf[3] = 0;
+ return 4;
+}
+
+static int scsi_get_event_status_notification(SCSIDiskState *s, SCSIDiskReq *r,
+ uint8_t *outbuf)
+{
+ int size;
+ uint8_t *buf = r->req.cmd.buf;
+ uint8_t notification_class_request = buf[4];
+ if (s->qdev.type != TYPE_ROM) {
+ return -1;
+ }
+ if ((buf[1] & 1) == 0) {
+ /* asynchronous */
+ return -1;
+ }
+
+ size = 4;
+ outbuf[0] = outbuf[1] = 0;
+ outbuf[3] = 1 << GESN_MEDIA; /* supported events */
+ if (notification_class_request & (1 << GESN_MEDIA)) {
+ outbuf[2] = GESN_MEDIA;
+ size += scsi_event_status_media(s, &outbuf[size]);
+ } else {
+ outbuf[2] = 0x80;
+ }
+ stw_be_p(outbuf, size - 4);
+ return size;
+}
+
+static int scsi_get_configuration(SCSIDiskState *s, uint8_t *outbuf)
+{
+ int current;
+
+ if (s->qdev.type != TYPE_ROM) {
+ return -1;
+ }
+ current = media_is_dvd(s) ? MMC_PROFILE_DVD_ROM : MMC_PROFILE_CD_ROM;
+ memset(outbuf, 0, 40);
+ stl_be_p(&outbuf[0], 36); /* Bytes after the data length field */
+ stw_be_p(&outbuf[6], current);
+ /* outbuf[8] - outbuf[19]: Feature 0 - Profile list */
+ outbuf[10] = 0x03; /* persistent, current */
+ outbuf[11] = 8; /* two profiles */
+ stw_be_p(&outbuf[12], MMC_PROFILE_DVD_ROM);
+ outbuf[14] = (current == MMC_PROFILE_DVD_ROM);
+ stw_be_p(&outbuf[16], MMC_PROFILE_CD_ROM);
+ outbuf[18] = (current == MMC_PROFILE_CD_ROM);
+ /* outbuf[20] - outbuf[31]: Feature 1 - Core feature */
+ stw_be_p(&outbuf[20], 1);
+ outbuf[22] = 0x08 | 0x03; /* version 2, persistent, current */
+ outbuf[23] = 8;
+ stl_be_p(&outbuf[24], 1); /* SCSI */
+ outbuf[28] = 1; /* DBE = 1, mandatory */
+ /* outbuf[32] - outbuf[39]: Feature 3 - Removable media feature */
+ stw_be_p(&outbuf[32], 3);
+ outbuf[34] = 0x08 | 0x03; /* version 2, persistent, current */
+ outbuf[35] = 4;
+ outbuf[36] = 0x39; /* tray, load=1, eject=1, unlocked at powerup, lock=1 */
+ /* TODO: Random readable, CD read, DVD read, drive serial number,
+ power management */
+ return 40;
+}
+
+static int scsi_emulate_mechanism_status(SCSIDiskState *s, uint8_t *outbuf)
+{
+ if (s->qdev.type != TYPE_ROM) {
+ return -1;
+ }
+ memset(outbuf, 0, 8);
+ outbuf[5] = 1; /* CD-ROM */
+ return 8;
+}
+
+static int mode_sense_page(SCSIDiskState *s, int page, uint8_t **p_outbuf,
+ int page_control)
+{
+ static const int mode_sense_valid[0x3f] = {
+ [MODE_PAGE_HD_GEOMETRY] = (1 << TYPE_DISK),
+ [MODE_PAGE_FLEXIBLE_DISK_GEOMETRY] = (1 << TYPE_DISK),
+ [MODE_PAGE_CACHING] = (1 << TYPE_DISK) | (1 << TYPE_ROM),
+ [MODE_PAGE_R_W_ERROR] = (1 << TYPE_DISK) | (1 << TYPE_ROM),
+ [MODE_PAGE_AUDIO_CTL] = (1 << TYPE_ROM),
+ [MODE_PAGE_CAPABILITIES] = (1 << TYPE_ROM),
+ };
+
+ uint8_t *p = *p_outbuf + 2;
+ int length;
+
+ if ((mode_sense_valid[page] & (1 << s->qdev.type)) == 0) {
+ return -1;
+ }
+
+ /*
+ * If Changeable Values are requested, a mask denoting those mode parameters
+ * that are changeable shall be returned. As we currently don't support
+ * parameter changes via MODE_SELECT all bits are returned set to zero.
+ * The buffer was already menset to zero by the caller of this function.
+ *
+ * The offsets here are off by two compared to the descriptions in the
+ * SCSI specs, because those include a 2-byte header. This is unfortunate,
+ * but it is done so that offsets are consistent within our implementation
+ * of MODE SENSE and MODE SELECT. MODE SELECT has to deal with both
+ * 2-byte and 4-byte headers.
+ */
+ switch (page) {
+ case MODE_PAGE_HD_GEOMETRY:
+ length = 0x16;
+ if (page_control == 1) { /* Changeable Values */
+ break;
+ }
+ /* if a geometry hint is available, use it */
+ p[0] = (s->qdev.conf.cyls >> 16) & 0xff;
+ p[1] = (s->qdev.conf.cyls >> 8) & 0xff;
+ p[2] = s->qdev.conf.cyls & 0xff;
+ p[3] = s->qdev.conf.heads & 0xff;
+ /* Write precomp start cylinder, disabled */
+ p[4] = (s->qdev.conf.cyls >> 16) & 0xff;
+ p[5] = (s->qdev.conf.cyls >> 8) & 0xff;
+ p[6] = s->qdev.conf.cyls & 0xff;
+ /* Reduced current start cylinder, disabled */
+ p[7] = (s->qdev.conf.cyls >> 16) & 0xff;
+ p[8] = (s->qdev.conf.cyls >> 8) & 0xff;
+ p[9] = s->qdev.conf.cyls & 0xff;
+ /* Device step rate [ns], 200ns */
+ p[10] = 0;
+ p[11] = 200;
+ /* Landing zone cylinder */
+ p[12] = 0xff;
+ p[13] = 0xff;
+ p[14] = 0xff;
+ /* Medium rotation rate [rpm], 5400 rpm */
+ p[18] = (5400 >> 8) & 0xff;
+ p[19] = 5400 & 0xff;
+ break;
+
+ case MODE_PAGE_FLEXIBLE_DISK_GEOMETRY:
+ length = 0x1e;
+ if (page_control == 1) { /* Changeable Values */
+ break;
+ }
+ /* Transfer rate [kbit/s], 5Mbit/s */
+ p[0] = 5000 >> 8;
+ p[1] = 5000 & 0xff;
+ /* if a geometry hint is available, use it */
+ p[2] = s->qdev.conf.heads & 0xff;
+ p[3] = s->qdev.conf.secs & 0xff;
+ p[4] = s->qdev.blocksize >> 8;
+ p[6] = (s->qdev.conf.cyls >> 8) & 0xff;
+ p[7] = s->qdev.conf.cyls & 0xff;
+ /* Write precomp start cylinder, disabled */
+ p[8] = (s->qdev.conf.cyls >> 8) & 0xff;
+ p[9] = s->qdev.conf.cyls & 0xff;
+ /* Reduced current start cylinder, disabled */
+ p[10] = (s->qdev.conf.cyls >> 8) & 0xff;
+ p[11] = s->qdev.conf.cyls & 0xff;
+ /* Device step rate [100us], 100us */
+ p[12] = 0;
+ p[13] = 1;
+ /* Device step pulse width [us], 1us */
+ p[14] = 1;
+ /* Device head settle delay [100us], 100us */
+ p[15] = 0;
+ p[16] = 1;
+ /* Motor on delay [0.1s], 0.1s */
+ p[17] = 1;
+ /* Motor off delay [0.1s], 0.1s */
+ p[18] = 1;
+ /* Medium rotation rate [rpm], 5400 rpm */
+ p[26] = (5400 >> 8) & 0xff;
+ p[27] = 5400 & 0xff;
+ break;
+
+ case MODE_PAGE_CACHING:
+ length = 0x12;
+ if (page_control == 1 || /* Changeable Values */
+ bdrv_enable_write_cache(s->qdev.conf.bs)) {
+ p[0] = 4; /* WCE */
+ }
+ break;
+
+ case MODE_PAGE_R_W_ERROR:
+ length = 10;
+ if (page_control == 1) { /* Changeable Values */
+ break;
+ }
+ p[0] = 0x80; /* Automatic Write Reallocation Enabled */
+ if (s->qdev.type == TYPE_ROM) {
+ p[1] = 0x20; /* Read Retry Count */
+ }
+ break;
+
+ case MODE_PAGE_AUDIO_CTL:
+ length = 14;
+ break;
+
+ case MODE_PAGE_CAPABILITIES:
+ length = 0x14;
+ if (page_control == 1) { /* Changeable Values */
+ break;
+ }
+
+ p[0] = 0x3b; /* CD-R & CD-RW read */
+ p[1] = 0; /* Writing not supported */
+ p[2] = 0x7f; /* Audio, composite, digital out,
+ mode 2 form 1&2, multi session */
+ p[3] = 0xff; /* CD DA, DA accurate, RW supported,
+ RW corrected, C2 errors, ISRC,
+ UPC, Bar code */
+ p[4] = 0x2d | (s->tray_locked ? 2 : 0);
+ /* Locking supported, jumper present, eject, tray */
+ p[5] = 0; /* no volume & mute control, no
+ changer */
+ p[6] = (50 * 176) >> 8; /* 50x read speed */
+ p[7] = (50 * 176) & 0xff;
+ p[8] = 2 >> 8; /* Two volume levels */
+ p[9] = 2 & 0xff;
+ p[10] = 2048 >> 8; /* 2M buffer */
+ p[11] = 2048 & 0xff;
+ p[12] = (16 * 176) >> 8; /* 16x read speed current */
+ p[13] = (16 * 176) & 0xff;
+ p[16] = (16 * 176) >> 8; /* 16x write speed */
+ p[17] = (16 * 176) & 0xff;
+ p[18] = (16 * 176) >> 8; /* 16x write speed current */
+ p[19] = (16 * 176) & 0xff;
+ break;
+
+ default:
+ return -1;
+ }
+
+ assert(length < 256);
+ (*p_outbuf)[0] = page;
+ (*p_outbuf)[1] = length;
+ *p_outbuf += length + 2;
+ return length + 2;
+}
+
+static int scsi_disk_emulate_mode_sense(SCSIDiskReq *r, uint8_t *outbuf)
+{
+ SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
+ uint64_t nb_sectors;
+ bool dbd;
+ int page, buflen, ret, page_control;
+ uint8_t *p;
+ uint8_t dev_specific_param;
+
+ dbd = (r->req.cmd.buf[1] & 0x8) != 0;
+ page = r->req.cmd.buf[2] & 0x3f;
+ page_control = (r->req.cmd.buf[2] & 0xc0) >> 6;
+ DPRINTF("Mode Sense(%d) (page %d, xfer %zd, page_control %d)\n",
+ (r->req.cmd.buf[0] == MODE_SENSE) ? 6 : 10, page, r->req.cmd.xfer, page_control);
+ memset(outbuf, 0, r->req.cmd.xfer);
+ p = outbuf;
+
+ if (s->qdev.type == TYPE_DISK) {
+ dev_specific_param = s->features & (1 << SCSI_DISK_F_DPOFUA) ? 0x10 : 0;
+ if (bdrv_is_read_only(s->qdev.conf.bs)) {
+ dev_specific_param |= 0x80; /* Readonly. */
+ }
+ } else {
+ /* MMC prescribes that CD/DVD drives have no block descriptors,
+ * and defines no device-specific parameter. */
+ dev_specific_param = 0x00;
+ dbd = true;
+ }
+
+ if (r->req.cmd.buf[0] == MODE_SENSE) {
+ p[1] = 0; /* Default media type. */
+ p[2] = dev_specific_param;
+ p[3] = 0; /* Block descriptor length. */
+ p += 4;
+ } else { /* MODE_SENSE_10 */
+ p[2] = 0; /* Default media type. */
+ p[3] = dev_specific_param;
+ p[6] = p[7] = 0; /* Block descriptor length. */
+ p += 8;
+ }
+
+ bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
+ if (!dbd && nb_sectors) {
+ if (r->req.cmd.buf[0] == MODE_SENSE) {
+ outbuf[3] = 8; /* Block descriptor length */
+ } else { /* MODE_SENSE_10 */
+ outbuf[7] = 8; /* Block descriptor length */
+ }
+ nb_sectors /= (s->qdev.blocksize / 512);
+ if (nb_sectors > 0xffffff) {
+ nb_sectors = 0;
+ }
+ p[0] = 0; /* media density code */
+ p[1] = (nb_sectors >> 16) & 0xff;
+ p[2] = (nb_sectors >> 8) & 0xff;
+ p[3] = nb_sectors & 0xff;
+ p[4] = 0; /* reserved */
+ p[5] = 0; /* bytes 5-7 are the sector size in bytes */
+ p[6] = s->qdev.blocksize >> 8;
+ p[7] = 0;
+ p += 8;
+ }
+
+ if (page_control == 3) {
+ /* Saved Values */
+ scsi_check_condition(r, SENSE_CODE(SAVING_PARAMS_NOT_SUPPORTED));
+ return -1;
+ }
+
+ if (page == 0x3f) {
+ for (page = 0; page <= 0x3e; page++) {
+ mode_sense_page(s, page, &p, page_control);
+ }
+ } else {
+ ret = mode_sense_page(s, page, &p, page_control);
+ if (ret == -1) {
+ return -1;
+ }
+ }
+
+ buflen = p - outbuf;
+ /*
+ * The mode data length field specifies the length in bytes of the
+ * following data that is available to be transferred. The mode data
+ * length does not include itself.
+ */
+ if (r->req.cmd.buf[0] == MODE_SENSE) {
+ outbuf[0] = buflen - 1;
+ } else { /* MODE_SENSE_10 */
+ outbuf[0] = ((buflen - 2) >> 8) & 0xff;
+ outbuf[1] = (buflen - 2) & 0xff;
+ }
+ return buflen;
+}
+
+static int scsi_disk_emulate_read_toc(SCSIRequest *req, uint8_t *outbuf)
+{
+ SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
+ int start_track, format, msf, toclen;
+ uint64_t nb_sectors;
+
+ msf = req->cmd.buf[1] & 2;
+ format = req->cmd.buf[2] & 0xf;
+ start_track = req->cmd.buf[6];
+ bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
+ DPRINTF("Read TOC (track %d format %d msf %d)\n", start_track, format, msf >> 1);
+ nb_sectors /= s->qdev.blocksize / 512;
+ switch (format) {
+ case 0:
+ toclen = cdrom_read_toc(nb_sectors, outbuf, msf, start_track);
+ break;
+ case 1:
+ /* multi session : only a single session defined */
+ toclen = 12;
+ memset(outbuf, 0, 12);
+ outbuf[1] = 0x0a;
+ outbuf[2] = 0x01;
+ outbuf[3] = 0x01;
+ break;
+ case 2:
+ toclen = cdrom_read_toc_raw(nb_sectors, outbuf, msf, start_track);
+ break;
+ default:
+ return -1;
+ }
+ return toclen;
+}
+
+static int scsi_disk_emulate_start_stop(SCSIDiskReq *r)
+{
+ SCSIRequest *req = &r->req;
+ SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
+ bool start = req->cmd.buf[4] & 1;
+ bool loej = req->cmd.buf[4] & 2; /* load on start, eject on !start */
+ int pwrcnd = req->cmd.buf[4] & 0xf0;
+
+ if (pwrcnd) {
+ /* eject/load only happens for power condition == 0 */
+ return 0;
+ }
+
+ if ((s->features & (1 << SCSI_DISK_F_REMOVABLE)) && loej) {
+ if (!start && !s->tray_open && s->tray_locked) {
+ scsi_check_condition(r,
+ bdrv_is_inserted(s->qdev.conf.bs)
+ ? SENSE_CODE(ILLEGAL_REQ_REMOVAL_PREVENTED)
+ : SENSE_CODE(NOT_READY_REMOVAL_PREVENTED));
+ return -1;
+ }
+
+ if (s->tray_open != !start) {
+ bdrv_eject(s->qdev.conf.bs, !start);
+ s->tray_open = !start;
+ }
+ }
+ return 0;
+}
+
+static void scsi_disk_emulate_read_data(SCSIRequest *req)
+{
+ SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
+ int buflen = r->iov.iov_len;
+
+ if (buflen) {
+ DPRINTF("Read buf_len=%d\n", buflen);
+ r->iov.iov_len = 0;
+ r->started = true;
+ scsi_req_data(&r->req, buflen);
+ return;
+ }
+
+ /* This also clears the sense buffer for REQUEST SENSE. */
+ scsi_req_complete(&r->req, GOOD);
+}
+
+static int scsi_disk_check_mode_select(SCSIDiskState *s, int page,
+ uint8_t *inbuf, int inlen)
+{
+ uint8_t mode_current[SCSI_MAX_MODE_LEN];
+ uint8_t mode_changeable[SCSI_MAX_MODE_LEN];
+ uint8_t *p;
+ int len, expected_len, changeable_len, i;
+
+ /* The input buffer does not include the page header, so it is
+ * off by 2 bytes.
+ */
+ expected_len = inlen + 2;
+ if (expected_len > SCSI_MAX_MODE_LEN) {
+ return -1;
+ }
+
+ p = mode_current;
+ memset(mode_current, 0, inlen + 2);
+ len = mode_sense_page(s, page, &p, 0);
+ if (len < 0 || len != expected_len) {
+ return -1;
+ }
+
+ p = mode_changeable;
+ memset(mode_changeable, 0, inlen + 2);
+ changeable_len = mode_sense_page(s, page, &p, 1);
+ assert(changeable_len == len);
+
+ /* Check that unchangeable bits are the same as what MODE SENSE
+ * would return.
+ */
+ for (i = 2; i < len; i++) {
+ if (((mode_current[i] ^ inbuf[i - 2]) & ~mode_changeable[i]) != 0) {
+ return -1;
+ }
+ }
+ return 0;
+}
+
+static void scsi_disk_apply_mode_select(SCSIDiskState *s, int page, uint8_t *p)
+{
+ switch (page) {
+ case MODE_PAGE_CACHING:
+ bdrv_set_enable_write_cache(s->qdev.conf.bs, (p[0] & 4) != 0);
+ break;
+
+ default:
+ break;
+ }
+}
+
+static int mode_select_pages(SCSIDiskReq *r, uint8_t *p, int len, bool change)
+{
+ SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
+
+ while (len > 0) {
+ int page, subpage, page_len;
+
+ /* Parse both possible formats for the mode page headers. */
+ page = p[0] & 0x3f;
+ if (p[0] & 0x40) {
+ if (len < 4) {
+ goto invalid_param_len;
+ }
+ subpage = p[1];
+ page_len = lduw_be_p(&p[2]);
+ p += 4;
+ len -= 4;
+ } else {
+ if (len < 2) {
+ goto invalid_param_len;
+ }
+ subpage = 0;
+ page_len = p[1];
+ p += 2;
+ len -= 2;
+ }
+
+ if (subpage) {
+ goto invalid_param;
+ }
+ if (page_len > len) {
+ goto invalid_param_len;
+ }
+
+ if (!change) {
+ if (scsi_disk_check_mode_select(s, page, p, page_len) < 0) {
+ goto invalid_param;
+ }
+ } else {
+ scsi_disk_apply_mode_select(s, page, p);
+ }
+
+ p += page_len;
+ len -= page_len;
+ }
+ return 0;
+
+invalid_param:
+ scsi_check_condition(r, SENSE_CODE(INVALID_PARAM));
+ return -1;
+
+invalid_param_len:
+ scsi_check_condition(r, SENSE_CODE(INVALID_PARAM_LEN));
+ return -1;
+}
+
+static void scsi_disk_emulate_mode_select(SCSIDiskReq *r, uint8_t *inbuf)
+{
+ SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
+ uint8_t *p = inbuf;
+ int cmd = r->req.cmd.buf[0];
+ int len = r->req.cmd.xfer;
+ int hdr_len = (cmd == MODE_SELECT ? 4 : 8);
+ int bd_len;
+ int pass;
+
+ /* We only support PF=1, SP=0. */
+ if ((r->req.cmd.buf[1] & 0x11) != 0x10) {
+ goto invalid_field;
+ }
+
+ if (len < hdr_len) {
+ goto invalid_param_len;
+ }
+
+ bd_len = (cmd == MODE_SELECT ? p[3] : lduw_be_p(&p[6]));
+ len -= hdr_len;
+ p += hdr_len;
+ if (len < bd_len) {
+ goto invalid_param_len;
+ }
+ if (bd_len != 0 && bd_len != 8) {
+ goto invalid_param;
+ }
+
+ len -= bd_len;
+ p += bd_len;
+
+ /* Ensure no change is made if there is an error! */
+ for (pass = 0; pass < 2; pass++) {
+ if (mode_select_pages(r, p, len, pass == 1) < 0) {
+ assert(pass == 0);
+ return;
+ }
+ }
+ if (!bdrv_enable_write_cache(s->qdev.conf.bs)) {
+ /* The request is used as the AIO opaque value, so add a ref. */
+ scsi_req_ref(&r->req);
+ bdrv_acct_start(s->qdev.conf.bs, &r->acct, 0, BDRV_ACCT_FLUSH);
+ r->req.aiocb = bdrv_aio_flush(s->qdev.conf.bs, scsi_aio_complete, r);
+ return;
+ }
+
+ scsi_req_complete(&r->req, GOOD);
+ return;
+
+invalid_param:
+ scsi_check_condition(r, SENSE_CODE(INVALID_PARAM));
+ return;
+
+invalid_param_len:
+ scsi_check_condition(r, SENSE_CODE(INVALID_PARAM_LEN));
+ return;
+
+invalid_field:
+ scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
+}
+
+static inline bool check_lba_range(SCSIDiskState *s,
+ uint64_t sector_num, uint32_t nb_sectors)
+{
+ /*
+ * The first line tests that no overflow happens when computing the last
+ * sector. The second line tests that the last accessed sector is in
+ * range.
+ *
+ * Careful, the computations should not underflow for nb_sectors == 0,
+ * and a 0-block read to the first LBA beyond the end of device is
+ * valid.
+ */
+ return (sector_num <= sector_num + nb_sectors &&
+ sector_num + nb_sectors <= s->qdev.max_lba + 1);
+}
+
+typedef struct UnmapCBData {
+ SCSIDiskReq *r;
+ uint8_t *inbuf;
+ int count;
+} UnmapCBData;
+
+static void scsi_unmap_complete(void *opaque, int ret)
+{
+ UnmapCBData *data = opaque;
+ SCSIDiskReq *r = data->r;
+ SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
+ uint64_t sector_num;
+ uint32_t nb_sectors;
+
+ r->req.aiocb = NULL;
+ if (r->req.io_canceled) {
+ goto done;
+ }
+
+ if (ret < 0) {
+ if (scsi_handle_rw_error(r, -ret)) {
+ goto done;
+ }
+ }
+
+ if (data->count > 0) {
+ sector_num = ldq_be_p(&data->inbuf[0]);
+ nb_sectors = ldl_be_p(&data->inbuf[8]) & 0xffffffffULL;
+ if (!check_lba_range(s, sector_num, nb_sectors)) {
+ scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE));
+ goto done;
+ }
+
+ r->req.aiocb = bdrv_aio_discard(s->qdev.conf.bs,
+ sector_num * (s->qdev.blocksize / 512),
+ nb_sectors * (s->qdev.blocksize / 512),
+ scsi_unmap_complete, data);
+ data->count--;
+ data->inbuf += 16;
+ return;
+ }
+
+ scsi_req_complete(&r->req, GOOD);
+
+done:
+ if (!r->req.io_canceled) {
+ scsi_req_unref(&r->req);
+ }
+ g_free(data);
+}
+
+static void scsi_disk_emulate_unmap(SCSIDiskReq *r, uint8_t *inbuf)
+{
+ uint8_t *p = inbuf;
+ int len = r->req.cmd.xfer;
+ UnmapCBData *data;
+
+ if (len < 8) {
+ goto invalid_param_len;
+ }
+ if (len < lduw_be_p(&p[0]) + 2) {
+ goto invalid_param_len;
+ }
+ if (len < lduw_be_p(&p[2]) + 8) {
+ goto invalid_param_len;
+ }
+ if (lduw_be_p(&p[2]) & 15) {
+ goto invalid_param_len;
+ }
+
+ data = g_new0(UnmapCBData, 1);
+ data->r = r;
+ data->inbuf = &p[8];
+ data->count = lduw_be_p(&p[2]) >> 4;
+
+ /* The matching unref is in scsi_unmap_complete, before data is freed. */
+ scsi_req_ref(&r->req);
+ scsi_unmap_complete(data, 0);
+ return;
+
+invalid_param_len:
+ scsi_check_condition(r, SENSE_CODE(INVALID_PARAM_LEN));
+}
+
+static void scsi_disk_emulate_write_data(SCSIRequest *req)
+{
+ SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
+
+ if (r->iov.iov_len) {
+ int buflen = r->iov.iov_len;
+ DPRINTF("Write buf_len=%d\n", buflen);
+ r->iov.iov_len = 0;
+ scsi_req_data(&r->req, buflen);
+ return;
+ }
+
+ switch (req->cmd.buf[0]) {
+ case MODE_SELECT:
+ case MODE_SELECT_10:
+ /* This also clears the sense buffer for REQUEST SENSE. */
+ scsi_disk_emulate_mode_select(r, r->iov.iov_base);
+ break;
+
+ case UNMAP:
+ scsi_disk_emulate_unmap(r, r->iov.iov_base);
+ break;
+
+ default:
+ abort();
+ }
+}
+
+static int32_t scsi_disk_emulate_command(SCSIRequest *req, uint8_t *buf)
+{
+ SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
+ SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
+ uint64_t nb_sectors;
+ uint8_t *outbuf;
+ int buflen;
+
+ switch (req->cmd.buf[0]) {
+ case INQUIRY:
+ case MODE_SENSE:
+ case MODE_SENSE_10:
+ case RESERVE:
+ case RESERVE_10:
+ case RELEASE:
+ case RELEASE_10:
+ case START_STOP:
+ case ALLOW_MEDIUM_REMOVAL:
+ case GET_CONFIGURATION:
+ case GET_EVENT_STATUS_NOTIFICATION:
+ case MECHANISM_STATUS:
+ case REQUEST_SENSE:
+ break;
+
+ default:
+ if (s->tray_open || !bdrv_is_inserted(s->qdev.conf.bs)) {
+ scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
+ return 0;
+ }
+ break;
+ }
+
+ /*
+ * FIXME: we shouldn't return anything bigger than 4k, but the code
+ * requires the buffer to be as big as req->cmd.xfer in several
+ * places. So, do not allow CDBs with a very large ALLOCATION
+ * LENGTH. The real fix would be to modify scsi_read_data and
+ * dma_buf_read, so that they return data beyond the buflen
+ * as all zeros.
+ */
+ if (req->cmd.xfer > 65536) {
+ goto illegal_request;
+ }
+ r->buflen = MAX(4096, req->cmd.xfer);
+
+ if (!r->iov.iov_base) {
+ r->iov.iov_base = qemu_blockalign(s->qdev.conf.bs, r->buflen);
+ }
+
+ buflen = req->cmd.xfer;
+ outbuf = r->iov.iov_base;
+ memset(outbuf, 0, r->buflen);
+ switch (req->cmd.buf[0]) {
+ case TEST_UNIT_READY:
+ assert(!s->tray_open && bdrv_is_inserted(s->qdev.conf.bs));
+ break;
+ case INQUIRY:
+ buflen = scsi_disk_emulate_inquiry(req, outbuf);
+ if (buflen < 0) {
+ goto illegal_request;
+ }
+ break;
+ case MODE_SENSE:
+ case MODE_SENSE_10:
+ buflen = scsi_disk_emulate_mode_sense(r, outbuf);
+ if (buflen < 0) {
+ goto illegal_request;
+ }
+ break;
+ case READ_TOC:
+ buflen = scsi_disk_emulate_read_toc(req, outbuf);
+ if (buflen < 0) {
+ goto illegal_request;
+ }
+ break;
+ case RESERVE:
+ if (req->cmd.buf[1] & 1) {
+ goto illegal_request;
+ }
+ break;
+ case RESERVE_10:
+ if (req->cmd.buf[1] & 3) {
+ goto illegal_request;
+ }
+ break;
+ case RELEASE:
+ if (req->cmd.buf[1] & 1) {
+ goto illegal_request;
+ }
+ break;
+ case RELEASE_10:
+ if (req->cmd.buf[1] & 3) {
+ goto illegal_request;
+ }
+ break;
+ case START_STOP:
+ if (scsi_disk_emulate_start_stop(r) < 0) {
+ return 0;
+ }
+ break;
+ case ALLOW_MEDIUM_REMOVAL:
+ s->tray_locked = req->cmd.buf[4] & 1;
+ bdrv_lock_medium(s->qdev.conf.bs, req->cmd.buf[4] & 1);
+ break;
+ case READ_CAPACITY_10:
+ /* The normal LEN field for this command is zero. */
+ memset(outbuf, 0, 8);
+ bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
+ if (!nb_sectors) {
+ scsi_check_condition(r, SENSE_CODE(LUN_NOT_READY));
+ return 0;
+ }
+ if ((req->cmd.buf[8] & 1) == 0 && req->cmd.lba) {
+ goto illegal_request;
+ }
+ nb_sectors /= s->qdev.blocksize / 512;
+ /* Returned value is the address of the last sector. */
+ nb_sectors--;
+ /* Remember the new size for read/write sanity checking. */
+ s->qdev.max_lba = nb_sectors;
+ /* Clip to 2TB, instead of returning capacity modulo 2TB. */
+ if (nb_sectors > UINT32_MAX) {
+ nb_sectors = UINT32_MAX;
+ }
+ outbuf[0] = (nb_sectors >> 24) & 0xff;
+ outbuf[1] = (nb_sectors >> 16) & 0xff;
+ outbuf[2] = (nb_sectors >> 8) & 0xff;
+ outbuf[3] = nb_sectors & 0xff;
+ outbuf[4] = 0;
+ outbuf[5] = 0;
+ outbuf[6] = s->qdev.blocksize >> 8;
+ outbuf[7] = 0;
+ break;
+ case REQUEST_SENSE:
+ /* Just return "NO SENSE". */
+ buflen = scsi_build_sense(NULL, 0, outbuf, r->buflen,
+ (req->cmd.buf[1] & 1) == 0);
+ if (buflen < 0) {
+ goto illegal_request;
+ }
+ break;
+ case MECHANISM_STATUS:
+ buflen = scsi_emulate_mechanism_status(s, outbuf);
+ if (buflen < 0) {
+ goto illegal_request;
+ }
+ break;
+ case GET_CONFIGURATION:
+ buflen = scsi_get_configuration(s, outbuf);
+ if (buflen < 0) {
+ goto illegal_request;
+ }
+ break;
+ case GET_EVENT_STATUS_NOTIFICATION:
+ buflen = scsi_get_event_status_notification(s, r, outbuf);
+ if (buflen < 0) {
+ goto illegal_request;
+ }
+ break;
+ case READ_DISC_INFORMATION:
+ buflen = scsi_read_disc_information(s, r, outbuf);
+ if (buflen < 0) {
+ goto illegal_request;
+ }
+ break;
+ case READ_DVD_STRUCTURE:
+ buflen = scsi_read_dvd_structure(s, r, outbuf);
+ if (buflen < 0) {
+ goto illegal_request;
+ }
+ break;
+ case SERVICE_ACTION_IN_16:
+ /* Service Action In subcommands. */
+ if ((req->cmd.buf[1] & 31) == SAI_READ_CAPACITY_16) {
+ DPRINTF("SAI READ CAPACITY(16)\n");
+ memset(outbuf, 0, req->cmd.xfer);
+ bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
+ if (!nb_sectors) {
+ scsi_check_condition(r, SENSE_CODE(LUN_NOT_READY));
+ return 0;
+ }
+ if ((req->cmd.buf[14] & 1) == 0 && req->cmd.lba) {
+ goto illegal_request;
+ }
+ nb_sectors /= s->qdev.blocksize / 512;
+ /* Returned value is the address of the last sector. */
+ nb_sectors--;
+ /* Remember the new size for read/write sanity checking. */
+ s->qdev.max_lba = nb_sectors;
+ outbuf[0] = (nb_sectors >> 56) & 0xff;
+ outbuf[1] = (nb_sectors >> 48) & 0xff;
+ outbuf[2] = (nb_sectors >> 40) & 0xff;
+ outbuf[3] = (nb_sectors >> 32) & 0xff;
+ outbuf[4] = (nb_sectors >> 24) & 0xff;
+ outbuf[5] = (nb_sectors >> 16) & 0xff;
+ outbuf[6] = (nb_sectors >> 8) & 0xff;
+ outbuf[7] = nb_sectors & 0xff;
+ outbuf[8] = 0;
+ outbuf[9] = 0;
+ outbuf[10] = s->qdev.blocksize >> 8;
+ outbuf[11] = 0;
+ outbuf[12] = 0;
+ outbuf[13] = get_physical_block_exp(&s->qdev.conf);
+
+ /* set TPE bit if the format supports discard */
+ if (s->qdev.conf.discard_granularity) {
+ outbuf[14] = 0x80;
+ }
+
+ /* Protection, exponent and lowest lba field left blank. */
+ break;
+ }
+ DPRINTF("Unsupported Service Action In\n");
+ goto illegal_request;
+ case SYNCHRONIZE_CACHE:
+ /* The request is used as the AIO opaque value, so add a ref. */
+ scsi_req_ref(&r->req);
+ bdrv_acct_start(s->qdev.conf.bs, &r->acct, 0, BDRV_ACCT_FLUSH);
+ r->req.aiocb = bdrv_aio_flush(s->qdev.conf.bs, scsi_aio_complete, r);
+ return 0;
+ case SEEK_10:
+ DPRINTF("Seek(10) (sector %" PRId64 ")\n", r->req.cmd.lba);
+ if (r->req.cmd.lba > s->qdev.max_lba) {
+ goto illegal_lba;
+ }
+ break;
+ case MODE_SELECT:
+ DPRINTF("Mode Select(6) (len %lu)\n", (long)r->req.cmd.xfer);
+ break;
+ case MODE_SELECT_10:
+ DPRINTF("Mode Select(10) (len %lu)\n", (long)r->req.cmd.xfer);
+ break;
+ case UNMAP:
+ DPRINTF("Unmap (len %lu)\n", (long)r->req.cmd.xfer);
+ break;
+ case WRITE_SAME_10:
+ case WRITE_SAME_16:
+ nb_sectors = scsi_data_cdb_length(r->req.cmd.buf);
+ if (bdrv_is_read_only(s->qdev.conf.bs)) {
+ scsi_check_condition(r, SENSE_CODE(WRITE_PROTECTED));
+ return 0;
+ }
+ if (!check_lba_range(s, r->req.cmd.lba, nb_sectors)) {
+ goto illegal_lba;
+ }
+
+ /*
+ * We only support WRITE SAME with the unmap bit set for now.
+ */
+ if (!(req->cmd.buf[1] & 0x8)) {
+ goto illegal_request;
+ }
+
+ /* The request is used as the AIO opaque value, so add a ref. */
+ scsi_req_ref(&r->req);
+ r->req.aiocb = bdrv_aio_discard(s->qdev.conf.bs,
+ r->req.cmd.lba * (s->qdev.blocksize / 512),
+ nb_sectors * (s->qdev.blocksize / 512),
+ scsi_aio_complete, r);
+ return 0;
+ default:
+ DPRINTF("Unknown SCSI command (%2.2x)\n", buf[0]);
+ scsi_check_condition(r, SENSE_CODE(INVALID_OPCODE));
+ return 0;
+ }
+ assert(!r->req.aiocb);
+ r->iov.iov_len = MIN(r->buflen, req->cmd.xfer);
+ if (r->iov.iov_len == 0) {
+ scsi_req_complete(&r->req, GOOD);
+ }
+ if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
+ assert(r->iov.iov_len == req->cmd.xfer);
+ return -r->iov.iov_len;
+ } else {
+ return r->iov.iov_len;
+ }
+
+illegal_request:
+ if (r->req.status == -1) {
+ scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
+ }
+ return 0;
+
+illegal_lba:
+ scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE));
+ return 0;
+}
+
+/* Execute a scsi command. Returns the length of the data expected by the
+ command. This will be Positive for data transfers from the device
+ (eg. disk reads), negative for transfers to the device (eg. disk writes),
+ and zero if the command does not transfer any data. */
+
+static int32_t scsi_disk_dma_command(SCSIRequest *req, uint8_t *buf)
+{
+ SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
+ SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
+ uint32_t len;
+ uint8_t command;
+
+ command = buf[0];
+
+ if (s->tray_open || !bdrv_is_inserted(s->qdev.conf.bs)) {
+ scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
+ return 0;
+ }
+
+ len = scsi_data_cdb_length(r->req.cmd.buf);
+ switch (command) {
+ case READ_6:
+ case READ_10:
+ case READ_12:
+ case READ_16:
+ DPRINTF("Read (sector %" PRId64 ", count %u)\n", r->req.cmd.lba, len);
+ if (r->req.cmd.buf[1] & 0xe0) {
+ goto illegal_request;
+ }
+ if (!check_lba_range(s, r->req.cmd.lba, len)) {
+ goto illegal_lba;
+ }
+ r->sector = r->req.cmd.lba * (s->qdev.blocksize / 512);
+ r->sector_count = len * (s->qdev.blocksize / 512);
+ break;
+ case WRITE_6:
+ case WRITE_10:
+ case WRITE_12:
+ case WRITE_16:
+ case WRITE_VERIFY_10:
+ case WRITE_VERIFY_12:
+ case WRITE_VERIFY_16:
+ if (bdrv_is_read_only(s->qdev.conf.bs)) {
+ scsi_check_condition(r, SENSE_CODE(WRITE_PROTECTED));
+ return 0;
+ }
+ /* fallthrough */
+ case VERIFY_10:
+ case VERIFY_12:
+ case VERIFY_16:
+ DPRINTF("Write %s(sector %" PRId64 ", count %u)\n",
+ (command & 0xe) == 0xe ? "And Verify " : "",
+ r->req.cmd.lba, len);
+ if (r->req.cmd.buf[1] & 0xe0) {
+ goto illegal_request;
+ }
+ if (!check_lba_range(s, r->req.cmd.lba, len)) {
+ goto illegal_lba;
+ }
+ r->sector = r->req.cmd.lba * (s->qdev.blocksize / 512);
+ r->sector_count = len * (s->qdev.blocksize / 512);
+ break;
+ default:
+ abort();
+ illegal_request:
+ scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
+ return 0;
+ illegal_lba:
+ scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE));
+ return 0;
+ }
+ if (r->sector_count == 0) {
+ scsi_req_complete(&r->req, GOOD);
+ }
+ assert(r->iov.iov_len == 0);
+ if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
+ return -r->sector_count * 512;
+ } else {
+ return r->sector_count * 512;
+ }
+}
+
+static void scsi_disk_reset(DeviceState *dev)
+{
+ SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev.qdev, dev);
+ uint64_t nb_sectors;
+
+ scsi_device_purge_requests(&s->qdev, SENSE_CODE(RESET));
+
+ bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
+ nb_sectors /= s->qdev.blocksize / 512;
+ if (nb_sectors) {
+ nb_sectors--;
+ }
+ s->qdev.max_lba = nb_sectors;
+ /* reset tray statuses */
+ s->tray_locked = 0;
+ s->tray_open = 0;
+}
+
+static void scsi_destroy(SCSIDevice *dev)
+{
+ SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
+
+ scsi_device_purge_requests(&s->qdev, SENSE_CODE(NO_SENSE));
+ blockdev_mark_auto_del(s->qdev.conf.bs);
+}
+
+static void scsi_disk_resize_cb(void *opaque)
+{
+ SCSIDiskState *s = opaque;
+
+ /* SPC lists this sense code as available only for
+ * direct-access devices.
+ */
+ if (s->qdev.type == TYPE_DISK) {
+ scsi_device_report_change(&s->qdev, SENSE_CODE(CAPACITY_CHANGED));
+ }
+}
+
+static void scsi_cd_change_media_cb(void *opaque, bool load)
+{
+ SCSIDiskState *s = opaque;
+
+ /*
+ * When a CD gets changed, we have to report an ejected state and
+ * then a loaded state to guests so that they detect tray
+ * open/close and media change events. Guests that do not use
+ * GET_EVENT_STATUS_NOTIFICATION to detect such tray open/close
+ * states rely on this behavior.
+ *
+ * media_changed governs the state machine used for unit attention
+ * report. media_event is used by GET EVENT STATUS NOTIFICATION.
+ */
+ s->media_changed = load;
+ s->tray_open = !load;
+ scsi_device_set_ua(&s->qdev, SENSE_CODE(UNIT_ATTENTION_NO_MEDIUM));
+ s->media_event = true;
+ s->eject_request = false;
+}
+
+static void scsi_cd_eject_request_cb(void *opaque, bool force)
+{
+ SCSIDiskState *s = opaque;
+
+ s->eject_request = true;
+ if (force) {
+ s->tray_locked = false;
+ }
+}
+
+static bool scsi_cd_is_tray_open(void *opaque)
+{
+ return ((SCSIDiskState *)opaque)->tray_open;
+}
+
+static bool scsi_cd_is_medium_locked(void *opaque)
+{
+ return ((SCSIDiskState *)opaque)->tray_locked;
+}
+
+static const BlockDevOps scsi_disk_removable_block_ops = {
+ .change_media_cb = scsi_cd_change_media_cb,
+ .eject_request_cb = scsi_cd_eject_request_cb,
+ .is_tray_open = scsi_cd_is_tray_open,
+ .is_medium_locked = scsi_cd_is_medium_locked,
+
+ .resize_cb = scsi_disk_resize_cb,
+};
+
+static const BlockDevOps scsi_disk_block_ops = {
+ .resize_cb = scsi_disk_resize_cb,
+};
+
+static void scsi_disk_unit_attention_reported(SCSIDevice *dev)
+{
+ SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
+ if (s->media_changed) {
+ s->media_changed = false;
+ scsi_device_set_ua(&s->qdev, SENSE_CODE(MEDIUM_CHANGED));
+ }
+}
+
+static int scsi_initfn(SCSIDevice *dev)
+{
+ SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
+
+ if (!s->qdev.conf.bs) {
+ error_report("drive property not set");
+ return -1;
+ }
+
+ if (!(s->features & (1 << SCSI_DISK_F_REMOVABLE)) &&
+ !bdrv_is_inserted(s->qdev.conf.bs)) {
+ error_report("Device needs media, but drive is empty");
+ return -1;
+ }
+
+ blkconf_serial(&s->qdev.conf, &s->serial);
+ if (dev->type == TYPE_DISK
+ && blkconf_geometry(&dev->conf, NULL, 65535, 255, 255) < 0) {
+ return -1;
+ }
+
+ if (s->qdev.conf.discard_granularity == -1) {
+ s->qdev.conf.discard_granularity =
+ MAX(s->qdev.conf.logical_block_size, DEFAULT_DISCARD_GRANULARITY);
+ }
+
+ if (!s->version) {
+ s->version = g_strdup(qemu_get_version());
+ }
+ if (!s->vendor) {
+ s->vendor = g_strdup("QEMU");
+ }
+
+ if (bdrv_is_sg(s->qdev.conf.bs)) {
+ error_report("unwanted /dev/sg*");
+ return -1;
+ }
+
+ if ((s->features & (1 << SCSI_DISK_F_REMOVABLE)) &&
+ !(s->features & (1 << SCSI_DISK_F_NO_REMOVABLE_DEVOPS))) {
+ bdrv_set_dev_ops(s->qdev.conf.bs, &scsi_disk_removable_block_ops, s);
+ } else {
+ bdrv_set_dev_ops(s->qdev.conf.bs, &scsi_disk_block_ops, s);
+ }
+ bdrv_set_buffer_alignment(s->qdev.conf.bs, s->qdev.blocksize);
+
+ bdrv_iostatus_enable(s->qdev.conf.bs);
+ add_boot_device_path(s->qdev.conf.bootindex, &dev->qdev, NULL);
+ return 0;
+}
+
+static int scsi_hd_initfn(SCSIDevice *dev)
+{
+ SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
+ s->qdev.blocksize = s->qdev.conf.logical_block_size;
+ s->qdev.type = TYPE_DISK;
+ if (!s->product) {
+ s->product = g_strdup("QEMU HARDDISK");
+ }
+ return scsi_initfn(&s->qdev);
+}
+
+static int scsi_cd_initfn(SCSIDevice *dev)
+{
+ SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
+ s->qdev.blocksize = 2048;
+ s->qdev.type = TYPE_ROM;
+ s->features |= 1 << SCSI_DISK_F_REMOVABLE;
+ if (!s->product) {
+ s->product = g_strdup("QEMU CD-ROM");
+ }
+ return scsi_initfn(&s->qdev);
+}
+
+static int scsi_disk_initfn(SCSIDevice *dev)
+{
+ DriveInfo *dinfo;
+
+ if (!dev->conf.bs) {
+ return scsi_initfn(dev); /* ... and die there */
+ }
+
+ dinfo = drive_get_by_blockdev(dev->conf.bs);
+ if (dinfo->media_cd) {
+ return scsi_cd_initfn(dev);
+ } else {
+ return scsi_hd_initfn(dev);
+ }
+}
+
+static const SCSIReqOps scsi_disk_emulate_reqops = {
+ .size = sizeof(SCSIDiskReq),
+ .free_req = scsi_free_request,
+ .send_command = scsi_disk_emulate_command,
+ .read_data = scsi_disk_emulate_read_data,
+ .write_data = scsi_disk_emulate_write_data,
+ .get_buf = scsi_get_buf,
+};
+
+static const SCSIReqOps scsi_disk_dma_reqops = {
+ .size = sizeof(SCSIDiskReq),
+ .free_req = scsi_free_request,
+ .send_command = scsi_disk_dma_command,
+ .read_data = scsi_read_data,
+ .write_data = scsi_write_data,
+ .cancel_io = scsi_cancel_io,
+ .get_buf = scsi_get_buf,
+ .load_request = scsi_disk_load_request,
+ .save_request = scsi_disk_save_request,
+};
+
+static const SCSIReqOps *const scsi_disk_reqops_dispatch[256] = {
+ [TEST_UNIT_READY] = &scsi_disk_emulate_reqops,
+ [INQUIRY] = &scsi_disk_emulate_reqops,
+ [MODE_SENSE] = &scsi_disk_emulate_reqops,
+ [MODE_SENSE_10] = &scsi_disk_emulate_reqops,
+ [START_STOP] = &scsi_disk_emulate_reqops,
+ [ALLOW_MEDIUM_REMOVAL] = &scsi_disk_emulate_reqops,
+ [READ_CAPACITY_10] = &scsi_disk_emulate_reqops,
+ [READ_TOC] = &scsi_disk_emulate_reqops,
+ [READ_DVD_STRUCTURE] = &scsi_disk_emulate_reqops,
+ [READ_DISC_INFORMATION] = &scsi_disk_emulate_reqops,
+ [GET_CONFIGURATION] = &scsi_disk_emulate_reqops,
+ [GET_EVENT_STATUS_NOTIFICATION] = &scsi_disk_emulate_reqops,
+ [MECHANISM_STATUS] = &scsi_disk_emulate_reqops,
+ [SERVICE_ACTION_IN_16] = &scsi_disk_emulate_reqops,
+ [REQUEST_SENSE] = &scsi_disk_emulate_reqops,
+ [SYNCHRONIZE_CACHE] = &scsi_disk_emulate_reqops,
+ [SEEK_10] = &scsi_disk_emulate_reqops,
+ [MODE_SELECT] = &scsi_disk_emulate_reqops,
+ [MODE_SELECT_10] = &scsi_disk_emulate_reqops,
+ [UNMAP] = &scsi_disk_emulate_reqops,
+ [WRITE_SAME_10] = &scsi_disk_emulate_reqops,
+ [WRITE_SAME_16] = &scsi_disk_emulate_reqops,
+
+ [READ_6] = &scsi_disk_dma_reqops,
+ [READ_10] = &scsi_disk_dma_reqops,
+ [READ_12] = &scsi_disk_dma_reqops,
+ [READ_16] = &scsi_disk_dma_reqops,
+ [VERIFY_10] = &scsi_disk_dma_reqops,
+ [VERIFY_12] = &scsi_disk_dma_reqops,
+ [VERIFY_16] = &scsi_disk_dma_reqops,
+ [WRITE_6] = &scsi_disk_dma_reqops,
+ [WRITE_10] = &scsi_disk_dma_reqops,
+ [WRITE_12] = &scsi_disk_dma_reqops,
+ [WRITE_16] = &scsi_disk_dma_reqops,
+ [WRITE_VERIFY_10] = &scsi_disk_dma_reqops,
+ [WRITE_VERIFY_12] = &scsi_disk_dma_reqops,
+ [WRITE_VERIFY_16] = &scsi_disk_dma_reqops,
+};
+
+static SCSIRequest *scsi_new_request(SCSIDevice *d, uint32_t tag, uint32_t lun,
+ uint8_t *buf, void *hba_private)
+{
+ SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
+ SCSIRequest *req;
+ const SCSIReqOps *ops;
+ uint8_t command;
+
+ command = buf[0];
+ ops = scsi_disk_reqops_dispatch[command];
+ if (!ops) {
+ ops = &scsi_disk_emulate_reqops;
+ }
+ req = scsi_req_alloc(ops, &s->qdev, tag, lun, hba_private);
+
+#ifdef DEBUG_SCSI
+ DPRINTF("Command: lun=%d tag=0x%x data=0x%02x", lun, tag, buf[0]);
+ {
+ int i;
+ for (i = 1; i < req->cmd.len; i++) {
+ printf(" 0x%02x", buf[i]);
+ }
+ printf("\n");
+ }
+#endif
+
+ return req;
+}
+
+#ifdef __linux__
+static int get_device_type(SCSIDiskState *s)
+{
+ BlockDriverState *bdrv = s->qdev.conf.bs;
+ uint8_t cmd[16];
+ uint8_t buf[36];
+ uint8_t sensebuf[8];
+ sg_io_hdr_t io_header;
+ int ret;
+
+ memset(cmd, 0, sizeof(cmd));
+ memset(buf, 0, sizeof(buf));
+ cmd[0] = INQUIRY;
+ cmd[4] = sizeof(buf);
+
+ memset(&io_header, 0, sizeof(io_header));
+ io_header.interface_id = 'S';
+ io_header.dxfer_direction = SG_DXFER_FROM_DEV;
+ io_header.dxfer_len = sizeof(buf);
+ io_header.dxferp = buf;
+ io_header.cmdp = cmd;
+ io_header.cmd_len = sizeof(cmd);
+ io_header.mx_sb_len = sizeof(sensebuf);
+ io_header.sbp = sensebuf;
+ io_header.timeout = 6000; /* XXX */
+
+ ret = bdrv_ioctl(bdrv, SG_IO, &io_header);
+ if (ret < 0 || io_header.driver_status || io_header.host_status) {
+ return -1;
+ }
+ s->qdev.type = buf[0];
+ if (buf[1] & 0x80) {
+ s->features |= 1 << SCSI_DISK_F_REMOVABLE;
+ }
+ return 0;
+}
+
+static int scsi_block_initfn(SCSIDevice *dev)
+{
+ SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
+ int sg_version;
+ int rc;
+
+ if (!s->qdev.conf.bs) {
+ error_report("scsi-block: drive property not set");
+ return -1;
+ }
+
+ /* check we are using a driver managing SG_IO (version 3 and after) */
+ if (bdrv_ioctl(s->qdev.conf.bs, SG_GET_VERSION_NUM, &sg_version) < 0 ||
+ sg_version < 30000) {
+ error_report("scsi-block: scsi generic interface too old");
+ return -1;
+ }
+
+ /* get device type from INQUIRY data */
+ rc = get_device_type(s);
+ if (rc < 0) {
+ error_report("scsi-block: INQUIRY failed");
+ return -1;
+ }
+
+ /* Make a guess for the block size, we'll fix it when the guest sends.
+ * READ CAPACITY. If they don't, they likely would assume these sizes
+ * anyway. (TODO: check in /sys).
+ */
+ if (s->qdev.type == TYPE_ROM || s->qdev.type == TYPE_WORM) {
+ s->qdev.blocksize = 2048;
+ } else {
+ s->qdev.blocksize = 512;
+ }
+
+ /* Makes the scsi-block device not removable by using HMP and QMP eject
+ * command.
+ */
+ s->features |= (1 << SCSI_DISK_F_NO_REMOVABLE_DEVOPS);
+
+ return scsi_initfn(&s->qdev);
+}
+
+static SCSIRequest *scsi_block_new_request(SCSIDevice *d, uint32_t tag,
+ uint32_t lun, uint8_t *buf,
+ void *hba_private)
+{
+ SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
+
+ switch (buf[0]) {
+ case READ_6:
+ case READ_10:
+ case READ_12:
+ case READ_16:
+ case VERIFY_10:
+ case VERIFY_12:
+ case VERIFY_16:
+ case WRITE_6:
+ case WRITE_10:
+ case WRITE_12:
+ case WRITE_16:
+ case WRITE_VERIFY_10:
+ case WRITE_VERIFY_12:
+ case WRITE_VERIFY_16:
+ /* If we are not using O_DIRECT, we might read stale data from the
+ * host cache if writes were made using other commands than these
+ * ones (such as WRITE SAME or EXTENDED COPY, etc.). So, without
+ * O_DIRECT everything must go through SG_IO.
+ */
+ if (bdrv_get_flags(s->qdev.conf.bs) & BDRV_O_NOCACHE) {
+ break;
+ }
+
+ /* MMC writing cannot be done via pread/pwrite, because it sometimes
+ * involves writing beyond the maximum LBA or to negative LBA (lead-in).
+ * And once you do these writes, reading from the block device is
+ * unreliable, too. It is even possible that reads deliver random data
+ * from the host page cache (this is probably a Linux bug).
+ *
+ * We might use scsi_disk_dma_reqops as long as no writing commands are
+ * seen, but performance usually isn't paramount on optical media. So,
+ * just make scsi-block operate the same as scsi-generic for them.
+ */
+ if (s->qdev.type != TYPE_ROM) {
+ return scsi_req_alloc(&scsi_disk_dma_reqops, &s->qdev, tag, lun,
+ hba_private);
+ }
+ }
+
+ return scsi_req_alloc(&scsi_generic_req_ops, &s->qdev, tag, lun,
+ hba_private);
+}
+#endif
+
+#define DEFINE_SCSI_DISK_PROPERTIES() \
+ DEFINE_BLOCK_PROPERTIES(SCSIDiskState, qdev.conf), \
+ DEFINE_PROP_STRING("ver", SCSIDiskState, version), \
+ DEFINE_PROP_STRING("serial", SCSIDiskState, serial), \
+ DEFINE_PROP_STRING("vendor", SCSIDiskState, vendor), \
+ DEFINE_PROP_STRING("product", SCSIDiskState, product)
+
+static Property scsi_hd_properties[] = {
+ DEFINE_SCSI_DISK_PROPERTIES(),
+ DEFINE_PROP_BIT("removable", SCSIDiskState, features,
+ SCSI_DISK_F_REMOVABLE, false),
+ DEFINE_PROP_BIT("dpofua", SCSIDiskState, features,
+ SCSI_DISK_F_DPOFUA, false),
+ DEFINE_PROP_HEX64("wwn", SCSIDiskState, wwn, 0),
+ DEFINE_BLOCK_CHS_PROPERTIES(SCSIDiskState, qdev.conf),
+ DEFINE_PROP_END_OF_LIST(),
+};
+
+static const VMStateDescription vmstate_scsi_disk_state = {
+ .name = "scsi-disk",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .minimum_version_id_old = 1,
+ .fields = (VMStateField[]) {
+ VMSTATE_SCSI_DEVICE(qdev, SCSIDiskState),
+ VMSTATE_BOOL(media_changed, SCSIDiskState),
+ VMSTATE_BOOL(media_event, SCSIDiskState),
+ VMSTATE_BOOL(eject_request, SCSIDiskState),
+ VMSTATE_BOOL(tray_open, SCSIDiskState),
+ VMSTATE_BOOL(tray_locked, SCSIDiskState),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+static void scsi_hd_class_initfn(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
+
+ sc->init = scsi_hd_initfn;
+ sc->destroy = scsi_destroy;
+ sc->alloc_req = scsi_new_request;
+ sc->unit_attention_reported = scsi_disk_unit_attention_reported;
+ dc->fw_name = "disk";
+ dc->desc = "virtual SCSI disk";
+ dc->reset = scsi_disk_reset;
+ dc->props = scsi_hd_properties;
+ dc->vmsd = &vmstate_scsi_disk_state;
+}
+
+static const TypeInfo scsi_hd_info = {
+ .name = "scsi-hd",
+ .parent = TYPE_SCSI_DEVICE,
+ .instance_size = sizeof(SCSIDiskState),
+ .class_init = scsi_hd_class_initfn,
+};
+
+static Property scsi_cd_properties[] = {
+ DEFINE_SCSI_DISK_PROPERTIES(),
+ DEFINE_PROP_HEX64("wwn", SCSIDiskState, wwn, 0),
+ DEFINE_PROP_END_OF_LIST(),
+};
+
+static void scsi_cd_class_initfn(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
+
+ sc->init = scsi_cd_initfn;
+ sc->destroy = scsi_destroy;
+ sc->alloc_req = scsi_new_request;
+ sc->unit_attention_reported = scsi_disk_unit_attention_reported;
+ dc->fw_name = "disk";
+ dc->desc = "virtual SCSI CD-ROM";
+ dc->reset = scsi_disk_reset;
+ dc->props = scsi_cd_properties;
+ dc->vmsd = &vmstate_scsi_disk_state;
+}
+
+static const TypeInfo scsi_cd_info = {
+ .name = "scsi-cd",
+ .parent = TYPE_SCSI_DEVICE,
+ .instance_size = sizeof(SCSIDiskState),
+ .class_init = scsi_cd_class_initfn,
+};
+
+#ifdef __linux__
+static Property scsi_block_properties[] = {
+ DEFINE_PROP_DRIVE("drive", SCSIDiskState, qdev.conf.bs),
+ DEFINE_PROP_INT32("bootindex", SCSIDiskState, qdev.conf.bootindex, -1),
+ DEFINE_PROP_END_OF_LIST(),
+};
+
+static void scsi_block_class_initfn(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
+
+ sc->init = scsi_block_initfn;
+ sc->destroy = scsi_destroy;
+ sc->alloc_req = scsi_block_new_request;
+ dc->fw_name = "disk";
+ dc->desc = "SCSI block device passthrough";
+ dc->reset = scsi_disk_reset;
+ dc->props = scsi_block_properties;
+ dc->vmsd = &vmstate_scsi_disk_state;
+}
+
+static const TypeInfo scsi_block_info = {
+ .name = "scsi-block",
+ .parent = TYPE_SCSI_DEVICE,
+ .instance_size = sizeof(SCSIDiskState),
+ .class_init = scsi_block_class_initfn,
+};
+#endif
+
+static Property scsi_disk_properties[] = {
+ DEFINE_SCSI_DISK_PROPERTIES(),
+ DEFINE_PROP_BIT("removable", SCSIDiskState, features,
+ SCSI_DISK_F_REMOVABLE, false),
+ DEFINE_PROP_BIT("dpofua", SCSIDiskState, features,
+ SCSI_DISK_F_DPOFUA, false),
+ DEFINE_PROP_HEX64("wwn", SCSIDiskState, wwn, 0),
+ DEFINE_PROP_END_OF_LIST(),
+};
+
+static void scsi_disk_class_initfn(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
+
+ sc->init = scsi_disk_initfn;
+ sc->destroy = scsi_destroy;
+ sc->alloc_req = scsi_new_request;
+ sc->unit_attention_reported = scsi_disk_unit_attention_reported;
+ dc->fw_name = "disk";
+ dc->desc = "virtual SCSI disk or CD-ROM (legacy)";
+ dc->reset = scsi_disk_reset;
+ dc->props = scsi_disk_properties;
+ dc->vmsd = &vmstate_scsi_disk_state;
+}
+
+static const TypeInfo scsi_disk_info = {
+ .name = "scsi-disk",
+ .parent = TYPE_SCSI_DEVICE,
+ .instance_size = sizeof(SCSIDiskState),
+ .class_init = scsi_disk_class_initfn,
+};
+
+static void scsi_disk_register_types(void)
+{
+ type_register_static(&scsi_hd_info);
+ type_register_static(&scsi_cd_info);
+#ifdef __linux__
+ type_register_static(&scsi_block_info);
+#endif
+ type_register_static(&scsi_disk_info);
+}
+
+type_init(scsi_disk_register_types)
diff --git a/hw/scsi/scsi-generic.c b/hw/scsi/scsi-generic.c
new file mode 100644
index 000000000..8f195bec0
--- /dev/null
+++ b/hw/scsi/scsi-generic.c
@@ -0,0 +1,520 @@
+/*
+ * Generic SCSI Device support
+ *
+ * Copyright (c) 2007 Bull S.A.S.
+ * Based on code by Paul Brook
+ * Based on code by Fabrice Bellard
+ *
+ * Written by Laurent Vivier <Laurent.Vivier@bull.net>
+ *
+ * This code is licensed under the LGPL.
+ *
+ */
+
+#include "qemu-common.h"
+#include "qemu/error-report.h"
+#include "hw/scsi/scsi.h"
+#include "sysemu/blockdev.h"
+
+#ifdef __linux__
+
+//#define DEBUG_SCSI
+
+#ifdef DEBUG_SCSI
+#define DPRINTF(fmt, ...) \
+do { printf("scsi-generic: " fmt , ## __VA_ARGS__); } while (0)
+#else
+#define DPRINTF(fmt, ...) do {} while(0)
+#endif
+
+#define BADF(fmt, ...) \
+do { fprintf(stderr, "scsi-generic: " fmt , ## __VA_ARGS__); } while (0)
+
+#include <stdio.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <unistd.h>
+#include <scsi/sg.h>
+#include "block/scsi.h"
+
+#define SCSI_SENSE_BUF_SIZE 96
+
+#define SG_ERR_DRIVER_TIMEOUT 0x06
+#define SG_ERR_DRIVER_SENSE 0x08
+
+#define SG_ERR_DID_OK 0x00
+#define SG_ERR_DID_NO_CONNECT 0x01
+#define SG_ERR_DID_BUS_BUSY 0x02
+#define SG_ERR_DID_TIME_OUT 0x03
+
+#ifndef MAX_UINT
+#define MAX_UINT ((unsigned int)-1)
+#endif
+
+typedef struct SCSIGenericReq {
+ SCSIRequest req;
+ uint8_t *buf;
+ int buflen;
+ int len;
+ sg_io_hdr_t io_header;
+} SCSIGenericReq;
+
+static void scsi_generic_save_request(QEMUFile *f, SCSIRequest *req)
+{
+ SCSIGenericReq *r = DO_UPCAST(SCSIGenericReq, req, req);
+
+ qemu_put_sbe32s(f, &r->buflen);
+ if (r->buflen && r->req.cmd.mode == SCSI_XFER_TO_DEV) {
+ assert(!r->req.sg);
+ qemu_put_buffer(f, r->buf, r->req.cmd.xfer);
+ }
+}
+
+static void scsi_generic_load_request(QEMUFile *f, SCSIRequest *req)
+{
+ SCSIGenericReq *r = DO_UPCAST(SCSIGenericReq, req, req);
+
+ qemu_get_sbe32s(f, &r->buflen);
+ if (r->buflen && r->req.cmd.mode == SCSI_XFER_TO_DEV) {
+ assert(!r->req.sg);
+ qemu_get_buffer(f, r->buf, r->req.cmd.xfer);
+ }
+}
+
+static void scsi_free_request(SCSIRequest *req)
+{
+ SCSIGenericReq *r = DO_UPCAST(SCSIGenericReq, req, req);
+
+ g_free(r->buf);
+}
+
+/* Helper function for command completion. */
+static void scsi_command_complete(void *opaque, int ret)
+{
+ int status;
+ SCSIGenericReq *r = (SCSIGenericReq *)opaque;
+
+ r->req.aiocb = NULL;
+ if (r->io_header.driver_status & SG_ERR_DRIVER_SENSE) {
+ r->req.sense_len = r->io_header.sb_len_wr;
+ }
+
+ if (ret != 0) {
+ switch (ret) {
+ case -EDOM:
+ status = TASK_SET_FULL;
+ break;
+ case -ENOMEM:
+ status = CHECK_CONDITION;
+ scsi_req_build_sense(&r->req, SENSE_CODE(TARGET_FAILURE));
+ break;
+ default:
+ status = CHECK_CONDITION;
+ scsi_req_build_sense(&r->req, SENSE_CODE(IO_ERROR));
+ break;
+ }
+ } else {
+ if (r->io_header.host_status == SG_ERR_DID_NO_CONNECT ||
+ r->io_header.host_status == SG_ERR_DID_BUS_BUSY ||
+ r->io_header.host_status == SG_ERR_DID_TIME_OUT ||
+ (r->io_header.driver_status & SG_ERR_DRIVER_TIMEOUT)) {
+ status = BUSY;
+ BADF("Driver Timeout\n");
+ } else if (r->io_header.host_status) {
+ status = CHECK_CONDITION;
+ scsi_req_build_sense(&r->req, SENSE_CODE(I_T_NEXUS_LOSS));
+ } else if (r->io_header.status) {
+ status = r->io_header.status;
+ } else if (r->io_header.driver_status & SG_ERR_DRIVER_SENSE) {
+ status = CHECK_CONDITION;
+ } else {
+ status = GOOD;
+ }
+ }
+ DPRINTF("Command complete 0x%p tag=0x%x status=%d\n",
+ r, r->req.tag, status);
+
+ scsi_req_complete(&r->req, status);
+ if (!r->req.io_canceled) {
+ scsi_req_unref(&r->req);
+ }
+}
+
+/* Cancel a pending data transfer. */
+static void scsi_cancel_io(SCSIRequest *req)
+{
+ SCSIGenericReq *r = DO_UPCAST(SCSIGenericReq, req, req);
+
+ DPRINTF("Cancel tag=0x%x\n", req->tag);
+ if (r->req.aiocb) {
+ bdrv_aio_cancel(r->req.aiocb);
+
+ /* This reference was left in by scsi_*_data. We take ownership of
+ * it independent of whether bdrv_aio_cancel completes the request
+ * or not. */
+ scsi_req_unref(&r->req);
+ }
+ r->req.aiocb = NULL;
+}
+
+static int execute_command(BlockDriverState *bdrv,
+ SCSIGenericReq *r, int direction,
+ BlockDriverCompletionFunc *complete)
+{
+ r->io_header.interface_id = 'S';
+ r->io_header.dxfer_direction = direction;
+ r->io_header.dxferp = r->buf;
+ r->io_header.dxfer_len = r->buflen;
+ r->io_header.cmdp = r->req.cmd.buf;
+ r->io_header.cmd_len = r->req.cmd.len;
+ r->io_header.mx_sb_len = sizeof(r->req.sense);
+ r->io_header.sbp = r->req.sense;
+ r->io_header.timeout = MAX_UINT;
+ r->io_header.usr_ptr = r;
+ r->io_header.flags |= SG_FLAG_DIRECT_IO;
+
+ r->req.aiocb = bdrv_aio_ioctl(bdrv, SG_IO, &r->io_header, complete, r);
+ if (r->req.aiocb == NULL) {
+ return -EIO;
+ }
+
+ return 0;
+}
+
+static void scsi_read_complete(void * opaque, int ret)
+{
+ SCSIGenericReq *r = (SCSIGenericReq *)opaque;
+ SCSIDevice *s = r->req.dev;
+ int len;
+
+ r->req.aiocb = NULL;
+ if (ret) {
+ DPRINTF("IO error ret %d\n", ret);
+ scsi_command_complete(r, ret);
+ return;
+ }
+ len = r->io_header.dxfer_len - r->io_header.resid;
+ DPRINTF("Data ready tag=0x%x len=%d\n", r->req.tag, len);
+
+ r->len = -1;
+ if (len == 0) {
+ scsi_command_complete(r, 0);
+ } else {
+ /* Snoop READ CAPACITY output to set the blocksize. */
+ if (r->req.cmd.buf[0] == READ_CAPACITY_10 &&
+ (ldl_be_p(&r->buf[0]) != 0xffffffffU || s->max_lba == 0)) {
+ s->blocksize = ldl_be_p(&r->buf[4]);
+ s->max_lba = ldl_be_p(&r->buf[0]) & 0xffffffffULL;
+ } else if (r->req.cmd.buf[0] == SERVICE_ACTION_IN_16 &&
+ (r->req.cmd.buf[1] & 31) == SAI_READ_CAPACITY_16) {
+ s->blocksize = ldl_be_p(&r->buf[8]);
+ s->max_lba = ldq_be_p(&r->buf[0]);
+ }
+ bdrv_set_buffer_alignment(s->conf.bs, s->blocksize);
+
+ scsi_req_data(&r->req, len);
+ if (!r->req.io_canceled) {
+ scsi_req_unref(&r->req);
+ }
+ }
+}
+
+/* Read more data from scsi device into buffer. */
+static void scsi_read_data(SCSIRequest *req)
+{
+ SCSIGenericReq *r = DO_UPCAST(SCSIGenericReq, req, req);
+ SCSIDevice *s = r->req.dev;
+ int ret;
+
+ DPRINTF("scsi_read_data 0x%x\n", req->tag);
+
+ /* The request is used as the AIO opaque value, so add a ref. */
+ scsi_req_ref(&r->req);
+ if (r->len == -1) {
+ scsi_command_complete(r, 0);
+ return;
+ }
+
+ ret = execute_command(s->conf.bs, r, SG_DXFER_FROM_DEV, scsi_read_complete);
+ if (ret < 0) {
+ scsi_command_complete(r, ret);
+ }
+}
+
+static void scsi_write_complete(void * opaque, int ret)
+{
+ SCSIGenericReq *r = (SCSIGenericReq *)opaque;
+ SCSIDevice *s = r->req.dev;
+
+ DPRINTF("scsi_write_complete() ret = %d\n", ret);
+ r->req.aiocb = NULL;
+ if (ret) {
+ DPRINTF("IO error\n");
+ scsi_command_complete(r, ret);
+ return;
+ }
+
+ if (r->req.cmd.buf[0] == MODE_SELECT && r->req.cmd.buf[4] == 12 &&
+ s->type == TYPE_TAPE) {
+ s->blocksize = (r->buf[9] << 16) | (r->buf[10] << 8) | r->buf[11];
+ DPRINTF("block size %d\n", s->blocksize);
+ }
+
+ scsi_command_complete(r, ret);
+}
+
+/* Write data to a scsi device. Returns nonzero on failure.
+ The transfer may complete asynchronously. */
+static void scsi_write_data(SCSIRequest *req)
+{
+ SCSIGenericReq *r = DO_UPCAST(SCSIGenericReq, req, req);
+ SCSIDevice *s = r->req.dev;
+ int ret;
+
+ DPRINTF("scsi_write_data 0x%x\n", req->tag);
+ if (r->len == 0) {
+ r->len = r->buflen;
+ scsi_req_data(&r->req, r->len);
+ return;
+ }
+
+ /* The request is used as the AIO opaque value, so add a ref. */
+ scsi_req_ref(&r->req);
+ ret = execute_command(s->conf.bs, r, SG_DXFER_TO_DEV, scsi_write_complete);
+ if (ret < 0) {
+ scsi_command_complete(r, ret);
+ }
+}
+
+/* Return a pointer to the data buffer. */
+static uint8_t *scsi_get_buf(SCSIRequest *req)
+{
+ SCSIGenericReq *r = DO_UPCAST(SCSIGenericReq, req, req);
+
+ return r->buf;
+}
+
+/* Execute a scsi command. Returns the length of the data expected by the
+ command. This will be Positive for data transfers from the device
+ (eg. disk reads), negative for transfers to the device (eg. disk writes),
+ and zero if the command does not transfer any data. */
+
+static int32_t scsi_send_command(SCSIRequest *req, uint8_t *cmd)
+{
+ SCSIGenericReq *r = DO_UPCAST(SCSIGenericReq, req, req);
+ SCSIDevice *s = r->req.dev;
+ int ret;
+
+ DPRINTF("Command: lun=%d tag=0x%x len %zd data=0x%02x", lun, tag,
+ r->req.cmd.xfer, cmd[0]);
+
+#ifdef DEBUG_SCSI
+ {
+ int i;
+ for (i = 1; i < r->req.cmd.len; i++) {
+ printf(" 0x%02x", cmd[i]);
+ }
+ printf("\n");
+ }
+#endif
+
+ if (r->req.cmd.xfer == 0) {
+ if (r->buf != NULL)
+ g_free(r->buf);
+ r->buflen = 0;
+ r->buf = NULL;
+ /* The request is used as the AIO opaque value, so add a ref. */
+ scsi_req_ref(&r->req);
+ ret = execute_command(s->conf.bs, r, SG_DXFER_NONE, scsi_command_complete);
+ if (ret < 0) {
+ scsi_command_complete(r, ret);
+ return 0;
+ }
+ return 0;
+ }
+
+ if (r->buflen != r->req.cmd.xfer) {
+ if (r->buf != NULL)
+ g_free(r->buf);
+ r->buf = g_malloc(r->req.cmd.xfer);
+ r->buflen = r->req.cmd.xfer;
+ }
+
+ memset(r->buf, 0, r->buflen);
+ r->len = r->req.cmd.xfer;
+ if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
+ r->len = 0;
+ return -r->req.cmd.xfer;
+ } else {
+ return r->req.cmd.xfer;
+ }
+}
+
+static int get_stream_blocksize(BlockDriverState *bdrv)
+{
+ uint8_t cmd[6];
+ uint8_t buf[12];
+ uint8_t sensebuf[8];
+ sg_io_hdr_t io_header;
+ int ret;
+
+ memset(cmd, 0, sizeof(cmd));
+ memset(buf, 0, sizeof(buf));
+ cmd[0] = MODE_SENSE;
+ cmd[4] = sizeof(buf);
+
+ memset(&io_header, 0, sizeof(io_header));
+ io_header.interface_id = 'S';
+ io_header.dxfer_direction = SG_DXFER_FROM_DEV;
+ io_header.dxfer_len = sizeof(buf);
+ io_header.dxferp = buf;
+ io_header.cmdp = cmd;
+ io_header.cmd_len = sizeof(cmd);
+ io_header.mx_sb_len = sizeof(sensebuf);
+ io_header.sbp = sensebuf;
+ io_header.timeout = 6000; /* XXX */
+
+ ret = bdrv_ioctl(bdrv, SG_IO, &io_header);
+ if (ret < 0 || io_header.driver_status || io_header.host_status) {
+ return -1;
+ }
+ return (buf[9] << 16) | (buf[10] << 8) | buf[11];
+}
+
+static void scsi_generic_reset(DeviceState *dev)
+{
+ SCSIDevice *s = SCSI_DEVICE(dev);
+
+ scsi_device_purge_requests(s, SENSE_CODE(RESET));
+}
+
+static void scsi_destroy(SCSIDevice *s)
+{
+ scsi_device_purge_requests(s, SENSE_CODE(NO_SENSE));
+ blockdev_mark_auto_del(s->conf.bs);
+}
+
+static int scsi_generic_initfn(SCSIDevice *s)
+{
+ int sg_version;
+ struct sg_scsi_id scsiid;
+
+ if (!s->conf.bs) {
+ error_report("drive property not set");
+ return -1;
+ }
+
+ if (bdrv_get_on_error(s->conf.bs, 0) != BLOCKDEV_ON_ERROR_ENOSPC) {
+ error_report("Device doesn't support drive option werror");
+ return -1;
+ }
+ if (bdrv_get_on_error(s->conf.bs, 1) != BLOCKDEV_ON_ERROR_REPORT) {
+ error_report("Device doesn't support drive option rerror");
+ return -1;
+ }
+
+ /* check we are using a driver managing SG_IO (version 3 and after */
+ if (bdrv_ioctl(s->conf.bs, SG_GET_VERSION_NUM, &sg_version) < 0) {
+ error_report("scsi generic interface not supported");
+ return -1;
+ }
+ if (sg_version < 30000) {
+ error_report("scsi generic interface too old");
+ return -1;
+ }
+
+ /* get LUN of the /dev/sg? */
+ if (bdrv_ioctl(s->conf.bs, SG_GET_SCSI_ID, &scsiid)) {
+ error_report("SG_GET_SCSI_ID ioctl failed");
+ return -1;
+ }
+
+ /* define device state */
+ s->type = scsiid.scsi_type;
+ DPRINTF("device type %d\n", s->type);
+ if (s->type == TYPE_DISK || s->type == TYPE_ROM) {
+ add_boot_device_path(s->conf.bootindex, &s->qdev, NULL);
+ }
+
+ switch (s->type) {
+ case TYPE_TAPE:
+ s->blocksize = get_stream_blocksize(s->conf.bs);
+ if (s->blocksize == -1) {
+ s->blocksize = 0;
+ }
+ break;
+
+ /* Make a guess for block devices, we'll fix it when the guest sends.
+ * READ CAPACITY. If they don't, they likely would assume these sizes
+ * anyway. (TODO: they could also send MODE SENSE).
+ */
+ case TYPE_ROM:
+ case TYPE_WORM:
+ s->blocksize = 2048;
+ break;
+ default:
+ s->blocksize = 512;
+ break;
+ }
+
+ DPRINTF("block size %d\n", s->blocksize);
+ return 0;
+}
+
+const SCSIReqOps scsi_generic_req_ops = {
+ .size = sizeof(SCSIGenericReq),
+ .free_req = scsi_free_request,
+ .send_command = scsi_send_command,
+ .read_data = scsi_read_data,
+ .write_data = scsi_write_data,
+ .cancel_io = scsi_cancel_io,
+ .get_buf = scsi_get_buf,
+ .load_request = scsi_generic_load_request,
+ .save_request = scsi_generic_save_request,
+};
+
+static SCSIRequest *scsi_new_request(SCSIDevice *d, uint32_t tag, uint32_t lun,
+ uint8_t *buf, void *hba_private)
+{
+ SCSIRequest *req;
+
+ req = scsi_req_alloc(&scsi_generic_req_ops, d, tag, lun, hba_private);
+ return req;
+}
+
+static Property scsi_generic_properties[] = {
+ DEFINE_PROP_DRIVE("drive", SCSIDevice, conf.bs),
+ DEFINE_PROP_INT32("bootindex", SCSIDevice, conf.bootindex, -1),
+ DEFINE_PROP_END_OF_LIST(),
+};
+
+static void scsi_generic_class_initfn(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
+
+ sc->init = scsi_generic_initfn;
+ sc->destroy = scsi_destroy;
+ sc->alloc_req = scsi_new_request;
+ dc->fw_name = "disk";
+ dc->desc = "pass through generic scsi device (/dev/sg*)";
+ dc->reset = scsi_generic_reset;
+ dc->props = scsi_generic_properties;
+ dc->vmsd = &vmstate_scsi_device;
+}
+
+static const TypeInfo scsi_generic_info = {
+ .name = "scsi-generic",
+ .parent = TYPE_SCSI_DEVICE,
+ .instance_size = sizeof(SCSIDevice),
+ .class_init = scsi_generic_class_initfn,
+};
+
+static void scsi_generic_register_types(void)
+{
+ type_register_static(&scsi_generic_info);
+}
+
+type_init(scsi_generic_register_types)
+
+#endif /* __linux__ */
diff --git a/hw/scsi/spapr_vscsi.c b/hw/scsi/spapr_vscsi.c
new file mode 100644
index 000000000..e9090e5c7
--- /dev/null
+++ b/hw/scsi/spapr_vscsi.c
@@ -0,0 +1,1109 @@
+/*
+ * QEMU PowerPC pSeries Logical Partition (aka sPAPR) hardware System Emulator
+ *
+ * PAPR Virtual SCSI, aka ibmvscsi
+ *
+ * Copyright (c) 2010,2011 Benjamin Herrenschmidt, IBM Corporation.
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ *
+ * TODO:
+ *
+ * - Cleanups :-)
+ * - Sort out better how to assign devices to VSCSI instances
+ * - Fix residual counts
+ * - Add indirect descriptors support
+ * - Maybe do autosense (PAPR seems to mandate it, linux doesn't care)
+ */
+#include "hw/hw.h"
+#include "hw/scsi/scsi.h"
+#include "block/scsi.h"
+#include "srp.h"
+#include "hw/qdev.h"
+#include "hw/ppc/spapr.h"
+#include "hw/ppc/spapr_vio.h"
+#include "viosrp.h"
+
+#include <libfdt.h>
+
+/*#define DEBUG_VSCSI*/
+
+#ifdef DEBUG_VSCSI
+#define DPRINTF(fmt, ...) \
+ do { fprintf(stderr, fmt, ## __VA_ARGS__); } while (0)
+#else
+#define DPRINTF(fmt, ...) \
+ do { } while (0)
+#endif
+
+/*
+ * Virtual SCSI device
+ */
+
+/* Random numbers */
+#define VSCSI_MAX_SECTORS 4096
+#define VSCSI_REQ_LIMIT 24
+
+#define SCSI_SENSE_BUF_SIZE 96
+#define SRP_RSP_SENSE_DATA_LEN 18
+
+typedef union vscsi_crq {
+ struct viosrp_crq s;
+ uint8_t raw[16];
+} vscsi_crq;
+
+typedef struct vscsi_req {
+ vscsi_crq crq;
+ union viosrp_iu iu;
+
+ /* SCSI request tracking */
+ SCSIRequest *sreq;
+ uint32_t qtag; /* qemu tag != srp tag */
+ bool active;
+ uint32_t data_len;
+ bool writing;
+ uint32_t senselen;
+ uint8_t sense[SCSI_SENSE_BUF_SIZE];
+
+ /* RDMA related bits */
+ uint8_t dma_fmt;
+ uint16_t local_desc;
+ uint16_t total_desc;
+ uint16_t cdb_offset;
+ uint16_t cur_desc_num;
+ uint16_t cur_desc_offset;
+} vscsi_req;
+
+#define TYPE_VIO_SPAPR_VSCSI_DEVICE "spapr-vscsi"
+#define VIO_SPAPR_VSCSI_DEVICE(obj) \
+ OBJECT_CHECK(VSCSIState, (obj), TYPE_VIO_SPAPR_VSCSI_DEVICE)
+
+typedef struct {
+ VIOsPAPRDevice vdev;
+ SCSIBus bus;
+ vscsi_req reqs[VSCSI_REQ_LIMIT];
+} VSCSIState;
+
+static struct vscsi_req *vscsi_get_req(VSCSIState *s)
+{
+ vscsi_req *req;
+ int i;
+
+ for (i = 0; i < VSCSI_REQ_LIMIT; i++) {
+ req = &s->reqs[i];
+ if (!req->active) {
+ memset(req, 0, sizeof(*req));
+ req->qtag = i;
+ req->active = 1;
+ return req;
+ }
+ }
+ return NULL;
+}
+
+static void vscsi_put_req(vscsi_req *req)
+{
+ if (req->sreq != NULL) {
+ scsi_req_unref(req->sreq);
+ }
+ req->sreq = NULL;
+ req->active = 0;
+}
+
+static SCSIDevice *vscsi_device_find(SCSIBus *bus, uint64_t srp_lun, int *lun)
+{
+ int channel = 0, id = 0;
+
+retry:
+ switch (srp_lun >> 62) {
+ case 0:
+ if ((srp_lun >> 56) != 0) {
+ channel = (srp_lun >> 56) & 0x3f;
+ id = (srp_lun >> 48) & 0xff;
+ srp_lun <<= 16;
+ goto retry;
+ }
+ *lun = (srp_lun >> 48) & 0xff;
+ break;
+
+ case 1:
+ *lun = (srp_lun >> 48) & 0x3fff;
+ break;
+ case 2:
+ channel = (srp_lun >> 53) & 0x7;
+ id = (srp_lun >> 56) & 0x3f;
+ *lun = (srp_lun >> 48) & 0x1f;
+ break;
+ case 3:
+ *lun = -1;
+ return NULL;
+ default:
+ abort();
+ }
+
+ return scsi_device_find(bus, channel, id, *lun);
+}
+
+static int vscsi_send_iu(VSCSIState *s, vscsi_req *req,
+ uint64_t length, uint8_t format)
+{
+ long rc, rc1;
+
+ /* First copy the SRP */
+ rc = spapr_vio_dma_write(&s->vdev, req->crq.s.IU_data_ptr,
+ &req->iu, length);
+ if (rc) {
+ fprintf(stderr, "vscsi_send_iu: DMA write failure !\n");
+ }
+
+ req->crq.s.valid = 0x80;
+ req->crq.s.format = format;
+ req->crq.s.reserved = 0x00;
+ req->crq.s.timeout = cpu_to_be16(0x0000);
+ req->crq.s.IU_length = cpu_to_be16(length);
+ req->crq.s.IU_data_ptr = req->iu.srp.rsp.tag; /* right byte order */
+
+ if (rc == 0) {
+ req->crq.s.status = 0x99; /* Just needs to be non-zero */
+ } else {
+ req->crq.s.status = 0x00;
+ }
+
+ rc1 = spapr_vio_send_crq(&s->vdev, req->crq.raw);
+ if (rc1) {
+ fprintf(stderr, "vscsi_send_iu: Error sending response\n");
+ return rc1;
+ }
+
+ return rc;
+}
+
+static void vscsi_makeup_sense(VSCSIState *s, vscsi_req *req,
+ uint8_t key, uint8_t asc, uint8_t ascq)
+{
+ req->senselen = SRP_RSP_SENSE_DATA_LEN;
+
+ /* Valid bit and 'current errors' */
+ req->sense[0] = (0x1 << 7 | 0x70);
+ /* Sense key */
+ req->sense[2] = key;
+ /* Additional sense length */
+ req->sense[7] = 0xa; /* 10 bytes */
+ /* Additional sense code */
+ req->sense[12] = asc;
+ req->sense[13] = ascq;
+}
+
+static int vscsi_send_rsp(VSCSIState *s, vscsi_req *req,
+ uint8_t status, int32_t res_in, int32_t res_out)
+{
+ union viosrp_iu *iu = &req->iu;
+ uint64_t tag = iu->srp.rsp.tag;
+ int total_len = sizeof(iu->srp.rsp);
+ uint8_t sol_not = iu->srp.cmd.sol_not;
+
+ DPRINTF("VSCSI: Sending resp status: 0x%x, "
+ "res_in: %d, res_out: %d\n", status, res_in, res_out);
+
+ memset(iu, 0, sizeof(struct srp_rsp));
+ iu->srp.rsp.opcode = SRP_RSP;
+ iu->srp.rsp.req_lim_delta = cpu_to_be32(1);
+ iu->srp.rsp.tag = tag;
+
+ /* Handle residuals */
+ if (res_in < 0) {
+ iu->srp.rsp.flags |= SRP_RSP_FLAG_DIUNDER;
+ res_in = -res_in;
+ } else if (res_in) {
+ iu->srp.rsp.flags |= SRP_RSP_FLAG_DIOVER;
+ }
+ if (res_out < 0) {
+ iu->srp.rsp.flags |= SRP_RSP_FLAG_DOUNDER;
+ res_out = -res_out;
+ } else if (res_out) {
+ iu->srp.rsp.flags |= SRP_RSP_FLAG_DOOVER;
+ }
+ iu->srp.rsp.data_in_res_cnt = cpu_to_be32(res_in);
+ iu->srp.rsp.data_out_res_cnt = cpu_to_be32(res_out);
+
+ /* We don't do response data */
+ /* iu->srp.rsp.flags &= ~SRP_RSP_FLAG_RSPVALID; */
+ iu->srp.rsp.resp_data_len = cpu_to_be32(0);
+
+ /* Handle success vs. failure */
+ iu->srp.rsp.status = status;
+ if (status) {
+ iu->srp.rsp.sol_not = (sol_not & 0x04) >> 2;
+ if (req->senselen) {
+ req->iu.srp.rsp.flags |= SRP_RSP_FLAG_SNSVALID;
+ req->iu.srp.rsp.sense_data_len = cpu_to_be32(req->senselen);
+ memcpy(req->iu.srp.rsp.data, req->sense, req->senselen);
+ total_len += req->senselen;
+ }
+ } else {
+ iu->srp.rsp.sol_not = (sol_not & 0x02) >> 1;
+ }
+
+ vscsi_send_iu(s, req, total_len, VIOSRP_SRP_FORMAT);
+ return 0;
+}
+
+static inline struct srp_direct_buf vscsi_swap_desc(struct srp_direct_buf desc)
+{
+ desc.va = be64_to_cpu(desc.va);
+ desc.len = be32_to_cpu(desc.len);
+ return desc;
+}
+
+static int vscsi_fetch_desc(VSCSIState *s, struct vscsi_req *req,
+ unsigned n, unsigned buf_offset,
+ struct srp_direct_buf *ret)
+{
+ struct srp_cmd *cmd = &req->iu.srp.cmd;
+
+ switch (req->dma_fmt) {
+ case SRP_NO_DATA_DESC: {
+ DPRINTF("VSCSI: no data descriptor\n");
+ return 0;
+ }
+ case SRP_DATA_DESC_DIRECT: {
+ memcpy(ret, cmd->add_data + req->cdb_offset, sizeof(*ret));
+ assert(req->cur_desc_num == 0);
+ DPRINTF("VSCSI: direct segment\n");
+ break;
+ }
+ case SRP_DATA_DESC_INDIRECT: {
+ struct srp_indirect_buf *tmp = (struct srp_indirect_buf *)
+ (cmd->add_data + req->cdb_offset);
+ if (n < req->local_desc) {
+ *ret = tmp->desc_list[n];
+ DPRINTF("VSCSI: indirect segment local tag=0x%x desc#%d/%d\n",
+ req->qtag, n, req->local_desc);
+
+ } else if (n < req->total_desc) {
+ int rc;
+ struct srp_direct_buf tbl_desc = vscsi_swap_desc(tmp->table_desc);
+ unsigned desc_offset = n * sizeof(struct srp_direct_buf);
+
+ if (desc_offset >= tbl_desc.len) {
+ DPRINTF("VSCSI: #%d is ouf of range (%d bytes)\n",
+ n, desc_offset);
+ return -1;
+ }
+ rc = spapr_vio_dma_read(&s->vdev, tbl_desc.va + desc_offset,
+ ret, sizeof(struct srp_direct_buf));
+ if (rc) {
+ DPRINTF("VSCSI: spapr_vio_dma_read -> %d reading ext_desc\n",
+ rc);
+ return -1;
+ }
+ DPRINTF("VSCSI: indirect segment ext. tag=0x%x desc#%d/%d { va=%"PRIx64" len=%x }\n",
+ req->qtag, n, req->total_desc, tbl_desc.va, tbl_desc.len);
+ } else {
+ DPRINTF("VSCSI: Out of descriptors !\n");
+ return 0;
+ }
+ break;
+ }
+ default:
+ fprintf(stderr, "VSCSI: Unknown format %x\n", req->dma_fmt);
+ return -1;
+ }
+
+ *ret = vscsi_swap_desc(*ret);
+ if (buf_offset > ret->len) {
+ DPRINTF(" offset=%x is out of a descriptor #%d boundary=%x\n",
+ buf_offset, req->cur_desc_num, ret->len);
+ return -1;
+ }
+ ret->va += buf_offset;
+ ret->len -= buf_offset;
+
+ DPRINTF(" cur=%d offs=%x ret { va=%"PRIx64" len=%x }\n",
+ req->cur_desc_num, req->cur_desc_offset, ret->va, ret->len);
+
+ return ret->len ? 1 : 0;
+}
+
+static int vscsi_srp_direct_data(VSCSIState *s, vscsi_req *req,
+ uint8_t *buf, uint32_t len)
+{
+ struct srp_direct_buf md;
+ uint32_t llen;
+ int rc = 0;
+
+ rc = vscsi_fetch_desc(s, req, req->cur_desc_num, req->cur_desc_offset, &md);
+ if (rc < 0) {
+ return -1;
+ } else if (rc == 0) {
+ return 0;
+ }
+
+ llen = MIN(len, md.len);
+ if (llen) {
+ if (req->writing) { /* writing = to device = reading from memory */
+ rc = spapr_vio_dma_read(&s->vdev, md.va, buf, llen);
+ } else {
+ rc = spapr_vio_dma_write(&s->vdev, md.va, buf, llen);
+ }
+ }
+
+ if (rc) {
+ return -1;
+ }
+ req->cur_desc_offset += llen;
+
+ return llen;
+}
+
+static int vscsi_srp_indirect_data(VSCSIState *s, vscsi_req *req,
+ uint8_t *buf, uint32_t len)
+{
+ struct srp_direct_buf md;
+ int rc = 0;
+ uint32_t llen, total = 0;
+
+ DPRINTF("VSCSI: indirect segment 0x%x bytes\n", len);
+
+ /* While we have data ... */
+ while (len) {
+ rc = vscsi_fetch_desc(s, req, req->cur_desc_num, req->cur_desc_offset, &md);
+ if (rc < 0) {
+ return -1;
+ } else if (rc == 0) {
+ break;
+ }
+
+ /* Perform transfer */
+ llen = MIN(len, md.len);
+ if (req->writing) { /* writing = to device = reading from memory */
+ rc = spapr_vio_dma_read(&s->vdev, md.va, buf, llen);
+ } else {
+ rc = spapr_vio_dma_write(&s->vdev, md.va, buf, llen);
+ }
+ if (rc) {
+ DPRINTF("VSCSI: spapr_vio_dma_r/w(%d) -> %d\n", req->writing, rc);
+ break;
+ }
+ DPRINTF("VSCSI: data: %02x %02x %02x %02x...\n",
+ buf[0], buf[1], buf[2], buf[3]);
+
+ len -= llen;
+ buf += llen;
+
+ total += llen;
+
+ /* Update current position in the current descriptor */
+ req->cur_desc_offset += llen;
+ if (md.len == llen) {
+ /* Go to the next descriptor if the current one finished */
+ ++req->cur_desc_num;
+ req->cur_desc_offset = 0;
+ }
+ }
+
+ return rc ? -1 : total;
+}
+
+static int vscsi_srp_transfer_data(VSCSIState *s, vscsi_req *req,
+ int writing, uint8_t *buf, uint32_t len)
+{
+ int err = 0;
+
+ switch (req->dma_fmt) {
+ case SRP_NO_DATA_DESC:
+ DPRINTF("VSCSI: no data desc transfer, skipping 0x%x bytes\n", len);
+ break;
+ case SRP_DATA_DESC_DIRECT:
+ err = vscsi_srp_direct_data(s, req, buf, len);
+ break;
+ case SRP_DATA_DESC_INDIRECT:
+ err = vscsi_srp_indirect_data(s, req, buf, len);
+ break;
+ }
+ return err;
+}
+
+/* Bits from linux srp */
+static int data_out_desc_size(struct srp_cmd *cmd)
+{
+ int size = 0;
+ uint8_t fmt = cmd->buf_fmt >> 4;
+
+ switch (fmt) {
+ case SRP_NO_DATA_DESC:
+ break;
+ case SRP_DATA_DESC_DIRECT:
+ size = sizeof(struct srp_direct_buf);
+ break;
+ case SRP_DATA_DESC_INDIRECT:
+ size = sizeof(struct srp_indirect_buf) +
+ sizeof(struct srp_direct_buf)*cmd->data_out_desc_cnt;
+ break;
+ default:
+ break;
+ }
+ return size;
+}
+
+static int vscsi_preprocess_desc(vscsi_req *req)
+{
+ struct srp_cmd *cmd = &req->iu.srp.cmd;
+
+ req->cdb_offset = cmd->add_cdb_len & ~3;
+
+ if (req->writing) {
+ req->dma_fmt = cmd->buf_fmt >> 4;
+ } else {
+ req->cdb_offset += data_out_desc_size(cmd);
+ req->dma_fmt = cmd->buf_fmt & ((1U << 4) - 1);
+ }
+
+ switch (req->dma_fmt) {
+ case SRP_NO_DATA_DESC:
+ break;
+ case SRP_DATA_DESC_DIRECT:
+ req->total_desc = req->local_desc = 1;
+ break;
+ case SRP_DATA_DESC_INDIRECT: {
+ struct srp_indirect_buf *ind_tmp = (struct srp_indirect_buf *)
+ (cmd->add_data + req->cdb_offset);
+
+ req->total_desc = be32_to_cpu(ind_tmp->table_desc.len) /
+ sizeof(struct srp_direct_buf);
+ req->local_desc = req->writing ? cmd->data_out_desc_cnt :
+ cmd->data_in_desc_cnt;
+ break;
+ }
+ default:
+ fprintf(stderr,
+ "vscsi_preprocess_desc: Unknown format %x\n", req->dma_fmt);
+ return -1;
+ }
+
+ return 0;
+}
+
+/* Callback to indicate that the SCSI layer has completed a transfer. */
+static void vscsi_transfer_data(SCSIRequest *sreq, uint32_t len)
+{
+ VSCSIState *s = VIO_SPAPR_VSCSI_DEVICE(sreq->bus->qbus.parent);
+ vscsi_req *req = sreq->hba_private;
+ uint8_t *buf;
+ int rc = 0;
+
+ DPRINTF("VSCSI: SCSI xfer complete tag=0x%x len=0x%x, req=%p\n",
+ sreq->tag, len, req);
+ if (req == NULL) {
+ fprintf(stderr, "VSCSI: Can't find request for tag 0x%x\n", sreq->tag);
+ return;
+ }
+
+ if (len) {
+ buf = scsi_req_get_buf(sreq);
+ rc = vscsi_srp_transfer_data(s, req, req->writing, buf, len);
+ }
+ if (rc < 0) {
+ fprintf(stderr, "VSCSI: RDMA error rc=%d!\n", rc);
+ vscsi_makeup_sense(s, req, HARDWARE_ERROR, 0, 0);
+ scsi_req_abort(req->sreq, CHECK_CONDITION);
+ return;
+ }
+
+ /* Start next chunk */
+ req->data_len -= rc;
+ scsi_req_continue(sreq);
+}
+
+/* Callback to indicate that the SCSI layer has completed a transfer. */
+static void vscsi_command_complete(SCSIRequest *sreq, uint32_t status, size_t resid)
+{
+ VSCSIState *s = VIO_SPAPR_VSCSI_DEVICE(sreq->bus->qbus.parent);
+ vscsi_req *req = sreq->hba_private;
+ int32_t res_in = 0, res_out = 0;
+
+ DPRINTF("VSCSI: SCSI cmd complete, tag=0x%x status=0x%x, req=%p\n",
+ sreq->tag, status, req);
+ if (req == NULL) {
+ fprintf(stderr, "VSCSI: Can't find request for tag 0x%x\n", sreq->tag);
+ return;
+ }
+
+ if (status == CHECK_CONDITION) {
+ req->senselen = scsi_req_get_sense(req->sreq, req->sense,
+ sizeof(req->sense));
+ DPRINTF("VSCSI: Sense data, %d bytes:\n", req->senselen);
+ DPRINTF(" %02x %02x %02x %02x %02x %02x %02x %02x\n",
+ req->sense[0], req->sense[1], req->sense[2], req->sense[3],
+ req->sense[4], req->sense[5], req->sense[6], req->sense[7]);
+ DPRINTF(" %02x %02x %02x %02x %02x %02x %02x %02x\n",
+ req->sense[8], req->sense[9], req->sense[10], req->sense[11],
+ req->sense[12], req->sense[13], req->sense[14], req->sense[15]);
+ }
+
+ DPRINTF("VSCSI: Command complete err=%d\n", status);
+ if (status == 0) {
+ /* We handle overflows, not underflows for normal commands,
+ * but hopefully nobody cares
+ */
+ if (req->writing) {
+ res_out = req->data_len;
+ } else {
+ res_in = req->data_len;
+ }
+ }
+ vscsi_send_rsp(s, req, status, res_in, res_out);
+ vscsi_put_req(req);
+}
+
+static void vscsi_request_cancelled(SCSIRequest *sreq)
+{
+ vscsi_req *req = sreq->hba_private;
+
+ vscsi_put_req(req);
+}
+
+static const VMStateDescription vmstate_spapr_vscsi_req = {
+ .name = "spapr_vscsi_req",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .minimum_version_id_old = 1,
+ .fields = (VMStateField []) {
+ VMSTATE_BUFFER(crq.raw, vscsi_req),
+ VMSTATE_BUFFER(iu.srp.reserved, vscsi_req),
+ VMSTATE_UINT32(qtag, vscsi_req),
+ VMSTATE_BOOL(active, vscsi_req),
+ VMSTATE_UINT32(data_len, vscsi_req),
+ VMSTATE_BOOL(writing, vscsi_req),
+ VMSTATE_UINT32(senselen, vscsi_req),
+ VMSTATE_BUFFER(sense, vscsi_req),
+ VMSTATE_UINT8(dma_fmt, vscsi_req),
+ VMSTATE_UINT16(local_desc, vscsi_req),
+ VMSTATE_UINT16(total_desc, vscsi_req),
+ VMSTATE_UINT16(cdb_offset, vscsi_req),
+ /*Restart SCSI request from the beginning for now */
+ /*VMSTATE_UINT16(cur_desc_num, vscsi_req),
+ VMSTATE_UINT16(cur_desc_offset, vscsi_req),*/
+ VMSTATE_END_OF_LIST()
+ },
+};
+
+static void vscsi_save_request(QEMUFile *f, SCSIRequest *sreq)
+{
+ vscsi_req *req = sreq->hba_private;
+ assert(req->active);
+
+ vmstate_save_state(f, &vmstate_spapr_vscsi_req, req);
+
+ DPRINTF("VSCSI: saving tag=%u, current desc#%d, offset=%x\n",
+ req->qtag, req->cur_desc_num, req->cur_desc_offset);
+}
+
+static void *vscsi_load_request(QEMUFile *f, SCSIRequest *sreq)
+{
+ SCSIBus *bus = sreq->bus;
+ VSCSIState *s = VIO_SPAPR_VSCSI_DEVICE(bus->qbus.parent);
+ vscsi_req *req;
+ int rc;
+
+ assert(sreq->tag < VSCSI_REQ_LIMIT);
+ req = &s->reqs[sreq->tag];
+ assert(!req->active);
+
+ memset(req, 0, sizeof(*req));
+ rc = vmstate_load_state(f, &vmstate_spapr_vscsi_req, req, 1);
+ if (rc) {
+ fprintf(stderr, "VSCSI: failed loading request tag#%u\n", sreq->tag);
+ return NULL;
+ }
+ assert(req->active);
+
+ req->sreq = scsi_req_ref(sreq);
+
+ DPRINTF("VSCSI: restoring tag=%u, current desc#%d, offset=%x\n",
+ req->qtag, req->cur_desc_num, req->cur_desc_offset);
+
+ return req;
+}
+
+static void vscsi_process_login(VSCSIState *s, vscsi_req *req)
+{
+ union viosrp_iu *iu = &req->iu;
+ struct srp_login_rsp *rsp = &iu->srp.login_rsp;
+ uint64_t tag = iu->srp.rsp.tag;
+
+ DPRINTF("VSCSI: Got login, sendin response !\n");
+
+ /* TODO handle case that requested size is wrong and
+ * buffer format is wrong
+ */
+ memset(iu, 0, sizeof(struct srp_login_rsp));
+ rsp->opcode = SRP_LOGIN_RSP;
+ /* Don't advertise quite as many request as we support to
+ * keep room for management stuff etc...
+ */
+ rsp->req_lim_delta = cpu_to_be32(VSCSI_REQ_LIMIT-2);
+ rsp->tag = tag;
+ rsp->max_it_iu_len = cpu_to_be32(sizeof(union srp_iu));
+ rsp->max_ti_iu_len = cpu_to_be32(sizeof(union srp_iu));
+ /* direct and indirect */
+ rsp->buf_fmt = cpu_to_be16(SRP_BUF_FORMAT_DIRECT | SRP_BUF_FORMAT_INDIRECT);
+
+ vscsi_send_iu(s, req, sizeof(*rsp), VIOSRP_SRP_FORMAT);
+}
+
+static void vscsi_inquiry_no_target(VSCSIState *s, vscsi_req *req)
+{
+ uint8_t *cdb = req->iu.srp.cmd.cdb;
+ uint8_t resp_data[36];
+ int rc, len, alen;
+
+ /* We dont do EVPD. Also check that page_code is 0 */
+ if ((cdb[1] & 0x01) || (cdb[1] & 0x01) || cdb[2] != 0) {
+ /* Send INVALID FIELD IN CDB */
+ vscsi_makeup_sense(s, req, ILLEGAL_REQUEST, 0x24, 0);
+ vscsi_send_rsp(s, req, CHECK_CONDITION, 0, 0);
+ return;
+ }
+ alen = cdb[3];
+ alen = (alen << 8) | cdb[4];
+ len = MIN(alen, 36);
+
+ /* Fake up inquiry using PQ=3 */
+ memset(resp_data, 0, 36);
+ resp_data[0] = 0x7f; /* Not capable of supporting a device here */
+ resp_data[2] = 0x06; /* SPS-4 */
+ resp_data[3] = 0x02; /* Resp data format */
+ resp_data[4] = 36 - 5; /* Additional length */
+ resp_data[7] = 0x10; /* Sync transfers */
+ memcpy(&resp_data[16], "QEMU EMPTY ", 16);
+ memcpy(&resp_data[8], "QEMU ", 8);
+
+ req->writing = 0;
+ vscsi_preprocess_desc(req);
+ rc = vscsi_srp_transfer_data(s, req, 0, resp_data, len);
+ if (rc < 0) {
+ vscsi_makeup_sense(s, req, HARDWARE_ERROR, 0, 0);
+ vscsi_send_rsp(s, req, CHECK_CONDITION, 0, 0);
+ } else {
+ vscsi_send_rsp(s, req, 0, 36 - rc, 0);
+ }
+}
+
+static int vscsi_queue_cmd(VSCSIState *s, vscsi_req *req)
+{
+ union srp_iu *srp = &req->iu.srp;
+ SCSIDevice *sdev;
+ int n, lun;
+
+ sdev = vscsi_device_find(&s->bus, be64_to_cpu(srp->cmd.lun), &lun);
+ if (!sdev) {
+ DPRINTF("VSCSI: Command for lun %08" PRIx64 " with no drive\n",
+ be64_to_cpu(srp->cmd.lun));
+ if (srp->cmd.cdb[0] == INQUIRY) {
+ vscsi_inquiry_no_target(s, req);
+ } else {
+ vscsi_makeup_sense(s, req, ILLEGAL_REQUEST, 0x24, 0x00);
+ vscsi_send_rsp(s, req, CHECK_CONDITION, 0, 0);
+ } return 1;
+ }
+
+ req->sreq = scsi_req_new(sdev, req->qtag, lun, srp->cmd.cdb, req);
+ n = scsi_req_enqueue(req->sreq);
+
+ DPRINTF("VSCSI: Queued command tag 0x%x CMD 0x%x LUN %d ret: %d\n",
+ req->qtag, srp->cmd.cdb[0], lun, n);
+
+ if (n) {
+ /* Transfer direction must be set before preprocessing the
+ * descriptors
+ */
+ req->writing = (n < 1);
+
+ /* Preprocess RDMA descriptors */
+ vscsi_preprocess_desc(req);
+
+ /* Get transfer direction and initiate transfer */
+ if (n > 0) {
+ req->data_len = n;
+ } else if (n < 0) {
+ req->data_len = -n;
+ }
+ scsi_req_continue(req->sreq);
+ }
+ /* Don't touch req here, it may have been recycled already */
+
+ return 0;
+}
+
+static int vscsi_process_tsk_mgmt(VSCSIState *s, vscsi_req *req)
+{
+ union viosrp_iu *iu = &req->iu;
+ int fn;
+
+ fprintf(stderr, "vscsi_process_tsk_mgmt %02x\n",
+ iu->srp.tsk_mgmt.tsk_mgmt_func);
+
+ switch (iu->srp.tsk_mgmt.tsk_mgmt_func) {
+#if 0 /* We really don't deal with these for now */
+ case SRP_TSK_ABORT_TASK:
+ fn = ABORT_TASK;
+ break;
+ case SRP_TSK_ABORT_TASK_SET:
+ fn = ABORT_TASK_SET;
+ break;
+ case SRP_TSK_CLEAR_TASK_SET:
+ fn = CLEAR_TASK_SET;
+ break;
+ case SRP_TSK_LUN_RESET:
+ fn = LOGICAL_UNIT_RESET;
+ break;
+ case SRP_TSK_CLEAR_ACA:
+ fn = CLEAR_ACA;
+ break;
+#endif
+ default:
+ fn = 0;
+ }
+ if (fn) {
+ /* XXX Send/Handle target task management */
+ ;
+ } else {
+ vscsi_makeup_sense(s, req, ILLEGAL_REQUEST, 0x20, 0);
+ vscsi_send_rsp(s, req, CHECK_CONDITION, 0, 0);
+ }
+ return !fn;
+}
+
+static int vscsi_handle_srp_req(VSCSIState *s, vscsi_req *req)
+{
+ union srp_iu *srp = &req->iu.srp;
+ int done = 1;
+ uint8_t opcode = srp->rsp.opcode;
+
+ switch (opcode) {
+ case SRP_LOGIN_REQ:
+ vscsi_process_login(s, req);
+ break;
+ case SRP_TSK_MGMT:
+ done = vscsi_process_tsk_mgmt(s, req);
+ break;
+ case SRP_CMD:
+ done = vscsi_queue_cmd(s, req);
+ break;
+ case SRP_LOGIN_RSP:
+ case SRP_I_LOGOUT:
+ case SRP_T_LOGOUT:
+ case SRP_RSP:
+ case SRP_CRED_REQ:
+ case SRP_CRED_RSP:
+ case SRP_AER_REQ:
+ case SRP_AER_RSP:
+ fprintf(stderr, "VSCSI: Unsupported opcode %02x\n", opcode);
+ break;
+ default:
+ fprintf(stderr, "VSCSI: Unknown type %02x\n", opcode);
+ }
+
+ return done;
+}
+
+static int vscsi_send_adapter_info(VSCSIState *s, vscsi_req *req)
+{
+ struct viosrp_adapter_info *sinfo;
+ struct mad_adapter_info_data info;
+ int rc;
+
+ sinfo = &req->iu.mad.adapter_info;
+
+#if 0 /* What for ? */
+ rc = spapr_vio_dma_read(&s->vdev, be64_to_cpu(sinfo->buffer),
+ &info, be16_to_cpu(sinfo->common.length));
+ if (rc) {
+ fprintf(stderr, "vscsi_send_adapter_info: DMA read failure !\n");
+ }
+#endif
+ memset(&info, 0, sizeof(info));
+ strcpy(info.srp_version, SRP_VERSION);
+ memcpy(info.partition_name, "qemu", sizeof("qemu"));
+ info.partition_number = cpu_to_be32(0);
+ info.mad_version = cpu_to_be32(1);
+ info.os_type = cpu_to_be32(2);
+ info.port_max_txu[0] = cpu_to_be32(VSCSI_MAX_SECTORS << 9);
+
+ rc = spapr_vio_dma_write(&s->vdev, be64_to_cpu(sinfo->buffer),
+ &info, be16_to_cpu(sinfo->common.length));
+ if (rc) {
+ fprintf(stderr, "vscsi_send_adapter_info: DMA write failure !\n");
+ }
+
+ sinfo->common.status = rc ? cpu_to_be32(1) : 0;
+
+ return vscsi_send_iu(s, req, sizeof(*sinfo), VIOSRP_MAD_FORMAT);
+}
+
+static int vscsi_handle_mad_req(VSCSIState *s, vscsi_req *req)
+{
+ union mad_iu *mad = &req->iu.mad;
+
+ switch (be32_to_cpu(mad->empty_iu.common.type)) {
+ case VIOSRP_EMPTY_IU_TYPE:
+ fprintf(stderr, "Unsupported EMPTY MAD IU\n");
+ break;
+ case VIOSRP_ERROR_LOG_TYPE:
+ fprintf(stderr, "Unsupported ERROR LOG MAD IU\n");
+ mad->error_log.common.status = cpu_to_be16(1);
+ vscsi_send_iu(s, req, sizeof(mad->error_log), VIOSRP_MAD_FORMAT);
+ break;
+ case VIOSRP_ADAPTER_INFO_TYPE:
+ vscsi_send_adapter_info(s, req);
+ break;
+ case VIOSRP_HOST_CONFIG_TYPE:
+ mad->host_config.common.status = cpu_to_be16(1);
+ vscsi_send_iu(s, req, sizeof(mad->host_config), VIOSRP_MAD_FORMAT);
+ break;
+ default:
+ fprintf(stderr, "VSCSI: Unknown MAD type %02x\n",
+ be32_to_cpu(mad->empty_iu.common.type));
+ }
+
+ return 1;
+}
+
+static void vscsi_got_payload(VSCSIState *s, vscsi_crq *crq)
+{
+ vscsi_req *req;
+ int done;
+
+ req = vscsi_get_req(s);
+ if (req == NULL) {
+ fprintf(stderr, "VSCSI: Failed to get a request !\n");
+ return;
+ }
+
+ /* We only support a limited number of descriptors, we know
+ * the ibmvscsi driver uses up to 10 max, so it should fit
+ * in our 256 bytes IUs. If not we'll have to increase the size
+ * of the structure.
+ */
+ if (crq->s.IU_length > sizeof(union viosrp_iu)) {
+ fprintf(stderr, "VSCSI: SRP IU too long (%d bytes) !\n",
+ crq->s.IU_length);
+ vscsi_put_req(req);
+ return;
+ }
+
+ /* XXX Handle failure differently ? */
+ if (spapr_vio_dma_read(&s->vdev, crq->s.IU_data_ptr, &req->iu,
+ crq->s.IU_length)) {
+ fprintf(stderr, "vscsi_got_payload: DMA read failure !\n");
+ vscsi_put_req(req);
+ return;
+ }
+ memcpy(&req->crq, crq, sizeof(vscsi_crq));
+
+ if (crq->s.format == VIOSRP_MAD_FORMAT) {
+ done = vscsi_handle_mad_req(s, req);
+ } else {
+ done = vscsi_handle_srp_req(s, req);
+ }
+
+ if (done) {
+ vscsi_put_req(req);
+ }
+}
+
+
+static int vscsi_do_crq(struct VIOsPAPRDevice *dev, uint8_t *crq_data)
+{
+ VSCSIState *s = VIO_SPAPR_VSCSI_DEVICE(dev);
+ vscsi_crq crq;
+
+ memcpy(crq.raw, crq_data, 16);
+ crq.s.timeout = be16_to_cpu(crq.s.timeout);
+ crq.s.IU_length = be16_to_cpu(crq.s.IU_length);
+ crq.s.IU_data_ptr = be64_to_cpu(crq.s.IU_data_ptr);
+
+ DPRINTF("VSCSI: do_crq %02x %02x ...\n", crq.raw[0], crq.raw[1]);
+
+ switch (crq.s.valid) {
+ case 0xc0: /* Init command/response */
+
+ /* Respond to initialization request */
+ if (crq.s.format == 0x01) {
+ memset(crq.raw, 0, 16);
+ crq.s.valid = 0xc0;
+ crq.s.format = 0x02;
+ spapr_vio_send_crq(dev, crq.raw);
+ }
+
+ /* Note that in hotplug cases, we might get a 0x02
+ * as a result of us emitting the init request
+ */
+
+ break;
+ case 0xff: /* Link event */
+
+ /* Not handled for now */
+
+ break;
+ case 0x80: /* Payloads */
+ switch (crq.s.format) {
+ case VIOSRP_SRP_FORMAT: /* AKA VSCSI request */
+ case VIOSRP_MAD_FORMAT: /* AKA VSCSI response */
+ vscsi_got_payload(s, &crq);
+ break;
+ case VIOSRP_OS400_FORMAT:
+ case VIOSRP_AIX_FORMAT:
+ case VIOSRP_LINUX_FORMAT:
+ case VIOSRP_INLINE_FORMAT:
+ fprintf(stderr, "vscsi_do_srq: Unsupported payload format %02x\n",
+ crq.s.format);
+ break;
+ default:
+ fprintf(stderr, "vscsi_do_srq: Unknown payload format %02x\n",
+ crq.s.format);
+ }
+ break;
+ default:
+ fprintf(stderr, "vscsi_do_crq: unknown CRQ %02x %02x ...\n",
+ crq.raw[0], crq.raw[1]);
+ };
+
+ return 0;
+}
+
+static const struct SCSIBusInfo vscsi_scsi_info = {
+ .tcq = true,
+ .max_channel = 7, /* logical unit addressing format */
+ .max_target = 63,
+ .max_lun = 31,
+
+ .transfer_data = vscsi_transfer_data,
+ .complete = vscsi_command_complete,
+ .cancel = vscsi_request_cancelled,
+ .save_request = vscsi_save_request,
+ .load_request = vscsi_load_request,
+};
+
+static void spapr_vscsi_reset(VIOsPAPRDevice *dev)
+{
+ VSCSIState *s = VIO_SPAPR_VSCSI_DEVICE(dev);
+ int i;
+
+ memset(s->reqs, 0, sizeof(s->reqs));
+ for (i = 0; i < VSCSI_REQ_LIMIT; i++) {
+ s->reqs[i].qtag = i;
+ }
+}
+
+static int spapr_vscsi_init(VIOsPAPRDevice *dev)
+{
+ VSCSIState *s = VIO_SPAPR_VSCSI_DEVICE(dev);
+ Error *err = NULL;
+
+ dev->crq.SendFunc = vscsi_do_crq;
+
+ scsi_bus_new(&s->bus, &dev->qdev, &vscsi_scsi_info, NULL);
+ if (!dev->qdev.hotplugged) {
+ scsi_bus_legacy_handle_cmdline(&s->bus, &err);
+ if (err != NULL) {
+ error_free(err);
+ return -1;
+ }
+ }
+
+ return 0;
+}
+
+void spapr_vscsi_create(VIOsPAPRBus *bus)
+{
+ DeviceState *dev;
+
+ dev = qdev_create(&bus->bus, "spapr-vscsi");
+
+ qdev_init_nofail(dev);
+}
+
+static int spapr_vscsi_devnode(VIOsPAPRDevice *dev, void *fdt, int node_off)
+{
+ int ret;
+
+ ret = fdt_setprop_cell(fdt, node_off, "#address-cells", 2);
+ if (ret < 0) {
+ return ret;
+ }
+
+ ret = fdt_setprop_cell(fdt, node_off, "#size-cells", 0);
+ if (ret < 0) {
+ return ret;
+ }
+
+ return 0;
+}
+
+static Property spapr_vscsi_properties[] = {
+ DEFINE_SPAPR_PROPERTIES(VSCSIState, vdev),
+ DEFINE_PROP_END_OF_LIST(),
+};
+
+static const VMStateDescription vmstate_spapr_vscsi = {
+ .name = "spapr_vscsi",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .minimum_version_id_old = 1,
+ .fields = (VMStateField []) {
+ VMSTATE_SPAPR_VIO(vdev, VSCSIState),
+ /* VSCSI state */
+ /* ???? */
+
+ VMSTATE_END_OF_LIST()
+ },
+};
+
+static void spapr_vscsi_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ VIOsPAPRDeviceClass *k = VIO_SPAPR_DEVICE_CLASS(klass);
+
+ k->init = spapr_vscsi_init;
+ k->reset = spapr_vscsi_reset;
+ k->devnode = spapr_vscsi_devnode;
+ k->dt_name = "v-scsi";
+ k->dt_type = "vscsi";
+ k->dt_compatible = "IBM,v-scsi";
+ k->signal_mask = 0x00000001;
+ dc->props = spapr_vscsi_properties;
+ k->rtce_window_size = 0x10000000;
+ dc->vmsd = &vmstate_spapr_vscsi;
+}
+
+static const TypeInfo spapr_vscsi_info = {
+ .name = TYPE_VIO_SPAPR_VSCSI_DEVICE,
+ .parent = TYPE_VIO_SPAPR_DEVICE,
+ .instance_size = sizeof(VSCSIState),
+ .class_init = spapr_vscsi_class_init,
+};
+
+static void spapr_vscsi_register_types(void)
+{
+ type_register_static(&spapr_vscsi_info);
+}
+
+type_init(spapr_vscsi_register_types)
diff --git a/hw/srp.h b/hw/scsi/srp.h
index 5e0cad5c1..5e0cad5c1 100644
--- a/hw/srp.h
+++ b/hw/scsi/srp.h
diff --git a/hw/scsi/vhost-scsi.c b/hw/scsi/vhost-scsi.c
new file mode 100644
index 000000000..9e770fba9
--- /dev/null
+++ b/hw/scsi/vhost-scsi.c
@@ -0,0 +1,289 @@
+/*
+ * vhost_scsi host device
+ *
+ * Copyright IBM, Corp. 2011
+ *
+ * Authors:
+ * Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
+ *
+ * Changes for QEMU mainline + tcm_vhost kernel upstream:
+ * Nicholas Bellinger <nab@risingtidesystems.com>
+ *
+ * This work is licensed under the terms of the GNU LGPL, version 2 or later.
+ * See the COPYING.LIB file in the top-level directory.
+ *
+ */
+
+#include <sys/ioctl.h>
+#include "config.h"
+#include "qemu/queue.h"
+#include "monitor/monitor.h"
+#include "migration/migration.h"
+#include "hw/virtio/vhost-scsi.h"
+#include "hw/virtio/vhost.h"
+#include "hw/virtio/virtio-scsi.h"
+#include "hw/virtio/virtio-bus.h"
+
+static int vhost_scsi_set_endpoint(VHostSCSI *s)
+{
+ VirtIOSCSICommon *vs = VIRTIO_SCSI_COMMON(s);
+ struct vhost_scsi_target backend;
+ int ret;
+
+ memset(&backend, 0, sizeof(backend));
+ pstrcpy(backend.vhost_wwpn, sizeof(backend.vhost_wwpn), vs->conf.wwpn);
+ ret = ioctl(s->dev.control, VHOST_SCSI_SET_ENDPOINT, &backend);
+ if (ret < 0) {
+ return -errno;
+ }
+ return 0;
+}
+
+static void vhost_scsi_clear_endpoint(VHostSCSI *s)
+{
+ VirtIOSCSICommon *vs = VIRTIO_SCSI_COMMON(s);
+ struct vhost_scsi_target backend;
+
+ memset(&backend, 0, sizeof(backend));
+ pstrcpy(backend.vhost_wwpn, sizeof(backend.vhost_wwpn), vs->conf.wwpn);
+ ioctl(s->dev.control, VHOST_SCSI_CLEAR_ENDPOINT, &backend);
+}
+
+static int vhost_scsi_start(VHostSCSI *s)
+{
+ int ret, abi_version, i;
+ VirtIODevice *vdev = VIRTIO_DEVICE(s);
+ BusState *qbus = BUS(qdev_get_parent_bus(DEVICE(vdev)));
+ VirtioBusClass *k = VIRTIO_BUS_GET_CLASS(qbus);
+
+ if (!k->set_guest_notifiers) {
+ error_report("binding does not support guest notifiers");
+ return -ENOSYS;
+ }
+
+ ret = ioctl(s->dev.control, VHOST_SCSI_GET_ABI_VERSION, &abi_version);
+ if (ret < 0) {
+ return -errno;
+ }
+ if (abi_version > VHOST_SCSI_ABI_VERSION) {
+ error_report("vhost-scsi: The running tcm_vhost kernel abi_version:"
+ " %d is greater than vhost_scsi userspace supports: %d, please"
+ " upgrade your version of QEMU\n", abi_version,
+ VHOST_SCSI_ABI_VERSION);
+ return -ENOSYS;
+ }
+
+ ret = vhost_dev_enable_notifiers(&s->dev, vdev);
+ if (ret < 0) {
+ return ret;
+ }
+
+ s->dev.acked_features = vdev->guest_features;
+ ret = vhost_dev_start(&s->dev, vdev);
+ if (ret < 0) {
+ error_report("Error start vhost dev");
+ goto err_notifiers;
+ }
+
+ ret = vhost_scsi_set_endpoint(s);
+ if (ret < 0) {
+ error_report("Error set vhost-scsi endpoint");
+ goto err_vhost_stop;
+ }
+
+ ret = k->set_guest_notifiers(qbus->parent, s->dev.nvqs, true);
+ if (ret < 0) {
+ error_report("Error binding guest notifier");
+ goto err_endpoint;
+ }
+
+ /* guest_notifier_mask/pending not used yet, so just unmask
+ * everything here. virtio-pci will do the right thing by
+ * enabling/disabling irqfd.
+ */
+ for (i = 0; i < s->dev.nvqs; i++) {
+ vhost_virtqueue_mask(&s->dev, vdev, i, false);
+ }
+
+ return ret;
+
+err_endpoint:
+ vhost_scsi_clear_endpoint(s);
+err_vhost_stop:
+ vhost_dev_stop(&s->dev, vdev);
+err_notifiers:
+ vhost_dev_disable_notifiers(&s->dev, vdev);
+ return ret;
+}
+
+static void vhost_scsi_stop(VHostSCSI *s)
+{
+ VirtIODevice *vdev = VIRTIO_DEVICE(s);
+ BusState *qbus = BUS(qdev_get_parent_bus(DEVICE(vdev)));
+ VirtioBusClass *k = VIRTIO_BUS_GET_CLASS(qbus);
+ int ret = 0;
+
+ if (k->set_guest_notifiers) {
+ ret = k->set_guest_notifiers(qbus->parent, s->dev.nvqs, false);
+ if (ret < 0) {
+ error_report("vhost guest notifier cleanup failed: %d\n", ret);
+ }
+ }
+ assert(ret >= 0);
+
+ vhost_scsi_clear_endpoint(s);
+ vhost_dev_stop(&s->dev, vdev);
+ vhost_dev_disable_notifiers(&s->dev, vdev);
+}
+
+static uint32_t vhost_scsi_get_features(VirtIODevice *vdev,
+ uint32_t features)
+{
+ VHostSCSI *s = VHOST_SCSI(vdev);
+
+ /* Clear features not supported by host kernel. */
+ if (!(s->dev.features & (1 << VIRTIO_F_NOTIFY_ON_EMPTY))) {
+ features &= ~(1 << VIRTIO_F_NOTIFY_ON_EMPTY);
+ }
+ if (!(s->dev.features & (1 << VIRTIO_RING_F_INDIRECT_DESC))) {
+ features &= ~(1 << VIRTIO_RING_F_INDIRECT_DESC);
+ }
+ if (!(s->dev.features & (1 << VIRTIO_RING_F_EVENT_IDX))) {
+ features &= ~(1 << VIRTIO_RING_F_EVENT_IDX);
+ }
+ if (!(s->dev.features & (1 << VIRTIO_SCSI_F_HOTPLUG))) {
+ features &= ~(1 << VIRTIO_SCSI_F_HOTPLUG);
+ }
+
+ return features;
+}
+
+static void vhost_scsi_set_config(VirtIODevice *vdev,
+ const uint8_t *config)
+{
+ VirtIOSCSIConfig *scsiconf = (VirtIOSCSIConfig *)config;
+ VirtIOSCSICommon *vs = VIRTIO_SCSI_COMMON(vdev);
+
+ if ((uint32_t) ldl_raw(&scsiconf->sense_size) != vs->sense_size ||
+ (uint32_t) ldl_raw(&scsiconf->cdb_size) != vs->cdb_size) {
+ error_report("vhost-scsi does not support changing the sense data and CDB sizes");
+ exit(1);
+ }
+}
+
+static void vhost_scsi_set_status(VirtIODevice *vdev, uint8_t val)
+{
+ VHostSCSI *s = (VHostSCSI *)vdev;
+ bool start = (val & VIRTIO_CONFIG_S_DRIVER_OK);
+
+ if (s->dev.started == start) {
+ return;
+ }
+
+ if (start) {
+ int ret;
+
+ ret = vhost_scsi_start(s);
+ if (ret < 0) {
+ error_report("virtio-scsi: unable to start vhost: %s\n",
+ strerror(-ret));
+
+ /* There is no userspace virtio-scsi fallback so exit */
+ exit(1);
+ }
+ } else {
+ vhost_scsi_stop(s);
+ }
+}
+
+static int vhost_scsi_init(VirtIODevice *vdev)
+{
+ VirtIOSCSICommon *vs = VIRTIO_SCSI_COMMON(vdev);
+ VHostSCSI *s = VHOST_SCSI(vdev);
+ int vhostfd = -1;
+ int ret;
+
+ if (!vs->conf.wwpn) {
+ error_report("vhost-scsi: missing wwpn\n");
+ return -EINVAL;
+ }
+
+ if (vs->conf.vhostfd) {
+ vhostfd = monitor_handle_fd_param(cur_mon, vs->conf.vhostfd);
+ if (vhostfd == -1) {
+ error_report("vhost-scsi: unable to parse vhostfd\n");
+ return -EINVAL;
+ }
+ }
+
+ ret = virtio_scsi_common_init(vs);
+ if (ret < 0) {
+ return ret;
+ }
+
+ s->dev.nvqs = VHOST_SCSI_VQ_NUM_FIXED + vs->conf.num_queues;
+ s->dev.vqs = g_new(struct vhost_virtqueue, s->dev.nvqs);
+ s->dev.vq_index = 0;
+
+ ret = vhost_dev_init(&s->dev, vhostfd, "/dev/vhost-scsi", true);
+ if (ret < 0) {
+ error_report("vhost-scsi: vhost initialization failed: %s\n",
+ strerror(-ret));
+ return ret;
+ }
+ s->dev.backend_features = 0;
+
+ error_setg(&s->migration_blocker,
+ "vhost-scsi does not support migration");
+ migrate_add_blocker(s->migration_blocker);
+
+ return 0;
+}
+
+static int vhost_scsi_exit(DeviceState *qdev)
+{
+ VirtIODevice *vdev = VIRTIO_DEVICE(qdev);
+ VHostSCSI *s = VHOST_SCSI(qdev);
+ VirtIOSCSICommon *vs = VIRTIO_SCSI_COMMON(qdev);
+
+ migrate_del_blocker(s->migration_blocker);
+ error_free(s->migration_blocker);
+
+ /* This will stop vhost backend. */
+ vhost_scsi_set_status(vdev, 0);
+
+ g_free(s->dev.vqs);
+ return virtio_scsi_common_exit(vs);
+}
+
+static Property vhost_scsi_properties[] = {
+ DEFINE_VHOST_SCSI_PROPERTIES(VHostSCSI, parent_obj.conf),
+ DEFINE_PROP_END_OF_LIST(),
+};
+
+static void vhost_scsi_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ VirtioDeviceClass *vdc = VIRTIO_DEVICE_CLASS(klass);
+ dc->exit = vhost_scsi_exit;
+ dc->props = vhost_scsi_properties;
+ set_bit(DEVICE_CATEGORY_STORAGE, dc->categories);
+ vdc->init = vhost_scsi_init;
+ vdc->get_features = vhost_scsi_get_features;
+ vdc->set_config = vhost_scsi_set_config;
+ vdc->set_status = vhost_scsi_set_status;
+}
+
+static const TypeInfo vhost_scsi_info = {
+ .name = TYPE_VHOST_SCSI,
+ .parent = TYPE_VIRTIO_SCSI_COMMON,
+ .instance_size = sizeof(VHostSCSI),
+ .class_init = vhost_scsi_class_init,
+};
+
+static void virtio_register_types(void)
+{
+ type_register_static(&vhost_scsi_info);
+}
+
+type_init(virtio_register_types)
diff --git a/hw/ppc-viosrp.h b/hw/scsi/viosrp.h
index d8e365db1..d8e365db1 100644
--- a/hw/ppc-viosrp.h
+++ b/hw/scsi/viosrp.h
diff --git a/hw/scsi/virtio-scsi.c b/hw/scsi/virtio-scsi.c
new file mode 100644
index 000000000..05da56bd2
--- /dev/null
+++ b/hw/scsi/virtio-scsi.c
@@ -0,0 +1,711 @@
+/*
+ * Virtio SCSI HBA
+ *
+ * Copyright IBM, Corp. 2010
+ * Copyright Red Hat, Inc. 2011
+ *
+ * Authors:
+ * Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
+ * Paolo Bonzini <pbonzini@redhat.com>
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or later.
+ * See the COPYING file in the top-level directory.
+ *
+ */
+
+#include "hw/virtio/virtio-scsi.h"
+#include "qemu/error-report.h"
+#include <hw/scsi/scsi.h>
+#include <block/scsi.h>
+#include <hw/virtio/virtio-bus.h>
+
+typedef struct VirtIOSCSIReq {
+ VirtIOSCSI *dev;
+ VirtQueue *vq;
+ VirtQueueElement elem;
+ QEMUSGList qsgl;
+ SCSIRequest *sreq;
+ union {
+ char *buf;
+ VirtIOSCSICmdReq *cmd;
+ VirtIOSCSICtrlTMFReq *tmf;
+ VirtIOSCSICtrlANReq *an;
+ } req;
+ union {
+ char *buf;
+ VirtIOSCSICmdResp *cmd;
+ VirtIOSCSICtrlTMFResp *tmf;
+ VirtIOSCSICtrlANResp *an;
+ VirtIOSCSIEvent *event;
+ } resp;
+} VirtIOSCSIReq;
+
+static inline int virtio_scsi_get_lun(uint8_t *lun)
+{
+ return ((lun[2] << 8) | lun[3]) & 0x3FFF;
+}
+
+static inline SCSIDevice *virtio_scsi_device_find(VirtIOSCSI *s, uint8_t *lun)
+{
+ if (lun[0] != 1) {
+ return NULL;
+ }
+ if (lun[2] != 0 && !(lun[2] >= 0x40 && lun[2] < 0x80)) {
+ return NULL;
+ }
+ return scsi_device_find(&s->bus, 0, lun[1], virtio_scsi_get_lun(lun));
+}
+
+static void virtio_scsi_complete_req(VirtIOSCSIReq *req)
+{
+ VirtIOSCSI *s = req->dev;
+ VirtQueue *vq = req->vq;
+ VirtIODevice *vdev = VIRTIO_DEVICE(s);
+ virtqueue_push(vq, &req->elem, req->qsgl.size + req->elem.in_sg[0].iov_len);
+ qemu_sglist_destroy(&req->qsgl);
+ if (req->sreq) {
+ req->sreq->hba_private = NULL;
+ scsi_req_unref(req->sreq);
+ }
+ g_free(req);
+ virtio_notify(vdev, vq);
+}
+
+static void virtio_scsi_bad_req(void)
+{
+ error_report("wrong size for virtio-scsi headers");
+ exit(1);
+}
+
+static void qemu_sgl_init_external(VirtIOSCSIReq *req, struct iovec *sg,
+ hwaddr *addr, int num)
+{
+ QEMUSGList *qsgl = &req->qsgl;
+
+ qemu_sglist_init(qsgl, DEVICE(req->dev), num, &address_space_memory);
+ while (num--) {
+ qemu_sglist_add(qsgl, *(addr++), (sg++)->iov_len);
+ }
+}
+
+static void virtio_scsi_parse_req(VirtIOSCSI *s, VirtQueue *vq,
+ VirtIOSCSIReq *req)
+{
+ assert(req->elem.in_num);
+ req->vq = vq;
+ req->dev = s;
+ req->sreq = NULL;
+ if (req->elem.out_num) {
+ req->req.buf = req->elem.out_sg[0].iov_base;
+ }
+ req->resp.buf = req->elem.in_sg[0].iov_base;
+
+ if (req->elem.out_num > 1) {
+ qemu_sgl_init_external(req, &req->elem.out_sg[1],
+ &req->elem.out_addr[1],
+ req->elem.out_num - 1);
+ } else {
+ qemu_sgl_init_external(req, &req->elem.in_sg[1],
+ &req->elem.in_addr[1],
+ req->elem.in_num - 1);
+ }
+}
+
+static VirtIOSCSIReq *virtio_scsi_pop_req(VirtIOSCSI *s, VirtQueue *vq)
+{
+ VirtIOSCSIReq *req;
+ req = g_malloc(sizeof(*req));
+ if (!virtqueue_pop(vq, &req->elem)) {
+ g_free(req);
+ return NULL;
+ }
+
+ virtio_scsi_parse_req(s, vq, req);
+ return req;
+}
+
+static void virtio_scsi_save_request(QEMUFile *f, SCSIRequest *sreq)
+{
+ VirtIOSCSIReq *req = sreq->hba_private;
+ VirtIOSCSICommon *vs = VIRTIO_SCSI_COMMON(req->dev);
+ uint32_t n = virtio_queue_get_id(req->vq) - 2;
+
+ assert(n < vs->conf.num_queues);
+ qemu_put_be32s(f, &n);
+ qemu_put_buffer(f, (unsigned char *)&req->elem, sizeof(req->elem));
+}
+
+static void *virtio_scsi_load_request(QEMUFile *f, SCSIRequest *sreq)
+{
+ SCSIBus *bus = sreq->bus;
+ VirtIOSCSI *s = container_of(bus, VirtIOSCSI, bus);
+ VirtIOSCSICommon *vs = VIRTIO_SCSI_COMMON(s);
+ VirtIOSCSIReq *req;
+ uint32_t n;
+
+ req = g_malloc(sizeof(*req));
+ qemu_get_be32s(f, &n);
+ assert(n < vs->conf.num_queues);
+ qemu_get_buffer(f, (unsigned char *)&req->elem, sizeof(req->elem));
+ virtio_scsi_parse_req(s, vs->cmd_vqs[n], req);
+
+ scsi_req_ref(sreq);
+ req->sreq = sreq;
+ if (req->sreq->cmd.mode != SCSI_XFER_NONE) {
+ int req_mode =
+ (req->elem.in_num > 1 ? SCSI_XFER_FROM_DEV : SCSI_XFER_TO_DEV);
+
+ assert(req->sreq->cmd.mode == req_mode);
+ }
+ return req;
+}
+
+static void virtio_scsi_do_tmf(VirtIOSCSI *s, VirtIOSCSIReq *req)
+{
+ SCSIDevice *d = virtio_scsi_device_find(s, req->req.tmf->lun);
+ SCSIRequest *r, *next;
+ BusChild *kid;
+ int target;
+
+ /* Here VIRTIO_SCSI_S_OK means "FUNCTION COMPLETE". */
+ req->resp.tmf->response = VIRTIO_SCSI_S_OK;
+
+ switch (req->req.tmf->subtype) {
+ case VIRTIO_SCSI_T_TMF_ABORT_TASK:
+ case VIRTIO_SCSI_T_TMF_QUERY_TASK:
+ if (!d) {
+ goto fail;
+ }
+ if (d->lun != virtio_scsi_get_lun(req->req.tmf->lun)) {
+ goto incorrect_lun;
+ }
+ QTAILQ_FOREACH_SAFE(r, &d->requests, next, next) {
+ VirtIOSCSIReq *cmd_req = r->hba_private;
+ if (cmd_req && cmd_req->req.cmd->tag == req->req.tmf->tag) {
+ break;
+ }
+ }
+ if (r) {
+ /*
+ * Assert that the request has not been completed yet, we
+ * check for it in the loop above.
+ */
+ assert(r->hba_private);
+ if (req->req.tmf->subtype == VIRTIO_SCSI_T_TMF_QUERY_TASK) {
+ /* "If the specified command is present in the task set, then
+ * return a service response set to FUNCTION SUCCEEDED".
+ */
+ req->resp.tmf->response = VIRTIO_SCSI_S_FUNCTION_SUCCEEDED;
+ } else {
+ scsi_req_cancel(r);
+ }
+ }
+ break;
+
+ case VIRTIO_SCSI_T_TMF_LOGICAL_UNIT_RESET:
+ if (!d) {
+ goto fail;
+ }
+ if (d->lun != virtio_scsi_get_lun(req->req.tmf->lun)) {
+ goto incorrect_lun;
+ }
+ s->resetting++;
+ qdev_reset_all(&d->qdev);
+ s->resetting--;
+ break;
+
+ case VIRTIO_SCSI_T_TMF_ABORT_TASK_SET:
+ case VIRTIO_SCSI_T_TMF_CLEAR_TASK_SET:
+ case VIRTIO_SCSI_T_TMF_QUERY_TASK_SET:
+ if (!d) {
+ goto fail;
+ }
+ if (d->lun != virtio_scsi_get_lun(req->req.tmf->lun)) {
+ goto incorrect_lun;
+ }
+ QTAILQ_FOREACH_SAFE(r, &d->requests, next, next) {
+ if (r->hba_private) {
+ if (req->req.tmf->subtype == VIRTIO_SCSI_T_TMF_QUERY_TASK_SET) {
+ /* "If there is any command present in the task set, then
+ * return a service response set to FUNCTION SUCCEEDED".
+ */
+ req->resp.tmf->response = VIRTIO_SCSI_S_FUNCTION_SUCCEEDED;
+ break;
+ } else {
+ scsi_req_cancel(r);
+ }
+ }
+ }
+ break;
+
+ case VIRTIO_SCSI_T_TMF_I_T_NEXUS_RESET:
+ target = req->req.tmf->lun[1];
+ s->resetting++;
+ QTAILQ_FOREACH(kid, &s->bus.qbus.children, sibling) {
+ d = DO_UPCAST(SCSIDevice, qdev, kid->child);
+ if (d->channel == 0 && d->id == target) {
+ qdev_reset_all(&d->qdev);
+ }
+ }
+ s->resetting--;
+ break;
+
+ case VIRTIO_SCSI_T_TMF_CLEAR_ACA:
+ default:
+ req->resp.tmf->response = VIRTIO_SCSI_S_FUNCTION_REJECTED;
+ break;
+ }
+
+ return;
+
+incorrect_lun:
+ req->resp.tmf->response = VIRTIO_SCSI_S_INCORRECT_LUN;
+ return;
+
+fail:
+ req->resp.tmf->response = VIRTIO_SCSI_S_BAD_TARGET;
+}
+
+static void virtio_scsi_handle_ctrl(VirtIODevice *vdev, VirtQueue *vq)
+{
+ VirtIOSCSI *s = (VirtIOSCSI *)vdev;
+ VirtIOSCSIReq *req;
+
+ while ((req = virtio_scsi_pop_req(s, vq))) {
+ int out_size, in_size;
+ if (req->elem.out_num < 1 || req->elem.in_num < 1) {
+ virtio_scsi_bad_req();
+ continue;
+ }
+
+ out_size = req->elem.out_sg[0].iov_len;
+ in_size = req->elem.in_sg[0].iov_len;
+ if (req->req.tmf->type == VIRTIO_SCSI_T_TMF) {
+ if (out_size < sizeof(VirtIOSCSICtrlTMFReq) ||
+ in_size < sizeof(VirtIOSCSICtrlTMFResp)) {
+ virtio_scsi_bad_req();
+ }
+ virtio_scsi_do_tmf(s, req);
+
+ } else if (req->req.tmf->type == VIRTIO_SCSI_T_AN_QUERY ||
+ req->req.tmf->type == VIRTIO_SCSI_T_AN_SUBSCRIBE) {
+ if (out_size < sizeof(VirtIOSCSICtrlANReq) ||
+ in_size < sizeof(VirtIOSCSICtrlANResp)) {
+ virtio_scsi_bad_req();
+ }
+ req->resp.an->event_actual = 0;
+ req->resp.an->response = VIRTIO_SCSI_S_OK;
+ }
+ virtio_scsi_complete_req(req);
+ }
+}
+
+static void virtio_scsi_command_complete(SCSIRequest *r, uint32_t status,
+ size_t resid)
+{
+ VirtIOSCSIReq *req = r->hba_private;
+ uint32_t sense_len;
+
+ req->resp.cmd->response = VIRTIO_SCSI_S_OK;
+ req->resp.cmd->status = status;
+ if (req->resp.cmd->status == GOOD) {
+ req->resp.cmd->resid = tswap32(resid);
+ } else {
+ req->resp.cmd->resid = 0;
+ sense_len = scsi_req_get_sense(r, req->resp.cmd->sense,
+ VIRTIO_SCSI_SENSE_SIZE);
+ req->resp.cmd->sense_len = tswap32(sense_len);
+ }
+ virtio_scsi_complete_req(req);
+}
+
+static QEMUSGList *virtio_scsi_get_sg_list(SCSIRequest *r)
+{
+ VirtIOSCSIReq *req = r->hba_private;
+
+ return &req->qsgl;
+}
+
+static void virtio_scsi_request_cancelled(SCSIRequest *r)
+{
+ VirtIOSCSIReq *req = r->hba_private;
+
+ if (!req) {
+ return;
+ }
+ if (req->dev->resetting) {
+ req->resp.cmd->response = VIRTIO_SCSI_S_RESET;
+ } else {
+ req->resp.cmd->response = VIRTIO_SCSI_S_ABORTED;
+ }
+ virtio_scsi_complete_req(req);
+}
+
+static void virtio_scsi_fail_cmd_req(VirtIOSCSIReq *req)
+{
+ req->resp.cmd->response = VIRTIO_SCSI_S_FAILURE;
+ virtio_scsi_complete_req(req);
+}
+
+static void virtio_scsi_handle_cmd(VirtIODevice *vdev, VirtQueue *vq)
+{
+ /* use non-QOM casts in the data path */
+ VirtIOSCSI *s = (VirtIOSCSI *)vdev;
+ VirtIOSCSICommon *vs = &s->parent_obj;
+
+ VirtIOSCSIReq *req;
+ int n;
+
+ while ((req = virtio_scsi_pop_req(s, vq))) {
+ SCSIDevice *d;
+ int out_size, in_size;
+ if (req->elem.out_num < 1 || req->elem.in_num < 1) {
+ virtio_scsi_bad_req();
+ }
+
+ out_size = req->elem.out_sg[0].iov_len;
+ in_size = req->elem.in_sg[0].iov_len;
+ if (out_size < sizeof(VirtIOSCSICmdReq) + vs->cdb_size ||
+ in_size < sizeof(VirtIOSCSICmdResp) + vs->sense_size) {
+ virtio_scsi_bad_req();
+ }
+
+ if (req->elem.out_num > 1 && req->elem.in_num > 1) {
+ virtio_scsi_fail_cmd_req(req);
+ continue;
+ }
+
+ d = virtio_scsi_device_find(s, req->req.cmd->lun);
+ if (!d) {
+ req->resp.cmd->response = VIRTIO_SCSI_S_BAD_TARGET;
+ virtio_scsi_complete_req(req);
+ continue;
+ }
+ req->sreq = scsi_req_new(d, req->req.cmd->tag,
+ virtio_scsi_get_lun(req->req.cmd->lun),
+ req->req.cmd->cdb, req);
+
+ if (req->sreq->cmd.mode != SCSI_XFER_NONE) {
+ int req_mode =
+ (req->elem.in_num > 1 ? SCSI_XFER_FROM_DEV : SCSI_XFER_TO_DEV);
+
+ if (req->sreq->cmd.mode != req_mode ||
+ req->sreq->cmd.xfer > req->qsgl.size) {
+ req->resp.cmd->response = VIRTIO_SCSI_S_OVERRUN;
+ virtio_scsi_complete_req(req);
+ continue;
+ }
+ }
+
+ n = scsi_req_enqueue(req->sreq);
+ if (n) {
+ scsi_req_continue(req->sreq);
+ }
+ }
+}
+
+static void virtio_scsi_get_config(VirtIODevice *vdev,
+ uint8_t *config)
+{
+ VirtIOSCSIConfig *scsiconf = (VirtIOSCSIConfig *)config;
+ VirtIOSCSICommon *s = VIRTIO_SCSI_COMMON(vdev);
+
+ stl_raw(&scsiconf->num_queues, s->conf.num_queues);
+ stl_raw(&scsiconf->seg_max, 128 - 2);
+ stl_raw(&scsiconf->max_sectors, s->conf.max_sectors);
+ stl_raw(&scsiconf->cmd_per_lun, s->conf.cmd_per_lun);
+ stl_raw(&scsiconf->event_info_size, sizeof(VirtIOSCSIEvent));
+ stl_raw(&scsiconf->sense_size, s->sense_size);
+ stl_raw(&scsiconf->cdb_size, s->cdb_size);
+ stw_raw(&scsiconf->max_channel, VIRTIO_SCSI_MAX_CHANNEL);
+ stw_raw(&scsiconf->max_target, VIRTIO_SCSI_MAX_TARGET);
+ stl_raw(&scsiconf->max_lun, VIRTIO_SCSI_MAX_LUN);
+}
+
+static void virtio_scsi_set_config(VirtIODevice *vdev,
+ const uint8_t *config)
+{
+ VirtIOSCSIConfig *scsiconf = (VirtIOSCSIConfig *)config;
+ VirtIOSCSICommon *vs = VIRTIO_SCSI_COMMON(vdev);
+
+ if ((uint32_t) ldl_raw(&scsiconf->sense_size) >= 65536 ||
+ (uint32_t) ldl_raw(&scsiconf->cdb_size) >= 256) {
+ error_report("bad data written to virtio-scsi configuration space");
+ exit(1);
+ }
+
+ vs->sense_size = ldl_raw(&scsiconf->sense_size);
+ vs->cdb_size = ldl_raw(&scsiconf->cdb_size);
+}
+
+static uint32_t virtio_scsi_get_features(VirtIODevice *vdev,
+ uint32_t requested_features)
+{
+ return requested_features;
+}
+
+static void virtio_scsi_reset(VirtIODevice *vdev)
+{
+ VirtIOSCSI *s = VIRTIO_SCSI(vdev);
+ VirtIOSCSICommon *vs = VIRTIO_SCSI_COMMON(vdev);
+
+ s->resetting++;
+ qbus_reset_all(&s->bus.qbus);
+ s->resetting--;
+
+ vs->sense_size = VIRTIO_SCSI_SENSE_SIZE;
+ vs->cdb_size = VIRTIO_SCSI_CDB_SIZE;
+ s->events_dropped = false;
+}
+
+/* The device does not have anything to save beyond the virtio data.
+ * Request data is saved with callbacks from SCSI devices.
+ */
+static void virtio_scsi_save(QEMUFile *f, void *opaque)
+{
+ VirtIODevice *vdev = VIRTIO_DEVICE(opaque);
+ virtio_save(vdev, f);
+}
+
+static int virtio_scsi_load(QEMUFile *f, void *opaque, int version_id)
+{
+ VirtIODevice *vdev = VIRTIO_DEVICE(opaque);
+ int ret;
+
+ ret = virtio_load(vdev, f);
+ if (ret) {
+ return ret;
+ }
+ return 0;
+}
+
+static void virtio_scsi_push_event(VirtIOSCSI *s, SCSIDevice *dev,
+ uint32_t event, uint32_t reason)
+{
+ VirtIOSCSICommon *vs = VIRTIO_SCSI_COMMON(s);
+ VirtIOSCSIReq *req = virtio_scsi_pop_req(s, vs->event_vq);
+ VirtIOSCSIEvent *evt;
+ VirtIODevice *vdev = VIRTIO_DEVICE(s);
+ int in_size;
+
+ if (!(vdev->status & VIRTIO_CONFIG_S_DRIVER_OK)) {
+ return;
+ }
+
+ if (!req) {
+ s->events_dropped = true;
+ return;
+ }
+
+ if (req->elem.out_num || req->elem.in_num != 1) {
+ virtio_scsi_bad_req();
+ }
+
+ if (s->events_dropped) {
+ event |= VIRTIO_SCSI_T_EVENTS_MISSED;
+ s->events_dropped = false;
+ }
+
+ in_size = req->elem.in_sg[0].iov_len;
+ if (in_size < sizeof(VirtIOSCSIEvent)) {
+ virtio_scsi_bad_req();
+ }
+
+ evt = req->resp.event;
+ memset(evt, 0, sizeof(VirtIOSCSIEvent));
+ evt->event = event;
+ evt->reason = reason;
+ if (!dev) {
+ assert(event == VIRTIO_SCSI_T_NO_EVENT);
+ } else {
+ evt->lun[0] = 1;
+ evt->lun[1] = dev->id;
+
+ /* Linux wants us to keep the same encoding we use for REPORT LUNS. */
+ if (dev->lun >= 256) {
+ evt->lun[2] = (dev->lun >> 8) | 0x40;
+ }
+ evt->lun[3] = dev->lun & 0xFF;
+ }
+ virtio_scsi_complete_req(req);
+}
+
+static void virtio_scsi_handle_event(VirtIODevice *vdev, VirtQueue *vq)
+{
+ VirtIOSCSI *s = VIRTIO_SCSI(vdev);
+
+ if (s->events_dropped) {
+ virtio_scsi_push_event(s, NULL, VIRTIO_SCSI_T_NO_EVENT, 0);
+ }
+}
+
+static void virtio_scsi_change(SCSIBus *bus, SCSIDevice *dev, SCSISense sense)
+{
+ VirtIOSCSI *s = container_of(bus, VirtIOSCSI, bus);
+ VirtIODevice *vdev = VIRTIO_DEVICE(s);
+
+ if (((vdev->guest_features >> VIRTIO_SCSI_F_CHANGE) & 1) &&
+ dev->type != TYPE_ROM) {
+ virtio_scsi_push_event(s, dev, VIRTIO_SCSI_T_PARAM_CHANGE,
+ sense.asc | (sense.ascq << 8));
+ }
+}
+
+static void virtio_scsi_hotplug(SCSIBus *bus, SCSIDevice *dev)
+{
+ VirtIOSCSI *s = container_of(bus, VirtIOSCSI, bus);
+ VirtIODevice *vdev = VIRTIO_DEVICE(s);
+
+ if ((vdev->guest_features >> VIRTIO_SCSI_F_HOTPLUG) & 1) {
+ virtio_scsi_push_event(s, dev, VIRTIO_SCSI_T_TRANSPORT_RESET,
+ VIRTIO_SCSI_EVT_RESET_RESCAN);
+ }
+}
+
+static void virtio_scsi_hot_unplug(SCSIBus *bus, SCSIDevice *dev)
+{
+ VirtIOSCSI *s = container_of(bus, VirtIOSCSI, bus);
+ VirtIODevice *vdev = VIRTIO_DEVICE(s);
+
+ if ((vdev->guest_features >> VIRTIO_SCSI_F_HOTPLUG) & 1) {
+ virtio_scsi_push_event(s, dev, VIRTIO_SCSI_T_TRANSPORT_RESET,
+ VIRTIO_SCSI_EVT_RESET_REMOVED);
+ }
+}
+
+static struct SCSIBusInfo virtio_scsi_scsi_info = {
+ .tcq = true,
+ .max_channel = VIRTIO_SCSI_MAX_CHANNEL,
+ .max_target = VIRTIO_SCSI_MAX_TARGET,
+ .max_lun = VIRTIO_SCSI_MAX_LUN,
+
+ .complete = virtio_scsi_command_complete,
+ .cancel = virtio_scsi_request_cancelled,
+ .change = virtio_scsi_change,
+ .hotplug = virtio_scsi_hotplug,
+ .hot_unplug = virtio_scsi_hot_unplug,
+ .get_sg_list = virtio_scsi_get_sg_list,
+ .save_request = virtio_scsi_save_request,
+ .load_request = virtio_scsi_load_request,
+};
+
+int virtio_scsi_common_init(VirtIOSCSICommon *s)
+{
+ VirtIODevice *vdev = VIRTIO_DEVICE(s);
+ int i;
+
+ virtio_init(VIRTIO_DEVICE(s), "virtio-scsi", VIRTIO_ID_SCSI,
+ sizeof(VirtIOSCSIConfig));
+
+ s->cmd_vqs = g_malloc0(s->conf.num_queues * sizeof(VirtQueue *));
+ s->sense_size = VIRTIO_SCSI_SENSE_SIZE;
+ s->cdb_size = VIRTIO_SCSI_CDB_SIZE;
+
+ s->ctrl_vq = virtio_add_queue(vdev, VIRTIO_SCSI_VQ_SIZE,
+ virtio_scsi_handle_ctrl);
+ s->event_vq = virtio_add_queue(vdev, VIRTIO_SCSI_VQ_SIZE,
+ virtio_scsi_handle_event);
+ for (i = 0; i < s->conf.num_queues; i++) {
+ s->cmd_vqs[i] = virtio_add_queue(vdev, VIRTIO_SCSI_VQ_SIZE,
+ virtio_scsi_handle_cmd);
+ }
+
+ return 0;
+}
+
+static int virtio_scsi_device_init(VirtIODevice *vdev)
+{
+ DeviceState *qdev = DEVICE(vdev);
+ VirtIOSCSICommon *vs = VIRTIO_SCSI_COMMON(vdev);
+ VirtIOSCSI *s = VIRTIO_SCSI(vdev);
+ static int virtio_scsi_id;
+ Error *err = NULL;
+ int ret;
+
+ ret = virtio_scsi_common_init(vs);
+ if (ret < 0) {
+ return ret;
+ }
+
+ scsi_bus_new(&s->bus, qdev, &virtio_scsi_scsi_info, vdev->bus_name);
+
+ if (!qdev->hotplugged) {
+ scsi_bus_legacy_handle_cmdline(&s->bus, &err);
+ if (err != NULL) {
+ error_free(err);
+ return -1;
+ }
+ }
+
+ register_savevm(qdev, "virtio-scsi", virtio_scsi_id++, 1,
+ virtio_scsi_save, virtio_scsi_load, s);
+
+ return 0;
+}
+
+int virtio_scsi_common_exit(VirtIOSCSICommon *vs)
+{
+ VirtIODevice *vdev = VIRTIO_DEVICE(vs);
+
+ g_free(vs->cmd_vqs);
+ virtio_cleanup(vdev);
+ return 0;
+}
+
+static int virtio_scsi_device_exit(DeviceState *qdev)
+{
+ VirtIOSCSI *s = VIRTIO_SCSI(qdev);
+ VirtIOSCSICommon *vs = VIRTIO_SCSI_COMMON(qdev);
+
+ unregister_savevm(qdev, "virtio-scsi", s);
+ return virtio_scsi_common_exit(vs);
+}
+
+static Property virtio_scsi_properties[] = {
+ DEFINE_VIRTIO_SCSI_PROPERTIES(VirtIOSCSI, parent_obj.conf),
+ DEFINE_PROP_END_OF_LIST(),
+};
+
+static void virtio_scsi_common_class_init(ObjectClass *klass, void *data)
+{
+ VirtioDeviceClass *vdc = VIRTIO_DEVICE_CLASS(klass);
+ DeviceClass *dc = DEVICE_CLASS(klass);
+
+ vdc->get_config = virtio_scsi_get_config;
+ set_bit(DEVICE_CATEGORY_STORAGE, dc->categories);
+}
+
+static void virtio_scsi_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ VirtioDeviceClass *vdc = VIRTIO_DEVICE_CLASS(klass);
+ dc->exit = virtio_scsi_device_exit;
+ dc->props = virtio_scsi_properties;
+ set_bit(DEVICE_CATEGORY_STORAGE, dc->categories);
+ vdc->init = virtio_scsi_device_init;
+ vdc->set_config = virtio_scsi_set_config;
+ vdc->get_features = virtio_scsi_get_features;
+ vdc->reset = virtio_scsi_reset;
+}
+
+static const TypeInfo virtio_scsi_common_info = {
+ .name = TYPE_VIRTIO_SCSI_COMMON,
+ .parent = TYPE_VIRTIO_DEVICE,
+ .instance_size = sizeof(VirtIOSCSICommon),
+ .class_init = virtio_scsi_common_class_init,
+};
+
+static const TypeInfo virtio_scsi_info = {
+ .name = TYPE_VIRTIO_SCSI,
+ .parent = TYPE_VIRTIO_SCSI_COMMON,
+ .instance_size = sizeof(VirtIOSCSI),
+ .class_init = virtio_scsi_class_init,
+};
+
+static void virtio_register_types(void)
+{
+ type_register_static(&virtio_scsi_common_info);
+ type_register_static(&virtio_scsi_info);
+}
+
+type_init(virtio_register_types)
diff --git a/hw/scsi/vmw_pvscsi.c b/hw/scsi/vmw_pvscsi.c
new file mode 100644
index 000000000..d42b35941
--- /dev/null
+++ b/hw/scsi/vmw_pvscsi.c
@@ -0,0 +1,1217 @@
+/*
+ * QEMU VMWARE PVSCSI paravirtual SCSI bus
+ *
+ * Copyright (c) 2012 Ravello Systems LTD (http://ravellosystems.com)
+ *
+ * Developed by Daynix Computing LTD (http://www.daynix.com)
+ *
+ * Based on implementation by Paolo Bonzini
+ * http://lists.gnu.org/archive/html/qemu-devel/2011-08/msg00729.html
+ *
+ * Authors:
+ * Paolo Bonzini <pbonzini@redhat.com>
+ * Dmitry Fleytman <dmitry@daynix.com>
+ * Yan Vugenfirer <yan@daynix.com>
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2.
+ * See the COPYING file in the top-level directory.
+ *
+ * NOTE about MSI-X:
+ * MSI-X support has been removed for the moment because it leads Windows OS
+ * to crash on startup. The crash happens because Windows driver requires
+ * MSI-X shared memory to be part of the same BAR used for rings state
+ * registers, etc. This is not supported by QEMU infrastructure so separate
+ * BAR created from MSI-X purposes. Windows driver fails to deal with 2 BARs.
+ *
+ */
+
+#include "hw/scsi/scsi.h"
+#include <block/scsi.h>
+#include "hw/pci/msi.h"
+#include "vmw_pvscsi.h"
+#include "trace.h"
+
+
+#define PVSCSI_MSI_OFFSET (0x50)
+#define PVSCSI_USE_64BIT (true)
+#define PVSCSI_PER_VECTOR_MASK (false)
+
+#define PVSCSI_MAX_DEVS (64)
+#define PVSCSI_MSIX_NUM_VECTORS (1)
+
+#define PVSCSI_MAX_CMD_DATA_WORDS \
+ (sizeof(PVSCSICmdDescSetupRings)/sizeof(uint32_t))
+
+#define RS_GET_FIELD(rs_pa, field) \
+ (ldl_le_phys(rs_pa + offsetof(struct PVSCSIRingsState, field)))
+#define RS_SET_FIELD(rs_pa, field, val) \
+ (stl_le_phys(rs_pa + offsetof(struct PVSCSIRingsState, field), val))
+
+#define TYPE_PVSCSI "pvscsi"
+#define PVSCSI(obj) OBJECT_CHECK(PVSCSIState, (obj), TYPE_PVSCSI)
+
+typedef struct PVSCSIRingInfo {
+ uint64_t rs_pa;
+ uint32_t txr_len_mask;
+ uint32_t rxr_len_mask;
+ uint32_t msg_len_mask;
+ uint64_t req_ring_pages_pa[PVSCSI_SETUP_RINGS_MAX_NUM_PAGES];
+ uint64_t cmp_ring_pages_pa[PVSCSI_SETUP_RINGS_MAX_NUM_PAGES];
+ uint64_t msg_ring_pages_pa[PVSCSI_SETUP_MSG_RING_MAX_NUM_PAGES];
+ uint64_t consumed_ptr;
+ uint64_t filled_cmp_ptr;
+ uint64_t filled_msg_ptr;
+} PVSCSIRingInfo;
+
+typedef struct PVSCSISGState {
+ hwaddr elemAddr;
+ hwaddr dataAddr;
+ uint32_t resid;
+} PVSCSISGState;
+
+typedef QTAILQ_HEAD(, PVSCSIRequest) PVSCSIRequestList;
+
+typedef struct {
+ PCIDevice parent_obj;
+ MemoryRegion io_space;
+ SCSIBus bus;
+ QEMUBH *completion_worker;
+ PVSCSIRequestList pending_queue;
+ PVSCSIRequestList completion_queue;
+
+ uint64_t reg_interrupt_status; /* Interrupt status register value */
+ uint64_t reg_interrupt_enabled; /* Interrupt mask register value */
+ uint64_t reg_command_status; /* Command status register value */
+
+ /* Command data adoption mechanism */
+ uint64_t curr_cmd; /* Last command arrived */
+ uint32_t curr_cmd_data_cntr; /* Amount of data for last command */
+
+ /* Collector for current command data */
+ uint32_t curr_cmd_data[PVSCSI_MAX_CMD_DATA_WORDS];
+
+ uint8_t rings_info_valid; /* Whether data rings initialized */
+ uint8_t msg_ring_info_valid; /* Whether message ring initialized */
+ uint8_t use_msg; /* Whether to use message ring */
+
+ uint8_t msi_used; /* Whether MSI support was installed successfully */
+
+ PVSCSIRingInfo rings; /* Data transfer rings manager */
+ uint32_t resetting; /* Reset in progress */
+} PVSCSIState;
+
+typedef struct PVSCSIRequest {
+ SCSIRequest *sreq;
+ PVSCSIState *dev;
+ uint8_t sense_key;
+ uint8_t completed;
+ int lun;
+ QEMUSGList sgl;
+ PVSCSISGState sg;
+ struct PVSCSIRingReqDesc req;
+ struct PVSCSIRingCmpDesc cmp;
+ QTAILQ_ENTRY(PVSCSIRequest) next;
+} PVSCSIRequest;
+
+/* Integer binary logarithm */
+static int
+pvscsi_log2(uint32_t input)
+{
+ int log = 0;
+ assert(input > 0);
+ while (input >> ++log) {
+ }
+ return log;
+}
+
+static void
+pvscsi_ring_init_data(PVSCSIRingInfo *m, PVSCSICmdDescSetupRings *ri)
+{
+ int i;
+ uint32_t txr_len_log2, rxr_len_log2;
+ uint32_t req_ring_size, cmp_ring_size;
+ m->rs_pa = ri->ringsStatePPN << VMW_PAGE_SHIFT;
+
+ req_ring_size = ri->reqRingNumPages * PVSCSI_MAX_NUM_REQ_ENTRIES_PER_PAGE;
+ cmp_ring_size = ri->cmpRingNumPages * PVSCSI_MAX_NUM_CMP_ENTRIES_PER_PAGE;
+ txr_len_log2 = pvscsi_log2(req_ring_size - 1);
+ rxr_len_log2 = pvscsi_log2(cmp_ring_size - 1);
+
+ m->txr_len_mask = MASK(txr_len_log2);
+ m->rxr_len_mask = MASK(rxr_len_log2);
+
+ m->consumed_ptr = 0;
+ m->filled_cmp_ptr = 0;
+
+ for (i = 0; i < ri->reqRingNumPages; i++) {
+ m->req_ring_pages_pa[i] = ri->reqRingPPNs[i] << VMW_PAGE_SHIFT;
+ }
+
+ for (i = 0; i < ri->cmpRingNumPages; i++) {
+ m->cmp_ring_pages_pa[i] = ri->cmpRingPPNs[i] << VMW_PAGE_SHIFT;
+ }
+
+ RS_SET_FIELD(m->rs_pa, reqProdIdx, 0);
+ RS_SET_FIELD(m->rs_pa, reqConsIdx, 0);
+ RS_SET_FIELD(m->rs_pa, reqNumEntriesLog2, txr_len_log2);
+
+ RS_SET_FIELD(m->rs_pa, cmpProdIdx, 0);
+ RS_SET_FIELD(m->rs_pa, cmpConsIdx, 0);
+ RS_SET_FIELD(m->rs_pa, cmpNumEntriesLog2, rxr_len_log2);
+
+ trace_pvscsi_ring_init_data(txr_len_log2, rxr_len_log2);
+
+ /* Flush ring state page changes */
+ smp_wmb();
+}
+
+static void
+pvscsi_ring_init_msg(PVSCSIRingInfo *m, PVSCSICmdDescSetupMsgRing *ri)
+{
+ int i;
+ uint32_t len_log2;
+ uint32_t ring_size;
+
+ ring_size = ri->numPages * PVSCSI_MAX_NUM_MSG_ENTRIES_PER_PAGE;
+ len_log2 = pvscsi_log2(ring_size - 1);
+
+ m->msg_len_mask = MASK(len_log2);
+
+ m->filled_msg_ptr = 0;
+
+ for (i = 0; i < ri->numPages; i++) {
+ m->msg_ring_pages_pa[i] = ri->ringPPNs[i] << VMW_PAGE_SHIFT;
+ }
+
+ RS_SET_FIELD(m->rs_pa, msgProdIdx, 0);
+ RS_SET_FIELD(m->rs_pa, msgConsIdx, 0);
+ RS_SET_FIELD(m->rs_pa, msgNumEntriesLog2, len_log2);
+
+ trace_pvscsi_ring_init_msg(len_log2);
+
+ /* Flush ring state page changes */
+ smp_wmb();
+}
+
+static void
+pvscsi_ring_cleanup(PVSCSIRingInfo *mgr)
+{
+ mgr->rs_pa = 0;
+ mgr->txr_len_mask = 0;
+ mgr->rxr_len_mask = 0;
+ mgr->msg_len_mask = 0;
+ mgr->consumed_ptr = 0;
+ mgr->filled_cmp_ptr = 0;
+ mgr->filled_msg_ptr = 0;
+ memset(mgr->req_ring_pages_pa, 0, sizeof(mgr->req_ring_pages_pa));
+ memset(mgr->cmp_ring_pages_pa, 0, sizeof(mgr->cmp_ring_pages_pa));
+ memset(mgr->msg_ring_pages_pa, 0, sizeof(mgr->msg_ring_pages_pa));
+}
+
+static hwaddr
+pvscsi_ring_pop_req_descr(PVSCSIRingInfo *mgr)
+{
+ uint32_t ready_ptr = RS_GET_FIELD(mgr->rs_pa, reqProdIdx);
+
+ if (ready_ptr != mgr->consumed_ptr) {
+ uint32_t next_ready_ptr =
+ mgr->consumed_ptr++ & mgr->txr_len_mask;
+ uint32_t next_ready_page =
+ next_ready_ptr / PVSCSI_MAX_NUM_REQ_ENTRIES_PER_PAGE;
+ uint32_t inpage_idx =
+ next_ready_ptr % PVSCSI_MAX_NUM_REQ_ENTRIES_PER_PAGE;
+
+ return mgr->req_ring_pages_pa[next_ready_page] +
+ inpage_idx * sizeof(PVSCSIRingReqDesc);
+ } else {
+ return 0;
+ }
+}
+
+static void
+pvscsi_ring_flush_req(PVSCSIRingInfo *mgr)
+{
+ RS_SET_FIELD(mgr->rs_pa, reqConsIdx, mgr->consumed_ptr);
+}
+
+static hwaddr
+pvscsi_ring_pop_cmp_descr(PVSCSIRingInfo *mgr)
+{
+ /*
+ * According to Linux driver code it explicitly verifies that number
+ * of requests being processed by device is less then the size of
+ * completion queue, so device may omit completion queue overflow
+ * conditions check. We assume that this is true for other (Windows)
+ * drivers as well.
+ */
+
+ uint32_t free_cmp_ptr =
+ mgr->filled_cmp_ptr++ & mgr->rxr_len_mask;
+ uint32_t free_cmp_page =
+ free_cmp_ptr / PVSCSI_MAX_NUM_CMP_ENTRIES_PER_PAGE;
+ uint32_t inpage_idx =
+ free_cmp_ptr % PVSCSI_MAX_NUM_CMP_ENTRIES_PER_PAGE;
+ return mgr->cmp_ring_pages_pa[free_cmp_page] +
+ inpage_idx * sizeof(PVSCSIRingCmpDesc);
+}
+
+static hwaddr
+pvscsi_ring_pop_msg_descr(PVSCSIRingInfo *mgr)
+{
+ uint32_t free_msg_ptr =
+ mgr->filled_msg_ptr++ & mgr->msg_len_mask;
+ uint32_t free_msg_page =
+ free_msg_ptr / PVSCSI_MAX_NUM_MSG_ENTRIES_PER_PAGE;
+ uint32_t inpage_idx =
+ free_msg_ptr % PVSCSI_MAX_NUM_MSG_ENTRIES_PER_PAGE;
+ return mgr->msg_ring_pages_pa[free_msg_page] +
+ inpage_idx * sizeof(PVSCSIRingMsgDesc);
+}
+
+static void
+pvscsi_ring_flush_cmp(PVSCSIRingInfo *mgr)
+{
+ /* Flush descriptor changes */
+ smp_wmb();
+
+ trace_pvscsi_ring_flush_cmp(mgr->filled_cmp_ptr);
+
+ RS_SET_FIELD(mgr->rs_pa, cmpProdIdx, mgr->filled_cmp_ptr);
+}
+
+static bool
+pvscsi_ring_msg_has_room(PVSCSIRingInfo *mgr)
+{
+ uint32_t prodIdx = RS_GET_FIELD(mgr->rs_pa, msgProdIdx);
+ uint32_t consIdx = RS_GET_FIELD(mgr->rs_pa, msgConsIdx);
+
+ return (prodIdx - consIdx) < (mgr->msg_len_mask + 1);
+}
+
+static void
+pvscsi_ring_flush_msg(PVSCSIRingInfo *mgr)
+{
+ /* Flush descriptor changes */
+ smp_wmb();
+
+ trace_pvscsi_ring_flush_msg(mgr->filled_msg_ptr);
+
+ RS_SET_FIELD(mgr->rs_pa, msgProdIdx, mgr->filled_msg_ptr);
+}
+
+static void
+pvscsi_reset_state(PVSCSIState *s)
+{
+ s->curr_cmd = PVSCSI_CMD_FIRST;
+ s->curr_cmd_data_cntr = 0;
+ s->reg_command_status = PVSCSI_COMMAND_PROCESSING_SUCCEEDED;
+ s->reg_interrupt_status = 0;
+ pvscsi_ring_cleanup(&s->rings);
+ s->rings_info_valid = FALSE;
+ s->msg_ring_info_valid = FALSE;
+ QTAILQ_INIT(&s->pending_queue);
+ QTAILQ_INIT(&s->completion_queue);
+}
+
+static void
+pvscsi_update_irq_status(PVSCSIState *s)
+{
+ PCIDevice *d = PCI_DEVICE(s);
+ bool should_raise = s->reg_interrupt_enabled & s->reg_interrupt_status;
+
+ trace_pvscsi_update_irq_level(should_raise, s->reg_interrupt_enabled,
+ s->reg_interrupt_status);
+
+ if (s->msi_used && msi_enabled(d)) {
+ if (should_raise) {
+ trace_pvscsi_update_irq_msi();
+ msi_notify(d, PVSCSI_VECTOR_COMPLETION);
+ }
+ return;
+ }
+
+ qemu_set_irq(d->irq[0], !!should_raise);
+}
+
+static void
+pvscsi_raise_completion_interrupt(PVSCSIState *s)
+{
+ s->reg_interrupt_status |= PVSCSI_INTR_CMPL_0;
+
+ /* Memory barrier to flush interrupt status register changes*/
+ smp_wmb();
+
+ pvscsi_update_irq_status(s);
+}
+
+static void
+pvscsi_raise_message_interrupt(PVSCSIState *s)
+{
+ s->reg_interrupt_status |= PVSCSI_INTR_MSG_0;
+
+ /* Memory barrier to flush interrupt status register changes*/
+ smp_wmb();
+
+ pvscsi_update_irq_status(s);
+}
+
+static void
+pvscsi_cmp_ring_put(PVSCSIState *s, struct PVSCSIRingCmpDesc *cmp_desc)
+{
+ hwaddr cmp_descr_pa;
+
+ cmp_descr_pa = pvscsi_ring_pop_cmp_descr(&s->rings);
+ trace_pvscsi_cmp_ring_put(cmp_descr_pa);
+ cpu_physical_memory_write(cmp_descr_pa, (void *)cmp_desc,
+ sizeof(*cmp_desc));
+}
+
+static void
+pvscsi_msg_ring_put(PVSCSIState *s, struct PVSCSIRingMsgDesc *msg_desc)
+{
+ hwaddr msg_descr_pa;
+
+ msg_descr_pa = pvscsi_ring_pop_msg_descr(&s->rings);
+ trace_pvscsi_msg_ring_put(msg_descr_pa);
+ cpu_physical_memory_write(msg_descr_pa, (void *)msg_desc,
+ sizeof(*msg_desc));
+}
+
+static void
+pvscsi_process_completion_queue(void *opaque)
+{
+ PVSCSIState *s = opaque;
+ PVSCSIRequest *pvscsi_req;
+ bool has_completed = false;
+
+ while (!QTAILQ_EMPTY(&s->completion_queue)) {
+ pvscsi_req = QTAILQ_FIRST(&s->completion_queue);
+ QTAILQ_REMOVE(&s->completion_queue, pvscsi_req, next);
+ pvscsi_cmp_ring_put(s, &pvscsi_req->cmp);
+ g_free(pvscsi_req);
+ has_completed = true;
+ }
+
+ if (has_completed) {
+ pvscsi_ring_flush_cmp(&s->rings);
+ pvscsi_raise_completion_interrupt(s);
+ }
+}
+
+static void
+pvscsi_reset_adapter(PVSCSIState *s)
+{
+ s->resetting++;
+ qbus_reset_all_fn(&s->bus);
+ s->resetting--;
+ pvscsi_process_completion_queue(s);
+ assert(QTAILQ_EMPTY(&s->pending_queue));
+ pvscsi_reset_state(s);
+}
+
+static void
+pvscsi_schedule_completion_processing(PVSCSIState *s)
+{
+ /* Try putting more complete requests on the ring. */
+ if (!QTAILQ_EMPTY(&s->completion_queue)) {
+ qemu_bh_schedule(s->completion_worker);
+ }
+}
+
+static void
+pvscsi_complete_request(PVSCSIState *s, PVSCSIRequest *r)
+{
+ assert(!r->completed);
+
+ trace_pvscsi_complete_request(r->cmp.context, r->cmp.dataLen,
+ r->sense_key);
+ if (r->sreq != NULL) {
+ scsi_req_unref(r->sreq);
+ r->sreq = NULL;
+ }
+ r->completed = 1;
+ QTAILQ_REMOVE(&s->pending_queue, r, next);
+ QTAILQ_INSERT_TAIL(&s->completion_queue, r, next);
+ pvscsi_schedule_completion_processing(s);
+}
+
+static QEMUSGList *pvscsi_get_sg_list(SCSIRequest *r)
+{
+ PVSCSIRequest *req = r->hba_private;
+
+ trace_pvscsi_get_sg_list(req->sgl.nsg, req->sgl.size);
+
+ return &req->sgl;
+}
+
+static void
+pvscsi_get_next_sg_elem(PVSCSISGState *sg)
+{
+ struct PVSCSISGElement elem;
+
+ cpu_physical_memory_read(sg->elemAddr, (void *)&elem, sizeof(elem));
+ if ((elem.flags & ~PVSCSI_KNOWN_FLAGS) != 0) {
+ /*
+ * There is PVSCSI_SGE_FLAG_CHAIN_ELEMENT flag described in
+ * header file but its value is unknown. This flag requires
+ * additional processing, so we put warning here to catch it
+ * some day and make proper implementation
+ */
+ trace_pvscsi_get_next_sg_elem(elem.flags);
+ }
+
+ sg->elemAddr += sizeof(elem);
+ sg->dataAddr = elem.addr;
+ sg->resid = elem.length;
+}
+
+static void
+pvscsi_write_sense(PVSCSIRequest *r, uint8_t *sense, int len)
+{
+ r->cmp.senseLen = MIN(r->req.senseLen, len);
+ r->sense_key = sense[(sense[0] & 2) ? 1 : 2];
+ cpu_physical_memory_write(r->req.senseAddr, sense, r->cmp.senseLen);
+}
+
+static void
+pvscsi_command_complete(SCSIRequest *req, uint32_t status, size_t resid)
+{
+ PVSCSIRequest *pvscsi_req = req->hba_private;
+ PVSCSIState *s = pvscsi_req->dev;
+
+ if (!pvscsi_req) {
+ trace_pvscsi_command_complete_not_found(req->tag);
+ return;
+ }
+
+ if (resid) {
+ /* Short transfer. */
+ trace_pvscsi_command_complete_data_run();
+ pvscsi_req->cmp.hostStatus = BTSTAT_DATARUN;
+ }
+
+ pvscsi_req->cmp.scsiStatus = status;
+ if (pvscsi_req->cmp.scsiStatus == CHECK_CONDITION) {
+ uint8_t sense[SCSI_SENSE_BUF_SIZE];
+ int sense_len =
+ scsi_req_get_sense(pvscsi_req->sreq, sense, sizeof(sense));
+
+ trace_pvscsi_command_complete_sense_len(sense_len);
+ pvscsi_write_sense(pvscsi_req, sense, sense_len);
+ }
+ qemu_sglist_destroy(&pvscsi_req->sgl);
+ pvscsi_complete_request(s, pvscsi_req);
+}
+
+static void
+pvscsi_send_msg(PVSCSIState *s, SCSIDevice *dev, uint32_t msg_type)
+{
+ if (s->msg_ring_info_valid && pvscsi_ring_msg_has_room(&s->rings)) {
+ PVSCSIMsgDescDevStatusChanged msg = {0};
+
+ msg.type = msg_type;
+ msg.bus = dev->channel;
+ msg.target = dev->id;
+ msg.lun[1] = dev->lun;
+
+ pvscsi_msg_ring_put(s, (PVSCSIRingMsgDesc *)&msg);
+ pvscsi_ring_flush_msg(&s->rings);
+ pvscsi_raise_message_interrupt(s);
+ }
+}
+
+static void
+pvscsi_hotplug(SCSIBus *bus, SCSIDevice *dev)
+{
+ PVSCSIState *s = container_of(bus, PVSCSIState, bus);
+ pvscsi_send_msg(s, dev, PVSCSI_MSG_DEV_ADDED);
+}
+
+static void
+pvscsi_hot_unplug(SCSIBus *bus, SCSIDevice *dev)
+{
+ PVSCSIState *s = container_of(bus, PVSCSIState, bus);
+ pvscsi_send_msg(s, dev, PVSCSI_MSG_DEV_REMOVED);
+}
+
+static void
+pvscsi_request_cancelled(SCSIRequest *req)
+{
+ PVSCSIRequest *pvscsi_req = req->hba_private;
+ PVSCSIState *s = pvscsi_req->dev;
+
+ if (pvscsi_req->completed) {
+ return;
+ }
+
+ if (pvscsi_req->dev->resetting) {
+ pvscsi_req->cmp.hostStatus = BTSTAT_BUSRESET;
+ } else {
+ pvscsi_req->cmp.hostStatus = BTSTAT_ABORTQUEUE;
+ }
+
+ pvscsi_complete_request(s, pvscsi_req);
+}
+
+static SCSIDevice*
+pvscsi_device_find(PVSCSIState *s, int channel, int target,
+ uint8_t *requested_lun, uint8_t *target_lun)
+{
+ if (requested_lun[0] || requested_lun[2] || requested_lun[3] ||
+ requested_lun[4] || requested_lun[5] || requested_lun[6] ||
+ requested_lun[7] || (target > PVSCSI_MAX_DEVS)) {
+ return NULL;
+ } else {
+ *target_lun = requested_lun[1];
+ return scsi_device_find(&s->bus, channel, target, *target_lun);
+ }
+}
+
+static PVSCSIRequest *
+pvscsi_queue_pending_descriptor(PVSCSIState *s, SCSIDevice **d,
+ struct PVSCSIRingReqDesc *descr)
+{
+ PVSCSIRequest *pvscsi_req;
+ uint8_t lun;
+
+ pvscsi_req = g_malloc0(sizeof(*pvscsi_req));
+ pvscsi_req->dev = s;
+ pvscsi_req->req = *descr;
+ pvscsi_req->cmp.context = pvscsi_req->req.context;
+ QTAILQ_INSERT_TAIL(&s->pending_queue, pvscsi_req, next);
+
+ *d = pvscsi_device_find(s, descr->bus, descr->target, descr->lun, &lun);
+ if (*d) {
+ pvscsi_req->lun = lun;
+ }
+
+ return pvscsi_req;
+}
+
+static void
+pvscsi_convert_sglist(PVSCSIRequest *r)
+{
+ int chunk_size;
+ uint64_t data_length = r->req.dataLen;
+ PVSCSISGState sg = r->sg;
+ while (data_length) {
+ while (!sg.resid) {
+ pvscsi_get_next_sg_elem(&sg);
+ trace_pvscsi_convert_sglist(r->req.context, r->sg.dataAddr,
+ r->sg.resid);
+ }
+ assert(data_length > 0);
+ chunk_size = MIN((unsigned) data_length, sg.resid);
+ if (chunk_size) {
+ qemu_sglist_add(&r->sgl, sg.dataAddr, chunk_size);
+ }
+
+ sg.dataAddr += chunk_size;
+ data_length -= chunk_size;
+ sg.resid -= chunk_size;
+ }
+}
+
+static void
+pvscsi_build_sglist(PVSCSIState *s, PVSCSIRequest *r)
+{
+ PCIDevice *d = PCI_DEVICE(s);
+
+ pci_dma_sglist_init(&r->sgl, d, 1);
+ if (r->req.flags & PVSCSI_FLAG_CMD_WITH_SG_LIST) {
+ pvscsi_convert_sglist(r);
+ } else {
+ qemu_sglist_add(&r->sgl, r->req.dataAddr, r->req.dataLen);
+ }
+}
+
+static void
+pvscsi_process_request_descriptor(PVSCSIState *s,
+ struct PVSCSIRingReqDesc *descr)
+{
+ SCSIDevice *d;
+ PVSCSIRequest *r = pvscsi_queue_pending_descriptor(s, &d, descr);
+ int64_t n;
+
+ trace_pvscsi_process_req_descr(descr->cdb[0], descr->context);
+
+ if (!d) {
+ r->cmp.hostStatus = BTSTAT_SELTIMEO;
+ trace_pvscsi_process_req_descr_unknown_device();
+ pvscsi_complete_request(s, r);
+ return;
+ }
+
+ if (descr->flags & PVSCSI_FLAG_CMD_WITH_SG_LIST) {
+ r->sg.elemAddr = descr->dataAddr;
+ }
+
+ r->sreq = scsi_req_new(d, descr->context, r->lun, descr->cdb, r);
+ if (r->sreq->cmd.mode == SCSI_XFER_FROM_DEV &&
+ (descr->flags & PVSCSI_FLAG_CMD_DIR_TODEVICE)) {
+ r->cmp.hostStatus = BTSTAT_BADMSG;
+ trace_pvscsi_process_req_descr_invalid_dir();
+ scsi_req_cancel(r->sreq);
+ return;
+ }
+ if (r->sreq->cmd.mode == SCSI_XFER_TO_DEV &&
+ (descr->flags & PVSCSI_FLAG_CMD_DIR_TOHOST)) {
+ r->cmp.hostStatus = BTSTAT_BADMSG;
+ trace_pvscsi_process_req_descr_invalid_dir();
+ scsi_req_cancel(r->sreq);
+ return;
+ }
+
+ pvscsi_build_sglist(s, r);
+ n = scsi_req_enqueue(r->sreq);
+
+ if (n) {
+ scsi_req_continue(r->sreq);
+ }
+}
+
+static void
+pvscsi_process_io(PVSCSIState *s)
+{
+ PVSCSIRingReqDesc descr;
+ hwaddr next_descr_pa;
+
+ assert(s->rings_info_valid);
+ while ((next_descr_pa = pvscsi_ring_pop_req_descr(&s->rings)) != 0) {
+
+ /* Only read after production index verification */
+ smp_rmb();
+
+ trace_pvscsi_process_io(next_descr_pa);
+ cpu_physical_memory_read(next_descr_pa, &descr, sizeof(descr));
+ pvscsi_process_request_descriptor(s, &descr);
+ }
+
+ pvscsi_ring_flush_req(&s->rings);
+}
+
+static void
+pvscsi_dbg_dump_tx_rings_config(PVSCSICmdDescSetupRings *rc)
+{
+ int i;
+ trace_pvscsi_tx_rings_ppn("Rings State", rc->ringsStatePPN);
+
+ trace_pvscsi_tx_rings_num_pages("Request Ring", rc->reqRingNumPages);
+ for (i = 0; i < rc->reqRingNumPages; i++) {
+ trace_pvscsi_tx_rings_ppn("Request Ring", rc->reqRingPPNs[i]);
+ }
+
+ trace_pvscsi_tx_rings_num_pages("Confirm Ring", rc->cmpRingNumPages);
+ for (i = 0; i < rc->cmpRingNumPages; i++) {
+ trace_pvscsi_tx_rings_ppn("Confirm Ring", rc->reqRingPPNs[i]);
+ }
+}
+
+static uint64_t
+pvscsi_on_cmd_config(PVSCSIState *s)
+{
+ trace_pvscsi_on_cmd_noimpl("PVSCSI_CMD_CONFIG");
+ return PVSCSI_COMMAND_PROCESSING_FAILED;
+}
+
+static uint64_t
+pvscsi_on_cmd_unplug(PVSCSIState *s)
+{
+ trace_pvscsi_on_cmd_noimpl("PVSCSI_CMD_DEVICE_UNPLUG");
+ return PVSCSI_COMMAND_PROCESSING_FAILED;
+}
+
+static uint64_t
+pvscsi_on_issue_scsi(PVSCSIState *s)
+{
+ trace_pvscsi_on_cmd_noimpl("PVSCSI_CMD_ISSUE_SCSI");
+ return PVSCSI_COMMAND_PROCESSING_FAILED;
+}
+
+static uint64_t
+pvscsi_on_cmd_setup_rings(PVSCSIState *s)
+{
+ PVSCSICmdDescSetupRings *rc =
+ (PVSCSICmdDescSetupRings *) s->curr_cmd_data;
+
+ trace_pvscsi_on_cmd_arrived("PVSCSI_CMD_SETUP_RINGS");
+
+ pvscsi_dbg_dump_tx_rings_config(rc);
+ pvscsi_ring_init_data(&s->rings, rc);
+ s->rings_info_valid = TRUE;
+ return PVSCSI_COMMAND_PROCESSING_SUCCEEDED;
+}
+
+static uint64_t
+pvscsi_on_cmd_abort(PVSCSIState *s)
+{
+ PVSCSICmdDescAbortCmd *cmd = (PVSCSICmdDescAbortCmd *) s->curr_cmd_data;
+ PVSCSIRequest *r, *next;
+
+ trace_pvscsi_on_cmd_abort(cmd->context, cmd->target);
+
+ QTAILQ_FOREACH_SAFE(r, &s->pending_queue, next, next) {
+ if (r->req.context == cmd->context) {
+ break;
+ }
+ }
+ if (r) {
+ assert(!r->completed);
+ r->cmp.hostStatus = BTSTAT_ABORTQUEUE;
+ scsi_req_cancel(r->sreq);
+ }
+
+ return PVSCSI_COMMAND_PROCESSING_SUCCEEDED;
+}
+
+static uint64_t
+pvscsi_on_cmd_unknown(PVSCSIState *s)
+{
+ trace_pvscsi_on_cmd_unknown_data(s->curr_cmd_data[0]);
+ return PVSCSI_COMMAND_PROCESSING_FAILED;
+}
+
+static uint64_t
+pvscsi_on_cmd_reset_device(PVSCSIState *s)
+{
+ uint8_t target_lun = 0;
+ struct PVSCSICmdDescResetDevice *cmd =
+ (struct PVSCSICmdDescResetDevice *) s->curr_cmd_data;
+ SCSIDevice *sdev;
+
+ sdev = pvscsi_device_find(s, 0, cmd->target, cmd->lun, &target_lun);
+
+ trace_pvscsi_on_cmd_reset_dev(cmd->target, (int) target_lun, sdev);
+
+ if (sdev != NULL) {
+ s->resetting++;
+ device_reset(&sdev->qdev);
+ s->resetting--;
+ return PVSCSI_COMMAND_PROCESSING_SUCCEEDED;
+ }
+
+ return PVSCSI_COMMAND_PROCESSING_FAILED;
+}
+
+static uint64_t
+pvscsi_on_cmd_reset_bus(PVSCSIState *s)
+{
+ trace_pvscsi_on_cmd_arrived("PVSCSI_CMD_RESET_BUS");
+
+ s->resetting++;
+ qbus_reset_all_fn(&s->bus);
+ s->resetting--;
+ return PVSCSI_COMMAND_PROCESSING_SUCCEEDED;
+}
+
+static uint64_t
+pvscsi_on_cmd_setup_msg_ring(PVSCSIState *s)
+{
+ PVSCSICmdDescSetupMsgRing *rc =
+ (PVSCSICmdDescSetupMsgRing *) s->curr_cmd_data;
+
+ trace_pvscsi_on_cmd_arrived("PVSCSI_CMD_SETUP_MSG_RING");
+
+ if (!s->use_msg) {
+ return PVSCSI_COMMAND_PROCESSING_FAILED;
+ }
+
+ if (s->rings_info_valid) {
+ pvscsi_ring_init_msg(&s->rings, rc);
+ s->msg_ring_info_valid = TRUE;
+ }
+ return sizeof(PVSCSICmdDescSetupMsgRing) / sizeof(uint32_t);
+}
+
+static uint64_t
+pvscsi_on_cmd_adapter_reset(PVSCSIState *s)
+{
+ trace_pvscsi_on_cmd_arrived("PVSCSI_CMD_ADAPTER_RESET");
+
+ pvscsi_reset_adapter(s);
+ return PVSCSI_COMMAND_PROCESSING_SUCCEEDED;
+}
+
+static const struct {
+ int data_size;
+ uint64_t (*handler_fn)(PVSCSIState *s);
+} pvscsi_commands[] = {
+ [PVSCSI_CMD_FIRST] = {
+ .data_size = 0,
+ .handler_fn = pvscsi_on_cmd_unknown,
+ },
+
+ /* Not implemented, data size defined based on what arrives on windows */
+ [PVSCSI_CMD_CONFIG] = {
+ .data_size = 6 * sizeof(uint32_t),
+ .handler_fn = pvscsi_on_cmd_config,
+ },
+
+ /* Command not implemented, data size is unknown */
+ [PVSCSI_CMD_ISSUE_SCSI] = {
+ .data_size = 0,
+ .handler_fn = pvscsi_on_issue_scsi,
+ },
+
+ /* Command not implemented, data size is unknown */
+ [PVSCSI_CMD_DEVICE_UNPLUG] = {
+ .data_size = 0,
+ .handler_fn = pvscsi_on_cmd_unplug,
+ },
+
+ [PVSCSI_CMD_SETUP_RINGS] = {
+ .data_size = sizeof(PVSCSICmdDescSetupRings),
+ .handler_fn = pvscsi_on_cmd_setup_rings,
+ },
+
+ [PVSCSI_CMD_RESET_DEVICE] = {
+ .data_size = sizeof(struct PVSCSICmdDescResetDevice),
+ .handler_fn = pvscsi_on_cmd_reset_device,
+ },
+
+ [PVSCSI_CMD_RESET_BUS] = {
+ .data_size = 0,
+ .handler_fn = pvscsi_on_cmd_reset_bus,
+ },
+
+ [PVSCSI_CMD_SETUP_MSG_RING] = {
+ .data_size = sizeof(PVSCSICmdDescSetupMsgRing),
+ .handler_fn = pvscsi_on_cmd_setup_msg_ring,
+ },
+
+ [PVSCSI_CMD_ADAPTER_RESET] = {
+ .data_size = 0,
+ .handler_fn = pvscsi_on_cmd_adapter_reset,
+ },
+
+ [PVSCSI_CMD_ABORT_CMD] = {
+ .data_size = sizeof(struct PVSCSICmdDescAbortCmd),
+ .handler_fn = pvscsi_on_cmd_abort,
+ },
+};
+
+static void
+pvscsi_do_command_processing(PVSCSIState *s)
+{
+ size_t bytes_arrived = s->curr_cmd_data_cntr * sizeof(uint32_t);
+
+ assert(s->curr_cmd < PVSCSI_CMD_LAST);
+ if (bytes_arrived >= pvscsi_commands[s->curr_cmd].data_size) {
+ s->reg_command_status = pvscsi_commands[s->curr_cmd].handler_fn(s);
+ s->curr_cmd = PVSCSI_CMD_FIRST;
+ s->curr_cmd_data_cntr = 0;
+ }
+}
+
+static void
+pvscsi_on_command_data(PVSCSIState *s, uint32_t value)
+{
+ size_t bytes_arrived = s->curr_cmd_data_cntr * sizeof(uint32_t);
+
+ assert(bytes_arrived < sizeof(s->curr_cmd_data));
+ s->curr_cmd_data[s->curr_cmd_data_cntr++] = value;
+
+ pvscsi_do_command_processing(s);
+}
+
+static void
+pvscsi_on_command(PVSCSIState *s, uint64_t cmd_id)
+{
+ if ((cmd_id > PVSCSI_CMD_FIRST) && (cmd_id < PVSCSI_CMD_LAST)) {
+ s->curr_cmd = cmd_id;
+ } else {
+ s->curr_cmd = PVSCSI_CMD_FIRST;
+ trace_pvscsi_on_cmd_unknown(cmd_id);
+ }
+
+ s->curr_cmd_data_cntr = 0;
+ s->reg_command_status = PVSCSI_COMMAND_NOT_ENOUGH_DATA;
+
+ pvscsi_do_command_processing(s);
+}
+
+static void
+pvscsi_io_write(void *opaque, hwaddr addr,
+ uint64_t val, unsigned size)
+{
+ PVSCSIState *s = opaque;
+
+ switch (addr) {
+ case PVSCSI_REG_OFFSET_COMMAND:
+ pvscsi_on_command(s, val);
+ break;
+
+ case PVSCSI_REG_OFFSET_COMMAND_DATA:
+ pvscsi_on_command_data(s, (uint32_t) val);
+ break;
+
+ case PVSCSI_REG_OFFSET_INTR_STATUS:
+ trace_pvscsi_io_write("PVSCSI_REG_OFFSET_INTR_STATUS", val);
+ s->reg_interrupt_status &= ~val;
+ pvscsi_update_irq_status(s);
+ pvscsi_schedule_completion_processing(s);
+ break;
+
+ case PVSCSI_REG_OFFSET_INTR_MASK:
+ trace_pvscsi_io_write("PVSCSI_REG_OFFSET_INTR_MASK", val);
+ s->reg_interrupt_enabled = val;
+ pvscsi_update_irq_status(s);
+ break;
+
+ case PVSCSI_REG_OFFSET_KICK_NON_RW_IO:
+ trace_pvscsi_io_write("PVSCSI_REG_OFFSET_KICK_NON_RW_IO", val);
+ pvscsi_process_io(s);
+ break;
+
+ case PVSCSI_REG_OFFSET_KICK_RW_IO:
+ trace_pvscsi_io_write("PVSCSI_REG_OFFSET_KICK_RW_IO", val);
+ pvscsi_process_io(s);
+ break;
+
+ case PVSCSI_REG_OFFSET_DEBUG:
+ trace_pvscsi_io_write("PVSCSI_REG_OFFSET_DEBUG", val);
+ break;
+
+ default:
+ trace_pvscsi_io_write_unknown(addr, size, val);
+ break;
+ }
+
+}
+
+static uint64_t
+pvscsi_io_read(void *opaque, hwaddr addr, unsigned size)
+{
+ PVSCSIState *s = opaque;
+
+ switch (addr) {
+ case PVSCSI_REG_OFFSET_INTR_STATUS:
+ trace_pvscsi_io_read("PVSCSI_REG_OFFSET_INTR_STATUS",
+ s->reg_interrupt_status);
+ return s->reg_interrupt_status;
+
+ case PVSCSI_REG_OFFSET_INTR_MASK:
+ trace_pvscsi_io_read("PVSCSI_REG_OFFSET_INTR_MASK",
+ s->reg_interrupt_status);
+ return s->reg_interrupt_enabled;
+
+ case PVSCSI_REG_OFFSET_COMMAND_STATUS:
+ trace_pvscsi_io_read("PVSCSI_REG_OFFSET_COMMAND_STATUS",
+ s->reg_interrupt_status);
+ return s->reg_command_status;
+
+ default:
+ trace_pvscsi_io_read_unknown(addr, size);
+ return 0;
+ }
+}
+
+
+static bool
+pvscsi_init_msi(PVSCSIState *s)
+{
+ int res;
+ PCIDevice *d = PCI_DEVICE(s);
+
+ res = msi_init(d, PVSCSI_MSI_OFFSET, PVSCSI_MSIX_NUM_VECTORS,
+ PVSCSI_USE_64BIT, PVSCSI_PER_VECTOR_MASK);
+ if (res < 0) {
+ trace_pvscsi_init_msi_fail(res);
+ s->msi_used = false;
+ } else {
+ s->msi_used = true;
+ }
+
+ return s->msi_used;
+}
+
+static void
+pvscsi_cleanup_msi(PVSCSIState *s)
+{
+ PCIDevice *d = PCI_DEVICE(s);
+
+ if (s->msi_used) {
+ msi_uninit(d);
+ }
+}
+
+static const MemoryRegionOps pvscsi_ops = {
+ .read = pvscsi_io_read,
+ .write = pvscsi_io_write,
+ .endianness = DEVICE_LITTLE_ENDIAN,
+ .impl = {
+ .min_access_size = 4,
+ .max_access_size = 4,
+ },
+};
+
+static const struct SCSIBusInfo pvscsi_scsi_info = {
+ .tcq = true,
+ .max_target = PVSCSI_MAX_DEVS,
+ .max_channel = 0,
+ .max_lun = 0,
+
+ .get_sg_list = pvscsi_get_sg_list,
+ .complete = pvscsi_command_complete,
+ .cancel = pvscsi_request_cancelled,
+ .hotplug = pvscsi_hotplug,
+ .hot_unplug = pvscsi_hot_unplug,
+};
+
+static int
+pvscsi_init(PCIDevice *pci_dev)
+{
+ PVSCSIState *s = PVSCSI(pci_dev);
+
+ trace_pvscsi_state("init");
+
+ /* PCI subsystem ID */
+ pci_dev->config[PCI_SUBSYSTEM_ID] = 0x00;
+ pci_dev->config[PCI_SUBSYSTEM_ID + 1] = 0x10;
+
+ /* PCI latency timer = 255 */
+ pci_dev->config[PCI_LATENCY_TIMER] = 0xff;
+
+ /* Interrupt pin A */
+ pci_config_set_interrupt_pin(pci_dev->config, 1);
+
+ memory_region_init_io(&s->io_space, OBJECT(s), &pvscsi_ops, s,
+ "pvscsi-io", PVSCSI_MEM_SPACE_SIZE);
+ pci_register_bar(pci_dev, 0, PCI_BASE_ADDRESS_SPACE_MEMORY, &s->io_space);
+
+ pvscsi_init_msi(s);
+
+ s->completion_worker = qemu_bh_new(pvscsi_process_completion_queue, s);
+ if (!s->completion_worker) {
+ pvscsi_cleanup_msi(s);
+ memory_region_destroy(&s->io_space);
+ return -ENOMEM;
+ }
+
+ scsi_bus_new(&s->bus, &pci_dev->qdev, &pvscsi_scsi_info, NULL);
+ pvscsi_reset_state(s);
+
+ return 0;
+}
+
+static void
+pvscsi_uninit(PCIDevice *pci_dev)
+{
+ PVSCSIState *s = PVSCSI(pci_dev);
+
+ trace_pvscsi_state("uninit");
+ qemu_bh_delete(s->completion_worker);
+
+ pvscsi_cleanup_msi(s);
+
+ memory_region_destroy(&s->io_space);
+}
+
+static void
+pvscsi_reset(DeviceState *dev)
+{
+ PCIDevice *d = PCI_DEVICE(dev);
+ PVSCSIState *s = PVSCSI(d);
+
+ trace_pvscsi_state("reset");
+ pvscsi_reset_adapter(s);
+}
+
+static void
+pvscsi_pre_save(void *opaque)
+{
+ PVSCSIState *s = (PVSCSIState *) opaque;
+
+ trace_pvscsi_state("presave");
+
+ assert(QTAILQ_EMPTY(&s->pending_queue));
+ assert(QTAILQ_EMPTY(&s->completion_queue));
+}
+
+static int
+pvscsi_post_load(void *opaque, int version_id)
+{
+ trace_pvscsi_state("postload");
+ return 0;
+}
+
+static const VMStateDescription vmstate_pvscsi = {
+ .name = "pvscsi",
+ .version_id = 0,
+ .minimum_version_id = 0,
+ .minimum_version_id_old = 0,
+ .pre_save = pvscsi_pre_save,
+ .post_load = pvscsi_post_load,
+ .fields = (VMStateField[]) {
+ VMSTATE_PCI_DEVICE(parent_obj, PVSCSIState),
+ VMSTATE_UINT8(msi_used, PVSCSIState),
+ VMSTATE_UINT32(resetting, PVSCSIState),
+ VMSTATE_UINT64(reg_interrupt_status, PVSCSIState),
+ VMSTATE_UINT64(reg_interrupt_enabled, PVSCSIState),
+ VMSTATE_UINT64(reg_command_status, PVSCSIState),
+ VMSTATE_UINT64(curr_cmd, PVSCSIState),
+ VMSTATE_UINT32(curr_cmd_data_cntr, PVSCSIState),
+ VMSTATE_UINT32_ARRAY(curr_cmd_data, PVSCSIState,
+ ARRAY_SIZE(((PVSCSIState *)NULL)->curr_cmd_data)),
+ VMSTATE_UINT8(rings_info_valid, PVSCSIState),
+ VMSTATE_UINT8(msg_ring_info_valid, PVSCSIState),
+ VMSTATE_UINT8(use_msg, PVSCSIState),
+
+ VMSTATE_UINT64(rings.rs_pa, PVSCSIState),
+ VMSTATE_UINT32(rings.txr_len_mask, PVSCSIState),
+ VMSTATE_UINT32(rings.rxr_len_mask, PVSCSIState),
+ VMSTATE_UINT64_ARRAY(rings.req_ring_pages_pa, PVSCSIState,
+ PVSCSI_SETUP_RINGS_MAX_NUM_PAGES),
+ VMSTATE_UINT64_ARRAY(rings.cmp_ring_pages_pa, PVSCSIState,
+ PVSCSI_SETUP_RINGS_MAX_NUM_PAGES),
+ VMSTATE_UINT64(rings.consumed_ptr, PVSCSIState),
+ VMSTATE_UINT64(rings.filled_cmp_ptr, PVSCSIState),
+
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+static void
+pvscsi_write_config(PCIDevice *pci, uint32_t addr, uint32_t val, int len)
+{
+ pci_default_write_config(pci, addr, val, len);
+ msi_write_config(pci, addr, val, len);
+}
+
+static Property pvscsi_properties[] = {
+ DEFINE_PROP_UINT8("use_msg", PVSCSIState, use_msg, 1),
+ DEFINE_PROP_END_OF_LIST(),
+};
+
+static void pvscsi_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ PCIDeviceClass *k = PCI_DEVICE_CLASS(klass);
+
+ k->init = pvscsi_init;
+ k->exit = pvscsi_uninit;
+ k->vendor_id = PCI_VENDOR_ID_VMWARE;
+ k->device_id = PCI_DEVICE_ID_VMWARE_PVSCSI;
+ k->class_id = PCI_CLASS_STORAGE_SCSI;
+ k->subsystem_id = 0x1000;
+ dc->reset = pvscsi_reset;
+ dc->vmsd = &vmstate_pvscsi;
+ dc->props = pvscsi_properties;
+ set_bit(DEVICE_CATEGORY_STORAGE, dc->categories);
+ k->config_write = pvscsi_write_config;
+}
+
+static const TypeInfo pvscsi_info = {
+ .name = TYPE_PVSCSI,
+ .parent = TYPE_PCI_DEVICE,
+ .instance_size = sizeof(PVSCSIState),
+ .class_init = pvscsi_class_init,
+};
+
+static void
+pvscsi_register_types(void)
+{
+ type_register_static(&pvscsi_info);
+}
+
+type_init(pvscsi_register_types);
diff --git a/hw/scsi/vmw_pvscsi.h b/hw/scsi/vmw_pvscsi.h
new file mode 100644
index 000000000..17fcf6627
--- /dev/null
+++ b/hw/scsi/vmw_pvscsi.h
@@ -0,0 +1,434 @@
+/*
+ * VMware PVSCSI header file
+ *
+ * Copyright (C) 2008-2009, VMware, Inc. All Rights Reserved.
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; version 2 of the License and no later version.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE, GOOD TITLE or
+ * NON INFRINGEMENT. See the GNU General Public License for more
+ * details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Maintained by: Arvind Kumar <arvindkumar@vmware.com>
+ *
+ */
+
+#ifndef VMW_PVSCSI_H
+#define VMW_PVSCSI_H
+
+#define VMW_PAGE_SIZE (4096)
+#define VMW_PAGE_SHIFT (12)
+
+#define MASK(n) ((1 << (n)) - 1) /* make an n-bit mask */
+
+/*
+ * host adapter status/error codes
+ */
+enum HostBusAdapterStatus {
+ BTSTAT_SUCCESS = 0x00, /* CCB complete normally with no errors */
+ BTSTAT_LINKED_COMMAND_COMPLETED = 0x0a,
+ BTSTAT_LINKED_COMMAND_COMPLETED_WITH_FLAG = 0x0b,
+ BTSTAT_DATA_UNDERRUN = 0x0c,
+ BTSTAT_SELTIMEO = 0x11, /* SCSI selection timeout */
+ BTSTAT_DATARUN = 0x12, /* data overrun/underrun */
+ BTSTAT_BUSFREE = 0x13, /* unexpected bus free */
+ BTSTAT_INVPHASE = 0x14, /* invalid bus phase or sequence */
+ /* requested by target */
+ BTSTAT_LUNMISMATCH = 0x17, /* linked CCB has different LUN */
+ /* from first CCB */
+ BTSTAT_SENSFAILED = 0x1b, /* auto request sense failed */
+ BTSTAT_TAGREJECT = 0x1c, /* SCSI II tagged queueing message */
+ /* rejected by target */
+ BTSTAT_BADMSG = 0x1d, /* unsupported message received by */
+ /* the host adapter */
+ BTSTAT_HAHARDWARE = 0x20, /* host adapter hardware failed */
+ BTSTAT_NORESPONSE = 0x21, /* target did not respond to SCSI ATN, */
+ /* sent a SCSI RST */
+ BTSTAT_SENTRST = 0x22, /* host adapter asserted a SCSI RST */
+ BTSTAT_RECVRST = 0x23, /* other SCSI devices asserted a SCSI RST */
+ BTSTAT_DISCONNECT = 0x24, /* target device reconnected improperly */
+ /* (w/o tag) */
+ BTSTAT_BUSRESET = 0x25, /* host adapter issued BUS device reset */
+ BTSTAT_ABORTQUEUE = 0x26, /* abort queue generated */
+ BTSTAT_HASOFTWARE = 0x27, /* host adapter software error */
+ BTSTAT_HATIMEOUT = 0x30, /* host adapter hardware timeout error */
+ BTSTAT_SCSIPARITY = 0x34, /* SCSI parity error detected */
+};
+
+/*
+ * Register offsets.
+ *
+ * These registers are accessible both via i/o space and mm i/o.
+ */
+
+enum PVSCSIRegOffset {
+ PVSCSI_REG_OFFSET_COMMAND = 0x0,
+ PVSCSI_REG_OFFSET_COMMAND_DATA = 0x4,
+ PVSCSI_REG_OFFSET_COMMAND_STATUS = 0x8,
+ PVSCSI_REG_OFFSET_LAST_STS_0 = 0x100,
+ PVSCSI_REG_OFFSET_LAST_STS_1 = 0x104,
+ PVSCSI_REG_OFFSET_LAST_STS_2 = 0x108,
+ PVSCSI_REG_OFFSET_LAST_STS_3 = 0x10c,
+ PVSCSI_REG_OFFSET_INTR_STATUS = 0x100c,
+ PVSCSI_REG_OFFSET_INTR_MASK = 0x2010,
+ PVSCSI_REG_OFFSET_KICK_NON_RW_IO = 0x3014,
+ PVSCSI_REG_OFFSET_DEBUG = 0x3018,
+ PVSCSI_REG_OFFSET_KICK_RW_IO = 0x4018,
+};
+
+/*
+ * Virtual h/w commands.
+ */
+
+enum PVSCSICommands {
+ PVSCSI_CMD_FIRST = 0, /* has to be first */
+
+ PVSCSI_CMD_ADAPTER_RESET = 1,
+ PVSCSI_CMD_ISSUE_SCSI = 2,
+ PVSCSI_CMD_SETUP_RINGS = 3,
+ PVSCSI_CMD_RESET_BUS = 4,
+ PVSCSI_CMD_RESET_DEVICE = 5,
+ PVSCSI_CMD_ABORT_CMD = 6,
+ PVSCSI_CMD_CONFIG = 7,
+ PVSCSI_CMD_SETUP_MSG_RING = 8,
+ PVSCSI_CMD_DEVICE_UNPLUG = 9,
+
+ PVSCSI_CMD_LAST = 10 /* has to be last */
+};
+
+#define PVSCSI_COMMAND_PROCESSING_SUCCEEDED (0)
+#define PVSCSI_COMMAND_PROCESSING_FAILED (-1)
+#define PVSCSI_COMMAND_NOT_ENOUGH_DATA (-2)
+
+/*
+ * Command descriptor for PVSCSI_CMD_RESET_DEVICE --
+ */
+
+struct PVSCSICmdDescResetDevice {
+ uint32_t target;
+ uint8_t lun[8];
+} QEMU_PACKED;
+
+typedef struct PVSCSICmdDescResetDevice PVSCSICmdDescResetDevice;
+
+/*
+ * Command descriptor for PVSCSI_CMD_ABORT_CMD --
+ *
+ * - currently does not support specifying the LUN.
+ * - pad should be 0.
+ */
+
+struct PVSCSICmdDescAbortCmd {
+ uint64_t context;
+ uint32_t target;
+ uint32_t pad;
+} QEMU_PACKED;
+
+typedef struct PVSCSICmdDescAbortCmd PVSCSICmdDescAbortCmd;
+
+/*
+ * Command descriptor for PVSCSI_CMD_SETUP_RINGS --
+ *
+ * Notes:
+ * - reqRingNumPages and cmpRingNumPages need to be power of two.
+ * - reqRingNumPages and cmpRingNumPages need to be different from 0,
+ * - reqRingNumPages and cmpRingNumPages need to be inferior to
+ * PVSCSI_SETUP_RINGS_MAX_NUM_PAGES.
+ */
+
+#define PVSCSI_SETUP_RINGS_MAX_NUM_PAGES 32
+struct PVSCSICmdDescSetupRings {
+ uint32_t reqRingNumPages;
+ uint32_t cmpRingNumPages;
+ uint64_t ringsStatePPN;
+ uint64_t reqRingPPNs[PVSCSI_SETUP_RINGS_MAX_NUM_PAGES];
+ uint64_t cmpRingPPNs[PVSCSI_SETUP_RINGS_MAX_NUM_PAGES];
+} QEMU_PACKED;
+
+typedef struct PVSCSICmdDescSetupRings PVSCSICmdDescSetupRings;
+
+/*
+ * Command descriptor for PVSCSI_CMD_SETUP_MSG_RING --
+ *
+ * Notes:
+ * - this command was not supported in the initial revision of the h/w
+ * interface. Before using it, you need to check that it is supported by
+ * writing PVSCSI_CMD_SETUP_MSG_RING to the 'command' register, then
+ * immediately after read the 'command status' register:
+ * * a value of -1 means that the cmd is NOT supported,
+ * * a value != -1 means that the cmd IS supported.
+ * If it's supported the 'command status' register should return:
+ * sizeof(PVSCSICmdDescSetupMsgRing) / sizeof(uint32_t).
+ * - this command should be issued _after_ the usual SETUP_RINGS so that the
+ * RingsState page is already setup. If not, the command is a nop.
+ * - numPages needs to be a power of two,
+ * - numPages needs to be different from 0,
+ * - pad should be zero.
+ */
+
+#define PVSCSI_SETUP_MSG_RING_MAX_NUM_PAGES 16
+
+struct PVSCSICmdDescSetupMsgRing {
+ uint32_t numPages;
+ uint32_t pad;
+ uint64_t ringPPNs[PVSCSI_SETUP_MSG_RING_MAX_NUM_PAGES];
+} QEMU_PACKED;
+
+typedef struct PVSCSICmdDescSetupMsgRing PVSCSICmdDescSetupMsgRing;
+
+enum PVSCSIMsgType {
+ PVSCSI_MSG_DEV_ADDED = 0,
+ PVSCSI_MSG_DEV_REMOVED = 1,
+ PVSCSI_MSG_LAST = 2,
+};
+
+/*
+ * Msg descriptor.
+ *
+ * sizeof(struct PVSCSIRingMsgDesc) == 128.
+ *
+ * - type is of type enum PVSCSIMsgType.
+ * - the content of args depend on the type of event being delivered.
+ */
+
+struct PVSCSIRingMsgDesc {
+ uint32_t type;
+ uint32_t args[31];
+} QEMU_PACKED;
+
+typedef struct PVSCSIRingMsgDesc PVSCSIRingMsgDesc;
+
+struct PVSCSIMsgDescDevStatusChanged {
+ uint32_t type; /* PVSCSI_MSG_DEV _ADDED / _REMOVED */
+ uint32_t bus;
+ uint32_t target;
+ uint8_t lun[8];
+ uint32_t pad[27];
+} QEMU_PACKED;
+
+typedef struct PVSCSIMsgDescDevStatusChanged PVSCSIMsgDescDevStatusChanged;
+
+/*
+ * Rings state.
+ *
+ * - the fields:
+ * . msgProdIdx,
+ * . msgConsIdx,
+ * . msgNumEntriesLog2,
+ * .. are only used once the SETUP_MSG_RING cmd has been issued.
+ * - 'pad' helps to ensure that the msg related fields are on their own
+ * cache-line.
+ */
+
+struct PVSCSIRingsState {
+ uint32_t reqProdIdx;
+ uint32_t reqConsIdx;
+ uint32_t reqNumEntriesLog2;
+
+ uint32_t cmpProdIdx;
+ uint32_t cmpConsIdx;
+ uint32_t cmpNumEntriesLog2;
+
+ uint8_t pad[104];
+
+ uint32_t msgProdIdx;
+ uint32_t msgConsIdx;
+ uint32_t msgNumEntriesLog2;
+} QEMU_PACKED;
+
+typedef struct PVSCSIRingsState PVSCSIRingsState;
+
+/*
+ * Request descriptor.
+ *
+ * sizeof(RingReqDesc) = 128
+ *
+ * - context: is a unique identifier of a command. It could normally be any
+ * 64bit value, however we currently store it in the serialNumber variable
+ * of struct SCSI_Command, so we have the following restrictions due to the
+ * way this field is handled in the vmkernel storage stack:
+ * * this value can't be 0,
+ * * the upper 32bit need to be 0 since serialNumber is as a uint32_t.
+ * Currently tracked as PR 292060.
+ * - dataLen: contains the total number of bytes that need to be transferred.
+ * - dataAddr:
+ * * if PVSCSI_FLAG_CMD_WITH_SG_LIST is set: dataAddr is the PA of the first
+ * s/g table segment, each s/g segment is entirely contained on a single
+ * page of physical memory,
+ * * if PVSCSI_FLAG_CMD_WITH_SG_LIST is NOT set, then dataAddr is the PA of
+ * the buffer used for the DMA transfer,
+ * - flags:
+ * * PVSCSI_FLAG_CMD_WITH_SG_LIST: see dataAddr above,
+ * * PVSCSI_FLAG_CMD_DIR_NONE: no DMA involved,
+ * * PVSCSI_FLAG_CMD_DIR_TOHOST: transfer from device to main memory,
+ * * PVSCSI_FLAG_CMD_DIR_TODEVICE: transfer from main memory to device,
+ * * PVSCSI_FLAG_CMD_OUT_OF_BAND_CDB: reserved to handle CDBs larger than
+ * 16bytes. To be specified.
+ * - vcpuHint: vcpuId of the processor that will be most likely waiting for the
+ * completion of the i/o. For guest OSes that use lowest priority message
+ * delivery mode (such as windows), we use this "hint" to deliver the
+ * completion action to the proper vcpu. For now, we can use the vcpuId of
+ * the processor that initiated the i/o as a likely candidate for the vcpu
+ * that will be waiting for the completion..
+ * - bus should be 0: we currently only support bus 0 for now.
+ * - unused should be zero'd.
+ */
+
+#define PVSCSI_FLAG_CMD_WITH_SG_LIST (1 << 0)
+#define PVSCSI_FLAG_CMD_OUT_OF_BAND_CDB (1 << 1)
+#define PVSCSI_FLAG_CMD_DIR_NONE (1 << 2)
+#define PVSCSI_FLAG_CMD_DIR_TOHOST (1 << 3)
+#define PVSCSI_FLAG_CMD_DIR_TODEVICE (1 << 4)
+
+#define PVSCSI_KNOWN_FLAGS \
+ (PVSCSI_FLAG_CMD_WITH_SG_LIST | \
+ PVSCSI_FLAG_CMD_OUT_OF_BAND_CDB | \
+ PVSCSI_FLAG_CMD_DIR_NONE | \
+ PVSCSI_FLAG_CMD_DIR_TOHOST | \
+ PVSCSI_FLAG_CMD_DIR_TODEVICE)
+
+struct PVSCSIRingReqDesc {
+ uint64_t context;
+ uint64_t dataAddr;
+ uint64_t dataLen;
+ uint64_t senseAddr;
+ uint32_t senseLen;
+ uint32_t flags;
+ uint8_t cdb[16];
+ uint8_t cdbLen;
+ uint8_t lun[8];
+ uint8_t tag;
+ uint8_t bus;
+ uint8_t target;
+ uint8_t vcpuHint;
+ uint8_t unused[59];
+} QEMU_PACKED;
+
+typedef struct PVSCSIRingReqDesc PVSCSIRingReqDesc;
+
+/*
+ * Scatter-gather list management.
+ *
+ * As described above, when PVSCSI_FLAG_CMD_WITH_SG_LIST is set in the
+ * RingReqDesc.flags, then RingReqDesc.dataAddr is the PA of the first s/g
+ * table segment.
+ *
+ * - each segment of the s/g table contain a succession of struct
+ * PVSCSISGElement.
+ * - each segment is entirely contained on a single physical page of memory.
+ * - a "chain" s/g element has the flag PVSCSI_SGE_FLAG_CHAIN_ELEMENT set in
+ * PVSCSISGElement.flags and in this case:
+ * * addr is the PA of the next s/g segment,
+ * * length is undefined, assumed to be 0.
+ */
+
+struct PVSCSISGElement {
+ uint64_t addr;
+ uint32_t length;
+ uint32_t flags;
+} QEMU_PACKED;
+
+typedef struct PVSCSISGElement PVSCSISGElement;
+
+/*
+ * Completion descriptor.
+ *
+ * sizeof(RingCmpDesc) = 32
+ *
+ * - context: identifier of the command. The same thing that was specified
+ * under "context" as part of struct RingReqDesc at initiation time,
+ * - dataLen: number of bytes transferred for the actual i/o operation,
+ * - senseLen: number of bytes written into the sense buffer,
+ * - hostStatus: adapter status,
+ * - scsiStatus: device status,
+ * - pad should be zero.
+ */
+
+struct PVSCSIRingCmpDesc {
+ uint64_t context;
+ uint64_t dataLen;
+ uint32_t senseLen;
+ uint16_t hostStatus;
+ uint16_t scsiStatus;
+ uint32_t pad[2];
+} QEMU_PACKED;
+
+typedef struct PVSCSIRingCmpDesc PVSCSIRingCmpDesc;
+
+/*
+ * Interrupt status / IRQ bits.
+ */
+
+#define PVSCSI_INTR_CMPL_0 (1 << 0)
+#define PVSCSI_INTR_CMPL_1 (1 << 1)
+#define PVSCSI_INTR_CMPL_MASK MASK(2)
+
+#define PVSCSI_INTR_MSG_0 (1 << 2)
+#define PVSCSI_INTR_MSG_1 (1 << 3)
+#define PVSCSI_INTR_MSG_MASK (MASK(2) << 2)
+
+#define PVSCSI_INTR_ALL_SUPPORTED MASK(4)
+
+/*
+ * Number of MSI-X vectors supported.
+ */
+#define PVSCSI_MAX_INTRS 24
+
+/*
+ * Enumeration of supported MSI-X vectors
+ */
+#define PVSCSI_VECTOR_COMPLETION 0
+
+/*
+ * Misc constants for the rings.
+ */
+
+#define PVSCSI_MAX_NUM_PAGES_REQ_RING PVSCSI_SETUP_RINGS_MAX_NUM_PAGES
+#define PVSCSI_MAX_NUM_PAGES_CMP_RING PVSCSI_SETUP_RINGS_MAX_NUM_PAGES
+#define PVSCSI_MAX_NUM_PAGES_MSG_RING PVSCSI_SETUP_MSG_RING_MAX_NUM_PAGES
+
+#define PVSCSI_MAX_NUM_REQ_ENTRIES_PER_PAGE \
+ (VMW_PAGE_SIZE / sizeof(struct PVSCSIRingReqDesc))
+
+#define PVSCSI_MAX_NUM_CMP_ENTRIES_PER_PAGE \
+ (VMW_PAGE_SIZE / sizeof(PVSCSIRingCmpDesc))
+
+#define PVSCSI_MAX_NUM_MSG_ENTRIES_PER_PAGE \
+ (VMW_PAGE_SIZE / sizeof(PVSCSIRingMsgDesc))
+
+#define PVSCSI_MAX_REQ_QUEUE_DEPTH \
+ (PVSCSI_MAX_NUM_PAGES_REQ_RING * PVSCSI_MAX_NUM_REQ_ENTRIES_PER_PAGE)
+
+#define PVSCSI_MEM_SPACE_COMMAND_NUM_PAGES 1
+#define PVSCSI_MEM_SPACE_INTR_STATUS_NUM_PAGES 1
+#define PVSCSI_MEM_SPACE_MISC_NUM_PAGES 2
+#define PVSCSI_MEM_SPACE_KICK_IO_NUM_PAGES 2
+#define PVSCSI_MEM_SPACE_MSIX_NUM_PAGES 2
+
+enum PVSCSIMemSpace {
+ PVSCSI_MEM_SPACE_COMMAND_PAGE = 0,
+ PVSCSI_MEM_SPACE_INTR_STATUS_PAGE = 1,
+ PVSCSI_MEM_SPACE_MISC_PAGE = 2,
+ PVSCSI_MEM_SPACE_KICK_IO_PAGE = 4,
+ PVSCSI_MEM_SPACE_MSIX_TABLE_PAGE = 6,
+ PVSCSI_MEM_SPACE_MSIX_PBA_PAGE = 7,
+};
+
+#define PVSCSI_MEM_SPACE_NUM_PAGES \
+ (PVSCSI_MEM_SPACE_COMMAND_NUM_PAGES + \
+ PVSCSI_MEM_SPACE_INTR_STATUS_NUM_PAGES + \
+ PVSCSI_MEM_SPACE_MISC_NUM_PAGES + \
+ PVSCSI_MEM_SPACE_KICK_IO_NUM_PAGES + \
+ PVSCSI_MEM_SPACE_MSIX_NUM_PAGES)
+
+#define PVSCSI_MEM_SPACE_SIZE (PVSCSI_MEM_SPACE_NUM_PAGES * VMW_PAGE_SIZE)
+
+#endif /* VMW_PVSCSI_H */
diff --git a/hw/sd.c b/hw/sd.c
deleted file mode 100644
index 3c34d43ad..000000000
--- a/hw/sd.c
+++ /dev/null
@@ -1,1764 +0,0 @@
-/*
- * SD Memory Card emulation as defined in the "SD Memory Card Physical
- * layer specification, Version 1.10."
- *
- * Copyright (c) 2006 Andrzej Zaborowski <balrog@zabor.org>
- * Copyright (c) 2007 CodeSourcery
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS''
- * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
- * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
- * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR
- * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
- * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
- * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
- * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
- * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
- * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-#include "hw.h"
-#include "block.h"
-#include "sd.h"
-#include "bitmap.h"
-
-//#define DEBUG_SD 1
-
-#ifdef DEBUG_SD
-#define DPRINTF(fmt, ...) \
-do { fprintf(stderr, "SD: " fmt , ## __VA_ARGS__); } while (0)
-#else
-#define DPRINTF(fmt, ...) do {} while(0)
-#endif
-
-typedef enum {
- sd_r0 = 0, /* no response */
- sd_r1, /* normal response command */
- sd_r2_i, /* CID register */
- sd_r2_s, /* CSD register */
- sd_r3, /* OCR register */
- sd_r6 = 6, /* Published RCA response */
- sd_r7, /* Operating voltage */
- sd_r1b = -1,
- sd_illegal = -2,
-} sd_rsp_type_t;
-
-enum SDCardModes {
- sd_inactive,
- sd_card_identification_mode,
- sd_data_transfer_mode,
-};
-
-enum SDCardStates {
- sd_inactive_state = -1,
- sd_idle_state = 0,
- sd_ready_state,
- sd_identification_state,
- sd_standby_state,
- sd_transfer_state,
- sd_sendingdata_state,
- sd_receivingdata_state,
- sd_programming_state,
- sd_disconnect_state,
-};
-
-struct SDState {
- uint32_t mode; /* current card mode, one of SDCardModes */
- int32_t state; /* current card state, one of SDCardStates */
- uint32_t ocr;
- uint8_t scr[8];
- uint8_t cid[16];
- uint8_t csd[16];
- uint16_t rca;
- uint32_t card_status;
- uint8_t sd_status[64];
- uint32_t vhs;
- bool wp_switch;
- unsigned long *wp_groups;
- int32_t wpgrps_size;
- uint64_t size;
- uint32_t blk_len;
- uint32_t erase_start;
- uint32_t erase_end;
- uint8_t pwd[16];
- uint32_t pwd_len;
- uint8_t function_group[6];
-
- bool spi;
- uint8_t current_cmd;
- /* True if we will handle the next command as an ACMD. Note that this does
- * *not* track the APP_CMD status bit!
- */
- bool expecting_acmd;
- uint32_t blk_written;
- uint64_t data_start;
- uint32_t data_offset;
- uint8_t data[512];
- qemu_irq readonly_cb;
- qemu_irq inserted_cb;
- BlockDriverState *bdrv;
- uint8_t *buf;
-
- bool enable;
-};
-
-static void sd_set_mode(SDState *sd)
-{
- switch (sd->state) {
- case sd_inactive_state:
- sd->mode = sd_inactive;
- break;
-
- case sd_idle_state:
- case sd_ready_state:
- case sd_identification_state:
- sd->mode = sd_card_identification_mode;
- break;
-
- case sd_standby_state:
- case sd_transfer_state:
- case sd_sendingdata_state:
- case sd_receivingdata_state:
- case sd_programming_state:
- case sd_disconnect_state:
- sd->mode = sd_data_transfer_mode;
- break;
- }
-}
-
-static const sd_cmd_type_t sd_cmd_type[64] = {
- sd_bc, sd_none, sd_bcr, sd_bcr, sd_none, sd_none, sd_none, sd_ac,
- sd_bcr, sd_ac, sd_ac, sd_adtc, sd_ac, sd_ac, sd_none, sd_ac,
- sd_ac, sd_adtc, sd_adtc, sd_none, sd_none, sd_none, sd_none, sd_none,
- sd_adtc, sd_adtc, sd_adtc, sd_adtc, sd_ac, sd_ac, sd_adtc, sd_none,
- sd_ac, sd_ac, sd_none, sd_none, sd_none, sd_none, sd_ac, sd_none,
- sd_none, sd_none, sd_bc, sd_none, sd_none, sd_none, sd_none, sd_none,
- sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_ac,
- sd_adtc, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none,
-};
-
-static const sd_cmd_type_t sd_acmd_type[64] = {
- sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_ac, sd_none,
- sd_none, sd_none, sd_none, sd_none, sd_none, sd_adtc, sd_none, sd_none,
- sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_adtc, sd_ac,
- sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none,
- sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none,
- sd_none, sd_bcr, sd_ac, sd_none, sd_none, sd_none, sd_none, sd_none,
- sd_none, sd_none, sd_none, sd_adtc, sd_none, sd_none, sd_none, sd_none,
- sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none,
-};
-
-static const int sd_cmd_class[64] = {
- 0, 0, 0, 0, 0, 9, 10, 0, 0, 0, 0, 1, 0, 0, 0, 0,
- 2, 2, 2, 2, 3, 3, 3, 3, 4, 4, 4, 4, 6, 6, 6, 6,
- 5, 5, 10, 10, 10, 10, 5, 9, 9, 9, 7, 7, 7, 7, 7, 7,
- 7, 7, 10, 7, 9, 9, 9, 8, 8, 10, 8, 8, 8, 8, 8, 8,
-};
-
-static uint8_t sd_crc7(void *message, size_t width)
-{
- int i, bit;
- uint8_t shift_reg = 0x00;
- uint8_t *msg = (uint8_t *) message;
-
- for (i = 0; i < width; i ++, msg ++)
- for (bit = 7; bit >= 0; bit --) {
- shift_reg <<= 1;
- if ((shift_reg >> 7) ^ ((*msg >> bit) & 1))
- shift_reg ^= 0x89;
- }
-
- return shift_reg;
-}
-
-static uint16_t sd_crc16(void *message, size_t width)
-{
- int i, bit;
- uint16_t shift_reg = 0x0000;
- uint16_t *msg = (uint16_t *) message;
- width <<= 1;
-
- for (i = 0; i < width; i ++, msg ++)
- for (bit = 15; bit >= 0; bit --) {
- shift_reg <<= 1;
- if ((shift_reg >> 15) ^ ((*msg >> bit) & 1))
- shift_reg ^= 0x1011;
- }
-
- return shift_reg;
-}
-
-static void sd_set_ocr(SDState *sd)
-{
- /* All voltages OK, card power-up OK, Standard Capacity SD Memory Card */
- sd->ocr = 0x80ffff00;
-}
-
-static void sd_set_scr(SDState *sd)
-{
- sd->scr[0] = 0x00; /* SCR Structure */
- sd->scr[1] = 0x2f; /* SD Security Support */
- sd->scr[2] = 0x00;
- sd->scr[3] = 0x00;
- sd->scr[4] = 0x00;
- sd->scr[5] = 0x00;
- sd->scr[6] = 0x00;
- sd->scr[7] = 0x00;
-}
-
-#define MID 0xaa
-#define OID "XY"
-#define PNM "QEMU!"
-#define PRV 0x01
-#define MDT_YR 2006
-#define MDT_MON 2
-
-static void sd_set_cid(SDState *sd)
-{
- sd->cid[0] = MID; /* Fake card manufacturer ID (MID) */
- sd->cid[1] = OID[0]; /* OEM/Application ID (OID) */
- sd->cid[2] = OID[1];
- sd->cid[3] = PNM[0]; /* Fake product name (PNM) */
- sd->cid[4] = PNM[1];
- sd->cid[5] = PNM[2];
- sd->cid[6] = PNM[3];
- sd->cid[7] = PNM[4];
- sd->cid[8] = PRV; /* Fake product revision (PRV) */
- sd->cid[9] = 0xde; /* Fake serial number (PSN) */
- sd->cid[10] = 0xad;
- sd->cid[11] = 0xbe;
- sd->cid[12] = 0xef;
- sd->cid[13] = 0x00 | /* Manufacture date (MDT) */
- ((MDT_YR - 2000) / 10);
- sd->cid[14] = ((MDT_YR % 10) << 4) | MDT_MON;
- sd->cid[15] = (sd_crc7(sd->cid, 15) << 1) | 1;
-}
-
-#define HWBLOCK_SHIFT 9 /* 512 bytes */
-#define SECTOR_SHIFT 5 /* 16 kilobytes */
-#define WPGROUP_SHIFT 7 /* 2 megs */
-#define CMULT_SHIFT 9 /* 512 times HWBLOCK_SIZE */
-#define WPGROUP_SIZE (1 << (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT))
-
-static const uint8_t sd_csd_rw_mask[16] = {
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xfc, 0xfe,
-};
-
-static void sd_set_csd(SDState *sd, uint64_t size)
-{
- uint32_t csize = (size >> (CMULT_SHIFT + HWBLOCK_SHIFT)) - 1;
- uint32_t sectsize = (1 << (SECTOR_SHIFT + 1)) - 1;
- uint32_t wpsize = (1 << (WPGROUP_SHIFT + 1)) - 1;
-
- if (size <= 0x40000000) { /* Standard Capacity SD */
- sd->csd[0] = 0x00; /* CSD structure */
- sd->csd[1] = 0x26; /* Data read access-time-1 */
- sd->csd[2] = 0x00; /* Data read access-time-2 */
- sd->csd[3] = 0x5a; /* Max. data transfer rate */
- sd->csd[4] = 0x5f; /* Card Command Classes */
- sd->csd[5] = 0x50 | /* Max. read data block length */
- HWBLOCK_SHIFT;
- sd->csd[6] = 0xe0 | /* Partial block for read allowed */
- ((csize >> 10) & 0x03);
- sd->csd[7] = 0x00 | /* Device size */
- ((csize >> 2) & 0xff);
- sd->csd[8] = 0x3f | /* Max. read current */
- ((csize << 6) & 0xc0);
- sd->csd[9] = 0xfc | /* Max. write current */
- ((CMULT_SHIFT - 2) >> 1);
- sd->csd[10] = 0x40 | /* Erase sector size */
- (((CMULT_SHIFT - 2) << 7) & 0x80) | (sectsize >> 1);
- sd->csd[11] = 0x00 | /* Write protect group size */
- ((sectsize << 7) & 0x80) | wpsize;
- sd->csd[12] = 0x90 | /* Write speed factor */
- (HWBLOCK_SHIFT >> 2);
- sd->csd[13] = 0x20 | /* Max. write data block length */
- ((HWBLOCK_SHIFT << 6) & 0xc0);
- sd->csd[14] = 0x00; /* File format group */
- sd->csd[15] = (sd_crc7(sd->csd, 15) << 1) | 1;
- } else { /* SDHC */
- size /= 512 * 1024;
- size -= 1;
- sd->csd[0] = 0x40;
- sd->csd[1] = 0x0e;
- sd->csd[2] = 0x00;
- sd->csd[3] = 0x32;
- sd->csd[4] = 0x5b;
- sd->csd[5] = 0x59;
- sd->csd[6] = 0x00;
- sd->csd[7] = (size >> 16) & 0xff;
- sd->csd[8] = (size >> 8) & 0xff;
- sd->csd[9] = (size & 0xff);
- sd->csd[10] = 0x7f;
- sd->csd[11] = 0x80;
- sd->csd[12] = 0x0a;
- sd->csd[13] = 0x40;
- sd->csd[14] = 0x00;
- sd->csd[15] = 0x00;
- sd->ocr |= 1 << 30; /* High Capacity SD Memort Card */
- }
-}
-
-static void sd_set_rca(SDState *sd)
-{
- sd->rca += 0x4567;
-}
-
-/* Card status bits, split by clear condition:
- * A : According to the card current state
- * B : Always related to the previous command
- * C : Cleared by read
- */
-#define CARD_STATUS_A 0x02004100
-#define CARD_STATUS_B 0x00c01e00
-#define CARD_STATUS_C 0xfd39a028
-
-static void sd_set_cardstatus(SDState *sd)
-{
- sd->card_status = 0x00000100;
-}
-
-static void sd_set_sdstatus(SDState *sd)
-{
- memset(sd->sd_status, 0, 64);
-}
-
-static int sd_req_crc_validate(SDRequest *req)
-{
- uint8_t buffer[5];
- buffer[0] = 0x40 | req->cmd;
- buffer[1] = (req->arg >> 24) & 0xff;
- buffer[2] = (req->arg >> 16) & 0xff;
- buffer[3] = (req->arg >> 8) & 0xff;
- buffer[4] = (req->arg >> 0) & 0xff;
- return 0;
- return sd_crc7(buffer, 5) != req->crc; /* TODO */
-}
-
-static void sd_response_r1_make(SDState *sd, uint8_t *response)
-{
- uint32_t status = sd->card_status;
- /* Clear the "clear on read" status bits */
- sd->card_status &= ~CARD_STATUS_C;
-
- response[0] = (status >> 24) & 0xff;
- response[1] = (status >> 16) & 0xff;
- response[2] = (status >> 8) & 0xff;
- response[3] = (status >> 0) & 0xff;
-}
-
-static void sd_response_r3_make(SDState *sd, uint8_t *response)
-{
- response[0] = (sd->ocr >> 24) & 0xff;
- response[1] = (sd->ocr >> 16) & 0xff;
- response[2] = (sd->ocr >> 8) & 0xff;
- response[3] = (sd->ocr >> 0) & 0xff;
-}
-
-static void sd_response_r6_make(SDState *sd, uint8_t *response)
-{
- uint16_t arg;
- uint16_t status;
-
- arg = sd->rca;
- status = ((sd->card_status >> 8) & 0xc000) |
- ((sd->card_status >> 6) & 0x2000) |
- (sd->card_status & 0x1fff);
- sd->card_status &= ~(CARD_STATUS_C & 0xc81fff);
-
- response[0] = (arg >> 8) & 0xff;
- response[1] = arg & 0xff;
- response[2] = (status >> 8) & 0xff;
- response[3] = status & 0xff;
-}
-
-static void sd_response_r7_make(SDState *sd, uint8_t *response)
-{
- response[0] = (sd->vhs >> 24) & 0xff;
- response[1] = (sd->vhs >> 16) & 0xff;
- response[2] = (sd->vhs >> 8) & 0xff;
- response[3] = (sd->vhs >> 0) & 0xff;
-}
-
-static inline uint64_t sd_addr_to_wpnum(uint64_t addr)
-{
- return addr >> (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT);
-}
-
-static void sd_reset(SDState *sd, BlockDriverState *bdrv)
-{
- uint64_t size;
- uint64_t sect;
-
- if (bdrv) {
- bdrv_get_geometry(bdrv, &sect);
- } else {
- sect = 0;
- }
- size = sect << 9;
-
- sect = sd_addr_to_wpnum(size) + 1;
-
- sd->state = sd_idle_state;
- sd->rca = 0x0000;
- sd_set_ocr(sd);
- sd_set_scr(sd);
- sd_set_cid(sd);
- sd_set_csd(sd, size);
- sd_set_cardstatus(sd);
- sd_set_sdstatus(sd);
-
- sd->bdrv = bdrv;
-
- if (sd->wp_groups)
- g_free(sd->wp_groups);
- sd->wp_switch = bdrv ? bdrv_is_read_only(bdrv) : false;
- sd->wpgrps_size = sect;
- sd->wp_groups = bitmap_new(sd->wpgrps_size);
- memset(sd->function_group, 0, sizeof(sd->function_group));
- sd->erase_start = 0;
- sd->erase_end = 0;
- sd->size = size;
- sd->blk_len = 0x200;
- sd->pwd_len = 0;
- sd->expecting_acmd = false;
-}
-
-static void sd_cardchange(void *opaque, bool load)
-{
- SDState *sd = opaque;
-
- qemu_set_irq(sd->inserted_cb, bdrv_is_inserted(sd->bdrv));
- if (bdrv_is_inserted(sd->bdrv)) {
- sd_reset(sd, sd->bdrv);
- qemu_set_irq(sd->readonly_cb, sd->wp_switch);
- }
-}
-
-static const BlockDevOps sd_block_ops = {
- .change_media_cb = sd_cardchange,
-};
-
-static const VMStateDescription sd_vmstate = {
- .name = "sd-card",
- .version_id = 1,
- .minimum_version_id = 1,
- .fields = (VMStateField[]) {
- VMSTATE_UINT32(mode, SDState),
- VMSTATE_INT32(state, SDState),
- VMSTATE_UINT8_ARRAY(cid, SDState, 16),
- VMSTATE_UINT8_ARRAY(csd, SDState, 16),
- VMSTATE_UINT16(rca, SDState),
- VMSTATE_UINT32(card_status, SDState),
- VMSTATE_PARTIAL_BUFFER(sd_status, SDState, 1),
- VMSTATE_UINT32(vhs, SDState),
- VMSTATE_BITMAP(wp_groups, SDState, 0, wpgrps_size),
- VMSTATE_UINT32(blk_len, SDState),
- VMSTATE_UINT32(erase_start, SDState),
- VMSTATE_UINT32(erase_end, SDState),
- VMSTATE_UINT8_ARRAY(pwd, SDState, 16),
- VMSTATE_UINT32(pwd_len, SDState),
- VMSTATE_UINT8_ARRAY(function_group, SDState, 6),
- VMSTATE_UINT8(current_cmd, SDState),
- VMSTATE_BOOL(expecting_acmd, SDState),
- VMSTATE_UINT32(blk_written, SDState),
- VMSTATE_UINT64(data_start, SDState),
- VMSTATE_UINT32(data_offset, SDState),
- VMSTATE_UINT8_ARRAY(data, SDState, 512),
- VMSTATE_BUFFER_UNSAFE(buf, SDState, 1, 512),
- VMSTATE_BOOL(enable, SDState),
- VMSTATE_END_OF_LIST()
- }
-};
-
-/* We do not model the chip select pin, so allow the board to select
- whether card should be in SSI or MMC/SD mode. It is also up to the
- board to ensure that ssi transfers only occur when the chip select
- is asserted. */
-SDState *sd_init(BlockDriverState *bs, bool is_spi)
-{
- SDState *sd;
-
- sd = (SDState *) g_malloc0(sizeof(SDState));
- sd->buf = qemu_blockalign(bs, 512);
- sd->spi = is_spi;
- sd->enable = true;
- sd_reset(sd, bs);
- if (sd->bdrv) {
- bdrv_attach_dev_nofail(sd->bdrv, sd);
- bdrv_set_dev_ops(sd->bdrv, &sd_block_ops, sd);
- }
- vmstate_register(NULL, -1, &sd_vmstate, sd);
- return sd;
-}
-
-void sd_set_cb(SDState *sd, qemu_irq readonly, qemu_irq insert)
-{
- sd->readonly_cb = readonly;
- sd->inserted_cb = insert;
- qemu_set_irq(readonly, sd->bdrv ? bdrv_is_read_only(sd->bdrv) : 0);
- qemu_set_irq(insert, sd->bdrv ? bdrv_is_inserted(sd->bdrv) : 0);
-}
-
-static void sd_erase(SDState *sd)
-{
- int i;
- uint64_t erase_start = sd->erase_start;
- uint64_t erase_end = sd->erase_end;
-
- if (!sd->erase_start || !sd->erase_end) {
- sd->card_status |= ERASE_SEQ_ERROR;
- return;
- }
-
- if (extract32(sd->ocr, OCR_CCS_BITN, 1)) {
- /* High capacity memory card: erase units are 512 byte blocks */
- erase_start *= 512;
- erase_end *= 512;
- }
-
- erase_start = sd_addr_to_wpnum(erase_start);
- erase_end = sd_addr_to_wpnum(erase_end);
- sd->erase_start = 0;
- sd->erase_end = 0;
- sd->csd[14] |= 0x40;
-
- for (i = erase_start; i <= erase_end; i++) {
- if (test_bit(i, sd->wp_groups)) {
- sd->card_status |= WP_ERASE_SKIP;
- }
- }
-}
-
-static uint32_t sd_wpbits(SDState *sd, uint64_t addr)
-{
- uint32_t i, wpnum;
- uint32_t ret = 0;
-
- wpnum = sd_addr_to_wpnum(addr);
-
- for (i = 0; i < 32; i++, wpnum++, addr += WPGROUP_SIZE) {
- if (addr < sd->size && test_bit(wpnum, sd->wp_groups)) {
- ret |= (1 << i);
- }
- }
-
- return ret;
-}
-
-static void sd_function_switch(SDState *sd, uint32_t arg)
-{
- int i, mode, new_func, crc;
- mode = !!(arg & 0x80000000);
-
- sd->data[0] = 0x00; /* Maximum current consumption */
- sd->data[1] = 0x01;
- sd->data[2] = 0x80; /* Supported group 6 functions */
- sd->data[3] = 0x01;
- sd->data[4] = 0x80; /* Supported group 5 functions */
- sd->data[5] = 0x01;
- sd->data[6] = 0x80; /* Supported group 4 functions */
- sd->data[7] = 0x01;
- sd->data[8] = 0x80; /* Supported group 3 functions */
- sd->data[9] = 0x01;
- sd->data[10] = 0x80; /* Supported group 2 functions */
- sd->data[11] = 0x43;
- sd->data[12] = 0x80; /* Supported group 1 functions */
- sd->data[13] = 0x03;
- for (i = 0; i < 6; i ++) {
- new_func = (arg >> (i * 4)) & 0x0f;
- if (mode && new_func != 0x0f)
- sd->function_group[i] = new_func;
- sd->data[14 + (i >> 1)] = new_func << ((i * 4) & 4);
- }
- memset(&sd->data[17], 0, 47);
- crc = sd_crc16(sd->data, 64);
- sd->data[65] = crc >> 8;
- sd->data[66] = crc & 0xff;
-}
-
-static inline bool sd_wp_addr(SDState *sd, uint64_t addr)
-{
- return test_bit(sd_addr_to_wpnum(addr), sd->wp_groups);
-}
-
-static void sd_lock_command(SDState *sd)
-{
- int erase, lock, clr_pwd, set_pwd, pwd_len;
- erase = !!(sd->data[0] & 0x08);
- lock = sd->data[0] & 0x04;
- clr_pwd = sd->data[0] & 0x02;
- set_pwd = sd->data[0] & 0x01;
-
- if (sd->blk_len > 1)
- pwd_len = sd->data[1];
- else
- pwd_len = 0;
-
- if (erase) {
- if (!(sd->card_status & CARD_IS_LOCKED) || sd->blk_len > 1 ||
- set_pwd || clr_pwd || lock || sd->wp_switch ||
- (sd->csd[14] & 0x20)) {
- sd->card_status |= LOCK_UNLOCK_FAILED;
- return;
- }
- bitmap_zero(sd->wp_groups, sd->wpgrps_size);
- sd->csd[14] &= ~0x10;
- sd->card_status &= ~CARD_IS_LOCKED;
- sd->pwd_len = 0;
- /* Erasing the entire card here! */
- fprintf(stderr, "SD: Card force-erased by CMD42\n");
- return;
- }
-
- if (sd->blk_len < 2 + pwd_len ||
- pwd_len <= sd->pwd_len ||
- pwd_len > sd->pwd_len + 16) {
- sd->card_status |= LOCK_UNLOCK_FAILED;
- return;
- }
-
- if (sd->pwd_len && memcmp(sd->pwd, sd->data + 2, sd->pwd_len)) {
- sd->card_status |= LOCK_UNLOCK_FAILED;
- return;
- }
-
- pwd_len -= sd->pwd_len;
- if ((pwd_len && !set_pwd) ||
- (clr_pwd && (set_pwd || lock)) ||
- (lock && !sd->pwd_len && !set_pwd) ||
- (!set_pwd && !clr_pwd &&
- (((sd->card_status & CARD_IS_LOCKED) && lock) ||
- (!(sd->card_status & CARD_IS_LOCKED) && !lock)))) {
- sd->card_status |= LOCK_UNLOCK_FAILED;
- return;
- }
-
- if (set_pwd) {
- memcpy(sd->pwd, sd->data + 2 + sd->pwd_len, pwd_len);
- sd->pwd_len = pwd_len;
- }
-
- if (clr_pwd) {
- sd->pwd_len = 0;
- }
-
- if (lock)
- sd->card_status |= CARD_IS_LOCKED;
- else
- sd->card_status &= ~CARD_IS_LOCKED;
-}
-
-static sd_rsp_type_t sd_normal_command(SDState *sd,
- SDRequest req)
-{
- uint32_t rca = 0x0000;
- uint64_t addr = (sd->ocr & (1 << 30)) ? (uint64_t) req.arg << 9 : req.arg;
-
- /* Not interpreting this as an app command */
- sd->card_status &= ~APP_CMD;
-
- if (sd_cmd_type[req.cmd] == sd_ac || sd_cmd_type[req.cmd] == sd_adtc)
- rca = req.arg >> 16;
-
- DPRINTF("CMD%d 0x%08x state %d\n", req.cmd, req.arg, sd->state);
- switch (req.cmd) {
- /* Basic commands (Class 0 and Class 1) */
- case 0: /* CMD0: GO_IDLE_STATE */
- switch (sd->state) {
- case sd_inactive_state:
- return sd->spi ? sd_r1 : sd_r0;
-
- default:
- sd->state = sd_idle_state;
- sd_reset(sd, sd->bdrv);
- return sd->spi ? sd_r1 : sd_r0;
- }
- break;
-
- case 1: /* CMD1: SEND_OP_CMD */
- if (!sd->spi)
- goto bad_cmd;
-
- sd->state = sd_transfer_state;
- return sd_r1;
-
- case 2: /* CMD2: ALL_SEND_CID */
- if (sd->spi)
- goto bad_cmd;
- switch (sd->state) {
- case sd_ready_state:
- sd->state = sd_identification_state;
- return sd_r2_i;
-
- default:
- break;
- }
- break;
-
- case 3: /* CMD3: SEND_RELATIVE_ADDR */
- if (sd->spi)
- goto bad_cmd;
- switch (sd->state) {
- case sd_identification_state:
- case sd_standby_state:
- sd->state = sd_standby_state;
- sd_set_rca(sd);
- return sd_r6;
-
- default:
- break;
- }
- break;
-
- case 4: /* CMD4: SEND_DSR */
- if (sd->spi)
- goto bad_cmd;
- switch (sd->state) {
- case sd_standby_state:
- break;
-
- default:
- break;
- }
- break;
-
- case 5: /* CMD5: reserved for SDIO cards */
- return sd_illegal;
-
- case 6: /* CMD6: SWITCH_FUNCTION */
- if (sd->spi)
- goto bad_cmd;
- switch (sd->mode) {
- case sd_data_transfer_mode:
- sd_function_switch(sd, req.arg);
- sd->state = sd_sendingdata_state;
- sd->data_start = 0;
- sd->data_offset = 0;
- return sd_r1;
-
- default:
- break;
- }
- break;
-
- case 7: /* CMD7: SELECT/DESELECT_CARD */
- if (sd->spi)
- goto bad_cmd;
- switch (sd->state) {
- case sd_standby_state:
- if (sd->rca != rca)
- return sd_r0;
-
- sd->state = sd_transfer_state;
- return sd_r1b;
-
- case sd_transfer_state:
- case sd_sendingdata_state:
- if (sd->rca == rca)
- break;
-
- sd->state = sd_standby_state;
- return sd_r1b;
-
- case sd_disconnect_state:
- if (sd->rca != rca)
- return sd_r0;
-
- sd->state = sd_programming_state;
- return sd_r1b;
-
- case sd_programming_state:
- if (sd->rca == rca)
- break;
-
- sd->state = sd_disconnect_state;
- return sd_r1b;
-
- default:
- break;
- }
- break;
-
- case 8: /* CMD8: SEND_IF_COND */
- /* Physical Layer Specification Version 2.00 command */
- switch (sd->state) {
- case sd_idle_state:
- sd->vhs = 0;
-
- /* No response if not exactly one VHS bit is set. */
- if (!(req.arg >> 8) || (req.arg >> ffs(req.arg & ~0xff)))
- return sd->spi ? sd_r7 : sd_r0;
-
- /* Accept. */
- sd->vhs = req.arg;
- return sd_r7;
-
- default:
- break;
- }
- break;
-
- case 9: /* CMD9: SEND_CSD */
- switch (sd->state) {
- case sd_standby_state:
- if (sd->rca != rca)
- return sd_r0;
-
- return sd_r2_s;
-
- case sd_transfer_state:
- if (!sd->spi)
- break;
- sd->state = sd_sendingdata_state;
- memcpy(sd->data, sd->csd, 16);
- sd->data_start = addr;
- sd->data_offset = 0;
- return sd_r1;
-
- default:
- break;
- }
- break;
-
- case 10: /* CMD10: SEND_CID */
- switch (sd->state) {
- case sd_standby_state:
- if (sd->rca != rca)
- return sd_r0;
-
- return sd_r2_i;
-
- case sd_transfer_state:
- if (!sd->spi)
- break;
- sd->state = sd_sendingdata_state;
- memcpy(sd->data, sd->cid, 16);
- sd->data_start = addr;
- sd->data_offset = 0;
- return sd_r1;
-
- default:
- break;
- }
- break;
-
- case 11: /* CMD11: READ_DAT_UNTIL_STOP */
- if (sd->spi)
- goto bad_cmd;
- switch (sd->state) {
- case sd_transfer_state:
- sd->state = sd_sendingdata_state;
- sd->data_start = req.arg;
- sd->data_offset = 0;
-
- if (sd->data_start + sd->blk_len > sd->size)
- sd->card_status |= ADDRESS_ERROR;
- return sd_r0;
-
- default:
- break;
- }
- break;
-
- case 12: /* CMD12: STOP_TRANSMISSION */
- switch (sd->state) {
- case sd_sendingdata_state:
- sd->state = sd_transfer_state;
- return sd_r1b;
-
- case sd_receivingdata_state:
- sd->state = sd_programming_state;
- /* Bzzzzzzztt .... Operation complete. */
- sd->state = sd_transfer_state;
- return sd_r1b;
-
- default:
- break;
- }
- break;
-
- case 13: /* CMD13: SEND_STATUS */
- switch (sd->mode) {
- case sd_data_transfer_mode:
- if (sd->rca != rca)
- return sd_r0;
-
- return sd_r1;
-
- default:
- break;
- }
- break;
-
- case 15: /* CMD15: GO_INACTIVE_STATE */
- if (sd->spi)
- goto bad_cmd;
- switch (sd->mode) {
- case sd_data_transfer_mode:
- if (sd->rca != rca)
- return sd_r0;
-
- sd->state = sd_inactive_state;
- return sd_r0;
-
- default:
- break;
- }
- break;
-
- /* Block read commands (Classs 2) */
- case 16: /* CMD16: SET_BLOCKLEN */
- switch (sd->state) {
- case sd_transfer_state:
- if (req.arg > (1 << HWBLOCK_SHIFT))
- sd->card_status |= BLOCK_LEN_ERROR;
- else
- sd->blk_len = req.arg;
-
- return sd_r1;
-
- default:
- break;
- }
- break;
-
- case 17: /* CMD17: READ_SINGLE_BLOCK */
- switch (sd->state) {
- case sd_transfer_state:
- sd->state = sd_sendingdata_state;
- sd->data_start = addr;
- sd->data_offset = 0;
-
- if (sd->data_start + sd->blk_len > sd->size)
- sd->card_status |= ADDRESS_ERROR;
- return sd_r1;
-
- default:
- break;
- }
- break;
-
- case 18: /* CMD18: READ_MULTIPLE_BLOCK */
- switch (sd->state) {
- case sd_transfer_state:
- sd->state = sd_sendingdata_state;
- sd->data_start = addr;
- sd->data_offset = 0;
-
- if (sd->data_start + sd->blk_len > sd->size)
- sd->card_status |= ADDRESS_ERROR;
- return sd_r1;
-
- default:
- break;
- }
- break;
-
- /* Block write commands (Class 4) */
- case 24: /* CMD24: WRITE_SINGLE_BLOCK */
- if (sd->spi)
- goto unimplemented_cmd;
- switch (sd->state) {
- case sd_transfer_state:
- /* Writing in SPI mode not implemented. */
- if (sd->spi)
- break;
- sd->state = sd_receivingdata_state;
- sd->data_start = addr;
- sd->data_offset = 0;
- sd->blk_written = 0;
-
- if (sd->data_start + sd->blk_len > sd->size)
- sd->card_status |= ADDRESS_ERROR;
- if (sd_wp_addr(sd, sd->data_start))
- sd->card_status |= WP_VIOLATION;
- if (sd->csd[14] & 0x30)
- sd->card_status |= WP_VIOLATION;
- return sd_r1;
-
- default:
- break;
- }
- break;
-
- case 25: /* CMD25: WRITE_MULTIPLE_BLOCK */
- if (sd->spi)
- goto unimplemented_cmd;
- switch (sd->state) {
- case sd_transfer_state:
- /* Writing in SPI mode not implemented. */
- if (sd->spi)
- break;
- sd->state = sd_receivingdata_state;
- sd->data_start = addr;
- sd->data_offset = 0;
- sd->blk_written = 0;
-
- if (sd->data_start + sd->blk_len > sd->size)
- sd->card_status |= ADDRESS_ERROR;
- if (sd_wp_addr(sd, sd->data_start))
- sd->card_status |= WP_VIOLATION;
- if (sd->csd[14] & 0x30)
- sd->card_status |= WP_VIOLATION;
- return sd_r1;
-
- default:
- break;
- }
- break;
-
- case 26: /* CMD26: PROGRAM_CID */
- if (sd->spi)
- goto bad_cmd;
- switch (sd->state) {
- case sd_transfer_state:
- sd->state = sd_receivingdata_state;
- sd->data_start = 0;
- sd->data_offset = 0;
- return sd_r1;
-
- default:
- break;
- }
- break;
-
- case 27: /* CMD27: PROGRAM_CSD */
- if (sd->spi)
- goto unimplemented_cmd;
- switch (sd->state) {
- case sd_transfer_state:
- sd->state = sd_receivingdata_state;
- sd->data_start = 0;
- sd->data_offset = 0;
- return sd_r1;
-
- default:
- break;
- }
- break;
-
- /* Write protection (Class 6) */
- case 28: /* CMD28: SET_WRITE_PROT */
- switch (sd->state) {
- case sd_transfer_state:
- if (addr >= sd->size) {
- sd->card_status |= ADDRESS_ERROR;
- return sd_r1b;
- }
-
- sd->state = sd_programming_state;
- set_bit(sd_addr_to_wpnum(addr), sd->wp_groups);
- /* Bzzzzzzztt .... Operation complete. */
- sd->state = sd_transfer_state;
- return sd_r1b;
-
- default:
- break;
- }
- break;
-
- case 29: /* CMD29: CLR_WRITE_PROT */
- switch (sd->state) {
- case sd_transfer_state:
- if (addr >= sd->size) {
- sd->card_status |= ADDRESS_ERROR;
- return sd_r1b;
- }
-
- sd->state = sd_programming_state;
- clear_bit(sd_addr_to_wpnum(addr), sd->wp_groups);
- /* Bzzzzzzztt .... Operation complete. */
- sd->state = sd_transfer_state;
- return sd_r1b;
-
- default:
- break;
- }
- break;
-
- case 30: /* CMD30: SEND_WRITE_PROT */
- switch (sd->state) {
- case sd_transfer_state:
- sd->state = sd_sendingdata_state;
- *(uint32_t *) sd->data = sd_wpbits(sd, req.arg);
- sd->data_start = addr;
- sd->data_offset = 0;
- return sd_r1b;
-
- default:
- break;
- }
- break;
-
- /* Erase commands (Class 5) */
- case 32: /* CMD32: ERASE_WR_BLK_START */
- switch (sd->state) {
- case sd_transfer_state:
- sd->erase_start = req.arg;
- return sd_r1;
-
- default:
- break;
- }
- break;
-
- case 33: /* CMD33: ERASE_WR_BLK_END */
- switch (sd->state) {
- case sd_transfer_state:
- sd->erase_end = req.arg;
- return sd_r1;
-
- default:
- break;
- }
- break;
-
- case 38: /* CMD38: ERASE */
- switch (sd->state) {
- case sd_transfer_state:
- if (sd->csd[14] & 0x30) {
- sd->card_status |= WP_VIOLATION;
- return sd_r1b;
- }
-
- sd->state = sd_programming_state;
- sd_erase(sd);
- /* Bzzzzzzztt .... Operation complete. */
- sd->state = sd_transfer_state;
- return sd_r1b;
-
- default:
- break;
- }
- break;
-
- /* Lock card commands (Class 7) */
- case 42: /* CMD42: LOCK_UNLOCK */
- if (sd->spi)
- goto unimplemented_cmd;
- switch (sd->state) {
- case sd_transfer_state:
- sd->state = sd_receivingdata_state;
- sd->data_start = 0;
- sd->data_offset = 0;
- return sd_r1;
-
- default:
- break;
- }
- break;
-
- case 52:
- case 53:
- /* CMD52, CMD53: reserved for SDIO cards
- * (see the SDIO Simplified Specification V2.0)
- * Handle as illegal command but do not complain
- * on stderr, as some OSes may use these in their
- * probing for presence of an SDIO card.
- */
- return sd_illegal;
-
- /* Application specific commands (Class 8) */
- case 55: /* CMD55: APP_CMD */
- if (sd->rca != rca)
- return sd_r0;
-
- sd->expecting_acmd = true;
- sd->card_status |= APP_CMD;
- return sd_r1;
-
- case 56: /* CMD56: GEN_CMD */
- fprintf(stderr, "SD: GEN_CMD 0x%08x\n", req.arg);
-
- switch (sd->state) {
- case sd_transfer_state:
- sd->data_offset = 0;
- if (req.arg & 1)
- sd->state = sd_sendingdata_state;
- else
- sd->state = sd_receivingdata_state;
- return sd_r1;
-
- default:
- break;
- }
- break;
-
- default:
- bad_cmd:
- fprintf(stderr, "SD: Unknown CMD%i\n", req.cmd);
- return sd_illegal;
-
- unimplemented_cmd:
- /* Commands that are recognised but not yet implemented in SPI mode. */
- fprintf(stderr, "SD: CMD%i not implemented in SPI mode\n", req.cmd);
- return sd_illegal;
- }
-
- fprintf(stderr, "SD: CMD%i in a wrong state\n", req.cmd);
- return sd_illegal;
-}
-
-static sd_rsp_type_t sd_app_command(SDState *sd,
- SDRequest req)
-{
- DPRINTF("ACMD%d 0x%08x\n", req.cmd, req.arg);
- sd->card_status |= APP_CMD;
- switch (req.cmd) {
- case 6: /* ACMD6: SET_BUS_WIDTH */
- switch (sd->state) {
- case sd_transfer_state:
- sd->sd_status[0] &= 0x3f;
- sd->sd_status[0] |= (req.arg & 0x03) << 6;
- return sd_r1;
-
- default:
- break;
- }
- break;
-
- case 13: /* ACMD13: SD_STATUS */
- switch (sd->state) {
- case sd_transfer_state:
- sd->state = sd_sendingdata_state;
- sd->data_start = 0;
- sd->data_offset = 0;
- return sd_r1;
-
- default:
- break;
- }
- break;
-
- case 22: /* ACMD22: SEND_NUM_WR_BLOCKS */
- switch (sd->state) {
- case sd_transfer_state:
- *(uint32_t *) sd->data = sd->blk_written;
-
- sd->state = sd_sendingdata_state;
- sd->data_start = 0;
- sd->data_offset = 0;
- return sd_r1;
-
- default:
- break;
- }
- break;
-
- case 23: /* ACMD23: SET_WR_BLK_ERASE_COUNT */
- switch (sd->state) {
- case sd_transfer_state:
- return sd_r1;
-
- default:
- break;
- }
- break;
-
- case 41: /* ACMD41: SD_APP_OP_COND */
- if (sd->spi) {
- /* SEND_OP_CMD */
- sd->state = sd_transfer_state;
- return sd_r1;
- }
- switch (sd->state) {
- case sd_idle_state:
- /* We accept any voltage. 10000 V is nothing. */
- if (req.arg)
- sd->state = sd_ready_state;
-
- return sd_r3;
-
- default:
- break;
- }
- break;
-
- case 42: /* ACMD42: SET_CLR_CARD_DETECT */
- switch (sd->state) {
- case sd_transfer_state:
- /* Bringing in the 50KOhm pull-up resistor... Done. */
- return sd_r1;
-
- default:
- break;
- }
- break;
-
- case 51: /* ACMD51: SEND_SCR */
- switch (sd->state) {
- case sd_transfer_state:
- sd->state = sd_sendingdata_state;
- sd->data_start = 0;
- sd->data_offset = 0;
- return sd_r1;
-
- default:
- break;
- }
- break;
-
- default:
- /* Fall back to standard commands. */
- return sd_normal_command(sd, req);
- }
-
- fprintf(stderr, "SD: ACMD%i in a wrong state\n", req.cmd);
- return sd_illegal;
-}
-
-static int cmd_valid_while_locked(SDState *sd, SDRequest *req)
-{
- /* Valid commands in locked state:
- * basic class (0)
- * lock card class (7)
- * CMD16
- * implicitly, the ACMD prefix CMD55
- * ACMD41 and ACMD42
- * Anything else provokes an "illegal command" response.
- */
- if (sd->expecting_acmd) {
- return req->cmd == 41 || req->cmd == 42;
- }
- if (req->cmd == 16 || req->cmd == 55) {
- return 1;
- }
- return sd_cmd_class[req->cmd] == 0 || sd_cmd_class[req->cmd] == 7;
-}
-
-int sd_do_command(SDState *sd, SDRequest *req,
- uint8_t *response) {
- int last_state;
- sd_rsp_type_t rtype;
- int rsplen;
-
- if (!sd->bdrv || !bdrv_is_inserted(sd->bdrv) || !sd->enable) {
- return 0;
- }
-
- if (sd_req_crc_validate(req)) {
- sd->card_status |= COM_CRC_ERROR;
- rtype = sd_illegal;
- goto send_response;
- }
-
- if (sd->card_status & CARD_IS_LOCKED) {
- if (!cmd_valid_while_locked(sd, req)) {
- sd->card_status |= ILLEGAL_COMMAND;
- sd->expecting_acmd = false;
- fprintf(stderr, "SD: Card is locked\n");
- rtype = sd_illegal;
- goto send_response;
- }
- }
-
- last_state = sd->state;
- sd_set_mode(sd);
-
- if (sd->expecting_acmd) {
- sd->expecting_acmd = false;
- rtype = sd_app_command(sd, *req);
- } else {
- rtype = sd_normal_command(sd, *req);
- }
-
- if (rtype == sd_illegal) {
- sd->card_status |= ILLEGAL_COMMAND;
- } else {
- /* Valid command, we can update the 'state before command' bits.
- * (Do this now so they appear in r1 responses.)
- */
- sd->current_cmd = req->cmd;
- sd->card_status &= ~CURRENT_STATE;
- sd->card_status |= (last_state << 9);
- }
-
-send_response:
- switch (rtype) {
- case sd_r1:
- case sd_r1b:
- sd_response_r1_make(sd, response);
- rsplen = 4;
- break;
-
- case sd_r2_i:
- memcpy(response, sd->cid, sizeof(sd->cid));
- rsplen = 16;
- break;
-
- case sd_r2_s:
- memcpy(response, sd->csd, sizeof(sd->csd));
- rsplen = 16;
- break;
-
- case sd_r3:
- sd_response_r3_make(sd, response);
- rsplen = 4;
- break;
-
- case sd_r6:
- sd_response_r6_make(sd, response);
- rsplen = 4;
- break;
-
- case sd_r7:
- sd_response_r7_make(sd, response);
- rsplen = 4;
- break;
-
- case sd_r0:
- case sd_illegal:
- default:
- rsplen = 0;
- break;
- }
-
- if (rtype != sd_illegal) {
- /* Clear the "clear on valid command" status bits now we've
- * sent any response
- */
- sd->card_status &= ~CARD_STATUS_B;
- }
-
-#ifdef DEBUG_SD
- if (rsplen) {
- int i;
- DPRINTF("Response:");
- for (i = 0; i < rsplen; i++)
- printf(" %02x", response[i]);
- printf(" state %d\n", sd->state);
- } else {
- DPRINTF("No response %d\n", sd->state);
- }
-#endif
-
- return rsplen;
-}
-
-static void sd_blk_read(SDState *sd, uint64_t addr, uint32_t len)
-{
- uint64_t end = addr + len;
-
- DPRINTF("sd_blk_read: addr = 0x%08llx, len = %d\n",
- (unsigned long long) addr, len);
- if (!sd->bdrv || bdrv_read(sd->bdrv, addr >> 9, sd->buf, 1) < 0) {
- fprintf(stderr, "sd_blk_read: read error on host side\n");
- return;
- }
-
- if (end > (addr & ~511) + 512) {
- memcpy(sd->data, sd->buf + (addr & 511), 512 - (addr & 511));
-
- if (bdrv_read(sd->bdrv, end >> 9, sd->buf, 1) < 0) {
- fprintf(stderr, "sd_blk_read: read error on host side\n");
- return;
- }
- memcpy(sd->data + 512 - (addr & 511), sd->buf, end & 511);
- } else
- memcpy(sd->data, sd->buf + (addr & 511), len);
-}
-
-static void sd_blk_write(SDState *sd, uint64_t addr, uint32_t len)
-{
- uint64_t end = addr + len;
-
- if ((addr & 511) || len < 512)
- if (!sd->bdrv || bdrv_read(sd->bdrv, addr >> 9, sd->buf, 1) < 0) {
- fprintf(stderr, "sd_blk_write: read error on host side\n");
- return;
- }
-
- if (end > (addr & ~511) + 512) {
- memcpy(sd->buf + (addr & 511), sd->data, 512 - (addr & 511));
- if (bdrv_write(sd->bdrv, addr >> 9, sd->buf, 1) < 0) {
- fprintf(stderr, "sd_blk_write: write error on host side\n");
- return;
- }
-
- if (bdrv_read(sd->bdrv, end >> 9, sd->buf, 1) < 0) {
- fprintf(stderr, "sd_blk_write: read error on host side\n");
- return;
- }
- memcpy(sd->buf, sd->data + 512 - (addr & 511), end & 511);
- if (bdrv_write(sd->bdrv, end >> 9, sd->buf, 1) < 0) {
- fprintf(stderr, "sd_blk_write: write error on host side\n");
- }
- } else {
- memcpy(sd->buf + (addr & 511), sd->data, len);
- if (!sd->bdrv || bdrv_write(sd->bdrv, addr >> 9, sd->buf, 1) < 0) {
- fprintf(stderr, "sd_blk_write: write error on host side\n");
- }
- }
-}
-
-#define BLK_READ_BLOCK(a, len) sd_blk_read(sd, a, len)
-#define BLK_WRITE_BLOCK(a, len) sd_blk_write(sd, a, len)
-#define APP_READ_BLOCK(a, len) memset(sd->data, 0xec, len)
-#define APP_WRITE_BLOCK(a, len)
-
-void sd_write_data(SDState *sd, uint8_t value)
-{
- int i;
-
- if (!sd->bdrv || !bdrv_is_inserted(sd->bdrv) || !sd->enable)
- return;
-
- if (sd->state != sd_receivingdata_state) {
- fprintf(stderr, "sd_write_data: not in Receiving-Data state\n");
- return;
- }
-
- if (sd->card_status & (ADDRESS_ERROR | WP_VIOLATION))
- return;
-
- switch (sd->current_cmd) {
- case 24: /* CMD24: WRITE_SINGLE_BLOCK */
- sd->data[sd->data_offset ++] = value;
- if (sd->data_offset >= sd->blk_len) {
- /* TODO: Check CRC before committing */
- sd->state = sd_programming_state;
- BLK_WRITE_BLOCK(sd->data_start, sd->data_offset);
- sd->blk_written ++;
- sd->csd[14] |= 0x40;
- /* Bzzzzzzztt .... Operation complete. */
- sd->state = sd_transfer_state;
- }
- break;
-
- case 25: /* CMD25: WRITE_MULTIPLE_BLOCK */
- if (sd->data_offset == 0) {
- /* Start of the block - lets check the address is valid */
- if (sd->data_start + sd->blk_len > sd->size) {
- sd->card_status |= ADDRESS_ERROR;
- break;
- }
- if (sd_wp_addr(sd, sd->data_start)) {
- sd->card_status |= WP_VIOLATION;
- break;
- }
- }
- sd->data[sd->data_offset++] = value;
- if (sd->data_offset >= sd->blk_len) {
- /* TODO: Check CRC before committing */
- sd->state = sd_programming_state;
- BLK_WRITE_BLOCK(sd->data_start, sd->data_offset);
- sd->blk_written++;
- sd->data_start += sd->blk_len;
- sd->data_offset = 0;
- sd->csd[14] |= 0x40;
-
- /* Bzzzzzzztt .... Operation complete. */
- sd->state = sd_receivingdata_state;
- }
- break;
-
- case 26: /* CMD26: PROGRAM_CID */
- sd->data[sd->data_offset ++] = value;
- if (sd->data_offset >= sizeof(sd->cid)) {
- /* TODO: Check CRC before committing */
- sd->state = sd_programming_state;
- for (i = 0; i < sizeof(sd->cid); i ++)
- if ((sd->cid[i] | 0x00) != sd->data[i])
- sd->card_status |= CID_CSD_OVERWRITE;
-
- if (!(sd->card_status & CID_CSD_OVERWRITE))
- for (i = 0; i < sizeof(sd->cid); i ++) {
- sd->cid[i] |= 0x00;
- sd->cid[i] &= sd->data[i];
- }
- /* Bzzzzzzztt .... Operation complete. */
- sd->state = sd_transfer_state;
- }
- break;
-
- case 27: /* CMD27: PROGRAM_CSD */
- sd->data[sd->data_offset ++] = value;
- if (sd->data_offset >= sizeof(sd->csd)) {
- /* TODO: Check CRC before committing */
- sd->state = sd_programming_state;
- for (i = 0; i < sizeof(sd->csd); i ++)
- if ((sd->csd[i] | sd_csd_rw_mask[i]) !=
- (sd->data[i] | sd_csd_rw_mask[i]))
- sd->card_status |= CID_CSD_OVERWRITE;
-
- /* Copy flag (OTP) & Permanent write protect */
- if (sd->csd[14] & ~sd->data[14] & 0x60)
- sd->card_status |= CID_CSD_OVERWRITE;
-
- if (!(sd->card_status & CID_CSD_OVERWRITE))
- for (i = 0; i < sizeof(sd->csd); i ++) {
- sd->csd[i] |= sd_csd_rw_mask[i];
- sd->csd[i] &= sd->data[i];
- }
- /* Bzzzzzzztt .... Operation complete. */
- sd->state = sd_transfer_state;
- }
- break;
-
- case 42: /* CMD42: LOCK_UNLOCK */
- sd->data[sd->data_offset ++] = value;
- if (sd->data_offset >= sd->blk_len) {
- /* TODO: Check CRC before committing */
- sd->state = sd_programming_state;
- sd_lock_command(sd);
- /* Bzzzzzzztt .... Operation complete. */
- sd->state = sd_transfer_state;
- }
- break;
-
- case 56: /* CMD56: GEN_CMD */
- sd->data[sd->data_offset ++] = value;
- if (sd->data_offset >= sd->blk_len) {
- APP_WRITE_BLOCK(sd->data_start, sd->data_offset);
- sd->state = sd_transfer_state;
- }
- break;
-
- default:
- fprintf(stderr, "sd_write_data: unknown command\n");
- break;
- }
-}
-
-uint8_t sd_read_data(SDState *sd)
-{
- /* TODO: Append CRCs */
- uint8_t ret;
- int io_len;
-
- if (!sd->bdrv || !bdrv_is_inserted(sd->bdrv) || !sd->enable)
- return 0x00;
-
- if (sd->state != sd_sendingdata_state) {
- fprintf(stderr, "sd_read_data: not in Sending-Data state\n");
- return 0x00;
- }
-
- if (sd->card_status & (ADDRESS_ERROR | WP_VIOLATION))
- return 0x00;
-
- io_len = (sd->ocr & (1 << 30)) ? 512 : sd->blk_len;
-
- switch (sd->current_cmd) {
- case 6: /* CMD6: SWITCH_FUNCTION */
- ret = sd->data[sd->data_offset ++];
-
- if (sd->data_offset >= 64)
- sd->state = sd_transfer_state;
- break;
-
- case 9: /* CMD9: SEND_CSD */
- case 10: /* CMD10: SEND_CID */
- ret = sd->data[sd->data_offset ++];
-
- if (sd->data_offset >= 16)
- sd->state = sd_transfer_state;
- break;
-
- case 11: /* CMD11: READ_DAT_UNTIL_STOP */
- if (sd->data_offset == 0)
- BLK_READ_BLOCK(sd->data_start, io_len);
- ret = sd->data[sd->data_offset ++];
-
- if (sd->data_offset >= io_len) {
- sd->data_start += io_len;
- sd->data_offset = 0;
- if (sd->data_start + io_len > sd->size) {
- sd->card_status |= ADDRESS_ERROR;
- break;
- }
- }
- break;
-
- case 13: /* ACMD13: SD_STATUS */
- ret = sd->sd_status[sd->data_offset ++];
-
- if (sd->data_offset >= sizeof(sd->sd_status))
- sd->state = sd_transfer_state;
- break;
-
- case 17: /* CMD17: READ_SINGLE_BLOCK */
- if (sd->data_offset == 0)
- BLK_READ_BLOCK(sd->data_start, io_len);
- ret = sd->data[sd->data_offset ++];
-
- if (sd->data_offset >= io_len)
- sd->state = sd_transfer_state;
- break;
-
- case 18: /* CMD18: READ_MULTIPLE_BLOCK */
- if (sd->data_offset == 0)
- BLK_READ_BLOCK(sd->data_start, io_len);
- ret = sd->data[sd->data_offset ++];
-
- if (sd->data_offset >= io_len) {
- sd->data_start += io_len;
- sd->data_offset = 0;
- if (sd->data_start + io_len > sd->size) {
- sd->card_status |= ADDRESS_ERROR;
- break;
- }
- }
- break;
-
- case 22: /* ACMD22: SEND_NUM_WR_BLOCKS */
- ret = sd->data[sd->data_offset ++];
-
- if (sd->data_offset >= 4)
- sd->state = sd_transfer_state;
- break;
-
- case 30: /* CMD30: SEND_WRITE_PROT */
- ret = sd->data[sd->data_offset ++];
-
- if (sd->data_offset >= 4)
- sd->state = sd_transfer_state;
- break;
-
- case 51: /* ACMD51: SEND_SCR */
- ret = sd->scr[sd->data_offset ++];
-
- if (sd->data_offset >= sizeof(sd->scr))
- sd->state = sd_transfer_state;
- break;
-
- case 56: /* CMD56: GEN_CMD */
- if (sd->data_offset == 0)
- APP_READ_BLOCK(sd->data_start, sd->blk_len);
- ret = sd->data[sd->data_offset ++];
-
- if (sd->data_offset >= sd->blk_len)
- sd->state = sd_transfer_state;
- break;
-
- default:
- fprintf(stderr, "sd_read_data: unknown command\n");
- return 0x00;
- }
-
- return ret;
-}
-
-bool sd_data_ready(SDState *sd)
-{
- return sd->state == sd_sendingdata_state;
-}
-
-void sd_enable(SDState *sd, bool enable)
-{
- sd->enable = enable;
-}
diff --git a/hw/sd.h b/hw/sd.h
deleted file mode 100644
index d9b97e446..000000000
--- a/hw/sd.h
+++ /dev/null
@@ -1,80 +0,0 @@
-/*
- * SD Memory Card emulation. Mostly correct for MMC too.
- *
- * Copyright (c) 2006 Andrzej Zaborowski <balrog@zabor.org>
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS''
- * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
- * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
- * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR
- * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
- * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
- * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
- * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
- * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
- * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-#ifndef __hw_sd_h
-#define __hw_sd_h 1
-
-#define OUT_OF_RANGE (1 << 31)
-#define ADDRESS_ERROR (1 << 30)
-#define BLOCK_LEN_ERROR (1 << 29)
-#define ERASE_SEQ_ERROR (1 << 28)
-#define ERASE_PARAM (1 << 27)
-#define WP_VIOLATION (1 << 26)
-#define CARD_IS_LOCKED (1 << 25)
-#define LOCK_UNLOCK_FAILED (1 << 24)
-#define COM_CRC_ERROR (1 << 23)
-#define ILLEGAL_COMMAND (1 << 22)
-#define CARD_ECC_FAILED (1 << 21)
-#define CC_ERROR (1 << 20)
-#define SD_ERROR (1 << 19)
-#define CID_CSD_OVERWRITE (1 << 16)
-#define WP_ERASE_SKIP (1 << 15)
-#define CARD_ECC_DISABLED (1 << 14)
-#define ERASE_RESET (1 << 13)
-#define CURRENT_STATE (7 << 9)
-#define READY_FOR_DATA (1 << 8)
-#define APP_CMD (1 << 5)
-#define AKE_SEQ_ERROR (1 << 3)
-#define OCR_CCS_BITN 30
-
-typedef enum {
- sd_none = -1,
- sd_bc = 0, /* broadcast -- no response */
- sd_bcr, /* broadcast with response */
- sd_ac, /* addressed -- no data transfer */
- sd_adtc, /* addressed with data transfer */
-} sd_cmd_type_t;
-
-typedef struct {
- uint8_t cmd;
- uint32_t arg;
- uint8_t crc;
-} SDRequest;
-
-typedef struct SDState SDState;
-
-SDState *sd_init(BlockDriverState *bs, bool is_spi);
-int sd_do_command(SDState *sd, SDRequest *req,
- uint8_t *response);
-void sd_write_data(SDState *sd, uint8_t value);
-uint8_t sd_read_data(SDState *sd);
-void sd_set_cb(SDState *sd, qemu_irq readonly, qemu_irq insert);
-bool sd_data_ready(SDState *sd);
-void sd_enable(SDState *sd, bool enable);
-
-#endif /* __hw_sd_h */
diff --git a/hw/sd/Makefile.objs b/hw/sd/Makefile.objs
new file mode 100644
index 000000000..f1aed83d9
--- /dev/null
+++ b/hw/sd/Makefile.objs
@@ -0,0 +1,8 @@
+common-obj-$(CONFIG_PL181) += pl181.o
+common-obj-$(CONFIG_SSI_SD) += ssi-sd.o
+common-obj-$(CONFIG_SD) += sd.o
+common-obj-$(CONFIG_SDHCI) += sdhci.o
+
+obj-$(CONFIG_MILKYMIST) += milkymist-memcard.o
+obj-$(CONFIG_OMAP) += omap_mmc.o
+obj-$(CONFIG_PXA2XX) += pxa2xx_mmci.o
diff --git a/hw/sd/milkymist-memcard.c b/hw/sd/milkymist-memcard.c
new file mode 100644
index 000000000..42613b3af
--- /dev/null
+++ b/hw/sd/milkymist-memcard.c
@@ -0,0 +1,307 @@
+/*
+ * QEMU model of the Milkymist SD Card Controller.
+ *
+ * Copyright (c) 2010 Michael Walle <michael@walle.cc>
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, see <http://www.gnu.org/licenses/>.
+ *
+ *
+ * Specification available at:
+ * http://www.milkymist.org/socdoc/memcard.pdf
+ */
+
+#include "hw/hw.h"
+#include "hw/sysbus.h"
+#include "sysemu/sysemu.h"
+#include "trace.h"
+#include "qemu/error-report.h"
+#include "sysemu/blockdev.h"
+#include "hw/sd.h"
+
+enum {
+ ENABLE_CMD_TX = (1<<0),
+ ENABLE_CMD_RX = (1<<1),
+ ENABLE_DAT_TX = (1<<2),
+ ENABLE_DAT_RX = (1<<3),
+};
+
+enum {
+ PENDING_CMD_TX = (1<<0),
+ PENDING_CMD_RX = (1<<1),
+ PENDING_DAT_TX = (1<<2),
+ PENDING_DAT_RX = (1<<3),
+};
+
+enum {
+ START_CMD_TX = (1<<0),
+ START_DAT_RX = (1<<1),
+};
+
+enum {
+ R_CLK2XDIV = 0,
+ R_ENABLE,
+ R_PENDING,
+ R_START,
+ R_CMD,
+ R_DAT,
+ R_MAX
+};
+
+#define TYPE_MILKYMIST_MEMCARD "milkymist-memcard"
+#define MILKYMIST_MEMCARD(obj) \
+ OBJECT_CHECK(MilkymistMemcardState, (obj), TYPE_MILKYMIST_MEMCARD)
+
+struct MilkymistMemcardState {
+ SysBusDevice parent_obj;
+
+ MemoryRegion regs_region;
+ SDState *card;
+
+ int command_write_ptr;
+ int response_read_ptr;
+ int response_len;
+ int ignore_next_cmd;
+ int enabled;
+ uint8_t command[6];
+ uint8_t response[17];
+ uint32_t regs[R_MAX];
+};
+typedef struct MilkymistMemcardState MilkymistMemcardState;
+
+static void update_pending_bits(MilkymistMemcardState *s)
+{
+ /* transmits are instantaneous, thus tx pending bits are never set */
+ s->regs[R_PENDING] = 0;
+ /* if rx is enabled the corresponding pending bits are always set */
+ if (s->regs[R_ENABLE] & ENABLE_CMD_RX) {
+ s->regs[R_PENDING] |= PENDING_CMD_RX;
+ }
+ if (s->regs[R_ENABLE] & ENABLE_DAT_RX) {
+ s->regs[R_PENDING] |= PENDING_DAT_RX;
+ }
+}
+
+static void memcard_sd_command(MilkymistMemcardState *s)
+{
+ SDRequest req;
+
+ req.cmd = s->command[0] & 0x3f;
+ req.arg = (s->command[1] << 24) | (s->command[2] << 16)
+ | (s->command[3] << 8) | s->command[4];
+ req.crc = s->command[5];
+
+ s->response[0] = req.cmd;
+ s->response_len = sd_do_command(s->card, &req, s->response+1);
+ s->response_read_ptr = 0;
+
+ if (s->response_len == 16) {
+ /* R2 response */
+ s->response[0] = 0x3f;
+ s->response_len += 1;
+ } else if (s->response_len == 4) {
+ /* no crc calculation, insert dummy byte */
+ s->response[5] = 0;
+ s->response_len += 2;
+ }
+
+ if (req.cmd == 0) {
+ /* next write is a dummy byte to clock the initialization of the sd
+ * card */
+ s->ignore_next_cmd = 1;
+ }
+}
+
+static uint64_t memcard_read(void *opaque, hwaddr addr,
+ unsigned size)
+{
+ MilkymistMemcardState *s = opaque;
+ uint32_t r = 0;
+
+ addr >>= 2;
+ switch (addr) {
+ case R_CMD:
+ if (!s->enabled) {
+ r = 0xff;
+ } else {
+ r = s->response[s->response_read_ptr++];
+ if (s->response_read_ptr > s->response_len) {
+ error_report("milkymist_memcard: "
+ "read more cmd bytes than available. Clipping.");
+ s->response_read_ptr = 0;
+ }
+ }
+ break;
+ case R_DAT:
+ if (!s->enabled) {
+ r = 0xffffffff;
+ } else {
+ r = 0;
+ r |= sd_read_data(s->card) << 24;
+ r |= sd_read_data(s->card) << 16;
+ r |= sd_read_data(s->card) << 8;
+ r |= sd_read_data(s->card);
+ }
+ break;
+ case R_CLK2XDIV:
+ case R_ENABLE:
+ case R_PENDING:
+ case R_START:
+ r = s->regs[addr];
+ break;
+
+ default:
+ error_report("milkymist_memcard: read access to unknown register 0x"
+ TARGET_FMT_plx, addr << 2);
+ break;
+ }
+
+ trace_milkymist_memcard_memory_read(addr << 2, r);
+
+ return r;
+}
+
+static void memcard_write(void *opaque, hwaddr addr, uint64_t value,
+ unsigned size)
+{
+ MilkymistMemcardState *s = opaque;
+
+ trace_milkymist_memcard_memory_write(addr, value);
+
+ addr >>= 2;
+ switch (addr) {
+ case R_PENDING:
+ /* clear rx pending bits */
+ s->regs[R_PENDING] &= ~(value & (PENDING_CMD_RX | PENDING_DAT_RX));
+ update_pending_bits(s);
+ break;
+ case R_CMD:
+ if (!s->enabled) {
+ break;
+ }
+ if (s->ignore_next_cmd) {
+ s->ignore_next_cmd = 0;
+ break;
+ }
+ s->command[s->command_write_ptr] = value & 0xff;
+ s->command_write_ptr = (s->command_write_ptr + 1) % 6;
+ if (s->command_write_ptr == 0) {
+ memcard_sd_command(s);
+ }
+ break;
+ case R_DAT:
+ if (!s->enabled) {
+ break;
+ }
+ sd_write_data(s->card, (value >> 24) & 0xff);
+ sd_write_data(s->card, (value >> 16) & 0xff);
+ sd_write_data(s->card, (value >> 8) & 0xff);
+ sd_write_data(s->card, value & 0xff);
+ break;
+ case R_ENABLE:
+ s->regs[addr] = value;
+ update_pending_bits(s);
+ break;
+ case R_CLK2XDIV:
+ case R_START:
+ s->regs[addr] = value;
+ break;
+
+ default:
+ error_report("milkymist_memcard: write access to unknown register 0x"
+ TARGET_FMT_plx, addr << 2);
+ break;
+ }
+}
+
+static const MemoryRegionOps memcard_mmio_ops = {
+ .read = memcard_read,
+ .write = memcard_write,
+ .valid = {
+ .min_access_size = 4,
+ .max_access_size = 4,
+ },
+ .endianness = DEVICE_NATIVE_ENDIAN,
+};
+
+static void milkymist_memcard_reset(DeviceState *d)
+{
+ MilkymistMemcardState *s = MILKYMIST_MEMCARD(d);
+ int i;
+
+ s->command_write_ptr = 0;
+ s->response_read_ptr = 0;
+ s->response_len = 0;
+
+ for (i = 0; i < R_MAX; i++) {
+ s->regs[i] = 0;
+ }
+}
+
+static int milkymist_memcard_init(SysBusDevice *dev)
+{
+ MilkymistMemcardState *s = MILKYMIST_MEMCARD(dev);
+ DriveInfo *dinfo;
+
+ dinfo = drive_get_next(IF_SD);
+ s->card = sd_init(dinfo ? dinfo->bdrv : NULL, false);
+ s->enabled = dinfo ? bdrv_is_inserted(dinfo->bdrv) : 0;
+
+ memory_region_init_io(&s->regs_region, OBJECT(s), &memcard_mmio_ops, s,
+ "milkymist-memcard", R_MAX * 4);
+ sysbus_init_mmio(dev, &s->regs_region);
+
+ return 0;
+}
+
+static const VMStateDescription vmstate_milkymist_memcard = {
+ .name = "milkymist-memcard",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .minimum_version_id_old = 1,
+ .fields = (VMStateField[]) {
+ VMSTATE_INT32(command_write_ptr, MilkymistMemcardState),
+ VMSTATE_INT32(response_read_ptr, MilkymistMemcardState),
+ VMSTATE_INT32(response_len, MilkymistMemcardState),
+ VMSTATE_INT32(ignore_next_cmd, MilkymistMemcardState),
+ VMSTATE_INT32(enabled, MilkymistMemcardState),
+ VMSTATE_UINT8_ARRAY(command, MilkymistMemcardState, 6),
+ VMSTATE_UINT8_ARRAY(response, MilkymistMemcardState, 17),
+ VMSTATE_UINT32_ARRAY(regs, MilkymistMemcardState, R_MAX),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+static void milkymist_memcard_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
+
+ k->init = milkymist_memcard_init;
+ dc->reset = milkymist_memcard_reset;
+ dc->vmsd = &vmstate_milkymist_memcard;
+}
+
+static const TypeInfo milkymist_memcard_info = {
+ .name = TYPE_MILKYMIST_MEMCARD,
+ .parent = TYPE_SYS_BUS_DEVICE,
+ .instance_size = sizeof(MilkymistMemcardState),
+ .class_init = milkymist_memcard_class_init,
+};
+
+static void milkymist_memcard_register_types(void)
+{
+ type_register_static(&milkymist_memcard_info);
+}
+
+type_init(milkymist_memcard_register_types)
diff --git a/hw/sd/omap_mmc.c b/hw/sd/omap_mmc.c
new file mode 100644
index 000000000..bf5d1fbf6
--- /dev/null
+++ b/hw/sd/omap_mmc.c
@@ -0,0 +1,641 @@
+/*
+ * OMAP on-chip MMC/SD host emulation.
+ *
+ * Copyright (C) 2006-2007 Andrzej Zaborowski <balrog@zabor.org>
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License as
+ * published by the Free Software Foundation; either version 2 or
+ * (at your option) version 3 of the License.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+#include "hw/hw.h"
+#include "hw/arm/omap.h"
+#include "hw/sd.h"
+
+struct omap_mmc_s {
+ qemu_irq irq;
+ qemu_irq *dma;
+ qemu_irq coverswitch;
+ MemoryRegion iomem;
+ omap_clk clk;
+ SDState *card;
+ uint16_t last_cmd;
+ uint16_t sdio;
+ uint16_t rsp[8];
+ uint32_t arg;
+ int lines;
+ int dw;
+ int mode;
+ int enable;
+ int be;
+ int rev;
+ uint16_t status;
+ uint16_t mask;
+ uint8_t cto;
+ uint16_t dto;
+ int clkdiv;
+ uint16_t fifo[32];
+ int fifo_start;
+ int fifo_len;
+ uint16_t blen;
+ uint16_t blen_counter;
+ uint16_t nblk;
+ uint16_t nblk_counter;
+ int tx_dma;
+ int rx_dma;
+ int af_level;
+ int ae_level;
+
+ int ddir;
+ int transfer;
+
+ int cdet_wakeup;
+ int cdet_enable;
+ int cdet_state;
+ qemu_irq cdet;
+};
+
+static void omap_mmc_interrupts_update(struct omap_mmc_s *s)
+{
+ qemu_set_irq(s->irq, !!(s->status & s->mask));
+}
+
+static void omap_mmc_fifolevel_update(struct omap_mmc_s *host)
+{
+ if (!host->transfer && !host->fifo_len) {
+ host->status &= 0xf3ff;
+ return;
+ }
+
+ if (host->fifo_len > host->af_level && host->ddir) {
+ if (host->rx_dma) {
+ host->status &= 0xfbff;
+ qemu_irq_raise(host->dma[1]);
+ } else
+ host->status |= 0x0400;
+ } else {
+ host->status &= 0xfbff;
+ qemu_irq_lower(host->dma[1]);
+ }
+
+ if (host->fifo_len < host->ae_level && !host->ddir) {
+ if (host->tx_dma) {
+ host->status &= 0xf7ff;
+ qemu_irq_raise(host->dma[0]);
+ } else
+ host->status |= 0x0800;
+ } else {
+ qemu_irq_lower(host->dma[0]);
+ host->status &= 0xf7ff;
+ }
+}
+
+typedef enum {
+ sd_nore = 0, /* no response */
+ sd_r1, /* normal response command */
+ sd_r2, /* CID, CSD registers */
+ sd_r3, /* OCR register */
+ sd_r6 = 6, /* Published RCA response */
+ sd_r1b = -1,
+} sd_rsp_type_t;
+
+static void omap_mmc_command(struct omap_mmc_s *host, int cmd, int dir,
+ sd_cmd_type_t type, int busy, sd_rsp_type_t resptype, int init)
+{
+ uint32_t rspstatus, mask;
+ int rsplen, timeout;
+ SDRequest request;
+ uint8_t response[16];
+
+ if (init && cmd == 0) {
+ host->status |= 0x0001;
+ return;
+ }
+
+ if (resptype == sd_r1 && busy)
+ resptype = sd_r1b;
+
+ if (type == sd_adtc) {
+ host->fifo_start = 0;
+ host->fifo_len = 0;
+ host->transfer = 1;
+ host->ddir = dir;
+ } else
+ host->transfer = 0;
+ timeout = 0;
+ mask = 0;
+ rspstatus = 0;
+
+ request.cmd = cmd;
+ request.arg = host->arg;
+ request.crc = 0; /* FIXME */
+
+ rsplen = sd_do_command(host->card, &request, response);
+
+ /* TODO: validate CRCs */
+ switch (resptype) {
+ case sd_nore:
+ rsplen = 0;
+ break;
+
+ case sd_r1:
+ case sd_r1b:
+ if (rsplen < 4) {
+ timeout = 1;
+ break;
+ }
+ rsplen = 4;
+
+ mask = OUT_OF_RANGE | ADDRESS_ERROR | BLOCK_LEN_ERROR |
+ ERASE_SEQ_ERROR | ERASE_PARAM | WP_VIOLATION |
+ LOCK_UNLOCK_FAILED | COM_CRC_ERROR | ILLEGAL_COMMAND |
+ CARD_ECC_FAILED | CC_ERROR | SD_ERROR |
+ CID_CSD_OVERWRITE;
+ if (host->sdio & (1 << 13))
+ mask |= AKE_SEQ_ERROR;
+ rspstatus = (response[0] << 24) | (response[1] << 16) |
+ (response[2] << 8) | (response[3] << 0);
+ break;
+
+ case sd_r2:
+ if (rsplen < 16) {
+ timeout = 1;
+ break;
+ }
+ rsplen = 16;
+ break;
+
+ case sd_r3:
+ if (rsplen < 4) {
+ timeout = 1;
+ break;
+ }
+ rsplen = 4;
+
+ rspstatus = (response[0] << 24) | (response[1] << 16) |
+ (response[2] << 8) | (response[3] << 0);
+ if (rspstatus & 0x80000000)
+ host->status &= 0xe000;
+ else
+ host->status |= 0x1000;
+ break;
+
+ case sd_r6:
+ if (rsplen < 4) {
+ timeout = 1;
+ break;
+ }
+ rsplen = 4;
+
+ mask = 0xe000 | AKE_SEQ_ERROR;
+ rspstatus = (response[2] << 8) | (response[3] << 0);
+ }
+
+ if (rspstatus & mask)
+ host->status |= 0x4000;
+ else
+ host->status &= 0xb000;
+
+ if (rsplen)
+ for (rsplen = 0; rsplen < 8; rsplen ++)
+ host->rsp[~rsplen & 7] = response[(rsplen << 1) | 1] |
+ (response[(rsplen << 1) | 0] << 8);
+
+ if (timeout)
+ host->status |= 0x0080;
+ else if (cmd == 12)
+ host->status |= 0x0005; /* Makes it more real */
+ else
+ host->status |= 0x0001;
+}
+
+static void omap_mmc_transfer(struct omap_mmc_s *host)
+{
+ uint8_t value;
+
+ if (!host->transfer)
+ return;
+
+ while (1) {
+ if (host->ddir) {
+ if (host->fifo_len > host->af_level)
+ break;
+
+ value = sd_read_data(host->card);
+ host->fifo[(host->fifo_start + host->fifo_len) & 31] = value;
+ if (-- host->blen_counter) {
+ value = sd_read_data(host->card);
+ host->fifo[(host->fifo_start + host->fifo_len) & 31] |=
+ value << 8;
+ host->blen_counter --;
+ }
+
+ host->fifo_len ++;
+ } else {
+ if (!host->fifo_len)
+ break;
+
+ value = host->fifo[host->fifo_start] & 0xff;
+ sd_write_data(host->card, value);
+ if (-- host->blen_counter) {
+ value = host->fifo[host->fifo_start] >> 8;
+ sd_write_data(host->card, value);
+ host->blen_counter --;
+ }
+
+ host->fifo_start ++;
+ host->fifo_len --;
+ host->fifo_start &= 31;
+ }
+
+ if (host->blen_counter == 0) {
+ host->nblk_counter --;
+ host->blen_counter = host->blen;
+
+ if (host->nblk_counter == 0) {
+ host->nblk_counter = host->nblk;
+ host->transfer = 0;
+ host->status |= 0x0008;
+ break;
+ }
+ }
+ }
+}
+
+static void omap_mmc_update(void *opaque)
+{
+ struct omap_mmc_s *s = opaque;
+ omap_mmc_transfer(s);
+ omap_mmc_fifolevel_update(s);
+ omap_mmc_interrupts_update(s);
+}
+
+void omap_mmc_reset(struct omap_mmc_s *host)
+{
+ host->last_cmd = 0;
+ memset(host->rsp, 0, sizeof(host->rsp));
+ host->arg = 0;
+ host->dw = 0;
+ host->mode = 0;
+ host->enable = 0;
+ host->status = 0;
+ host->mask = 0;
+ host->cto = 0;
+ host->dto = 0;
+ host->fifo_len = 0;
+ host->blen = 0;
+ host->blen_counter = 0;
+ host->nblk = 0;
+ host->nblk_counter = 0;
+ host->tx_dma = 0;
+ host->rx_dma = 0;
+ host->ae_level = 0x00;
+ host->af_level = 0x1f;
+ host->transfer = 0;
+ host->cdet_wakeup = 0;
+ host->cdet_enable = 0;
+ qemu_set_irq(host->coverswitch, host->cdet_state);
+ host->clkdiv = 0;
+}
+
+static uint64_t omap_mmc_read(void *opaque, hwaddr offset,
+ unsigned size)
+{
+ uint16_t i;
+ struct omap_mmc_s *s = (struct omap_mmc_s *) opaque;
+
+ if (size != 2) {
+ return omap_badwidth_read16(opaque, offset);
+ }
+
+ switch (offset) {
+ case 0x00: /* MMC_CMD */
+ return s->last_cmd;
+
+ case 0x04: /* MMC_ARGL */
+ return s->arg & 0x0000ffff;
+
+ case 0x08: /* MMC_ARGH */
+ return s->arg >> 16;
+
+ case 0x0c: /* MMC_CON */
+ return (s->dw << 15) | (s->mode << 12) | (s->enable << 11) |
+ (s->be << 10) | s->clkdiv;
+
+ case 0x10: /* MMC_STAT */
+ return s->status;
+
+ case 0x14: /* MMC_IE */
+ return s->mask;
+
+ case 0x18: /* MMC_CTO */
+ return s->cto;
+
+ case 0x1c: /* MMC_DTO */
+ return s->dto;
+
+ case 0x20: /* MMC_DATA */
+ /* TODO: support 8-bit access */
+ i = s->fifo[s->fifo_start];
+ if (s->fifo_len == 0) {
+ printf("MMC: FIFO underrun\n");
+ return i;
+ }
+ s->fifo_start ++;
+ s->fifo_len --;
+ s->fifo_start &= 31;
+ omap_mmc_transfer(s);
+ omap_mmc_fifolevel_update(s);
+ omap_mmc_interrupts_update(s);
+ return i;
+
+ case 0x24: /* MMC_BLEN */
+ return s->blen_counter;
+
+ case 0x28: /* MMC_NBLK */
+ return s->nblk_counter;
+
+ case 0x2c: /* MMC_BUF */
+ return (s->rx_dma << 15) | (s->af_level << 8) |
+ (s->tx_dma << 7) | s->ae_level;
+
+ case 0x30: /* MMC_SPI */
+ return 0x0000;
+ case 0x34: /* MMC_SDIO */
+ return (s->cdet_wakeup << 2) | (s->cdet_enable) | s->sdio;
+ case 0x38: /* MMC_SYST */
+ return 0x0000;
+
+ case 0x3c: /* MMC_REV */
+ return s->rev;
+
+ case 0x40: /* MMC_RSP0 */
+ case 0x44: /* MMC_RSP1 */
+ case 0x48: /* MMC_RSP2 */
+ case 0x4c: /* MMC_RSP3 */
+ case 0x50: /* MMC_RSP4 */
+ case 0x54: /* MMC_RSP5 */
+ case 0x58: /* MMC_RSP6 */
+ case 0x5c: /* MMC_RSP7 */
+ return s->rsp[(offset - 0x40) >> 2];
+
+ /* OMAP2-specific */
+ case 0x60: /* MMC_IOSR */
+ case 0x64: /* MMC_SYSC */
+ return 0;
+ case 0x68: /* MMC_SYSS */
+ return 1; /* RSTD */
+ }
+
+ OMAP_BAD_REG(offset);
+ return 0;
+}
+
+static void omap_mmc_write(void *opaque, hwaddr offset,
+ uint64_t value, unsigned size)
+{
+ int i;
+ struct omap_mmc_s *s = (struct omap_mmc_s *) opaque;
+
+ if (size != 2) {
+ return omap_badwidth_write16(opaque, offset, value);
+ }
+
+ switch (offset) {
+ case 0x00: /* MMC_CMD */
+ if (!s->enable)
+ break;
+
+ s->last_cmd = value;
+ for (i = 0; i < 8; i ++)
+ s->rsp[i] = 0x0000;
+ omap_mmc_command(s, value & 63, (value >> 15) & 1,
+ (sd_cmd_type_t) ((value >> 12) & 3),
+ (value >> 11) & 1,
+ (sd_rsp_type_t) ((value >> 8) & 7),
+ (value >> 7) & 1);
+ omap_mmc_update(s);
+ break;
+
+ case 0x04: /* MMC_ARGL */
+ s->arg &= 0xffff0000;
+ s->arg |= 0x0000ffff & value;
+ break;
+
+ case 0x08: /* MMC_ARGH */
+ s->arg &= 0x0000ffff;
+ s->arg |= value << 16;
+ break;
+
+ case 0x0c: /* MMC_CON */
+ s->dw = (value >> 15) & 1;
+ s->mode = (value >> 12) & 3;
+ s->enable = (value >> 11) & 1;
+ s->be = (value >> 10) & 1;
+ s->clkdiv = (value >> 0) & (s->rev >= 2 ? 0x3ff : 0xff);
+ if (s->mode != 0)
+ printf("SD mode %i unimplemented!\n", s->mode);
+ if (s->be != 0)
+ printf("SD FIFO byte sex unimplemented!\n");
+ if (s->dw != 0 && s->lines < 4)
+ printf("4-bit SD bus enabled\n");
+ if (!s->enable)
+ omap_mmc_reset(s);
+ break;
+
+ case 0x10: /* MMC_STAT */
+ s->status &= ~value;
+ omap_mmc_interrupts_update(s);
+ break;
+
+ case 0x14: /* MMC_IE */
+ s->mask = value & 0x7fff;
+ omap_mmc_interrupts_update(s);
+ break;
+
+ case 0x18: /* MMC_CTO */
+ s->cto = value & 0xff;
+ if (s->cto > 0xfd && s->rev <= 1)
+ printf("MMC: CTO of 0xff and 0xfe cannot be used!\n");
+ break;
+
+ case 0x1c: /* MMC_DTO */
+ s->dto = value & 0xffff;
+ break;
+
+ case 0x20: /* MMC_DATA */
+ /* TODO: support 8-bit access */
+ if (s->fifo_len == 32)
+ break;
+ s->fifo[(s->fifo_start + s->fifo_len) & 31] = value;
+ s->fifo_len ++;
+ omap_mmc_transfer(s);
+ omap_mmc_fifolevel_update(s);
+ omap_mmc_interrupts_update(s);
+ break;
+
+ case 0x24: /* MMC_BLEN */
+ s->blen = (value & 0x07ff) + 1;
+ s->blen_counter = s->blen;
+ break;
+
+ case 0x28: /* MMC_NBLK */
+ s->nblk = (value & 0x07ff) + 1;
+ s->nblk_counter = s->nblk;
+ s->blen_counter = s->blen;
+ break;
+
+ case 0x2c: /* MMC_BUF */
+ s->rx_dma = (value >> 15) & 1;
+ s->af_level = (value >> 8) & 0x1f;
+ s->tx_dma = (value >> 7) & 1;
+ s->ae_level = value & 0x1f;
+
+ if (s->rx_dma)
+ s->status &= 0xfbff;
+ if (s->tx_dma)
+ s->status &= 0xf7ff;
+ omap_mmc_fifolevel_update(s);
+ omap_mmc_interrupts_update(s);
+ break;
+
+ /* SPI, SDIO and TEST modes unimplemented */
+ case 0x30: /* MMC_SPI (OMAP1 only) */
+ break;
+ case 0x34: /* MMC_SDIO */
+ s->sdio = value & (s->rev >= 2 ? 0xfbf3 : 0x2020);
+ s->cdet_wakeup = (value >> 9) & 1;
+ s->cdet_enable = (value >> 2) & 1;
+ break;
+ case 0x38: /* MMC_SYST */
+ break;
+
+ case 0x3c: /* MMC_REV */
+ case 0x40: /* MMC_RSP0 */
+ case 0x44: /* MMC_RSP1 */
+ case 0x48: /* MMC_RSP2 */
+ case 0x4c: /* MMC_RSP3 */
+ case 0x50: /* MMC_RSP4 */
+ case 0x54: /* MMC_RSP5 */
+ case 0x58: /* MMC_RSP6 */
+ case 0x5c: /* MMC_RSP7 */
+ OMAP_RO_REG(offset);
+ break;
+
+ /* OMAP2-specific */
+ case 0x60: /* MMC_IOSR */
+ if (value & 0xf)
+ printf("MMC: SDIO bits used!\n");
+ break;
+ case 0x64: /* MMC_SYSC */
+ if (value & (1 << 2)) /* SRTS */
+ omap_mmc_reset(s);
+ break;
+ case 0x68: /* MMC_SYSS */
+ OMAP_RO_REG(offset);
+ break;
+
+ default:
+ OMAP_BAD_REG(offset);
+ }
+}
+
+static const MemoryRegionOps omap_mmc_ops = {
+ .read = omap_mmc_read,
+ .write = omap_mmc_write,
+ .endianness = DEVICE_NATIVE_ENDIAN,
+};
+
+static void omap_mmc_cover_cb(void *opaque, int line, int level)
+{
+ struct omap_mmc_s *host = (struct omap_mmc_s *) opaque;
+
+ if (!host->cdet_state && level) {
+ host->status |= 0x0002;
+ omap_mmc_interrupts_update(host);
+ if (host->cdet_wakeup) {
+ /* TODO: Assert wake-up */
+ }
+ }
+
+ if (host->cdet_state != level) {
+ qemu_set_irq(host->coverswitch, level);
+ host->cdet_state = level;
+ }
+}
+
+struct omap_mmc_s *omap_mmc_init(hwaddr base,
+ MemoryRegion *sysmem,
+ BlockDriverState *bd,
+ qemu_irq irq, qemu_irq dma[], omap_clk clk)
+{
+ struct omap_mmc_s *s = (struct omap_mmc_s *)
+ g_malloc0(sizeof(struct omap_mmc_s));
+
+ s->irq = irq;
+ s->dma = dma;
+ s->clk = clk;
+ s->lines = 1; /* TODO: needs to be settable per-board */
+ s->rev = 1;
+
+ omap_mmc_reset(s);
+
+ memory_region_init_io(&s->iomem, NULL, &omap_mmc_ops, s, "omap.mmc", 0x800);
+ memory_region_add_subregion(sysmem, base, &s->iomem);
+
+ /* Instantiate the storage */
+ s->card = sd_init(bd, false);
+
+ return s;
+}
+
+struct omap_mmc_s *omap2_mmc_init(struct omap_target_agent_s *ta,
+ BlockDriverState *bd, qemu_irq irq, qemu_irq dma[],
+ omap_clk fclk, omap_clk iclk)
+{
+ struct omap_mmc_s *s = (struct omap_mmc_s *)
+ g_malloc0(sizeof(struct omap_mmc_s));
+
+ s->irq = irq;
+ s->dma = dma;
+ s->clk = fclk;
+ s->lines = 4;
+ s->rev = 2;
+
+ omap_mmc_reset(s);
+
+ memory_region_init_io(&s->iomem, NULL, &omap_mmc_ops, s, "omap.mmc",
+ omap_l4_region_size(ta, 0));
+ omap_l4_attach(ta, 0, &s->iomem);
+
+ /* Instantiate the storage */
+ s->card = sd_init(bd, false);
+
+ s->cdet = qemu_allocate_irqs(omap_mmc_cover_cb, s, 1)[0];
+ sd_set_cb(s->card, NULL, s->cdet);
+
+ return s;
+}
+
+void omap_mmc_handlers(struct omap_mmc_s *s, qemu_irq ro, qemu_irq cover)
+{
+ if (s->cdet) {
+ sd_set_cb(s->card, ro, s->cdet);
+ s->coverswitch = cover;
+ qemu_set_irq(cover, s->cdet_state);
+ } else
+ sd_set_cb(s->card, ro, cover);
+}
+
+void omap_mmc_enable(struct omap_mmc_s *s, int enable)
+{
+ sd_enable(s->card, enable);
+}
diff --git a/hw/sd/pl181.c b/hw/sd/pl181.c
new file mode 100644
index 000000000..03875bf6c
--- /dev/null
+++ b/hw/sd/pl181.c
@@ -0,0 +1,520 @@
+/*
+ * Arm PrimeCell PL181 MultiMedia Card Interface
+ *
+ * Copyright (c) 2007 CodeSourcery.
+ * Written by Paul Brook
+ *
+ * This code is licensed under the GPL.
+ */
+
+#include "sysemu/blockdev.h"
+#include "hw/sysbus.h"
+#include "hw/sd.h"
+
+//#define DEBUG_PL181 1
+
+#ifdef DEBUG_PL181
+#define DPRINTF(fmt, ...) \
+do { printf("pl181: " fmt , ## __VA_ARGS__); } while (0)
+#else
+#define DPRINTF(fmt, ...) do {} while(0)
+#endif
+
+#define PL181_FIFO_LEN 16
+
+#define TYPE_PL181 "pl181"
+#define PL181(obj) OBJECT_CHECK(PL181State, (obj), TYPE_PL181)
+
+typedef struct PL181State {
+ SysBusDevice parent_obj;
+
+ MemoryRegion iomem;
+ SDState *card;
+ uint32_t clock;
+ uint32_t power;
+ uint32_t cmdarg;
+ uint32_t cmd;
+ uint32_t datatimer;
+ uint32_t datalength;
+ uint32_t respcmd;
+ uint32_t response[4];
+ uint32_t datactrl;
+ uint32_t datacnt;
+ uint32_t status;
+ uint32_t mask[2];
+ int32_t fifo_pos;
+ int32_t fifo_len;
+ /* The linux 2.6.21 driver is buggy, and misbehaves if new data arrives
+ while it is reading the FIFO. We hack around this be defering
+ subsequent transfers until after the driver polls the status word.
+ http://www.arm.linux.org.uk/developer/patches/viewpatch.php?id=4446/1
+ */
+ int32_t linux_hack;
+ uint32_t fifo[PL181_FIFO_LEN];
+ qemu_irq irq[2];
+ /* GPIO outputs for 'card is readonly' and 'card inserted' */
+ qemu_irq cardstatus[2];
+} PL181State;
+
+static const VMStateDescription vmstate_pl181 = {
+ .name = "pl181",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .fields = (VMStateField[]) {
+ VMSTATE_UINT32(clock, PL181State),
+ VMSTATE_UINT32(power, PL181State),
+ VMSTATE_UINT32(cmdarg, PL181State),
+ VMSTATE_UINT32(cmd, PL181State),
+ VMSTATE_UINT32(datatimer, PL181State),
+ VMSTATE_UINT32(datalength, PL181State),
+ VMSTATE_UINT32(respcmd, PL181State),
+ VMSTATE_UINT32_ARRAY(response, PL181State, 4),
+ VMSTATE_UINT32(datactrl, PL181State),
+ VMSTATE_UINT32(datacnt, PL181State),
+ VMSTATE_UINT32(status, PL181State),
+ VMSTATE_UINT32_ARRAY(mask, PL181State, 2),
+ VMSTATE_INT32(fifo_pos, PL181State),
+ VMSTATE_INT32(fifo_len, PL181State),
+ VMSTATE_INT32(linux_hack, PL181State),
+ VMSTATE_UINT32_ARRAY(fifo, PL181State, PL181_FIFO_LEN),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+#define PL181_CMD_INDEX 0x3f
+#define PL181_CMD_RESPONSE (1 << 6)
+#define PL181_CMD_LONGRESP (1 << 7)
+#define PL181_CMD_INTERRUPT (1 << 8)
+#define PL181_CMD_PENDING (1 << 9)
+#define PL181_CMD_ENABLE (1 << 10)
+
+#define PL181_DATA_ENABLE (1 << 0)
+#define PL181_DATA_DIRECTION (1 << 1)
+#define PL181_DATA_MODE (1 << 2)
+#define PL181_DATA_DMAENABLE (1 << 3)
+
+#define PL181_STATUS_CMDCRCFAIL (1 << 0)
+#define PL181_STATUS_DATACRCFAIL (1 << 1)
+#define PL181_STATUS_CMDTIMEOUT (1 << 2)
+#define PL181_STATUS_DATATIMEOUT (1 << 3)
+#define PL181_STATUS_TXUNDERRUN (1 << 4)
+#define PL181_STATUS_RXOVERRUN (1 << 5)
+#define PL181_STATUS_CMDRESPEND (1 << 6)
+#define PL181_STATUS_CMDSENT (1 << 7)
+#define PL181_STATUS_DATAEND (1 << 8)
+#define PL181_STATUS_DATABLOCKEND (1 << 10)
+#define PL181_STATUS_CMDACTIVE (1 << 11)
+#define PL181_STATUS_TXACTIVE (1 << 12)
+#define PL181_STATUS_RXACTIVE (1 << 13)
+#define PL181_STATUS_TXFIFOHALFEMPTY (1 << 14)
+#define PL181_STATUS_RXFIFOHALFFULL (1 << 15)
+#define PL181_STATUS_TXFIFOFULL (1 << 16)
+#define PL181_STATUS_RXFIFOFULL (1 << 17)
+#define PL181_STATUS_TXFIFOEMPTY (1 << 18)
+#define PL181_STATUS_RXFIFOEMPTY (1 << 19)
+#define PL181_STATUS_TXDATAAVLBL (1 << 20)
+#define PL181_STATUS_RXDATAAVLBL (1 << 21)
+
+#define PL181_STATUS_TX_FIFO (PL181_STATUS_TXACTIVE \
+ |PL181_STATUS_TXFIFOHALFEMPTY \
+ |PL181_STATUS_TXFIFOFULL \
+ |PL181_STATUS_TXFIFOEMPTY \
+ |PL181_STATUS_TXDATAAVLBL)
+#define PL181_STATUS_RX_FIFO (PL181_STATUS_RXACTIVE \
+ |PL181_STATUS_RXFIFOHALFFULL \
+ |PL181_STATUS_RXFIFOFULL \
+ |PL181_STATUS_RXFIFOEMPTY \
+ |PL181_STATUS_RXDATAAVLBL)
+
+static const unsigned char pl181_id[] =
+{ 0x81, 0x11, 0x04, 0x00, 0x0d, 0xf0, 0x05, 0xb1 };
+
+static void pl181_update(PL181State *s)
+{
+ int i;
+ for (i = 0; i < 2; i++) {
+ qemu_set_irq(s->irq[i], (s->status & s->mask[i]) != 0);
+ }
+}
+
+static void pl181_fifo_push(PL181State *s, uint32_t value)
+{
+ int n;
+
+ if (s->fifo_len == PL181_FIFO_LEN) {
+ fprintf(stderr, "pl181: FIFO overflow\n");
+ return;
+ }
+ n = (s->fifo_pos + s->fifo_len) & (PL181_FIFO_LEN - 1);
+ s->fifo_len++;
+ s->fifo[n] = value;
+ DPRINTF("FIFO push %08x\n", (int)value);
+}
+
+static uint32_t pl181_fifo_pop(PL181State *s)
+{
+ uint32_t value;
+
+ if (s->fifo_len == 0) {
+ fprintf(stderr, "pl181: FIFO underflow\n");
+ return 0;
+ }
+ value = s->fifo[s->fifo_pos];
+ s->fifo_len--;
+ s->fifo_pos = (s->fifo_pos + 1) & (PL181_FIFO_LEN - 1);
+ DPRINTF("FIFO pop %08x\n", (int)value);
+ return value;
+}
+
+static void pl181_send_command(PL181State *s)
+{
+ SDRequest request;
+ uint8_t response[16];
+ int rlen;
+
+ request.cmd = s->cmd & PL181_CMD_INDEX;
+ request.arg = s->cmdarg;
+ DPRINTF("Command %d %08x\n", request.cmd, request.arg);
+ rlen = sd_do_command(s->card, &request, response);
+ if (rlen < 0)
+ goto error;
+ if (s->cmd & PL181_CMD_RESPONSE) {
+#define RWORD(n) (((uint32_t)response[n] << 24) | (response[n + 1] << 16) \
+ | (response[n + 2] << 8) | response[n + 3])
+ if (rlen == 0 || (rlen == 4 && (s->cmd & PL181_CMD_LONGRESP)))
+ goto error;
+ if (rlen != 4 && rlen != 16)
+ goto error;
+ s->response[0] = RWORD(0);
+ if (rlen == 4) {
+ s->response[1] = s->response[2] = s->response[3] = 0;
+ } else {
+ s->response[1] = RWORD(4);
+ s->response[2] = RWORD(8);
+ s->response[3] = RWORD(12) & ~1;
+ }
+ DPRINTF("Response received\n");
+ s->status |= PL181_STATUS_CMDRESPEND;
+#undef RWORD
+ } else {
+ DPRINTF("Command sent\n");
+ s->status |= PL181_STATUS_CMDSENT;
+ }
+ return;
+
+error:
+ DPRINTF("Timeout\n");
+ s->status |= PL181_STATUS_CMDTIMEOUT;
+}
+
+/* Transfer data between the card and the FIFO. This is complicated by
+ the FIFO holding 32-bit words and the card taking data in single byte
+ chunks. FIFO bytes are transferred in little-endian order. */
+
+static void pl181_fifo_run(PL181State *s)
+{
+ uint32_t bits;
+ uint32_t value = 0;
+ int n;
+ int is_read;
+
+ is_read = (s->datactrl & PL181_DATA_DIRECTION) != 0;
+ if (s->datacnt != 0 && (!is_read || sd_data_ready(s->card))
+ && !s->linux_hack) {
+ if (is_read) {
+ n = 0;
+ while (s->datacnt && s->fifo_len < PL181_FIFO_LEN) {
+ value |= (uint32_t)sd_read_data(s->card) << (n * 8);
+ s->datacnt--;
+ n++;
+ if (n == 4) {
+ pl181_fifo_push(s, value);
+ n = 0;
+ value = 0;
+ }
+ }
+ if (n != 0) {
+ pl181_fifo_push(s, value);
+ }
+ } else { /* write */
+ n = 0;
+ while (s->datacnt > 0 && (s->fifo_len > 0 || n > 0)) {
+ if (n == 0) {
+ value = pl181_fifo_pop(s);
+ n = 4;
+ }
+ n--;
+ s->datacnt--;
+ sd_write_data(s->card, value & 0xff);
+ value >>= 8;
+ }
+ }
+ }
+ s->status &= ~(PL181_STATUS_RX_FIFO | PL181_STATUS_TX_FIFO);
+ if (s->datacnt == 0) {
+ s->status |= PL181_STATUS_DATAEND;
+ /* HACK: */
+ s->status |= PL181_STATUS_DATABLOCKEND;
+ DPRINTF("Transfer Complete\n");
+ }
+ if (s->datacnt == 0 && s->fifo_len == 0) {
+ s->datactrl &= ~PL181_DATA_ENABLE;
+ DPRINTF("Data engine idle\n");
+ } else {
+ /* Update FIFO bits. */
+ bits = PL181_STATUS_TXACTIVE | PL181_STATUS_RXACTIVE;
+ if (s->fifo_len == 0) {
+ bits |= PL181_STATUS_TXFIFOEMPTY;
+ bits |= PL181_STATUS_RXFIFOEMPTY;
+ } else {
+ bits |= PL181_STATUS_TXDATAAVLBL;
+ bits |= PL181_STATUS_RXDATAAVLBL;
+ }
+ if (s->fifo_len == 16) {
+ bits |= PL181_STATUS_TXFIFOFULL;
+ bits |= PL181_STATUS_RXFIFOFULL;
+ }
+ if (s->fifo_len <= 8) {
+ bits |= PL181_STATUS_TXFIFOHALFEMPTY;
+ }
+ if (s->fifo_len >= 8) {
+ bits |= PL181_STATUS_RXFIFOHALFFULL;
+ }
+ if (s->datactrl & PL181_DATA_DIRECTION) {
+ bits &= PL181_STATUS_RX_FIFO;
+ } else {
+ bits &= PL181_STATUS_TX_FIFO;
+ }
+ s->status |= bits;
+ }
+}
+
+static uint64_t pl181_read(void *opaque, hwaddr offset,
+ unsigned size)
+{
+ PL181State *s = (PL181State *)opaque;
+ uint32_t tmp;
+
+ if (offset >= 0xfe0 && offset < 0x1000) {
+ return pl181_id[(offset - 0xfe0) >> 2];
+ }
+ switch (offset) {
+ case 0x00: /* Power */
+ return s->power;
+ case 0x04: /* Clock */
+ return s->clock;
+ case 0x08: /* Argument */
+ return s->cmdarg;
+ case 0x0c: /* Command */
+ return s->cmd;
+ case 0x10: /* RespCmd */
+ return s->respcmd;
+ case 0x14: /* Response0 */
+ return s->response[0];
+ case 0x18: /* Response1 */
+ return s->response[1];
+ case 0x1c: /* Response2 */
+ return s->response[2];
+ case 0x20: /* Response3 */
+ return s->response[3];
+ case 0x24: /* DataTimer */
+ return s->datatimer;
+ case 0x28: /* DataLength */
+ return s->datalength;
+ case 0x2c: /* DataCtrl */
+ return s->datactrl;
+ case 0x30: /* DataCnt */
+ return s->datacnt;
+ case 0x34: /* Status */
+ tmp = s->status;
+ if (s->linux_hack) {
+ s->linux_hack = 0;
+ pl181_fifo_run(s);
+ pl181_update(s);
+ }
+ return tmp;
+ case 0x3c: /* Mask0 */
+ return s->mask[0];
+ case 0x40: /* Mask1 */
+ return s->mask[1];
+ case 0x48: /* FifoCnt */
+ /* The documentation is somewhat vague about exactly what FifoCnt
+ does. On real hardware it appears to be when decrememnted
+ when a word is transferred between the FIFO and the serial
+ data engine. DataCnt is decremented after each byte is
+ transferred between the serial engine and the card.
+ We don't emulate this level of detail, so both can be the same. */
+ tmp = (s->datacnt + 3) >> 2;
+ if (s->linux_hack) {
+ s->linux_hack = 0;
+ pl181_fifo_run(s);
+ pl181_update(s);
+ }
+ return tmp;
+ case 0x80: case 0x84: case 0x88: case 0x8c: /* FifoData */
+ case 0x90: case 0x94: case 0x98: case 0x9c:
+ case 0xa0: case 0xa4: case 0xa8: case 0xac:
+ case 0xb0: case 0xb4: case 0xb8: case 0xbc:
+ if (s->fifo_len == 0) {
+ qemu_log_mask(LOG_GUEST_ERROR, "pl181: Unexpected FIFO read\n");
+ return 0;
+ } else {
+ uint32_t value;
+ value = pl181_fifo_pop(s);
+ s->linux_hack = 1;
+ pl181_fifo_run(s);
+ pl181_update(s);
+ return value;
+ }
+ default:
+ qemu_log_mask(LOG_GUEST_ERROR,
+ "pl181_read: Bad offset %x\n", (int)offset);
+ return 0;
+ }
+}
+
+static void pl181_write(void *opaque, hwaddr offset,
+ uint64_t value, unsigned size)
+{
+ PL181State *s = (PL181State *)opaque;
+
+ switch (offset) {
+ case 0x00: /* Power */
+ s->power = value & 0xff;
+ break;
+ case 0x04: /* Clock */
+ s->clock = value & 0xff;
+ break;
+ case 0x08: /* Argument */
+ s->cmdarg = value;
+ break;
+ case 0x0c: /* Command */
+ s->cmd = value;
+ if (s->cmd & PL181_CMD_ENABLE) {
+ if (s->cmd & PL181_CMD_INTERRUPT) {
+ qemu_log_mask(LOG_UNIMP,
+ "pl181: Interrupt mode not implemented\n");
+ } if (s->cmd & PL181_CMD_PENDING) {
+ qemu_log_mask(LOG_UNIMP,
+ "pl181: Pending commands not implemented\n");
+ } else {
+ pl181_send_command(s);
+ pl181_fifo_run(s);
+ }
+ /* The command has completed one way or the other. */
+ s->cmd &= ~PL181_CMD_ENABLE;
+ }
+ break;
+ case 0x24: /* DataTimer */
+ s->datatimer = value;
+ break;
+ case 0x28: /* DataLength */
+ s->datalength = value & 0xffff;
+ break;
+ case 0x2c: /* DataCtrl */
+ s->datactrl = value & 0xff;
+ if (value & PL181_DATA_ENABLE) {
+ s->datacnt = s->datalength;
+ pl181_fifo_run(s);
+ }
+ break;
+ case 0x38: /* Clear */
+ s->status &= ~(value & 0x7ff);
+ break;
+ case 0x3c: /* Mask0 */
+ s->mask[0] = value;
+ break;
+ case 0x40: /* Mask1 */
+ s->mask[1] = value;
+ break;
+ case 0x80: case 0x84: case 0x88: case 0x8c: /* FifoData */
+ case 0x90: case 0x94: case 0x98: case 0x9c:
+ case 0xa0: case 0xa4: case 0xa8: case 0xac:
+ case 0xb0: case 0xb4: case 0xb8: case 0xbc:
+ if (s->datacnt == 0) {
+ qemu_log_mask(LOG_GUEST_ERROR, "pl181: Unexpected FIFO write\n");
+ } else {
+ pl181_fifo_push(s, value);
+ pl181_fifo_run(s);
+ }
+ break;
+ default:
+ qemu_log_mask(LOG_GUEST_ERROR,
+ "pl181_write: Bad offset %x\n", (int)offset);
+ }
+ pl181_update(s);
+}
+
+static const MemoryRegionOps pl181_ops = {
+ .read = pl181_read,
+ .write = pl181_write,
+ .endianness = DEVICE_NATIVE_ENDIAN,
+};
+
+static void pl181_reset(DeviceState *d)
+{
+ PL181State *s = PL181(d);
+
+ s->power = 0;
+ s->cmdarg = 0;
+ s->cmd = 0;
+ s->datatimer = 0;
+ s->datalength = 0;
+ s->respcmd = 0;
+ s->response[0] = 0;
+ s->response[1] = 0;
+ s->response[2] = 0;
+ s->response[3] = 0;
+ s->datatimer = 0;
+ s->datalength = 0;
+ s->datactrl = 0;
+ s->datacnt = 0;
+ s->status = 0;
+ s->linux_hack = 0;
+ s->mask[0] = 0;
+ s->mask[1] = 0;
+
+ /* We can assume our GPIO outputs have been wired up now */
+ sd_set_cb(s->card, s->cardstatus[0], s->cardstatus[1]);
+}
+
+static int pl181_init(SysBusDevice *sbd)
+{
+ DeviceState *dev = DEVICE(sbd);
+ PL181State *s = PL181(dev);
+ DriveInfo *dinfo;
+
+ memory_region_init_io(&s->iomem, OBJECT(s), &pl181_ops, s, "pl181", 0x1000);
+ sysbus_init_mmio(sbd, &s->iomem);
+ sysbus_init_irq(sbd, &s->irq[0]);
+ sysbus_init_irq(sbd, &s->irq[1]);
+ qdev_init_gpio_out(dev, s->cardstatus, 2);
+ dinfo = drive_get_next(IF_SD);
+ s->card = sd_init(dinfo ? dinfo->bdrv : NULL, false);
+ return 0;
+}
+
+static void pl181_class_init(ObjectClass *klass, void *data)
+{
+ SysBusDeviceClass *sdc = SYS_BUS_DEVICE_CLASS(klass);
+ DeviceClass *k = DEVICE_CLASS(klass);
+
+ sdc->init = pl181_init;
+ k->vmsd = &vmstate_pl181;
+ k->reset = pl181_reset;
+ k->no_user = 1;
+}
+
+static const TypeInfo pl181_info = {
+ .name = TYPE_PL181,
+ .parent = TYPE_SYS_BUS_DEVICE,
+ .instance_size = sizeof(PL181State),
+ .class_init = pl181_class_init,
+};
+
+static void pl181_register_types(void)
+{
+ type_register_static(&pl181_info);
+}
+
+type_init(pl181_register_types)
diff --git a/hw/sd/pxa2xx_mmci.c b/hw/sd/pxa2xx_mmci.c
new file mode 100644
index 000000000..90c955fe6
--- /dev/null
+++ b/hw/sd/pxa2xx_mmci.c
@@ -0,0 +1,553 @@
+/*
+ * Intel XScale PXA255/270 MultiMediaCard/SD/SDIO Controller emulation.
+ *
+ * Copyright (c) 2006 Openedhand Ltd.
+ * Written by Andrzej Zaborowski <balrog@zabor.org>
+ *
+ * This code is licensed under the GPLv2.
+ *
+ * Contributions after 2012-01-13 are licensed under the terms of the
+ * GNU GPL, version 2 or (at your option) any later version.
+ */
+
+#include "hw/hw.h"
+#include "hw/arm/pxa.h"
+#include "hw/sd.h"
+#include "hw/qdev.h"
+
+struct PXA2xxMMCIState {
+ MemoryRegion iomem;
+ qemu_irq irq;
+ qemu_irq rx_dma;
+ qemu_irq tx_dma;
+
+ SDState *card;
+
+ uint32_t status;
+ uint32_t clkrt;
+ uint32_t spi;
+ uint32_t cmdat;
+ uint32_t resp_tout;
+ uint32_t read_tout;
+ int blklen;
+ int numblk;
+ uint32_t intmask;
+ uint32_t intreq;
+ int cmd;
+ uint32_t arg;
+
+ int active;
+ int bytesleft;
+ uint8_t tx_fifo[64];
+ int tx_start;
+ int tx_len;
+ uint8_t rx_fifo[32];
+ int rx_start;
+ int rx_len;
+ uint16_t resp_fifo[9];
+ int resp_len;
+
+ int cmdreq;
+ int ac_width;
+};
+
+#define MMC_STRPCL 0x00 /* MMC Clock Start/Stop register */
+#define MMC_STAT 0x04 /* MMC Status register */
+#define MMC_CLKRT 0x08 /* MMC Clock Rate register */
+#define MMC_SPI 0x0c /* MMC SPI Mode register */
+#define MMC_CMDAT 0x10 /* MMC Command/Data register */
+#define MMC_RESTO 0x14 /* MMC Response Time-Out register */
+#define MMC_RDTO 0x18 /* MMC Read Time-Out register */
+#define MMC_BLKLEN 0x1c /* MMC Block Length register */
+#define MMC_NUMBLK 0x20 /* MMC Number of Blocks register */
+#define MMC_PRTBUF 0x24 /* MMC Buffer Partly Full register */
+#define MMC_I_MASK 0x28 /* MMC Interrupt Mask register */
+#define MMC_I_REG 0x2c /* MMC Interrupt Request register */
+#define MMC_CMD 0x30 /* MMC Command register */
+#define MMC_ARGH 0x34 /* MMC Argument High register */
+#define MMC_ARGL 0x38 /* MMC Argument Low register */
+#define MMC_RES 0x3c /* MMC Response FIFO */
+#define MMC_RXFIFO 0x40 /* MMC Receive FIFO */
+#define MMC_TXFIFO 0x44 /* MMC Transmit FIFO */
+#define MMC_RDWAIT 0x48 /* MMC RD_WAIT register */
+#define MMC_BLKS_REM 0x4c /* MMC Blocks Remaining register */
+
+/* Bitfield masks */
+#define STRPCL_STOP_CLK (1 << 0)
+#define STRPCL_STRT_CLK (1 << 1)
+#define STAT_TOUT_RES (1 << 1)
+#define STAT_CLK_EN (1 << 8)
+#define STAT_DATA_DONE (1 << 11)
+#define STAT_PRG_DONE (1 << 12)
+#define STAT_END_CMDRES (1 << 13)
+#define SPI_SPI_MODE (1 << 0)
+#define CMDAT_RES_TYPE (3 << 0)
+#define CMDAT_DATA_EN (1 << 2)
+#define CMDAT_WR_RD (1 << 3)
+#define CMDAT_DMA_EN (1 << 7)
+#define CMDAT_STOP_TRAN (1 << 10)
+#define INT_DATA_DONE (1 << 0)
+#define INT_PRG_DONE (1 << 1)
+#define INT_END_CMD (1 << 2)
+#define INT_STOP_CMD (1 << 3)
+#define INT_CLK_OFF (1 << 4)
+#define INT_RXFIFO_REQ (1 << 5)
+#define INT_TXFIFO_REQ (1 << 6)
+#define INT_TINT (1 << 7)
+#define INT_DAT_ERR (1 << 8)
+#define INT_RES_ERR (1 << 9)
+#define INT_RD_STALLED (1 << 10)
+#define INT_SDIO_INT (1 << 11)
+#define INT_SDIO_SACK (1 << 12)
+#define PRTBUF_PRT_BUF (1 << 0)
+
+/* Route internal interrupt lines to the global IC and DMA */
+static void pxa2xx_mmci_int_update(PXA2xxMMCIState *s)
+{
+ uint32_t mask = s->intmask;
+ if (s->cmdat & CMDAT_DMA_EN) {
+ mask |= INT_RXFIFO_REQ | INT_TXFIFO_REQ;
+
+ qemu_set_irq(s->rx_dma, !!(s->intreq & INT_RXFIFO_REQ));
+ qemu_set_irq(s->tx_dma, !!(s->intreq & INT_TXFIFO_REQ));
+ }
+
+ qemu_set_irq(s->irq, !!(s->intreq & ~mask));
+}
+
+static void pxa2xx_mmci_fifo_update(PXA2xxMMCIState *s)
+{
+ if (!s->active)
+ return;
+
+ if (s->cmdat & CMDAT_WR_RD) {
+ while (s->bytesleft && s->tx_len) {
+ sd_write_data(s->card, s->tx_fifo[s->tx_start ++]);
+ s->tx_start &= 0x1f;
+ s->tx_len --;
+ s->bytesleft --;
+ }
+ if (s->bytesleft)
+ s->intreq |= INT_TXFIFO_REQ;
+ } else
+ while (s->bytesleft && s->rx_len < 32) {
+ s->rx_fifo[(s->rx_start + (s->rx_len ++)) & 0x1f] =
+ sd_read_data(s->card);
+ s->bytesleft --;
+ s->intreq |= INT_RXFIFO_REQ;
+ }
+
+ if (!s->bytesleft) {
+ s->active = 0;
+ s->intreq |= INT_DATA_DONE;
+ s->status |= STAT_DATA_DONE;
+
+ if (s->cmdat & CMDAT_WR_RD) {
+ s->intreq |= INT_PRG_DONE;
+ s->status |= STAT_PRG_DONE;
+ }
+ }
+
+ pxa2xx_mmci_int_update(s);
+}
+
+static void pxa2xx_mmci_wakequeues(PXA2xxMMCIState *s)
+{
+ int rsplen, i;
+ SDRequest request;
+ uint8_t response[16];
+
+ s->active = 1;
+ s->rx_len = 0;
+ s->tx_len = 0;
+ s->cmdreq = 0;
+
+ request.cmd = s->cmd;
+ request.arg = s->arg;
+ request.crc = 0; /* FIXME */
+
+ rsplen = sd_do_command(s->card, &request, response);
+ s->intreq |= INT_END_CMD;
+
+ memset(s->resp_fifo, 0, sizeof(s->resp_fifo));
+ switch (s->cmdat & CMDAT_RES_TYPE) {
+#define PXAMMCI_RESP(wd, value0, value1) \
+ s->resp_fifo[(wd) + 0] |= (value0); \
+ s->resp_fifo[(wd) + 1] |= (value1) << 8;
+ case 0: /* No response */
+ goto complete;
+
+ case 1: /* R1, R4, R5 or R6 */
+ if (rsplen < 4)
+ goto timeout;
+ goto complete;
+
+ case 2: /* R2 */
+ if (rsplen < 16)
+ goto timeout;
+ goto complete;
+
+ case 3: /* R3 */
+ if (rsplen < 4)
+ goto timeout;
+ goto complete;
+
+ complete:
+ for (i = 0; rsplen > 0; i ++, rsplen -= 2) {
+ PXAMMCI_RESP(i, response[i * 2], response[i * 2 + 1]);
+ }
+ s->status |= STAT_END_CMDRES;
+
+ if (!(s->cmdat & CMDAT_DATA_EN))
+ s->active = 0;
+ else
+ s->bytesleft = s->numblk * s->blklen;
+
+ s->resp_len = 0;
+ break;
+
+ timeout:
+ s->active = 0;
+ s->status |= STAT_TOUT_RES;
+ break;
+ }
+
+ pxa2xx_mmci_fifo_update(s);
+}
+
+static uint32_t pxa2xx_mmci_read(void *opaque, hwaddr offset)
+{
+ PXA2xxMMCIState *s = (PXA2xxMMCIState *) opaque;
+ uint32_t ret;
+
+ switch (offset) {
+ case MMC_STRPCL:
+ return 0;
+ case MMC_STAT:
+ return s->status;
+ case MMC_CLKRT:
+ return s->clkrt;
+ case MMC_SPI:
+ return s->spi;
+ case MMC_CMDAT:
+ return s->cmdat;
+ case MMC_RESTO:
+ return s->resp_tout;
+ case MMC_RDTO:
+ return s->read_tout;
+ case MMC_BLKLEN:
+ return s->blklen;
+ case MMC_NUMBLK:
+ return s->numblk;
+ case MMC_PRTBUF:
+ return 0;
+ case MMC_I_MASK:
+ return s->intmask;
+ case MMC_I_REG:
+ return s->intreq;
+ case MMC_CMD:
+ return s->cmd | 0x40;
+ case MMC_ARGH:
+ return s->arg >> 16;
+ case MMC_ARGL:
+ return s->arg & 0xffff;
+ case MMC_RES:
+ if (s->resp_len < 9)
+ return s->resp_fifo[s->resp_len ++];
+ return 0;
+ case MMC_RXFIFO:
+ ret = 0;
+ while (s->ac_width -- && s->rx_len) {
+ ret |= s->rx_fifo[s->rx_start ++] << (s->ac_width << 3);
+ s->rx_start &= 0x1f;
+ s->rx_len --;
+ }
+ s->intreq &= ~INT_RXFIFO_REQ;
+ pxa2xx_mmci_fifo_update(s);
+ return ret;
+ case MMC_RDWAIT:
+ return 0;
+ case MMC_BLKS_REM:
+ return s->numblk;
+ default:
+ hw_error("%s: Bad offset " REG_FMT "\n", __FUNCTION__, offset);
+ }
+
+ return 0;
+}
+
+static void pxa2xx_mmci_write(void *opaque,
+ hwaddr offset, uint32_t value)
+{
+ PXA2xxMMCIState *s = (PXA2xxMMCIState *) opaque;
+
+ switch (offset) {
+ case MMC_STRPCL:
+ if (value & STRPCL_STRT_CLK) {
+ s->status |= STAT_CLK_EN;
+ s->intreq &= ~INT_CLK_OFF;
+
+ if (s->cmdreq && !(s->cmdat & CMDAT_STOP_TRAN)) {
+ s->status &= STAT_CLK_EN;
+ pxa2xx_mmci_wakequeues(s);
+ }
+ }
+
+ if (value & STRPCL_STOP_CLK) {
+ s->status &= ~STAT_CLK_EN;
+ s->intreq |= INT_CLK_OFF;
+ s->active = 0;
+ }
+
+ pxa2xx_mmci_int_update(s);
+ break;
+
+ case MMC_CLKRT:
+ s->clkrt = value & 7;
+ break;
+
+ case MMC_SPI:
+ s->spi = value & 0xf;
+ if (value & SPI_SPI_MODE)
+ printf("%s: attempted to use card in SPI mode\n", __FUNCTION__);
+ break;
+
+ case MMC_CMDAT:
+ s->cmdat = value & 0x3dff;
+ s->active = 0;
+ s->cmdreq = 1;
+ if (!(value & CMDAT_STOP_TRAN)) {
+ s->status &= STAT_CLK_EN;
+
+ if (s->status & STAT_CLK_EN)
+ pxa2xx_mmci_wakequeues(s);
+ }
+
+ pxa2xx_mmci_int_update(s);
+ break;
+
+ case MMC_RESTO:
+ s->resp_tout = value & 0x7f;
+ break;
+
+ case MMC_RDTO:
+ s->read_tout = value & 0xffff;
+ break;
+
+ case MMC_BLKLEN:
+ s->blklen = value & 0xfff;
+ break;
+
+ case MMC_NUMBLK:
+ s->numblk = value & 0xffff;
+ break;
+
+ case MMC_PRTBUF:
+ if (value & PRTBUF_PRT_BUF) {
+ s->tx_start ^= 32;
+ s->tx_len = 0;
+ }
+ pxa2xx_mmci_fifo_update(s);
+ break;
+
+ case MMC_I_MASK:
+ s->intmask = value & 0x1fff;
+ pxa2xx_mmci_int_update(s);
+ break;
+
+ case MMC_CMD:
+ s->cmd = value & 0x3f;
+ break;
+
+ case MMC_ARGH:
+ s->arg &= 0x0000ffff;
+ s->arg |= value << 16;
+ break;
+
+ case MMC_ARGL:
+ s->arg &= 0xffff0000;
+ s->arg |= value & 0x0000ffff;
+ break;
+
+ case MMC_TXFIFO:
+ while (s->ac_width -- && s->tx_len < 0x20)
+ s->tx_fifo[(s->tx_start + (s->tx_len ++)) & 0x1f] =
+ (value >> (s->ac_width << 3)) & 0xff;
+ s->intreq &= ~INT_TXFIFO_REQ;
+ pxa2xx_mmci_fifo_update(s);
+ break;
+
+ case MMC_RDWAIT:
+ case MMC_BLKS_REM:
+ break;
+
+ default:
+ hw_error("%s: Bad offset " REG_FMT "\n", __FUNCTION__, offset);
+ }
+}
+
+static uint32_t pxa2xx_mmci_readb(void *opaque, hwaddr offset)
+{
+ PXA2xxMMCIState *s = (PXA2xxMMCIState *) opaque;
+ s->ac_width = 1;
+ return pxa2xx_mmci_read(opaque, offset);
+}
+
+static uint32_t pxa2xx_mmci_readh(void *opaque, hwaddr offset)
+{
+ PXA2xxMMCIState *s = (PXA2xxMMCIState *) opaque;
+ s->ac_width = 2;
+ return pxa2xx_mmci_read(opaque, offset);
+}
+
+static uint32_t pxa2xx_mmci_readw(void *opaque, hwaddr offset)
+{
+ PXA2xxMMCIState *s = (PXA2xxMMCIState *) opaque;
+ s->ac_width = 4;
+ return pxa2xx_mmci_read(opaque, offset);
+}
+
+static void pxa2xx_mmci_writeb(void *opaque,
+ hwaddr offset, uint32_t value)
+{
+ PXA2xxMMCIState *s = (PXA2xxMMCIState *) opaque;
+ s->ac_width = 1;
+ pxa2xx_mmci_write(opaque, offset, value);
+}
+
+static void pxa2xx_mmci_writeh(void *opaque,
+ hwaddr offset, uint32_t value)
+{
+ PXA2xxMMCIState *s = (PXA2xxMMCIState *) opaque;
+ s->ac_width = 2;
+ pxa2xx_mmci_write(opaque, offset, value);
+}
+
+static void pxa2xx_mmci_writew(void *opaque,
+ hwaddr offset, uint32_t value)
+{
+ PXA2xxMMCIState *s = (PXA2xxMMCIState *) opaque;
+ s->ac_width = 4;
+ pxa2xx_mmci_write(opaque, offset, value);
+}
+
+static const MemoryRegionOps pxa2xx_mmci_ops = {
+ .old_mmio = {
+ .read = { pxa2xx_mmci_readb,
+ pxa2xx_mmci_readh,
+ pxa2xx_mmci_readw, },
+ .write = { pxa2xx_mmci_writeb,
+ pxa2xx_mmci_writeh,
+ pxa2xx_mmci_writew, },
+ },
+ .endianness = DEVICE_NATIVE_ENDIAN,
+};
+
+static void pxa2xx_mmci_save(QEMUFile *f, void *opaque)
+{
+ PXA2xxMMCIState *s = (PXA2xxMMCIState *) opaque;
+ int i;
+
+ qemu_put_be32s(f, &s->status);
+ qemu_put_be32s(f, &s->clkrt);
+ qemu_put_be32s(f, &s->spi);
+ qemu_put_be32s(f, &s->cmdat);
+ qemu_put_be32s(f, &s->resp_tout);
+ qemu_put_be32s(f, &s->read_tout);
+ qemu_put_be32(f, s->blklen);
+ qemu_put_be32(f, s->numblk);
+ qemu_put_be32s(f, &s->intmask);
+ qemu_put_be32s(f, &s->intreq);
+ qemu_put_be32(f, s->cmd);
+ qemu_put_be32s(f, &s->arg);
+ qemu_put_be32(f, s->cmdreq);
+ qemu_put_be32(f, s->active);
+ qemu_put_be32(f, s->bytesleft);
+
+ qemu_put_byte(f, s->tx_len);
+ for (i = 0; i < s->tx_len; i ++)
+ qemu_put_byte(f, s->tx_fifo[(s->tx_start + i) & 63]);
+
+ qemu_put_byte(f, s->rx_len);
+ for (i = 0; i < s->rx_len; i ++)
+ qemu_put_byte(f, s->rx_fifo[(s->rx_start + i) & 31]);
+
+ qemu_put_byte(f, s->resp_len);
+ for (i = s->resp_len; i < 9; i ++)
+ qemu_put_be16s(f, &s->resp_fifo[i]);
+}
+
+static int pxa2xx_mmci_load(QEMUFile *f, void *opaque, int version_id)
+{
+ PXA2xxMMCIState *s = (PXA2xxMMCIState *) opaque;
+ int i;
+
+ qemu_get_be32s(f, &s->status);
+ qemu_get_be32s(f, &s->clkrt);
+ qemu_get_be32s(f, &s->spi);
+ qemu_get_be32s(f, &s->cmdat);
+ qemu_get_be32s(f, &s->resp_tout);
+ qemu_get_be32s(f, &s->read_tout);
+ s->blklen = qemu_get_be32(f);
+ s->numblk = qemu_get_be32(f);
+ qemu_get_be32s(f, &s->intmask);
+ qemu_get_be32s(f, &s->intreq);
+ s->cmd = qemu_get_be32(f);
+ qemu_get_be32s(f, &s->arg);
+ s->cmdreq = qemu_get_be32(f);
+ s->active = qemu_get_be32(f);
+ s->bytesleft = qemu_get_be32(f);
+
+ s->tx_len = qemu_get_byte(f);
+ s->tx_start = 0;
+ if (s->tx_len >= sizeof(s->tx_fifo) || s->tx_len < 0)
+ return -EINVAL;
+ for (i = 0; i < s->tx_len; i ++)
+ s->tx_fifo[i] = qemu_get_byte(f);
+
+ s->rx_len = qemu_get_byte(f);
+ s->rx_start = 0;
+ if (s->rx_len >= sizeof(s->rx_fifo) || s->rx_len < 0)
+ return -EINVAL;
+ for (i = 0; i < s->rx_len; i ++)
+ s->rx_fifo[i] = qemu_get_byte(f);
+
+ s->resp_len = qemu_get_byte(f);
+ if (s->resp_len > 9 || s->resp_len < 0)
+ return -EINVAL;
+ for (i = s->resp_len; i < 9; i ++)
+ qemu_get_be16s(f, &s->resp_fifo[i]);
+
+ return 0;
+}
+
+PXA2xxMMCIState *pxa2xx_mmci_init(MemoryRegion *sysmem,
+ hwaddr base,
+ BlockDriverState *bd, qemu_irq irq,
+ qemu_irq rx_dma, qemu_irq tx_dma)
+{
+ PXA2xxMMCIState *s;
+
+ s = (PXA2xxMMCIState *) g_malloc0(sizeof(PXA2xxMMCIState));
+ s->irq = irq;
+ s->rx_dma = rx_dma;
+ s->tx_dma = tx_dma;
+
+ memory_region_init_io(&s->iomem, NULL, &pxa2xx_mmci_ops, s,
+ "pxa2xx-mmci", 0x00100000);
+ memory_region_add_subregion(sysmem, base, &s->iomem);
+
+ /* Instantiate the actual storage */
+ s->card = sd_init(bd, false);
+
+ register_savevm(NULL, "pxa2xx_mmci", 0, 0,
+ pxa2xx_mmci_save, pxa2xx_mmci_load, s);
+
+ return s;
+}
+
+void pxa2xx_mmci_handlers(PXA2xxMMCIState *s, qemu_irq readonly,
+ qemu_irq coverswitch)
+{
+ sd_set_cb(s->card, readonly, coverswitch);
+}
diff --git a/hw/sd/sd.c b/hw/sd/sd.c
new file mode 100644
index 000000000..346d86f69
--- /dev/null
+++ b/hw/sd/sd.c
@@ -0,0 +1,1771 @@
+/*
+ * SD Memory Card emulation as defined in the "SD Memory Card Physical
+ * layer specification, Version 1.10."
+ *
+ * Copyright (c) 2006 Andrzej Zaborowski <balrog@zabor.org>
+ * Copyright (c) 2007 CodeSourcery
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS''
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
+ * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
+ * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "hw/hw.h"
+#include "block/block.h"
+#include "hw/sd.h"
+#include "qemu/bitmap.h"
+
+//#define DEBUG_SD 1
+
+#ifdef DEBUG_SD
+#define DPRINTF(fmt, ...) \
+do { fprintf(stderr, "SD: " fmt , ## __VA_ARGS__); } while (0)
+#else
+#define DPRINTF(fmt, ...) do {} while(0)
+#endif
+
+#define ACMD41_ENQUIRY_MASK 0x00ffffff
+
+typedef enum {
+ sd_r0 = 0, /* no response */
+ sd_r1, /* normal response command */
+ sd_r2_i, /* CID register */
+ sd_r2_s, /* CSD register */
+ sd_r3, /* OCR register */
+ sd_r6 = 6, /* Published RCA response */
+ sd_r7, /* Operating voltage */
+ sd_r1b = -1,
+ sd_illegal = -2,
+} sd_rsp_type_t;
+
+enum SDCardModes {
+ sd_inactive,
+ sd_card_identification_mode,
+ sd_data_transfer_mode,
+};
+
+enum SDCardStates {
+ sd_inactive_state = -1,
+ sd_idle_state = 0,
+ sd_ready_state,
+ sd_identification_state,
+ sd_standby_state,
+ sd_transfer_state,
+ sd_sendingdata_state,
+ sd_receivingdata_state,
+ sd_programming_state,
+ sd_disconnect_state,
+};
+
+struct SDState {
+ uint32_t mode; /* current card mode, one of SDCardModes */
+ int32_t state; /* current card state, one of SDCardStates */
+ uint32_t ocr;
+ uint8_t scr[8];
+ uint8_t cid[16];
+ uint8_t csd[16];
+ uint16_t rca;
+ uint32_t card_status;
+ uint8_t sd_status[64];
+ uint32_t vhs;
+ bool wp_switch;
+ unsigned long *wp_groups;
+ int32_t wpgrps_size;
+ uint64_t size;
+ uint32_t blk_len;
+ uint32_t erase_start;
+ uint32_t erase_end;
+ uint8_t pwd[16];
+ uint32_t pwd_len;
+ uint8_t function_group[6];
+
+ bool spi;
+ uint8_t current_cmd;
+ /* True if we will handle the next command as an ACMD. Note that this does
+ * *not* track the APP_CMD status bit!
+ */
+ bool expecting_acmd;
+ uint32_t blk_written;
+ uint64_t data_start;
+ uint32_t data_offset;
+ uint8_t data[512];
+ qemu_irq readonly_cb;
+ qemu_irq inserted_cb;
+ BlockDriverState *bdrv;
+ uint8_t *buf;
+
+ bool enable;
+};
+
+static void sd_set_mode(SDState *sd)
+{
+ switch (sd->state) {
+ case sd_inactive_state:
+ sd->mode = sd_inactive;
+ break;
+
+ case sd_idle_state:
+ case sd_ready_state:
+ case sd_identification_state:
+ sd->mode = sd_card_identification_mode;
+ break;
+
+ case sd_standby_state:
+ case sd_transfer_state:
+ case sd_sendingdata_state:
+ case sd_receivingdata_state:
+ case sd_programming_state:
+ case sd_disconnect_state:
+ sd->mode = sd_data_transfer_mode;
+ break;
+ }
+}
+
+static const sd_cmd_type_t sd_cmd_type[64] = {
+ sd_bc, sd_none, sd_bcr, sd_bcr, sd_none, sd_none, sd_none, sd_ac,
+ sd_bcr, sd_ac, sd_ac, sd_adtc, sd_ac, sd_ac, sd_none, sd_ac,
+ sd_ac, sd_adtc, sd_adtc, sd_none, sd_none, sd_none, sd_none, sd_none,
+ sd_adtc, sd_adtc, sd_adtc, sd_adtc, sd_ac, sd_ac, sd_adtc, sd_none,
+ sd_ac, sd_ac, sd_none, sd_none, sd_none, sd_none, sd_ac, sd_none,
+ sd_none, sd_none, sd_bc, sd_none, sd_none, sd_none, sd_none, sd_none,
+ sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_ac,
+ sd_adtc, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none,
+};
+
+static const sd_cmd_type_t sd_acmd_type[64] = {
+ sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_ac, sd_none,
+ sd_none, sd_none, sd_none, sd_none, sd_none, sd_adtc, sd_none, sd_none,
+ sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_adtc, sd_ac,
+ sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none,
+ sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none,
+ sd_none, sd_bcr, sd_ac, sd_none, sd_none, sd_none, sd_none, sd_none,
+ sd_none, sd_none, sd_none, sd_adtc, sd_none, sd_none, sd_none, sd_none,
+ sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none,
+};
+
+static const int sd_cmd_class[64] = {
+ 0, 0, 0, 0, 0, 9, 10, 0, 0, 0, 0, 1, 0, 0, 0, 0,
+ 2, 2, 2, 2, 3, 3, 3, 3, 4, 4, 4, 4, 6, 6, 6, 6,
+ 5, 5, 10, 10, 10, 10, 5, 9, 9, 9, 7, 7, 7, 7, 7, 7,
+ 7, 7, 10, 7, 9, 9, 9, 8, 8, 10, 8, 8, 8, 8, 8, 8,
+};
+
+static uint8_t sd_crc7(void *message, size_t width)
+{
+ int i, bit;
+ uint8_t shift_reg = 0x00;
+ uint8_t *msg = (uint8_t *) message;
+
+ for (i = 0; i < width; i ++, msg ++)
+ for (bit = 7; bit >= 0; bit --) {
+ shift_reg <<= 1;
+ if ((shift_reg >> 7) ^ ((*msg >> bit) & 1))
+ shift_reg ^= 0x89;
+ }
+
+ return shift_reg;
+}
+
+static uint16_t sd_crc16(void *message, size_t width)
+{
+ int i, bit;
+ uint16_t shift_reg = 0x0000;
+ uint16_t *msg = (uint16_t *) message;
+ width <<= 1;
+
+ for (i = 0; i < width; i ++, msg ++)
+ for (bit = 15; bit >= 0; bit --) {
+ shift_reg <<= 1;
+ if ((shift_reg >> 15) ^ ((*msg >> bit) & 1))
+ shift_reg ^= 0x1011;
+ }
+
+ return shift_reg;
+}
+
+static void sd_set_ocr(SDState *sd)
+{
+ /* All voltages OK, card power-up OK, Standard Capacity SD Memory Card */
+ sd->ocr = 0x80ffff00;
+}
+
+static void sd_set_scr(SDState *sd)
+{
+ sd->scr[0] = 0x00; /* SCR Structure */
+ sd->scr[1] = 0x2f; /* SD Security Support */
+ sd->scr[2] = 0x00;
+ sd->scr[3] = 0x00;
+ sd->scr[4] = 0x00;
+ sd->scr[5] = 0x00;
+ sd->scr[6] = 0x00;
+ sd->scr[7] = 0x00;
+}
+
+#define MID 0xaa
+#define OID "XY"
+#define PNM "QEMU!"
+#define PRV 0x01
+#define MDT_YR 2006
+#define MDT_MON 2
+
+static void sd_set_cid(SDState *sd)
+{
+ sd->cid[0] = MID; /* Fake card manufacturer ID (MID) */
+ sd->cid[1] = OID[0]; /* OEM/Application ID (OID) */
+ sd->cid[2] = OID[1];
+ sd->cid[3] = PNM[0]; /* Fake product name (PNM) */
+ sd->cid[4] = PNM[1];
+ sd->cid[5] = PNM[2];
+ sd->cid[6] = PNM[3];
+ sd->cid[7] = PNM[4];
+ sd->cid[8] = PRV; /* Fake product revision (PRV) */
+ sd->cid[9] = 0xde; /* Fake serial number (PSN) */
+ sd->cid[10] = 0xad;
+ sd->cid[11] = 0xbe;
+ sd->cid[12] = 0xef;
+ sd->cid[13] = 0x00 | /* Manufacture date (MDT) */
+ ((MDT_YR - 2000) / 10);
+ sd->cid[14] = ((MDT_YR % 10) << 4) | MDT_MON;
+ sd->cid[15] = (sd_crc7(sd->cid, 15) << 1) | 1;
+}
+
+#define HWBLOCK_SHIFT 9 /* 512 bytes */
+#define SECTOR_SHIFT 5 /* 16 kilobytes */
+#define WPGROUP_SHIFT 7 /* 2 megs */
+#define CMULT_SHIFT 9 /* 512 times HWBLOCK_SIZE */
+#define WPGROUP_SIZE (1 << (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT))
+
+static const uint8_t sd_csd_rw_mask[16] = {
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xfc, 0xfe,
+};
+
+static void sd_set_csd(SDState *sd, uint64_t size)
+{
+ uint32_t csize = (size >> (CMULT_SHIFT + HWBLOCK_SHIFT)) - 1;
+ uint32_t sectsize = (1 << (SECTOR_SHIFT + 1)) - 1;
+ uint32_t wpsize = (1 << (WPGROUP_SHIFT + 1)) - 1;
+
+ if (size <= 0x40000000) { /* Standard Capacity SD */
+ sd->csd[0] = 0x00; /* CSD structure */
+ sd->csd[1] = 0x26; /* Data read access-time-1 */
+ sd->csd[2] = 0x00; /* Data read access-time-2 */
+ sd->csd[3] = 0x5a; /* Max. data transfer rate */
+ sd->csd[4] = 0x5f; /* Card Command Classes */
+ sd->csd[5] = 0x50 | /* Max. read data block length */
+ HWBLOCK_SHIFT;
+ sd->csd[6] = 0xe0 | /* Partial block for read allowed */
+ ((csize >> 10) & 0x03);
+ sd->csd[7] = 0x00 | /* Device size */
+ ((csize >> 2) & 0xff);
+ sd->csd[8] = 0x3f | /* Max. read current */
+ ((csize << 6) & 0xc0);
+ sd->csd[9] = 0xfc | /* Max. write current */
+ ((CMULT_SHIFT - 2) >> 1);
+ sd->csd[10] = 0x40 | /* Erase sector size */
+ (((CMULT_SHIFT - 2) << 7) & 0x80) | (sectsize >> 1);
+ sd->csd[11] = 0x00 | /* Write protect group size */
+ ((sectsize << 7) & 0x80) | wpsize;
+ sd->csd[12] = 0x90 | /* Write speed factor */
+ (HWBLOCK_SHIFT >> 2);
+ sd->csd[13] = 0x20 | /* Max. write data block length */
+ ((HWBLOCK_SHIFT << 6) & 0xc0);
+ sd->csd[14] = 0x00; /* File format group */
+ sd->csd[15] = (sd_crc7(sd->csd, 15) << 1) | 1;
+ } else { /* SDHC */
+ size /= 512 * 1024;
+ size -= 1;
+ sd->csd[0] = 0x40;
+ sd->csd[1] = 0x0e;
+ sd->csd[2] = 0x00;
+ sd->csd[3] = 0x32;
+ sd->csd[4] = 0x5b;
+ sd->csd[5] = 0x59;
+ sd->csd[6] = 0x00;
+ sd->csd[7] = (size >> 16) & 0xff;
+ sd->csd[8] = (size >> 8) & 0xff;
+ sd->csd[9] = (size & 0xff);
+ sd->csd[10] = 0x7f;
+ sd->csd[11] = 0x80;
+ sd->csd[12] = 0x0a;
+ sd->csd[13] = 0x40;
+ sd->csd[14] = 0x00;
+ sd->csd[15] = 0x00;
+ sd->ocr |= 1 << 30; /* High Capacity SD Memory Card */
+ }
+}
+
+static void sd_set_rca(SDState *sd)
+{
+ sd->rca += 0x4567;
+}
+
+/* Card status bits, split by clear condition:
+ * A : According to the card current state
+ * B : Always related to the previous command
+ * C : Cleared by read
+ */
+#define CARD_STATUS_A 0x02004100
+#define CARD_STATUS_B 0x00c01e00
+#define CARD_STATUS_C 0xfd39a028
+
+static void sd_set_cardstatus(SDState *sd)
+{
+ sd->card_status = 0x00000100;
+}
+
+static void sd_set_sdstatus(SDState *sd)
+{
+ memset(sd->sd_status, 0, 64);
+}
+
+static int sd_req_crc_validate(SDRequest *req)
+{
+ uint8_t buffer[5];
+ buffer[0] = 0x40 | req->cmd;
+ buffer[1] = (req->arg >> 24) & 0xff;
+ buffer[2] = (req->arg >> 16) & 0xff;
+ buffer[3] = (req->arg >> 8) & 0xff;
+ buffer[4] = (req->arg >> 0) & 0xff;
+ return 0;
+ return sd_crc7(buffer, 5) != req->crc; /* TODO */
+}
+
+static void sd_response_r1_make(SDState *sd, uint8_t *response)
+{
+ uint32_t status = sd->card_status;
+ /* Clear the "clear on read" status bits */
+ sd->card_status &= ~CARD_STATUS_C;
+
+ response[0] = (status >> 24) & 0xff;
+ response[1] = (status >> 16) & 0xff;
+ response[2] = (status >> 8) & 0xff;
+ response[3] = (status >> 0) & 0xff;
+}
+
+static void sd_response_r3_make(SDState *sd, uint8_t *response)
+{
+ response[0] = (sd->ocr >> 24) & 0xff;
+ response[1] = (sd->ocr >> 16) & 0xff;
+ response[2] = (sd->ocr >> 8) & 0xff;
+ response[3] = (sd->ocr >> 0) & 0xff;
+}
+
+static void sd_response_r6_make(SDState *sd, uint8_t *response)
+{
+ uint16_t arg;
+ uint16_t status;
+
+ arg = sd->rca;
+ status = ((sd->card_status >> 8) & 0xc000) |
+ ((sd->card_status >> 6) & 0x2000) |
+ (sd->card_status & 0x1fff);
+ sd->card_status &= ~(CARD_STATUS_C & 0xc81fff);
+
+ response[0] = (arg >> 8) & 0xff;
+ response[1] = arg & 0xff;
+ response[2] = (status >> 8) & 0xff;
+ response[3] = status & 0xff;
+}
+
+static void sd_response_r7_make(SDState *sd, uint8_t *response)
+{
+ response[0] = (sd->vhs >> 24) & 0xff;
+ response[1] = (sd->vhs >> 16) & 0xff;
+ response[2] = (sd->vhs >> 8) & 0xff;
+ response[3] = (sd->vhs >> 0) & 0xff;
+}
+
+static inline uint64_t sd_addr_to_wpnum(uint64_t addr)
+{
+ return addr >> (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT);
+}
+
+static void sd_reset(SDState *sd, BlockDriverState *bdrv)
+{
+ uint64_t size;
+ uint64_t sect;
+
+ if (bdrv) {
+ bdrv_get_geometry(bdrv, &sect);
+ } else {
+ sect = 0;
+ }
+ size = sect << 9;
+
+ sect = sd_addr_to_wpnum(size) + 1;
+
+ sd->state = sd_idle_state;
+ sd->rca = 0x0000;
+ sd_set_ocr(sd);
+ sd_set_scr(sd);
+ sd_set_cid(sd);
+ sd_set_csd(sd, size);
+ sd_set_cardstatus(sd);
+ sd_set_sdstatus(sd);
+
+ sd->bdrv = bdrv;
+
+ if (sd->wp_groups)
+ g_free(sd->wp_groups);
+ sd->wp_switch = bdrv ? bdrv_is_read_only(bdrv) : false;
+ sd->wpgrps_size = sect;
+ sd->wp_groups = bitmap_new(sd->wpgrps_size);
+ memset(sd->function_group, 0, sizeof(sd->function_group));
+ sd->erase_start = 0;
+ sd->erase_end = 0;
+ sd->size = size;
+ sd->blk_len = 0x200;
+ sd->pwd_len = 0;
+ sd->expecting_acmd = false;
+}
+
+static void sd_cardchange(void *opaque, bool load)
+{
+ SDState *sd = opaque;
+
+ qemu_set_irq(sd->inserted_cb, bdrv_is_inserted(sd->bdrv));
+ if (bdrv_is_inserted(sd->bdrv)) {
+ sd_reset(sd, sd->bdrv);
+ qemu_set_irq(sd->readonly_cb, sd->wp_switch);
+ }
+}
+
+static const BlockDevOps sd_block_ops = {
+ .change_media_cb = sd_cardchange,
+};
+
+static const VMStateDescription sd_vmstate = {
+ .name = "sd-card",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .fields = (VMStateField[]) {
+ VMSTATE_UINT32(mode, SDState),
+ VMSTATE_INT32(state, SDState),
+ VMSTATE_UINT8_ARRAY(cid, SDState, 16),
+ VMSTATE_UINT8_ARRAY(csd, SDState, 16),
+ VMSTATE_UINT16(rca, SDState),
+ VMSTATE_UINT32(card_status, SDState),
+ VMSTATE_PARTIAL_BUFFER(sd_status, SDState, 1),
+ VMSTATE_UINT32(vhs, SDState),
+ VMSTATE_BITMAP(wp_groups, SDState, 0, wpgrps_size),
+ VMSTATE_UINT32(blk_len, SDState),
+ VMSTATE_UINT32(erase_start, SDState),
+ VMSTATE_UINT32(erase_end, SDState),
+ VMSTATE_UINT8_ARRAY(pwd, SDState, 16),
+ VMSTATE_UINT32(pwd_len, SDState),
+ VMSTATE_UINT8_ARRAY(function_group, SDState, 6),
+ VMSTATE_UINT8(current_cmd, SDState),
+ VMSTATE_BOOL(expecting_acmd, SDState),
+ VMSTATE_UINT32(blk_written, SDState),
+ VMSTATE_UINT64(data_start, SDState),
+ VMSTATE_UINT32(data_offset, SDState),
+ VMSTATE_UINT8_ARRAY(data, SDState, 512),
+ VMSTATE_BUFFER_POINTER_UNSAFE(buf, SDState, 1, 512),
+ VMSTATE_BOOL(enable, SDState),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+/* We do not model the chip select pin, so allow the board to select
+ whether card should be in SSI or MMC/SD mode. It is also up to the
+ board to ensure that ssi transfers only occur when the chip select
+ is asserted. */
+SDState *sd_init(BlockDriverState *bs, bool is_spi)
+{
+ SDState *sd;
+
+ sd = (SDState *) g_malloc0(sizeof(SDState));
+ sd->buf = qemu_blockalign(bs, 512);
+ sd->spi = is_spi;
+ sd->enable = true;
+ sd_reset(sd, bs);
+ if (sd->bdrv) {
+ bdrv_attach_dev_nofail(sd->bdrv, sd);
+ bdrv_set_dev_ops(sd->bdrv, &sd_block_ops, sd);
+ }
+ vmstate_register(NULL, -1, &sd_vmstate, sd);
+ return sd;
+}
+
+void sd_set_cb(SDState *sd, qemu_irq readonly, qemu_irq insert)
+{
+ sd->readonly_cb = readonly;
+ sd->inserted_cb = insert;
+ qemu_set_irq(readonly, sd->bdrv ? bdrv_is_read_only(sd->bdrv) : 0);
+ qemu_set_irq(insert, sd->bdrv ? bdrv_is_inserted(sd->bdrv) : 0);
+}
+
+static void sd_erase(SDState *sd)
+{
+ int i;
+ uint64_t erase_start = sd->erase_start;
+ uint64_t erase_end = sd->erase_end;
+
+ if (!sd->erase_start || !sd->erase_end) {
+ sd->card_status |= ERASE_SEQ_ERROR;
+ return;
+ }
+
+ if (extract32(sd->ocr, OCR_CCS_BITN, 1)) {
+ /* High capacity memory card: erase units are 512 byte blocks */
+ erase_start *= 512;
+ erase_end *= 512;
+ }
+
+ erase_start = sd_addr_to_wpnum(erase_start);
+ erase_end = sd_addr_to_wpnum(erase_end);
+ sd->erase_start = 0;
+ sd->erase_end = 0;
+ sd->csd[14] |= 0x40;
+
+ for (i = erase_start; i <= erase_end; i++) {
+ if (test_bit(i, sd->wp_groups)) {
+ sd->card_status |= WP_ERASE_SKIP;
+ }
+ }
+}
+
+static uint32_t sd_wpbits(SDState *sd, uint64_t addr)
+{
+ uint32_t i, wpnum;
+ uint32_t ret = 0;
+
+ wpnum = sd_addr_to_wpnum(addr);
+
+ for (i = 0; i < 32; i++, wpnum++, addr += WPGROUP_SIZE) {
+ if (addr < sd->size && test_bit(wpnum, sd->wp_groups)) {
+ ret |= (1 << i);
+ }
+ }
+
+ return ret;
+}
+
+static void sd_function_switch(SDState *sd, uint32_t arg)
+{
+ int i, mode, new_func, crc;
+ mode = !!(arg & 0x80000000);
+
+ sd->data[0] = 0x00; /* Maximum current consumption */
+ sd->data[1] = 0x01;
+ sd->data[2] = 0x80; /* Supported group 6 functions */
+ sd->data[3] = 0x01;
+ sd->data[4] = 0x80; /* Supported group 5 functions */
+ sd->data[5] = 0x01;
+ sd->data[6] = 0x80; /* Supported group 4 functions */
+ sd->data[7] = 0x01;
+ sd->data[8] = 0x80; /* Supported group 3 functions */
+ sd->data[9] = 0x01;
+ sd->data[10] = 0x80; /* Supported group 2 functions */
+ sd->data[11] = 0x43;
+ sd->data[12] = 0x80; /* Supported group 1 functions */
+ sd->data[13] = 0x03;
+ for (i = 0; i < 6; i ++) {
+ new_func = (arg >> (i * 4)) & 0x0f;
+ if (mode && new_func != 0x0f)
+ sd->function_group[i] = new_func;
+ sd->data[14 + (i >> 1)] = new_func << ((i * 4) & 4);
+ }
+ memset(&sd->data[17], 0, 47);
+ crc = sd_crc16(sd->data, 64);
+ sd->data[65] = crc >> 8;
+ sd->data[66] = crc & 0xff;
+}
+
+static inline bool sd_wp_addr(SDState *sd, uint64_t addr)
+{
+ return test_bit(sd_addr_to_wpnum(addr), sd->wp_groups);
+}
+
+static void sd_lock_command(SDState *sd)
+{
+ int erase, lock, clr_pwd, set_pwd, pwd_len;
+ erase = !!(sd->data[0] & 0x08);
+ lock = sd->data[0] & 0x04;
+ clr_pwd = sd->data[0] & 0x02;
+ set_pwd = sd->data[0] & 0x01;
+
+ if (sd->blk_len > 1)
+ pwd_len = sd->data[1];
+ else
+ pwd_len = 0;
+
+ if (erase) {
+ if (!(sd->card_status & CARD_IS_LOCKED) || sd->blk_len > 1 ||
+ set_pwd || clr_pwd || lock || sd->wp_switch ||
+ (sd->csd[14] & 0x20)) {
+ sd->card_status |= LOCK_UNLOCK_FAILED;
+ return;
+ }
+ bitmap_zero(sd->wp_groups, sd->wpgrps_size);
+ sd->csd[14] &= ~0x10;
+ sd->card_status &= ~CARD_IS_LOCKED;
+ sd->pwd_len = 0;
+ /* Erasing the entire card here! */
+ fprintf(stderr, "SD: Card force-erased by CMD42\n");
+ return;
+ }
+
+ if (sd->blk_len < 2 + pwd_len ||
+ pwd_len <= sd->pwd_len ||
+ pwd_len > sd->pwd_len + 16) {
+ sd->card_status |= LOCK_UNLOCK_FAILED;
+ return;
+ }
+
+ if (sd->pwd_len && memcmp(sd->pwd, sd->data + 2, sd->pwd_len)) {
+ sd->card_status |= LOCK_UNLOCK_FAILED;
+ return;
+ }
+
+ pwd_len -= sd->pwd_len;
+ if ((pwd_len && !set_pwd) ||
+ (clr_pwd && (set_pwd || lock)) ||
+ (lock && !sd->pwd_len && !set_pwd) ||
+ (!set_pwd && !clr_pwd &&
+ (((sd->card_status & CARD_IS_LOCKED) && lock) ||
+ (!(sd->card_status & CARD_IS_LOCKED) && !lock)))) {
+ sd->card_status |= LOCK_UNLOCK_FAILED;
+ return;
+ }
+
+ if (set_pwd) {
+ memcpy(sd->pwd, sd->data + 2 + sd->pwd_len, pwd_len);
+ sd->pwd_len = pwd_len;
+ }
+
+ if (clr_pwd) {
+ sd->pwd_len = 0;
+ }
+
+ if (lock)
+ sd->card_status |= CARD_IS_LOCKED;
+ else
+ sd->card_status &= ~CARD_IS_LOCKED;
+}
+
+static sd_rsp_type_t sd_normal_command(SDState *sd,
+ SDRequest req)
+{
+ uint32_t rca = 0x0000;
+ uint64_t addr = (sd->ocr & (1 << 30)) ? (uint64_t) req.arg << 9 : req.arg;
+
+ /* Not interpreting this as an app command */
+ sd->card_status &= ~APP_CMD;
+
+ if (sd_cmd_type[req.cmd] == sd_ac || sd_cmd_type[req.cmd] == sd_adtc)
+ rca = req.arg >> 16;
+
+ DPRINTF("CMD%d 0x%08x state %d\n", req.cmd, req.arg, sd->state);
+ switch (req.cmd) {
+ /* Basic commands (Class 0 and Class 1) */
+ case 0: /* CMD0: GO_IDLE_STATE */
+ switch (sd->state) {
+ case sd_inactive_state:
+ return sd->spi ? sd_r1 : sd_r0;
+
+ default:
+ sd->state = sd_idle_state;
+ sd_reset(sd, sd->bdrv);
+ return sd->spi ? sd_r1 : sd_r0;
+ }
+ break;
+
+ case 1: /* CMD1: SEND_OP_CMD */
+ if (!sd->spi)
+ goto bad_cmd;
+
+ sd->state = sd_transfer_state;
+ return sd_r1;
+
+ case 2: /* CMD2: ALL_SEND_CID */
+ if (sd->spi)
+ goto bad_cmd;
+ switch (sd->state) {
+ case sd_ready_state:
+ sd->state = sd_identification_state;
+ return sd_r2_i;
+
+ default:
+ break;
+ }
+ break;
+
+ case 3: /* CMD3: SEND_RELATIVE_ADDR */
+ if (sd->spi)
+ goto bad_cmd;
+ switch (sd->state) {
+ case sd_identification_state:
+ case sd_standby_state:
+ sd->state = sd_standby_state;
+ sd_set_rca(sd);
+ return sd_r6;
+
+ default:
+ break;
+ }
+ break;
+
+ case 4: /* CMD4: SEND_DSR */
+ if (sd->spi)
+ goto bad_cmd;
+ switch (sd->state) {
+ case sd_standby_state:
+ break;
+
+ default:
+ break;
+ }
+ break;
+
+ case 5: /* CMD5: reserved for SDIO cards */
+ return sd_illegal;
+
+ case 6: /* CMD6: SWITCH_FUNCTION */
+ if (sd->spi)
+ goto bad_cmd;
+ switch (sd->mode) {
+ case sd_data_transfer_mode:
+ sd_function_switch(sd, req.arg);
+ sd->state = sd_sendingdata_state;
+ sd->data_start = 0;
+ sd->data_offset = 0;
+ return sd_r1;
+
+ default:
+ break;
+ }
+ break;
+
+ case 7: /* CMD7: SELECT/DESELECT_CARD */
+ if (sd->spi)
+ goto bad_cmd;
+ switch (sd->state) {
+ case sd_standby_state:
+ if (sd->rca != rca)
+ return sd_r0;
+
+ sd->state = sd_transfer_state;
+ return sd_r1b;
+
+ case sd_transfer_state:
+ case sd_sendingdata_state:
+ if (sd->rca == rca)
+ break;
+
+ sd->state = sd_standby_state;
+ return sd_r1b;
+
+ case sd_disconnect_state:
+ if (sd->rca != rca)
+ return sd_r0;
+
+ sd->state = sd_programming_state;
+ return sd_r1b;
+
+ case sd_programming_state:
+ if (sd->rca == rca)
+ break;
+
+ sd->state = sd_disconnect_state;
+ return sd_r1b;
+
+ default:
+ break;
+ }
+ break;
+
+ case 8: /* CMD8: SEND_IF_COND */
+ /* Physical Layer Specification Version 2.00 command */
+ switch (sd->state) {
+ case sd_idle_state:
+ sd->vhs = 0;
+
+ /* No response if not exactly one VHS bit is set. */
+ if (!(req.arg >> 8) || (req.arg >> ffs(req.arg & ~0xff)))
+ return sd->spi ? sd_r7 : sd_r0;
+
+ /* Accept. */
+ sd->vhs = req.arg;
+ return sd_r7;
+
+ default:
+ break;
+ }
+ break;
+
+ case 9: /* CMD9: SEND_CSD */
+ switch (sd->state) {
+ case sd_standby_state:
+ if (sd->rca != rca)
+ return sd_r0;
+
+ return sd_r2_s;
+
+ case sd_transfer_state:
+ if (!sd->spi)
+ break;
+ sd->state = sd_sendingdata_state;
+ memcpy(sd->data, sd->csd, 16);
+ sd->data_start = addr;
+ sd->data_offset = 0;
+ return sd_r1;
+
+ default:
+ break;
+ }
+ break;
+
+ case 10: /* CMD10: SEND_CID */
+ switch (sd->state) {
+ case sd_standby_state:
+ if (sd->rca != rca)
+ return sd_r0;
+
+ return sd_r2_i;
+
+ case sd_transfer_state:
+ if (!sd->spi)
+ break;
+ sd->state = sd_sendingdata_state;
+ memcpy(sd->data, sd->cid, 16);
+ sd->data_start = addr;
+ sd->data_offset = 0;
+ return sd_r1;
+
+ default:
+ break;
+ }
+ break;
+
+ case 11: /* CMD11: READ_DAT_UNTIL_STOP */
+ if (sd->spi)
+ goto bad_cmd;
+ switch (sd->state) {
+ case sd_transfer_state:
+ sd->state = sd_sendingdata_state;
+ sd->data_start = req.arg;
+ sd->data_offset = 0;
+
+ if (sd->data_start + sd->blk_len > sd->size)
+ sd->card_status |= ADDRESS_ERROR;
+ return sd_r0;
+
+ default:
+ break;
+ }
+ break;
+
+ case 12: /* CMD12: STOP_TRANSMISSION */
+ switch (sd->state) {
+ case sd_sendingdata_state:
+ sd->state = sd_transfer_state;
+ return sd_r1b;
+
+ case sd_receivingdata_state:
+ sd->state = sd_programming_state;
+ /* Bzzzzzzztt .... Operation complete. */
+ sd->state = sd_transfer_state;
+ return sd_r1b;
+
+ default:
+ break;
+ }
+ break;
+
+ case 13: /* CMD13: SEND_STATUS */
+ switch (sd->mode) {
+ case sd_data_transfer_mode:
+ if (sd->rca != rca)
+ return sd_r0;
+
+ return sd_r1;
+
+ default:
+ break;
+ }
+ break;
+
+ case 15: /* CMD15: GO_INACTIVE_STATE */
+ if (sd->spi)
+ goto bad_cmd;
+ switch (sd->mode) {
+ case sd_data_transfer_mode:
+ if (sd->rca != rca)
+ return sd_r0;
+
+ sd->state = sd_inactive_state;
+ return sd_r0;
+
+ default:
+ break;
+ }
+ break;
+
+ /* Block read commands (Classs 2) */
+ case 16: /* CMD16: SET_BLOCKLEN */
+ switch (sd->state) {
+ case sd_transfer_state:
+ if (req.arg > (1 << HWBLOCK_SHIFT))
+ sd->card_status |= BLOCK_LEN_ERROR;
+ else
+ sd->blk_len = req.arg;
+
+ return sd_r1;
+
+ default:
+ break;
+ }
+ break;
+
+ case 17: /* CMD17: READ_SINGLE_BLOCK */
+ switch (sd->state) {
+ case sd_transfer_state:
+ sd->state = sd_sendingdata_state;
+ sd->data_start = addr;
+ sd->data_offset = 0;
+
+ if (sd->data_start + sd->blk_len > sd->size)
+ sd->card_status |= ADDRESS_ERROR;
+ return sd_r1;
+
+ default:
+ break;
+ }
+ break;
+
+ case 18: /* CMD18: READ_MULTIPLE_BLOCK */
+ switch (sd->state) {
+ case sd_transfer_state:
+ sd->state = sd_sendingdata_state;
+ sd->data_start = addr;
+ sd->data_offset = 0;
+
+ if (sd->data_start + sd->blk_len > sd->size)
+ sd->card_status |= ADDRESS_ERROR;
+ return sd_r1;
+
+ default:
+ break;
+ }
+ break;
+
+ /* Block write commands (Class 4) */
+ case 24: /* CMD24: WRITE_SINGLE_BLOCK */
+ if (sd->spi)
+ goto unimplemented_cmd;
+ switch (sd->state) {
+ case sd_transfer_state:
+ /* Writing in SPI mode not implemented. */
+ if (sd->spi)
+ break;
+ sd->state = sd_receivingdata_state;
+ sd->data_start = addr;
+ sd->data_offset = 0;
+ sd->blk_written = 0;
+
+ if (sd->data_start + sd->blk_len > sd->size)
+ sd->card_status |= ADDRESS_ERROR;
+ if (sd_wp_addr(sd, sd->data_start))
+ sd->card_status |= WP_VIOLATION;
+ if (sd->csd[14] & 0x30)
+ sd->card_status |= WP_VIOLATION;
+ return sd_r1;
+
+ default:
+ break;
+ }
+ break;
+
+ case 25: /* CMD25: WRITE_MULTIPLE_BLOCK */
+ if (sd->spi)
+ goto unimplemented_cmd;
+ switch (sd->state) {
+ case sd_transfer_state:
+ /* Writing in SPI mode not implemented. */
+ if (sd->spi)
+ break;
+ sd->state = sd_receivingdata_state;
+ sd->data_start = addr;
+ sd->data_offset = 0;
+ sd->blk_written = 0;
+
+ if (sd->data_start + sd->blk_len > sd->size)
+ sd->card_status |= ADDRESS_ERROR;
+ if (sd_wp_addr(sd, sd->data_start))
+ sd->card_status |= WP_VIOLATION;
+ if (sd->csd[14] & 0x30)
+ sd->card_status |= WP_VIOLATION;
+ return sd_r1;
+
+ default:
+ break;
+ }
+ break;
+
+ case 26: /* CMD26: PROGRAM_CID */
+ if (sd->spi)
+ goto bad_cmd;
+ switch (sd->state) {
+ case sd_transfer_state:
+ sd->state = sd_receivingdata_state;
+ sd->data_start = 0;
+ sd->data_offset = 0;
+ return sd_r1;
+
+ default:
+ break;
+ }
+ break;
+
+ case 27: /* CMD27: PROGRAM_CSD */
+ if (sd->spi)
+ goto unimplemented_cmd;
+ switch (sd->state) {
+ case sd_transfer_state:
+ sd->state = sd_receivingdata_state;
+ sd->data_start = 0;
+ sd->data_offset = 0;
+ return sd_r1;
+
+ default:
+ break;
+ }
+ break;
+
+ /* Write protection (Class 6) */
+ case 28: /* CMD28: SET_WRITE_PROT */
+ switch (sd->state) {
+ case sd_transfer_state:
+ if (addr >= sd->size) {
+ sd->card_status |= ADDRESS_ERROR;
+ return sd_r1b;
+ }
+
+ sd->state = sd_programming_state;
+ set_bit(sd_addr_to_wpnum(addr), sd->wp_groups);
+ /* Bzzzzzzztt .... Operation complete. */
+ sd->state = sd_transfer_state;
+ return sd_r1b;
+
+ default:
+ break;
+ }
+ break;
+
+ case 29: /* CMD29: CLR_WRITE_PROT */
+ switch (sd->state) {
+ case sd_transfer_state:
+ if (addr >= sd->size) {
+ sd->card_status |= ADDRESS_ERROR;
+ return sd_r1b;
+ }
+
+ sd->state = sd_programming_state;
+ clear_bit(sd_addr_to_wpnum(addr), sd->wp_groups);
+ /* Bzzzzzzztt .... Operation complete. */
+ sd->state = sd_transfer_state;
+ return sd_r1b;
+
+ default:
+ break;
+ }
+ break;
+
+ case 30: /* CMD30: SEND_WRITE_PROT */
+ switch (sd->state) {
+ case sd_transfer_state:
+ sd->state = sd_sendingdata_state;
+ *(uint32_t *) sd->data = sd_wpbits(sd, req.arg);
+ sd->data_start = addr;
+ sd->data_offset = 0;
+ return sd_r1b;
+
+ default:
+ break;
+ }
+ break;
+
+ /* Erase commands (Class 5) */
+ case 32: /* CMD32: ERASE_WR_BLK_START */
+ switch (sd->state) {
+ case sd_transfer_state:
+ sd->erase_start = req.arg;
+ return sd_r1;
+
+ default:
+ break;
+ }
+ break;
+
+ case 33: /* CMD33: ERASE_WR_BLK_END */
+ switch (sd->state) {
+ case sd_transfer_state:
+ sd->erase_end = req.arg;
+ return sd_r1;
+
+ default:
+ break;
+ }
+ break;
+
+ case 38: /* CMD38: ERASE */
+ switch (sd->state) {
+ case sd_transfer_state:
+ if (sd->csd[14] & 0x30) {
+ sd->card_status |= WP_VIOLATION;
+ return sd_r1b;
+ }
+
+ sd->state = sd_programming_state;
+ sd_erase(sd);
+ /* Bzzzzzzztt .... Operation complete. */
+ sd->state = sd_transfer_state;
+ return sd_r1b;
+
+ default:
+ break;
+ }
+ break;
+
+ /* Lock card commands (Class 7) */
+ case 42: /* CMD42: LOCK_UNLOCK */
+ if (sd->spi)
+ goto unimplemented_cmd;
+ switch (sd->state) {
+ case sd_transfer_state:
+ sd->state = sd_receivingdata_state;
+ sd->data_start = 0;
+ sd->data_offset = 0;
+ return sd_r1;
+
+ default:
+ break;
+ }
+ break;
+
+ case 52:
+ case 53:
+ /* CMD52, CMD53: reserved for SDIO cards
+ * (see the SDIO Simplified Specification V2.0)
+ * Handle as illegal command but do not complain
+ * on stderr, as some OSes may use these in their
+ * probing for presence of an SDIO card.
+ */
+ return sd_illegal;
+
+ /* Application specific commands (Class 8) */
+ case 55: /* CMD55: APP_CMD */
+ if (sd->rca != rca)
+ return sd_r0;
+
+ sd->expecting_acmd = true;
+ sd->card_status |= APP_CMD;
+ return sd_r1;
+
+ case 56: /* CMD56: GEN_CMD */
+ fprintf(stderr, "SD: GEN_CMD 0x%08x\n", req.arg);
+
+ switch (sd->state) {
+ case sd_transfer_state:
+ sd->data_offset = 0;
+ if (req.arg & 1)
+ sd->state = sd_sendingdata_state;
+ else
+ sd->state = sd_receivingdata_state;
+ return sd_r1;
+
+ default:
+ break;
+ }
+ break;
+
+ default:
+ bad_cmd:
+ fprintf(stderr, "SD: Unknown CMD%i\n", req.cmd);
+ return sd_illegal;
+
+ unimplemented_cmd:
+ /* Commands that are recognised but not yet implemented in SPI mode. */
+ fprintf(stderr, "SD: CMD%i not implemented in SPI mode\n", req.cmd);
+ return sd_illegal;
+ }
+
+ fprintf(stderr, "SD: CMD%i in a wrong state\n", req.cmd);
+ return sd_illegal;
+}
+
+static sd_rsp_type_t sd_app_command(SDState *sd,
+ SDRequest req)
+{
+ DPRINTF("ACMD%d 0x%08x\n", req.cmd, req.arg);
+ sd->card_status |= APP_CMD;
+ switch (req.cmd) {
+ case 6: /* ACMD6: SET_BUS_WIDTH */
+ switch (sd->state) {
+ case sd_transfer_state:
+ sd->sd_status[0] &= 0x3f;
+ sd->sd_status[0] |= (req.arg & 0x03) << 6;
+ return sd_r1;
+
+ default:
+ break;
+ }
+ break;
+
+ case 13: /* ACMD13: SD_STATUS */
+ switch (sd->state) {
+ case sd_transfer_state:
+ sd->state = sd_sendingdata_state;
+ sd->data_start = 0;
+ sd->data_offset = 0;
+ return sd_r1;
+
+ default:
+ break;
+ }
+ break;
+
+ case 22: /* ACMD22: SEND_NUM_WR_BLOCKS */
+ switch (sd->state) {
+ case sd_transfer_state:
+ *(uint32_t *) sd->data = sd->blk_written;
+
+ sd->state = sd_sendingdata_state;
+ sd->data_start = 0;
+ sd->data_offset = 0;
+ return sd_r1;
+
+ default:
+ break;
+ }
+ break;
+
+ case 23: /* ACMD23: SET_WR_BLK_ERASE_COUNT */
+ switch (sd->state) {
+ case sd_transfer_state:
+ return sd_r1;
+
+ default:
+ break;
+ }
+ break;
+
+ case 41: /* ACMD41: SD_APP_OP_COND */
+ if (sd->spi) {
+ /* SEND_OP_CMD */
+ sd->state = sd_transfer_state;
+ return sd_r1;
+ }
+ switch (sd->state) {
+ case sd_idle_state:
+ /* We accept any voltage. 10000 V is nothing.
+ *
+ * We don't model init delay so just advance straight to ready state
+ * unless it's an enquiry ACMD41 (bits 23:0 == 0).
+ */
+ if (req.arg & ACMD41_ENQUIRY_MASK) {
+ sd->state = sd_ready_state;
+ }
+
+ return sd_r3;
+
+ default:
+ break;
+ }
+ break;
+
+ case 42: /* ACMD42: SET_CLR_CARD_DETECT */
+ switch (sd->state) {
+ case sd_transfer_state:
+ /* Bringing in the 50KOhm pull-up resistor... Done. */
+ return sd_r1;
+
+ default:
+ break;
+ }
+ break;
+
+ case 51: /* ACMD51: SEND_SCR */
+ switch (sd->state) {
+ case sd_transfer_state:
+ sd->state = sd_sendingdata_state;
+ sd->data_start = 0;
+ sd->data_offset = 0;
+ return sd_r1;
+
+ default:
+ break;
+ }
+ break;
+
+ default:
+ /* Fall back to standard commands. */
+ return sd_normal_command(sd, req);
+ }
+
+ fprintf(stderr, "SD: ACMD%i in a wrong state\n", req.cmd);
+ return sd_illegal;
+}
+
+static int cmd_valid_while_locked(SDState *sd, SDRequest *req)
+{
+ /* Valid commands in locked state:
+ * basic class (0)
+ * lock card class (7)
+ * CMD16
+ * implicitly, the ACMD prefix CMD55
+ * ACMD41 and ACMD42
+ * Anything else provokes an "illegal command" response.
+ */
+ if (sd->expecting_acmd) {
+ return req->cmd == 41 || req->cmd == 42;
+ }
+ if (req->cmd == 16 || req->cmd == 55) {
+ return 1;
+ }
+ return sd_cmd_class[req->cmd] == 0 || sd_cmd_class[req->cmd] == 7;
+}
+
+int sd_do_command(SDState *sd, SDRequest *req,
+ uint8_t *response) {
+ int last_state;
+ sd_rsp_type_t rtype;
+ int rsplen;
+
+ if (!sd->bdrv || !bdrv_is_inserted(sd->bdrv) || !sd->enable) {
+ return 0;
+ }
+
+ if (sd_req_crc_validate(req)) {
+ sd->card_status |= COM_CRC_ERROR;
+ rtype = sd_illegal;
+ goto send_response;
+ }
+
+ if (sd->card_status & CARD_IS_LOCKED) {
+ if (!cmd_valid_while_locked(sd, req)) {
+ sd->card_status |= ILLEGAL_COMMAND;
+ sd->expecting_acmd = false;
+ fprintf(stderr, "SD: Card is locked\n");
+ rtype = sd_illegal;
+ goto send_response;
+ }
+ }
+
+ last_state = sd->state;
+ sd_set_mode(sd);
+
+ if (sd->expecting_acmd) {
+ sd->expecting_acmd = false;
+ rtype = sd_app_command(sd, *req);
+ } else {
+ rtype = sd_normal_command(sd, *req);
+ }
+
+ if (rtype == sd_illegal) {
+ sd->card_status |= ILLEGAL_COMMAND;
+ } else {
+ /* Valid command, we can update the 'state before command' bits.
+ * (Do this now so they appear in r1 responses.)
+ */
+ sd->current_cmd = req->cmd;
+ sd->card_status &= ~CURRENT_STATE;
+ sd->card_status |= (last_state << 9);
+ }
+
+send_response:
+ switch (rtype) {
+ case sd_r1:
+ case sd_r1b:
+ sd_response_r1_make(sd, response);
+ rsplen = 4;
+ break;
+
+ case sd_r2_i:
+ memcpy(response, sd->cid, sizeof(sd->cid));
+ rsplen = 16;
+ break;
+
+ case sd_r2_s:
+ memcpy(response, sd->csd, sizeof(sd->csd));
+ rsplen = 16;
+ break;
+
+ case sd_r3:
+ sd_response_r3_make(sd, response);
+ rsplen = 4;
+ break;
+
+ case sd_r6:
+ sd_response_r6_make(sd, response);
+ rsplen = 4;
+ break;
+
+ case sd_r7:
+ sd_response_r7_make(sd, response);
+ rsplen = 4;
+ break;
+
+ case sd_r0:
+ case sd_illegal:
+ default:
+ rsplen = 0;
+ break;
+ }
+
+ if (rtype != sd_illegal) {
+ /* Clear the "clear on valid command" status bits now we've
+ * sent any response
+ */
+ sd->card_status &= ~CARD_STATUS_B;
+ }
+
+#ifdef DEBUG_SD
+ if (rsplen) {
+ int i;
+ DPRINTF("Response:");
+ for (i = 0; i < rsplen; i++)
+ fprintf(stderr, " %02x", response[i]);
+ fprintf(stderr, " state %d\n", sd->state);
+ } else {
+ DPRINTF("No response %d\n", sd->state);
+ }
+#endif
+
+ return rsplen;
+}
+
+static void sd_blk_read(SDState *sd, uint64_t addr, uint32_t len)
+{
+ uint64_t end = addr + len;
+
+ DPRINTF("sd_blk_read: addr = 0x%08llx, len = %d\n",
+ (unsigned long long) addr, len);
+ if (!sd->bdrv || bdrv_read(sd->bdrv, addr >> 9, sd->buf, 1) < 0) {
+ fprintf(stderr, "sd_blk_read: read error on host side\n");
+ return;
+ }
+
+ if (end > (addr & ~511) + 512) {
+ memcpy(sd->data, sd->buf + (addr & 511), 512 - (addr & 511));
+
+ if (bdrv_read(sd->bdrv, end >> 9, sd->buf, 1) < 0) {
+ fprintf(stderr, "sd_blk_read: read error on host side\n");
+ return;
+ }
+ memcpy(sd->data + 512 - (addr & 511), sd->buf, end & 511);
+ } else
+ memcpy(sd->data, sd->buf + (addr & 511), len);
+}
+
+static void sd_blk_write(SDState *sd, uint64_t addr, uint32_t len)
+{
+ uint64_t end = addr + len;
+
+ if ((addr & 511) || len < 512)
+ if (!sd->bdrv || bdrv_read(sd->bdrv, addr >> 9, sd->buf, 1) < 0) {
+ fprintf(stderr, "sd_blk_write: read error on host side\n");
+ return;
+ }
+
+ if (end > (addr & ~511) + 512) {
+ memcpy(sd->buf + (addr & 511), sd->data, 512 - (addr & 511));
+ if (bdrv_write(sd->bdrv, addr >> 9, sd->buf, 1) < 0) {
+ fprintf(stderr, "sd_blk_write: write error on host side\n");
+ return;
+ }
+
+ if (bdrv_read(sd->bdrv, end >> 9, sd->buf, 1) < 0) {
+ fprintf(stderr, "sd_blk_write: read error on host side\n");
+ return;
+ }
+ memcpy(sd->buf, sd->data + 512 - (addr & 511), end & 511);
+ if (bdrv_write(sd->bdrv, end >> 9, sd->buf, 1) < 0) {
+ fprintf(stderr, "sd_blk_write: write error on host side\n");
+ }
+ } else {
+ memcpy(sd->buf + (addr & 511), sd->data, len);
+ if (!sd->bdrv || bdrv_write(sd->bdrv, addr >> 9, sd->buf, 1) < 0) {
+ fprintf(stderr, "sd_blk_write: write error on host side\n");
+ }
+ }
+}
+
+#define BLK_READ_BLOCK(a, len) sd_blk_read(sd, a, len)
+#define BLK_WRITE_BLOCK(a, len) sd_blk_write(sd, a, len)
+#define APP_READ_BLOCK(a, len) memset(sd->data, 0xec, len)
+#define APP_WRITE_BLOCK(a, len)
+
+void sd_write_data(SDState *sd, uint8_t value)
+{
+ int i;
+
+ if (!sd->bdrv || !bdrv_is_inserted(sd->bdrv) || !sd->enable)
+ return;
+
+ if (sd->state != sd_receivingdata_state) {
+ fprintf(stderr, "sd_write_data: not in Receiving-Data state\n");
+ return;
+ }
+
+ if (sd->card_status & (ADDRESS_ERROR | WP_VIOLATION))
+ return;
+
+ switch (sd->current_cmd) {
+ case 24: /* CMD24: WRITE_SINGLE_BLOCK */
+ sd->data[sd->data_offset ++] = value;
+ if (sd->data_offset >= sd->blk_len) {
+ /* TODO: Check CRC before committing */
+ sd->state = sd_programming_state;
+ BLK_WRITE_BLOCK(sd->data_start, sd->data_offset);
+ sd->blk_written ++;
+ sd->csd[14] |= 0x40;
+ /* Bzzzzzzztt .... Operation complete. */
+ sd->state = sd_transfer_state;
+ }
+ break;
+
+ case 25: /* CMD25: WRITE_MULTIPLE_BLOCK */
+ if (sd->data_offset == 0) {
+ /* Start of the block - let's check the address is valid */
+ if (sd->data_start + sd->blk_len > sd->size) {
+ sd->card_status |= ADDRESS_ERROR;
+ break;
+ }
+ if (sd_wp_addr(sd, sd->data_start)) {
+ sd->card_status |= WP_VIOLATION;
+ break;
+ }
+ }
+ sd->data[sd->data_offset++] = value;
+ if (sd->data_offset >= sd->blk_len) {
+ /* TODO: Check CRC before committing */
+ sd->state = sd_programming_state;
+ BLK_WRITE_BLOCK(sd->data_start, sd->data_offset);
+ sd->blk_written++;
+ sd->data_start += sd->blk_len;
+ sd->data_offset = 0;
+ sd->csd[14] |= 0x40;
+
+ /* Bzzzzzzztt .... Operation complete. */
+ sd->state = sd_receivingdata_state;
+ }
+ break;
+
+ case 26: /* CMD26: PROGRAM_CID */
+ sd->data[sd->data_offset ++] = value;
+ if (sd->data_offset >= sizeof(sd->cid)) {
+ /* TODO: Check CRC before committing */
+ sd->state = sd_programming_state;
+ for (i = 0; i < sizeof(sd->cid); i ++)
+ if ((sd->cid[i] | 0x00) != sd->data[i])
+ sd->card_status |= CID_CSD_OVERWRITE;
+
+ if (!(sd->card_status & CID_CSD_OVERWRITE))
+ for (i = 0; i < sizeof(sd->cid); i ++) {
+ sd->cid[i] |= 0x00;
+ sd->cid[i] &= sd->data[i];
+ }
+ /* Bzzzzzzztt .... Operation complete. */
+ sd->state = sd_transfer_state;
+ }
+ break;
+
+ case 27: /* CMD27: PROGRAM_CSD */
+ sd->data[sd->data_offset ++] = value;
+ if (sd->data_offset >= sizeof(sd->csd)) {
+ /* TODO: Check CRC before committing */
+ sd->state = sd_programming_state;
+ for (i = 0; i < sizeof(sd->csd); i ++)
+ if ((sd->csd[i] | sd_csd_rw_mask[i]) !=
+ (sd->data[i] | sd_csd_rw_mask[i]))
+ sd->card_status |= CID_CSD_OVERWRITE;
+
+ /* Copy flag (OTP) & Permanent write protect */
+ if (sd->csd[14] & ~sd->data[14] & 0x60)
+ sd->card_status |= CID_CSD_OVERWRITE;
+
+ if (!(sd->card_status & CID_CSD_OVERWRITE))
+ for (i = 0; i < sizeof(sd->csd); i ++) {
+ sd->csd[i] |= sd_csd_rw_mask[i];
+ sd->csd[i] &= sd->data[i];
+ }
+ /* Bzzzzzzztt .... Operation complete. */
+ sd->state = sd_transfer_state;
+ }
+ break;
+
+ case 42: /* CMD42: LOCK_UNLOCK */
+ sd->data[sd->data_offset ++] = value;
+ if (sd->data_offset >= sd->blk_len) {
+ /* TODO: Check CRC before committing */
+ sd->state = sd_programming_state;
+ sd_lock_command(sd);
+ /* Bzzzzzzztt .... Operation complete. */
+ sd->state = sd_transfer_state;
+ }
+ break;
+
+ case 56: /* CMD56: GEN_CMD */
+ sd->data[sd->data_offset ++] = value;
+ if (sd->data_offset >= sd->blk_len) {
+ APP_WRITE_BLOCK(sd->data_start, sd->data_offset);
+ sd->state = sd_transfer_state;
+ }
+ break;
+
+ default:
+ fprintf(stderr, "sd_write_data: unknown command\n");
+ break;
+ }
+}
+
+uint8_t sd_read_data(SDState *sd)
+{
+ /* TODO: Append CRCs */
+ uint8_t ret;
+ int io_len;
+
+ if (!sd->bdrv || !bdrv_is_inserted(sd->bdrv) || !sd->enable)
+ return 0x00;
+
+ if (sd->state != sd_sendingdata_state) {
+ fprintf(stderr, "sd_read_data: not in Sending-Data state\n");
+ return 0x00;
+ }
+
+ if (sd->card_status & (ADDRESS_ERROR | WP_VIOLATION))
+ return 0x00;
+
+ io_len = (sd->ocr & (1 << 30)) ? 512 : sd->blk_len;
+
+ switch (sd->current_cmd) {
+ case 6: /* CMD6: SWITCH_FUNCTION */
+ ret = sd->data[sd->data_offset ++];
+
+ if (sd->data_offset >= 64)
+ sd->state = sd_transfer_state;
+ break;
+
+ case 9: /* CMD9: SEND_CSD */
+ case 10: /* CMD10: SEND_CID */
+ ret = sd->data[sd->data_offset ++];
+
+ if (sd->data_offset >= 16)
+ sd->state = sd_transfer_state;
+ break;
+
+ case 11: /* CMD11: READ_DAT_UNTIL_STOP */
+ if (sd->data_offset == 0)
+ BLK_READ_BLOCK(sd->data_start, io_len);
+ ret = sd->data[sd->data_offset ++];
+
+ if (sd->data_offset >= io_len) {
+ sd->data_start += io_len;
+ sd->data_offset = 0;
+ if (sd->data_start + io_len > sd->size) {
+ sd->card_status |= ADDRESS_ERROR;
+ break;
+ }
+ }
+ break;
+
+ case 13: /* ACMD13: SD_STATUS */
+ ret = sd->sd_status[sd->data_offset ++];
+
+ if (sd->data_offset >= sizeof(sd->sd_status))
+ sd->state = sd_transfer_state;
+ break;
+
+ case 17: /* CMD17: READ_SINGLE_BLOCK */
+ if (sd->data_offset == 0)
+ BLK_READ_BLOCK(sd->data_start, io_len);
+ ret = sd->data[sd->data_offset ++];
+
+ if (sd->data_offset >= io_len)
+ sd->state = sd_transfer_state;
+ break;
+
+ case 18: /* CMD18: READ_MULTIPLE_BLOCK */
+ if (sd->data_offset == 0)
+ BLK_READ_BLOCK(sd->data_start, io_len);
+ ret = sd->data[sd->data_offset ++];
+
+ if (sd->data_offset >= io_len) {
+ sd->data_start += io_len;
+ sd->data_offset = 0;
+ if (sd->data_start + io_len > sd->size) {
+ sd->card_status |= ADDRESS_ERROR;
+ break;
+ }
+ }
+ break;
+
+ case 22: /* ACMD22: SEND_NUM_WR_BLOCKS */
+ ret = sd->data[sd->data_offset ++];
+
+ if (sd->data_offset >= 4)
+ sd->state = sd_transfer_state;
+ break;
+
+ case 30: /* CMD30: SEND_WRITE_PROT */
+ ret = sd->data[sd->data_offset ++];
+
+ if (sd->data_offset >= 4)
+ sd->state = sd_transfer_state;
+ break;
+
+ case 51: /* ACMD51: SEND_SCR */
+ ret = sd->scr[sd->data_offset ++];
+
+ if (sd->data_offset >= sizeof(sd->scr))
+ sd->state = sd_transfer_state;
+ break;
+
+ case 56: /* CMD56: GEN_CMD */
+ if (sd->data_offset == 0)
+ APP_READ_BLOCK(sd->data_start, sd->blk_len);
+ ret = sd->data[sd->data_offset ++];
+
+ if (sd->data_offset >= sd->blk_len)
+ sd->state = sd_transfer_state;
+ break;
+
+ default:
+ fprintf(stderr, "sd_read_data: unknown command\n");
+ return 0x00;
+ }
+
+ return ret;
+}
+
+bool sd_data_ready(SDState *sd)
+{
+ return sd->state == sd_sendingdata_state;
+}
+
+void sd_enable(SDState *sd, bool enable)
+{
+ sd->enable = enable;
+}
diff --git a/hw/sd/sdhci.c b/hw/sd/sdhci.c
new file mode 100644
index 000000000..d2dbddc11
--- /dev/null
+++ b/hw/sd/sdhci.c
@@ -0,0 +1,1300 @@
+/*
+ * SD Association Host Standard Specification v2.0 controller emulation
+ *
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd.
+ * Mitsyanko Igor <i.mitsyanko@samsung.com>
+ * Peter A.G. Crosthwaite <peter.crosthwaite@petalogix.com>
+ *
+ * Based on MMC controller for Samsung S5PC1xx-based board emulation
+ * by Alexey Merkulov and Vladimir Monakhov.
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+ * See the GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "hw/hw.h"
+#include "sysemu/blockdev.h"
+#include "sysemu/dma.h"
+#include "qemu/timer.h"
+#include "block/block_int.h"
+#include "qemu/bitops.h"
+
+#include "sdhci.h"
+
+/* host controller debug messages */
+#ifndef SDHC_DEBUG
+#define SDHC_DEBUG 0
+#endif
+
+#if SDHC_DEBUG == 0
+ #define DPRINT_L1(fmt, args...) do { } while (0)
+ #define DPRINT_L2(fmt, args...) do { } while (0)
+ #define ERRPRINT(fmt, args...) do { } while (0)
+#elif SDHC_DEBUG == 1
+ #define DPRINT_L1(fmt, args...) \
+ do {fprintf(stderr, "QEMU SDHC: "fmt, ## args); } while (0)
+ #define DPRINT_L2(fmt, args...) do { } while (0)
+ #define ERRPRINT(fmt, args...) \
+ do {fprintf(stderr, "QEMU SDHC ERROR: "fmt, ## args); } while (0)
+#else
+ #define DPRINT_L1(fmt, args...) \
+ do {fprintf(stderr, "QEMU SDHC: "fmt, ## args); } while (0)
+ #define DPRINT_L2(fmt, args...) \
+ do {fprintf(stderr, "QEMU SDHC: "fmt, ## args); } while (0)
+ #define ERRPRINT(fmt, args...) \
+ do {fprintf(stderr, "QEMU SDHC ERROR: "fmt, ## args); } while (0)
+#endif
+
+/* Default SD/MMC host controller features information, which will be
+ * presented in CAPABILITIES register of generic SD host controller at reset.
+ * If not stated otherwise:
+ * 0 - not supported, 1 - supported, other - prohibited.
+ */
+#define SDHC_CAPAB_64BITBUS 0ul /* 64-bit System Bus Support */
+#define SDHC_CAPAB_18V 1ul /* Voltage support 1.8v */
+#define SDHC_CAPAB_30V 0ul /* Voltage support 3.0v */
+#define SDHC_CAPAB_33V 1ul /* Voltage support 3.3v */
+#define SDHC_CAPAB_SUSPRESUME 0ul /* Suspend/resume support */
+#define SDHC_CAPAB_SDMA 1ul /* SDMA support */
+#define SDHC_CAPAB_HIGHSPEED 1ul /* High speed support */
+#define SDHC_CAPAB_ADMA1 1ul /* ADMA1 support */
+#define SDHC_CAPAB_ADMA2 1ul /* ADMA2 support */
+/* Maximum host controller R/W buffers size
+ * Possible values: 512, 1024, 2048 bytes */
+#define SDHC_CAPAB_MAXBLOCKLENGTH 512ul
+/* Maximum clock frequency for SDclock in MHz
+ * value in range 10-63 MHz, 0 - not defined */
+#define SDHC_CAPAB_BASECLKFREQ 0ul
+#define SDHC_CAPAB_TOUNIT 1ul /* Timeout clock unit 0 - kHz, 1 - MHz */
+/* Timeout clock frequency 1-63, 0 - not defined */
+#define SDHC_CAPAB_TOCLKFREQ 0ul
+
+/* Now check all parameters and calculate CAPABILITIES REGISTER value */
+#if SDHC_CAPAB_64BITBUS > 1 || SDHC_CAPAB_18V > 1 || SDHC_CAPAB_30V > 1 || \
+ SDHC_CAPAB_33V > 1 || SDHC_CAPAB_SUSPRESUME > 1 || SDHC_CAPAB_SDMA > 1 || \
+ SDHC_CAPAB_HIGHSPEED > 1 || SDHC_CAPAB_ADMA2 > 1 || SDHC_CAPAB_ADMA1 > 1 ||\
+ SDHC_CAPAB_TOUNIT > 1
+#error Capabilities features can have value 0 or 1 only!
+#endif
+
+#if SDHC_CAPAB_MAXBLOCKLENGTH == 512
+#define MAX_BLOCK_LENGTH 0ul
+#elif SDHC_CAPAB_MAXBLOCKLENGTH == 1024
+#define MAX_BLOCK_LENGTH 1ul
+#elif SDHC_CAPAB_MAXBLOCKLENGTH == 2048
+#define MAX_BLOCK_LENGTH 2ul
+#else
+#error Max host controller block size can have value 512, 1024 or 2048 only!
+#endif
+
+#if (SDHC_CAPAB_BASECLKFREQ > 0 && SDHC_CAPAB_BASECLKFREQ < 10) || \
+ SDHC_CAPAB_BASECLKFREQ > 63
+#error SDclock frequency can have value in range 0, 10-63 only!
+#endif
+
+#if SDHC_CAPAB_TOCLKFREQ > 63
+#error Timeout clock frequency can have value in range 0-63 only!
+#endif
+
+#define SDHC_CAPAB_REG_DEFAULT \
+ ((SDHC_CAPAB_64BITBUS << 28) | (SDHC_CAPAB_18V << 26) | \
+ (SDHC_CAPAB_30V << 25) | (SDHC_CAPAB_33V << 24) | \
+ (SDHC_CAPAB_SUSPRESUME << 23) | (SDHC_CAPAB_SDMA << 22) | \
+ (SDHC_CAPAB_HIGHSPEED << 21) | (SDHC_CAPAB_ADMA1 << 20) | \
+ (SDHC_CAPAB_ADMA2 << 19) | (MAX_BLOCK_LENGTH << 16) | \
+ (SDHC_CAPAB_BASECLKFREQ << 8) | (SDHC_CAPAB_TOUNIT << 7) | \
+ (SDHC_CAPAB_TOCLKFREQ))
+
+#define MASKED_WRITE(reg, mask, val) (reg = (reg & (mask)) | (val))
+
+static uint8_t sdhci_slotint(SDHCIState *s)
+{
+ return (s->norintsts & s->norintsigen) || (s->errintsts & s->errintsigen) ||
+ ((s->norintsts & SDHC_NIS_INSERT) && (s->wakcon & SDHC_WKUP_ON_INS)) ||
+ ((s->norintsts & SDHC_NIS_REMOVE) && (s->wakcon & SDHC_WKUP_ON_RMV));
+}
+
+static inline void sdhci_update_irq(SDHCIState *s)
+{
+ qemu_set_irq(s->irq, sdhci_slotint(s));
+}
+
+static void sdhci_raise_insertion_irq(void *opaque)
+{
+ SDHCIState *s = (SDHCIState *)opaque;
+
+ if (s->norintsts & SDHC_NIS_REMOVE) {
+ qemu_mod_timer(s->insert_timer,
+ qemu_get_clock_ns(vm_clock) + SDHC_INSERTION_DELAY);
+ } else {
+ s->prnsts = 0x1ff0000;
+ if (s->norintstsen & SDHC_NISEN_INSERT) {
+ s->norintsts |= SDHC_NIS_INSERT;
+ }
+ sdhci_update_irq(s);
+ }
+}
+
+static void sdhci_insert_eject_cb(void *opaque, int irq, int level)
+{
+ SDHCIState *s = (SDHCIState *)opaque;
+ DPRINT_L1("Card state changed: %s!\n", level ? "insert" : "eject");
+
+ if ((s->norintsts & SDHC_NIS_REMOVE) && level) {
+ /* Give target some time to notice card ejection */
+ qemu_mod_timer(s->insert_timer,
+ qemu_get_clock_ns(vm_clock) + SDHC_INSERTION_DELAY);
+ } else {
+ if (level) {
+ s->prnsts = 0x1ff0000;
+ if (s->norintstsen & SDHC_NISEN_INSERT) {
+ s->norintsts |= SDHC_NIS_INSERT;
+ }
+ } else {
+ s->prnsts = 0x1fa0000;
+ s->pwrcon &= ~SDHC_POWER_ON;
+ s->clkcon &= ~SDHC_CLOCK_SDCLK_EN;
+ if (s->norintstsen & SDHC_NISEN_REMOVE) {
+ s->norintsts |= SDHC_NIS_REMOVE;
+ }
+ }
+ sdhci_update_irq(s);
+ }
+}
+
+static void sdhci_card_readonly_cb(void *opaque, int irq, int level)
+{
+ SDHCIState *s = (SDHCIState *)opaque;
+
+ if (level) {
+ s->prnsts &= ~SDHC_WRITE_PROTECT;
+ } else {
+ /* Write enabled */
+ s->prnsts |= SDHC_WRITE_PROTECT;
+ }
+}
+
+static void sdhci_reset(SDHCIState *s)
+{
+ qemu_del_timer(s->insert_timer);
+ qemu_del_timer(s->transfer_timer);
+ /* Set all registers to 0. Capabilities registers are not cleared
+ * and assumed to always preserve their value, given to them during
+ * initialization */
+ memset(&s->sdmasysad, 0, (uintptr_t)&s->capareg - (uintptr_t)&s->sdmasysad);
+
+ sd_set_cb(s->card, s->ro_cb, s->eject_cb);
+ s->data_count = 0;
+ s->stopped_state = sdhc_not_stopped;
+}
+
+static void sdhci_do_data_transfer(void *opaque)
+{
+ SDHCIState *s = (SDHCIState *)opaque;
+
+ SDHCI_GET_CLASS(s)->data_transfer(s);
+}
+
+static void sdhci_send_command(SDHCIState *s)
+{
+ SDRequest request;
+ uint8_t response[16];
+ int rlen;
+
+ s->errintsts = 0;
+ s->acmd12errsts = 0;
+ request.cmd = s->cmdreg >> 8;
+ request.arg = s->argument;
+ DPRINT_L1("sending CMD%u ARG[0x%08x]\n", request.cmd, request.arg);
+ rlen = sd_do_command(s->card, &request, response);
+
+ if (s->cmdreg & SDHC_CMD_RESPONSE) {
+ if (rlen == 4) {
+ s->rspreg[0] = (response[0] << 24) | (response[1] << 16) |
+ (response[2] << 8) | response[3];
+ s->rspreg[1] = s->rspreg[2] = s->rspreg[3] = 0;
+ DPRINT_L1("Response: RSPREG[31..0]=0x%08x\n", s->rspreg[0]);
+ } else if (rlen == 16) {
+ s->rspreg[0] = (response[11] << 24) | (response[12] << 16) |
+ (response[13] << 8) | response[14];
+ s->rspreg[1] = (response[7] << 24) | (response[8] << 16) |
+ (response[9] << 8) | response[10];
+ s->rspreg[2] = (response[3] << 24) | (response[4] << 16) |
+ (response[5] << 8) | response[6];
+ s->rspreg[3] = (response[0] << 16) | (response[1] << 8) |
+ response[2];
+ DPRINT_L1("Response received:\n RSPREG[127..96]=0x%08x, RSPREG[95.."
+ "64]=0x%08x,\n RSPREG[63..32]=0x%08x, RSPREG[31..0]=0x%08x\n",
+ s->rspreg[3], s->rspreg[2], s->rspreg[1], s->rspreg[0]);
+ } else {
+ ERRPRINT("Timeout waiting for command response\n");
+ if (s->errintstsen & SDHC_EISEN_CMDTIMEOUT) {
+ s->errintsts |= SDHC_EIS_CMDTIMEOUT;
+ s->norintsts |= SDHC_NIS_ERR;
+ }
+ }
+
+ if ((s->norintstsen & SDHC_NISEN_TRSCMP) &&
+ (s->cmdreg & SDHC_CMD_RESPONSE) == SDHC_CMD_RSP_WITH_BUSY) {
+ s->norintsts |= SDHC_NIS_TRSCMP;
+ }
+ } else if (rlen != 0 && (s->errintstsen & SDHC_EISEN_CMDIDX)) {
+ s->errintsts |= SDHC_EIS_CMDIDX;
+ s->norintsts |= SDHC_NIS_ERR;
+ }
+
+ if (s->norintstsen & SDHC_NISEN_CMDCMP) {
+ s->norintsts |= SDHC_NIS_CMDCMP;
+ }
+
+ sdhci_update_irq(s);
+
+ if (s->blksize && (s->cmdreg & SDHC_CMD_DATA_PRESENT)) {
+ s->data_count = 0;
+ sdhci_do_data_transfer(s);
+ }
+}
+
+static void sdhci_end_transfer(SDHCIState *s)
+{
+ /* Automatically send CMD12 to stop transfer if AutoCMD12 enabled */
+ if ((s->trnmod & SDHC_TRNS_ACMD12) != 0) {
+ SDRequest request;
+ uint8_t response[16];
+
+ request.cmd = 0x0C;
+ request.arg = 0;
+ DPRINT_L1("Automatically issue CMD%d %08x\n", request.cmd, request.arg);
+ sd_do_command(s->card, &request, response);
+ /* Auto CMD12 response goes to the upper Response register */
+ s->rspreg[3] = (response[0] << 24) | (response[1] << 16) |
+ (response[2] << 8) | response[3];
+ }
+
+ s->prnsts &= ~(SDHC_DOING_READ | SDHC_DOING_WRITE |
+ SDHC_DAT_LINE_ACTIVE | SDHC_DATA_INHIBIT |
+ SDHC_SPACE_AVAILABLE | SDHC_DATA_AVAILABLE);
+
+ if (s->norintstsen & SDHC_NISEN_TRSCMP) {
+ s->norintsts |= SDHC_NIS_TRSCMP;
+ }
+
+ sdhci_update_irq(s);
+}
+
+/*
+ * Programmed i/o data transfer
+ */
+
+/* Fill host controller's read buffer with BLKSIZE bytes of data from card */
+static void sdhci_read_block_from_card(SDHCIState *s)
+{
+ int index = 0;
+
+ if ((s->trnmod & SDHC_TRNS_MULTI) &&
+ (s->trnmod & SDHC_TRNS_BLK_CNT_EN) && (s->blkcnt == 0)) {
+ return;
+ }
+
+ for (index = 0; index < (s->blksize & 0x0fff); index++) {
+ s->fifo_buffer[index] = sd_read_data(s->card);
+ }
+
+ /* New data now available for READ through Buffer Port Register */
+ s->prnsts |= SDHC_DATA_AVAILABLE;
+ if (s->norintstsen & SDHC_NISEN_RBUFRDY) {
+ s->norintsts |= SDHC_NIS_RBUFRDY;
+ }
+
+ /* Clear DAT line active status if that was the last block */
+ if ((s->trnmod & SDHC_TRNS_MULTI) == 0 ||
+ ((s->trnmod & SDHC_TRNS_MULTI) && s->blkcnt == 1)) {
+ s->prnsts &= ~SDHC_DAT_LINE_ACTIVE;
+ }
+
+ /* If stop at block gap request was set and it's not the last block of
+ * data - generate Block Event interrupt */
+ if (s->stopped_state == sdhc_gap_read && (s->trnmod & SDHC_TRNS_MULTI) &&
+ s->blkcnt != 1) {
+ s->prnsts &= ~SDHC_DAT_LINE_ACTIVE;
+ if (s->norintstsen & SDHC_EISEN_BLKGAP) {
+ s->norintsts |= SDHC_EIS_BLKGAP;
+ }
+ }
+
+ sdhci_update_irq(s);
+}
+
+/* Read @size byte of data from host controller @s BUFFER DATA PORT register */
+static uint32_t sdhci_read_dataport(SDHCIState *s, unsigned size)
+{
+ uint32_t value = 0;
+ int i;
+
+ /* first check that a valid data exists in host controller input buffer */
+ if ((s->prnsts & SDHC_DATA_AVAILABLE) == 0) {
+ ERRPRINT("Trying to read from empty buffer\n");
+ return 0;
+ }
+
+ for (i = 0; i < size; i++) {
+ value |= s->fifo_buffer[s->data_count] << i * 8;
+ s->data_count++;
+ /* check if we've read all valid data (blksize bytes) from buffer */
+ if ((s->data_count) >= (s->blksize & 0x0fff)) {
+ DPRINT_L2("All %u bytes of data have been read from input buffer\n",
+ s->data_count);
+ s->prnsts &= ~SDHC_DATA_AVAILABLE; /* no more data in a buffer */
+ s->data_count = 0; /* next buff read must start at position [0] */
+
+ if (s->trnmod & SDHC_TRNS_BLK_CNT_EN) {
+ s->blkcnt--;
+ }
+
+ /* if that was the last block of data */
+ if ((s->trnmod & SDHC_TRNS_MULTI) == 0 ||
+ ((s->trnmod & SDHC_TRNS_BLK_CNT_EN) && (s->blkcnt == 0)) ||
+ /* stop at gap request */
+ (s->stopped_state == sdhc_gap_read &&
+ !(s->prnsts & SDHC_DAT_LINE_ACTIVE))) {
+ SDHCI_GET_CLASS(s)->end_data_transfer(s);
+ } else { /* if there are more data, read next block from card */
+ SDHCI_GET_CLASS(s)->read_block_from_card(s);
+ }
+ break;
+ }
+ }
+
+ return value;
+}
+
+/* Write data from host controller FIFO to card */
+static void sdhci_write_block_to_card(SDHCIState *s)
+{
+ int index = 0;
+
+ if (s->prnsts & SDHC_SPACE_AVAILABLE) {
+ if (s->norintstsen & SDHC_NISEN_WBUFRDY) {
+ s->norintsts |= SDHC_NIS_WBUFRDY;
+ }
+ sdhci_update_irq(s);
+ return;
+ }
+
+ if (s->trnmod & SDHC_TRNS_BLK_CNT_EN) {
+ if (s->blkcnt == 0) {
+ return;
+ } else {
+ s->blkcnt--;
+ }
+ }
+
+ for (index = 0; index < (s->blksize & 0x0fff); index++) {
+ sd_write_data(s->card, s->fifo_buffer[index]);
+ }
+
+ /* Next data can be written through BUFFER DATORT register */
+ s->prnsts |= SDHC_SPACE_AVAILABLE;
+
+ /* Finish transfer if that was the last block of data */
+ if ((s->trnmod & SDHC_TRNS_MULTI) == 0 ||
+ ((s->trnmod & SDHC_TRNS_MULTI) &&
+ (s->trnmod & SDHC_TRNS_BLK_CNT_EN) && (s->blkcnt == 0))) {
+ SDHCI_GET_CLASS(s)->end_data_transfer(s);
+ } else if (s->norintstsen & SDHC_NISEN_WBUFRDY) {
+ s->norintsts |= SDHC_NIS_WBUFRDY;
+ }
+
+ /* Generate Block Gap Event if requested and if not the last block */
+ if (s->stopped_state == sdhc_gap_write && (s->trnmod & SDHC_TRNS_MULTI) &&
+ s->blkcnt > 0) {
+ s->prnsts &= ~SDHC_DOING_WRITE;
+ if (s->norintstsen & SDHC_EISEN_BLKGAP) {
+ s->norintsts |= SDHC_EIS_BLKGAP;
+ }
+ SDHCI_GET_CLASS(s)->end_data_transfer(s);
+ }
+
+ sdhci_update_irq(s);
+}
+
+/* Write @size bytes of @value data to host controller @s Buffer Data Port
+ * register */
+static void sdhci_write_dataport(SDHCIState *s, uint32_t value, unsigned size)
+{
+ unsigned i;
+
+ /* Check that there is free space left in a buffer */
+ if (!(s->prnsts & SDHC_SPACE_AVAILABLE)) {
+ ERRPRINT("Can't write to data buffer: buffer full\n");
+ return;
+ }
+
+ for (i = 0; i < size; i++) {
+ s->fifo_buffer[s->data_count] = value & 0xFF;
+ s->data_count++;
+ value >>= 8;
+ if (s->data_count >= (s->blksize & 0x0fff)) {
+ DPRINT_L2("write buffer filled with %u bytes of data\n",
+ s->data_count);
+ s->data_count = 0;
+ s->prnsts &= ~SDHC_SPACE_AVAILABLE;
+ if (s->prnsts & SDHC_DOING_WRITE) {
+ SDHCI_GET_CLASS(s)->write_block_to_card(s);
+ }
+ }
+ }
+}
+
+/*
+ * Single DMA data transfer
+ */
+
+/* Multi block SDMA transfer */
+static void sdhci_sdma_transfer_multi_blocks(SDHCIState *s)
+{
+ bool page_aligned = false;
+ unsigned int n, begin;
+ const uint16_t block_size = s->blksize & 0x0fff;
+ uint32_t boundary_chk = 1 << (((s->blksize & 0xf000) >> 12) + 12);
+ uint32_t boundary_count = boundary_chk - (s->sdmasysad % boundary_chk);
+
+ /* XXX: Some sd/mmc drivers (for example, u-boot-slp) do not account for
+ * possible stop at page boundary if initial address is not page aligned,
+ * allow them to work properly */
+ if ((s->sdmasysad % boundary_chk) == 0) {
+ page_aligned = true;
+ }
+
+ if (s->trnmod & SDHC_TRNS_READ) {
+ s->prnsts |= SDHC_DOING_READ | SDHC_DATA_INHIBIT |
+ SDHC_DAT_LINE_ACTIVE;
+ while (s->blkcnt) {
+ if (s->data_count == 0) {
+ for (n = 0; n < block_size; n++) {
+ s->fifo_buffer[n] = sd_read_data(s->card);
+ }
+ }
+ begin = s->data_count;
+ if (((boundary_count + begin) < block_size) && page_aligned) {
+ s->data_count = boundary_count + begin;
+ boundary_count = 0;
+ } else {
+ s->data_count = block_size;
+ boundary_count -= block_size - begin;
+ if (s->trnmod & SDHC_TRNS_BLK_CNT_EN) {
+ s->blkcnt--;
+ }
+ }
+ dma_memory_write(&address_space_memory, s->sdmasysad,
+ &s->fifo_buffer[begin], s->data_count - begin);
+ s->sdmasysad += s->data_count - begin;
+ if (s->data_count == block_size) {
+ s->data_count = 0;
+ }
+ if (page_aligned && boundary_count == 0) {
+ break;
+ }
+ }
+ } else {
+ s->prnsts |= SDHC_DOING_WRITE | SDHC_DATA_INHIBIT |
+ SDHC_DAT_LINE_ACTIVE;
+ while (s->blkcnt) {
+ begin = s->data_count;
+ if (((boundary_count + begin) < block_size) && page_aligned) {
+ s->data_count = boundary_count + begin;
+ boundary_count = 0;
+ } else {
+ s->data_count = block_size;
+ boundary_count -= block_size - begin;
+ }
+ dma_memory_read(&address_space_memory, s->sdmasysad,
+ &s->fifo_buffer[begin], s->data_count);
+ s->sdmasysad += s->data_count - begin;
+ if (s->data_count == block_size) {
+ for (n = 0; n < block_size; n++) {
+ sd_write_data(s->card, s->fifo_buffer[n]);
+ }
+ s->data_count = 0;
+ if (s->trnmod & SDHC_TRNS_BLK_CNT_EN) {
+ s->blkcnt--;
+ }
+ }
+ if (page_aligned && boundary_count == 0) {
+ break;
+ }
+ }
+ }
+
+ if (s->blkcnt == 0) {
+ SDHCI_GET_CLASS(s)->end_data_transfer(s);
+ } else {
+ if (s->norintstsen & SDHC_NISEN_DMA) {
+ s->norintsts |= SDHC_NIS_DMA;
+ }
+ sdhci_update_irq(s);
+ }
+}
+
+/* single block SDMA transfer */
+
+static void sdhci_sdma_transfer_single_block(SDHCIState *s)
+{
+ int n;
+ uint32_t datacnt = s->blksize & 0x0fff;
+
+ if (s->trnmod & SDHC_TRNS_READ) {
+ for (n = 0; n < datacnt; n++) {
+ s->fifo_buffer[n] = sd_read_data(s->card);
+ }
+ dma_memory_write(&address_space_memory, s->sdmasysad, s->fifo_buffer,
+ datacnt);
+ } else {
+ dma_memory_read(&address_space_memory, s->sdmasysad, s->fifo_buffer,
+ datacnt);
+ for (n = 0; n < datacnt; n++) {
+ sd_write_data(s->card, s->fifo_buffer[n]);
+ }
+ }
+
+ if (s->trnmod & SDHC_TRNS_BLK_CNT_EN) {
+ s->blkcnt--;
+ }
+
+ SDHCI_GET_CLASS(s)->end_data_transfer(s);
+}
+
+typedef struct ADMADescr {
+ hwaddr addr;
+ uint16_t length;
+ uint8_t attr;
+ uint8_t incr;
+} ADMADescr;
+
+static void get_adma_description(SDHCIState *s, ADMADescr *dscr)
+{
+ uint32_t adma1 = 0;
+ uint64_t adma2 = 0;
+ hwaddr entry_addr = (hwaddr)s->admasysaddr;
+ switch (SDHC_DMA_TYPE(s->hostctl)) {
+ case SDHC_CTRL_ADMA2_32:
+ dma_memory_read(&address_space_memory, entry_addr, (uint8_t *)&adma2,
+ sizeof(adma2));
+ adma2 = le64_to_cpu(adma2);
+ /* The spec does not specify endianness of descriptor table.
+ * We currently assume that it is LE.
+ */
+ dscr->addr = (hwaddr)extract64(adma2, 32, 32) & ~0x3ull;
+ dscr->length = (uint16_t)extract64(adma2, 16, 16);
+ dscr->attr = (uint8_t)extract64(adma2, 0, 7);
+ dscr->incr = 8;
+ break;
+ case SDHC_CTRL_ADMA1_32:
+ dma_memory_read(&address_space_memory, entry_addr, (uint8_t *)&adma1,
+ sizeof(adma1));
+ adma1 = le32_to_cpu(adma1);
+ dscr->addr = (hwaddr)(adma1 & 0xFFFFF000);
+ dscr->attr = (uint8_t)extract32(adma1, 0, 7);
+ dscr->incr = 4;
+ if ((dscr->attr & SDHC_ADMA_ATTR_ACT_MASK) == SDHC_ADMA_ATTR_SET_LEN) {
+ dscr->length = (uint16_t)extract32(adma1, 12, 16);
+ } else {
+ dscr->length = 4096;
+ }
+ break;
+ case SDHC_CTRL_ADMA2_64:
+ dma_memory_read(&address_space_memory, entry_addr,
+ (uint8_t *)(&dscr->attr), 1);
+ dma_memory_read(&address_space_memory, entry_addr + 2,
+ (uint8_t *)(&dscr->length), 2);
+ dscr->length = le16_to_cpu(dscr->length);
+ dma_memory_read(&address_space_memory, entry_addr + 4,
+ (uint8_t *)(&dscr->addr), 8);
+ dscr->attr = le64_to_cpu(dscr->attr);
+ dscr->attr &= 0xfffffff8;
+ dscr->incr = 12;
+ break;
+ }
+}
+
+/* Advanced DMA data transfer */
+
+static void sdhci_do_adma(SDHCIState *s)
+{
+ unsigned int n, begin, length;
+ const uint16_t block_size = s->blksize & 0x0fff;
+ ADMADescr dscr;
+ int i;
+
+ for (i = 0; i < SDHC_ADMA_DESCS_PER_DELAY; ++i) {
+ s->admaerr &= ~SDHC_ADMAERR_LENGTH_MISMATCH;
+
+ get_adma_description(s, &dscr);
+ DPRINT_L2("ADMA loop: addr=" TARGET_FMT_plx ", len=%d, attr=%x\n",
+ dscr.addr, dscr.length, dscr.attr);
+
+ if ((dscr.attr & SDHC_ADMA_ATTR_VALID) == 0) {
+ /* Indicate that error occurred in ST_FDS state */
+ s->admaerr &= ~SDHC_ADMAERR_STATE_MASK;
+ s->admaerr |= SDHC_ADMAERR_STATE_ST_FDS;
+
+ /* Generate ADMA error interrupt */
+ if (s->errintstsen & SDHC_EISEN_ADMAERR) {
+ s->errintsts |= SDHC_EIS_ADMAERR;
+ s->norintsts |= SDHC_NIS_ERR;
+ }
+
+ sdhci_update_irq(s);
+ return;
+ }
+
+ length = dscr.length ? dscr.length : 65536;
+
+ switch (dscr.attr & SDHC_ADMA_ATTR_ACT_MASK) {
+ case SDHC_ADMA_ATTR_ACT_TRAN: /* data transfer */
+
+ if (s->trnmod & SDHC_TRNS_READ) {
+ while (length) {
+ if (s->data_count == 0) {
+ for (n = 0; n < block_size; n++) {
+ s->fifo_buffer[n] = sd_read_data(s->card);
+ }
+ }
+ begin = s->data_count;
+ if ((length + begin) < block_size) {
+ s->data_count = length + begin;
+ length = 0;
+ } else {
+ s->data_count = block_size;
+ length -= block_size - begin;
+ }
+ dma_memory_write(&address_space_memory, dscr.addr,
+ &s->fifo_buffer[begin],
+ s->data_count - begin);
+ dscr.addr += s->data_count - begin;
+ if (s->data_count == block_size) {
+ s->data_count = 0;
+ if (s->trnmod & SDHC_TRNS_BLK_CNT_EN) {
+ s->blkcnt--;
+ if (s->blkcnt == 0) {
+ break;
+ }
+ }
+ }
+ }
+ } else {
+ while (length) {
+ begin = s->data_count;
+ if ((length + begin) < block_size) {
+ s->data_count = length + begin;
+ length = 0;
+ } else {
+ s->data_count = block_size;
+ length -= block_size - begin;
+ }
+ dma_memory_read(&address_space_memory, dscr.addr,
+ &s->fifo_buffer[begin], s->data_count);
+ dscr.addr += s->data_count - begin;
+ if (s->data_count == block_size) {
+ for (n = 0; n < block_size; n++) {
+ sd_write_data(s->card, s->fifo_buffer[n]);
+ }
+ s->data_count = 0;
+ if (s->trnmod & SDHC_TRNS_BLK_CNT_EN) {
+ s->blkcnt--;
+ if (s->blkcnt == 0) {
+ break;
+ }
+ }
+ }
+ }
+ }
+ s->admasysaddr += dscr.incr;
+ break;
+ case SDHC_ADMA_ATTR_ACT_LINK: /* link to next descriptor table */
+ s->admasysaddr = dscr.addr;
+ DPRINT_L1("ADMA link: admasysaddr=0x%lx\n", s->admasysaddr);
+ break;
+ default:
+ s->admasysaddr += dscr.incr;
+ break;
+ }
+
+ if (dscr.attr & SDHC_ADMA_ATTR_INT) {
+ DPRINT_L1("ADMA interrupt: admasysaddr=0x%lx\n", s->admasysaddr);
+ if (s->norintstsen & SDHC_NISEN_DMA) {
+ s->norintsts |= SDHC_NIS_DMA;
+ }
+
+ sdhci_update_irq(s);
+ }
+
+ /* ADMA transfer terminates if blkcnt == 0 or by END attribute */
+ if (((s->trnmod & SDHC_TRNS_BLK_CNT_EN) &&
+ (s->blkcnt == 0)) || (dscr.attr & SDHC_ADMA_ATTR_END)) {
+ DPRINT_L2("ADMA transfer completed\n");
+ if (length || ((dscr.attr & SDHC_ADMA_ATTR_END) &&
+ (s->trnmod & SDHC_TRNS_BLK_CNT_EN) &&
+ s->blkcnt != 0)) {
+ ERRPRINT("SD/MMC host ADMA length mismatch\n");
+ s->admaerr |= SDHC_ADMAERR_LENGTH_MISMATCH |
+ SDHC_ADMAERR_STATE_ST_TFR;
+ if (s->errintstsen & SDHC_EISEN_ADMAERR) {
+ ERRPRINT("Set ADMA error flag\n");
+ s->errintsts |= SDHC_EIS_ADMAERR;
+ s->norintsts |= SDHC_NIS_ERR;
+ }
+
+ sdhci_update_irq(s);
+ }
+ SDHCI_GET_CLASS(s)->end_data_transfer(s);
+ return;
+ }
+
+ }
+
+ /* we have unfinished business - reschedule to continue ADMA */
+ qemu_mod_timer(s->transfer_timer,
+ qemu_get_clock_ns(vm_clock) + SDHC_TRANSFER_DELAY);
+}
+
+/* Perform data transfer according to controller configuration */
+
+static void sdhci_data_transfer(SDHCIState *s)
+{
+ SDHCIClass *k = SDHCI_GET_CLASS(s);
+
+ if (s->trnmod & SDHC_TRNS_DMA) {
+ switch (SDHC_DMA_TYPE(s->hostctl)) {
+ case SDHC_CTRL_SDMA:
+ if ((s->trnmod & SDHC_TRNS_MULTI) &&
+ (!(s->trnmod & SDHC_TRNS_BLK_CNT_EN) || s->blkcnt == 0)) {
+ break;
+ }
+
+ if ((s->blkcnt == 1) || !(s->trnmod & SDHC_TRNS_MULTI)) {
+ k->do_sdma_single(s);
+ } else {
+ k->do_sdma_multi(s);
+ }
+
+ break;
+ case SDHC_CTRL_ADMA1_32:
+ if (!(s->capareg & SDHC_CAN_DO_ADMA1)) {
+ ERRPRINT("ADMA1 not supported\n");
+ break;
+ }
+
+ k->do_adma(s);
+ break;
+ case SDHC_CTRL_ADMA2_32:
+ if (!(s->capareg & SDHC_CAN_DO_ADMA2)) {
+ ERRPRINT("ADMA2 not supported\n");
+ break;
+ }
+
+ k->do_adma(s);
+ break;
+ case SDHC_CTRL_ADMA2_64:
+ if (!(s->capareg & SDHC_CAN_DO_ADMA2) ||
+ !(s->capareg & SDHC_64_BIT_BUS_SUPPORT)) {
+ ERRPRINT("64 bit ADMA not supported\n");
+ break;
+ }
+
+ k->do_adma(s);
+ break;
+ default:
+ ERRPRINT("Unsupported DMA type\n");
+ break;
+ }
+ } else {
+ if ((s->trnmod & SDHC_TRNS_READ) && sd_data_ready(s->card)) {
+ s->prnsts |= SDHC_DOING_READ | SDHC_DATA_INHIBIT |
+ SDHC_DAT_LINE_ACTIVE;
+ SDHCI_GET_CLASS(s)->read_block_from_card(s);
+ } else {
+ s->prnsts |= SDHC_DOING_WRITE | SDHC_DAT_LINE_ACTIVE |
+ SDHC_SPACE_AVAILABLE | SDHC_DATA_INHIBIT;
+ SDHCI_GET_CLASS(s)->write_block_to_card(s);
+ }
+ }
+}
+
+static bool sdhci_can_issue_command(SDHCIState *s)
+{
+ if (!SDHC_CLOCK_IS_ON(s->clkcon) || !(s->pwrcon & SDHC_POWER_ON) ||
+ (((s->prnsts & SDHC_DATA_INHIBIT) || s->stopped_state) &&
+ ((s->cmdreg & SDHC_CMD_DATA_PRESENT) ||
+ ((s->cmdreg & SDHC_CMD_RESPONSE) == SDHC_CMD_RSP_WITH_BUSY &&
+ !(SDHC_COMMAND_TYPE(s->cmdreg) == SDHC_CMD_ABORT))))) {
+ return false;
+ }
+
+ return true;
+}
+
+/* The Buffer Data Port register must be accessed in sequential and
+ * continuous manner */
+static inline bool
+sdhci_buff_access_is_sequential(SDHCIState *s, unsigned byte_num)
+{
+ if ((s->data_count & 0x3) != byte_num) {
+ ERRPRINT("Non-sequential access to Buffer Data Port register"
+ "is prohibited\n");
+ return false;
+ }
+ return true;
+}
+
+static uint32_t sdhci_read(SDHCIState *s, unsigned int offset, unsigned size)
+{
+ uint32_t ret = 0;
+
+ switch (offset & ~0x3) {
+ case SDHC_SYSAD:
+ ret = s->sdmasysad;
+ break;
+ case SDHC_BLKSIZE:
+ ret = s->blksize | (s->blkcnt << 16);
+ break;
+ case SDHC_ARGUMENT:
+ ret = s->argument;
+ break;
+ case SDHC_TRNMOD:
+ ret = s->trnmod | (s->cmdreg << 16);
+ break;
+ case SDHC_RSPREG0 ... SDHC_RSPREG3:
+ ret = s->rspreg[((offset & ~0x3) - SDHC_RSPREG0) >> 2];
+ break;
+ case SDHC_BDATA:
+ if (sdhci_buff_access_is_sequential(s, offset - SDHC_BDATA)) {
+ ret = SDHCI_GET_CLASS(s)->bdata_read(s, size);
+ DPRINT_L2("read %ub: addr[0x%04x] -> %u(0x%x)\n", size, offset,
+ ret, ret);
+ return ret;
+ }
+ break;
+ case SDHC_PRNSTS:
+ ret = s->prnsts;
+ break;
+ case SDHC_HOSTCTL:
+ ret = s->hostctl | (s->pwrcon << 8) | (s->blkgap << 16) |
+ (s->wakcon << 24);
+ break;
+ case SDHC_CLKCON:
+ ret = s->clkcon | (s->timeoutcon << 16);
+ break;
+ case SDHC_NORINTSTS:
+ ret = s->norintsts | (s->errintsts << 16);
+ break;
+ case SDHC_NORINTSTSEN:
+ ret = s->norintstsen | (s->errintstsen << 16);
+ break;
+ case SDHC_NORINTSIGEN:
+ ret = s->norintsigen | (s->errintsigen << 16);
+ break;
+ case SDHC_ACMD12ERRSTS:
+ ret = s->acmd12errsts;
+ break;
+ case SDHC_CAPAREG:
+ ret = s->capareg;
+ break;
+ case SDHC_MAXCURR:
+ ret = s->maxcurr;
+ break;
+ case SDHC_ADMAERR:
+ ret = s->admaerr;
+ break;
+ case SDHC_ADMASYSADDR:
+ ret = (uint32_t)s->admasysaddr;
+ break;
+ case SDHC_ADMASYSADDR + 4:
+ ret = (uint32_t)(s->admasysaddr >> 32);
+ break;
+ case SDHC_SLOT_INT_STATUS:
+ ret = (SD_HOST_SPECv2_VERS << 16) | sdhci_slotint(s);
+ break;
+ default:
+ ERRPRINT("bad %ub read: addr[0x%04x]\n", size, offset);
+ break;
+ }
+
+ ret >>= (offset & 0x3) * 8;
+ ret &= (1ULL << (size * 8)) - 1;
+ DPRINT_L2("read %ub: addr[0x%04x] -> %u(0x%x)\n", size, offset, ret, ret);
+ return ret;
+}
+
+static inline void sdhci_blkgap_write(SDHCIState *s, uint8_t value)
+{
+ if ((value & SDHC_STOP_AT_GAP_REQ) && (s->blkgap & SDHC_STOP_AT_GAP_REQ)) {
+ return;
+ }
+ s->blkgap = value & SDHC_STOP_AT_GAP_REQ;
+
+ if ((value & SDHC_CONTINUE_REQ) && s->stopped_state &&
+ (s->blkgap & SDHC_STOP_AT_GAP_REQ) == 0) {
+ if (s->stopped_state == sdhc_gap_read) {
+ s->prnsts |= SDHC_DAT_LINE_ACTIVE | SDHC_DOING_READ;
+ SDHCI_GET_CLASS(s)->read_block_from_card(s);
+ } else {
+ s->prnsts |= SDHC_DAT_LINE_ACTIVE | SDHC_DOING_WRITE;
+ SDHCI_GET_CLASS(s)->write_block_to_card(s);
+ }
+ s->stopped_state = sdhc_not_stopped;
+ } else if (!s->stopped_state && (value & SDHC_STOP_AT_GAP_REQ)) {
+ if (s->prnsts & SDHC_DOING_READ) {
+ s->stopped_state = sdhc_gap_read;
+ } else if (s->prnsts & SDHC_DOING_WRITE) {
+ s->stopped_state = sdhc_gap_write;
+ }
+ }
+}
+
+static inline void sdhci_reset_write(SDHCIState *s, uint8_t value)
+{
+ switch (value) {
+ case SDHC_RESET_ALL:
+ DEVICE_GET_CLASS(s)->reset(DEVICE(s));
+ break;
+ case SDHC_RESET_CMD:
+ s->prnsts &= ~SDHC_CMD_INHIBIT;
+ s->norintsts &= ~SDHC_NIS_CMDCMP;
+ break;
+ case SDHC_RESET_DATA:
+ s->data_count = 0;
+ s->prnsts &= ~(SDHC_SPACE_AVAILABLE | SDHC_DATA_AVAILABLE |
+ SDHC_DOING_READ | SDHC_DOING_WRITE |
+ SDHC_DATA_INHIBIT | SDHC_DAT_LINE_ACTIVE);
+ s->blkgap &= ~(SDHC_STOP_AT_GAP_REQ | SDHC_CONTINUE_REQ);
+ s->stopped_state = sdhc_not_stopped;
+ s->norintsts &= ~(SDHC_NIS_WBUFRDY | SDHC_NIS_RBUFRDY |
+ SDHC_NIS_DMA | SDHC_NIS_TRSCMP | SDHC_NIS_BLKGAP);
+ break;
+ }
+}
+
+static void
+sdhci_write(SDHCIState *s, unsigned int offset, uint32_t value, unsigned size)
+{
+ unsigned shift = 8 * (offset & 0x3);
+ uint32_t mask = ~(((1ULL << (size * 8)) - 1) << shift);
+ value <<= shift;
+
+ switch (offset & ~0x3) {
+ case SDHC_SYSAD:
+ s->sdmasysad = (s->sdmasysad & mask) | value;
+ MASKED_WRITE(s->sdmasysad, mask, value);
+ /* Writing to last byte of sdmasysad might trigger transfer */
+ if (!(mask & 0xFF000000) && TRANSFERRING_DATA(s->prnsts) && s->blkcnt &&
+ s->blksize && SDHC_DMA_TYPE(s->hostctl) == SDHC_CTRL_SDMA) {
+ SDHCI_GET_CLASS(s)->do_sdma_multi(s);
+ }
+ break;
+ case SDHC_BLKSIZE:
+ if (!TRANSFERRING_DATA(s->prnsts)) {
+ MASKED_WRITE(s->blksize, mask, value);
+ MASKED_WRITE(s->blkcnt, mask >> 16, value >> 16);
+ }
+ break;
+ case SDHC_ARGUMENT:
+ MASKED_WRITE(s->argument, mask, value);
+ break;
+ case SDHC_TRNMOD:
+ /* DMA can be enabled only if it is supported as indicated by
+ * capabilities register */
+ if (!(s->capareg & SDHC_CAN_DO_DMA)) {
+ value &= ~SDHC_TRNS_DMA;
+ }
+ MASKED_WRITE(s->trnmod, mask, value);
+ MASKED_WRITE(s->cmdreg, mask >> 16, value >> 16);
+
+ /* Writing to the upper byte of CMDREG triggers SD command generation */
+ if ((mask & 0xFF000000) || !SDHCI_GET_CLASS(s)->can_issue_command(s)) {
+ break;
+ }
+
+ SDHCI_GET_CLASS(s)->send_command(s);
+ break;
+ case SDHC_BDATA:
+ if (sdhci_buff_access_is_sequential(s, offset - SDHC_BDATA)) {
+ SDHCI_GET_CLASS(s)->bdata_write(s, value >> shift, size);
+ }
+ break;
+ case SDHC_HOSTCTL:
+ if (!(mask & 0xFF0000)) {
+ sdhci_blkgap_write(s, value >> 16);
+ }
+ MASKED_WRITE(s->hostctl, mask, value);
+ MASKED_WRITE(s->pwrcon, mask >> 8, value >> 8);
+ MASKED_WRITE(s->wakcon, mask >> 24, value >> 24);
+ if (!(s->prnsts & SDHC_CARD_PRESENT) || ((s->pwrcon >> 1) & 0x7) < 5 ||
+ !(s->capareg & (1 << (31 - ((s->pwrcon >> 1) & 0x7))))) {
+ s->pwrcon &= ~SDHC_POWER_ON;
+ }
+ break;
+ case SDHC_CLKCON:
+ if (!(mask & 0xFF000000)) {
+ sdhci_reset_write(s, value >> 24);
+ }
+ MASKED_WRITE(s->clkcon, mask, value);
+ MASKED_WRITE(s->timeoutcon, mask >> 16, value >> 16);
+ if (s->clkcon & SDHC_CLOCK_INT_EN) {
+ s->clkcon |= SDHC_CLOCK_INT_STABLE;
+ } else {
+ s->clkcon &= ~SDHC_CLOCK_INT_STABLE;
+ }
+ break;
+ case SDHC_NORINTSTS:
+ if (s->norintstsen & SDHC_NISEN_CARDINT) {
+ value &= ~SDHC_NIS_CARDINT;
+ }
+ s->norintsts &= mask | ~value;
+ s->errintsts &= (mask >> 16) | ~(value >> 16);
+ if (s->errintsts) {
+ s->norintsts |= SDHC_NIS_ERR;
+ } else {
+ s->norintsts &= ~SDHC_NIS_ERR;
+ }
+ sdhci_update_irq(s);
+ break;
+ case SDHC_NORINTSTSEN:
+ MASKED_WRITE(s->norintstsen, mask, value);
+ MASKED_WRITE(s->errintstsen, mask >> 16, value >> 16);
+ s->norintsts &= s->norintstsen;
+ s->errintsts &= s->errintstsen;
+ if (s->errintsts) {
+ s->norintsts |= SDHC_NIS_ERR;
+ } else {
+ s->norintsts &= ~SDHC_NIS_ERR;
+ }
+ sdhci_update_irq(s);
+ break;
+ case SDHC_NORINTSIGEN:
+ MASKED_WRITE(s->norintsigen, mask, value);
+ MASKED_WRITE(s->errintsigen, mask >> 16, value >> 16);
+ sdhci_update_irq(s);
+ break;
+ case SDHC_ADMAERR:
+ MASKED_WRITE(s->admaerr, mask, value);
+ break;
+ case SDHC_ADMASYSADDR:
+ s->admasysaddr = (s->admasysaddr & (0xFFFFFFFF00000000ULL |
+ (uint64_t)mask)) | (uint64_t)value;
+ break;
+ case SDHC_ADMASYSADDR + 4:
+ s->admasysaddr = (s->admasysaddr & (0x00000000FFFFFFFFULL |
+ ((uint64_t)mask << 32))) | ((uint64_t)value << 32);
+ break;
+ case SDHC_FEAER:
+ s->acmd12errsts |= value;
+ s->errintsts |= (value >> 16) & s->errintstsen;
+ if (s->acmd12errsts) {
+ s->errintsts |= SDHC_EIS_CMD12ERR;
+ }
+ if (s->errintsts) {
+ s->norintsts |= SDHC_NIS_ERR;
+ }
+ sdhci_update_irq(s);
+ break;
+ default:
+ ERRPRINT("bad %ub write offset: addr[0x%04x] <- %u(0x%x)\n",
+ size, offset, value >> shift, value >> shift);
+ break;
+ }
+ DPRINT_L2("write %ub: addr[0x%04x] <- %u(0x%x)\n",
+ size, offset, value >> shift, value >> shift);
+}
+
+static uint64_t
+sdhci_readfn(void *opaque, hwaddr offset, unsigned size)
+{
+ SDHCIState *s = (SDHCIState *)opaque;
+
+ return SDHCI_GET_CLASS(s)->mem_read(s, offset, size);
+}
+
+static void
+sdhci_writefn(void *opaque, hwaddr off, uint64_t val, unsigned sz)
+{
+ SDHCIState *s = (SDHCIState *)opaque;
+
+ SDHCI_GET_CLASS(s)->mem_write(s, off, val, sz);
+}
+
+static const MemoryRegionOps sdhci_mmio_ops = {
+ .read = sdhci_readfn,
+ .write = sdhci_writefn,
+ .valid = {
+ .min_access_size = 1,
+ .max_access_size = 4,
+ .unaligned = false
+ },
+ .endianness = DEVICE_LITTLE_ENDIAN,
+};
+
+static inline unsigned int sdhci_get_fifolen(SDHCIState *s)
+{
+ switch (SDHC_CAPAB_BLOCKSIZE(s->capareg)) {
+ case 0:
+ return 512;
+ case 1:
+ return 1024;
+ case 2:
+ return 2048;
+ default:
+ hw_error("SDHC: unsupported value for maximum block size\n");
+ return 0;
+ }
+}
+
+static void sdhci_initfn(Object *obj)
+{
+ SDHCIState *s = SDHCI(obj);
+ DriveInfo *di;
+
+ di = drive_get_next(IF_SD);
+ s->card = sd_init(di ? di->bdrv : NULL, false);
+ s->eject_cb = qemu_allocate_irqs(sdhci_insert_eject_cb, s, 1)[0];
+ s->ro_cb = qemu_allocate_irqs(sdhci_card_readonly_cb, s, 1)[0];
+ sd_set_cb(s->card, s->ro_cb, s->eject_cb);
+
+ s->insert_timer = qemu_new_timer_ns(vm_clock, sdhci_raise_insertion_irq, s);
+ s->transfer_timer = qemu_new_timer_ns(vm_clock, sdhci_do_data_transfer, s);
+}
+
+static void sdhci_uninitfn(Object *obj)
+{
+ SDHCIState *s = SDHCI(obj);
+
+ qemu_del_timer(s->insert_timer);
+ qemu_free_timer(s->insert_timer);
+ qemu_del_timer(s->transfer_timer);
+ qemu_free_timer(s->transfer_timer);
+ qemu_free_irqs(&s->eject_cb);
+ qemu_free_irqs(&s->ro_cb);
+
+ if (s->fifo_buffer) {
+ g_free(s->fifo_buffer);
+ s->fifo_buffer = NULL;
+ }
+}
+
+const VMStateDescription sdhci_vmstate = {
+ .name = "sdhci",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .fields = (VMStateField[]) {
+ VMSTATE_UINT32(sdmasysad, SDHCIState),
+ VMSTATE_UINT16(blksize, SDHCIState),
+ VMSTATE_UINT16(blkcnt, SDHCIState),
+ VMSTATE_UINT32(argument, SDHCIState),
+ VMSTATE_UINT16(trnmod, SDHCIState),
+ VMSTATE_UINT16(cmdreg, SDHCIState),
+ VMSTATE_UINT32_ARRAY(rspreg, SDHCIState, 4),
+ VMSTATE_UINT32(prnsts, SDHCIState),
+ VMSTATE_UINT8(hostctl, SDHCIState),
+ VMSTATE_UINT8(pwrcon, SDHCIState),
+ VMSTATE_UINT8(blkgap, SDHCIState),
+ VMSTATE_UINT8(wakcon, SDHCIState),
+ VMSTATE_UINT16(clkcon, SDHCIState),
+ VMSTATE_UINT8(timeoutcon, SDHCIState),
+ VMSTATE_UINT8(admaerr, SDHCIState),
+ VMSTATE_UINT16(norintsts, SDHCIState),
+ VMSTATE_UINT16(errintsts, SDHCIState),
+ VMSTATE_UINT16(norintstsen, SDHCIState),
+ VMSTATE_UINT16(errintstsen, SDHCIState),
+ VMSTATE_UINT16(norintsigen, SDHCIState),
+ VMSTATE_UINT16(errintsigen, SDHCIState),
+ VMSTATE_UINT16(acmd12errsts, SDHCIState),
+ VMSTATE_UINT16(data_count, SDHCIState),
+ VMSTATE_UINT64(admasysaddr, SDHCIState),
+ VMSTATE_UINT8(stopped_state, SDHCIState),
+ VMSTATE_VBUFFER_UINT32(fifo_buffer, SDHCIState, 1, NULL, 0, buf_maxsz),
+ VMSTATE_TIMER(insert_timer, SDHCIState),
+ VMSTATE_TIMER(transfer_timer, SDHCIState),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+/* Capabilities registers provide information on supported features of this
+ * specific host controller implementation */
+static Property sdhci_properties[] = {
+ DEFINE_PROP_HEX32("capareg", SDHCIState, capareg,
+ SDHC_CAPAB_REG_DEFAULT),
+ DEFINE_PROP_HEX32("maxcurr", SDHCIState, maxcurr, 0),
+ DEFINE_PROP_END_OF_LIST(),
+};
+
+static void sdhci_realize(DeviceState *dev, Error ** errp)
+{
+ SDHCIState *s = SDHCI(dev);
+ SysBusDevice *sbd = SYS_BUS_DEVICE(dev);
+
+ s->buf_maxsz = sdhci_get_fifolen(s);
+ s->fifo_buffer = g_malloc0(s->buf_maxsz);
+ sysbus_init_irq(sbd, &s->irq);
+ memory_region_init_io(&s->iomem, OBJECT(s), &sdhci_mmio_ops, s, "sdhci",
+ SDHC_REGISTERS_MAP_SIZE);
+ sysbus_init_mmio(sbd, &s->iomem);
+}
+
+static void sdhci_generic_reset(DeviceState *ds)
+{
+ SDHCIState *s = SDHCI(ds);
+ SDHCI_GET_CLASS(s)->reset(s);
+}
+
+static void sdhci_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ SDHCIClass *k = SDHCI_CLASS(klass);
+
+ dc->vmsd = &sdhci_vmstate;
+ dc->props = sdhci_properties;
+ dc->reset = sdhci_generic_reset;
+ dc->realize = sdhci_realize;
+
+ k->reset = sdhci_reset;
+ k->mem_read = sdhci_read;
+ k->mem_write = sdhci_write;
+ k->send_command = sdhci_send_command;
+ k->can_issue_command = sdhci_can_issue_command;
+ k->data_transfer = sdhci_data_transfer;
+ k->end_data_transfer = sdhci_end_transfer;
+ k->do_sdma_single = sdhci_sdma_transfer_single_block;
+ k->do_sdma_multi = sdhci_sdma_transfer_multi_blocks;
+ k->do_adma = sdhci_do_adma;
+ k->read_block_from_card = sdhci_read_block_from_card;
+ k->write_block_to_card = sdhci_write_block_to_card;
+ k->bdata_read = sdhci_read_dataport;
+ k->bdata_write = sdhci_write_dataport;
+}
+
+static const TypeInfo sdhci_type_info = {
+ .name = TYPE_SDHCI,
+ .parent = TYPE_SYS_BUS_DEVICE,
+ .instance_size = sizeof(SDHCIState),
+ .instance_init = sdhci_initfn,
+ .instance_finalize = sdhci_uninitfn,
+ .class_init = sdhci_class_init,
+ .class_size = sizeof(SDHCIClass)
+};
+
+static void sdhci_register_types(void)
+{
+ type_register_static(&sdhci_type_info);
+}
+
+type_init(sdhci_register_types)
diff --git a/hw/sd/sdhci.h b/hw/sd/sdhci.h
new file mode 100644
index 000000000..a560c3c93
--- /dev/null
+++ b/hw/sd/sdhci.h
@@ -0,0 +1,312 @@
+/*
+ * SD Association Host Standard Specification v2.0 controller emulation
+ *
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd.
+ * Mitsyanko Igor <i.mitsyanko@samsung.com>
+ * Peter A.G. Crosthwaite <peter.crosthwaite@petalogix.com>
+ *
+ * Based on MMC controller for Samsung S5PC1xx-based board emulation
+ * by Alexey Merkulov and Vladimir Monakhov.
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+ * See the GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef SDHCI_H
+#define SDHCI_H
+
+#include "qemu-common.h"
+#include "hw/sysbus.h"
+#include "hw/sd.h"
+
+/* R/W SDMA System Address register 0x0 */
+#define SDHC_SYSAD 0x00
+
+/* R/W Host DMA Buffer Boundary and Transfer Block Size Register 0x0 */
+#define SDHC_BLKSIZE 0x04
+
+/* R/W Blocks count for current transfer 0x0 */
+#define SDHC_BLKCNT 0x06
+
+/* R/W Command Argument Register 0x0 */
+#define SDHC_ARGUMENT 0x08
+
+/* R/W Transfer Mode Setting Register 0x0 */
+#define SDHC_TRNMOD 0x0C
+#define SDHC_TRNS_DMA 0x0001
+#define SDHC_TRNS_BLK_CNT_EN 0x0002
+#define SDHC_TRNS_ACMD12 0x0004
+#define SDHC_TRNS_READ 0x0010
+#define SDHC_TRNS_MULTI 0x0020
+
+/* R/W Command Register 0x0 */
+#define SDHC_CMDREG 0x0E
+#define SDHC_CMD_RSP_WITH_BUSY (3 << 0)
+#define SDHC_CMD_DATA_PRESENT (1 << 5)
+#define SDHC_CMD_SUSPEND (1 << 6)
+#define SDHC_CMD_RESUME (1 << 7)
+#define SDHC_CMD_ABORT ((1 << 6)|(1 << 7))
+#define SDHC_CMD_TYPE_MASK ((1 << 6)|(1 << 7))
+#define SDHC_COMMAND_TYPE(x) ((x) & SDHC_CMD_TYPE_MASK)
+
+/* ROC Response Register 0 0x0 */
+#define SDHC_RSPREG0 0x10
+/* ROC Response Register 1 0x0 */
+#define SDHC_RSPREG1 0x14
+/* ROC Response Register 2 0x0 */
+#define SDHC_RSPREG2 0x18
+/* ROC Response Register 3 0x0 */
+#define SDHC_RSPREG3 0x1C
+
+/* R/W Buffer Data Register 0x0 */
+#define SDHC_BDATA 0x20
+
+/* R/ROC Present State Register 0x000A0000 */
+#define SDHC_PRNSTS 0x24
+#define SDHC_CMD_INHIBIT 0x00000001
+#define SDHC_DATA_INHIBIT 0x00000002
+#define SDHC_DAT_LINE_ACTIVE 0x00000004
+#define SDHC_DOING_WRITE 0x00000100
+#define SDHC_DOING_READ 0x00000200
+#define SDHC_SPACE_AVAILABLE 0x00000400
+#define SDHC_DATA_AVAILABLE 0x00000800
+#define SDHC_CARD_PRESENT 0x00010000
+#define SDHC_CARD_DETECT 0x00040000
+#define SDHC_WRITE_PROTECT 0x00080000
+#define TRANSFERRING_DATA(x) \
+ ((x) & (SDHC_DOING_READ | SDHC_DOING_WRITE))
+
+/* R/W Host control Register 0x0 */
+#define SDHC_HOSTCTL 0x28
+#define SDHC_CTRL_DMA_CHECK_MASK 0x18
+#define SDHC_CTRL_SDMA 0x00
+#define SDHC_CTRL_ADMA1_32 0x08
+#define SDHC_CTRL_ADMA2_32 0x10
+#define SDHC_CTRL_ADMA2_64 0x18
+#define SDHC_DMA_TYPE(x) ((x) & SDHC_CTRL_DMA_CHECK_MASK)
+
+/* R/W Power Control Register 0x0 */
+#define SDHC_PWRCON 0x29
+#define SDHC_POWER_ON (1 << 0)
+
+/* R/W Block Gap Control Register 0x0 */
+#define SDHC_BLKGAP 0x2A
+#define SDHC_STOP_AT_GAP_REQ 0x01
+#define SDHC_CONTINUE_REQ 0x02
+
+/* R/W WakeUp Control Register 0x0 */
+#define SDHC_WAKCON 0x2B
+#define SDHC_WKUP_ON_INS (1 << 1)
+#define SDHC_WKUP_ON_RMV (1 << 2)
+
+/* CLKCON */
+#define SDHC_CLKCON 0x2C
+#define SDHC_CLOCK_INT_STABLE 0x0002
+#define SDHC_CLOCK_INT_EN 0x0001
+#define SDHC_CLOCK_SDCLK_EN (1 << 2)
+#define SDHC_CLOCK_CHK_MASK 0x0007
+#define SDHC_CLOCK_IS_ON(x) \
+ (((x) & SDHC_CLOCK_CHK_MASK) == SDHC_CLOCK_CHK_MASK)
+
+/* R/W Timeout Control Register 0x0 */
+#define SDHC_TIMEOUTCON 0x2E
+
+/* R/W Software Reset Register 0x0 */
+#define SDHC_SWRST 0x2F
+#define SDHC_RESET_ALL 0x01
+#define SDHC_RESET_CMD 0x02
+#define SDHC_RESET_DATA 0x04
+
+/* ROC/RW1C Normal Interrupt Status Register 0x0 */
+#define SDHC_NORINTSTS 0x30
+#define SDHC_NIS_ERR 0x8000
+#define SDHC_NIS_CMDCMP 0x0001
+#define SDHC_NIS_TRSCMP 0x0002
+#define SDHC_NIS_BLKGAP 0x0004
+#define SDHC_NIS_DMA 0x0008
+#define SDHC_NIS_WBUFRDY 0x0010
+#define SDHC_NIS_RBUFRDY 0x0020
+#define SDHC_NIS_INSERT 0x0040
+#define SDHC_NIS_REMOVE 0x0080
+#define SDHC_NIS_CARDINT 0x0100
+
+/* ROC/RW1C Error Interrupt Status Register 0x0 */
+#define SDHC_ERRINTSTS 0x32
+#define SDHC_EIS_CMDTIMEOUT 0x0001
+#define SDHC_EIS_BLKGAP 0x0004
+#define SDHC_EIS_CMDIDX 0x0008
+#define SDHC_EIS_CMD12ERR 0x0100
+#define SDHC_EIS_ADMAERR 0x0200
+
+/* R/W Normal Interrupt Status Enable Register 0x0 */
+#define SDHC_NORINTSTSEN 0x34
+#define SDHC_NISEN_CMDCMP 0x0001
+#define SDHC_NISEN_TRSCMP 0x0002
+#define SDHC_NISEN_DMA 0x0008
+#define SDHC_NISEN_WBUFRDY 0x0010
+#define SDHC_NISEN_RBUFRDY 0x0020
+#define SDHC_NISEN_INSERT 0x0040
+#define SDHC_NISEN_REMOVE 0x0080
+#define SDHC_NISEN_CARDINT 0x0100
+
+/* R/W Error Interrupt Status Enable Register 0x0 */
+#define SDHC_ERRINTSTSEN 0x36
+#define SDHC_EISEN_CMDTIMEOUT 0x0001
+#define SDHC_EISEN_BLKGAP 0x0004
+#define SDHC_EISEN_CMDIDX 0x0008
+#define SDHC_EISEN_ADMAERR 0x0200
+
+/* R/W Normal Interrupt Signal Enable Register 0x0 */
+#define SDHC_NORINTSIGEN 0x38
+#define SDHC_NORINTSIG_INSERT (1 << 6)
+#define SDHC_NORINTSIG_REMOVE (1 << 7)
+
+/* R/W Error Interrupt Signal Enable Register 0x0 */
+#define SDHC_ERRINTSIGEN 0x3A
+
+/* ROC Auto CMD12 error status register 0x0 */
+#define SDHC_ACMD12ERRSTS 0x3C
+
+/* HWInit Capabilities Register 0x05E80080 */
+#define SDHC_CAPAREG 0x40
+#define SDHC_CAN_DO_DMA 0x00400000
+#define SDHC_CAN_DO_ADMA2 0x00080000
+#define SDHC_CAN_DO_ADMA1 0x00100000
+#define SDHC_64_BIT_BUS_SUPPORT (1 << 28)
+#define SDHC_CAPAB_BLOCKSIZE(x) (((x) >> 16) & 0x3)
+
+/* HWInit Maximum Current Capabilities Register 0x0 */
+#define SDHC_MAXCURR 0x48
+
+/* W Force Event Auto CMD12 Error Interrupt Register 0x0000 */
+#define SDHC_FEAER 0x50
+/* W Force Event Error Interrupt Register Error Interrupt 0x0000 */
+#define SDHC_FEERR 0x52
+
+/* R/W ADMA Error Status Register 0x00 */
+#define SDHC_ADMAERR 0x54
+#define SDHC_ADMAERR_LENGTH_MISMATCH (1 << 2)
+#define SDHC_ADMAERR_STATE_ST_STOP (0 << 0)
+#define SDHC_ADMAERR_STATE_ST_FDS (1 << 0)
+#define SDHC_ADMAERR_STATE_ST_TFR (3 << 0)
+#define SDHC_ADMAERR_STATE_MASK (3 << 0)
+
+/* R/W ADMA System Address Register 0x00 */
+#define SDHC_ADMASYSADDR 0x58
+#define SDHC_ADMA_ATTR_SET_LEN (1 << 4)
+#define SDHC_ADMA_ATTR_ACT_TRAN (1 << 5)
+#define SDHC_ADMA_ATTR_ACT_LINK (3 << 4)
+#define SDHC_ADMA_ATTR_INT (1 << 2)
+#define SDHC_ADMA_ATTR_END (1 << 1)
+#define SDHC_ADMA_ATTR_VALID (1 << 0)
+#define SDHC_ADMA_ATTR_ACT_MASK ((1 << 4)|(1 << 5))
+
+/* Slot interrupt status */
+#define SDHC_SLOT_INT_STATUS 0xFC
+
+/* HWInit Host Controller Version Register 0x0401 */
+#define SDHC_HCVER 0xFE
+#define SD_HOST_SPECv2_VERS 0x2401
+
+#define SDHC_REGISTERS_MAP_SIZE 0x100
+#define SDHC_INSERTION_DELAY (get_ticks_per_sec())
+#define SDHC_TRANSFER_DELAY 100
+#define SDHC_ADMA_DESCS_PER_DELAY 5
+#define SDHC_CMD_RESPONSE (3 << 0)
+
+enum {
+ sdhc_not_stopped = 0, /* normal SDHC state */
+ sdhc_gap_read = 1, /* SDHC stopped at block gap during read operation */
+ sdhc_gap_write = 2 /* SDHC stopped at block gap during write operation */
+};
+
+/* SD/MMC host controller state */
+typedef struct SDHCIState {
+ SysBusDevice busdev;
+ SDState *card;
+ MemoryRegion iomem;
+
+ QEMUTimer *insert_timer; /* timer for 'changing' sd card. */
+ QEMUTimer *transfer_timer;
+ qemu_irq eject_cb;
+ qemu_irq ro_cb;
+ qemu_irq irq;
+
+ uint32_t sdmasysad; /* SDMA System Address register */
+ uint16_t blksize; /* Host DMA Buff Boundary and Transfer BlkSize Reg */
+ uint16_t blkcnt; /* Blocks count for current transfer */
+ uint32_t argument; /* Command Argument Register */
+ uint16_t trnmod; /* Transfer Mode Setting Register */
+ uint16_t cmdreg; /* Command Register */
+ uint32_t rspreg[4]; /* Response Registers 0-3 */
+ uint32_t prnsts; /* Present State Register */
+ uint8_t hostctl; /* Host Control Register */
+ uint8_t pwrcon; /* Power control Register */
+ uint8_t blkgap; /* Block Gap Control Register */
+ uint8_t wakcon; /* WakeUp Control Register */
+ uint16_t clkcon; /* Clock control Register */
+ uint8_t timeoutcon; /* Timeout Control Register */
+ uint8_t admaerr; /* ADMA Error Status Register */
+ uint16_t norintsts; /* Normal Interrupt Status Register */
+ uint16_t errintsts; /* Error Interrupt Status Register */
+ uint16_t norintstsen; /* Normal Interrupt Status Enable Register */
+ uint16_t errintstsen; /* Error Interrupt Status Enable Register */
+ uint16_t norintsigen; /* Normal Interrupt Signal Enable Register */
+ uint16_t errintsigen; /* Error Interrupt Signal Enable Register */
+ uint16_t acmd12errsts; /* Auto CMD12 error status register */
+ uint64_t admasysaddr; /* ADMA System Address Register */
+
+ uint32_t capareg; /* Capabilities Register */
+ uint32_t maxcurr; /* Maximum Current Capabilities Register */
+ uint8_t *fifo_buffer; /* SD host i/o FIFO buffer */
+ uint32_t buf_maxsz;
+ uint16_t data_count; /* current element in FIFO buffer */
+ uint8_t stopped_state;/* Current SDHC state */
+ /* Buffer Data Port Register - virtual access point to R and W buffers */
+ /* Software Reset Register - always reads as 0 */
+ /* Force Event Auto CMD12 Error Interrupt Reg - write only */
+ /* Force Event Error Interrupt Register- write only */
+ /* RO Host Controller Version Register always reads as 0x2401 */
+} SDHCIState;
+
+typedef struct SDHCIClass {
+ SysBusDeviceClass busdev_class;
+
+ void (*reset)(SDHCIState *s);
+ uint32_t (*mem_read)(SDHCIState *s, unsigned int offset, unsigned size);
+ void (*mem_write)(SDHCIState *s, unsigned int offset, uint32_t value,
+ unsigned size);
+ void (*send_command)(SDHCIState *s);
+ bool (*can_issue_command)(SDHCIState *s);
+ void (*data_transfer)(SDHCIState *s);
+ void (*end_data_transfer)(SDHCIState *s);
+ void (*do_sdma_single)(SDHCIState *s);
+ void (*do_sdma_multi)(SDHCIState *s);
+ void (*do_adma)(SDHCIState *s);
+ void (*read_block_from_card)(SDHCIState *s);
+ void (*write_block_to_card)(SDHCIState *s);
+ uint32_t (*bdata_read)(SDHCIState *s, unsigned size);
+ void (*bdata_write)(SDHCIState *s, uint32_t value, unsigned size);
+} SDHCIClass;
+
+extern const VMStateDescription sdhci_vmstate;
+
+#define TYPE_SDHCI "generic-sdhci"
+#define SDHCI(obj) \
+ OBJECT_CHECK(SDHCIState, (obj), TYPE_SDHCI)
+#define SDHCI_CLASS(klass) \
+ OBJECT_CLASS_CHECK(SDHCIClass, (klass), TYPE_SDHCI)
+#define SDHCI_GET_CLASS(obj) \
+ OBJECT_GET_CLASS(SDHCIClass, (obj), TYPE_SDHCI)
+
+#endif /* SDHCI_H */
diff --git a/hw/sd/ssi-sd.c b/hw/sd/ssi-sd.c
new file mode 100644
index 000000000..d47e2377f
--- /dev/null
+++ b/hw/sd/ssi-sd.c
@@ -0,0 +1,274 @@
+/*
+ * SSI to SD card adapter.
+ *
+ * Copyright (c) 2007-2009 CodeSourcery.
+ * Written by Paul Brook
+ *
+ * This code is licensed under the GNU GPL v2.
+ *
+ * Contributions after 2012-01-13 are licensed under the terms of the
+ * GNU GPL, version 2 or (at your option) any later version.
+ */
+
+#include "sysemu/blockdev.h"
+#include "hw/ssi.h"
+#include "hw/sd.h"
+
+//#define DEBUG_SSI_SD 1
+
+#ifdef DEBUG_SSI_SD
+#define DPRINTF(fmt, ...) \
+do { printf("ssi_sd: " fmt , ## __VA_ARGS__); } while (0)
+#define BADF(fmt, ...) \
+do { fprintf(stderr, "ssi_sd: error: " fmt , ## __VA_ARGS__); exit(1);} while (0)
+#else
+#define DPRINTF(fmt, ...) do {} while(0)
+#define BADF(fmt, ...) \
+do { fprintf(stderr, "ssi_sd: error: " fmt , ## __VA_ARGS__);} while (0)
+#endif
+
+typedef enum {
+ SSI_SD_CMD,
+ SSI_SD_CMDARG,
+ SSI_SD_RESPONSE,
+ SSI_SD_DATA_START,
+ SSI_SD_DATA_READ,
+} ssi_sd_mode;
+
+typedef struct {
+ SSISlave ssidev;
+ ssi_sd_mode mode;
+ int cmd;
+ uint8_t cmdarg[4];
+ uint8_t response[5];
+ int arglen;
+ int response_pos;
+ int stopping;
+ SDState *sd;
+} ssi_sd_state;
+
+/* State word bits. */
+#define SSI_SDR_LOCKED 0x0001
+#define SSI_SDR_WP_ERASE 0x0002
+#define SSI_SDR_ERROR 0x0004
+#define SSI_SDR_CC_ERROR 0x0008
+#define SSI_SDR_ECC_FAILED 0x0010
+#define SSI_SDR_WP_VIOLATION 0x0020
+#define SSI_SDR_ERASE_PARAM 0x0040
+#define SSI_SDR_OUT_OF_RANGE 0x0080
+#define SSI_SDR_IDLE 0x0100
+#define SSI_SDR_ERASE_RESET 0x0200
+#define SSI_SDR_ILLEGAL_COMMAND 0x0400
+#define SSI_SDR_COM_CRC_ERROR 0x0800
+#define SSI_SDR_ERASE_SEQ_ERROR 0x1000
+#define SSI_SDR_ADDRESS_ERROR 0x2000
+#define SSI_SDR_PARAMETER_ERROR 0x4000
+
+static uint32_t ssi_sd_transfer(SSISlave *dev, uint32_t val)
+{
+ ssi_sd_state *s = FROM_SSI_SLAVE(ssi_sd_state, dev);
+
+ /* Special case: allow CMD12 (STOP TRANSMISSION) while reading data. */
+ if (s->mode == SSI_SD_DATA_READ && val == 0x4d) {
+ s->mode = SSI_SD_CMD;
+ /* There must be at least one byte delay before the card responds. */
+ s->stopping = 1;
+ }
+
+ switch (s->mode) {
+ case SSI_SD_CMD:
+ if (val == 0xff) {
+ DPRINTF("NULL command\n");
+ return 0xff;
+ }
+ s->cmd = val & 0x3f;
+ s->mode = SSI_SD_CMDARG;
+ s->arglen = 0;
+ return 0xff;
+ case SSI_SD_CMDARG:
+ if (s->arglen == 4) {
+ SDRequest request;
+ uint8_t longresp[16];
+ /* FIXME: Check CRC. */
+ request.cmd = s->cmd;
+ request.arg = (s->cmdarg[0] << 24) | (s->cmdarg[1] << 16)
+ | (s->cmdarg[2] << 8) | s->cmdarg[3];
+ DPRINTF("CMD%d arg 0x%08x\n", s->cmd, request.arg);
+ s->arglen = sd_do_command(s->sd, &request, longresp);
+ if (s->arglen <= 0) {
+ s->arglen = 1;
+ s->response[0] = 4;
+ DPRINTF("SD command failed\n");
+ } else if (s->cmd == 58) {
+ /* CMD58 returns R3 response (OCR) */
+ DPRINTF("Returned OCR\n");
+ s->arglen = 5;
+ s->response[0] = 1;
+ memcpy(&s->response[1], longresp, 4);
+ } else if (s->arglen != 4) {
+ BADF("Unexpected response to cmd %d\n", s->cmd);
+ /* Illegal command is about as near as we can get. */
+ s->arglen = 1;
+ s->response[0] = 4;
+ } else {
+ /* All other commands return status. */
+ uint32_t cardstatus;
+ uint16_t status;
+ /* CMD13 returns a 2-byte statuse work. Other commands
+ only return the first byte. */
+ s->arglen = (s->cmd == 13) ? 2 : 1;
+ cardstatus = (longresp[0] << 24) | (longresp[1] << 16)
+ | (longresp[2] << 8) | longresp[3];
+ status = 0;
+ if (((cardstatus >> 9) & 0xf) < 4)
+ status |= SSI_SDR_IDLE;
+ if (cardstatus & ERASE_RESET)
+ status |= SSI_SDR_ERASE_RESET;
+ if (cardstatus & ILLEGAL_COMMAND)
+ status |= SSI_SDR_ILLEGAL_COMMAND;
+ if (cardstatus & COM_CRC_ERROR)
+ status |= SSI_SDR_COM_CRC_ERROR;
+ if (cardstatus & ERASE_SEQ_ERROR)
+ status |= SSI_SDR_ERASE_SEQ_ERROR;
+ if (cardstatus & ADDRESS_ERROR)
+ status |= SSI_SDR_ADDRESS_ERROR;
+ if (cardstatus & CARD_IS_LOCKED)
+ status |= SSI_SDR_LOCKED;
+ if (cardstatus & (LOCK_UNLOCK_FAILED | WP_ERASE_SKIP))
+ status |= SSI_SDR_WP_ERASE;
+ if (cardstatus & SD_ERROR)
+ status |= SSI_SDR_ERROR;
+ if (cardstatus & CC_ERROR)
+ status |= SSI_SDR_CC_ERROR;
+ if (cardstatus & CARD_ECC_FAILED)
+ status |= SSI_SDR_ECC_FAILED;
+ if (cardstatus & WP_VIOLATION)
+ status |= SSI_SDR_WP_VIOLATION;
+ if (cardstatus & ERASE_PARAM)
+ status |= SSI_SDR_ERASE_PARAM;
+ if (cardstatus & (OUT_OF_RANGE | CID_CSD_OVERWRITE))
+ status |= SSI_SDR_OUT_OF_RANGE;
+ /* ??? Don't know what Parameter Error really means, so
+ assume it's set if the second byte is nonzero. */
+ if (status & 0xff)
+ status |= SSI_SDR_PARAMETER_ERROR;
+ s->response[0] = status >> 8;
+ s->response[1] = status;
+ DPRINTF("Card status 0x%02x\n", status);
+ }
+ s->mode = SSI_SD_RESPONSE;
+ s->response_pos = 0;
+ } else {
+ s->cmdarg[s->arglen++] = val;
+ }
+ return 0xff;
+ case SSI_SD_RESPONSE:
+ if (s->stopping) {
+ s->stopping = 0;
+ return 0xff;
+ }
+ if (s->response_pos < s->arglen) {
+ DPRINTF("Response 0x%02x\n", s->response[s->response_pos]);
+ return s->response[s->response_pos++];
+ }
+ if (sd_data_ready(s->sd)) {
+ DPRINTF("Data read\n");
+ s->mode = SSI_SD_DATA_START;
+ } else {
+ DPRINTF("End of command\n");
+ s->mode = SSI_SD_CMD;
+ }
+ return 0xff;
+ case SSI_SD_DATA_START:
+ DPRINTF("Start read block\n");
+ s->mode = SSI_SD_DATA_READ;
+ return 0xfe;
+ case SSI_SD_DATA_READ:
+ val = sd_read_data(s->sd);
+ if (!sd_data_ready(s->sd)) {
+ DPRINTF("Data read end\n");
+ s->mode = SSI_SD_CMD;
+ }
+ return val;
+ }
+ /* Should never happen. */
+ return 0xff;
+}
+
+static void ssi_sd_save(QEMUFile *f, void *opaque)
+{
+ SSISlave *ss = SSI_SLAVE(opaque);
+ ssi_sd_state *s = (ssi_sd_state *)opaque;
+ int i;
+
+ qemu_put_be32(f, s->mode);
+ qemu_put_be32(f, s->cmd);
+ for (i = 0; i < 4; i++)
+ qemu_put_be32(f, s->cmdarg[i]);
+ for (i = 0; i < 5; i++)
+ qemu_put_be32(f, s->response[i]);
+ qemu_put_be32(f, s->arglen);
+ qemu_put_be32(f, s->response_pos);
+ qemu_put_be32(f, s->stopping);
+
+ qemu_put_be32(f, ss->cs);
+}
+
+static int ssi_sd_load(QEMUFile *f, void *opaque, int version_id)
+{
+ SSISlave *ss = SSI_SLAVE(opaque);
+ ssi_sd_state *s = (ssi_sd_state *)opaque;
+ int i;
+
+ if (version_id != 1)
+ return -EINVAL;
+
+ s->mode = qemu_get_be32(f);
+ s->cmd = qemu_get_be32(f);
+ for (i = 0; i < 4; i++)
+ s->cmdarg[i] = qemu_get_be32(f);
+ for (i = 0; i < 5; i++)
+ s->response[i] = qemu_get_be32(f);
+ s->arglen = qemu_get_be32(f);
+ s->response_pos = qemu_get_be32(f);
+ s->stopping = qemu_get_be32(f);
+
+ ss->cs = qemu_get_be32(f);
+
+ return 0;
+}
+
+static int ssi_sd_init(SSISlave *dev)
+{
+ ssi_sd_state *s = FROM_SSI_SLAVE(ssi_sd_state, dev);
+ DriveInfo *dinfo;
+
+ s->mode = SSI_SD_CMD;
+ dinfo = drive_get_next(IF_SD);
+ s->sd = sd_init(dinfo ? dinfo->bdrv : NULL, true);
+ register_savevm(&dev->qdev, "ssi_sd", -1, 1, ssi_sd_save, ssi_sd_load, s);
+ return 0;
+}
+
+static void ssi_sd_class_init(ObjectClass *klass, void *data)
+{
+ SSISlaveClass *k = SSI_SLAVE_CLASS(klass);
+
+ k->init = ssi_sd_init;
+ k->transfer = ssi_sd_transfer;
+ k->cs_polarity = SSI_CS_LOW;
+}
+
+static const TypeInfo ssi_sd_info = {
+ .name = "ssi-sd",
+ .parent = TYPE_SSI_SLAVE,
+ .instance_size = sizeof(ssi_sd_state),
+ .class_init = ssi_sd_class_init,
+};
+
+static void ssi_sd_register_types(void)
+{
+ type_register_static(&ssi_sd_info);
+}
+
+type_init(ssi_sd_register_types)
diff --git a/hw/serial-isa.c b/hw/serial-isa.c
deleted file mode 100644
index 96c78f7f8..000000000
--- a/hw/serial-isa.c
+++ /dev/null
@@ -1,130 +0,0 @@
-/*
- * QEMU 16550A UART emulation
- *
- * Copyright (c) 2003-2004 Fabrice Bellard
- * Copyright (c) 2008 Citrix Systems, Inc.
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
- * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
- * THE SOFTWARE.
- */
-
-#include "serial.h"
-#include "isa.h"
-
-typedef struct ISASerialState {
- ISADevice dev;
- uint32_t index;
- uint32_t iobase;
- uint32_t isairq;
- SerialState state;
-} ISASerialState;
-
-static const int isa_serial_io[MAX_SERIAL_PORTS] = {
- 0x3f8, 0x2f8, 0x3e8, 0x2e8
-};
-static const int isa_serial_irq[MAX_SERIAL_PORTS] = {
- 4, 3, 4, 3
-};
-
-static int serial_isa_initfn(ISADevice *dev)
-{
- static int index;
- ISASerialState *isa = DO_UPCAST(ISASerialState, dev, dev);
- SerialState *s = &isa->state;
-
- if (isa->index == -1) {
- isa->index = index;
- }
- if (isa->index >= MAX_SERIAL_PORTS) {
- return -1;
- }
- if (isa->iobase == -1) {
- isa->iobase = isa_serial_io[isa->index];
- }
- if (isa->isairq == -1) {
- isa->isairq = isa_serial_irq[isa->index];
- }
- index++;
-
- s->baudbase = 115200;
- isa_init_irq(dev, &s->irq, isa->isairq);
- serial_init_core(s);
- qdev_set_legacy_instance_id(&dev->qdev, isa->iobase, 3);
-
- memory_region_init_io(&s->io, &serial_io_ops, s, "serial", 8);
- isa_register_ioport(dev, &s->io, isa->iobase);
- return 0;
-}
-
-static const VMStateDescription vmstate_isa_serial = {
- .name = "serial",
- .version_id = 3,
- .minimum_version_id = 2,
- .fields = (VMStateField[]) {
- VMSTATE_STRUCT(state, ISASerialState, 0, vmstate_serial, SerialState),
- VMSTATE_END_OF_LIST()
- }
-};
-
-static Property serial_isa_properties[] = {
- DEFINE_PROP_UINT32("index", ISASerialState, index, -1),
- DEFINE_PROP_HEX32("iobase", ISASerialState, iobase, -1),
- DEFINE_PROP_UINT32("irq", ISASerialState, isairq, -1),
- DEFINE_PROP_CHR("chardev", ISASerialState, state.chr),
- DEFINE_PROP_UINT32("wakeup", ISASerialState, state.wakeup, 0),
- DEFINE_PROP_END_OF_LIST(),
-};
-
-static void serial_isa_class_initfn(ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS(klass);
- ISADeviceClass *ic = ISA_DEVICE_CLASS(klass);
- ic->init = serial_isa_initfn;
- dc->vmsd = &vmstate_isa_serial;
- dc->props = serial_isa_properties;
-}
-
-static TypeInfo serial_isa_info = {
- .name = "isa-serial",
- .parent = TYPE_ISA_DEVICE,
- .instance_size = sizeof(ISASerialState),
- .class_init = serial_isa_class_initfn,
-};
-
-static void serial_register_types(void)
-{
- type_register_static(&serial_isa_info);
-}
-
-type_init(serial_register_types)
-
-bool serial_isa_init(ISABus *bus, int index, CharDriverState *chr)
-{
- ISADevice *dev;
-
- dev = isa_try_create(bus, "isa-serial");
- if (!dev) {
- return false;
- }
- qdev_prop_set_uint32(&dev->qdev, "index", index);
- qdev_prop_set_chr(&dev->qdev, "chardev", chr);
- if (qdev_init(&dev->qdev) < 0) {
- return false;
- }
- return true;
-}
diff --git a/hw/serial-pci.c b/hw/serial-pci.c
deleted file mode 100644
index 95dc5c8d2..000000000
--- a/hw/serial-pci.c
+++ /dev/null
@@ -1,252 +0,0 @@
-/*
- * QEMU 16550A UART emulation
- *
- * Copyright (c) 2003-2004 Fabrice Bellard
- * Copyright (c) 2008 Citrix Systems, Inc.
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
- * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
- * THE SOFTWARE.
- */
-
-/* see docs/specs/pci-serial.txt */
-
-#include "serial.h"
-#include "pci.h"
-
-#define PCI_SERIAL_MAX_PORTS 4
-
-typedef struct PCISerialState {
- PCIDevice dev;
- SerialState state;
-} PCISerialState;
-
-typedef struct PCIMultiSerialState {
- PCIDevice dev;
- MemoryRegion iobar;
- uint32_t ports;
- char *name[PCI_SERIAL_MAX_PORTS];
- SerialState state[PCI_SERIAL_MAX_PORTS];
- uint32_t level[PCI_SERIAL_MAX_PORTS];
- qemu_irq *irqs;
-} PCIMultiSerialState;
-
-static int serial_pci_init(PCIDevice *dev)
-{
- PCISerialState *pci = DO_UPCAST(PCISerialState, dev, dev);
- SerialState *s = &pci->state;
-
- s->baudbase = 115200;
- serial_init_core(s);
-
- pci->dev.config[PCI_INTERRUPT_PIN] = 0x01;
- s->irq = pci->dev.irq[0];
-
- memory_region_init_io(&s->io, &serial_io_ops, s, "serial", 8);
- pci_register_bar(&pci->dev, 0, PCI_BASE_ADDRESS_SPACE_IO, &s->io);
- return 0;
-}
-
-static void multi_serial_irq_mux(void *opaque, int n, int level)
-{
- PCIMultiSerialState *pci = opaque;
- int i, pending = 0;
-
- pci->level[n] = level;
- for (i = 0; i < pci->ports; i++) {
- if (pci->level[i]) {
- pending = 1;
- }
- }
- qemu_set_irq(pci->dev.irq[0], pending);
-}
-
-static int multi_serial_pci_init(PCIDevice *dev)
-{
- PCIDeviceClass *pc = PCI_DEVICE_GET_CLASS(dev);
- PCIMultiSerialState *pci = DO_UPCAST(PCIMultiSerialState, dev, dev);
- SerialState *s;
- int i;
-
- switch (pc->device_id) {
- case 0x0003:
- pci->ports = 2;
- break;
- case 0x0004:
- pci->ports = 4;
- break;
- }
- assert(pci->ports > 0);
- assert(pci->ports <= PCI_SERIAL_MAX_PORTS);
-
- pci->dev.config[PCI_INTERRUPT_PIN] = 0x01;
- memory_region_init(&pci->iobar, "multiserial", 8 * pci->ports);
- pci_register_bar(&pci->dev, 0, PCI_BASE_ADDRESS_SPACE_IO, &pci->iobar);
- pci->irqs = qemu_allocate_irqs(multi_serial_irq_mux, pci,
- pci->ports);
-
- for (i = 0; i < pci->ports; i++) {
- s = pci->state + i;
- s->baudbase = 115200;
- serial_init_core(s);
- s->irq = pci->irqs[i];
- pci->name[i] = g_strdup_printf("uart #%d", i+1);
- memory_region_init_io(&s->io, &serial_io_ops, s, pci->name[i], 8);
- memory_region_add_subregion(&pci->iobar, 8 * i, &s->io);
- }
- return 0;
-}
-
-static void serial_pci_exit(PCIDevice *dev)
-{
- PCISerialState *pci = DO_UPCAST(PCISerialState, dev, dev);
- SerialState *s = &pci->state;
-
- serial_exit_core(s);
- memory_region_destroy(&s->io);
-}
-
-static void multi_serial_pci_exit(PCIDevice *dev)
-{
- PCIMultiSerialState *pci = DO_UPCAST(PCIMultiSerialState, dev, dev);
- SerialState *s;
- int i;
-
- for (i = 0; i < pci->ports; i++) {
- s = pci->state + i;
- serial_exit_core(s);
- memory_region_destroy(&s->io);
- g_free(pci->name[i]);
- }
- memory_region_destroy(&pci->iobar);
- qemu_free_irqs(pci->irqs);
-}
-
-static const VMStateDescription vmstate_pci_serial = {
- .name = "pci-serial",
- .version_id = 1,
- .minimum_version_id = 1,
- .fields = (VMStateField[]) {
- VMSTATE_PCI_DEVICE(dev, PCISerialState),
- VMSTATE_STRUCT(state, PCISerialState, 0, vmstate_serial, SerialState),
- VMSTATE_END_OF_LIST()
- }
-};
-
-static const VMStateDescription vmstate_pci_multi_serial = {
- .name = "pci-serial-multi",
- .version_id = 1,
- .minimum_version_id = 1,
- .fields = (VMStateField[]) {
- VMSTATE_PCI_DEVICE(dev, PCIMultiSerialState),
- VMSTATE_STRUCT_ARRAY(state, PCIMultiSerialState, PCI_SERIAL_MAX_PORTS,
- 0, vmstate_serial, SerialState),
- VMSTATE_UINT32_ARRAY(level, PCIMultiSerialState, PCI_SERIAL_MAX_PORTS),
- VMSTATE_END_OF_LIST()
- }
-};
-
-static Property serial_pci_properties[] = {
- DEFINE_PROP_CHR("chardev", PCISerialState, state.chr),
- DEFINE_PROP_END_OF_LIST(),
-};
-
-static Property multi_2x_serial_pci_properties[] = {
- DEFINE_PROP_CHR("chardev1", PCIMultiSerialState, state[0].chr),
- DEFINE_PROP_CHR("chardev2", PCIMultiSerialState, state[1].chr),
- DEFINE_PROP_END_OF_LIST(),
-};
-
-static Property multi_4x_serial_pci_properties[] = {
- DEFINE_PROP_CHR("chardev1", PCIMultiSerialState, state[0].chr),
- DEFINE_PROP_CHR("chardev2", PCIMultiSerialState, state[1].chr),
- DEFINE_PROP_CHR("chardev3", PCIMultiSerialState, state[2].chr),
- DEFINE_PROP_CHR("chardev4", PCIMultiSerialState, state[3].chr),
- DEFINE_PROP_END_OF_LIST(),
-};
-
-static void serial_pci_class_initfn(ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS(klass);
- PCIDeviceClass *pc = PCI_DEVICE_CLASS(klass);
- pc->init = serial_pci_init;
- pc->exit = serial_pci_exit;
- pc->vendor_id = 0x1b36; /* Red Hat */
- pc->device_id = 0x0002;
- pc->revision = 1;
- pc->class_id = PCI_CLASS_COMMUNICATION_SERIAL;
- dc->vmsd = &vmstate_pci_serial;
- dc->props = serial_pci_properties;
-}
-
-static void multi_2x_serial_pci_class_initfn(ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS(klass);
- PCIDeviceClass *pc = PCI_DEVICE_CLASS(klass);
- pc->init = multi_serial_pci_init;
- pc->exit = multi_serial_pci_exit;
- pc->vendor_id = 0x1b36; /* Red Hat */
- pc->device_id = 0x0003;
- pc->revision = 1;
- pc->class_id = PCI_CLASS_COMMUNICATION_SERIAL;
- dc->vmsd = &vmstate_pci_multi_serial;
- dc->props = multi_2x_serial_pci_properties;
-}
-
-static void multi_4x_serial_pci_class_initfn(ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS(klass);
- PCIDeviceClass *pc = PCI_DEVICE_CLASS(klass);
- pc->init = multi_serial_pci_init;
- pc->exit = multi_serial_pci_exit;
- pc->vendor_id = 0x1b36; /* Red Hat */
- pc->device_id = 0x0004;
- pc->revision = 1;
- pc->class_id = PCI_CLASS_COMMUNICATION_SERIAL;
- dc->vmsd = &vmstate_pci_multi_serial;
- dc->props = multi_4x_serial_pci_properties;
-}
-
-static TypeInfo serial_pci_info = {
- .name = "pci-serial",
- .parent = TYPE_PCI_DEVICE,
- .instance_size = sizeof(PCISerialState),
- .class_init = serial_pci_class_initfn,
-};
-
-static TypeInfo multi_2x_serial_pci_info = {
- .name = "pci-serial-2x",
- .parent = TYPE_PCI_DEVICE,
- .instance_size = sizeof(PCIMultiSerialState),
- .class_init = multi_2x_serial_pci_class_initfn,
-};
-
-static TypeInfo multi_4x_serial_pci_info = {
- .name = "pci-serial-4x",
- .parent = TYPE_PCI_DEVICE,
- .instance_size = sizeof(PCIMultiSerialState),
- .class_init = multi_4x_serial_pci_class_initfn,
-};
-
-static void serial_pci_register_types(void)
-{
- type_register_static(&serial_pci_info);
- type_register_static(&multi_2x_serial_pci_info);
- type_register_static(&multi_4x_serial_pci_info);
-}
-
-type_init(serial_pci_register_types)
diff --git a/hw/serial.c b/hw/serial.c
deleted file mode 100644
index 60283eab9..000000000
--- a/hw/serial.c
+++ /dev/null
@@ -1,797 +0,0 @@
-/*
- * QEMU 16550A UART emulation
- *
- * Copyright (c) 2003-2004 Fabrice Bellard
- * Copyright (c) 2008 Citrix Systems, Inc.
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
- * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
- * THE SOFTWARE.
- */
-
-#include "serial.h"
-#include "qemu-char.h"
-#include "qemu-timer.h"
-#include "exec-memory.h"
-
-//#define DEBUG_SERIAL
-
-#define UART_LCR_DLAB 0x80 /* Divisor latch access bit */
-
-#define UART_IER_MSI 0x08 /* Enable Modem status interrupt */
-#define UART_IER_RLSI 0x04 /* Enable receiver line status interrupt */
-#define UART_IER_THRI 0x02 /* Enable Transmitter holding register int. */
-#define UART_IER_RDI 0x01 /* Enable receiver data interrupt */
-
-#define UART_IIR_NO_INT 0x01 /* No interrupts pending */
-#define UART_IIR_ID 0x06 /* Mask for the interrupt ID */
-
-#define UART_IIR_MSI 0x00 /* Modem status interrupt */
-#define UART_IIR_THRI 0x02 /* Transmitter holding register empty */
-#define UART_IIR_RDI 0x04 /* Receiver data interrupt */
-#define UART_IIR_RLSI 0x06 /* Receiver line status interrupt */
-#define UART_IIR_CTI 0x0C /* Character Timeout Indication */
-
-#define UART_IIR_FENF 0x80 /* Fifo enabled, but not functionning */
-#define UART_IIR_FE 0xC0 /* Fifo enabled */
-
-/*
- * These are the definitions for the Modem Control Register
- */
-#define UART_MCR_LOOP 0x10 /* Enable loopback test mode */
-#define UART_MCR_OUT2 0x08 /* Out2 complement */
-#define UART_MCR_OUT1 0x04 /* Out1 complement */
-#define UART_MCR_RTS 0x02 /* RTS complement */
-#define UART_MCR_DTR 0x01 /* DTR complement */
-
-/*
- * These are the definitions for the Modem Status Register
- */
-#define UART_MSR_DCD 0x80 /* Data Carrier Detect */
-#define UART_MSR_RI 0x40 /* Ring Indicator */
-#define UART_MSR_DSR 0x20 /* Data Set Ready */
-#define UART_MSR_CTS 0x10 /* Clear to Send */
-#define UART_MSR_DDCD 0x08 /* Delta DCD */
-#define UART_MSR_TERI 0x04 /* Trailing edge ring indicator */
-#define UART_MSR_DDSR 0x02 /* Delta DSR */
-#define UART_MSR_DCTS 0x01 /* Delta CTS */
-#define UART_MSR_ANY_DELTA 0x0F /* Any of the delta bits! */
-
-#define UART_LSR_TEMT 0x40 /* Transmitter empty */
-#define UART_LSR_THRE 0x20 /* Transmit-hold-register empty */
-#define UART_LSR_BI 0x10 /* Break interrupt indicator */
-#define UART_LSR_FE 0x08 /* Frame error indicator */
-#define UART_LSR_PE 0x04 /* Parity error indicator */
-#define UART_LSR_OE 0x02 /* Overrun error indicator */
-#define UART_LSR_DR 0x01 /* Receiver data ready */
-#define UART_LSR_INT_ANY 0x1E /* Any of the lsr-interrupt-triggering status bits */
-
-/* Interrupt trigger levels. The byte-counts are for 16550A - in newer UARTs the byte-count for each ITL is higher. */
-
-#define UART_FCR_ITL_1 0x00 /* 1 byte ITL */
-#define UART_FCR_ITL_2 0x40 /* 4 bytes ITL */
-#define UART_FCR_ITL_3 0x80 /* 8 bytes ITL */
-#define UART_FCR_ITL_4 0xC0 /* 14 bytes ITL */
-
-#define UART_FCR_DMS 0x08 /* DMA Mode Select */
-#define UART_FCR_XFR 0x04 /* XMIT Fifo Reset */
-#define UART_FCR_RFR 0x02 /* RCVR Fifo Reset */
-#define UART_FCR_FE 0x01 /* FIFO Enable */
-
-#define XMIT_FIFO 0
-#define RECV_FIFO 1
-#define MAX_XMIT_RETRY 4
-
-#ifdef DEBUG_SERIAL
-#define DPRINTF(fmt, ...) \
-do { fprintf(stderr, "serial: " fmt , ## __VA_ARGS__); } while (0)
-#else
-#define DPRINTF(fmt, ...) \
-do {} while (0)
-#endif
-
-static void serial_receive1(void *opaque, const uint8_t *buf, int size);
-
-static void fifo_clear(SerialState *s, int fifo)
-{
- SerialFIFO *f = (fifo) ? &s->recv_fifo : &s->xmit_fifo;
- memset(f->data, 0, UART_FIFO_LENGTH);
- f->count = 0;
- f->head = 0;
- f->tail = 0;
-}
-
-static int fifo_put(SerialState *s, int fifo, uint8_t chr)
-{
- SerialFIFO *f = (fifo) ? &s->recv_fifo : &s->xmit_fifo;
-
- /* Receive overruns do not overwrite FIFO contents. */
- if (fifo == XMIT_FIFO || f->count < UART_FIFO_LENGTH) {
-
- f->data[f->head++] = chr;
-
- if (f->head == UART_FIFO_LENGTH)
- f->head = 0;
- }
-
- if (f->count < UART_FIFO_LENGTH)
- f->count++;
- else if (fifo == RECV_FIFO)
- s->lsr |= UART_LSR_OE;
-
- return 1;
-}
-
-static uint8_t fifo_get(SerialState *s, int fifo)
-{
- SerialFIFO *f = (fifo) ? &s->recv_fifo : &s->xmit_fifo;
- uint8_t c;
-
- if(f->count == 0)
- return 0;
-
- c = f->data[f->tail++];
- if (f->tail == UART_FIFO_LENGTH)
- f->tail = 0;
- f->count--;
-
- return c;
-}
-
-static void serial_update_irq(SerialState *s)
-{
- uint8_t tmp_iir = UART_IIR_NO_INT;
-
- if ((s->ier & UART_IER_RLSI) && (s->lsr & UART_LSR_INT_ANY)) {
- tmp_iir = UART_IIR_RLSI;
- } else if ((s->ier & UART_IER_RDI) && s->timeout_ipending) {
- /* Note that(s->ier & UART_IER_RDI) can mask this interrupt,
- * this is not in the specification but is observed on existing
- * hardware. */
- tmp_iir = UART_IIR_CTI;
- } else if ((s->ier & UART_IER_RDI) && (s->lsr & UART_LSR_DR) &&
- (!(s->fcr & UART_FCR_FE) ||
- s->recv_fifo.count >= s->recv_fifo.itl)) {
- tmp_iir = UART_IIR_RDI;
- } else if ((s->ier & UART_IER_THRI) && s->thr_ipending) {
- tmp_iir = UART_IIR_THRI;
- } else if ((s->ier & UART_IER_MSI) && (s->msr & UART_MSR_ANY_DELTA)) {
- tmp_iir = UART_IIR_MSI;
- }
-
- s->iir = tmp_iir | (s->iir & 0xF0);
-
- if (tmp_iir != UART_IIR_NO_INT) {
- qemu_irq_raise(s->irq);
- } else {
- qemu_irq_lower(s->irq);
- }
-}
-
-static void serial_update_parameters(SerialState *s)
-{
- int speed, parity, data_bits, stop_bits, frame_size;
- QEMUSerialSetParams ssp;
-
- if (s->divider == 0)
- return;
-
- /* Start bit. */
- frame_size = 1;
- if (s->lcr & 0x08) {
- /* Parity bit. */
- frame_size++;
- if (s->lcr & 0x10)
- parity = 'E';
- else
- parity = 'O';
- } else {
- parity = 'N';
- }
- if (s->lcr & 0x04)
- stop_bits = 2;
- else
- stop_bits = 1;
-
- data_bits = (s->lcr & 0x03) + 5;
- frame_size += data_bits + stop_bits;
- speed = s->baudbase / s->divider;
- ssp.speed = speed;
- ssp.parity = parity;
- ssp.data_bits = data_bits;
- ssp.stop_bits = stop_bits;
- s->char_transmit_time = (get_ticks_per_sec() / speed) * frame_size;
- qemu_chr_fe_ioctl(s->chr, CHR_IOCTL_SERIAL_SET_PARAMS, &ssp);
-
- DPRINTF("speed=%d parity=%c data=%d stop=%d\n",
- speed, parity, data_bits, stop_bits);
-}
-
-static void serial_update_msl(SerialState *s)
-{
- uint8_t omsr;
- int flags;
-
- qemu_del_timer(s->modem_status_poll);
-
- if (qemu_chr_fe_ioctl(s->chr,CHR_IOCTL_SERIAL_GET_TIOCM, &flags) == -ENOTSUP) {
- s->poll_msl = -1;
- return;
- }
-
- omsr = s->msr;
-
- s->msr = (flags & CHR_TIOCM_CTS) ? s->msr | UART_MSR_CTS : s->msr & ~UART_MSR_CTS;
- s->msr = (flags & CHR_TIOCM_DSR) ? s->msr | UART_MSR_DSR : s->msr & ~UART_MSR_DSR;
- s->msr = (flags & CHR_TIOCM_CAR) ? s->msr | UART_MSR_DCD : s->msr & ~UART_MSR_DCD;
- s->msr = (flags & CHR_TIOCM_RI) ? s->msr | UART_MSR_RI : s->msr & ~UART_MSR_RI;
-
- if (s->msr != omsr) {
- /* Set delta bits */
- s->msr = s->msr | ((s->msr >> 4) ^ (omsr >> 4));
- /* UART_MSR_TERI only if change was from 1 -> 0 */
- if ((s->msr & UART_MSR_TERI) && !(omsr & UART_MSR_RI))
- s->msr &= ~UART_MSR_TERI;
- serial_update_irq(s);
- }
-
- /* The real 16550A apparently has a 250ns response latency to line status changes.
- We'll be lazy and poll only every 10ms, and only poll it at all if MSI interrupts are turned on */
-
- if (s->poll_msl)
- qemu_mod_timer(s->modem_status_poll, qemu_get_clock_ns(vm_clock) + get_ticks_per_sec() / 100);
-}
-
-static void serial_xmit(void *opaque)
-{
- SerialState *s = opaque;
- uint64_t new_xmit_ts = qemu_get_clock_ns(vm_clock);
-
- if (s->tsr_retry <= 0) {
- if (s->fcr & UART_FCR_FE) {
- s->tsr = fifo_get(s,XMIT_FIFO);
- if (!s->xmit_fifo.count)
- s->lsr |= UART_LSR_THRE;
- } else if ((s->lsr & UART_LSR_THRE)) {
- return;
- } else {
- s->tsr = s->thr;
- s->lsr |= UART_LSR_THRE;
- s->lsr &= ~UART_LSR_TEMT;
- }
- }
-
- if (s->mcr & UART_MCR_LOOP) {
- /* in loopback mode, say that we just received a char */
- serial_receive1(s, &s->tsr, 1);
- } else if (qemu_chr_fe_write(s->chr, &s->tsr, 1) != 1) {
- if ((s->tsr_retry >= 0) && (s->tsr_retry <= MAX_XMIT_RETRY)) {
- s->tsr_retry++;
- qemu_mod_timer(s->transmit_timer, new_xmit_ts + s->char_transmit_time);
- return;
- } else if (s->poll_msl < 0) {
- /* If we exceed MAX_XMIT_RETRY and the backend is not a real serial port, then
- drop any further failed writes instantly, until we get one that goes through.
- This is to prevent guests that log to unconnected pipes or pty's from stalling. */
- s->tsr_retry = -1;
- }
- }
- else {
- s->tsr_retry = 0;
- }
-
- s->last_xmit_ts = qemu_get_clock_ns(vm_clock);
- if (!(s->lsr & UART_LSR_THRE))
- qemu_mod_timer(s->transmit_timer, s->last_xmit_ts + s->char_transmit_time);
-
- if (s->lsr & UART_LSR_THRE) {
- s->lsr |= UART_LSR_TEMT;
- s->thr_ipending = 1;
- serial_update_irq(s);
- }
-}
-
-
-static void serial_ioport_write(void *opaque, hwaddr addr, uint64_t val,
- unsigned size)
-{
- SerialState *s = opaque;
-
- addr &= 7;
- DPRINTF("write addr=0x%02x val=0x%02x\n", addr, val);
- switch(addr) {
- default:
- case 0:
- if (s->lcr & UART_LCR_DLAB) {
- s->divider = (s->divider & 0xff00) | val;
- serial_update_parameters(s);
- } else {
- s->thr = (uint8_t) val;
- if(s->fcr & UART_FCR_FE) {
- fifo_put(s, XMIT_FIFO, s->thr);
- s->thr_ipending = 0;
- s->lsr &= ~UART_LSR_TEMT;
- s->lsr &= ~UART_LSR_THRE;
- serial_update_irq(s);
- } else {
- s->thr_ipending = 0;
- s->lsr &= ~UART_LSR_THRE;
- serial_update_irq(s);
- }
- serial_xmit(s);
- }
- break;
- case 1:
- if (s->lcr & UART_LCR_DLAB) {
- s->divider = (s->divider & 0x00ff) | (val << 8);
- serial_update_parameters(s);
- } else {
- s->ier = val & 0x0f;
- /* If the backend device is a real serial port, turn polling of the modem
- status lines on physical port on or off depending on UART_IER_MSI state */
- if (s->poll_msl >= 0) {
- if (s->ier & UART_IER_MSI) {
- s->poll_msl = 1;
- serial_update_msl(s);
- } else {
- qemu_del_timer(s->modem_status_poll);
- s->poll_msl = 0;
- }
- }
- if (s->lsr & UART_LSR_THRE) {
- s->thr_ipending = 1;
- serial_update_irq(s);
- }
- }
- break;
- case 2:
- val = val & 0xFF;
-
- if (s->fcr == val)
- break;
-
- /* Did the enable/disable flag change? If so, make sure FIFOs get flushed */
- if ((val ^ s->fcr) & UART_FCR_FE)
- val |= UART_FCR_XFR | UART_FCR_RFR;
-
- /* FIFO clear */
-
- if (val & UART_FCR_RFR) {
- qemu_del_timer(s->fifo_timeout_timer);
- s->timeout_ipending=0;
- fifo_clear(s,RECV_FIFO);
- }
-
- if (val & UART_FCR_XFR) {
- fifo_clear(s,XMIT_FIFO);
- }
-
- if (val & UART_FCR_FE) {
- s->iir |= UART_IIR_FE;
- /* Set RECV_FIFO trigger Level */
- switch (val & 0xC0) {
- case UART_FCR_ITL_1:
- s->recv_fifo.itl = 1;
- break;
- case UART_FCR_ITL_2:
- s->recv_fifo.itl = 4;
- break;
- case UART_FCR_ITL_3:
- s->recv_fifo.itl = 8;
- break;
- case UART_FCR_ITL_4:
- s->recv_fifo.itl = 14;
- break;
- }
- } else
- s->iir &= ~UART_IIR_FE;
-
- /* Set fcr - or at least the bits in it that are supposed to "stick" */
- s->fcr = val & 0xC9;
- serial_update_irq(s);
- break;
- case 3:
- {
- int break_enable;
- s->lcr = val;
- serial_update_parameters(s);
- break_enable = (val >> 6) & 1;
- if (break_enable != s->last_break_enable) {
- s->last_break_enable = break_enable;
- qemu_chr_fe_ioctl(s->chr, CHR_IOCTL_SERIAL_SET_BREAK,
- &break_enable);
- }
- }
- break;
- case 4:
- {
- int flags;
- int old_mcr = s->mcr;
- s->mcr = val & 0x1f;
- if (val & UART_MCR_LOOP)
- break;
-
- if (s->poll_msl >= 0 && old_mcr != s->mcr) {
-
- qemu_chr_fe_ioctl(s->chr,CHR_IOCTL_SERIAL_GET_TIOCM, &flags);
-
- flags &= ~(CHR_TIOCM_RTS | CHR_TIOCM_DTR);
-
- if (val & UART_MCR_RTS)
- flags |= CHR_TIOCM_RTS;
- if (val & UART_MCR_DTR)
- flags |= CHR_TIOCM_DTR;
-
- qemu_chr_fe_ioctl(s->chr,CHR_IOCTL_SERIAL_SET_TIOCM, &flags);
- /* Update the modem status after a one-character-send wait-time, since there may be a response
- from the device/computer at the other end of the serial line */
- qemu_mod_timer(s->modem_status_poll, qemu_get_clock_ns(vm_clock) + s->char_transmit_time);
- }
- }
- break;
- case 5:
- break;
- case 6:
- break;
- case 7:
- s->scr = val;
- break;
- }
-}
-
-static uint64_t serial_ioport_read(void *opaque, hwaddr addr, unsigned size)
-{
- SerialState *s = opaque;
- uint32_t ret;
-
- addr &= 7;
- switch(addr) {
- default:
- case 0:
- if (s->lcr & UART_LCR_DLAB) {
- ret = s->divider & 0xff;
- } else {
- if(s->fcr & UART_FCR_FE) {
- ret = fifo_get(s,RECV_FIFO);
- if (s->recv_fifo.count == 0)
- s->lsr &= ~(UART_LSR_DR | UART_LSR_BI);
- else
- qemu_mod_timer(s->fifo_timeout_timer, qemu_get_clock_ns (vm_clock) + s->char_transmit_time * 4);
- s->timeout_ipending = 0;
- } else {
- ret = s->rbr;
- s->lsr &= ~(UART_LSR_DR | UART_LSR_BI);
- }
- serial_update_irq(s);
- if (!(s->mcr & UART_MCR_LOOP)) {
- /* in loopback mode, don't receive any data */
- qemu_chr_accept_input(s->chr);
- }
- }
- break;
- case 1:
- if (s->lcr & UART_LCR_DLAB) {
- ret = (s->divider >> 8) & 0xff;
- } else {
- ret = s->ier;
- }
- break;
- case 2:
- ret = s->iir;
- if ((ret & UART_IIR_ID) == UART_IIR_THRI) {
- s->thr_ipending = 0;
- serial_update_irq(s);
- }
- break;
- case 3:
- ret = s->lcr;
- break;
- case 4:
- ret = s->mcr;
- break;
- case 5:
- ret = s->lsr;
- /* Clear break and overrun interrupts */
- if (s->lsr & (UART_LSR_BI|UART_LSR_OE)) {
- s->lsr &= ~(UART_LSR_BI|UART_LSR_OE);
- serial_update_irq(s);
- }
- break;
- case 6:
- if (s->mcr & UART_MCR_LOOP) {
- /* in loopback, the modem output pins are connected to the
- inputs */
- ret = (s->mcr & 0x0c) << 4;
- ret |= (s->mcr & 0x02) << 3;
- ret |= (s->mcr & 0x01) << 5;
- } else {
- if (s->poll_msl >= 0)
- serial_update_msl(s);
- ret = s->msr;
- /* Clear delta bits & msr int after read, if they were set */
- if (s->msr & UART_MSR_ANY_DELTA) {
- s->msr &= 0xF0;
- serial_update_irq(s);
- }
- }
- break;
- case 7:
- ret = s->scr;
- break;
- }
- DPRINTF("read addr=0x%02x val=0x%02x\n", addr, ret);
- return ret;
-}
-
-static int serial_can_receive(SerialState *s)
-{
- if(s->fcr & UART_FCR_FE) {
- if(s->recv_fifo.count < UART_FIFO_LENGTH)
- /* Advertise (fifo.itl - fifo.count) bytes when count < ITL, and 1 if above. If UART_FIFO_LENGTH - fifo.count is
- advertised the effect will be to almost always fill the fifo completely before the guest has a chance to respond,
- effectively overriding the ITL that the guest has set. */
- return (s->recv_fifo.count <= s->recv_fifo.itl) ? s->recv_fifo.itl - s->recv_fifo.count : 1;
- else
- return 0;
- } else {
- return !(s->lsr & UART_LSR_DR);
- }
-}
-
-static void serial_receive_break(SerialState *s)
-{
- s->rbr = 0;
- /* When the LSR_DR is set a null byte is pushed into the fifo */
- fifo_put(s, RECV_FIFO, '\0');
- s->lsr |= UART_LSR_BI | UART_LSR_DR;
- serial_update_irq(s);
-}
-
-/* There's data in recv_fifo and s->rbr has not been read for 4 char transmit times */
-static void fifo_timeout_int (void *opaque) {
- SerialState *s = opaque;
- if (s->recv_fifo.count) {
- s->timeout_ipending = 1;
- serial_update_irq(s);
- }
-}
-
-static int serial_can_receive1(void *opaque)
-{
- SerialState *s = opaque;
- return serial_can_receive(s);
-}
-
-static void serial_receive1(void *opaque, const uint8_t *buf, int size)
-{
- SerialState *s = opaque;
-
- if (s->wakeup) {
- qemu_system_wakeup_request(QEMU_WAKEUP_REASON_OTHER);
- }
- if(s->fcr & UART_FCR_FE) {
- int i;
- for (i = 0; i < size; i++) {
- fifo_put(s, RECV_FIFO, buf[i]);
- }
- s->lsr |= UART_LSR_DR;
- /* call the timeout receive callback in 4 char transmit time */
- qemu_mod_timer(s->fifo_timeout_timer, qemu_get_clock_ns (vm_clock) + s->char_transmit_time * 4);
- } else {
- if (s->lsr & UART_LSR_DR)
- s->lsr |= UART_LSR_OE;
- s->rbr = buf[0];
- s->lsr |= UART_LSR_DR;
- }
- serial_update_irq(s);
-}
-
-static void serial_event(void *opaque, int event)
-{
- SerialState *s = opaque;
- DPRINTF("event %x\n", event);
- if (event == CHR_EVENT_BREAK)
- serial_receive_break(s);
-}
-
-static void serial_pre_save(void *opaque)
-{
- SerialState *s = opaque;
- s->fcr_vmstate = s->fcr;
-}
-
-static int serial_post_load(void *opaque, int version_id)
-{
- SerialState *s = opaque;
-
- if (version_id < 3) {
- s->fcr_vmstate = 0;
- }
- /* Initialize fcr via setter to perform essential side-effects */
- serial_ioport_write(s, 0x02, s->fcr_vmstate, 1);
- serial_update_parameters(s);
- return 0;
-}
-
-const VMStateDescription vmstate_serial = {
- .name = "serial",
- .version_id = 3,
- .minimum_version_id = 2,
- .pre_save = serial_pre_save,
- .post_load = serial_post_load,
- .fields = (VMStateField []) {
- VMSTATE_UINT16_V(divider, SerialState, 2),
- VMSTATE_UINT8(rbr, SerialState),
- VMSTATE_UINT8(ier, SerialState),
- VMSTATE_UINT8(iir, SerialState),
- VMSTATE_UINT8(lcr, SerialState),
- VMSTATE_UINT8(mcr, SerialState),
- VMSTATE_UINT8(lsr, SerialState),
- VMSTATE_UINT8(msr, SerialState),
- VMSTATE_UINT8(scr, SerialState),
- VMSTATE_UINT8_V(fcr_vmstate, SerialState, 3),
- VMSTATE_END_OF_LIST()
- }
-};
-
-static void serial_reset(void *opaque)
-{
- SerialState *s = opaque;
-
- s->rbr = 0;
- s->ier = 0;
- s->iir = UART_IIR_NO_INT;
- s->lcr = 0;
- s->lsr = UART_LSR_TEMT | UART_LSR_THRE;
- s->msr = UART_MSR_DCD | UART_MSR_DSR | UART_MSR_CTS;
- /* Default to 9600 baud, 1 start bit, 8 data bits, 1 stop bit, no parity. */
- s->divider = 0x0C;
- s->mcr = UART_MCR_OUT2;
- s->scr = 0;
- s->tsr_retry = 0;
- s->char_transmit_time = (get_ticks_per_sec() / 9600) * 10;
- s->poll_msl = 0;
-
- fifo_clear(s,RECV_FIFO);
- fifo_clear(s,XMIT_FIFO);
-
- s->last_xmit_ts = qemu_get_clock_ns(vm_clock);
-
- s->thr_ipending = 0;
- s->last_break_enable = 0;
- qemu_irq_lower(s->irq);
-}
-
-void serial_init_core(SerialState *s)
-{
- if (!s->chr) {
- fprintf(stderr, "Can't create serial device, empty char device\n");
- exit(1);
- }
-
- s->modem_status_poll = qemu_new_timer_ns(vm_clock, (QEMUTimerCB *) serial_update_msl, s);
-
- s->fifo_timeout_timer = qemu_new_timer_ns(vm_clock, (QEMUTimerCB *) fifo_timeout_int, s);
- s->transmit_timer = qemu_new_timer_ns(vm_clock, (QEMUTimerCB *) serial_xmit, s);
-
- qemu_register_reset(serial_reset, s);
-
- qemu_chr_add_handlers(s->chr, serial_can_receive1, serial_receive1,
- serial_event, s);
-}
-
-void serial_exit_core(SerialState *s)
-{
- qemu_chr_add_handlers(s->chr, NULL, NULL, NULL, NULL);
- qemu_unregister_reset(serial_reset, s);
-}
-
-/* Change the main reference oscillator frequency. */
-void serial_set_frequency(SerialState *s, uint32_t frequency)
-{
- s->baudbase = frequency;
- serial_update_parameters(s);
-}
-
-const MemoryRegionOps serial_io_ops = {
- .read = serial_ioport_read,
- .write = serial_ioport_write,
- .impl = {
- .min_access_size = 1,
- .max_access_size = 1,
- },
- .endianness = DEVICE_LITTLE_ENDIAN,
-};
-
-SerialState *serial_init(int base, qemu_irq irq, int baudbase,
- CharDriverState *chr)
-{
- SerialState *s;
-
- s = g_malloc0(sizeof(SerialState));
-
- s->irq = irq;
- s->baudbase = baudbase;
- s->chr = chr;
- serial_init_core(s);
-
- vmstate_register(NULL, base, &vmstate_serial, s);
-
- memory_region_init_io(&s->io, &serial_io_ops, s, "serial", 8);
- memory_region_add_subregion(get_system_io(), base, &s->io);
-
- return s;
-}
-
-/* Memory mapped interface */
-static uint64_t serial_mm_read(void *opaque, hwaddr addr,
- unsigned size)
-{
- SerialState *s = opaque;
- return serial_ioport_read(s, addr >> s->it_shift, 1);
-}
-
-static void serial_mm_write(void *opaque, hwaddr addr,
- uint64_t value, unsigned size)
-{
- SerialState *s = opaque;
- value &= ~0u >> (32 - (size * 8));
- serial_ioport_write(s, addr >> s->it_shift, value, 1);
-}
-
-static const MemoryRegionOps serial_mm_ops[3] = {
- [DEVICE_NATIVE_ENDIAN] = {
- .read = serial_mm_read,
- .write = serial_mm_write,
- .endianness = DEVICE_NATIVE_ENDIAN,
- },
- [DEVICE_LITTLE_ENDIAN] = {
- .read = serial_mm_read,
- .write = serial_mm_write,
- .endianness = DEVICE_LITTLE_ENDIAN,
- },
- [DEVICE_BIG_ENDIAN] = {
- .read = serial_mm_read,
- .write = serial_mm_write,
- .endianness = DEVICE_BIG_ENDIAN,
- },
-};
-
-SerialState *serial_mm_init(MemoryRegion *address_space,
- hwaddr base, int it_shift,
- qemu_irq irq, int baudbase,
- CharDriverState *chr, enum device_endian end)
-{
- SerialState *s;
-
- s = g_malloc0(sizeof(SerialState));
-
- s->it_shift = it_shift;
- s->irq = irq;
- s->baudbase = baudbase;
- s->chr = chr;
-
- serial_init_core(s);
- vmstate_register(NULL, base, &vmstate_serial, s);
-
- memory_region_init_io(&s->io, &serial_mm_ops[end], s,
- "serial", 8 << it_shift);
- memory_region_add_subregion(address_space, base, &s->io);
-
- serial_update_msl(s);
- return s;
-}
diff --git a/hw/serial.h b/hw/serial.h
deleted file mode 100644
index f1e3c4aaa..000000000
--- a/hw/serial.h
+++ /dev/null
@@ -1,99 +0,0 @@
-/*
- * QEMU 16550A UART emulation
- *
- * Copyright (c) 2003-2004 Fabrice Bellard
- * Copyright (c) 2008 Citrix Systems, Inc.
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
- * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
- * THE SOFTWARE.
- */
-
-#include "hw.h"
-#include "sysemu.h"
-#include "memory.h"
-
-#define UART_FIFO_LENGTH 16 /* 16550A Fifo Length */
-
-typedef struct SerialFIFO {
- uint8_t data[UART_FIFO_LENGTH];
- uint8_t count;
- uint8_t itl; /* Interrupt Trigger Level */
- uint8_t tail;
- uint8_t head;
-} SerialFIFO;
-
-struct SerialState {
- uint16_t divider;
- uint8_t rbr; /* receive register */
- uint8_t thr; /* transmit holding register */
- uint8_t tsr; /* transmit shift register */
- uint8_t ier;
- uint8_t iir; /* read only */
- uint8_t lcr;
- uint8_t mcr;
- uint8_t lsr; /* read only */
- uint8_t msr; /* read only */
- uint8_t scr;
- uint8_t fcr;
- uint8_t fcr_vmstate; /* we can't write directly this value
- it has side effects */
- /* NOTE: this hidden state is necessary for tx irq generation as
- it can be reset while reading iir */
- int thr_ipending;
- qemu_irq irq;
- CharDriverState *chr;
- int last_break_enable;
- int it_shift;
- int baudbase;
- int tsr_retry;
- uint32_t wakeup;
-
- /* Time when the last byte was successfully sent out of the tsr */
- uint64_t last_xmit_ts;
- SerialFIFO recv_fifo;
- SerialFIFO xmit_fifo;
-
- struct QEMUTimer *fifo_timeout_timer;
- int timeout_ipending; /* timeout interrupt pending state */
- struct QEMUTimer *transmit_timer;
-
-
- uint64_t char_transmit_time; /* time to transmit a char in ticks */
- int poll_msl;
-
- struct QEMUTimer *modem_status_poll;
- MemoryRegion io;
-};
-
-extern const VMStateDescription vmstate_serial;
-extern const MemoryRegionOps serial_io_ops;
-
-void serial_init_core(SerialState *s);
-void serial_exit_core(SerialState *s);
-void serial_set_frequency(SerialState *s, uint32_t frequency);
-
-/* legacy pre qom */
-SerialState *serial_init(int base, qemu_irq irq, int baudbase,
- CharDriverState *chr);
-SerialState *serial_mm_init(MemoryRegion *address_space,
- hwaddr base, int it_shift,
- qemu_irq irq, int baudbase,
- CharDriverState *chr, enum device_endian end);
-
-/* serial-isa.c */
-bool serial_isa_init(ISABus *bus, int index, CharDriverState *chr);
diff --git a/hw/sga.c b/hw/sga.c
deleted file mode 100644
index a666349f8..000000000
--- a/hw/sga.c
+++ /dev/null
@@ -1,63 +0,0 @@
-/*
- * QEMU dummy ISA device for loading sgabios option rom.
- *
- * Copyright (c) 2011 Glauber Costa, Red Hat Inc.
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
- * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
- * THE SOFTWARE.
- *
- * sgabios code originally available at code.google.com/p/sgabios
- *
- */
-#include "pci.h"
-#include "pc.h"
-#include "loader.h"
-#include "sysemu.h"
-
-#define SGABIOS_FILENAME "sgabios.bin"
-
-typedef struct ISAGAState {
- ISADevice dev;
-} ISASGAState;
-
-static int sga_initfn(ISADevice *dev)
-{
- rom_add_vga(SGABIOS_FILENAME);
- return 0;
-}
-static void sga_class_initfn(ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS(klass);
- ISADeviceClass *ic = ISA_DEVICE_CLASS(klass);
- ic->init = sga_initfn;
- dc->desc = "Serial Graphics Adapter";
-}
-
-static TypeInfo sga_info = {
- .name = "sga",
- .parent = TYPE_ISA_DEVICE,
- .instance_size = sizeof(ISASGAState),
- .class_init = sga_class_initfn,
-};
-
-static void sga_register_types(void)
-{
- type_register_static(&sga_info);
-}
-
-type_init(sga_register_types)
diff --git a/hw/sh.h b/hw/sh.h
deleted file mode 100644
index 77bf8aad2..000000000
--- a/hw/sh.h
+++ /dev/null
@@ -1,57 +0,0 @@
-#ifndef QEMU_SH_H
-#define QEMU_SH_H
-/* Definitions for SH board emulation. */
-
-#include "sh_intc.h"
-
-#define A7ADDR(x) ((x) & 0x1fffffff)
-#define P4ADDR(x) ((x) | 0xe0000000)
-
-/* sh7750.c */
-struct SH7750State;
-struct MemoryRegion;
-
-struct SH7750State *sh7750_init(CPUSH4State * cpu, struct MemoryRegion *sysmem);
-
-typedef struct {
- /* The callback will be triggered if any of the designated lines change */
- uint16_t portamask_trigger;
- uint16_t portbmask_trigger;
- /* Return 0 if no action was taken */
- int (*port_change_cb) (uint16_t porta, uint16_t portb,
- uint16_t * periph_pdtra,
- uint16_t * periph_portdira,
- uint16_t * periph_pdtrb,
- uint16_t * periph_portdirb);
-} sh7750_io_device;
-
-int sh7750_register_io_device(struct SH7750State *s,
- sh7750_io_device * device);
-/* sh_timer.c */
-#define TMU012_FEAT_TOCR (1 << 0)
-#define TMU012_FEAT_3CHAN (1 << 1)
-#define TMU012_FEAT_EXTCLK (1 << 2)
-void tmu012_init(struct MemoryRegion *sysmem, hwaddr base,
- int feat, uint32_t freq,
- qemu_irq ch0_irq, qemu_irq ch1_irq,
- qemu_irq ch2_irq0, qemu_irq ch2_irq1);
-
-
-/* sh_serial.c */
-#define SH_SERIAL_FEAT_SCIF (1 << 0)
-void sh_serial_init(MemoryRegion *sysmem,
- hwaddr base, int feat,
- uint32_t freq, CharDriverState *chr,
- qemu_irq eri_source,
- qemu_irq rxi_source,
- qemu_irq txi_source,
- qemu_irq tei_source,
- qemu_irq bri_source);
-
-/* sh7750.c */
-qemu_irq sh7750_irl(struct SH7750State *s);
-
-/* tc58128.c */
-int tc58128_init(struct SH7750State *s, const char *zone1, const char *zone2);
-
-#endif
diff --git a/hw/sh4/Makefile.objs b/hw/sh4/Makefile.objs
index 68c592179..2393702c5 100644
--- a/hw/sh4/Makefile.objs
+++ b/hw/sh4/Makefile.objs
@@ -1,5 +1,4 @@
-obj-y = shix.o r2d.o sh7750.o sh7750_regnames.o tc58128.o
-obj-y += sh_timer.o sh_serial.o sh_intc.o sh_pci.o sm501.o
-obj-y += ide/mmio.o
+obj-y += shix.o r2d.o
-obj-y := $(addprefix ../,$(obj-y))
+obj-y += sh7750.o sh7750_regnames.o
+obj-y += sh_pci.o
diff --git a/hw/sh4/r2d.c b/hw/sh4/r2d.c
new file mode 100644
index 000000000..98b3408f4
--- /dev/null
+++ b/hw/sh4/r2d.c
@@ -0,0 +1,367 @@
+/*
+ * Renesas SH7751R R2D-PLUS emulation
+ *
+ * Copyright (c) 2007 Magnus Damm
+ * Copyright (c) 2008 Paul Mundt
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+#include "hw/sysbus.h"
+#include "hw/hw.h"
+#include "hw/sh4/sh.h"
+#include "hw/devices.h"
+#include "sysemu/sysemu.h"
+#include "hw/boards.h"
+#include "hw/pci/pci.h"
+#include "net/net.h"
+#include "sh7750_regs.h"
+#include "hw/ide.h"
+#include "hw/loader.h"
+#include "hw/usb.h"
+#include "hw/block/flash.h"
+#include "sysemu/blockdev.h"
+#include "exec/address-spaces.h"
+
+#define FLASH_BASE 0x00000000
+#define FLASH_SIZE 0x02000000
+
+#define SDRAM_BASE 0x0c000000 /* Physical location of SDRAM: Area 3 */
+#define SDRAM_SIZE 0x04000000
+
+#define SM501_VRAM_SIZE 0x800000
+
+#define BOOT_PARAMS_OFFSET 0x0010000
+/* CONFIG_BOOT_LINK_OFFSET of Linux kernel */
+#define LINUX_LOAD_OFFSET 0x0800000
+#define INITRD_LOAD_OFFSET 0x1800000
+
+#define PA_IRLMSK 0x00
+#define PA_POWOFF 0x30
+#define PA_VERREG 0x32
+#define PA_OUTPORT 0x36
+
+typedef struct {
+ uint16_t bcr;
+ uint16_t irlmsk;
+ uint16_t irlmon;
+ uint16_t cfctl;
+ uint16_t cfpow;
+ uint16_t dispctl;
+ uint16_t sdmpow;
+ uint16_t rtcce;
+ uint16_t pcicd;
+ uint16_t voyagerrts;
+ uint16_t cfrst;
+ uint16_t admrts;
+ uint16_t extrst;
+ uint16_t cfcdintclr;
+ uint16_t keyctlclr;
+ uint16_t pad0;
+ uint16_t pad1;
+ uint16_t verreg;
+ uint16_t inport;
+ uint16_t outport;
+ uint16_t bverreg;
+
+/* output pin */
+ qemu_irq irl;
+ MemoryRegion iomem;
+} r2d_fpga_t;
+
+enum r2d_fpga_irq {
+ PCI_INTD, CF_IDE, CF_CD, PCI_INTC, SM501, KEY, RTC_A, RTC_T,
+ SDCARD, PCI_INTA, PCI_INTB, EXT, TP,
+ NR_IRQS
+};
+
+static const struct { short irl; uint16_t msk; } irqtab[NR_IRQS] = {
+ [CF_IDE] = { 1, 1<<9 },
+ [CF_CD] = { 2, 1<<8 },
+ [PCI_INTA] = { 9, 1<<14 },
+ [PCI_INTB] = { 10, 1<<13 },
+ [PCI_INTC] = { 3, 1<<12 },
+ [PCI_INTD] = { 0, 1<<11 },
+ [SM501] = { 4, 1<<10 },
+ [KEY] = { 5, 1<<6 },
+ [RTC_A] = { 6, 1<<5 },
+ [RTC_T] = { 7, 1<<4 },
+ [SDCARD] = { 8, 1<<7 },
+ [EXT] = { 11, 1<<0 },
+ [TP] = { 12, 1<<15 },
+};
+
+static void update_irl(r2d_fpga_t *fpga)
+{
+ int i, irl = 15;
+ for (i = 0; i < NR_IRQS; i++)
+ if (fpga->irlmon & fpga->irlmsk & irqtab[i].msk)
+ if (irqtab[i].irl < irl)
+ irl = irqtab[i].irl;
+ qemu_set_irq(fpga->irl, irl ^ 15);
+}
+
+static void r2d_fpga_irq_set(void *opaque, int n, int level)
+{
+ r2d_fpga_t *fpga = opaque;
+ if (level)
+ fpga->irlmon |= irqtab[n].msk;
+ else
+ fpga->irlmon &= ~irqtab[n].msk;
+ update_irl(fpga);
+}
+
+static uint32_t r2d_fpga_read(void *opaque, hwaddr addr)
+{
+ r2d_fpga_t *s = opaque;
+
+ switch (addr) {
+ case PA_IRLMSK:
+ return s->irlmsk;
+ case PA_OUTPORT:
+ return s->outport;
+ case PA_POWOFF:
+ return 0x00;
+ case PA_VERREG:
+ return 0x10;
+ }
+
+ return 0;
+}
+
+static void
+r2d_fpga_write(void *opaque, hwaddr addr, uint32_t value)
+{
+ r2d_fpga_t *s = opaque;
+
+ switch (addr) {
+ case PA_IRLMSK:
+ s->irlmsk = value;
+ update_irl(s);
+ break;
+ case PA_OUTPORT:
+ s->outport = value;
+ break;
+ case PA_POWOFF:
+ if (value & 1) {
+ qemu_system_shutdown_request();
+ }
+ break;
+ case PA_VERREG:
+ /* Discard writes */
+ break;
+ }
+}
+
+static const MemoryRegionOps r2d_fpga_ops = {
+ .old_mmio = {
+ .read = { r2d_fpga_read, r2d_fpga_read, NULL, },
+ .write = { r2d_fpga_write, r2d_fpga_write, NULL, },
+ },
+ .endianness = DEVICE_NATIVE_ENDIAN,
+};
+
+static qemu_irq *r2d_fpga_init(MemoryRegion *sysmem,
+ hwaddr base, qemu_irq irl)
+{
+ r2d_fpga_t *s;
+
+ s = g_malloc0(sizeof(r2d_fpga_t));
+
+ s->irl = irl;
+
+ memory_region_init_io(&s->iomem, NULL, &r2d_fpga_ops, s, "r2d-fpga", 0x40);
+ memory_region_add_subregion(sysmem, base, &s->iomem);
+ return qemu_allocate_irqs(r2d_fpga_irq_set, s, NR_IRQS);
+}
+
+typedef struct ResetData {
+ SuperHCPU *cpu;
+ uint32_t vector;
+} ResetData;
+
+static void main_cpu_reset(void *opaque)
+{
+ ResetData *s = (ResetData *)opaque;
+ CPUSH4State *env = &s->cpu->env;
+
+ cpu_reset(CPU(s->cpu));
+ env->pc = s->vector;
+}
+
+static struct QEMU_PACKED
+{
+ int mount_root_rdonly;
+ int ramdisk_flags;
+ int orig_root_dev;
+ int loader_type;
+ int initrd_start;
+ int initrd_size;
+
+ char pad[232];
+
+ char kernel_cmdline[256];
+} boot_params;
+
+static void r2d_init(QEMUMachineInitArgs *args)
+{
+ const char *cpu_model = args->cpu_model;
+ const char *kernel_filename = args->kernel_filename;
+ const char *kernel_cmdline = args->kernel_cmdline;
+ const char *initrd_filename = args->initrd_filename;
+ SuperHCPU *cpu;
+ CPUSH4State *env;
+ ResetData *reset_info;
+ struct SH7750State *s;
+ MemoryRegion *sdram = g_new(MemoryRegion, 1);
+ qemu_irq *irq;
+ DriveInfo *dinfo;
+ int i;
+ DeviceState *dev;
+ SysBusDevice *busdev;
+ MemoryRegion *address_space_mem = get_system_memory();
+ PCIBus *pci_bus;
+
+ if (cpu_model == NULL) {
+ cpu_model = "SH7751R";
+ }
+
+ cpu = cpu_sh4_init(cpu_model);
+ if (cpu == NULL) {
+ fprintf(stderr, "Unable to find CPU definition\n");
+ exit(1);
+ }
+ env = &cpu->env;
+
+ reset_info = g_malloc0(sizeof(ResetData));
+ reset_info->cpu = cpu;
+ reset_info->vector = env->pc;
+ qemu_register_reset(main_cpu_reset, reset_info);
+
+ /* Allocate memory space */
+ memory_region_init_ram(sdram, NULL, "r2d.sdram", SDRAM_SIZE);
+ vmstate_register_ram_global(sdram);
+ memory_region_add_subregion(address_space_mem, SDRAM_BASE, sdram);
+ /* Register peripherals */
+ s = sh7750_init(cpu, address_space_mem);
+ irq = r2d_fpga_init(address_space_mem, 0x04000000, sh7750_irl(s));
+
+ dev = qdev_create(NULL, "sh_pci");
+ busdev = SYS_BUS_DEVICE(dev);
+ qdev_init_nofail(dev);
+ pci_bus = PCI_BUS(qdev_get_child_bus(dev, "pci"));
+ sysbus_mmio_map(busdev, 0, P4ADDR(0x1e200000));
+ sysbus_mmio_map(busdev, 1, A7ADDR(0x1e200000));
+ sysbus_connect_irq(busdev, 0, irq[PCI_INTA]);
+ sysbus_connect_irq(busdev, 1, irq[PCI_INTB]);
+ sysbus_connect_irq(busdev, 2, irq[PCI_INTC]);
+ sysbus_connect_irq(busdev, 3, irq[PCI_INTD]);
+
+ sm501_init(address_space_mem, 0x10000000, SM501_VRAM_SIZE,
+ irq[SM501], serial_hds[2]);
+
+ /* onboard CF (True IDE mode, Master only). */
+ dinfo = drive_get(IF_IDE, 0, 0);
+ dev = qdev_create(NULL, "mmio-ide");
+ busdev = SYS_BUS_DEVICE(dev);
+ sysbus_connect_irq(busdev, 0, irq[CF_IDE]);
+ qdev_prop_set_uint32(dev, "shift", 1);
+ qdev_init_nofail(dev);
+ sysbus_mmio_map(busdev, 0, 0x14001000);
+ sysbus_mmio_map(busdev, 1, 0x1400080c);
+ mmio_ide_init_drives(dev, dinfo, NULL);
+
+ /* onboard flash memory */
+ dinfo = drive_get(IF_PFLASH, 0, 0);
+ pflash_cfi02_register(0x0, NULL, "r2d.flash", FLASH_SIZE,
+ dinfo ? dinfo->bdrv : NULL, (16 * 1024),
+ FLASH_SIZE >> 16,
+ 1, 4, 0x0000, 0x0000, 0x0000, 0x0000,
+ 0x555, 0x2aa, 0);
+
+ /* NIC: rtl8139 on-board, and 2 slots. */
+ for (i = 0; i < nb_nics; i++)
+ pci_nic_init_nofail(&nd_table[i], pci_bus,
+ "rtl8139", i==0 ? "2" : NULL);
+
+ /* USB keyboard */
+ usbdevice_create("keyboard");
+
+ /* Todo: register on board registers */
+ memset(&boot_params, 0, sizeof(boot_params));
+
+ if (kernel_filename) {
+ int kernel_size;
+
+ kernel_size = load_image_targphys(kernel_filename,
+ SDRAM_BASE + LINUX_LOAD_OFFSET,
+ INITRD_LOAD_OFFSET - LINUX_LOAD_OFFSET);
+ if (kernel_size < 0) {
+ fprintf(stderr, "qemu: could not load kernel '%s'\n", kernel_filename);
+ exit(1);
+ }
+
+ /* initialization which should be done by firmware */
+ stl_phys(SH7750_BCR1, 1<<3); /* cs3 SDRAM */
+ stw_phys(SH7750_BCR2, 3<<(3*2)); /* cs3 32bit */
+ reset_info->vector = (SDRAM_BASE + LINUX_LOAD_OFFSET) | 0xa0000000; /* Start from P2 area */
+ }
+
+ if (initrd_filename) {
+ int initrd_size;
+
+ initrd_size = load_image_targphys(initrd_filename,
+ SDRAM_BASE + INITRD_LOAD_OFFSET,
+ SDRAM_SIZE - INITRD_LOAD_OFFSET);
+
+ if (initrd_size < 0) {
+ fprintf(stderr, "qemu: could not load initrd '%s'\n", initrd_filename);
+ exit(1);
+ }
+
+ /* initialization which should be done by firmware */
+ boot_params.loader_type = 1;
+ boot_params.initrd_start = INITRD_LOAD_OFFSET;
+ boot_params.initrd_size = initrd_size;
+ }
+
+ if (kernel_cmdline) {
+ /* I see no evidence that this .kernel_cmdline buffer requires
+ NUL-termination, so using strncpy should be ok. */
+ strncpy(boot_params.kernel_cmdline, kernel_cmdline,
+ sizeof(boot_params.kernel_cmdline));
+ }
+
+ rom_add_blob_fixed("boot_params", &boot_params, sizeof(boot_params),
+ SDRAM_BASE + BOOT_PARAMS_OFFSET);
+}
+
+static QEMUMachine r2d_machine = {
+ .name = "r2d",
+ .desc = "r2d-plus board",
+ .init = r2d_init,
+ DEFAULT_MACHINE_OPTIONS,
+};
+
+static void r2d_machine_init(void)
+{
+ qemu_register_machine(&r2d_machine);
+}
+
+machine_init(r2d_machine_init);
diff --git a/hw/sh4/sh7750.c b/hw/sh4/sh7750.c
new file mode 100644
index 000000000..1439ba44e
--- /dev/null
+++ b/hw/sh4/sh7750.c
@@ -0,0 +1,843 @@
+/*
+ * SH7750 device
+ *
+ * Copyright (c) 2007 Magnus Damm
+ * Copyright (c) 2005 Samuel Tardieu
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+#include <stdio.h>
+#include "hw/hw.h"
+#include "hw/sh4/sh.h"
+#include "sysemu/sysemu.h"
+#include "sh7750_regs.h"
+#include "sh7750_regnames.h"
+#include "hw/sh4/sh_intc.h"
+#include "cpu.h"
+#include "exec/address-spaces.h"
+
+#define NB_DEVICES 4
+
+typedef struct SH7750State {
+ MemoryRegion iomem;
+ MemoryRegion iomem_1f0;
+ MemoryRegion iomem_ff0;
+ MemoryRegion iomem_1f8;
+ MemoryRegion iomem_ff8;
+ MemoryRegion iomem_1fc;
+ MemoryRegion iomem_ffc;
+ MemoryRegion mmct_iomem;
+ /* CPU */
+ SuperHCPU *cpu;
+ /* Peripheral frequency in Hz */
+ uint32_t periph_freq;
+ /* SDRAM controller */
+ uint32_t bcr1;
+ uint16_t bcr2;
+ uint16_t bcr3;
+ uint32_t bcr4;
+ uint16_t rfcr;
+ /* PCMCIA controller */
+ uint16_t pcr;
+ /* IO ports */
+ uint16_t gpioic;
+ uint32_t pctra;
+ uint32_t pctrb;
+ uint16_t portdira; /* Cached */
+ uint16_t portpullupa; /* Cached */
+ uint16_t portdirb; /* Cached */
+ uint16_t portpullupb; /* Cached */
+ uint16_t pdtra;
+ uint16_t pdtrb;
+ uint16_t periph_pdtra; /* Imposed by the peripherals */
+ uint16_t periph_portdira; /* Direction seen from the peripherals */
+ uint16_t periph_pdtrb; /* Imposed by the peripherals */
+ uint16_t periph_portdirb; /* Direction seen from the peripherals */
+ sh7750_io_device *devices[NB_DEVICES]; /* External peripherals */
+
+ /* Cache */
+ uint32_t ccr;
+
+ struct intc_desc intc;
+} SH7750State;
+
+static inline int has_bcr3_and_bcr4(SH7750State * s)
+{
+ return s->cpu->env.features & SH_FEATURE_BCR3_AND_BCR4;
+}
+/**********************************************************************
+ I/O ports
+**********************************************************************/
+
+int sh7750_register_io_device(SH7750State * s, sh7750_io_device * device)
+{
+ int i;
+
+ for (i = 0; i < NB_DEVICES; i++) {
+ if (s->devices[i] == NULL) {
+ s->devices[i] = device;
+ return 0;
+ }
+ }
+ return -1;
+}
+
+static uint16_t portdir(uint32_t v)
+{
+#define EVENPORTMASK(n) ((v & (1<<((n)<<1))) >> (n))
+ return
+ EVENPORTMASK(15) | EVENPORTMASK(14) | EVENPORTMASK(13) |
+ EVENPORTMASK(12) | EVENPORTMASK(11) | EVENPORTMASK(10) |
+ EVENPORTMASK(9) | EVENPORTMASK(8) | EVENPORTMASK(7) |
+ EVENPORTMASK(6) | EVENPORTMASK(5) | EVENPORTMASK(4) |
+ EVENPORTMASK(3) | EVENPORTMASK(2) | EVENPORTMASK(1) |
+ EVENPORTMASK(0);
+}
+
+static uint16_t portpullup(uint32_t v)
+{
+#define ODDPORTMASK(n) ((v & (1<<(((n)<<1)+1))) >> (n))
+ return
+ ODDPORTMASK(15) | ODDPORTMASK(14) | ODDPORTMASK(13) |
+ ODDPORTMASK(12) | ODDPORTMASK(11) | ODDPORTMASK(10) |
+ ODDPORTMASK(9) | ODDPORTMASK(8) | ODDPORTMASK(7) | ODDPORTMASK(6) |
+ ODDPORTMASK(5) | ODDPORTMASK(4) | ODDPORTMASK(3) | ODDPORTMASK(2) |
+ ODDPORTMASK(1) | ODDPORTMASK(0);
+}
+
+static uint16_t porta_lines(SH7750State * s)
+{
+ return (s->portdira & s->pdtra) | /* CPU */
+ (s->periph_portdira & s->periph_pdtra) | /* Peripherals */
+ (~(s->portdira | s->periph_portdira) & s->portpullupa); /* Pullups */
+}
+
+static uint16_t portb_lines(SH7750State * s)
+{
+ return (s->portdirb & s->pdtrb) | /* CPU */
+ (s->periph_portdirb & s->periph_pdtrb) | /* Peripherals */
+ (~(s->portdirb | s->periph_portdirb) & s->portpullupb); /* Pullups */
+}
+
+static void gen_port_interrupts(SH7750State * s)
+{
+ /* XXXXX interrupts not generated */
+}
+
+static void porta_changed(SH7750State * s, uint16_t prev)
+{
+ uint16_t currenta, changes;
+ int i, r = 0;
+
+#if 0
+ fprintf(stderr, "porta changed from 0x%04x to 0x%04x\n",
+ prev, porta_lines(s));
+ fprintf(stderr, "pdtra=0x%04x, pctra=0x%08x\n", s->pdtra, s->pctra);
+#endif
+ currenta = porta_lines(s);
+ if (currenta == prev)
+ return;
+ changes = currenta ^ prev;
+
+ for (i = 0; i < NB_DEVICES; i++) {
+ if (s->devices[i] && (s->devices[i]->portamask_trigger & changes)) {
+ r |= s->devices[i]->port_change_cb(currenta, portb_lines(s),
+ &s->periph_pdtra,
+ &s->periph_portdira,
+ &s->periph_pdtrb,
+ &s->periph_portdirb);
+ }
+ }
+
+ if (r)
+ gen_port_interrupts(s);
+}
+
+static void portb_changed(SH7750State * s, uint16_t prev)
+{
+ uint16_t currentb, changes;
+ int i, r = 0;
+
+ currentb = portb_lines(s);
+ if (currentb == prev)
+ return;
+ changes = currentb ^ prev;
+
+ for (i = 0; i < NB_DEVICES; i++) {
+ if (s->devices[i] && (s->devices[i]->portbmask_trigger & changes)) {
+ r |= s->devices[i]->port_change_cb(portb_lines(s), currentb,
+ &s->periph_pdtra,
+ &s->periph_portdira,
+ &s->periph_pdtrb,
+ &s->periph_portdirb);
+ }
+ }
+
+ if (r)
+ gen_port_interrupts(s);
+}
+
+/**********************************************************************
+ Memory
+**********************************************************************/
+
+static void error_access(const char *kind, hwaddr addr)
+{
+ fprintf(stderr, "%s to %s (0x" TARGET_FMT_plx ") not supported\n",
+ kind, regname(addr), addr);
+}
+
+static void ignore_access(const char *kind, hwaddr addr)
+{
+ fprintf(stderr, "%s to %s (0x" TARGET_FMT_plx ") ignored\n",
+ kind, regname(addr), addr);
+}
+
+static uint32_t sh7750_mem_readb(void *opaque, hwaddr addr)
+{
+ switch (addr) {
+ default:
+ error_access("byte read", addr);
+ abort();
+ }
+}
+
+static uint32_t sh7750_mem_readw(void *opaque, hwaddr addr)
+{
+ SH7750State *s = opaque;
+
+ switch (addr) {
+ case SH7750_BCR2_A7:
+ return s->bcr2;
+ case SH7750_BCR3_A7:
+ if(!has_bcr3_and_bcr4(s))
+ error_access("word read", addr);
+ return s->bcr3;
+ case SH7750_FRQCR_A7:
+ return 0;
+ case SH7750_PCR_A7:
+ return s->pcr;
+ case SH7750_RFCR_A7:
+ fprintf(stderr,
+ "Read access to refresh count register, incrementing\n");
+ return s->rfcr++;
+ case SH7750_PDTRA_A7:
+ return porta_lines(s);
+ case SH7750_PDTRB_A7:
+ return portb_lines(s);
+ case SH7750_RTCOR_A7:
+ case SH7750_RTCNT_A7:
+ case SH7750_RTCSR_A7:
+ ignore_access("word read", addr);
+ return 0;
+ default:
+ error_access("word read", addr);
+ abort();
+ }
+}
+
+static uint32_t sh7750_mem_readl(void *opaque, hwaddr addr)
+{
+ SH7750State *s = opaque;
+ SuperHCPUClass *scc;
+
+ switch (addr) {
+ case SH7750_BCR1_A7:
+ return s->bcr1;
+ case SH7750_BCR4_A7:
+ if(!has_bcr3_and_bcr4(s))
+ error_access("long read", addr);
+ return s->bcr4;
+ case SH7750_WCR1_A7:
+ case SH7750_WCR2_A7:
+ case SH7750_WCR3_A7:
+ case SH7750_MCR_A7:
+ ignore_access("long read", addr);
+ return 0;
+ case SH7750_MMUCR_A7:
+ return s->cpu->env.mmucr;
+ case SH7750_PTEH_A7:
+ return s->cpu->env.pteh;
+ case SH7750_PTEL_A7:
+ return s->cpu->env.ptel;
+ case SH7750_TTB_A7:
+ return s->cpu->env.ttb;
+ case SH7750_TEA_A7:
+ return s->cpu->env.tea;
+ case SH7750_TRA_A7:
+ return s->cpu->env.tra;
+ case SH7750_EXPEVT_A7:
+ return s->cpu->env.expevt;
+ case SH7750_INTEVT_A7:
+ return s->cpu->env.intevt;
+ case SH7750_CCR_A7:
+ return s->ccr;
+ case 0x1f000030: /* Processor version */
+ scc = SUPERH_CPU_GET_CLASS(s->cpu);
+ return scc->pvr;
+ case 0x1f000040: /* Cache version */
+ scc = SUPERH_CPU_GET_CLASS(s->cpu);
+ return scc->cvr;
+ case 0x1f000044: /* Processor revision */
+ scc = SUPERH_CPU_GET_CLASS(s->cpu);
+ return scc->prr;
+ default:
+ error_access("long read", addr);
+ abort();
+ }
+}
+
+#define is_in_sdrmx(a, x) (a >= SH7750_SDMR ## x ## _A7 \
+ && a <= (SH7750_SDMR ## x ## _A7 + SH7750_SDMR ## x ## _REGNB))
+static void sh7750_mem_writeb(void *opaque, hwaddr addr,
+ uint32_t mem_value)
+{
+
+ if (is_in_sdrmx(addr, 2) || is_in_sdrmx(addr, 3)) {
+ ignore_access("byte write", addr);
+ return;
+ }
+
+ error_access("byte write", addr);
+ abort();
+}
+
+static void sh7750_mem_writew(void *opaque, hwaddr addr,
+ uint32_t mem_value)
+{
+ SH7750State *s = opaque;
+ uint16_t temp;
+
+ switch (addr) {
+ /* SDRAM controller */
+ case SH7750_BCR2_A7:
+ s->bcr2 = mem_value;
+ return;
+ case SH7750_BCR3_A7:
+ if(!has_bcr3_and_bcr4(s))
+ error_access("word write", addr);
+ s->bcr3 = mem_value;
+ return;
+ case SH7750_PCR_A7:
+ s->pcr = mem_value;
+ return;
+ case SH7750_RTCNT_A7:
+ case SH7750_RTCOR_A7:
+ case SH7750_RTCSR_A7:
+ ignore_access("word write", addr);
+ return;
+ /* IO ports */
+ case SH7750_PDTRA_A7:
+ temp = porta_lines(s);
+ s->pdtra = mem_value;
+ porta_changed(s, temp);
+ return;
+ case SH7750_PDTRB_A7:
+ temp = portb_lines(s);
+ s->pdtrb = mem_value;
+ portb_changed(s, temp);
+ return;
+ case SH7750_RFCR_A7:
+ fprintf(stderr, "Write access to refresh count register\n");
+ s->rfcr = mem_value;
+ return;
+ case SH7750_GPIOIC_A7:
+ s->gpioic = mem_value;
+ if (mem_value != 0) {
+ fprintf(stderr, "I/O interrupts not implemented\n");
+ abort();
+ }
+ return;
+ default:
+ error_access("word write", addr);
+ abort();
+ }
+}
+
+static void sh7750_mem_writel(void *opaque, hwaddr addr,
+ uint32_t mem_value)
+{
+ SH7750State *s = opaque;
+ uint16_t temp;
+
+ switch (addr) {
+ /* SDRAM controller */
+ case SH7750_BCR1_A7:
+ s->bcr1 = mem_value;
+ return;
+ case SH7750_BCR4_A7:
+ if(!has_bcr3_and_bcr4(s))
+ error_access("long write", addr);
+ s->bcr4 = mem_value;
+ return;
+ case SH7750_WCR1_A7:
+ case SH7750_WCR2_A7:
+ case SH7750_WCR3_A7:
+ case SH7750_MCR_A7:
+ ignore_access("long write", addr);
+ return;
+ /* IO ports */
+ case SH7750_PCTRA_A7:
+ temp = porta_lines(s);
+ s->pctra = mem_value;
+ s->portdira = portdir(mem_value);
+ s->portpullupa = portpullup(mem_value);
+ porta_changed(s, temp);
+ return;
+ case SH7750_PCTRB_A7:
+ temp = portb_lines(s);
+ s->pctrb = mem_value;
+ s->portdirb = portdir(mem_value);
+ s->portpullupb = portpullup(mem_value);
+ portb_changed(s, temp);
+ return;
+ case SH7750_MMUCR_A7:
+ if (mem_value & MMUCR_TI) {
+ cpu_sh4_invalidate_tlb(&s->cpu->env);
+ }
+ s->cpu->env.mmucr = mem_value & ~MMUCR_TI;
+ return;
+ case SH7750_PTEH_A7:
+ /* If asid changes, clear all registered tlb entries. */
+ if ((s->cpu->env.pteh & 0xff) != (mem_value & 0xff)) {
+ tlb_flush(&s->cpu->env, 1);
+ }
+ s->cpu->env.pteh = mem_value;
+ return;
+ case SH7750_PTEL_A7:
+ s->cpu->env.ptel = mem_value;
+ return;
+ case SH7750_PTEA_A7:
+ s->cpu->env.ptea = mem_value & 0x0000000f;
+ return;
+ case SH7750_TTB_A7:
+ s->cpu->env.ttb = mem_value;
+ return;
+ case SH7750_TEA_A7:
+ s->cpu->env.tea = mem_value;
+ return;
+ case SH7750_TRA_A7:
+ s->cpu->env.tra = mem_value & 0x000007ff;
+ return;
+ case SH7750_EXPEVT_A7:
+ s->cpu->env.expevt = mem_value & 0x000007ff;
+ return;
+ case SH7750_INTEVT_A7:
+ s->cpu->env.intevt = mem_value & 0x000007ff;
+ return;
+ case SH7750_CCR_A7:
+ s->ccr = mem_value;
+ return;
+ default:
+ error_access("long write", addr);
+ abort();
+ }
+}
+
+static const MemoryRegionOps sh7750_mem_ops = {
+ .old_mmio = {
+ .read = {sh7750_mem_readb,
+ sh7750_mem_readw,
+ sh7750_mem_readl },
+ .write = {sh7750_mem_writeb,
+ sh7750_mem_writew,
+ sh7750_mem_writel },
+ },
+ .endianness = DEVICE_NATIVE_ENDIAN,
+};
+
+/* sh775x interrupt controller tables for sh_intc.c
+ * stolen from linux/arch/sh/kernel/cpu/sh4/setup-sh7750.c
+ */
+
+enum {
+ UNUSED = 0,
+
+ /* interrupt sources */
+ IRL_0, IRL_1, IRL_2, IRL_3, IRL_4, IRL_5, IRL_6, IRL_7,
+ IRL_8, IRL_9, IRL_A, IRL_B, IRL_C, IRL_D, IRL_E,
+ IRL0, IRL1, IRL2, IRL3,
+ HUDI, GPIOI,
+ DMAC_DMTE0, DMAC_DMTE1, DMAC_DMTE2, DMAC_DMTE3,
+ DMAC_DMTE4, DMAC_DMTE5, DMAC_DMTE6, DMAC_DMTE7,
+ DMAC_DMAE,
+ PCIC0_PCISERR, PCIC1_PCIERR, PCIC1_PCIPWDWN, PCIC1_PCIPWON,
+ PCIC1_PCIDMA0, PCIC1_PCIDMA1, PCIC1_PCIDMA2, PCIC1_PCIDMA3,
+ TMU3, TMU4, TMU0, TMU1, TMU2_TUNI, TMU2_TICPI,
+ RTC_ATI, RTC_PRI, RTC_CUI,
+ SCI1_ERI, SCI1_RXI, SCI1_TXI, SCI1_TEI,
+ SCIF_ERI, SCIF_RXI, SCIF_BRI, SCIF_TXI,
+ WDT,
+ REF_RCMI, REF_ROVI,
+
+ /* interrupt groups */
+ DMAC, PCIC1, TMU2, RTC, SCI1, SCIF, REF,
+ /* irl bundle */
+ IRL,
+
+ NR_SOURCES,
+};
+
+static struct intc_vect vectors[] = {
+ INTC_VECT(HUDI, 0x600), INTC_VECT(GPIOI, 0x620),
+ INTC_VECT(TMU0, 0x400), INTC_VECT(TMU1, 0x420),
+ INTC_VECT(TMU2_TUNI, 0x440), INTC_VECT(TMU2_TICPI, 0x460),
+ INTC_VECT(RTC_ATI, 0x480), INTC_VECT(RTC_PRI, 0x4a0),
+ INTC_VECT(RTC_CUI, 0x4c0),
+ INTC_VECT(SCI1_ERI, 0x4e0), INTC_VECT(SCI1_RXI, 0x500),
+ INTC_VECT(SCI1_TXI, 0x520), INTC_VECT(SCI1_TEI, 0x540),
+ INTC_VECT(SCIF_ERI, 0x700), INTC_VECT(SCIF_RXI, 0x720),
+ INTC_VECT(SCIF_BRI, 0x740), INTC_VECT(SCIF_TXI, 0x760),
+ INTC_VECT(WDT, 0x560),
+ INTC_VECT(REF_RCMI, 0x580), INTC_VECT(REF_ROVI, 0x5a0),
+};
+
+static struct intc_group groups[] = {
+ INTC_GROUP(TMU2, TMU2_TUNI, TMU2_TICPI),
+ INTC_GROUP(RTC, RTC_ATI, RTC_PRI, RTC_CUI),
+ INTC_GROUP(SCI1, SCI1_ERI, SCI1_RXI, SCI1_TXI, SCI1_TEI),
+ INTC_GROUP(SCIF, SCIF_ERI, SCIF_RXI, SCIF_BRI, SCIF_TXI),
+ INTC_GROUP(REF, REF_RCMI, REF_ROVI),
+};
+
+static struct intc_prio_reg prio_registers[] = {
+ { 0xffd00004, 0, 16, 4, /* IPRA */ { TMU0, TMU1, TMU2, RTC } },
+ { 0xffd00008, 0, 16, 4, /* IPRB */ { WDT, REF, SCI1, 0 } },
+ { 0xffd0000c, 0, 16, 4, /* IPRC */ { GPIOI, DMAC, SCIF, HUDI } },
+ { 0xffd00010, 0, 16, 4, /* IPRD */ { IRL0, IRL1, IRL2, IRL3 } },
+ { 0xfe080000, 0, 32, 4, /* INTPRI00 */ { 0, 0, 0, 0,
+ TMU4, TMU3,
+ PCIC1, PCIC0_PCISERR } },
+};
+
+/* SH7750, SH7750S, SH7751 and SH7091 all have 4-channel DMA controllers */
+
+static struct intc_vect vectors_dma4[] = {
+ INTC_VECT(DMAC_DMTE0, 0x640), INTC_VECT(DMAC_DMTE1, 0x660),
+ INTC_VECT(DMAC_DMTE2, 0x680), INTC_VECT(DMAC_DMTE3, 0x6a0),
+ INTC_VECT(DMAC_DMAE, 0x6c0),
+};
+
+static struct intc_group groups_dma4[] = {
+ INTC_GROUP(DMAC, DMAC_DMTE0, DMAC_DMTE1, DMAC_DMTE2,
+ DMAC_DMTE3, DMAC_DMAE),
+};
+
+/* SH7750R and SH7751R both have 8-channel DMA controllers */
+
+static struct intc_vect vectors_dma8[] = {
+ INTC_VECT(DMAC_DMTE0, 0x640), INTC_VECT(DMAC_DMTE1, 0x660),
+ INTC_VECT(DMAC_DMTE2, 0x680), INTC_VECT(DMAC_DMTE3, 0x6a0),
+ INTC_VECT(DMAC_DMTE4, 0x780), INTC_VECT(DMAC_DMTE5, 0x7a0),
+ INTC_VECT(DMAC_DMTE6, 0x7c0), INTC_VECT(DMAC_DMTE7, 0x7e0),
+ INTC_VECT(DMAC_DMAE, 0x6c0),
+};
+
+static struct intc_group groups_dma8[] = {
+ INTC_GROUP(DMAC, DMAC_DMTE0, DMAC_DMTE1, DMAC_DMTE2,
+ DMAC_DMTE3, DMAC_DMTE4, DMAC_DMTE5,
+ DMAC_DMTE6, DMAC_DMTE7, DMAC_DMAE),
+};
+
+/* SH7750R, SH7751 and SH7751R all have two extra timer channels */
+
+static struct intc_vect vectors_tmu34[] = {
+ INTC_VECT(TMU3, 0xb00), INTC_VECT(TMU4, 0xb80),
+};
+
+static struct intc_mask_reg mask_registers[] = {
+ { 0xfe080040, 0xfe080060, 32, /* INTMSK00 / INTMSKCLR00 */
+ { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+ 0, 0, 0, 0, 0, 0, TMU4, TMU3,
+ PCIC1_PCIERR, PCIC1_PCIPWDWN, PCIC1_PCIPWON,
+ PCIC1_PCIDMA0, PCIC1_PCIDMA1, PCIC1_PCIDMA2,
+ PCIC1_PCIDMA3, PCIC0_PCISERR } },
+};
+
+/* SH7750S, SH7750R, SH7751 and SH7751R all have IRLM priority registers */
+
+static struct intc_vect vectors_irlm[] = {
+ INTC_VECT(IRL0, 0x240), INTC_VECT(IRL1, 0x2a0),
+ INTC_VECT(IRL2, 0x300), INTC_VECT(IRL3, 0x360),
+};
+
+/* SH7751 and SH7751R both have PCI */
+
+static struct intc_vect vectors_pci[] = {
+ INTC_VECT(PCIC0_PCISERR, 0xa00), INTC_VECT(PCIC1_PCIERR, 0xae0),
+ INTC_VECT(PCIC1_PCIPWDWN, 0xac0), INTC_VECT(PCIC1_PCIPWON, 0xaa0),
+ INTC_VECT(PCIC1_PCIDMA0, 0xa80), INTC_VECT(PCIC1_PCIDMA1, 0xa60),
+ INTC_VECT(PCIC1_PCIDMA2, 0xa40), INTC_VECT(PCIC1_PCIDMA3, 0xa20),
+};
+
+static struct intc_group groups_pci[] = {
+ INTC_GROUP(PCIC1, PCIC1_PCIERR, PCIC1_PCIPWDWN, PCIC1_PCIPWON,
+ PCIC1_PCIDMA0, PCIC1_PCIDMA1, PCIC1_PCIDMA2, PCIC1_PCIDMA3),
+};
+
+static struct intc_vect vectors_irl[] = {
+ INTC_VECT(IRL_0, 0x200),
+ INTC_VECT(IRL_1, 0x220),
+ INTC_VECT(IRL_2, 0x240),
+ INTC_VECT(IRL_3, 0x260),
+ INTC_VECT(IRL_4, 0x280),
+ INTC_VECT(IRL_5, 0x2a0),
+ INTC_VECT(IRL_6, 0x2c0),
+ INTC_VECT(IRL_7, 0x2e0),
+ INTC_VECT(IRL_8, 0x300),
+ INTC_VECT(IRL_9, 0x320),
+ INTC_VECT(IRL_A, 0x340),
+ INTC_VECT(IRL_B, 0x360),
+ INTC_VECT(IRL_C, 0x380),
+ INTC_VECT(IRL_D, 0x3a0),
+ INTC_VECT(IRL_E, 0x3c0),
+};
+
+static struct intc_group groups_irl[] = {
+ INTC_GROUP(IRL, IRL_0, IRL_1, IRL_2, IRL_3, IRL_4, IRL_5, IRL_6,
+ IRL_7, IRL_8, IRL_9, IRL_A, IRL_B, IRL_C, IRL_D, IRL_E),
+};
+
+/**********************************************************************
+ Memory mapped cache and TLB
+**********************************************************************/
+
+#define MM_REGION_MASK 0x07000000
+#define MM_ICACHE_ADDR (0)
+#define MM_ICACHE_DATA (1)
+#define MM_ITLB_ADDR (2)
+#define MM_ITLB_DATA (3)
+#define MM_OCACHE_ADDR (4)
+#define MM_OCACHE_DATA (5)
+#define MM_UTLB_ADDR (6)
+#define MM_UTLB_DATA (7)
+#define MM_REGION_TYPE(addr) ((addr & MM_REGION_MASK) >> 24)
+
+static uint64_t invalid_read(void *opaque, hwaddr addr)
+{
+ abort();
+
+ return 0;
+}
+
+static uint64_t sh7750_mmct_read(void *opaque, hwaddr addr,
+ unsigned size)
+{
+ SH7750State *s = opaque;
+ uint32_t ret = 0;
+
+ if (size != 4) {
+ return invalid_read(opaque, addr);
+ }
+
+ switch (MM_REGION_TYPE(addr)) {
+ case MM_ICACHE_ADDR:
+ case MM_ICACHE_DATA:
+ /* do nothing */
+ break;
+ case MM_ITLB_ADDR:
+ ret = cpu_sh4_read_mmaped_itlb_addr(&s->cpu->env, addr);
+ break;
+ case MM_ITLB_DATA:
+ ret = cpu_sh4_read_mmaped_itlb_data(&s->cpu->env, addr);
+ break;
+ case MM_OCACHE_ADDR:
+ case MM_OCACHE_DATA:
+ /* do nothing */
+ break;
+ case MM_UTLB_ADDR:
+ ret = cpu_sh4_read_mmaped_utlb_addr(&s->cpu->env, addr);
+ break;
+ case MM_UTLB_DATA:
+ ret = cpu_sh4_read_mmaped_utlb_data(&s->cpu->env, addr);
+ break;
+ default:
+ abort();
+ }
+
+ return ret;
+}
+
+static void invalid_write(void *opaque, hwaddr addr,
+ uint64_t mem_value)
+{
+ abort();
+}
+
+static void sh7750_mmct_write(void *opaque, hwaddr addr,
+ uint64_t mem_value, unsigned size)
+{
+ SH7750State *s = opaque;
+
+ if (size != 4) {
+ invalid_write(opaque, addr, mem_value);
+ }
+
+ switch (MM_REGION_TYPE(addr)) {
+ case MM_ICACHE_ADDR:
+ case MM_ICACHE_DATA:
+ /* do nothing */
+ break;
+ case MM_ITLB_ADDR:
+ cpu_sh4_write_mmaped_itlb_addr(&s->cpu->env, addr, mem_value);
+ break;
+ case MM_ITLB_DATA:
+ cpu_sh4_write_mmaped_itlb_data(&s->cpu->env, addr, mem_value);
+ abort();
+ break;
+ case MM_OCACHE_ADDR:
+ case MM_OCACHE_DATA:
+ /* do nothing */
+ break;
+ case MM_UTLB_ADDR:
+ cpu_sh4_write_mmaped_utlb_addr(&s->cpu->env, addr, mem_value);
+ break;
+ case MM_UTLB_DATA:
+ cpu_sh4_write_mmaped_utlb_data(&s->cpu->env, addr, mem_value);
+ break;
+ default:
+ abort();
+ break;
+ }
+}
+
+static const MemoryRegionOps sh7750_mmct_ops = {
+ .read = sh7750_mmct_read,
+ .write = sh7750_mmct_write,
+ .endianness = DEVICE_NATIVE_ENDIAN,
+};
+
+SH7750State *sh7750_init(SuperHCPU *cpu, MemoryRegion *sysmem)
+{
+ SH7750State *s;
+
+ s = g_malloc0(sizeof(SH7750State));
+ s->cpu = cpu;
+ s->periph_freq = 60000000; /* 60MHz */
+ memory_region_init_io(&s->iomem, NULL, &sh7750_mem_ops, s,
+ "memory", 0x1fc01000);
+
+ memory_region_init_alias(&s->iomem_1f0, NULL, "memory-1f0",
+ &s->iomem, 0x1f000000, 0x1000);
+ memory_region_add_subregion(sysmem, 0x1f000000, &s->iomem_1f0);
+
+ memory_region_init_alias(&s->iomem_ff0, NULL, "memory-ff0",
+ &s->iomem, 0x1f000000, 0x1000);
+ memory_region_add_subregion(sysmem, 0xff000000, &s->iomem_ff0);
+
+ memory_region_init_alias(&s->iomem_1f8, NULL, "memory-1f8",
+ &s->iomem, 0x1f800000, 0x1000);
+ memory_region_add_subregion(sysmem, 0x1f800000, &s->iomem_1f8);
+
+ memory_region_init_alias(&s->iomem_ff8, NULL, "memory-ff8",
+ &s->iomem, 0x1f800000, 0x1000);
+ memory_region_add_subregion(sysmem, 0xff800000, &s->iomem_ff8);
+
+ memory_region_init_alias(&s->iomem_1fc, NULL, "memory-1fc",
+ &s->iomem, 0x1fc00000, 0x1000);
+ memory_region_add_subregion(sysmem, 0x1fc00000, &s->iomem_1fc);
+
+ memory_region_init_alias(&s->iomem_ffc, NULL, "memory-ffc",
+ &s->iomem, 0x1fc00000, 0x1000);
+ memory_region_add_subregion(sysmem, 0xffc00000, &s->iomem_ffc);
+
+ memory_region_init_io(&s->mmct_iomem, NULL, &sh7750_mmct_ops, s,
+ "cache-and-tlb", 0x08000000);
+ memory_region_add_subregion(sysmem, 0xf0000000, &s->mmct_iomem);
+
+ sh_intc_init(sysmem, &s->intc, NR_SOURCES,
+ _INTC_ARRAY(mask_registers),
+ _INTC_ARRAY(prio_registers));
+
+ sh_intc_register_sources(&s->intc,
+ _INTC_ARRAY(vectors),
+ _INTC_ARRAY(groups));
+
+ cpu->env.intc_handle = &s->intc;
+
+ sh_serial_init(sysmem, 0x1fe00000,
+ 0, s->periph_freq, serial_hds[0],
+ s->intc.irqs[SCI1_ERI],
+ s->intc.irqs[SCI1_RXI],
+ s->intc.irqs[SCI1_TXI],
+ s->intc.irqs[SCI1_TEI],
+ NULL);
+ sh_serial_init(sysmem, 0x1fe80000,
+ SH_SERIAL_FEAT_SCIF,
+ s->periph_freq, serial_hds[1],
+ s->intc.irqs[SCIF_ERI],
+ s->intc.irqs[SCIF_RXI],
+ s->intc.irqs[SCIF_TXI],
+ NULL,
+ s->intc.irqs[SCIF_BRI]);
+
+ tmu012_init(sysmem, 0x1fd80000,
+ TMU012_FEAT_TOCR | TMU012_FEAT_3CHAN | TMU012_FEAT_EXTCLK,
+ s->periph_freq,
+ s->intc.irqs[TMU0],
+ s->intc.irqs[TMU1],
+ s->intc.irqs[TMU2_TUNI],
+ s->intc.irqs[TMU2_TICPI]);
+
+ if (cpu->env.id & (SH_CPU_SH7750 | SH_CPU_SH7750S | SH_CPU_SH7751)) {
+ sh_intc_register_sources(&s->intc,
+ _INTC_ARRAY(vectors_dma4),
+ _INTC_ARRAY(groups_dma4));
+ }
+
+ if (cpu->env.id & (SH_CPU_SH7750R | SH_CPU_SH7751R)) {
+ sh_intc_register_sources(&s->intc,
+ _INTC_ARRAY(vectors_dma8),
+ _INTC_ARRAY(groups_dma8));
+ }
+
+ if (cpu->env.id & (SH_CPU_SH7750R | SH_CPU_SH7751 | SH_CPU_SH7751R)) {
+ sh_intc_register_sources(&s->intc,
+ _INTC_ARRAY(vectors_tmu34),
+ NULL, 0);
+ tmu012_init(sysmem, 0x1e100000, 0, s->periph_freq,
+ s->intc.irqs[TMU3],
+ s->intc.irqs[TMU4],
+ NULL, NULL);
+ }
+
+ if (cpu->env.id & (SH_CPU_SH7751_ALL)) {
+ sh_intc_register_sources(&s->intc,
+ _INTC_ARRAY(vectors_pci),
+ _INTC_ARRAY(groups_pci));
+ }
+
+ if (cpu->env.id & (SH_CPU_SH7750S | SH_CPU_SH7750R | SH_CPU_SH7751_ALL)) {
+ sh_intc_register_sources(&s->intc,
+ _INTC_ARRAY(vectors_irlm),
+ NULL, 0);
+ }
+
+ sh_intc_register_sources(&s->intc,
+ _INTC_ARRAY(vectors_irl),
+ _INTC_ARRAY(groups_irl));
+ return s;
+}
+
+qemu_irq sh7750_irl(SH7750State *s)
+{
+ sh_intc_toggle_source(sh_intc_source(&s->intc, IRL), 1, 0); /* enable */
+ return qemu_allocate_irqs(sh_intc_set_irl, sh_intc_source(&s->intc, IRL),
+ 1)[0];
+}
diff --git a/hw/sh4/sh7750_regnames.c b/hw/sh4/sh7750_regnames.c
new file mode 100644
index 000000000..52ac1cc78
--- /dev/null
+++ b/hw/sh4/sh7750_regnames.c
@@ -0,0 +1,97 @@
+#include "hw/hw.h"
+#include "hw/sh4/sh.h"
+#include "sh7750_regs.h"
+#include "sh7750_regnames.h"
+
+#define REGNAME(r) {r, #r},
+
+typedef struct {
+ uint32_t regaddr;
+ const char *regname;
+} regname_t;
+
+static regname_t regnames[] = {
+ REGNAME(SH7750_PTEH_A7)
+ REGNAME(SH7750_PTEL_A7)
+ REGNAME(SH7750_PTEA_A7)
+ REGNAME(SH7750_TTB_A7)
+ REGNAME(SH7750_TEA_A7)
+ REGNAME(SH7750_MMUCR_A7)
+ REGNAME(SH7750_CCR_A7)
+ REGNAME(SH7750_QACR0_A7)
+ REGNAME(SH7750_QACR1_A7)
+ REGNAME(SH7750_TRA_A7)
+ REGNAME(SH7750_EXPEVT_A7)
+ REGNAME(SH7750_INTEVT_A7)
+ REGNAME(SH7750_STBCR_A7)
+ REGNAME(SH7750_STBCR2_A7)
+ REGNAME(SH7750_FRQCR_A7)
+ REGNAME(SH7750_WTCNT_A7)
+ REGNAME(SH7750_WTCSR_A7)
+ REGNAME(SH7750_R64CNT_A7)
+ REGNAME(SH7750_RSECCNT_A7)
+ REGNAME(SH7750_RMINCNT_A7)
+ REGNAME(SH7750_RHRCNT_A7)
+ REGNAME(SH7750_RWKCNT_A7)
+ REGNAME(SH7750_RDAYCNT_A7)
+ REGNAME(SH7750_RMONCNT_A7)
+ REGNAME(SH7750_RYRCNT_A7)
+ REGNAME(SH7750_RSECAR_A7)
+ REGNAME(SH7750_RMINAR_A7)
+ REGNAME(SH7750_RHRAR_A7)
+ REGNAME(SH7750_RWKAR_A7)
+ REGNAME(SH7750_RDAYAR_A7)
+ REGNAME(SH7750_RMONAR_A7)
+ REGNAME(SH7750_RCR1_A7)
+ REGNAME(SH7750_RCR2_A7)
+ REGNAME(SH7750_BCR1_A7)
+ REGNAME(SH7750_BCR2_A7)
+ REGNAME(SH7750_WCR1_A7)
+ REGNAME(SH7750_WCR2_A7)
+ REGNAME(SH7750_WCR3_A7)
+ REGNAME(SH7750_MCR_A7)
+ REGNAME(SH7750_PCR_A7)
+ REGNAME(SH7750_RTCSR_A7)
+ REGNAME(SH7750_RTCNT_A7)
+ REGNAME(SH7750_RTCOR_A7)
+ REGNAME(SH7750_RFCR_A7)
+ REGNAME(SH7750_SAR0_A7)
+ REGNAME(SH7750_SAR1_A7)
+ REGNAME(SH7750_SAR2_A7)
+ REGNAME(SH7750_SAR3_A7)
+ REGNAME(SH7750_DAR0_A7)
+ REGNAME(SH7750_DAR1_A7)
+ REGNAME(SH7750_DAR2_A7)
+ REGNAME(SH7750_DAR3_A7)
+ REGNAME(SH7750_DMATCR0_A7)
+ REGNAME(SH7750_DMATCR1_A7)
+ REGNAME(SH7750_DMATCR2_A7)
+ REGNAME(SH7750_DMATCR3_A7)
+ REGNAME(SH7750_CHCR0_A7)
+ REGNAME(SH7750_CHCR1_A7)
+ REGNAME(SH7750_CHCR2_A7)
+ REGNAME(SH7750_CHCR3_A7)
+ REGNAME(SH7750_DMAOR_A7)
+ REGNAME(SH7750_PCTRA_A7)
+ REGNAME(SH7750_PDTRA_A7)
+ REGNAME(SH7750_PCTRB_A7)
+ REGNAME(SH7750_PDTRB_A7)
+ REGNAME(SH7750_GPIOIC_A7)
+ REGNAME(SH7750_ICR_A7)
+ REGNAME(SH7750_BCR3_A7)
+ REGNAME(SH7750_BCR4_A7)
+ REGNAME(SH7750_SDMR2_A7)
+ REGNAME(SH7750_SDMR3_A7) {(uint32_t) - 1, NULL}
+};
+
+const char *regname(uint32_t addr)
+{
+ unsigned int i;
+
+ for (i = 0; regnames[i].regaddr != (uint32_t) - 1; i++) {
+ if (regnames[i].regaddr == addr)
+ return regnames[i].regname;
+ }
+
+ return "<unknown reg>";
+}
diff --git a/hw/sh7750_regnames.h b/hw/sh4/sh7750_regnames.h
index 7463709b4..7463709b4 100644
--- a/hw/sh7750_regnames.h
+++ b/hw/sh4/sh7750_regnames.h
diff --git a/hw/sh7750_regs.h b/hw/sh4/sh7750_regs.h
index 534aa4840..534aa4840 100644
--- a/hw/sh7750_regs.h
+++ b/hw/sh4/sh7750_regs.h
diff --git a/hw/sh4/sh_pci.c b/hw/sh4/sh_pci.c
new file mode 100644
index 000000000..e81176a11
--- /dev/null
+++ b/hw/sh4/sh_pci.c
@@ -0,0 +1,198 @@
+/*
+ * SuperH on-chip PCIC emulation.
+ *
+ * Copyright (c) 2008 Takashi YOSHII
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+#include "hw/sysbus.h"
+#include "hw/sh4/sh.h"
+#include "hw/pci/pci.h"
+#include "hw/pci/pci_host.h"
+#include "qemu/bswap.h"
+#include "exec/address-spaces.h"
+
+#define TYPE_SH_PCI_HOST_BRIDGE "sh_pci"
+
+#define SH_PCI_HOST_BRIDGE(obj) \
+ OBJECT_CHECK(SHPCIState, (obj), TYPE_SH_PCI_HOST_BRIDGE)
+
+typedef struct SHPCIState {
+ PCIHostState parent_obj;
+
+ PCIDevice *dev;
+ qemu_irq irq[4];
+ MemoryRegion memconfig_p4;
+ MemoryRegion memconfig_a7;
+ MemoryRegion isa;
+ uint32_t par;
+ uint32_t mbr;
+ uint32_t iobr;
+} SHPCIState;
+
+static void sh_pci_reg_write (void *p, hwaddr addr, uint64_t val,
+ unsigned size)
+{
+ SHPCIState *pcic = p;
+ PCIHostState *phb = PCI_HOST_BRIDGE(pcic);
+
+ switch(addr) {
+ case 0 ... 0xfc:
+ cpu_to_le32w((uint32_t*)(pcic->dev->config + addr), val);
+ break;
+ case 0x1c0:
+ pcic->par = val;
+ break;
+ case 0x1c4:
+ pcic->mbr = val & 0xff000001;
+ break;
+ case 0x1c8:
+ if ((val & 0xfffc0000) != (pcic->iobr & 0xfffc0000)) {
+ memory_region_del_subregion(get_system_memory(), &pcic->isa);
+ pcic->iobr = val & 0xfffc0001;
+ memory_region_add_subregion(get_system_memory(),
+ pcic->iobr & 0xfffc0000, &pcic->isa);
+ }
+ break;
+ case 0x220:
+ pci_data_write(phb->bus, pcic->par, val, 4);
+ break;
+ }
+}
+
+static uint64_t sh_pci_reg_read (void *p, hwaddr addr,
+ unsigned size)
+{
+ SHPCIState *pcic = p;
+ PCIHostState *phb = PCI_HOST_BRIDGE(pcic);
+
+ switch(addr) {
+ case 0 ... 0xfc:
+ return le32_to_cpup((uint32_t*)(pcic->dev->config + addr));
+ case 0x1c0:
+ return pcic->par;
+ case 0x1c4:
+ return pcic->mbr;
+ case 0x1c8:
+ return pcic->iobr;
+ case 0x220:
+ return pci_data_read(phb->bus, pcic->par, 4);
+ }
+ return 0;
+}
+
+static const MemoryRegionOps sh_pci_reg_ops = {
+ .read = sh_pci_reg_read,
+ .write = sh_pci_reg_write,
+ .endianness = DEVICE_NATIVE_ENDIAN,
+ .valid = {
+ .min_access_size = 4,
+ .max_access_size = 4,
+ },
+};
+
+static int sh_pci_map_irq(PCIDevice *d, int irq_num)
+{
+ return (d->devfn >> 3);
+}
+
+static void sh_pci_set_irq(void *opaque, int irq_num, int level)
+{
+ qemu_irq *pic = opaque;
+
+ qemu_set_irq(pic[irq_num], level);
+}
+
+static int sh_pci_device_init(SysBusDevice *dev)
+{
+ PCIHostState *phb;
+ SHPCIState *s;
+ int i;
+
+ s = SH_PCI_HOST_BRIDGE(dev);
+ phb = PCI_HOST_BRIDGE(s);
+ for (i = 0; i < 4; i++) {
+ sysbus_init_irq(dev, &s->irq[i]);
+ }
+ phb->bus = pci_register_bus(DEVICE(dev), "pci",
+ sh_pci_set_irq, sh_pci_map_irq,
+ s->irq,
+ get_system_memory(),
+ get_system_io(),
+ PCI_DEVFN(0, 0), 4, TYPE_PCI_BUS);
+ memory_region_init_io(&s->memconfig_p4, OBJECT(s), &sh_pci_reg_ops, s,
+ "sh_pci", 0x224);
+ memory_region_init_alias(&s->memconfig_a7, OBJECT(s), "sh_pci.2",
+ &s->memconfig_p4, 0, 0x224);
+ memory_region_init_alias(&s->isa, OBJECT(s), "sh_pci.isa",
+ get_system_io(), 0, 0x40000);
+ sysbus_init_mmio(dev, &s->memconfig_p4);
+ sysbus_init_mmio(dev, &s->memconfig_a7);
+ s->iobr = 0xfe240000;
+ memory_region_add_subregion(get_system_memory(), s->iobr, &s->isa);
+
+ s->dev = pci_create_simple(phb->bus, PCI_DEVFN(0, 0), "sh_pci_host");
+ return 0;
+}
+
+static int sh_pci_host_init(PCIDevice *d)
+{
+ pci_set_word(d->config + PCI_COMMAND, PCI_COMMAND_WAIT);
+ pci_set_word(d->config + PCI_STATUS, PCI_STATUS_CAP_LIST |
+ PCI_STATUS_FAST_BACK | PCI_STATUS_DEVSEL_MEDIUM);
+ return 0;
+}
+
+static void sh_pci_host_class_init(ObjectClass *klass, void *data)
+{
+ PCIDeviceClass *k = PCI_DEVICE_CLASS(klass);
+
+ k->init = sh_pci_host_init;
+ k->vendor_id = PCI_VENDOR_ID_HITACHI;
+ k->device_id = PCI_DEVICE_ID_HITACHI_SH7751R;
+}
+
+static const TypeInfo sh_pci_host_info = {
+ .name = "sh_pci_host",
+ .parent = TYPE_PCI_DEVICE,
+ .instance_size = sizeof(PCIDevice),
+ .class_init = sh_pci_host_class_init,
+};
+
+static void sh_pci_device_class_init(ObjectClass *klass, void *data)
+{
+ SysBusDeviceClass *sdc = SYS_BUS_DEVICE_CLASS(klass);
+
+ sdc->init = sh_pci_device_init;
+}
+
+static const TypeInfo sh_pci_device_info = {
+ .name = TYPE_SH_PCI_HOST_BRIDGE,
+ .parent = TYPE_PCI_HOST_BRIDGE,
+ .instance_size = sizeof(SHPCIState),
+ .class_init = sh_pci_device_class_init,
+};
+
+static void sh_pci_register_types(void)
+{
+ type_register_static(&sh_pci_device_info);
+ type_register_static(&sh_pci_host_info);
+}
+
+type_init(sh_pci_register_types)
diff --git a/hw/sh4/shix.c b/hw/sh4/shix.c
new file mode 100644
index 000000000..84dd666bd
--- /dev/null
+++ b/hw/sh4/shix.c
@@ -0,0 +1,107 @@
+/*
+ * SHIX 2.0 board description
+ *
+ * Copyright (c) 2005 Samuel Tardieu
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+/*
+ Shix 2.0 board by Alexis Polti, described at
+ http://perso.enst.fr/~polti/realisations/shix20/
+
+ More information in target-sh4/README.sh4
+*/
+#include "hw/hw.h"
+#include "hw/sh4/sh.h"
+#include "sysemu/sysemu.h"
+#include "hw/boards.h"
+#include "hw/loader.h"
+#include "exec/address-spaces.h"
+
+#define BIOS_FILENAME "shix_bios.bin"
+#define BIOS_ADDRESS 0xA0000000
+
+static void shix_init(QEMUMachineInitArgs *args)
+{
+ const char *cpu_model = args->cpu_model;
+ int ret;
+ SuperHCPU *cpu;
+ struct SH7750State *s;
+ MemoryRegion *sysmem = get_system_memory();
+ MemoryRegion *rom = g_new(MemoryRegion, 1);
+ MemoryRegion *sdram = g_new(MemoryRegion, 2);
+
+ if (!cpu_model)
+ cpu_model = "any";
+
+ printf("Initializing CPU\n");
+ cpu = cpu_sh4_init(cpu_model);
+ if (cpu == NULL) {
+ fprintf(stderr, "Unable to find CPU definition\n");
+ exit(1);
+ }
+
+ /* Allocate memory space */
+ printf("Allocating ROM\n");
+ memory_region_init_ram(rom, NULL, "shix.rom", 0x4000);
+ vmstate_register_ram_global(rom);
+ memory_region_set_readonly(rom, true);
+ memory_region_add_subregion(sysmem, 0x00000000, rom);
+ printf("Allocating SDRAM 1\n");
+ memory_region_init_ram(&sdram[0], NULL, "shix.sdram1", 0x01000000);
+ vmstate_register_ram_global(&sdram[0]);
+ memory_region_add_subregion(sysmem, 0x08000000, &sdram[0]);
+ printf("Allocating SDRAM 2\n");
+ memory_region_init_ram(&sdram[1], NULL, "shix.sdram2", 0x01000000);
+ vmstate_register_ram_global(&sdram[1]);
+ memory_region_add_subregion(sysmem, 0x0c000000, &sdram[1]);
+
+ /* Load BIOS in 0 (and access it through P2, 0xA0000000) */
+ if (bios_name == NULL)
+ bios_name = BIOS_FILENAME;
+ printf("%s: load BIOS '%s'\n", __func__, bios_name);
+ ret = load_image_targphys(bios_name, 0, 0x4000);
+ if (ret < 0) { /* Check bios size */
+ fprintf(stderr, "ret=%d\n", ret);
+ fprintf(stderr, "qemu: could not load SHIX bios '%s'\n",
+ bios_name);
+ exit(1);
+ }
+
+ /* Register peripherals */
+ s = sh7750_init(cpu, sysmem);
+ /* XXXXX Check success */
+ tc58128_init(s, "shix_linux_nand.bin", NULL);
+ fprintf(stderr, "initialization terminated\n");
+}
+
+static QEMUMachine shix_machine = {
+ .name = "shix",
+ .desc = "shix card",
+ .init = shix_init,
+ .is_default = 1,
+ DEFAULT_MACHINE_OPTIONS,
+};
+
+static void shix_machine_init(void)
+{
+ qemu_register_machine(&shix_machine);
+}
+
+machine_init(shix_machine_init);
diff --git a/hw/sh7750.c b/hw/sh7750.c
deleted file mode 100644
index 8bcf0df96..000000000
--- a/hw/sh7750.c
+++ /dev/null
@@ -1,838 +0,0 @@
-/*
- * SH7750 device
- *
- * Copyright (c) 2007 Magnus Damm
- * Copyright (c) 2005 Samuel Tardieu
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
- * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
- * THE SOFTWARE.
- */
-#include <stdio.h>
-#include "hw.h"
-#include "sh.h"
-#include "sysemu.h"
-#include "sh7750_regs.h"
-#include "sh7750_regnames.h"
-#include "sh_intc.h"
-#include "cpu.h"
-#include "exec-memory.h"
-
-#define NB_DEVICES 4
-
-typedef struct SH7750State {
- MemoryRegion iomem;
- MemoryRegion iomem_1f0;
- MemoryRegion iomem_ff0;
- MemoryRegion iomem_1f8;
- MemoryRegion iomem_ff8;
- MemoryRegion iomem_1fc;
- MemoryRegion iomem_ffc;
- MemoryRegion mmct_iomem;
- /* CPU */
- CPUSH4State *cpu;
- /* Peripheral frequency in Hz */
- uint32_t periph_freq;
- /* SDRAM controller */
- uint32_t bcr1;
- uint16_t bcr2;
- uint16_t bcr3;
- uint32_t bcr4;
- uint16_t rfcr;
- /* PCMCIA controller */
- uint16_t pcr;
- /* IO ports */
- uint16_t gpioic;
- uint32_t pctra;
- uint32_t pctrb;
- uint16_t portdira; /* Cached */
- uint16_t portpullupa; /* Cached */
- uint16_t portdirb; /* Cached */
- uint16_t portpullupb; /* Cached */
- uint16_t pdtra;
- uint16_t pdtrb;
- uint16_t periph_pdtra; /* Imposed by the peripherals */
- uint16_t periph_portdira; /* Direction seen from the peripherals */
- uint16_t periph_pdtrb; /* Imposed by the peripherals */
- uint16_t periph_portdirb; /* Direction seen from the peripherals */
- sh7750_io_device *devices[NB_DEVICES]; /* External peripherals */
-
- /* Cache */
- uint32_t ccr;
-
- struct intc_desc intc;
-} SH7750State;
-
-static inline int has_bcr3_and_bcr4(SH7750State * s)
-{
- return (s->cpu->features & SH_FEATURE_BCR3_AND_BCR4);
-}
-/**********************************************************************
- I/O ports
-**********************************************************************/
-
-int sh7750_register_io_device(SH7750State * s, sh7750_io_device * device)
-{
- int i;
-
- for (i = 0; i < NB_DEVICES; i++) {
- if (s->devices[i] == NULL) {
- s->devices[i] = device;
- return 0;
- }
- }
- return -1;
-}
-
-static uint16_t portdir(uint32_t v)
-{
-#define EVENPORTMASK(n) ((v & (1<<((n)<<1))) >> (n))
- return
- EVENPORTMASK(15) | EVENPORTMASK(14) | EVENPORTMASK(13) |
- EVENPORTMASK(12) | EVENPORTMASK(11) | EVENPORTMASK(10) |
- EVENPORTMASK(9) | EVENPORTMASK(8) | EVENPORTMASK(7) |
- EVENPORTMASK(6) | EVENPORTMASK(5) | EVENPORTMASK(4) |
- EVENPORTMASK(3) | EVENPORTMASK(2) | EVENPORTMASK(1) |
- EVENPORTMASK(0);
-}
-
-static uint16_t portpullup(uint32_t v)
-{
-#define ODDPORTMASK(n) ((v & (1<<(((n)<<1)+1))) >> (n))
- return
- ODDPORTMASK(15) | ODDPORTMASK(14) | ODDPORTMASK(13) |
- ODDPORTMASK(12) | ODDPORTMASK(11) | ODDPORTMASK(10) |
- ODDPORTMASK(9) | ODDPORTMASK(8) | ODDPORTMASK(7) | ODDPORTMASK(6) |
- ODDPORTMASK(5) | ODDPORTMASK(4) | ODDPORTMASK(3) | ODDPORTMASK(2) |
- ODDPORTMASK(1) | ODDPORTMASK(0);
-}
-
-static uint16_t porta_lines(SH7750State * s)
-{
- return (s->portdira & s->pdtra) | /* CPU */
- (s->periph_portdira & s->periph_pdtra) | /* Peripherals */
- (~(s->portdira | s->periph_portdira) & s->portpullupa); /* Pullups */
-}
-
-static uint16_t portb_lines(SH7750State * s)
-{
- return (s->portdirb & s->pdtrb) | /* CPU */
- (s->periph_portdirb & s->periph_pdtrb) | /* Peripherals */
- (~(s->portdirb | s->periph_portdirb) & s->portpullupb); /* Pullups */
-}
-
-static void gen_port_interrupts(SH7750State * s)
-{
- /* XXXXX interrupts not generated */
-}
-
-static void porta_changed(SH7750State * s, uint16_t prev)
-{
- uint16_t currenta, changes;
- int i, r = 0;
-
-#if 0
- fprintf(stderr, "porta changed from 0x%04x to 0x%04x\n",
- prev, porta_lines(s));
- fprintf(stderr, "pdtra=0x%04x, pctra=0x%08x\n", s->pdtra, s->pctra);
-#endif
- currenta = porta_lines(s);
- if (currenta == prev)
- return;
- changes = currenta ^ prev;
-
- for (i = 0; i < NB_DEVICES; i++) {
- if (s->devices[i] && (s->devices[i]->portamask_trigger & changes)) {
- r |= s->devices[i]->port_change_cb(currenta, portb_lines(s),
- &s->periph_pdtra,
- &s->periph_portdira,
- &s->periph_pdtrb,
- &s->periph_portdirb);
- }
- }
-
- if (r)
- gen_port_interrupts(s);
-}
-
-static void portb_changed(SH7750State * s, uint16_t prev)
-{
- uint16_t currentb, changes;
- int i, r = 0;
-
- currentb = portb_lines(s);
- if (currentb == prev)
- return;
- changes = currentb ^ prev;
-
- for (i = 0; i < NB_DEVICES; i++) {
- if (s->devices[i] && (s->devices[i]->portbmask_trigger & changes)) {
- r |= s->devices[i]->port_change_cb(portb_lines(s), currentb,
- &s->periph_pdtra,
- &s->periph_portdira,
- &s->periph_pdtrb,
- &s->periph_portdirb);
- }
- }
-
- if (r)
- gen_port_interrupts(s);
-}
-
-/**********************************************************************
- Memory
-**********************************************************************/
-
-static void error_access(const char *kind, hwaddr addr)
-{
- fprintf(stderr, "%s to %s (0x" TARGET_FMT_plx ") not supported\n",
- kind, regname(addr), addr);
-}
-
-static void ignore_access(const char *kind, hwaddr addr)
-{
- fprintf(stderr, "%s to %s (0x" TARGET_FMT_plx ") ignored\n",
- kind, regname(addr), addr);
-}
-
-static uint32_t sh7750_mem_readb(void *opaque, hwaddr addr)
-{
- switch (addr) {
- default:
- error_access("byte read", addr);
- abort();
- }
-}
-
-static uint32_t sh7750_mem_readw(void *opaque, hwaddr addr)
-{
- SH7750State *s = opaque;
-
- switch (addr) {
- case SH7750_BCR2_A7:
- return s->bcr2;
- case SH7750_BCR3_A7:
- if(!has_bcr3_and_bcr4(s))
- error_access("word read", addr);
- return s->bcr3;
- case SH7750_FRQCR_A7:
- return 0;
- case SH7750_PCR_A7:
- return s->pcr;
- case SH7750_RFCR_A7:
- fprintf(stderr,
- "Read access to refresh count register, incrementing\n");
- return s->rfcr++;
- case SH7750_PDTRA_A7:
- return porta_lines(s);
- case SH7750_PDTRB_A7:
- return portb_lines(s);
- case SH7750_RTCOR_A7:
- case SH7750_RTCNT_A7:
- case SH7750_RTCSR_A7:
- ignore_access("word read", addr);
- return 0;
- default:
- error_access("word read", addr);
- abort();
- }
-}
-
-static uint32_t sh7750_mem_readl(void *opaque, hwaddr addr)
-{
- SH7750State *s = opaque;
-
- switch (addr) {
- case SH7750_BCR1_A7:
- return s->bcr1;
- case SH7750_BCR4_A7:
- if(!has_bcr3_and_bcr4(s))
- error_access("long read", addr);
- return s->bcr4;
- case SH7750_WCR1_A7:
- case SH7750_WCR2_A7:
- case SH7750_WCR3_A7:
- case SH7750_MCR_A7:
- ignore_access("long read", addr);
- return 0;
- case SH7750_MMUCR_A7:
- return s->cpu->mmucr;
- case SH7750_PTEH_A7:
- return s->cpu->pteh;
- case SH7750_PTEL_A7:
- return s->cpu->ptel;
- case SH7750_TTB_A7:
- return s->cpu->ttb;
- case SH7750_TEA_A7:
- return s->cpu->tea;
- case SH7750_TRA_A7:
- return s->cpu->tra;
- case SH7750_EXPEVT_A7:
- return s->cpu->expevt;
- case SH7750_INTEVT_A7:
- return s->cpu->intevt;
- case SH7750_CCR_A7:
- return s->ccr;
- case 0x1f000030: /* Processor version */
- return s->cpu->pvr;
- case 0x1f000040: /* Cache version */
- return s->cpu->cvr;
- case 0x1f000044: /* Processor revision */
- return s->cpu->prr;
- default:
- error_access("long read", addr);
- abort();
- }
-}
-
-#define is_in_sdrmx(a, x) (a >= SH7750_SDMR ## x ## _A7 \
- && a <= (SH7750_SDMR ## x ## _A7 + SH7750_SDMR ## x ## _REGNB))
-static void sh7750_mem_writeb(void *opaque, hwaddr addr,
- uint32_t mem_value)
-{
-
- if (is_in_sdrmx(addr, 2) || is_in_sdrmx(addr, 3)) {
- ignore_access("byte write", addr);
- return;
- }
-
- error_access("byte write", addr);
- abort();
-}
-
-static void sh7750_mem_writew(void *opaque, hwaddr addr,
- uint32_t mem_value)
-{
- SH7750State *s = opaque;
- uint16_t temp;
-
- switch (addr) {
- /* SDRAM controller */
- case SH7750_BCR2_A7:
- s->bcr2 = mem_value;
- return;
- case SH7750_BCR3_A7:
- if(!has_bcr3_and_bcr4(s))
- error_access("word write", addr);
- s->bcr3 = mem_value;
- return;
- case SH7750_PCR_A7:
- s->pcr = mem_value;
- return;
- case SH7750_RTCNT_A7:
- case SH7750_RTCOR_A7:
- case SH7750_RTCSR_A7:
- ignore_access("word write", addr);
- return;
- /* IO ports */
- case SH7750_PDTRA_A7:
- temp = porta_lines(s);
- s->pdtra = mem_value;
- porta_changed(s, temp);
- return;
- case SH7750_PDTRB_A7:
- temp = portb_lines(s);
- s->pdtrb = mem_value;
- portb_changed(s, temp);
- return;
- case SH7750_RFCR_A7:
- fprintf(stderr, "Write access to refresh count register\n");
- s->rfcr = mem_value;
- return;
- case SH7750_GPIOIC_A7:
- s->gpioic = mem_value;
- if (mem_value != 0) {
- fprintf(stderr, "I/O interrupts not implemented\n");
- abort();
- }
- return;
- default:
- error_access("word write", addr);
- abort();
- }
-}
-
-static void sh7750_mem_writel(void *opaque, hwaddr addr,
- uint32_t mem_value)
-{
- SH7750State *s = opaque;
- uint16_t temp;
-
- switch (addr) {
- /* SDRAM controller */
- case SH7750_BCR1_A7:
- s->bcr1 = mem_value;
- return;
- case SH7750_BCR4_A7:
- if(!has_bcr3_and_bcr4(s))
- error_access("long write", addr);
- s->bcr4 = mem_value;
- return;
- case SH7750_WCR1_A7:
- case SH7750_WCR2_A7:
- case SH7750_WCR3_A7:
- case SH7750_MCR_A7:
- ignore_access("long write", addr);
- return;
- /* IO ports */
- case SH7750_PCTRA_A7:
- temp = porta_lines(s);
- s->pctra = mem_value;
- s->portdira = portdir(mem_value);
- s->portpullupa = portpullup(mem_value);
- porta_changed(s, temp);
- return;
- case SH7750_PCTRB_A7:
- temp = portb_lines(s);
- s->pctrb = mem_value;
- s->portdirb = portdir(mem_value);
- s->portpullupb = portpullup(mem_value);
- portb_changed(s, temp);
- return;
- case SH7750_MMUCR_A7:
- if (mem_value & MMUCR_TI) {
- cpu_sh4_invalidate_tlb(s->cpu);
- }
- s->cpu->mmucr = mem_value & ~MMUCR_TI;
- return;
- case SH7750_PTEH_A7:
- /* If asid changes, clear all registered tlb entries. */
- if ((s->cpu->pteh & 0xff) != (mem_value & 0xff))
- tlb_flush(s->cpu, 1);
- s->cpu->pteh = mem_value;
- return;
- case SH7750_PTEL_A7:
- s->cpu->ptel = mem_value;
- return;
- case SH7750_PTEA_A7:
- s->cpu->ptea = mem_value & 0x0000000f;
- return;
- case SH7750_TTB_A7:
- s->cpu->ttb = mem_value;
- return;
- case SH7750_TEA_A7:
- s->cpu->tea = mem_value;
- return;
- case SH7750_TRA_A7:
- s->cpu->tra = mem_value & 0x000007ff;
- return;
- case SH7750_EXPEVT_A7:
- s->cpu->expevt = mem_value & 0x000007ff;
- return;
- case SH7750_INTEVT_A7:
- s->cpu->intevt = mem_value & 0x000007ff;
- return;
- case SH7750_CCR_A7:
- s->ccr = mem_value;
- return;
- default:
- error_access("long write", addr);
- abort();
- }
-}
-
-static const MemoryRegionOps sh7750_mem_ops = {
- .old_mmio = {
- .read = {sh7750_mem_readb,
- sh7750_mem_readw,
- sh7750_mem_readl },
- .write = {sh7750_mem_writeb,
- sh7750_mem_writew,
- sh7750_mem_writel },
- },
- .endianness = DEVICE_NATIVE_ENDIAN,
-};
-
-/* sh775x interrupt controller tables for sh_intc.c
- * stolen from linux/arch/sh/kernel/cpu/sh4/setup-sh7750.c
- */
-
-enum {
- UNUSED = 0,
-
- /* interrupt sources */
- IRL_0, IRL_1, IRL_2, IRL_3, IRL_4, IRL_5, IRL_6, IRL_7,
- IRL_8, IRL_9, IRL_A, IRL_B, IRL_C, IRL_D, IRL_E,
- IRL0, IRL1, IRL2, IRL3,
- HUDI, GPIOI,
- DMAC_DMTE0, DMAC_DMTE1, DMAC_DMTE2, DMAC_DMTE3,
- DMAC_DMTE4, DMAC_DMTE5, DMAC_DMTE6, DMAC_DMTE7,
- DMAC_DMAE,
- PCIC0_PCISERR, PCIC1_PCIERR, PCIC1_PCIPWDWN, PCIC1_PCIPWON,
- PCIC1_PCIDMA0, PCIC1_PCIDMA1, PCIC1_PCIDMA2, PCIC1_PCIDMA3,
- TMU3, TMU4, TMU0, TMU1, TMU2_TUNI, TMU2_TICPI,
- RTC_ATI, RTC_PRI, RTC_CUI,
- SCI1_ERI, SCI1_RXI, SCI1_TXI, SCI1_TEI,
- SCIF_ERI, SCIF_RXI, SCIF_BRI, SCIF_TXI,
- WDT,
- REF_RCMI, REF_ROVI,
-
- /* interrupt groups */
- DMAC, PCIC1, TMU2, RTC, SCI1, SCIF, REF,
- /* irl bundle */
- IRL,
-
- NR_SOURCES,
-};
-
-static struct intc_vect vectors[] = {
- INTC_VECT(HUDI, 0x600), INTC_VECT(GPIOI, 0x620),
- INTC_VECT(TMU0, 0x400), INTC_VECT(TMU1, 0x420),
- INTC_VECT(TMU2_TUNI, 0x440), INTC_VECT(TMU2_TICPI, 0x460),
- INTC_VECT(RTC_ATI, 0x480), INTC_VECT(RTC_PRI, 0x4a0),
- INTC_VECT(RTC_CUI, 0x4c0),
- INTC_VECT(SCI1_ERI, 0x4e0), INTC_VECT(SCI1_RXI, 0x500),
- INTC_VECT(SCI1_TXI, 0x520), INTC_VECT(SCI1_TEI, 0x540),
- INTC_VECT(SCIF_ERI, 0x700), INTC_VECT(SCIF_RXI, 0x720),
- INTC_VECT(SCIF_BRI, 0x740), INTC_VECT(SCIF_TXI, 0x760),
- INTC_VECT(WDT, 0x560),
- INTC_VECT(REF_RCMI, 0x580), INTC_VECT(REF_ROVI, 0x5a0),
-};
-
-static struct intc_group groups[] = {
- INTC_GROUP(TMU2, TMU2_TUNI, TMU2_TICPI),
- INTC_GROUP(RTC, RTC_ATI, RTC_PRI, RTC_CUI),
- INTC_GROUP(SCI1, SCI1_ERI, SCI1_RXI, SCI1_TXI, SCI1_TEI),
- INTC_GROUP(SCIF, SCIF_ERI, SCIF_RXI, SCIF_BRI, SCIF_TXI),
- INTC_GROUP(REF, REF_RCMI, REF_ROVI),
-};
-
-static struct intc_prio_reg prio_registers[] = {
- { 0xffd00004, 0, 16, 4, /* IPRA */ { TMU0, TMU1, TMU2, RTC } },
- { 0xffd00008, 0, 16, 4, /* IPRB */ { WDT, REF, SCI1, 0 } },
- { 0xffd0000c, 0, 16, 4, /* IPRC */ { GPIOI, DMAC, SCIF, HUDI } },
- { 0xffd00010, 0, 16, 4, /* IPRD */ { IRL0, IRL1, IRL2, IRL3 } },
- { 0xfe080000, 0, 32, 4, /* INTPRI00 */ { 0, 0, 0, 0,
- TMU4, TMU3,
- PCIC1, PCIC0_PCISERR } },
-};
-
-/* SH7750, SH7750S, SH7751 and SH7091 all have 4-channel DMA controllers */
-
-static struct intc_vect vectors_dma4[] = {
- INTC_VECT(DMAC_DMTE0, 0x640), INTC_VECT(DMAC_DMTE1, 0x660),
- INTC_VECT(DMAC_DMTE2, 0x680), INTC_VECT(DMAC_DMTE3, 0x6a0),
- INTC_VECT(DMAC_DMAE, 0x6c0),
-};
-
-static struct intc_group groups_dma4[] = {
- INTC_GROUP(DMAC, DMAC_DMTE0, DMAC_DMTE1, DMAC_DMTE2,
- DMAC_DMTE3, DMAC_DMAE),
-};
-
-/* SH7750R and SH7751R both have 8-channel DMA controllers */
-
-static struct intc_vect vectors_dma8[] = {
- INTC_VECT(DMAC_DMTE0, 0x640), INTC_VECT(DMAC_DMTE1, 0x660),
- INTC_VECT(DMAC_DMTE2, 0x680), INTC_VECT(DMAC_DMTE3, 0x6a0),
- INTC_VECT(DMAC_DMTE4, 0x780), INTC_VECT(DMAC_DMTE5, 0x7a0),
- INTC_VECT(DMAC_DMTE6, 0x7c0), INTC_VECT(DMAC_DMTE7, 0x7e0),
- INTC_VECT(DMAC_DMAE, 0x6c0),
-};
-
-static struct intc_group groups_dma8[] = {
- INTC_GROUP(DMAC, DMAC_DMTE0, DMAC_DMTE1, DMAC_DMTE2,
- DMAC_DMTE3, DMAC_DMTE4, DMAC_DMTE5,
- DMAC_DMTE6, DMAC_DMTE7, DMAC_DMAE),
-};
-
-/* SH7750R, SH7751 and SH7751R all have two extra timer channels */
-
-static struct intc_vect vectors_tmu34[] = {
- INTC_VECT(TMU3, 0xb00), INTC_VECT(TMU4, 0xb80),
-};
-
-static struct intc_mask_reg mask_registers[] = {
- { 0xfe080040, 0xfe080060, 32, /* INTMSK00 / INTMSKCLR00 */
- { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
- 0, 0, 0, 0, 0, 0, TMU4, TMU3,
- PCIC1_PCIERR, PCIC1_PCIPWDWN, PCIC1_PCIPWON,
- PCIC1_PCIDMA0, PCIC1_PCIDMA1, PCIC1_PCIDMA2,
- PCIC1_PCIDMA3, PCIC0_PCISERR } },
-};
-
-/* SH7750S, SH7750R, SH7751 and SH7751R all have IRLM priority registers */
-
-static struct intc_vect vectors_irlm[] = {
- INTC_VECT(IRL0, 0x240), INTC_VECT(IRL1, 0x2a0),
- INTC_VECT(IRL2, 0x300), INTC_VECT(IRL3, 0x360),
-};
-
-/* SH7751 and SH7751R both have PCI */
-
-static struct intc_vect vectors_pci[] = {
- INTC_VECT(PCIC0_PCISERR, 0xa00), INTC_VECT(PCIC1_PCIERR, 0xae0),
- INTC_VECT(PCIC1_PCIPWDWN, 0xac0), INTC_VECT(PCIC1_PCIPWON, 0xaa0),
- INTC_VECT(PCIC1_PCIDMA0, 0xa80), INTC_VECT(PCIC1_PCIDMA1, 0xa60),
- INTC_VECT(PCIC1_PCIDMA2, 0xa40), INTC_VECT(PCIC1_PCIDMA3, 0xa20),
-};
-
-static struct intc_group groups_pci[] = {
- INTC_GROUP(PCIC1, PCIC1_PCIERR, PCIC1_PCIPWDWN, PCIC1_PCIPWON,
- PCIC1_PCIDMA0, PCIC1_PCIDMA1, PCIC1_PCIDMA2, PCIC1_PCIDMA3),
-};
-
-static struct intc_vect vectors_irl[] = {
- INTC_VECT(IRL_0, 0x200),
- INTC_VECT(IRL_1, 0x220),
- INTC_VECT(IRL_2, 0x240),
- INTC_VECT(IRL_3, 0x260),
- INTC_VECT(IRL_4, 0x280),
- INTC_VECT(IRL_5, 0x2a0),
- INTC_VECT(IRL_6, 0x2c0),
- INTC_VECT(IRL_7, 0x2e0),
- INTC_VECT(IRL_8, 0x300),
- INTC_VECT(IRL_9, 0x320),
- INTC_VECT(IRL_A, 0x340),
- INTC_VECT(IRL_B, 0x360),
- INTC_VECT(IRL_C, 0x380),
- INTC_VECT(IRL_D, 0x3a0),
- INTC_VECT(IRL_E, 0x3c0),
-};
-
-static struct intc_group groups_irl[] = {
- INTC_GROUP(IRL, IRL_0, IRL_1, IRL_2, IRL_3, IRL_4, IRL_5, IRL_6,
- IRL_7, IRL_8, IRL_9, IRL_A, IRL_B, IRL_C, IRL_D, IRL_E),
-};
-
-/**********************************************************************
- Memory mapped cache and TLB
-**********************************************************************/
-
-#define MM_REGION_MASK 0x07000000
-#define MM_ICACHE_ADDR (0)
-#define MM_ICACHE_DATA (1)
-#define MM_ITLB_ADDR (2)
-#define MM_ITLB_DATA (3)
-#define MM_OCACHE_ADDR (4)
-#define MM_OCACHE_DATA (5)
-#define MM_UTLB_ADDR (6)
-#define MM_UTLB_DATA (7)
-#define MM_REGION_TYPE(addr) ((addr & MM_REGION_MASK) >> 24)
-
-static uint64_t invalid_read(void *opaque, hwaddr addr)
-{
- abort();
-
- return 0;
-}
-
-static uint64_t sh7750_mmct_read(void *opaque, hwaddr addr,
- unsigned size)
-{
- SH7750State *s = opaque;
- uint32_t ret = 0;
-
- if (size != 4) {
- return invalid_read(opaque, addr);
- }
-
- switch (MM_REGION_TYPE(addr)) {
- case MM_ICACHE_ADDR:
- case MM_ICACHE_DATA:
- /* do nothing */
- break;
- case MM_ITLB_ADDR:
- ret = cpu_sh4_read_mmaped_itlb_addr(s->cpu, addr);
- break;
- case MM_ITLB_DATA:
- ret = cpu_sh4_read_mmaped_itlb_data(s->cpu, addr);
- break;
- case MM_OCACHE_ADDR:
- case MM_OCACHE_DATA:
- /* do nothing */
- break;
- case MM_UTLB_ADDR:
- ret = cpu_sh4_read_mmaped_utlb_addr(s->cpu, addr);
- break;
- case MM_UTLB_DATA:
- ret = cpu_sh4_read_mmaped_utlb_data(s->cpu, addr);
- break;
- default:
- abort();
- }
-
- return ret;
-}
-
-static void invalid_write(void *opaque, hwaddr addr,
- uint64_t mem_value)
-{
- abort();
-}
-
-static void sh7750_mmct_write(void *opaque, hwaddr addr,
- uint64_t mem_value, unsigned size)
-{
- SH7750State *s = opaque;
-
- if (size != 4) {
- invalid_write(opaque, addr, mem_value);
- }
-
- switch (MM_REGION_TYPE(addr)) {
- case MM_ICACHE_ADDR:
- case MM_ICACHE_DATA:
- /* do nothing */
- break;
- case MM_ITLB_ADDR:
- cpu_sh4_write_mmaped_itlb_addr(s->cpu, addr, mem_value);
- break;
- case MM_ITLB_DATA:
- cpu_sh4_write_mmaped_itlb_data(s->cpu, addr, mem_value);
- abort();
- break;
- case MM_OCACHE_ADDR:
- case MM_OCACHE_DATA:
- /* do nothing */
- break;
- case MM_UTLB_ADDR:
- cpu_sh4_write_mmaped_utlb_addr(s->cpu, addr, mem_value);
- break;
- case MM_UTLB_DATA:
- cpu_sh4_write_mmaped_utlb_data(s->cpu, addr, mem_value);
- break;
- default:
- abort();
- break;
- }
-}
-
-static const MemoryRegionOps sh7750_mmct_ops = {
- .read = sh7750_mmct_read,
- .write = sh7750_mmct_write,
- .endianness = DEVICE_NATIVE_ENDIAN,
-};
-
-SH7750State *sh7750_init(CPUSH4State * cpu, MemoryRegion *sysmem)
-{
- SH7750State *s;
-
- s = g_malloc0(sizeof(SH7750State));
- s->cpu = cpu;
- s->periph_freq = 60000000; /* 60MHz */
- memory_region_init_io(&s->iomem, &sh7750_mem_ops, s,
- "memory", 0x1fc01000);
-
- memory_region_init_alias(&s->iomem_1f0, "memory-1f0",
- &s->iomem, 0x1f000000, 0x1000);
- memory_region_add_subregion(sysmem, 0x1f000000, &s->iomem_1f0);
-
- memory_region_init_alias(&s->iomem_ff0, "memory-ff0",
- &s->iomem, 0x1f000000, 0x1000);
- memory_region_add_subregion(sysmem, 0xff000000, &s->iomem_ff0);
-
- memory_region_init_alias(&s->iomem_1f8, "memory-1f8",
- &s->iomem, 0x1f800000, 0x1000);
- memory_region_add_subregion(sysmem, 0x1f800000, &s->iomem_1f8);
-
- memory_region_init_alias(&s->iomem_ff8, "memory-ff8",
- &s->iomem, 0x1f800000, 0x1000);
- memory_region_add_subregion(sysmem, 0xff800000, &s->iomem_ff8);
-
- memory_region_init_alias(&s->iomem_1fc, "memory-1fc",
- &s->iomem, 0x1fc00000, 0x1000);
- memory_region_add_subregion(sysmem, 0x1fc00000, &s->iomem_1fc);
-
- memory_region_init_alias(&s->iomem_ffc, "memory-ffc",
- &s->iomem, 0x1fc00000, 0x1000);
- memory_region_add_subregion(sysmem, 0xffc00000, &s->iomem_ffc);
-
- memory_region_init_io(&s->mmct_iomem, &sh7750_mmct_ops, s,
- "cache-and-tlb", 0x08000000);
- memory_region_add_subregion(sysmem, 0xf0000000, &s->mmct_iomem);
-
- sh_intc_init(sysmem, &s->intc, NR_SOURCES,
- _INTC_ARRAY(mask_registers),
- _INTC_ARRAY(prio_registers));
-
- sh_intc_register_sources(&s->intc,
- _INTC_ARRAY(vectors),
- _INTC_ARRAY(groups));
-
- cpu->intc_handle = &s->intc;
-
- sh_serial_init(sysmem, 0x1fe00000,
- 0, s->periph_freq, serial_hds[0],
- s->intc.irqs[SCI1_ERI],
- s->intc.irqs[SCI1_RXI],
- s->intc.irqs[SCI1_TXI],
- s->intc.irqs[SCI1_TEI],
- NULL);
- sh_serial_init(sysmem, 0x1fe80000,
- SH_SERIAL_FEAT_SCIF,
- s->periph_freq, serial_hds[1],
- s->intc.irqs[SCIF_ERI],
- s->intc.irqs[SCIF_RXI],
- s->intc.irqs[SCIF_TXI],
- NULL,
- s->intc.irqs[SCIF_BRI]);
-
- tmu012_init(sysmem, 0x1fd80000,
- TMU012_FEAT_TOCR | TMU012_FEAT_3CHAN | TMU012_FEAT_EXTCLK,
- s->periph_freq,
- s->intc.irqs[TMU0],
- s->intc.irqs[TMU1],
- s->intc.irqs[TMU2_TUNI],
- s->intc.irqs[TMU2_TICPI]);
-
- if (cpu->id & (SH_CPU_SH7750 | SH_CPU_SH7750S | SH_CPU_SH7751)) {
- sh_intc_register_sources(&s->intc,
- _INTC_ARRAY(vectors_dma4),
- _INTC_ARRAY(groups_dma4));
- }
-
- if (cpu->id & (SH_CPU_SH7750R | SH_CPU_SH7751R)) {
- sh_intc_register_sources(&s->intc,
- _INTC_ARRAY(vectors_dma8),
- _INTC_ARRAY(groups_dma8));
- }
-
- if (cpu->id & (SH_CPU_SH7750R | SH_CPU_SH7751 | SH_CPU_SH7751R)) {
- sh_intc_register_sources(&s->intc,
- _INTC_ARRAY(vectors_tmu34),
- NULL, 0);
- tmu012_init(sysmem, 0x1e100000, 0, s->periph_freq,
- s->intc.irqs[TMU3],
- s->intc.irqs[TMU4],
- NULL, NULL);
- }
-
- if (cpu->id & (SH_CPU_SH7751_ALL)) {
- sh_intc_register_sources(&s->intc,
- _INTC_ARRAY(vectors_pci),
- _INTC_ARRAY(groups_pci));
- }
-
- if (cpu->id & (SH_CPU_SH7750S | SH_CPU_SH7750R | SH_CPU_SH7751_ALL)) {
- sh_intc_register_sources(&s->intc,
- _INTC_ARRAY(vectors_irlm),
- NULL, 0);
- }
-
- sh_intc_register_sources(&s->intc,
- _INTC_ARRAY(vectors_irl),
- _INTC_ARRAY(groups_irl));
- return s;
-}
-
-qemu_irq sh7750_irl(SH7750State *s)
-{
- sh_intc_toggle_source(sh_intc_source(&s->intc, IRL), 1, 0); /* enable */
- return qemu_allocate_irqs(sh_intc_set_irl, sh_intc_source(&s->intc, IRL),
- 1)[0];
-}
diff --git a/hw/sh7750_regnames.c b/hw/sh7750_regnames.c
deleted file mode 100644
index 5a5a2d80d..000000000
--- a/hw/sh7750_regnames.c
+++ /dev/null
@@ -1,97 +0,0 @@
-#include "hw.h"
-#include "sh.h"
-#include "sh7750_regs.h"
-#include "sh7750_regnames.h"
-
-#define REGNAME(r) {r, #r},
-
-typedef struct {
- uint32_t regaddr;
- const char *regname;
-} regname_t;
-
-static regname_t regnames[] = {
- REGNAME(SH7750_PTEH_A7)
- REGNAME(SH7750_PTEL_A7)
- REGNAME(SH7750_PTEA_A7)
- REGNAME(SH7750_TTB_A7)
- REGNAME(SH7750_TEA_A7)
- REGNAME(SH7750_MMUCR_A7)
- REGNAME(SH7750_CCR_A7)
- REGNAME(SH7750_QACR0_A7)
- REGNAME(SH7750_QACR1_A7)
- REGNAME(SH7750_TRA_A7)
- REGNAME(SH7750_EXPEVT_A7)
- REGNAME(SH7750_INTEVT_A7)
- REGNAME(SH7750_STBCR_A7)
- REGNAME(SH7750_STBCR2_A7)
- REGNAME(SH7750_FRQCR_A7)
- REGNAME(SH7750_WTCNT_A7)
- REGNAME(SH7750_WTCSR_A7)
- REGNAME(SH7750_R64CNT_A7)
- REGNAME(SH7750_RSECCNT_A7)
- REGNAME(SH7750_RMINCNT_A7)
- REGNAME(SH7750_RHRCNT_A7)
- REGNAME(SH7750_RWKCNT_A7)
- REGNAME(SH7750_RDAYCNT_A7)
- REGNAME(SH7750_RMONCNT_A7)
- REGNAME(SH7750_RYRCNT_A7)
- REGNAME(SH7750_RSECAR_A7)
- REGNAME(SH7750_RMINAR_A7)
- REGNAME(SH7750_RHRAR_A7)
- REGNAME(SH7750_RWKAR_A7)
- REGNAME(SH7750_RDAYAR_A7)
- REGNAME(SH7750_RMONAR_A7)
- REGNAME(SH7750_RCR1_A7)
- REGNAME(SH7750_RCR2_A7)
- REGNAME(SH7750_BCR1_A7)
- REGNAME(SH7750_BCR2_A7)
- REGNAME(SH7750_WCR1_A7)
- REGNAME(SH7750_WCR2_A7)
- REGNAME(SH7750_WCR3_A7)
- REGNAME(SH7750_MCR_A7)
- REGNAME(SH7750_PCR_A7)
- REGNAME(SH7750_RTCSR_A7)
- REGNAME(SH7750_RTCNT_A7)
- REGNAME(SH7750_RTCOR_A7)
- REGNAME(SH7750_RFCR_A7)
- REGNAME(SH7750_SAR0_A7)
- REGNAME(SH7750_SAR1_A7)
- REGNAME(SH7750_SAR2_A7)
- REGNAME(SH7750_SAR3_A7)
- REGNAME(SH7750_DAR0_A7)
- REGNAME(SH7750_DAR1_A7)
- REGNAME(SH7750_DAR2_A7)
- REGNAME(SH7750_DAR3_A7)
- REGNAME(SH7750_DMATCR0_A7)
- REGNAME(SH7750_DMATCR1_A7)
- REGNAME(SH7750_DMATCR2_A7)
- REGNAME(SH7750_DMATCR3_A7)
- REGNAME(SH7750_CHCR0_A7)
- REGNAME(SH7750_CHCR1_A7)
- REGNAME(SH7750_CHCR2_A7)
- REGNAME(SH7750_CHCR3_A7)
- REGNAME(SH7750_DMAOR_A7)
- REGNAME(SH7750_PCTRA_A7)
- REGNAME(SH7750_PDTRA_A7)
- REGNAME(SH7750_PCTRB_A7)
- REGNAME(SH7750_PDTRB_A7)
- REGNAME(SH7750_GPIOIC_A7)
- REGNAME(SH7750_ICR_A7)
- REGNAME(SH7750_BCR3_A7)
- REGNAME(SH7750_BCR4_A7)
- REGNAME(SH7750_SDMR2_A7)
- REGNAME(SH7750_SDMR3_A7) {(uint32_t) - 1, NULL}
-};
-
-const char *regname(uint32_t addr)
-{
- unsigned int i;
-
- for (i = 0; regnames[i].regaddr != (uint32_t) - 1; i++) {
- if (regnames[i].regaddr == addr)
- return regnames[i].regname;
- }
-
- return "<unknown reg>";
-}
diff --git a/hw/sh_intc.c b/hw/sh_intc.c
deleted file mode 100644
index c3f77d509..000000000
--- a/hw/sh_intc.c
+++ /dev/null
@@ -1,511 +0,0 @@
-/*
- * SuperH interrupt controller module
- *
- * Copyright (c) 2007 Magnus Damm
- * Based on sh_timer.c and arm_timer.c by Paul Brook
- * Copyright (c) 2005-2006 CodeSourcery.
- *
- * This code is licensed under the GPL.
- */
-
-#include "sh_intc.h"
-#include "hw.h"
-#include "sh.h"
-
-//#define DEBUG_INTC
-//#define DEBUG_INTC_SOURCES
-
-#define INTC_A7(x) ((x) & 0x1fffffff)
-
-void sh_intc_toggle_source(struct intc_source *source,
- int enable_adj, int assert_adj)
-{
- int enable_changed = 0;
- int pending_changed = 0;
- int old_pending;
-
- if ((source->enable_count == source->enable_max) && (enable_adj == -1))
- enable_changed = -1;
-
- source->enable_count += enable_adj;
-
- if (source->enable_count == source->enable_max)
- enable_changed = 1;
-
- source->asserted += assert_adj;
-
- old_pending = source->pending;
- source->pending = source->asserted &&
- (source->enable_count == source->enable_max);
-
- if (old_pending != source->pending)
- pending_changed = 1;
-
- if (pending_changed) {
- if (source->pending) {
- source->parent->pending++;
- if (source->parent->pending == 1)
- cpu_interrupt(first_cpu, CPU_INTERRUPT_HARD);
- }
- else {
- source->parent->pending--;
- if (source->parent->pending == 0)
- cpu_reset_interrupt(first_cpu, CPU_INTERRUPT_HARD);
- }
- }
-
- if (enable_changed || assert_adj || pending_changed) {
-#ifdef DEBUG_INTC_SOURCES
- printf("sh_intc: (%d/%d/%d/%d) interrupt source 0x%x %s%s%s\n",
- source->parent->pending,
- source->asserted,
- source->enable_count,
- source->enable_max,
- source->vect,
- source->asserted ? "asserted " :
- assert_adj ? "deasserted" : "",
- enable_changed == 1 ? "enabled " :
- enable_changed == -1 ? "disabled " : "",
- source->pending ? "pending" : "");
-#endif
- }
-}
-
-static void sh_intc_set_irq (void *opaque, int n, int level)
-{
- struct intc_desc *desc = opaque;
- struct intc_source *source = &(desc->sources[n]);
-
- if (level && !source->asserted)
- sh_intc_toggle_source(source, 0, 1);
- else if (!level && source->asserted)
- sh_intc_toggle_source(source, 0, -1);
-}
-
-int sh_intc_get_pending_vector(struct intc_desc *desc, int imask)
-{
- unsigned int i;
-
- /* slow: use a linked lists of pending sources instead */
- /* wrong: take interrupt priority into account (one list per priority) */
-
- if (imask == 0x0f) {
- return -1; /* FIXME, update code to include priority per source */
- }
-
- for (i = 0; i < desc->nr_sources; i++) {
- struct intc_source *source = desc->sources + i;
-
- if (source->pending) {
-#ifdef DEBUG_INTC_SOURCES
- printf("sh_intc: (%d) returning interrupt source 0x%x\n",
- desc->pending, source->vect);
-#endif
- return source->vect;
- }
- }
-
- abort();
-}
-
-#define INTC_MODE_NONE 0
-#define INTC_MODE_DUAL_SET 1
-#define INTC_MODE_DUAL_CLR 2
-#define INTC_MODE_ENABLE_REG 3
-#define INTC_MODE_MASK_REG 4
-#define INTC_MODE_IS_PRIO 8
-
-static unsigned int sh_intc_mode(unsigned long address,
- unsigned long set_reg, unsigned long clr_reg)
-{
- if ((address != INTC_A7(set_reg)) &&
- (address != INTC_A7(clr_reg)))
- return INTC_MODE_NONE;
-
- if (set_reg && clr_reg) {
- if (address == INTC_A7(set_reg))
- return INTC_MODE_DUAL_SET;
- else
- return INTC_MODE_DUAL_CLR;
- }
-
- if (set_reg)
- return INTC_MODE_ENABLE_REG;
- else
- return INTC_MODE_MASK_REG;
-}
-
-static void sh_intc_locate(struct intc_desc *desc,
- unsigned long address,
- unsigned long **datap,
- intc_enum **enums,
- unsigned int *first,
- unsigned int *width,
- unsigned int *modep)
-{
- unsigned int i, mode;
-
- /* this is slow but works for now */
-
- if (desc->mask_regs) {
- for (i = 0; i < desc->nr_mask_regs; i++) {
- struct intc_mask_reg *mr = desc->mask_regs + i;
-
- mode = sh_intc_mode(address, mr->set_reg, mr->clr_reg);
- if (mode == INTC_MODE_NONE)
- continue;
-
- *modep = mode;
- *datap = &mr->value;
- *enums = mr->enum_ids;
- *first = mr->reg_width - 1;
- *width = 1;
- return;
- }
- }
-
- if (desc->prio_regs) {
- for (i = 0; i < desc->nr_prio_regs; i++) {
- struct intc_prio_reg *pr = desc->prio_regs + i;
-
- mode = sh_intc_mode(address, pr->set_reg, pr->clr_reg);
- if (mode == INTC_MODE_NONE)
- continue;
-
- *modep = mode | INTC_MODE_IS_PRIO;
- *datap = &pr->value;
- *enums = pr->enum_ids;
- *first = (pr->reg_width / pr->field_width) - 1;
- *width = pr->field_width;
- return;
- }
- }
-
- abort();
-}
-
-static void sh_intc_toggle_mask(struct intc_desc *desc, intc_enum id,
- int enable, int is_group)
-{
- struct intc_source *source = desc->sources + id;
-
- if (!id)
- return;
-
- if (!source->next_enum_id && (!source->enable_max || !source->vect)) {
-#ifdef DEBUG_INTC_SOURCES
- printf("sh_intc: reserved interrupt source %d modified\n", id);
-#endif
- return;
- }
-
- if (source->vect)
- sh_intc_toggle_source(source, enable ? 1 : -1, 0);
-
-#ifdef DEBUG_INTC
- else {
- printf("setting interrupt group %d to %d\n", id, !!enable);
- }
-#endif
-
- if ((is_group || !source->vect) && source->next_enum_id) {
- sh_intc_toggle_mask(desc, source->next_enum_id, enable, 1);
- }
-
-#ifdef DEBUG_INTC
- if (!source->vect) {
- printf("setting interrupt group %d to %d - done\n", id, !!enable);
- }
-#endif
-}
-
-static uint64_t sh_intc_read(void *opaque, hwaddr offset,
- unsigned size)
-{
- struct intc_desc *desc = opaque;
- intc_enum *enum_ids = NULL;
- unsigned int first = 0;
- unsigned int width = 0;
- unsigned int mode = 0;
- unsigned long *valuep;
-
-#ifdef DEBUG_INTC
- printf("sh_intc_read 0x%lx\n", (unsigned long) offset);
-#endif
-
- sh_intc_locate(desc, (unsigned long)offset, &valuep,
- &enum_ids, &first, &width, &mode);
- return *valuep;
-}
-
-static void sh_intc_write(void *opaque, hwaddr offset,
- uint64_t value, unsigned size)
-{
- struct intc_desc *desc = opaque;
- intc_enum *enum_ids = NULL;
- unsigned int first = 0;
- unsigned int width = 0;
- unsigned int mode = 0;
- unsigned int k;
- unsigned long *valuep;
- unsigned long mask;
-
-#ifdef DEBUG_INTC
- printf("sh_intc_write 0x%lx 0x%08x\n", (unsigned long) offset, value);
-#endif
-
- sh_intc_locate(desc, (unsigned long)offset, &valuep,
- &enum_ids, &first, &width, &mode);
-
- switch (mode) {
- case INTC_MODE_ENABLE_REG | INTC_MODE_IS_PRIO: break;
- case INTC_MODE_DUAL_SET: value |= *valuep; break;
- case INTC_MODE_DUAL_CLR: value = *valuep & ~value; break;
- default: abort();
- }
-
- for (k = 0; k <= first; k++) {
- mask = ((1 << width) - 1) << ((first - k) * width);
-
- if ((*valuep & mask) == (value & mask))
- continue;
-#if 0
- printf("k = %d, first = %d, enum = %d, mask = 0x%08x\n",
- k, first, enum_ids[k], (unsigned int)mask);
-#endif
- sh_intc_toggle_mask(desc, enum_ids[k], value & mask, 0);
- }
-
- *valuep = value;
-
-#ifdef DEBUG_INTC
- printf("sh_intc_write 0x%lx -> 0x%08x\n", (unsigned long) offset, value);
-#endif
-}
-
-static const MemoryRegionOps sh_intc_ops = {
- .read = sh_intc_read,
- .write = sh_intc_write,
- .endianness = DEVICE_NATIVE_ENDIAN,
-};
-
-struct intc_source *sh_intc_source(struct intc_desc *desc, intc_enum id)
-{
- if (id)
- return desc->sources + id;
-
- return NULL;
-}
-
-static unsigned int sh_intc_register(MemoryRegion *sysmem,
- struct intc_desc *desc,
- const unsigned long address,
- const char *type,
- const char *action,
- const unsigned int index)
-{
- char name[60];
- MemoryRegion *iomem, *iomem_p4, *iomem_a7;
-
- if (!address) {
- return 0;
- }
-
- iomem = &desc->iomem;
- iomem_p4 = desc->iomem_aliases + index;
- iomem_a7 = iomem_p4 + 1;
-
-#define SH_INTC_IOMEM_FORMAT "interrupt-controller-%s-%s-%s"
- snprintf(name, sizeof(name), SH_INTC_IOMEM_FORMAT, type, action, "p4");
- memory_region_init_alias(iomem_p4, name, iomem, INTC_A7(address), 4);
- memory_region_add_subregion(sysmem, P4ADDR(address), iomem_p4);
-
- snprintf(name, sizeof(name), SH_INTC_IOMEM_FORMAT, type, action, "a7");
- memory_region_init_alias(iomem_a7, name, iomem, INTC_A7(address), 4);
- memory_region_add_subregion(sysmem, A7ADDR(address), iomem_a7);
-#undef SH_INTC_IOMEM_FORMAT
-
- /* used to increment aliases index */
- return 2;
-}
-
-static void sh_intc_register_source(struct intc_desc *desc,
- intc_enum source,
- struct intc_group *groups,
- int nr_groups)
-{
- unsigned int i, k;
- struct intc_source *s;
-
- if (desc->mask_regs) {
- for (i = 0; i < desc->nr_mask_regs; i++) {
- struct intc_mask_reg *mr = desc->mask_regs + i;
-
- for (k = 0; k < ARRAY_SIZE(mr->enum_ids); k++) {
- if (mr->enum_ids[k] != source)
- continue;
-
- s = sh_intc_source(desc, mr->enum_ids[k]);
- if (s)
- s->enable_max++;
- }
- }
- }
-
- if (desc->prio_regs) {
- for (i = 0; i < desc->nr_prio_regs; i++) {
- struct intc_prio_reg *pr = desc->prio_regs + i;
-
- for (k = 0; k < ARRAY_SIZE(pr->enum_ids); k++) {
- if (pr->enum_ids[k] != source)
- continue;
-
- s = sh_intc_source(desc, pr->enum_ids[k]);
- if (s)
- s->enable_max++;
- }
- }
- }
-
- if (groups) {
- for (i = 0; i < nr_groups; i++) {
- struct intc_group *gr = groups + i;
-
- for (k = 0; k < ARRAY_SIZE(gr->enum_ids); k++) {
- if (gr->enum_ids[k] != source)
- continue;
-
- s = sh_intc_source(desc, gr->enum_ids[k]);
- if (s)
- s->enable_max++;
- }
- }
- }
-
-}
-
-void sh_intc_register_sources(struct intc_desc *desc,
- struct intc_vect *vectors,
- int nr_vectors,
- struct intc_group *groups,
- int nr_groups)
-{
- unsigned int i, k;
- struct intc_source *s;
-
- for (i = 0; i < nr_vectors; i++) {
- struct intc_vect *vect = vectors + i;
-
- sh_intc_register_source(desc, vect->enum_id, groups, nr_groups);
- s = sh_intc_source(desc, vect->enum_id);
- if (s) {
- s->vect = vect->vect;
-
-#ifdef DEBUG_INTC_SOURCES
- printf("sh_intc: registered source %d -> 0x%04x (%d/%d)\n",
- vect->enum_id, s->vect, s->enable_count, s->enable_max);
-#endif
- }
- }
-
- if (groups) {
- for (i = 0; i < nr_groups; i++) {
- struct intc_group *gr = groups + i;
-
- s = sh_intc_source(desc, gr->enum_id);
- s->next_enum_id = gr->enum_ids[0];
-
- for (k = 1; k < ARRAY_SIZE(gr->enum_ids); k++) {
- if (!gr->enum_ids[k])
- continue;
-
- s = sh_intc_source(desc, gr->enum_ids[k - 1]);
- s->next_enum_id = gr->enum_ids[k];
- }
-
-#ifdef DEBUG_INTC_SOURCES
- printf("sh_intc: registered group %d (%d/%d)\n",
- gr->enum_id, s->enable_count, s->enable_max);
-#endif
- }
- }
-}
-
-int sh_intc_init(MemoryRegion *sysmem,
- struct intc_desc *desc,
- int nr_sources,
- struct intc_mask_reg *mask_regs,
- int nr_mask_regs,
- struct intc_prio_reg *prio_regs,
- int nr_prio_regs)
-{
- unsigned int i, j;
-
- desc->pending = 0;
- desc->nr_sources = nr_sources;
- desc->mask_regs = mask_regs;
- desc->nr_mask_regs = nr_mask_regs;
- desc->prio_regs = prio_regs;
- desc->nr_prio_regs = nr_prio_regs;
- /* Allocate 4 MemoryRegions per register (2 actions * 2 aliases).
- **/
- desc->iomem_aliases = g_new0(MemoryRegion,
- (nr_mask_regs + nr_prio_regs) * 4);
-
- j = 0;
- i = sizeof(struct intc_source) * nr_sources;
- desc->sources = g_malloc0(i);
-
- for (i = 0; i < desc->nr_sources; i++) {
- struct intc_source *source = desc->sources + i;
-
- source->parent = desc;
- }
-
- desc->irqs = qemu_allocate_irqs(sh_intc_set_irq, desc, nr_sources);
-
- memory_region_init_io(&desc->iomem, &sh_intc_ops, desc,
- "interrupt-controller", 0x100000000ULL);
-
-#define INT_REG_PARAMS(reg_struct, type, action, j) \
- reg_struct->action##_reg, #type, #action, j
- if (desc->mask_regs) {
- for (i = 0; i < desc->nr_mask_regs; i++) {
- struct intc_mask_reg *mr = desc->mask_regs + i;
-
- j += sh_intc_register(sysmem, desc,
- INT_REG_PARAMS(mr, mask, set, j));
- j += sh_intc_register(sysmem, desc,
- INT_REG_PARAMS(mr, mask, clr, j));
- }
- }
-
- if (desc->prio_regs) {
- for (i = 0; i < desc->nr_prio_regs; i++) {
- struct intc_prio_reg *pr = desc->prio_regs + i;
-
- j += sh_intc_register(sysmem, desc,
- INT_REG_PARAMS(pr, prio, set, j));
- j += sh_intc_register(sysmem, desc,
- INT_REG_PARAMS(pr, prio, clr, j));
- }
- }
-#undef INT_REG_PARAMS
-
- return 0;
-}
-
-/* Assert level <n> IRL interrupt.
- 0:deassert. 1:lowest priority,... 15:highest priority. */
-void sh_intc_set_irl(void *opaque, int n, int level)
-{
- struct intc_source *s = opaque;
- int i, irl = level ^ 15;
- for (i = 0; (s = sh_intc_source(s->parent, s->next_enum_id)); i++) {
- if (i == irl)
- sh_intc_toggle_source(s, s->enable_count?0:1, s->asserted?0:1);
- else
- if (s->asserted)
- sh_intc_toggle_source(s, 0, -1);
- }
-}
diff --git a/hw/sh_intc.h b/hw/sh_intc.h
deleted file mode 100644
index 80c943057..000000000
--- a/hw/sh_intc.h
+++ /dev/null
@@ -1,83 +0,0 @@
-#ifndef __SH_INTC_H__
-#define __SH_INTC_H__
-
-#include "qemu-common.h"
-#include "irq.h"
-#include "exec-memory.h"
-
-typedef unsigned char intc_enum;
-
-struct intc_vect {
- intc_enum enum_id;
- unsigned short vect;
-};
-
-#define INTC_VECT(enum_id, vect) { enum_id, vect }
-
-struct intc_group {
- intc_enum enum_id;
- intc_enum enum_ids[32];
-};
-
-#define INTC_GROUP(enum_id, ...) { enum_id, { __VA_ARGS__ } }
-
-struct intc_mask_reg {
- unsigned long set_reg, clr_reg, reg_width;
- intc_enum enum_ids[32];
- unsigned long value;
-};
-
-struct intc_prio_reg {
- unsigned long set_reg, clr_reg, reg_width, field_width;
- intc_enum enum_ids[16];
- unsigned long value;
-};
-
-#define _INTC_ARRAY(a) a, ARRAY_SIZE(a)
-
-struct intc_source {
- unsigned short vect;
- intc_enum next_enum_id;
-
- int asserted; /* emulates the interrupt signal line from device to intc */
- int enable_count;
- int enable_max;
- int pending; /* emulates the result of signal and masking */
- struct intc_desc *parent;
-};
-
-struct intc_desc {
- MemoryRegion iomem;
- MemoryRegion *iomem_aliases;
- qemu_irq *irqs;
- struct intc_source *sources;
- int nr_sources;
- struct intc_mask_reg *mask_regs;
- int nr_mask_regs;
- struct intc_prio_reg *prio_regs;
- int nr_prio_regs;
- int pending; /* number of interrupt sources that has pending set */
-};
-
-int sh_intc_get_pending_vector(struct intc_desc *desc, int imask);
-struct intc_source *sh_intc_source(struct intc_desc *desc, intc_enum id);
-void sh_intc_toggle_source(struct intc_source *source,
- int enable_adj, int assert_adj);
-
-void sh_intc_register_sources(struct intc_desc *desc,
- struct intc_vect *vectors,
- int nr_vectors,
- struct intc_group *groups,
- int nr_groups);
-
-int sh_intc_init(MemoryRegion *sysmem,
- struct intc_desc *desc,
- int nr_sources,
- struct intc_mask_reg *mask_regs,
- int nr_mask_regs,
- struct intc_prio_reg *prio_regs,
- int nr_prio_regs);
-
-void sh_intc_set_irl(void *opaque, int n, int level);
-
-#endif /* __SH_INTC_H__ */
diff --git a/hw/sh_pci.c b/hw/sh_pci.c
deleted file mode 100644
index fdec71b9e..000000000
--- a/hw/sh_pci.c
+++ /dev/null
@@ -1,186 +0,0 @@
-/*
- * SuperH on-chip PCIC emulation.
- *
- * Copyright (c) 2008 Takashi YOSHII
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
- * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
- * THE SOFTWARE.
- */
-#include "sysbus.h"
-#include "sh.h"
-#include "pci.h"
-#include "pci_host.h"
-#include "bswap.h"
-#include "exec-memory.h"
-
-typedef struct SHPCIState {
- SysBusDevice busdev;
- PCIBus *bus;
- PCIDevice *dev;
- qemu_irq irq[4];
- MemoryRegion memconfig_p4;
- MemoryRegion memconfig_a7;
- MemoryRegion isa;
- uint32_t par;
- uint32_t mbr;
- uint32_t iobr;
-} SHPCIState;
-
-static void sh_pci_reg_write (void *p, hwaddr addr, uint64_t val,
- unsigned size)
-{
- SHPCIState *pcic = p;
- switch(addr) {
- case 0 ... 0xfc:
- cpu_to_le32w((uint32_t*)(pcic->dev->config + addr), val);
- break;
- case 0x1c0:
- pcic->par = val;
- break;
- case 0x1c4:
- pcic->mbr = val & 0xff000001;
- break;
- case 0x1c8:
- if ((val & 0xfffc0000) != (pcic->iobr & 0xfffc0000)) {
- memory_region_del_subregion(get_system_memory(), &pcic->isa);
- pcic->iobr = val & 0xfffc0001;
- memory_region_add_subregion(get_system_memory(),
- pcic->iobr & 0xfffc0000, &pcic->isa);
- }
- break;
- case 0x220:
- pci_data_write(pcic->bus, pcic->par, val, 4);
- break;
- }
-}
-
-static uint64_t sh_pci_reg_read (void *p, hwaddr addr,
- unsigned size)
-{
- SHPCIState *pcic = p;
- switch(addr) {
- case 0 ... 0xfc:
- return le32_to_cpup((uint32_t*)(pcic->dev->config + addr));
- case 0x1c0:
- return pcic->par;
- case 0x1c4:
- return pcic->mbr;
- case 0x1c8:
- return pcic->iobr;
- case 0x220:
- return pci_data_read(pcic->bus, pcic->par, 4);
- }
- return 0;
-}
-
-static const MemoryRegionOps sh_pci_reg_ops = {
- .read = sh_pci_reg_read,
- .write = sh_pci_reg_write,
- .endianness = DEVICE_NATIVE_ENDIAN,
- .valid = {
- .min_access_size = 4,
- .max_access_size = 4,
- },
-};
-
-static int sh_pci_map_irq(PCIDevice *d, int irq_num)
-{
- return (d->devfn >> 3);
-}
-
-static void sh_pci_set_irq(void *opaque, int irq_num, int level)
-{
- qemu_irq *pic = opaque;
-
- qemu_set_irq(pic[irq_num], level);
-}
-
-static int sh_pci_device_init(SysBusDevice *dev)
-{
- SHPCIState *s;
- int i;
-
- s = FROM_SYSBUS(SHPCIState, dev);
- for (i = 0; i < 4; i++) {
- sysbus_init_irq(dev, &s->irq[i]);
- }
- s->bus = pci_register_bus(&s->busdev.qdev, "pci",
- sh_pci_set_irq, sh_pci_map_irq,
- s->irq,
- get_system_memory(),
- get_system_io(),
- PCI_DEVFN(0, 0), 4);
- memory_region_init_io(&s->memconfig_p4, &sh_pci_reg_ops, s,
- "sh_pci", 0x224);
- memory_region_init_alias(&s->memconfig_a7, "sh_pci.2", &s->memconfig_p4,
- 0, 0x224);
- isa_mmio_setup(&s->isa, 0x40000);
- sysbus_init_mmio(dev, &s->memconfig_p4);
- sysbus_init_mmio(dev, &s->memconfig_a7);
- s->iobr = 0xfe240000;
- memory_region_add_subregion(get_system_memory(), s->iobr, &s->isa);
-
- s->dev = pci_create_simple(s->bus, PCI_DEVFN(0, 0), "sh_pci_host");
- return 0;
-}
-
-static int sh_pci_host_init(PCIDevice *d)
-{
- pci_set_word(d->config + PCI_COMMAND, PCI_COMMAND_WAIT);
- pci_set_word(d->config + PCI_STATUS, PCI_STATUS_CAP_LIST |
- PCI_STATUS_FAST_BACK | PCI_STATUS_DEVSEL_MEDIUM);
- return 0;
-}
-
-static void sh_pci_host_class_init(ObjectClass *klass, void *data)
-{
- PCIDeviceClass *k = PCI_DEVICE_CLASS(klass);
-
- k->init = sh_pci_host_init;
- k->vendor_id = PCI_VENDOR_ID_HITACHI;
- k->device_id = PCI_DEVICE_ID_HITACHI_SH7751R;
-}
-
-static TypeInfo sh_pci_host_info = {
- .name = "sh_pci_host",
- .parent = TYPE_PCI_DEVICE,
- .instance_size = sizeof(PCIDevice),
- .class_init = sh_pci_host_class_init,
-};
-
-static void sh_pci_device_class_init(ObjectClass *klass, void *data)
-{
- SysBusDeviceClass *sdc = SYS_BUS_DEVICE_CLASS(klass);
-
- sdc->init = sh_pci_device_init;
-}
-
-static TypeInfo sh_pci_device_info = {
- .name = "sh_pci",
- .parent = TYPE_SYS_BUS_DEVICE,
- .instance_size = sizeof(SHPCIState),
- .class_init = sh_pci_device_class_init,
-};
-
-static void sh_pci_register_types(void)
-{
- type_register_static(&sh_pci_device_info);
- type_register_static(&sh_pci_host_info);
-}
-
-type_init(sh_pci_register_types)
diff --git a/hw/sh_serial.c b/hw/sh_serial.c
deleted file mode 100644
index 9da5d08fe..000000000
--- a/hw/sh_serial.c
+++ /dev/null
@@ -1,408 +0,0 @@
-/*
- * QEMU SCI/SCIF serial port emulation
- *
- * Copyright (c) 2007 Magnus Damm
- *
- * Based on serial.c - QEMU 16450 UART emulation
- * Copyright (c) 2003-2004 Fabrice Bellard
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
- * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
- * THE SOFTWARE.
- */
-#include "hw.h"
-#include "sh.h"
-#include "qemu-char.h"
-#include "exec-memory.h"
-
-//#define DEBUG_SERIAL
-
-#define SH_SERIAL_FLAG_TEND (1 << 0)
-#define SH_SERIAL_FLAG_TDE (1 << 1)
-#define SH_SERIAL_FLAG_RDF (1 << 2)
-#define SH_SERIAL_FLAG_BRK (1 << 3)
-#define SH_SERIAL_FLAG_DR (1 << 4)
-
-#define SH_RX_FIFO_LENGTH (16)
-
-typedef struct {
- MemoryRegion iomem;
- MemoryRegion iomem_p4;
- MemoryRegion iomem_a7;
- uint8_t smr;
- uint8_t brr;
- uint8_t scr;
- uint8_t dr; /* ftdr / tdr */
- uint8_t sr; /* fsr / ssr */
- uint16_t fcr;
- uint8_t sptr;
-
- uint8_t rx_fifo[SH_RX_FIFO_LENGTH]; /* frdr / rdr */
- uint8_t rx_cnt;
- uint8_t rx_tail;
- uint8_t rx_head;
-
- int freq;
- int feat;
- int flags;
- int rtrg;
-
- CharDriverState *chr;
-
- qemu_irq eri;
- qemu_irq rxi;
- qemu_irq txi;
- qemu_irq tei;
- qemu_irq bri;
-} sh_serial_state;
-
-static void sh_serial_clear_fifo(sh_serial_state * s)
-{
- memset(s->rx_fifo, 0, SH_RX_FIFO_LENGTH);
- s->rx_cnt = 0;
- s->rx_head = 0;
- s->rx_tail = 0;
-}
-
-static void sh_serial_write(void *opaque, hwaddr offs,
- uint64_t val, unsigned size)
-{
- sh_serial_state *s = opaque;
- unsigned char ch;
-
-#ifdef DEBUG_SERIAL
- printf("sh_serial: write offs=0x%02x val=0x%02x\n",
- offs, val);
-#endif
- switch(offs) {
- case 0x00: /* SMR */
- s->smr = val & ((s->feat & SH_SERIAL_FEAT_SCIF) ? 0x7b : 0xff);
- return;
- case 0x04: /* BRR */
- s->brr = val;
- return;
- case 0x08: /* SCR */
- /* TODO : For SH7751, SCIF mask should be 0xfb. */
- s->scr = val & ((s->feat & SH_SERIAL_FEAT_SCIF) ? 0xfa : 0xff);
- if (!(val & (1 << 5)))
- s->flags |= SH_SERIAL_FLAG_TEND;
- if ((s->feat & SH_SERIAL_FEAT_SCIF) && s->txi) {
- qemu_set_irq(s->txi, val & (1 << 7));
- }
- if (!(val & (1 << 6))) {
- qemu_set_irq(s->rxi, 0);
- }
- return;
- case 0x0c: /* FTDR / TDR */
- if (s->chr) {
- ch = val;
- qemu_chr_fe_write(s->chr, &ch, 1);
- }
- s->dr = val;
- s->flags &= ~SH_SERIAL_FLAG_TDE;
- return;
-#if 0
- case 0x14: /* FRDR / RDR */
- ret = 0;
- break;
-#endif
- }
- if (s->feat & SH_SERIAL_FEAT_SCIF) {
- switch(offs) {
- case 0x10: /* FSR */
- if (!(val & (1 << 6)))
- s->flags &= ~SH_SERIAL_FLAG_TEND;
- if (!(val & (1 << 5)))
- s->flags &= ~SH_SERIAL_FLAG_TDE;
- if (!(val & (1 << 4)))
- s->flags &= ~SH_SERIAL_FLAG_BRK;
- if (!(val & (1 << 1)))
- s->flags &= ~SH_SERIAL_FLAG_RDF;
- if (!(val & (1 << 0)))
- s->flags &= ~SH_SERIAL_FLAG_DR;
-
- if (!(val & (1 << 1)) || !(val & (1 << 0))) {
- if (s->rxi) {
- qemu_set_irq(s->rxi, 0);
- }
- }
- return;
- case 0x18: /* FCR */
- s->fcr = val;
- switch ((val >> 6) & 3) {
- case 0:
- s->rtrg = 1;
- break;
- case 1:
- s->rtrg = 4;
- break;
- case 2:
- s->rtrg = 8;
- break;
- case 3:
- s->rtrg = 14;
- break;
- }
- if (val & (1 << 1)) {
- sh_serial_clear_fifo(s);
- s->sr &= ~(1 << 1);
- }
-
- return;
- case 0x20: /* SPTR */
- s->sptr = val & 0xf3;
- return;
- case 0x24: /* LSR */
- return;
- }
- }
- else {
- switch(offs) {
-#if 0
- case 0x0c:
- ret = s->dr;
- break;
- case 0x10:
- ret = 0;
- break;
-#endif
- case 0x1c:
- s->sptr = val & 0x8f;
- return;
- }
- }
-
- fprintf(stderr, "sh_serial: unsupported write to 0x%02"
- HWADDR_PRIx "\n", offs);
- abort();
-}
-
-static uint64_t sh_serial_read(void *opaque, hwaddr offs,
- unsigned size)
-{
- sh_serial_state *s = opaque;
- uint32_t ret = ~0;
-
-#if 0
- switch(offs) {
- case 0x00:
- ret = s->smr;
- break;
- case 0x04:
- ret = s->brr;
- break;
- case 0x08:
- ret = s->scr;
- break;
- case 0x14:
- ret = 0;
- break;
- }
-#endif
- if (s->feat & SH_SERIAL_FEAT_SCIF) {
- switch(offs) {
- case 0x00: /* SMR */
- ret = s->smr;
- break;
- case 0x08: /* SCR */
- ret = s->scr;
- break;
- case 0x10: /* FSR */
- ret = 0;
- if (s->flags & SH_SERIAL_FLAG_TEND)
- ret |= (1 << 6);
- if (s->flags & SH_SERIAL_FLAG_TDE)
- ret |= (1 << 5);
- if (s->flags & SH_SERIAL_FLAG_BRK)
- ret |= (1 << 4);
- if (s->flags & SH_SERIAL_FLAG_RDF)
- ret |= (1 << 1);
- if (s->flags & SH_SERIAL_FLAG_DR)
- ret |= (1 << 0);
-
- if (s->scr & (1 << 5))
- s->flags |= SH_SERIAL_FLAG_TDE | SH_SERIAL_FLAG_TEND;
-
- break;
- case 0x14:
- if (s->rx_cnt > 0) {
- ret = s->rx_fifo[s->rx_tail++];
- s->rx_cnt--;
- if (s->rx_tail == SH_RX_FIFO_LENGTH)
- s->rx_tail = 0;
- if (s->rx_cnt < s->rtrg)
- s->flags &= ~SH_SERIAL_FLAG_RDF;
- }
- break;
-#if 0
- case 0x18:
- ret = s->fcr;
- break;
-#endif
- case 0x1c:
- ret = s->rx_cnt;
- break;
- case 0x20:
- ret = s->sptr;
- break;
- case 0x24:
- ret = 0;
- break;
- }
- }
- else {
- switch(offs) {
-#if 0
- case 0x0c:
- ret = s->dr;
- break;
- case 0x10:
- ret = 0;
- break;
- case 0x14:
- ret = s->rx_fifo[0];
- break;
-#endif
- case 0x1c:
- ret = s->sptr;
- break;
- }
- }
-#ifdef DEBUG_SERIAL
- printf("sh_serial: read offs=0x%02x val=0x%x\n",
- offs, ret);
-#endif
-
- if (ret & ~((1 << 16) - 1)) {
- fprintf(stderr, "sh_serial: unsupported read from 0x%02"
- HWADDR_PRIx "\n", offs);
- abort();
- }
-
- return ret;
-}
-
-static int sh_serial_can_receive(sh_serial_state *s)
-{
- return s->scr & (1 << 4);
-}
-
-static void sh_serial_receive_break(sh_serial_state *s)
-{
- if (s->feat & SH_SERIAL_FEAT_SCIF)
- s->sr |= (1 << 4);
-}
-
-static int sh_serial_can_receive1(void *opaque)
-{
- sh_serial_state *s = opaque;
- return sh_serial_can_receive(s);
-}
-
-static void sh_serial_receive1(void *opaque, const uint8_t *buf, int size)
-{
- sh_serial_state *s = opaque;
-
- if (s->feat & SH_SERIAL_FEAT_SCIF) {
- int i;
- for (i = 0; i < size; i++) {
- if (s->rx_cnt < SH_RX_FIFO_LENGTH) {
- s->rx_fifo[s->rx_head++] = buf[i];
- if (s->rx_head == SH_RX_FIFO_LENGTH) {
- s->rx_head = 0;
- }
- s->rx_cnt++;
- if (s->rx_cnt >= s->rtrg) {
- s->flags |= SH_SERIAL_FLAG_RDF;
- if (s->scr & (1 << 6) && s->rxi) {
- qemu_set_irq(s->rxi, 1);
- }
- }
- }
- }
- } else {
- s->rx_fifo[0] = buf[0];
- }
-}
-
-static void sh_serial_event(void *opaque, int event)
-{
- sh_serial_state *s = opaque;
- if (event == CHR_EVENT_BREAK)
- sh_serial_receive_break(s);
-}
-
-static const MemoryRegionOps sh_serial_ops = {
- .read = sh_serial_read,
- .write = sh_serial_write,
- .endianness = DEVICE_NATIVE_ENDIAN,
-};
-
-void sh_serial_init(MemoryRegion *sysmem,
- hwaddr base, int feat,
- uint32_t freq, CharDriverState *chr,
- qemu_irq eri_source,
- qemu_irq rxi_source,
- qemu_irq txi_source,
- qemu_irq tei_source,
- qemu_irq bri_source)
-{
- sh_serial_state *s;
-
- s = g_malloc0(sizeof(sh_serial_state));
-
- s->feat = feat;
- s->flags = SH_SERIAL_FLAG_TEND | SH_SERIAL_FLAG_TDE;
- s->rtrg = 1;
-
- s->smr = 0;
- s->brr = 0xff;
- s->scr = 1 << 5; /* pretend that TX is enabled so early printk works */
- s->sptr = 0;
-
- if (feat & SH_SERIAL_FEAT_SCIF) {
- s->fcr = 0;
- }
- else {
- s->dr = 0xff;
- }
-
- sh_serial_clear_fifo(s);
-
- memory_region_init_io(&s->iomem, &sh_serial_ops, s,
- "serial", 0x100000000ULL);
-
- memory_region_init_alias(&s->iomem_p4, "serial-p4", &s->iomem,
- 0, 0x28);
- memory_region_add_subregion(sysmem, P4ADDR(base), &s->iomem_p4);
-
- memory_region_init_alias(&s->iomem_a7, "serial-a7", &s->iomem,
- 0, 0x28);
- memory_region_add_subregion(sysmem, A7ADDR(base), &s->iomem_a7);
-
- s->chr = chr;
-
- if (chr)
- qemu_chr_add_handlers(chr, sh_serial_can_receive1, sh_serial_receive1,
- sh_serial_event, s);
-
- s->eri = eri_source;
- s->rxi = rxi_source;
- s->txi = txi_source;
- s->tei = tei_source;
- s->bri = bri_source;
-}
diff --git a/hw/sh_timer.c b/hw/sh_timer.c
deleted file mode 100644
index c0365b114..000000000
--- a/hw/sh_timer.c
+++ /dev/null
@@ -1,333 +0,0 @@
-/*
- * SuperH Timer modules.
- *
- * Copyright (c) 2007 Magnus Damm
- * Based on arm_timer.c by Paul Brook
- * Copyright (c) 2005-2006 CodeSourcery.
- *
- * This code is licensed under the GPL.
- */
-
-#include "hw.h"
-#include "sh.h"
-#include "qemu-timer.h"
-#include "exec-memory.h"
-#include "ptimer.h"
-
-//#define DEBUG_TIMER
-
-#define TIMER_TCR_TPSC (7 << 0)
-#define TIMER_TCR_CKEG (3 << 3)
-#define TIMER_TCR_UNIE (1 << 5)
-#define TIMER_TCR_ICPE (3 << 6)
-#define TIMER_TCR_UNF (1 << 8)
-#define TIMER_TCR_ICPF (1 << 9)
-#define TIMER_TCR_RESERVED (0x3f << 10)
-
-#define TIMER_FEAT_CAPT (1 << 0)
-#define TIMER_FEAT_EXTCLK (1 << 1)
-
-#define OFFSET_TCOR 0
-#define OFFSET_TCNT 1
-#define OFFSET_TCR 2
-#define OFFSET_TCPR 3
-
-typedef struct {
- ptimer_state *timer;
- uint32_t tcnt;
- uint32_t tcor;
- uint32_t tcr;
- uint32_t tcpr;
- int freq;
- int int_level;
- int old_level;
- int feat;
- int enabled;
- qemu_irq irq;
-} sh_timer_state;
-
-/* Check all active timers, and schedule the next timer interrupt. */
-
-static void sh_timer_update(sh_timer_state *s)
-{
- int new_level = s->int_level && (s->tcr & TIMER_TCR_UNIE);
-
- if (new_level != s->old_level)
- qemu_set_irq (s->irq, new_level);
-
- s->old_level = s->int_level;
- s->int_level = new_level;
-}
-
-static uint32_t sh_timer_read(void *opaque, hwaddr offset)
-{
- sh_timer_state *s = (sh_timer_state *)opaque;
-
- switch (offset >> 2) {
- case OFFSET_TCOR:
- return s->tcor;
- case OFFSET_TCNT:
- return ptimer_get_count(s->timer);
- case OFFSET_TCR:
- return s->tcr | (s->int_level ? TIMER_TCR_UNF : 0);
- case OFFSET_TCPR:
- if (s->feat & TIMER_FEAT_CAPT)
- return s->tcpr;
- default:
- hw_error("sh_timer_read: Bad offset %x\n", (int)offset);
- return 0;
- }
-}
-
-static void sh_timer_write(void *opaque, hwaddr offset,
- uint32_t value)
-{
- sh_timer_state *s = (sh_timer_state *)opaque;
- int freq;
-
- switch (offset >> 2) {
- case OFFSET_TCOR:
- s->tcor = value;
- ptimer_set_limit(s->timer, s->tcor, 0);
- break;
- case OFFSET_TCNT:
- s->tcnt = value;
- ptimer_set_count(s->timer, s->tcnt);
- break;
- case OFFSET_TCR:
- if (s->enabled) {
- /* Pause the timer if it is running. This may cause some
- inaccuracy dure to rounding, but avoids a whole lot of other
- messyness. */
- ptimer_stop(s->timer);
- }
- freq = s->freq;
- /* ??? Need to recalculate expiry time after changing divisor. */
- switch (value & TIMER_TCR_TPSC) {
- case 0: freq >>= 2; break;
- case 1: freq >>= 4; break;
- case 2: freq >>= 6; break;
- case 3: freq >>= 8; break;
- case 4: freq >>= 10; break;
- case 6:
- case 7: if (s->feat & TIMER_FEAT_EXTCLK) break;
- default: hw_error("sh_timer_write: Reserved TPSC value\n"); break;
- }
- switch ((value & TIMER_TCR_CKEG) >> 3) {
- case 0: break;
- case 1:
- case 2:
- case 3: if (s->feat & TIMER_FEAT_EXTCLK) break;
- default: hw_error("sh_timer_write: Reserved CKEG value\n"); break;
- }
- switch ((value & TIMER_TCR_ICPE) >> 6) {
- case 0: break;
- case 2:
- case 3: if (s->feat & TIMER_FEAT_CAPT) break;
- default: hw_error("sh_timer_write: Reserved ICPE value\n"); break;
- }
- if ((value & TIMER_TCR_UNF) == 0)
- s->int_level = 0;
-
- value &= ~TIMER_TCR_UNF;
-
- if ((value & TIMER_TCR_ICPF) && (!(s->feat & TIMER_FEAT_CAPT)))
- hw_error("sh_timer_write: Reserved ICPF value\n");
-
- value &= ~TIMER_TCR_ICPF; /* capture not supported */
-
- if (value & TIMER_TCR_RESERVED)
- hw_error("sh_timer_write: Reserved TCR bits set\n");
- s->tcr = value;
- ptimer_set_limit(s->timer, s->tcor, 0);
- ptimer_set_freq(s->timer, freq);
- if (s->enabled) {
- /* Restart the timer if still enabled. */
- ptimer_run(s->timer, 0);
- }
- break;
- case OFFSET_TCPR:
- if (s->feat & TIMER_FEAT_CAPT) {
- s->tcpr = value;
- break;
- }
- default:
- hw_error("sh_timer_write: Bad offset %x\n", (int)offset);
- }
- sh_timer_update(s);
-}
-
-static void sh_timer_start_stop(void *opaque, int enable)
-{
- sh_timer_state *s = (sh_timer_state *)opaque;
-
-#ifdef DEBUG_TIMER
- printf("sh_timer_start_stop %d (%d)\n", enable, s->enabled);
-#endif
-
- if (s->enabled && !enable) {
- ptimer_stop(s->timer);
- }
- if (!s->enabled && enable) {
- ptimer_run(s->timer, 0);
- }
- s->enabled = !!enable;
-
-#ifdef DEBUG_TIMER
- printf("sh_timer_start_stop done %d\n", s->enabled);
-#endif
-}
-
-static void sh_timer_tick(void *opaque)
-{
- sh_timer_state *s = (sh_timer_state *)opaque;
- s->int_level = s->enabled;
- sh_timer_update(s);
-}
-
-static void *sh_timer_init(uint32_t freq, int feat, qemu_irq irq)
-{
- sh_timer_state *s;
- QEMUBH *bh;
-
- s = (sh_timer_state *)g_malloc0(sizeof(sh_timer_state));
- s->freq = freq;
- s->feat = feat;
- s->tcor = 0xffffffff;
- s->tcnt = 0xffffffff;
- s->tcpr = 0xdeadbeef;
- s->tcr = 0;
- s->enabled = 0;
- s->irq = irq;
-
- bh = qemu_bh_new(sh_timer_tick, s);
- s->timer = ptimer_init(bh);
-
- sh_timer_write(s, OFFSET_TCOR >> 2, s->tcor);
- sh_timer_write(s, OFFSET_TCNT >> 2, s->tcnt);
- sh_timer_write(s, OFFSET_TCPR >> 2, s->tcpr);
- sh_timer_write(s, OFFSET_TCR >> 2, s->tcpr);
- /* ??? Save/restore. */
- return s;
-}
-
-typedef struct {
- MemoryRegion iomem;
- MemoryRegion iomem_p4;
- MemoryRegion iomem_a7;
- void *timer[3];
- int level[3];
- uint32_t tocr;
- uint32_t tstr;
- int feat;
-} tmu012_state;
-
-static uint64_t tmu012_read(void *opaque, hwaddr offset,
- unsigned size)
-{
- tmu012_state *s = (tmu012_state *)opaque;
-
-#ifdef DEBUG_TIMER
- printf("tmu012_read 0x%lx\n", (unsigned long) offset);
-#endif
-
- if (offset >= 0x20) {
- if (!(s->feat & TMU012_FEAT_3CHAN))
- hw_error("tmu012_write: Bad channel offset %x\n", (int)offset);
- return sh_timer_read(s->timer[2], offset - 0x20);
- }
-
- if (offset >= 0x14)
- return sh_timer_read(s->timer[1], offset - 0x14);
-
- if (offset >= 0x08)
- return sh_timer_read(s->timer[0], offset - 0x08);
-
- if (offset == 4)
- return s->tstr;
-
- if ((s->feat & TMU012_FEAT_TOCR) && offset == 0)
- return s->tocr;
-
- hw_error("tmu012_write: Bad offset %x\n", (int)offset);
- return 0;
-}
-
-static void tmu012_write(void *opaque, hwaddr offset,
- uint64_t value, unsigned size)
-{
- tmu012_state *s = (tmu012_state *)opaque;
-
-#ifdef DEBUG_TIMER
- printf("tmu012_write 0x%lx 0x%08x\n", (unsigned long) offset, value);
-#endif
-
- if (offset >= 0x20) {
- if (!(s->feat & TMU012_FEAT_3CHAN))
- hw_error("tmu012_write: Bad channel offset %x\n", (int)offset);
- sh_timer_write(s->timer[2], offset - 0x20, value);
- return;
- }
-
- if (offset >= 0x14) {
- sh_timer_write(s->timer[1], offset - 0x14, value);
- return;
- }
-
- if (offset >= 0x08) {
- sh_timer_write(s->timer[0], offset - 0x08, value);
- return;
- }
-
- if (offset == 4) {
- sh_timer_start_stop(s->timer[0], value & (1 << 0));
- sh_timer_start_stop(s->timer[1], value & (1 << 1));
- if (s->feat & TMU012_FEAT_3CHAN)
- sh_timer_start_stop(s->timer[2], value & (1 << 2));
- else
- if (value & (1 << 2))
- hw_error("tmu012_write: Bad channel\n");
-
- s->tstr = value;
- return;
- }
-
- if ((s->feat & TMU012_FEAT_TOCR) && offset == 0) {
- s->tocr = value & (1 << 0);
- }
-}
-
-static const MemoryRegionOps tmu012_ops = {
- .read = tmu012_read,
- .write = tmu012_write,
- .endianness = DEVICE_NATIVE_ENDIAN,
-};
-
-void tmu012_init(MemoryRegion *sysmem, hwaddr base,
- int feat, uint32_t freq,
- qemu_irq ch0_irq, qemu_irq ch1_irq,
- qemu_irq ch2_irq0, qemu_irq ch2_irq1)
-{
- tmu012_state *s;
- int timer_feat = (feat & TMU012_FEAT_EXTCLK) ? TIMER_FEAT_EXTCLK : 0;
-
- s = (tmu012_state *)g_malloc0(sizeof(tmu012_state));
- s->feat = feat;
- s->timer[0] = sh_timer_init(freq, timer_feat, ch0_irq);
- s->timer[1] = sh_timer_init(freq, timer_feat, ch1_irq);
- if (feat & TMU012_FEAT_3CHAN)
- s->timer[2] = sh_timer_init(freq, timer_feat | TIMER_FEAT_CAPT,
- ch2_irq0); /* ch2_irq1 not supported */
-
- memory_region_init_io(&s->iomem, &tmu012_ops, s,
- "timer", 0x100000000ULL);
-
- memory_region_init_alias(&s->iomem_p4, "timer-p4",
- &s->iomem, 0, 0x1000);
- memory_region_add_subregion(sysmem, P4ADDR(base), &s->iomem_p4);
-
- memory_region_init_alias(&s->iomem_a7, "timer-a7",
- &s->iomem, 0, 0x1000);
- memory_region_add_subregion(sysmem, A7ADDR(base), &s->iomem_a7);
- /* ??? Save/restore. */
-}
diff --git a/hw/sharpsl.h b/hw/sharpsl.h
deleted file mode 100644
index 13981a6d0..000000000
--- a/hw/sharpsl.h
+++ /dev/null
@@ -1,17 +0,0 @@
-/*
- * Common declarations for the Zaurii.
- *
- * This file is licensed under the GNU GPL.
- */
-#ifndef QEMU_SHARPSL_H
-#define QEMU_SHARPSL_H
-
-#define zaurus_printf(format, ...) \
- fprintf(stderr, "%s: " format, __FUNCTION__, ##__VA_ARGS__)
-
-/* zaurus.c */
-
-#define SL_PXA_PARAM_BASE 0xa0000a00
-void sl_bootparam_write(hwaddr ptr);
-
-#endif
diff --git a/hw/shix.c b/hw/shix.c
deleted file mode 100644
index b56dd54f7..000000000
--- a/hw/shix.c
+++ /dev/null
@@ -1,102 +0,0 @@
-/*
- * SHIX 2.0 board description
- *
- * Copyright (c) 2005 Samuel Tardieu
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
- * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
- * THE SOFTWARE.
- */
-/*
- Shix 2.0 board by Alexis Polti, described at
- http://perso.enst.fr/~polti/realisations/shix20/
-
- More information in target-sh4/README.sh4
-*/
-#include "hw.h"
-#include "sh.h"
-#include "sysemu.h"
-#include "boards.h"
-#include "loader.h"
-#include "exec-memory.h"
-
-#define BIOS_FILENAME "shix_bios.bin"
-#define BIOS_ADDRESS 0xA0000000
-
-static void shix_init(QEMUMachineInitArgs *args)
-{
- const char *cpu_model = args->cpu_model;
- int ret;
- CPUSH4State *env;
- struct SH7750State *s;
- MemoryRegion *sysmem = get_system_memory();
- MemoryRegion *rom = g_new(MemoryRegion, 1);
- MemoryRegion *sdram = g_new(MemoryRegion, 2);
-
- if (!cpu_model)
- cpu_model = "any";
-
- printf("Initializing CPU\n");
- env = cpu_init(cpu_model);
-
- /* Allocate memory space */
- printf("Allocating ROM\n");
- memory_region_init_ram(rom, "shix.rom", 0x4000);
- vmstate_register_ram_global(rom);
- memory_region_set_readonly(rom, true);
- memory_region_add_subregion(sysmem, 0x00000000, rom);
- printf("Allocating SDRAM 1\n");
- memory_region_init_ram(&sdram[0], "shix.sdram1", 0x01000000);
- vmstate_register_ram_global(&sdram[0]);
- memory_region_add_subregion(sysmem, 0x08000000, &sdram[0]);
- printf("Allocating SDRAM 2\n");
- memory_region_init_ram(&sdram[1], "shix.sdram2", 0x01000000);
- vmstate_register_ram_global(&sdram[1]);
- memory_region_add_subregion(sysmem, 0x0c000000, &sdram[1]);
-
- /* Load BIOS in 0 (and access it through P2, 0xA0000000) */
- if (bios_name == NULL)
- bios_name = BIOS_FILENAME;
- printf("%s: load BIOS '%s'\n", __func__, bios_name);
- ret = load_image_targphys(bios_name, 0, 0x4000);
- if (ret < 0) { /* Check bios size */
- fprintf(stderr, "ret=%d\n", ret);
- fprintf(stderr, "qemu: could not load SHIX bios '%s'\n",
- bios_name);
- exit(1);
- }
-
- /* Register peripherals */
- s = sh7750_init(env, sysmem);
- /* XXXXX Check success */
- tc58128_init(s, "shix_linux_nand.bin", NULL);
- fprintf(stderr, "initialization terminated\n");
-}
-
-static QEMUMachine shix_machine = {
- .name = "shix",
- .desc = "shix card",
- .init = shix_init,
- .is_default = 1,
-};
-
-static void shix_machine_init(void)
-{
- qemu_register_machine(&shix_machine);
-}
-
-machine_init(shix_machine_init);
diff --git a/hw/shpc.c b/hw/shpc.c
deleted file mode 100644
index 4597bbde7..000000000
--- a/hw/shpc.c
+++ /dev/null
@@ -1,681 +0,0 @@
-#include <strings.h>
-#include <stdint.h>
-#include "range.h"
-#include "range.h"
-#include "shpc.h"
-#include "pci.h"
-#include "pci_internals.h"
-#include "msi.h"
-
-/* TODO: model power only and disabled slot states. */
-/* TODO: handle SERR and wakeups */
-/* TODO: consider enabling 66MHz support */
-
-/* TODO: remove fully only on state DISABLED and LED off.
- * track state to properly record this. */
-
-/* SHPC Working Register Set */
-#define SHPC_BASE_OFFSET 0x00 /* 4 bytes */
-#define SHPC_SLOTS_33 0x04 /* 4 bytes. Also encodes PCI-X slots. */
-#define SHPC_SLOTS_66 0x08 /* 4 bytes. */
-#define SHPC_NSLOTS 0x0C /* 1 byte */
-#define SHPC_FIRST_DEV 0x0D /* 1 byte */
-#define SHPC_PHYS_SLOT 0x0E /* 2 byte */
-#define SHPC_PHYS_NUM_MAX 0x7ff
-#define SHPC_PHYS_NUM_UP 0x2000
-#define SHPC_PHYS_MRL 0x4000
-#define SHPC_PHYS_BUTTON 0x8000
-#define SHPC_SEC_BUS 0x10 /* 2 bytes */
-#define SHPC_SEC_BUS_33 0x0
-#define SHPC_SEC_BUS_66 0x1 /* Unused */
-#define SHPC_SEC_BUS_MASK 0x7
-#define SHPC_MSI_CTL 0x12 /* 1 byte */
-#define SHPC_PROG_IFC 0x13 /* 1 byte */
-#define SHPC_PROG_IFC_1_0 0x1
-#define SHPC_CMD_CODE 0x14 /* 1 byte */
-#define SHPC_CMD_TRGT 0x15 /* 1 byte */
-#define SHPC_CMD_TRGT_MIN 0x1
-#define SHPC_CMD_TRGT_MAX 0x1f
-#define SHPC_CMD_STATUS 0x16 /* 2 bytes */
-#define SHPC_CMD_STATUS_BUSY 0x1
-#define SHPC_CMD_STATUS_MRL_OPEN 0x2
-#define SHPC_CMD_STATUS_INVALID_CMD 0x4
-#define SHPC_CMD_STATUS_INVALID_MODE 0x8
-#define SHPC_INT_LOCATOR 0x18 /* 4 bytes */
-#define SHPC_INT_COMMAND 0x1
-#define SHPC_SERR_LOCATOR 0x1C /* 4 bytes */
-#define SHPC_SERR_INT 0x20 /* 4 bytes */
-#define SHPC_INT_DIS 0x1
-#define SHPC_SERR_DIS 0x2
-#define SHPC_CMD_INT_DIS 0x4
-#define SHPC_ARB_SERR_DIS 0x8
-#define SHPC_CMD_DETECTED 0x10000
-#define SHPC_ARB_DETECTED 0x20000
- /* 4 bytes * slot # (start from 0) */
-#define SHPC_SLOT_REG(s) (0x24 + (s) * 4)
- /* 2 bytes */
-#define SHPC_SLOT_STATUS(s) (0x0 + SHPC_SLOT_REG(s))
-
-/* Same slot state masks are used for command and status registers */
-#define SHPC_SLOT_STATE_MASK 0x03
-#define SHPC_SLOT_STATE_SHIFT \
- (ffs(SHPC_SLOT_STATE_MASK) - 1)
-
-#define SHPC_STATE_NO 0x0
-#define SHPC_STATE_PWRONLY 0x1
-#define SHPC_STATE_ENABLED 0x2
-#define SHPC_STATE_DISABLED 0x3
-
-#define SHPC_SLOT_PWR_LED_MASK 0xC
-#define SHPC_SLOT_PWR_LED_SHIFT \
- (ffs(SHPC_SLOT_PWR_LED_MASK) - 1)
-#define SHPC_SLOT_ATTN_LED_MASK 0x30
-#define SHPC_SLOT_ATTN_LED_SHIFT \
- (ffs(SHPC_SLOT_ATTN_LED_MASK) - 1)
-
-#define SHPC_LED_NO 0x0
-#define SHPC_LED_ON 0x1
-#define SHPC_LED_BLINK 0x2
-#define SHPC_LED_OFF 0x3
-
-#define SHPC_SLOT_STATUS_PWR_FAULT 0x40
-#define SHPC_SLOT_STATUS_BUTTON 0x80
-#define SHPC_SLOT_STATUS_MRL_OPEN 0x100
-#define SHPC_SLOT_STATUS_66 0x200
-#define SHPC_SLOT_STATUS_PRSNT_MASK 0xC00
-#define SHPC_SLOT_STATUS_PRSNT_EMPTY 0x3
-#define SHPC_SLOT_STATUS_PRSNT_25W 0x1
-#define SHPC_SLOT_STATUS_PRSNT_15W 0x2
-#define SHPC_SLOT_STATUS_PRSNT_7_5W 0x0
-
-#define SHPC_SLOT_STATUS_PRSNT_PCIX 0x3000
-
-
- /* 1 byte */
-#define SHPC_SLOT_EVENT_LATCH(s) (0x2 + SHPC_SLOT_REG(s))
- /* 1 byte */
-#define SHPC_SLOT_EVENT_SERR_INT_DIS(d, s) (0x3 + SHPC_SLOT_REG(s))
-#define SHPC_SLOT_EVENT_PRESENCE 0x01
-#define SHPC_SLOT_EVENT_ISOLATED_FAULT 0x02
-#define SHPC_SLOT_EVENT_BUTTON 0x04
-#define SHPC_SLOT_EVENT_MRL 0x08
-#define SHPC_SLOT_EVENT_CONNECTED_FAULT 0x10
-/* Bits below are used for Serr/Int disable only */
-#define SHPC_SLOT_EVENT_MRL_SERR_DIS 0x20
-#define SHPC_SLOT_EVENT_CONNECTED_FAULT_SERR_DIS 0x40
-
-#define SHPC_MIN_SLOTS 1
-#define SHPC_MAX_SLOTS 31
-#define SHPC_SIZEOF(d) SHPC_SLOT_REG((d)->shpc->nslots)
-
-/* SHPC Slot identifiers */
-
-/* Hotplug supported at 31 slots out of the total 32. We reserve slot 0,
- and give the rest of them physical *and* pci numbers starting from 1, so
- they match logical numbers. Note: this means that multiple slots must have
- different chassis number values, to make chassis+physical slot unique.
- TODO: make this configurable? */
-#define SHPC_IDX_TO_LOGICAL(slot) ((slot) + 1)
-#define SHPC_LOGICAL_TO_IDX(target) ((target) - 1)
-#define SHPC_IDX_TO_PCI(slot) ((slot) + 1)
-#define SHPC_PCI_TO_IDX(pci_slot) ((pci_slot) - 1)
-#define SHPC_IDX_TO_PHYSICAL(slot) ((slot) + 1)
-
-static int roundup_pow_of_two(int x)
-{
- x |= (x >> 1);
- x |= (x >> 2);
- x |= (x >> 4);
- x |= (x >> 8);
- x |= (x >> 16);
- return x + 1;
-}
-
-static uint16_t shpc_get_status(SHPCDevice *shpc, int slot, uint16_t msk)
-{
- uint8_t *status = shpc->config + SHPC_SLOT_STATUS(slot);
- return (pci_get_word(status) & msk) >> (ffs(msk) - 1);
-}
-
-static void shpc_set_status(SHPCDevice *shpc,
- int slot, uint8_t value, uint16_t msk)
-{
- uint8_t *status = shpc->config + SHPC_SLOT_STATUS(slot);
- pci_word_test_and_clear_mask(status, msk);
- pci_word_test_and_set_mask(status, value << (ffs(msk) - 1));
-}
-
-static void shpc_interrupt_update(PCIDevice *d)
-{
- SHPCDevice *shpc = d->shpc;
- int slot;
- int level = 0;
- uint32_t serr_int;
- uint32_t int_locator = 0;
-
- /* Update interrupt locator register */
- for (slot = 0; slot < shpc->nslots; ++slot) {
- uint8_t event = shpc->config[SHPC_SLOT_EVENT_LATCH(slot)];
- uint8_t disable = shpc->config[SHPC_SLOT_EVENT_SERR_INT_DIS(d, slot)];
- uint32_t mask = 1 << SHPC_IDX_TO_LOGICAL(slot);
- if (event & ~disable) {
- int_locator |= mask;
- }
- }
- serr_int = pci_get_long(shpc->config + SHPC_SERR_INT);
- if ((serr_int & SHPC_CMD_DETECTED) && !(serr_int & SHPC_CMD_INT_DIS)) {
- int_locator |= SHPC_INT_COMMAND;
- }
- pci_set_long(shpc->config + SHPC_INT_LOCATOR, int_locator);
- level = (!(serr_int & SHPC_INT_DIS) && int_locator) ? 1 : 0;
- if (msi_enabled(d) && shpc->msi_requested != level)
- msi_notify(d, 0);
- else
- qemu_set_irq(d->irq[0], level);
- shpc->msi_requested = level;
-}
-
-static void shpc_set_sec_bus_speed(SHPCDevice *shpc, uint8_t speed)
-{
- switch (speed) {
- case SHPC_SEC_BUS_33:
- shpc->config[SHPC_SEC_BUS] &= ~SHPC_SEC_BUS_MASK;
- shpc->config[SHPC_SEC_BUS] |= speed;
- break;
- default:
- pci_word_test_and_set_mask(shpc->config + SHPC_CMD_STATUS,
- SHPC_CMD_STATUS_INVALID_MODE);
- }
-}
-
-void shpc_reset(PCIDevice *d)
-{
- SHPCDevice *shpc = d->shpc;
- int nslots = shpc->nslots;
- int i;
- memset(shpc->config, 0, SHPC_SIZEOF(d));
- pci_set_byte(shpc->config + SHPC_NSLOTS, nslots);
- pci_set_long(shpc->config + SHPC_SLOTS_33, nslots);
- pci_set_long(shpc->config + SHPC_SLOTS_66, 0);
- pci_set_byte(shpc->config + SHPC_FIRST_DEV, SHPC_IDX_TO_PCI(0));
- pci_set_word(shpc->config + SHPC_PHYS_SLOT,
- SHPC_IDX_TO_PHYSICAL(0) |
- SHPC_PHYS_NUM_UP |
- SHPC_PHYS_MRL |
- SHPC_PHYS_BUTTON);
- pci_set_long(shpc->config + SHPC_SERR_INT, SHPC_INT_DIS |
- SHPC_SERR_DIS |
- SHPC_CMD_INT_DIS |
- SHPC_ARB_SERR_DIS);
- pci_set_byte(shpc->config + SHPC_PROG_IFC, SHPC_PROG_IFC_1_0);
- pci_set_word(shpc->config + SHPC_SEC_BUS, SHPC_SEC_BUS_33);
- for (i = 0; i < shpc->nslots; ++i) {
- pci_set_byte(shpc->config + SHPC_SLOT_EVENT_SERR_INT_DIS(d, i),
- SHPC_SLOT_EVENT_PRESENCE |
- SHPC_SLOT_EVENT_ISOLATED_FAULT |
- SHPC_SLOT_EVENT_BUTTON |
- SHPC_SLOT_EVENT_MRL |
- SHPC_SLOT_EVENT_CONNECTED_FAULT |
- SHPC_SLOT_EVENT_MRL_SERR_DIS |
- SHPC_SLOT_EVENT_CONNECTED_FAULT_SERR_DIS);
- if (shpc->sec_bus->devices[PCI_DEVFN(SHPC_IDX_TO_PCI(i), 0)]) {
- shpc_set_status(shpc, i, SHPC_STATE_ENABLED, SHPC_SLOT_STATE_MASK);
- shpc_set_status(shpc, i, 0, SHPC_SLOT_STATUS_MRL_OPEN);
- shpc_set_status(shpc, i, SHPC_SLOT_STATUS_PRSNT_7_5W,
- SHPC_SLOT_STATUS_PRSNT_MASK);
- shpc_set_status(shpc, i, SHPC_LED_ON, SHPC_SLOT_PWR_LED_MASK);
- } else {
- shpc_set_status(shpc, i, SHPC_STATE_DISABLED, SHPC_SLOT_STATE_MASK);
- shpc_set_status(shpc, i, 1, SHPC_SLOT_STATUS_MRL_OPEN);
- shpc_set_status(shpc, i, SHPC_SLOT_STATUS_PRSNT_EMPTY,
- SHPC_SLOT_STATUS_PRSNT_MASK);
- shpc_set_status(shpc, i, SHPC_LED_OFF, SHPC_SLOT_PWR_LED_MASK);
- }
- shpc_set_status(shpc, i, 0, SHPC_SLOT_STATUS_66);
- }
- shpc_set_sec_bus_speed(shpc, SHPC_SEC_BUS_33);
- shpc->msi_requested = 0;
- shpc_interrupt_update(d);
-}
-
-static void shpc_invalid_command(SHPCDevice *shpc)
-{
- pci_word_test_and_set_mask(shpc->config + SHPC_CMD_STATUS,
- SHPC_CMD_STATUS_INVALID_CMD);
-}
-
-static void shpc_free_devices_in_slot(SHPCDevice *shpc, int slot)
-{
- int devfn;
- int pci_slot = SHPC_IDX_TO_PCI(slot);
- for (devfn = PCI_DEVFN(pci_slot, 0);
- devfn <= PCI_DEVFN(pci_slot, PCI_FUNC_MAX - 1);
- ++devfn) {
- PCIDevice *affected_dev = shpc->sec_bus->devices[devfn];
- if (affected_dev) {
- qdev_free(&affected_dev->qdev);
- }
- }
-}
-
-static void shpc_slot_command(SHPCDevice *shpc, uint8_t target,
- uint8_t state, uint8_t power, uint8_t attn)
-{
- uint8_t current_state;
- int slot = SHPC_LOGICAL_TO_IDX(target);
- if (target < SHPC_CMD_TRGT_MIN || slot >= shpc->nslots) {
- shpc_invalid_command(shpc);
- return;
- }
- current_state = shpc_get_status(shpc, slot, SHPC_SLOT_STATE_MASK);
- if (current_state == SHPC_STATE_ENABLED && state == SHPC_STATE_PWRONLY) {
- shpc_invalid_command(shpc);
- return;
- }
-
- switch (power) {
- case SHPC_LED_NO:
- break;
- default:
- /* TODO: send event to monitor */
- shpc_set_status(shpc, slot, power, SHPC_SLOT_PWR_LED_MASK);
- }
- switch (attn) {
- case SHPC_LED_NO:
- break;
- default:
- /* TODO: send event to monitor */
- shpc_set_status(shpc, slot, attn, SHPC_SLOT_ATTN_LED_MASK);
- }
-
- if ((current_state == SHPC_STATE_DISABLED && state == SHPC_STATE_PWRONLY) ||
- (current_state == SHPC_STATE_DISABLED && state == SHPC_STATE_ENABLED)) {
- shpc_set_status(shpc, slot, state, SHPC_SLOT_STATE_MASK);
- } else if ((current_state == SHPC_STATE_ENABLED ||
- current_state == SHPC_STATE_PWRONLY) &&
- state == SHPC_STATE_DISABLED) {
- shpc_set_status(shpc, slot, state, SHPC_SLOT_STATE_MASK);
- power = shpc_get_status(shpc, slot, SHPC_SLOT_PWR_LED_MASK);
- /* TODO: track what monitor requested. */
- /* Look at LED to figure out whether it's ok to remove the device. */
- if (power == SHPC_LED_OFF) {
- shpc_free_devices_in_slot(shpc, slot);
- shpc_set_status(shpc, slot, 1, SHPC_SLOT_STATUS_MRL_OPEN);
- shpc_set_status(shpc, slot, SHPC_SLOT_STATUS_PRSNT_EMPTY,
- SHPC_SLOT_STATUS_PRSNT_MASK);
- shpc->config[SHPC_SLOT_EVENT_LATCH(slot)] |=
- SHPC_SLOT_EVENT_BUTTON |
- SHPC_SLOT_EVENT_MRL |
- SHPC_SLOT_EVENT_PRESENCE;
- }
- }
-}
-
-static void shpc_command(SHPCDevice *shpc)
-{
- uint8_t code = pci_get_byte(shpc->config + SHPC_CMD_CODE);
- uint8_t speed;
- uint8_t target;
- uint8_t attn;
- uint8_t power;
- uint8_t state;
- int i;
-
- /* Clear status from the previous command. */
- pci_word_test_and_clear_mask(shpc->config + SHPC_CMD_STATUS,
- SHPC_CMD_STATUS_BUSY |
- SHPC_CMD_STATUS_MRL_OPEN |
- SHPC_CMD_STATUS_INVALID_CMD |
- SHPC_CMD_STATUS_INVALID_MODE);
- switch (code) {
- case 0x00 ... 0x3f:
- target = shpc->config[SHPC_CMD_TRGT] & SHPC_CMD_TRGT_MAX;
- state = (code & SHPC_SLOT_STATE_MASK) >> SHPC_SLOT_STATE_SHIFT;
- power = (code & SHPC_SLOT_PWR_LED_MASK) >> SHPC_SLOT_PWR_LED_SHIFT;
- attn = (code & SHPC_SLOT_ATTN_LED_MASK) >> SHPC_SLOT_ATTN_LED_SHIFT;
- shpc_slot_command(shpc, target, state, power, attn);
- break;
- case 0x40 ... 0x47:
- speed = code & SHPC_SEC_BUS_MASK;
- shpc_set_sec_bus_speed(shpc, speed);
- break;
- case 0x48:
- /* Power only all slots */
- /* first verify no slots are enabled */
- for (i = 0; i < shpc->nslots; ++i) {
- state = shpc_get_status(shpc, i, SHPC_SLOT_STATE_MASK);
- if (state == SHPC_STATE_ENABLED) {
- shpc_invalid_command(shpc);
- goto done;
- }
- }
- for (i = 0; i < shpc->nslots; ++i) {
- if (!(shpc_get_status(shpc, i, SHPC_SLOT_STATUS_MRL_OPEN))) {
- shpc_slot_command(shpc, i + SHPC_CMD_TRGT_MIN,
- SHPC_STATE_PWRONLY, SHPC_LED_ON, SHPC_LED_NO);
- } else {
- shpc_slot_command(shpc, i + SHPC_CMD_TRGT_MIN,
- SHPC_STATE_NO, SHPC_LED_OFF, SHPC_LED_NO);
- }
- }
- break;
- case 0x49:
- /* Enable all slots */
- /* TODO: Spec says this shall fail if some are already enabled.
- * This doesn't make sense - why not? a spec bug? */
- for (i = 0; i < shpc->nslots; ++i) {
- state = shpc_get_status(shpc, i, SHPC_SLOT_STATE_MASK);
- if (state == SHPC_STATE_ENABLED) {
- shpc_invalid_command(shpc);
- goto done;
- }
- }
- for (i = 0; i < shpc->nslots; ++i) {
- if (!(shpc_get_status(shpc, i, SHPC_SLOT_STATUS_MRL_OPEN))) {
- shpc_slot_command(shpc, i + SHPC_CMD_TRGT_MIN,
- SHPC_STATE_ENABLED, SHPC_LED_ON, SHPC_LED_NO);
- } else {
- shpc_slot_command(shpc, i + SHPC_CMD_TRGT_MIN,
- SHPC_STATE_NO, SHPC_LED_OFF, SHPC_LED_NO);
- }
- }
- break;
- default:
- shpc_invalid_command(shpc);
- break;
- }
-done:
- pci_long_test_and_set_mask(shpc->config + SHPC_SERR_INT, SHPC_CMD_DETECTED);
-}
-
-static void shpc_write(PCIDevice *d, unsigned addr, uint64_t val, int l)
-{
- SHPCDevice *shpc = d->shpc;
- int i;
- if (addr >= SHPC_SIZEOF(d)) {
- return;
- }
- l = MIN(l, SHPC_SIZEOF(d) - addr);
-
- /* TODO: code duplicated from pci.c */
- for (i = 0; i < l; val >>= 8, ++i) {
- unsigned a = addr + i;
- uint8_t wmask = shpc->wmask[a];
- uint8_t w1cmask = shpc->w1cmask[a];
- assert(!(wmask & w1cmask));
- shpc->config[a] = (shpc->config[a] & ~wmask) | (val & wmask);
- shpc->config[a] &= ~(val & w1cmask); /* W1C: Write 1 to Clear */
- }
- if (ranges_overlap(addr, l, SHPC_CMD_CODE, 2)) {
- shpc_command(shpc);
- }
- shpc_interrupt_update(d);
-}
-
-static uint64_t shpc_read(PCIDevice *d, unsigned addr, int l)
-{
- uint64_t val = 0x0;
- if (addr >= SHPC_SIZEOF(d)) {
- return val;
- }
- l = MIN(l, SHPC_SIZEOF(d) - addr);
- memcpy(&val, d->shpc->config + addr, l);
- return val;
-}
-
-/* SHPC Bridge Capability */
-#define SHPC_CAP_LENGTH 0x08
-#define SHPC_CAP_DWORD_SELECT 0x2 /* 1 byte */
-#define SHPC_CAP_CxP 0x3 /* 1 byte: CSP, CIP */
-#define SHPC_CAP_DWORD_DATA 0x4 /* 4 bytes */
-#define SHPC_CAP_CSP_MASK 0x4
-#define SHPC_CAP_CIP_MASK 0x8
-
-static uint8_t shpc_cap_dword(PCIDevice *d)
-{
- return pci_get_byte(d->config + d->shpc->cap + SHPC_CAP_DWORD_SELECT);
-}
-
-/* Update dword data capability register */
-static void shpc_cap_update_dword(PCIDevice *d)
-{
- unsigned data;
- data = shpc_read(d, shpc_cap_dword(d) * 4, 4);
- pci_set_long(d->config + d->shpc->cap + SHPC_CAP_DWORD_DATA, data);
-}
-
-/* Add SHPC capability to the config space for the device. */
-static int shpc_cap_add_config(PCIDevice *d)
-{
- uint8_t *config;
- int config_offset;
- config_offset = pci_add_capability(d, PCI_CAP_ID_SHPC,
- 0, SHPC_CAP_LENGTH);
- if (config_offset < 0) {
- return config_offset;
- }
- config = d->config + config_offset;
-
- pci_set_byte(config + SHPC_CAP_DWORD_SELECT, 0);
- pci_set_byte(config + SHPC_CAP_CxP, 0);
- pci_set_long(config + SHPC_CAP_DWORD_DATA, 0);
- d->shpc->cap = config_offset;
- /* Make dword select and data writeable. */
- pci_set_byte(d->wmask + config_offset + SHPC_CAP_DWORD_SELECT, 0xff);
- pci_set_long(d->wmask + config_offset + SHPC_CAP_DWORD_DATA, 0xffffffff);
- return 0;
-}
-
-static uint64_t shpc_mmio_read(void *opaque, hwaddr addr,
- unsigned size)
-{
- return shpc_read(opaque, addr, size);
-}
-
-static void shpc_mmio_write(void *opaque, hwaddr addr,
- uint64_t val, unsigned size)
-{
- shpc_write(opaque, addr, val, size);
-}
-
-static const MemoryRegionOps shpc_mmio_ops = {
- .read = shpc_mmio_read,
- .write = shpc_mmio_write,
- .endianness = DEVICE_LITTLE_ENDIAN,
- .valid = {
- /* SHPC ECN requires dword accesses, but the original 1.0 spec doesn't.
- * It's easier to suppport all sizes than worry about it. */
- .min_access_size = 1,
- .max_access_size = 4,
- },
-};
-
-static int shpc_device_hotplug(DeviceState *qdev, PCIDevice *affected_dev,
- PCIHotplugState hotplug_state)
-{
- int pci_slot = PCI_SLOT(affected_dev->devfn);
- uint8_t state;
- uint8_t led;
- PCIDevice *d = DO_UPCAST(PCIDevice, qdev, qdev);
- SHPCDevice *shpc = d->shpc;
- int slot = SHPC_PCI_TO_IDX(pci_slot);
- if (pci_slot < SHPC_IDX_TO_PCI(0) || slot >= shpc->nslots) {
- error_report("Unsupported PCI slot %d for standard hotplug "
- "controller. Valid slots are between %d and %d.",
- pci_slot, SHPC_IDX_TO_PCI(0),
- SHPC_IDX_TO_PCI(shpc->nslots) - 1);
- return -1;
- }
- /* Don't send event when device is enabled during qemu machine creation:
- * it is present on boot, no hotplug event is necessary. We do send an
- * event when the device is disabled later. */
- if (hotplug_state == PCI_COLDPLUG_ENABLED) {
- shpc_set_status(shpc, slot, 0, SHPC_SLOT_STATUS_MRL_OPEN);
- shpc_set_status(shpc, slot, SHPC_SLOT_STATUS_PRSNT_7_5W,
- SHPC_SLOT_STATUS_PRSNT_MASK);
- return 0;
- }
- if (hotplug_state == PCI_HOTPLUG_DISABLED) {
- shpc->config[SHPC_SLOT_EVENT_LATCH(slot)] |= SHPC_SLOT_EVENT_BUTTON;
- state = shpc_get_status(shpc, slot, SHPC_SLOT_STATE_MASK);
- led = shpc_get_status(shpc, slot, SHPC_SLOT_PWR_LED_MASK);
- if (state == SHPC_STATE_DISABLED && led == SHPC_LED_OFF) {
- shpc_free_devices_in_slot(shpc, slot);
- shpc_set_status(shpc, slot, 1, SHPC_SLOT_STATUS_MRL_OPEN);
- shpc_set_status(shpc, slot, SHPC_SLOT_STATUS_PRSNT_EMPTY,
- SHPC_SLOT_STATUS_PRSNT_MASK);
- shpc->config[SHPC_SLOT_EVENT_LATCH(slot)] |=
- SHPC_SLOT_EVENT_MRL |
- SHPC_SLOT_EVENT_PRESENCE;
- }
- } else {
- /* This could be a cancellation of the previous removal.
- * We check MRL state to figure out. */
- if (shpc_get_status(shpc, slot, SHPC_SLOT_STATUS_MRL_OPEN)) {
- shpc_set_status(shpc, slot, 0, SHPC_SLOT_STATUS_MRL_OPEN);
- shpc_set_status(shpc, slot, SHPC_SLOT_STATUS_PRSNT_7_5W,
- SHPC_SLOT_STATUS_PRSNT_MASK);
- shpc->config[SHPC_SLOT_EVENT_LATCH(slot)] |=
- SHPC_SLOT_EVENT_BUTTON |
- SHPC_SLOT_EVENT_MRL |
- SHPC_SLOT_EVENT_PRESENCE;
- } else {
- /* Press attention button to cancel removal */
- shpc->config[SHPC_SLOT_EVENT_LATCH(slot)] |=
- SHPC_SLOT_EVENT_BUTTON;
- }
- }
- shpc_set_status(shpc, slot, 0, SHPC_SLOT_STATUS_66);
- shpc_interrupt_update(d);
- return 0;
-}
-
-/* Initialize the SHPC structure in bridge's BAR. */
-int shpc_init(PCIDevice *d, PCIBus *sec_bus, MemoryRegion *bar, unsigned offset)
-{
- int i, ret;
- int nslots = SHPC_MAX_SLOTS; /* TODO: qdev property? */
- SHPCDevice *shpc = d->shpc = g_malloc0(sizeof(*d->shpc));
- shpc->sec_bus = sec_bus;
- ret = shpc_cap_add_config(d);
- if (ret) {
- g_free(d->shpc);
- return ret;
- }
- if (nslots < SHPC_MIN_SLOTS) {
- return 0;
- }
- if (nslots > SHPC_MAX_SLOTS ||
- SHPC_IDX_TO_PCI(nslots) > PCI_SLOT_MAX) {
- /* TODO: report an error mesage that makes sense. */
- return -EINVAL;
- }
- shpc->nslots = nslots;
- shpc->config = g_malloc0(SHPC_SIZEOF(d));
- shpc->cmask = g_malloc0(SHPC_SIZEOF(d));
- shpc->wmask = g_malloc0(SHPC_SIZEOF(d));
- shpc->w1cmask = g_malloc0(SHPC_SIZEOF(d));
-
- shpc_reset(d);
-
- pci_set_long(shpc->config + SHPC_BASE_OFFSET, offset);
-
- pci_set_byte(shpc->wmask + SHPC_CMD_CODE, 0xff);
- pci_set_byte(shpc->wmask + SHPC_CMD_TRGT, SHPC_CMD_TRGT_MAX);
- pci_set_byte(shpc->wmask + SHPC_CMD_TRGT, SHPC_CMD_TRGT_MAX);
- pci_set_long(shpc->wmask + SHPC_SERR_INT,
- SHPC_INT_DIS |
- SHPC_SERR_DIS |
- SHPC_CMD_INT_DIS |
- SHPC_ARB_SERR_DIS);
- pci_set_long(shpc->w1cmask + SHPC_SERR_INT,
- SHPC_CMD_DETECTED |
- SHPC_ARB_DETECTED);
- for (i = 0; i < nslots; ++i) {
- pci_set_byte(shpc->wmask +
- SHPC_SLOT_EVENT_SERR_INT_DIS(d, i),
- SHPC_SLOT_EVENT_PRESENCE |
- SHPC_SLOT_EVENT_ISOLATED_FAULT |
- SHPC_SLOT_EVENT_BUTTON |
- SHPC_SLOT_EVENT_MRL |
- SHPC_SLOT_EVENT_CONNECTED_FAULT |
- SHPC_SLOT_EVENT_MRL_SERR_DIS |
- SHPC_SLOT_EVENT_CONNECTED_FAULT_SERR_DIS);
- pci_set_byte(shpc->w1cmask +
- SHPC_SLOT_EVENT_LATCH(i),
- SHPC_SLOT_EVENT_PRESENCE |
- SHPC_SLOT_EVENT_ISOLATED_FAULT |
- SHPC_SLOT_EVENT_BUTTON |
- SHPC_SLOT_EVENT_MRL |
- SHPC_SLOT_EVENT_CONNECTED_FAULT);
- }
-
- /* TODO: init cmask */
- memory_region_init_io(&shpc->mmio, &shpc_mmio_ops, d, "shpc-mmio",
- SHPC_SIZEOF(d));
- shpc_cap_update_dword(d);
- memory_region_add_subregion(bar, offset, &shpc->mmio);
- pci_bus_hotplug(sec_bus, shpc_device_hotplug, &d->qdev);
-
- d->cap_present |= QEMU_PCI_CAP_SHPC;
- return 0;
-}
-
-int shpc_bar_size(PCIDevice *d)
-{
- return roundup_pow_of_two(SHPC_SLOT_REG(SHPC_MAX_SLOTS));
-}
-
-void shpc_cleanup(PCIDevice *d, MemoryRegion *bar)
-{
- SHPCDevice *shpc = d->shpc;
- d->cap_present &= ~QEMU_PCI_CAP_SHPC;
- memory_region_del_subregion(bar, &shpc->mmio);
- /* TODO: cleanup config space changes? */
- g_free(shpc->config);
- g_free(shpc->cmask);
- g_free(shpc->wmask);
- g_free(shpc->w1cmask);
- memory_region_destroy(&shpc->mmio);
- g_free(shpc);
-}
-
-void shpc_cap_write_config(PCIDevice *d, uint32_t addr, uint32_t val, int l)
-{
- if (!ranges_overlap(addr, l, d->shpc->cap, SHPC_CAP_LENGTH)) {
- return;
- }
- if (ranges_overlap(addr, l, d->shpc->cap + SHPC_CAP_DWORD_DATA, 4)) {
- unsigned dword_data;
- dword_data = pci_get_long(d->shpc->config + d->shpc->cap
- + SHPC_CAP_DWORD_DATA);
- shpc_write(d, shpc_cap_dword(d) * 4, dword_data, 4);
- }
- /* Update cap dword data in case guest is going to read it. */
- shpc_cap_update_dword(d);
-}
-
-static void shpc_save(QEMUFile *f, void *pv, size_t size)
-{
- PCIDevice *d = container_of(pv, PCIDevice, shpc);
- qemu_put_buffer(f, d->shpc->config, SHPC_SIZEOF(d));
-}
-
-static int shpc_load(QEMUFile *f, void *pv, size_t size)
-{
- PCIDevice *d = container_of(pv, PCIDevice, shpc);
- int ret = qemu_get_buffer(f, d->shpc->config, SHPC_SIZEOF(d));
- if (ret != SHPC_SIZEOF(d)) {
- return -EINVAL;
- }
- /* Make sure we don't lose notifications. An extra interrupt is harmless. */
- d->shpc->msi_requested = 0;
- shpc_interrupt_update(d);
- return 0;
-}
-
-VMStateInfo shpc_vmstate_info = {
- .name = "shpc",
- .get = shpc_load,
- .put = shpc_save,
-};
diff --git a/hw/shpc.h b/hw/shpc.h
deleted file mode 100644
index 130b71df3..000000000
--- a/hw/shpc.h
+++ /dev/null
@@ -1,48 +0,0 @@
-#ifndef SHPC_H
-#define SHPC_H
-
-#include "qemu-common.h"
-#include "memory.h"
-#include "vmstate.h"
-
-struct SHPCDevice {
- /* Capability offset in device's config space */
- int cap;
-
- /* # of hot-pluggable slots */
- int nslots;
-
- /* SHPC WRS: working register set */
- uint8_t *config;
-
- /* Used to enable checks on load. Note that writable bits are
- * never checked even if set in cmask. */
- uint8_t *cmask;
-
- /* Used to implement R/W bytes */
- uint8_t *wmask;
-
- /* Used to implement RW1C(Write 1 to Clear) bytes */
- uint8_t *w1cmask;
-
- /* MMIO for the SHPC BAR */
- MemoryRegion mmio;
-
- /* Bus controlled by this SHPC */
- PCIBus *sec_bus;
-
- /* MSI already requested for this event */
- int msi_requested;
-};
-
-void shpc_reset(PCIDevice *d);
-int shpc_bar_size(PCIDevice *dev);
-int shpc_init(PCIDevice *dev, PCIBus *sec_bus, MemoryRegion *bar, unsigned off);
-void shpc_cleanup(PCIDevice *dev, MemoryRegion *bar);
-void shpc_cap_write_config(PCIDevice *d, uint32_t addr, uint32_t val, int len);
-
-extern VMStateInfo shpc_vmstate_info;
-#define SHPC_VMSTATE(_field, _type) \
- VMSTATE_BUFFER_UNSAFE_INFO(_field, _type, 0, shpc_vmstate_info, 0)
-
-#endif
diff --git a/hw/slavio_intctl.c b/hw/slavio_intctl.c
deleted file mode 100644
index 6aafa8b23..000000000
--- a/hw/slavio_intctl.c
+++ /dev/null
@@ -1,471 +0,0 @@
-/*
- * QEMU Sparc SLAVIO interrupt controller emulation
- *
- * Copyright (c) 2003-2005 Fabrice Bellard
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
- * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
- * THE SOFTWARE.
- */
-
-#include "sun4m.h"
-#include "monitor.h"
-#include "sysbus.h"
-#include "trace.h"
-
-//#define DEBUG_IRQ_COUNT
-
-/*
- * Registers of interrupt controller in sun4m.
- *
- * This is the interrupt controller part of chip STP2001 (Slave I/O), also
- * produced as NCR89C105. See
- * http://www.ibiblio.org/pub/historic-linux/early-ports/Sparc/NCR/NCR89C105.txt
- *
- * There is a system master controller and one for each cpu.
- *
- */
-
-#define MAX_CPUS 16
-#define MAX_PILS 16
-
-struct SLAVIO_INTCTLState;
-
-typedef struct SLAVIO_CPUINTCTLState {
- MemoryRegion iomem;
- struct SLAVIO_INTCTLState *master;
- uint32_t intreg_pending;
- uint32_t cpu;
- uint32_t irl_out;
-} SLAVIO_CPUINTCTLState;
-
-typedef struct SLAVIO_INTCTLState {
- SysBusDevice busdev;
- MemoryRegion iomem;
-#ifdef DEBUG_IRQ_COUNT
- uint64_t irq_count[32];
-#endif
- qemu_irq cpu_irqs[MAX_CPUS][MAX_PILS];
- SLAVIO_CPUINTCTLState slaves[MAX_CPUS];
- uint32_t intregm_pending;
- uint32_t intregm_disabled;
- uint32_t target_cpu;
-} SLAVIO_INTCTLState;
-
-#define INTCTL_MAXADDR 0xf
-#define INTCTL_SIZE (INTCTL_MAXADDR + 1)
-#define INTCTLM_SIZE 0x14
-#define MASTER_IRQ_MASK ~0x0fa2007f
-#define MASTER_DISABLE 0x80000000
-#define CPU_SOFTIRQ_MASK 0xfffe0000
-#define CPU_IRQ_INT15_IN (1 << 15)
-#define CPU_IRQ_TIMER_IN (1 << 14)
-
-static void slavio_check_interrupts(SLAVIO_INTCTLState *s, int set_irqs);
-
-// per-cpu interrupt controller
-static uint64_t slavio_intctl_mem_readl(void *opaque, hwaddr addr,
- unsigned size)
-{
- SLAVIO_CPUINTCTLState *s = opaque;
- uint32_t saddr, ret;
-
- saddr = addr >> 2;
- switch (saddr) {
- case 0:
- ret = s->intreg_pending;
- break;
- default:
- ret = 0;
- break;
- }
- trace_slavio_intctl_mem_readl(s->cpu, addr, ret);
-
- return ret;
-}
-
-static void slavio_intctl_mem_writel(void *opaque, hwaddr addr,
- uint64_t val, unsigned size)
-{
- SLAVIO_CPUINTCTLState *s = opaque;
- uint32_t saddr;
-
- saddr = addr >> 2;
- trace_slavio_intctl_mem_writel(s->cpu, addr, val);
- switch (saddr) {
- case 1: // clear pending softints
- val &= CPU_SOFTIRQ_MASK | CPU_IRQ_INT15_IN;
- s->intreg_pending &= ~val;
- slavio_check_interrupts(s->master, 1);
- trace_slavio_intctl_mem_writel_clear(s->cpu, val, s->intreg_pending);
- break;
- case 2: // set softint
- val &= CPU_SOFTIRQ_MASK;
- s->intreg_pending |= val;
- slavio_check_interrupts(s->master, 1);
- trace_slavio_intctl_mem_writel_set(s->cpu, val, s->intreg_pending);
- break;
- default:
- break;
- }
-}
-
-static const MemoryRegionOps slavio_intctl_mem_ops = {
- .read = slavio_intctl_mem_readl,
- .write = slavio_intctl_mem_writel,
- .endianness = DEVICE_NATIVE_ENDIAN,
- .valid = {
- .min_access_size = 4,
- .max_access_size = 4,
- },
-};
-
-// master system interrupt controller
-static uint64_t slavio_intctlm_mem_readl(void *opaque, hwaddr addr,
- unsigned size)
-{
- SLAVIO_INTCTLState *s = opaque;
- uint32_t saddr, ret;
-
- saddr = addr >> 2;
- switch (saddr) {
- case 0:
- ret = s->intregm_pending & ~MASTER_DISABLE;
- break;
- case 1:
- ret = s->intregm_disabled & MASTER_IRQ_MASK;
- break;
- case 4:
- ret = s->target_cpu;
- break;
- default:
- ret = 0;
- break;
- }
- trace_slavio_intctlm_mem_readl(addr, ret);
-
- return ret;
-}
-
-static void slavio_intctlm_mem_writel(void *opaque, hwaddr addr,
- uint64_t val, unsigned size)
-{
- SLAVIO_INTCTLState *s = opaque;
- uint32_t saddr;
-
- saddr = addr >> 2;
- trace_slavio_intctlm_mem_writel(addr, val);
- switch (saddr) {
- case 2: // clear (enable)
- // Force clear unused bits
- val &= MASTER_IRQ_MASK;
- s->intregm_disabled &= ~val;
- trace_slavio_intctlm_mem_writel_enable(val, s->intregm_disabled);
- slavio_check_interrupts(s, 1);
- break;
- case 3: // set (disable; doesn't affect pending)
- // Force clear unused bits
- val &= MASTER_IRQ_MASK;
- s->intregm_disabled |= val;
- slavio_check_interrupts(s, 1);
- trace_slavio_intctlm_mem_writel_disable(val, s->intregm_disabled);
- break;
- case 4:
- s->target_cpu = val & (MAX_CPUS - 1);
- slavio_check_interrupts(s, 1);
- trace_slavio_intctlm_mem_writel_target(s->target_cpu);
- break;
- default:
- break;
- }
-}
-
-static const MemoryRegionOps slavio_intctlm_mem_ops = {
- .read = slavio_intctlm_mem_readl,
- .write = slavio_intctlm_mem_writel,
- .endianness = DEVICE_NATIVE_ENDIAN,
- .valid = {
- .min_access_size = 4,
- .max_access_size = 4,
- },
-};
-
-void slavio_pic_info(Monitor *mon, DeviceState *dev)
-{
- SysBusDevice *sd;
- SLAVIO_INTCTLState *s;
- int i;
-
- sd = sysbus_from_qdev(dev);
- s = FROM_SYSBUS(SLAVIO_INTCTLState, sd);
- for (i = 0; i < MAX_CPUS; i++) {
- monitor_printf(mon, "per-cpu %d: pending 0x%08x\n", i,
- s->slaves[i].intreg_pending);
- }
- monitor_printf(mon, "master: pending 0x%08x, disabled 0x%08x\n",
- s->intregm_pending, s->intregm_disabled);
-}
-
-void slavio_irq_info(Monitor *mon, DeviceState *dev)
-{
-#ifndef DEBUG_IRQ_COUNT
- monitor_printf(mon, "irq statistic code not compiled.\n");
-#else
- SysBusDevice *sd;
- SLAVIO_INTCTLState *s;
- int i;
- int64_t count;
-
- sd = sysbus_from_qdev(dev);
- s = FROM_SYSBUS(SLAVIO_INTCTLState, sd);
- monitor_printf(mon, "IRQ statistics:\n");
- for (i = 0; i < 32; i++) {
- count = s->irq_count[i];
- if (count > 0)
- monitor_printf(mon, "%2d: %" PRId64 "\n", i, count);
- }
-#endif
-}
-
-static const uint32_t intbit_to_level[] = {
- 2, 3, 5, 7, 9, 11, 13, 2, 3, 5, 7, 9, 11, 13, 12, 12,
- 6, 13, 4, 10, 8, 9, 11, 0, 0, 0, 0, 15, 15, 15, 15, 0,
-};
-
-static void slavio_check_interrupts(SLAVIO_INTCTLState *s, int set_irqs)
-{
- uint32_t pending = s->intregm_pending, pil_pending;
- unsigned int i, j;
-
- pending &= ~s->intregm_disabled;
-
- trace_slavio_check_interrupts(pending, s->intregm_disabled);
- for (i = 0; i < MAX_CPUS; i++) {
- pil_pending = 0;
-
- /* If we are the current interrupt target, get hard interrupts */
- if (pending && !(s->intregm_disabled & MASTER_DISABLE) &&
- (i == s->target_cpu)) {
- for (j = 0; j < 32; j++) {
- if ((pending & (1 << j)) && intbit_to_level[j]) {
- pil_pending |= 1 << intbit_to_level[j];
- }
- }
- }
-
- /* Calculate current pending hard interrupts for display */
- s->slaves[i].intreg_pending &= CPU_SOFTIRQ_MASK | CPU_IRQ_INT15_IN |
- CPU_IRQ_TIMER_IN;
- if (i == s->target_cpu) {
- for (j = 0; j < 32; j++) {
- if ((s->intregm_pending & (1 << j)) && intbit_to_level[j]) {
- s->slaves[i].intreg_pending |= 1 << intbit_to_level[j];
- }
- }
- }
-
- /* Level 15 and CPU timer interrupts are only masked when
- the MASTER_DISABLE bit is set */
- if (!(s->intregm_disabled & MASTER_DISABLE)) {
- pil_pending |= s->slaves[i].intreg_pending &
- (CPU_IRQ_INT15_IN | CPU_IRQ_TIMER_IN);
- }
-
- /* Add soft interrupts */
- pil_pending |= (s->slaves[i].intreg_pending & CPU_SOFTIRQ_MASK) >> 16;
-
- if (set_irqs) {
- /* Since there is not really an interrupt 0 (and pil_pending
- * and irl_out bit zero are thus always zero) there is no need
- * to do anything with cpu_irqs[i][0] and it is OK not to do
- * the j=0 iteration of this loop.
- */
- for (j = MAX_PILS-1; j > 0; j--) {
- if (pil_pending & (1 << j)) {
- if (!(s->slaves[i].irl_out & (1 << j))) {
- qemu_irq_raise(s->cpu_irqs[i][j]);
- }
- } else {
- if (s->slaves[i].irl_out & (1 << j)) {
- qemu_irq_lower(s->cpu_irqs[i][j]);
- }
- }
- }
- }
- s->slaves[i].irl_out = pil_pending;
- }
-}
-
-/*
- * "irq" here is the bit number in the system interrupt register to
- * separate serial and keyboard interrupts sharing a level.
- */
-static void slavio_set_irq(void *opaque, int irq, int level)
-{
- SLAVIO_INTCTLState *s = opaque;
- uint32_t mask = 1 << irq;
- uint32_t pil = intbit_to_level[irq];
- unsigned int i;
-
- trace_slavio_set_irq(s->target_cpu, irq, pil, level);
- if (pil > 0) {
- if (level) {
-#ifdef DEBUG_IRQ_COUNT
- s->irq_count[pil]++;
-#endif
- s->intregm_pending |= mask;
- if (pil == 15) {
- for (i = 0; i < MAX_CPUS; i++) {
- s->slaves[i].intreg_pending |= 1 << pil;
- }
- }
- } else {
- s->intregm_pending &= ~mask;
- if (pil == 15) {
- for (i = 0; i < MAX_CPUS; i++) {
- s->slaves[i].intreg_pending &= ~(1 << pil);
- }
- }
- }
- slavio_check_interrupts(s, 1);
- }
-}
-
-static void slavio_set_timer_irq_cpu(void *opaque, int cpu, int level)
-{
- SLAVIO_INTCTLState *s = opaque;
-
- trace_slavio_set_timer_irq_cpu(cpu, level);
-
- if (level) {
- s->slaves[cpu].intreg_pending |= CPU_IRQ_TIMER_IN;
- } else {
- s->slaves[cpu].intreg_pending &= ~CPU_IRQ_TIMER_IN;
- }
-
- slavio_check_interrupts(s, 1);
-}
-
-static void slavio_set_irq_all(void *opaque, int irq, int level)
-{
- if (irq < 32) {
- slavio_set_irq(opaque, irq, level);
- } else {
- slavio_set_timer_irq_cpu(opaque, irq - 32, level);
- }
-}
-
-static int vmstate_intctl_post_load(void *opaque, int version_id)
-{
- SLAVIO_INTCTLState *s = opaque;
-
- slavio_check_interrupts(s, 0);
- return 0;
-}
-
-static const VMStateDescription vmstate_intctl_cpu = {
- .name ="slavio_intctl_cpu",
- .version_id = 1,
- .minimum_version_id = 1,
- .minimum_version_id_old = 1,
- .fields = (VMStateField []) {
- VMSTATE_UINT32(intreg_pending, SLAVIO_CPUINTCTLState),
- VMSTATE_END_OF_LIST()
- }
-};
-
-static const VMStateDescription vmstate_intctl = {
- .name ="slavio_intctl",
- .version_id = 1,
- .minimum_version_id = 1,
- .minimum_version_id_old = 1,
- .post_load = vmstate_intctl_post_load,
- .fields = (VMStateField []) {
- VMSTATE_STRUCT_ARRAY(slaves, SLAVIO_INTCTLState, MAX_CPUS, 1,
- vmstate_intctl_cpu, SLAVIO_CPUINTCTLState),
- VMSTATE_UINT32(intregm_pending, SLAVIO_INTCTLState),
- VMSTATE_UINT32(intregm_disabled, SLAVIO_INTCTLState),
- VMSTATE_UINT32(target_cpu, SLAVIO_INTCTLState),
- VMSTATE_END_OF_LIST()
- }
-};
-
-static void slavio_intctl_reset(DeviceState *d)
-{
- SLAVIO_INTCTLState *s = container_of(d, SLAVIO_INTCTLState, busdev.qdev);
- int i;
-
- for (i = 0; i < MAX_CPUS; i++) {
- s->slaves[i].intreg_pending = 0;
- s->slaves[i].irl_out = 0;
- }
- s->intregm_disabled = ~MASTER_IRQ_MASK;
- s->intregm_pending = 0;
- s->target_cpu = 0;
- slavio_check_interrupts(s, 0);
-}
-
-static int slavio_intctl_init1(SysBusDevice *dev)
-{
- SLAVIO_INTCTLState *s = FROM_SYSBUS(SLAVIO_INTCTLState, dev);
- unsigned int i, j;
- char slave_name[45];
-
- qdev_init_gpio_in(&dev->qdev, slavio_set_irq_all, 32 + MAX_CPUS);
- memory_region_init_io(&s->iomem, &slavio_intctlm_mem_ops, s,
- "master-interrupt-controller", INTCTLM_SIZE);
- sysbus_init_mmio(dev, &s->iomem);
-
- for (i = 0; i < MAX_CPUS; i++) {
- snprintf(slave_name, sizeof(slave_name),
- "slave-interrupt-controller-%i", i);
- for (j = 0; j < MAX_PILS; j++) {
- sysbus_init_irq(dev, &s->cpu_irqs[i][j]);
- }
- memory_region_init_io(&s->slaves[i].iomem, &slavio_intctl_mem_ops,
- &s->slaves[i], slave_name, INTCTL_SIZE);
- sysbus_init_mmio(dev, &s->slaves[i].iomem);
- s->slaves[i].cpu = i;
- s->slaves[i].master = s;
- }
-
- return 0;
-}
-
-static void slavio_intctl_class_init(ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS(klass);
- SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
-
- k->init = slavio_intctl_init1;
- dc->reset = slavio_intctl_reset;
- dc->vmsd = &vmstate_intctl;
-}
-
-static TypeInfo slavio_intctl_info = {
- .name = "slavio_intctl",
- .parent = TYPE_SYS_BUS_DEVICE,
- .instance_size = sizeof(SLAVIO_INTCTLState),
- .class_init = slavio_intctl_class_init,
-};
-
-static void slavio_intctl_register_types(void)
-{
- type_register_static(&slavio_intctl_info);
-}
-
-type_init(slavio_intctl_register_types)
diff --git a/hw/slavio_misc.c b/hw/slavio_misc.c
deleted file mode 100644
index 682fb457f..000000000
--- a/hw/slavio_misc.c
+++ /dev/null
@@ -1,508 +0,0 @@
-/*
- * QEMU Sparc SLAVIO aux io port emulation
- *
- * Copyright (c) 2005 Fabrice Bellard
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
- * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
- * THE SOFTWARE.
- */
-
-#include "sysemu.h"
-#include "sysbus.h"
-#include "trace.h"
-
-/*
- * This is the auxio port, chip control and system control part of
- * chip STP2001 (Slave I/O), also produced as NCR89C105. See
- * http://www.ibiblio.org/pub/historic-linux/early-ports/Sparc/NCR/NCR89C105.txt
- *
- * This also includes the PMC CPU idle controller.
- */
-
-typedef struct MiscState {
- SysBusDevice busdev;
- MemoryRegion cfg_iomem;
- MemoryRegion diag_iomem;
- MemoryRegion mdm_iomem;
- MemoryRegion led_iomem;
- MemoryRegion sysctrl_iomem;
- MemoryRegion aux1_iomem;
- MemoryRegion aux2_iomem;
- qemu_irq irq;
- qemu_irq fdc_tc;
- uint32_t dummy;
- uint8_t config;
- uint8_t aux1, aux2;
- uint8_t diag, mctrl;
- uint8_t sysctrl;
- uint16_t leds;
-} MiscState;
-
-typedef struct APCState {
- SysBusDevice busdev;
- MemoryRegion iomem;
- qemu_irq cpu_halt;
-} APCState;
-
-#define MISC_SIZE 1
-#define SYSCTRL_SIZE 4
-
-#define AUX1_TC 0x02
-
-#define AUX2_PWROFF 0x01
-#define AUX2_PWRINTCLR 0x02
-#define AUX2_PWRFAIL 0x20
-
-#define CFG_PWRINTEN 0x08
-
-#define SYS_RESET 0x01
-#define SYS_RESETSTAT 0x02
-
-static void slavio_misc_update_irq(void *opaque)
-{
- MiscState *s = opaque;
-
- if ((s->aux2 & AUX2_PWRFAIL) && (s->config & CFG_PWRINTEN)) {
- trace_slavio_misc_update_irq_raise();
- qemu_irq_raise(s->irq);
- } else {
- trace_slavio_misc_update_irq_lower();
- qemu_irq_lower(s->irq);
- }
-}
-
-static void slavio_misc_reset(DeviceState *d)
-{
- MiscState *s = container_of(d, MiscState, busdev.qdev);
-
- // Diagnostic and system control registers not cleared in reset
- s->config = s->aux1 = s->aux2 = s->mctrl = 0;
-}
-
-static void slavio_set_power_fail(void *opaque, int irq, int power_failing)
-{
- MiscState *s = opaque;
-
- trace_slavio_set_power_fail(power_failing, s->config);
- if (power_failing && (s->config & CFG_PWRINTEN)) {
- s->aux2 |= AUX2_PWRFAIL;
- } else {
- s->aux2 &= ~AUX2_PWRFAIL;
- }
- slavio_misc_update_irq(s);
-}
-
-static void slavio_cfg_mem_writeb(void *opaque, hwaddr addr,
- uint64_t val, unsigned size)
-{
- MiscState *s = opaque;
-
- trace_slavio_cfg_mem_writeb(val & 0xff);
- s->config = val & 0xff;
- slavio_misc_update_irq(s);
-}
-
-static uint64_t slavio_cfg_mem_readb(void *opaque, hwaddr addr,
- unsigned size)
-{
- MiscState *s = opaque;
- uint32_t ret = 0;
-
- ret = s->config;
- trace_slavio_cfg_mem_readb(ret);
- return ret;
-}
-
-static const MemoryRegionOps slavio_cfg_mem_ops = {
- .read = slavio_cfg_mem_readb,
- .write = slavio_cfg_mem_writeb,
- .endianness = DEVICE_NATIVE_ENDIAN,
- .valid = {
- .min_access_size = 1,
- .max_access_size = 1,
- },
-};
-
-static void slavio_diag_mem_writeb(void *opaque, hwaddr addr,
- uint64_t val, unsigned size)
-{
- MiscState *s = opaque;
-
- trace_slavio_diag_mem_writeb(val & 0xff);
- s->diag = val & 0xff;
-}
-
-static uint64_t slavio_diag_mem_readb(void *opaque, hwaddr addr,
- unsigned size)
-{
- MiscState *s = opaque;
- uint32_t ret = 0;
-
- ret = s->diag;
- trace_slavio_diag_mem_readb(ret);
- return ret;
-}
-
-static const MemoryRegionOps slavio_diag_mem_ops = {
- .read = slavio_diag_mem_readb,
- .write = slavio_diag_mem_writeb,
- .endianness = DEVICE_NATIVE_ENDIAN,
- .valid = {
- .min_access_size = 1,
- .max_access_size = 1,
- },
-};
-
-static void slavio_mdm_mem_writeb(void *opaque, hwaddr addr,
- uint64_t val, unsigned size)
-{
- MiscState *s = opaque;
-
- trace_slavio_mdm_mem_writeb(val & 0xff);
- s->mctrl = val & 0xff;
-}
-
-static uint64_t slavio_mdm_mem_readb(void *opaque, hwaddr addr,
- unsigned size)
-{
- MiscState *s = opaque;
- uint32_t ret = 0;
-
- ret = s->mctrl;
- trace_slavio_mdm_mem_readb(ret);
- return ret;
-}
-
-static const MemoryRegionOps slavio_mdm_mem_ops = {
- .read = slavio_mdm_mem_readb,
- .write = slavio_mdm_mem_writeb,
- .endianness = DEVICE_NATIVE_ENDIAN,
- .valid = {
- .min_access_size = 1,
- .max_access_size = 1,
- },
-};
-
-static void slavio_aux1_mem_writeb(void *opaque, hwaddr addr,
- uint64_t val, unsigned size)
-{
- MiscState *s = opaque;
-
- trace_slavio_aux1_mem_writeb(val & 0xff);
- if (val & AUX1_TC) {
- // Send a pulse to floppy terminal count line
- if (s->fdc_tc) {
- qemu_irq_raise(s->fdc_tc);
- qemu_irq_lower(s->fdc_tc);
- }
- val &= ~AUX1_TC;
- }
- s->aux1 = val & 0xff;
-}
-
-static uint64_t slavio_aux1_mem_readb(void *opaque, hwaddr addr,
- unsigned size)
-{
- MiscState *s = opaque;
- uint32_t ret = 0;
-
- ret = s->aux1;
- trace_slavio_aux1_mem_readb(ret);
- return ret;
-}
-
-static const MemoryRegionOps slavio_aux1_mem_ops = {
- .read = slavio_aux1_mem_readb,
- .write = slavio_aux1_mem_writeb,
- .endianness = DEVICE_NATIVE_ENDIAN,
- .valid = {
- .min_access_size = 1,
- .max_access_size = 1,
- },
-};
-
-static void slavio_aux2_mem_writeb(void *opaque, hwaddr addr,
- uint64_t val, unsigned size)
-{
- MiscState *s = opaque;
-
- val &= AUX2_PWRINTCLR | AUX2_PWROFF;
- trace_slavio_aux2_mem_writeb(val & 0xff);
- val |= s->aux2 & AUX2_PWRFAIL;
- if (val & AUX2_PWRINTCLR) // Clear Power Fail int
- val &= AUX2_PWROFF;
- s->aux2 = val;
- if (val & AUX2_PWROFF)
- qemu_system_shutdown_request();
- slavio_misc_update_irq(s);
-}
-
-static uint64_t slavio_aux2_mem_readb(void *opaque, hwaddr addr,
- unsigned size)
-{
- MiscState *s = opaque;
- uint32_t ret = 0;
-
- ret = s->aux2;
- trace_slavio_aux2_mem_readb(ret);
- return ret;
-}
-
-static const MemoryRegionOps slavio_aux2_mem_ops = {
- .read = slavio_aux2_mem_readb,
- .write = slavio_aux2_mem_writeb,
- .endianness = DEVICE_NATIVE_ENDIAN,
- .valid = {
- .min_access_size = 1,
- .max_access_size = 1,
- },
-};
-
-static void apc_mem_writeb(void *opaque, hwaddr addr,
- uint64_t val, unsigned size)
-{
- APCState *s = opaque;
-
- trace_apc_mem_writeb(val & 0xff);
- qemu_irq_raise(s->cpu_halt);
-}
-
-static uint64_t apc_mem_readb(void *opaque, hwaddr addr,
- unsigned size)
-{
- uint32_t ret = 0;
-
- trace_apc_mem_readb(ret);
- return ret;
-}
-
-static const MemoryRegionOps apc_mem_ops = {
- .read = apc_mem_readb,
- .write = apc_mem_writeb,
- .endianness = DEVICE_NATIVE_ENDIAN,
- .valid = {
- .min_access_size = 1,
- .max_access_size = 1,
- }
-};
-
-static uint64_t slavio_sysctrl_mem_readl(void *opaque, hwaddr addr,
- unsigned size)
-{
- MiscState *s = opaque;
- uint32_t ret = 0;
-
- switch (addr) {
- case 0:
- ret = s->sysctrl;
- break;
- default:
- break;
- }
- trace_slavio_sysctrl_mem_readl(ret);
- return ret;
-}
-
-static void slavio_sysctrl_mem_writel(void *opaque, hwaddr addr,
- uint64_t val, unsigned size)
-{
- MiscState *s = opaque;
-
- trace_slavio_sysctrl_mem_writel(val);
- switch (addr) {
- case 0:
- if (val & SYS_RESET) {
- s->sysctrl = SYS_RESETSTAT;
- qemu_system_reset_request();
- }
- break;
- default:
- break;
- }
-}
-
-static const MemoryRegionOps slavio_sysctrl_mem_ops = {
- .read = slavio_sysctrl_mem_readl,
- .write = slavio_sysctrl_mem_writel,
- .endianness = DEVICE_NATIVE_ENDIAN,
- .valid = {
- .min_access_size = 4,
- .max_access_size = 4,
- },
-};
-
-static uint64_t slavio_led_mem_readw(void *opaque, hwaddr addr,
- unsigned size)
-{
- MiscState *s = opaque;
- uint32_t ret = 0;
-
- switch (addr) {
- case 0:
- ret = s->leds;
- break;
- default:
- break;
- }
- trace_slavio_led_mem_readw(ret);
- return ret;
-}
-
-static void slavio_led_mem_writew(void *opaque, hwaddr addr,
- uint64_t val, unsigned size)
-{
- MiscState *s = opaque;
-
- trace_slavio_led_mem_readw(val & 0xffff);
- switch (addr) {
- case 0:
- s->leds = val;
- break;
- default:
- break;
- }
-}
-
-static const MemoryRegionOps slavio_led_mem_ops = {
- .read = slavio_led_mem_readw,
- .write = slavio_led_mem_writew,
- .endianness = DEVICE_NATIVE_ENDIAN,
- .valid = {
- .min_access_size = 2,
- .max_access_size = 2,
- },
-};
-
-static const VMStateDescription vmstate_misc = {
- .name ="slavio_misc",
- .version_id = 1,
- .minimum_version_id = 1,
- .minimum_version_id_old = 1,
- .fields = (VMStateField []) {
- VMSTATE_UINT32(dummy, MiscState),
- VMSTATE_UINT8(config, MiscState),
- VMSTATE_UINT8(aux1, MiscState),
- VMSTATE_UINT8(aux2, MiscState),
- VMSTATE_UINT8(diag, MiscState),
- VMSTATE_UINT8(mctrl, MiscState),
- VMSTATE_UINT8(sysctrl, MiscState),
- VMSTATE_END_OF_LIST()
- }
-};
-
-static int apc_init1(SysBusDevice *dev)
-{
- APCState *s = FROM_SYSBUS(APCState, dev);
-
- sysbus_init_irq(dev, &s->cpu_halt);
-
- /* Power management (APC) XXX: not a Slavio device */
- memory_region_init_io(&s->iomem, &apc_mem_ops, s,
- "apc", MISC_SIZE);
- sysbus_init_mmio(dev, &s->iomem);
- return 0;
-}
-
-static int slavio_misc_init1(SysBusDevice *dev)
-{
- MiscState *s = FROM_SYSBUS(MiscState, dev);
-
- sysbus_init_irq(dev, &s->irq);
- sysbus_init_irq(dev, &s->fdc_tc);
-
- /* 8 bit registers */
- /* Slavio control */
- memory_region_init_io(&s->cfg_iomem, &slavio_cfg_mem_ops, s,
- "configuration", MISC_SIZE);
- sysbus_init_mmio(dev, &s->cfg_iomem);
-
- /* Diagnostics */
- memory_region_init_io(&s->diag_iomem, &slavio_diag_mem_ops, s,
- "diagnostic", MISC_SIZE);
- sysbus_init_mmio(dev, &s->diag_iomem);
-
- /* Modem control */
- memory_region_init_io(&s->mdm_iomem, &slavio_mdm_mem_ops, s,
- "modem", MISC_SIZE);
- sysbus_init_mmio(dev, &s->mdm_iomem);
-
- /* 16 bit registers */
- /* ss600mp diag LEDs */
- memory_region_init_io(&s->led_iomem, &slavio_led_mem_ops, s,
- "leds", MISC_SIZE);
- sysbus_init_mmio(dev, &s->led_iomem);
-
- /* 32 bit registers */
- /* System control */
- memory_region_init_io(&s->sysctrl_iomem, &slavio_sysctrl_mem_ops, s,
- "system-control", MISC_SIZE);
- sysbus_init_mmio(dev, &s->sysctrl_iomem);
-
- /* AUX 1 (Misc System Functions) */
- memory_region_init_io(&s->aux1_iomem, &slavio_aux1_mem_ops, s,
- "misc-system-functions", MISC_SIZE);
- sysbus_init_mmio(dev, &s->aux1_iomem);
-
- /* AUX 2 (Software Powerdown Control) */
- memory_region_init_io(&s->aux2_iomem, &slavio_aux2_mem_ops, s,
- "software-powerdown-control", MISC_SIZE);
- sysbus_init_mmio(dev, &s->aux2_iomem);
-
- qdev_init_gpio_in(&dev->qdev, slavio_set_power_fail, 1);
-
- return 0;
-}
-
-static void slavio_misc_class_init(ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS(klass);
- SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
-
- k->init = slavio_misc_init1;
- dc->reset = slavio_misc_reset;
- dc->vmsd = &vmstate_misc;
-}
-
-static TypeInfo slavio_misc_info = {
- .name = "slavio_misc",
- .parent = TYPE_SYS_BUS_DEVICE,
- .instance_size = sizeof(MiscState),
- .class_init = slavio_misc_class_init,
-};
-
-static void apc_class_init(ObjectClass *klass, void *data)
-{
- SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
-
- k->init = apc_init1;
-}
-
-static TypeInfo apc_info = {
- .name = "apc",
- .parent = TYPE_SYS_BUS_DEVICE,
- .instance_size = sizeof(MiscState),
- .class_init = apc_class_init,
-};
-
-static void slavio_misc_register_types(void)
-{
- type_register_static(&slavio_misc_info);
- type_register_static(&apc_info);
-}
-
-type_init(slavio_misc_register_types)
diff --git a/hw/slavio_timer.c b/hw/slavio_timer.c
deleted file mode 100644
index c07ceb1de..000000000
--- a/hw/slavio_timer.c
+++ /dev/null
@@ -1,435 +0,0 @@
-/*
- * QEMU Sparc SLAVIO timer controller emulation
- *
- * Copyright (c) 2003-2005 Fabrice Bellard
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
- * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
- * THE SOFTWARE.
- */
-
-#include "sun4m.h"
-#include "qemu-timer.h"
-#include "ptimer.h"
-#include "sysbus.h"
-#include "trace.h"
-
-/*
- * Registers of hardware timer in sun4m.
- *
- * This is the timer/counter part of chip STP2001 (Slave I/O), also
- * produced as NCR89C105. See
- * http://www.ibiblio.org/pub/historic-linux/early-ports/Sparc/NCR/NCR89C105.txt
- *
- * The 31-bit counter is incremented every 500ns by bit 9. Bits 8..0
- * are zero. Bit 31 is 1 when count has been reached.
- *
- * Per-CPU timers interrupt local CPU, system timer uses normal
- * interrupt routing.
- *
- */
-
-#define MAX_CPUS 16
-
-typedef struct CPUTimerState {
- qemu_irq irq;
- ptimer_state *timer;
- uint32_t count, counthigh, reached;
- /* processor only */
- uint32_t running;
- uint64_t limit;
-} CPUTimerState;
-
-typedef struct SLAVIO_TIMERState {
- SysBusDevice busdev;
- uint32_t num_cpus;
- uint32_t cputimer_mode;
- CPUTimerState cputimer[MAX_CPUS + 1];
-} SLAVIO_TIMERState;
-
-typedef struct TimerContext {
- MemoryRegion iomem;
- SLAVIO_TIMERState *s;
- unsigned int timer_index; /* 0 for system, 1 ... MAX_CPUS for CPU timers */
-} TimerContext;
-
-#define SYS_TIMER_SIZE 0x14
-#define CPU_TIMER_SIZE 0x10
-
-#define TIMER_LIMIT 0
-#define TIMER_COUNTER 1
-#define TIMER_COUNTER_NORST 2
-#define TIMER_STATUS 3
-#define TIMER_MODE 4
-
-#define TIMER_COUNT_MASK32 0xfffffe00
-#define TIMER_LIMIT_MASK32 0x7fffffff
-#define TIMER_MAX_COUNT64 0x7ffffffffffffe00ULL
-#define TIMER_MAX_COUNT32 0x7ffffe00ULL
-#define TIMER_REACHED 0x80000000
-#define TIMER_PERIOD 500ULL // 500ns
-#define LIMIT_TO_PERIODS(l) (((l) >> 9) - 1)
-#define PERIODS_TO_LIMIT(l) (((l) + 1) << 9)
-
-static int slavio_timer_is_user(TimerContext *tc)
-{
- SLAVIO_TIMERState *s = tc->s;
- unsigned int timer_index = tc->timer_index;
-
- return timer_index != 0 && (s->cputimer_mode & (1 << (timer_index - 1)));
-}
-
-// Update count, set irq, update expire_time
-// Convert from ptimer countdown units
-static void slavio_timer_get_out(CPUTimerState *t)
-{
- uint64_t count, limit;
-
- if (t->limit == 0) { /* free-run system or processor counter */
- limit = TIMER_MAX_COUNT32;
- } else {
- limit = t->limit;
- }
- count = limit - PERIODS_TO_LIMIT(ptimer_get_count(t->timer));
-
- trace_slavio_timer_get_out(t->limit, t->counthigh, t->count);
- t->count = count & TIMER_COUNT_MASK32;
- t->counthigh = count >> 32;
-}
-
-// timer callback
-static void slavio_timer_irq(void *opaque)
-{
- TimerContext *tc = opaque;
- SLAVIO_TIMERState *s = tc->s;
- CPUTimerState *t = &s->cputimer[tc->timer_index];
-
- slavio_timer_get_out(t);
- trace_slavio_timer_irq(t->counthigh, t->count);
- /* if limit is 0 (free-run), there will be no match */
- if (t->limit != 0) {
- t->reached = TIMER_REACHED;
- }
- /* there is no interrupt if user timer or free-run */
- if (!slavio_timer_is_user(tc) && t->limit != 0) {
- qemu_irq_raise(t->irq);
- }
-}
-
-static uint64_t slavio_timer_mem_readl(void *opaque, hwaddr addr,
- unsigned size)
-{
- TimerContext *tc = opaque;
- SLAVIO_TIMERState *s = tc->s;
- uint32_t saddr, ret;
- unsigned int timer_index = tc->timer_index;
- CPUTimerState *t = &s->cputimer[timer_index];
-
- saddr = addr >> 2;
- switch (saddr) {
- case TIMER_LIMIT:
- // read limit (system counter mode) or read most signifying
- // part of counter (user mode)
- if (slavio_timer_is_user(tc)) {
- // read user timer MSW
- slavio_timer_get_out(t);
- ret = t->counthigh | t->reached;
- } else {
- // read limit
- // clear irq
- qemu_irq_lower(t->irq);
- t->reached = 0;
- ret = t->limit & TIMER_LIMIT_MASK32;
- }
- break;
- case TIMER_COUNTER:
- // read counter and reached bit (system mode) or read lsbits
- // of counter (user mode)
- slavio_timer_get_out(t);
- if (slavio_timer_is_user(tc)) { // read user timer LSW
- ret = t->count & TIMER_MAX_COUNT64;
- } else { // read limit
- ret = (t->count & TIMER_MAX_COUNT32) |
- t->reached;
- }
- break;
- case TIMER_STATUS:
- // only available in processor counter/timer
- // read start/stop status
- if (timer_index > 0) {
- ret = t->running;
- } else {
- ret = 0;
- }
- break;
- case TIMER_MODE:
- // only available in system counter
- // read user/system mode
- ret = s->cputimer_mode;
- break;
- default:
- trace_slavio_timer_mem_readl_invalid(addr);
- ret = 0;
- break;
- }
- trace_slavio_timer_mem_readl(addr, ret);
- return ret;
-}
-
-static void slavio_timer_mem_writel(void *opaque, hwaddr addr,
- uint64_t val, unsigned size)
-{
- TimerContext *tc = opaque;
- SLAVIO_TIMERState *s = tc->s;
- uint32_t saddr;
- unsigned int timer_index = tc->timer_index;
- CPUTimerState *t = &s->cputimer[timer_index];
-
- trace_slavio_timer_mem_writel(addr, val);
- saddr = addr >> 2;
- switch (saddr) {
- case TIMER_LIMIT:
- if (slavio_timer_is_user(tc)) {
- uint64_t count;
-
- // set user counter MSW, reset counter
- t->limit = TIMER_MAX_COUNT64;
- t->counthigh = val & (TIMER_MAX_COUNT64 >> 32);
- t->reached = 0;
- count = ((uint64_t)t->counthigh << 32) | t->count;
- trace_slavio_timer_mem_writel_limit(timer_index, count);
- ptimer_set_count(t->timer, LIMIT_TO_PERIODS(t->limit - count));
- } else {
- // set limit, reset counter
- qemu_irq_lower(t->irq);
- t->limit = val & TIMER_MAX_COUNT32;
- if (t->timer) {
- if (t->limit == 0) { /* free-run */
- ptimer_set_limit(t->timer,
- LIMIT_TO_PERIODS(TIMER_MAX_COUNT32), 1);
- } else {
- ptimer_set_limit(t->timer, LIMIT_TO_PERIODS(t->limit), 1);
- }
- }
- }
- break;
- case TIMER_COUNTER:
- if (slavio_timer_is_user(tc)) {
- uint64_t count;
-
- // set user counter LSW, reset counter
- t->limit = TIMER_MAX_COUNT64;
- t->count = val & TIMER_MAX_COUNT64;
- t->reached = 0;
- count = ((uint64_t)t->counthigh) << 32 | t->count;
- trace_slavio_timer_mem_writel_limit(timer_index, count);
- ptimer_set_count(t->timer, LIMIT_TO_PERIODS(t->limit - count));
- } else {
- trace_slavio_timer_mem_writel_counter_invalid();
- }
- break;
- case TIMER_COUNTER_NORST:
- // set limit without resetting counter
- t->limit = val & TIMER_MAX_COUNT32;
- if (t->limit == 0) { /* free-run */
- ptimer_set_limit(t->timer, LIMIT_TO_PERIODS(TIMER_MAX_COUNT32), 0);
- } else {
- ptimer_set_limit(t->timer, LIMIT_TO_PERIODS(t->limit), 0);
- }
- break;
- case TIMER_STATUS:
- if (slavio_timer_is_user(tc)) {
- // start/stop user counter
- if ((val & 1) && !t->running) {
- trace_slavio_timer_mem_writel_status_start(timer_index);
- ptimer_run(t->timer, 0);
- t->running = 1;
- } else if (!(val & 1) && t->running) {
- trace_slavio_timer_mem_writel_status_stop(timer_index);
- ptimer_stop(t->timer);
- t->running = 0;
- }
- }
- break;
- case TIMER_MODE:
- if (timer_index == 0) {
- unsigned int i;
-
- for (i = 0; i < s->num_cpus; i++) {
- unsigned int processor = 1 << i;
- CPUTimerState *curr_timer = &s->cputimer[i + 1];
-
- // check for a change in timer mode for this processor
- if ((val & processor) != (s->cputimer_mode & processor)) {
- if (val & processor) { // counter -> user timer
- qemu_irq_lower(curr_timer->irq);
- // counters are always running
- ptimer_stop(curr_timer->timer);
- curr_timer->running = 0;
- // user timer limit is always the same
- curr_timer->limit = TIMER_MAX_COUNT64;
- ptimer_set_limit(curr_timer->timer,
- LIMIT_TO_PERIODS(curr_timer->limit),
- 1);
- // set this processors user timer bit in config
- // register
- s->cputimer_mode |= processor;
- trace_slavio_timer_mem_writel_mode_user(timer_index);
- } else { // user timer -> counter
- // stop the user timer if it is running
- if (curr_timer->running) {
- ptimer_stop(curr_timer->timer);
- }
- // start the counter
- ptimer_run(curr_timer->timer, 0);
- curr_timer->running = 1;
- // clear this processors user timer bit in config
- // register
- s->cputimer_mode &= ~processor;
- trace_slavio_timer_mem_writel_mode_counter(timer_index);
- }
- }
- }
- } else {
- trace_slavio_timer_mem_writel_mode_invalid();
- }
- break;
- default:
- trace_slavio_timer_mem_writel_invalid(addr);
- break;
- }
-}
-
-static const MemoryRegionOps slavio_timer_mem_ops = {
- .read = slavio_timer_mem_readl,
- .write = slavio_timer_mem_writel,
- .endianness = DEVICE_NATIVE_ENDIAN,
- .valid = {
- .min_access_size = 4,
- .max_access_size = 4,
- },
-};
-
-static const VMStateDescription vmstate_timer = {
- .name ="timer",
- .version_id = 3,
- .minimum_version_id = 3,
- .minimum_version_id_old = 3,
- .fields = (VMStateField []) {
- VMSTATE_UINT64(limit, CPUTimerState),
- VMSTATE_UINT32(count, CPUTimerState),
- VMSTATE_UINT32(counthigh, CPUTimerState),
- VMSTATE_UINT32(reached, CPUTimerState),
- VMSTATE_UINT32(running, CPUTimerState),
- VMSTATE_PTIMER(timer, CPUTimerState),
- VMSTATE_END_OF_LIST()
- }
-};
-
-static const VMStateDescription vmstate_slavio_timer = {
- .name ="slavio_timer",
- .version_id = 3,
- .minimum_version_id = 3,
- .minimum_version_id_old = 3,
- .fields = (VMStateField []) {
- VMSTATE_STRUCT_ARRAY(cputimer, SLAVIO_TIMERState, MAX_CPUS + 1, 3,
- vmstate_timer, CPUTimerState),
- VMSTATE_END_OF_LIST()
- }
-};
-
-static void slavio_timer_reset(DeviceState *d)
-{
- SLAVIO_TIMERState *s = container_of(d, SLAVIO_TIMERState, busdev.qdev);
- unsigned int i;
- CPUTimerState *curr_timer;
-
- for (i = 0; i <= MAX_CPUS; i++) {
- curr_timer = &s->cputimer[i];
- curr_timer->limit = 0;
- curr_timer->count = 0;
- curr_timer->reached = 0;
- if (i <= s->num_cpus) {
- ptimer_set_limit(curr_timer->timer,
- LIMIT_TO_PERIODS(TIMER_MAX_COUNT32), 1);
- ptimer_run(curr_timer->timer, 0);
- curr_timer->running = 1;
- }
- }
- s->cputimer_mode = 0;
-}
-
-static int slavio_timer_init1(SysBusDevice *dev)
-{
- SLAVIO_TIMERState *s = FROM_SYSBUS(SLAVIO_TIMERState, dev);
- QEMUBH *bh;
- unsigned int i;
- TimerContext *tc;
-
- for (i = 0; i <= MAX_CPUS; i++) {
- uint64_t size;
- char timer_name[20];
-
- tc = g_malloc0(sizeof(TimerContext));
- tc->s = s;
- tc->timer_index = i;
-
- bh = qemu_bh_new(slavio_timer_irq, tc);
- s->cputimer[i].timer = ptimer_init(bh);
- ptimer_set_period(s->cputimer[i].timer, TIMER_PERIOD);
-
- size = i == 0 ? SYS_TIMER_SIZE : CPU_TIMER_SIZE;
- snprintf(timer_name, sizeof(timer_name), "timer-%i", i);
- memory_region_init_io(&tc->iomem, &slavio_timer_mem_ops, tc,
- timer_name, size);
- sysbus_init_mmio(dev, &tc->iomem);
-
- sysbus_init_irq(dev, &s->cputimer[i].irq);
- }
-
- return 0;
-}
-
-static Property slavio_timer_properties[] = {
- DEFINE_PROP_UINT32("num_cpus", SLAVIO_TIMERState, num_cpus, 0),
- DEFINE_PROP_END_OF_LIST(),
-};
-
-static void slavio_timer_class_init(ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS(klass);
- SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
-
- k->init = slavio_timer_init1;
- dc->reset = slavio_timer_reset;
- dc->vmsd = &vmstate_slavio_timer;
- dc->props = slavio_timer_properties;
-}
-
-static TypeInfo slavio_timer_info = {
- .name = "slavio_timer",
- .parent = TYPE_SYS_BUS_DEVICE,
- .instance_size = sizeof(SLAVIO_TIMERState),
- .class_init = slavio_timer_class_init,
-};
-
-static void slavio_timer_register_types(void)
-{
- type_register_static(&slavio_timer_info);
-}
-
-type_init(slavio_timer_register_types)
diff --git a/hw/slotid_cap.c b/hw/slotid_cap.c
deleted file mode 100644
index 01064521a..000000000
--- a/hw/slotid_cap.c
+++ /dev/null
@@ -1,44 +0,0 @@
-#include "slotid_cap.h"
-#include "pci.h"
-
-#define SLOTID_CAP_LENGTH 4
-#define SLOTID_NSLOTS_SHIFT (ffs(PCI_SID_ESR_NSLOTS) - 1)
-
-int slotid_cap_init(PCIDevice *d, int nslots,
- uint8_t chassis,
- unsigned offset)
-{
- int cap;
- if (!chassis) {
- error_report("Bridge chassis not specified. Each bridge is required "
- "to be assigned a unique chassis id > 0.");
- return -EINVAL;
- }
- if (nslots < 0 || nslots > (PCI_SID_ESR_NSLOTS >> SLOTID_NSLOTS_SHIFT)) {
- /* TODO: error report? */
- return -EINVAL;
- }
-
- cap = pci_add_capability(d, PCI_CAP_ID_SLOTID, offset, SLOTID_CAP_LENGTH);
- if (cap < 0) {
- return cap;
- }
- /* We make each chassis unique, this way each bridge is First in Chassis */
- d->config[cap + PCI_SID_ESR] = PCI_SID_ESR_FIC |
- (nslots << SLOTID_NSLOTS_SHIFT);
- d->cmask[cap + PCI_SID_ESR] = 0xff;
- d->config[cap + PCI_SID_CHASSIS_NR] = chassis;
- /* Note: Chassis number register is non-volatile,
- so we don't reset it. */
- /* TODO: store in eeprom? */
- d->wmask[cap + PCI_SID_CHASSIS_NR] = 0xff;
-
- d->cap_present |= QEMU_PCI_CAP_SLOTID;
- return 0;
-}
-
-void slotid_cap_cleanup(PCIDevice *d)
-{
- /* TODO: cleanup config space? */
- d->cap_present &= ~QEMU_PCI_CAP_SLOTID;
-}
diff --git a/hw/slotid_cap.h b/hw/slotid_cap.h
deleted file mode 100644
index 70db0470b..000000000
--- a/hw/slotid_cap.h
+++ /dev/null
@@ -1,11 +0,0 @@
-#ifndef PCI_SLOTID_CAP_H
-#define PCI_SLOTID_CAP_H
-
-#include "qemu-common.h"
-
-int slotid_cap_init(PCIDevice *dev, int nslots,
- uint8_t chassis,
- unsigned offset);
-void slotid_cap_cleanup(PCIDevice *dev);
-
-#endif
diff --git a/hw/sm501.c b/hw/sm501.c
deleted file mode 100644
index 50324cda5..000000000
--- a/hw/sm501.c
+++ /dev/null
@@ -1,1447 +0,0 @@
-/*
- * QEMU SM501 Device
- *
- * Copyright (c) 2008 Shin-ichiro KAWASAKI
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
- * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
- * THE SOFTWARE.
- */
-
-#include <stdio.h>
-#include "hw.h"
-#include "serial.h"
-#include "console.h"
-#include "devices.h"
-#include "sysbus.h"
-#include "qdev-addr.h"
-#include "range.h"
-
-/*
- * Status: 2010/05/07
- * - Minimum implementation for Linux console : mmio regs and CRT layer.
- * - 2D grapihcs acceleration partially supported : only fill rectangle.
- *
- * TODO:
- * - Panel support
- * - Touch panel support
- * - USB support
- * - UART support
- * - More 2D graphics engine support
- * - Performance tuning
- */
-
-//#define DEBUG_SM501
-//#define DEBUG_BITBLT
-
-#ifdef DEBUG_SM501
-#define SM501_DPRINTF(fmt, ...) printf(fmt, ## __VA_ARGS__)
-#else
-#define SM501_DPRINTF(fmt, ...) do {} while(0)
-#endif
-
-
-#define MMIO_BASE_OFFSET 0x3e00000
-
-/* SM501 register definitions taken from "linux/include/linux/sm501-regs.h" */
-
-/* System Configuration area */
-/* System config base */
-#define SM501_SYS_CONFIG (0x000000)
-
-/* config 1 */
-#define SM501_SYSTEM_CONTROL (0x000000)
-
-#define SM501_SYSCTRL_PANEL_TRISTATE (1<<0)
-#define SM501_SYSCTRL_MEM_TRISTATE (1<<1)
-#define SM501_SYSCTRL_CRT_TRISTATE (1<<2)
-
-#define SM501_SYSCTRL_PCI_SLAVE_BURST_MASK (3<<4)
-#define SM501_SYSCTRL_PCI_SLAVE_BURST_1 (0<<4)
-#define SM501_SYSCTRL_PCI_SLAVE_BURST_2 (1<<4)
-#define SM501_SYSCTRL_PCI_SLAVE_BURST_4 (2<<4)
-#define SM501_SYSCTRL_PCI_SLAVE_BURST_8 (3<<4)
-
-#define SM501_SYSCTRL_PCI_CLOCK_RUN_EN (1<<6)
-#define SM501_SYSCTRL_PCI_RETRY_DISABLE (1<<7)
-#define SM501_SYSCTRL_PCI_SUBSYS_LOCK (1<<11)
-#define SM501_SYSCTRL_PCI_BURST_READ_EN (1<<15)
-
-/* miscellaneous control */
-
-#define SM501_MISC_CONTROL (0x000004)
-
-#define SM501_MISC_BUS_SH (0x0)
-#define SM501_MISC_BUS_PCI (0x1)
-#define SM501_MISC_BUS_XSCALE (0x2)
-#define SM501_MISC_BUS_NEC (0x6)
-#define SM501_MISC_BUS_MASK (0x7)
-
-#define SM501_MISC_VR_62MB (1<<3)
-#define SM501_MISC_CDR_RESET (1<<7)
-#define SM501_MISC_USB_LB (1<<8)
-#define SM501_MISC_USB_SLAVE (1<<9)
-#define SM501_MISC_BL_1 (1<<10)
-#define SM501_MISC_MC (1<<11)
-#define SM501_MISC_DAC_POWER (1<<12)
-#define SM501_MISC_IRQ_INVERT (1<<16)
-#define SM501_MISC_SH (1<<17)
-
-#define SM501_MISC_HOLD_EMPTY (0<<18)
-#define SM501_MISC_HOLD_8 (1<<18)
-#define SM501_MISC_HOLD_16 (2<<18)
-#define SM501_MISC_HOLD_24 (3<<18)
-#define SM501_MISC_HOLD_32 (4<<18)
-#define SM501_MISC_HOLD_MASK (7<<18)
-
-#define SM501_MISC_FREQ_12 (1<<24)
-#define SM501_MISC_PNL_24BIT (1<<25)
-#define SM501_MISC_8051_LE (1<<26)
-
-
-
-#define SM501_GPIO31_0_CONTROL (0x000008)
-#define SM501_GPIO63_32_CONTROL (0x00000C)
-#define SM501_DRAM_CONTROL (0x000010)
-
-/* command list */
-#define SM501_ARBTRTN_CONTROL (0x000014)
-
-/* command list */
-#define SM501_COMMAND_LIST_STATUS (0x000024)
-
-/* interrupt debug */
-#define SM501_RAW_IRQ_STATUS (0x000028)
-#define SM501_RAW_IRQ_CLEAR (0x000028)
-#define SM501_IRQ_STATUS (0x00002C)
-#define SM501_IRQ_MASK (0x000030)
-#define SM501_DEBUG_CONTROL (0x000034)
-
-/* power management */
-#define SM501_POWERMODE_P2X_SRC (1<<29)
-#define SM501_POWERMODE_V2X_SRC (1<<20)
-#define SM501_POWERMODE_M_SRC (1<<12)
-#define SM501_POWERMODE_M1_SRC (1<<4)
-
-#define SM501_CURRENT_GATE (0x000038)
-#define SM501_CURRENT_CLOCK (0x00003C)
-#define SM501_POWER_MODE_0_GATE (0x000040)
-#define SM501_POWER_MODE_0_CLOCK (0x000044)
-#define SM501_POWER_MODE_1_GATE (0x000048)
-#define SM501_POWER_MODE_1_CLOCK (0x00004C)
-#define SM501_SLEEP_MODE_GATE (0x000050)
-#define SM501_POWER_MODE_CONTROL (0x000054)
-
-/* power gates for units within the 501 */
-#define SM501_GATE_HOST (0)
-#define SM501_GATE_MEMORY (1)
-#define SM501_GATE_DISPLAY (2)
-#define SM501_GATE_2D_ENGINE (3)
-#define SM501_GATE_CSC (4)
-#define SM501_GATE_ZVPORT (5)
-#define SM501_GATE_GPIO (6)
-#define SM501_GATE_UART0 (7)
-#define SM501_GATE_UART1 (8)
-#define SM501_GATE_SSP (10)
-#define SM501_GATE_USB_HOST (11)
-#define SM501_GATE_USB_GADGET (12)
-#define SM501_GATE_UCONTROLLER (17)
-#define SM501_GATE_AC97 (18)
-
-/* panel clock */
-#define SM501_CLOCK_P2XCLK (24)
-/* crt clock */
-#define SM501_CLOCK_V2XCLK (16)
-/* main clock */
-#define SM501_CLOCK_MCLK (8)
-/* SDRAM controller clock */
-#define SM501_CLOCK_M1XCLK (0)
-
-/* config 2 */
-#define SM501_PCI_MASTER_BASE (0x000058)
-#define SM501_ENDIAN_CONTROL (0x00005C)
-#define SM501_DEVICEID (0x000060)
-/* 0x050100A0 */
-
-#define SM501_DEVICEID_SM501 (0x05010000)
-#define SM501_DEVICEID_IDMASK (0xffff0000)
-#define SM501_DEVICEID_REVMASK (0x000000ff)
-
-#define SM501_PLLCLOCK_COUNT (0x000064)
-#define SM501_MISC_TIMING (0x000068)
-#define SM501_CURRENT_SDRAM_CLOCK (0x00006C)
-
-#define SM501_PROGRAMMABLE_PLL_CONTROL (0x000074)
-
-/* GPIO base */
-#define SM501_GPIO (0x010000)
-#define SM501_GPIO_DATA_LOW (0x00)
-#define SM501_GPIO_DATA_HIGH (0x04)
-#define SM501_GPIO_DDR_LOW (0x08)
-#define SM501_GPIO_DDR_HIGH (0x0C)
-#define SM501_GPIO_IRQ_SETUP (0x10)
-#define SM501_GPIO_IRQ_STATUS (0x14)
-#define SM501_GPIO_IRQ_RESET (0x14)
-
-/* I2C controller base */
-#define SM501_I2C (0x010040)
-#define SM501_I2C_BYTE_COUNT (0x00)
-#define SM501_I2C_CONTROL (0x01)
-#define SM501_I2C_STATUS (0x02)
-#define SM501_I2C_RESET (0x02)
-#define SM501_I2C_SLAVE_ADDRESS (0x03)
-#define SM501_I2C_DATA (0x04)
-
-/* SSP base */
-#define SM501_SSP (0x020000)
-
-/* Uart 0 base */
-#define SM501_UART0 (0x030000)
-
-/* Uart 1 base */
-#define SM501_UART1 (0x030020)
-
-/* USB host port base */
-#define SM501_USB_HOST (0x040000)
-
-/* USB slave/gadget base */
-#define SM501_USB_GADGET (0x060000)
-
-/* USB slave/gadget data port base */
-#define SM501_USB_GADGET_DATA (0x070000)
-
-/* Display controller/video engine base */
-#define SM501_DC (0x080000)
-
-/* common defines for the SM501 address registers */
-#define SM501_ADDR_FLIP (1<<31)
-#define SM501_ADDR_EXT (1<<27)
-#define SM501_ADDR_CS1 (1<<26)
-#define SM501_ADDR_MASK (0x3f << 26)
-
-#define SM501_FIFO_MASK (0x3 << 16)
-#define SM501_FIFO_1 (0x0 << 16)
-#define SM501_FIFO_3 (0x1 << 16)
-#define SM501_FIFO_7 (0x2 << 16)
-#define SM501_FIFO_11 (0x3 << 16)
-
-/* common registers for panel and the crt */
-#define SM501_OFF_DC_H_TOT (0x000)
-#define SM501_OFF_DC_V_TOT (0x008)
-#define SM501_OFF_DC_H_SYNC (0x004)
-#define SM501_OFF_DC_V_SYNC (0x00C)
-
-#define SM501_DC_PANEL_CONTROL (0x000)
-
-#define SM501_DC_PANEL_CONTROL_FPEN (1<<27)
-#define SM501_DC_PANEL_CONTROL_BIAS (1<<26)
-#define SM501_DC_PANEL_CONTROL_DATA (1<<25)
-#define SM501_DC_PANEL_CONTROL_VDD (1<<24)
-#define SM501_DC_PANEL_CONTROL_DP (1<<23)
-
-#define SM501_DC_PANEL_CONTROL_TFT_888 (0<<21)
-#define SM501_DC_PANEL_CONTROL_TFT_333 (1<<21)
-#define SM501_DC_PANEL_CONTROL_TFT_444 (2<<21)
-
-#define SM501_DC_PANEL_CONTROL_DE (1<<20)
-
-#define SM501_DC_PANEL_CONTROL_LCD_TFT (0<<18)
-#define SM501_DC_PANEL_CONTROL_LCD_STN8 (1<<18)
-#define SM501_DC_PANEL_CONTROL_LCD_STN12 (2<<18)
-
-#define SM501_DC_PANEL_CONTROL_CP (1<<14)
-#define SM501_DC_PANEL_CONTROL_VSP (1<<13)
-#define SM501_DC_PANEL_CONTROL_HSP (1<<12)
-#define SM501_DC_PANEL_CONTROL_CK (1<<9)
-#define SM501_DC_PANEL_CONTROL_TE (1<<8)
-#define SM501_DC_PANEL_CONTROL_VPD (1<<7)
-#define SM501_DC_PANEL_CONTROL_VP (1<<6)
-#define SM501_DC_PANEL_CONTROL_HPD (1<<5)
-#define SM501_DC_PANEL_CONTROL_HP (1<<4)
-#define SM501_DC_PANEL_CONTROL_GAMMA (1<<3)
-#define SM501_DC_PANEL_CONTROL_EN (1<<2)
-
-#define SM501_DC_PANEL_CONTROL_8BPP (0<<0)
-#define SM501_DC_PANEL_CONTROL_16BPP (1<<0)
-#define SM501_DC_PANEL_CONTROL_32BPP (2<<0)
-
-
-#define SM501_DC_PANEL_PANNING_CONTROL (0x004)
-#define SM501_DC_PANEL_COLOR_KEY (0x008)
-#define SM501_DC_PANEL_FB_ADDR (0x00C)
-#define SM501_DC_PANEL_FB_OFFSET (0x010)
-#define SM501_DC_PANEL_FB_WIDTH (0x014)
-#define SM501_DC_PANEL_FB_HEIGHT (0x018)
-#define SM501_DC_PANEL_TL_LOC (0x01C)
-#define SM501_DC_PANEL_BR_LOC (0x020)
-#define SM501_DC_PANEL_H_TOT (0x024)
-#define SM501_DC_PANEL_H_SYNC (0x028)
-#define SM501_DC_PANEL_V_TOT (0x02C)
-#define SM501_DC_PANEL_V_SYNC (0x030)
-#define SM501_DC_PANEL_CUR_LINE (0x034)
-
-#define SM501_DC_VIDEO_CONTROL (0x040)
-#define SM501_DC_VIDEO_FB0_ADDR (0x044)
-#define SM501_DC_VIDEO_FB_WIDTH (0x048)
-#define SM501_DC_VIDEO_FB0_LAST_ADDR (0x04C)
-#define SM501_DC_VIDEO_TL_LOC (0x050)
-#define SM501_DC_VIDEO_BR_LOC (0x054)
-#define SM501_DC_VIDEO_SCALE (0x058)
-#define SM501_DC_VIDEO_INIT_SCALE (0x05C)
-#define SM501_DC_VIDEO_YUV_CONSTANTS (0x060)
-#define SM501_DC_VIDEO_FB1_ADDR (0x064)
-#define SM501_DC_VIDEO_FB1_LAST_ADDR (0x068)
-
-#define SM501_DC_VIDEO_ALPHA_CONTROL (0x080)
-#define SM501_DC_VIDEO_ALPHA_FB_ADDR (0x084)
-#define SM501_DC_VIDEO_ALPHA_FB_OFFSET (0x088)
-#define SM501_DC_VIDEO_ALPHA_FB_LAST_ADDR (0x08C)
-#define SM501_DC_VIDEO_ALPHA_TL_LOC (0x090)
-#define SM501_DC_VIDEO_ALPHA_BR_LOC (0x094)
-#define SM501_DC_VIDEO_ALPHA_SCALE (0x098)
-#define SM501_DC_VIDEO_ALPHA_INIT_SCALE (0x09C)
-#define SM501_DC_VIDEO_ALPHA_CHROMA_KEY (0x0A0)
-#define SM501_DC_VIDEO_ALPHA_COLOR_LOOKUP (0x0A4)
-
-#define SM501_DC_PANEL_HWC_BASE (0x0F0)
-#define SM501_DC_PANEL_HWC_ADDR (0x0F0)
-#define SM501_DC_PANEL_HWC_LOC (0x0F4)
-#define SM501_DC_PANEL_HWC_COLOR_1_2 (0x0F8)
-#define SM501_DC_PANEL_HWC_COLOR_3 (0x0FC)
-
-#define SM501_HWC_EN (1<<31)
-
-#define SM501_OFF_HWC_ADDR (0x00)
-#define SM501_OFF_HWC_LOC (0x04)
-#define SM501_OFF_HWC_COLOR_1_2 (0x08)
-#define SM501_OFF_HWC_COLOR_3 (0x0C)
-
-#define SM501_DC_ALPHA_CONTROL (0x100)
-#define SM501_DC_ALPHA_FB_ADDR (0x104)
-#define SM501_DC_ALPHA_FB_OFFSET (0x108)
-#define SM501_DC_ALPHA_TL_LOC (0x10C)
-#define SM501_DC_ALPHA_BR_LOC (0x110)
-#define SM501_DC_ALPHA_CHROMA_KEY (0x114)
-#define SM501_DC_ALPHA_COLOR_LOOKUP (0x118)
-
-#define SM501_DC_CRT_CONTROL (0x200)
-
-#define SM501_DC_CRT_CONTROL_TVP (1<<15)
-#define SM501_DC_CRT_CONTROL_CP (1<<14)
-#define SM501_DC_CRT_CONTROL_VSP (1<<13)
-#define SM501_DC_CRT_CONTROL_HSP (1<<12)
-#define SM501_DC_CRT_CONTROL_VS (1<<11)
-#define SM501_DC_CRT_CONTROL_BLANK (1<<10)
-#define SM501_DC_CRT_CONTROL_SEL (1<<9)
-#define SM501_DC_CRT_CONTROL_TE (1<<8)
-#define SM501_DC_CRT_CONTROL_PIXEL_MASK (0xF << 4)
-#define SM501_DC_CRT_CONTROL_GAMMA (1<<3)
-#define SM501_DC_CRT_CONTROL_ENABLE (1<<2)
-
-#define SM501_DC_CRT_CONTROL_8BPP (0<<0)
-#define SM501_DC_CRT_CONTROL_16BPP (1<<0)
-#define SM501_DC_CRT_CONTROL_32BPP (2<<0)
-
-#define SM501_DC_CRT_FB_ADDR (0x204)
-#define SM501_DC_CRT_FB_OFFSET (0x208)
-#define SM501_DC_CRT_H_TOT (0x20C)
-#define SM501_DC_CRT_H_SYNC (0x210)
-#define SM501_DC_CRT_V_TOT (0x214)
-#define SM501_DC_CRT_V_SYNC (0x218)
-#define SM501_DC_CRT_SIGNATURE_ANALYZER (0x21C)
-#define SM501_DC_CRT_CUR_LINE (0x220)
-#define SM501_DC_CRT_MONITOR_DETECT (0x224)
-
-#define SM501_DC_CRT_HWC_BASE (0x230)
-#define SM501_DC_CRT_HWC_ADDR (0x230)
-#define SM501_DC_CRT_HWC_LOC (0x234)
-#define SM501_DC_CRT_HWC_COLOR_1_2 (0x238)
-#define SM501_DC_CRT_HWC_COLOR_3 (0x23C)
-
-#define SM501_DC_PANEL_PALETTE (0x400)
-
-#define SM501_DC_VIDEO_PALETTE (0x800)
-
-#define SM501_DC_CRT_PALETTE (0xC00)
-
-/* Zoom Video port base */
-#define SM501_ZVPORT (0x090000)
-
-/* AC97/I2S base */
-#define SM501_AC97 (0x0A0000)
-
-/* 8051 micro controller base */
-#define SM501_UCONTROLLER (0x0B0000)
-
-/* 8051 micro controller SRAM base */
-#define SM501_UCONTROLLER_SRAM (0x0C0000)
-
-/* DMA base */
-#define SM501_DMA (0x0D0000)
-
-/* 2d engine base */
-#define SM501_2D_ENGINE (0x100000)
-#define SM501_2D_SOURCE (0x00)
-#define SM501_2D_DESTINATION (0x04)
-#define SM501_2D_DIMENSION (0x08)
-#define SM501_2D_CONTROL (0x0C)
-#define SM501_2D_PITCH (0x10)
-#define SM501_2D_FOREGROUND (0x14)
-#define SM501_2D_BACKGROUND (0x18)
-#define SM501_2D_STRETCH (0x1C)
-#define SM501_2D_COLOR_COMPARE (0x20)
-#define SM501_2D_COLOR_COMPARE_MASK (0x24)
-#define SM501_2D_MASK (0x28)
-#define SM501_2D_CLIP_TL (0x2C)
-#define SM501_2D_CLIP_BR (0x30)
-#define SM501_2D_MONO_PATTERN_LOW (0x34)
-#define SM501_2D_MONO_PATTERN_HIGH (0x38)
-#define SM501_2D_WINDOW_WIDTH (0x3C)
-#define SM501_2D_SOURCE_BASE (0x40)
-#define SM501_2D_DESTINATION_BASE (0x44)
-#define SM501_2D_ALPHA (0x48)
-#define SM501_2D_WRAP (0x4C)
-#define SM501_2D_STATUS (0x50)
-
-#define SM501_CSC_Y_SOURCE_BASE (0xC8)
-#define SM501_CSC_CONSTANTS (0xCC)
-#define SM501_CSC_Y_SOURCE_X (0xD0)
-#define SM501_CSC_Y_SOURCE_Y (0xD4)
-#define SM501_CSC_U_SOURCE_BASE (0xD8)
-#define SM501_CSC_V_SOURCE_BASE (0xDC)
-#define SM501_CSC_SOURCE_DIMENSION (0xE0)
-#define SM501_CSC_SOURCE_PITCH (0xE4)
-#define SM501_CSC_DESTINATION (0xE8)
-#define SM501_CSC_DESTINATION_DIMENSION (0xEC)
-#define SM501_CSC_DESTINATION_PITCH (0xF0)
-#define SM501_CSC_SCALE_FACTOR (0xF4)
-#define SM501_CSC_DESTINATION_BASE (0xF8)
-#define SM501_CSC_CONTROL (0xFC)
-
-/* 2d engine data port base */
-#define SM501_2D_ENGINE_DATA (0x110000)
-
-/* end of register definitions */
-
-#define SM501_HWC_WIDTH (64)
-#define SM501_HWC_HEIGHT (64)
-
-/* SM501 local memory size taken from "linux/drivers/mfd/sm501.c" */
-static const uint32_t sm501_mem_local_size[] = {
- [0] = 4*1024*1024,
- [1] = 8*1024*1024,
- [2] = 16*1024*1024,
- [3] = 32*1024*1024,
- [4] = 64*1024*1024,
- [5] = 2*1024*1024,
-};
-#define get_local_mem_size(s) sm501_mem_local_size[(s)->local_mem_size_index]
-
-typedef struct SM501State {
- /* graphic console status */
- DisplayState *ds;
-
- /* status & internal resources */
- hwaddr base;
- uint32_t local_mem_size_index;
- uint8_t * local_mem;
- MemoryRegion local_mem_region;
- uint32_t last_width;
- uint32_t last_height;
-
- /* mmio registers */
- uint32_t system_control;
- uint32_t misc_control;
- uint32_t gpio_31_0_control;
- uint32_t gpio_63_32_control;
- uint32_t dram_control;
- uint32_t irq_mask;
- uint32_t misc_timing;
- uint32_t power_mode_control;
-
- uint32_t uart0_ier;
- uint32_t uart0_lcr;
- uint32_t uart0_mcr;
- uint32_t uart0_scr;
-
- uint8_t dc_palette[0x400 * 3];
-
- uint32_t dc_panel_control;
- uint32_t dc_panel_panning_control;
- uint32_t dc_panel_fb_addr;
- uint32_t dc_panel_fb_offset;
- uint32_t dc_panel_fb_width;
- uint32_t dc_panel_fb_height;
- uint32_t dc_panel_tl_location;
- uint32_t dc_panel_br_location;
- uint32_t dc_panel_h_total;
- uint32_t dc_panel_h_sync;
- uint32_t dc_panel_v_total;
- uint32_t dc_panel_v_sync;
-
- uint32_t dc_panel_hwc_addr;
- uint32_t dc_panel_hwc_location;
- uint32_t dc_panel_hwc_color_1_2;
- uint32_t dc_panel_hwc_color_3;
-
- uint32_t dc_crt_control;
- uint32_t dc_crt_fb_addr;
- uint32_t dc_crt_fb_offset;
- uint32_t dc_crt_h_total;
- uint32_t dc_crt_h_sync;
- uint32_t dc_crt_v_total;
- uint32_t dc_crt_v_sync;
-
- uint32_t dc_crt_hwc_addr;
- uint32_t dc_crt_hwc_location;
- uint32_t dc_crt_hwc_color_1_2;
- uint32_t dc_crt_hwc_color_3;
-
- uint32_t twoD_source;
- uint32_t twoD_destination;
- uint32_t twoD_dimension;
- uint32_t twoD_control;
- uint32_t twoD_pitch;
- uint32_t twoD_foreground;
- uint32_t twoD_stretch;
- uint32_t twoD_color_compare_mask;
- uint32_t twoD_mask;
- uint32_t twoD_window_width;
- uint32_t twoD_source_base;
- uint32_t twoD_destination_base;
-
-} SM501State;
-
-static uint32_t get_local_mem_size_index(uint32_t size)
-{
- uint32_t norm_size = 0;
- int i, index = 0;
-
- for (i = 0; i < ARRAY_SIZE(sm501_mem_local_size); i++) {
- uint32_t new_size = sm501_mem_local_size[i];
- if (new_size >= size) {
- if (norm_size == 0 || norm_size > new_size) {
- norm_size = new_size;
- index = i;
- }
- }
- }
-
- return index;
-}
-
-/**
- * Check the availability of hardware cursor.
- * @param crt 0 for PANEL, 1 for CRT.
- */
-static inline int is_hwc_enabled(SM501State *state, int crt)
-{
- uint32_t addr = crt ? state->dc_crt_hwc_addr : state->dc_panel_hwc_addr;
- return addr & 0x80000000;
-}
-
-/**
- * Get the address which holds cursor pattern data.
- * @param crt 0 for PANEL, 1 for CRT.
- */
-static inline uint32_t get_hwc_address(SM501State *state, int crt)
-{
- uint32_t addr = crt ? state->dc_crt_hwc_addr : state->dc_panel_hwc_addr;
- return (addr & 0x03FFFFF0)/* >> 4*/;
-}
-
-/**
- * Get the cursor position in y coordinate.
- * @param crt 0 for PANEL, 1 for CRT.
- */
-static inline uint32_t get_hwc_y(SM501State *state, int crt)
-{
- uint32_t location = crt ? state->dc_crt_hwc_location
- : state->dc_panel_hwc_location;
- return (location & 0x07FF0000) >> 16;
-}
-
-/**
- * Get the cursor position in x coordinate.
- * @param crt 0 for PANEL, 1 for CRT.
- */
-static inline uint32_t get_hwc_x(SM501State *state, int crt)
-{
- uint32_t location = crt ? state->dc_crt_hwc_location
- : state->dc_panel_hwc_location;
- return location & 0x000007FF;
-}
-
-/**
- * Get the cursor position in x coordinate.
- * @param crt 0 for PANEL, 1 for CRT.
- * @param index 0, 1, 2 or 3 which specifies color of corsor dot.
- */
-static inline uint16_t get_hwc_color(SM501State *state, int crt, int index)
-{
- uint32_t color_reg = 0;
- uint16_t color_565 = 0;
-
- if (index == 0) {
- return 0;
- }
-
- switch (index) {
- case 1:
- case 2:
- color_reg = crt ? state->dc_crt_hwc_color_1_2
- : state->dc_panel_hwc_color_1_2;
- break;
- case 3:
- color_reg = crt ? state->dc_crt_hwc_color_3
- : state->dc_panel_hwc_color_3;
- break;
- default:
- printf("invalid hw cursor color.\n");
- abort();
- }
-
- switch (index) {
- case 1:
- case 3:
- color_565 = (uint16_t)(color_reg & 0xFFFF);
- break;
- case 2:
- color_565 = (uint16_t)((color_reg >> 16) & 0xFFFF);
- break;
- }
- return color_565;
-}
-
-static int within_hwc_y_range(SM501State *state, int y, int crt)
-{
- int hwc_y = get_hwc_y(state, crt);
- return (hwc_y <= y && y < hwc_y + SM501_HWC_HEIGHT);
-}
-
-static void sm501_2d_operation(SM501State * s)
-{
- /* obtain operation parameters */
- int operation = (s->twoD_control >> 16) & 0x1f;
- int rtl = s->twoD_control & 0x8000000;
- int src_x = (s->twoD_source >> 16) & 0x01FFF;
- int src_y = s->twoD_source & 0xFFFF;
- int dst_x = (s->twoD_destination >> 16) & 0x01FFF;
- int dst_y = s->twoD_destination & 0xFFFF;
- int operation_width = (s->twoD_dimension >> 16) & 0x1FFF;
- int operation_height = s->twoD_dimension & 0xFFFF;
- uint32_t color = s->twoD_foreground;
- int format_flags = (s->twoD_stretch >> 20) & 0x3;
- int addressing = (s->twoD_stretch >> 16) & 0xF;
-
- /* get frame buffer info */
- uint8_t * src = s->local_mem + (s->twoD_source_base & 0x03FFFFFF);
- uint8_t * dst = s->local_mem + (s->twoD_destination_base & 0x03FFFFFF);
- int src_width = (s->dc_crt_h_total & 0x00000FFF) + 1;
- int dst_width = (s->dc_crt_h_total & 0x00000FFF) + 1;
-
- if (addressing != 0x0) {
- printf("%s: only XY addressing is supported.\n", __func__);
- abort();
- }
-
- if ((s->twoD_source_base & 0x08000000) ||
- (s->twoD_destination_base & 0x08000000)) {
- printf("%s: only local memory is supported.\n", __func__);
- abort();
- }
-
- switch (operation) {
- case 0x00: /* copy area */
-#define COPY_AREA(_bpp, _pixel_type, rtl) { \
- int y, x, index_d, index_s; \
- for (y = 0; y < operation_height; y++) { \
- for (x = 0; x < operation_width; x++) { \
- if (rtl) { \
- index_s = ((src_y - y) * src_width + src_x - x) * _bpp; \
- index_d = ((dst_y - y) * dst_width + dst_x - x) * _bpp; \
- } else { \
- index_s = ((src_y + y) * src_width + src_x + x) * _bpp; \
- index_d = ((dst_y + y) * dst_width + dst_x + x) * _bpp; \
- } \
- *(_pixel_type*)&dst[index_d] = *(_pixel_type*)&src[index_s];\
- } \
- } \
- }
- switch (format_flags) {
- case 0:
- COPY_AREA(1, uint8_t, rtl);
- break;
- case 1:
- COPY_AREA(2, uint16_t, rtl);
- break;
- case 2:
- COPY_AREA(4, uint32_t, rtl);
- break;
- }
- break;
-
- case 0x01: /* fill rectangle */
-#define FILL_RECT(_bpp, _pixel_type) { \
- int y, x; \
- for (y = 0; y < operation_height; y++) { \
- for (x = 0; x < operation_width; x++) { \
- int index = ((dst_y + y) * dst_width + dst_x + x) * _bpp; \
- *(_pixel_type*)&dst[index] = (_pixel_type)color; \
- } \
- } \
- }
-
- switch (format_flags) {
- case 0:
- FILL_RECT(1, uint8_t);
- break;
- case 1:
- FILL_RECT(2, uint16_t);
- break;
- case 2:
- FILL_RECT(4, uint32_t);
- break;
- }
- break;
-
- default:
- printf("non-implemented SM501 2D operation. %d\n", operation);
- abort();
- break;
- }
-}
-
-static uint64_t sm501_system_config_read(void *opaque, hwaddr addr,
- unsigned size)
-{
- SM501State * s = (SM501State *)opaque;
- uint32_t ret = 0;
- SM501_DPRINTF("sm501 system config regs : read addr=%x\n", (int)addr);
-
- switch(addr) {
- case SM501_SYSTEM_CONTROL:
- ret = s->system_control;
- break;
- case SM501_MISC_CONTROL:
- ret = s->misc_control;
- break;
- case SM501_GPIO31_0_CONTROL:
- ret = s->gpio_31_0_control;
- break;
- case SM501_GPIO63_32_CONTROL:
- ret = s->gpio_63_32_control;
- break;
- case SM501_DEVICEID:
- ret = 0x050100A0;
- break;
- case SM501_DRAM_CONTROL:
- ret = (s->dram_control & 0x07F107C0) | s->local_mem_size_index << 13;
- break;
- case SM501_IRQ_MASK:
- ret = s->irq_mask;
- break;
- case SM501_MISC_TIMING:
- /* TODO : simulate gate control */
- ret = s->misc_timing;
- break;
- case SM501_CURRENT_GATE:
- /* TODO : simulate gate control */
- ret = 0x00021807;
- break;
- case SM501_CURRENT_CLOCK:
- ret = 0x2A1A0A09;
- break;
- case SM501_POWER_MODE_CONTROL:
- ret = s->power_mode_control;
- break;
-
- default:
- printf("sm501 system config : not implemented register read."
- " addr=%x\n", (int)addr);
- abort();
- }
-
- return ret;
-}
-
-static void sm501_system_config_write(void *opaque, hwaddr addr,
- uint64_t value, unsigned size)
-{
- SM501State * s = (SM501State *)opaque;
- SM501_DPRINTF("sm501 system config regs : write addr=%x, val=%x\n",
- (uint32_t)addr, (uint32_t)value);
-
- switch(addr) {
- case SM501_SYSTEM_CONTROL:
- s->system_control = value & 0xE300B8F7;
- break;
- case SM501_MISC_CONTROL:
- s->misc_control = value & 0xFF7FFF20;
- break;
- case SM501_GPIO31_0_CONTROL:
- s->gpio_31_0_control = value;
- break;
- case SM501_GPIO63_32_CONTROL:
- s->gpio_63_32_control = value;
- break;
- case SM501_DRAM_CONTROL:
- s->local_mem_size_index = (value >> 13) & 0x7;
- /* rODO : check validity of size change */
- s->dram_control |= value & 0x7FFFFFC3;
- break;
- case SM501_IRQ_MASK:
- s->irq_mask = value;
- break;
- case SM501_MISC_TIMING:
- s->misc_timing = value & 0xF31F1FFF;
- break;
- case SM501_POWER_MODE_0_GATE:
- case SM501_POWER_MODE_1_GATE:
- case SM501_POWER_MODE_0_CLOCK:
- case SM501_POWER_MODE_1_CLOCK:
- /* TODO : simulate gate & clock control */
- break;
- case SM501_POWER_MODE_CONTROL:
- s->power_mode_control = value & 0x00000003;
- break;
-
- default:
- printf("sm501 system config : not implemented register write."
- " addr=%x, val=%x\n", (int)addr, (uint32_t)value);
- abort();
- }
-}
-
-static const MemoryRegionOps sm501_system_config_ops = {
- .read = sm501_system_config_read,
- .write = sm501_system_config_write,
- .valid = {
- .min_access_size = 4,
- .max_access_size = 4,
- },
- .endianness = DEVICE_NATIVE_ENDIAN,
-};
-
-static uint32_t sm501_palette_read(void *opaque, hwaddr addr)
-{
- SM501State * s = (SM501State *)opaque;
- SM501_DPRINTF("sm501 palette read addr=%x\n", (int)addr);
-
- /* TODO : consider BYTE/WORD access */
- /* TODO : consider endian */
-
- assert(range_covers_byte(0, 0x400 * 3, addr));
- return *(uint32_t*)&s->dc_palette[addr];
-}
-
-static void sm501_palette_write(void *opaque,
- hwaddr addr, uint32_t value)
-{
- SM501State * s = (SM501State *)opaque;
- SM501_DPRINTF("sm501 palette write addr=%x, val=%x\n",
- (int)addr, value);
-
- /* TODO : consider BYTE/WORD access */
- /* TODO : consider endian */
-
- assert(range_covers_byte(0, 0x400 * 3, addr));
- *(uint32_t*)&s->dc_palette[addr] = value;
-}
-
-static uint64_t sm501_disp_ctrl_read(void *opaque, hwaddr addr,
- unsigned size)
-{
- SM501State * s = (SM501State *)opaque;
- uint32_t ret = 0;
- SM501_DPRINTF("sm501 disp ctrl regs : read addr=%x\n", (int)addr);
-
- switch(addr) {
-
- case SM501_DC_PANEL_CONTROL:
- ret = s->dc_panel_control;
- break;
- case SM501_DC_PANEL_PANNING_CONTROL:
- ret = s->dc_panel_panning_control;
- break;
- case SM501_DC_PANEL_FB_ADDR:
- ret = s->dc_panel_fb_addr;
- break;
- case SM501_DC_PANEL_FB_OFFSET:
- ret = s->dc_panel_fb_offset;
- break;
- case SM501_DC_PANEL_FB_WIDTH:
- ret = s->dc_panel_fb_width;
- break;
- case SM501_DC_PANEL_FB_HEIGHT:
- ret = s->dc_panel_fb_height;
- break;
- case SM501_DC_PANEL_TL_LOC:
- ret = s->dc_panel_tl_location;
- break;
- case SM501_DC_PANEL_BR_LOC:
- ret = s->dc_panel_br_location;
- break;
-
- case SM501_DC_PANEL_H_TOT:
- ret = s->dc_panel_h_total;
- break;
- case SM501_DC_PANEL_H_SYNC:
- ret = s->dc_panel_h_sync;
- break;
- case SM501_DC_PANEL_V_TOT:
- ret = s->dc_panel_v_total;
- break;
- case SM501_DC_PANEL_V_SYNC:
- ret = s->dc_panel_v_sync;
- break;
-
- case SM501_DC_CRT_CONTROL:
- ret = s->dc_crt_control;
- break;
- case SM501_DC_CRT_FB_ADDR:
- ret = s->dc_crt_fb_addr;
- break;
- case SM501_DC_CRT_FB_OFFSET:
- ret = s->dc_crt_fb_offset;
- break;
- case SM501_DC_CRT_H_TOT:
- ret = s->dc_crt_h_total;
- break;
- case SM501_DC_CRT_H_SYNC:
- ret = s->dc_crt_h_sync;
- break;
- case SM501_DC_CRT_V_TOT:
- ret = s->dc_crt_v_total;
- break;
- case SM501_DC_CRT_V_SYNC:
- ret = s->dc_crt_v_sync;
- break;
-
- case SM501_DC_CRT_HWC_ADDR:
- ret = s->dc_crt_hwc_addr;
- break;
- case SM501_DC_CRT_HWC_LOC:
- ret = s->dc_crt_hwc_location;
- break;
- case SM501_DC_CRT_HWC_COLOR_1_2:
- ret = s->dc_crt_hwc_color_1_2;
- break;
- case SM501_DC_CRT_HWC_COLOR_3:
- ret = s->dc_crt_hwc_color_3;
- break;
-
- case SM501_DC_PANEL_PALETTE ... SM501_DC_PANEL_PALETTE + 0x400*3 - 4:
- ret = sm501_palette_read(opaque, addr - SM501_DC_PANEL_PALETTE);
- break;
-
- default:
- printf("sm501 disp ctrl : not implemented register read."
- " addr=%x\n", (int)addr);
- abort();
- }
-
- return ret;
-}
-
-static void sm501_disp_ctrl_write(void *opaque, hwaddr addr,
- uint64_t value, unsigned size)
-{
- SM501State * s = (SM501State *)opaque;
- SM501_DPRINTF("sm501 disp ctrl regs : write addr=%x, val=%x\n",
- (unsigned)addr, (unsigned)value);
-
- switch(addr) {
- case SM501_DC_PANEL_CONTROL:
- s->dc_panel_control = value & 0x0FFF73FF;
- break;
- case SM501_DC_PANEL_PANNING_CONTROL:
- s->dc_panel_panning_control = value & 0xFF3FFF3F;
- break;
- case SM501_DC_PANEL_FB_ADDR:
- s->dc_panel_fb_addr = value & 0x8FFFFFF0;
- break;
- case SM501_DC_PANEL_FB_OFFSET:
- s->dc_panel_fb_offset = value & 0x3FF03FF0;
- break;
- case SM501_DC_PANEL_FB_WIDTH:
- s->dc_panel_fb_width = value & 0x0FFF0FFF;
- break;
- case SM501_DC_PANEL_FB_HEIGHT:
- s->dc_panel_fb_height = value & 0x0FFF0FFF;
- break;
- case SM501_DC_PANEL_TL_LOC:
- s->dc_panel_tl_location = value & 0x07FF07FF;
- break;
- case SM501_DC_PANEL_BR_LOC:
- s->dc_panel_br_location = value & 0x07FF07FF;
- break;
-
- case SM501_DC_PANEL_H_TOT:
- s->dc_panel_h_total = value & 0x0FFF0FFF;
- break;
- case SM501_DC_PANEL_H_SYNC:
- s->dc_panel_h_sync = value & 0x00FF0FFF;
- break;
- case SM501_DC_PANEL_V_TOT:
- s->dc_panel_v_total = value & 0x0FFF0FFF;
- break;
- case SM501_DC_PANEL_V_SYNC:
- s->dc_panel_v_sync = value & 0x003F0FFF;
- break;
-
- case SM501_DC_PANEL_HWC_ADDR:
- s->dc_panel_hwc_addr = value & 0x8FFFFFF0;
- break;
- case SM501_DC_PANEL_HWC_LOC:
- s->dc_panel_hwc_location = value & 0x0FFF0FFF;
- break;
- case SM501_DC_PANEL_HWC_COLOR_1_2:
- s->dc_panel_hwc_color_1_2 = value;
- break;
- case SM501_DC_PANEL_HWC_COLOR_3:
- s->dc_panel_hwc_color_3 = value & 0x0000FFFF;
- break;
-
- case SM501_DC_CRT_CONTROL:
- s->dc_crt_control = value & 0x0003FFFF;
- break;
- case SM501_DC_CRT_FB_ADDR:
- s->dc_crt_fb_addr = value & 0x8FFFFFF0;
- break;
- case SM501_DC_CRT_FB_OFFSET:
- s->dc_crt_fb_offset = value & 0x3FF03FF0;
- break;
- case SM501_DC_CRT_H_TOT:
- s->dc_crt_h_total = value & 0x0FFF0FFF;
- break;
- case SM501_DC_CRT_H_SYNC:
- s->dc_crt_h_sync = value & 0x00FF0FFF;
- break;
- case SM501_DC_CRT_V_TOT:
- s->dc_crt_v_total = value & 0x0FFF0FFF;
- break;
- case SM501_DC_CRT_V_SYNC:
- s->dc_crt_v_sync = value & 0x003F0FFF;
- break;
-
- case SM501_DC_CRT_HWC_ADDR:
- s->dc_crt_hwc_addr = value & 0x8FFFFFF0;
- break;
- case SM501_DC_CRT_HWC_LOC:
- s->dc_crt_hwc_location = value & 0x0FFF0FFF;
- break;
- case SM501_DC_CRT_HWC_COLOR_1_2:
- s->dc_crt_hwc_color_1_2 = value;
- break;
- case SM501_DC_CRT_HWC_COLOR_3:
- s->dc_crt_hwc_color_3 = value & 0x0000FFFF;
- break;
-
- case SM501_DC_PANEL_PALETTE ... SM501_DC_PANEL_PALETTE + 0x400*3 - 4:
- sm501_palette_write(opaque, addr - SM501_DC_PANEL_PALETTE, value);
- break;
-
- default:
- printf("sm501 disp ctrl : not implemented register write."
- " addr=%x, val=%x\n", (int)addr, (unsigned)value);
- abort();
- }
-}
-
-static const MemoryRegionOps sm501_disp_ctrl_ops = {
- .read = sm501_disp_ctrl_read,
- .write = sm501_disp_ctrl_write,
- .valid = {
- .min_access_size = 4,
- .max_access_size = 4,
- },
- .endianness = DEVICE_NATIVE_ENDIAN,
-};
-
-static uint64_t sm501_2d_engine_read(void *opaque, hwaddr addr,
- unsigned size)
-{
- SM501State * s = (SM501State *)opaque;
- uint32_t ret = 0;
- SM501_DPRINTF("sm501 2d engine regs : read addr=%x\n", (int)addr);
-
- switch(addr) {
- case SM501_2D_SOURCE_BASE:
- ret = s->twoD_source_base;
- break;
- default:
- printf("sm501 disp ctrl : not implemented register read."
- " addr=%x\n", (int)addr);
- abort();
- }
-
- return ret;
-}
-
-static void sm501_2d_engine_write(void *opaque, hwaddr addr,
- uint64_t value, unsigned size)
-{
- SM501State * s = (SM501State *)opaque;
- SM501_DPRINTF("sm501 2d engine regs : write addr=%x, val=%x\n",
- (unsigned)addr, (unsigned)value);
-
- switch(addr) {
- case SM501_2D_SOURCE:
- s->twoD_source = value;
- break;
- case SM501_2D_DESTINATION:
- s->twoD_destination = value;
- break;
- case SM501_2D_DIMENSION:
- s->twoD_dimension = value;
- break;
- case SM501_2D_CONTROL:
- s->twoD_control = value;
-
- /* do 2d operation if start flag is set. */
- if (value & 0x80000000) {
- sm501_2d_operation(s);
- s->twoD_control &= ~0x80000000; /* start flag down */
- }
-
- break;
- case SM501_2D_PITCH:
- s->twoD_pitch = value;
- break;
- case SM501_2D_FOREGROUND:
- s->twoD_foreground = value;
- break;
- case SM501_2D_STRETCH:
- s->twoD_stretch = value;
- break;
- case SM501_2D_COLOR_COMPARE_MASK:
- s->twoD_color_compare_mask = value;
- break;
- case SM501_2D_MASK:
- s->twoD_mask = value;
- break;
- case SM501_2D_WINDOW_WIDTH:
- s->twoD_window_width = value;
- break;
- case SM501_2D_SOURCE_BASE:
- s->twoD_source_base = value;
- break;
- case SM501_2D_DESTINATION_BASE:
- s->twoD_destination_base = value;
- break;
- default:
- printf("sm501 2d engine : not implemented register write."
- " addr=%x, val=%x\n", (int)addr, (unsigned)value);
- abort();
- }
-}
-
-static const MemoryRegionOps sm501_2d_engine_ops = {
- .read = sm501_2d_engine_read,
- .write = sm501_2d_engine_write,
- .valid = {
- .min_access_size = 4,
- .max_access_size = 4,
- },
- .endianness = DEVICE_NATIVE_ENDIAN,
-};
-
-/* draw line functions for all console modes */
-
-#include "pixel_ops.h"
-
-typedef void draw_line_func(uint8_t *d, const uint8_t *s,
- int width, const uint32_t *pal);
-
-typedef void draw_hwc_line_func(SM501State * s, int crt, uint8_t * palette,
- int c_y, uint8_t *d, int width);
-
-#define DEPTH 8
-#include "sm501_template.h"
-
-#define DEPTH 15
-#include "sm501_template.h"
-
-#define BGR_FORMAT
-#define DEPTH 15
-#include "sm501_template.h"
-
-#define DEPTH 16
-#include "sm501_template.h"
-
-#define BGR_FORMAT
-#define DEPTH 16
-#include "sm501_template.h"
-
-#define DEPTH 32
-#include "sm501_template.h"
-
-#define BGR_FORMAT
-#define DEPTH 32
-#include "sm501_template.h"
-
-static draw_line_func * draw_line8_funcs[] = {
- draw_line8_8,
- draw_line8_15,
- draw_line8_16,
- draw_line8_32,
- draw_line8_32bgr,
- draw_line8_15bgr,
- draw_line8_16bgr,
-};
-
-static draw_line_func * draw_line16_funcs[] = {
- draw_line16_8,
- draw_line16_15,
- draw_line16_16,
- draw_line16_32,
- draw_line16_32bgr,
- draw_line16_15bgr,
- draw_line16_16bgr,
-};
-
-static draw_line_func * draw_line32_funcs[] = {
- draw_line32_8,
- draw_line32_15,
- draw_line32_16,
- draw_line32_32,
- draw_line32_32bgr,
- draw_line32_15bgr,
- draw_line32_16bgr,
-};
-
-static draw_hwc_line_func * draw_hwc_line_funcs[] = {
- draw_hwc_line_8,
- draw_hwc_line_15,
- draw_hwc_line_16,
- draw_hwc_line_32,
- draw_hwc_line_32bgr,
- draw_hwc_line_15bgr,
- draw_hwc_line_16bgr,
-};
-
-static inline int get_depth_index(DisplayState *s)
-{
- switch(ds_get_bits_per_pixel(s)) {
- default:
- case 8:
- return 0;
- case 15:
- return 1;
- case 16:
- return 2;
- case 32:
- if (is_surface_bgr(s->surface))
- return 4;
- else
- return 3;
- }
-}
-
-static void sm501_draw_crt(SM501State * s)
-{
- int y;
- int width = (s->dc_crt_h_total & 0x00000FFF) + 1;
- int height = (s->dc_crt_v_total & 0x00000FFF) + 1;
-
- uint8_t * src = s->local_mem;
- int src_bpp = 0;
- int dst_bpp = ds_get_bytes_per_pixel(s->ds) + (ds_get_bits_per_pixel(s->ds) % 8 ? 1 : 0);
- uint32_t * palette = (uint32_t *)&s->dc_palette[SM501_DC_CRT_PALETTE
- - SM501_DC_PANEL_PALETTE];
- uint8_t hwc_palette[3 * 3];
- int ds_depth_index = get_depth_index(s->ds);
- draw_line_func * draw_line = NULL;
- draw_hwc_line_func * draw_hwc_line = NULL;
- int full_update = 0;
- int y_start = -1;
- ram_addr_t page_min = ~0l;
- ram_addr_t page_max = 0l;
- ram_addr_t offset = 0;
-
- /* choose draw_line function */
- switch (s->dc_crt_control & 3) {
- case SM501_DC_CRT_CONTROL_8BPP:
- src_bpp = 1;
- draw_line = draw_line8_funcs[ds_depth_index];
- break;
- case SM501_DC_CRT_CONTROL_16BPP:
- src_bpp = 2;
- draw_line = draw_line16_funcs[ds_depth_index];
- break;
- case SM501_DC_CRT_CONTROL_32BPP:
- src_bpp = 4;
- draw_line = draw_line32_funcs[ds_depth_index];
- break;
- default:
- printf("sm501 draw crt : invalid DC_CRT_CONTROL=%x.\n",
- s->dc_crt_control);
- abort();
- break;
- }
-
- /* set up to draw hardware cursor */
- if (is_hwc_enabled(s, 1)) {
- int i;
-
- /* get cursor palette */
- for (i = 0; i < 3; i++) {
- uint16_t rgb565 = get_hwc_color(s, 1, i + 1);
- hwc_palette[i * 3 + 0] = (rgb565 & 0xf800) >> 8; /* red */
- hwc_palette[i * 3 + 1] = (rgb565 & 0x07e0) >> 3; /* green */
- hwc_palette[i * 3 + 2] = (rgb565 & 0x001f) << 3; /* blue */
- }
-
- /* choose cursor draw line function */
- draw_hwc_line = draw_hwc_line_funcs[ds_depth_index];
- }
-
- /* adjust console size */
- if (s->last_width != width || s->last_height != height) {
- qemu_console_resize(s->ds, width, height);
- s->last_width = width;
- s->last_height = height;
- full_update = 1;
- }
-
- /* draw each line according to conditions */
- for (y = 0; y < height; y++) {
- int update_hwc = draw_hwc_line ? within_hwc_y_range(s, y, 1) : 0;
- int update = full_update || update_hwc;
- ram_addr_t page0 = offset;
- ram_addr_t page1 = offset + width * src_bpp - 1;
-
- /* check dirty flags for each line */
- update = memory_region_get_dirty(&s->local_mem_region, page0,
- page1 - page0, DIRTY_MEMORY_VGA);
-
- /* draw line and change status */
- if (update) {
- uint8_t * d = &(ds_get_data(s->ds)[y * width * dst_bpp]);
-
- /* draw graphics layer */
- draw_line(d, src, width, palette);
-
- /* draw haredware cursor */
- if (update_hwc) {
- draw_hwc_line(s, 1, hwc_palette, y - get_hwc_y(s, 1), d, width);
- }
-
- if (y_start < 0)
- y_start = y;
- if (page0 < page_min)
- page_min = page0;
- if (page1 > page_max)
- page_max = page1;
- } else {
- if (y_start >= 0) {
- /* flush to display */
- dpy_gfx_update(s->ds, 0, y_start, width, y - y_start);
- y_start = -1;
- }
- }
-
- src += width * src_bpp;
- offset += width * src_bpp;
- }
-
- /* complete flush to display */
- if (y_start >= 0)
- dpy_gfx_update(s->ds, 0, y_start, width, y - y_start);
-
- /* clear dirty flags */
- if (page_min != ~0l) {
- memory_region_reset_dirty(&s->local_mem_region,
- page_min, page_max + TARGET_PAGE_SIZE,
- DIRTY_MEMORY_VGA);
- }
-}
-
-static void sm501_update_display(void *opaque)
-{
- SM501State * s = (SM501State *)opaque;
-
- if (s->dc_crt_control & SM501_DC_CRT_CONTROL_ENABLE)
- sm501_draw_crt(s);
-}
-
-void sm501_init(MemoryRegion *address_space_mem, uint32_t base,
- uint32_t local_mem_bytes, qemu_irq irq, CharDriverState *chr)
-{
- SM501State * s;
- DeviceState *dev;
- MemoryRegion *sm501_system_config = g_new(MemoryRegion, 1);
- MemoryRegion *sm501_disp_ctrl = g_new(MemoryRegion, 1);
- MemoryRegion *sm501_2d_engine = g_new(MemoryRegion, 1);
-
- /* allocate management data region */
- s = (SM501State *)g_malloc0(sizeof(SM501State));
- s->base = base;
- s->local_mem_size_index
- = get_local_mem_size_index(local_mem_bytes);
- SM501_DPRINTF("local mem size=%x. index=%d\n", get_local_mem_size(s),
- s->local_mem_size_index);
- s->system_control = 0x00100000;
- s->misc_control = 0x00001000; /* assumes SH, active=low */
- s->dc_panel_control = 0x00010000;
- s->dc_crt_control = 0x00010000;
-
- /* allocate local memory */
- memory_region_init_ram(&s->local_mem_region, "sm501.local",
- local_mem_bytes);
- vmstate_register_ram_global(&s->local_mem_region);
- s->local_mem = memory_region_get_ram_ptr(&s->local_mem_region);
- memory_region_add_subregion(address_space_mem, base, &s->local_mem_region);
-
- /* map mmio */
- memory_region_init_io(sm501_system_config, &sm501_system_config_ops, s,
- "sm501-system-config", 0x6c);
- memory_region_add_subregion(address_space_mem, base + MMIO_BASE_OFFSET,
- sm501_system_config);
- memory_region_init_io(sm501_disp_ctrl, &sm501_disp_ctrl_ops, s,
- "sm501-disp-ctrl", 0x1000);
- memory_region_add_subregion(address_space_mem,
- base + MMIO_BASE_OFFSET + SM501_DC,
- sm501_disp_ctrl);
- memory_region_init_io(sm501_2d_engine, &sm501_2d_engine_ops, s,
- "sm501-2d-engine", 0x54);
- memory_region_add_subregion(address_space_mem,
- base + MMIO_BASE_OFFSET + SM501_2D_ENGINE,
- sm501_2d_engine);
-
- /* bridge to usb host emulation module */
- dev = qdev_create(NULL, "sysbus-ohci");
- qdev_prop_set_uint32(dev, "num-ports", 2);
- qdev_prop_set_taddr(dev, "dma-offset", base);
- qdev_init_nofail(dev);
- sysbus_mmio_map(sysbus_from_qdev(dev), 0,
- base + MMIO_BASE_OFFSET + SM501_USB_HOST);
- sysbus_connect_irq(sysbus_from_qdev(dev), 0, irq);
-
- /* bridge to serial emulation module */
- if (chr) {
- serial_mm_init(address_space_mem,
- base + MMIO_BASE_OFFSET + SM501_UART0, 2,
- NULL, /* TODO : chain irq to IRL */
- 115200, chr, DEVICE_NATIVE_ENDIAN);
- }
-
- /* create qemu graphic console */
- s->ds = graphic_console_init(sm501_update_display, NULL,
- NULL, NULL, s);
-}
diff --git a/hw/smbios.c b/hw/smbios.c
deleted file mode 100644
index c57237d27..000000000
--- a/hw/smbios.c
+++ /dev/null
@@ -1,241 +0,0 @@
-/*
- * SMBIOS Support
- *
- * Copyright (C) 2009 Hewlett-Packard Development Company, L.P.
- *
- * Authors:
- * Alex Williamson <alex.williamson@hp.com>
- *
- * This work is licensed under the terms of the GNU GPL, version 2. See
- * the COPYING file in the top-level directory.
- *
- * Contributions after 2012-01-13 are licensed under the terms of the
- * GNU GPL, version 2 or (at your option) any later version.
- */
-
-#include "sysemu.h"
-#include "smbios.h"
-#include "loader.h"
-
-/*
- * Structures shared with the BIOS
- */
-struct smbios_header {
- uint16_t length;
- uint8_t type;
-} QEMU_PACKED;
-
-struct smbios_field {
- struct smbios_header header;
- uint8_t type;
- uint16_t offset;
- uint8_t data[];
-} QEMU_PACKED;
-
-struct smbios_table {
- struct smbios_header header;
- uint8_t data[];
-} QEMU_PACKED;
-
-#define SMBIOS_FIELD_ENTRY 0
-#define SMBIOS_TABLE_ENTRY 1
-
-
-static uint8_t *smbios_entries;
-static size_t smbios_entries_len;
-static int smbios_type4_count = 0;
-
-static void smbios_validate_table(void)
-{
- if (smbios_type4_count && smbios_type4_count != smp_cpus) {
- fprintf(stderr,
- "Number of SMBIOS Type 4 tables must match cpu count.\n");
- exit(1);
- }
-}
-
-uint8_t *smbios_get_table(size_t *length)
-{
- smbios_validate_table();
- *length = smbios_entries_len;
- return smbios_entries;
-}
-
-/*
- * To avoid unresolvable overlaps in data, don't allow both
- * tables and fields for the same smbios type.
- */
-static void smbios_check_collision(int type, int entry)
-{
- uint16_t *num_entries = (uint16_t *)smbios_entries;
- struct smbios_header *header;
- char *p;
- int i;
-
- if (!num_entries)
- return;
-
- p = (char *)(num_entries + 1);
-
- for (i = 0; i < *num_entries; i++) {
- header = (struct smbios_header *)p;
- if (entry == SMBIOS_TABLE_ENTRY && header->type == SMBIOS_FIELD_ENTRY) {
- struct smbios_field *field = (void *)header;
- if (type == field->type) {
- fprintf(stderr, "SMBIOS type %d field already defined, "
- "cannot add table\n", type);
- exit(1);
- }
- } else if (entry == SMBIOS_FIELD_ENTRY &&
- header->type == SMBIOS_TABLE_ENTRY) {
- struct smbios_structure_header *table = (void *)(header + 1);
- if (type == table->type) {
- fprintf(stderr, "SMBIOS type %d table already defined, "
- "cannot add field\n", type);
- exit(1);
- }
- }
- p += le16_to_cpu(header->length);
- }
-}
-
-void smbios_add_field(int type, int offset, int len, void *data)
-{
- struct smbios_field *field;
-
- smbios_check_collision(type, SMBIOS_FIELD_ENTRY);
-
- if (!smbios_entries) {
- smbios_entries_len = sizeof(uint16_t);
- smbios_entries = g_malloc0(smbios_entries_len);
- }
- smbios_entries = g_realloc(smbios_entries, smbios_entries_len +
- sizeof(*field) + len);
- field = (struct smbios_field *)(smbios_entries + smbios_entries_len);
- field->header.type = SMBIOS_FIELD_ENTRY;
- field->header.length = cpu_to_le16(sizeof(*field) + len);
-
- field->type = type;
- field->offset = cpu_to_le16(offset);
- memcpy(field->data, data, len);
-
- smbios_entries_len += sizeof(*field) + len;
- (*(uint16_t *)smbios_entries) =
- cpu_to_le16(le16_to_cpu(*(uint16_t *)smbios_entries) + 1);
-}
-
-static void smbios_build_type_0_fields(const char *t)
-{
- char buf[1024];
-
- if (get_param_value(buf, sizeof(buf), "vendor", t))
- smbios_add_field(0, offsetof(struct smbios_type_0, vendor_str),
- strlen(buf) + 1, buf);
- if (get_param_value(buf, sizeof(buf), "version", t))
- smbios_add_field(0, offsetof(struct smbios_type_0, bios_version_str),
- strlen(buf) + 1, buf);
- if (get_param_value(buf, sizeof(buf), "date", t))
- smbios_add_field(0, offsetof(struct smbios_type_0,
- bios_release_date_str),
- strlen(buf) + 1, buf);
- if (get_param_value(buf, sizeof(buf), "release", t)) {
- int major, minor;
- sscanf(buf, "%d.%d", &major, &minor);
- smbios_add_field(0, offsetof(struct smbios_type_0,
- system_bios_major_release), 1, &major);
- smbios_add_field(0, offsetof(struct smbios_type_0,
- system_bios_minor_release), 1, &minor);
- }
-}
-
-static void smbios_build_type_1_fields(const char *t)
-{
- char buf[1024];
-
- if (get_param_value(buf, sizeof(buf), "manufacturer", t))
- smbios_add_field(1, offsetof(struct smbios_type_1, manufacturer_str),
- strlen(buf) + 1, buf);
- if (get_param_value(buf, sizeof(buf), "product", t))
- smbios_add_field(1, offsetof(struct smbios_type_1, product_name_str),
- strlen(buf) + 1, buf);
- if (get_param_value(buf, sizeof(buf), "version", t))
- smbios_add_field(1, offsetof(struct smbios_type_1, version_str),
- strlen(buf) + 1, buf);
- if (get_param_value(buf, sizeof(buf), "serial", t))
- smbios_add_field(1, offsetof(struct smbios_type_1, serial_number_str),
- strlen(buf) + 1, buf);
- if (get_param_value(buf, sizeof(buf), "uuid", t)) {
- if (qemu_uuid_parse(buf, qemu_uuid) != 0) {
- fprintf(stderr, "Invalid SMBIOS UUID string\n");
- exit(1);
- }
- }
- if (get_param_value(buf, sizeof(buf), "sku", t))
- smbios_add_field(1, offsetof(struct smbios_type_1, sku_number_str),
- strlen(buf) + 1, buf);
- if (get_param_value(buf, sizeof(buf), "family", t))
- smbios_add_field(1, offsetof(struct smbios_type_1, family_str),
- strlen(buf) + 1, buf);
-}
-
-int smbios_entry_add(const char *t)
-{
- char buf[1024];
-
- if (get_param_value(buf, sizeof(buf), "file", t)) {
- struct smbios_structure_header *header;
- struct smbios_table *table;
- int size = get_image_size(buf);
-
- if (size == -1 || size < sizeof(struct smbios_structure_header)) {
- fprintf(stderr, "Cannot read smbios file %s\n", buf);
- exit(1);
- }
-
- if (!smbios_entries) {
- smbios_entries_len = sizeof(uint16_t);
- smbios_entries = g_malloc0(smbios_entries_len);
- }
-
- smbios_entries = g_realloc(smbios_entries, smbios_entries_len +
- sizeof(*table) + size);
- table = (struct smbios_table *)(smbios_entries + smbios_entries_len);
- table->header.type = SMBIOS_TABLE_ENTRY;
- table->header.length = cpu_to_le16(sizeof(*table) + size);
-
- if (load_image(buf, table->data) != size) {
- fprintf(stderr, "Failed to load smbios file %s", buf);
- exit(1);
- }
-
- header = (struct smbios_structure_header *)(table->data);
- smbios_check_collision(header->type, SMBIOS_TABLE_ENTRY);
- if (header->type == 4) {
- smbios_type4_count++;
- }
-
- smbios_entries_len += sizeof(*table) + size;
- (*(uint16_t *)smbios_entries) =
- cpu_to_le16(le16_to_cpu(*(uint16_t *)smbios_entries) + 1);
- return 0;
- }
-
- if (get_param_value(buf, sizeof(buf), "type", t)) {
- unsigned long type = strtoul(buf, NULL, 0);
- switch (type) {
- case 0:
- smbios_build_type_0_fields(t);
- return 0;
- case 1:
- smbios_build_type_1_fields(t);
- return 0;
- default:
- fprintf(stderr, "Don't know how to build fields for SMBIOS type "
- "%ld\n", type);
- exit(1);
- }
- }
-
- fprintf(stderr, "smbios: must specify type= or file=\n");
- return -1;
-}
diff --git a/hw/smbios.h b/hw/smbios.h
deleted file mode 100644
index 94e3641f9..000000000
--- a/hw/smbios.h
+++ /dev/null
@@ -1,162 +0,0 @@
-#ifndef QEMU_SMBIOS_H
-#define QEMU_SMBIOS_H
-/*
- * SMBIOS Support
- *
- * Copyright (C) 2009 Hewlett-Packard Development Company, L.P.
- *
- * Authors:
- * Alex Williamson <alex.williamson@hp.com>
- *
- * This work is licensed under the terms of the GNU GPL, version 2. See
- * the COPYING file in the top-level directory.
- *
- */
-
-int smbios_entry_add(const char *t);
-void smbios_add_field(int type, int offset, int len, void *data);
-uint8_t *smbios_get_table(size_t *length);
-
-/*
- * SMBIOS spec defined tables
- */
-
-/* This goes at the beginning of every SMBIOS structure. */
-struct smbios_structure_header {
- uint8_t type;
- uint8_t length;
- uint16_t handle;
-} QEMU_PACKED;
-
-/* SMBIOS type 0 - BIOS Information */
-struct smbios_type_0 {
- struct smbios_structure_header header;
- uint8_t vendor_str;
- uint8_t bios_version_str;
- uint16_t bios_starting_address_segment;
- uint8_t bios_release_date_str;
- uint8_t bios_rom_size;
- uint8_t bios_characteristics[8];
- uint8_t bios_characteristics_extension_bytes[2];
- uint8_t system_bios_major_release;
- uint8_t system_bios_minor_release;
- uint8_t embedded_controller_major_release;
- uint8_t embedded_controller_minor_release;
-} QEMU_PACKED;
-
-/* SMBIOS type 1 - System Information */
-struct smbios_type_1 {
- struct smbios_structure_header header;
- uint8_t manufacturer_str;
- uint8_t product_name_str;
- uint8_t version_str;
- uint8_t serial_number_str;
- uint8_t uuid[16];
- uint8_t wake_up_type;
- uint8_t sku_number_str;
- uint8_t family_str;
-} QEMU_PACKED;
-
-/* SMBIOS type 3 - System Enclosure (v2.3) */
-struct smbios_type_3 {
- struct smbios_structure_header header;
- uint8_t manufacturer_str;
- uint8_t type;
- uint8_t version_str;
- uint8_t serial_number_str;
- uint8_t asset_tag_number_str;
- uint8_t boot_up_state;
- uint8_t power_supply_state;
- uint8_t thermal_state;
- uint8_t security_status;
- uint32_t oem_defined;
- uint8_t height;
- uint8_t number_of_power_cords;
- uint8_t contained_element_count;
- // contained elements follow
-} QEMU_PACKED;
-
-/* SMBIOS type 4 - Processor Information (v2.0) */
-struct smbios_type_4 {
- struct smbios_structure_header header;
- uint8_t socket_designation_str;
- uint8_t processor_type;
- uint8_t processor_family;
- uint8_t processor_manufacturer_str;
- uint32_t processor_id[2];
- uint8_t processor_version_str;
- uint8_t voltage;
- uint16_t external_clock;
- uint16_t max_speed;
- uint16_t current_speed;
- uint8_t status;
- uint8_t processor_upgrade;
- uint16_t l1_cache_handle;
- uint16_t l2_cache_handle;
- uint16_t l3_cache_handle;
-} QEMU_PACKED;
-
-/* SMBIOS type 16 - Physical Memory Array
- * Associated with one type 17 (Memory Device).
- */
-struct smbios_type_16 {
- struct smbios_structure_header header;
- uint8_t location;
- uint8_t use;
- uint8_t error_correction;
- uint32_t maximum_capacity;
- uint16_t memory_error_information_handle;
- uint16_t number_of_memory_devices;
-} QEMU_PACKED;
-/* SMBIOS type 17 - Memory Device
- * Associated with one type 19
- */
-struct smbios_type_17 {
- struct smbios_structure_header header;
- uint16_t physical_memory_array_handle;
- uint16_t memory_error_information_handle;
- uint16_t total_width;
- uint16_t data_width;
- uint16_t size;
- uint8_t form_factor;
- uint8_t device_set;
- uint8_t device_locator_str;
- uint8_t bank_locator_str;
- uint8_t memory_type;
- uint16_t type_detail;
-} QEMU_PACKED;
-
-/* SMBIOS type 19 - Memory Array Mapped Address */
-struct smbios_type_19 {
- struct smbios_structure_header header;
- uint32_t starting_address;
- uint32_t ending_address;
- uint16_t memory_array_handle;
- uint8_t partition_width;
-} QEMU_PACKED;
-
-/* SMBIOS type 20 - Memory Device Mapped Address */
-struct smbios_type_20 {
- struct smbios_structure_header header;
- uint32_t starting_address;
- uint32_t ending_address;
- uint16_t memory_device_handle;
- uint16_t memory_array_mapped_address_handle;
- uint8_t partition_row_position;
- uint8_t interleave_position;
- uint8_t interleaved_data_depth;
-} QEMU_PACKED;
-
-/* SMBIOS type 32 - System Boot Information */
-struct smbios_type_32 {
- struct smbios_structure_header header;
- uint8_t reserved[6];
- uint8_t boot_status;
-} QEMU_PACKED;
-
-/* SMBIOS type 127 -- End-of-table */
-struct smbios_type_127 {
- struct smbios_structure_header header;
-} QEMU_PACKED;
-
-#endif /*QEMU_SMBIOS_H */
diff --git a/hw/smbus.c b/hw/smbus.c
deleted file mode 100644
index e3cf6a2cc..000000000
--- a/hw/smbus.c
+++ /dev/null
@@ -1,335 +0,0 @@
-/*
- * QEMU SMBus device emulation.
- *
- * Copyright (c) 2007 CodeSourcery.
- * Written by Paul Brook
- *
- * This code is licensed under the LGPL.
- */
-
-/* TODO: Implement PEC. */
-
-#include "hw.h"
-#include "i2c.h"
-#include "smbus.h"
-
-//#define DEBUG_SMBUS 1
-
-#ifdef DEBUG_SMBUS
-#define DPRINTF(fmt, ...) \
-do { printf("smbus(%02x): " fmt , dev->i2c.address, ## __VA_ARGS__); } while (0)
-#define BADF(fmt, ...) \
-do { fprintf(stderr, "smbus: error: " fmt , ## __VA_ARGS__); exit(1);} while (0)
-#else
-#define DPRINTF(fmt, ...) do {} while(0)
-#define BADF(fmt, ...) \
-do { fprintf(stderr, "smbus: error: " fmt , ## __VA_ARGS__);} while (0)
-#endif
-
-enum {
- SMBUS_IDLE,
- SMBUS_WRITE_DATA,
- SMBUS_RECV_BYTE,
- SMBUS_READ_DATA,
- SMBUS_DONE,
- SMBUS_CONFUSED = -1
-};
-
-static void smbus_do_quick_cmd(SMBusDevice *dev, int recv)
-{
- SMBusDeviceClass *sc = SMBUS_DEVICE_GET_CLASS(dev);
-
- DPRINTF("Quick Command %d\n", recv);
- if (sc->quick_cmd) {
- sc->quick_cmd(dev, recv);
- }
-}
-
-static void smbus_do_write(SMBusDevice *dev)
-{
- SMBusDeviceClass *sc = SMBUS_DEVICE_GET_CLASS(dev);
-
- if (dev->data_len == 0) {
- smbus_do_quick_cmd(dev, 0);
- } else if (dev->data_len == 1) {
- DPRINTF("Send Byte\n");
- if (sc->send_byte) {
- sc->send_byte(dev, dev->data_buf[0]);
- }
- } else {
- dev->command = dev->data_buf[0];
- DPRINTF("Command %d len %d\n", dev->command, dev->data_len - 1);
- if (sc->write_data) {
- sc->write_data(dev, dev->command, dev->data_buf + 1,
- dev->data_len - 1);
- }
- }
-}
-
-static void smbus_i2c_event(I2CSlave *s, enum i2c_event event)
-{
- SMBusDevice *dev = SMBUS_DEVICE(s);
-
- switch (event) {
- case I2C_START_SEND:
- switch (dev->mode) {
- case SMBUS_IDLE:
- DPRINTF("Incoming data\n");
- dev->mode = SMBUS_WRITE_DATA;
- break;
- default:
- BADF("Unexpected send start condition in state %d\n", dev->mode);
- dev->mode = SMBUS_CONFUSED;
- break;
- }
- break;
-
- case I2C_START_RECV:
- switch (dev->mode) {
- case SMBUS_IDLE:
- DPRINTF("Read mode\n");
- dev->mode = SMBUS_RECV_BYTE;
- break;
- case SMBUS_WRITE_DATA:
- if (dev->data_len == 0) {
- BADF("Read after write with no data\n");
- dev->mode = SMBUS_CONFUSED;
- } else {
- if (dev->data_len > 1) {
- smbus_do_write(dev);
- } else {
- dev->command = dev->data_buf[0];
- DPRINTF("%02x: Command %d\n", dev->i2c.address,
- dev->command);
- }
- DPRINTF("Read mode\n");
- dev->data_len = 0;
- dev->mode = SMBUS_READ_DATA;
- }
- break;
- default:
- BADF("Unexpected recv start condition in state %d\n", dev->mode);
- dev->mode = SMBUS_CONFUSED;
- break;
- }
- break;
-
- case I2C_FINISH:
- switch (dev->mode) {
- case SMBUS_WRITE_DATA:
- smbus_do_write(dev);
- break;
- case SMBUS_RECV_BYTE:
- smbus_do_quick_cmd(dev, 1);
- break;
- case SMBUS_READ_DATA:
- BADF("Unexpected stop during receive\n");
- break;
- default:
- /* Nothing to do. */
- break;
- }
- dev->mode = SMBUS_IDLE;
- dev->data_len = 0;
- break;
-
- case I2C_NACK:
- switch (dev->mode) {
- case SMBUS_DONE:
- /* Nothing to do. */
- break;
- case SMBUS_READ_DATA:
- dev->mode = SMBUS_DONE;
- break;
- default:
- BADF("Unexpected NACK in state %d\n", dev->mode);
- dev->mode = SMBUS_CONFUSED;
- break;
- }
- }
-}
-
-static int smbus_i2c_recv(I2CSlave *s)
-{
- SMBusDevice *dev = SMBUS_DEVICE(s);
- SMBusDeviceClass *sc = SMBUS_DEVICE_GET_CLASS(dev);
- int ret;
-
- switch (dev->mode) {
- case SMBUS_RECV_BYTE:
- if (sc->receive_byte) {
- ret = sc->receive_byte(dev);
- } else {
- ret = 0;
- }
- DPRINTF("Receive Byte %02x\n", ret);
- dev->mode = SMBUS_DONE;
- break;
- case SMBUS_READ_DATA:
- if (sc->read_data) {
- ret = sc->read_data(dev, dev->command, dev->data_len);
- dev->data_len++;
- } else {
- ret = 0;
- }
- DPRINTF("Read data %02x\n", ret);
- break;
- default:
- BADF("Unexpected read in state %d\n", dev->mode);
- dev->mode = SMBUS_CONFUSED;
- ret = 0;
- break;
- }
- return ret;
-}
-
-static int smbus_i2c_send(I2CSlave *s, uint8_t data)
-{
- SMBusDevice *dev = SMBUS_DEVICE(s);
-
- switch (dev->mode) {
- case SMBUS_WRITE_DATA:
- DPRINTF("Write data %02x\n", data);
- dev->data_buf[dev->data_len++] = data;
- break;
- default:
- BADF("Unexpected write in state %d\n", dev->mode);
- break;
- }
- return 0;
-}
-
-static int smbus_device_init(I2CSlave *i2c)
-{
- SMBusDevice *dev = SMBUS_DEVICE(i2c);
- SMBusDeviceClass *sc = SMBUS_DEVICE_GET_CLASS(dev);
-
- return sc->init(dev);
-}
-
-/* Master device commands. */
-void smbus_quick_command(i2c_bus *bus, uint8_t addr, int read)
-{
- i2c_start_transfer(bus, addr, read);
- i2c_end_transfer(bus);
-}
-
-uint8_t smbus_receive_byte(i2c_bus *bus, uint8_t addr)
-{
- uint8_t data;
-
- i2c_start_transfer(bus, addr, 1);
- data = i2c_recv(bus);
- i2c_nack(bus);
- i2c_end_transfer(bus);
- return data;
-}
-
-void smbus_send_byte(i2c_bus *bus, uint8_t addr, uint8_t data)
-{
- i2c_start_transfer(bus, addr, 0);
- i2c_send(bus, data);
- i2c_end_transfer(bus);
-}
-
-uint8_t smbus_read_byte(i2c_bus *bus, uint8_t addr, uint8_t command)
-{
- uint8_t data;
- i2c_start_transfer(bus, addr, 0);
- i2c_send(bus, command);
- i2c_start_transfer(bus, addr, 1);
- data = i2c_recv(bus);
- i2c_nack(bus);
- i2c_end_transfer(bus);
- return data;
-}
-
-void smbus_write_byte(i2c_bus *bus, uint8_t addr, uint8_t command, uint8_t data)
-{
- i2c_start_transfer(bus, addr, 0);
- i2c_send(bus, command);
- i2c_send(bus, data);
- i2c_end_transfer(bus);
-}
-
-uint16_t smbus_read_word(i2c_bus *bus, uint8_t addr, uint8_t command)
-{
- uint16_t data;
- i2c_start_transfer(bus, addr, 0);
- i2c_send(bus, command);
- i2c_start_transfer(bus, addr, 1);
- data = i2c_recv(bus);
- data |= i2c_recv(bus) << 8;
- i2c_nack(bus);
- i2c_end_transfer(bus);
- return data;
-}
-
-void smbus_write_word(i2c_bus *bus, uint8_t addr, uint8_t command, uint16_t data)
-{
- i2c_start_transfer(bus, addr, 0);
- i2c_send(bus, command);
- i2c_send(bus, data & 0xff);
- i2c_send(bus, data >> 8);
- i2c_end_transfer(bus);
-}
-
-int smbus_read_block(i2c_bus *bus, uint8_t addr, uint8_t command, uint8_t *data)
-{
- int len;
- int i;
-
- i2c_start_transfer(bus, addr, 0);
- i2c_send(bus, command);
- i2c_start_transfer(bus, addr, 1);
- len = i2c_recv(bus);
- if (len > 32)
- len = 0;
- for (i = 0; i < len; i++)
- data[i] = i2c_recv(bus);
- i2c_nack(bus);
- i2c_end_transfer(bus);
- return len;
-}
-
-void smbus_write_block(i2c_bus *bus, uint8_t addr, uint8_t command, uint8_t *data,
- int len)
-{
- int i;
-
- if (len > 32)
- len = 32;
-
- i2c_start_transfer(bus, addr, 0);
- i2c_send(bus, command);
- i2c_send(bus, len);
- for (i = 0; i < len; i++)
- i2c_send(bus, data[i]);
- i2c_end_transfer(bus);
-}
-
-static void smbus_device_class_init(ObjectClass *klass, void *data)
-{
- I2CSlaveClass *sc = I2C_SLAVE_CLASS(klass);
-
- sc->init = smbus_device_init;
- sc->event = smbus_i2c_event;
- sc->recv = smbus_i2c_recv;
- sc->send = smbus_i2c_send;
-}
-
-static TypeInfo smbus_device_type_info = {
- .name = TYPE_SMBUS_DEVICE,
- .parent = TYPE_I2C_SLAVE,
- .instance_size = sizeof(SMBusDevice),
- .abstract = true,
- .class_size = sizeof(SMBusDeviceClass),
- .class_init = smbus_device_class_init,
-};
-
-static void smbus_device_register_types(void)
-{
- type_register_static(&smbus_device_type_info);
-}
-
-type_init(smbus_device_register_types)
diff --git a/hw/smbus.h b/hw/smbus.h
deleted file mode 100644
index 6ed45bd03..000000000
--- a/hw/smbus.h
+++ /dev/null
@@ -1,83 +0,0 @@
-#ifndef QEMU_SMBUS_H
-#define QEMU_SMBUS_H
-
-/*
- * QEMU SMBus API
- *
- * Copyright (c) 2007 Arastra, Inc.
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
- * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
- * THE SOFTWARE.
- */
-
-#include "i2c.h"
-
-#define TYPE_SMBUS_DEVICE "smbus-device"
-#define SMBUS_DEVICE(obj) \
- OBJECT_CHECK(SMBusDevice, (obj), TYPE_SMBUS_DEVICE)
-#define SMBUS_DEVICE_CLASS(klass) \
- OBJECT_CLASS_CHECK(SMBusDeviceClass, (klass), TYPE_SMBUS_DEVICE)
-#define SMBUS_DEVICE_GET_CLASS(obj) \
- OBJECT_GET_CLASS(SMBusDeviceClass, (obj), TYPE_SMBUS_DEVICE)
-
-typedef struct SMBusDeviceClass
-{
- I2CSlaveClass parent_class;
- int (*init)(SMBusDevice *dev);
- void (*quick_cmd)(SMBusDevice *dev, uint8_t read);
- void (*send_byte)(SMBusDevice *dev, uint8_t val);
- uint8_t (*receive_byte)(SMBusDevice *dev);
- /* We can't distinguish between a word write and a block write with
- length 1, so pass the whole data block including the length byte
- (if present). The device is responsible figuring out what type of
- command this is. */
- void (*write_data)(SMBusDevice *dev, uint8_t cmd, uint8_t *buf, int len);
- /* Likewise we can't distinguish between different reads, or even know
- the length of the read until the read is complete, so read data a
- byte at a time. The device is responsible for adding the length
- byte on block reads. */
- uint8_t (*read_data)(SMBusDevice *dev, uint8_t cmd, int n);
-} SMBusDeviceClass;
-
-struct SMBusDevice {
- /* The SMBus protocol is implemented on top of I2C. */
- I2CSlave i2c;
-
- /* Remaining fields for internal use only. */
- int mode;
- int data_len;
- uint8_t data_buf[34]; /* command + len + 32 bytes of data. */
- uint8_t command;
-};
-
-/* Master device commands. */
-void smbus_quick_command(i2c_bus *bus, uint8_t addr, int read);
-uint8_t smbus_receive_byte(i2c_bus *bus, uint8_t addr);
-void smbus_send_byte(i2c_bus *bus, uint8_t addr, uint8_t data);
-uint8_t smbus_read_byte(i2c_bus *bus, uint8_t addr, uint8_t command);
-void smbus_write_byte(i2c_bus *bus, uint8_t addr, uint8_t command, uint8_t data);
-uint16_t smbus_read_word(i2c_bus *bus, uint8_t addr, uint8_t command);
-void smbus_write_word(i2c_bus *bus, uint8_t addr, uint8_t command, uint16_t data);
-int smbus_read_block(i2c_bus *bus, uint8_t addr, uint8_t command, uint8_t *data);
-void smbus_write_block(i2c_bus *bus, uint8_t addr, uint8_t command, uint8_t *data,
- int len);
-
-void smbus_eeprom_init(i2c_bus *smbus, int nb_eeprom,
- const uint8_t *eeprom_spd, int size);
-
-#endif
diff --git a/hw/smbus_eeprom.c b/hw/smbus_eeprom.c
deleted file mode 100644
index 11adab01b..000000000
--- a/hw/smbus_eeprom.c
+++ /dev/null
@@ -1,156 +0,0 @@
-/*
- * QEMU SMBus EEPROM device
- *
- * Copyright (c) 2007 Arastra, Inc.
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
- * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
- * THE SOFTWARE.
- */
-
-#include "hw.h"
-#include "i2c.h"
-#include "smbus.h"
-
-//#define DEBUG
-
-typedef struct SMBusEEPROMDevice {
- SMBusDevice smbusdev;
- void *data;
- uint8_t offset;
-} SMBusEEPROMDevice;
-
-static void eeprom_quick_cmd(SMBusDevice *dev, uint8_t read)
-{
-#ifdef DEBUG
- printf("eeprom_quick_cmd: addr=0x%02x read=%d\n", dev->i2c.address, read);
-#endif
-}
-
-static void eeprom_send_byte(SMBusDevice *dev, uint8_t val)
-{
- SMBusEEPROMDevice *eeprom = (SMBusEEPROMDevice *) dev;
-#ifdef DEBUG
- printf("eeprom_send_byte: addr=0x%02x val=0x%02x\n",
- dev->i2c.address, val);
-#endif
- eeprom->offset = val;
-}
-
-static uint8_t eeprom_receive_byte(SMBusDevice *dev)
-{
- SMBusEEPROMDevice *eeprom = (SMBusEEPROMDevice *) dev;
- uint8_t *data = eeprom->data;
- uint8_t val = data[eeprom->offset++];
-#ifdef DEBUG
- printf("eeprom_receive_byte: addr=0x%02x val=0x%02x\n",
- dev->i2c.address, val);
-#endif
- return val;
-}
-
-static void eeprom_write_data(SMBusDevice *dev, uint8_t cmd, uint8_t *buf, int len)
-{
- SMBusEEPROMDevice *eeprom = (SMBusEEPROMDevice *) dev;
- int n;
-#ifdef DEBUG
- printf("eeprom_write_byte: addr=0x%02x cmd=0x%02x val=0x%02x\n",
- dev->i2c.address, cmd, buf[0]);
-#endif
- /* An page write operation is not a valid SMBus command.
- It is a block write without a length byte. Fortunately we
- get the full block anyway. */
- /* TODO: Should this set the current location? */
- if (cmd + len > 256)
- n = 256 - cmd;
- else
- n = len;
- memcpy(eeprom->data + cmd, buf, n);
- len -= n;
- if (len)
- memcpy(eeprom->data, buf + n, len);
-}
-
-static uint8_t eeprom_read_data(SMBusDevice *dev, uint8_t cmd, int n)
-{
- SMBusEEPROMDevice *eeprom = (SMBusEEPROMDevice *) dev;
- /* If this is the first byte then set the current position. */
- if (n == 0)
- eeprom->offset = cmd;
- /* As with writes, we implement block reads without the
- SMBus length byte. */
- return eeprom_receive_byte(dev);
-}
-
-static int smbus_eeprom_initfn(SMBusDevice *dev)
-{
- SMBusEEPROMDevice *eeprom = (SMBusEEPROMDevice *)dev;
-
- eeprom->offset = 0;
- return 0;
-}
-
-static Property smbus_eeprom_properties[] = {
- DEFINE_PROP_PTR("data", SMBusEEPROMDevice, data),
- DEFINE_PROP_END_OF_LIST(),
-};
-
-static void smbus_eeprom_class_initfn(ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS(klass);
- SMBusDeviceClass *sc = SMBUS_DEVICE_CLASS(klass);
-
- sc->init = smbus_eeprom_initfn;
- sc->quick_cmd = eeprom_quick_cmd;
- sc->send_byte = eeprom_send_byte;
- sc->receive_byte = eeprom_receive_byte;
- sc->write_data = eeprom_write_data;
- sc->read_data = eeprom_read_data;
- dc->props = smbus_eeprom_properties;
-}
-
-static TypeInfo smbus_eeprom_info = {
- .name = "smbus-eeprom",
- .parent = TYPE_SMBUS_DEVICE,
- .instance_size = sizeof(SMBusEEPROMDevice),
- .class_init = smbus_eeprom_class_initfn,
-};
-
-static void smbus_eeprom_register_types(void)
-{
- type_register_static(&smbus_eeprom_info);
-}
-
-type_init(smbus_eeprom_register_types)
-
-void smbus_eeprom_init(i2c_bus *smbus, int nb_eeprom,
- const uint8_t *eeprom_spd, int eeprom_spd_size)
-{
- int i;
- uint8_t *eeprom_buf = g_malloc0(8 * 256); /* XXX: make this persistent */
- if (eeprom_spd_size > 0) {
- memcpy(eeprom_buf, eeprom_spd, eeprom_spd_size);
- }
-
- for (i = 0; i < nb_eeprom; i++) {
- DeviceState *eeprom;
- eeprom = qdev_create((BusState *)smbus, "smbus-eeprom");
- qdev_prop_set_uint8(eeprom, "address", 0x50 + i);
- qdev_prop_set_ptr(eeprom, "data", eeprom_buf + (i * 256));
- qdev_init_nofail(eeprom);
- }
-}
diff --git a/hw/smbus_ich9.c b/hw/smbus_ich9.c
deleted file mode 100644
index 6940583bb..000000000
--- a/hw/smbus_ich9.c
+++ /dev/null
@@ -1,159 +0,0 @@
-/*
- * ACPI implementation
- *
- * Copyright (c) 2006 Fabrice Bellard
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License version 2 as published by the Free Software Foundation.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, see <http://www.gnu.org/licenses/>
- */
-/*
- * Copyright (c) 2009 Isaku Yamahata <yamahata at valinux co jp>
- * VA Linux Systems Japan K.K.
- * Copyright (C) 2012 Jason Baron <jbaron@redhat.com>
- *
- * This is based on acpi.c, but heavily rewritten.
- */
-#include "hw.h"
-#include "pc.h"
-#include "pm_smbus.h"
-#include "pci.h"
-#include "sysemu.h"
-#include "i2c.h"
-#include "smbus.h"
-
-#include "ich9.h"
-
-#define TYPE_ICH9_SMB_DEVICE "ICH9 SMB"
-#define ICH9_SMB_DEVICE(obj) \
- OBJECT_CHECK(ICH9SMBState, (obj), TYPE_ICH9_SMB_DEVICE)
-
-typedef struct ICH9SMBState {
- PCIDevice dev;
-
- PMSMBus smb;
- MemoryRegion mem_bar;
-} ICH9SMBState;
-
-static const VMStateDescription vmstate_ich9_smbus = {
- .name = "ich9_smb",
- .version_id = 1,
- .minimum_version_id = 1,
- .minimum_version_id_old = 1,
- .fields = (VMStateField[]) {
- VMSTATE_PCI_DEVICE(dev, struct ICH9SMBState),
- VMSTATE_END_OF_LIST()
- }
-};
-
-static void ich9_smb_ioport_writeb(void *opaque, hwaddr addr,
- uint64_t val, unsigned size)
-{
- ICH9SMBState *s = opaque;
- uint8_t hostc = s->dev.config[ICH9_SMB_HOSTC];
-
- if ((hostc & ICH9_SMB_HOSTC_HST_EN) && !(hostc & ICH9_SMB_HOSTC_I2C_EN)) {
- uint64_t offset = addr - s->dev.io_regions[ICH9_SMB_SMB_BASE_BAR].addr;
- smb_ioport_writeb(&s->smb, offset, val);
- }
-}
-
-static uint64_t ich9_smb_ioport_readb(void *opaque, hwaddr addr,
- unsigned size)
-{
- ICH9SMBState *s = opaque;
- uint8_t hostc = s->dev.config[ICH9_SMB_HOSTC];
-
- if ((hostc & ICH9_SMB_HOSTC_HST_EN) && !(hostc & ICH9_SMB_HOSTC_I2C_EN)) {
- uint64_t offset = addr - s->dev.io_regions[ICH9_SMB_SMB_BASE_BAR].addr;
- return smb_ioport_readb(&s->smb, offset);
- }
-
- return 0xff;
-}
-
-static const MemoryRegionOps lpc_smb_mmio_ops = {
- .read = ich9_smb_ioport_readb,
- .write = ich9_smb_ioport_writeb,
- .endianness = DEVICE_LITTLE_ENDIAN,
- .impl = {
- .min_access_size = 1,
- .max_access_size = 1,
- },
-};
-
-static int ich9_smbus_initfn(PCIDevice *d)
-{
- ICH9SMBState *s = ICH9_SMB_DEVICE(d);
-
- /* TODO? D31IP.SMIP in chipset configuration space */
- pci_config_set_interrupt_pin(d->config, 0x01); /* interrupt pin 1 */
-
- pci_set_byte(d->config + ICH9_SMB_HOSTC, 0);
-
- /*
- * update parameters based on
- * paralell_hds[0]
- * serial_hds[0]
- * serial_hds[0]
- * fdc
- *
- * Is there any OS that depends on them?
- */
-
- /* TODO smb_io_base */
- pci_set_byte(d->config + ICH9_SMB_HOSTC, 0);
- /* TODO bar0, bar1: 64bit BAR support*/
-
- memory_region_init_io(&s->mem_bar, &lpc_smb_mmio_ops, s, "ich9-smbus-bar",
- ICH9_SMB_SMB_BASE_SIZE);
- pci_register_bar(d, ICH9_SMB_SMB_BASE_BAR, PCI_BASE_ADDRESS_SPACE_IO,
- &s->mem_bar);
- pm_smbus_init(&d->qdev, &s->smb);
- return 0;
-}
-
-static void ich9_smb_class_init(ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS(klass);
- PCIDeviceClass *k = PCI_DEVICE_CLASS(klass);
-
- k->vendor_id = PCI_VENDOR_ID_INTEL;
- k->device_id = PCI_DEVICE_ID_INTEL_ICH9_6;
- k->revision = ICH9_A2_SMB_REVISION;
- k->class_id = PCI_CLASS_SERIAL_SMBUS;
- dc->no_user = 1;
- dc->vmsd = &vmstate_ich9_smbus;
- dc->desc = "ICH9 SMBUS Bridge";
- k->init = ich9_smbus_initfn;
-}
-
-i2c_bus *ich9_smb_init(PCIBus *bus, int devfn, uint32_t smb_io_base)
-{
- PCIDevice *d =
- pci_create_simple_multifunction(bus, devfn, true, TYPE_ICH9_SMB_DEVICE);
- ICH9SMBState *s = ICH9_SMB_DEVICE(d);
- return s->smb.smbus;
-}
-
-static const TypeInfo ich9_smb_info = {
- .name = TYPE_ICH9_SMB_DEVICE,
- .parent = TYPE_PCI_DEVICE,
- .instance_size = sizeof(ICH9SMBState),
- .class_init = ich9_smb_class_init,
-};
-
-static void ich9_smb_register(void)
-{
- type_register_static(&ich9_smb_info);
-}
-
-type_init(ich9_smb_register);
diff --git a/hw/smc91c111.c b/hw/smc91c111.c
deleted file mode 100644
index 4ceed01a1..000000000
--- a/hw/smc91c111.c
+++ /dev/null
@@ -1,805 +0,0 @@
-/*
- * SMSC 91C111 Ethernet interface emulation
- *
- * Copyright (c) 2005 CodeSourcery, LLC.
- * Written by Paul Brook
- *
- * This code is licensed under the GPL
- */
-
-#include "sysbus.h"
-#include "net.h"
-#include "devices.h"
-/* For crc32 */
-#include <zlib.h>
-
-/* Number of 2k memory pages available. */
-#define NUM_PACKETS 4
-
-typedef struct {
- SysBusDevice busdev;
- NICState *nic;
- NICConf conf;
- uint16_t tcr;
- uint16_t rcr;
- uint16_t cr;
- uint16_t ctr;
- uint16_t gpr;
- uint16_t ptr;
- uint16_t ercv;
- qemu_irq irq;
- int bank;
- int packet_num;
- int tx_alloc;
- /* Bitmask of allocated packets. */
- int allocated;
- int tx_fifo_len;
- int tx_fifo[NUM_PACKETS];
- int rx_fifo_len;
- int rx_fifo[NUM_PACKETS];
- int tx_fifo_done_len;
- int tx_fifo_done[NUM_PACKETS];
- /* Packet buffer memory. */
- uint8_t data[NUM_PACKETS][2048];
- uint8_t int_level;
- uint8_t int_mask;
- MemoryRegion mmio;
-} smc91c111_state;
-
-static const VMStateDescription vmstate_smc91c111 = {
- .name = "smc91c111",
- .version_id = 1,
- .minimum_version_id = 1,
- .fields = (VMStateField []) {
- VMSTATE_UINT16(tcr, smc91c111_state),
- VMSTATE_UINT16(rcr, smc91c111_state),
- VMSTATE_UINT16(cr, smc91c111_state),
- VMSTATE_UINT16(ctr, smc91c111_state),
- VMSTATE_UINT16(gpr, smc91c111_state),
- VMSTATE_UINT16(ptr, smc91c111_state),
- VMSTATE_UINT16(ercv, smc91c111_state),
- VMSTATE_INT32(bank, smc91c111_state),
- VMSTATE_INT32(packet_num, smc91c111_state),
- VMSTATE_INT32(tx_alloc, smc91c111_state),
- VMSTATE_INT32(allocated, smc91c111_state),
- VMSTATE_INT32(tx_fifo_len, smc91c111_state),
- VMSTATE_INT32_ARRAY(tx_fifo, smc91c111_state, NUM_PACKETS),
- VMSTATE_INT32(rx_fifo_len, smc91c111_state),
- VMSTATE_INT32_ARRAY(rx_fifo, smc91c111_state, NUM_PACKETS),
- VMSTATE_INT32(tx_fifo_done_len, smc91c111_state),
- VMSTATE_INT32_ARRAY(tx_fifo_done, smc91c111_state, NUM_PACKETS),
- VMSTATE_BUFFER_UNSAFE(data, smc91c111_state, 0, NUM_PACKETS * 2048),
- VMSTATE_UINT8(int_level, smc91c111_state),
- VMSTATE_UINT8(int_mask, smc91c111_state),
- VMSTATE_END_OF_LIST()
- }
-};
-
-#define RCR_SOFT_RST 0x8000
-#define RCR_STRIP_CRC 0x0200
-#define RCR_RXEN 0x0100
-
-#define TCR_EPH_LOOP 0x2000
-#define TCR_NOCRC 0x0100
-#define TCR_PAD_EN 0x0080
-#define TCR_FORCOL 0x0004
-#define TCR_LOOP 0x0002
-#define TCR_TXEN 0x0001
-
-#define INT_MD 0x80
-#define INT_ERCV 0x40
-#define INT_EPH 0x20
-#define INT_RX_OVRN 0x10
-#define INT_ALLOC 0x08
-#define INT_TX_EMPTY 0x04
-#define INT_TX 0x02
-#define INT_RCV 0x01
-
-#define CTR_AUTO_RELEASE 0x0800
-#define CTR_RELOAD 0x0002
-#define CTR_STORE 0x0001
-
-#define RS_ALGNERR 0x8000
-#define RS_BRODCAST 0x4000
-#define RS_BADCRC 0x2000
-#define RS_ODDFRAME 0x1000
-#define RS_TOOLONG 0x0800
-#define RS_TOOSHORT 0x0400
-#define RS_MULTICAST 0x0001
-
-/* Update interrupt status. */
-static void smc91c111_update(smc91c111_state *s)
-{
- int level;
-
- if (s->tx_fifo_len == 0)
- s->int_level |= INT_TX_EMPTY;
- if (s->tx_fifo_done_len != 0)
- s->int_level |= INT_TX;
- level = (s->int_level & s->int_mask) != 0;
- qemu_set_irq(s->irq, level);
-}
-
-/* Try to allocate a packet. Returns 0x80 on failure. */
-static int smc91c111_allocate_packet(smc91c111_state *s)
-{
- int i;
- if (s->allocated == (1 << NUM_PACKETS) - 1) {
- return 0x80;
- }
-
- for (i = 0; i < NUM_PACKETS; i++) {
- if ((s->allocated & (1 << i)) == 0)
- break;
- }
- s->allocated |= 1 << i;
- return i;
-}
-
-
-/* Process a pending TX allocate. */
-static void smc91c111_tx_alloc(smc91c111_state *s)
-{
- s->tx_alloc = smc91c111_allocate_packet(s);
- if (s->tx_alloc == 0x80)
- return;
- s->int_level |= INT_ALLOC;
- smc91c111_update(s);
-}
-
-/* Remove and item from the RX FIFO. */
-static void smc91c111_pop_rx_fifo(smc91c111_state *s)
-{
- int i;
-
- s->rx_fifo_len--;
- if (s->rx_fifo_len) {
- for (i = 0; i < s->rx_fifo_len; i++)
- s->rx_fifo[i] = s->rx_fifo[i + 1];
- s->int_level |= INT_RCV;
- } else {
- s->int_level &= ~INT_RCV;
- }
- smc91c111_update(s);
-}
-
-/* Remove an item from the TX completion FIFO. */
-static void smc91c111_pop_tx_fifo_done(smc91c111_state *s)
-{
- int i;
-
- if (s->tx_fifo_done_len == 0)
- return;
- s->tx_fifo_done_len--;
- for (i = 0; i < s->tx_fifo_done_len; i++)
- s->tx_fifo_done[i] = s->tx_fifo_done[i + 1];
-}
-
-/* Release the memory allocated to a packet. */
-static void smc91c111_release_packet(smc91c111_state *s, int packet)
-{
- s->allocated &= ~(1 << packet);
- if (s->tx_alloc == 0x80)
- smc91c111_tx_alloc(s);
-}
-
-/* Flush the TX FIFO. */
-static void smc91c111_do_tx(smc91c111_state *s)
-{
- int i;
- int len;
- int control;
- int packetnum;
- uint8_t *p;
-
- if ((s->tcr & TCR_TXEN) == 0)
- return;
- if (s->tx_fifo_len == 0)
- return;
- for (i = 0; i < s->tx_fifo_len; i++) {
- packetnum = s->tx_fifo[i];
- p = &s->data[packetnum][0];
- /* Set status word. */
- *(p++) = 0x01;
- *(p++) = 0x40;
- len = *(p++);
- len |= ((int)*(p++)) << 8;
- len -= 6;
- control = p[len + 1];
- if (control & 0x20)
- len++;
- /* ??? This overwrites the data following the buffer.
- Don't know what real hardware does. */
- if (len < 64 && (s->tcr & TCR_PAD_EN)) {
- memset(p + len, 0, 64 - len);
- len = 64;
- }
-#if 0
- {
- int add_crc;
-
- /* The card is supposed to append the CRC to the frame.
- However none of the other network traffic has the CRC
- appended. Suspect this is low level ethernet detail we
- don't need to worry about. */
- add_crc = (control & 0x10) || (s->tcr & TCR_NOCRC) == 0;
- if (add_crc) {
- uint32_t crc;
-
- crc = crc32(~0, p, len);
- memcpy(p + len, &crc, 4);
- len += 4;
- }
- }
-#endif
- if (s->ctr & CTR_AUTO_RELEASE)
- /* Race? */
- smc91c111_release_packet(s, packetnum);
- else if (s->tx_fifo_done_len < NUM_PACKETS)
- s->tx_fifo_done[s->tx_fifo_done_len++] = packetnum;
- qemu_send_packet(&s->nic->nc, p, len);
- }
- s->tx_fifo_len = 0;
- smc91c111_update(s);
-}
-
-/* Add a packet to the TX FIFO. */
-static void smc91c111_queue_tx(smc91c111_state *s, int packet)
-{
- if (s->tx_fifo_len == NUM_PACKETS)
- return;
- s->tx_fifo[s->tx_fifo_len++] = packet;
- smc91c111_do_tx(s);
-}
-
-static void smc91c111_reset(DeviceState *dev)
-{
- smc91c111_state *s = FROM_SYSBUS(smc91c111_state, sysbus_from_qdev(dev));
- s->bank = 0;
- s->tx_fifo_len = 0;
- s->tx_fifo_done_len = 0;
- s->rx_fifo_len = 0;
- s->allocated = 0;
- s->packet_num = 0;
- s->tx_alloc = 0;
- s->tcr = 0;
- s->rcr = 0;
- s->cr = 0xa0b1;
- s->ctr = 0x1210;
- s->ptr = 0;
- s->ercv = 0x1f;
- s->int_level = INT_TX_EMPTY;
- s->int_mask = 0;
- smc91c111_update(s);
-}
-
-#define SET_LOW(name, val) s->name = (s->name & 0xff00) | val
-#define SET_HIGH(name, val) s->name = (s->name & 0xff) | (val << 8)
-
-static void smc91c111_writeb(void *opaque, hwaddr offset,
- uint32_t value)
-{
- smc91c111_state *s = (smc91c111_state *)opaque;
-
- offset = offset & 0xf;
- if (offset == 14) {
- s->bank = value;
- return;
- }
- if (offset == 15)
- return;
- switch (s->bank) {
- case 0:
- switch (offset) {
- case 0: /* TCR */
- SET_LOW(tcr, value);
- return;
- case 1:
- SET_HIGH(tcr, value);
- return;
- case 4: /* RCR */
- SET_LOW(rcr, value);
- return;
- case 5:
- SET_HIGH(rcr, value);
- if (s->rcr & RCR_SOFT_RST)
- smc91c111_reset(&s->busdev.qdev);
- return;
- case 10: case 11: /* RPCR */
- /* Ignored */
- return;
- case 12: case 13: /* Reserved */
- return;
- }
- break;
-
- case 1:
- switch (offset) {
- case 0: /* CONFIG */
- SET_LOW(cr, value);
- return;
- case 1:
- SET_HIGH(cr,value);
- return;
- case 2: case 3: /* BASE */
- case 4: case 5: case 6: case 7: case 8: case 9: /* IA */
- /* Not implemented. */
- return;
- case 10: /* Genral Purpose */
- SET_LOW(gpr, value);
- return;
- case 11:
- SET_HIGH(gpr, value);
- return;
- case 12: /* Control */
- if (value & 1)
- fprintf(stderr, "smc91c111:EEPROM store not implemented\n");
- if (value & 2)
- fprintf(stderr, "smc91c111:EEPROM reload not implemented\n");
- value &= ~3;
- SET_LOW(ctr, value);
- return;
- case 13:
- SET_HIGH(ctr, value);
- return;
- }
- break;
-
- case 2:
- switch (offset) {
- case 0: /* MMU Command */
- switch (value >> 5) {
- case 0: /* no-op */
- break;
- case 1: /* Allocate for TX. */
- s->tx_alloc = 0x80;
- s->int_level &= ~INT_ALLOC;
- smc91c111_update(s);
- smc91c111_tx_alloc(s);
- break;
- case 2: /* Reset MMU. */
- s->allocated = 0;
- s->tx_fifo_len = 0;
- s->tx_fifo_done_len = 0;
- s->rx_fifo_len = 0;
- s->tx_alloc = 0;
- break;
- case 3: /* Remove from RX FIFO. */
- smc91c111_pop_rx_fifo(s);
- break;
- case 4: /* Remove from RX FIFO and release. */
- if (s->rx_fifo_len > 0) {
- smc91c111_release_packet(s, s->rx_fifo[0]);
- }
- smc91c111_pop_rx_fifo(s);
- break;
- case 5: /* Release. */
- smc91c111_release_packet(s, s->packet_num);
- break;
- case 6: /* Add to TX FIFO. */
- smc91c111_queue_tx(s, s->packet_num);
- break;
- case 7: /* Reset TX FIFO. */
- s->tx_fifo_len = 0;
- s->tx_fifo_done_len = 0;
- break;
- }
- return;
- case 1:
- /* Ignore. */
- return;
- case 2: /* Packet Number Register */
- s->packet_num = value;
- return;
- case 3: case 4: case 5:
- /* Should be readonly, but linux writes to them anyway. Ignore. */
- return;
- case 6: /* Pointer */
- SET_LOW(ptr, value);
- return;
- case 7:
- SET_HIGH(ptr, value);
- return;
- case 8: case 9: case 10: case 11: /* Data */
- {
- int p;
- int n;
-
- if (s->ptr & 0x8000)
- n = s->rx_fifo[0];
- else
- n = s->packet_num;
- p = s->ptr & 0x07ff;
- if (s->ptr & 0x4000) {
- s->ptr = (s->ptr & 0xf800) | ((s->ptr + 1) & 0x7ff);
- } else {
- p += (offset & 3);
- }
- s->data[n][p] = value;
- }
- return;
- case 12: /* Interrupt ACK. */
- s->int_level &= ~(value & 0xd6);
- if (value & INT_TX)
- smc91c111_pop_tx_fifo_done(s);
- smc91c111_update(s);
- return;
- case 13: /* Interrupt mask. */
- s->int_mask = value;
- smc91c111_update(s);
- return;
- }
- break;
-
- case 3:
- switch (offset) {
- case 0: case 1: case 2: case 3: case 4: case 5: case 6: case 7:
- /* Multicast table. */
- /* Not implemented. */
- return;
- case 8: case 9: /* Management Interface. */
- /* Not implemented. */
- return;
- case 12: /* Early receive. */
- s->ercv = value & 0x1f;
- case 13:
- /* Ignore. */
- return;
- }
- break;
- }
- hw_error("smc91c111_write: Bad reg %d:%x\n", s->bank, (int)offset);
-}
-
-static uint32_t smc91c111_readb(void *opaque, hwaddr offset)
-{
- smc91c111_state *s = (smc91c111_state *)opaque;
-
- offset = offset & 0xf;
- if (offset == 14) {
- return s->bank;
- }
- if (offset == 15)
- return 0x33;
- switch (s->bank) {
- case 0:
- switch (offset) {
- case 0: /* TCR */
- return s->tcr & 0xff;
- case 1:
- return s->tcr >> 8;
- case 2: /* EPH Status */
- return 0;
- case 3:
- return 0x40;
- case 4: /* RCR */
- return s->rcr & 0xff;
- case 5:
- return s->rcr >> 8;
- case 6: /* Counter */
- case 7:
- /* Not implemented. */
- return 0;
- case 8: /* Memory size. */
- return NUM_PACKETS;
- case 9: /* Free memory available. */
- {
- int i;
- int n;
- n = 0;
- for (i = 0; i < NUM_PACKETS; i++) {
- if (s->allocated & (1 << i))
- n++;
- }
- return n;
- }
- case 10: case 11: /* RPCR */
- /* Not implemented. */
- return 0;
- case 12: case 13: /* Reserved */
- return 0;
- }
- break;
-
- case 1:
- switch (offset) {
- case 0: /* CONFIG */
- return s->cr & 0xff;
- case 1:
- return s->cr >> 8;
- case 2: case 3: /* BASE */
- /* Not implemented. */
- return 0;
- case 4: case 5: case 6: case 7: case 8: case 9: /* IA */
- return s->conf.macaddr.a[offset - 4];
- case 10: /* General Purpose */
- return s->gpr & 0xff;
- case 11:
- return s->gpr >> 8;
- case 12: /* Control */
- return s->ctr & 0xff;
- case 13:
- return s->ctr >> 8;
- }
- break;
-
- case 2:
- switch (offset) {
- case 0: case 1: /* MMUCR Busy bit. */
- return 0;
- case 2: /* Packet Number. */
- return s->packet_num;
- case 3: /* Allocation Result. */
- return s->tx_alloc;
- case 4: /* TX FIFO */
- if (s->tx_fifo_done_len == 0)
- return 0x80;
- else
- return s->tx_fifo_done[0];
- case 5: /* RX FIFO */
- if (s->rx_fifo_len == 0)
- return 0x80;
- else
- return s->rx_fifo[0];
- case 6: /* Pointer */
- return s->ptr & 0xff;
- case 7:
- return (s->ptr >> 8) & 0xf7;
- case 8: case 9: case 10: case 11: /* Data */
- {
- int p;
- int n;
-
- if (s->ptr & 0x8000)
- n = s->rx_fifo[0];
- else
- n = s->packet_num;
- p = s->ptr & 0x07ff;
- if (s->ptr & 0x4000) {
- s->ptr = (s->ptr & 0xf800) | ((s->ptr + 1) & 0x07ff);
- } else {
- p += (offset & 3);
- }
- return s->data[n][p];
- }
- case 12: /* Interrupt status. */
- return s->int_level;
- case 13: /* Interrupt mask. */
- return s->int_mask;
- }
- break;
-
- case 3:
- switch (offset) {
- case 0: case 1: case 2: case 3: case 4: case 5: case 6: case 7:
- /* Multicast table. */
- /* Not implemented. */
- return 0;
- case 8: /* Management Interface. */
- /* Not implemented. */
- return 0x30;
- case 9:
- return 0x33;
- case 10: /* Revision. */
- return 0x91;
- case 11:
- return 0x33;
- case 12:
- return s->ercv;
- case 13:
- return 0;
- }
- break;
- }
- hw_error("smc91c111_read: Bad reg %d:%x\n", s->bank, (int)offset);
- return 0;
-}
-
-static void smc91c111_writew(void *opaque, hwaddr offset,
- uint32_t value)
-{
- smc91c111_writeb(opaque, offset, value & 0xff);
- smc91c111_writeb(opaque, offset + 1, value >> 8);
-}
-
-static void smc91c111_writel(void *opaque, hwaddr offset,
- uint32_t value)
-{
- /* 32-bit writes to offset 0xc only actually write to the bank select
- register (offset 0xe) */
- if (offset != 0xc)
- smc91c111_writew(opaque, offset, value & 0xffff);
- smc91c111_writew(opaque, offset + 2, value >> 16);
-}
-
-static uint32_t smc91c111_readw(void *opaque, hwaddr offset)
-{
- uint32_t val;
- val = smc91c111_readb(opaque, offset);
- val |= smc91c111_readb(opaque, offset + 1) << 8;
- return val;
-}
-
-static uint32_t smc91c111_readl(void *opaque, hwaddr offset)
-{
- uint32_t val;
- val = smc91c111_readw(opaque, offset);
- val |= smc91c111_readw(opaque, offset + 2) << 16;
- return val;
-}
-
-static int smc91c111_can_receive(NetClientState *nc)
-{
- smc91c111_state *s = DO_UPCAST(NICState, nc, nc)->opaque;
-
- if ((s->rcr & RCR_RXEN) == 0 || (s->rcr & RCR_SOFT_RST))
- return 1;
- if (s->allocated == (1 << NUM_PACKETS) - 1)
- return 0;
- return 1;
-}
-
-static ssize_t smc91c111_receive(NetClientState *nc, const uint8_t *buf, size_t size)
-{
- smc91c111_state *s = DO_UPCAST(NICState, nc, nc)->opaque;
- int status;
- int packetsize;
- uint32_t crc;
- int packetnum;
- uint8_t *p;
-
- if ((s->rcr & RCR_RXEN) == 0 || (s->rcr & RCR_SOFT_RST))
- return -1;
- /* Short packets are padded with zeros. Receiving a packet
- < 64 bytes long is considered an error condition. */
- if (size < 64)
- packetsize = 64;
- else
- packetsize = (size & ~1);
- packetsize += 6;
- crc = (s->rcr & RCR_STRIP_CRC) == 0;
- if (crc)
- packetsize += 4;
- /* TODO: Flag overrun and receive errors. */
- if (packetsize > 2048)
- return -1;
- packetnum = smc91c111_allocate_packet(s);
- if (packetnum == 0x80)
- return -1;
- s->rx_fifo[s->rx_fifo_len++] = packetnum;
-
- p = &s->data[packetnum][0];
- /* ??? Multicast packets? */
- status = 0;
- if (size > 1518)
- status |= RS_TOOLONG;
- if (size & 1)
- status |= RS_ODDFRAME;
- *(p++) = status & 0xff;
- *(p++) = status >> 8;
- *(p++) = packetsize & 0xff;
- *(p++) = packetsize >> 8;
- memcpy(p, buf, size & ~1);
- p += (size & ~1);
- /* Pad short packets. */
- if (size < 64) {
- int pad;
-
- if (size & 1)
- *(p++) = buf[size - 1];
- pad = 64 - size;
- memset(p, 0, pad);
- p += pad;
- size = 64;
- }
- /* It's not clear if the CRC should go before or after the last byte in
- odd sized packets. Linux disables the CRC, so that's no help.
- The pictures in the documentation show the CRC aligned on a 16-bit
- boundary before the last odd byte, so that's what we do. */
- if (crc) {
- crc = crc32(~0, buf, size);
- *(p++) = crc & 0xff; crc >>= 8;
- *(p++) = crc & 0xff; crc >>= 8;
- *(p++) = crc & 0xff; crc >>= 8;
- *(p++) = crc & 0xff;
- }
- if (size & 1) {
- *(p++) = buf[size - 1];
- *p = 0x60;
- } else {
- *(p++) = 0;
- *p = 0x40;
- }
- /* TODO: Raise early RX interrupt? */
- s->int_level |= INT_RCV;
- smc91c111_update(s);
-
- return size;
-}
-
-static const MemoryRegionOps smc91c111_mem_ops = {
- /* The special case for 32 bit writes to 0xc means we can't just
- * set .impl.min/max_access_size to 1, unfortunately
- */
- .old_mmio = {
- .read = { smc91c111_readb, smc91c111_readw, smc91c111_readl, },
- .write = { smc91c111_writeb, smc91c111_writew, smc91c111_writel, },
- },
- .endianness = DEVICE_NATIVE_ENDIAN,
-};
-
-static void smc91c111_cleanup(NetClientState *nc)
-{
- smc91c111_state *s = DO_UPCAST(NICState, nc, nc)->opaque;
-
- s->nic = NULL;
-}
-
-static NetClientInfo net_smc91c111_info = {
- .type = NET_CLIENT_OPTIONS_KIND_NIC,
- .size = sizeof(NICState),
- .can_receive = smc91c111_can_receive,
- .receive = smc91c111_receive,
- .cleanup = smc91c111_cleanup,
-};
-
-static int smc91c111_init1(SysBusDevice *dev)
-{
- smc91c111_state *s = FROM_SYSBUS(smc91c111_state, dev);
- memory_region_init_io(&s->mmio, &smc91c111_mem_ops, s,
- "smc91c111-mmio", 16);
- sysbus_init_mmio(dev, &s->mmio);
- sysbus_init_irq(dev, &s->irq);
- qemu_macaddr_default_if_unset(&s->conf.macaddr);
- s->nic = qemu_new_nic(&net_smc91c111_info, &s->conf,
- object_get_typename(OBJECT(dev)), dev->qdev.id, s);
- qemu_format_nic_info_str(&s->nic->nc, s->conf.macaddr.a);
- /* ??? Save/restore. */
- return 0;
-}
-
-static Property smc91c111_properties[] = {
- DEFINE_NIC_PROPERTIES(smc91c111_state, conf),
- DEFINE_PROP_END_OF_LIST(),
-};
-
-static void smc91c111_class_init(ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS(klass);
- SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
-
- k->init = smc91c111_init1;
- dc->reset = smc91c111_reset;
- dc->vmsd = &vmstate_smc91c111;
- dc->props = smc91c111_properties;
-}
-
-static TypeInfo smc91c111_info = {
- .name = "smc91c111",
- .parent = TYPE_SYS_BUS_DEVICE,
- .instance_size = sizeof(smc91c111_state),
- .class_init = smc91c111_class_init,
-};
-
-static void smc91c111_register_types(void)
-{
- type_register_static(&smc91c111_info);
-}
-
-/* Legacy helper function. Should go away when machine config files are
- implemented. */
-void smc91c111_init(NICInfo *nd, uint32_t base, qemu_irq irq)
-{
- DeviceState *dev;
- SysBusDevice *s;
-
- qemu_check_nic_model(nd, "smc91c111");
- dev = qdev_create(NULL, "smc91c111");
- qdev_set_nic_properties(dev, nd);
- qdev_init_nofail(dev);
- s = sysbus_from_qdev(dev);
- sysbus_mmio_map(s, 0, base);
- sysbus_connect_irq(s, 0, irq);
-}
-
-type_init(smc91c111_register_types)
diff --git a/hw/soc_dma.c b/hw/soc_dma.c
deleted file mode 100644
index 50d5f84b4..000000000
--- a/hw/soc_dma.c
+++ /dev/null
@@ -1,366 +0,0 @@
-/*
- * On-chip DMA controller framework.
- *
- * Copyright (C) 2008 Nokia Corporation
- * Written by Andrzej Zaborowski <andrew@openedhand.com>
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License as
- * published by the Free Software Foundation; either version 2 or
- * (at your option) version 3 of the License.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, see <http://www.gnu.org/licenses/>.
- */
-#include "qemu-common.h"
-#include "qemu-timer.h"
-#include "soc_dma.h"
-
-static void transfer_mem2mem(struct soc_dma_ch_s *ch)
-{
- memcpy(ch->paddr[0], ch->paddr[1], ch->bytes);
- ch->paddr[0] += ch->bytes;
- ch->paddr[1] += ch->bytes;
-}
-
-static void transfer_mem2fifo(struct soc_dma_ch_s *ch)
-{
- ch->io_fn[1](ch->io_opaque[1], ch->paddr[0], ch->bytes);
- ch->paddr[0] += ch->bytes;
-}
-
-static void transfer_fifo2mem(struct soc_dma_ch_s *ch)
-{
- ch->io_fn[0](ch->io_opaque[0], ch->paddr[1], ch->bytes);
- ch->paddr[1] += ch->bytes;
-}
-
-/* This is further optimisable but isn't very important because often
- * DMA peripherals forbid this kind of transfers and even when they don't,
- * oprating systems may not need to use them. */
-static void *fifo_buf;
-static int fifo_size;
-static void transfer_fifo2fifo(struct soc_dma_ch_s *ch)
-{
- if (ch->bytes > fifo_size)
- fifo_buf = g_realloc(fifo_buf, fifo_size = ch->bytes);
-
- /* Implement as transfer_fifo2linear + transfer_linear2fifo. */
- ch->io_fn[0](ch->io_opaque[0], fifo_buf, ch->bytes);
- ch->io_fn[1](ch->io_opaque[1], fifo_buf, ch->bytes);
-}
-
-struct dma_s {
- struct soc_dma_s soc;
- int chnum;
- uint64_t ch_enable_mask;
- int64_t channel_freq;
- int enabled_count;
-
- struct memmap_entry_s {
- enum soc_dma_port_type type;
- hwaddr addr;
- union {
- struct {
- void *opaque;
- soc_dma_io_t fn;
- int out;
- } fifo;
- struct {
- void *base;
- size_t size;
- } mem;
- } u;
- } *memmap;
- int memmap_size;
-
- struct soc_dma_ch_s ch[0];
-};
-
-static void soc_dma_ch_schedule(struct soc_dma_ch_s *ch, int delay_bytes)
-{
- int64_t now = qemu_get_clock_ns(vm_clock);
- struct dma_s *dma = (struct dma_s *) ch->dma;
-
- qemu_mod_timer(ch->timer, now + delay_bytes / dma->channel_freq);
-}
-
-static void soc_dma_ch_run(void *opaque)
-{
- struct soc_dma_ch_s *ch = (struct soc_dma_ch_s *) opaque;
-
- ch->running = 1;
- ch->dma->setup_fn(ch);
- ch->transfer_fn(ch);
- ch->running = 0;
-
- if (ch->enable)
- soc_dma_ch_schedule(ch, ch->bytes);
- ch->bytes = 0;
-}
-
-static inline struct memmap_entry_s *soc_dma_lookup(struct dma_s *dma,
- hwaddr addr)
-{
- struct memmap_entry_s *lo;
- int hi;
-
- lo = dma->memmap;
- hi = dma->memmap_size;
-
- while (hi > 1) {
- hi /= 2;
- if (lo[hi].addr <= addr)
- lo += hi;
- }
-
- return lo;
-}
-
-static inline enum soc_dma_port_type soc_dma_ch_update_type(
- struct soc_dma_ch_s *ch, int port)
-{
- struct dma_s *dma = (struct dma_s *) ch->dma;
- struct memmap_entry_s *entry = soc_dma_lookup(dma, ch->vaddr[port]);
-
- if (entry->type == soc_dma_port_fifo) {
- while (entry < dma->memmap + dma->memmap_size &&
- entry->u.fifo.out != port)
- entry ++;
- if (entry->addr != ch->vaddr[port] || entry->u.fifo.out != port)
- return soc_dma_port_other;
-
- if (ch->type[port] != soc_dma_access_const)
- return soc_dma_port_other;
-
- ch->io_fn[port] = entry->u.fifo.fn;
- ch->io_opaque[port] = entry->u.fifo.opaque;
- return soc_dma_port_fifo;
- } else if (entry->type == soc_dma_port_mem) {
- if (entry->addr > ch->vaddr[port] ||
- entry->addr + entry->u.mem.size <= ch->vaddr[port])
- return soc_dma_port_other;
-
- /* TODO: support constant memory address for source port as used for
- * drawing solid rectangles by PalmOS(R). */
- if (ch->type[port] != soc_dma_access_const)
- return soc_dma_port_other;
-
- ch->paddr[port] = (uint8_t *) entry->u.mem.base +
- (ch->vaddr[port] - entry->addr);
- /* TODO: save bytes left to the end of the mapping somewhere so we
- * can check we're not reading beyond it. */
- return soc_dma_port_mem;
- } else
- return soc_dma_port_other;
-}
-
-void soc_dma_ch_update(struct soc_dma_ch_s *ch)
-{
- enum soc_dma_port_type src, dst;
-
- src = soc_dma_ch_update_type(ch, 0);
- if (src == soc_dma_port_other) {
- ch->update = 0;
- ch->transfer_fn = ch->dma->transfer_fn;
- return;
- }
- dst = soc_dma_ch_update_type(ch, 1);
-
- /* TODO: use src and dst as array indices. */
- if (src == soc_dma_port_mem && dst == soc_dma_port_mem)
- ch->transfer_fn = transfer_mem2mem;
- else if (src == soc_dma_port_mem && dst == soc_dma_port_fifo)
- ch->transfer_fn = transfer_mem2fifo;
- else if (src == soc_dma_port_fifo && dst == soc_dma_port_mem)
- ch->transfer_fn = transfer_fifo2mem;
- else if (src == soc_dma_port_fifo && dst == soc_dma_port_fifo)
- ch->transfer_fn = transfer_fifo2fifo;
- else
- ch->transfer_fn = ch->dma->transfer_fn;
-
- ch->update = (dst != soc_dma_port_other);
-}
-
-static void soc_dma_ch_freq_update(struct dma_s *s)
-{
- if (s->enabled_count)
- /* We completely ignore channel priorities and stuff */
- s->channel_freq = s->soc.freq / s->enabled_count;
- else {
- /* TODO: Signal that we want to disable the functional clock and let
- * the platform code decide what to do with it, i.e. check that
- * auto-idle is enabled in the clock controller and if we are stopping
- * the clock, do the same with any parent clocks that had only one
- * user keeping them on and auto-idle enabled. */
- }
-}
-
-void soc_dma_set_request(struct soc_dma_ch_s *ch, int level)
-{
- struct dma_s *dma = (struct dma_s *) ch->dma;
-
- dma->enabled_count += level - ch->enable;
-
- if (level)
- dma->ch_enable_mask |= 1 << ch->num;
- else
- dma->ch_enable_mask &= ~(1 << ch->num);
-
- if (level != ch->enable) {
- soc_dma_ch_freq_update(dma);
- ch->enable = level;
-
- if (!ch->enable)
- qemu_del_timer(ch->timer);
- else if (!ch->running)
- soc_dma_ch_run(ch);
- else
- soc_dma_ch_schedule(ch, 1);
- }
-}
-
-void soc_dma_reset(struct soc_dma_s *soc)
-{
- struct dma_s *s = (struct dma_s *) soc;
-
- s->soc.drqbmp = 0;
- s->ch_enable_mask = 0;
- s->enabled_count = 0;
- soc_dma_ch_freq_update(s);
-}
-
-/* TODO: take a functional-clock argument */
-struct soc_dma_s *soc_dma_init(int n)
-{
- int i;
- struct dma_s *s = g_malloc0(sizeof(*s) + n * sizeof(*s->ch));
-
- s->chnum = n;
- s->soc.ch = s->ch;
- for (i = 0; i < n; i ++) {
- s->ch[i].dma = &s->soc;
- s->ch[i].num = i;
- s->ch[i].timer = qemu_new_timer_ns(vm_clock, soc_dma_ch_run, &s->ch[i]);
- }
-
- soc_dma_reset(&s->soc);
- fifo_size = 0;
-
- return &s->soc;
-}
-
-void soc_dma_port_add_fifo(struct soc_dma_s *soc, hwaddr virt_base,
- soc_dma_io_t fn, void *opaque, int out)
-{
- struct memmap_entry_s *entry;
- struct dma_s *dma = (struct dma_s *) soc;
-
- dma->memmap = g_realloc(dma->memmap, sizeof(*entry) *
- (dma->memmap_size + 1));
- entry = soc_dma_lookup(dma, virt_base);
-
- if (dma->memmap_size) {
- if (entry->type == soc_dma_port_mem) {
- if (entry->addr <= virt_base &&
- entry->addr + entry->u.mem.size > virt_base) {
- fprintf(stderr, "%s: FIFO at " TARGET_FMT_lx
- " collides with RAM region at " TARGET_FMT_lx
- "-" TARGET_FMT_lx "\n", __FUNCTION__,
- (target_ulong) virt_base,
- (target_ulong) entry->addr, (target_ulong)
- (entry->addr + entry->u.mem.size));
- exit(-1);
- }
-
- if (entry->addr <= virt_base)
- entry ++;
- } else
- while (entry < dma->memmap + dma->memmap_size &&
- entry->addr <= virt_base) {
- if (entry->addr == virt_base && entry->u.fifo.out == out) {
- fprintf(stderr, "%s: FIFO at " TARGET_FMT_lx
- " collides FIFO at " TARGET_FMT_lx "\n",
- __FUNCTION__, (target_ulong) virt_base,
- (target_ulong) entry->addr);
- exit(-1);
- }
-
- entry ++;
- }
-
- memmove(entry + 1, entry,
- (uint8_t *) (dma->memmap + dma->memmap_size ++) -
- (uint8_t *) entry);
- } else
- dma->memmap_size ++;
-
- entry->addr = virt_base;
- entry->type = soc_dma_port_fifo;
- entry->u.fifo.fn = fn;
- entry->u.fifo.opaque = opaque;
- entry->u.fifo.out = out;
-}
-
-void soc_dma_port_add_mem(struct soc_dma_s *soc, uint8_t *phys_base,
- hwaddr virt_base, size_t size)
-{
- struct memmap_entry_s *entry;
- struct dma_s *dma = (struct dma_s *) soc;
-
- dma->memmap = g_realloc(dma->memmap, sizeof(*entry) *
- (dma->memmap_size + 1));
- entry = soc_dma_lookup(dma, virt_base);
-
- if (dma->memmap_size) {
- if (entry->type == soc_dma_port_mem) {
- if ((entry->addr >= virt_base && entry->addr < virt_base + size) ||
- (entry->addr <= virt_base &&
- entry->addr + entry->u.mem.size > virt_base)) {
- fprintf(stderr, "%s: RAM at " TARGET_FMT_lx "-" TARGET_FMT_lx
- " collides with RAM region at " TARGET_FMT_lx
- "-" TARGET_FMT_lx "\n", __FUNCTION__,
- (target_ulong) virt_base,
- (target_ulong) (virt_base + size),
- (target_ulong) entry->addr, (target_ulong)
- (entry->addr + entry->u.mem.size));
- exit(-1);
- }
-
- if (entry->addr <= virt_base)
- entry ++;
- } else {
- if (entry->addr >= virt_base &&
- entry->addr < virt_base + size) {
- fprintf(stderr, "%s: RAM at " TARGET_FMT_lx "-" TARGET_FMT_lx
- " collides with FIFO at " TARGET_FMT_lx
- "\n", __FUNCTION__,
- (target_ulong) virt_base,
- (target_ulong) (virt_base + size),
- (target_ulong) entry->addr);
- exit(-1);
- }
-
- while (entry < dma->memmap + dma->memmap_size &&
- entry->addr <= virt_base)
- entry ++;
- }
-
- memmove(entry + 1, entry,
- (uint8_t *) (dma->memmap + dma->memmap_size ++) -
- (uint8_t *) entry);
- } else
- dma->memmap_size ++;
-
- entry->addr = virt_base;
- entry->type = soc_dma_port_mem;
- entry->u.mem.base = phys_base;
- entry->u.mem.size = size;
-}
-
-/* TODO: port removal for ports like PCMCIA memory */
diff --git a/hw/soc_dma.h b/hw/soc_dma.h
deleted file mode 100644
index 5948489ea..000000000
--- a/hw/soc_dma.h
+++ /dev/null
@@ -1,110 +0,0 @@
-/*
- * On-chip DMA controller framework.
- *
- * Copyright (C) 2008 Nokia Corporation
- * Written by Andrzej Zaborowski <andrew@openedhand.com>
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License as
- * published by the Free Software Foundation; either version 2 or
- * (at your option) version 3 of the License.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, see <http://www.gnu.org/licenses/>.
- */
-
-#include "memory.h"
-#include "hw/irq.h"
-
-struct soc_dma_s;
-struct soc_dma_ch_s;
-typedef void (*soc_dma_io_t)(void *opaque, uint8_t *buf, int len);
-typedef void (*soc_dma_transfer_t)(struct soc_dma_ch_s *ch);
-
-enum soc_dma_port_type {
- soc_dma_port_mem,
- soc_dma_port_fifo,
- soc_dma_port_other,
-};
-
-enum soc_dma_access_type {
- soc_dma_access_const,
- soc_dma_access_linear,
- soc_dma_access_other,
-};
-
-struct soc_dma_ch_s {
- /* Private */
- struct soc_dma_s *dma;
- int num;
- QEMUTimer *timer;
-
- /* Set by soc_dma.c */
- int enable;
- int update;
-
- /* This should be set by dma->setup_fn(). */
- int bytes;
- /* Initialised by the DMA module, call soc_dma_ch_update after writing. */
- enum soc_dma_access_type type[2];
- hwaddr vaddr[2]; /* Updated by .transfer_fn(). */
- /* Private */
- void *paddr[2];
- soc_dma_io_t io_fn[2];
- void *io_opaque[2];
-
- int running;
- soc_dma_transfer_t transfer_fn;
-
- /* Set and used by the DMA module. */
- void *opaque;
-};
-
-struct soc_dma_s {
- /* Following fields are set by the SoC DMA module and can be used
- * by anybody. */
- uint64_t drqbmp; /* Is zeroed by soc_dma_reset() */
- qemu_irq *drq;
- void *opaque;
- int64_t freq;
- soc_dma_transfer_t transfer_fn;
- soc_dma_transfer_t setup_fn;
- /* Set by soc_dma_init() for use by the DMA module. */
- struct soc_dma_ch_s *ch;
-};
-
-/* Call to activate or stop a DMA channel. */
-void soc_dma_set_request(struct soc_dma_ch_s *ch, int level);
-/* Call after every write to one of the following fields and before
- * calling soc_dma_set_request(ch, 1):
- * ch->type[0...1],
- * ch->vaddr[0...1],
- * ch->paddr[0...1],
- * or after a soc_dma_port_add_fifo() or soc_dma_port_add_mem(). */
-void soc_dma_ch_update(struct soc_dma_ch_s *ch);
-
-/* The SoC should call this when the DMA module is being reset. */
-void soc_dma_reset(struct soc_dma_s *s);
-struct soc_dma_s *soc_dma_init(int n);
-
-void soc_dma_port_add_fifo(struct soc_dma_s *dma, hwaddr virt_base,
- soc_dma_io_t fn, void *opaque, int out);
-void soc_dma_port_add_mem(struct soc_dma_s *dma, uint8_t *phys_base,
- hwaddr virt_base, size_t size);
-
-static inline void soc_dma_port_add_fifo_in(struct soc_dma_s *dma,
- hwaddr virt_base, soc_dma_io_t fn, void *opaque)
-{
- return soc_dma_port_add_fifo(dma, virt_base, fn, opaque, 0);
-}
-
-static inline void soc_dma_port_add_fifo_out(struct soc_dma_s *dma,
- hwaddr virt_base, soc_dma_io_t fn, void *opaque)
-{
- return soc_dma_port_add_fifo(dma, virt_base, fn, opaque, 1);
-}
diff --git a/hw/spapr.c b/hw/spapr.c
deleted file mode 100644
index ad3f0ea7f..000000000
--- a/hw/spapr.c
+++ /dev/null
@@ -1,937 +0,0 @@
-/*
- * QEMU PowerPC pSeries Logical Partition (aka sPAPR) hardware System Emulator
- *
- * Copyright (c) 2004-2007 Fabrice Bellard
- * Copyright (c) 2007 Jocelyn Mayer
- * Copyright (c) 2010 David Gibson, IBM Corporation.
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
- * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
- * THE SOFTWARE.
- *
- */
-#include "sysemu.h"
-#include "hw.h"
-#include "elf.h"
-#include "net.h"
-#include "blockdev.h"
-#include "cpus.h"
-#include "kvm.h"
-#include "kvm_ppc.h"
-
-#include "hw/boards.h"
-#include "hw/ppc.h"
-#include "hw/loader.h"
-
-#include "hw/spapr.h"
-#include "hw/spapr_vio.h"
-#include "hw/spapr_pci.h"
-#include "hw/xics.h"
-#include "hw/msi.h"
-
-#include "kvm.h"
-#include "kvm_ppc.h"
-#include "pci.h"
-
-#include "exec-memory.h"
-#include "hw/usb.h"
-
-#include <libfdt.h>
-
-/* SLOF memory layout:
- *
- * SLOF raw image loaded at 0, copies its romfs right below the flat
- * device-tree, then position SLOF itself 31M below that
- *
- * So we set FW_OVERHEAD to 40MB which should account for all of that
- * and more
- *
- * We load our kernel at 4M, leaving space for SLOF initial image
- */
-#define FDT_MAX_SIZE 0x10000
-#define RTAS_MAX_SIZE 0x10000
-#define FW_MAX_SIZE 0x400000
-#define FW_FILE_NAME "slof.bin"
-#define FW_OVERHEAD 0x2800000
-#define KERNEL_LOAD_ADDR FW_MAX_SIZE
-
-#define MIN_RMA_SLOF 128UL
-
-#define TIMEBASE_FREQ 512000000ULL
-
-#define MAX_CPUS 256
-#define XICS_IRQS 1024
-
-#define SPAPR_PCI_BUID 0x800000020000001ULL
-#define SPAPR_PCI_MEM_WIN_ADDR (0x10000000000ULL + 0xA0000000)
-#define SPAPR_PCI_MEM_WIN_SIZE 0x20000000
-#define SPAPR_PCI_IO_WIN_ADDR (0x10000000000ULL + 0x80000000)
-#define SPAPR_PCI_MSI_WIN_ADDR (0x10000000000ULL + 0x90000000)
-
-#define PHANDLE_XICP 0x00001111
-
-#define HTAB_SIZE(spapr) (1ULL << ((spapr)->htab_shift))
-
-sPAPREnvironment *spapr;
-
-int spapr_allocate_irq(int hint, bool lsi)
-{
- int irq;
-
- if (hint) {
- irq = hint;
- /* FIXME: we should probably check for collisions somehow */
- } else {
- irq = spapr->next_irq++;
- }
-
- /* Configure irq type */
- if (!xics_get_qirq(spapr->icp, irq)) {
- return 0;
- }
-
- xics_set_irq_type(spapr->icp, irq, lsi);
-
- return irq;
-}
-
-/* Allocate block of consequtive IRQs, returns a number of the first */
-int spapr_allocate_irq_block(int num, bool lsi)
-{
- int first = -1;
- int i;
-
- for (i = 0; i < num; ++i) {
- int irq;
-
- irq = spapr_allocate_irq(0, lsi);
- if (!irq) {
- return -1;
- }
-
- if (0 == i) {
- first = irq;
- }
-
- /* If the above doesn't create a consecutive block then that's
- * an internal bug */
- assert(irq == (first + i));
- }
-
- return first;
-}
-
-static int spapr_fixup_cpu_dt(void *fdt, sPAPREnvironment *spapr)
-{
- int ret = 0, offset;
- CPUPPCState *env;
- char cpu_model[32];
- int smt = kvmppc_smt_threads();
- uint32_t pft_size_prop[] = {0, cpu_to_be32(spapr->htab_shift)};
-
- assert(spapr->cpu_model);
-
- for (env = first_cpu; env != NULL; env = env->next_cpu) {
- uint32_t associativity[] = {cpu_to_be32(0x5),
- cpu_to_be32(0x0),
- cpu_to_be32(0x0),
- cpu_to_be32(0x0),
- cpu_to_be32(env->numa_node),
- cpu_to_be32(env->cpu_index)};
-
- if ((env->cpu_index % smt) != 0) {
- continue;
- }
-
- snprintf(cpu_model, 32, "/cpus/%s@%x", spapr->cpu_model,
- env->cpu_index);
-
- offset = fdt_path_offset(fdt, cpu_model);
- if (offset < 0) {
- return offset;
- }
-
- if (nb_numa_nodes > 1) {
- ret = fdt_setprop(fdt, offset, "ibm,associativity", associativity,
- sizeof(associativity));
- if (ret < 0) {
- return ret;
- }
- }
-
- ret = fdt_setprop(fdt, offset, "ibm,pft-size",
- pft_size_prop, sizeof(pft_size_prop));
- if (ret < 0) {
- return ret;
- }
- }
- return ret;
-}
-
-
-static size_t create_page_sizes_prop(CPUPPCState *env, uint32_t *prop,
- size_t maxsize)
-{
- size_t maxcells = maxsize / sizeof(uint32_t);
- int i, j, count;
- uint32_t *p = prop;
-
- for (i = 0; i < PPC_PAGE_SIZES_MAX_SZ; i++) {
- struct ppc_one_seg_page_size *sps = &env->sps.sps[i];
-
- if (!sps->page_shift) {
- break;
- }
- for (count = 0; count < PPC_PAGE_SIZES_MAX_SZ; count++) {
- if (sps->enc[count].page_shift == 0) {
- break;
- }
- }
- if ((p - prop) >= (maxcells - 3 - count * 2)) {
- break;
- }
- *(p++) = cpu_to_be32(sps->page_shift);
- *(p++) = cpu_to_be32(sps->slb_enc);
- *(p++) = cpu_to_be32(count);
- for (j = 0; j < count; j++) {
- *(p++) = cpu_to_be32(sps->enc[j].page_shift);
- *(p++) = cpu_to_be32(sps->enc[j].pte_enc);
- }
- }
-
- return (p - prop) * sizeof(uint32_t);
-}
-
-#define _FDT(exp) \
- do { \
- int ret = (exp); \
- if (ret < 0) { \
- fprintf(stderr, "qemu: error creating device tree: %s: %s\n", \
- #exp, fdt_strerror(ret)); \
- exit(1); \
- } \
- } while (0)
-
-
-static void *spapr_create_fdt_skel(const char *cpu_model,
- hwaddr initrd_base,
- hwaddr initrd_size,
- hwaddr kernel_size,
- const char *boot_device,
- const char *kernel_cmdline,
- uint32_t epow_irq)
-{
- void *fdt;
- CPUPPCState *env;
- uint32_t start_prop = cpu_to_be32(initrd_base);
- uint32_t end_prop = cpu_to_be32(initrd_base + initrd_size);
- char hypertas_prop[] = "hcall-pft\0hcall-term\0hcall-dabr\0hcall-interrupt"
- "\0hcall-tce\0hcall-vio\0hcall-splpar\0hcall-bulk";
- char qemu_hypertas_prop[] = "hcall-memop1";
- uint32_t refpoints[] = {cpu_to_be32(0x4), cpu_to_be32(0x4)};
- uint32_t interrupt_server_ranges_prop[] = {0, cpu_to_be32(smp_cpus)};
- char *modelname;
- int i, smt = kvmppc_smt_threads();
- unsigned char vec5[] = {0x0, 0x0, 0x0, 0x0, 0x0, 0x80};
-
- fdt = g_malloc0(FDT_MAX_SIZE);
- _FDT((fdt_create(fdt, FDT_MAX_SIZE)));
-
- if (kernel_size) {
- _FDT((fdt_add_reservemap_entry(fdt, KERNEL_LOAD_ADDR, kernel_size)));
- }
- if (initrd_size) {
- _FDT((fdt_add_reservemap_entry(fdt, initrd_base, initrd_size)));
- }
- _FDT((fdt_finish_reservemap(fdt)));
-
- /* Root node */
- _FDT((fdt_begin_node(fdt, "")));
- _FDT((fdt_property_string(fdt, "device_type", "chrp")));
- _FDT((fdt_property_string(fdt, "model", "IBM pSeries (emulated by qemu)")));
-
- _FDT((fdt_property_cell(fdt, "#address-cells", 0x2)));
- _FDT((fdt_property_cell(fdt, "#size-cells", 0x2)));
-
- /* /chosen */
- _FDT((fdt_begin_node(fdt, "chosen")));
-
- /* Set Form1_affinity */
- _FDT((fdt_property(fdt, "ibm,architecture-vec-5", vec5, sizeof(vec5))));
-
- _FDT((fdt_property_string(fdt, "bootargs", kernel_cmdline)));
- _FDT((fdt_property(fdt, "linux,initrd-start",
- &start_prop, sizeof(start_prop))));
- _FDT((fdt_property(fdt, "linux,initrd-end",
- &end_prop, sizeof(end_prop))));
- if (kernel_size) {
- uint64_t kprop[2] = { cpu_to_be64(KERNEL_LOAD_ADDR),
- cpu_to_be64(kernel_size) };
-
- _FDT((fdt_property(fdt, "qemu,boot-kernel", &kprop, sizeof(kprop))));
- }
- _FDT((fdt_property_string(fdt, "qemu,boot-device", boot_device)));
- _FDT((fdt_property_cell(fdt, "qemu,graphic-width", graphic_width)));
- _FDT((fdt_property_cell(fdt, "qemu,graphic-height", graphic_height)));
- _FDT((fdt_property_cell(fdt, "qemu,graphic-depth", graphic_depth)));
-
- _FDT((fdt_end_node(fdt)));
-
- /* cpus */
- _FDT((fdt_begin_node(fdt, "cpus")));
-
- _FDT((fdt_property_cell(fdt, "#address-cells", 0x1)));
- _FDT((fdt_property_cell(fdt, "#size-cells", 0x0)));
-
- modelname = g_strdup(cpu_model);
-
- for (i = 0; i < strlen(modelname); i++) {
- modelname[i] = toupper(modelname[i]);
- }
-
- /* This is needed during FDT finalization */
- spapr->cpu_model = g_strdup(modelname);
-
- for (env = first_cpu; env != NULL; env = env->next_cpu) {
- int index = env->cpu_index;
- uint32_t servers_prop[smp_threads];
- uint32_t gservers_prop[smp_threads * 2];
- char *nodename;
- uint32_t segs[] = {cpu_to_be32(28), cpu_to_be32(40),
- 0xffffffff, 0xffffffff};
- uint32_t tbfreq = kvm_enabled() ? kvmppc_get_tbfreq() : TIMEBASE_FREQ;
- uint32_t cpufreq = kvm_enabled() ? kvmppc_get_clockfreq() : 1000000000;
- uint32_t page_sizes_prop[64];
- size_t page_sizes_prop_size;
-
- if ((index % smt) != 0) {
- continue;
- }
-
- if (asprintf(&nodename, "%s@%x", modelname, index) < 0) {
- fprintf(stderr, "Allocation failure\n");
- exit(1);
- }
-
- _FDT((fdt_begin_node(fdt, nodename)));
-
- free(nodename);
-
- _FDT((fdt_property_cell(fdt, "reg", index)));
- _FDT((fdt_property_string(fdt, "device_type", "cpu")));
-
- _FDT((fdt_property_cell(fdt, "cpu-version", env->spr[SPR_PVR])));
- _FDT((fdt_property_cell(fdt, "dcache-block-size",
- env->dcache_line_size)));
- _FDT((fdt_property_cell(fdt, "icache-block-size",
- env->icache_line_size)));
- _FDT((fdt_property_cell(fdt, "timebase-frequency", tbfreq)));
- _FDT((fdt_property_cell(fdt, "clock-frequency", cpufreq)));
- _FDT((fdt_property_cell(fdt, "ibm,slb-size", env->slb_nr)));
- _FDT((fdt_property_string(fdt, "status", "okay")));
- _FDT((fdt_property(fdt, "64-bit", NULL, 0)));
-
- /* Build interrupt servers and gservers properties */
- for (i = 0; i < smp_threads; i++) {
- servers_prop[i] = cpu_to_be32(index + i);
- /* Hack, direct the group queues back to cpu 0 */
- gservers_prop[i*2] = cpu_to_be32(index + i);
- gservers_prop[i*2 + 1] = 0;
- }
- _FDT((fdt_property(fdt, "ibm,ppc-interrupt-server#s",
- servers_prop, sizeof(servers_prop))));
- _FDT((fdt_property(fdt, "ibm,ppc-interrupt-gserver#s",
- gservers_prop, sizeof(gservers_prop))));
-
- if (env->mmu_model & POWERPC_MMU_1TSEG) {
- _FDT((fdt_property(fdt, "ibm,processor-segment-sizes",
- segs, sizeof(segs))));
- }
-
- /* Advertise VMX/VSX (vector extensions) if available
- * 0 / no property == no vector extensions
- * 1 == VMX / Altivec available
- * 2 == VSX available */
- if (env->insns_flags & PPC_ALTIVEC) {
- uint32_t vmx = (env->insns_flags2 & PPC2_VSX) ? 2 : 1;
-
- _FDT((fdt_property_cell(fdt, "ibm,vmx", vmx)));
- }
-
- /* Advertise DFP (Decimal Floating Point) if available
- * 0 / no property == no DFP
- * 1 == DFP available */
- if (env->insns_flags2 & PPC2_DFP) {
- _FDT((fdt_property_cell(fdt, "ibm,dfp", 1)));
- }
-
- page_sizes_prop_size = create_page_sizes_prop(env, page_sizes_prop,
- sizeof(page_sizes_prop));
- if (page_sizes_prop_size) {
- _FDT((fdt_property(fdt, "ibm,segment-page-sizes",
- page_sizes_prop, page_sizes_prop_size)));
- }
-
- _FDT((fdt_end_node(fdt)));
- }
-
- g_free(modelname);
-
- _FDT((fdt_end_node(fdt)));
-
- /* RTAS */
- _FDT((fdt_begin_node(fdt, "rtas")));
-
- _FDT((fdt_property(fdt, "ibm,hypertas-functions", hypertas_prop,
- sizeof(hypertas_prop))));
- _FDT((fdt_property(fdt, "qemu,hypertas-functions", qemu_hypertas_prop,
- sizeof(qemu_hypertas_prop))));
-
- _FDT((fdt_property(fdt, "ibm,associativity-reference-points",
- refpoints, sizeof(refpoints))));
-
- _FDT((fdt_property_cell(fdt, "rtas-error-log-max", RTAS_ERROR_LOG_MAX)));
-
- _FDT((fdt_end_node(fdt)));
-
- /* interrupt controller */
- _FDT((fdt_begin_node(fdt, "interrupt-controller")));
-
- _FDT((fdt_property_string(fdt, "device_type",
- "PowerPC-External-Interrupt-Presentation")));
- _FDT((fdt_property_string(fdt, "compatible", "IBM,ppc-xicp")));
- _FDT((fdt_property(fdt, "interrupt-controller", NULL, 0)));
- _FDT((fdt_property(fdt, "ibm,interrupt-server-ranges",
- interrupt_server_ranges_prop,
- sizeof(interrupt_server_ranges_prop))));
- _FDT((fdt_property_cell(fdt, "#interrupt-cells", 2)));
- _FDT((fdt_property_cell(fdt, "linux,phandle", PHANDLE_XICP)));
- _FDT((fdt_property_cell(fdt, "phandle", PHANDLE_XICP)));
-
- _FDT((fdt_end_node(fdt)));
-
- /* vdevice */
- _FDT((fdt_begin_node(fdt, "vdevice")));
-
- _FDT((fdt_property_string(fdt, "device_type", "vdevice")));
- _FDT((fdt_property_string(fdt, "compatible", "IBM,vdevice")));
- _FDT((fdt_property_cell(fdt, "#address-cells", 0x1)));
- _FDT((fdt_property_cell(fdt, "#size-cells", 0x0)));
- _FDT((fdt_property_cell(fdt, "#interrupt-cells", 0x2)));
- _FDT((fdt_property(fdt, "interrupt-controller", NULL, 0)));
-
- _FDT((fdt_end_node(fdt)));
-
- /* event-sources */
- spapr_events_fdt_skel(fdt, epow_irq);
-
- _FDT((fdt_end_node(fdt))); /* close root node */
- _FDT((fdt_finish(fdt)));
-
- return fdt;
-}
-
-static int spapr_populate_memory(sPAPREnvironment *spapr, void *fdt)
-{
- uint32_t associativity[] = {cpu_to_be32(0x4), cpu_to_be32(0x0),
- cpu_to_be32(0x0), cpu_to_be32(0x0),
- cpu_to_be32(0x0)};
- char mem_name[32];
- hwaddr node0_size, mem_start;
- uint64_t mem_reg_property[2];
- int i, off;
-
- /* memory node(s) */
- node0_size = (nb_numa_nodes > 1) ? node_mem[0] : ram_size;
- if (spapr->rma_size > node0_size) {
- spapr->rma_size = node0_size;
- }
-
- /* RMA */
- mem_reg_property[0] = 0;
- mem_reg_property[1] = cpu_to_be64(spapr->rma_size);
- off = fdt_add_subnode(fdt, 0, "memory@0");
- _FDT(off);
- _FDT((fdt_setprop_string(fdt, off, "device_type", "memory")));
- _FDT((fdt_setprop(fdt, off, "reg", mem_reg_property,
- sizeof(mem_reg_property))));
- _FDT((fdt_setprop(fdt, off, "ibm,associativity", associativity,
- sizeof(associativity))));
-
- /* RAM: Node 0 */
- if (node0_size > spapr->rma_size) {
- mem_reg_property[0] = cpu_to_be64(spapr->rma_size);
- mem_reg_property[1] = cpu_to_be64(node0_size - spapr->rma_size);
-
- sprintf(mem_name, "memory@" TARGET_FMT_lx, spapr->rma_size);
- off = fdt_add_subnode(fdt, 0, mem_name);
- _FDT(off);
- _FDT((fdt_setprop_string(fdt, off, "device_type", "memory")));
- _FDT((fdt_setprop(fdt, off, "reg", mem_reg_property,
- sizeof(mem_reg_property))));
- _FDT((fdt_setprop(fdt, off, "ibm,associativity", associativity,
- sizeof(associativity))));
- }
-
- /* RAM: Node 1 and beyond */
- mem_start = node0_size;
- for (i = 1; i < nb_numa_nodes; i++) {
- mem_reg_property[0] = cpu_to_be64(mem_start);
- mem_reg_property[1] = cpu_to_be64(node_mem[i]);
- associativity[3] = associativity[4] = cpu_to_be32(i);
- sprintf(mem_name, "memory@" TARGET_FMT_lx, mem_start);
- off = fdt_add_subnode(fdt, 0, mem_name);
- _FDT(off);
- _FDT((fdt_setprop_string(fdt, off, "device_type", "memory")));
- _FDT((fdt_setprop(fdt, off, "reg", mem_reg_property,
- sizeof(mem_reg_property))));
- _FDT((fdt_setprop(fdt, off, "ibm,associativity", associativity,
- sizeof(associativity))));
- mem_start += node_mem[i];
- }
-
- return 0;
-}
-
-static void spapr_finalize_fdt(sPAPREnvironment *spapr,
- hwaddr fdt_addr,
- hwaddr rtas_addr,
- hwaddr rtas_size)
-{
- int ret;
- void *fdt;
- sPAPRPHBState *phb;
-
- fdt = g_malloc(FDT_MAX_SIZE);
-
- /* open out the base tree into a temp buffer for the final tweaks */
- _FDT((fdt_open_into(spapr->fdt_skel, fdt, FDT_MAX_SIZE)));
-
- ret = spapr_populate_memory(spapr, fdt);
- if (ret < 0) {
- fprintf(stderr, "couldn't setup memory nodes in fdt\n");
- exit(1);
- }
-
- ret = spapr_populate_vdevice(spapr->vio_bus, fdt);
- if (ret < 0) {
- fprintf(stderr, "couldn't setup vio devices in fdt\n");
- exit(1);
- }
-
- QLIST_FOREACH(phb, &spapr->phbs, list) {
- ret = spapr_populate_pci_dt(phb, PHANDLE_XICP, fdt);
- }
-
- if (ret < 0) {
- fprintf(stderr, "couldn't setup PCI devices in fdt\n");
- exit(1);
- }
-
- /* RTAS */
- ret = spapr_rtas_device_tree_setup(fdt, rtas_addr, rtas_size);
- if (ret < 0) {
- fprintf(stderr, "Couldn't set up RTAS device tree properties\n");
- }
-
- /* Advertise NUMA via ibm,associativity */
- ret = spapr_fixup_cpu_dt(fdt, spapr);
- if (ret < 0) {
- fprintf(stderr, "Couldn't finalize CPU device tree properties\n");
- }
-
- if (!spapr->has_graphics) {
- spapr_populate_chosen_stdout(fdt, spapr->vio_bus);
- }
-
- _FDT((fdt_pack(fdt)));
-
- if (fdt_totalsize(fdt) > FDT_MAX_SIZE) {
- hw_error("FDT too big ! 0x%x bytes (max is 0x%x)\n",
- fdt_totalsize(fdt), FDT_MAX_SIZE);
- exit(1);
- }
-
- cpu_physical_memory_write(fdt_addr, fdt, fdt_totalsize(fdt));
-
- g_free(fdt);
-}
-
-static uint64_t translate_kernel_address(void *opaque, uint64_t addr)
-{
- return (addr & 0x0fffffff) + KERNEL_LOAD_ADDR;
-}
-
-static void emulate_spapr_hypercall(PowerPCCPU *cpu)
-{
- CPUPPCState *env = &cpu->env;
-
- if (msr_pr) {
- hcall_dprintf("Hypercall made with MSR[PR]=1\n");
- env->gpr[3] = H_PRIVILEGE;
- } else {
- env->gpr[3] = spapr_hypercall(cpu, env->gpr[3], &env->gpr[4]);
- }
-}
-
-static void spapr_reset_htab(sPAPREnvironment *spapr)
-{
- long shift;
-
- /* allocate hash page table. For now we always make this 16mb,
- * later we should probably make it scale to the size of guest
- * RAM */
-
- shift = kvmppc_reset_htab(spapr->htab_shift);
-
- if (shift > 0) {
- /* Kernel handles htab, we don't need to allocate one */
- spapr->htab_shift = shift;
- } else {
- if (!spapr->htab) {
- /* Allocate an htab if we don't yet have one */
- spapr->htab = qemu_memalign(HTAB_SIZE(spapr), HTAB_SIZE(spapr));
- }
-
- /* And clear it */
- memset(spapr->htab, 0, HTAB_SIZE(spapr));
- }
-
- /* Update the RMA size if necessary */
- if (spapr->vrma_adjust) {
- spapr->rma_size = kvmppc_rma_size(ram_size, spapr->htab_shift);
- }
-}
-
-static void ppc_spapr_reset(void)
-{
- /* Reset the hash table & recalc the RMA */
- spapr_reset_htab(spapr);
-
- qemu_devices_reset();
-
- /* Load the fdt */
- spapr_finalize_fdt(spapr, spapr->fdt_addr, spapr->rtas_addr,
- spapr->rtas_size);
-
- /* Set up the entry state */
- first_cpu->gpr[3] = spapr->fdt_addr;
- first_cpu->gpr[5] = 0;
- first_cpu->halted = 0;
- first_cpu->nip = spapr->entry_point;
-
-}
-
-static void spapr_cpu_reset(void *opaque)
-{
- PowerPCCPU *cpu = opaque;
- CPUPPCState *env = &cpu->env;
-
- cpu_reset(CPU(cpu));
-
- /* All CPUs start halted. CPU0 is unhalted from the machine level
- * reset code and the rest are explicitly started up by the guest
- * using an RTAS call */
- env->halted = 1;
-
- env->spr[SPR_HIOR] = 0;
-
- env->external_htab = spapr->htab;
- env->htab_base = -1;
- env->htab_mask = HTAB_SIZE(spapr) - 1;
- env->spr[SPR_SDR1] = (unsigned long)spapr->htab |
- (spapr->htab_shift - 18);
-}
-
-/* Returns whether we want to use VGA or not */
-static int spapr_vga_init(PCIBus *pci_bus)
-{
- switch (vga_interface_type) {
- case VGA_NONE:
- case VGA_STD:
- return pci_vga_init(pci_bus) != NULL;
- default:
- fprintf(stderr, "This vga model is not supported,"
- "currently it only supports -vga std\n");
- exit(0);
- break;
- }
-}
-
-/* pSeries LPAR / sPAPR hardware init */
-static void ppc_spapr_init(QEMUMachineInitArgs *args)
-{
- ram_addr_t ram_size = args->ram_size;
- const char *cpu_model = args->cpu_model;
- const char *kernel_filename = args->kernel_filename;
- const char *kernel_cmdline = args->kernel_cmdline;
- const char *initrd_filename = args->initrd_filename;
- const char *boot_device = args->boot_device;
- PowerPCCPU *cpu;
- CPUPPCState *env;
- PCIHostState *phb;
- int i;
- MemoryRegion *sysmem = get_system_memory();
- MemoryRegion *ram = g_new(MemoryRegion, 1);
- hwaddr rma_alloc_size;
- uint32_t initrd_base = 0;
- long kernel_size = 0, initrd_size = 0;
- long load_limit, rtas_limit, fw_size;
- char *filename;
-
- msi_supported = true;
-
- spapr = g_malloc0(sizeof(*spapr));
- QLIST_INIT(&spapr->phbs);
-
- cpu_ppc_hypercall = emulate_spapr_hypercall;
-
- /* Allocate RMA if necessary */
- rma_alloc_size = kvmppc_alloc_rma("ppc_spapr.rma", sysmem);
-
- if (rma_alloc_size == -1) {
- hw_error("qemu: Unable to create RMA\n");
- exit(1);
- }
-
- if (rma_alloc_size && (rma_alloc_size < ram_size)) {
- spapr->rma_size = rma_alloc_size;
- } else {
- spapr->rma_size = ram_size;
-
- /* With KVM, we don't actually know whether KVM supports an
- * unbounded RMA (PR KVM) or is limited by the hash table size
- * (HV KVM using VRMA), so we always assume the latter
- *
- * In that case, we also limit the initial allocations for RTAS
- * etc... to 256M since we have no way to know what the VRMA size
- * is going to be as it depends on the size of the hash table
- * isn't determined yet.
- */
- if (kvm_enabled()) {
- spapr->vrma_adjust = 1;
- spapr->rma_size = MIN(spapr->rma_size, 0x10000000);
- }
- }
-
- /* We place the device tree and RTAS just below either the top of the RMA,
- * or just below 2GB, whichever is lowere, so that it can be
- * processed with 32-bit real mode code if necessary */
- rtas_limit = MIN(spapr->rma_size, 0x80000000);
- spapr->rtas_addr = rtas_limit - RTAS_MAX_SIZE;
- spapr->fdt_addr = spapr->rtas_addr - FDT_MAX_SIZE;
- load_limit = spapr->fdt_addr - FW_OVERHEAD;
-
- /* We aim for a hash table of size 1/128 the size of RAM. The
- * normal rule of thumb is 1/64 the size of RAM, but that's much
- * more than needed for the Linux guests we support. */
- spapr->htab_shift = 18; /* Minimum architected size */
- while (spapr->htab_shift <= 46) {
- if ((1ULL << (spapr->htab_shift + 7)) >= ram_size) {
- break;
- }
- spapr->htab_shift++;
- }
-
- /* init CPUs */
- if (cpu_model == NULL) {
- cpu_model = kvm_enabled() ? "host" : "POWER7";
- }
- for (i = 0; i < smp_cpus; i++) {
- cpu = cpu_ppc_init(cpu_model);
- if (cpu == NULL) {
- fprintf(stderr, "Unable to find PowerPC CPU definition\n");
- exit(1);
- }
- env = &cpu->env;
-
- /* Set time-base frequency to 512 MHz */
- cpu_ppc_tb_init(env, TIMEBASE_FREQ);
-
- /* PAPR always has exception vectors in RAM not ROM */
- env->hreset_excp_prefix = 0;
-
- /* Tell KVM that we're in PAPR mode */
- if (kvm_enabled()) {
- kvmppc_set_papr(env);
- }
-
- qemu_register_reset(spapr_cpu_reset, cpu);
- }
-
- /* allocate RAM */
- spapr->ram_limit = ram_size;
- if (spapr->ram_limit > rma_alloc_size) {
- ram_addr_t nonrma_base = rma_alloc_size;
- ram_addr_t nonrma_size = spapr->ram_limit - rma_alloc_size;
-
- memory_region_init_ram(ram, "ppc_spapr.ram", nonrma_size);
- vmstate_register_ram_global(ram);
- memory_region_add_subregion(sysmem, nonrma_base, ram);
- }
-
- filename = qemu_find_file(QEMU_FILE_TYPE_BIOS, "spapr-rtas.bin");
- spapr->rtas_size = load_image_targphys(filename, spapr->rtas_addr,
- rtas_limit - spapr->rtas_addr);
- if (spapr->rtas_size < 0) {
- hw_error("qemu: could not load LPAR rtas '%s'\n", filename);
- exit(1);
- }
- if (spapr->rtas_size > RTAS_MAX_SIZE) {
- hw_error("RTAS too big ! 0x%lx bytes (max is 0x%x)\n",
- spapr->rtas_size, RTAS_MAX_SIZE);
- exit(1);
- }
- g_free(filename);
-
-
- /* Set up Interrupt Controller */
- spapr->icp = xics_system_init(XICS_IRQS);
- spapr->next_irq = 16;
-
- /* Set up EPOW events infrastructure */
- spapr_events_init(spapr);
-
- /* Set up IOMMU */
- spapr_iommu_init();
-
- /* Set up VIO bus */
- spapr->vio_bus = spapr_vio_bus_init();
-
- for (i = 0; i < MAX_SERIAL_PORTS; i++) {
- if (serial_hds[i]) {
- spapr_vty_create(spapr->vio_bus, serial_hds[i]);
- }
- }
-
- /* Set up PCI */
- spapr_pci_rtas_init();
-
- spapr_create_phb(spapr, "pci", SPAPR_PCI_BUID,
- SPAPR_PCI_MEM_WIN_ADDR,
- SPAPR_PCI_MEM_WIN_SIZE,
- SPAPR_PCI_IO_WIN_ADDR,
- SPAPR_PCI_MSI_WIN_ADDR);
- phb = PCI_HOST_BRIDGE(QLIST_FIRST(&spapr->phbs));
-
- for (i = 0; i < nb_nics; i++) {
- NICInfo *nd = &nd_table[i];
-
- if (!nd->model) {
- nd->model = g_strdup("ibmveth");
- }
-
- if (strcmp(nd->model, "ibmveth") == 0) {
- spapr_vlan_create(spapr->vio_bus, nd);
- } else {
- pci_nic_init_nofail(&nd_table[i], nd->model, NULL);
- }
- }
-
- for (i = 0; i <= drive_get_max_bus(IF_SCSI); i++) {
- spapr_vscsi_create(spapr->vio_bus);
- }
-
- /* Graphics */
- if (spapr_vga_init(phb->bus)) {
- spapr->has_graphics = true;
- }
-
- if (usb_enabled(spapr->has_graphics)) {
- pci_create_simple(phb->bus, -1, "pci-ohci");
- if (spapr->has_graphics) {
- usbdevice_create("keyboard");
- usbdevice_create("mouse");
- }
- }
-
- if (spapr->rma_size < (MIN_RMA_SLOF << 20)) {
- fprintf(stderr, "qemu: pSeries SLOF firmware requires >= "
- "%ldM guest RMA (Real Mode Area memory)\n", MIN_RMA_SLOF);
- exit(1);
- }
-
- if (kernel_filename) {
- uint64_t lowaddr = 0;
-
- kernel_size = load_elf(kernel_filename, translate_kernel_address, NULL,
- NULL, &lowaddr, NULL, 1, ELF_MACHINE, 0);
- if (kernel_size < 0) {
- kernel_size = load_image_targphys(kernel_filename,
- KERNEL_LOAD_ADDR,
- load_limit - KERNEL_LOAD_ADDR);
- }
- if (kernel_size < 0) {
- fprintf(stderr, "qemu: could not load kernel '%s'\n",
- kernel_filename);
- exit(1);
- }
-
- /* load initrd */
- if (initrd_filename) {
- /* Try to locate the initrd in the gap between the kernel
- * and the firmware. Add a bit of space just in case
- */
- initrd_base = (KERNEL_LOAD_ADDR + kernel_size + 0x1ffff) & ~0xffff;
- initrd_size = load_image_targphys(initrd_filename, initrd_base,
- load_limit - initrd_base);
- if (initrd_size < 0) {
- fprintf(stderr, "qemu: could not load initial ram disk '%s'\n",
- initrd_filename);
- exit(1);
- }
- } else {
- initrd_base = 0;
- initrd_size = 0;
- }
- }
-
- filename = qemu_find_file(QEMU_FILE_TYPE_BIOS, FW_FILE_NAME);
- fw_size = load_image_targphys(filename, 0, FW_MAX_SIZE);
- if (fw_size < 0) {
- hw_error("qemu: could not load LPAR rtas '%s'\n", filename);
- exit(1);
- }
- g_free(filename);
-
- spapr->entry_point = 0x100;
-
- /* Prepare the device tree */
- spapr->fdt_skel = spapr_create_fdt_skel(cpu_model,
- initrd_base, initrd_size,
- kernel_size,
- boot_device, kernel_cmdline,
- spapr->epow_irq);
- assert(spapr->fdt_skel != NULL);
-}
-
-static QEMUMachine spapr_machine = {
- .name = "pseries",
- .desc = "pSeries Logical Partition (PAPR compliant)",
- .init = ppc_spapr_init,
- .reset = ppc_spapr_reset,
- .max_cpus = MAX_CPUS,
- .no_parallel = 1,
- .use_scsi = 1,
-};
-
-static void spapr_machine_init(void)
-{
- qemu_register_machine(&spapr_machine);
-}
-
-machine_init(spapr_machine_init);
diff --git a/hw/spapr.h b/hw/spapr.h
deleted file mode 100644
index efe7f5758..000000000
--- a/hw/spapr.h
+++ /dev/null
@@ -1,356 +0,0 @@
-#if !defined(__HW_SPAPR_H__)
-#define __HW_SPAPR_H__
-
-#include "dma.h"
-#include "hw/xics.h"
-
-struct VIOsPAPRBus;
-struct sPAPRPHBState;
-struct icp_state;
-
-typedef struct sPAPREnvironment {
- struct VIOsPAPRBus *vio_bus;
- QLIST_HEAD(, sPAPRPHBState) phbs;
- struct icp_state *icp;
-
- hwaddr ram_limit;
- void *htab;
- long htab_shift;
- hwaddr rma_size;
- int vrma_adjust;
- hwaddr fdt_addr, rtas_addr;
- long rtas_size;
- void *fdt_skel;
- target_ulong entry_point;
- int next_irq;
- int rtc_offset;
- char *cpu_model;
- bool has_graphics;
-
- uint32_t epow_irq;
- Notifier epow_notifier;
-} sPAPREnvironment;
-
-#define H_SUCCESS 0
-#define H_BUSY 1 /* Hardware busy -- retry later */
-#define H_CLOSED 2 /* Resource closed */
-#define H_NOT_AVAILABLE 3
-#define H_CONSTRAINED 4 /* Resource request constrained to max allowed */
-#define H_PARTIAL 5
-#define H_IN_PROGRESS 14 /* Kind of like busy */
-#define H_PAGE_REGISTERED 15
-#define H_PARTIAL_STORE 16
-#define H_PENDING 17 /* returned from H_POLL_PENDING */
-#define H_CONTINUE 18 /* Returned from H_Join on success */
-#define H_LONG_BUSY_START_RANGE 9900 /* Start of long busy range */
-#define H_LONG_BUSY_ORDER_1_MSEC 9900 /* Long busy, hint that 1msec \
- is a good time to retry */
-#define H_LONG_BUSY_ORDER_10_MSEC 9901 /* Long busy, hint that 10msec \
- is a good time to retry */
-#define H_LONG_BUSY_ORDER_100_MSEC 9902 /* Long busy, hint that 100msec \
- is a good time to retry */
-#define H_LONG_BUSY_ORDER_1_SEC 9903 /* Long busy, hint that 1sec \
- is a good time to retry */
-#define H_LONG_BUSY_ORDER_10_SEC 9904 /* Long busy, hint that 10sec \
- is a good time to retry */
-#define H_LONG_BUSY_ORDER_100_SEC 9905 /* Long busy, hint that 100sec \
- is a good time to retry */
-#define H_LONG_BUSY_END_RANGE 9905 /* End of long busy range */
-#define H_HARDWARE -1 /* Hardware error */
-#define H_FUNCTION -2 /* Function not supported */
-#define H_PRIVILEGE -3 /* Caller not privileged */
-#define H_PARAMETER -4 /* Parameter invalid, out-of-range or conflicting */
-#define H_BAD_MODE -5 /* Illegal msr value */
-#define H_PTEG_FULL -6 /* PTEG is full */
-#define H_NOT_FOUND -7 /* PTE was not found" */
-#define H_RESERVED_DABR -8 /* DABR address is reserved by the hypervisor on this processor" */
-#define H_NO_MEM -9
-#define H_AUTHORITY -10
-#define H_PERMISSION -11
-#define H_DROPPED -12
-#define H_SOURCE_PARM -13
-#define H_DEST_PARM -14
-#define H_REMOTE_PARM -15
-#define H_RESOURCE -16
-#define H_ADAPTER_PARM -17
-#define H_RH_PARM -18
-#define H_RCQ_PARM -19
-#define H_SCQ_PARM -20
-#define H_EQ_PARM -21
-#define H_RT_PARM -22
-#define H_ST_PARM -23
-#define H_SIGT_PARM -24
-#define H_TOKEN_PARM -25
-#define H_MLENGTH_PARM -27
-#define H_MEM_PARM -28
-#define H_MEM_ACCESS_PARM -29
-#define H_ATTR_PARM -30
-#define H_PORT_PARM -31
-#define H_MCG_PARM -32
-#define H_VL_PARM -33
-#define H_TSIZE_PARM -34
-#define H_TRACE_PARM -35
-
-#define H_MASK_PARM -37
-#define H_MCG_FULL -38
-#define H_ALIAS_EXIST -39
-#define H_P_COUNTER -40
-#define H_TABLE_FULL -41
-#define H_ALT_TABLE -42
-#define H_MR_CONDITION -43
-#define H_NOT_ENOUGH_RESOURCES -44
-#define H_R_STATE -45
-#define H_RESCINDEND -46
-#define H_MULTI_THREADS_ACTIVE -9005
-
-
-/* Long Busy is a condition that can be returned by the firmware
- * when a call cannot be completed now, but the identical call
- * should be retried later. This prevents calls blocking in the
- * firmware for long periods of time. Annoyingly the firmware can return
- * a range of return codes, hinting at how long we should wait before
- * retrying. If you don't care for the hint, the macro below is a good
- * way to check for the long_busy return codes
- */
-#define H_IS_LONG_BUSY(x) ((x >= H_LONG_BUSY_START_RANGE) \
- && (x <= H_LONG_BUSY_END_RANGE))
-
-/* Flags */
-#define H_LARGE_PAGE (1ULL<<(63-16))
-#define H_EXACT (1ULL<<(63-24)) /* Use exact PTE or return H_PTEG_FULL */
-#define H_R_XLATE (1ULL<<(63-25)) /* include a valid logical page num in the pte if the valid bit is set */
-#define H_READ_4 (1ULL<<(63-26)) /* Return 4 PTEs */
-#define H_PAGE_STATE_CHANGE (1ULL<<(63-28))
-#define H_PAGE_UNUSED ((1ULL<<(63-29)) | (1ULL<<(63-30)))
-#define H_PAGE_SET_UNUSED (H_PAGE_STATE_CHANGE | H_PAGE_UNUSED)
-#define H_PAGE_SET_LOANED (H_PAGE_SET_UNUSED | (1ULL<<(63-31)))
-#define H_PAGE_SET_ACTIVE H_PAGE_STATE_CHANGE
-#define H_AVPN (1ULL<<(63-32)) /* An avpn is provided as a sanity test */
-#define H_ANDCOND (1ULL<<(63-33))
-#define H_ICACHE_INVALIDATE (1ULL<<(63-40)) /* icbi, etc. (ignored for IO pages) */
-#define H_ICACHE_SYNCHRONIZE (1ULL<<(63-41)) /* dcbst, icbi, etc (ignored for IO pages */
-#define H_ZERO_PAGE (1ULL<<(63-48)) /* zero the page before mapping (ignored for IO pages) */
-#define H_COPY_PAGE (1ULL<<(63-49))
-#define H_N (1ULL<<(63-61))
-#define H_PP1 (1ULL<<(63-62))
-#define H_PP2 (1ULL<<(63-63))
-
-/* VASI States */
-#define H_VASI_INVALID 0
-#define H_VASI_ENABLED 1
-#define H_VASI_ABORTED 2
-#define H_VASI_SUSPENDING 3
-#define H_VASI_SUSPENDED 4
-#define H_VASI_RESUMED 5
-#define H_VASI_COMPLETED 6
-
-/* DABRX flags */
-#define H_DABRX_HYPERVISOR (1ULL<<(63-61))
-#define H_DABRX_KERNEL (1ULL<<(63-62))
-#define H_DABRX_USER (1ULL<<(63-63))
-
-/* Each control block has to be on a 4K boundary */
-#define H_CB_ALIGNMENT 4096
-
-/* pSeries hypervisor opcodes */
-#define H_REMOVE 0x04
-#define H_ENTER 0x08
-#define H_READ 0x0c
-#define H_CLEAR_MOD 0x10
-#define H_CLEAR_REF 0x14
-#define H_PROTECT 0x18
-#define H_GET_TCE 0x1c
-#define H_PUT_TCE 0x20
-#define H_SET_SPRG0 0x24
-#define H_SET_DABR 0x28
-#define H_PAGE_INIT 0x2c
-#define H_SET_ASR 0x30
-#define H_ASR_ON 0x34
-#define H_ASR_OFF 0x38
-#define H_LOGICAL_CI_LOAD 0x3c
-#define H_LOGICAL_CI_STORE 0x40
-#define H_LOGICAL_CACHE_LOAD 0x44
-#define H_LOGICAL_CACHE_STORE 0x48
-#define H_LOGICAL_ICBI 0x4c
-#define H_LOGICAL_DCBF 0x50
-#define H_GET_TERM_CHAR 0x54
-#define H_PUT_TERM_CHAR 0x58
-#define H_REAL_TO_LOGICAL 0x5c
-#define H_HYPERVISOR_DATA 0x60
-#define H_EOI 0x64
-#define H_CPPR 0x68
-#define H_IPI 0x6c
-#define H_IPOLL 0x70
-#define H_XIRR 0x74
-#define H_PERFMON 0x7c
-#define H_MIGRATE_DMA 0x78
-#define H_REGISTER_VPA 0xDC
-#define H_CEDE 0xE0
-#define H_CONFER 0xE4
-#define H_PROD 0xE8
-#define H_GET_PPP 0xEC
-#define H_SET_PPP 0xF0
-#define H_PURR 0xF4
-#define H_PIC 0xF8
-#define H_REG_CRQ 0xFC
-#define H_FREE_CRQ 0x100
-#define H_VIO_SIGNAL 0x104
-#define H_SEND_CRQ 0x108
-#define H_COPY_RDMA 0x110
-#define H_REGISTER_LOGICAL_LAN 0x114
-#define H_FREE_LOGICAL_LAN 0x118
-#define H_ADD_LOGICAL_LAN_BUFFER 0x11C
-#define H_SEND_LOGICAL_LAN 0x120
-#define H_BULK_REMOVE 0x124
-#define H_MULTICAST_CTRL 0x130
-#define H_SET_XDABR 0x134
-#define H_STUFF_TCE 0x138
-#define H_PUT_TCE_INDIRECT 0x13C
-#define H_CHANGE_LOGICAL_LAN_MAC 0x14C
-#define H_VTERM_PARTNER_INFO 0x150
-#define H_REGISTER_VTERM 0x154
-#define H_FREE_VTERM 0x158
-#define H_RESET_EVENTS 0x15C
-#define H_ALLOC_RESOURCE 0x160
-#define H_FREE_RESOURCE 0x164
-#define H_MODIFY_QP 0x168
-#define H_QUERY_QP 0x16C
-#define H_REREGISTER_PMR 0x170
-#define H_REGISTER_SMR 0x174
-#define H_QUERY_MR 0x178
-#define H_QUERY_MW 0x17C
-#define H_QUERY_HCA 0x180
-#define H_QUERY_PORT 0x184
-#define H_MODIFY_PORT 0x188
-#define H_DEFINE_AQP1 0x18C
-#define H_GET_TRACE_BUFFER 0x190
-#define H_DEFINE_AQP0 0x194
-#define H_RESIZE_MR 0x198
-#define H_ATTACH_MCQP 0x19C
-#define H_DETACH_MCQP 0x1A0
-#define H_CREATE_RPT 0x1A4
-#define H_REMOVE_RPT 0x1A8
-#define H_REGISTER_RPAGES 0x1AC
-#define H_DISABLE_AND_GETC 0x1B0
-#define H_ERROR_DATA 0x1B4
-#define H_GET_HCA_INFO 0x1B8
-#define H_GET_PERF_COUNT 0x1BC
-#define H_MANAGE_TRACE 0x1C0
-#define H_FREE_LOGICAL_LAN_BUFFER 0x1D4
-#define H_QUERY_INT_STATE 0x1E4
-#define H_POLL_PENDING 0x1D8
-#define H_ILLAN_ATTRIBUTES 0x244
-#define H_MODIFY_HEA_QP 0x250
-#define H_QUERY_HEA_QP 0x254
-#define H_QUERY_HEA 0x258
-#define H_QUERY_HEA_PORT 0x25C
-#define H_MODIFY_HEA_PORT 0x260
-#define H_REG_BCMC 0x264
-#define H_DEREG_BCMC 0x268
-#define H_REGISTER_HEA_RPAGES 0x26C
-#define H_DISABLE_AND_GET_HEA 0x270
-#define H_GET_HEA_INFO 0x274
-#define H_ALLOC_HEA_RESOURCE 0x278
-#define H_ADD_CONN 0x284
-#define H_DEL_CONN 0x288
-#define H_JOIN 0x298
-#define H_VASI_STATE 0x2A4
-#define H_ENABLE_CRQ 0x2B0
-#define H_GET_EM_PARMS 0x2B8
-#define H_SET_MPP 0x2D0
-#define H_GET_MPP 0x2D4
-#define MAX_HCALL_OPCODE H_GET_MPP
-
-/* The hcalls above are standardized in PAPR and implemented by pHyp
- * as well.
- *
- * We also need some hcalls which are specific to qemu / KVM-on-POWER.
- * So far we just need one for H_RTAS, but in future we'll need more
- * for extensions like virtio. We put those into the 0xf000-0xfffc
- * range which is reserved by PAPR for "platform-specific" hcalls.
- */
-#define KVMPPC_HCALL_BASE 0xf000
-#define KVMPPC_H_RTAS (KVMPPC_HCALL_BASE + 0x0)
-#define KVMPPC_H_LOGICAL_MEMOP (KVMPPC_HCALL_BASE + 0x1)
-#define KVMPPC_HCALL_MAX KVMPPC_H_LOGICAL_MEMOP
-
-extern sPAPREnvironment *spapr;
-
-/*#define DEBUG_SPAPR_HCALLS*/
-
-#ifdef DEBUG_SPAPR_HCALLS
-#define hcall_dprintf(fmt, ...) \
- do { fprintf(stderr, "%s: " fmt, __func__, ## __VA_ARGS__); } while (0)
-#else
-#define hcall_dprintf(fmt, ...) \
- do { } while (0)
-#endif
-
-typedef target_ulong (*spapr_hcall_fn)(PowerPCCPU *cpu, sPAPREnvironment *spapr,
- target_ulong opcode,
- target_ulong *args);
-
-void spapr_register_hypercall(target_ulong opcode, spapr_hcall_fn fn);
-target_ulong spapr_hypercall(PowerPCCPU *cpu, target_ulong opcode,
- target_ulong *args);
-
-int spapr_allocate_irq(int hint, bool lsi);
-int spapr_allocate_irq_block(int num, bool lsi);
-
-static inline int spapr_allocate_msi(int hint)
-{
- return spapr_allocate_irq(hint, false);
-}
-
-static inline int spapr_allocate_lsi(int hint)
-{
- return spapr_allocate_irq(hint, true);
-}
-
-static inline uint32_t rtas_ld(target_ulong phys, int n)
-{
- return ldl_be_phys(phys + 4*n);
-}
-
-static inline void rtas_st(target_ulong phys, int n, uint32_t val)
-{
- stl_be_phys(phys + 4*n, val);
-}
-
-typedef void (*spapr_rtas_fn)(sPAPREnvironment *spapr, uint32_t token,
- uint32_t nargs, target_ulong args,
- uint32_t nret, target_ulong rets);
-void spapr_rtas_register(const char *name, spapr_rtas_fn fn);
-target_ulong spapr_rtas_call(sPAPREnvironment *spapr,
- uint32_t token, uint32_t nargs, target_ulong args,
- uint32_t nret, target_ulong rets);
-int spapr_rtas_device_tree_setup(void *fdt, hwaddr rtas_addr,
- hwaddr rtas_size);
-
-#define SPAPR_TCE_PAGE_SHIFT 12
-#define SPAPR_TCE_PAGE_SIZE (1ULL << SPAPR_TCE_PAGE_SHIFT)
-#define SPAPR_TCE_PAGE_MASK (SPAPR_TCE_PAGE_SIZE - 1)
-
-typedef struct sPAPRTCE {
- uint64_t tce;
-} sPAPRTCE;
-
-#define SPAPR_VIO_BASE_LIOBN 0x00000000
-#define SPAPR_PCI_BASE_LIOBN 0x80000000
-
-#define RTAS_ERROR_LOG_MAX 2048
-
-
-void spapr_iommu_init(void);
-void spapr_events_init(sPAPREnvironment *spapr);
-void spapr_events_fdt_skel(void *fdt, uint32_t epow_irq);
-DMAContext *spapr_tce_new_dma_context(uint32_t liobn, size_t window_size);
-void spapr_tce_free(DMAContext *dma);
-void spapr_tce_reset(DMAContext *dma);
-void spapr_tce_set_bypass(DMAContext *dma, bool bypass);
-int spapr_dma_dt(void *fdt, int node_off, const char *propname,
- uint32_t liobn, uint64_t window, uint32_t size);
-int spapr_tcet_dma_dt(void *fdt, int node_off, const char *propname,
- DMAContext *dma);
-
-#endif /* !defined (__HW_SPAPR_H__) */
diff --git a/hw/spapr_events.c b/hw/spapr_events.c
deleted file mode 100644
index 18ccd4a9e..000000000
--- a/hw/spapr_events.c
+++ /dev/null
@@ -1,321 +0,0 @@
-/*
- * QEMU PowerPC pSeries Logical Partition (aka sPAPR) hardware System Emulator
- *
- * RTAS events handling
- *
- * Copyright (c) 2012 David Gibson, IBM Corporation.
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
- * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
- * THE SOFTWARE.
- *
- */
-#include "cpu.h"
-#include "sysemu.h"
-#include "qemu-char.h"
-#include "hw/qdev.h"
-#include "device_tree.h"
-
-#include "hw/spapr.h"
-#include "hw/spapr_vio.h"
-
-#include <libfdt.h>
-
-struct rtas_error_log {
- uint32_t summary;
-#define RTAS_LOG_VERSION_MASK 0xff000000
-#define RTAS_LOG_VERSION_6 0x06000000
-#define RTAS_LOG_SEVERITY_MASK 0x00e00000
-#define RTAS_LOG_SEVERITY_ALREADY_REPORTED 0x00c00000
-#define RTAS_LOG_SEVERITY_FATAL 0x00a00000
-#define RTAS_LOG_SEVERITY_ERROR 0x00800000
-#define RTAS_LOG_SEVERITY_ERROR_SYNC 0x00600000
-#define RTAS_LOG_SEVERITY_WARNING 0x00400000
-#define RTAS_LOG_SEVERITY_EVENT 0x00200000
-#define RTAS_LOG_SEVERITY_NO_ERROR 0x00000000
-#define RTAS_LOG_DISPOSITION_MASK 0x00180000
-#define RTAS_LOG_DISPOSITION_FULLY_RECOVERED 0x00000000
-#define RTAS_LOG_DISPOSITION_LIMITED_RECOVERY 0x00080000
-#define RTAS_LOG_DISPOSITION_NOT_RECOVERED 0x00100000
-#define RTAS_LOG_OPTIONAL_PART_PRESENT 0x00040000
-#define RTAS_LOG_INITIATOR_MASK 0x0000f000
-#define RTAS_LOG_INITIATOR_UNKNOWN 0x00000000
-#define RTAS_LOG_INITIATOR_CPU 0x00001000
-#define RTAS_LOG_INITIATOR_PCI 0x00002000
-#define RTAS_LOG_INITIATOR_MEMORY 0x00004000
-#define RTAS_LOG_INITIATOR_HOTPLUG 0x00006000
-#define RTAS_LOG_TARGET_MASK 0x00000f00
-#define RTAS_LOG_TARGET_UNKNOWN 0x00000000
-#define RTAS_LOG_TARGET_CPU 0x00000100
-#define RTAS_LOG_TARGET_PCI 0x00000200
-#define RTAS_LOG_TARGET_MEMORY 0x00000400
-#define RTAS_LOG_TARGET_HOTPLUG 0x00000600
-#define RTAS_LOG_TYPE_MASK 0x000000ff
-#define RTAS_LOG_TYPE_OTHER 0x00000000
-#define RTAS_LOG_TYPE_RETRY 0x00000001
-#define RTAS_LOG_TYPE_TCE_ERR 0x00000002
-#define RTAS_LOG_TYPE_INTERN_DEV_FAIL 0x00000003
-#define RTAS_LOG_TYPE_TIMEOUT 0x00000004
-#define RTAS_LOG_TYPE_DATA_PARITY 0x00000005
-#define RTAS_LOG_TYPE_ADDR_PARITY 0x00000006
-#define RTAS_LOG_TYPE_CACHE_PARITY 0x00000007
-#define RTAS_LOG_TYPE_ADDR_INVALID 0x00000008
-#define RTAS_LOG_TYPE_ECC_UNCORR 0x00000009
-#define RTAS_LOG_TYPE_ECC_CORR 0x0000000a
-#define RTAS_LOG_TYPE_EPOW 0x00000040
- uint32_t extended_length;
-} QEMU_PACKED;
-
-struct rtas_event_log_v6 {
- uint8_t b0;
-#define RTAS_LOG_V6_B0_VALID 0x80
-#define RTAS_LOG_V6_B0_UNRECOVERABLE_ERROR 0x40
-#define RTAS_LOG_V6_B0_RECOVERABLE_ERROR 0x20
-#define RTAS_LOG_V6_B0_DEGRADED_OPERATION 0x10
-#define RTAS_LOG_V6_B0_PREDICTIVE_ERROR 0x08
-#define RTAS_LOG_V6_B0_NEW_LOG 0x04
-#define RTAS_LOG_V6_B0_BIGENDIAN 0x02
- uint8_t _resv1;
- uint8_t b2;
-#define RTAS_LOG_V6_B2_POWERPC_FORMAT 0x80
-#define RTAS_LOG_V6_B2_LOG_FORMAT_MASK 0x0f
-#define RTAS_LOG_V6_B2_LOG_FORMAT_PLATFORM_EVENT 0x0e
- uint8_t _resv2[9];
- uint32_t company;
-#define RTAS_LOG_V6_COMPANY_IBM 0x49424d00 /* IBM<null> */
-} QEMU_PACKED;
-
-struct rtas_event_log_v6_section_header {
- uint16_t section_id;
- uint16_t section_length;
- uint8_t section_version;
- uint8_t section_subtype;
- uint16_t creator_component_id;
-} QEMU_PACKED;
-
-struct rtas_event_log_v6_maina {
-#define RTAS_LOG_V6_SECTION_ID_MAINA 0x5048 /* PH */
- struct rtas_event_log_v6_section_header hdr;
- uint32_t creation_date; /* BCD: YYYYMMDD */
- uint32_t creation_time; /* BCD: HHMMSS00 */
- uint8_t _platform1[8];
- char creator_id;
- uint8_t _resv1[2];
- uint8_t section_count;
- uint8_t _resv2[4];
- uint8_t _platform2[8];
- uint32_t plid;
- uint8_t _platform3[4];
-} QEMU_PACKED;
-
-struct rtas_event_log_v6_mainb {
-#define RTAS_LOG_V6_SECTION_ID_MAINB 0x5548 /* UH */
- struct rtas_event_log_v6_section_header hdr;
- uint8_t subsystem_id;
- uint8_t _platform1;
- uint8_t event_severity;
- uint8_t event_subtype;
- uint8_t _platform2[4];
- uint8_t _resv1[2];
- uint16_t action_flags;
- uint8_t _resv2[4];
-} QEMU_PACKED;
-
-struct rtas_event_log_v6_epow {
-#define RTAS_LOG_V6_SECTION_ID_EPOW 0x4550 /* EP */
- struct rtas_event_log_v6_section_header hdr;
- uint8_t sensor_value;
-#define RTAS_LOG_V6_EPOW_ACTION_RESET 0
-#define RTAS_LOG_V6_EPOW_ACTION_WARN_COOLING 1
-#define RTAS_LOG_V6_EPOW_ACTION_WARN_POWER 2
-#define RTAS_LOG_V6_EPOW_ACTION_SYSTEM_SHUTDOWN 3
-#define RTAS_LOG_V6_EPOW_ACTION_SYSTEM_HALT 4
-#define RTAS_LOG_V6_EPOW_ACTION_MAIN_ENCLOSURE 5
-#define RTAS_LOG_V6_EPOW_ACTION_POWER_OFF 7
- uint8_t event_modifier;
-#define RTAS_LOG_V6_EPOW_MODIFIER_NORMAL 1
-#define RTAS_LOG_V6_EPOW_MODIFIER_ON_UPS 2
-#define RTAS_LOG_V6_EPOW_MODIFIER_CRITICAL 3
-#define RTAS_LOG_V6_EPOW_MODIFIER_TEMPERATURE 4
- uint8_t extended_modifier;
-#define RTAS_LOG_V6_EPOW_XMODIFIER_SYSTEM_WIDE 0
-#define RTAS_LOG_V6_EPOW_XMODIFIER_PARTITION_SPECIFIC 1
- uint8_t _resv;
- uint64_t reason_code;
-} QEMU_PACKED;
-
-struct epow_log_full {
- struct rtas_error_log hdr;
- struct rtas_event_log_v6 v6hdr;
- struct rtas_event_log_v6_maina maina;
- struct rtas_event_log_v6_mainb mainb;
- struct rtas_event_log_v6_epow epow;
-} QEMU_PACKED;
-
-#define EVENT_MASK_INTERNAL_ERRORS 0x80000000
-#define EVENT_MASK_EPOW 0x40000000
-#define EVENT_MASK_HOTPLUG 0x10000000
-#define EVENT_MASK_IO 0x08000000
-
-#define _FDT(exp) \
- do { \
- int ret = (exp); \
- if (ret < 0) { \
- fprintf(stderr, "qemu: error creating device tree: %s: %s\n", \
- #exp, fdt_strerror(ret)); \
- exit(1); \
- } \
- } while (0)
-
-void spapr_events_fdt_skel(void *fdt, uint32_t epow_irq)
-{
- uint32_t epow_irq_ranges[] = {cpu_to_be32(epow_irq), cpu_to_be32(1)};
- uint32_t epow_interrupts[] = {cpu_to_be32(epow_irq), 0};
-
- _FDT((fdt_begin_node(fdt, "event-sources")));
-
- _FDT((fdt_property(fdt, "interrupt-controller", NULL, 0)));
- _FDT((fdt_property_cell(fdt, "#interrupt-cells", 2)));
- _FDT((fdt_property(fdt, "interrupt-ranges",
- epow_irq_ranges, sizeof(epow_irq_ranges))));
-
- _FDT((fdt_begin_node(fdt, "epow-events")));
- _FDT((fdt_property(fdt, "interrupts",
- epow_interrupts, sizeof(epow_interrupts))));
- _FDT((fdt_end_node(fdt)));
-
- _FDT((fdt_end_node(fdt)));
-}
-
-static struct epow_log_full *pending_epow;
-static uint32_t next_plid;
-
-static void spapr_powerdown_req(Notifier *n, void *opaque)
-{
- sPAPREnvironment *spapr = container_of(n, sPAPREnvironment, epow_notifier);
- struct rtas_error_log *hdr;
- struct rtas_event_log_v6 *v6hdr;
- struct rtas_event_log_v6_maina *maina;
- struct rtas_event_log_v6_mainb *mainb;
- struct rtas_event_log_v6_epow *epow;
- struct tm tm;
- int year;
-
- if (pending_epow) {
- /* For now, we just throw away earlier events if two come
- * along before any are consumed. This is sufficient for our
- * powerdown messages, but we'll need more if we do more
- * general error/event logging */
- g_free(pending_epow);
- }
- pending_epow = g_malloc0(sizeof(*pending_epow));
- hdr = &pending_epow->hdr;
- v6hdr = &pending_epow->v6hdr;
- maina = &pending_epow->maina;
- mainb = &pending_epow->mainb;
- epow = &pending_epow->epow;
-
- hdr->summary = cpu_to_be32(RTAS_LOG_VERSION_6
- | RTAS_LOG_SEVERITY_EVENT
- | RTAS_LOG_DISPOSITION_NOT_RECOVERED
- | RTAS_LOG_OPTIONAL_PART_PRESENT
- | RTAS_LOG_TYPE_EPOW);
- hdr->extended_length = cpu_to_be32(sizeof(*pending_epow)
- - sizeof(pending_epow->hdr));
-
- v6hdr->b0 = RTAS_LOG_V6_B0_VALID | RTAS_LOG_V6_B0_NEW_LOG
- | RTAS_LOG_V6_B0_BIGENDIAN;
- v6hdr->b2 = RTAS_LOG_V6_B2_POWERPC_FORMAT
- | RTAS_LOG_V6_B2_LOG_FORMAT_PLATFORM_EVENT;
- v6hdr->company = cpu_to_be32(RTAS_LOG_V6_COMPANY_IBM);
-
- maina->hdr.section_id = cpu_to_be16(RTAS_LOG_V6_SECTION_ID_MAINA);
- maina->hdr.section_length = cpu_to_be16(sizeof(*maina));
- /* FIXME: section version, subtype and creator id? */
- qemu_get_timedate(&tm, spapr->rtc_offset);
- year = tm.tm_year + 1900;
- maina->creation_date = cpu_to_be32((to_bcd(year / 100) << 24)
- | (to_bcd(year % 100) << 16)
- | (to_bcd(tm.tm_mon + 1) << 8)
- | to_bcd(tm.tm_mday));
- maina->creation_time = cpu_to_be32((to_bcd(tm.tm_hour) << 24)
- | (to_bcd(tm.tm_min) << 16)
- | (to_bcd(tm.tm_sec) << 8));
- maina->creator_id = 'H'; /* Hypervisor */
- maina->section_count = 3; /* Main-A, Main-B and EPOW */
- maina->plid = next_plid++;
-
- mainb->hdr.section_id = cpu_to_be16(RTAS_LOG_V6_SECTION_ID_MAINB);
- mainb->hdr.section_length = cpu_to_be16(sizeof(*mainb));
- /* FIXME: section version, subtype and creator id? */
- mainb->subsystem_id = 0xa0; /* External environment */
- mainb->event_severity = 0x00; /* Informational / non-error */
- mainb->event_subtype = 0xd0; /* Normal shutdown */
-
- epow->hdr.section_id = cpu_to_be16(RTAS_LOG_V6_SECTION_ID_EPOW);
- epow->hdr.section_length = cpu_to_be16(sizeof(*epow));
- epow->hdr.section_version = 2; /* includes extended modifier */
- /* FIXME: section subtype and creator id? */
- epow->sensor_value = RTAS_LOG_V6_EPOW_ACTION_SYSTEM_SHUTDOWN;
- epow->event_modifier = RTAS_LOG_V6_EPOW_MODIFIER_NORMAL;
- epow->extended_modifier = RTAS_LOG_V6_EPOW_XMODIFIER_PARTITION_SPECIFIC;
-
- qemu_irq_pulse(xics_get_qirq(spapr->icp, spapr->epow_irq));
-}
-
-static void check_exception(sPAPREnvironment *spapr,
- uint32_t token, uint32_t nargs,
- target_ulong args,
- uint32_t nret, target_ulong rets)
-{
- uint32_t mask, buf, len;
- uint64_t xinfo;
-
- if ((nargs < 6) || (nargs > 7) || nret != 1) {
- rtas_st(rets, 0, -3);
- return;
- }
-
- xinfo = rtas_ld(args, 1);
- mask = rtas_ld(args, 2);
- buf = rtas_ld(args, 4);
- len = rtas_ld(args, 5);
- if (nargs == 7) {
- xinfo |= (uint64_t)rtas_ld(args, 6) << 32;
- }
-
- if ((mask & EVENT_MASK_EPOW) && pending_epow) {
- if (sizeof(*pending_epow) < len) {
- len = sizeof(*pending_epow);
- }
-
- cpu_physical_memory_write(buf, pending_epow, len);
- g_free(pending_epow);
- pending_epow = NULL;
- rtas_st(rets, 0, 0);
- } else {
- rtas_st(rets, 0, 1);
- }
-}
-
-void spapr_events_init(sPAPREnvironment *spapr)
-{
- spapr->epow_irq = spapr_allocate_msi(0);
- spapr->epow_notifier.notify = spapr_powerdown_req;
- qemu_register_powerdown_notifier(&spapr->epow_notifier);
- spapr_rtas_register("check-exception", check_exception);
-}
diff --git a/hw/spapr_hcall.c b/hw/spapr_hcall.c
deleted file mode 100644
index 63cadb8d9..000000000
--- a/hw/spapr_hcall.c
+++ /dev/null
@@ -1,745 +0,0 @@
-#include "sysemu.h"
-#include "cpu.h"
-#include "qemu-char.h"
-#include "sysemu.h"
-#include "qemu-char.h"
-#include "helper_regs.h"
-#include "hw/spapr.h"
-
-#define HPTES_PER_GROUP 8
-
-#define HPTE_V_SSIZE_SHIFT 62
-#define HPTE_V_AVPN_SHIFT 7
-#define HPTE_V_AVPN 0x3fffffffffffff80ULL
-#define HPTE_V_AVPN_VAL(x) (((x) & HPTE_V_AVPN) >> HPTE_V_AVPN_SHIFT)
-#define HPTE_V_COMPARE(x, y) (!(((x) ^ (y)) & 0xffffffffffffff80UL))
-#define HPTE_V_BOLTED 0x0000000000000010ULL
-#define HPTE_V_LOCK 0x0000000000000008ULL
-#define HPTE_V_LARGE 0x0000000000000004ULL
-#define HPTE_V_SECONDARY 0x0000000000000002ULL
-#define HPTE_V_VALID 0x0000000000000001ULL
-
-#define HPTE_R_PP0 0x8000000000000000ULL
-#define HPTE_R_TS 0x4000000000000000ULL
-#define HPTE_R_KEY_HI 0x3000000000000000ULL
-#define HPTE_R_RPN_SHIFT 12
-#define HPTE_R_RPN 0x3ffffffffffff000ULL
-#define HPTE_R_FLAGS 0x00000000000003ffULL
-#define HPTE_R_PP 0x0000000000000003ULL
-#define HPTE_R_N 0x0000000000000004ULL
-#define HPTE_R_G 0x0000000000000008ULL
-#define HPTE_R_M 0x0000000000000010ULL
-#define HPTE_R_I 0x0000000000000020ULL
-#define HPTE_R_W 0x0000000000000040ULL
-#define HPTE_R_WIMG 0x0000000000000078ULL
-#define HPTE_R_C 0x0000000000000080ULL
-#define HPTE_R_R 0x0000000000000100ULL
-#define HPTE_R_KEY_LO 0x0000000000000e00ULL
-
-#define HPTE_V_1TB_SEG 0x4000000000000000ULL
-#define HPTE_V_VRMA_MASK 0x4001ffffff000000ULL
-
-static target_ulong compute_tlbie_rb(target_ulong v, target_ulong r,
- target_ulong pte_index)
-{
- target_ulong rb, va_low;
-
- rb = (v & ~0x7fULL) << 16; /* AVA field */
- va_low = pte_index >> 3;
- if (v & HPTE_V_SECONDARY) {
- va_low = ~va_low;
- }
- /* xor vsid from AVA */
- if (!(v & HPTE_V_1TB_SEG)) {
- va_low ^= v >> 12;
- } else {
- va_low ^= v >> 24;
- }
- va_low &= 0x7ff;
- if (v & HPTE_V_LARGE) {
- rb |= 1; /* L field */
-#if 0 /* Disable that P7 specific bit for now */
- if (r & 0xff000) {
- /* non-16MB large page, must be 64k */
- /* (masks depend on page size) */
- rb |= 0x1000; /* page encoding in LP field */
- rb |= (va_low & 0x7f) << 16; /* 7b of VA in AVA/LP field */
- rb |= (va_low & 0xfe); /* AVAL field */
- }
-#endif
- } else {
- /* 4kB page */
- rb |= (va_low & 0x7ff) << 12; /* remaining 11b of AVA */
- }
- rb |= (v >> 54) & 0x300; /* B field */
- return rb;
-}
-
-static target_ulong h_enter(PowerPCCPU *cpu, sPAPREnvironment *spapr,
- target_ulong opcode, target_ulong *args)
-{
- CPUPPCState *env = &cpu->env;
- target_ulong flags = args[0];
- target_ulong pte_index = args[1];
- target_ulong pteh = args[2];
- target_ulong ptel = args[3];
- target_ulong page_shift = 12;
- target_ulong raddr;
- target_ulong i;
- uint8_t *hpte;
-
- /* only handle 4k and 16M pages for now */
- if (pteh & HPTE_V_LARGE) {
-#if 0 /* We don't support 64k pages yet */
- if ((ptel & 0xf000) == 0x1000) {
- /* 64k page */
- } else
-#endif
- if ((ptel & 0xff000) == 0) {
- /* 16M page */
- page_shift = 24;
- /* lowest AVA bit must be 0 for 16M pages */
- if (pteh & 0x80) {
- return H_PARAMETER;
- }
- } else {
- return H_PARAMETER;
- }
- }
-
- raddr = (ptel & HPTE_R_RPN) & ~((1ULL << page_shift) - 1);
-
- if (raddr < spapr->ram_limit) {
- /* Regular RAM - should have WIMG=0010 */
- if ((ptel & HPTE_R_WIMG) != HPTE_R_M) {
- return H_PARAMETER;
- }
- } else {
- /* Looks like an IO address */
- /* FIXME: What WIMG combinations could be sensible for IO?
- * For now we allow WIMG=010x, but are there others? */
- /* FIXME: Should we check against registered IO addresses? */
- if ((ptel & (HPTE_R_W | HPTE_R_I | HPTE_R_M)) != HPTE_R_I) {
- return H_PARAMETER;
- }
- }
-
- pteh &= ~0x60ULL;
-
- if ((pte_index * HASH_PTE_SIZE_64) & ~env->htab_mask) {
- return H_PARAMETER;
- }
- if (likely((flags & H_EXACT) == 0)) {
- pte_index &= ~7ULL;
- hpte = env->external_htab + (pte_index * HASH_PTE_SIZE_64);
- for (i = 0; ; ++i) {
- if (i == 8) {
- return H_PTEG_FULL;
- }
- if ((ldq_p(hpte) & HPTE_V_VALID) == 0) {
- break;
- }
- hpte += HASH_PTE_SIZE_64;
- }
- } else {
- i = 0;
- hpte = env->external_htab + (pte_index * HASH_PTE_SIZE_64);
- if (ldq_p(hpte) & HPTE_V_VALID) {
- return H_PTEG_FULL;
- }
- }
- stq_p(hpte + (HASH_PTE_SIZE_64/2), ptel);
- /* eieio(); FIXME: need some sort of barrier for smp? */
- stq_p(hpte, pteh);
-
- args[0] = pte_index + i;
- return H_SUCCESS;
-}
-
-enum {
- REMOVE_SUCCESS = 0,
- REMOVE_NOT_FOUND = 1,
- REMOVE_PARM = 2,
- REMOVE_HW = 3,
-};
-
-static target_ulong remove_hpte(CPUPPCState *env, target_ulong ptex,
- target_ulong avpn,
- target_ulong flags,
- target_ulong *vp, target_ulong *rp)
-{
- uint8_t *hpte;
- target_ulong v, r, rb;
-
- if ((ptex * HASH_PTE_SIZE_64) & ~env->htab_mask) {
- return REMOVE_PARM;
- }
-
- hpte = env->external_htab + (ptex * HASH_PTE_SIZE_64);
-
- v = ldq_p(hpte);
- r = ldq_p(hpte + (HASH_PTE_SIZE_64/2));
-
- if ((v & HPTE_V_VALID) == 0 ||
- ((flags & H_AVPN) && (v & ~0x7fULL) != avpn) ||
- ((flags & H_ANDCOND) && (v & avpn) != 0)) {
- return REMOVE_NOT_FOUND;
- }
- *vp = v;
- *rp = r;
- stq_p(hpte, 0);
- rb = compute_tlbie_rb(v, r, ptex);
- ppc_tlb_invalidate_one(env, rb);
- return REMOVE_SUCCESS;
-}
-
-static target_ulong h_remove(PowerPCCPU *cpu, sPAPREnvironment *spapr,
- target_ulong opcode, target_ulong *args)
-{
- CPUPPCState *env = &cpu->env;
- target_ulong flags = args[0];
- target_ulong pte_index = args[1];
- target_ulong avpn = args[2];
- int ret;
-
- ret = remove_hpte(env, pte_index, avpn, flags,
- &args[0], &args[1]);
-
- switch (ret) {
- case REMOVE_SUCCESS:
- return H_SUCCESS;
-
- case REMOVE_NOT_FOUND:
- return H_NOT_FOUND;
-
- case REMOVE_PARM:
- return H_PARAMETER;
-
- case REMOVE_HW:
- return H_HARDWARE;
- }
-
- assert(0);
-}
-
-#define H_BULK_REMOVE_TYPE 0xc000000000000000ULL
-#define H_BULK_REMOVE_REQUEST 0x4000000000000000ULL
-#define H_BULK_REMOVE_RESPONSE 0x8000000000000000ULL
-#define H_BULK_REMOVE_END 0xc000000000000000ULL
-#define H_BULK_REMOVE_CODE 0x3000000000000000ULL
-#define H_BULK_REMOVE_SUCCESS 0x0000000000000000ULL
-#define H_BULK_REMOVE_NOT_FOUND 0x1000000000000000ULL
-#define H_BULK_REMOVE_PARM 0x2000000000000000ULL
-#define H_BULK_REMOVE_HW 0x3000000000000000ULL
-#define H_BULK_REMOVE_RC 0x0c00000000000000ULL
-#define H_BULK_REMOVE_FLAGS 0x0300000000000000ULL
-#define H_BULK_REMOVE_ABSOLUTE 0x0000000000000000ULL
-#define H_BULK_REMOVE_ANDCOND 0x0100000000000000ULL
-#define H_BULK_REMOVE_AVPN 0x0200000000000000ULL
-#define H_BULK_REMOVE_PTEX 0x00ffffffffffffffULL
-
-#define H_BULK_REMOVE_MAX_BATCH 4
-
-static target_ulong h_bulk_remove(PowerPCCPU *cpu, sPAPREnvironment *spapr,
- target_ulong opcode, target_ulong *args)
-{
- CPUPPCState *env = &cpu->env;
- int i;
-
- for (i = 0; i < H_BULK_REMOVE_MAX_BATCH; i++) {
- target_ulong *tsh = &args[i*2];
- target_ulong tsl = args[i*2 + 1];
- target_ulong v, r, ret;
-
- if ((*tsh & H_BULK_REMOVE_TYPE) == H_BULK_REMOVE_END) {
- break;
- } else if ((*tsh & H_BULK_REMOVE_TYPE) != H_BULK_REMOVE_REQUEST) {
- return H_PARAMETER;
- }
-
- *tsh &= H_BULK_REMOVE_PTEX | H_BULK_REMOVE_FLAGS;
- *tsh |= H_BULK_REMOVE_RESPONSE;
-
- if ((*tsh & H_BULK_REMOVE_ANDCOND) && (*tsh & H_BULK_REMOVE_AVPN)) {
- *tsh |= H_BULK_REMOVE_PARM;
- return H_PARAMETER;
- }
-
- ret = remove_hpte(env, *tsh & H_BULK_REMOVE_PTEX, tsl,
- (*tsh & H_BULK_REMOVE_FLAGS) >> 26,
- &v, &r);
-
- *tsh |= ret << 60;
-
- switch (ret) {
- case REMOVE_SUCCESS:
- *tsh |= (r & (HPTE_R_C | HPTE_R_R)) << 43;
- break;
-
- case REMOVE_PARM:
- return H_PARAMETER;
-
- case REMOVE_HW:
- return H_HARDWARE;
- }
- }
-
- return H_SUCCESS;
-}
-
-static target_ulong h_protect(PowerPCCPU *cpu, sPAPREnvironment *spapr,
- target_ulong opcode, target_ulong *args)
-{
- CPUPPCState *env = &cpu->env;
- target_ulong flags = args[0];
- target_ulong pte_index = args[1];
- target_ulong avpn = args[2];
- uint8_t *hpte;
- target_ulong v, r, rb;
-
- if ((pte_index * HASH_PTE_SIZE_64) & ~env->htab_mask) {
- return H_PARAMETER;
- }
-
- hpte = env->external_htab + (pte_index * HASH_PTE_SIZE_64);
-
- v = ldq_p(hpte);
- r = ldq_p(hpte + (HASH_PTE_SIZE_64/2));
-
- if ((v & HPTE_V_VALID) == 0 ||
- ((flags & H_AVPN) && (v & ~0x7fULL) != avpn)) {
- return H_NOT_FOUND;
- }
-
- r &= ~(HPTE_R_PP0 | HPTE_R_PP | HPTE_R_N |
- HPTE_R_KEY_HI | HPTE_R_KEY_LO);
- r |= (flags << 55) & HPTE_R_PP0;
- r |= (flags << 48) & HPTE_R_KEY_HI;
- r |= flags & (HPTE_R_PP | HPTE_R_N | HPTE_R_KEY_LO);
- rb = compute_tlbie_rb(v, r, pte_index);
- stq_p(hpte, v & ~HPTE_V_VALID);
- ppc_tlb_invalidate_one(env, rb);
- stq_p(hpte + (HASH_PTE_SIZE_64/2), r);
- /* Don't need a memory barrier, due to qemu's global lock */
- stq_p(hpte, v);
- return H_SUCCESS;
-}
-
-static target_ulong h_set_dabr(PowerPCCPU *cpu, sPAPREnvironment *spapr,
- target_ulong opcode, target_ulong *args)
-{
- /* FIXME: actually implement this */
- return H_HARDWARE;
-}
-
-#define FLAGS_REGISTER_VPA 0x0000200000000000ULL
-#define FLAGS_REGISTER_DTL 0x0000400000000000ULL
-#define FLAGS_REGISTER_SLBSHADOW 0x0000600000000000ULL
-#define FLAGS_DEREGISTER_VPA 0x0000a00000000000ULL
-#define FLAGS_DEREGISTER_DTL 0x0000c00000000000ULL
-#define FLAGS_DEREGISTER_SLBSHADOW 0x0000e00000000000ULL
-
-#define VPA_MIN_SIZE 640
-#define VPA_SIZE_OFFSET 0x4
-#define VPA_SHARED_PROC_OFFSET 0x9
-#define VPA_SHARED_PROC_VAL 0x2
-
-static target_ulong register_vpa(CPUPPCState *env, target_ulong vpa)
-{
- uint16_t size;
- uint8_t tmp;
-
- if (vpa == 0) {
- hcall_dprintf("Can't cope with registering a VPA at logical 0\n");
- return H_HARDWARE;
- }
-
- if (vpa % env->dcache_line_size) {
- return H_PARAMETER;
- }
- /* FIXME: bounds check the address */
-
- size = lduw_be_phys(vpa + 0x4);
-
- if (size < VPA_MIN_SIZE) {
- return H_PARAMETER;
- }
-
- /* VPA is not allowed to cross a page boundary */
- if ((vpa / 4096) != ((vpa + size - 1) / 4096)) {
- return H_PARAMETER;
- }
-
- env->vpa_addr = vpa;
-
- tmp = ldub_phys(env->vpa_addr + VPA_SHARED_PROC_OFFSET);
- tmp |= VPA_SHARED_PROC_VAL;
- stb_phys(env->vpa_addr + VPA_SHARED_PROC_OFFSET, tmp);
-
- return H_SUCCESS;
-}
-
-static target_ulong deregister_vpa(CPUPPCState *env, target_ulong vpa)
-{
- if (env->slb_shadow_addr) {
- return H_RESOURCE;
- }
-
- if (env->dtl_addr) {
- return H_RESOURCE;
- }
-
- env->vpa_addr = 0;
- return H_SUCCESS;
-}
-
-static target_ulong register_slb_shadow(CPUPPCState *env, target_ulong addr)
-{
- uint32_t size;
-
- if (addr == 0) {
- hcall_dprintf("Can't cope with SLB shadow at logical 0\n");
- return H_HARDWARE;
- }
-
- size = ldl_be_phys(addr + 0x4);
- if (size < 0x8) {
- return H_PARAMETER;
- }
-
- if ((addr / 4096) != ((addr + size - 1) / 4096)) {
- return H_PARAMETER;
- }
-
- if (!env->vpa_addr) {
- return H_RESOURCE;
- }
-
- env->slb_shadow_addr = addr;
- env->slb_shadow_size = size;
-
- return H_SUCCESS;
-}
-
-static target_ulong deregister_slb_shadow(CPUPPCState *env, target_ulong addr)
-{
- env->slb_shadow_addr = 0;
- env->slb_shadow_size = 0;
- return H_SUCCESS;
-}
-
-static target_ulong register_dtl(CPUPPCState *env, target_ulong addr)
-{
- uint32_t size;
-
- if (addr == 0) {
- hcall_dprintf("Can't cope with DTL at logical 0\n");
- return H_HARDWARE;
- }
-
- size = ldl_be_phys(addr + 0x4);
-
- if (size < 48) {
- return H_PARAMETER;
- }
-
- if (!env->vpa_addr) {
- return H_RESOURCE;
- }
-
- env->dtl_addr = addr;
- env->dtl_size = size;
-
- return H_SUCCESS;
-}
-
-static target_ulong deregister_dtl(CPUPPCState *env, target_ulong addr)
-{
- env->dtl_addr = 0;
- env->dtl_size = 0;
-
- return H_SUCCESS;
-}
-
-static target_ulong h_register_vpa(PowerPCCPU *cpu, sPAPREnvironment *spapr,
- target_ulong opcode, target_ulong *args)
-{
- target_ulong flags = args[0];
- target_ulong procno = args[1];
- target_ulong vpa = args[2];
- target_ulong ret = H_PARAMETER;
- CPUPPCState *tenv;
-
- for (tenv = first_cpu; tenv; tenv = tenv->next_cpu) {
- if (tenv->cpu_index == procno) {
- break;
- }
- }
-
- if (!tenv) {
- return H_PARAMETER;
- }
-
- switch (flags) {
- case FLAGS_REGISTER_VPA:
- ret = register_vpa(tenv, vpa);
- break;
-
- case FLAGS_DEREGISTER_VPA:
- ret = deregister_vpa(tenv, vpa);
- break;
-
- case FLAGS_REGISTER_SLBSHADOW:
- ret = register_slb_shadow(tenv, vpa);
- break;
-
- case FLAGS_DEREGISTER_SLBSHADOW:
- ret = deregister_slb_shadow(tenv, vpa);
- break;
-
- case FLAGS_REGISTER_DTL:
- ret = register_dtl(tenv, vpa);
- break;
-
- case FLAGS_DEREGISTER_DTL:
- ret = deregister_dtl(tenv, vpa);
- break;
- }
-
- return ret;
-}
-
-static target_ulong h_cede(PowerPCCPU *cpu, sPAPREnvironment *spapr,
- target_ulong opcode, target_ulong *args)
-{
- CPUPPCState *env = &cpu->env;
-
- env->msr |= (1ULL << MSR_EE);
- hreg_compute_hflags(env);
- if (!cpu_has_work(CPU(cpu))) {
- env->halted = 1;
- env->exception_index = EXCP_HLT;
- env->exit_request = 1;
- }
- return H_SUCCESS;
-}
-
-static target_ulong h_rtas(PowerPCCPU *cpu, sPAPREnvironment *spapr,
- target_ulong opcode, target_ulong *args)
-{
- target_ulong rtas_r3 = args[0];
- uint32_t token = ldl_be_phys(rtas_r3);
- uint32_t nargs = ldl_be_phys(rtas_r3 + 4);
- uint32_t nret = ldl_be_phys(rtas_r3 + 8);
-
- return spapr_rtas_call(spapr, token, nargs, rtas_r3 + 12,
- nret, rtas_r3 + 12 + 4*nargs);
-}
-
-static target_ulong h_logical_load(PowerPCCPU *cpu, sPAPREnvironment *spapr,
- target_ulong opcode, target_ulong *args)
-{
- target_ulong size = args[0];
- target_ulong addr = args[1];
-
- switch (size) {
- case 1:
- args[0] = ldub_phys(addr);
- return H_SUCCESS;
- case 2:
- args[0] = lduw_phys(addr);
- return H_SUCCESS;
- case 4:
- args[0] = ldl_phys(addr);
- return H_SUCCESS;
- case 8:
- args[0] = ldq_phys(addr);
- return H_SUCCESS;
- }
- return H_PARAMETER;
-}
-
-static target_ulong h_logical_store(PowerPCCPU *cpu, sPAPREnvironment *spapr,
- target_ulong opcode, target_ulong *args)
-{
- target_ulong size = args[0];
- target_ulong addr = args[1];
- target_ulong val = args[2];
-
- switch (size) {
- case 1:
- stb_phys(addr, val);
- return H_SUCCESS;
- case 2:
- stw_phys(addr, val);
- return H_SUCCESS;
- case 4:
- stl_phys(addr, val);
- return H_SUCCESS;
- case 8:
- stq_phys(addr, val);
- return H_SUCCESS;
- }
- return H_PARAMETER;
-}
-
-static target_ulong h_logical_memop(PowerPCCPU *cpu, sPAPREnvironment *spapr,
- target_ulong opcode, target_ulong *args)
-{
- target_ulong dst = args[0]; /* Destination address */
- target_ulong src = args[1]; /* Source address */
- target_ulong esize = args[2]; /* Element size (0=1,1=2,2=4,3=8) */
- target_ulong count = args[3]; /* Element count */
- target_ulong op = args[4]; /* 0 = copy, 1 = invert */
- uint64_t tmp;
- unsigned int mask = (1 << esize) - 1;
- int step = 1 << esize;
-
- if (count > 0x80000000) {
- return H_PARAMETER;
- }
-
- if ((dst & mask) || (src & mask) || (op > 1)) {
- return H_PARAMETER;
- }
-
- if (dst >= src && dst < (src + (count << esize))) {
- dst = dst + ((count - 1) << esize);
- src = src + ((count - 1) << esize);
- step = -step;
- }
-
- while (count--) {
- switch (esize) {
- case 0:
- tmp = ldub_phys(src);
- break;
- case 1:
- tmp = lduw_phys(src);
- break;
- case 2:
- tmp = ldl_phys(src);
- break;
- case 3:
- tmp = ldq_phys(src);
- break;
- default:
- return H_PARAMETER;
- }
- if (op == 1) {
- tmp = ~tmp;
- }
- switch (esize) {
- case 0:
- stb_phys(dst, tmp);
- break;
- case 1:
- stw_phys(dst, tmp);
- break;
- case 2:
- stl_phys(dst, tmp);
- break;
- case 3:
- stq_phys(dst, tmp);
- break;
- }
- dst = dst + step;
- src = src + step;
- }
-
- return H_SUCCESS;
-}
-
-static target_ulong h_logical_icbi(PowerPCCPU *cpu, sPAPREnvironment *spapr,
- target_ulong opcode, target_ulong *args)
-{
- /* Nothing to do on emulation, KVM will trap this in the kernel */
- return H_SUCCESS;
-}
-
-static target_ulong h_logical_dcbf(PowerPCCPU *cpu, sPAPREnvironment *spapr,
- target_ulong opcode, target_ulong *args)
-{
- /* Nothing to do on emulation, KVM will trap this in the kernel */
- return H_SUCCESS;
-}
-
-static spapr_hcall_fn papr_hypercall_table[(MAX_HCALL_OPCODE / 4) + 1];
-static spapr_hcall_fn kvmppc_hypercall_table[KVMPPC_HCALL_MAX - KVMPPC_HCALL_BASE + 1];
-
-void spapr_register_hypercall(target_ulong opcode, spapr_hcall_fn fn)
-{
- spapr_hcall_fn *slot;
-
- if (opcode <= MAX_HCALL_OPCODE) {
- assert((opcode & 0x3) == 0);
-
- slot = &papr_hypercall_table[opcode / 4];
- } else {
- assert((opcode >= KVMPPC_HCALL_BASE) && (opcode <= KVMPPC_HCALL_MAX));
-
- slot = &kvmppc_hypercall_table[opcode - KVMPPC_HCALL_BASE];
- }
-
- assert(!(*slot));
- *slot = fn;
-}
-
-target_ulong spapr_hypercall(PowerPCCPU *cpu, target_ulong opcode,
- target_ulong *args)
-{
- if ((opcode <= MAX_HCALL_OPCODE)
- && ((opcode & 0x3) == 0)) {
- spapr_hcall_fn fn = papr_hypercall_table[opcode / 4];
-
- if (fn) {
- return fn(cpu, spapr, opcode, args);
- }
- } else if ((opcode >= KVMPPC_HCALL_BASE) &&
- (opcode <= KVMPPC_HCALL_MAX)) {
- spapr_hcall_fn fn = kvmppc_hypercall_table[opcode - KVMPPC_HCALL_BASE];
-
- if (fn) {
- return fn(cpu, spapr, opcode, args);
- }
- }
-
- hcall_dprintf("Unimplemented hcall 0x" TARGET_FMT_lx "\n", opcode);
- return H_FUNCTION;
-}
-
-static void hypercall_register_types(void)
-{
- /* hcall-pft */
- spapr_register_hypercall(H_ENTER, h_enter);
- spapr_register_hypercall(H_REMOVE, h_remove);
- spapr_register_hypercall(H_PROTECT, h_protect);
-
- /* hcall-bulk */
- spapr_register_hypercall(H_BULK_REMOVE, h_bulk_remove);
-
- /* hcall-dabr */
- spapr_register_hypercall(H_SET_DABR, h_set_dabr);
-
- /* hcall-splpar */
- spapr_register_hypercall(H_REGISTER_VPA, h_register_vpa);
- spapr_register_hypercall(H_CEDE, h_cede);
-
- /* "debugger" hcalls (also used by SLOF). Note: We do -not- differenciate
- * here between the "CI" and the "CACHE" variants, they will use whatever
- * mapping attributes qemu is using. When using KVM, the kernel will
- * enforce the attributes more strongly
- */
- spapr_register_hypercall(H_LOGICAL_CI_LOAD, h_logical_load);
- spapr_register_hypercall(H_LOGICAL_CI_STORE, h_logical_store);
- spapr_register_hypercall(H_LOGICAL_CACHE_LOAD, h_logical_load);
- spapr_register_hypercall(H_LOGICAL_CACHE_STORE, h_logical_store);
- spapr_register_hypercall(H_LOGICAL_ICBI, h_logical_icbi);
- spapr_register_hypercall(H_LOGICAL_DCBF, h_logical_dcbf);
- spapr_register_hypercall(KVMPPC_H_LOGICAL_MEMOP, h_logical_memop);
-
- /* qemu/KVM-PPC specific hcalls */
- spapr_register_hypercall(KVMPPC_H_RTAS, h_rtas);
-}
-
-type_init(hypercall_register_types)
diff --git a/hw/spapr_iommu.c b/hw/spapr_iommu.c
deleted file mode 100644
index 02d78ccf2..000000000
--- a/hw/spapr_iommu.c
+++ /dev/null
@@ -1,287 +0,0 @@
-/*
- * QEMU sPAPR IOMMU (TCE) code
- *
- * Copyright (c) 2010 David Gibson, IBM Corporation <dwg@au1.ibm.com>
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, see <http://www.gnu.org/licenses/>.
- */
-#include "hw.h"
-#include "kvm.h"
-#include "qdev.h"
-#include "kvm_ppc.h"
-#include "dma.h"
-#include "exec-memory.h"
-
-#include "hw/spapr.h"
-
-#include <libfdt.h>
-
-/* #define DEBUG_TCE */
-
-enum sPAPRTCEAccess {
- SPAPR_TCE_FAULT = 0,
- SPAPR_TCE_RO = 1,
- SPAPR_TCE_WO = 2,
- SPAPR_TCE_RW = 3,
-};
-
-typedef struct sPAPRTCETable sPAPRTCETable;
-
-struct sPAPRTCETable {
- DMAContext dma;
- uint32_t liobn;
- uint32_t window_size;
- sPAPRTCE *table;
- bool bypass;
- int fd;
- QLIST_ENTRY(sPAPRTCETable) list;
-};
-
-
-QLIST_HEAD(spapr_tce_tables, sPAPRTCETable) spapr_tce_tables;
-
-static sPAPRTCETable *spapr_tce_find_by_liobn(uint32_t liobn)
-{
- sPAPRTCETable *tcet;
-
- QLIST_FOREACH(tcet, &spapr_tce_tables, list) {
- if (tcet->liobn == liobn) {
- return tcet;
- }
- }
-
- return NULL;
-}
-
-static int spapr_tce_translate(DMAContext *dma,
- dma_addr_t addr,
- hwaddr *paddr,
- hwaddr *len,
- DMADirection dir)
-{
- sPAPRTCETable *tcet = DO_UPCAST(sPAPRTCETable, dma, dma);
- enum sPAPRTCEAccess access = (dir == DMA_DIRECTION_FROM_DEVICE)
- ? SPAPR_TCE_WO : SPAPR_TCE_RO;
- uint64_t tce;
-
-#ifdef DEBUG_TCE
- fprintf(stderr, "spapr_tce_translate liobn=0x%" PRIx32 " addr=0x"
- DMA_ADDR_FMT "\n", tcet->liobn, addr);
-#endif
-
- if (tcet->bypass) {
- *paddr = addr;
- *len = (hwaddr)-1;
- return 0;
- }
-
- /* Check if we are in bound */
- if (addr >= tcet->window_size) {
-#ifdef DEBUG_TCE
- fprintf(stderr, "spapr_tce_translate out of bounds\n");
-#endif
- return -EFAULT;
- }
-
- tce = tcet->table[addr >> SPAPR_TCE_PAGE_SHIFT].tce;
-
- /* Check TCE */
- if (!(tce & access)) {
- return -EPERM;
- }
-
- /* How much til end of page ? */
- *len = ((~addr) & SPAPR_TCE_PAGE_MASK) + 1;
-
- /* Translate */
- *paddr = (tce & ~SPAPR_TCE_PAGE_MASK) |
- (addr & SPAPR_TCE_PAGE_MASK);
-
-#ifdef DEBUG_TCE
- fprintf(stderr, " -> *paddr=0x" TARGET_FMT_plx ", *len=0x"
- TARGET_FMT_plx "\n", *paddr, *len);
-#endif
-
- return 0;
-}
-
-DMAContext *spapr_tce_new_dma_context(uint32_t liobn, size_t window_size)
-{
- sPAPRTCETable *tcet;
-
- if (!window_size) {
- return NULL;
- }
-
- tcet = g_malloc0(sizeof(*tcet));
- dma_context_init(&tcet->dma, &address_space_memory, spapr_tce_translate, NULL, NULL);
-
- tcet->liobn = liobn;
- tcet->window_size = window_size;
-
- if (kvm_enabled()) {
- tcet->table = kvmppc_create_spapr_tce(liobn,
- window_size,
- &tcet->fd);
- }
-
- if (!tcet->table) {
- size_t table_size = (window_size >> SPAPR_TCE_PAGE_SHIFT)
- * sizeof(sPAPRTCE);
- tcet->table = g_malloc0(table_size);
- }
-
-#ifdef DEBUG_TCE
- fprintf(stderr, "spapr_iommu: New TCE table, liobn=0x%x, context @ %p, "
- "table @ %p, fd=%d\n", liobn, &tcet->dma, tcet->table, tcet->fd);
-#endif
-
- QLIST_INSERT_HEAD(&spapr_tce_tables, tcet, list);
-
- return &tcet->dma;
-}
-
-void spapr_tce_free(DMAContext *dma)
-{
-
- if (dma) {
- sPAPRTCETable *tcet = DO_UPCAST(sPAPRTCETable, dma, dma);
-
- QLIST_REMOVE(tcet, list);
-
- if (!kvm_enabled() ||
- (kvmppc_remove_spapr_tce(tcet->table, tcet->fd,
- tcet->window_size) != 0)) {
- g_free(tcet->table);
- }
-
- g_free(tcet);
- }
-}
-
-void spapr_tce_set_bypass(DMAContext *dma, bool bypass)
-{
- sPAPRTCETable *tcet = DO_UPCAST(sPAPRTCETable, dma, dma);
-
- tcet->bypass = bypass;
-}
-
-void spapr_tce_reset(DMAContext *dma)
-{
- sPAPRTCETable *tcet = DO_UPCAST(sPAPRTCETable, dma, dma);
- size_t table_size = (tcet->window_size >> SPAPR_TCE_PAGE_SHIFT)
- * sizeof(sPAPRTCE);
-
- tcet->bypass = false;
- memset(tcet->table, 0, table_size);
-}
-
-static target_ulong put_tce_emu(sPAPRTCETable *tcet, target_ulong ioba,
- target_ulong tce)
-{
- sPAPRTCE *tcep;
-
- if (ioba >= tcet->window_size) {
- hcall_dprintf("spapr_vio_put_tce on out-of-boards IOBA 0x"
- TARGET_FMT_lx "\n", ioba);
- return H_PARAMETER;
- }
-
- tcep = tcet->table + (ioba >> SPAPR_TCE_PAGE_SHIFT);
- tcep->tce = tce;
-
- return H_SUCCESS;
-}
-
-static target_ulong h_put_tce(PowerPCCPU *cpu, sPAPREnvironment *spapr,
- target_ulong opcode, target_ulong *args)
-{
- target_ulong liobn = args[0];
- target_ulong ioba = args[1];
- target_ulong tce = args[2];
- sPAPRTCETable *tcet = spapr_tce_find_by_liobn(liobn);
-
- if (liobn & 0xFFFFFFFF00000000ULL) {
- hcall_dprintf("spapr_vio_put_tce on out-of-boundsw LIOBN "
- TARGET_FMT_lx "\n", liobn);
- return H_PARAMETER;
- }
-
- ioba &= ~(SPAPR_TCE_PAGE_SIZE - 1);
-
- if (tcet) {
- return put_tce_emu(tcet, ioba, tce);
- }
-#ifdef DEBUG_TCE
- fprintf(stderr, "%s on liobn=" TARGET_FMT_lx /*%s*/
- " ioba 0x" TARGET_FMT_lx " TCE 0x" TARGET_FMT_lx "\n",
- __func__, liobn, /*dev->qdev.id, */ioba, tce);
-#endif
-
- return H_PARAMETER;
-}
-
-void spapr_iommu_init(void)
-{
- QLIST_INIT(&spapr_tce_tables);
-
- /* hcall-tce */
- spapr_register_hypercall(H_PUT_TCE, h_put_tce);
-}
-
-int spapr_dma_dt(void *fdt, int node_off, const char *propname,
- uint32_t liobn, uint64_t window, uint32_t size)
-{
- uint32_t dma_prop[5];
- int ret;
-
- dma_prop[0] = cpu_to_be32(liobn);
- dma_prop[1] = cpu_to_be32(window >> 32);
- dma_prop[2] = cpu_to_be32(window & 0xFFFFFFFF);
- dma_prop[3] = 0; /* window size is 32 bits */
- dma_prop[4] = cpu_to_be32(size);
-
- ret = fdt_setprop_cell(fdt, node_off, "ibm,#dma-address-cells", 2);
- if (ret < 0) {
- return ret;
- }
-
- ret = fdt_setprop_cell(fdt, node_off, "ibm,#dma-size-cells", 2);
- if (ret < 0) {
- return ret;
- }
-
- ret = fdt_setprop(fdt, node_off, propname, dma_prop, sizeof(dma_prop));
- if (ret < 0) {
- return ret;
- }
-
- return 0;
-}
-
-int spapr_tcet_dma_dt(void *fdt, int node_off, const char *propname,
- DMAContext *iommu)
-{
- if (!iommu) {
- return 0;
- }
-
- if (iommu->translate == spapr_tce_translate) {
- sPAPRTCETable *tcet = DO_UPCAST(sPAPRTCETable, dma, iommu);
- return spapr_dma_dt(fdt, node_off, propname,
- tcet->liobn, 0, tcet->window_size);
- }
-
- return -1;
-}
diff --git a/hw/spapr_llan.c b/hw/spapr_llan.c
deleted file mode 100644
index 09ad69f6b..000000000
--- a/hw/spapr_llan.c
+++ /dev/null
@@ -1,523 +0,0 @@
-/*
- * QEMU PowerPC pSeries Logical Partition (aka sPAPR) hardware System Emulator
- *
- * PAPR Inter-VM Logical Lan, aka ibmveth
- *
- * Copyright (c) 2010,2011 David Gibson, IBM Corporation.
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
- * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
- * THE SOFTWARE.
- *
- */
-#include "hw.h"
-#include "net.h"
-#include "hw/qdev.h"
-#include "hw/spapr.h"
-#include "hw/spapr_vio.h"
-
-#include <libfdt.h>
-
-#define ETH_ALEN 6
-#define MAX_PACKET_SIZE 65536
-
-/*#define DEBUG*/
-
-#ifdef DEBUG
-#define dprintf(fmt...) do { fprintf(stderr, fmt); } while (0)
-#else
-#define dprintf(fmt...)
-#endif
-
-/*
- * Virtual LAN device
- */
-
-typedef uint64_t vlan_bd_t;
-
-#define VLAN_BD_VALID 0x8000000000000000ULL
-#define VLAN_BD_TOGGLE 0x4000000000000000ULL
-#define VLAN_BD_NO_CSUM 0x0200000000000000ULL
-#define VLAN_BD_CSUM_GOOD 0x0100000000000000ULL
-#define VLAN_BD_LEN_MASK 0x00ffffff00000000ULL
-#define VLAN_BD_LEN(bd) (((bd) & VLAN_BD_LEN_MASK) >> 32)
-#define VLAN_BD_ADDR_MASK 0x00000000ffffffffULL
-#define VLAN_BD_ADDR(bd) ((bd) & VLAN_BD_ADDR_MASK)
-
-#define VLAN_VALID_BD(addr, len) (VLAN_BD_VALID | \
- (((len) << 32) & VLAN_BD_LEN_MASK) | \
- (addr & VLAN_BD_ADDR_MASK))
-
-#define VLAN_RXQC_TOGGLE 0x80
-#define VLAN_RXQC_VALID 0x40
-#define VLAN_RXQC_NO_CSUM 0x02
-#define VLAN_RXQC_CSUM_GOOD 0x01
-
-#define VLAN_RQ_ALIGNMENT 16
-#define VLAN_RXQ_BD_OFF 0
-#define VLAN_FILTER_BD_OFF 8
-#define VLAN_RX_BDS_OFF 16
-#define VLAN_MAX_BUFS ((SPAPR_TCE_PAGE_SIZE - VLAN_RX_BDS_OFF) / 8)
-
-typedef struct VIOsPAPRVLANDevice {
- VIOsPAPRDevice sdev;
- NICConf nicconf;
- NICState *nic;
- int isopen;
- target_ulong buf_list;
- int add_buf_ptr, use_buf_ptr, rx_bufs;
- target_ulong rxq_ptr;
-} VIOsPAPRVLANDevice;
-
-static int spapr_vlan_can_receive(NetClientState *nc)
-{
- VIOsPAPRVLANDevice *dev = DO_UPCAST(NICState, nc, nc)->opaque;
-
- return (dev->isopen && dev->rx_bufs > 0);
-}
-
-static ssize_t spapr_vlan_receive(NetClientState *nc, const uint8_t *buf,
- size_t size)
-{
- VIOsPAPRDevice *sdev = DO_UPCAST(NICState, nc, nc)->opaque;
- VIOsPAPRVLANDevice *dev = (VIOsPAPRVLANDevice *)sdev;
- vlan_bd_t rxq_bd = vio_ldq(sdev, dev->buf_list + VLAN_RXQ_BD_OFF);
- vlan_bd_t bd;
- int buf_ptr = dev->use_buf_ptr;
- uint64_t handle;
- uint8_t control;
-
- dprintf("spapr_vlan_receive() [%s] rx_bufs=%d\n", sdev->qdev.id,
- dev->rx_bufs);
-
- if (!dev->isopen) {
- return -1;
- }
-
- if (!dev->rx_bufs) {
- return -1;
- }
-
- do {
- buf_ptr += 8;
- if (buf_ptr >= SPAPR_TCE_PAGE_SIZE) {
- buf_ptr = VLAN_RX_BDS_OFF;
- }
-
- bd = vio_ldq(sdev, dev->buf_list + buf_ptr);
- dprintf("use_buf_ptr=%d bd=0x%016llx\n",
- buf_ptr, (unsigned long long)bd);
- } while ((!(bd & VLAN_BD_VALID) || (VLAN_BD_LEN(bd) < (size + 8)))
- && (buf_ptr != dev->use_buf_ptr));
-
- if (!(bd & VLAN_BD_VALID) || (VLAN_BD_LEN(bd) < (size + 8))) {
- /* Failed to find a suitable buffer */
- return -1;
- }
-
- /* Remove the buffer from the pool */
- dev->rx_bufs--;
- dev->use_buf_ptr = buf_ptr;
- vio_stq(sdev, dev->buf_list + dev->use_buf_ptr, 0);
-
- dprintf("Found buffer: ptr=%d num=%d\n", dev->use_buf_ptr, dev->rx_bufs);
-
- /* Transfer the packet data */
- if (spapr_vio_dma_write(sdev, VLAN_BD_ADDR(bd) + 8, buf, size) < 0) {
- return -1;
- }
-
- dprintf("spapr_vlan_receive: DMA write completed\n");
-
- /* Update the receive queue */
- control = VLAN_RXQC_TOGGLE | VLAN_RXQC_VALID;
- if (rxq_bd & VLAN_BD_TOGGLE) {
- control ^= VLAN_RXQC_TOGGLE;
- }
-
- handle = vio_ldq(sdev, VLAN_BD_ADDR(bd));
- vio_stq(sdev, VLAN_BD_ADDR(rxq_bd) + dev->rxq_ptr + 8, handle);
- vio_stl(sdev, VLAN_BD_ADDR(rxq_bd) + dev->rxq_ptr + 4, size);
- vio_sth(sdev, VLAN_BD_ADDR(rxq_bd) + dev->rxq_ptr + 2, 8);
- vio_stb(sdev, VLAN_BD_ADDR(rxq_bd) + dev->rxq_ptr, control);
-
- dprintf("wrote rxq entry (ptr=0x%llx): 0x%016llx 0x%016llx\n",
- (unsigned long long)dev->rxq_ptr,
- (unsigned long long)vio_ldq(sdev, VLAN_BD_ADDR(rxq_bd) +
- dev->rxq_ptr),
- (unsigned long long)vio_ldq(sdev, VLAN_BD_ADDR(rxq_bd) +
- dev->rxq_ptr + 8));
-
- dev->rxq_ptr += 16;
- if (dev->rxq_ptr >= VLAN_BD_LEN(rxq_bd)) {
- dev->rxq_ptr = 0;
- vio_stq(sdev, dev->buf_list + VLAN_RXQ_BD_OFF, rxq_bd ^ VLAN_BD_TOGGLE);
- }
-
- if (sdev->signal_state & 1) {
- qemu_irq_pulse(spapr_vio_qirq(sdev));
- }
-
- return size;
-}
-
-static NetClientInfo net_spapr_vlan_info = {
- .type = NET_CLIENT_OPTIONS_KIND_NIC,
- .size = sizeof(NICState),
- .can_receive = spapr_vlan_can_receive,
- .receive = spapr_vlan_receive,
-};
-
-static void spapr_vlan_reset(VIOsPAPRDevice *sdev)
-{
- VIOsPAPRVLANDevice *dev = DO_UPCAST(VIOsPAPRVLANDevice, sdev, sdev);
-
- dev->buf_list = 0;
- dev->rx_bufs = 0;
- dev->isopen = 0;
-}
-
-static int spapr_vlan_init(VIOsPAPRDevice *sdev)
-{
- VIOsPAPRVLANDevice *dev = (VIOsPAPRVLANDevice *)sdev;
-
- qemu_macaddr_default_if_unset(&dev->nicconf.macaddr);
-
- dev->nic = qemu_new_nic(&net_spapr_vlan_info, &dev->nicconf,
- object_get_typename(OBJECT(sdev)), sdev->qdev.id, dev);
- qemu_format_nic_info_str(&dev->nic->nc, dev->nicconf.macaddr.a);
-
- return 0;
-}
-
-void spapr_vlan_create(VIOsPAPRBus *bus, NICInfo *nd)
-{
- DeviceState *dev;
-
- dev = qdev_create(&bus->bus, "spapr-vlan");
-
- qdev_set_nic_properties(dev, nd);
-
- qdev_init_nofail(dev);
-}
-
-static int spapr_vlan_devnode(VIOsPAPRDevice *dev, void *fdt, int node_off)
-{
- VIOsPAPRVLANDevice *vdev = (VIOsPAPRVLANDevice *)dev;
- uint8_t padded_mac[8] = {0, 0};
- int ret;
-
- /* Some old phyp versions give the mac address in an 8-byte
- * property. The kernel driver has an insane workaround for this;
- * rather than doing the obvious thing and checking the property
- * length, it checks whether the first byte has 0b10 in the low
- * bits. If a correct 6-byte property has a different first byte
- * the kernel will get the wrong mac address, overrunning its
- * buffer in the process (read only, thank goodness).
- *
- * Here we workaround the kernel workaround by always supplying an
- * 8-byte property, with the mac address in the last six bytes */
- memcpy(&padded_mac[2], &vdev->nicconf.macaddr, ETH_ALEN);
- ret = fdt_setprop(fdt, node_off, "local-mac-address",
- padded_mac, sizeof(padded_mac));
- if (ret < 0) {
- return ret;
- }
-
- ret = fdt_setprop_cell(fdt, node_off, "ibm,mac-address-filters", 0);
- if (ret < 0) {
- return ret;
- }
-
- return 0;
-}
-
-static int check_bd(VIOsPAPRVLANDevice *dev, vlan_bd_t bd,
- target_ulong alignment)
-{
- if ((VLAN_BD_ADDR(bd) % alignment)
- || (VLAN_BD_LEN(bd) % alignment)) {
- return -1;
- }
-
- if (!spapr_vio_dma_valid(&dev->sdev, VLAN_BD_ADDR(bd),
- VLAN_BD_LEN(bd), DMA_DIRECTION_FROM_DEVICE)
- || !spapr_vio_dma_valid(&dev->sdev, VLAN_BD_ADDR(bd),
- VLAN_BD_LEN(bd), DMA_DIRECTION_TO_DEVICE)) {
- return -1;
- }
-
- return 0;
-}
-
-static target_ulong h_register_logical_lan(PowerPCCPU *cpu,
- sPAPREnvironment *spapr,
- target_ulong opcode,
- target_ulong *args)
-{
- target_ulong reg = args[0];
- target_ulong buf_list = args[1];
- target_ulong rec_queue = args[2];
- target_ulong filter_list = args[3];
- VIOsPAPRDevice *sdev = spapr_vio_find_by_reg(spapr->vio_bus, reg);
- VIOsPAPRVLANDevice *dev = (VIOsPAPRVLANDevice *)sdev;
- vlan_bd_t filter_list_bd;
-
- if (!dev) {
- return H_PARAMETER;
- }
-
- if (dev->isopen) {
- hcall_dprintf("H_REGISTER_LOGICAL_LAN called twice without "
- "H_FREE_LOGICAL_LAN\n");
- return H_RESOURCE;
- }
-
- if (check_bd(dev, VLAN_VALID_BD(buf_list, SPAPR_TCE_PAGE_SIZE),
- SPAPR_TCE_PAGE_SIZE) < 0) {
- hcall_dprintf("Bad buf_list 0x" TARGET_FMT_lx "\n", buf_list);
- return H_PARAMETER;
- }
-
- filter_list_bd = VLAN_VALID_BD(filter_list, SPAPR_TCE_PAGE_SIZE);
- if (check_bd(dev, filter_list_bd, SPAPR_TCE_PAGE_SIZE) < 0) {
- hcall_dprintf("Bad filter_list 0x" TARGET_FMT_lx "\n", filter_list);
- return H_PARAMETER;
- }
-
- if (!(rec_queue & VLAN_BD_VALID)
- || (check_bd(dev, rec_queue, VLAN_RQ_ALIGNMENT) < 0)) {
- hcall_dprintf("Bad receive queue\n");
- return H_PARAMETER;
- }
-
- dev->buf_list = buf_list;
- sdev->signal_state = 0;
-
- rec_queue &= ~VLAN_BD_TOGGLE;
-
- /* Initialize the buffer list */
- vio_stq(sdev, buf_list, rec_queue);
- vio_stq(sdev, buf_list + 8, filter_list_bd);
- spapr_vio_dma_set(sdev, buf_list + VLAN_RX_BDS_OFF, 0,
- SPAPR_TCE_PAGE_SIZE - VLAN_RX_BDS_OFF);
- dev->add_buf_ptr = VLAN_RX_BDS_OFF - 8;
- dev->use_buf_ptr = VLAN_RX_BDS_OFF - 8;
- dev->rx_bufs = 0;
- dev->rxq_ptr = 0;
-
- /* Initialize the receive queue */
- spapr_vio_dma_set(sdev, VLAN_BD_ADDR(rec_queue), 0, VLAN_BD_LEN(rec_queue));
-
- dev->isopen = 1;
- return H_SUCCESS;
-}
-
-
-static target_ulong h_free_logical_lan(PowerPCCPU *cpu, sPAPREnvironment *spapr,
- target_ulong opcode, target_ulong *args)
-{
- target_ulong reg = args[0];
- VIOsPAPRDevice *sdev = spapr_vio_find_by_reg(spapr->vio_bus, reg);
- VIOsPAPRVLANDevice *dev = (VIOsPAPRVLANDevice *)sdev;
-
- if (!dev) {
- return H_PARAMETER;
- }
-
- if (!dev->isopen) {
- hcall_dprintf("H_FREE_LOGICAL_LAN called without "
- "H_REGISTER_LOGICAL_LAN\n");
- return H_RESOURCE;
- }
-
- spapr_vlan_reset(sdev);
- return H_SUCCESS;
-}
-
-static target_ulong h_add_logical_lan_buffer(PowerPCCPU *cpu,
- sPAPREnvironment *spapr,
- target_ulong opcode,
- target_ulong *args)
-{
- target_ulong reg = args[0];
- target_ulong buf = args[1];
- VIOsPAPRDevice *sdev = spapr_vio_find_by_reg(spapr->vio_bus, reg);
- VIOsPAPRVLANDevice *dev = (VIOsPAPRVLANDevice *)sdev;
- vlan_bd_t bd;
-
- dprintf("H_ADD_LOGICAL_LAN_BUFFER(0x" TARGET_FMT_lx
- ", 0x" TARGET_FMT_lx ")\n", reg, buf);
-
- if (!sdev) {
- hcall_dprintf("Bad device\n");
- return H_PARAMETER;
- }
-
- if ((check_bd(dev, buf, 4) < 0)
- || (VLAN_BD_LEN(buf) < 16)) {
- hcall_dprintf("Bad buffer enqueued\n");
- return H_PARAMETER;
- }
-
- if (!dev->isopen || dev->rx_bufs >= VLAN_MAX_BUFS) {
- return H_RESOURCE;
- }
-
- do {
- dev->add_buf_ptr += 8;
- if (dev->add_buf_ptr >= SPAPR_TCE_PAGE_SIZE) {
- dev->add_buf_ptr = VLAN_RX_BDS_OFF;
- }
-
- bd = vio_ldq(sdev, dev->buf_list + dev->add_buf_ptr);
- } while (bd & VLAN_BD_VALID);
-
- vio_stq(sdev, dev->buf_list + dev->add_buf_ptr, buf);
-
- dev->rx_bufs++;
-
- dprintf("h_add_logical_lan_buffer(): Added buf ptr=%d rx_bufs=%d"
- " bd=0x%016llx\n", dev->add_buf_ptr, dev->rx_bufs,
- (unsigned long long)buf);
-
- return H_SUCCESS;
-}
-
-static target_ulong h_send_logical_lan(PowerPCCPU *cpu, sPAPREnvironment *spapr,
- target_ulong opcode, target_ulong *args)
-{
- target_ulong reg = args[0];
- target_ulong *bufs = args + 1;
- target_ulong continue_token = args[7];
- VIOsPAPRDevice *sdev = spapr_vio_find_by_reg(spapr->vio_bus, reg);
- VIOsPAPRVLANDevice *dev = (VIOsPAPRVLANDevice *)sdev;
- unsigned total_len;
- uint8_t *lbuf, *p;
- int i, nbufs;
- int ret;
-
- dprintf("H_SEND_LOGICAL_LAN(0x" TARGET_FMT_lx ", <bufs>, 0x"
- TARGET_FMT_lx ")\n", reg, continue_token);
-
- if (!sdev) {
- return H_PARAMETER;
- }
-
- dprintf("rxbufs = %d\n", dev->rx_bufs);
-
- if (!dev->isopen) {
- return H_DROPPED;
- }
-
- if (continue_token) {
- return H_HARDWARE; /* FIXME actually handle this */
- }
-
- total_len = 0;
- for (i = 0; i < 6; i++) {
- dprintf(" buf desc: 0x" TARGET_FMT_lx "\n", bufs[i]);
- if (!(bufs[i] & VLAN_BD_VALID)) {
- break;
- }
- total_len += VLAN_BD_LEN(bufs[i]);
- }
-
- nbufs = i;
- dprintf("h_send_logical_lan() %d buffers, total length 0x%x\n",
- nbufs, total_len);
-
- if (total_len == 0) {
- return H_SUCCESS;
- }
-
- if (total_len > MAX_PACKET_SIZE) {
- /* Don't let the guest force too large an allocation */
- return H_RESOURCE;
- }
-
- lbuf = alloca(total_len);
- p = lbuf;
- for (i = 0; i < nbufs; i++) {
- ret = spapr_vio_dma_read(sdev, VLAN_BD_ADDR(bufs[i]),
- p, VLAN_BD_LEN(bufs[i]));
- if (ret < 0) {
- return ret;
- }
-
- p += VLAN_BD_LEN(bufs[i]);
- }
-
- qemu_send_packet(&dev->nic->nc, lbuf, total_len);
-
- return H_SUCCESS;
-}
-
-static target_ulong h_multicast_ctrl(PowerPCCPU *cpu, sPAPREnvironment *spapr,
- target_ulong opcode, target_ulong *args)
-{
- target_ulong reg = args[0];
- VIOsPAPRDevice *dev = spapr_vio_find_by_reg(spapr->vio_bus, reg);
-
- if (!dev) {
- return H_PARAMETER;
- }
-
- return H_SUCCESS;
-}
-
-static Property spapr_vlan_properties[] = {
- DEFINE_SPAPR_PROPERTIES(VIOsPAPRVLANDevice, sdev),
- DEFINE_NIC_PROPERTIES(VIOsPAPRVLANDevice, nicconf),
- DEFINE_PROP_END_OF_LIST(),
-};
-
-static void spapr_vlan_class_init(ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS(klass);
- VIOsPAPRDeviceClass *k = VIO_SPAPR_DEVICE_CLASS(klass);
-
- k->init = spapr_vlan_init;
- k->reset = spapr_vlan_reset;
- k->devnode = spapr_vlan_devnode;
- k->dt_name = "l-lan";
- k->dt_type = "network";
- k->dt_compatible = "IBM,l-lan";
- k->signal_mask = 0x1;
- dc->props = spapr_vlan_properties;
- k->rtce_window_size = 0x10000000;
-}
-
-static TypeInfo spapr_vlan_info = {
- .name = "spapr-vlan",
- .parent = TYPE_VIO_SPAPR_DEVICE,
- .instance_size = sizeof(VIOsPAPRVLANDevice),
- .class_init = spapr_vlan_class_init,
-};
-
-static void spapr_vlan_register_types(void)
-{
- spapr_register_hypercall(H_REGISTER_LOGICAL_LAN, h_register_logical_lan);
- spapr_register_hypercall(H_FREE_LOGICAL_LAN, h_free_logical_lan);
- spapr_register_hypercall(H_SEND_LOGICAL_LAN, h_send_logical_lan);
- spapr_register_hypercall(H_ADD_LOGICAL_LAN_BUFFER,
- h_add_logical_lan_buffer);
- spapr_register_hypercall(H_MULTICAST_CTRL, h_multicast_ctrl);
- type_register_static(&spapr_vlan_info);
-}
-
-type_init(spapr_vlan_register_types)
diff --git a/hw/spapr_pci.c b/hw/spapr_pci.c
deleted file mode 100644
index 3c5b855bc..000000000
--- a/hw/spapr_pci.c
+++ /dev/null
@@ -1,771 +0,0 @@
-/*
- * QEMU sPAPR PCI host originated from Uninorth PCI host
- *
- * Copyright (c) 2011 Alexey Kardashevskiy, IBM Corporation.
- * Copyright (C) 2011 David Gibson, IBM Corporation.
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
- * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
- * THE SOFTWARE.
- */
-#include "hw.h"
-#include "pci.h"
-#include "msi.h"
-#include "msix.h"
-#include "pci_host.h"
-#include "hw/spapr.h"
-#include "hw/spapr_pci.h"
-#include "exec-memory.h"
-#include <libfdt.h>
-#include "trace.h"
-
-#include "hw/pci_internals.h"
-
-/* Copied from the kernel arch/powerpc/platforms/pseries/msi.c */
-#define RTAS_QUERY_FN 0
-#define RTAS_CHANGE_FN 1
-#define RTAS_RESET_FN 2
-#define RTAS_CHANGE_MSI_FN 3
-#define RTAS_CHANGE_MSIX_FN 4
-
-/* Interrupt types to return on RTAS_CHANGE_* */
-#define RTAS_TYPE_MSI 1
-#define RTAS_TYPE_MSIX 2
-
-static sPAPRPHBState *find_phb(sPAPREnvironment *spapr, uint64_t buid)
-{
- sPAPRPHBState *sphb;
-
- QLIST_FOREACH(sphb, &spapr->phbs, list) {
- if (sphb->buid != buid) {
- continue;
- }
- return sphb;
- }
-
- return NULL;
-}
-
-static PCIDevice *find_dev(sPAPREnvironment *spapr, uint64_t buid,
- uint32_t config_addr)
-{
- sPAPRPHBState *sphb = find_phb(spapr, buid);
- PCIHostState *phb = PCI_HOST_BRIDGE(sphb);
- BusState *bus = BUS(phb->bus);
- BusChild *kid;
- int devfn = (config_addr >> 8) & 0xFF;
-
- if (!phb) {
- return NULL;
- }
-
- QTAILQ_FOREACH(kid, &bus->children, sibling) {
- PCIDevice *dev = (PCIDevice *)kid->child;
- if (dev->devfn == devfn) {
- return dev;
- }
- }
-
- return NULL;
-}
-
-static uint32_t rtas_pci_cfgaddr(uint32_t arg)
-{
- /* This handles the encoding of extended config space addresses */
- return ((arg >> 20) & 0xf00) | (arg & 0xff);
-}
-
-static void finish_read_pci_config(sPAPREnvironment *spapr, uint64_t buid,
- uint32_t addr, uint32_t size,
- target_ulong rets)
-{
- PCIDevice *pci_dev;
- uint32_t val;
-
- if ((size != 1) && (size != 2) && (size != 4)) {
- /* access must be 1, 2 or 4 bytes */
- rtas_st(rets, 0, -1);
- return;
- }
-
- pci_dev = find_dev(spapr, buid, addr);
- addr = rtas_pci_cfgaddr(addr);
-
- if (!pci_dev || (addr % size) || (addr >= pci_config_size(pci_dev))) {
- /* Access must be to a valid device, within bounds and
- * naturally aligned */
- rtas_st(rets, 0, -1);
- return;
- }
-
- val = pci_host_config_read_common(pci_dev, addr,
- pci_config_size(pci_dev), size);
-
- rtas_st(rets, 0, 0);
- rtas_st(rets, 1, val);
-}
-
-static void rtas_ibm_read_pci_config(sPAPREnvironment *spapr,
- uint32_t token, uint32_t nargs,
- target_ulong args,
- uint32_t nret, target_ulong rets)
-{
- uint64_t buid;
- uint32_t size, addr;
-
- if ((nargs != 4) || (nret != 2)) {
- rtas_st(rets, 0, -1);
- return;
- }
-
- buid = ((uint64_t)rtas_ld(args, 1) << 32) | rtas_ld(args, 2);
- size = rtas_ld(args, 3);
- addr = rtas_ld(args, 0);
-
- finish_read_pci_config(spapr, buid, addr, size, rets);
-}
-
-static void rtas_read_pci_config(sPAPREnvironment *spapr,
- uint32_t token, uint32_t nargs,
- target_ulong args,
- uint32_t nret, target_ulong rets)
-{
- uint32_t size, addr;
-
- if ((nargs != 2) || (nret != 2)) {
- rtas_st(rets, 0, -1);
- return;
- }
-
- size = rtas_ld(args, 1);
- addr = rtas_ld(args, 0);
-
- finish_read_pci_config(spapr, 0, addr, size, rets);
-}
-
-static void finish_write_pci_config(sPAPREnvironment *spapr, uint64_t buid,
- uint32_t addr, uint32_t size,
- uint32_t val, target_ulong rets)
-{
- PCIDevice *pci_dev;
-
- if ((size != 1) && (size != 2) && (size != 4)) {
- /* access must be 1, 2 or 4 bytes */
- rtas_st(rets, 0, -1);
- return;
- }
-
- pci_dev = find_dev(spapr, buid, addr);
- addr = rtas_pci_cfgaddr(addr);
-
- if (!pci_dev || (addr % size) || (addr >= pci_config_size(pci_dev))) {
- /* Access must be to a valid device, within bounds and
- * naturally aligned */
- rtas_st(rets, 0, -1);
- return;
- }
-
- pci_host_config_write_common(pci_dev, addr, pci_config_size(pci_dev),
- val, size);
-
- rtas_st(rets, 0, 0);
-}
-
-static void rtas_ibm_write_pci_config(sPAPREnvironment *spapr,
- uint32_t token, uint32_t nargs,
- target_ulong args,
- uint32_t nret, target_ulong rets)
-{
- uint64_t buid;
- uint32_t val, size, addr;
-
- if ((nargs != 5) || (nret != 1)) {
- rtas_st(rets, 0, -1);
- return;
- }
-
- buid = ((uint64_t)rtas_ld(args, 1) << 32) | rtas_ld(args, 2);
- val = rtas_ld(args, 4);
- size = rtas_ld(args, 3);
- addr = rtas_ld(args, 0);
-
- finish_write_pci_config(spapr, buid, addr, size, val, rets);
-}
-
-static void rtas_write_pci_config(sPAPREnvironment *spapr,
- uint32_t token, uint32_t nargs,
- target_ulong args,
- uint32_t nret, target_ulong rets)
-{
- uint32_t val, size, addr;
-
- if ((nargs != 3) || (nret != 1)) {
- rtas_st(rets, 0, -1);
- return;
- }
-
-
- val = rtas_ld(args, 2);
- size = rtas_ld(args, 1);
- addr = rtas_ld(args, 0);
-
- finish_write_pci_config(spapr, 0, addr, size, val, rets);
-}
-
-/*
- * Find an entry with config_addr or returns the empty one if not found AND
- * alloc_new is set.
- * At the moment the msi_table entries are never released so there is
- * no point to look till the end of the list if we need to find the free entry.
- */
-static int spapr_msicfg_find(sPAPRPHBState *phb, uint32_t config_addr,
- bool alloc_new)
-{
- int i;
-
- for (i = 0; i < SPAPR_MSIX_MAX_DEVS; ++i) {
- if (!phb->msi_table[i].nvec) {
- break;
- }
- if (phb->msi_table[i].config_addr == config_addr) {
- return i;
- }
- }
- if ((i < SPAPR_MSIX_MAX_DEVS) && alloc_new) {
- trace_spapr_pci_msi("Allocating new MSI config", i, config_addr);
- return i;
- }
-
- return -1;
-}
-
-/*
- * Set MSI/MSIX message data.
- * This is required for msi_notify()/msix_notify() which
- * will write at the addresses via spapr_msi_write().
- */
-static void spapr_msi_setmsg(PCIDevice *pdev, hwaddr addr,
- bool msix, unsigned req_num)
-{
- unsigned i;
- MSIMessage msg = { .address = addr, .data = 0 };
-
- if (!msix) {
- msi_set_message(pdev, msg);
- trace_spapr_pci_msi_setup(pdev->name, 0, msg.address);
- return;
- }
-
- for (i = 0; i < req_num; ++i) {
- msg.address = addr | (i << 2);
- msix_set_message(pdev, i, msg);
- trace_spapr_pci_msi_setup(pdev->name, i, msg.address);
- }
-}
-
-static void rtas_ibm_change_msi(sPAPREnvironment *spapr,
- uint32_t token, uint32_t nargs,
- target_ulong args, uint32_t nret,
- target_ulong rets)
-{
- uint32_t config_addr = rtas_ld(args, 0);
- uint64_t buid = ((uint64_t)rtas_ld(args, 1) << 32) | rtas_ld(args, 2);
- unsigned int func = rtas_ld(args, 3);
- unsigned int req_num = rtas_ld(args, 4); /* 0 == remove all */
- unsigned int seq_num = rtas_ld(args, 5);
- unsigned int ret_intr_type;
- int ndev, irq;
- sPAPRPHBState *phb = NULL;
- PCIDevice *pdev = NULL;
-
- switch (func) {
- case RTAS_CHANGE_MSI_FN:
- case RTAS_CHANGE_FN:
- ret_intr_type = RTAS_TYPE_MSI;
- break;
- case RTAS_CHANGE_MSIX_FN:
- ret_intr_type = RTAS_TYPE_MSIX;
- break;
- default:
- fprintf(stderr, "rtas_ibm_change_msi(%u) is not implemented\n", func);
- rtas_st(rets, 0, -3); /* Parameter error */
- return;
- }
-
- /* Fins sPAPRPHBState */
- phb = find_phb(spapr, buid);
- if (phb) {
- pdev = find_dev(spapr, buid, config_addr);
- }
- if (!phb || !pdev) {
- rtas_st(rets, 0, -3); /* Parameter error */
- return;
- }
-
- /* Releasing MSIs */
- if (!req_num) {
- ndev = spapr_msicfg_find(phb, config_addr, false);
- if (ndev < 0) {
- trace_spapr_pci_msi("MSI has not been enabled", -1, config_addr);
- rtas_st(rets, 0, -1); /* Hardware error */
- return;
- }
- trace_spapr_pci_msi("Released MSIs", ndev, config_addr);
- rtas_st(rets, 0, 0);
- rtas_st(rets, 1, 0);
- return;
- }
-
- /* Enabling MSI */
-
- /* Find a device number in the map to add or reuse the existing one */
- ndev = spapr_msicfg_find(phb, config_addr, true);
- if (ndev >= SPAPR_MSIX_MAX_DEVS || ndev < 0) {
- fprintf(stderr, "No free entry for a new MSI device\n");
- rtas_st(rets, 0, -1); /* Hardware error */
- return;
- }
- trace_spapr_pci_msi("Configuring MSI", ndev, config_addr);
-
- /* Check if there is an old config and MSI number has not changed */
- if (phb->msi_table[ndev].nvec && (req_num != phb->msi_table[ndev].nvec)) {
- /* Unexpected behaviour */
- fprintf(stderr, "Cannot reuse MSI config for device#%d", ndev);
- rtas_st(rets, 0, -1); /* Hardware error */
- return;
- }
-
- /* There is no cached config, allocate MSIs */
- if (!phb->msi_table[ndev].nvec) {
- irq = spapr_allocate_irq_block(req_num, false);
- if (irq < 0) {
- fprintf(stderr, "Cannot allocate MSIs for device#%d", ndev);
- rtas_st(rets, 0, -1); /* Hardware error */
- return;
- }
- phb->msi_table[ndev].irq = irq;
- phb->msi_table[ndev].nvec = req_num;
- phb->msi_table[ndev].config_addr = config_addr;
- }
-
- /* Setup MSI/MSIX vectors in the device (via cfgspace or MSIX BAR) */
- spapr_msi_setmsg(pdev, phb->msi_win_addr | (ndev << 16),
- ret_intr_type == RTAS_TYPE_MSIX, req_num);
-
- rtas_st(rets, 0, 0);
- rtas_st(rets, 1, req_num);
- rtas_st(rets, 2, ++seq_num);
- rtas_st(rets, 3, ret_intr_type);
-
- trace_spapr_pci_rtas_ibm_change_msi(func, req_num);
-}
-
-static void rtas_ibm_query_interrupt_source_number(sPAPREnvironment *spapr,
- uint32_t token,
- uint32_t nargs,
- target_ulong args,
- uint32_t nret,
- target_ulong rets)
-{
- uint32_t config_addr = rtas_ld(args, 0);
- uint64_t buid = ((uint64_t)rtas_ld(args, 1) << 32) | rtas_ld(args, 2);
- unsigned int intr_src_num = -1, ioa_intr_num = rtas_ld(args, 3);
- int ndev;
- sPAPRPHBState *phb = NULL;
-
- /* Fins sPAPRPHBState */
- phb = find_phb(spapr, buid);
- if (!phb) {
- rtas_st(rets, 0, -3); /* Parameter error */
- return;
- }
-
- /* Find device descriptor and start IRQ */
- ndev = spapr_msicfg_find(phb, config_addr, false);
- if (ndev < 0) {
- trace_spapr_pci_msi("MSI has not been enabled", -1, config_addr);
- rtas_st(rets, 0, -1); /* Hardware error */
- return;
- }
-
- intr_src_num = phb->msi_table[ndev].irq + ioa_intr_num;
- trace_spapr_pci_rtas_ibm_query_interrupt_source_number(ioa_intr_num,
- intr_src_num);
-
- rtas_st(rets, 0, 0);
- rtas_st(rets, 1, intr_src_num);
- rtas_st(rets, 2, 1);/* 0 == level; 1 == edge */
-}
-
-static int pci_spapr_swizzle(int slot, int pin)
-{
- return (slot + pin) % PCI_NUM_PINS;
-}
-
-static int pci_spapr_map_irq(PCIDevice *pci_dev, int irq_num)
-{
- /*
- * Here we need to convert pci_dev + irq_num to some unique value
- * which is less than number of IRQs on the specific bus (4). We
- * use standard PCI swizzling, that is (slot number + pin number)
- * % 4.
- */
- return pci_spapr_swizzle(PCI_SLOT(pci_dev->devfn), irq_num);
-}
-
-static void pci_spapr_set_irq(void *opaque, int irq_num, int level)
-{
- /*
- * Here we use the number returned by pci_spapr_map_irq to find a
- * corresponding qemu_irq.
- */
- sPAPRPHBState *phb = opaque;
-
- trace_spapr_pci_lsi_set(phb->busname, irq_num, phb->lsi_table[irq_num].irq);
- qemu_set_irq(spapr_phb_lsi_qirq(phb, irq_num), level);
-}
-
-static uint64_t spapr_io_read(void *opaque, hwaddr addr,
- unsigned size)
-{
- switch (size) {
- case 1:
- return cpu_inb(addr);
- case 2:
- return cpu_inw(addr);
- case 4:
- return cpu_inl(addr);
- }
- assert(0);
-}
-
-static void spapr_io_write(void *opaque, hwaddr addr,
- uint64_t data, unsigned size)
-{
- switch (size) {
- case 1:
- cpu_outb(addr, data);
- return;
- case 2:
- cpu_outw(addr, data);
- return;
- case 4:
- cpu_outl(addr, data);
- return;
- }
- assert(0);
-}
-
-static const MemoryRegionOps spapr_io_ops = {
- .endianness = DEVICE_LITTLE_ENDIAN,
- .read = spapr_io_read,
- .write = spapr_io_write
-};
-
-/*
- * MSI/MSIX memory region implementation.
- * The handler handles both MSI and MSIX.
- * For MSI-X, the vector number is encoded as a part of the address,
- * data is set to 0.
- * For MSI, the vector number is encoded in least bits in data.
- */
-static void spapr_msi_write(void *opaque, hwaddr addr,
- uint64_t data, unsigned size)
-{
- sPAPRPHBState *phb = opaque;
- int ndev = addr >> 16;
- int vec = ((addr & 0xFFFF) >> 2) | data;
- uint32_t irq = phb->msi_table[ndev].irq + vec;
-
- trace_spapr_pci_msi_write(addr, data, irq);
-
- qemu_irq_pulse(xics_get_qirq(spapr->icp, irq));
-}
-
-static const MemoryRegionOps spapr_msi_ops = {
- /* There is no .read as the read result is undefined by PCI spec */
- .read = NULL,
- .write = spapr_msi_write,
- .endianness = DEVICE_LITTLE_ENDIAN
-};
-
-/*
- * PHB PCI device
- */
-static DMAContext *spapr_pci_dma_context_fn(PCIBus *bus, void *opaque,
- int devfn)
-{
- sPAPRPHBState *phb = opaque;
-
- return phb->dma;
-}
-
-static int spapr_phb_init(SysBusDevice *s)
-{
- sPAPRPHBState *sphb = SPAPR_PCI_HOST_BRIDGE(s);
- PCIHostState *phb = PCI_HOST_BRIDGE(s);
- char *namebuf;
- int i;
- PCIBus *bus;
-
- sphb->dtbusname = g_strdup_printf("pci@%" PRIx64, sphb->buid);
- namebuf = alloca(strlen(sphb->dtbusname) + 32);
-
- /* Initialize memory regions */
- sprintf(namebuf, "%s.mmio", sphb->dtbusname);
- memory_region_init(&sphb->memspace, namebuf, INT64_MAX);
-
- sprintf(namebuf, "%s.mmio-alias", sphb->dtbusname);
- memory_region_init_alias(&sphb->memwindow, namebuf, &sphb->memspace,
- SPAPR_PCI_MEM_WIN_BUS_OFFSET, sphb->mem_win_size);
- memory_region_add_subregion(get_system_memory(), sphb->mem_win_addr,
- &sphb->memwindow);
-
- /* On ppc, we only have MMIO no specific IO space from the CPU
- * perspective. In theory we ought to be able to embed the PCI IO
- * memory region direction in the system memory space. However,
- * if any of the IO BAR subregions use the old_portio mechanism,
- * that won't be processed properly unless accessed from the
- * system io address space. This hack to bounce things via
- * system_io works around the problem until all the users of
- * old_portion are updated */
- sprintf(namebuf, "%s.io", sphb->dtbusname);
- memory_region_init(&sphb->iospace, namebuf, SPAPR_PCI_IO_WIN_SIZE);
- /* FIXME: fix to support multiple PHBs */
- memory_region_add_subregion(get_system_io(), 0, &sphb->iospace);
-
- sprintf(namebuf, "%s.io-alias", sphb->dtbusname);
- memory_region_init_io(&sphb->iowindow, &spapr_io_ops, sphb,
- namebuf, SPAPR_PCI_IO_WIN_SIZE);
- memory_region_add_subregion(get_system_memory(), sphb->io_win_addr,
- &sphb->iowindow);
-
- /* As MSI/MSIX interrupts trigger by writing at MSI/MSIX vectors,
- * we need to allocate some memory to catch those writes coming
- * from msi_notify()/msix_notify() */
- if (msi_supported) {
- sprintf(namebuf, "%s.msi", sphb->dtbusname);
- memory_region_init_io(&sphb->msiwindow, &spapr_msi_ops, sphb,
- namebuf, SPAPR_MSIX_MAX_DEVS * 0x10000);
- memory_region_add_subregion(get_system_memory(), sphb->msi_win_addr,
- &sphb->msiwindow);
- }
-
- bus = pci_register_bus(DEVICE(s),
- sphb->busname ? sphb->busname : sphb->dtbusname,
- pci_spapr_set_irq, pci_spapr_map_irq, sphb,
- &sphb->memspace, &sphb->iospace,
- PCI_DEVFN(0, 0), PCI_NUM_PINS);
- phb->bus = bus;
-
- sphb->dma_liobn = SPAPR_PCI_BASE_LIOBN | (pci_find_domain(bus) << 16);
- sphb->dma_window_start = 0;
- sphb->dma_window_size = 0x40000000;
- sphb->dma = spapr_tce_new_dma_context(sphb->dma_liobn, sphb->dma_window_size);
- pci_setup_iommu(bus, spapr_pci_dma_context_fn, sphb);
-
- QLIST_INSERT_HEAD(&spapr->phbs, sphb, list);
-
- /* Initialize the LSI table */
- for (i = 0; i < PCI_NUM_PINS; i++) {
- uint32_t irq;
-
- irq = spapr_allocate_lsi(0);
- if (!irq) {
- return -1;
- }
-
- sphb->lsi_table[i].irq = irq;
- }
-
- return 0;
-}
-
-static void spapr_phb_reset(DeviceState *qdev)
-{
- SysBusDevice *s = sysbus_from_qdev(qdev);
- sPAPRPHBState *sphb = SPAPR_PCI_HOST_BRIDGE(s);
-
- /* Reset the IOMMU state */
- spapr_tce_reset(sphb->dma);
-}
-
-static Property spapr_phb_properties[] = {
- DEFINE_PROP_HEX64("buid", sPAPRPHBState, buid, 0),
- DEFINE_PROP_STRING("busname", sPAPRPHBState, busname),
- DEFINE_PROP_HEX64("mem_win_addr", sPAPRPHBState, mem_win_addr, 0),
- DEFINE_PROP_HEX64("mem_win_size", sPAPRPHBState, mem_win_size, 0x20000000),
- DEFINE_PROP_HEX64("io_win_addr", sPAPRPHBState, io_win_addr, 0),
- DEFINE_PROP_HEX64("io_win_size", sPAPRPHBState, io_win_size, 0x10000),
- DEFINE_PROP_HEX64("msi_win_addr", sPAPRPHBState, msi_win_addr, 0),
- DEFINE_PROP_END_OF_LIST(),
-};
-
-static void spapr_phb_class_init(ObjectClass *klass, void *data)
-{
- SysBusDeviceClass *sdc = SYS_BUS_DEVICE_CLASS(klass);
- DeviceClass *dc = DEVICE_CLASS(klass);
-
- sdc->init = spapr_phb_init;
- dc->props = spapr_phb_properties;
- dc->reset = spapr_phb_reset;
-}
-
-static const TypeInfo spapr_phb_info = {
- .name = TYPE_SPAPR_PCI_HOST_BRIDGE,
- .parent = TYPE_PCI_HOST_BRIDGE,
- .instance_size = sizeof(sPAPRPHBState),
- .class_init = spapr_phb_class_init,
-};
-
-void spapr_create_phb(sPAPREnvironment *spapr,
- const char *busname, uint64_t buid,
- uint64_t mem_win_addr, uint64_t mem_win_size,
- uint64_t io_win_addr, uint64_t msi_win_addr)
-{
- DeviceState *dev;
-
- dev = qdev_create(NULL, TYPE_SPAPR_PCI_HOST_BRIDGE);
-
- if (busname) {
- qdev_prop_set_string(dev, "busname", g_strdup(busname));
- }
- qdev_prop_set_uint64(dev, "buid", buid);
- qdev_prop_set_uint64(dev, "mem_win_addr", mem_win_addr);
- qdev_prop_set_uint64(dev, "mem_win_size", mem_win_size);
- qdev_prop_set_uint64(dev, "io_win_addr", io_win_addr);
- qdev_prop_set_uint64(dev, "msi_win_addr", msi_win_addr);
-
- qdev_init_nofail(dev);
-}
-
-/* Macros to operate with address in OF binding to PCI */
-#define b_x(x, p, l) (((x) & ((1<<(l))-1)) << (p))
-#define b_n(x) b_x((x), 31, 1) /* 0 if relocatable */
-#define b_p(x) b_x((x), 30, 1) /* 1 if prefetchable */
-#define b_t(x) b_x((x), 29, 1) /* 1 if the address is aliased */
-#define b_ss(x) b_x((x), 24, 2) /* the space code */
-#define b_bbbbbbbb(x) b_x((x), 16, 8) /* bus number */
-#define b_ddddd(x) b_x((x), 11, 5) /* device number */
-#define b_fff(x) b_x((x), 8, 3) /* function number */
-#define b_rrrrrrrr(x) b_x((x), 0, 8) /* register number */
-
-int spapr_populate_pci_dt(sPAPRPHBState *phb,
- uint32_t xics_phandle,
- void *fdt)
-{
- int bus_off, i, j;
- char nodename[256];
- uint32_t bus_range[] = { cpu_to_be32(0), cpu_to_be32(0xff) };
- struct {
- uint32_t hi;
- uint64_t child;
- uint64_t parent;
- uint64_t size;
- } QEMU_PACKED ranges[] = {
- {
- cpu_to_be32(b_ss(1)), cpu_to_be64(0),
- cpu_to_be64(phb->io_win_addr),
- cpu_to_be64(memory_region_size(&phb->iospace)),
- },
- {
- cpu_to_be32(b_ss(2)), cpu_to_be64(SPAPR_PCI_MEM_WIN_BUS_OFFSET),
- cpu_to_be64(phb->mem_win_addr),
- cpu_to_be64(memory_region_size(&phb->memwindow)),
- },
- };
- uint64_t bus_reg[] = { cpu_to_be64(phb->buid), 0 };
- uint32_t interrupt_map_mask[] = {
- cpu_to_be32(b_ddddd(-1)|b_fff(0)), 0x0, 0x0, cpu_to_be32(-1)};
- uint32_t interrupt_map[PCI_SLOT_MAX * PCI_NUM_PINS][7];
-
- /* Start populating the FDT */
- sprintf(nodename, "pci@%" PRIx64, phb->buid);
- bus_off = fdt_add_subnode(fdt, 0, nodename);
- if (bus_off < 0) {
- return bus_off;
- }
-
-#define _FDT(exp) \
- do { \
- int ret = (exp); \
- if (ret < 0) { \
- return ret; \
- } \
- } while (0)
-
- /* Write PHB properties */
- _FDT(fdt_setprop_string(fdt, bus_off, "device_type", "pci"));
- _FDT(fdt_setprop_string(fdt, bus_off, "compatible", "IBM,Logical_PHB"));
- _FDT(fdt_setprop_cell(fdt, bus_off, "#address-cells", 0x3));
- _FDT(fdt_setprop_cell(fdt, bus_off, "#size-cells", 0x2));
- _FDT(fdt_setprop_cell(fdt, bus_off, "#interrupt-cells", 0x1));
- _FDT(fdt_setprop(fdt, bus_off, "used-by-rtas", NULL, 0));
- _FDT(fdt_setprop(fdt, bus_off, "bus-range", &bus_range, sizeof(bus_range)));
- _FDT(fdt_setprop(fdt, bus_off, "ranges", &ranges, sizeof(ranges)));
- _FDT(fdt_setprop(fdt, bus_off, "reg", &bus_reg, sizeof(bus_reg)));
- _FDT(fdt_setprop_cell(fdt, bus_off, "ibm,pci-config-space-type", 0x1));
-
- /* Build the interrupt-map, this must matches what is done
- * in pci_spapr_map_irq
- */
- _FDT(fdt_setprop(fdt, bus_off, "interrupt-map-mask",
- &interrupt_map_mask, sizeof(interrupt_map_mask)));
- for (i = 0; i < PCI_SLOT_MAX; i++) {
- for (j = 0; j < PCI_NUM_PINS; j++) {
- uint32_t *irqmap = interrupt_map[i*PCI_NUM_PINS + j];
- int lsi_num = pci_spapr_swizzle(i, j);
-
- irqmap[0] = cpu_to_be32(b_ddddd(i)|b_fff(0));
- irqmap[1] = 0;
- irqmap[2] = 0;
- irqmap[3] = cpu_to_be32(j+1);
- irqmap[4] = cpu_to_be32(xics_phandle);
- irqmap[5] = cpu_to_be32(phb->lsi_table[lsi_num].irq);
- irqmap[6] = cpu_to_be32(0x8);
- }
- }
- /* Write interrupt map */
- _FDT(fdt_setprop(fdt, bus_off, "interrupt-map", &interrupt_map,
- sizeof(interrupt_map)));
-
- spapr_dma_dt(fdt, bus_off, "ibm,dma-window",
- phb->dma_liobn, phb->dma_window_start,
- phb->dma_window_size);
-
- return 0;
-}
-
-void spapr_pci_rtas_init(void)
-{
- spapr_rtas_register("read-pci-config", rtas_read_pci_config);
- spapr_rtas_register("write-pci-config", rtas_write_pci_config);
- spapr_rtas_register("ibm,read-pci-config", rtas_ibm_read_pci_config);
- spapr_rtas_register("ibm,write-pci-config", rtas_ibm_write_pci_config);
- if (msi_supported) {
- spapr_rtas_register("ibm,query-interrupt-source-number",
- rtas_ibm_query_interrupt_source_number);
- spapr_rtas_register("ibm,change-msi", rtas_ibm_change_msi);
- }
-}
-
-static void spapr_pci_register_types(void)
-{
- type_register_static(&spapr_phb_info);
-}
-
-type_init(spapr_pci_register_types)
diff --git a/hw/spapr_pci.h b/hw/spapr_pci.h
deleted file mode 100644
index e307ac803..000000000
--- a/hw/spapr_pci.h
+++ /dev/null
@@ -1,86 +0,0 @@
-/*
- * QEMU SPAPR PCI BUS definitions
- *
- * Copyright (c) 2011 Alexey Kardashevskiy <aik@au1.ibm.com>
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, see <http://www.gnu.org/licenses/>.
- */
-#if !defined(__HW_SPAPR_H__)
-#error Please include spapr.h before this file!
-#endif
-
-#if !defined(__HW_SPAPR_PCI_H__)
-#define __HW_SPAPR_PCI_H__
-
-#include "hw/pci.h"
-#include "hw/pci_host.h"
-#include "hw/xics.h"
-
-#define SPAPR_MSIX_MAX_DEVS 32
-
-#define TYPE_SPAPR_PCI_HOST_BRIDGE "spapr-pci-host-bridge"
-
-#define SPAPR_PCI_HOST_BRIDGE(obj) \
- OBJECT_CHECK(sPAPRPHBState, (obj), TYPE_SPAPR_PCI_HOST_BRIDGE)
-
-typedef struct sPAPRPHBState {
- PCIHostState parent_obj;
-
- uint64_t buid;
- char *busname;
- char *dtbusname;
-
- MemoryRegion memspace, iospace;
- hwaddr mem_win_addr, mem_win_size, io_win_addr, io_win_size;
- hwaddr msi_win_addr;
- MemoryRegion memwindow, iowindow, msiwindow;
-
- uint32_t dma_liobn;
- uint64_t dma_window_start;
- uint64_t dma_window_size;
- DMAContext *dma;
-
- struct {
- uint32_t irq;
- } lsi_table[PCI_NUM_PINS];
-
- struct {
- uint32_t config_addr;
- uint32_t irq;
- int nvec;
- } msi_table[SPAPR_MSIX_MAX_DEVS];
-
- QLIST_ENTRY(sPAPRPHBState) list;
-} sPAPRPHBState;
-
-static inline qemu_irq spapr_phb_lsi_qirq(struct sPAPRPHBState *phb, int pin)
-{
- return xics_get_qirq(spapr->icp, phb->lsi_table[pin].irq);
-}
-
-#define SPAPR_PCI_MEM_WIN_BUS_OFFSET 0x80000000ULL
-#define SPAPR_PCI_IO_WIN_SIZE 0x10000
-
-void spapr_create_phb(sPAPREnvironment *spapr,
- const char *busname, uint64_t buid,
- uint64_t mem_win_addr, uint64_t mem_win_size,
- uint64_t io_win_addr, uint64_t msi_win_addr);
-
-int spapr_populate_pci_dt(sPAPRPHBState *phb,
- uint32_t xics_phandle,
- void *fdt);
-
-void spapr_pci_rtas_init(void);
-
-#endif /* __HW_SPAPR_PCI_H__ */
diff --git a/hw/spapr_rtas.c b/hw/spapr_rtas.c
deleted file mode 100644
index 6d5c48a74..000000000
--- a/hw/spapr_rtas.c
+++ /dev/null
@@ -1,332 +0,0 @@
-/*
- * QEMU PowerPC pSeries Logical Partition (aka sPAPR) hardware System Emulator
- *
- * Hypercall based emulated RTAS
- *
- * Copyright (c) 2010-2011 David Gibson, IBM Corporation.
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
- * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
- * THE SOFTWARE.
- *
- */
-#include "cpu.h"
-#include "sysemu.h"
-#include "qemu-char.h"
-#include "hw/qdev.h"
-#include "device_tree.h"
-
-#include "hw/spapr.h"
-#include "hw/spapr_vio.h"
-
-#include <libfdt.h>
-
-#define TOKEN_BASE 0x2000
-#define TOKEN_MAX 0x100
-
-static void rtas_display_character(sPAPREnvironment *spapr,
- uint32_t token, uint32_t nargs,
- target_ulong args,
- uint32_t nret, target_ulong rets)
-{
- uint8_t c = rtas_ld(args, 0);
- VIOsPAPRDevice *sdev = vty_lookup(spapr, 0);
-
- if (!sdev) {
- rtas_st(rets, 0, -1);
- } else {
- vty_putchars(sdev, &c, sizeof(c));
- rtas_st(rets, 0, 0);
- }
-}
-
-static void rtas_get_time_of_day(sPAPREnvironment *spapr,
- uint32_t token, uint32_t nargs,
- target_ulong args,
- uint32_t nret, target_ulong rets)
-{
- struct tm tm;
-
- if (nret != 8) {
- rtas_st(rets, 0, -3);
- return;
- }
-
- qemu_get_timedate(&tm, spapr->rtc_offset);
-
- rtas_st(rets, 0, 0); /* Success */
- rtas_st(rets, 1, tm.tm_year + 1900);
- rtas_st(rets, 2, tm.tm_mon + 1);
- rtas_st(rets, 3, tm.tm_mday);
- rtas_st(rets, 4, tm.tm_hour);
- rtas_st(rets, 5, tm.tm_min);
- rtas_st(rets, 6, tm.tm_sec);
- rtas_st(rets, 7, 0); /* we don't do nanoseconds */
-}
-
-static void rtas_set_time_of_day(sPAPREnvironment *spapr,
- uint32_t token, uint32_t nargs,
- target_ulong args,
- uint32_t nret, target_ulong rets)
-{
- struct tm tm;
-
- tm.tm_year = rtas_ld(args, 0) - 1900;
- tm.tm_mon = rtas_ld(args, 1) - 1;
- tm.tm_mday = rtas_ld(args, 2);
- tm.tm_hour = rtas_ld(args, 3);
- tm.tm_min = rtas_ld(args, 4);
- tm.tm_sec = rtas_ld(args, 5);
-
- /* Just generate a monitor event for the change */
- rtc_change_mon_event(&tm);
- spapr->rtc_offset = qemu_timedate_diff(&tm);
-
- rtas_st(rets, 0, 0); /* Success */
-}
-
-static void rtas_power_off(sPAPREnvironment *spapr,
- uint32_t token, uint32_t nargs, target_ulong args,
- uint32_t nret, target_ulong rets)
-{
- if (nargs != 2 || nret != 1) {
- rtas_st(rets, 0, -3);
- return;
- }
- qemu_system_shutdown_request();
- rtas_st(rets, 0, 0);
-}
-
-static void rtas_system_reboot(sPAPREnvironment *spapr,
- uint32_t token, uint32_t nargs,
- target_ulong args,
- uint32_t nret, target_ulong rets)
-{
- if (nargs != 0 || nret != 1) {
- rtas_st(rets, 0, -3);
- return;
- }
- qemu_system_reset_request();
- rtas_st(rets, 0, 0);
-}
-
-static void rtas_query_cpu_stopped_state(sPAPREnvironment *spapr,
- uint32_t token, uint32_t nargs,
- target_ulong args,
- uint32_t nret, target_ulong rets)
-{
- target_ulong id;
- CPUPPCState *env;
-
- if (nargs != 1 || nret != 2) {
- rtas_st(rets, 0, -3);
- return;
- }
-
- id = rtas_ld(args, 0);
- for (env = first_cpu; env; env = env->next_cpu) {
- if (env->cpu_index != id) {
- continue;
- }
-
- if (env->halted) {
- rtas_st(rets, 1, 0);
- } else {
- rtas_st(rets, 1, 2);
- }
-
- rtas_st(rets, 0, 0);
- return;
- }
-
- /* Didn't find a matching cpu */
- rtas_st(rets, 0, -3);
-}
-
-static void rtas_start_cpu(sPAPREnvironment *spapr,
- uint32_t token, uint32_t nargs,
- target_ulong args,
- uint32_t nret, target_ulong rets)
-{
- target_ulong id, start, r3;
- CPUState *cpu;
- CPUPPCState *env;
-
- if (nargs != 3 || nret != 1) {
- rtas_st(rets, 0, -3);
- return;
- }
-
- id = rtas_ld(args, 0);
- start = rtas_ld(args, 1);
- r3 = rtas_ld(args, 2);
-
- for (env = first_cpu; env; env = env->next_cpu) {
- cpu = ENV_GET_CPU(env);
-
- if (env->cpu_index != id) {
- continue;
- }
-
- if (!env->halted) {
- rtas_st(rets, 0, -1);
- return;
- }
-
- /* This will make sure qemu state is up to date with kvm, and
- * mark it dirty so our changes get flushed back before the
- * new cpu enters */
- kvm_cpu_synchronize_state(env);
-
- env->msr = (1ULL << MSR_SF) | (1ULL << MSR_ME);
- env->nip = start;
- env->gpr[3] = r3;
- env->halted = 0;
-
- qemu_cpu_kick(cpu);
-
- rtas_st(rets, 0, 0);
- return;
- }
-
- /* Didn't find a matching cpu */
- rtas_st(rets, 0, -3);
-}
-
-static struct rtas_call {
- const char *name;
- spapr_rtas_fn fn;
-} rtas_table[TOKEN_MAX];
-
-struct rtas_call *rtas_next = rtas_table;
-
-target_ulong spapr_rtas_call(sPAPREnvironment *spapr,
- uint32_t token, uint32_t nargs, target_ulong args,
- uint32_t nret, target_ulong rets)
-{
- if ((token >= TOKEN_BASE)
- && ((token - TOKEN_BASE) < TOKEN_MAX)) {
- struct rtas_call *call = rtas_table + (token - TOKEN_BASE);
-
- if (call->fn) {
- call->fn(spapr, token, nargs, args, nret, rets);
- return H_SUCCESS;
- }
- }
-
- /* HACK: Some Linux early debug code uses RTAS display-character,
- * but assumes the token value is 0xa (which it is on some real
- * machines) without looking it up in the device tree. This
- * special case makes this work */
- if (token == 0xa) {
- rtas_display_character(spapr, 0xa, nargs, args, nret, rets);
- return H_SUCCESS;
- }
-
- hcall_dprintf("Unknown RTAS token 0x%x\n", token);
- rtas_st(rets, 0, -3);
- return H_PARAMETER;
-}
-
-void spapr_rtas_register(const char *name, spapr_rtas_fn fn)
-{
- int i;
-
- for (i = 0; i < (rtas_next - rtas_table); i++) {
- if (strcmp(name, rtas_table[i].name) == 0) {
- fprintf(stderr, "RTAS call \"%s\" registered twice\n", name);
- exit(1);
- }
- }
-
- assert(rtas_next < (rtas_table + TOKEN_MAX));
-
- rtas_next->name = name;
- rtas_next->fn = fn;
-
- rtas_next++;
-}
-
-int spapr_rtas_device_tree_setup(void *fdt, hwaddr rtas_addr,
- hwaddr rtas_size)
-{
- int ret;
- int i;
-
- ret = fdt_add_mem_rsv(fdt, rtas_addr, rtas_size);
- if (ret < 0) {
- fprintf(stderr, "Couldn't add RTAS reserve entry: %s\n",
- fdt_strerror(ret));
- return ret;
- }
-
- ret = qemu_devtree_setprop_cell(fdt, "/rtas", "linux,rtas-base",
- rtas_addr);
- if (ret < 0) {
- fprintf(stderr, "Couldn't add linux,rtas-base property: %s\n",
- fdt_strerror(ret));
- return ret;
- }
-
- ret = qemu_devtree_setprop_cell(fdt, "/rtas", "linux,rtas-entry",
- rtas_addr);
- if (ret < 0) {
- fprintf(stderr, "Couldn't add linux,rtas-entry property: %s\n",
- fdt_strerror(ret));
- return ret;
- }
-
- ret = qemu_devtree_setprop_cell(fdt, "/rtas", "rtas-size",
- rtas_size);
- if (ret < 0) {
- fprintf(stderr, "Couldn't add rtas-size property: %s\n",
- fdt_strerror(ret));
- return ret;
- }
-
- for (i = 0; i < TOKEN_MAX; i++) {
- struct rtas_call *call = &rtas_table[i];
-
- if (!call->fn) {
- continue;
- }
-
- ret = qemu_devtree_setprop_cell(fdt, "/rtas", call->name,
- i + TOKEN_BASE);
- if (ret < 0) {
- fprintf(stderr, "Couldn't add rtas token for %s: %s\n",
- call->name, fdt_strerror(ret));
- return ret;
- }
-
- }
- return 0;
-}
-
-static void core_rtas_register_types(void)
-{
- spapr_rtas_register("display-character", rtas_display_character);
- spapr_rtas_register("get-time-of-day", rtas_get_time_of_day);
- spapr_rtas_register("set-time-of-day", rtas_set_time_of_day);
- spapr_rtas_register("power-off", rtas_power_off);
- spapr_rtas_register("system-reboot", rtas_system_reboot);
- spapr_rtas_register("query-cpu-stopped-state",
- rtas_query_cpu_stopped_state);
- spapr_rtas_register("start-cpu", rtas_start_cpu);
-}
-
-type_init(core_rtas_register_types)
diff --git a/hw/spapr_vio.c b/hw/spapr_vio.c
deleted file mode 100644
index 1f19fedd0..000000000
--- a/hw/spapr_vio.c
+++ /dev/null
@@ -1,666 +0,0 @@
-/*
- * QEMU sPAPR VIO code
- *
- * Copyright (c) 2010 David Gibson, IBM Corporation <dwg@au1.ibm.com>
- * Based on the s390 virtio bus code:
- * Copyright (c) 2009 Alexander Graf <agraf@suse.de>
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, see <http://www.gnu.org/licenses/>.
- */
-
-#include "hw.h"
-#include "sysemu.h"
-#include "boards.h"
-#include "monitor.h"
-#include "loader.h"
-#include "elf.h"
-#include "hw/sysbus.h"
-#include "kvm.h"
-#include "device_tree.h"
-#include "kvm_ppc.h"
-
-#include "hw/spapr.h"
-#include "hw/spapr_vio.h"
-#include "hw/xics.h"
-
-#ifdef CONFIG_FDT
-#include <libfdt.h>
-#endif /* CONFIG_FDT */
-
-/* #define DEBUG_SPAPR */
-
-#ifdef DEBUG_SPAPR
-#define dprintf(fmt, ...) \
- do { fprintf(stderr, fmt, ## __VA_ARGS__); } while (0)
-#else
-#define dprintf(fmt, ...) \
- do { } while (0)
-#endif
-
-static Property spapr_vio_props[] = {
- DEFINE_PROP_UINT32("irq", VIOsPAPRDevice, irq, 0), \
- DEFINE_PROP_END_OF_LIST(),
-};
-
-static const TypeInfo spapr_vio_bus_info = {
- .name = TYPE_SPAPR_VIO_BUS,
- .parent = TYPE_BUS,
- .instance_size = sizeof(VIOsPAPRBus),
-};
-
-VIOsPAPRDevice *spapr_vio_find_by_reg(VIOsPAPRBus *bus, uint32_t reg)
-{
- BusChild *kid;
- VIOsPAPRDevice *dev = NULL;
-
- QTAILQ_FOREACH(kid, &bus->bus.children, sibling) {
- dev = (VIOsPAPRDevice *)kid->child;
- if (dev->reg == reg) {
- return dev;
- }
- }
-
- return NULL;
-}
-
-static char *vio_format_dev_name(VIOsPAPRDevice *dev)
-{
- VIOsPAPRDeviceClass *pc = VIO_SPAPR_DEVICE_GET_CLASS(dev);
- char *name;
-
- /* Device tree style name device@reg */
- if (asprintf(&name, "%s@%x", pc->dt_name, dev->reg) < 0) {
- return NULL;
- }
-
- return name;
-}
-
-#ifdef CONFIG_FDT
-static int vio_make_devnode(VIOsPAPRDevice *dev,
- void *fdt)
-{
- VIOsPAPRDeviceClass *pc = VIO_SPAPR_DEVICE_GET_CLASS(dev);
- int vdevice_off, node_off, ret;
- char *dt_name;
-
- vdevice_off = fdt_path_offset(fdt, "/vdevice");
- if (vdevice_off < 0) {
- return vdevice_off;
- }
-
- dt_name = vio_format_dev_name(dev);
- if (!dt_name) {
- return -ENOMEM;
- }
-
- node_off = fdt_add_subnode(fdt, vdevice_off, dt_name);
- free(dt_name);
- if (node_off < 0) {
- return node_off;
- }
-
- ret = fdt_setprop_cell(fdt, node_off, "reg", dev->reg);
- if (ret < 0) {
- return ret;
- }
-
- if (pc->dt_type) {
- ret = fdt_setprop_string(fdt, node_off, "device_type",
- pc->dt_type);
- if (ret < 0) {
- return ret;
- }
- }
-
- if (pc->dt_compatible) {
- ret = fdt_setprop_string(fdt, node_off, "compatible",
- pc->dt_compatible);
- if (ret < 0) {
- return ret;
- }
- }
-
- if (dev->irq) {
- uint32_t ints_prop[] = {cpu_to_be32(dev->irq), 0};
-
- ret = fdt_setprop(fdt, node_off, "interrupts", ints_prop,
- sizeof(ints_prop));
- if (ret < 0) {
- return ret;
- }
- }
-
- ret = spapr_tcet_dma_dt(fdt, node_off, "ibm,my-dma-window", dev->dma);
- if (ret < 0) {
- return ret;
- }
-
- if (pc->devnode) {
- ret = (pc->devnode)(dev, fdt, node_off);
- if (ret < 0) {
- return ret;
- }
- }
-
- return node_off;
-}
-#endif /* CONFIG_FDT */
-
-/*
- * CRQ handling
- */
-static target_ulong h_reg_crq(PowerPCCPU *cpu, sPAPREnvironment *spapr,
- target_ulong opcode, target_ulong *args)
-{
- target_ulong reg = args[0];
- target_ulong queue_addr = args[1];
- target_ulong queue_len = args[2];
- VIOsPAPRDevice *dev = spapr_vio_find_by_reg(spapr->vio_bus, reg);
-
- if (!dev) {
- hcall_dprintf("Unit 0x" TARGET_FMT_lx " does not exist\n", reg);
- return H_PARAMETER;
- }
-
- /* We can't grok a queue size bigger than 256M for now */
- if (queue_len < 0x1000 || queue_len > 0x10000000) {
- hcall_dprintf("Queue size too small or too big (0x" TARGET_FMT_lx
- ")\n", queue_len);
- return H_PARAMETER;
- }
-
- /* Check queue alignment */
- if (queue_addr & 0xfff) {
- hcall_dprintf("Queue not aligned (0x" TARGET_FMT_lx ")\n", queue_addr);
- return H_PARAMETER;
- }
-
- /* Check if device supports CRQs */
- if (!dev->crq.SendFunc) {
- hcall_dprintf("Device does not support CRQ\n");
- return H_NOT_FOUND;
- }
-
- /* Already a queue ? */
- if (dev->crq.qsize) {
- hcall_dprintf("CRQ already registered\n");
- return H_RESOURCE;
- }
- dev->crq.qladdr = queue_addr;
- dev->crq.qsize = queue_len;
- dev->crq.qnext = 0;
-
- dprintf("CRQ for dev 0x" TARGET_FMT_lx " registered at 0x"
- TARGET_FMT_lx "/0x" TARGET_FMT_lx "\n",
- reg, queue_addr, queue_len);
- return H_SUCCESS;
-}
-
-static target_ulong free_crq(VIOsPAPRDevice *dev)
-{
- dev->crq.qladdr = 0;
- dev->crq.qsize = 0;
- dev->crq.qnext = 0;
-
- dprintf("CRQ for dev 0x%" PRIx32 " freed\n", dev->reg);
-
- return H_SUCCESS;
-}
-
-static target_ulong h_free_crq(PowerPCCPU *cpu, sPAPREnvironment *spapr,
- target_ulong opcode, target_ulong *args)
-{
- target_ulong reg = args[0];
- VIOsPAPRDevice *dev = spapr_vio_find_by_reg(spapr->vio_bus, reg);
-
- if (!dev) {
- hcall_dprintf("Unit 0x" TARGET_FMT_lx " does not exist\n", reg);
- return H_PARAMETER;
- }
-
- return free_crq(dev);
-}
-
-static target_ulong h_send_crq(PowerPCCPU *cpu, sPAPREnvironment *spapr,
- target_ulong opcode, target_ulong *args)
-{
- target_ulong reg = args[0];
- target_ulong msg_hi = args[1];
- target_ulong msg_lo = args[2];
- VIOsPAPRDevice *dev = spapr_vio_find_by_reg(spapr->vio_bus, reg);
- uint64_t crq_mangle[2];
-
- if (!dev) {
- hcall_dprintf("Unit 0x" TARGET_FMT_lx " does not exist\n", reg);
- return H_PARAMETER;
- }
- crq_mangle[0] = cpu_to_be64(msg_hi);
- crq_mangle[1] = cpu_to_be64(msg_lo);
-
- if (dev->crq.SendFunc) {
- return dev->crq.SendFunc(dev, (uint8_t *)crq_mangle);
- }
-
- return H_HARDWARE;
-}
-
-static target_ulong h_enable_crq(PowerPCCPU *cpu, sPAPREnvironment *spapr,
- target_ulong opcode, target_ulong *args)
-{
- target_ulong reg = args[0];
- VIOsPAPRDevice *dev = spapr_vio_find_by_reg(spapr->vio_bus, reg);
-
- if (!dev) {
- hcall_dprintf("Unit 0x" TARGET_FMT_lx " does not exist\n", reg);
- return H_PARAMETER;
- }
-
- return 0;
-}
-
-/* Returns negative error, 0 success, or positive: queue full */
-int spapr_vio_send_crq(VIOsPAPRDevice *dev, uint8_t *crq)
-{
- int rc;
- uint8_t byte;
-
- if (!dev->crq.qsize) {
- fprintf(stderr, "spapr_vio_send_creq on uninitialized queue\n");
- return -1;
- }
-
- /* Maybe do a fast path for KVM just writing to the pages */
- rc = spapr_vio_dma_read(dev, dev->crq.qladdr + dev->crq.qnext, &byte, 1);
- if (rc) {
- return rc;
- }
- if (byte != 0) {
- return 1;
- }
-
- rc = spapr_vio_dma_write(dev, dev->crq.qladdr + dev->crq.qnext + 8,
- &crq[8], 8);
- if (rc) {
- return rc;
- }
-
- kvmppc_eieio();
-
- rc = spapr_vio_dma_write(dev, dev->crq.qladdr + dev->crq.qnext, crq, 8);
- if (rc) {
- return rc;
- }
-
- dev->crq.qnext = (dev->crq.qnext + 16) % dev->crq.qsize;
-
- if (dev->signal_state & 1) {
- qemu_irq_pulse(spapr_vio_qirq(dev));
- }
-
- return 0;
-}
-
-/* "quiesce" handling */
-
-static void spapr_vio_quiesce_one(VIOsPAPRDevice *dev)
-{
- if (dev->dma) {
- spapr_tce_reset(dev->dma);
- }
- free_crq(dev);
-}
-
-static void rtas_set_tce_bypass(sPAPREnvironment *spapr, uint32_t token,
- uint32_t nargs, target_ulong args,
- uint32_t nret, target_ulong rets)
-{
- VIOsPAPRBus *bus = spapr->vio_bus;
- VIOsPAPRDevice *dev;
- uint32_t unit, enable;
-
- if (nargs != 2) {
- rtas_st(rets, 0, -3);
- return;
- }
- unit = rtas_ld(args, 0);
- enable = rtas_ld(args, 1);
- dev = spapr_vio_find_by_reg(bus, unit);
- if (!dev) {
- rtas_st(rets, 0, -3);
- return;
- }
-
- if (!dev->dma) {
- rtas_st(rets, 0, -3);
- return;
- }
-
- spapr_tce_set_bypass(dev->dma, !!enable);
-
- rtas_st(rets, 0, 0);
-}
-
-static void rtas_quiesce(sPAPREnvironment *spapr, uint32_t token,
- uint32_t nargs, target_ulong args,
- uint32_t nret, target_ulong rets)
-{
- VIOsPAPRBus *bus = spapr->vio_bus;
- BusChild *kid;
- VIOsPAPRDevice *dev = NULL;
-
- if (nargs != 0) {
- rtas_st(rets, 0, -3);
- return;
- }
-
- QTAILQ_FOREACH(kid, &bus->bus.children, sibling) {
- dev = (VIOsPAPRDevice *)kid->child;
- spapr_vio_quiesce_one(dev);
- }
-
- rtas_st(rets, 0, 0);
-}
-
-static VIOsPAPRDevice *reg_conflict(VIOsPAPRDevice *dev)
-{
- VIOsPAPRBus *bus = DO_UPCAST(VIOsPAPRBus, bus, dev->qdev.parent_bus);
- BusChild *kid;
- VIOsPAPRDevice *other;
-
- /*
- * Check for a device other than the given one which is already
- * using the requested address. We have to open code this because
- * the given dev might already be in the list.
- */
- QTAILQ_FOREACH(kid, &bus->bus.children, sibling) {
- other = DO_UPCAST(VIOsPAPRDevice, qdev, kid->child);
-
- if (other != dev && other->reg == dev->reg) {
- return other;
- }
- }
-
- return 0;
-}
-
-static void spapr_vio_busdev_reset(DeviceState *qdev)
-{
- VIOsPAPRDevice *dev = DO_UPCAST(VIOsPAPRDevice, qdev, qdev);
- VIOsPAPRDeviceClass *pc = VIO_SPAPR_DEVICE_GET_CLASS(dev);
-
- /* Shut down the request queue and TCEs if necessary */
- spapr_vio_quiesce_one(dev);
-
- dev->signal_state = 0;
-
- if (pc->reset) {
- pc->reset(dev);
- }
-}
-
-static int spapr_vio_busdev_init(DeviceState *qdev)
-{
- VIOsPAPRDevice *dev = (VIOsPAPRDevice *)qdev;
- VIOsPAPRDeviceClass *pc = VIO_SPAPR_DEVICE_GET_CLASS(dev);
- char *id;
-
- if (dev->reg != -1) {
- /*
- * Explicitly assigned address, just verify that no-one else
- * is using it. other mechanism). We have to open code this
- * rather than using spapr_vio_find_by_reg() because sdev
- * itself is already in the list.
- */
- VIOsPAPRDevice *other = reg_conflict(dev);
-
- if (other) {
- fprintf(stderr, "vio: %s and %s devices conflict at address %#x\n",
- object_get_typename(OBJECT(qdev)),
- object_get_typename(OBJECT(&other->qdev)),
- dev->reg);
- return -1;
- }
- } else {
- /* Need to assign an address */
- VIOsPAPRBus *bus = DO_UPCAST(VIOsPAPRBus, bus, dev->qdev.parent_bus);
-
- do {
- dev->reg = bus->next_reg++;
- } while (reg_conflict(dev));
- }
-
- /* Don't overwrite ids assigned on the command line */
- if (!dev->qdev.id) {
- id = vio_format_dev_name(dev);
- if (!id) {
- return -1;
- }
- dev->qdev.id = id;
- }
-
- dev->irq = spapr_allocate_msi(dev->irq);
- if (!dev->irq) {
- return -1;
- }
-
- if (pc->rtce_window_size) {
- uint32_t liobn = SPAPR_VIO_BASE_LIOBN | dev->reg;
- dev->dma = spapr_tce_new_dma_context(liobn, pc->rtce_window_size);
- }
-
- return pc->init(dev);
-}
-
-static target_ulong h_vio_signal(PowerPCCPU *cpu, sPAPREnvironment *spapr,
- target_ulong opcode,
- target_ulong *args)
-{
- target_ulong reg = args[0];
- target_ulong mode = args[1];
- VIOsPAPRDevice *dev = spapr_vio_find_by_reg(spapr->vio_bus, reg);
- VIOsPAPRDeviceClass *pc;
-
- if (!dev) {
- return H_PARAMETER;
- }
-
- pc = VIO_SPAPR_DEVICE_GET_CLASS(dev);
-
- if (mode & ~pc->signal_mask) {
- return H_PARAMETER;
- }
-
- dev->signal_state = mode;
-
- return H_SUCCESS;
-}
-
-VIOsPAPRBus *spapr_vio_bus_init(void)
-{
- VIOsPAPRBus *bus;
- BusState *qbus;
- DeviceState *dev;
-
- /* Create bridge device */
- dev = qdev_create(NULL, "spapr-vio-bridge");
- qdev_init_nofail(dev);
-
- /* Create bus on bridge device */
-
- qbus = qbus_create(TYPE_SPAPR_VIO_BUS, dev, "spapr-vio");
- bus = DO_UPCAST(VIOsPAPRBus, bus, qbus);
- bus->next_reg = 0x1000;
-
- /* hcall-vio */
- spapr_register_hypercall(H_VIO_SIGNAL, h_vio_signal);
-
- /* hcall-crq */
- spapr_register_hypercall(H_REG_CRQ, h_reg_crq);
- spapr_register_hypercall(H_FREE_CRQ, h_free_crq);
- spapr_register_hypercall(H_SEND_CRQ, h_send_crq);
- spapr_register_hypercall(H_ENABLE_CRQ, h_enable_crq);
-
- /* RTAS calls */
- spapr_rtas_register("ibm,set-tce-bypass", rtas_set_tce_bypass);
- spapr_rtas_register("quiesce", rtas_quiesce);
-
- return bus;
-}
-
-/* Represents sPAPR hcall VIO devices */
-
-static int spapr_vio_bridge_init(SysBusDevice *dev)
-{
- /* nothing */
- return 0;
-}
-
-static void spapr_vio_bridge_class_init(ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS(klass);
- SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
-
- k->init = spapr_vio_bridge_init;
- dc->no_user = 1;
-}
-
-static TypeInfo spapr_vio_bridge_info = {
- .name = "spapr-vio-bridge",
- .parent = TYPE_SYS_BUS_DEVICE,
- .instance_size = sizeof(SysBusDevice),
- .class_init = spapr_vio_bridge_class_init,
-};
-
-static void vio_spapr_device_class_init(ObjectClass *klass, void *data)
-{
- DeviceClass *k = DEVICE_CLASS(klass);
- k->init = spapr_vio_busdev_init;
- k->reset = spapr_vio_busdev_reset;
- k->bus_type = TYPE_SPAPR_VIO_BUS;
- k->props = spapr_vio_props;
-}
-
-static TypeInfo spapr_vio_type_info = {
- .name = TYPE_VIO_SPAPR_DEVICE,
- .parent = TYPE_DEVICE,
- .instance_size = sizeof(VIOsPAPRDevice),
- .abstract = true,
- .class_size = sizeof(VIOsPAPRDeviceClass),
- .class_init = vio_spapr_device_class_init,
-};
-
-static void spapr_vio_register_types(void)
-{
- type_register_static(&spapr_vio_bus_info);
- type_register_static(&spapr_vio_bridge_info);
- type_register_static(&spapr_vio_type_info);
-}
-
-type_init(spapr_vio_register_types)
-
-#ifdef CONFIG_FDT
-static int compare_reg(const void *p1, const void *p2)
-{
- VIOsPAPRDevice const *dev1, *dev2;
-
- dev1 = (VIOsPAPRDevice *)*(DeviceState **)p1;
- dev2 = (VIOsPAPRDevice *)*(DeviceState **)p2;
-
- if (dev1->reg < dev2->reg) {
- return -1;
- }
- if (dev1->reg == dev2->reg) {
- return 0;
- }
-
- /* dev1->reg > dev2->reg */
- return 1;
-}
-
-int spapr_populate_vdevice(VIOsPAPRBus *bus, void *fdt)
-{
- DeviceState *qdev, **qdevs;
- BusChild *kid;
- int i, num, ret = 0;
-
- /* Count qdevs on the bus list */
- num = 0;
- QTAILQ_FOREACH(kid, &bus->bus.children, sibling) {
- num++;
- }
-
- /* Copy out into an array of pointers */
- qdevs = g_malloc(sizeof(qdev) * num);
- num = 0;
- QTAILQ_FOREACH(kid, &bus->bus.children, sibling) {
- qdevs[num++] = kid->child;
- }
-
- /* Sort the array */
- qsort(qdevs, num, sizeof(qdev), compare_reg);
-
- /* Hack alert. Give the devices to libfdt in reverse order, we happen
- * to know that will mean they are in forward order in the tree. */
- for (i = num - 1; i >= 0; i--) {
- VIOsPAPRDevice *dev = (VIOsPAPRDevice *)(qdevs[i]);
-
- ret = vio_make_devnode(dev, fdt);
-
- if (ret < 0) {
- goto out;
- }
- }
-
- ret = 0;
-out:
- free(qdevs);
-
- return ret;
-}
-
-int spapr_populate_chosen_stdout(void *fdt, VIOsPAPRBus *bus)
-{
- VIOsPAPRDevice *dev;
- char *name, *path;
- int ret, offset;
-
- dev = spapr_vty_get_default(bus);
- if (!dev)
- return 0;
-
- offset = fdt_path_offset(fdt, "/chosen");
- if (offset < 0) {
- return offset;
- }
-
- name = vio_format_dev_name(dev);
- if (!name) {
- return -ENOMEM;
- }
-
- if (asprintf(&path, "/vdevice/%s", name) < 0) {
- path = NULL;
- ret = -ENOMEM;
- goto out;
- }
-
- ret = fdt_setprop_string(fdt, offset, "linux,stdout-path", path);
-out:
- free(name);
- free(path);
-
- return ret;
-}
-#endif /* CONFIG_FDT */
diff --git a/hw/spapr_vio.h b/hw/spapr_vio.h
deleted file mode 100644
index cc85d2610..000000000
--- a/hw/spapr_vio.h
+++ /dev/null
@@ -1,136 +0,0 @@
-#ifndef _HW_SPAPR_VIO_H
-#define _HW_SPAPR_VIO_H
-/*
- * QEMU sPAPR VIO bus definitions
- *
- * Copyright (c) 2010 David Gibson, IBM Corporation <david@gibson.dropbear.id.au>
- * Based on the s390 virtio bus definitions:
- * Copyright (c) 2009 Alexander Graf <agraf@suse.de>
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, see <http://www.gnu.org/licenses/>.
- */
-
-#include "dma.h"
-
-#define TYPE_VIO_SPAPR_DEVICE "vio-spapr-device"
-#define VIO_SPAPR_DEVICE(obj) \
- OBJECT_CHECK(VIOsPAPRDevice, (obj), TYPE_VIO_SPAPR_DEVICE)
-#define VIO_SPAPR_DEVICE_CLASS(klass) \
- OBJECT_CLASS_CHECK(VIOsPAPRDeviceClass, (klass), TYPE_VIO_SPAPR_DEVICE)
-#define VIO_SPAPR_DEVICE_GET_CLASS(obj) \
- OBJECT_GET_CLASS(VIOsPAPRDeviceClass, (obj), TYPE_VIO_SPAPR_DEVICE)
-
-#define TYPE_SPAPR_VIO_BUS "spapr-vio-bus"
-#define SPAPR_VIO_BUS(obj) OBJECT_CHECK(VIOsPAPRBus, (obj), TYPE_SPAPR_VIO_BUS)
-
-struct VIOsPAPRDevice;
-
-typedef struct VIOsPAPR_CRQ {
- uint64_t qladdr;
- uint32_t qsize;
- uint32_t qnext;
- int(*SendFunc)(struct VIOsPAPRDevice *vdev, uint8_t *crq);
-} VIOsPAPR_CRQ;
-
-typedef struct VIOsPAPRDevice VIOsPAPRDevice;
-typedef struct VIOsPAPRBus VIOsPAPRBus;
-
-typedef struct VIOsPAPRDeviceClass {
- DeviceClass parent_class;
-
- const char *dt_name, *dt_type, *dt_compatible;
- target_ulong signal_mask;
- uint32_t rtce_window_size;
- int (*init)(VIOsPAPRDevice *dev);
- void (*reset)(VIOsPAPRDevice *dev);
- int (*devnode)(VIOsPAPRDevice *dev, void *fdt, int node_off);
-} VIOsPAPRDeviceClass;
-
-struct VIOsPAPRDevice {
- DeviceState qdev;
- uint32_t reg;
- uint32_t irq;
- target_ulong signal_state;
- VIOsPAPR_CRQ crq;
- DMAContext *dma;
-};
-
-#define DEFINE_SPAPR_PROPERTIES(type, field) \
- DEFINE_PROP_UINT32("reg", type, field.reg, -1)
-
-struct VIOsPAPRBus {
- BusState bus;
- uint32_t next_reg;
- int (*init)(VIOsPAPRDevice *dev);
- int (*devnode)(VIOsPAPRDevice *dev, void *fdt, int node_off);
-};
-
-extern VIOsPAPRBus *spapr_vio_bus_init(void);
-extern VIOsPAPRDevice *spapr_vio_find_by_reg(VIOsPAPRBus *bus, uint32_t reg);
-extern int spapr_populate_vdevice(VIOsPAPRBus *bus, void *fdt);
-extern int spapr_populate_chosen_stdout(void *fdt, VIOsPAPRBus *bus);
-
-extern int spapr_vio_signal(VIOsPAPRDevice *dev, target_ulong mode);
-
-static inline qemu_irq spapr_vio_qirq(VIOsPAPRDevice *dev)
-{
- return xics_get_qirq(spapr->icp, dev->irq);
-}
-
-static inline bool spapr_vio_dma_valid(VIOsPAPRDevice *dev, uint64_t taddr,
- uint32_t size, DMADirection dir)
-{
- return dma_memory_valid(dev->dma, taddr, size, dir);
-}
-
-static inline int spapr_vio_dma_read(VIOsPAPRDevice *dev, uint64_t taddr,
- void *buf, uint32_t size)
-{
- return (dma_memory_read(dev->dma, taddr, buf, size) != 0) ?
- H_DEST_PARM : H_SUCCESS;
-}
-
-static inline int spapr_vio_dma_write(VIOsPAPRDevice *dev, uint64_t taddr,
- const void *buf, uint32_t size)
-{
- return (dma_memory_write(dev->dma, taddr, buf, size) != 0) ?
- H_DEST_PARM : H_SUCCESS;
-}
-
-static inline int spapr_vio_dma_set(VIOsPAPRDevice *dev, uint64_t taddr,
- uint8_t c, uint32_t size)
-{
- return (dma_memory_set(dev->dma, taddr, c, size) != 0) ?
- H_DEST_PARM : H_SUCCESS;
-}
-
-#define vio_stb(_dev, _addr, _val) (stb_dma((_dev)->dma, (_addr), (_val)))
-#define vio_sth(_dev, _addr, _val) (stw_be_dma((_dev)->dma, (_addr), (_val)))
-#define vio_stl(_dev, _addr, _val) (stl_be_dma((_dev)->dma, (_addr), (_val)))
-#define vio_stq(_dev, _addr, _val) (stq_be_dma((_dev)->dma, (_addr), (_val)))
-#define vio_ldq(_dev, _addr) (ldq_be_dma((_dev)->dma, (_addr)))
-
-int spapr_vio_send_crq(VIOsPAPRDevice *dev, uint8_t *crq);
-
-VIOsPAPRDevice *vty_lookup(sPAPREnvironment *spapr, target_ulong reg);
-void vty_putchars(VIOsPAPRDevice *sdev, uint8_t *buf, int len);
-void spapr_vty_create(VIOsPAPRBus *bus, CharDriverState *chardev);
-void spapr_vlan_create(VIOsPAPRBus *bus, NICInfo *nd);
-void spapr_vscsi_create(VIOsPAPRBus *bus);
-
-VIOsPAPRDevice *spapr_vty_get_default(VIOsPAPRBus *bus);
-
-void spapr_vio_quiesce(void);
-
-#endif /* _HW_SPAPR_VIO_H */
diff --git a/hw/spapr_vscsi.c b/hw/spapr_vscsi.c
deleted file mode 100644
index e3d4b237f..000000000
--- a/hw/spapr_vscsi.c
+++ /dev/null
@@ -1,983 +0,0 @@
-/*
- * QEMU PowerPC pSeries Logical Partition (aka sPAPR) hardware System Emulator
- *
- * PAPR Virtual SCSI, aka ibmvscsi
- *
- * Copyright (c) 2010,2011 Benjamin Herrenschmidt, IBM Corporation.
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
- * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
- * THE SOFTWARE.
- *
- * TODO:
- *
- * - Cleanups :-)
- * - Sort out better how to assign devices to VSCSI instances
- * - Fix residual counts
- * - Add indirect descriptors support
- * - Maybe do autosense (PAPR seems to mandate it, linux doesn't care)
- */
-#include "hw.h"
-#include "scsi.h"
-#include "scsi-defs.h"
-#include "net.h" /* Remove that when we can */
-#include "srp.h"
-#include "hw/qdev.h"
-#include "hw/spapr.h"
-#include "hw/spapr_vio.h"
-#include "hw/ppc-viosrp.h"
-
-#include <libfdt.h>
-
-/*#define DEBUG_VSCSI*/
-
-#ifdef DEBUG_VSCSI
-#define dprintf(fmt, ...) \
- do { fprintf(stderr, fmt, ## __VA_ARGS__); } while (0)
-#else
-#define dprintf(fmt, ...) \
- do { } while (0)
-#endif
-
-/*
- * Virtual SCSI device
- */
-
-/* Random numbers */
-#define VSCSI_MAX_SECTORS 4096
-#define VSCSI_REQ_LIMIT 24
-
-#define SCSI_SENSE_BUF_SIZE 96
-#define SRP_RSP_SENSE_DATA_LEN 18
-
-typedef union vscsi_crq {
- struct viosrp_crq s;
- uint8_t raw[16];
-} vscsi_crq;
-
-typedef struct vscsi_req {
- vscsi_crq crq;
- union viosrp_iu iu;
-
- /* SCSI request tracking */
- SCSIRequest *sreq;
- uint32_t qtag; /* qemu tag != srp tag */
- int lun;
- int active;
- long data_len;
- int writing;
- int senselen;
- uint8_t sense[SCSI_SENSE_BUF_SIZE];
-
- /* RDMA related bits */
- uint8_t dma_fmt;
- struct srp_direct_buf ext_desc;
- struct srp_direct_buf *cur_desc;
- struct srp_indirect_buf *ind_desc;
- int local_desc;
- int total_desc;
-} vscsi_req;
-
-
-typedef struct {
- VIOsPAPRDevice vdev;
- SCSIBus bus;
- vscsi_req reqs[VSCSI_REQ_LIMIT];
-} VSCSIState;
-
-static struct vscsi_req *vscsi_get_req(VSCSIState *s)
-{
- vscsi_req *req;
- int i;
-
- for (i = 0; i < VSCSI_REQ_LIMIT; i++) {
- req = &s->reqs[i];
- if (!req->active) {
- memset(req, 0, sizeof(*req));
- req->qtag = i;
- req->active = 1;
- return req;
- }
- }
- return NULL;
-}
-
-static void vscsi_put_req(vscsi_req *req)
-{
- if (req->sreq != NULL) {
- scsi_req_unref(req->sreq);
- }
- req->sreq = NULL;
- req->active = 0;
-}
-
-static SCSIDevice *vscsi_device_find(SCSIBus *bus, uint64_t srp_lun, int *lun)
-{
- int channel = 0, id = 0;
-
-retry:
- switch (srp_lun >> 62) {
- case 0:
- if ((srp_lun >> 56) != 0) {
- channel = (srp_lun >> 56) & 0x3f;
- id = (srp_lun >> 48) & 0xff;
- srp_lun <<= 16;
- goto retry;
- }
- *lun = (srp_lun >> 48) & 0xff;
- break;
-
- case 1:
- *lun = (srp_lun >> 48) & 0x3fff;
- break;
- case 2:
- channel = (srp_lun >> 53) & 0x7;
- id = (srp_lun >> 56) & 0x3f;
- *lun = (srp_lun >> 48) & 0x1f;
- break;
- case 3:
- *lun = -1;
- return NULL;
- default:
- abort();
- }
-
- return scsi_device_find(bus, channel, id, *lun);
-}
-
-static int vscsi_send_iu(VSCSIState *s, vscsi_req *req,
- uint64_t length, uint8_t format)
-{
- long rc, rc1;
-
- /* First copy the SRP */
- rc = spapr_vio_dma_write(&s->vdev, req->crq.s.IU_data_ptr,
- &req->iu, length);
- if (rc) {
- fprintf(stderr, "vscsi_send_iu: DMA write failure !\n");
- }
-
- req->crq.s.valid = 0x80;
- req->crq.s.format = format;
- req->crq.s.reserved = 0x00;
- req->crq.s.timeout = cpu_to_be16(0x0000);
- req->crq.s.IU_length = cpu_to_be16(length);
- req->crq.s.IU_data_ptr = req->iu.srp.rsp.tag; /* right byte order */
-
- if (rc == 0) {
- req->crq.s.status = 0x99; /* Just needs to be non-zero */
- } else {
- req->crq.s.status = 0x00;
- }
-
- rc1 = spapr_vio_send_crq(&s->vdev, req->crq.raw);
- if (rc1) {
- fprintf(stderr, "vscsi_send_iu: Error sending response\n");
- return rc1;
- }
-
- return rc;
-}
-
-static void vscsi_makeup_sense(VSCSIState *s, vscsi_req *req,
- uint8_t key, uint8_t asc, uint8_t ascq)
-{
- req->senselen = SRP_RSP_SENSE_DATA_LEN;
-
- /* Valid bit and 'current errors' */
- req->sense[0] = (0x1 << 7 | 0x70);
- /* Sense key */
- req->sense[2] = key;
- /* Additional sense length */
- req->sense[7] = 0xa; /* 10 bytes */
- /* Additional sense code */
- req->sense[12] = asc;
- req->sense[13] = ascq;
-}
-
-static int vscsi_send_rsp(VSCSIState *s, vscsi_req *req,
- uint8_t status, int32_t res_in, int32_t res_out)
-{
- union viosrp_iu *iu = &req->iu;
- uint64_t tag = iu->srp.rsp.tag;
- int total_len = sizeof(iu->srp.rsp);
-
- dprintf("VSCSI: Sending resp status: 0x%x, "
- "res_in: %d, res_out: %d\n", status, res_in, res_out);
-
- memset(iu, 0, sizeof(struct srp_rsp));
- iu->srp.rsp.opcode = SRP_RSP;
- iu->srp.rsp.req_lim_delta = cpu_to_be32(1);
- iu->srp.rsp.tag = tag;
-
- /* Handle residuals */
- if (res_in < 0) {
- iu->srp.rsp.flags |= SRP_RSP_FLAG_DIUNDER;
- res_in = -res_in;
- } else if (res_in) {
- iu->srp.rsp.flags |= SRP_RSP_FLAG_DIOVER;
- }
- if (res_out < 0) {
- iu->srp.rsp.flags |= SRP_RSP_FLAG_DOUNDER;
- res_out = -res_out;
- } else if (res_out) {
- iu->srp.rsp.flags |= SRP_RSP_FLAG_DOOVER;
- }
- iu->srp.rsp.data_in_res_cnt = cpu_to_be32(res_in);
- iu->srp.rsp.data_out_res_cnt = cpu_to_be32(res_out);
-
- /* We don't do response data */
- /* iu->srp.rsp.flags &= ~SRP_RSP_FLAG_RSPVALID; */
- iu->srp.rsp.resp_data_len = cpu_to_be32(0);
-
- /* Handle success vs. failure */
- iu->srp.rsp.status = status;
- if (status) {
- iu->srp.rsp.sol_not = (iu->srp.cmd.sol_not & 0x04) >> 2;
- if (req->senselen) {
- req->iu.srp.rsp.flags |= SRP_RSP_FLAG_SNSVALID;
- req->iu.srp.rsp.sense_data_len = cpu_to_be32(req->senselen);
- memcpy(req->iu.srp.rsp.data, req->sense, req->senselen);
- total_len += req->senselen;
- }
- } else {
- iu->srp.rsp.sol_not = (iu->srp.cmd.sol_not & 0x02) >> 1;
- }
-
- vscsi_send_iu(s, req, total_len, VIOSRP_SRP_FORMAT);
- return 0;
-}
-
-static inline void vscsi_swap_desc(struct srp_direct_buf *desc)
-{
- desc->va = be64_to_cpu(desc->va);
- desc->len = be32_to_cpu(desc->len);
-}
-
-static int vscsi_srp_direct_data(VSCSIState *s, vscsi_req *req,
- uint8_t *buf, uint32_t len)
-{
- struct srp_direct_buf *md = req->cur_desc;
- uint32_t llen;
- int rc = 0;
-
- dprintf("VSCSI: direct segment 0x%x bytes, va=0x%llx desc len=0x%x\n",
- len, (unsigned long long)md->va, md->len);
-
- llen = MIN(len, md->len);
- if (llen) {
- if (req->writing) { /* writing = to device = reading from memory */
- rc = spapr_vio_dma_read(&s->vdev, md->va, buf, llen);
- } else {
- rc = spapr_vio_dma_write(&s->vdev, md->va, buf, llen);
- }
- }
- md->len -= llen;
- md->va += llen;
-
- if (rc) {
- return -1;
- }
- return llen;
-}
-
-static int vscsi_srp_indirect_data(VSCSIState *s, vscsi_req *req,
- uint8_t *buf, uint32_t len)
-{
- struct srp_direct_buf *td = &req->ind_desc->table_desc;
- struct srp_direct_buf *md = req->cur_desc;
- int rc = 0;
- uint32_t llen, total = 0;
-
- dprintf("VSCSI: indirect segment 0x%x bytes, td va=0x%llx len=0x%x\n",
- len, (unsigned long long)td->va, td->len);
-
- /* While we have data ... */
- while (len) {
- /* If we have a descriptor but it's empty, go fetch a new one */
- if (md && md->len == 0) {
- /* More local available, use one */
- if (req->local_desc) {
- md = ++req->cur_desc;
- --req->local_desc;
- --req->total_desc;
- td->va += sizeof(struct srp_direct_buf);
- } else {
- md = req->cur_desc = NULL;
- }
- }
- /* No descriptor at hand, fetch one */
- if (!md) {
- if (!req->total_desc) {
- dprintf("VSCSI: Out of descriptors !\n");
- break;
- }
- md = req->cur_desc = &req->ext_desc;
- dprintf("VSCSI: Reading desc from 0x%llx\n",
- (unsigned long long)td->va);
- rc = spapr_vio_dma_read(&s->vdev, td->va, md,
- sizeof(struct srp_direct_buf));
- if (rc) {
- dprintf("VSCSI: spapr_vio_dma_read -> %d reading ext_desc\n",
- rc);
- break;
- }
- vscsi_swap_desc(md);
- td->va += sizeof(struct srp_direct_buf);
- --req->total_desc;
- }
- dprintf("VSCSI: [desc va=0x%llx,len=0x%x] remaining=0x%x\n",
- (unsigned long long)md->va, md->len, len);
-
- /* Perform transfer */
- llen = MIN(len, md->len);
- if (req->writing) { /* writing = to device = reading from memory */
- rc = spapr_vio_dma_read(&s->vdev, md->va, buf, llen);
- } else {
- rc = spapr_vio_dma_write(&s->vdev, md->va, buf, llen);
- }
- if (rc) {
- dprintf("VSCSI: spapr_vio_dma_r/w(%d) -> %d\n", req->writing, rc);
- break;
- }
- dprintf("VSCSI: data: %02x %02x %02x %02x...\n",
- buf[0], buf[1], buf[2], buf[3]);
-
- len -= llen;
- buf += llen;
- total += llen;
- md->va += llen;
- md->len -= llen;
- }
- return rc ? -1 : total;
-}
-
-static int vscsi_srp_transfer_data(VSCSIState *s, vscsi_req *req,
- int writing, uint8_t *buf, uint32_t len)
-{
- int err = 0;
-
- switch (req->dma_fmt) {
- case SRP_NO_DATA_DESC:
- dprintf("VSCSI: no data desc transfer, skipping 0x%x bytes\n", len);
- break;
- case SRP_DATA_DESC_DIRECT:
- err = vscsi_srp_direct_data(s, req, buf, len);
- break;
- case SRP_DATA_DESC_INDIRECT:
- err = vscsi_srp_indirect_data(s, req, buf, len);
- break;
- }
- return err;
-}
-
-/* Bits from linux srp */
-static int data_out_desc_size(struct srp_cmd *cmd)
-{
- int size = 0;
- uint8_t fmt = cmd->buf_fmt >> 4;
-
- switch (fmt) {
- case SRP_NO_DATA_DESC:
- break;
- case SRP_DATA_DESC_DIRECT:
- size = sizeof(struct srp_direct_buf);
- break;
- case SRP_DATA_DESC_INDIRECT:
- size = sizeof(struct srp_indirect_buf) +
- sizeof(struct srp_direct_buf)*cmd->data_out_desc_cnt;
- break;
- default:
- break;
- }
- return size;
-}
-
-static int vscsi_preprocess_desc(vscsi_req *req)
-{
- struct srp_cmd *cmd = &req->iu.srp.cmd;
- int offset, i;
-
- offset = cmd->add_cdb_len & ~3;
-
- if (req->writing) {
- req->dma_fmt = cmd->buf_fmt >> 4;
- } else {
- offset += data_out_desc_size(cmd);
- req->dma_fmt = cmd->buf_fmt & ((1U << 4) - 1);
- }
-
- switch (req->dma_fmt) {
- case SRP_NO_DATA_DESC:
- break;
- case SRP_DATA_DESC_DIRECT:
- req->cur_desc = (struct srp_direct_buf *)(cmd->add_data + offset);
- req->total_desc = req->local_desc = 1;
- vscsi_swap_desc(req->cur_desc);
- dprintf("VSCSI: using direct RDMA %s, 0x%x bytes MD: 0x%llx\n",
- req->writing ? "write" : "read",
- req->cur_desc->len, (unsigned long long)req->cur_desc->va);
- break;
- case SRP_DATA_DESC_INDIRECT:
- req->ind_desc = (struct srp_indirect_buf *)(cmd->add_data + offset);
- vscsi_swap_desc(&req->ind_desc->table_desc);
- req->total_desc = req->ind_desc->table_desc.len /
- sizeof(struct srp_direct_buf);
- req->local_desc = req->writing ? cmd->data_out_desc_cnt :
- cmd->data_in_desc_cnt;
- for (i = 0; i < req->local_desc; i++) {
- vscsi_swap_desc(&req->ind_desc->desc_list[i]);
- }
- req->cur_desc = req->local_desc ? &req->ind_desc->desc_list[0] : NULL;
- dprintf("VSCSI: using indirect RDMA %s, 0x%x bytes %d descs "
- "(%d local) VA: 0x%llx\n",
- req->writing ? "read" : "write",
- be32_to_cpu(req->ind_desc->len),
- req->total_desc, req->local_desc,
- (unsigned long long)req->ind_desc->table_desc.va);
- break;
- default:
- fprintf(stderr,
- "vscsi_preprocess_desc: Unknown format %x\n", req->dma_fmt);
- return -1;
- }
-
- return 0;
-}
-
-/* Callback to indicate that the SCSI layer has completed a transfer. */
-static void vscsi_transfer_data(SCSIRequest *sreq, uint32_t len)
-{
- VSCSIState *s = DO_UPCAST(VSCSIState, vdev.qdev, sreq->bus->qbus.parent);
- vscsi_req *req = sreq->hba_private;
- uint8_t *buf;
- int rc = 0;
-
- dprintf("VSCSI: SCSI xfer complete tag=0x%x len=0x%x, req=%p\n",
- sreq->tag, len, req);
- if (req == NULL) {
- fprintf(stderr, "VSCSI: Can't find request for tag 0x%x\n", sreq->tag);
- return;
- }
-
- if (len) {
- buf = scsi_req_get_buf(sreq);
- rc = vscsi_srp_transfer_data(s, req, req->writing, buf, len);
- }
- if (rc < 0) {
- fprintf(stderr, "VSCSI: RDMA error rc=%d!\n", rc);
- vscsi_makeup_sense(s, req, HARDWARE_ERROR, 0, 0);
- scsi_req_abort(req->sreq, CHECK_CONDITION);
- return;
- }
-
- /* Start next chunk */
- req->data_len -= rc;
- scsi_req_continue(sreq);
-}
-
-/* Callback to indicate that the SCSI layer has completed a transfer. */
-static void vscsi_command_complete(SCSIRequest *sreq, uint32_t status, size_t resid)
-{
- VSCSIState *s = DO_UPCAST(VSCSIState, vdev.qdev, sreq->bus->qbus.parent);
- vscsi_req *req = sreq->hba_private;
- int32_t res_in = 0, res_out = 0;
-
- dprintf("VSCSI: SCSI cmd complete, r=0x%x tag=0x%x status=0x%x, req=%p\n",
- reason, sreq->tag, status, req);
- if (req == NULL) {
- fprintf(stderr, "VSCSI: Can't find request for tag 0x%x\n", sreq->tag);
- return;
- }
-
- if (status == CHECK_CONDITION) {
- req->senselen = scsi_req_get_sense(req->sreq, req->sense,
- sizeof(req->sense));
- dprintf("VSCSI: Sense data, %d bytes:\n", len);
- dprintf(" %02x %02x %02x %02x %02x %02x %02x %02x\n",
- req->sense[0], req->sense[1], req->sense[2], req->sense[3],
- req->sense[4], req->sense[5], req->sense[6], req->sense[7]);
- dprintf(" %02x %02x %02x %02x %02x %02x %02x %02x\n",
- req->sense[8], req->sense[9], req->sense[10], req->sense[11],
- req->sense[12], req->sense[13], req->sense[14], req->sense[15]);
- }
-
- dprintf("VSCSI: Command complete err=%d\n", status);
- if (status == 0) {
- /* We handle overflows, not underflows for normal commands,
- * but hopefully nobody cares
- */
- if (req->writing) {
- res_out = req->data_len;
- } else {
- res_in = req->data_len;
- }
- }
- vscsi_send_rsp(s, req, status, res_in, res_out);
- vscsi_put_req(req);
-}
-
-static void vscsi_request_cancelled(SCSIRequest *sreq)
-{
- vscsi_req *req = sreq->hba_private;
-
- vscsi_put_req(req);
-}
-
-static void vscsi_process_login(VSCSIState *s, vscsi_req *req)
-{
- union viosrp_iu *iu = &req->iu;
- struct srp_login_rsp *rsp = &iu->srp.login_rsp;
- uint64_t tag = iu->srp.rsp.tag;
-
- dprintf("VSCSI: Got login, sendin response !\n");
-
- /* TODO handle case that requested size is wrong and
- * buffer format is wrong
- */
- memset(iu, 0, sizeof(struct srp_login_rsp));
- rsp->opcode = SRP_LOGIN_RSP;
- /* Don't advertise quite as many request as we support to
- * keep room for management stuff etc...
- */
- rsp->req_lim_delta = cpu_to_be32(VSCSI_REQ_LIMIT-2);
- rsp->tag = tag;
- rsp->max_it_iu_len = cpu_to_be32(sizeof(union srp_iu));
- rsp->max_ti_iu_len = cpu_to_be32(sizeof(union srp_iu));
- /* direct and indirect */
- rsp->buf_fmt = cpu_to_be16(SRP_BUF_FORMAT_DIRECT | SRP_BUF_FORMAT_INDIRECT);
-
- vscsi_send_iu(s, req, sizeof(*rsp), VIOSRP_SRP_FORMAT);
-}
-
-static void vscsi_inquiry_no_target(VSCSIState *s, vscsi_req *req)
-{
- uint8_t *cdb = req->iu.srp.cmd.cdb;
- uint8_t resp_data[36];
- int rc, len, alen;
-
- /* We dont do EVPD. Also check that page_code is 0 */
- if ((cdb[1] & 0x01) || (cdb[1] & 0x01) || cdb[2] != 0) {
- /* Send INVALID FIELD IN CDB */
- vscsi_makeup_sense(s, req, ILLEGAL_REQUEST, 0x24, 0);
- vscsi_send_rsp(s, req, CHECK_CONDITION, 0, 0);
- return;
- }
- alen = cdb[3];
- alen = (alen << 8) | cdb[4];
- len = MIN(alen, 36);
-
- /* Fake up inquiry using PQ=3 */
- memset(resp_data, 0, 36);
- resp_data[0] = 0x7f; /* Not capable of supporting a device here */
- resp_data[2] = 0x06; /* SPS-4 */
- resp_data[3] = 0x02; /* Resp data format */
- resp_data[4] = 36 - 5; /* Additional length */
- resp_data[7] = 0x10; /* Sync transfers */
- memcpy(&resp_data[16], "QEMU EMPTY ", 16);
- memcpy(&resp_data[8], "QEMU ", 8);
-
- req->writing = 0;
- vscsi_preprocess_desc(req);
- rc = vscsi_srp_transfer_data(s, req, 0, resp_data, len);
- if (rc < 0) {
- vscsi_makeup_sense(s, req, HARDWARE_ERROR, 0, 0);
- vscsi_send_rsp(s, req, CHECK_CONDITION, 0, 0);
- } else {
- vscsi_send_rsp(s, req, 0, 36 - rc, 0);
- }
-}
-
-static int vscsi_queue_cmd(VSCSIState *s, vscsi_req *req)
-{
- union srp_iu *srp = &req->iu.srp;
- SCSIDevice *sdev;
- int n, lun;
-
- sdev = vscsi_device_find(&s->bus, be64_to_cpu(srp->cmd.lun), &lun);
- if (!sdev) {
- dprintf("VSCSI: Command for lun %08" PRIx64 " with no drive\n", be64_to_cpu(srp->cmd.lun));
- if (srp->cmd.cdb[0] == INQUIRY) {
- vscsi_inquiry_no_target(s, req);
- } else {
- vscsi_makeup_sense(s, req, ILLEGAL_REQUEST, 0x24, 0x00);
- vscsi_send_rsp(s, req, CHECK_CONDITION, 0, 0);
- } return 1;
- }
-
- req->lun = lun;
- req->sreq = scsi_req_new(sdev, req->qtag, lun, srp->cmd.cdb, req);
- n = scsi_req_enqueue(req->sreq);
-
- dprintf("VSCSI: Queued command tag 0x%x CMD 0x%x ID %d LUN %d ret: %d\n",
- req->qtag, srp->cmd.cdb[0], id, lun, n);
-
- if (n) {
- /* Transfer direction must be set before preprocessing the
- * descriptors
- */
- req->writing = (n < 1);
-
- /* Preprocess RDMA descriptors */
- vscsi_preprocess_desc(req);
-
- /* Get transfer direction and initiate transfer */
- if (n > 0) {
- req->data_len = n;
- } else if (n < 0) {
- req->data_len = -n;
- }
- scsi_req_continue(req->sreq);
- }
- /* Don't touch req here, it may have been recycled already */
-
- return 0;
-}
-
-static int vscsi_process_tsk_mgmt(VSCSIState *s, vscsi_req *req)
-{
- union viosrp_iu *iu = &req->iu;
- int fn;
-
- fprintf(stderr, "vscsi_process_tsk_mgmt %02x\n",
- iu->srp.tsk_mgmt.tsk_mgmt_func);
-
- switch (iu->srp.tsk_mgmt.tsk_mgmt_func) {
-#if 0 /* We really don't deal with these for now */
- case SRP_TSK_ABORT_TASK:
- fn = ABORT_TASK;
- break;
- case SRP_TSK_ABORT_TASK_SET:
- fn = ABORT_TASK_SET;
- break;
- case SRP_TSK_CLEAR_TASK_SET:
- fn = CLEAR_TASK_SET;
- break;
- case SRP_TSK_LUN_RESET:
- fn = LOGICAL_UNIT_RESET;
- break;
- case SRP_TSK_CLEAR_ACA:
- fn = CLEAR_ACA;
- break;
-#endif
- default:
- fn = 0;
- }
- if (fn) {
- /* XXX Send/Handle target task management */
- ;
- } else {
- vscsi_makeup_sense(s, req, ILLEGAL_REQUEST, 0x20, 0);
- vscsi_send_rsp(s, req, CHECK_CONDITION, 0, 0);
- }
- return !fn;
-}
-
-static int vscsi_handle_srp_req(VSCSIState *s, vscsi_req *req)
-{
- union srp_iu *srp = &req->iu.srp;
- int done = 1;
- uint8_t opcode = srp->rsp.opcode;
-
- switch (opcode) {
- case SRP_LOGIN_REQ:
- vscsi_process_login(s, req);
- break;
- case SRP_TSK_MGMT:
- done = vscsi_process_tsk_mgmt(s, req);
- break;
- case SRP_CMD:
- done = vscsi_queue_cmd(s, req);
- break;
- case SRP_LOGIN_RSP:
- case SRP_I_LOGOUT:
- case SRP_T_LOGOUT:
- case SRP_RSP:
- case SRP_CRED_REQ:
- case SRP_CRED_RSP:
- case SRP_AER_REQ:
- case SRP_AER_RSP:
- fprintf(stderr, "VSCSI: Unsupported opcode %02x\n", opcode);
- break;
- default:
- fprintf(stderr, "VSCSI: Unknown type %02x\n", opcode);
- }
-
- return done;
-}
-
-static int vscsi_send_adapter_info(VSCSIState *s, vscsi_req *req)
-{
- struct viosrp_adapter_info *sinfo;
- struct mad_adapter_info_data info;
- int rc;
-
- sinfo = &req->iu.mad.adapter_info;
-
-#if 0 /* What for ? */
- rc = spapr_vio_dma_read(&s->vdev, be64_to_cpu(sinfo->buffer),
- &info, be16_to_cpu(sinfo->common.length));
- if (rc) {
- fprintf(stderr, "vscsi_send_adapter_info: DMA read failure !\n");
- }
-#endif
- memset(&info, 0, sizeof(info));
- strcpy(info.srp_version, SRP_VERSION);
- memcpy(info.partition_name, "qemu", sizeof("qemu"));
- info.partition_number = cpu_to_be32(0);
- info.mad_version = cpu_to_be32(1);
- info.os_type = cpu_to_be32(2);
- info.port_max_txu[0] = cpu_to_be32(VSCSI_MAX_SECTORS << 9);
-
- rc = spapr_vio_dma_write(&s->vdev, be64_to_cpu(sinfo->buffer),
- &info, be16_to_cpu(sinfo->common.length));
- if (rc) {
- fprintf(stderr, "vscsi_send_adapter_info: DMA write failure !\n");
- }
-
- sinfo->common.status = rc ? cpu_to_be32(1) : 0;
-
- return vscsi_send_iu(s, req, sizeof(*sinfo), VIOSRP_MAD_FORMAT);
-}
-
-static int vscsi_handle_mad_req(VSCSIState *s, vscsi_req *req)
-{
- union mad_iu *mad = &req->iu.mad;
-
- switch (be32_to_cpu(mad->empty_iu.common.type)) {
- case VIOSRP_EMPTY_IU_TYPE:
- fprintf(stderr, "Unsupported EMPTY MAD IU\n");
- break;
- case VIOSRP_ERROR_LOG_TYPE:
- fprintf(stderr, "Unsupported ERROR LOG MAD IU\n");
- mad->error_log.common.status = cpu_to_be16(1);
- vscsi_send_iu(s, req, sizeof(mad->error_log), VIOSRP_MAD_FORMAT);
- break;
- case VIOSRP_ADAPTER_INFO_TYPE:
- vscsi_send_adapter_info(s, req);
- break;
- case VIOSRP_HOST_CONFIG_TYPE:
- mad->host_config.common.status = cpu_to_be16(1);
- vscsi_send_iu(s, req, sizeof(mad->host_config), VIOSRP_MAD_FORMAT);
- break;
- default:
- fprintf(stderr, "VSCSI: Unknown MAD type %02x\n",
- be32_to_cpu(mad->empty_iu.common.type));
- }
-
- return 1;
-}
-
-static void vscsi_got_payload(VSCSIState *s, vscsi_crq *crq)
-{
- vscsi_req *req;
- int done;
-
- req = vscsi_get_req(s);
- if (req == NULL) {
- fprintf(stderr, "VSCSI: Failed to get a request !\n");
- return;
- }
-
- /* We only support a limited number of descriptors, we know
- * the ibmvscsi driver uses up to 10 max, so it should fit
- * in our 256 bytes IUs. If not we'll have to increase the size
- * of the structure.
- */
- if (crq->s.IU_length > sizeof(union viosrp_iu)) {
- fprintf(stderr, "VSCSI: SRP IU too long (%d bytes) !\n",
- crq->s.IU_length);
- vscsi_put_req(req);
- return;
- }
-
- /* XXX Handle failure differently ? */
- if (spapr_vio_dma_read(&s->vdev, crq->s.IU_data_ptr, &req->iu,
- crq->s.IU_length)) {
- fprintf(stderr, "vscsi_got_payload: DMA read failure !\n");
- vscsi_put_req(req);
- return;
- }
- memcpy(&req->crq, crq, sizeof(vscsi_crq));
-
- if (crq->s.format == VIOSRP_MAD_FORMAT) {
- done = vscsi_handle_mad_req(s, req);
- } else {
- done = vscsi_handle_srp_req(s, req);
- }
-
- if (done) {
- vscsi_put_req(req);
- }
-}
-
-
-static int vscsi_do_crq(struct VIOsPAPRDevice *dev, uint8_t *crq_data)
-{
- VSCSIState *s = DO_UPCAST(VSCSIState, vdev, dev);
- vscsi_crq crq;
-
- memcpy(crq.raw, crq_data, 16);
- crq.s.timeout = be16_to_cpu(crq.s.timeout);
- crq.s.IU_length = be16_to_cpu(crq.s.IU_length);
- crq.s.IU_data_ptr = be64_to_cpu(crq.s.IU_data_ptr);
-
- dprintf("VSCSI: do_crq %02x %02x ...\n", crq.raw[0], crq.raw[1]);
-
- switch (crq.s.valid) {
- case 0xc0: /* Init command/response */
-
- /* Respond to initialization request */
- if (crq.s.format == 0x01) {
- memset(crq.raw, 0, 16);
- crq.s.valid = 0xc0;
- crq.s.format = 0x02;
- spapr_vio_send_crq(dev, crq.raw);
- }
-
- /* Note that in hotplug cases, we might get a 0x02
- * as a result of us emitting the init request
- */
-
- break;
- case 0xff: /* Link event */
-
- /* Not handled for now */
-
- break;
- case 0x80: /* Payloads */
- switch (crq.s.format) {
- case VIOSRP_SRP_FORMAT: /* AKA VSCSI request */
- case VIOSRP_MAD_FORMAT: /* AKA VSCSI response */
- vscsi_got_payload(s, &crq);
- break;
- case VIOSRP_OS400_FORMAT:
- case VIOSRP_AIX_FORMAT:
- case VIOSRP_LINUX_FORMAT:
- case VIOSRP_INLINE_FORMAT:
- fprintf(stderr, "vscsi_do_srq: Unsupported payload format %02x\n",
- crq.s.format);
- break;
- default:
- fprintf(stderr, "vscsi_do_srq: Unknown payload format %02x\n",
- crq.s.format);
- }
- break;
- default:
- fprintf(stderr, "vscsi_do_crq: unknown CRQ %02x %02x ...\n",
- crq.raw[0], crq.raw[1]);
- };
-
- return 0;
-}
-
-static const struct SCSIBusInfo vscsi_scsi_info = {
- .tcq = true,
- .max_channel = 7, /* logical unit addressing format */
- .max_target = 63,
- .max_lun = 31,
-
- .transfer_data = vscsi_transfer_data,
- .complete = vscsi_command_complete,
- .cancel = vscsi_request_cancelled
-};
-
-static void spapr_vscsi_reset(VIOsPAPRDevice *dev)
-{
- VSCSIState *s = DO_UPCAST(VSCSIState, vdev, dev);
- int i;
-
- memset(s->reqs, 0, sizeof(s->reqs));
- for (i = 0; i < VSCSI_REQ_LIMIT; i++) {
- s->reqs[i].qtag = i;
- }
-}
-
-static int spapr_vscsi_init(VIOsPAPRDevice *dev)
-{
- VSCSIState *s = DO_UPCAST(VSCSIState, vdev, dev);
-
- dev->crq.SendFunc = vscsi_do_crq;
-
- scsi_bus_new(&s->bus, &dev->qdev, &vscsi_scsi_info);
- if (!dev->qdev.hotplugged) {
- scsi_bus_legacy_handle_cmdline(&s->bus);
- }
-
- return 0;
-}
-
-void spapr_vscsi_create(VIOsPAPRBus *bus)
-{
- DeviceState *dev;
-
- dev = qdev_create(&bus->bus, "spapr-vscsi");
-
- qdev_init_nofail(dev);
-}
-
-static int spapr_vscsi_devnode(VIOsPAPRDevice *dev, void *fdt, int node_off)
-{
- int ret;
-
- ret = fdt_setprop_cell(fdt, node_off, "#address-cells", 2);
- if (ret < 0) {
- return ret;
- }
-
- ret = fdt_setprop_cell(fdt, node_off, "#size-cells", 0);
- if (ret < 0) {
- return ret;
- }
-
- return 0;
-}
-
-static Property spapr_vscsi_properties[] = {
- DEFINE_SPAPR_PROPERTIES(VSCSIState, vdev),
- DEFINE_PROP_END_OF_LIST(),
-};
-
-static void spapr_vscsi_class_init(ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS(klass);
- VIOsPAPRDeviceClass *k = VIO_SPAPR_DEVICE_CLASS(klass);
-
- k->init = spapr_vscsi_init;
- k->reset = spapr_vscsi_reset;
- k->devnode = spapr_vscsi_devnode;
- k->dt_name = "v-scsi";
- k->dt_type = "vscsi";
- k->dt_compatible = "IBM,v-scsi";
- k->signal_mask = 0x00000001;
- dc->props = spapr_vscsi_properties;
- k->rtce_window_size = 0x10000000;
-}
-
-static TypeInfo spapr_vscsi_info = {
- .name = "spapr-vscsi",
- .parent = TYPE_VIO_SPAPR_DEVICE,
- .instance_size = sizeof(VSCSIState),
- .class_init = spapr_vscsi_class_init,
-};
-
-static void spapr_vscsi_register_types(void)
-{
- type_register_static(&spapr_vscsi_info);
-}
-
-type_init(spapr_vscsi_register_types)
diff --git a/hw/spapr_vty.c b/hw/spapr_vty.c
deleted file mode 100644
index 14f862fba..000000000
--- a/hw/spapr_vty.c
+++ /dev/null
@@ -1,221 +0,0 @@
-#include "qdev.h"
-#include "qemu-char.h"
-#include "hw/spapr.h"
-#include "hw/spapr_vio.h"
-
-#define VTERM_BUFSIZE 16
-
-typedef struct VIOsPAPRVTYDevice {
- VIOsPAPRDevice sdev;
- CharDriverState *chardev;
- uint32_t in, out;
- uint8_t buf[VTERM_BUFSIZE];
-} VIOsPAPRVTYDevice;
-
-static int vty_can_receive(void *opaque)
-{
- VIOsPAPRVTYDevice *dev = (VIOsPAPRVTYDevice *)opaque;
-
- return (dev->in - dev->out) < VTERM_BUFSIZE;
-}
-
-static void vty_receive(void *opaque, const uint8_t *buf, int size)
-{
- VIOsPAPRVTYDevice *dev = (VIOsPAPRVTYDevice *)opaque;
- int i;
-
- if ((dev->in == dev->out) && size) {
- /* toggle line to simulate edge interrupt */
- qemu_irq_pulse(spapr_vio_qirq(&dev->sdev));
- }
- for (i = 0; i < size; i++) {
- assert((dev->in - dev->out) < VTERM_BUFSIZE);
- dev->buf[dev->in++ % VTERM_BUFSIZE] = buf[i];
- }
-}
-
-static int vty_getchars(VIOsPAPRDevice *sdev, uint8_t *buf, int max)
-{
- VIOsPAPRVTYDevice *dev = (VIOsPAPRVTYDevice *)sdev;
- int n = 0;
-
- while ((n < max) && (dev->out != dev->in)) {
- buf[n++] = dev->buf[dev->out++ % VTERM_BUFSIZE];
- }
-
- return n;
-}
-
-void vty_putchars(VIOsPAPRDevice *sdev, uint8_t *buf, int len)
-{
- VIOsPAPRVTYDevice *dev = (VIOsPAPRVTYDevice *)sdev;
-
- /* FIXME: should check the qemu_chr_fe_write() return value */
- qemu_chr_fe_write(dev->chardev, buf, len);
-}
-
-static int spapr_vty_init(VIOsPAPRDevice *sdev)
-{
- VIOsPAPRVTYDevice *dev = (VIOsPAPRVTYDevice *)sdev;
-
- if (!dev->chardev) {
- fprintf(stderr, "spapr-vty: Can't create vty without a chardev!\n");
- exit(1);
- }
-
- qemu_chr_add_handlers(dev->chardev, vty_can_receive,
- vty_receive, NULL, dev);
-
- return 0;
-}
-
-/* Forward declaration */
-static target_ulong h_put_term_char(PowerPCCPU *cpu, sPAPREnvironment *spapr,
- target_ulong opcode, target_ulong *args)
-{
- target_ulong reg = args[0];
- target_ulong len = args[1];
- target_ulong char0_7 = args[2];
- target_ulong char8_15 = args[3];
- VIOsPAPRDevice *sdev;
- uint8_t buf[16];
-
- sdev = vty_lookup(spapr, reg);
- if (!sdev) {
- return H_PARAMETER;
- }
-
- if (len > 16) {
- return H_PARAMETER;
- }
-
- *((uint64_t *)buf) = cpu_to_be64(char0_7);
- *((uint64_t *)buf + 1) = cpu_to_be64(char8_15);
-
- vty_putchars(sdev, buf, len);
-
- return H_SUCCESS;
-}
-
-static target_ulong h_get_term_char(PowerPCCPU *cpu, sPAPREnvironment *spapr,
- target_ulong opcode, target_ulong *args)
-{
- target_ulong reg = args[0];
- target_ulong *len = args + 0;
- target_ulong *char0_7 = args + 1;
- target_ulong *char8_15 = args + 2;
- VIOsPAPRDevice *sdev;
- uint8_t buf[16];
-
- sdev = vty_lookup(spapr, reg);
- if (!sdev) {
- return H_PARAMETER;
- }
-
- *len = vty_getchars(sdev, buf, sizeof(buf));
- if (*len < 16) {
- memset(buf + *len, 0, 16 - *len);
- }
-
- *char0_7 = be64_to_cpu(*((uint64_t *)buf));
- *char8_15 = be64_to_cpu(*((uint64_t *)buf + 1));
-
- return H_SUCCESS;
-}
-
-void spapr_vty_create(VIOsPAPRBus *bus, CharDriverState *chardev)
-{
- DeviceState *dev;
-
- dev = qdev_create(&bus->bus, "spapr-vty");
- qdev_prop_set_chr(dev, "chardev", chardev);
- qdev_init_nofail(dev);
-}
-
-static Property spapr_vty_properties[] = {
- DEFINE_SPAPR_PROPERTIES(VIOsPAPRVTYDevice, sdev),
- DEFINE_PROP_CHR("chardev", VIOsPAPRVTYDevice, chardev),
- DEFINE_PROP_END_OF_LIST(),
-};
-
-static void spapr_vty_class_init(ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS(klass);
- VIOsPAPRDeviceClass *k = VIO_SPAPR_DEVICE_CLASS(klass);
-
- k->init = spapr_vty_init;
- k->dt_name = "vty";
- k->dt_type = "serial";
- k->dt_compatible = "hvterm1";
- dc->props = spapr_vty_properties;
-}
-
-static TypeInfo spapr_vty_info = {
- .name = "spapr-vty",
- .parent = TYPE_VIO_SPAPR_DEVICE,
- .instance_size = sizeof(VIOsPAPRVTYDevice),
- .class_init = spapr_vty_class_init,
-};
-
-VIOsPAPRDevice *spapr_vty_get_default(VIOsPAPRBus *bus)
-{
- VIOsPAPRDevice *sdev, *selected;
- BusChild *kid;
-
- /*
- * To avoid the console bouncing around we want one VTY to be
- * the "default". We haven't really got anything to go on, so
- * arbitrarily choose the one with the lowest reg value.
- */
-
- selected = NULL;
- QTAILQ_FOREACH(kid, &bus->bus.children, sibling) {
- DeviceState *iter = kid->child;
-
- /* Only look at VTY devices */
- if (!object_dynamic_cast(OBJECT(iter), "spapr-vty")) {
- continue;
- }
-
- sdev = DO_UPCAST(VIOsPAPRDevice, qdev, iter);
-
- /* First VTY we've found, so it is selected for now */
- if (!selected) {
- selected = sdev;
- continue;
- }
-
- /* Choose VTY with lowest reg value */
- if (sdev->reg < selected->reg) {
- selected = sdev;
- }
- }
-
- return selected;
-}
-
-VIOsPAPRDevice *vty_lookup(sPAPREnvironment *spapr, target_ulong reg)
-{
- VIOsPAPRDevice *sdev;
-
- sdev = spapr_vio_find_by_reg(spapr->vio_bus, reg);
- if (!sdev && reg == 0) {
- /* Hack for kernel early debug, which always specifies reg==0.
- * We search all VIO devices, and grab the vty with the lowest
- * reg. This attempts to mimic existing PowerVM behaviour
- * (early debug does work there, despite having no vty with
- * reg==0. */
- return spapr_vty_get_default(spapr->vio_bus);
- }
-
- return sdev;
-}
-
-static void spapr_vty_register_types(void)
-{
- spapr_register_hypercall(H_PUT_TERM_CHAR, h_put_term_char);
- spapr_register_hypercall(H_GET_TERM_CHAR, h_get_term_char);
- type_register_static(&spapr_vty_info);
-}
-
-type_init(spapr_vty_register_types)
diff --git a/hw/sparc/Makefile.objs b/hw/sparc/Makefile.objs
index a39a511c5..c987b5b5d 100644
--- a/hw/sparc/Makefile.objs
+++ b/hw/sparc/Makefile.objs
@@ -1,8 +1 @@
-obj-y = sun4m.o lance.o tcx.o sun4m_iommu.o slavio_intctl.o
-obj-y += slavio_timer.o slavio_misc.o sparc32_dma.o
-obj-y += cs4231.o eccmemctl.o sbi.o sun4c_intctl.o leon3.o
-
-# GRLIB
-obj-y += grlib_gptimer.o grlib_irqmp.o grlib_apbuart.o
-
-obj-y := $(addprefix ../,$(obj-y))
+obj-y += sun4m.o leon3.o
diff --git a/hw/sparc/leon3.c b/hw/sparc/leon3.c
new file mode 100644
index 000000000..5ef282fcd
--- /dev/null
+++ b/hw/sparc/leon3.c
@@ -0,0 +1,227 @@
+/*
+ * QEMU Leon3 System Emulator
+ *
+ * Copyright (c) 2010-2011 AdaCore
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+#include "hw/hw.h"
+#include "qemu/timer.h"
+#include "hw/ptimer.h"
+#include "sysemu/char.h"
+#include "sysemu/sysemu.h"
+#include "hw/boards.h"
+#include "hw/loader.h"
+#include "elf.h"
+#include "trace.h"
+#include "exec/address-spaces.h"
+
+#include "hw/sparc/grlib.h"
+
+/* Default system clock. */
+#define CPU_CLK (40 * 1000 * 1000)
+
+#define PROM_FILENAME "u-boot.bin"
+
+#define MAX_PILS 16
+
+typedef struct ResetData {
+ SPARCCPU *cpu;
+ uint32_t entry; /* save kernel entry in case of reset */
+} ResetData;
+
+static void main_cpu_reset(void *opaque)
+{
+ ResetData *s = (ResetData *)opaque;
+ CPUState *cpu = CPU(s->cpu);
+ CPUSPARCState *env = &s->cpu->env;
+
+ cpu_reset(cpu);
+
+ cpu->halted = 0;
+ env->pc = s->entry;
+ env->npc = s->entry + 4;
+}
+
+void leon3_irq_ack(void *irq_manager, int intno)
+{
+ grlib_irqmp_ack((DeviceState *)irq_manager, intno);
+}
+
+static void leon3_set_pil_in(void *opaque, uint32_t pil_in)
+{
+ CPUSPARCState *env = (CPUSPARCState *)opaque;
+ CPUState *cs;
+
+ assert(env != NULL);
+
+ env->pil_in = pil_in;
+
+ if (env->pil_in && (env->interrupt_index == 0 ||
+ (env->interrupt_index & ~15) == TT_EXTINT)) {
+ unsigned int i;
+
+ for (i = 15; i > 0; i--) {
+ if (env->pil_in & (1 << i)) {
+ int old_interrupt = env->interrupt_index;
+
+ env->interrupt_index = TT_EXTINT | i;
+ if (old_interrupt != env->interrupt_index) {
+ cs = CPU(sparc_env_get_cpu(env));
+ trace_leon3_set_irq(i);
+ cpu_interrupt(cs, CPU_INTERRUPT_HARD);
+ }
+ break;
+ }
+ }
+ } else if (!env->pil_in && (env->interrupt_index & ~15) == TT_EXTINT) {
+ cs = CPU(sparc_env_get_cpu(env));
+ trace_leon3_reset_irq(env->interrupt_index & 15);
+ env->interrupt_index = 0;
+ cpu_reset_interrupt(cs, CPU_INTERRUPT_HARD);
+ }
+}
+
+static void leon3_generic_hw_init(QEMUMachineInitArgs *args)
+{
+ ram_addr_t ram_size = args->ram_size;
+ const char *cpu_model = args->cpu_model;
+ const char *kernel_filename = args->kernel_filename;
+ SPARCCPU *cpu;
+ CPUSPARCState *env;
+ MemoryRegion *address_space_mem = get_system_memory();
+ MemoryRegion *ram = g_new(MemoryRegion, 1);
+ MemoryRegion *prom = g_new(MemoryRegion, 1);
+ int ret;
+ char *filename;
+ qemu_irq *cpu_irqs = NULL;
+ int bios_size;
+ int prom_size;
+ ResetData *reset_info;
+
+ /* Init CPU */
+ if (!cpu_model) {
+ cpu_model = "LEON3";
+ }
+
+ cpu = cpu_sparc_init(cpu_model);
+ if (cpu == NULL) {
+ fprintf(stderr, "qemu: Unable to find Sparc CPU definition\n");
+ exit(1);
+ }
+ env = &cpu->env;
+
+ cpu_sparc_set_id(env, 0);
+
+ /* Reset data */
+ reset_info = g_malloc0(sizeof(ResetData));
+ reset_info->cpu = cpu;
+ qemu_register_reset(main_cpu_reset, reset_info);
+
+ /* Allocate IRQ manager */
+ grlib_irqmp_create(0x80000200, env, &cpu_irqs, MAX_PILS, &leon3_set_pil_in);
+
+ env->qemu_irq_ack = leon3_irq_manager;
+
+ /* Allocate RAM */
+ if ((uint64_t)ram_size > (1UL << 30)) {
+ fprintf(stderr,
+ "qemu: Too much memory for this machine: %d, maximum 1G\n",
+ (unsigned int)(ram_size / (1024 * 1024)));
+ exit(1);
+ }
+
+ memory_region_init_ram(ram, NULL, "leon3.ram", ram_size);
+ vmstate_register_ram_global(ram);
+ memory_region_add_subregion(address_space_mem, 0x40000000, ram);
+
+ /* Allocate BIOS */
+ prom_size = 8 * 1024 * 1024; /* 8Mb */
+ memory_region_init_ram(prom, NULL, "Leon3.bios", prom_size);
+ vmstate_register_ram_global(prom);
+ memory_region_set_readonly(prom, true);
+ memory_region_add_subregion(address_space_mem, 0x00000000, prom);
+
+ /* Load boot prom */
+ if (bios_name == NULL) {
+ bios_name = PROM_FILENAME;
+ }
+ filename = qemu_find_file(QEMU_FILE_TYPE_BIOS, bios_name);
+
+ bios_size = get_image_size(filename);
+
+ if (bios_size > prom_size) {
+ fprintf(stderr, "qemu: could not load prom '%s': file too big\n",
+ filename);
+ exit(1);
+ }
+
+ if (bios_size > 0) {
+ ret = load_image_targphys(filename, 0x00000000, bios_size);
+ if (ret < 0 || ret > prom_size) {
+ fprintf(stderr, "qemu: could not load prom '%s'\n", filename);
+ exit(1);
+ }
+ } else if (kernel_filename == NULL) {
+ fprintf(stderr, "Can't read bios image %s\n", filename);
+ exit(1);
+ }
+
+ /* Can directly load an application. */
+ if (kernel_filename != NULL) {
+ long kernel_size;
+ uint64_t entry;
+
+ kernel_size = load_elf(kernel_filename, NULL, NULL, &entry, NULL, NULL,
+ 1 /* big endian */, ELF_MACHINE, 0);
+ if (kernel_size < 0) {
+ fprintf(stderr, "qemu: could not load kernel '%s'\n",
+ kernel_filename);
+ exit(1);
+ }
+ if (bios_size <= 0) {
+ /* If there is no bios/monitor, start the application. */
+ env->pc = entry;
+ env->npc = entry + 4;
+ reset_info->entry = entry;
+ }
+ }
+
+ /* Allocate timers */
+ grlib_gptimer_create(0x80000300, 2, CPU_CLK, cpu_irqs, 6);
+
+ /* Allocate uart */
+ if (serial_hds[0]) {
+ grlib_apbuart_create(0x80000100, serial_hds[0], cpu_irqs[3]);
+ }
+}
+
+static QEMUMachine leon3_generic_machine = {
+ .name = "leon3_generic",
+ .desc = "Leon-3 generic",
+ .init = leon3_generic_hw_init,
+ DEFAULT_MACHINE_OPTIONS,
+};
+
+static void leon3_machine_init(void)
+{
+ qemu_register_machine(&leon3_generic_machine);
+}
+
+machine_init(leon3_machine_init);
diff --git a/hw/sparc/sun4m.c b/hw/sparc/sun4m.c
new file mode 100644
index 000000000..942ca37c5
--- /dev/null
+++ b/hw/sparc/sun4m.c
@@ -0,0 +1,1506 @@
+/*
+ * QEMU Sun4m & Sun4d & Sun4c System Emulator
+ *
+ * Copyright (c) 2003-2005 Fabrice Bellard
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+#include "hw/sysbus.h"
+#include "qemu/timer.h"
+#include "hw/sparc/sun4m.h"
+#include "hw/timer/m48t59.h"
+#include "hw/sparc/sparc32_dma.h"
+#include "hw/block/fdc.h"
+#include "sysemu/sysemu.h"
+#include "net/net.h"
+#include "hw/boards.h"
+#include "hw/nvram/openbios_firmware_abi.h"
+#include "hw/scsi/esp.h"
+#include "hw/i386/pc.h"
+#include "hw/isa/isa.h"
+#include "hw/nvram/fw_cfg.h"
+#include "hw/char/escc.h"
+#include "hw/empty_slot.h"
+#include "hw/loader.h"
+#include "elf.h"
+#include "sysemu/blockdev.h"
+#include "trace.h"
+
+/*
+ * Sun4m architecture was used in the following machines:
+ *
+ * SPARCserver 6xxMP/xx
+ * SPARCclassic (SPARCclassic Server)(SPARCstation LC) (4/15),
+ * SPARCclassic X (4/10)
+ * SPARCstation LX/ZX (4/30)
+ * SPARCstation Voyager
+ * SPARCstation 10/xx, SPARCserver 10/xx
+ * SPARCstation 5, SPARCserver 5
+ * SPARCstation 20/xx, SPARCserver 20
+ * SPARCstation 4
+ *
+ * See for example: http://www.sunhelp.org/faq/sunref1.html
+ */
+
+#define KERNEL_LOAD_ADDR 0x00004000
+#define CMDLINE_ADDR 0x007ff000
+#define INITRD_LOAD_ADDR 0x00800000
+#define PROM_SIZE_MAX (1024 * 1024)
+#define PROM_VADDR 0xffd00000
+#define PROM_FILENAME "openbios-sparc32"
+#define CFG_ADDR 0xd00000510ULL
+#define FW_CFG_SUN4M_DEPTH (FW_CFG_ARCH_LOCAL + 0x00)
+#define FW_CFG_SUN4M_WIDTH (FW_CFG_ARCH_LOCAL + 0x01)
+#define FW_CFG_SUN4M_HEIGHT (FW_CFG_ARCH_LOCAL + 0x02)
+
+#define MAX_CPUS 16
+#define MAX_PILS 16
+#define MAX_VSIMMS 4
+
+#define ESCC_CLOCK 4915200
+
+struct sun4m_hwdef {
+ hwaddr iommu_base, iommu_pad_base, iommu_pad_len, slavio_base;
+ hwaddr intctl_base, counter_base, nvram_base, ms_kb_base;
+ hwaddr serial_base, fd_base;
+ hwaddr afx_base, idreg_base, dma_base, esp_base, le_base;
+ hwaddr tcx_base, cs_base, apc_base, aux1_base, aux2_base;
+ hwaddr bpp_base, dbri_base, sx_base;
+ struct {
+ hwaddr reg_base, vram_base;
+ } vsimm[MAX_VSIMMS];
+ hwaddr ecc_base;
+ uint64_t max_mem;
+ const char * const default_cpu_model;
+ uint32_t ecc_version;
+ uint32_t iommu_version;
+ uint16_t machine_id;
+ uint8_t nvram_machine_id;
+};
+
+int DMA_get_channel_mode (int nchan)
+{
+ return 0;
+}
+int DMA_read_memory (int nchan, void *buf, int pos, int size)
+{
+ return 0;
+}
+int DMA_write_memory (int nchan, void *buf, int pos, int size)
+{
+ return 0;
+}
+void DMA_hold_DREQ (int nchan) {}
+void DMA_release_DREQ (int nchan) {}
+void DMA_schedule(int nchan) {}
+
+void DMA_init(int high_page_enable, qemu_irq *cpu_request_exit)
+{
+}
+
+void DMA_register_channel (int nchan,
+ DMA_transfer_handler transfer_handler,
+ void *opaque)
+{
+}
+
+static int fw_cfg_boot_set(void *opaque, const char *boot_device)
+{
+ fw_cfg_add_i16(opaque, FW_CFG_BOOT_DEVICE, boot_device[0]);
+ return 0;
+}
+
+static void nvram_init(M48t59State *nvram, uint8_t *macaddr,
+ const char *cmdline, const char *boot_devices,
+ ram_addr_t RAM_size, uint32_t kernel_size,
+ int width, int height, int depth,
+ int nvram_machine_id, const char *arch)
+{
+ unsigned int i;
+ uint32_t start, end;
+ uint8_t image[0x1ff0];
+ struct OpenBIOS_nvpart_v1 *part_header;
+
+ memset(image, '\0', sizeof(image));
+
+ start = 0;
+
+ // OpenBIOS nvram variables
+ // Variable partition
+ part_header = (struct OpenBIOS_nvpart_v1 *)&image[start];
+ part_header->signature = OPENBIOS_PART_SYSTEM;
+ pstrcpy(part_header->name, sizeof(part_header->name), "system");
+
+ end = start + sizeof(struct OpenBIOS_nvpart_v1);
+ for (i = 0; i < nb_prom_envs; i++)
+ end = OpenBIOS_set_var(image, end, prom_envs[i]);
+
+ // End marker
+ image[end++] = '\0';
+
+ end = start + ((end - start + 15) & ~15);
+ OpenBIOS_finish_partition(part_header, end - start);
+
+ // free partition
+ start = end;
+ part_header = (struct OpenBIOS_nvpart_v1 *)&image[start];
+ part_header->signature = OPENBIOS_PART_FREE;
+ pstrcpy(part_header->name, sizeof(part_header->name), "free");
+
+ end = 0x1fd0;
+ OpenBIOS_finish_partition(part_header, end - start);
+
+ Sun_init_header((struct Sun_nvram *)&image[0x1fd8], macaddr,
+ nvram_machine_id);
+
+ for (i = 0; i < sizeof(image); i++)
+ m48t59_write(nvram, i, image[i]);
+}
+
+static DeviceState *slavio_intctl;
+
+void sun4m_pic_info(Monitor *mon, const QDict *qdict)
+{
+ if (slavio_intctl)
+ slavio_pic_info(mon, slavio_intctl);
+}
+
+void sun4m_irq_info(Monitor *mon, const QDict *qdict)
+{
+ if (slavio_intctl)
+ slavio_irq_info(mon, slavio_intctl);
+}
+
+void cpu_check_irqs(CPUSPARCState *env)
+{
+ CPUState *cs;
+
+ if (env->pil_in && (env->interrupt_index == 0 ||
+ (env->interrupt_index & ~15) == TT_EXTINT)) {
+ unsigned int i;
+
+ for (i = 15; i > 0; i--) {
+ if (env->pil_in & (1 << i)) {
+ int old_interrupt = env->interrupt_index;
+
+ env->interrupt_index = TT_EXTINT | i;
+ if (old_interrupt != env->interrupt_index) {
+ cs = CPU(sparc_env_get_cpu(env));
+ trace_sun4m_cpu_interrupt(i);
+ cpu_interrupt(cs, CPU_INTERRUPT_HARD);
+ }
+ break;
+ }
+ }
+ } else if (!env->pil_in && (env->interrupt_index & ~15) == TT_EXTINT) {
+ cs = CPU(sparc_env_get_cpu(env));
+ trace_sun4m_cpu_reset_interrupt(env->interrupt_index & 15);
+ env->interrupt_index = 0;
+ cpu_reset_interrupt(cs, CPU_INTERRUPT_HARD);
+ }
+}
+
+static void cpu_kick_irq(SPARCCPU *cpu)
+{
+ CPUSPARCState *env = &cpu->env;
+ CPUState *cs = CPU(cpu);
+
+ cs->halted = 0;
+ cpu_check_irqs(env);
+ qemu_cpu_kick(cs);
+}
+
+static void cpu_set_irq(void *opaque, int irq, int level)
+{
+ SPARCCPU *cpu = opaque;
+ CPUSPARCState *env = &cpu->env;
+
+ if (level) {
+ trace_sun4m_cpu_set_irq_raise(irq);
+ env->pil_in |= 1 << irq;
+ cpu_kick_irq(cpu);
+ } else {
+ trace_sun4m_cpu_set_irq_lower(irq);
+ env->pil_in &= ~(1 << irq);
+ cpu_check_irqs(env);
+ }
+}
+
+static void dummy_cpu_set_irq(void *opaque, int irq, int level)
+{
+}
+
+static void main_cpu_reset(void *opaque)
+{
+ SPARCCPU *cpu = opaque;
+ CPUState *cs = CPU(cpu);
+
+ cpu_reset(cs);
+ cs->halted = 0;
+}
+
+static void secondary_cpu_reset(void *opaque)
+{
+ SPARCCPU *cpu = opaque;
+ CPUState *cs = CPU(cpu);
+
+ cpu_reset(cs);
+ cs->halted = 1;
+}
+
+static void cpu_halt_signal(void *opaque, int irq, int level)
+{
+ if (level && current_cpu) {
+ cpu_interrupt(current_cpu, CPU_INTERRUPT_HALT);
+ }
+}
+
+static uint64_t translate_kernel_address(void *opaque, uint64_t addr)
+{
+ return addr - 0xf0000000ULL;
+}
+
+static unsigned long sun4m_load_kernel(const char *kernel_filename,
+ const char *initrd_filename,
+ ram_addr_t RAM_size)
+{
+ int linux_boot;
+ unsigned int i;
+ long initrd_size, kernel_size;
+ uint8_t *ptr;
+
+ linux_boot = (kernel_filename != NULL);
+
+ kernel_size = 0;
+ if (linux_boot) {
+ int bswap_needed;
+
+#ifdef BSWAP_NEEDED
+ bswap_needed = 1;
+#else
+ bswap_needed = 0;
+#endif
+ kernel_size = load_elf(kernel_filename, translate_kernel_address, NULL,
+ NULL, NULL, NULL, 1, ELF_MACHINE, 0);
+ if (kernel_size < 0)
+ kernel_size = load_aout(kernel_filename, KERNEL_LOAD_ADDR,
+ RAM_size - KERNEL_LOAD_ADDR, bswap_needed,
+ TARGET_PAGE_SIZE);
+ if (kernel_size < 0)
+ kernel_size = load_image_targphys(kernel_filename,
+ KERNEL_LOAD_ADDR,
+ RAM_size - KERNEL_LOAD_ADDR);
+ if (kernel_size < 0) {
+ fprintf(stderr, "qemu: could not load kernel '%s'\n",
+ kernel_filename);
+ exit(1);
+ }
+
+ /* load initrd */
+ initrd_size = 0;
+ if (initrd_filename) {
+ initrd_size = load_image_targphys(initrd_filename,
+ INITRD_LOAD_ADDR,
+ RAM_size - INITRD_LOAD_ADDR);
+ if (initrd_size < 0) {
+ fprintf(stderr, "qemu: could not load initial ram disk '%s'\n",
+ initrd_filename);
+ exit(1);
+ }
+ }
+ if (initrd_size > 0) {
+ for (i = 0; i < 64 * TARGET_PAGE_SIZE; i += TARGET_PAGE_SIZE) {
+ ptr = rom_ptr(KERNEL_LOAD_ADDR + i);
+ if (ldl_p(ptr) == 0x48647253) { // HdrS
+ stl_p(ptr + 16, INITRD_LOAD_ADDR);
+ stl_p(ptr + 20, initrd_size);
+ break;
+ }
+ }
+ }
+ }
+ return kernel_size;
+}
+
+static void *iommu_init(hwaddr addr, uint32_t version, qemu_irq irq)
+{
+ DeviceState *dev;
+ SysBusDevice *s;
+
+ dev = qdev_create(NULL, "iommu");
+ qdev_prop_set_uint32(dev, "version", version);
+ qdev_init_nofail(dev);
+ s = SYS_BUS_DEVICE(dev);
+ sysbus_connect_irq(s, 0, irq);
+ sysbus_mmio_map(s, 0, addr);
+
+ return s;
+}
+
+static void *sparc32_dma_init(hwaddr daddr, qemu_irq parent_irq,
+ void *iommu, qemu_irq *dev_irq, int is_ledma)
+{
+ DeviceState *dev;
+ SysBusDevice *s;
+
+ dev = qdev_create(NULL, "sparc32_dma");
+ qdev_prop_set_ptr(dev, "iommu_opaque", iommu);
+ qdev_prop_set_uint32(dev, "is_ledma", is_ledma);
+ qdev_init_nofail(dev);
+ s = SYS_BUS_DEVICE(dev);
+ sysbus_connect_irq(s, 0, parent_irq);
+ *dev_irq = qdev_get_gpio_in(dev, 0);
+ sysbus_mmio_map(s, 0, daddr);
+
+ return s;
+}
+
+static void lance_init(NICInfo *nd, hwaddr leaddr,
+ void *dma_opaque, qemu_irq irq)
+{
+ DeviceState *dev;
+ SysBusDevice *s;
+ qemu_irq reset;
+
+ qemu_check_nic_model(&nd_table[0], "lance");
+
+ dev = qdev_create(NULL, "lance");
+ qdev_set_nic_properties(dev, nd);
+ qdev_prop_set_ptr(dev, "dma", dma_opaque);
+ qdev_init_nofail(dev);
+ s = SYS_BUS_DEVICE(dev);
+ sysbus_mmio_map(s, 0, leaddr);
+ sysbus_connect_irq(s, 0, irq);
+ reset = qdev_get_gpio_in(dev, 0);
+ qdev_connect_gpio_out(dma_opaque, 0, reset);
+}
+
+static DeviceState *slavio_intctl_init(hwaddr addr,
+ hwaddr addrg,
+ qemu_irq **parent_irq)
+{
+ DeviceState *dev;
+ SysBusDevice *s;
+ unsigned int i, j;
+
+ dev = qdev_create(NULL, "slavio_intctl");
+ qdev_init_nofail(dev);
+
+ s = SYS_BUS_DEVICE(dev);
+
+ for (i = 0; i < MAX_CPUS; i++) {
+ for (j = 0; j < MAX_PILS; j++) {
+ sysbus_connect_irq(s, i * MAX_PILS + j, parent_irq[i][j]);
+ }
+ }
+ sysbus_mmio_map(s, 0, addrg);
+ for (i = 0; i < MAX_CPUS; i++) {
+ sysbus_mmio_map(s, i + 1, addr + i * TARGET_PAGE_SIZE);
+ }
+
+ return dev;
+}
+
+#define SYS_TIMER_OFFSET 0x10000ULL
+#define CPU_TIMER_OFFSET(cpu) (0x1000ULL * cpu)
+
+static void slavio_timer_init_all(hwaddr addr, qemu_irq master_irq,
+ qemu_irq *cpu_irqs, unsigned int num_cpus)
+{
+ DeviceState *dev;
+ SysBusDevice *s;
+ unsigned int i;
+
+ dev = qdev_create(NULL, "slavio_timer");
+ qdev_prop_set_uint32(dev, "num_cpus", num_cpus);
+ qdev_init_nofail(dev);
+ s = SYS_BUS_DEVICE(dev);
+ sysbus_connect_irq(s, 0, master_irq);
+ sysbus_mmio_map(s, 0, addr + SYS_TIMER_OFFSET);
+
+ for (i = 0; i < MAX_CPUS; i++) {
+ sysbus_mmio_map(s, i + 1, addr + (hwaddr)CPU_TIMER_OFFSET(i));
+ sysbus_connect_irq(s, i + 1, cpu_irqs[i]);
+ }
+}
+
+static qemu_irq slavio_system_powerdown;
+
+static void slavio_powerdown_req(Notifier *n, void *opaque)
+{
+ qemu_irq_raise(slavio_system_powerdown);
+}
+
+static Notifier slavio_system_powerdown_notifier = {
+ .notify = slavio_powerdown_req
+};
+
+#define MISC_LEDS 0x01600000
+#define MISC_CFG 0x01800000
+#define MISC_DIAG 0x01a00000
+#define MISC_MDM 0x01b00000
+#define MISC_SYS 0x01f00000
+
+static void slavio_misc_init(hwaddr base,
+ hwaddr aux1_base,
+ hwaddr aux2_base, qemu_irq irq,
+ qemu_irq fdc_tc)
+{
+ DeviceState *dev;
+ SysBusDevice *s;
+
+ dev = qdev_create(NULL, "slavio_misc");
+ qdev_init_nofail(dev);
+ s = SYS_BUS_DEVICE(dev);
+ if (base) {
+ /* 8 bit registers */
+ /* Slavio control */
+ sysbus_mmio_map(s, 0, base + MISC_CFG);
+ /* Diagnostics */
+ sysbus_mmio_map(s, 1, base + MISC_DIAG);
+ /* Modem control */
+ sysbus_mmio_map(s, 2, base + MISC_MDM);
+ /* 16 bit registers */
+ /* ss600mp diag LEDs */
+ sysbus_mmio_map(s, 3, base + MISC_LEDS);
+ /* 32 bit registers */
+ /* System control */
+ sysbus_mmio_map(s, 4, base + MISC_SYS);
+ }
+ if (aux1_base) {
+ /* AUX 1 (Misc System Functions) */
+ sysbus_mmio_map(s, 5, aux1_base);
+ }
+ if (aux2_base) {
+ /* AUX 2 (Software Powerdown Control) */
+ sysbus_mmio_map(s, 6, aux2_base);
+ }
+ sysbus_connect_irq(s, 0, irq);
+ sysbus_connect_irq(s, 1, fdc_tc);
+ slavio_system_powerdown = qdev_get_gpio_in(dev, 0);
+ qemu_register_powerdown_notifier(&slavio_system_powerdown_notifier);
+}
+
+static void ecc_init(hwaddr base, qemu_irq irq, uint32_t version)
+{
+ DeviceState *dev;
+ SysBusDevice *s;
+
+ dev = qdev_create(NULL, "eccmemctl");
+ qdev_prop_set_uint32(dev, "version", version);
+ qdev_init_nofail(dev);
+ s = SYS_BUS_DEVICE(dev);
+ sysbus_connect_irq(s, 0, irq);
+ sysbus_mmio_map(s, 0, base);
+ if (version == 0) { // SS-600MP only
+ sysbus_mmio_map(s, 1, base + 0x1000);
+ }
+}
+
+static void apc_init(hwaddr power_base, qemu_irq cpu_halt)
+{
+ DeviceState *dev;
+ SysBusDevice *s;
+
+ dev = qdev_create(NULL, "apc");
+ qdev_init_nofail(dev);
+ s = SYS_BUS_DEVICE(dev);
+ /* Power management (APC) XXX: not a Slavio device */
+ sysbus_mmio_map(s, 0, power_base);
+ sysbus_connect_irq(s, 0, cpu_halt);
+}
+
+static void tcx_init(hwaddr addr, int vram_size, int width,
+ int height, int depth)
+{
+ DeviceState *dev;
+ SysBusDevice *s;
+
+ dev = qdev_create(NULL, "SUNW,tcx");
+ qdev_prop_set_uint32(dev, "vram_size", vram_size);
+ qdev_prop_set_uint16(dev, "width", width);
+ qdev_prop_set_uint16(dev, "height", height);
+ qdev_prop_set_uint16(dev, "depth", depth);
+ qdev_init_nofail(dev);
+ s = SYS_BUS_DEVICE(dev);
+ /* 8-bit plane */
+ sysbus_mmio_map(s, 0, addr + 0x00800000ULL);
+ /* DAC */
+ sysbus_mmio_map(s, 1, addr + 0x00200000ULL);
+ /* TEC (dummy) */
+ sysbus_mmio_map(s, 2, addr + 0x00700000ULL);
+ /* THC 24 bit: NetBSD writes here even with 8-bit display: dummy */
+ sysbus_mmio_map(s, 3, addr + 0x00301000ULL);
+ if (depth == 24) {
+ /* 24-bit plane */
+ sysbus_mmio_map(s, 4, addr + 0x02000000ULL);
+ /* Control plane */
+ sysbus_mmio_map(s, 5, addr + 0x0a000000ULL);
+ } else {
+ /* THC 8 bit (dummy) */
+ sysbus_mmio_map(s, 4, addr + 0x00300000ULL);
+ }
+}
+
+/* NCR89C100/MACIO Internal ID register */
+
+#define TYPE_MACIO_ID_REGISTER "macio_idreg"
+
+static const uint8_t idreg_data[] = { 0xfe, 0x81, 0x01, 0x03 };
+
+static void idreg_init(hwaddr addr)
+{
+ DeviceState *dev;
+ SysBusDevice *s;
+
+ dev = qdev_create(NULL, TYPE_MACIO_ID_REGISTER);
+ qdev_init_nofail(dev);
+ s = SYS_BUS_DEVICE(dev);
+
+ sysbus_mmio_map(s, 0, addr);
+ cpu_physical_memory_write_rom(addr, idreg_data, sizeof(idreg_data));
+}
+
+#define MACIO_ID_REGISTER(obj) \
+ OBJECT_CHECK(IDRegState, (obj), TYPE_MACIO_ID_REGISTER)
+
+typedef struct IDRegState {
+ SysBusDevice parent_obj;
+
+ MemoryRegion mem;
+} IDRegState;
+
+static int idreg_init1(SysBusDevice *dev)
+{
+ IDRegState *s = MACIO_ID_REGISTER(dev);
+
+ memory_region_init_ram(&s->mem, OBJECT(s),
+ "sun4m.idreg", sizeof(idreg_data));
+ vmstate_register_ram_global(&s->mem);
+ memory_region_set_readonly(&s->mem, true);
+ sysbus_init_mmio(dev, &s->mem);
+ return 0;
+}
+
+static void idreg_class_init(ObjectClass *klass, void *data)
+{
+ SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
+
+ k->init = idreg_init1;
+}
+
+static const TypeInfo idreg_info = {
+ .name = TYPE_MACIO_ID_REGISTER,
+ .parent = TYPE_SYS_BUS_DEVICE,
+ .instance_size = sizeof(IDRegState),
+ .class_init = idreg_class_init,
+};
+
+#define TYPE_TCX_AFX "tcx_afx"
+#define TCX_AFX(obj) OBJECT_CHECK(AFXState, (obj), TYPE_TCX_AFX)
+
+typedef struct AFXState {
+ SysBusDevice parent_obj;
+
+ MemoryRegion mem;
+} AFXState;
+
+/* SS-5 TCX AFX register */
+static void afx_init(hwaddr addr)
+{
+ DeviceState *dev;
+ SysBusDevice *s;
+
+ dev = qdev_create(NULL, TYPE_TCX_AFX);
+ qdev_init_nofail(dev);
+ s = SYS_BUS_DEVICE(dev);
+
+ sysbus_mmio_map(s, 0, addr);
+}
+
+static int afx_init1(SysBusDevice *dev)
+{
+ AFXState *s = TCX_AFX(dev);
+
+ memory_region_init_ram(&s->mem, OBJECT(s), "sun4m.afx", 4);
+ vmstate_register_ram_global(&s->mem);
+ sysbus_init_mmio(dev, &s->mem);
+ return 0;
+}
+
+static void afx_class_init(ObjectClass *klass, void *data)
+{
+ SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
+
+ k->init = afx_init1;
+}
+
+static const TypeInfo afx_info = {
+ .name = TYPE_TCX_AFX,
+ .parent = TYPE_SYS_BUS_DEVICE,
+ .instance_size = sizeof(AFXState),
+ .class_init = afx_class_init,
+};
+
+#define TYPE_OPENPROM "openprom"
+#define OPENPROM(obj) OBJECT_CHECK(PROMState, (obj), TYPE_OPENPROM)
+
+typedef struct PROMState {
+ SysBusDevice parent_obj;
+
+ MemoryRegion prom;
+} PROMState;
+
+/* Boot PROM (OpenBIOS) */
+static uint64_t translate_prom_address(void *opaque, uint64_t addr)
+{
+ hwaddr *base_addr = (hwaddr *)opaque;
+ return addr + *base_addr - PROM_VADDR;
+}
+
+static void prom_init(hwaddr addr, const char *bios_name)
+{
+ DeviceState *dev;
+ SysBusDevice *s;
+ char *filename;
+ int ret;
+
+ dev = qdev_create(NULL, TYPE_OPENPROM);
+ qdev_init_nofail(dev);
+ s = SYS_BUS_DEVICE(dev);
+
+ sysbus_mmio_map(s, 0, addr);
+
+ /* load boot prom */
+ if (bios_name == NULL) {
+ bios_name = PROM_FILENAME;
+ }
+ filename = qemu_find_file(QEMU_FILE_TYPE_BIOS, bios_name);
+ if (filename) {
+ ret = load_elf(filename, translate_prom_address, &addr, NULL,
+ NULL, NULL, 1, ELF_MACHINE, 0);
+ if (ret < 0 || ret > PROM_SIZE_MAX) {
+ ret = load_image_targphys(filename, addr, PROM_SIZE_MAX);
+ }
+ g_free(filename);
+ } else {
+ ret = -1;
+ }
+ if (ret < 0 || ret > PROM_SIZE_MAX) {
+ fprintf(stderr, "qemu: could not load prom '%s'\n", bios_name);
+ exit(1);
+ }
+}
+
+static int prom_init1(SysBusDevice *dev)
+{
+ PROMState *s = OPENPROM(dev);
+
+ memory_region_init_ram(&s->prom, OBJECT(s), "sun4m.prom", PROM_SIZE_MAX);
+ vmstate_register_ram_global(&s->prom);
+ memory_region_set_readonly(&s->prom, true);
+ sysbus_init_mmio(dev, &s->prom);
+ return 0;
+}
+
+static Property prom_properties[] = {
+ {/* end of property list */},
+};
+
+static void prom_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
+
+ k->init = prom_init1;
+ dc->props = prom_properties;
+}
+
+static const TypeInfo prom_info = {
+ .name = TYPE_OPENPROM,
+ .parent = TYPE_SYS_BUS_DEVICE,
+ .instance_size = sizeof(PROMState),
+ .class_init = prom_class_init,
+};
+
+#define TYPE_SUN4M_MEMORY "memory"
+#define SUN4M_RAM(obj) OBJECT_CHECK(RamDevice, (obj), TYPE_SUN4M_MEMORY)
+
+typedef struct RamDevice {
+ SysBusDevice parent_obj;
+
+ MemoryRegion ram;
+ uint64_t size;
+} RamDevice;
+
+/* System RAM */
+static int ram_init1(SysBusDevice *dev)
+{
+ RamDevice *d = SUN4M_RAM(dev);
+
+ memory_region_init_ram(&d->ram, OBJECT(d), "sun4m.ram", d->size);
+ vmstate_register_ram_global(&d->ram);
+ sysbus_init_mmio(dev, &d->ram);
+ return 0;
+}
+
+static void ram_init(hwaddr addr, ram_addr_t RAM_size,
+ uint64_t max_mem)
+{
+ DeviceState *dev;
+ SysBusDevice *s;
+ RamDevice *d;
+
+ /* allocate RAM */
+ if ((uint64_t)RAM_size > max_mem) {
+ fprintf(stderr,
+ "qemu: Too much memory for this machine: %d, maximum %d\n",
+ (unsigned int)(RAM_size / (1024 * 1024)),
+ (unsigned int)(max_mem / (1024 * 1024)));
+ exit(1);
+ }
+ dev = qdev_create(NULL, "memory");
+ s = SYS_BUS_DEVICE(dev);
+
+ d = SUN4M_RAM(dev);
+ d->size = RAM_size;
+ qdev_init_nofail(dev);
+
+ sysbus_mmio_map(s, 0, addr);
+}
+
+static Property ram_properties[] = {
+ DEFINE_PROP_UINT64("size", RamDevice, size, 0),
+ DEFINE_PROP_END_OF_LIST(),
+};
+
+static void ram_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
+
+ k->init = ram_init1;
+ dc->props = ram_properties;
+}
+
+static const TypeInfo ram_info = {
+ .name = TYPE_SUN4M_MEMORY,
+ .parent = TYPE_SYS_BUS_DEVICE,
+ .instance_size = sizeof(RamDevice),
+ .class_init = ram_class_init,
+};
+
+static void cpu_devinit(const char *cpu_model, unsigned int id,
+ uint64_t prom_addr, qemu_irq **cpu_irqs)
+{
+ CPUState *cs;
+ SPARCCPU *cpu;
+ CPUSPARCState *env;
+
+ cpu = cpu_sparc_init(cpu_model);
+ if (cpu == NULL) {
+ fprintf(stderr, "qemu: Unable to find Sparc CPU definition\n");
+ exit(1);
+ }
+ env = &cpu->env;
+
+ cpu_sparc_set_id(env, id);
+ if (id == 0) {
+ qemu_register_reset(main_cpu_reset, cpu);
+ } else {
+ qemu_register_reset(secondary_cpu_reset, cpu);
+ cs = CPU(cpu);
+ cs->halted = 1;
+ }
+ *cpu_irqs = qemu_allocate_irqs(cpu_set_irq, cpu, MAX_PILS);
+ env->prom_addr = prom_addr;
+}
+
+static void dummy_fdc_tc(void *opaque, int irq, int level)
+{
+}
+
+static void sun4m_hw_init(const struct sun4m_hwdef *hwdef, ram_addr_t RAM_size,
+ const char *boot_device,
+ const char *kernel_filename,
+ const char *kernel_cmdline,
+ const char *initrd_filename, const char *cpu_model)
+{
+ unsigned int i;
+ void *iommu, *espdma, *ledma, *nvram;
+ qemu_irq *cpu_irqs[MAX_CPUS], slavio_irq[32], slavio_cpu_irq[MAX_CPUS],
+ espdma_irq, ledma_irq;
+ qemu_irq esp_reset, dma_enable;
+ qemu_irq fdc_tc;
+ qemu_irq *cpu_halt;
+ unsigned long kernel_size;
+ DriveInfo *fd[MAX_FD];
+ FWCfgState *fw_cfg;
+ unsigned int num_vsimms;
+
+ /* init CPUs */
+ if (!cpu_model)
+ cpu_model = hwdef->default_cpu_model;
+
+ for(i = 0; i < smp_cpus; i++) {
+ cpu_devinit(cpu_model, i, hwdef->slavio_base, &cpu_irqs[i]);
+ }
+
+ for (i = smp_cpus; i < MAX_CPUS; i++)
+ cpu_irqs[i] = qemu_allocate_irqs(dummy_cpu_set_irq, NULL, MAX_PILS);
+
+
+ /* set up devices */
+ ram_init(0, RAM_size, hwdef->max_mem);
+ /* models without ECC don't trap when missing ram is accessed */
+ if (!hwdef->ecc_base) {
+ empty_slot_init(RAM_size, hwdef->max_mem - RAM_size);
+ }
+
+ prom_init(hwdef->slavio_base, bios_name);
+
+ slavio_intctl = slavio_intctl_init(hwdef->intctl_base,
+ hwdef->intctl_base + 0x10000ULL,
+ cpu_irqs);
+
+ for (i = 0; i < 32; i++) {
+ slavio_irq[i] = qdev_get_gpio_in(slavio_intctl, i);
+ }
+ for (i = 0; i < MAX_CPUS; i++) {
+ slavio_cpu_irq[i] = qdev_get_gpio_in(slavio_intctl, 32 + i);
+ }
+
+ if (hwdef->idreg_base) {
+ idreg_init(hwdef->idreg_base);
+ }
+
+ if (hwdef->afx_base) {
+ afx_init(hwdef->afx_base);
+ }
+
+ iommu = iommu_init(hwdef->iommu_base, hwdef->iommu_version,
+ slavio_irq[30]);
+
+ if (hwdef->iommu_pad_base) {
+ /* On the real hardware (SS-5, LX) the MMU is not padded, but aliased.
+ Software shouldn't use aliased addresses, neither should it crash
+ when does. Using empty_slot instead of aliasing can help with
+ debugging such accesses */
+ empty_slot_init(hwdef->iommu_pad_base,hwdef->iommu_pad_len);
+ }
+
+ espdma = sparc32_dma_init(hwdef->dma_base, slavio_irq[18],
+ iommu, &espdma_irq, 0);
+
+ ledma = sparc32_dma_init(hwdef->dma_base + 16ULL,
+ slavio_irq[16], iommu, &ledma_irq, 1);
+
+ if (graphic_depth != 8 && graphic_depth != 24) {
+ fprintf(stderr, "qemu: Unsupported depth: %d\n", graphic_depth);
+ exit (1);
+ }
+ num_vsimms = 0;
+ if (num_vsimms == 0) {
+ tcx_init(hwdef->tcx_base, 0x00100000, graphic_width, graphic_height,
+ graphic_depth);
+ }
+
+ for (i = num_vsimms; i < MAX_VSIMMS; i++) {
+ /* vsimm registers probed by OBP */
+ if (hwdef->vsimm[i].reg_base) {
+ empty_slot_init(hwdef->vsimm[i].reg_base, 0x2000);
+ }
+ }
+
+ if (hwdef->sx_base) {
+ empty_slot_init(hwdef->sx_base, 0x2000);
+ }
+
+ lance_init(&nd_table[0], hwdef->le_base, ledma, ledma_irq);
+
+ nvram = m48t59_init(slavio_irq[0], hwdef->nvram_base, 0, 0x2000, 8);
+
+ slavio_timer_init_all(hwdef->counter_base, slavio_irq[19], slavio_cpu_irq, smp_cpus);
+
+ slavio_serial_ms_kbd_init(hwdef->ms_kb_base, slavio_irq[14],
+ display_type == DT_NOGRAPHIC, ESCC_CLOCK, 1);
+ /* Slavio TTYA (base+4, Linux ttyS0) is the first QEMU serial device
+ Slavio TTYB (base+0, Linux ttyS1) is the second QEMU serial device */
+ escc_init(hwdef->serial_base, slavio_irq[15], slavio_irq[15],
+ serial_hds[0], serial_hds[1], ESCC_CLOCK, 1);
+
+ cpu_halt = qemu_allocate_irqs(cpu_halt_signal, NULL, 1);
+ if (hwdef->apc_base) {
+ apc_init(hwdef->apc_base, cpu_halt[0]);
+ }
+
+ if (hwdef->fd_base) {
+ /* there is zero or one floppy drive */
+ memset(fd, 0, sizeof(fd));
+ fd[0] = drive_get(IF_FLOPPY, 0, 0);
+ sun4m_fdctrl_init(slavio_irq[22], hwdef->fd_base, fd,
+ &fdc_tc);
+ } else {
+ fdc_tc = *qemu_allocate_irqs(dummy_fdc_tc, NULL, 1);
+ }
+
+ slavio_misc_init(hwdef->slavio_base, hwdef->aux1_base, hwdef->aux2_base,
+ slavio_irq[30], fdc_tc);
+
+ if (drive_get_max_bus(IF_SCSI) > 0) {
+ fprintf(stderr, "qemu: too many SCSI bus\n");
+ exit(1);
+ }
+
+ esp_init(hwdef->esp_base, 2,
+ espdma_memory_read, espdma_memory_write,
+ espdma, espdma_irq, &esp_reset, &dma_enable);
+
+ qdev_connect_gpio_out(espdma, 0, esp_reset);
+ qdev_connect_gpio_out(espdma, 1, dma_enable);
+
+ if (hwdef->cs_base) {
+ sysbus_create_simple("SUNW,CS4231", hwdef->cs_base,
+ slavio_irq[5]);
+ }
+
+ if (hwdef->dbri_base) {
+ /* ISDN chip with attached CS4215 audio codec */
+ /* prom space */
+ empty_slot_init(hwdef->dbri_base+0x1000, 0x30);
+ /* reg space */
+ empty_slot_init(hwdef->dbri_base+0x10000, 0x100);
+ }
+
+ if (hwdef->bpp_base) {
+ /* parallel port */
+ empty_slot_init(hwdef->bpp_base, 0x20);
+ }
+
+ kernel_size = sun4m_load_kernel(kernel_filename, initrd_filename,
+ RAM_size);
+
+ nvram_init(nvram, (uint8_t *)&nd_table[0].macaddr, kernel_cmdline,
+ boot_device, RAM_size, kernel_size, graphic_width,
+ graphic_height, graphic_depth, hwdef->nvram_machine_id,
+ "Sun4m");
+
+ if (hwdef->ecc_base)
+ ecc_init(hwdef->ecc_base, slavio_irq[28],
+ hwdef->ecc_version);
+
+ fw_cfg = fw_cfg_init(0, 0, CFG_ADDR, CFG_ADDR + 2);
+ fw_cfg_add_i16(fw_cfg, FW_CFG_MAX_CPUS, (uint16_t)max_cpus);
+ fw_cfg_add_i32(fw_cfg, FW_CFG_ID, 1);
+ fw_cfg_add_i64(fw_cfg, FW_CFG_RAM_SIZE, (uint64_t)ram_size);
+ fw_cfg_add_i16(fw_cfg, FW_CFG_MACHINE_ID, hwdef->machine_id);
+ fw_cfg_add_i16(fw_cfg, FW_CFG_SUN4M_DEPTH, graphic_depth);
+ fw_cfg_add_i16(fw_cfg, FW_CFG_SUN4M_WIDTH, graphic_width);
+ fw_cfg_add_i16(fw_cfg, FW_CFG_SUN4M_HEIGHT, graphic_height);
+ fw_cfg_add_i32(fw_cfg, FW_CFG_KERNEL_ADDR, KERNEL_LOAD_ADDR);
+ fw_cfg_add_i32(fw_cfg, FW_CFG_KERNEL_SIZE, kernel_size);
+ if (kernel_cmdline) {
+ fw_cfg_add_i32(fw_cfg, FW_CFG_KERNEL_CMDLINE, CMDLINE_ADDR);
+ pstrcpy_targphys("cmdline", CMDLINE_ADDR, TARGET_PAGE_SIZE, kernel_cmdline);
+ fw_cfg_add_string(fw_cfg, FW_CFG_CMDLINE_DATA, kernel_cmdline);
+ fw_cfg_add_i32(fw_cfg, FW_CFG_CMDLINE_SIZE,
+ strlen(kernel_cmdline) + 1);
+ } else {
+ fw_cfg_add_i32(fw_cfg, FW_CFG_KERNEL_CMDLINE, 0);
+ fw_cfg_add_i32(fw_cfg, FW_CFG_CMDLINE_SIZE, 0);
+ }
+ fw_cfg_add_i32(fw_cfg, FW_CFG_INITRD_ADDR, INITRD_LOAD_ADDR);
+ fw_cfg_add_i32(fw_cfg, FW_CFG_INITRD_SIZE, 0); // not used
+ fw_cfg_add_i16(fw_cfg, FW_CFG_BOOT_DEVICE, boot_device[0]);
+ qemu_register_boot_set(fw_cfg_boot_set, fw_cfg);
+}
+
+enum {
+ ss5_id = 32,
+ vger_id,
+ lx_id,
+ ss4_id,
+ scls_id,
+ sbook_id,
+ ss10_id = 64,
+ ss20_id,
+ ss600mp_id,
+};
+
+static const struct sun4m_hwdef sun4m_hwdefs[] = {
+ /* SS-5 */
+ {
+ .iommu_base = 0x10000000,
+ .iommu_pad_base = 0x10004000,
+ .iommu_pad_len = 0x0fffb000,
+ .tcx_base = 0x50000000,
+ .cs_base = 0x6c000000,
+ .slavio_base = 0x70000000,
+ .ms_kb_base = 0x71000000,
+ .serial_base = 0x71100000,
+ .nvram_base = 0x71200000,
+ .fd_base = 0x71400000,
+ .counter_base = 0x71d00000,
+ .intctl_base = 0x71e00000,
+ .idreg_base = 0x78000000,
+ .dma_base = 0x78400000,
+ .esp_base = 0x78800000,
+ .le_base = 0x78c00000,
+ .apc_base = 0x6a000000,
+ .afx_base = 0x6e000000,
+ .aux1_base = 0x71900000,
+ .aux2_base = 0x71910000,
+ .nvram_machine_id = 0x80,
+ .machine_id = ss5_id,
+ .iommu_version = 0x05000000,
+ .max_mem = 0x10000000,
+ .default_cpu_model = "Fujitsu MB86904",
+ },
+ /* SS-10 */
+ {
+ .iommu_base = 0xfe0000000ULL,
+ .tcx_base = 0xe20000000ULL,
+ .slavio_base = 0xff0000000ULL,
+ .ms_kb_base = 0xff1000000ULL,
+ .serial_base = 0xff1100000ULL,
+ .nvram_base = 0xff1200000ULL,
+ .fd_base = 0xff1700000ULL,
+ .counter_base = 0xff1300000ULL,
+ .intctl_base = 0xff1400000ULL,
+ .idreg_base = 0xef0000000ULL,
+ .dma_base = 0xef0400000ULL,
+ .esp_base = 0xef0800000ULL,
+ .le_base = 0xef0c00000ULL,
+ .apc_base = 0xefa000000ULL, // XXX should not exist
+ .aux1_base = 0xff1800000ULL,
+ .aux2_base = 0xff1a01000ULL,
+ .ecc_base = 0xf00000000ULL,
+ .ecc_version = 0x10000000, // version 0, implementation 1
+ .nvram_machine_id = 0x72,
+ .machine_id = ss10_id,
+ .iommu_version = 0x03000000,
+ .max_mem = 0xf00000000ULL,
+ .default_cpu_model = "TI SuperSparc II",
+ },
+ /* SS-600MP */
+ {
+ .iommu_base = 0xfe0000000ULL,
+ .tcx_base = 0xe20000000ULL,
+ .slavio_base = 0xff0000000ULL,
+ .ms_kb_base = 0xff1000000ULL,
+ .serial_base = 0xff1100000ULL,
+ .nvram_base = 0xff1200000ULL,
+ .counter_base = 0xff1300000ULL,
+ .intctl_base = 0xff1400000ULL,
+ .dma_base = 0xef0081000ULL,
+ .esp_base = 0xef0080000ULL,
+ .le_base = 0xef0060000ULL,
+ .apc_base = 0xefa000000ULL, // XXX should not exist
+ .aux1_base = 0xff1800000ULL,
+ .aux2_base = 0xff1a01000ULL, // XXX should not exist
+ .ecc_base = 0xf00000000ULL,
+ .ecc_version = 0x00000000, // version 0, implementation 0
+ .nvram_machine_id = 0x71,
+ .machine_id = ss600mp_id,
+ .iommu_version = 0x01000000,
+ .max_mem = 0xf00000000ULL,
+ .default_cpu_model = "TI SuperSparc II",
+ },
+ /* SS-20 */
+ {
+ .iommu_base = 0xfe0000000ULL,
+ .tcx_base = 0xe20000000ULL,
+ .slavio_base = 0xff0000000ULL,
+ .ms_kb_base = 0xff1000000ULL,
+ .serial_base = 0xff1100000ULL,
+ .nvram_base = 0xff1200000ULL,
+ .fd_base = 0xff1700000ULL,
+ .counter_base = 0xff1300000ULL,
+ .intctl_base = 0xff1400000ULL,
+ .idreg_base = 0xef0000000ULL,
+ .dma_base = 0xef0400000ULL,
+ .esp_base = 0xef0800000ULL,
+ .le_base = 0xef0c00000ULL,
+ .bpp_base = 0xef4800000ULL,
+ .apc_base = 0xefa000000ULL, // XXX should not exist
+ .aux1_base = 0xff1800000ULL,
+ .aux2_base = 0xff1a01000ULL,
+ .dbri_base = 0xee0000000ULL,
+ .sx_base = 0xf80000000ULL,
+ .vsimm = {
+ {
+ .reg_base = 0x9c000000ULL,
+ .vram_base = 0xfc000000ULL
+ }, {
+ .reg_base = 0x90000000ULL,
+ .vram_base = 0xf0000000ULL
+ }, {
+ .reg_base = 0x94000000ULL
+ }, {
+ .reg_base = 0x98000000ULL
+ }
+ },
+ .ecc_base = 0xf00000000ULL,
+ .ecc_version = 0x20000000, // version 0, implementation 2
+ .nvram_machine_id = 0x72,
+ .machine_id = ss20_id,
+ .iommu_version = 0x13000000,
+ .max_mem = 0xf00000000ULL,
+ .default_cpu_model = "TI SuperSparc II",
+ },
+ /* Voyager */
+ {
+ .iommu_base = 0x10000000,
+ .tcx_base = 0x50000000,
+ .slavio_base = 0x70000000,
+ .ms_kb_base = 0x71000000,
+ .serial_base = 0x71100000,
+ .nvram_base = 0x71200000,
+ .fd_base = 0x71400000,
+ .counter_base = 0x71d00000,
+ .intctl_base = 0x71e00000,
+ .idreg_base = 0x78000000,
+ .dma_base = 0x78400000,
+ .esp_base = 0x78800000,
+ .le_base = 0x78c00000,
+ .apc_base = 0x71300000, // pmc
+ .aux1_base = 0x71900000,
+ .aux2_base = 0x71910000,
+ .nvram_machine_id = 0x80,
+ .machine_id = vger_id,
+ .iommu_version = 0x05000000,
+ .max_mem = 0x10000000,
+ .default_cpu_model = "Fujitsu MB86904",
+ },
+ /* LX */
+ {
+ .iommu_base = 0x10000000,
+ .iommu_pad_base = 0x10004000,
+ .iommu_pad_len = 0x0fffb000,
+ .tcx_base = 0x50000000,
+ .slavio_base = 0x70000000,
+ .ms_kb_base = 0x71000000,
+ .serial_base = 0x71100000,
+ .nvram_base = 0x71200000,
+ .fd_base = 0x71400000,
+ .counter_base = 0x71d00000,
+ .intctl_base = 0x71e00000,
+ .idreg_base = 0x78000000,
+ .dma_base = 0x78400000,
+ .esp_base = 0x78800000,
+ .le_base = 0x78c00000,
+ .aux1_base = 0x71900000,
+ .aux2_base = 0x71910000,
+ .nvram_machine_id = 0x80,
+ .machine_id = lx_id,
+ .iommu_version = 0x04000000,
+ .max_mem = 0x10000000,
+ .default_cpu_model = "TI MicroSparc I",
+ },
+ /* SS-4 */
+ {
+ .iommu_base = 0x10000000,
+ .tcx_base = 0x50000000,
+ .cs_base = 0x6c000000,
+ .slavio_base = 0x70000000,
+ .ms_kb_base = 0x71000000,
+ .serial_base = 0x71100000,
+ .nvram_base = 0x71200000,
+ .fd_base = 0x71400000,
+ .counter_base = 0x71d00000,
+ .intctl_base = 0x71e00000,
+ .idreg_base = 0x78000000,
+ .dma_base = 0x78400000,
+ .esp_base = 0x78800000,
+ .le_base = 0x78c00000,
+ .apc_base = 0x6a000000,
+ .aux1_base = 0x71900000,
+ .aux2_base = 0x71910000,
+ .nvram_machine_id = 0x80,
+ .machine_id = ss4_id,
+ .iommu_version = 0x05000000,
+ .max_mem = 0x10000000,
+ .default_cpu_model = "Fujitsu MB86904",
+ },
+ /* SPARCClassic */
+ {
+ .iommu_base = 0x10000000,
+ .tcx_base = 0x50000000,
+ .slavio_base = 0x70000000,
+ .ms_kb_base = 0x71000000,
+ .serial_base = 0x71100000,
+ .nvram_base = 0x71200000,
+ .fd_base = 0x71400000,
+ .counter_base = 0x71d00000,
+ .intctl_base = 0x71e00000,
+ .idreg_base = 0x78000000,
+ .dma_base = 0x78400000,
+ .esp_base = 0x78800000,
+ .le_base = 0x78c00000,
+ .apc_base = 0x6a000000,
+ .aux1_base = 0x71900000,
+ .aux2_base = 0x71910000,
+ .nvram_machine_id = 0x80,
+ .machine_id = scls_id,
+ .iommu_version = 0x05000000,
+ .max_mem = 0x10000000,
+ .default_cpu_model = "TI MicroSparc I",
+ },
+ /* SPARCbook */
+ {
+ .iommu_base = 0x10000000,
+ .tcx_base = 0x50000000, // XXX
+ .slavio_base = 0x70000000,
+ .ms_kb_base = 0x71000000,
+ .serial_base = 0x71100000,
+ .nvram_base = 0x71200000,
+ .fd_base = 0x71400000,
+ .counter_base = 0x71d00000,
+ .intctl_base = 0x71e00000,
+ .idreg_base = 0x78000000,
+ .dma_base = 0x78400000,
+ .esp_base = 0x78800000,
+ .le_base = 0x78c00000,
+ .apc_base = 0x6a000000,
+ .aux1_base = 0x71900000,
+ .aux2_base = 0x71910000,
+ .nvram_machine_id = 0x80,
+ .machine_id = sbook_id,
+ .iommu_version = 0x05000000,
+ .max_mem = 0x10000000,
+ .default_cpu_model = "TI MicroSparc I",
+ },
+};
+
+/* SPARCstation 5 hardware initialisation */
+static void ss5_init(QEMUMachineInitArgs *args)
+{
+ ram_addr_t RAM_size = args->ram_size;
+ const char *cpu_model = args->cpu_model;
+ const char *kernel_filename = args->kernel_filename;
+ const char *kernel_cmdline = args->kernel_cmdline;
+ const char *initrd_filename = args->initrd_filename;
+ const char *boot_device = args->boot_device;
+ sun4m_hw_init(&sun4m_hwdefs[0], RAM_size, boot_device, kernel_filename,
+ kernel_cmdline, initrd_filename, cpu_model);
+}
+
+/* SPARCstation 10 hardware initialisation */
+static void ss10_init(QEMUMachineInitArgs *args)
+{
+ ram_addr_t RAM_size = args->ram_size;
+ const char *cpu_model = args->cpu_model;
+ const char *kernel_filename = args->kernel_filename;
+ const char *kernel_cmdline = args->kernel_cmdline;
+ const char *initrd_filename = args->initrd_filename;
+ const char *boot_device = args->boot_device;
+ sun4m_hw_init(&sun4m_hwdefs[1], RAM_size, boot_device, kernel_filename,
+ kernel_cmdline, initrd_filename, cpu_model);
+}
+
+/* SPARCserver 600MP hardware initialisation */
+static void ss600mp_init(QEMUMachineInitArgs *args)
+{
+ ram_addr_t RAM_size = args->ram_size;
+ const char *cpu_model = args->cpu_model;
+ const char *kernel_filename = args->kernel_filename;
+ const char *kernel_cmdline = args->kernel_cmdline;
+ const char *initrd_filename = args->initrd_filename;
+ const char *boot_device = args->boot_device;
+ sun4m_hw_init(&sun4m_hwdefs[2], RAM_size, boot_device, kernel_filename,
+ kernel_cmdline, initrd_filename, cpu_model);
+}
+
+/* SPARCstation 20 hardware initialisation */
+static void ss20_init(QEMUMachineInitArgs *args)
+{
+ ram_addr_t RAM_size = args->ram_size;
+ const char *cpu_model = args->cpu_model;
+ const char *kernel_filename = args->kernel_filename;
+ const char *kernel_cmdline = args->kernel_cmdline;
+ const char *initrd_filename = args->initrd_filename;
+ const char *boot_device = args->boot_device;
+ sun4m_hw_init(&sun4m_hwdefs[3], RAM_size, boot_device, kernel_filename,
+ kernel_cmdline, initrd_filename, cpu_model);
+}
+
+/* SPARCstation Voyager hardware initialisation */
+static void vger_init(QEMUMachineInitArgs *args)
+{
+ ram_addr_t RAM_size = args->ram_size;
+ const char *cpu_model = args->cpu_model;
+ const char *kernel_filename = args->kernel_filename;
+ const char *kernel_cmdline = args->kernel_cmdline;
+ const char *initrd_filename = args->initrd_filename;
+ const char *boot_device = args->boot_device;
+ sun4m_hw_init(&sun4m_hwdefs[4], RAM_size, boot_device, kernel_filename,
+ kernel_cmdline, initrd_filename, cpu_model);
+}
+
+/* SPARCstation LX hardware initialisation */
+static void ss_lx_init(QEMUMachineInitArgs *args)
+{
+ ram_addr_t RAM_size = args->ram_size;
+ const char *cpu_model = args->cpu_model;
+ const char *kernel_filename = args->kernel_filename;
+ const char *kernel_cmdline = args->kernel_cmdline;
+ const char *initrd_filename = args->initrd_filename;
+ const char *boot_device = args->boot_device;
+ sun4m_hw_init(&sun4m_hwdefs[5], RAM_size, boot_device, kernel_filename,
+ kernel_cmdline, initrd_filename, cpu_model);
+}
+
+/* SPARCstation 4 hardware initialisation */
+static void ss4_init(QEMUMachineInitArgs *args)
+{
+ ram_addr_t RAM_size = args->ram_size;
+ const char *cpu_model = args->cpu_model;
+ const char *kernel_filename = args->kernel_filename;
+ const char *kernel_cmdline = args->kernel_cmdline;
+ const char *initrd_filename = args->initrd_filename;
+ const char *boot_device = args->boot_device;
+ sun4m_hw_init(&sun4m_hwdefs[6], RAM_size, boot_device, kernel_filename,
+ kernel_cmdline, initrd_filename, cpu_model);
+}
+
+/* SPARCClassic hardware initialisation */
+static void scls_init(QEMUMachineInitArgs *args)
+{
+ ram_addr_t RAM_size = args->ram_size;
+ const char *cpu_model = args->cpu_model;
+ const char *kernel_filename = args->kernel_filename;
+ const char *kernel_cmdline = args->kernel_cmdline;
+ const char *initrd_filename = args->initrd_filename;
+ const char *boot_device = args->boot_device;
+ sun4m_hw_init(&sun4m_hwdefs[7], RAM_size, boot_device, kernel_filename,
+ kernel_cmdline, initrd_filename, cpu_model);
+}
+
+/* SPARCbook hardware initialisation */
+static void sbook_init(QEMUMachineInitArgs *args)
+{
+ ram_addr_t RAM_size = args->ram_size;
+ const char *cpu_model = args->cpu_model;
+ const char *kernel_filename = args->kernel_filename;
+ const char *kernel_cmdline = args->kernel_cmdline;
+ const char *initrd_filename = args->initrd_filename;
+ const char *boot_device = args->boot_device;
+ sun4m_hw_init(&sun4m_hwdefs[8], RAM_size, boot_device, kernel_filename,
+ kernel_cmdline, initrd_filename, cpu_model);
+}
+
+static QEMUMachine ss5_machine = {
+ .name = "SS-5",
+ .desc = "Sun4m platform, SPARCstation 5",
+ .init = ss5_init,
+ .block_default_type = IF_SCSI,
+ .is_default = 1,
+ DEFAULT_MACHINE_OPTIONS,
+};
+
+static QEMUMachine ss10_machine = {
+ .name = "SS-10",
+ .desc = "Sun4m platform, SPARCstation 10",
+ .init = ss10_init,
+ .block_default_type = IF_SCSI,
+ .max_cpus = 4,
+ DEFAULT_MACHINE_OPTIONS,
+};
+
+static QEMUMachine ss600mp_machine = {
+ .name = "SS-600MP",
+ .desc = "Sun4m platform, SPARCserver 600MP",
+ .init = ss600mp_init,
+ .block_default_type = IF_SCSI,
+ .max_cpus = 4,
+ DEFAULT_MACHINE_OPTIONS,
+};
+
+static QEMUMachine ss20_machine = {
+ .name = "SS-20",
+ .desc = "Sun4m platform, SPARCstation 20",
+ .init = ss20_init,
+ .block_default_type = IF_SCSI,
+ .max_cpus = 4,
+ DEFAULT_MACHINE_OPTIONS,
+};
+
+static QEMUMachine voyager_machine = {
+ .name = "Voyager",
+ .desc = "Sun4m platform, SPARCstation Voyager",
+ .init = vger_init,
+ .block_default_type = IF_SCSI,
+ DEFAULT_MACHINE_OPTIONS,
+};
+
+static QEMUMachine ss_lx_machine = {
+ .name = "LX",
+ .desc = "Sun4m platform, SPARCstation LX",
+ .init = ss_lx_init,
+ .block_default_type = IF_SCSI,
+ DEFAULT_MACHINE_OPTIONS,
+};
+
+static QEMUMachine ss4_machine = {
+ .name = "SS-4",
+ .desc = "Sun4m platform, SPARCstation 4",
+ .init = ss4_init,
+ .block_default_type = IF_SCSI,
+ DEFAULT_MACHINE_OPTIONS,
+};
+
+static QEMUMachine scls_machine = {
+ .name = "SPARCClassic",
+ .desc = "Sun4m platform, SPARCClassic",
+ .init = scls_init,
+ .block_default_type = IF_SCSI,
+ DEFAULT_MACHINE_OPTIONS,
+};
+
+static QEMUMachine sbook_machine = {
+ .name = "SPARCbook",
+ .desc = "Sun4m platform, SPARCbook",
+ .init = sbook_init,
+ .block_default_type = IF_SCSI,
+ DEFAULT_MACHINE_OPTIONS,
+};
+
+static void sun4m_register_types(void)
+{
+ type_register_static(&idreg_info);
+ type_register_static(&afx_info);
+ type_register_static(&prom_info);
+ type_register_static(&ram_info);
+}
+
+static void sun4m_machine_init(void)
+{
+ qemu_register_machine(&ss5_machine);
+ qemu_register_machine(&ss10_machine);
+ qemu_register_machine(&ss600mp_machine);
+ qemu_register_machine(&ss20_machine);
+ qemu_register_machine(&voyager_machine);
+ qemu_register_machine(&ss_lx_machine);
+ qemu_register_machine(&ss4_machine);
+ qemu_register_machine(&scls_machine);
+ qemu_register_machine(&sbook_machine);
+}
+
+type_init(sun4m_register_types)
+machine_init(sun4m_machine_init);
diff --git a/hw/sparc32_dma.c b/hw/sparc32_dma.c
deleted file mode 100644
index d11a302f2..000000000
--- a/hw/sparc32_dma.c
+++ /dev/null
@@ -1,315 +0,0 @@
-/*
- * QEMU Sparc32 DMA controller emulation
- *
- * Copyright (c) 2006 Fabrice Bellard
- *
- * Modifications:
- * 2010-Feb-14 Artyom Tarasenko : reworked irq generation
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
- * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
- * THE SOFTWARE.
- */
-
-#include "hw.h"
-#include "sparc32_dma.h"
-#include "sun4m.h"
-#include "sysbus.h"
-#include "trace.h"
-
-/*
- * This is the DMA controller part of chip STP2000 (Master I/O), also
- * produced as NCR89C100. See
- * http://www.ibiblio.org/pub/historic-linux/early-ports/Sparc/NCR/NCR89C100.txt
- * and
- * http://www.ibiblio.org/pub/historic-linux/early-ports/Sparc/NCR/DMA2.txt
- */
-
-#define DMA_REGS 4
-#define DMA_SIZE (4 * sizeof(uint32_t))
-/* We need the mask, because one instance of the device is not page
- aligned (ledma, start address 0x0010) */
-#define DMA_MASK (DMA_SIZE - 1)
-/* OBP says 0x20 bytes for ledma, the extras are aliased to espdma */
-#define DMA_ETH_SIZE (8 * sizeof(uint32_t))
-#define DMA_MAX_REG_OFFSET (2 * DMA_SIZE - 1)
-
-#define DMA_VER 0xa0000000
-#define DMA_INTR 1
-#define DMA_INTREN 0x10
-#define DMA_WRITE_MEM 0x100
-#define DMA_EN 0x200
-#define DMA_LOADED 0x04000000
-#define DMA_DRAIN_FIFO 0x40
-#define DMA_RESET 0x80
-
-/* XXX SCSI and ethernet should have different read-only bit masks */
-#define DMA_CSR_RO_MASK 0xfe000007
-
-typedef struct DMAState DMAState;
-
-struct DMAState {
- SysBusDevice busdev;
- MemoryRegion iomem;
- uint32_t dmaregs[DMA_REGS];
- qemu_irq irq;
- void *iommu;
- qemu_irq gpio[2];
- uint32_t is_ledma;
-};
-
-enum {
- GPIO_RESET = 0,
- GPIO_DMA,
-};
-
-/* Note: on sparc, the lance 16 bit bus is swapped */
-void ledma_memory_read(void *opaque, hwaddr addr,
- uint8_t *buf, int len, int do_bswap)
-{
- DMAState *s = opaque;
- int i;
-
- addr |= s->dmaregs[3];
- trace_ledma_memory_read(addr);
- if (do_bswap) {
- sparc_iommu_memory_read(s->iommu, addr, buf, len);
- } else {
- addr &= ~1;
- len &= ~1;
- sparc_iommu_memory_read(s->iommu, addr, buf, len);
- for(i = 0; i < len; i += 2) {
- bswap16s((uint16_t *)(buf + i));
- }
- }
-}
-
-void ledma_memory_write(void *opaque, hwaddr addr,
- uint8_t *buf, int len, int do_bswap)
-{
- DMAState *s = opaque;
- int l, i;
- uint16_t tmp_buf[32];
-
- addr |= s->dmaregs[3];
- trace_ledma_memory_write(addr);
- if (do_bswap) {
- sparc_iommu_memory_write(s->iommu, addr, buf, len);
- } else {
- addr &= ~1;
- len &= ~1;
- while (len > 0) {
- l = len;
- if (l > sizeof(tmp_buf))
- l = sizeof(tmp_buf);
- for(i = 0; i < l; i += 2) {
- tmp_buf[i >> 1] = bswap16(*(uint16_t *)(buf + i));
- }
- sparc_iommu_memory_write(s->iommu, addr, (uint8_t *)tmp_buf, l);
- len -= l;
- buf += l;
- addr += l;
- }
- }
-}
-
-static void dma_set_irq(void *opaque, int irq, int level)
-{
- DMAState *s = opaque;
- if (level) {
- s->dmaregs[0] |= DMA_INTR;
- if (s->dmaregs[0] & DMA_INTREN) {
- trace_sparc32_dma_set_irq_raise();
- qemu_irq_raise(s->irq);
- }
- } else {
- if (s->dmaregs[0] & DMA_INTR) {
- s->dmaregs[0] &= ~DMA_INTR;
- if (s->dmaregs[0] & DMA_INTREN) {
- trace_sparc32_dma_set_irq_lower();
- qemu_irq_lower(s->irq);
- }
- }
- }
-}
-
-void espdma_memory_read(void *opaque, uint8_t *buf, int len)
-{
- DMAState *s = opaque;
-
- trace_espdma_memory_read(s->dmaregs[1]);
- sparc_iommu_memory_read(s->iommu, s->dmaregs[1], buf, len);
- s->dmaregs[1] += len;
-}
-
-void espdma_memory_write(void *opaque, uint8_t *buf, int len)
-{
- DMAState *s = opaque;
-
- trace_espdma_memory_write(s->dmaregs[1]);
- sparc_iommu_memory_write(s->iommu, s->dmaregs[1], buf, len);
- s->dmaregs[1] += len;
-}
-
-static uint64_t dma_mem_read(void *opaque, hwaddr addr,
- unsigned size)
-{
- DMAState *s = opaque;
- uint32_t saddr;
-
- if (s->is_ledma && (addr > DMA_MAX_REG_OFFSET)) {
- /* aliased to espdma, but we can't get there from here */
- /* buggy driver if using undocumented behavior, just return 0 */
- trace_sparc32_dma_mem_readl(addr, 0);
- return 0;
- }
- saddr = (addr & DMA_MASK) >> 2;
- trace_sparc32_dma_mem_readl(addr, s->dmaregs[saddr]);
- return s->dmaregs[saddr];
-}
-
-static void dma_mem_write(void *opaque, hwaddr addr,
- uint64_t val, unsigned size)
-{
- DMAState *s = opaque;
- uint32_t saddr;
-
- if (s->is_ledma && (addr > DMA_MAX_REG_OFFSET)) {
- /* aliased to espdma, but we can't get there from here */
- trace_sparc32_dma_mem_writel(addr, 0, val);
- return;
- }
- saddr = (addr & DMA_MASK) >> 2;
- trace_sparc32_dma_mem_writel(addr, s->dmaregs[saddr], val);
- switch (saddr) {
- case 0:
- if (val & DMA_INTREN) {
- if (s->dmaregs[0] & DMA_INTR) {
- trace_sparc32_dma_set_irq_raise();
- qemu_irq_raise(s->irq);
- }
- } else {
- if (s->dmaregs[0] & (DMA_INTR | DMA_INTREN)) {
- trace_sparc32_dma_set_irq_lower();
- qemu_irq_lower(s->irq);
- }
- }
- if (val & DMA_RESET) {
- qemu_irq_raise(s->gpio[GPIO_RESET]);
- qemu_irq_lower(s->gpio[GPIO_RESET]);
- } else if (val & DMA_DRAIN_FIFO) {
- val &= ~DMA_DRAIN_FIFO;
- } else if (val == 0)
- val = DMA_DRAIN_FIFO;
-
- if (val & DMA_EN && !(s->dmaregs[0] & DMA_EN)) {
- trace_sparc32_dma_enable_raise();
- qemu_irq_raise(s->gpio[GPIO_DMA]);
- } else if (!(val & DMA_EN) && !!(s->dmaregs[0] & DMA_EN)) {
- trace_sparc32_dma_enable_lower();
- qemu_irq_lower(s->gpio[GPIO_DMA]);
- }
-
- val &= ~DMA_CSR_RO_MASK;
- val |= DMA_VER;
- s->dmaregs[0] = (s->dmaregs[0] & DMA_CSR_RO_MASK) | val;
- break;
- case 1:
- s->dmaregs[0] |= DMA_LOADED;
- /* fall through */
- default:
- s->dmaregs[saddr] = val;
- break;
- }
-}
-
-static const MemoryRegionOps dma_mem_ops = {
- .read = dma_mem_read,
- .write = dma_mem_write,
- .endianness = DEVICE_NATIVE_ENDIAN,
- .valid = {
- .min_access_size = 4,
- .max_access_size = 4,
- },
-};
-
-static void dma_reset(DeviceState *d)
-{
- DMAState *s = container_of(d, DMAState, busdev.qdev);
-
- memset(s->dmaregs, 0, DMA_SIZE);
- s->dmaregs[0] = DMA_VER;
-}
-
-static const VMStateDescription vmstate_dma = {
- .name ="sparc32_dma",
- .version_id = 2,
- .minimum_version_id = 2,
- .minimum_version_id_old = 2,
- .fields = (VMStateField []) {
- VMSTATE_UINT32_ARRAY(dmaregs, DMAState, DMA_REGS),
- VMSTATE_END_OF_LIST()
- }
-};
-
-static int sparc32_dma_init1(SysBusDevice *dev)
-{
- DMAState *s = FROM_SYSBUS(DMAState, dev);
- int reg_size;
-
- sysbus_init_irq(dev, &s->irq);
-
- reg_size = s->is_ledma ? DMA_ETH_SIZE : DMA_SIZE;
- memory_region_init_io(&s->iomem, &dma_mem_ops, s, "dma", reg_size);
- sysbus_init_mmio(dev, &s->iomem);
-
- qdev_init_gpio_in(&dev->qdev, dma_set_irq, 1);
- qdev_init_gpio_out(&dev->qdev, s->gpio, 2);
-
- return 0;
-}
-
-static Property sparc32_dma_properties[] = {
- DEFINE_PROP_PTR("iommu_opaque", DMAState, iommu),
- DEFINE_PROP_UINT32("is_ledma", DMAState, is_ledma, 0),
- DEFINE_PROP_END_OF_LIST(),
-};
-
-static void sparc32_dma_class_init(ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS(klass);
- SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
-
- k->init = sparc32_dma_init1;
- dc->reset = dma_reset;
- dc->vmsd = &vmstate_dma;
- dc->props = sparc32_dma_properties;
-}
-
-static TypeInfo sparc32_dma_info = {
- .name = "sparc32_dma",
- .parent = TYPE_SYS_BUS_DEVICE,
- .instance_size = sizeof(DMAState),
- .class_init = sparc32_dma_class_init,
-};
-
-static void sparc32_dma_register_types(void)
-{
- type_register_static(&sparc32_dma_info);
-}
-
-type_init(sparc32_dma_register_types)
diff --git a/hw/sparc32_dma.h b/hw/sparc32_dma.h
deleted file mode 100644
index 9497b13d3..000000000
--- a/hw/sparc32_dma.h
+++ /dev/null
@@ -1,12 +0,0 @@
-#ifndef SPARC32_DMA_H
-#define SPARC32_DMA_H
-
-/* sparc32_dma.c */
-void ledma_memory_read(void *opaque, hwaddr addr,
- uint8_t *buf, int len, int do_bswap);
-void ledma_memory_write(void *opaque, hwaddr addr,
- uint8_t *buf, int len, int do_bswap);
-void espdma_memory_read(void *opaque, uint8_t *buf, int len);
-void espdma_memory_write(void *opaque, uint8_t *buf, int len);
-
-#endif
diff --git a/hw/sparc64/Makefile.objs b/hw/sparc64/Makefile.objs
index 8c65fc421..a84cfe3ec 100644
--- a/hw/sparc64/Makefile.objs
+++ b/hw/sparc64/Makefile.objs
@@ -1,4 +1 @@
-obj-y = sun4u.o apb_pci.o
-obj-y += mc146818rtc.o
-
-obj-y := $(addprefix ../,$(obj-y))
+obj-y += sun4u.o
diff --git a/hw/sparc64/sun4u.c b/hw/sparc64/sun4u.c
new file mode 100644
index 000000000..a7214a3fc
--- /dev/null
+++ b/hw/sparc64/sun4u.c
@@ -0,0 +1,1028 @@
+/*
+ * QEMU Sun4u/Sun4v System Emulator
+ *
+ * Copyright (c) 2005 Fabrice Bellard
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+#include "hw/hw.h"
+#include "hw/pci/pci.h"
+#include "hw/pci-host/apb.h"
+#include "hw/i386/pc.h"
+#include "hw/char/serial.h"
+#include "hw/timer/m48t59.h"
+#include "hw/block/fdc.h"
+#include "net/net.h"
+#include "qemu/timer.h"
+#include "sysemu/sysemu.h"
+#include "hw/boards.h"
+#include "hw/nvram/openbios_firmware_abi.h"
+#include "hw/nvram/fw_cfg.h"
+#include "hw/sysbus.h"
+#include "hw/ide.h"
+#include "hw/loader.h"
+#include "elf.h"
+#include "sysemu/blockdev.h"
+#include "exec/address-spaces.h"
+
+//#define DEBUG_IRQ
+//#define DEBUG_EBUS
+//#define DEBUG_TIMER
+
+#ifdef DEBUG_IRQ
+#define CPUIRQ_DPRINTF(fmt, ...) \
+ do { printf("CPUIRQ: " fmt , ## __VA_ARGS__); } while (0)
+#else
+#define CPUIRQ_DPRINTF(fmt, ...)
+#endif
+
+#ifdef DEBUG_EBUS
+#define EBUS_DPRINTF(fmt, ...) \
+ do { printf("EBUS: " fmt , ## __VA_ARGS__); } while (0)
+#else
+#define EBUS_DPRINTF(fmt, ...)
+#endif
+
+#ifdef DEBUG_TIMER
+#define TIMER_DPRINTF(fmt, ...) \
+ do { printf("TIMER: " fmt , ## __VA_ARGS__); } while (0)
+#else
+#define TIMER_DPRINTF(fmt, ...)
+#endif
+
+#define KERNEL_LOAD_ADDR 0x00404000
+#define CMDLINE_ADDR 0x003ff000
+#define PROM_SIZE_MAX (4 * 1024 * 1024)
+#define PROM_VADDR 0x000ffd00000ULL
+#define APB_SPECIAL_BASE 0x1fe00000000ULL
+#define APB_MEM_BASE 0x1ff00000000ULL
+#define APB_PCI_IO_BASE (APB_SPECIAL_BASE + 0x02000000ULL)
+#define PROM_FILENAME "openbios-sparc64"
+#define NVRAM_SIZE 0x2000
+#define MAX_IDE_BUS 2
+#define BIOS_CFG_IOPORT 0x510
+#define FW_CFG_SPARC64_WIDTH (FW_CFG_ARCH_LOCAL + 0x00)
+#define FW_CFG_SPARC64_HEIGHT (FW_CFG_ARCH_LOCAL + 0x01)
+#define FW_CFG_SPARC64_DEPTH (FW_CFG_ARCH_LOCAL + 0x02)
+
+#define IVEC_MAX 0x40
+
+#define TICK_MAX 0x7fffffffffffffffULL
+
+struct hwdef {
+ const char * const default_cpu_model;
+ uint16_t machine_id;
+ uint64_t prom_addr;
+ uint64_t console_serial_base;
+};
+
+typedef struct EbusState {
+ PCIDevice pci_dev;
+ MemoryRegion bar0;
+ MemoryRegion bar1;
+} EbusState;
+
+int DMA_get_channel_mode (int nchan)
+{
+ return 0;
+}
+int DMA_read_memory (int nchan, void *buf, int pos, int size)
+{
+ return 0;
+}
+int DMA_write_memory (int nchan, void *buf, int pos, int size)
+{
+ return 0;
+}
+void DMA_hold_DREQ (int nchan) {}
+void DMA_release_DREQ (int nchan) {}
+void DMA_schedule(int nchan) {}
+
+void DMA_init(int high_page_enable, qemu_irq *cpu_request_exit)
+{
+}
+
+void DMA_register_channel (int nchan,
+ DMA_transfer_handler transfer_handler,
+ void *opaque)
+{
+}
+
+static int fw_cfg_boot_set(void *opaque, const char *boot_device)
+{
+ fw_cfg_add_i16(opaque, FW_CFG_BOOT_DEVICE, boot_device[0]);
+ return 0;
+}
+
+static int sun4u_NVRAM_set_params(M48t59State *nvram, uint16_t NVRAM_size,
+ const char *arch, ram_addr_t RAM_size,
+ const char *boot_devices,
+ uint32_t kernel_image, uint32_t kernel_size,
+ const char *cmdline,
+ uint32_t initrd_image, uint32_t initrd_size,
+ uint32_t NVRAM_image,
+ int width, int height, int depth,
+ const uint8_t *macaddr)
+{
+ unsigned int i;
+ uint32_t start, end;
+ uint8_t image[0x1ff0];
+ struct OpenBIOS_nvpart_v1 *part_header;
+
+ memset(image, '\0', sizeof(image));
+
+ start = 0;
+
+ // OpenBIOS nvram variables
+ // Variable partition
+ part_header = (struct OpenBIOS_nvpart_v1 *)&image[start];
+ part_header->signature = OPENBIOS_PART_SYSTEM;
+ pstrcpy(part_header->name, sizeof(part_header->name), "system");
+
+ end = start + sizeof(struct OpenBIOS_nvpart_v1);
+ for (i = 0; i < nb_prom_envs; i++)
+ end = OpenBIOS_set_var(image, end, prom_envs[i]);
+
+ // End marker
+ image[end++] = '\0';
+
+ end = start + ((end - start + 15) & ~15);
+ OpenBIOS_finish_partition(part_header, end - start);
+
+ // free partition
+ start = end;
+ part_header = (struct OpenBIOS_nvpart_v1 *)&image[start];
+ part_header->signature = OPENBIOS_PART_FREE;
+ pstrcpy(part_header->name, sizeof(part_header->name), "free");
+
+ end = 0x1fd0;
+ OpenBIOS_finish_partition(part_header, end - start);
+
+ Sun_init_header((struct Sun_nvram *)&image[0x1fd8], macaddr, 0x80);
+
+ for (i = 0; i < sizeof(image); i++)
+ m48t59_write(nvram, i, image[i]);
+
+ return 0;
+}
+
+static uint64_t sun4u_load_kernel(const char *kernel_filename,
+ const char *initrd_filename,
+ ram_addr_t RAM_size, uint64_t *initrd_size,
+ uint64_t *initrd_addr, uint64_t *kernel_addr,
+ uint64_t *kernel_entry)
+{
+ int linux_boot;
+ unsigned int i;
+ long kernel_size;
+ uint8_t *ptr;
+ uint64_t kernel_top;
+
+ linux_boot = (kernel_filename != NULL);
+
+ kernel_size = 0;
+ if (linux_boot) {
+ int bswap_needed;
+
+#ifdef BSWAP_NEEDED
+ bswap_needed = 1;
+#else
+ bswap_needed = 0;
+#endif
+ kernel_size = load_elf(kernel_filename, NULL, NULL, kernel_entry,
+ kernel_addr, &kernel_top, 1, ELF_MACHINE, 0);
+ if (kernel_size < 0) {
+ *kernel_addr = KERNEL_LOAD_ADDR;
+ *kernel_entry = KERNEL_LOAD_ADDR;
+ kernel_size = load_aout(kernel_filename, KERNEL_LOAD_ADDR,
+ RAM_size - KERNEL_LOAD_ADDR, bswap_needed,
+ TARGET_PAGE_SIZE);
+ }
+ if (kernel_size < 0) {
+ kernel_size = load_image_targphys(kernel_filename,
+ KERNEL_LOAD_ADDR,
+ RAM_size - KERNEL_LOAD_ADDR);
+ }
+ if (kernel_size < 0) {
+ fprintf(stderr, "qemu: could not load kernel '%s'\n",
+ kernel_filename);
+ exit(1);
+ }
+ /* load initrd above kernel */
+ *initrd_size = 0;
+ if (initrd_filename) {
+ *initrd_addr = TARGET_PAGE_ALIGN(kernel_top);
+
+ *initrd_size = load_image_targphys(initrd_filename,
+ *initrd_addr,
+ RAM_size - *initrd_addr);
+ if ((int)*initrd_size < 0) {
+ fprintf(stderr, "qemu: could not load initial ram disk '%s'\n",
+ initrd_filename);
+ exit(1);
+ }
+ }
+ if (*initrd_size > 0) {
+ for (i = 0; i < 64 * TARGET_PAGE_SIZE; i += TARGET_PAGE_SIZE) {
+ ptr = rom_ptr(*kernel_addr + i);
+ if (ldl_p(ptr + 8) == 0x48647253) { /* HdrS */
+ stl_p(ptr + 24, *initrd_addr + *kernel_addr);
+ stl_p(ptr + 28, *initrd_size);
+ break;
+ }
+ }
+ }
+ }
+ return kernel_size;
+}
+
+void cpu_check_irqs(CPUSPARCState *env)
+{
+ CPUState *cs;
+ uint32_t pil = env->pil_in |
+ (env->softint & ~(SOFTINT_TIMER | SOFTINT_STIMER));
+
+ /* TT_IVEC has a higher priority (16) than TT_EXTINT (31..17) */
+ if (env->ivec_status & 0x20) {
+ return;
+ }
+ cs = CPU(sparc_env_get_cpu(env));
+ /* check if TM or SM in SOFTINT are set
+ setting these also causes interrupt 14 */
+ if (env->softint & (SOFTINT_TIMER | SOFTINT_STIMER)) {
+ pil |= 1 << 14;
+ }
+
+ /* The bit corresponding to psrpil is (1<< psrpil), the next bit
+ is (2 << psrpil). */
+ if (pil < (2 << env->psrpil)){
+ if (cs->interrupt_request & CPU_INTERRUPT_HARD) {
+ CPUIRQ_DPRINTF("Reset CPU IRQ (current interrupt %x)\n",
+ env->interrupt_index);
+ env->interrupt_index = 0;
+ cpu_reset_interrupt(cs, CPU_INTERRUPT_HARD);
+ }
+ return;
+ }
+
+ if (cpu_interrupts_enabled(env)) {
+
+ unsigned int i;
+
+ for (i = 15; i > env->psrpil; i--) {
+ if (pil & (1 << i)) {
+ int old_interrupt = env->interrupt_index;
+ int new_interrupt = TT_EXTINT | i;
+
+ if (unlikely(env->tl > 0 && cpu_tsptr(env)->tt > new_interrupt
+ && ((cpu_tsptr(env)->tt & 0x1f0) == TT_EXTINT))) {
+ CPUIRQ_DPRINTF("Not setting CPU IRQ: TL=%d "
+ "current %x >= pending %x\n",
+ env->tl, cpu_tsptr(env)->tt, new_interrupt);
+ } else if (old_interrupt != new_interrupt) {
+ env->interrupt_index = new_interrupt;
+ CPUIRQ_DPRINTF("Set CPU IRQ %d old=%x new=%x\n", i,
+ old_interrupt, new_interrupt);
+ cpu_interrupt(cs, CPU_INTERRUPT_HARD);
+ }
+ break;
+ }
+ }
+ } else if (cs->interrupt_request & CPU_INTERRUPT_HARD) {
+ CPUIRQ_DPRINTF("Interrupts disabled, pil=%08x pil_in=%08x softint=%08x "
+ "current interrupt %x\n",
+ pil, env->pil_in, env->softint, env->interrupt_index);
+ env->interrupt_index = 0;
+ cpu_reset_interrupt(cs, CPU_INTERRUPT_HARD);
+ }
+}
+
+static void cpu_kick_irq(SPARCCPU *cpu)
+{
+ CPUState *cs = CPU(cpu);
+ CPUSPARCState *env = &cpu->env;
+
+ cs->halted = 0;
+ cpu_check_irqs(env);
+ qemu_cpu_kick(cs);
+}
+
+static void cpu_set_ivec_irq(void *opaque, int irq, int level)
+{
+ SPARCCPU *cpu = opaque;
+ CPUSPARCState *env = &cpu->env;
+ CPUState *cs;
+
+ if (level) {
+ if (!(env->ivec_status & 0x20)) {
+ CPUIRQ_DPRINTF("Raise IVEC IRQ %d\n", irq);
+ cs = CPU(cpu);
+ cs->halted = 0;
+ env->interrupt_index = TT_IVEC;
+ env->ivec_status |= 0x20;
+ env->ivec_data[0] = (0x1f << 6) | irq;
+ env->ivec_data[1] = 0;
+ env->ivec_data[2] = 0;
+ cpu_interrupt(cs, CPU_INTERRUPT_HARD);
+ }
+ } else {
+ if (env->ivec_status & 0x20) {
+ CPUIRQ_DPRINTF("Lower IVEC IRQ %d\n", irq);
+ cs = CPU(cpu);
+ env->ivec_status &= ~0x20;
+ cpu_reset_interrupt(cs, CPU_INTERRUPT_HARD);
+ }
+ }
+}
+
+typedef struct ResetData {
+ SPARCCPU *cpu;
+ uint64_t prom_addr;
+} ResetData;
+
+void cpu_put_timer(QEMUFile *f, CPUTimer *s)
+{
+ qemu_put_be32s(f, &s->frequency);
+ qemu_put_be32s(f, &s->disabled);
+ qemu_put_be64s(f, &s->disabled_mask);
+ qemu_put_sbe64s(f, &s->clock_offset);
+
+ qemu_put_timer(f, s->qtimer);
+}
+
+void cpu_get_timer(QEMUFile *f, CPUTimer *s)
+{
+ qemu_get_be32s(f, &s->frequency);
+ qemu_get_be32s(f, &s->disabled);
+ qemu_get_be64s(f, &s->disabled_mask);
+ qemu_get_sbe64s(f, &s->clock_offset);
+
+ qemu_get_timer(f, s->qtimer);
+}
+
+static CPUTimer *cpu_timer_create(const char *name, SPARCCPU *cpu,
+ QEMUBHFunc *cb, uint32_t frequency,
+ uint64_t disabled_mask)
+{
+ CPUTimer *timer = g_malloc0(sizeof (CPUTimer));
+
+ timer->name = name;
+ timer->frequency = frequency;
+ timer->disabled_mask = disabled_mask;
+
+ timer->disabled = 1;
+ timer->clock_offset = qemu_get_clock_ns(vm_clock);
+
+ timer->qtimer = qemu_new_timer_ns(vm_clock, cb, cpu);
+
+ return timer;
+}
+
+static void cpu_timer_reset(CPUTimer *timer)
+{
+ timer->disabled = 1;
+ timer->clock_offset = qemu_get_clock_ns(vm_clock);
+
+ qemu_del_timer(timer->qtimer);
+}
+
+static void main_cpu_reset(void *opaque)
+{
+ ResetData *s = (ResetData *)opaque;
+ CPUSPARCState *env = &s->cpu->env;
+ static unsigned int nr_resets;
+
+ cpu_reset(CPU(s->cpu));
+
+ cpu_timer_reset(env->tick);
+ cpu_timer_reset(env->stick);
+ cpu_timer_reset(env->hstick);
+
+ env->gregs[1] = 0; // Memory start
+ env->gregs[2] = ram_size; // Memory size
+ env->gregs[3] = 0; // Machine description XXX
+ if (nr_resets++ == 0) {
+ /* Power on reset */
+ env->pc = s->prom_addr + 0x20ULL;
+ } else {
+ env->pc = s->prom_addr + 0x40ULL;
+ }
+ env->npc = env->pc + 4;
+}
+
+static void tick_irq(void *opaque)
+{
+ SPARCCPU *cpu = opaque;
+ CPUSPARCState *env = &cpu->env;
+
+ CPUTimer* timer = env->tick;
+
+ if (timer->disabled) {
+ CPUIRQ_DPRINTF("tick_irq: softint disabled\n");
+ return;
+ } else {
+ CPUIRQ_DPRINTF("tick: fire\n");
+ }
+
+ env->softint |= SOFTINT_TIMER;
+ cpu_kick_irq(cpu);
+}
+
+static void stick_irq(void *opaque)
+{
+ SPARCCPU *cpu = opaque;
+ CPUSPARCState *env = &cpu->env;
+
+ CPUTimer* timer = env->stick;
+
+ if (timer->disabled) {
+ CPUIRQ_DPRINTF("stick_irq: softint disabled\n");
+ return;
+ } else {
+ CPUIRQ_DPRINTF("stick: fire\n");
+ }
+
+ env->softint |= SOFTINT_STIMER;
+ cpu_kick_irq(cpu);
+}
+
+static void hstick_irq(void *opaque)
+{
+ SPARCCPU *cpu = opaque;
+ CPUSPARCState *env = &cpu->env;
+
+ CPUTimer* timer = env->hstick;
+
+ if (timer->disabled) {
+ CPUIRQ_DPRINTF("hstick_irq: softint disabled\n");
+ return;
+ } else {
+ CPUIRQ_DPRINTF("hstick: fire\n");
+ }
+
+ env->softint |= SOFTINT_STIMER;
+ cpu_kick_irq(cpu);
+}
+
+static int64_t cpu_to_timer_ticks(int64_t cpu_ticks, uint32_t frequency)
+{
+ return muldiv64(cpu_ticks, get_ticks_per_sec(), frequency);
+}
+
+static uint64_t timer_to_cpu_ticks(int64_t timer_ticks, uint32_t frequency)
+{
+ return muldiv64(timer_ticks, frequency, get_ticks_per_sec());
+}
+
+void cpu_tick_set_count(CPUTimer *timer, uint64_t count)
+{
+ uint64_t real_count = count & ~timer->disabled_mask;
+ uint64_t disabled_bit = count & timer->disabled_mask;
+
+ int64_t vm_clock_offset = qemu_get_clock_ns(vm_clock) -
+ cpu_to_timer_ticks(real_count, timer->frequency);
+
+ TIMER_DPRINTF("%s set_count count=0x%016lx (%s) p=%p\n",
+ timer->name, real_count,
+ timer->disabled?"disabled":"enabled", timer);
+
+ timer->disabled = disabled_bit ? 1 : 0;
+ timer->clock_offset = vm_clock_offset;
+}
+
+uint64_t cpu_tick_get_count(CPUTimer *timer)
+{
+ uint64_t real_count = timer_to_cpu_ticks(
+ qemu_get_clock_ns(vm_clock) - timer->clock_offset,
+ timer->frequency);
+
+ TIMER_DPRINTF("%s get_count count=0x%016lx (%s) p=%p\n",
+ timer->name, real_count,
+ timer->disabled?"disabled":"enabled", timer);
+
+ if (timer->disabled)
+ real_count |= timer->disabled_mask;
+
+ return real_count;
+}
+
+void cpu_tick_set_limit(CPUTimer *timer, uint64_t limit)
+{
+ int64_t now = qemu_get_clock_ns(vm_clock);
+
+ uint64_t real_limit = limit & ~timer->disabled_mask;
+ timer->disabled = (limit & timer->disabled_mask) ? 1 : 0;
+
+ int64_t expires = cpu_to_timer_ticks(real_limit, timer->frequency) +
+ timer->clock_offset;
+
+ if (expires < now) {
+ expires = now + 1;
+ }
+
+ TIMER_DPRINTF("%s set_limit limit=0x%016lx (%s) p=%p "
+ "called with limit=0x%016lx at 0x%016lx (delta=0x%016lx)\n",
+ timer->name, real_limit,
+ timer->disabled?"disabled":"enabled",
+ timer, limit,
+ timer_to_cpu_ticks(now - timer->clock_offset,
+ timer->frequency),
+ timer_to_cpu_ticks(expires - now, timer->frequency));
+
+ if (!real_limit) {
+ TIMER_DPRINTF("%s set_limit limit=ZERO - not starting timer\n",
+ timer->name);
+ qemu_del_timer(timer->qtimer);
+ } else if (timer->disabled) {
+ qemu_del_timer(timer->qtimer);
+ } else {
+ qemu_mod_timer(timer->qtimer, expires);
+ }
+}
+
+static void isa_irq_handler(void *opaque, int n, int level)
+{
+ static const int isa_irq_to_ivec[16] = {
+ [1] = 0x29, /* keyboard */
+ [4] = 0x2b, /* serial */
+ [6] = 0x27, /* floppy */
+ [7] = 0x22, /* parallel */
+ [12] = 0x2a, /* mouse */
+ };
+ qemu_irq *irqs = opaque;
+ int ivec;
+
+ assert(n < 16);
+ ivec = isa_irq_to_ivec[n];
+ EBUS_DPRINTF("Set ISA IRQ %d level %d -> ivec 0x%x\n", n, level, ivec);
+ if (ivec) {
+ qemu_set_irq(irqs[ivec], level);
+ }
+}
+
+/* EBUS (Eight bit bus) bridge */
+static ISABus *
+pci_ebus_init(PCIBus *bus, int devfn, qemu_irq *irqs)
+{
+ qemu_irq *isa_irq;
+ PCIDevice *pci_dev;
+ ISABus *isa_bus;
+
+ pci_dev = pci_create_simple(bus, devfn, "ebus");
+ isa_bus = ISA_BUS(qdev_get_child_bus(DEVICE(pci_dev), "isa.0"));
+ isa_irq = qemu_allocate_irqs(isa_irq_handler, irqs, 16);
+ isa_bus_irqs(isa_bus, isa_irq);
+ return isa_bus;
+}
+
+static int
+pci_ebus_init1(PCIDevice *pci_dev)
+{
+ EbusState *s = DO_UPCAST(EbusState, pci_dev, pci_dev);
+
+ isa_bus_new(&pci_dev->qdev, pci_address_space_io(pci_dev));
+
+ pci_dev->config[0x04] = 0x06; // command = bus master, pci mem
+ pci_dev->config[0x05] = 0x00;
+ pci_dev->config[0x06] = 0xa0; // status = fast back-to-back, 66MHz, no error
+ pci_dev->config[0x07] = 0x03; // status = medium devsel
+ pci_dev->config[0x09] = 0x00; // programming i/f
+ pci_dev->config[0x0D] = 0x0a; // latency_timer
+
+ memory_region_init_alias(&s->bar0, OBJECT(s), "bar0", get_system_io(),
+ 0, 0x1000000);
+ pci_register_bar(pci_dev, 0, PCI_BASE_ADDRESS_SPACE_MEMORY, &s->bar0);
+ memory_region_init_alias(&s->bar1, OBJECT(s), "bar1", get_system_io(),
+ 0, 0x800000);
+ pci_register_bar(pci_dev, 1, PCI_BASE_ADDRESS_SPACE_MEMORY, &s->bar1);
+ return 0;
+}
+
+static void ebus_class_init(ObjectClass *klass, void *data)
+{
+ PCIDeviceClass *k = PCI_DEVICE_CLASS(klass);
+
+ k->init = pci_ebus_init1;
+ k->vendor_id = PCI_VENDOR_ID_SUN;
+ k->device_id = PCI_DEVICE_ID_SUN_EBUS;
+ k->revision = 0x01;
+ k->class_id = PCI_CLASS_BRIDGE_OTHER;
+}
+
+static const TypeInfo ebus_info = {
+ .name = "ebus",
+ .parent = TYPE_PCI_DEVICE,
+ .instance_size = sizeof(EbusState),
+ .class_init = ebus_class_init,
+};
+
+#define TYPE_OPENPROM "openprom"
+#define OPENPROM(obj) OBJECT_CHECK(PROMState, (obj), TYPE_OPENPROM)
+
+typedef struct PROMState {
+ SysBusDevice parent_obj;
+
+ MemoryRegion prom;
+} PROMState;
+
+static uint64_t translate_prom_address(void *opaque, uint64_t addr)
+{
+ hwaddr *base_addr = (hwaddr *)opaque;
+ return addr + *base_addr - PROM_VADDR;
+}
+
+/* Boot PROM (OpenBIOS) */
+static void prom_init(hwaddr addr, const char *bios_name)
+{
+ DeviceState *dev;
+ SysBusDevice *s;
+ char *filename;
+ int ret;
+
+ dev = qdev_create(NULL, TYPE_OPENPROM);
+ qdev_init_nofail(dev);
+ s = SYS_BUS_DEVICE(dev);
+
+ sysbus_mmio_map(s, 0, addr);
+
+ /* load boot prom */
+ if (bios_name == NULL) {
+ bios_name = PROM_FILENAME;
+ }
+ filename = qemu_find_file(QEMU_FILE_TYPE_BIOS, bios_name);
+ if (filename) {
+ ret = load_elf(filename, translate_prom_address, &addr,
+ NULL, NULL, NULL, 1, ELF_MACHINE, 0);
+ if (ret < 0 || ret > PROM_SIZE_MAX) {
+ ret = load_image_targphys(filename, addr, PROM_SIZE_MAX);
+ }
+ g_free(filename);
+ } else {
+ ret = -1;
+ }
+ if (ret < 0 || ret > PROM_SIZE_MAX) {
+ fprintf(stderr, "qemu: could not load prom '%s'\n", bios_name);
+ exit(1);
+ }
+}
+
+static int prom_init1(SysBusDevice *dev)
+{
+ PROMState *s = OPENPROM(dev);
+
+ memory_region_init_ram(&s->prom, OBJECT(s), "sun4u.prom", PROM_SIZE_MAX);
+ vmstate_register_ram_global(&s->prom);
+ memory_region_set_readonly(&s->prom, true);
+ sysbus_init_mmio(dev, &s->prom);
+ return 0;
+}
+
+static Property prom_properties[] = {
+ {/* end of property list */},
+};
+
+static void prom_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
+
+ k->init = prom_init1;
+ dc->props = prom_properties;
+}
+
+static const TypeInfo prom_info = {
+ .name = TYPE_OPENPROM,
+ .parent = TYPE_SYS_BUS_DEVICE,
+ .instance_size = sizeof(PROMState),
+ .class_init = prom_class_init,
+};
+
+
+#define TYPE_SUN4U_MEMORY "memory"
+#define SUN4U_RAM(obj) OBJECT_CHECK(RamDevice, (obj), TYPE_SUN4U_MEMORY)
+
+typedef struct RamDevice {
+ SysBusDevice parent_obj;
+
+ MemoryRegion ram;
+ uint64_t size;
+} RamDevice;
+
+/* System RAM */
+static int ram_init1(SysBusDevice *dev)
+{
+ RamDevice *d = SUN4U_RAM(dev);
+
+ memory_region_init_ram(&d->ram, OBJECT(d), "sun4u.ram", d->size);
+ vmstate_register_ram_global(&d->ram);
+ sysbus_init_mmio(dev, &d->ram);
+ return 0;
+}
+
+static void ram_init(hwaddr addr, ram_addr_t RAM_size)
+{
+ DeviceState *dev;
+ SysBusDevice *s;
+ RamDevice *d;
+
+ /* allocate RAM */
+ dev = qdev_create(NULL, TYPE_SUN4U_MEMORY);
+ s = SYS_BUS_DEVICE(dev);
+
+ d = SUN4U_RAM(dev);
+ d->size = RAM_size;
+ qdev_init_nofail(dev);
+
+ sysbus_mmio_map(s, 0, addr);
+}
+
+static Property ram_properties[] = {
+ DEFINE_PROP_UINT64("size", RamDevice, size, 0),
+ DEFINE_PROP_END_OF_LIST(),
+};
+
+static void ram_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
+
+ k->init = ram_init1;
+ dc->props = ram_properties;
+}
+
+static const TypeInfo ram_info = {
+ .name = TYPE_SUN4U_MEMORY,
+ .parent = TYPE_SYS_BUS_DEVICE,
+ .instance_size = sizeof(RamDevice),
+ .class_init = ram_class_init,
+};
+
+static SPARCCPU *cpu_devinit(const char *cpu_model, const struct hwdef *hwdef)
+{
+ SPARCCPU *cpu;
+ CPUSPARCState *env;
+ ResetData *reset_info;
+
+ uint32_t tick_frequency = 100*1000000;
+ uint32_t stick_frequency = 100*1000000;
+ uint32_t hstick_frequency = 100*1000000;
+
+ if (cpu_model == NULL) {
+ cpu_model = hwdef->default_cpu_model;
+ }
+ cpu = cpu_sparc_init(cpu_model);
+ if (cpu == NULL) {
+ fprintf(stderr, "Unable to find Sparc CPU definition\n");
+ exit(1);
+ }
+ env = &cpu->env;
+
+ env->tick = cpu_timer_create("tick", cpu, tick_irq,
+ tick_frequency, TICK_NPT_MASK);
+
+ env->stick = cpu_timer_create("stick", cpu, stick_irq,
+ stick_frequency, TICK_INT_DIS);
+
+ env->hstick = cpu_timer_create("hstick", cpu, hstick_irq,
+ hstick_frequency, TICK_INT_DIS);
+
+ reset_info = g_malloc0(sizeof(ResetData));
+ reset_info->cpu = cpu;
+ reset_info->prom_addr = hwdef->prom_addr;
+ qemu_register_reset(main_cpu_reset, reset_info);
+
+ return cpu;
+}
+
+static void sun4uv_init(MemoryRegion *address_space_mem,
+ ram_addr_t RAM_size,
+ const char *boot_devices,
+ const char *kernel_filename, const char *kernel_cmdline,
+ const char *initrd_filename, const char *cpu_model,
+ const struct hwdef *hwdef)
+{
+ SPARCCPU *cpu;
+ M48t59State *nvram;
+ unsigned int i;
+ uint64_t initrd_addr, initrd_size, kernel_addr, kernel_size, kernel_entry;
+ PCIBus *pci_bus, *pci_bus2, *pci_bus3;
+ ISABus *isa_bus;
+ qemu_irq *ivec_irqs, *pbm_irqs;
+ DriveInfo *hd[MAX_IDE_BUS * MAX_IDE_DEVS];
+ DriveInfo *fd[MAX_FD];
+ FWCfgState *fw_cfg;
+
+ /* init CPUs */
+ cpu = cpu_devinit(cpu_model, hwdef);
+
+ /* set up devices */
+ ram_init(0, RAM_size);
+
+ prom_init(hwdef->prom_addr, bios_name);
+
+ ivec_irqs = qemu_allocate_irqs(cpu_set_ivec_irq, cpu, IVEC_MAX);
+ pci_bus = pci_apb_init(APB_SPECIAL_BASE, APB_MEM_BASE, ivec_irqs, &pci_bus2,
+ &pci_bus3, &pbm_irqs);
+ pci_vga_init(pci_bus);
+
+ // XXX Should be pci_bus3
+ isa_bus = pci_ebus_init(pci_bus, -1, pbm_irqs);
+
+ i = 0;
+ if (hwdef->console_serial_base) {
+ serial_mm_init(address_space_mem, hwdef->console_serial_base, 0,
+ NULL, 115200, serial_hds[i], DEVICE_BIG_ENDIAN);
+ i++;
+ }
+ for(; i < MAX_SERIAL_PORTS; i++) {
+ if (serial_hds[i]) {
+ serial_isa_init(isa_bus, i, serial_hds[i]);
+ }
+ }
+
+ for(i = 0; i < MAX_PARALLEL_PORTS; i++) {
+ if (parallel_hds[i]) {
+ parallel_init(isa_bus, i, parallel_hds[i]);
+ }
+ }
+
+ for(i = 0; i < nb_nics; i++)
+ pci_nic_init_nofail(&nd_table[i], pci_bus, "ne2k_pci", NULL);
+
+ ide_drive_get(hd, MAX_IDE_BUS);
+
+ pci_cmd646_ide_init(pci_bus, hd, 1);
+
+ isa_create_simple(isa_bus, "i8042");
+ for(i = 0; i < MAX_FD; i++) {
+ fd[i] = drive_get(IF_FLOPPY, 0, i);
+ }
+ fdctrl_init_isa(isa_bus, fd);
+ nvram = m48t59_init_isa(isa_bus, 0x0074, NVRAM_SIZE, 59);
+
+ initrd_size = 0;
+ initrd_addr = 0;
+ kernel_size = sun4u_load_kernel(kernel_filename, initrd_filename,
+ ram_size, &initrd_size, &initrd_addr,
+ &kernel_addr, &kernel_entry);
+
+ sun4u_NVRAM_set_params(nvram, NVRAM_SIZE, "Sun4u", RAM_size, boot_devices,
+ kernel_addr, kernel_size,
+ kernel_cmdline,
+ initrd_addr, initrd_size,
+ /* XXX: need an option to load a NVRAM image */
+ 0,
+ graphic_width, graphic_height, graphic_depth,
+ (uint8_t *)&nd_table[0].macaddr);
+
+ fw_cfg = fw_cfg_init(BIOS_CFG_IOPORT, BIOS_CFG_IOPORT + 1, 0, 0);
+ fw_cfg_add_i16(fw_cfg, FW_CFG_MAX_CPUS, (uint16_t)max_cpus);
+ fw_cfg_add_i32(fw_cfg, FW_CFG_ID, 1);
+ fw_cfg_add_i64(fw_cfg, FW_CFG_RAM_SIZE, (uint64_t)ram_size);
+ fw_cfg_add_i16(fw_cfg, FW_CFG_MACHINE_ID, hwdef->machine_id);
+ fw_cfg_add_i64(fw_cfg, FW_CFG_KERNEL_ADDR, kernel_entry);
+ fw_cfg_add_i64(fw_cfg, FW_CFG_KERNEL_SIZE, kernel_size);
+ if (kernel_cmdline) {
+ fw_cfg_add_i32(fw_cfg, FW_CFG_CMDLINE_SIZE,
+ strlen(kernel_cmdline) + 1);
+ fw_cfg_add_string(fw_cfg, FW_CFG_CMDLINE_DATA, kernel_cmdline);
+ } else {
+ fw_cfg_add_i32(fw_cfg, FW_CFG_CMDLINE_SIZE, 0);
+ }
+ fw_cfg_add_i64(fw_cfg, FW_CFG_INITRD_ADDR, initrd_addr);
+ fw_cfg_add_i64(fw_cfg, FW_CFG_INITRD_SIZE, initrd_size);
+ fw_cfg_add_i16(fw_cfg, FW_CFG_BOOT_DEVICE, boot_devices[0]);
+
+ fw_cfg_add_i16(fw_cfg, FW_CFG_SPARC64_WIDTH, graphic_width);
+ fw_cfg_add_i16(fw_cfg, FW_CFG_SPARC64_HEIGHT, graphic_height);
+ fw_cfg_add_i16(fw_cfg, FW_CFG_SPARC64_DEPTH, graphic_depth);
+
+ qemu_register_boot_set(fw_cfg_boot_set, fw_cfg);
+}
+
+enum {
+ sun4u_id = 0,
+ sun4v_id = 64,
+ niagara_id,
+};
+
+static const struct hwdef hwdefs[] = {
+ /* Sun4u generic PC-like machine */
+ {
+ .default_cpu_model = "TI UltraSparc IIi",
+ .machine_id = sun4u_id,
+ .prom_addr = 0x1fff0000000ULL,
+ .console_serial_base = 0,
+ },
+ /* Sun4v generic PC-like machine */
+ {
+ .default_cpu_model = "Sun UltraSparc T1",
+ .machine_id = sun4v_id,
+ .prom_addr = 0x1fff0000000ULL,
+ .console_serial_base = 0,
+ },
+ /* Sun4v generic Niagara machine */
+ {
+ .default_cpu_model = "Sun UltraSparc T1",
+ .machine_id = niagara_id,
+ .prom_addr = 0xfff0000000ULL,
+ .console_serial_base = 0xfff0c2c000ULL,
+ },
+};
+
+/* Sun4u hardware initialisation */
+static void sun4u_init(QEMUMachineInitArgs *args)
+{
+ ram_addr_t RAM_size = args->ram_size;
+ const char *cpu_model = args->cpu_model;
+ const char *kernel_filename = args->kernel_filename;
+ const char *kernel_cmdline = args->kernel_cmdline;
+ const char *initrd_filename = args->initrd_filename;
+ const char *boot_devices = args->boot_device;
+ sun4uv_init(get_system_memory(), RAM_size, boot_devices, kernel_filename,
+ kernel_cmdline, initrd_filename, cpu_model, &hwdefs[0]);
+}
+
+/* Sun4v hardware initialisation */
+static void sun4v_init(QEMUMachineInitArgs *args)
+{
+ ram_addr_t RAM_size = args->ram_size;
+ const char *cpu_model = args->cpu_model;
+ const char *kernel_filename = args->kernel_filename;
+ const char *kernel_cmdline = args->kernel_cmdline;
+ const char *initrd_filename = args->initrd_filename;
+ const char *boot_devices = args->boot_device;
+ sun4uv_init(get_system_memory(), RAM_size, boot_devices, kernel_filename,
+ kernel_cmdline, initrd_filename, cpu_model, &hwdefs[1]);
+}
+
+/* Niagara hardware initialisation */
+static void niagara_init(QEMUMachineInitArgs *args)
+{
+ ram_addr_t RAM_size = args->ram_size;
+ const char *cpu_model = args->cpu_model;
+ const char *kernel_filename = args->kernel_filename;
+ const char *kernel_cmdline = args->kernel_cmdline;
+ const char *initrd_filename = args->initrd_filename;
+ const char *boot_devices = args->boot_device;
+ sun4uv_init(get_system_memory(), RAM_size, boot_devices, kernel_filename,
+ kernel_cmdline, initrd_filename, cpu_model, &hwdefs[2]);
+}
+
+static QEMUMachine sun4u_machine = {
+ .name = "sun4u",
+ .desc = "Sun4u platform",
+ .init = sun4u_init,
+ .max_cpus = 1, // XXX for now
+ .is_default = 1,
+ DEFAULT_MACHINE_OPTIONS,
+};
+
+static QEMUMachine sun4v_machine = {
+ .name = "sun4v",
+ .desc = "Sun4v platform",
+ .init = sun4v_init,
+ .max_cpus = 1, // XXX for now
+ DEFAULT_MACHINE_OPTIONS,
+};
+
+static QEMUMachine niagara_machine = {
+ .name = "Niagara",
+ .desc = "Sun4v platform, Niagara",
+ .init = niagara_init,
+ .max_cpus = 1, // XXX for now
+ DEFAULT_MACHINE_OPTIONS,
+};
+
+static void sun4u_register_types(void)
+{
+ type_register_static(&ebus_info);
+ type_register_static(&prom_info);
+ type_register_static(&ram_info);
+}
+
+static void sun4u_machine_init(void)
+{
+ qemu_register_machine(&sun4u_machine);
+ qemu_register_machine(&sun4v_machine);
+ qemu_register_machine(&niagara_machine);
+}
+
+type_init(sun4u_register_types)
+machine_init(sun4u_machine_init);
diff --git a/hw/spitz.c b/hw/spitz.c
deleted file mode 100644
index 12e281522..000000000
--- a/hw/spitz.c
+++ /dev/null
@@ -1,1134 +0,0 @@
-/*
- * PXA270-based Clamshell PDA platforms.
- *
- * Copyright (c) 2006 Openedhand Ltd.
- * Written by Andrzej Zaborowski <balrog@zabor.org>
- *
- * This code is licensed under the GNU GPL v2.
- *
- * Contributions after 2012-01-13 are licensed under the terms of the
- * GNU GPL, version 2 or (at your option) any later version.
- */
-
-#include "hw.h"
-#include "pxa.h"
-#include "arm-misc.h"
-#include "sysemu.h"
-#include "pcmcia.h"
-#include "i2c.h"
-#include "ssi.h"
-#include "flash.h"
-#include "qemu-timer.h"
-#include "devices.h"
-#include "sharpsl.h"
-#include "console.h"
-#include "block.h"
-#include "audio/audio.h"
-#include "boards.h"
-#include "blockdev.h"
-#include "sysbus.h"
-#include "exec-memory.h"
-
-#undef REG_FMT
-#define REG_FMT "0x%02lx"
-
-/* Spitz Flash */
-#define FLASH_BASE 0x0c000000
-#define FLASH_ECCLPLB 0x00 /* Line parity 7 - 0 bit */
-#define FLASH_ECCLPUB 0x04 /* Line parity 15 - 8 bit */
-#define FLASH_ECCCP 0x08 /* Column parity 5 - 0 bit */
-#define FLASH_ECCCNTR 0x0c /* ECC byte counter */
-#define FLASH_ECCCLRR 0x10 /* Clear ECC */
-#define FLASH_FLASHIO 0x14 /* Flash I/O */
-#define FLASH_FLASHCTL 0x18 /* Flash Control */
-
-#define FLASHCTL_CE0 (1 << 0)
-#define FLASHCTL_CLE (1 << 1)
-#define FLASHCTL_ALE (1 << 2)
-#define FLASHCTL_WP (1 << 3)
-#define FLASHCTL_CE1 (1 << 4)
-#define FLASHCTL_RYBY (1 << 5)
-#define FLASHCTL_NCE (FLASHCTL_CE0 | FLASHCTL_CE1)
-
-typedef struct {
- SysBusDevice busdev;
- MemoryRegion iomem;
- DeviceState *nand;
- uint8_t ctl;
- uint8_t manf_id;
- uint8_t chip_id;
- ECCState ecc;
-} SLNANDState;
-
-static uint64_t sl_read(void *opaque, hwaddr addr, unsigned size)
-{
- SLNANDState *s = (SLNANDState *) opaque;
- int ryby;
-
- switch (addr) {
-#define BSHR(byte, from, to) ((s->ecc.lp[byte] >> (from - to)) & (1 << to))
- case FLASH_ECCLPLB:
- return BSHR(0, 4, 0) | BSHR(0, 5, 2) | BSHR(0, 6, 4) | BSHR(0, 7, 6) |
- BSHR(1, 4, 1) | BSHR(1, 5, 3) | BSHR(1, 6, 5) | BSHR(1, 7, 7);
-
-#define BSHL(byte, from, to) ((s->ecc.lp[byte] << (to - from)) & (1 << to))
- case FLASH_ECCLPUB:
- return BSHL(0, 0, 0) | BSHL(0, 1, 2) | BSHL(0, 2, 4) | BSHL(0, 3, 6) |
- BSHL(1, 0, 1) | BSHL(1, 1, 3) | BSHL(1, 2, 5) | BSHL(1, 3, 7);
-
- case FLASH_ECCCP:
- return s->ecc.cp;
-
- case FLASH_ECCCNTR:
- return s->ecc.count & 0xff;
-
- case FLASH_FLASHCTL:
- nand_getpins(s->nand, &ryby);
- if (ryby)
- return s->ctl | FLASHCTL_RYBY;
- else
- return s->ctl;
-
- case FLASH_FLASHIO:
- if (size == 4) {
- return ecc_digest(&s->ecc, nand_getio(s->nand)) |
- (ecc_digest(&s->ecc, nand_getio(s->nand)) << 16);
- }
- return ecc_digest(&s->ecc, nand_getio(s->nand));
-
- default:
- zaurus_printf("Bad register offset " REG_FMT "\n", (unsigned long)addr);
- }
- return 0;
-}
-
-static void sl_write(void *opaque, hwaddr addr,
- uint64_t value, unsigned size)
-{
- SLNANDState *s = (SLNANDState *) opaque;
-
- switch (addr) {
- case FLASH_ECCCLRR:
- /* Value is ignored. */
- ecc_reset(&s->ecc);
- break;
-
- case FLASH_FLASHCTL:
- s->ctl = value & 0xff & ~FLASHCTL_RYBY;
- nand_setpins(s->nand,
- s->ctl & FLASHCTL_CLE,
- s->ctl & FLASHCTL_ALE,
- s->ctl & FLASHCTL_NCE,
- s->ctl & FLASHCTL_WP,
- 0);
- break;
-
- case FLASH_FLASHIO:
- nand_setio(s->nand, ecc_digest(&s->ecc, value & 0xff));
- break;
-
- default:
- zaurus_printf("Bad register offset " REG_FMT "\n", (unsigned long)addr);
- }
-}
-
-enum {
- FLASH_128M,
- FLASH_1024M,
-};
-
-static const MemoryRegionOps sl_ops = {
- .read = sl_read,
- .write = sl_write,
- .endianness = DEVICE_NATIVE_ENDIAN,
-};
-
-static void sl_flash_register(PXA2xxState *cpu, int size)
-{
- DeviceState *dev;
-
- dev = qdev_create(NULL, "sl-nand");
-
- qdev_prop_set_uint8(dev, "manf_id", NAND_MFR_SAMSUNG);
- if (size == FLASH_128M)
- qdev_prop_set_uint8(dev, "chip_id", 0x73);
- else if (size == FLASH_1024M)
- qdev_prop_set_uint8(dev, "chip_id", 0xf1);
-
- qdev_init_nofail(dev);
- sysbus_mmio_map(sysbus_from_qdev(dev), 0, FLASH_BASE);
-}
-
-static int sl_nand_init(SysBusDevice *dev) {
- SLNANDState *s;
- DriveInfo *nand;
-
- s = FROM_SYSBUS(SLNANDState, dev);
-
- s->ctl = 0;
- nand = drive_get(IF_MTD, 0, 0);
- s->nand = nand_init(nand ? nand->bdrv : NULL, s->manf_id, s->chip_id);
-
- memory_region_init_io(&s->iomem, &sl_ops, s, "sl", 0x40);
- sysbus_init_mmio(dev, &s->iomem);
-
- return 0;
-}
-
-/* Spitz Keyboard */
-
-#define SPITZ_KEY_STROBE_NUM 11
-#define SPITZ_KEY_SENSE_NUM 7
-
-static const int spitz_gpio_key_sense[SPITZ_KEY_SENSE_NUM] = {
- 12, 17, 91, 34, 36, 38, 39
-};
-
-static const int spitz_gpio_key_strobe[SPITZ_KEY_STROBE_NUM] = {
- 88, 23, 24, 25, 26, 27, 52, 103, 107, 108, 114
-};
-
-/* Eighth additional row maps the special keys */
-static int spitz_keymap[SPITZ_KEY_SENSE_NUM + 1][SPITZ_KEY_STROBE_NUM] = {
- { 0x1d, 0x02, 0x04, 0x06, 0x07, 0x08, 0x0a, 0x0b, 0x0e, 0x3f, 0x40 },
- { -1 , 0x03, 0x05, 0x13, 0x15, 0x09, 0x17, 0x18, 0x19, 0x41, 0x42 },
- { 0x0f, 0x10, 0x12, 0x14, 0x22, 0x16, 0x24, 0x25, -1 , -1 , -1 },
- { 0x3c, 0x11, 0x1f, 0x21, 0x2f, 0x23, 0x32, 0x26, -1 , 0x36, -1 },
- { 0x3b, 0x1e, 0x20, 0x2e, 0x30, 0x31, 0x34, -1 , 0x1c, 0x2a, -1 },
- { 0x44, 0x2c, 0x2d, 0x0c, 0x39, 0x33, -1 , 0x48, -1 , -1 , 0x38 },
- { 0x37, 0x3d, -1 , 0x45, 0x57, 0x58, 0x4b, 0x50, 0x4d, -1 , -1 },
- { 0x52, 0x43, 0x01, 0x47, 0x49, -1 , -1 , -1 , -1 , -1 , -1 },
-};
-
-#define SPITZ_GPIO_AK_INT 13 /* Remote control */
-#define SPITZ_GPIO_SYNC 16 /* Sync button */
-#define SPITZ_GPIO_ON_KEY 95 /* Power button */
-#define SPITZ_GPIO_SWA 97 /* Lid */
-#define SPITZ_GPIO_SWB 96 /* Tablet mode */
-
-/* The special buttons are mapped to unused keys */
-static const int spitz_gpiomap[5] = {
- SPITZ_GPIO_AK_INT, SPITZ_GPIO_SYNC, SPITZ_GPIO_ON_KEY,
- SPITZ_GPIO_SWA, SPITZ_GPIO_SWB,
-};
-
-typedef struct {
- SysBusDevice busdev;
- qemu_irq sense[SPITZ_KEY_SENSE_NUM];
- qemu_irq gpiomap[5];
- int keymap[0x80];
- uint16_t keyrow[SPITZ_KEY_SENSE_NUM];
- uint16_t strobe_state;
- uint16_t sense_state;
-
- uint16_t pre_map[0x100];
- uint16_t modifiers;
- uint16_t imodifiers;
- uint8_t fifo[16];
- int fifopos, fifolen;
- QEMUTimer *kbdtimer;
-} SpitzKeyboardState;
-
-static void spitz_keyboard_sense_update(SpitzKeyboardState *s)
-{
- int i;
- uint16_t strobe, sense = 0;
- for (i = 0; i < SPITZ_KEY_SENSE_NUM; i ++) {
- strobe = s->keyrow[i] & s->strobe_state;
- if (strobe) {
- sense |= 1 << i;
- if (!(s->sense_state & (1 << i)))
- qemu_irq_raise(s->sense[i]);
- } else if (s->sense_state & (1 << i))
- qemu_irq_lower(s->sense[i]);
- }
-
- s->sense_state = sense;
-}
-
-static void spitz_keyboard_strobe(void *opaque, int line, int level)
-{
- SpitzKeyboardState *s = (SpitzKeyboardState *) opaque;
-
- if (level)
- s->strobe_state |= 1 << line;
- else
- s->strobe_state &= ~(1 << line);
- spitz_keyboard_sense_update(s);
-}
-
-static void spitz_keyboard_keydown(SpitzKeyboardState *s, int keycode)
-{
- int spitz_keycode = s->keymap[keycode & 0x7f];
- if (spitz_keycode == -1)
- return;
-
- /* Handle the additional keys */
- if ((spitz_keycode >> 4) == SPITZ_KEY_SENSE_NUM) {
- qemu_set_irq(s->gpiomap[spitz_keycode & 0xf], (keycode < 0x80));
- return;
- }
-
- if (keycode & 0x80)
- s->keyrow[spitz_keycode >> 4] &= ~(1 << (spitz_keycode & 0xf));
- else
- s->keyrow[spitz_keycode >> 4] |= 1 << (spitz_keycode & 0xf);
-
- spitz_keyboard_sense_update(s);
-}
-
-#define SHIFT (1 << 7)
-#define CTRL (1 << 8)
-#define FN (1 << 9)
-
-#define QUEUE_KEY(c) s->fifo[(s->fifopos + s->fifolen ++) & 0xf] = c
-
-static void spitz_keyboard_handler(void *opaque, int keycode)
-{
- SpitzKeyboardState *s = opaque;
- uint16_t code;
- int mapcode;
- switch (keycode) {
- case 0x2a: /* Left Shift */
- s->modifiers |= 1;
- break;
- case 0xaa:
- s->modifiers &= ~1;
- break;
- case 0x36: /* Right Shift */
- s->modifiers |= 2;
- break;
- case 0xb6:
- s->modifiers &= ~2;
- break;
- case 0x1d: /* Control */
- s->modifiers |= 4;
- break;
- case 0x9d:
- s->modifiers &= ~4;
- break;
- case 0x38: /* Alt */
- s->modifiers |= 8;
- break;
- case 0xb8:
- s->modifiers &= ~8;
- break;
- }
-
- code = s->pre_map[mapcode = ((s->modifiers & 3) ?
- (keycode | SHIFT) :
- (keycode & ~SHIFT))];
-
- if (code != mapcode) {
-#if 0
- if ((code & SHIFT) && !(s->modifiers & 1))
- QUEUE_KEY(0x2a | (keycode & 0x80));
- if ((code & CTRL ) && !(s->modifiers & 4))
- QUEUE_KEY(0x1d | (keycode & 0x80));
- if ((code & FN ) && !(s->modifiers & 8))
- QUEUE_KEY(0x38 | (keycode & 0x80));
- if ((code & FN ) && (s->modifiers & 1))
- QUEUE_KEY(0x2a | (~keycode & 0x80));
- if ((code & FN ) && (s->modifiers & 2))
- QUEUE_KEY(0x36 | (~keycode & 0x80));
-#else
- if (keycode & 0x80) {
- if ((s->imodifiers & 1 ) && !(s->modifiers & 1))
- QUEUE_KEY(0x2a | 0x80);
- if ((s->imodifiers & 4 ) && !(s->modifiers & 4))
- QUEUE_KEY(0x1d | 0x80);
- if ((s->imodifiers & 8 ) && !(s->modifiers & 8))
- QUEUE_KEY(0x38 | 0x80);
- if ((s->imodifiers & 0x10) && (s->modifiers & 1))
- QUEUE_KEY(0x2a);
- if ((s->imodifiers & 0x20) && (s->modifiers & 2))
- QUEUE_KEY(0x36);
- s->imodifiers = 0;
- } else {
- if ((code & SHIFT) && !((s->modifiers | s->imodifiers) & 1)) {
- QUEUE_KEY(0x2a);
- s->imodifiers |= 1;
- }
- if ((code & CTRL ) && !((s->modifiers | s->imodifiers) & 4)) {
- QUEUE_KEY(0x1d);
- s->imodifiers |= 4;
- }
- if ((code & FN ) && !((s->modifiers | s->imodifiers) & 8)) {
- QUEUE_KEY(0x38);
- s->imodifiers |= 8;
- }
- if ((code & FN ) && (s->modifiers & 1) &&
- !(s->imodifiers & 0x10)) {
- QUEUE_KEY(0x2a | 0x80);
- s->imodifiers |= 0x10;
- }
- if ((code & FN ) && (s->modifiers & 2) &&
- !(s->imodifiers & 0x20)) {
- QUEUE_KEY(0x36 | 0x80);
- s->imodifiers |= 0x20;
- }
- }
-#endif
- }
-
- QUEUE_KEY((code & 0x7f) | (keycode & 0x80));
-}
-
-static void spitz_keyboard_tick(void *opaque)
-{
- SpitzKeyboardState *s = (SpitzKeyboardState *) opaque;
-
- if (s->fifolen) {
- spitz_keyboard_keydown(s, s->fifo[s->fifopos ++]);
- s->fifolen --;
- if (s->fifopos >= 16)
- s->fifopos = 0;
- }
-
- qemu_mod_timer(s->kbdtimer, qemu_get_clock_ns(vm_clock) +
- get_ticks_per_sec() / 32);
-}
-
-static void spitz_keyboard_pre_map(SpitzKeyboardState *s)
-{
- int i;
- for (i = 0; i < 0x100; i ++)
- s->pre_map[i] = i;
- s->pre_map[0x02 | SHIFT ] = 0x02 | SHIFT; /* exclam */
- s->pre_map[0x28 | SHIFT ] = 0x03 | SHIFT; /* quotedbl */
- s->pre_map[0x04 | SHIFT ] = 0x04 | SHIFT; /* numbersign */
- s->pre_map[0x05 | SHIFT ] = 0x05 | SHIFT; /* dollar */
- s->pre_map[0x06 | SHIFT ] = 0x06 | SHIFT; /* percent */
- s->pre_map[0x08 | SHIFT ] = 0x07 | SHIFT; /* ampersand */
- s->pre_map[0x28 ] = 0x08 | SHIFT; /* apostrophe */
- s->pre_map[0x0a | SHIFT ] = 0x09 | SHIFT; /* parenleft */
- s->pre_map[0x0b | SHIFT ] = 0x0a | SHIFT; /* parenright */
- s->pre_map[0x29 | SHIFT ] = 0x0b | SHIFT; /* asciitilde */
- s->pre_map[0x03 | SHIFT ] = 0x0c | SHIFT; /* at */
- s->pre_map[0xd3 ] = 0x0e | FN; /* Delete */
- s->pre_map[0x3a ] = 0x0f | FN; /* Caps_Lock */
- s->pre_map[0x07 | SHIFT ] = 0x11 | FN; /* asciicircum */
- s->pre_map[0x0d ] = 0x12 | FN; /* equal */
- s->pre_map[0x0d | SHIFT ] = 0x13 | FN; /* plus */
- s->pre_map[0x1a ] = 0x14 | FN; /* bracketleft */
- s->pre_map[0x1b ] = 0x15 | FN; /* bracketright */
- s->pre_map[0x1a | SHIFT ] = 0x16 | FN; /* braceleft */
- s->pre_map[0x1b | SHIFT ] = 0x17 | FN; /* braceright */
- s->pre_map[0x27 ] = 0x22 | FN; /* semicolon */
- s->pre_map[0x27 | SHIFT ] = 0x23 | FN; /* colon */
- s->pre_map[0x09 | SHIFT ] = 0x24 | FN; /* asterisk */
- s->pre_map[0x2b ] = 0x25 | FN; /* backslash */
- s->pre_map[0x2b | SHIFT ] = 0x26 | FN; /* bar */
- s->pre_map[0x0c | SHIFT ] = 0x30 | FN; /* underscore */
- s->pre_map[0x33 | SHIFT ] = 0x33 | FN; /* less */
- s->pre_map[0x35 ] = 0x33 | SHIFT; /* slash */
- s->pre_map[0x34 | SHIFT ] = 0x34 | FN; /* greater */
- s->pre_map[0x35 | SHIFT ] = 0x34 | SHIFT; /* question */
- s->pre_map[0x49 ] = 0x48 | FN; /* Page_Up */
- s->pre_map[0x51 ] = 0x50 | FN; /* Page_Down */
-
- s->modifiers = 0;
- s->imodifiers = 0;
- s->fifopos = 0;
- s->fifolen = 0;
-}
-
-#undef SHIFT
-#undef CTRL
-#undef FN
-
-static int spitz_keyboard_post_load(void *opaque, int version_id)
-{
- SpitzKeyboardState *s = (SpitzKeyboardState *) opaque;
-
- /* Release all pressed keys */
- memset(s->keyrow, 0, sizeof(s->keyrow));
- spitz_keyboard_sense_update(s);
- s->modifiers = 0;
- s->imodifiers = 0;
- s->fifopos = 0;
- s->fifolen = 0;
-
- return 0;
-}
-
-static void spitz_keyboard_register(PXA2xxState *cpu)
-{
- int i;
- DeviceState *dev;
- SpitzKeyboardState *s;
-
- dev = sysbus_create_simple("spitz-keyboard", -1, NULL);
- s = FROM_SYSBUS(SpitzKeyboardState, sysbus_from_qdev(dev));
-
- for (i = 0; i < SPITZ_KEY_SENSE_NUM; i ++)
- qdev_connect_gpio_out(dev, i, qdev_get_gpio_in(cpu->gpio, spitz_gpio_key_sense[i]));
-
- for (i = 0; i < 5; i ++)
- s->gpiomap[i] = qdev_get_gpio_in(cpu->gpio, spitz_gpiomap[i]);
-
- if (!graphic_rotate)
- s->gpiomap[4] = qemu_irq_invert(s->gpiomap[4]);
-
- for (i = 0; i < 5; i++)
- qemu_set_irq(s->gpiomap[i], 0);
-
- for (i = 0; i < SPITZ_KEY_STROBE_NUM; i ++)
- qdev_connect_gpio_out(cpu->gpio, spitz_gpio_key_strobe[i],
- qdev_get_gpio_in(dev, i));
-
- qemu_mod_timer(s->kbdtimer, qemu_get_clock_ns(vm_clock));
-
- qemu_add_kbd_event_handler(spitz_keyboard_handler, s);
-}
-
-static int spitz_keyboard_init(SysBusDevice *dev)
-{
- SpitzKeyboardState *s;
- int i, j;
-
- s = FROM_SYSBUS(SpitzKeyboardState, dev);
-
- for (i = 0; i < 0x80; i ++)
- s->keymap[i] = -1;
- for (i = 0; i < SPITZ_KEY_SENSE_NUM + 1; i ++)
- for (j = 0; j < SPITZ_KEY_STROBE_NUM; j ++)
- if (spitz_keymap[i][j] != -1)
- s->keymap[spitz_keymap[i][j]] = (i << 4) | j;
-
- spitz_keyboard_pre_map(s);
-
- s->kbdtimer = qemu_new_timer_ns(vm_clock, spitz_keyboard_tick, s);
- qdev_init_gpio_in(&dev->qdev, spitz_keyboard_strobe, SPITZ_KEY_STROBE_NUM);
- qdev_init_gpio_out(&dev->qdev, s->sense, SPITZ_KEY_SENSE_NUM);
-
- return 0;
-}
-
-/* LCD backlight controller */
-
-#define LCDTG_RESCTL 0x00
-#define LCDTG_PHACTRL 0x01
-#define LCDTG_DUTYCTRL 0x02
-#define LCDTG_POWERREG0 0x03
-#define LCDTG_POWERREG1 0x04
-#define LCDTG_GPOR3 0x05
-#define LCDTG_PICTRL 0x06
-#define LCDTG_POLCTRL 0x07
-
-typedef struct {
- SSISlave ssidev;
- uint32_t bl_intensity;
- uint32_t bl_power;
-} SpitzLCDTG;
-
-static void spitz_bl_update(SpitzLCDTG *s)
-{
- if (s->bl_power && s->bl_intensity)
- zaurus_printf("LCD Backlight now at %i/63\n", s->bl_intensity);
- else
- zaurus_printf("LCD Backlight now off\n");
-}
-
-/* FIXME: Implement GPIO properly and remove this hack. */
-static SpitzLCDTG *spitz_lcdtg;
-
-static inline void spitz_bl_bit5(void *opaque, int line, int level)
-{
- SpitzLCDTG *s = spitz_lcdtg;
- int prev = s->bl_intensity;
-
- if (level)
- s->bl_intensity &= ~0x20;
- else
- s->bl_intensity |= 0x20;
-
- if (s->bl_power && prev != s->bl_intensity)
- spitz_bl_update(s);
-}
-
-static inline void spitz_bl_power(void *opaque, int line, int level)
-{
- SpitzLCDTG *s = spitz_lcdtg;
- s->bl_power = !!level;
- spitz_bl_update(s);
-}
-
-static uint32_t spitz_lcdtg_transfer(SSISlave *dev, uint32_t value)
-{
- SpitzLCDTG *s = FROM_SSI_SLAVE(SpitzLCDTG, dev);
- int addr;
- addr = value >> 5;
- value &= 0x1f;
-
- switch (addr) {
- case LCDTG_RESCTL:
- if (value)
- zaurus_printf("LCD in QVGA mode\n");
- else
- zaurus_printf("LCD in VGA mode\n");
- break;
-
- case LCDTG_DUTYCTRL:
- s->bl_intensity &= ~0x1f;
- s->bl_intensity |= value;
- if (s->bl_power)
- spitz_bl_update(s);
- break;
-
- case LCDTG_POWERREG0:
- /* Set common voltage to M62332FP */
- break;
- }
- return 0;
-}
-
-static int spitz_lcdtg_init(SSISlave *dev)
-{
- SpitzLCDTG *s = FROM_SSI_SLAVE(SpitzLCDTG, dev);
-
- spitz_lcdtg = s;
- s->bl_power = 0;
- s->bl_intensity = 0x20;
-
- return 0;
-}
-
-/* SSP devices */
-
-#define CORGI_SSP_PORT 2
-
-#define SPITZ_GPIO_LCDCON_CS 53
-#define SPITZ_GPIO_ADS7846_CS 14
-#define SPITZ_GPIO_MAX1111_CS 20
-#define SPITZ_GPIO_TP_INT 11
-
-static DeviceState *max1111;
-
-/* "Demux" the signal based on current chipselect */
-typedef struct {
- SSISlave ssidev;
- SSIBus *bus[3];
- uint32_t enable[3];
-} CorgiSSPState;
-
-static uint32_t corgi_ssp_transfer(SSISlave *dev, uint32_t value)
-{
- CorgiSSPState *s = FROM_SSI_SLAVE(CorgiSSPState, dev);
- int i;
-
- for (i = 0; i < 3; i++) {
- if (s->enable[i]) {
- return ssi_transfer(s->bus[i], value);
- }
- }
- return 0;
-}
-
-static void corgi_ssp_gpio_cs(void *opaque, int line, int level)
-{
- CorgiSSPState *s = (CorgiSSPState *)opaque;
- assert(line >= 0 && line < 3);
- s->enable[line] = !level;
-}
-
-#define MAX1111_BATT_VOLT 1
-#define MAX1111_BATT_TEMP 2
-#define MAX1111_ACIN_VOLT 3
-
-#define SPITZ_BATTERY_TEMP 0xe0 /* About 2.9V */
-#define SPITZ_BATTERY_VOLT 0xd0 /* About 4.0V */
-#define SPITZ_CHARGEON_ACIN 0x80 /* About 5.0V */
-
-static void spitz_adc_temp_on(void *opaque, int line, int level)
-{
- if (!max1111)
- return;
-
- if (level)
- max111x_set_input(max1111, MAX1111_BATT_TEMP, SPITZ_BATTERY_TEMP);
- else
- max111x_set_input(max1111, MAX1111_BATT_TEMP, 0);
-}
-
-static int corgi_ssp_init(SSISlave *dev)
-{
- CorgiSSPState *s = FROM_SSI_SLAVE(CorgiSSPState, dev);
-
- qdev_init_gpio_in(&dev->qdev, corgi_ssp_gpio_cs, 3);
- s->bus[0] = ssi_create_bus(&dev->qdev, "ssi0");
- s->bus[1] = ssi_create_bus(&dev->qdev, "ssi1");
- s->bus[2] = ssi_create_bus(&dev->qdev, "ssi2");
-
- return 0;
-}
-
-static void spitz_ssp_attach(PXA2xxState *cpu)
-{
- DeviceState *mux;
- DeviceState *dev;
- void *bus;
-
- mux = ssi_create_slave(cpu->ssp[CORGI_SSP_PORT - 1], "corgi-ssp");
-
- bus = qdev_get_child_bus(mux, "ssi0");
- ssi_create_slave(bus, "spitz-lcdtg");
-
- bus = qdev_get_child_bus(mux, "ssi1");
- dev = ssi_create_slave(bus, "ads7846");
- qdev_connect_gpio_out(dev, 0,
- qdev_get_gpio_in(cpu->gpio, SPITZ_GPIO_TP_INT));
-
- bus = qdev_get_child_bus(mux, "ssi2");
- max1111 = ssi_create_slave(bus, "max1111");
- max111x_set_input(max1111, MAX1111_BATT_VOLT, SPITZ_BATTERY_VOLT);
- max111x_set_input(max1111, MAX1111_BATT_TEMP, 0);
- max111x_set_input(max1111, MAX1111_ACIN_VOLT, SPITZ_CHARGEON_ACIN);
-
- qdev_connect_gpio_out(cpu->gpio, SPITZ_GPIO_LCDCON_CS,
- qdev_get_gpio_in(mux, 0));
- qdev_connect_gpio_out(cpu->gpio, SPITZ_GPIO_ADS7846_CS,
- qdev_get_gpio_in(mux, 1));
- qdev_connect_gpio_out(cpu->gpio, SPITZ_GPIO_MAX1111_CS,
- qdev_get_gpio_in(mux, 2));
-}
-
-/* CF Microdrive */
-
-static void spitz_microdrive_attach(PXA2xxState *cpu, int slot)
-{
- PCMCIACardState *md;
- DriveInfo *dinfo;
-
- dinfo = drive_get(IF_IDE, 0, 0);
- if (!dinfo || dinfo->media_cd)
- return;
- md = dscm1xxxx_init(dinfo);
- pxa2xx_pcmcia_attach(cpu->pcmcia[slot], md);
-}
-
-/* Wm8750 and Max7310 on I2C */
-
-#define AKITA_MAX_ADDR 0x18
-#define SPITZ_WM_ADDRL 0x1b
-#define SPITZ_WM_ADDRH 0x1a
-
-#define SPITZ_GPIO_WM 5
-
-static void spitz_wm8750_addr(void *opaque, int line, int level)
-{
- I2CSlave *wm = (I2CSlave *) opaque;
- if (level)
- i2c_set_slave_address(wm, SPITZ_WM_ADDRH);
- else
- i2c_set_slave_address(wm, SPITZ_WM_ADDRL);
-}
-
-static void spitz_i2c_setup(PXA2xxState *cpu)
-{
- /* Attach the CPU on one end of our I2C bus. */
- i2c_bus *bus = pxa2xx_i2c_bus(cpu->i2c[0]);
-
- DeviceState *wm;
-
- /* Attach a WM8750 to the bus */
- wm = i2c_create_slave(bus, "wm8750", 0);
-
- spitz_wm8750_addr(wm, 0, 0);
- qdev_connect_gpio_out(cpu->gpio, SPITZ_GPIO_WM,
- qemu_allocate_irqs(spitz_wm8750_addr, wm, 1)[0]);
- /* .. and to the sound interface. */
- cpu->i2s->opaque = wm;
- cpu->i2s->codec_out = wm8750_dac_dat;
- cpu->i2s->codec_in = wm8750_adc_dat;
- wm8750_data_req_set(wm, cpu->i2s->data_req, cpu->i2s);
-}
-
-static void spitz_akita_i2c_setup(PXA2xxState *cpu)
-{
- /* Attach a Max7310 to Akita I2C bus. */
- i2c_create_slave(pxa2xx_i2c_bus(cpu->i2c[0]), "max7310",
- AKITA_MAX_ADDR);
-}
-
-/* Other peripherals */
-
-static void spitz_out_switch(void *opaque, int line, int level)
-{
- switch (line) {
- case 0:
- zaurus_printf("Charging %s.\n", level ? "off" : "on");
- break;
- case 1:
- zaurus_printf("Discharging %s.\n", level ? "on" : "off");
- break;
- case 2:
- zaurus_printf("Green LED %s.\n", level ? "on" : "off");
- break;
- case 3:
- zaurus_printf("Orange LED %s.\n", level ? "on" : "off");
- break;
- case 4:
- spitz_bl_bit5(opaque, line, level);
- break;
- case 5:
- spitz_bl_power(opaque, line, level);
- break;
- case 6:
- spitz_adc_temp_on(opaque, line, level);
- break;
- }
-}
-
-#define SPITZ_SCP_LED_GREEN 1
-#define SPITZ_SCP_JK_B 2
-#define SPITZ_SCP_CHRG_ON 3
-#define SPITZ_SCP_MUTE_L 4
-#define SPITZ_SCP_MUTE_R 5
-#define SPITZ_SCP_CF_POWER 6
-#define SPITZ_SCP_LED_ORANGE 7
-#define SPITZ_SCP_JK_A 8
-#define SPITZ_SCP_ADC_TEMP_ON 9
-#define SPITZ_SCP2_IR_ON 1
-#define SPITZ_SCP2_AKIN_PULLUP 2
-#define SPITZ_SCP2_BACKLIGHT_CONT 7
-#define SPITZ_SCP2_BACKLIGHT_ON 8
-#define SPITZ_SCP2_MIC_BIAS 9
-
-static void spitz_scoop_gpio_setup(PXA2xxState *cpu,
- DeviceState *scp0, DeviceState *scp1)
-{
- qemu_irq *outsignals = qemu_allocate_irqs(spitz_out_switch, cpu, 8);
-
- qdev_connect_gpio_out(scp0, SPITZ_SCP_CHRG_ON, outsignals[0]);
- qdev_connect_gpio_out(scp0, SPITZ_SCP_JK_B, outsignals[1]);
- qdev_connect_gpio_out(scp0, SPITZ_SCP_LED_GREEN, outsignals[2]);
- qdev_connect_gpio_out(scp0, SPITZ_SCP_LED_ORANGE, outsignals[3]);
-
- if (scp1) {
- qdev_connect_gpio_out(scp1, SPITZ_SCP2_BACKLIGHT_CONT, outsignals[4]);
- qdev_connect_gpio_out(scp1, SPITZ_SCP2_BACKLIGHT_ON, outsignals[5]);
- }
-
- qdev_connect_gpio_out(scp0, SPITZ_SCP_ADC_TEMP_ON, outsignals[6]);
-}
-
-#define SPITZ_GPIO_HSYNC 22
-#define SPITZ_GPIO_SD_DETECT 9
-#define SPITZ_GPIO_SD_WP 81
-#define SPITZ_GPIO_ON_RESET 89
-#define SPITZ_GPIO_BAT_COVER 90
-#define SPITZ_GPIO_CF1_IRQ 105
-#define SPITZ_GPIO_CF1_CD 94
-#define SPITZ_GPIO_CF2_IRQ 106
-#define SPITZ_GPIO_CF2_CD 93
-
-static int spitz_hsync;
-
-static void spitz_lcd_hsync_handler(void *opaque, int line, int level)
-{
- PXA2xxState *cpu = (PXA2xxState *) opaque;
- qemu_set_irq(qdev_get_gpio_in(cpu->gpio, SPITZ_GPIO_HSYNC), spitz_hsync);
- spitz_hsync ^= 1;
-}
-
-static void spitz_gpio_setup(PXA2xxState *cpu, int slots)
-{
- qemu_irq lcd_hsync;
- /*
- * Bad hack: We toggle the LCD hsync GPIO on every GPIO status
- * read to satisfy broken guests that poll-wait for hsync.
- * Simulating a real hsync event would be less practical and
- * wouldn't guarantee that a guest ever exits the loop.
- */
- spitz_hsync = 0;
- lcd_hsync = qemu_allocate_irqs(spitz_lcd_hsync_handler, cpu, 1)[0];
- pxa2xx_gpio_read_notifier(cpu->gpio, lcd_hsync);
- pxa2xx_lcd_vsync_notifier(cpu->lcd, lcd_hsync);
-
- /* MMC/SD host */
- pxa2xx_mmci_handlers(cpu->mmc,
- qdev_get_gpio_in(cpu->gpio, SPITZ_GPIO_SD_WP),
- qdev_get_gpio_in(cpu->gpio, SPITZ_GPIO_SD_DETECT));
-
- /* Battery lock always closed */
- qemu_irq_raise(qdev_get_gpio_in(cpu->gpio, SPITZ_GPIO_BAT_COVER));
-
- /* Handle reset */
- qdev_connect_gpio_out(cpu->gpio, SPITZ_GPIO_ON_RESET, cpu->reset);
-
- /* PCMCIA signals: card's IRQ and Card-Detect */
- if (slots >= 1)
- pxa2xx_pcmcia_set_irq_cb(cpu->pcmcia[0],
- qdev_get_gpio_in(cpu->gpio, SPITZ_GPIO_CF1_IRQ),
- qdev_get_gpio_in(cpu->gpio, SPITZ_GPIO_CF1_CD));
- if (slots >= 2)
- pxa2xx_pcmcia_set_irq_cb(cpu->pcmcia[1],
- qdev_get_gpio_in(cpu->gpio, SPITZ_GPIO_CF2_IRQ),
- qdev_get_gpio_in(cpu->gpio, SPITZ_GPIO_CF2_CD));
-}
-
-/* Board init. */
-enum spitz_model_e { spitz, akita, borzoi, terrier };
-
-#define SPITZ_RAM 0x04000000
-#define SPITZ_ROM 0x00800000
-
-static struct arm_boot_info spitz_binfo = {
- .loader_start = PXA2XX_SDRAM_BASE,
- .ram_size = 0x04000000,
-};
-
-static void spitz_common_init(QEMUMachineInitArgs *args,
- enum spitz_model_e model, int arm_id)
-{
- PXA2xxState *mpu;
- DeviceState *scp0, *scp1 = NULL;
- MemoryRegion *address_space_mem = get_system_memory();
- MemoryRegion *rom = g_new(MemoryRegion, 1);
- const char *cpu_model = args->cpu_model;
-
- if (!cpu_model)
- cpu_model = (model == terrier) ? "pxa270-c5" : "pxa270-c0";
-
- /* Setup CPU & memory */
- mpu = pxa270_init(address_space_mem, spitz_binfo.ram_size, cpu_model);
-
- sl_flash_register(mpu, (model == spitz) ? FLASH_128M : FLASH_1024M);
-
- memory_region_init_ram(rom, "spitz.rom", SPITZ_ROM);
- vmstate_register_ram_global(rom);
- memory_region_set_readonly(rom, true);
- memory_region_add_subregion(address_space_mem, 0, rom);
-
- /* Setup peripherals */
- spitz_keyboard_register(mpu);
-
- spitz_ssp_attach(mpu);
-
- scp0 = sysbus_create_simple("scoop", 0x10800000, NULL);
- if (model != akita) {
- scp1 = sysbus_create_simple("scoop", 0x08800040, NULL);
- }
-
- spitz_scoop_gpio_setup(mpu, scp0, scp1);
-
- spitz_gpio_setup(mpu, (model == akita) ? 1 : 2);
-
- spitz_i2c_setup(mpu);
-
- if (model == akita)
- spitz_akita_i2c_setup(mpu);
-
- if (model == terrier)
- /* A 6.0 GB microdrive is permanently sitting in CF slot 1. */
- spitz_microdrive_attach(mpu, 1);
- else if (model != akita)
- /* A 4.0 GB microdrive is permanently sitting in CF slot 0. */
- spitz_microdrive_attach(mpu, 0);
-
- spitz_binfo.kernel_filename = args->kernel_filename;
- spitz_binfo.kernel_cmdline = args->kernel_cmdline;
- spitz_binfo.initrd_filename = args->initrd_filename;
- spitz_binfo.board_id = arm_id;
- arm_load_kernel(mpu->cpu, &spitz_binfo);
- sl_bootparam_write(SL_PXA_PARAM_BASE);
-}
-
-static void spitz_init(QEMUMachineInitArgs *args)
-{
- spitz_common_init(args, spitz, 0x2c9);
-}
-
-static void borzoi_init(QEMUMachineInitArgs *args)
-{
- spitz_common_init(args, borzoi, 0x33f);
-}
-
-static void akita_init(QEMUMachineInitArgs *args)
-{
- spitz_common_init(args, akita, 0x2e8);
-}
-
-static void terrier_init(QEMUMachineInitArgs *args)
-{
- spitz_common_init(args, terrier, 0x33f);
-}
-
-static QEMUMachine akitapda_machine = {
- .name = "akita",
- .desc = "Akita PDA (PXA270)",
- .init = akita_init,
-};
-
-static QEMUMachine spitzpda_machine = {
- .name = "spitz",
- .desc = "Spitz PDA (PXA270)",
- .init = spitz_init,
-};
-
-static QEMUMachine borzoipda_machine = {
- .name = "borzoi",
- .desc = "Borzoi PDA (PXA270)",
- .init = borzoi_init,
-};
-
-static QEMUMachine terrierpda_machine = {
- .name = "terrier",
- .desc = "Terrier PDA (PXA270)",
- .init = terrier_init,
-};
-
-static void spitz_machine_init(void)
-{
- qemu_register_machine(&akitapda_machine);
- qemu_register_machine(&spitzpda_machine);
- qemu_register_machine(&borzoipda_machine);
- qemu_register_machine(&terrierpda_machine);
-}
-
-machine_init(spitz_machine_init);
-
-static bool is_version_0(void *opaque, int version_id)
-{
- return version_id == 0;
-}
-
-static VMStateDescription vmstate_sl_nand_info = {
- .name = "sl-nand",
- .version_id = 0,
- .minimum_version_id = 0,
- .minimum_version_id_old = 0,
- .fields = (VMStateField []) {
- VMSTATE_UINT8(ctl, SLNANDState),
- VMSTATE_STRUCT(ecc, SLNANDState, 0, vmstate_ecc_state, ECCState),
- VMSTATE_END_OF_LIST(),
- },
-};
-
-static Property sl_nand_properties[] = {
- DEFINE_PROP_UINT8("manf_id", SLNANDState, manf_id, NAND_MFR_SAMSUNG),
- DEFINE_PROP_UINT8("chip_id", SLNANDState, chip_id, 0xf1),
- DEFINE_PROP_END_OF_LIST(),
-};
-
-static void sl_nand_class_init(ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS(klass);
- SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
-
- k->init = sl_nand_init;
- dc->vmsd = &vmstate_sl_nand_info;
- dc->props = sl_nand_properties;
-}
-
-static TypeInfo sl_nand_info = {
- .name = "sl-nand",
- .parent = TYPE_SYS_BUS_DEVICE,
- .instance_size = sizeof(SLNANDState),
- .class_init = sl_nand_class_init,
-};
-
-static VMStateDescription vmstate_spitz_kbd = {
- .name = "spitz-keyboard",
- .version_id = 1,
- .minimum_version_id = 0,
- .minimum_version_id_old = 0,
- .post_load = spitz_keyboard_post_load,
- .fields = (VMStateField []) {
- VMSTATE_UINT16(sense_state, SpitzKeyboardState),
- VMSTATE_UINT16(strobe_state, SpitzKeyboardState),
- VMSTATE_UNUSED_TEST(is_version_0, 5),
- VMSTATE_END_OF_LIST(),
- },
-};
-
-static Property spitz_keyboard_properties[] = {
- DEFINE_PROP_END_OF_LIST(),
-};
-
-static void spitz_keyboard_class_init(ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS(klass);
- SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
-
- k->init = spitz_keyboard_init;
- dc->vmsd = &vmstate_spitz_kbd;
- dc->props = spitz_keyboard_properties;
-}
-
-static TypeInfo spitz_keyboard_info = {
- .name = "spitz-keyboard",
- .parent = TYPE_SYS_BUS_DEVICE,
- .instance_size = sizeof(SpitzKeyboardState),
- .class_init = spitz_keyboard_class_init,
-};
-
-static const VMStateDescription vmstate_corgi_ssp_regs = {
- .name = "corgi-ssp",
- .version_id = 2,
- .minimum_version_id = 2,
- .minimum_version_id_old = 2,
- .fields = (VMStateField []) {
- VMSTATE_SSI_SLAVE(ssidev, CorgiSSPState),
- VMSTATE_UINT32_ARRAY(enable, CorgiSSPState, 3),
- VMSTATE_END_OF_LIST(),
- }
-};
-
-static void corgi_ssp_class_init(ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS(klass);
- SSISlaveClass *k = SSI_SLAVE_CLASS(klass);
-
- k->init = corgi_ssp_init;
- k->transfer = corgi_ssp_transfer;
- dc->vmsd = &vmstate_corgi_ssp_regs;
-}
-
-static TypeInfo corgi_ssp_info = {
- .name = "corgi-ssp",
- .parent = TYPE_SSI_SLAVE,
- .instance_size = sizeof(CorgiSSPState),
- .class_init = corgi_ssp_class_init,
-};
-
-static const VMStateDescription vmstate_spitz_lcdtg_regs = {
- .name = "spitz-lcdtg",
- .version_id = 1,
- .minimum_version_id = 1,
- .minimum_version_id_old = 1,
- .fields = (VMStateField []) {
- VMSTATE_SSI_SLAVE(ssidev, SpitzLCDTG),
- VMSTATE_UINT32(bl_intensity, SpitzLCDTG),
- VMSTATE_UINT32(bl_power, SpitzLCDTG),
- VMSTATE_END_OF_LIST(),
- }
-};
-
-static void spitz_lcdtg_class_init(ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS(klass);
- SSISlaveClass *k = SSI_SLAVE_CLASS(klass);
-
- k->init = spitz_lcdtg_init;
- k->transfer = spitz_lcdtg_transfer;
- dc->vmsd = &vmstate_spitz_lcdtg_regs;
-}
-
-static TypeInfo spitz_lcdtg_info = {
- .name = "spitz-lcdtg",
- .parent = TYPE_SSI_SLAVE,
- .instance_size = sizeof(SpitzLCDTG),
- .class_init = spitz_lcdtg_class_init,
-};
-
-static void spitz_register_types(void)
-{
- type_register_static(&corgi_ssp_info);
- type_register_static(&spitz_lcdtg_info);
- type_register_static(&spitz_keyboard_info);
- type_register_static(&sl_nand_info);
-}
-
-type_init(spitz_register_types)
diff --git a/hw/ssd0303.c b/hw/ssd0303.c
deleted file mode 100644
index d7fd828c6..000000000
--- a/hw/ssd0303.c
+++ /dev/null
@@ -1,321 +0,0 @@
-/*
- * SSD0303 OLED controller with OSRAM Pictiva 96x16 display.
- *
- * Copyright (c) 2006-2007 CodeSourcery.
- * Written by Paul Brook
- *
- * This code is licensed under the GPL.
- */
-
-/* The controller can support a variety of different displays, but we only
- implement one. Most of the commends relating to brightness and geometry
- setup are ignored. */
-#include "i2c.h"
-#include "console.h"
-
-//#define DEBUG_SSD0303 1
-
-#ifdef DEBUG_SSD0303
-#define DPRINTF(fmt, ...) \
-do { printf("ssd0303: " fmt , ## __VA_ARGS__); } while (0)
-#define BADF(fmt, ...) \
-do { fprintf(stderr, "ssd0303: error: " fmt , ## __VA_ARGS__); exit(1);} while (0)
-#else
-#define DPRINTF(fmt, ...) do {} while(0)
-#define BADF(fmt, ...) \
-do { fprintf(stderr, "ssd0303: error: " fmt , ## __VA_ARGS__);} while (0)
-#endif
-
-/* Scaling factor for pixels. */
-#define MAGNIFY 4
-
-enum ssd0303_mode
-{
- SSD0303_IDLE,
- SSD0303_DATA,
- SSD0303_CMD
-};
-
-enum ssd0303_cmd {
- SSD0303_CMD_NONE,
- SSD0303_CMD_SKIP1
-};
-
-typedef struct {
- I2CSlave i2c;
- DisplayState *ds;
- int row;
- int col;
- int start_line;
- int mirror;
- int flash;
- int enabled;
- int inverse;
- int redraw;
- enum ssd0303_mode mode;
- enum ssd0303_cmd cmd_state;
- uint8_t framebuffer[132*8];
-} ssd0303_state;
-
-static int ssd0303_recv(I2CSlave *i2c)
-{
- BADF("Reads not implemented\n");
- return -1;
-}
-
-static int ssd0303_send(I2CSlave *i2c, uint8_t data)
-{
- ssd0303_state *s = (ssd0303_state *)i2c;
- enum ssd0303_cmd old_cmd_state;
- switch (s->mode) {
- case SSD0303_IDLE:
- DPRINTF("byte 0x%02x\n", data);
- if (data == 0x80)
- s->mode = SSD0303_CMD;
- else if (data == 0x40)
- s->mode = SSD0303_DATA;
- else
- BADF("Unexpected byte 0x%x\n", data);
- break;
- case SSD0303_DATA:
- DPRINTF("data 0x%02x\n", data);
- if (s->col < 132) {
- s->framebuffer[s->col + s->row * 132] = data;
- s->col++;
- s->redraw = 1;
- }
- break;
- case SSD0303_CMD:
- old_cmd_state = s->cmd_state;
- s->cmd_state = SSD0303_CMD_NONE;
- switch (old_cmd_state) {
- case SSD0303_CMD_NONE:
- DPRINTF("cmd 0x%02x\n", data);
- s->mode = SSD0303_IDLE;
- switch (data) {
- case 0x00 ... 0x0f: /* Set lower column address. */
- s->col = (s->col & 0xf0) | (data & 0xf);
- break;
- case 0x10 ... 0x20: /* Set higher column address. */
- s->col = (s->col & 0x0f) | ((data & 0xf) << 4);
- break;
- case 0x40 ... 0x7f: /* Set start line. */
- s->start_line = 0;
- break;
- case 0x81: /* Set contrast (Ignored). */
- s->cmd_state = SSD0303_CMD_SKIP1;
- break;
- case 0xa0: /* Mirror off. */
- s->mirror = 0;
- break;
- case 0xa1: /* Mirror off. */
- s->mirror = 1;
- break;
- case 0xa4: /* Entire display off. */
- s->flash = 0;
- break;
- case 0xa5: /* Entire display on. */
- s->flash = 1;
- break;
- case 0xa6: /* Inverse off. */
- s->inverse = 0;
- break;
- case 0xa7: /* Inverse on. */
- s->inverse = 1;
- break;
- case 0xa8: /* Set multiplied ratio (Ignored). */
- s->cmd_state = SSD0303_CMD_SKIP1;
- break;
- case 0xad: /* DC-DC power control. */
- s->cmd_state = SSD0303_CMD_SKIP1;
- break;
- case 0xae: /* Display off. */
- s->enabled = 0;
- break;
- case 0xaf: /* Display on. */
- s->enabled = 1;
- break;
- case 0xb0 ... 0xbf: /* Set Page address. */
- s->row = data & 7;
- break;
- case 0xc0 ... 0xc8: /* Set COM output direction (Ignored). */
- break;
- case 0xd3: /* Set display offset (Ignored). */
- s->cmd_state = SSD0303_CMD_SKIP1;
- break;
- case 0xd5: /* Set display clock (Ignored). */
- s->cmd_state = SSD0303_CMD_SKIP1;
- break;
- case 0xd8: /* Set color and power mode (Ignored). */
- s->cmd_state = SSD0303_CMD_SKIP1;
- break;
- case 0xd9: /* Set pre-charge period (Ignored). */
- s->cmd_state = SSD0303_CMD_SKIP1;
- break;
- case 0xda: /* Set COM pin configuration (Ignored). */
- s->cmd_state = SSD0303_CMD_SKIP1;
- break;
- case 0xdb: /* Set VCOM dselect level (Ignored). */
- s->cmd_state = SSD0303_CMD_SKIP1;
- break;
- case 0xe3: /* no-op. */
- break;
- default:
- BADF("Unknown command: 0x%x\n", data);
- }
- break;
- case SSD0303_CMD_SKIP1:
- DPRINTF("skip 0x%02x\n", data);
- break;
- }
- break;
- }
- return 0;
-}
-
-static void ssd0303_event(I2CSlave *i2c, enum i2c_event event)
-{
- ssd0303_state *s = (ssd0303_state *)i2c;
- switch (event) {
- case I2C_FINISH:
- s->mode = SSD0303_IDLE;
- break;
- case I2C_START_RECV:
- case I2C_START_SEND:
- case I2C_NACK:
- /* Nothing to do. */
- break;
- }
-}
-
-static void ssd0303_update_display(void *opaque)
-{
- ssd0303_state *s = (ssd0303_state *)opaque;
- uint8_t *dest;
- uint8_t *src;
- int x;
- int y;
- int line;
- char *colors[2];
- char colortab[MAGNIFY * 8];
- int dest_width;
- uint8_t mask;
-
- if (!s->redraw)
- return;
-
- switch (ds_get_bits_per_pixel(s->ds)) {
- case 0:
- return;
- case 15:
- dest_width = 2;
- break;
- case 16:
- dest_width = 2;
- break;
- case 24:
- dest_width = 3;
- break;
- case 32:
- dest_width = 4;
- break;
- default:
- BADF("Bad color depth\n");
- return;
- }
- dest_width *= MAGNIFY;
- memset(colortab, 0xff, dest_width);
- memset(colortab + dest_width, 0, dest_width);
- if (s->flash) {
- colors[0] = colortab;
- colors[1] = colortab;
- } else if (s->inverse) {
- colors[0] = colortab;
- colors[1] = colortab + dest_width;
- } else {
- colors[0] = colortab + dest_width;
- colors[1] = colortab;
- }
- dest = ds_get_data(s->ds);
- for (y = 0; y < 16; y++) {
- line = (y + s->start_line) & 63;
- src = s->framebuffer + 132 * (line >> 3) + 36;
- mask = 1 << (line & 7);
- for (x = 0; x < 96; x++) {
- memcpy(dest, colors[(*src & mask) != 0], dest_width);
- dest += dest_width;
- src++;
- }
- for (x = 1; x < MAGNIFY; x++) {
- memcpy(dest, dest - dest_width * 96, dest_width * 96);
- dest += dest_width * 96;
- }
- }
- s->redraw = 0;
- dpy_gfx_update(s->ds, 0, 0, 96 * MAGNIFY, 16 * MAGNIFY);
-}
-
-static void ssd0303_invalidate_display(void * opaque)
-{
- ssd0303_state *s = (ssd0303_state *)opaque;
- s->redraw = 1;
-}
-
-static const VMStateDescription vmstate_ssd0303 = {
- .name = "ssd0303_oled",
- .version_id = 1,
- .minimum_version_id = 1,
- .minimum_version_id_old = 1,
- .fields = (VMStateField []) {
- VMSTATE_INT32(row, ssd0303_state),
- VMSTATE_INT32(col, ssd0303_state),
- VMSTATE_INT32(start_line, ssd0303_state),
- VMSTATE_INT32(mirror, ssd0303_state),
- VMSTATE_INT32(flash, ssd0303_state),
- VMSTATE_INT32(enabled, ssd0303_state),
- VMSTATE_INT32(inverse, ssd0303_state),
- VMSTATE_INT32(redraw, ssd0303_state),
- VMSTATE_UINT32(mode, ssd0303_state),
- VMSTATE_UINT32(cmd_state, ssd0303_state),
- VMSTATE_BUFFER(framebuffer, ssd0303_state),
- VMSTATE_I2C_SLAVE(i2c, ssd0303_state),
- VMSTATE_END_OF_LIST()
- }
-};
-
-static int ssd0303_init(I2CSlave *i2c)
-{
- ssd0303_state *s = FROM_I2C_SLAVE(ssd0303_state, i2c);
-
- s->ds = graphic_console_init(ssd0303_update_display,
- ssd0303_invalidate_display,
- NULL, NULL, s);
- qemu_console_resize(s->ds, 96 * MAGNIFY, 16 * MAGNIFY);
- return 0;
-}
-
-static void ssd0303_class_init(ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS(klass);
- I2CSlaveClass *k = I2C_SLAVE_CLASS(klass);
-
- k->init = ssd0303_init;
- k->event = ssd0303_event;
- k->recv = ssd0303_recv;
- k->send = ssd0303_send;
- dc->vmsd = &vmstate_ssd0303;
-}
-
-static TypeInfo ssd0303_info = {
- .name = "ssd0303",
- .parent = TYPE_I2C_SLAVE,
- .instance_size = sizeof(ssd0303_state),
- .class_init = ssd0303_class_init,
-};
-
-static void ssd0303_register_types(void)
-{
- type_register_static(&ssd0303_info);
-}
-
-type_init(ssd0303_register_types)
diff --git a/hw/ssd0323.c b/hw/ssd0323.c
deleted file mode 100644
index 4098830c2..000000000
--- a/hw/ssd0323.c
+++ /dev/null
@@ -1,372 +0,0 @@
-/*
- * SSD0323 OLED controller with OSRAM Pictiva 128x64 display.
- *
- * Copyright (c) 2006-2007 CodeSourcery.
- * Written by Paul Brook
- *
- * This code is licensed under the GPL.
- */
-
-/* The controller can support a variety of different displays, but we only
- implement one. Most of the commends relating to brightness and geometry
- setup are ignored. */
-#include "ssi.h"
-#include "console.h"
-
-//#define DEBUG_SSD0323 1
-
-#ifdef DEBUG_SSD0323
-#define DPRINTF(fmt, ...) \
-do { printf("ssd0323: " fmt , ## __VA_ARGS__); } while (0)
-#define BADF(fmt, ...) \
-do { \
- fprintf(stderr, "ssd0323: error: " fmt , ## __VA_ARGS__); abort(); \
-} while (0)
-#else
-#define DPRINTF(fmt, ...) do {} while(0)
-#define BADF(fmt, ...) \
-do { fprintf(stderr, "ssd0323: error: " fmt , ## __VA_ARGS__);} while (0)
-#endif
-
-/* Scaling factor for pixels. */
-#define MAGNIFY 4
-
-#define REMAP_SWAP_COLUMN 0x01
-#define REMAP_SWAP_NYBBLE 0x02
-#define REMAP_VERTICAL 0x04
-#define REMAP_SWAP_COM 0x10
-#define REMAP_SPLIT_COM 0x40
-
-enum ssd0323_mode
-{
- SSD0323_CMD,
- SSD0323_DATA
-};
-
-typedef struct {
- SSISlave ssidev;
- DisplayState *ds;
-
- int cmd_len;
- int cmd;
- int cmd_data[8];
- int row;
- int row_start;
- int row_end;
- int col;
- int col_start;
- int col_end;
- int redraw;
- int remap;
- enum ssd0323_mode mode;
- uint8_t framebuffer[128 * 80 / 2];
-} ssd0323_state;
-
-static uint32_t ssd0323_transfer(SSISlave *dev, uint32_t data)
-{
- ssd0323_state *s = FROM_SSI_SLAVE(ssd0323_state, dev);
-
- switch (s->mode) {
- case SSD0323_DATA:
- DPRINTF("data 0x%02x\n", data);
- s->framebuffer[s->col + s->row * 64] = data;
- if (s->remap & REMAP_VERTICAL) {
- s->row++;
- if (s->row > s->row_end) {
- s->row = s->row_start;
- s->col++;
- }
- if (s->col > s->col_end) {
- s->col = s->col_start;
- }
- } else {
- s->col++;
- if (s->col > s->col_end) {
- s->row++;
- s->col = s->col_start;
- }
- if (s->row > s->row_end) {
- s->row = s->row_start;
- }
- }
- s->redraw = 1;
- break;
- case SSD0323_CMD:
- DPRINTF("cmd 0x%02x\n", data);
- if (s->cmd_len == 0) {
- s->cmd = data;
- } else {
- s->cmd_data[s->cmd_len - 1] = data;
- }
- s->cmd_len++;
- switch (s->cmd) {
-#define DATA(x) if (s->cmd_len <= (x)) return 0
- case 0x15: /* Set column. */
- DATA(2);
- s->col = s->col_start = s->cmd_data[0] % 64;
- s->col_end = s->cmd_data[1] % 64;
- break;
- case 0x75: /* Set row. */
- DATA(2);
- s->row = s->row_start = s->cmd_data[0] % 80;
- s->row_end = s->cmd_data[1] % 80;
- break;
- case 0x81: /* Set contrast */
- DATA(1);
- break;
- case 0x84: case 0x85: case 0x86: /* Max current. */
- DATA(0);
- break;
- case 0xa0: /* Set remapping. */
- /* FIXME: Implement this. */
- DATA(1);
- s->remap = s->cmd_data[0];
- break;
- case 0xa1: /* Set display start line. */
- case 0xa2: /* Set display offset. */
- /* FIXME: Implement these. */
- DATA(1);
- break;
- case 0xa4: /* Normal mode. */
- case 0xa5: /* All on. */
- case 0xa6: /* All off. */
- case 0xa7: /* Inverse. */
- /* FIXME: Implement these. */
- DATA(0);
- break;
- case 0xa8: /* Set multiplex ratio. */
- case 0xad: /* Set DC-DC converter. */
- DATA(1);
- /* Ignored. Don't care. */
- break;
- case 0xae: /* Display off. */
- case 0xaf: /* Display on. */
- DATA(0);
- /* TODO: Implement power control. */
- break;
- case 0xb1: /* Set phase length. */
- case 0xb2: /* Set row period. */
- case 0xb3: /* Set clock rate. */
- case 0xbc: /* Set precharge. */
- case 0xbe: /* Set VCOMH. */
- case 0xbf: /* Set segment low. */
- DATA(1);
- /* Ignored. Don't care. */
- break;
- case 0xb8: /* Set grey scale table. */
- /* FIXME: Implement this. */
- DATA(8);
- break;
- case 0xe3: /* NOP. */
- DATA(0);
- break;
- case 0xff: /* Nasty hack because we don't handle chip selects
- properly. */
- break;
- default:
- BADF("Unknown command: 0x%x\n", data);
- }
- s->cmd_len = 0;
- return 0;
- }
- return 0;
-}
-
-static void ssd0323_update_display(void *opaque)
-{
- ssd0323_state *s = (ssd0323_state *)opaque;
- uint8_t *dest;
- uint8_t *src;
- int x;
- int y;
- int i;
- int line;
- char *colors[16];
- char colortab[MAGNIFY * 64];
- char *p;
- int dest_width;
-
- if (!s->redraw)
- return;
-
- switch (ds_get_bits_per_pixel(s->ds)) {
- case 0:
- return;
- case 15:
- dest_width = 2;
- break;
- case 16:
- dest_width = 2;
- break;
- case 24:
- dest_width = 3;
- break;
- case 32:
- dest_width = 4;
- break;
- default:
- BADF("Bad color depth\n");
- return;
- }
- p = colortab;
- for (i = 0; i < 16; i++) {
- int n;
- colors[i] = p;
- switch (ds_get_bits_per_pixel(s->ds)) {
- case 15:
- n = i * 2 + (i >> 3);
- p[0] = n | (n << 5);
- p[1] = (n << 2) | (n >> 3);
- break;
- case 16:
- n = i * 2 + (i >> 3);
- p[0] = n | (n << 6) | ((n << 1) & 0x20);
- p[1] = (n << 3) | (n >> 2);
- break;
- case 24:
- case 32:
- n = (i << 4) | i;
- p[0] = p[1] = p[2] = n;
- break;
- default:
- BADF("Bad color depth\n");
- return;
- }
- p += dest_width;
- }
- /* TODO: Implement row/column remapping. */
- dest = ds_get_data(s->ds);
- for (y = 0; y < 64; y++) {
- line = y;
- src = s->framebuffer + 64 * line;
- for (x = 0; x < 64; x++) {
- int val;
- val = *src >> 4;
- for (i = 0; i < MAGNIFY; i++) {
- memcpy(dest, colors[val], dest_width);
- dest += dest_width;
- }
- val = *src & 0xf;
- for (i = 0; i < MAGNIFY; i++) {
- memcpy(dest, colors[val], dest_width);
- dest += dest_width;
- }
- src++;
- }
- for (i = 1; i < MAGNIFY; i++) {
- memcpy(dest, dest - dest_width * MAGNIFY * 128,
- dest_width * 128 * MAGNIFY);
- dest += dest_width * 128 * MAGNIFY;
- }
- }
- s->redraw = 0;
- dpy_gfx_update(s->ds, 0, 0, 128 * MAGNIFY, 64 * MAGNIFY);
-}
-
-static void ssd0323_invalidate_display(void * opaque)
-{
- ssd0323_state *s = (ssd0323_state *)opaque;
- s->redraw = 1;
-}
-
-/* Command/data input. */
-static void ssd0323_cd(void *opaque, int n, int level)
-{
- ssd0323_state *s = (ssd0323_state *)opaque;
- DPRINTF("%s mode\n", level ? "Data" : "Command");
- s->mode = level ? SSD0323_DATA : SSD0323_CMD;
-}
-
-static void ssd0323_save(QEMUFile *f, void *opaque)
-{
- SSISlave *ss = SSI_SLAVE(opaque);
- ssd0323_state *s = (ssd0323_state *)opaque;
- int i;
-
- qemu_put_be32(f, s->cmd_len);
- qemu_put_be32(f, s->cmd);
- for (i = 0; i < 8; i++)
- qemu_put_be32(f, s->cmd_data[i]);
- qemu_put_be32(f, s->row);
- qemu_put_be32(f, s->row_start);
- qemu_put_be32(f, s->row_end);
- qemu_put_be32(f, s->col);
- qemu_put_be32(f, s->col_start);
- qemu_put_be32(f, s->col_end);
- qemu_put_be32(f, s->redraw);
- qemu_put_be32(f, s->remap);
- qemu_put_be32(f, s->mode);
- qemu_put_buffer(f, s->framebuffer, sizeof(s->framebuffer));
-
- qemu_put_be32(f, ss->cs);
-}
-
-static int ssd0323_load(QEMUFile *f, void *opaque, int version_id)
-{
- SSISlave *ss = SSI_SLAVE(opaque);
- ssd0323_state *s = (ssd0323_state *)opaque;
- int i;
-
- if (version_id != 1)
- return -EINVAL;
-
- s->cmd_len = qemu_get_be32(f);
- s->cmd = qemu_get_be32(f);
- for (i = 0; i < 8; i++)
- s->cmd_data[i] = qemu_get_be32(f);
- s->row = qemu_get_be32(f);
- s->row_start = qemu_get_be32(f);
- s->row_end = qemu_get_be32(f);
- s->col = qemu_get_be32(f);
- s->col_start = qemu_get_be32(f);
- s->col_end = qemu_get_be32(f);
- s->redraw = qemu_get_be32(f);
- s->remap = qemu_get_be32(f);
- s->mode = qemu_get_be32(f);
- qemu_get_buffer(f, s->framebuffer, sizeof(s->framebuffer));
-
- ss->cs = qemu_get_be32(f);
-
- return 0;
-}
-
-static int ssd0323_init(SSISlave *dev)
-{
- ssd0323_state *s = FROM_SSI_SLAVE(ssd0323_state, dev);
-
- s->col_end = 63;
- s->row_end = 79;
- s->ds = graphic_console_init(ssd0323_update_display,
- ssd0323_invalidate_display,
- NULL, NULL, s);
- qemu_console_resize(s->ds, 128 * MAGNIFY, 64 * MAGNIFY);
-
- qdev_init_gpio_in(&dev->qdev, ssd0323_cd, 1);
-
- register_savevm(&dev->qdev, "ssd0323_oled", -1, 1,
- ssd0323_save, ssd0323_load, s);
- return 0;
-}
-
-static void ssd0323_class_init(ObjectClass *klass, void *data)
-{
- SSISlaveClass *k = SSI_SLAVE_CLASS(klass);
-
- k->init = ssd0323_init;
- k->transfer = ssd0323_transfer;
- k->cs_polarity = SSI_CS_HIGH;
-}
-
-static TypeInfo ssd0323_info = {
- .name = "ssd0323",
- .parent = TYPE_SSI_SLAVE,
- .instance_size = sizeof(ssd0323_state),
- .class_init = ssd0323_class_init,
-};
-
-static void ssd03232_register_types(void)
-{
- type_register_static(&ssd0323_info);
-}
-
-type_init(ssd03232_register_types)
diff --git a/hw/ssi-sd.c b/hw/ssi-sd.c
deleted file mode 100644
index c5505ee24..000000000
--- a/hw/ssi-sd.c
+++ /dev/null
@@ -1,274 +0,0 @@
-/*
- * SSI to SD card adapter.
- *
- * Copyright (c) 2007-2009 CodeSourcery.
- * Written by Paul Brook
- *
- * This code is licensed under the GNU GPL v2.
- *
- * Contributions after 2012-01-13 are licensed under the terms of the
- * GNU GPL, version 2 or (at your option) any later version.
- */
-
-#include "blockdev.h"
-#include "ssi.h"
-#include "sd.h"
-
-//#define DEBUG_SSI_SD 1
-
-#ifdef DEBUG_SSI_SD
-#define DPRINTF(fmt, ...) \
-do { printf("ssi_sd: " fmt , ## __VA_ARGS__); } while (0)
-#define BADF(fmt, ...) \
-do { fprintf(stderr, "ssi_sd: error: " fmt , ## __VA_ARGS__); exit(1);} while (0)
-#else
-#define DPRINTF(fmt, ...) do {} while(0)
-#define BADF(fmt, ...) \
-do { fprintf(stderr, "ssi_sd: error: " fmt , ## __VA_ARGS__);} while (0)
-#endif
-
-typedef enum {
- SSI_SD_CMD,
- SSI_SD_CMDARG,
- SSI_SD_RESPONSE,
- SSI_SD_DATA_START,
- SSI_SD_DATA_READ,
-} ssi_sd_mode;
-
-typedef struct {
- SSISlave ssidev;
- ssi_sd_mode mode;
- int cmd;
- uint8_t cmdarg[4];
- uint8_t response[5];
- int arglen;
- int response_pos;
- int stopping;
- SDState *sd;
-} ssi_sd_state;
-
-/* State word bits. */
-#define SSI_SDR_LOCKED 0x0001
-#define SSI_SDR_WP_ERASE 0x0002
-#define SSI_SDR_ERROR 0x0004
-#define SSI_SDR_CC_ERROR 0x0008
-#define SSI_SDR_ECC_FAILED 0x0010
-#define SSI_SDR_WP_VIOLATION 0x0020
-#define SSI_SDR_ERASE_PARAM 0x0040
-#define SSI_SDR_OUT_OF_RANGE 0x0080
-#define SSI_SDR_IDLE 0x0100
-#define SSI_SDR_ERASE_RESET 0x0200
-#define SSI_SDR_ILLEGAL_COMMAND 0x0400
-#define SSI_SDR_COM_CRC_ERROR 0x0800
-#define SSI_SDR_ERASE_SEQ_ERROR 0x1000
-#define SSI_SDR_ADDRESS_ERROR 0x2000
-#define SSI_SDR_PARAMETER_ERROR 0x4000
-
-static uint32_t ssi_sd_transfer(SSISlave *dev, uint32_t val)
-{
- ssi_sd_state *s = FROM_SSI_SLAVE(ssi_sd_state, dev);
-
- /* Special case: allow CMD12 (STOP TRANSMISSION) while reading data. */
- if (s->mode == SSI_SD_DATA_READ && val == 0x4d) {
- s->mode = SSI_SD_CMD;
- /* There must be at least one byte delay before the card responds. */
- s->stopping = 1;
- }
-
- switch (s->mode) {
- case SSI_SD_CMD:
- if (val == 0xff) {
- DPRINTF("NULL command\n");
- return 0xff;
- }
- s->cmd = val & 0x3f;
- s->mode = SSI_SD_CMDARG;
- s->arglen = 0;
- return 0xff;
- case SSI_SD_CMDARG:
- if (s->arglen == 4) {
- SDRequest request;
- uint8_t longresp[16];
- /* FIXME: Check CRC. */
- request.cmd = s->cmd;
- request.arg = (s->cmdarg[0] << 24) | (s->cmdarg[1] << 16)
- | (s->cmdarg[2] << 8) | s->cmdarg[3];
- DPRINTF("CMD%d arg 0x%08x\n", s->cmd, request.arg);
- s->arglen = sd_do_command(s->sd, &request, longresp);
- if (s->arglen <= 0) {
- s->arglen = 1;
- s->response[0] = 4;
- DPRINTF("SD command failed\n");
- } else if (s->cmd == 58) {
- /* CMD58 returns R3 response (OCR) */
- DPRINTF("Returned OCR\n");
- s->arglen = 5;
- s->response[0] = 1;
- memcpy(&s->response[1], longresp, 4);
- } else if (s->arglen != 4) {
- BADF("Unexpected response to cmd %d\n", s->cmd);
- /* Illegal command is about as near as we can get. */
- s->arglen = 1;
- s->response[0] = 4;
- } else {
- /* All other commands return status. */
- uint32_t cardstatus;
- uint16_t status;
- /* CMD13 returns a 2-byte statuse work. Other commands
- only return the first byte. */
- s->arglen = (s->cmd == 13) ? 2 : 1;
- cardstatus = (longresp[0] << 24) | (longresp[1] << 16)
- | (longresp[2] << 8) | longresp[3];
- status = 0;
- if (((cardstatus >> 9) & 0xf) < 4)
- status |= SSI_SDR_IDLE;
- if (cardstatus & ERASE_RESET)
- status |= SSI_SDR_ERASE_RESET;
- if (cardstatus & ILLEGAL_COMMAND)
- status |= SSI_SDR_ILLEGAL_COMMAND;
- if (cardstatus & COM_CRC_ERROR)
- status |= SSI_SDR_COM_CRC_ERROR;
- if (cardstatus & ERASE_SEQ_ERROR)
- status |= SSI_SDR_ERASE_SEQ_ERROR;
- if (cardstatus & ADDRESS_ERROR)
- status |= SSI_SDR_ADDRESS_ERROR;
- if (cardstatus & CARD_IS_LOCKED)
- status |= SSI_SDR_LOCKED;
- if (cardstatus & (LOCK_UNLOCK_FAILED | WP_ERASE_SKIP))
- status |= SSI_SDR_WP_ERASE;
- if (cardstatus & SD_ERROR)
- status |= SSI_SDR_ERROR;
- if (cardstatus & CC_ERROR)
- status |= SSI_SDR_CC_ERROR;
- if (cardstatus & CARD_ECC_FAILED)
- status |= SSI_SDR_ECC_FAILED;
- if (cardstatus & WP_VIOLATION)
- status |= SSI_SDR_WP_VIOLATION;
- if (cardstatus & ERASE_PARAM)
- status |= SSI_SDR_ERASE_PARAM;
- if (cardstatus & (OUT_OF_RANGE | CID_CSD_OVERWRITE))
- status |= SSI_SDR_OUT_OF_RANGE;
- /* ??? Don't know what Parameter Error really means, so
- assume it's set if the second byte is nonzero. */
- if (status & 0xff)
- status |= SSI_SDR_PARAMETER_ERROR;
- s->response[0] = status >> 8;
- s->response[1] = status;
- DPRINTF("Card status 0x%02x\n", status);
- }
- s->mode = SSI_SD_RESPONSE;
- s->response_pos = 0;
- } else {
- s->cmdarg[s->arglen++] = val;
- }
- return 0xff;
- case SSI_SD_RESPONSE:
- if (s->stopping) {
- s->stopping = 0;
- return 0xff;
- }
- if (s->response_pos < s->arglen) {
- DPRINTF("Response 0x%02x\n", s->response[s->response_pos]);
- return s->response[s->response_pos++];
- }
- if (sd_data_ready(s->sd)) {
- DPRINTF("Data read\n");
- s->mode = SSI_SD_DATA_START;
- } else {
- DPRINTF("End of command\n");
- s->mode = SSI_SD_CMD;
- }
- return 0xff;
- case SSI_SD_DATA_START:
- DPRINTF("Start read block\n");
- s->mode = SSI_SD_DATA_READ;
- return 0xfe;
- case SSI_SD_DATA_READ:
- val = sd_read_data(s->sd);
- if (!sd_data_ready(s->sd)) {
- DPRINTF("Data read end\n");
- s->mode = SSI_SD_CMD;
- }
- return val;
- }
- /* Should never happen. */
- return 0xff;
-}
-
-static void ssi_sd_save(QEMUFile *f, void *opaque)
-{
- SSISlave *ss = SSI_SLAVE(opaque);
- ssi_sd_state *s = (ssi_sd_state *)opaque;
- int i;
-
- qemu_put_be32(f, s->mode);
- qemu_put_be32(f, s->cmd);
- for (i = 0; i < 4; i++)
- qemu_put_be32(f, s->cmdarg[i]);
- for (i = 0; i < 5; i++)
- qemu_put_be32(f, s->response[i]);
- qemu_put_be32(f, s->arglen);
- qemu_put_be32(f, s->response_pos);
- qemu_put_be32(f, s->stopping);
-
- qemu_put_be32(f, ss->cs);
-}
-
-static int ssi_sd_load(QEMUFile *f, void *opaque, int version_id)
-{
- SSISlave *ss = SSI_SLAVE(opaque);
- ssi_sd_state *s = (ssi_sd_state *)opaque;
- int i;
-
- if (version_id != 1)
- return -EINVAL;
-
- s->mode = qemu_get_be32(f);
- s->cmd = qemu_get_be32(f);
- for (i = 0; i < 4; i++)
- s->cmdarg[i] = qemu_get_be32(f);
- for (i = 0; i < 5; i++)
- s->response[i] = qemu_get_be32(f);
- s->arglen = qemu_get_be32(f);
- s->response_pos = qemu_get_be32(f);
- s->stopping = qemu_get_be32(f);
-
- ss->cs = qemu_get_be32(f);
-
- return 0;
-}
-
-static int ssi_sd_init(SSISlave *dev)
-{
- ssi_sd_state *s = FROM_SSI_SLAVE(ssi_sd_state, dev);
- DriveInfo *dinfo;
-
- s->mode = SSI_SD_CMD;
- dinfo = drive_get_next(IF_SD);
- s->sd = sd_init(dinfo ? dinfo->bdrv : NULL, 1);
- register_savevm(&dev->qdev, "ssi_sd", -1, 1, ssi_sd_save, ssi_sd_load, s);
- return 0;
-}
-
-static void ssi_sd_class_init(ObjectClass *klass, void *data)
-{
- SSISlaveClass *k = SSI_SLAVE_CLASS(klass);
-
- k->init = ssi_sd_init;
- k->transfer = ssi_sd_transfer;
- k->cs_polarity = SSI_CS_LOW;
-}
-
-static TypeInfo ssi_sd_info = {
- .name = "ssi-sd",
- .parent = TYPE_SSI_SLAVE,
- .instance_size = sizeof(ssi_sd_state),
- .class_init = ssi_sd_class_init,
-};
-
-static void ssi_sd_register_types(void)
-{
- type_register_static(&ssi_sd_info);
-}
-
-type_init(ssi_sd_register_types)
diff --git a/hw/ssi.c b/hw/ssi.c
deleted file mode 100644
index 2b5635715..000000000
--- a/hw/ssi.c
+++ /dev/null
@@ -1,174 +0,0 @@
-/*
- * QEMU Synchronous Serial Interface support
- *
- * Copyright (c) 2009 CodeSourcery.
- * Copyright (c) 2012 Peter A.G. Crosthwaite (peter.crosthwaite@petalogix.com)
- * Copyright (c) 2012 PetaLogix Pty Ltd.
- * Written by Paul Brook
- *
- * This code is licensed under the GNU GPL v2.
- *
- * Contributions after 2012-01-13 are licensed under the terms of the
- * GNU GPL, version 2 or (at your option) any later version.
- */
-
-#include "ssi.h"
-
-struct SSIBus {
- BusState qbus;
-};
-
-#define TYPE_SSI_BUS "SSI"
-#define SSI_BUS(obj) OBJECT_CHECK(SSIBus, (obj), TYPE_SSI_BUS)
-
-static const TypeInfo ssi_bus_info = {
- .name = TYPE_SSI_BUS,
- .parent = TYPE_BUS,
- .instance_size = sizeof(SSIBus),
-};
-
-static void ssi_cs_default(void *opaque, int n, int level)
-{
- SSISlave *s = SSI_SLAVE(opaque);
- bool cs = !!level;
- assert(n == 0);
- if (s->cs != cs) {
- SSISlaveClass *ssc = SSI_SLAVE_GET_CLASS(s);
- if (ssc->set_cs) {
- ssc->set_cs(s, cs);
- }
- }
- s->cs = cs;
-}
-
-static uint32_t ssi_transfer_raw_default(SSISlave *dev, uint32_t val)
-{
- SSISlaveClass *ssc = SSI_SLAVE_GET_CLASS(dev);
-
- if ((dev->cs && ssc->cs_polarity == SSI_CS_HIGH) ||
- (!dev->cs && ssc->cs_polarity == SSI_CS_LOW) ||
- ssc->cs_polarity == SSI_CS_NONE) {
- return ssc->transfer(dev, val);
- }
- return 0;
-}
-
-static int ssi_slave_init(DeviceState *dev)
-{
- SSISlave *s = SSI_SLAVE(dev);
- SSISlaveClass *ssc = SSI_SLAVE_GET_CLASS(s);
-
- if (ssc->transfer_raw == ssi_transfer_raw_default &&
- ssc->cs_polarity != SSI_CS_NONE) {
- qdev_init_gpio_in(&s->qdev, ssi_cs_default, 1);
- }
-
- return ssc->init(s);
-}
-
-static void ssi_slave_class_init(ObjectClass *klass, void *data)
-{
- SSISlaveClass *ssc = SSI_SLAVE_CLASS(klass);
- DeviceClass *dc = DEVICE_CLASS(klass);
-
- dc->init = ssi_slave_init;
- dc->bus_type = TYPE_SSI_BUS;
- if (!ssc->transfer_raw) {
- ssc->transfer_raw = ssi_transfer_raw_default;
- }
-}
-
-static TypeInfo ssi_slave_info = {
- .name = TYPE_SSI_SLAVE,
- .parent = TYPE_DEVICE,
- .class_init = ssi_slave_class_init,
- .class_size = sizeof(SSISlaveClass),
- .abstract = true,
-};
-
-DeviceState *ssi_create_slave_no_init(SSIBus *bus, const char *name)
-{
- return qdev_create(&bus->qbus, name);
-}
-
-DeviceState *ssi_create_slave(SSIBus *bus, const char *name)
-{
- DeviceState *dev = ssi_create_slave_no_init(bus, name);
-
- qdev_init_nofail(dev);
- return dev;
-}
-
-SSIBus *ssi_create_bus(DeviceState *parent, const char *name)
-{
- BusState *bus;
- bus = qbus_create(TYPE_SSI_BUS, parent, name);
- return FROM_QBUS(SSIBus, bus);
-}
-
-uint32_t ssi_transfer(SSIBus *bus, uint32_t val)
-{
- BusChild *kid;
- SSISlaveClass *ssc;
- uint32_t r = 0;
-
- QTAILQ_FOREACH(kid, &bus->qbus.children, sibling) {
- SSISlave *slave = SSI_SLAVE(kid->child);
- ssc = SSI_SLAVE_GET_CLASS(slave);
- r |= ssc->transfer_raw(slave, val);
- }
-
- return r;
-}
-
-const VMStateDescription vmstate_ssi_slave = {
- .name = "SSISlave",
- .version_id = 1,
- .minimum_version_id = 1,
- .minimum_version_id_old = 1,
- .fields = (VMStateField[]) {
- VMSTATE_BOOL(cs, SSISlave),
- VMSTATE_END_OF_LIST()
- }
-};
-
-static void ssi_slave_register_types(void)
-{
- type_register_static(&ssi_bus_info);
- type_register_static(&ssi_slave_info);
-}
-
-type_init(ssi_slave_register_types)
-
-typedef struct SSIAutoConnectArg {
- qemu_irq **cs_linep;
- SSIBus *bus;
-} SSIAutoConnectArg;
-
-static int ssi_auto_connect_slave(Object *child, void *opaque)
-{
- SSIAutoConnectArg *arg = opaque;
- SSISlave *dev = (SSISlave *)object_dynamic_cast(child, TYPE_SSI_SLAVE);
- qemu_irq cs_line;
-
- if (!dev) {
- return 0;
- }
-
- cs_line = qdev_get_gpio_in(DEVICE(dev), 0);
- qdev_set_parent_bus(DEVICE(dev), &arg->bus->qbus);
- **arg->cs_linep = cs_line;
- (*arg->cs_linep)++;
- return 0;
-}
-
-void ssi_auto_connect_slaves(DeviceState *parent, qemu_irq *cs_line,
- SSIBus *bus)
-{
- SSIAutoConnectArg arg = {
- .cs_linep = &cs_line,
- .bus = bus
- };
-
- object_child_foreach(OBJECT(parent), ssi_auto_connect_slave, &arg);
-}
diff --git a/hw/ssi.h b/hw/ssi.h
deleted file mode 100644
index a05d60beb..000000000
--- a/hw/ssi.h
+++ /dev/null
@@ -1,93 +0,0 @@
-/* QEMU Synchronous Serial Interface support. */
-
-/* In principle SSI is a point-point interface. As such the qemu
- implementation has a single slave device on a "bus".
- However it is fairly common for boards to have multiple slaves
- connected to a single master, and select devices with an external
- chip select. This is implemented in qemu by having an explicit mux device.
- It is assumed that master and slave are both using the same transfer width.
- */
-
-#ifndef QEMU_SSI_H
-#define QEMU_SSI_H
-
-#include "qdev.h"
-
-typedef struct SSISlave SSISlave;
-
-#define TYPE_SSI_SLAVE "ssi-slave"
-#define SSI_SLAVE(obj) \
- OBJECT_CHECK(SSISlave, (obj), TYPE_SSI_SLAVE)
-#define SSI_SLAVE_CLASS(klass) \
- OBJECT_CLASS_CHECK(SSISlaveClass, (klass), TYPE_SSI_SLAVE)
-#define SSI_SLAVE_GET_CLASS(obj) \
- OBJECT_GET_CLASS(SSISlaveClass, (obj), TYPE_SSI_SLAVE)
-
-typedef enum {
- SSI_CS_NONE = 0,
- SSI_CS_LOW,
- SSI_CS_HIGH,
-} SSICSMode;
-
-/* Slave devices. */
-typedef struct SSISlaveClass {
- DeviceClass parent_class;
-
- int (*init)(SSISlave *dev);
-
- /* if you have standard or no CS behaviour, just override transfer.
- * This is called when the device cs is active (true by default).
- */
- uint32_t (*transfer)(SSISlave *dev, uint32_t val);
- /* called when the CS line changes. Optional, devices only need to implement
- * this if they have side effects associated with the cs line (beyond
- * tristating the txrx lines).
- */
- int (*set_cs)(SSISlave *dev, bool select);
- /* define whether or not CS exists and is active low/high */
- SSICSMode cs_polarity;
-
- /* if you have non-standard CS behaviour override this to take control
- * of the CS behaviour at the device level. transfer, set_cs, and
- * cs_polarity are unused if this is overwritten. Transfer_raw will
- * always be called for the device for every txrx access to the parent bus
- */
- uint32_t (*transfer_raw)(SSISlave *dev, uint32_t val);
-} SSISlaveClass;
-
-struct SSISlave {
- DeviceState qdev;
-
- /* Chip select state */
- bool cs;
-};
-
-#define SSI_SLAVE_FROM_QDEV(dev) DO_UPCAST(SSISlave, qdev, dev)
-#define FROM_SSI_SLAVE(type, dev) DO_UPCAST(type, ssidev, dev)
-
-extern const VMStateDescription vmstate_ssi_slave;
-
-#define VMSTATE_SSI_SLAVE(_field, _state) { \
- .name = (stringify(_field)), \
- .size = sizeof(SSISlave), \
- .vmsd = &vmstate_ssi_slave, \
- .flags = VMS_STRUCT, \
- .offset = vmstate_offset_value(_state, _field, SSISlave), \
-}
-
-DeviceState *ssi_create_slave(SSIBus *bus, const char *name);
-DeviceState *ssi_create_slave_no_init(SSIBus *bus, const char *name);
-
-/* Master interface. */
-SSIBus *ssi_create_bus(DeviceState *parent, const char *name);
-
-uint32_t ssi_transfer(SSIBus *bus, uint32_t val);
-
-/* Automatically connect all children nodes a spi controller as slaves */
-void ssi_auto_connect_slaves(DeviceState *parent, qemu_irq *cs_lines,
- SSIBus *bus);
-
-/* max111x.c */
-void max111x_set_input(DeviceState *dev, int line, uint8_t value);
-
-#endif
diff --git a/hw/ssi/Makefile.objs b/hw/ssi/Makefile.objs
new file mode 100644
index 000000000..9555825ac
--- /dev/null
+++ b/hw/ssi/Makefile.objs
@@ -0,0 +1,6 @@
+common-obj-$(CONFIG_PL022) += pl022.o
+common-obj-$(CONFIG_SSI) += ssi.o
+common-obj-$(CONFIG_XILINX_SPI) += xilinx_spi.o
+common-obj-$(CONFIG_XILINX_SPIPS) += xilinx_spips.o
+
+obj-$(CONFIG_OMAP) += omap_spi.o
diff --git a/hw/ssi/omap_spi.c b/hw/ssi/omap_spi.c
new file mode 100644
index 000000000..0ed3b110e
--- /dev/null
+++ b/hw/ssi/omap_spi.c
@@ -0,0 +1,373 @@
+/*
+ * TI OMAP processor's Multichannel SPI emulation.
+ *
+ * Copyright (C) 2007-2009 Nokia Corporation
+ *
+ * Original code for OMAP2 by Andrzej Zaborowski <andrew@openedhand.com>
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License as
+ * published by the Free Software Foundation; either version 2 or
+ * (at your option) any later version of the License.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+#include "hw/hw.h"
+#include "hw/arm/omap.h"
+
+/* Multichannel SPI */
+struct omap_mcspi_s {
+ MemoryRegion iomem;
+ qemu_irq irq;
+ int chnum;
+
+ uint32_t sysconfig;
+ uint32_t systest;
+ uint32_t irqst;
+ uint32_t irqen;
+ uint32_t wken;
+ uint32_t control;
+
+ struct omap_mcspi_ch_s {
+ qemu_irq txdrq;
+ qemu_irq rxdrq;
+ uint32_t (*txrx)(void *opaque, uint32_t, int);
+ void *opaque;
+
+ uint32_t tx;
+ uint32_t rx;
+
+ uint32_t config;
+ uint32_t status;
+ uint32_t control;
+ } ch[4];
+};
+
+static inline void omap_mcspi_interrupt_update(struct omap_mcspi_s *s)
+{
+ qemu_set_irq(s->irq, s->irqst & s->irqen);
+}
+
+static inline void omap_mcspi_dmarequest_update(struct omap_mcspi_ch_s *ch)
+{
+ qemu_set_irq(ch->txdrq,
+ (ch->control & 1) && /* EN */
+ (ch->config & (1 << 14)) && /* DMAW */
+ (ch->status & (1 << 1)) && /* TXS */
+ ((ch->config >> 12) & 3) != 1); /* TRM */
+ qemu_set_irq(ch->rxdrq,
+ (ch->control & 1) && /* EN */
+ (ch->config & (1 << 15)) && /* DMAW */
+ (ch->status & (1 << 0)) && /* RXS */
+ ((ch->config >> 12) & 3) != 2); /* TRM */
+}
+
+static void omap_mcspi_transfer_run(struct omap_mcspi_s *s, int chnum)
+{
+ struct omap_mcspi_ch_s *ch = s->ch + chnum;
+
+ if (!(ch->control & 1)) /* EN */
+ return;
+ if ((ch->status & (1 << 0)) && /* RXS */
+ ((ch->config >> 12) & 3) != 2 && /* TRM */
+ !(ch->config & (1 << 19))) /* TURBO */
+ goto intr_update;
+ if ((ch->status & (1 << 1)) && /* TXS */
+ ((ch->config >> 12) & 3) != 1) /* TRM */
+ goto intr_update;
+
+ if (!(s->control & 1) || /* SINGLE */
+ (ch->config & (1 << 20))) { /* FORCE */
+ if (ch->txrx)
+ ch->rx = ch->txrx(ch->opaque, ch->tx, /* WL */
+ 1 + (0x1f & (ch->config >> 7)));
+ }
+
+ ch->tx = 0;
+ ch->status |= 1 << 2; /* EOT */
+ ch->status |= 1 << 1; /* TXS */
+ if (((ch->config >> 12) & 3) != 2) /* TRM */
+ ch->status |= 1 << 0; /* RXS */
+
+intr_update:
+ if ((ch->status & (1 << 0)) && /* RXS */
+ ((ch->config >> 12) & 3) != 2 && /* TRM */
+ !(ch->config & (1 << 19))) /* TURBO */
+ s->irqst |= 1 << (2 + 4 * chnum); /* RX_FULL */
+ if ((ch->status & (1 << 1)) && /* TXS */
+ ((ch->config >> 12) & 3) != 1) /* TRM */
+ s->irqst |= 1 << (0 + 4 * chnum); /* TX_EMPTY */
+ omap_mcspi_interrupt_update(s);
+ omap_mcspi_dmarequest_update(ch);
+}
+
+void omap_mcspi_reset(struct omap_mcspi_s *s)
+{
+ int ch;
+
+ s->sysconfig = 0;
+ s->systest = 0;
+ s->irqst = 0;
+ s->irqen = 0;
+ s->wken = 0;
+ s->control = 4;
+
+ for (ch = 0; ch < 4; ch ++) {
+ s->ch[ch].config = 0x060000;
+ s->ch[ch].status = 2; /* TXS */
+ s->ch[ch].control = 0;
+
+ omap_mcspi_dmarequest_update(s->ch + ch);
+ }
+
+ omap_mcspi_interrupt_update(s);
+}
+
+static uint64_t omap_mcspi_read(void *opaque, hwaddr addr,
+ unsigned size)
+{
+ struct omap_mcspi_s *s = (struct omap_mcspi_s *) opaque;
+ int ch = 0;
+ uint32_t ret;
+
+ if (size != 4) {
+ return omap_badwidth_read32(opaque, addr);
+ }
+
+ switch (addr) {
+ case 0x00: /* MCSPI_REVISION */
+ return 0x91;
+
+ case 0x10: /* MCSPI_SYSCONFIG */
+ return s->sysconfig;
+
+ case 0x14: /* MCSPI_SYSSTATUS */
+ return 1; /* RESETDONE */
+
+ case 0x18: /* MCSPI_IRQSTATUS */
+ return s->irqst;
+
+ case 0x1c: /* MCSPI_IRQENABLE */
+ return s->irqen;
+
+ case 0x20: /* MCSPI_WAKEUPENABLE */
+ return s->wken;
+
+ case 0x24: /* MCSPI_SYST */
+ return s->systest;
+
+ case 0x28: /* MCSPI_MODULCTRL */
+ return s->control;
+
+ case 0x68: ch ++;
+ /* fall through */
+ case 0x54: ch ++;
+ /* fall through */
+ case 0x40: ch ++;
+ /* fall through */
+ case 0x2c: /* MCSPI_CHCONF */
+ return s->ch[ch].config;
+
+ case 0x6c: ch ++;
+ /* fall through */
+ case 0x58: ch ++;
+ /* fall through */
+ case 0x44: ch ++;
+ /* fall through */
+ case 0x30: /* MCSPI_CHSTAT */
+ return s->ch[ch].status;
+
+ case 0x70: ch ++;
+ /* fall through */
+ case 0x5c: ch ++;
+ /* fall through */
+ case 0x48: ch ++;
+ /* fall through */
+ case 0x34: /* MCSPI_CHCTRL */
+ return s->ch[ch].control;
+
+ case 0x74: ch ++;
+ /* fall through */
+ case 0x60: ch ++;
+ /* fall through */
+ case 0x4c: ch ++;
+ /* fall through */
+ case 0x38: /* MCSPI_TX */
+ return s->ch[ch].tx;
+
+ case 0x78: ch ++;
+ /* fall through */
+ case 0x64: ch ++;
+ /* fall through */
+ case 0x50: ch ++;
+ /* fall through */
+ case 0x3c: /* MCSPI_RX */
+ s->ch[ch].status &= ~(1 << 0); /* RXS */
+ ret = s->ch[ch].rx;
+ omap_mcspi_transfer_run(s, ch);
+ return ret;
+ }
+
+ OMAP_BAD_REG(addr);
+ return 0;
+}
+
+static void omap_mcspi_write(void *opaque, hwaddr addr,
+ uint64_t value, unsigned size)
+{
+ struct omap_mcspi_s *s = (struct omap_mcspi_s *) opaque;
+ int ch = 0;
+
+ if (size != 4) {
+ return omap_badwidth_write32(opaque, addr, value);
+ }
+
+ switch (addr) {
+ case 0x00: /* MCSPI_REVISION */
+ case 0x14: /* MCSPI_SYSSTATUS */
+ case 0x30: /* MCSPI_CHSTAT0 */
+ case 0x3c: /* MCSPI_RX0 */
+ case 0x44: /* MCSPI_CHSTAT1 */
+ case 0x50: /* MCSPI_RX1 */
+ case 0x58: /* MCSPI_CHSTAT2 */
+ case 0x64: /* MCSPI_RX2 */
+ case 0x6c: /* MCSPI_CHSTAT3 */
+ case 0x78: /* MCSPI_RX3 */
+ OMAP_RO_REG(addr);
+ return;
+
+ case 0x10: /* MCSPI_SYSCONFIG */
+ if (value & (1 << 1)) /* SOFTRESET */
+ omap_mcspi_reset(s);
+ s->sysconfig = value & 0x31d;
+ break;
+
+ case 0x18: /* MCSPI_IRQSTATUS */
+ if (!((s->control & (1 << 3)) && (s->systest & (1 << 11)))) {
+ s->irqst &= ~value;
+ omap_mcspi_interrupt_update(s);
+ }
+ break;
+
+ case 0x1c: /* MCSPI_IRQENABLE */
+ s->irqen = value & 0x1777f;
+ omap_mcspi_interrupt_update(s);
+ break;
+
+ case 0x20: /* MCSPI_WAKEUPENABLE */
+ s->wken = value & 1;
+ break;
+
+ case 0x24: /* MCSPI_SYST */
+ if (s->control & (1 << 3)) /* SYSTEM_TEST */
+ if (value & (1 << 11)) { /* SSB */
+ s->irqst |= 0x1777f;
+ omap_mcspi_interrupt_update(s);
+ }
+ s->systest = value & 0xfff;
+ break;
+
+ case 0x28: /* MCSPI_MODULCTRL */
+ if (value & (1 << 3)) /* SYSTEM_TEST */
+ if (s->systest & (1 << 11)) { /* SSB */
+ s->irqst |= 0x1777f;
+ omap_mcspi_interrupt_update(s);
+ }
+ s->control = value & 0xf;
+ break;
+
+ case 0x68: ch ++;
+ /* fall through */
+ case 0x54: ch ++;
+ /* fall through */
+ case 0x40: ch ++;
+ /* fall through */
+ case 0x2c: /* MCSPI_CHCONF */
+ if ((value ^ s->ch[ch].config) & (3 << 14)) /* DMAR | DMAW */
+ omap_mcspi_dmarequest_update(s->ch + ch);
+ if (((value >> 12) & 3) == 3) /* TRM */
+ fprintf(stderr, "%s: invalid TRM value (3)\n", __FUNCTION__);
+ if (((value >> 7) & 0x1f) < 3) /* WL */
+ fprintf(stderr, "%s: invalid WL value (%" PRIx64 ")\n",
+ __FUNCTION__, (value >> 7) & 0x1f);
+ s->ch[ch].config = value & 0x7fffff;
+ break;
+
+ case 0x70: ch ++;
+ /* fall through */
+ case 0x5c: ch ++;
+ /* fall through */
+ case 0x48: ch ++;
+ /* fall through */
+ case 0x34: /* MCSPI_CHCTRL */
+ if (value & ~s->ch[ch].control & 1) { /* EN */
+ s->ch[ch].control |= 1;
+ omap_mcspi_transfer_run(s, ch);
+ } else
+ s->ch[ch].control = value & 1;
+ break;
+
+ case 0x74: ch ++;
+ /* fall through */
+ case 0x60: ch ++;
+ /* fall through */
+ case 0x4c: ch ++;
+ /* fall through */
+ case 0x38: /* MCSPI_TX */
+ s->ch[ch].tx = value;
+ s->ch[ch].status &= ~(1 << 1); /* TXS */
+ omap_mcspi_transfer_run(s, ch);
+ break;
+
+ default:
+ OMAP_BAD_REG(addr);
+ return;
+ }
+}
+
+static const MemoryRegionOps omap_mcspi_ops = {
+ .read = omap_mcspi_read,
+ .write = omap_mcspi_write,
+ .endianness = DEVICE_NATIVE_ENDIAN,
+};
+
+struct omap_mcspi_s *omap_mcspi_init(struct omap_target_agent_s *ta, int chnum,
+ qemu_irq irq, qemu_irq *drq, omap_clk fclk, omap_clk iclk)
+{
+ struct omap_mcspi_s *s = (struct omap_mcspi_s *)
+ g_malloc0(sizeof(struct omap_mcspi_s));
+ struct omap_mcspi_ch_s *ch = s->ch;
+
+ s->irq = irq;
+ s->chnum = chnum;
+ while (chnum --) {
+ ch->txdrq = *drq ++;
+ ch->rxdrq = *drq ++;
+ ch ++;
+ }
+ omap_mcspi_reset(s);
+
+ memory_region_init_io(&s->iomem, NULL, &omap_mcspi_ops, s, "omap.mcspi",
+ omap_l4_region_size(ta, 0));
+ omap_l4_attach(ta, 0, &s->iomem);
+
+ return s;
+}
+
+void omap_mcspi_attach(struct omap_mcspi_s *s,
+ uint32_t (*txrx)(void *opaque, uint32_t, int), void *opaque,
+ int chipselect)
+{
+ if (chipselect < 0 || chipselect >= s->chnum)
+ hw_error("%s: Bad chipselect %i\n", __FUNCTION__, chipselect);
+
+ s->ch[chipselect].txrx = txrx;
+ s->ch[chipselect].opaque = opaque;
+}
diff --git a/hw/ssi/pl022.c b/hw/ssi/pl022.c
new file mode 100644
index 000000000..fd479effb
--- /dev/null
+++ b/hw/ssi/pl022.c
@@ -0,0 +1,313 @@
+/*
+ * Arm PrimeCell PL022 Synchronous Serial Port
+ *
+ * Copyright (c) 2007 CodeSourcery.
+ * Written by Paul Brook
+ *
+ * This code is licensed under the GPL.
+ */
+
+#include "hw/sysbus.h"
+#include "hw/ssi.h"
+
+//#define DEBUG_PL022 1
+
+#ifdef DEBUG_PL022
+#define DPRINTF(fmt, ...) \
+do { printf("pl022: " fmt , ## __VA_ARGS__); } while (0)
+#define BADF(fmt, ...) \
+do { fprintf(stderr, "pl022: error: " fmt , ## __VA_ARGS__); exit(1);} while (0)
+#else
+#define DPRINTF(fmt, ...) do {} while(0)
+#define BADF(fmt, ...) \
+do { fprintf(stderr, "pl022: error: " fmt , ## __VA_ARGS__);} while (0)
+#endif
+
+#define PL022_CR1_LBM 0x01
+#define PL022_CR1_SSE 0x02
+#define PL022_CR1_MS 0x04
+#define PL022_CR1_SDO 0x08
+
+#define PL022_SR_TFE 0x01
+#define PL022_SR_TNF 0x02
+#define PL022_SR_RNE 0x04
+#define PL022_SR_RFF 0x08
+#define PL022_SR_BSY 0x10
+
+#define PL022_INT_ROR 0x01
+#define PL022_INT_RT 0x04
+#define PL022_INT_RX 0x04
+#define PL022_INT_TX 0x08
+
+#define TYPE_PL022 "pl022"
+#define PL022(obj) OBJECT_CHECK(PL022State, (obj), TYPE_PL022)
+
+typedef struct PL022State {
+ SysBusDevice parent_obj;
+
+ MemoryRegion iomem;
+ uint32_t cr0;
+ uint32_t cr1;
+ uint32_t bitmask;
+ uint32_t sr;
+ uint32_t cpsr;
+ uint32_t is;
+ uint32_t im;
+ /* The FIFO head points to the next empty entry. */
+ int tx_fifo_head;
+ int rx_fifo_head;
+ int tx_fifo_len;
+ int rx_fifo_len;
+ uint16_t tx_fifo[8];
+ uint16_t rx_fifo[8];
+ qemu_irq irq;
+ SSIBus *ssi;
+} PL022State;
+
+static const unsigned char pl022_id[8] =
+ { 0x22, 0x10, 0x04, 0x00, 0x0d, 0xf0, 0x05, 0xb1 };
+
+static void pl022_update(PL022State *s)
+{
+ s->sr = 0;
+ if (s->tx_fifo_len == 0)
+ s->sr |= PL022_SR_TFE;
+ if (s->tx_fifo_len != 8)
+ s->sr |= PL022_SR_TNF;
+ if (s->rx_fifo_len != 0)
+ s->sr |= PL022_SR_RNE;
+ if (s->rx_fifo_len == 8)
+ s->sr |= PL022_SR_RFF;
+ if (s->tx_fifo_len)
+ s->sr |= PL022_SR_BSY;
+ s->is = 0;
+ if (s->rx_fifo_len >= 4)
+ s->is |= PL022_INT_RX;
+ if (s->tx_fifo_len <= 4)
+ s->is |= PL022_INT_TX;
+
+ qemu_set_irq(s->irq, (s->is & s->im) != 0);
+}
+
+static void pl022_xfer(PL022State *s)
+{
+ int i;
+ int o;
+ int val;
+
+ if ((s->cr1 & PL022_CR1_SSE) == 0) {
+ pl022_update(s);
+ DPRINTF("Disabled\n");
+ return;
+ }
+
+ DPRINTF("Maybe xfer %d/%d\n", s->tx_fifo_len, s->rx_fifo_len);
+ i = (s->tx_fifo_head - s->tx_fifo_len) & 7;
+ o = s->rx_fifo_head;
+ /* ??? We do not emulate the line speed.
+ This may break some applications. The are two problematic cases:
+ (a) A driver feeds data into the TX FIFO until it is full,
+ and only then drains the RX FIFO. On real hardware the CPU can
+ feed data fast enough that the RX fifo never gets chance to overflow.
+ (b) A driver transmits data, deliberately allowing the RX FIFO to
+ overflow because it ignores the RX data anyway.
+
+ We choose to support (a) by stalling the transmit engine if it would
+ cause the RX FIFO to overflow. In practice much transmit-only code
+ falls into (a) because it flushes the RX FIFO to determine when
+ the transfer has completed. */
+ while (s->tx_fifo_len && s->rx_fifo_len < 8) {
+ DPRINTF("xfer\n");
+ val = s->tx_fifo[i];
+ if (s->cr1 & PL022_CR1_LBM) {
+ /* Loopback mode. */
+ } else {
+ val = ssi_transfer(s->ssi, val);
+ }
+ s->rx_fifo[o] = val & s->bitmask;
+ i = (i + 1) & 7;
+ o = (o + 1) & 7;
+ s->tx_fifo_len--;
+ s->rx_fifo_len++;
+ }
+ s->rx_fifo_head = o;
+ pl022_update(s);
+}
+
+static uint64_t pl022_read(void *opaque, hwaddr offset,
+ unsigned size)
+{
+ PL022State *s = (PL022State *)opaque;
+ int val;
+
+ if (offset >= 0xfe0 && offset < 0x1000) {
+ return pl022_id[(offset - 0xfe0) >> 2];
+ }
+ switch (offset) {
+ case 0x00: /* CR0 */
+ return s->cr0;
+ case 0x04: /* CR1 */
+ return s->cr1;
+ case 0x08: /* DR */
+ if (s->rx_fifo_len) {
+ val = s->rx_fifo[(s->rx_fifo_head - s->rx_fifo_len) & 7];
+ DPRINTF("RX %02x\n", val);
+ s->rx_fifo_len--;
+ pl022_xfer(s);
+ } else {
+ val = 0;
+ }
+ return val;
+ case 0x0c: /* SR */
+ return s->sr;
+ case 0x10: /* CPSR */
+ return s->cpsr;
+ case 0x14: /* IMSC */
+ return s->im;
+ case 0x18: /* RIS */
+ return s->is;
+ case 0x1c: /* MIS */
+ return s->im & s->is;
+ case 0x20: /* DMACR */
+ /* Not implemented. */
+ return 0;
+ default:
+ qemu_log_mask(LOG_GUEST_ERROR,
+ "pl022_read: Bad offset %x\n", (int)offset);
+ return 0;
+ }
+}
+
+static void pl022_write(void *opaque, hwaddr offset,
+ uint64_t value, unsigned size)
+{
+ PL022State *s = (PL022State *)opaque;
+
+ switch (offset) {
+ case 0x00: /* CR0 */
+ s->cr0 = value;
+ /* Clock rate and format are ignored. */
+ s->bitmask = (1 << ((value & 15) + 1)) - 1;
+ break;
+ case 0x04: /* CR1 */
+ s->cr1 = value;
+ if ((s->cr1 & (PL022_CR1_MS | PL022_CR1_SSE))
+ == (PL022_CR1_MS | PL022_CR1_SSE)) {
+ BADF("SPI slave mode not implemented\n");
+ }
+ pl022_xfer(s);
+ break;
+ case 0x08: /* DR */
+ if (s->tx_fifo_len < 8) {
+ DPRINTF("TX %02x\n", (unsigned)value);
+ s->tx_fifo[s->tx_fifo_head] = value & s->bitmask;
+ s->tx_fifo_head = (s->tx_fifo_head + 1) & 7;
+ s->tx_fifo_len++;
+ pl022_xfer(s);
+ }
+ break;
+ case 0x10: /* CPSR */
+ /* Prescaler. Ignored. */
+ s->cpsr = value & 0xff;
+ break;
+ case 0x14: /* IMSC */
+ s->im = value;
+ pl022_update(s);
+ break;
+ case 0x20: /* DMACR */
+ if (value) {
+ qemu_log_mask(LOG_UNIMP, "pl022: DMA not implemented\n");
+ }
+ break;
+ default:
+ qemu_log_mask(LOG_GUEST_ERROR,
+ "pl022_write: Bad offset %x\n", (int)offset);
+ }
+}
+
+static void pl022_reset(PL022State *s)
+{
+ s->rx_fifo_len = 0;
+ s->tx_fifo_len = 0;
+ s->im = 0;
+ s->is = PL022_INT_TX;
+ s->sr = PL022_SR_TFE | PL022_SR_TNF;
+}
+
+static const MemoryRegionOps pl022_ops = {
+ .read = pl022_read,
+ .write = pl022_write,
+ .endianness = DEVICE_NATIVE_ENDIAN,
+};
+
+static const VMStateDescription vmstate_pl022 = {
+ .name = "pl022_ssp",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .minimum_version_id_old = 1,
+ .fields = (VMStateField[]) {
+ VMSTATE_UINT32(cr0, PL022State),
+ VMSTATE_UINT32(cr1, PL022State),
+ VMSTATE_UINT32(bitmask, PL022State),
+ VMSTATE_UINT32(sr, PL022State),
+ VMSTATE_UINT32(cpsr, PL022State),
+ VMSTATE_UINT32(is, PL022State),
+ VMSTATE_UINT32(im, PL022State),
+ VMSTATE_INT32(tx_fifo_head, PL022State),
+ VMSTATE_INT32(rx_fifo_head, PL022State),
+ VMSTATE_INT32(tx_fifo_len, PL022State),
+ VMSTATE_INT32(rx_fifo_len, PL022State),
+ VMSTATE_UINT16(tx_fifo[0], PL022State),
+ VMSTATE_UINT16(rx_fifo[0], PL022State),
+ VMSTATE_UINT16(tx_fifo[1], PL022State),
+ VMSTATE_UINT16(rx_fifo[1], PL022State),
+ VMSTATE_UINT16(tx_fifo[2], PL022State),
+ VMSTATE_UINT16(rx_fifo[2], PL022State),
+ VMSTATE_UINT16(tx_fifo[3], PL022State),
+ VMSTATE_UINT16(rx_fifo[3], PL022State),
+ VMSTATE_UINT16(tx_fifo[4], PL022State),
+ VMSTATE_UINT16(rx_fifo[4], PL022State),
+ VMSTATE_UINT16(tx_fifo[5], PL022State),
+ VMSTATE_UINT16(rx_fifo[5], PL022State),
+ VMSTATE_UINT16(tx_fifo[6], PL022State),
+ VMSTATE_UINT16(rx_fifo[6], PL022State),
+ VMSTATE_UINT16(tx_fifo[7], PL022State),
+ VMSTATE_UINT16(rx_fifo[7], PL022State),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+static int pl022_init(SysBusDevice *sbd)
+{
+ DeviceState *dev = DEVICE(sbd);
+ PL022State *s = PL022(dev);
+
+ memory_region_init_io(&s->iomem, OBJECT(s), &pl022_ops, s, "pl022", 0x1000);
+ sysbus_init_mmio(sbd, &s->iomem);
+ sysbus_init_irq(sbd, &s->irq);
+ s->ssi = ssi_create_bus(dev, "ssi");
+ pl022_reset(s);
+ vmstate_register(dev, -1, &vmstate_pl022, s);
+ return 0;
+}
+
+static void pl022_class_init(ObjectClass *klass, void *data)
+{
+ SysBusDeviceClass *sdc = SYS_BUS_DEVICE_CLASS(klass);
+
+ sdc->init = pl022_init;
+}
+
+static const TypeInfo pl022_info = {
+ .name = TYPE_PL022,
+ .parent = TYPE_SYS_BUS_DEVICE,
+ .instance_size = sizeof(PL022State),
+ .class_init = pl022_class_init,
+};
+
+static void pl022_register_types(void)
+{
+ type_register_static(&pl022_info);
+}
+
+type_init(pl022_register_types)
diff --git a/hw/ssi/ssi.c b/hw/ssi/ssi.c
new file mode 100644
index 000000000..2c2526087
--- /dev/null
+++ b/hw/ssi/ssi.c
@@ -0,0 +1,174 @@
+/*
+ * QEMU Synchronous Serial Interface support
+ *
+ * Copyright (c) 2009 CodeSourcery.
+ * Copyright (c) 2012 Peter A.G. Crosthwaite (peter.crosthwaite@petalogix.com)
+ * Copyright (c) 2012 PetaLogix Pty Ltd.
+ * Written by Paul Brook
+ *
+ * This code is licensed under the GNU GPL v2.
+ *
+ * Contributions after 2012-01-13 are licensed under the terms of the
+ * GNU GPL, version 2 or (at your option) any later version.
+ */
+
+#include "hw/ssi.h"
+
+struct SSIBus {
+ BusState qbus;
+};
+
+#define TYPE_SSI_BUS "SSI"
+#define SSI_BUS(obj) OBJECT_CHECK(SSIBus, (obj), TYPE_SSI_BUS)
+
+static const TypeInfo ssi_bus_info = {
+ .name = TYPE_SSI_BUS,
+ .parent = TYPE_BUS,
+ .instance_size = sizeof(SSIBus),
+};
+
+static void ssi_cs_default(void *opaque, int n, int level)
+{
+ SSISlave *s = SSI_SLAVE(opaque);
+ bool cs = !!level;
+ assert(n == 0);
+ if (s->cs != cs) {
+ SSISlaveClass *ssc = SSI_SLAVE_GET_CLASS(s);
+ if (ssc->set_cs) {
+ ssc->set_cs(s, cs);
+ }
+ }
+ s->cs = cs;
+}
+
+static uint32_t ssi_transfer_raw_default(SSISlave *dev, uint32_t val)
+{
+ SSISlaveClass *ssc = SSI_SLAVE_GET_CLASS(dev);
+
+ if ((dev->cs && ssc->cs_polarity == SSI_CS_HIGH) ||
+ (!dev->cs && ssc->cs_polarity == SSI_CS_LOW) ||
+ ssc->cs_polarity == SSI_CS_NONE) {
+ return ssc->transfer(dev, val);
+ }
+ return 0;
+}
+
+static int ssi_slave_init(DeviceState *dev)
+{
+ SSISlave *s = SSI_SLAVE(dev);
+ SSISlaveClass *ssc = SSI_SLAVE_GET_CLASS(s);
+
+ if (ssc->transfer_raw == ssi_transfer_raw_default &&
+ ssc->cs_polarity != SSI_CS_NONE) {
+ qdev_init_gpio_in(&s->qdev, ssi_cs_default, 1);
+ }
+
+ return ssc->init(s);
+}
+
+static void ssi_slave_class_init(ObjectClass *klass, void *data)
+{
+ SSISlaveClass *ssc = SSI_SLAVE_CLASS(klass);
+ DeviceClass *dc = DEVICE_CLASS(klass);
+
+ dc->init = ssi_slave_init;
+ dc->bus_type = TYPE_SSI_BUS;
+ if (!ssc->transfer_raw) {
+ ssc->transfer_raw = ssi_transfer_raw_default;
+ }
+}
+
+static const TypeInfo ssi_slave_info = {
+ .name = TYPE_SSI_SLAVE,
+ .parent = TYPE_DEVICE,
+ .class_init = ssi_slave_class_init,
+ .class_size = sizeof(SSISlaveClass),
+ .abstract = true,
+};
+
+DeviceState *ssi_create_slave_no_init(SSIBus *bus, const char *name)
+{
+ return qdev_create(&bus->qbus, name);
+}
+
+DeviceState *ssi_create_slave(SSIBus *bus, const char *name)
+{
+ DeviceState *dev = ssi_create_slave_no_init(bus, name);
+
+ qdev_init_nofail(dev);
+ return dev;
+}
+
+SSIBus *ssi_create_bus(DeviceState *parent, const char *name)
+{
+ BusState *bus;
+ bus = qbus_create(TYPE_SSI_BUS, parent, name);
+ return SSI_BUS(bus);
+}
+
+uint32_t ssi_transfer(SSIBus *bus, uint32_t val)
+{
+ BusChild *kid;
+ SSISlaveClass *ssc;
+ uint32_t r = 0;
+
+ QTAILQ_FOREACH(kid, &bus->qbus.children, sibling) {
+ SSISlave *slave = SSI_SLAVE(kid->child);
+ ssc = SSI_SLAVE_GET_CLASS(slave);
+ r |= ssc->transfer_raw(slave, val);
+ }
+
+ return r;
+}
+
+const VMStateDescription vmstate_ssi_slave = {
+ .name = "SSISlave",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .minimum_version_id_old = 1,
+ .fields = (VMStateField[]) {
+ VMSTATE_BOOL(cs, SSISlave),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+static void ssi_slave_register_types(void)
+{
+ type_register_static(&ssi_bus_info);
+ type_register_static(&ssi_slave_info);
+}
+
+type_init(ssi_slave_register_types)
+
+typedef struct SSIAutoConnectArg {
+ qemu_irq **cs_linep;
+ SSIBus *bus;
+} SSIAutoConnectArg;
+
+static int ssi_auto_connect_slave(Object *child, void *opaque)
+{
+ SSIAutoConnectArg *arg = opaque;
+ SSISlave *dev = (SSISlave *)object_dynamic_cast(child, TYPE_SSI_SLAVE);
+ qemu_irq cs_line;
+
+ if (!dev) {
+ return 0;
+ }
+
+ cs_line = qdev_get_gpio_in(DEVICE(dev), 0);
+ qdev_set_parent_bus(DEVICE(dev), &arg->bus->qbus);
+ **arg->cs_linep = cs_line;
+ (*arg->cs_linep)++;
+ return 0;
+}
+
+void ssi_auto_connect_slaves(DeviceState *parent, qemu_irq *cs_line,
+ SSIBus *bus)
+{
+ SSIAutoConnectArg arg = {
+ .cs_linep = &cs_line,
+ .bus = bus
+ };
+
+ object_child_foreach(OBJECT(parent), ssi_auto_connect_slave, &arg);
+}
diff --git a/hw/ssi/xilinx_spi.c b/hw/ssi/xilinx_spi.c
new file mode 100644
index 000000000..d44caae8a
--- /dev/null
+++ b/hw/ssi/xilinx_spi.c
@@ -0,0 +1,391 @@
+/*
+ * QEMU model of the Xilinx SPI Controller
+ *
+ * Copyright (C) 2010 Edgar E. Iglesias.
+ * Copyright (C) 2012 Peter A. G. Crosthwaite <peter.crosthwaite@petalogix.com>
+ * Copyright (C) 2012 PetaLogix
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+#include "hw/sysbus.h"
+#include "sysemu/sysemu.h"
+#include "qemu/log.h"
+#include "qemu/fifo8.h"
+
+#include "hw/ssi.h"
+
+#ifdef XILINX_SPI_ERR_DEBUG
+#define DB_PRINT(...) do { \
+ fprintf(stderr, ": %s: ", __func__); \
+ fprintf(stderr, ## __VA_ARGS__); \
+ } while (0);
+#else
+ #define DB_PRINT(...)
+#endif
+
+#define R_DGIER (0x1c / 4)
+#define R_DGIER_IE (1 << 31)
+
+#define R_IPISR (0x20 / 4)
+#define IRQ_DRR_NOT_EMPTY (1 << (31 - 23))
+#define IRQ_DRR_OVERRUN (1 << (31 - 26))
+#define IRQ_DRR_FULL (1 << (31 - 27))
+#define IRQ_TX_FF_HALF_EMPTY (1 << 6)
+#define IRQ_DTR_UNDERRUN (1 << 3)
+#define IRQ_DTR_EMPTY (1 << (31 - 29))
+
+#define R_IPIER (0x28 / 4)
+#define R_SRR (0x40 / 4)
+#define R_SPICR (0x60 / 4)
+#define R_SPICR_TXFF_RST (1 << 5)
+#define R_SPICR_RXFF_RST (1 << 6)
+#define R_SPICR_MTI (1 << 8)
+
+#define R_SPISR (0x64 / 4)
+#define SR_TX_FULL (1 << 3)
+#define SR_TX_EMPTY (1 << 2)
+#define SR_RX_FULL (1 << 1)
+#define SR_RX_EMPTY (1 << 0)
+
+#define R_SPIDTR (0x68 / 4)
+#define R_SPIDRR (0x6C / 4)
+#define R_SPISSR (0x70 / 4)
+#define R_TX_FF_OCY (0x74 / 4)
+#define R_RX_FF_OCY (0x78 / 4)
+#define R_MAX (0x7C / 4)
+
+#define FIFO_CAPACITY 256
+
+#define TYPE_XILINX_SPI "xlnx.xps-spi"
+#define XILINX_SPI(obj) OBJECT_CHECK(XilinxSPI, (obj), TYPE_XILINX_SPI)
+
+typedef struct XilinxSPI {
+ SysBusDevice parent_obj;
+
+ MemoryRegion mmio;
+
+ qemu_irq irq;
+ int irqline;
+
+ uint8_t num_cs;
+ qemu_irq *cs_lines;
+
+ SSIBus *spi;
+
+ Fifo8 rx_fifo;
+ Fifo8 tx_fifo;
+
+ uint32_t regs[R_MAX];
+} XilinxSPI;
+
+static void txfifo_reset(XilinxSPI *s)
+{
+ fifo8_reset(&s->tx_fifo);
+
+ s->regs[R_SPISR] &= ~SR_TX_FULL;
+ s->regs[R_SPISR] |= SR_TX_EMPTY;
+}
+
+static void rxfifo_reset(XilinxSPI *s)
+{
+ fifo8_reset(&s->rx_fifo);
+
+ s->regs[R_SPISR] |= SR_RX_EMPTY;
+ s->regs[R_SPISR] &= ~SR_RX_FULL;
+}
+
+static void xlx_spi_update_cs(XilinxSPI *s)
+{
+ int i;
+
+ for (i = 0; i < s->num_cs; ++i) {
+ qemu_set_irq(s->cs_lines[i], !(~s->regs[R_SPISSR] & 1 << i));
+ }
+}
+
+static void xlx_spi_update_irq(XilinxSPI *s)
+{
+ uint32_t pending;
+
+ s->regs[R_IPISR] |=
+ (!fifo8_is_empty(&s->rx_fifo) ? IRQ_DRR_NOT_EMPTY : 0) |
+ (fifo8_is_full(&s->rx_fifo) ? IRQ_DRR_FULL : 0);
+
+ pending = s->regs[R_IPISR] & s->regs[R_IPIER];
+
+ pending = pending && (s->regs[R_DGIER] & R_DGIER_IE);
+ pending = !!pending;
+
+ /* This call lies right in the data paths so don't call the
+ irq chain unless things really changed. */
+ if (pending != s->irqline) {
+ s->irqline = pending;
+ DB_PRINT("irq_change of state %d ISR:%x IER:%X\n",
+ pending, s->regs[R_IPISR], s->regs[R_IPIER]);
+ qemu_set_irq(s->irq, pending);
+ }
+
+}
+
+static void xlx_spi_do_reset(XilinxSPI *s)
+{
+ memset(s->regs, 0, sizeof s->regs);
+
+ rxfifo_reset(s);
+ txfifo_reset(s);
+
+ s->regs[R_SPISSR] = ~0;
+ xlx_spi_update_irq(s);
+ xlx_spi_update_cs(s);
+}
+
+static void xlx_spi_reset(DeviceState *d)
+{
+ xlx_spi_do_reset(XILINX_SPI(d));
+}
+
+static inline int spi_master_enabled(XilinxSPI *s)
+{
+ return !(s->regs[R_SPICR] & R_SPICR_MTI);
+}
+
+static void spi_flush_txfifo(XilinxSPI *s)
+{
+ uint32_t tx;
+ uint32_t rx;
+
+ while (!fifo8_is_empty(&s->tx_fifo)) {
+ tx = (uint32_t)fifo8_pop(&s->tx_fifo);
+ DB_PRINT("data tx:%x\n", tx);
+ rx = ssi_transfer(s->spi, tx);
+ DB_PRINT("data rx:%x\n", rx);
+ if (fifo8_is_full(&s->rx_fifo)) {
+ s->regs[R_IPISR] |= IRQ_DRR_OVERRUN;
+ } else {
+ fifo8_push(&s->rx_fifo, (uint8_t)rx);
+ if (fifo8_is_full(&s->rx_fifo)) {
+ s->regs[R_SPISR] |= SR_RX_FULL;
+ s->regs[R_IPISR] |= IRQ_DRR_FULL;
+ }
+ }
+
+ s->regs[R_SPISR] &= ~SR_RX_EMPTY;
+ s->regs[R_SPISR] &= ~SR_TX_FULL;
+ s->regs[R_SPISR] |= SR_TX_EMPTY;
+
+ s->regs[R_IPISR] |= IRQ_DTR_EMPTY;
+ s->regs[R_IPISR] |= IRQ_DRR_NOT_EMPTY;
+ }
+
+}
+
+static uint64_t
+spi_read(void *opaque, hwaddr addr, unsigned int size)
+{
+ XilinxSPI *s = opaque;
+ uint32_t r = 0;
+
+ addr >>= 2;
+ switch (addr) {
+ case R_SPIDRR:
+ if (fifo8_is_empty(&s->rx_fifo)) {
+ DB_PRINT("Read from empty FIFO!\n");
+ return 0xdeadbeef;
+ }
+
+ s->regs[R_SPISR] &= ~SR_RX_FULL;
+ r = fifo8_pop(&s->rx_fifo);
+ if (fifo8_is_empty(&s->rx_fifo)) {
+ s->regs[R_SPISR] |= SR_RX_EMPTY;
+ }
+ break;
+
+ case R_SPISR:
+ r = s->regs[addr];
+ break;
+
+ default:
+ if (addr < ARRAY_SIZE(s->regs)) {
+ r = s->regs[addr];
+ }
+ break;
+
+ }
+ DB_PRINT("addr=" TARGET_FMT_plx " = %x\n", addr * 4, r);
+ xlx_spi_update_irq(s);
+ return r;
+}
+
+static void
+spi_write(void *opaque, hwaddr addr,
+ uint64_t val64, unsigned int size)
+{
+ XilinxSPI *s = opaque;
+ uint32_t value = val64;
+
+ DB_PRINT("addr=" TARGET_FMT_plx " = %x\n", addr, value);
+ addr >>= 2;
+ switch (addr) {
+ case R_SRR:
+ if (value != 0xa) {
+ DB_PRINT("Invalid write to SRR %x\n", value);
+ } else {
+ xlx_spi_do_reset(s);
+ }
+ break;
+
+ case R_SPIDTR:
+ s->regs[R_SPISR] &= ~SR_TX_EMPTY;
+ fifo8_push(&s->tx_fifo, (uint8_t)value);
+ if (fifo8_is_full(&s->tx_fifo)) {
+ s->regs[R_SPISR] |= SR_TX_FULL;
+ }
+ if (!spi_master_enabled(s)) {
+ goto done;
+ } else {
+ DB_PRINT("DTR and master enabled\n");
+ }
+ spi_flush_txfifo(s);
+ break;
+
+ case R_SPISR:
+ DB_PRINT("Invalid write to SPISR %x\n", value);
+ break;
+
+ case R_IPISR:
+ /* Toggle the bits. */
+ s->regs[addr] ^= value;
+ break;
+
+ /* Slave Select Register. */
+ case R_SPISSR:
+ s->regs[addr] = value;
+ xlx_spi_update_cs(s);
+ break;
+
+ case R_SPICR:
+ /* FIXME: reset irq and sr state to empty queues. */
+ if (value & R_SPICR_RXFF_RST) {
+ rxfifo_reset(s);
+ }
+
+ if (value & R_SPICR_TXFF_RST) {
+ txfifo_reset(s);
+ }
+ value &= ~(R_SPICR_RXFF_RST | R_SPICR_TXFF_RST);
+ s->regs[addr] = value;
+
+ if (!(value & R_SPICR_MTI)) {
+ spi_flush_txfifo(s);
+ }
+ break;
+
+ default:
+ if (addr < ARRAY_SIZE(s->regs)) {
+ s->regs[addr] = value;
+ }
+ break;
+ }
+
+done:
+ xlx_spi_update_irq(s);
+}
+
+static const MemoryRegionOps spi_ops = {
+ .read = spi_read,
+ .write = spi_write,
+ .endianness = DEVICE_NATIVE_ENDIAN,
+ .valid = {
+ .min_access_size = 4,
+ .max_access_size = 4
+ }
+};
+
+static int xilinx_spi_init(SysBusDevice *sbd)
+{
+ DeviceState *dev = DEVICE(sbd);
+ XilinxSPI *s = XILINX_SPI(dev);
+ int i;
+
+ DB_PRINT("\n");
+
+ s->spi = ssi_create_bus(dev, "spi");
+
+ sysbus_init_irq(sbd, &s->irq);
+ s->cs_lines = g_new(qemu_irq, s->num_cs);
+ ssi_auto_connect_slaves(dev, s->cs_lines, s->spi);
+ for (i = 0; i < s->num_cs; ++i) {
+ sysbus_init_irq(sbd, &s->cs_lines[i]);
+ }
+
+ memory_region_init_io(&s->mmio, OBJECT(s), &spi_ops, s,
+ "xilinx-spi", R_MAX * 4);
+ sysbus_init_mmio(sbd, &s->mmio);
+
+ s->irqline = -1;
+
+ fifo8_create(&s->tx_fifo, FIFO_CAPACITY);
+ fifo8_create(&s->rx_fifo, FIFO_CAPACITY);
+
+ return 0;
+}
+
+static const VMStateDescription vmstate_xilinx_spi = {
+ .name = "xilinx_spi",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .minimum_version_id_old = 1,
+ .fields = (VMStateField[]) {
+ VMSTATE_FIFO8(tx_fifo, XilinxSPI),
+ VMSTATE_FIFO8(rx_fifo, XilinxSPI),
+ VMSTATE_UINT32_ARRAY(regs, XilinxSPI, R_MAX),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+static Property xilinx_spi_properties[] = {
+ DEFINE_PROP_UINT8("num-ss-bits", XilinxSPI, num_cs, 1),
+ DEFINE_PROP_END_OF_LIST(),
+};
+
+static void xilinx_spi_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
+
+ k->init = xilinx_spi_init;
+ dc->reset = xlx_spi_reset;
+ dc->props = xilinx_spi_properties;
+ dc->vmsd = &vmstate_xilinx_spi;
+}
+
+static const TypeInfo xilinx_spi_info = {
+ .name = TYPE_XILINX_SPI,
+ .parent = TYPE_SYS_BUS_DEVICE,
+ .instance_size = sizeof(XilinxSPI),
+ .class_init = xilinx_spi_class_init,
+};
+
+static void xilinx_spi_register_types(void)
+{
+ type_register_static(&xilinx_spi_info);
+}
+
+type_init(xilinx_spi_register_types)
diff --git a/hw/ssi/xilinx_spips.c b/hw/ssi/xilinx_spips.c
new file mode 100644
index 000000000..6a287464b
--- /dev/null
+++ b/hw/ssi/xilinx_spips.c
@@ -0,0 +1,772 @@
+/*
+ * QEMU model of the Xilinx Zynq SPI controller
+ *
+ * Copyright (c) 2012 Peter A. G. Crosthwaite
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+#include "hw/sysbus.h"
+#include "sysemu/sysemu.h"
+#include "hw/ptimer.h"
+#include "qemu/log.h"
+#include "qemu/fifo8.h"
+#include "hw/ssi.h"
+#include "qemu/bitops.h"
+
+#ifndef XILINX_SPIPS_ERR_DEBUG
+#define XILINX_SPIPS_ERR_DEBUG 0
+#endif
+
+#define DB_PRINT_L(level, ...) do { \
+ if (XILINX_SPIPS_ERR_DEBUG > (level)) { \
+ fprintf(stderr, ": %s: ", __func__); \
+ fprintf(stderr, ## __VA_ARGS__); \
+ } \
+} while (0);
+
+/* config register */
+#define R_CONFIG (0x00 / 4)
+#define IFMODE (1 << 31)
+#define ENDIAN (1 << 26)
+#define MODEFAIL_GEN_EN (1 << 17)
+#define MAN_START_COM (1 << 16)
+#define MAN_START_EN (1 << 15)
+#define MANUAL_CS (1 << 14)
+#define CS (0xF << 10)
+#define CS_SHIFT (10)
+#define PERI_SEL (1 << 9)
+#define REF_CLK (1 << 8)
+#define FIFO_WIDTH (3 << 6)
+#define BAUD_RATE_DIV (7 << 3)
+#define CLK_PH (1 << 2)
+#define CLK_POL (1 << 1)
+#define MODE_SEL (1 << 0)
+#define R_CONFIG_RSVD (0x7bf40000)
+
+/* interrupt mechanism */
+#define R_INTR_STATUS (0x04 / 4)
+#define R_INTR_EN (0x08 / 4)
+#define R_INTR_DIS (0x0C / 4)
+#define R_INTR_MASK (0x10 / 4)
+#define IXR_TX_FIFO_UNDERFLOW (1 << 6)
+#define IXR_RX_FIFO_FULL (1 << 5)
+#define IXR_RX_FIFO_NOT_EMPTY (1 << 4)
+#define IXR_TX_FIFO_FULL (1 << 3)
+#define IXR_TX_FIFO_NOT_FULL (1 << 2)
+#define IXR_TX_FIFO_MODE_FAIL (1 << 1)
+#define IXR_RX_FIFO_OVERFLOW (1 << 0)
+#define IXR_ALL ((IXR_TX_FIFO_UNDERFLOW<<1)-1)
+
+#define R_EN (0x14 / 4)
+#define R_DELAY (0x18 / 4)
+#define R_TX_DATA (0x1C / 4)
+#define R_RX_DATA (0x20 / 4)
+#define R_SLAVE_IDLE_COUNT (0x24 / 4)
+#define R_TX_THRES (0x28 / 4)
+#define R_RX_THRES (0x2C / 4)
+#define R_TXD1 (0x80 / 4)
+#define R_TXD2 (0x84 / 4)
+#define R_TXD3 (0x88 / 4)
+
+#define R_LQSPI_CFG (0xa0 / 4)
+#define R_LQSPI_CFG_RESET 0x03A002EB
+#define LQSPI_CFG_LQ_MODE (1 << 31)
+#define LQSPI_CFG_TWO_MEM (1 << 30)
+#define LQSPI_CFG_SEP_BUS (1 << 30)
+#define LQSPI_CFG_U_PAGE (1 << 28)
+#define LQSPI_CFG_MODE_EN (1 << 25)
+#define LQSPI_CFG_MODE_WIDTH 8
+#define LQSPI_CFG_MODE_SHIFT 16
+#define LQSPI_CFG_DUMMY_WIDTH 3
+#define LQSPI_CFG_DUMMY_SHIFT 8
+#define LQSPI_CFG_INST_CODE 0xFF
+
+#define R_LQSPI_STS (0xA4 / 4)
+#define LQSPI_STS_WR_RECVD (1 << 1)
+
+#define R_MOD_ID (0xFC / 4)
+
+#define R_MAX (R_MOD_ID+1)
+
+/* size of TXRX FIFOs */
+#define RXFF_A 32
+#define TXFF_A 32
+
+#define RXFF_A_Q (64 * 4)
+#define TXFF_A_Q (64 * 4)
+
+/* 16MB per linear region */
+#define LQSPI_ADDRESS_BITS 24
+/* Bite off 4k chunks at a time */
+#define LQSPI_CACHE_SIZE 1024
+
+#define SNOOP_CHECKING 0xFF
+#define SNOOP_NONE 0xFE
+#define SNOOP_STRIPING 0
+
+typedef enum {
+ READ = 0x3,
+ FAST_READ = 0xb,
+ DOR = 0x3b,
+ QOR = 0x6b,
+ DIOR = 0xbb,
+ QIOR = 0xeb,
+
+ PP = 0x2,
+ DPP = 0xa2,
+ QPP = 0x32,
+} FlashCMD;
+
+typedef struct {
+ SysBusDevice parent_obj;
+
+ MemoryRegion iomem;
+ MemoryRegion mmlqspi;
+
+ qemu_irq irq;
+ int irqline;
+
+ uint8_t num_cs;
+ uint8_t num_busses;
+
+ uint8_t snoop_state;
+ qemu_irq *cs_lines;
+ SSIBus **spi;
+
+ Fifo8 rx_fifo;
+ Fifo8 tx_fifo;
+
+ uint8_t num_txrx_bytes;
+
+ uint32_t regs[R_MAX];
+} XilinxSPIPS;
+
+typedef struct {
+ XilinxSPIPS parent_obj;
+
+ uint8_t lqspi_buf[LQSPI_CACHE_SIZE];
+ hwaddr lqspi_cached_addr;
+} XilinxQSPIPS;
+
+typedef struct XilinxSPIPSClass {
+ SysBusDeviceClass parent_class;
+
+ const MemoryRegionOps *reg_ops;
+
+ uint32_t rx_fifo_size;
+ uint32_t tx_fifo_size;
+} XilinxSPIPSClass;
+
+#define TYPE_XILINX_SPIPS "xlnx.ps7-spi"
+#define TYPE_XILINX_QSPIPS "xlnx.ps7-qspi"
+
+#define XILINX_SPIPS(obj) \
+ OBJECT_CHECK(XilinxSPIPS, (obj), TYPE_XILINX_SPIPS)
+#define XILINX_SPIPS_CLASS(klass) \
+ OBJECT_CLASS_CHECK(XilinxSPIPSClass, (klass), TYPE_XILINX_SPIPS)
+#define XILINX_SPIPS_GET_CLASS(obj) \
+ OBJECT_GET_CLASS(XilinxSPIPSClass, (obj), TYPE_XILINX_SPIPS)
+
+#define XILINX_QSPIPS(obj) \
+ OBJECT_CHECK(XilinxQSPIPS, (obj), TYPE_XILINX_QSPIPS)
+
+static inline int num_effective_busses(XilinxSPIPS *s)
+{
+ return (s->regs[R_LQSPI_CFG] & LQSPI_CFG_SEP_BUS &&
+ s->regs[R_LQSPI_CFG] & LQSPI_CFG_TWO_MEM) ? s->num_busses : 1;
+}
+
+static inline bool xilinx_spips_cs_is_set(XilinxSPIPS *s, int i, int field)
+{
+ return ~field & (1 << i) && (s->regs[R_CONFIG] & MANUAL_CS
+ || !fifo8_is_empty(&s->tx_fifo));
+}
+
+static void xilinx_spips_update_cs_lines(XilinxSPIPS *s)
+{
+ int i, j;
+ bool found = false;
+ int field = s->regs[R_CONFIG] >> CS_SHIFT;
+
+ for (i = 0; i < s->num_cs; i++) {
+ for (j = 0; j < num_effective_busses(s); j++) {
+ int upage = !!(s->regs[R_LQSPI_STS] & LQSPI_CFG_U_PAGE);
+ int cs_to_set = (j * s->num_cs + i + upage) %
+ (s->num_cs * s->num_busses);
+
+ if (xilinx_spips_cs_is_set(s, i, field) && !found) {
+ DB_PRINT_L(0, "selecting slave %d\n", i);
+ qemu_set_irq(s->cs_lines[cs_to_set], 0);
+ } else {
+ DB_PRINT_L(0, "deselecting slave %d\n", i);
+ qemu_set_irq(s->cs_lines[cs_to_set], 1);
+ }
+ }
+ if (xilinx_spips_cs_is_set(s, i, field)) {
+ found = true;
+ }
+ }
+ if (!found) {
+ s->snoop_state = SNOOP_CHECKING;
+ DB_PRINT_L(1, "moving to snoop check state\n");
+ }
+}
+
+static void xilinx_spips_update_ixr(XilinxSPIPS *s)
+{
+ if (s->regs[R_LQSPI_CFG] & LQSPI_CFG_LQ_MODE) {
+ return;
+ }
+ /* These are set/cleared as they occur */
+ s->regs[R_INTR_STATUS] &= (IXR_TX_FIFO_UNDERFLOW | IXR_RX_FIFO_OVERFLOW |
+ IXR_TX_FIFO_MODE_FAIL);
+ /* these are pure functions of fifo state, set them here */
+ s->regs[R_INTR_STATUS] |=
+ (fifo8_is_full(&s->rx_fifo) ? IXR_RX_FIFO_FULL : 0) |
+ (s->rx_fifo.num >= s->regs[R_RX_THRES] ? IXR_RX_FIFO_NOT_EMPTY : 0) |
+ (fifo8_is_full(&s->tx_fifo) ? IXR_TX_FIFO_FULL : 0) |
+ (s->tx_fifo.num < s->regs[R_TX_THRES] ? IXR_TX_FIFO_NOT_FULL : 0);
+ /* drive external interrupt pin */
+ int new_irqline = !!(s->regs[R_INTR_MASK] & s->regs[R_INTR_STATUS] &
+ IXR_ALL);
+ if (new_irqline != s->irqline) {
+ s->irqline = new_irqline;
+ qemu_set_irq(s->irq, s->irqline);
+ }
+}
+
+static void xilinx_spips_reset(DeviceState *d)
+{
+ XilinxSPIPS *s = XILINX_SPIPS(d);
+
+ int i;
+ for (i = 0; i < R_MAX; i++) {
+ s->regs[i] = 0;
+ }
+
+ fifo8_reset(&s->rx_fifo);
+ fifo8_reset(&s->rx_fifo);
+ /* non zero resets */
+ s->regs[R_CONFIG] |= MODEFAIL_GEN_EN;
+ s->regs[R_SLAVE_IDLE_COUNT] = 0xFF;
+ s->regs[R_TX_THRES] = 1;
+ s->regs[R_RX_THRES] = 1;
+ /* FIXME: move magic number definition somewhere sensible */
+ s->regs[R_MOD_ID] = 0x01090106;
+ s->regs[R_LQSPI_CFG] = R_LQSPI_CFG_RESET;
+ s->snoop_state = SNOOP_CHECKING;
+ xilinx_spips_update_ixr(s);
+ xilinx_spips_update_cs_lines(s);
+}
+
+/* N way (num) in place bit striper. Lay out row wise bits (LSB to MSB)
+ * column wise (from element 0 to N-1). num is the length of x, and dir
+ * reverses the direction of the transform. Best illustrated by example:
+ * Each digit in the below array is a single bit (num == 3):
+ *
+ * {{ 76543210, } ----- stripe (dir == false) -----> {{ FCheb630, }
+ * { hgfedcba, } { GDAfc741, }
+ * { HGFEDCBA, }} <---- upstripe (dir == true) ----- { HEBgda52, }}
+ */
+
+static inline void stripe8(uint8_t *x, int num, bool dir)
+{
+ uint8_t r[num];
+ memset(r, 0, sizeof(uint8_t) * num);
+ int idx[2] = {0, 0};
+ int bit[2] = {0, 0};
+ int d = dir;
+
+ for (idx[0] = 0; idx[0] < num; ++idx[0]) {
+ for (bit[0] = 0; bit[0] < 8; ++bit[0]) {
+ r[idx[d]] |= x[idx[!d]] & 1 << bit[!d] ? 1 << bit[d] : 0;
+ idx[1] = (idx[1] + 1) % num;
+ if (!idx[1]) {
+ bit[1]++;
+ }
+ }
+ }
+ memcpy(x, r, sizeof(uint8_t) * num);
+}
+
+static void xilinx_spips_flush_txfifo(XilinxSPIPS *s)
+{
+ int debug_level = 0;
+
+ for (;;) {
+ int i;
+ uint8_t tx = 0;
+ uint8_t tx_rx[num_effective_busses(s)];
+
+ if (fifo8_is_empty(&s->tx_fifo)) {
+ if (!(s->regs[R_LQSPI_CFG] & LQSPI_CFG_LQ_MODE)) {
+ s->regs[R_INTR_STATUS] |= IXR_TX_FIFO_UNDERFLOW;
+ }
+ xilinx_spips_update_ixr(s);
+ return;
+ } else if (s->snoop_state == SNOOP_STRIPING) {
+ for (i = 0; i < num_effective_busses(s); ++i) {
+ tx_rx[i] = fifo8_pop(&s->tx_fifo);
+ }
+ stripe8(tx_rx, num_effective_busses(s), false);
+ } else {
+ tx = fifo8_pop(&s->tx_fifo);
+ for (i = 0; i < num_effective_busses(s); ++i) {
+ tx_rx[i] = tx;
+ }
+ }
+
+ for (i = 0; i < num_effective_busses(s); ++i) {
+ DB_PRINT_L(debug_level, "tx = %02x\n", tx_rx[i]);
+ tx_rx[i] = ssi_transfer(s->spi[i], (uint32_t)tx_rx[i]);
+ DB_PRINT_L(debug_level, "rx = %02x\n", tx_rx[i]);
+ }
+
+ if (fifo8_is_full(&s->rx_fifo)) {
+ s->regs[R_INTR_STATUS] |= IXR_RX_FIFO_OVERFLOW;
+ DB_PRINT_L(0, "rx FIFO overflow");
+ } else if (s->snoop_state == SNOOP_STRIPING) {
+ stripe8(tx_rx, num_effective_busses(s), true);
+ for (i = 0; i < num_effective_busses(s); ++i) {
+ fifo8_push(&s->rx_fifo, (uint8_t)tx_rx[i]);
+ }
+ } else {
+ fifo8_push(&s->rx_fifo, (uint8_t)tx_rx[0]);
+ }
+
+ DB_PRINT_L(debug_level, "initial snoop state: %x\n",
+ (unsigned)s->snoop_state);
+ switch (s->snoop_state) {
+ case (SNOOP_CHECKING):
+ switch (tx) { /* new instruction code */
+ case READ: /* 3 address bytes, no dummy bytes/cycles */
+ case PP:
+ case DPP:
+ case QPP:
+ s->snoop_state = 3;
+ break;
+ case FAST_READ: /* 3 address bytes, 1 dummy byte */
+ case DOR:
+ case QOR:
+ case DIOR: /* FIXME: these vary between vendor - set to spansion */
+ s->snoop_state = 4;
+ break;
+ case QIOR: /* 3 address bytes, 2 dummy bytes */
+ s->snoop_state = 6;
+ break;
+ default:
+ s->snoop_state = SNOOP_NONE;
+ }
+ break;
+ case (SNOOP_STRIPING):
+ case (SNOOP_NONE):
+ /* Once we hit the boring stuff - squelch debug noise */
+ if (!debug_level) {
+ DB_PRINT_L(0, "squelching debug info ....\n");
+ debug_level = 1;
+ }
+ break;
+ default:
+ s->snoop_state--;
+ }
+ DB_PRINT_L(debug_level, "final snoop state: %x\n",
+ (unsigned)s->snoop_state);
+ }
+}
+
+static inline void rx_data_bytes(XilinxSPIPS *s, uint8_t *value, int max)
+{
+ int i;
+
+ for (i = 0; i < max && !fifo8_is_empty(&s->rx_fifo); ++i) {
+ value[i] = fifo8_pop(&s->rx_fifo);
+ }
+}
+
+static uint64_t xilinx_spips_read(void *opaque, hwaddr addr,
+ unsigned size)
+{
+ XilinxSPIPS *s = opaque;
+ uint32_t mask = ~0;
+ uint32_t ret;
+ uint8_t rx_buf[4];
+
+ addr >>= 2;
+ switch (addr) {
+ case R_CONFIG:
+ mask = ~(R_CONFIG_RSVD | MAN_START_COM);
+ break;
+ case R_INTR_STATUS:
+ ret = s->regs[addr] & IXR_ALL;
+ s->regs[addr] = 0;
+ DB_PRINT_L(0, "addr=" TARGET_FMT_plx " = %x\n", addr * 4, ret);
+ return ret;
+ case R_INTR_MASK:
+ mask = IXR_ALL;
+ break;
+ case R_EN:
+ mask = 0x1;
+ break;
+ case R_SLAVE_IDLE_COUNT:
+ mask = 0xFF;
+ break;
+ case R_MOD_ID:
+ mask = 0x01FFFFFF;
+ break;
+ case R_INTR_EN:
+ case R_INTR_DIS:
+ case R_TX_DATA:
+ mask = 0;
+ break;
+ case R_RX_DATA:
+ memset(rx_buf, 0, sizeof(rx_buf));
+ rx_data_bytes(s, rx_buf, s->num_txrx_bytes);
+ ret = s->regs[R_CONFIG] & ENDIAN ? cpu_to_be32(*(uint32_t *)rx_buf)
+ : cpu_to_le32(*(uint32_t *)rx_buf);
+ DB_PRINT_L(0, "addr=" TARGET_FMT_plx " = %x\n", addr * 4, ret);
+ xilinx_spips_update_ixr(s);
+ return ret;
+ }
+ DB_PRINT_L(0, "addr=" TARGET_FMT_plx " = %x\n", addr * 4,
+ s->regs[addr] & mask);
+ return s->regs[addr] & mask;
+
+}
+
+static inline void tx_data_bytes(XilinxSPIPS *s, uint32_t value, int num)
+{
+ int i;
+ for (i = 0; i < num && !fifo8_is_full(&s->tx_fifo); ++i) {
+ if (s->regs[R_CONFIG] & ENDIAN) {
+ fifo8_push(&s->tx_fifo, (uint8_t)(value >> 24));
+ value <<= 8;
+ } else {
+ fifo8_push(&s->tx_fifo, (uint8_t)value);
+ value >>= 8;
+ }
+ }
+}
+
+static void xilinx_spips_write(void *opaque, hwaddr addr,
+ uint64_t value, unsigned size)
+{
+ int mask = ~0;
+ int man_start_com = 0;
+ XilinxSPIPS *s = opaque;
+
+ DB_PRINT_L(0, "addr=" TARGET_FMT_plx " = %x\n", addr, (unsigned)value);
+ addr >>= 2;
+ switch (addr) {
+ case R_CONFIG:
+ mask = ~(R_CONFIG_RSVD | MAN_START_COM);
+ if (value & MAN_START_COM) {
+ man_start_com = 1;
+ }
+ break;
+ case R_INTR_STATUS:
+ mask = IXR_ALL;
+ s->regs[R_INTR_STATUS] &= ~(mask & value);
+ goto no_reg_update;
+ case R_INTR_DIS:
+ mask = IXR_ALL;
+ s->regs[R_INTR_MASK] &= ~(mask & value);
+ goto no_reg_update;
+ case R_INTR_EN:
+ mask = IXR_ALL;
+ s->regs[R_INTR_MASK] |= mask & value;
+ goto no_reg_update;
+ case R_EN:
+ mask = 0x1;
+ break;
+ case R_SLAVE_IDLE_COUNT:
+ mask = 0xFF;
+ break;
+ case R_RX_DATA:
+ case R_INTR_MASK:
+ case R_MOD_ID:
+ mask = 0;
+ break;
+ case R_TX_DATA:
+ tx_data_bytes(s, (uint32_t)value, s->num_txrx_bytes);
+ goto no_reg_update;
+ case R_TXD1:
+ tx_data_bytes(s, (uint32_t)value, 1);
+ goto no_reg_update;
+ case R_TXD2:
+ tx_data_bytes(s, (uint32_t)value, 2);
+ goto no_reg_update;
+ case R_TXD3:
+ tx_data_bytes(s, (uint32_t)value, 3);
+ goto no_reg_update;
+ }
+ s->regs[addr] = (s->regs[addr] & ~mask) | (value & mask);
+no_reg_update:
+ xilinx_spips_update_cs_lines(s);
+ if ((man_start_com && s->regs[R_CONFIG] & MAN_START_EN) ||
+ (fifo8_is_empty(&s->tx_fifo) && s->regs[R_CONFIG] & MAN_START_EN)) {
+ xilinx_spips_flush_txfifo(s);
+ }
+ xilinx_spips_update_cs_lines(s);
+ xilinx_spips_update_ixr(s);
+}
+
+static const MemoryRegionOps spips_ops = {
+ .read = xilinx_spips_read,
+ .write = xilinx_spips_write,
+ .endianness = DEVICE_LITTLE_ENDIAN,
+};
+
+static void xilinx_qspips_write(void *opaque, hwaddr addr,
+ uint64_t value, unsigned size)
+{
+ XilinxQSPIPS *q = XILINX_QSPIPS(opaque);
+
+ xilinx_spips_write(opaque, addr, value, size);
+ addr >>= 2;
+
+ if (addr == R_LQSPI_CFG) {
+ q->lqspi_cached_addr = ~0ULL;
+ }
+}
+
+static const MemoryRegionOps qspips_ops = {
+ .read = xilinx_spips_read,
+ .write = xilinx_qspips_write,
+ .endianness = DEVICE_LITTLE_ENDIAN,
+};
+
+#define LQSPI_CACHE_SIZE 1024
+
+static uint64_t
+lqspi_read(void *opaque, hwaddr addr, unsigned int size)
+{
+ int i;
+ XilinxQSPIPS *q = opaque;
+ XilinxSPIPS *s = opaque;
+ uint32_t ret;
+
+ if (addr >= q->lqspi_cached_addr &&
+ addr <= q->lqspi_cached_addr + LQSPI_CACHE_SIZE - 4) {
+ uint8_t *retp = &q->lqspi_buf[addr - q->lqspi_cached_addr];
+ ret = cpu_to_le32(*(uint32_t *)retp);
+ DB_PRINT_L(1, "addr: %08x, data: %08x\n", (unsigned)addr,
+ (unsigned)ret);
+ return ret;
+ } else {
+ int flash_addr = (addr / num_effective_busses(s));
+ int slave = flash_addr >> LQSPI_ADDRESS_BITS;
+ int cache_entry = 0;
+ uint32_t u_page_save = s->regs[R_LQSPI_STS] & ~LQSPI_CFG_U_PAGE;
+
+ s->regs[R_LQSPI_STS] &= ~LQSPI_CFG_U_PAGE;
+ s->regs[R_LQSPI_STS] |= slave ? LQSPI_CFG_U_PAGE : 0;
+
+ DB_PRINT_L(0, "config reg status: %08x\n", s->regs[R_LQSPI_CFG]);
+
+ fifo8_reset(&s->tx_fifo);
+ fifo8_reset(&s->rx_fifo);
+
+ /* instruction */
+ DB_PRINT_L(0, "pushing read instruction: %02x\n",
+ (unsigned)(uint8_t)(s->regs[R_LQSPI_CFG] &
+ LQSPI_CFG_INST_CODE));
+ fifo8_push(&s->tx_fifo, s->regs[R_LQSPI_CFG] & LQSPI_CFG_INST_CODE);
+ /* read address */
+ DB_PRINT_L(0, "pushing read address %06x\n", flash_addr);
+ fifo8_push(&s->tx_fifo, (uint8_t)(flash_addr >> 16));
+ fifo8_push(&s->tx_fifo, (uint8_t)(flash_addr >> 8));
+ fifo8_push(&s->tx_fifo, (uint8_t)flash_addr);
+ /* mode bits */
+ if (s->regs[R_LQSPI_CFG] & LQSPI_CFG_MODE_EN) {
+ fifo8_push(&s->tx_fifo, extract32(s->regs[R_LQSPI_CFG],
+ LQSPI_CFG_MODE_SHIFT,
+ LQSPI_CFG_MODE_WIDTH));
+ }
+ /* dummy bytes */
+ for (i = 0; i < (extract32(s->regs[R_LQSPI_CFG], LQSPI_CFG_DUMMY_SHIFT,
+ LQSPI_CFG_DUMMY_WIDTH)); ++i) {
+ DB_PRINT_L(0, "pushing dummy byte\n");
+ fifo8_push(&s->tx_fifo, 0);
+ }
+ xilinx_spips_update_cs_lines(s);
+ xilinx_spips_flush_txfifo(s);
+ fifo8_reset(&s->rx_fifo);
+
+ DB_PRINT_L(0, "starting QSPI data read\n");
+
+ while (cache_entry < LQSPI_CACHE_SIZE) {
+ for (i = 0; i < 64; ++i) {
+ tx_data_bytes(s, 0, 1);
+ }
+ xilinx_spips_flush_txfifo(s);
+ for (i = 0; i < 64; ++i) {
+ rx_data_bytes(s, &q->lqspi_buf[cache_entry++], 1);
+ }
+ }
+
+ s->regs[R_LQSPI_STS] &= ~LQSPI_CFG_U_PAGE;
+ s->regs[R_LQSPI_STS] |= u_page_save;
+ xilinx_spips_update_cs_lines(s);
+
+ q->lqspi_cached_addr = flash_addr * num_effective_busses(s);
+ return lqspi_read(opaque, addr, size);
+ }
+}
+
+static const MemoryRegionOps lqspi_ops = {
+ .read = lqspi_read,
+ .endianness = DEVICE_NATIVE_ENDIAN,
+ .valid = {
+ .min_access_size = 1,
+ .max_access_size = 4
+ }
+};
+
+static void xilinx_spips_realize(DeviceState *dev, Error **errp)
+{
+ XilinxSPIPS *s = XILINX_SPIPS(dev);
+ SysBusDevice *sbd = SYS_BUS_DEVICE(dev);
+ XilinxSPIPSClass *xsc = XILINX_SPIPS_GET_CLASS(s);
+ int i;
+
+ DB_PRINT_L(0, "realized spips\n");
+
+ s->spi = g_new(SSIBus *, s->num_busses);
+ for (i = 0; i < s->num_busses; ++i) {
+ char bus_name[16];
+ snprintf(bus_name, 16, "spi%d", i);
+ s->spi[i] = ssi_create_bus(dev, bus_name);
+ }
+
+ s->cs_lines = g_new0(qemu_irq, s->num_cs * s->num_busses);
+ ssi_auto_connect_slaves(DEVICE(s), s->cs_lines, s->spi[0]);
+ ssi_auto_connect_slaves(DEVICE(s), s->cs_lines, s->spi[1]);
+ sysbus_init_irq(sbd, &s->irq);
+ for (i = 0; i < s->num_cs * s->num_busses; ++i) {
+ sysbus_init_irq(sbd, &s->cs_lines[i]);
+ }
+
+ memory_region_init_io(&s->iomem, OBJECT(s), xsc->reg_ops, s,
+ "spi", R_MAX*4);
+ sysbus_init_mmio(sbd, &s->iomem);
+
+ s->irqline = -1;
+
+ fifo8_create(&s->rx_fifo, xsc->rx_fifo_size);
+ fifo8_create(&s->tx_fifo, xsc->tx_fifo_size);
+}
+
+static void xilinx_qspips_realize(DeviceState *dev, Error **errp)
+{
+ XilinxSPIPS *s = XILINX_SPIPS(dev);
+ XilinxQSPIPS *q = XILINX_QSPIPS(dev);
+ SysBusDevice *sbd = SYS_BUS_DEVICE(dev);
+
+ DB_PRINT_L(0, "realized qspips\n");
+
+ s->num_busses = 2;
+ s->num_cs = 2;
+ s->num_txrx_bytes = 4;
+
+ xilinx_spips_realize(dev, errp);
+ memory_region_init_io(&s->mmlqspi, OBJECT(s), &lqspi_ops, s, "lqspi",
+ (1 << LQSPI_ADDRESS_BITS) * 2);
+ sysbus_init_mmio(sbd, &s->mmlqspi);
+
+ q->lqspi_cached_addr = ~0ULL;
+}
+
+static int xilinx_spips_post_load(void *opaque, int version_id)
+{
+ xilinx_spips_update_ixr((XilinxSPIPS *)opaque);
+ xilinx_spips_update_cs_lines((XilinxSPIPS *)opaque);
+ return 0;
+}
+
+static const VMStateDescription vmstate_xilinx_spips = {
+ .name = "xilinx_spips",
+ .version_id = 2,
+ .minimum_version_id = 2,
+ .minimum_version_id_old = 2,
+ .post_load = xilinx_spips_post_load,
+ .fields = (VMStateField[]) {
+ VMSTATE_FIFO8(tx_fifo, XilinxSPIPS),
+ VMSTATE_FIFO8(rx_fifo, XilinxSPIPS),
+ VMSTATE_UINT32_ARRAY(regs, XilinxSPIPS, R_MAX),
+ VMSTATE_UINT8(snoop_state, XilinxSPIPS),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+static Property xilinx_spips_properties[] = {
+ DEFINE_PROP_UINT8("num-busses", XilinxSPIPS, num_busses, 1),
+ DEFINE_PROP_UINT8("num-ss-bits", XilinxSPIPS, num_cs, 4),
+ DEFINE_PROP_UINT8("num-txrx-bytes", XilinxSPIPS, num_txrx_bytes, 1),
+ DEFINE_PROP_END_OF_LIST(),
+};
+
+static void xilinx_qspips_class_init(ObjectClass *klass, void * data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ XilinxSPIPSClass *xsc = XILINX_SPIPS_CLASS(klass);
+
+ dc->realize = xilinx_qspips_realize;
+ xsc->reg_ops = &qspips_ops;
+ xsc->rx_fifo_size = RXFF_A_Q;
+ xsc->tx_fifo_size = TXFF_A_Q;
+}
+
+static void xilinx_spips_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ XilinxSPIPSClass *xsc = XILINX_SPIPS_CLASS(klass);
+
+ dc->realize = xilinx_spips_realize;
+ dc->reset = xilinx_spips_reset;
+ dc->props = xilinx_spips_properties;
+ dc->vmsd = &vmstate_xilinx_spips;
+
+ xsc->reg_ops = &spips_ops;
+ xsc->rx_fifo_size = RXFF_A;
+ xsc->tx_fifo_size = TXFF_A;
+}
+
+static const TypeInfo xilinx_spips_info = {
+ .name = TYPE_XILINX_SPIPS,
+ .parent = TYPE_SYS_BUS_DEVICE,
+ .instance_size = sizeof(XilinxSPIPS),
+ .class_init = xilinx_spips_class_init,
+ .class_size = sizeof(XilinxSPIPSClass),
+};
+
+static const TypeInfo xilinx_qspips_info = {
+ .name = TYPE_XILINX_QSPIPS,
+ .parent = TYPE_XILINX_SPIPS,
+ .instance_size = sizeof(XilinxQSPIPS),
+ .class_init = xilinx_qspips_class_init,
+};
+
+static void xilinx_spips_register_types(void)
+{
+ type_register_static(&xilinx_spips_info);
+ type_register_static(&xilinx_qspips_info);
+}
+
+type_init(xilinx_spips_register_types)
diff --git a/hw/stellaris.c b/hw/stellaris.c
deleted file mode 100644
index b038f10f3..000000000
--- a/hw/stellaris.c
+++ /dev/null
@@ -1,1399 +0,0 @@
-/*
- * Luminary Micro Stellaris peripherals
- *
- * Copyright (c) 2006 CodeSourcery.
- * Written by Paul Brook
- *
- * This code is licensed under the GPL.
- */
-
-#include "sysbus.h"
-#include "ssi.h"
-#include "arm-misc.h"
-#include "devices.h"
-#include "qemu-timer.h"
-#include "i2c.h"
-#include "net.h"
-#include "boards.h"
-#include "exec-memory.h"
-
-#define GPIO_A 0
-#define GPIO_B 1
-#define GPIO_C 2
-#define GPIO_D 3
-#define GPIO_E 4
-#define GPIO_F 5
-#define GPIO_G 6
-
-#define BP_OLED_I2C 0x01
-#define BP_OLED_SSI 0x02
-#define BP_GAMEPAD 0x04
-
-typedef const struct {
- const char *name;
- uint32_t did0;
- uint32_t did1;
- uint32_t dc0;
- uint32_t dc1;
- uint32_t dc2;
- uint32_t dc3;
- uint32_t dc4;
- uint32_t peripherals;
-} stellaris_board_info;
-
-/* General purpose timer module. */
-
-typedef struct gptm_state {
- SysBusDevice busdev;
- MemoryRegion iomem;
- uint32_t config;
- uint32_t mode[2];
- uint32_t control;
- uint32_t state;
- uint32_t mask;
- uint32_t load[2];
- uint32_t match[2];
- uint32_t prescale[2];
- uint32_t match_prescale[2];
- uint32_t rtc;
- int64_t tick[2];
- struct gptm_state *opaque[2];
- QEMUTimer *timer[2];
- /* The timers have an alternate output used to trigger the ADC. */
- qemu_irq trigger;
- qemu_irq irq;
-} gptm_state;
-
-static void gptm_update_irq(gptm_state *s)
-{
- int level;
- level = (s->state & s->mask) != 0;
- qemu_set_irq(s->irq, level);
-}
-
-static void gptm_stop(gptm_state *s, int n)
-{
- qemu_del_timer(s->timer[n]);
-}
-
-static void gptm_reload(gptm_state *s, int n, int reset)
-{
- int64_t tick;
- if (reset)
- tick = qemu_get_clock_ns(vm_clock);
- else
- tick = s->tick[n];
-
- if (s->config == 0) {
- /* 32-bit CountDown. */
- uint32_t count;
- count = s->load[0] | (s->load[1] << 16);
- tick += (int64_t)count * system_clock_scale;
- } else if (s->config == 1) {
- /* 32-bit RTC. 1Hz tick. */
- tick += get_ticks_per_sec();
- } else if (s->mode[n] == 0xa) {
- /* PWM mode. Not implemented. */
- } else {
- hw_error("TODO: 16-bit timer mode 0x%x\n", s->mode[n]);
- }
- s->tick[n] = tick;
- qemu_mod_timer(s->timer[n], tick);
-}
-
-static void gptm_tick(void *opaque)
-{
- gptm_state **p = (gptm_state **)opaque;
- gptm_state *s;
- int n;
-
- s = *p;
- n = p - s->opaque;
- if (s->config == 0) {
- s->state |= 1;
- if ((s->control & 0x20)) {
- /* Output trigger. */
- qemu_irq_pulse(s->trigger);
- }
- if (s->mode[0] & 1) {
- /* One-shot. */
- s->control &= ~1;
- } else {
- /* Periodic. */
- gptm_reload(s, 0, 0);
- }
- } else if (s->config == 1) {
- /* RTC. */
- uint32_t match;
- s->rtc++;
- match = s->match[0] | (s->match[1] << 16);
- if (s->rtc > match)
- s->rtc = 0;
- if (s->rtc == 0) {
- s->state |= 8;
- }
- gptm_reload(s, 0, 0);
- } else if (s->mode[n] == 0xa) {
- /* PWM mode. Not implemented. */
- } else {
- hw_error("TODO: 16-bit timer mode 0x%x\n", s->mode[n]);
- }
- gptm_update_irq(s);
-}
-
-static uint64_t gptm_read(void *opaque, hwaddr offset,
- unsigned size)
-{
- gptm_state *s = (gptm_state *)opaque;
-
- switch (offset) {
- case 0x00: /* CFG */
- return s->config;
- case 0x04: /* TAMR */
- return s->mode[0];
- case 0x08: /* TBMR */
- return s->mode[1];
- case 0x0c: /* CTL */
- return s->control;
- case 0x18: /* IMR */
- return s->mask;
- case 0x1c: /* RIS */
- return s->state;
- case 0x20: /* MIS */
- return s->state & s->mask;
- case 0x24: /* CR */
- return 0;
- case 0x28: /* TAILR */
- return s->load[0] | ((s->config < 4) ? (s->load[1] << 16) : 0);
- case 0x2c: /* TBILR */
- return s->load[1];
- case 0x30: /* TAMARCHR */
- return s->match[0] | ((s->config < 4) ? (s->match[1] << 16) : 0);
- case 0x34: /* TBMATCHR */
- return s->match[1];
- case 0x38: /* TAPR */
- return s->prescale[0];
- case 0x3c: /* TBPR */
- return s->prescale[1];
- case 0x40: /* TAPMR */
- return s->match_prescale[0];
- case 0x44: /* TBPMR */
- return s->match_prescale[1];
- case 0x48: /* TAR */
- if (s->control == 1)
- return s->rtc;
- case 0x4c: /* TBR */
- hw_error("TODO: Timer value read\n");
- default:
- hw_error("gptm_read: Bad offset 0x%x\n", (int)offset);
- return 0;
- }
-}
-
-static void gptm_write(void *opaque, hwaddr offset,
- uint64_t value, unsigned size)
-{
- gptm_state *s = (gptm_state *)opaque;
- uint32_t oldval;
-
- /* The timers should be disabled before changing the configuration.
- We take advantage of this and defer everything until the timer
- is enabled. */
- switch (offset) {
- case 0x00: /* CFG */
- s->config = value;
- break;
- case 0x04: /* TAMR */
- s->mode[0] = value;
- break;
- case 0x08: /* TBMR */
- s->mode[1] = value;
- break;
- case 0x0c: /* CTL */
- oldval = s->control;
- s->control = value;
- /* TODO: Implement pause. */
- if ((oldval ^ value) & 1) {
- if (value & 1) {
- gptm_reload(s, 0, 1);
- } else {
- gptm_stop(s, 0);
- }
- }
- if (((oldval ^ value) & 0x100) && s->config >= 4) {
- if (value & 0x100) {
- gptm_reload(s, 1, 1);
- } else {
- gptm_stop(s, 1);
- }
- }
- break;
- case 0x18: /* IMR */
- s->mask = value & 0x77;
- gptm_update_irq(s);
- break;
- case 0x24: /* CR */
- s->state &= ~value;
- break;
- case 0x28: /* TAILR */
- s->load[0] = value & 0xffff;
- if (s->config < 4) {
- s->load[1] = value >> 16;
- }
- break;
- case 0x2c: /* TBILR */
- s->load[1] = value & 0xffff;
- break;
- case 0x30: /* TAMARCHR */
- s->match[0] = value & 0xffff;
- if (s->config < 4) {
- s->match[1] = value >> 16;
- }
- break;
- case 0x34: /* TBMATCHR */
- s->match[1] = value >> 16;
- break;
- case 0x38: /* TAPR */
- s->prescale[0] = value;
- break;
- case 0x3c: /* TBPR */
- s->prescale[1] = value;
- break;
- case 0x40: /* TAPMR */
- s->match_prescale[0] = value;
- break;
- case 0x44: /* TBPMR */
- s->match_prescale[0] = value;
- break;
- default:
- hw_error("gptm_write: Bad offset 0x%x\n", (int)offset);
- }
- gptm_update_irq(s);
-}
-
-static const MemoryRegionOps gptm_ops = {
- .read = gptm_read,
- .write = gptm_write,
- .endianness = DEVICE_NATIVE_ENDIAN,
-};
-
-static const VMStateDescription vmstate_stellaris_gptm = {
- .name = "stellaris_gptm",
- .version_id = 1,
- .minimum_version_id = 1,
- .minimum_version_id_old = 1,
- .fields = (VMStateField[]) {
- VMSTATE_UINT32(config, gptm_state),
- VMSTATE_UINT32_ARRAY(mode, gptm_state, 2),
- VMSTATE_UINT32(control, gptm_state),
- VMSTATE_UINT32(state, gptm_state),
- VMSTATE_UINT32(mask, gptm_state),
- VMSTATE_UNUSED(8),
- VMSTATE_UINT32_ARRAY(load, gptm_state, 2),
- VMSTATE_UINT32_ARRAY(match, gptm_state, 2),
- VMSTATE_UINT32_ARRAY(prescale, gptm_state, 2),
- VMSTATE_UINT32_ARRAY(match_prescale, gptm_state, 2),
- VMSTATE_UINT32(rtc, gptm_state),
- VMSTATE_INT64_ARRAY(tick, gptm_state, 2),
- VMSTATE_TIMER_ARRAY(timer, gptm_state, 2),
- VMSTATE_END_OF_LIST()
- }
-};
-
-static int stellaris_gptm_init(SysBusDevice *dev)
-{
- gptm_state *s = FROM_SYSBUS(gptm_state, dev);
-
- sysbus_init_irq(dev, &s->irq);
- qdev_init_gpio_out(&dev->qdev, &s->trigger, 1);
-
- memory_region_init_io(&s->iomem, &gptm_ops, s,
- "gptm", 0x1000);
- sysbus_init_mmio(dev, &s->iomem);
-
- s->opaque[0] = s->opaque[1] = s;
- s->timer[0] = qemu_new_timer_ns(vm_clock, gptm_tick, &s->opaque[0]);
- s->timer[1] = qemu_new_timer_ns(vm_clock, gptm_tick, &s->opaque[1]);
- vmstate_register(&dev->qdev, -1, &vmstate_stellaris_gptm, s);
- return 0;
-}
-
-
-/* System controller. */
-
-typedef struct {
- MemoryRegion iomem;
- uint32_t pborctl;
- uint32_t ldopctl;
- uint32_t int_status;
- uint32_t int_mask;
- uint32_t resc;
- uint32_t rcc;
- uint32_t rcc2;
- uint32_t rcgc[3];
- uint32_t scgc[3];
- uint32_t dcgc[3];
- uint32_t clkvclr;
- uint32_t ldoarst;
- uint32_t user0;
- uint32_t user1;
- qemu_irq irq;
- stellaris_board_info *board;
-} ssys_state;
-
-static void ssys_update(ssys_state *s)
-{
- qemu_set_irq(s->irq, (s->int_status & s->int_mask) != 0);
-}
-
-static uint32_t pllcfg_sandstorm[16] = {
- 0x31c0, /* 1 Mhz */
- 0x1ae0, /* 1.8432 Mhz */
- 0x18c0, /* 2 Mhz */
- 0xd573, /* 2.4576 Mhz */
- 0x37a6, /* 3.57954 Mhz */
- 0x1ae2, /* 3.6864 Mhz */
- 0x0c40, /* 4 Mhz */
- 0x98bc, /* 4.906 Mhz */
- 0x935b, /* 4.9152 Mhz */
- 0x09c0, /* 5 Mhz */
- 0x4dee, /* 5.12 Mhz */
- 0x0c41, /* 6 Mhz */
- 0x75db, /* 6.144 Mhz */
- 0x1ae6, /* 7.3728 Mhz */
- 0x0600, /* 8 Mhz */
- 0x585b /* 8.192 Mhz */
-};
-
-static uint32_t pllcfg_fury[16] = {
- 0x3200, /* 1 Mhz */
- 0x1b20, /* 1.8432 Mhz */
- 0x1900, /* 2 Mhz */
- 0xf42b, /* 2.4576 Mhz */
- 0x37e3, /* 3.57954 Mhz */
- 0x1b21, /* 3.6864 Mhz */
- 0x0c80, /* 4 Mhz */
- 0x98ee, /* 4.906 Mhz */
- 0xd5b4, /* 4.9152 Mhz */
- 0x0a00, /* 5 Mhz */
- 0x4e27, /* 5.12 Mhz */
- 0x1902, /* 6 Mhz */
- 0xec1c, /* 6.144 Mhz */
- 0x1b23, /* 7.3728 Mhz */
- 0x0640, /* 8 Mhz */
- 0xb11c /* 8.192 Mhz */
-};
-
-#define DID0_VER_MASK 0x70000000
-#define DID0_VER_0 0x00000000
-#define DID0_VER_1 0x10000000
-
-#define DID0_CLASS_MASK 0x00FF0000
-#define DID0_CLASS_SANDSTORM 0x00000000
-#define DID0_CLASS_FURY 0x00010000
-
-static int ssys_board_class(const ssys_state *s)
-{
- uint32_t did0 = s->board->did0;
- switch (did0 & DID0_VER_MASK) {
- case DID0_VER_0:
- return DID0_CLASS_SANDSTORM;
- case DID0_VER_1:
- switch (did0 & DID0_CLASS_MASK) {
- case DID0_CLASS_SANDSTORM:
- case DID0_CLASS_FURY:
- return did0 & DID0_CLASS_MASK;
- }
- /* for unknown classes, fall through */
- default:
- hw_error("ssys_board_class: Unknown class 0x%08x\n", did0);
- }
-}
-
-static uint64_t ssys_read(void *opaque, hwaddr offset,
- unsigned size)
-{
- ssys_state *s = (ssys_state *)opaque;
-
- switch (offset) {
- case 0x000: /* DID0 */
- return s->board->did0;
- case 0x004: /* DID1 */
- return s->board->did1;
- case 0x008: /* DC0 */
- return s->board->dc0;
- case 0x010: /* DC1 */
- return s->board->dc1;
- case 0x014: /* DC2 */
- return s->board->dc2;
- case 0x018: /* DC3 */
- return s->board->dc3;
- case 0x01c: /* DC4 */
- return s->board->dc4;
- case 0x030: /* PBORCTL */
- return s->pborctl;
- case 0x034: /* LDOPCTL */
- return s->ldopctl;
- case 0x040: /* SRCR0 */
- return 0;
- case 0x044: /* SRCR1 */
- return 0;
- case 0x048: /* SRCR2 */
- return 0;
- case 0x050: /* RIS */
- return s->int_status;
- case 0x054: /* IMC */
- return s->int_mask;
- case 0x058: /* MISC */
- return s->int_status & s->int_mask;
- case 0x05c: /* RESC */
- return s->resc;
- case 0x060: /* RCC */
- return s->rcc;
- case 0x064: /* PLLCFG */
- {
- int xtal;
- xtal = (s->rcc >> 6) & 0xf;
- switch (ssys_board_class(s)) {
- case DID0_CLASS_FURY:
- return pllcfg_fury[xtal];
- case DID0_CLASS_SANDSTORM:
- return pllcfg_sandstorm[xtal];
- default:
- hw_error("ssys_read: Unhandled class for PLLCFG read.\n");
- return 0;
- }
- }
- case 0x070: /* RCC2 */
- return s->rcc2;
- case 0x100: /* RCGC0 */
- return s->rcgc[0];
- case 0x104: /* RCGC1 */
- return s->rcgc[1];
- case 0x108: /* RCGC2 */
- return s->rcgc[2];
- case 0x110: /* SCGC0 */
- return s->scgc[0];
- case 0x114: /* SCGC1 */
- return s->scgc[1];
- case 0x118: /* SCGC2 */
- return s->scgc[2];
- case 0x120: /* DCGC0 */
- return s->dcgc[0];
- case 0x124: /* DCGC1 */
- return s->dcgc[1];
- case 0x128: /* DCGC2 */
- return s->dcgc[2];
- case 0x150: /* CLKVCLR */
- return s->clkvclr;
- case 0x160: /* LDOARST */
- return s->ldoarst;
- case 0x1e0: /* USER0 */
- return s->user0;
- case 0x1e4: /* USER1 */
- return s->user1;
- default:
- hw_error("ssys_read: Bad offset 0x%x\n", (int)offset);
- return 0;
- }
-}
-
-static bool ssys_use_rcc2(ssys_state *s)
-{
- return (s->rcc2 >> 31) & 0x1;
-}
-
-/*
- * Caculate the sys. clock period in ms.
- */
-static void ssys_calculate_system_clock(ssys_state *s)
-{
- if (ssys_use_rcc2(s)) {
- system_clock_scale = 5 * (((s->rcc2 >> 23) & 0x3f) + 1);
- } else {
- system_clock_scale = 5 * (((s->rcc >> 23) & 0xf) + 1);
- }
-}
-
-static void ssys_write(void *opaque, hwaddr offset,
- uint64_t value, unsigned size)
-{
- ssys_state *s = (ssys_state *)opaque;
-
- switch (offset) {
- case 0x030: /* PBORCTL */
- s->pborctl = value & 0xffff;
- break;
- case 0x034: /* LDOPCTL */
- s->ldopctl = value & 0x1f;
- break;
- case 0x040: /* SRCR0 */
- case 0x044: /* SRCR1 */
- case 0x048: /* SRCR2 */
- fprintf(stderr, "Peripheral reset not implemented\n");
- break;
- case 0x054: /* IMC */
- s->int_mask = value & 0x7f;
- break;
- case 0x058: /* MISC */
- s->int_status &= ~value;
- break;
- case 0x05c: /* RESC */
- s->resc = value & 0x3f;
- break;
- case 0x060: /* RCC */
- if ((s->rcc & (1 << 13)) != 0 && (value & (1 << 13)) == 0) {
- /* PLL enable. */
- s->int_status |= (1 << 6);
- }
- s->rcc = value;
- ssys_calculate_system_clock(s);
- break;
- case 0x070: /* RCC2 */
- if (ssys_board_class(s) == DID0_CLASS_SANDSTORM) {
- break;
- }
-
- if ((s->rcc2 & (1 << 13)) != 0 && (value & (1 << 13)) == 0) {
- /* PLL enable. */
- s->int_status |= (1 << 6);
- }
- s->rcc2 = value;
- ssys_calculate_system_clock(s);
- break;
- case 0x100: /* RCGC0 */
- s->rcgc[0] = value;
- break;
- case 0x104: /* RCGC1 */
- s->rcgc[1] = value;
- break;
- case 0x108: /* RCGC2 */
- s->rcgc[2] = value;
- break;
- case 0x110: /* SCGC0 */
- s->scgc[0] = value;
- break;
- case 0x114: /* SCGC1 */
- s->scgc[1] = value;
- break;
- case 0x118: /* SCGC2 */
- s->scgc[2] = value;
- break;
- case 0x120: /* DCGC0 */
- s->dcgc[0] = value;
- break;
- case 0x124: /* DCGC1 */
- s->dcgc[1] = value;
- break;
- case 0x128: /* DCGC2 */
- s->dcgc[2] = value;
- break;
- case 0x150: /* CLKVCLR */
- s->clkvclr = value;
- break;
- case 0x160: /* LDOARST */
- s->ldoarst = value;
- break;
- default:
- hw_error("ssys_write: Bad offset 0x%x\n", (int)offset);
- }
- ssys_update(s);
-}
-
-static const MemoryRegionOps ssys_ops = {
- .read = ssys_read,
- .write = ssys_write,
- .endianness = DEVICE_NATIVE_ENDIAN,
-};
-
-static void ssys_reset(void *opaque)
-{
- ssys_state *s = (ssys_state *)opaque;
-
- s->pborctl = 0x7ffd;
- s->rcc = 0x078e3ac0;
-
- if (ssys_board_class(s) == DID0_CLASS_SANDSTORM) {
- s->rcc2 = 0;
- } else {
- s->rcc2 = 0x07802810;
- }
- s->rcgc[0] = 1;
- s->scgc[0] = 1;
- s->dcgc[0] = 1;
- ssys_calculate_system_clock(s);
-}
-
-static int stellaris_sys_post_load(void *opaque, int version_id)
-{
- ssys_state *s = opaque;
-
- ssys_calculate_system_clock(s);
-
- return 0;
-}
-
-static const VMStateDescription vmstate_stellaris_sys = {
- .name = "stellaris_sys",
- .version_id = 2,
- .minimum_version_id = 1,
- .minimum_version_id_old = 1,
- .post_load = stellaris_sys_post_load,
- .fields = (VMStateField[]) {
- VMSTATE_UINT32(pborctl, ssys_state),
- VMSTATE_UINT32(ldopctl, ssys_state),
- VMSTATE_UINT32(int_mask, ssys_state),
- VMSTATE_UINT32(int_status, ssys_state),
- VMSTATE_UINT32(resc, ssys_state),
- VMSTATE_UINT32(rcc, ssys_state),
- VMSTATE_UINT32_V(rcc2, ssys_state, 2),
- VMSTATE_UINT32_ARRAY(rcgc, ssys_state, 3),
- VMSTATE_UINT32_ARRAY(scgc, ssys_state, 3),
- VMSTATE_UINT32_ARRAY(dcgc, ssys_state, 3),
- VMSTATE_UINT32(clkvclr, ssys_state),
- VMSTATE_UINT32(ldoarst, ssys_state),
- VMSTATE_END_OF_LIST()
- }
-};
-
-static int stellaris_sys_init(uint32_t base, qemu_irq irq,
- stellaris_board_info * board,
- uint8_t *macaddr)
-{
- ssys_state *s;
-
- s = (ssys_state *)g_malloc0(sizeof(ssys_state));
- s->irq = irq;
- s->board = board;
- /* Most devices come preprogrammed with a MAC address in the user data. */
- s->user0 = macaddr[0] | (macaddr[1] << 8) | (macaddr[2] << 16);
- s->user1 = macaddr[3] | (macaddr[4] << 8) | (macaddr[5] << 16);
-
- memory_region_init_io(&s->iomem, &ssys_ops, s, "ssys", 0x00001000);
- memory_region_add_subregion(get_system_memory(), base, &s->iomem);
- ssys_reset(s);
- vmstate_register(NULL, -1, &vmstate_stellaris_sys, s);
- return 0;
-}
-
-
-/* I2C controller. */
-
-typedef struct {
- SysBusDevice busdev;
- i2c_bus *bus;
- qemu_irq irq;
- MemoryRegion iomem;
- uint32_t msa;
- uint32_t mcs;
- uint32_t mdr;
- uint32_t mtpr;
- uint32_t mimr;
- uint32_t mris;
- uint32_t mcr;
-} stellaris_i2c_state;
-
-#define STELLARIS_I2C_MCS_BUSY 0x01
-#define STELLARIS_I2C_MCS_ERROR 0x02
-#define STELLARIS_I2C_MCS_ADRACK 0x04
-#define STELLARIS_I2C_MCS_DATACK 0x08
-#define STELLARIS_I2C_MCS_ARBLST 0x10
-#define STELLARIS_I2C_MCS_IDLE 0x20
-#define STELLARIS_I2C_MCS_BUSBSY 0x40
-
-static uint64_t stellaris_i2c_read(void *opaque, hwaddr offset,
- unsigned size)
-{
- stellaris_i2c_state *s = (stellaris_i2c_state *)opaque;
-
- switch (offset) {
- case 0x00: /* MSA */
- return s->msa;
- case 0x04: /* MCS */
- /* We don't emulate timing, so the controller is never busy. */
- return s->mcs | STELLARIS_I2C_MCS_IDLE;
- case 0x08: /* MDR */
- return s->mdr;
- case 0x0c: /* MTPR */
- return s->mtpr;
- case 0x10: /* MIMR */
- return s->mimr;
- case 0x14: /* MRIS */
- return s->mris;
- case 0x18: /* MMIS */
- return s->mris & s->mimr;
- case 0x20: /* MCR */
- return s->mcr;
- default:
- hw_error("strllaris_i2c_read: Bad offset 0x%x\n", (int)offset);
- return 0;
- }
-}
-
-static void stellaris_i2c_update(stellaris_i2c_state *s)
-{
- int level;
-
- level = (s->mris & s->mimr) != 0;
- qemu_set_irq(s->irq, level);
-}
-
-static void stellaris_i2c_write(void *opaque, hwaddr offset,
- uint64_t value, unsigned size)
-{
- stellaris_i2c_state *s = (stellaris_i2c_state *)opaque;
-
- switch (offset) {
- case 0x00: /* MSA */
- s->msa = value & 0xff;
- break;
- case 0x04: /* MCS */
- if ((s->mcr & 0x10) == 0) {
- /* Disabled. Do nothing. */
- break;
- }
- /* Grab the bus if this is starting a transfer. */
- if ((value & 2) && (s->mcs & STELLARIS_I2C_MCS_BUSBSY) == 0) {
- if (i2c_start_transfer(s->bus, s->msa >> 1, s->msa & 1)) {
- s->mcs |= STELLARIS_I2C_MCS_ARBLST;
- } else {
- s->mcs &= ~STELLARIS_I2C_MCS_ARBLST;
- s->mcs |= STELLARIS_I2C_MCS_BUSBSY;
- }
- }
- /* If we don't have the bus then indicate an error. */
- if (!i2c_bus_busy(s->bus)
- || (s->mcs & STELLARIS_I2C_MCS_BUSBSY) == 0) {
- s->mcs |= STELLARIS_I2C_MCS_ERROR;
- break;
- }
- s->mcs &= ~STELLARIS_I2C_MCS_ERROR;
- if (value & 1) {
- /* Transfer a byte. */
- /* TODO: Handle errors. */
- if (s->msa & 1) {
- /* Recv */
- s->mdr = i2c_recv(s->bus) & 0xff;
- } else {
- /* Send */
- i2c_send(s->bus, s->mdr);
- }
- /* Raise an interrupt. */
- s->mris |= 1;
- }
- if (value & 4) {
- /* Finish transfer. */
- i2c_end_transfer(s->bus);
- s->mcs &= ~STELLARIS_I2C_MCS_BUSBSY;
- }
- break;
- case 0x08: /* MDR */
- s->mdr = value & 0xff;
- break;
- case 0x0c: /* MTPR */
- s->mtpr = value & 0xff;
- break;
- case 0x10: /* MIMR */
- s->mimr = 1;
- break;
- case 0x1c: /* MICR */
- s->mris &= ~value;
- break;
- case 0x20: /* MCR */
- if (value & 1)
- hw_error(
- "stellaris_i2c_write: Loopback not implemented\n");
- if (value & 0x20)
- hw_error(
- "stellaris_i2c_write: Slave mode not implemented\n");
- s->mcr = value & 0x31;
- break;
- default:
- hw_error("stellaris_i2c_write: Bad offset 0x%x\n",
- (int)offset);
- }
- stellaris_i2c_update(s);
-}
-
-static void stellaris_i2c_reset(stellaris_i2c_state *s)
-{
- if (s->mcs & STELLARIS_I2C_MCS_BUSBSY)
- i2c_end_transfer(s->bus);
-
- s->msa = 0;
- s->mcs = 0;
- s->mdr = 0;
- s->mtpr = 1;
- s->mimr = 0;
- s->mris = 0;
- s->mcr = 0;
- stellaris_i2c_update(s);
-}
-
-static const MemoryRegionOps stellaris_i2c_ops = {
- .read = stellaris_i2c_read,
- .write = stellaris_i2c_write,
- .endianness = DEVICE_NATIVE_ENDIAN,
-};
-
-static const VMStateDescription vmstate_stellaris_i2c = {
- .name = "stellaris_i2c",
- .version_id = 1,
- .minimum_version_id = 1,
- .minimum_version_id_old = 1,
- .fields = (VMStateField[]) {
- VMSTATE_UINT32(msa, stellaris_i2c_state),
- VMSTATE_UINT32(mcs, stellaris_i2c_state),
- VMSTATE_UINT32(mdr, stellaris_i2c_state),
- VMSTATE_UINT32(mtpr, stellaris_i2c_state),
- VMSTATE_UINT32(mimr, stellaris_i2c_state),
- VMSTATE_UINT32(mris, stellaris_i2c_state),
- VMSTATE_UINT32(mcr, stellaris_i2c_state),
- VMSTATE_END_OF_LIST()
- }
-};
-
-static int stellaris_i2c_init(SysBusDevice * dev)
-{
- stellaris_i2c_state *s = FROM_SYSBUS(stellaris_i2c_state, dev);
- i2c_bus *bus;
-
- sysbus_init_irq(dev, &s->irq);
- bus = i2c_init_bus(&dev->qdev, "i2c");
- s->bus = bus;
-
- memory_region_init_io(&s->iomem, &stellaris_i2c_ops, s,
- "i2c", 0x1000);
- sysbus_init_mmio(dev, &s->iomem);
- /* ??? For now we only implement the master interface. */
- stellaris_i2c_reset(s);
- vmstate_register(&dev->qdev, -1, &vmstate_stellaris_i2c, s);
- return 0;
-}
-
-/* Analogue to Digital Converter. This is only partially implemented,
- enough for applications that use a combined ADC and timer tick. */
-
-#define STELLARIS_ADC_EM_CONTROLLER 0
-#define STELLARIS_ADC_EM_COMP 1
-#define STELLARIS_ADC_EM_EXTERNAL 4
-#define STELLARIS_ADC_EM_TIMER 5
-#define STELLARIS_ADC_EM_PWM0 6
-#define STELLARIS_ADC_EM_PWM1 7
-#define STELLARIS_ADC_EM_PWM2 8
-
-#define STELLARIS_ADC_FIFO_EMPTY 0x0100
-#define STELLARIS_ADC_FIFO_FULL 0x1000
-
-typedef struct
-{
- SysBusDevice busdev;
- MemoryRegion iomem;
- uint32_t actss;
- uint32_t ris;
- uint32_t im;
- uint32_t emux;
- uint32_t ostat;
- uint32_t ustat;
- uint32_t sspri;
- uint32_t sac;
- struct {
- uint32_t state;
- uint32_t data[16];
- } fifo[4];
- uint32_t ssmux[4];
- uint32_t ssctl[4];
- uint32_t noise;
- qemu_irq irq[4];
-} stellaris_adc_state;
-
-static uint32_t stellaris_adc_fifo_read(stellaris_adc_state *s, int n)
-{
- int tail;
-
- tail = s->fifo[n].state & 0xf;
- if (s->fifo[n].state & STELLARIS_ADC_FIFO_EMPTY) {
- s->ustat |= 1 << n;
- } else {
- s->fifo[n].state = (s->fifo[n].state & ~0xf) | ((tail + 1) & 0xf);
- s->fifo[n].state &= ~STELLARIS_ADC_FIFO_FULL;
- if (tail + 1 == ((s->fifo[n].state >> 4) & 0xf))
- s->fifo[n].state |= STELLARIS_ADC_FIFO_EMPTY;
- }
- return s->fifo[n].data[tail];
-}
-
-static void stellaris_adc_fifo_write(stellaris_adc_state *s, int n,
- uint32_t value)
-{
- int head;
-
- /* TODO: Real hardware has limited size FIFOs. We have a full 16 entry
- FIFO fir each sequencer. */
- head = (s->fifo[n].state >> 4) & 0xf;
- if (s->fifo[n].state & STELLARIS_ADC_FIFO_FULL) {
- s->ostat |= 1 << n;
- return;
- }
- s->fifo[n].data[head] = value;
- head = (head + 1) & 0xf;
- s->fifo[n].state &= ~STELLARIS_ADC_FIFO_EMPTY;
- s->fifo[n].state = (s->fifo[n].state & ~0xf0) | (head << 4);
- if ((s->fifo[n].state & 0xf) == head)
- s->fifo[n].state |= STELLARIS_ADC_FIFO_FULL;
-}
-
-static void stellaris_adc_update(stellaris_adc_state *s)
-{
- int level;
- int n;
-
- for (n = 0; n < 4; n++) {
- level = (s->ris & s->im & (1 << n)) != 0;
- qemu_set_irq(s->irq[n], level);
- }
-}
-
-static void stellaris_adc_trigger(void *opaque, int irq, int level)
-{
- stellaris_adc_state *s = (stellaris_adc_state *)opaque;
- int n;
-
- for (n = 0; n < 4; n++) {
- if ((s->actss & (1 << n)) == 0) {
- continue;
- }
-
- if (((s->emux >> (n * 4)) & 0xff) != 5) {
- continue;
- }
-
- /* Some applications use the ADC as a random number source, so introduce
- some variation into the signal. */
- s->noise = s->noise * 314159 + 1;
- /* ??? actual inputs not implemented. Return an arbitrary value. */
- stellaris_adc_fifo_write(s, n, 0x200 + ((s->noise >> 16) & 7));
- s->ris |= (1 << n);
- stellaris_adc_update(s);
- }
-}
-
-static void stellaris_adc_reset(stellaris_adc_state *s)
-{
- int n;
-
- for (n = 0; n < 4; n++) {
- s->ssmux[n] = 0;
- s->ssctl[n] = 0;
- s->fifo[n].state = STELLARIS_ADC_FIFO_EMPTY;
- }
-}
-
-static uint64_t stellaris_adc_read(void *opaque, hwaddr offset,
- unsigned size)
-{
- stellaris_adc_state *s = (stellaris_adc_state *)opaque;
-
- /* TODO: Implement this. */
- if (offset >= 0x40 && offset < 0xc0) {
- int n;
- n = (offset - 0x40) >> 5;
- switch (offset & 0x1f) {
- case 0x00: /* SSMUX */
- return s->ssmux[n];
- case 0x04: /* SSCTL */
- return s->ssctl[n];
- case 0x08: /* SSFIFO */
- return stellaris_adc_fifo_read(s, n);
- case 0x0c: /* SSFSTAT */
- return s->fifo[n].state;
- default:
- break;
- }
- }
- switch (offset) {
- case 0x00: /* ACTSS */
- return s->actss;
- case 0x04: /* RIS */
- return s->ris;
- case 0x08: /* IM */
- return s->im;
- case 0x0c: /* ISC */
- return s->ris & s->im;
- case 0x10: /* OSTAT */
- return s->ostat;
- case 0x14: /* EMUX */
- return s->emux;
- case 0x18: /* USTAT */
- return s->ustat;
- case 0x20: /* SSPRI */
- return s->sspri;
- case 0x30: /* SAC */
- return s->sac;
- default:
- hw_error("strllaris_adc_read: Bad offset 0x%x\n",
- (int)offset);
- return 0;
- }
-}
-
-static void stellaris_adc_write(void *opaque, hwaddr offset,
- uint64_t value, unsigned size)
-{
- stellaris_adc_state *s = (stellaris_adc_state *)opaque;
-
- /* TODO: Implement this. */
- if (offset >= 0x40 && offset < 0xc0) {
- int n;
- n = (offset - 0x40) >> 5;
- switch (offset & 0x1f) {
- case 0x00: /* SSMUX */
- s->ssmux[n] = value & 0x33333333;
- return;
- case 0x04: /* SSCTL */
- if (value != 6) {
- hw_error("ADC: Unimplemented sequence %" PRIx64 "\n",
- value);
- }
- s->ssctl[n] = value;
- return;
- default:
- break;
- }
- }
- switch (offset) {
- case 0x00: /* ACTSS */
- s->actss = value & 0xf;
- break;
- case 0x08: /* IM */
- s->im = value;
- break;
- case 0x0c: /* ISC */
- s->ris &= ~value;
- break;
- case 0x10: /* OSTAT */
- s->ostat &= ~value;
- break;
- case 0x14: /* EMUX */
- s->emux = value;
- break;
- case 0x18: /* USTAT */
- s->ustat &= ~value;
- break;
- case 0x20: /* SSPRI */
- s->sspri = value;
- break;
- case 0x28: /* PSSI */
- hw_error("Not implemented: ADC sample initiate\n");
- break;
- case 0x30: /* SAC */
- s->sac = value;
- break;
- default:
- hw_error("stellaris_adc_write: Bad offset 0x%x\n", (int)offset);
- }
- stellaris_adc_update(s);
-}
-
-static const MemoryRegionOps stellaris_adc_ops = {
- .read = stellaris_adc_read,
- .write = stellaris_adc_write,
- .endianness = DEVICE_NATIVE_ENDIAN,
-};
-
-static const VMStateDescription vmstate_stellaris_adc = {
- .name = "stellaris_adc",
- .version_id = 1,
- .minimum_version_id = 1,
- .minimum_version_id_old = 1,
- .fields = (VMStateField[]) {
- VMSTATE_UINT32(actss, stellaris_adc_state),
- VMSTATE_UINT32(ris, stellaris_adc_state),
- VMSTATE_UINT32(im, stellaris_adc_state),
- VMSTATE_UINT32(emux, stellaris_adc_state),
- VMSTATE_UINT32(ostat, stellaris_adc_state),
- VMSTATE_UINT32(ustat, stellaris_adc_state),
- VMSTATE_UINT32(sspri, stellaris_adc_state),
- VMSTATE_UINT32(sac, stellaris_adc_state),
- VMSTATE_UINT32(fifo[0].state, stellaris_adc_state),
- VMSTATE_UINT32_ARRAY(fifo[0].data, stellaris_adc_state, 16),
- VMSTATE_UINT32(ssmux[0], stellaris_adc_state),
- VMSTATE_UINT32(ssctl[0], stellaris_adc_state),
- VMSTATE_UINT32(fifo[1].state, stellaris_adc_state),
- VMSTATE_UINT32_ARRAY(fifo[1].data, stellaris_adc_state, 16),
- VMSTATE_UINT32(ssmux[1], stellaris_adc_state),
- VMSTATE_UINT32(ssctl[1], stellaris_adc_state),
- VMSTATE_UINT32(fifo[2].state, stellaris_adc_state),
- VMSTATE_UINT32_ARRAY(fifo[2].data, stellaris_adc_state, 16),
- VMSTATE_UINT32(ssmux[2], stellaris_adc_state),
- VMSTATE_UINT32(ssctl[2], stellaris_adc_state),
- VMSTATE_UINT32(fifo[3].state, stellaris_adc_state),
- VMSTATE_UINT32_ARRAY(fifo[3].data, stellaris_adc_state, 16),
- VMSTATE_UINT32(ssmux[3], stellaris_adc_state),
- VMSTATE_UINT32(ssctl[3], stellaris_adc_state),
- VMSTATE_UINT32(noise, stellaris_adc_state),
- VMSTATE_END_OF_LIST()
- }
-};
-
-static int stellaris_adc_init(SysBusDevice *dev)
-{
- stellaris_adc_state *s = FROM_SYSBUS(stellaris_adc_state, dev);
- int n;
-
- for (n = 0; n < 4; n++) {
- sysbus_init_irq(dev, &s->irq[n]);
- }
-
- memory_region_init_io(&s->iomem, &stellaris_adc_ops, s,
- "adc", 0x1000);
- sysbus_init_mmio(dev, &s->iomem);
- stellaris_adc_reset(s);
- qdev_init_gpio_in(&dev->qdev, stellaris_adc_trigger, 1);
- vmstate_register(&dev->qdev, -1, &vmstate_stellaris_adc, s);
- return 0;
-}
-
-/* Board init. */
-static stellaris_board_info stellaris_boards[] = {
- { "LM3S811EVB",
- 0,
- 0x0032000e,
- 0x001f001f, /* dc0 */
- 0x001132bf,
- 0x01071013,
- 0x3f0f01ff,
- 0x0000001f,
- BP_OLED_I2C
- },
- { "LM3S6965EVB",
- 0x10010002,
- 0x1073402e,
- 0x00ff007f, /* dc0 */
- 0x001133ff,
- 0x030f5317,
- 0x0f0f87ff,
- 0x5000007f,
- BP_OLED_SSI | BP_GAMEPAD
- }
-};
-
-static void stellaris_init(const char *kernel_filename, const char *cpu_model,
- stellaris_board_info *board)
-{
- static const int uart_irq[] = {5, 6, 33, 34};
- static const int timer_irq[] = {19, 21, 23, 35};
- static const uint32_t gpio_addr[7] =
- { 0x40004000, 0x40005000, 0x40006000, 0x40007000,
- 0x40024000, 0x40025000, 0x40026000};
- static const int gpio_irq[7] = {0, 1, 2, 3, 4, 30, 31};
-
- MemoryRegion *address_space_mem = get_system_memory();
- qemu_irq *pic;
- DeviceState *gpio_dev[7];
- qemu_irq gpio_in[7][8];
- qemu_irq gpio_out[7][8];
- qemu_irq adc;
- int sram_size;
- int flash_size;
- i2c_bus *i2c;
- DeviceState *dev;
- int i;
- int j;
-
- flash_size = ((board->dc0 & 0xffff) + 1) << 1;
- sram_size = (board->dc0 >> 18) + 1;
- pic = armv7m_init(address_space_mem,
- flash_size, sram_size, kernel_filename, cpu_model);
-
- if (board->dc1 & (1 << 16)) {
- dev = sysbus_create_varargs("stellaris-adc", 0x40038000,
- pic[14], pic[15], pic[16], pic[17], NULL);
- adc = qdev_get_gpio_in(dev, 0);
- } else {
- adc = NULL;
- }
- for (i = 0; i < 4; i++) {
- if (board->dc2 & (0x10000 << i)) {
- dev = sysbus_create_simple("stellaris-gptm",
- 0x40030000 + i * 0x1000,
- pic[timer_irq[i]]);
- /* TODO: This is incorrect, but we get away with it because
- the ADC output is only ever pulsed. */
- qdev_connect_gpio_out(dev, 0, adc);
- }
- }
-
- stellaris_sys_init(0x400fe000, pic[28], board, nd_table[0].macaddr.a);
-
- for (i = 0; i < 7; i++) {
- if (board->dc4 & (1 << i)) {
- gpio_dev[i] = sysbus_create_simple("pl061_luminary", gpio_addr[i],
- pic[gpio_irq[i]]);
- for (j = 0; j < 8; j++) {
- gpio_in[i][j] = qdev_get_gpio_in(gpio_dev[i], j);
- gpio_out[i][j] = NULL;
- }
- }
- }
-
- if (board->dc2 & (1 << 12)) {
- dev = sysbus_create_simple("stellaris-i2c", 0x40020000, pic[8]);
- i2c = (i2c_bus *)qdev_get_child_bus(dev, "i2c");
- if (board->peripherals & BP_OLED_I2C) {
- i2c_create_slave(i2c, "ssd0303", 0x3d);
- }
- }
-
- for (i = 0; i < 4; i++) {
- if (board->dc2 & (1 << i)) {
- sysbus_create_simple("pl011_luminary", 0x4000c000 + i * 0x1000,
- pic[uart_irq[i]]);
- }
- }
- if (board->dc2 & (1 << 4)) {
- dev = sysbus_create_simple("pl022", 0x40008000, pic[7]);
- if (board->peripherals & BP_OLED_SSI) {
- void *bus;
- DeviceState *sddev;
- DeviceState *ssddev;
-
- /* Some boards have both an OLED controller and SD card connected to
- * the same SSI port, with the SD card chip select connected to a
- * GPIO pin. Technically the OLED chip select is connected to the
- * SSI Fss pin. We do not bother emulating that as both devices
- * should never be selected simultaneously, and our OLED controller
- * ignores stray 0xff commands that occur when deselecting the SD
- * card.
- */
- bus = qdev_get_child_bus(dev, "ssi");
-
- sddev = ssi_create_slave(bus, "ssi-sd");
- ssddev = ssi_create_slave(bus, "ssd0323");
- gpio_out[GPIO_D][0] = qemu_irq_split(qdev_get_gpio_in(sddev, 0),
- qdev_get_gpio_in(ssddev, 0));
- gpio_out[GPIO_C][7] = qdev_get_gpio_in(ssddev, 1);
-
- /* Make sure the select pin is high. */
- qemu_irq_raise(gpio_out[GPIO_D][0]);
- }
- }
- if (board->dc4 & (1 << 28)) {
- DeviceState *enet;
-
- qemu_check_nic_model(&nd_table[0], "stellaris");
-
- enet = qdev_create(NULL, "stellaris_enet");
- qdev_set_nic_properties(enet, &nd_table[0]);
- qdev_init_nofail(enet);
- sysbus_mmio_map(sysbus_from_qdev(enet), 0, 0x40048000);
- sysbus_connect_irq(sysbus_from_qdev(enet), 0, pic[42]);
- }
- if (board->peripherals & BP_GAMEPAD) {
- qemu_irq gpad_irq[5];
- static const int gpad_keycode[5] = { 0xc8, 0xd0, 0xcb, 0xcd, 0x1d };
-
- gpad_irq[0] = qemu_irq_invert(gpio_in[GPIO_E][0]); /* up */
- gpad_irq[1] = qemu_irq_invert(gpio_in[GPIO_E][1]); /* down */
- gpad_irq[2] = qemu_irq_invert(gpio_in[GPIO_E][2]); /* left */
- gpad_irq[3] = qemu_irq_invert(gpio_in[GPIO_E][3]); /* right */
- gpad_irq[4] = qemu_irq_invert(gpio_in[GPIO_F][1]); /* select */
-
- stellaris_gamepad_init(5, gpad_irq, gpad_keycode);
- }
- for (i = 0; i < 7; i++) {
- if (board->dc4 & (1 << i)) {
- for (j = 0; j < 8; j++) {
- if (gpio_out[i][j]) {
- qdev_connect_gpio_out(gpio_dev[i], j, gpio_out[i][j]);
- }
- }
- }
- }
-}
-
-/* FIXME: Figure out how to generate these from stellaris_boards. */
-static void lm3s811evb_init(QEMUMachineInitArgs *args)
-{
- const char *cpu_model = args->cpu_model;
- const char *kernel_filename = args->kernel_filename;
- stellaris_init(kernel_filename, cpu_model, &stellaris_boards[0]);
-}
-
-static void lm3s6965evb_init(QEMUMachineInitArgs *args)
-{
- const char *cpu_model = args->cpu_model;
- const char *kernel_filename = args->kernel_filename;
- stellaris_init(kernel_filename, cpu_model, &stellaris_boards[1]);
-}
-
-static QEMUMachine lm3s811evb_machine = {
- .name = "lm3s811evb",
- .desc = "Stellaris LM3S811EVB",
- .init = lm3s811evb_init,
-};
-
-static QEMUMachine lm3s6965evb_machine = {
- .name = "lm3s6965evb",
- .desc = "Stellaris LM3S6965EVB",
- .init = lm3s6965evb_init,
-};
-
-static void stellaris_machine_init(void)
-{
- qemu_register_machine(&lm3s811evb_machine);
- qemu_register_machine(&lm3s6965evb_machine);
-}
-
-machine_init(stellaris_machine_init);
-
-static void stellaris_i2c_class_init(ObjectClass *klass, void *data)
-{
- SysBusDeviceClass *sdc = SYS_BUS_DEVICE_CLASS(klass);
-
- sdc->init = stellaris_i2c_init;
-}
-
-static TypeInfo stellaris_i2c_info = {
- .name = "stellaris-i2c",
- .parent = TYPE_SYS_BUS_DEVICE,
- .instance_size = sizeof(stellaris_i2c_state),
- .class_init = stellaris_i2c_class_init,
-};
-
-static void stellaris_gptm_class_init(ObjectClass *klass, void *data)
-{
- SysBusDeviceClass *sdc = SYS_BUS_DEVICE_CLASS(klass);
-
- sdc->init = stellaris_gptm_init;
-}
-
-static TypeInfo stellaris_gptm_info = {
- .name = "stellaris-gptm",
- .parent = TYPE_SYS_BUS_DEVICE,
- .instance_size = sizeof(gptm_state),
- .class_init = stellaris_gptm_class_init,
-};
-
-static void stellaris_adc_class_init(ObjectClass *klass, void *data)
-{
- SysBusDeviceClass *sdc = SYS_BUS_DEVICE_CLASS(klass);
-
- sdc->init = stellaris_adc_init;
-}
-
-static TypeInfo stellaris_adc_info = {
- .name = "stellaris-adc",
- .parent = TYPE_SYS_BUS_DEVICE,
- .instance_size = sizeof(stellaris_adc_state),
- .class_init = stellaris_adc_class_init,
-};
-
-static void stellaris_register_types(void)
-{
- type_register_static(&stellaris_i2c_info);
- type_register_static(&stellaris_gptm_info);
- type_register_static(&stellaris_adc_info);
-}
-
-type_init(stellaris_register_types)
diff --git a/hw/stellaris_enet.c b/hw/stellaris_enet.c
deleted file mode 100644
index a530b1059..000000000
--- a/hw/stellaris_enet.c
+++ /dev/null
@@ -1,449 +0,0 @@
-/*
- * Luminary Micro Stellaris Ethernet Controller
- *
- * Copyright (c) 2007 CodeSourcery.
- * Written by Paul Brook
- *
- * This code is licensed under the GPL.
- */
-#include "sysbus.h"
-#include "net.h"
-#include <zlib.h>
-
-//#define DEBUG_STELLARIS_ENET 1
-
-#ifdef DEBUG_STELLARIS_ENET
-#define DPRINTF(fmt, ...) \
-do { printf("stellaris_enet: " fmt , ## __VA_ARGS__); } while (0)
-#define BADF(fmt, ...) \
-do { fprintf(stderr, "stellaris_enet: error: " fmt , ## __VA_ARGS__); exit(1);} while (0)
-#else
-#define DPRINTF(fmt, ...) do {} while(0)
-#define BADF(fmt, ...) \
-do { fprintf(stderr, "stellaris_enet: error: " fmt , ## __VA_ARGS__);} while (0)
-#endif
-
-#define SE_INT_RX 0x01
-#define SE_INT_TXER 0x02
-#define SE_INT_TXEMP 0x04
-#define SE_INT_FOV 0x08
-#define SE_INT_RXER 0x10
-#define SE_INT_MD 0x20
-#define SE_INT_PHY 0x40
-
-#define SE_RCTL_RXEN 0x01
-#define SE_RCTL_AMUL 0x02
-#define SE_RCTL_PRMS 0x04
-#define SE_RCTL_BADCRC 0x08
-#define SE_RCTL_RSTFIFO 0x10
-
-#define SE_TCTL_TXEN 0x01
-#define SE_TCTL_PADEN 0x02
-#define SE_TCTL_CRC 0x04
-#define SE_TCTL_DUPLEX 0x08
-
-typedef struct {
- SysBusDevice busdev;
- uint32_t ris;
- uint32_t im;
- uint32_t rctl;
- uint32_t tctl;
- uint32_t thr;
- uint32_t mctl;
- uint32_t mdv;
- uint32_t mtxd;
- uint32_t mrxd;
- uint32_t np;
- int tx_frame_len;
- int tx_fifo_len;
- uint8_t tx_fifo[2048];
- /* Real hardware has a 2k fifo, which works out to be at most 31 packets.
- We implement a full 31 packet fifo. */
- struct {
- uint8_t data[2048];
- int len;
- } rx[31];
- uint8_t *rx_fifo;
- int rx_fifo_len;
- int next_packet;
- NICState *nic;
- NICConf conf;
- qemu_irq irq;
- MemoryRegion mmio;
-} stellaris_enet_state;
-
-static void stellaris_enet_update(stellaris_enet_state *s)
-{
- qemu_set_irq(s->irq, (s->ris & s->im) != 0);
-}
-
-/* TODO: Implement MAC address filtering. */
-static ssize_t stellaris_enet_receive(NetClientState *nc, const uint8_t *buf, size_t size)
-{
- stellaris_enet_state *s = DO_UPCAST(NICState, nc, nc)->opaque;
- int n;
- uint8_t *p;
- uint32_t crc;
-
- if ((s->rctl & SE_RCTL_RXEN) == 0)
- return -1;
- if (s->np >= 31) {
- DPRINTF("Packet dropped\n");
- return -1;
- }
-
- DPRINTF("Received packet len=%d\n", size);
- n = s->next_packet + s->np;
- if (n >= 31)
- n -= 31;
- s->np++;
-
- s->rx[n].len = size + 6;
- p = s->rx[n].data;
- *(p++) = (size + 6);
- *(p++) = (size + 6) >> 8;
- memcpy (p, buf, size);
- p += size;
- crc = crc32(~0, buf, size);
- *(p++) = crc;
- *(p++) = crc >> 8;
- *(p++) = crc >> 16;
- *(p++) = crc >> 24;
- /* Clear the remaining bytes in the last word. */
- if ((size & 3) != 2) {
- memset(p, 0, (6 - size) & 3);
- }
-
- s->ris |= SE_INT_RX;
- stellaris_enet_update(s);
-
- return size;
-}
-
-static int stellaris_enet_can_receive(NetClientState *nc)
-{
- stellaris_enet_state *s = DO_UPCAST(NICState, nc, nc)->opaque;
-
- if ((s->rctl & SE_RCTL_RXEN) == 0)
- return 1;
-
- return (s->np < 31);
-}
-
-static uint64_t stellaris_enet_read(void *opaque, hwaddr offset,
- unsigned size)
-{
- stellaris_enet_state *s = (stellaris_enet_state *)opaque;
- uint32_t val;
-
- switch (offset) {
- case 0x00: /* RIS */
- DPRINTF("IRQ status %02x\n", s->ris);
- return s->ris;
- case 0x04: /* IM */
- return s->im;
- case 0x08: /* RCTL */
- return s->rctl;
- case 0x0c: /* TCTL */
- return s->tctl;
- case 0x10: /* DATA */
- if (s->rx_fifo_len == 0) {
- if (s->np == 0) {
- BADF("RX underflow\n");
- return 0;
- }
- s->rx_fifo_len = s->rx[s->next_packet].len;
- s->rx_fifo = s->rx[s->next_packet].data;
- DPRINTF("RX FIFO start packet len=%d\n", s->rx_fifo_len);
- }
- val = s->rx_fifo[0] | (s->rx_fifo[1] << 8) | (s->rx_fifo[2] << 16)
- | (s->rx_fifo[3] << 24);
- s->rx_fifo += 4;
- s->rx_fifo_len -= 4;
- if (s->rx_fifo_len <= 0) {
- s->rx_fifo_len = 0;
- s->next_packet++;
- if (s->next_packet >= 31)
- s->next_packet = 0;
- s->np--;
- DPRINTF("RX done np=%d\n", s->np);
- }
- return val;
- case 0x14: /* IA0 */
- return s->conf.macaddr.a[0] | (s->conf.macaddr.a[1] << 8)
- | (s->conf.macaddr.a[2] << 16) | (s->conf.macaddr.a[3] << 24);
- case 0x18: /* IA1 */
- return s->conf.macaddr.a[4] | (s->conf.macaddr.a[5] << 8);
- case 0x1c: /* THR */
- return s->thr;
- case 0x20: /* MCTL */
- return s->mctl;
- case 0x24: /* MDV */
- return s->mdv;
- case 0x28: /* MADD */
- return 0;
- case 0x2c: /* MTXD */
- return s->mtxd;
- case 0x30: /* MRXD */
- return s->mrxd;
- case 0x34: /* NP */
- return s->np;
- case 0x38: /* TR */
- return 0;
- case 0x3c: /* Undocuented: Timestamp? */
- return 0;
- default:
- hw_error("stellaris_enet_read: Bad offset %x\n", (int)offset);
- return 0;
- }
-}
-
-static void stellaris_enet_write(void *opaque, hwaddr offset,
- uint64_t value, unsigned size)
-{
- stellaris_enet_state *s = (stellaris_enet_state *)opaque;
-
- switch (offset) {
- case 0x00: /* IACK */
- s->ris &= ~value;
- DPRINTF("IRQ ack %02x/%02x\n", value, s->ris);
- stellaris_enet_update(s);
- /* Clearing TXER also resets the TX fifo. */
- if (value & SE_INT_TXER)
- s->tx_frame_len = -1;
- break;
- case 0x04: /* IM */
- DPRINTF("IRQ mask %02x/%02x\n", value, s->ris);
- s->im = value;
- stellaris_enet_update(s);
- break;
- case 0x08: /* RCTL */
- s->rctl = value;
- if (value & SE_RCTL_RSTFIFO) {
- s->rx_fifo_len = 0;
- s->np = 0;
- stellaris_enet_update(s);
- }
- break;
- case 0x0c: /* TCTL */
- s->tctl = value;
- break;
- case 0x10: /* DATA */
- if (s->tx_frame_len == -1) {
- s->tx_frame_len = value & 0xffff;
- if (s->tx_frame_len > 2032) {
- DPRINTF("TX frame too long (%d)\n", s->tx_frame_len);
- s->tx_frame_len = 0;
- s->ris |= SE_INT_TXER;
- stellaris_enet_update(s);
- } else {
- DPRINTF("Start TX frame len=%d\n", s->tx_frame_len);
- /* The value written does not include the ethernet header. */
- s->tx_frame_len += 14;
- if ((s->tctl & SE_TCTL_CRC) == 0)
- s->tx_frame_len += 4;
- s->tx_fifo_len = 0;
- s->tx_fifo[s->tx_fifo_len++] = value >> 16;
- s->tx_fifo[s->tx_fifo_len++] = value >> 24;
- }
- } else {
- s->tx_fifo[s->tx_fifo_len++] = value;
- s->tx_fifo[s->tx_fifo_len++] = value >> 8;
- s->tx_fifo[s->tx_fifo_len++] = value >> 16;
- s->tx_fifo[s->tx_fifo_len++] = value >> 24;
- if (s->tx_fifo_len >= s->tx_frame_len) {
- /* We don't implement explicit CRC, so just chop it off. */
- if ((s->tctl & SE_TCTL_CRC) == 0)
- s->tx_frame_len -= 4;
- if ((s->tctl & SE_TCTL_PADEN) && s->tx_frame_len < 60) {
- memset(&s->tx_fifo[s->tx_frame_len], 0, 60 - s->tx_frame_len);
- s->tx_fifo_len = 60;
- }
- qemu_send_packet(&s->nic->nc, s->tx_fifo, s->tx_frame_len);
- s->tx_frame_len = -1;
- s->ris |= SE_INT_TXEMP;
- stellaris_enet_update(s);
- DPRINTF("Done TX\n");
- }
- }
- break;
- case 0x14: /* IA0 */
- s->conf.macaddr.a[0] = value;
- s->conf.macaddr.a[1] = value >> 8;
- s->conf.macaddr.a[2] = value >> 16;
- s->conf.macaddr.a[3] = value >> 24;
- break;
- case 0x18: /* IA1 */
- s->conf.macaddr.a[4] = value;
- s->conf.macaddr.a[5] = value >> 8;
- break;
- case 0x1c: /* THR */
- s->thr = value;
- break;
- case 0x20: /* MCTL */
- s->mctl = value;
- break;
- case 0x24: /* MDV */
- s->mdv = value;
- break;
- case 0x28: /* MADD */
- /* ignored. */
- break;
- case 0x2c: /* MTXD */
- s->mtxd = value & 0xff;
- break;
- case 0x30: /* MRXD */
- case 0x34: /* NP */
- case 0x38: /* TR */
- /* Ignored. */
- case 0x3c: /* Undocuented: Timestamp? */
- /* Ignored. */
- break;
- default:
- hw_error("stellaris_enet_write: Bad offset %x\n", (int)offset);
- }
-}
-
-static const MemoryRegionOps stellaris_enet_ops = {
- .read = stellaris_enet_read,
- .write = stellaris_enet_write,
- .endianness = DEVICE_NATIVE_ENDIAN,
-};
-
-static void stellaris_enet_reset(stellaris_enet_state *s)
-{
- s->mdv = 0x80;
- s->rctl = SE_RCTL_BADCRC;
- s->im = SE_INT_PHY | SE_INT_MD | SE_INT_RXER | SE_INT_FOV | SE_INT_TXEMP
- | SE_INT_TXER | SE_INT_RX;
- s->thr = 0x3f;
- s->tx_frame_len = -1;
-}
-
-static void stellaris_enet_save(QEMUFile *f, void *opaque)
-{
- stellaris_enet_state *s = (stellaris_enet_state *)opaque;
- int i;
-
- qemu_put_be32(f, s->ris);
- qemu_put_be32(f, s->im);
- qemu_put_be32(f, s->rctl);
- qemu_put_be32(f, s->tctl);
- qemu_put_be32(f, s->thr);
- qemu_put_be32(f, s->mctl);
- qemu_put_be32(f, s->mdv);
- qemu_put_be32(f, s->mtxd);
- qemu_put_be32(f, s->mrxd);
- qemu_put_be32(f, s->np);
- qemu_put_be32(f, s->tx_frame_len);
- qemu_put_be32(f, s->tx_fifo_len);
- qemu_put_buffer(f, s->tx_fifo, sizeof(s->tx_fifo));
- for (i = 0; i < 31; i++) {
- qemu_put_be32(f, s->rx[i].len);
- qemu_put_buffer(f, s->rx[i].data, sizeof(s->rx[i].data));
-
- }
- qemu_put_be32(f, s->next_packet);
- qemu_put_be32(f, s->rx_fifo - s->rx[s->next_packet].data);
- qemu_put_be32(f, s->rx_fifo_len);
-}
-
-static int stellaris_enet_load(QEMUFile *f, void *opaque, int version_id)
-{
- stellaris_enet_state *s = (stellaris_enet_state *)opaque;
- int i;
-
- if (version_id != 1)
- return -EINVAL;
-
- s->ris = qemu_get_be32(f);
- s->im = qemu_get_be32(f);
- s->rctl = qemu_get_be32(f);
- s->tctl = qemu_get_be32(f);
- s->thr = qemu_get_be32(f);
- s->mctl = qemu_get_be32(f);
- s->mdv = qemu_get_be32(f);
- s->mtxd = qemu_get_be32(f);
- s->mrxd = qemu_get_be32(f);
- s->np = qemu_get_be32(f);
- s->tx_frame_len = qemu_get_be32(f);
- s->tx_fifo_len = qemu_get_be32(f);
- qemu_get_buffer(f, s->tx_fifo, sizeof(s->tx_fifo));
- for (i = 0; i < 31; i++) {
- s->rx[i].len = qemu_get_be32(f);
- qemu_get_buffer(f, s->rx[i].data, sizeof(s->rx[i].data));
-
- }
- s->next_packet = qemu_get_be32(f);
- s->rx_fifo = s->rx[s->next_packet].data + qemu_get_be32(f);
- s->rx_fifo_len = qemu_get_be32(f);
-
- return 0;
-}
-
-static void stellaris_enet_cleanup(NetClientState *nc)
-{
- stellaris_enet_state *s = DO_UPCAST(NICState, nc, nc)->opaque;
-
- unregister_savevm(&s->busdev.qdev, "stellaris_enet", s);
-
- memory_region_destroy(&s->mmio);
-
- g_free(s);
-}
-
-static NetClientInfo net_stellaris_enet_info = {
- .type = NET_CLIENT_OPTIONS_KIND_NIC,
- .size = sizeof(NICState),
- .can_receive = stellaris_enet_can_receive,
- .receive = stellaris_enet_receive,
- .cleanup = stellaris_enet_cleanup,
-};
-
-static int stellaris_enet_init(SysBusDevice *dev)
-{
- stellaris_enet_state *s = FROM_SYSBUS(stellaris_enet_state, dev);
-
- memory_region_init_io(&s->mmio, &stellaris_enet_ops, s, "stellaris_enet",
- 0x1000);
- sysbus_init_mmio(dev, &s->mmio);
- sysbus_init_irq(dev, &s->irq);
- qemu_macaddr_default_if_unset(&s->conf.macaddr);
-
- s->nic = qemu_new_nic(&net_stellaris_enet_info, &s->conf,
- object_get_typename(OBJECT(dev)), dev->qdev.id, s);
- qemu_format_nic_info_str(&s->nic->nc, s->conf.macaddr.a);
-
- stellaris_enet_reset(s);
- register_savevm(&s->busdev.qdev, "stellaris_enet", -1, 1,
- stellaris_enet_save, stellaris_enet_load, s);
- return 0;
-}
-
-static Property stellaris_enet_properties[] = {
- DEFINE_NIC_PROPERTIES(stellaris_enet_state, conf),
- DEFINE_PROP_END_OF_LIST(),
-};
-
-static void stellaris_enet_class_init(ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS(klass);
- SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
-
- k->init = stellaris_enet_init;
- dc->props = stellaris_enet_properties;
-}
-
-static TypeInfo stellaris_enet_info = {
- .name = "stellaris_enet",
- .parent = TYPE_SYS_BUS_DEVICE,
- .instance_size = sizeof(stellaris_enet_state),
- .class_init = stellaris_enet_class_init,
-};
-
-static void stellaris_enet_register_types(void)
-{
- type_register_static(&stellaris_enet_info);
-}
-
-type_init(stellaris_enet_register_types)
diff --git a/hw/stellaris_input.c b/hw/stellaris_input.c
deleted file mode 100644
index 68c600c04..000000000
--- a/hw/stellaris_input.c
+++ /dev/null
@@ -1,89 +0,0 @@
-/*
- * Gamepad style buttons connected to IRQ/GPIO lines
- *
- * Copyright (c) 2007 CodeSourcery.
- * Written by Paul Brook
- *
- * This code is licensed under the GPL.
- */
-#include "hw.h"
-#include "devices.h"
-#include "console.h"
-
-typedef struct {
- qemu_irq irq;
- int keycode;
- uint8_t pressed;
-} gamepad_button;
-
-typedef struct {
- gamepad_button *buttons;
- int num_buttons;
- int extension;
-} gamepad_state;
-
-static void stellaris_gamepad_put_key(void * opaque, int keycode)
-{
- gamepad_state *s = (gamepad_state *)opaque;
- int i;
- int down;
-
- if (keycode == 0xe0 && !s->extension) {
- s->extension = 0x80;
- return;
- }
-
- down = (keycode & 0x80) == 0;
- keycode = (keycode & 0x7f) | s->extension;
-
- for (i = 0; i < s->num_buttons; i++) {
- if (s->buttons[i].keycode == keycode
- && s->buttons[i].pressed != down) {
- s->buttons[i].pressed = down;
- qemu_set_irq(s->buttons[i].irq, down);
- }
- }
-
- s->extension = 0;
-}
-
-static const VMStateDescription vmstate_stellaris_button = {
- .name = "stellaris_button",
- .version_id = 0,
- .minimum_version_id = 0,
- .minimum_version_id_old = 0,
- .fields = (VMStateField[]) {
- VMSTATE_UINT8(pressed, gamepad_button),
- VMSTATE_END_OF_LIST()
- }
-};
-
-static const VMStateDescription vmstate_stellaris_gamepad = {
- .name = "stellaris_gamepad",
- .version_id = 1,
- .minimum_version_id = 1,
- .minimum_version_id_old = 1,
- .fields = (VMStateField[]) {
- VMSTATE_INT32(extension, gamepad_state),
- VMSTATE_STRUCT_VARRAY_INT32(buttons, gamepad_state, num_buttons, 0,
- vmstate_stellaris_button, gamepad_button),
- VMSTATE_END_OF_LIST()
- }
-};
-
-/* Returns an array 5 ouput slots. */
-void stellaris_gamepad_init(int n, qemu_irq *irq, const int *keycode)
-{
- gamepad_state *s;
- int i;
-
- s = (gamepad_state *)g_malloc0(sizeof (gamepad_state));
- s->buttons = (gamepad_button *)g_malloc0(n * sizeof (gamepad_button));
- for (i = 0; i < n; i++) {
- s->buttons[i].irq = irq[i];
- s->buttons[i].keycode = keycode[i];
- }
- s->num_buttons = n;
- qemu_add_kbd_event_handler(stellaris_gamepad_put_key, s);
- vmstate_register(NULL, -1, &vmstate_stellaris_gamepad, s);
-}
diff --git a/hw/stream.c b/hw/stream.c
deleted file mode 100644
index be57e8b24..000000000
--- a/hw/stream.c
+++ /dev/null
@@ -1,23 +0,0 @@
-#include "stream.h"
-
-void
-stream_push(StreamSlave *sink, uint8_t *buf, size_t len, uint32_t *app)
-{
- StreamSlaveClass *k = STREAM_SLAVE_GET_CLASS(sink);
-
- k->push(sink, buf, len, app);
-}
-
-static TypeInfo stream_slave_info = {
- .name = TYPE_STREAM_SLAVE,
- .parent = TYPE_INTERFACE,
- .class_size = sizeof(StreamSlaveClass),
-};
-
-
-static void stream_slave_register_types(void)
-{
- type_register_static(&stream_slave_info);
-}
-
-type_init(stream_slave_register_types)
diff --git a/hw/stream.h b/hw/stream.h
deleted file mode 100644
index 21123a908..000000000
--- a/hw/stream.h
+++ /dev/null
@@ -1,31 +0,0 @@
-#ifndef STREAM_H
-#define STREAM_H 1
-
-#include "qemu-common.h"
-#include "qemu/object.h"
-
-/* stream slave. Used until qdev provides a generic way. */
-#define TYPE_STREAM_SLAVE "stream-slave"
-
-#define STREAM_SLAVE_CLASS(klass) \
- OBJECT_CLASS_CHECK(StreamSlaveClass, (klass), TYPE_STREAM_SLAVE)
-#define STREAM_SLAVE_GET_CLASS(obj) \
- OBJECT_GET_CLASS(StreamSlaveClass, (obj), TYPE_STREAM_SLAVE)
-#define STREAM_SLAVE(obj) \
- INTERFACE_CHECK(StreamSlave, (obj), TYPE_STREAM_SLAVE)
-
-typedef struct StreamSlave {
- Object Parent;
-} StreamSlave;
-
-typedef struct StreamSlaveClass {
- InterfaceClass parent;
-
- void (*push)(StreamSlave *obj, unsigned char *buf, size_t len,
- uint32_t *app);
-} StreamSlaveClass;
-
-void
-stream_push(StreamSlave *sink, uint8_t *buf, size_t len, uint32_t *app);
-
-#endif /* STREAM_H */
diff --git a/hw/strongarm.c b/hw/strongarm.c
deleted file mode 100644
index 43855151c..000000000
--- a/hw/strongarm.c
+++ /dev/null
@@ -1,1622 +0,0 @@
-/*
- * StrongARM SA-1100/SA-1110 emulation
- *
- * Copyright (C) 2011 Dmitry Eremin-Solenikov
- *
- * Largely based on StrongARM emulation:
- * Copyright (c) 2006 Openedhand Ltd.
- * Written by Andrzej Zaborowski <balrog@zabor.org>
- *
- * UART code based on QEMU 16550A UART emulation
- * Copyright (c) 2003-2004 Fabrice Bellard
- * Copyright (c) 2008 Citrix Systems, Inc.
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License version 2 as
- * published by the Free Software Foundation.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, see <http://www.gnu.org/licenses/>.
- *
- * Contributions after 2012-01-13 are licensed under the terms of the
- * GNU GPL, version 2 or (at your option) any later version.
- */
-#include "sysbus.h"
-#include "strongarm.h"
-#include "qemu-error.h"
-#include "arm-misc.h"
-#include "sysemu.h"
-#include "ssi.h"
-
-//#define DEBUG
-
-/*
- TODO
- - Implement cp15, c14 ?
- - Implement cp15, c15 !!! (idle used in L)
- - Implement idle mode handling/DIM
- - Implement sleep mode/Wake sources
- - Implement reset control
- - Implement memory control regs
- - PCMCIA handling
- - Maybe support MBGNT/MBREQ
- - DMA channels
- - GPCLK
- - IrDA
- - MCP
- - Enhance UART with modem signals
- */
-
-#ifdef DEBUG
-# define DPRINTF(format, ...) printf(format , ## __VA_ARGS__)
-#else
-# define DPRINTF(format, ...) do { } while (0)
-#endif
-
-static struct {
- hwaddr io_base;
- int irq;
-} sa_serial[] = {
- { 0x80010000, SA_PIC_UART1 },
- { 0x80030000, SA_PIC_UART2 },
- { 0x80050000, SA_PIC_UART3 },
- { 0, 0 }
-};
-
-/* Interrupt Controller */
-typedef struct {
- SysBusDevice busdev;
- MemoryRegion iomem;
- qemu_irq irq;
- qemu_irq fiq;
-
- uint32_t pending;
- uint32_t enabled;
- uint32_t is_fiq;
- uint32_t int_idle;
-} StrongARMPICState;
-
-#define ICIP 0x00
-#define ICMR 0x04
-#define ICLR 0x08
-#define ICFP 0x10
-#define ICPR 0x20
-#define ICCR 0x0c
-
-#define SA_PIC_SRCS 32
-
-
-static void strongarm_pic_update(void *opaque)
-{
- StrongARMPICState *s = opaque;
-
- /* FIXME: reflect DIM */
- qemu_set_irq(s->fiq, s->pending & s->enabled & s->is_fiq);
- qemu_set_irq(s->irq, s->pending & s->enabled & ~s->is_fiq);
-}
-
-static void strongarm_pic_set_irq(void *opaque, int irq, int level)
-{
- StrongARMPICState *s = opaque;
-
- if (level) {
- s->pending |= 1 << irq;
- } else {
- s->pending &= ~(1 << irq);
- }
-
- strongarm_pic_update(s);
-}
-
-static uint64_t strongarm_pic_mem_read(void *opaque, hwaddr offset,
- unsigned size)
-{
- StrongARMPICState *s = opaque;
-
- switch (offset) {
- case ICIP:
- return s->pending & ~s->is_fiq & s->enabled;
- case ICMR:
- return s->enabled;
- case ICLR:
- return s->is_fiq;
- case ICCR:
- return s->int_idle == 0;
- case ICFP:
- return s->pending & s->is_fiq & s->enabled;
- case ICPR:
- return s->pending;
- default:
- printf("%s: Bad register offset 0x" TARGET_FMT_plx "\n",
- __func__, offset);
- return 0;
- }
-}
-
-static void strongarm_pic_mem_write(void *opaque, hwaddr offset,
- uint64_t value, unsigned size)
-{
- StrongARMPICState *s = opaque;
-
- switch (offset) {
- case ICMR:
- s->enabled = value;
- break;
- case ICLR:
- s->is_fiq = value;
- break;
- case ICCR:
- s->int_idle = (value & 1) ? 0 : ~0;
- break;
- default:
- printf("%s: Bad register offset 0x" TARGET_FMT_plx "\n",
- __func__, offset);
- break;
- }
- strongarm_pic_update(s);
-}
-
-static const MemoryRegionOps strongarm_pic_ops = {
- .read = strongarm_pic_mem_read,
- .write = strongarm_pic_mem_write,
- .endianness = DEVICE_NATIVE_ENDIAN,
-};
-
-static int strongarm_pic_initfn(SysBusDevice *dev)
-{
- StrongARMPICState *s = FROM_SYSBUS(StrongARMPICState, dev);
-
- qdev_init_gpio_in(&dev->qdev, strongarm_pic_set_irq, SA_PIC_SRCS);
- memory_region_init_io(&s->iomem, &strongarm_pic_ops, s, "pic", 0x1000);
- sysbus_init_mmio(dev, &s->iomem);
- sysbus_init_irq(dev, &s->irq);
- sysbus_init_irq(dev, &s->fiq);
-
- return 0;
-}
-
-static int strongarm_pic_post_load(void *opaque, int version_id)
-{
- strongarm_pic_update(opaque);
- return 0;
-}
-
-static VMStateDescription vmstate_strongarm_pic_regs = {
- .name = "strongarm_pic",
- .version_id = 0,
- .minimum_version_id = 0,
- .minimum_version_id_old = 0,
- .post_load = strongarm_pic_post_load,
- .fields = (VMStateField[]) {
- VMSTATE_UINT32(pending, StrongARMPICState),
- VMSTATE_UINT32(enabled, StrongARMPICState),
- VMSTATE_UINT32(is_fiq, StrongARMPICState),
- VMSTATE_UINT32(int_idle, StrongARMPICState),
- VMSTATE_END_OF_LIST(),
- },
-};
-
-static void strongarm_pic_class_init(ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS(klass);
- SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
-
- k->init = strongarm_pic_initfn;
- dc->desc = "StrongARM PIC";
- dc->vmsd = &vmstate_strongarm_pic_regs;
-}
-
-static TypeInfo strongarm_pic_info = {
- .name = "strongarm_pic",
- .parent = TYPE_SYS_BUS_DEVICE,
- .instance_size = sizeof(StrongARMPICState),
- .class_init = strongarm_pic_class_init,
-};
-
-/* Real-Time Clock */
-#define RTAR 0x00 /* RTC Alarm register */
-#define RCNR 0x04 /* RTC Counter register */
-#define RTTR 0x08 /* RTC Timer Trim register */
-#define RTSR 0x10 /* RTC Status register */
-
-#define RTSR_AL (1 << 0) /* RTC Alarm detected */
-#define RTSR_HZ (1 << 1) /* RTC 1Hz detected */
-#define RTSR_ALE (1 << 2) /* RTC Alarm enable */
-#define RTSR_HZE (1 << 3) /* RTC 1Hz enable */
-
-/* 16 LSB of RTTR are clockdiv for internal trim logic,
- * trim delete isn't emulated, so
- * f = 32 768 / (RTTR_trim + 1) */
-
-typedef struct {
- SysBusDevice busdev;
- MemoryRegion iomem;
- uint32_t rttr;
- uint32_t rtsr;
- uint32_t rtar;
- uint32_t last_rcnr;
- int64_t last_hz;
- QEMUTimer *rtc_alarm;
- QEMUTimer *rtc_hz;
- qemu_irq rtc_irq;
- qemu_irq rtc_hz_irq;
-} StrongARMRTCState;
-
-static inline void strongarm_rtc_int_update(StrongARMRTCState *s)
-{
- qemu_set_irq(s->rtc_irq, s->rtsr & RTSR_AL);
- qemu_set_irq(s->rtc_hz_irq, s->rtsr & RTSR_HZ);
-}
-
-static void strongarm_rtc_hzupdate(StrongARMRTCState *s)
-{
- int64_t rt = qemu_get_clock_ms(rtc_clock);
- s->last_rcnr += ((rt - s->last_hz) << 15) /
- (1000 * ((s->rttr & 0xffff) + 1));
- s->last_hz = rt;
-}
-
-static inline void strongarm_rtc_timer_update(StrongARMRTCState *s)
-{
- if ((s->rtsr & RTSR_HZE) && !(s->rtsr & RTSR_HZ)) {
- qemu_mod_timer(s->rtc_hz, s->last_hz + 1000);
- } else {
- qemu_del_timer(s->rtc_hz);
- }
-
- if ((s->rtsr & RTSR_ALE) && !(s->rtsr & RTSR_AL)) {
- qemu_mod_timer(s->rtc_alarm, s->last_hz +
- (((s->rtar - s->last_rcnr) * 1000 *
- ((s->rttr & 0xffff) + 1)) >> 15));
- } else {
- qemu_del_timer(s->rtc_alarm);
- }
-}
-
-static inline void strongarm_rtc_alarm_tick(void *opaque)
-{
- StrongARMRTCState *s = opaque;
- s->rtsr |= RTSR_AL;
- strongarm_rtc_timer_update(s);
- strongarm_rtc_int_update(s);
-}
-
-static inline void strongarm_rtc_hz_tick(void *opaque)
-{
- StrongARMRTCState *s = opaque;
- s->rtsr |= RTSR_HZ;
- strongarm_rtc_timer_update(s);
- strongarm_rtc_int_update(s);
-}
-
-static uint64_t strongarm_rtc_read(void *opaque, hwaddr addr,
- unsigned size)
-{
- StrongARMRTCState *s = opaque;
-
- switch (addr) {
- case RTTR:
- return s->rttr;
- case RTSR:
- return s->rtsr;
- case RTAR:
- return s->rtar;
- case RCNR:
- return s->last_rcnr +
- ((qemu_get_clock_ms(rtc_clock) - s->last_hz) << 15) /
- (1000 * ((s->rttr & 0xffff) + 1));
- default:
- printf("%s: Bad register 0x" TARGET_FMT_plx "\n", __func__, addr);
- return 0;
- }
-}
-
-static void strongarm_rtc_write(void *opaque, hwaddr addr,
- uint64_t value, unsigned size)
-{
- StrongARMRTCState *s = opaque;
- uint32_t old_rtsr;
-
- switch (addr) {
- case RTTR:
- strongarm_rtc_hzupdate(s);
- s->rttr = value;
- strongarm_rtc_timer_update(s);
- break;
-
- case RTSR:
- old_rtsr = s->rtsr;
- s->rtsr = (value & (RTSR_ALE | RTSR_HZE)) |
- (s->rtsr & ~(value & (RTSR_AL | RTSR_HZ)));
-
- if (s->rtsr != old_rtsr) {
- strongarm_rtc_timer_update(s);
- }
-
- strongarm_rtc_int_update(s);
- break;
-
- case RTAR:
- s->rtar = value;
- strongarm_rtc_timer_update(s);
- break;
-
- case RCNR:
- strongarm_rtc_hzupdate(s);
- s->last_rcnr = value;
- strongarm_rtc_timer_update(s);
- break;
-
- default:
- printf("%s: Bad register 0x" TARGET_FMT_plx "\n", __func__, addr);
- }
-}
-
-static const MemoryRegionOps strongarm_rtc_ops = {
- .read = strongarm_rtc_read,
- .write = strongarm_rtc_write,
- .endianness = DEVICE_NATIVE_ENDIAN,
-};
-
-static int strongarm_rtc_init(SysBusDevice *dev)
-{
- StrongARMRTCState *s = FROM_SYSBUS(StrongARMRTCState, dev);
- struct tm tm;
-
- s->rttr = 0x0;
- s->rtsr = 0;
-
- qemu_get_timedate(&tm, 0);
-
- s->last_rcnr = (uint32_t) mktimegm(&tm);
- s->last_hz = qemu_get_clock_ms(rtc_clock);
-
- s->rtc_alarm = qemu_new_timer_ms(rtc_clock, strongarm_rtc_alarm_tick, s);
- s->rtc_hz = qemu_new_timer_ms(rtc_clock, strongarm_rtc_hz_tick, s);
-
- sysbus_init_irq(dev, &s->rtc_irq);
- sysbus_init_irq(dev, &s->rtc_hz_irq);
-
- memory_region_init_io(&s->iomem, &strongarm_rtc_ops, s, "rtc", 0x10000);
- sysbus_init_mmio(dev, &s->iomem);
-
- return 0;
-}
-
-static void strongarm_rtc_pre_save(void *opaque)
-{
- StrongARMRTCState *s = opaque;
-
- strongarm_rtc_hzupdate(s);
-}
-
-static int strongarm_rtc_post_load(void *opaque, int version_id)
-{
- StrongARMRTCState *s = opaque;
-
- strongarm_rtc_timer_update(s);
- strongarm_rtc_int_update(s);
-
- return 0;
-}
-
-static const VMStateDescription vmstate_strongarm_rtc_regs = {
- .name = "strongarm-rtc",
- .version_id = 0,
- .minimum_version_id = 0,
- .minimum_version_id_old = 0,
- .pre_save = strongarm_rtc_pre_save,
- .post_load = strongarm_rtc_post_load,
- .fields = (VMStateField[]) {
- VMSTATE_UINT32(rttr, StrongARMRTCState),
- VMSTATE_UINT32(rtsr, StrongARMRTCState),
- VMSTATE_UINT32(rtar, StrongARMRTCState),
- VMSTATE_UINT32(last_rcnr, StrongARMRTCState),
- VMSTATE_INT64(last_hz, StrongARMRTCState),
- VMSTATE_END_OF_LIST(),
- },
-};
-
-static void strongarm_rtc_sysbus_class_init(ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS(klass);
- SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
-
- k->init = strongarm_rtc_init;
- dc->desc = "StrongARM RTC Controller";
- dc->vmsd = &vmstate_strongarm_rtc_regs;
-}
-
-static TypeInfo strongarm_rtc_sysbus_info = {
- .name = "strongarm-rtc",
- .parent = TYPE_SYS_BUS_DEVICE,
- .instance_size = sizeof(StrongARMRTCState),
- .class_init = strongarm_rtc_sysbus_class_init,
-};
-
-/* GPIO */
-#define GPLR 0x00
-#define GPDR 0x04
-#define GPSR 0x08
-#define GPCR 0x0c
-#define GRER 0x10
-#define GFER 0x14
-#define GEDR 0x18
-#define GAFR 0x1c
-
-typedef struct StrongARMGPIOInfo StrongARMGPIOInfo;
-struct StrongARMGPIOInfo {
- SysBusDevice busdev;
- MemoryRegion iomem;
- qemu_irq handler[28];
- qemu_irq irqs[11];
- qemu_irq irqX;
-
- uint32_t ilevel;
- uint32_t olevel;
- uint32_t dir;
- uint32_t rising;
- uint32_t falling;
- uint32_t status;
- uint32_t gpsr;
- uint32_t gafr;
-
- uint32_t prev_level;
-};
-
-
-static void strongarm_gpio_irq_update(StrongARMGPIOInfo *s)
-{
- int i;
- for (i = 0; i < 11; i++) {
- qemu_set_irq(s->irqs[i], s->status & (1 << i));
- }
-
- qemu_set_irq(s->irqX, (s->status & ~0x7ff));
-}
-
-static void strongarm_gpio_set(void *opaque, int line, int level)
-{
- StrongARMGPIOInfo *s = opaque;
- uint32_t mask;
-
- mask = 1 << line;
-
- if (level) {
- s->status |= s->rising & mask &
- ~s->ilevel & ~s->dir;
- s->ilevel |= mask;
- } else {
- s->status |= s->falling & mask &
- s->ilevel & ~s->dir;
- s->ilevel &= ~mask;
- }
-
- if (s->status & mask) {
- strongarm_gpio_irq_update(s);
- }
-}
-
-static void strongarm_gpio_handler_update(StrongARMGPIOInfo *s)
-{
- uint32_t level, diff;
- int bit;
-
- level = s->olevel & s->dir;
-
- for (diff = s->prev_level ^ level; diff; diff ^= 1 << bit) {
- bit = ffs(diff) - 1;
- qemu_set_irq(s->handler[bit], (level >> bit) & 1);
- }
-
- s->prev_level = level;
-}
-
-static uint64_t strongarm_gpio_read(void *opaque, hwaddr offset,
- unsigned size)
-{
- StrongARMGPIOInfo *s = opaque;
-
- switch (offset) {
- case GPDR: /* GPIO Pin-Direction registers */
- return s->dir;
-
- case GPSR: /* GPIO Pin-Output Set registers */
- DPRINTF("%s: Read from a write-only register 0x" TARGET_FMT_plx "\n",
- __func__, offset);
- return s->gpsr; /* Return last written value. */
-
- case GPCR: /* GPIO Pin-Output Clear registers */
- DPRINTF("%s: Read from a write-only register 0x" TARGET_FMT_plx "\n",
- __func__, offset);
- return 31337; /* Specified as unpredictable in the docs. */
-
- case GRER: /* GPIO Rising-Edge Detect Enable registers */
- return s->rising;
-
- case GFER: /* GPIO Falling-Edge Detect Enable registers */
- return s->falling;
-
- case GAFR: /* GPIO Alternate Function registers */
- return s->gafr;
-
- case GPLR: /* GPIO Pin-Level registers */
- return (s->olevel & s->dir) |
- (s->ilevel & ~s->dir);
-
- case GEDR: /* GPIO Edge Detect Status registers */
- return s->status;
-
- default:
- printf("%s: Bad offset 0x" TARGET_FMT_plx "\n", __func__, offset);
- }
-
- return 0;
-}
-
-static void strongarm_gpio_write(void *opaque, hwaddr offset,
- uint64_t value, unsigned size)
-{
- StrongARMGPIOInfo *s = opaque;
-
- switch (offset) {
- case GPDR: /* GPIO Pin-Direction registers */
- s->dir = value;
- strongarm_gpio_handler_update(s);
- break;
-
- case GPSR: /* GPIO Pin-Output Set registers */
- s->olevel |= value;
- strongarm_gpio_handler_update(s);
- s->gpsr = value;
- break;
-
- case GPCR: /* GPIO Pin-Output Clear registers */
- s->olevel &= ~value;
- strongarm_gpio_handler_update(s);
- break;
-
- case GRER: /* GPIO Rising-Edge Detect Enable registers */
- s->rising = value;
- break;
-
- case GFER: /* GPIO Falling-Edge Detect Enable registers */
- s->falling = value;
- break;
-
- case GAFR: /* GPIO Alternate Function registers */
- s->gafr = value;
- break;
-
- case GEDR: /* GPIO Edge Detect Status registers */
- s->status &= ~value;
- strongarm_gpio_irq_update(s);
- break;
-
- default:
- printf("%s: Bad offset 0x" TARGET_FMT_plx "\n", __func__, offset);
- }
-}
-
-static const MemoryRegionOps strongarm_gpio_ops = {
- .read = strongarm_gpio_read,
- .write = strongarm_gpio_write,
- .endianness = DEVICE_NATIVE_ENDIAN,
-};
-
-static DeviceState *strongarm_gpio_init(hwaddr base,
- DeviceState *pic)
-{
- DeviceState *dev;
- int i;
-
- dev = qdev_create(NULL, "strongarm-gpio");
- qdev_init_nofail(dev);
-
- sysbus_mmio_map(sysbus_from_qdev(dev), 0, base);
- for (i = 0; i < 12; i++)
- sysbus_connect_irq(sysbus_from_qdev(dev), i,
- qdev_get_gpio_in(pic, SA_PIC_GPIO0_EDGE + i));
-
- return dev;
-}
-
-static int strongarm_gpio_initfn(SysBusDevice *dev)
-{
- StrongARMGPIOInfo *s;
- int i;
-
- s = FROM_SYSBUS(StrongARMGPIOInfo, dev);
-
- qdev_init_gpio_in(&dev->qdev, strongarm_gpio_set, 28);
- qdev_init_gpio_out(&dev->qdev, s->handler, 28);
-
- memory_region_init_io(&s->iomem, &strongarm_gpio_ops, s, "gpio", 0x1000);
-
- sysbus_init_mmio(dev, &s->iomem);
- for (i = 0; i < 11; i++) {
- sysbus_init_irq(dev, &s->irqs[i]);
- }
- sysbus_init_irq(dev, &s->irqX);
-
- return 0;
-}
-
-static const VMStateDescription vmstate_strongarm_gpio_regs = {
- .name = "strongarm-gpio",
- .version_id = 0,
- .minimum_version_id = 0,
- .minimum_version_id_old = 0,
- .fields = (VMStateField[]) {
- VMSTATE_UINT32(ilevel, StrongARMGPIOInfo),
- VMSTATE_UINT32(olevel, StrongARMGPIOInfo),
- VMSTATE_UINT32(dir, StrongARMGPIOInfo),
- VMSTATE_UINT32(rising, StrongARMGPIOInfo),
- VMSTATE_UINT32(falling, StrongARMGPIOInfo),
- VMSTATE_UINT32(status, StrongARMGPIOInfo),
- VMSTATE_UINT32(gafr, StrongARMGPIOInfo),
- VMSTATE_END_OF_LIST(),
- },
-};
-
-static void strongarm_gpio_class_init(ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS(klass);
- SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
-
- k->init = strongarm_gpio_initfn;
- dc->desc = "StrongARM GPIO controller";
-}
-
-static TypeInfo strongarm_gpio_info = {
- .name = "strongarm-gpio",
- .parent = TYPE_SYS_BUS_DEVICE,
- .instance_size = sizeof(StrongARMGPIOInfo),
- .class_init = strongarm_gpio_class_init,
-};
-
-/* Peripheral Pin Controller */
-#define PPDR 0x00
-#define PPSR 0x04
-#define PPAR 0x08
-#define PSDR 0x0c
-#define PPFR 0x10
-
-typedef struct StrongARMPPCInfo StrongARMPPCInfo;
-struct StrongARMPPCInfo {
- SysBusDevice busdev;
- MemoryRegion iomem;
- qemu_irq handler[28];
-
- uint32_t ilevel;
- uint32_t olevel;
- uint32_t dir;
- uint32_t ppar;
- uint32_t psdr;
- uint32_t ppfr;
-
- uint32_t prev_level;
-};
-
-static void strongarm_ppc_set(void *opaque, int line, int level)
-{
- StrongARMPPCInfo *s = opaque;
-
- if (level) {
- s->ilevel |= 1 << line;
- } else {
- s->ilevel &= ~(1 << line);
- }
-}
-
-static void strongarm_ppc_handler_update(StrongARMPPCInfo *s)
-{
- uint32_t level, diff;
- int bit;
-
- level = s->olevel & s->dir;
-
- for (diff = s->prev_level ^ level; diff; diff ^= 1 << bit) {
- bit = ffs(diff) - 1;
- qemu_set_irq(s->handler[bit], (level >> bit) & 1);
- }
-
- s->prev_level = level;
-}
-
-static uint64_t strongarm_ppc_read(void *opaque, hwaddr offset,
- unsigned size)
-{
- StrongARMPPCInfo *s = opaque;
-
- switch (offset) {
- case PPDR: /* PPC Pin Direction registers */
- return s->dir | ~0x3fffff;
-
- case PPSR: /* PPC Pin State registers */
- return (s->olevel & s->dir) |
- (s->ilevel & ~s->dir) |
- ~0x3fffff;
-
- case PPAR:
- return s->ppar | ~0x41000;
-
- case PSDR:
- return s->psdr;
-
- case PPFR:
- return s->ppfr | ~0x7f001;
-
- default:
- printf("%s: Bad offset 0x" TARGET_FMT_plx "\n", __func__, offset);
- }
-
- return 0;
-}
-
-static void strongarm_ppc_write(void *opaque, hwaddr offset,
- uint64_t value, unsigned size)
-{
- StrongARMPPCInfo *s = opaque;
-
- switch (offset) {
- case PPDR: /* PPC Pin Direction registers */
- s->dir = value & 0x3fffff;
- strongarm_ppc_handler_update(s);
- break;
-
- case PPSR: /* PPC Pin State registers */
- s->olevel = value & s->dir & 0x3fffff;
- strongarm_ppc_handler_update(s);
- break;
-
- case PPAR:
- s->ppar = value & 0x41000;
- break;
-
- case PSDR:
- s->psdr = value & 0x3fffff;
- break;
-
- case PPFR:
- s->ppfr = value & 0x7f001;
- break;
-
- default:
- printf("%s: Bad offset 0x" TARGET_FMT_plx "\n", __func__, offset);
- }
-}
-
-static const MemoryRegionOps strongarm_ppc_ops = {
- .read = strongarm_ppc_read,
- .write = strongarm_ppc_write,
- .endianness = DEVICE_NATIVE_ENDIAN,
-};
-
-static int strongarm_ppc_init(SysBusDevice *dev)
-{
- StrongARMPPCInfo *s;
-
- s = FROM_SYSBUS(StrongARMPPCInfo, dev);
-
- qdev_init_gpio_in(&dev->qdev, strongarm_ppc_set, 22);
- qdev_init_gpio_out(&dev->qdev, s->handler, 22);
-
- memory_region_init_io(&s->iomem, &strongarm_ppc_ops, s, "ppc", 0x1000);
-
- sysbus_init_mmio(dev, &s->iomem);
-
- return 0;
-}
-
-static const VMStateDescription vmstate_strongarm_ppc_regs = {
- .name = "strongarm-ppc",
- .version_id = 0,
- .minimum_version_id = 0,
- .minimum_version_id_old = 0,
- .fields = (VMStateField[]) {
- VMSTATE_UINT32(ilevel, StrongARMPPCInfo),
- VMSTATE_UINT32(olevel, StrongARMPPCInfo),
- VMSTATE_UINT32(dir, StrongARMPPCInfo),
- VMSTATE_UINT32(ppar, StrongARMPPCInfo),
- VMSTATE_UINT32(psdr, StrongARMPPCInfo),
- VMSTATE_UINT32(ppfr, StrongARMPPCInfo),
- VMSTATE_END_OF_LIST(),
- },
-};
-
-static void strongarm_ppc_class_init(ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS(klass);
- SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
-
- k->init = strongarm_ppc_init;
- dc->desc = "StrongARM PPC controller";
-}
-
-static TypeInfo strongarm_ppc_info = {
- .name = "strongarm-ppc",
- .parent = TYPE_SYS_BUS_DEVICE,
- .instance_size = sizeof(StrongARMPPCInfo),
- .class_init = strongarm_ppc_class_init,
-};
-
-/* UART Ports */
-#define UTCR0 0x00
-#define UTCR1 0x04
-#define UTCR2 0x08
-#define UTCR3 0x0c
-#define UTDR 0x14
-#define UTSR0 0x1c
-#define UTSR1 0x20
-
-#define UTCR0_PE (1 << 0) /* Parity enable */
-#define UTCR0_OES (1 << 1) /* Even parity */
-#define UTCR0_SBS (1 << 2) /* 2 stop bits */
-#define UTCR0_DSS (1 << 3) /* 8-bit data */
-
-#define UTCR3_RXE (1 << 0) /* Rx enable */
-#define UTCR3_TXE (1 << 1) /* Tx enable */
-#define UTCR3_BRK (1 << 2) /* Force Break */
-#define UTCR3_RIE (1 << 3) /* Rx int enable */
-#define UTCR3_TIE (1 << 4) /* Tx int enable */
-#define UTCR3_LBM (1 << 5) /* Loopback */
-
-#define UTSR0_TFS (1 << 0) /* Tx FIFO nearly empty */
-#define UTSR0_RFS (1 << 1) /* Rx FIFO nearly full */
-#define UTSR0_RID (1 << 2) /* Receiver Idle */
-#define UTSR0_RBB (1 << 3) /* Receiver begin break */
-#define UTSR0_REB (1 << 4) /* Receiver end break */
-#define UTSR0_EIF (1 << 5) /* Error in FIFO */
-
-#define UTSR1_RNE (1 << 1) /* Receive FIFO not empty */
-#define UTSR1_TNF (1 << 2) /* Transmit FIFO not full */
-#define UTSR1_PRE (1 << 3) /* Parity error */
-#define UTSR1_FRE (1 << 4) /* Frame error */
-#define UTSR1_ROR (1 << 5) /* Receive Over Run */
-
-#define RX_FIFO_PRE (1 << 8)
-#define RX_FIFO_FRE (1 << 9)
-#define RX_FIFO_ROR (1 << 10)
-
-typedef struct {
- SysBusDevice busdev;
- MemoryRegion iomem;
- CharDriverState *chr;
- qemu_irq irq;
-
- uint8_t utcr0;
- uint16_t brd;
- uint8_t utcr3;
- uint8_t utsr0;
- uint8_t utsr1;
-
- uint8_t tx_fifo[8];
- uint8_t tx_start;
- uint8_t tx_len;
- uint16_t rx_fifo[12]; /* value + error flags in high bits */
- uint8_t rx_start;
- uint8_t rx_len;
-
- uint64_t char_transmit_time; /* time to transmit a char in ticks*/
- bool wait_break_end;
- QEMUTimer *rx_timeout_timer;
- QEMUTimer *tx_timer;
-} StrongARMUARTState;
-
-static void strongarm_uart_update_status(StrongARMUARTState *s)
-{
- uint16_t utsr1 = 0;
-
- if (s->tx_len != 8) {
- utsr1 |= UTSR1_TNF;
- }
-
- if (s->rx_len != 0) {
- uint16_t ent = s->rx_fifo[s->rx_start];
-
- utsr1 |= UTSR1_RNE;
- if (ent & RX_FIFO_PRE) {
- s->utsr1 |= UTSR1_PRE;
- }
- if (ent & RX_FIFO_FRE) {
- s->utsr1 |= UTSR1_FRE;
- }
- if (ent & RX_FIFO_ROR) {
- s->utsr1 |= UTSR1_ROR;
- }
- }
-
- s->utsr1 = utsr1;
-}
-
-static void strongarm_uart_update_int_status(StrongARMUARTState *s)
-{
- uint16_t utsr0 = s->utsr0 &
- (UTSR0_REB | UTSR0_RBB | UTSR0_RID);
- int i;
-
- if ((s->utcr3 & UTCR3_TXE) &&
- (s->utcr3 & UTCR3_TIE) &&
- s->tx_len <= 4) {
- utsr0 |= UTSR0_TFS;
- }
-
- if ((s->utcr3 & UTCR3_RXE) &&
- (s->utcr3 & UTCR3_RIE) &&
- s->rx_len > 4) {
- utsr0 |= UTSR0_RFS;
- }
-
- for (i = 0; i < s->rx_len && i < 4; i++)
- if (s->rx_fifo[(s->rx_start + i) % 12] & ~0xff) {
- utsr0 |= UTSR0_EIF;
- break;
- }
-
- s->utsr0 = utsr0;
- qemu_set_irq(s->irq, utsr0);
-}
-
-static void strongarm_uart_update_parameters(StrongARMUARTState *s)
-{
- int speed, parity, data_bits, stop_bits, frame_size;
- QEMUSerialSetParams ssp;
-
- /* Start bit. */
- frame_size = 1;
- if (s->utcr0 & UTCR0_PE) {
- /* Parity bit. */
- frame_size++;
- if (s->utcr0 & UTCR0_OES) {
- parity = 'E';
- } else {
- parity = 'O';
- }
- } else {
- parity = 'N';
- }
- if (s->utcr0 & UTCR0_SBS) {
- stop_bits = 2;
- } else {
- stop_bits = 1;
- }
-
- data_bits = (s->utcr0 & UTCR0_DSS) ? 8 : 7;
- frame_size += data_bits + stop_bits;
- speed = 3686400 / 16 / (s->brd + 1);
- ssp.speed = speed;
- ssp.parity = parity;
- ssp.data_bits = data_bits;
- ssp.stop_bits = stop_bits;
- s->char_transmit_time = (get_ticks_per_sec() / speed) * frame_size;
- if (s->chr) {
- qemu_chr_fe_ioctl(s->chr, CHR_IOCTL_SERIAL_SET_PARAMS, &ssp);
- }
-
- DPRINTF(stderr, "%s speed=%d parity=%c data=%d stop=%d\n", s->chr->label,
- speed, parity, data_bits, stop_bits);
-}
-
-static void strongarm_uart_rx_to(void *opaque)
-{
- StrongARMUARTState *s = opaque;
-
- if (s->rx_len) {
- s->utsr0 |= UTSR0_RID;
- strongarm_uart_update_int_status(s);
- }
-}
-
-static void strongarm_uart_rx_push(StrongARMUARTState *s, uint16_t c)
-{
- if ((s->utcr3 & UTCR3_RXE) == 0) {
- /* rx disabled */
- return;
- }
-
- if (s->wait_break_end) {
- s->utsr0 |= UTSR0_REB;
- s->wait_break_end = false;
- }
-
- if (s->rx_len < 12) {
- s->rx_fifo[(s->rx_start + s->rx_len) % 12] = c;
- s->rx_len++;
- } else
- s->rx_fifo[(s->rx_start + 11) % 12] |= RX_FIFO_ROR;
-}
-
-static int strongarm_uart_can_receive(void *opaque)
-{
- StrongARMUARTState *s = opaque;
-
- if (s->rx_len == 12) {
- return 0;
- }
- /* It's best not to get more than 2/3 of RX FIFO, so advertise that much */
- if (s->rx_len < 8) {
- return 8 - s->rx_len;
- }
- return 1;
-}
-
-static void strongarm_uart_receive(void *opaque, const uint8_t *buf, int size)
-{
- StrongARMUARTState *s = opaque;
- int i;
-
- for (i = 0; i < size; i++) {
- strongarm_uart_rx_push(s, buf[i]);
- }
-
- /* call the timeout receive callback in 3 char transmit time */
- qemu_mod_timer(s->rx_timeout_timer,
- qemu_get_clock_ns(vm_clock) + s->char_transmit_time * 3);
-
- strongarm_uart_update_status(s);
- strongarm_uart_update_int_status(s);
-}
-
-static void strongarm_uart_event(void *opaque, int event)
-{
- StrongARMUARTState *s = opaque;
- if (event == CHR_EVENT_BREAK) {
- s->utsr0 |= UTSR0_RBB;
- strongarm_uart_rx_push(s, RX_FIFO_FRE);
- s->wait_break_end = true;
- strongarm_uart_update_status(s);
- strongarm_uart_update_int_status(s);
- }
-}
-
-static void strongarm_uart_tx(void *opaque)
-{
- StrongARMUARTState *s = opaque;
- uint64_t new_xmit_ts = qemu_get_clock_ns(vm_clock);
-
- if (s->utcr3 & UTCR3_LBM) /* loopback */ {
- strongarm_uart_receive(s, &s->tx_fifo[s->tx_start], 1);
- } else if (s->chr) {
- qemu_chr_fe_write(s->chr, &s->tx_fifo[s->tx_start], 1);
- }
-
- s->tx_start = (s->tx_start + 1) % 8;
- s->tx_len--;
- if (s->tx_len) {
- qemu_mod_timer(s->tx_timer, new_xmit_ts + s->char_transmit_time);
- }
- strongarm_uart_update_status(s);
- strongarm_uart_update_int_status(s);
-}
-
-static uint64_t strongarm_uart_read(void *opaque, hwaddr addr,
- unsigned size)
-{
- StrongARMUARTState *s = opaque;
- uint16_t ret;
-
- switch (addr) {
- case UTCR0:
- return s->utcr0;
-
- case UTCR1:
- return s->brd >> 8;
-
- case UTCR2:
- return s->brd & 0xff;
-
- case UTCR3:
- return s->utcr3;
-
- case UTDR:
- if (s->rx_len != 0) {
- ret = s->rx_fifo[s->rx_start];
- s->rx_start = (s->rx_start + 1) % 12;
- s->rx_len--;
- strongarm_uart_update_status(s);
- strongarm_uart_update_int_status(s);
- return ret;
- }
- return 0;
-
- case UTSR0:
- return s->utsr0;
-
- case UTSR1:
- return s->utsr1;
-
- default:
- printf("%s: Bad register 0x" TARGET_FMT_plx "\n", __func__, addr);
- return 0;
- }
-}
-
-static void strongarm_uart_write(void *opaque, hwaddr addr,
- uint64_t value, unsigned size)
-{
- StrongARMUARTState *s = opaque;
-
- switch (addr) {
- case UTCR0:
- s->utcr0 = value & 0x7f;
- strongarm_uart_update_parameters(s);
- break;
-
- case UTCR1:
- s->brd = (s->brd & 0xff) | ((value & 0xf) << 8);
- strongarm_uart_update_parameters(s);
- break;
-
- case UTCR2:
- s->brd = (s->brd & 0xf00) | (value & 0xff);
- strongarm_uart_update_parameters(s);
- break;
-
- case UTCR3:
- s->utcr3 = value & 0x3f;
- if ((s->utcr3 & UTCR3_RXE) == 0) {
- s->rx_len = 0;
- }
- if ((s->utcr3 & UTCR3_TXE) == 0) {
- s->tx_len = 0;
- }
- strongarm_uart_update_status(s);
- strongarm_uart_update_int_status(s);
- break;
-
- case UTDR:
- if ((s->utcr3 & UTCR3_TXE) && s->tx_len != 8) {
- s->tx_fifo[(s->tx_start + s->tx_len) % 8] = value;
- s->tx_len++;
- strongarm_uart_update_status(s);
- strongarm_uart_update_int_status(s);
- if (s->tx_len == 1) {
- strongarm_uart_tx(s);
- }
- }
- break;
-
- case UTSR0:
- s->utsr0 = s->utsr0 & ~(value &
- (UTSR0_REB | UTSR0_RBB | UTSR0_RID));
- strongarm_uart_update_int_status(s);
- break;
-
- default:
- printf("%s: Bad register 0x" TARGET_FMT_plx "\n", __func__, addr);
- }
-}
-
-static const MemoryRegionOps strongarm_uart_ops = {
- .read = strongarm_uart_read,
- .write = strongarm_uart_write,
- .endianness = DEVICE_NATIVE_ENDIAN,
-};
-
-static int strongarm_uart_init(SysBusDevice *dev)
-{
- StrongARMUARTState *s = FROM_SYSBUS(StrongARMUARTState, dev);
-
- memory_region_init_io(&s->iomem, &strongarm_uart_ops, s, "uart", 0x10000);
- sysbus_init_mmio(dev, &s->iomem);
- sysbus_init_irq(dev, &s->irq);
-
- s->rx_timeout_timer = qemu_new_timer_ns(vm_clock, strongarm_uart_rx_to, s);
- s->tx_timer = qemu_new_timer_ns(vm_clock, strongarm_uart_tx, s);
-
- if (s->chr) {
- qemu_chr_add_handlers(s->chr,
- strongarm_uart_can_receive,
- strongarm_uart_receive,
- strongarm_uart_event,
- s);
- }
-
- return 0;
-}
-
-static void strongarm_uart_reset(DeviceState *dev)
-{
- StrongARMUARTState *s = DO_UPCAST(StrongARMUARTState, busdev.qdev, dev);
-
- s->utcr0 = UTCR0_DSS; /* 8 data, no parity */
- s->brd = 23; /* 9600 */
- /* enable send & recv - this actually violates spec */
- s->utcr3 = UTCR3_TXE | UTCR3_RXE;
-
- s->rx_len = s->tx_len = 0;
-
- strongarm_uart_update_parameters(s);
- strongarm_uart_update_status(s);
- strongarm_uart_update_int_status(s);
-}
-
-static int strongarm_uart_post_load(void *opaque, int version_id)
-{
- StrongARMUARTState *s = opaque;
-
- strongarm_uart_update_parameters(s);
- strongarm_uart_update_status(s);
- strongarm_uart_update_int_status(s);
-
- /* tx and restart timer */
- if (s->tx_len) {
- strongarm_uart_tx(s);
- }
-
- /* restart rx timeout timer */
- if (s->rx_len) {
- qemu_mod_timer(s->rx_timeout_timer,
- qemu_get_clock_ns(vm_clock) + s->char_transmit_time * 3);
- }
-
- return 0;
-}
-
-static const VMStateDescription vmstate_strongarm_uart_regs = {
- .name = "strongarm-uart",
- .version_id = 0,
- .minimum_version_id = 0,
- .minimum_version_id_old = 0,
- .post_load = strongarm_uart_post_load,
- .fields = (VMStateField[]) {
- VMSTATE_UINT8(utcr0, StrongARMUARTState),
- VMSTATE_UINT16(brd, StrongARMUARTState),
- VMSTATE_UINT8(utcr3, StrongARMUARTState),
- VMSTATE_UINT8(utsr0, StrongARMUARTState),
- VMSTATE_UINT8_ARRAY(tx_fifo, StrongARMUARTState, 8),
- VMSTATE_UINT8(tx_start, StrongARMUARTState),
- VMSTATE_UINT8(tx_len, StrongARMUARTState),
- VMSTATE_UINT16_ARRAY(rx_fifo, StrongARMUARTState, 12),
- VMSTATE_UINT8(rx_start, StrongARMUARTState),
- VMSTATE_UINT8(rx_len, StrongARMUARTState),
- VMSTATE_BOOL(wait_break_end, StrongARMUARTState),
- VMSTATE_END_OF_LIST(),
- },
-};
-
-static Property strongarm_uart_properties[] = {
- DEFINE_PROP_CHR("chardev", StrongARMUARTState, chr),
- DEFINE_PROP_END_OF_LIST(),
-};
-
-static void strongarm_uart_class_init(ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS(klass);
- SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
-
- k->init = strongarm_uart_init;
- dc->desc = "StrongARM UART controller";
- dc->reset = strongarm_uart_reset;
- dc->vmsd = &vmstate_strongarm_uart_regs;
- dc->props = strongarm_uart_properties;
-}
-
-static TypeInfo strongarm_uart_info = {
- .name = "strongarm-uart",
- .parent = TYPE_SYS_BUS_DEVICE,
- .instance_size = sizeof(StrongARMUARTState),
- .class_init = strongarm_uart_class_init,
-};
-
-/* Synchronous Serial Ports */
-typedef struct {
- SysBusDevice busdev;
- MemoryRegion iomem;
- qemu_irq irq;
- SSIBus *bus;
-
- uint16_t sscr[2];
- uint16_t sssr;
-
- uint16_t rx_fifo[8];
- uint8_t rx_level;
- uint8_t rx_start;
-} StrongARMSSPState;
-
-#define SSCR0 0x60 /* SSP Control register 0 */
-#define SSCR1 0x64 /* SSP Control register 1 */
-#define SSDR 0x6c /* SSP Data register */
-#define SSSR 0x74 /* SSP Status register */
-
-/* Bitfields for above registers */
-#define SSCR0_SPI(x) (((x) & 0x30) == 0x00)
-#define SSCR0_SSP(x) (((x) & 0x30) == 0x10)
-#define SSCR0_UWIRE(x) (((x) & 0x30) == 0x20)
-#define SSCR0_PSP(x) (((x) & 0x30) == 0x30)
-#define SSCR0_SSE (1 << 7)
-#define SSCR0_DSS(x) (((x) & 0xf) + 1)
-#define SSCR1_RIE (1 << 0)
-#define SSCR1_TIE (1 << 1)
-#define SSCR1_LBM (1 << 2)
-#define SSSR_TNF (1 << 2)
-#define SSSR_RNE (1 << 3)
-#define SSSR_TFS (1 << 5)
-#define SSSR_RFS (1 << 6)
-#define SSSR_ROR (1 << 7)
-#define SSSR_RW 0x0080
-
-static void strongarm_ssp_int_update(StrongARMSSPState *s)
-{
- int level = 0;
-
- level |= (s->sssr & SSSR_ROR);
- level |= (s->sssr & SSSR_RFS) && (s->sscr[1] & SSCR1_RIE);
- level |= (s->sssr & SSSR_TFS) && (s->sscr[1] & SSCR1_TIE);
- qemu_set_irq(s->irq, level);
-}
-
-static void strongarm_ssp_fifo_update(StrongARMSSPState *s)
-{
- s->sssr &= ~SSSR_TFS;
- s->sssr &= ~SSSR_TNF;
- if (s->sscr[0] & SSCR0_SSE) {
- if (s->rx_level >= 4) {
- s->sssr |= SSSR_RFS;
- } else {
- s->sssr &= ~SSSR_RFS;
- }
- if (s->rx_level) {
- s->sssr |= SSSR_RNE;
- } else {
- s->sssr &= ~SSSR_RNE;
- }
- /* TX FIFO is never filled, so it is always in underrun
- condition if SSP is enabled */
- s->sssr |= SSSR_TFS;
- s->sssr |= SSSR_TNF;
- }
-
- strongarm_ssp_int_update(s);
-}
-
-static uint64_t strongarm_ssp_read(void *opaque, hwaddr addr,
- unsigned size)
-{
- StrongARMSSPState *s = opaque;
- uint32_t retval;
-
- switch (addr) {
- case SSCR0:
- return s->sscr[0];
- case SSCR1:
- return s->sscr[1];
- case SSSR:
- return s->sssr;
- case SSDR:
- if (~s->sscr[0] & SSCR0_SSE) {
- return 0xffffffff;
- }
- if (s->rx_level < 1) {
- printf("%s: SSP Rx Underrun\n", __func__);
- return 0xffffffff;
- }
- s->rx_level--;
- retval = s->rx_fifo[s->rx_start++];
- s->rx_start &= 0x7;
- strongarm_ssp_fifo_update(s);
- return retval;
- default:
- printf("%s: Bad register 0x" TARGET_FMT_plx "\n", __func__, addr);
- break;
- }
- return 0;
-}
-
-static void strongarm_ssp_write(void *opaque, hwaddr addr,
- uint64_t value, unsigned size)
-{
- StrongARMSSPState *s = opaque;
-
- switch (addr) {
- case SSCR0:
- s->sscr[0] = value & 0xffbf;
- if ((s->sscr[0] & SSCR0_SSE) && SSCR0_DSS(value) < 4) {
- printf("%s: Wrong data size: %i bits\n", __func__,
- (int)SSCR0_DSS(value));
- }
- if (!(value & SSCR0_SSE)) {
- s->sssr = 0;
- s->rx_level = 0;
- }
- strongarm_ssp_fifo_update(s);
- break;
-
- case SSCR1:
- s->sscr[1] = value & 0x2f;
- if (value & SSCR1_LBM) {
- printf("%s: Attempt to use SSP LBM mode\n", __func__);
- }
- strongarm_ssp_fifo_update(s);
- break;
-
- case SSSR:
- s->sssr &= ~(value & SSSR_RW);
- strongarm_ssp_int_update(s);
- break;
-
- case SSDR:
- if (SSCR0_UWIRE(s->sscr[0])) {
- value &= 0xff;
- } else
- /* Note how 32bits overflow does no harm here */
- value &= (1 << SSCR0_DSS(s->sscr[0])) - 1;
-
- /* Data goes from here to the Tx FIFO and is shifted out from
- * there directly to the slave, no need to buffer it.
- */
- if (s->sscr[0] & SSCR0_SSE) {
- uint32_t readval;
- if (s->sscr[1] & SSCR1_LBM) {
- readval = value;
- } else {
- readval = ssi_transfer(s->bus, value);
- }
-
- if (s->rx_level < 0x08) {
- s->rx_fifo[(s->rx_start + s->rx_level++) & 0x7] = readval;
- } else {
- s->sssr |= SSSR_ROR;
- }
- }
- strongarm_ssp_fifo_update(s);
- break;
-
- default:
- printf("%s: Bad register 0x" TARGET_FMT_plx "\n", __func__, addr);
- break;
- }
-}
-
-static const MemoryRegionOps strongarm_ssp_ops = {
- .read = strongarm_ssp_read,
- .write = strongarm_ssp_write,
- .endianness = DEVICE_NATIVE_ENDIAN,
-};
-
-static int strongarm_ssp_post_load(void *opaque, int version_id)
-{
- StrongARMSSPState *s = opaque;
-
- strongarm_ssp_fifo_update(s);
-
- return 0;
-}
-
-static int strongarm_ssp_init(SysBusDevice *dev)
-{
- StrongARMSSPState *s = FROM_SYSBUS(StrongARMSSPState, dev);
-
- sysbus_init_irq(dev, &s->irq);
-
- memory_region_init_io(&s->iomem, &strongarm_ssp_ops, s, "ssp", 0x1000);
- sysbus_init_mmio(dev, &s->iomem);
-
- s->bus = ssi_create_bus(&dev->qdev, "ssi");
- return 0;
-}
-
-static void strongarm_ssp_reset(DeviceState *dev)
-{
- StrongARMSSPState *s = DO_UPCAST(StrongARMSSPState, busdev.qdev, dev);
- s->sssr = 0x03; /* 3 bit data, SPI, disabled */
- s->rx_start = 0;
- s->rx_level = 0;
-}
-
-static const VMStateDescription vmstate_strongarm_ssp_regs = {
- .name = "strongarm-ssp",
- .version_id = 0,
- .minimum_version_id = 0,
- .minimum_version_id_old = 0,
- .post_load = strongarm_ssp_post_load,
- .fields = (VMStateField[]) {
- VMSTATE_UINT16_ARRAY(sscr, StrongARMSSPState, 2),
- VMSTATE_UINT16(sssr, StrongARMSSPState),
- VMSTATE_UINT16_ARRAY(rx_fifo, StrongARMSSPState, 8),
- VMSTATE_UINT8(rx_start, StrongARMSSPState),
- VMSTATE_UINT8(rx_level, StrongARMSSPState),
- VMSTATE_END_OF_LIST(),
- },
-};
-
-static void strongarm_ssp_class_init(ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS(klass);
- SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
-
- k->init = strongarm_ssp_init;
- dc->desc = "StrongARM SSP controller";
- dc->reset = strongarm_ssp_reset;
- dc->vmsd = &vmstate_strongarm_ssp_regs;
-}
-
-static TypeInfo strongarm_ssp_info = {
- .name = "strongarm-ssp",
- .parent = TYPE_SYS_BUS_DEVICE,
- .instance_size = sizeof(StrongARMSSPState),
- .class_init = strongarm_ssp_class_init,
-};
-
-/* Main CPU functions */
-StrongARMState *sa1110_init(MemoryRegion *sysmem,
- unsigned int sdram_size, const char *rev)
-{
- StrongARMState *s;
- qemu_irq *pic;
- int i;
-
- s = g_malloc0(sizeof(StrongARMState));
-
- if (!rev) {
- rev = "sa1110-b5";
- }
-
- if (strncmp(rev, "sa1110", 6)) {
- error_report("Machine requires a SA1110 processor.");
- exit(1);
- }
-
- s->cpu = cpu_arm_init(rev);
-
- if (!s->cpu) {
- error_report("Unable to find CPU definition");
- exit(1);
- }
-
- memory_region_init_ram(&s->sdram, "strongarm.sdram", sdram_size);
- vmstate_register_ram_global(&s->sdram);
- memory_region_add_subregion(sysmem, SA_SDCS0, &s->sdram);
-
- pic = arm_pic_init_cpu(s->cpu);
- s->pic = sysbus_create_varargs("strongarm_pic", 0x90050000,
- pic[ARM_PIC_CPU_IRQ], pic[ARM_PIC_CPU_FIQ], NULL);
-
- sysbus_create_varargs("pxa25x-timer", 0x90000000,
- qdev_get_gpio_in(s->pic, SA_PIC_OSTC0),
- qdev_get_gpio_in(s->pic, SA_PIC_OSTC1),
- qdev_get_gpio_in(s->pic, SA_PIC_OSTC2),
- qdev_get_gpio_in(s->pic, SA_PIC_OSTC3),
- NULL);
-
- sysbus_create_simple("strongarm-rtc", 0x90010000,
- qdev_get_gpio_in(s->pic, SA_PIC_RTC_ALARM));
-
- s->gpio = strongarm_gpio_init(0x90040000, s->pic);
-
- s->ppc = sysbus_create_varargs("strongarm-ppc", 0x90060000, NULL);
-
- for (i = 0; sa_serial[i].io_base; i++) {
- DeviceState *dev = qdev_create(NULL, "strongarm-uart");
- qdev_prop_set_chr(dev, "chardev", serial_hds[i]);
- qdev_init_nofail(dev);
- sysbus_mmio_map(sysbus_from_qdev(dev), 0,
- sa_serial[i].io_base);
- sysbus_connect_irq(sysbus_from_qdev(dev), 0,
- qdev_get_gpio_in(s->pic, sa_serial[i].irq));
- }
-
- s->ssp = sysbus_create_varargs("strongarm-ssp", 0x80070000,
- qdev_get_gpio_in(s->pic, SA_PIC_SSP), NULL);
- s->ssp_bus = (SSIBus *)qdev_get_child_bus(s->ssp, "ssi");
-
- return s;
-}
-
-static void strongarm_register_types(void)
-{
- type_register_static(&strongarm_pic_info);
- type_register_static(&strongarm_rtc_sysbus_info);
- type_register_static(&strongarm_gpio_info);
- type_register_static(&strongarm_ppc_info);
- type_register_static(&strongarm_uart_info);
- type_register_static(&strongarm_ssp_info);
-}
-
-type_init(strongarm_register_types)
diff --git a/hw/strongarm.h b/hw/strongarm.h
deleted file mode 100644
index d30dd6ac5..000000000
--- a/hw/strongarm.h
+++ /dev/null
@@ -1,68 +0,0 @@
-#ifndef _STRONGARM_H
-#define _STRONGARM_H
-
-#include "memory.h"
-
-#define SA_CS0 0x00000000
-#define SA_CS1 0x08000000
-#define SA_CS2 0x10000000
-#define SA_CS3 0x18000000
-#define SA_PCMCIA_CS0 0x20000000
-#define SA_PCMCIA_CS1 0x30000000
-#define SA_CS4 0x40000000
-#define SA_CS5 0x48000000
-/* system registers here */
-#define SA_SDCS0 0xc0000000
-#define SA_SDCS1 0xc8000000
-#define SA_SDCS2 0xd0000000
-#define SA_SDCS3 0xd8000000
-
-enum {
- SA_PIC_GPIO0_EDGE = 0,
- SA_PIC_GPIO1_EDGE,
- SA_PIC_GPIO2_EDGE,
- SA_PIC_GPIO3_EDGE,
- SA_PIC_GPIO4_EDGE,
- SA_PIC_GPIO5_EDGE,
- SA_PIC_GPIO6_EDGE,
- SA_PIC_GPIO7_EDGE,
- SA_PIC_GPIO8_EDGE,
- SA_PIC_GPIO9_EDGE,
- SA_PIC_GPIO10_EDGE,
- SA_PIC_GPIOX_EDGE,
- SA_PIC_LCD,
- SA_PIC_UDC,
- SA_PIC_RSVD1,
- SA_PIC_UART1,
- SA_PIC_UART2,
- SA_PIC_UART3,
- SA_PIC_MCP,
- SA_PIC_SSP,
- SA_PIC_DMA_CH0,
- SA_PIC_DMA_CH1,
- SA_PIC_DMA_CH2,
- SA_PIC_DMA_CH3,
- SA_PIC_DMA_CH4,
- SA_PIC_DMA_CH5,
- SA_PIC_OSTC0,
- SA_PIC_OSTC1,
- SA_PIC_OSTC2,
- SA_PIC_OSTC3,
- SA_PIC_RTC_HZ,
- SA_PIC_RTC_ALARM,
-};
-
-typedef struct {
- ARMCPU *cpu;
- MemoryRegion sdram;
- DeviceState *pic;
- DeviceState *gpio;
- DeviceState *ppc;
- DeviceState *ssp;
- SSIBus *ssp_bus;
-} StrongARMState;
-
-StrongARMState *sa1110_init(MemoryRegion *sysmem,
- unsigned int sdram_size, const char *rev);
-
-#endif
diff --git a/hw/sun4c_intctl.c b/hw/sun4c_intctl.c
deleted file mode 100644
index 702e9f544..000000000
--- a/hw/sun4c_intctl.c
+++ /dev/null
@@ -1,208 +0,0 @@
-/*
- * QEMU Sparc Sun4c interrupt controller emulation
- *
- * Based on slavio_intctl, copyright (c) 2003-2005 Fabrice Bellard
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
- * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
- * THE SOFTWARE.
- */
-
-#include "hw.h"
-#include "sun4m.h"
-#include "monitor.h"
-#include "sysbus.h"
-
-//#define DEBUG_IRQ_COUNT
-//#define DEBUG_IRQ
-
-#ifdef DEBUG_IRQ
-#define DPRINTF(fmt, ...) \
- do { printf("IRQ: " fmt , ## __VA_ARGS__); } while (0)
-#else
-#define DPRINTF(fmt, ...)
-#endif
-
-/*
- * Registers of interrupt controller in sun4c.
- *
- */
-
-#define MAX_PILS 16
-
-typedef struct Sun4c_INTCTLState {
- SysBusDevice busdev;
- MemoryRegion iomem;
-#ifdef DEBUG_IRQ_COUNT
- uint64_t irq_count;
-#endif
- qemu_irq cpu_irqs[MAX_PILS];
- const uint32_t *intbit_to_level;
- uint32_t pil_out;
- uint8_t reg;
- uint8_t pending;
-} Sun4c_INTCTLState;
-
-#define INTCTL_SIZE 1
-
-static void sun4c_check_interrupts(void *opaque);
-
-static uint64_t sun4c_intctl_mem_read(void *opaque, hwaddr addr,
- unsigned size)
-{
- Sun4c_INTCTLState *s = opaque;
- uint32_t ret;
-
- ret = s->reg;
- DPRINTF("read reg 0x" TARGET_FMT_plx " = %x\n", addr, ret);
-
- return ret;
-}
-
-static void sun4c_intctl_mem_write(void *opaque, hwaddr addr,
- uint64_t val, unsigned size)
-{
- Sun4c_INTCTLState *s = opaque;
-
- DPRINTF("write reg 0x" TARGET_FMT_plx " = %x\n", addr, (unsigned)val);
- val &= 0xbf;
- s->reg = val;
- sun4c_check_interrupts(s);
-}
-
-static const MemoryRegionOps sun4c_intctl_mem_ops = {
- .read = sun4c_intctl_mem_read,
- .write = sun4c_intctl_mem_write,
- .endianness = DEVICE_NATIVE_ENDIAN,
- .valid = {
- .min_access_size = 1,
- .max_access_size = 1,
- },
-};
-
-static const uint32_t intbit_to_level[] = { 0, 1, 4, 6, 8, 10, 0, 14, };
-
-static void sun4c_check_interrupts(void *opaque)
-{
- Sun4c_INTCTLState *s = opaque;
- uint32_t pil_pending;
- unsigned int i;
-
- pil_pending = 0;
- if (s->pending && !(s->reg & 0x80000000)) {
- for (i = 0; i < 8; i++) {
- if (s->pending & (1 << i))
- pil_pending |= 1 << intbit_to_level[i];
- }
- }
-
- for (i = 0; i < MAX_PILS; i++) {
- if (pil_pending & (1 << i)) {
- if (!(s->pil_out & (1 << i)))
- qemu_irq_raise(s->cpu_irqs[i]);
- } else {
- if (s->pil_out & (1 << i))
- qemu_irq_lower(s->cpu_irqs[i]);
- }
- }
- s->pil_out = pil_pending;
-}
-
-/*
- * "irq" here is the bit number in the system interrupt register
- */
-static void sun4c_set_irq(void *opaque, int irq, int level)
-{
- Sun4c_INTCTLState *s = opaque;
- uint32_t mask = 1 << irq;
- uint32_t pil = intbit_to_level[irq];
-
- DPRINTF("Set irq %d -> pil %d level %d\n", irq, pil,
- level);
- if (pil > 0) {
- if (level) {
-#ifdef DEBUG_IRQ_COUNT
- s->irq_count++;
-#endif
- s->pending |= mask;
- } else {
- s->pending &= ~mask;
- }
- sun4c_check_interrupts(s);
- }
-}
-
-static const VMStateDescription vmstate_sun4c_intctl = {
- .name ="sun4c_intctl",
- .version_id = 1,
- .minimum_version_id = 1,
- .minimum_version_id_old = 1,
- .fields = (VMStateField []) {
- VMSTATE_UINT8(reg, Sun4c_INTCTLState),
- VMSTATE_UINT8(pending, Sun4c_INTCTLState),
- VMSTATE_END_OF_LIST()
- }
-};
-
-static void sun4c_intctl_reset(DeviceState *d)
-{
- Sun4c_INTCTLState *s = container_of(d, Sun4c_INTCTLState, busdev.qdev);
-
- s->reg = 1;
- s->pending = 0;
-}
-
-static int sun4c_intctl_init1(SysBusDevice *dev)
-{
- Sun4c_INTCTLState *s = FROM_SYSBUS(Sun4c_INTCTLState, dev);
- unsigned int i;
-
- memory_region_init_io(&s->iomem, &sun4c_intctl_mem_ops, s,
- "intctl", INTCTL_SIZE);
- sysbus_init_mmio(dev, &s->iomem);
- qdev_init_gpio_in(&dev->qdev, sun4c_set_irq, 8);
-
- for (i = 0; i < MAX_PILS; i++) {
- sysbus_init_irq(dev, &s->cpu_irqs[i]);
- }
-
- return 0;
-}
-
-static void sun4c_intctl_class_init(ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS(klass);
- SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
-
- k->init = sun4c_intctl_init1;
- dc->reset = sun4c_intctl_reset;
- dc->vmsd = &vmstate_sun4c_intctl;
-}
-
-static TypeInfo sun4c_intctl_info = {
- .name = "sun4c_intctl",
- .parent = TYPE_SYS_BUS_DEVICE,
- .instance_size = sizeof(Sun4c_INTCTLState),
- .class_init = sun4c_intctl_class_init,
-};
-
-static void sun4c_intctl_register_types(void)
-{
- type_register_static(&sun4c_intctl_info);
-}
-
-type_init(sun4c_intctl_register_types)
diff --git a/hw/sun4m.c b/hw/sun4m.c
deleted file mode 100644
index 1a786762a..000000000
--- a/hw/sun4m.c
+++ /dev/null
@@ -1,1927 +0,0 @@
-/*
- * QEMU Sun4m & Sun4d & Sun4c System Emulator
- *
- * Copyright (c) 2003-2005 Fabrice Bellard
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
- * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
- * THE SOFTWARE.
- */
-#include "sysbus.h"
-#include "qemu-timer.h"
-#include "sun4m.h"
-#include "nvram.h"
-#include "sparc32_dma.h"
-#include "fdc.h"
-#include "sysemu.h"
-#include "net.h"
-#include "boards.h"
-#include "firmware_abi.h"
-#include "esp.h"
-#include "pc.h"
-#include "isa.h"
-#include "fw_cfg.h"
-#include "escc.h"
-#include "empty_slot.h"
-#include "qdev-addr.h"
-#include "loader.h"
-#include "elf.h"
-#include "blockdev.h"
-#include "trace.h"
-
-/*
- * Sun4m architecture was used in the following machines:
- *
- * SPARCserver 6xxMP/xx
- * SPARCclassic (SPARCclassic Server)(SPARCstation LC) (4/15),
- * SPARCclassic X (4/10)
- * SPARCstation LX/ZX (4/30)
- * SPARCstation Voyager
- * SPARCstation 10/xx, SPARCserver 10/xx
- * SPARCstation 5, SPARCserver 5
- * SPARCstation 20/xx, SPARCserver 20
- * SPARCstation 4
- *
- * Sun4d architecture was used in the following machines:
- *
- * SPARCcenter 2000
- * SPARCserver 1000
- *
- * Sun4c architecture was used in the following machines:
- * SPARCstation 1/1+, SPARCserver 1/1+
- * SPARCstation SLC
- * SPARCstation IPC
- * SPARCstation ELC
- * SPARCstation IPX
- *
- * See for example: http://www.sunhelp.org/faq/sunref1.html
- */
-
-#define KERNEL_LOAD_ADDR 0x00004000
-#define CMDLINE_ADDR 0x007ff000
-#define INITRD_LOAD_ADDR 0x00800000
-#define PROM_SIZE_MAX (1024 * 1024)
-#define PROM_VADDR 0xffd00000
-#define PROM_FILENAME "openbios-sparc32"
-#define CFG_ADDR 0xd00000510ULL
-#define FW_CFG_SUN4M_DEPTH (FW_CFG_ARCH_LOCAL + 0x00)
-
-#define MAX_CPUS 16
-#define MAX_PILS 16
-#define MAX_VSIMMS 4
-
-#define ESCC_CLOCK 4915200
-
-struct sun4m_hwdef {
- hwaddr iommu_base, iommu_pad_base, iommu_pad_len, slavio_base;
- hwaddr intctl_base, counter_base, nvram_base, ms_kb_base;
- hwaddr serial_base, fd_base;
- hwaddr afx_base, idreg_base, dma_base, esp_base, le_base;
- hwaddr tcx_base, cs_base, apc_base, aux1_base, aux2_base;
- hwaddr bpp_base, dbri_base, sx_base;
- struct {
- hwaddr reg_base, vram_base;
- } vsimm[MAX_VSIMMS];
- hwaddr ecc_base;
- uint64_t max_mem;
- const char * const default_cpu_model;
- uint32_t ecc_version;
- uint32_t iommu_version;
- uint16_t machine_id;
- uint8_t nvram_machine_id;
-};
-
-#define MAX_IOUNITS 5
-
-struct sun4d_hwdef {
- hwaddr iounit_bases[MAX_IOUNITS], slavio_base;
- hwaddr counter_base, nvram_base, ms_kb_base;
- hwaddr serial_base;
- hwaddr espdma_base, esp_base;
- hwaddr ledma_base, le_base;
- hwaddr tcx_base;
- hwaddr sbi_base;
- uint64_t max_mem;
- const char * const default_cpu_model;
- uint32_t iounit_version;
- uint16_t machine_id;
- uint8_t nvram_machine_id;
-};
-
-struct sun4c_hwdef {
- hwaddr iommu_base, slavio_base;
- hwaddr intctl_base, counter_base, nvram_base, ms_kb_base;
- hwaddr serial_base, fd_base;
- hwaddr idreg_base, dma_base, esp_base, le_base;
- hwaddr tcx_base, aux1_base;
- uint64_t max_mem;
- const char * const default_cpu_model;
- uint32_t iommu_version;
- uint16_t machine_id;
- uint8_t nvram_machine_id;
-};
-
-int DMA_get_channel_mode (int nchan)
-{
- return 0;
-}
-int DMA_read_memory (int nchan, void *buf, int pos, int size)
-{
- return 0;
-}
-int DMA_write_memory (int nchan, void *buf, int pos, int size)
-{
- return 0;
-}
-void DMA_hold_DREQ (int nchan) {}
-void DMA_release_DREQ (int nchan) {}
-void DMA_schedule(int nchan) {}
-
-void DMA_init(int high_page_enable, qemu_irq *cpu_request_exit)
-{
-}
-
-void DMA_register_channel (int nchan,
- DMA_transfer_handler transfer_handler,
- void *opaque)
-{
-}
-
-static int fw_cfg_boot_set(void *opaque, const char *boot_device)
-{
- fw_cfg_add_i16(opaque, FW_CFG_BOOT_DEVICE, boot_device[0]);
- return 0;
-}
-
-static void nvram_init(M48t59State *nvram, uint8_t *macaddr,
- const char *cmdline, const char *boot_devices,
- ram_addr_t RAM_size, uint32_t kernel_size,
- int width, int height, int depth,
- int nvram_machine_id, const char *arch)
-{
- unsigned int i;
- uint32_t start, end;
- uint8_t image[0x1ff0];
- struct OpenBIOS_nvpart_v1 *part_header;
-
- memset(image, '\0', sizeof(image));
-
- start = 0;
-
- // OpenBIOS nvram variables
- // Variable partition
- part_header = (struct OpenBIOS_nvpart_v1 *)&image[start];
- part_header->signature = OPENBIOS_PART_SYSTEM;
- pstrcpy(part_header->name, sizeof(part_header->name), "system");
-
- end = start + sizeof(struct OpenBIOS_nvpart_v1);
- for (i = 0; i < nb_prom_envs; i++)
- end = OpenBIOS_set_var(image, end, prom_envs[i]);
-
- // End marker
- image[end++] = '\0';
-
- end = start + ((end - start + 15) & ~15);
- OpenBIOS_finish_partition(part_header, end - start);
-
- // free partition
- start = end;
- part_header = (struct OpenBIOS_nvpart_v1 *)&image[start];
- part_header->signature = OPENBIOS_PART_FREE;
- pstrcpy(part_header->name, sizeof(part_header->name), "free");
-
- end = 0x1fd0;
- OpenBIOS_finish_partition(part_header, end - start);
-
- Sun_init_header((struct Sun_nvram *)&image[0x1fd8], macaddr,
- nvram_machine_id);
-
- for (i = 0; i < sizeof(image); i++)
- m48t59_write(nvram, i, image[i]);
-}
-
-static DeviceState *slavio_intctl;
-
-void sun4m_pic_info(Monitor *mon)
-{
- if (slavio_intctl)
- slavio_pic_info(mon, slavio_intctl);
-}
-
-void sun4m_irq_info(Monitor *mon)
-{
- if (slavio_intctl)
- slavio_irq_info(mon, slavio_intctl);
-}
-
-void cpu_check_irqs(CPUSPARCState *env)
-{
- if (env->pil_in && (env->interrupt_index == 0 ||
- (env->interrupt_index & ~15) == TT_EXTINT)) {
- unsigned int i;
-
- for (i = 15; i > 0; i--) {
- if (env->pil_in & (1 << i)) {
- int old_interrupt = env->interrupt_index;
-
- env->interrupt_index = TT_EXTINT | i;
- if (old_interrupt != env->interrupt_index) {
- trace_sun4m_cpu_interrupt(i);
- cpu_interrupt(env, CPU_INTERRUPT_HARD);
- }
- break;
- }
- }
- } else if (!env->pil_in && (env->interrupt_index & ~15) == TT_EXTINT) {
- trace_sun4m_cpu_reset_interrupt(env->interrupt_index & 15);
- env->interrupt_index = 0;
- cpu_reset_interrupt(env, CPU_INTERRUPT_HARD);
- }
-}
-
-static void cpu_kick_irq(SPARCCPU *cpu)
-{
- CPUSPARCState *env = &cpu->env;
-
- env->halted = 0;
- cpu_check_irqs(env);
- qemu_cpu_kick(CPU(cpu));
-}
-
-static void cpu_set_irq(void *opaque, int irq, int level)
-{
- SPARCCPU *cpu = opaque;
- CPUSPARCState *env = &cpu->env;
-
- if (level) {
- trace_sun4m_cpu_set_irq_raise(irq);
- env->pil_in |= 1 << irq;
- cpu_kick_irq(cpu);
- } else {
- trace_sun4m_cpu_set_irq_lower(irq);
- env->pil_in &= ~(1 << irq);
- cpu_check_irqs(env);
- }
-}
-
-static void dummy_cpu_set_irq(void *opaque, int irq, int level)
-{
-}
-
-static void main_cpu_reset(void *opaque)
-{
- SPARCCPU *cpu = opaque;
- CPUSPARCState *env = &cpu->env;
-
- cpu_reset(CPU(cpu));
- env->halted = 0;
-}
-
-static void secondary_cpu_reset(void *opaque)
-{
- SPARCCPU *cpu = opaque;
- CPUSPARCState *env = &cpu->env;
-
- cpu_reset(CPU(cpu));
- env->halted = 1;
-}
-
-static void cpu_halt_signal(void *opaque, int irq, int level)
-{
- if (level && cpu_single_env)
- cpu_interrupt(cpu_single_env, CPU_INTERRUPT_HALT);
-}
-
-static uint64_t translate_kernel_address(void *opaque, uint64_t addr)
-{
- return addr - 0xf0000000ULL;
-}
-
-static unsigned long sun4m_load_kernel(const char *kernel_filename,
- const char *initrd_filename,
- ram_addr_t RAM_size)
-{
- int linux_boot;
- unsigned int i;
- long initrd_size, kernel_size;
- uint8_t *ptr;
-
- linux_boot = (kernel_filename != NULL);
-
- kernel_size = 0;
- if (linux_boot) {
- int bswap_needed;
-
-#ifdef BSWAP_NEEDED
- bswap_needed = 1;
-#else
- bswap_needed = 0;
-#endif
- kernel_size = load_elf(kernel_filename, translate_kernel_address, NULL,
- NULL, NULL, NULL, 1, ELF_MACHINE, 0);
- if (kernel_size < 0)
- kernel_size = load_aout(kernel_filename, KERNEL_LOAD_ADDR,
- RAM_size - KERNEL_LOAD_ADDR, bswap_needed,
- TARGET_PAGE_SIZE);
- if (kernel_size < 0)
- kernel_size = load_image_targphys(kernel_filename,
- KERNEL_LOAD_ADDR,
- RAM_size - KERNEL_LOAD_ADDR);
- if (kernel_size < 0) {
- fprintf(stderr, "qemu: could not load kernel '%s'\n",
- kernel_filename);
- exit(1);
- }
-
- /* load initrd */
- initrd_size = 0;
- if (initrd_filename) {
- initrd_size = load_image_targphys(initrd_filename,
- INITRD_LOAD_ADDR,
- RAM_size - INITRD_LOAD_ADDR);
- if (initrd_size < 0) {
- fprintf(stderr, "qemu: could not load initial ram disk '%s'\n",
- initrd_filename);
- exit(1);
- }
- }
- if (initrd_size > 0) {
- for (i = 0; i < 64 * TARGET_PAGE_SIZE; i += TARGET_PAGE_SIZE) {
- ptr = rom_ptr(KERNEL_LOAD_ADDR + i);
- if (ldl_p(ptr) == 0x48647253) { // HdrS
- stl_p(ptr + 16, INITRD_LOAD_ADDR);
- stl_p(ptr + 20, initrd_size);
- break;
- }
- }
- }
- }
- return kernel_size;
-}
-
-static void *iommu_init(hwaddr addr, uint32_t version, qemu_irq irq)
-{
- DeviceState *dev;
- SysBusDevice *s;
-
- dev = qdev_create(NULL, "iommu");
- qdev_prop_set_uint32(dev, "version", version);
- qdev_init_nofail(dev);
- s = sysbus_from_qdev(dev);
- sysbus_connect_irq(s, 0, irq);
- sysbus_mmio_map(s, 0, addr);
-
- return s;
-}
-
-static void *sparc32_dma_init(hwaddr daddr, qemu_irq parent_irq,
- void *iommu, qemu_irq *dev_irq, int is_ledma)
-{
- DeviceState *dev;
- SysBusDevice *s;
-
- dev = qdev_create(NULL, "sparc32_dma");
- qdev_prop_set_ptr(dev, "iommu_opaque", iommu);
- qdev_prop_set_uint32(dev, "is_ledma", is_ledma);
- qdev_init_nofail(dev);
- s = sysbus_from_qdev(dev);
- sysbus_connect_irq(s, 0, parent_irq);
- *dev_irq = qdev_get_gpio_in(dev, 0);
- sysbus_mmio_map(s, 0, daddr);
-
- return s;
-}
-
-static void lance_init(NICInfo *nd, hwaddr leaddr,
- void *dma_opaque, qemu_irq irq)
-{
- DeviceState *dev;
- SysBusDevice *s;
- qemu_irq reset;
-
- qemu_check_nic_model(&nd_table[0], "lance");
-
- dev = qdev_create(NULL, "lance");
- qdev_set_nic_properties(dev, nd);
- qdev_prop_set_ptr(dev, "dma", dma_opaque);
- qdev_init_nofail(dev);
- s = sysbus_from_qdev(dev);
- sysbus_mmio_map(s, 0, leaddr);
- sysbus_connect_irq(s, 0, irq);
- reset = qdev_get_gpio_in(dev, 0);
- qdev_connect_gpio_out(dma_opaque, 0, reset);
-}
-
-static DeviceState *slavio_intctl_init(hwaddr addr,
- hwaddr addrg,
- qemu_irq **parent_irq)
-{
- DeviceState *dev;
- SysBusDevice *s;
- unsigned int i, j;
-
- dev = qdev_create(NULL, "slavio_intctl");
- qdev_init_nofail(dev);
-
- s = sysbus_from_qdev(dev);
-
- for (i = 0; i < MAX_CPUS; i++) {
- for (j = 0; j < MAX_PILS; j++) {
- sysbus_connect_irq(s, i * MAX_PILS + j, parent_irq[i][j]);
- }
- }
- sysbus_mmio_map(s, 0, addrg);
- for (i = 0; i < MAX_CPUS; i++) {
- sysbus_mmio_map(s, i + 1, addr + i * TARGET_PAGE_SIZE);
- }
-
- return dev;
-}
-
-#define SYS_TIMER_OFFSET 0x10000ULL
-#define CPU_TIMER_OFFSET(cpu) (0x1000ULL * cpu)
-
-static void slavio_timer_init_all(hwaddr addr, qemu_irq master_irq,
- qemu_irq *cpu_irqs, unsigned int num_cpus)
-{
- DeviceState *dev;
- SysBusDevice *s;
- unsigned int i;
-
- dev = qdev_create(NULL, "slavio_timer");
- qdev_prop_set_uint32(dev, "num_cpus", num_cpus);
- qdev_init_nofail(dev);
- s = sysbus_from_qdev(dev);
- sysbus_connect_irq(s, 0, master_irq);
- sysbus_mmio_map(s, 0, addr + SYS_TIMER_OFFSET);
-
- for (i = 0; i < MAX_CPUS; i++) {
- sysbus_mmio_map(s, i + 1, addr + (hwaddr)CPU_TIMER_OFFSET(i));
- sysbus_connect_irq(s, i + 1, cpu_irqs[i]);
- }
-}
-
-static qemu_irq slavio_system_powerdown;
-
-static void slavio_powerdown_req(Notifier *n, void *opaque)
-{
- qemu_irq_raise(slavio_system_powerdown);
-}
-
-static Notifier slavio_system_powerdown_notifier = {
- .notify = slavio_powerdown_req
-};
-
-#define MISC_LEDS 0x01600000
-#define MISC_CFG 0x01800000
-#define MISC_DIAG 0x01a00000
-#define MISC_MDM 0x01b00000
-#define MISC_SYS 0x01f00000
-
-static void slavio_misc_init(hwaddr base,
- hwaddr aux1_base,
- hwaddr aux2_base, qemu_irq irq,
- qemu_irq fdc_tc)
-{
- DeviceState *dev;
- SysBusDevice *s;
-
- dev = qdev_create(NULL, "slavio_misc");
- qdev_init_nofail(dev);
- s = sysbus_from_qdev(dev);
- if (base) {
- /* 8 bit registers */
- /* Slavio control */
- sysbus_mmio_map(s, 0, base + MISC_CFG);
- /* Diagnostics */
- sysbus_mmio_map(s, 1, base + MISC_DIAG);
- /* Modem control */
- sysbus_mmio_map(s, 2, base + MISC_MDM);
- /* 16 bit registers */
- /* ss600mp diag LEDs */
- sysbus_mmio_map(s, 3, base + MISC_LEDS);
- /* 32 bit registers */
- /* System control */
- sysbus_mmio_map(s, 4, base + MISC_SYS);
- }
- if (aux1_base) {
- /* AUX 1 (Misc System Functions) */
- sysbus_mmio_map(s, 5, aux1_base);
- }
- if (aux2_base) {
- /* AUX 2 (Software Powerdown Control) */
- sysbus_mmio_map(s, 6, aux2_base);
- }
- sysbus_connect_irq(s, 0, irq);
- sysbus_connect_irq(s, 1, fdc_tc);
- slavio_system_powerdown = qdev_get_gpio_in(dev, 0);
- qemu_register_powerdown_notifier(&slavio_system_powerdown_notifier);
-}
-
-static void ecc_init(hwaddr base, qemu_irq irq, uint32_t version)
-{
- DeviceState *dev;
- SysBusDevice *s;
-
- dev = qdev_create(NULL, "eccmemctl");
- qdev_prop_set_uint32(dev, "version", version);
- qdev_init_nofail(dev);
- s = sysbus_from_qdev(dev);
- sysbus_connect_irq(s, 0, irq);
- sysbus_mmio_map(s, 0, base);
- if (version == 0) { // SS-600MP only
- sysbus_mmio_map(s, 1, base + 0x1000);
- }
-}
-
-static void apc_init(hwaddr power_base, qemu_irq cpu_halt)
-{
- DeviceState *dev;
- SysBusDevice *s;
-
- dev = qdev_create(NULL, "apc");
- qdev_init_nofail(dev);
- s = sysbus_from_qdev(dev);
- /* Power management (APC) XXX: not a Slavio device */
- sysbus_mmio_map(s, 0, power_base);
- sysbus_connect_irq(s, 0, cpu_halt);
-}
-
-static void tcx_init(hwaddr addr, int vram_size, int width,
- int height, int depth)
-{
- DeviceState *dev;
- SysBusDevice *s;
-
- dev = qdev_create(NULL, "SUNW,tcx");
- qdev_prop_set_taddr(dev, "addr", addr);
- qdev_prop_set_uint32(dev, "vram_size", vram_size);
- qdev_prop_set_uint16(dev, "width", width);
- qdev_prop_set_uint16(dev, "height", height);
- qdev_prop_set_uint16(dev, "depth", depth);
- qdev_init_nofail(dev);
- s = sysbus_from_qdev(dev);
- /* 8-bit plane */
- sysbus_mmio_map(s, 0, addr + 0x00800000ULL);
- /* DAC */
- sysbus_mmio_map(s, 1, addr + 0x00200000ULL);
- /* TEC (dummy) */
- sysbus_mmio_map(s, 2, addr + 0x00700000ULL);
- /* THC 24 bit: NetBSD writes here even with 8-bit display: dummy */
- sysbus_mmio_map(s, 3, addr + 0x00301000ULL);
- if (depth == 24) {
- /* 24-bit plane */
- sysbus_mmio_map(s, 4, addr + 0x02000000ULL);
- /* Control plane */
- sysbus_mmio_map(s, 5, addr + 0x0a000000ULL);
- } else {
- /* THC 8 bit (dummy) */
- sysbus_mmio_map(s, 4, addr + 0x00300000ULL);
- }
-}
-
-/* NCR89C100/MACIO Internal ID register */
-static const uint8_t idreg_data[] = { 0xfe, 0x81, 0x01, 0x03 };
-
-static void idreg_init(hwaddr addr)
-{
- DeviceState *dev;
- SysBusDevice *s;
-
- dev = qdev_create(NULL, "macio_idreg");
- qdev_init_nofail(dev);
- s = sysbus_from_qdev(dev);
-
- sysbus_mmio_map(s, 0, addr);
- cpu_physical_memory_write_rom(addr, idreg_data, sizeof(idreg_data));
-}
-
-typedef struct IDRegState {
- SysBusDevice busdev;
- MemoryRegion mem;
-} IDRegState;
-
-static int idreg_init1(SysBusDevice *dev)
-{
- IDRegState *s = FROM_SYSBUS(IDRegState, dev);
-
- memory_region_init_ram(&s->mem, "sun4m.idreg", sizeof(idreg_data));
- vmstate_register_ram_global(&s->mem);
- memory_region_set_readonly(&s->mem, true);
- sysbus_init_mmio(dev, &s->mem);
- return 0;
-}
-
-static void idreg_class_init(ObjectClass *klass, void *data)
-{
- SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
-
- k->init = idreg_init1;
-}
-
-static TypeInfo idreg_info = {
- .name = "macio_idreg",
- .parent = TYPE_SYS_BUS_DEVICE,
- .instance_size = sizeof(IDRegState),
- .class_init = idreg_class_init,
-};
-
-typedef struct AFXState {
- SysBusDevice busdev;
- MemoryRegion mem;
-} AFXState;
-
-/* SS-5 TCX AFX register */
-static void afx_init(hwaddr addr)
-{
- DeviceState *dev;
- SysBusDevice *s;
-
- dev = qdev_create(NULL, "tcx_afx");
- qdev_init_nofail(dev);
- s = sysbus_from_qdev(dev);
-
- sysbus_mmio_map(s, 0, addr);
-}
-
-static int afx_init1(SysBusDevice *dev)
-{
- AFXState *s = FROM_SYSBUS(AFXState, dev);
-
- memory_region_init_ram(&s->mem, "sun4m.afx", 4);
- vmstate_register_ram_global(&s->mem);
- sysbus_init_mmio(dev, &s->mem);
- return 0;
-}
-
-static void afx_class_init(ObjectClass *klass, void *data)
-{
- SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
-
- k->init = afx_init1;
-}
-
-static TypeInfo afx_info = {
- .name = "tcx_afx",
- .parent = TYPE_SYS_BUS_DEVICE,
- .instance_size = sizeof(AFXState),
- .class_init = afx_class_init,
-};
-
-typedef struct PROMState {
- SysBusDevice busdev;
- MemoryRegion prom;
-} PROMState;
-
-/* Boot PROM (OpenBIOS) */
-static uint64_t translate_prom_address(void *opaque, uint64_t addr)
-{
- hwaddr *base_addr = (hwaddr *)opaque;
- return addr + *base_addr - PROM_VADDR;
-}
-
-static void prom_init(hwaddr addr, const char *bios_name)
-{
- DeviceState *dev;
- SysBusDevice *s;
- char *filename;
- int ret;
-
- dev = qdev_create(NULL, "openprom");
- qdev_init_nofail(dev);
- s = sysbus_from_qdev(dev);
-
- sysbus_mmio_map(s, 0, addr);
-
- /* load boot prom */
- if (bios_name == NULL) {
- bios_name = PROM_FILENAME;
- }
- filename = qemu_find_file(QEMU_FILE_TYPE_BIOS, bios_name);
- if (filename) {
- ret = load_elf(filename, translate_prom_address, &addr, NULL,
- NULL, NULL, 1, ELF_MACHINE, 0);
- if (ret < 0 || ret > PROM_SIZE_MAX) {
- ret = load_image_targphys(filename, addr, PROM_SIZE_MAX);
- }
- g_free(filename);
- } else {
- ret = -1;
- }
- if (ret < 0 || ret > PROM_SIZE_MAX) {
- fprintf(stderr, "qemu: could not load prom '%s'\n", bios_name);
- exit(1);
- }
-}
-
-static int prom_init1(SysBusDevice *dev)
-{
- PROMState *s = FROM_SYSBUS(PROMState, dev);
-
- memory_region_init_ram(&s->prom, "sun4m.prom", PROM_SIZE_MAX);
- vmstate_register_ram_global(&s->prom);
- memory_region_set_readonly(&s->prom, true);
- sysbus_init_mmio(dev, &s->prom);
- return 0;
-}
-
-static Property prom_properties[] = {
- {/* end of property list */},
-};
-
-static void prom_class_init(ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS(klass);
- SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
-
- k->init = prom_init1;
- dc->props = prom_properties;
-}
-
-static TypeInfo prom_info = {
- .name = "openprom",
- .parent = TYPE_SYS_BUS_DEVICE,
- .instance_size = sizeof(PROMState),
- .class_init = prom_class_init,
-};
-
-typedef struct RamDevice
-{
- SysBusDevice busdev;
- MemoryRegion ram;
- uint64_t size;
-} RamDevice;
-
-/* System RAM */
-static int ram_init1(SysBusDevice *dev)
-{
- RamDevice *d = FROM_SYSBUS(RamDevice, dev);
-
- memory_region_init_ram(&d->ram, "sun4m.ram", d->size);
- vmstate_register_ram_global(&d->ram);
- sysbus_init_mmio(dev, &d->ram);
- return 0;
-}
-
-static void ram_init(hwaddr addr, ram_addr_t RAM_size,
- uint64_t max_mem)
-{
- DeviceState *dev;
- SysBusDevice *s;
- RamDevice *d;
-
- /* allocate RAM */
- if ((uint64_t)RAM_size > max_mem) {
- fprintf(stderr,
- "qemu: Too much memory for this machine: %d, maximum %d\n",
- (unsigned int)(RAM_size / (1024 * 1024)),
- (unsigned int)(max_mem / (1024 * 1024)));
- exit(1);
- }
- dev = qdev_create(NULL, "memory");
- s = sysbus_from_qdev(dev);
-
- d = FROM_SYSBUS(RamDevice, s);
- d->size = RAM_size;
- qdev_init_nofail(dev);
-
- sysbus_mmio_map(s, 0, addr);
-}
-
-static Property ram_properties[] = {
- DEFINE_PROP_UINT64("size", RamDevice, size, 0),
- DEFINE_PROP_END_OF_LIST(),
-};
-
-static void ram_class_init(ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS(klass);
- SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
-
- k->init = ram_init1;
- dc->props = ram_properties;
-}
-
-static TypeInfo ram_info = {
- .name = "memory",
- .parent = TYPE_SYS_BUS_DEVICE,
- .instance_size = sizeof(RamDevice),
- .class_init = ram_class_init,
-};
-
-static void cpu_devinit(const char *cpu_model, unsigned int id,
- uint64_t prom_addr, qemu_irq **cpu_irqs)
-{
- SPARCCPU *cpu;
- CPUSPARCState *env;
-
- cpu = cpu_sparc_init(cpu_model);
- if (cpu == NULL) {
- fprintf(stderr, "qemu: Unable to find Sparc CPU definition\n");
- exit(1);
- }
- env = &cpu->env;
-
- cpu_sparc_set_id(env, id);
- if (id == 0) {
- qemu_register_reset(main_cpu_reset, cpu);
- } else {
- qemu_register_reset(secondary_cpu_reset, cpu);
- env->halted = 1;
- }
- *cpu_irqs = qemu_allocate_irqs(cpu_set_irq, cpu, MAX_PILS);
- env->prom_addr = prom_addr;
-}
-
-static void dummy_fdc_tc(void *opaque, int irq, int level)
-{
-}
-
-static void sun4m_hw_init(const struct sun4m_hwdef *hwdef, ram_addr_t RAM_size,
- const char *boot_device,
- const char *kernel_filename,
- const char *kernel_cmdline,
- const char *initrd_filename, const char *cpu_model)
-{
- unsigned int i;
- void *iommu, *espdma, *ledma, *nvram;
- qemu_irq *cpu_irqs[MAX_CPUS], slavio_irq[32], slavio_cpu_irq[MAX_CPUS],
- espdma_irq, ledma_irq;
- qemu_irq esp_reset, dma_enable;
- qemu_irq fdc_tc;
- qemu_irq *cpu_halt;
- unsigned long kernel_size;
- DriveInfo *fd[MAX_FD];
- void *fw_cfg;
- unsigned int num_vsimms;
-
- /* init CPUs */
- if (!cpu_model)
- cpu_model = hwdef->default_cpu_model;
-
- for(i = 0; i < smp_cpus; i++) {
- cpu_devinit(cpu_model, i, hwdef->slavio_base, &cpu_irqs[i]);
- }
-
- for (i = smp_cpus; i < MAX_CPUS; i++)
- cpu_irqs[i] = qemu_allocate_irqs(dummy_cpu_set_irq, NULL, MAX_PILS);
-
-
- /* set up devices */
- ram_init(0, RAM_size, hwdef->max_mem);
- /* models without ECC don't trap when missing ram is accessed */
- if (!hwdef->ecc_base) {
- empty_slot_init(RAM_size, hwdef->max_mem - RAM_size);
- }
-
- prom_init(hwdef->slavio_base, bios_name);
-
- slavio_intctl = slavio_intctl_init(hwdef->intctl_base,
- hwdef->intctl_base + 0x10000ULL,
- cpu_irqs);
-
- for (i = 0; i < 32; i++) {
- slavio_irq[i] = qdev_get_gpio_in(slavio_intctl, i);
- }
- for (i = 0; i < MAX_CPUS; i++) {
- slavio_cpu_irq[i] = qdev_get_gpio_in(slavio_intctl, 32 + i);
- }
-
- if (hwdef->idreg_base) {
- idreg_init(hwdef->idreg_base);
- }
-
- if (hwdef->afx_base) {
- afx_init(hwdef->afx_base);
- }
-
- iommu = iommu_init(hwdef->iommu_base, hwdef->iommu_version,
- slavio_irq[30]);
-
- if (hwdef->iommu_pad_base) {
- /* On the real hardware (SS-5, LX) the MMU is not padded, but aliased.
- Software shouldn't use aliased addresses, neither should it crash
- when does. Using empty_slot instead of aliasing can help with
- debugging such accesses */
- empty_slot_init(hwdef->iommu_pad_base,hwdef->iommu_pad_len);
- }
-
- espdma = sparc32_dma_init(hwdef->dma_base, slavio_irq[18],
- iommu, &espdma_irq, 0);
-
- ledma = sparc32_dma_init(hwdef->dma_base + 16ULL,
- slavio_irq[16], iommu, &ledma_irq, 1);
-
- if (graphic_depth != 8 && graphic_depth != 24) {
- fprintf(stderr, "qemu: Unsupported depth: %d\n", graphic_depth);
- exit (1);
- }
- num_vsimms = 0;
- if (num_vsimms == 0) {
- tcx_init(hwdef->tcx_base, 0x00100000, graphic_width, graphic_height,
- graphic_depth);
- }
-
- for (i = num_vsimms; i < MAX_VSIMMS; i++) {
- /* vsimm registers probed by OBP */
- if (hwdef->vsimm[i].reg_base) {
- empty_slot_init(hwdef->vsimm[i].reg_base, 0x2000);
- }
- }
-
- if (hwdef->sx_base) {
- empty_slot_init(hwdef->sx_base, 0x2000);
- }
-
- lance_init(&nd_table[0], hwdef->le_base, ledma, ledma_irq);
-
- nvram = m48t59_init(slavio_irq[0], hwdef->nvram_base, 0, 0x2000, 8);
-
- slavio_timer_init_all(hwdef->counter_base, slavio_irq[19], slavio_cpu_irq, smp_cpus);
-
- slavio_serial_ms_kbd_init(hwdef->ms_kb_base, slavio_irq[14],
- display_type == DT_NOGRAPHIC, ESCC_CLOCK, 1);
- /* Slavio TTYA (base+4, Linux ttyS0) is the first QEMU serial device
- Slavio TTYB (base+0, Linux ttyS1) is the second QEMU serial device */
- escc_init(hwdef->serial_base, slavio_irq[15], slavio_irq[15],
- serial_hds[0], serial_hds[1], ESCC_CLOCK, 1);
-
- cpu_halt = qemu_allocate_irqs(cpu_halt_signal, NULL, 1);
- if (hwdef->apc_base) {
- apc_init(hwdef->apc_base, cpu_halt[0]);
- }
-
- if (hwdef->fd_base) {
- /* there is zero or one floppy drive */
- memset(fd, 0, sizeof(fd));
- fd[0] = drive_get(IF_FLOPPY, 0, 0);
- sun4m_fdctrl_init(slavio_irq[22], hwdef->fd_base, fd,
- &fdc_tc);
- } else {
- fdc_tc = *qemu_allocate_irqs(dummy_fdc_tc, NULL, 1);
- }
-
- slavio_misc_init(hwdef->slavio_base, hwdef->aux1_base, hwdef->aux2_base,
- slavio_irq[30], fdc_tc);
-
- if (drive_get_max_bus(IF_SCSI) > 0) {
- fprintf(stderr, "qemu: too many SCSI bus\n");
- exit(1);
- }
-
- esp_init(hwdef->esp_base, 2,
- espdma_memory_read, espdma_memory_write,
- espdma, espdma_irq, &esp_reset, &dma_enable);
-
- qdev_connect_gpio_out(espdma, 0, esp_reset);
- qdev_connect_gpio_out(espdma, 1, dma_enable);
-
- if (hwdef->cs_base) {
- sysbus_create_simple("SUNW,CS4231", hwdef->cs_base,
- slavio_irq[5]);
- }
-
- if (hwdef->dbri_base) {
- /* ISDN chip with attached CS4215 audio codec */
- /* prom space */
- empty_slot_init(hwdef->dbri_base+0x1000, 0x30);
- /* reg space */
- empty_slot_init(hwdef->dbri_base+0x10000, 0x100);
- }
-
- if (hwdef->bpp_base) {
- /* parallel port */
- empty_slot_init(hwdef->bpp_base, 0x20);
- }
-
- kernel_size = sun4m_load_kernel(kernel_filename, initrd_filename,
- RAM_size);
-
- nvram_init(nvram, (uint8_t *)&nd_table[0].macaddr, kernel_cmdline,
- boot_device, RAM_size, kernel_size, graphic_width,
- graphic_height, graphic_depth, hwdef->nvram_machine_id,
- "Sun4m");
-
- if (hwdef->ecc_base)
- ecc_init(hwdef->ecc_base, slavio_irq[28],
- hwdef->ecc_version);
-
- fw_cfg = fw_cfg_init(0, 0, CFG_ADDR, CFG_ADDR + 2);
- fw_cfg_add_i32(fw_cfg, FW_CFG_ID, 1);
- fw_cfg_add_i64(fw_cfg, FW_CFG_RAM_SIZE, (uint64_t)ram_size);
- fw_cfg_add_i16(fw_cfg, FW_CFG_MACHINE_ID, hwdef->machine_id);
- fw_cfg_add_i16(fw_cfg, FW_CFG_SUN4M_DEPTH, graphic_depth);
- fw_cfg_add_i32(fw_cfg, FW_CFG_KERNEL_ADDR, KERNEL_LOAD_ADDR);
- fw_cfg_add_i32(fw_cfg, FW_CFG_KERNEL_SIZE, kernel_size);
- if (kernel_cmdline) {
- fw_cfg_add_i32(fw_cfg, FW_CFG_KERNEL_CMDLINE, CMDLINE_ADDR);
- pstrcpy_targphys("cmdline", CMDLINE_ADDR, TARGET_PAGE_SIZE, kernel_cmdline);
- fw_cfg_add_bytes(fw_cfg, FW_CFG_CMDLINE_DATA,
- (uint8_t*)strdup(kernel_cmdline),
- strlen(kernel_cmdline) + 1);
- fw_cfg_add_i32(fw_cfg, FW_CFG_CMDLINE_SIZE,
- strlen(kernel_cmdline) + 1);
- } else {
- fw_cfg_add_i32(fw_cfg, FW_CFG_KERNEL_CMDLINE, 0);
- fw_cfg_add_i32(fw_cfg, FW_CFG_CMDLINE_SIZE, 0);
- }
- fw_cfg_add_i32(fw_cfg, FW_CFG_INITRD_ADDR, INITRD_LOAD_ADDR);
- fw_cfg_add_i32(fw_cfg, FW_CFG_INITRD_SIZE, 0); // not used
- fw_cfg_add_i16(fw_cfg, FW_CFG_BOOT_DEVICE, boot_device[0]);
- qemu_register_boot_set(fw_cfg_boot_set, fw_cfg);
-}
-
-enum {
- ss2_id = 0,
- ss5_id = 32,
- vger_id,
- lx_id,
- ss4_id,
- scls_id,
- sbook_id,
- ss10_id = 64,
- ss20_id,
- ss600mp_id,
- ss1000_id = 96,
- ss2000_id,
-};
-
-static const struct sun4m_hwdef sun4m_hwdefs[] = {
- /* SS-5 */
- {
- .iommu_base = 0x10000000,
- .iommu_pad_base = 0x10004000,
- .iommu_pad_len = 0x0fffb000,
- .tcx_base = 0x50000000,
- .cs_base = 0x6c000000,
- .slavio_base = 0x70000000,
- .ms_kb_base = 0x71000000,
- .serial_base = 0x71100000,
- .nvram_base = 0x71200000,
- .fd_base = 0x71400000,
- .counter_base = 0x71d00000,
- .intctl_base = 0x71e00000,
- .idreg_base = 0x78000000,
- .dma_base = 0x78400000,
- .esp_base = 0x78800000,
- .le_base = 0x78c00000,
- .apc_base = 0x6a000000,
- .afx_base = 0x6e000000,
- .aux1_base = 0x71900000,
- .aux2_base = 0x71910000,
- .nvram_machine_id = 0x80,
- .machine_id = ss5_id,
- .iommu_version = 0x05000000,
- .max_mem = 0x10000000,
- .default_cpu_model = "Fujitsu MB86904",
- },
- /* SS-10 */
- {
- .iommu_base = 0xfe0000000ULL,
- .tcx_base = 0xe20000000ULL,
- .slavio_base = 0xff0000000ULL,
- .ms_kb_base = 0xff1000000ULL,
- .serial_base = 0xff1100000ULL,
- .nvram_base = 0xff1200000ULL,
- .fd_base = 0xff1700000ULL,
- .counter_base = 0xff1300000ULL,
- .intctl_base = 0xff1400000ULL,
- .idreg_base = 0xef0000000ULL,
- .dma_base = 0xef0400000ULL,
- .esp_base = 0xef0800000ULL,
- .le_base = 0xef0c00000ULL,
- .apc_base = 0xefa000000ULL, // XXX should not exist
- .aux1_base = 0xff1800000ULL,
- .aux2_base = 0xff1a01000ULL,
- .ecc_base = 0xf00000000ULL,
- .ecc_version = 0x10000000, // version 0, implementation 1
- .nvram_machine_id = 0x72,
- .machine_id = ss10_id,
- .iommu_version = 0x03000000,
- .max_mem = 0xf00000000ULL,
- .default_cpu_model = "TI SuperSparc II",
- },
- /* SS-600MP */
- {
- .iommu_base = 0xfe0000000ULL,
- .tcx_base = 0xe20000000ULL,
- .slavio_base = 0xff0000000ULL,
- .ms_kb_base = 0xff1000000ULL,
- .serial_base = 0xff1100000ULL,
- .nvram_base = 0xff1200000ULL,
- .counter_base = 0xff1300000ULL,
- .intctl_base = 0xff1400000ULL,
- .dma_base = 0xef0081000ULL,
- .esp_base = 0xef0080000ULL,
- .le_base = 0xef0060000ULL,
- .apc_base = 0xefa000000ULL, // XXX should not exist
- .aux1_base = 0xff1800000ULL,
- .aux2_base = 0xff1a01000ULL, // XXX should not exist
- .ecc_base = 0xf00000000ULL,
- .ecc_version = 0x00000000, // version 0, implementation 0
- .nvram_machine_id = 0x71,
- .machine_id = ss600mp_id,
- .iommu_version = 0x01000000,
- .max_mem = 0xf00000000ULL,
- .default_cpu_model = "TI SuperSparc II",
- },
- /* SS-20 */
- {
- .iommu_base = 0xfe0000000ULL,
- .tcx_base = 0xe20000000ULL,
- .slavio_base = 0xff0000000ULL,
- .ms_kb_base = 0xff1000000ULL,
- .serial_base = 0xff1100000ULL,
- .nvram_base = 0xff1200000ULL,
- .fd_base = 0xff1700000ULL,
- .counter_base = 0xff1300000ULL,
- .intctl_base = 0xff1400000ULL,
- .idreg_base = 0xef0000000ULL,
- .dma_base = 0xef0400000ULL,
- .esp_base = 0xef0800000ULL,
- .le_base = 0xef0c00000ULL,
- .bpp_base = 0xef4800000ULL,
- .apc_base = 0xefa000000ULL, // XXX should not exist
- .aux1_base = 0xff1800000ULL,
- .aux2_base = 0xff1a01000ULL,
- .dbri_base = 0xee0000000ULL,
- .sx_base = 0xf80000000ULL,
- .vsimm = {
- {
- .reg_base = 0x9c000000ULL,
- .vram_base = 0xfc000000ULL
- }, {
- .reg_base = 0x90000000ULL,
- .vram_base = 0xf0000000ULL
- }, {
- .reg_base = 0x94000000ULL
- }, {
- .reg_base = 0x98000000ULL
- }
- },
- .ecc_base = 0xf00000000ULL,
- .ecc_version = 0x20000000, // version 0, implementation 2
- .nvram_machine_id = 0x72,
- .machine_id = ss20_id,
- .iommu_version = 0x13000000,
- .max_mem = 0xf00000000ULL,
- .default_cpu_model = "TI SuperSparc II",
- },
- /* Voyager */
- {
- .iommu_base = 0x10000000,
- .tcx_base = 0x50000000,
- .slavio_base = 0x70000000,
- .ms_kb_base = 0x71000000,
- .serial_base = 0x71100000,
- .nvram_base = 0x71200000,
- .fd_base = 0x71400000,
- .counter_base = 0x71d00000,
- .intctl_base = 0x71e00000,
- .idreg_base = 0x78000000,
- .dma_base = 0x78400000,
- .esp_base = 0x78800000,
- .le_base = 0x78c00000,
- .apc_base = 0x71300000, // pmc
- .aux1_base = 0x71900000,
- .aux2_base = 0x71910000,
- .nvram_machine_id = 0x80,
- .machine_id = vger_id,
- .iommu_version = 0x05000000,
- .max_mem = 0x10000000,
- .default_cpu_model = "Fujitsu MB86904",
- },
- /* LX */
- {
- .iommu_base = 0x10000000,
- .iommu_pad_base = 0x10004000,
- .iommu_pad_len = 0x0fffb000,
- .tcx_base = 0x50000000,
- .slavio_base = 0x70000000,
- .ms_kb_base = 0x71000000,
- .serial_base = 0x71100000,
- .nvram_base = 0x71200000,
- .fd_base = 0x71400000,
- .counter_base = 0x71d00000,
- .intctl_base = 0x71e00000,
- .idreg_base = 0x78000000,
- .dma_base = 0x78400000,
- .esp_base = 0x78800000,
- .le_base = 0x78c00000,
- .aux1_base = 0x71900000,
- .aux2_base = 0x71910000,
- .nvram_machine_id = 0x80,
- .machine_id = lx_id,
- .iommu_version = 0x04000000,
- .max_mem = 0x10000000,
- .default_cpu_model = "TI MicroSparc I",
- },
- /* SS-4 */
- {
- .iommu_base = 0x10000000,
- .tcx_base = 0x50000000,
- .cs_base = 0x6c000000,
- .slavio_base = 0x70000000,
- .ms_kb_base = 0x71000000,
- .serial_base = 0x71100000,
- .nvram_base = 0x71200000,
- .fd_base = 0x71400000,
- .counter_base = 0x71d00000,
- .intctl_base = 0x71e00000,
- .idreg_base = 0x78000000,
- .dma_base = 0x78400000,
- .esp_base = 0x78800000,
- .le_base = 0x78c00000,
- .apc_base = 0x6a000000,
- .aux1_base = 0x71900000,
- .aux2_base = 0x71910000,
- .nvram_machine_id = 0x80,
- .machine_id = ss4_id,
- .iommu_version = 0x05000000,
- .max_mem = 0x10000000,
- .default_cpu_model = "Fujitsu MB86904",
- },
- /* SPARCClassic */
- {
- .iommu_base = 0x10000000,
- .tcx_base = 0x50000000,
- .slavio_base = 0x70000000,
- .ms_kb_base = 0x71000000,
- .serial_base = 0x71100000,
- .nvram_base = 0x71200000,
- .fd_base = 0x71400000,
- .counter_base = 0x71d00000,
- .intctl_base = 0x71e00000,
- .idreg_base = 0x78000000,
- .dma_base = 0x78400000,
- .esp_base = 0x78800000,
- .le_base = 0x78c00000,
- .apc_base = 0x6a000000,
- .aux1_base = 0x71900000,
- .aux2_base = 0x71910000,
- .nvram_machine_id = 0x80,
- .machine_id = scls_id,
- .iommu_version = 0x05000000,
- .max_mem = 0x10000000,
- .default_cpu_model = "TI MicroSparc I",
- },
- /* SPARCbook */
- {
- .iommu_base = 0x10000000,
- .tcx_base = 0x50000000, // XXX
- .slavio_base = 0x70000000,
- .ms_kb_base = 0x71000000,
- .serial_base = 0x71100000,
- .nvram_base = 0x71200000,
- .fd_base = 0x71400000,
- .counter_base = 0x71d00000,
- .intctl_base = 0x71e00000,
- .idreg_base = 0x78000000,
- .dma_base = 0x78400000,
- .esp_base = 0x78800000,
- .le_base = 0x78c00000,
- .apc_base = 0x6a000000,
- .aux1_base = 0x71900000,
- .aux2_base = 0x71910000,
- .nvram_machine_id = 0x80,
- .machine_id = sbook_id,
- .iommu_version = 0x05000000,
- .max_mem = 0x10000000,
- .default_cpu_model = "TI MicroSparc I",
- },
-};
-
-/* SPARCstation 5 hardware initialisation */
-static void ss5_init(QEMUMachineInitArgs *args)
-{
- ram_addr_t RAM_size = args->ram_size;
- const char *cpu_model = args->cpu_model;
- const char *kernel_filename = args->kernel_filename;
- const char *kernel_cmdline = args->kernel_cmdline;
- const char *initrd_filename = args->initrd_filename;
- const char *boot_device = args->boot_device;
- sun4m_hw_init(&sun4m_hwdefs[0], RAM_size, boot_device, kernel_filename,
- kernel_cmdline, initrd_filename, cpu_model);
-}
-
-/* SPARCstation 10 hardware initialisation */
-static void ss10_init(QEMUMachineInitArgs *args)
-{
- ram_addr_t RAM_size = args->ram_size;
- const char *cpu_model = args->cpu_model;
- const char *kernel_filename = args->kernel_filename;
- const char *kernel_cmdline = args->kernel_cmdline;
- const char *initrd_filename = args->initrd_filename;
- const char *boot_device = args->boot_device;
- sun4m_hw_init(&sun4m_hwdefs[1], RAM_size, boot_device, kernel_filename,
- kernel_cmdline, initrd_filename, cpu_model);
-}
-
-/* SPARCserver 600MP hardware initialisation */
-static void ss600mp_init(QEMUMachineInitArgs *args)
-{
- ram_addr_t RAM_size = args->ram_size;
- const char *cpu_model = args->cpu_model;
- const char *kernel_filename = args->kernel_filename;
- const char *kernel_cmdline = args->kernel_cmdline;
- const char *initrd_filename = args->initrd_filename;
- const char *boot_device = args->boot_device;
- sun4m_hw_init(&sun4m_hwdefs[2], RAM_size, boot_device, kernel_filename,
- kernel_cmdline, initrd_filename, cpu_model);
-}
-
-/* SPARCstation 20 hardware initialisation */
-static void ss20_init(QEMUMachineInitArgs *args)
-{
- ram_addr_t RAM_size = args->ram_size;
- const char *cpu_model = args->cpu_model;
- const char *kernel_filename = args->kernel_filename;
- const char *kernel_cmdline = args->kernel_cmdline;
- const char *initrd_filename = args->initrd_filename;
- const char *boot_device = args->boot_device;
- sun4m_hw_init(&sun4m_hwdefs[3], RAM_size, boot_device, kernel_filename,
- kernel_cmdline, initrd_filename, cpu_model);
-}
-
-/* SPARCstation Voyager hardware initialisation */
-static void vger_init(QEMUMachineInitArgs *args)
-{
- ram_addr_t RAM_size = args->ram_size;
- const char *cpu_model = args->cpu_model;
- const char *kernel_filename = args->kernel_filename;
- const char *kernel_cmdline = args->kernel_cmdline;
- const char *initrd_filename = args->initrd_filename;
- const char *boot_device = args->boot_device;
- sun4m_hw_init(&sun4m_hwdefs[4], RAM_size, boot_device, kernel_filename,
- kernel_cmdline, initrd_filename, cpu_model);
-}
-
-/* SPARCstation LX hardware initialisation */
-static void ss_lx_init(QEMUMachineInitArgs *args)
-{
- ram_addr_t RAM_size = args->ram_size;
- const char *cpu_model = args->cpu_model;
- const char *kernel_filename = args->kernel_filename;
- const char *kernel_cmdline = args->kernel_cmdline;
- const char *initrd_filename = args->initrd_filename;
- const char *boot_device = args->boot_device;
- sun4m_hw_init(&sun4m_hwdefs[5], RAM_size, boot_device, kernel_filename,
- kernel_cmdline, initrd_filename, cpu_model);
-}
-
-/* SPARCstation 4 hardware initialisation */
-static void ss4_init(QEMUMachineInitArgs *args)
-{
- ram_addr_t RAM_size = args->ram_size;
- const char *cpu_model = args->cpu_model;
- const char *kernel_filename = args->kernel_filename;
- const char *kernel_cmdline = args->kernel_cmdline;
- const char *initrd_filename = args->initrd_filename;
- const char *boot_device = args->boot_device;
- sun4m_hw_init(&sun4m_hwdefs[6], RAM_size, boot_device, kernel_filename,
- kernel_cmdline, initrd_filename, cpu_model);
-}
-
-/* SPARCClassic hardware initialisation */
-static void scls_init(QEMUMachineInitArgs *args)
-{
- ram_addr_t RAM_size = args->ram_size;
- const char *cpu_model = args->cpu_model;
- const char *kernel_filename = args->kernel_filename;
- const char *kernel_cmdline = args->kernel_cmdline;
- const char *initrd_filename = args->initrd_filename;
- const char *boot_device = args->boot_device;
- sun4m_hw_init(&sun4m_hwdefs[7], RAM_size, boot_device, kernel_filename,
- kernel_cmdline, initrd_filename, cpu_model);
-}
-
-/* SPARCbook hardware initialisation */
-static void sbook_init(QEMUMachineInitArgs *args)
-{
- ram_addr_t RAM_size = args->ram_size;
- const char *cpu_model = args->cpu_model;
- const char *kernel_filename = args->kernel_filename;
- const char *kernel_cmdline = args->kernel_cmdline;
- const char *initrd_filename = args->initrd_filename;
- const char *boot_device = args->boot_device;
- sun4m_hw_init(&sun4m_hwdefs[8], RAM_size, boot_device, kernel_filename,
- kernel_cmdline, initrd_filename, cpu_model);
-}
-
-static QEMUMachine ss5_machine = {
- .name = "SS-5",
- .desc = "Sun4m platform, SPARCstation 5",
- .init = ss5_init,
- .use_scsi = 1,
- .is_default = 1,
-};
-
-static QEMUMachine ss10_machine = {
- .name = "SS-10",
- .desc = "Sun4m platform, SPARCstation 10",
- .init = ss10_init,
- .use_scsi = 1,
- .max_cpus = 4,
-};
-
-static QEMUMachine ss600mp_machine = {
- .name = "SS-600MP",
- .desc = "Sun4m platform, SPARCserver 600MP",
- .init = ss600mp_init,
- .use_scsi = 1,
- .max_cpus = 4,
-};
-
-static QEMUMachine ss20_machine = {
- .name = "SS-20",
- .desc = "Sun4m platform, SPARCstation 20",
- .init = ss20_init,
- .use_scsi = 1,
- .max_cpus = 4,
-};
-
-static QEMUMachine voyager_machine = {
- .name = "Voyager",
- .desc = "Sun4m platform, SPARCstation Voyager",
- .init = vger_init,
- .use_scsi = 1,
-};
-
-static QEMUMachine ss_lx_machine = {
- .name = "LX",
- .desc = "Sun4m platform, SPARCstation LX",
- .init = ss_lx_init,
- .use_scsi = 1,
-};
-
-static QEMUMachine ss4_machine = {
- .name = "SS-4",
- .desc = "Sun4m platform, SPARCstation 4",
- .init = ss4_init,
- .use_scsi = 1,
-};
-
-static QEMUMachine scls_machine = {
- .name = "SPARCClassic",
- .desc = "Sun4m platform, SPARCClassic",
- .init = scls_init,
- .use_scsi = 1,
-};
-
-static QEMUMachine sbook_machine = {
- .name = "SPARCbook",
- .desc = "Sun4m platform, SPARCbook",
- .init = sbook_init,
- .use_scsi = 1,
-};
-
-static const struct sun4d_hwdef sun4d_hwdefs[] = {
- /* SS-1000 */
- {
- .iounit_bases = {
- 0xfe0200000ULL,
- 0xfe1200000ULL,
- 0xfe2200000ULL,
- 0xfe3200000ULL,
- -1,
- },
- .tcx_base = 0x820000000ULL,
- .slavio_base = 0xf00000000ULL,
- .ms_kb_base = 0xf00240000ULL,
- .serial_base = 0xf00200000ULL,
- .nvram_base = 0xf00280000ULL,
- .counter_base = 0xf00300000ULL,
- .espdma_base = 0x800081000ULL,
- .esp_base = 0x800080000ULL,
- .ledma_base = 0x800040000ULL,
- .le_base = 0x800060000ULL,
- .sbi_base = 0xf02800000ULL,
- .nvram_machine_id = 0x80,
- .machine_id = ss1000_id,
- .iounit_version = 0x03000000,
- .max_mem = 0xf00000000ULL,
- .default_cpu_model = "TI SuperSparc II",
- },
- /* SS-2000 */
- {
- .iounit_bases = {
- 0xfe0200000ULL,
- 0xfe1200000ULL,
- 0xfe2200000ULL,
- 0xfe3200000ULL,
- 0xfe4200000ULL,
- },
- .tcx_base = 0x820000000ULL,
- .slavio_base = 0xf00000000ULL,
- .ms_kb_base = 0xf00240000ULL,
- .serial_base = 0xf00200000ULL,
- .nvram_base = 0xf00280000ULL,
- .counter_base = 0xf00300000ULL,
- .espdma_base = 0x800081000ULL,
- .esp_base = 0x800080000ULL,
- .ledma_base = 0x800040000ULL,
- .le_base = 0x800060000ULL,
- .sbi_base = 0xf02800000ULL,
- .nvram_machine_id = 0x80,
- .machine_id = ss2000_id,
- .iounit_version = 0x03000000,
- .max_mem = 0xf00000000ULL,
- .default_cpu_model = "TI SuperSparc II",
- },
-};
-
-static DeviceState *sbi_init(hwaddr addr, qemu_irq **parent_irq)
-{
- DeviceState *dev;
- SysBusDevice *s;
- unsigned int i;
-
- dev = qdev_create(NULL, "sbi");
- qdev_init_nofail(dev);
-
- s = sysbus_from_qdev(dev);
-
- for (i = 0; i < MAX_CPUS; i++) {
- sysbus_connect_irq(s, i, *parent_irq[i]);
- }
-
- sysbus_mmio_map(s, 0, addr);
-
- return dev;
-}
-
-static void sun4d_hw_init(const struct sun4d_hwdef *hwdef, ram_addr_t RAM_size,
- const char *boot_device,
- const char *kernel_filename,
- const char *kernel_cmdline,
- const char *initrd_filename, const char *cpu_model)
-{
- unsigned int i;
- void *iounits[MAX_IOUNITS], *espdma, *ledma, *nvram;
- qemu_irq *cpu_irqs[MAX_CPUS], sbi_irq[32], sbi_cpu_irq[MAX_CPUS],
- espdma_irq, ledma_irq;
- qemu_irq esp_reset, dma_enable;
- unsigned long kernel_size;
- void *fw_cfg;
- DeviceState *dev;
-
- /* init CPUs */
- if (!cpu_model)
- cpu_model = hwdef->default_cpu_model;
-
- for(i = 0; i < smp_cpus; i++) {
- cpu_devinit(cpu_model, i, hwdef->slavio_base, &cpu_irqs[i]);
- }
-
- for (i = smp_cpus; i < MAX_CPUS; i++)
- cpu_irqs[i] = qemu_allocate_irqs(dummy_cpu_set_irq, NULL, MAX_PILS);
-
- /* set up devices */
- ram_init(0, RAM_size, hwdef->max_mem);
-
- prom_init(hwdef->slavio_base, bios_name);
-
- dev = sbi_init(hwdef->sbi_base, cpu_irqs);
-
- for (i = 0; i < 32; i++) {
- sbi_irq[i] = qdev_get_gpio_in(dev, i);
- }
- for (i = 0; i < MAX_CPUS; i++) {
- sbi_cpu_irq[i] = qdev_get_gpio_in(dev, 32 + i);
- }
-
- for (i = 0; i < MAX_IOUNITS; i++)
- if (hwdef->iounit_bases[i] != (hwaddr)-1)
- iounits[i] = iommu_init(hwdef->iounit_bases[i],
- hwdef->iounit_version,
- sbi_irq[0]);
-
- espdma = sparc32_dma_init(hwdef->espdma_base, sbi_irq[3],
- iounits[0], &espdma_irq, 0);
-
- /* should be lebuffer instead */
- ledma = sparc32_dma_init(hwdef->ledma_base, sbi_irq[4],
- iounits[0], &ledma_irq, 0);
-
- if (graphic_depth != 8 && graphic_depth != 24) {
- fprintf(stderr, "qemu: Unsupported depth: %d\n", graphic_depth);
- exit (1);
- }
- tcx_init(hwdef->tcx_base, 0x00100000, graphic_width, graphic_height,
- graphic_depth);
-
- lance_init(&nd_table[0], hwdef->le_base, ledma, ledma_irq);
-
- nvram = m48t59_init(sbi_irq[0], hwdef->nvram_base, 0, 0x2000, 8);
-
- slavio_timer_init_all(hwdef->counter_base, sbi_irq[10], sbi_cpu_irq, smp_cpus);
-
- slavio_serial_ms_kbd_init(hwdef->ms_kb_base, sbi_irq[12],
- display_type == DT_NOGRAPHIC, ESCC_CLOCK, 1);
- /* Slavio TTYA (base+4, Linux ttyS0) is the first QEMU serial device
- Slavio TTYB (base+0, Linux ttyS1) is the second QEMU serial device */
- escc_init(hwdef->serial_base, sbi_irq[12], sbi_irq[12],
- serial_hds[0], serial_hds[1], ESCC_CLOCK, 1);
-
- if (drive_get_max_bus(IF_SCSI) > 0) {
- fprintf(stderr, "qemu: too many SCSI bus\n");
- exit(1);
- }
-
- esp_init(hwdef->esp_base, 2,
- espdma_memory_read, espdma_memory_write,
- espdma, espdma_irq, &esp_reset, &dma_enable);
-
- qdev_connect_gpio_out(espdma, 0, esp_reset);
- qdev_connect_gpio_out(espdma, 1, dma_enable);
-
- kernel_size = sun4m_load_kernel(kernel_filename, initrd_filename,
- RAM_size);
-
- nvram_init(nvram, (uint8_t *)&nd_table[0].macaddr, kernel_cmdline,
- boot_device, RAM_size, kernel_size, graphic_width,
- graphic_height, graphic_depth, hwdef->nvram_machine_id,
- "Sun4d");
-
- fw_cfg = fw_cfg_init(0, 0, CFG_ADDR, CFG_ADDR + 2);
- fw_cfg_add_i32(fw_cfg, FW_CFG_ID, 1);
- fw_cfg_add_i64(fw_cfg, FW_CFG_RAM_SIZE, (uint64_t)ram_size);
- fw_cfg_add_i16(fw_cfg, FW_CFG_MACHINE_ID, hwdef->machine_id);
- fw_cfg_add_i16(fw_cfg, FW_CFG_SUN4M_DEPTH, graphic_depth);
- fw_cfg_add_i32(fw_cfg, FW_CFG_KERNEL_ADDR, KERNEL_LOAD_ADDR);
- fw_cfg_add_i32(fw_cfg, FW_CFG_KERNEL_SIZE, kernel_size);
- if (kernel_cmdline) {
- fw_cfg_add_i32(fw_cfg, FW_CFG_KERNEL_CMDLINE, CMDLINE_ADDR);
- pstrcpy_targphys("cmdline", CMDLINE_ADDR, TARGET_PAGE_SIZE, kernel_cmdline);
- fw_cfg_add_bytes(fw_cfg, FW_CFG_CMDLINE_DATA,
- (uint8_t*)strdup(kernel_cmdline),
- strlen(kernel_cmdline) + 1);
- } else {
- fw_cfg_add_i32(fw_cfg, FW_CFG_KERNEL_CMDLINE, 0);
- }
- fw_cfg_add_i32(fw_cfg, FW_CFG_INITRD_ADDR, INITRD_LOAD_ADDR);
- fw_cfg_add_i32(fw_cfg, FW_CFG_INITRD_SIZE, 0); // not used
- fw_cfg_add_i16(fw_cfg, FW_CFG_BOOT_DEVICE, boot_device[0]);
- qemu_register_boot_set(fw_cfg_boot_set, fw_cfg);
-}
-
-/* SPARCserver 1000 hardware initialisation */
-static void ss1000_init(QEMUMachineInitArgs *args)
-{
- ram_addr_t RAM_size = args->ram_size;
- const char *cpu_model = args->cpu_model;
- const char *kernel_filename = args->kernel_filename;
- const char *kernel_cmdline = args->kernel_cmdline;
- const char *initrd_filename = args->initrd_filename;
- const char *boot_device = args->boot_device;
- sun4d_hw_init(&sun4d_hwdefs[0], RAM_size, boot_device, kernel_filename,
- kernel_cmdline, initrd_filename, cpu_model);
-}
-
-/* SPARCcenter 2000 hardware initialisation */
-static void ss2000_init(QEMUMachineInitArgs *args)
-{
- ram_addr_t RAM_size = args->ram_size;
- const char *cpu_model = args->cpu_model;
- const char *kernel_filename = args->kernel_filename;
- const char *kernel_cmdline = args->kernel_cmdline;
- const char *initrd_filename = args->initrd_filename;
- const char *boot_device = args->boot_device;
- sun4d_hw_init(&sun4d_hwdefs[1], RAM_size, boot_device, kernel_filename,
- kernel_cmdline, initrd_filename, cpu_model);
-}
-
-static QEMUMachine ss1000_machine = {
- .name = "SS-1000",
- .desc = "Sun4d platform, SPARCserver 1000",
- .init = ss1000_init,
- .use_scsi = 1,
- .max_cpus = 8,
-};
-
-static QEMUMachine ss2000_machine = {
- .name = "SS-2000",
- .desc = "Sun4d platform, SPARCcenter 2000",
- .init = ss2000_init,
- .use_scsi = 1,
- .max_cpus = 20,
-};
-
-static const struct sun4c_hwdef sun4c_hwdefs[] = {
- /* SS-2 */
- {
- .iommu_base = 0xf8000000,
- .tcx_base = 0xfe000000,
- .slavio_base = 0xf6000000,
- .intctl_base = 0xf5000000,
- .counter_base = 0xf3000000,
- .ms_kb_base = 0xf0000000,
- .serial_base = 0xf1000000,
- .nvram_base = 0xf2000000,
- .fd_base = 0xf7200000,
- .dma_base = 0xf8400000,
- .esp_base = 0xf8800000,
- .le_base = 0xf8c00000,
- .aux1_base = 0xf7400003,
- .nvram_machine_id = 0x55,
- .machine_id = ss2_id,
- .max_mem = 0x10000000,
- .default_cpu_model = "Cypress CY7C601",
- },
-};
-
-static DeviceState *sun4c_intctl_init(hwaddr addr,
- qemu_irq *parent_irq)
-{
- DeviceState *dev;
- SysBusDevice *s;
- unsigned int i;
-
- dev = qdev_create(NULL, "sun4c_intctl");
- qdev_init_nofail(dev);
-
- s = sysbus_from_qdev(dev);
-
- for (i = 0; i < MAX_PILS; i++) {
- sysbus_connect_irq(s, i, parent_irq[i]);
- }
- sysbus_mmio_map(s, 0, addr);
-
- return dev;
-}
-
-static void sun4c_hw_init(const struct sun4c_hwdef *hwdef, ram_addr_t RAM_size,
- const char *boot_device,
- const char *kernel_filename,
- const char *kernel_cmdline,
- const char *initrd_filename, const char *cpu_model)
-{
- void *iommu, *espdma, *ledma, *nvram;
- qemu_irq *cpu_irqs, slavio_irq[8], espdma_irq, ledma_irq;
- qemu_irq esp_reset, dma_enable;
- qemu_irq fdc_tc;
- unsigned long kernel_size;
- DriveInfo *fd[MAX_FD];
- void *fw_cfg;
- DeviceState *dev;
- unsigned int i;
-
- /* init CPU */
- if (!cpu_model)
- cpu_model = hwdef->default_cpu_model;
-
- cpu_devinit(cpu_model, 0, hwdef->slavio_base, &cpu_irqs);
-
- /* set up devices */
- ram_init(0, RAM_size, hwdef->max_mem);
-
- prom_init(hwdef->slavio_base, bios_name);
-
- dev = sun4c_intctl_init(hwdef->intctl_base, cpu_irqs);
-
- for (i = 0; i < 8; i++) {
- slavio_irq[i] = qdev_get_gpio_in(dev, i);
- }
-
- iommu = iommu_init(hwdef->iommu_base, hwdef->iommu_version,
- slavio_irq[1]);
-
- espdma = sparc32_dma_init(hwdef->dma_base, slavio_irq[2],
- iommu, &espdma_irq, 0);
-
- ledma = sparc32_dma_init(hwdef->dma_base + 16ULL,
- slavio_irq[3], iommu, &ledma_irq, 1);
-
- if (graphic_depth != 8 && graphic_depth != 24) {
- fprintf(stderr, "qemu: Unsupported depth: %d\n", graphic_depth);
- exit (1);
- }
- tcx_init(hwdef->tcx_base, 0x00100000, graphic_width, graphic_height,
- graphic_depth);
-
- lance_init(&nd_table[0], hwdef->le_base, ledma, ledma_irq);
-
- nvram = m48t59_init(slavio_irq[0], hwdef->nvram_base, 0, 0x800, 2);
-
- slavio_serial_ms_kbd_init(hwdef->ms_kb_base, slavio_irq[1],
- display_type == DT_NOGRAPHIC, ESCC_CLOCK, 1);
- /* Slavio TTYA (base+4, Linux ttyS0) is the first QEMU serial device
- Slavio TTYB (base+0, Linux ttyS1) is the second QEMU serial device */
- escc_init(hwdef->serial_base, slavio_irq[1],
- slavio_irq[1], serial_hds[0], serial_hds[1],
- ESCC_CLOCK, 1);
-
- if (hwdef->fd_base != (hwaddr)-1) {
- /* there is zero or one floppy drive */
- memset(fd, 0, sizeof(fd));
- fd[0] = drive_get(IF_FLOPPY, 0, 0);
- sun4m_fdctrl_init(slavio_irq[1], hwdef->fd_base, fd,
- &fdc_tc);
- } else {
- fdc_tc = *qemu_allocate_irqs(dummy_fdc_tc, NULL, 1);
- }
-
- slavio_misc_init(0, hwdef->aux1_base, 0, slavio_irq[1], fdc_tc);
-
- if (drive_get_max_bus(IF_SCSI) > 0) {
- fprintf(stderr, "qemu: too many SCSI bus\n");
- exit(1);
- }
-
- esp_init(hwdef->esp_base, 2,
- espdma_memory_read, espdma_memory_write,
- espdma, espdma_irq, &esp_reset, &dma_enable);
-
- qdev_connect_gpio_out(espdma, 0, esp_reset);
- qdev_connect_gpio_out(espdma, 1, dma_enable);
-
- kernel_size = sun4m_load_kernel(kernel_filename, initrd_filename,
- RAM_size);
-
- nvram_init(nvram, (uint8_t *)&nd_table[0].macaddr, kernel_cmdline,
- boot_device, RAM_size, kernel_size, graphic_width,
- graphic_height, graphic_depth, hwdef->nvram_machine_id,
- "Sun4c");
-
- fw_cfg = fw_cfg_init(0, 0, CFG_ADDR, CFG_ADDR + 2);
- fw_cfg_add_i32(fw_cfg, FW_CFG_ID, 1);
- fw_cfg_add_i64(fw_cfg, FW_CFG_RAM_SIZE, (uint64_t)ram_size);
- fw_cfg_add_i16(fw_cfg, FW_CFG_MACHINE_ID, hwdef->machine_id);
- fw_cfg_add_i16(fw_cfg, FW_CFG_SUN4M_DEPTH, graphic_depth);
- fw_cfg_add_i32(fw_cfg, FW_CFG_KERNEL_ADDR, KERNEL_LOAD_ADDR);
- fw_cfg_add_i32(fw_cfg, FW_CFG_KERNEL_SIZE, kernel_size);
- if (kernel_cmdline) {
- fw_cfg_add_i32(fw_cfg, FW_CFG_KERNEL_CMDLINE, CMDLINE_ADDR);
- pstrcpy_targphys("cmdline", CMDLINE_ADDR, TARGET_PAGE_SIZE, kernel_cmdline);
- fw_cfg_add_bytes(fw_cfg, FW_CFG_CMDLINE_DATA,
- (uint8_t*)strdup(kernel_cmdline),
- strlen(kernel_cmdline) + 1);
- } else {
- fw_cfg_add_i32(fw_cfg, FW_CFG_KERNEL_CMDLINE, 0);
- }
- fw_cfg_add_i32(fw_cfg, FW_CFG_INITRD_ADDR, INITRD_LOAD_ADDR);
- fw_cfg_add_i32(fw_cfg, FW_CFG_INITRD_SIZE, 0); // not used
- fw_cfg_add_i16(fw_cfg, FW_CFG_BOOT_DEVICE, boot_device[0]);
- qemu_register_boot_set(fw_cfg_boot_set, fw_cfg);
-}
-
-/* SPARCstation 2 hardware initialisation */
-static void ss2_init(QEMUMachineInitArgs *args)
-{
- ram_addr_t RAM_size = args->ram_size;
- const char *cpu_model = args->cpu_model;
- const char *kernel_filename = args->kernel_filename;
- const char *kernel_cmdline = args->kernel_cmdline;
- const char *initrd_filename = args->initrd_filename;
- const char *boot_device = args->boot_device;
- sun4c_hw_init(&sun4c_hwdefs[0], RAM_size, boot_device, kernel_filename,
- kernel_cmdline, initrd_filename, cpu_model);
-}
-
-static QEMUMachine ss2_machine = {
- .name = "SS-2",
- .desc = "Sun4c platform, SPARCstation 2",
- .init = ss2_init,
- .use_scsi = 1,
-};
-
-static void sun4m_register_types(void)
-{
- type_register_static(&idreg_info);
- type_register_static(&afx_info);
- type_register_static(&prom_info);
- type_register_static(&ram_info);
-}
-
-static void ss2_machine_init(void)
-{
- qemu_register_machine(&ss5_machine);
- qemu_register_machine(&ss10_machine);
- qemu_register_machine(&ss600mp_machine);
- qemu_register_machine(&ss20_machine);
- qemu_register_machine(&voyager_machine);
- qemu_register_machine(&ss_lx_machine);
- qemu_register_machine(&ss4_machine);
- qemu_register_machine(&scls_machine);
- qemu_register_machine(&sbook_machine);
- qemu_register_machine(&ss1000_machine);
- qemu_register_machine(&ss2000_machine);
- qemu_register_machine(&ss2_machine);
-}
-
-type_init(sun4m_register_types)
-machine_init(ss2_machine_init);
diff --git a/hw/sun4m.h b/hw/sun4m.h
deleted file mode 100644
index 47eb945f0..000000000
--- a/hw/sun4m.h
+++ /dev/null
@@ -1,36 +0,0 @@
-#ifndef SUN4M_H
-#define SUN4M_H
-
-#include "qemu-common.h"
-
-/* Devices used by sparc32 system. */
-
-/* iommu.c */
-void sparc_iommu_memory_rw(void *opaque, hwaddr addr,
- uint8_t *buf, int len, int is_write);
-static inline void sparc_iommu_memory_read(void *opaque,
- hwaddr addr,
- uint8_t *buf, int len)
-{
- sparc_iommu_memory_rw(opaque, addr, buf, len, 0);
-}
-
-static inline void sparc_iommu_memory_write(void *opaque,
- hwaddr addr,
- uint8_t *buf, int len)
-{
- sparc_iommu_memory_rw(opaque, addr, buf, len, 1);
-}
-
-/* slavio_intctl.c */
-void slavio_pic_info(Monitor *mon, DeviceState *dev);
-void slavio_irq_info(Monitor *mon, DeviceState *dev);
-
-/* sun4m.c */
-void sun4m_pic_info(Monitor *mon);
-void sun4m_irq_info(Monitor *mon);
-
-/* sparc32_dma.c */
-#include "sparc32_dma.h"
-
-#endif
diff --git a/hw/sun4m_iommu.c b/hw/sun4m_iommu.c
deleted file mode 100644
index ce6819e10..000000000
--- a/hw/sun4m_iommu.c
+++ /dev/null
@@ -1,388 +0,0 @@
-/*
- * QEMU Sun4m iommu emulation
- *
- * Copyright (c) 2003-2005 Fabrice Bellard
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
- * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
- * THE SOFTWARE.
- */
-
-#include "sun4m.h"
-#include "sysbus.h"
-#include "trace.h"
-
-/*
- * I/O MMU used by Sun4m systems
- *
- * Chipset docs:
- * "Sun-4M System Architecture (revision 2.0) by Chuck Narad", 950-1373-01,
- * http://mediacast.sun.com/users/Barton808/media/Sun4M_SystemArchitecture_edited2.pdf
- */
-
-#define IOMMU_NREGS (4*4096/4)
-#define IOMMU_CTRL (0x0000 >> 2)
-#define IOMMU_CTRL_IMPL 0xf0000000 /* Implementation */
-#define IOMMU_CTRL_VERS 0x0f000000 /* Version */
-#define IOMMU_CTRL_RNGE 0x0000001c /* Mapping RANGE */
-#define IOMMU_RNGE_16MB 0x00000000 /* 0xff000000 -> 0xffffffff */
-#define IOMMU_RNGE_32MB 0x00000004 /* 0xfe000000 -> 0xffffffff */
-#define IOMMU_RNGE_64MB 0x00000008 /* 0xfc000000 -> 0xffffffff */
-#define IOMMU_RNGE_128MB 0x0000000c /* 0xf8000000 -> 0xffffffff */
-#define IOMMU_RNGE_256MB 0x00000010 /* 0xf0000000 -> 0xffffffff */
-#define IOMMU_RNGE_512MB 0x00000014 /* 0xe0000000 -> 0xffffffff */
-#define IOMMU_RNGE_1GB 0x00000018 /* 0xc0000000 -> 0xffffffff */
-#define IOMMU_RNGE_2GB 0x0000001c /* 0x80000000 -> 0xffffffff */
-#define IOMMU_CTRL_ENAB 0x00000001 /* IOMMU Enable */
-#define IOMMU_CTRL_MASK 0x0000001d
-
-#define IOMMU_BASE (0x0004 >> 2)
-#define IOMMU_BASE_MASK 0x07fffc00
-
-#define IOMMU_TLBFLUSH (0x0014 >> 2)
-#define IOMMU_TLBFLUSH_MASK 0xffffffff
-
-#define IOMMU_PGFLUSH (0x0018 >> 2)
-#define IOMMU_PGFLUSH_MASK 0xffffffff
-
-#define IOMMU_AFSR (0x1000 >> 2)
-#define IOMMU_AFSR_ERR 0x80000000 /* LE, TO, or BE asserted */
-#define IOMMU_AFSR_LE 0x40000000 /* SBUS reports error after
- transaction */
-#define IOMMU_AFSR_TO 0x20000000 /* Write access took more than
- 12.8 us. */
-#define IOMMU_AFSR_BE 0x10000000 /* Write access received error
- acknowledge */
-#define IOMMU_AFSR_SIZE 0x0e000000 /* Size of transaction causing error */
-#define IOMMU_AFSR_S 0x01000000 /* Sparc was in supervisor mode */
-#define IOMMU_AFSR_RESV 0x00800000 /* Reserved, forced to 0x8 by
- hardware */
-#define IOMMU_AFSR_ME 0x00080000 /* Multiple errors occurred */
-#define IOMMU_AFSR_RD 0x00040000 /* A read operation was in progress */
-#define IOMMU_AFSR_FAV 0x00020000 /* IOMMU afar has valid contents */
-#define IOMMU_AFSR_MASK 0xff0fffff
-
-#define IOMMU_AFAR (0x1004 >> 2)
-
-#define IOMMU_AER (0x1008 >> 2) /* Arbiter Enable Register */
-#define IOMMU_AER_EN_P0_ARB 0x00000001 /* MBus master 0x8 (Always 1) */
-#define IOMMU_AER_EN_P1_ARB 0x00000002 /* MBus master 0x9 */
-#define IOMMU_AER_EN_P2_ARB 0x00000004 /* MBus master 0xa */
-#define IOMMU_AER_EN_P3_ARB 0x00000008 /* MBus master 0xb */
-#define IOMMU_AER_EN_0 0x00010000 /* SBus slot 0 */
-#define IOMMU_AER_EN_1 0x00020000 /* SBus slot 1 */
-#define IOMMU_AER_EN_2 0x00040000 /* SBus slot 2 */
-#define IOMMU_AER_EN_3 0x00080000 /* SBus slot 3 */
-#define IOMMU_AER_EN_F 0x00100000 /* SBus on-board */
-#define IOMMU_AER_SBW 0x80000000 /* S-to-M asynchronous writes */
-#define IOMMU_AER_MASK 0x801f000f
-
-#define IOMMU_SBCFG0 (0x1010 >> 2) /* SBUS configration per-slot */
-#define IOMMU_SBCFG1 (0x1014 >> 2) /* SBUS configration per-slot */
-#define IOMMU_SBCFG2 (0x1018 >> 2) /* SBUS configration per-slot */
-#define IOMMU_SBCFG3 (0x101c >> 2) /* SBUS configration per-slot */
-#define IOMMU_SBCFG_SAB30 0x00010000 /* Phys-address bit 30 when
- bypass enabled */
-#define IOMMU_SBCFG_BA16 0x00000004 /* Slave supports 16 byte bursts */
-#define IOMMU_SBCFG_BA8 0x00000002 /* Slave supports 8 byte bursts */
-#define IOMMU_SBCFG_BYPASS 0x00000001 /* Bypass IOMMU, treat all addresses
- produced by this device as pure
- physical. */
-#define IOMMU_SBCFG_MASK 0x00010003
-
-#define IOMMU_ARBEN (0x2000 >> 2) /* SBUS arbitration enable */
-#define IOMMU_ARBEN_MASK 0x001f0000
-#define IOMMU_MID 0x00000008
-
-#define IOMMU_MASK_ID (0x3018 >> 2) /* Mask ID */
-#define IOMMU_MASK_ID_MASK 0x00ffffff
-
-#define IOMMU_MSII_MASK 0x26000000 /* microSPARC II mask number */
-#define IOMMU_TS_MASK 0x23000000 /* turboSPARC mask number */
-
-/* The format of an iopte in the page tables */
-#define IOPTE_PAGE 0xffffff00 /* Physical page number (PA[35:12]) */
-#define IOPTE_CACHE 0x00000080 /* Cached (in vme IOCACHE or
- Viking/MXCC) */
-#define IOPTE_WRITE 0x00000004 /* Writable */
-#define IOPTE_VALID 0x00000002 /* IOPTE is valid */
-#define IOPTE_WAZ 0x00000001 /* Write as zeros */
-
-#define IOMMU_PAGE_SHIFT 12
-#define IOMMU_PAGE_SIZE (1 << IOMMU_PAGE_SHIFT)
-#define IOMMU_PAGE_MASK ~(IOMMU_PAGE_SIZE - 1)
-
-typedef struct IOMMUState {
- SysBusDevice busdev;
- MemoryRegion iomem;
- uint32_t regs[IOMMU_NREGS];
- hwaddr iostart;
- qemu_irq irq;
- uint32_t version;
-} IOMMUState;
-
-static uint64_t iommu_mem_read(void *opaque, hwaddr addr,
- unsigned size)
-{
- IOMMUState *s = opaque;
- hwaddr saddr;
- uint32_t ret;
-
- saddr = addr >> 2;
- switch (saddr) {
- default:
- ret = s->regs[saddr];
- break;
- case IOMMU_AFAR:
- case IOMMU_AFSR:
- ret = s->regs[saddr];
- qemu_irq_lower(s->irq);
- break;
- }
- trace_sun4m_iommu_mem_readl(saddr, ret);
- return ret;
-}
-
-static void iommu_mem_write(void *opaque, hwaddr addr,
- uint64_t val, unsigned size)
-{
- IOMMUState *s = opaque;
- hwaddr saddr;
-
- saddr = addr >> 2;
- trace_sun4m_iommu_mem_writel(saddr, val);
- switch (saddr) {
- case IOMMU_CTRL:
- switch (val & IOMMU_CTRL_RNGE) {
- case IOMMU_RNGE_16MB:
- s->iostart = 0xffffffffff000000ULL;
- break;
- case IOMMU_RNGE_32MB:
- s->iostart = 0xfffffffffe000000ULL;
- break;
- case IOMMU_RNGE_64MB:
- s->iostart = 0xfffffffffc000000ULL;
- break;
- case IOMMU_RNGE_128MB:
- s->iostart = 0xfffffffff8000000ULL;
- break;
- case IOMMU_RNGE_256MB:
- s->iostart = 0xfffffffff0000000ULL;
- break;
- case IOMMU_RNGE_512MB:
- s->iostart = 0xffffffffe0000000ULL;
- break;
- case IOMMU_RNGE_1GB:
- s->iostart = 0xffffffffc0000000ULL;
- break;
- default:
- case IOMMU_RNGE_2GB:
- s->iostart = 0xffffffff80000000ULL;
- break;
- }
- trace_sun4m_iommu_mem_writel_ctrl(s->iostart);
- s->regs[saddr] = ((val & IOMMU_CTRL_MASK) | s->version);
- break;
- case IOMMU_BASE:
- s->regs[saddr] = val & IOMMU_BASE_MASK;
- break;
- case IOMMU_TLBFLUSH:
- trace_sun4m_iommu_mem_writel_tlbflush(val);
- s->regs[saddr] = val & IOMMU_TLBFLUSH_MASK;
- break;
- case IOMMU_PGFLUSH:
- trace_sun4m_iommu_mem_writel_pgflush(val);
- s->regs[saddr] = val & IOMMU_PGFLUSH_MASK;
- break;
- case IOMMU_AFAR:
- s->regs[saddr] = val;
- qemu_irq_lower(s->irq);
- break;
- case IOMMU_AER:
- s->regs[saddr] = (val & IOMMU_AER_MASK) | IOMMU_AER_EN_P0_ARB;
- break;
- case IOMMU_AFSR:
- s->regs[saddr] = (val & IOMMU_AFSR_MASK) | IOMMU_AFSR_RESV;
- qemu_irq_lower(s->irq);
- break;
- case IOMMU_SBCFG0:
- case IOMMU_SBCFG1:
- case IOMMU_SBCFG2:
- case IOMMU_SBCFG3:
- s->regs[saddr] = val & IOMMU_SBCFG_MASK;
- break;
- case IOMMU_ARBEN:
- // XXX implement SBus probing: fault when reading unmapped
- // addresses, fault cause and address stored to MMU/IOMMU
- s->regs[saddr] = (val & IOMMU_ARBEN_MASK) | IOMMU_MID;
- break;
- case IOMMU_MASK_ID:
- s->regs[saddr] |= val & IOMMU_MASK_ID_MASK;
- break;
- default:
- s->regs[saddr] = val;
- break;
- }
-}
-
-static const MemoryRegionOps iommu_mem_ops = {
- .read = iommu_mem_read,
- .write = iommu_mem_write,
- .endianness = DEVICE_NATIVE_ENDIAN,
- .valid = {
- .min_access_size = 4,
- .max_access_size = 4,
- },
-};
-
-static uint32_t iommu_page_get_flags(IOMMUState *s, hwaddr addr)
-{
- uint32_t ret;
- hwaddr iopte;
- hwaddr pa = addr;
-
- iopte = s->regs[IOMMU_BASE] << 4;
- addr &= ~s->iostart;
- iopte += (addr >> (IOMMU_PAGE_SHIFT - 2)) & ~3;
- cpu_physical_memory_read(iopte, (uint8_t *)&ret, 4);
- tswap32s(&ret);
- trace_sun4m_iommu_page_get_flags(pa, iopte, ret);
- return ret;
-}
-
-static hwaddr iommu_translate_pa(hwaddr addr,
- uint32_t pte)
-{
- hwaddr pa;
-
- pa = ((pte & IOPTE_PAGE) << 4) + (addr & ~IOMMU_PAGE_MASK);
- trace_sun4m_iommu_translate_pa(addr, pa, pte);
- return pa;
-}
-
-static void iommu_bad_addr(IOMMUState *s, hwaddr addr,
- int is_write)
-{
- trace_sun4m_iommu_bad_addr(addr);
- s->regs[IOMMU_AFSR] = IOMMU_AFSR_ERR | IOMMU_AFSR_LE | IOMMU_AFSR_RESV |
- IOMMU_AFSR_FAV;
- if (!is_write)
- s->regs[IOMMU_AFSR] |= IOMMU_AFSR_RD;
- s->regs[IOMMU_AFAR] = addr;
- qemu_irq_raise(s->irq);
-}
-
-void sparc_iommu_memory_rw(void *opaque, hwaddr addr,
- uint8_t *buf, int len, int is_write)
-{
- int l;
- uint32_t flags;
- hwaddr page, phys_addr;
-
- while (len > 0) {
- page = addr & IOMMU_PAGE_MASK;
- l = (page + IOMMU_PAGE_SIZE) - addr;
- if (l > len)
- l = len;
- flags = iommu_page_get_flags(opaque, page);
- if (!(flags & IOPTE_VALID)) {
- iommu_bad_addr(opaque, page, is_write);
- return;
- }
- phys_addr = iommu_translate_pa(addr, flags);
- if (is_write) {
- if (!(flags & IOPTE_WRITE)) {
- iommu_bad_addr(opaque, page, is_write);
- return;
- }
- cpu_physical_memory_write(phys_addr, buf, l);
- } else {
- cpu_physical_memory_read(phys_addr, buf, l);
- }
- len -= l;
- buf += l;
- addr += l;
- }
-}
-
-static const VMStateDescription vmstate_iommu = {
- .name ="iommu",
- .version_id = 2,
- .minimum_version_id = 2,
- .minimum_version_id_old = 2,
- .fields = (VMStateField []) {
- VMSTATE_UINT32_ARRAY(regs, IOMMUState, IOMMU_NREGS),
- VMSTATE_UINT64(iostart, IOMMUState),
- VMSTATE_END_OF_LIST()
- }
-};
-
-static void iommu_reset(DeviceState *d)
-{
- IOMMUState *s = container_of(d, IOMMUState, busdev.qdev);
-
- memset(s->regs, 0, IOMMU_NREGS * 4);
- s->iostart = 0;
- s->regs[IOMMU_CTRL] = s->version;
- s->regs[IOMMU_ARBEN] = IOMMU_MID;
- s->regs[IOMMU_AFSR] = IOMMU_AFSR_RESV;
- s->regs[IOMMU_AER] = IOMMU_AER_EN_P0_ARB | IOMMU_AER_EN_P1_ARB;
- s->regs[IOMMU_MASK_ID] = IOMMU_TS_MASK;
-}
-
-static int iommu_init1(SysBusDevice *dev)
-{
- IOMMUState *s = FROM_SYSBUS(IOMMUState, dev);
-
- sysbus_init_irq(dev, &s->irq);
-
- memory_region_init_io(&s->iomem, &iommu_mem_ops, s, "iommu",
- IOMMU_NREGS * sizeof(uint32_t));
- sysbus_init_mmio(dev, &s->iomem);
-
- return 0;
-}
-
-static Property iommu_properties[] = {
- DEFINE_PROP_HEX32("version", IOMMUState, version, 0),
- DEFINE_PROP_END_OF_LIST(),
-};
-
-static void iommu_class_init(ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS(klass);
- SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
-
- k->init = iommu_init1;
- dc->reset = iommu_reset;
- dc->vmsd = &vmstate_iommu;
- dc->props = iommu_properties;
-}
-
-static TypeInfo iommu_info = {
- .name = "iommu",
- .parent = TYPE_SYS_BUS_DEVICE,
- .instance_size = sizeof(IOMMUState),
- .class_init = iommu_class_init,
-};
-
-static void iommu_register_types(void)
-{
- type_register_static(&iommu_info);
-}
-
-type_init(iommu_register_types)
diff --git a/hw/sun4u.c b/hw/sun4u.c
deleted file mode 100644
index b2b51e30c..000000000
--- a/hw/sun4u.c
+++ /dev/null
@@ -1,1012 +0,0 @@
-/*
- * QEMU Sun4u/Sun4v System Emulator
- *
- * Copyright (c) 2005 Fabrice Bellard
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
- * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
- * THE SOFTWARE.
- */
-#include "hw.h"
-#include "pci.h"
-#include "apb_pci.h"
-#include "pc.h"
-#include "serial.h"
-#include "nvram.h"
-#include "fdc.h"
-#include "net.h"
-#include "qemu-timer.h"
-#include "sysemu.h"
-#include "boards.h"
-#include "firmware_abi.h"
-#include "fw_cfg.h"
-#include "sysbus.h"
-#include "ide.h"
-#include "loader.h"
-#include "elf.h"
-#include "blockdev.h"
-#include "exec-memory.h"
-
-//#define DEBUG_IRQ
-//#define DEBUG_EBUS
-//#define DEBUG_TIMER
-
-#ifdef DEBUG_IRQ
-#define CPUIRQ_DPRINTF(fmt, ...) \
- do { printf("CPUIRQ: " fmt , ## __VA_ARGS__); } while (0)
-#else
-#define CPUIRQ_DPRINTF(fmt, ...)
-#endif
-
-#ifdef DEBUG_EBUS
-#define EBUS_DPRINTF(fmt, ...) \
- do { printf("EBUS: " fmt , ## __VA_ARGS__); } while (0)
-#else
-#define EBUS_DPRINTF(fmt, ...)
-#endif
-
-#ifdef DEBUG_TIMER
-#define TIMER_DPRINTF(fmt, ...) \
- do { printf("TIMER: " fmt , ## __VA_ARGS__); } while (0)
-#else
-#define TIMER_DPRINTF(fmt, ...)
-#endif
-
-#define KERNEL_LOAD_ADDR 0x00404000
-#define CMDLINE_ADDR 0x003ff000
-#define PROM_SIZE_MAX (4 * 1024 * 1024)
-#define PROM_VADDR 0x000ffd00000ULL
-#define APB_SPECIAL_BASE 0x1fe00000000ULL
-#define APB_MEM_BASE 0x1ff00000000ULL
-#define APB_PCI_IO_BASE (APB_SPECIAL_BASE + 0x02000000ULL)
-#define PROM_FILENAME "openbios-sparc64"
-#define NVRAM_SIZE 0x2000
-#define MAX_IDE_BUS 2
-#define BIOS_CFG_IOPORT 0x510
-#define FW_CFG_SPARC64_WIDTH (FW_CFG_ARCH_LOCAL + 0x00)
-#define FW_CFG_SPARC64_HEIGHT (FW_CFG_ARCH_LOCAL + 0x01)
-#define FW_CFG_SPARC64_DEPTH (FW_CFG_ARCH_LOCAL + 0x02)
-
-#define IVEC_MAX 0x30
-
-#define TICK_MAX 0x7fffffffffffffffULL
-
-struct hwdef {
- const char * const default_cpu_model;
- uint16_t machine_id;
- uint64_t prom_addr;
- uint64_t console_serial_base;
-};
-
-typedef struct EbusState {
- PCIDevice pci_dev;
- MemoryRegion bar0;
- MemoryRegion bar1;
-} EbusState;
-
-int DMA_get_channel_mode (int nchan)
-{
- return 0;
-}
-int DMA_read_memory (int nchan, void *buf, int pos, int size)
-{
- return 0;
-}
-int DMA_write_memory (int nchan, void *buf, int pos, int size)
-{
- return 0;
-}
-void DMA_hold_DREQ (int nchan) {}
-void DMA_release_DREQ (int nchan) {}
-void DMA_schedule(int nchan) {}
-
-void DMA_init(int high_page_enable, qemu_irq *cpu_request_exit)
-{
-}
-
-void DMA_register_channel (int nchan,
- DMA_transfer_handler transfer_handler,
- void *opaque)
-{
-}
-
-static int fw_cfg_boot_set(void *opaque, const char *boot_device)
-{
- fw_cfg_add_i16(opaque, FW_CFG_BOOT_DEVICE, boot_device[0]);
- return 0;
-}
-
-static int sun4u_NVRAM_set_params(M48t59State *nvram, uint16_t NVRAM_size,
- const char *arch, ram_addr_t RAM_size,
- const char *boot_devices,
- uint32_t kernel_image, uint32_t kernel_size,
- const char *cmdline,
- uint32_t initrd_image, uint32_t initrd_size,
- uint32_t NVRAM_image,
- int width, int height, int depth,
- const uint8_t *macaddr)
-{
- unsigned int i;
- uint32_t start, end;
- uint8_t image[0x1ff0];
- struct OpenBIOS_nvpart_v1 *part_header;
-
- memset(image, '\0', sizeof(image));
-
- start = 0;
-
- // OpenBIOS nvram variables
- // Variable partition
- part_header = (struct OpenBIOS_nvpart_v1 *)&image[start];
- part_header->signature = OPENBIOS_PART_SYSTEM;
- pstrcpy(part_header->name, sizeof(part_header->name), "system");
-
- end = start + sizeof(struct OpenBIOS_nvpart_v1);
- for (i = 0; i < nb_prom_envs; i++)
- end = OpenBIOS_set_var(image, end, prom_envs[i]);
-
- // End marker
- image[end++] = '\0';
-
- end = start + ((end - start + 15) & ~15);
- OpenBIOS_finish_partition(part_header, end - start);
-
- // free partition
- start = end;
- part_header = (struct OpenBIOS_nvpart_v1 *)&image[start];
- part_header->signature = OPENBIOS_PART_FREE;
- pstrcpy(part_header->name, sizeof(part_header->name), "free");
-
- end = 0x1fd0;
- OpenBIOS_finish_partition(part_header, end - start);
-
- Sun_init_header((struct Sun_nvram *)&image[0x1fd8], macaddr, 0x80);
-
- for (i = 0; i < sizeof(image); i++)
- m48t59_write(nvram, i, image[i]);
-
- return 0;
-}
-
-static uint64_t sun4u_load_kernel(const char *kernel_filename,
- const char *initrd_filename,
- ram_addr_t RAM_size, uint64_t *initrd_size,
- uint64_t *initrd_addr, uint64_t *kernel_addr,
- uint64_t *kernel_entry)
-{
- int linux_boot;
- unsigned int i;
- long kernel_size;
- uint8_t *ptr;
- uint64_t kernel_top;
-
- linux_boot = (kernel_filename != NULL);
-
- kernel_size = 0;
- if (linux_boot) {
- int bswap_needed;
-
-#ifdef BSWAP_NEEDED
- bswap_needed = 1;
-#else
- bswap_needed = 0;
-#endif
- kernel_size = load_elf(kernel_filename, NULL, NULL, kernel_entry,
- kernel_addr, &kernel_top, 1, ELF_MACHINE, 0);
- if (kernel_size < 0) {
- *kernel_addr = KERNEL_LOAD_ADDR;
- *kernel_entry = KERNEL_LOAD_ADDR;
- kernel_size = load_aout(kernel_filename, KERNEL_LOAD_ADDR,
- RAM_size - KERNEL_LOAD_ADDR, bswap_needed,
- TARGET_PAGE_SIZE);
- }
- if (kernel_size < 0) {
- kernel_size = load_image_targphys(kernel_filename,
- KERNEL_LOAD_ADDR,
- RAM_size - KERNEL_LOAD_ADDR);
- }
- if (kernel_size < 0) {
- fprintf(stderr, "qemu: could not load kernel '%s'\n",
- kernel_filename);
- exit(1);
- }
- /* load initrd above kernel */
- *initrd_size = 0;
- if (initrd_filename) {
- *initrd_addr = TARGET_PAGE_ALIGN(kernel_top);
-
- *initrd_size = load_image_targphys(initrd_filename,
- *initrd_addr,
- RAM_size - *initrd_addr);
- if ((int)*initrd_size < 0) {
- fprintf(stderr, "qemu: could not load initial ram disk '%s'\n",
- initrd_filename);
- exit(1);
- }
- }
- if (*initrd_size > 0) {
- for (i = 0; i < 64 * TARGET_PAGE_SIZE; i += TARGET_PAGE_SIZE) {
- ptr = rom_ptr(*kernel_addr + i);
- if (ldl_p(ptr + 8) == 0x48647253) { /* HdrS */
- stl_p(ptr + 24, *initrd_addr + *kernel_addr);
- stl_p(ptr + 28, *initrd_size);
- break;
- }
- }
- }
- }
- return kernel_size;
-}
-
-void cpu_check_irqs(CPUSPARCState *env)
-{
- uint32_t pil = env->pil_in |
- (env->softint & ~(SOFTINT_TIMER | SOFTINT_STIMER));
-
- /* TT_IVEC has a higher priority (16) than TT_EXTINT (31..17) */
- if (env->ivec_status & 0x20) {
- return;
- }
- /* check if TM or SM in SOFTINT are set
- setting these also causes interrupt 14 */
- if (env->softint & (SOFTINT_TIMER | SOFTINT_STIMER)) {
- pil |= 1 << 14;
- }
-
- /* The bit corresponding to psrpil is (1<< psrpil), the next bit
- is (2 << psrpil). */
- if (pil < (2 << env->psrpil)){
- if (env->interrupt_request & CPU_INTERRUPT_HARD) {
- CPUIRQ_DPRINTF("Reset CPU IRQ (current interrupt %x)\n",
- env->interrupt_index);
- env->interrupt_index = 0;
- cpu_reset_interrupt(env, CPU_INTERRUPT_HARD);
- }
- return;
- }
-
- if (cpu_interrupts_enabled(env)) {
-
- unsigned int i;
-
- for (i = 15; i > env->psrpil; i--) {
- if (pil & (1 << i)) {
- int old_interrupt = env->interrupt_index;
- int new_interrupt = TT_EXTINT | i;
-
- if (unlikely(env->tl > 0 && cpu_tsptr(env)->tt > new_interrupt
- && ((cpu_tsptr(env)->tt & 0x1f0) == TT_EXTINT))) {
- CPUIRQ_DPRINTF("Not setting CPU IRQ: TL=%d "
- "current %x >= pending %x\n",
- env->tl, cpu_tsptr(env)->tt, new_interrupt);
- } else if (old_interrupt != new_interrupt) {
- env->interrupt_index = new_interrupt;
- CPUIRQ_DPRINTF("Set CPU IRQ %d old=%x new=%x\n", i,
- old_interrupt, new_interrupt);
- cpu_interrupt(env, CPU_INTERRUPT_HARD);
- }
- break;
- }
- }
- } else if (env->interrupt_request & CPU_INTERRUPT_HARD) {
- CPUIRQ_DPRINTF("Interrupts disabled, pil=%08x pil_in=%08x softint=%08x "
- "current interrupt %x\n",
- pil, env->pil_in, env->softint, env->interrupt_index);
- env->interrupt_index = 0;
- cpu_reset_interrupt(env, CPU_INTERRUPT_HARD);
- }
-}
-
-static void cpu_kick_irq(SPARCCPU *cpu)
-{
- CPUSPARCState *env = &cpu->env;
-
- env->halted = 0;
- cpu_check_irqs(env);
- qemu_cpu_kick(CPU(cpu));
-}
-
-static void cpu_set_ivec_irq(void *opaque, int irq, int level)
-{
- SPARCCPU *cpu = opaque;
- CPUSPARCState *env = &cpu->env;
-
- if (level) {
- if (!(env->ivec_status & 0x20)) {
- CPUIRQ_DPRINTF("Raise IVEC IRQ %d\n", irq);
- env->halted = 0;
- env->interrupt_index = TT_IVEC;
- env->ivec_status |= 0x20;
- env->ivec_data[0] = (0x1f << 6) | irq;
- env->ivec_data[1] = 0;
- env->ivec_data[2] = 0;
- cpu_interrupt(env, CPU_INTERRUPT_HARD);
- }
- } else {
- if (env->ivec_status & 0x20) {
- CPUIRQ_DPRINTF("Lower IVEC IRQ %d\n", irq);
- env->ivec_status &= ~0x20;
- cpu_reset_interrupt(env, CPU_INTERRUPT_HARD);
- }
- }
-}
-
-typedef struct ResetData {
- SPARCCPU *cpu;
- uint64_t prom_addr;
-} ResetData;
-
-void cpu_put_timer(QEMUFile *f, CPUTimer *s)
-{
- qemu_put_be32s(f, &s->frequency);
- qemu_put_be32s(f, &s->disabled);
- qemu_put_be64s(f, &s->disabled_mask);
- qemu_put_sbe64s(f, &s->clock_offset);
-
- qemu_put_timer(f, s->qtimer);
-}
-
-void cpu_get_timer(QEMUFile *f, CPUTimer *s)
-{
- qemu_get_be32s(f, &s->frequency);
- qemu_get_be32s(f, &s->disabled);
- qemu_get_be64s(f, &s->disabled_mask);
- qemu_get_sbe64s(f, &s->clock_offset);
-
- qemu_get_timer(f, s->qtimer);
-}
-
-static CPUTimer *cpu_timer_create(const char *name, SPARCCPU *cpu,
- QEMUBHFunc *cb, uint32_t frequency,
- uint64_t disabled_mask)
-{
- CPUTimer *timer = g_malloc0(sizeof (CPUTimer));
-
- timer->name = name;
- timer->frequency = frequency;
- timer->disabled_mask = disabled_mask;
-
- timer->disabled = 1;
- timer->clock_offset = qemu_get_clock_ns(vm_clock);
-
- timer->qtimer = qemu_new_timer_ns(vm_clock, cb, cpu);
-
- return timer;
-}
-
-static void cpu_timer_reset(CPUTimer *timer)
-{
- timer->disabled = 1;
- timer->clock_offset = qemu_get_clock_ns(vm_clock);
-
- qemu_del_timer(timer->qtimer);
-}
-
-static void main_cpu_reset(void *opaque)
-{
- ResetData *s = (ResetData *)opaque;
- CPUSPARCState *env = &s->cpu->env;
- static unsigned int nr_resets;
-
- cpu_reset(CPU(s->cpu));
-
- cpu_timer_reset(env->tick);
- cpu_timer_reset(env->stick);
- cpu_timer_reset(env->hstick);
-
- env->gregs[1] = 0; // Memory start
- env->gregs[2] = ram_size; // Memory size
- env->gregs[3] = 0; // Machine description XXX
- if (nr_resets++ == 0) {
- /* Power on reset */
- env->pc = s->prom_addr + 0x20ULL;
- } else {
- env->pc = s->prom_addr + 0x40ULL;
- }
- env->npc = env->pc + 4;
-}
-
-static void tick_irq(void *opaque)
-{
- SPARCCPU *cpu = opaque;
- CPUSPARCState *env = &cpu->env;
-
- CPUTimer* timer = env->tick;
-
- if (timer->disabled) {
- CPUIRQ_DPRINTF("tick_irq: softint disabled\n");
- return;
- } else {
- CPUIRQ_DPRINTF("tick: fire\n");
- }
-
- env->softint |= SOFTINT_TIMER;
- cpu_kick_irq(cpu);
-}
-
-static void stick_irq(void *opaque)
-{
- SPARCCPU *cpu = opaque;
- CPUSPARCState *env = &cpu->env;
-
- CPUTimer* timer = env->stick;
-
- if (timer->disabled) {
- CPUIRQ_DPRINTF("stick_irq: softint disabled\n");
- return;
- } else {
- CPUIRQ_DPRINTF("stick: fire\n");
- }
-
- env->softint |= SOFTINT_STIMER;
- cpu_kick_irq(cpu);
-}
-
-static void hstick_irq(void *opaque)
-{
- SPARCCPU *cpu = opaque;
- CPUSPARCState *env = &cpu->env;
-
- CPUTimer* timer = env->hstick;
-
- if (timer->disabled) {
- CPUIRQ_DPRINTF("hstick_irq: softint disabled\n");
- return;
- } else {
- CPUIRQ_DPRINTF("hstick: fire\n");
- }
-
- env->softint |= SOFTINT_STIMER;
- cpu_kick_irq(cpu);
-}
-
-static int64_t cpu_to_timer_ticks(int64_t cpu_ticks, uint32_t frequency)
-{
- return muldiv64(cpu_ticks, get_ticks_per_sec(), frequency);
-}
-
-static uint64_t timer_to_cpu_ticks(int64_t timer_ticks, uint32_t frequency)
-{
- return muldiv64(timer_ticks, frequency, get_ticks_per_sec());
-}
-
-void cpu_tick_set_count(CPUTimer *timer, uint64_t count)
-{
- uint64_t real_count = count & ~timer->disabled_mask;
- uint64_t disabled_bit = count & timer->disabled_mask;
-
- int64_t vm_clock_offset = qemu_get_clock_ns(vm_clock) -
- cpu_to_timer_ticks(real_count, timer->frequency);
-
- TIMER_DPRINTF("%s set_count count=0x%016lx (%s) p=%p\n",
- timer->name, real_count,
- timer->disabled?"disabled":"enabled", timer);
-
- timer->disabled = disabled_bit ? 1 : 0;
- timer->clock_offset = vm_clock_offset;
-}
-
-uint64_t cpu_tick_get_count(CPUTimer *timer)
-{
- uint64_t real_count = timer_to_cpu_ticks(
- qemu_get_clock_ns(vm_clock) - timer->clock_offset,
- timer->frequency);
-
- TIMER_DPRINTF("%s get_count count=0x%016lx (%s) p=%p\n",
- timer->name, real_count,
- timer->disabled?"disabled":"enabled", timer);
-
- if (timer->disabled)
- real_count |= timer->disabled_mask;
-
- return real_count;
-}
-
-void cpu_tick_set_limit(CPUTimer *timer, uint64_t limit)
-{
- int64_t now = qemu_get_clock_ns(vm_clock);
-
- uint64_t real_limit = limit & ~timer->disabled_mask;
- timer->disabled = (limit & timer->disabled_mask) ? 1 : 0;
-
- int64_t expires = cpu_to_timer_ticks(real_limit, timer->frequency) +
- timer->clock_offset;
-
- if (expires < now) {
- expires = now + 1;
- }
-
- TIMER_DPRINTF("%s set_limit limit=0x%016lx (%s) p=%p "
- "called with limit=0x%016lx at 0x%016lx (delta=0x%016lx)\n",
- timer->name, real_limit,
- timer->disabled?"disabled":"enabled",
- timer, limit,
- timer_to_cpu_ticks(now - timer->clock_offset,
- timer->frequency),
- timer_to_cpu_ticks(expires - now, timer->frequency));
-
- if (!real_limit) {
- TIMER_DPRINTF("%s set_limit limit=ZERO - not starting timer\n",
- timer->name);
- qemu_del_timer(timer->qtimer);
- } else if (timer->disabled) {
- qemu_del_timer(timer->qtimer);
- } else {
- qemu_mod_timer(timer->qtimer, expires);
- }
-}
-
-static void isa_irq_handler(void *opaque, int n, int level)
-{
- static const int isa_irq_to_ivec[16] = {
- [1] = 0x29, /* keyboard */
- [4] = 0x2b, /* serial */
- [6] = 0x27, /* floppy */
- [7] = 0x22, /* parallel */
- [12] = 0x2a, /* mouse */
- };
- qemu_irq *irqs = opaque;
- int ivec;
-
- assert(n < 16);
- ivec = isa_irq_to_ivec[n];
- EBUS_DPRINTF("Set ISA IRQ %d level %d -> ivec 0x%x\n", n, level, ivec);
- if (ivec) {
- qemu_set_irq(irqs[ivec], level);
- }
-}
-
-/* EBUS (Eight bit bus) bridge */
-static ISABus *
-pci_ebus_init(PCIBus *bus, int devfn, qemu_irq *irqs)
-{
- qemu_irq *isa_irq;
- PCIDevice *pci_dev;
- ISABus *isa_bus;
-
- pci_dev = pci_create_simple(bus, devfn, "ebus");
- isa_bus = DO_UPCAST(ISABus, qbus,
- qdev_get_child_bus(&pci_dev->qdev, "isa.0"));
- isa_irq = qemu_allocate_irqs(isa_irq_handler, irqs, 16);
- isa_bus_irqs(isa_bus, isa_irq);
- return isa_bus;
-}
-
-static int
-pci_ebus_init1(PCIDevice *pci_dev)
-{
- EbusState *s = DO_UPCAST(EbusState, pci_dev, pci_dev);
-
- isa_bus_new(&pci_dev->qdev, pci_address_space_io(pci_dev));
-
- pci_dev->config[0x04] = 0x06; // command = bus master, pci mem
- pci_dev->config[0x05] = 0x00;
- pci_dev->config[0x06] = 0xa0; // status = fast back-to-back, 66MHz, no error
- pci_dev->config[0x07] = 0x03; // status = medium devsel
- pci_dev->config[0x09] = 0x00; // programming i/f
- pci_dev->config[0x0D] = 0x0a; // latency_timer
-
- isa_mmio_setup(&s->bar0, 0x1000000);
- pci_register_bar(pci_dev, 0, PCI_BASE_ADDRESS_SPACE_MEMORY, &s->bar0);
- isa_mmio_setup(&s->bar1, 0x800000);
- pci_register_bar(pci_dev, 1, PCI_BASE_ADDRESS_SPACE_MEMORY, &s->bar1);
- return 0;
-}
-
-static void ebus_class_init(ObjectClass *klass, void *data)
-{
- PCIDeviceClass *k = PCI_DEVICE_CLASS(klass);
-
- k->init = pci_ebus_init1;
- k->vendor_id = PCI_VENDOR_ID_SUN;
- k->device_id = PCI_DEVICE_ID_SUN_EBUS;
- k->revision = 0x01;
- k->class_id = PCI_CLASS_BRIDGE_OTHER;
-}
-
-static TypeInfo ebus_info = {
- .name = "ebus",
- .parent = TYPE_PCI_DEVICE,
- .instance_size = sizeof(EbusState),
- .class_init = ebus_class_init,
-};
-
-typedef struct PROMState {
- SysBusDevice busdev;
- MemoryRegion prom;
-} PROMState;
-
-static uint64_t translate_prom_address(void *opaque, uint64_t addr)
-{
- hwaddr *base_addr = (hwaddr *)opaque;
- return addr + *base_addr - PROM_VADDR;
-}
-
-/* Boot PROM (OpenBIOS) */
-static void prom_init(hwaddr addr, const char *bios_name)
-{
- DeviceState *dev;
- SysBusDevice *s;
- char *filename;
- int ret;
-
- dev = qdev_create(NULL, "openprom");
- qdev_init_nofail(dev);
- s = sysbus_from_qdev(dev);
-
- sysbus_mmio_map(s, 0, addr);
-
- /* load boot prom */
- if (bios_name == NULL) {
- bios_name = PROM_FILENAME;
- }
- filename = qemu_find_file(QEMU_FILE_TYPE_BIOS, bios_name);
- if (filename) {
- ret = load_elf(filename, translate_prom_address, &addr,
- NULL, NULL, NULL, 1, ELF_MACHINE, 0);
- if (ret < 0 || ret > PROM_SIZE_MAX) {
- ret = load_image_targphys(filename, addr, PROM_SIZE_MAX);
- }
- g_free(filename);
- } else {
- ret = -1;
- }
- if (ret < 0 || ret > PROM_SIZE_MAX) {
- fprintf(stderr, "qemu: could not load prom '%s'\n", bios_name);
- exit(1);
- }
-}
-
-static int prom_init1(SysBusDevice *dev)
-{
- PROMState *s = FROM_SYSBUS(PROMState, dev);
-
- memory_region_init_ram(&s->prom, "sun4u.prom", PROM_SIZE_MAX);
- vmstate_register_ram_global(&s->prom);
- memory_region_set_readonly(&s->prom, true);
- sysbus_init_mmio(dev, &s->prom);
- return 0;
-}
-
-static Property prom_properties[] = {
- {/* end of property list */},
-};
-
-static void prom_class_init(ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS(klass);
- SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
-
- k->init = prom_init1;
- dc->props = prom_properties;
-}
-
-static TypeInfo prom_info = {
- .name = "openprom",
- .parent = TYPE_SYS_BUS_DEVICE,
- .instance_size = sizeof(PROMState),
- .class_init = prom_class_init,
-};
-
-
-typedef struct RamDevice
-{
- SysBusDevice busdev;
- MemoryRegion ram;
- uint64_t size;
-} RamDevice;
-
-/* System RAM */
-static int ram_init1(SysBusDevice *dev)
-{
- RamDevice *d = FROM_SYSBUS(RamDevice, dev);
-
- memory_region_init_ram(&d->ram, "sun4u.ram", d->size);
- vmstate_register_ram_global(&d->ram);
- sysbus_init_mmio(dev, &d->ram);
- return 0;
-}
-
-static void ram_init(hwaddr addr, ram_addr_t RAM_size)
-{
- DeviceState *dev;
- SysBusDevice *s;
- RamDevice *d;
-
- /* allocate RAM */
- dev = qdev_create(NULL, "memory");
- s = sysbus_from_qdev(dev);
-
- d = FROM_SYSBUS(RamDevice, s);
- d->size = RAM_size;
- qdev_init_nofail(dev);
-
- sysbus_mmio_map(s, 0, addr);
-}
-
-static Property ram_properties[] = {
- DEFINE_PROP_UINT64("size", RamDevice, size, 0),
- DEFINE_PROP_END_OF_LIST(),
-};
-
-static void ram_class_init(ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS(klass);
- SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
-
- k->init = ram_init1;
- dc->props = ram_properties;
-}
-
-static TypeInfo ram_info = {
- .name = "memory",
- .parent = TYPE_SYS_BUS_DEVICE,
- .instance_size = sizeof(RamDevice),
- .class_init = ram_class_init,
-};
-
-static SPARCCPU *cpu_devinit(const char *cpu_model, const struct hwdef *hwdef)
-{
- SPARCCPU *cpu;
- CPUSPARCState *env;
- ResetData *reset_info;
-
- uint32_t tick_frequency = 100*1000000;
- uint32_t stick_frequency = 100*1000000;
- uint32_t hstick_frequency = 100*1000000;
-
- if (cpu_model == NULL) {
- cpu_model = hwdef->default_cpu_model;
- }
- cpu = cpu_sparc_init(cpu_model);
- if (cpu == NULL) {
- fprintf(stderr, "Unable to find Sparc CPU definition\n");
- exit(1);
- }
- env = &cpu->env;
-
- env->tick = cpu_timer_create("tick", cpu, tick_irq,
- tick_frequency, TICK_NPT_MASK);
-
- env->stick = cpu_timer_create("stick", cpu, stick_irq,
- stick_frequency, TICK_INT_DIS);
-
- env->hstick = cpu_timer_create("hstick", cpu, hstick_irq,
- hstick_frequency, TICK_INT_DIS);
-
- reset_info = g_malloc0(sizeof(ResetData));
- reset_info->cpu = cpu;
- reset_info->prom_addr = hwdef->prom_addr;
- qemu_register_reset(main_cpu_reset, reset_info);
-
- return cpu;
-}
-
-static void sun4uv_init(MemoryRegion *address_space_mem,
- ram_addr_t RAM_size,
- const char *boot_devices,
- const char *kernel_filename, const char *kernel_cmdline,
- const char *initrd_filename, const char *cpu_model,
- const struct hwdef *hwdef)
-{
- SPARCCPU *cpu;
- M48t59State *nvram;
- unsigned int i;
- uint64_t initrd_addr, initrd_size, kernel_addr, kernel_size, kernel_entry;
- PCIBus *pci_bus, *pci_bus2, *pci_bus3;
- ISABus *isa_bus;
- qemu_irq *ivec_irqs, *pbm_irqs;
- DriveInfo *hd[MAX_IDE_BUS * MAX_IDE_DEVS];
- DriveInfo *fd[MAX_FD];
- void *fw_cfg;
-
- /* init CPUs */
- cpu = cpu_devinit(cpu_model, hwdef);
-
- /* set up devices */
- ram_init(0, RAM_size);
-
- prom_init(hwdef->prom_addr, bios_name);
-
- ivec_irqs = qemu_allocate_irqs(cpu_set_ivec_irq, cpu, IVEC_MAX);
- pci_bus = pci_apb_init(APB_SPECIAL_BASE, APB_MEM_BASE, ivec_irqs, &pci_bus2,
- &pci_bus3, &pbm_irqs);
- pci_vga_init(pci_bus);
-
- // XXX Should be pci_bus3
- isa_bus = pci_ebus_init(pci_bus, -1, pbm_irqs);
-
- i = 0;
- if (hwdef->console_serial_base) {
- serial_mm_init(address_space_mem, hwdef->console_serial_base, 0,
- NULL, 115200, serial_hds[i], DEVICE_BIG_ENDIAN);
- i++;
- }
- for(; i < MAX_SERIAL_PORTS; i++) {
- if (serial_hds[i]) {
- serial_isa_init(isa_bus, i, serial_hds[i]);
- }
- }
-
- for(i = 0; i < MAX_PARALLEL_PORTS; i++) {
- if (parallel_hds[i]) {
- parallel_init(isa_bus, i, parallel_hds[i]);
- }
- }
-
- for(i = 0; i < nb_nics; i++)
- pci_nic_init_nofail(&nd_table[i], "ne2k_pci", NULL);
-
- ide_drive_get(hd, MAX_IDE_BUS);
-
- pci_cmd646_ide_init(pci_bus, hd, 1);
-
- isa_create_simple(isa_bus, "i8042");
- for(i = 0; i < MAX_FD; i++) {
- fd[i] = drive_get(IF_FLOPPY, 0, i);
- }
- fdctrl_init_isa(isa_bus, fd);
- nvram = m48t59_init_isa(isa_bus, 0x0074, NVRAM_SIZE, 59);
-
- initrd_size = 0;
- initrd_addr = 0;
- kernel_size = sun4u_load_kernel(kernel_filename, initrd_filename,
- ram_size, &initrd_size, &initrd_addr,
- &kernel_addr, &kernel_entry);
-
- sun4u_NVRAM_set_params(nvram, NVRAM_SIZE, "Sun4u", RAM_size, boot_devices,
- kernel_addr, kernel_size,
- kernel_cmdline,
- initrd_addr, initrd_size,
- /* XXX: need an option to load a NVRAM image */
- 0,
- graphic_width, graphic_height, graphic_depth,
- (uint8_t *)&nd_table[0].macaddr);
-
- fw_cfg = fw_cfg_init(BIOS_CFG_IOPORT, BIOS_CFG_IOPORT + 1, 0, 0);
- fw_cfg_add_i32(fw_cfg, FW_CFG_ID, 1);
- fw_cfg_add_i64(fw_cfg, FW_CFG_RAM_SIZE, (uint64_t)ram_size);
- fw_cfg_add_i16(fw_cfg, FW_CFG_MACHINE_ID, hwdef->machine_id);
- fw_cfg_add_i64(fw_cfg, FW_CFG_KERNEL_ADDR, kernel_entry);
- fw_cfg_add_i64(fw_cfg, FW_CFG_KERNEL_SIZE, kernel_size);
- if (kernel_cmdline) {
- fw_cfg_add_i32(fw_cfg, FW_CFG_CMDLINE_SIZE,
- strlen(kernel_cmdline) + 1);
- fw_cfg_add_bytes(fw_cfg, FW_CFG_CMDLINE_DATA,
- (uint8_t*)strdup(kernel_cmdline),
- strlen(kernel_cmdline) + 1);
- } else {
- fw_cfg_add_i32(fw_cfg, FW_CFG_CMDLINE_SIZE, 0);
- }
- fw_cfg_add_i64(fw_cfg, FW_CFG_INITRD_ADDR, initrd_addr);
- fw_cfg_add_i64(fw_cfg, FW_CFG_INITRD_SIZE, initrd_size);
- fw_cfg_add_i16(fw_cfg, FW_CFG_BOOT_DEVICE, boot_devices[0]);
-
- fw_cfg_add_i16(fw_cfg, FW_CFG_SPARC64_WIDTH, graphic_width);
- fw_cfg_add_i16(fw_cfg, FW_CFG_SPARC64_HEIGHT, graphic_height);
- fw_cfg_add_i16(fw_cfg, FW_CFG_SPARC64_DEPTH, graphic_depth);
-
- qemu_register_boot_set(fw_cfg_boot_set, fw_cfg);
-}
-
-enum {
- sun4u_id = 0,
- sun4v_id = 64,
- niagara_id,
-};
-
-static const struct hwdef hwdefs[] = {
- /* Sun4u generic PC-like machine */
- {
- .default_cpu_model = "TI UltraSparc IIi",
- .machine_id = sun4u_id,
- .prom_addr = 0x1fff0000000ULL,
- .console_serial_base = 0,
- },
- /* Sun4v generic PC-like machine */
- {
- .default_cpu_model = "Sun UltraSparc T1",
- .machine_id = sun4v_id,
- .prom_addr = 0x1fff0000000ULL,
- .console_serial_base = 0,
- },
- /* Sun4v generic Niagara machine */
- {
- .default_cpu_model = "Sun UltraSparc T1",
- .machine_id = niagara_id,
- .prom_addr = 0xfff0000000ULL,
- .console_serial_base = 0xfff0c2c000ULL,
- },
-};
-
-/* Sun4u hardware initialisation */
-static void sun4u_init(QEMUMachineInitArgs *args)
-{
- ram_addr_t RAM_size = args->ram_size;
- const char *cpu_model = args->cpu_model;
- const char *kernel_filename = args->kernel_filename;
- const char *kernel_cmdline = args->kernel_cmdline;
- const char *initrd_filename = args->initrd_filename;
- const char *boot_devices = args->boot_device;
- sun4uv_init(get_system_memory(), RAM_size, boot_devices, kernel_filename,
- kernel_cmdline, initrd_filename, cpu_model, &hwdefs[0]);
-}
-
-/* Sun4v hardware initialisation */
-static void sun4v_init(QEMUMachineInitArgs *args)
-{
- ram_addr_t RAM_size = args->ram_size;
- const char *cpu_model = args->cpu_model;
- const char *kernel_filename = args->kernel_filename;
- const char *kernel_cmdline = args->kernel_cmdline;
- const char *initrd_filename = args->initrd_filename;
- const char *boot_devices = args->boot_device;
- sun4uv_init(get_system_memory(), RAM_size, boot_devices, kernel_filename,
- kernel_cmdline, initrd_filename, cpu_model, &hwdefs[1]);
-}
-
-/* Niagara hardware initialisation */
-static void niagara_init(QEMUMachineInitArgs *args)
-{
- ram_addr_t RAM_size = args->ram_size;
- const char *cpu_model = args->cpu_model;
- const char *kernel_filename = args->kernel_filename;
- const char *kernel_cmdline = args->kernel_cmdline;
- const char *initrd_filename = args->initrd_filename;
- const char *boot_devices = args->boot_device;
- sun4uv_init(get_system_memory(), RAM_size, boot_devices, kernel_filename,
- kernel_cmdline, initrd_filename, cpu_model, &hwdefs[2]);
-}
-
-static QEMUMachine sun4u_machine = {
- .name = "sun4u",
- .desc = "Sun4u platform",
- .init = sun4u_init,
- .max_cpus = 1, // XXX for now
- .is_default = 1,
-};
-
-static QEMUMachine sun4v_machine = {
- .name = "sun4v",
- .desc = "Sun4v platform",
- .init = sun4v_init,
- .max_cpus = 1, // XXX for now
-};
-
-static QEMUMachine niagara_machine = {
- .name = "Niagara",
- .desc = "Sun4v platform, Niagara",
- .init = niagara_init,
- .max_cpus = 1, // XXX for now
-};
-
-static void sun4u_register_types(void)
-{
- type_register_static(&ebus_info);
- type_register_static(&prom_info);
- type_register_static(&ram_info);
-}
-
-static void sun4u_machine_init(void)
-{
- qemu_register_machine(&sun4u_machine);
- qemu_register_machine(&sun4v_machine);
- qemu_register_machine(&niagara_machine);
-}
-
-type_init(sun4u_register_types)
-machine_init(sun4u_machine_init);
diff --git a/hw/sysbus.c b/hw/sysbus.c
deleted file mode 100644
index ef8ffb660..000000000
--- a/hw/sysbus.c
+++ /dev/null
@@ -1,297 +0,0 @@
-/*
- * System (CPU) Bus device support code
- *
- * Copyright (c) 2009 CodeSourcery
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, see <http://www.gnu.org/licenses/>.
- */
-
-#include "sysbus.h"
-#include "monitor.h"
-#include "exec-memory.h"
-
-static void sysbus_dev_print(Monitor *mon, DeviceState *dev, int indent);
-static char *sysbus_get_fw_dev_path(DeviceState *dev);
-
-static void system_bus_class_init(ObjectClass *klass, void *data)
-{
- BusClass *k = BUS_CLASS(klass);
-
- k->print_dev = sysbus_dev_print;
- k->get_fw_dev_path = sysbus_get_fw_dev_path;
-}
-
-static const TypeInfo system_bus_info = {
- .name = TYPE_SYSTEM_BUS,
- .parent = TYPE_BUS,
- .instance_size = sizeof(BusState),
- .class_init = system_bus_class_init,
-};
-
-void sysbus_connect_irq(SysBusDevice *dev, int n, qemu_irq irq)
-{
- assert(n >= 0 && n < dev->num_irq);
- dev->irqs[n] = NULL;
- if (dev->irqp[n]) {
- *dev->irqp[n] = irq;
- }
-}
-
-void sysbus_mmio_map(SysBusDevice *dev, int n, hwaddr addr)
-{
- assert(n >= 0 && n < dev->num_mmio);
-
- if (dev->mmio[n].addr == addr) {
- /* ??? region already mapped here. */
- return;
- }
- if (dev->mmio[n].addr != (hwaddr)-1) {
- /* Unregister previous mapping. */
- memory_region_del_subregion(get_system_memory(), dev->mmio[n].memory);
- }
- dev->mmio[n].addr = addr;
- memory_region_add_subregion(get_system_memory(),
- addr,
- dev->mmio[n].memory);
-}
-
-
-/* Request an IRQ source. The actual IRQ object may be populated later. */
-void sysbus_init_irq(SysBusDevice *dev, qemu_irq *p)
-{
- int n;
-
- assert(dev->num_irq < QDEV_MAX_IRQ);
- n = dev->num_irq++;
- dev->irqp[n] = p;
-}
-
-/* Pass IRQs from a target device. */
-void sysbus_pass_irq(SysBusDevice *dev, SysBusDevice *target)
-{
- int i;
- assert(dev->num_irq == 0);
- dev->num_irq = target->num_irq;
- for (i = 0; i < dev->num_irq; i++) {
- dev->irqp[i] = target->irqp[i];
- }
-}
-
-void sysbus_init_mmio(SysBusDevice *dev, MemoryRegion *memory)
-{
- int n;
-
- assert(dev->num_mmio < QDEV_MAX_MMIO);
- n = dev->num_mmio++;
- dev->mmio[n].addr = -1;
- dev->mmio[n].memory = memory;
-}
-
-MemoryRegion *sysbus_mmio_get_region(SysBusDevice *dev, int n)
-{
- return dev->mmio[n].memory;
-}
-
-void sysbus_init_ioports(SysBusDevice *dev, pio_addr_t ioport, pio_addr_t size)
-{
- pio_addr_t i;
-
- for (i = 0; i < size; i++) {
- assert(dev->num_pio < QDEV_MAX_PIO);
- dev->pio[dev->num_pio++] = ioport++;
- }
-}
-
-static int sysbus_device_init(DeviceState *dev)
-{
- SysBusDevice *sd = SYS_BUS_DEVICE(dev);
- SysBusDeviceClass *sbc = SYS_BUS_DEVICE_GET_CLASS(sd);
-
- return sbc->init(sd);
-}
-
-DeviceState *sysbus_create_varargs(const char *name,
- hwaddr addr, ...)
-{
- DeviceState *dev;
- SysBusDevice *s;
- va_list va;
- qemu_irq irq;
- int n;
-
- dev = qdev_create(NULL, name);
- s = sysbus_from_qdev(dev);
- qdev_init_nofail(dev);
- if (addr != (hwaddr)-1) {
- sysbus_mmio_map(s, 0, addr);
- }
- va_start(va, addr);
- n = 0;
- while (1) {
- irq = va_arg(va, qemu_irq);
- if (!irq) {
- break;
- }
- sysbus_connect_irq(s, n, irq);
- n++;
- }
- va_end(va);
- return dev;
-}
-
-DeviceState *sysbus_try_create_varargs(const char *name,
- hwaddr addr, ...)
-{
- DeviceState *dev;
- SysBusDevice *s;
- va_list va;
- qemu_irq irq;
- int n;
-
- dev = qdev_try_create(NULL, name);
- if (!dev) {
- return NULL;
- }
- s = sysbus_from_qdev(dev);
- qdev_init_nofail(dev);
- if (addr != (hwaddr)-1) {
- sysbus_mmio_map(s, 0, addr);
- }
- va_start(va, addr);
- n = 0;
- while (1) {
- irq = va_arg(va, qemu_irq);
- if (!irq) {
- break;
- }
- sysbus_connect_irq(s, n, irq);
- n++;
- }
- va_end(va);
- return dev;
-}
-
-static void sysbus_dev_print(Monitor *mon, DeviceState *dev, int indent)
-{
- SysBusDevice *s = sysbus_from_qdev(dev);
- hwaddr size;
- int i;
-
- monitor_printf(mon, "%*sirq %d\n", indent, "", s->num_irq);
- for (i = 0; i < s->num_mmio; i++) {
- size = memory_region_size(s->mmio[i].memory);
- monitor_printf(mon, "%*smmio " TARGET_FMT_plx "/" TARGET_FMT_plx "\n",
- indent, "", s->mmio[i].addr, size);
- }
-}
-
-static char *sysbus_get_fw_dev_path(DeviceState *dev)
-{
- SysBusDevice *s = sysbus_from_qdev(dev);
- char path[40];
- int off;
-
- off = snprintf(path, sizeof(path), "%s", qdev_fw_name(dev));
-
- if (s->num_mmio) {
- snprintf(path + off, sizeof(path) - off, "@"TARGET_FMT_plx,
- s->mmio[0].addr);
- } else if (s->num_pio) {
- snprintf(path + off, sizeof(path) - off, "@i%04x", s->pio[0]);
- }
-
- return g_strdup(path);
-}
-
-void sysbus_add_memory(SysBusDevice *dev, hwaddr addr,
- MemoryRegion *mem)
-{
- memory_region_add_subregion(get_system_memory(), addr, mem);
-}
-
-void sysbus_add_memory_overlap(SysBusDevice *dev, hwaddr addr,
- MemoryRegion *mem, unsigned priority)
-{
- memory_region_add_subregion_overlap(get_system_memory(), addr, mem,
- priority);
-}
-
-void sysbus_del_memory(SysBusDevice *dev, MemoryRegion *mem)
-{
- memory_region_del_subregion(get_system_memory(), mem);
-}
-
-void sysbus_add_io(SysBusDevice *dev, hwaddr addr,
- MemoryRegion *mem)
-{
- memory_region_add_subregion(get_system_io(), addr, mem);
-}
-
-void sysbus_del_io(SysBusDevice *dev, MemoryRegion *mem)
-{
- memory_region_del_subregion(get_system_io(), mem);
-}
-
-MemoryRegion *sysbus_address_space(SysBusDevice *dev)
-{
- return get_system_memory();
-}
-
-static void sysbus_device_class_init(ObjectClass *klass, void *data)
-{
- DeviceClass *k = DEVICE_CLASS(klass);
- k->init = sysbus_device_init;
- k->bus_type = TYPE_SYSTEM_BUS;
-}
-
-static TypeInfo sysbus_device_type_info = {
- .name = TYPE_SYS_BUS_DEVICE,
- .parent = TYPE_DEVICE,
- .instance_size = sizeof(SysBusDevice),
- .abstract = true,
- .class_size = sizeof(SysBusDeviceClass),
- .class_init = sysbus_device_class_init,
-};
-
-/* This is a nasty hack to allow passing a NULL bus to qdev_create. */
-static BusState *main_system_bus;
-
-static void main_system_bus_create(void)
-{
- /* assign main_system_bus before qbus_create_inplace()
- * in order to make "if (bus != sysbus_get_default())" work */
- main_system_bus = g_malloc0(system_bus_info.instance_size);
- qbus_create_inplace(main_system_bus, TYPE_SYSTEM_BUS, NULL,
- "main-system-bus");
- OBJECT(main_system_bus)->free = g_free;
- object_property_add_child(container_get(qdev_get_machine(),
- "/unattached"),
- "sysbus", OBJECT(main_system_bus), NULL);
-}
-
-BusState *sysbus_get_default(void)
-{
- if (!main_system_bus) {
- main_system_bus_create();
- }
- return main_system_bus;
-}
-
-static void sysbus_register_types(void)
-{
- type_register_static(&system_bus_info);
- type_register_static(&sysbus_device_type_info);
-}
-
-type_init(sysbus_register_types)
diff --git a/hw/sysbus.h b/hw/sysbus.h
deleted file mode 100644
index e58baaae3..000000000
--- a/hw/sysbus.h
+++ /dev/null
@@ -1,89 +0,0 @@
-#ifndef HW_SYSBUS_H
-#define HW_SYSBUS_H 1
-
-/* Devices attached directly to the main system bus. */
-
-#include "qdev.h"
-#include "memory.h"
-
-#define QDEV_MAX_MMIO 32
-#define QDEV_MAX_PIO 32
-#define QDEV_MAX_IRQ 512
-
-#define TYPE_SYSTEM_BUS "System"
-#define SYSTEM_BUS(obj) OBJECT_CHECK(IDEBus, (obj), TYPE_IDE_BUS)
-
-typedef struct SysBusDevice SysBusDevice;
-
-#define TYPE_SYS_BUS_DEVICE "sys-bus-device"
-#define SYS_BUS_DEVICE(obj) \
- OBJECT_CHECK(SysBusDevice, (obj), TYPE_SYS_BUS_DEVICE)
-#define SYS_BUS_DEVICE_CLASS(klass) \
- OBJECT_CLASS_CHECK(SysBusDeviceClass, (klass), TYPE_SYS_BUS_DEVICE)
-#define SYS_BUS_DEVICE_GET_CLASS(obj) \
- OBJECT_GET_CLASS(SysBusDeviceClass, (obj), TYPE_SYS_BUS_DEVICE)
-
-typedef struct SysBusDeviceClass {
- DeviceClass parent_class;
-
- int (*init)(SysBusDevice *dev);
-} SysBusDeviceClass;
-
-struct SysBusDevice {
- DeviceState qdev;
- int num_irq;
- qemu_irq irqs[QDEV_MAX_IRQ];
- qemu_irq *irqp[QDEV_MAX_IRQ];
- int num_mmio;
- struct {
- hwaddr addr;
- MemoryRegion *memory;
- } mmio[QDEV_MAX_MMIO];
- int num_pio;
- pio_addr_t pio[QDEV_MAX_PIO];
-};
-
-/* Macros to compensate for lack of type inheritance in C. */
-#define sysbus_from_qdev(dev) ((SysBusDevice *)(dev))
-#define FROM_SYSBUS(type, dev) DO_UPCAST(type, busdev, dev)
-
-void *sysbus_new(void);
-void sysbus_init_mmio(SysBusDevice *dev, MemoryRegion *memory);
-MemoryRegion *sysbus_mmio_get_region(SysBusDevice *dev, int n);
-void sysbus_init_irq(SysBusDevice *dev, qemu_irq *p);
-void sysbus_pass_irq(SysBusDevice *dev, SysBusDevice *target);
-void sysbus_init_ioports(SysBusDevice *dev, pio_addr_t ioport, pio_addr_t size);
-
-
-void sysbus_connect_irq(SysBusDevice *dev, int n, qemu_irq irq);
-void sysbus_mmio_map(SysBusDevice *dev, int n, hwaddr addr);
-void sysbus_add_memory(SysBusDevice *dev, hwaddr addr,
- MemoryRegion *mem);
-void sysbus_add_memory_overlap(SysBusDevice *dev, hwaddr addr,
- MemoryRegion *mem, unsigned priority);
-void sysbus_del_memory(SysBusDevice *dev, MemoryRegion *mem);
-void sysbus_add_io(SysBusDevice *dev, hwaddr addr,
- MemoryRegion *mem);
-void sysbus_del_io(SysBusDevice *dev, MemoryRegion *mem);
-MemoryRegion *sysbus_address_space(SysBusDevice *dev);
-
-/* Legacy helper function for creating devices. */
-DeviceState *sysbus_create_varargs(const char *name,
- hwaddr addr, ...);
-DeviceState *sysbus_try_create_varargs(const char *name,
- hwaddr addr, ...);
-static inline DeviceState *sysbus_create_simple(const char *name,
- hwaddr addr,
- qemu_irq irq)
-{
- return sysbus_create_varargs(name, addr, irq, NULL);
-}
-
-static inline DeviceState *sysbus_try_create_simple(const char *name,
- hwaddr addr,
- qemu_irq irq)
-{
- return sysbus_try_create_varargs(name, addr, irq, NULL);
-}
-
-#endif /* !HW_SYSBUS_H */
diff --git a/hw/tc58128.c b/hw/tc58128.c
deleted file mode 100644
index 4ce80b18f..000000000
--- a/hw/tc58128.c
+++ /dev/null
@@ -1,178 +0,0 @@
-#include "hw.h"
-#include "sh.h"
-#include "loader.h"
-
-#define CE1 0x0100
-#define CE2 0x0200
-#define RE 0x0400
-#define WE 0x0800
-#define ALE 0x1000
-#define CLE 0x2000
-#define RDY1 0x4000
-#define RDY2 0x8000
-#define RDY(n) ((n) == 0 ? RDY1 : RDY2)
-
-typedef enum { WAIT, READ1, READ2, READ3 } state_t;
-
-typedef struct {
- uint8_t *flash_contents;
- state_t state;
- uint32_t address;
- uint8_t address_cycle;
-} tc58128_dev;
-
-static tc58128_dev tc58128_devs[2];
-
-#define FLASH_SIZE (16*1024*1024)
-
-static void init_dev(tc58128_dev * dev, const char *filename)
-{
- int ret, blocks;
-
- dev->state = WAIT;
- dev->flash_contents = g_malloc(FLASH_SIZE);
- memset(dev->flash_contents, 0xff, FLASH_SIZE);
- if (filename) {
- /* Load flash image skipping the first block */
- ret = load_image(filename, dev->flash_contents + 528 * 32);
- if (ret < 0) {
- fprintf(stderr, "ret=%d\n", ret);
- fprintf(stderr, "qemu: could not load flash image %s\n",
- filename);
- exit(1);
- } else {
- /* Build first block with number of blocks */
- blocks = (ret + 528 * 32 - 1) / (528 * 32);
- dev->flash_contents[0] = blocks & 0xff;
- dev->flash_contents[1] = (blocks >> 8) & 0xff;
- dev->flash_contents[2] = (blocks >> 16) & 0xff;
- dev->flash_contents[3] = (blocks >> 24) & 0xff;
- fprintf(stderr, "loaded %d bytes for %s into flash\n", ret,
- filename);
- }
- }
-}
-
-static void handle_command(tc58128_dev * dev, uint8_t command)
-{
- switch (command) {
- case 0xff:
- fprintf(stderr, "reset flash device\n");
- dev->state = WAIT;
- break;
- case 0x00:
- fprintf(stderr, "read mode 1\n");
- dev->state = READ1;
- dev->address_cycle = 0;
- break;
- case 0x01:
- fprintf(stderr, "read mode 2\n");
- dev->state = READ2;
- dev->address_cycle = 0;
- break;
- case 0x50:
- fprintf(stderr, "read mode 3\n");
- dev->state = READ3;
- dev->address_cycle = 0;
- break;
- default:
- fprintf(stderr, "unknown flash command 0x%02x\n", command);
- abort();
- }
-}
-
-static void handle_address(tc58128_dev * dev, uint8_t data)
-{
- switch (dev->state) {
- case READ1:
- case READ2:
- case READ3:
- switch (dev->address_cycle) {
- case 0:
- dev->address = data;
- if (dev->state == READ2)
- dev->address |= 0x100;
- else if (dev->state == READ3)
- dev->address |= 0x200;
- break;
- case 1:
- dev->address += data * 528 * 0x100;
- break;
- case 2:
- dev->address += data * 528;
- fprintf(stderr, "address pointer in flash: 0x%08x\n",
- dev->address);
- break;
- default:
- /* Invalid data */
- abort();
- }
- dev->address_cycle++;
- break;
- default:
- abort();
- }
-}
-
-static uint8_t handle_read(tc58128_dev * dev)
-{
-#if 0
- if (dev->address % 0x100000 == 0)
- fprintf(stderr, "reading flash at address 0x%08x\n", dev->address);
-#endif
- return dev->flash_contents[dev->address++];
-}
-
-/* We never mark the device as busy, so interrupts cannot be triggered
- XXXXX */
-
-static int tc58128_cb(uint16_t porta, uint16_t portb,
- uint16_t * periph_pdtra, uint16_t * periph_portadir,
- uint16_t * periph_pdtrb, uint16_t * periph_portbdir)
-{
- int dev;
-
- if ((porta & CE1) == 0)
- dev = 0;
- else if ((porta & CE2) == 0)
- dev = 1;
- else
- return 0; /* No device selected */
-
- if ((porta & RE) && (porta & WE)) {
- /* Nothing to do, assert ready and return to input state */
- *periph_portadir &= 0xff00;
- *periph_portadir |= RDY(dev);
- *periph_pdtra |= RDY(dev);
- return 1;
- }
-
- if (porta & CLE) {
- /* Command */
- assert((porta & WE) == 0);
- handle_command(&tc58128_devs[dev], porta & 0x00ff);
- } else if (porta & ALE) {
- assert((porta & WE) == 0);
- handle_address(&tc58128_devs[dev], porta & 0x00ff);
- } else if ((porta & RE) == 0) {
- *periph_portadir |= 0x00ff;
- *periph_pdtra &= 0xff00;
- *periph_pdtra |= handle_read(&tc58128_devs[dev]);
- } else {
- abort();
- }
- return 1;
-}
-
-static sh7750_io_device tc58128 = {
- RE | WE, /* Port A triggers */
- 0, /* Port B triggers */
- tc58128_cb /* Callback */
-};
-
-int tc58128_init(struct SH7750State *s, const char *zone1, const char *zone2)
-{
- init_dev(&tc58128_devs[0], zone1);
- init_dev(&tc58128_devs[1], zone2);
- return sh7750_register_io_device(s, &tc58128);
-}
diff --git a/hw/tc6393xb.c b/hw/tc6393xb.c
deleted file mode 100644
index f0320271d..000000000
--- a/hw/tc6393xb.c
+++ /dev/null
@@ -1,587 +0,0 @@
-/*
- * Toshiba TC6393XB I/O Controller.
- * Found in Sharp Zaurus SL-6000 (tosa) or some
- * Toshiba e-Series PDAs.
- *
- * Most features are currently unsupported!!!
- *
- * This code is licensed under the GNU GPL v2.
- *
- * Contributions after 2012-01-13 are licensed under the terms of the
- * GNU GPL, version 2 or (at your option) any later version.
- */
-#include "hw.h"
-#include "devices.h"
-#include "flash.h"
-#include "console.h"
-#include "pixel_ops.h"
-#include "blockdev.h"
-
-#define IRQ_TC6393_NAND 0
-#define IRQ_TC6393_MMC 1
-#define IRQ_TC6393_OHCI 2
-#define IRQ_TC6393_SERIAL 3
-#define IRQ_TC6393_FB 4
-
-#define TC6393XB_NR_IRQS 8
-
-#define TC6393XB_GPIOS 16
-
-#define SCR_REVID 0x08 /* b Revision ID */
-#define SCR_ISR 0x50 /* b Interrupt Status */
-#define SCR_IMR 0x52 /* b Interrupt Mask */
-#define SCR_IRR 0x54 /* b Interrupt Routing */
-#define SCR_GPER 0x60 /* w GP Enable */
-#define SCR_GPI_SR(i) (0x64 + (i)) /* b3 GPI Status */
-#define SCR_GPI_IMR(i) (0x68 + (i)) /* b3 GPI INT Mask */
-#define SCR_GPI_EDER(i) (0x6c + (i)) /* b3 GPI Edge Detect Enable */
-#define SCR_GPI_LIR(i) (0x70 + (i)) /* b3 GPI Level Invert */
-#define SCR_GPO_DSR(i) (0x78 + (i)) /* b3 GPO Data Set */
-#define SCR_GPO_DOECR(i) (0x7c + (i)) /* b3 GPO Data OE Control */
-#define SCR_GP_IARCR(i) (0x80 + (i)) /* b3 GP Internal Active Register Control */
-#define SCR_GP_IARLCR(i) (0x84 + (i)) /* b3 GP INTERNAL Active Register Level Control */
-#define SCR_GPI_BCR(i) (0x88 + (i)) /* b3 GPI Buffer Control */
-#define SCR_GPA_IARCR 0x8c /* w GPa Internal Active Register Control */
-#define SCR_GPA_IARLCR 0x90 /* w GPa Internal Active Register Level Control */
-#define SCR_GPA_BCR 0x94 /* w GPa Buffer Control */
-#define SCR_CCR 0x98 /* w Clock Control */
-#define SCR_PLL2CR 0x9a /* w PLL2 Control */
-#define SCR_PLL1CR 0x9c /* l PLL1 Control */
-#define SCR_DIARCR 0xa0 /* b Device Internal Active Register Control */
-#define SCR_DBOCR 0xa1 /* b Device Buffer Off Control */
-#define SCR_FER 0xe0 /* b Function Enable */
-#define SCR_MCR 0xe4 /* w Mode Control */
-#define SCR_CONFIG 0xfc /* b Configuration Control */
-#define SCR_DEBUG 0xff /* b Debug */
-
-#define NAND_CFG_COMMAND 0x04 /* w Command */
-#define NAND_CFG_BASE 0x10 /* l Control Base Address */
-#define NAND_CFG_INTP 0x3d /* b Interrupt Pin */
-#define NAND_CFG_INTE 0x48 /* b Int Enable */
-#define NAND_CFG_EC 0x4a /* b Event Control */
-#define NAND_CFG_ICC 0x4c /* b Internal Clock Control */
-#define NAND_CFG_ECCC 0x5b /* b ECC Control */
-#define NAND_CFG_NFTC 0x60 /* b NAND Flash Transaction Control */
-#define NAND_CFG_NFM 0x61 /* b NAND Flash Monitor */
-#define NAND_CFG_NFPSC 0x62 /* b NAND Flash Power Supply Control */
-#define NAND_CFG_NFDC 0x63 /* b NAND Flash Detect Control */
-
-#define NAND_DATA 0x00 /* l Data */
-#define NAND_MODE 0x04 /* b Mode */
-#define NAND_STATUS 0x05 /* b Status */
-#define NAND_ISR 0x06 /* b Interrupt Status */
-#define NAND_IMR 0x07 /* b Interrupt Mask */
-
-#define NAND_MODE_WP 0x80
-#define NAND_MODE_CE 0x10
-#define NAND_MODE_ALE 0x02
-#define NAND_MODE_CLE 0x01
-#define NAND_MODE_ECC_MASK 0x60
-#define NAND_MODE_ECC_EN 0x20
-#define NAND_MODE_ECC_READ 0x40
-#define NAND_MODE_ECC_RST 0x60
-
-struct TC6393xbState {
- MemoryRegion iomem;
- qemu_irq irq;
- qemu_irq *sub_irqs;
- struct {
- uint8_t ISR;
- uint8_t IMR;
- uint8_t IRR;
- uint16_t GPER;
- uint8_t GPI_SR[3];
- uint8_t GPI_IMR[3];
- uint8_t GPI_EDER[3];
- uint8_t GPI_LIR[3];
- uint8_t GP_IARCR[3];
- uint8_t GP_IARLCR[3];
- uint8_t GPI_BCR[3];
- uint16_t GPA_IARCR;
- uint16_t GPA_IARLCR;
- uint16_t CCR;
- uint16_t PLL2CR;
- uint32_t PLL1CR;
- uint8_t DIARCR;
- uint8_t DBOCR;
- uint8_t FER;
- uint16_t MCR;
- uint8_t CONFIG;
- uint8_t DEBUG;
- } scr;
- uint32_t gpio_dir;
- uint32_t gpio_level;
- uint32_t prev_level;
- qemu_irq handler[TC6393XB_GPIOS];
- qemu_irq *gpio_in;
-
- struct {
- uint8_t mode;
- uint8_t isr;
- uint8_t imr;
- } nand;
- int nand_enable;
- uint32_t nand_phys;
- DeviceState *flash;
- ECCState ecc;
-
- DisplayState *ds;
- MemoryRegion vram;
- uint16_t *vram_ptr;
- uint32_t scr_width, scr_height; /* in pixels */
- qemu_irq l3v;
- unsigned blank : 1,
- blanked : 1;
-};
-
-qemu_irq *tc6393xb_gpio_in_get(TC6393xbState *s)
-{
- return s->gpio_in;
-}
-
-static void tc6393xb_gpio_set(void *opaque, int line, int level)
-{
-// TC6393xbState *s = opaque;
-
- if (line > TC6393XB_GPIOS) {
- printf("%s: No GPIO pin %i\n", __FUNCTION__, line);
- return;
- }
-
- // FIXME: how does the chip reflect the GPIO input level change?
-}
-
-void tc6393xb_gpio_out_set(TC6393xbState *s, int line,
- qemu_irq handler)
-{
- if (line >= TC6393XB_GPIOS) {
- fprintf(stderr, "TC6393xb: no GPIO pin %d\n", line);
- return;
- }
-
- s->handler[line] = handler;
-}
-
-static void tc6393xb_gpio_handler_update(TC6393xbState *s)
-{
- uint32_t level, diff;
- int bit;
-
- level = s->gpio_level & s->gpio_dir;
-
- for (diff = s->prev_level ^ level; diff; diff ^= 1 << bit) {
- bit = ffs(diff) - 1;
- qemu_set_irq(s->handler[bit], (level >> bit) & 1);
- }
-
- s->prev_level = level;
-}
-
-qemu_irq tc6393xb_l3v_get(TC6393xbState *s)
-{
- return s->l3v;
-}
-
-static void tc6393xb_l3v(void *opaque, int line, int level)
-{
- TC6393xbState *s = opaque;
- s->blank = !level;
- fprintf(stderr, "L3V: %d\n", level);
-}
-
-static void tc6393xb_sub_irq(void *opaque, int line, int level) {
- TC6393xbState *s = opaque;
- uint8_t isr = s->scr.ISR;
- if (level)
- isr |= 1 << line;
- else
- isr &= ~(1 << line);
- s->scr.ISR = isr;
- qemu_set_irq(s->irq, isr & s->scr.IMR);
-}
-
-#define SCR_REG_B(N) \
- case SCR_ ##N: return s->scr.N
-#define SCR_REG_W(N) \
- case SCR_ ##N: return s->scr.N; \
- case SCR_ ##N + 1: return s->scr.N >> 8;
-#define SCR_REG_L(N) \
- case SCR_ ##N: return s->scr.N; \
- case SCR_ ##N + 1: return s->scr.N >> 8; \
- case SCR_ ##N + 2: return s->scr.N >> 16; \
- case SCR_ ##N + 3: return s->scr.N >> 24;
-#define SCR_REG_A(N) \
- case SCR_ ##N(0): return s->scr.N[0]; \
- case SCR_ ##N(1): return s->scr.N[1]; \
- case SCR_ ##N(2): return s->scr.N[2]
-
-static uint32_t tc6393xb_scr_readb(TC6393xbState *s, hwaddr addr)
-{
- switch (addr) {
- case SCR_REVID:
- return 3;
- case SCR_REVID+1:
- return 0;
- SCR_REG_B(ISR);
- SCR_REG_B(IMR);
- SCR_REG_B(IRR);
- SCR_REG_W(GPER);
- SCR_REG_A(GPI_SR);
- SCR_REG_A(GPI_IMR);
- SCR_REG_A(GPI_EDER);
- SCR_REG_A(GPI_LIR);
- case SCR_GPO_DSR(0):
- case SCR_GPO_DSR(1):
- case SCR_GPO_DSR(2):
- return (s->gpio_level >> ((addr - SCR_GPO_DSR(0)) * 8)) & 0xff;
- case SCR_GPO_DOECR(0):
- case SCR_GPO_DOECR(1):
- case SCR_GPO_DOECR(2):
- return (s->gpio_dir >> ((addr - SCR_GPO_DOECR(0)) * 8)) & 0xff;
- SCR_REG_A(GP_IARCR);
- SCR_REG_A(GP_IARLCR);
- SCR_REG_A(GPI_BCR);
- SCR_REG_W(GPA_IARCR);
- SCR_REG_W(GPA_IARLCR);
- SCR_REG_W(CCR);
- SCR_REG_W(PLL2CR);
- SCR_REG_L(PLL1CR);
- SCR_REG_B(DIARCR);
- SCR_REG_B(DBOCR);
- SCR_REG_B(FER);
- SCR_REG_W(MCR);
- SCR_REG_B(CONFIG);
- SCR_REG_B(DEBUG);
- }
- fprintf(stderr, "tc6393xb_scr: unhandled read at %08x\n", (uint32_t) addr);
- return 0;
-}
-#undef SCR_REG_B
-#undef SCR_REG_W
-#undef SCR_REG_L
-#undef SCR_REG_A
-
-#define SCR_REG_B(N) \
- case SCR_ ##N: s->scr.N = value; return;
-#define SCR_REG_W(N) \
- case SCR_ ##N: s->scr.N = (s->scr.N & ~0xff) | (value & 0xff); return; \
- case SCR_ ##N + 1: s->scr.N = (s->scr.N & 0xff) | (value << 8); return
-#define SCR_REG_L(N) \
- case SCR_ ##N: s->scr.N = (s->scr.N & ~0xff) | (value & 0xff); return; \
- case SCR_ ##N + 1: s->scr.N = (s->scr.N & ~(0xff << 8)) | (value & (0xff << 8)); return; \
- case SCR_ ##N + 2: s->scr.N = (s->scr.N & ~(0xff << 16)) | (value & (0xff << 16)); return; \
- case SCR_ ##N + 3: s->scr.N = (s->scr.N & ~(0xff << 24)) | (value & (0xff << 24)); return;
-#define SCR_REG_A(N) \
- case SCR_ ##N(0): s->scr.N[0] = value; return; \
- case SCR_ ##N(1): s->scr.N[1] = value; return; \
- case SCR_ ##N(2): s->scr.N[2] = value; return
-
-static void tc6393xb_scr_writeb(TC6393xbState *s, hwaddr addr, uint32_t value)
-{
- switch (addr) {
- SCR_REG_B(ISR);
- SCR_REG_B(IMR);
- SCR_REG_B(IRR);
- SCR_REG_W(GPER);
- SCR_REG_A(GPI_SR);
- SCR_REG_A(GPI_IMR);
- SCR_REG_A(GPI_EDER);
- SCR_REG_A(GPI_LIR);
- case SCR_GPO_DSR(0):
- case SCR_GPO_DSR(1):
- case SCR_GPO_DSR(2):
- s->gpio_level = (s->gpio_level & ~(0xff << ((addr - SCR_GPO_DSR(0))*8))) | ((value & 0xff) << ((addr - SCR_GPO_DSR(0))*8));
- tc6393xb_gpio_handler_update(s);
- return;
- case SCR_GPO_DOECR(0):
- case SCR_GPO_DOECR(1):
- case SCR_GPO_DOECR(2):
- s->gpio_dir = (s->gpio_dir & ~(0xff << ((addr - SCR_GPO_DOECR(0))*8))) | ((value & 0xff) << ((addr - SCR_GPO_DOECR(0))*8));
- tc6393xb_gpio_handler_update(s);
- return;
- SCR_REG_A(GP_IARCR);
- SCR_REG_A(GP_IARLCR);
- SCR_REG_A(GPI_BCR);
- SCR_REG_W(GPA_IARCR);
- SCR_REG_W(GPA_IARLCR);
- SCR_REG_W(CCR);
- SCR_REG_W(PLL2CR);
- SCR_REG_L(PLL1CR);
- SCR_REG_B(DIARCR);
- SCR_REG_B(DBOCR);
- SCR_REG_B(FER);
- SCR_REG_W(MCR);
- SCR_REG_B(CONFIG);
- SCR_REG_B(DEBUG);
- }
- fprintf(stderr, "tc6393xb_scr: unhandled write at %08x: %02x\n",
- (uint32_t) addr, value & 0xff);
-}
-#undef SCR_REG_B
-#undef SCR_REG_W
-#undef SCR_REG_L
-#undef SCR_REG_A
-
-static void tc6393xb_nand_irq(TC6393xbState *s) {
- qemu_set_irq(s->sub_irqs[IRQ_TC6393_NAND],
- (s->nand.imr & 0x80) && (s->nand.imr & s->nand.isr));
-}
-
-static uint32_t tc6393xb_nand_cfg_readb(TC6393xbState *s, hwaddr addr) {
- switch (addr) {
- case NAND_CFG_COMMAND:
- return s->nand_enable ? 2 : 0;
- case NAND_CFG_BASE:
- case NAND_CFG_BASE + 1:
- case NAND_CFG_BASE + 2:
- case NAND_CFG_BASE + 3:
- return s->nand_phys >> (addr - NAND_CFG_BASE);
- }
- fprintf(stderr, "tc6393xb_nand_cfg: unhandled read at %08x\n", (uint32_t) addr);
- return 0;
-}
-static void tc6393xb_nand_cfg_writeb(TC6393xbState *s, hwaddr addr, uint32_t value) {
- switch (addr) {
- case NAND_CFG_COMMAND:
- s->nand_enable = (value & 0x2);
- return;
- case NAND_CFG_BASE:
- case NAND_CFG_BASE + 1:
- case NAND_CFG_BASE + 2:
- case NAND_CFG_BASE + 3:
- s->nand_phys &= ~(0xff << ((addr - NAND_CFG_BASE) * 8));
- s->nand_phys |= (value & 0xff) << ((addr - NAND_CFG_BASE) * 8);
- return;
- }
- fprintf(stderr, "tc6393xb_nand_cfg: unhandled write at %08x: %02x\n",
- (uint32_t) addr, value & 0xff);
-}
-
-static uint32_t tc6393xb_nand_readb(TC6393xbState *s, hwaddr addr) {
- switch (addr) {
- case NAND_DATA + 0:
- case NAND_DATA + 1:
- case NAND_DATA + 2:
- case NAND_DATA + 3:
- return nand_getio(s->flash);
- case NAND_MODE:
- return s->nand.mode;
- case NAND_STATUS:
- return 0x14;
- case NAND_ISR:
- return s->nand.isr;
- case NAND_IMR:
- return s->nand.imr;
- }
- fprintf(stderr, "tc6393xb_nand: unhandled read at %08x\n", (uint32_t) addr);
- return 0;
-}
-static void tc6393xb_nand_writeb(TC6393xbState *s, hwaddr addr, uint32_t value) {
-// fprintf(stderr, "tc6393xb_nand: write at %08x: %02x\n",
-// (uint32_t) addr, value & 0xff);
- switch (addr) {
- case NAND_DATA + 0:
- case NAND_DATA + 1:
- case NAND_DATA + 2:
- case NAND_DATA + 3:
- nand_setio(s->flash, value);
- s->nand.isr |= 1;
- tc6393xb_nand_irq(s);
- return;
- case NAND_MODE:
- s->nand.mode = value;
- nand_setpins(s->flash,
- value & NAND_MODE_CLE,
- value & NAND_MODE_ALE,
- !(value & NAND_MODE_CE),
- value & NAND_MODE_WP,
- 0); // FIXME: gnd
- switch (value & NAND_MODE_ECC_MASK) {
- case NAND_MODE_ECC_RST:
- ecc_reset(&s->ecc);
- break;
- case NAND_MODE_ECC_READ:
- // FIXME
- break;
- case NAND_MODE_ECC_EN:
- ecc_reset(&s->ecc);
- }
- return;
- case NAND_ISR:
- s->nand.isr = value;
- tc6393xb_nand_irq(s);
- return;
- case NAND_IMR:
- s->nand.imr = value;
- tc6393xb_nand_irq(s);
- return;
- }
- fprintf(stderr, "tc6393xb_nand: unhandled write at %08x: %02x\n",
- (uint32_t) addr, value & 0xff);
-}
-
-#define BITS 8
-#include "tc6393xb_template.h"
-#define BITS 15
-#include "tc6393xb_template.h"
-#define BITS 16
-#include "tc6393xb_template.h"
-#define BITS 24
-#include "tc6393xb_template.h"
-#define BITS 32
-#include "tc6393xb_template.h"
-
-static void tc6393xb_draw_graphic(TC6393xbState *s, int full_update)
-{
- switch (ds_get_bits_per_pixel(s->ds)) {
- case 8:
- tc6393xb_draw_graphic8(s);
- break;
- case 15:
- tc6393xb_draw_graphic15(s);
- break;
- case 16:
- tc6393xb_draw_graphic16(s);
- break;
- case 24:
- tc6393xb_draw_graphic24(s);
- break;
- case 32:
- tc6393xb_draw_graphic32(s);
- break;
- default:
- printf("tc6393xb: unknown depth %d\n", ds_get_bits_per_pixel(s->ds));
- return;
- }
-
- dpy_gfx_update(s->ds, 0, 0, s->scr_width, s->scr_height);
-}
-
-static void tc6393xb_draw_blank(TC6393xbState *s, int full_update)
-{
- int i, w;
- uint8_t *d;
-
- if (!full_update)
- return;
-
- w = s->scr_width * ((ds_get_bits_per_pixel(s->ds) + 7) >> 3);
- d = ds_get_data(s->ds);
- for(i = 0; i < s->scr_height; i++) {
- memset(d, 0, w);
- d += ds_get_linesize(s->ds);
- }
-
- dpy_gfx_update(s->ds, 0, 0, s->scr_width, s->scr_height);
-}
-
-static void tc6393xb_update_display(void *opaque)
-{
- TC6393xbState *s = opaque;
- int full_update;
-
- if (s->scr_width == 0 || s->scr_height == 0)
- return;
-
- full_update = 0;
- if (s->blanked != s->blank) {
- s->blanked = s->blank;
- full_update = 1;
- }
- if (s->scr_width != ds_get_width(s->ds) || s->scr_height != ds_get_height(s->ds)) {
- qemu_console_resize(s->ds, s->scr_width, s->scr_height);
- full_update = 1;
- }
- if (s->blanked)
- tc6393xb_draw_blank(s, full_update);
- else
- tc6393xb_draw_graphic(s, full_update);
-}
-
-
-static uint64_t tc6393xb_readb(void *opaque, hwaddr addr,
- unsigned size)
-{
- TC6393xbState *s = opaque;
-
- switch (addr >> 8) {
- case 0:
- return tc6393xb_scr_readb(s, addr & 0xff);
- case 1:
- return tc6393xb_nand_cfg_readb(s, addr & 0xff);
- };
-
- if ((addr &~0xff) == s->nand_phys && s->nand_enable) {
-// return tc6393xb_nand_readb(s, addr & 0xff);
- uint8_t d = tc6393xb_nand_readb(s, addr & 0xff);
-// fprintf(stderr, "tc6393xb_nand: read at %08x: %02hhx\n", (uint32_t) addr, d);
- return d;
- }
-
-// fprintf(stderr, "tc6393xb: unhandled read at %08x\n", (uint32_t) addr);
- return 0;
-}
-
-static void tc6393xb_writeb(void *opaque, hwaddr addr,
- uint64_t value, unsigned size) {
- TC6393xbState *s = opaque;
-
- switch (addr >> 8) {
- case 0:
- tc6393xb_scr_writeb(s, addr & 0xff, value);
- return;
- case 1:
- tc6393xb_nand_cfg_writeb(s, addr & 0xff, value);
- return;
- };
-
- if ((addr &~0xff) == s->nand_phys && s->nand_enable)
- tc6393xb_nand_writeb(s, addr & 0xff, value);
- else
- fprintf(stderr, "tc6393xb: unhandled write at %08x: %02x\n",
- (uint32_t) addr, (int)value & 0xff);
-}
-
-TC6393xbState *tc6393xb_init(MemoryRegion *sysmem, uint32_t base, qemu_irq irq)
-{
- TC6393xbState *s;
- DriveInfo *nand;
- static const MemoryRegionOps tc6393xb_ops = {
- .read = tc6393xb_readb,
- .write = tc6393xb_writeb,
- .endianness = DEVICE_NATIVE_ENDIAN,
- .impl = {
- .min_access_size = 1,
- .max_access_size = 1,
- },
- };
-
- s = (TC6393xbState *) g_malloc0(sizeof(TC6393xbState));
- s->irq = irq;
- s->gpio_in = qemu_allocate_irqs(tc6393xb_gpio_set, s, TC6393XB_GPIOS);
-
- s->l3v = *qemu_allocate_irqs(tc6393xb_l3v, s, 1);
- s->blanked = 1;
-
- s->sub_irqs = qemu_allocate_irqs(tc6393xb_sub_irq, s, TC6393XB_NR_IRQS);
-
- nand = drive_get(IF_MTD, 0, 0);
- s->flash = nand_init(nand ? nand->bdrv : NULL, NAND_MFR_TOSHIBA, 0x76);
-
- memory_region_init_io(&s->iomem, &tc6393xb_ops, s, "tc6393xb", 0x10000);
- memory_region_add_subregion(sysmem, base, &s->iomem);
-
- memory_region_init_ram(&s->vram, "tc6393xb.vram", 0x100000);
- vmstate_register_ram_global(&s->vram);
- s->vram_ptr = memory_region_get_ram_ptr(&s->vram);
- memory_region_add_subregion(sysmem, base + 0x100000, &s->vram);
- s->scr_width = 480;
- s->scr_height = 640;
- s->ds = graphic_console_init(tc6393xb_update_display,
- NULL, /* invalidate */
- NULL, /* screen_dump */
- NULL, /* text_update */
- s);
-
- return s;
-}
diff --git a/hw/tc6393xb_template.h b/hw/tc6393xb_template.h
deleted file mode 100644
index 4cbbad5da..000000000
--- a/hw/tc6393xb_template.h
+++ /dev/null
@@ -1,67 +0,0 @@
-/*
- * Toshiba TC6393XB I/O Controller.
- * Found in Sharp Zaurus SL-6000 (tosa) or some
- * Toshiba e-Series PDAs.
- *
- * FB support code. Based on G364 fb emulator
- *
- * Copyright (c) 2007 Hervé Poussineau
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License as
- * published by the Free Software Foundation; either version 2 of
- * the License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, see <http://www.gnu.org/licenses/>.
- */
-
-#if BITS == 8
-# define SET_PIXEL(addr, color) *(uint8_t*)addr = color;
-#elif BITS == 15 || BITS == 16
-# define SET_PIXEL(addr, color) *(uint16_t*)addr = color;
-#elif BITS == 24
-# define SET_PIXEL(addr, color) \
- addr[0] = color; addr[1] = (color) >> 8; addr[2] = (color) >> 16;
-#elif BITS == 32
-# define SET_PIXEL(addr, color) *(uint32_t*)addr = color;
-#else
-# error unknown bit depth
-#endif
-
-
-static void glue(tc6393xb_draw_graphic, BITS)(TC6393xbState *s)
-{
- int i;
- uint16_t *data_buffer;
- uint8_t *data_display;
-
- data_buffer = s->vram_ptr;
- data_display = ds_get_data(s->ds);
- for(i = 0; i < s->scr_height; i++) {
-#if (BITS == 16)
- memcpy(data_display, data_buffer, s->scr_width * 2);
- data_buffer += s->scr_width;
- data_display += ds_get_linesize(s->ds);
-#else
- int j;
- for (j = 0; j < s->scr_width; j++, data_display += BITS / 8, data_buffer++) {
- uint16_t color = *data_buffer;
- uint32_t dest_color = glue(rgb_to_pixel, BITS)(
- ((color & 0xf800) * 0x108) >> 11,
- ((color & 0x7e0) * 0x41) >> 9,
- ((color & 0x1f) * 0x21) >> 2
- );
- SET_PIXEL(data_display, dest_color);
- }
-#endif
- }
-}
-
-#undef BITS
-#undef SET_PIXEL
diff --git a/hw/tcx.c b/hw/tcx.c
deleted file mode 100644
index 7aee2a9bd..000000000
--- a/hw/tcx.c
+++ /dev/null
@@ -1,730 +0,0 @@
-/*
- * QEMU TCX Frame buffer
- *
- * Copyright (c) 2003-2005 Fabrice Bellard
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
- * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
- * THE SOFTWARE.
- */
-
-#include "console.h"
-#include "pixel_ops.h"
-#include "sysbus.h"
-#include "qdev-addr.h"
-
-#define MAXX 1024
-#define MAXY 768
-#define TCX_DAC_NREGS 16
-#define TCX_THC_NREGS_8 0x081c
-#define TCX_THC_NREGS_24 0x1000
-#define TCX_TEC_NREGS 0x1000
-
-typedef struct TCXState {
- SysBusDevice busdev;
- hwaddr addr;
- DisplayState *ds;
- uint8_t *vram;
- uint32_t *vram24, *cplane;
- MemoryRegion vram_mem;
- MemoryRegion vram_8bit;
- MemoryRegion vram_24bit;
- MemoryRegion vram_cplane;
- MemoryRegion dac;
- MemoryRegion tec;
- MemoryRegion thc24;
- MemoryRegion thc8;
- ram_addr_t vram24_offset, cplane_offset;
- uint32_t vram_size;
- uint32_t palette[256];
- uint8_t r[256], g[256], b[256];
- uint16_t width, height, depth;
- uint8_t dac_index, dac_state;
-} TCXState;
-
-static void tcx_screen_dump(void *opaque, const char *filename, bool cswitch,
- Error **errp);
-static void tcx24_screen_dump(void *opaque, const char *filename, bool cswitch,
- Error **errp);
-
-static void tcx_set_dirty(TCXState *s)
-{
- memory_region_set_dirty(&s->vram_mem, 0, MAXX * MAXY);
-}
-
-static void tcx24_set_dirty(TCXState *s)
-{
- memory_region_set_dirty(&s->vram_mem, s->vram24_offset, MAXX * MAXY * 4);
- memory_region_set_dirty(&s->vram_mem, s->cplane_offset, MAXX * MAXY * 4);
-}
-
-static void update_palette_entries(TCXState *s, int start, int end)
-{
- int i;
- for(i = start; i < end; i++) {
- switch(ds_get_bits_per_pixel(s->ds)) {
- default:
- case 8:
- s->palette[i] = rgb_to_pixel8(s->r[i], s->g[i], s->b[i]);
- break;
- case 15:
- s->palette[i] = rgb_to_pixel15(s->r[i], s->g[i], s->b[i]);
- break;
- case 16:
- s->palette[i] = rgb_to_pixel16(s->r[i], s->g[i], s->b[i]);
- break;
- case 32:
- if (is_surface_bgr(s->ds->surface))
- s->palette[i] = rgb_to_pixel32bgr(s->r[i], s->g[i], s->b[i]);
- else
- s->palette[i] = rgb_to_pixel32(s->r[i], s->g[i], s->b[i]);
- break;
- }
- }
- if (s->depth == 24) {
- tcx24_set_dirty(s);
- } else {
- tcx_set_dirty(s);
- }
-}
-
-static void tcx_draw_line32(TCXState *s1, uint8_t *d,
- const uint8_t *s, int width)
-{
- int x;
- uint8_t val;
- uint32_t *p = (uint32_t *)d;
-
- for(x = 0; x < width; x++) {
- val = *s++;
- *p++ = s1->palette[val];
- }
-}
-
-static void tcx_draw_line16(TCXState *s1, uint8_t *d,
- const uint8_t *s, int width)
-{
- int x;
- uint8_t val;
- uint16_t *p = (uint16_t *)d;
-
- for(x = 0; x < width; x++) {
- val = *s++;
- *p++ = s1->palette[val];
- }
-}
-
-static void tcx_draw_line8(TCXState *s1, uint8_t *d,
- const uint8_t *s, int width)
-{
- int x;
- uint8_t val;
-
- for(x = 0; x < width; x++) {
- val = *s++;
- *d++ = s1->palette[val];
- }
-}
-
-/*
- XXX Could be much more optimal:
- * detect if line/page/whole screen is in 24 bit mode
- * if destination is also BGR, use memcpy
- */
-static inline void tcx24_draw_line32(TCXState *s1, uint8_t *d,
- const uint8_t *s, int width,
- const uint32_t *cplane,
- const uint32_t *s24)
-{
- int x, bgr, r, g, b;
- uint8_t val, *p8;
- uint32_t *p = (uint32_t *)d;
- uint32_t dval;
-
- bgr = is_surface_bgr(s1->ds->surface);
- for(x = 0; x < width; x++, s++, s24++) {
- if ((be32_to_cpu(*cplane++) & 0xff000000) == 0x03000000) {
- // 24-bit direct, BGR order
- p8 = (uint8_t *)s24;
- p8++;
- b = *p8++;
- g = *p8++;
- r = *p8;
- if (bgr)
- dval = rgb_to_pixel32bgr(r, g, b);
- else
- dval = rgb_to_pixel32(r, g, b);
- } else {
- val = *s;
- dval = s1->palette[val];
- }
- *p++ = dval;
- }
-}
-
-static inline int check_dirty(TCXState *s, ram_addr_t page, ram_addr_t page24,
- ram_addr_t cpage)
-{
- int ret;
-
- ret = memory_region_get_dirty(&s->vram_mem, page, TARGET_PAGE_SIZE,
- DIRTY_MEMORY_VGA);
- ret |= memory_region_get_dirty(&s->vram_mem, page24, TARGET_PAGE_SIZE * 4,
- DIRTY_MEMORY_VGA);
- ret |= memory_region_get_dirty(&s->vram_mem, cpage, TARGET_PAGE_SIZE * 4,
- DIRTY_MEMORY_VGA);
- return ret;
-}
-
-static inline void reset_dirty(TCXState *ts, ram_addr_t page_min,
- ram_addr_t page_max, ram_addr_t page24,
- ram_addr_t cpage)
-{
- memory_region_reset_dirty(&ts->vram_mem,
- page_min, page_max + TARGET_PAGE_SIZE,
- DIRTY_MEMORY_VGA);
- memory_region_reset_dirty(&ts->vram_mem,
- page24 + page_min * 4,
- page24 + page_max * 4 + TARGET_PAGE_SIZE,
- DIRTY_MEMORY_VGA);
- memory_region_reset_dirty(&ts->vram_mem,
- cpage + page_min * 4,
- cpage + page_max * 4 + TARGET_PAGE_SIZE,
- DIRTY_MEMORY_VGA);
-}
-
-/* Fixed line length 1024 allows us to do nice tricks not possible on
- VGA... */
-static void tcx_update_display(void *opaque)
-{
- TCXState *ts = opaque;
- ram_addr_t page, page_min, page_max;
- int y, y_start, dd, ds;
- uint8_t *d, *s;
- void (*f)(TCXState *s1, uint8_t *dst, const uint8_t *src, int width);
-
- if (ds_get_bits_per_pixel(ts->ds) == 0)
- return;
- page = 0;
- y_start = -1;
- page_min = -1;
- page_max = 0;
- d = ds_get_data(ts->ds);
- s = ts->vram;
- dd = ds_get_linesize(ts->ds);
- ds = 1024;
-
- switch (ds_get_bits_per_pixel(ts->ds)) {
- case 32:
- f = tcx_draw_line32;
- break;
- case 15:
- case 16:
- f = tcx_draw_line16;
- break;
- default:
- case 8:
- f = tcx_draw_line8;
- break;
- case 0:
- return;
- }
-
- for(y = 0; y < ts->height; y += 4, page += TARGET_PAGE_SIZE) {
- if (memory_region_get_dirty(&ts->vram_mem, page, TARGET_PAGE_SIZE,
- DIRTY_MEMORY_VGA)) {
- if (y_start < 0)
- y_start = y;
- if (page < page_min)
- page_min = page;
- if (page > page_max)
- page_max = page;
- f(ts, d, s, ts->width);
- d += dd;
- s += ds;
- f(ts, d, s, ts->width);
- d += dd;
- s += ds;
- f(ts, d, s, ts->width);
- d += dd;
- s += ds;
- f(ts, d, s, ts->width);
- d += dd;
- s += ds;
- } else {
- if (y_start >= 0) {
- /* flush to display */
- dpy_gfx_update(ts->ds, 0, y_start,
- ts->width, y - y_start);
- y_start = -1;
- }
- d += dd * 4;
- s += ds * 4;
- }
- }
- if (y_start >= 0) {
- /* flush to display */
- dpy_gfx_update(ts->ds, 0, y_start,
- ts->width, y - y_start);
- }
- /* reset modified pages */
- if (page_max >= page_min) {
- memory_region_reset_dirty(&ts->vram_mem,
- page_min, page_max + TARGET_PAGE_SIZE,
- DIRTY_MEMORY_VGA);
- }
-}
-
-static void tcx24_update_display(void *opaque)
-{
- TCXState *ts = opaque;
- ram_addr_t page, page_min, page_max, cpage, page24;
- int y, y_start, dd, ds;
- uint8_t *d, *s;
- uint32_t *cptr, *s24;
-
- if (ds_get_bits_per_pixel(ts->ds) != 32)
- return;
- page = 0;
- page24 = ts->vram24_offset;
- cpage = ts->cplane_offset;
- y_start = -1;
- page_min = -1;
- page_max = 0;
- d = ds_get_data(ts->ds);
- s = ts->vram;
- s24 = ts->vram24;
- cptr = ts->cplane;
- dd = ds_get_linesize(ts->ds);
- ds = 1024;
-
- for(y = 0; y < ts->height; y += 4, page += TARGET_PAGE_SIZE,
- page24 += TARGET_PAGE_SIZE, cpage += TARGET_PAGE_SIZE) {
- if (check_dirty(ts, page, page24, cpage)) {
- if (y_start < 0)
- y_start = y;
- if (page < page_min)
- page_min = page;
- if (page > page_max)
- page_max = page;
- tcx24_draw_line32(ts, d, s, ts->width, cptr, s24);
- d += dd;
- s += ds;
- cptr += ds;
- s24 += ds;
- tcx24_draw_line32(ts, d, s, ts->width, cptr, s24);
- d += dd;
- s += ds;
- cptr += ds;
- s24 += ds;
- tcx24_draw_line32(ts, d, s, ts->width, cptr, s24);
- d += dd;
- s += ds;
- cptr += ds;
- s24 += ds;
- tcx24_draw_line32(ts, d, s, ts->width, cptr, s24);
- d += dd;
- s += ds;
- cptr += ds;
- s24 += ds;
- } else {
- if (y_start >= 0) {
- /* flush to display */
- dpy_gfx_update(ts->ds, 0, y_start,
- ts->width, y - y_start);
- y_start = -1;
- }
- d += dd * 4;
- s += ds * 4;
- cptr += ds * 4;
- s24 += ds * 4;
- }
- }
- if (y_start >= 0) {
- /* flush to display */
- dpy_gfx_update(ts->ds, 0, y_start,
- ts->width, y - y_start);
- }
- /* reset modified pages */
- if (page_max >= page_min) {
- reset_dirty(ts, page_min, page_max, page24, cpage);
- }
-}
-
-static void tcx_invalidate_display(void *opaque)
-{
- TCXState *s = opaque;
-
- tcx_set_dirty(s);
- qemu_console_resize(s->ds, s->width, s->height);
-}
-
-static void tcx24_invalidate_display(void *opaque)
-{
- TCXState *s = opaque;
-
- tcx_set_dirty(s);
- tcx24_set_dirty(s);
- qemu_console_resize(s->ds, s->width, s->height);
-}
-
-static int vmstate_tcx_post_load(void *opaque, int version_id)
-{
- TCXState *s = opaque;
-
- update_palette_entries(s, 0, 256);
- if (s->depth == 24) {
- tcx24_set_dirty(s);
- } else {
- tcx_set_dirty(s);
- }
-
- return 0;
-}
-
-static const VMStateDescription vmstate_tcx = {
- .name ="tcx",
- .version_id = 4,
- .minimum_version_id = 4,
- .minimum_version_id_old = 4,
- .post_load = vmstate_tcx_post_load,
- .fields = (VMStateField []) {
- VMSTATE_UINT16(height, TCXState),
- VMSTATE_UINT16(width, TCXState),
- VMSTATE_UINT16(depth, TCXState),
- VMSTATE_BUFFER(r, TCXState),
- VMSTATE_BUFFER(g, TCXState),
- VMSTATE_BUFFER(b, TCXState),
- VMSTATE_UINT8(dac_index, TCXState),
- VMSTATE_UINT8(dac_state, TCXState),
- VMSTATE_END_OF_LIST()
- }
-};
-
-static void tcx_reset(DeviceState *d)
-{
- TCXState *s = container_of(d, TCXState, busdev.qdev);
-
- /* Initialize palette */
- memset(s->r, 0, 256);
- memset(s->g, 0, 256);
- memset(s->b, 0, 256);
- s->r[255] = s->g[255] = s->b[255] = 255;
- update_palette_entries(s, 0, 256);
- memset(s->vram, 0, MAXX*MAXY);
- memory_region_reset_dirty(&s->vram_mem, 0, MAXX * MAXY * (1 + 4 + 4),
- DIRTY_MEMORY_VGA);
- s->dac_index = 0;
- s->dac_state = 0;
-}
-
-static uint64_t tcx_dac_readl(void *opaque, hwaddr addr,
- unsigned size)
-{
- return 0;
-}
-
-static void tcx_dac_writel(void *opaque, hwaddr addr, uint64_t val,
- unsigned size)
-{
- TCXState *s = opaque;
-
- switch (addr) {
- case 0:
- s->dac_index = val >> 24;
- s->dac_state = 0;
- break;
- case 4:
- switch (s->dac_state) {
- case 0:
- s->r[s->dac_index] = val >> 24;
- update_palette_entries(s, s->dac_index, s->dac_index + 1);
- s->dac_state++;
- break;
- case 1:
- s->g[s->dac_index] = val >> 24;
- update_palette_entries(s, s->dac_index, s->dac_index + 1);
- s->dac_state++;
- break;
- case 2:
- s->b[s->dac_index] = val >> 24;
- update_palette_entries(s, s->dac_index, s->dac_index + 1);
- s->dac_index = (s->dac_index + 1) & 255; // Index autoincrement
- default:
- s->dac_state = 0;
- break;
- }
- break;
- default:
- break;
- }
-}
-
-static const MemoryRegionOps tcx_dac_ops = {
- .read = tcx_dac_readl,
- .write = tcx_dac_writel,
- .endianness = DEVICE_NATIVE_ENDIAN,
- .valid = {
- .min_access_size = 4,
- .max_access_size = 4,
- },
-};
-
-static uint64_t dummy_readl(void *opaque, hwaddr addr,
- unsigned size)
-{
- return 0;
-}
-
-static void dummy_writel(void *opaque, hwaddr addr,
- uint64_t val, unsigned size)
-{
-}
-
-static const MemoryRegionOps dummy_ops = {
- .read = dummy_readl,
- .write = dummy_writel,
- .endianness = DEVICE_NATIVE_ENDIAN,
- .valid = {
- .min_access_size = 4,
- .max_access_size = 4,
- },
-};
-
-static int tcx_init1(SysBusDevice *dev)
-{
- TCXState *s = FROM_SYSBUS(TCXState, dev);
- ram_addr_t vram_offset = 0;
- int size;
- uint8_t *vram_base;
-
- memory_region_init_ram(&s->vram_mem, "tcx.vram",
- s->vram_size * (1 + 4 + 4));
- vmstate_register_ram_global(&s->vram_mem);
- vram_base = memory_region_get_ram_ptr(&s->vram_mem);
-
- /* 8-bit plane */
- s->vram = vram_base;
- size = s->vram_size;
- memory_region_init_alias(&s->vram_8bit, "tcx.vram.8bit",
- &s->vram_mem, vram_offset, size);
- sysbus_init_mmio(dev, &s->vram_8bit);
- vram_offset += size;
- vram_base += size;
-
- /* DAC */
- memory_region_init_io(&s->dac, &tcx_dac_ops, s, "tcx.dac", TCX_DAC_NREGS);
- sysbus_init_mmio(dev, &s->dac);
-
- /* TEC (dummy) */
- memory_region_init_io(&s->tec, &dummy_ops, s, "tcx.tec", TCX_TEC_NREGS);
- sysbus_init_mmio(dev, &s->tec);
- /* THC: NetBSD writes here even with 8-bit display: dummy */
- memory_region_init_io(&s->thc24, &dummy_ops, s, "tcx.thc24",
- TCX_THC_NREGS_24);
- sysbus_init_mmio(dev, &s->thc24);
-
- if (s->depth == 24) {
- /* 24-bit plane */
- size = s->vram_size * 4;
- s->vram24 = (uint32_t *)vram_base;
- s->vram24_offset = vram_offset;
- memory_region_init_alias(&s->vram_24bit, "tcx.vram.24bit",
- &s->vram_mem, vram_offset, size);
- sysbus_init_mmio(dev, &s->vram_24bit);
- vram_offset += size;
- vram_base += size;
-
- /* Control plane */
- size = s->vram_size * 4;
- s->cplane = (uint32_t *)vram_base;
- s->cplane_offset = vram_offset;
- memory_region_init_alias(&s->vram_cplane, "tcx.vram.cplane",
- &s->vram_mem, vram_offset, size);
- sysbus_init_mmio(dev, &s->vram_cplane);
-
- s->ds = graphic_console_init(tcx24_update_display,
- tcx24_invalidate_display,
- tcx24_screen_dump, NULL, s);
- } else {
- /* THC 8 bit (dummy) */
- memory_region_init_io(&s->thc8, &dummy_ops, s, "tcx.thc8",
- TCX_THC_NREGS_8);
- sysbus_init_mmio(dev, &s->thc8);
-
- s->ds = graphic_console_init(tcx_update_display,
- tcx_invalidate_display,
- tcx_screen_dump, NULL, s);
- }
-
- qemu_console_resize(s->ds, s->width, s->height);
- return 0;
-}
-
-static void tcx_screen_dump(void *opaque, const char *filename, bool cswitch,
- Error **errp)
-{
- TCXState *s = opaque;
- FILE *f;
- uint8_t *d, *d1, v;
- int ret, y, x;
-
- f = fopen(filename, "wb");
- if (!f) {
- error_setg(errp, "failed to open file '%s': %s", filename,
- strerror(errno));
- return;
- }
- ret = fprintf(f, "P6\n%d %d\n%d\n", s->width, s->height, 255);
- if (ret < 0) {
- goto write_err;
- }
- d1 = s->vram;
- for(y = 0; y < s->height; y++) {
- d = d1;
- for(x = 0; x < s->width; x++) {
- v = *d;
- ret = fputc(s->r[v], f);
- if (ret == EOF) {
- goto write_err;
- }
- ret = fputc(s->g[v], f);
- if (ret == EOF) {
- goto write_err;
- }
- ret = fputc(s->b[v], f);
- if (ret == EOF) {
- goto write_err;
- }
- d++;
- }
- d1 += MAXX;
- }
-
-out:
- fclose(f);
- return;
-
-write_err:
- error_setg(errp, "failed to write to file '%s': %s", filename,
- strerror(errno));
- unlink(filename);
- goto out;
-}
-
-static void tcx24_screen_dump(void *opaque, const char *filename, bool cswitch,
- Error **errp)
-{
- TCXState *s = opaque;
- FILE *f;
- uint8_t *d, *d1, v;
- uint32_t *s24, *cptr, dval;
- int ret, y, x;
-
- f = fopen(filename, "wb");
- if (!f) {
- error_setg(errp, "failed to open file '%s': %s", filename,
- strerror(errno));
- return;
- }
- ret = fprintf(f, "P6\n%d %d\n%d\n", s->width, s->height, 255);
- if (ret < 0) {
- goto write_err;
- }
- d1 = s->vram;
- s24 = s->vram24;
- cptr = s->cplane;
- for(y = 0; y < s->height; y++) {
- d = d1;
- for(x = 0; x < s->width; x++, d++, s24++) {
- if ((*cptr++ & 0xff000000) == 0x03000000) { // 24-bit direct
- dval = *s24 & 0x00ffffff;
- ret = fputc((dval >> 16) & 0xff, f);
- if (ret == EOF) {
- goto write_err;
- }
- ret = fputc((dval >> 8) & 0xff, f);
- if (ret == EOF) {
- goto write_err;
- }
- ret = fputc(dval & 0xff, f);
- if (ret == EOF) {
- goto write_err;
- }
- } else {
- v = *d;
- ret = fputc(s->r[v], f);
- if (ret == EOF) {
- goto write_err;
- }
- ret = fputc(s->g[v], f);
- if (ret == EOF) {
- goto write_err;
- }
- ret = fputc(s->b[v], f);
- if (ret == EOF) {
- goto write_err;
- }
- }
- }
- d1 += MAXX;
- }
-
-out:
- fclose(f);
- return;
-
-write_err:
- error_setg(errp, "failed to write to file '%s': %s", filename,
- strerror(errno));
- unlink(filename);
- goto out;
-}
-
-static Property tcx_properties[] = {
- DEFINE_PROP_TADDR("addr", TCXState, addr, -1),
- DEFINE_PROP_HEX32("vram_size", TCXState, vram_size, -1),
- DEFINE_PROP_UINT16("width", TCXState, width, -1),
- DEFINE_PROP_UINT16("height", TCXState, height, -1),
- DEFINE_PROP_UINT16("depth", TCXState, depth, -1),
- DEFINE_PROP_END_OF_LIST(),
-};
-
-static void tcx_class_init(ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS(klass);
- SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
-
- k->init = tcx_init1;
- dc->reset = tcx_reset;
- dc->vmsd = &vmstate_tcx;
- dc->props = tcx_properties;
-}
-
-static TypeInfo tcx_info = {
- .name = "SUNW,tcx",
- .parent = TYPE_SYS_BUS_DEVICE,
- .instance_size = sizeof(TCXState),
- .class_init = tcx_class_init,
-};
-
-static void tcx_register_types(void)
-{
- type_register_static(&tcx_info);
-}
-
-type_init(tcx_register_types)
diff --git a/hw/timer/Makefile.objs b/hw/timer/Makefile.objs
new file mode 100644
index 000000000..eca590570
--- /dev/null
+++ b/hw/timer/Makefile.objs
@@ -0,0 +1,29 @@
+common-obj-$(CONFIG_ARM_TIMER) += arm_timer.o
+common-obj-$(CONFIG_ARM_MPTIMER) += arm_mptimer.o
+common-obj-$(CONFIG_CADENCE) += cadence_ttc.o
+common-obj-$(CONFIG_DS1338) += ds1338.o
+common-obj-$(CONFIG_HPET) += hpet.o
+common-obj-$(CONFIG_I8254) += i8254_common.o i8254.o
+common-obj-$(CONFIG_M48T59) += m48t59.o
+common-obj-$(CONFIG_PL031) += pl031.o
+common-obj-$(CONFIG_PUV3) += puv3_ost.o
+common-obj-$(CONFIG_TWL92230) += twl92230.o
+common-obj-$(CONFIG_XILINX) += xilinx_timer.o
+common-obj-$(CONFIG_SLAVIO) += slavio_timer.o
+common-obj-$(CONFIG_ETRAXFS) += etraxfs_timer.o
+common-obj-$(CONFIG_GRLIB) += grlib_gptimer.o
+common-obj-$(CONFIG_IMX) += imx_epit.o
+common-obj-$(CONFIG_IMX) += imx_gpt.o
+common-obj-$(CONFIG_LM32) += lm32_timer.o
+common-obj-$(CONFIG_MILKYMIST) += milkymist-sysctl.o
+
+obj-$(CONFIG_EXYNOS4) += exynos4210_mct.o
+obj-$(CONFIG_EXYNOS4) += exynos4210_pwm.o
+obj-$(CONFIG_EXYNOS4) += exynos4210_rtc.o
+obj-$(CONFIG_OMAP) += omap_gptimer.o
+obj-$(CONFIG_OMAP) += omap_synctimer.o
+obj-$(CONFIG_PXA2XX) += pxa2xx_timer.o
+obj-$(CONFIG_SH4) += sh_timer.o
+obj-$(CONFIG_TUSB6010) += tusb6010.o
+
+obj-$(CONFIG_MC146818RTC) += mc146818rtc.o
diff --git a/hw/timer/arm_mptimer.c b/hw/timer/arm_mptimer.c
new file mode 100644
index 000000000..92773155d
--- /dev/null
+++ b/hw/timer/arm_mptimer.c
@@ -0,0 +1,316 @@
+/*
+ * Private peripheral timer/watchdog blocks for ARM 11MPCore and A9MP
+ *
+ * Copyright (c) 2006-2007 CodeSourcery.
+ * Copyright (c) 2011 Linaro Limited
+ * Written by Paul Brook, Peter Maydell
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version
+ * 2 of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "hw/sysbus.h"
+#include "qemu/timer.h"
+#include "qom/cpu.h"
+
+/* This device implements the per-cpu private timer and watchdog block
+ * which is used in both the ARM11MPCore and Cortex-A9MP.
+ */
+
+#define MAX_CPUS 4
+
+/* State of a single timer or watchdog block */
+typedef struct {
+ uint32_t count;
+ uint32_t load;
+ uint32_t control;
+ uint32_t status;
+ int64_t tick;
+ QEMUTimer *timer;
+ qemu_irq irq;
+ MemoryRegion iomem;
+} TimerBlock;
+
+#define TYPE_ARM_MPTIMER "arm_mptimer"
+#define ARM_MPTIMER(obj) \
+ OBJECT_CHECK(ARMMPTimerState, (obj), TYPE_ARM_MPTIMER)
+
+typedef struct {
+ /*< private >*/
+ SysBusDevice parent_obj;
+ /*< public >*/
+
+ uint32_t num_cpu;
+ TimerBlock timerblock[MAX_CPUS];
+ MemoryRegion iomem;
+} ARMMPTimerState;
+
+static inline int get_current_cpu(ARMMPTimerState *s)
+{
+ if (current_cpu->cpu_index >= s->num_cpu) {
+ hw_error("arm_mptimer: num-cpu %d but this cpu is %d!\n",
+ s->num_cpu, current_cpu->cpu_index);
+ }
+ return current_cpu->cpu_index;
+}
+
+static inline void timerblock_update_irq(TimerBlock *tb)
+{
+ qemu_set_irq(tb->irq, tb->status);
+}
+
+/* Return conversion factor from mpcore timer ticks to qemu timer ticks. */
+static inline uint32_t timerblock_scale(TimerBlock *tb)
+{
+ return (((tb->control >> 8) & 0xff) + 1) * 10;
+}
+
+static void timerblock_reload(TimerBlock *tb, int restart)
+{
+ if (tb->count == 0) {
+ return;
+ }
+ if (restart) {
+ tb->tick = qemu_get_clock_ns(vm_clock);
+ }
+ tb->tick += (int64_t)tb->count * timerblock_scale(tb);
+ qemu_mod_timer(tb->timer, tb->tick);
+}
+
+static void timerblock_tick(void *opaque)
+{
+ TimerBlock *tb = (TimerBlock *)opaque;
+ tb->status = 1;
+ if (tb->control & 2) {
+ tb->count = tb->load;
+ timerblock_reload(tb, 0);
+ } else {
+ tb->count = 0;
+ }
+ timerblock_update_irq(tb);
+}
+
+static uint64_t timerblock_read(void *opaque, hwaddr addr,
+ unsigned size)
+{
+ TimerBlock *tb = (TimerBlock *)opaque;
+ int64_t val;
+ switch (addr) {
+ case 0: /* Load */
+ return tb->load;
+ case 4: /* Counter. */
+ if (((tb->control & 1) == 0) || (tb->count == 0)) {
+ return 0;
+ }
+ /* Slow and ugly, but hopefully won't happen too often. */
+ val = tb->tick - qemu_get_clock_ns(vm_clock);
+ val /= timerblock_scale(tb);
+ if (val < 0) {
+ val = 0;
+ }
+ return val;
+ case 8: /* Control. */
+ return tb->control;
+ case 12: /* Interrupt status. */
+ return tb->status;
+ default:
+ return 0;
+ }
+}
+
+static void timerblock_write(void *opaque, hwaddr addr,
+ uint64_t value, unsigned size)
+{
+ TimerBlock *tb = (TimerBlock *)opaque;
+ int64_t old;
+ switch (addr) {
+ case 0: /* Load */
+ tb->load = value;
+ /* Fall through. */
+ case 4: /* Counter. */
+ if ((tb->control & 1) && tb->count) {
+ /* Cancel the previous timer. */
+ qemu_del_timer(tb->timer);
+ }
+ tb->count = value;
+ if (tb->control & 1) {
+ timerblock_reload(tb, 1);
+ }
+ break;
+ case 8: /* Control. */
+ old = tb->control;
+ tb->control = value;
+ if (((old & 1) == 0) && (value & 1)) {
+ if (tb->count == 0 && (tb->control & 2)) {
+ tb->count = tb->load;
+ }
+ timerblock_reload(tb, 1);
+ }
+ break;
+ case 12: /* Interrupt status. */
+ tb->status &= ~value;
+ timerblock_update_irq(tb);
+ break;
+ }
+}
+
+/* Wrapper functions to implement the "read timer/watchdog for
+ * the current CPU" memory regions.
+ */
+static uint64_t arm_thistimer_read(void *opaque, hwaddr addr,
+ unsigned size)
+{
+ ARMMPTimerState *s = (ARMMPTimerState *)opaque;
+ int id = get_current_cpu(s);
+ return timerblock_read(&s->timerblock[id], addr, size);
+}
+
+static void arm_thistimer_write(void *opaque, hwaddr addr,
+ uint64_t value, unsigned size)
+{
+ ARMMPTimerState *s = (ARMMPTimerState *)opaque;
+ int id = get_current_cpu(s);
+ timerblock_write(&s->timerblock[id], addr, value, size);
+}
+
+static const MemoryRegionOps arm_thistimer_ops = {
+ .read = arm_thistimer_read,
+ .write = arm_thistimer_write,
+ .valid = {
+ .min_access_size = 4,
+ .max_access_size = 4,
+ },
+ .endianness = DEVICE_NATIVE_ENDIAN,
+};
+
+static const MemoryRegionOps timerblock_ops = {
+ .read = timerblock_read,
+ .write = timerblock_write,
+ .valid = {
+ .min_access_size = 4,
+ .max_access_size = 4,
+ },
+ .endianness = DEVICE_NATIVE_ENDIAN,
+};
+
+static void timerblock_reset(TimerBlock *tb)
+{
+ tb->count = 0;
+ tb->load = 0;
+ tb->control = 0;
+ tb->status = 0;
+ tb->tick = 0;
+ if (tb->timer) {
+ qemu_del_timer(tb->timer);
+ }
+}
+
+static void arm_mptimer_reset(DeviceState *dev)
+{
+ ARMMPTimerState *s = ARM_MPTIMER(dev);
+ int i;
+
+ for (i = 0; i < ARRAY_SIZE(s->timerblock); i++) {
+ timerblock_reset(&s->timerblock[i]);
+ }
+}
+
+static int arm_mptimer_init(SysBusDevice *dev)
+{
+ ARMMPTimerState *s = ARM_MPTIMER(dev);
+ int i;
+
+ if (s->num_cpu < 1 || s->num_cpu > MAX_CPUS) {
+ hw_error("%s: num-cpu must be between 1 and %d\n", __func__, MAX_CPUS);
+ }
+ /* We implement one timer block per CPU, and expose multiple MMIO regions:
+ * * region 0 is "timer for this core"
+ * * region 1 is "timer for core 0"
+ * * region 2 is "timer for core 1"
+ * and so on.
+ * The outgoing interrupt lines are
+ * * timer for core 0
+ * * timer for core 1
+ * and so on.
+ */
+ memory_region_init_io(&s->iomem, OBJECT(s), &arm_thistimer_ops, s,
+ "arm_mptimer_timer", 0x20);
+ sysbus_init_mmio(dev, &s->iomem);
+ for (i = 0; i < s->num_cpu; i++) {
+ TimerBlock *tb = &s->timerblock[i];
+ tb->timer = qemu_new_timer_ns(vm_clock, timerblock_tick, tb);
+ sysbus_init_irq(dev, &tb->irq);
+ memory_region_init_io(&tb->iomem, OBJECT(s), &timerblock_ops, tb,
+ "arm_mptimer_timerblock", 0x20);
+ sysbus_init_mmio(dev, &tb->iomem);
+ }
+
+ return 0;
+}
+
+static const VMStateDescription vmstate_timerblock = {
+ .name = "arm_mptimer_timerblock",
+ .version_id = 2,
+ .minimum_version_id = 2,
+ .fields = (VMStateField[]) {
+ VMSTATE_UINT32(count, TimerBlock),
+ VMSTATE_UINT32(load, TimerBlock),
+ VMSTATE_UINT32(control, TimerBlock),
+ VMSTATE_UINT32(status, TimerBlock),
+ VMSTATE_INT64(tick, TimerBlock),
+ VMSTATE_TIMER(timer, TimerBlock),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+static const VMStateDescription vmstate_arm_mptimer = {
+ .name = "arm_mptimer",
+ .version_id = 2,
+ .minimum_version_id = 2,
+ .fields = (VMStateField[]) {
+ VMSTATE_STRUCT_VARRAY_UINT32(timerblock, ARMMPTimerState, num_cpu,
+ 2, vmstate_timerblock, TimerBlock),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+static Property arm_mptimer_properties[] = {
+ DEFINE_PROP_UINT32("num-cpu", ARMMPTimerState, num_cpu, 0),
+ DEFINE_PROP_END_OF_LIST()
+};
+
+static void arm_mptimer_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ SysBusDeviceClass *sbc = SYS_BUS_DEVICE_CLASS(klass);
+
+ sbc->init = arm_mptimer_init;
+ dc->vmsd = &vmstate_arm_mptimer;
+ dc->reset = arm_mptimer_reset;
+ dc->no_user = 1;
+ dc->props = arm_mptimer_properties;
+}
+
+static const TypeInfo arm_mptimer_info = {
+ .name = TYPE_ARM_MPTIMER,
+ .parent = TYPE_SYS_BUS_DEVICE,
+ .instance_size = sizeof(ARMMPTimerState),
+ .class_init = arm_mptimer_class_init,
+};
+
+static void arm_mptimer_register_types(void)
+{
+ type_register_static(&arm_mptimer_info);
+}
+
+type_init(arm_mptimer_register_types)
diff --git a/hw/timer/arm_timer.c b/hw/timer/arm_timer.c
new file mode 100644
index 000000000..acfea5977
--- /dev/null
+++ b/hw/timer/arm_timer.c
@@ -0,0 +1,411 @@
+/*
+ * ARM PrimeCell Timer modules.
+ *
+ * Copyright (c) 2005-2006 CodeSourcery.
+ * Written by Paul Brook
+ *
+ * This code is licensed under the GPL.
+ */
+
+#include "hw/sysbus.h"
+#include "qemu/timer.h"
+#include "qemu-common.h"
+#include "hw/qdev.h"
+#include "hw/ptimer.h"
+
+/* Common timer implementation. */
+
+#define TIMER_CTRL_ONESHOT (1 << 0)
+#define TIMER_CTRL_32BIT (1 << 1)
+#define TIMER_CTRL_DIV1 (0 << 2)
+#define TIMER_CTRL_DIV16 (1 << 2)
+#define TIMER_CTRL_DIV256 (2 << 2)
+#define TIMER_CTRL_IE (1 << 5)
+#define TIMER_CTRL_PERIODIC (1 << 6)
+#define TIMER_CTRL_ENABLE (1 << 7)
+
+typedef struct {
+ ptimer_state *timer;
+ uint32_t control;
+ uint32_t limit;
+ int freq;
+ int int_level;
+ qemu_irq irq;
+} arm_timer_state;
+
+/* Check all active timers, and schedule the next timer interrupt. */
+
+static void arm_timer_update(arm_timer_state *s)
+{
+ /* Update interrupts. */
+ if (s->int_level && (s->control & TIMER_CTRL_IE)) {
+ qemu_irq_raise(s->irq);
+ } else {
+ qemu_irq_lower(s->irq);
+ }
+}
+
+static uint32_t arm_timer_read(void *opaque, hwaddr offset)
+{
+ arm_timer_state *s = (arm_timer_state *)opaque;
+
+ switch (offset >> 2) {
+ case 0: /* TimerLoad */
+ case 6: /* TimerBGLoad */
+ return s->limit;
+ case 1: /* TimerValue */
+ return ptimer_get_count(s->timer);
+ case 2: /* TimerControl */
+ return s->control;
+ case 4: /* TimerRIS */
+ return s->int_level;
+ case 5: /* TimerMIS */
+ if ((s->control & TIMER_CTRL_IE) == 0)
+ return 0;
+ return s->int_level;
+ default:
+ qemu_log_mask(LOG_GUEST_ERROR,
+ "%s: Bad offset %x\n", __func__, (int)offset);
+ return 0;
+ }
+}
+
+/* Reset the timer limit after settings have changed. */
+static void arm_timer_recalibrate(arm_timer_state *s, int reload)
+{
+ uint32_t limit;
+
+ if ((s->control & (TIMER_CTRL_PERIODIC | TIMER_CTRL_ONESHOT)) == 0) {
+ /* Free running. */
+ if (s->control & TIMER_CTRL_32BIT)
+ limit = 0xffffffff;
+ else
+ limit = 0xffff;
+ } else {
+ /* Periodic. */
+ limit = s->limit;
+ }
+ ptimer_set_limit(s->timer, limit, reload);
+}
+
+static void arm_timer_write(void *opaque, hwaddr offset,
+ uint32_t value)
+{
+ arm_timer_state *s = (arm_timer_state *)opaque;
+ int freq;
+
+ switch (offset >> 2) {
+ case 0: /* TimerLoad */
+ s->limit = value;
+ arm_timer_recalibrate(s, 1);
+ break;
+ case 1: /* TimerValue */
+ /* ??? Linux seems to want to write to this readonly register.
+ Ignore it. */
+ break;
+ case 2: /* TimerControl */
+ if (s->control & TIMER_CTRL_ENABLE) {
+ /* Pause the timer if it is running. This may cause some
+ inaccuracy dure to rounding, but avoids a whole lot of other
+ messyness. */
+ ptimer_stop(s->timer);
+ }
+ s->control = value;
+ freq = s->freq;
+ /* ??? Need to recalculate expiry time after changing divisor. */
+ switch ((value >> 2) & 3) {
+ case 1: freq >>= 4; break;
+ case 2: freq >>= 8; break;
+ }
+ arm_timer_recalibrate(s, s->control & TIMER_CTRL_ENABLE);
+ ptimer_set_freq(s->timer, freq);
+ if (s->control & TIMER_CTRL_ENABLE) {
+ /* Restart the timer if still enabled. */
+ ptimer_run(s->timer, (s->control & TIMER_CTRL_ONESHOT) != 0);
+ }
+ break;
+ case 3: /* TimerIntClr */
+ s->int_level = 0;
+ break;
+ case 6: /* TimerBGLoad */
+ s->limit = value;
+ arm_timer_recalibrate(s, 0);
+ break;
+ default:
+ qemu_log_mask(LOG_GUEST_ERROR,
+ "%s: Bad offset %x\n", __func__, (int)offset);
+ }
+ arm_timer_update(s);
+}
+
+static void arm_timer_tick(void *opaque)
+{
+ arm_timer_state *s = (arm_timer_state *)opaque;
+ s->int_level = 1;
+ arm_timer_update(s);
+}
+
+static const VMStateDescription vmstate_arm_timer = {
+ .name = "arm_timer",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .minimum_version_id_old = 1,
+ .fields = (VMStateField[]) {
+ VMSTATE_UINT32(control, arm_timer_state),
+ VMSTATE_UINT32(limit, arm_timer_state),
+ VMSTATE_INT32(int_level, arm_timer_state),
+ VMSTATE_PTIMER(timer, arm_timer_state),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+static arm_timer_state *arm_timer_init(uint32_t freq)
+{
+ arm_timer_state *s;
+ QEMUBH *bh;
+
+ s = (arm_timer_state *)g_malloc0(sizeof(arm_timer_state));
+ s->freq = freq;
+ s->control = TIMER_CTRL_IE;
+
+ bh = qemu_bh_new(arm_timer_tick, s);
+ s->timer = ptimer_init(bh);
+ vmstate_register(NULL, -1, &vmstate_arm_timer, s);
+ return s;
+}
+
+/* ARM PrimeCell SP804 dual timer module.
+ * Docs at
+ * http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.ddi0271d/index.html
+*/
+
+#define TYPE_SP804 "sp804"
+#define SP804(obj) OBJECT_CHECK(SP804State, (obj), TYPE_SP804)
+
+typedef struct SP804State {
+ SysBusDevice parent_obj;
+
+ MemoryRegion iomem;
+ arm_timer_state *timer[2];
+ uint32_t freq0, freq1;
+ int level[2];
+ qemu_irq irq;
+} SP804State;
+
+static const uint8_t sp804_ids[] = {
+ /* Timer ID */
+ 0x04, 0x18, 0x14, 0,
+ /* PrimeCell ID */
+ 0xd, 0xf0, 0x05, 0xb1
+};
+
+/* Merge the IRQs from the two component devices. */
+static void sp804_set_irq(void *opaque, int irq, int level)
+{
+ SP804State *s = (SP804State *)opaque;
+
+ s->level[irq] = level;
+ qemu_set_irq(s->irq, s->level[0] || s->level[1]);
+}
+
+static uint64_t sp804_read(void *opaque, hwaddr offset,
+ unsigned size)
+{
+ SP804State *s = (SP804State *)opaque;
+
+ if (offset < 0x20) {
+ return arm_timer_read(s->timer[0], offset);
+ }
+ if (offset < 0x40) {
+ return arm_timer_read(s->timer[1], offset - 0x20);
+ }
+
+ /* TimerPeriphID */
+ if (offset >= 0xfe0 && offset <= 0xffc) {
+ return sp804_ids[(offset - 0xfe0) >> 2];
+ }
+
+ switch (offset) {
+ /* Integration Test control registers, which we won't support */
+ case 0xf00: /* TimerITCR */
+ case 0xf04: /* TimerITOP (strictly write only but..) */
+ qemu_log_mask(LOG_UNIMP,
+ "%s: integration test registers unimplemented\n",
+ __func__);
+ return 0;
+ }
+
+ qemu_log_mask(LOG_GUEST_ERROR,
+ "%s: Bad offset %x\n", __func__, (int)offset);
+ return 0;
+}
+
+static void sp804_write(void *opaque, hwaddr offset,
+ uint64_t value, unsigned size)
+{
+ SP804State *s = (SP804State *)opaque;
+
+ if (offset < 0x20) {
+ arm_timer_write(s->timer[0], offset, value);
+ return;
+ }
+
+ if (offset < 0x40) {
+ arm_timer_write(s->timer[1], offset - 0x20, value);
+ return;
+ }
+
+ /* Technically we could be writing to the Test Registers, but not likely */
+ qemu_log_mask(LOG_GUEST_ERROR, "%s: Bad offset %x\n",
+ __func__, (int)offset);
+}
+
+static const MemoryRegionOps sp804_ops = {
+ .read = sp804_read,
+ .write = sp804_write,
+ .endianness = DEVICE_NATIVE_ENDIAN,
+};
+
+static const VMStateDescription vmstate_sp804 = {
+ .name = "sp804",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .minimum_version_id_old = 1,
+ .fields = (VMStateField[]) {
+ VMSTATE_INT32_ARRAY(level, SP804State, 2),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+static int sp804_init(SysBusDevice *sbd)
+{
+ DeviceState *dev = DEVICE(sbd);
+ SP804State *s = SP804(dev);
+ qemu_irq *qi;
+
+ qi = qemu_allocate_irqs(sp804_set_irq, s, 2);
+ sysbus_init_irq(sbd, &s->irq);
+ s->timer[0] = arm_timer_init(s->freq0);
+ s->timer[1] = arm_timer_init(s->freq1);
+ s->timer[0]->irq = qi[0];
+ s->timer[1]->irq = qi[1];
+ memory_region_init_io(&s->iomem, OBJECT(s), &sp804_ops, s,
+ "sp804", 0x1000);
+ sysbus_init_mmio(sbd, &s->iomem);
+ vmstate_register(dev, -1, &vmstate_sp804, s);
+ return 0;
+}
+
+/* Integrator/CP timer module. */
+
+#define TYPE_INTEGRATOR_PIT "integrator_pit"
+#define INTEGRATOR_PIT(obj) \
+ OBJECT_CHECK(icp_pit_state, (obj), TYPE_INTEGRATOR_PIT)
+
+typedef struct {
+ SysBusDevice parent_obj;
+
+ MemoryRegion iomem;
+ arm_timer_state *timer[3];
+} icp_pit_state;
+
+static uint64_t icp_pit_read(void *opaque, hwaddr offset,
+ unsigned size)
+{
+ icp_pit_state *s = (icp_pit_state *)opaque;
+ int n;
+
+ /* ??? Don't know the PrimeCell ID for this device. */
+ n = offset >> 8;
+ if (n > 2) {
+ qemu_log_mask(LOG_GUEST_ERROR, "%s: Bad timer %d\n", __func__, n);
+ }
+
+ return arm_timer_read(s->timer[n], offset & 0xff);
+}
+
+static void icp_pit_write(void *opaque, hwaddr offset,
+ uint64_t value, unsigned size)
+{
+ icp_pit_state *s = (icp_pit_state *)opaque;
+ int n;
+
+ n = offset >> 8;
+ if (n > 2) {
+ qemu_log_mask(LOG_GUEST_ERROR, "%s: Bad timer %d\n", __func__, n);
+ }
+
+ arm_timer_write(s->timer[n], offset & 0xff, value);
+}
+
+static const MemoryRegionOps icp_pit_ops = {
+ .read = icp_pit_read,
+ .write = icp_pit_write,
+ .endianness = DEVICE_NATIVE_ENDIAN,
+};
+
+static int icp_pit_init(SysBusDevice *dev)
+{
+ icp_pit_state *s = INTEGRATOR_PIT(dev);
+
+ /* Timer 0 runs at the system clock speed (40MHz). */
+ s->timer[0] = arm_timer_init(40000000);
+ /* The other two timers run at 1MHz. */
+ s->timer[1] = arm_timer_init(1000000);
+ s->timer[2] = arm_timer_init(1000000);
+
+ sysbus_init_irq(dev, &s->timer[0]->irq);
+ sysbus_init_irq(dev, &s->timer[1]->irq);
+ sysbus_init_irq(dev, &s->timer[2]->irq);
+
+ memory_region_init_io(&s->iomem, OBJECT(s), &icp_pit_ops, s,
+ "icp_pit", 0x1000);
+ sysbus_init_mmio(dev, &s->iomem);
+ /* This device has no state to save/restore. The component timers will
+ save themselves. */
+ return 0;
+}
+
+static void icp_pit_class_init(ObjectClass *klass, void *data)
+{
+ SysBusDeviceClass *sdc = SYS_BUS_DEVICE_CLASS(klass);
+
+ sdc->init = icp_pit_init;
+}
+
+static const TypeInfo icp_pit_info = {
+ .name = TYPE_INTEGRATOR_PIT,
+ .parent = TYPE_SYS_BUS_DEVICE,
+ .instance_size = sizeof(icp_pit_state),
+ .class_init = icp_pit_class_init,
+};
+
+static Property sp804_properties[] = {
+ DEFINE_PROP_UINT32("freq0", SP804State, freq0, 1000000),
+ DEFINE_PROP_UINT32("freq1", SP804State, freq1, 1000000),
+ DEFINE_PROP_END_OF_LIST(),
+};
+
+static void sp804_class_init(ObjectClass *klass, void *data)
+{
+ SysBusDeviceClass *sdc = SYS_BUS_DEVICE_CLASS(klass);
+ DeviceClass *k = DEVICE_CLASS(klass);
+
+ sdc->init = sp804_init;
+ k->props = sp804_properties;
+}
+
+static const TypeInfo sp804_info = {
+ .name = TYPE_SP804,
+ .parent = TYPE_SYS_BUS_DEVICE,
+ .instance_size = sizeof(SP804State),
+ .class_init = sp804_class_init,
+};
+
+static void arm_timer_register_types(void)
+{
+ type_register_static(&icp_pit_info);
+ type_register_static(&sp804_info);
+}
+
+type_init(arm_timer_register_types)
diff --git a/hw/timer/cadence_ttc.c b/hw/timer/cadence_ttc.c
new file mode 100644
index 000000000..888f9ce00
--- /dev/null
+++ b/hw/timer/cadence_ttc.c
@@ -0,0 +1,495 @@
+/*
+ * Xilinx Zynq cadence TTC model
+ *
+ * Copyright (c) 2011 Xilinx Inc.
+ * Copyright (c) 2012 Peter A.G. Crosthwaite (peter.crosthwaite@petalogix.com)
+ * Copyright (c) 2012 PetaLogix Pty Ltd.
+ * Written By Haibing Ma
+ * M. Habib
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version
+ * 2 of the License, or (at your option) any later version.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "hw/sysbus.h"
+#include "qemu/timer.h"
+
+#ifdef CADENCE_TTC_ERR_DEBUG
+#define DB_PRINT(...) do { \
+ fprintf(stderr, ": %s: ", __func__); \
+ fprintf(stderr, ## __VA_ARGS__); \
+ } while (0);
+#else
+ #define DB_PRINT(...)
+#endif
+
+#define COUNTER_INTR_IV 0x00000001
+#define COUNTER_INTR_M1 0x00000002
+#define COUNTER_INTR_M2 0x00000004
+#define COUNTER_INTR_M3 0x00000008
+#define COUNTER_INTR_OV 0x00000010
+#define COUNTER_INTR_EV 0x00000020
+
+#define COUNTER_CTRL_DIS 0x00000001
+#define COUNTER_CTRL_INT 0x00000002
+#define COUNTER_CTRL_DEC 0x00000004
+#define COUNTER_CTRL_MATCH 0x00000008
+#define COUNTER_CTRL_RST 0x00000010
+
+#define CLOCK_CTRL_PS_EN 0x00000001
+#define CLOCK_CTRL_PS_V 0x0000001e
+
+typedef struct {
+ QEMUTimer *timer;
+ int freq;
+
+ uint32_t reg_clock;
+ uint32_t reg_count;
+ uint32_t reg_value;
+ uint16_t reg_interval;
+ uint16_t reg_match[3];
+ uint32_t reg_intr;
+ uint32_t reg_intr_en;
+ uint32_t reg_event_ctrl;
+ uint32_t reg_event;
+
+ uint64_t cpu_time;
+ unsigned int cpu_time_valid;
+
+ qemu_irq irq;
+} CadenceTimerState;
+
+#define TYPE_CADENCE_TTC "cadence_ttc"
+#define CADENCE_TTC(obj) \
+ OBJECT_CHECK(CadenceTTCState, (obj), TYPE_CADENCE_TTC)
+
+typedef struct CadenceTTCState {
+ SysBusDevice parent_obj;
+
+ MemoryRegion iomem;
+ CadenceTimerState timer[3];
+} CadenceTTCState;
+
+static void cadence_timer_update(CadenceTimerState *s)
+{
+ qemu_set_irq(s->irq, !!(s->reg_intr & s->reg_intr_en));
+}
+
+static CadenceTimerState *cadence_timer_from_addr(void *opaque,
+ hwaddr offset)
+{
+ unsigned int index;
+ CadenceTTCState *s = (CadenceTTCState *)opaque;
+
+ index = (offset >> 2) % 3;
+
+ return &s->timer[index];
+}
+
+static uint64_t cadence_timer_get_ns(CadenceTimerState *s, uint64_t timer_steps)
+{
+ /* timer_steps has max value of 0x100000000. double check it
+ * (or overflow can happen below) */
+ assert(timer_steps <= 1ULL << 32);
+
+ uint64_t r = timer_steps * 1000000000ULL;
+ if (s->reg_clock & CLOCK_CTRL_PS_EN) {
+ r >>= 16 - (((s->reg_clock & CLOCK_CTRL_PS_V) >> 1) + 1);
+ } else {
+ r >>= 16;
+ }
+ r /= (uint64_t)s->freq;
+ return r;
+}
+
+static uint64_t cadence_timer_get_steps(CadenceTimerState *s, uint64_t ns)
+{
+ uint64_t to_divide = 1000000000ULL;
+
+ uint64_t r = ns;
+ /* for very large intervals (> 8s) do some division first to stop
+ * overflow (costs some prescision) */
+ while (r >= 8ULL << 30 && to_divide > 1) {
+ r /= 1000;
+ to_divide /= 1000;
+ }
+ r <<= 16;
+ /* keep early-dividing as needed */
+ while (r >= 8ULL << 30 && to_divide > 1) {
+ r /= 1000;
+ to_divide /= 1000;
+ }
+ r *= (uint64_t)s->freq;
+ if (s->reg_clock & CLOCK_CTRL_PS_EN) {
+ r /= 1 << (((s->reg_clock & CLOCK_CTRL_PS_V) >> 1) + 1);
+ }
+
+ r /= to_divide;
+ return r;
+}
+
+/* determine if x is in between a and b, exclusive of a, inclusive of b */
+
+static inline int64_t is_between(int64_t x, int64_t a, int64_t b)
+{
+ if (a < b) {
+ return x > a && x <= b;
+ }
+ return x < a && x >= b;
+}
+
+static void cadence_timer_run(CadenceTimerState *s)
+{
+ int i;
+ int64_t event_interval, next_value;
+
+ assert(s->cpu_time_valid); /* cadence_timer_sync must be called first */
+
+ if (s->reg_count & COUNTER_CTRL_DIS) {
+ s->cpu_time_valid = 0;
+ return;
+ }
+
+ { /* figure out what's going to happen next (rollover or match) */
+ int64_t interval = (uint64_t)((s->reg_count & COUNTER_CTRL_INT) ?
+ (int64_t)s->reg_interval + 1 : 0x10000ULL) << 16;
+ next_value = (s->reg_count & COUNTER_CTRL_DEC) ? -1ULL : interval;
+ for (i = 0; i < 3; ++i) {
+ int64_t cand = (uint64_t)s->reg_match[i] << 16;
+ if (is_between(cand, (uint64_t)s->reg_value, next_value)) {
+ next_value = cand;
+ }
+ }
+ }
+ DB_PRINT("next timer event value: %09llx\n",
+ (unsigned long long)next_value);
+
+ event_interval = next_value - (int64_t)s->reg_value;
+ event_interval = (event_interval < 0) ? -event_interval : event_interval;
+
+ qemu_mod_timer(s->timer, s->cpu_time +
+ cadence_timer_get_ns(s, event_interval));
+}
+
+static void cadence_timer_sync(CadenceTimerState *s)
+{
+ int i;
+ int64_t r, x;
+ int64_t interval = ((s->reg_count & COUNTER_CTRL_INT) ?
+ (int64_t)s->reg_interval + 1 : 0x10000ULL) << 16;
+ uint64_t old_time = s->cpu_time;
+
+ s->cpu_time = qemu_get_clock_ns(vm_clock);
+ DB_PRINT("cpu time: %lld ns\n", (long long)old_time);
+
+ if (!s->cpu_time_valid || old_time == s->cpu_time) {
+ s->cpu_time_valid = 1;
+ return;
+ }
+
+ r = (int64_t)cadence_timer_get_steps(s, s->cpu_time - old_time);
+ x = (int64_t)s->reg_value + ((s->reg_count & COUNTER_CTRL_DEC) ? -r : r);
+
+ for (i = 0; i < 3; ++i) {
+ int64_t m = (int64_t)s->reg_match[i] << 16;
+ if (m > interval) {
+ continue;
+ }
+ /* check to see if match event has occurred. check m +/- interval
+ * to account for match events in wrap around cases */
+ if (is_between(m, s->reg_value, x) ||
+ is_between(m + interval, s->reg_value, x) ||
+ is_between(m - interval, s->reg_value, x)) {
+ s->reg_intr |= (2 << i);
+ }
+ }
+ while (x < 0) {
+ x += interval;
+ }
+ s->reg_value = (uint32_t)(x % interval);
+
+ if (s->reg_value != x) {
+ s->reg_intr |= (s->reg_count & COUNTER_CTRL_INT) ?
+ COUNTER_INTR_IV : COUNTER_INTR_OV;
+ }
+ cadence_timer_update(s);
+}
+
+static void cadence_timer_tick(void *opaque)
+{
+ CadenceTimerState *s = opaque;
+
+ DB_PRINT("\n");
+ cadence_timer_sync(s);
+ cadence_timer_run(s);
+}
+
+static uint32_t cadence_ttc_read_imp(void *opaque, hwaddr offset)
+{
+ CadenceTimerState *s = cadence_timer_from_addr(opaque, offset);
+ uint32_t value;
+
+ cadence_timer_sync(s);
+ cadence_timer_run(s);
+
+ switch (offset) {
+ case 0x00: /* clock control */
+ case 0x04:
+ case 0x08:
+ return s->reg_clock;
+
+ case 0x0c: /* counter control */
+ case 0x10:
+ case 0x14:
+ return s->reg_count;
+
+ case 0x18: /* counter value */
+ case 0x1c:
+ case 0x20:
+ return (uint16_t)(s->reg_value >> 16);
+
+ case 0x24: /* reg_interval counter */
+ case 0x28:
+ case 0x2c:
+ return s->reg_interval;
+
+ case 0x30: /* match 1 counter */
+ case 0x34:
+ case 0x38:
+ return s->reg_match[0];
+
+ case 0x3c: /* match 2 counter */
+ case 0x40:
+ case 0x44:
+ return s->reg_match[1];
+
+ case 0x48: /* match 3 counter */
+ case 0x4c:
+ case 0x50:
+ return s->reg_match[2];
+
+ case 0x54: /* interrupt register */
+ case 0x58:
+ case 0x5c:
+ /* cleared after read */
+ value = s->reg_intr;
+ s->reg_intr = 0;
+ cadence_timer_update(s);
+ return value;
+
+ case 0x60: /* interrupt enable */
+ case 0x64:
+ case 0x68:
+ return s->reg_intr_en;
+
+ case 0x6c:
+ case 0x70:
+ case 0x74:
+ return s->reg_event_ctrl;
+
+ case 0x78:
+ case 0x7c:
+ case 0x80:
+ return s->reg_event;
+
+ default:
+ return 0;
+ }
+}
+
+static uint64_t cadence_ttc_read(void *opaque, hwaddr offset,
+ unsigned size)
+{
+ uint32_t ret = cadence_ttc_read_imp(opaque, offset);
+
+ DB_PRINT("addr: %08x data: %08x\n", (unsigned)offset, (unsigned)ret);
+ return ret;
+}
+
+static void cadence_ttc_write(void *opaque, hwaddr offset,
+ uint64_t value, unsigned size)
+{
+ CadenceTimerState *s = cadence_timer_from_addr(opaque, offset);
+
+ DB_PRINT("addr: %08x data %08x\n", (unsigned)offset, (unsigned)value);
+
+ cadence_timer_sync(s);
+
+ switch (offset) {
+ case 0x00: /* clock control */
+ case 0x04:
+ case 0x08:
+ s->reg_clock = value & 0x3F;
+ break;
+
+ case 0x0c: /* counter control */
+ case 0x10:
+ case 0x14:
+ if (value & COUNTER_CTRL_RST) {
+ s->reg_value = 0;
+ }
+ s->reg_count = value & 0x3f & ~COUNTER_CTRL_RST;
+ break;
+
+ case 0x24: /* interval register */
+ case 0x28:
+ case 0x2c:
+ s->reg_interval = value & 0xffff;
+ break;
+
+ case 0x30: /* match register */
+ case 0x34:
+ case 0x38:
+ s->reg_match[0] = value & 0xffff;
+
+ case 0x3c: /* match register */
+ case 0x40:
+ case 0x44:
+ s->reg_match[1] = value & 0xffff;
+
+ case 0x48: /* match register */
+ case 0x4c:
+ case 0x50:
+ s->reg_match[2] = value & 0xffff;
+ break;
+
+ case 0x54: /* interrupt register */
+ case 0x58:
+ case 0x5c:
+ break;
+
+ case 0x60: /* interrupt enable */
+ case 0x64:
+ case 0x68:
+ s->reg_intr_en = value & 0x3f;
+ break;
+
+ case 0x6c: /* event control */
+ case 0x70:
+ case 0x74:
+ s->reg_event_ctrl = value & 0x07;
+ break;
+
+ default:
+ return;
+ }
+
+ cadence_timer_run(s);
+ cadence_timer_update(s);
+}
+
+static const MemoryRegionOps cadence_ttc_ops = {
+ .read = cadence_ttc_read,
+ .write = cadence_ttc_write,
+ .endianness = DEVICE_NATIVE_ENDIAN,
+};
+
+static void cadence_timer_reset(CadenceTimerState *s)
+{
+ s->reg_count = 0x21;
+}
+
+static void cadence_timer_init(uint32_t freq, CadenceTimerState *s)
+{
+ memset(s, 0, sizeof(CadenceTimerState));
+ s->freq = freq;
+
+ cadence_timer_reset(s);
+
+ s->timer = qemu_new_timer_ns(vm_clock, cadence_timer_tick, s);
+}
+
+static int cadence_ttc_init(SysBusDevice *dev)
+{
+ CadenceTTCState *s = CADENCE_TTC(dev);
+ int i;
+
+ for (i = 0; i < 3; ++i) {
+ cadence_timer_init(133000000, &s->timer[i]);
+ sysbus_init_irq(dev, &s->timer[i].irq);
+ }
+
+ memory_region_init_io(&s->iomem, OBJECT(s), &cadence_ttc_ops, s,
+ "timer", 0x1000);
+ sysbus_init_mmio(dev, &s->iomem);
+
+ return 0;
+}
+
+static void cadence_timer_pre_save(void *opaque)
+{
+ cadence_timer_sync((CadenceTimerState *)opaque);
+}
+
+static int cadence_timer_post_load(void *opaque, int version_id)
+{
+ CadenceTimerState *s = opaque;
+
+ s->cpu_time_valid = 0;
+ cadence_timer_sync(s);
+ cadence_timer_run(s);
+ cadence_timer_update(s);
+ return 0;
+}
+
+static const VMStateDescription vmstate_cadence_timer = {
+ .name = "cadence_timer",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .minimum_version_id_old = 1,
+ .pre_save = cadence_timer_pre_save,
+ .post_load = cadence_timer_post_load,
+ .fields = (VMStateField[]) {
+ VMSTATE_UINT32(reg_clock, CadenceTimerState),
+ VMSTATE_UINT32(reg_count, CadenceTimerState),
+ VMSTATE_UINT32(reg_value, CadenceTimerState),
+ VMSTATE_UINT16(reg_interval, CadenceTimerState),
+ VMSTATE_UINT16_ARRAY(reg_match, CadenceTimerState, 3),
+ VMSTATE_UINT32(reg_intr, CadenceTimerState),
+ VMSTATE_UINT32(reg_intr_en, CadenceTimerState),
+ VMSTATE_UINT32(reg_event_ctrl, CadenceTimerState),
+ VMSTATE_UINT32(reg_event, CadenceTimerState),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+static const VMStateDescription vmstate_cadence_ttc = {
+ .name = "cadence_TTC",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .minimum_version_id_old = 1,
+ .fields = (VMStateField[]) {
+ VMSTATE_STRUCT_ARRAY(timer, CadenceTTCState, 3, 0,
+ vmstate_cadence_timer,
+ CadenceTimerState),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+static void cadence_ttc_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ SysBusDeviceClass *sdc = SYS_BUS_DEVICE_CLASS(klass);
+
+ sdc->init = cadence_ttc_init;
+ dc->vmsd = &vmstate_cadence_ttc;
+}
+
+static const TypeInfo cadence_ttc_info = {
+ .name = TYPE_CADENCE_TTC,
+ .parent = TYPE_SYS_BUS_DEVICE,
+ .instance_size = sizeof(CadenceTTCState),
+ .class_init = cadence_ttc_class_init,
+};
+
+static void cadence_ttc_register_types(void)
+{
+ type_register_static(&cadence_ttc_info);
+}
+
+type_init(cadence_ttc_register_types)
diff --git a/hw/timer/ds1338.c b/hw/timer/ds1338.c
new file mode 100644
index 000000000..8987cdc9e
--- /dev/null
+++ b/hw/timer/ds1338.c
@@ -0,0 +1,236 @@
+/*
+ * MAXIM DS1338 I2C RTC+NVRAM
+ *
+ * Copyright (c) 2009 CodeSourcery.
+ * Written by Paul Brook
+ *
+ * This code is licensed under the GNU GPL v2.
+ *
+ * Contributions after 2012-01-13 are licensed under the terms of the
+ * GNU GPL, version 2 or (at your option) any later version.
+ */
+
+#include "hw/i2c/i2c.h"
+
+/* Size of NVRAM including both the user-accessible area and the
+ * secondary register area.
+ */
+#define NVRAM_SIZE 64
+
+/* Flags definitions */
+#define SECONDS_CH 0x80
+#define HOURS_12 0x40
+#define HOURS_PM 0x20
+#define CTRL_OSF 0x20
+
+typedef struct {
+ I2CSlave i2c;
+ int64_t offset;
+ uint8_t wday_offset;
+ uint8_t nvram[NVRAM_SIZE];
+ int32_t ptr;
+ bool addr_byte;
+} DS1338State;
+
+static const VMStateDescription vmstate_ds1338 = {
+ .name = "ds1338",
+ .version_id = 2,
+ .minimum_version_id = 1,
+ .minimum_version_id_old = 1,
+ .fields = (VMStateField[]) {
+ VMSTATE_I2C_SLAVE(i2c, DS1338State),
+ VMSTATE_INT64(offset, DS1338State),
+ VMSTATE_UINT8_V(wday_offset, DS1338State, 2),
+ VMSTATE_UINT8_ARRAY(nvram, DS1338State, NVRAM_SIZE),
+ VMSTATE_INT32(ptr, DS1338State),
+ VMSTATE_BOOL(addr_byte, DS1338State),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+static void capture_current_time(DS1338State *s)
+{
+ /* Capture the current time into the secondary registers
+ * which will be actually read by the data transfer operation.
+ */
+ struct tm now;
+ qemu_get_timedate(&now, s->offset);
+ s->nvram[0] = to_bcd(now.tm_sec);
+ s->nvram[1] = to_bcd(now.tm_min);
+ if (s->nvram[2] & HOURS_12) {
+ int tmp = now.tm_hour;
+ if (tmp % 12 == 0) {
+ tmp += 12;
+ }
+ if (tmp <= 12) {
+ s->nvram[2] = HOURS_12 | to_bcd(tmp);
+ } else {
+ s->nvram[2] = HOURS_12 | HOURS_PM | to_bcd(tmp - 12);
+ }
+ } else {
+ s->nvram[2] = to_bcd(now.tm_hour);
+ }
+ s->nvram[3] = (now.tm_wday + s->wday_offset) % 7 + 1;
+ s->nvram[4] = to_bcd(now.tm_mday);
+ s->nvram[5] = to_bcd(now.tm_mon + 1);
+ s->nvram[6] = to_bcd(now.tm_year - 100);
+}
+
+static void inc_regptr(DS1338State *s)
+{
+ /* The register pointer wraps around after 0x3F; wraparound
+ * causes the current time/date to be retransferred into
+ * the secondary registers.
+ */
+ s->ptr = (s->ptr + 1) & (NVRAM_SIZE - 1);
+ if (!s->ptr) {
+ capture_current_time(s);
+ }
+}
+
+static void ds1338_event(I2CSlave *i2c, enum i2c_event event)
+{
+ DS1338State *s = FROM_I2C_SLAVE(DS1338State, i2c);
+
+ switch (event) {
+ case I2C_START_RECV:
+ /* In h/w, capture happens on any START condition, not just a
+ * START_RECV, but there is no need to actually capture on
+ * START_SEND, because the guest can't get at that data
+ * without going through a START_RECV which would overwrite it.
+ */
+ capture_current_time(s);
+ break;
+ case I2C_START_SEND:
+ s->addr_byte = true;
+ break;
+ default:
+ break;
+ }
+}
+
+static int ds1338_recv(I2CSlave *i2c)
+{
+ DS1338State *s = FROM_I2C_SLAVE(DS1338State, i2c);
+ uint8_t res;
+
+ res = s->nvram[s->ptr];
+ inc_regptr(s);
+ return res;
+}
+
+static int ds1338_send(I2CSlave *i2c, uint8_t data)
+{
+ DS1338State *s = FROM_I2C_SLAVE(DS1338State, i2c);
+ if (s->addr_byte) {
+ s->ptr = data & (NVRAM_SIZE - 1);
+ s->addr_byte = false;
+ return 0;
+ }
+ if (s->ptr < 7) {
+ /* Time register. */
+ struct tm now;
+ qemu_get_timedate(&now, s->offset);
+ switch(s->ptr) {
+ case 0:
+ /* TODO: Implement CH (stop) bit. */
+ now.tm_sec = from_bcd(data & 0x7f);
+ break;
+ case 1:
+ now.tm_min = from_bcd(data & 0x7f);
+ break;
+ case 2:
+ if (data & HOURS_12) {
+ int tmp = from_bcd(data & (HOURS_PM - 1));
+ if (data & HOURS_PM) {
+ tmp += 12;
+ }
+ if (tmp % 12 == 0) {
+ tmp -= 12;
+ }
+ now.tm_hour = tmp;
+ } else {
+ now.tm_hour = from_bcd(data & (HOURS_12 - 1));
+ }
+ break;
+ case 3:
+ {
+ /* The day field is supposed to contain a value in
+ the range 1-7. Otherwise behavior is undefined.
+ */
+ int user_wday = (data & 7) - 1;
+ s->wday_offset = (user_wday - now.tm_wday + 7) % 7;
+ }
+ break;
+ case 4:
+ now.tm_mday = from_bcd(data & 0x3f);
+ break;
+ case 5:
+ now.tm_mon = from_bcd(data & 0x1f) - 1;
+ break;
+ case 6:
+ now.tm_year = from_bcd(data) + 100;
+ break;
+ }
+ s->offset = qemu_timedate_diff(&now);
+ } else if (s->ptr == 7) {
+ /* Control register. */
+
+ /* Ensure bits 2, 3 and 6 will read back as zero. */
+ data &= 0xB3;
+
+ /* Attempting to write the OSF flag to logic 1 leaves the
+ value unchanged. */
+ data = (data & ~CTRL_OSF) | (data & s->nvram[s->ptr] & CTRL_OSF);
+
+ s->nvram[s->ptr] = data;
+ } else {
+ s->nvram[s->ptr] = data;
+ }
+ inc_regptr(s);
+ return 0;
+}
+
+static int ds1338_init(I2CSlave *i2c)
+{
+ return 0;
+}
+
+static void ds1338_reset(DeviceState *dev)
+{
+ DS1338State *s = FROM_I2C_SLAVE(DS1338State, I2C_SLAVE(dev));
+
+ /* The clock is running and synchronized with the host */
+ s->offset = 0;
+ s->wday_offset = 0;
+ memset(s->nvram, 0, NVRAM_SIZE);
+ s->ptr = 0;
+ s->addr_byte = false;
+}
+
+static void ds1338_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ I2CSlaveClass *k = I2C_SLAVE_CLASS(klass);
+
+ k->init = ds1338_init;
+ k->event = ds1338_event;
+ k->recv = ds1338_recv;
+ k->send = ds1338_send;
+ dc->reset = ds1338_reset;
+ dc->vmsd = &vmstate_ds1338;
+}
+
+static const TypeInfo ds1338_info = {
+ .name = "ds1338",
+ .parent = TYPE_I2C_SLAVE,
+ .instance_size = sizeof(DS1338State),
+ .class_init = ds1338_class_init,
+};
+
+static void ds1338_register_types(void)
+{
+ type_register_static(&ds1338_info);
+}
+
+type_init(ds1338_register_types)
diff --git a/hw/timer/etraxfs_timer.c b/hw/timer/etraxfs_timer.c
new file mode 100644
index 000000000..a38d9e4eb
--- /dev/null
+++ b/hw/timer/etraxfs_timer.c
@@ -0,0 +1,357 @@
+/*
+ * QEMU ETRAX Timers
+ *
+ * Copyright (c) 2007 Edgar E. Iglesias, Axis Communications AB.
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+#include "hw/sysbus.h"
+#include "sysemu/sysemu.h"
+#include "qemu/timer.h"
+#include "hw/ptimer.h"
+
+#define D(x)
+
+#define RW_TMR0_DIV 0x00
+#define R_TMR0_DATA 0x04
+#define RW_TMR0_CTRL 0x08
+#define RW_TMR1_DIV 0x10
+#define R_TMR1_DATA 0x14
+#define RW_TMR1_CTRL 0x18
+#define R_TIME 0x38
+#define RW_WD_CTRL 0x40
+#define R_WD_STAT 0x44
+#define RW_INTR_MASK 0x48
+#define RW_ACK_INTR 0x4c
+#define R_INTR 0x50
+#define R_MASKED_INTR 0x54
+
+#define TYPE_ETRAX_FS_TIMER "etraxfs,timer"
+#define ETRAX_TIMER(obj) \
+ OBJECT_CHECK(ETRAXTimerState, (obj), TYPE_ETRAX_FS_TIMER)
+
+typedef struct ETRAXTimerState {
+ SysBusDevice parent_obj;
+
+ MemoryRegion mmio;
+ qemu_irq irq;
+ qemu_irq nmi;
+
+ QEMUBH *bh_t0;
+ QEMUBH *bh_t1;
+ QEMUBH *bh_wd;
+ ptimer_state *ptimer_t0;
+ ptimer_state *ptimer_t1;
+ ptimer_state *ptimer_wd;
+
+ int wd_hits;
+
+ /* Control registers. */
+ uint32_t rw_tmr0_div;
+ uint32_t r_tmr0_data;
+ uint32_t rw_tmr0_ctrl;
+
+ uint32_t rw_tmr1_div;
+ uint32_t r_tmr1_data;
+ uint32_t rw_tmr1_ctrl;
+
+ uint32_t rw_wd_ctrl;
+
+ uint32_t rw_intr_mask;
+ uint32_t rw_ack_intr;
+ uint32_t r_intr;
+ uint32_t r_masked_intr;
+} ETRAXTimerState;
+
+static uint64_t
+timer_read(void *opaque, hwaddr addr, unsigned int size)
+{
+ ETRAXTimerState *t = opaque;
+ uint32_t r = 0;
+
+ switch (addr) {
+ case R_TMR0_DATA:
+ r = ptimer_get_count(t->ptimer_t0);
+ break;
+ case R_TMR1_DATA:
+ r = ptimer_get_count(t->ptimer_t1);
+ break;
+ case R_TIME:
+ r = qemu_get_clock_ns(vm_clock) / 10;
+ break;
+ case RW_INTR_MASK:
+ r = t->rw_intr_mask;
+ break;
+ case R_MASKED_INTR:
+ r = t->r_intr & t->rw_intr_mask;
+ break;
+ default:
+ D(printf ("%s %x\n", __func__, addr));
+ break;
+ }
+ return r;
+}
+
+static void update_ctrl(ETRAXTimerState *t, int tnum)
+{
+ unsigned int op;
+ unsigned int freq;
+ unsigned int freq_hz;
+ unsigned int div;
+ uint32_t ctrl;
+
+ ptimer_state *timer;
+
+ if (tnum == 0) {
+ ctrl = t->rw_tmr0_ctrl;
+ div = t->rw_tmr0_div;
+ timer = t->ptimer_t0;
+ } else {
+ ctrl = t->rw_tmr1_ctrl;
+ div = t->rw_tmr1_div;
+ timer = t->ptimer_t1;
+ }
+
+
+ op = ctrl & 3;
+ freq = ctrl >> 2;
+ freq_hz = 32000000;
+
+ switch (freq)
+ {
+ case 0:
+ case 1:
+ D(printf ("extern or disabled timer clock?\n"));
+ break;
+ case 4: freq_hz = 29493000; break;
+ case 5: freq_hz = 32000000; break;
+ case 6: freq_hz = 32768000; break;
+ case 7: freq_hz = 100000000; break;
+ default:
+ abort();
+ break;
+ }
+
+ D(printf ("freq_hz=%d div=%d\n", freq_hz, div));
+ ptimer_set_freq(timer, freq_hz);
+ ptimer_set_limit(timer, div, 0);
+
+ switch (op)
+ {
+ case 0:
+ /* Load. */
+ ptimer_set_limit(timer, div, 1);
+ break;
+ case 1:
+ /* Hold. */
+ ptimer_stop(timer);
+ break;
+ case 2:
+ /* Run. */
+ ptimer_run(timer, 0);
+ break;
+ default:
+ abort();
+ break;
+ }
+}
+
+static void timer_update_irq(ETRAXTimerState *t)
+{
+ t->r_intr &= ~(t->rw_ack_intr);
+ t->r_masked_intr = t->r_intr & t->rw_intr_mask;
+
+ D(printf("%s: masked_intr=%x\n", __func__, t->r_masked_intr));
+ qemu_set_irq(t->irq, !!t->r_masked_intr);
+}
+
+static void timer0_hit(void *opaque)
+{
+ ETRAXTimerState *t = opaque;
+ t->r_intr |= 1;
+ timer_update_irq(t);
+}
+
+static void timer1_hit(void *opaque)
+{
+ ETRAXTimerState *t = opaque;
+ t->r_intr |= 2;
+ timer_update_irq(t);
+}
+
+static void watchdog_hit(void *opaque)
+{
+ ETRAXTimerState *t = opaque;
+ if (t->wd_hits == 0) {
+ /* real hw gives a single tick before reseting but we are
+ a bit friendlier to compensate for our slower execution. */
+ ptimer_set_count(t->ptimer_wd, 10);
+ ptimer_run(t->ptimer_wd, 1);
+ qemu_irq_raise(t->nmi);
+ }
+ else
+ qemu_system_reset_request();
+
+ t->wd_hits++;
+}
+
+static inline void timer_watchdog_update(ETRAXTimerState *t, uint32_t value)
+{
+ unsigned int wd_en = t->rw_wd_ctrl & (1 << 8);
+ unsigned int wd_key = t->rw_wd_ctrl >> 9;
+ unsigned int wd_cnt = t->rw_wd_ctrl & 511;
+ unsigned int new_key = value >> 9 & ((1 << 7) - 1);
+ unsigned int new_cmd = (value >> 8) & 1;
+
+ /* If the watchdog is enabled, they written key must match the
+ complement of the previous. */
+ wd_key = ~wd_key & ((1 << 7) - 1);
+
+ if (wd_en && wd_key != new_key)
+ return;
+
+ D(printf("en=%d new_key=%x oldkey=%x cmd=%d cnt=%d\n",
+ wd_en, new_key, wd_key, new_cmd, wd_cnt));
+
+ if (t->wd_hits)
+ qemu_irq_lower(t->nmi);
+
+ t->wd_hits = 0;
+
+ ptimer_set_freq(t->ptimer_wd, 760);
+ if (wd_cnt == 0)
+ wd_cnt = 256;
+ ptimer_set_count(t->ptimer_wd, wd_cnt);
+ if (new_cmd)
+ ptimer_run(t->ptimer_wd, 1);
+ else
+ ptimer_stop(t->ptimer_wd);
+
+ t->rw_wd_ctrl = value;
+}
+
+static void
+timer_write(void *opaque, hwaddr addr,
+ uint64_t val64, unsigned int size)
+{
+ ETRAXTimerState *t = opaque;
+ uint32_t value = val64;
+
+ switch (addr)
+ {
+ case RW_TMR0_DIV:
+ t->rw_tmr0_div = value;
+ break;
+ case RW_TMR0_CTRL:
+ D(printf ("RW_TMR0_CTRL=%x\n", value));
+ t->rw_tmr0_ctrl = value;
+ update_ctrl(t, 0);
+ break;
+ case RW_TMR1_DIV:
+ t->rw_tmr1_div = value;
+ break;
+ case RW_TMR1_CTRL:
+ D(printf ("RW_TMR1_CTRL=%x\n", value));
+ t->rw_tmr1_ctrl = value;
+ update_ctrl(t, 1);
+ break;
+ case RW_INTR_MASK:
+ D(printf ("RW_INTR_MASK=%x\n", value));
+ t->rw_intr_mask = value;
+ timer_update_irq(t);
+ break;
+ case RW_WD_CTRL:
+ timer_watchdog_update(t, value);
+ break;
+ case RW_ACK_INTR:
+ t->rw_ack_intr = value;
+ timer_update_irq(t);
+ t->rw_ack_intr = 0;
+ break;
+ default:
+ printf ("%s " TARGET_FMT_plx " %x\n",
+ __func__, addr, value);
+ break;
+ }
+}
+
+static const MemoryRegionOps timer_ops = {
+ .read = timer_read,
+ .write = timer_write,
+ .endianness = DEVICE_LITTLE_ENDIAN,
+ .valid = {
+ .min_access_size = 4,
+ .max_access_size = 4
+ }
+};
+
+static void etraxfs_timer_reset(void *opaque)
+{
+ ETRAXTimerState *t = opaque;
+
+ ptimer_stop(t->ptimer_t0);
+ ptimer_stop(t->ptimer_t1);
+ ptimer_stop(t->ptimer_wd);
+ t->rw_wd_ctrl = 0;
+ t->r_intr = 0;
+ t->rw_intr_mask = 0;
+ qemu_irq_lower(t->irq);
+}
+
+static int etraxfs_timer_init(SysBusDevice *dev)
+{
+ ETRAXTimerState *t = ETRAX_TIMER(dev);
+
+ t->bh_t0 = qemu_bh_new(timer0_hit, t);
+ t->bh_t1 = qemu_bh_new(timer1_hit, t);
+ t->bh_wd = qemu_bh_new(watchdog_hit, t);
+ t->ptimer_t0 = ptimer_init(t->bh_t0);
+ t->ptimer_t1 = ptimer_init(t->bh_t1);
+ t->ptimer_wd = ptimer_init(t->bh_wd);
+
+ sysbus_init_irq(dev, &t->irq);
+ sysbus_init_irq(dev, &t->nmi);
+
+ memory_region_init_io(&t->mmio, OBJECT(t), &timer_ops, t,
+ "etraxfs-timer", 0x5c);
+ sysbus_init_mmio(dev, &t->mmio);
+ qemu_register_reset(etraxfs_timer_reset, t);
+ return 0;
+}
+
+static void etraxfs_timer_class_init(ObjectClass *klass, void *data)
+{
+ SysBusDeviceClass *sdc = SYS_BUS_DEVICE_CLASS(klass);
+
+ sdc->init = etraxfs_timer_init;
+}
+
+static const TypeInfo etraxfs_timer_info = {
+ .name = TYPE_ETRAX_FS_TIMER,
+ .parent = TYPE_SYS_BUS_DEVICE,
+ .instance_size = sizeof(ETRAXTimerState),
+ .class_init = etraxfs_timer_class_init,
+};
+
+static void etraxfs_timer_register_types(void)
+{
+ type_register_static(&etraxfs_timer_info);
+}
+
+type_init(etraxfs_timer_register_types)
diff --git a/hw/timer/exynos4210_mct.c b/hw/timer/exynos4210_mct.c
new file mode 100644
index 000000000..a8009a431
--- /dev/null
+++ b/hw/timer/exynos4210_mct.c
@@ -0,0 +1,1486 @@
+/*
+ * Samsung exynos4210 Multi Core timer
+ *
+ * Copyright (c) 2000 - 2011 Samsung Electronics Co., Ltd.
+ * All rights reserved.
+ *
+ * Evgeny Voevodin <e.voevodin@samsung.com>
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+ * See the GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+/*
+ * Global Timer:
+ *
+ * Consists of two timers. First represents Free Running Counter and second
+ * is used to measure interval from FRC to nearest comparator.
+ *
+ * 0 UINT64_MAX
+ * | timer0 |
+ * | <-------------------------------------------------------------- |
+ * | --------------------------------------------frc---------------> |
+ * |______________________________________________|__________________|
+ * CMP0 CMP1 CMP2 | CMP3
+ * __| |_
+ * | timer1 |
+ * | -------------> |
+ * frc CMPx
+ *
+ * Problem: when implementing global timer as is, overflow arises.
+ * next_time = cur_time + period * count;
+ * period and count are 64 bits width.
+ * Lets arm timer for MCT_GT_COUNTER_STEP count and update internal G_CNT
+ * register during each event.
+ *
+ * Problem: both timers need to be implemented using MCT_XT_COUNTER_STEP because
+ * local timer contains two counters: TCNT and ICNT. TCNT == 0 -> ICNT--.
+ * IRQ is generated when ICNT riches zero. Implementation where TCNT == 0
+ * generates IRQs suffers from too frequently events. Better to have one
+ * uint64_t counter equal to TCNT*ICNT and arm ptimer.c for a minimum(TCNT*ICNT,
+ * MCT_GT_COUNTER_STEP); (yes, if target tunes ICNT * TCNT to be too low values,
+ * there is no way to avoid frequently events).
+ */
+
+#include "hw/sysbus.h"
+#include "qemu/timer.h"
+#include "qemu-common.h"
+#include "hw/ptimer.h"
+
+#include "hw/arm/exynos4210.h"
+
+//#define DEBUG_MCT
+
+#ifdef DEBUG_MCT
+#define DPRINTF(fmt, ...) \
+ do { fprintf(stdout, "MCT: [%24s:%5d] " fmt, __func__, __LINE__, \
+ ## __VA_ARGS__); } while (0)
+#else
+#define DPRINTF(fmt, ...) do {} while (0)
+#endif
+
+#define MCT_CFG 0x000
+#define G_CNT_L 0x100
+#define G_CNT_U 0x104
+#define G_CNT_WSTAT 0x110
+#define G_COMP0_L 0x200
+#define G_COMP0_U 0x204
+#define G_COMP0_ADD_INCR 0x208
+#define G_COMP1_L 0x210
+#define G_COMP1_U 0x214
+#define G_COMP1_ADD_INCR 0x218
+#define G_COMP2_L 0x220
+#define G_COMP2_U 0x224
+#define G_COMP2_ADD_INCR 0x228
+#define G_COMP3_L 0x230
+#define G_COMP3_U 0x234
+#define G_COMP3_ADD_INCR 0x238
+#define G_TCON 0x240
+#define G_INT_CSTAT 0x244
+#define G_INT_ENB 0x248
+#define G_WSTAT 0x24C
+#define L0_TCNTB 0x300
+#define L0_TCNTO 0x304
+#define L0_ICNTB 0x308
+#define L0_ICNTO 0x30C
+#define L0_FRCNTB 0x310
+#define L0_FRCNTO 0x314
+#define L0_TCON 0x320
+#define L0_INT_CSTAT 0x330
+#define L0_INT_ENB 0x334
+#define L0_WSTAT 0x340
+#define L1_TCNTB 0x400
+#define L1_TCNTO 0x404
+#define L1_ICNTB 0x408
+#define L1_ICNTO 0x40C
+#define L1_FRCNTB 0x410
+#define L1_FRCNTO 0x414
+#define L1_TCON 0x420
+#define L1_INT_CSTAT 0x430
+#define L1_INT_ENB 0x434
+#define L1_WSTAT 0x440
+
+#define MCT_CFG_GET_PRESCALER(x) ((x) & 0xFF)
+#define MCT_CFG_GET_DIVIDER(x) (1 << ((x) >> 8 & 7))
+
+#define GET_G_COMP_IDX(offset) (((offset) - G_COMP0_L) / 0x10)
+#define GET_G_COMP_ADD_INCR_IDX(offset) (((offset) - G_COMP0_ADD_INCR) / 0x10)
+
+#define G_COMP_L(x) (G_COMP0_L + (x) * 0x10)
+#define G_COMP_U(x) (G_COMP0_U + (x) * 0x10)
+
+#define G_COMP_ADD_INCR(x) (G_COMP0_ADD_INCR + (x) * 0x10)
+
+/* MCT bits */
+#define G_TCON_COMP_ENABLE(x) (1 << 2 * (x))
+#define G_TCON_AUTO_ICREMENT(x) (1 << (2 * (x) + 1))
+#define G_TCON_TIMER_ENABLE (1 << 8)
+
+#define G_INT_ENABLE(x) (1 << (x))
+#define G_INT_CSTAT_COMP(x) (1 << (x))
+
+#define G_CNT_WSTAT_L 1
+#define G_CNT_WSTAT_U 2
+
+#define G_WSTAT_COMP_L(x) (1 << 4 * (x))
+#define G_WSTAT_COMP_U(x) (1 << ((4 * (x)) + 1))
+#define G_WSTAT_COMP_ADDINCR(x) (1 << ((4 * (x)) + 2))
+#define G_WSTAT_TCON_WRITE (1 << 16)
+
+#define GET_L_TIMER_IDX(offset) ((((offset) & 0xF00) - L0_TCNTB) / 0x100)
+#define GET_L_TIMER_CNT_REG_IDX(offset, lt_i) \
+ (((offset) - (L0_TCNTB + 0x100 * (lt_i))) >> 2)
+
+#define L_ICNTB_MANUAL_UPDATE (1 << 31)
+
+#define L_TCON_TICK_START (1)
+#define L_TCON_INT_START (1 << 1)
+#define L_TCON_INTERVAL_MODE (1 << 2)
+#define L_TCON_FRC_START (1 << 3)
+
+#define L_INT_CSTAT_INTCNT (1 << 0)
+#define L_INT_CSTAT_FRCCNT (1 << 1)
+
+#define L_INT_INTENB_ICNTEIE (1 << 0)
+#define L_INT_INTENB_FRCEIE (1 << 1)
+
+#define L_WSTAT_TCNTB_WRITE (1 << 0)
+#define L_WSTAT_ICNTB_WRITE (1 << 1)
+#define L_WSTAT_FRCCNTB_WRITE (1 << 2)
+#define L_WSTAT_TCON_WRITE (1 << 3)
+
+enum LocalTimerRegCntIndexes {
+ L_REG_CNT_TCNTB,
+ L_REG_CNT_TCNTO,
+ L_REG_CNT_ICNTB,
+ L_REG_CNT_ICNTO,
+ L_REG_CNT_FRCCNTB,
+ L_REG_CNT_FRCCNTO,
+
+ L_REG_CNT_AMOUNT
+};
+
+#define MCT_NIRQ 6
+#define MCT_SFR_SIZE 0x444
+
+#define MCT_GT_CMP_NUM 4
+
+#define MCT_GT_MAX_VAL UINT64_MAX
+
+#define MCT_GT_COUNTER_STEP 0x100000000ULL
+#define MCT_LT_COUNTER_STEP 0x100000000ULL
+#define MCT_LT_CNT_LOW_LIMIT 0x100
+
+/* global timer */
+typedef struct {
+ qemu_irq irq[MCT_GT_CMP_NUM];
+
+ struct gregs {
+ uint64_t cnt;
+ uint32_t cnt_wstat;
+ uint32_t tcon;
+ uint32_t int_cstat;
+ uint32_t int_enb;
+ uint32_t wstat;
+ uint64_t comp[MCT_GT_CMP_NUM];
+ uint32_t comp_add_incr[MCT_GT_CMP_NUM];
+ } reg;
+
+ uint64_t count; /* Value FRC was armed with */
+ int32_t curr_comp; /* Current comparator FRC is running to */
+
+ ptimer_state *ptimer_frc; /* FRC timer */
+
+} Exynos4210MCTGT;
+
+/* local timer */
+typedef struct {
+ int id; /* timer id */
+ qemu_irq irq; /* local timer irq */
+
+ struct tick_timer {
+ uint32_t cnt_run; /* cnt timer is running */
+ uint32_t int_run; /* int timer is running */
+
+ uint32_t last_icnto;
+ uint32_t last_tcnto;
+ uint32_t tcntb; /* initial value for TCNTB */
+ uint32_t icntb; /* initial value for ICNTB */
+
+ /* for step mode */
+ uint64_t distance; /* distance to count to the next event */
+ uint64_t progress; /* progress when counting by steps */
+ uint64_t count; /* count to arm timer with */
+
+ ptimer_state *ptimer_tick; /* timer for tick counter */
+ } tick_timer;
+
+ /* use ptimer.c to represent count down timer */
+
+ ptimer_state *ptimer_frc; /* timer for free running counter */
+
+ /* registers */
+ struct lregs {
+ uint32_t cnt[L_REG_CNT_AMOUNT];
+ uint32_t tcon;
+ uint32_t int_cstat;
+ uint32_t int_enb;
+ uint32_t wstat;
+ } reg;
+
+} Exynos4210MCTLT;
+
+#define TYPE_EXYNOS4210_MCT "exynos4210.mct"
+#define EXYNOS4210_MCT(obj) \
+ OBJECT_CHECK(Exynos4210MCTState, (obj), TYPE_EXYNOS4210_MCT)
+
+typedef struct Exynos4210MCTState {
+ SysBusDevice parent_obj;
+
+ MemoryRegion iomem;
+
+ /* Registers */
+ uint32_t reg_mct_cfg;
+
+ Exynos4210MCTLT l_timer[2];
+ Exynos4210MCTGT g_timer;
+
+ uint32_t freq; /* all timers tick frequency, TCLK */
+} Exynos4210MCTState;
+
+/*** VMState ***/
+static const VMStateDescription vmstate_tick_timer = {
+ .name = "exynos4210.mct.tick_timer",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .minimum_version_id_old = 1,
+ .fields = (VMStateField[]) {
+ VMSTATE_UINT32(cnt_run, struct tick_timer),
+ VMSTATE_UINT32(int_run, struct tick_timer),
+ VMSTATE_UINT32(last_icnto, struct tick_timer),
+ VMSTATE_UINT32(last_tcnto, struct tick_timer),
+ VMSTATE_UINT32(tcntb, struct tick_timer),
+ VMSTATE_UINT32(icntb, struct tick_timer),
+ VMSTATE_UINT64(distance, struct tick_timer),
+ VMSTATE_UINT64(progress, struct tick_timer),
+ VMSTATE_UINT64(count, struct tick_timer),
+ VMSTATE_PTIMER(ptimer_tick, struct tick_timer),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+static const VMStateDescription vmstate_lregs = {
+ .name = "exynos4210.mct.lregs",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .minimum_version_id_old = 1,
+ .fields = (VMStateField[]) {
+ VMSTATE_UINT32_ARRAY(cnt, struct lregs, L_REG_CNT_AMOUNT),
+ VMSTATE_UINT32(tcon, struct lregs),
+ VMSTATE_UINT32(int_cstat, struct lregs),
+ VMSTATE_UINT32(int_enb, struct lregs),
+ VMSTATE_UINT32(wstat, struct lregs),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+static const VMStateDescription vmstate_exynos4210_mct_lt = {
+ .name = "exynos4210.mct.lt",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .minimum_version_id_old = 1,
+ .fields = (VMStateField[]) {
+ VMSTATE_INT32(id, Exynos4210MCTLT),
+ VMSTATE_STRUCT(tick_timer, Exynos4210MCTLT, 0,
+ vmstate_tick_timer,
+ struct tick_timer),
+ VMSTATE_PTIMER(ptimer_frc, Exynos4210MCTLT),
+ VMSTATE_STRUCT(reg, Exynos4210MCTLT, 0,
+ vmstate_lregs,
+ struct lregs),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+static const VMStateDescription vmstate_gregs = {
+ .name = "exynos4210.mct.lregs",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .minimum_version_id_old = 1,
+ .fields = (VMStateField[]) {
+ VMSTATE_UINT64(cnt, struct gregs),
+ VMSTATE_UINT32(cnt_wstat, struct gregs),
+ VMSTATE_UINT32(tcon, struct gregs),
+ VMSTATE_UINT32(int_cstat, struct gregs),
+ VMSTATE_UINT32(int_enb, struct gregs),
+ VMSTATE_UINT32(wstat, struct gregs),
+ VMSTATE_UINT64_ARRAY(comp, struct gregs, MCT_GT_CMP_NUM),
+ VMSTATE_UINT32_ARRAY(comp_add_incr, struct gregs,
+ MCT_GT_CMP_NUM),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+static const VMStateDescription vmstate_exynos4210_mct_gt = {
+ .name = "exynos4210.mct.lt",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .minimum_version_id_old = 1,
+ .fields = (VMStateField[]) {
+ VMSTATE_STRUCT(reg, Exynos4210MCTGT, 0, vmstate_gregs,
+ struct gregs),
+ VMSTATE_UINT64(count, Exynos4210MCTGT),
+ VMSTATE_INT32(curr_comp, Exynos4210MCTGT),
+ VMSTATE_PTIMER(ptimer_frc, Exynos4210MCTGT),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+static const VMStateDescription vmstate_exynos4210_mct_state = {
+ .name = "exynos4210.mct",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .minimum_version_id_old = 1,
+ .fields = (VMStateField[]) {
+ VMSTATE_UINT32(reg_mct_cfg, Exynos4210MCTState),
+ VMSTATE_STRUCT_ARRAY(l_timer, Exynos4210MCTState, 2, 0,
+ vmstate_exynos4210_mct_lt, Exynos4210MCTLT),
+ VMSTATE_STRUCT(g_timer, Exynos4210MCTState, 0,
+ vmstate_exynos4210_mct_gt, Exynos4210MCTGT),
+ VMSTATE_UINT32(freq, Exynos4210MCTState),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+static void exynos4210_mct_update_freq(Exynos4210MCTState *s);
+
+/*
+ * Set counter of FRC global timer.
+ */
+static void exynos4210_gfrc_set_count(Exynos4210MCTGT *s, uint64_t count)
+{
+ s->count = count;
+ DPRINTF("global timer frc set count 0x%llx\n", count);
+ ptimer_set_count(s->ptimer_frc, count);
+}
+
+/*
+ * Get counter of FRC global timer.
+ */
+static uint64_t exynos4210_gfrc_get_count(Exynos4210MCTGT *s)
+{
+ uint64_t count = 0;
+ count = ptimer_get_count(s->ptimer_frc);
+ count = s->count - count;
+ return s->reg.cnt + count;
+}
+
+/*
+ * Stop global FRC timer
+ */
+static void exynos4210_gfrc_stop(Exynos4210MCTGT *s)
+{
+ DPRINTF("global timer frc stop\n");
+
+ ptimer_stop(s->ptimer_frc);
+}
+
+/*
+ * Start global FRC timer
+ */
+static void exynos4210_gfrc_start(Exynos4210MCTGT *s)
+{
+ DPRINTF("global timer frc start\n");
+
+ ptimer_run(s->ptimer_frc, 1);
+}
+
+/*
+ * Find next nearest Comparator. If current Comparator value equals to other
+ * Comparator value, skip them both
+ */
+static int32_t exynos4210_gcomp_find(Exynos4210MCTState *s)
+{
+ int res;
+ int i;
+ int enabled;
+ uint64_t min;
+ int min_comp_i;
+ uint64_t gfrc;
+ uint64_t distance;
+ uint64_t distance_min;
+ int comp_i;
+
+ /* get gfrc count */
+ gfrc = exynos4210_gfrc_get_count(&s->g_timer);
+
+ min = UINT64_MAX;
+ distance_min = UINT64_MAX;
+ comp_i = MCT_GT_CMP_NUM;
+ min_comp_i = MCT_GT_CMP_NUM;
+ enabled = 0;
+
+ /* lookup for nearest comparator */
+ for (i = 0; i < MCT_GT_CMP_NUM; i++) {
+
+ if (s->g_timer.reg.tcon & G_TCON_COMP_ENABLE(i)) {
+
+ enabled = 1;
+
+ if (s->g_timer.reg.comp[i] > gfrc) {
+ /* Comparator is upper then FRC */
+ distance = s->g_timer.reg.comp[i] - gfrc;
+
+ if (distance <= distance_min) {
+ distance_min = distance;
+ comp_i = i;
+ }
+ } else {
+ /* Comparator is below FRC, find the smallest */
+
+ if (s->g_timer.reg.comp[i] <= min) {
+ min = s->g_timer.reg.comp[i];
+ min_comp_i = i;
+ }
+ }
+ }
+ }
+
+ if (!enabled) {
+ /* All Comparators disabled */
+ res = -1;
+ } else if (comp_i < MCT_GT_CMP_NUM) {
+ /* Found upper Comparator */
+ res = comp_i;
+ } else {
+ /* All Comparators are below or equal to FRC */
+ res = min_comp_i;
+ }
+
+ DPRINTF("found comparator %d: comp 0x%llx distance 0x%llx, gfrc 0x%llx\n",
+ res,
+ s->g_timer.reg.comp[res],
+ distance_min,
+ gfrc);
+
+ return res;
+}
+
+/*
+ * Get distance to nearest Comparator
+ */
+static uint64_t exynos4210_gcomp_get_distance(Exynos4210MCTState *s, int32_t id)
+{
+ if (id == -1) {
+ /* no enabled Comparators, choose max distance */
+ return MCT_GT_COUNTER_STEP;
+ }
+ if (s->g_timer.reg.comp[id] - s->g_timer.reg.cnt < MCT_GT_COUNTER_STEP) {
+ return s->g_timer.reg.comp[id] - s->g_timer.reg.cnt;
+ } else {
+ return MCT_GT_COUNTER_STEP;
+ }
+}
+
+/*
+ * Restart global FRC timer
+ */
+static void exynos4210_gfrc_restart(Exynos4210MCTState *s)
+{
+ uint64_t distance;
+
+ exynos4210_gfrc_stop(&s->g_timer);
+
+ s->g_timer.curr_comp = exynos4210_gcomp_find(s);
+
+ distance = exynos4210_gcomp_get_distance(s, s->g_timer.curr_comp);
+
+ if (distance > MCT_GT_COUNTER_STEP || !distance) {
+ distance = MCT_GT_COUNTER_STEP;
+ }
+
+ exynos4210_gfrc_set_count(&s->g_timer, distance);
+ exynos4210_gfrc_start(&s->g_timer);
+}
+
+/*
+ * Raise global timer CMP IRQ
+ */
+static void exynos4210_gcomp_raise_irq(void *opaque, uint32_t id)
+{
+ Exynos4210MCTGT *s = opaque;
+
+ /* If CSTAT is pending and IRQ is enabled */
+ if ((s->reg.int_cstat & G_INT_CSTAT_COMP(id)) &&
+ (s->reg.int_enb & G_INT_ENABLE(id))) {
+ DPRINTF("gcmp timer[%d] IRQ\n", id);
+ qemu_irq_raise(s->irq[id]);
+ }
+}
+
+/*
+ * Lower global timer CMP IRQ
+ */
+static void exynos4210_gcomp_lower_irq(void *opaque, uint32_t id)
+{
+ Exynos4210MCTGT *s = opaque;
+ qemu_irq_lower(s->irq[id]);
+}
+
+/*
+ * Global timer FRC event handler.
+ * Each event occurs when internal counter reaches counter + MCT_GT_COUNTER_STEP
+ * Every time we arm global FRC timer to count for MCT_GT_COUNTER_STEP value
+ */
+static void exynos4210_gfrc_event(void *opaque)
+{
+ Exynos4210MCTState *s = (Exynos4210MCTState *)opaque;
+ int i;
+ uint64_t distance;
+
+ DPRINTF("\n");
+
+ s->g_timer.reg.cnt += s->g_timer.count;
+
+ /* Process all comparators */
+ for (i = 0; i < MCT_GT_CMP_NUM; i++) {
+
+ if (s->g_timer.reg.cnt == s->g_timer.reg.comp[i]) {
+ /* reached nearest comparator */
+
+ s->g_timer.reg.int_cstat |= G_INT_CSTAT_COMP(i);
+
+ /* Auto increment */
+ if (s->g_timer.reg.tcon & G_TCON_AUTO_ICREMENT(i)) {
+ s->g_timer.reg.comp[i] += s->g_timer.reg.comp_add_incr[i];
+ }
+
+ /* IRQ */
+ exynos4210_gcomp_raise_irq(&s->g_timer, i);
+ }
+ }
+
+ /* Reload FRC to reach nearest comparator */
+ s->g_timer.curr_comp = exynos4210_gcomp_find(s);
+ distance = exynos4210_gcomp_get_distance(s, s->g_timer.curr_comp);
+ if (distance > MCT_GT_COUNTER_STEP || !distance) {
+ distance = MCT_GT_COUNTER_STEP;
+ }
+ exynos4210_gfrc_set_count(&s->g_timer, distance);
+
+ exynos4210_gfrc_start(&s->g_timer);
+}
+
+/*
+ * Get counter of FRC local timer.
+ */
+static uint64_t exynos4210_lfrc_get_count(Exynos4210MCTLT *s)
+{
+ return ptimer_get_count(s->ptimer_frc);
+}
+
+/*
+ * Set counter of FRC local timer.
+ */
+static void exynos4210_lfrc_update_count(Exynos4210MCTLT *s)
+{
+ if (!s->reg.cnt[L_REG_CNT_FRCCNTB]) {
+ ptimer_set_count(s->ptimer_frc, MCT_LT_COUNTER_STEP);
+ } else {
+ ptimer_set_count(s->ptimer_frc, s->reg.cnt[L_REG_CNT_FRCCNTB]);
+ }
+}
+
+/*
+ * Start local FRC timer
+ */
+static void exynos4210_lfrc_start(Exynos4210MCTLT *s)
+{
+ ptimer_run(s->ptimer_frc, 1);
+}
+
+/*
+ * Stop local FRC timer
+ */
+static void exynos4210_lfrc_stop(Exynos4210MCTLT *s)
+{
+ ptimer_stop(s->ptimer_frc);
+}
+
+/*
+ * Local timer free running counter tick handler
+ */
+static void exynos4210_lfrc_event(void *opaque)
+{
+ Exynos4210MCTLT * s = (Exynos4210MCTLT *)opaque;
+
+ /* local frc expired */
+
+ DPRINTF("\n");
+
+ s->reg.int_cstat |= L_INT_CSTAT_FRCCNT;
+
+ /* update frc counter */
+ exynos4210_lfrc_update_count(s);
+
+ /* raise irq */
+ if (s->reg.int_enb & L_INT_INTENB_FRCEIE) {
+ qemu_irq_raise(s->irq);
+ }
+
+ /* we reached here, this means that timer is enabled */
+ exynos4210_lfrc_start(s);
+}
+
+static uint32_t exynos4210_ltick_int_get_cnto(struct tick_timer *s);
+static uint32_t exynos4210_ltick_cnt_get_cnto(struct tick_timer *s);
+static void exynos4210_ltick_recalc_count(struct tick_timer *s);
+
+/*
+ * Action on enabling local tick int timer
+ */
+static void exynos4210_ltick_int_start(struct tick_timer *s)
+{
+ if (!s->int_run) {
+ s->int_run = 1;
+ }
+}
+
+/*
+ * Action on disabling local tick int timer
+ */
+static void exynos4210_ltick_int_stop(struct tick_timer *s)
+{
+ if (s->int_run) {
+ s->last_icnto = exynos4210_ltick_int_get_cnto(s);
+ s->int_run = 0;
+ }
+}
+
+/*
+ * Get count for INT timer
+ */
+static uint32_t exynos4210_ltick_int_get_cnto(struct tick_timer *s)
+{
+ uint32_t icnto;
+ uint64_t remain;
+ uint64_t count;
+ uint64_t counted;
+ uint64_t cur_progress;
+
+ count = ptimer_get_count(s->ptimer_tick);
+ if (count) {
+ /* timer is still counting, called not from event */
+ counted = s->count - ptimer_get_count(s->ptimer_tick);
+ cur_progress = s->progress + counted;
+ } else {
+ /* timer expired earlier */
+ cur_progress = s->progress;
+ }
+
+ remain = s->distance - cur_progress;
+
+ if (!s->int_run) {
+ /* INT is stopped. */
+ icnto = s->last_icnto;
+ } else {
+ /* Both are counting */
+ icnto = remain / s->tcntb;
+ }
+
+ return icnto;
+}
+
+/*
+ * Start local tick cnt timer.
+ */
+static void exynos4210_ltick_cnt_start(struct tick_timer *s)
+{
+ if (!s->cnt_run) {
+
+ exynos4210_ltick_recalc_count(s);
+ ptimer_set_count(s->ptimer_tick, s->count);
+ ptimer_run(s->ptimer_tick, 1);
+
+ s->cnt_run = 1;
+ }
+}
+
+/*
+ * Stop local tick cnt timer.
+ */
+static void exynos4210_ltick_cnt_stop(struct tick_timer *s)
+{
+ if (s->cnt_run) {
+
+ s->last_tcnto = exynos4210_ltick_cnt_get_cnto(s);
+
+ if (s->int_run) {
+ exynos4210_ltick_int_stop(s);
+ }
+
+ ptimer_stop(s->ptimer_tick);
+
+ s->cnt_run = 0;
+ }
+}
+
+/*
+ * Get counter for CNT timer
+ */
+static uint32_t exynos4210_ltick_cnt_get_cnto(struct tick_timer *s)
+{
+ uint32_t tcnto;
+ uint32_t icnto;
+ uint64_t remain;
+ uint64_t counted;
+ uint64_t count;
+ uint64_t cur_progress;
+
+ count = ptimer_get_count(s->ptimer_tick);
+ if (count) {
+ /* timer is still counting, called not from event */
+ counted = s->count - ptimer_get_count(s->ptimer_tick);
+ cur_progress = s->progress + counted;
+ } else {
+ /* timer expired earlier */
+ cur_progress = s->progress;
+ }
+
+ remain = s->distance - cur_progress;
+
+ if (!s->cnt_run) {
+ /* Both are stopped. */
+ tcnto = s->last_tcnto;
+ } else if (!s->int_run) {
+ /* INT counter is stopped, progress is by CNT timer */
+ tcnto = remain % s->tcntb;
+ } else {
+ /* Both are counting */
+ icnto = remain / s->tcntb;
+ if (icnto) {
+ tcnto = remain % (icnto * s->tcntb);
+ } else {
+ tcnto = remain % s->tcntb;
+ }
+ }
+
+ return tcnto;
+}
+
+/*
+ * Set new values of counters for CNT and INT timers
+ */
+static void exynos4210_ltick_set_cntb(struct tick_timer *s, uint32_t new_cnt,
+ uint32_t new_int)
+{
+ uint32_t cnt_stopped = 0;
+ uint32_t int_stopped = 0;
+
+ if (s->cnt_run) {
+ exynos4210_ltick_cnt_stop(s);
+ cnt_stopped = 1;
+ }
+
+ if (s->int_run) {
+ exynos4210_ltick_int_stop(s);
+ int_stopped = 1;
+ }
+
+ s->tcntb = new_cnt + 1;
+ s->icntb = new_int + 1;
+
+ if (cnt_stopped) {
+ exynos4210_ltick_cnt_start(s);
+ }
+ if (int_stopped) {
+ exynos4210_ltick_int_start(s);
+ }
+
+}
+
+/*
+ * Calculate new counter value for tick timer
+ */
+static void exynos4210_ltick_recalc_count(struct tick_timer *s)
+{
+ uint64_t to_count;
+
+ if ((s->cnt_run && s->last_tcnto) || (s->int_run && s->last_icnto)) {
+ /*
+ * one or both timers run and not counted to the end;
+ * distance is not passed, recalculate with last_tcnto * last_icnto
+ */
+
+ if (s->last_tcnto) {
+ to_count = s->last_tcnto * s->last_icnto;
+ } else {
+ to_count = s->last_icnto;
+ }
+ } else {
+ /* distance is passed, recalculate with tcnto * icnto */
+ if (s->icntb) {
+ s->distance = s->tcntb * s->icntb;
+ } else {
+ s->distance = s->tcntb;
+ }
+
+ to_count = s->distance;
+ s->progress = 0;
+ }
+
+ if (to_count > MCT_LT_COUNTER_STEP) {
+ /* count by step */
+ s->count = MCT_LT_COUNTER_STEP;
+ } else {
+ s->count = to_count;
+ }
+}
+
+/*
+ * Initialize tick_timer
+ */
+static void exynos4210_ltick_timer_init(struct tick_timer *s)
+{
+ exynos4210_ltick_int_stop(s);
+ exynos4210_ltick_cnt_stop(s);
+
+ s->count = 0;
+ s->distance = 0;
+ s->progress = 0;
+ s->icntb = 0;
+ s->tcntb = 0;
+}
+
+/*
+ * tick_timer event.
+ * Raises when abstract tick_timer expires.
+ */
+static void exynos4210_ltick_timer_event(struct tick_timer *s)
+{
+ s->progress += s->count;
+}
+
+/*
+ * Local timer tick counter handler.
+ * Don't use reloaded timers. If timer counter = zero
+ * then handler called but after handler finished no
+ * timer reload occurs.
+ */
+static void exynos4210_ltick_event(void *opaque)
+{
+ Exynos4210MCTLT * s = (Exynos4210MCTLT *)opaque;
+ uint32_t tcnto;
+ uint32_t icnto;
+#ifdef DEBUG_MCT
+ static uint64_t time1[2] = {0};
+ static uint64_t time2[2] = {0};
+#endif
+
+ /* Call tick_timer event handler, it will update its tcntb and icntb. */
+ exynos4210_ltick_timer_event(&s->tick_timer);
+
+ /* get tick_timer cnt */
+ tcnto = exynos4210_ltick_cnt_get_cnto(&s->tick_timer);
+
+ /* get tick_timer int */
+ icnto = exynos4210_ltick_int_get_cnto(&s->tick_timer);
+
+ /* raise IRQ if needed */
+ if (!icnto && s->reg.tcon & L_TCON_INT_START) {
+ /* INT counter enabled and expired */
+
+ s->reg.int_cstat |= L_INT_CSTAT_INTCNT;
+
+ /* raise interrupt if enabled */
+ if (s->reg.int_enb & L_INT_INTENB_ICNTEIE) {
+#ifdef DEBUG_MCT
+ time2[s->id] = qemu_get_clock_ns(vm_clock);
+ DPRINTF("local timer[%d] IRQ: %llx\n", s->id,
+ time2[s->id] - time1[s->id]);
+ time1[s->id] = time2[s->id];
+#endif
+ qemu_irq_raise(s->irq);
+ }
+
+ /* reload ICNTB */
+ if (s->reg.tcon & L_TCON_INTERVAL_MODE) {
+ exynos4210_ltick_set_cntb(&s->tick_timer,
+ s->reg.cnt[L_REG_CNT_TCNTB],
+ s->reg.cnt[L_REG_CNT_ICNTB]);
+ }
+ } else {
+ /* reload TCNTB */
+ if (!tcnto) {
+ exynos4210_ltick_set_cntb(&s->tick_timer,
+ s->reg.cnt[L_REG_CNT_TCNTB],
+ icnto);
+ }
+ }
+
+ /* start tick_timer cnt */
+ exynos4210_ltick_cnt_start(&s->tick_timer);
+
+ /* start tick_timer int */
+ exynos4210_ltick_int_start(&s->tick_timer);
+}
+
+/* update timer frequency */
+static void exynos4210_mct_update_freq(Exynos4210MCTState *s)
+{
+ uint32_t freq = s->freq;
+ s->freq = 24000000 /
+ ((MCT_CFG_GET_PRESCALER(s->reg_mct_cfg)+1) *
+ MCT_CFG_GET_DIVIDER(s->reg_mct_cfg));
+
+ if (freq != s->freq) {
+ DPRINTF("freq=%dHz\n", s->freq);
+
+ /* global timer */
+ ptimer_set_freq(s->g_timer.ptimer_frc, s->freq);
+
+ /* local timer */
+ ptimer_set_freq(s->l_timer[0].tick_timer.ptimer_tick, s->freq);
+ ptimer_set_freq(s->l_timer[0].ptimer_frc, s->freq);
+ ptimer_set_freq(s->l_timer[1].tick_timer.ptimer_tick, s->freq);
+ ptimer_set_freq(s->l_timer[1].ptimer_frc, s->freq);
+ }
+}
+
+/* set defaul_timer values for all fields */
+static void exynos4210_mct_reset(DeviceState *d)
+{
+ Exynos4210MCTState *s = EXYNOS4210_MCT(d);
+ uint32_t i;
+
+ s->reg_mct_cfg = 0;
+
+ /* global timer */
+ memset(&s->g_timer.reg, 0, sizeof(s->g_timer.reg));
+ exynos4210_gfrc_stop(&s->g_timer);
+
+ /* local timer */
+ memset(s->l_timer[0].reg.cnt, 0, sizeof(s->l_timer[0].reg.cnt));
+ memset(s->l_timer[1].reg.cnt, 0, sizeof(s->l_timer[1].reg.cnt));
+ for (i = 0; i < 2; i++) {
+ s->l_timer[i].reg.int_cstat = 0;
+ s->l_timer[i].reg.int_enb = 0;
+ s->l_timer[i].reg.tcon = 0;
+ s->l_timer[i].reg.wstat = 0;
+ s->l_timer[i].tick_timer.count = 0;
+ s->l_timer[i].tick_timer.distance = 0;
+ s->l_timer[i].tick_timer.progress = 0;
+ ptimer_stop(s->l_timer[i].ptimer_frc);
+
+ exynos4210_ltick_timer_init(&s->l_timer[i].tick_timer);
+ }
+
+ exynos4210_mct_update_freq(s);
+
+}
+
+/* Multi Core Timer read */
+static uint64_t exynos4210_mct_read(void *opaque, hwaddr offset,
+ unsigned size)
+{
+ Exynos4210MCTState *s = (Exynos4210MCTState *)opaque;
+ int index;
+ int shift;
+ uint64_t count;
+ uint32_t value;
+ int lt_i;
+
+ switch (offset) {
+
+ case MCT_CFG:
+ value = s->reg_mct_cfg;
+ break;
+
+ case G_CNT_L: case G_CNT_U:
+ shift = 8 * (offset & 0x4);
+ count = exynos4210_gfrc_get_count(&s->g_timer);
+ value = UINT32_MAX & (count >> shift);
+ DPRINTF("read FRC=0x%llx\n", count);
+ break;
+
+ case G_CNT_WSTAT:
+ value = s->g_timer.reg.cnt_wstat;
+ break;
+
+ case G_COMP_L(0): case G_COMP_L(1): case G_COMP_L(2): case G_COMP_L(3):
+ case G_COMP_U(0): case G_COMP_U(1): case G_COMP_U(2): case G_COMP_U(3):
+ index = GET_G_COMP_IDX(offset);
+ shift = 8 * (offset & 0x4);
+ value = UINT32_MAX & (s->g_timer.reg.comp[index] >> shift);
+ break;
+
+ case G_TCON:
+ value = s->g_timer.reg.tcon;
+ break;
+
+ case G_INT_CSTAT:
+ value = s->g_timer.reg.int_cstat;
+ break;
+
+ case G_INT_ENB:
+ value = s->g_timer.reg.int_enb;
+ break;
+ case G_WSTAT:
+ value = s->g_timer.reg.wstat;
+ break;
+
+ case G_COMP0_ADD_INCR: case G_COMP1_ADD_INCR:
+ case G_COMP2_ADD_INCR: case G_COMP3_ADD_INCR:
+ value = s->g_timer.reg.comp_add_incr[GET_G_COMP_ADD_INCR_IDX(offset)];
+ break;
+
+ /* Local timers */
+ case L0_TCNTB: case L0_ICNTB: case L0_FRCNTB:
+ case L1_TCNTB: case L1_ICNTB: case L1_FRCNTB:
+ lt_i = GET_L_TIMER_IDX(offset);
+ index = GET_L_TIMER_CNT_REG_IDX(offset, lt_i);
+ value = s->l_timer[lt_i].reg.cnt[index];
+ break;
+
+ case L0_TCNTO: case L1_TCNTO:
+ lt_i = GET_L_TIMER_IDX(offset);
+
+ value = exynos4210_ltick_cnt_get_cnto(&s->l_timer[lt_i].tick_timer);
+ DPRINTF("local timer[%d] read TCNTO %x\n", lt_i, value);
+ break;
+
+ case L0_ICNTO: case L1_ICNTO:
+ lt_i = GET_L_TIMER_IDX(offset);
+
+ value = exynos4210_ltick_int_get_cnto(&s->l_timer[lt_i].tick_timer);
+ DPRINTF("local timer[%d] read ICNTO %x\n", lt_i, value);
+ break;
+
+ case L0_FRCNTO: case L1_FRCNTO:
+ lt_i = GET_L_TIMER_IDX(offset);
+
+ value = exynos4210_lfrc_get_count(&s->l_timer[lt_i]);
+
+ break;
+
+ case L0_TCON: case L1_TCON:
+ lt_i = ((offset & 0xF00) - L0_TCNTB) / 0x100;
+ value = s->l_timer[lt_i].reg.tcon;
+ break;
+
+ case L0_INT_CSTAT: case L1_INT_CSTAT:
+ lt_i = ((offset & 0xF00) - L0_TCNTB) / 0x100;
+ value = s->l_timer[lt_i].reg.int_cstat;
+ break;
+
+ case L0_INT_ENB: case L1_INT_ENB:
+ lt_i = ((offset & 0xF00) - L0_TCNTB) / 0x100;
+ value = s->l_timer[lt_i].reg.int_enb;
+ break;
+
+ case L0_WSTAT: case L1_WSTAT:
+ lt_i = ((offset & 0xF00) - L0_TCNTB) / 0x100;
+ value = s->l_timer[lt_i].reg.wstat;
+ break;
+
+ default:
+ hw_error("exynos4210.mct: bad read offset "
+ TARGET_FMT_plx "\n", offset);
+ break;
+ }
+ return value;
+}
+
+/* MCT write */
+static void exynos4210_mct_write(void *opaque, hwaddr offset,
+ uint64_t value, unsigned size)
+{
+ Exynos4210MCTState *s = (Exynos4210MCTState *)opaque;
+ int index; /* index in buffer which represents register set */
+ int shift;
+ int lt_i;
+ uint64_t new_frc;
+ uint32_t i;
+ uint32_t old_val;
+#ifdef DEBUG_MCT
+ static uint32_t icntb_max[2] = {0};
+ static uint32_t icntb_min[2] = {UINT32_MAX, UINT32_MAX};
+ static uint32_t tcntb_max[2] = {0};
+ static uint32_t tcntb_min[2] = {UINT32_MAX, UINT32_MAX};
+#endif
+
+ new_frc = s->g_timer.reg.cnt;
+
+ switch (offset) {
+
+ case MCT_CFG:
+ s->reg_mct_cfg = value;
+ exynos4210_mct_update_freq(s);
+ break;
+
+ case G_CNT_L:
+ case G_CNT_U:
+ if (offset == G_CNT_L) {
+
+ DPRINTF("global timer write to reg.cntl %llx\n", value);
+
+ new_frc = (s->g_timer.reg.cnt & (uint64_t)UINT32_MAX << 32) + value;
+ s->g_timer.reg.cnt_wstat |= G_CNT_WSTAT_L;
+ }
+ if (offset == G_CNT_U) {
+
+ DPRINTF("global timer write to reg.cntu %llx\n", value);
+
+ new_frc = (s->g_timer.reg.cnt & UINT32_MAX) +
+ ((uint64_t)value << 32);
+ s->g_timer.reg.cnt_wstat |= G_CNT_WSTAT_U;
+ }
+
+ s->g_timer.reg.cnt = new_frc;
+ exynos4210_gfrc_restart(s);
+ break;
+
+ case G_CNT_WSTAT:
+ s->g_timer.reg.cnt_wstat &= ~(value);
+ break;
+
+ case G_COMP_L(0): case G_COMP_L(1): case G_COMP_L(2): case G_COMP_L(3):
+ case G_COMP_U(0): case G_COMP_U(1): case G_COMP_U(2): case G_COMP_U(3):
+ index = GET_G_COMP_IDX(offset);
+ shift = 8 * (offset & 0x4);
+ s->g_timer.reg.comp[index] =
+ (s->g_timer.reg.comp[index] &
+ (((uint64_t)UINT32_MAX << 32) >> shift)) +
+ (value << shift);
+
+ DPRINTF("comparator %d write 0x%llx val << %d\n", index, value, shift);
+
+ if (offset&0x4) {
+ s->g_timer.reg.wstat |= G_WSTAT_COMP_U(index);
+ } else {
+ s->g_timer.reg.wstat |= G_WSTAT_COMP_L(index);
+ }
+
+ exynos4210_gfrc_restart(s);
+ break;
+
+ case G_TCON:
+ old_val = s->g_timer.reg.tcon;
+ s->g_timer.reg.tcon = value;
+ s->g_timer.reg.wstat |= G_WSTAT_TCON_WRITE;
+
+ DPRINTF("global timer write to reg.g_tcon %llx\n", value);
+
+ /* Start FRC if transition from disabled to enabled */
+ if ((value & G_TCON_TIMER_ENABLE) > (old_val &
+ G_TCON_TIMER_ENABLE)) {
+ exynos4210_gfrc_start(&s->g_timer);
+ }
+ if ((value & G_TCON_TIMER_ENABLE) < (old_val &
+ G_TCON_TIMER_ENABLE)) {
+ exynos4210_gfrc_stop(&s->g_timer);
+ }
+
+ /* Start CMP if transition from disabled to enabled */
+ for (i = 0; i < MCT_GT_CMP_NUM; i++) {
+ if ((value & G_TCON_COMP_ENABLE(i)) != (old_val &
+ G_TCON_COMP_ENABLE(i))) {
+ exynos4210_gfrc_restart(s);
+ }
+ }
+ break;
+
+ case G_INT_CSTAT:
+ s->g_timer.reg.int_cstat &= ~(value);
+ for (i = 0; i < MCT_GT_CMP_NUM; i++) {
+ if (value & G_INT_CSTAT_COMP(i)) {
+ exynos4210_gcomp_lower_irq(&s->g_timer, i);
+ }
+ }
+ break;
+
+ case G_INT_ENB:
+
+ /* Raise IRQ if transition from disabled to enabled and CSTAT pending */
+ for (i = 0; i < MCT_GT_CMP_NUM; i++) {
+ if ((value & G_INT_ENABLE(i)) > (s->g_timer.reg.tcon &
+ G_INT_ENABLE(i))) {
+ if (s->g_timer.reg.int_cstat & G_INT_CSTAT_COMP(i)) {
+ exynos4210_gcomp_raise_irq(&s->g_timer, i);
+ }
+ }
+
+ if ((value & G_INT_ENABLE(i)) < (s->g_timer.reg.tcon &
+ G_INT_ENABLE(i))) {
+ exynos4210_gcomp_lower_irq(&s->g_timer, i);
+ }
+ }
+
+ DPRINTF("global timer INT enable %llx\n", value);
+ s->g_timer.reg.int_enb = value;
+ break;
+
+ case G_WSTAT:
+ s->g_timer.reg.wstat &= ~(value);
+ break;
+
+ case G_COMP0_ADD_INCR: case G_COMP1_ADD_INCR:
+ case G_COMP2_ADD_INCR: case G_COMP3_ADD_INCR:
+ index = GET_G_COMP_ADD_INCR_IDX(offset);
+ s->g_timer.reg.comp_add_incr[index] = value;
+ s->g_timer.reg.wstat |= G_WSTAT_COMP_ADDINCR(index);
+ break;
+
+ /* Local timers */
+ case L0_TCON: case L1_TCON:
+ lt_i = GET_L_TIMER_IDX(offset);
+ old_val = s->l_timer[lt_i].reg.tcon;
+
+ s->l_timer[lt_i].reg.wstat |= L_WSTAT_TCON_WRITE;
+ s->l_timer[lt_i].reg.tcon = value;
+
+ /* Stop local CNT */
+ if ((value & L_TCON_TICK_START) <
+ (old_val & L_TCON_TICK_START)) {
+ DPRINTF("local timer[%d] stop cnt\n", lt_i);
+ exynos4210_ltick_cnt_stop(&s->l_timer[lt_i].tick_timer);
+ }
+
+ /* Stop local INT */
+ if ((value & L_TCON_INT_START) <
+ (old_val & L_TCON_INT_START)) {
+ DPRINTF("local timer[%d] stop int\n", lt_i);
+ exynos4210_ltick_int_stop(&s->l_timer[lt_i].tick_timer);
+ }
+
+ /* Start local CNT */
+ if ((value & L_TCON_TICK_START) >
+ (old_val & L_TCON_TICK_START)) {
+ DPRINTF("local timer[%d] start cnt\n", lt_i);
+ exynos4210_ltick_cnt_start(&s->l_timer[lt_i].tick_timer);
+ }
+
+ /* Start local INT */
+ if ((value & L_TCON_INT_START) >
+ (old_val & L_TCON_INT_START)) {
+ DPRINTF("local timer[%d] start int\n", lt_i);
+ exynos4210_ltick_int_start(&s->l_timer[lt_i].tick_timer);
+ }
+
+ /* Start or Stop local FRC if TCON changed */
+ if ((value & L_TCON_FRC_START) >
+ (s->l_timer[lt_i].reg.tcon & L_TCON_FRC_START)) {
+ DPRINTF("local timer[%d] start frc\n", lt_i);
+ exynos4210_lfrc_start(&s->l_timer[lt_i]);
+ }
+ if ((value & L_TCON_FRC_START) <
+ (s->l_timer[lt_i].reg.tcon & L_TCON_FRC_START)) {
+ DPRINTF("local timer[%d] stop frc\n", lt_i);
+ exynos4210_lfrc_stop(&s->l_timer[lt_i]);
+ }
+ break;
+
+ case L0_TCNTB: case L1_TCNTB:
+
+ lt_i = GET_L_TIMER_IDX(offset);
+ index = GET_L_TIMER_CNT_REG_IDX(offset, lt_i);
+
+ /*
+ * TCNTB is updated to internal register only after CNT expired.
+ * Due to this we should reload timer to nearest moment when CNT is
+ * expired and then in event handler update tcntb to new TCNTB value.
+ */
+ exynos4210_ltick_set_cntb(&s->l_timer[lt_i].tick_timer, value,
+ s->l_timer[lt_i].tick_timer.icntb);
+
+ s->l_timer[lt_i].reg.wstat |= L_WSTAT_TCNTB_WRITE;
+ s->l_timer[lt_i].reg.cnt[L_REG_CNT_TCNTB] = value;
+
+#ifdef DEBUG_MCT
+ if (tcntb_min[lt_i] > value) {
+ tcntb_min[lt_i] = value;
+ }
+ if (tcntb_max[lt_i] < value) {
+ tcntb_max[lt_i] = value;
+ }
+ DPRINTF("local timer[%d] TCNTB write %llx; max=%x, min=%x\n",
+ lt_i, value, tcntb_max[lt_i], tcntb_min[lt_i]);
+#endif
+ break;
+
+ case L0_ICNTB: case L1_ICNTB:
+
+ lt_i = GET_L_TIMER_IDX(offset);
+ index = GET_L_TIMER_CNT_REG_IDX(offset, lt_i);
+
+ s->l_timer[lt_i].reg.wstat |= L_WSTAT_ICNTB_WRITE;
+ s->l_timer[lt_i].reg.cnt[L_REG_CNT_ICNTB] = value &
+ ~L_ICNTB_MANUAL_UPDATE;
+
+ /*
+ * We need to avoid too small values for TCNTB*ICNTB. If not, IRQ event
+ * could raise too fast disallowing QEMU to execute target code.
+ */
+ if (s->l_timer[lt_i].reg.cnt[L_REG_CNT_ICNTB] *
+ s->l_timer[lt_i].reg.cnt[L_REG_CNT_TCNTB] < MCT_LT_CNT_LOW_LIMIT) {
+ if (!s->l_timer[lt_i].reg.cnt[L_REG_CNT_TCNTB]) {
+ s->l_timer[lt_i].reg.cnt[L_REG_CNT_ICNTB] =
+ MCT_LT_CNT_LOW_LIMIT;
+ } else {
+ s->l_timer[lt_i].reg.cnt[L_REG_CNT_ICNTB] =
+ MCT_LT_CNT_LOW_LIMIT /
+ s->l_timer[lt_i].reg.cnt[L_REG_CNT_TCNTB];
+ }
+ }
+
+ if (value & L_ICNTB_MANUAL_UPDATE) {
+ exynos4210_ltick_set_cntb(&s->l_timer[lt_i].tick_timer,
+ s->l_timer[lt_i].tick_timer.tcntb,
+ s->l_timer[lt_i].reg.cnt[L_REG_CNT_ICNTB]);
+ }
+
+#ifdef DEBUG_MCT
+ if (icntb_min[lt_i] > value) {
+ icntb_min[lt_i] = value;
+ }
+ if (icntb_max[lt_i] < value) {
+ icntb_max[lt_i] = value;
+ }
+DPRINTF("local timer[%d] ICNTB write %llx; max=%x, min=%x\n\n",
+ lt_i, value, icntb_max[lt_i], icntb_min[lt_i]);
+#endif
+break;
+
+ case L0_FRCNTB: case L1_FRCNTB:
+
+ lt_i = GET_L_TIMER_IDX(offset);
+ index = GET_L_TIMER_CNT_REG_IDX(offset, lt_i);
+
+ DPRINTF("local timer[%d] FRCNTB write %llx\n", lt_i, value);
+
+ s->l_timer[lt_i].reg.wstat |= L_WSTAT_FRCCNTB_WRITE;
+ s->l_timer[lt_i].reg.cnt[L_REG_CNT_FRCCNTB] = value;
+
+ break;
+
+ case L0_TCNTO: case L1_TCNTO:
+ case L0_ICNTO: case L1_ICNTO:
+ case L0_FRCNTO: case L1_FRCNTO:
+ fprintf(stderr, "\n[exynos4210.mct: write to RO register "
+ TARGET_FMT_plx "]\n\n", offset);
+ break;
+
+ case L0_INT_CSTAT: case L1_INT_CSTAT:
+ lt_i = GET_L_TIMER_IDX(offset);
+
+ DPRINTF("local timer[%d] CSTAT write %llx\n", lt_i, value);
+
+ s->l_timer[lt_i].reg.int_cstat &= ~value;
+ if (!s->l_timer[lt_i].reg.int_cstat) {
+ qemu_irq_lower(s->l_timer[lt_i].irq);
+ }
+ break;
+
+ case L0_INT_ENB: case L1_INT_ENB:
+ lt_i = GET_L_TIMER_IDX(offset);
+ old_val = s->l_timer[lt_i].reg.int_enb;
+
+ /* Raise Local timer IRQ if cstat is pending */
+ if ((value & L_INT_INTENB_ICNTEIE) > (old_val & L_INT_INTENB_ICNTEIE)) {
+ if (s->l_timer[lt_i].reg.int_cstat & L_INT_CSTAT_INTCNT) {
+ qemu_irq_raise(s->l_timer[lt_i].irq);
+ }
+ }
+
+ s->l_timer[lt_i].reg.int_enb = value;
+
+ break;
+
+ case L0_WSTAT: case L1_WSTAT:
+ lt_i = GET_L_TIMER_IDX(offset);
+
+ s->l_timer[lt_i].reg.wstat &= ~value;
+ break;
+
+ default:
+ hw_error("exynos4210.mct: bad write offset "
+ TARGET_FMT_plx "\n", offset);
+ break;
+ }
+}
+
+static const MemoryRegionOps exynos4210_mct_ops = {
+ .read = exynos4210_mct_read,
+ .write = exynos4210_mct_write,
+ .endianness = DEVICE_NATIVE_ENDIAN,
+};
+
+/* MCT init */
+static int exynos4210_mct_init(SysBusDevice *dev)
+{
+ int i;
+ Exynos4210MCTState *s = EXYNOS4210_MCT(dev);
+ QEMUBH *bh[2];
+
+ /* Global timer */
+ bh[0] = qemu_bh_new(exynos4210_gfrc_event, s);
+ s->g_timer.ptimer_frc = ptimer_init(bh[0]);
+ memset(&s->g_timer.reg, 0, sizeof(struct gregs));
+
+ /* Local timers */
+ for (i = 0; i < 2; i++) {
+ bh[0] = qemu_bh_new(exynos4210_ltick_event, &s->l_timer[i]);
+ bh[1] = qemu_bh_new(exynos4210_lfrc_event, &s->l_timer[i]);
+ s->l_timer[i].tick_timer.ptimer_tick = ptimer_init(bh[0]);
+ s->l_timer[i].ptimer_frc = ptimer_init(bh[1]);
+ s->l_timer[i].id = i;
+ }
+
+ /* IRQs */
+ for (i = 0; i < MCT_GT_CMP_NUM; i++) {
+ sysbus_init_irq(dev, &s->g_timer.irq[i]);
+ }
+ for (i = 0; i < 2; i++) {
+ sysbus_init_irq(dev, &s->l_timer[i].irq);
+ }
+
+ memory_region_init_io(&s->iomem, OBJECT(s), &exynos4210_mct_ops, s,
+ "exynos4210-mct", MCT_SFR_SIZE);
+ sysbus_init_mmio(dev, &s->iomem);
+
+ return 0;
+}
+
+static void exynos4210_mct_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
+
+ k->init = exynos4210_mct_init;
+ dc->reset = exynos4210_mct_reset;
+ dc->vmsd = &vmstate_exynos4210_mct_state;
+}
+
+static const TypeInfo exynos4210_mct_info = {
+ .name = TYPE_EXYNOS4210_MCT,
+ .parent = TYPE_SYS_BUS_DEVICE,
+ .instance_size = sizeof(Exynos4210MCTState),
+ .class_init = exynos4210_mct_class_init,
+};
+
+static void exynos4210_mct_register_types(void)
+{
+ type_register_static(&exynos4210_mct_info);
+}
+
+type_init(exynos4210_mct_register_types)
diff --git a/hw/timer/exynos4210_pwm.c b/hw/timer/exynos4210_pwm.c
new file mode 100644
index 000000000..a52f0f6c6
--- /dev/null
+++ b/hw/timer/exynos4210_pwm.c
@@ -0,0 +1,426 @@
+/*
+ * Samsung exynos4210 Pulse Width Modulation Timer
+ *
+ * Copyright (c) 2000 - 2011 Samsung Electronics Co., Ltd.
+ * All rights reserved.
+ *
+ * Evgeny Voevodin <e.voevodin@samsung.com>
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+ * See the GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "hw/sysbus.h"
+#include "qemu/timer.h"
+#include "qemu-common.h"
+#include "hw/ptimer.h"
+
+#include "hw/arm/exynos4210.h"
+
+//#define DEBUG_PWM
+
+#ifdef DEBUG_PWM
+#define DPRINTF(fmt, ...) \
+ do { fprintf(stdout, "PWM: [%24s:%5d] " fmt, __func__, __LINE__, \
+ ## __VA_ARGS__); } while (0)
+#else
+#define DPRINTF(fmt, ...) do {} while (0)
+#endif
+
+#define EXYNOS4210_PWM_TIMERS_NUM 5
+#define EXYNOS4210_PWM_REG_MEM_SIZE 0x50
+
+#define TCFG0 0x0000
+#define TCFG1 0x0004
+#define TCON 0x0008
+#define TCNTB0 0x000C
+#define TCMPB0 0x0010
+#define TCNTO0 0x0014
+#define TCNTB1 0x0018
+#define TCMPB1 0x001C
+#define TCNTO1 0x0020
+#define TCNTB2 0x0024
+#define TCMPB2 0x0028
+#define TCNTO2 0x002C
+#define TCNTB3 0x0030
+#define TCMPB3 0x0034
+#define TCNTO3 0x0038
+#define TCNTB4 0x003C
+#define TCNTO4 0x0040
+#define TINT_CSTAT 0x0044
+
+#define TCNTB(x) (0xC * (x))
+#define TCMPB(x) (0xC * (x) + 1)
+#define TCNTO(x) (0xC * (x) + 2)
+
+#define GET_PRESCALER(reg, x) (((reg) & (0xFF << (8 * (x)))) >> 8 * (x))
+#define GET_DIVIDER(reg, x) (1 << (((reg) & (0xF << (4 * (x)))) >> (4 * (x))))
+
+/*
+ * Attention! Timer4 doesn't have OUTPUT_INVERTER,
+ * so Auto Reload bit is not accessible by macros!
+ */
+#define TCON_TIMER_BASE(x) (((x) ? 1 : 0) * 4 + 4 * (x))
+#define TCON_TIMER_START(x) (1 << (TCON_TIMER_BASE(x) + 0))
+#define TCON_TIMER_MANUAL_UPD(x) (1 << (TCON_TIMER_BASE(x) + 1))
+#define TCON_TIMER_OUTPUT_INV(x) (1 << (TCON_TIMER_BASE(x) + 2))
+#define TCON_TIMER_AUTO_RELOAD(x) (1 << (TCON_TIMER_BASE(x) + 3))
+#define TCON_TIMER4_AUTO_RELOAD (1 << 22)
+
+#define TINT_CSTAT_STATUS(x) (1 << (5 + (x)))
+#define TINT_CSTAT_ENABLE(x) (1 << (x))
+
+/* timer struct */
+typedef struct {
+ uint32_t id; /* timer id */
+ qemu_irq irq; /* local timer irq */
+ uint32_t freq; /* timer frequency */
+
+ /* use ptimer.c to represent count down timer */
+ ptimer_state *ptimer; /* timer */
+
+ /* registers */
+ uint32_t reg_tcntb; /* counter register buffer */
+ uint32_t reg_tcmpb; /* compare register buffer */
+
+ struct Exynos4210PWMState *parent;
+
+} Exynos4210PWM;
+
+#define TYPE_EXYNOS4210_PWM "exynos4210.pwm"
+#define EXYNOS4210_PWM(obj) \
+ OBJECT_CHECK(Exynos4210PWMState, (obj), TYPE_EXYNOS4210_PWM)
+
+typedef struct Exynos4210PWMState {
+ SysBusDevice parent_obj;
+
+ MemoryRegion iomem;
+
+ uint32_t reg_tcfg[2];
+ uint32_t reg_tcon;
+ uint32_t reg_tint_cstat;
+
+ Exynos4210PWM timer[EXYNOS4210_PWM_TIMERS_NUM];
+
+} Exynos4210PWMState;
+
+/*** VMState ***/
+static const VMStateDescription vmstate_exynos4210_pwm = {
+ .name = "exynos4210.pwm.pwm",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .minimum_version_id_old = 1,
+ .fields = (VMStateField[]) {
+ VMSTATE_UINT32(id, Exynos4210PWM),
+ VMSTATE_UINT32(freq, Exynos4210PWM),
+ VMSTATE_PTIMER(ptimer, Exynos4210PWM),
+ VMSTATE_UINT32(reg_tcntb, Exynos4210PWM),
+ VMSTATE_UINT32(reg_tcmpb, Exynos4210PWM),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+static const VMStateDescription vmstate_exynos4210_pwm_state = {
+ .name = "exynos4210.pwm",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .minimum_version_id_old = 1,
+ .fields = (VMStateField[]) {
+ VMSTATE_UINT32_ARRAY(reg_tcfg, Exynos4210PWMState, 2),
+ VMSTATE_UINT32(reg_tcon, Exynos4210PWMState),
+ VMSTATE_UINT32(reg_tint_cstat, Exynos4210PWMState),
+ VMSTATE_STRUCT_ARRAY(timer, Exynos4210PWMState,
+ EXYNOS4210_PWM_TIMERS_NUM, 0,
+ vmstate_exynos4210_pwm, Exynos4210PWM),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+/*
+ * PWM update frequency
+ */
+static void exynos4210_pwm_update_freq(Exynos4210PWMState *s, uint32_t id)
+{
+ uint32_t freq;
+ freq = s->timer[id].freq;
+ if (id > 1) {
+ s->timer[id].freq = 24000000 /
+ ((GET_PRESCALER(s->reg_tcfg[0], 1) + 1) *
+ (GET_DIVIDER(s->reg_tcfg[1], id)));
+ } else {
+ s->timer[id].freq = 24000000 /
+ ((GET_PRESCALER(s->reg_tcfg[0], 0) + 1) *
+ (GET_DIVIDER(s->reg_tcfg[1], id)));
+ }
+
+ if (freq != s->timer[id].freq) {
+ ptimer_set_freq(s->timer[id].ptimer, s->timer[id].freq);
+ DPRINTF("freq=%dHz\n", s->timer[id].freq);
+ }
+}
+
+/*
+ * Counter tick handler
+ */
+static void exynos4210_pwm_tick(void *opaque)
+{
+ Exynos4210PWM *s = (Exynos4210PWM *)opaque;
+ Exynos4210PWMState *p = (Exynos4210PWMState *)s->parent;
+ uint32_t id = s->id;
+ bool cmp;
+
+ DPRINTF("timer %d tick\n", id);
+
+ /* set irq status */
+ p->reg_tint_cstat |= TINT_CSTAT_STATUS(id);
+
+ /* raise IRQ */
+ if (p->reg_tint_cstat & TINT_CSTAT_ENABLE(id)) {
+ DPRINTF("timer %d IRQ\n", id);
+ qemu_irq_raise(p->timer[id].irq);
+ }
+
+ /* reload timer */
+ if (id != 4) {
+ cmp = p->reg_tcon & TCON_TIMER_AUTO_RELOAD(id);
+ } else {
+ cmp = p->reg_tcon & TCON_TIMER4_AUTO_RELOAD;
+ }
+
+ if (cmp) {
+ DPRINTF("auto reload timer %d count to %x\n", id,
+ p->timer[id].reg_tcntb);
+ ptimer_set_count(p->timer[id].ptimer, p->timer[id].reg_tcntb);
+ ptimer_run(p->timer[id].ptimer, 1);
+ } else {
+ /* stop timer, set status to STOP, see Basic Timer Operation */
+ p->reg_tcon &= ~TCON_TIMER_START(id);
+ ptimer_stop(p->timer[id].ptimer);
+ }
+}
+
+/*
+ * PWM Read
+ */
+static uint64_t exynos4210_pwm_read(void *opaque, hwaddr offset,
+ unsigned size)
+{
+ Exynos4210PWMState *s = (Exynos4210PWMState *)opaque;
+ uint32_t value = 0;
+ int index;
+
+ switch (offset) {
+ case TCFG0: case TCFG1:
+ index = (offset - TCFG0) >> 2;
+ value = s->reg_tcfg[index];
+ break;
+
+ case TCON:
+ value = s->reg_tcon;
+ break;
+
+ case TCNTB0: case TCNTB1:
+ case TCNTB2: case TCNTB3: case TCNTB4:
+ index = (offset - TCNTB0) / 0xC;
+ value = s->timer[index].reg_tcntb;
+ break;
+
+ case TCMPB0: case TCMPB1:
+ case TCMPB2: case TCMPB3:
+ index = (offset - TCMPB0) / 0xC;
+ value = s->timer[index].reg_tcmpb;
+ break;
+
+ case TCNTO0: case TCNTO1:
+ case TCNTO2: case TCNTO3: case TCNTO4:
+ index = (offset == TCNTO4) ? 4 : (offset - TCNTO0) / 0xC;
+ value = ptimer_get_count(s->timer[index].ptimer);
+ break;
+
+ case TINT_CSTAT:
+ value = s->reg_tint_cstat;
+ break;
+
+ default:
+ fprintf(stderr,
+ "[exynos4210.pwm: bad read offset " TARGET_FMT_plx "]\n",
+ offset);
+ break;
+ }
+ return value;
+}
+
+/*
+ * PWM Write
+ */
+static void exynos4210_pwm_write(void *opaque, hwaddr offset,
+ uint64_t value, unsigned size)
+{
+ Exynos4210PWMState *s = (Exynos4210PWMState *)opaque;
+ int index;
+ uint32_t new_val;
+ int i;
+
+ switch (offset) {
+ case TCFG0: case TCFG1:
+ index = (offset - TCFG0) >> 2;
+ s->reg_tcfg[index] = value;
+
+ /* update timers frequencies */
+ for (i = 0; i < EXYNOS4210_PWM_TIMERS_NUM; i++) {
+ exynos4210_pwm_update_freq(s, s->timer[i].id);
+ }
+ break;
+
+ case TCON:
+ for (i = 0; i < EXYNOS4210_PWM_TIMERS_NUM; i++) {
+ if ((value & TCON_TIMER_MANUAL_UPD(i)) >
+ (s->reg_tcon & TCON_TIMER_MANUAL_UPD(i))) {
+ /*
+ * TCNTB and TCMPB are loaded into TCNT and TCMP.
+ * Update timers.
+ */
+
+ /* this will start timer to run, this ok, because
+ * during processing start bit timer will be stopped
+ * if needed */
+ ptimer_set_count(s->timer[i].ptimer, s->timer[i].reg_tcntb);
+ DPRINTF("set timer %d count to %x\n", i,
+ s->timer[i].reg_tcntb);
+ }
+
+ if ((value & TCON_TIMER_START(i)) >
+ (s->reg_tcon & TCON_TIMER_START(i))) {
+ /* changed to start */
+ ptimer_run(s->timer[i].ptimer, 1);
+ DPRINTF("run timer %d\n", i);
+ }
+
+ if ((value & TCON_TIMER_START(i)) <
+ (s->reg_tcon & TCON_TIMER_START(i))) {
+ /* changed to stop */
+ ptimer_stop(s->timer[i].ptimer);
+ DPRINTF("stop timer %d\n", i);
+ }
+ }
+ s->reg_tcon = value;
+ break;
+
+ case TCNTB0: case TCNTB1:
+ case TCNTB2: case TCNTB3: case TCNTB4:
+ index = (offset - TCNTB0) / 0xC;
+ s->timer[index].reg_tcntb = value;
+ break;
+
+ case TCMPB0: case TCMPB1:
+ case TCMPB2: case TCMPB3:
+ index = (offset - TCMPB0) / 0xC;
+ s->timer[index].reg_tcmpb = value;
+ break;
+
+ case TINT_CSTAT:
+ new_val = (s->reg_tint_cstat & 0x3E0) + (0x1F & value);
+ new_val &= ~(0x3E0 & value);
+
+ for (i = 0; i < EXYNOS4210_PWM_TIMERS_NUM; i++) {
+ if ((new_val & TINT_CSTAT_STATUS(i)) <
+ (s->reg_tint_cstat & TINT_CSTAT_STATUS(i))) {
+ qemu_irq_lower(s->timer[i].irq);
+ }
+ }
+
+ s->reg_tint_cstat = new_val;
+ break;
+
+ default:
+ fprintf(stderr,
+ "[exynos4210.pwm: bad write offset " TARGET_FMT_plx "]\n",
+ offset);
+ break;
+
+ }
+}
+
+/*
+ * Set default values to timer fields and registers
+ */
+static void exynos4210_pwm_reset(DeviceState *d)
+{
+ Exynos4210PWMState *s = EXYNOS4210_PWM(d);
+ int i;
+ s->reg_tcfg[0] = 0x0101;
+ s->reg_tcfg[1] = 0x0;
+ s->reg_tcon = 0;
+ s->reg_tint_cstat = 0;
+ for (i = 0; i < EXYNOS4210_PWM_TIMERS_NUM; i++) {
+ s->timer[i].reg_tcmpb = 0;
+ s->timer[i].reg_tcntb = 0;
+
+ exynos4210_pwm_update_freq(s, s->timer[i].id);
+ ptimer_stop(s->timer[i].ptimer);
+ }
+}
+
+static const MemoryRegionOps exynos4210_pwm_ops = {
+ .read = exynos4210_pwm_read,
+ .write = exynos4210_pwm_write,
+ .endianness = DEVICE_NATIVE_ENDIAN,
+};
+
+/*
+ * PWM timer initialization
+ */
+static int exynos4210_pwm_init(SysBusDevice *dev)
+{
+ Exynos4210PWMState *s = EXYNOS4210_PWM(dev);
+ int i;
+ QEMUBH *bh;
+
+ for (i = 0; i < EXYNOS4210_PWM_TIMERS_NUM; i++) {
+ bh = qemu_bh_new(exynos4210_pwm_tick, &s->timer[i]);
+ sysbus_init_irq(dev, &s->timer[i].irq);
+ s->timer[i].ptimer = ptimer_init(bh);
+ s->timer[i].id = i;
+ s->timer[i].parent = s;
+ }
+
+ memory_region_init_io(&s->iomem, OBJECT(s), &exynos4210_pwm_ops, s,
+ "exynos4210-pwm", EXYNOS4210_PWM_REG_MEM_SIZE);
+ sysbus_init_mmio(dev, &s->iomem);
+
+ return 0;
+}
+
+static void exynos4210_pwm_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
+
+ k->init = exynos4210_pwm_init;
+ dc->reset = exynos4210_pwm_reset;
+ dc->vmsd = &vmstate_exynos4210_pwm_state;
+}
+
+static const TypeInfo exynos4210_pwm_info = {
+ .name = TYPE_EXYNOS4210_PWM,
+ .parent = TYPE_SYS_BUS_DEVICE,
+ .instance_size = sizeof(Exynos4210PWMState),
+ .class_init = exynos4210_pwm_class_init,
+};
+
+static void exynos4210_pwm_register_types(void)
+{
+ type_register_static(&exynos4210_pwm_info);
+}
+
+type_init(exynos4210_pwm_register_types)
diff --git a/hw/timer/exynos4210_rtc.c b/hw/timer/exynos4210_rtc.c
new file mode 100644
index 000000000..3f2c8c557
--- /dev/null
+++ b/hw/timer/exynos4210_rtc.c
@@ -0,0 +1,596 @@
+/*
+ * Samsung exynos4210 Real Time Clock
+ *
+ * Copyright (c) 2012 Samsung Electronics Co., Ltd.
+ * Ogurtsov Oleg <o.ogurtsov@samsung.com>
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+/* Description:
+ * Register RTCCON:
+ * CLKSEL Bit[1] not used
+ * CLKOUTEN Bit[9] not used
+ */
+
+#include "hw/sysbus.h"
+#include "qemu/timer.h"
+#include "qemu-common.h"
+#include "hw/ptimer.h"
+
+#include "hw/hw.h"
+#include "sysemu/sysemu.h"
+
+#include "hw/arm/exynos4210.h"
+
+#define DEBUG_RTC 0
+
+#if DEBUG_RTC
+#define DPRINTF(fmt, ...) \
+ do { fprintf(stdout, "RTC: [%24s:%5d] " fmt, __func__, __LINE__, \
+ ## __VA_ARGS__); } while (0)
+#else
+#define DPRINTF(fmt, ...) do {} while (0)
+#endif
+
+#define EXYNOS4210_RTC_REG_MEM_SIZE 0x0100
+
+#define INTP 0x0030
+#define RTCCON 0x0040
+#define TICCNT 0x0044
+#define RTCALM 0x0050
+#define ALMSEC 0x0054
+#define ALMMIN 0x0058
+#define ALMHOUR 0x005C
+#define ALMDAY 0x0060
+#define ALMMON 0x0064
+#define ALMYEAR 0x0068
+#define BCDSEC 0x0070
+#define BCDMIN 0x0074
+#define BCDHOUR 0x0078
+#define BCDDAY 0x007C
+#define BCDDAYWEEK 0x0080
+#define BCDMON 0x0084
+#define BCDYEAR 0x0088
+#define CURTICNT 0x0090
+
+#define TICK_TIMER_ENABLE 0x0100
+#define TICNT_THRESHHOLD 2
+
+
+#define RTC_ENABLE 0x0001
+
+#define INTP_TICK_ENABLE 0x0001
+#define INTP_ALM_ENABLE 0x0002
+
+#define ALARM_INT_ENABLE 0x0040
+
+#define RTC_BASE_FREQ 32768
+
+#define TYPE_EXYNOS4210_RTC "exynos4210.rtc"
+#define EXYNOS4210_RTC(obj) \
+ OBJECT_CHECK(Exynos4210RTCState, (obj), TYPE_EXYNOS4210_RTC)
+
+typedef struct Exynos4210RTCState {
+ SysBusDevice parent_obj;
+
+ MemoryRegion iomem;
+
+ /* registers */
+ uint32_t reg_intp;
+ uint32_t reg_rtccon;
+ uint32_t reg_ticcnt;
+ uint32_t reg_rtcalm;
+ uint32_t reg_almsec;
+ uint32_t reg_almmin;
+ uint32_t reg_almhour;
+ uint32_t reg_almday;
+ uint32_t reg_almmon;
+ uint32_t reg_almyear;
+ uint32_t reg_curticcnt;
+
+ ptimer_state *ptimer; /* tick timer */
+ ptimer_state *ptimer_1Hz; /* clock timer */
+ uint32_t freq;
+
+ qemu_irq tick_irq; /* Time Tick Generator irq */
+ qemu_irq alm_irq; /* alarm irq */
+
+ struct tm current_tm; /* current time */
+} Exynos4210RTCState;
+
+#define TICCKSEL(value) ((value & (0x0F << 4)) >> 4)
+
+/*** VMState ***/
+static const VMStateDescription vmstate_exynos4210_rtc_state = {
+ .name = "exynos4210.rtc",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .minimum_version_id_old = 1,
+ .fields = (VMStateField[]) {
+ VMSTATE_UINT32(reg_intp, Exynos4210RTCState),
+ VMSTATE_UINT32(reg_rtccon, Exynos4210RTCState),
+ VMSTATE_UINT32(reg_ticcnt, Exynos4210RTCState),
+ VMSTATE_UINT32(reg_rtcalm, Exynos4210RTCState),
+ VMSTATE_UINT32(reg_almsec, Exynos4210RTCState),
+ VMSTATE_UINT32(reg_almmin, Exynos4210RTCState),
+ VMSTATE_UINT32(reg_almhour, Exynos4210RTCState),
+ VMSTATE_UINT32(reg_almday, Exynos4210RTCState),
+ VMSTATE_UINT32(reg_almmon, Exynos4210RTCState),
+ VMSTATE_UINT32(reg_almyear, Exynos4210RTCState),
+ VMSTATE_UINT32(reg_curticcnt, Exynos4210RTCState),
+ VMSTATE_PTIMER(ptimer, Exynos4210RTCState),
+ VMSTATE_PTIMER(ptimer_1Hz, Exynos4210RTCState),
+ VMSTATE_UINT32(freq, Exynos4210RTCState),
+ VMSTATE_INT32(current_tm.tm_sec, Exynos4210RTCState),
+ VMSTATE_INT32(current_tm.tm_min, Exynos4210RTCState),
+ VMSTATE_INT32(current_tm.tm_hour, Exynos4210RTCState),
+ VMSTATE_INT32(current_tm.tm_wday, Exynos4210RTCState),
+ VMSTATE_INT32(current_tm.tm_mday, Exynos4210RTCState),
+ VMSTATE_INT32(current_tm.tm_mon, Exynos4210RTCState),
+ VMSTATE_INT32(current_tm.tm_year, Exynos4210RTCState),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+#define BCD3DIGITS(x) \
+ ((uint32_t)to_bcd((uint8_t)(x % 100)) + \
+ ((uint32_t)to_bcd((uint8_t)((x % 1000) / 100)) << 8))
+
+static void check_alarm_raise(Exynos4210RTCState *s)
+{
+ unsigned int alarm_raise = 0;
+ struct tm stm = s->current_tm;
+
+ if ((s->reg_rtcalm & 0x01) &&
+ (to_bcd((uint8_t)stm.tm_sec) == (uint8_t)s->reg_almsec)) {
+ alarm_raise = 1;
+ }
+ if ((s->reg_rtcalm & 0x02) &&
+ (to_bcd((uint8_t)stm.tm_min) == (uint8_t)s->reg_almmin)) {
+ alarm_raise = 1;
+ }
+ if ((s->reg_rtcalm & 0x04) &&
+ (to_bcd((uint8_t)stm.tm_hour) == (uint8_t)s->reg_almhour)) {
+ alarm_raise = 1;
+ }
+ if ((s->reg_rtcalm & 0x08) &&
+ (to_bcd((uint8_t)stm.tm_mday) == (uint8_t)s->reg_almday)) {
+ alarm_raise = 1;
+ }
+ if ((s->reg_rtcalm & 0x10) &&
+ (to_bcd((uint8_t)stm.tm_mon) == (uint8_t)s->reg_almmon)) {
+ alarm_raise = 1;
+ }
+ if ((s->reg_rtcalm & 0x20) &&
+ (BCD3DIGITS(stm.tm_year) == s->reg_almyear)) {
+ alarm_raise = 1;
+ }
+
+ if (alarm_raise) {
+ DPRINTF("ALARM IRQ\n");
+ /* set irq status */
+ s->reg_intp |= INTP_ALM_ENABLE;
+ qemu_irq_raise(s->alm_irq);
+ }
+}
+
+/*
+ * RTC update frequency
+ * Parameters:
+ * reg_value - current RTCCON register or his new value
+ */
+static void exynos4210_rtc_update_freq(Exynos4210RTCState *s,
+ uint32_t reg_value)
+{
+ uint32_t freq;
+
+ freq = s->freq;
+ /* set frequncy for time generator */
+ s->freq = RTC_BASE_FREQ / (1 << TICCKSEL(reg_value));
+
+ if (freq != s->freq) {
+ ptimer_set_freq(s->ptimer, s->freq);
+ DPRINTF("freq=%dHz\n", s->freq);
+ }
+}
+
+/* month is between 0 and 11. */
+static int get_days_in_month(int month, int year)
+{
+ static const int days_tab[12] = {
+ 31, 28, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31
+ };
+ int d;
+ if ((unsigned)month >= 12) {
+ return 31;
+ }
+ d = days_tab[month];
+ if (month == 1) {
+ if ((year % 4) == 0 && ((year % 100) != 0 || (year % 400) == 0)) {
+ d++;
+ }
+ }
+ return d;
+}
+
+/* update 'tm' to the next second */
+static void rtc_next_second(struct tm *tm)
+{
+ int days_in_month;
+
+ tm->tm_sec++;
+ if ((unsigned)tm->tm_sec >= 60) {
+ tm->tm_sec = 0;
+ tm->tm_min++;
+ if ((unsigned)tm->tm_min >= 60) {
+ tm->tm_min = 0;
+ tm->tm_hour++;
+ if ((unsigned)tm->tm_hour >= 24) {
+ tm->tm_hour = 0;
+ /* next day */
+ tm->tm_wday++;
+ if ((unsigned)tm->tm_wday >= 7) {
+ tm->tm_wday = 0;
+ }
+ days_in_month = get_days_in_month(tm->tm_mon,
+ tm->tm_year + 1900);
+ tm->tm_mday++;
+ if (tm->tm_mday < 1) {
+ tm->tm_mday = 1;
+ } else if (tm->tm_mday > days_in_month) {
+ tm->tm_mday = 1;
+ tm->tm_mon++;
+ if (tm->tm_mon >= 12) {
+ tm->tm_mon = 0;
+ tm->tm_year++;
+ }
+ }
+ }
+ }
+ }
+}
+
+/*
+ * tick handler
+ */
+static void exynos4210_rtc_tick(void *opaque)
+{
+ Exynos4210RTCState *s = (Exynos4210RTCState *)opaque;
+
+ DPRINTF("TICK IRQ\n");
+ /* set irq status */
+ s->reg_intp |= INTP_TICK_ENABLE;
+ /* raise IRQ */
+ qemu_irq_raise(s->tick_irq);
+
+ /* restart timer */
+ ptimer_set_count(s->ptimer, s->reg_ticcnt);
+ ptimer_run(s->ptimer, 1);
+}
+
+/*
+ * 1Hz clock handler
+ */
+static void exynos4210_rtc_1Hz_tick(void *opaque)
+{
+ Exynos4210RTCState *s = (Exynos4210RTCState *)opaque;
+
+ rtc_next_second(&s->current_tm);
+ /* DPRINTF("1Hz tick\n"); */
+
+ /* raise IRQ */
+ if (s->reg_rtcalm & ALARM_INT_ENABLE) {
+ check_alarm_raise(s);
+ }
+
+ ptimer_set_count(s->ptimer_1Hz, RTC_BASE_FREQ);
+ ptimer_run(s->ptimer_1Hz, 1);
+}
+
+/*
+ * RTC Read
+ */
+static uint64_t exynos4210_rtc_read(void *opaque, hwaddr offset,
+ unsigned size)
+{
+ uint32_t value = 0;
+ Exynos4210RTCState *s = (Exynos4210RTCState *)opaque;
+
+ switch (offset) {
+ case INTP:
+ value = s->reg_intp;
+ break;
+ case RTCCON:
+ value = s->reg_rtccon;
+ break;
+ case TICCNT:
+ value = s->reg_ticcnt;
+ break;
+ case RTCALM:
+ value = s->reg_rtcalm;
+ break;
+ case ALMSEC:
+ value = s->reg_almsec;
+ break;
+ case ALMMIN:
+ value = s->reg_almmin;
+ break;
+ case ALMHOUR:
+ value = s->reg_almhour;
+ break;
+ case ALMDAY:
+ value = s->reg_almday;
+ break;
+ case ALMMON:
+ value = s->reg_almmon;
+ break;
+ case ALMYEAR:
+ value = s->reg_almyear;
+ break;
+
+ case BCDSEC:
+ value = (uint32_t)to_bcd((uint8_t)s->current_tm.tm_sec);
+ break;
+ case BCDMIN:
+ value = (uint32_t)to_bcd((uint8_t)s->current_tm.tm_min);
+ break;
+ case BCDHOUR:
+ value = (uint32_t)to_bcd((uint8_t)s->current_tm.tm_hour);
+ break;
+ case BCDDAYWEEK:
+ value = (uint32_t)to_bcd((uint8_t)s->current_tm.tm_wday);
+ break;
+ case BCDDAY:
+ value = (uint32_t)to_bcd((uint8_t)s->current_tm.tm_mday);
+ break;
+ case BCDMON:
+ value = (uint32_t)to_bcd((uint8_t)s->current_tm.tm_mon + 1);
+ break;
+ case BCDYEAR:
+ value = BCD3DIGITS(s->current_tm.tm_year);
+ break;
+
+ case CURTICNT:
+ s->reg_curticcnt = ptimer_get_count(s->ptimer);
+ value = s->reg_curticcnt;
+ break;
+
+ default:
+ fprintf(stderr,
+ "[exynos4210.rtc: bad read offset " TARGET_FMT_plx "]\n",
+ offset);
+ break;
+ }
+ return value;
+}
+
+/*
+ * RTC Write
+ */
+static void exynos4210_rtc_write(void *opaque, hwaddr offset,
+ uint64_t value, unsigned size)
+{
+ Exynos4210RTCState *s = (Exynos4210RTCState *)opaque;
+
+ switch (offset) {
+ case INTP:
+ if (value & INTP_ALM_ENABLE) {
+ qemu_irq_lower(s->alm_irq);
+ s->reg_intp &= (~INTP_ALM_ENABLE);
+ }
+ if (value & INTP_TICK_ENABLE) {
+ qemu_irq_lower(s->tick_irq);
+ s->reg_intp &= (~INTP_TICK_ENABLE);
+ }
+ break;
+ case RTCCON:
+ if (value & RTC_ENABLE) {
+ exynos4210_rtc_update_freq(s, value);
+ }
+ if ((value & RTC_ENABLE) > (s->reg_rtccon & RTC_ENABLE)) {
+ /* clock timer */
+ ptimer_set_count(s->ptimer_1Hz, RTC_BASE_FREQ);
+ ptimer_run(s->ptimer_1Hz, 1);
+ DPRINTF("run clock timer\n");
+ }
+ if ((value & RTC_ENABLE) < (s->reg_rtccon & RTC_ENABLE)) {
+ /* tick timer */
+ ptimer_stop(s->ptimer);
+ /* clock timer */
+ ptimer_stop(s->ptimer_1Hz);
+ DPRINTF("stop all timers\n");
+ }
+ if (value & RTC_ENABLE) {
+ if ((value & TICK_TIMER_ENABLE) >
+ (s->reg_rtccon & TICK_TIMER_ENABLE) &&
+ (s->reg_ticcnt)) {
+ ptimer_set_count(s->ptimer, s->reg_ticcnt);
+ ptimer_run(s->ptimer, 1);
+ DPRINTF("run tick timer\n");
+ }
+ if ((value & TICK_TIMER_ENABLE) <
+ (s->reg_rtccon & TICK_TIMER_ENABLE)) {
+ ptimer_stop(s->ptimer);
+ }
+ }
+ s->reg_rtccon = value;
+ break;
+ case TICCNT:
+ if (value > TICNT_THRESHHOLD) {
+ s->reg_ticcnt = value;
+ } else {
+ fprintf(stderr,
+ "[exynos4210.rtc: bad TICNT value %u ]\n",
+ (uint32_t)value);
+ }
+ break;
+
+ case RTCALM:
+ s->reg_rtcalm = value;
+ break;
+ case ALMSEC:
+ s->reg_almsec = (value & 0x7f);
+ break;
+ case ALMMIN:
+ s->reg_almmin = (value & 0x7f);
+ break;
+ case ALMHOUR:
+ s->reg_almhour = (value & 0x3f);
+ break;
+ case ALMDAY:
+ s->reg_almday = (value & 0x3f);
+ break;
+ case ALMMON:
+ s->reg_almmon = (value & 0x1f);
+ break;
+ case ALMYEAR:
+ s->reg_almyear = (value & 0x0fff);
+ break;
+
+ case BCDSEC:
+ if (s->reg_rtccon & RTC_ENABLE) {
+ s->current_tm.tm_sec = (int)from_bcd((uint8_t)value);
+ }
+ break;
+ case BCDMIN:
+ if (s->reg_rtccon & RTC_ENABLE) {
+ s->current_tm.tm_min = (int)from_bcd((uint8_t)value);
+ }
+ break;
+ case BCDHOUR:
+ if (s->reg_rtccon & RTC_ENABLE) {
+ s->current_tm.tm_hour = (int)from_bcd((uint8_t)value);
+ }
+ break;
+ case BCDDAYWEEK:
+ if (s->reg_rtccon & RTC_ENABLE) {
+ s->current_tm.tm_wday = (int)from_bcd((uint8_t)value);
+ }
+ break;
+ case BCDDAY:
+ if (s->reg_rtccon & RTC_ENABLE) {
+ s->current_tm.tm_mday = (int)from_bcd((uint8_t)value);
+ }
+ break;
+ case BCDMON:
+ if (s->reg_rtccon & RTC_ENABLE) {
+ s->current_tm.tm_mon = (int)from_bcd((uint8_t)value) - 1;
+ }
+ break;
+ case BCDYEAR:
+ if (s->reg_rtccon & RTC_ENABLE) {
+ /* 3 digits */
+ s->current_tm.tm_year = (int)from_bcd((uint8_t)value) +
+ (int)from_bcd((uint8_t)((value >> 8) & 0x0f)) * 100;
+ }
+ break;
+
+ default:
+ fprintf(stderr,
+ "[exynos4210.rtc: bad write offset " TARGET_FMT_plx "]\n",
+ offset);
+ break;
+
+ }
+}
+
+/*
+ * Set default values to timer fields and registers
+ */
+static void exynos4210_rtc_reset(DeviceState *d)
+{
+ Exynos4210RTCState *s = EXYNOS4210_RTC(d);
+
+ qemu_get_timedate(&s->current_tm, 0);
+
+ DPRINTF("Get time from host: %d-%d-%d %2d:%02d:%02d\n",
+ s->current_tm.tm_year, s->current_tm.tm_mon, s->current_tm.tm_mday,
+ s->current_tm.tm_hour, s->current_tm.tm_min, s->current_tm.tm_sec);
+
+ s->reg_intp = 0;
+ s->reg_rtccon = 0;
+ s->reg_ticcnt = 0;
+ s->reg_rtcalm = 0;
+ s->reg_almsec = 0;
+ s->reg_almmin = 0;
+ s->reg_almhour = 0;
+ s->reg_almday = 0;
+ s->reg_almmon = 0;
+ s->reg_almyear = 0;
+
+ s->reg_curticcnt = 0;
+
+ exynos4210_rtc_update_freq(s, s->reg_rtccon);
+ ptimer_stop(s->ptimer);
+ ptimer_stop(s->ptimer_1Hz);
+}
+
+static const MemoryRegionOps exynos4210_rtc_ops = {
+ .read = exynos4210_rtc_read,
+ .write = exynos4210_rtc_write,
+ .endianness = DEVICE_NATIVE_ENDIAN,
+};
+
+/*
+ * RTC timer initialization
+ */
+static int exynos4210_rtc_init(SysBusDevice *dev)
+{
+ Exynos4210RTCState *s = EXYNOS4210_RTC(dev);
+ QEMUBH *bh;
+
+ bh = qemu_bh_new(exynos4210_rtc_tick, s);
+ s->ptimer = ptimer_init(bh);
+ ptimer_set_freq(s->ptimer, RTC_BASE_FREQ);
+ exynos4210_rtc_update_freq(s, 0);
+
+ bh = qemu_bh_new(exynos4210_rtc_1Hz_tick, s);
+ s->ptimer_1Hz = ptimer_init(bh);
+ ptimer_set_freq(s->ptimer_1Hz, RTC_BASE_FREQ);
+
+ sysbus_init_irq(dev, &s->alm_irq);
+ sysbus_init_irq(dev, &s->tick_irq);
+
+ memory_region_init_io(&s->iomem, OBJECT(s), &exynos4210_rtc_ops, s,
+ "exynos4210-rtc", EXYNOS4210_RTC_REG_MEM_SIZE);
+ sysbus_init_mmio(dev, &s->iomem);
+
+ return 0;
+}
+
+static void exynos4210_rtc_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
+
+ k->init = exynos4210_rtc_init;
+ dc->reset = exynos4210_rtc_reset;
+ dc->vmsd = &vmstate_exynos4210_rtc_state;
+}
+
+static const TypeInfo exynos4210_rtc_info = {
+ .name = TYPE_EXYNOS4210_RTC,
+ .parent = TYPE_SYS_BUS_DEVICE,
+ .instance_size = sizeof(Exynos4210RTCState),
+ .class_init = exynos4210_rtc_class_init,
+};
+
+static void exynos4210_rtc_register_types(void)
+{
+ type_register_static(&exynos4210_rtc_info);
+}
+
+type_init(exynos4210_rtc_register_types)
diff --git a/hw/timer/grlib_gptimer.c b/hw/timer/grlib_gptimer.c
new file mode 100644
index 000000000..7c1055a99
--- /dev/null
+++ b/hw/timer/grlib_gptimer.c
@@ -0,0 +1,410 @@
+/*
+ * QEMU GRLIB GPTimer Emulator
+ *
+ * Copyright (c) 2010-2011 AdaCore
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+#include "hw/sysbus.h"
+#include "qemu/timer.h"
+#include "hw/ptimer.h"
+
+#include "trace.h"
+
+#define UNIT_REG_SIZE 16 /* Size of memory mapped regs for the unit */
+#define GPTIMER_REG_SIZE 16 /* Size of memory mapped regs for a GPTimer */
+
+#define GPTIMER_MAX_TIMERS 8
+
+/* GPTimer Config register fields */
+#define GPTIMER_ENABLE (1 << 0)
+#define GPTIMER_RESTART (1 << 1)
+#define GPTIMER_LOAD (1 << 2)
+#define GPTIMER_INT_ENABLE (1 << 3)
+#define GPTIMER_INT_PENDING (1 << 4)
+#define GPTIMER_CHAIN (1 << 5) /* Not supported */
+#define GPTIMER_DEBUG_HALT (1 << 6) /* Not supported */
+
+/* Memory mapped register offsets */
+#define SCALER_OFFSET 0x00
+#define SCALER_RELOAD_OFFSET 0x04
+#define CONFIG_OFFSET 0x08
+#define COUNTER_OFFSET 0x00
+#define COUNTER_RELOAD_OFFSET 0x04
+#define TIMER_BASE 0x10
+
+#define TYPE_GRLIB_GPTIMER "grlib,gptimer"
+#define GRLIB_GPTIMER(obj) \
+ OBJECT_CHECK(GPTimerUnit, (obj), TYPE_GRLIB_GPTIMER)
+
+typedef struct GPTimer GPTimer;
+typedef struct GPTimerUnit GPTimerUnit;
+
+struct GPTimer {
+ QEMUBH *bh;
+ struct ptimer_state *ptimer;
+
+ qemu_irq irq;
+ int id;
+ GPTimerUnit *unit;
+
+ /* registers */
+ uint32_t counter;
+ uint32_t reload;
+ uint32_t config;
+};
+
+struct GPTimerUnit {
+ SysBusDevice parent_obj;
+
+ MemoryRegion iomem;
+
+ uint32_t nr_timers; /* Number of timers available */
+ uint32_t freq_hz; /* System frequency */
+ uint32_t irq_line; /* Base irq line */
+
+ GPTimer *timers;
+
+ /* registers */
+ uint32_t scaler;
+ uint32_t reload;
+ uint32_t config;
+};
+
+static void grlib_gptimer_enable(GPTimer *timer)
+{
+ assert(timer != NULL);
+
+
+ ptimer_stop(timer->ptimer);
+
+ if (!(timer->config & GPTIMER_ENABLE)) {
+ /* Timer disabled */
+ trace_grlib_gptimer_disabled(timer->id, timer->config);
+ return;
+ }
+
+ /* ptimer is triggered when the counter reach 0 but GPTimer is triggered at
+ underflow. Set count + 1 to simulate the GPTimer behavior. */
+
+ trace_grlib_gptimer_enable(timer->id, timer->counter + 1);
+
+ ptimer_set_count(timer->ptimer, timer->counter + 1);
+ ptimer_run(timer->ptimer, 1);
+}
+
+static void grlib_gptimer_restart(GPTimer *timer)
+{
+ assert(timer != NULL);
+
+ trace_grlib_gptimer_restart(timer->id, timer->reload);
+
+ timer->counter = timer->reload;
+ grlib_gptimer_enable(timer);
+}
+
+static void grlib_gptimer_set_scaler(GPTimerUnit *unit, uint32_t scaler)
+{
+ int i = 0;
+ uint32_t value = 0;
+
+ assert(unit != NULL);
+
+ if (scaler > 0) {
+ value = unit->freq_hz / (scaler + 1);
+ } else {
+ value = unit->freq_hz;
+ }
+
+ trace_grlib_gptimer_set_scaler(scaler, value);
+
+ for (i = 0; i < unit->nr_timers; i++) {
+ ptimer_set_freq(unit->timers[i].ptimer, value);
+ }
+}
+
+static void grlib_gptimer_hit(void *opaque)
+{
+ GPTimer *timer = opaque;
+ assert(timer != NULL);
+
+ trace_grlib_gptimer_hit(timer->id);
+
+ /* Timer expired */
+
+ if (timer->config & GPTIMER_INT_ENABLE) {
+ /* Set the pending bit (only unset by write in the config register) */
+ timer->config |= GPTIMER_INT_PENDING;
+ qemu_irq_pulse(timer->irq);
+ }
+
+ if (timer->config & GPTIMER_RESTART) {
+ grlib_gptimer_restart(timer);
+ }
+}
+
+static uint64_t grlib_gptimer_read(void *opaque, hwaddr addr,
+ unsigned size)
+{
+ GPTimerUnit *unit = opaque;
+ hwaddr timer_addr;
+ int id;
+ uint32_t value = 0;
+
+ addr &= 0xff;
+
+ /* Unit registers */
+ switch (addr) {
+ case SCALER_OFFSET:
+ trace_grlib_gptimer_readl(-1, addr, unit->scaler);
+ return unit->scaler;
+
+ case SCALER_RELOAD_OFFSET:
+ trace_grlib_gptimer_readl(-1, addr, unit->reload);
+ return unit->reload;
+
+ case CONFIG_OFFSET:
+ trace_grlib_gptimer_readl(-1, addr, unit->config);
+ return unit->config;
+
+ default:
+ break;
+ }
+
+ timer_addr = (addr % TIMER_BASE);
+ id = (addr - TIMER_BASE) / TIMER_BASE;
+
+ if (id >= 0 && id < unit->nr_timers) {
+
+ /* GPTimer registers */
+ switch (timer_addr) {
+ case COUNTER_OFFSET:
+ value = ptimer_get_count(unit->timers[id].ptimer);
+ trace_grlib_gptimer_readl(id, addr, value);
+ return value;
+
+ case COUNTER_RELOAD_OFFSET:
+ value = unit->timers[id].reload;
+ trace_grlib_gptimer_readl(id, addr, value);
+ return value;
+
+ case CONFIG_OFFSET:
+ trace_grlib_gptimer_readl(id, addr, unit->timers[id].config);
+ return unit->timers[id].config;
+
+ default:
+ break;
+ }
+
+ }
+
+ trace_grlib_gptimer_readl(-1, addr, 0);
+ return 0;
+}
+
+static void grlib_gptimer_write(void *opaque, hwaddr addr,
+ uint64_t value, unsigned size)
+{
+ GPTimerUnit *unit = opaque;
+ hwaddr timer_addr;
+ int id;
+
+ addr &= 0xff;
+
+ /* Unit registers */
+ switch (addr) {
+ case SCALER_OFFSET:
+ value &= 0xFFFF; /* clean up the value */
+ unit->scaler = value;
+ trace_grlib_gptimer_writel(-1, addr, unit->scaler);
+ return;
+
+ case SCALER_RELOAD_OFFSET:
+ value &= 0xFFFF; /* clean up the value */
+ unit->reload = value;
+ trace_grlib_gptimer_writel(-1, addr, unit->reload);
+ grlib_gptimer_set_scaler(unit, value);
+ return;
+
+ case CONFIG_OFFSET:
+ /* Read Only (disable timer freeze not supported) */
+ trace_grlib_gptimer_writel(-1, addr, 0);
+ return;
+
+ default:
+ break;
+ }
+
+ timer_addr = (addr % TIMER_BASE);
+ id = (addr - TIMER_BASE) / TIMER_BASE;
+
+ if (id >= 0 && id < unit->nr_timers) {
+
+ /* GPTimer registers */
+ switch (timer_addr) {
+ case COUNTER_OFFSET:
+ trace_grlib_gptimer_writel(id, addr, value);
+ unit->timers[id].counter = value;
+ grlib_gptimer_enable(&unit->timers[id]);
+ return;
+
+ case COUNTER_RELOAD_OFFSET:
+ trace_grlib_gptimer_writel(id, addr, value);
+ unit->timers[id].reload = value;
+ return;
+
+ case CONFIG_OFFSET:
+ trace_grlib_gptimer_writel(id, addr, value);
+
+ if (value & GPTIMER_INT_PENDING) {
+ /* clear pending bit */
+ value &= ~GPTIMER_INT_PENDING;
+ } else {
+ /* keep pending bit */
+ value |= unit->timers[id].config & GPTIMER_INT_PENDING;
+ }
+
+ unit->timers[id].config = value;
+
+ /* gptimer_restart calls gptimer_enable, so if "enable" and "load"
+ bits are present, we just have to call restart. */
+
+ if (value & GPTIMER_LOAD) {
+ grlib_gptimer_restart(&unit->timers[id]);
+ } else if (value & GPTIMER_ENABLE) {
+ grlib_gptimer_enable(&unit->timers[id]);
+ }
+
+ /* These fields must always be read as 0 */
+ value &= ~(GPTIMER_LOAD & GPTIMER_DEBUG_HALT);
+
+ unit->timers[id].config = value;
+ return;
+
+ default:
+ break;
+ }
+
+ }
+
+ trace_grlib_gptimer_writel(-1, addr, value);
+}
+
+static const MemoryRegionOps grlib_gptimer_ops = {
+ .read = grlib_gptimer_read,
+ .write = grlib_gptimer_write,
+ .endianness = DEVICE_NATIVE_ENDIAN,
+ .valid = {
+ .min_access_size = 4,
+ .max_access_size = 4,
+ },
+};
+
+static void grlib_gptimer_reset(DeviceState *d)
+{
+ GPTimerUnit *unit = GRLIB_GPTIMER(d);
+ int i = 0;
+
+ assert(unit != NULL);
+
+ unit->scaler = 0;
+ unit->reload = 0;
+ unit->config = 0;
+
+ unit->config = unit->nr_timers;
+ unit->config |= unit->irq_line << 3;
+ unit->config |= 1 << 8; /* separate interrupt */
+ unit->config |= 1 << 9; /* Disable timer freeze */
+
+
+ for (i = 0; i < unit->nr_timers; i++) {
+ GPTimer *timer = &unit->timers[i];
+
+ timer->counter = 0;
+ timer->reload = 0;
+ timer->config = 0;
+ ptimer_stop(timer->ptimer);
+ ptimer_set_count(timer->ptimer, 0);
+ ptimer_set_freq(timer->ptimer, unit->freq_hz);
+ }
+}
+
+static int grlib_gptimer_init(SysBusDevice *dev)
+{
+ GPTimerUnit *unit = GRLIB_GPTIMER(dev);
+ unsigned int i;
+
+ assert(unit->nr_timers > 0);
+ assert(unit->nr_timers <= GPTIMER_MAX_TIMERS);
+
+ unit->timers = g_malloc0(sizeof unit->timers[0] * unit->nr_timers);
+
+ for (i = 0; i < unit->nr_timers; i++) {
+ GPTimer *timer = &unit->timers[i];
+
+ timer->unit = unit;
+ timer->bh = qemu_bh_new(grlib_gptimer_hit, timer);
+ timer->ptimer = ptimer_init(timer->bh);
+ timer->id = i;
+
+ /* One IRQ line for each timer */
+ sysbus_init_irq(dev, &timer->irq);
+
+ ptimer_set_freq(timer->ptimer, unit->freq_hz);
+ }
+
+ memory_region_init_io(&unit->iomem, OBJECT(unit), &grlib_gptimer_ops,
+ unit, "gptimer",
+ UNIT_REG_SIZE + GPTIMER_REG_SIZE * unit->nr_timers);
+
+ sysbus_init_mmio(dev, &unit->iomem);
+ return 0;
+}
+
+static Property grlib_gptimer_properties[] = {
+ DEFINE_PROP_UINT32("frequency", GPTimerUnit, freq_hz, 40000000),
+ DEFINE_PROP_UINT32("irq-line", GPTimerUnit, irq_line, 8),
+ DEFINE_PROP_UINT32("nr-timers", GPTimerUnit, nr_timers, 2),
+ DEFINE_PROP_END_OF_LIST(),
+};
+
+static void grlib_gptimer_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
+
+ k->init = grlib_gptimer_init;
+ dc->reset = grlib_gptimer_reset;
+ dc->props = grlib_gptimer_properties;
+}
+
+static const TypeInfo grlib_gptimer_info = {
+ .name = TYPE_GRLIB_GPTIMER,
+ .parent = TYPE_SYS_BUS_DEVICE,
+ .instance_size = sizeof(GPTimerUnit),
+ .class_init = grlib_gptimer_class_init,
+};
+
+static void grlib_gptimer_register_types(void)
+{
+ type_register_static(&grlib_gptimer_info);
+}
+
+type_init(grlib_gptimer_register_types)
diff --git a/hw/timer/hpet.c b/hw/timer/hpet.c
new file mode 100644
index 000000000..648b38362
--- /dev/null
+++ b/hw/timer/hpet.c
@@ -0,0 +1,773 @@
+/*
+ * High Precisition Event Timer emulation
+ *
+ * Copyright (c) 2007 Alexander Graf
+ * Copyright (c) 2008 IBM Corporation
+ *
+ * Authors: Beth Kon <bkon@us.ibm.com>
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, see <http://www.gnu.org/licenses/>.
+ *
+ * *****************************************************************
+ *
+ * This driver attempts to emulate an HPET device in software.
+ */
+
+#include "hw/hw.h"
+#include "hw/i386/pc.h"
+#include "ui/console.h"
+#include "qemu/timer.h"
+#include "hw/timer/hpet.h"
+#include "hw/sysbus.h"
+#include "hw/timer/mc146818rtc.h"
+#include "hw/timer/i8254.h"
+
+//#define HPET_DEBUG
+#ifdef HPET_DEBUG
+#define DPRINTF printf
+#else
+#define DPRINTF(...)
+#endif
+
+#define HPET_MSI_SUPPORT 0
+
+#define TYPE_HPET "hpet"
+#define HPET(obj) OBJECT_CHECK(HPETState, (obj), TYPE_HPET)
+
+struct HPETState;
+typedef struct HPETTimer { /* timers */
+ uint8_t tn; /*timer number*/
+ QEMUTimer *qemu_timer;
+ struct HPETState *state;
+ /* Memory-mapped, software visible timer registers */
+ uint64_t config; /* configuration/cap */
+ uint64_t cmp; /* comparator */
+ uint64_t fsb; /* FSB route */
+ /* Hidden register state */
+ uint64_t period; /* Last value written to comparator */
+ uint8_t wrap_flag; /* timer pop will indicate wrap for one-shot 32-bit
+ * mode. Next pop will be actual timer expiration.
+ */
+} HPETTimer;
+
+typedef struct HPETState {
+ /*< private >*/
+ SysBusDevice parent_obj;
+ /*< public >*/
+
+ MemoryRegion iomem;
+ uint64_t hpet_offset;
+ qemu_irq irqs[HPET_NUM_IRQ_ROUTES];
+ uint32_t flags;
+ uint8_t rtc_irq_level;
+ qemu_irq pit_enabled;
+ uint8_t num_timers;
+ HPETTimer timer[HPET_MAX_TIMERS];
+
+ /* Memory-mapped, software visible registers */
+ uint64_t capability; /* capabilities */
+ uint64_t config; /* configuration */
+ uint64_t isr; /* interrupt status reg */
+ uint64_t hpet_counter; /* main counter */
+ uint8_t hpet_id; /* instance id */
+} HPETState;
+
+static uint32_t hpet_in_legacy_mode(HPETState *s)
+{
+ return s->config & HPET_CFG_LEGACY;
+}
+
+static uint32_t timer_int_route(struct HPETTimer *timer)
+{
+ return (timer->config & HPET_TN_INT_ROUTE_MASK) >> HPET_TN_INT_ROUTE_SHIFT;
+}
+
+static uint32_t timer_fsb_route(HPETTimer *t)
+{
+ return t->config & HPET_TN_FSB_ENABLE;
+}
+
+static uint32_t hpet_enabled(HPETState *s)
+{
+ return s->config & HPET_CFG_ENABLE;
+}
+
+static uint32_t timer_is_periodic(HPETTimer *t)
+{
+ return t->config & HPET_TN_PERIODIC;
+}
+
+static uint32_t timer_enabled(HPETTimer *t)
+{
+ return t->config & HPET_TN_ENABLE;
+}
+
+static uint32_t hpet_time_after(uint64_t a, uint64_t b)
+{
+ return ((int32_t)(b) - (int32_t)(a) < 0);
+}
+
+static uint32_t hpet_time_after64(uint64_t a, uint64_t b)
+{
+ return ((int64_t)(b) - (int64_t)(a) < 0);
+}
+
+static uint64_t ticks_to_ns(uint64_t value)
+{
+ return (muldiv64(value, HPET_CLK_PERIOD, FS_PER_NS));
+}
+
+static uint64_t ns_to_ticks(uint64_t value)
+{
+ return (muldiv64(value, FS_PER_NS, HPET_CLK_PERIOD));
+}
+
+static uint64_t hpet_fixup_reg(uint64_t new, uint64_t old, uint64_t mask)
+{
+ new &= mask;
+ new |= old & ~mask;
+ return new;
+}
+
+static int activating_bit(uint64_t old, uint64_t new, uint64_t mask)
+{
+ return (!(old & mask) && (new & mask));
+}
+
+static int deactivating_bit(uint64_t old, uint64_t new, uint64_t mask)
+{
+ return ((old & mask) && !(new & mask));
+}
+
+static uint64_t hpet_get_ticks(HPETState *s)
+{
+ return ns_to_ticks(qemu_get_clock_ns(vm_clock) + s->hpet_offset);
+}
+
+/*
+ * calculate diff between comparator value and current ticks
+ */
+static inline uint64_t hpet_calculate_diff(HPETTimer *t, uint64_t current)
+{
+
+ if (t->config & HPET_TN_32BIT) {
+ uint32_t diff, cmp;
+
+ cmp = (uint32_t)t->cmp;
+ diff = cmp - (uint32_t)current;
+ diff = (int32_t)diff > 0 ? diff : (uint32_t)1;
+ return (uint64_t)diff;
+ } else {
+ uint64_t diff, cmp;
+
+ cmp = t->cmp;
+ diff = cmp - current;
+ diff = (int64_t)diff > 0 ? diff : (uint64_t)1;
+ return diff;
+ }
+}
+
+static void update_irq(struct HPETTimer *timer, int set)
+{
+ uint64_t mask;
+ HPETState *s;
+ int route;
+
+ if (timer->tn <= 1 && hpet_in_legacy_mode(timer->state)) {
+ /* if LegacyReplacementRoute bit is set, HPET specification requires
+ * timer0 be routed to IRQ0 in NON-APIC or IRQ2 in the I/O APIC,
+ * timer1 be routed to IRQ8 in NON-APIC or IRQ8 in the I/O APIC.
+ */
+ route = (timer->tn == 0) ? 0 : RTC_ISA_IRQ;
+ } else {
+ route = timer_int_route(timer);
+ }
+ s = timer->state;
+ mask = 1 << timer->tn;
+ if (!set || !timer_enabled(timer) || !hpet_enabled(timer->state)) {
+ s->isr &= ~mask;
+ if (!timer_fsb_route(timer)) {
+ qemu_irq_lower(s->irqs[route]);
+ }
+ } else if (timer_fsb_route(timer)) {
+ stl_le_phys(timer->fsb >> 32, timer->fsb & 0xffffffff);
+ } else if (timer->config & HPET_TN_TYPE_LEVEL) {
+ s->isr |= mask;
+ qemu_irq_raise(s->irqs[route]);
+ } else {
+ s->isr &= ~mask;
+ qemu_irq_pulse(s->irqs[route]);
+ }
+}
+
+static void hpet_pre_save(void *opaque)
+{
+ HPETState *s = opaque;
+
+ /* save current counter value */
+ s->hpet_counter = hpet_get_ticks(s);
+}
+
+static int hpet_pre_load(void *opaque)
+{
+ HPETState *s = opaque;
+
+ /* version 1 only supports 3, later versions will load the actual value */
+ s->num_timers = HPET_MIN_TIMERS;
+ return 0;
+}
+
+static int hpet_post_load(void *opaque, int version_id)
+{
+ HPETState *s = opaque;
+
+ /* Recalculate the offset between the main counter and guest time */
+ s->hpet_offset = ticks_to_ns(s->hpet_counter) - qemu_get_clock_ns(vm_clock);
+
+ /* Push number of timers into capability returned via HPET_ID */
+ s->capability &= ~HPET_ID_NUM_TIM_MASK;
+ s->capability |= (s->num_timers - 1) << HPET_ID_NUM_TIM_SHIFT;
+ hpet_cfg.hpet[s->hpet_id].event_timer_block_id = (uint32_t)s->capability;
+
+ /* Derive HPET_MSI_SUPPORT from the capability of the first timer. */
+ s->flags &= ~(1 << HPET_MSI_SUPPORT);
+ if (s->timer[0].config & HPET_TN_FSB_CAP) {
+ s->flags |= 1 << HPET_MSI_SUPPORT;
+ }
+ return 0;
+}
+
+static bool hpet_rtc_irq_level_needed(void *opaque)
+{
+ HPETState *s = opaque;
+
+ return s->rtc_irq_level != 0;
+}
+
+static const VMStateDescription vmstate_hpet_rtc_irq_level = {
+ .name = "hpet/rtc_irq_level",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .minimum_version_id_old = 1,
+ .fields = (VMStateField[]) {
+ VMSTATE_UINT8(rtc_irq_level, HPETState),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+static const VMStateDescription vmstate_hpet_timer = {
+ .name = "hpet_timer",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .minimum_version_id_old = 1,
+ .fields = (VMStateField []) {
+ VMSTATE_UINT8(tn, HPETTimer),
+ VMSTATE_UINT64(config, HPETTimer),
+ VMSTATE_UINT64(cmp, HPETTimer),
+ VMSTATE_UINT64(fsb, HPETTimer),
+ VMSTATE_UINT64(period, HPETTimer),
+ VMSTATE_UINT8(wrap_flag, HPETTimer),
+ VMSTATE_TIMER(qemu_timer, HPETTimer),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+static const VMStateDescription vmstate_hpet = {
+ .name = "hpet",
+ .version_id = 2,
+ .minimum_version_id = 1,
+ .minimum_version_id_old = 1,
+ .pre_save = hpet_pre_save,
+ .pre_load = hpet_pre_load,
+ .post_load = hpet_post_load,
+ .fields = (VMStateField []) {
+ VMSTATE_UINT64(config, HPETState),
+ VMSTATE_UINT64(isr, HPETState),
+ VMSTATE_UINT64(hpet_counter, HPETState),
+ VMSTATE_UINT8_V(num_timers, HPETState, 2),
+ VMSTATE_STRUCT_VARRAY_UINT8(timer, HPETState, num_timers, 0,
+ vmstate_hpet_timer, HPETTimer),
+ VMSTATE_END_OF_LIST()
+ },
+ .subsections = (VMStateSubsection[]) {
+ {
+ .vmsd = &vmstate_hpet_rtc_irq_level,
+ .needed = hpet_rtc_irq_level_needed,
+ }, {
+ /* empty */
+ }
+ }
+};
+
+/*
+ * timer expiration callback
+ */
+static void hpet_timer(void *opaque)
+{
+ HPETTimer *t = opaque;
+ uint64_t diff;
+
+ uint64_t period = t->period;
+ uint64_t cur_tick = hpet_get_ticks(t->state);
+
+ if (timer_is_periodic(t) && period != 0) {
+ if (t->config & HPET_TN_32BIT) {
+ while (hpet_time_after(cur_tick, t->cmp)) {
+ t->cmp = (uint32_t)(t->cmp + t->period);
+ }
+ } else {
+ while (hpet_time_after64(cur_tick, t->cmp)) {
+ t->cmp += period;
+ }
+ }
+ diff = hpet_calculate_diff(t, cur_tick);
+ qemu_mod_timer(t->qemu_timer,
+ qemu_get_clock_ns(vm_clock) + (int64_t)ticks_to_ns(diff));
+ } else if (t->config & HPET_TN_32BIT && !timer_is_periodic(t)) {
+ if (t->wrap_flag) {
+ diff = hpet_calculate_diff(t, cur_tick);
+ qemu_mod_timer(t->qemu_timer, qemu_get_clock_ns(vm_clock) +
+ (int64_t)ticks_to_ns(diff));
+ t->wrap_flag = 0;
+ }
+ }
+ update_irq(t, 1);
+}
+
+static void hpet_set_timer(HPETTimer *t)
+{
+ uint64_t diff;
+ uint32_t wrap_diff; /* how many ticks until we wrap? */
+ uint64_t cur_tick = hpet_get_ticks(t->state);
+
+ /* whenever new timer is being set up, make sure wrap_flag is 0 */
+ t->wrap_flag = 0;
+ diff = hpet_calculate_diff(t, cur_tick);
+
+ /* hpet spec says in one-shot 32-bit mode, generate an interrupt when
+ * counter wraps in addition to an interrupt with comparator match.
+ */
+ if (t->config & HPET_TN_32BIT && !timer_is_periodic(t)) {
+ wrap_diff = 0xffffffff - (uint32_t)cur_tick;
+ if (wrap_diff < (uint32_t)diff) {
+ diff = wrap_diff;
+ t->wrap_flag = 1;
+ }
+ }
+ qemu_mod_timer(t->qemu_timer,
+ qemu_get_clock_ns(vm_clock) + (int64_t)ticks_to_ns(diff));
+}
+
+static void hpet_del_timer(HPETTimer *t)
+{
+ qemu_del_timer(t->qemu_timer);
+ update_irq(t, 0);
+}
+
+#ifdef HPET_DEBUG
+static uint32_t hpet_ram_readb(void *opaque, hwaddr addr)
+{
+ printf("qemu: hpet_read b at %" PRIx64 "\n", addr);
+ return 0;
+}
+
+static uint32_t hpet_ram_readw(void *opaque, hwaddr addr)
+{
+ printf("qemu: hpet_read w at %" PRIx64 "\n", addr);
+ return 0;
+}
+#endif
+
+static uint64_t hpet_ram_read(void *opaque, hwaddr addr,
+ unsigned size)
+{
+ HPETState *s = opaque;
+ uint64_t cur_tick, index;
+
+ DPRINTF("qemu: Enter hpet_ram_readl at %" PRIx64 "\n", addr);
+ index = addr;
+ /*address range of all TN regs*/
+ if (index >= 0x100 && index <= 0x3ff) {
+ uint8_t timer_id = (addr - 0x100) / 0x20;
+ HPETTimer *timer = &s->timer[timer_id];
+
+ if (timer_id > s->num_timers) {
+ DPRINTF("qemu: timer id out of range\n");
+ return 0;
+ }
+
+ switch ((addr - 0x100) % 0x20) {
+ case HPET_TN_CFG:
+ return timer->config;
+ case HPET_TN_CFG + 4: // Interrupt capabilities
+ return timer->config >> 32;
+ case HPET_TN_CMP: // comparator register
+ return timer->cmp;
+ case HPET_TN_CMP + 4:
+ return timer->cmp >> 32;
+ case HPET_TN_ROUTE:
+ return timer->fsb;
+ case HPET_TN_ROUTE + 4:
+ return timer->fsb >> 32;
+ default:
+ DPRINTF("qemu: invalid hpet_ram_readl\n");
+ break;
+ }
+ } else {
+ switch (index) {
+ case HPET_ID:
+ return s->capability;
+ case HPET_PERIOD:
+ return s->capability >> 32;
+ case HPET_CFG:
+ return s->config;
+ case HPET_CFG + 4:
+ DPRINTF("qemu: invalid HPET_CFG + 4 hpet_ram_readl\n");
+ return 0;
+ case HPET_COUNTER:
+ if (hpet_enabled(s)) {
+ cur_tick = hpet_get_ticks(s);
+ } else {
+ cur_tick = s->hpet_counter;
+ }
+ DPRINTF("qemu: reading counter = %" PRIx64 "\n", cur_tick);
+ return cur_tick;
+ case HPET_COUNTER + 4:
+ if (hpet_enabled(s)) {
+ cur_tick = hpet_get_ticks(s);
+ } else {
+ cur_tick = s->hpet_counter;
+ }
+ DPRINTF("qemu: reading counter + 4 = %" PRIx64 "\n", cur_tick);
+ return cur_tick >> 32;
+ case HPET_STATUS:
+ return s->isr;
+ default:
+ DPRINTF("qemu: invalid hpet_ram_readl\n");
+ break;
+ }
+ }
+ return 0;
+}
+
+static void hpet_ram_write(void *opaque, hwaddr addr,
+ uint64_t value, unsigned size)
+{
+ int i;
+ HPETState *s = opaque;
+ uint64_t old_val, new_val, val, index;
+
+ DPRINTF("qemu: Enter hpet_ram_writel at %" PRIx64 " = %#x\n", addr, value);
+ index = addr;
+ old_val = hpet_ram_read(opaque, addr, 4);
+ new_val = value;
+
+ /*address range of all TN regs*/
+ if (index >= 0x100 && index <= 0x3ff) {
+ uint8_t timer_id = (addr - 0x100) / 0x20;
+ HPETTimer *timer = &s->timer[timer_id];
+
+ DPRINTF("qemu: hpet_ram_writel timer_id = %#x\n", timer_id);
+ if (timer_id > s->num_timers) {
+ DPRINTF("qemu: timer id out of range\n");
+ return;
+ }
+ switch ((addr - 0x100) % 0x20) {
+ case HPET_TN_CFG:
+ DPRINTF("qemu: hpet_ram_writel HPET_TN_CFG\n");
+ if (activating_bit(old_val, new_val, HPET_TN_FSB_ENABLE)) {
+ update_irq(timer, 0);
+ }
+ val = hpet_fixup_reg(new_val, old_val, HPET_TN_CFG_WRITE_MASK);
+ timer->config = (timer->config & 0xffffffff00000000ULL) | val;
+ if (new_val & HPET_TN_32BIT) {
+ timer->cmp = (uint32_t)timer->cmp;
+ timer->period = (uint32_t)timer->period;
+ }
+ if (activating_bit(old_val, new_val, HPET_TN_ENABLE)) {
+ hpet_set_timer(timer);
+ } else if (deactivating_bit(old_val, new_val, HPET_TN_ENABLE)) {
+ hpet_del_timer(timer);
+ }
+ break;
+ case HPET_TN_CFG + 4: // Interrupt capabilities
+ DPRINTF("qemu: invalid HPET_TN_CFG+4 write\n");
+ break;
+ case HPET_TN_CMP: // comparator register
+ DPRINTF("qemu: hpet_ram_writel HPET_TN_CMP\n");
+ if (timer->config & HPET_TN_32BIT) {
+ new_val = (uint32_t)new_val;
+ }
+ if (!timer_is_periodic(timer)
+ || (timer->config & HPET_TN_SETVAL)) {
+ timer->cmp = (timer->cmp & 0xffffffff00000000ULL) | new_val;
+ }
+ if (timer_is_periodic(timer)) {
+ /*
+ * FIXME: Clamp period to reasonable min value?
+ * Clamp period to reasonable max value
+ */
+ new_val &= (timer->config & HPET_TN_32BIT ? ~0u : ~0ull) >> 1;
+ timer->period =
+ (timer->period & 0xffffffff00000000ULL) | new_val;
+ }
+ timer->config &= ~HPET_TN_SETVAL;
+ if (hpet_enabled(s)) {
+ hpet_set_timer(timer);
+ }
+ break;
+ case HPET_TN_CMP + 4: // comparator register high order
+ DPRINTF("qemu: hpet_ram_writel HPET_TN_CMP + 4\n");
+ if (!timer_is_periodic(timer)
+ || (timer->config & HPET_TN_SETVAL)) {
+ timer->cmp = (timer->cmp & 0xffffffffULL) | new_val << 32;
+ } else {
+ /*
+ * FIXME: Clamp period to reasonable min value?
+ * Clamp period to reasonable max value
+ */
+ new_val &= (timer->config & HPET_TN_32BIT ? ~0u : ~0ull) >> 1;
+ timer->period =
+ (timer->period & 0xffffffffULL) | new_val << 32;
+ }
+ timer->config &= ~HPET_TN_SETVAL;
+ if (hpet_enabled(s)) {
+ hpet_set_timer(timer);
+ }
+ break;
+ case HPET_TN_ROUTE:
+ timer->fsb = (timer->fsb & 0xffffffff00000000ULL) | new_val;
+ break;
+ case HPET_TN_ROUTE + 4:
+ timer->fsb = (new_val << 32) | (timer->fsb & 0xffffffff);
+ break;
+ default:
+ DPRINTF("qemu: invalid hpet_ram_writel\n");
+ break;
+ }
+ return;
+ } else {
+ switch (index) {
+ case HPET_ID:
+ return;
+ case HPET_CFG:
+ val = hpet_fixup_reg(new_val, old_val, HPET_CFG_WRITE_MASK);
+ s->config = (s->config & 0xffffffff00000000ULL) | val;
+ if (activating_bit(old_val, new_val, HPET_CFG_ENABLE)) {
+ /* Enable main counter and interrupt generation. */
+ s->hpet_offset =
+ ticks_to_ns(s->hpet_counter) - qemu_get_clock_ns(vm_clock);
+ for (i = 0; i < s->num_timers; i++) {
+ if ((&s->timer[i])->cmp != ~0ULL) {
+ hpet_set_timer(&s->timer[i]);
+ }
+ }
+ } else if (deactivating_bit(old_val, new_val, HPET_CFG_ENABLE)) {
+ /* Halt main counter and disable interrupt generation. */
+ s->hpet_counter = hpet_get_ticks(s);
+ for (i = 0; i < s->num_timers; i++) {
+ hpet_del_timer(&s->timer[i]);
+ }
+ }
+ /* i8254 and RTC output pins are disabled
+ * when HPET is in legacy mode */
+ if (activating_bit(old_val, new_val, HPET_CFG_LEGACY)) {
+ qemu_set_irq(s->pit_enabled, 0);
+ qemu_irq_lower(s->irqs[0]);
+ qemu_irq_lower(s->irqs[RTC_ISA_IRQ]);
+ } else if (deactivating_bit(old_val, new_val, HPET_CFG_LEGACY)) {
+ qemu_irq_lower(s->irqs[0]);
+ qemu_set_irq(s->pit_enabled, 1);
+ qemu_set_irq(s->irqs[RTC_ISA_IRQ], s->rtc_irq_level);
+ }
+ break;
+ case HPET_CFG + 4:
+ DPRINTF("qemu: invalid HPET_CFG+4 write\n");
+ break;
+ case HPET_STATUS:
+ val = new_val & s->isr;
+ for (i = 0; i < s->num_timers; i++) {
+ if (val & (1 << i)) {
+ update_irq(&s->timer[i], 0);
+ }
+ }
+ break;
+ case HPET_COUNTER:
+ if (hpet_enabled(s)) {
+ DPRINTF("qemu: Writing counter while HPET enabled!\n");
+ }
+ s->hpet_counter =
+ (s->hpet_counter & 0xffffffff00000000ULL) | value;
+ DPRINTF("qemu: HPET counter written. ctr = %#x -> %" PRIx64 "\n",
+ value, s->hpet_counter);
+ break;
+ case HPET_COUNTER + 4:
+ if (hpet_enabled(s)) {
+ DPRINTF("qemu: Writing counter while HPET enabled!\n");
+ }
+ s->hpet_counter =
+ (s->hpet_counter & 0xffffffffULL) | (((uint64_t)value) << 32);
+ DPRINTF("qemu: HPET counter + 4 written. ctr = %#x -> %" PRIx64 "\n",
+ value, s->hpet_counter);
+ break;
+ default:
+ DPRINTF("qemu: invalid hpet_ram_writel\n");
+ break;
+ }
+ }
+}
+
+static const MemoryRegionOps hpet_ram_ops = {
+ .read = hpet_ram_read,
+ .write = hpet_ram_write,
+ .valid = {
+ .min_access_size = 4,
+ .max_access_size = 4,
+ },
+ .endianness = DEVICE_NATIVE_ENDIAN,
+};
+
+static void hpet_reset(DeviceState *d)
+{
+ HPETState *s = HPET(d);
+ SysBusDevice *sbd = SYS_BUS_DEVICE(d);
+ int i;
+
+ for (i = 0; i < s->num_timers; i++) {
+ HPETTimer *timer = &s->timer[i];
+
+ hpet_del_timer(timer);
+ timer->cmp = ~0ULL;
+ timer->config = HPET_TN_PERIODIC_CAP | HPET_TN_SIZE_CAP;
+ if (s->flags & (1 << HPET_MSI_SUPPORT)) {
+ timer->config |= HPET_TN_FSB_CAP;
+ }
+ /* advertise availability of ioapic inti2 */
+ timer->config |= 0x00000004ULL << 32;
+ timer->period = 0ULL;
+ timer->wrap_flag = 0;
+ }
+
+ qemu_set_irq(s->pit_enabled, 1);
+ s->hpet_counter = 0ULL;
+ s->hpet_offset = 0ULL;
+ s->config = 0ULL;
+ hpet_cfg.hpet[s->hpet_id].event_timer_block_id = (uint32_t)s->capability;
+ hpet_cfg.hpet[s->hpet_id].address = sbd->mmio[0].addr;
+
+ /* to document that the RTC lowers its output on reset as well */
+ s->rtc_irq_level = 0;
+}
+
+static void hpet_handle_legacy_irq(void *opaque, int n, int level)
+{
+ HPETState *s = HPET(opaque);
+
+ if (n == HPET_LEGACY_PIT_INT) {
+ if (!hpet_in_legacy_mode(s)) {
+ qemu_set_irq(s->irqs[0], level);
+ }
+ } else {
+ s->rtc_irq_level = level;
+ if (!hpet_in_legacy_mode(s)) {
+ qemu_set_irq(s->irqs[RTC_ISA_IRQ], level);
+ }
+ }
+}
+
+static void hpet_init(Object *obj)
+{
+ SysBusDevice *sbd = SYS_BUS_DEVICE(obj);
+ HPETState *s = HPET(obj);
+
+ /* HPET Area */
+ memory_region_init_io(&s->iomem, obj, &hpet_ram_ops, s, "hpet", 0x400);
+ sysbus_init_mmio(sbd, &s->iomem);
+}
+
+static void hpet_realize(DeviceState *dev, Error **errp)
+{
+ SysBusDevice *sbd = SYS_BUS_DEVICE(dev);
+ HPETState *s = HPET(dev);
+ int i;
+ HPETTimer *timer;
+
+ if (hpet_cfg.count == UINT8_MAX) {
+ /* first instance */
+ hpet_cfg.count = 0;
+ }
+
+ if (hpet_cfg.count == 8) {
+ error_setg(errp, "Only 8 instances of HPET is allowed");
+ return;
+ }
+
+ s->hpet_id = hpet_cfg.count++;
+
+ for (i = 0; i < HPET_NUM_IRQ_ROUTES; i++) {
+ sysbus_init_irq(sbd, &s->irqs[i]);
+ }
+
+ if (s->num_timers < HPET_MIN_TIMERS) {
+ s->num_timers = HPET_MIN_TIMERS;
+ } else if (s->num_timers > HPET_MAX_TIMERS) {
+ s->num_timers = HPET_MAX_TIMERS;
+ }
+ for (i = 0; i < HPET_MAX_TIMERS; i++) {
+ timer = &s->timer[i];
+ timer->qemu_timer = qemu_new_timer_ns(vm_clock, hpet_timer, timer);
+ timer->tn = i;
+ timer->state = s;
+ }
+
+ /* 64-bit main counter; LegacyReplacementRoute. */
+ s->capability = 0x8086a001ULL;
+ s->capability |= (s->num_timers - 1) << HPET_ID_NUM_TIM_SHIFT;
+ s->capability |= ((HPET_CLK_PERIOD) << 32);
+
+ qdev_init_gpio_in(dev, hpet_handle_legacy_irq, 2);
+ qdev_init_gpio_out(dev, &s->pit_enabled, 1);
+}
+
+static Property hpet_device_properties[] = {
+ DEFINE_PROP_UINT8("timers", HPETState, num_timers, HPET_MIN_TIMERS),
+ DEFINE_PROP_BIT("msi", HPETState, flags, HPET_MSI_SUPPORT, false),
+ DEFINE_PROP_END_OF_LIST(),
+};
+
+static void hpet_device_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+
+ dc->realize = hpet_realize;
+ dc->no_user = 1;
+ dc->reset = hpet_reset;
+ dc->vmsd = &vmstate_hpet;
+ dc->props = hpet_device_properties;
+}
+
+static const TypeInfo hpet_device_info = {
+ .name = TYPE_HPET,
+ .parent = TYPE_SYS_BUS_DEVICE,
+ .instance_size = sizeof(HPETState),
+ .instance_init = hpet_init,
+ .class_init = hpet_device_class_init,
+};
+
+static void hpet_register_types(void)
+{
+ type_register_static(&hpet_device_info);
+}
+
+type_init(hpet_register_types)
diff --git a/hw/timer/i8254.c b/hw/timer/i8254.c
new file mode 100644
index 000000000..cd5214064
--- /dev/null
+++ b/hw/timer/i8254.c
@@ -0,0 +1,377 @@
+/*
+ * QEMU 8253/8254 interval timer emulation
+ *
+ * Copyright (c) 2003-2004 Fabrice Bellard
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+#include "hw/hw.h"
+#include "hw/i386/pc.h"
+#include "hw/isa/isa.h"
+#include "qemu/timer.h"
+#include "hw/timer/i8254.h"
+#include "hw/timer/i8254_internal.h"
+
+//#define DEBUG_PIT
+
+#define RW_STATE_LSB 1
+#define RW_STATE_MSB 2
+#define RW_STATE_WORD0 3
+#define RW_STATE_WORD1 4
+
+#define PIT_CLASS(class) OBJECT_CLASS_CHECK(PITClass, (class), TYPE_I8254)
+#define PIT_GET_CLASS(obj) OBJECT_GET_CLASS(PITClass, (obj), TYPE_I8254)
+
+typedef struct PITClass {
+ PITCommonClass parent_class;
+
+ DeviceRealize parent_realize;
+} PITClass;
+
+static void pit_irq_timer_update(PITChannelState *s, int64_t current_time);
+
+static int pit_get_count(PITChannelState *s)
+{
+ uint64_t d;
+ int counter;
+
+ d = muldiv64(qemu_get_clock_ns(vm_clock) - s->count_load_time, PIT_FREQ,
+ get_ticks_per_sec());
+ switch(s->mode) {
+ case 0:
+ case 1:
+ case 4:
+ case 5:
+ counter = (s->count - d) & 0xffff;
+ break;
+ case 3:
+ /* XXX: may be incorrect for odd counts */
+ counter = s->count - ((2 * d) % s->count);
+ break;
+ default:
+ counter = s->count - (d % s->count);
+ break;
+ }
+ return counter;
+}
+
+/* val must be 0 or 1 */
+static void pit_set_channel_gate(PITCommonState *s, PITChannelState *sc,
+ int val)
+{
+ switch (sc->mode) {
+ default:
+ case 0:
+ case 4:
+ /* XXX: just disable/enable counting */
+ break;
+ case 1:
+ case 5:
+ if (sc->gate < val) {
+ /* restart counting on rising edge */
+ sc->count_load_time = qemu_get_clock_ns(vm_clock);
+ pit_irq_timer_update(sc, sc->count_load_time);
+ }
+ break;
+ case 2:
+ case 3:
+ if (sc->gate < val) {
+ /* restart counting on rising edge */
+ sc->count_load_time = qemu_get_clock_ns(vm_clock);
+ pit_irq_timer_update(sc, sc->count_load_time);
+ }
+ /* XXX: disable/enable counting */
+ break;
+ }
+ sc->gate = val;
+}
+
+static inline void pit_load_count(PITChannelState *s, int val)
+{
+ if (val == 0)
+ val = 0x10000;
+ s->count_load_time = qemu_get_clock_ns(vm_clock);
+ s->count = val;
+ pit_irq_timer_update(s, s->count_load_time);
+}
+
+/* if already latched, do not latch again */
+static void pit_latch_count(PITChannelState *s)
+{
+ if (!s->count_latched) {
+ s->latched_count = pit_get_count(s);
+ s->count_latched = s->rw_mode;
+ }
+}
+
+static void pit_ioport_write(void *opaque, hwaddr addr,
+ uint64_t val, unsigned size)
+{
+ PITCommonState *pit = opaque;
+ int channel, access;
+ PITChannelState *s;
+
+ addr &= 3;
+ if (addr == 3) {
+ channel = val >> 6;
+ if (channel == 3) {
+ /* read back command */
+ for(channel = 0; channel < 3; channel++) {
+ s = &pit->channels[channel];
+ if (val & (2 << channel)) {
+ if (!(val & 0x20)) {
+ pit_latch_count(s);
+ }
+ if (!(val & 0x10) && !s->status_latched) {
+ /* status latch */
+ /* XXX: add BCD and null count */
+ s->status =
+ (pit_get_out(s,
+ qemu_get_clock_ns(vm_clock)) << 7) |
+ (s->rw_mode << 4) |
+ (s->mode << 1) |
+ s->bcd;
+ s->status_latched = 1;
+ }
+ }
+ }
+ } else {
+ s = &pit->channels[channel];
+ access = (val >> 4) & 3;
+ if (access == 0) {
+ pit_latch_count(s);
+ } else {
+ s->rw_mode = access;
+ s->read_state = access;
+ s->write_state = access;
+
+ s->mode = (val >> 1) & 7;
+ s->bcd = val & 1;
+ /* XXX: update irq timer ? */
+ }
+ }
+ } else {
+ s = &pit->channels[addr];
+ switch(s->write_state) {
+ default:
+ case RW_STATE_LSB:
+ pit_load_count(s, val);
+ break;
+ case RW_STATE_MSB:
+ pit_load_count(s, val << 8);
+ break;
+ case RW_STATE_WORD0:
+ s->write_latch = val;
+ s->write_state = RW_STATE_WORD1;
+ break;
+ case RW_STATE_WORD1:
+ pit_load_count(s, s->write_latch | (val << 8));
+ s->write_state = RW_STATE_WORD0;
+ break;
+ }
+ }
+}
+
+static uint64_t pit_ioport_read(void *opaque, hwaddr addr,
+ unsigned size)
+{
+ PITCommonState *pit = opaque;
+ int ret, count;
+ PITChannelState *s;
+
+ addr &= 3;
+ s = &pit->channels[addr];
+ if (s->status_latched) {
+ s->status_latched = 0;
+ ret = s->status;
+ } else if (s->count_latched) {
+ switch(s->count_latched) {
+ default:
+ case RW_STATE_LSB:
+ ret = s->latched_count & 0xff;
+ s->count_latched = 0;
+ break;
+ case RW_STATE_MSB:
+ ret = s->latched_count >> 8;
+ s->count_latched = 0;
+ break;
+ case RW_STATE_WORD0:
+ ret = s->latched_count & 0xff;
+ s->count_latched = RW_STATE_MSB;
+ break;
+ }
+ } else {
+ switch(s->read_state) {
+ default:
+ case RW_STATE_LSB:
+ count = pit_get_count(s);
+ ret = count & 0xff;
+ break;
+ case RW_STATE_MSB:
+ count = pit_get_count(s);
+ ret = (count >> 8) & 0xff;
+ break;
+ case RW_STATE_WORD0:
+ count = pit_get_count(s);
+ ret = count & 0xff;
+ s->read_state = RW_STATE_WORD1;
+ break;
+ case RW_STATE_WORD1:
+ count = pit_get_count(s);
+ ret = (count >> 8) & 0xff;
+ s->read_state = RW_STATE_WORD0;
+ break;
+ }
+ }
+ return ret;
+}
+
+static void pit_irq_timer_update(PITChannelState *s, int64_t current_time)
+{
+ int64_t expire_time;
+ int irq_level;
+
+ if (!s->irq_timer || s->irq_disabled) {
+ return;
+ }
+ expire_time = pit_get_next_transition_time(s, current_time);
+ irq_level = pit_get_out(s, current_time);
+ qemu_set_irq(s->irq, irq_level);
+#ifdef DEBUG_PIT
+ printf("irq_level=%d next_delay=%f\n",
+ irq_level,
+ (double)(expire_time - current_time) / get_ticks_per_sec());
+#endif
+ s->next_transition_time = expire_time;
+ if (expire_time != -1)
+ qemu_mod_timer(s->irq_timer, expire_time);
+ else
+ qemu_del_timer(s->irq_timer);
+}
+
+static void pit_irq_timer(void *opaque)
+{
+ PITChannelState *s = opaque;
+
+ pit_irq_timer_update(s, s->next_transition_time);
+}
+
+static void pit_reset(DeviceState *dev)
+{
+ PITCommonState *pit = PIT_COMMON(dev);
+ PITChannelState *s;
+
+ pit_reset_common(pit);
+
+ s = &pit->channels[0];
+ if (!s->irq_disabled) {
+ qemu_mod_timer(s->irq_timer, s->next_transition_time);
+ }
+}
+
+/* When HPET is operating in legacy mode, suppress the ignored timer IRQ,
+ * reenable it when legacy mode is left again. */
+static void pit_irq_control(void *opaque, int n, int enable)
+{
+ PITCommonState *pit = opaque;
+ PITChannelState *s = &pit->channels[0];
+
+ if (enable) {
+ s->irq_disabled = 0;
+ pit_irq_timer_update(s, qemu_get_clock_ns(vm_clock));
+ } else {
+ s->irq_disabled = 1;
+ qemu_del_timer(s->irq_timer);
+ }
+}
+
+static const MemoryRegionOps pit_ioport_ops = {
+ .read = pit_ioport_read,
+ .write = pit_ioport_write,
+ .impl = {
+ .min_access_size = 1,
+ .max_access_size = 1,
+ },
+ .endianness = DEVICE_LITTLE_ENDIAN,
+};
+
+static void pit_post_load(PITCommonState *s)
+{
+ PITChannelState *sc = &s->channels[0];
+
+ if (sc->next_transition_time != -1) {
+ qemu_mod_timer(sc->irq_timer, sc->next_transition_time);
+ } else {
+ qemu_del_timer(sc->irq_timer);
+ }
+}
+
+static void pit_realizefn(DeviceState *dev, Error **err)
+{
+ PITCommonState *pit = PIT_COMMON(dev);
+ PITClass *pc = PIT_GET_CLASS(dev);
+ PITChannelState *s;
+
+ s = &pit->channels[0];
+ /* the timer 0 is connected to an IRQ */
+ s->irq_timer = qemu_new_timer_ns(vm_clock, pit_irq_timer, s);
+ qdev_init_gpio_out(dev, &s->irq, 1);
+
+ memory_region_init_io(&pit->ioports, OBJECT(pit), &pit_ioport_ops,
+ pit, "pit", 4);
+
+ qdev_init_gpio_in(dev, pit_irq_control, 1);
+
+ pc->parent_realize(dev, err);
+}
+
+static Property pit_properties[] = {
+ DEFINE_PROP_HEX32("iobase", PITCommonState, iobase, -1),
+ DEFINE_PROP_END_OF_LIST(),
+};
+
+static void pit_class_initfn(ObjectClass *klass, void *data)
+{
+ PITClass *pc = PIT_CLASS(klass);
+ PITCommonClass *k = PIT_COMMON_CLASS(klass);
+ DeviceClass *dc = DEVICE_CLASS(klass);
+
+ pc->parent_realize = dc->realize;
+ dc->realize = pit_realizefn;
+ k->set_channel_gate = pit_set_channel_gate;
+ k->get_channel_info = pit_get_channel_info_common;
+ k->post_load = pit_post_load;
+ dc->reset = pit_reset;
+ dc->props = pit_properties;
+}
+
+static const TypeInfo pit_info = {
+ .name = TYPE_I8254,
+ .parent = TYPE_PIT_COMMON,
+ .instance_size = sizeof(PITCommonState),
+ .class_init = pit_class_initfn,
+ .class_size = sizeof(PITClass),
+};
+
+static void pit_register_types(void)
+{
+ type_register_static(&pit_info);
+}
+
+type_init(pit_register_types)
diff --git a/hw/timer/i8254_common.c b/hw/timer/i8254_common.c
new file mode 100644
index 000000000..4e5bf0b63
--- /dev/null
+++ b/hw/timer/i8254_common.c
@@ -0,0 +1,302 @@
+/*
+ * QEMU 8253/8254 - common bits of emulated and KVM kernel model
+ *
+ * Copyright (c) 2003-2004 Fabrice Bellard
+ * Copyright (c) 2012 Jan Kiszka, Siemens AG
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+#include "hw/hw.h"
+#include "hw/i386/pc.h"
+#include "hw/isa/isa.h"
+#include "qemu/timer.h"
+#include "hw/timer/i8254.h"
+#include "hw/timer/i8254_internal.h"
+
+/* val must be 0 or 1 */
+void pit_set_gate(ISADevice *dev, int channel, int val)
+{
+ PITCommonState *pit = PIT_COMMON(dev);
+ PITChannelState *s = &pit->channels[channel];
+ PITCommonClass *c = PIT_COMMON_GET_CLASS(pit);
+
+ c->set_channel_gate(pit, s, val);
+}
+
+/* get pit output bit */
+int pit_get_out(PITChannelState *s, int64_t current_time)
+{
+ uint64_t d;
+ int out;
+
+ d = muldiv64(current_time - s->count_load_time, PIT_FREQ,
+ get_ticks_per_sec());
+ switch (s->mode) {
+ default:
+ case 0:
+ out = (d >= s->count);
+ break;
+ case 1:
+ out = (d < s->count);
+ break;
+ case 2:
+ if ((d % s->count) == 0 && d != 0) {
+ out = 1;
+ } else {
+ out = 0;
+ }
+ break;
+ case 3:
+ out = (d % s->count) < ((s->count + 1) >> 1);
+ break;
+ case 4:
+ case 5:
+ out = (d == s->count);
+ break;
+ }
+ return out;
+}
+
+/* return -1 if no transition will occur. */
+int64_t pit_get_next_transition_time(PITChannelState *s, int64_t current_time)
+{
+ uint64_t d, next_time, base;
+ int period2;
+
+ d = muldiv64(current_time - s->count_load_time, PIT_FREQ,
+ get_ticks_per_sec());
+ switch (s->mode) {
+ default:
+ case 0:
+ case 1:
+ if (d < s->count) {
+ next_time = s->count;
+ } else {
+ return -1;
+ }
+ break;
+ case 2:
+ base = (d / s->count) * s->count;
+ if ((d - base) == 0 && d != 0) {
+ next_time = base + s->count;
+ } else {
+ next_time = base + s->count + 1;
+ }
+ break;
+ case 3:
+ base = (d / s->count) * s->count;
+ period2 = ((s->count + 1) >> 1);
+ if ((d - base) < period2) {
+ next_time = base + period2;
+ } else {
+ next_time = base + s->count;
+ }
+ break;
+ case 4:
+ case 5:
+ if (d < s->count) {
+ next_time = s->count;
+ } else if (d == s->count) {
+ next_time = s->count + 1;
+ } else {
+ return -1;
+ }
+ break;
+ }
+ /* convert to timer units */
+ next_time = s->count_load_time + muldiv64(next_time, get_ticks_per_sec(),
+ PIT_FREQ);
+ /* fix potential rounding problems */
+ /* XXX: better solution: use a clock at PIT_FREQ Hz */
+ if (next_time <= current_time) {
+ next_time = current_time + 1;
+ }
+ return next_time;
+}
+
+void pit_get_channel_info_common(PITCommonState *s, PITChannelState *sc,
+ PITChannelInfo *info)
+{
+ info->gate = sc->gate;
+ info->mode = sc->mode;
+ info->initial_count = sc->count;
+ info->out = pit_get_out(sc, qemu_get_clock_ns(vm_clock));
+}
+
+void pit_get_channel_info(ISADevice *dev, int channel, PITChannelInfo *info)
+{
+ PITCommonState *pit = PIT_COMMON(dev);
+ PITChannelState *s = &pit->channels[channel];
+ PITCommonClass *c = PIT_COMMON_GET_CLASS(pit);
+
+ c->get_channel_info(pit, s, info);
+}
+
+void pit_reset_common(PITCommonState *pit)
+{
+ PITChannelState *s;
+ int i;
+
+ for (i = 0; i < 3; i++) {
+ s = &pit->channels[i];
+ s->mode = 3;
+ s->gate = (i != 2);
+ s->count_load_time = qemu_get_clock_ns(vm_clock);
+ s->count = 0x10000;
+ if (i == 0 && !s->irq_disabled) {
+ s->next_transition_time =
+ pit_get_next_transition_time(s, s->count_load_time);
+ }
+ }
+}
+
+static void pit_common_realize(DeviceState *dev, Error **errp)
+{
+ ISADevice *isadev = ISA_DEVICE(dev);
+ PITCommonState *pit = PIT_COMMON(dev);
+
+ isa_register_ioport(isadev, &pit->ioports, pit->iobase);
+
+ qdev_set_legacy_instance_id(dev, pit->iobase, 2);
+}
+
+static const VMStateDescription vmstate_pit_channel = {
+ .name = "pit channel",
+ .version_id = 2,
+ .minimum_version_id = 2,
+ .minimum_version_id_old = 2,
+ .fields = (VMStateField[]) {
+ VMSTATE_INT32(count, PITChannelState),
+ VMSTATE_UINT16(latched_count, PITChannelState),
+ VMSTATE_UINT8(count_latched, PITChannelState),
+ VMSTATE_UINT8(status_latched, PITChannelState),
+ VMSTATE_UINT8(status, PITChannelState),
+ VMSTATE_UINT8(read_state, PITChannelState),
+ VMSTATE_UINT8(write_state, PITChannelState),
+ VMSTATE_UINT8(write_latch, PITChannelState),
+ VMSTATE_UINT8(rw_mode, PITChannelState),
+ VMSTATE_UINT8(mode, PITChannelState),
+ VMSTATE_UINT8(bcd, PITChannelState),
+ VMSTATE_UINT8(gate, PITChannelState),
+ VMSTATE_INT64(count_load_time, PITChannelState),
+ VMSTATE_INT64(next_transition_time, PITChannelState),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+static int pit_load_old(QEMUFile *f, void *opaque, int version_id)
+{
+ PITCommonState *pit = opaque;
+ PITCommonClass *c = PIT_COMMON_GET_CLASS(pit);
+ PITChannelState *s;
+ int i;
+
+ if (version_id != 1) {
+ return -EINVAL;
+ }
+
+ for (i = 0; i < 3; i++) {
+ s = &pit->channels[i];
+ s->count = qemu_get_be32(f);
+ qemu_get_be16s(f, &s->latched_count);
+ qemu_get_8s(f, &s->count_latched);
+ qemu_get_8s(f, &s->status_latched);
+ qemu_get_8s(f, &s->status);
+ qemu_get_8s(f, &s->read_state);
+ qemu_get_8s(f, &s->write_state);
+ qemu_get_8s(f, &s->write_latch);
+ qemu_get_8s(f, &s->rw_mode);
+ qemu_get_8s(f, &s->mode);
+ qemu_get_8s(f, &s->bcd);
+ qemu_get_8s(f, &s->gate);
+ s->count_load_time = qemu_get_be64(f);
+ s->irq_disabled = 0;
+ if (i == 0) {
+ s->next_transition_time = qemu_get_be64(f);
+ }
+ }
+ if (c->post_load) {
+ c->post_load(pit);
+ }
+ return 0;
+}
+
+static void pit_dispatch_pre_save(void *opaque)
+{
+ PITCommonState *s = opaque;
+ PITCommonClass *c = PIT_COMMON_GET_CLASS(s);
+
+ if (c->pre_save) {
+ c->pre_save(s);
+ }
+}
+
+static int pit_dispatch_post_load(void *opaque, int version_id)
+{
+ PITCommonState *s = opaque;
+ PITCommonClass *c = PIT_COMMON_GET_CLASS(s);
+
+ if (c->post_load) {
+ c->post_load(s);
+ }
+ return 0;
+}
+
+static const VMStateDescription vmstate_pit_common = {
+ .name = "i8254",
+ .version_id = 3,
+ .minimum_version_id = 2,
+ .minimum_version_id_old = 1,
+ .load_state_old = pit_load_old,
+ .pre_save = pit_dispatch_pre_save,
+ .post_load = pit_dispatch_post_load,
+ .fields = (VMStateField[]) {
+ VMSTATE_UINT32_V(channels[0].irq_disabled, PITCommonState, 3),
+ VMSTATE_STRUCT_ARRAY(channels, PITCommonState, 3, 2,
+ vmstate_pit_channel, PITChannelState),
+ VMSTATE_INT64(channels[0].next_transition_time,
+ PITCommonState), /* formerly irq_timer */
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+static void pit_common_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+
+ dc->realize = pit_common_realize;
+ dc->vmsd = &vmstate_pit_common;
+ dc->no_user = 1;
+}
+
+static const TypeInfo pit_common_type = {
+ .name = TYPE_PIT_COMMON,
+ .parent = TYPE_ISA_DEVICE,
+ .instance_size = sizeof(PITCommonState),
+ .class_size = sizeof(PITCommonClass),
+ .class_init = pit_common_class_init,
+ .abstract = true,
+};
+
+static void register_devices(void)
+{
+ type_register_static(&pit_common_type);
+}
+
+type_init(register_devices);
diff --git a/hw/timer/imx_epit.c b/hw/timer/imx_epit.c
new file mode 100644
index 000000000..117dc7bcb
--- /dev/null
+++ b/hw/timer/imx_epit.c
@@ -0,0 +1,432 @@
+/*
+ * IMX EPIT Timer
+ *
+ * Copyright (c) 2008 OK Labs
+ * Copyright (c) 2011 NICTA Pty Ltd
+ * Originally written by Hans Jiang
+ * Updated by Peter Chubb
+ * Updated by Jean-Christophe Dubois
+ *
+ * This code is licensed under GPL version 2 or later. See
+ * the COPYING file in the top-level directory.
+ *
+ */
+
+#include "hw/hw.h"
+#include "qemu/bitops.h"
+#include "qemu/timer.h"
+#include "hw/ptimer.h"
+#include "hw/sysbus.h"
+#include "hw/arm/imx.h"
+
+#define TYPE_IMX_EPIT "imx.epit"
+
+#define DEBUG_TIMER 0
+#if DEBUG_TIMER
+
+static char const *imx_epit_reg_name(uint32_t reg)
+{
+ switch (reg) {
+ case 0:
+ return "CR";
+ case 1:
+ return "SR";
+ case 2:
+ return "LR";
+ case 3:
+ return "CMP";
+ case 4:
+ return "CNT";
+ default:
+ return "[?]";
+ }
+}
+
+# define DPRINTF(fmt, args...) \
+ do { printf("%s: " fmt , __func__, ##args); } while (0)
+#else
+# define DPRINTF(fmt, args...) do {} while (0)
+#endif
+
+/*
+ * Define to 1 for messages about attempts to
+ * access unimplemented registers or similar.
+ */
+#define DEBUG_IMPLEMENTATION 1
+#if DEBUG_IMPLEMENTATION
+# define IPRINTF(fmt, args...) \
+ do { fprintf(stderr, "%s: " fmt, __func__, ##args); } while (0)
+#else
+# define IPRINTF(fmt, args...) do {} while (0)
+#endif
+
+#define IMX_EPIT(obj) \
+ OBJECT_CHECK(IMXEPITState, (obj), TYPE_IMX_EPIT)
+
+/*
+ * EPIT: Enhanced periodic interrupt timer
+ */
+
+#define CR_EN (1 << 0)
+#define CR_ENMOD (1 << 1)
+#define CR_OCIEN (1 << 2)
+#define CR_RLD (1 << 3)
+#define CR_PRESCALE_SHIFT (4)
+#define CR_PRESCALE_MASK (0xfff)
+#define CR_SWR (1 << 16)
+#define CR_IOVW (1 << 17)
+#define CR_DBGEN (1 << 18)
+#define CR_WAITEN (1 << 19)
+#define CR_DOZEN (1 << 20)
+#define CR_STOPEN (1 << 21)
+#define CR_CLKSRC_SHIFT (24)
+#define CR_CLKSRC_MASK (0x3 << CR_CLKSRC_SHIFT)
+
+#define TIMER_MAX 0XFFFFFFFFUL
+
+/*
+ * Exact clock frequencies vary from board to board.
+ * These are typical.
+ */
+static const IMXClk imx_epit_clocks[] = {
+ 0, /* 00 disabled */
+ IPG, /* 01 ipg_clk, ~532MHz */
+ IPG, /* 10 ipg_clk_highfreq */
+ CLK_32k, /* 11 ipg_clk_32k -- ~32kHz */
+};
+
+typedef struct {
+ SysBusDevice busdev;
+ ptimer_state *timer_reload;
+ ptimer_state *timer_cmp;
+ MemoryRegion iomem;
+ DeviceState *ccm;
+
+ uint32_t cr;
+ uint32_t sr;
+ uint32_t lr;
+ uint32_t cmp;
+ uint32_t cnt;
+
+ uint32_t freq;
+ qemu_irq irq;
+} IMXEPITState;
+
+/*
+ * Update interrupt status
+ */
+static void imx_epit_update_int(IMXEPITState *s)
+{
+ if (s->sr && (s->cr & CR_OCIEN) && (s->cr & CR_EN)) {
+ qemu_irq_raise(s->irq);
+ } else {
+ qemu_irq_lower(s->irq);
+ }
+}
+
+static void imx_epit_set_freq(IMXEPITState *s)
+{
+ uint32_t clksrc;
+ uint32_t prescaler;
+ uint32_t freq;
+
+ clksrc = extract32(s->cr, CR_CLKSRC_SHIFT, 2);
+ prescaler = 1 + extract32(s->cr, CR_PRESCALE_SHIFT, 12);
+
+ freq = imx_clock_frequency(s->ccm, imx_epit_clocks[clksrc]) / prescaler;
+
+ s->freq = freq;
+
+ DPRINTF("Setting ptimer frequency to %u\n", freq);
+
+ if (freq) {
+ ptimer_set_freq(s->timer_reload, freq);
+ ptimer_set_freq(s->timer_cmp, freq);
+ }
+}
+
+static void imx_epit_reset(DeviceState *dev)
+{
+ IMXEPITState *s = IMX_EPIT(dev);
+
+ /*
+ * Soft reset doesn't touch some bits; hard reset clears them
+ */
+ s->cr &= ~(CR_EN|CR_ENMOD|CR_STOPEN|CR_DOZEN|CR_WAITEN|CR_DBGEN);
+ s->sr = 0;
+ s->lr = TIMER_MAX;
+ s->cmp = 0;
+ s->cnt = 0;
+ /* stop both timers */
+ ptimer_stop(s->timer_cmp);
+ ptimer_stop(s->timer_reload);
+ /* compute new frequency */
+ imx_epit_set_freq(s);
+ /* init both timers to TIMER_MAX */
+ ptimer_set_limit(s->timer_cmp, TIMER_MAX, 1);
+ ptimer_set_limit(s->timer_reload, TIMER_MAX, 1);
+ if (s->freq && (s->cr & CR_EN)) {
+ /* if the timer is still enabled, restart it */
+ ptimer_run(s->timer_reload, 1);
+ }
+}
+
+static uint32_t imx_epit_update_count(IMXEPITState *s)
+{
+ s->cnt = ptimer_get_count(s->timer_reload);
+
+ return s->cnt;
+}
+
+static uint64_t imx_epit_read(void *opaque, hwaddr offset, unsigned size)
+{
+ IMXEPITState *s = IMX_EPIT(opaque);
+ uint32_t reg_value = 0;
+ uint32_t reg = offset >> 2;
+
+ switch (reg) {
+ case 0: /* Control Register */
+ reg_value = s->cr;
+ break;
+
+ case 1: /* Status Register */
+ reg_value = s->sr;
+ break;
+
+ case 2: /* LR - ticks*/
+ reg_value = s->lr;
+ break;
+
+ case 3: /* CMP */
+ reg_value = s->cmp;
+ break;
+
+ case 4: /* CNT */
+ imx_epit_update_count(s);
+ reg_value = s->cnt;
+ break;
+
+ default:
+ IPRINTF("Bad offset %x\n", reg);
+ break;
+ }
+
+ DPRINTF("(%s) = 0x%08x\n", imx_epit_reg_name(reg), reg_value);
+
+ return reg_value;
+}
+
+static void imx_epit_reload_compare_timer(IMXEPITState *s)
+{
+ if ((s->cr & CR_OCIEN) && s->cmp) {
+ /* if the compare feature is on */
+ uint32_t tmp = imx_epit_update_count(s);
+ if (tmp > s->cmp) {
+ /* reinit the cmp timer if required */
+ ptimer_set_count(s->timer_cmp, tmp - s->cmp);
+ if ((s->cr & CR_EN)) {
+ /* Restart the cmp timer if required */
+ ptimer_run(s->timer_cmp, 0);
+ }
+ }
+ }
+}
+
+static void imx_epit_write(void *opaque, hwaddr offset, uint64_t value,
+ unsigned size)
+{
+ IMXEPITState *s = IMX_EPIT(opaque);
+ uint32_t reg = offset >> 2;
+
+ DPRINTF("(%s, value = 0x%08x)\n", imx_epit_reg_name(reg), (uint32_t)value);
+
+ switch (reg) {
+ case 0: /* CR */
+ s->cr = value & 0x03ffffff;
+ if (s->cr & CR_SWR) {
+ /* handle the reset */
+ imx_epit_reset(DEVICE(s));
+ } else {
+ imx_epit_set_freq(s);
+ }
+
+ if (s->freq && (s->cr & CR_EN)) {
+ if (s->cr & CR_ENMOD) {
+ if (s->cr & CR_RLD) {
+ ptimer_set_limit(s->timer_reload, s->lr, 1);
+ } else {
+ ptimer_set_limit(s->timer_reload, TIMER_MAX, 1);
+ }
+ }
+
+ imx_epit_reload_compare_timer(s);
+
+ ptimer_run(s->timer_reload, 1);
+ } else {
+ /* stop both timers */
+ ptimer_stop(s->timer_reload);
+ ptimer_stop(s->timer_cmp);
+ }
+ break;
+
+ case 1: /* SR - ACK*/
+ /* writing 1 to OCIF clear the OCIF bit */
+ if (value & 0x01) {
+ s->sr = 0;
+ imx_epit_update_int(s);
+ }
+ break;
+
+ case 2: /* LR - set ticks */
+ s->lr = value;
+
+ if (s->cr & CR_RLD) {
+ /* Also set the limit if the LRD bit is set */
+ /* If IOVW bit is set then set the timer value */
+ ptimer_set_limit(s->timer_reload, s->lr, s->cr & CR_IOVW);
+ } else if (s->cr & CR_IOVW) {
+ /* If IOVW bit is set then set the timer value */
+ ptimer_set_count(s->timer_reload, s->lr);
+ }
+
+ imx_epit_reload_compare_timer(s);
+
+ break;
+
+ case 3: /* CMP */
+ s->cmp = value;
+
+ imx_epit_reload_compare_timer(s);
+
+ break;
+
+ default:
+ IPRINTF("Bad offset %x\n", reg);
+
+ break;
+ }
+}
+
+static void imx_epit_timeout(void *opaque)
+{
+ IMXEPITState *s = IMX_EPIT(opaque);
+
+ DPRINTF("\n");
+
+ if (!(s->cr & CR_EN)) {
+ return;
+ }
+
+ if (s->cr & CR_RLD) {
+ ptimer_set_limit(s->timer_reload, s->lr, 1);
+ } else {
+ ptimer_set_limit(s->timer_reload, TIMER_MAX, 1);
+ }
+
+ if (s->cr & CR_OCIEN) {
+ /* if compare register is 0 then we handle the interrupt here */
+ if (s->cmp == 0) {
+ s->sr = 1;
+ imx_epit_update_int(s);
+ } else if (s->cmp <= s->lr) {
+ /* We should launch the compare register */
+ ptimer_set_count(s->timer_cmp, s->lr - s->cmp);
+ ptimer_run(s->timer_cmp, 0);
+ } else {
+ IPRINTF("s->lr < s->cmp\n");
+ }
+ }
+}
+
+static void imx_epit_cmp(void *opaque)
+{
+ IMXEPITState *s = IMX_EPIT(opaque);
+
+ DPRINTF("\n");
+
+ ptimer_stop(s->timer_cmp);
+
+ /* compare register is not 0 */
+ if (s->cmp) {
+ s->sr = 1;
+ imx_epit_update_int(s);
+ }
+}
+
+void imx_timerp_create(const hwaddr addr, qemu_irq irq, DeviceState *ccm)
+{
+ IMXEPITState *pp;
+ DeviceState *dev;
+
+ dev = sysbus_create_simple(TYPE_IMX_EPIT, addr, irq);
+ pp = IMX_EPIT(dev);
+ pp->ccm = ccm;
+}
+
+static const MemoryRegionOps imx_epit_ops = {
+ .read = imx_epit_read,
+ .write = imx_epit_write,
+ .endianness = DEVICE_NATIVE_ENDIAN,
+};
+
+static const VMStateDescription vmstate_imx_timer_epit = {
+ .name = "imx.epit",
+ .version_id = 2,
+ .minimum_version_id = 2,
+ .minimum_version_id_old = 2,
+ .fields = (VMStateField[]) {
+ VMSTATE_UINT32(cr, IMXEPITState),
+ VMSTATE_UINT32(sr, IMXEPITState),
+ VMSTATE_UINT32(lr, IMXEPITState),
+ VMSTATE_UINT32(cmp, IMXEPITState),
+ VMSTATE_UINT32(cnt, IMXEPITState),
+ VMSTATE_UINT32(freq, IMXEPITState),
+ VMSTATE_PTIMER(timer_reload, IMXEPITState),
+ VMSTATE_PTIMER(timer_cmp, IMXEPITState),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+static void imx_epit_realize(DeviceState *dev, Error **errp)
+{
+ IMXEPITState *s = IMX_EPIT(dev);
+ SysBusDevice *sbd = SYS_BUS_DEVICE(dev);
+ QEMUBH *bh;
+
+ DPRINTF("\n");
+
+ sysbus_init_irq(sbd, &s->irq);
+ memory_region_init_io(&s->iomem, OBJECT(s), &imx_epit_ops, s, TYPE_IMX_EPIT,
+ 0x00001000);
+ sysbus_init_mmio(sbd, &s->iomem);
+
+ bh = qemu_bh_new(imx_epit_timeout, s);
+ s->timer_reload = ptimer_init(bh);
+
+ bh = qemu_bh_new(imx_epit_cmp, s);
+ s->timer_cmp = ptimer_init(bh);
+}
+
+static void imx_epit_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+
+ dc->realize = imx_epit_realize;
+ dc->reset = imx_epit_reset;
+ dc->vmsd = &vmstate_imx_timer_epit;
+ dc->desc = "i.MX periodic timer";
+}
+
+static const TypeInfo imx_epit_info = {
+ .name = TYPE_IMX_EPIT,
+ .parent = TYPE_SYS_BUS_DEVICE,
+ .instance_size = sizeof(IMXEPITState),
+ .class_init = imx_epit_class_init,
+};
+
+static void imx_epit_register_types(void)
+{
+ type_register_static(&imx_epit_info);
+}
+
+type_init(imx_epit_register_types)
diff --git a/hw/timer/imx_gpt.c b/hw/timer/imx_gpt.c
new file mode 100644
index 000000000..87db0e195
--- /dev/null
+++ b/hw/timer/imx_gpt.c
@@ -0,0 +1,557 @@
+/*
+ * IMX GPT Timer
+ *
+ * Copyright (c) 2008 OK Labs
+ * Copyright (c) 2011 NICTA Pty Ltd
+ * Originally written by Hans Jiang
+ * Updated by Peter Chubb
+ * Updated by Jean-Christophe Dubois
+ *
+ * This code is licensed under GPL version 2 or later. See
+ * the COPYING file in the top-level directory.
+ *
+ */
+
+#include "hw/hw.h"
+#include "qemu/bitops.h"
+#include "qemu/timer.h"
+#include "hw/ptimer.h"
+#include "hw/sysbus.h"
+#include "hw/arm/imx.h"
+
+#define TYPE_IMX_GPT "imx.gpt"
+
+/*
+ * Define to 1 for debug messages
+ */
+#define DEBUG_TIMER 0
+#if DEBUG_TIMER
+
+static char const *imx_gpt_reg_name(uint32_t reg)
+{
+ switch (reg) {
+ case 0:
+ return "CR";
+ case 1:
+ return "PR";
+ case 2:
+ return "SR";
+ case 3:
+ return "IR";
+ case 4:
+ return "OCR1";
+ case 5:
+ return "OCR2";
+ case 6:
+ return "OCR3";
+ case 7:
+ return "ICR1";
+ case 8:
+ return "ICR2";
+ case 9:
+ return "CNT";
+ default:
+ return "[?]";
+ }
+}
+
+# define DPRINTF(fmt, args...) \
+ do { printf("%s: " fmt , __func__, ##args); } while (0)
+#else
+# define DPRINTF(fmt, args...) do {} while (0)
+#endif
+
+/*
+ * Define to 1 for messages about attempts to
+ * access unimplemented registers or similar.
+ */
+#define DEBUG_IMPLEMENTATION 1
+#if DEBUG_IMPLEMENTATION
+# define IPRINTF(fmt, args...) \
+ do { fprintf(stderr, "%s: " fmt, __func__, ##args); } while (0)
+#else
+# define IPRINTF(fmt, args...) do {} while (0)
+#endif
+
+#define IMX_GPT(obj) \
+ OBJECT_CHECK(IMXGPTState, (obj), TYPE_IMX_GPT)
+/*
+ * GPT : General purpose timer
+ *
+ * This timer counts up continuously while it is enabled, resetting itself
+ * to 0 when it reaches TIMER_MAX (in freerun mode) or when it
+ * reaches the value of one of the ocrX (in periodic mode).
+ */
+
+#define TIMER_MAX 0XFFFFFFFFUL
+
+/* Control register. Not all of these bits have any effect (yet) */
+#define GPT_CR_EN (1 << 0) /* GPT Enable */
+#define GPT_CR_ENMOD (1 << 1) /* GPT Enable Mode */
+#define GPT_CR_DBGEN (1 << 2) /* GPT Debug mode enable */
+#define GPT_CR_WAITEN (1 << 3) /* GPT Wait Mode Enable */
+#define GPT_CR_DOZEN (1 << 4) /* GPT Doze mode enable */
+#define GPT_CR_STOPEN (1 << 5) /* GPT Stop Mode Enable */
+#define GPT_CR_CLKSRC_SHIFT (6)
+#define GPT_CR_CLKSRC_MASK (0x7)
+
+#define GPT_CR_FRR (1 << 9) /* Freerun or Restart */
+#define GPT_CR_SWR (1 << 15) /* Software Reset */
+#define GPT_CR_IM1 (3 << 16) /* Input capture channel 1 mode (2 bits) */
+#define GPT_CR_IM2 (3 << 18) /* Input capture channel 2 mode (2 bits) */
+#define GPT_CR_OM1 (7 << 20) /* Output Compare Channel 1 Mode (3 bits) */
+#define GPT_CR_OM2 (7 << 23) /* Output Compare Channel 2 Mode (3 bits) */
+#define GPT_CR_OM3 (7 << 26) /* Output Compare Channel 3 Mode (3 bits) */
+#define GPT_CR_FO1 (1 << 29) /* Force Output Compare Channel 1 */
+#define GPT_CR_FO2 (1 << 30) /* Force Output Compare Channel 2 */
+#define GPT_CR_FO3 (1 << 31) /* Force Output Compare Channel 3 */
+
+#define GPT_SR_OF1 (1 << 0)
+#define GPT_SR_OF2 (1 << 1)
+#define GPT_SR_OF3 (1 << 2)
+#define GPT_SR_ROV (1 << 5)
+
+#define GPT_IR_OF1IE (1 << 0)
+#define GPT_IR_OF2IE (1 << 1)
+#define GPT_IR_OF3IE (1 << 2)
+#define GPT_IR_ROVIE (1 << 5)
+
+typedef struct {
+ SysBusDevice busdev;
+ ptimer_state *timer;
+ MemoryRegion iomem;
+ DeviceState *ccm;
+
+ uint32_t cr;
+ uint32_t pr;
+ uint32_t sr;
+ uint32_t ir;
+ uint32_t ocr1;
+ uint32_t ocr2;
+ uint32_t ocr3;
+ uint32_t icr1;
+ uint32_t icr2;
+ uint32_t cnt;
+
+ uint32_t next_timeout;
+ uint32_t next_int;
+
+ uint32_t freq;
+
+ qemu_irq irq;
+} IMXGPTState;
+
+static const VMStateDescription vmstate_imx_timer_gpt = {
+ .name = "imx.gpt",
+ .version_id = 3,
+ .minimum_version_id = 3,
+ .minimum_version_id_old = 3,
+ .fields = (VMStateField[]) {
+ VMSTATE_UINT32(cr, IMXGPTState),
+ VMSTATE_UINT32(pr, IMXGPTState),
+ VMSTATE_UINT32(sr, IMXGPTState),
+ VMSTATE_UINT32(ir, IMXGPTState),
+ VMSTATE_UINT32(ocr1, IMXGPTState),
+ VMSTATE_UINT32(ocr2, IMXGPTState),
+ VMSTATE_UINT32(ocr3, IMXGPTState),
+ VMSTATE_UINT32(icr1, IMXGPTState),
+ VMSTATE_UINT32(icr2, IMXGPTState),
+ VMSTATE_UINT32(cnt, IMXGPTState),
+ VMSTATE_UINT32(next_timeout, IMXGPTState),
+ VMSTATE_UINT32(next_int, IMXGPTState),
+ VMSTATE_UINT32(freq, IMXGPTState),
+ VMSTATE_PTIMER(timer, IMXGPTState),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+static const IMXClk imx_gpt_clocks[] = {
+ NOCLK, /* 000 No clock source */
+ IPG, /* 001 ipg_clk, 532MHz*/
+ IPG, /* 010 ipg_clk_highfreq */
+ NOCLK, /* 011 not defined */
+ CLK_32k, /* 100 ipg_clk_32k */
+ NOCLK, /* 101 not defined */
+ NOCLK, /* 110 not defined */
+ NOCLK, /* 111 not defined */
+};
+
+static void imx_gpt_set_freq(IMXGPTState *s)
+{
+ uint32_t clksrc = extract32(s->cr, GPT_CR_CLKSRC_SHIFT, 3);
+ uint32_t freq = imx_clock_frequency(s->ccm, imx_gpt_clocks[clksrc])
+ / (1 + s->pr);
+ s->freq = freq;
+
+ DPRINTF("Setting clksrc %d to frequency %d\n", clksrc, freq);
+
+ if (freq) {
+ ptimer_set_freq(s->timer, freq);
+ }
+}
+
+static void imx_gpt_update_int(IMXGPTState *s)
+{
+ if ((s->sr & s->ir) && (s->cr & GPT_CR_EN)) {
+ qemu_irq_raise(s->irq);
+ } else {
+ qemu_irq_lower(s->irq);
+ }
+}
+
+static uint32_t imx_gpt_update_count(IMXGPTState *s)
+{
+ s->cnt = s->next_timeout - (uint32_t)ptimer_get_count(s->timer);
+
+ return s->cnt;
+}
+
+static inline uint32_t imx_gpt_find_limit(uint32_t count, uint32_t reg,
+ uint32_t timeout)
+{
+ if ((count < reg) && (timeout > reg)) {
+ timeout = reg;
+ }
+
+ return timeout;
+}
+
+static void imx_gpt_compute_next_timeout(IMXGPTState *s, bool event)
+{
+ uint32_t timeout = TIMER_MAX;
+ uint32_t count = 0;
+ long long limit;
+
+ if (!(s->cr & GPT_CR_EN)) {
+ /* if not enabled just return */
+ return;
+ }
+
+ if (event) {
+ /* This is a timer event */
+
+ if ((s->cr & GPT_CR_FRR) && (s->next_timeout != TIMER_MAX)) {
+ /*
+ * if we are in free running mode and we have not reached
+ * the TIMER_MAX limit, then update the count
+ */
+ count = imx_gpt_update_count(s);
+ }
+ } else {
+ /* not a timer event, then just update the count */
+
+ count = imx_gpt_update_count(s);
+ }
+
+ /* now, find the next timeout related to count */
+
+ if (s->ir & GPT_IR_OF1IE) {
+ timeout = imx_gpt_find_limit(count, s->ocr1, timeout);
+ }
+ if (s->ir & GPT_IR_OF2IE) {
+ timeout = imx_gpt_find_limit(count, s->ocr2, timeout);
+ }
+ if (s->ir & GPT_IR_OF3IE) {
+ timeout = imx_gpt_find_limit(count, s->ocr3, timeout);
+ }
+
+ /* find the next set of interrupts to raise for next timer event */
+
+ s->next_int = 0;
+ if ((s->ir & GPT_IR_OF1IE) && (timeout == s->ocr1)) {
+ s->next_int |= GPT_SR_OF1;
+ }
+ if ((s->ir & GPT_IR_OF2IE) && (timeout == s->ocr2)) {
+ s->next_int |= GPT_SR_OF2;
+ }
+ if ((s->ir & GPT_IR_OF3IE) && (timeout == s->ocr3)) {
+ s->next_int |= GPT_SR_OF3;
+ }
+ if ((s->ir & GPT_IR_ROVIE) && (timeout == TIMER_MAX)) {
+ s->next_int |= GPT_SR_ROV;
+ }
+
+ /* the new range to count down from */
+ limit = timeout - imx_gpt_update_count(s);
+
+ if (limit < 0) {
+ /*
+ * if we reach here, then QEMU is running too slow and we pass the
+ * timeout limit while computing it. Let's deliver the interrupt
+ * and compute a new limit.
+ */
+ s->sr |= s->next_int;
+
+ imx_gpt_compute_next_timeout(s, event);
+
+ imx_gpt_update_int(s);
+ } else {
+ /* New timeout value */
+ s->next_timeout = timeout;
+
+ /* reset the limit to the computed range */
+ ptimer_set_limit(s->timer, limit, 1);
+ }
+}
+
+static uint64_t imx_gpt_read(void *opaque, hwaddr offset, unsigned size)
+{
+ IMXGPTState *s = IMX_GPT(opaque);
+ uint32_t reg_value = 0;
+ uint32_t reg = offset >> 2;
+
+ switch (reg) {
+ case 0: /* Control Register */
+ reg_value = s->cr;
+ break;
+
+ case 1: /* prescaler */
+ reg_value = s->pr;
+ break;
+
+ case 2: /* Status Register */
+ reg_value = s->sr;
+ break;
+
+ case 3: /* Interrupt Register */
+ reg_value = s->ir;
+ break;
+
+ case 4: /* Output Compare Register 1 */
+ reg_value = s->ocr1;
+ break;
+
+ case 5: /* Output Compare Register 2 */
+ reg_value = s->ocr2;
+ break;
+
+ case 6: /* Output Compare Register 3 */
+ reg_value = s->ocr3;
+ break;
+
+ case 7: /* input Capture Register 1 */
+ qemu_log_mask(LOG_UNIMP, "icr1 feature is not implemented\n");
+ reg_value = s->icr1;
+ break;
+
+ case 8: /* input Capture Register 2 */
+ qemu_log_mask(LOG_UNIMP, "icr2 feature is not implemented\n");
+ reg_value = s->icr2;
+ break;
+
+ case 9: /* cnt */
+ imx_gpt_update_count(s);
+ reg_value = s->cnt;
+ break;
+
+ default:
+ IPRINTF("Bad offset %x\n", reg);
+ break;
+ }
+
+ DPRINTF("(%s) = 0x%08x\n", imx_gpt_reg_name(reg), reg_value);
+
+ return reg_value;
+}
+
+static void imx_gpt_reset(DeviceState *dev)
+{
+ IMXGPTState *s = IMX_GPT(dev);
+
+ /* stop timer */
+ ptimer_stop(s->timer);
+
+ /*
+ * Soft reset doesn't touch some bits; hard reset clears them
+ */
+ s->cr &= ~(GPT_CR_EN|GPT_CR_ENMOD|GPT_CR_STOPEN|GPT_CR_DOZEN|
+ GPT_CR_WAITEN|GPT_CR_DBGEN);
+ s->sr = 0;
+ s->pr = 0;
+ s->ir = 0;
+ s->cnt = 0;
+ s->ocr1 = TIMER_MAX;
+ s->ocr2 = TIMER_MAX;
+ s->ocr3 = TIMER_MAX;
+ s->icr1 = 0;
+ s->icr2 = 0;
+
+ s->next_timeout = TIMER_MAX;
+ s->next_int = 0;
+
+ /* compute new freq */
+ imx_gpt_set_freq(s);
+
+ /* reset the limit to TIMER_MAX */
+ ptimer_set_limit(s->timer, TIMER_MAX, 1);
+
+ /* if the timer is still enabled, restart it */
+ if (s->freq && (s->cr & GPT_CR_EN)) {
+ ptimer_run(s->timer, 1);
+ }
+}
+
+static void imx_gpt_write(void *opaque, hwaddr offset, uint64_t value,
+ unsigned size)
+{
+ IMXGPTState *s = IMX_GPT(opaque);
+ uint32_t oldreg;
+ uint32_t reg = offset >> 2;
+
+ DPRINTF("(%s, value = 0x%08x)\n", imx_gpt_reg_name(reg),
+ (uint32_t)value);
+
+ switch (reg) {
+ case 0:
+ oldreg = s->cr;
+ s->cr = value & ~0x7c14;
+ if (s->cr & GPT_CR_SWR) { /* force reset */
+ /* handle the reset */
+ imx_gpt_reset(DEVICE(s));
+ } else {
+ /* set our freq, as the source might have changed */
+ imx_gpt_set_freq(s);
+
+ if ((oldreg ^ s->cr) & GPT_CR_EN) {
+ if (s->cr & GPT_CR_EN) {
+ if (s->cr & GPT_CR_ENMOD) {
+ s->next_timeout = TIMER_MAX;
+ ptimer_set_count(s->timer, TIMER_MAX);
+ imx_gpt_compute_next_timeout(s, false);
+ }
+ ptimer_run(s->timer, 1);
+ } else {
+ /* stop timer */
+ ptimer_stop(s->timer);
+ }
+ }
+ }
+ break;
+
+ case 1: /* Prescaler */
+ s->pr = value & 0xfff;
+ imx_gpt_set_freq(s);
+ break;
+
+ case 2: /* SR */
+ s->sr &= ~(value & 0x3f);
+ imx_gpt_update_int(s);
+ break;
+
+ case 3: /* IR -- interrupt register */
+ s->ir = value & 0x3f;
+ imx_gpt_update_int(s);
+
+ imx_gpt_compute_next_timeout(s, false);
+
+ break;
+
+ case 4: /* OCR1 -- output compare register */
+ s->ocr1 = value;
+
+ /* In non-freerun mode, reset count when this register is written */
+ if (!(s->cr & GPT_CR_FRR)) {
+ s->next_timeout = TIMER_MAX;
+ ptimer_set_limit(s->timer, TIMER_MAX, 1);
+ }
+
+ /* compute the new timeout */
+ imx_gpt_compute_next_timeout(s, false);
+
+ break;
+
+ case 5: /* OCR2 -- output compare register */
+ s->ocr2 = value;
+
+ /* compute the new timeout */
+ imx_gpt_compute_next_timeout(s, false);
+
+ break;
+
+ case 6: /* OCR3 -- output compare register */
+ s->ocr3 = value;
+
+ /* compute the new timeout */
+ imx_gpt_compute_next_timeout(s, false);
+
+ break;
+
+ default:
+ IPRINTF("Bad offset %x\n", reg);
+ break;
+ }
+}
+
+static void imx_gpt_timeout(void *opaque)
+{
+ IMXGPTState *s = IMX_GPT(opaque);
+
+ DPRINTF("\n");
+
+ s->sr |= s->next_int;
+ s->next_int = 0;
+
+ imx_gpt_compute_next_timeout(s, true);
+
+ imx_gpt_update_int(s);
+
+ if (s->freq && (s->cr & GPT_CR_EN)) {
+ ptimer_run(s->timer, 1);
+ }
+}
+
+static const MemoryRegionOps imx_gpt_ops = {
+ .read = imx_gpt_read,
+ .write = imx_gpt_write,
+ .endianness = DEVICE_NATIVE_ENDIAN,
+};
+
+
+static void imx_gpt_realize(DeviceState *dev, Error **errp)
+{
+ IMXGPTState *s = IMX_GPT(dev);
+ SysBusDevice *sbd = SYS_BUS_DEVICE(dev);
+ QEMUBH *bh;
+
+ sysbus_init_irq(sbd, &s->irq);
+ memory_region_init_io(&s->iomem, OBJECT(s), &imx_gpt_ops, s, TYPE_IMX_GPT,
+ 0x00001000);
+ sysbus_init_mmio(sbd, &s->iomem);
+
+ bh = qemu_bh_new(imx_gpt_timeout, s);
+ s->timer = ptimer_init(bh);
+}
+
+void imx_timerg_create(const hwaddr addr, qemu_irq irq, DeviceState *ccm)
+{
+ IMXGPTState *pp;
+ DeviceState *dev;
+
+ dev = sysbus_create_simple(TYPE_IMX_GPT, addr, irq);
+ pp = IMX_GPT(dev);
+ pp->ccm = ccm;
+}
+
+static void imx_gpt_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+
+ dc->realize = imx_gpt_realize;
+ dc->reset = imx_gpt_reset;
+ dc->vmsd = &vmstate_imx_timer_gpt;
+ dc->desc = "i.MX general timer";
+}
+
+static const TypeInfo imx_gpt_info = {
+ .name = TYPE_IMX_GPT,
+ .parent = TYPE_SYS_BUS_DEVICE,
+ .instance_size = sizeof(IMXGPTState),
+ .class_init = imx_gpt_class_init,
+};
+
+static void imx_gpt_register_types(void)
+{
+ type_register_static(&imx_gpt_info);
+}
+
+type_init(imx_gpt_register_types)
diff --git a/hw/timer/lm32_timer.c b/hw/timer/lm32_timer.c
new file mode 100644
index 000000000..986e6a19d
--- /dev/null
+++ b/hw/timer/lm32_timer.c
@@ -0,0 +1,235 @@
+/*
+ * QEMU model of the LatticeMico32 timer block.
+ *
+ * Copyright (c) 2010 Michael Walle <michael@walle.cc>
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, see <http://www.gnu.org/licenses/>.
+ *
+ *
+ * Specification available at:
+ * http://www.latticesemi.com/documents/mico32timer.pdf
+ */
+
+#include "hw/hw.h"
+#include "hw/sysbus.h"
+#include "trace.h"
+#include "qemu/timer.h"
+#include "hw/ptimer.h"
+#include "qemu/error-report.h"
+
+#define DEFAULT_FREQUENCY (50*1000000)
+
+enum {
+ R_SR = 0,
+ R_CR,
+ R_PERIOD,
+ R_SNAPSHOT,
+ R_MAX
+};
+
+enum {
+ SR_TO = (1 << 0),
+ SR_RUN = (1 << 1),
+};
+
+enum {
+ CR_ITO = (1 << 0),
+ CR_CONT = (1 << 1),
+ CR_START = (1 << 2),
+ CR_STOP = (1 << 3),
+};
+
+#define TYPE_LM32_TIMER "lm32-timer"
+#define LM32_TIMER(obj) OBJECT_CHECK(LM32TimerState, (obj), TYPE_LM32_TIMER)
+
+struct LM32TimerState {
+ SysBusDevice parent_obj;
+
+ MemoryRegion iomem;
+
+ QEMUBH *bh;
+ ptimer_state *ptimer;
+
+ qemu_irq irq;
+ uint32_t freq_hz;
+
+ uint32_t regs[R_MAX];
+};
+typedef struct LM32TimerState LM32TimerState;
+
+static void timer_update_irq(LM32TimerState *s)
+{
+ int state = (s->regs[R_SR] & SR_TO) && (s->regs[R_CR] & CR_ITO);
+
+ trace_lm32_timer_irq_state(state);
+ qemu_set_irq(s->irq, state);
+}
+
+static uint64_t timer_read(void *opaque, hwaddr addr, unsigned size)
+{
+ LM32TimerState *s = opaque;
+ uint32_t r = 0;
+
+ addr >>= 2;
+ switch (addr) {
+ case R_SR:
+ case R_CR:
+ case R_PERIOD:
+ r = s->regs[addr];
+ break;
+ case R_SNAPSHOT:
+ r = (uint32_t)ptimer_get_count(s->ptimer);
+ break;
+ default:
+ error_report("lm32_timer: read access to unknown register 0x"
+ TARGET_FMT_plx, addr << 2);
+ break;
+ }
+
+ trace_lm32_timer_memory_read(addr << 2, r);
+ return r;
+}
+
+static void timer_write(void *opaque, hwaddr addr,
+ uint64_t value, unsigned size)
+{
+ LM32TimerState *s = opaque;
+
+ trace_lm32_timer_memory_write(addr, value);
+
+ addr >>= 2;
+ switch (addr) {
+ case R_SR:
+ s->regs[R_SR] &= ~SR_TO;
+ break;
+ case R_CR:
+ s->regs[R_CR] = value;
+ if (s->regs[R_CR] & CR_START) {
+ ptimer_run(s->ptimer, 1);
+ }
+ if (s->regs[R_CR] & CR_STOP) {
+ ptimer_stop(s->ptimer);
+ }
+ break;
+ case R_PERIOD:
+ s->regs[R_PERIOD] = value;
+ ptimer_set_count(s->ptimer, value);
+ break;
+ case R_SNAPSHOT:
+ error_report("lm32_timer: write access to read only register 0x"
+ TARGET_FMT_plx, addr << 2);
+ break;
+ default:
+ error_report("lm32_timer: write access to unknown register 0x"
+ TARGET_FMT_plx, addr << 2);
+ break;
+ }
+ timer_update_irq(s);
+}
+
+static const MemoryRegionOps timer_ops = {
+ .read = timer_read,
+ .write = timer_write,
+ .endianness = DEVICE_NATIVE_ENDIAN,
+ .valid = {
+ .min_access_size = 4,
+ .max_access_size = 4,
+ },
+};
+
+static void timer_hit(void *opaque)
+{
+ LM32TimerState *s = opaque;
+
+ trace_lm32_timer_hit();
+
+ s->regs[R_SR] |= SR_TO;
+
+ if (s->regs[R_CR] & CR_CONT) {
+ ptimer_set_count(s->ptimer, s->regs[R_PERIOD]);
+ ptimer_run(s->ptimer, 1);
+ }
+ timer_update_irq(s);
+}
+
+static void timer_reset(DeviceState *d)
+{
+ LM32TimerState *s = LM32_TIMER(d);
+ int i;
+
+ for (i = 0; i < R_MAX; i++) {
+ s->regs[i] = 0;
+ }
+ ptimer_stop(s->ptimer);
+}
+
+static int lm32_timer_init(SysBusDevice *dev)
+{
+ LM32TimerState *s = LM32_TIMER(dev);
+
+ sysbus_init_irq(dev, &s->irq);
+
+ s->bh = qemu_bh_new(timer_hit, s);
+ s->ptimer = ptimer_init(s->bh);
+ ptimer_set_freq(s->ptimer, s->freq_hz);
+
+ memory_region_init_io(&s->iomem, OBJECT(s), &timer_ops, s,
+ "timer", R_MAX * 4);
+ sysbus_init_mmio(dev, &s->iomem);
+
+ return 0;
+}
+
+static const VMStateDescription vmstate_lm32_timer = {
+ .name = "lm32-timer",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .minimum_version_id_old = 1,
+ .fields = (VMStateField[]) {
+ VMSTATE_PTIMER(ptimer, LM32TimerState),
+ VMSTATE_UINT32(freq_hz, LM32TimerState),
+ VMSTATE_UINT32_ARRAY(regs, LM32TimerState, R_MAX),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+static Property lm32_timer_properties[] = {
+ DEFINE_PROP_UINT32("frequency", LM32TimerState, freq_hz, DEFAULT_FREQUENCY),
+ DEFINE_PROP_END_OF_LIST(),
+};
+
+static void lm32_timer_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
+
+ k->init = lm32_timer_init;
+ dc->reset = timer_reset;
+ dc->vmsd = &vmstate_lm32_timer;
+ dc->props = lm32_timer_properties;
+}
+
+static const TypeInfo lm32_timer_info = {
+ .name = TYPE_LM32_TIMER,
+ .parent = TYPE_SYS_BUS_DEVICE,
+ .instance_size = sizeof(LM32TimerState),
+ .class_init = lm32_timer_class_init,
+};
+
+static void lm32_timer_register_types(void)
+{
+ type_register_static(&lm32_timer_info);
+}
+
+type_init(lm32_timer_register_types)
diff --git a/hw/timer/m48t59.c b/hw/timer/m48t59.c
new file mode 100644
index 000000000..0cc9e5b5e
--- /dev/null
+++ b/hw/timer/m48t59.c
@@ -0,0 +1,795 @@
+/*
+ * QEMU M48T59 and M48T08 NVRAM emulation for PPC PREP and Sparc platforms
+ *
+ * Copyright (c) 2003-2005, 2007 Jocelyn Mayer
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+#include "hw/hw.h"
+#include "hw/timer/m48t59.h"
+#include "qemu/timer.h"
+#include "sysemu/sysemu.h"
+#include "hw/sysbus.h"
+#include "hw/isa/isa.h"
+#include "exec/address-spaces.h"
+
+//#define DEBUG_NVRAM
+
+#if defined(DEBUG_NVRAM)
+#define NVRAM_PRINTF(fmt, ...) do { printf(fmt , ## __VA_ARGS__); } while (0)
+#else
+#define NVRAM_PRINTF(fmt, ...) do { } while (0)
+#endif
+
+/*
+ * The M48T02, M48T08 and M48T59 chips are very similar. The newer '59 has
+ * alarm and a watchdog timer and related control registers. In the
+ * PPC platform there is also a nvram lock function.
+ */
+
+/*
+ * Chipset docs:
+ * http://www.st.com/stonline/products/literature/ds/2410/m48t02.pdf
+ * http://www.st.com/stonline/products/literature/ds/2411/m48t08.pdf
+ * http://www.st.com/stonline/products/literature/od/7001/m48t59y.pdf
+ */
+
+struct M48t59State {
+ /* Hardware parameters */
+ qemu_irq IRQ;
+ MemoryRegion iomem;
+ uint32_t io_base;
+ uint32_t size;
+ /* RTC management */
+ time_t time_offset;
+ time_t stop_time;
+ /* Alarm & watchdog */
+ struct tm alarm;
+ struct QEMUTimer *alrm_timer;
+ struct QEMUTimer *wd_timer;
+ /* NVRAM storage */
+ uint8_t *buffer;
+ /* Model parameters */
+ uint32_t model; /* 2 = m48t02, 8 = m48t08, 59 = m48t59 */
+ /* NVRAM storage */
+ uint16_t addr;
+ uint8_t lock;
+};
+
+#define TYPE_ISA_M48T59 "m48t59_isa"
+#define ISA_M48T59(obj) \
+ OBJECT_CHECK(M48t59ISAState, (obj), TYPE_ISA_M48T59)
+
+typedef struct M48t59ISAState {
+ ISADevice parent_obj;
+
+ M48t59State state;
+ MemoryRegion io;
+} M48t59ISAState;
+
+#define SYSBUS_M48T59(obj) \
+ OBJECT_CHECK(M48t59SysBusState, (obj), TYPE_SYSBUS_M48T59)
+
+typedef struct M48t59SysBusState {
+ SysBusDevice parent_obj;
+
+ M48t59State state;
+ MemoryRegion io;
+} M48t59SysBusState;
+
+/* Fake timer functions */
+
+/* Alarm management */
+static void alarm_cb (void *opaque)
+{
+ struct tm tm;
+ uint64_t next_time;
+ M48t59State *NVRAM = opaque;
+
+ qemu_set_irq(NVRAM->IRQ, 1);
+ if ((NVRAM->buffer[0x1FF5] & 0x80) == 0 &&
+ (NVRAM->buffer[0x1FF4] & 0x80) == 0 &&
+ (NVRAM->buffer[0x1FF3] & 0x80) == 0 &&
+ (NVRAM->buffer[0x1FF2] & 0x80) == 0) {
+ /* Repeat once a month */
+ qemu_get_timedate(&tm, NVRAM->time_offset);
+ tm.tm_mon++;
+ if (tm.tm_mon == 13) {
+ tm.tm_mon = 1;
+ tm.tm_year++;
+ }
+ next_time = qemu_timedate_diff(&tm) - NVRAM->time_offset;
+ } else if ((NVRAM->buffer[0x1FF5] & 0x80) != 0 &&
+ (NVRAM->buffer[0x1FF4] & 0x80) == 0 &&
+ (NVRAM->buffer[0x1FF3] & 0x80) == 0 &&
+ (NVRAM->buffer[0x1FF2] & 0x80) == 0) {
+ /* Repeat once a day */
+ next_time = 24 * 60 * 60;
+ } else if ((NVRAM->buffer[0x1FF5] & 0x80) != 0 &&
+ (NVRAM->buffer[0x1FF4] & 0x80) != 0 &&
+ (NVRAM->buffer[0x1FF3] & 0x80) == 0 &&
+ (NVRAM->buffer[0x1FF2] & 0x80) == 0) {
+ /* Repeat once an hour */
+ next_time = 60 * 60;
+ } else if ((NVRAM->buffer[0x1FF5] & 0x80) != 0 &&
+ (NVRAM->buffer[0x1FF4] & 0x80) != 0 &&
+ (NVRAM->buffer[0x1FF3] & 0x80) != 0 &&
+ (NVRAM->buffer[0x1FF2] & 0x80) == 0) {
+ /* Repeat once a minute */
+ next_time = 60;
+ } else {
+ /* Repeat once a second */
+ next_time = 1;
+ }
+ qemu_mod_timer(NVRAM->alrm_timer, qemu_get_clock_ns(rtc_clock) +
+ next_time * 1000);
+ qemu_set_irq(NVRAM->IRQ, 0);
+}
+
+static void set_alarm(M48t59State *NVRAM)
+{
+ int diff;
+ if (NVRAM->alrm_timer != NULL) {
+ qemu_del_timer(NVRAM->alrm_timer);
+ diff = qemu_timedate_diff(&NVRAM->alarm) - NVRAM->time_offset;
+ if (diff > 0)
+ qemu_mod_timer(NVRAM->alrm_timer, diff * 1000);
+ }
+}
+
+/* RTC management helpers */
+static inline void get_time(M48t59State *NVRAM, struct tm *tm)
+{
+ qemu_get_timedate(tm, NVRAM->time_offset);
+}
+
+static void set_time(M48t59State *NVRAM, struct tm *tm)
+{
+ NVRAM->time_offset = qemu_timedate_diff(tm);
+ set_alarm(NVRAM);
+}
+
+/* Watchdog management */
+static void watchdog_cb (void *opaque)
+{
+ M48t59State *NVRAM = opaque;
+
+ NVRAM->buffer[0x1FF0] |= 0x80;
+ if (NVRAM->buffer[0x1FF7] & 0x80) {
+ NVRAM->buffer[0x1FF7] = 0x00;
+ NVRAM->buffer[0x1FFC] &= ~0x40;
+ /* May it be a hw CPU Reset instead ? */
+ qemu_system_reset_request();
+ } else {
+ qemu_set_irq(NVRAM->IRQ, 1);
+ qemu_set_irq(NVRAM->IRQ, 0);
+ }
+}
+
+static void set_up_watchdog(M48t59State *NVRAM, uint8_t value)
+{
+ uint64_t interval; /* in 1/16 seconds */
+
+ NVRAM->buffer[0x1FF0] &= ~0x80;
+ if (NVRAM->wd_timer != NULL) {
+ qemu_del_timer(NVRAM->wd_timer);
+ if (value != 0) {
+ interval = (1 << (2 * (value & 0x03))) * ((value >> 2) & 0x1F);
+ qemu_mod_timer(NVRAM->wd_timer, ((uint64_t)time(NULL) * 1000) +
+ ((interval * 1000) >> 4));
+ }
+ }
+}
+
+/* Direct access to NVRAM */
+void m48t59_write (void *opaque, uint32_t addr, uint32_t val)
+{
+ M48t59State *NVRAM = opaque;
+ struct tm tm;
+ int tmp;
+
+ if (addr > 0x1FF8 && addr < 0x2000)
+ NVRAM_PRINTF("%s: 0x%08x => 0x%08x\n", __func__, addr, val);
+
+ /* check for NVRAM access */
+ if ((NVRAM->model == 2 && addr < 0x7f8) ||
+ (NVRAM->model == 8 && addr < 0x1ff8) ||
+ (NVRAM->model == 59 && addr < 0x1ff0)) {
+ goto do_write;
+ }
+
+ /* TOD access */
+ switch (addr) {
+ case 0x1FF0:
+ /* flags register : read-only */
+ break;
+ case 0x1FF1:
+ /* unused */
+ break;
+ case 0x1FF2:
+ /* alarm seconds */
+ tmp = from_bcd(val & 0x7F);
+ if (tmp >= 0 && tmp <= 59) {
+ NVRAM->alarm.tm_sec = tmp;
+ NVRAM->buffer[0x1FF2] = val;
+ set_alarm(NVRAM);
+ }
+ break;
+ case 0x1FF3:
+ /* alarm minutes */
+ tmp = from_bcd(val & 0x7F);
+ if (tmp >= 0 && tmp <= 59) {
+ NVRAM->alarm.tm_min = tmp;
+ NVRAM->buffer[0x1FF3] = val;
+ set_alarm(NVRAM);
+ }
+ break;
+ case 0x1FF4:
+ /* alarm hours */
+ tmp = from_bcd(val & 0x3F);
+ if (tmp >= 0 && tmp <= 23) {
+ NVRAM->alarm.tm_hour = tmp;
+ NVRAM->buffer[0x1FF4] = val;
+ set_alarm(NVRAM);
+ }
+ break;
+ case 0x1FF5:
+ /* alarm date */
+ tmp = from_bcd(val & 0x3F);
+ if (tmp != 0) {
+ NVRAM->alarm.tm_mday = tmp;
+ NVRAM->buffer[0x1FF5] = val;
+ set_alarm(NVRAM);
+ }
+ break;
+ case 0x1FF6:
+ /* interrupts */
+ NVRAM->buffer[0x1FF6] = val;
+ break;
+ case 0x1FF7:
+ /* watchdog */
+ NVRAM->buffer[0x1FF7] = val;
+ set_up_watchdog(NVRAM, val);
+ break;
+ case 0x1FF8:
+ case 0x07F8:
+ /* control */
+ NVRAM->buffer[addr] = (val & ~0xA0) | 0x90;
+ break;
+ case 0x1FF9:
+ case 0x07F9:
+ /* seconds (BCD) */
+ tmp = from_bcd(val & 0x7F);
+ if (tmp >= 0 && tmp <= 59) {
+ get_time(NVRAM, &tm);
+ tm.tm_sec = tmp;
+ set_time(NVRAM, &tm);
+ }
+ if ((val & 0x80) ^ (NVRAM->buffer[addr] & 0x80)) {
+ if (val & 0x80) {
+ NVRAM->stop_time = time(NULL);
+ } else {
+ NVRAM->time_offset += NVRAM->stop_time - time(NULL);
+ NVRAM->stop_time = 0;
+ }
+ }
+ NVRAM->buffer[addr] = val & 0x80;
+ break;
+ case 0x1FFA:
+ case 0x07FA:
+ /* minutes (BCD) */
+ tmp = from_bcd(val & 0x7F);
+ if (tmp >= 0 && tmp <= 59) {
+ get_time(NVRAM, &tm);
+ tm.tm_min = tmp;
+ set_time(NVRAM, &tm);
+ }
+ break;
+ case 0x1FFB:
+ case 0x07FB:
+ /* hours (BCD) */
+ tmp = from_bcd(val & 0x3F);
+ if (tmp >= 0 && tmp <= 23) {
+ get_time(NVRAM, &tm);
+ tm.tm_hour = tmp;
+ set_time(NVRAM, &tm);
+ }
+ break;
+ case 0x1FFC:
+ case 0x07FC:
+ /* day of the week / century */
+ tmp = from_bcd(val & 0x07);
+ get_time(NVRAM, &tm);
+ tm.tm_wday = tmp;
+ set_time(NVRAM, &tm);
+ NVRAM->buffer[addr] = val & 0x40;
+ break;
+ case 0x1FFD:
+ case 0x07FD:
+ /* date (BCD) */
+ tmp = from_bcd(val & 0x3F);
+ if (tmp != 0) {
+ get_time(NVRAM, &tm);
+ tm.tm_mday = tmp;
+ set_time(NVRAM, &tm);
+ }
+ break;
+ case 0x1FFE:
+ case 0x07FE:
+ /* month */
+ tmp = from_bcd(val & 0x1F);
+ if (tmp >= 1 && tmp <= 12) {
+ get_time(NVRAM, &tm);
+ tm.tm_mon = tmp - 1;
+ set_time(NVRAM, &tm);
+ }
+ break;
+ case 0x1FFF:
+ case 0x07FF:
+ /* year */
+ tmp = from_bcd(val);
+ if (tmp >= 0 && tmp <= 99) {
+ get_time(NVRAM, &tm);
+ if (NVRAM->model == 8) {
+ tm.tm_year = from_bcd(val) + 68; // Base year is 1968
+ } else {
+ tm.tm_year = from_bcd(val);
+ }
+ set_time(NVRAM, &tm);
+ }
+ break;
+ default:
+ /* Check lock registers state */
+ if (addr >= 0x20 && addr <= 0x2F && (NVRAM->lock & 1))
+ break;
+ if (addr >= 0x30 && addr <= 0x3F && (NVRAM->lock & 2))
+ break;
+ do_write:
+ if (addr < NVRAM->size) {
+ NVRAM->buffer[addr] = val & 0xFF;
+ }
+ break;
+ }
+}
+
+uint32_t m48t59_read (void *opaque, uint32_t addr)
+{
+ M48t59State *NVRAM = opaque;
+ struct tm tm;
+ uint32_t retval = 0xFF;
+
+ /* check for NVRAM access */
+ if ((NVRAM->model == 2 && addr < 0x078f) ||
+ (NVRAM->model == 8 && addr < 0x1ff8) ||
+ (NVRAM->model == 59 && addr < 0x1ff0)) {
+ goto do_read;
+ }
+
+ /* TOD access */
+ switch (addr) {
+ case 0x1FF0:
+ /* flags register */
+ goto do_read;
+ case 0x1FF1:
+ /* unused */
+ retval = 0;
+ break;
+ case 0x1FF2:
+ /* alarm seconds */
+ goto do_read;
+ case 0x1FF3:
+ /* alarm minutes */
+ goto do_read;
+ case 0x1FF4:
+ /* alarm hours */
+ goto do_read;
+ case 0x1FF5:
+ /* alarm date */
+ goto do_read;
+ case 0x1FF6:
+ /* interrupts */
+ goto do_read;
+ case 0x1FF7:
+ /* A read resets the watchdog */
+ set_up_watchdog(NVRAM, NVRAM->buffer[0x1FF7]);
+ goto do_read;
+ case 0x1FF8:
+ case 0x07F8:
+ /* control */
+ goto do_read;
+ case 0x1FF9:
+ case 0x07F9:
+ /* seconds (BCD) */
+ get_time(NVRAM, &tm);
+ retval = (NVRAM->buffer[addr] & 0x80) | to_bcd(tm.tm_sec);
+ break;
+ case 0x1FFA:
+ case 0x07FA:
+ /* minutes (BCD) */
+ get_time(NVRAM, &tm);
+ retval = to_bcd(tm.tm_min);
+ break;
+ case 0x1FFB:
+ case 0x07FB:
+ /* hours (BCD) */
+ get_time(NVRAM, &tm);
+ retval = to_bcd(tm.tm_hour);
+ break;
+ case 0x1FFC:
+ case 0x07FC:
+ /* day of the week / century */
+ get_time(NVRAM, &tm);
+ retval = NVRAM->buffer[addr] | tm.tm_wday;
+ break;
+ case 0x1FFD:
+ case 0x07FD:
+ /* date */
+ get_time(NVRAM, &tm);
+ retval = to_bcd(tm.tm_mday);
+ break;
+ case 0x1FFE:
+ case 0x07FE:
+ /* month */
+ get_time(NVRAM, &tm);
+ retval = to_bcd(tm.tm_mon + 1);
+ break;
+ case 0x1FFF:
+ case 0x07FF:
+ /* year */
+ get_time(NVRAM, &tm);
+ if (NVRAM->model == 8) {
+ retval = to_bcd(tm.tm_year - 68); // Base year is 1968
+ } else {
+ retval = to_bcd(tm.tm_year);
+ }
+ break;
+ default:
+ /* Check lock registers state */
+ if (addr >= 0x20 && addr <= 0x2F && (NVRAM->lock & 1))
+ break;
+ if (addr >= 0x30 && addr <= 0x3F && (NVRAM->lock & 2))
+ break;
+ do_read:
+ if (addr < NVRAM->size) {
+ retval = NVRAM->buffer[addr];
+ }
+ break;
+ }
+ if (addr > 0x1FF9 && addr < 0x2000)
+ NVRAM_PRINTF("%s: 0x%08x <= 0x%08x\n", __func__, addr, retval);
+
+ return retval;
+}
+
+void m48t59_toggle_lock (void *opaque, int lock)
+{
+ M48t59State *NVRAM = opaque;
+
+ NVRAM->lock ^= 1 << lock;
+}
+
+/* IO access to NVRAM */
+static void NVRAM_writeb(void *opaque, hwaddr addr, uint64_t val,
+ unsigned size)
+{
+ M48t59State *NVRAM = opaque;
+
+ NVRAM_PRINTF("%s: 0x%08x => 0x%08x\n", __func__, addr, val);
+ switch (addr) {
+ case 0:
+ NVRAM->addr &= ~0x00FF;
+ NVRAM->addr |= val;
+ break;
+ case 1:
+ NVRAM->addr &= ~0xFF00;
+ NVRAM->addr |= val << 8;
+ break;
+ case 3:
+ m48t59_write(NVRAM, NVRAM->addr, val);
+ NVRAM->addr = 0x0000;
+ break;
+ default:
+ break;
+ }
+}
+
+static uint64_t NVRAM_readb(void *opaque, hwaddr addr, unsigned size)
+{
+ M48t59State *NVRAM = opaque;
+ uint32_t retval;
+
+ switch (addr) {
+ case 3:
+ retval = m48t59_read(NVRAM, NVRAM->addr);
+ break;
+ default:
+ retval = -1;
+ break;
+ }
+ NVRAM_PRINTF("%s: 0x%08x <= 0x%08x\n", __func__, addr, retval);
+
+ return retval;
+}
+
+static void nvram_writeb (void *opaque, hwaddr addr, uint32_t value)
+{
+ M48t59State *NVRAM = opaque;
+
+ m48t59_write(NVRAM, addr, value & 0xff);
+}
+
+static void nvram_writew (void *opaque, hwaddr addr, uint32_t value)
+{
+ M48t59State *NVRAM = opaque;
+
+ m48t59_write(NVRAM, addr, (value >> 8) & 0xff);
+ m48t59_write(NVRAM, addr + 1, value & 0xff);
+}
+
+static void nvram_writel (void *opaque, hwaddr addr, uint32_t value)
+{
+ M48t59State *NVRAM = opaque;
+
+ m48t59_write(NVRAM, addr, (value >> 24) & 0xff);
+ m48t59_write(NVRAM, addr + 1, (value >> 16) & 0xff);
+ m48t59_write(NVRAM, addr + 2, (value >> 8) & 0xff);
+ m48t59_write(NVRAM, addr + 3, value & 0xff);
+}
+
+static uint32_t nvram_readb (void *opaque, hwaddr addr)
+{
+ M48t59State *NVRAM = opaque;
+ uint32_t retval;
+
+ retval = m48t59_read(NVRAM, addr);
+ return retval;
+}
+
+static uint32_t nvram_readw (void *opaque, hwaddr addr)
+{
+ M48t59State *NVRAM = opaque;
+ uint32_t retval;
+
+ retval = m48t59_read(NVRAM, addr) << 8;
+ retval |= m48t59_read(NVRAM, addr + 1);
+ return retval;
+}
+
+static uint32_t nvram_readl (void *opaque, hwaddr addr)
+{
+ M48t59State *NVRAM = opaque;
+ uint32_t retval;
+
+ retval = m48t59_read(NVRAM, addr) << 24;
+ retval |= m48t59_read(NVRAM, addr + 1) << 16;
+ retval |= m48t59_read(NVRAM, addr + 2) << 8;
+ retval |= m48t59_read(NVRAM, addr + 3);
+ return retval;
+}
+
+static const MemoryRegionOps nvram_ops = {
+ .old_mmio = {
+ .read = { nvram_readb, nvram_readw, nvram_readl, },
+ .write = { nvram_writeb, nvram_writew, nvram_writel, },
+ },
+ .endianness = DEVICE_NATIVE_ENDIAN,
+};
+
+static const VMStateDescription vmstate_m48t59 = {
+ .name = "m48t59",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .minimum_version_id_old = 1,
+ .fields = (VMStateField[]) {
+ VMSTATE_UINT8(lock, M48t59State),
+ VMSTATE_UINT16(addr, M48t59State),
+ VMSTATE_VBUFFER_UINT32(buffer, M48t59State, 0, NULL, 0, size),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+static void m48t59_reset_common(M48t59State *NVRAM)
+{
+ NVRAM->addr = 0;
+ NVRAM->lock = 0;
+ if (NVRAM->alrm_timer != NULL)
+ qemu_del_timer(NVRAM->alrm_timer);
+
+ if (NVRAM->wd_timer != NULL)
+ qemu_del_timer(NVRAM->wd_timer);
+}
+
+static void m48t59_reset_isa(DeviceState *d)
+{
+ M48t59ISAState *isa = ISA_M48T59(d);
+ M48t59State *NVRAM = &isa->state;
+
+ m48t59_reset_common(NVRAM);
+}
+
+static void m48t59_reset_sysbus(DeviceState *d)
+{
+ M48t59SysBusState *sys = SYSBUS_M48T59(d);
+ M48t59State *NVRAM = &sys->state;
+
+ m48t59_reset_common(NVRAM);
+}
+
+static const MemoryRegionOps m48t59_io_ops = {
+ .read = NVRAM_readb,
+ .write = NVRAM_writeb,
+ .impl = {
+ .min_access_size = 1,
+ .max_access_size = 1,
+ },
+ .endianness = DEVICE_LITTLE_ENDIAN,
+};
+
+/* Initialisation routine */
+M48t59State *m48t59_init(qemu_irq IRQ, hwaddr mem_base,
+ uint32_t io_base, uint16_t size, int model)
+{
+ DeviceState *dev;
+ SysBusDevice *s;
+ M48t59SysBusState *d;
+ M48t59State *state;
+
+ dev = qdev_create(NULL, TYPE_SYSBUS_M48T59);
+ qdev_prop_set_uint32(dev, "model", model);
+ qdev_prop_set_uint32(dev, "size", size);
+ qdev_prop_set_uint32(dev, "io_base", io_base);
+ qdev_init_nofail(dev);
+ s = SYS_BUS_DEVICE(dev);
+ d = SYSBUS_M48T59(dev);
+ state = &d->state;
+ sysbus_connect_irq(s, 0, IRQ);
+ memory_region_init_io(&d->io, OBJECT(d), &m48t59_io_ops, state,
+ "m48t59", 4);
+ if (io_base != 0) {
+ memory_region_add_subregion(get_system_io(), io_base, &d->io);
+ }
+ if (mem_base != 0) {
+ sysbus_mmio_map(s, 0, mem_base);
+ }
+
+ return state;
+}
+
+M48t59State *m48t59_init_isa(ISABus *bus, uint32_t io_base, uint16_t size,
+ int model)
+{
+ M48t59ISAState *d;
+ ISADevice *isadev;
+ DeviceState *dev;
+ M48t59State *s;
+
+ isadev = isa_create(bus, TYPE_ISA_M48T59);
+ dev = DEVICE(isadev);
+ qdev_prop_set_uint32(dev, "model", model);
+ qdev_prop_set_uint32(dev, "size", size);
+ qdev_prop_set_uint32(dev, "io_base", io_base);
+ qdev_init_nofail(dev);
+ d = ISA_M48T59(isadev);
+ s = &d->state;
+
+ memory_region_init_io(&d->io, OBJECT(d), &m48t59_io_ops, s, "m48t59", 4);
+ if (io_base != 0) {
+ isa_register_ioport(isadev, &d->io, io_base);
+ }
+
+ return s;
+}
+
+static void m48t59_realize_common(M48t59State *s, Error **errp)
+{
+ s->buffer = g_malloc0(s->size);
+ if (s->model == 59) {
+ s->alrm_timer = qemu_new_timer_ns(rtc_clock, &alarm_cb, s);
+ s->wd_timer = qemu_new_timer_ns(vm_clock, &watchdog_cb, s);
+ }
+ qemu_get_timedate(&s->alarm, 0);
+
+ vmstate_register(NULL, -1, &vmstate_m48t59, s);
+}
+
+static void m48t59_isa_realize(DeviceState *dev, Error **errp)
+{
+ ISADevice *isadev = ISA_DEVICE(dev);
+ M48t59ISAState *d = ISA_M48T59(dev);
+ M48t59State *s = &d->state;
+
+ isa_init_irq(isadev, &s->IRQ, 8);
+ m48t59_realize_common(s, errp);
+}
+
+static int m48t59_init1(SysBusDevice *dev)
+{
+ M48t59SysBusState *d = SYSBUS_M48T59(dev);
+ M48t59State *s = &d->state;
+ Error *err = NULL;
+
+ sysbus_init_irq(dev, &s->IRQ);
+
+ memory_region_init_io(&s->iomem, OBJECT(d), &nvram_ops, s,
+ "m48t59.nvram", s->size);
+ sysbus_init_mmio(dev, &s->iomem);
+ m48t59_realize_common(s, &err);
+ if (err != NULL) {
+ error_free(err);
+ return -1;
+ }
+
+ return 0;
+}
+
+static Property m48t59_isa_properties[] = {
+ DEFINE_PROP_UINT32("size", M48t59ISAState, state.size, -1),
+ DEFINE_PROP_UINT32("model", M48t59ISAState, state.model, -1),
+ DEFINE_PROP_HEX32( "io_base", M48t59ISAState, state.io_base, 0),
+ DEFINE_PROP_END_OF_LIST(),
+};
+
+static void m48t59_isa_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+
+ dc->realize = m48t59_isa_realize;
+ dc->no_user = 1;
+ dc->reset = m48t59_reset_isa;
+ dc->props = m48t59_isa_properties;
+}
+
+static const TypeInfo m48t59_isa_info = {
+ .name = TYPE_ISA_M48T59,
+ .parent = TYPE_ISA_DEVICE,
+ .instance_size = sizeof(M48t59ISAState),
+ .class_init = m48t59_isa_class_init,
+};
+
+static Property m48t59_properties[] = {
+ DEFINE_PROP_UINT32("size", M48t59SysBusState, state.size, -1),
+ DEFINE_PROP_UINT32("model", M48t59SysBusState, state.model, -1),
+ DEFINE_PROP_HEX32( "io_base", M48t59SysBusState, state.io_base, 0),
+ DEFINE_PROP_END_OF_LIST(),
+};
+
+static void m48t59_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
+
+ k->init = m48t59_init1;
+ dc->reset = m48t59_reset_sysbus;
+ dc->props = m48t59_properties;
+}
+
+static const TypeInfo m48t59_info = {
+ .name = TYPE_SYSBUS_M48T59,
+ .parent = TYPE_SYS_BUS_DEVICE,
+ .instance_size = sizeof(M48t59SysBusState),
+ .class_init = m48t59_class_init,
+};
+
+static void m48t59_register_types(void)
+{
+ type_register_static(&m48t59_info);
+ type_register_static(&m48t59_isa_info);
+}
+
+type_init(m48t59_register_types)
diff --git a/hw/timer/mc146818rtc.c b/hw/timer/mc146818rtc.c
new file mode 100644
index 000000000..3c3baaccf
--- /dev/null
+++ b/hw/timer/mc146818rtc.c
@@ -0,0 +1,924 @@
+/*
+ * QEMU MC146818 RTC emulation
+ *
+ * Copyright (c) 2003-2004 Fabrice Bellard
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+#include "hw/hw.h"
+#include "qemu/timer.h"
+#include "sysemu/sysemu.h"
+#include "hw/timer/mc146818rtc.h"
+#include "qapi/visitor.h"
+
+#ifdef TARGET_I386
+#include "hw/i386/apic.h"
+#endif
+
+//#define DEBUG_CMOS
+//#define DEBUG_COALESCED
+
+#ifdef DEBUG_CMOS
+# define CMOS_DPRINTF(format, ...) printf(format, ## __VA_ARGS__)
+#else
+# define CMOS_DPRINTF(format, ...) do { } while (0)
+#endif
+
+#ifdef DEBUG_COALESCED
+# define DPRINTF_C(format, ...) printf(format, ## __VA_ARGS__)
+#else
+# define DPRINTF_C(format, ...) do { } while (0)
+#endif
+
+#define NSEC_PER_SEC 1000000000LL
+#define SEC_PER_MIN 60
+#define MIN_PER_HOUR 60
+#define SEC_PER_HOUR 3600
+#define HOUR_PER_DAY 24
+#define SEC_PER_DAY 86400
+
+#define RTC_REINJECT_ON_ACK_COUNT 20
+#define RTC_CLOCK_RATE 32768
+#define UIP_HOLD_LENGTH (8 * NSEC_PER_SEC / 32768)
+
+#define MC146818_RTC(obj) OBJECT_CHECK(RTCState, (obj), TYPE_MC146818_RTC)
+
+typedef struct RTCState {
+ ISADevice parent_obj;
+
+ MemoryRegion io;
+ uint8_t cmos_data[128];
+ uint8_t cmos_index;
+ int32_t base_year;
+ uint64_t base_rtc;
+ uint64_t last_update;
+ int64_t offset;
+ qemu_irq irq;
+ qemu_irq sqw_irq;
+ int it_shift;
+ /* periodic timer */
+ QEMUTimer *periodic_timer;
+ int64_t next_periodic_time;
+ /* update-ended timer */
+ QEMUTimer *update_timer;
+ uint64_t next_alarm_time;
+ uint16_t irq_reinject_on_ack_count;
+ uint32_t irq_coalesced;
+ uint32_t period;
+ QEMUTimer *coalesced_timer;
+ Notifier clock_reset_notifier;
+ LostTickPolicy lost_tick_policy;
+ Notifier suspend_notifier;
+} RTCState;
+
+static void rtc_set_time(RTCState *s);
+static void rtc_update_time(RTCState *s);
+static void rtc_set_cmos(RTCState *s, const struct tm *tm);
+static inline int rtc_from_bcd(RTCState *s, int a);
+static uint64_t get_next_alarm(RTCState *s);
+
+static inline bool rtc_running(RTCState *s)
+{
+ return (!(s->cmos_data[RTC_REG_B] & REG_B_SET) &&
+ (s->cmos_data[RTC_REG_A] & 0x70) <= 0x20);
+}
+
+static uint64_t get_guest_rtc_ns(RTCState *s)
+{
+ uint64_t guest_rtc;
+ uint64_t guest_clock = qemu_get_clock_ns(rtc_clock);
+
+ guest_rtc = s->base_rtc * NSEC_PER_SEC
+ + guest_clock - s->last_update + s->offset;
+ return guest_rtc;
+}
+
+#ifdef TARGET_I386
+static void rtc_coalesced_timer_update(RTCState *s)
+{
+ if (s->irq_coalesced == 0) {
+ qemu_del_timer(s->coalesced_timer);
+ } else {
+ /* divide each RTC interval to 2 - 8 smaller intervals */
+ int c = MIN(s->irq_coalesced, 7) + 1;
+ int64_t next_clock = qemu_get_clock_ns(rtc_clock) +
+ muldiv64(s->period / c, get_ticks_per_sec(), RTC_CLOCK_RATE);
+ qemu_mod_timer(s->coalesced_timer, next_clock);
+ }
+}
+
+static void rtc_coalesced_timer(void *opaque)
+{
+ RTCState *s = opaque;
+
+ if (s->irq_coalesced != 0) {
+ apic_reset_irq_delivered();
+ s->cmos_data[RTC_REG_C] |= 0xc0;
+ DPRINTF_C("cmos: injecting from timer\n");
+ qemu_irq_raise(s->irq);
+ if (apic_get_irq_delivered()) {
+ s->irq_coalesced--;
+ DPRINTF_C("cmos: coalesced irqs decreased to %d\n",
+ s->irq_coalesced);
+ }
+ }
+
+ rtc_coalesced_timer_update(s);
+}
+#endif
+
+/* handle periodic timer */
+static void periodic_timer_update(RTCState *s, int64_t current_time)
+{
+ int period_code, period;
+ int64_t cur_clock, next_irq_clock;
+
+ period_code = s->cmos_data[RTC_REG_A] & 0x0f;
+ if (period_code != 0
+ && ((s->cmos_data[RTC_REG_B] & REG_B_PIE)
+ || ((s->cmos_data[RTC_REG_B] & REG_B_SQWE) && s->sqw_irq))) {
+ if (period_code <= 2)
+ period_code += 7;
+ /* period in 32 Khz cycles */
+ period = 1 << (period_code - 1);
+#ifdef TARGET_I386
+ if (period != s->period) {
+ s->irq_coalesced = (s->irq_coalesced * s->period) / period;
+ DPRINTF_C("cmos: coalesced irqs scaled to %d\n", s->irq_coalesced);
+ }
+ s->period = period;
+#endif
+ /* compute 32 khz clock */
+ cur_clock = muldiv64(current_time, RTC_CLOCK_RATE, get_ticks_per_sec());
+ next_irq_clock = (cur_clock & ~(period - 1)) + period;
+ s->next_periodic_time =
+ muldiv64(next_irq_clock, get_ticks_per_sec(), RTC_CLOCK_RATE) + 1;
+ qemu_mod_timer(s->periodic_timer, s->next_periodic_time);
+ } else {
+#ifdef TARGET_I386
+ s->irq_coalesced = 0;
+#endif
+ qemu_del_timer(s->periodic_timer);
+ }
+}
+
+static void rtc_periodic_timer(void *opaque)
+{
+ RTCState *s = opaque;
+
+ periodic_timer_update(s, s->next_periodic_time);
+ s->cmos_data[RTC_REG_C] |= REG_C_PF;
+ if (s->cmos_data[RTC_REG_B] & REG_B_PIE) {
+ s->cmos_data[RTC_REG_C] |= REG_C_IRQF;
+#ifdef TARGET_I386
+ if (s->lost_tick_policy == LOST_TICK_SLEW) {
+ if (s->irq_reinject_on_ack_count >= RTC_REINJECT_ON_ACK_COUNT)
+ s->irq_reinject_on_ack_count = 0;
+ apic_reset_irq_delivered();
+ qemu_irq_raise(s->irq);
+ if (!apic_get_irq_delivered()) {
+ s->irq_coalesced++;
+ rtc_coalesced_timer_update(s);
+ DPRINTF_C("cmos: coalesced irqs increased to %d\n",
+ s->irq_coalesced);
+ }
+ } else
+#endif
+ qemu_irq_raise(s->irq);
+ }
+ if (s->cmos_data[RTC_REG_B] & REG_B_SQWE) {
+ /* Not square wave at all but we don't want 2048Hz interrupts!
+ Must be seen as a pulse. */
+ qemu_irq_raise(s->sqw_irq);
+ }
+}
+
+/* handle update-ended timer */
+static void check_update_timer(RTCState *s)
+{
+ uint64_t next_update_time;
+ uint64_t guest_nsec;
+ int next_alarm_sec;
+
+ /* From the data sheet: "Holding the dividers in reset prevents
+ * interrupts from operating, while setting the SET bit allows"
+ * them to occur. However, it will prevent an alarm interrupt
+ * from occurring, because the time of day is not updated.
+ */
+ if ((s->cmos_data[RTC_REG_A] & 0x60) == 0x60) {
+ qemu_del_timer(s->update_timer);
+ return;
+ }
+ if ((s->cmos_data[RTC_REG_C] & REG_C_UF) &&
+ (s->cmos_data[RTC_REG_B] & REG_B_SET)) {
+ qemu_del_timer(s->update_timer);
+ return;
+ }
+ if ((s->cmos_data[RTC_REG_C] & REG_C_UF) &&
+ (s->cmos_data[RTC_REG_C] & REG_C_AF)) {
+ qemu_del_timer(s->update_timer);
+ return;
+ }
+
+ guest_nsec = get_guest_rtc_ns(s) % NSEC_PER_SEC;
+ /* if UF is clear, reprogram to next second */
+ next_update_time = qemu_get_clock_ns(rtc_clock)
+ + NSEC_PER_SEC - guest_nsec;
+
+ /* Compute time of next alarm. One second is already accounted
+ * for in next_update_time.
+ */
+ next_alarm_sec = get_next_alarm(s);
+ s->next_alarm_time = next_update_time + (next_alarm_sec - 1) * NSEC_PER_SEC;
+
+ if (s->cmos_data[RTC_REG_C] & REG_C_UF) {
+ /* UF is set, but AF is clear. Program the timer to target
+ * the alarm time. */
+ next_update_time = s->next_alarm_time;
+ }
+ if (next_update_time != qemu_timer_expire_time_ns(s->update_timer)) {
+ qemu_mod_timer(s->update_timer, next_update_time);
+ }
+}
+
+static inline uint8_t convert_hour(RTCState *s, uint8_t hour)
+{
+ if (!(s->cmos_data[RTC_REG_B] & REG_B_24H)) {
+ hour %= 12;
+ if (s->cmos_data[RTC_HOURS] & 0x80) {
+ hour += 12;
+ }
+ }
+ return hour;
+}
+
+static uint64_t get_next_alarm(RTCState *s)
+{
+ int32_t alarm_sec, alarm_min, alarm_hour, cur_hour, cur_min, cur_sec;
+ int32_t hour, min, sec;
+
+ rtc_update_time(s);
+
+ alarm_sec = rtc_from_bcd(s, s->cmos_data[RTC_SECONDS_ALARM]);
+ alarm_min = rtc_from_bcd(s, s->cmos_data[RTC_MINUTES_ALARM]);
+ alarm_hour = rtc_from_bcd(s, s->cmos_data[RTC_HOURS_ALARM]);
+ alarm_hour = alarm_hour == -1 ? -1 : convert_hour(s, alarm_hour);
+
+ cur_sec = rtc_from_bcd(s, s->cmos_data[RTC_SECONDS]);
+ cur_min = rtc_from_bcd(s, s->cmos_data[RTC_MINUTES]);
+ cur_hour = rtc_from_bcd(s, s->cmos_data[RTC_HOURS]);
+ cur_hour = convert_hour(s, cur_hour);
+
+ if (alarm_hour == -1) {
+ alarm_hour = cur_hour;
+ if (alarm_min == -1) {
+ alarm_min = cur_min;
+ if (alarm_sec == -1) {
+ alarm_sec = cur_sec + 1;
+ } else if (cur_sec > alarm_sec) {
+ alarm_min++;
+ }
+ } else if (cur_min == alarm_min) {
+ if (alarm_sec == -1) {
+ alarm_sec = cur_sec + 1;
+ } else {
+ if (cur_sec > alarm_sec) {
+ alarm_hour++;
+ }
+ }
+ if (alarm_sec == SEC_PER_MIN) {
+ /* wrap to next hour, minutes is not in don't care mode */
+ alarm_sec = 0;
+ alarm_hour++;
+ }
+ } else if (cur_min > alarm_min) {
+ alarm_hour++;
+ }
+ } else if (cur_hour == alarm_hour) {
+ if (alarm_min == -1) {
+ alarm_min = cur_min;
+ if (alarm_sec == -1) {
+ alarm_sec = cur_sec + 1;
+ } else if (cur_sec > alarm_sec) {
+ alarm_min++;
+ }
+
+ if (alarm_sec == SEC_PER_MIN) {
+ alarm_sec = 0;
+ alarm_min++;
+ }
+ /* wrap to next day, hour is not in don't care mode */
+ alarm_min %= MIN_PER_HOUR;
+ } else if (cur_min == alarm_min) {
+ if (alarm_sec == -1) {
+ alarm_sec = cur_sec + 1;
+ }
+ /* wrap to next day, hours+minutes not in don't care mode */
+ alarm_sec %= SEC_PER_MIN;
+ }
+ }
+
+ /* values that are still don't care fire at the next min/sec */
+ if (alarm_min == -1) {
+ alarm_min = 0;
+ }
+ if (alarm_sec == -1) {
+ alarm_sec = 0;
+ }
+
+ /* keep values in range */
+ if (alarm_sec == SEC_PER_MIN) {
+ alarm_sec = 0;
+ alarm_min++;
+ }
+ if (alarm_min == MIN_PER_HOUR) {
+ alarm_min = 0;
+ alarm_hour++;
+ }
+ alarm_hour %= HOUR_PER_DAY;
+
+ hour = alarm_hour - cur_hour;
+ min = hour * MIN_PER_HOUR + alarm_min - cur_min;
+ sec = min * SEC_PER_MIN + alarm_sec - cur_sec;
+ return sec <= 0 ? sec + SEC_PER_DAY : sec;
+}
+
+static void rtc_update_timer(void *opaque)
+{
+ RTCState *s = opaque;
+ int32_t irqs = REG_C_UF;
+ int32_t new_irqs;
+
+ assert((s->cmos_data[RTC_REG_A] & 0x60) != 0x60);
+
+ /* UIP might have been latched, update time and clear it. */
+ rtc_update_time(s);
+ s->cmos_data[RTC_REG_A] &= ~REG_A_UIP;
+
+ if (qemu_get_clock_ns(rtc_clock) >= s->next_alarm_time) {
+ irqs |= REG_C_AF;
+ if (s->cmos_data[RTC_REG_B] & REG_B_AIE) {
+ qemu_system_wakeup_request(QEMU_WAKEUP_REASON_RTC);
+ }
+ }
+
+ new_irqs = irqs & ~s->cmos_data[RTC_REG_C];
+ s->cmos_data[RTC_REG_C] |= irqs;
+ if ((new_irqs & s->cmos_data[RTC_REG_B]) != 0) {
+ s->cmos_data[RTC_REG_C] |= REG_C_IRQF;
+ qemu_irq_raise(s->irq);
+ }
+ check_update_timer(s);
+}
+
+static void cmos_ioport_write(void *opaque, hwaddr addr,
+ uint64_t data, unsigned size)
+{
+ RTCState *s = opaque;
+
+ if ((addr & 1) == 0) {
+ s->cmos_index = data & 0x7f;
+ } else {
+ CMOS_DPRINTF("cmos: write index=0x%02x val=0x%02x\n",
+ s->cmos_index, data);
+ switch(s->cmos_index) {
+ case RTC_SECONDS_ALARM:
+ case RTC_MINUTES_ALARM:
+ case RTC_HOURS_ALARM:
+ s->cmos_data[s->cmos_index] = data;
+ check_update_timer(s);
+ break;
+ case RTC_IBM_PS2_CENTURY_BYTE:
+ s->cmos_index = RTC_CENTURY;
+ /* fall through */
+ case RTC_CENTURY:
+ case RTC_SECONDS:
+ case RTC_MINUTES:
+ case RTC_HOURS:
+ case RTC_DAY_OF_WEEK:
+ case RTC_DAY_OF_MONTH:
+ case RTC_MONTH:
+ case RTC_YEAR:
+ s->cmos_data[s->cmos_index] = data;
+ /* if in set mode, do not update the time */
+ if (rtc_running(s)) {
+ rtc_set_time(s);
+ check_update_timer(s);
+ }
+ break;
+ case RTC_REG_A:
+ if ((data & 0x60) == 0x60) {
+ if (rtc_running(s)) {
+ rtc_update_time(s);
+ }
+ /* What happens to UIP when divider reset is enabled is
+ * unclear from the datasheet. Shouldn't matter much
+ * though.
+ */
+ s->cmos_data[RTC_REG_A] &= ~REG_A_UIP;
+ } else if (((s->cmos_data[RTC_REG_A] & 0x60) == 0x60) &&
+ (data & 0x70) <= 0x20) {
+ /* when the divider reset is removed, the first update cycle
+ * begins one-half second later*/
+ if (!(s->cmos_data[RTC_REG_B] & REG_B_SET)) {
+ s->offset = 500000000;
+ rtc_set_time(s);
+ }
+ s->cmos_data[RTC_REG_A] &= ~REG_A_UIP;
+ }
+ /* UIP bit is read only */
+ s->cmos_data[RTC_REG_A] = (data & ~REG_A_UIP) |
+ (s->cmos_data[RTC_REG_A] & REG_A_UIP);
+ periodic_timer_update(s, qemu_get_clock_ns(rtc_clock));
+ check_update_timer(s);
+ break;
+ case RTC_REG_B:
+ if (data & REG_B_SET) {
+ /* update cmos to when the rtc was stopping */
+ if (rtc_running(s)) {
+ rtc_update_time(s);
+ }
+ /* set mode: reset UIP mode */
+ s->cmos_data[RTC_REG_A] &= ~REG_A_UIP;
+ data &= ~REG_B_UIE;
+ } else {
+ /* if disabling set mode, update the time */
+ if ((s->cmos_data[RTC_REG_B] & REG_B_SET) &&
+ (s->cmos_data[RTC_REG_A] & 0x70) <= 0x20) {
+ s->offset = get_guest_rtc_ns(s) % NSEC_PER_SEC;
+ rtc_set_time(s);
+ }
+ }
+ /* if an interrupt flag is already set when the interrupt
+ * becomes enabled, raise an interrupt immediately. */
+ if (data & s->cmos_data[RTC_REG_C] & REG_C_MASK) {
+ s->cmos_data[RTC_REG_C] |= REG_C_IRQF;
+ qemu_irq_raise(s->irq);
+ } else {
+ s->cmos_data[RTC_REG_C] &= ~REG_C_IRQF;
+ qemu_irq_lower(s->irq);
+ }
+ s->cmos_data[RTC_REG_B] = data;
+ periodic_timer_update(s, qemu_get_clock_ns(rtc_clock));
+ check_update_timer(s);
+ break;
+ case RTC_REG_C:
+ case RTC_REG_D:
+ /* cannot write to them */
+ break;
+ default:
+ s->cmos_data[s->cmos_index] = data;
+ break;
+ }
+ }
+}
+
+static inline int rtc_to_bcd(RTCState *s, int a)
+{
+ if (s->cmos_data[RTC_REG_B] & REG_B_DM) {
+ return a;
+ } else {
+ return ((a / 10) << 4) | (a % 10);
+ }
+}
+
+static inline int rtc_from_bcd(RTCState *s, int a)
+{
+ if ((a & 0xc0) == 0xc0) {
+ return -1;
+ }
+ if (s->cmos_data[RTC_REG_B] & REG_B_DM) {
+ return a;
+ } else {
+ return ((a >> 4) * 10) + (a & 0x0f);
+ }
+}
+
+static void rtc_get_time(RTCState *s, struct tm *tm)
+{
+ tm->tm_sec = rtc_from_bcd(s, s->cmos_data[RTC_SECONDS]);
+ tm->tm_min = rtc_from_bcd(s, s->cmos_data[RTC_MINUTES]);
+ tm->tm_hour = rtc_from_bcd(s, s->cmos_data[RTC_HOURS] & 0x7f);
+ if (!(s->cmos_data[RTC_REG_B] & REG_B_24H)) {
+ tm->tm_hour %= 12;
+ if (s->cmos_data[RTC_HOURS] & 0x80) {
+ tm->tm_hour += 12;
+ }
+ }
+ tm->tm_wday = rtc_from_bcd(s, s->cmos_data[RTC_DAY_OF_WEEK]) - 1;
+ tm->tm_mday = rtc_from_bcd(s, s->cmos_data[RTC_DAY_OF_MONTH]);
+ tm->tm_mon = rtc_from_bcd(s, s->cmos_data[RTC_MONTH]) - 1;
+ tm->tm_year =
+ rtc_from_bcd(s, s->cmos_data[RTC_YEAR]) + s->base_year +
+ rtc_from_bcd(s, s->cmos_data[RTC_CENTURY]) * 100 - 1900;
+}
+
+static void rtc_set_time(RTCState *s)
+{
+ struct tm tm;
+
+ rtc_get_time(s, &tm);
+ s->base_rtc = mktimegm(&tm);
+ s->last_update = qemu_get_clock_ns(rtc_clock);
+
+ rtc_change_mon_event(&tm);
+}
+
+static void rtc_set_cmos(RTCState *s, const struct tm *tm)
+{
+ int year;
+
+ s->cmos_data[RTC_SECONDS] = rtc_to_bcd(s, tm->tm_sec);
+ s->cmos_data[RTC_MINUTES] = rtc_to_bcd(s, tm->tm_min);
+ if (s->cmos_data[RTC_REG_B] & REG_B_24H) {
+ /* 24 hour format */
+ s->cmos_data[RTC_HOURS] = rtc_to_bcd(s, tm->tm_hour);
+ } else {
+ /* 12 hour format */
+ int h = (tm->tm_hour % 12) ? tm->tm_hour % 12 : 12;
+ s->cmos_data[RTC_HOURS] = rtc_to_bcd(s, h);
+ if (tm->tm_hour >= 12)
+ s->cmos_data[RTC_HOURS] |= 0x80;
+ }
+ s->cmos_data[RTC_DAY_OF_WEEK] = rtc_to_bcd(s, tm->tm_wday + 1);
+ s->cmos_data[RTC_DAY_OF_MONTH] = rtc_to_bcd(s, tm->tm_mday);
+ s->cmos_data[RTC_MONTH] = rtc_to_bcd(s, tm->tm_mon + 1);
+ year = tm->tm_year + 1900 - s->base_year;
+ s->cmos_data[RTC_YEAR] = rtc_to_bcd(s, year % 100);
+ s->cmos_data[RTC_CENTURY] = rtc_to_bcd(s, year / 100);
+}
+
+static void rtc_update_time(RTCState *s)
+{
+ struct tm ret;
+ time_t guest_sec;
+ int64_t guest_nsec;
+
+ guest_nsec = get_guest_rtc_ns(s);
+ guest_sec = guest_nsec / NSEC_PER_SEC;
+ gmtime_r(&guest_sec, &ret);
+
+ /* Is SET flag of Register B disabled? */
+ if ((s->cmos_data[RTC_REG_B] & REG_B_SET) == 0) {
+ rtc_set_cmos(s, &ret);
+ }
+}
+
+static int update_in_progress(RTCState *s)
+{
+ int64_t guest_nsec;
+
+ if (!rtc_running(s)) {
+ return 0;
+ }
+ if (qemu_timer_pending(s->update_timer)) {
+ int64_t next_update_time = qemu_timer_expire_time_ns(s->update_timer);
+ /* Latch UIP until the timer expires. */
+ if (qemu_get_clock_ns(rtc_clock) >= (next_update_time - UIP_HOLD_LENGTH)) {
+ s->cmos_data[RTC_REG_A] |= REG_A_UIP;
+ return 1;
+ }
+ }
+
+ guest_nsec = get_guest_rtc_ns(s);
+ /* UIP bit will be set at last 244us of every second. */
+ if ((guest_nsec % NSEC_PER_SEC) >= (NSEC_PER_SEC - UIP_HOLD_LENGTH)) {
+ return 1;
+ }
+ return 0;
+}
+
+static uint64_t cmos_ioport_read(void *opaque, hwaddr addr,
+ unsigned size)
+{
+ RTCState *s = opaque;
+ int ret;
+ if ((addr & 1) == 0) {
+ return 0xff;
+ } else {
+ switch(s->cmos_index) {
+ case RTC_IBM_PS2_CENTURY_BYTE:
+ s->cmos_index = RTC_CENTURY;
+ /* fall through */
+ case RTC_CENTURY:
+ case RTC_SECONDS:
+ case RTC_MINUTES:
+ case RTC_HOURS:
+ case RTC_DAY_OF_WEEK:
+ case RTC_DAY_OF_MONTH:
+ case RTC_MONTH:
+ case RTC_YEAR:
+ /* if not in set mode, calibrate cmos before
+ * reading*/
+ if (rtc_running(s)) {
+ rtc_update_time(s);
+ }
+ ret = s->cmos_data[s->cmos_index];
+ break;
+ case RTC_REG_A:
+ if (update_in_progress(s)) {
+ s->cmos_data[s->cmos_index] |= REG_A_UIP;
+ } else {
+ s->cmos_data[s->cmos_index] &= ~REG_A_UIP;
+ }
+ ret = s->cmos_data[s->cmos_index];
+ break;
+ case RTC_REG_C:
+ ret = s->cmos_data[s->cmos_index];
+ qemu_irq_lower(s->irq);
+ s->cmos_data[RTC_REG_C] = 0x00;
+ if (ret & (REG_C_UF | REG_C_AF)) {
+ check_update_timer(s);
+ }
+#ifdef TARGET_I386
+ if(s->irq_coalesced &&
+ (s->cmos_data[RTC_REG_B] & REG_B_PIE) &&
+ s->irq_reinject_on_ack_count < RTC_REINJECT_ON_ACK_COUNT) {
+ s->irq_reinject_on_ack_count++;
+ s->cmos_data[RTC_REG_C] |= REG_C_IRQF | REG_C_PF;
+ apic_reset_irq_delivered();
+ DPRINTF_C("cmos: injecting on ack\n");
+ qemu_irq_raise(s->irq);
+ if (apic_get_irq_delivered()) {
+ s->irq_coalesced--;
+ DPRINTF_C("cmos: coalesced irqs decreased to %d\n",
+ s->irq_coalesced);
+ }
+ }
+#endif
+ break;
+ default:
+ ret = s->cmos_data[s->cmos_index];
+ break;
+ }
+ CMOS_DPRINTF("cmos: read index=0x%02x val=0x%02x\n",
+ s->cmos_index, ret);
+ return ret;
+ }
+}
+
+void rtc_set_memory(ISADevice *dev, int addr, int val)
+{
+ RTCState *s = MC146818_RTC(dev);
+ if (addr >= 0 && addr <= 127)
+ s->cmos_data[addr] = val;
+}
+
+int rtc_get_memory(ISADevice *dev, int addr)
+{
+ RTCState *s = MC146818_RTC(dev);
+ assert(addr >= 0 && addr <= 127);
+ return s->cmos_data[addr];
+}
+
+static void rtc_set_date_from_host(ISADevice *dev)
+{
+ RTCState *s = MC146818_RTC(dev);
+ struct tm tm;
+
+ qemu_get_timedate(&tm, 0);
+
+ s->base_rtc = mktimegm(&tm);
+ s->last_update = qemu_get_clock_ns(rtc_clock);
+ s->offset = 0;
+
+ /* set the CMOS date */
+ rtc_set_cmos(s, &tm);
+}
+
+static int rtc_post_load(void *opaque, int version_id)
+{
+ RTCState *s = opaque;
+
+ if (version_id <= 2) {
+ rtc_set_time(s);
+ s->offset = 0;
+ check_update_timer(s);
+ }
+
+#ifdef TARGET_I386
+ if (version_id >= 2) {
+ if (s->lost_tick_policy == LOST_TICK_SLEW) {
+ rtc_coalesced_timer_update(s);
+ }
+ }
+#endif
+ return 0;
+}
+
+static const VMStateDescription vmstate_rtc = {
+ .name = "mc146818rtc",
+ .version_id = 3,
+ .minimum_version_id = 1,
+ .minimum_version_id_old = 1,
+ .post_load = rtc_post_load,
+ .fields = (VMStateField []) {
+ VMSTATE_BUFFER(cmos_data, RTCState),
+ VMSTATE_UINT8(cmos_index, RTCState),
+ VMSTATE_UNUSED(7*4),
+ VMSTATE_TIMER(periodic_timer, RTCState),
+ VMSTATE_INT64(next_periodic_time, RTCState),
+ VMSTATE_UNUSED(3*8),
+ VMSTATE_UINT32_V(irq_coalesced, RTCState, 2),
+ VMSTATE_UINT32_V(period, RTCState, 2),
+ VMSTATE_UINT64_V(base_rtc, RTCState, 3),
+ VMSTATE_UINT64_V(last_update, RTCState, 3),
+ VMSTATE_INT64_V(offset, RTCState, 3),
+ VMSTATE_TIMER_V(update_timer, RTCState, 3),
+ VMSTATE_UINT64_V(next_alarm_time, RTCState, 3),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+static void rtc_notify_clock_reset(Notifier *notifier, void *data)
+{
+ RTCState *s = container_of(notifier, RTCState, clock_reset_notifier);
+ int64_t now = *(int64_t *)data;
+
+ rtc_set_date_from_host(ISA_DEVICE(s));
+ periodic_timer_update(s, now);
+ check_update_timer(s);
+#ifdef TARGET_I386
+ if (s->lost_tick_policy == LOST_TICK_SLEW) {
+ rtc_coalesced_timer_update(s);
+ }
+#endif
+}
+
+/* set CMOS shutdown status register (index 0xF) as S3_resume(0xFE)
+ BIOS will read it and start S3 resume at POST Entry */
+static void rtc_notify_suspend(Notifier *notifier, void *data)
+{
+ RTCState *s = container_of(notifier, RTCState, suspend_notifier);
+ rtc_set_memory(ISA_DEVICE(s), 0xF, 0xFE);
+}
+
+static void rtc_reset(void *opaque)
+{
+ RTCState *s = opaque;
+
+ s->cmos_data[RTC_REG_B] &= ~(REG_B_PIE | REG_B_AIE | REG_B_SQWE);
+ s->cmos_data[RTC_REG_C] &= ~(REG_C_UF | REG_C_IRQF | REG_C_PF | REG_C_AF);
+ check_update_timer(s);
+
+ qemu_irq_lower(s->irq);
+
+#ifdef TARGET_I386
+ if (s->lost_tick_policy == LOST_TICK_SLEW) {
+ s->irq_coalesced = 0;
+ }
+#endif
+}
+
+static const MemoryRegionOps cmos_ops = {
+ .read = cmos_ioport_read,
+ .write = cmos_ioport_write,
+ .impl = {
+ .min_access_size = 1,
+ .max_access_size = 1,
+ },
+ .endianness = DEVICE_LITTLE_ENDIAN,
+};
+
+static void rtc_get_date(Object *obj, Visitor *v, void *opaque,
+ const char *name, Error **errp)
+{
+ RTCState *s = MC146818_RTC(obj);
+ struct tm current_tm;
+
+ rtc_update_time(s);
+ rtc_get_time(s, &current_tm);
+ visit_start_struct(v, NULL, "struct tm", name, 0, errp);
+ visit_type_int32(v, &current_tm.tm_year, "tm_year", errp);
+ visit_type_int32(v, &current_tm.tm_mon, "tm_mon", errp);
+ visit_type_int32(v, &current_tm.tm_mday, "tm_mday", errp);
+ visit_type_int32(v, &current_tm.tm_hour, "tm_hour", errp);
+ visit_type_int32(v, &current_tm.tm_min, "tm_min", errp);
+ visit_type_int32(v, &current_tm.tm_sec, "tm_sec", errp);
+ visit_end_struct(v, errp);
+}
+
+static void rtc_realizefn(DeviceState *dev, Error **errp)
+{
+ ISADevice *isadev = ISA_DEVICE(dev);
+ RTCState *s = MC146818_RTC(dev);
+ int base = 0x70;
+
+ s->cmos_data[RTC_REG_A] = 0x26;
+ s->cmos_data[RTC_REG_B] = 0x02;
+ s->cmos_data[RTC_REG_C] = 0x00;
+ s->cmos_data[RTC_REG_D] = 0x80;
+
+ /* This is for historical reasons. The default base year qdev property
+ * was set to 2000 for most machine types before the century byte was
+ * implemented.
+ *
+ * This if statement means that the century byte will be always 0
+ * (at least until 2079...) for base_year = 1980, but will be set
+ * correctly for base_year = 2000.
+ */
+ if (s->base_year == 2000) {
+ s->base_year = 0;
+ }
+
+ rtc_set_date_from_host(isadev);
+
+#ifdef TARGET_I386
+ switch (s->lost_tick_policy) {
+ case LOST_TICK_SLEW:
+ s->coalesced_timer =
+ qemu_new_timer_ns(rtc_clock, rtc_coalesced_timer, s);
+ break;
+ case LOST_TICK_DISCARD:
+ break;
+ default:
+ error_setg(errp, "Invalid lost tick policy.");
+ return;
+ }
+#endif
+
+ s->periodic_timer = qemu_new_timer_ns(rtc_clock, rtc_periodic_timer, s);
+ s->update_timer = qemu_new_timer_ns(rtc_clock, rtc_update_timer, s);
+ check_update_timer(s);
+
+ s->clock_reset_notifier.notify = rtc_notify_clock_reset;
+ qemu_register_clock_reset_notifier(rtc_clock, &s->clock_reset_notifier);
+
+ s->suspend_notifier.notify = rtc_notify_suspend;
+ qemu_register_suspend_notifier(&s->suspend_notifier);
+
+ memory_region_init_io(&s->io, OBJECT(s), &cmos_ops, s, "rtc", 2);
+ isa_register_ioport(isadev, &s->io, base);
+
+ qdev_set_legacy_instance_id(dev, base, 3);
+ qemu_register_reset(rtc_reset, s);
+
+ object_property_add(OBJECT(s), "date", "struct tm",
+ rtc_get_date, NULL, NULL, s, NULL);
+}
+
+ISADevice *rtc_init(ISABus *bus, int base_year, qemu_irq intercept_irq)
+{
+ DeviceState *dev;
+ ISADevice *isadev;
+ RTCState *s;
+
+ isadev = isa_create(bus, TYPE_MC146818_RTC);
+ dev = DEVICE(isadev);
+ s = MC146818_RTC(isadev);
+ qdev_prop_set_int32(dev, "base_year", base_year);
+ qdev_init_nofail(dev);
+ if (intercept_irq) {
+ s->irq = intercept_irq;
+ } else {
+ isa_init_irq(isadev, &s->irq, RTC_ISA_IRQ);
+ }
+ return isadev;
+}
+
+static Property mc146818rtc_properties[] = {
+ DEFINE_PROP_INT32("base_year", RTCState, base_year, 1980),
+ DEFINE_PROP_LOSTTICKPOLICY("lost_tick_policy", RTCState,
+ lost_tick_policy, LOST_TICK_DISCARD),
+ DEFINE_PROP_END_OF_LIST(),
+};
+
+static void rtc_class_initfn(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+
+ dc->realize = rtc_realizefn;
+ dc->no_user = 1;
+ dc->vmsd = &vmstate_rtc;
+ dc->props = mc146818rtc_properties;
+}
+
+static const TypeInfo mc146818rtc_info = {
+ .name = TYPE_MC146818_RTC,
+ .parent = TYPE_ISA_DEVICE,
+ .instance_size = sizeof(RTCState),
+ .class_init = rtc_class_initfn,
+};
+
+static void mc146818rtc_register_types(void)
+{
+ type_register_static(&mc146818rtc_info);
+}
+
+type_init(mc146818rtc_register_types)
diff --git a/hw/timer/milkymist-sysctl.c b/hw/timer/milkymist-sysctl.c
new file mode 100644
index 000000000..94246e56f
--- /dev/null
+++ b/hw/timer/milkymist-sysctl.c
@@ -0,0 +1,342 @@
+/*
+ * QEMU model of the Milkymist System Controller.
+ *
+ * Copyright (c) 2010-2012 Michael Walle <michael@walle.cc>
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, see <http://www.gnu.org/licenses/>.
+ *
+ *
+ * Specification available at:
+ * http://www.milkymist.org/socdoc/sysctl.pdf
+ */
+
+#include "hw/hw.h"
+#include "hw/sysbus.h"
+#include "sysemu/sysemu.h"
+#include "trace.h"
+#include "qemu/timer.h"
+#include "hw/ptimer.h"
+#include "qemu/error-report.h"
+
+enum {
+ CTRL_ENABLE = (1<<0),
+ CTRL_AUTORESTART = (1<<1),
+};
+
+enum {
+ ICAP_READY = (1<<0),
+};
+
+enum {
+ R_GPIO_IN = 0,
+ R_GPIO_OUT,
+ R_GPIO_INTEN,
+ R_TIMER0_CONTROL = 4,
+ R_TIMER0_COMPARE,
+ R_TIMER0_COUNTER,
+ R_TIMER1_CONTROL = 8,
+ R_TIMER1_COMPARE,
+ R_TIMER1_COUNTER,
+ R_ICAP = 16,
+ R_DBG_SCRATCHPAD = 20,
+ R_DBG_WRITE_LOCK,
+ R_CLK_FREQUENCY = 29,
+ R_CAPABILITIES,
+ R_SYSTEM_ID,
+ R_MAX
+};
+
+#define TYPE_MILKYMIST_SYSCTL "milkymist-sysctl"
+#define MILKYMIST_SYSCTL(obj) \
+ OBJECT_CHECK(MilkymistSysctlState, (obj), TYPE_MILKYMIST_SYSCTL)
+
+struct MilkymistSysctlState {
+ SysBusDevice parent_obj;
+
+ MemoryRegion regs_region;
+
+ QEMUBH *bh0;
+ QEMUBH *bh1;
+ ptimer_state *ptimer0;
+ ptimer_state *ptimer1;
+
+ uint32_t freq_hz;
+ uint32_t capabilities;
+ uint32_t systemid;
+ uint32_t strappings;
+
+ uint32_t regs[R_MAX];
+
+ qemu_irq gpio_irq;
+ qemu_irq timer0_irq;
+ qemu_irq timer1_irq;
+};
+typedef struct MilkymistSysctlState MilkymistSysctlState;
+
+static void sysctl_icap_write(MilkymistSysctlState *s, uint32_t value)
+{
+ trace_milkymist_sysctl_icap_write(value);
+ switch (value & 0xffff) {
+ case 0x000e:
+ qemu_system_shutdown_request();
+ break;
+ }
+}
+
+static uint64_t sysctl_read(void *opaque, hwaddr addr,
+ unsigned size)
+{
+ MilkymistSysctlState *s = opaque;
+ uint32_t r = 0;
+
+ addr >>= 2;
+ switch (addr) {
+ case R_TIMER0_COUNTER:
+ r = (uint32_t)ptimer_get_count(s->ptimer0);
+ /* milkymist timer counts up */
+ r = s->regs[R_TIMER0_COMPARE] - r;
+ break;
+ case R_TIMER1_COUNTER:
+ r = (uint32_t)ptimer_get_count(s->ptimer1);
+ /* milkymist timer counts up */
+ r = s->regs[R_TIMER1_COMPARE] - r;
+ break;
+ case R_GPIO_IN:
+ case R_GPIO_OUT:
+ case R_GPIO_INTEN:
+ case R_TIMER0_CONTROL:
+ case R_TIMER0_COMPARE:
+ case R_TIMER1_CONTROL:
+ case R_TIMER1_COMPARE:
+ case R_ICAP:
+ case R_DBG_SCRATCHPAD:
+ case R_DBG_WRITE_LOCK:
+ case R_CLK_FREQUENCY:
+ case R_CAPABILITIES:
+ case R_SYSTEM_ID:
+ r = s->regs[addr];
+ break;
+
+ default:
+ error_report("milkymist_sysctl: read access to unknown register 0x"
+ TARGET_FMT_plx, addr << 2);
+ break;
+ }
+
+ trace_milkymist_sysctl_memory_read(addr << 2, r);
+
+ return r;
+}
+
+static void sysctl_write(void *opaque, hwaddr addr, uint64_t value,
+ unsigned size)
+{
+ MilkymistSysctlState *s = opaque;
+
+ trace_milkymist_sysctl_memory_write(addr, value);
+
+ addr >>= 2;
+ switch (addr) {
+ case R_GPIO_OUT:
+ case R_GPIO_INTEN:
+ case R_TIMER0_COUNTER:
+ case R_TIMER1_COUNTER:
+ case R_DBG_SCRATCHPAD:
+ s->regs[addr] = value;
+ break;
+ case R_TIMER0_COMPARE:
+ ptimer_set_limit(s->ptimer0, value, 0);
+ s->regs[addr] = value;
+ break;
+ case R_TIMER1_COMPARE:
+ ptimer_set_limit(s->ptimer1, value, 0);
+ s->regs[addr] = value;
+ break;
+ case R_TIMER0_CONTROL:
+ s->regs[addr] = value;
+ if (s->regs[R_TIMER0_CONTROL] & CTRL_ENABLE) {
+ trace_milkymist_sysctl_start_timer0();
+ ptimer_set_count(s->ptimer0,
+ s->regs[R_TIMER0_COMPARE] - s->regs[R_TIMER0_COUNTER]);
+ ptimer_run(s->ptimer0, 0);
+ } else {
+ trace_milkymist_sysctl_stop_timer0();
+ ptimer_stop(s->ptimer0);
+ }
+ break;
+ case R_TIMER1_CONTROL:
+ s->regs[addr] = value;
+ if (s->regs[R_TIMER1_CONTROL] & CTRL_ENABLE) {
+ trace_milkymist_sysctl_start_timer1();
+ ptimer_set_count(s->ptimer1,
+ s->regs[R_TIMER1_COMPARE] - s->regs[R_TIMER1_COUNTER]);
+ ptimer_run(s->ptimer1, 0);
+ } else {
+ trace_milkymist_sysctl_stop_timer1();
+ ptimer_stop(s->ptimer1);
+ }
+ break;
+ case R_ICAP:
+ sysctl_icap_write(s, value);
+ break;
+ case R_DBG_WRITE_LOCK:
+ s->regs[addr] = 1;
+ break;
+ case R_SYSTEM_ID:
+ qemu_system_reset_request();
+ break;
+
+ case R_GPIO_IN:
+ case R_CLK_FREQUENCY:
+ case R_CAPABILITIES:
+ error_report("milkymist_sysctl: write to read-only register 0x"
+ TARGET_FMT_plx, addr << 2);
+ break;
+
+ default:
+ error_report("milkymist_sysctl: write access to unknown register 0x"
+ TARGET_FMT_plx, addr << 2);
+ break;
+ }
+}
+
+static const MemoryRegionOps sysctl_mmio_ops = {
+ .read = sysctl_read,
+ .write = sysctl_write,
+ .valid = {
+ .min_access_size = 4,
+ .max_access_size = 4,
+ },
+ .endianness = DEVICE_NATIVE_ENDIAN,
+};
+
+static void timer0_hit(void *opaque)
+{
+ MilkymistSysctlState *s = opaque;
+
+ if (!(s->regs[R_TIMER0_CONTROL] & CTRL_AUTORESTART)) {
+ s->regs[R_TIMER0_CONTROL] &= ~CTRL_ENABLE;
+ trace_milkymist_sysctl_stop_timer0();
+ ptimer_stop(s->ptimer0);
+ }
+
+ trace_milkymist_sysctl_pulse_irq_timer0();
+ qemu_irq_pulse(s->timer0_irq);
+}
+
+static void timer1_hit(void *opaque)
+{
+ MilkymistSysctlState *s = opaque;
+
+ if (!(s->regs[R_TIMER1_CONTROL] & CTRL_AUTORESTART)) {
+ s->regs[R_TIMER1_CONTROL] &= ~CTRL_ENABLE;
+ trace_milkymist_sysctl_stop_timer1();
+ ptimer_stop(s->ptimer1);
+ }
+
+ trace_milkymist_sysctl_pulse_irq_timer1();
+ qemu_irq_pulse(s->timer1_irq);
+}
+
+static void milkymist_sysctl_reset(DeviceState *d)
+{
+ MilkymistSysctlState *s = MILKYMIST_SYSCTL(d);
+ int i;
+
+ for (i = 0; i < R_MAX; i++) {
+ s->regs[i] = 0;
+ }
+
+ ptimer_stop(s->ptimer0);
+ ptimer_stop(s->ptimer1);
+
+ /* defaults */
+ s->regs[R_ICAP] = ICAP_READY;
+ s->regs[R_SYSTEM_ID] = s->systemid;
+ s->regs[R_CLK_FREQUENCY] = s->freq_hz;
+ s->regs[R_CAPABILITIES] = s->capabilities;
+ s->regs[R_GPIO_IN] = s->strappings;
+}
+
+static int milkymist_sysctl_init(SysBusDevice *dev)
+{
+ MilkymistSysctlState *s = MILKYMIST_SYSCTL(dev);
+
+ sysbus_init_irq(dev, &s->gpio_irq);
+ sysbus_init_irq(dev, &s->timer0_irq);
+ sysbus_init_irq(dev, &s->timer1_irq);
+
+ s->bh0 = qemu_bh_new(timer0_hit, s);
+ s->bh1 = qemu_bh_new(timer1_hit, s);
+ s->ptimer0 = ptimer_init(s->bh0);
+ s->ptimer1 = ptimer_init(s->bh1);
+ ptimer_set_freq(s->ptimer0, s->freq_hz);
+ ptimer_set_freq(s->ptimer1, s->freq_hz);
+
+ memory_region_init_io(&s->regs_region, OBJECT(s), &sysctl_mmio_ops, s,
+ "milkymist-sysctl", R_MAX * 4);
+ sysbus_init_mmio(dev, &s->regs_region);
+
+ return 0;
+}
+
+static const VMStateDescription vmstate_milkymist_sysctl = {
+ .name = "milkymist-sysctl",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .minimum_version_id_old = 1,
+ .fields = (VMStateField[]) {
+ VMSTATE_UINT32_ARRAY(regs, MilkymistSysctlState, R_MAX),
+ VMSTATE_PTIMER(ptimer0, MilkymistSysctlState),
+ VMSTATE_PTIMER(ptimer1, MilkymistSysctlState),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+static Property milkymist_sysctl_properties[] = {
+ DEFINE_PROP_UINT32("frequency", MilkymistSysctlState,
+ freq_hz, 80000000),
+ DEFINE_PROP_UINT32("capabilities", MilkymistSysctlState,
+ capabilities, 0x00000000),
+ DEFINE_PROP_UINT32("systemid", MilkymistSysctlState,
+ systemid, 0x10014d31),
+ DEFINE_PROP_UINT32("gpio_strappings", MilkymistSysctlState,
+ strappings, 0x00000001),
+ DEFINE_PROP_END_OF_LIST(),
+};
+
+static void milkymist_sysctl_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
+
+ k->init = milkymist_sysctl_init;
+ dc->reset = milkymist_sysctl_reset;
+ dc->vmsd = &vmstate_milkymist_sysctl;
+ dc->props = milkymist_sysctl_properties;
+}
+
+static const TypeInfo milkymist_sysctl_info = {
+ .name = TYPE_MILKYMIST_SYSCTL,
+ .parent = TYPE_SYS_BUS_DEVICE,
+ .instance_size = sizeof(MilkymistSysctlState),
+ .class_init = milkymist_sysctl_class_init,
+};
+
+static void milkymist_sysctl_register_types(void)
+{
+ type_register_static(&milkymist_sysctl_info);
+}
+
+type_init(milkymist_sysctl_register_types)
diff --git a/hw/timer/omap_gptimer.c b/hw/timer/omap_gptimer.c
new file mode 100644
index 000000000..ac389d87e
--- /dev/null
+++ b/hw/timer/omap_gptimer.c
@@ -0,0 +1,488 @@
+/*
+ * TI OMAP2 general purpose timers emulation.
+ *
+ * Copyright (C) 2007-2008 Nokia Corporation
+ * Written by Andrzej Zaborowski <andrew@openedhand.com>
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License as
+ * published by the Free Software Foundation; either version 2 or
+ * (at your option) any later version of the License.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+#include "hw/hw.h"
+#include "qemu/timer.h"
+#include "hw/arm/omap.h"
+
+/* GP timers */
+struct omap_gp_timer_s {
+ MemoryRegion iomem;
+ qemu_irq irq;
+ qemu_irq wkup;
+ qemu_irq in;
+ qemu_irq out;
+ omap_clk clk;
+ QEMUTimer *timer;
+ QEMUTimer *match;
+ struct omap_target_agent_s *ta;
+
+ int in_val;
+ int out_val;
+ int64_t time;
+ int64_t rate;
+ int64_t ticks_per_sec;
+
+ int16_t config;
+ int status;
+ int it_ena;
+ int wu_ena;
+ int enable;
+ int inout;
+ int capt2;
+ int pt;
+ enum {
+ gpt_trigger_none, gpt_trigger_overflow, gpt_trigger_both
+ } trigger;
+ enum {
+ gpt_capture_none, gpt_capture_rising,
+ gpt_capture_falling, gpt_capture_both
+ } capture;
+ int scpwm;
+ int ce;
+ int pre;
+ int ptv;
+ int ar;
+ int st;
+ int posted;
+ uint32_t val;
+ uint32_t load_val;
+ uint32_t capture_val[2];
+ uint32_t match_val;
+ int capt_num;
+
+ uint16_t writeh; /* LSB */
+ uint16_t readh; /* MSB */
+};
+
+#define GPT_TCAR_IT (1 << 2)
+#define GPT_OVF_IT (1 << 1)
+#define GPT_MAT_IT (1 << 0)
+
+static inline void omap_gp_timer_intr(struct omap_gp_timer_s *timer, int it)
+{
+ if (timer->it_ena & it) {
+ if (!timer->status)
+ qemu_irq_raise(timer->irq);
+
+ timer->status |= it;
+ /* Or are the status bits set even when masked?
+ * i.e. is masking applied before or after the status register? */
+ }
+
+ if (timer->wu_ena & it)
+ qemu_irq_pulse(timer->wkup);
+}
+
+static inline void omap_gp_timer_out(struct omap_gp_timer_s *timer, int level)
+{
+ if (!timer->inout && timer->out_val != level) {
+ timer->out_val = level;
+ qemu_set_irq(timer->out, level);
+ }
+}
+
+static inline uint32_t omap_gp_timer_read(struct omap_gp_timer_s *timer)
+{
+ uint64_t distance;
+
+ if (timer->st && timer->rate) {
+ distance = qemu_get_clock_ns(vm_clock) - timer->time;
+ distance = muldiv64(distance, timer->rate, timer->ticks_per_sec);
+
+ if (distance >= 0xffffffff - timer->val)
+ return 0xffffffff;
+ else
+ return timer->val + distance;
+ } else
+ return timer->val;
+}
+
+static inline void omap_gp_timer_sync(struct omap_gp_timer_s *timer)
+{
+ if (timer->st) {
+ timer->val = omap_gp_timer_read(timer);
+ timer->time = qemu_get_clock_ns(vm_clock);
+ }
+}
+
+static inline void omap_gp_timer_update(struct omap_gp_timer_s *timer)
+{
+ int64_t expires, matches;
+
+ if (timer->st && timer->rate) {
+ expires = muldiv64(0x100000000ll - timer->val,
+ timer->ticks_per_sec, timer->rate);
+ qemu_mod_timer(timer->timer, timer->time + expires);
+
+ if (timer->ce && timer->match_val >= timer->val) {
+ matches = muldiv64(timer->match_val - timer->val,
+ timer->ticks_per_sec, timer->rate);
+ qemu_mod_timer(timer->match, timer->time + matches);
+ } else
+ qemu_del_timer(timer->match);
+ } else {
+ qemu_del_timer(timer->timer);
+ qemu_del_timer(timer->match);
+ omap_gp_timer_out(timer, timer->scpwm);
+ }
+}
+
+static inline void omap_gp_timer_trigger(struct omap_gp_timer_s *timer)
+{
+ if (timer->pt)
+ /* TODO in overflow-and-match mode if the first event to
+ * occur is the match, don't toggle. */
+ omap_gp_timer_out(timer, !timer->out_val);
+ else
+ /* TODO inverted pulse on timer->out_val == 1? */
+ qemu_irq_pulse(timer->out);
+}
+
+static void omap_gp_timer_tick(void *opaque)
+{
+ struct omap_gp_timer_s *timer = (struct omap_gp_timer_s *) opaque;
+
+ if (!timer->ar) {
+ timer->st = 0;
+ timer->val = 0;
+ } else {
+ timer->val = timer->load_val;
+ timer->time = qemu_get_clock_ns(vm_clock);
+ }
+
+ if (timer->trigger == gpt_trigger_overflow ||
+ timer->trigger == gpt_trigger_both)
+ omap_gp_timer_trigger(timer);
+
+ omap_gp_timer_intr(timer, GPT_OVF_IT);
+ omap_gp_timer_update(timer);
+}
+
+static void omap_gp_timer_match(void *opaque)
+{
+ struct omap_gp_timer_s *timer = (struct omap_gp_timer_s *) opaque;
+
+ if (timer->trigger == gpt_trigger_both)
+ omap_gp_timer_trigger(timer);
+
+ omap_gp_timer_intr(timer, GPT_MAT_IT);
+}
+
+static void omap_gp_timer_input(void *opaque, int line, int on)
+{
+ struct omap_gp_timer_s *s = (struct omap_gp_timer_s *) opaque;
+ int trigger;
+
+ switch (s->capture) {
+ default:
+ case gpt_capture_none:
+ trigger = 0;
+ break;
+ case gpt_capture_rising:
+ trigger = !s->in_val && on;
+ break;
+ case gpt_capture_falling:
+ trigger = s->in_val && !on;
+ break;
+ case gpt_capture_both:
+ trigger = (s->in_val == !on);
+ break;
+ }
+ s->in_val = on;
+
+ if (s->inout && trigger && s->capt_num < 2) {
+ s->capture_val[s->capt_num] = omap_gp_timer_read(s);
+
+ if (s->capt2 == s->capt_num ++)
+ omap_gp_timer_intr(s, GPT_TCAR_IT);
+ }
+}
+
+static void omap_gp_timer_clk_update(void *opaque, int line, int on)
+{
+ struct omap_gp_timer_s *timer = (struct omap_gp_timer_s *) opaque;
+
+ omap_gp_timer_sync(timer);
+ timer->rate = on ? omap_clk_getrate(timer->clk) : 0;
+ omap_gp_timer_update(timer);
+}
+
+static void omap_gp_timer_clk_setup(struct omap_gp_timer_s *timer)
+{
+ omap_clk_adduser(timer->clk,
+ qemu_allocate_irqs(omap_gp_timer_clk_update, timer, 1)[0]);
+ timer->rate = omap_clk_getrate(timer->clk);
+}
+
+void omap_gp_timer_reset(struct omap_gp_timer_s *s)
+{
+ s->config = 0x000;
+ s->status = 0;
+ s->it_ena = 0;
+ s->wu_ena = 0;
+ s->inout = 0;
+ s->capt2 = 0;
+ s->capt_num = 0;
+ s->pt = 0;
+ s->trigger = gpt_trigger_none;
+ s->capture = gpt_capture_none;
+ s->scpwm = 0;
+ s->ce = 0;
+ s->pre = 0;
+ s->ptv = 0;
+ s->ar = 0;
+ s->st = 0;
+ s->posted = 1;
+ s->val = 0x00000000;
+ s->load_val = 0x00000000;
+ s->capture_val[0] = 0x00000000;
+ s->capture_val[1] = 0x00000000;
+ s->match_val = 0x00000000;
+ omap_gp_timer_update(s);
+}
+
+static uint32_t omap_gp_timer_readw(void *opaque, hwaddr addr)
+{
+ struct omap_gp_timer_s *s = (struct omap_gp_timer_s *) opaque;
+
+ switch (addr) {
+ case 0x00: /* TIDR */
+ return 0x21;
+
+ case 0x10: /* TIOCP_CFG */
+ return s->config;
+
+ case 0x14: /* TISTAT */
+ /* ??? When's this bit reset? */
+ return 1; /* RESETDONE */
+
+ case 0x18: /* TISR */
+ return s->status;
+
+ case 0x1c: /* TIER */
+ return s->it_ena;
+
+ case 0x20: /* TWER */
+ return s->wu_ena;
+
+ case 0x24: /* TCLR */
+ return (s->inout << 14) |
+ (s->capt2 << 13) |
+ (s->pt << 12) |
+ (s->trigger << 10) |
+ (s->capture << 8) |
+ (s->scpwm << 7) |
+ (s->ce << 6) |
+ (s->pre << 5) |
+ (s->ptv << 2) |
+ (s->ar << 1) |
+ (s->st << 0);
+
+ case 0x28: /* TCRR */
+ return omap_gp_timer_read(s);
+
+ case 0x2c: /* TLDR */
+ return s->load_val;
+
+ case 0x30: /* TTGR */
+ return 0xffffffff;
+
+ case 0x34: /* TWPS */
+ return 0x00000000; /* No posted writes pending. */
+
+ case 0x38: /* TMAR */
+ return s->match_val;
+
+ case 0x3c: /* TCAR1 */
+ return s->capture_val[0];
+
+ case 0x40: /* TSICR */
+ return s->posted << 2;
+
+ case 0x44: /* TCAR2 */
+ return s->capture_val[1];
+ }
+
+ OMAP_BAD_REG(addr);
+ return 0;
+}
+
+static uint32_t omap_gp_timer_readh(void *opaque, hwaddr addr)
+{
+ struct omap_gp_timer_s *s = (struct omap_gp_timer_s *) opaque;
+ uint32_t ret;
+
+ if (addr & 2)
+ return s->readh;
+ else {
+ ret = omap_gp_timer_readw(opaque, addr);
+ s->readh = ret >> 16;
+ return ret & 0xffff;
+ }
+}
+
+static void omap_gp_timer_write(void *opaque, hwaddr addr,
+ uint32_t value)
+{
+ struct omap_gp_timer_s *s = (struct omap_gp_timer_s *) opaque;
+
+ switch (addr) {
+ case 0x00: /* TIDR */
+ case 0x14: /* TISTAT */
+ case 0x34: /* TWPS */
+ case 0x3c: /* TCAR1 */
+ case 0x44: /* TCAR2 */
+ OMAP_RO_REG(addr);
+ break;
+
+ case 0x10: /* TIOCP_CFG */
+ s->config = value & 0x33d;
+ if (((value >> 3) & 3) == 3) /* IDLEMODE */
+ fprintf(stderr, "%s: illegal IDLEMODE value in TIOCP_CFG\n",
+ __FUNCTION__);
+ if (value & 2) /* SOFTRESET */
+ omap_gp_timer_reset(s);
+ break;
+
+ case 0x18: /* TISR */
+ if (value & GPT_TCAR_IT)
+ s->capt_num = 0;
+ if (s->status && !(s->status &= ~value))
+ qemu_irq_lower(s->irq);
+ break;
+
+ case 0x1c: /* TIER */
+ s->it_ena = value & 7;
+ break;
+
+ case 0x20: /* TWER */
+ s->wu_ena = value & 7;
+ break;
+
+ case 0x24: /* TCLR */
+ omap_gp_timer_sync(s);
+ s->inout = (value >> 14) & 1;
+ s->capt2 = (value >> 13) & 1;
+ s->pt = (value >> 12) & 1;
+ s->trigger = (value >> 10) & 3;
+ if (s->capture == gpt_capture_none &&
+ ((value >> 8) & 3) != gpt_capture_none)
+ s->capt_num = 0;
+ s->capture = (value >> 8) & 3;
+ s->scpwm = (value >> 7) & 1;
+ s->ce = (value >> 6) & 1;
+ s->pre = (value >> 5) & 1;
+ s->ptv = (value >> 2) & 7;
+ s->ar = (value >> 1) & 1;
+ s->st = (value >> 0) & 1;
+ if (s->inout && s->trigger != gpt_trigger_none)
+ fprintf(stderr, "%s: GP timer pin must be an output "
+ "for this trigger mode\n", __FUNCTION__);
+ if (!s->inout && s->capture != gpt_capture_none)
+ fprintf(stderr, "%s: GP timer pin must be an input "
+ "for this capture mode\n", __FUNCTION__);
+ if (s->trigger == gpt_trigger_none)
+ omap_gp_timer_out(s, s->scpwm);
+ /* TODO: make sure this doesn't overflow 32-bits */
+ s->ticks_per_sec = get_ticks_per_sec() << (s->pre ? s->ptv + 1 : 0);
+ omap_gp_timer_update(s);
+ break;
+
+ case 0x28: /* TCRR */
+ s->time = qemu_get_clock_ns(vm_clock);
+ s->val = value;
+ omap_gp_timer_update(s);
+ break;
+
+ case 0x2c: /* TLDR */
+ s->load_val = value;
+ break;
+
+ case 0x30: /* TTGR */
+ s->time = qemu_get_clock_ns(vm_clock);
+ s->val = s->load_val;
+ omap_gp_timer_update(s);
+ break;
+
+ case 0x38: /* TMAR */
+ omap_gp_timer_sync(s);
+ s->match_val = value;
+ omap_gp_timer_update(s);
+ break;
+
+ case 0x40: /* TSICR */
+ s->posted = (value >> 2) & 1;
+ if (value & 2) /* How much exactly are we supposed to reset? */
+ omap_gp_timer_reset(s);
+ break;
+
+ default:
+ OMAP_BAD_REG(addr);
+ }
+}
+
+static void omap_gp_timer_writeh(void *opaque, hwaddr addr,
+ uint32_t value)
+{
+ struct omap_gp_timer_s *s = (struct omap_gp_timer_s *) opaque;
+
+ if (addr & 2)
+ return omap_gp_timer_write(opaque, addr, (value << 16) | s->writeh);
+ else
+ s->writeh = (uint16_t) value;
+}
+
+static const MemoryRegionOps omap_gp_timer_ops = {
+ .old_mmio = {
+ .read = {
+ omap_badwidth_read32,
+ omap_gp_timer_readh,
+ omap_gp_timer_readw,
+ },
+ .write = {
+ omap_badwidth_write32,
+ omap_gp_timer_writeh,
+ omap_gp_timer_write,
+ },
+ },
+ .endianness = DEVICE_NATIVE_ENDIAN,
+};
+
+struct omap_gp_timer_s *omap_gp_timer_init(struct omap_target_agent_s *ta,
+ qemu_irq irq, omap_clk fclk, omap_clk iclk)
+{
+ struct omap_gp_timer_s *s = (struct omap_gp_timer_s *)
+ g_malloc0(sizeof(struct omap_gp_timer_s));
+
+ s->ta = ta;
+ s->irq = irq;
+ s->clk = fclk;
+ s->timer = qemu_new_timer_ns(vm_clock, omap_gp_timer_tick, s);
+ s->match = qemu_new_timer_ns(vm_clock, omap_gp_timer_match, s);
+ s->in = qemu_allocate_irqs(omap_gp_timer_input, s, 1)[0];
+ omap_gp_timer_reset(s);
+ omap_gp_timer_clk_setup(s);
+
+ memory_region_init_io(&s->iomem, NULL, &omap_gp_timer_ops, s, "omap.gptimer",
+ omap_l4_region_size(ta, 0));
+ omap_l4_attach(ta, 0, &s->iomem);
+
+ return s;
+}
diff --git a/hw/timer/omap_synctimer.c b/hw/timer/omap_synctimer.c
new file mode 100644
index 000000000..a12aca20d
--- /dev/null
+++ b/hw/timer/omap_synctimer.c
@@ -0,0 +1,102 @@
+/*
+ * TI OMAP2 32kHz sync timer emulation.
+ *
+ * Copyright (C) 2007-2008 Nokia Corporation
+ * Written by Andrzej Zaborowski <andrew@openedhand.com>
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License as
+ * published by the Free Software Foundation; either version 2 or
+ * (at your option) any later version of the License.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+#include "hw/hw.h"
+#include "qemu/timer.h"
+#include "hw/arm/omap.h"
+struct omap_synctimer_s {
+ MemoryRegion iomem;
+ uint32_t val;
+ uint16_t readh;
+};
+
+/* 32-kHz Sync Timer of the OMAP2 */
+static uint32_t omap_synctimer_read(struct omap_synctimer_s *s) {
+ return muldiv64(qemu_get_clock_ns(vm_clock), 0x8000, get_ticks_per_sec());
+}
+
+void omap_synctimer_reset(struct omap_synctimer_s *s)
+{
+ s->val = omap_synctimer_read(s);
+}
+
+static uint32_t omap_synctimer_readw(void *opaque, hwaddr addr)
+{
+ struct omap_synctimer_s *s = (struct omap_synctimer_s *) opaque;
+
+ switch (addr) {
+ case 0x00: /* 32KSYNCNT_REV */
+ return 0x21;
+
+ case 0x10: /* CR */
+ return omap_synctimer_read(s) - s->val;
+ }
+
+ OMAP_BAD_REG(addr);
+ return 0;
+}
+
+static uint32_t omap_synctimer_readh(void *opaque, hwaddr addr)
+{
+ struct omap_synctimer_s *s = (struct omap_synctimer_s *) opaque;
+ uint32_t ret;
+
+ if (addr & 2)
+ return s->readh;
+ else {
+ ret = omap_synctimer_readw(opaque, addr);
+ s->readh = ret >> 16;
+ return ret & 0xffff;
+ }
+}
+
+static void omap_synctimer_write(void *opaque, hwaddr addr,
+ uint32_t value)
+{
+ OMAP_BAD_REG(addr);
+}
+
+static const MemoryRegionOps omap_synctimer_ops = {
+ .old_mmio = {
+ .read = {
+ omap_badwidth_read32,
+ omap_synctimer_readh,
+ omap_synctimer_readw,
+ },
+ .write = {
+ omap_badwidth_write32,
+ omap_synctimer_write,
+ omap_synctimer_write,
+ },
+ },
+ .endianness = DEVICE_NATIVE_ENDIAN,
+};
+
+struct omap_synctimer_s *omap_synctimer_init(struct omap_target_agent_s *ta,
+ struct omap_mpu_state_s *mpu, omap_clk fclk, omap_clk iclk)
+{
+ struct omap_synctimer_s *s = g_malloc0(sizeof(*s));
+
+ omap_synctimer_reset(s);
+ memory_region_init_io(&s->iomem, NULL, &omap_synctimer_ops, s, "omap.synctimer",
+ omap_l4_region_size(ta, 0));
+ omap_l4_attach(ta, 0, &s->iomem);
+
+ return s;
+}
diff --git a/hw/timer/pl031.c b/hw/timer/pl031.c
new file mode 100644
index 000000000..d5e2f3e26
--- /dev/null
+++ b/hw/timer/pl031.c
@@ -0,0 +1,269 @@
+/*
+ * ARM AMBA PrimeCell PL031 RTC
+ *
+ * Copyright (c) 2007 CodeSourcery
+ *
+ * This file is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Contributions after 2012-01-13 are licensed under the terms of the
+ * GNU GPL, version 2 or (at your option) any later version.
+ */
+
+#include "hw/sysbus.h"
+#include "qemu/timer.h"
+#include "sysemu/sysemu.h"
+
+//#define DEBUG_PL031
+
+#ifdef DEBUG_PL031
+#define DPRINTF(fmt, ...) \
+do { printf("pl031: " fmt , ## __VA_ARGS__); } while (0)
+#else
+#define DPRINTF(fmt, ...) do {} while(0)
+#endif
+
+#define RTC_DR 0x00 /* Data read register */
+#define RTC_MR 0x04 /* Match register */
+#define RTC_LR 0x08 /* Data load register */
+#define RTC_CR 0x0c /* Control register */
+#define RTC_IMSC 0x10 /* Interrupt mask and set register */
+#define RTC_RIS 0x14 /* Raw interrupt status register */
+#define RTC_MIS 0x18 /* Masked interrupt status register */
+#define RTC_ICR 0x1c /* Interrupt clear register */
+
+#define TYPE_PL031 "pl031"
+#define PL031(obj) OBJECT_CHECK(PL031State, (obj), TYPE_PL031)
+
+typedef struct PL031State {
+ SysBusDevice parent_obj;
+
+ MemoryRegion iomem;
+ QEMUTimer *timer;
+ qemu_irq irq;
+
+ /* Needed to preserve the tick_count across migration, even if the
+ * absolute value of the rtc_clock is different on the source and
+ * destination.
+ */
+ uint32_t tick_offset_vmstate;
+ uint32_t tick_offset;
+
+ uint32_t mr;
+ uint32_t lr;
+ uint32_t cr;
+ uint32_t im;
+ uint32_t is;
+} PL031State;
+
+static const unsigned char pl031_id[] = {
+ 0x31, 0x10, 0x14, 0x00, /* Device ID */
+ 0x0d, 0xf0, 0x05, 0xb1 /* Cell ID */
+};
+
+static void pl031_update(PL031State *s)
+{
+ qemu_set_irq(s->irq, s->is & s->im);
+}
+
+static void pl031_interrupt(void * opaque)
+{
+ PL031State *s = (PL031State *)opaque;
+
+ s->is = 1;
+ DPRINTF("Alarm raised\n");
+ pl031_update(s);
+}
+
+static uint32_t pl031_get_count(PL031State *s)
+{
+ int64_t now = qemu_get_clock_ns(rtc_clock);
+ return s->tick_offset + now / get_ticks_per_sec();
+}
+
+static void pl031_set_alarm(PL031State *s)
+{
+ uint32_t ticks;
+
+ /* The timer wraps around. This subtraction also wraps in the same way,
+ and gives correct results when alarm < now_ticks. */
+ ticks = s->mr - pl031_get_count(s);
+ DPRINTF("Alarm set in %ud ticks\n", ticks);
+ if (ticks == 0) {
+ qemu_del_timer(s->timer);
+ pl031_interrupt(s);
+ } else {
+ int64_t now = qemu_get_clock_ns(rtc_clock);
+ qemu_mod_timer(s->timer, now + (int64_t)ticks * get_ticks_per_sec());
+ }
+}
+
+static uint64_t pl031_read(void *opaque, hwaddr offset,
+ unsigned size)
+{
+ PL031State *s = (PL031State *)opaque;
+
+ if (offset >= 0xfe0 && offset < 0x1000)
+ return pl031_id[(offset - 0xfe0) >> 2];
+
+ switch (offset) {
+ case RTC_DR:
+ return pl031_get_count(s);
+ case RTC_MR:
+ return s->mr;
+ case RTC_IMSC:
+ return s->im;
+ case RTC_RIS:
+ return s->is;
+ case RTC_LR:
+ return s->lr;
+ case RTC_CR:
+ /* RTC is permanently enabled. */
+ return 1;
+ case RTC_MIS:
+ return s->is & s->im;
+ case RTC_ICR:
+ qemu_log_mask(LOG_GUEST_ERROR,
+ "pl031: read of write-only register at offset 0x%x\n",
+ (int)offset);
+ break;
+ default:
+ qemu_log_mask(LOG_GUEST_ERROR,
+ "pl031_read: Bad offset 0x%x\n", (int)offset);
+ break;
+ }
+
+ return 0;
+}
+
+static void pl031_write(void * opaque, hwaddr offset,
+ uint64_t value, unsigned size)
+{
+ PL031State *s = (PL031State *)opaque;
+
+
+ switch (offset) {
+ case RTC_LR:
+ s->tick_offset += value - pl031_get_count(s);
+ pl031_set_alarm(s);
+ break;
+ case RTC_MR:
+ s->mr = value;
+ pl031_set_alarm(s);
+ break;
+ case RTC_IMSC:
+ s->im = value & 1;
+ DPRINTF("Interrupt mask %d\n", s->im);
+ pl031_update(s);
+ break;
+ case RTC_ICR:
+ /* The PL031 documentation (DDI0224B) states that the interrupt is
+ cleared when bit 0 of the written value is set. However the
+ arm926e documentation (DDI0287B) states that the interrupt is
+ cleared when any value is written. */
+ DPRINTF("Interrupt cleared");
+ s->is = 0;
+ pl031_update(s);
+ break;
+ case RTC_CR:
+ /* Written value is ignored. */
+ break;
+
+ case RTC_DR:
+ case RTC_MIS:
+ case RTC_RIS:
+ qemu_log_mask(LOG_GUEST_ERROR,
+ "pl031: write to read-only register at offset 0x%x\n",
+ (int)offset);
+ break;
+
+ default:
+ qemu_log_mask(LOG_GUEST_ERROR,
+ "pl031_write: Bad offset 0x%x\n", (int)offset);
+ break;
+ }
+}
+
+static const MemoryRegionOps pl031_ops = {
+ .read = pl031_read,
+ .write = pl031_write,
+ .endianness = DEVICE_NATIVE_ENDIAN,
+};
+
+static int pl031_init(SysBusDevice *dev)
+{
+ PL031State *s = PL031(dev);
+ struct tm tm;
+
+ memory_region_init_io(&s->iomem, OBJECT(s), &pl031_ops, s, "pl031", 0x1000);
+ sysbus_init_mmio(dev, &s->iomem);
+
+ sysbus_init_irq(dev, &s->irq);
+ qemu_get_timedate(&tm, 0);
+ s->tick_offset = mktimegm(&tm) - qemu_get_clock_ns(rtc_clock) / get_ticks_per_sec();
+
+ s->timer = qemu_new_timer_ns(rtc_clock, pl031_interrupt, s);
+ return 0;
+}
+
+static void pl031_pre_save(void *opaque)
+{
+ PL031State *s = opaque;
+
+ /* tick_offset is base_time - rtc_clock base time. Instead, we want to
+ * store the base time relative to the vm_clock for backwards-compatibility. */
+ int64_t delta = qemu_get_clock_ns(rtc_clock) - qemu_get_clock_ns(vm_clock);
+ s->tick_offset_vmstate = s->tick_offset + delta / get_ticks_per_sec();
+}
+
+static int pl031_post_load(void *opaque, int version_id)
+{
+ PL031State *s = opaque;
+
+ int64_t delta = qemu_get_clock_ns(rtc_clock) - qemu_get_clock_ns(vm_clock);
+ s->tick_offset = s->tick_offset_vmstate - delta / get_ticks_per_sec();
+ pl031_set_alarm(s);
+ return 0;
+}
+
+static const VMStateDescription vmstate_pl031 = {
+ .name = "pl031",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .pre_save = pl031_pre_save,
+ .post_load = pl031_post_load,
+ .fields = (VMStateField[]) {
+ VMSTATE_UINT32(tick_offset_vmstate, PL031State),
+ VMSTATE_UINT32(mr, PL031State),
+ VMSTATE_UINT32(lr, PL031State),
+ VMSTATE_UINT32(cr, PL031State),
+ VMSTATE_UINT32(im, PL031State),
+ VMSTATE_UINT32(is, PL031State),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+static void pl031_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
+
+ k->init = pl031_init;
+ dc->no_user = 1;
+ dc->vmsd = &vmstate_pl031;
+}
+
+static const TypeInfo pl031_info = {
+ .name = TYPE_PL031,
+ .parent = TYPE_SYS_BUS_DEVICE,
+ .instance_size = sizeof(PL031State),
+ .class_init = pl031_class_init,
+};
+
+static void pl031_register_types(void)
+{
+ type_register_static(&pl031_info);
+}
+
+type_init(pl031_register_types)
diff --git a/hw/timer/puv3_ost.c b/hw/timer/puv3_ost.c
new file mode 100644
index 000000000..4bd2b76cb
--- /dev/null
+++ b/hw/timer/puv3_ost.c
@@ -0,0 +1,155 @@
+/*
+ * OSTimer device simulation in PKUnity SoC
+ *
+ * Copyright (C) 2010-2012 Guan Xuetao
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation, or any later version.
+ * See the COPYING file in the top-level directory.
+ */
+#include "hw/sysbus.h"
+#include "hw/ptimer.h"
+
+#undef DEBUG_PUV3
+#include "hw/unicore32/puv3.h"
+
+#define TYPE_PUV3_OST "puv3_ost"
+#define PUV3_OST(obj) OBJECT_CHECK(PUV3OSTState, (obj), TYPE_PUV3_OST)
+
+/* puv3 ostimer implementation. */
+typedef struct PUV3OSTState {
+ SysBusDevice parent_obj;
+
+ MemoryRegion iomem;
+ QEMUBH *bh;
+ qemu_irq irq;
+ ptimer_state *ptimer;
+
+ uint32_t reg_OSMR0;
+ uint32_t reg_OSCR;
+ uint32_t reg_OSSR;
+ uint32_t reg_OIER;
+} PUV3OSTState;
+
+static uint64_t puv3_ost_read(void *opaque, hwaddr offset,
+ unsigned size)
+{
+ PUV3OSTState *s = opaque;
+ uint32_t ret = 0;
+
+ switch (offset) {
+ case 0x10: /* Counter Register */
+ ret = s->reg_OSMR0 - (uint32_t)ptimer_get_count(s->ptimer);
+ break;
+ case 0x14: /* Status Register */
+ ret = s->reg_OSSR;
+ break;
+ case 0x1c: /* Interrupt Enable Register */
+ ret = s->reg_OIER;
+ break;
+ default:
+ DPRINTF("Bad offset %x\n", (int)offset);
+ }
+ DPRINTF("offset 0x%x, value 0x%x\n", offset, ret);
+ return ret;
+}
+
+static void puv3_ost_write(void *opaque, hwaddr offset,
+ uint64_t value, unsigned size)
+{
+ PUV3OSTState *s = opaque;
+
+ DPRINTF("offset 0x%x, value 0x%x\n", offset, value);
+ switch (offset) {
+ case 0x00: /* Match Register 0 */
+ s->reg_OSMR0 = value;
+ if (s->reg_OSMR0 > s->reg_OSCR) {
+ ptimer_set_count(s->ptimer, s->reg_OSMR0 - s->reg_OSCR);
+ } else {
+ ptimer_set_count(s->ptimer, s->reg_OSMR0 +
+ (0xffffffff - s->reg_OSCR));
+ }
+ ptimer_run(s->ptimer, 2);
+ break;
+ case 0x14: /* Status Register */
+ assert(value == 0);
+ if (s->reg_OSSR) {
+ s->reg_OSSR = value;
+ qemu_irq_lower(s->irq);
+ }
+ break;
+ case 0x1c: /* Interrupt Enable Register */
+ s->reg_OIER = value;
+ break;
+ default:
+ DPRINTF("Bad offset %x\n", (int)offset);
+ }
+}
+
+static const MemoryRegionOps puv3_ost_ops = {
+ .read = puv3_ost_read,
+ .write = puv3_ost_write,
+ .impl = {
+ .min_access_size = 4,
+ .max_access_size = 4,
+ },
+ .endianness = DEVICE_NATIVE_ENDIAN,
+};
+
+static void puv3_ost_tick(void *opaque)
+{
+ PUV3OSTState *s = opaque;
+
+ DPRINTF("ost hit when ptimer counter from 0x%x to 0x%x!\n",
+ s->reg_OSCR, s->reg_OSMR0);
+
+ s->reg_OSCR = s->reg_OSMR0;
+ if (s->reg_OIER) {
+ s->reg_OSSR = 1;
+ qemu_irq_raise(s->irq);
+ }
+}
+
+static int puv3_ost_init(SysBusDevice *dev)
+{
+ PUV3OSTState *s = PUV3_OST(dev);
+
+ s->reg_OIER = 0;
+ s->reg_OSSR = 0;
+ s->reg_OSMR0 = 0;
+ s->reg_OSCR = 0;
+
+ sysbus_init_irq(dev, &s->irq);
+
+ s->bh = qemu_bh_new(puv3_ost_tick, s);
+ s->ptimer = ptimer_init(s->bh);
+ ptimer_set_freq(s->ptimer, 50 * 1000 * 1000);
+
+ memory_region_init_io(&s->iomem, OBJECT(s), &puv3_ost_ops, s, "puv3_ost",
+ PUV3_REGS_OFFSET);
+ sysbus_init_mmio(dev, &s->iomem);
+
+ return 0;
+}
+
+static void puv3_ost_class_init(ObjectClass *klass, void *data)
+{
+ SysBusDeviceClass *sdc = SYS_BUS_DEVICE_CLASS(klass);
+
+ sdc->init = puv3_ost_init;
+}
+
+static const TypeInfo puv3_ost_info = {
+ .name = TYPE_PUV3_OST,
+ .parent = TYPE_SYS_BUS_DEVICE,
+ .instance_size = sizeof(PUV3OSTState),
+ .class_init = puv3_ost_class_init,
+};
+
+static void puv3_ost_register_type(void)
+{
+ type_register_static(&puv3_ost_info);
+}
+
+type_init(puv3_ost_register_type)
diff --git a/hw/timer/pxa2xx_timer.c b/hw/timer/pxa2xx_timer.c
new file mode 100644
index 000000000..cdabccdd1
--- /dev/null
+++ b/hw/timer/pxa2xx_timer.c
@@ -0,0 +1,599 @@
+/*
+ * Intel XScale PXA255/270 OS Timers.
+ *
+ * Copyright (c) 2006 Openedhand Ltd.
+ * Copyright (c) 2006 Thorsten Zitterell
+ *
+ * This code is licensed under the GPL.
+ */
+
+#include "hw/hw.h"
+#include "qemu/timer.h"
+#include "sysemu/sysemu.h"
+#include "hw/arm/pxa.h"
+#include "hw/sysbus.h"
+
+#define OSMR0 0x00
+#define OSMR1 0x04
+#define OSMR2 0x08
+#define OSMR3 0x0c
+#define OSMR4 0x80
+#define OSMR5 0x84
+#define OSMR6 0x88
+#define OSMR7 0x8c
+#define OSMR8 0x90
+#define OSMR9 0x94
+#define OSMR10 0x98
+#define OSMR11 0x9c
+#define OSCR 0x10 /* OS Timer Count */
+#define OSCR4 0x40
+#define OSCR5 0x44
+#define OSCR6 0x48
+#define OSCR7 0x4c
+#define OSCR8 0x50
+#define OSCR9 0x54
+#define OSCR10 0x58
+#define OSCR11 0x5c
+#define OSSR 0x14 /* Timer status register */
+#define OWER 0x18
+#define OIER 0x1c /* Interrupt enable register 3-0 to E3-E0 */
+#define OMCR4 0xc0 /* OS Match Control registers */
+#define OMCR5 0xc4
+#define OMCR6 0xc8
+#define OMCR7 0xcc
+#define OMCR8 0xd0
+#define OMCR9 0xd4
+#define OMCR10 0xd8
+#define OMCR11 0xdc
+#define OSNR 0x20
+
+#define PXA25X_FREQ 3686400 /* 3.6864 MHz */
+#define PXA27X_FREQ 3250000 /* 3.25 MHz */
+
+static int pxa2xx_timer4_freq[8] = {
+ [0] = 0,
+ [1] = 32768,
+ [2] = 1000,
+ [3] = 1,
+ [4] = 1000000,
+ /* [5] is the "Externally supplied clock". Assign if necessary. */
+ [5 ... 7] = 0,
+};
+
+#define TYPE_PXA2XX_TIMER "pxa2xx-timer"
+#define PXA2XX_TIMER(obj) \
+ OBJECT_CHECK(PXA2xxTimerInfo, (obj), TYPE_PXA2XX_TIMER)
+
+typedef struct PXA2xxTimerInfo PXA2xxTimerInfo;
+
+typedef struct {
+ uint32_t value;
+ qemu_irq irq;
+ QEMUTimer *qtimer;
+ int num;
+ PXA2xxTimerInfo *info;
+} PXA2xxTimer0;
+
+typedef struct {
+ PXA2xxTimer0 tm;
+ int32_t oldclock;
+ int32_t clock;
+ uint64_t lastload;
+ uint32_t freq;
+ uint32_t control;
+} PXA2xxTimer4;
+
+struct PXA2xxTimerInfo {
+ SysBusDevice parent_obj;
+
+ MemoryRegion iomem;
+ uint32_t flags;
+
+ int32_t clock;
+ int32_t oldclock;
+ uint64_t lastload;
+ uint32_t freq;
+ PXA2xxTimer0 timer[4];
+ uint32_t events;
+ uint32_t irq_enabled;
+ uint32_t reset3;
+ uint32_t snapshot;
+
+ qemu_irq irq4;
+ PXA2xxTimer4 tm4[8];
+};
+
+#define PXA2XX_TIMER_HAVE_TM4 0
+
+static inline int pxa2xx_timer_has_tm4(PXA2xxTimerInfo *s)
+{
+ return s->flags & (1 << PXA2XX_TIMER_HAVE_TM4);
+}
+
+static void pxa2xx_timer_update(void *opaque, uint64_t now_qemu)
+{
+ PXA2xxTimerInfo *s = (PXA2xxTimerInfo *) opaque;
+ int i;
+ uint32_t now_vm;
+ uint64_t new_qemu;
+
+ now_vm = s->clock +
+ muldiv64(now_qemu - s->lastload, s->freq, get_ticks_per_sec());
+
+ for (i = 0; i < 4; i ++) {
+ new_qemu = now_qemu + muldiv64((uint32_t) (s->timer[i].value - now_vm),
+ get_ticks_per_sec(), s->freq);
+ qemu_mod_timer(s->timer[i].qtimer, new_qemu);
+ }
+}
+
+static void pxa2xx_timer_update4(void *opaque, uint64_t now_qemu, int n)
+{
+ PXA2xxTimerInfo *s = (PXA2xxTimerInfo *) opaque;
+ uint32_t now_vm;
+ uint64_t new_qemu;
+ static const int counters[8] = { 0, 0, 0, 0, 4, 4, 6, 6 };
+ int counter;
+
+ if (s->tm4[n].control & (1 << 7))
+ counter = n;
+ else
+ counter = counters[n];
+
+ if (!s->tm4[counter].freq) {
+ qemu_del_timer(s->tm4[n].tm.qtimer);
+ return;
+ }
+
+ now_vm = s->tm4[counter].clock + muldiv64(now_qemu -
+ s->tm4[counter].lastload,
+ s->tm4[counter].freq, get_ticks_per_sec());
+
+ new_qemu = now_qemu + muldiv64((uint32_t) (s->tm4[n].tm.value - now_vm),
+ get_ticks_per_sec(), s->tm4[counter].freq);
+ qemu_mod_timer(s->tm4[n].tm.qtimer, new_qemu);
+}
+
+static uint64_t pxa2xx_timer_read(void *opaque, hwaddr offset,
+ unsigned size)
+{
+ PXA2xxTimerInfo *s = (PXA2xxTimerInfo *) opaque;
+ int tm = 0;
+
+ switch (offset) {
+ case OSMR3: tm ++;
+ /* fall through */
+ case OSMR2: tm ++;
+ /* fall through */
+ case OSMR1: tm ++;
+ /* fall through */
+ case OSMR0:
+ return s->timer[tm].value;
+ case OSMR11: tm ++;
+ /* fall through */
+ case OSMR10: tm ++;
+ /* fall through */
+ case OSMR9: tm ++;
+ /* fall through */
+ case OSMR8: tm ++;
+ /* fall through */
+ case OSMR7: tm ++;
+ /* fall through */
+ case OSMR6: tm ++;
+ /* fall through */
+ case OSMR5: tm ++;
+ /* fall through */
+ case OSMR4:
+ if (!pxa2xx_timer_has_tm4(s))
+ goto badreg;
+ return s->tm4[tm].tm.value;
+ case OSCR:
+ return s->clock + muldiv64(qemu_get_clock_ns(vm_clock) -
+ s->lastload, s->freq, get_ticks_per_sec());
+ case OSCR11: tm ++;
+ /* fall through */
+ case OSCR10: tm ++;
+ /* fall through */
+ case OSCR9: tm ++;
+ /* fall through */
+ case OSCR8: tm ++;
+ /* fall through */
+ case OSCR7: tm ++;
+ /* fall through */
+ case OSCR6: tm ++;
+ /* fall through */
+ case OSCR5: tm ++;
+ /* fall through */
+ case OSCR4:
+ if (!pxa2xx_timer_has_tm4(s))
+ goto badreg;
+
+ if ((tm == 9 - 4 || tm == 11 - 4) && (s->tm4[tm].control & (1 << 9))) {
+ if (s->tm4[tm - 1].freq)
+ s->snapshot = s->tm4[tm - 1].clock + muldiv64(
+ qemu_get_clock_ns(vm_clock) -
+ s->tm4[tm - 1].lastload,
+ s->tm4[tm - 1].freq, get_ticks_per_sec());
+ else
+ s->snapshot = s->tm4[tm - 1].clock;
+ }
+
+ if (!s->tm4[tm].freq)
+ return s->tm4[tm].clock;
+ return s->tm4[tm].clock + muldiv64(qemu_get_clock_ns(vm_clock) -
+ s->tm4[tm].lastload, s->tm4[tm].freq, get_ticks_per_sec());
+ case OIER:
+ return s->irq_enabled;
+ case OSSR: /* Status register */
+ return s->events;
+ case OWER:
+ return s->reset3;
+ case OMCR11: tm ++;
+ /* fall through */
+ case OMCR10: tm ++;
+ /* fall through */
+ case OMCR9: tm ++;
+ /* fall through */
+ case OMCR8: tm ++;
+ /* fall through */
+ case OMCR7: tm ++;
+ /* fall through */
+ case OMCR6: tm ++;
+ /* fall through */
+ case OMCR5: tm ++;
+ /* fall through */
+ case OMCR4:
+ if (!pxa2xx_timer_has_tm4(s))
+ goto badreg;
+ return s->tm4[tm].control;
+ case OSNR:
+ return s->snapshot;
+ default:
+ badreg:
+ hw_error("pxa2xx_timer_read: Bad offset " REG_FMT "\n", offset);
+ }
+
+ return 0;
+}
+
+static void pxa2xx_timer_write(void *opaque, hwaddr offset,
+ uint64_t value, unsigned size)
+{
+ int i, tm = 0;
+ PXA2xxTimerInfo *s = (PXA2xxTimerInfo *) opaque;
+
+ switch (offset) {
+ case OSMR3: tm ++;
+ /* fall through */
+ case OSMR2: tm ++;
+ /* fall through */
+ case OSMR1: tm ++;
+ /* fall through */
+ case OSMR0:
+ s->timer[tm].value = value;
+ pxa2xx_timer_update(s, qemu_get_clock_ns(vm_clock));
+ break;
+ case OSMR11: tm ++;
+ /* fall through */
+ case OSMR10: tm ++;
+ /* fall through */
+ case OSMR9: tm ++;
+ /* fall through */
+ case OSMR8: tm ++;
+ /* fall through */
+ case OSMR7: tm ++;
+ /* fall through */
+ case OSMR6: tm ++;
+ /* fall through */
+ case OSMR5: tm ++;
+ /* fall through */
+ case OSMR4:
+ if (!pxa2xx_timer_has_tm4(s))
+ goto badreg;
+ s->tm4[tm].tm.value = value;
+ pxa2xx_timer_update4(s, qemu_get_clock_ns(vm_clock), tm);
+ break;
+ case OSCR:
+ s->oldclock = s->clock;
+ s->lastload = qemu_get_clock_ns(vm_clock);
+ s->clock = value;
+ pxa2xx_timer_update(s, s->lastload);
+ break;
+ case OSCR11: tm ++;
+ /* fall through */
+ case OSCR10: tm ++;
+ /* fall through */
+ case OSCR9: tm ++;
+ /* fall through */
+ case OSCR8: tm ++;
+ /* fall through */
+ case OSCR7: tm ++;
+ /* fall through */
+ case OSCR6: tm ++;
+ /* fall through */
+ case OSCR5: tm ++;
+ /* fall through */
+ case OSCR4:
+ if (!pxa2xx_timer_has_tm4(s))
+ goto badreg;
+ s->tm4[tm].oldclock = s->tm4[tm].clock;
+ s->tm4[tm].lastload = qemu_get_clock_ns(vm_clock);
+ s->tm4[tm].clock = value;
+ pxa2xx_timer_update4(s, s->tm4[tm].lastload, tm);
+ break;
+ case OIER:
+ s->irq_enabled = value & 0xfff;
+ break;
+ case OSSR: /* Status register */
+ value &= s->events;
+ s->events &= ~value;
+ for (i = 0; i < 4; i ++, value >>= 1)
+ if (value & 1)
+ qemu_irq_lower(s->timer[i].irq);
+ if (pxa2xx_timer_has_tm4(s) && !(s->events & 0xff0) && value)
+ qemu_irq_lower(s->irq4);
+ break;
+ case OWER: /* XXX: Reset on OSMR3 match? */
+ s->reset3 = value;
+ break;
+ case OMCR7: tm ++;
+ /* fall through */
+ case OMCR6: tm ++;
+ /* fall through */
+ case OMCR5: tm ++;
+ /* fall through */
+ case OMCR4:
+ if (!pxa2xx_timer_has_tm4(s))
+ goto badreg;
+ s->tm4[tm].control = value & 0x0ff;
+ /* XXX Stop if running (shouldn't happen) */
+ if ((value & (1 << 7)) || tm == 0)
+ s->tm4[tm].freq = pxa2xx_timer4_freq[value & 7];
+ else {
+ s->tm4[tm].freq = 0;
+ pxa2xx_timer_update4(s, qemu_get_clock_ns(vm_clock), tm);
+ }
+ break;
+ case OMCR11: tm ++;
+ /* fall through */
+ case OMCR10: tm ++;
+ /* fall through */
+ case OMCR9: tm ++;
+ /* fall through */
+ case OMCR8: tm += 4;
+ if (!pxa2xx_timer_has_tm4(s))
+ goto badreg;
+ s->tm4[tm].control = value & 0x3ff;
+ /* XXX Stop if running (shouldn't happen) */
+ if ((value & (1 << 7)) || !(tm & 1))
+ s->tm4[tm].freq =
+ pxa2xx_timer4_freq[(value & (1 << 8)) ? 0 : (value & 7)];
+ else {
+ s->tm4[tm].freq = 0;
+ pxa2xx_timer_update4(s, qemu_get_clock_ns(vm_clock), tm);
+ }
+ break;
+ default:
+ badreg:
+ hw_error("pxa2xx_timer_write: Bad offset " REG_FMT "\n", offset);
+ }
+}
+
+static const MemoryRegionOps pxa2xx_timer_ops = {
+ .read = pxa2xx_timer_read,
+ .write = pxa2xx_timer_write,
+ .endianness = DEVICE_NATIVE_ENDIAN,
+};
+
+static void pxa2xx_timer_tick(void *opaque)
+{
+ PXA2xxTimer0 *t = (PXA2xxTimer0 *) opaque;
+ PXA2xxTimerInfo *i = t->info;
+
+ if (i->irq_enabled & (1 << t->num)) {
+ i->events |= 1 << t->num;
+ qemu_irq_raise(t->irq);
+ }
+
+ if (t->num == 3)
+ if (i->reset3 & 1) {
+ i->reset3 = 0;
+ qemu_system_reset_request();
+ }
+}
+
+static void pxa2xx_timer_tick4(void *opaque)
+{
+ PXA2xxTimer4 *t = (PXA2xxTimer4 *) opaque;
+ PXA2xxTimerInfo *i = (PXA2xxTimerInfo *) t->tm.info;
+
+ pxa2xx_timer_tick(&t->tm);
+ if (t->control & (1 << 3))
+ t->clock = 0;
+ if (t->control & (1 << 6))
+ pxa2xx_timer_update4(i, qemu_get_clock_ns(vm_clock), t->tm.num - 4);
+ if (i->events & 0xff0)
+ qemu_irq_raise(i->irq4);
+}
+
+static int pxa25x_timer_post_load(void *opaque, int version_id)
+{
+ PXA2xxTimerInfo *s = (PXA2xxTimerInfo *) opaque;
+ int64_t now;
+ int i;
+
+ now = qemu_get_clock_ns(vm_clock);
+ pxa2xx_timer_update(s, now);
+
+ if (pxa2xx_timer_has_tm4(s))
+ for (i = 0; i < 8; i ++)
+ pxa2xx_timer_update4(s, now, i);
+
+ return 0;
+}
+
+static int pxa2xx_timer_init(SysBusDevice *dev)
+{
+ PXA2xxTimerInfo *s = PXA2XX_TIMER(dev);
+ int i;
+
+ s->irq_enabled = 0;
+ s->oldclock = 0;
+ s->clock = 0;
+ s->lastload = qemu_get_clock_ns(vm_clock);
+ s->reset3 = 0;
+
+ for (i = 0; i < 4; i ++) {
+ s->timer[i].value = 0;
+ sysbus_init_irq(dev, &s->timer[i].irq);
+ s->timer[i].info = s;
+ s->timer[i].num = i;
+ s->timer[i].qtimer = qemu_new_timer_ns(vm_clock,
+ pxa2xx_timer_tick, &s->timer[i]);
+ }
+ if (s->flags & (1 << PXA2XX_TIMER_HAVE_TM4)) {
+ sysbus_init_irq(dev, &s->irq4);
+
+ for (i = 0; i < 8; i ++) {
+ s->tm4[i].tm.value = 0;
+ s->tm4[i].tm.info = s;
+ s->tm4[i].tm.num = i + 4;
+ s->tm4[i].freq = 0;
+ s->tm4[i].control = 0x0;
+ s->tm4[i].tm.qtimer = qemu_new_timer_ns(vm_clock,
+ pxa2xx_timer_tick4, &s->tm4[i]);
+ }
+ }
+
+ memory_region_init_io(&s->iomem, OBJECT(s), &pxa2xx_timer_ops, s,
+ "pxa2xx-timer", 0x00001000);
+ sysbus_init_mmio(dev, &s->iomem);
+
+ return 0;
+}
+
+static const VMStateDescription vmstate_pxa2xx_timer0_regs = {
+ .name = "pxa2xx_timer0",
+ .version_id = 2,
+ .minimum_version_id = 2,
+ .minimum_version_id_old = 2,
+ .fields = (VMStateField[]) {
+ VMSTATE_UINT32(value, PXA2xxTimer0),
+ VMSTATE_END_OF_LIST(),
+ },
+};
+
+static const VMStateDescription vmstate_pxa2xx_timer4_regs = {
+ .name = "pxa2xx_timer4",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .minimum_version_id_old = 1,
+ .fields = (VMStateField[]) {
+ VMSTATE_STRUCT(tm, PXA2xxTimer4, 1,
+ vmstate_pxa2xx_timer0_regs, PXA2xxTimer0),
+ VMSTATE_INT32(oldclock, PXA2xxTimer4),
+ VMSTATE_INT32(clock, PXA2xxTimer4),
+ VMSTATE_UINT64(lastload, PXA2xxTimer4),
+ VMSTATE_UINT32(freq, PXA2xxTimer4),
+ VMSTATE_UINT32(control, PXA2xxTimer4),
+ VMSTATE_END_OF_LIST(),
+ },
+};
+
+static bool pxa2xx_timer_has_tm4_test(void *opaque, int version_id)
+{
+ return pxa2xx_timer_has_tm4(opaque);
+}
+
+static const VMStateDescription vmstate_pxa2xx_timer_regs = {
+ .name = "pxa2xx_timer",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .minimum_version_id_old = 1,
+ .post_load = pxa25x_timer_post_load,
+ .fields = (VMStateField[]) {
+ VMSTATE_INT32(clock, PXA2xxTimerInfo),
+ VMSTATE_INT32(oldclock, PXA2xxTimerInfo),
+ VMSTATE_UINT64(lastload, PXA2xxTimerInfo),
+ VMSTATE_STRUCT_ARRAY(timer, PXA2xxTimerInfo, 4, 1,
+ vmstate_pxa2xx_timer0_regs, PXA2xxTimer0),
+ VMSTATE_UINT32(events, PXA2xxTimerInfo),
+ VMSTATE_UINT32(irq_enabled, PXA2xxTimerInfo),
+ VMSTATE_UINT32(reset3, PXA2xxTimerInfo),
+ VMSTATE_UINT32(snapshot, PXA2xxTimerInfo),
+ VMSTATE_STRUCT_ARRAY_TEST(tm4, PXA2xxTimerInfo, 8,
+ pxa2xx_timer_has_tm4_test, 0,
+ vmstate_pxa2xx_timer4_regs, PXA2xxTimer4),
+ VMSTATE_END_OF_LIST(),
+ }
+};
+
+static Property pxa25x_timer_dev_properties[] = {
+ DEFINE_PROP_UINT32("freq", PXA2xxTimerInfo, freq, PXA25X_FREQ),
+ DEFINE_PROP_BIT("tm4", PXA2xxTimerInfo, flags,
+ PXA2XX_TIMER_HAVE_TM4, false),
+ DEFINE_PROP_END_OF_LIST(),
+};
+
+static void pxa25x_timer_dev_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+
+ dc->desc = "PXA25x timer";
+ dc->props = pxa25x_timer_dev_properties;
+}
+
+static const TypeInfo pxa25x_timer_dev_info = {
+ .name = "pxa25x-timer",
+ .parent = TYPE_PXA2XX_TIMER,
+ .instance_size = sizeof(PXA2xxTimerInfo),
+ .class_init = pxa25x_timer_dev_class_init,
+};
+
+static Property pxa27x_timer_dev_properties[] = {
+ DEFINE_PROP_UINT32("freq", PXA2xxTimerInfo, freq, PXA27X_FREQ),
+ DEFINE_PROP_BIT("tm4", PXA2xxTimerInfo, flags,
+ PXA2XX_TIMER_HAVE_TM4, true),
+ DEFINE_PROP_END_OF_LIST(),
+};
+
+static void pxa27x_timer_dev_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+
+ dc->desc = "PXA27x timer";
+ dc->props = pxa27x_timer_dev_properties;
+}
+
+static const TypeInfo pxa27x_timer_dev_info = {
+ .name = "pxa27x-timer",
+ .parent = TYPE_PXA2XX_TIMER,
+ .instance_size = sizeof(PXA2xxTimerInfo),
+ .class_init = pxa27x_timer_dev_class_init,
+};
+
+static void pxa2xx_timer_class_init(ObjectClass *oc, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(oc);
+ SysBusDeviceClass *sdc = SYS_BUS_DEVICE_CLASS(oc);
+
+ sdc->init = pxa2xx_timer_init;
+ dc->vmsd = &vmstate_pxa2xx_timer_regs;
+}
+
+static const TypeInfo pxa2xx_timer_type_info = {
+ .name = TYPE_PXA2XX_TIMER,
+ .parent = TYPE_SYS_BUS_DEVICE,
+ .instance_size = sizeof(PXA2xxTimerInfo),
+ .abstract = true,
+ .class_init = pxa2xx_timer_class_init,
+};
+
+static void pxa2xx_timer_register_types(void)
+{
+ type_register_static(&pxa2xx_timer_type_info);
+ type_register_static(&pxa25x_timer_dev_info);
+ type_register_static(&pxa27x_timer_dev_info);
+}
+
+type_init(pxa2xx_timer_register_types)
diff --git a/hw/timer/sh_timer.c b/hw/timer/sh_timer.c
new file mode 100644
index 000000000..251a10dbf
--- /dev/null
+++ b/hw/timer/sh_timer.c
@@ -0,0 +1,333 @@
+/*
+ * SuperH Timer modules.
+ *
+ * Copyright (c) 2007 Magnus Damm
+ * Based on arm_timer.c by Paul Brook
+ * Copyright (c) 2005-2006 CodeSourcery.
+ *
+ * This code is licensed under the GPL.
+ */
+
+#include "hw/hw.h"
+#include "hw/sh4/sh.h"
+#include "qemu/timer.h"
+#include "exec/address-spaces.h"
+#include "hw/ptimer.h"
+
+//#define DEBUG_TIMER
+
+#define TIMER_TCR_TPSC (7 << 0)
+#define TIMER_TCR_CKEG (3 << 3)
+#define TIMER_TCR_UNIE (1 << 5)
+#define TIMER_TCR_ICPE (3 << 6)
+#define TIMER_TCR_UNF (1 << 8)
+#define TIMER_TCR_ICPF (1 << 9)
+#define TIMER_TCR_RESERVED (0x3f << 10)
+
+#define TIMER_FEAT_CAPT (1 << 0)
+#define TIMER_FEAT_EXTCLK (1 << 1)
+
+#define OFFSET_TCOR 0
+#define OFFSET_TCNT 1
+#define OFFSET_TCR 2
+#define OFFSET_TCPR 3
+
+typedef struct {
+ ptimer_state *timer;
+ uint32_t tcnt;
+ uint32_t tcor;
+ uint32_t tcr;
+ uint32_t tcpr;
+ int freq;
+ int int_level;
+ int old_level;
+ int feat;
+ int enabled;
+ qemu_irq irq;
+} sh_timer_state;
+
+/* Check all active timers, and schedule the next timer interrupt. */
+
+static void sh_timer_update(sh_timer_state *s)
+{
+ int new_level = s->int_level && (s->tcr & TIMER_TCR_UNIE);
+
+ if (new_level != s->old_level)
+ qemu_set_irq (s->irq, new_level);
+
+ s->old_level = s->int_level;
+ s->int_level = new_level;
+}
+
+static uint32_t sh_timer_read(void *opaque, hwaddr offset)
+{
+ sh_timer_state *s = (sh_timer_state *)opaque;
+
+ switch (offset >> 2) {
+ case OFFSET_TCOR:
+ return s->tcor;
+ case OFFSET_TCNT:
+ return ptimer_get_count(s->timer);
+ case OFFSET_TCR:
+ return s->tcr | (s->int_level ? TIMER_TCR_UNF : 0);
+ case OFFSET_TCPR:
+ if (s->feat & TIMER_FEAT_CAPT)
+ return s->tcpr;
+ default:
+ hw_error("sh_timer_read: Bad offset %x\n", (int)offset);
+ return 0;
+ }
+}
+
+static void sh_timer_write(void *opaque, hwaddr offset,
+ uint32_t value)
+{
+ sh_timer_state *s = (sh_timer_state *)opaque;
+ int freq;
+
+ switch (offset >> 2) {
+ case OFFSET_TCOR:
+ s->tcor = value;
+ ptimer_set_limit(s->timer, s->tcor, 0);
+ break;
+ case OFFSET_TCNT:
+ s->tcnt = value;
+ ptimer_set_count(s->timer, s->tcnt);
+ break;
+ case OFFSET_TCR:
+ if (s->enabled) {
+ /* Pause the timer if it is running. This may cause some
+ inaccuracy dure to rounding, but avoids a whole lot of other
+ messyness. */
+ ptimer_stop(s->timer);
+ }
+ freq = s->freq;
+ /* ??? Need to recalculate expiry time after changing divisor. */
+ switch (value & TIMER_TCR_TPSC) {
+ case 0: freq >>= 2; break;
+ case 1: freq >>= 4; break;
+ case 2: freq >>= 6; break;
+ case 3: freq >>= 8; break;
+ case 4: freq >>= 10; break;
+ case 6:
+ case 7: if (s->feat & TIMER_FEAT_EXTCLK) break;
+ default: hw_error("sh_timer_write: Reserved TPSC value\n"); break;
+ }
+ switch ((value & TIMER_TCR_CKEG) >> 3) {
+ case 0: break;
+ case 1:
+ case 2:
+ case 3: if (s->feat & TIMER_FEAT_EXTCLK) break;
+ default: hw_error("sh_timer_write: Reserved CKEG value\n"); break;
+ }
+ switch ((value & TIMER_TCR_ICPE) >> 6) {
+ case 0: break;
+ case 2:
+ case 3: if (s->feat & TIMER_FEAT_CAPT) break;
+ default: hw_error("sh_timer_write: Reserved ICPE value\n"); break;
+ }
+ if ((value & TIMER_TCR_UNF) == 0)
+ s->int_level = 0;
+
+ value &= ~TIMER_TCR_UNF;
+
+ if ((value & TIMER_TCR_ICPF) && (!(s->feat & TIMER_FEAT_CAPT)))
+ hw_error("sh_timer_write: Reserved ICPF value\n");
+
+ value &= ~TIMER_TCR_ICPF; /* capture not supported */
+
+ if (value & TIMER_TCR_RESERVED)
+ hw_error("sh_timer_write: Reserved TCR bits set\n");
+ s->tcr = value;
+ ptimer_set_limit(s->timer, s->tcor, 0);
+ ptimer_set_freq(s->timer, freq);
+ if (s->enabled) {
+ /* Restart the timer if still enabled. */
+ ptimer_run(s->timer, 0);
+ }
+ break;
+ case OFFSET_TCPR:
+ if (s->feat & TIMER_FEAT_CAPT) {
+ s->tcpr = value;
+ break;
+ }
+ default:
+ hw_error("sh_timer_write: Bad offset %x\n", (int)offset);
+ }
+ sh_timer_update(s);
+}
+
+static void sh_timer_start_stop(void *opaque, int enable)
+{
+ sh_timer_state *s = (sh_timer_state *)opaque;
+
+#ifdef DEBUG_TIMER
+ printf("sh_timer_start_stop %d (%d)\n", enable, s->enabled);
+#endif
+
+ if (s->enabled && !enable) {
+ ptimer_stop(s->timer);
+ }
+ if (!s->enabled && enable) {
+ ptimer_run(s->timer, 0);
+ }
+ s->enabled = !!enable;
+
+#ifdef DEBUG_TIMER
+ printf("sh_timer_start_stop done %d\n", s->enabled);
+#endif
+}
+
+static void sh_timer_tick(void *opaque)
+{
+ sh_timer_state *s = (sh_timer_state *)opaque;
+ s->int_level = s->enabled;
+ sh_timer_update(s);
+}
+
+static void *sh_timer_init(uint32_t freq, int feat, qemu_irq irq)
+{
+ sh_timer_state *s;
+ QEMUBH *bh;
+
+ s = (sh_timer_state *)g_malloc0(sizeof(sh_timer_state));
+ s->freq = freq;
+ s->feat = feat;
+ s->tcor = 0xffffffff;
+ s->tcnt = 0xffffffff;
+ s->tcpr = 0xdeadbeef;
+ s->tcr = 0;
+ s->enabled = 0;
+ s->irq = irq;
+
+ bh = qemu_bh_new(sh_timer_tick, s);
+ s->timer = ptimer_init(bh);
+
+ sh_timer_write(s, OFFSET_TCOR >> 2, s->tcor);
+ sh_timer_write(s, OFFSET_TCNT >> 2, s->tcnt);
+ sh_timer_write(s, OFFSET_TCPR >> 2, s->tcpr);
+ sh_timer_write(s, OFFSET_TCR >> 2, s->tcpr);
+ /* ??? Save/restore. */
+ return s;
+}
+
+typedef struct {
+ MemoryRegion iomem;
+ MemoryRegion iomem_p4;
+ MemoryRegion iomem_a7;
+ void *timer[3];
+ int level[3];
+ uint32_t tocr;
+ uint32_t tstr;
+ int feat;
+} tmu012_state;
+
+static uint64_t tmu012_read(void *opaque, hwaddr offset,
+ unsigned size)
+{
+ tmu012_state *s = (tmu012_state *)opaque;
+
+#ifdef DEBUG_TIMER
+ printf("tmu012_read 0x%lx\n", (unsigned long) offset);
+#endif
+
+ if (offset >= 0x20) {
+ if (!(s->feat & TMU012_FEAT_3CHAN))
+ hw_error("tmu012_write: Bad channel offset %x\n", (int)offset);
+ return sh_timer_read(s->timer[2], offset - 0x20);
+ }
+
+ if (offset >= 0x14)
+ return sh_timer_read(s->timer[1], offset - 0x14);
+
+ if (offset >= 0x08)
+ return sh_timer_read(s->timer[0], offset - 0x08);
+
+ if (offset == 4)
+ return s->tstr;
+
+ if ((s->feat & TMU012_FEAT_TOCR) && offset == 0)
+ return s->tocr;
+
+ hw_error("tmu012_write: Bad offset %x\n", (int)offset);
+ return 0;
+}
+
+static void tmu012_write(void *opaque, hwaddr offset,
+ uint64_t value, unsigned size)
+{
+ tmu012_state *s = (tmu012_state *)opaque;
+
+#ifdef DEBUG_TIMER
+ printf("tmu012_write 0x%lx 0x%08x\n", (unsigned long) offset, value);
+#endif
+
+ if (offset >= 0x20) {
+ if (!(s->feat & TMU012_FEAT_3CHAN))
+ hw_error("tmu012_write: Bad channel offset %x\n", (int)offset);
+ sh_timer_write(s->timer[2], offset - 0x20, value);
+ return;
+ }
+
+ if (offset >= 0x14) {
+ sh_timer_write(s->timer[1], offset - 0x14, value);
+ return;
+ }
+
+ if (offset >= 0x08) {
+ sh_timer_write(s->timer[0], offset - 0x08, value);
+ return;
+ }
+
+ if (offset == 4) {
+ sh_timer_start_stop(s->timer[0], value & (1 << 0));
+ sh_timer_start_stop(s->timer[1], value & (1 << 1));
+ if (s->feat & TMU012_FEAT_3CHAN)
+ sh_timer_start_stop(s->timer[2], value & (1 << 2));
+ else
+ if (value & (1 << 2))
+ hw_error("tmu012_write: Bad channel\n");
+
+ s->tstr = value;
+ return;
+ }
+
+ if ((s->feat & TMU012_FEAT_TOCR) && offset == 0) {
+ s->tocr = value & (1 << 0);
+ }
+}
+
+static const MemoryRegionOps tmu012_ops = {
+ .read = tmu012_read,
+ .write = tmu012_write,
+ .endianness = DEVICE_NATIVE_ENDIAN,
+};
+
+void tmu012_init(MemoryRegion *sysmem, hwaddr base,
+ int feat, uint32_t freq,
+ qemu_irq ch0_irq, qemu_irq ch1_irq,
+ qemu_irq ch2_irq0, qemu_irq ch2_irq1)
+{
+ tmu012_state *s;
+ int timer_feat = (feat & TMU012_FEAT_EXTCLK) ? TIMER_FEAT_EXTCLK : 0;
+
+ s = (tmu012_state *)g_malloc0(sizeof(tmu012_state));
+ s->feat = feat;
+ s->timer[0] = sh_timer_init(freq, timer_feat, ch0_irq);
+ s->timer[1] = sh_timer_init(freq, timer_feat, ch1_irq);
+ if (feat & TMU012_FEAT_3CHAN)
+ s->timer[2] = sh_timer_init(freq, timer_feat | TIMER_FEAT_CAPT,
+ ch2_irq0); /* ch2_irq1 not supported */
+
+ memory_region_init_io(&s->iomem, NULL, &tmu012_ops, s,
+ "timer", 0x100000000ULL);
+
+ memory_region_init_alias(&s->iomem_p4, NULL, "timer-p4",
+ &s->iomem, 0, 0x1000);
+ memory_region_add_subregion(sysmem, P4ADDR(base), &s->iomem_p4);
+
+ memory_region_init_alias(&s->iomem_a7, NULL, "timer-a7",
+ &s->iomem, 0, 0x1000);
+ memory_region_add_subregion(sysmem, A7ADDR(base), &s->iomem_a7);
+ /* ??? Save/restore. */
+}
diff --git a/hw/timer/slavio_timer.c b/hw/timer/slavio_timer.c
new file mode 100644
index 000000000..33e8f6c15
--- /dev/null
+++ b/hw/timer/slavio_timer.c
@@ -0,0 +1,440 @@
+/*
+ * QEMU Sparc SLAVIO timer controller emulation
+ *
+ * Copyright (c) 2003-2005 Fabrice Bellard
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+#include "hw/sparc/sun4m.h"
+#include "qemu/timer.h"
+#include "hw/ptimer.h"
+#include "hw/sysbus.h"
+#include "trace.h"
+
+/*
+ * Registers of hardware timer in sun4m.
+ *
+ * This is the timer/counter part of chip STP2001 (Slave I/O), also
+ * produced as NCR89C105. See
+ * http://www.ibiblio.org/pub/historic-linux/early-ports/Sparc/NCR/NCR89C105.txt
+ *
+ * The 31-bit counter is incremented every 500ns by bit 9. Bits 8..0
+ * are zero. Bit 31 is 1 when count has been reached.
+ *
+ * Per-CPU timers interrupt local CPU, system timer uses normal
+ * interrupt routing.
+ *
+ */
+
+#define MAX_CPUS 16
+
+typedef struct CPUTimerState {
+ qemu_irq irq;
+ ptimer_state *timer;
+ uint32_t count, counthigh, reached;
+ /* processor only */
+ uint32_t running;
+ uint64_t limit;
+} CPUTimerState;
+
+#define TYPE_SLAVIO_TIMER "slavio_timer"
+#define SLAVIO_TIMER(obj) \
+ OBJECT_CHECK(SLAVIO_TIMERState, (obj), TYPE_SLAVIO_TIMER)
+
+typedef struct SLAVIO_TIMERState {
+ SysBusDevice parent_obj;
+
+ uint32_t num_cpus;
+ uint32_t cputimer_mode;
+ CPUTimerState cputimer[MAX_CPUS + 1];
+} SLAVIO_TIMERState;
+
+typedef struct TimerContext {
+ MemoryRegion iomem;
+ SLAVIO_TIMERState *s;
+ unsigned int timer_index; /* 0 for system, 1 ... MAX_CPUS for CPU timers */
+} TimerContext;
+
+#define SYS_TIMER_SIZE 0x14
+#define CPU_TIMER_SIZE 0x10
+
+#define TIMER_LIMIT 0
+#define TIMER_COUNTER 1
+#define TIMER_COUNTER_NORST 2
+#define TIMER_STATUS 3
+#define TIMER_MODE 4
+
+#define TIMER_COUNT_MASK32 0xfffffe00
+#define TIMER_LIMIT_MASK32 0x7fffffff
+#define TIMER_MAX_COUNT64 0x7ffffffffffffe00ULL
+#define TIMER_MAX_COUNT32 0x7ffffe00ULL
+#define TIMER_REACHED 0x80000000
+#define TIMER_PERIOD 500ULL // 500ns
+#define LIMIT_TO_PERIODS(l) (((l) >> 9) - 1)
+#define PERIODS_TO_LIMIT(l) (((l) + 1) << 9)
+
+static int slavio_timer_is_user(TimerContext *tc)
+{
+ SLAVIO_TIMERState *s = tc->s;
+ unsigned int timer_index = tc->timer_index;
+
+ return timer_index != 0 && (s->cputimer_mode & (1 << (timer_index - 1)));
+}
+
+// Update count, set irq, update expire_time
+// Convert from ptimer countdown units
+static void slavio_timer_get_out(CPUTimerState *t)
+{
+ uint64_t count, limit;
+
+ if (t->limit == 0) { /* free-run system or processor counter */
+ limit = TIMER_MAX_COUNT32;
+ } else {
+ limit = t->limit;
+ }
+ count = limit - PERIODS_TO_LIMIT(ptimer_get_count(t->timer));
+
+ trace_slavio_timer_get_out(t->limit, t->counthigh, t->count);
+ t->count = count & TIMER_COUNT_MASK32;
+ t->counthigh = count >> 32;
+}
+
+// timer callback
+static void slavio_timer_irq(void *opaque)
+{
+ TimerContext *tc = opaque;
+ SLAVIO_TIMERState *s = tc->s;
+ CPUTimerState *t = &s->cputimer[tc->timer_index];
+
+ slavio_timer_get_out(t);
+ trace_slavio_timer_irq(t->counthigh, t->count);
+ /* if limit is 0 (free-run), there will be no match */
+ if (t->limit != 0) {
+ t->reached = TIMER_REACHED;
+ }
+ /* there is no interrupt if user timer or free-run */
+ if (!slavio_timer_is_user(tc) && t->limit != 0) {
+ qemu_irq_raise(t->irq);
+ }
+}
+
+static uint64_t slavio_timer_mem_readl(void *opaque, hwaddr addr,
+ unsigned size)
+{
+ TimerContext *tc = opaque;
+ SLAVIO_TIMERState *s = tc->s;
+ uint32_t saddr, ret;
+ unsigned int timer_index = tc->timer_index;
+ CPUTimerState *t = &s->cputimer[timer_index];
+
+ saddr = addr >> 2;
+ switch (saddr) {
+ case TIMER_LIMIT:
+ // read limit (system counter mode) or read most signifying
+ // part of counter (user mode)
+ if (slavio_timer_is_user(tc)) {
+ // read user timer MSW
+ slavio_timer_get_out(t);
+ ret = t->counthigh | t->reached;
+ } else {
+ // read limit
+ // clear irq
+ qemu_irq_lower(t->irq);
+ t->reached = 0;
+ ret = t->limit & TIMER_LIMIT_MASK32;
+ }
+ break;
+ case TIMER_COUNTER:
+ // read counter and reached bit (system mode) or read lsbits
+ // of counter (user mode)
+ slavio_timer_get_out(t);
+ if (slavio_timer_is_user(tc)) { // read user timer LSW
+ ret = t->count & TIMER_MAX_COUNT64;
+ } else { // read limit
+ ret = (t->count & TIMER_MAX_COUNT32) |
+ t->reached;
+ }
+ break;
+ case TIMER_STATUS:
+ // only available in processor counter/timer
+ // read start/stop status
+ if (timer_index > 0) {
+ ret = t->running;
+ } else {
+ ret = 0;
+ }
+ break;
+ case TIMER_MODE:
+ // only available in system counter
+ // read user/system mode
+ ret = s->cputimer_mode;
+ break;
+ default:
+ trace_slavio_timer_mem_readl_invalid(addr);
+ ret = 0;
+ break;
+ }
+ trace_slavio_timer_mem_readl(addr, ret);
+ return ret;
+}
+
+static void slavio_timer_mem_writel(void *opaque, hwaddr addr,
+ uint64_t val, unsigned size)
+{
+ TimerContext *tc = opaque;
+ SLAVIO_TIMERState *s = tc->s;
+ uint32_t saddr;
+ unsigned int timer_index = tc->timer_index;
+ CPUTimerState *t = &s->cputimer[timer_index];
+
+ trace_slavio_timer_mem_writel(addr, val);
+ saddr = addr >> 2;
+ switch (saddr) {
+ case TIMER_LIMIT:
+ if (slavio_timer_is_user(tc)) {
+ uint64_t count;
+
+ // set user counter MSW, reset counter
+ t->limit = TIMER_MAX_COUNT64;
+ t->counthigh = val & (TIMER_MAX_COUNT64 >> 32);
+ t->reached = 0;
+ count = ((uint64_t)t->counthigh << 32) | t->count;
+ trace_slavio_timer_mem_writel_limit(timer_index, count);
+ ptimer_set_count(t->timer, LIMIT_TO_PERIODS(t->limit - count));
+ } else {
+ // set limit, reset counter
+ qemu_irq_lower(t->irq);
+ t->limit = val & TIMER_MAX_COUNT32;
+ if (t->timer) {
+ if (t->limit == 0) { /* free-run */
+ ptimer_set_limit(t->timer,
+ LIMIT_TO_PERIODS(TIMER_MAX_COUNT32), 1);
+ } else {
+ ptimer_set_limit(t->timer, LIMIT_TO_PERIODS(t->limit), 1);
+ }
+ }
+ }
+ break;
+ case TIMER_COUNTER:
+ if (slavio_timer_is_user(tc)) {
+ uint64_t count;
+
+ // set user counter LSW, reset counter
+ t->limit = TIMER_MAX_COUNT64;
+ t->count = val & TIMER_MAX_COUNT64;
+ t->reached = 0;
+ count = ((uint64_t)t->counthigh) << 32 | t->count;
+ trace_slavio_timer_mem_writel_limit(timer_index, count);
+ ptimer_set_count(t->timer, LIMIT_TO_PERIODS(t->limit - count));
+ } else {
+ trace_slavio_timer_mem_writel_counter_invalid();
+ }
+ break;
+ case TIMER_COUNTER_NORST:
+ // set limit without resetting counter
+ t->limit = val & TIMER_MAX_COUNT32;
+ if (t->limit == 0) { /* free-run */
+ ptimer_set_limit(t->timer, LIMIT_TO_PERIODS(TIMER_MAX_COUNT32), 0);
+ } else {
+ ptimer_set_limit(t->timer, LIMIT_TO_PERIODS(t->limit), 0);
+ }
+ break;
+ case TIMER_STATUS:
+ if (slavio_timer_is_user(tc)) {
+ // start/stop user counter
+ if ((val & 1) && !t->running) {
+ trace_slavio_timer_mem_writel_status_start(timer_index);
+ ptimer_run(t->timer, 0);
+ t->running = 1;
+ } else if (!(val & 1) && t->running) {
+ trace_slavio_timer_mem_writel_status_stop(timer_index);
+ ptimer_stop(t->timer);
+ t->running = 0;
+ }
+ }
+ break;
+ case TIMER_MODE:
+ if (timer_index == 0) {
+ unsigned int i;
+
+ for (i = 0; i < s->num_cpus; i++) {
+ unsigned int processor = 1 << i;
+ CPUTimerState *curr_timer = &s->cputimer[i + 1];
+
+ // check for a change in timer mode for this processor
+ if ((val & processor) != (s->cputimer_mode & processor)) {
+ if (val & processor) { // counter -> user timer
+ qemu_irq_lower(curr_timer->irq);
+ // counters are always running
+ ptimer_stop(curr_timer->timer);
+ curr_timer->running = 0;
+ // user timer limit is always the same
+ curr_timer->limit = TIMER_MAX_COUNT64;
+ ptimer_set_limit(curr_timer->timer,
+ LIMIT_TO_PERIODS(curr_timer->limit),
+ 1);
+ // set this processors user timer bit in config
+ // register
+ s->cputimer_mode |= processor;
+ trace_slavio_timer_mem_writel_mode_user(timer_index);
+ } else { // user timer -> counter
+ // stop the user timer if it is running
+ if (curr_timer->running) {
+ ptimer_stop(curr_timer->timer);
+ }
+ // start the counter
+ ptimer_run(curr_timer->timer, 0);
+ curr_timer->running = 1;
+ // clear this processors user timer bit in config
+ // register
+ s->cputimer_mode &= ~processor;
+ trace_slavio_timer_mem_writel_mode_counter(timer_index);
+ }
+ }
+ }
+ } else {
+ trace_slavio_timer_mem_writel_mode_invalid();
+ }
+ break;
+ default:
+ trace_slavio_timer_mem_writel_invalid(addr);
+ break;
+ }
+}
+
+static const MemoryRegionOps slavio_timer_mem_ops = {
+ .read = slavio_timer_mem_readl,
+ .write = slavio_timer_mem_writel,
+ .endianness = DEVICE_NATIVE_ENDIAN,
+ .valid = {
+ .min_access_size = 4,
+ .max_access_size = 4,
+ },
+};
+
+static const VMStateDescription vmstate_timer = {
+ .name ="timer",
+ .version_id = 3,
+ .minimum_version_id = 3,
+ .minimum_version_id_old = 3,
+ .fields = (VMStateField []) {
+ VMSTATE_UINT64(limit, CPUTimerState),
+ VMSTATE_UINT32(count, CPUTimerState),
+ VMSTATE_UINT32(counthigh, CPUTimerState),
+ VMSTATE_UINT32(reached, CPUTimerState),
+ VMSTATE_UINT32(running, CPUTimerState),
+ VMSTATE_PTIMER(timer, CPUTimerState),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+static const VMStateDescription vmstate_slavio_timer = {
+ .name ="slavio_timer",
+ .version_id = 3,
+ .minimum_version_id = 3,
+ .minimum_version_id_old = 3,
+ .fields = (VMStateField []) {
+ VMSTATE_STRUCT_ARRAY(cputimer, SLAVIO_TIMERState, MAX_CPUS + 1, 3,
+ vmstate_timer, CPUTimerState),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+static void slavio_timer_reset(DeviceState *d)
+{
+ SLAVIO_TIMERState *s = SLAVIO_TIMER(d);
+ unsigned int i;
+ CPUTimerState *curr_timer;
+
+ for (i = 0; i <= MAX_CPUS; i++) {
+ curr_timer = &s->cputimer[i];
+ curr_timer->limit = 0;
+ curr_timer->count = 0;
+ curr_timer->reached = 0;
+ if (i <= s->num_cpus) {
+ ptimer_set_limit(curr_timer->timer,
+ LIMIT_TO_PERIODS(TIMER_MAX_COUNT32), 1);
+ ptimer_run(curr_timer->timer, 0);
+ curr_timer->running = 1;
+ }
+ }
+ s->cputimer_mode = 0;
+}
+
+static int slavio_timer_init1(SysBusDevice *dev)
+{
+ SLAVIO_TIMERState *s = SLAVIO_TIMER(dev);
+ QEMUBH *bh;
+ unsigned int i;
+ TimerContext *tc;
+
+ for (i = 0; i <= MAX_CPUS; i++) {
+ uint64_t size;
+ char timer_name[20];
+
+ tc = g_malloc0(sizeof(TimerContext));
+ tc->s = s;
+ tc->timer_index = i;
+
+ bh = qemu_bh_new(slavio_timer_irq, tc);
+ s->cputimer[i].timer = ptimer_init(bh);
+ ptimer_set_period(s->cputimer[i].timer, TIMER_PERIOD);
+
+ size = i == 0 ? SYS_TIMER_SIZE : CPU_TIMER_SIZE;
+ snprintf(timer_name, sizeof(timer_name), "timer-%i", i);
+ memory_region_init_io(&tc->iomem, OBJECT(s), &slavio_timer_mem_ops, tc,
+ timer_name, size);
+ sysbus_init_mmio(dev, &tc->iomem);
+
+ sysbus_init_irq(dev, &s->cputimer[i].irq);
+ }
+
+ return 0;
+}
+
+static Property slavio_timer_properties[] = {
+ DEFINE_PROP_UINT32("num_cpus", SLAVIO_TIMERState, num_cpus, 0),
+ DEFINE_PROP_END_OF_LIST(),
+};
+
+static void slavio_timer_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
+
+ k->init = slavio_timer_init1;
+ dc->reset = slavio_timer_reset;
+ dc->vmsd = &vmstate_slavio_timer;
+ dc->props = slavio_timer_properties;
+}
+
+static const TypeInfo slavio_timer_info = {
+ .name = TYPE_SLAVIO_TIMER,
+ .parent = TYPE_SYS_BUS_DEVICE,
+ .instance_size = sizeof(SLAVIO_TIMERState),
+ .class_init = slavio_timer_class_init,
+};
+
+static void slavio_timer_register_types(void)
+{
+ type_register_static(&slavio_timer_info);
+}
+
+type_init(slavio_timer_register_types)
diff --git a/hw/timer/tusb6010.c b/hw/timer/tusb6010.c
new file mode 100644
index 000000000..c48ecf8ee
--- /dev/null
+++ b/hw/timer/tusb6010.c
@@ -0,0 +1,819 @@
+/*
+ * Texas Instruments TUSB6010 emulation.
+ * Based on reverse-engineering of a linux driver.
+ *
+ * Copyright (C) 2008 Nokia Corporation
+ * Written by Andrzej Zaborowski <andrew@openedhand.com>
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License as
+ * published by the Free Software Foundation; either version 2 or
+ * (at your option) version 3 of the License.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+#include "qemu-common.h"
+#include "qemu/timer.h"
+#include "hw/usb.h"
+#include "hw/arm/omap.h"
+#include "hw/irq.h"
+#include "hw/devices.h"
+#include "hw/sysbus.h"
+
+#define TYPE_TUSB6010 "tusb6010"
+#define TUSB(obj) OBJECT_CHECK(TUSBState, (obj), TYPE_TUSB6010)
+
+typedef struct TUSBState {
+ SysBusDevice parent_obj;
+
+ MemoryRegion iomem[2];
+ qemu_irq irq;
+ MUSBState *musb;
+ QEMUTimer *otg_timer;
+ QEMUTimer *pwr_timer;
+
+ int power;
+ uint32_t scratch;
+ uint16_t test_reset;
+ uint32_t prcm_config;
+ uint32_t prcm_mngmt;
+ uint16_t otg_status;
+ uint32_t dev_config;
+ int host_mode;
+ uint32_t intr;
+ uint32_t intr_ok;
+ uint32_t mask;
+ uint32_t usbip_intr;
+ uint32_t usbip_mask;
+ uint32_t gpio_intr;
+ uint32_t gpio_mask;
+ uint32_t gpio_config;
+ uint32_t dma_intr;
+ uint32_t dma_mask;
+ uint32_t dma_map;
+ uint32_t dma_config;
+ uint32_t ep0_config;
+ uint32_t rx_config[15];
+ uint32_t tx_config[15];
+ uint32_t wkup_mask;
+ uint32_t pullup[2];
+ uint32_t control_config;
+ uint32_t otg_timer_val;
+} TUSBState;
+
+#define TUSB_DEVCLOCK 60000000 /* 60 MHz */
+
+#define TUSB_VLYNQ_CTRL 0x004
+
+/* Mentor Graphics OTG core registers. */
+#define TUSB_BASE_OFFSET 0x400
+
+/* FIFO registers, 32-bit. */
+#define TUSB_FIFO_BASE 0x600
+
+/* Device System & Control registers, 32-bit. */
+#define TUSB_SYS_REG_BASE 0x800
+
+#define TUSB_DEV_CONF (TUSB_SYS_REG_BASE + 0x000)
+#define TUSB_DEV_CONF_USB_HOST_MODE (1 << 16)
+#define TUSB_DEV_CONF_PROD_TEST_MODE (1 << 15)
+#define TUSB_DEV_CONF_SOFT_ID (1 << 1)
+#define TUSB_DEV_CONF_ID_SEL (1 << 0)
+
+#define TUSB_PHY_OTG_CTRL_ENABLE (TUSB_SYS_REG_BASE + 0x004)
+#define TUSB_PHY_OTG_CTRL (TUSB_SYS_REG_BASE + 0x008)
+#define TUSB_PHY_OTG_CTRL_WRPROTECT (0xa5 << 24)
+#define TUSB_PHY_OTG_CTRL_O_ID_PULLUP (1 << 23)
+#define TUSB_PHY_OTG_CTRL_O_VBUS_DET_EN (1 << 19)
+#define TUSB_PHY_OTG_CTRL_O_SESS_END_EN (1 << 18)
+#define TUSB_PHY_OTG_CTRL_TESTM2 (1 << 17)
+#define TUSB_PHY_OTG_CTRL_TESTM1 (1 << 16)
+#define TUSB_PHY_OTG_CTRL_TESTM0 (1 << 15)
+#define TUSB_PHY_OTG_CTRL_TX_DATA2 (1 << 14)
+#define TUSB_PHY_OTG_CTRL_TX_GZ2 (1 << 13)
+#define TUSB_PHY_OTG_CTRL_TX_ENABLE2 (1 << 12)
+#define TUSB_PHY_OTG_CTRL_DM_PULLDOWN (1 << 11)
+#define TUSB_PHY_OTG_CTRL_DP_PULLDOWN (1 << 10)
+#define TUSB_PHY_OTG_CTRL_OSC_EN (1 << 9)
+#define TUSB_PHY_OTG_CTRL_PHYREF_CLK(v) (((v) & 3) << 7)
+#define TUSB_PHY_OTG_CTRL_PD (1 << 6)
+#define TUSB_PHY_OTG_CTRL_PLL_ON (1 << 5)
+#define TUSB_PHY_OTG_CTRL_EXT_RPU (1 << 4)
+#define TUSB_PHY_OTG_CTRL_PWR_GOOD (1 << 3)
+#define TUSB_PHY_OTG_CTRL_RESET (1 << 2)
+#define TUSB_PHY_OTG_CTRL_SUSPENDM (1 << 1)
+#define TUSB_PHY_OTG_CTRL_CLK_MODE (1 << 0)
+
+/* OTG status register */
+#define TUSB_DEV_OTG_STAT (TUSB_SYS_REG_BASE + 0x00c)
+#define TUSB_DEV_OTG_STAT_PWR_CLK_GOOD (1 << 8)
+#define TUSB_DEV_OTG_STAT_SESS_END (1 << 7)
+#define TUSB_DEV_OTG_STAT_SESS_VALID (1 << 6)
+#define TUSB_DEV_OTG_STAT_VBUS_VALID (1 << 5)
+#define TUSB_DEV_OTG_STAT_VBUS_SENSE (1 << 4)
+#define TUSB_DEV_OTG_STAT_ID_STATUS (1 << 3)
+#define TUSB_DEV_OTG_STAT_HOST_DISCON (1 << 2)
+#define TUSB_DEV_OTG_STAT_LINE_STATE (3 << 0)
+#define TUSB_DEV_OTG_STAT_DP_ENABLE (1 << 1)
+#define TUSB_DEV_OTG_STAT_DM_ENABLE (1 << 0)
+
+#define TUSB_DEV_OTG_TIMER (TUSB_SYS_REG_BASE + 0x010)
+#define TUSB_DEV_OTG_TIMER_ENABLE (1 << 31)
+#define TUSB_DEV_OTG_TIMER_VAL(v) ((v) & 0x07ffffff)
+#define TUSB_PRCM_REV (TUSB_SYS_REG_BASE + 0x014)
+
+/* PRCM configuration register */
+#define TUSB_PRCM_CONF (TUSB_SYS_REG_BASE + 0x018)
+#define TUSB_PRCM_CONF_SFW_CPEN (1 << 24)
+#define TUSB_PRCM_CONF_SYS_CLKSEL(v) (((v) & 3) << 16)
+
+/* PRCM management register */
+#define TUSB_PRCM_MNGMT (TUSB_SYS_REG_BASE + 0x01c)
+#define TUSB_PRCM_MNGMT_SRP_FIX_TMR(v) (((v) & 0xf) << 25)
+#define TUSB_PRCM_MNGMT_SRP_FIX_EN (1 << 24)
+#define TUSB_PRCM_MNGMT_VBUS_VAL_TMR(v) (((v) & 0xf) << 20)
+#define TUSB_PRCM_MNGMT_VBUS_VAL_FLT_EN (1 << 19)
+#define TUSB_PRCM_MNGMT_DFT_CLK_DIS (1 << 18)
+#define TUSB_PRCM_MNGMT_VLYNQ_CLK_DIS (1 << 17)
+#define TUSB_PRCM_MNGMT_OTG_SESS_END_EN (1 << 10)
+#define TUSB_PRCM_MNGMT_OTG_VBUS_DET_EN (1 << 9)
+#define TUSB_PRCM_MNGMT_OTG_ID_PULLUP (1 << 8)
+#define TUSB_PRCM_MNGMT_15_SW_EN (1 << 4)
+#define TUSB_PRCM_MNGMT_33_SW_EN (1 << 3)
+#define TUSB_PRCM_MNGMT_5V_CPEN (1 << 2)
+#define TUSB_PRCM_MNGMT_PM_IDLE (1 << 1)
+#define TUSB_PRCM_MNGMT_DEV_IDLE (1 << 0)
+
+/* Wake-up source clear and mask registers */
+#define TUSB_PRCM_WAKEUP_SOURCE (TUSB_SYS_REG_BASE + 0x020)
+#define TUSB_PRCM_WAKEUP_CLEAR (TUSB_SYS_REG_BASE + 0x028)
+#define TUSB_PRCM_WAKEUP_MASK (TUSB_SYS_REG_BASE + 0x02c)
+#define TUSB_PRCM_WAKEUP_RESERVED_BITS (0xffffe << 13)
+#define TUSB_PRCM_WGPIO_7 (1 << 12)
+#define TUSB_PRCM_WGPIO_6 (1 << 11)
+#define TUSB_PRCM_WGPIO_5 (1 << 10)
+#define TUSB_PRCM_WGPIO_4 (1 << 9)
+#define TUSB_PRCM_WGPIO_3 (1 << 8)
+#define TUSB_PRCM_WGPIO_2 (1 << 7)
+#define TUSB_PRCM_WGPIO_1 (1 << 6)
+#define TUSB_PRCM_WGPIO_0 (1 << 5)
+#define TUSB_PRCM_WHOSTDISCON (1 << 4) /* Host disconnect */
+#define TUSB_PRCM_WBUS (1 << 3) /* USB bus resume */
+#define TUSB_PRCM_WNORCS (1 << 2) /* NOR chip select */
+#define TUSB_PRCM_WVBUS (1 << 1) /* OTG PHY VBUS */
+#define TUSB_PRCM_WID (1 << 0) /* OTG PHY ID detect */
+
+#define TUSB_PULLUP_1_CTRL (TUSB_SYS_REG_BASE + 0x030)
+#define TUSB_PULLUP_2_CTRL (TUSB_SYS_REG_BASE + 0x034)
+#define TUSB_INT_CTRL_REV (TUSB_SYS_REG_BASE + 0x038)
+#define TUSB_INT_CTRL_CONF (TUSB_SYS_REG_BASE + 0x03c)
+#define TUSB_USBIP_INT_SRC (TUSB_SYS_REG_BASE + 0x040)
+#define TUSB_USBIP_INT_SET (TUSB_SYS_REG_BASE + 0x044)
+#define TUSB_USBIP_INT_CLEAR (TUSB_SYS_REG_BASE + 0x048)
+#define TUSB_USBIP_INT_MASK (TUSB_SYS_REG_BASE + 0x04c)
+#define TUSB_DMA_INT_SRC (TUSB_SYS_REG_BASE + 0x050)
+#define TUSB_DMA_INT_SET (TUSB_SYS_REG_BASE + 0x054)
+#define TUSB_DMA_INT_CLEAR (TUSB_SYS_REG_BASE + 0x058)
+#define TUSB_DMA_INT_MASK (TUSB_SYS_REG_BASE + 0x05c)
+#define TUSB_GPIO_INT_SRC (TUSB_SYS_REG_BASE + 0x060)
+#define TUSB_GPIO_INT_SET (TUSB_SYS_REG_BASE + 0x064)
+#define TUSB_GPIO_INT_CLEAR (TUSB_SYS_REG_BASE + 0x068)
+#define TUSB_GPIO_INT_MASK (TUSB_SYS_REG_BASE + 0x06c)
+
+/* NOR flash interrupt source registers */
+#define TUSB_INT_SRC (TUSB_SYS_REG_BASE + 0x070)
+#define TUSB_INT_SRC_SET (TUSB_SYS_REG_BASE + 0x074)
+#define TUSB_INT_SRC_CLEAR (TUSB_SYS_REG_BASE + 0x078)
+#define TUSB_INT_MASK (TUSB_SYS_REG_BASE + 0x07c)
+#define TUSB_INT_SRC_TXRX_DMA_DONE (1 << 24)
+#define TUSB_INT_SRC_USB_IP_CORE (1 << 17)
+#define TUSB_INT_SRC_OTG_TIMEOUT (1 << 16)
+#define TUSB_INT_SRC_VBUS_SENSE_CHNG (1 << 15)
+#define TUSB_INT_SRC_ID_STATUS_CHNG (1 << 14)
+#define TUSB_INT_SRC_DEV_WAKEUP (1 << 13)
+#define TUSB_INT_SRC_DEV_READY (1 << 12)
+#define TUSB_INT_SRC_USB_IP_TX (1 << 9)
+#define TUSB_INT_SRC_USB_IP_RX (1 << 8)
+#define TUSB_INT_SRC_USB_IP_VBUS_ERR (1 << 7)
+#define TUSB_INT_SRC_USB_IP_VBUS_REQ (1 << 6)
+#define TUSB_INT_SRC_USB_IP_DISCON (1 << 5)
+#define TUSB_INT_SRC_USB_IP_CONN (1 << 4)
+#define TUSB_INT_SRC_USB_IP_SOF (1 << 3)
+#define TUSB_INT_SRC_USB_IP_RST_BABBLE (1 << 2)
+#define TUSB_INT_SRC_USB_IP_RESUME (1 << 1)
+#define TUSB_INT_SRC_USB_IP_SUSPEND (1 << 0)
+
+#define TUSB_GPIO_REV (TUSB_SYS_REG_BASE + 0x080)
+#define TUSB_GPIO_CONF (TUSB_SYS_REG_BASE + 0x084)
+#define TUSB_DMA_CTRL_REV (TUSB_SYS_REG_BASE + 0x100)
+#define TUSB_DMA_REQ_CONF (TUSB_SYS_REG_BASE + 0x104)
+#define TUSB_EP0_CONF (TUSB_SYS_REG_BASE + 0x108)
+#define TUSB_EP_IN_SIZE (TUSB_SYS_REG_BASE + 0x10c)
+#define TUSB_DMA_EP_MAP (TUSB_SYS_REG_BASE + 0x148)
+#define TUSB_EP_OUT_SIZE (TUSB_SYS_REG_BASE + 0x14c)
+#define TUSB_EP_MAX_PACKET_SIZE_OFFSET (TUSB_SYS_REG_BASE + 0x188)
+#define TUSB_SCRATCH_PAD (TUSB_SYS_REG_BASE + 0x1c4)
+#define TUSB_WAIT_COUNT (TUSB_SYS_REG_BASE + 0x1c8)
+#define TUSB_PROD_TEST_RESET (TUSB_SYS_REG_BASE + 0x1d8)
+
+#define TUSB_DIDR1_LO (TUSB_SYS_REG_BASE + 0x1f8)
+#define TUSB_DIDR1_HI (TUSB_SYS_REG_BASE + 0x1fc)
+
+/* Device System & Control register bitfields */
+#define TUSB_INT_CTRL_CONF_INT_RLCYC(v) (((v) & 0x7) << 18)
+#define TUSB_INT_CTRL_CONF_INT_POLARITY (1 << 17)
+#define TUSB_INT_CTRL_CONF_INT_MODE (1 << 16)
+#define TUSB_GPIO_CONF_DMAREQ(v) (((v) & 0x3f) << 24)
+#define TUSB_DMA_REQ_CONF_BURST_SIZE(v) (((v) & 3) << 26)
+#define TUSB_DMA_REQ_CONF_DMA_RQ_EN(v) (((v) & 0x3f) << 20)
+#define TUSB_DMA_REQ_CONF_DMA_RQ_ASR(v) (((v) & 0xf) << 16)
+#define TUSB_EP0_CONFIG_SW_EN (1 << 8)
+#define TUSB_EP0_CONFIG_DIR_TX (1 << 7)
+#define TUSB_EP0_CONFIG_XFR_SIZE(v) ((v) & 0x7f)
+#define TUSB_EP_CONFIG_SW_EN (1 << 31)
+#define TUSB_EP_CONFIG_XFR_SIZE(v) ((v) & 0x7fffffff)
+#define TUSB_PROD_TEST_RESET_VAL 0xa596
+
+static void tusb_intr_update(TUSBState *s)
+{
+ if (s->control_config & TUSB_INT_CTRL_CONF_INT_POLARITY)
+ qemu_set_irq(s->irq, s->intr & ~s->mask & s->intr_ok);
+ else
+ qemu_set_irq(s->irq, (!(s->intr & ~s->mask)) & s->intr_ok);
+}
+
+static void tusb_usbip_intr_update(TUSBState *s)
+{
+ /* TX interrupt in the MUSB */
+ if (s->usbip_intr & 0x0000ffff & ~s->usbip_mask)
+ s->intr |= TUSB_INT_SRC_USB_IP_TX;
+ else
+ s->intr &= ~TUSB_INT_SRC_USB_IP_TX;
+
+ /* RX interrupt in the MUSB */
+ if (s->usbip_intr & 0xffff0000 & ~s->usbip_mask)
+ s->intr |= TUSB_INT_SRC_USB_IP_RX;
+ else
+ s->intr &= ~TUSB_INT_SRC_USB_IP_RX;
+
+ /* XXX: What about TUSB_INT_SRC_USB_IP_CORE? */
+
+ tusb_intr_update(s);
+}
+
+static void tusb_dma_intr_update(TUSBState *s)
+{
+ if (s->dma_intr & ~s->dma_mask)
+ s->intr |= TUSB_INT_SRC_TXRX_DMA_DONE;
+ else
+ s->intr &= ~TUSB_INT_SRC_TXRX_DMA_DONE;
+
+ tusb_intr_update(s);
+}
+
+static void tusb_gpio_intr_update(TUSBState *s)
+{
+ /* TODO: How is this signalled? */
+}
+
+extern CPUReadMemoryFunc * const musb_read[];
+extern CPUWriteMemoryFunc * const musb_write[];
+
+static uint32_t tusb_async_readb(void *opaque, hwaddr addr)
+{
+ TUSBState *s = (TUSBState *) opaque;
+
+ switch (addr & 0xfff) {
+ case TUSB_BASE_OFFSET ... (TUSB_BASE_OFFSET | 0x1ff):
+ return musb_read[0](s->musb, addr & 0x1ff);
+
+ case TUSB_FIFO_BASE ... (TUSB_FIFO_BASE | 0x1ff):
+ return musb_read[0](s->musb, 0x20 + ((addr >> 3) & 0x3c));
+ }
+
+ printf("%s: unknown register at %03x\n",
+ __FUNCTION__, (int) (addr & 0xfff));
+ return 0;
+}
+
+static uint32_t tusb_async_readh(void *opaque, hwaddr addr)
+{
+ TUSBState *s = (TUSBState *) opaque;
+
+ switch (addr & 0xfff) {
+ case TUSB_BASE_OFFSET ... (TUSB_BASE_OFFSET | 0x1ff):
+ return musb_read[1](s->musb, addr & 0x1ff);
+
+ case TUSB_FIFO_BASE ... (TUSB_FIFO_BASE | 0x1ff):
+ return musb_read[1](s->musb, 0x20 + ((addr >> 3) & 0x3c));
+ }
+
+ printf("%s: unknown register at %03x\n",
+ __FUNCTION__, (int) (addr & 0xfff));
+ return 0;
+}
+
+static uint32_t tusb_async_readw(void *opaque, hwaddr addr)
+{
+ TUSBState *s = (TUSBState *) opaque;
+ int offset = addr & 0xfff;
+ int epnum;
+ uint32_t ret;
+
+ switch (offset) {
+ case TUSB_DEV_CONF:
+ return s->dev_config;
+
+ case TUSB_BASE_OFFSET ... (TUSB_BASE_OFFSET | 0x1ff):
+ return musb_read[2](s->musb, offset & 0x1ff);
+
+ case TUSB_FIFO_BASE ... (TUSB_FIFO_BASE | 0x1ff):
+ return musb_read[2](s->musb, 0x20 + ((addr >> 3) & 0x3c));
+
+ case TUSB_PHY_OTG_CTRL_ENABLE:
+ case TUSB_PHY_OTG_CTRL:
+ return 0x00; /* TODO */
+
+ case TUSB_DEV_OTG_STAT:
+ ret = s->otg_status;
+#if 0
+ if (!(s->prcm_mngmt & TUSB_PRCM_MNGMT_OTG_VBUS_DET_EN))
+ ret &= ~TUSB_DEV_OTG_STAT_VBUS_VALID;
+#endif
+ return ret;
+ case TUSB_DEV_OTG_TIMER:
+ return s->otg_timer_val;
+
+ case TUSB_PRCM_REV:
+ return 0x20;
+ case TUSB_PRCM_CONF:
+ return s->prcm_config;
+ case TUSB_PRCM_MNGMT:
+ return s->prcm_mngmt;
+ case TUSB_PRCM_WAKEUP_SOURCE:
+ case TUSB_PRCM_WAKEUP_CLEAR: /* TODO: What does this one return? */
+ return 0x00000000;
+ case TUSB_PRCM_WAKEUP_MASK:
+ return s->wkup_mask;
+
+ case TUSB_PULLUP_1_CTRL:
+ return s->pullup[0];
+ case TUSB_PULLUP_2_CTRL:
+ return s->pullup[1];
+
+ case TUSB_INT_CTRL_REV:
+ return 0x20;
+ case TUSB_INT_CTRL_CONF:
+ return s->control_config;
+
+ case TUSB_USBIP_INT_SRC:
+ case TUSB_USBIP_INT_SET: /* TODO: What do these two return? */
+ case TUSB_USBIP_INT_CLEAR:
+ return s->usbip_intr;
+ case TUSB_USBIP_INT_MASK:
+ return s->usbip_mask;
+
+ case TUSB_DMA_INT_SRC:
+ case TUSB_DMA_INT_SET: /* TODO: What do these two return? */
+ case TUSB_DMA_INT_CLEAR:
+ return s->dma_intr;
+ case TUSB_DMA_INT_MASK:
+ return s->dma_mask;
+
+ case TUSB_GPIO_INT_SRC: /* TODO: What do these two return? */
+ case TUSB_GPIO_INT_SET:
+ case TUSB_GPIO_INT_CLEAR:
+ return s->gpio_intr;
+ case TUSB_GPIO_INT_MASK:
+ return s->gpio_mask;
+
+ case TUSB_INT_SRC:
+ case TUSB_INT_SRC_SET: /* TODO: What do these two return? */
+ case TUSB_INT_SRC_CLEAR:
+ return s->intr;
+ case TUSB_INT_MASK:
+ return s->mask;
+
+ case TUSB_GPIO_REV:
+ return 0x30;
+ case TUSB_GPIO_CONF:
+ return s->gpio_config;
+
+ case TUSB_DMA_CTRL_REV:
+ return 0x30;
+ case TUSB_DMA_REQ_CONF:
+ return s->dma_config;
+ case TUSB_EP0_CONF:
+ return s->ep0_config;
+ case TUSB_EP_IN_SIZE ... (TUSB_EP_IN_SIZE + 0x3b):
+ epnum = (offset - TUSB_EP_IN_SIZE) >> 2;
+ return s->tx_config[epnum];
+ case TUSB_DMA_EP_MAP:
+ return s->dma_map;
+ case TUSB_EP_OUT_SIZE ... (TUSB_EP_OUT_SIZE + 0x3b):
+ epnum = (offset - TUSB_EP_OUT_SIZE) >> 2;
+ return s->rx_config[epnum];
+ case TUSB_EP_MAX_PACKET_SIZE_OFFSET ...
+ (TUSB_EP_MAX_PACKET_SIZE_OFFSET + 0x3b):
+ return 0x00000000; /* TODO */
+ case TUSB_WAIT_COUNT:
+ return 0x00; /* TODO */
+
+ case TUSB_SCRATCH_PAD:
+ return s->scratch;
+
+ case TUSB_PROD_TEST_RESET:
+ return s->test_reset;
+
+ /* DIE IDs */
+ case TUSB_DIDR1_LO:
+ return 0xa9453c59;
+ case TUSB_DIDR1_HI:
+ return 0x54059adf;
+ }
+
+ printf("%s: unknown register at %03x\n", __FUNCTION__, offset);
+ return 0;
+}
+
+static void tusb_async_writeb(void *opaque, hwaddr addr,
+ uint32_t value)
+{
+ TUSBState *s = (TUSBState *) opaque;
+
+ switch (addr & 0xfff) {
+ case TUSB_BASE_OFFSET ... (TUSB_BASE_OFFSET | 0x1ff):
+ musb_write[0](s->musb, addr & 0x1ff, value);
+ break;
+
+ case TUSB_FIFO_BASE ... (TUSB_FIFO_BASE | 0x1ff):
+ musb_write[0](s->musb, 0x20 + ((addr >> 3) & 0x3c), value);
+ break;
+
+ default:
+ printf("%s: unknown register at %03x\n",
+ __FUNCTION__, (int) (addr & 0xfff));
+ return;
+ }
+}
+
+static void tusb_async_writeh(void *opaque, hwaddr addr,
+ uint32_t value)
+{
+ TUSBState *s = (TUSBState *) opaque;
+
+ switch (addr & 0xfff) {
+ case TUSB_BASE_OFFSET ... (TUSB_BASE_OFFSET | 0x1ff):
+ musb_write[1](s->musb, addr & 0x1ff, value);
+ break;
+
+ case TUSB_FIFO_BASE ... (TUSB_FIFO_BASE | 0x1ff):
+ musb_write[1](s->musb, 0x20 + ((addr >> 3) & 0x3c), value);
+ break;
+
+ default:
+ printf("%s: unknown register at %03x\n",
+ __FUNCTION__, (int) (addr & 0xfff));
+ return;
+ }
+}
+
+static void tusb_async_writew(void *opaque, hwaddr addr,
+ uint32_t value)
+{
+ TUSBState *s = (TUSBState *) opaque;
+ int offset = addr & 0xfff;
+ int epnum;
+
+ switch (offset) {
+ case TUSB_VLYNQ_CTRL:
+ break;
+
+ case TUSB_BASE_OFFSET ... (TUSB_BASE_OFFSET | 0x1ff):
+ musb_write[2](s->musb, offset & 0x1ff, value);
+ break;
+
+ case TUSB_FIFO_BASE ... (TUSB_FIFO_BASE | 0x1ff):
+ musb_write[2](s->musb, 0x20 + ((addr >> 3) & 0x3c), value);
+ break;
+
+ case TUSB_DEV_CONF:
+ s->dev_config = value;
+ s->host_mode = (value & TUSB_DEV_CONF_USB_HOST_MODE);
+ if (value & TUSB_DEV_CONF_PROD_TEST_MODE)
+ hw_error("%s: Product Test mode not allowed\n", __FUNCTION__);
+ break;
+
+ case TUSB_PHY_OTG_CTRL_ENABLE:
+ case TUSB_PHY_OTG_CTRL:
+ return; /* TODO */
+ case TUSB_DEV_OTG_TIMER:
+ s->otg_timer_val = value;
+ if (value & TUSB_DEV_OTG_TIMER_ENABLE)
+ qemu_mod_timer(s->otg_timer, qemu_get_clock_ns(vm_clock) +
+ muldiv64(TUSB_DEV_OTG_TIMER_VAL(value),
+ get_ticks_per_sec(), TUSB_DEVCLOCK));
+ else
+ qemu_del_timer(s->otg_timer);
+ break;
+
+ case TUSB_PRCM_CONF:
+ s->prcm_config = value;
+ break;
+ case TUSB_PRCM_MNGMT:
+ s->prcm_mngmt = value;
+ break;
+ case TUSB_PRCM_WAKEUP_CLEAR:
+ break;
+ case TUSB_PRCM_WAKEUP_MASK:
+ s->wkup_mask = value;
+ break;
+
+ case TUSB_PULLUP_1_CTRL:
+ s->pullup[0] = value;
+ break;
+ case TUSB_PULLUP_2_CTRL:
+ s->pullup[1] = value;
+ break;
+ case TUSB_INT_CTRL_CONF:
+ s->control_config = value;
+ tusb_intr_update(s);
+ break;
+
+ case TUSB_USBIP_INT_SET:
+ s->usbip_intr |= value;
+ tusb_usbip_intr_update(s);
+ break;
+ case TUSB_USBIP_INT_CLEAR:
+ s->usbip_intr &= ~value;
+ tusb_usbip_intr_update(s);
+ musb_core_intr_clear(s->musb, ~value);
+ break;
+ case TUSB_USBIP_INT_MASK:
+ s->usbip_mask = value;
+ tusb_usbip_intr_update(s);
+ break;
+
+ case TUSB_DMA_INT_SET:
+ s->dma_intr |= value;
+ tusb_dma_intr_update(s);
+ break;
+ case TUSB_DMA_INT_CLEAR:
+ s->dma_intr &= ~value;
+ tusb_dma_intr_update(s);
+ break;
+ case TUSB_DMA_INT_MASK:
+ s->dma_mask = value;
+ tusb_dma_intr_update(s);
+ break;
+
+ case TUSB_GPIO_INT_SET:
+ s->gpio_intr |= value;
+ tusb_gpio_intr_update(s);
+ break;
+ case TUSB_GPIO_INT_CLEAR:
+ s->gpio_intr &= ~value;
+ tusb_gpio_intr_update(s);
+ break;
+ case TUSB_GPIO_INT_MASK:
+ s->gpio_mask = value;
+ tusb_gpio_intr_update(s);
+ break;
+
+ case TUSB_INT_SRC_SET:
+ s->intr |= value;
+ tusb_intr_update(s);
+ break;
+ case TUSB_INT_SRC_CLEAR:
+ s->intr &= ~value;
+ tusb_intr_update(s);
+ break;
+ case TUSB_INT_MASK:
+ s->mask = value;
+ tusb_intr_update(s);
+ break;
+
+ case TUSB_GPIO_CONF:
+ s->gpio_config = value;
+ break;
+ case TUSB_DMA_REQ_CONF:
+ s->dma_config = value;
+ break;
+ case TUSB_EP0_CONF:
+ s->ep0_config = value & 0x1ff;
+ musb_set_size(s->musb, 0, TUSB_EP0_CONFIG_XFR_SIZE(value),
+ value & TUSB_EP0_CONFIG_DIR_TX);
+ break;
+ case TUSB_EP_IN_SIZE ... (TUSB_EP_IN_SIZE + 0x3b):
+ epnum = (offset - TUSB_EP_IN_SIZE) >> 2;
+ s->tx_config[epnum] = value;
+ musb_set_size(s->musb, epnum + 1, TUSB_EP_CONFIG_XFR_SIZE(value), 1);
+ break;
+ case TUSB_DMA_EP_MAP:
+ s->dma_map = value;
+ break;
+ case TUSB_EP_OUT_SIZE ... (TUSB_EP_OUT_SIZE + 0x3b):
+ epnum = (offset - TUSB_EP_OUT_SIZE) >> 2;
+ s->rx_config[epnum] = value;
+ musb_set_size(s->musb, epnum + 1, TUSB_EP_CONFIG_XFR_SIZE(value), 0);
+ break;
+ case TUSB_EP_MAX_PACKET_SIZE_OFFSET ...
+ (TUSB_EP_MAX_PACKET_SIZE_OFFSET + 0x3b):
+ return; /* TODO */
+ case TUSB_WAIT_COUNT:
+ return; /* TODO */
+
+ case TUSB_SCRATCH_PAD:
+ s->scratch = value;
+ break;
+
+ case TUSB_PROD_TEST_RESET:
+ s->test_reset = value;
+ break;
+
+ default:
+ printf("%s: unknown register at %03x\n", __FUNCTION__, offset);
+ return;
+ }
+}
+
+static const MemoryRegionOps tusb_async_ops = {
+ .old_mmio = {
+ .read = { tusb_async_readb, tusb_async_readh, tusb_async_readw, },
+ .write = { tusb_async_writeb, tusb_async_writeh, tusb_async_writew, },
+ },
+ .endianness = DEVICE_NATIVE_ENDIAN,
+};
+
+static void tusb_otg_tick(void *opaque)
+{
+ TUSBState *s = (TUSBState *) opaque;
+
+ s->otg_timer_val = 0;
+ s->intr |= TUSB_INT_SRC_OTG_TIMEOUT;
+ tusb_intr_update(s);
+}
+
+static void tusb_power_tick(void *opaque)
+{
+ TUSBState *s = (TUSBState *) opaque;
+
+ if (s->power) {
+ s->intr_ok = ~0;
+ tusb_intr_update(s);
+ }
+}
+
+static void tusb_musb_core_intr(void *opaque, int source, int level)
+{
+ TUSBState *s = (TUSBState *) opaque;
+ uint16_t otg_status = s->otg_status;
+
+ switch (source) {
+ case musb_set_vbus:
+ if (level)
+ otg_status |= TUSB_DEV_OTG_STAT_VBUS_VALID;
+ else
+ otg_status &= ~TUSB_DEV_OTG_STAT_VBUS_VALID;
+
+ /* XXX: only if TUSB_PHY_OTG_CTRL_OTG_VBUS_DET_EN set? */
+ /* XXX: only if TUSB_PRCM_MNGMT_OTG_VBUS_DET_EN set? */
+ if (s->otg_status != otg_status) {
+ s->otg_status = otg_status;
+ s->intr |= TUSB_INT_SRC_VBUS_SENSE_CHNG;
+ tusb_intr_update(s);
+ }
+ break;
+
+ case musb_set_session:
+ /* XXX: only if TUSB_PHY_OTG_CTRL_OTG_SESS_END_EN set? */
+ /* XXX: only if TUSB_PRCM_MNGMT_OTG_SESS_END_EN set? */
+ if (level) {
+ s->otg_status |= TUSB_DEV_OTG_STAT_SESS_VALID;
+ s->otg_status &= ~TUSB_DEV_OTG_STAT_SESS_END;
+ } else {
+ s->otg_status &= ~TUSB_DEV_OTG_STAT_SESS_VALID;
+ s->otg_status |= TUSB_DEV_OTG_STAT_SESS_END;
+ }
+
+ /* XXX: some IRQ or anything? */
+ break;
+
+ case musb_irq_tx:
+ case musb_irq_rx:
+ s->usbip_intr = musb_core_intr_get(s->musb);
+ /* Fall through. */
+ default:
+ if (level)
+ s->intr |= 1 << source;
+ else
+ s->intr &= ~(1 << source);
+ tusb_intr_update(s);
+ break;
+ }
+}
+
+static void tusb6010_power(TUSBState *s, int on)
+{
+ if (!on) {
+ s->power = 0;
+ } else if (!s->power && on) {
+ s->power = 1;
+ /* Pull the interrupt down after TUSB6010 comes up. */
+ s->intr_ok = 0;
+ tusb_intr_update(s);
+ qemu_mod_timer(s->pwr_timer,
+ qemu_get_clock_ns(vm_clock) + get_ticks_per_sec() / 2);
+ }
+}
+
+static void tusb6010_irq(void *opaque, int source, int level)
+{
+ if (source) {
+ tusb_musb_core_intr(opaque, source - 1, level);
+ } else {
+ tusb6010_power(opaque, level);
+ }
+}
+
+static void tusb6010_reset(DeviceState *dev)
+{
+ TUSBState *s = TUSB(dev);
+ int i;
+
+ s->test_reset = TUSB_PROD_TEST_RESET_VAL;
+ s->host_mode = 0;
+ s->dev_config = 0;
+ s->otg_status = 0; /* !TUSB_DEV_OTG_STAT_ID_STATUS means host mode */
+ s->power = 0;
+ s->mask = 0xffffffff;
+ s->intr = 0x00000000;
+ s->otg_timer_val = 0;
+ s->scratch = 0;
+ s->prcm_config = 0;
+ s->prcm_mngmt = 0;
+ s->intr_ok = 0;
+ s->usbip_intr = 0;
+ s->usbip_mask = 0;
+ s->gpio_intr = 0;
+ s->gpio_mask = 0;
+ s->gpio_config = 0;
+ s->dma_intr = 0;
+ s->dma_mask = 0;
+ s->dma_map = 0;
+ s->dma_config = 0;
+ s->ep0_config = 0;
+ s->wkup_mask = 0;
+ s->pullup[0] = s->pullup[1] = 0;
+ s->control_config = 0;
+ for (i = 0; i < 15; i++) {
+ s->rx_config[i] = s->tx_config[i] = 0;
+ }
+ musb_reset(s->musb);
+}
+
+static int tusb6010_init(SysBusDevice *sbd)
+{
+ DeviceState *dev = DEVICE(sbd);
+ TUSBState *s = TUSB(dev);
+
+ s->otg_timer = qemu_new_timer_ns(vm_clock, tusb_otg_tick, s);
+ s->pwr_timer = qemu_new_timer_ns(vm_clock, tusb_power_tick, s);
+ memory_region_init_io(&s->iomem[1], OBJECT(s), &tusb_async_ops, s,
+ "tusb-async", UINT32_MAX);
+ sysbus_init_mmio(sbd, &s->iomem[0]);
+ sysbus_init_mmio(sbd, &s->iomem[1]);
+ sysbus_init_irq(sbd, &s->irq);
+ qdev_init_gpio_in(dev, tusb6010_irq, musb_irq_max + 1);
+ s->musb = musb_init(dev, 1);
+ return 0;
+}
+
+static void tusb6010_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
+
+ k->init = tusb6010_init;
+ dc->reset = tusb6010_reset;
+}
+
+static const TypeInfo tusb6010_info = {
+ .name = TYPE_TUSB6010,
+ .parent = TYPE_SYS_BUS_DEVICE,
+ .instance_size = sizeof(TUSBState),
+ .class_init = tusb6010_class_init,
+};
+
+static void tusb6010_register_types(void)
+{
+ type_register_static(&tusb6010_info);
+}
+
+type_init(tusb6010_register_types)
diff --git a/hw/timer/twl92230.c b/hw/timer/twl92230.c
new file mode 100644
index 000000000..b730d853f
--- /dev/null
+++ b/hw/timer/twl92230.c
@@ -0,0 +1,882 @@
+/*
+ * TI TWL92230C energy-management companion device for the OMAP24xx.
+ * Aka. Menelaus (N4200 MENELAUS1_V2.2)
+ *
+ * Copyright (C) 2008 Nokia Corporation
+ * Written by Andrzej Zaborowski <andrew@openedhand.com>
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License as
+ * published by the Free Software Foundation; either version 2 or
+ * (at your option) version 3 of the License.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "hw/hw.h"
+#include "qemu/timer.h"
+#include "hw/i2c/i2c.h"
+#include "sysemu/sysemu.h"
+#include "ui/console.h"
+
+#define VERBOSE 1
+
+typedef struct {
+ I2CSlave i2c;
+
+ int firstbyte;
+ uint8_t reg;
+
+ uint8_t vcore[5];
+ uint8_t dcdc[3];
+ uint8_t ldo[8];
+ uint8_t sleep[2];
+ uint8_t osc;
+ uint8_t detect;
+ uint16_t mask;
+ uint16_t status;
+ uint8_t dir;
+ uint8_t inputs;
+ uint8_t outputs;
+ uint8_t bbsms;
+ uint8_t pull[4];
+ uint8_t mmc_ctrl[3];
+ uint8_t mmc_debounce;
+ struct {
+ uint8_t ctrl;
+ uint16_t comp;
+ QEMUTimer *hz_tm;
+ int64_t next;
+ struct tm tm;
+ struct tm new;
+ struct tm alm;
+ int sec_offset;
+ int alm_sec;
+ int next_comp;
+ } rtc;
+ uint16_t rtc_next_vmstate;
+ qemu_irq out[4];
+ uint8_t pwrbtn_state;
+} MenelausState;
+
+static inline void menelaus_update(MenelausState *s)
+{
+ qemu_set_irq(s->out[3], s->status & ~s->mask);
+}
+
+static inline void menelaus_rtc_start(MenelausState *s)
+{
+ s->rtc.next += qemu_get_clock_ms(rtc_clock);
+ qemu_mod_timer(s->rtc.hz_tm, s->rtc.next);
+}
+
+static inline void menelaus_rtc_stop(MenelausState *s)
+{
+ qemu_del_timer(s->rtc.hz_tm);
+ s->rtc.next -= qemu_get_clock_ms(rtc_clock);
+ if (s->rtc.next < 1)
+ s->rtc.next = 1;
+}
+
+static void menelaus_rtc_update(MenelausState *s)
+{
+ qemu_get_timedate(&s->rtc.tm, s->rtc.sec_offset);
+}
+
+static void menelaus_alm_update(MenelausState *s)
+{
+ if ((s->rtc.ctrl & 3) == 3)
+ s->rtc.alm_sec = qemu_timedate_diff(&s->rtc.alm) - s->rtc.sec_offset;
+}
+
+static void menelaus_rtc_hz(void *opaque)
+{
+ MenelausState *s = (MenelausState *) opaque;
+
+ s->rtc.next_comp --;
+ s->rtc.alm_sec --;
+ s->rtc.next += 1000;
+ qemu_mod_timer(s->rtc.hz_tm, s->rtc.next);
+ if ((s->rtc.ctrl >> 3) & 3) { /* EVERY */
+ menelaus_rtc_update(s);
+ if (((s->rtc.ctrl >> 3) & 3) == 1 && !s->rtc.tm.tm_sec)
+ s->status |= 1 << 8; /* RTCTMR */
+ else if (((s->rtc.ctrl >> 3) & 3) == 2 && !s->rtc.tm.tm_min)
+ s->status |= 1 << 8; /* RTCTMR */
+ else if (!s->rtc.tm.tm_hour)
+ s->status |= 1 << 8; /* RTCTMR */
+ } else
+ s->status |= 1 << 8; /* RTCTMR */
+ if ((s->rtc.ctrl >> 1) & 1) { /* RTC_AL_EN */
+ if (s->rtc.alm_sec == 0)
+ s->status |= 1 << 9; /* RTCALM */
+ /* TODO: wake-up */
+ }
+ if (s->rtc.next_comp <= 0) {
+ s->rtc.next -= muldiv64((int16_t) s->rtc.comp, 1000, 0x8000);
+ s->rtc.next_comp = 3600;
+ }
+ menelaus_update(s);
+}
+
+static void menelaus_reset(I2CSlave *i2c)
+{
+ MenelausState *s = (MenelausState *) i2c;
+ s->reg = 0x00;
+
+ s->vcore[0] = 0x0c; /* XXX: X-loader needs 0x8c? check! */
+ s->vcore[1] = 0x05;
+ s->vcore[2] = 0x02;
+ s->vcore[3] = 0x0c;
+ s->vcore[4] = 0x03;
+ s->dcdc[0] = 0x33; /* Depends on wiring */
+ s->dcdc[1] = 0x03;
+ s->dcdc[2] = 0x00;
+ s->ldo[0] = 0x95;
+ s->ldo[1] = 0x7e;
+ s->ldo[2] = 0x00;
+ s->ldo[3] = 0x00; /* Depends on wiring */
+ s->ldo[4] = 0x03; /* Depends on wiring */
+ s->ldo[5] = 0x00;
+ s->ldo[6] = 0x00;
+ s->ldo[7] = 0x00;
+ s->sleep[0] = 0x00;
+ s->sleep[1] = 0x00;
+ s->osc = 0x01;
+ s->detect = 0x09;
+ s->mask = 0x0fff;
+ s->status = 0;
+ s->dir = 0x07;
+ s->outputs = 0x00;
+ s->bbsms = 0x00;
+ s->pull[0] = 0x00;
+ s->pull[1] = 0x00;
+ s->pull[2] = 0x00;
+ s->pull[3] = 0x00;
+ s->mmc_ctrl[0] = 0x03;
+ s->mmc_ctrl[1] = 0xc0;
+ s->mmc_ctrl[2] = 0x00;
+ s->mmc_debounce = 0x05;
+
+ if (s->rtc.ctrl & 1)
+ menelaus_rtc_stop(s);
+ s->rtc.ctrl = 0x00;
+ s->rtc.comp = 0x0000;
+ s->rtc.next = 1000;
+ s->rtc.sec_offset = 0;
+ s->rtc.next_comp = 1800;
+ s->rtc.alm_sec = 1800;
+ s->rtc.alm.tm_sec = 0x00;
+ s->rtc.alm.tm_min = 0x00;
+ s->rtc.alm.tm_hour = 0x00;
+ s->rtc.alm.tm_mday = 0x01;
+ s->rtc.alm.tm_mon = 0x00;
+ s->rtc.alm.tm_year = 2004;
+ menelaus_update(s);
+}
+
+static void menelaus_gpio_set(void *opaque, int line, int level)
+{
+ MenelausState *s = (MenelausState *) opaque;
+
+ if (line < 3) {
+ /* No interrupt generated */
+ s->inputs &= ~(1 << line);
+ s->inputs |= level << line;
+ return;
+ }
+
+ if (!s->pwrbtn_state && level) {
+ s->status |= 1 << 11; /* PSHBTN */
+ menelaus_update(s);
+ }
+ s->pwrbtn_state = level;
+}
+
+#define MENELAUS_REV 0x01
+#define MENELAUS_VCORE_CTRL1 0x02
+#define MENELAUS_VCORE_CTRL2 0x03
+#define MENELAUS_VCORE_CTRL3 0x04
+#define MENELAUS_VCORE_CTRL4 0x05
+#define MENELAUS_VCORE_CTRL5 0x06
+#define MENELAUS_DCDC_CTRL1 0x07
+#define MENELAUS_DCDC_CTRL2 0x08
+#define MENELAUS_DCDC_CTRL3 0x09
+#define MENELAUS_LDO_CTRL1 0x0a
+#define MENELAUS_LDO_CTRL2 0x0b
+#define MENELAUS_LDO_CTRL3 0x0c
+#define MENELAUS_LDO_CTRL4 0x0d
+#define MENELAUS_LDO_CTRL5 0x0e
+#define MENELAUS_LDO_CTRL6 0x0f
+#define MENELAUS_LDO_CTRL7 0x10
+#define MENELAUS_LDO_CTRL8 0x11
+#define MENELAUS_SLEEP_CTRL1 0x12
+#define MENELAUS_SLEEP_CTRL2 0x13
+#define MENELAUS_DEVICE_OFF 0x14
+#define MENELAUS_OSC_CTRL 0x15
+#define MENELAUS_DETECT_CTRL 0x16
+#define MENELAUS_INT_MASK1 0x17
+#define MENELAUS_INT_MASK2 0x18
+#define MENELAUS_INT_STATUS1 0x19
+#define MENELAUS_INT_STATUS2 0x1a
+#define MENELAUS_INT_ACK1 0x1b
+#define MENELAUS_INT_ACK2 0x1c
+#define MENELAUS_GPIO_CTRL 0x1d
+#define MENELAUS_GPIO_IN 0x1e
+#define MENELAUS_GPIO_OUT 0x1f
+#define MENELAUS_BBSMS 0x20
+#define MENELAUS_RTC_CTRL 0x21
+#define MENELAUS_RTC_UPDATE 0x22
+#define MENELAUS_RTC_SEC 0x23
+#define MENELAUS_RTC_MIN 0x24
+#define MENELAUS_RTC_HR 0x25
+#define MENELAUS_RTC_DAY 0x26
+#define MENELAUS_RTC_MON 0x27
+#define MENELAUS_RTC_YR 0x28
+#define MENELAUS_RTC_WKDAY 0x29
+#define MENELAUS_RTC_AL_SEC 0x2a
+#define MENELAUS_RTC_AL_MIN 0x2b
+#define MENELAUS_RTC_AL_HR 0x2c
+#define MENELAUS_RTC_AL_DAY 0x2d
+#define MENELAUS_RTC_AL_MON 0x2e
+#define MENELAUS_RTC_AL_YR 0x2f
+#define MENELAUS_RTC_COMP_MSB 0x30
+#define MENELAUS_RTC_COMP_LSB 0x31
+#define MENELAUS_S1_PULL_EN 0x32
+#define MENELAUS_S1_PULL_DIR 0x33
+#define MENELAUS_S2_PULL_EN 0x34
+#define MENELAUS_S2_PULL_DIR 0x35
+#define MENELAUS_MCT_CTRL1 0x36
+#define MENELAUS_MCT_CTRL2 0x37
+#define MENELAUS_MCT_CTRL3 0x38
+#define MENELAUS_MCT_PIN_ST 0x39
+#define MENELAUS_DEBOUNCE1 0x3a
+
+static uint8_t menelaus_read(void *opaque, uint8_t addr)
+{
+ MenelausState *s = (MenelausState *) opaque;
+ int reg = 0;
+
+ switch (addr) {
+ case MENELAUS_REV:
+ return 0x22;
+
+ case MENELAUS_VCORE_CTRL5: reg ++;
+ case MENELAUS_VCORE_CTRL4: reg ++;
+ case MENELAUS_VCORE_CTRL3: reg ++;
+ case MENELAUS_VCORE_CTRL2: reg ++;
+ case MENELAUS_VCORE_CTRL1:
+ return s->vcore[reg];
+
+ case MENELAUS_DCDC_CTRL3: reg ++;
+ case MENELAUS_DCDC_CTRL2: reg ++;
+ case MENELAUS_DCDC_CTRL1:
+ return s->dcdc[reg];
+
+ case MENELAUS_LDO_CTRL8: reg ++;
+ case MENELAUS_LDO_CTRL7: reg ++;
+ case MENELAUS_LDO_CTRL6: reg ++;
+ case MENELAUS_LDO_CTRL5: reg ++;
+ case MENELAUS_LDO_CTRL4: reg ++;
+ case MENELAUS_LDO_CTRL3: reg ++;
+ case MENELAUS_LDO_CTRL2: reg ++;
+ case MENELAUS_LDO_CTRL1:
+ return s->ldo[reg];
+
+ case MENELAUS_SLEEP_CTRL2: reg ++;
+ case MENELAUS_SLEEP_CTRL1:
+ return s->sleep[reg];
+
+ case MENELAUS_DEVICE_OFF:
+ return 0;
+
+ case MENELAUS_OSC_CTRL:
+ return s->osc | (1 << 7); /* CLK32K_GOOD */
+
+ case MENELAUS_DETECT_CTRL:
+ return s->detect;
+
+ case MENELAUS_INT_MASK1:
+ return (s->mask >> 0) & 0xff;
+ case MENELAUS_INT_MASK2:
+ return (s->mask >> 8) & 0xff;
+
+ case MENELAUS_INT_STATUS1:
+ return (s->status >> 0) & 0xff;
+ case MENELAUS_INT_STATUS2:
+ return (s->status >> 8) & 0xff;
+
+ case MENELAUS_INT_ACK1:
+ case MENELAUS_INT_ACK2:
+ return 0;
+
+ case MENELAUS_GPIO_CTRL:
+ return s->dir;
+ case MENELAUS_GPIO_IN:
+ return s->inputs | (~s->dir & s->outputs);
+ case MENELAUS_GPIO_OUT:
+ return s->outputs;
+
+ case MENELAUS_BBSMS:
+ return s->bbsms;
+
+ case MENELAUS_RTC_CTRL:
+ return s->rtc.ctrl;
+ case MENELAUS_RTC_UPDATE:
+ return 0x00;
+ case MENELAUS_RTC_SEC:
+ menelaus_rtc_update(s);
+ return to_bcd(s->rtc.tm.tm_sec);
+ case MENELAUS_RTC_MIN:
+ menelaus_rtc_update(s);
+ return to_bcd(s->rtc.tm.tm_min);
+ case MENELAUS_RTC_HR:
+ menelaus_rtc_update(s);
+ if ((s->rtc.ctrl >> 2) & 1) /* MODE12_n24 */
+ return to_bcd((s->rtc.tm.tm_hour % 12) + 1) |
+ (!!(s->rtc.tm.tm_hour >= 12) << 7); /* PM_nAM */
+ else
+ return to_bcd(s->rtc.tm.tm_hour);
+ case MENELAUS_RTC_DAY:
+ menelaus_rtc_update(s);
+ return to_bcd(s->rtc.tm.tm_mday);
+ case MENELAUS_RTC_MON:
+ menelaus_rtc_update(s);
+ return to_bcd(s->rtc.tm.tm_mon + 1);
+ case MENELAUS_RTC_YR:
+ menelaus_rtc_update(s);
+ return to_bcd(s->rtc.tm.tm_year - 2000);
+ case MENELAUS_RTC_WKDAY:
+ menelaus_rtc_update(s);
+ return to_bcd(s->rtc.tm.tm_wday);
+ case MENELAUS_RTC_AL_SEC:
+ return to_bcd(s->rtc.alm.tm_sec);
+ case MENELAUS_RTC_AL_MIN:
+ return to_bcd(s->rtc.alm.tm_min);
+ case MENELAUS_RTC_AL_HR:
+ if ((s->rtc.ctrl >> 2) & 1) /* MODE12_n24 */
+ return to_bcd((s->rtc.alm.tm_hour % 12) + 1) |
+ (!!(s->rtc.alm.tm_hour >= 12) << 7);/* AL_PM_nAM */
+ else
+ return to_bcd(s->rtc.alm.tm_hour);
+ case MENELAUS_RTC_AL_DAY:
+ return to_bcd(s->rtc.alm.tm_mday);
+ case MENELAUS_RTC_AL_MON:
+ return to_bcd(s->rtc.alm.tm_mon + 1);
+ case MENELAUS_RTC_AL_YR:
+ return to_bcd(s->rtc.alm.tm_year - 2000);
+ case MENELAUS_RTC_COMP_MSB:
+ return (s->rtc.comp >> 8) & 0xff;
+ case MENELAUS_RTC_COMP_LSB:
+ return (s->rtc.comp >> 0) & 0xff;
+
+ case MENELAUS_S1_PULL_EN:
+ return s->pull[0];
+ case MENELAUS_S1_PULL_DIR:
+ return s->pull[1];
+ case MENELAUS_S2_PULL_EN:
+ return s->pull[2];
+ case MENELAUS_S2_PULL_DIR:
+ return s->pull[3];
+
+ case MENELAUS_MCT_CTRL3: reg ++;
+ case MENELAUS_MCT_CTRL2: reg ++;
+ case MENELAUS_MCT_CTRL1:
+ return s->mmc_ctrl[reg];
+ case MENELAUS_MCT_PIN_ST:
+ /* TODO: return the real Card Detect */
+ return 0;
+ case MENELAUS_DEBOUNCE1:
+ return s->mmc_debounce;
+
+ default:
+#ifdef VERBOSE
+ printf("%s: unknown register %02x\n", __FUNCTION__, addr);
+#endif
+ break;
+ }
+ return 0;
+}
+
+static void menelaus_write(void *opaque, uint8_t addr, uint8_t value)
+{
+ MenelausState *s = (MenelausState *) opaque;
+ int line;
+ int reg = 0;
+ struct tm tm;
+
+ switch (addr) {
+ case MENELAUS_VCORE_CTRL1:
+ s->vcore[0] = (value & 0xe) | MIN(value & 0x1f, 0x12);
+ break;
+ case MENELAUS_VCORE_CTRL2:
+ s->vcore[1] = value;
+ break;
+ case MENELAUS_VCORE_CTRL3:
+ s->vcore[2] = MIN(value & 0x1f, 0x12);
+ break;
+ case MENELAUS_VCORE_CTRL4:
+ s->vcore[3] = MIN(value & 0x1f, 0x12);
+ break;
+ case MENELAUS_VCORE_CTRL5:
+ s->vcore[4] = value & 3;
+ /* XXX
+ * auto set to 3 on M_Active, nRESWARM
+ * auto set to 0 on M_WaitOn, M_Backup
+ */
+ break;
+
+ case MENELAUS_DCDC_CTRL1:
+ s->dcdc[0] = value & 0x3f;
+ break;
+ case MENELAUS_DCDC_CTRL2:
+ s->dcdc[1] = value & 0x07;
+ /* XXX
+ * auto set to 3 on M_Active, nRESWARM
+ * auto set to 0 on M_WaitOn, M_Backup
+ */
+ break;
+ case MENELAUS_DCDC_CTRL3:
+ s->dcdc[2] = value & 0x07;
+ break;
+
+ case MENELAUS_LDO_CTRL1:
+ s->ldo[0] = value;
+ break;
+ case MENELAUS_LDO_CTRL2:
+ s->ldo[1] = value & 0x7f;
+ /* XXX
+ * auto set to 0x7e on M_WaitOn, M_Backup
+ */
+ break;
+ case MENELAUS_LDO_CTRL3:
+ s->ldo[2] = value & 3;
+ /* XXX
+ * auto set to 3 on M_Active, nRESWARM
+ * auto set to 0 on M_WaitOn, M_Backup
+ */
+ break;
+ case MENELAUS_LDO_CTRL4:
+ s->ldo[3] = value & 3;
+ /* XXX
+ * auto set to 3 on M_Active, nRESWARM
+ * auto set to 0 on M_WaitOn, M_Backup
+ */
+ break;
+ case MENELAUS_LDO_CTRL5:
+ s->ldo[4] = value & 3;
+ /* XXX
+ * auto set to 3 on M_Active, nRESWARM
+ * auto set to 0 on M_WaitOn, M_Backup
+ */
+ break;
+ case MENELAUS_LDO_CTRL6:
+ s->ldo[5] = value & 3;
+ break;
+ case MENELAUS_LDO_CTRL7:
+ s->ldo[6] = value & 3;
+ break;
+ case MENELAUS_LDO_CTRL8:
+ s->ldo[7] = value & 3;
+ break;
+
+ case MENELAUS_SLEEP_CTRL2: reg ++;
+ case MENELAUS_SLEEP_CTRL1:
+ s->sleep[reg] = value;
+ break;
+
+ case MENELAUS_DEVICE_OFF:
+ if (value & 1)
+ menelaus_reset(&s->i2c);
+ break;
+
+ case MENELAUS_OSC_CTRL:
+ s->osc = value & 7;
+ break;
+
+ case MENELAUS_DETECT_CTRL:
+ s->detect = value & 0x7f;
+ break;
+
+ case MENELAUS_INT_MASK1:
+ s->mask &= 0xf00;
+ s->mask |= value << 0;
+ menelaus_update(s);
+ break;
+ case MENELAUS_INT_MASK2:
+ s->mask &= 0x0ff;
+ s->mask |= value << 8;
+ menelaus_update(s);
+ break;
+
+ case MENELAUS_INT_ACK1:
+ s->status &= ~(((uint16_t) value) << 0);
+ menelaus_update(s);
+ break;
+ case MENELAUS_INT_ACK2:
+ s->status &= ~(((uint16_t) value) << 8);
+ menelaus_update(s);
+ break;
+
+ case MENELAUS_GPIO_CTRL:
+ for (line = 0; line < 3; line ++) {
+ if (((s->dir ^ value) >> line) & 1) {
+ qemu_set_irq(s->out[line],
+ ((s->outputs & ~s->dir) >> line) & 1);
+ }
+ }
+ s->dir = value & 0x67;
+ break;
+ case MENELAUS_GPIO_OUT:
+ for (line = 0; line < 3; line ++) {
+ if ((((s->outputs ^ value) & ~s->dir) >> line) & 1) {
+ qemu_set_irq(s->out[line], (s->outputs >> line) & 1);
+ }
+ }
+ s->outputs = value & 0x07;
+ break;
+
+ case MENELAUS_BBSMS:
+ s->bbsms = 0x0d;
+ break;
+
+ case MENELAUS_RTC_CTRL:
+ if ((s->rtc.ctrl ^ value) & 1) { /* RTC_EN */
+ if (value & 1)
+ menelaus_rtc_start(s);
+ else
+ menelaus_rtc_stop(s);
+ }
+ s->rtc.ctrl = value & 0x1f;
+ menelaus_alm_update(s);
+ break;
+ case MENELAUS_RTC_UPDATE:
+ menelaus_rtc_update(s);
+ memcpy(&tm, &s->rtc.tm, sizeof(tm));
+ switch (value & 0xf) {
+ case 0:
+ break;
+ case 1:
+ tm.tm_sec = s->rtc.new.tm_sec;
+ break;
+ case 2:
+ tm.tm_min = s->rtc.new.tm_min;
+ break;
+ case 3:
+ if (s->rtc.new.tm_hour > 23)
+ goto rtc_badness;
+ tm.tm_hour = s->rtc.new.tm_hour;
+ break;
+ case 4:
+ if (s->rtc.new.tm_mday < 1)
+ goto rtc_badness;
+ /* TODO check range */
+ tm.tm_mday = s->rtc.new.tm_mday;
+ break;
+ case 5:
+ if (s->rtc.new.tm_mon < 0 || s->rtc.new.tm_mon > 11)
+ goto rtc_badness;
+ tm.tm_mon = s->rtc.new.tm_mon;
+ break;
+ case 6:
+ tm.tm_year = s->rtc.new.tm_year;
+ break;
+ case 7:
+ /* TODO set .tm_mday instead */
+ tm.tm_wday = s->rtc.new.tm_wday;
+ break;
+ case 8:
+ if (s->rtc.new.tm_hour > 23)
+ goto rtc_badness;
+ if (s->rtc.new.tm_mday < 1)
+ goto rtc_badness;
+ if (s->rtc.new.tm_mon < 0 || s->rtc.new.tm_mon > 11)
+ goto rtc_badness;
+ tm.tm_sec = s->rtc.new.tm_sec;
+ tm.tm_min = s->rtc.new.tm_min;
+ tm.tm_hour = s->rtc.new.tm_hour;
+ tm.tm_mday = s->rtc.new.tm_mday;
+ tm.tm_mon = s->rtc.new.tm_mon;
+ tm.tm_year = s->rtc.new.tm_year;
+ break;
+ rtc_badness:
+ default:
+ fprintf(stderr, "%s: bad RTC_UPDATE value %02x\n",
+ __FUNCTION__, value);
+ s->status |= 1 << 10; /* RTCERR */
+ menelaus_update(s);
+ }
+ s->rtc.sec_offset = qemu_timedate_diff(&tm);
+ break;
+ case MENELAUS_RTC_SEC:
+ s->rtc.tm.tm_sec = from_bcd(value & 0x7f);
+ break;
+ case MENELAUS_RTC_MIN:
+ s->rtc.tm.tm_min = from_bcd(value & 0x7f);
+ break;
+ case MENELAUS_RTC_HR:
+ s->rtc.tm.tm_hour = (s->rtc.ctrl & (1 << 2)) ? /* MODE12_n24 */
+ MIN(from_bcd(value & 0x3f), 12) + ((value >> 7) ? 11 : -1) :
+ from_bcd(value & 0x3f);
+ break;
+ case MENELAUS_RTC_DAY:
+ s->rtc.tm.tm_mday = from_bcd(value);
+ break;
+ case MENELAUS_RTC_MON:
+ s->rtc.tm.tm_mon = MAX(1, from_bcd(value)) - 1;
+ break;
+ case MENELAUS_RTC_YR:
+ s->rtc.tm.tm_year = 2000 + from_bcd(value);
+ break;
+ case MENELAUS_RTC_WKDAY:
+ s->rtc.tm.tm_mday = from_bcd(value);
+ break;
+ case MENELAUS_RTC_AL_SEC:
+ s->rtc.alm.tm_sec = from_bcd(value & 0x7f);
+ menelaus_alm_update(s);
+ break;
+ case MENELAUS_RTC_AL_MIN:
+ s->rtc.alm.tm_min = from_bcd(value & 0x7f);
+ menelaus_alm_update(s);
+ break;
+ case MENELAUS_RTC_AL_HR:
+ s->rtc.alm.tm_hour = (s->rtc.ctrl & (1 << 2)) ? /* MODE12_n24 */
+ MIN(from_bcd(value & 0x3f), 12) + ((value >> 7) ? 11 : -1) :
+ from_bcd(value & 0x3f);
+ menelaus_alm_update(s);
+ break;
+ case MENELAUS_RTC_AL_DAY:
+ s->rtc.alm.tm_mday = from_bcd(value);
+ menelaus_alm_update(s);
+ break;
+ case MENELAUS_RTC_AL_MON:
+ s->rtc.alm.tm_mon = MAX(1, from_bcd(value)) - 1;
+ menelaus_alm_update(s);
+ break;
+ case MENELAUS_RTC_AL_YR:
+ s->rtc.alm.tm_year = 2000 + from_bcd(value);
+ menelaus_alm_update(s);
+ break;
+ case MENELAUS_RTC_COMP_MSB:
+ s->rtc.comp &= 0xff;
+ s->rtc.comp |= value << 8;
+ break;
+ case MENELAUS_RTC_COMP_LSB:
+ s->rtc.comp &= 0xff << 8;
+ s->rtc.comp |= value;
+ break;
+
+ case MENELAUS_S1_PULL_EN:
+ s->pull[0] = value;
+ break;
+ case MENELAUS_S1_PULL_DIR:
+ s->pull[1] = value & 0x1f;
+ break;
+ case MENELAUS_S2_PULL_EN:
+ s->pull[2] = value;
+ break;
+ case MENELAUS_S2_PULL_DIR:
+ s->pull[3] = value & 0x1f;
+ break;
+
+ case MENELAUS_MCT_CTRL1:
+ s->mmc_ctrl[0] = value & 0x7f;
+ break;
+ case MENELAUS_MCT_CTRL2:
+ s->mmc_ctrl[1] = value;
+ /* TODO update Card Detect interrupts */
+ break;
+ case MENELAUS_MCT_CTRL3:
+ s->mmc_ctrl[2] = value & 0xf;
+ break;
+ case MENELAUS_DEBOUNCE1:
+ s->mmc_debounce = value & 0x3f;
+ break;
+
+ default:
+#ifdef VERBOSE
+ printf("%s: unknown register %02x\n", __FUNCTION__, addr);
+#endif
+ }
+}
+
+static void menelaus_event(I2CSlave *i2c, enum i2c_event event)
+{
+ MenelausState *s = (MenelausState *) i2c;
+
+ if (event == I2C_START_SEND)
+ s->firstbyte = 1;
+}
+
+static int menelaus_tx(I2CSlave *i2c, uint8_t data)
+{
+ MenelausState *s = (MenelausState *) i2c;
+ /* Interpret register address byte */
+ if (s->firstbyte) {
+ s->reg = data;
+ s->firstbyte = 0;
+ } else
+ menelaus_write(s, s->reg ++, data);
+
+ return 0;
+}
+
+static int menelaus_rx(I2CSlave *i2c)
+{
+ MenelausState *s = (MenelausState *) i2c;
+
+ return menelaus_read(s, s->reg ++);
+}
+
+/* Save restore 32 bit int as uint16_t
+ This is a Big hack, but it is how the old state did it.
+ Or we broke compatibility in the state, or we can't use struct tm
+ */
+
+static int get_int32_as_uint16(QEMUFile *f, void *pv, size_t size)
+{
+ int *v = pv;
+ *v = qemu_get_be16(f);
+ return 0;
+}
+
+static void put_int32_as_uint16(QEMUFile *f, void *pv, size_t size)
+{
+ int *v = pv;
+ qemu_put_be16(f, *v);
+}
+
+static const VMStateInfo vmstate_hack_int32_as_uint16 = {
+ .name = "int32_as_uint16",
+ .get = get_int32_as_uint16,
+ .put = put_int32_as_uint16,
+};
+
+#define VMSTATE_UINT16_HACK(_f, _s) \
+ VMSTATE_SINGLE(_f, _s, 0, vmstate_hack_int32_as_uint16, int32_t)
+
+
+static const VMStateDescription vmstate_menelaus_tm = {
+ .name = "menelaus_tm",
+ .version_id = 0,
+ .minimum_version_id = 0,
+ .minimum_version_id_old = 0,
+ .fields = (VMStateField []) {
+ VMSTATE_UINT16_HACK(tm_sec, struct tm),
+ VMSTATE_UINT16_HACK(tm_min, struct tm),
+ VMSTATE_UINT16_HACK(tm_hour, struct tm),
+ VMSTATE_UINT16_HACK(tm_mday, struct tm),
+ VMSTATE_UINT16_HACK(tm_min, struct tm),
+ VMSTATE_UINT16_HACK(tm_year, struct tm),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+static void menelaus_pre_save(void *opaque)
+{
+ MenelausState *s = opaque;
+ /* Should be <= 1000 */
+ s->rtc_next_vmstate = s->rtc.next - qemu_get_clock_ms(rtc_clock);
+}
+
+static int menelaus_post_load(void *opaque, int version_id)
+{
+ MenelausState *s = opaque;
+
+ if (s->rtc.ctrl & 1) /* RTC_EN */
+ menelaus_rtc_stop(s);
+
+ s->rtc.next = s->rtc_next_vmstate;
+
+ menelaus_alm_update(s);
+ menelaus_update(s);
+ if (s->rtc.ctrl & 1) /* RTC_EN */
+ menelaus_rtc_start(s);
+ return 0;
+}
+
+static const VMStateDescription vmstate_menelaus = {
+ .name = "menelaus",
+ .version_id = 0,
+ .minimum_version_id = 0,
+ .minimum_version_id_old = 0,
+ .pre_save = menelaus_pre_save,
+ .post_load = menelaus_post_load,
+ .fields = (VMStateField []) {
+ VMSTATE_INT32(firstbyte, MenelausState),
+ VMSTATE_UINT8(reg, MenelausState),
+ VMSTATE_UINT8_ARRAY(vcore, MenelausState, 5),
+ VMSTATE_UINT8_ARRAY(dcdc, MenelausState, 3),
+ VMSTATE_UINT8_ARRAY(ldo, MenelausState, 8),
+ VMSTATE_UINT8_ARRAY(sleep, MenelausState, 2),
+ VMSTATE_UINT8(osc, MenelausState),
+ VMSTATE_UINT8(detect, MenelausState),
+ VMSTATE_UINT16(mask, MenelausState),
+ VMSTATE_UINT16(status, MenelausState),
+ VMSTATE_UINT8(dir, MenelausState),
+ VMSTATE_UINT8(inputs, MenelausState),
+ VMSTATE_UINT8(outputs, MenelausState),
+ VMSTATE_UINT8(bbsms, MenelausState),
+ VMSTATE_UINT8_ARRAY(pull, MenelausState, 4),
+ VMSTATE_UINT8_ARRAY(mmc_ctrl, MenelausState, 3),
+ VMSTATE_UINT8(mmc_debounce, MenelausState),
+ VMSTATE_UINT8(rtc.ctrl, MenelausState),
+ VMSTATE_UINT16(rtc.comp, MenelausState),
+ VMSTATE_UINT16(rtc_next_vmstate, MenelausState),
+ VMSTATE_STRUCT(rtc.new, MenelausState, 0, vmstate_menelaus_tm,
+ struct tm),
+ VMSTATE_STRUCT(rtc.alm, MenelausState, 0, vmstate_menelaus_tm,
+ struct tm),
+ VMSTATE_UINT8(pwrbtn_state, MenelausState),
+ VMSTATE_I2C_SLAVE(i2c, MenelausState),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+static int twl92230_init(I2CSlave *i2c)
+{
+ MenelausState *s = FROM_I2C_SLAVE(MenelausState, i2c);
+
+ s->rtc.hz_tm = qemu_new_timer_ms(rtc_clock, menelaus_rtc_hz, s);
+ /* Three output pins plus one interrupt pin. */
+ qdev_init_gpio_out(&i2c->qdev, s->out, 4);
+
+ /* Three input pins plus one power-button pin. */
+ qdev_init_gpio_in(&i2c->qdev, menelaus_gpio_set, 4);
+
+ menelaus_reset(&s->i2c);
+
+ return 0;
+}
+
+static void twl92230_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ I2CSlaveClass *sc = I2C_SLAVE_CLASS(klass);
+
+ sc->init = twl92230_init;
+ sc->event = menelaus_event;
+ sc->recv = menelaus_rx;
+ sc->send = menelaus_tx;
+ dc->vmsd = &vmstate_menelaus;
+}
+
+static const TypeInfo twl92230_info = {
+ .name = "twl92230",
+ .parent = TYPE_I2C_SLAVE,
+ .instance_size = sizeof(MenelausState),
+ .class_init = twl92230_class_init,
+};
+
+static void twl92230_register_types(void)
+{
+ type_register_static(&twl92230_info);
+}
+
+type_init(twl92230_register_types)
diff --git a/hw/timer/xilinx_timer.c b/hw/timer/xilinx_timer.c
new file mode 100644
index 000000000..5f2c9020e
--- /dev/null
+++ b/hw/timer/xilinx_timer.c
@@ -0,0 +1,260 @@
+/*
+ * QEMU model of the Xilinx timer block.
+ *
+ * Copyright (c) 2009 Edgar E. Iglesias.
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+#include "hw/sysbus.h"
+#include "hw/ptimer.h"
+#include "qemu/log.h"
+
+#define D(x)
+
+#define R_TCSR 0
+#define R_TLR 1
+#define R_TCR 2
+#define R_MAX 4
+
+#define TCSR_MDT (1<<0)
+#define TCSR_UDT (1<<1)
+#define TCSR_GENT (1<<2)
+#define TCSR_CAPT (1<<3)
+#define TCSR_ARHT (1<<4)
+#define TCSR_LOAD (1<<5)
+#define TCSR_ENIT (1<<6)
+#define TCSR_ENT (1<<7)
+#define TCSR_TINT (1<<8)
+#define TCSR_PWMA (1<<9)
+#define TCSR_ENALL (1<<10)
+
+struct xlx_timer
+{
+ QEMUBH *bh;
+ ptimer_state *ptimer;
+ void *parent;
+ int nr; /* for debug. */
+
+ unsigned long timer_div;
+
+ uint32_t regs[R_MAX];
+};
+
+#define TYPE_XILINX_TIMER "xlnx.xps-timer"
+#define XILINX_TIMER(obj) \
+ OBJECT_CHECK(struct timerblock, (obj), TYPE_XILINX_TIMER)
+
+struct timerblock
+{
+ SysBusDevice parent_obj;
+
+ MemoryRegion mmio;
+ qemu_irq irq;
+ uint8_t one_timer_only;
+ uint32_t freq_hz;
+ struct xlx_timer *timers;
+};
+
+static inline unsigned int num_timers(struct timerblock *t)
+{
+ return 2 - t->one_timer_only;
+}
+
+static inline unsigned int timer_from_addr(hwaddr addr)
+{
+ /* Timers get a 4x32bit control reg area each. */
+ return addr >> 2;
+}
+
+static void timer_update_irq(struct timerblock *t)
+{
+ unsigned int i, irq = 0;
+ uint32_t csr;
+
+ for (i = 0; i < num_timers(t); i++) {
+ csr = t->timers[i].regs[R_TCSR];
+ irq |= (csr & TCSR_TINT) && (csr & TCSR_ENIT);
+ }
+
+ /* All timers within the same slave share a single IRQ line. */
+ qemu_set_irq(t->irq, !!irq);
+}
+
+static uint64_t
+timer_read(void *opaque, hwaddr addr, unsigned int size)
+{
+ struct timerblock *t = opaque;
+ struct xlx_timer *xt;
+ uint32_t r = 0;
+ unsigned int timer;
+
+ addr >>= 2;
+ timer = timer_from_addr(addr);
+ xt = &t->timers[timer];
+ /* Further decoding to address a specific timers reg. */
+ addr &= 0x3;
+ switch (addr)
+ {
+ case R_TCR:
+ r = ptimer_get_count(xt->ptimer);
+ if (!(xt->regs[R_TCSR] & TCSR_UDT))
+ r = ~r;
+ D(qemu_log("xlx_timer t=%d read counter=%x udt=%d\n",
+ timer, r, xt->regs[R_TCSR] & TCSR_UDT));
+ break;
+ default:
+ if (addr < ARRAY_SIZE(xt->regs))
+ r = xt->regs[addr];
+ break;
+
+ }
+ D(fprintf(stderr, "%s timer=%d %x=%x\n", __func__, timer, addr * 4, r));
+ return r;
+}
+
+static void timer_enable(struct xlx_timer *xt)
+{
+ uint64_t count;
+
+ D(fprintf(stderr, "%s timer=%d down=%d\n", __func__,
+ xt->nr, xt->regs[R_TCSR] & TCSR_UDT));
+
+ ptimer_stop(xt->ptimer);
+
+ if (xt->regs[R_TCSR] & TCSR_UDT)
+ count = xt->regs[R_TLR];
+ else
+ count = ~0 - xt->regs[R_TLR];
+ ptimer_set_limit(xt->ptimer, count, 1);
+ ptimer_run(xt->ptimer, 1);
+}
+
+static void
+timer_write(void *opaque, hwaddr addr,
+ uint64_t val64, unsigned int size)
+{
+ struct timerblock *t = opaque;
+ struct xlx_timer *xt;
+ unsigned int timer;
+ uint32_t value = val64;
+
+ addr >>= 2;
+ timer = timer_from_addr(addr);
+ xt = &t->timers[timer];
+ D(fprintf(stderr, "%s addr=%x val=%x (timer=%d off=%d)\n",
+ __func__, addr * 4, value, timer, addr & 3));
+ /* Further decoding to address a specific timers reg. */
+ addr &= 3;
+ switch (addr)
+ {
+ case R_TCSR:
+ if (value & TCSR_TINT)
+ value &= ~TCSR_TINT;
+
+ xt->regs[addr] = value;
+ if (value & TCSR_ENT)
+ timer_enable(xt);
+ break;
+
+ default:
+ if (addr < ARRAY_SIZE(xt->regs))
+ xt->regs[addr] = value;
+ break;
+ }
+ timer_update_irq(t);
+}
+
+static const MemoryRegionOps timer_ops = {
+ .read = timer_read,
+ .write = timer_write,
+ .endianness = DEVICE_NATIVE_ENDIAN,
+ .valid = {
+ .min_access_size = 4,
+ .max_access_size = 4
+ }
+};
+
+static void timer_hit(void *opaque)
+{
+ struct xlx_timer *xt = opaque;
+ struct timerblock *t = xt->parent;
+ D(fprintf(stderr, "%s %d\n", __func__, xt->nr));
+ xt->regs[R_TCSR] |= TCSR_TINT;
+
+ if (xt->regs[R_TCSR] & TCSR_ARHT)
+ timer_enable(xt);
+ timer_update_irq(t);
+}
+
+static int xilinx_timer_init(SysBusDevice *dev)
+{
+ struct timerblock *t = XILINX_TIMER(dev);
+ unsigned int i;
+
+ /* All timers share a single irq line. */
+ sysbus_init_irq(dev, &t->irq);
+
+ /* Init all the ptimers. */
+ t->timers = g_malloc0(sizeof t->timers[0] * num_timers(t));
+ for (i = 0; i < num_timers(t); i++) {
+ struct xlx_timer *xt = &t->timers[i];
+
+ xt->parent = t;
+ xt->nr = i;
+ xt->bh = qemu_bh_new(timer_hit, xt);
+ xt->ptimer = ptimer_init(xt->bh);
+ ptimer_set_freq(xt->ptimer, t->freq_hz);
+ }
+
+ memory_region_init_io(&t->mmio, OBJECT(t), &timer_ops, t, "xlnx.xps-timer",
+ R_MAX * 4 * num_timers(t));
+ sysbus_init_mmio(dev, &t->mmio);
+ return 0;
+}
+
+static Property xilinx_timer_properties[] = {
+ DEFINE_PROP_UINT32("clock-frequency", struct timerblock, freq_hz,
+ 62 * 1000000),
+ DEFINE_PROP_UINT8("one-timer-only", struct timerblock, one_timer_only, 0),
+ DEFINE_PROP_END_OF_LIST(),
+};
+
+static void xilinx_timer_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
+
+ k->init = xilinx_timer_init;
+ dc->props = xilinx_timer_properties;
+}
+
+static const TypeInfo xilinx_timer_info = {
+ .name = TYPE_XILINX_TIMER,
+ .parent = TYPE_SYS_BUS_DEVICE,
+ .instance_size = sizeof(struct timerblock),
+ .class_init = xilinx_timer_class_init,
+};
+
+static void xilinx_timer_register_types(void)
+{
+ type_register_static(&xilinx_timer_info);
+}
+
+type_init(xilinx_timer_register_types)
diff --git a/hw/tmp105.c b/hw/tmp105.c
deleted file mode 100644
index 8e8dbd94e..000000000
--- a/hw/tmp105.c
+++ /dev/null
@@ -1,253 +0,0 @@
-/*
- * Texas Instruments TMP105 temperature sensor.
- *
- * Copyright (C) 2008 Nokia Corporation
- * Written by Andrzej Zaborowski <andrew@openedhand.com>
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License as
- * published by the Free Software Foundation; either version 2 or
- * (at your option) version 3 of the License.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, see <http://www.gnu.org/licenses/>.
- */
-
-#include "hw.h"
-#include "i2c.h"
-
-typedef struct {
- I2CSlave i2c;
- uint8_t len;
- uint8_t buf[2];
- qemu_irq pin;
-
- uint8_t pointer;
- uint8_t config;
- int16_t temperature;
- int16_t limit[2];
- int faults;
- uint8_t alarm;
-} TMP105State;
-
-static void tmp105_interrupt_update(TMP105State *s)
-{
- qemu_set_irq(s->pin, s->alarm ^ ((~s->config >> 2) & 1)); /* POL */
-}
-
-static void tmp105_alarm_update(TMP105State *s)
-{
- if ((s->config >> 0) & 1) { /* SD */
- if ((s->config >> 7) & 1) /* OS */
- s->config &= ~(1 << 7); /* OS */
- else
- return;
- }
-
- if ((s->config >> 1) & 1) { /* TM */
- if (s->temperature >= s->limit[1])
- s->alarm = 1;
- else if (s->temperature < s->limit[0])
- s->alarm = 1;
- } else {
- if (s->temperature >= s->limit[1])
- s->alarm = 1;
- else if (s->temperature < s->limit[0])
- s->alarm = 0;
- }
-
- tmp105_interrupt_update(s);
-}
-
-/* Units are 0.001 centigrades relative to 0 C. */
-void tmp105_set(I2CSlave *i2c, int temp)
-{
- TMP105State *s = (TMP105State *) i2c;
-
- if (temp >= 128000 || temp < -128000) {
- fprintf(stderr, "%s: values is out of range (%i.%03i C)\n",
- __FUNCTION__, temp / 1000, temp % 1000);
- exit(-1);
- }
-
- s->temperature = ((int16_t) (temp * 0x800 / 128000)) << 4;
-
- tmp105_alarm_update(s);
-}
-
-static const int tmp105_faultq[4] = { 1, 2, 4, 6 };
-
-static void tmp105_read(TMP105State *s)
-{
- s->len = 0;
-
- if ((s->config >> 1) & 1) { /* TM */
- s->alarm = 0;
- tmp105_interrupt_update(s);
- }
-
- switch (s->pointer & 3) {
- case 0: /* Temperature */
- s->buf[s->len ++] = (((uint16_t) s->temperature) >> 8);
- s->buf[s->len ++] = (((uint16_t) s->temperature) >> 0) &
- (0xf0 << ((~s->config >> 5) & 3)); /* R */
- break;
-
- case 1: /* Configuration */
- s->buf[s->len ++] = s->config;
- break;
-
- case 2: /* T_LOW */
- s->buf[s->len ++] = ((uint16_t) s->limit[0]) >> 8;
- s->buf[s->len ++] = ((uint16_t) s->limit[0]) >> 0;
- break;
-
- case 3: /* T_HIGH */
- s->buf[s->len ++] = ((uint16_t) s->limit[1]) >> 8;
- s->buf[s->len ++] = ((uint16_t) s->limit[1]) >> 0;
- break;
- }
-}
-
-static void tmp105_write(TMP105State *s)
-{
- switch (s->pointer & 3) {
- case 0: /* Temperature */
- break;
-
- case 1: /* Configuration */
- if (s->buf[0] & ~s->config & (1 << 0)) /* SD */
- printf("%s: TMP105 shutdown\n", __FUNCTION__);
- s->config = s->buf[0];
- s->faults = tmp105_faultq[(s->config >> 3) & 3]; /* F */
- tmp105_alarm_update(s);
- break;
-
- case 2: /* T_LOW */
- case 3: /* T_HIGH */
- if (s->len >= 3)
- s->limit[s->pointer & 1] = (int16_t)
- ((((uint16_t) s->buf[0]) << 8) | s->buf[1]);
- tmp105_alarm_update(s);
- break;
- }
-}
-
-static int tmp105_rx(I2CSlave *i2c)
-{
- TMP105State *s = (TMP105State *) i2c;
-
- if (s->len < 2)
- return s->buf[s->len ++];
- else
- return 0xff;
-}
-
-static int tmp105_tx(I2CSlave *i2c, uint8_t data)
-{
- TMP105State *s = (TMP105State *) i2c;
-
- if (!s->len ++)
- s->pointer = data;
- else {
- if (s->len <= 2)
- s->buf[s->len - 1] = data;
- tmp105_write(s);
- }
-
- return 0;
-}
-
-static void tmp105_event(I2CSlave *i2c, enum i2c_event event)
-{
- TMP105State *s = (TMP105State *) i2c;
-
- if (event == I2C_START_RECV)
- tmp105_read(s);
-
- s->len = 0;
-}
-
-static int tmp105_post_load(void *opaque, int version_id)
-{
- TMP105State *s = opaque;
-
- s->faults = tmp105_faultq[(s->config >> 3) & 3]; /* F */
-
- tmp105_interrupt_update(s);
- return 0;
-}
-
-static const VMStateDescription vmstate_tmp105 = {
- .name = "TMP105",
- .version_id = 0,
- .minimum_version_id = 0,
- .minimum_version_id_old = 0,
- .post_load = tmp105_post_load,
- .fields = (VMStateField []) {
- VMSTATE_UINT8(len, TMP105State),
- VMSTATE_UINT8_ARRAY(buf, TMP105State, 2),
- VMSTATE_UINT8(pointer, TMP105State),
- VMSTATE_UINT8(config, TMP105State),
- VMSTATE_INT16(temperature, TMP105State),
- VMSTATE_INT16_ARRAY(limit, TMP105State, 2),
- VMSTATE_UINT8(alarm, TMP105State),
- VMSTATE_I2C_SLAVE(i2c, TMP105State),
- VMSTATE_END_OF_LIST()
- }
-};
-
-static void tmp105_reset(I2CSlave *i2c)
-{
- TMP105State *s = (TMP105State *) i2c;
-
- s->temperature = 0;
- s->pointer = 0;
- s->config = 0;
- s->faults = tmp105_faultq[(s->config >> 3) & 3];
- s->alarm = 0;
-
- tmp105_interrupt_update(s);
-}
-
-static int tmp105_init(I2CSlave *i2c)
-{
- TMP105State *s = FROM_I2C_SLAVE(TMP105State, i2c);
-
- qdev_init_gpio_out(&i2c->qdev, &s->pin, 1);
-
- tmp105_reset(&s->i2c);
-
- return 0;
-}
-
-static void tmp105_class_init(ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS(klass);
- I2CSlaveClass *k = I2C_SLAVE_CLASS(klass);
-
- k->init = tmp105_init;
- k->event = tmp105_event;
- k->recv = tmp105_rx;
- k->send = tmp105_tx;
- dc->vmsd = &vmstate_tmp105;
-}
-
-static TypeInfo tmp105_info = {
- .name = "tmp105",
- .parent = TYPE_I2C_SLAVE,
- .instance_size = sizeof(TMP105State),
- .class_init = tmp105_class_init,
-};
-
-static void tmp105_register_types(void)
-{
- type_register_static(&tmp105_info);
-}
-
-type_init(tmp105_register_types)
diff --git a/hw/tosa.c b/hw/tosa.c
deleted file mode 100644
index 512278c24..000000000
--- a/hw/tosa.c
+++ /dev/null
@@ -1,301 +0,0 @@
-/* vim:set shiftwidth=4 ts=4 et: */
-/*
- * PXA255 Sharp Zaurus SL-6000 PDA platform
- *
- * Copyright (c) 2008 Dmitry Baryshkov
- *
- * Code based on spitz platform by Andrzej Zaborowski <balrog@zabor.org>
- * This code is licensed under the GNU GPL v2.
- *
- * Contributions after 2012-01-13 are licensed under the terms of the
- * GNU GPL, version 2 or (at your option) any later version.
- */
-
-#include "hw.h"
-#include "pxa.h"
-#include "arm-misc.h"
-#include "devices.h"
-#include "sharpsl.h"
-#include "pcmcia.h"
-#include "block.h"
-#include "boards.h"
-#include "i2c.h"
-#include "ssi.h"
-#include "blockdev.h"
-#include "sysbus.h"
-#include "exec-memory.h"
-
-#define TOSA_RAM 0x04000000
-#define TOSA_ROM 0x00800000
-
-#define TOSA_GPIO_USB_IN (5)
-#define TOSA_GPIO_nSD_DETECT (9)
-#define TOSA_GPIO_ON_RESET (19)
-#define TOSA_GPIO_CF_IRQ (21) /* CF slot0 Ready */
-#define TOSA_GPIO_CF_CD (13)
-#define TOSA_GPIO_TC6393XB_INT (15)
-#define TOSA_GPIO_JC_CF_IRQ (36) /* CF slot1 Ready */
-
-#define TOSA_SCOOP_GPIO_BASE 1
-#define TOSA_GPIO_IR_POWERDWN (TOSA_SCOOP_GPIO_BASE + 2)
-#define TOSA_GPIO_SD_WP (TOSA_SCOOP_GPIO_BASE + 3)
-#define TOSA_GPIO_PWR_ON (TOSA_SCOOP_GPIO_BASE + 4)
-
-#define TOSA_SCOOP_JC_GPIO_BASE 1
-#define TOSA_GPIO_BT_LED (TOSA_SCOOP_JC_GPIO_BASE + 0)
-#define TOSA_GPIO_NOTE_LED (TOSA_SCOOP_JC_GPIO_BASE + 1)
-#define TOSA_GPIO_CHRG_ERR_LED (TOSA_SCOOP_JC_GPIO_BASE + 2)
-#define TOSA_GPIO_TC6393XB_L3V_ON (TOSA_SCOOP_JC_GPIO_BASE + 5)
-#define TOSA_GPIO_WLAN_LED (TOSA_SCOOP_JC_GPIO_BASE + 7)
-
-#define DAC_BASE 0x4e
-#define DAC_CH1 0
-#define DAC_CH2 1
-
-static void tosa_microdrive_attach(PXA2xxState *cpu)
-{
- PCMCIACardState *md;
- DriveInfo *dinfo;
-
- dinfo = drive_get(IF_IDE, 0, 0);
- if (!dinfo || dinfo->media_cd)
- return;
- md = dscm1xxxx_init(dinfo);
- pxa2xx_pcmcia_attach(cpu->pcmcia[0], md);
-}
-
-static void tosa_out_switch(void *opaque, int line, int level)
-{
- switch (line) {
- case 0:
- fprintf(stderr, "blue LED %s.\n", level ? "on" : "off");
- break;
- case 1:
- fprintf(stderr, "green LED %s.\n", level ? "on" : "off");
- break;
- case 2:
- fprintf(stderr, "amber LED %s.\n", level ? "on" : "off");
- break;
- case 3:
- fprintf(stderr, "wlan LED %s.\n", level ? "on" : "off");
- break;
- default:
- fprintf(stderr, "Uhandled out event: %d = %d\n", line, level);
- break;
- }
-}
-
-
-static void tosa_gpio_setup(PXA2xxState *cpu,
- DeviceState *scp0,
- DeviceState *scp1,
- TC6393xbState *tmio)
-{
- qemu_irq *outsignals = qemu_allocate_irqs(tosa_out_switch, cpu, 4);
- /* MMC/SD host */
- pxa2xx_mmci_handlers(cpu->mmc,
- qdev_get_gpio_in(scp0, TOSA_GPIO_SD_WP),
- qemu_irq_invert(qdev_get_gpio_in(cpu->gpio, TOSA_GPIO_nSD_DETECT)));
-
- /* Handle reset */
- qdev_connect_gpio_out(cpu->gpio, TOSA_GPIO_ON_RESET, cpu->reset);
-
- /* PCMCIA signals: card's IRQ and Card-Detect */
- pxa2xx_pcmcia_set_irq_cb(cpu->pcmcia[0],
- qdev_get_gpio_in(cpu->gpio, TOSA_GPIO_CF_IRQ),
- qdev_get_gpio_in(cpu->gpio, TOSA_GPIO_CF_CD));
-
- pxa2xx_pcmcia_set_irq_cb(cpu->pcmcia[1],
- qdev_get_gpio_in(cpu->gpio, TOSA_GPIO_JC_CF_IRQ),
- NULL);
-
- qdev_connect_gpio_out(scp1, TOSA_GPIO_BT_LED, outsignals[0]);
- qdev_connect_gpio_out(scp1, TOSA_GPIO_NOTE_LED, outsignals[1]);
- qdev_connect_gpio_out(scp1, TOSA_GPIO_CHRG_ERR_LED, outsignals[2]);
- qdev_connect_gpio_out(scp1, TOSA_GPIO_WLAN_LED, outsignals[3]);
-
- qdev_connect_gpio_out(scp1, TOSA_GPIO_TC6393XB_L3V_ON, tc6393xb_l3v_get(tmio));
-
- /* UDC Vbus */
- qemu_irq_raise(qdev_get_gpio_in(cpu->gpio, TOSA_GPIO_USB_IN));
-}
-
-static uint32_t tosa_ssp_tansfer(SSISlave *dev, uint32_t value)
-{
- fprintf(stderr, "TG: %d %02x\n", value >> 5, value & 0x1f);
- return 0;
-}
-
-static int tosa_ssp_init(SSISlave *dev)
-{
- /* Nothing to do. */
- return 0;
-}
-
-typedef struct {
- I2CSlave i2c;
- int len;
- char buf[3];
-} TosaDACState;
-
-static int tosa_dac_send(I2CSlave *i2c, uint8_t data)
-{
- TosaDACState *s = FROM_I2C_SLAVE(TosaDACState, i2c);
- s->buf[s->len] = data;
- if (s->len ++ > 2) {
-#ifdef VERBOSE
- fprintf(stderr, "%s: message too long (%i bytes)\n", __FUNCTION__, s->len);
-#endif
- return 1;
- }
-
- if (s->len == 2) {
- fprintf(stderr, "dac: channel %d value 0x%02x\n",
- s->buf[0], s->buf[1]);
- }
-
- return 0;
-}
-
-static void tosa_dac_event(I2CSlave *i2c, enum i2c_event event)
-{
- TosaDACState *s = FROM_I2C_SLAVE(TosaDACState, i2c);
- s->len = 0;
- switch (event) {
- case I2C_START_SEND:
- break;
- case I2C_START_RECV:
- printf("%s: recv not supported!!!\n", __FUNCTION__);
- break;
- case I2C_FINISH:
-#ifdef VERBOSE
- if (s->len < 2)
- printf("%s: message too short (%i bytes)\n", __FUNCTION__, s->len);
- if (s->len > 2)
- printf("%s: message too long\n", __FUNCTION__);
-#endif
- break;
- default:
- break;
- }
-}
-
-static int tosa_dac_recv(I2CSlave *s)
-{
- printf("%s: recv not supported!!!\n", __FUNCTION__);
- return -1;
-}
-
-static int tosa_dac_init(I2CSlave *i2c)
-{
- /* Nothing to do. */
- return 0;
-}
-
-static void tosa_tg_init(PXA2xxState *cpu)
-{
- i2c_bus *bus = pxa2xx_i2c_bus(cpu->i2c[0]);
- i2c_create_slave(bus, "tosa_dac", DAC_BASE);
- ssi_create_slave(cpu->ssp[1], "tosa-ssp");
-}
-
-
-static struct arm_boot_info tosa_binfo = {
- .loader_start = PXA2XX_SDRAM_BASE,
- .ram_size = 0x04000000,
-};
-
-static void tosa_init(QEMUMachineInitArgs *args)
-{
- const char *cpu_model = args->cpu_model;
- const char *kernel_filename = args->kernel_filename;
- const char *kernel_cmdline = args->kernel_cmdline;
- const char *initrd_filename = args->initrd_filename;
- MemoryRegion *address_space_mem = get_system_memory();
- MemoryRegion *rom = g_new(MemoryRegion, 1);
- PXA2xxState *mpu;
- TC6393xbState *tmio;
- DeviceState *scp0, *scp1;
-
- if (!cpu_model)
- cpu_model = "pxa255";
-
- mpu = pxa255_init(address_space_mem, tosa_binfo.ram_size);
-
- memory_region_init_ram(rom, "tosa.rom", TOSA_ROM);
- vmstate_register_ram_global(rom);
- memory_region_set_readonly(rom, true);
- memory_region_add_subregion(address_space_mem, 0, rom);
-
- tmio = tc6393xb_init(address_space_mem, 0x10000000,
- qdev_get_gpio_in(mpu->gpio, TOSA_GPIO_TC6393XB_INT));
-
- scp0 = sysbus_create_simple("scoop", 0x08800000, NULL);
- scp1 = sysbus_create_simple("scoop", 0x14800040, NULL);
-
- tosa_gpio_setup(mpu, scp0, scp1, tmio);
-
- tosa_microdrive_attach(mpu);
-
- tosa_tg_init(mpu);
-
- tosa_binfo.kernel_filename = kernel_filename;
- tosa_binfo.kernel_cmdline = kernel_cmdline;
- tosa_binfo.initrd_filename = initrd_filename;
- tosa_binfo.board_id = 0x208;
- arm_load_kernel(mpu->cpu, &tosa_binfo);
- sl_bootparam_write(SL_PXA_PARAM_BASE);
-}
-
-static QEMUMachine tosapda_machine = {
- .name = "tosa",
- .desc = "Tosa PDA (PXA255)",
- .init = tosa_init,
-};
-
-static void tosapda_machine_init(void)
-{
- qemu_register_machine(&tosapda_machine);
-}
-
-machine_init(tosapda_machine_init);
-
-static void tosa_dac_class_init(ObjectClass *klass, void *data)
-{
- I2CSlaveClass *k = I2C_SLAVE_CLASS(klass);
-
- k->init = tosa_dac_init;
- k->event = tosa_dac_event;
- k->recv = tosa_dac_recv;
- k->send = tosa_dac_send;
-}
-
-static TypeInfo tosa_dac_info = {
- .name = "tosa_dac",
- .parent = TYPE_I2C_SLAVE,
- .instance_size = sizeof(TosaDACState),
- .class_init = tosa_dac_class_init,
-};
-
-static void tosa_ssp_class_init(ObjectClass *klass, void *data)
-{
- SSISlaveClass *k = SSI_SLAVE_CLASS(klass);
-
- k->init = tosa_ssp_init;
- k->transfer = tosa_ssp_tansfer;
-}
-
-static TypeInfo tosa_ssp_info = {
- .name = "tosa-ssp",
- .parent = TYPE_SSI_SLAVE,
- .instance_size = sizeof(SSISlave),
- .class_init = tosa_ssp_class_init,
-};
-
-static void tosa_register_types(void)
-{
- type_register_static(&tosa_dac_info);
- type_register_static(&tosa_ssp_info);
-}
-
-type_init(tosa_register_types)
diff --git a/hw/tpm/Makefile.objs b/hw/tpm/Makefile.objs
new file mode 100644
index 000000000..99f598314
--- /dev/null
+++ b/hw/tpm/Makefile.objs
@@ -0,0 +1,2 @@
+common-obj-$(CONFIG_TPM_TIS) += tpm_tis.o
+common-obj-$(CONFIG_TPM_PASSTHROUGH) += tpm_passthrough.o
diff --git a/hw/tpm/tpm_int.h b/hw/tpm/tpm_int.h
new file mode 100644
index 000000000..2f582caae
--- /dev/null
+++ b/hw/tpm/tpm_int.h
@@ -0,0 +1,67 @@
+/*
+ * TPM configuration
+ *
+ * Copyright (C) 2011-2013 IBM Corporation
+ *
+ * Authors:
+ * Stefan Berger <stefanb@us.ibm.com>
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or later.
+ * See the COPYING file in the top-level directory.
+ */
+#ifndef TPM_TPM_INT_H
+#define TPM_TPM_INT_H
+
+#include "exec/memory.h"
+#include "tpm_tis.h"
+
+/* overall state of the TPM interface */
+struct TPMState {
+ ISADevice busdev;
+ MemoryRegion mmio;
+
+ union {
+ TPMTISEmuState tis;
+ } s;
+
+ uint8_t locty_number;
+ TPMLocality *locty_data;
+
+ char *backend;
+ TPMBackend *be_driver;
+};
+
+#define TPM(obj) OBJECT_CHECK(TPMState, (obj), TYPE_TPM_TIS)
+
+#define TPM_STANDARD_CMDLINE_OPTS \
+ { \
+ .name = "type", \
+ .type = QEMU_OPT_STRING, \
+ .help = "Type of TPM backend", \
+ }
+
+struct tpm_req_hdr {
+ uint16_t tag;
+ uint32_t len;
+ uint32_t ordinal;
+} QEMU_PACKED;
+
+struct tpm_resp_hdr {
+ uint16_t tag;
+ uint32_t len;
+ uint32_t errcode;
+} QEMU_PACKED;
+
+#define TPM_TAG_RQU_COMMAND 0xc1
+#define TPM_TAG_RQU_AUTH1_COMMAND 0xc2
+#define TPM_TAG_RQU_AUTH2_COMMAND 0xc3
+
+#define TPM_TAG_RSP_COMMAND 0xc4
+#define TPM_TAG_RSP_AUTH1_COMMAND 0xc5
+#define TPM_TAG_RSP_AUTH2_COMMAND 0xc6
+
+#define TPM_FAIL 9
+
+#define TPM_ORD_GetTicks 0xf1
+
+#endif /* TPM_TPM_INT_H */
diff --git a/hw/tpm/tpm_passthrough.c b/hw/tpm/tpm_passthrough.c
new file mode 100644
index 000000000..56e9e0f8a
--- /dev/null
+++ b/hw/tpm/tpm_passthrough.c
@@ -0,0 +1,552 @@
+/*
+ * passthrough TPM driver
+ *
+ * Copyright (c) 2010 - 2013 IBM Corporation
+ * Authors:
+ * Stefan Berger <stefanb@us.ibm.com>
+ *
+ * Copyright (C) 2011 IAIK, Graz University of Technology
+ * Author: Andreas Niederl
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, see <http://www.gnu.org/licenses/>
+ */
+
+#include <dirent.h>
+
+#include "qemu-common.h"
+#include "qapi/error.h"
+#include "qemu/sockets.h"
+#include "sysemu/tpm_backend.h"
+#include "tpm_int.h"
+#include "hw/hw.h"
+#include "hw/i386/pc.h"
+#include "sysemu/tpm_backend_int.h"
+#include "tpm_tis.h"
+
+/* #define DEBUG_TPM */
+
+#ifdef DEBUG_TPM
+#define DPRINTF(fmt, ...) \
+ do { fprintf(stderr, fmt, ## __VA_ARGS__); } while (0)
+#else
+#define DPRINTF(fmt, ...) \
+ do { } while (0)
+#endif
+
+#define TYPE_TPM_PASSTHROUGH "tpm-passthrough"
+#define TPM_PASSTHROUGH(obj) \
+ OBJECT_CHECK(TPMPassthruState, (obj), TYPE_TPM_PASSTHROUGH)
+
+static const TPMDriverOps tpm_passthrough_driver;
+
+/* data structures */
+typedef struct TPMPassthruThreadParams {
+ TPMState *tpm_state;
+
+ TPMRecvDataCB *recv_data_callback;
+ TPMBackend *tb;
+} TPMPassthruThreadParams;
+
+struct TPMPassthruState {
+ TPMBackend parent;
+
+ TPMBackendThread tbt;
+
+ TPMPassthruThreadParams tpm_thread_params;
+
+ char *tpm_dev;
+ int tpm_fd;
+ bool tpm_executing;
+ bool tpm_op_canceled;
+ int cancel_fd;
+ bool had_startup_error;
+};
+
+typedef struct TPMPassthruState TPMPassthruState;
+
+#define TPM_PASSTHROUGH_DEFAULT_DEVICE "/dev/tpm0"
+
+/* functions */
+
+static void tpm_passthrough_cancel_cmd(TPMBackend *tb);
+
+static int tpm_passthrough_unix_write(int fd, const uint8_t *buf, uint32_t len)
+{
+ return send_all(fd, buf, len);
+}
+
+static int tpm_passthrough_unix_read(int fd, uint8_t *buf, uint32_t len)
+{
+ return recv_all(fd, buf, len, true);
+}
+
+static uint32_t tpm_passthrough_get_size_from_buffer(const uint8_t *buf)
+{
+ struct tpm_resp_hdr *resp = (struct tpm_resp_hdr *)buf;
+
+ return be32_to_cpu(resp->len);
+}
+
+/*
+ * Write an error message in the given output buffer.
+ */
+static void tpm_write_fatal_error_response(uint8_t *out, uint32_t out_len)
+{
+ if (out_len >= sizeof(struct tpm_resp_hdr)) {
+ struct tpm_resp_hdr *resp = (struct tpm_resp_hdr *)out;
+
+ resp->tag = cpu_to_be16(TPM_TAG_RSP_COMMAND);
+ resp->len = cpu_to_be32(sizeof(struct tpm_resp_hdr));
+ resp->errcode = cpu_to_be32(TPM_FAIL);
+ }
+}
+
+static int tpm_passthrough_unix_tx_bufs(TPMPassthruState *tpm_pt,
+ const uint8_t *in, uint32_t in_len,
+ uint8_t *out, uint32_t out_len)
+{
+ int ret;
+
+ tpm_pt->tpm_op_canceled = false;
+ tpm_pt->tpm_executing = true;
+
+ ret = tpm_passthrough_unix_write(tpm_pt->tpm_fd, in, in_len);
+ if (ret != in_len) {
+ if (!tpm_pt->tpm_op_canceled ||
+ (tpm_pt->tpm_op_canceled && errno != ECANCELED)) {
+ error_report("tpm_passthrough: error while transmitting data "
+ "to TPM: %s (%i)\n",
+ strerror(errno), errno);
+ }
+ goto err_exit;
+ }
+
+ tpm_pt->tpm_executing = false;
+
+ ret = tpm_passthrough_unix_read(tpm_pt->tpm_fd, out, out_len);
+ if (ret < 0) {
+ if (!tpm_pt->tpm_op_canceled ||
+ (tpm_pt->tpm_op_canceled && errno != ECANCELED)) {
+ error_report("tpm_passthrough: error while reading data from "
+ "TPM: %s (%i)\n",
+ strerror(errno), errno);
+ }
+ } else if (ret < sizeof(struct tpm_resp_hdr) ||
+ tpm_passthrough_get_size_from_buffer(out) != ret) {
+ ret = -1;
+ error_report("tpm_passthrough: received invalid response "
+ "packet from TPM\n");
+ }
+
+err_exit:
+ if (ret < 0) {
+ tpm_write_fatal_error_response(out, out_len);
+ }
+
+ tpm_pt->tpm_executing = false;
+
+ return ret;
+}
+
+static int tpm_passthrough_unix_transfer(TPMPassthruState *tpm_pt,
+ const TPMLocality *locty_data)
+{
+ return tpm_passthrough_unix_tx_bufs(tpm_pt,
+ locty_data->w_buffer.buffer,
+ locty_data->w_offset,
+ locty_data->r_buffer.buffer,
+ locty_data->r_buffer.size);
+}
+
+static void tpm_passthrough_worker_thread(gpointer data,
+ gpointer user_data)
+{
+ TPMPassthruThreadParams *thr_parms = user_data;
+ TPMPassthruState *tpm_pt = TPM_PASSTHROUGH(thr_parms->tb);
+ TPMBackendCmd cmd = (TPMBackendCmd)data;
+
+ DPRINTF("tpm_passthrough: processing command type %d\n", cmd);
+
+ switch (cmd) {
+ case TPM_BACKEND_CMD_PROCESS_CMD:
+ tpm_passthrough_unix_transfer(tpm_pt,
+ thr_parms->tpm_state->locty_data);
+
+ thr_parms->recv_data_callback(thr_parms->tpm_state,
+ thr_parms->tpm_state->locty_number);
+ break;
+ case TPM_BACKEND_CMD_INIT:
+ case TPM_BACKEND_CMD_END:
+ case TPM_BACKEND_CMD_TPM_RESET:
+ /* nothing to do */
+ break;
+ }
+}
+
+/*
+ * Start the TPM (thread). If it had been started before, then terminate
+ * and start it again.
+ */
+static int tpm_passthrough_startup_tpm(TPMBackend *tb)
+{
+ TPMPassthruState *tpm_pt = TPM_PASSTHROUGH(tb);
+
+ /* terminate a running TPM */
+ tpm_backend_thread_end(&tpm_pt->tbt);
+
+ tpm_backend_thread_create(&tpm_pt->tbt,
+ tpm_passthrough_worker_thread,
+ &tpm_pt->tpm_thread_params);
+
+ return 0;
+}
+
+static void tpm_passthrough_reset(TPMBackend *tb)
+{
+ TPMPassthruState *tpm_pt = TPM_PASSTHROUGH(tb);
+
+ DPRINTF("tpm_passthrough: CALL TO TPM_RESET!\n");
+
+ tpm_passthrough_cancel_cmd(tb);
+
+ tpm_backend_thread_end(&tpm_pt->tbt);
+
+ tpm_pt->had_startup_error = false;
+}
+
+static int tpm_passthrough_init(TPMBackend *tb, TPMState *s,
+ TPMRecvDataCB *recv_data_cb)
+{
+ TPMPassthruState *tpm_pt = TPM_PASSTHROUGH(tb);
+
+ tpm_pt->tpm_thread_params.tpm_state = s;
+ tpm_pt->tpm_thread_params.recv_data_callback = recv_data_cb;
+ tpm_pt->tpm_thread_params.tb = tb;
+
+ return 0;
+}
+
+static bool tpm_passthrough_get_tpm_established_flag(TPMBackend *tb)
+{
+ return false;
+}
+
+static bool tpm_passthrough_get_startup_error(TPMBackend *tb)
+{
+ TPMPassthruState *tpm_pt = TPM_PASSTHROUGH(tb);
+
+ return tpm_pt->had_startup_error;
+}
+
+static size_t tpm_passthrough_realloc_buffer(TPMSizedBuffer *sb)
+{
+ size_t wanted_size = 4096; /* Linux tpm.c buffer size */
+
+ if (sb->size != wanted_size) {
+ sb->buffer = g_realloc(sb->buffer, wanted_size);
+ sb->size = wanted_size;
+ }
+ return sb->size;
+}
+
+static void tpm_passthrough_deliver_request(TPMBackend *tb)
+{
+ TPMPassthruState *tpm_pt = TPM_PASSTHROUGH(tb);
+
+ tpm_backend_thread_deliver_request(&tpm_pt->tbt);
+}
+
+static void tpm_passthrough_cancel_cmd(TPMBackend *tb)
+{
+ TPMPassthruState *tpm_pt = TPM_PASSTHROUGH(tb);
+ int n;
+
+ /*
+ * As of Linux 3.7 the tpm_tis driver does not properly cancel
+ * commands on all TPM manufacturers' TPMs.
+ * Only cancel if we're busy so we don't cancel someone else's
+ * command, e.g., a command executed on the host.
+ */
+ if (tpm_pt->tpm_executing) {
+ if (tpm_pt->cancel_fd >= 0) {
+ n = write(tpm_pt->cancel_fd, "-", 1);
+ if (n != 1) {
+ error_report("Canceling TPM command failed: %s\n",
+ strerror(errno));
+ } else {
+ tpm_pt->tpm_op_canceled = true;
+ }
+ } else {
+ error_report("Cannot cancel TPM command due to missing "
+ "TPM sysfs cancel entry");
+ }
+ }
+}
+
+static const char *tpm_passthrough_create_desc(void)
+{
+ return "Passthrough TPM backend driver";
+}
+
+/*
+ * A basic test of a TPM device. We expect a well formatted response header
+ * (error response is fine) within one second.
+ */
+static int tpm_passthrough_test_tpmdev(int fd)
+{
+ struct tpm_req_hdr req = {
+ .tag = cpu_to_be16(TPM_TAG_RQU_COMMAND),
+ .len = cpu_to_be32(sizeof(req)),
+ .ordinal = cpu_to_be32(TPM_ORD_GetTicks),
+ };
+ struct tpm_resp_hdr *resp;
+ fd_set readfds;
+ int n;
+ struct timeval tv = {
+ .tv_sec = 1,
+ .tv_usec = 0,
+ };
+ unsigned char buf[1024];
+
+ n = write(fd, &req, sizeof(req));
+ if (n < 0) {
+ return errno;
+ }
+ if (n != sizeof(req)) {
+ return EFAULT;
+ }
+
+ FD_ZERO(&readfds);
+ FD_SET(fd, &readfds);
+
+ /* wait for a second */
+ n = select(fd + 1, &readfds, NULL, NULL, &tv);
+ if (n != 1) {
+ return errno;
+ }
+
+ n = read(fd, &buf, sizeof(buf));
+ if (n < sizeof(struct tpm_resp_hdr)) {
+ return EFAULT;
+ }
+
+ resp = (struct tpm_resp_hdr *)buf;
+ /* check the header */
+ if (be16_to_cpu(resp->tag) != TPM_TAG_RSP_COMMAND ||
+ be32_to_cpu(resp->len) != n) {
+ return EBADMSG;
+ }
+
+ return 0;
+}
+
+/*
+ * Unless path or file descriptor set has been provided by user,
+ * determine the sysfs cancel file following kernel documentation
+ * in Documentation/ABI/stable/sysfs-class-tpm.
+ * From /dev/tpm0 create /sys/class/misc/tpm0/device/cancel
+ */
+static int tpm_passthrough_open_sysfs_cancel(TPMBackend *tb)
+{
+ TPMPassthruState *tpm_pt = TPM_PASSTHROUGH(tb);
+ int fd = -1;
+ char *dev;
+ char path[PATH_MAX];
+
+ if (tb->cancel_path) {
+ fd = qemu_open(tb->cancel_path, O_WRONLY);
+ if (fd < 0) {
+ error_report("Could not open TPM cancel path : %s",
+ strerror(errno));
+ }
+ return fd;
+ }
+
+ dev = strrchr(tpm_pt->tpm_dev, '/');
+ if (dev) {
+ dev++;
+ if (snprintf(path, sizeof(path), "/sys/class/misc/%s/device/cancel",
+ dev) < sizeof(path)) {
+ fd = qemu_open(path, O_WRONLY);
+ if (fd >= 0) {
+ tb->cancel_path = g_strdup(path);
+ } else {
+ error_report("tpm_passthrough: Could not open TPM cancel "
+ "path %s : %s", path, strerror(errno));
+ }
+ }
+ } else {
+ error_report("tpm_passthrough: Bad TPM device path %s",
+ tpm_pt->tpm_dev);
+ }
+
+ return fd;
+}
+
+static int tpm_passthrough_handle_device_opts(QemuOpts *opts, TPMBackend *tb)
+{
+ TPMPassthruState *tpm_pt = TPM_PASSTHROUGH(tb);
+ const char *value;
+
+ value = qemu_opt_get(opts, "cancel-path");
+ if (value) {
+ tb->cancel_path = g_strdup(value);
+ }
+
+ value = qemu_opt_get(opts, "path");
+ if (!value) {
+ value = TPM_PASSTHROUGH_DEFAULT_DEVICE;
+ }
+
+ tpm_pt->tpm_dev = g_strdup(value);
+
+ tb->path = g_strdup(tpm_pt->tpm_dev);
+
+ tpm_pt->tpm_fd = qemu_open(tpm_pt->tpm_dev, O_RDWR);
+ if (tpm_pt->tpm_fd < 0) {
+ error_report("Cannot access TPM device using '%s': %s\n",
+ tpm_pt->tpm_dev, strerror(errno));
+ goto err_free_parameters;
+ }
+
+ if (tpm_passthrough_test_tpmdev(tpm_pt->tpm_fd)) {
+ error_report("'%s' is not a TPM device.\n",
+ tpm_pt->tpm_dev);
+ goto err_close_tpmdev;
+ }
+
+ return 0;
+
+ err_close_tpmdev:
+ qemu_close(tpm_pt->tpm_fd);
+ tpm_pt->tpm_fd = -1;
+
+ err_free_parameters:
+ g_free(tb->path);
+ tb->path = NULL;
+
+ g_free(tpm_pt->tpm_dev);
+ tpm_pt->tpm_dev = NULL;
+
+ return 1;
+}
+
+static TPMBackend *tpm_passthrough_create(QemuOpts *opts, const char *id)
+{
+ Object *obj = object_new(TYPE_TPM_PASSTHROUGH);
+ TPMBackend *tb = TPM_BACKEND(obj);
+ TPMPassthruState *tpm_pt = TPM_PASSTHROUGH(tb);
+
+ tb->id = g_strdup(id);
+ /* let frontend set the fe_model to proper value */
+ tb->fe_model = -1;
+
+ tb->ops = &tpm_passthrough_driver;
+
+ if (tpm_passthrough_handle_device_opts(opts, tb)) {
+ goto err_exit;
+ }
+
+ tpm_pt->cancel_fd = tpm_passthrough_open_sysfs_cancel(tb);
+ if (tpm_pt->cancel_fd < 0) {
+ goto err_exit;
+ }
+
+ return tb;
+
+err_exit:
+ g_free(tb->id);
+
+ return NULL;
+}
+
+static void tpm_passthrough_destroy(TPMBackend *tb)
+{
+ TPMPassthruState *tpm_pt = TPM_PASSTHROUGH(tb);
+
+ tpm_passthrough_cancel_cmd(tb);
+
+ tpm_backend_thread_end(&tpm_pt->tbt);
+
+ qemu_close(tpm_pt->tpm_fd);
+ qemu_close(tpm_pt->cancel_fd);
+
+ g_free(tb->id);
+ g_free(tb->path);
+ g_free(tb->cancel_path);
+ g_free(tpm_pt->tpm_dev);
+}
+
+static const QemuOptDesc tpm_passthrough_cmdline_opts[] = {
+ TPM_STANDARD_CMDLINE_OPTS,
+ {
+ .name = "cancel-path",
+ .type = QEMU_OPT_STRING,
+ .help = "Sysfs file entry for canceling TPM commands",
+ },
+ {
+ .name = "path",
+ .type = QEMU_OPT_STRING,
+ .help = "Path to TPM device on the host",
+ },
+ { /* end of list */ },
+};
+
+static const TPMDriverOps tpm_passthrough_driver = {
+ .type = TPM_TYPE_PASSTHROUGH,
+ .opts = tpm_passthrough_cmdline_opts,
+ .desc = tpm_passthrough_create_desc,
+ .create = tpm_passthrough_create,
+ .destroy = tpm_passthrough_destroy,
+ .init = tpm_passthrough_init,
+ .startup_tpm = tpm_passthrough_startup_tpm,
+ .realloc_buffer = tpm_passthrough_realloc_buffer,
+ .reset = tpm_passthrough_reset,
+ .had_startup_error = tpm_passthrough_get_startup_error,
+ .deliver_request = tpm_passthrough_deliver_request,
+ .cancel_cmd = tpm_passthrough_cancel_cmd,
+ .get_tpm_established_flag = tpm_passthrough_get_tpm_established_flag,
+};
+
+static void tpm_passthrough_inst_init(Object *obj)
+{
+}
+
+static void tpm_passthrough_inst_finalize(Object *obj)
+{
+}
+
+static void tpm_passthrough_class_init(ObjectClass *klass, void *data)
+{
+ TPMBackendClass *tbc = TPM_BACKEND_CLASS(klass);
+
+ tbc->ops = &tpm_passthrough_driver;
+}
+
+static const TypeInfo tpm_passthrough_info = {
+ .name = TYPE_TPM_PASSTHROUGH,
+ .parent = TYPE_TPM_BACKEND,
+ .instance_size = sizeof(TPMPassthruState),
+ .class_init = tpm_passthrough_class_init,
+ .instance_init = tpm_passthrough_inst_init,
+ .instance_finalize = tpm_passthrough_inst_finalize,
+};
+
+static void tpm_passthrough_register(void)
+{
+ type_register_static(&tpm_passthrough_info);
+ tpm_register_driver(&tpm_passthrough_driver);
+}
+
+type_init(tpm_passthrough_register)
diff --git a/hw/tpm/tpm_tis.c b/hw/tpm/tpm_tis.c
new file mode 100644
index 000000000..abe384ba9
--- /dev/null
+++ b/hw/tpm/tpm_tis.c
@@ -0,0 +1,931 @@
+/*
+ * tpm_tis.c - QEMU's TPM TIS interface emulator
+ *
+ * Copyright (C) 2006,2010-2013 IBM Corporation
+ *
+ * Authors:
+ * Stefan Berger <stefanb@us.ibm.com>
+ * David Safford <safford@us.ibm.com>
+ *
+ * Xen 4 support: Andrease Niederl <andreas.niederl@iaik.tugraz.at>
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or later.
+ * See the COPYING file in the top-level directory.
+ *
+ * Implementation of the TIS interface according to specs found at
+ * http://www.trustedcomputinggroup.org. This implementation currently
+ * supports version 1.21, revision 1.0.
+ * In the developers menu choose the PC Client section then find the TIS
+ * specification.
+ */
+
+#include "sysemu/tpm_backend.h"
+#include "tpm_int.h"
+#include "block/block.h"
+#include "exec/address-spaces.h"
+#include "hw/hw.h"
+#include "hw/i386/pc.h"
+#include "hw/pci/pci_ids.h"
+#include "tpm_tis.h"
+#include "qemu-common.h"
+
+/*#define DEBUG_TIS */
+
+#ifdef DEBUG_TIS
+#define DPRINTF(fmt, ...) \
+ do { fprintf(stderr, fmt, ## __VA_ARGS__); } while (0)
+#else
+#define DPRINTF(fmt, ...) \
+ do { } while (0)
+#endif
+
+/* whether the STS interrupt is supported */
+#define RAISE_STS_IRQ
+
+/* tis registers */
+#define TPM_TIS_REG_ACCESS 0x00
+#define TPM_TIS_REG_INT_ENABLE 0x08
+#define TPM_TIS_REG_INT_VECTOR 0x0c
+#define TPM_TIS_REG_INT_STATUS 0x10
+#define TPM_TIS_REG_INTF_CAPABILITY 0x14
+#define TPM_TIS_REG_STS 0x18
+#define TPM_TIS_REG_DATA_FIFO 0x24
+#define TPM_TIS_REG_DID_VID 0xf00
+#define TPM_TIS_REG_RID 0xf04
+
+/* vendor-specific registers */
+#define TPM_TIS_REG_DEBUG 0xf90
+
+#define TPM_TIS_STS_VALID (1 << 7)
+#define TPM_TIS_STS_COMMAND_READY (1 << 6)
+#define TPM_TIS_STS_TPM_GO (1 << 5)
+#define TPM_TIS_STS_DATA_AVAILABLE (1 << 4)
+#define TPM_TIS_STS_EXPECT (1 << 3)
+#define TPM_TIS_STS_RESPONSE_RETRY (1 << 1)
+
+#define TPM_TIS_BURST_COUNT_SHIFT 8
+#define TPM_TIS_BURST_COUNT(X) \
+ ((X) << TPM_TIS_BURST_COUNT_SHIFT)
+
+#define TPM_TIS_ACCESS_TPM_REG_VALID_STS (1 << 7)
+#define TPM_TIS_ACCESS_ACTIVE_LOCALITY (1 << 5)
+#define TPM_TIS_ACCESS_BEEN_SEIZED (1 << 4)
+#define TPM_TIS_ACCESS_SEIZE (1 << 3)
+#define TPM_TIS_ACCESS_PENDING_REQUEST (1 << 2)
+#define TPM_TIS_ACCESS_REQUEST_USE (1 << 1)
+#define TPM_TIS_ACCESS_TPM_ESTABLISHMENT (1 << 0)
+
+#define TPM_TIS_INT_ENABLED (1 << 31)
+#define TPM_TIS_INT_DATA_AVAILABLE (1 << 0)
+#define TPM_TIS_INT_STS_VALID (1 << 1)
+#define TPM_TIS_INT_LOCALITY_CHANGED (1 << 2)
+#define TPM_TIS_INT_COMMAND_READY (1 << 7)
+
+#define TPM_TIS_INT_POLARITY_MASK (3 << 3)
+#define TPM_TIS_INT_POLARITY_LOW_LEVEL (1 << 3)
+
+#ifndef RAISE_STS_IRQ
+
+#define TPM_TIS_INTERRUPTS_SUPPORTED (TPM_TIS_INT_LOCALITY_CHANGED | \
+ TPM_TIS_INT_DATA_AVAILABLE | \
+ TPM_TIS_INT_COMMAND_READY)
+
+#else
+
+#define TPM_TIS_INTERRUPTS_SUPPORTED (TPM_TIS_INT_LOCALITY_CHANGED | \
+ TPM_TIS_INT_DATA_AVAILABLE | \
+ TPM_TIS_INT_STS_VALID | \
+ TPM_TIS_INT_COMMAND_READY)
+
+#endif
+
+#define TPM_TIS_CAP_INTERRUPT_LOW_LEVEL (1 << 4) /* support is mandatory */
+#define TPM_TIS_CAPABILITIES_SUPPORTED (TPM_TIS_CAP_INTERRUPT_LOW_LEVEL | \
+ TPM_TIS_INTERRUPTS_SUPPORTED)
+
+#define TPM_TIS_TPM_DID 0x0001
+#define TPM_TIS_TPM_VID PCI_VENDOR_ID_IBM
+#define TPM_TIS_TPM_RID 0x0001
+
+#define TPM_TIS_NO_DATA_BYTE 0xff
+
+/* local prototypes */
+
+static uint64_t tpm_tis_mmio_read(void *opaque, hwaddr addr,
+ unsigned size);
+
+/* utility functions */
+
+static uint8_t tpm_tis_locality_from_addr(hwaddr addr)
+{
+ return (uint8_t)((addr >> TPM_TIS_LOCALITY_SHIFT) & 0x7);
+}
+
+static uint32_t tpm_tis_get_size_from_buffer(const TPMSizedBuffer *sb)
+{
+ return be32_to_cpu(*(uint32_t *)&sb->buffer[2]);
+}
+
+static void tpm_tis_show_buffer(const TPMSizedBuffer *sb, const char *string)
+{
+#ifdef DEBUG_TIS
+ uint32_t len, i;
+
+ len = tpm_tis_get_size_from_buffer(sb);
+ DPRINTF("tpm_tis: %s length = %d\n", string, len);
+ for (i = 0; i < len; i++) {
+ if (i && !(i % 16)) {
+ DPRINTF("\n");
+ }
+ DPRINTF("%.2X ", sb->buffer[i]);
+ }
+ DPRINTF("\n");
+#endif
+}
+
+/*
+ * Send a request to the TPM.
+ */
+static void tpm_tis_tpm_send(TPMState *s, uint8_t locty)
+{
+ TPMTISEmuState *tis = &s->s.tis;
+
+ tpm_tis_show_buffer(&tis->loc[locty].w_buffer, "tpm_tis: To TPM");
+
+ s->locty_number = locty;
+ s->locty_data = &tis->loc[locty];
+
+ /*
+ * w_offset serves as length indicator for length of data;
+ * it's reset when the response comes back
+ */
+ tis->loc[locty].state = TPM_TIS_STATE_EXECUTION;
+
+ tpm_backend_deliver_request(s->be_driver);
+}
+
+/* raise an interrupt if allowed */
+static void tpm_tis_raise_irq(TPMState *s, uint8_t locty, uint32_t irqmask)
+{
+ TPMTISEmuState *tis = &s->s.tis;
+
+ if (!TPM_TIS_IS_VALID_LOCTY(locty)) {
+ return;
+ }
+
+ if ((tis->loc[locty].inte & TPM_TIS_INT_ENABLED) &&
+ (tis->loc[locty].inte & irqmask)) {
+ DPRINTF("tpm_tis: Raising IRQ for flag %08x\n", irqmask);
+ qemu_irq_raise(s->s.tis.irq);
+ tis->loc[locty].ints |= irqmask;
+ }
+}
+
+static uint32_t tpm_tis_check_request_use_except(TPMState *s, uint8_t locty)
+{
+ uint8_t l;
+
+ for (l = 0; l < TPM_TIS_NUM_LOCALITIES; l++) {
+ if (l == locty) {
+ continue;
+ }
+ if ((s->s.tis.loc[l].access & TPM_TIS_ACCESS_REQUEST_USE)) {
+ return 1;
+ }
+ }
+
+ return 0;
+}
+
+static void tpm_tis_new_active_locality(TPMState *s, uint8_t new_active_locty)
+{
+ TPMTISEmuState *tis = &s->s.tis;
+ bool change = (s->s.tis.active_locty != new_active_locty);
+ bool is_seize;
+ uint8_t mask;
+
+ if (change && TPM_TIS_IS_VALID_LOCTY(s->s.tis.active_locty)) {
+ is_seize = TPM_TIS_IS_VALID_LOCTY(new_active_locty) &&
+ tis->loc[new_active_locty].access & TPM_TIS_ACCESS_SEIZE;
+
+ if (is_seize) {
+ mask = ~(TPM_TIS_ACCESS_ACTIVE_LOCALITY);
+ } else {
+ mask = ~(TPM_TIS_ACCESS_ACTIVE_LOCALITY|
+ TPM_TIS_ACCESS_REQUEST_USE);
+ }
+ /* reset flags on the old active locality */
+ tis->loc[s->s.tis.active_locty].access &= mask;
+
+ if (is_seize) {
+ tis->loc[tis->active_locty].access |= TPM_TIS_ACCESS_BEEN_SEIZED;
+ }
+ }
+
+ tis->active_locty = new_active_locty;
+
+ DPRINTF("tpm_tis: Active locality is now %d\n", s->s.tis.active_locty);
+
+ if (TPM_TIS_IS_VALID_LOCTY(new_active_locty)) {
+ /* set flags on the new active locality */
+ tis->loc[new_active_locty].access |= TPM_TIS_ACCESS_ACTIVE_LOCALITY;
+ tis->loc[new_active_locty].access &= ~(TPM_TIS_ACCESS_REQUEST_USE |
+ TPM_TIS_ACCESS_SEIZE);
+ }
+
+ if (change) {
+ tpm_tis_raise_irq(s, tis->active_locty, TPM_TIS_INT_LOCALITY_CHANGED);
+ }
+}
+
+/* abort -- this function switches the locality */
+static void tpm_tis_abort(TPMState *s, uint8_t locty)
+{
+ TPMTISEmuState *tis = &s->s.tis;
+
+ tis->loc[locty].r_offset = 0;
+ tis->loc[locty].w_offset = 0;
+
+ DPRINTF("tpm_tis: tis_abort: new active locality is %d\n", tis->next_locty);
+
+ /*
+ * Need to react differently depending on who's aborting now and
+ * which locality will become active afterwards.
+ */
+ if (tis->aborting_locty == tis->next_locty) {
+ tis->loc[tis->aborting_locty].state = TPM_TIS_STATE_READY;
+ tis->loc[tis->aborting_locty].sts = TPM_TIS_STS_COMMAND_READY;
+ tpm_tis_raise_irq(s, tis->aborting_locty, TPM_TIS_INT_COMMAND_READY);
+ }
+
+ /* locality after abort is another one than the current one */
+ tpm_tis_new_active_locality(s, tis->next_locty);
+
+ tis->next_locty = TPM_TIS_NO_LOCALITY;
+ /* nobody's aborting a command anymore */
+ tis->aborting_locty = TPM_TIS_NO_LOCALITY;
+}
+
+/* prepare aborting current command */
+static void tpm_tis_prep_abort(TPMState *s, uint8_t locty, uint8_t newlocty)
+{
+ TPMTISEmuState *tis = &s->s.tis;
+ uint8_t busy_locty;
+
+ tis->aborting_locty = locty;
+ tis->next_locty = newlocty; /* locality after successful abort */
+
+ /*
+ * only abort a command using an interrupt if currently executing
+ * a command AND if there's a valid connection to the vTPM.
+ */
+ for (busy_locty = 0; busy_locty < TPM_TIS_NUM_LOCALITIES; busy_locty++) {
+ if (tis->loc[busy_locty].state == TPM_TIS_STATE_EXECUTION) {
+ /*
+ * request the backend to cancel. Some backends may not
+ * support it
+ */
+ tpm_backend_cancel_cmd(s->be_driver);
+ return;
+ }
+ }
+
+ tpm_tis_abort(s, locty);
+}
+
+static void tpm_tis_receive_bh(void *opaque)
+{
+ TPMState *s = opaque;
+ TPMTISEmuState *tis = &s->s.tis;
+ uint8_t locty = s->locty_number;
+
+ tis->loc[locty].sts = TPM_TIS_STS_VALID | TPM_TIS_STS_DATA_AVAILABLE;
+ tis->loc[locty].state = TPM_TIS_STATE_COMPLETION;
+ tis->loc[locty].r_offset = 0;
+ tis->loc[locty].w_offset = 0;
+
+ if (TPM_TIS_IS_VALID_LOCTY(tis->next_locty)) {
+ tpm_tis_abort(s, locty);
+ }
+
+#ifndef RAISE_STS_IRQ
+ tpm_tis_raise_irq(s, locty, TPM_TIS_INT_DATA_AVAILABLE);
+#else
+ tpm_tis_raise_irq(s, locty,
+ TPM_TIS_INT_DATA_AVAILABLE | TPM_TIS_INT_STS_VALID);
+#endif
+}
+
+/*
+ * Callback from the TPM to indicate that the response was received.
+ */
+static void tpm_tis_receive_cb(TPMState *s, uint8_t locty)
+{
+ TPMTISEmuState *tis = &s->s.tis;
+
+ assert(s->locty_number == locty);
+
+ qemu_bh_schedule(tis->bh);
+}
+
+/*
+ * Read a byte of response data
+ */
+static uint32_t tpm_tis_data_read(TPMState *s, uint8_t locty)
+{
+ TPMTISEmuState *tis = &s->s.tis;
+ uint32_t ret = TPM_TIS_NO_DATA_BYTE;
+ uint16_t len;
+
+ if ((tis->loc[locty].sts & TPM_TIS_STS_DATA_AVAILABLE)) {
+ len = tpm_tis_get_size_from_buffer(&tis->loc[locty].r_buffer);
+
+ ret = tis->loc[locty].r_buffer.buffer[tis->loc[locty].r_offset++];
+ if (tis->loc[locty].r_offset >= len) {
+ /* got last byte */
+ tis->loc[locty].sts = TPM_TIS_STS_VALID;
+#ifdef RAISE_STS_IRQ
+ tpm_tis_raise_irq(s, locty, TPM_TIS_INT_STS_VALID);
+#endif
+ }
+ DPRINTF("tpm_tis: tpm_tis_data_read byte 0x%02x [%d]\n",
+ ret, tis->loc[locty].r_offset-1);
+ }
+
+ return ret;
+}
+
+#ifdef DEBUG_TIS
+static void tpm_tis_dump_state(void *opaque, hwaddr addr)
+{
+ static const unsigned regs[] = {
+ TPM_TIS_REG_ACCESS,
+ TPM_TIS_REG_INT_ENABLE,
+ TPM_TIS_REG_INT_VECTOR,
+ TPM_TIS_REG_INT_STATUS,
+ TPM_TIS_REG_INTF_CAPABILITY,
+ TPM_TIS_REG_STS,
+ TPM_TIS_REG_DID_VID,
+ TPM_TIS_REG_RID,
+ 0xfff};
+ int idx;
+ uint8_t locty = tpm_tis_locality_from_addr(addr);
+ hwaddr base = addr & ~0xfff;
+ TPMState *s = opaque;
+ TPMTISEmuState *tis = &s->s.tis;
+
+ DPRINTF("tpm_tis: active locality : %d\n"
+ "tpm_tis: state of locality %d : %d\n"
+ "tpm_tis: register dump:\n",
+ tis->active_locty,
+ locty, tis->loc[locty].state);
+
+ for (idx = 0; regs[idx] != 0xfff; idx++) {
+ DPRINTF("tpm_tis: 0x%04x : 0x%08x\n", regs[idx],
+ (uint32_t)tpm_tis_mmio_read(opaque, base + regs[idx], 4));
+ }
+
+ DPRINTF("tpm_tis: read offset : %d\n"
+ "tpm_tis: result buffer : ",
+ tis->loc[locty].r_offset);
+ for (idx = 0;
+ idx < tpm_tis_get_size_from_buffer(&tis->loc[locty].r_buffer);
+ idx++) {
+ DPRINTF("%c%02x%s",
+ tis->loc[locty].r_offset == idx ? '>' : ' ',
+ tis->loc[locty].r_buffer.buffer[idx],
+ ((idx & 0xf) == 0xf) ? "\ntpm_tis: " : "");
+ }
+ DPRINTF("\n"
+ "tpm_tis: write offset : %d\n"
+ "tpm_tis: request buffer: ",
+ tis->loc[locty].w_offset);
+ for (idx = 0;
+ idx < tpm_tis_get_size_from_buffer(&tis->loc[locty].w_buffer);
+ idx++) {
+ DPRINTF("%c%02x%s",
+ tis->loc[locty].w_offset == idx ? '>' : ' ',
+ tis->loc[locty].w_buffer.buffer[idx],
+ ((idx & 0xf) == 0xf) ? "\ntpm_tis: " : "");
+ }
+ DPRINTF("\n");
+}
+#endif
+
+/*
+ * Read a register of the TIS interface
+ * See specs pages 33-63 for description of the registers
+ */
+static uint64_t tpm_tis_mmio_read(void *opaque, hwaddr addr,
+ unsigned size)
+{
+ TPMState *s = opaque;
+ TPMTISEmuState *tis = &s->s.tis;
+ uint16_t offset = addr & 0xffc;
+ uint8_t shift = (addr & 0x3) * 8;
+ uint32_t val = 0xffffffff;
+ uint8_t locty = tpm_tis_locality_from_addr(addr);
+ uint32_t avail;
+
+ if (tpm_backend_had_startup_error(s->be_driver)) {
+ return val;
+ }
+
+ switch (offset) {
+ case TPM_TIS_REG_ACCESS:
+ /* never show the SEIZE flag even though we use it internally */
+ val = tis->loc[locty].access & ~TPM_TIS_ACCESS_SEIZE;
+ /* the pending flag is always calculated */
+ if (tpm_tis_check_request_use_except(s, locty)) {
+ val |= TPM_TIS_ACCESS_PENDING_REQUEST;
+ }
+ val |= !tpm_backend_get_tpm_established_flag(s->be_driver);
+ break;
+ case TPM_TIS_REG_INT_ENABLE:
+ val = tis->loc[locty].inte;
+ break;
+ case TPM_TIS_REG_INT_VECTOR:
+ val = tis->irq_num;
+ break;
+ case TPM_TIS_REG_INT_STATUS:
+ val = tis->loc[locty].ints;
+ break;
+ case TPM_TIS_REG_INTF_CAPABILITY:
+ val = TPM_TIS_CAPABILITIES_SUPPORTED;
+ break;
+ case TPM_TIS_REG_STS:
+ if (tis->active_locty == locty) {
+ if ((tis->loc[locty].sts & TPM_TIS_STS_DATA_AVAILABLE)) {
+ val = TPM_TIS_BURST_COUNT(
+ tpm_tis_get_size_from_buffer(&tis->loc[locty].r_buffer)
+ - tis->loc[locty].r_offset) | tis->loc[locty].sts;
+ } else {
+ avail = tis->loc[locty].w_buffer.size
+ - tis->loc[locty].w_offset;
+ /*
+ * byte-sized reads should not return 0x00 for 0x100
+ * available bytes.
+ */
+ if (size == 1 && avail > 0xff) {
+ avail = 0xff;
+ }
+ val = TPM_TIS_BURST_COUNT(avail) | tis->loc[locty].sts;
+ }
+ }
+ break;
+ case TPM_TIS_REG_DATA_FIFO:
+ if (tis->active_locty == locty) {
+ switch (tis->loc[locty].state) {
+ case TPM_TIS_STATE_COMPLETION:
+ val = tpm_tis_data_read(s, locty);
+ break;
+ default:
+ val = TPM_TIS_NO_DATA_BYTE;
+ break;
+ }
+ }
+ break;
+ case TPM_TIS_REG_DID_VID:
+ val = (TPM_TIS_TPM_DID << 16) | TPM_TIS_TPM_VID;
+ break;
+ case TPM_TIS_REG_RID:
+ val = TPM_TIS_TPM_RID;
+ break;
+#ifdef DEBUG_TIS
+ case TPM_TIS_REG_DEBUG:
+ tpm_tis_dump_state(opaque, addr);
+ break;
+#endif
+ }
+
+ if (shift) {
+ val >>= shift;
+ }
+
+ DPRINTF("tpm_tis: read.%u(%08x) = %08x\n", size, (int)addr, (uint32_t)val);
+
+ return val;
+}
+
+/*
+ * Write a value to a register of the TIS interface
+ * See specs pages 33-63 for description of the registers
+ */
+static void tpm_tis_mmio_write_intern(void *opaque, hwaddr addr,
+ uint64_t val, unsigned size,
+ bool hw_access)
+{
+ TPMState *s = opaque;
+ TPMTISEmuState *tis = &s->s.tis;
+ uint16_t off = addr & 0xfff;
+ uint8_t locty = tpm_tis_locality_from_addr(addr);
+ uint8_t active_locty, l;
+ int c, set_new_locty = 1;
+ uint16_t len;
+
+ DPRINTF("tpm_tis: write.%u(%08x) = %08x\n", size, (int)addr, (uint32_t)val);
+
+ if (locty == 4 && !hw_access) {
+ DPRINTF("tpm_tis: Access to locality 4 only allowed from hardware\n");
+ return;
+ }
+
+ if (tpm_backend_had_startup_error(s->be_driver)) {
+ return;
+ }
+
+ switch (off) {
+ case TPM_TIS_REG_ACCESS:
+
+ if ((val & TPM_TIS_ACCESS_SEIZE)) {
+ val &= ~(TPM_TIS_ACCESS_REQUEST_USE |
+ TPM_TIS_ACCESS_ACTIVE_LOCALITY);
+ }
+
+ active_locty = tis->active_locty;
+
+ if ((val & TPM_TIS_ACCESS_ACTIVE_LOCALITY)) {
+ /* give up locality if currently owned */
+ if (tis->active_locty == locty) {
+ DPRINTF("tpm_tis: Releasing locality %d\n", locty);
+
+ uint8_t newlocty = TPM_TIS_NO_LOCALITY;
+ /* anybody wants the locality ? */
+ for (c = TPM_TIS_NUM_LOCALITIES - 1; c >= 0; c--) {
+ if ((tis->loc[c].access & TPM_TIS_ACCESS_REQUEST_USE)) {
+ DPRINTF("tpm_tis: Locality %d requests use.\n", c);
+ newlocty = c;
+ break;
+ }
+ }
+ DPRINTF("tpm_tis: TPM_TIS_ACCESS_ACTIVE_LOCALITY: "
+ "Next active locality: %d\n",
+ newlocty);
+
+ if (TPM_TIS_IS_VALID_LOCTY(newlocty)) {
+ set_new_locty = 0;
+ tpm_tis_prep_abort(s, locty, newlocty);
+ } else {
+ active_locty = TPM_TIS_NO_LOCALITY;
+ }
+ } else {
+ /* not currently the owner; clear a pending request */
+ tis->loc[locty].access &= ~TPM_TIS_ACCESS_REQUEST_USE;
+ }
+ }
+
+ if ((val & TPM_TIS_ACCESS_BEEN_SEIZED)) {
+ tis->loc[locty].access &= ~TPM_TIS_ACCESS_BEEN_SEIZED;
+ }
+
+ if ((val & TPM_TIS_ACCESS_SEIZE)) {
+ /*
+ * allow seize if a locality is active and the requesting
+ * locality is higher than the one that's active
+ * OR
+ * allow seize for requesting locality if no locality is
+ * active
+ */
+ while ((TPM_TIS_IS_VALID_LOCTY(tis->active_locty) &&
+ locty > tis->active_locty) ||
+ !TPM_TIS_IS_VALID_LOCTY(tis->active_locty)) {
+ bool higher_seize = FALSE;
+
+ /* already a pending SEIZE ? */
+ if ((tis->loc[locty].access & TPM_TIS_ACCESS_SEIZE)) {
+ break;
+ }
+
+ /* check for ongoing seize by a higher locality */
+ for (l = locty + 1; l < TPM_TIS_NUM_LOCALITIES; l++) {
+ if ((tis->loc[l].access & TPM_TIS_ACCESS_SEIZE)) {
+ higher_seize = TRUE;
+ break;
+ }
+ }
+
+ if (higher_seize) {
+ break;
+ }
+
+ /* cancel any seize by a lower locality */
+ for (l = 0; l < locty - 1; l++) {
+ tis->loc[l].access &= ~TPM_TIS_ACCESS_SEIZE;
+ }
+
+ tis->loc[locty].access |= TPM_TIS_ACCESS_SEIZE;
+ DPRINTF("tpm_tis: TPM_TIS_ACCESS_SEIZE: "
+ "Locality %d seized from locality %d\n",
+ locty, tis->active_locty);
+ DPRINTF("tpm_tis: TPM_TIS_ACCESS_SEIZE: Initiating abort.\n");
+ set_new_locty = 0;
+ tpm_tis_prep_abort(s, tis->active_locty, locty);
+ break;
+ }
+ }
+
+ if ((val & TPM_TIS_ACCESS_REQUEST_USE)) {
+ if (tis->active_locty != locty) {
+ if (TPM_TIS_IS_VALID_LOCTY(tis->active_locty)) {
+ tis->loc[locty].access |= TPM_TIS_ACCESS_REQUEST_USE;
+ } else {
+ /* no locality active -> make this one active now */
+ active_locty = locty;
+ }
+ }
+ }
+
+ if (set_new_locty) {
+ tpm_tis_new_active_locality(s, active_locty);
+ }
+
+ break;
+ case TPM_TIS_REG_INT_ENABLE:
+ if (tis->active_locty != locty) {
+ break;
+ }
+
+ tis->loc[locty].inte = (val & (TPM_TIS_INT_ENABLED |
+ TPM_TIS_INT_POLARITY_MASK |
+ TPM_TIS_INTERRUPTS_SUPPORTED));
+ break;
+ case TPM_TIS_REG_INT_VECTOR:
+ /* hard wired -- ignore */
+ break;
+ case TPM_TIS_REG_INT_STATUS:
+ if (tis->active_locty != locty) {
+ break;
+ }
+
+ /* clearing of interrupt flags */
+ if (((val & TPM_TIS_INTERRUPTS_SUPPORTED)) &&
+ (tis->loc[locty].ints & TPM_TIS_INTERRUPTS_SUPPORTED)) {
+ tis->loc[locty].ints &= ~val;
+ if (tis->loc[locty].ints == 0) {
+ qemu_irq_lower(tis->irq);
+ DPRINTF("tpm_tis: Lowering IRQ\n");
+ }
+ }
+ tis->loc[locty].ints &= ~(val & TPM_TIS_INTERRUPTS_SUPPORTED);
+ break;
+ case TPM_TIS_REG_STS:
+ if (tis->active_locty != locty) {
+ break;
+ }
+
+ val &= (TPM_TIS_STS_COMMAND_READY | TPM_TIS_STS_TPM_GO |
+ TPM_TIS_STS_RESPONSE_RETRY);
+
+ if (val == TPM_TIS_STS_COMMAND_READY) {
+ switch (tis->loc[locty].state) {
+
+ case TPM_TIS_STATE_READY:
+ tis->loc[locty].w_offset = 0;
+ tis->loc[locty].r_offset = 0;
+ break;
+
+ case TPM_TIS_STATE_IDLE:
+ tis->loc[locty].sts = TPM_TIS_STS_COMMAND_READY;
+ tis->loc[locty].state = TPM_TIS_STATE_READY;
+ tpm_tis_raise_irq(s, locty, TPM_TIS_INT_COMMAND_READY);
+ break;
+
+ case TPM_TIS_STATE_EXECUTION:
+ case TPM_TIS_STATE_RECEPTION:
+ /* abort currently running command */
+ DPRINTF("tpm_tis: %s: Initiating abort.\n",
+ __func__);
+ tpm_tis_prep_abort(s, locty, locty);
+ break;
+
+ case TPM_TIS_STATE_COMPLETION:
+ tis->loc[locty].w_offset = 0;
+ tis->loc[locty].r_offset = 0;
+ /* shortcut to ready state with C/R set */
+ tis->loc[locty].state = TPM_TIS_STATE_READY;
+ if (!(tis->loc[locty].sts & TPM_TIS_STS_COMMAND_READY)) {
+ tis->loc[locty].sts = TPM_TIS_STS_COMMAND_READY;
+ tpm_tis_raise_irq(s, locty, TPM_TIS_INT_COMMAND_READY);
+ }
+ tis->loc[locty].sts &= ~(TPM_TIS_STS_DATA_AVAILABLE);
+ break;
+
+ }
+ } else if (val == TPM_TIS_STS_TPM_GO) {
+ switch (tis->loc[locty].state) {
+ case TPM_TIS_STATE_RECEPTION:
+ if ((tis->loc[locty].sts & TPM_TIS_STS_EXPECT) == 0) {
+ tpm_tis_tpm_send(s, locty);
+ }
+ break;
+ default:
+ /* ignore */
+ break;
+ }
+ } else if (val == TPM_TIS_STS_RESPONSE_RETRY) {
+ switch (tis->loc[locty].state) {
+ case TPM_TIS_STATE_COMPLETION:
+ tis->loc[locty].r_offset = 0;
+ tis->loc[locty].sts = TPM_TIS_STS_VALID |
+ TPM_TIS_STS_DATA_AVAILABLE;
+ break;
+ default:
+ /* ignore */
+ break;
+ }
+ }
+ break;
+ case TPM_TIS_REG_DATA_FIFO:
+ /* data fifo */
+ if (tis->active_locty != locty) {
+ break;
+ }
+
+ if (tis->loc[locty].state == TPM_TIS_STATE_IDLE ||
+ tis->loc[locty].state == TPM_TIS_STATE_EXECUTION ||
+ tis->loc[locty].state == TPM_TIS_STATE_COMPLETION) {
+ /* drop the byte */
+ } else {
+ DPRINTF("tpm_tis: Byte to send to TPM: %02x\n", (uint8_t)val);
+ if (tis->loc[locty].state == TPM_TIS_STATE_READY) {
+ tis->loc[locty].state = TPM_TIS_STATE_RECEPTION;
+ tis->loc[locty].sts = TPM_TIS_STS_EXPECT | TPM_TIS_STS_VALID;
+ }
+
+ if ((tis->loc[locty].sts & TPM_TIS_STS_EXPECT)) {
+ if (tis->loc[locty].w_offset < tis->loc[locty].w_buffer.size) {
+ tis->loc[locty].w_buffer.
+ buffer[tis->loc[locty].w_offset++] = (uint8_t)val;
+ } else {
+ tis->loc[locty].sts = TPM_TIS_STS_VALID;
+ }
+ }
+
+ /* check for complete packet */
+ if (tis->loc[locty].w_offset > 5 &&
+ (tis->loc[locty].sts & TPM_TIS_STS_EXPECT)) {
+ /* we have a packet length - see if we have all of it */
+#ifdef RAISE_STS_IRQ
+ bool needIrq = !(tis->loc[locty].sts & TPM_TIS_STS_VALID);
+#endif
+ len = tpm_tis_get_size_from_buffer(&tis->loc[locty].w_buffer);
+ if (len > tis->loc[locty].w_offset) {
+ tis->loc[locty].sts = TPM_TIS_STS_EXPECT |
+ TPM_TIS_STS_VALID;
+ } else {
+ /* packet complete */
+ tis->loc[locty].sts = TPM_TIS_STS_VALID;
+ }
+#ifdef RAISE_STS_IRQ
+ if (needIrq) {
+ tpm_tis_raise_irq(s, locty, TPM_TIS_INT_STS_VALID);
+ }
+#endif
+ }
+ }
+ break;
+ }
+}
+
+static void tpm_tis_mmio_write(void *opaque, hwaddr addr,
+ uint64_t val, unsigned size)
+{
+ return tpm_tis_mmio_write_intern(opaque, addr, val, size, false);
+}
+
+static const MemoryRegionOps tpm_tis_memory_ops = {
+ .read = tpm_tis_mmio_read,
+ .write = tpm_tis_mmio_write,
+ .endianness = DEVICE_LITTLE_ENDIAN,
+ .valid = {
+ .min_access_size = 1,
+ .max_access_size = 4,
+ },
+};
+
+static int tpm_tis_do_startup_tpm(TPMState *s)
+{
+ return tpm_backend_startup_tpm(s->be_driver);
+}
+
+/*
+ * This function is called when the machine starts, resets or due to
+ * S3 resume.
+ */
+static void tpm_tis_reset(DeviceState *dev)
+{
+ TPMState *s = TPM(dev);
+ TPMTISEmuState *tis = &s->s.tis;
+ int c;
+
+ tpm_backend_reset(s->be_driver);
+
+ tis->active_locty = TPM_TIS_NO_LOCALITY;
+ tis->next_locty = TPM_TIS_NO_LOCALITY;
+ tis->aborting_locty = TPM_TIS_NO_LOCALITY;
+
+ for (c = 0; c < TPM_TIS_NUM_LOCALITIES; c++) {
+ tis->loc[c].access = TPM_TIS_ACCESS_TPM_REG_VALID_STS;
+ tis->loc[c].sts = 0;
+ tis->loc[c].inte = TPM_TIS_INT_POLARITY_LOW_LEVEL;
+ tis->loc[c].ints = 0;
+ tis->loc[c].state = TPM_TIS_STATE_IDLE;
+
+ tis->loc[c].w_offset = 0;
+ tpm_backend_realloc_buffer(s->be_driver, &tis->loc[c].w_buffer);
+ tis->loc[c].r_offset = 0;
+ tpm_backend_realloc_buffer(s->be_driver, &tis->loc[c].r_buffer);
+ }
+
+ tpm_tis_do_startup_tpm(s);
+}
+
+static const VMStateDescription vmstate_tpm_tis = {
+ .name = "tpm",
+ .unmigratable = 1,
+};
+
+static Property tpm_tis_properties[] = {
+ DEFINE_PROP_UINT32("irq", TPMState,
+ s.tis.irq_num, TPM_TIS_IRQ),
+ DEFINE_PROP_STRING("tpmdev", TPMState, backend),
+ DEFINE_PROP_END_OF_LIST(),
+};
+
+static void tpm_tis_realizefn(DeviceState *dev, Error **errp)
+{
+ TPMState *s = TPM(dev);
+ TPMTISEmuState *tis = &s->s.tis;
+
+ s->be_driver = qemu_find_tpm(s->backend);
+ if (!s->be_driver) {
+ error_setg(errp, "tpm_tis: backend driver with id %s could not be "
+ "found", s->backend);
+ return;
+ }
+
+ s->be_driver->fe_model = TPM_MODEL_TPM_TIS;
+
+ if (tpm_backend_init(s->be_driver, s, tpm_tis_receive_cb)) {
+ error_setg(errp, "tpm_tis: backend driver with id %s could not be "
+ "initialized", s->backend);
+ return;
+ }
+
+ if (tis->irq_num > 15) {
+ error_setg(errp, "tpm_tis: IRQ %d for TPM TIS is outside valid range "
+ "of 0 to 15.\n", tis->irq_num);
+ return;
+ }
+
+ tis->bh = qemu_bh_new(tpm_tis_receive_bh, s);
+
+ isa_init_irq(&s->busdev, &tis->irq, tis->irq_num);
+}
+
+static void tpm_tis_initfn(Object *obj)
+{
+ ISADevice *dev = ISA_DEVICE(obj);
+ TPMState *s = TPM(obj);
+
+ memory_region_init_io(&s->mmio, OBJECT(s), &tpm_tis_memory_ops,
+ s, "tpm-tis-mmio",
+ TPM_TIS_NUM_LOCALITIES << TPM_TIS_LOCALITY_SHIFT);
+ memory_region_add_subregion(isa_address_space(dev), TPM_TIS_ADDR_BASE,
+ &s->mmio);
+}
+
+static void tpm_tis_uninitfn(Object *obj)
+{
+ TPMState *s = TPM(obj);
+
+ memory_region_del_subregion(get_system_memory(), &s->mmio);
+ memory_region_destroy(&s->mmio);
+}
+
+static void tpm_tis_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+
+ dc->realize = tpm_tis_realizefn;
+ dc->props = tpm_tis_properties;
+ dc->reset = tpm_tis_reset;
+ dc->vmsd = &vmstate_tpm_tis;
+}
+
+static const TypeInfo tpm_tis_info = {
+ .name = TYPE_TPM_TIS,
+ .parent = TYPE_ISA_DEVICE,
+ .instance_size = sizeof(TPMState),
+ .instance_init = tpm_tis_initfn,
+ .instance_finalize = tpm_tis_uninitfn,
+ .class_init = tpm_tis_class_init,
+};
+
+static void tpm_tis_register(void)
+{
+ type_register_static(&tpm_tis_info);
+ tpm_register_model(TPM_MODEL_TPM_TIS);
+}
+
+type_init(tpm_tis_register)
diff --git a/hw/tpm/tpm_tis.h b/hw/tpm/tpm_tis.h
new file mode 100644
index 000000000..916152ae3
--- /dev/null
+++ b/hw/tpm/tpm_tis.h
@@ -0,0 +1,75 @@
+/*
+ * tpm_tis.h - QEMU's TPM TIS interface emulator
+ *
+ * Copyright (C) 2006, 2010-2013 IBM Corporation
+ *
+ * Authors:
+ * Stefan Berger <stefanb@us.ibm.com>
+ * David Safford <safford@us.ibm.com>
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or later.
+ * See the COPYING file in the top-level directory.
+ *
+ * Implementation of the TIS interface according to specs found at
+ * http://www.trustedcomputinggroup.org
+ *
+ */
+#ifndef TPM_TPM_TIS_H
+#define TPM_TPM_TIS_H
+
+#include "hw/isa/isa.h"
+#include "qemu-common.h"
+
+#define TPM_TIS_ADDR_BASE 0xFED40000
+
+#define TPM_TIS_NUM_LOCALITIES 5 /* per spec */
+#define TPM_TIS_LOCALITY_SHIFT 12
+#define TPM_TIS_NO_LOCALITY 0xff
+
+#define TPM_TIS_IS_VALID_LOCTY(x) ((x) < TPM_TIS_NUM_LOCALITIES)
+
+#define TPM_TIS_IRQ 5
+
+#define TPM_TIS_BUFFER_MAX 4096
+
+#define TYPE_TPM_TIS "tpm-tis"
+
+
+typedef enum {
+ TPM_TIS_STATE_IDLE = 0,
+ TPM_TIS_STATE_READY,
+ TPM_TIS_STATE_COMPLETION,
+ TPM_TIS_STATE_EXECUTION,
+ TPM_TIS_STATE_RECEPTION,
+} TPMTISState;
+
+/* locality data -- all fields are persisted */
+typedef struct TPMLocality {
+ TPMTISState state;
+ uint8_t access;
+ uint8_t sts;
+ uint32_t inte;
+ uint32_t ints;
+
+ uint16_t w_offset;
+ uint16_t r_offset;
+ TPMSizedBuffer w_buffer;
+ TPMSizedBuffer r_buffer;
+} TPMLocality;
+
+typedef struct TPMTISEmuState {
+ QEMUBH *bh;
+ uint32_t offset;
+ uint8_t buf[TPM_TIS_BUFFER_MAX];
+
+ uint8_t active_locty;
+ uint8_t aborting_locty;
+ uint8_t next_locty;
+
+ TPMLocality loc[TPM_TIS_NUM_LOCALITIES];
+
+ qemu_irq irq;
+ uint32_t irq_num;
+} TPMTISEmuState;
+
+#endif /* TPM_TPM_TIS_H */
diff --git a/hw/tsc2005.c b/hw/tsc2005.c
deleted file mode 100644
index 9a500ebb3..000000000
--- a/hw/tsc2005.c
+++ /dev/null
@@ -1,593 +0,0 @@
-/*
- * TI TSC2005 emulator.
- *
- * Copyright (c) 2006 Andrzej Zaborowski <balrog@zabor.org>
- * Copyright (C) 2008 Nokia Corporation
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License as
- * published by the Free Software Foundation; either version 2 or
- * (at your option) version 3 of the License.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, see <http://www.gnu.org/licenses/>.
- */
-
-#include "hw.h"
-#include "qemu-timer.h"
-#include "console.h"
-#include "devices.h"
-
-#define TSC_CUT_RESOLUTION(value, p) ((value) >> (16 - (p ? 12 : 10)))
-
-typedef struct {
- qemu_irq pint; /* Combination of the nPENIRQ and DAV signals */
- QEMUTimer *timer;
- uint16_t model;
-
- int x, y;
- int pressure;
-
- int state, reg, irq, command;
- uint16_t data, dav;
-
- int busy;
- int enabled;
- int host_mode;
- int function;
- int nextfunction;
- int precision;
- int nextprecision;
- int filter;
- int pin_func;
- int timing[2];
- int noise;
- int reset;
- int pdst;
- int pnd0;
- uint16_t temp_thr[2];
- uint16_t aux_thr[2];
-
- int tr[8];
-} TSC2005State;
-
-enum {
- TSC_MODE_XYZ_SCAN = 0x0,
- TSC_MODE_XY_SCAN,
- TSC_MODE_X,
- TSC_MODE_Y,
- TSC_MODE_Z,
- TSC_MODE_AUX,
- TSC_MODE_TEMP1,
- TSC_MODE_TEMP2,
- TSC_MODE_AUX_SCAN,
- TSC_MODE_X_TEST,
- TSC_MODE_Y_TEST,
- TSC_MODE_TS_TEST,
- TSC_MODE_RESERVED,
- TSC_MODE_XX_DRV,
- TSC_MODE_YY_DRV,
- TSC_MODE_YX_DRV,
-};
-
-static const uint16_t mode_regs[16] = {
- 0xf000, /* X, Y, Z scan */
- 0xc000, /* X, Y scan */
- 0x8000, /* X */
- 0x4000, /* Y */
- 0x3000, /* Z */
- 0x0800, /* AUX */
- 0x0400, /* TEMP1 */
- 0x0200, /* TEMP2 */
- 0x0800, /* AUX scan */
- 0x0040, /* X test */
- 0x0020, /* Y test */
- 0x0080, /* Short-circuit test */
- 0x0000, /* Reserved */
- 0x0000, /* X+, X- drivers */
- 0x0000, /* Y+, Y- drivers */
- 0x0000, /* Y+, X- drivers */
-};
-
-#define X_TRANSFORM(s) \
- ((s->y * s->tr[0] - s->x * s->tr[1]) / s->tr[2] + s->tr[3])
-#define Y_TRANSFORM(s) \
- ((s->y * s->tr[4] - s->x * s->tr[5]) / s->tr[6] + s->tr[7])
-#define Z1_TRANSFORM(s) \
- ((400 - ((s)->x >> 7) + ((s)->pressure << 10)) << 4)
-#define Z2_TRANSFORM(s) \
- ((4000 + ((s)->y >> 7) - ((s)->pressure << 10)) << 4)
-
-#define AUX_VAL (700 << 4) /* +/- 3 at 12-bit */
-#define TEMP1_VAL (1264 << 4) /* +/- 5 at 12-bit */
-#define TEMP2_VAL (1531 << 4) /* +/- 5 at 12-bit */
-
-static uint16_t tsc2005_read(TSC2005State *s, int reg)
-{
- uint16_t ret;
-
- switch (reg) {
- case 0x0: /* X */
- s->dav &= ~mode_regs[TSC_MODE_X];
- return TSC_CUT_RESOLUTION(X_TRANSFORM(s), s->precision) +
- (s->noise & 3);
- case 0x1: /* Y */
- s->dav &= ~mode_regs[TSC_MODE_Y];
- s->noise ++;
- return TSC_CUT_RESOLUTION(Y_TRANSFORM(s), s->precision) ^
- (s->noise & 3);
- case 0x2: /* Z1 */
- s->dav &= 0xdfff;
- return TSC_CUT_RESOLUTION(Z1_TRANSFORM(s), s->precision) -
- (s->noise & 3);
- case 0x3: /* Z2 */
- s->dav &= 0xefff;
- return TSC_CUT_RESOLUTION(Z2_TRANSFORM(s), s->precision) |
- (s->noise & 3);
-
- case 0x4: /* AUX */
- s->dav &= ~mode_regs[TSC_MODE_AUX];
- return TSC_CUT_RESOLUTION(AUX_VAL, s->precision);
-
- case 0x5: /* TEMP1 */
- s->dav &= ~mode_regs[TSC_MODE_TEMP1];
- return TSC_CUT_RESOLUTION(TEMP1_VAL, s->precision) -
- (s->noise & 5);
- case 0x6: /* TEMP2 */
- s->dav &= 0xdfff;
- s->dav &= ~mode_regs[TSC_MODE_TEMP2];
- return TSC_CUT_RESOLUTION(TEMP2_VAL, s->precision) ^
- (s->noise & 3);
-
- case 0x7: /* Status */
- ret = s->dav | (s->reset << 7) | (s->pdst << 2) | 0x0;
- s->dav &= ~(mode_regs[TSC_MODE_X_TEST] | mode_regs[TSC_MODE_Y_TEST] |
- mode_regs[TSC_MODE_TS_TEST]);
- s->reset = 1;
- return ret;
-
- case 0x8: /* AUX high treshold */
- return s->aux_thr[1];
- case 0x9: /* AUX low treshold */
- return s->aux_thr[0];
-
- case 0xa: /* TEMP high treshold */
- return s->temp_thr[1];
- case 0xb: /* TEMP low treshold */
- return s->temp_thr[0];
-
- case 0xc: /* CFR0 */
- return (s->pressure << 15) | ((!s->busy) << 14) |
- (s->nextprecision << 13) | s->timing[0];
- case 0xd: /* CFR1 */
- return s->timing[1];
- case 0xe: /* CFR2 */
- return (s->pin_func << 14) | s->filter;
-
- case 0xf: /* Function select status */
- return s->function >= 0 ? 1 << s->function : 0;
- }
-
- /* Never gets here */
- return 0xffff;
-}
-
-static void tsc2005_write(TSC2005State *s, int reg, uint16_t data)
-{
- switch (reg) {
- case 0x8: /* AUX high treshold */
- s->aux_thr[1] = data;
- break;
- case 0x9: /* AUX low treshold */
- s->aux_thr[0] = data;
- break;
-
- case 0xa: /* TEMP high treshold */
- s->temp_thr[1] = data;
- break;
- case 0xb: /* TEMP low treshold */
- s->temp_thr[0] = data;
- break;
-
- case 0xc: /* CFR0 */
- s->host_mode = data >> 15;
- if (s->enabled != !(data & 0x4000)) {
- s->enabled = !(data & 0x4000);
- fprintf(stderr, "%s: touchscreen sense %sabled\n",
- __FUNCTION__, s->enabled ? "en" : "dis");
- if (s->busy && !s->enabled)
- qemu_del_timer(s->timer);
- s->busy &= s->enabled;
- }
- s->nextprecision = (data >> 13) & 1;
- s->timing[0] = data & 0x1fff;
- if ((s->timing[0] >> 11) == 3)
- fprintf(stderr, "%s: illegal conversion clock setting\n",
- __FUNCTION__);
- break;
- case 0xd: /* CFR1 */
- s->timing[1] = data & 0xf07;
- break;
- case 0xe: /* CFR2 */
- s->pin_func = (data >> 14) & 3;
- s->filter = data & 0x3fff;
- break;
-
- default:
- fprintf(stderr, "%s: write into read-only register %x\n",
- __FUNCTION__, reg);
- }
-}
-
-/* This handles most of the chip's logic. */
-static void tsc2005_pin_update(TSC2005State *s)
-{
- int64_t expires;
- int pin_state;
-
- switch (s->pin_func) {
- case 0:
- pin_state = !s->pressure && !!s->dav;
- break;
- case 1:
- case 3:
- default:
- pin_state = !s->dav;
- break;
- case 2:
- pin_state = !s->pressure;
- }
-
- if (pin_state != s->irq) {
- s->irq = pin_state;
- qemu_set_irq(s->pint, s->irq);
- }
-
- switch (s->nextfunction) {
- case TSC_MODE_XYZ_SCAN:
- case TSC_MODE_XY_SCAN:
- if (!s->host_mode && s->dav)
- s->enabled = 0;
- if (!s->pressure)
- return;
- /* Fall through */
- case TSC_MODE_AUX_SCAN:
- break;
-
- case TSC_MODE_X:
- case TSC_MODE_Y:
- case TSC_MODE_Z:
- if (!s->pressure)
- return;
- /* Fall through */
- case TSC_MODE_AUX:
- case TSC_MODE_TEMP1:
- case TSC_MODE_TEMP2:
- case TSC_MODE_X_TEST:
- case TSC_MODE_Y_TEST:
- case TSC_MODE_TS_TEST:
- if (s->dav)
- s->enabled = 0;
- break;
-
- case TSC_MODE_RESERVED:
- case TSC_MODE_XX_DRV:
- case TSC_MODE_YY_DRV:
- case TSC_MODE_YX_DRV:
- default:
- return;
- }
-
- if (!s->enabled || s->busy)
- return;
-
- s->busy = 1;
- s->precision = s->nextprecision;
- s->function = s->nextfunction;
- s->pdst = !s->pnd0; /* Synchronised on internal clock */
- expires = qemu_get_clock_ns(vm_clock) + (get_ticks_per_sec() >> 7);
- qemu_mod_timer(s->timer, expires);
-}
-
-static void tsc2005_reset(TSC2005State *s)
-{
- s->state = 0;
- s->pin_func = 0;
- s->enabled = 0;
- s->busy = 0;
- s->nextprecision = 0;
- s->nextfunction = 0;
- s->timing[0] = 0;
- s->timing[1] = 0;
- s->irq = 0;
- s->dav = 0;
- s->reset = 0;
- s->pdst = 1;
- s->pnd0 = 0;
- s->function = -1;
- s->temp_thr[0] = 0x000;
- s->temp_thr[1] = 0xfff;
- s->aux_thr[0] = 0x000;
- s->aux_thr[1] = 0xfff;
-
- tsc2005_pin_update(s);
-}
-
-static uint8_t tsc2005_txrx_word(void *opaque, uint8_t value)
-{
- TSC2005State *s = opaque;
- uint32_t ret = 0;
-
- switch (s->state ++) {
- case 0:
- if (value & 0x80) {
- /* Command */
- if (value & (1 << 1))
- tsc2005_reset(s);
- else {
- s->nextfunction = (value >> 3) & 0xf;
- s->nextprecision = (value >> 2) & 1;
- if (s->enabled != !(value & 1)) {
- s->enabled = !(value & 1);
- fprintf(stderr, "%s: touchscreen sense %sabled\n",
- __FUNCTION__, s->enabled ? "en" : "dis");
- if (s->busy && !s->enabled)
- qemu_del_timer(s->timer);
- s->busy &= s->enabled;
- }
- tsc2005_pin_update(s);
- }
-
- s->state = 0;
- } else if (value) {
- /* Data transfer */
- s->reg = (value >> 3) & 0xf;
- s->pnd0 = (value >> 1) & 1;
- s->command = value & 1;
-
- if (s->command) {
- /* Read */
- s->data = tsc2005_read(s, s->reg);
- tsc2005_pin_update(s);
- } else
- s->data = 0;
- } else
- s->state = 0;
- break;
-
- case 1:
- if (s->command)
- ret = (s->data >> 8) & 0xff;
- else
- s->data |= value << 8;
- break;
-
- case 2:
- if (s->command)
- ret = s->data & 0xff;
- else {
- s->data |= value;
- tsc2005_write(s, s->reg, s->data);
- tsc2005_pin_update(s);
- }
-
- s->state = 0;
- break;
- }
-
- return ret;
-}
-
-uint32_t tsc2005_txrx(void *opaque, uint32_t value, int len)
-{
- uint32_t ret = 0;
-
- len &= ~7;
- while (len > 0) {
- len -= 8;
- ret |= tsc2005_txrx_word(opaque, (value >> len) & 0xff) << len;
- }
-
- return ret;
-}
-
-static void tsc2005_timer_tick(void *opaque)
-{
- TSC2005State *s = opaque;
-
- /* Timer ticked -- a set of conversions has been finished. */
-
- if (!s->busy)
- return;
-
- s->busy = 0;
- s->dav |= mode_regs[s->function];
- s->function = -1;
- tsc2005_pin_update(s);
-}
-
-static void tsc2005_touchscreen_event(void *opaque,
- int x, int y, int z, int buttons_state)
-{
- TSC2005State *s = opaque;
- int p = s->pressure;
-
- if (buttons_state) {
- s->x = x;
- s->y = y;
- }
- s->pressure = !!buttons_state;
-
- /*
- * Note: We would get better responsiveness in the guest by
- * signaling TS events immediately, but for now we simulate
- * the first conversion delay for sake of correctness.
- */
- if (p != s->pressure)
- tsc2005_pin_update(s);
-}
-
-static void tsc2005_save(QEMUFile *f, void *opaque)
-{
- TSC2005State *s = (TSC2005State *) opaque;
- int i;
-
- qemu_put_be16(f, s->x);
- qemu_put_be16(f, s->y);
- qemu_put_byte(f, s->pressure);
-
- qemu_put_byte(f, s->state);
- qemu_put_byte(f, s->reg);
- qemu_put_byte(f, s->command);
-
- qemu_put_byte(f, s->irq);
- qemu_put_be16s(f, &s->dav);
- qemu_put_be16s(f, &s->data);
-
- qemu_put_timer(f, s->timer);
- qemu_put_byte(f, s->enabled);
- qemu_put_byte(f, s->host_mode);
- qemu_put_byte(f, s->function);
- qemu_put_byte(f, s->nextfunction);
- qemu_put_byte(f, s->precision);
- qemu_put_byte(f, s->nextprecision);
- qemu_put_be16(f, s->filter);
- qemu_put_byte(f, s->pin_func);
- qemu_put_be16(f, s->timing[0]);
- qemu_put_be16(f, s->timing[1]);
- qemu_put_be16s(f, &s->temp_thr[0]);
- qemu_put_be16s(f, &s->temp_thr[1]);
- qemu_put_be16s(f, &s->aux_thr[0]);
- qemu_put_be16s(f, &s->aux_thr[1]);
- qemu_put_be32(f, s->noise);
- qemu_put_byte(f, s->reset);
- qemu_put_byte(f, s->pdst);
- qemu_put_byte(f, s->pnd0);
-
- for (i = 0; i < 8; i ++)
- qemu_put_be32(f, s->tr[i]);
-}
-
-static int tsc2005_load(QEMUFile *f, void *opaque, int version_id)
-{
- TSC2005State *s = (TSC2005State *) opaque;
- int i;
-
- s->x = qemu_get_be16(f);
- s->y = qemu_get_be16(f);
- s->pressure = qemu_get_byte(f);
-
- s->state = qemu_get_byte(f);
- s->reg = qemu_get_byte(f);
- s->command = qemu_get_byte(f);
-
- s->irq = qemu_get_byte(f);
- qemu_get_be16s(f, &s->dav);
- qemu_get_be16s(f, &s->data);
-
- qemu_get_timer(f, s->timer);
- s->enabled = qemu_get_byte(f);
- s->host_mode = qemu_get_byte(f);
- s->function = qemu_get_byte(f);
- s->nextfunction = qemu_get_byte(f);
- s->precision = qemu_get_byte(f);
- s->nextprecision = qemu_get_byte(f);
- s->filter = qemu_get_be16(f);
- s->pin_func = qemu_get_byte(f);
- s->timing[0] = qemu_get_be16(f);
- s->timing[1] = qemu_get_be16(f);
- qemu_get_be16s(f, &s->temp_thr[0]);
- qemu_get_be16s(f, &s->temp_thr[1]);
- qemu_get_be16s(f, &s->aux_thr[0]);
- qemu_get_be16s(f, &s->aux_thr[1]);
- s->noise = qemu_get_be32(f);
- s->reset = qemu_get_byte(f);
- s->pdst = qemu_get_byte(f);
- s->pnd0 = qemu_get_byte(f);
-
- for (i = 0; i < 8; i ++)
- s->tr[i] = qemu_get_be32(f);
-
- s->busy = qemu_timer_pending(s->timer);
- tsc2005_pin_update(s);
-
- return 0;
-}
-
-void *tsc2005_init(qemu_irq pintdav)
-{
- TSC2005State *s;
-
- s = (TSC2005State *)
- g_malloc0(sizeof(TSC2005State));
- s->x = 400;
- s->y = 240;
- s->pressure = 0;
- s->precision = s->nextprecision = 0;
- s->timer = qemu_new_timer_ns(vm_clock, tsc2005_timer_tick, s);
- s->pint = pintdav;
- s->model = 0x2005;
-
- s->tr[0] = 0;
- s->tr[1] = 1;
- s->tr[2] = 1;
- s->tr[3] = 0;
- s->tr[4] = 1;
- s->tr[5] = 0;
- s->tr[6] = 1;
- s->tr[7] = 0;
-
- tsc2005_reset(s);
-
- qemu_add_mouse_event_handler(tsc2005_touchscreen_event, s, 1,
- "QEMU TSC2005-driven Touchscreen");
-
- qemu_register_reset((void *) tsc2005_reset, s);
- register_savevm(NULL, "tsc2005", -1, 0, tsc2005_save, tsc2005_load, s);
-
- return s;
-}
-
-/*
- * Use tslib generated calibration data to generate ADC input values
- * from the touchscreen. Assuming 12-bit precision was used during
- * tslib calibration.
- */
-void tsc2005_set_transform(void *opaque, MouseTransformInfo *info)
-{
- TSC2005State *s = (TSC2005State *) opaque;
-
- /* This version assumes touchscreen X & Y axis are parallel or
- * perpendicular to LCD's X & Y axis in some way. */
- if (abs(info->a[0]) > abs(info->a[1])) {
- s->tr[0] = 0;
- s->tr[1] = -info->a[6] * info->x;
- s->tr[2] = info->a[0];
- s->tr[3] = -info->a[2] / info->a[0];
- s->tr[4] = info->a[6] * info->y;
- s->tr[5] = 0;
- s->tr[6] = info->a[4];
- s->tr[7] = -info->a[5] / info->a[4];
- } else {
- s->tr[0] = info->a[6] * info->y;
- s->tr[1] = 0;
- s->tr[2] = info->a[1];
- s->tr[3] = -info->a[2] / info->a[1];
- s->tr[4] = 0;
- s->tr[5] = -info->a[6] * info->x;
- s->tr[6] = info->a[3];
- s->tr[7] = -info->a[5] / info->a[3];
- }
-
- s->tr[0] >>= 11;
- s->tr[1] >>= 11;
- s->tr[3] <<= 4;
- s->tr[4] >>= 11;
- s->tr[5] >>= 11;
- s->tr[7] <<= 4;
-}
diff --git a/hw/tsc210x.c b/hw/tsc210x.c
deleted file mode 100644
index 3c448a6f0..000000000
--- a/hw/tsc210x.c
+++ /dev/null
@@ -1,1293 +0,0 @@
-/*
- * TI TSC2102 (touchscreen/sensors/audio controller) emulator.
- * TI TSC2301 (touchscreen/sensors/keypad).
- *
- * Copyright (c) 2006 Andrzej Zaborowski <balrog@zabor.org>
- * Copyright (C) 2008 Nokia Corporation
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License as
- * published by the Free Software Foundation; either version 2 or
- * (at your option) version 3 of the License.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, see <http://www.gnu.org/licenses/>.
- */
-
-#include "hw.h"
-#include "audio/audio.h"
-#include "qemu-timer.h"
-#include "console.h"
-#include "omap.h" /* For I2SCodec and uWireSlave */
-#include "devices.h"
-
-#define TSC_DATA_REGISTERS_PAGE 0x0
-#define TSC_CONTROL_REGISTERS_PAGE 0x1
-#define TSC_AUDIO_REGISTERS_PAGE 0x2
-
-#define TSC_VERBOSE
-
-#define TSC_CUT_RESOLUTION(value, p) ((value) >> (16 - resolution[p]))
-
-typedef struct {
- qemu_irq pint;
- qemu_irq kbint;
- qemu_irq davint;
- QEMUTimer *timer;
- QEMUSoundCard card;
- uWireSlave chip;
- I2SCodec codec;
- uint8_t in_fifo[16384];
- uint8_t out_fifo[16384];
- uint16_t model;
-
- int x, y;
- int pressure;
-
- int state, page, offset, irq;
- uint16_t command, dav;
-
- int busy;
- int enabled;
- int host_mode;
- int function;
- int nextfunction;
- int precision;
- int nextprecision;
- int filter;
- int pin_func;
- int ref;
- int timing;
- int noise;
-
- uint16_t audio_ctrl1;
- uint16_t audio_ctrl2;
- uint16_t audio_ctrl3;
- uint16_t pll[3];
- uint16_t volume;
- int64_t volume_change;
- int softstep;
- uint16_t dac_power;
- int64_t powerdown;
- uint16_t filter_data[0x14];
-
- const char *name;
- SWVoiceIn *adc_voice[1];
- SWVoiceOut *dac_voice[1];
- int i2s_rx_rate;
- int i2s_tx_rate;
-
- int tr[8];
-
- struct {
- uint16_t down;
- uint16_t mask;
- int scan;
- int debounce;
- int mode;
- int intr;
- } kb;
-} TSC210xState;
-
-static const int resolution[4] = { 12, 8, 10, 12 };
-
-#define TSC_MODE_NO_SCAN 0x0
-#define TSC_MODE_XY_SCAN 0x1
-#define TSC_MODE_XYZ_SCAN 0x2
-#define TSC_MODE_X 0x3
-#define TSC_MODE_Y 0x4
-#define TSC_MODE_Z 0x5
-#define TSC_MODE_BAT1 0x6
-#define TSC_MODE_BAT2 0x7
-#define TSC_MODE_AUX 0x8
-#define TSC_MODE_AUX_SCAN 0x9
-#define TSC_MODE_TEMP1 0xa
-#define TSC_MODE_PORT_SCAN 0xb
-#define TSC_MODE_TEMP2 0xc
-#define TSC_MODE_XX_DRV 0xd
-#define TSC_MODE_YY_DRV 0xe
-#define TSC_MODE_YX_DRV 0xf
-
-static const uint16_t mode_regs[16] = {
- 0x0000, /* No scan */
- 0x0600, /* X, Y scan */
- 0x0780, /* X, Y, Z scan */
- 0x0400, /* X */
- 0x0200, /* Y */
- 0x0180, /* Z */
- 0x0040, /* BAT1 */
- 0x0030, /* BAT2 */
- 0x0010, /* AUX */
- 0x0010, /* AUX scan */
- 0x0004, /* TEMP1 */
- 0x0070, /* Port scan */
- 0x0002, /* TEMP2 */
- 0x0000, /* X+, X- drivers */
- 0x0000, /* Y+, Y- drivers */
- 0x0000, /* Y+, X- drivers */
-};
-
-#define X_TRANSFORM(s) \
- ((s->y * s->tr[0] - s->x * s->tr[1]) / s->tr[2] + s->tr[3])
-#define Y_TRANSFORM(s) \
- ((s->y * s->tr[4] - s->x * s->tr[5]) / s->tr[6] + s->tr[7])
-#define Z1_TRANSFORM(s) \
- ((400 - ((s)->x >> 7) + ((s)->pressure << 10)) << 4)
-#define Z2_TRANSFORM(s) \
- ((4000 + ((s)->y >> 7) - ((s)->pressure << 10)) << 4)
-
-#define BAT1_VAL 0x8660
-#define BAT2_VAL 0x0000
-#define AUX1_VAL 0x35c0
-#define AUX2_VAL 0xffff
-#define TEMP1_VAL 0x8c70
-#define TEMP2_VAL 0xa5b0
-
-#define TSC_POWEROFF_DELAY 50
-#define TSC_SOFTSTEP_DELAY 50
-
-static void tsc210x_reset(TSC210xState *s)
-{
- s->state = 0;
- s->pin_func = 2;
- s->enabled = 0;
- s->busy = 0;
- s->nextfunction = 0;
- s->ref = 0;
- s->timing = 0;
- s->irq = 0;
- s->dav = 0;
-
- s->audio_ctrl1 = 0x0000;
- s->audio_ctrl2 = 0x4410;
- s->audio_ctrl3 = 0x0000;
- s->pll[0] = 0x1004;
- s->pll[1] = 0x0000;
- s->pll[2] = 0x1fff;
- s->volume = 0xffff;
- s->dac_power = 0x8540;
- s->softstep = 1;
- s->volume_change = 0;
- s->powerdown = 0;
- s->filter_data[0x00] = 0x6be3;
- s->filter_data[0x01] = 0x9666;
- s->filter_data[0x02] = 0x675d;
- s->filter_data[0x03] = 0x6be3;
- s->filter_data[0x04] = 0x9666;
- s->filter_data[0x05] = 0x675d;
- s->filter_data[0x06] = 0x7d83;
- s->filter_data[0x07] = 0x84ee;
- s->filter_data[0x08] = 0x7d83;
- s->filter_data[0x09] = 0x84ee;
- s->filter_data[0x0a] = 0x6be3;
- s->filter_data[0x0b] = 0x9666;
- s->filter_data[0x0c] = 0x675d;
- s->filter_data[0x0d] = 0x6be3;
- s->filter_data[0x0e] = 0x9666;
- s->filter_data[0x0f] = 0x675d;
- s->filter_data[0x10] = 0x7d83;
- s->filter_data[0x11] = 0x84ee;
- s->filter_data[0x12] = 0x7d83;
- s->filter_data[0x13] = 0x84ee;
-
- s->i2s_tx_rate = 0;
- s->i2s_rx_rate = 0;
-
- s->kb.scan = 1;
- s->kb.debounce = 0;
- s->kb.mask = 0x0000;
- s->kb.mode = 3;
- s->kb.intr = 0;
-
- qemu_set_irq(s->pint, !s->irq);
- qemu_set_irq(s->davint, !s->dav);
- qemu_irq_raise(s->kbint);
-}
-
-typedef struct {
- int rate;
- int dsor;
- int fsref;
-} TSC210xRateInfo;
-
-/* { rate, dsor, fsref } */
-static const TSC210xRateInfo tsc2101_rates[] = {
- /* Fsref / 6.0 */
- { 7350, 7, 1 },
- { 8000, 7, 0 },
- /* Fsref / 5.5 */
- { 8018, 6, 1 },
- { 8727, 6, 0 },
- /* Fsref / 5.0 */
- { 8820, 5, 1 },
- { 9600, 5, 0 },
- /* Fsref / 4.0 */
- { 11025, 4, 1 },
- { 12000, 4, 0 },
- /* Fsref / 3.0 */
- { 14700, 3, 1 },
- { 16000, 3, 0 },
- /* Fsref / 2.0 */
- { 22050, 2, 1 },
- { 24000, 2, 0 },
- /* Fsref / 1.5 */
- { 29400, 1, 1 },
- { 32000, 1, 0 },
- /* Fsref */
- { 44100, 0, 1 },
- { 48000, 0, 0 },
-
- { 0, 0, 0 },
-};
-
-/* { rate, dsor, fsref } */
-static const TSC210xRateInfo tsc2102_rates[] = {
- /* Fsref / 6.0 */
- { 7350, 63, 1 },
- { 8000, 63, 0 },
- /* Fsref / 6.0 */
- { 7350, 54, 1 },
- { 8000, 54, 0 },
- /* Fsref / 5.0 */
- { 8820, 45, 1 },
- { 9600, 45, 0 },
- /* Fsref / 4.0 */
- { 11025, 36, 1 },
- { 12000, 36, 0 },
- /* Fsref / 3.0 */
- { 14700, 27, 1 },
- { 16000, 27, 0 },
- /* Fsref / 2.0 */
- { 22050, 18, 1 },
- { 24000, 18, 0 },
- /* Fsref / 1.5 */
- { 29400, 9, 1 },
- { 32000, 9, 0 },
- /* Fsref */
- { 44100, 0, 1 },
- { 48000, 0, 0 },
-
- { 0, 0, 0 },
-};
-
-static inline void tsc210x_out_flush(TSC210xState *s, int len)
-{
- uint8_t *data = s->codec.out.fifo + s->codec.out.start;
- uint8_t *end = data + len;
-
- while (data < end)
- data += AUD_write(s->dac_voice[0], data, end - data) ?: (end - data);
-
- s->codec.out.len -= len;
- if (s->codec.out.len)
- memmove(s->codec.out.fifo, end, s->codec.out.len);
- s->codec.out.start = 0;
-}
-
-static void tsc210x_audio_out_cb(TSC210xState *s, int free_b)
-{
- if (s->codec.out.len >= free_b) {
- tsc210x_out_flush(s, free_b);
- return;
- }
-
- s->codec.out.size = MIN(free_b, 16384);
- qemu_irq_raise(s->codec.tx_start);
-}
-
-static void tsc2102_audio_rate_update(TSC210xState *s)
-{
- const TSC210xRateInfo *rate;
-
- s->codec.tx_rate = 0;
- s->codec.rx_rate = 0;
- if (s->dac_power & (1 << 15)) /* PWDNC */
- return;
-
- for (rate = tsc2102_rates; rate->rate; rate ++)
- if (rate->dsor == (s->audio_ctrl1 & 0x3f) && /* DACFS */
- rate->fsref == ((s->audio_ctrl3 >> 13) & 1))/* REFFS */
- break;
- if (!rate->rate) {
- printf("%s: unknown sampling rate configured\n", __FUNCTION__);
- return;
- }
-
- s->codec.tx_rate = rate->rate;
-}
-
-static void tsc2102_audio_output_update(TSC210xState *s)
-{
- int enable;
- struct audsettings fmt;
-
- if (s->dac_voice[0]) {
- tsc210x_out_flush(s, s->codec.out.len);
- s->codec.out.size = 0;
- AUD_set_active_out(s->dac_voice[0], 0);
- AUD_close_out(&s->card, s->dac_voice[0]);
- s->dac_voice[0] = NULL;
- }
- s->codec.cts = 0;
-
- enable =
- (~s->dac_power & (1 << 15)) && /* PWDNC */
- (~s->dac_power & (1 << 10)); /* DAPWDN */
- if (!enable || !s->codec.tx_rate)
- return;
-
- /* Force our own sampling rate even in slave DAC mode */
- fmt.endianness = 0;
- fmt.nchannels = 2;
- fmt.freq = s->codec.tx_rate;
- fmt.fmt = AUD_FMT_S16;
-
- s->dac_voice[0] = AUD_open_out(&s->card, s->dac_voice[0],
- "tsc2102.sink", s, (void *) tsc210x_audio_out_cb, &fmt);
- if (s->dac_voice[0]) {
- s->codec.cts = 1;
- AUD_set_active_out(s->dac_voice[0], 1);
- }
-}
-
-static uint16_t tsc2102_data_register_read(TSC210xState *s, int reg)
-{
- switch (reg) {
- case 0x00: /* X */
- s->dav &= 0xfbff;
- return TSC_CUT_RESOLUTION(X_TRANSFORM(s), s->precision) +
- (s->noise & 3);
-
- case 0x01: /* Y */
- s->noise ++;
- s->dav &= 0xfdff;
- return TSC_CUT_RESOLUTION(Y_TRANSFORM(s), s->precision) ^
- (s->noise & 3);
-
- case 0x02: /* Z1 */
- s->dav &= 0xfeff;
- return TSC_CUT_RESOLUTION(Z1_TRANSFORM(s), s->precision) -
- (s->noise & 3);
-
- case 0x03: /* Z2 */
- s->dav &= 0xff7f;
- return TSC_CUT_RESOLUTION(Z2_TRANSFORM(s), s->precision) |
- (s->noise & 3);
-
- case 0x04: /* KPData */
- if ((s->model & 0xff00) == 0x2300) {
- if (s->kb.intr && (s->kb.mode & 2)) {
- s->kb.intr = 0;
- qemu_irq_raise(s->kbint);
- }
- return s->kb.down;
- }
-
- return 0xffff;
-
- case 0x05: /* BAT1 */
- s->dav &= 0xffbf;
- return TSC_CUT_RESOLUTION(BAT1_VAL, s->precision) +
- (s->noise & 6);
-
- case 0x06: /* BAT2 */
- s->dav &= 0xffdf;
- return TSC_CUT_RESOLUTION(BAT2_VAL, s->precision);
-
- case 0x07: /* AUX1 */
- s->dav &= 0xffef;
- return TSC_CUT_RESOLUTION(AUX1_VAL, s->precision);
-
- case 0x08: /* AUX2 */
- s->dav &= 0xfff7;
- return 0xffff;
-
- case 0x09: /* TEMP1 */
- s->dav &= 0xfffb;
- return TSC_CUT_RESOLUTION(TEMP1_VAL, s->precision) -
- (s->noise & 5);
-
- case 0x0a: /* TEMP2 */
- s->dav &= 0xfffd;
- return TSC_CUT_RESOLUTION(TEMP2_VAL, s->precision) ^
- (s->noise & 3);
-
- case 0x0b: /* DAC */
- s->dav &= 0xfffe;
- return 0xffff;
-
- default:
-#ifdef TSC_VERBOSE
- fprintf(stderr, "tsc2102_data_register_read: "
- "no such register: 0x%02x\n", reg);
-#endif
- return 0xffff;
- }
-}
-
-static uint16_t tsc2102_control_register_read(
- TSC210xState *s, int reg)
-{
- switch (reg) {
- case 0x00: /* TSC ADC */
- return (s->pressure << 15) | ((!s->busy) << 14) |
- (s->nextfunction << 10) | (s->nextprecision << 8) | s->filter;
-
- case 0x01: /* Status / Keypad Control */
- if ((s->model & 0xff00) == 0x2100)
- return (s->pin_func << 14) | ((!s->enabled) << 13) |
- (s->host_mode << 12) | ((!!s->dav) << 11) | s->dav;
- else
- return (s->kb.intr << 15) | ((s->kb.scan || !s->kb.down) << 14) |
- (s->kb.debounce << 11);
-
- case 0x02: /* DAC Control */
- if ((s->model & 0xff00) == 0x2300)
- return s->dac_power & 0x8000;
- else
- goto bad_reg;
-
- case 0x03: /* Reference */
- return s->ref;
-
- case 0x04: /* Reset */
- return 0xffff;
-
- case 0x05: /* Configuration */
- return s->timing;
-
- case 0x06: /* Secondary configuration */
- if ((s->model & 0xff00) == 0x2100)
- goto bad_reg;
- return ((!s->dav) << 15) | ((s->kb.mode & 1) << 14) | s->pll[2];
-
- case 0x10: /* Keypad Mask */
- if ((s->model & 0xff00) == 0x2100)
- goto bad_reg;
- return s->kb.mask;
-
- default:
- bad_reg:
-#ifdef TSC_VERBOSE
- fprintf(stderr, "tsc2102_control_register_read: "
- "no such register: 0x%02x\n", reg);
-#endif
- return 0xffff;
- }
-}
-
-static uint16_t tsc2102_audio_register_read(TSC210xState *s, int reg)
-{
- int l_ch, r_ch;
- uint16_t val;
-
- switch (reg) {
- case 0x00: /* Audio Control 1 */
- return s->audio_ctrl1;
-
- case 0x01:
- return 0xff00;
-
- case 0x02: /* DAC Volume Control */
- return s->volume;
-
- case 0x03:
- return 0x8b00;
-
- case 0x04: /* Audio Control 2 */
- l_ch = 1;
- r_ch = 1;
- if (s->softstep && !(s->dac_power & (1 << 10))) {
- l_ch = (qemu_get_clock_ns(vm_clock) >
- s->volume_change + TSC_SOFTSTEP_DELAY);
- r_ch = (qemu_get_clock_ns(vm_clock) >
- s->volume_change + TSC_SOFTSTEP_DELAY);
- }
-
- return s->audio_ctrl2 | (l_ch << 3) | (r_ch << 2);
-
- case 0x05: /* Stereo DAC Power Control */
- return 0x2aa0 | s->dac_power |
- (((s->dac_power & (1 << 10)) &&
- (qemu_get_clock_ns(vm_clock) >
- s->powerdown + TSC_POWEROFF_DELAY)) << 6);
-
- case 0x06: /* Audio Control 3 */
- val = s->audio_ctrl3 | 0x0001;
- s->audio_ctrl3 &= 0xff3f;
- return val;
-
- case 0x07: /* LCH_BASS_BOOST_N0 */
- case 0x08: /* LCH_BASS_BOOST_N1 */
- case 0x09: /* LCH_BASS_BOOST_N2 */
- case 0x0a: /* LCH_BASS_BOOST_N3 */
- case 0x0b: /* LCH_BASS_BOOST_N4 */
- case 0x0c: /* LCH_BASS_BOOST_N5 */
- case 0x0d: /* LCH_BASS_BOOST_D1 */
- case 0x0e: /* LCH_BASS_BOOST_D2 */
- case 0x0f: /* LCH_BASS_BOOST_D4 */
- case 0x10: /* LCH_BASS_BOOST_D5 */
- case 0x11: /* RCH_BASS_BOOST_N0 */
- case 0x12: /* RCH_BASS_BOOST_N1 */
- case 0x13: /* RCH_BASS_BOOST_N2 */
- case 0x14: /* RCH_BASS_BOOST_N3 */
- case 0x15: /* RCH_BASS_BOOST_N4 */
- case 0x16: /* RCH_BASS_BOOST_N5 */
- case 0x17: /* RCH_BASS_BOOST_D1 */
- case 0x18: /* RCH_BASS_BOOST_D2 */
- case 0x19: /* RCH_BASS_BOOST_D4 */
- case 0x1a: /* RCH_BASS_BOOST_D5 */
- return s->filter_data[reg - 0x07];
-
- case 0x1b: /* PLL Programmability 1 */
- return s->pll[0];
-
- case 0x1c: /* PLL Programmability 2 */
- return s->pll[1];
-
- case 0x1d: /* Audio Control 4 */
- return (!s->softstep) << 14;
-
- default:
-#ifdef TSC_VERBOSE
- fprintf(stderr, "tsc2102_audio_register_read: "
- "no such register: 0x%02x\n", reg);
-#endif
- return 0xffff;
- }
-}
-
-static void tsc2102_data_register_write(
- TSC210xState *s, int reg, uint16_t value)
-{
- switch (reg) {
- case 0x00: /* X */
- case 0x01: /* Y */
- case 0x02: /* Z1 */
- case 0x03: /* Z2 */
- case 0x05: /* BAT1 */
- case 0x06: /* BAT2 */
- case 0x07: /* AUX1 */
- case 0x08: /* AUX2 */
- case 0x09: /* TEMP1 */
- case 0x0a: /* TEMP2 */
- return;
-
- default:
-#ifdef TSC_VERBOSE
- fprintf(stderr, "tsc2102_data_register_write: "
- "no such register: 0x%02x\n", reg);
-#endif
- }
-}
-
-static void tsc2102_control_register_write(
- TSC210xState *s, int reg, uint16_t value)
-{
- switch (reg) {
- case 0x00: /* TSC ADC */
- s->host_mode = value >> 15;
- s->enabled = !(value & 0x4000);
- if (s->busy && !s->enabled)
- qemu_del_timer(s->timer);
- s->busy &= s->enabled;
- s->nextfunction = (value >> 10) & 0xf;
- s->nextprecision = (value >> 8) & 3;
- s->filter = value & 0xff;
- return;
-
- case 0x01: /* Status / Keypad Control */
- if ((s->model & 0xff00) == 0x2100)
- s->pin_func = value >> 14;
- else {
- s->kb.scan = (value >> 14) & 1;
- s->kb.debounce = (value >> 11) & 7;
- if (s->kb.intr && s->kb.scan) {
- s->kb.intr = 0;
- qemu_irq_raise(s->kbint);
- }
- }
- return;
-
- case 0x02: /* DAC Control */
- if ((s->model & 0xff00) == 0x2300) {
- s->dac_power &= 0x7fff;
- s->dac_power |= 0x8000 & value;
- } else
- goto bad_reg;
- break;
-
- case 0x03: /* Reference */
- s->ref = value & 0x1f;
- return;
-
- case 0x04: /* Reset */
- if (value == 0xbb00) {
- if (s->busy)
- qemu_del_timer(s->timer);
- tsc210x_reset(s);
-#ifdef TSC_VERBOSE
- } else {
- fprintf(stderr, "tsc2102_control_register_write: "
- "wrong value written into RESET\n");
-#endif
- }
- return;
-
- case 0x05: /* Configuration */
- s->timing = value & 0x3f;
-#ifdef TSC_VERBOSE
- if (value & ~0x3f)
- fprintf(stderr, "tsc2102_control_register_write: "
- "wrong value written into CONFIG\n");
-#endif
- return;
-
- case 0x06: /* Secondary configuration */
- if ((s->model & 0xff00) == 0x2100)
- goto bad_reg;
- s->kb.mode = value >> 14;
- s->pll[2] = value & 0x3ffff;
- return;
-
- case 0x10: /* Keypad Mask */
- if ((s->model & 0xff00) == 0x2100)
- goto bad_reg;
- s->kb.mask = value;
- return;
-
- default:
- bad_reg:
-#ifdef TSC_VERBOSE
- fprintf(stderr, "tsc2102_control_register_write: "
- "no such register: 0x%02x\n", reg);
-#endif
- }
-}
-
-static void tsc2102_audio_register_write(
- TSC210xState *s, int reg, uint16_t value)
-{
- switch (reg) {
- case 0x00: /* Audio Control 1 */
- s->audio_ctrl1 = value & 0x0f3f;
-#ifdef TSC_VERBOSE
- if ((value & ~0x0f3f) || ((value & 7) != ((value >> 3) & 7)))
- fprintf(stderr, "tsc2102_audio_register_write: "
- "wrong value written into Audio 1\n");
-#endif
- tsc2102_audio_rate_update(s);
- tsc2102_audio_output_update(s);
- return;
-
- case 0x01:
-#ifdef TSC_VERBOSE
- if (value != 0xff00)
- fprintf(stderr, "tsc2102_audio_register_write: "
- "wrong value written into reg 0x01\n");
-#endif
- return;
-
- case 0x02: /* DAC Volume Control */
- s->volume = value;
- s->volume_change = qemu_get_clock_ns(vm_clock);
- return;
-
- case 0x03:
-#ifdef TSC_VERBOSE
- if (value != 0x8b00)
- fprintf(stderr, "tsc2102_audio_register_write: "
- "wrong value written into reg 0x03\n");
-#endif
- return;
-
- case 0x04: /* Audio Control 2 */
- s->audio_ctrl2 = value & 0xf7f2;
-#ifdef TSC_VERBOSE
- if (value & ~0xf7fd)
- fprintf(stderr, "tsc2102_audio_register_write: "
- "wrong value written into Audio 2\n");
-#endif
- return;
-
- case 0x05: /* Stereo DAC Power Control */
- if ((value & ~s->dac_power) & (1 << 10))
- s->powerdown = qemu_get_clock_ns(vm_clock);
-
- s->dac_power = value & 0x9543;
-#ifdef TSC_VERBOSE
- if ((value & ~0x9543) != 0x2aa0)
- fprintf(stderr, "tsc2102_audio_register_write: "
- "wrong value written into Power\n");
-#endif
- tsc2102_audio_rate_update(s);
- tsc2102_audio_output_update(s);
- return;
-
- case 0x06: /* Audio Control 3 */
- s->audio_ctrl3 &= 0x00c0;
- s->audio_ctrl3 |= value & 0xf800;
-#ifdef TSC_VERBOSE
- if (value & ~0xf8c7)
- fprintf(stderr, "tsc2102_audio_register_write: "
- "wrong value written into Audio 3\n");
-#endif
- tsc2102_audio_output_update(s);
- return;
-
- case 0x07: /* LCH_BASS_BOOST_N0 */
- case 0x08: /* LCH_BASS_BOOST_N1 */
- case 0x09: /* LCH_BASS_BOOST_N2 */
- case 0x0a: /* LCH_BASS_BOOST_N3 */
- case 0x0b: /* LCH_BASS_BOOST_N4 */
- case 0x0c: /* LCH_BASS_BOOST_N5 */
- case 0x0d: /* LCH_BASS_BOOST_D1 */
- case 0x0e: /* LCH_BASS_BOOST_D2 */
- case 0x0f: /* LCH_BASS_BOOST_D4 */
- case 0x10: /* LCH_BASS_BOOST_D5 */
- case 0x11: /* RCH_BASS_BOOST_N0 */
- case 0x12: /* RCH_BASS_BOOST_N1 */
- case 0x13: /* RCH_BASS_BOOST_N2 */
- case 0x14: /* RCH_BASS_BOOST_N3 */
- case 0x15: /* RCH_BASS_BOOST_N4 */
- case 0x16: /* RCH_BASS_BOOST_N5 */
- case 0x17: /* RCH_BASS_BOOST_D1 */
- case 0x18: /* RCH_BASS_BOOST_D2 */
- case 0x19: /* RCH_BASS_BOOST_D4 */
- case 0x1a: /* RCH_BASS_BOOST_D5 */
- s->filter_data[reg - 0x07] = value;
- return;
-
- case 0x1b: /* PLL Programmability 1 */
- s->pll[0] = value & 0xfffc;
-#ifdef TSC_VERBOSE
- if (value & ~0xfffc)
- fprintf(stderr, "tsc2102_audio_register_write: "
- "wrong value written into PLL 1\n");
-#endif
- return;
-
- case 0x1c: /* PLL Programmability 2 */
- s->pll[1] = value & 0xfffc;
-#ifdef TSC_VERBOSE
- if (value & ~0xfffc)
- fprintf(stderr, "tsc2102_audio_register_write: "
- "wrong value written into PLL 2\n");
-#endif
- return;
-
- case 0x1d: /* Audio Control 4 */
- s->softstep = !(value & 0x4000);
-#ifdef TSC_VERBOSE
- if (value & ~0x4000)
- fprintf(stderr, "tsc2102_audio_register_write: "
- "wrong value written into Audio 4\n");
-#endif
- return;
-
- default:
-#ifdef TSC_VERBOSE
- fprintf(stderr, "tsc2102_audio_register_write: "
- "no such register: 0x%02x\n", reg);
-#endif
- }
-}
-
-/* This handles most of the chip logic. */
-static void tsc210x_pin_update(TSC210xState *s)
-{
- int64_t expires;
- int pin_state;
-
- switch (s->pin_func) {
- case 0:
- pin_state = s->pressure;
- break;
- case 1:
- pin_state = !!s->dav;
- break;
- case 2:
- default:
- pin_state = s->pressure && !s->dav;
- }
-
- if (!s->enabled)
- pin_state = 0;
-
- if (pin_state != s->irq) {
- s->irq = pin_state;
- qemu_set_irq(s->pint, !s->irq);
- }
-
- switch (s->nextfunction) {
- case TSC_MODE_XY_SCAN:
- case TSC_MODE_XYZ_SCAN:
- if (!s->pressure)
- return;
- break;
-
- case TSC_MODE_X:
- case TSC_MODE_Y:
- case TSC_MODE_Z:
- if (!s->pressure)
- return;
- /* Fall through */
- case TSC_MODE_BAT1:
- case TSC_MODE_BAT2:
- case TSC_MODE_AUX:
- case TSC_MODE_TEMP1:
- case TSC_MODE_TEMP2:
- if (s->dav)
- s->enabled = 0;
- break;
-
- case TSC_MODE_AUX_SCAN:
- case TSC_MODE_PORT_SCAN:
- break;
-
- case TSC_MODE_NO_SCAN:
- case TSC_MODE_XX_DRV:
- case TSC_MODE_YY_DRV:
- case TSC_MODE_YX_DRV:
- default:
- return;
- }
-
- if (!s->enabled || s->busy || s->dav)
- return;
-
- s->busy = 1;
- s->precision = s->nextprecision;
- s->function = s->nextfunction;
- expires = qemu_get_clock_ns(vm_clock) + (get_ticks_per_sec() >> 10);
- qemu_mod_timer(s->timer, expires);
-}
-
-static uint16_t tsc210x_read(TSC210xState *s)
-{
- uint16_t ret = 0x0000;
-
- if (!s->command)
- fprintf(stderr, "tsc210x_read: SPI underrun!\n");
-
- switch (s->page) {
- case TSC_DATA_REGISTERS_PAGE:
- ret = tsc2102_data_register_read(s, s->offset);
- if (!s->dav)
- qemu_irq_raise(s->davint);
- break;
- case TSC_CONTROL_REGISTERS_PAGE:
- ret = tsc2102_control_register_read(s, s->offset);
- break;
- case TSC_AUDIO_REGISTERS_PAGE:
- ret = tsc2102_audio_register_read(s, s->offset);
- break;
- default:
- hw_error("tsc210x_read: wrong memory page\n");
- }
-
- tsc210x_pin_update(s);
-
- /* Allow sequential reads. */
- s->offset ++;
- s->state = 0;
- return ret;
-}
-
-static void tsc210x_write(TSC210xState *s, uint16_t value)
-{
- /*
- * This is a two-state state machine for reading
- * command and data every second time.
- */
- if (!s->state) {
- s->command = value >> 15;
- s->page = (value >> 11) & 0x0f;
- s->offset = (value >> 5) & 0x3f;
- s->state = 1;
- } else {
- if (s->command)
- fprintf(stderr, "tsc210x_write: SPI overrun!\n");
- else
- switch (s->page) {
- case TSC_DATA_REGISTERS_PAGE:
- tsc2102_data_register_write(s, s->offset, value);
- break;
- case TSC_CONTROL_REGISTERS_PAGE:
- tsc2102_control_register_write(s, s->offset, value);
- break;
- case TSC_AUDIO_REGISTERS_PAGE:
- tsc2102_audio_register_write(s, s->offset, value);
- break;
- default:
- hw_error("tsc210x_write: wrong memory page\n");
- }
-
- tsc210x_pin_update(s);
- s->state = 0;
- }
-}
-
-uint32_t tsc210x_txrx(void *opaque, uint32_t value, int len)
-{
- TSC210xState *s = opaque;
- uint32_t ret = 0;
-
- if (len != 16)
- hw_error("%s: FIXME: bad SPI word width %i\n", __FUNCTION__, len);
-
- /* TODO: sequential reads etc - how do we make sure the host doesn't
- * unintentionally read out a conversion result from a register while
- * transmitting the command word of the next command? */
- if (!value || (s->state && s->command))
- ret = tsc210x_read(s);
- if (value || (s->state && !s->command))
- tsc210x_write(s, value);
-
- return ret;
-}
-
-static void tsc210x_timer_tick(void *opaque)
-{
- TSC210xState *s = opaque;
-
- /* Timer ticked -- a set of conversions has been finished. */
-
- if (!s->busy)
- return;
-
- s->busy = 0;
- s->dav |= mode_regs[s->function];
- tsc210x_pin_update(s);
- qemu_irq_lower(s->davint);
-}
-
-static void tsc210x_touchscreen_event(void *opaque,
- int x, int y, int z, int buttons_state)
-{
- TSC210xState *s = opaque;
- int p = s->pressure;
-
- if (buttons_state) {
- s->x = x;
- s->y = y;
- }
- s->pressure = !!buttons_state;
-
- /*
- * Note: We would get better responsiveness in the guest by
- * signaling TS events immediately, but for now we simulate
- * the first conversion delay for sake of correctness.
- */
- if (p != s->pressure)
- tsc210x_pin_update(s);
-}
-
-static void tsc210x_i2s_swallow(TSC210xState *s)
-{
- if (s->dac_voice[0])
- tsc210x_out_flush(s, s->codec.out.len);
- else
- s->codec.out.len = 0;
-}
-
-static void tsc210x_i2s_set_rate(TSC210xState *s, int in, int out)
-{
- s->i2s_tx_rate = out;
- s->i2s_rx_rate = in;
-}
-
-static void tsc210x_save(QEMUFile *f, void *opaque)
-{
- TSC210xState *s = (TSC210xState *) opaque;
- int64_t now = qemu_get_clock_ns(vm_clock);
- int i;
-
- qemu_put_be16(f, s->x);
- qemu_put_be16(f, s->y);
- qemu_put_byte(f, s->pressure);
-
- qemu_put_byte(f, s->state);
- qemu_put_byte(f, s->page);
- qemu_put_byte(f, s->offset);
- qemu_put_byte(f, s->command);
-
- qemu_put_byte(f, s->irq);
- qemu_put_be16s(f, &s->dav);
-
- qemu_put_timer(f, s->timer);
- qemu_put_byte(f, s->enabled);
- qemu_put_byte(f, s->host_mode);
- qemu_put_byte(f, s->function);
- qemu_put_byte(f, s->nextfunction);
- qemu_put_byte(f, s->precision);
- qemu_put_byte(f, s->nextprecision);
- qemu_put_byte(f, s->filter);
- qemu_put_byte(f, s->pin_func);
- qemu_put_byte(f, s->ref);
- qemu_put_byte(f, s->timing);
- qemu_put_be32(f, s->noise);
-
- qemu_put_be16s(f, &s->audio_ctrl1);
- qemu_put_be16s(f, &s->audio_ctrl2);
- qemu_put_be16s(f, &s->audio_ctrl3);
- qemu_put_be16s(f, &s->pll[0]);
- qemu_put_be16s(f, &s->pll[1]);
- qemu_put_be16s(f, &s->volume);
- qemu_put_sbe64(f, (s->volume_change - now));
- qemu_put_sbe64(f, (s->powerdown - now));
- qemu_put_byte(f, s->softstep);
- qemu_put_be16s(f, &s->dac_power);
-
- for (i = 0; i < 0x14; i ++)
- qemu_put_be16s(f, &s->filter_data[i]);
-}
-
-static int tsc210x_load(QEMUFile *f, void *opaque, int version_id)
-{
- TSC210xState *s = (TSC210xState *) opaque;
- int64_t now = qemu_get_clock_ns(vm_clock);
- int i;
-
- s->x = qemu_get_be16(f);
- s->y = qemu_get_be16(f);
- s->pressure = qemu_get_byte(f);
-
- s->state = qemu_get_byte(f);
- s->page = qemu_get_byte(f);
- s->offset = qemu_get_byte(f);
- s->command = qemu_get_byte(f);
-
- s->irq = qemu_get_byte(f);
- qemu_get_be16s(f, &s->dav);
-
- qemu_get_timer(f, s->timer);
- s->enabled = qemu_get_byte(f);
- s->host_mode = qemu_get_byte(f);
- s->function = qemu_get_byte(f);
- s->nextfunction = qemu_get_byte(f);
- s->precision = qemu_get_byte(f);
- s->nextprecision = qemu_get_byte(f);
- s->filter = qemu_get_byte(f);
- s->pin_func = qemu_get_byte(f);
- s->ref = qemu_get_byte(f);
- s->timing = qemu_get_byte(f);
- s->noise = qemu_get_be32(f);
-
- qemu_get_be16s(f, &s->audio_ctrl1);
- qemu_get_be16s(f, &s->audio_ctrl2);
- qemu_get_be16s(f, &s->audio_ctrl3);
- qemu_get_be16s(f, &s->pll[0]);
- qemu_get_be16s(f, &s->pll[1]);
- qemu_get_be16s(f, &s->volume);
- s->volume_change = qemu_get_sbe64(f) + now;
- s->powerdown = qemu_get_sbe64(f) + now;
- s->softstep = qemu_get_byte(f);
- qemu_get_be16s(f, &s->dac_power);
-
- for (i = 0; i < 0x14; i ++)
- qemu_get_be16s(f, &s->filter_data[i]);
-
- s->busy = qemu_timer_pending(s->timer);
- qemu_set_irq(s->pint, !s->irq);
- qemu_set_irq(s->davint, !s->dav);
-
- return 0;
-}
-
-uWireSlave *tsc2102_init(qemu_irq pint)
-{
- TSC210xState *s;
-
- s = (TSC210xState *)
- g_malloc0(sizeof(TSC210xState));
- memset(s, 0, sizeof(TSC210xState));
- s->x = 160;
- s->y = 160;
- s->pressure = 0;
- s->precision = s->nextprecision = 0;
- s->timer = qemu_new_timer_ns(vm_clock, tsc210x_timer_tick, s);
- s->pint = pint;
- s->model = 0x2102;
- s->name = "tsc2102";
-
- s->tr[0] = 0;
- s->tr[1] = 1;
- s->tr[2] = 1;
- s->tr[3] = 0;
- s->tr[4] = 1;
- s->tr[5] = 0;
- s->tr[6] = 1;
- s->tr[7] = 0;
-
- s->chip.opaque = s;
- s->chip.send = (void *) tsc210x_write;
- s->chip.receive = (void *) tsc210x_read;
-
- s->codec.opaque = s;
- s->codec.tx_swallow = (void *) tsc210x_i2s_swallow;
- s->codec.set_rate = (void *) tsc210x_i2s_set_rate;
- s->codec.in.fifo = s->in_fifo;
- s->codec.out.fifo = s->out_fifo;
-
- tsc210x_reset(s);
-
- qemu_add_mouse_event_handler(tsc210x_touchscreen_event, s, 1,
- "QEMU TSC2102-driven Touchscreen");
-
- AUD_register_card(s->name, &s->card);
-
- qemu_register_reset((void *) tsc210x_reset, s);
- register_savevm(NULL, s->name, -1, 0,
- tsc210x_save, tsc210x_load, s);
-
- return &s->chip;
-}
-
-uWireSlave *tsc2301_init(qemu_irq penirq, qemu_irq kbirq, qemu_irq dav)
-{
- TSC210xState *s;
-
- s = (TSC210xState *)
- g_malloc0(sizeof(TSC210xState));
- memset(s, 0, sizeof(TSC210xState));
- s->x = 400;
- s->y = 240;
- s->pressure = 0;
- s->precision = s->nextprecision = 0;
- s->timer = qemu_new_timer_ns(vm_clock, tsc210x_timer_tick, s);
- s->pint = penirq;
- s->kbint = kbirq;
- s->davint = dav;
- s->model = 0x2301;
- s->name = "tsc2301";
-
- s->tr[0] = 0;
- s->tr[1] = 1;
- s->tr[2] = 1;
- s->tr[3] = 0;
- s->tr[4] = 1;
- s->tr[5] = 0;
- s->tr[6] = 1;
- s->tr[7] = 0;
-
- s->chip.opaque = s;
- s->chip.send = (void *) tsc210x_write;
- s->chip.receive = (void *) tsc210x_read;
-
- s->codec.opaque = s;
- s->codec.tx_swallow = (void *) tsc210x_i2s_swallow;
- s->codec.set_rate = (void *) tsc210x_i2s_set_rate;
- s->codec.in.fifo = s->in_fifo;
- s->codec.out.fifo = s->out_fifo;
-
- tsc210x_reset(s);
-
- qemu_add_mouse_event_handler(tsc210x_touchscreen_event, s, 1,
- "QEMU TSC2301-driven Touchscreen");
-
- AUD_register_card(s->name, &s->card);
-
- qemu_register_reset((void *) tsc210x_reset, s);
- register_savevm(NULL, s->name, -1, 0, tsc210x_save, tsc210x_load, s);
-
- return &s->chip;
-}
-
-I2SCodec *tsc210x_codec(uWireSlave *chip)
-{
- TSC210xState *s = (TSC210xState *) chip->opaque;
-
- return &s->codec;
-}
-
-/*
- * Use tslib generated calibration data to generate ADC input values
- * from the touchscreen. Assuming 12-bit precision was used during
- * tslib calibration.
- */
-void tsc210x_set_transform(uWireSlave *chip,
- MouseTransformInfo *info)
-{
- TSC210xState *s = (TSC210xState *) chip->opaque;
-#if 0
- int64_t ltr[8];
-
- ltr[0] = (int64_t) info->a[1] * info->y;
- ltr[1] = (int64_t) info->a[4] * info->x;
- ltr[2] = (int64_t) info->a[1] * info->a[3] -
- (int64_t) info->a[4] * info->a[0];
- ltr[3] = (int64_t) info->a[2] * info->a[4] -
- (int64_t) info->a[5] * info->a[1];
- ltr[4] = (int64_t) info->a[0] * info->y;
- ltr[5] = (int64_t) info->a[3] * info->x;
- ltr[6] = (int64_t) info->a[4] * info->a[0] -
- (int64_t) info->a[1] * info->a[3];
- ltr[7] = (int64_t) info->a[2] * info->a[3] -
- (int64_t) info->a[5] * info->a[0];
-
- /* Avoid integer overflow */
- s->tr[0] = ltr[0] >> 11;
- s->tr[1] = ltr[1] >> 11;
- s->tr[2] = muldiv64(ltr[2], 1, info->a[6]);
- s->tr[3] = muldiv64(ltr[3], 1 << 4, ltr[2]);
- s->tr[4] = ltr[4] >> 11;
- s->tr[5] = ltr[5] >> 11;
- s->tr[6] = muldiv64(ltr[6], 1, info->a[6]);
- s->tr[7] = muldiv64(ltr[7], 1 << 4, ltr[6]);
-#else
-
- /* This version assumes touchscreen X & Y axis are parallel or
- * perpendicular to LCD's X & Y axis in some way. */
- if (abs(info->a[0]) > abs(info->a[1])) {
- s->tr[0] = 0;
- s->tr[1] = -info->a[6] * info->x;
- s->tr[2] = info->a[0];
- s->tr[3] = -info->a[2] / info->a[0];
- s->tr[4] = info->a[6] * info->y;
- s->tr[5] = 0;
- s->tr[6] = info->a[4];
- s->tr[7] = -info->a[5] / info->a[4];
- } else {
- s->tr[0] = info->a[6] * info->y;
- s->tr[1] = 0;
- s->tr[2] = info->a[1];
- s->tr[3] = -info->a[2] / info->a[1];
- s->tr[4] = 0;
- s->tr[5] = -info->a[6] * info->x;
- s->tr[6] = info->a[3];
- s->tr[7] = -info->a[5] / info->a[3];
- }
-
- s->tr[0] >>= 11;
- s->tr[1] >>= 11;
- s->tr[3] <<= 4;
- s->tr[4] >>= 11;
- s->tr[5] >>= 11;
- s->tr[7] <<= 4;
-#endif
-}
-
-void tsc210x_key_event(uWireSlave *chip, int key, int down)
-{
- TSC210xState *s = (TSC210xState *) chip->opaque;
-
- if (down)
- s->kb.down |= 1 << key;
- else
- s->kb.down &= ~(1 << key);
-
- if (down && (s->kb.down & ~s->kb.mask) && !s->kb.intr) {
- s->kb.intr = 1;
- qemu_irq_lower(s->kbint);
- } else if (s->kb.intr && !(s->kb.down & ~s->kb.mask) &&
- !(s->kb.mode & 1)) {
- s->kb.intr = 0;
- qemu_irq_raise(s->kbint);
- }
-}
diff --git a/hw/tusb6010.c b/hw/tusb6010.c
deleted file mode 100644
index 325200bd3..000000000
--- a/hw/tusb6010.c
+++ /dev/null
@@ -1,813 +0,0 @@
-/*
- * Texas Instruments TUSB6010 emulation.
- * Based on reverse-engineering of a linux driver.
- *
- * Copyright (C) 2008 Nokia Corporation
- * Written by Andrzej Zaborowski <andrew@openedhand.com>
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License as
- * published by the Free Software Foundation; either version 2 or
- * (at your option) version 3 of the License.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, see <http://www.gnu.org/licenses/>.
- */
-#include "qemu-common.h"
-#include "qemu-timer.h"
-#include "usb.h"
-#include "omap.h"
-#include "irq.h"
-#include "devices.h"
-#include "sysbus.h"
-
-typedef struct TUSBState {
- SysBusDevice busdev;
- MemoryRegion iomem[2];
- qemu_irq irq;
- MUSBState *musb;
- QEMUTimer *otg_timer;
- QEMUTimer *pwr_timer;
-
- int power;
- uint32_t scratch;
- uint16_t test_reset;
- uint32_t prcm_config;
- uint32_t prcm_mngmt;
- uint16_t otg_status;
- uint32_t dev_config;
- int host_mode;
- uint32_t intr;
- uint32_t intr_ok;
- uint32_t mask;
- uint32_t usbip_intr;
- uint32_t usbip_mask;
- uint32_t gpio_intr;
- uint32_t gpio_mask;
- uint32_t gpio_config;
- uint32_t dma_intr;
- uint32_t dma_mask;
- uint32_t dma_map;
- uint32_t dma_config;
- uint32_t ep0_config;
- uint32_t rx_config[15];
- uint32_t tx_config[15];
- uint32_t wkup_mask;
- uint32_t pullup[2];
- uint32_t control_config;
- uint32_t otg_timer_val;
-} TUSBState;
-
-#define TUSB_DEVCLOCK 60000000 /* 60 MHz */
-
-#define TUSB_VLYNQ_CTRL 0x004
-
-/* Mentor Graphics OTG core registers. */
-#define TUSB_BASE_OFFSET 0x400
-
-/* FIFO registers, 32-bit. */
-#define TUSB_FIFO_BASE 0x600
-
-/* Device System & Control registers, 32-bit. */
-#define TUSB_SYS_REG_BASE 0x800
-
-#define TUSB_DEV_CONF (TUSB_SYS_REG_BASE + 0x000)
-#define TUSB_DEV_CONF_USB_HOST_MODE (1 << 16)
-#define TUSB_DEV_CONF_PROD_TEST_MODE (1 << 15)
-#define TUSB_DEV_CONF_SOFT_ID (1 << 1)
-#define TUSB_DEV_CONF_ID_SEL (1 << 0)
-
-#define TUSB_PHY_OTG_CTRL_ENABLE (TUSB_SYS_REG_BASE + 0x004)
-#define TUSB_PHY_OTG_CTRL (TUSB_SYS_REG_BASE + 0x008)
-#define TUSB_PHY_OTG_CTRL_WRPROTECT (0xa5 << 24)
-#define TUSB_PHY_OTG_CTRL_O_ID_PULLUP (1 << 23)
-#define TUSB_PHY_OTG_CTRL_O_VBUS_DET_EN (1 << 19)
-#define TUSB_PHY_OTG_CTRL_O_SESS_END_EN (1 << 18)
-#define TUSB_PHY_OTG_CTRL_TESTM2 (1 << 17)
-#define TUSB_PHY_OTG_CTRL_TESTM1 (1 << 16)
-#define TUSB_PHY_OTG_CTRL_TESTM0 (1 << 15)
-#define TUSB_PHY_OTG_CTRL_TX_DATA2 (1 << 14)
-#define TUSB_PHY_OTG_CTRL_TX_GZ2 (1 << 13)
-#define TUSB_PHY_OTG_CTRL_TX_ENABLE2 (1 << 12)
-#define TUSB_PHY_OTG_CTRL_DM_PULLDOWN (1 << 11)
-#define TUSB_PHY_OTG_CTRL_DP_PULLDOWN (1 << 10)
-#define TUSB_PHY_OTG_CTRL_OSC_EN (1 << 9)
-#define TUSB_PHY_OTG_CTRL_PHYREF_CLK(v) (((v) & 3) << 7)
-#define TUSB_PHY_OTG_CTRL_PD (1 << 6)
-#define TUSB_PHY_OTG_CTRL_PLL_ON (1 << 5)
-#define TUSB_PHY_OTG_CTRL_EXT_RPU (1 << 4)
-#define TUSB_PHY_OTG_CTRL_PWR_GOOD (1 << 3)
-#define TUSB_PHY_OTG_CTRL_RESET (1 << 2)
-#define TUSB_PHY_OTG_CTRL_SUSPENDM (1 << 1)
-#define TUSB_PHY_OTG_CTRL_CLK_MODE (1 << 0)
-
-/* OTG status register */
-#define TUSB_DEV_OTG_STAT (TUSB_SYS_REG_BASE + 0x00c)
-#define TUSB_DEV_OTG_STAT_PWR_CLK_GOOD (1 << 8)
-#define TUSB_DEV_OTG_STAT_SESS_END (1 << 7)
-#define TUSB_DEV_OTG_STAT_SESS_VALID (1 << 6)
-#define TUSB_DEV_OTG_STAT_VBUS_VALID (1 << 5)
-#define TUSB_DEV_OTG_STAT_VBUS_SENSE (1 << 4)
-#define TUSB_DEV_OTG_STAT_ID_STATUS (1 << 3)
-#define TUSB_DEV_OTG_STAT_HOST_DISCON (1 << 2)
-#define TUSB_DEV_OTG_STAT_LINE_STATE (3 << 0)
-#define TUSB_DEV_OTG_STAT_DP_ENABLE (1 << 1)
-#define TUSB_DEV_OTG_STAT_DM_ENABLE (1 << 0)
-
-#define TUSB_DEV_OTG_TIMER (TUSB_SYS_REG_BASE + 0x010)
-#define TUSB_DEV_OTG_TIMER_ENABLE (1 << 31)
-#define TUSB_DEV_OTG_TIMER_VAL(v) ((v) & 0x07ffffff)
-#define TUSB_PRCM_REV (TUSB_SYS_REG_BASE + 0x014)
-
-/* PRCM configuration register */
-#define TUSB_PRCM_CONF (TUSB_SYS_REG_BASE + 0x018)
-#define TUSB_PRCM_CONF_SFW_CPEN (1 << 24)
-#define TUSB_PRCM_CONF_SYS_CLKSEL(v) (((v) & 3) << 16)
-
-/* PRCM management register */
-#define TUSB_PRCM_MNGMT (TUSB_SYS_REG_BASE + 0x01c)
-#define TUSB_PRCM_MNGMT_SRP_FIX_TMR(v) (((v) & 0xf) << 25)
-#define TUSB_PRCM_MNGMT_SRP_FIX_EN (1 << 24)
-#define TUSB_PRCM_MNGMT_VBUS_VAL_TMR(v) (((v) & 0xf) << 20)
-#define TUSB_PRCM_MNGMT_VBUS_VAL_FLT_EN (1 << 19)
-#define TUSB_PRCM_MNGMT_DFT_CLK_DIS (1 << 18)
-#define TUSB_PRCM_MNGMT_VLYNQ_CLK_DIS (1 << 17)
-#define TUSB_PRCM_MNGMT_OTG_SESS_END_EN (1 << 10)
-#define TUSB_PRCM_MNGMT_OTG_VBUS_DET_EN (1 << 9)
-#define TUSB_PRCM_MNGMT_OTG_ID_PULLUP (1 << 8)
-#define TUSB_PRCM_MNGMT_15_SW_EN (1 << 4)
-#define TUSB_PRCM_MNGMT_33_SW_EN (1 << 3)
-#define TUSB_PRCM_MNGMT_5V_CPEN (1 << 2)
-#define TUSB_PRCM_MNGMT_PM_IDLE (1 << 1)
-#define TUSB_PRCM_MNGMT_DEV_IDLE (1 << 0)
-
-/* Wake-up source clear and mask registers */
-#define TUSB_PRCM_WAKEUP_SOURCE (TUSB_SYS_REG_BASE + 0x020)
-#define TUSB_PRCM_WAKEUP_CLEAR (TUSB_SYS_REG_BASE + 0x028)
-#define TUSB_PRCM_WAKEUP_MASK (TUSB_SYS_REG_BASE + 0x02c)
-#define TUSB_PRCM_WAKEUP_RESERVED_BITS (0xffffe << 13)
-#define TUSB_PRCM_WGPIO_7 (1 << 12)
-#define TUSB_PRCM_WGPIO_6 (1 << 11)
-#define TUSB_PRCM_WGPIO_5 (1 << 10)
-#define TUSB_PRCM_WGPIO_4 (1 << 9)
-#define TUSB_PRCM_WGPIO_3 (1 << 8)
-#define TUSB_PRCM_WGPIO_2 (1 << 7)
-#define TUSB_PRCM_WGPIO_1 (1 << 6)
-#define TUSB_PRCM_WGPIO_0 (1 << 5)
-#define TUSB_PRCM_WHOSTDISCON (1 << 4) /* Host disconnect */
-#define TUSB_PRCM_WBUS (1 << 3) /* USB bus resume */
-#define TUSB_PRCM_WNORCS (1 << 2) /* NOR chip select */
-#define TUSB_PRCM_WVBUS (1 << 1) /* OTG PHY VBUS */
-#define TUSB_PRCM_WID (1 << 0) /* OTG PHY ID detect */
-
-#define TUSB_PULLUP_1_CTRL (TUSB_SYS_REG_BASE + 0x030)
-#define TUSB_PULLUP_2_CTRL (TUSB_SYS_REG_BASE + 0x034)
-#define TUSB_INT_CTRL_REV (TUSB_SYS_REG_BASE + 0x038)
-#define TUSB_INT_CTRL_CONF (TUSB_SYS_REG_BASE + 0x03c)
-#define TUSB_USBIP_INT_SRC (TUSB_SYS_REG_BASE + 0x040)
-#define TUSB_USBIP_INT_SET (TUSB_SYS_REG_BASE + 0x044)
-#define TUSB_USBIP_INT_CLEAR (TUSB_SYS_REG_BASE + 0x048)
-#define TUSB_USBIP_INT_MASK (TUSB_SYS_REG_BASE + 0x04c)
-#define TUSB_DMA_INT_SRC (TUSB_SYS_REG_BASE + 0x050)
-#define TUSB_DMA_INT_SET (TUSB_SYS_REG_BASE + 0x054)
-#define TUSB_DMA_INT_CLEAR (TUSB_SYS_REG_BASE + 0x058)
-#define TUSB_DMA_INT_MASK (TUSB_SYS_REG_BASE + 0x05c)
-#define TUSB_GPIO_INT_SRC (TUSB_SYS_REG_BASE + 0x060)
-#define TUSB_GPIO_INT_SET (TUSB_SYS_REG_BASE + 0x064)
-#define TUSB_GPIO_INT_CLEAR (TUSB_SYS_REG_BASE + 0x068)
-#define TUSB_GPIO_INT_MASK (TUSB_SYS_REG_BASE + 0x06c)
-
-/* NOR flash interrupt source registers */
-#define TUSB_INT_SRC (TUSB_SYS_REG_BASE + 0x070)
-#define TUSB_INT_SRC_SET (TUSB_SYS_REG_BASE + 0x074)
-#define TUSB_INT_SRC_CLEAR (TUSB_SYS_REG_BASE + 0x078)
-#define TUSB_INT_MASK (TUSB_SYS_REG_BASE + 0x07c)
-#define TUSB_INT_SRC_TXRX_DMA_DONE (1 << 24)
-#define TUSB_INT_SRC_USB_IP_CORE (1 << 17)
-#define TUSB_INT_SRC_OTG_TIMEOUT (1 << 16)
-#define TUSB_INT_SRC_VBUS_SENSE_CHNG (1 << 15)
-#define TUSB_INT_SRC_ID_STATUS_CHNG (1 << 14)
-#define TUSB_INT_SRC_DEV_WAKEUP (1 << 13)
-#define TUSB_INT_SRC_DEV_READY (1 << 12)
-#define TUSB_INT_SRC_USB_IP_TX (1 << 9)
-#define TUSB_INT_SRC_USB_IP_RX (1 << 8)
-#define TUSB_INT_SRC_USB_IP_VBUS_ERR (1 << 7)
-#define TUSB_INT_SRC_USB_IP_VBUS_REQ (1 << 6)
-#define TUSB_INT_SRC_USB_IP_DISCON (1 << 5)
-#define TUSB_INT_SRC_USB_IP_CONN (1 << 4)
-#define TUSB_INT_SRC_USB_IP_SOF (1 << 3)
-#define TUSB_INT_SRC_USB_IP_RST_BABBLE (1 << 2)
-#define TUSB_INT_SRC_USB_IP_RESUME (1 << 1)
-#define TUSB_INT_SRC_USB_IP_SUSPEND (1 << 0)
-
-#define TUSB_GPIO_REV (TUSB_SYS_REG_BASE + 0x080)
-#define TUSB_GPIO_CONF (TUSB_SYS_REG_BASE + 0x084)
-#define TUSB_DMA_CTRL_REV (TUSB_SYS_REG_BASE + 0x100)
-#define TUSB_DMA_REQ_CONF (TUSB_SYS_REG_BASE + 0x104)
-#define TUSB_EP0_CONF (TUSB_SYS_REG_BASE + 0x108)
-#define TUSB_EP_IN_SIZE (TUSB_SYS_REG_BASE + 0x10c)
-#define TUSB_DMA_EP_MAP (TUSB_SYS_REG_BASE + 0x148)
-#define TUSB_EP_OUT_SIZE (TUSB_SYS_REG_BASE + 0x14c)
-#define TUSB_EP_MAX_PACKET_SIZE_OFFSET (TUSB_SYS_REG_BASE + 0x188)
-#define TUSB_SCRATCH_PAD (TUSB_SYS_REG_BASE + 0x1c4)
-#define TUSB_WAIT_COUNT (TUSB_SYS_REG_BASE + 0x1c8)
-#define TUSB_PROD_TEST_RESET (TUSB_SYS_REG_BASE + 0x1d8)
-
-#define TUSB_DIDR1_LO (TUSB_SYS_REG_BASE + 0x1f8)
-#define TUSB_DIDR1_HI (TUSB_SYS_REG_BASE + 0x1fc)
-
-/* Device System & Control register bitfields */
-#define TUSB_INT_CTRL_CONF_INT_RLCYC(v) (((v) & 0x7) << 18)
-#define TUSB_INT_CTRL_CONF_INT_POLARITY (1 << 17)
-#define TUSB_INT_CTRL_CONF_INT_MODE (1 << 16)
-#define TUSB_GPIO_CONF_DMAREQ(v) (((v) & 0x3f) << 24)
-#define TUSB_DMA_REQ_CONF_BURST_SIZE(v) (((v) & 3) << 26)
-#define TUSB_DMA_REQ_CONF_DMA_RQ_EN(v) (((v) & 0x3f) << 20)
-#define TUSB_DMA_REQ_CONF_DMA_RQ_ASR(v) (((v) & 0xf) << 16)
-#define TUSB_EP0_CONFIG_SW_EN (1 << 8)
-#define TUSB_EP0_CONFIG_DIR_TX (1 << 7)
-#define TUSB_EP0_CONFIG_XFR_SIZE(v) ((v) & 0x7f)
-#define TUSB_EP_CONFIG_SW_EN (1 << 31)
-#define TUSB_EP_CONFIG_XFR_SIZE(v) ((v) & 0x7fffffff)
-#define TUSB_PROD_TEST_RESET_VAL 0xa596
-
-static void tusb_intr_update(TUSBState *s)
-{
- if (s->control_config & TUSB_INT_CTRL_CONF_INT_POLARITY)
- qemu_set_irq(s->irq, s->intr & ~s->mask & s->intr_ok);
- else
- qemu_set_irq(s->irq, (!(s->intr & ~s->mask)) & s->intr_ok);
-}
-
-static void tusb_usbip_intr_update(TUSBState *s)
-{
- /* TX interrupt in the MUSB */
- if (s->usbip_intr & 0x0000ffff & ~s->usbip_mask)
- s->intr |= TUSB_INT_SRC_USB_IP_TX;
- else
- s->intr &= ~TUSB_INT_SRC_USB_IP_TX;
-
- /* RX interrupt in the MUSB */
- if (s->usbip_intr & 0xffff0000 & ~s->usbip_mask)
- s->intr |= TUSB_INT_SRC_USB_IP_RX;
- else
- s->intr &= ~TUSB_INT_SRC_USB_IP_RX;
-
- /* XXX: What about TUSB_INT_SRC_USB_IP_CORE? */
-
- tusb_intr_update(s);
-}
-
-static void tusb_dma_intr_update(TUSBState *s)
-{
- if (s->dma_intr & ~s->dma_mask)
- s->intr |= TUSB_INT_SRC_TXRX_DMA_DONE;
- else
- s->intr &= ~TUSB_INT_SRC_TXRX_DMA_DONE;
-
- tusb_intr_update(s);
-}
-
-static void tusb_gpio_intr_update(TUSBState *s)
-{
- /* TODO: How is this signalled? */
-}
-
-extern CPUReadMemoryFunc * const musb_read[];
-extern CPUWriteMemoryFunc * const musb_write[];
-
-static uint32_t tusb_async_readb(void *opaque, hwaddr addr)
-{
- TUSBState *s = (TUSBState *) opaque;
-
- switch (addr & 0xfff) {
- case TUSB_BASE_OFFSET ... (TUSB_BASE_OFFSET | 0x1ff):
- return musb_read[0](s->musb, addr & 0x1ff);
-
- case TUSB_FIFO_BASE ... (TUSB_FIFO_BASE | 0x1ff):
- return musb_read[0](s->musb, 0x20 + ((addr >> 3) & 0x3c));
- }
-
- printf("%s: unknown register at %03x\n",
- __FUNCTION__, (int) (addr & 0xfff));
- return 0;
-}
-
-static uint32_t tusb_async_readh(void *opaque, hwaddr addr)
-{
- TUSBState *s = (TUSBState *) opaque;
-
- switch (addr & 0xfff) {
- case TUSB_BASE_OFFSET ... (TUSB_BASE_OFFSET | 0x1ff):
- return musb_read[1](s->musb, addr & 0x1ff);
-
- case TUSB_FIFO_BASE ... (TUSB_FIFO_BASE | 0x1ff):
- return musb_read[1](s->musb, 0x20 + ((addr >> 3) & 0x3c));
- }
-
- printf("%s: unknown register at %03x\n",
- __FUNCTION__, (int) (addr & 0xfff));
- return 0;
-}
-
-static uint32_t tusb_async_readw(void *opaque, hwaddr addr)
-{
- TUSBState *s = (TUSBState *) opaque;
- int offset = addr & 0xfff;
- int epnum;
- uint32_t ret;
-
- switch (offset) {
- case TUSB_DEV_CONF:
- return s->dev_config;
-
- case TUSB_BASE_OFFSET ... (TUSB_BASE_OFFSET | 0x1ff):
- return musb_read[2](s->musb, offset & 0x1ff);
-
- case TUSB_FIFO_BASE ... (TUSB_FIFO_BASE | 0x1ff):
- return musb_read[2](s->musb, 0x20 + ((addr >> 3) & 0x3c));
-
- case TUSB_PHY_OTG_CTRL_ENABLE:
- case TUSB_PHY_OTG_CTRL:
- return 0x00; /* TODO */
-
- case TUSB_DEV_OTG_STAT:
- ret = s->otg_status;
-#if 0
- if (!(s->prcm_mngmt & TUSB_PRCM_MNGMT_OTG_VBUS_DET_EN))
- ret &= ~TUSB_DEV_OTG_STAT_VBUS_VALID;
-#endif
- return ret;
- case TUSB_DEV_OTG_TIMER:
- return s->otg_timer_val;
-
- case TUSB_PRCM_REV:
- return 0x20;
- case TUSB_PRCM_CONF:
- return s->prcm_config;
- case TUSB_PRCM_MNGMT:
- return s->prcm_mngmt;
- case TUSB_PRCM_WAKEUP_SOURCE:
- case TUSB_PRCM_WAKEUP_CLEAR: /* TODO: What does this one return? */
- return 0x00000000;
- case TUSB_PRCM_WAKEUP_MASK:
- return s->wkup_mask;
-
- case TUSB_PULLUP_1_CTRL:
- return s->pullup[0];
- case TUSB_PULLUP_2_CTRL:
- return s->pullup[1];
-
- case TUSB_INT_CTRL_REV:
- return 0x20;
- case TUSB_INT_CTRL_CONF:
- return s->control_config;
-
- case TUSB_USBIP_INT_SRC:
- case TUSB_USBIP_INT_SET: /* TODO: What do these two return? */
- case TUSB_USBIP_INT_CLEAR:
- return s->usbip_intr;
- case TUSB_USBIP_INT_MASK:
- return s->usbip_mask;
-
- case TUSB_DMA_INT_SRC:
- case TUSB_DMA_INT_SET: /* TODO: What do these two return? */
- case TUSB_DMA_INT_CLEAR:
- return s->dma_intr;
- case TUSB_DMA_INT_MASK:
- return s->dma_mask;
-
- case TUSB_GPIO_INT_SRC: /* TODO: What do these two return? */
- case TUSB_GPIO_INT_SET:
- case TUSB_GPIO_INT_CLEAR:
- return s->gpio_intr;
- case TUSB_GPIO_INT_MASK:
- return s->gpio_mask;
-
- case TUSB_INT_SRC:
- case TUSB_INT_SRC_SET: /* TODO: What do these two return? */
- case TUSB_INT_SRC_CLEAR:
- return s->intr;
- case TUSB_INT_MASK:
- return s->mask;
-
- case TUSB_GPIO_REV:
- return 0x30;
- case TUSB_GPIO_CONF:
- return s->gpio_config;
-
- case TUSB_DMA_CTRL_REV:
- return 0x30;
- case TUSB_DMA_REQ_CONF:
- return s->dma_config;
- case TUSB_EP0_CONF:
- return s->ep0_config;
- case TUSB_EP_IN_SIZE ... (TUSB_EP_IN_SIZE + 0x3b):
- epnum = (offset - TUSB_EP_IN_SIZE) >> 2;
- return s->tx_config[epnum];
- case TUSB_DMA_EP_MAP:
- return s->dma_map;
- case TUSB_EP_OUT_SIZE ... (TUSB_EP_OUT_SIZE + 0x3b):
- epnum = (offset - TUSB_EP_OUT_SIZE) >> 2;
- return s->rx_config[epnum];
- case TUSB_EP_MAX_PACKET_SIZE_OFFSET ...
- (TUSB_EP_MAX_PACKET_SIZE_OFFSET + 0x3b):
- return 0x00000000; /* TODO */
- case TUSB_WAIT_COUNT:
- return 0x00; /* TODO */
-
- case TUSB_SCRATCH_PAD:
- return s->scratch;
-
- case TUSB_PROD_TEST_RESET:
- return s->test_reset;
-
- /* DIE IDs */
- case TUSB_DIDR1_LO:
- return 0xa9453c59;
- case TUSB_DIDR1_HI:
- return 0x54059adf;
- }
-
- printf("%s: unknown register at %03x\n", __FUNCTION__, offset);
- return 0;
-}
-
-static void tusb_async_writeb(void *opaque, hwaddr addr,
- uint32_t value)
-{
- TUSBState *s = (TUSBState *) opaque;
-
- switch (addr & 0xfff) {
- case TUSB_BASE_OFFSET ... (TUSB_BASE_OFFSET | 0x1ff):
- musb_write[0](s->musb, addr & 0x1ff, value);
- break;
-
- case TUSB_FIFO_BASE ... (TUSB_FIFO_BASE | 0x1ff):
- musb_write[0](s->musb, 0x20 + ((addr >> 3) & 0x3c), value);
- break;
-
- default:
- printf("%s: unknown register at %03x\n",
- __FUNCTION__, (int) (addr & 0xfff));
- return;
- }
-}
-
-static void tusb_async_writeh(void *opaque, hwaddr addr,
- uint32_t value)
-{
- TUSBState *s = (TUSBState *) opaque;
-
- switch (addr & 0xfff) {
- case TUSB_BASE_OFFSET ... (TUSB_BASE_OFFSET | 0x1ff):
- musb_write[1](s->musb, addr & 0x1ff, value);
- break;
-
- case TUSB_FIFO_BASE ... (TUSB_FIFO_BASE | 0x1ff):
- musb_write[1](s->musb, 0x20 + ((addr >> 3) & 0x3c), value);
- break;
-
- default:
- printf("%s: unknown register at %03x\n",
- __FUNCTION__, (int) (addr & 0xfff));
- return;
- }
-}
-
-static void tusb_async_writew(void *opaque, hwaddr addr,
- uint32_t value)
-{
- TUSBState *s = (TUSBState *) opaque;
- int offset = addr & 0xfff;
- int epnum;
-
- switch (offset) {
- case TUSB_VLYNQ_CTRL:
- break;
-
- case TUSB_BASE_OFFSET ... (TUSB_BASE_OFFSET | 0x1ff):
- musb_write[2](s->musb, offset & 0x1ff, value);
- break;
-
- case TUSB_FIFO_BASE ... (TUSB_FIFO_BASE | 0x1ff):
- musb_write[2](s->musb, 0x20 + ((addr >> 3) & 0x3c), value);
- break;
-
- case TUSB_DEV_CONF:
- s->dev_config = value;
- s->host_mode = (value & TUSB_DEV_CONF_USB_HOST_MODE);
- if (value & TUSB_DEV_CONF_PROD_TEST_MODE)
- hw_error("%s: Product Test mode not allowed\n", __FUNCTION__);
- break;
-
- case TUSB_PHY_OTG_CTRL_ENABLE:
- case TUSB_PHY_OTG_CTRL:
- return; /* TODO */
- case TUSB_DEV_OTG_TIMER:
- s->otg_timer_val = value;
- if (value & TUSB_DEV_OTG_TIMER_ENABLE)
- qemu_mod_timer(s->otg_timer, qemu_get_clock_ns(vm_clock) +
- muldiv64(TUSB_DEV_OTG_TIMER_VAL(value),
- get_ticks_per_sec(), TUSB_DEVCLOCK));
- else
- qemu_del_timer(s->otg_timer);
- break;
-
- case TUSB_PRCM_CONF:
- s->prcm_config = value;
- break;
- case TUSB_PRCM_MNGMT:
- s->prcm_mngmt = value;
- break;
- case TUSB_PRCM_WAKEUP_CLEAR:
- break;
- case TUSB_PRCM_WAKEUP_MASK:
- s->wkup_mask = value;
- break;
-
- case TUSB_PULLUP_1_CTRL:
- s->pullup[0] = value;
- break;
- case TUSB_PULLUP_2_CTRL:
- s->pullup[1] = value;
- break;
- case TUSB_INT_CTRL_CONF:
- s->control_config = value;
- tusb_intr_update(s);
- break;
-
- case TUSB_USBIP_INT_SET:
- s->usbip_intr |= value;
- tusb_usbip_intr_update(s);
- break;
- case TUSB_USBIP_INT_CLEAR:
- s->usbip_intr &= ~value;
- tusb_usbip_intr_update(s);
- musb_core_intr_clear(s->musb, ~value);
- break;
- case TUSB_USBIP_INT_MASK:
- s->usbip_mask = value;
- tusb_usbip_intr_update(s);
- break;
-
- case TUSB_DMA_INT_SET:
- s->dma_intr |= value;
- tusb_dma_intr_update(s);
- break;
- case TUSB_DMA_INT_CLEAR:
- s->dma_intr &= ~value;
- tusb_dma_intr_update(s);
- break;
- case TUSB_DMA_INT_MASK:
- s->dma_mask = value;
- tusb_dma_intr_update(s);
- break;
-
- case TUSB_GPIO_INT_SET:
- s->gpio_intr |= value;
- tusb_gpio_intr_update(s);
- break;
- case TUSB_GPIO_INT_CLEAR:
- s->gpio_intr &= ~value;
- tusb_gpio_intr_update(s);
- break;
- case TUSB_GPIO_INT_MASK:
- s->gpio_mask = value;
- tusb_gpio_intr_update(s);
- break;
-
- case TUSB_INT_SRC_SET:
- s->intr |= value;
- tusb_intr_update(s);
- break;
- case TUSB_INT_SRC_CLEAR:
- s->intr &= ~value;
- tusb_intr_update(s);
- break;
- case TUSB_INT_MASK:
- s->mask = value;
- tusb_intr_update(s);
- break;
-
- case TUSB_GPIO_CONF:
- s->gpio_config = value;
- break;
- case TUSB_DMA_REQ_CONF:
- s->dma_config = value;
- break;
- case TUSB_EP0_CONF:
- s->ep0_config = value & 0x1ff;
- musb_set_size(s->musb, 0, TUSB_EP0_CONFIG_XFR_SIZE(value),
- value & TUSB_EP0_CONFIG_DIR_TX);
- break;
- case TUSB_EP_IN_SIZE ... (TUSB_EP_IN_SIZE + 0x3b):
- epnum = (offset - TUSB_EP_IN_SIZE) >> 2;
- s->tx_config[epnum] = value;
- musb_set_size(s->musb, epnum + 1, TUSB_EP_CONFIG_XFR_SIZE(value), 1);
- break;
- case TUSB_DMA_EP_MAP:
- s->dma_map = value;
- break;
- case TUSB_EP_OUT_SIZE ... (TUSB_EP_OUT_SIZE + 0x3b):
- epnum = (offset - TUSB_EP_OUT_SIZE) >> 2;
- s->rx_config[epnum] = value;
- musb_set_size(s->musb, epnum + 1, TUSB_EP_CONFIG_XFR_SIZE(value), 0);
- break;
- case TUSB_EP_MAX_PACKET_SIZE_OFFSET ...
- (TUSB_EP_MAX_PACKET_SIZE_OFFSET + 0x3b):
- return; /* TODO */
- case TUSB_WAIT_COUNT:
- return; /* TODO */
-
- case TUSB_SCRATCH_PAD:
- s->scratch = value;
- break;
-
- case TUSB_PROD_TEST_RESET:
- s->test_reset = value;
- break;
-
- default:
- printf("%s: unknown register at %03x\n", __FUNCTION__, offset);
- return;
- }
-}
-
-static const MemoryRegionOps tusb_async_ops = {
- .old_mmio = {
- .read = { tusb_async_readb, tusb_async_readh, tusb_async_readw, },
- .write = { tusb_async_writeb, tusb_async_writeh, tusb_async_writew, },
- },
- .endianness = DEVICE_NATIVE_ENDIAN,
-};
-
-static void tusb_otg_tick(void *opaque)
-{
- TUSBState *s = (TUSBState *) opaque;
-
- s->otg_timer_val = 0;
- s->intr |= TUSB_INT_SRC_OTG_TIMEOUT;
- tusb_intr_update(s);
-}
-
-static void tusb_power_tick(void *opaque)
-{
- TUSBState *s = (TUSBState *) opaque;
-
- if (s->power) {
- s->intr_ok = ~0;
- tusb_intr_update(s);
- }
-}
-
-static void tusb_musb_core_intr(void *opaque, int source, int level)
-{
- TUSBState *s = (TUSBState *) opaque;
- uint16_t otg_status = s->otg_status;
-
- switch (source) {
- case musb_set_vbus:
- if (level)
- otg_status |= TUSB_DEV_OTG_STAT_VBUS_VALID;
- else
- otg_status &= ~TUSB_DEV_OTG_STAT_VBUS_VALID;
-
- /* XXX: only if TUSB_PHY_OTG_CTRL_OTG_VBUS_DET_EN set? */
- /* XXX: only if TUSB_PRCM_MNGMT_OTG_VBUS_DET_EN set? */
- if (s->otg_status != otg_status) {
- s->otg_status = otg_status;
- s->intr |= TUSB_INT_SRC_VBUS_SENSE_CHNG;
- tusb_intr_update(s);
- }
- break;
-
- case musb_set_session:
- /* XXX: only if TUSB_PHY_OTG_CTRL_OTG_SESS_END_EN set? */
- /* XXX: only if TUSB_PRCM_MNGMT_OTG_SESS_END_EN set? */
- if (level) {
- s->otg_status |= TUSB_DEV_OTG_STAT_SESS_VALID;
- s->otg_status &= ~TUSB_DEV_OTG_STAT_SESS_END;
- } else {
- s->otg_status &= ~TUSB_DEV_OTG_STAT_SESS_VALID;
- s->otg_status |= TUSB_DEV_OTG_STAT_SESS_END;
- }
-
- /* XXX: some IRQ or anything? */
- break;
-
- case musb_irq_tx:
- case musb_irq_rx:
- s->usbip_intr = musb_core_intr_get(s->musb);
- /* Fall through. */
- default:
- if (level)
- s->intr |= 1 << source;
- else
- s->intr &= ~(1 << source);
- tusb_intr_update(s);
- break;
- }
-}
-
-static void tusb6010_power(TUSBState *s, int on)
-{
- if (!on) {
- s->power = 0;
- } else if (!s->power && on) {
- s->power = 1;
- /* Pull the interrupt down after TUSB6010 comes up. */
- s->intr_ok = 0;
- tusb_intr_update(s);
- qemu_mod_timer(s->pwr_timer,
- qemu_get_clock_ns(vm_clock) + get_ticks_per_sec() / 2);
- }
-}
-
-static void tusb6010_irq(void *opaque, int source, int level)
-{
- if (source) {
- tusb_musb_core_intr(opaque, source - 1, level);
- } else {
- tusb6010_power(opaque, level);
- }
-}
-
-static void tusb6010_reset(DeviceState *dev)
-{
- TUSBState *s = FROM_SYSBUS(TUSBState, sysbus_from_qdev(dev));
- int i;
-
- s->test_reset = TUSB_PROD_TEST_RESET_VAL;
- s->host_mode = 0;
- s->dev_config = 0;
- s->otg_status = 0; /* !TUSB_DEV_OTG_STAT_ID_STATUS means host mode */
- s->power = 0;
- s->mask = 0xffffffff;
- s->intr = 0x00000000;
- s->otg_timer_val = 0;
- s->scratch = 0;
- s->prcm_config = 0;
- s->prcm_mngmt = 0;
- s->intr_ok = 0;
- s->usbip_intr = 0;
- s->usbip_mask = 0;
- s->gpio_intr = 0;
- s->gpio_mask = 0;
- s->gpio_config = 0;
- s->dma_intr = 0;
- s->dma_mask = 0;
- s->dma_map = 0;
- s->dma_config = 0;
- s->ep0_config = 0;
- s->wkup_mask = 0;
- s->pullup[0] = s->pullup[1] = 0;
- s->control_config = 0;
- for (i = 0; i < 15; i++) {
- s->rx_config[i] = s->tx_config[i] = 0;
- }
- musb_reset(s->musb);
-}
-
-static int tusb6010_init(SysBusDevice *dev)
-{
- TUSBState *s = FROM_SYSBUS(TUSBState, dev);
- s->otg_timer = qemu_new_timer_ns(vm_clock, tusb_otg_tick, s);
- s->pwr_timer = qemu_new_timer_ns(vm_clock, tusb_power_tick, s);
- memory_region_init_io(&s->iomem[1], &tusb_async_ops, s, "tusb-async",
- UINT32_MAX);
- sysbus_init_mmio(dev, &s->iomem[0]);
- sysbus_init_mmio(dev, &s->iomem[1]);
- sysbus_init_irq(dev, &s->irq);
- qdev_init_gpio_in(&dev->qdev, tusb6010_irq, musb_irq_max + 1);
- s->musb = musb_init(&dev->qdev, 1);
- return 0;
-}
-
-static void tusb6010_class_init(ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS(klass);
- SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
-
- k->init = tusb6010_init;
- dc->reset = tusb6010_reset;
-}
-
-static TypeInfo tusb6010_info = {
- .name = "tusb6010",
- .parent = TYPE_SYS_BUS_DEVICE,
- .instance_size = sizeof(TUSBState),
- .class_init = tusb6010_class_init,
-};
-
-static void tusb6010_register_types(void)
-{
- type_register_static(&tusb6010_info);
-}
-
-type_init(tusb6010_register_types)
diff --git a/hw/twl92230.c b/hw/twl92230.c
deleted file mode 100644
index 0d70d8498..000000000
--- a/hw/twl92230.c
+++ /dev/null
@@ -1,882 +0,0 @@
-/*
- * TI TWL92230C energy-management companion device for the OMAP24xx.
- * Aka. Menelaus (N4200 MENELAUS1_V2.2)
- *
- * Copyright (C) 2008 Nokia Corporation
- * Written by Andrzej Zaborowski <andrew@openedhand.com>
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License as
- * published by the Free Software Foundation; either version 2 or
- * (at your option) version 3 of the License.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, see <http://www.gnu.org/licenses/>.
- */
-
-#include "hw.h"
-#include "qemu-timer.h"
-#include "i2c.h"
-#include "sysemu.h"
-#include "console.h"
-
-#define VERBOSE 1
-
-typedef struct {
- I2CSlave i2c;
-
- int firstbyte;
- uint8_t reg;
-
- uint8_t vcore[5];
- uint8_t dcdc[3];
- uint8_t ldo[8];
- uint8_t sleep[2];
- uint8_t osc;
- uint8_t detect;
- uint16_t mask;
- uint16_t status;
- uint8_t dir;
- uint8_t inputs;
- uint8_t outputs;
- uint8_t bbsms;
- uint8_t pull[4];
- uint8_t mmc_ctrl[3];
- uint8_t mmc_debounce;
- struct {
- uint8_t ctrl;
- uint16_t comp;
- QEMUTimer *hz_tm;
- int64_t next;
- struct tm tm;
- struct tm new;
- struct tm alm;
- int sec_offset;
- int alm_sec;
- int next_comp;
- } rtc;
- uint16_t rtc_next_vmstate;
- qemu_irq out[4];
- uint8_t pwrbtn_state;
-} MenelausState;
-
-static inline void menelaus_update(MenelausState *s)
-{
- qemu_set_irq(s->out[3], s->status & ~s->mask);
-}
-
-static inline void menelaus_rtc_start(MenelausState *s)
-{
- s->rtc.next += qemu_get_clock_ms(rtc_clock);
- qemu_mod_timer(s->rtc.hz_tm, s->rtc.next);
-}
-
-static inline void menelaus_rtc_stop(MenelausState *s)
-{
- qemu_del_timer(s->rtc.hz_tm);
- s->rtc.next -= qemu_get_clock_ms(rtc_clock);
- if (s->rtc.next < 1)
- s->rtc.next = 1;
-}
-
-static void menelaus_rtc_update(MenelausState *s)
-{
- qemu_get_timedate(&s->rtc.tm, s->rtc.sec_offset);
-}
-
-static void menelaus_alm_update(MenelausState *s)
-{
- if ((s->rtc.ctrl & 3) == 3)
- s->rtc.alm_sec = qemu_timedate_diff(&s->rtc.alm) - s->rtc.sec_offset;
-}
-
-static void menelaus_rtc_hz(void *opaque)
-{
- MenelausState *s = (MenelausState *) opaque;
-
- s->rtc.next_comp --;
- s->rtc.alm_sec --;
- s->rtc.next += 1000;
- qemu_mod_timer(s->rtc.hz_tm, s->rtc.next);
- if ((s->rtc.ctrl >> 3) & 3) { /* EVERY */
- menelaus_rtc_update(s);
- if (((s->rtc.ctrl >> 3) & 3) == 1 && !s->rtc.tm.tm_sec)
- s->status |= 1 << 8; /* RTCTMR */
- else if (((s->rtc.ctrl >> 3) & 3) == 2 && !s->rtc.tm.tm_min)
- s->status |= 1 << 8; /* RTCTMR */
- else if (!s->rtc.tm.tm_hour)
- s->status |= 1 << 8; /* RTCTMR */
- } else
- s->status |= 1 << 8; /* RTCTMR */
- if ((s->rtc.ctrl >> 1) & 1) { /* RTC_AL_EN */
- if (s->rtc.alm_sec == 0)
- s->status |= 1 << 9; /* RTCALM */
- /* TODO: wake-up */
- }
- if (s->rtc.next_comp <= 0) {
- s->rtc.next -= muldiv64((int16_t) s->rtc.comp, 1000, 0x8000);
- s->rtc.next_comp = 3600;
- }
- menelaus_update(s);
-}
-
-static void menelaus_reset(I2CSlave *i2c)
-{
- MenelausState *s = (MenelausState *) i2c;
- s->reg = 0x00;
-
- s->vcore[0] = 0x0c; /* XXX: X-loader needs 0x8c? check! */
- s->vcore[1] = 0x05;
- s->vcore[2] = 0x02;
- s->vcore[3] = 0x0c;
- s->vcore[4] = 0x03;
- s->dcdc[0] = 0x33; /* Depends on wiring */
- s->dcdc[1] = 0x03;
- s->dcdc[2] = 0x00;
- s->ldo[0] = 0x95;
- s->ldo[1] = 0x7e;
- s->ldo[2] = 0x00;
- s->ldo[3] = 0x00; /* Depends on wiring */
- s->ldo[4] = 0x03; /* Depends on wiring */
- s->ldo[5] = 0x00;
- s->ldo[6] = 0x00;
- s->ldo[7] = 0x00;
- s->sleep[0] = 0x00;
- s->sleep[1] = 0x00;
- s->osc = 0x01;
- s->detect = 0x09;
- s->mask = 0x0fff;
- s->status = 0;
- s->dir = 0x07;
- s->outputs = 0x00;
- s->bbsms = 0x00;
- s->pull[0] = 0x00;
- s->pull[1] = 0x00;
- s->pull[2] = 0x00;
- s->pull[3] = 0x00;
- s->mmc_ctrl[0] = 0x03;
- s->mmc_ctrl[1] = 0xc0;
- s->mmc_ctrl[2] = 0x00;
- s->mmc_debounce = 0x05;
-
- if (s->rtc.ctrl & 1)
- menelaus_rtc_stop(s);
- s->rtc.ctrl = 0x00;
- s->rtc.comp = 0x0000;
- s->rtc.next = 1000;
- s->rtc.sec_offset = 0;
- s->rtc.next_comp = 1800;
- s->rtc.alm_sec = 1800;
- s->rtc.alm.tm_sec = 0x00;
- s->rtc.alm.tm_min = 0x00;
- s->rtc.alm.tm_hour = 0x00;
- s->rtc.alm.tm_mday = 0x01;
- s->rtc.alm.tm_mon = 0x00;
- s->rtc.alm.tm_year = 2004;
- menelaus_update(s);
-}
-
-static void menelaus_gpio_set(void *opaque, int line, int level)
-{
- MenelausState *s = (MenelausState *) opaque;
-
- if (line < 3) {
- /* No interrupt generated */
- s->inputs &= ~(1 << line);
- s->inputs |= level << line;
- return;
- }
-
- if (!s->pwrbtn_state && level) {
- s->status |= 1 << 11; /* PSHBTN */
- menelaus_update(s);
- }
- s->pwrbtn_state = level;
-}
-
-#define MENELAUS_REV 0x01
-#define MENELAUS_VCORE_CTRL1 0x02
-#define MENELAUS_VCORE_CTRL2 0x03
-#define MENELAUS_VCORE_CTRL3 0x04
-#define MENELAUS_VCORE_CTRL4 0x05
-#define MENELAUS_VCORE_CTRL5 0x06
-#define MENELAUS_DCDC_CTRL1 0x07
-#define MENELAUS_DCDC_CTRL2 0x08
-#define MENELAUS_DCDC_CTRL3 0x09
-#define MENELAUS_LDO_CTRL1 0x0a
-#define MENELAUS_LDO_CTRL2 0x0b
-#define MENELAUS_LDO_CTRL3 0x0c
-#define MENELAUS_LDO_CTRL4 0x0d
-#define MENELAUS_LDO_CTRL5 0x0e
-#define MENELAUS_LDO_CTRL6 0x0f
-#define MENELAUS_LDO_CTRL7 0x10
-#define MENELAUS_LDO_CTRL8 0x11
-#define MENELAUS_SLEEP_CTRL1 0x12
-#define MENELAUS_SLEEP_CTRL2 0x13
-#define MENELAUS_DEVICE_OFF 0x14
-#define MENELAUS_OSC_CTRL 0x15
-#define MENELAUS_DETECT_CTRL 0x16
-#define MENELAUS_INT_MASK1 0x17
-#define MENELAUS_INT_MASK2 0x18
-#define MENELAUS_INT_STATUS1 0x19
-#define MENELAUS_INT_STATUS2 0x1a
-#define MENELAUS_INT_ACK1 0x1b
-#define MENELAUS_INT_ACK2 0x1c
-#define MENELAUS_GPIO_CTRL 0x1d
-#define MENELAUS_GPIO_IN 0x1e
-#define MENELAUS_GPIO_OUT 0x1f
-#define MENELAUS_BBSMS 0x20
-#define MENELAUS_RTC_CTRL 0x21
-#define MENELAUS_RTC_UPDATE 0x22
-#define MENELAUS_RTC_SEC 0x23
-#define MENELAUS_RTC_MIN 0x24
-#define MENELAUS_RTC_HR 0x25
-#define MENELAUS_RTC_DAY 0x26
-#define MENELAUS_RTC_MON 0x27
-#define MENELAUS_RTC_YR 0x28
-#define MENELAUS_RTC_WKDAY 0x29
-#define MENELAUS_RTC_AL_SEC 0x2a
-#define MENELAUS_RTC_AL_MIN 0x2b
-#define MENELAUS_RTC_AL_HR 0x2c
-#define MENELAUS_RTC_AL_DAY 0x2d
-#define MENELAUS_RTC_AL_MON 0x2e
-#define MENELAUS_RTC_AL_YR 0x2f
-#define MENELAUS_RTC_COMP_MSB 0x30
-#define MENELAUS_RTC_COMP_LSB 0x31
-#define MENELAUS_S1_PULL_EN 0x32
-#define MENELAUS_S1_PULL_DIR 0x33
-#define MENELAUS_S2_PULL_EN 0x34
-#define MENELAUS_S2_PULL_DIR 0x35
-#define MENELAUS_MCT_CTRL1 0x36
-#define MENELAUS_MCT_CTRL2 0x37
-#define MENELAUS_MCT_CTRL3 0x38
-#define MENELAUS_MCT_PIN_ST 0x39
-#define MENELAUS_DEBOUNCE1 0x3a
-
-static uint8_t menelaus_read(void *opaque, uint8_t addr)
-{
- MenelausState *s = (MenelausState *) opaque;
- int reg = 0;
-
- switch (addr) {
- case MENELAUS_REV:
- return 0x22;
-
- case MENELAUS_VCORE_CTRL5: reg ++;
- case MENELAUS_VCORE_CTRL4: reg ++;
- case MENELAUS_VCORE_CTRL3: reg ++;
- case MENELAUS_VCORE_CTRL2: reg ++;
- case MENELAUS_VCORE_CTRL1:
- return s->vcore[reg];
-
- case MENELAUS_DCDC_CTRL3: reg ++;
- case MENELAUS_DCDC_CTRL2: reg ++;
- case MENELAUS_DCDC_CTRL1:
- return s->dcdc[reg];
-
- case MENELAUS_LDO_CTRL8: reg ++;
- case MENELAUS_LDO_CTRL7: reg ++;
- case MENELAUS_LDO_CTRL6: reg ++;
- case MENELAUS_LDO_CTRL5: reg ++;
- case MENELAUS_LDO_CTRL4: reg ++;
- case MENELAUS_LDO_CTRL3: reg ++;
- case MENELAUS_LDO_CTRL2: reg ++;
- case MENELAUS_LDO_CTRL1:
- return s->ldo[reg];
-
- case MENELAUS_SLEEP_CTRL2: reg ++;
- case MENELAUS_SLEEP_CTRL1:
- return s->sleep[reg];
-
- case MENELAUS_DEVICE_OFF:
- return 0;
-
- case MENELAUS_OSC_CTRL:
- return s->osc | (1 << 7); /* CLK32K_GOOD */
-
- case MENELAUS_DETECT_CTRL:
- return s->detect;
-
- case MENELAUS_INT_MASK1:
- return (s->mask >> 0) & 0xff;
- case MENELAUS_INT_MASK2:
- return (s->mask >> 8) & 0xff;
-
- case MENELAUS_INT_STATUS1:
- return (s->status >> 0) & 0xff;
- case MENELAUS_INT_STATUS2:
- return (s->status >> 8) & 0xff;
-
- case MENELAUS_INT_ACK1:
- case MENELAUS_INT_ACK2:
- return 0;
-
- case MENELAUS_GPIO_CTRL:
- return s->dir;
- case MENELAUS_GPIO_IN:
- return s->inputs | (~s->dir & s->outputs);
- case MENELAUS_GPIO_OUT:
- return s->outputs;
-
- case MENELAUS_BBSMS:
- return s->bbsms;
-
- case MENELAUS_RTC_CTRL:
- return s->rtc.ctrl;
- case MENELAUS_RTC_UPDATE:
- return 0x00;
- case MENELAUS_RTC_SEC:
- menelaus_rtc_update(s);
- return to_bcd(s->rtc.tm.tm_sec);
- case MENELAUS_RTC_MIN:
- menelaus_rtc_update(s);
- return to_bcd(s->rtc.tm.tm_min);
- case MENELAUS_RTC_HR:
- menelaus_rtc_update(s);
- if ((s->rtc.ctrl >> 2) & 1) /* MODE12_n24 */
- return to_bcd((s->rtc.tm.tm_hour % 12) + 1) |
- (!!(s->rtc.tm.tm_hour >= 12) << 7); /* PM_nAM */
- else
- return to_bcd(s->rtc.tm.tm_hour);
- case MENELAUS_RTC_DAY:
- menelaus_rtc_update(s);
- return to_bcd(s->rtc.tm.tm_mday);
- case MENELAUS_RTC_MON:
- menelaus_rtc_update(s);
- return to_bcd(s->rtc.tm.tm_mon + 1);
- case MENELAUS_RTC_YR:
- menelaus_rtc_update(s);
- return to_bcd(s->rtc.tm.tm_year - 2000);
- case MENELAUS_RTC_WKDAY:
- menelaus_rtc_update(s);
- return to_bcd(s->rtc.tm.tm_wday);
- case MENELAUS_RTC_AL_SEC:
- return to_bcd(s->rtc.alm.tm_sec);
- case MENELAUS_RTC_AL_MIN:
- return to_bcd(s->rtc.alm.tm_min);
- case MENELAUS_RTC_AL_HR:
- if ((s->rtc.ctrl >> 2) & 1) /* MODE12_n24 */
- return to_bcd((s->rtc.alm.tm_hour % 12) + 1) |
- (!!(s->rtc.alm.tm_hour >= 12) << 7);/* AL_PM_nAM */
- else
- return to_bcd(s->rtc.alm.tm_hour);
- case MENELAUS_RTC_AL_DAY:
- return to_bcd(s->rtc.alm.tm_mday);
- case MENELAUS_RTC_AL_MON:
- return to_bcd(s->rtc.alm.tm_mon + 1);
- case MENELAUS_RTC_AL_YR:
- return to_bcd(s->rtc.alm.tm_year - 2000);
- case MENELAUS_RTC_COMP_MSB:
- return (s->rtc.comp >> 8) & 0xff;
- case MENELAUS_RTC_COMP_LSB:
- return (s->rtc.comp >> 0) & 0xff;
-
- case MENELAUS_S1_PULL_EN:
- return s->pull[0];
- case MENELAUS_S1_PULL_DIR:
- return s->pull[1];
- case MENELAUS_S2_PULL_EN:
- return s->pull[2];
- case MENELAUS_S2_PULL_DIR:
- return s->pull[3];
-
- case MENELAUS_MCT_CTRL3: reg ++;
- case MENELAUS_MCT_CTRL2: reg ++;
- case MENELAUS_MCT_CTRL1:
- return s->mmc_ctrl[reg];
- case MENELAUS_MCT_PIN_ST:
- /* TODO: return the real Card Detect */
- return 0;
- case MENELAUS_DEBOUNCE1:
- return s->mmc_debounce;
-
- default:
-#ifdef VERBOSE
- printf("%s: unknown register %02x\n", __FUNCTION__, addr);
-#endif
- break;
- }
- return 0;
-}
-
-static void menelaus_write(void *opaque, uint8_t addr, uint8_t value)
-{
- MenelausState *s = (MenelausState *) opaque;
- int line;
- int reg = 0;
- struct tm tm;
-
- switch (addr) {
- case MENELAUS_VCORE_CTRL1:
- s->vcore[0] = (value & 0xe) | MIN(value & 0x1f, 0x12);
- break;
- case MENELAUS_VCORE_CTRL2:
- s->vcore[1] = value;
- break;
- case MENELAUS_VCORE_CTRL3:
- s->vcore[2] = MIN(value & 0x1f, 0x12);
- break;
- case MENELAUS_VCORE_CTRL4:
- s->vcore[3] = MIN(value & 0x1f, 0x12);
- break;
- case MENELAUS_VCORE_CTRL5:
- s->vcore[4] = value & 3;
- /* XXX
- * auto set to 3 on M_Active, nRESWARM
- * auto set to 0 on M_WaitOn, M_Backup
- */
- break;
-
- case MENELAUS_DCDC_CTRL1:
- s->dcdc[0] = value & 0x3f;
- break;
- case MENELAUS_DCDC_CTRL2:
- s->dcdc[1] = value & 0x07;
- /* XXX
- * auto set to 3 on M_Active, nRESWARM
- * auto set to 0 on M_WaitOn, M_Backup
- */
- break;
- case MENELAUS_DCDC_CTRL3:
- s->dcdc[2] = value & 0x07;
- break;
-
- case MENELAUS_LDO_CTRL1:
- s->ldo[0] = value;
- break;
- case MENELAUS_LDO_CTRL2:
- s->ldo[1] = value & 0x7f;
- /* XXX
- * auto set to 0x7e on M_WaitOn, M_Backup
- */
- break;
- case MENELAUS_LDO_CTRL3:
- s->ldo[2] = value & 3;
- /* XXX
- * auto set to 3 on M_Active, nRESWARM
- * auto set to 0 on M_WaitOn, M_Backup
- */
- break;
- case MENELAUS_LDO_CTRL4:
- s->ldo[3] = value & 3;
- /* XXX
- * auto set to 3 on M_Active, nRESWARM
- * auto set to 0 on M_WaitOn, M_Backup
- */
- break;
- case MENELAUS_LDO_CTRL5:
- s->ldo[4] = value & 3;
- /* XXX
- * auto set to 3 on M_Active, nRESWARM
- * auto set to 0 on M_WaitOn, M_Backup
- */
- break;
- case MENELAUS_LDO_CTRL6:
- s->ldo[5] = value & 3;
- break;
- case MENELAUS_LDO_CTRL7:
- s->ldo[6] = value & 3;
- break;
- case MENELAUS_LDO_CTRL8:
- s->ldo[7] = value & 3;
- break;
-
- case MENELAUS_SLEEP_CTRL2: reg ++;
- case MENELAUS_SLEEP_CTRL1:
- s->sleep[reg] = value;
- break;
-
- case MENELAUS_DEVICE_OFF:
- if (value & 1)
- menelaus_reset(&s->i2c);
- break;
-
- case MENELAUS_OSC_CTRL:
- s->osc = value & 7;
- break;
-
- case MENELAUS_DETECT_CTRL:
- s->detect = value & 0x7f;
- break;
-
- case MENELAUS_INT_MASK1:
- s->mask &= 0xf00;
- s->mask |= value << 0;
- menelaus_update(s);
- break;
- case MENELAUS_INT_MASK2:
- s->mask &= 0x0ff;
- s->mask |= value << 8;
- menelaus_update(s);
- break;
-
- case MENELAUS_INT_ACK1:
- s->status &= ~(((uint16_t) value) << 0);
- menelaus_update(s);
- break;
- case MENELAUS_INT_ACK2:
- s->status &= ~(((uint16_t) value) << 8);
- menelaus_update(s);
- break;
-
- case MENELAUS_GPIO_CTRL:
- for (line = 0; line < 3; line ++) {
- if (((s->dir ^ value) >> line) & 1) {
- qemu_set_irq(s->out[line],
- ((s->outputs & ~s->dir) >> line) & 1);
- }
- }
- s->dir = value & 0x67;
- break;
- case MENELAUS_GPIO_OUT:
- for (line = 0; line < 3; line ++) {
- if ((((s->outputs ^ value) & ~s->dir) >> line) & 1) {
- qemu_set_irq(s->out[line], (s->outputs >> line) & 1);
- }
- }
- s->outputs = value & 0x07;
- break;
-
- case MENELAUS_BBSMS:
- s->bbsms = 0x0d;
- break;
-
- case MENELAUS_RTC_CTRL:
- if ((s->rtc.ctrl ^ value) & 1) { /* RTC_EN */
- if (value & 1)
- menelaus_rtc_start(s);
- else
- menelaus_rtc_stop(s);
- }
- s->rtc.ctrl = value & 0x1f;
- menelaus_alm_update(s);
- break;
- case MENELAUS_RTC_UPDATE:
- menelaus_rtc_update(s);
- memcpy(&tm, &s->rtc.tm, sizeof(tm));
- switch (value & 0xf) {
- case 0:
- break;
- case 1:
- tm.tm_sec = s->rtc.new.tm_sec;
- break;
- case 2:
- tm.tm_min = s->rtc.new.tm_min;
- break;
- case 3:
- if (s->rtc.new.tm_hour > 23)
- goto rtc_badness;
- tm.tm_hour = s->rtc.new.tm_hour;
- break;
- case 4:
- if (s->rtc.new.tm_mday < 1)
- goto rtc_badness;
- /* TODO check range */
- tm.tm_mday = s->rtc.new.tm_mday;
- break;
- case 5:
- if (s->rtc.new.tm_mon < 0 || s->rtc.new.tm_mon > 11)
- goto rtc_badness;
- tm.tm_mon = s->rtc.new.tm_mon;
- break;
- case 6:
- tm.tm_year = s->rtc.new.tm_year;
- break;
- case 7:
- /* TODO set .tm_mday instead */
- tm.tm_wday = s->rtc.new.tm_wday;
- break;
- case 8:
- if (s->rtc.new.tm_hour > 23)
- goto rtc_badness;
- if (s->rtc.new.tm_mday < 1)
- goto rtc_badness;
- if (s->rtc.new.tm_mon < 0 || s->rtc.new.tm_mon > 11)
- goto rtc_badness;
- tm.tm_sec = s->rtc.new.tm_sec;
- tm.tm_min = s->rtc.new.tm_min;
- tm.tm_hour = s->rtc.new.tm_hour;
- tm.tm_mday = s->rtc.new.tm_mday;
- tm.tm_mon = s->rtc.new.tm_mon;
- tm.tm_year = s->rtc.new.tm_year;
- break;
- rtc_badness:
- default:
- fprintf(stderr, "%s: bad RTC_UPDATE value %02x\n",
- __FUNCTION__, value);
- s->status |= 1 << 10; /* RTCERR */
- menelaus_update(s);
- }
- s->rtc.sec_offset = qemu_timedate_diff(&tm);
- break;
- case MENELAUS_RTC_SEC:
- s->rtc.tm.tm_sec = from_bcd(value & 0x7f);
- break;
- case MENELAUS_RTC_MIN:
- s->rtc.tm.tm_min = from_bcd(value & 0x7f);
- break;
- case MENELAUS_RTC_HR:
- s->rtc.tm.tm_hour = (s->rtc.ctrl & (1 << 2)) ? /* MODE12_n24 */
- MIN(from_bcd(value & 0x3f), 12) + ((value >> 7) ? 11 : -1) :
- from_bcd(value & 0x3f);
- break;
- case MENELAUS_RTC_DAY:
- s->rtc.tm.tm_mday = from_bcd(value);
- break;
- case MENELAUS_RTC_MON:
- s->rtc.tm.tm_mon = MAX(1, from_bcd(value)) - 1;
- break;
- case MENELAUS_RTC_YR:
- s->rtc.tm.tm_year = 2000 + from_bcd(value);
- break;
- case MENELAUS_RTC_WKDAY:
- s->rtc.tm.tm_mday = from_bcd(value);
- break;
- case MENELAUS_RTC_AL_SEC:
- s->rtc.alm.tm_sec = from_bcd(value & 0x7f);
- menelaus_alm_update(s);
- break;
- case MENELAUS_RTC_AL_MIN:
- s->rtc.alm.tm_min = from_bcd(value & 0x7f);
- menelaus_alm_update(s);
- break;
- case MENELAUS_RTC_AL_HR:
- s->rtc.alm.tm_hour = (s->rtc.ctrl & (1 << 2)) ? /* MODE12_n24 */
- MIN(from_bcd(value & 0x3f), 12) + ((value >> 7) ? 11 : -1) :
- from_bcd(value & 0x3f);
- menelaus_alm_update(s);
- break;
- case MENELAUS_RTC_AL_DAY:
- s->rtc.alm.tm_mday = from_bcd(value);
- menelaus_alm_update(s);
- break;
- case MENELAUS_RTC_AL_MON:
- s->rtc.alm.tm_mon = MAX(1, from_bcd(value)) - 1;
- menelaus_alm_update(s);
- break;
- case MENELAUS_RTC_AL_YR:
- s->rtc.alm.tm_year = 2000 + from_bcd(value);
- menelaus_alm_update(s);
- break;
- case MENELAUS_RTC_COMP_MSB:
- s->rtc.comp &= 0xff;
- s->rtc.comp |= value << 8;
- break;
- case MENELAUS_RTC_COMP_LSB:
- s->rtc.comp &= 0xff << 8;
- s->rtc.comp |= value;
- break;
-
- case MENELAUS_S1_PULL_EN:
- s->pull[0] = value;
- break;
- case MENELAUS_S1_PULL_DIR:
- s->pull[1] = value & 0x1f;
- break;
- case MENELAUS_S2_PULL_EN:
- s->pull[2] = value;
- break;
- case MENELAUS_S2_PULL_DIR:
- s->pull[3] = value & 0x1f;
- break;
-
- case MENELAUS_MCT_CTRL1:
- s->mmc_ctrl[0] = value & 0x7f;
- break;
- case MENELAUS_MCT_CTRL2:
- s->mmc_ctrl[1] = value;
- /* TODO update Card Detect interrupts */
- break;
- case MENELAUS_MCT_CTRL3:
- s->mmc_ctrl[2] = value & 0xf;
- break;
- case MENELAUS_DEBOUNCE1:
- s->mmc_debounce = value & 0x3f;
- break;
-
- default:
-#ifdef VERBOSE
- printf("%s: unknown register %02x\n", __FUNCTION__, addr);
-#endif
- }
-}
-
-static void menelaus_event(I2CSlave *i2c, enum i2c_event event)
-{
- MenelausState *s = (MenelausState *) i2c;
-
- if (event == I2C_START_SEND)
- s->firstbyte = 1;
-}
-
-static int menelaus_tx(I2CSlave *i2c, uint8_t data)
-{
- MenelausState *s = (MenelausState *) i2c;
- /* Interpret register address byte */
- if (s->firstbyte) {
- s->reg = data;
- s->firstbyte = 0;
- } else
- menelaus_write(s, s->reg ++, data);
-
- return 0;
-}
-
-static int menelaus_rx(I2CSlave *i2c)
-{
- MenelausState *s = (MenelausState *) i2c;
-
- return menelaus_read(s, s->reg ++);
-}
-
-/* Save restore 32 bit int as uint16_t
- This is a Big hack, but it is how the old state did it.
- Or we broke compatibility in the state, or we can't use struct tm
- */
-
-static int get_int32_as_uint16(QEMUFile *f, void *pv, size_t size)
-{
- int *v = pv;
- *v = qemu_get_be16(f);
- return 0;
-}
-
-static void put_int32_as_uint16(QEMUFile *f, void *pv, size_t size)
-{
- int *v = pv;
- qemu_put_be16(f, *v);
-}
-
-static const VMStateInfo vmstate_hack_int32_as_uint16 = {
- .name = "int32_as_uint16",
- .get = get_int32_as_uint16,
- .put = put_int32_as_uint16,
-};
-
-#define VMSTATE_UINT16_HACK(_f, _s) \
- VMSTATE_SINGLE(_f, _s, 0, vmstate_hack_int32_as_uint16, int32_t)
-
-
-static const VMStateDescription vmstate_menelaus_tm = {
- .name = "menelaus_tm",
- .version_id = 0,
- .minimum_version_id = 0,
- .minimum_version_id_old = 0,
- .fields = (VMStateField []) {
- VMSTATE_UINT16_HACK(tm_sec, struct tm),
- VMSTATE_UINT16_HACK(tm_min, struct tm),
- VMSTATE_UINT16_HACK(tm_hour, struct tm),
- VMSTATE_UINT16_HACK(tm_mday, struct tm),
- VMSTATE_UINT16_HACK(tm_min, struct tm),
- VMSTATE_UINT16_HACK(tm_year, struct tm),
- VMSTATE_END_OF_LIST()
- }
-};
-
-static void menelaus_pre_save(void *opaque)
-{
- MenelausState *s = opaque;
- /* Should be <= 1000 */
- s->rtc_next_vmstate = s->rtc.next - qemu_get_clock_ms(rtc_clock);
-}
-
-static int menelaus_post_load(void *opaque, int version_id)
-{
- MenelausState *s = opaque;
-
- if (s->rtc.ctrl & 1) /* RTC_EN */
- menelaus_rtc_stop(s);
-
- s->rtc.next = s->rtc_next_vmstate;
-
- menelaus_alm_update(s);
- menelaus_update(s);
- if (s->rtc.ctrl & 1) /* RTC_EN */
- menelaus_rtc_start(s);
- return 0;
-}
-
-static const VMStateDescription vmstate_menelaus = {
- .name = "menelaus",
- .version_id = 0,
- .minimum_version_id = 0,
- .minimum_version_id_old = 0,
- .pre_save = menelaus_pre_save,
- .post_load = menelaus_post_load,
- .fields = (VMStateField []) {
- VMSTATE_INT32(firstbyte, MenelausState),
- VMSTATE_UINT8(reg, MenelausState),
- VMSTATE_UINT8_ARRAY(vcore, MenelausState, 5),
- VMSTATE_UINT8_ARRAY(dcdc, MenelausState, 3),
- VMSTATE_UINT8_ARRAY(ldo, MenelausState, 8),
- VMSTATE_UINT8_ARRAY(sleep, MenelausState, 2),
- VMSTATE_UINT8(osc, MenelausState),
- VMSTATE_UINT8(detect, MenelausState),
- VMSTATE_UINT16(mask, MenelausState),
- VMSTATE_UINT16(status, MenelausState),
- VMSTATE_UINT8(dir, MenelausState),
- VMSTATE_UINT8(inputs, MenelausState),
- VMSTATE_UINT8(outputs, MenelausState),
- VMSTATE_UINT8(bbsms, MenelausState),
- VMSTATE_UINT8_ARRAY(pull, MenelausState, 4),
- VMSTATE_UINT8_ARRAY(mmc_ctrl, MenelausState, 3),
- VMSTATE_UINT8(mmc_debounce, MenelausState),
- VMSTATE_UINT8(rtc.ctrl, MenelausState),
- VMSTATE_UINT16(rtc.comp, MenelausState),
- VMSTATE_UINT16(rtc_next_vmstate, MenelausState),
- VMSTATE_STRUCT(rtc.new, MenelausState, 0, vmstate_menelaus_tm,
- struct tm),
- VMSTATE_STRUCT(rtc.alm, MenelausState, 0, vmstate_menelaus_tm,
- struct tm),
- VMSTATE_UINT8(pwrbtn_state, MenelausState),
- VMSTATE_I2C_SLAVE(i2c, MenelausState),
- VMSTATE_END_OF_LIST()
- }
-};
-
-static int twl92230_init(I2CSlave *i2c)
-{
- MenelausState *s = FROM_I2C_SLAVE(MenelausState, i2c);
-
- s->rtc.hz_tm = qemu_new_timer_ms(rtc_clock, menelaus_rtc_hz, s);
- /* Three output pins plus one interrupt pin. */
- qdev_init_gpio_out(&i2c->qdev, s->out, 4);
-
- /* Three input pins plus one power-button pin. */
- qdev_init_gpio_in(&i2c->qdev, menelaus_gpio_set, 4);
-
- menelaus_reset(&s->i2c);
-
- return 0;
-}
-
-static void twl92230_class_init(ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS(klass);
- I2CSlaveClass *sc = I2C_SLAVE_CLASS(klass);
-
- sc->init = twl92230_init;
- sc->event = menelaus_event;
- sc->recv = menelaus_rx;
- sc->send = menelaus_tx;
- dc->vmsd = &vmstate_menelaus;
-}
-
-static TypeInfo twl92230_info = {
- .name = "twl92230",
- .parent = TYPE_I2C_SLAVE,
- .instance_size = sizeof(MenelausState),
- .class_init = twl92230_class_init,
-};
-
-static void twl92230_register_types(void)
-{
- type_register_static(&twl92230_info);
-}
-
-type_init(twl92230_register_types)
diff --git a/hw/unicore32/Makefile.objs b/hw/unicore32/Makefile.objs
index 0725ce3ca..e0fd62852 100644
--- a/hw/unicore32/Makefile.objs
+++ b/hw/unicore32/Makefile.objs
@@ -2,5 +2,3 @@
# PKUnity-v3 SoC and board information
obj-${CONFIG_PUV3} += puv3.o
-
-obj-y := $(addprefix ../,$(obj-y))
diff --git a/hw/unicore32/puv3.c b/hw/unicore32/puv3.c
new file mode 100644
index 000000000..5ff0dc9a0
--- /dev/null
+++ b/hw/unicore32/puv3.c
@@ -0,0 +1,139 @@
+/*
+ * Generic PKUnity SoC machine and board descriptor
+ *
+ * Copyright (C) 2010-2012 Guan Xuetao
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation, or any later version.
+ * See the COPYING file in the top-level directory.
+ */
+
+#include "qemu-common.h"
+#include "ui/console.h"
+#include "elf.h"
+#include "exec/address-spaces.h"
+#include "hw/sysbus.h"
+#include "hw/boards.h"
+#include "hw/loader.h"
+#include "hw/i386/pc.h"
+
+#undef DEBUG_PUV3
+#include "hw/unicore32/puv3.h"
+
+#define KERNEL_LOAD_ADDR 0x03000000
+#define KERNEL_MAX_SIZE 0x00800000 /* Just a guess */
+
+static void puv3_intc_cpu_handler(void *opaque, int irq, int level)
+{
+ UniCore32CPU *cpu = opaque;
+ CPUState *cs = CPU(cpu);
+
+ assert(irq == 0);
+ if (level) {
+ cpu_interrupt(cs, CPU_INTERRUPT_HARD);
+ } else {
+ cpu_reset_interrupt(cs, CPU_INTERRUPT_HARD);
+ }
+}
+
+static void puv3_soc_init(CPUUniCore32State *env)
+{
+ qemu_irq *cpu_intc, irqs[PUV3_IRQS_NR];
+ DeviceState *dev;
+ MemoryRegion *i8042 = g_new(MemoryRegion, 1);
+ int i;
+
+ /* Initialize interrupt controller */
+ cpu_intc = qemu_allocate_irqs(puv3_intc_cpu_handler,
+ uc32_env_get_cpu(env), 1);
+ dev = sysbus_create_simple("puv3_intc", PUV3_INTC_BASE, *cpu_intc);
+ for (i = 0; i < PUV3_IRQS_NR; i++) {
+ irqs[i] = qdev_get_gpio_in(dev, i);
+ }
+
+ /* Initialize minimal necessary devices for kernel booting */
+ sysbus_create_simple("puv3_pm", PUV3_PM_BASE, NULL);
+ sysbus_create_simple("puv3_dma", PUV3_DMA_BASE, NULL);
+ sysbus_create_simple("puv3_ost", PUV3_OST_BASE, irqs[PUV3_IRQS_OST0]);
+ sysbus_create_varargs("puv3_gpio", PUV3_GPIO_BASE,
+ irqs[PUV3_IRQS_GPIOLOW0], irqs[PUV3_IRQS_GPIOLOW1],
+ irqs[PUV3_IRQS_GPIOLOW2], irqs[PUV3_IRQS_GPIOLOW3],
+ irqs[PUV3_IRQS_GPIOLOW4], irqs[PUV3_IRQS_GPIOLOW5],
+ irqs[PUV3_IRQS_GPIOLOW6], irqs[PUV3_IRQS_GPIOLOW7],
+ irqs[PUV3_IRQS_GPIOHIGH], NULL);
+
+ /* Keyboard (i8042), mouse disabled for nographic */
+ i8042_mm_init(irqs[PUV3_IRQS_PS2_KBD], NULL, i8042, PUV3_REGS_OFFSET, 4);
+ memory_region_add_subregion(get_system_memory(), PUV3_PS2_BASE, i8042);
+}
+
+static void puv3_board_init(CPUUniCore32State *env, ram_addr_t ram_size)
+{
+ MemoryRegion *ram_memory = g_new(MemoryRegion, 1);
+
+ /* SDRAM at address zero. */
+ memory_region_init_ram(ram_memory, NULL, "puv3.ram", ram_size);
+ vmstate_register_ram_global(ram_memory);
+ memory_region_add_subregion(get_system_memory(), 0, ram_memory);
+}
+
+static const GraphicHwOps no_ops;
+
+static void puv3_load_kernel(const char *kernel_filename)
+{
+ int size;
+
+ assert(kernel_filename != NULL);
+
+ /* only zImage format supported */
+ size = load_image_targphys(kernel_filename, KERNEL_LOAD_ADDR,
+ KERNEL_MAX_SIZE);
+ if (size < 0) {
+ hw_error("Load kernel error: '%s'\n", kernel_filename);
+ }
+
+ /* cheat curses that we have a graphic console, only under ocd console */
+ graphic_console_init(NULL, &no_ops, NULL);
+}
+
+static void puv3_init(QEMUMachineInitArgs *args)
+{
+ ram_addr_t ram_size = args->ram_size;
+ const char *cpu_model = args->cpu_model;
+ const char *kernel_filename = args->kernel_filename;
+ const char *initrd_filename = args->initrd_filename;
+ CPUUniCore32State *env;
+
+ if (initrd_filename) {
+ hw_error("Please use kernel built-in initramdisk.\n");
+ }
+
+ if (!cpu_model) {
+ cpu_model = "UniCore-II";
+ }
+
+ env = cpu_init(cpu_model);
+ if (!env) {
+ hw_error("Unable to find CPU definition\n");
+ }
+
+ puv3_soc_init(env);
+ puv3_board_init(env, ram_size);
+ puv3_load_kernel(kernel_filename);
+}
+
+static QEMUMachine puv3_machine = {
+ .name = "puv3",
+ .desc = "PKUnity Version-3 based on UniCore32",
+ .init = puv3_init,
+ .is_default = 1,
+ DEFAULT_MACHINE_OPTIONS,
+};
+
+static void puv3_machine_init(void)
+{
+ qemu_register_machine(&puv3_machine);
+}
+
+machine_init(puv3_machine_init)
diff --git a/hw/unin_pci.c b/hw/unin_pci.c
deleted file mode 100644
index 9981d949d..000000000
--- a/hw/unin_pci.c
+++ /dev/null
@@ -1,492 +0,0 @@
-/*
- * QEMU Uninorth PCI host (for all Mac99 and newer machines)
- *
- * Copyright (c) 2006 Fabrice Bellard
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
- * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
- * THE SOFTWARE.
- */
-#include "hw.h"
-#include "ppc_mac.h"
-#include "pci.h"
-#include "pci_host.h"
-
-/* debug UniNorth */
-//#define DEBUG_UNIN
-
-#ifdef DEBUG_UNIN
-#define UNIN_DPRINTF(fmt, ...) \
- do { printf("UNIN: " fmt , ## __VA_ARGS__); } while (0)
-#else
-#define UNIN_DPRINTF(fmt, ...)
-#endif
-
-static const int unin_irq_line[] = { 0x1b, 0x1c, 0x1d, 0x1e };
-
-#define TYPE_UNI_NORTH_PCI_HOST_BRIDGE "uni-north-pci-pcihost"
-#define TYPE_UNI_NORTH_AGP_HOST_BRIDGE "uni-north-agp-pcihost"
-#define TYPE_UNI_NORTH_INTERNAL_PCI_HOST_BRIDGE "uni-north-internal-pci-pcihost"
-#define TYPE_U3_AGP_HOST_BRIDGE "u3-agp-pcihost"
-
-#define UNI_NORTH_PCI_HOST_BRIDGE(obj) \
- OBJECT_CHECK(UNINState, (obj), TYPE_UNI_NORTH_PCI_HOST_BRIDGE)
-#define UNI_NORTH_AGP_HOST_BRIDGE(obj) \
- OBJECT_CHECK(UNINState, (obj), TYPE_UNI_NORTH_AGP_HOST_BRIDGE)
-#define UNI_NORTH_INTERNAL_PCI_HOST_BRIDGE(obj) \
- OBJECT_CHECK(UNINState, (obj), TYPE_UNI_NORTH_INTERNAL_PCI_HOST_BRIDGE)
-#define U3_AGP_HOST_BRIDGE(obj) \
- OBJECT_CHECK(UNINState, (obj), TYPE_U3_AGP_HOST_BRIDGE)
-
-typedef struct UNINState {
- PCIHostState parent_obj;
-
- MemoryRegion pci_mmio;
- MemoryRegion pci_hole;
-} UNINState;
-
-static int pci_unin_map_irq(PCIDevice *pci_dev, int irq_num)
-{
- int retval;
- int devfn = pci_dev->devfn & 0x00FFFFFF;
-
- retval = (((devfn >> 11) & 0x1F) + irq_num) & 3;
-
- return retval;
-}
-
-static void pci_unin_set_irq(void *opaque, int irq_num, int level)
-{
- qemu_irq *pic = opaque;
-
- UNIN_DPRINTF("%s: setting INT %d = %d\n", __func__,
- unin_irq_line[irq_num], level);
- qemu_set_irq(pic[unin_irq_line[irq_num]], level);
-}
-
-static uint32_t unin_get_config_reg(uint32_t reg, uint32_t addr)
-{
- uint32_t retval;
-
- if (reg & (1u << 31)) {
- /* XXX OpenBIOS compatibility hack */
- retval = reg | (addr & 3);
- } else if (reg & 1) {
- /* CFA1 style */
- retval = (reg & ~7u) | (addr & 7);
- } else {
- uint32_t slot, func;
-
- /* Grab CFA0 style values */
- slot = ffs(reg & 0xfffff800) - 1;
- func = (reg >> 8) & 7;
-
- /* ... and then convert them to x86 format */
- /* config pointer */
- retval = (reg & (0xff - 7)) | (addr & 7);
- /* slot */
- retval |= slot << 11;
- /* fn */
- retval |= func << 8;
- }
-
-
- UNIN_DPRINTF("Converted config space accessor %08x/%08x -> %08x\n",
- reg, addr, retval);
-
- return retval;
-}
-
-static void unin_data_write(void *opaque, hwaddr addr,
- uint64_t val, unsigned len)
-{
- UNINState *s = opaque;
- PCIHostState *phb = PCI_HOST_BRIDGE(s);
- UNIN_DPRINTF("write addr %" TARGET_FMT_plx " len %d val %"PRIx64"\n",
- addr, len, val);
- pci_data_write(phb->bus,
- unin_get_config_reg(phb->config_reg, addr),
- val, len);
-}
-
-static uint64_t unin_data_read(void *opaque, hwaddr addr,
- unsigned len)
-{
- UNINState *s = opaque;
- PCIHostState *phb = PCI_HOST_BRIDGE(s);
- uint32_t val;
-
- val = pci_data_read(phb->bus,
- unin_get_config_reg(phb->config_reg, addr),
- len);
- UNIN_DPRINTF("read addr %" TARGET_FMT_plx " len %d val %x\n",
- addr, len, val);
- return val;
-}
-
-static const MemoryRegionOps unin_data_ops = {
- .read = unin_data_read,
- .write = unin_data_write,
- .endianness = DEVICE_LITTLE_ENDIAN,
-};
-
-static int pci_unin_main_init_device(SysBusDevice *dev)
-{
- PCIHostState *h;
-
- /* Use values found on a real PowerMac */
- /* Uninorth main bus */
- h = PCI_HOST_BRIDGE(dev);
-
- memory_region_init_io(&h->conf_mem, &pci_host_conf_le_ops,
- dev, "pci-conf-idx", 0x1000);
- memory_region_init_io(&h->data_mem, &unin_data_ops, dev,
- "pci-conf-data", 0x1000);
- sysbus_init_mmio(dev, &h->conf_mem);
- sysbus_init_mmio(dev, &h->data_mem);
-
- return 0;
-}
-
-
-static int pci_u3_agp_init_device(SysBusDevice *dev)
-{
- PCIHostState *h;
-
- /* Uninorth U3 AGP bus */
- h = PCI_HOST_BRIDGE(dev);
-
- memory_region_init_io(&h->conf_mem, &pci_host_conf_le_ops,
- dev, "pci-conf-idx", 0x1000);
- memory_region_init_io(&h->data_mem, &unin_data_ops, dev,
- "pci-conf-data", 0x1000);
- sysbus_init_mmio(dev, &h->conf_mem);
- sysbus_init_mmio(dev, &h->data_mem);
-
- return 0;
-}
-
-static int pci_unin_agp_init_device(SysBusDevice *dev)
-{
- PCIHostState *h;
-
- /* Uninorth AGP bus */
- h = PCI_HOST_BRIDGE(dev);
-
- memory_region_init_io(&h->conf_mem, &pci_host_conf_le_ops,
- dev, "pci-conf-idx", 0x1000);
- memory_region_init_io(&h->data_mem, &pci_host_data_le_ops,
- dev, "pci-conf-data", 0x1000);
- sysbus_init_mmio(dev, &h->conf_mem);
- sysbus_init_mmio(dev, &h->data_mem);
- return 0;
-}
-
-static int pci_unin_internal_init_device(SysBusDevice *dev)
-{
- PCIHostState *h;
-
- /* Uninorth internal bus */
- h = PCI_HOST_BRIDGE(dev);
-
- memory_region_init_io(&h->conf_mem, &pci_host_conf_le_ops,
- dev, "pci-conf-idx", 0x1000);
- memory_region_init_io(&h->data_mem, &pci_host_data_le_ops,
- dev, "pci-conf-data", 0x1000);
- sysbus_init_mmio(dev, &h->conf_mem);
- sysbus_init_mmio(dev, &h->data_mem);
- return 0;
-}
-
-PCIBus *pci_pmac_init(qemu_irq *pic,
- MemoryRegion *address_space_mem,
- MemoryRegion *address_space_io)
-{
- DeviceState *dev;
- SysBusDevice *s;
- PCIHostState *h;
- UNINState *d;
-
- /* Use values found on a real PowerMac */
- /* Uninorth main bus */
- dev = qdev_create(NULL, TYPE_UNI_NORTH_PCI_HOST_BRIDGE);
- qdev_init_nofail(dev);
- s = SYS_BUS_DEVICE(dev);
- h = PCI_HOST_BRIDGE(s);
- d = UNI_NORTH_PCI_HOST_BRIDGE(dev);
- memory_region_init(&d->pci_mmio, "pci-mmio", 0x100000000ULL);
- memory_region_init_alias(&d->pci_hole, "pci-hole", &d->pci_mmio,
- 0x80000000ULL, 0x70000000ULL);
- memory_region_add_subregion(address_space_mem, 0x80000000ULL,
- &d->pci_hole);
-
- h->bus = pci_register_bus(dev, "pci",
- pci_unin_set_irq, pci_unin_map_irq,
- pic,
- &d->pci_mmio,
- address_space_io,
- PCI_DEVFN(11, 0), 4);
-
-#if 0
- pci_create_simple(h->bus, PCI_DEVFN(11, 0), "uni-north");
-#endif
-
- sysbus_mmio_map(s, 0, 0xf2800000);
- sysbus_mmio_map(s, 1, 0xf2c00000);
-
- /* DEC 21154 bridge */
-#if 0
- /* XXX: not activated as PPC BIOS doesn't handle multiple buses properly */
- pci_create_simple(h->bus, PCI_DEVFN(12, 0), "dec-21154");
-#endif
-
- /* Uninorth AGP bus */
- pci_create_simple(h->bus, PCI_DEVFN(11, 0), "uni-north-agp");
- dev = qdev_create(NULL, TYPE_UNI_NORTH_AGP_HOST_BRIDGE);
- qdev_init_nofail(dev);
- s = SYS_BUS_DEVICE(dev);
- sysbus_mmio_map(s, 0, 0xf0800000);
- sysbus_mmio_map(s, 1, 0xf0c00000);
-
- /* Uninorth internal bus */
-#if 0
- /* XXX: not needed for now */
- pci_create_simple(h->bus, PCI_DEVFN(14, 0),
- "uni-north-internal-pci");
- dev = qdev_create(NULL, TYPE_UNI_NORTH_INTERNAL_PCI_HOST_BRIDGE);
- qdev_init_nofail(dev);
- s = SYS_BUS_DEVICE(dev);
- sysbus_mmio_map(s, 0, 0xf4800000);
- sysbus_mmio_map(s, 1, 0xf4c00000);
-#endif
-
- return h->bus;
-}
-
-PCIBus *pci_pmac_u3_init(qemu_irq *pic,
- MemoryRegion *address_space_mem,
- MemoryRegion *address_space_io)
-{
- DeviceState *dev;
- SysBusDevice *s;
- PCIHostState *h;
- UNINState *d;
-
- /* Uninorth AGP bus */
-
- dev = qdev_create(NULL, TYPE_U3_AGP_HOST_BRIDGE);
- qdev_init_nofail(dev);
- s = SYS_BUS_DEVICE(dev);
- h = PCI_HOST_BRIDGE(dev);
- d = U3_AGP_HOST_BRIDGE(dev);
-
- memory_region_init(&d->pci_mmio, "pci-mmio", 0x100000000ULL);
- memory_region_init_alias(&d->pci_hole, "pci-hole", &d->pci_mmio,
- 0x80000000ULL, 0x70000000ULL);
- memory_region_add_subregion(address_space_mem, 0x80000000ULL,
- &d->pci_hole);
-
- h->bus = pci_register_bus(dev, "pci",
- pci_unin_set_irq, pci_unin_map_irq,
- pic,
- &d->pci_mmio,
- address_space_io,
- PCI_DEVFN(11, 0), 4);
-
- sysbus_mmio_map(s, 0, 0xf0800000);
- sysbus_mmio_map(s, 1, 0xf0c00000);
-
- pci_create_simple(h->bus, 11 << 3, "u3-agp");
-
- return h->bus;
-}
-
-static int unin_main_pci_host_init(PCIDevice *d)
-{
- d->config[0x0C] = 0x08; // cache_line_size
- d->config[0x0D] = 0x10; // latency_timer
- d->config[0x34] = 0x00; // capabilities_pointer
- return 0;
-}
-
-static int unin_agp_pci_host_init(PCIDevice *d)
-{
- d->config[0x0C] = 0x08; // cache_line_size
- d->config[0x0D] = 0x10; // latency_timer
- // d->config[0x34] = 0x80; // capabilities_pointer
- return 0;
-}
-
-static int u3_agp_pci_host_init(PCIDevice *d)
-{
- /* cache line size */
- d->config[0x0C] = 0x08;
- /* latency timer */
- d->config[0x0D] = 0x10;
- return 0;
-}
-
-static int unin_internal_pci_host_init(PCIDevice *d)
-{
- d->config[0x0C] = 0x08; // cache_line_size
- d->config[0x0D] = 0x10; // latency_timer
- d->config[0x34] = 0x00; // capabilities_pointer
- return 0;
-}
-
-static void unin_main_pci_host_class_init(ObjectClass *klass, void *data)
-{
- PCIDeviceClass *k = PCI_DEVICE_CLASS(klass);
-
- k->init = unin_main_pci_host_init;
- k->vendor_id = PCI_VENDOR_ID_APPLE;
- k->device_id = PCI_DEVICE_ID_APPLE_UNI_N_PCI;
- k->revision = 0x00;
- k->class_id = PCI_CLASS_BRIDGE_HOST;
-}
-
-static const TypeInfo unin_main_pci_host_info = {
- .name = "uni-north-pci",
- .parent = TYPE_PCI_DEVICE,
- .instance_size = sizeof(PCIDevice),
- .class_init = unin_main_pci_host_class_init,
-};
-
-static void u3_agp_pci_host_class_init(ObjectClass *klass, void *data)
-{
- PCIDeviceClass *k = PCI_DEVICE_CLASS(klass);
-
- k->init = u3_agp_pci_host_init;
- k->vendor_id = PCI_VENDOR_ID_APPLE;
- k->device_id = PCI_DEVICE_ID_APPLE_U3_AGP;
- k->revision = 0x00;
- k->class_id = PCI_CLASS_BRIDGE_HOST;
-}
-
-static const TypeInfo u3_agp_pci_host_info = {
- .name = "u3-agp",
- .parent = TYPE_PCI_DEVICE,
- .instance_size = sizeof(PCIDevice),
- .class_init = u3_agp_pci_host_class_init,
-};
-
-static void unin_agp_pci_host_class_init(ObjectClass *klass, void *data)
-{
- PCIDeviceClass *k = PCI_DEVICE_CLASS(klass);
-
- k->init = unin_agp_pci_host_init;
- k->vendor_id = PCI_VENDOR_ID_APPLE;
- k->device_id = PCI_DEVICE_ID_APPLE_UNI_N_AGP;
- k->revision = 0x00;
- k->class_id = PCI_CLASS_BRIDGE_HOST;
-}
-
-static const TypeInfo unin_agp_pci_host_info = {
- .name = "uni-north-agp",
- .parent = TYPE_PCI_DEVICE,
- .instance_size = sizeof(PCIDevice),
- .class_init = unin_agp_pci_host_class_init,
-};
-
-static void unin_internal_pci_host_class_init(ObjectClass *klass, void *data)
-{
- PCIDeviceClass *k = PCI_DEVICE_CLASS(klass);
-
- k->init = unin_internal_pci_host_init;
- k->vendor_id = PCI_VENDOR_ID_APPLE;
- k->device_id = PCI_DEVICE_ID_APPLE_UNI_N_I_PCI;
- k->revision = 0x00;
- k->class_id = PCI_CLASS_BRIDGE_HOST;
-}
-
-static const TypeInfo unin_internal_pci_host_info = {
- .name = "uni-north-internal-pci",
- .parent = TYPE_PCI_DEVICE,
- .instance_size = sizeof(PCIDevice),
- .class_init = unin_internal_pci_host_class_init,
-};
-
-static void pci_unin_main_class_init(ObjectClass *klass, void *data)
-{
- SysBusDeviceClass *sbc = SYS_BUS_DEVICE_CLASS(klass);
-
- sbc->init = pci_unin_main_init_device;
-}
-
-static const TypeInfo pci_unin_main_info = {
- .name = TYPE_UNI_NORTH_PCI_HOST_BRIDGE,
- .parent = TYPE_PCI_HOST_BRIDGE,
- .instance_size = sizeof(UNINState),
- .class_init = pci_unin_main_class_init,
-};
-
-static void pci_u3_agp_class_init(ObjectClass *klass, void *data)
-{
- SysBusDeviceClass *sbc = SYS_BUS_DEVICE_CLASS(klass);
-
- sbc->init = pci_u3_agp_init_device;
-}
-
-static const TypeInfo pci_u3_agp_info = {
- .name = TYPE_U3_AGP_HOST_BRIDGE,
- .parent = TYPE_PCI_HOST_BRIDGE,
- .instance_size = sizeof(UNINState),
- .class_init = pci_u3_agp_class_init,
-};
-
-static void pci_unin_agp_class_init(ObjectClass *klass, void *data)
-{
- SysBusDeviceClass *sbc = SYS_BUS_DEVICE_CLASS(klass);
-
- sbc->init = pci_unin_agp_init_device;
-}
-
-static const TypeInfo pci_unin_agp_info = {
- .name = TYPE_UNI_NORTH_AGP_HOST_BRIDGE,
- .parent = TYPE_PCI_HOST_BRIDGE,
- .instance_size = sizeof(UNINState),
- .class_init = pci_unin_agp_class_init,
-};
-
-static void pci_unin_internal_class_init(ObjectClass *klass, void *data)
-{
- SysBusDeviceClass *sbc = SYS_BUS_DEVICE_CLASS(klass);
-
- sbc->init = pci_unin_internal_init_device;
-}
-
-static const TypeInfo pci_unin_internal_info = {
- .name = TYPE_UNI_NORTH_INTERNAL_PCI_HOST_BRIDGE,
- .parent = TYPE_PCI_HOST_BRIDGE,
- .instance_size = sizeof(UNINState),
- .class_init = pci_unin_internal_class_init,
-};
-
-static void unin_register_types(void)
-{
- type_register_static(&unin_main_pci_host_info);
- type_register_static(&u3_agp_pci_host_info);
- type_register_static(&unin_agp_pci_host_info);
- type_register_static(&unin_internal_pci_host_info);
-
- type_register_static(&pci_unin_main_info);
- type_register_static(&pci_u3_agp_info);
- type_register_static(&pci_unin_agp_info);
- type_register_static(&pci_unin_internal_info);
-}
-
-type_init(unin_register_types)
diff --git a/hw/usb.h b/hw/usb.h
deleted file mode 100644
index 7d6de69ec..000000000
--- a/hw/usb.h
+++ /dev/null
@@ -1,547 +0,0 @@
-#ifndef QEMU_USB_H
-#define QEMU_USB_H
-
-/*
- * QEMU USB API
- *
- * Copyright (c) 2005 Fabrice Bellard
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
- * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
- * THE SOFTWARE.
- */
-
-#include "qdev.h"
-#include "qemu-queue.h"
-
-/* Constants related to the USB / PCI interaction */
-#define USB_SBRN 0x60 /* Serial Bus Release Number Register */
-#define USB_RELEASE_1 0x10 /* USB 1.0 */
-#define USB_RELEASE_2 0x20 /* USB 2.0 */
-#define USB_RELEASE_3 0x30 /* USB 3.0 */
-
-#define USB_TOKEN_SETUP 0x2d
-#define USB_TOKEN_IN 0x69 /* device -> host */
-#define USB_TOKEN_OUT 0xe1 /* host -> device */
-
-#define USB_RET_SUCCESS (0)
-#define USB_RET_NODEV (-1)
-#define USB_RET_NAK (-2)
-#define USB_RET_STALL (-3)
-#define USB_RET_BABBLE (-4)
-#define USB_RET_IOERROR (-5)
-#define USB_RET_ASYNC (-6)
-#define USB_RET_ADD_TO_QUEUE (-7)
-#define USB_RET_REMOVE_FROM_QUEUE (-8)
-
-#define USB_SPEED_LOW 0
-#define USB_SPEED_FULL 1
-#define USB_SPEED_HIGH 2
-#define USB_SPEED_SUPER 3
-
-#define USB_SPEED_MASK_LOW (1 << USB_SPEED_LOW)
-#define USB_SPEED_MASK_FULL (1 << USB_SPEED_FULL)
-#define USB_SPEED_MASK_HIGH (1 << USB_SPEED_HIGH)
-#define USB_SPEED_MASK_SUPER (1 << USB_SPEED_SUPER)
-
-#define USB_STATE_NOTATTACHED 0
-#define USB_STATE_ATTACHED 1
-//#define USB_STATE_POWERED 2
-#define USB_STATE_DEFAULT 3
-//#define USB_STATE_ADDRESS 4
-//#define USB_STATE_CONFIGURED 5
-#define USB_STATE_SUSPENDED 6
-
-#define USB_CLASS_AUDIO 1
-#define USB_CLASS_COMM 2
-#define USB_CLASS_HID 3
-#define USB_CLASS_PHYSICAL 5
-#define USB_CLASS_STILL_IMAGE 6
-#define USB_CLASS_PRINTER 7
-#define USB_CLASS_MASS_STORAGE 8
-#define USB_CLASS_HUB 9
-#define USB_CLASS_CDC_DATA 0x0a
-#define USB_CLASS_CSCID 0x0b
-#define USB_CLASS_CONTENT_SEC 0x0d
-#define USB_CLASS_APP_SPEC 0xfe
-#define USB_CLASS_VENDOR_SPEC 0xff
-
-#define USB_SUBCLASS_UNDEFINED 0
-#define USB_SUBCLASS_AUDIO_CONTROL 1
-#define USB_SUBCLASS_AUDIO_STREAMING 2
-#define USB_SUBCLASS_AUDIO_MIDISTREAMING 3
-
-#define USB_DIR_OUT 0
-#define USB_DIR_IN 0x80
-
-#define USB_TYPE_MASK (0x03 << 5)
-#define USB_TYPE_STANDARD (0x00 << 5)
-#define USB_TYPE_CLASS (0x01 << 5)
-#define USB_TYPE_VENDOR (0x02 << 5)
-#define USB_TYPE_RESERVED (0x03 << 5)
-
-#define USB_RECIP_MASK 0x1f
-#define USB_RECIP_DEVICE 0x00
-#define USB_RECIP_INTERFACE 0x01
-#define USB_RECIP_ENDPOINT 0x02
-#define USB_RECIP_OTHER 0x03
-
-#define DeviceRequest ((USB_DIR_IN|USB_TYPE_STANDARD|USB_RECIP_DEVICE)<<8)
-#define DeviceOutRequest ((USB_DIR_OUT|USB_TYPE_STANDARD|USB_RECIP_DEVICE)<<8)
-#define InterfaceRequest \
- ((USB_DIR_IN|USB_TYPE_STANDARD|USB_RECIP_INTERFACE)<<8)
-#define InterfaceOutRequest \
- ((USB_DIR_OUT|USB_TYPE_STANDARD|USB_RECIP_INTERFACE)<<8)
-#define EndpointRequest ((USB_DIR_IN|USB_TYPE_STANDARD|USB_RECIP_ENDPOINT)<<8)
-#define EndpointOutRequest \
- ((USB_DIR_OUT|USB_TYPE_STANDARD|USB_RECIP_ENDPOINT)<<8)
-#define ClassInterfaceRequest \
- ((USB_DIR_IN|USB_TYPE_CLASS|USB_RECIP_INTERFACE)<<8)
-#define ClassInterfaceOutRequest \
- ((USB_DIR_OUT|USB_TYPE_CLASS|USB_RECIP_INTERFACE)<<8)
-
-#define USB_REQ_GET_STATUS 0x00
-#define USB_REQ_CLEAR_FEATURE 0x01
-#define USB_REQ_SET_FEATURE 0x03
-#define USB_REQ_SET_ADDRESS 0x05
-#define USB_REQ_GET_DESCRIPTOR 0x06
-#define USB_REQ_SET_DESCRIPTOR 0x07
-#define USB_REQ_GET_CONFIGURATION 0x08
-#define USB_REQ_SET_CONFIGURATION 0x09
-#define USB_REQ_GET_INTERFACE 0x0A
-#define USB_REQ_SET_INTERFACE 0x0B
-#define USB_REQ_SYNCH_FRAME 0x0C
-
-#define USB_DEVICE_SELF_POWERED 0
-#define USB_DEVICE_REMOTE_WAKEUP 1
-
-#define USB_DT_DEVICE 0x01
-#define USB_DT_CONFIG 0x02
-#define USB_DT_STRING 0x03
-#define USB_DT_INTERFACE 0x04
-#define USB_DT_ENDPOINT 0x05
-#define USB_DT_DEVICE_QUALIFIER 0x06
-#define USB_DT_OTHER_SPEED_CONFIG 0x07
-#define USB_DT_DEBUG 0x0A
-#define USB_DT_INTERFACE_ASSOC 0x0B
-#define USB_DT_BOS 0x0F
-#define USB_DT_DEVICE_CAPABILITY 0x10
-#define USB_DT_CS_INTERFACE 0x24
-#define USB_DT_CS_ENDPOINT 0x25
-#define USB_DT_ENDPOINT_COMPANION 0x30
-
-#define USB_DEV_CAP_WIRELESS 0x01
-#define USB_DEV_CAP_USB2_EXT 0x02
-#define USB_DEV_CAP_SUPERSPEED 0x03
-
-#define USB_ENDPOINT_XFER_CONTROL 0
-#define USB_ENDPOINT_XFER_ISOC 1
-#define USB_ENDPOINT_XFER_BULK 2
-#define USB_ENDPOINT_XFER_INT 3
-#define USB_ENDPOINT_XFER_INVALID 255
-
-#define USB_INTERFACE_INVALID 255
-
-typedef struct USBBus USBBus;
-typedef struct USBBusOps USBBusOps;
-typedef struct USBPort USBPort;
-typedef struct USBDevice USBDevice;
-typedef struct USBPacket USBPacket;
-typedef struct USBCombinedPacket USBCombinedPacket;
-typedef struct USBEndpoint USBEndpoint;
-
-typedef struct USBDesc USBDesc;
-typedef struct USBDescID USBDescID;
-typedef struct USBDescDevice USBDescDevice;
-typedef struct USBDescConfig USBDescConfig;
-typedef struct USBDescIfaceAssoc USBDescIfaceAssoc;
-typedef struct USBDescIface USBDescIface;
-typedef struct USBDescEndpoint USBDescEndpoint;
-typedef struct USBDescOther USBDescOther;
-typedef struct USBDescString USBDescString;
-
-struct USBDescString {
- uint8_t index;
- char *str;
- QLIST_ENTRY(USBDescString) next;
-};
-
-#define USB_MAX_ENDPOINTS 15
-#define USB_MAX_INTERFACES 16
-
-struct USBEndpoint {
- uint8_t nr;
- uint8_t pid;
- uint8_t type;
- uint8_t ifnum;
- int max_packet_size;
- bool pipeline;
- bool halted;
- USBDevice *dev;
- QTAILQ_HEAD(, USBPacket) queue;
-};
-
-enum USBDeviceFlags {
- USB_DEV_FLAG_FULL_PATH,
-};
-
-/* definition of a USB device */
-struct USBDevice {
- DeviceState qdev;
- USBPort *port;
- char *port_path;
- void *opaque;
- uint32_t flags;
-
- /* Actual connected speed */
- int speed;
- /* Supported speeds, not in info because it may be variable (hostdevs) */
- int speedmask;
- uint8_t addr;
- char product_desc[32];
- int auto_attach;
- int attached;
-
- int32_t state;
- uint8_t setup_buf[8];
- uint8_t data_buf[4096];
- int32_t remote_wakeup;
- int32_t setup_state;
- int32_t setup_len;
- int32_t setup_index;
-
- USBEndpoint ep_ctl;
- USBEndpoint ep_in[USB_MAX_ENDPOINTS];
- USBEndpoint ep_out[USB_MAX_ENDPOINTS];
-
- QLIST_HEAD(, USBDescString) strings;
- const USBDescDevice *device;
-
- int configuration;
- int ninterfaces;
- int altsetting[USB_MAX_INTERFACES];
- const USBDescConfig *config;
- const USBDescIface *ifaces[USB_MAX_INTERFACES];
-};
-
-#define TYPE_USB_DEVICE "usb-device"
-#define USB_DEVICE(obj) \
- OBJECT_CHECK(USBDevice, (obj), TYPE_USB_DEVICE)
-#define USB_DEVICE_CLASS(klass) \
- OBJECT_CLASS_CHECK(USBDeviceClass, (klass), TYPE_USB_DEVICE)
-#define USB_DEVICE_GET_CLASS(obj) \
- OBJECT_GET_CLASS(USBDeviceClass, (obj), TYPE_USB_DEVICE)
-
-typedef struct USBDeviceClass {
- DeviceClass parent_class;
-
- int (*init)(USBDevice *dev);
-
- /*
- * Walk (enabled) downstream ports, check for a matching device.
- * Only hubs implement this.
- */
- USBDevice *(*find_device)(USBDevice *dev, uint8_t addr);
-
- /*
- * Called when a packet is canceled.
- */
- void (*cancel_packet)(USBDevice *dev, USBPacket *p);
-
- /*
- * Called when device is destroyed.
- */
- void (*handle_destroy)(USBDevice *dev);
-
- /*
- * Attach the device
- */
- void (*handle_attach)(USBDevice *dev);
-
- /*
- * Reset the device
- */
- void (*handle_reset)(USBDevice *dev);
-
- /*
- * Process control request.
- * Called from handle_packet().
- *
- * Status gets stored in p->status, and if p->status == USB_RET_SUCCESS
- * then the number of bytes transfered is stored in p->actual_length
- */
- void (*handle_control)(USBDevice *dev, USBPacket *p, int request, int value,
- int index, int length, uint8_t *data);
-
- /*
- * Process data transfers (both BULK and ISOC).
- * Called from handle_packet().
- *
- * Status gets stored in p->status, and if p->status == USB_RET_SUCCESS
- * then the number of bytes transfered is stored in p->actual_length
- */
- void (*handle_data)(USBDevice *dev, USBPacket *p);
-
- void (*set_interface)(USBDevice *dev, int interface,
- int alt_old, int alt_new);
-
- /*
- * Called when the hcd is done queuing packets for an endpoint, only
- * necessary for devices which can return USB_RET_ADD_TO_QUEUE.
- */
- void (*flush_ep_queue)(USBDevice *dev, USBEndpoint *ep);
-
- const char *product_desc;
- const USBDesc *usb_desc;
-} USBDeviceClass;
-
-typedef struct USBPortOps {
- void (*attach)(USBPort *port);
- void (*detach)(USBPort *port);
- /*
- * This gets called when a device downstream from the device attached to
- * the port (iow attached through a hub) gets detached.
- */
- void (*child_detach)(USBPort *port, USBDevice *child);
- void (*wakeup)(USBPort *port);
- /*
- * Note that port->dev will be different then the device from which
- * the packet originated when a hub is involved.
- */
- void (*complete)(USBPort *port, USBPacket *p);
-} USBPortOps;
-
-/* USB port on which a device can be connected */
-struct USBPort {
- USBDevice *dev;
- int speedmask;
- char path[16];
- USBPortOps *ops;
- void *opaque;
- int index; /* internal port index, may be used with the opaque */
- QTAILQ_ENTRY(USBPort) next;
-};
-
-typedef void USBCallback(USBPacket * packet, void *opaque);
-
-typedef enum USBPacketState {
- USB_PACKET_UNDEFINED = 0,
- USB_PACKET_SETUP,
- USB_PACKET_QUEUED,
- USB_PACKET_ASYNC,
- USB_PACKET_COMPLETE,
- USB_PACKET_CANCELED,
-} USBPacketState;
-
-/* Structure used to hold information about an active USB packet. */
-struct USBPacket {
- /* Data fields for use by the driver. */
- int pid;
- uint64_t id;
- USBEndpoint *ep;
- QEMUIOVector iov;
- uint64_t parameter; /* control transfers */
- bool short_not_ok;
- bool int_req;
- int status; /* USB_RET_* status code */
- int actual_length; /* Number of bytes actually transfered */
- /* Internal use by the USB layer. */
- USBPacketState state;
- USBCombinedPacket *combined;
- QTAILQ_ENTRY(USBPacket) queue;
- QTAILQ_ENTRY(USBPacket) combined_entry;
-};
-
-struct USBCombinedPacket {
- USBPacket *first;
- QTAILQ_HEAD(packets_head, USBPacket) packets;
- QEMUIOVector iov;
-};
-
-void usb_packet_init(USBPacket *p);
-void usb_packet_set_state(USBPacket *p, USBPacketState state);
-void usb_packet_check_state(USBPacket *p, USBPacketState expected);
-void usb_packet_setup(USBPacket *p, int pid, USBEndpoint *ep, uint64_t id,
- bool short_not_ok, bool int_req);
-void usb_packet_addbuf(USBPacket *p, void *ptr, size_t len);
-int usb_packet_map(USBPacket *p, QEMUSGList *sgl);
-void usb_packet_unmap(USBPacket *p, QEMUSGList *sgl);
-void usb_packet_copy(USBPacket *p, void *ptr, size_t bytes);
-void usb_packet_skip(USBPacket *p, size_t bytes);
-void usb_packet_cleanup(USBPacket *p);
-
-static inline bool usb_packet_is_inflight(USBPacket *p)
-{
- return (p->state == USB_PACKET_QUEUED ||
- p->state == USB_PACKET_ASYNC);
-}
-
-USBDevice *usb_find_device(USBPort *port, uint8_t addr);
-
-void usb_handle_packet(USBDevice *dev, USBPacket *p);
-void usb_packet_complete(USBDevice *dev, USBPacket *p);
-void usb_packet_complete_one(USBDevice *dev, USBPacket *p);
-void usb_cancel_packet(USBPacket * p);
-
-void usb_ep_init(USBDevice *dev);
-void usb_ep_reset(USBDevice *dev);
-void usb_ep_dump(USBDevice *dev);
-struct USBEndpoint *usb_ep_get(USBDevice *dev, int pid, int ep);
-uint8_t usb_ep_get_type(USBDevice *dev, int pid, int ep);
-uint8_t usb_ep_get_ifnum(USBDevice *dev, int pid, int ep);
-void usb_ep_set_type(USBDevice *dev, int pid, int ep, uint8_t type);
-void usb_ep_set_ifnum(USBDevice *dev, int pid, int ep, uint8_t ifnum);
-void usb_ep_set_max_packet_size(USBDevice *dev, int pid, int ep,
- uint16_t raw);
-int usb_ep_get_max_packet_size(USBDevice *dev, int pid, int ep);
-void usb_ep_set_pipeline(USBDevice *dev, int pid, int ep, bool enabled);
-USBPacket *usb_ep_find_packet_by_id(USBDevice *dev, int pid, int ep,
- uint64_t id);
-
-void usb_ep_combine_input_packets(USBEndpoint *ep);
-void usb_combined_input_packet_complete(USBDevice *dev, USBPacket *p);
-void usb_combined_packet_cancel(USBDevice *dev, USBPacket *p);
-
-void usb_attach(USBPort *port);
-void usb_detach(USBPort *port);
-void usb_port_reset(USBPort *port);
-void usb_device_reset(USBDevice *dev);
-void usb_wakeup(USBEndpoint *ep);
-void usb_generic_async_ctrl_complete(USBDevice *s, USBPacket *p);
-int set_usb_string(uint8_t *buf, const char *str);
-
-/* usb-linux.c */
-USBDevice *usb_host_device_open(USBBus *bus, const char *devname);
-int usb_host_device_close(const char *devname);
-void usb_host_info(Monitor *mon);
-
-/* usb-bt.c */
-USBDevice *usb_bt_init(USBBus *bus, HCIInfo *hci);
-
-/* usb ports of the VM */
-
-#define VM_USB_HUB_SIZE 8
-
-/* usb-musb.c */
-enum musb_irq_source_e {
- musb_irq_suspend = 0,
- musb_irq_resume,
- musb_irq_rst_babble,
- musb_irq_sof,
- musb_irq_connect,
- musb_irq_disconnect,
- musb_irq_vbus_request,
- musb_irq_vbus_error,
- musb_irq_rx,
- musb_irq_tx,
- musb_set_vbus,
- musb_set_session,
- /* Add new interrupts here */
- musb_irq_max, /* total number of interrupts defined */
-};
-
-typedef struct MUSBState MUSBState;
-MUSBState *musb_init(DeviceState *parent_device, int gpio_base);
-void musb_reset(MUSBState *s);
-uint32_t musb_core_intr_get(MUSBState *s);
-void musb_core_intr_clear(MUSBState *s, uint32_t mask);
-void musb_set_size(MUSBState *s, int epnum, int size, int is_tx);
-
-/* usb-bus.c */
-
-#define TYPE_USB_BUS "usb-bus"
-#define USB_BUS(obj) OBJECT_CHECK(USBBus, (obj), TYPE_USB_BUS)
-
-struct USBBus {
- BusState qbus;
- USBBusOps *ops;
- int busnr;
- int nfree;
- int nused;
- QTAILQ_HEAD(, USBPort) free;
- QTAILQ_HEAD(, USBPort) used;
- QTAILQ_ENTRY(USBBus) next;
-};
-
-struct USBBusOps {
- int (*register_companion)(USBBus *bus, USBPort *ports[],
- uint32_t portcount, uint32_t firstport);
- void (*wakeup_endpoint)(USBBus *bus, USBEndpoint *ep);
-};
-
-void usb_bus_new(USBBus *bus, USBBusOps *ops, DeviceState *host);
-USBBus *usb_bus_find(int busnr);
-void usb_legacy_register(const char *typename, const char *usbdevice_name,
- USBDevice *(*usbdevice_init)(USBBus *bus,
- const char *params));
-USBDevice *usb_create(USBBus *bus, const char *name);
-USBDevice *usb_create_simple(USBBus *bus, const char *name);
-USBDevice *usbdevice_create(const char *cmdline);
-void usb_register_port(USBBus *bus, USBPort *port, void *opaque, int index,
- USBPortOps *ops, int speedmask);
-int usb_register_companion(const char *masterbus, USBPort *ports[],
- uint32_t portcount, uint32_t firstport,
- void *opaque, USBPortOps *ops, int speedmask);
-void usb_port_location(USBPort *downstream, USBPort *upstream, int portnr);
-void usb_unregister_port(USBBus *bus, USBPort *port);
-int usb_claim_port(USBDevice *dev);
-void usb_release_port(USBDevice *dev);
-int usb_device_attach(USBDevice *dev);
-int usb_device_detach(USBDevice *dev);
-int usb_device_delete_addr(int busnr, int addr);
-
-static inline USBBus *usb_bus_from_device(USBDevice *d)
-{
- return DO_UPCAST(USBBus, qbus, d->qdev.parent_bus);
-}
-
-extern const VMStateDescription vmstate_usb_device;
-
-#define VMSTATE_USB_DEVICE(_field, _state) { \
- .name = (stringify(_field)), \
- .size = sizeof(USBDevice), \
- .vmsd = &vmstate_usb_device, \
- .flags = VMS_STRUCT, \
- .offset = vmstate_offset_value(_state, _field, USBDevice), \
-}
-
-USBDevice *usb_device_find_device(USBDevice *dev, uint8_t addr);
-
-void usb_device_cancel_packet(USBDevice *dev, USBPacket *p);
-
-void usb_device_handle_attach(USBDevice *dev);
-
-void usb_device_handle_reset(USBDevice *dev);
-
-void usb_device_handle_control(USBDevice *dev, USBPacket *p, int request,
- int val, int index, int length, uint8_t *data);
-
-void usb_device_handle_data(USBDevice *dev, USBPacket *p);
-
-void usb_device_set_interface(USBDevice *dev, int interface,
- int alt_old, int alt_new);
-
-void usb_device_flush_ep_queue(USBDevice *dev, USBEndpoint *ep);
-
-const char *usb_device_get_product_desc(USBDevice *dev);
-
-const USBDesc *usb_device_get_usb_desc(USBDevice *dev);
-
-int ehci_create_ich9_with_companions(PCIBus *bus, int slot);
-
-#endif
-
diff --git a/hw/usb/Makefile.objs b/hw/usb/Makefile.objs
index 5a4eeb6d1..f9695e7d8 100644
--- a/hw/usb/Makefile.objs
+++ b/hw/usb/Makefile.objs
@@ -1,14 +1,36 @@
+# usb subsystem core
+common-obj-y += core.o combined-packet.o bus.o desc.o
+common-obj-y += libhw.o
+
+# usb host adapters
common-obj-$(CONFIG_USB_UHCI) += hcd-uhci.o
common-obj-$(CONFIG_USB_OHCI) += hcd-ohci.o
common-obj-$(CONFIG_USB_EHCI) += hcd-ehci.o hcd-ehci-pci.o hcd-ehci-sysbus.o
common-obj-$(CONFIG_USB_XHCI) += hcd-xhci.o
-common-obj-y += libhw.o
+common-obj-$(CONFIG_USB_MUSB) += hcd-musb.o
+
+# emulated usb devices
+common-obj-y += dev-hub.o
+common-obj-y += dev-hid.o
+common-obj-$(CONFIG_USB_TABLET_WACOM) += dev-wacom.o
+common-obj-$(CONFIG_USB_STORAGE_BOT) += dev-storage.o
+common-obj-$(CONFIG_USB_STORAGE_UAS) += dev-uas.o
+common-obj-$(CONFIG_USB_AUDIO) += dev-audio.o
+common-obj-$(CONFIG_USB_SERIAL) += dev-serial.o
+common-obj-$(CONFIG_USB_NETWORK) += dev-network.o
+
+# FIXME: make configurable too
+CONFIG_USB_BLUETOOTH := y
+common-obj-$(CONFIG_USB_BLUETOOTH) += dev-bluetooth.o
+
+ifeq ($(CONFIG_USB_SMARTCARD),y)
+common-obj-y += dev-smartcard-reader.o
+common-obj-y += ccid-card-passthru.o
+common-obj-$(CONFIG_SMARTCARD_NSS) += ccid-card-emulated.o
+endif
-common-obj-$(CONFIG_SMARTCARD) += dev-smartcard-reader.o
-common-obj-$(CONFIG_USB_REDIR) += redirect.o
+# usb redirection
+common-obj-$(CONFIG_USB_REDIR) += redirect.o quirks.o
-common-obj-y += core.o combined-packet.o bus.o desc.o dev-hub.o
-common-obj-y += host-$(HOST_USB).o dev-bluetooth.o
-common-obj-y += dev-hid.o dev-storage.o dev-wacom.o
-common-obj-y += dev-serial.o dev-network.o dev-audio.o
-common-obj-y += dev-uas.o
+# usb pass-through
+common-obj-y += $(patsubst %,host-%.o,$(HOST_USB))
diff --git a/hw/usb/bus.c b/hw/usb/bus.c
index 55d0edd5c..f83d1de6c 100644
--- a/hw/usb/bus.c
+++ b/hw/usb/bus.c
@@ -1,8 +1,8 @@
#include "hw/hw.h"
#include "hw/usb.h"
#include "hw/qdev.h"
-#include "sysemu.h"
-#include "monitor.h"
+#include "sysemu/sysemu.h"
+#include "monitor/monitor.h"
#include "trace.h"
static void usb_bus_dev_print(Monitor *mon, DeviceState *qdev, int indent);
@@ -13,6 +13,7 @@ static int usb_qdev_exit(DeviceState *qdev);
static Property usb_props[] = {
DEFINE_PROP_STRING("port", USBDevice, port_path),
+ DEFINE_PROP_STRING("serial", USBDevice, serial),
DEFINE_PROP_BIT("full-path", USBDevice, flags,
USB_DEV_FLAG_FULL_PATH, true),
DEFINE_PROP_END_OF_LIST()
@@ -166,6 +167,9 @@ const char *usb_device_get_product_desc(USBDevice *dev)
const USBDesc *usb_device_get_usb_desc(USBDevice *dev)
{
USBDeviceClass *klass = USB_DEVICE_GET_CLASS(dev);
+ if (dev->usb_desc) {
+ return dev->usb_desc;
+ }
return klass->usb_desc;
}
@@ -186,6 +190,14 @@ void usb_device_flush_ep_queue(USBDevice *dev, USBEndpoint *ep)
}
}
+void usb_device_ep_stopped(USBDevice *dev, USBEndpoint *ep)
+{
+ USBDeviceClass *klass = USB_DEVICE_GET_CLASS(dev);
+ if (klass->ep_stopped) {
+ klass->ep_stopped(dev, ep);
+ }
+}
+
static int usb_qdev_init(DeviceState *qdev)
{
USBDevice *dev = USB_DEVICE(qdev);
@@ -330,8 +342,10 @@ void usb_port_location(USBPort *downstream, USBPort *upstream, int portnr)
if (upstream) {
snprintf(downstream->path, sizeof(downstream->path), "%s.%d",
upstream->path, portnr);
+ downstream->hubcount = upstream->hubcount + 1;
} else {
snprintf(downstream->path, sizeof(downstream->path), "%d", portnr);
+ downstream->hubcount = 0;
}
}
@@ -404,19 +418,47 @@ void usb_release_port(USBDevice *dev)
bus->nfree++;
}
+static void usb_mask_to_str(char *dest, size_t size,
+ unsigned int speedmask)
+{
+ static const struct {
+ unsigned int mask;
+ const char *name;
+ } speeds[] = {
+ { .mask = USB_SPEED_MASK_FULL, .name = "full" },
+ { .mask = USB_SPEED_MASK_HIGH, .name = "high" },
+ { .mask = USB_SPEED_MASK_SUPER, .name = "super" },
+ };
+ int i, pos = 0;
+
+ for (i = 0; i < ARRAY_SIZE(speeds); i++) {
+ if (speeds[i].mask & speedmask) {
+ pos += snprintf(dest + pos, size - pos, "%s%s",
+ pos ? "+" : "",
+ speeds[i].name);
+ }
+ }
+}
+
int usb_device_attach(USBDevice *dev)
{
USBBus *bus = usb_bus_from_device(dev);
USBPort *port = dev->port;
+ char devspeed[32], portspeed[32];
assert(port != NULL);
assert(!dev->attached);
- trace_usb_port_attach(bus->busnr, port->path);
+ usb_mask_to_str(devspeed, sizeof(devspeed), dev->speedmask);
+ usb_mask_to_str(portspeed, sizeof(portspeed), port->speedmask);
+ trace_usb_port_attach(bus->busnr, port->path,
+ devspeed, portspeed);
if (!(port->speedmask & dev->speedmask)) {
- error_report("Warning: speed mismatch trying to attach "
- "usb device %s to bus %s",
- dev->product_desc, bus->qbus.name);
+ error_report("Warning: speed mismatch trying to attach"
+ " usb device \"%s\" (%s speed)"
+ " to bus \"%s\", port \"%s\" (%s speed)",
+ dev->product_desc, devspeed,
+ bus->qbus.name, port->path, portspeed);
return -1;
}
@@ -531,7 +573,7 @@ static char *usb_get_fw_dev_path(DeviceState *qdev)
return fw_path;
}
-void usb_info(Monitor *mon)
+void usb_info(Monitor *mon, const QDict *qdict)
{
USBBus *bus;
USBDevice *dev;
@@ -617,7 +659,7 @@ static void usb_device_class_init(ObjectClass *klass, void *data)
k->props = usb_props;
}
-static TypeInfo usb_device_type_info = {
+static const TypeInfo usb_device_type_info = {
.name = TYPE_USB_DEVICE,
.parent = TYPE_DEVICE,
.instance_size = sizeof(USBDevice),
diff --git a/hw/usb/ccid-card-emulated.c b/hw/usb/ccid-card-emulated.c
new file mode 100644
index 000000000..aa913df85
--- /dev/null
+++ b/hw/usb/ccid-card-emulated.c
@@ -0,0 +1,612 @@
+/*
+ * CCID Card Device. Emulated card.
+ *
+ * Copyright (c) 2011 Red Hat.
+ * Written by Alon Levy.
+ *
+ * This code is licensed under the GNU LGPL, version 2 or later.
+ */
+
+/*
+ * It can be used to provide access to the local hardware in a non exclusive
+ * way, or it can use certificates. It requires the usb-ccid bus.
+ *
+ * Usage 1: standard, mirror hardware reader+card:
+ * qemu .. -usb -device usb-ccid -device ccid-card-emulated
+ *
+ * Usage 2: use certificates, no hardware required
+ * one time: create the certificates:
+ * for i in 1 2 3; do
+ * certutil -d /etc/pki/nssdb -x -t "CT,CT,CT" -S -s "CN=user$i" -n user$i
+ * done
+ * qemu .. -usb -device usb-ccid \
+ * -device ccid-card-emulated,cert1=user1,cert2=user2,cert3=user3
+ *
+ * If you use a non default db for the certificates you can specify it using
+ * the db parameter.
+ */
+
+#include <eventt.h>
+#include <vevent.h>
+#include <vreader.h>
+#include <vcard_emul.h>
+
+#include "qemu/thread.h"
+#include "sysemu/char.h"
+#include "monitor/monitor.h"
+#include "ccid.h"
+
+#define DPRINTF(card, lvl, fmt, ...) \
+do {\
+ if (lvl <= card->debug) {\
+ printf("ccid-card-emul: %s: " fmt , __func__, ## __VA_ARGS__);\
+ } \
+} while (0)
+
+#define EMULATED_DEV_NAME "ccid-card-emulated"
+
+#define BACKEND_NSS_EMULATED_NAME "nss-emulated"
+#define BACKEND_CERTIFICATES_NAME "certificates"
+
+enum {
+ BACKEND_NSS_EMULATED = 1,
+ BACKEND_CERTIFICATES
+};
+
+#define DEFAULT_BACKEND BACKEND_NSS_EMULATED
+
+typedef struct EmulatedState EmulatedState;
+
+enum {
+ EMUL_READER_INSERT = 0,
+ EMUL_READER_REMOVE,
+ EMUL_CARD_INSERT,
+ EMUL_CARD_REMOVE,
+ EMUL_GUEST_APDU,
+ EMUL_RESPONSE_APDU,
+ EMUL_ERROR,
+};
+
+static const char *emul_event_to_string(uint32_t emul_event)
+{
+ switch (emul_event) {
+ case EMUL_READER_INSERT:
+ return "EMUL_READER_INSERT";
+ case EMUL_READER_REMOVE:
+ return "EMUL_READER_REMOVE";
+ case EMUL_CARD_INSERT:
+ return "EMUL_CARD_INSERT";
+ case EMUL_CARD_REMOVE:
+ return "EMUL_CARD_REMOVE";
+ case EMUL_GUEST_APDU:
+ return "EMUL_GUEST_APDU";
+ case EMUL_RESPONSE_APDU:
+ return "EMUL_RESPONSE_APDU";
+ case EMUL_ERROR:
+ return "EMUL_ERROR";
+ }
+ return "UNKNOWN";
+}
+
+typedef struct EmulEvent {
+ QSIMPLEQ_ENTRY(EmulEvent) entry;
+ union {
+ struct {
+ uint32_t type;
+ } gen;
+ struct {
+ uint32_t type;
+ uint64_t code;
+ } error;
+ struct {
+ uint32_t type;
+ uint32_t len;
+ uint8_t data[];
+ } data;
+ } p;
+} EmulEvent;
+
+#define MAX_ATR_SIZE 40
+struct EmulatedState {
+ CCIDCardState base;
+ uint8_t debug;
+ char *backend_str;
+ uint32_t backend;
+ char *cert1;
+ char *cert2;
+ char *cert3;
+ char *db;
+ uint8_t atr[MAX_ATR_SIZE];
+ uint8_t atr_length;
+ QSIMPLEQ_HEAD(event_list, EmulEvent) event_list;
+ QemuMutex event_list_mutex;
+ QemuThread event_thread_id;
+ VReader *reader;
+ QSIMPLEQ_HEAD(guest_apdu_list, EmulEvent) guest_apdu_list;
+ QemuMutex vreader_mutex; /* and guest_apdu_list mutex */
+ QemuMutex handle_apdu_mutex;
+ QemuCond handle_apdu_cond;
+ int pipe[2];
+ int quit_apdu_thread;
+ QemuThread apdu_thread_id;
+};
+
+static void emulated_apdu_from_guest(CCIDCardState *base,
+ const uint8_t *apdu, uint32_t len)
+{
+ EmulatedState *card = DO_UPCAST(EmulatedState, base, base);
+ EmulEvent *event = (EmulEvent *)g_malloc(sizeof(EmulEvent) + len);
+
+ assert(event);
+ event->p.data.type = EMUL_GUEST_APDU;
+ event->p.data.len = len;
+ memcpy(event->p.data.data, apdu, len);
+ qemu_mutex_lock(&card->vreader_mutex);
+ QSIMPLEQ_INSERT_TAIL(&card->guest_apdu_list, event, entry);
+ qemu_mutex_unlock(&card->vreader_mutex);
+ qemu_mutex_lock(&card->handle_apdu_mutex);
+ qemu_cond_signal(&card->handle_apdu_cond);
+ qemu_mutex_unlock(&card->handle_apdu_mutex);
+}
+
+static const uint8_t *emulated_get_atr(CCIDCardState *base, uint32_t *len)
+{
+ EmulatedState *card = DO_UPCAST(EmulatedState, base, base);
+
+ *len = card->atr_length;
+ return card->atr;
+}
+
+static void emulated_push_event(EmulatedState *card, EmulEvent *event)
+{
+ qemu_mutex_lock(&card->event_list_mutex);
+ QSIMPLEQ_INSERT_TAIL(&(card->event_list), event, entry);
+ qemu_mutex_unlock(&card->event_list_mutex);
+ if (write(card->pipe[1], card, 1) != 1) {
+ DPRINTF(card, 1, "write to pipe failed\n");
+ }
+}
+
+static void emulated_push_type(EmulatedState *card, uint32_t type)
+{
+ EmulEvent *event = (EmulEvent *)g_malloc(sizeof(EmulEvent));
+
+ assert(event);
+ event->p.gen.type = type;
+ emulated_push_event(card, event);
+}
+
+static void emulated_push_error(EmulatedState *card, uint64_t code)
+{
+ EmulEvent *event = (EmulEvent *)g_malloc(sizeof(EmulEvent));
+
+ assert(event);
+ event->p.error.type = EMUL_ERROR;
+ event->p.error.code = code;
+ emulated_push_event(card, event);
+}
+
+static void emulated_push_data_type(EmulatedState *card, uint32_t type,
+ const uint8_t *data, uint32_t len)
+{
+ EmulEvent *event = (EmulEvent *)g_malloc(sizeof(EmulEvent) + len);
+
+ assert(event);
+ event->p.data.type = type;
+ event->p.data.len = len;
+ memcpy(event->p.data.data, data, len);
+ emulated_push_event(card, event);
+}
+
+static void emulated_push_reader_insert(EmulatedState *card)
+{
+ emulated_push_type(card, EMUL_READER_INSERT);
+}
+
+static void emulated_push_reader_remove(EmulatedState *card)
+{
+ emulated_push_type(card, EMUL_READER_REMOVE);
+}
+
+static void emulated_push_card_insert(EmulatedState *card,
+ const uint8_t *atr, uint32_t len)
+{
+ emulated_push_data_type(card, EMUL_CARD_INSERT, atr, len);
+}
+
+static void emulated_push_card_remove(EmulatedState *card)
+{
+ emulated_push_type(card, EMUL_CARD_REMOVE);
+}
+
+static void emulated_push_response_apdu(EmulatedState *card,
+ const uint8_t *apdu, uint32_t len)
+{
+ emulated_push_data_type(card, EMUL_RESPONSE_APDU, apdu, len);
+}
+
+#define APDU_BUF_SIZE 270
+static void *handle_apdu_thread(void* arg)
+{
+ EmulatedState *card = arg;
+ uint8_t recv_data[APDU_BUF_SIZE];
+ int recv_len;
+ VReaderStatus reader_status;
+ EmulEvent *event;
+
+ while (1) {
+ qemu_mutex_lock(&card->handle_apdu_mutex);
+ qemu_cond_wait(&card->handle_apdu_cond, &card->handle_apdu_mutex);
+ qemu_mutex_unlock(&card->handle_apdu_mutex);
+ if (card->quit_apdu_thread) {
+ card->quit_apdu_thread = 0; /* debugging */
+ break;
+ }
+ qemu_mutex_lock(&card->vreader_mutex);
+ while (!QSIMPLEQ_EMPTY(&card->guest_apdu_list)) {
+ event = QSIMPLEQ_FIRST(&card->guest_apdu_list);
+ assert((unsigned long)event > 1000);
+ QSIMPLEQ_REMOVE_HEAD(&card->guest_apdu_list, entry);
+ if (event->p.data.type != EMUL_GUEST_APDU) {
+ DPRINTF(card, 1, "unexpected message in handle_apdu_thread\n");
+ g_free(event);
+ continue;
+ }
+ if (card->reader == NULL) {
+ DPRINTF(card, 1, "reader is NULL\n");
+ g_free(event);
+ continue;
+ }
+ recv_len = sizeof(recv_data);
+ reader_status = vreader_xfr_bytes(card->reader,
+ event->p.data.data, event->p.data.len,
+ recv_data, &recv_len);
+ DPRINTF(card, 2, "got back apdu of length %d\n", recv_len);
+ if (reader_status == VREADER_OK) {
+ emulated_push_response_apdu(card, recv_data, recv_len);
+ } else {
+ emulated_push_error(card, reader_status);
+ }
+ g_free(event);
+ }
+ qemu_mutex_unlock(&card->vreader_mutex);
+ }
+ return NULL;
+}
+
+static void *event_thread(void *arg)
+{
+ int atr_len = MAX_ATR_SIZE;
+ uint8_t atr[MAX_ATR_SIZE];
+ VEvent *event = NULL;
+ EmulatedState *card = arg;
+
+ while (1) {
+ const char *reader_name;
+
+ event = vevent_wait_next_vevent();
+ if (event == NULL || event->type == VEVENT_LAST) {
+ break;
+ }
+ if (event->type != VEVENT_READER_INSERT) {
+ if (card->reader == NULL && event->reader != NULL) {
+ /* Happens after device_add followed by card remove or insert.
+ * XXX: create synthetic add_reader events if vcard_emul_init
+ * already called, which happens if device_del and device_add
+ * are called */
+ card->reader = vreader_reference(event->reader);
+ } else {
+ if (event->reader != card->reader) {
+ fprintf(stderr,
+ "ERROR: wrong reader: quiting event_thread\n");
+ break;
+ }
+ }
+ }
+ switch (event->type) {
+ case VEVENT_READER_INSERT:
+ /* TODO: take a specific reader. i.e. track which reader
+ * we are seeing here, check it is the one we want (the first,
+ * or by a particular name), and ignore if we don't want it.
+ */
+ reader_name = vreader_get_name(event->reader);
+ if (card->reader != NULL) {
+ DPRINTF(card, 2, "READER INSERT - replacing %s with %s\n",
+ vreader_get_name(card->reader), reader_name);
+ qemu_mutex_lock(&card->vreader_mutex);
+ vreader_free(card->reader);
+ qemu_mutex_unlock(&card->vreader_mutex);
+ emulated_push_reader_remove(card);
+ }
+ qemu_mutex_lock(&card->vreader_mutex);
+ DPRINTF(card, 2, "READER INSERT %s\n", reader_name);
+ card->reader = vreader_reference(event->reader);
+ qemu_mutex_unlock(&card->vreader_mutex);
+ emulated_push_reader_insert(card);
+ break;
+ case VEVENT_READER_REMOVE:
+ DPRINTF(card, 2, " READER REMOVE: %s\n",
+ vreader_get_name(event->reader));
+ qemu_mutex_lock(&card->vreader_mutex);
+ vreader_free(card->reader);
+ card->reader = NULL;
+ qemu_mutex_unlock(&card->vreader_mutex);
+ emulated_push_reader_remove(card);
+ break;
+ case VEVENT_CARD_INSERT:
+ /* get the ATR (intended as a response to a power on from the
+ * reader */
+ atr_len = MAX_ATR_SIZE;
+ vreader_power_on(event->reader, atr, &atr_len);
+ card->atr_length = (uint8_t)atr_len;
+ DPRINTF(card, 2, " CARD INSERT\n");
+ emulated_push_card_insert(card, atr, atr_len);
+ break;
+ case VEVENT_CARD_REMOVE:
+ DPRINTF(card, 2, " CARD REMOVE\n");
+ emulated_push_card_remove(card);
+ break;
+ case VEVENT_LAST: /* quit */
+ vevent_delete(event);
+ return NULL;
+ break;
+ default:
+ break;
+ }
+ vevent_delete(event);
+ }
+ return NULL;
+}
+
+static void pipe_read(void *opaque)
+{
+ EmulatedState *card = opaque;
+ EmulEvent *event, *next;
+ char dummy;
+ int len;
+
+ do {
+ len = read(card->pipe[0], &dummy, sizeof(dummy));
+ } while (len == sizeof(dummy));
+ qemu_mutex_lock(&card->event_list_mutex);
+ QSIMPLEQ_FOREACH_SAFE(event, &card->event_list, entry, next) {
+ DPRINTF(card, 2, "event %s\n", emul_event_to_string(event->p.gen.type));
+ switch (event->p.gen.type) {
+ case EMUL_RESPONSE_APDU:
+ ccid_card_send_apdu_to_guest(&card->base, event->p.data.data,
+ event->p.data.len);
+ break;
+ case EMUL_READER_INSERT:
+ ccid_card_ccid_attach(&card->base);
+ break;
+ case EMUL_READER_REMOVE:
+ ccid_card_ccid_detach(&card->base);
+ break;
+ case EMUL_CARD_INSERT:
+ assert(event->p.data.len <= MAX_ATR_SIZE);
+ card->atr_length = event->p.data.len;
+ memcpy(card->atr, event->p.data.data, card->atr_length);
+ ccid_card_card_inserted(&card->base);
+ break;
+ case EMUL_CARD_REMOVE:
+ ccid_card_card_removed(&card->base);
+ break;
+ case EMUL_ERROR:
+ ccid_card_card_error(&card->base, event->p.error.code);
+ break;
+ default:
+ DPRINTF(card, 2, "unexpected event\n");
+ break;
+ }
+ g_free(event);
+ }
+ QSIMPLEQ_INIT(&card->event_list);
+ qemu_mutex_unlock(&card->event_list_mutex);
+}
+
+static int init_pipe_signaling(EmulatedState *card)
+{
+ if (pipe(card->pipe) < 0) {
+ DPRINTF(card, 2, "pipe creation failed\n");
+ return -1;
+ }
+ fcntl(card->pipe[0], F_SETFL, O_NONBLOCK);
+ fcntl(card->pipe[1], F_SETFL, O_NONBLOCK);
+ fcntl(card->pipe[0], F_SETOWN, getpid());
+ qemu_set_fd_handler(card->pipe[0], pipe_read, NULL, card);
+ return 0;
+}
+
+#define CERTIFICATES_DEFAULT_DB "/etc/pki/nssdb"
+#define CERTIFICATES_ARGS_TEMPLATE\
+ "db=\"%s\" use_hw=no soft=(,Virtual Reader,CAC,,%s,%s,%s)"
+
+static int wrap_vcard_emul_init(VCardEmulOptions *options)
+{
+ static int called;
+ static int options_was_null;
+
+ if (called) {
+ if ((options == NULL) != options_was_null) {
+ printf("%s: warning: running emulated with certificates"
+ " and emulated side by side is not supported\n",
+ __func__);
+ return VCARD_EMUL_FAIL;
+ }
+ vcard_emul_replay_insertion_events();
+ return VCARD_EMUL_OK;
+ }
+ options_was_null = (options == NULL);
+ called = 1;
+ return vcard_emul_init(options);
+}
+
+static int emulated_initialize_vcard_from_certificates(EmulatedState *card)
+{
+ char emul_args[200];
+ VCardEmulOptions *options = NULL;
+
+ snprintf(emul_args, sizeof(emul_args) - 1, CERTIFICATES_ARGS_TEMPLATE,
+ card->db ? card->db : CERTIFICATES_DEFAULT_DB,
+ card->cert1, card->cert2, card->cert3);
+ options = vcard_emul_options(emul_args);
+ if (options == NULL) {
+ printf("%s: warning: not using certificates due to"
+ " initialization error\n", __func__);
+ }
+ return wrap_vcard_emul_init(options);
+}
+
+typedef struct EnumTable {
+ const char *name;
+ uint32_t value;
+} EnumTable;
+
+static const EnumTable backend_enum_table[] = {
+ {BACKEND_NSS_EMULATED_NAME, BACKEND_NSS_EMULATED},
+ {BACKEND_CERTIFICATES_NAME, BACKEND_CERTIFICATES},
+ {NULL, 0},
+};
+
+static uint32_t parse_enumeration(char *str,
+ const EnumTable *table, uint32_t not_found_value)
+{
+ uint32_t ret = not_found_value;
+
+ if (str == NULL)
+ return 0;
+
+ while (table->name != NULL) {
+ if (strcmp(table->name, str) == 0) {
+ ret = table->value;
+ break;
+ }
+ table++;
+ }
+ return ret;
+}
+
+static int emulated_initfn(CCIDCardState *base)
+{
+ EmulatedState *card = DO_UPCAST(EmulatedState, base, base);
+ VCardEmulError ret;
+ const EnumTable *ptable;
+
+ QSIMPLEQ_INIT(&card->event_list);
+ QSIMPLEQ_INIT(&card->guest_apdu_list);
+ qemu_mutex_init(&card->event_list_mutex);
+ qemu_mutex_init(&card->vreader_mutex);
+ qemu_mutex_init(&card->handle_apdu_mutex);
+ qemu_cond_init(&card->handle_apdu_cond);
+ card->reader = NULL;
+ card->quit_apdu_thread = 0;
+ if (init_pipe_signaling(card) < 0) {
+ return -1;
+ }
+
+ card->backend = 0;
+ if (card->backend_str) {
+ card->backend = parse_enumeration(card->backend_str,
+ backend_enum_table, 0);
+ }
+
+ if (card->backend == 0) {
+ printf("backend must be one of:\n");
+ for (ptable = backend_enum_table; ptable->name != NULL; ++ptable) {
+ printf("%s\n", ptable->name);
+ }
+ return -1;
+ }
+
+ /* TODO: a passthru backened that works on local machine. third card type?*/
+ if (card->backend == BACKEND_CERTIFICATES) {
+ if (card->cert1 != NULL && card->cert2 != NULL && card->cert3 != NULL) {
+ ret = emulated_initialize_vcard_from_certificates(card);
+ } else {
+ printf("%s: you must provide all three certs for"
+ " certificates backend\n", EMULATED_DEV_NAME);
+ return -1;
+ }
+ } else {
+ if (card->backend != BACKEND_NSS_EMULATED) {
+ printf("%s: bad backend specified. The options are:\n%s (default),"
+ " %s.\n", EMULATED_DEV_NAME, BACKEND_NSS_EMULATED_NAME,
+ BACKEND_CERTIFICATES_NAME);
+ return -1;
+ }
+ if (card->cert1 != NULL || card->cert2 != NULL || card->cert3 != NULL) {
+ printf("%s: unexpected cert parameters to nss emulated backend\n",
+ EMULATED_DEV_NAME);
+ return -1;
+ }
+ /* default to mirroring the local hardware readers */
+ ret = wrap_vcard_emul_init(NULL);
+ }
+ if (ret != VCARD_EMUL_OK) {
+ printf("%s: failed to initialize vcard\n", EMULATED_DEV_NAME);
+ return -1;
+ }
+ qemu_thread_create(&card->event_thread_id, event_thread, card,
+ QEMU_THREAD_JOINABLE);
+ qemu_thread_create(&card->apdu_thread_id, handle_apdu_thread, card,
+ QEMU_THREAD_JOINABLE);
+ return 0;
+}
+
+static int emulated_exitfn(CCIDCardState *base)
+{
+ EmulatedState *card = DO_UPCAST(EmulatedState, base, base);
+ VEvent *vevent = vevent_new(VEVENT_LAST, NULL, NULL);
+
+ vevent_queue_vevent(vevent); /* stop vevent thread */
+ qemu_thread_join(&card->event_thread_id);
+
+ card->quit_apdu_thread = 1; /* stop handle_apdu thread */
+ qemu_cond_signal(&card->handle_apdu_cond);
+ qemu_thread_join(&card->apdu_thread_id);
+
+ /* threads exited, can destroy all condvars/mutexes */
+ qemu_cond_destroy(&card->handle_apdu_cond);
+ qemu_mutex_destroy(&card->handle_apdu_mutex);
+ qemu_mutex_destroy(&card->vreader_mutex);
+ qemu_mutex_destroy(&card->event_list_mutex);
+ return 0;
+}
+
+static Property emulated_card_properties[] = {
+ DEFINE_PROP_STRING("backend", EmulatedState, backend_str),
+ DEFINE_PROP_STRING("cert1", EmulatedState, cert1),
+ DEFINE_PROP_STRING("cert2", EmulatedState, cert2),
+ DEFINE_PROP_STRING("cert3", EmulatedState, cert3),
+ DEFINE_PROP_STRING("db", EmulatedState, db),
+ DEFINE_PROP_UINT8("debug", EmulatedState, debug, 0),
+ DEFINE_PROP_END_OF_LIST(),
+};
+
+static void emulated_class_initfn(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ CCIDCardClass *cc = CCID_CARD_CLASS(klass);
+
+ cc->initfn = emulated_initfn;
+ cc->exitfn = emulated_exitfn;
+ cc->get_atr = emulated_get_atr;
+ cc->apdu_from_guest = emulated_apdu_from_guest;
+ set_bit(DEVICE_CATEGORY_INPUT, dc->categories);
+ dc->desc = "emulated smartcard";
+ dc->props = emulated_card_properties;
+}
+
+static const TypeInfo emulated_card_info = {
+ .name = EMULATED_DEV_NAME,
+ .parent = TYPE_CCID_CARD,
+ .instance_size = sizeof(EmulatedState),
+ .class_init = emulated_class_initfn,
+};
+
+static void ccid_card_emulated_register_types(void)
+{
+ type_register_static(&emulated_card_info);
+}
+
+type_init(ccid_card_emulated_register_types)
diff --git a/hw/usb/ccid-card-passthru.c b/hw/usb/ccid-card-passthru.c
new file mode 100644
index 000000000..10f1d309a
--- /dev/null
+++ b/hw/usb/ccid-card-passthru.c
@@ -0,0 +1,413 @@
+/*
+ * CCID Passthru Card Device emulation
+ *
+ * Copyright (c) 2011 Red Hat.
+ * Written by Alon Levy.
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2.1 or later.
+ * See the COPYING file in the top-level directory.
+ */
+
+#include "sysemu/char.h"
+#include "qemu/sockets.h"
+#include "monitor/monitor.h"
+#include "ccid.h"
+#include "libcacard/vscard_common.h"
+
+#define DPRINTF(card, lvl, fmt, ...) \
+do { \
+ if (lvl <= card->debug) { \
+ printf("ccid-card-passthru: " fmt , ## __VA_ARGS__); \
+ } \
+} while (0)
+
+#define D_WARN 1
+#define D_INFO 2
+#define D_MORE_INFO 3
+#define D_VERBOSE 4
+
+/* TODO: do we still need this? */
+static const uint8_t DEFAULT_ATR[] = {
+/*
+ * From some example somewhere
+ * 0x3B, 0xB0, 0x18, 0x00, 0xD1, 0x81, 0x05, 0xB1, 0x40, 0x38, 0x1F, 0x03, 0x28
+ */
+
+/* From an Athena smart card */
+ 0x3B, 0xD5, 0x18, 0xFF, 0x80, 0x91, 0xFE, 0x1F, 0xC3, 0x80, 0x73, 0xC8, 0x21,
+ 0x13, 0x08
+};
+
+
+#define PASSTHRU_DEV_NAME "ccid-card-passthru"
+#define VSCARD_IN_SIZE 65536
+
+/* maximum size of ATR - from 7816-3 */
+#define MAX_ATR_SIZE 40
+
+typedef struct PassthruState PassthruState;
+
+struct PassthruState {
+ CCIDCardState base;
+ CharDriverState *cs;
+ uint8_t vscard_in_data[VSCARD_IN_SIZE];
+ uint32_t vscard_in_pos;
+ uint32_t vscard_in_hdr;
+ uint8_t atr[MAX_ATR_SIZE];
+ uint8_t atr_length;
+ uint8_t debug;
+};
+
+/*
+ * VSCard protocol over chardev
+ * This code should not depend on the card type.
+ */
+
+static void ccid_card_vscard_send_msg(PassthruState *s,
+ VSCMsgType type, uint32_t reader_id,
+ const uint8_t *payload, uint32_t length)
+{
+ VSCMsgHeader scr_msg_header;
+
+ scr_msg_header.type = htonl(type);
+ scr_msg_header.reader_id = htonl(reader_id);
+ scr_msg_header.length = htonl(length);
+ qemu_chr_fe_write(s->cs, (uint8_t *)&scr_msg_header, sizeof(VSCMsgHeader));
+ qemu_chr_fe_write(s->cs, payload, length);
+}
+
+static void ccid_card_vscard_send_apdu(PassthruState *s,
+ const uint8_t *apdu, uint32_t length)
+{
+ ccid_card_vscard_send_msg(
+ s, VSC_APDU, VSCARD_MINIMAL_READER_ID, apdu, length);
+}
+
+static void ccid_card_vscard_send_error(PassthruState *s,
+ uint32_t reader_id, VSCErrorCode code)
+{
+ VSCMsgError msg = {.code = htonl(code)};
+
+ ccid_card_vscard_send_msg(
+ s, VSC_Error, reader_id, (uint8_t *)&msg, sizeof(msg));
+}
+
+static void ccid_card_vscard_send_init(PassthruState *s)
+{
+ VSCMsgInit msg = {
+ .version = htonl(VSCARD_VERSION),
+ .magic = VSCARD_MAGIC,
+ .capabilities = {0}
+ };
+
+ ccid_card_vscard_send_msg(s, VSC_Init, VSCARD_UNDEFINED_READER_ID,
+ (uint8_t *)&msg, sizeof(msg));
+}
+
+static int ccid_card_vscard_can_read(void *opaque)
+{
+ PassthruState *card = opaque;
+
+ return VSCARD_IN_SIZE >= card->vscard_in_pos ?
+ VSCARD_IN_SIZE - card->vscard_in_pos : 0;
+}
+
+static void ccid_card_vscard_handle_init(
+ PassthruState *card, VSCMsgHeader *hdr, VSCMsgInit *init)
+{
+ uint32_t *capabilities;
+ int num_capabilities;
+ int i;
+
+ capabilities = init->capabilities;
+ num_capabilities =
+ 1 + ((hdr->length - sizeof(VSCMsgInit)) / sizeof(uint32_t));
+ init->version = ntohl(init->version);
+ for (i = 0 ; i < num_capabilities; ++i) {
+ capabilities[i] = ntohl(capabilities[i]);
+ }
+ if (init->magic != VSCARD_MAGIC) {
+ error_report("wrong magic");
+ /* we can't disconnect the chardev */
+ }
+ if (init->version != VSCARD_VERSION) {
+ DPRINTF(card, D_WARN,
+ "got version %d, have %d", init->version, VSCARD_VERSION);
+ }
+ /* future handling of capabilities, none exist atm */
+ ccid_card_vscard_send_init(card);
+}
+
+static int check_atr(PassthruState *card, uint8_t *data, int len)
+{
+ int historical_length, opt_bytes;
+ int td_count = 0;
+ int td;
+
+ if (len < 2) {
+ return 0;
+ }
+ historical_length = data[1] & 0xf;
+ opt_bytes = 0;
+ if (data[0] != 0x3b && data[0] != 0x3f) {
+ DPRINTF(card, D_WARN, "atr's T0 is 0x%X, not in {0x3b, 0x3f}\n",
+ data[0]);
+ return 0;
+ }
+ td_count = 0;
+ td = data[1] >> 4;
+ while (td && td_count < 2 && opt_bytes + historical_length + 2 < len) {
+ td_count++;
+ if (td & 0x1) {
+ opt_bytes++;
+ }
+ if (td & 0x2) {
+ opt_bytes++;
+ }
+ if (td & 0x4) {
+ opt_bytes++;
+ }
+ if (td & 0x8) {
+ opt_bytes++;
+ td = data[opt_bytes + 2] >> 4;
+ }
+ }
+ if (len < 2 + historical_length + opt_bytes) {
+ DPRINTF(card, D_WARN,
+ "atr too short: len %d, but historical_len %d, T1 0x%X\n",
+ len, historical_length, data[1]);
+ return 0;
+ }
+ if (len > 2 + historical_length + opt_bytes) {
+ DPRINTF(card, D_WARN,
+ "atr too long: len %d, but hist/opt %d/%d, T1 0x%X\n",
+ len, historical_length, opt_bytes, data[1]);
+ /* let it through */
+ }
+ DPRINTF(card, D_VERBOSE,
+ "atr passes check: %d total length, %d historical, %d optional\n",
+ len, historical_length, opt_bytes);
+
+ return 1;
+}
+
+static void ccid_card_vscard_handle_message(PassthruState *card,
+ VSCMsgHeader *scr_msg_header)
+{
+ uint8_t *data = (uint8_t *)&scr_msg_header[1];
+
+ switch (scr_msg_header->type) {
+ case VSC_ATR:
+ DPRINTF(card, D_INFO, "VSC_ATR %d\n", scr_msg_header->length);
+ if (scr_msg_header->length > MAX_ATR_SIZE) {
+ error_report("ATR size exceeds spec, ignoring");
+ ccid_card_vscard_send_error(card, scr_msg_header->reader_id,
+ VSC_GENERAL_ERROR);
+ break;
+ }
+ if (!check_atr(card, data, scr_msg_header->length)) {
+ error_report("ATR is inconsistent, ignoring");
+ ccid_card_vscard_send_error(card, scr_msg_header->reader_id,
+ VSC_GENERAL_ERROR);
+ break;
+ }
+ memcpy(card->atr, data, scr_msg_header->length);
+ card->atr_length = scr_msg_header->length;
+ ccid_card_card_inserted(&card->base);
+ ccid_card_vscard_send_error(card, scr_msg_header->reader_id,
+ VSC_SUCCESS);
+ break;
+ case VSC_APDU:
+ ccid_card_send_apdu_to_guest(
+ &card->base, data, scr_msg_header->length);
+ break;
+ case VSC_CardRemove:
+ DPRINTF(card, D_INFO, "VSC_CardRemove\n");
+ ccid_card_card_removed(&card->base);
+ ccid_card_vscard_send_error(card,
+ scr_msg_header->reader_id, VSC_SUCCESS);
+ break;
+ case VSC_Init:
+ ccid_card_vscard_handle_init(
+ card, scr_msg_header, (VSCMsgInit *)data);
+ break;
+ case VSC_Error:
+ ccid_card_card_error(&card->base, *(uint32_t *)data);
+ break;
+ case VSC_ReaderAdd:
+ if (ccid_card_ccid_attach(&card->base) < 0) {
+ ccid_card_vscard_send_error(card, VSCARD_UNDEFINED_READER_ID,
+ VSC_CANNOT_ADD_MORE_READERS);
+ } else {
+ ccid_card_vscard_send_error(card, VSCARD_MINIMAL_READER_ID,
+ VSC_SUCCESS);
+ }
+ break;
+ case VSC_ReaderRemove:
+ ccid_card_ccid_detach(&card->base);
+ ccid_card_vscard_send_error(card,
+ scr_msg_header->reader_id, VSC_SUCCESS);
+ break;
+ default:
+ printf("usb-ccid: chardev: unexpected message of type %X\n",
+ scr_msg_header->type);
+ ccid_card_vscard_send_error(card, scr_msg_header->reader_id,
+ VSC_GENERAL_ERROR);
+ }
+}
+
+static void ccid_card_vscard_drop_connection(PassthruState *card)
+{
+ qemu_chr_delete(card->cs);
+ card->vscard_in_pos = card->vscard_in_hdr = 0;
+}
+
+static void ccid_card_vscard_read(void *opaque, const uint8_t *buf, int size)
+{
+ PassthruState *card = opaque;
+ VSCMsgHeader *hdr;
+
+ if (card->vscard_in_pos + size > VSCARD_IN_SIZE) {
+ error_report(
+ "no room for data: pos %d + size %d > %d. dropping connection.",
+ card->vscard_in_pos, size, VSCARD_IN_SIZE);
+ ccid_card_vscard_drop_connection(card);
+ return;
+ }
+ assert(card->vscard_in_pos < VSCARD_IN_SIZE);
+ assert(card->vscard_in_hdr < VSCARD_IN_SIZE);
+ memcpy(card->vscard_in_data + card->vscard_in_pos, buf, size);
+ card->vscard_in_pos += size;
+ hdr = (VSCMsgHeader *)(card->vscard_in_data + card->vscard_in_hdr);
+
+ while ((card->vscard_in_pos - card->vscard_in_hdr >= sizeof(VSCMsgHeader))
+ &&(card->vscard_in_pos - card->vscard_in_hdr >=
+ sizeof(VSCMsgHeader) + ntohl(hdr->length))) {
+ hdr->reader_id = ntohl(hdr->reader_id);
+ hdr->length = ntohl(hdr->length);
+ hdr->type = ntohl(hdr->type);
+ ccid_card_vscard_handle_message(card, hdr);
+ card->vscard_in_hdr += hdr->length + sizeof(VSCMsgHeader);
+ hdr = (VSCMsgHeader *)(card->vscard_in_data + card->vscard_in_hdr);
+ }
+ if (card->vscard_in_hdr == card->vscard_in_pos) {
+ card->vscard_in_pos = card->vscard_in_hdr = 0;
+ }
+}
+
+static void ccid_card_vscard_event(void *opaque, int event)
+{
+ PassthruState *card = opaque;
+
+ switch (event) {
+ case CHR_EVENT_BREAK:
+ card->vscard_in_pos = card->vscard_in_hdr = 0;
+ break;
+ case CHR_EVENT_FOCUS:
+ break;
+ case CHR_EVENT_OPENED:
+ DPRINTF(card, D_INFO, "%s: CHR_EVENT_OPENED\n", __func__);
+ break;
+ }
+}
+
+/* End VSCard handling */
+
+static void passthru_apdu_from_guest(
+ CCIDCardState *base, const uint8_t *apdu, uint32_t len)
+{
+ PassthruState *card = DO_UPCAST(PassthruState, base, base);
+
+ if (!card->cs) {
+ printf("ccid-passthru: no chardev, discarding apdu length %d\n", len);
+ return;
+ }
+ ccid_card_vscard_send_apdu(card, apdu, len);
+}
+
+static const uint8_t *passthru_get_atr(CCIDCardState *base, uint32_t *len)
+{
+ PassthruState *card = DO_UPCAST(PassthruState, base, base);
+
+ *len = card->atr_length;
+ return card->atr;
+}
+
+static int passthru_initfn(CCIDCardState *base)
+{
+ PassthruState *card = DO_UPCAST(PassthruState, base, base);
+
+ card->vscard_in_pos = 0;
+ card->vscard_in_hdr = 0;
+ if (card->cs) {
+ DPRINTF(card, D_INFO, "initing chardev\n");
+ qemu_chr_add_handlers(card->cs,
+ ccid_card_vscard_can_read,
+ ccid_card_vscard_read,
+ ccid_card_vscard_event, card);
+ ccid_card_vscard_send_init(card);
+ } else {
+ error_report("missing chardev");
+ return -1;
+ }
+ card->debug = parse_debug_env("QEMU_CCID_PASSTHRU_DEBUG", D_VERBOSE,
+ card->debug);
+ assert(sizeof(DEFAULT_ATR) <= MAX_ATR_SIZE);
+ memcpy(card->atr, DEFAULT_ATR, sizeof(DEFAULT_ATR));
+ card->atr_length = sizeof(DEFAULT_ATR);
+ return 0;
+}
+
+static int passthru_exitfn(CCIDCardState *base)
+{
+ return 0;
+}
+
+static VMStateDescription passthru_vmstate = {
+ .name = "ccid-card-passthru",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .fields = (VMStateField[]) {
+ VMSTATE_BUFFER(vscard_in_data, PassthruState),
+ VMSTATE_UINT32(vscard_in_pos, PassthruState),
+ VMSTATE_UINT32(vscard_in_hdr, PassthruState),
+ VMSTATE_BUFFER(atr, PassthruState),
+ VMSTATE_UINT8(atr_length, PassthruState),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+static Property passthru_card_properties[] = {
+ DEFINE_PROP_CHR("chardev", PassthruState, cs),
+ DEFINE_PROP_UINT8("debug", PassthruState, debug, 0),
+ DEFINE_PROP_END_OF_LIST(),
+};
+
+static void passthru_class_initfn(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ CCIDCardClass *cc = CCID_CARD_CLASS(klass);
+
+ cc->initfn = passthru_initfn;
+ cc->exitfn = passthru_exitfn;
+ cc->get_atr = passthru_get_atr;
+ cc->apdu_from_guest = passthru_apdu_from_guest;
+ set_bit(DEVICE_CATEGORY_INPUT, dc->categories);
+ dc->desc = "passthrough smartcard";
+ dc->vmsd = &passthru_vmstate;
+ dc->props = passthru_card_properties;
+}
+
+static const TypeInfo passthru_card_info = {
+ .name = PASSTHRU_DEV_NAME,
+ .parent = TYPE_CCID_CARD,
+ .instance_size = sizeof(PassthruState),
+ .class_init = passthru_class_initfn,
+};
+
+static void ccid_card_passthru_register_types(void)
+{
+ type_register_static(&passthru_card_info);
+}
+
+type_init(ccid_card_passthru_register_types)
diff --git a/hw/usb/ccid.h b/hw/usb/ccid.h
new file mode 100644
index 000000000..9334da8ac
--- /dev/null
+++ b/hw/usb/ccid.h
@@ -0,0 +1,65 @@
+/*
+ * CCID Passthru Card Device emulation
+ *
+ * Copyright (c) 2011 Red Hat.
+ * Written by Alon Levy.
+ *
+ * This code is licensed under the GNU LGPL, version 2 or later.
+ */
+
+#ifndef CCID_H
+#define CCID_H
+
+#include "hw/qdev.h"
+
+typedef struct CCIDCardState CCIDCardState;
+typedef struct CCIDCardInfo CCIDCardInfo;
+
+#define TYPE_CCID_CARD "ccid-card"
+#define CCID_CARD(obj) \
+ OBJECT_CHECK(CCIDCardState, (obj), TYPE_CCID_CARD)
+#define CCID_CARD_CLASS(klass) \
+ OBJECT_CLASS_CHECK(CCIDCardClass, (klass), TYPE_CCID_CARD)
+#define CCID_CARD_GET_CLASS(obj) \
+ OBJECT_GET_CLASS(CCIDCardClass, (obj), TYPE_CCID_CARD)
+
+/*
+ * callbacks to be used by the CCID device (hw/usb-ccid.c) to call
+ * into the smartcard device (hw/ccid-card-*.c)
+ */
+typedef struct CCIDCardClass {
+ DeviceClass parent_class;
+ const uint8_t *(*get_atr)(CCIDCardState *card, uint32_t *len);
+ void (*apdu_from_guest)(CCIDCardState *card,
+ const uint8_t *apdu,
+ uint32_t len);
+ int (*exitfn)(CCIDCardState *card);
+ int (*initfn)(CCIDCardState *card);
+} CCIDCardClass;
+
+/*
+ * state of the CCID Card device (i.e. hw/ccid-card-*.c)
+ */
+struct CCIDCardState {
+ DeviceState qdev;
+ uint32_t slot; /* For future use with multiple slot reader. */
+};
+
+/*
+ * API for smartcard calling the CCID device (used by hw/ccid-card-*.c)
+ */
+void ccid_card_send_apdu_to_guest(CCIDCardState *card,
+ uint8_t *apdu,
+ uint32_t len);
+void ccid_card_card_removed(CCIDCardState *card);
+void ccid_card_card_inserted(CCIDCardState *card);
+void ccid_card_card_error(CCIDCardState *card, uint64_t error);
+
+/*
+ * support guest visible insertion/removal of ccid devices based on actual
+ * devices connected/removed. Called by card implementation (passthru, local)
+ */
+int ccid_card_ccid_attach(CCIDCardState *card);
+void ccid_card_ccid_detach(CCIDCardState *card);
+
+#endif /* CCID_H */
diff --git a/hw/usb/combined-packet.c b/hw/usb/combined-packet.c
index 4a0c29945..13f6602ad 100644
--- a/hw/usb/combined-packet.c
+++ b/hw/usb/combined-packet.c
@@ -21,7 +21,7 @@
*/
#include "qemu-common.h"
#include "hw/usb.h"
-#include "iov.h"
+#include "qemu/iov.h"
#include "trace.h"
static void usb_combined_packet_add(USBCombinedPacket *combined, USBPacket *p)
diff --git a/hw/usb/core.c b/hw/usb/core.c
index 52b53108c..05948ca9a 100644
--- a/hw/usb/core.c
+++ b/hw/usb/core.c
@@ -25,7 +25,7 @@
*/
#include "qemu-common.h"
#include "hw/usb.h"
-#include "iov.h"
+#include "qemu/iov.h"
#include "trace.h"
void usb_attach(USBPort *port)
@@ -71,7 +71,7 @@ void usb_device_reset(USBDevice *dev)
usb_device_handle_reset(dev);
}
-void usb_wakeup(USBEndpoint *ep)
+void usb_wakeup(USBEndpoint *ep, unsigned int stream)
{
USBDevice *dev = ep->dev;
USBBus *bus = usb_bus_from_device(dev);
@@ -80,7 +80,7 @@ void usb_wakeup(USBEndpoint *ep)
dev->port->ops->wakeup(dev->port);
}
if (bus->ops->wakeup_endpoint) {
- bus->ops->wakeup_endpoint(bus, ep);
+ bus->ops->wakeup_endpoint(bus, ep, stream);
}
}
@@ -406,7 +406,11 @@ void usb_handle_packet(USBDevice *dev, USBPacket *p)
if (QTAILQ_EMPTY(&p->ep->queue) || p->ep->pipeline) {
usb_process_one(p);
if (p->status == USB_RET_ASYNC) {
+ /* hcd drivers cannot handle async for isoc */
assert(p->ep->type != USB_ENDPOINT_XFER_ISOC);
+ /* using async for interrupt packets breaks migration */
+ assert(p->ep->type != USB_ENDPOINT_XFER_INT ||
+ (dev->flags & (1 << USB_DEV_FLAG_IS_HOST)));
usb_packet_set_state(p, USB_PACKET_ASYNC);
QTAILQ_INSERT_TAIL(&p->ep->queue, p, queue);
} else if (p->status == USB_RET_ADD_TO_QUEUE) {
@@ -541,14 +545,16 @@ void usb_packet_set_state(USBPacket *p, USBPacketState state)
p->state = state;
}
-void usb_packet_setup(USBPacket *p, int pid, USBEndpoint *ep, uint64_t id,
- bool short_not_ok, bool int_req)
+void usb_packet_setup(USBPacket *p, int pid,
+ USBEndpoint *ep, unsigned int stream,
+ uint64_t id, bool short_not_ok, bool int_req)
{
assert(!usb_packet_is_inflight(p));
assert(p->iov.iov != NULL);
p->id = id;
p->pid = pid;
p->ep = ep;
+ p->stream = stream;
p->status = USB_RET_SUCCESS;
p->actual_length = 0;
p->parameter = 0;
@@ -566,15 +572,17 @@ void usb_packet_addbuf(USBPacket *p, void *ptr, size_t len)
void usb_packet_copy(USBPacket *p, void *ptr, size_t bytes)
{
+ QEMUIOVector *iov = p->combined ? &p->combined->iov : &p->iov;
+
assert(p->actual_length >= 0);
- assert(p->actual_length + bytes <= p->iov.size);
+ assert(p->actual_length + bytes <= iov->size);
switch (p->pid) {
case USB_TOKEN_SETUP:
case USB_TOKEN_OUT:
- iov_to_buf(p->iov.iov, p->iov.niov, p->actual_length, ptr, bytes);
+ iov_to_buf(iov->iov, iov->niov, p->actual_length, ptr, bytes);
break;
case USB_TOKEN_IN:
- iov_from_buf(p->iov.iov, p->iov.niov, p->actual_length, ptr, bytes);
+ iov_from_buf(iov->iov, iov->niov, p->actual_length, ptr, bytes);
break;
default:
fprintf(stderr, "%s: invalid pid: %x\n", __func__, p->pid);
@@ -585,14 +593,21 @@ void usb_packet_copy(USBPacket *p, void *ptr, size_t bytes)
void usb_packet_skip(USBPacket *p, size_t bytes)
{
+ QEMUIOVector *iov = p->combined ? &p->combined->iov : &p->iov;
+
assert(p->actual_length >= 0);
- assert(p->actual_length + bytes <= p->iov.size);
+ assert(p->actual_length + bytes <= iov->size);
if (p->pid == USB_TOKEN_IN) {
- iov_memset(p->iov.iov, p->iov.niov, p->actual_length, 0, bytes);
+ iov_memset(iov->iov, iov->niov, p->actual_length, 0, bytes);
}
p->actual_length += bytes;
}
+size_t usb_packet_size(USBPacket *p)
+{
+ return p->combined ? p->combined->iov.size : p->iov.size;
+}
+
void usb_packet_cleanup(USBPacket *p)
{
assert(!usb_packet_is_inflight(p));
@@ -751,13 +766,19 @@ void usb_ep_set_pipeline(USBDevice *dev, int pid, int ep, bool enabled)
uep->pipeline = enabled;
}
+void usb_ep_set_halted(USBDevice *dev, int pid, int ep, bool halted)
+{
+ struct USBEndpoint *uep = usb_ep_get(dev, pid, ep);
+ uep->halted = halted;
+}
+
USBPacket *usb_ep_find_packet_by_id(USBDevice *dev, int pid, int ep,
uint64_t id)
{
struct USBEndpoint *uep = usb_ep_get(dev, pid, ep);
USBPacket *p;
- while ((p = QTAILQ_FIRST(&uep->queue)) != NULL) {
+ QTAILQ_FOREACH(p, &uep->queue, queue) {
if (p->id == id) {
return p;
}
diff --git a/hw/usb/desc.c b/hw/usb/desc.c
index b7c32333d..bf6c52268 100644
--- a/hw/usb/desc.c
+++ b/hw/usb/desc.c
@@ -225,12 +225,9 @@ int usb_desc_endpoint(const USBDescEndpoint *ep, int flags,
d->u.endpoint.bRefresh = ep->bRefresh;
d->u.endpoint.bSynchAddress = ep->bSynchAddress;
}
- if (ep->extra) {
- memcpy(dest + bLength, ep->extra, extralen);
- }
if (superlen) {
- USBDescriptor *d = (void *)(dest + bLength + extralen);
+ USBDescriptor *d = (void *)(dest + bLength);
d->bLength = 0x06;
d->bDescriptorType = USB_DT_ENDPOINT_COMPANION;
@@ -243,6 +240,10 @@ int usb_desc_endpoint(const USBDescEndpoint *ep, int flags,
usb_hi(ep->wBytesPerInterval);
}
+ if (ep->extra) {
+ memcpy(dest + bLength + superlen, ep->extra, extralen);
+ }
+
return bLength + extralen + superlen;
}
@@ -521,8 +522,6 @@ void usb_desc_attach(USBDevice *dev)
} else if (desc->full && (dev->port->speedmask & USB_SPEED_MASK_FULL)) {
dev->speed = USB_SPEED_FULL;
} else {
- fprintf(stderr, "usb: port/device speed mismatch for \"%s\"\n",
- usb_device_get_product_desc(dev));
return;
}
usb_desc_setdefaults(dev);
@@ -567,6 +566,12 @@ void usb_desc_create_serial(USBDevice *dev)
char *path;
int dst;
+ if (dev->serial) {
+ /* 'serial' usb bus property has priority if present */
+ usb_desc_set_string(dev, index, dev->serial);
+ return;
+ }
+
assert(index != 0 && desc->str[index] != NULL);
dst = snprintf(serial, sizeof(serial), "%s", desc->str[index]);
path = qdev_get_dev_path(hcd);
diff --git a/hw/usb/dev-audio.c b/hw/usb/dev-audio.c
index b669601c9..c5420eb05 100644
--- a/hw/usb/dev-audio.c
+++ b/hw/usb/dev-audio.c
@@ -33,7 +33,6 @@
#include "hw/usb.h"
#include "hw/usb/desc.h"
#include "hw/hw.h"
-#include "hw/audiodev.h"
#include "audio/audio.h"
#define USBAUDIO_VENDOR_NUM 0x46f4 /* CRC16() of "QEMU" */
@@ -674,6 +673,7 @@ static void usb_audio_class_init(ObjectClass *klass, void *data)
dc->vmsd = &vmstate_usb_audio;
dc->props = usb_audio_properties;
+ set_bit(DEVICE_CATEGORY_SOUND, dc->categories);
k->product_desc = "QEMU USB Audio Interface";
k->usb_desc = &desc_audio;
k->init = usb_audio_initfn;
@@ -684,7 +684,7 @@ static void usb_audio_class_init(ObjectClass *klass, void *data)
k->set_interface = usb_audio_set_interface;
}
-static TypeInfo usb_audio_info = {
+static const TypeInfo usb_audio_info = {
.name = "usb-audio",
.parent = TYPE_USB_DEVICE,
.instance_size = sizeof(USBAudioState),
diff --git a/hw/usb/dev-bluetooth.c b/hw/usb/dev-bluetooth.c
index 39984f53e..f2fc2a803 100644
--- a/hw/usb/dev-bluetooth.c
+++ b/hw/usb/dev-bluetooth.c
@@ -21,7 +21,7 @@
#include "qemu-common.h"
#include "hw/usb.h"
#include "hw/usb/desc.h"
-#include "net.h"
+#include "sysemu/bt.h"
#include "hw/bt.h"
struct USBBtState {
@@ -478,7 +478,7 @@ static void usb_bt_out_hci_packet_event(void *opaque,
struct USBBtState *s = (struct USBBtState *) opaque;
if (s->evt.len == 0) {
- usb_wakeup(s->intr);
+ usb_wakeup(s->intr, 0);
}
usb_bt_fifo_enqueue(&s->evt, data, len);
}
@@ -553,9 +553,10 @@ static void usb_bt_class_initfn(ObjectClass *klass, void *data)
uc->handle_data = usb_bt_handle_data;
uc->handle_destroy = usb_bt_handle_destroy;
dc->vmsd = &vmstate_usb_bt;
+ set_bit(DEVICE_CATEGORY_NETWORK, dc->categories);
}
-static TypeInfo bt_info = {
+static const TypeInfo bt_info = {
.name = "usb-bt-dongle",
.parent = TYPE_USB_DEVICE,
.instance_size = sizeof(struct USBBtState),
diff --git a/hw/usb/dev-hid.c b/hw/usb/dev-hid.c
index 55266b18e..66c63317d 100644
--- a/hw/usb/dev-hid.c
+++ b/hw/usb/dev-hid.c
@@ -23,11 +23,11 @@
* THE SOFTWARE.
*/
#include "hw/hw.h"
-#include "console.h"
+#include "ui/console.h"
#include "hw/usb.h"
#include "hw/usb/desc.h"
-#include "qemu-timer.h"
-#include "hw/hid.h"
+#include "qemu/timer.h"
+#include "hw/input/hid.h"
/* HID interface requests */
#define GET_REPORT 0xa101
@@ -46,6 +46,7 @@ typedef struct USBHIDState {
USBDevice dev;
USBEndpoint *intr;
HIDState hid;
+ uint32_t usb_version;
} USBHIDState;
enum {
@@ -131,6 +132,36 @@ static const USBDescIface desc_iface_tablet = {
},
};
+static const USBDescIface desc_iface_tablet2 = {
+ .bInterfaceNumber = 0,
+ .bNumEndpoints = 1,
+ .bInterfaceClass = USB_CLASS_HID,
+ .bInterfaceProtocol = 0x02,
+ .ndesc = 1,
+ .descs = (USBDescOther[]) {
+ {
+ /* HID descriptor */
+ .data = (uint8_t[]) {
+ 0x09, /* u8 bLength */
+ USB_DT_HID, /* u8 bDescriptorType */
+ 0x01, 0x00, /* u16 HID_class */
+ 0x00, /* u8 country_code */
+ 0x01, /* u8 num_descriptors */
+ USB_DT_REPORT, /* u8 type: Report */
+ 74, 0, /* u16 len */
+ },
+ },
+ },
+ .eps = (USBDescEndpoint[]) {
+ {
+ .bEndpointAddress = USB_DIR_IN | 0x01,
+ .bmAttributes = USB_ENDPOINT_XFER_INT,
+ .wMaxPacketSize = 8,
+ .bInterval = 4, /* 2 ^ (4-1) * 125 usecs = 1 ms */
+ },
+ },
+};
+
static const USBDescIface desc_iface_keyboard = {
.bInterfaceNumber = 0,
.bNumEndpoints = 1,
@@ -196,6 +227,23 @@ static const USBDescDevice desc_device_tablet = {
},
};
+static const USBDescDevice desc_device_tablet2 = {
+ .bcdUSB = 0x0200,
+ .bMaxPacketSize0 = 64,
+ .bNumConfigurations = 1,
+ .confs = (USBDescConfig[]) {
+ {
+ .bNumInterfaces = 1,
+ .bConfigurationValue = 1,
+ .iConfiguration = STR_CONFIG_TABLET,
+ .bmAttributes = 0x80,
+ .bMaxPower = 50,
+ .nif = 1,
+ .ifs = &desc_iface_tablet2,
+ },
+ },
+};
+
static const USBDescDevice desc_device_keyboard = {
.bcdUSB = 0x0100,
.bMaxPacketSize0 = 8,
@@ -239,6 +287,20 @@ static const USBDesc desc_tablet = {
.str = desc_strings,
};
+static const USBDesc desc_tablet2 = {
+ .id = {
+ .idVendor = 0x0627,
+ .idProduct = 0x0001,
+ .bcdDevice = 0,
+ .iManufacturer = STR_MANUFACTURER,
+ .iProduct = STR_PRODUCT_TABLET,
+ .iSerialNumber = STR_SERIALNUMBER,
+ },
+ .full = &desc_device_tablet,
+ .high = &desc_device_tablet2,
+ .str = desc_strings,
+};
+
static const USBDesc desc_keyboard = {
.id = {
.idVendor = 0x0627,
@@ -361,7 +423,7 @@ static void usb_hid_changed(HIDState *hs)
{
USBHIDState *us = container_of(hs, USBHIDState, hid);
- usb_wakeup(us->intr);
+ usb_wakeup(us->intr, 0);
}
static void usb_hid_handle_reset(USBDevice *dev)
@@ -439,7 +501,7 @@ static void usb_hid_handle_control(USBDevice *dev, USBPacket *p,
break;
case SET_IDLE:
hs->idle = (uint8_t) (value >> 8);
- hid_set_next_idle(hs, qemu_get_clock_ns(vm_clock));
+ hid_set_next_idle(hs);
if (hs->kind == HID_MOUSE || hs->kind == HID_TABLET) {
hid_pointer_activate(hs);
}
@@ -461,16 +523,14 @@ static void usb_hid_handle_data(USBDevice *dev, USBPacket *p)
switch (p->pid) {
case USB_TOKEN_IN:
if (p->ep->nr == 1) {
- int64_t curtime = qemu_get_clock_ns(vm_clock);
if (hs->kind == HID_MOUSE || hs->kind == HID_TABLET) {
hid_pointer_activate(hs);
}
- if (!hid_has_events(hs) &&
- (!hs->idle || hs->next_idle_clock - curtime > 0)) {
+ if (!hid_has_events(hs)) {
p->status = USB_RET_NAK;
return;
}
- hid_set_next_idle(hs, curtime);
+ hid_set_next_idle(hs);
if (hs->kind == HID_MOUSE || hs->kind == HID_TABLET) {
len = hid_pointer_poll(hs, buf, p->iov.size);
} else if (hs->kind == HID_KEYBOARD) {
@@ -500,6 +560,9 @@ static int usb_hid_initfn(USBDevice *dev, int kind)
{
USBHIDState *us = DO_UPCAST(USBHIDState, dev, dev);
+ if (dev->serial) {
+ usb_desc_set_string(dev, STR_SERIALNUMBER, dev->serial);
+ }
usb_desc_init(dev);
us->intr = usb_ep_get(dev, USB_TOKEN_IN, 1);
hid_init(&us->hid, kind, usb_hid_changed);
@@ -508,6 +571,21 @@ static int usb_hid_initfn(USBDevice *dev, int kind)
static int usb_tablet_initfn(USBDevice *dev)
{
+ USBHIDState *us = DO_UPCAST(USBHIDState, dev, dev);
+
+ switch (us->usb_version) {
+ case 1:
+ dev->usb_desc = &desc_tablet;
+ break;
+ case 2:
+ dev->usb_desc = &desc_tablet2;
+ break;
+ default:
+ error_report("Invalid usb version %d for usb-tabler (must be 1 or 2)",
+ us->usb_version);
+ return -1;
+ }
+
return usb_hid_initfn(dev, HID_TABLET);
}
@@ -562,8 +640,14 @@ static void usb_hid_class_initfn(ObjectClass *klass, void *data)
uc->handle_control = usb_hid_handle_control;
uc->handle_data = usb_hid_handle_data;
uc->handle_destroy = usb_hid_handle_destroy;
+ uc->handle_attach = usb_desc_attach;
}
+static Property usb_tablet_properties[] = {
+ DEFINE_PROP_UINT32("usb_version", USBHIDState, usb_version, 2),
+ DEFINE_PROP_END_OF_LIST(),
+};
+
static void usb_tablet_class_initfn(ObjectClass *klass, void *data)
{
DeviceClass *dc = DEVICE_CLASS(klass);
@@ -572,11 +656,12 @@ static void usb_tablet_class_initfn(ObjectClass *klass, void *data)
usb_hid_class_initfn(klass, data);
uc->init = usb_tablet_initfn;
uc->product_desc = "QEMU USB Tablet";
- uc->usb_desc = &desc_tablet;
dc->vmsd = &vmstate_usb_ptr;
+ dc->props = usb_tablet_properties;
+ set_bit(DEVICE_CATEGORY_MISC, dc->categories);
}
-static TypeInfo usb_tablet_info = {
+static const TypeInfo usb_tablet_info = {
.name = "usb-tablet",
.parent = TYPE_USB_DEVICE,
.instance_size = sizeof(USBHIDState),
@@ -593,9 +678,10 @@ static void usb_mouse_class_initfn(ObjectClass *klass, void *data)
uc->product_desc = "QEMU USB Mouse";
uc->usb_desc = &desc_mouse;
dc->vmsd = &vmstate_usb_ptr;
+ set_bit(DEVICE_CATEGORY_INPUT, dc->categories);
}
-static TypeInfo usb_mouse_info = {
+static const TypeInfo usb_mouse_info = {
.name = "usb-mouse",
.parent = TYPE_USB_DEVICE,
.instance_size = sizeof(USBHIDState),
@@ -612,9 +698,10 @@ static void usb_keyboard_class_initfn(ObjectClass *klass, void *data)
uc->product_desc = "QEMU USB Keyboard";
uc->usb_desc = &desc_keyboard;
dc->vmsd = &vmstate_usb_kbd;
+ set_bit(DEVICE_CATEGORY_INPUT, dc->categories);
}
-static TypeInfo usb_keyboard_info = {
+static const TypeInfo usb_keyboard_info = {
.name = "usb-kbd",
.parent = TYPE_USB_DEVICE,
.instance_size = sizeof(USBHIDState),
diff --git a/hw/usb/dev-hub.c b/hw/usb/dev-hub.c
index 9ee60dd41..e865a9875 100644
--- a/hw/usb/dev-hub.c
+++ b/hw/usb/dev-hub.c
@@ -25,6 +25,7 @@
#include "trace.h"
#include "hw/usb.h"
#include "hw/usb/desc.h"
+#include "qemu/error-report.h"
#define NUM_PORTS 8
@@ -32,6 +33,7 @@ typedef struct USBHubPort {
USBPort port;
uint16_t wPortStatus;
uint16_t wPortChange;
+ uint16_t wPortChange_reported;
} USBHubPort;
typedef struct USBHubState {
@@ -164,7 +166,7 @@ static void usb_hub_attach(USBPort *port1)
} else {
port->wPortStatus &= ~PORT_STAT_LOW_SPEED;
}
- usb_wakeup(s->intr);
+ usb_wakeup(s->intr, 0);
}
static void usb_hub_detach(USBPort *port1)
@@ -173,7 +175,7 @@ static void usb_hub_detach(USBPort *port1)
USBHubPort *port = &s->ports[port1->index];
trace_usb_hub_detach(s->dev.addr, port1->index + 1);
- usb_wakeup(s->intr);
+ usb_wakeup(s->intr, 0);
/* Let upstream know the device on this port is gone */
s->dev.port->ops->child_detach(s->dev.port, port1->dev);
@@ -184,6 +186,7 @@ static void usb_hub_detach(USBPort *port1)
port->wPortStatus &= ~PORT_STAT_ENABLE;
port->wPortChange |= PORT_STAT_C_ENABLE;
}
+ usb_wakeup(s->intr, 0);
}
static void usb_hub_child_detach(USBPort *port1, USBDevice *child)
@@ -201,7 +204,7 @@ static void usb_hub_wakeup(USBPort *port1)
if (port->wPortStatus & PORT_STAT_SUSPEND) {
port->wPortChange |= PORT_STAT_C_SUSPEND;
- usb_wakeup(s->intr);
+ usb_wakeup(s->intr, 0);
}
}
@@ -363,6 +366,7 @@ static void usb_hub_handle_control(USBDevice *dev, USBPacket *p,
port->wPortChange |= PORT_STAT_C_RESET;
/* set enable bit */
port->wPortStatus |= PORT_STAT_ENABLE;
+ usb_wakeup(s->intr, 0);
}
break;
case PORT_POWER:
@@ -464,8 +468,11 @@ static void usb_hub_handle_data(USBDevice *dev, USBPacket *p)
status = 0;
for(i = 0; i < NUM_PORTS; i++) {
port = &s->ports[i];
- if (port->wPortChange)
+ if (port->wPortChange &&
+ port->wPortChange_reported != port->wPortChange) {
status |= (1 << (i + 1));
+ }
+ port->wPortChange_reported = port->wPortChange;
}
if (status != 0) {
for(i = 0; i < n; i++) {
@@ -512,6 +519,11 @@ static int usb_hub_initfn(USBDevice *dev)
USBHubPort *port;
int i;
+ if (dev->port->hubcount == 5) {
+ error_report("usb hub chain too deep");
+ return -1;
+ }
+
usb_desc_create_serial(dev);
usb_desc_init(dev);
s->intr = usb_ep_get(dev, USB_TOKEN_IN, 1);
@@ -562,11 +574,12 @@ static void usb_hub_class_initfn(ObjectClass *klass, void *data)
uc->handle_control = usb_hub_handle_control;
uc->handle_data = usb_hub_handle_data;
uc->handle_destroy = usb_hub_handle_destroy;
+ set_bit(DEVICE_CATEGORY_BRIDGE, dc->categories);
dc->fw_name = "hub";
dc->vmsd = &vmstate_usb_hub;
}
-static TypeInfo hub_info = {
+static const TypeInfo hub_info = {
.name = "usb-hub",
.parent = TYPE_USB_DEVICE,
.instance_size = sizeof(USBHubState),
diff --git a/hw/usb/dev-network.c b/hw/usb/dev-network.c
index 14d9e5aa5..660d7743f 100644
--- a/hw/usb/dev-network.c
+++ b/hw/usb/dev-network.c
@@ -26,10 +26,12 @@
#include "qemu-common.h"
#include "hw/usb.h"
#include "hw/usb/desc.h"
-#include "net.h"
-#include "qemu-queue.h"
-#include "sysemu.h"
-#include "iov.h"
+#include "net/net.h"
+#include "qapi/qmp/qerror.h"
+#include "qemu/queue.h"
+#include "qemu/config-file.h"
+#include "sysemu/sysemu.h"
+#include "qemu/iov.h"
/*#define TRAFFIC_DEBUG*/
/* Thanks to NetChip Technologies for donating this product ID.
@@ -639,6 +641,8 @@ typedef struct USBNetState {
unsigned int in_ptr, in_len;
uint8_t in_buf[2048];
+ USBEndpoint *intr;
+
char usbstring_mac[13];
NICState *nic;
NICConf conf;
@@ -851,6 +855,10 @@ static void *rndis_queue_response(USBNetState *s, unsigned int length)
struct rndis_response *r =
g_malloc0(sizeof(struct rndis_response) + length);
+ if (QTAILQ_EMPTY(&s->rndis_resp)) {
+ usb_wakeup(s->intr, 0);
+ }
+
QTAILQ_INSERT_TAIL(&s->rndis_resp, r, entries);
r->length = length;
@@ -1005,7 +1013,7 @@ static int rndis_keepalive_response(USBNetState *s,
static void usb_net_reset_in_buf(USBNetState *s)
{
s->in_ptr = s->in_len = 0;
- qemu_flush_queued_packets(&s->nic->nc);
+ qemu_flush_queued_packets(qemu_get_queue(s->nic));
}
static int rndis_parse(USBNetState *s, uint8_t *data, int length)
@@ -1189,7 +1197,7 @@ static void usb_net_handle_dataout(USBNetState *s, USBPacket *p)
if (!is_rndis(s)) {
if (p->iov.size < 64) {
- qemu_send_packet(&s->nic->nc, s->out_buf, s->out_ptr);
+ qemu_send_packet(qemu_get_queue(s->nic), s->out_buf, s->out_ptr);
s->out_ptr = 0;
}
return;
@@ -1202,7 +1210,7 @@ static void usb_net_handle_dataout(USBNetState *s, USBPacket *p)
uint32_t offs = 8 + le32_to_cpu(msg->DataOffset);
uint32_t size = le32_to_cpu(msg->DataLength);
if (offs + size <= len)
- qemu_send_packet(&s->nic->nc, s->out_buf + offs, size);
+ qemu_send_packet(qemu_get_queue(s->nic), s->out_buf + offs, size);
}
s->out_ptr -= len;
memmove(s->out_buf, &s->out_buf[len], s->out_ptr);
@@ -1254,7 +1262,7 @@ static void usb_net_handle_data(USBDevice *dev, USBPacket *p)
static ssize_t usbnet_receive(NetClientState *nc, const uint8_t *buf, size_t size)
{
- USBNetState *s = DO_UPCAST(NICState, nc, nc)->opaque;
+ USBNetState *s = qemu_get_nic_opaque(nc);
uint8_t *in_buf = s->in_buf;
size_t total_size = size;
@@ -1301,7 +1309,7 @@ static ssize_t usbnet_receive(NetClientState *nc, const uint8_t *buf, size_t siz
static int usbnet_can_receive(NetClientState *nc)
{
- USBNetState *s = DO_UPCAST(NICState, nc, nc)->opaque;
+ USBNetState *s = qemu_get_nic_opaque(nc);
if (is_rndis(s) && s->rndis_state != RNDIS_DATA_INITIALIZED) {
return 1;
@@ -1312,7 +1320,7 @@ static int usbnet_can_receive(NetClientState *nc)
static void usbnet_cleanup(NetClientState *nc)
{
- USBNetState *s = DO_UPCAST(NICState, nc, nc)->opaque;
+ USBNetState *s = qemu_get_nic_opaque(nc);
s->nic = NULL;
}
@@ -1323,7 +1331,7 @@ static void usb_net_handle_destroy(USBDevice *dev)
/* TODO: remove the nd_table[] entry */
rndis_clear_responsequeue(s);
- qemu_del_net_client(&s->nic->nc);
+ qemu_del_nic(s->nic);
}
static NetClientInfo net_usbnet_info = {
@@ -1349,11 +1357,12 @@ static int usb_net_initfn(USBDevice *dev)
s->media_state = 0; /* NDIS_MEDIA_STATE_CONNECTED */;
s->filter = 0;
s->vendorid = 0x1234;
+ s->intr = usb_ep_get(dev, USB_TOKEN_IN, 1);
qemu_macaddr_default_if_unset(&s->conf.macaddr);
s->nic = qemu_new_nic(&net_usbnet_info, &s->conf,
object_get_typename(OBJECT(s)), s->dev.qdev.id, s);
- qemu_format_nic_info_str(&s->nic->nc, s->conf.macaddr.a);
+ qemu_format_nic_info_str(qemu_get_queue(s->nic), s->conf.macaddr.a);
snprintf(s->usbstring_mac, sizeof(s->usbstring_mac),
"%02x%02x%02x%02x%02x%02x",
0x40,
@@ -1420,12 +1429,13 @@ static void usb_net_class_initfn(ObjectClass *klass, void *data)
uc->handle_control = usb_net_handle_control;
uc->handle_data = usb_net_handle_data;
uc->handle_destroy = usb_net_handle_destroy;
+ set_bit(DEVICE_CATEGORY_NETWORK, dc->categories);
dc->fw_name = "network";
dc->vmsd = &vmstate_usb_net;
dc->props = net_properties;
}
-static TypeInfo net_info = {
+static const TypeInfo net_info = {
.name = "usb-net",
.parent = TYPE_USB_DEVICE,
.instance_size = sizeof(USBNetState),
diff --git a/hw/usb/dev-serial.c b/hw/usb/dev-serial.c
index 99b19df1d..0b150d43f 100644
--- a/hw/usb/dev-serial.c
+++ b/hw/usb/dev-serial.c
@@ -9,10 +9,10 @@
*/
#include "qemu-common.h"
-#include "qemu-error.h"
+#include "qemu/error-report.h"
#include "hw/usb.h"
#include "hw/usb/desc.h"
-#include "qemu-char.h"
+#include "sysemu/char.h"
//#define DEBUG_Serial
@@ -410,13 +410,6 @@ static void usb_serial_handle_data(USBDevice *dev, USBPacket *p)
}
}
-static void usb_serial_handle_destroy(USBDevice *dev)
-{
- USBSerialState *s = (USBSerialState *)dev;
-
- qemu_chr_add_handlers(s->cs, NULL, NULL, NULL, NULL);
-}
-
static int usb_serial_can_read(void *opaque)
{
USBSerialState *s = opaque;
@@ -495,7 +488,7 @@ static int usb_serial_initfn(USBDevice *dev)
usb_serial_event, s);
usb_serial_handle_reset(dev);
- if (s->cs->opened && !dev->attached) {
+ if (s->cs->be_open && !dev->attached) {
usb_device_attach(dev);
}
return 0;
@@ -595,12 +588,12 @@ static void usb_serial_class_initfn(ObjectClass *klass, void *data)
uc->handle_reset = usb_serial_handle_reset;
uc->handle_control = usb_serial_handle_control;
uc->handle_data = usb_serial_handle_data;
- uc->handle_destroy = usb_serial_handle_destroy;
dc->vmsd = &vmstate_usb_serial;
dc->props = serial_properties;
+ set_bit(DEVICE_CATEGORY_INPUT, dc->categories);
}
-static TypeInfo serial_info = {
+static const TypeInfo serial_info = {
.name = "usb-serial",
.parent = TYPE_USB_DEVICE,
.instance_size = sizeof(USBSerialState),
@@ -623,12 +616,12 @@ static void usb_braille_class_initfn(ObjectClass *klass, void *data)
uc->handle_reset = usb_serial_handle_reset;
uc->handle_control = usb_serial_handle_control;
uc->handle_data = usb_serial_handle_data;
- uc->handle_destroy = usb_serial_handle_destroy;
dc->vmsd = &vmstate_usb_serial;
dc->props = braille_properties;
+ set_bit(DEVICE_CATEGORY_INPUT, dc->categories);
}
-static TypeInfo braille_info = {
+static const TypeInfo braille_info = {
.name = "usb-braille",
.parent = TYPE_USB_DEVICE,
.instance_size = sizeof(USBSerialState),
diff --git a/hw/usb/dev-smartcard-reader.c b/hw/usb/dev-smartcard-reader.c
index de955b709..2233c548f 100644
--- a/hw/usb/dev-smartcard-reader.c
+++ b/hw/usb/dev-smartcard-reader.c
@@ -35,12 +35,12 @@
*/
#include "qemu-common.h"
-#include "qemu-error.h"
+#include "qemu/error-report.h"
#include "hw/usb.h"
#include "hw/usb/desc.h"
-#include "monitor.h"
+#include "monitor/monitor.h"
-#include "hw/ccid.h"
+#include "ccid.h"
#define DPRINTF(s, lvl, fmt, ...) \
do { \
@@ -68,12 +68,6 @@ do { \
#define BULK_IN_BUF_SIZE 384
#define BULK_IN_PENDING_NUM 8
-#define InterfaceOutClass \
- ((USB_DIR_OUT | USB_TYPE_CLASS | USB_RECIP_INTERFACE)<<8)
-
-#define InterfaceInClass \
- ((USB_DIR_IN | USB_TYPE_CLASS | USB_RECIP_INTERFACE)<<8)
-
#define CCID_MAX_PACKET_SIZE 64
#define CCID_CONTROL_ABORT 0x1
@@ -195,10 +189,34 @@ typedef struct QEMU_PACKED CCID_SlotStatus {
uint8_t bClockStatus;
} CCID_SlotStatus;
+typedef struct QEMU_PACKED CCID_T0ProtocolDataStructure {
+ uint8_t bmFindexDindex;
+ uint8_t bmTCCKST0;
+ uint8_t bGuardTimeT0;
+ uint8_t bWaitingIntegerT0;
+ uint8_t bClockStop;
+} CCID_T0ProtocolDataStructure;
+
+typedef struct QEMU_PACKED CCID_T1ProtocolDataStructure {
+ uint8_t bmFindexDindex;
+ uint8_t bmTCCKST1;
+ uint8_t bGuardTimeT1;
+ uint8_t bWaitingIntegerT1;
+ uint8_t bClockStop;
+ uint8_t bIFSC;
+ uint8_t bNadValue;
+} CCID_T1ProtocolDataStructure;
+
+typedef union CCID_ProtocolDataStructure {
+ CCID_T0ProtocolDataStructure t0;
+ CCID_T1ProtocolDataStructure t1;
+ uint8_t data[7]; /* must be = max(sizeof(t0), sizeof(t1)) */
+} CCID_ProtocolDataStructure;
+
typedef struct QEMU_PACKED CCID_Parameter {
CCID_BULK_IN b;
uint8_t bProtocolNum;
- uint8_t abProtocolDataStructure[0];
+ CCID_ProtocolDataStructure abProtocolDataStructure;
} CCID_Parameter;
typedef struct QEMU_PACKED CCID_DataBlock {
@@ -230,7 +248,7 @@ typedef struct QEMU_PACKED CCID_SetParameters {
CCID_Header hdr;
uint8_t bProtocolNum;
uint16_t abRFU;
- uint8_t abProtocolDataStructure[0];
+ CCID_ProtocolDataStructure abProtocolDataStructure;
} CCID_SetParameters;
typedef struct CCID_Notify_Slot_Change {
@@ -260,8 +278,6 @@ typedef struct CCIDBus {
BusState qbus;
} CCIDBus;
-#define MAX_PROTOCOL_SIZE 7
-
/*
* powered - defaults to true, changed by PowerOn/PowerOff messages
*/
@@ -285,7 +301,7 @@ typedef struct USBCCIDState {
uint8_t bError;
uint8_t bmCommandStatus;
uint8_t bProtocolNum;
- uint8_t abProtocolDataStructure[MAX_PROTOCOL_SIZE];
+ CCID_ProtocolDataStructure abProtocolDataStructure;
uint32_t ulProtocolDataStructureSize;
uint32_t state_vmstate;
uint32_t migration_target_ip;
@@ -319,8 +335,8 @@ static const uint8_t qemu_ccid_descriptor[] = {
*/
0x07, /* u8 bVoltageSupport; 01h - 5.0v, 02h - 3.0, 03 - 1.8 */
- 0x03, 0x00, /* u32 dwProtocols; RRRR PPPP. RRRR = 0000h.*/
- 0x00, 0x00, /* PPPP: 0001h = Protocol T=0, 0002h = Protocol T=1 */
+ 0x00, 0x00, /* u32 dwProtocols; RRRR PPPP. RRRR = 0000h.*/
+ 0x01, 0x00, /* PPPP: 0001h = Protocol T=0, 0002h = Protocol T=1 */
/* u32 dwDefaultClock; in kHZ (0x0fa0 is 4 MHz) */
0xa0, 0x0f, 0x00, 0x00,
/* u32 dwMaximumClock; */
@@ -359,11 +375,11 @@ static const uint8_t qemu_ccid_descriptor[] = {
* 20000 Short APDU level exchange with CCID
* 40000 Short and Extended APDU level exchange with CCID
*
- * + 100000 USB Wake up signaling supported on card
+ * 100000 USB Wake up signaling supported on card
* insertion and removal. Must set bit 5 in bmAttributes
* in Configuration descriptor if 100000 is set.
*/
- 0xfe, 0x04, 0x11, 0x00,
+ 0xfe, 0x04, 0x01, 0x00,
/*
* u32 dwMaxCCIDMessageLength; For extended APDU in
* [261 + 10 , 65544 + 10]. Otherwise the minimum is
@@ -410,8 +426,8 @@ static const USBDescStrings desc_strings = {
static const USBDescIface desc_iface0 = {
.bInterfaceNumber = 0,
.bNumEndpoints = 3,
- .bInterfaceClass = 0x0b,
- .bInterfaceSubClass = 0x00,
+ .bInterfaceClass = USB_CLASS_CSCID,
+ .bInterfaceSubClass = USB_SUBCLASS_UNDEFINED,
.bInterfaceProtocol = 0x00,
.iInterface = STR_INTERFACE,
.ndesc = 1,
@@ -471,6 +487,7 @@ static const USBDesc desc_ccid = {
static const uint8_t *ccid_card_get_atr(CCIDCardState *card, uint32_t *len)
{
CCIDCardClass *cc = CCID_CARD_GET_CLASS(card);
+
if (cc->get_atr) {
return cc->get_atr(card, len);
}
@@ -482,6 +499,7 @@ static void ccid_card_apdu_from_guest(CCIDCardState *card,
uint32_t len)
{
CCIDCardClass *cc = CCID_CARD_GET_CLASS(card);
+
if (cc->apdu_from_guest) {
cc->apdu_from_guest(card, apdu, len);
}
@@ -490,6 +508,7 @@ static void ccid_card_apdu_from_guest(CCIDCardState *card,
static int ccid_card_exitfn(CCIDCardState *card)
{
CCIDCardClass *cc = CCID_CARD_GET_CLASS(card);
+
if (cc->exitfn) {
return cc->exitfn(card);
}
@@ -499,6 +518,7 @@ static int ccid_card_exitfn(CCIDCardState *card)
static int ccid_card_initfn(CCIDCardState *card)
{
CCIDCardClass *cc = CCID_CARD_GET_CLASS(card);
+
if (cc->initfn) {
return cc->initfn(card);
}
@@ -635,13 +655,47 @@ static void ccid_handle_reset(USBDevice *dev)
ccid_reset(s);
}
+static const char *ccid_control_to_str(USBCCIDState *s, int request)
+{
+ switch (request) {
+ /* generic - should be factored out if there are other debugees */
+ case DeviceOutRequest | USB_REQ_SET_ADDRESS:
+ return "(generic) set address";
+ case DeviceRequest | USB_REQ_GET_DESCRIPTOR:
+ return "(generic) get descriptor";
+ case DeviceRequest | USB_REQ_GET_CONFIGURATION:
+ return "(generic) get configuration";
+ case DeviceOutRequest | USB_REQ_SET_CONFIGURATION:
+ return "(generic) set configuration";
+ case DeviceRequest | USB_REQ_GET_STATUS:
+ return "(generic) get status";
+ case DeviceOutRequest | USB_REQ_CLEAR_FEATURE:
+ return "(generic) clear feature";
+ case DeviceOutRequest | USB_REQ_SET_FEATURE:
+ return "(generic) set_feature";
+ case InterfaceRequest | USB_REQ_GET_INTERFACE:
+ return "(generic) get interface";
+ case InterfaceOutRequest | USB_REQ_SET_INTERFACE:
+ return "(generic) set interface";
+ /* class requests */
+ case ClassInterfaceOutRequest | CCID_CONTROL_ABORT:
+ return "ABORT";
+ case ClassInterfaceRequest | CCID_CONTROL_GET_CLOCK_FREQUENCIES:
+ return "GET_CLOCK_FREQUENCIES";
+ case ClassInterfaceRequest | CCID_CONTROL_GET_DATA_RATES:
+ return "GET_DATA_RATES";
+ }
+ return "unknown";
+}
+
static void ccid_handle_control(USBDevice *dev, USBPacket *p, int request,
int value, int index, int length, uint8_t *data)
{
USBCCIDState *s = DO_UPCAST(USBCCIDState, dev, dev);
int ret;
- DPRINTF(s, 1, "got control %x, value %x\n", request, value);
+ DPRINTF(s, 1, "%s: got control %s (%x), value %x\n", __func__,
+ ccid_control_to_str(s, request), request, value);
ret = usb_desc_handle_control(dev, p, request, value, index, length, data);
if (ret >= 0) {
return;
@@ -649,15 +703,15 @@ static void ccid_handle_control(USBDevice *dev, USBPacket *p, int request,
switch (request) {
/* Class specific requests. */
- case InterfaceOutClass | CCID_CONTROL_ABORT:
+ case ClassInterfaceOutRequest | CCID_CONTROL_ABORT:
DPRINTF(s, 1, "ccid_control abort UNIMPLEMENTED\n");
p->status = USB_RET_STALL;
break;
- case InterfaceInClass | CCID_CONTROL_GET_CLOCK_FREQUENCIES:
+ case ClassInterfaceRequest | CCID_CONTROL_GET_CLOCK_FREQUENCIES:
DPRINTF(s, 1, "ccid_control get clock frequencies UNIMPLEMENTED\n");
p->status = USB_RET_STALL;
break;
- case InterfaceInClass | CCID_CONTROL_GET_DATA_RATES:
+ case ClassInterfaceRequest | CCID_CONTROL_GET_DATA_RATES:
DPRINTF(s, 1, "ccid_control get data rates UNIMPLEMENTED\n");
p->status = USB_RET_STALL;
break;
@@ -691,7 +745,7 @@ static uint8_t ccid_calc_status(USBCCIDState *s)
* bmCommandStatus
*/
uint8_t ret = ccid_card_status(s) | (s->bmCommandStatus << 6);
- DPRINTF(s, D_VERBOSE, "status = %d\n", ret);
+ DPRINTF(s, D_VERBOSE, "%s: status = %d\n", __func__, ret);
return ret;
}
@@ -733,7 +787,7 @@ static void ccid_write_parameters(USBCCIDState *s, CCID_Header *recv)
h->b.bStatus = ccid_calc_status(s);
h->b.bError = s->bError;
h->bProtocolNum = s->bProtocolNum;
- memcpy(h->abProtocolDataStructure, s->abProtocolDataStructure, len);
+ h->abProtocolDataStructure = s->abProtocolDataStructure;
ccid_reset_error_status(s);
}
@@ -752,12 +806,18 @@ static void ccid_write_data_block(USBCCIDState *s, uint8_t slot, uint8_t seq,
p->b.bStatus = ccid_calc_status(s);
p->b.bError = s->bError;
if (p->b.bError) {
- DPRINTF(s, D_VERBOSE, "error %d", p->b.bError);
+ DPRINTF(s, D_VERBOSE, "error %d\n", p->b.bError);
}
memcpy(p->abData, data, len);
ccid_reset_error_status(s);
}
+static void ccid_report_error_failed(USBCCIDState *s, uint8_t error)
+{
+ s->bmCommandStatus = COMMAND_STATUS_FAILED;
+ s->bError = error;
+}
+
static void ccid_write_data_block_answer(USBCCIDState *s,
const uint8_t *data, uint32_t len)
{
@@ -765,64 +825,103 @@ static void ccid_write_data_block_answer(USBCCIDState *s,
uint8_t slot;
if (!ccid_has_pending_answers(s)) {
- abort();
+ DPRINTF(s, D_WARN, "error: no pending answer to return to guest\n");
+ ccid_report_error_failed(s, ERROR_ICC_MUTE);
+ return;
}
ccid_remove_pending_answer(s, &slot, &seq);
ccid_write_data_block(s, slot, seq, data, len);
}
+static uint8_t atr_get_protocol_num(const uint8_t *atr, uint32_t len)
+{
+ int i;
+
+ if (len < 2 || !(atr[1] & 0x80)) {
+ /* too short or TD1 not included */
+ return 0; /* T=0, default */
+ }
+ i = 1 + !!(atr[1] & 0x10) + !!(atr[1] & 0x20) + !!(atr[1] & 0x40);
+ i += !!(atr[1] & 0x80);
+ return atr[i] & 0x0f;
+}
+
static void ccid_write_data_block_atr(USBCCIDState *s, CCID_Header *recv)
{
const uint8_t *atr = NULL;
uint32_t len = 0;
+ uint8_t atr_protocol_num;
+ CCID_T0ProtocolDataStructure *t0 = &s->abProtocolDataStructure.t0;
+ CCID_T1ProtocolDataStructure *t1 = &s->abProtocolDataStructure.t1;
if (s->card) {
atr = ccid_card_get_atr(s->card, &len);
}
+ atr_protocol_num = atr_get_protocol_num(atr, len);
+ DPRINTF(s, D_VERBOSE, "%s: atr contains protocol=%d\n", __func__,
+ atr_protocol_num);
+ /* set parameters from ATR - see spec page 109 */
+ s->bProtocolNum = (atr_protocol_num <= 1 ? atr_protocol_num
+ : s->bProtocolNum);
+ switch (atr_protocol_num) {
+ case 0:
+ /* TODO: unimplemented ATR T0 parameters */
+ t0->bmFindexDindex = 0;
+ t0->bmTCCKST0 = 0;
+ t0->bGuardTimeT0 = 0;
+ t0->bWaitingIntegerT0 = 0;
+ t0->bClockStop = 0;
+ break;
+ case 1:
+ /* TODO: unimplemented ATR T1 parameters */
+ t1->bmFindexDindex = 0;
+ t1->bmTCCKST1 = 0;
+ t1->bGuardTimeT1 = 0;
+ t1->bWaitingIntegerT1 = 0;
+ t1->bClockStop = 0;
+ t1->bIFSC = 0;
+ t1->bNadValue = 0;
+ break;
+ default:
+ DPRINTF(s, D_WARN, "%s: error: unsupported ATR protocol %d\n",
+ __func__, atr_protocol_num);
+ }
ccid_write_data_block(s, recv->bSlot, recv->bSeq, atr, len);
}
static void ccid_set_parameters(USBCCIDState *s, CCID_Header *recv)
{
CCID_SetParameters *ph = (CCID_SetParameters *) recv;
- uint32_t len = 0;
- if ((ph->bProtocolNum & 3) == 0) {
- len = 5;
- }
- if ((ph->bProtocolNum & 3) == 1) {
- len = 7;
- }
- if (len == 0) {
- s->bmCommandStatus = COMMAND_STATUS_FAILED;
- s->bError = 7; /* Protocol invalid or not supported */
+ uint32_t protocol_num = ph->bProtocolNum & 3;
+
+ if (protocol_num != 0 && protocol_num != 1) {
+ ccid_report_error_failed(s, ERROR_CMD_NOT_SUPPORTED);
return;
}
- s->bProtocolNum = ph->bProtocolNum;
- memcpy(s->abProtocolDataStructure, ph->abProtocolDataStructure, len);
- s->ulProtocolDataStructureSize = len;
- DPRINTF(s, 1, "%s: using len %d\n", __func__, len);
+ s->bProtocolNum = protocol_num;
+ s->abProtocolDataStructure = ph->abProtocolDataStructure;
}
/*
* must be 5 bytes for T=0, 7 bytes for T=1
* See page 52
*/
-static const uint8_t abDefaultProtocolDataStructure[7] = {
- 0x77, 0x00, 0x00, 0x00, 0x00, 0xfe /*IFSC*/, 0x00 /*NAD*/ };
+static const CCID_ProtocolDataStructure defaultProtocolDataStructure = {
+ .t1 = {
+ .bmFindexDindex = 0x77,
+ .bmTCCKST1 = 0x00,
+ .bGuardTimeT1 = 0x00,
+ .bWaitingIntegerT1 = 0x00,
+ .bClockStop = 0x00,
+ .bIFSC = 0xfe,
+ .bNadValue = 0x00,
+ }
+};
static void ccid_reset_parameters(USBCCIDState *s)
{
- uint32_t len = sizeof(abDefaultProtocolDataStructure);
-
- s->bProtocolNum = 1; /* T=1 */
- s->ulProtocolDataStructureSize = len;
- memcpy(s->abProtocolDataStructure, abDefaultProtocolDataStructure, len);
-}
-
-static void ccid_report_error_failed(USBCCIDState *s, uint8_t error)
-{
- s->bmCommandStatus = COMMAND_STATUS_FAILED;
- s->bError = error;
+ s->bProtocolNum = 0; /* T=0 */
+ s->abProtocolDataStructure = defaultProtocolDataStructure;
}
/* NOTE: only a single slot is supported (SLOT_0) */
@@ -839,7 +938,7 @@ static void ccid_on_slot_change(USBCCIDState *s, bool full)
s->bmSlotICCState |= SLOT_0_CHANGED_MASK;
}
s->notify_slot_change = true;
- usb_wakeup(s->intr);
+ usb_wakeup(s->intr, 0);
}
static void ccid_write_data_block_error(
@@ -869,6 +968,28 @@ static void ccid_on_apdu_from_guest(USBCCIDState *s, CCID_XferBlock *recv)
}
}
+static const char *ccid_message_type_to_str(uint8_t type)
+{
+ switch (type) {
+ case CCID_MESSAGE_TYPE_PC_to_RDR_IccPowerOn: return "IccPowerOn";
+ case CCID_MESSAGE_TYPE_PC_to_RDR_IccPowerOff: return "IccPowerOff";
+ case CCID_MESSAGE_TYPE_PC_to_RDR_GetSlotStatus: return "GetSlotStatus";
+ case CCID_MESSAGE_TYPE_PC_to_RDR_XfrBlock: return "XfrBlock";
+ case CCID_MESSAGE_TYPE_PC_to_RDR_GetParameters: return "GetParameters";
+ case CCID_MESSAGE_TYPE_PC_to_RDR_ResetParameters: return "ResetParameters";
+ case CCID_MESSAGE_TYPE_PC_to_RDR_SetParameters: return "SetParameters";
+ case CCID_MESSAGE_TYPE_PC_to_RDR_Escape: return "Escape";
+ case CCID_MESSAGE_TYPE_PC_to_RDR_IccClock: return "IccClock";
+ case CCID_MESSAGE_TYPE_PC_to_RDR_T0APDU: return "T0APDU";
+ case CCID_MESSAGE_TYPE_PC_to_RDR_Secure: return "Secure";
+ case CCID_MESSAGE_TYPE_PC_to_RDR_Mechanical: return "Mechanical";
+ case CCID_MESSAGE_TYPE_PC_to_RDR_Abort: return "Abort";
+ case CCID_MESSAGE_TYPE_PC_to_RDR_SetDataRateAndClockFrequency:
+ return "SetDataRateAndClockFrequency";
+ }
+ return "unknown";
+}
+
static void ccid_handle_bulk_out(USBCCIDState *s, USBPacket *p)
{
CCID_Header *ccid_header;
@@ -891,13 +1012,15 @@ static void ccid_handle_bulk_out(USBCCIDState *s, USBPacket *p)
"%s: bad USB_TOKEN_OUT length, should be at least 10 bytes\n",
__func__);
} else {
- DPRINTF(s, D_MORE_INFO, "%s %x\n", __func__, ccid_header->bMessageType);
+ DPRINTF(s, D_MORE_INFO, "%s %x %s\n", __func__,
+ ccid_header->bMessageType,
+ ccid_message_type_to_str(ccid_header->bMessageType));
switch (ccid_header->bMessageType) {
case CCID_MESSAGE_TYPE_PC_to_RDR_GetSlotStatus:
ccid_write_slot_status(s, ccid_header);
break;
case CCID_MESSAGE_TYPE_PC_to_RDR_IccPowerOn:
- DPRINTF(s, 1, "PowerOn: %d\n",
+ DPRINTF(s, 1, "%s: PowerOn: %d\n", __func__,
((CCID_IccPowerOn *)(ccid_header))->bPowerSelect);
s->powered = true;
if (!ccid_card_inserted(s)) {
@@ -907,7 +1030,6 @@ static void ccid_handle_bulk_out(USBCCIDState *s, USBPacket *p)
ccid_write_data_block_atr(s, ccid_header);
break;
case CCID_MESSAGE_TYPE_PC_to_RDR_IccPowerOff:
- DPRINTF(s, 1, "PowerOff\n");
ccid_reset_error_status(s);
s->powered = false;
ccid_write_slot_status(s, ccid_header);
@@ -929,6 +1051,10 @@ static void ccid_handle_bulk_out(USBCCIDState *s, USBPacket *p)
ccid_reset_error_status(s);
ccid_write_parameters(s, ccid_header);
break;
+ case CCID_MESSAGE_TYPE_PC_to_RDR_Mechanical:
+ ccid_report_error_failed(s, 0);
+ ccid_write_slot_status(s, ccid_header);
+ break;
default:
DPRINTF(s, 1,
"handle_data: ERROR: unhandled message type %Xh\n",
@@ -1068,7 +1194,9 @@ void ccid_card_send_apdu_to_guest(CCIDCardState *card,
s->bmCommandStatus = COMMAND_STATUS_NO_ERROR;
answer = ccid_peek_next_answer(s);
if (answer == NULL) {
- abort();
+ DPRINTF(s, D_WARN, "%s: error: unexpected lack of answer\n", __func__);
+ ccid_report_error_failed(s, ERROR_HW_ERROR);
+ return;
}
DPRINTF(s, 1, "APDU returned to guest %d (answer seq %d, slot %d)\n",
len, answer->seq, answer->slot);
@@ -1201,6 +1329,7 @@ static int ccid_initfn(USBDevice *dev)
s->bulk_out_pos = 0;
ccid_reset_parameters(s);
ccid_reset(s);
+ s->debug = parse_debug_env("QEMU_CCID_DEBUG", D_VERBOSE, s->debug);
return 0;
}
@@ -1268,7 +1397,7 @@ static VMStateDescription usb_device_vmstate = {
};
static VMStateDescription ccid_vmstate = {
- .name = CCID_DEV_NAME,
+ .name = "usb-ccid",
.version_id = 1,
.minimum_version_id = 1,
.post_load = ccid_post_load,
@@ -1285,7 +1414,7 @@ static VMStateDescription ccid_vmstate = {
VMSTATE_UINT8(bError, USBCCIDState),
VMSTATE_UINT8(bmCommandStatus, USBCCIDState),
VMSTATE_UINT8(bProtocolNum, USBCCIDState),
- VMSTATE_BUFFER(abProtocolDataStructure, USBCCIDState),
+ VMSTATE_BUFFER(abProtocolDataStructure.data, USBCCIDState),
VMSTATE_UINT32(ulProtocolDataStructureSize, USBCCIDState),
VMSTATE_STRUCT_ARRAY(bulk_in_pending, USBCCIDState,
BULK_IN_PENDING_NUM, 1, bulk_in_vmstate, BulkIn),
@@ -1320,9 +1449,10 @@ static void ccid_class_initfn(ObjectClass *klass, void *data)
dc->desc = "CCID Rev 1.1 smartcard reader";
dc->vmsd = &ccid_vmstate;
dc->props = ccid_properties;
+ set_bit(DEVICE_CATEGORY_INPUT, dc->categories);
}
-static TypeInfo ccid_info = {
+static const TypeInfo ccid_info = {
.name = CCID_DEV_NAME,
.parent = TYPE_USB_DEVICE,
.instance_size = sizeof(USBCCIDState),
@@ -1338,7 +1468,7 @@ static void ccid_card_class_init(ObjectClass *klass, void *data)
k->props = ccid_props;
}
-static TypeInfo ccid_card_type_info = {
+static const TypeInfo ccid_card_type_info = {
.name = TYPE_CCID_CARD,
.parent = TYPE_DEVICE,
.instance_size = sizeof(CCIDCardState),
diff --git a/hw/usb/dev-storage.c b/hw/usb/dev-storage.c
index 50af97109..a8dc2fa96 100644
--- a/hw/usb/dev-storage.c
+++ b/hw/usb/dev-storage.c
@@ -8,15 +8,15 @@
*/
#include "qemu-common.h"
-#include "qemu-option.h"
-#include "qemu-config.h"
+#include "qemu/option.h"
+#include "qemu/config-file.h"
#include "hw/usb.h"
#include "hw/usb/desc.h"
-#include "hw/scsi.h"
-#include "console.h"
-#include "monitor.h"
-#include "sysemu.h"
-#include "blockdev.h"
+#include "hw/scsi/scsi.h"
+#include "ui/console.h"
+#include "monitor/monitor.h"
+#include "sysemu/sysemu.h"
+#include "sysemu/blockdev.h"
//#define DEBUG_MSD
@@ -54,12 +54,11 @@ typedef struct {
struct usb_msd_csw csw;
SCSIRequest *req;
SCSIBus bus;
- BlockConf conf;
- char *serial;
- SCSIDevice *scsi_dev;
- uint32_t removable;
/* For async completion. */
USBPacket *packet;
+ /* usb-storage only */
+ BlockConf conf;
+ uint32_t removable;
} MSDState;
struct usb_msd_cbw {
@@ -343,7 +342,8 @@ static void usb_msd_handle_control(USBDevice *dev, USBPacket *p,
int request, int value, int index, int length, uint8_t *data)
{
MSDState *s = (MSDState *)dev;
- int ret;
+ SCSIDevice *scsi_dev;
+ int ret, maxlun;
ret = usb_desc_handle_control(dev, p, request, value, index, length, data);
if (ret >= 0) {
@@ -359,7 +359,19 @@ static void usb_msd_handle_control(USBDevice *dev, USBPacket *p,
s->mode = USB_MSDM_CBW;
break;
case ClassInterfaceRequest | GetMaxLun:
- data[0] = 0;
+ maxlun = 0;
+ for (;;) {
+ scsi_dev = scsi_device_find(&s->bus, 0, 0, maxlun+1);
+ if (scsi_dev == NULL) {
+ break;
+ }
+ if (scsi_dev->lun != maxlun+1) {
+ break;
+ }
+ maxlun++;
+ }
+ DPRINTF("MaxLun %d\n", maxlun);
+ data[0] = maxlun;
p->actual_length = 1;
break;
default:
@@ -386,6 +398,8 @@ static void usb_msd_handle_data(USBDevice *dev, USBPacket *p)
uint32_t tag;
struct usb_msd_cbw cbw;
uint8_t devep = p->ep->nr;
+ SCSIDevice *scsi_dev;
+ uint32_t len;
switch (p->pid) {
case USB_TOKEN_OUT:
@@ -405,7 +419,8 @@ static void usb_msd_handle_data(USBDevice *dev, USBPacket *p)
goto fail;
}
DPRINTF("Command on LUN %d\n", cbw.lun);
- if (cbw.lun != 0) {
+ scsi_dev = scsi_device_find(&s->bus, 0, 0, cbw.lun);
+ if (scsi_dev == NULL) {
fprintf(stderr, "usb-msd: Bad LUN %d\n", cbw.lun);
goto fail;
}
@@ -422,12 +437,12 @@ static void usb_msd_handle_data(USBDevice *dev, USBPacket *p)
tag, cbw.flags, cbw.cmd_len, s->data_len);
assert(le32_to_cpu(s->csw.residue) == 0);
s->scsi_len = 0;
- s->req = scsi_req_new(s->scsi_dev, tag, 0, cbw.cmd, NULL);
+ s->req = scsi_req_new(scsi_dev, tag, cbw.lun, cbw.cmd, NULL);
#ifdef DEBUG_MSD
scsi_req_print(s->req);
#endif
- scsi_req_enqueue(s->req);
- if (s->req && s->req->cmd.xfer != SCSI_XFER_NONE) {
+ len = scsi_req_enqueue(s->req);
+ if (len) {
scsi_req_continue(s->req);
}
break;
@@ -553,7 +568,7 @@ static void *usb_msd_load_request(QEMUFile *f, SCSIRequest *req)
return NULL;
}
-static const struct SCSIBusInfo usb_msd_scsi_info = {
+static const struct SCSIBusInfo usb_msd_scsi_info_storage = {
.tcq = false,
.max_target = 0,
.max_lun = 0,
@@ -564,17 +579,30 @@ static const struct SCSIBusInfo usb_msd_scsi_info = {
.load_request = usb_msd_load_request,
};
-static int usb_msd_initfn(USBDevice *dev)
+static const struct SCSIBusInfo usb_msd_scsi_info_bot = {
+ .tcq = false,
+ .max_target = 0,
+ .max_lun = 15,
+
+ .transfer_data = usb_msd_transfer_data,
+ .complete = usb_msd_command_complete,
+ .cancel = usb_msd_request_cancelled,
+ .load_request = usb_msd_load_request,
+};
+
+static int usb_msd_initfn_storage(USBDevice *dev)
{
MSDState *s = DO_UPCAST(MSDState, dev, dev);
BlockDriverState *bs = s->conf.bs;
+ SCSIDevice *scsi_dev;
+ Error *err = NULL;
if (!bs) {
error_report("drive property not set");
return -1;
}
- blkconf_serial(&s->conf, &s->serial);
+ blkconf_serial(&s->conf, &dev->serial);
/*
* Hack alert: this pretends to be a block device, but it's really
@@ -588,17 +616,13 @@ static int usb_msd_initfn(USBDevice *dev)
bdrv_detach_dev(bs, &s->dev.qdev);
s->conf.bs = NULL;
- if (s->serial) {
- usb_desc_set_string(dev, STR_SERIALNUMBER, s->serial);
- } else {
- usb_desc_create_serial(dev);
- }
-
+ usb_desc_create_serial(dev);
usb_desc_init(dev);
- scsi_bus_new(&s->bus, &s->dev.qdev, &usb_msd_scsi_info);
- s->scsi_dev = scsi_bus_legacy_add_drive(&s->bus, bs, 0, !!s->removable,
- s->conf.bootindex);
- if (!s->scsi_dev) {
+ scsi_bus_new(&s->bus, &s->dev.qdev, &usb_msd_scsi_info_storage, NULL);
+ scsi_dev = scsi_bus_legacy_add_drive(&s->bus, bs, 0, !!s->removable,
+ s->conf.bootindex, dev->serial,
+ &err);
+ if (!scsi_dev) {
return -1;
}
s->bus.qbus.allow_hotplug = 0;
@@ -616,6 +640,19 @@ static int usb_msd_initfn(USBDevice *dev)
return 0;
}
+static int usb_msd_initfn_bot(USBDevice *dev)
+{
+ MSDState *s = DO_UPCAST(MSDState, dev, dev);
+
+ usb_desc_create_serial(dev);
+ usb_desc_init(dev);
+ scsi_bus_new(&s->bus, &s->dev.qdev, &usb_msd_scsi_info_bot, NULL);
+ s->bus.qbus.allow_hotplug = 0;
+ usb_msd_handle_reset(dev);
+
+ return 0;
+}
+
static USBDevice *usb_msd_init(USBBus *bus, const char *filename)
{
static int nr=0;
@@ -693,17 +730,15 @@ static const VMStateDescription vmstate_usb_msd = {
static Property msd_properties[] = {
DEFINE_BLOCK_PROPERTIES(MSDState, conf),
- DEFINE_PROP_STRING("serial", MSDState, serial),
DEFINE_PROP_BIT("removable", MSDState, removable, 0, false),
DEFINE_PROP_END_OF_LIST(),
};
-static void usb_msd_class_initfn(ObjectClass *klass, void *data)
+static void usb_msd_class_initfn_common(ObjectClass *klass)
{
DeviceClass *dc = DEVICE_CLASS(klass);
USBDeviceClass *uc = USB_DEVICE_CLASS(klass);
- uc->init = usb_msd_initfn;
uc->product_desc = "QEMU USB MSD";
uc->usb_desc = &desc;
uc->cancel_packet = usb_msd_cancel_io;
@@ -711,21 +746,47 @@ static void usb_msd_class_initfn(ObjectClass *klass, void *data)
uc->handle_reset = usb_msd_handle_reset;
uc->handle_control = usb_msd_handle_control;
uc->handle_data = usb_msd_handle_data;
+ set_bit(DEVICE_CATEGORY_STORAGE, dc->categories);
dc->fw_name = "storage";
dc->vmsd = &vmstate_usb_msd;
+}
+
+static void usb_msd_class_initfn_storage(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ USBDeviceClass *uc = USB_DEVICE_CLASS(klass);
+
+ uc->init = usb_msd_initfn_storage;
dc->props = msd_properties;
+ usb_msd_class_initfn_common(klass);
+}
+
+static void usb_msd_class_initfn_bot(ObjectClass *klass, void *data)
+{
+ USBDeviceClass *uc = USB_DEVICE_CLASS(klass);
+
+ uc->init = usb_msd_initfn_bot;
+ usb_msd_class_initfn_common(klass);
}
-static TypeInfo msd_info = {
+static const TypeInfo msd_info = {
.name = "usb-storage",
.parent = TYPE_USB_DEVICE,
.instance_size = sizeof(MSDState),
- .class_init = usb_msd_class_initfn,
+ .class_init = usb_msd_class_initfn_storage,
+};
+
+static const TypeInfo bot_info = {
+ .name = "usb-bot",
+ .parent = TYPE_USB_DEVICE,
+ .instance_size = sizeof(MSDState),
+ .class_init = usb_msd_class_initfn_bot,
};
static void usb_msd_register_types(void)
{
type_register_static(&msd_info);
+ type_register_static(&bot_info);
usb_legacy_register("usb-storage", "disk", usb_msd_init);
}
diff --git a/hw/usb/dev-uas.c b/hw/usb/dev-uas.c
index a21b2ba62..63ad12ea6 100644
--- a/hw/usb/dev-uas.c
+++ b/hw/usb/dev-uas.c
@@ -10,14 +10,14 @@
*/
#include "qemu-common.h"
-#include "qemu-option.h"
-#include "qemu-config.h"
+#include "qemu/option.h"
+#include "qemu/config-file.h"
#include "trace.h"
#include "hw/usb.h"
#include "hw/usb/desc.h"
-#include "hw/scsi.h"
-#include "hw/scsi-defs.h"
+#include "hw/scsi/scsi.h"
+#include "block/scsi.h"
/* --------------------------------------------------------------------- */
@@ -99,6 +99,9 @@ typedef struct {
/* --------------------------------------------------------------------- */
+#define UAS_STREAM_BM_ATTR 4
+#define UAS_MAX_STREAMS (1 << UAS_STREAM_BM_ATTR)
+
typedef struct UASDevice UASDevice;
typedef struct UASRequest UASRequest;
typedef struct UASStatus UASStatus;
@@ -106,12 +109,18 @@ typedef struct UASStatus UASStatus;
struct UASDevice {
USBDevice dev;
SCSIBus bus;
- UASRequest *datain;
- UASRequest *dataout;
- USBPacket *status;
QEMUBH *status_bh;
QTAILQ_HEAD(, UASStatus) results;
QTAILQ_HEAD(, UASRequest) requests;
+
+ /* usb 2.0 only */
+ USBPacket *status2;
+ UASRequest *datain2;
+ UASRequest *dataout2;
+
+ /* usb 3.0 only */
+ USBPacket *data3[UAS_MAX_STREAMS];
+ USBPacket *status3[UAS_MAX_STREAMS];
};
struct UASRequest {
@@ -132,6 +141,7 @@ struct UASRequest {
};
struct UASStatus {
+ uint32_t stream;
uas_ui status;
uint32_t length;
QTAILQ_ENTRY(UASStatus) next;
@@ -144,6 +154,7 @@ enum {
STR_PRODUCT,
STR_SERIALNUMBER,
STR_CONFIG_HIGH,
+ STR_CONFIG_SUPER,
};
static const USBDescStrings desc_strings = {
@@ -151,6 +162,7 @@ static const USBDescStrings desc_strings = {
[STR_PRODUCT] = "USB Attached SCSI HBA",
[STR_SERIALNUMBER] = "27842",
[STR_CONFIG_HIGH] = "High speed config (usb 2.0)",
+ [STR_CONFIG_SUPER] = "Super speed config (usb 3.0)",
};
static const USBDescIface desc_iface_high = {
@@ -204,6 +216,64 @@ static const USBDescIface desc_iface_high = {
}
};
+static const USBDescIface desc_iface_super = {
+ .bInterfaceNumber = 0,
+ .bNumEndpoints = 4,
+ .bInterfaceClass = USB_CLASS_MASS_STORAGE,
+ .bInterfaceSubClass = 0x06, /* SCSI */
+ .bInterfaceProtocol = 0x62, /* UAS */
+ .eps = (USBDescEndpoint[]) {
+ {
+ .bEndpointAddress = USB_DIR_OUT | UAS_PIPE_ID_COMMAND,
+ .bmAttributes = USB_ENDPOINT_XFER_BULK,
+ .wMaxPacketSize = 1024,
+ .bMaxBurst = 15,
+ .extra = (uint8_t[]) {
+ 0x04, /* u8 bLength */
+ 0x24, /* u8 bDescriptorType */
+ UAS_PIPE_ID_COMMAND,
+ 0x00, /* u8 bReserved */
+ },
+ },{
+ .bEndpointAddress = USB_DIR_IN | UAS_PIPE_ID_STATUS,
+ .bmAttributes = USB_ENDPOINT_XFER_BULK,
+ .wMaxPacketSize = 1024,
+ .bMaxBurst = 15,
+ .bmAttributes_super = UAS_STREAM_BM_ATTR,
+ .extra = (uint8_t[]) {
+ 0x04, /* u8 bLength */
+ 0x24, /* u8 bDescriptorType */
+ UAS_PIPE_ID_STATUS,
+ 0x00, /* u8 bReserved */
+ },
+ },{
+ .bEndpointAddress = USB_DIR_IN | UAS_PIPE_ID_DATA_IN,
+ .bmAttributes = USB_ENDPOINT_XFER_BULK,
+ .wMaxPacketSize = 1024,
+ .bMaxBurst = 15,
+ .bmAttributes_super = UAS_STREAM_BM_ATTR,
+ .extra = (uint8_t[]) {
+ 0x04, /* u8 bLength */
+ 0x24, /* u8 bDescriptorType */
+ UAS_PIPE_ID_DATA_IN,
+ 0x00, /* u8 bReserved */
+ },
+ },{
+ .bEndpointAddress = USB_DIR_OUT | UAS_PIPE_ID_DATA_OUT,
+ .bmAttributes = USB_ENDPOINT_XFER_BULK,
+ .wMaxPacketSize = 1024,
+ .bMaxBurst = 15,
+ .bmAttributes_super = UAS_STREAM_BM_ATTR,
+ .extra = (uint8_t[]) {
+ 0x04, /* u8 bLength */
+ 0x24, /* u8 bDescriptorType */
+ UAS_PIPE_ID_DATA_OUT,
+ 0x00, /* u8 bReserved */
+ },
+ },
+ }
+};
+
static const USBDescDevice desc_device_high = {
.bcdUSB = 0x0200,
.bMaxPacketSize0 = 64,
@@ -220,6 +290,22 @@ static const USBDescDevice desc_device_high = {
},
};
+static const USBDescDevice desc_device_super = {
+ .bcdUSB = 0x0300,
+ .bMaxPacketSize0 = 64,
+ .bNumConfigurations = 1,
+ .confs = (USBDescConfig[]) {
+ {
+ .bNumInterfaces = 1,
+ .bConfigurationValue = 1,
+ .iConfiguration = STR_CONFIG_SUPER,
+ .bmAttributes = 0xc0,
+ .nif = 1,
+ .ifs = &desc_iface_super,
+ },
+ },
+};
+
static const USBDesc desc = {
.id = {
.idVendor = 0x46f4, /* CRC16() of "QEMU" */
@@ -229,45 +315,68 @@ static const USBDesc desc = {
.iProduct = STR_PRODUCT,
.iSerialNumber = STR_SERIALNUMBER,
},
- .high = &desc_device_high,
- .str = desc_strings,
+ .high = &desc_device_high,
+ .super = &desc_device_super,
+ .str = desc_strings,
};
/* --------------------------------------------------------------------- */
-static UASStatus *usb_uas_alloc_status(uint8_t id, uint16_t tag)
+static bool uas_using_streams(UASDevice *uas)
+{
+ return uas->dev.speed == USB_SPEED_SUPER;
+}
+
+/* --------------------------------------------------------------------- */
+
+static UASStatus *usb_uas_alloc_status(UASDevice *uas, uint8_t id, uint16_t tag)
{
UASStatus *st = g_new0(UASStatus, 1);
st->status.hdr.id = id;
st->status.hdr.tag = cpu_to_be16(tag);
st->length = sizeof(uas_ui_header);
+ if (uas_using_streams(uas)) {
+ st->stream = tag;
+ }
return st;
}
static void usb_uas_send_status_bh(void *opaque)
{
UASDevice *uas = opaque;
- UASStatus *st = QTAILQ_FIRST(&uas->results);
- USBPacket *p = uas->status;
+ UASStatus *st;
+ USBPacket *p;
- assert(p != NULL);
- assert(st != NULL);
+ while ((st = QTAILQ_FIRST(&uas->results)) != NULL) {
+ if (uas_using_streams(uas)) {
+ p = uas->status3[st->stream];
+ uas->status3[st->stream] = NULL;
+ } else {
+ p = uas->status2;
+ uas->status2 = NULL;
+ }
+ if (p == NULL) {
+ break;
+ }
- uas->status = NULL;
- usb_packet_copy(p, &st->status, st->length);
- QTAILQ_REMOVE(&uas->results, st, next);
- g_free(st);
+ usb_packet_copy(p, &st->status, st->length);
+ QTAILQ_REMOVE(&uas->results, st, next);
+ g_free(st);
- p->status = USB_RET_SUCCESS; /* Clear previous ASYNC status */
- usb_packet_complete(&uas->dev, p);
+ p->status = USB_RET_SUCCESS; /* Clear previous ASYNC status */
+ usb_packet_complete(&uas->dev, p);
+ }
}
static void usb_uas_queue_status(UASDevice *uas, UASStatus *st, int length)
{
+ USBPacket *p = uas_using_streams(uas) ?
+ uas->status3[st->stream] : uas->status2;
+
st->length += length;
QTAILQ_INSERT_TAIL(&uas->results, st, next);
- if (uas->status) {
+ if (p) {
/*
* Just schedule bh make sure any in-flight data transaction
* is finished before completing (sending) the status packet.
@@ -276,14 +385,14 @@ static void usb_uas_queue_status(UASDevice *uas, UASStatus *st, int length)
} else {
USBEndpoint *ep = usb_ep_get(&uas->dev, USB_TOKEN_IN,
UAS_PIPE_ID_STATUS);
- usb_wakeup(ep);
+ usb_wakeup(ep, st->stream);
}
}
static void usb_uas_queue_response(UASDevice *uas, uint16_t tag,
uint8_t code, uint16_t add_info)
{
- UASStatus *st = usb_uas_alloc_status(UAS_UI_RESPONSE, tag);
+ UASStatus *st = usb_uas_alloc_status(uas, UAS_UI_RESPONSE, tag);
trace_usb_uas_response(uas->dev.addr, tag, code);
st->status.response.response_code = code;
@@ -293,7 +402,7 @@ static void usb_uas_queue_response(UASDevice *uas, uint16_t tag,
static void usb_uas_queue_sense(UASRequest *req, uint8_t status)
{
- UASStatus *st = usb_uas_alloc_status(UAS_UI_SENSE, req->tag);
+ UASStatus *st = usb_uas_alloc_status(req->uas, UAS_UI_SENSE, req->tag);
int len, slen = 0;
trace_usb_uas_sense(req->uas->dev.addr, req->tag, status);
@@ -310,7 +419,8 @@ static void usb_uas_queue_sense(UASRequest *req, uint8_t status)
static void usb_uas_queue_read_ready(UASRequest *req)
{
- UASStatus *st = usb_uas_alloc_status(UAS_UI_READ_READY, req->tag);
+ UASStatus *st = usb_uas_alloc_status(req->uas, UAS_UI_READ_READY,
+ req->tag);
trace_usb_uas_read_ready(req->uas->dev.addr, req->tag);
usb_uas_queue_status(req->uas, st, 0);
@@ -318,7 +428,8 @@ static void usb_uas_queue_read_ready(UASRequest *req)
static void usb_uas_queue_write_ready(UASRequest *req)
{
- UASStatus *st = usb_uas_alloc_status(UAS_UI_WRITE_READY, req->tag);
+ UASStatus *st = usb_uas_alloc_status(req->uas, UAS_UI_WRITE_READY,
+ req->tag);
trace_usb_uas_write_ready(req->uas->dev.addr, req->tag);
usb_uas_queue_status(req->uas, st, 0);
@@ -381,18 +492,22 @@ static void usb_uas_start_next_transfer(UASDevice *uas)
{
UASRequest *req;
+ if (uas_using_streams(uas)) {
+ return;
+ }
+
QTAILQ_FOREACH(req, &uas->requests, next) {
if (req->active || req->complete) {
continue;
}
- if (req->req->cmd.mode == SCSI_XFER_FROM_DEV && uas->datain == NULL) {
- uas->datain = req;
+ if (req->req->cmd.mode == SCSI_XFER_FROM_DEV && uas->datain2 == NULL) {
+ uas->datain2 = req;
usb_uas_queue_read_ready(req);
req->active = true;
return;
}
- if (req->req->cmd.mode == SCSI_XFER_TO_DEV && uas->dataout == NULL) {
- uas->dataout = req;
+ if (req->req->cmd.mode == SCSI_XFER_TO_DEV && uas->dataout2 == NULL) {
+ uas->dataout2 = req;
usb_uas_queue_write_ready(req);
req->active = true;
return;
@@ -417,11 +532,11 @@ static void usb_uas_scsi_free_request(SCSIBus *bus, void *priv)
UASRequest *req = priv;
UASDevice *uas = req->uas;
- if (req == uas->datain) {
- uas->datain = NULL;
+ if (req == uas->datain2) {
+ uas->datain2 = NULL;
}
- if (req == uas->dataout) {
- uas->dataout = NULL;
+ if (req == uas->dataout2) {
+ uas->dataout2 = NULL;
}
QTAILQ_REMOVE(&uas->requests, req, next);
g_free(req);
@@ -522,12 +637,25 @@ static void usb_uas_cancel_io(USBDevice *dev, USBPacket *p)
{
UASDevice *uas = DO_UPCAST(UASDevice, dev, dev);
UASRequest *req, *nreq;
+ int i;
- if (uas->status == p) {
- uas->status = NULL;
+ if (uas->status2 == p) {
+ uas->status2 = NULL;
qemu_bh_cancel(uas->status_bh);
return;
}
+ if (uas_using_streams(uas)) {
+ for (i = 0; i < UAS_MAX_STREAMS; i++) {
+ if (uas->status3[i] == p) {
+ uas->status3[i] = NULL;
+ return;
+ }
+ if (uas->data3[i] == p) {
+ uas->data3[i] = NULL;
+ return;
+ }
+ }
+ }
QTAILQ_FOREACH_SAFE(req, &uas->requests, next, nreq) {
if (req->data == p) {
req->data = NULL;
@@ -555,9 +683,18 @@ static void usb_uas_command(UASDevice *uas, uas_ui *ui)
usb_uas_get_lun(req->lun),
req->lun >> 32, req->lun & 0xffffffff);
QTAILQ_INSERT_TAIL(&uas->requests, req, next);
+ if (uas_using_streams(uas) && uas->data3[req->tag] != NULL) {
+ req->data = uas->data3[req->tag];
+ req->data_async = true;
+ uas->data3[req->tag] = NULL;
+ }
+
req->req = scsi_req_new(req->dev, req->tag,
usb_uas_get_lun(req->lun),
ui->command.cdb, req);
+#if 1
+ scsi_req_print(req->req);
+#endif
len = scsi_req_enqueue(req->req);
if (len) {
req->data_size = len;
@@ -669,12 +806,26 @@ static void usb_uas_handle_data(USBDevice *dev, USBPacket *p)
}
break;
case UAS_PIPE_ID_STATUS:
- st = QTAILQ_FIRST(&uas->results);
- if (st == NULL) {
- assert(uas->status == NULL);
- uas->status = p;
- p->status = USB_RET_ASYNC;
- break;
+ if (p->stream) {
+ QTAILQ_FOREACH(st, &uas->results, next) {
+ if (st->stream == p->stream) {
+ break;
+ }
+ }
+ if (st == NULL) {
+ assert(uas->status3[p->stream] == NULL);
+ uas->status3[p->stream] = p;
+ p->status = USB_RET_ASYNC;
+ break;
+ }
+ } else {
+ st = QTAILQ_FIRST(&uas->results);
+ if (st == NULL) {
+ assert(uas->status2 == NULL);
+ uas->status2 = p;
+ p->status = USB_RET_ASYNC;
+ break;
+ }
}
usb_packet_copy(p, &st->status, st->length);
QTAILQ_REMOVE(&uas->results, st, next);
@@ -682,11 +833,23 @@ static void usb_uas_handle_data(USBDevice *dev, USBPacket *p)
break;
case UAS_PIPE_ID_DATA_IN:
case UAS_PIPE_ID_DATA_OUT:
- req = (p->ep->nr == UAS_PIPE_ID_DATA_IN) ? uas->datain : uas->dataout;
+ if (p->stream) {
+ req = usb_uas_find_request(uas, p->stream);
+ } else {
+ req = (p->ep->nr == UAS_PIPE_ID_DATA_IN)
+ ? uas->datain2 : uas->dataout2;
+ }
if (req == NULL) {
- fprintf(stderr, "%s: no inflight request\n", __func__);
- p->status = USB_RET_STALL;
- break;
+ if (p->stream) {
+ assert(uas->data3[p->stream] == NULL);
+ uas->data3[p->stream] = p;
+ p->status = USB_RET_ASYNC;
+ break;
+ } else {
+ fprintf(stderr, "%s: no inflight request\n", __func__);
+ p->status = USB_RET_STALL;
+ break;
+ }
}
scsi_req_ref(req->req);
req->data = p;
@@ -725,7 +888,7 @@ static int usb_uas_init(USBDevice *dev)
QTAILQ_INIT(&uas->requests);
uas->status_bh = qemu_bh_new(usb_uas_send_status_bh, uas);
- scsi_bus_new(&uas->bus, &uas->dev.qdev, &usb_uas_scsi_info);
+ scsi_bus_new(&uas->bus, &uas->dev.qdev, &usb_uas_scsi_info, NULL);
return 0;
}
@@ -753,11 +916,12 @@ static void usb_uas_class_initfn(ObjectClass *klass, void *data)
uc->handle_control = usb_uas_handle_control;
uc->handle_data = usb_uas_handle_data;
uc->handle_destroy = usb_uas_handle_destroy;
+ set_bit(DEVICE_CATEGORY_STORAGE, dc->categories);
dc->fw_name = "storage";
dc->vmsd = &vmstate_usb_uas;
}
-static TypeInfo uas_info = {
+static const TypeInfo uas_info = {
.name = "usb-uas",
.parent = TYPE_USB_DEVICE,
.instance_size = sizeof(UASDevice),
diff --git a/hw/usb/dev-wacom.c b/hw/usb/dev-wacom.c
index 08b416daa..1b092358f 100644
--- a/hw/usb/dev-wacom.c
+++ b/hw/usb/dev-wacom.c
@@ -26,7 +26,7 @@
* THE SOFTWARE.
*/
#include "hw/hw.h"
-#include "console.h"
+#include "ui/console.h"
#include "hw/usb.h"
#include "hw/usb/desc.h"
@@ -43,6 +43,7 @@
typedef struct USBWacomState {
USBDevice dev;
+ USBEndpoint *intr;
QEMUPutMouseEntry *eh_entry;
int dx, dy, dz, buttons_state;
int x, y;
@@ -137,6 +138,7 @@ static void usb_mouse_event(void *opaque,
s->dz += dz1;
s->buttons_state = buttons_state;
s->changed = 1;
+ usb_wakeup(s->intr, 0);
}
static void usb_wacom_event(void *opaque,
@@ -150,6 +152,7 @@ static void usb_wacom_event(void *opaque,
s->dz += dz;
s->buttons_state = buttons_state;
s->changed = 1;
+ usb_wakeup(s->intr, 0);
}
static inline int int_clamp(int val, int vmin, int vmax)
@@ -337,6 +340,7 @@ static int usb_wacom_initfn(USBDevice *dev)
USBWacomState *s = DO_UPCAST(USBWacomState, dev, dev);
usb_desc_create_serial(dev);
usb_desc_init(dev);
+ s->intr = usb_ep_get(dev, USB_TOKEN_IN, 1);
s->changed = 1;
return 0;
}
@@ -358,11 +362,12 @@ static void usb_wacom_class_init(ObjectClass *klass, void *data)
uc->handle_control = usb_wacom_handle_control;
uc->handle_data = usb_wacom_handle_data;
uc->handle_destroy = usb_wacom_handle_destroy;
+ set_bit(DEVICE_CATEGORY_INPUT, dc->categories);
dc->desc = "QEMU PenPartner Tablet";
dc->vmsd = &vmstate_usb_wacom;
}
-static TypeInfo wacom_info = {
+static const TypeInfo wacom_info = {
.name = "usb-wacom-tablet",
.parent = TYPE_USB_DEVICE,
.instance_size = sizeof(USBWacomState),
diff --git a/hw/usb/hcd-ehci-pci.c b/hw/usb/hcd-ehci-pci.c
index 41dbb539f..4d21a0b7b 100644
--- a/hw/usb/hcd-ehci-pci.c
+++ b/hw/usb/hcd-ehci-pci.c
@@ -16,13 +16,7 @@
*/
#include "hw/usb/hcd-ehci.h"
-#include "hw/pci.h"
-#include "range.h"
-
-typedef struct EHCIPCIState {
- PCIDevice pcidev;
- EHCIState ehci;
-} EHCIPCIState;
+#include "qemu/range.h"
typedef struct EHCIPCIInfo {
const char *name;
@@ -33,7 +27,7 @@ typedef struct EHCIPCIInfo {
static int usb_ehci_pci_initfn(PCIDevice *dev)
{
- EHCIPCIState *i = DO_UPCAST(EHCIPCIState, pcidev, dev);
+ EHCIPCIState *i = PCI_EHCI(dev);
EHCIState *s = &i->ehci;
uint8_t *pci_conf = dev->config;
@@ -66,24 +60,34 @@ static int usb_ehci_pci_initfn(PCIDevice *dev)
pci_conf[0x6e] = 0x00;
pci_conf[0x6f] = 0xc0; /* USBLEFCTLSTS */
- s->caps[0x09] = 0x68; /* EECP */
-
s->irq = dev->irq[3];
- s->dma = pci_dma_context(dev);
+ s->as = pci_get_address_space(dev);
- s->capsbase = 0x00;
- s->opregbase = 0x20;
-
- usb_ehci_initfn(s, DEVICE(dev));
+ usb_ehci_realize(s, DEVICE(dev), NULL);
pci_register_bar(dev, 0, PCI_BASE_ADDRESS_SPACE_MEMORY, &s->mem);
return 0;
}
+static void usb_ehci_pci_init(Object *obj)
+{
+ EHCIPCIState *i = PCI_EHCI(obj);
+ EHCIState *s = &i->ehci;
+
+ s->caps[0x09] = 0x68; /* EECP */
+
+ s->capsbase = 0x00;
+ s->opregbase = 0x20;
+ s->portscbase = 0x44;
+ s->portnr = NB_PORTS;
+
+ usb_ehci_init(s, DEVICE(obj));
+}
+
static void usb_ehci_pci_write_config(PCIDevice *dev, uint32_t addr,
uint32_t val, int l)
{
- EHCIPCIState *i = DO_UPCAST(EHCIPCIState, pcidev, dev);
+ EHCIPCIState *i = PCI_EHCI(dev);
bool busmaster;
pci_default_write_config(dev, addr, val, l);
@@ -92,7 +96,7 @@ static void usb_ehci_pci_write_config(PCIDevice *dev, uint32_t addr,
return;
}
busmaster = pci_get_word(dev->config + PCI_COMMAND) & PCI_COMMAND_MASTER;
- i->ehci.dma = busmaster ? pci_dma_context(dev) : NULL;
+ i->ehci.as = busmaster ? pci_get_address_space(dev) : &address_space_memory;
}
static Property ehci_pci_properties[] = {
@@ -115,12 +119,8 @@ static void ehci_class_init(ObjectClass *klass, void *data)
{
DeviceClass *dc = DEVICE_CLASS(klass);
PCIDeviceClass *k = PCI_DEVICE_CLASS(klass);
- EHCIPCIInfo *i = data;
k->init = usb_ehci_pci_initfn;
- k->vendor_id = i->vendor_id;
- k->device_id = i->device_id;
- k->revision = i->revision;
k->class_id = PCI_CLASS_SERIAL_USB;
k->config_write = usb_ehci_pci_write_config;
k->no_hotplug = 1;
@@ -128,6 +128,27 @@ static void ehci_class_init(ObjectClass *klass, void *data)
dc->props = ehci_pci_properties;
}
+static const TypeInfo ehci_pci_type_info = {
+ .name = TYPE_PCI_EHCI,
+ .parent = TYPE_PCI_DEVICE,
+ .instance_size = sizeof(EHCIPCIState),
+ .instance_init = usb_ehci_pci_init,
+ .abstract = true,
+ .class_init = ehci_class_init,
+};
+
+static void ehci_data_class_init(ObjectClass *klass, void *data)
+{
+ PCIDeviceClass *k = PCI_DEVICE_CLASS(klass);
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ EHCIPCIInfo *i = data;
+
+ k->vendor_id = i->vendor_id;
+ k->device_id = i->device_id;
+ k->revision = i->revision;
+ set_bit(DEVICE_CATEGORY_USB, dc->categories);
+}
+
static struct EHCIPCIInfo ehci_pci_info[] = {
{
.name = "usb-ehci",
@@ -150,12 +171,13 @@ static struct EHCIPCIInfo ehci_pci_info[] = {
static void ehci_pci_register_types(void)
{
TypeInfo ehci_type_info = {
- .parent = TYPE_PCI_DEVICE,
- .instance_size = sizeof(EHCIPCIState),
- .class_init = ehci_class_init,
+ .parent = TYPE_PCI_EHCI,
+ .class_init = ehci_data_class_init,
};
int i;
+ type_register_static(&ehci_pci_type_info);
+
for (i = 0; i < ARRAY_SIZE(ehci_pci_info); i++) {
ehci_type_info.name = ehci_pci_info[i].name;
ehci_type_info.class_data = ehci_pci_info + i;
diff --git a/hw/usb/hcd-ehci-sysbus.c b/hw/usb/hcd-ehci-sysbus.c
index 803df92f3..fe6eea590 100644
--- a/hw/usb/hcd-ehci-sysbus.c
+++ b/hw/usb/hcd-ehci-sysbus.c
@@ -16,12 +16,6 @@
*/
#include "hw/usb/hcd-ehci.h"
-#include "hw/sysbus.h"
-
-typedef struct EHCISysBusState {
- SysBusDevice busdev;
- EHCIState ehci;
-} EHCISysBusState;
static const VMStateDescription vmstate_ehci_sysbus = {
.name = "ehci-sysbus",
@@ -38,41 +32,188 @@ static Property ehci_sysbus_properties[] = {
DEFINE_PROP_END_OF_LIST(),
};
-static int usb_ehci_sysbus_initfn(SysBusDevice *dev)
+static void usb_ehci_sysbus_realize(DeviceState *dev, Error **errp)
{
- EHCISysBusState *i = FROM_SYSBUS(EHCISysBusState, dev);
+ SysBusDevice *d = SYS_BUS_DEVICE(dev);
+ EHCISysBusState *i = SYS_BUS_EHCI(dev);
EHCIState *s = &i->ehci;
- s->capsbase = 0x100;
- s->opregbase = 0x140;
- s->dma = &dma_context_memory;
+ usb_ehci_realize(s, dev, errp);
+ sysbus_init_irq(d, &s->irq);
+}
- usb_ehci_initfn(s, DEVICE(dev));
- sysbus_init_irq(dev, &s->irq);
- sysbus_init_mmio(dev, &s->mem);
- return 0;
+static void ehci_sysbus_init(Object *obj)
+{
+ SysBusDevice *d = SYS_BUS_DEVICE(obj);
+ EHCISysBusState *i = SYS_BUS_EHCI(obj);
+ SysBusEHCIClass *sec = SYS_BUS_EHCI_GET_CLASS(obj);
+ EHCIState *s = &i->ehci;
+
+ s->capsbase = sec->capsbase;
+ s->opregbase = sec->opregbase;
+ s->portscbase = sec->portscbase;
+ s->portnr = sec->portnr;
+ s->as = &address_space_memory;
+
+ usb_ehci_init(s, DEVICE(obj));
+ sysbus_init_mmio(d, &s->mem);
}
static void ehci_sysbus_class_init(ObjectClass *klass, void *data)
{
DeviceClass *dc = DEVICE_CLASS(klass);
- SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
+ SysBusEHCIClass *sec = SYS_BUS_EHCI_CLASS(klass);
+
+ sec->portscbase = 0x44;
+ sec->portnr = NB_PORTS;
- k->init = usb_ehci_sysbus_initfn;
+ dc->realize = usb_ehci_sysbus_realize;
dc->vmsd = &vmstate_ehci_sysbus;
dc->props = ehci_sysbus_properties;
+ set_bit(DEVICE_CATEGORY_USB, dc->categories);
}
-TypeInfo ehci_xlnx_type_info = {
- .name = "xlnx,ps7-usb",
+static const TypeInfo ehci_type_info = {
+ .name = TYPE_SYS_BUS_EHCI,
.parent = TYPE_SYS_BUS_DEVICE,
.instance_size = sizeof(EHCISysBusState),
+ .instance_init = ehci_sysbus_init,
+ .abstract = true,
.class_init = ehci_sysbus_class_init,
+ .class_size = sizeof(SysBusEHCIClass),
+};
+
+static void ehci_xlnx_class_init(ObjectClass *oc, void *data)
+{
+ SysBusEHCIClass *sec = SYS_BUS_EHCI_CLASS(oc);
+ DeviceClass *dc = DEVICE_CLASS(oc);
+
+ set_bit(DEVICE_CATEGORY_USB, dc->categories);
+ sec->capsbase = 0x100;
+ sec->opregbase = 0x140;
+}
+
+static const TypeInfo ehci_xlnx_type_info = {
+ .name = "xlnx,ps7-usb",
+ .parent = TYPE_SYS_BUS_EHCI,
+ .class_init = ehci_xlnx_class_init,
+};
+
+static void ehci_exynos4210_class_init(ObjectClass *oc, void *data)
+{
+ SysBusEHCIClass *sec = SYS_BUS_EHCI_CLASS(oc);
+ DeviceClass *dc = DEVICE_CLASS(oc);
+
+ sec->capsbase = 0x0;
+ sec->opregbase = 0x10;
+ set_bit(DEVICE_CATEGORY_USB, dc->categories);
+}
+
+static const TypeInfo ehci_exynos4210_type_info = {
+ .name = TYPE_EXYNOS4210_EHCI,
+ .parent = TYPE_SYS_BUS_EHCI,
+ .class_init = ehci_exynos4210_class_init,
+};
+
+static void ehci_tegra2_class_init(ObjectClass *oc, void *data)
+{
+ SysBusEHCIClass *sec = SYS_BUS_EHCI_CLASS(oc);
+ DeviceClass *dc = DEVICE_CLASS(oc);
+
+ sec->capsbase = 0x100;
+ sec->opregbase = 0x140;
+ set_bit(DEVICE_CATEGORY_USB, dc->categories);
+}
+
+static const TypeInfo ehci_tegra2_type_info = {
+ .name = TYPE_TEGRA2_EHCI,
+ .parent = TYPE_SYS_BUS_EHCI,
+ .class_init = ehci_tegra2_class_init,
+};
+
+/*
+ * Faraday FUSBH200 USB 2.0 EHCI
+ */
+
+/**
+ * FUSBH200EHCIRegs:
+ * @FUSBH200_REG_EOF_ASTR: EOF/Async. Sleep Timer Register
+ * @FUSBH200_REG_BMCSR: Bus Monitor Control/Status Register
+ */
+enum FUSBH200EHCIRegs {
+ FUSBH200_REG_EOF_ASTR = 0x34,
+ FUSBH200_REG_BMCSR = 0x40,
+};
+
+static uint64_t fusbh200_ehci_read(void *opaque, hwaddr addr, unsigned size)
+{
+ EHCIState *s = opaque;
+ hwaddr off = s->opregbase + s->portscbase + 4 * s->portnr + addr;
+
+ switch (off) {
+ case FUSBH200_REG_EOF_ASTR:
+ return 0x00000041;
+ case FUSBH200_REG_BMCSR:
+ /* High-Speed, VBUS valid, interrupt level-high active */
+ return (2 << 9) | (1 << 8) | (1 << 3);
+ }
+
+ return 0;
+}
+
+static void fusbh200_ehci_write(void *opaque, hwaddr addr, uint64_t val,
+ unsigned size)
+{
+}
+
+static const MemoryRegionOps fusbh200_ehci_mmio_ops = {
+ .read = fusbh200_ehci_read,
+ .write = fusbh200_ehci_write,
+ .valid.min_access_size = 4,
+ .valid.max_access_size = 4,
+ .endianness = DEVICE_LITTLE_ENDIAN,
+};
+
+static void fusbh200_ehci_init(Object *obj)
+{
+ EHCISysBusState *i = SYS_BUS_EHCI(obj);
+ FUSBH200EHCIState *f = FUSBH200_EHCI(obj);
+ EHCIState *s = &i->ehci;
+
+ memory_region_init_io(&f->mem_vendor, OBJECT(f), &fusbh200_ehci_mmio_ops, s,
+ "fusbh200", 0x4c);
+ memory_region_add_subregion(&s->mem,
+ s->opregbase + s->portscbase + 4 * s->portnr,
+ &f->mem_vendor);
+}
+
+static void fusbh200_ehci_class_init(ObjectClass *oc, void *data)
+{
+ SysBusEHCIClass *sec = SYS_BUS_EHCI_CLASS(oc);
+ DeviceClass *dc = DEVICE_CLASS(oc);
+
+ sec->capsbase = 0x0;
+ sec->opregbase = 0x10;
+ sec->portscbase = 0x20;
+ sec->portnr = 1;
+ set_bit(DEVICE_CATEGORY_USB, dc->categories);
+}
+
+static const TypeInfo ehci_fusbh200_type_info = {
+ .name = TYPE_FUSBH200_EHCI,
+ .parent = TYPE_SYS_BUS_EHCI,
+ .instance_size = sizeof(FUSBH200EHCIState),
+ .instance_init = fusbh200_ehci_init,
+ .class_init = fusbh200_ehci_class_init,
};
static void ehci_sysbus_register_types(void)
{
+ type_register_static(&ehci_type_info);
type_register_static(&ehci_xlnx_type_info);
+ type_register_static(&ehci_exynos4210_type_info);
+ type_register_static(&ehci_tegra2_type_info);
+ type_register_static(&ehci_fusbh200_type_info);
}
type_init(ehci_sysbus_register_types)
diff --git a/hw/usb/hcd-ehci.c b/hw/usb/hcd-ehci.c
index 7df8e21ec..010a0d0d3 100644
--- a/hw/usb/hcd-ehci.c
+++ b/hw/usb/hcd-ehci.c
@@ -109,11 +109,13 @@
#define FRAME_TIMER_FREQ 1000
#define FRAME_TIMER_NS (1000000000 / FRAME_TIMER_FREQ)
+#define UFRAME_TIMER_NS (FRAME_TIMER_NS / 8)
#define NB_MAXINTRATE 8 // Max rate at which controller issues ints
#define BUFF_SIZE 5*4096 // Max bytes to transfer per transaction
#define MAX_QH 100 // Max allowable queue heads in a chain
-#define MIN_FR_PER_TICK 3 // Min frames to process when catching up
+#define MIN_UFR_PER_TICK 24 /* Min frames to process when catching up */
+#define PERIODIC_ACTIVE 512 /* Micro-frames */
/* Internal periodic / asynchronous schedule state machine states
*/
@@ -191,6 +193,7 @@ static int ehci_state_executing(EHCIQueue *q);
static int ehci_state_writeback(EHCIQueue *q);
static int ehci_state_advqueue(EHCIQueue *q);
static int ehci_fill_queue(EHCIPacket *p);
+static void ehci_free_packet(EHCIPacket *p);
static const char *nr2str(const char **n, size_t len, uint32_t nr)
{
@@ -437,6 +440,136 @@ static inline bool ehci_periodic_enabled(EHCIState *s)
return ehci_enabled(s) && (s->usbcmd & USBCMD_PSE);
}
+/* Get an array of dwords from main memory */
+static inline int get_dwords(EHCIState *ehci, uint32_t addr,
+ uint32_t *buf, int num)
+{
+ int i;
+
+ if (!ehci->as) {
+ ehci_raise_irq(ehci, USBSTS_HSE);
+ ehci->usbcmd &= ~USBCMD_RUNSTOP;
+ trace_usb_ehci_dma_error();
+ return -1;
+ }
+
+ for (i = 0; i < num; i++, buf++, addr += sizeof(*buf)) {
+ dma_memory_read(ehci->as, addr, buf, sizeof(*buf));
+ *buf = le32_to_cpu(*buf);
+ }
+
+ return num;
+}
+
+/* Put an array of dwords in to main memory */
+static inline int put_dwords(EHCIState *ehci, uint32_t addr,
+ uint32_t *buf, int num)
+{
+ int i;
+
+ if (!ehci->as) {
+ ehci_raise_irq(ehci, USBSTS_HSE);
+ ehci->usbcmd &= ~USBCMD_RUNSTOP;
+ trace_usb_ehci_dma_error();
+ return -1;
+ }
+
+ for (i = 0; i < num; i++, buf++, addr += sizeof(*buf)) {
+ uint32_t tmp = cpu_to_le32(*buf);
+ dma_memory_write(ehci->as, addr, &tmp, sizeof(tmp));
+ }
+
+ return num;
+}
+
+static int ehci_get_pid(EHCIqtd *qtd)
+{
+ switch (get_field(qtd->token, QTD_TOKEN_PID)) {
+ case 0:
+ return USB_TOKEN_OUT;
+ case 1:
+ return USB_TOKEN_IN;
+ case 2:
+ return USB_TOKEN_SETUP;
+ default:
+ fprintf(stderr, "bad token\n");
+ return 0;
+ }
+}
+
+static bool ehci_verify_qh(EHCIQueue *q, EHCIqh *qh)
+{
+ uint32_t devaddr = get_field(qh->epchar, QH_EPCHAR_DEVADDR);
+ uint32_t endp = get_field(qh->epchar, QH_EPCHAR_EP);
+ if ((devaddr != get_field(q->qh.epchar, QH_EPCHAR_DEVADDR)) ||
+ (endp != get_field(q->qh.epchar, QH_EPCHAR_EP)) ||
+ (qh->current_qtd != q->qh.current_qtd) ||
+ (q->async && qh->next_qtd != q->qh.next_qtd) ||
+ (memcmp(&qh->altnext_qtd, &q->qh.altnext_qtd,
+ 7 * sizeof(uint32_t)) != 0) ||
+ (q->dev != NULL && q->dev->addr != devaddr)) {
+ return false;
+ } else {
+ return true;
+ }
+}
+
+static bool ehci_verify_qtd(EHCIPacket *p, EHCIqtd *qtd)
+{
+ if (p->qtdaddr != p->queue->qtdaddr ||
+ (p->queue->async && !NLPTR_TBIT(p->qtd.next) &&
+ (p->qtd.next != qtd->next)) ||
+ (!NLPTR_TBIT(p->qtd.altnext) && (p->qtd.altnext != qtd->altnext)) ||
+ p->qtd.token != qtd->token ||
+ p->qtd.bufptr[0] != qtd->bufptr[0]) {
+ return false;
+ } else {
+ return true;
+ }
+}
+
+static bool ehci_verify_pid(EHCIQueue *q, EHCIqtd *qtd)
+{
+ int ep = get_field(q->qh.epchar, QH_EPCHAR_EP);
+ int pid = ehci_get_pid(qtd);
+
+ /* Note the pid changing is normal for ep 0 (the control ep) */
+ if (q->last_pid && ep != 0 && pid != q->last_pid) {
+ return false;
+ } else {
+ return true;
+ }
+}
+
+/* Finish executing and writeback a packet outside of the regular
+ fetchqh -> fetchqtd -> execute -> writeback cycle */
+static void ehci_writeback_async_complete_packet(EHCIPacket *p)
+{
+ EHCIQueue *q = p->queue;
+ EHCIqtd qtd;
+ EHCIqh qh;
+ int state;
+
+ /* Verify the qh + qtd, like we do when going through fetchqh & fetchqtd */
+ get_dwords(q->ehci, NLPTR_GET(q->qhaddr),
+ (uint32_t *) &qh, sizeof(EHCIqh) >> 2);
+ get_dwords(q->ehci, NLPTR_GET(q->qtdaddr),
+ (uint32_t *) &qtd, sizeof(EHCIqtd) >> 2);
+ if (!ehci_verify_qh(q, &qh) || !ehci_verify_qtd(p, &qtd)) {
+ p->async = EHCI_ASYNC_INITIALIZED;
+ ehci_free_packet(p);
+ return;
+ }
+
+ state = ehci_get_state(q->ehci, q->async);
+ ehci_state_executing(q);
+ ehci_state_writeback(q); /* Frees the packet! */
+ if (!(q->qh.token & QTD_TOKEN_HALT)) {
+ ehci_state_advqueue(q);
+ }
+ ehci_set_state(q->ehci, q->async, state);
+}
+
/* packet management */
static EHCIPacket *ehci_alloc_packet(EHCIQueue *q)
@@ -453,27 +586,23 @@ static EHCIPacket *ehci_alloc_packet(EHCIQueue *q)
static void ehci_free_packet(EHCIPacket *p)
{
- if (p->async == EHCI_ASYNC_FINISHED) {
- EHCIQueue *q = p->queue;
- int state = ehci_get_state(q->ehci, q->async);
- /* This is a normal, but rare condition (cancel racing completion) */
- fprintf(stderr, "EHCI: Warning packet completed but not processed\n");
- ehci_state_executing(q);
- ehci_state_writeback(q);
- if (!(q->qh.token & QTD_TOKEN_HALT)) {
- ehci_state_advqueue(q);
- }
- ehci_set_state(q->ehci, q->async, state);
- /* state_writeback recurses into us with async == EHCI_ASYNC_NONE!! */
+ if (p->async == EHCI_ASYNC_FINISHED &&
+ !(p->queue->qh.token & QTD_TOKEN_HALT)) {
+ ehci_writeback_async_complete_packet(p);
return;
}
trace_usb_ehci_packet_action(p->queue, p, "free");
- if (p->async == EHCI_ASYNC_INITIALIZED) {
- usb_packet_unmap(&p->packet, &p->sgl);
- qemu_sglist_destroy(&p->sgl);
- }
if (p->async == EHCI_ASYNC_INFLIGHT) {
usb_cancel_packet(&p->packet);
+ }
+ if (p->async == EHCI_ASYNC_FINISHED &&
+ p->packet.status == USB_RET_SUCCESS) {
+ fprintf(stderr,
+ "EHCI: Dropping completed packet from halted %s ep %02X\n",
+ (p->pid == USB_TOKEN_IN) ? "in" : "out",
+ get_field(p->queue->qh.epchar, QH_EPCHAR_EP));
+ }
+ if (p->async != EHCI_ASYNC_NONE) {
usb_packet_unmap(&p->packet, &p->sgl);
qemu_sglist_destroy(&p->sgl);
}
@@ -499,6 +628,17 @@ static EHCIQueue *ehci_alloc_queue(EHCIState *ehci, uint32_t addr, int async)
return q;
}
+static void ehci_queue_stopped(EHCIQueue *q)
+{
+ int endp = get_field(q->qh.epchar, QH_EPCHAR_EP);
+
+ if (!q->last_pid || !q->dev) {
+ return;
+ }
+
+ usb_device_ep_stopped(q->dev, usb_ep_get(q->dev, q->last_pid, endp));
+}
+
static int ehci_cancel_queue(EHCIQueue *q)
{
EHCIPacket *p;
@@ -506,7 +646,7 @@ static int ehci_cancel_queue(EHCIQueue *q)
p = QTAILQ_FIRST(&q->packets);
if (p == NULL) {
- return 0;
+ goto leave;
}
trace_usb_ehci_queue_action(q, "cancel");
@@ -514,6 +654,9 @@ static int ehci_cancel_queue(EHCIQueue *q)
ehci_free_packet(p);
packets++;
} while ((p = QTAILQ_FIRST(&q->packets)) != NULL);
+
+leave:
+ ehci_queue_stopped(q);
return packets;
}
@@ -525,6 +668,7 @@ static int ehci_reset_queue(EHCIQueue *q)
packets = ehci_cancel_queue(q);
q->dev = NULL;
q->qtdaddr = 0;
+ q->last_pid = 0;
return packets;
}
@@ -633,7 +777,6 @@ static void ehci_attach(USBPort *port)
*portsc |= PORTSC_CSC;
ehci_raise_irq(s, USBSTS_PCD);
- ehci_commit_irq(s);
}
static void ehci_detach(USBPort *port)
@@ -663,7 +806,6 @@ static void ehci_detach(USBPort *port)
*portsc |= PORTSC_CSC;
ehci_raise_irq(s, USBSTS_PCD);
- ehci_commit_irq(s);
}
static void ehci_child_detach(USBPort *port, USBDevice *child)
@@ -738,6 +880,20 @@ static int ehci_register_companion(USBBus *bus, USBPort *ports[],
return 0;
}
+static void ehci_wakeup_endpoint(USBBus *bus, USBEndpoint *ep,
+ unsigned int stream)
+{
+ EHCIState *s = container_of(bus, EHCIState, bus);
+ uint32_t portsc = s->portsc[ep->dev->port->index];
+
+ if (portsc & PORTSC_POWNER) {
+ return;
+ }
+
+ s->periodic_sched_active = PERIODIC_ACTIVE;
+ qemu_bh_schedule(s->async_bh);
+}
+
static USBDevice *ehci_find_device(EHCIState *ehci, uint8_t addr)
{
USBDevice *dev;
@@ -819,7 +975,15 @@ static uint64_t ehci_opreg_read(void *ptr, hwaddr addr,
EHCIState *s = ptr;
uint32_t val;
- val = s->opreg[addr >> 2];
+ switch (addr) {
+ case FRINDEX:
+ /* Round down to mult of 8, else it can go backwards on migration */
+ val = s->frindex & ~7;
+ break;
+ default:
+ val = s->opreg[addr >> 2];
+ }
+
trace_usb_ehci_opreg_read(addr + s->opregbase, addr2str(addr), val);
return val;
}
@@ -831,7 +995,7 @@ static uint64_t ehci_port_read(void *ptr, hwaddr addr,
uint32_t val;
val = s->portsc[addr >> 2];
- trace_usb_ehci_portsc_read(addr + PORTSC_BEGIN, addr >> 2, val);
+ trace_usb_ehci_portsc_read(addr + s->portscbase, addr >> 2, val);
return val;
}
@@ -872,7 +1036,7 @@ static void ehci_port_write(void *ptr, hwaddr addr,
uint32_t old = *portsc;
USBDevice *dev = s->ports[port].dev;
- trace_usb_ehci_portsc_write(addr + PORTSC_BEGIN, addr >> 2, val);
+ trace_usb_ehci_portsc_write(addr + s->portscbase, addr >> 2, val);
/* Clear rwc bits */
*portsc &= ~(val & PORTSC_RWC_MASK);
@@ -905,7 +1069,7 @@ static void ehci_port_write(void *ptr, hwaddr addr,
*portsc &= ~PORTSC_RO_MASK;
*portsc |= val;
- trace_usb_ehci_portsc_change(addr + PORTSC_BEGIN, addr >> 2, *portsc, old);
+ trace_usb_ehci_portsc_change(addr + s->portscbase, addr >> 2, *portsc, old);
}
static void ehci_opreg_write(void *ptr, hwaddr addr,
@@ -970,7 +1134,8 @@ static void ehci_opreg_write(void *ptr, hwaddr addr,
break;
case FRINDEX:
- val &= 0x00003ff8; /* frindex is 14bits and always a multiple of 8 */
+ val &= 0x00003fff; /* frindex is 14bits */
+ s->usbsts_frindex = val;
break;
case CONFIGFLAG:
@@ -1003,48 +1168,6 @@ static void ehci_opreg_write(void *ptr, hwaddr addr,
*mmio, old);
}
-/* Get an array of dwords from main memory */
-static inline int get_dwords(EHCIState *ehci, uint32_t addr,
- uint32_t *buf, int num)
-{
- int i;
-
- if (!ehci->dma) {
- ehci_raise_irq(ehci, USBSTS_HSE);
- ehci->usbcmd &= ~USBCMD_RUNSTOP;
- trace_usb_ehci_dma_error();
- return -1;
- }
-
- for(i = 0; i < num; i++, buf++, addr += sizeof(*buf)) {
- dma_memory_read(ehci->dma, addr, buf, sizeof(*buf));
- *buf = le32_to_cpu(*buf);
- }
-
- return num;
-}
-
-/* Put an array of dwords in to main memory */
-static inline int put_dwords(EHCIState *ehci, uint32_t addr,
- uint32_t *buf, int num)
-{
- int i;
-
- if (!ehci->dma) {
- ehci_raise_irq(ehci, USBSTS_HSE);
- ehci->usbcmd &= ~USBCMD_RUNSTOP;
- trace_usb_ehci_dma_error();
- return -1;
- }
-
- for(i = 0; i < num; i++, buf++, addr += sizeof(*buf)) {
- uint32_t tmp = cpu_to_le32(*buf);
- dma_memory_write(ehci->dma, addr, &tmp, sizeof(tmp));
- }
-
- return num;
-}
-
/*
* Write the qh back to guest physical memory. This step isn't
* in the EHCI spec but we need to do it since we don't share
@@ -1118,11 +1241,13 @@ static int ehci_init_transfer(EHCIPacket *p)
{
uint32_t cpage, offset, bytes, plen;
dma_addr_t page;
+ USBBus *bus = &p->queue->ehci->bus;
+ BusState *qbus = BUS(bus);
cpage = get_field(p->qtd.token, QTD_TOKEN_CPAGE);
bytes = get_field(p->qtd.token, QTD_TOKEN_TBYTES);
offset = p->qtd.bufptr[0] & ~QTD_BUFPTR_MASK;
- qemu_sglist_init(&p->sgl, 5, p->queue->ehci->dma);
+ qemu_sglist_init(&p->sgl, qbus->parent, 5, p->queue->ehci->as);
while (bytes > 0) {
if (cpage > 4) {
@@ -1188,9 +1313,10 @@ static void ehci_async_complete_packet(USBPort *port, USBPacket *packet)
trace_usb_ehci_packet_action(p->queue, p, "wakeup");
p->async = EHCI_ASYNC_FINISHED;
- if (p->queue->async) {
- qemu_bh_schedule(p->queue->ehci->async_bh);
+ if (!p->queue->async) {
+ s->periodic_sched_active = PERIODIC_ACTIVE;
}
+ qemu_bh_schedule(s->async_bh);
}
static void ehci_execute_complete(EHCIQueue *q)
@@ -1231,7 +1357,7 @@ static void ehci_execute_complete(EHCIQueue *q)
default:
/* should not be triggerable */
fprintf(stderr, "USB invalid response %d\n", p->packet.status);
- assert(0);
+ g_assert_not_reached();
break;
}
@@ -1242,6 +1368,9 @@ static void ehci_execute_complete(EHCIQueue *q)
if (tbytes) {
/* 4.15.1.2 must raise int on a short input packet */
ehci_raise_irq(q->ehci, USBSTS_INT);
+ if (q->async) {
+ q->ehci->int_req_by_async = true;
+ }
}
} else {
tbytes = 0;
@@ -1286,22 +1415,11 @@ static int ehci_execute(EHCIPacket *p, const char *action)
return -1;
}
- p->pid = (p->qtd.token & QTD_TOKEN_PID_MASK) >> QTD_TOKEN_PID_SH;
- switch (p->pid) {
- case 0:
- p->pid = USB_TOKEN_OUT;
- break;
- case 1:
- p->pid = USB_TOKEN_IN;
- break;
- case 2:
- p->pid = USB_TOKEN_SETUP;
- break;
- default:
- fprintf(stderr, "bad token\n");
- break;
+ if (!ehci_verify_pid(p->queue, &p->qtd)) {
+ ehci_queue_stopped(p->queue); /* Mark the ep in the prev dir stopped */
}
-
+ p->pid = ehci_get_pid(&p->qtd);
+ p->queue->last_pid = p->pid;
endp = get_field(p->queue->qh.epchar, QH_EPCHAR_EP);
ep = usb_ep_get(p->queue->dev, p->pid, endp);
@@ -1311,7 +1429,7 @@ static int ehci_execute(EHCIPacket *p, const char *action)
}
spd = (p->pid == USB_TOKEN_IN && NLPTR_TBIT(p->qtd.altnext) == 0);
- usb_packet_setup(&p->packet, p->pid, ep, p->qtdaddr, spd,
+ usb_packet_setup(&p->packet, p->pid, ep, 0, p->qtdaddr, spd,
(p->qtd.token & QTD_TOKEN_IOC) != 0);
usb_packet_map(&p->packet, &p->sgl);
p->async = EHCI_ASYNC_INITIALIZED;
@@ -1344,6 +1462,8 @@ static int ehci_process_itd(EHCIState *ehci,
uint32_t i, len, pid, dir, devaddr, endp;
uint32_t pg, off, ptr1, ptr2, max, mult;
+ ehci->periodic_sched_active = PERIODIC_ACTIVE;
+
dir =(itd->bufptr[1] & ITD_BUFPTR_DIRECTION);
devaddr = get_field(itd->bufptr[0], ITD_BUFPTR_DEVADDR);
endp = get_field(itd->bufptr[0], ITD_BUFPTR_EP);
@@ -1366,7 +1486,7 @@ static int ehci_process_itd(EHCIState *ehci,
return -1;
}
- qemu_sglist_init(&ehci->isgl, 2, ehci->dma);
+ qemu_sglist_init(&ehci->isgl, DEVICE(ehci), 2, ehci->as);
if (off + len > 4096) {
/* transfer crosses page border */
uint32_t len2 = off + len - 4096;
@@ -1382,7 +1502,7 @@ static int ehci_process_itd(EHCIState *ehci,
dev = ehci_find_device(ehci, devaddr);
ep = usb_ep_get(dev, pid, endp);
if (ep && ep->type == USB_ENDPOINT_XFER_ISOC) {
- usb_packet_setup(&ehci->ipacket, pid, ep, addr, false,
+ usb_packet_setup(&ehci->ipacket, pid, ep, 0, addr, false,
(itd->transact[i] & ITD_XACT_IOC) != 0);
usb_packet_map(&ehci->ipacket, &ehci->isgl);
usb_handle_packet(dev, &ehci->ipacket);
@@ -1534,8 +1654,7 @@ out:
static EHCIQueue *ehci_state_fetchqh(EHCIState *ehci, int async)
{
- EHCIPacket *p;
- uint32_t entry, devaddr, endp;
+ uint32_t entry;
EHCIQueue *q;
EHCIqh qh;
@@ -1544,7 +1663,6 @@ static EHCIQueue *ehci_state_fetchqh(EHCIState *ehci, int async)
if (NULL == q) {
q = ehci_alloc_queue(ehci, entry, async);
}
- p = QTAILQ_FIRST(&q->packets);
q->seen++;
if (q->seen > 1) {
@@ -1565,19 +1683,10 @@ static EHCIQueue *ehci_state_fetchqh(EHCIState *ehci, int async)
* The overlay area of the qh should never be changed by the guest,
* except when idle, in which case the reset is a nop.
*/
- devaddr = get_field(qh.epchar, QH_EPCHAR_DEVADDR);
- endp = get_field(qh.epchar, QH_EPCHAR_EP);
- if ((devaddr != get_field(q->qh.epchar, QH_EPCHAR_DEVADDR)) ||
- (endp != get_field(q->qh.epchar, QH_EPCHAR_EP)) ||
- (qh.current_qtd != q->qh.current_qtd) ||
- (q->async && qh.next_qtd != q->qh.next_qtd) ||
- (memcmp(&qh.altnext_qtd, &q->qh.altnext_qtd,
- 7 * sizeof(uint32_t)) != 0) ||
- (q->dev != NULL && q->dev->addr != devaddr)) {
+ if (!ehci_verify_qh(q, &qh)) {
if (ehci_reset_queue(q) > 0) {
ehci_trace_guest_bug(ehci, "guest updated active QH");
}
- p = NULL;
}
q->qh = qh;
@@ -1587,14 +1696,8 @@ static EHCIQueue *ehci_state_fetchqh(EHCIState *ehci, int async)
}
if (q->dev == NULL) {
- q->dev = ehci_find_device(q->ehci, devaddr);
- }
-
- if (p && p->async == EHCI_ASYNC_FINISHED) {
- /* I/O finished -- continue processing queue */
- trace_usb_ehci_packet_action(p->queue, p, "complete");
- ehci_set_state(ehci, async, EST_EXECUTING);
- goto out;
+ q->dev = ehci_find_device(q->ehci,
+ get_field(q->qh.epchar, QH_EPCHAR_DEVADDR));
}
if (async && (q->qh.epchar & QH_EPCHAR_H)) {
@@ -1745,13 +1848,11 @@ static int ehci_state_fetchqtd(EHCIQueue *q)
p = QTAILQ_FIRST(&q->packets);
if (p != NULL) {
- if (p->qtdaddr != q->qtdaddr ||
- (q->async && !NLPTR_TBIT(p->qtd.next) &&
- (p->qtd.next != qtd.next)) ||
- (!NLPTR_TBIT(p->qtd.altnext) && (p->qtd.altnext != qtd.altnext)) ||
- p->qtd.bufptr[0] != qtd.bufptr[0]) {
+ if (!ehci_verify_qtd(p, &qtd)) {
ehci_cancel_queue(q);
- ehci_trace_guest_bug(q->ehci, "guest updated active QH or qTD");
+ if (qtd.token & QTD_TOKEN_ACTIVE) {
+ ehci_trace_guest_bug(q->ehci, "guest updated active qTD");
+ }
p = NULL;
} else {
p->qtd = qtd;
@@ -1760,11 +1861,6 @@ static int ehci_state_fetchqtd(EHCIQueue *q)
}
if (!(qtd.token & QTD_TOKEN_ACTIVE)) {
- if (p != NULL) {
- /* transfer canceled by guest (clear active) */
- ehci_cancel_queue(q);
- p = NULL;
- }
ehci_set_state(q->ehci, q->async, EST_HORIZONTALQH);
} else if (p != NULL) {
switch (p->async) {
@@ -1780,10 +1876,7 @@ static int ehci_state_fetchqtd(EHCIQueue *q)
ehci_set_state(q->ehci, q->async, EST_HORIZONTALQH);
break;
case EHCI_ASYNC_FINISHED:
- /*
- * We get here when advqueue moves to a packet which is already
- * finished, which can happen with packets queued up by fill_queue
- */
+ /* Complete executing of the packet */
ehci_set_state(q->ehci, q->async, EST_EXECUTING);
break;
}
@@ -1842,6 +1935,10 @@ static int ehci_fill_queue(EHCIPacket *p)
if (!(qtd.token & QTD_TOKEN_ACTIVE)) {
break;
}
+ if (!ehci_verify_pid(q, &qtd)) {
+ ehci_trace_guest_bug(q->ehci, "guest queued token with wrong pid");
+ break;
+ }
p = ehci_alloc_packet(q);
p->qtdaddr = qtdaddr;
p->qtd = qtd;
@@ -2004,18 +2101,22 @@ static void ehci_advance_state(EHCIState *ehci, int async)
break;
case EST_ADVANCEQUEUE:
+ assert(q != NULL);
again = ehci_state_advqueue(q);
break;
case EST_FETCHQTD:
+ assert(q != NULL);
again = ehci_state_fetchqtd(q);
break;
case EST_HORIZONTALQH:
+ assert(q != NULL);
again = ehci_state_horizqh(q);
break;
case EST_EXECUTE:
+ assert(q != NULL);
again = ehci_state_execute(q);
if (async) {
ehci->async_stepdown = 0;
@@ -2033,12 +2134,15 @@ static void ehci_advance_state(EHCIState *ehci, int async)
case EST_WRITEBACK:
assert(q != NULL);
again = ehci_state_writeback(q);
+ if (!async) {
+ ehci->periodic_sched_active = PERIODIC_ACTIVE;
+ }
break;
default:
fprintf(stderr, "Bad state!\n");
again = -1;
- assert(0);
+ g_assert_not_reached();
break;
}
@@ -2102,7 +2206,7 @@ static void ehci_advance_async_state(EHCIState *ehci)
/* this should only be due to a developer mistake */
fprintf(stderr, "ehci: Bad asynchronous state %d. "
"Resetting to active\n", ehci->astate);
- assert(0);
+ g_assert_not_reached();
}
}
@@ -2152,20 +2256,20 @@ static void ehci_advance_periodic_state(EHCIState *ehci)
/* this should only be due to a developer mistake */
fprintf(stderr, "ehci: Bad periodic state %d. "
"Resetting to active\n", ehci->pstate);
- assert(0);
+ g_assert_not_reached();
}
}
-static void ehci_update_frindex(EHCIState *ehci, int frames)
+static void ehci_update_frindex(EHCIState *ehci, int uframes)
{
int i;
- if (!ehci_enabled(ehci)) {
+ if (!ehci_enabled(ehci) && ehci->pstate == EST_INACTIVE) {
return;
}
- for (i = 0; i < frames; i++) {
- ehci->frindex += 8;
+ for (i = 0; i < uframes; i++) {
+ ehci->frindex++;
if (ehci->frindex == 0x00002000) {
ehci_raise_irq(ehci, USBSTS_FLR);
@@ -2189,49 +2293,57 @@ static void ehci_frame_timer(void *opaque)
int need_timer = 0;
int64_t expire_time, t_now;
uint64_t ns_elapsed;
- int frames, skipped_frames;
+ int uframes, skipped_uframes;
int i;
t_now = qemu_get_clock_ns(vm_clock);
ns_elapsed = t_now - ehci->last_run_ns;
- frames = ns_elapsed / FRAME_TIMER_NS;
+ uframes = ns_elapsed / UFRAME_TIMER_NS;
if (ehci_periodic_enabled(ehci) || ehci->pstate != EST_INACTIVE) {
need_timer++;
- ehci->async_stepdown = 0;
- if (frames > ehci->maxframes) {
- skipped_frames = frames - ehci->maxframes;
- ehci_update_frindex(ehci, skipped_frames);
- ehci->last_run_ns += FRAME_TIMER_NS * skipped_frames;
- frames -= skipped_frames;
- DPRINTF("WARNING - EHCI skipped %d frames\n", skipped_frames);
+ if (uframes > (ehci->maxframes * 8)) {
+ skipped_uframes = uframes - (ehci->maxframes * 8);
+ ehci_update_frindex(ehci, skipped_uframes);
+ ehci->last_run_ns += UFRAME_TIMER_NS * skipped_uframes;
+ uframes -= skipped_uframes;
+ DPRINTF("WARNING - EHCI skipped %d uframes\n", skipped_uframes);
}
- for (i = 0; i < frames; i++) {
+ for (i = 0; i < uframes; i++) {
/*
* If we're running behind schedule, we should not catch up
* too fast, as that will make some guests unhappy:
- * 1) We must process a minimum of MIN_FR_PER_TICK frames,
+ * 1) We must process a minimum of MIN_UFR_PER_TICK frames,
* otherwise we will never catch up
* 2) Process frames until the guest has requested an irq (IOC)
*/
- if (i >= MIN_FR_PER_TICK) {
+ if (i >= MIN_UFR_PER_TICK) {
ehci_commit_irq(ehci);
if ((ehci->usbsts & USBINTR_MASK) & ehci->usbintr) {
break;
}
}
+ if (ehci->periodic_sched_active) {
+ ehci->periodic_sched_active--;
+ }
ehci_update_frindex(ehci, 1);
- ehci_advance_periodic_state(ehci);
- ehci->last_run_ns += FRAME_TIMER_NS;
+ if ((ehci->frindex & 7) == 0) {
+ ehci_advance_periodic_state(ehci);
+ }
+ ehci->last_run_ns += UFRAME_TIMER_NS;
}
} else {
- if (ehci->async_stepdown < ehci->maxframes / 2) {
- ehci->async_stepdown++;
- }
- ehci_update_frindex(ehci, frames);
- ehci->last_run_ns += FRAME_TIMER_NS * frames;
+ ehci->periodic_sched_active = 0;
+ ehci_update_frindex(ehci, uframes);
+ ehci->last_run_ns += UFRAME_TIMER_NS * uframes;
+ }
+
+ if (ehci->periodic_sched_active) {
+ ehci->async_stepdown = 0;
+ } else if (ehci->async_stepdown < ehci->maxframes / 2) {
+ ehci->async_stepdown++;
}
/* Async is not inside loop since it executes everything it can once
@@ -2256,7 +2368,7 @@ static void ehci_frame_timer(void *opaque)
/* If we've raised int, we speed up the timer, so that we quickly
* notice any new packets queued up in response */
if (ehci->int_req_by_async && (ehci->usbsts & USBSTS_INT)) {
- expire_time = t_now + get_ticks_per_sec() / (FRAME_TIMER_FREQ * 2);
+ expire_time = t_now + get_ticks_per_sec() / (FRAME_TIMER_FREQ * 4);
ehci->int_req_by_async = false;
} else {
expire_time = t_now + (get_ticks_per_sec()
@@ -2301,8 +2413,20 @@ static USBPortOps ehci_port_ops = {
static USBBusOps ehci_bus_ops = {
.register_companion = ehci_register_companion,
+ .wakeup_endpoint = ehci_wakeup_endpoint,
};
+static void usb_ehci_pre_save(void *opaque)
+{
+ EHCIState *ehci = opaque;
+ uint32_t new_frindex;
+
+ /* Round down frindex to a multiple of 8 for migration compatibility */
+ new_frindex = ehci->frindex & ~7;
+ ehci->last_run_ns -= (ehci->frindex - new_frindex) * UFRAME_TIMER_NS;
+ ehci->frindex = new_frindex;
+}
+
static int usb_ehci_post_load(void *opaque, int version_id)
{
EHCIState *s = opaque;
@@ -2353,6 +2477,7 @@ const VMStateDescription vmstate_ehci = {
.name = "ehci-core",
.version_id = 2,
.minimum_version_id = 1,
+ .pre_save = usb_ehci_pre_save,
.post_load = usb_ehci_post_load,
.fields = (VMStateField[]) {
/* mmio registers */
@@ -2385,16 +2510,38 @@ const VMStateDescription vmstate_ehci = {
}
};
-void usb_ehci_initfn(EHCIState *s, DeviceState *dev)
+void usb_ehci_realize(EHCIState *s, DeviceState *dev, Error **errp)
{
int i;
+ if (s->portnr > NB_PORTS) {
+ error_setg(errp, "Too many ports! Max. port number is %d.",
+ NB_PORTS);
+ return;
+ }
+
+ usb_bus_new(&s->bus, &ehci_bus_ops, dev);
+ for (i = 0; i < s->portnr; i++) {
+ usb_register_port(&s->bus, &s->ports[i], s, i, &ehci_port_ops,
+ USB_SPEED_MASK_HIGH);
+ s->ports[i].dev = 0;
+ }
+
+ s->frame_timer = qemu_new_timer_ns(vm_clock, ehci_frame_timer, s);
+ s->async_bh = qemu_bh_new(ehci_frame_timer, s);
+
+ qemu_register_reset(ehci_reset, s);
+ qemu_add_vm_change_state_handler(usb_ehci_vm_state_change, s);
+}
+
+void usb_ehci_init(EHCIState *s, DeviceState *dev)
+{
/* 2.2 host controller interface version */
s->caps[0x00] = (uint8_t)(s->opregbase - s->capsbase);
s->caps[0x01] = 0x00;
s->caps[0x02] = 0x00;
s->caps[0x03] = 0x01; /* HC version */
- s->caps[0x04] = NB_PORTS; /* Number of downstream ports */
+ s->caps[0x04] = s->portnr; /* Number of downstream ports */
s->caps[0x05] = 0x00; /* No companion ports at present */
s->caps[0x06] = 0x00;
s->caps[0x07] = 0x00;
@@ -2402,33 +2549,21 @@ void usb_ehci_initfn(EHCIState *s, DeviceState *dev)
s->caps[0x0a] = 0x00;
s->caps[0x0b] = 0x00;
- usb_bus_new(&s->bus, &ehci_bus_ops, dev);
- for(i = 0; i < NB_PORTS; i++) {
- usb_register_port(&s->bus, &s->ports[i], s, i, &ehci_port_ops,
- USB_SPEED_MASK_HIGH);
- s->ports[i].dev = 0;
- }
-
- s->frame_timer = qemu_new_timer_ns(vm_clock, ehci_frame_timer, s);
- s->async_bh = qemu_bh_new(ehci_frame_timer, s);
QTAILQ_INIT(&s->aqueues);
QTAILQ_INIT(&s->pqueues);
usb_packet_init(&s->ipacket);
- qemu_register_reset(ehci_reset, s);
- qemu_add_vm_change_state_handler(usb_ehci_vm_state_change, s);
-
- memory_region_init(&s->mem, "ehci", MMIO_SIZE);
- memory_region_init_io(&s->mem_caps, &ehci_mmio_caps_ops, s,
+ memory_region_init(&s->mem, OBJECT(dev), "ehci", MMIO_SIZE);
+ memory_region_init_io(&s->mem_caps, OBJECT(dev), &ehci_mmio_caps_ops, s,
"capabilities", CAPA_SIZE);
- memory_region_init_io(&s->mem_opreg, &ehci_mmio_opreg_ops, s,
- "operational", PORTSC_BEGIN);
- memory_region_init_io(&s->mem_ports, &ehci_mmio_port_ops, s,
- "ports", PORTSC_END - PORTSC_BEGIN);
+ memory_region_init_io(&s->mem_opreg, OBJECT(dev), &ehci_mmio_opreg_ops, s,
+ "operational", s->portscbase);
+ memory_region_init_io(&s->mem_ports, OBJECT(dev), &ehci_mmio_port_ops, s,
+ "ports", 4 * s->portnr);
memory_region_add_subregion(&s->mem, s->capsbase, &s->mem_caps);
memory_region_add_subregion(&s->mem, s->opregbase, &s->mem_opreg);
- memory_region_add_subregion(&s->mem, s->opregbase + PORTSC_BEGIN,
+ memory_region_add_subregion(&s->mem, s->opregbase + s->portscbase,
&s->mem_ports);
}
diff --git a/hw/usb/hcd-ehci.h b/hw/usb/hcd-ehci.h
index d8078f455..15a28e8b3 100644
--- a/hw/usb/hcd-ehci.h
+++ b/hw/usb/hcd-ehci.h
@@ -14,14 +14,18 @@
* You should have received a copy of the GNU General Public License
* along with this program; if not, see <http://www.gnu.org/licenses/>.
*/
+#ifndef HW_USB_EHCI_H
+#define HW_USB_EHCI_H 1
#include "hw/hw.h"
-#include "qemu-timer.h"
+#include "qemu/timer.h"
#include "hw/usb.h"
-#include "monitor.h"
+#include "monitor/monitor.h"
#include "trace.h"
-#include "dma.h"
-#include "sysemu.h"
+#include "sysemu/dma.h"
+#include "sysemu/sysemu.h"
+#include "hw/pci/pci.h"
+#include "hw/sysbus.h"
#ifndef EHCI_DEBUG
#define EHCI_DEBUG 0
@@ -36,11 +40,7 @@
#define MMIO_SIZE 0x1000
#define CAPA_SIZE 0x10
-#define PORTSC 0x0044
-#define PORTSC_BEGIN PORTSC
-#define PORTSC_END (PORTSC + 4 * NB_PORTS)
-
-#define NB_PORTS 6 /* Number of downstream ports */
+#define NB_PORTS 6 /* Max. Number of downstream ports */
typedef struct EHCIPacket EHCIPacket;
typedef struct EHCIQueue EHCIQueue;
@@ -246,6 +246,7 @@ struct EHCIQueue {
EHCIqh qh; /* copy of current QH (being worked on) */
uint32_t qhaddr; /* address QH read from */
uint32_t qtdaddr; /* address QTD read from */
+ int last_pid; /* pid of last packet executed */
USBDevice *dev;
QTAILQ_HEAD(pkts_head, EHCIPacket) packets;
};
@@ -256,13 +257,15 @@ struct EHCIState {
USBBus bus;
qemu_irq irq;
MemoryRegion mem;
- DMAContext *dma;
+ AddressSpace *as;
MemoryRegion mem_caps;
MemoryRegion mem_opreg;
MemoryRegion mem_ports;
int companion_count;
uint16_t capsbase;
uint16_t opregbase;
+ uint16_t portscbase;
+ uint16_t portnr;
/* properties */
uint32_t maxframes;
@@ -273,7 +276,7 @@ struct EHCIState {
*/
uint8_t caps[CAPA_SIZE];
union {
- uint32_t opreg[PORTSC_BEGIN/sizeof(uint32_t)];
+ uint32_t opreg[0x44/sizeof(uint32_t)];
struct {
uint32_t usbcmd;
uint32_t usbsts;
@@ -311,9 +314,67 @@ struct EHCIState {
uint64_t last_run_ns;
uint32_t async_stepdown;
+ uint32_t periodic_sched_active;
bool int_req_by_async;
};
extern const VMStateDescription vmstate_ehci;
-void usb_ehci_initfn(EHCIState *s, DeviceState *dev);
+void usb_ehci_init(EHCIState *s, DeviceState *dev);
+void usb_ehci_realize(EHCIState *s, DeviceState *dev, Error **errp);
+
+#define TYPE_PCI_EHCI "pci-ehci-usb"
+#define PCI_EHCI(obj) OBJECT_CHECK(EHCIPCIState, (obj), TYPE_PCI_EHCI)
+
+typedef struct EHCIPCIState {
+ /*< private >*/
+ PCIDevice pcidev;
+ /*< public >*/
+
+ EHCIState ehci;
+} EHCIPCIState;
+
+
+#define TYPE_SYS_BUS_EHCI "sysbus-ehci-usb"
+#define TYPE_EXYNOS4210_EHCI "exynos4210-ehci-usb"
+#define TYPE_TEGRA2_EHCI "tegra2-ehci-usb"
+#define TYPE_FUSBH200_EHCI "fusbh200-ehci-usb"
+
+#define SYS_BUS_EHCI(obj) \
+ OBJECT_CHECK(EHCISysBusState, (obj), TYPE_SYS_BUS_EHCI)
+#define SYS_BUS_EHCI_CLASS(class) \
+ OBJECT_CLASS_CHECK(SysBusEHCIClass, (class), TYPE_SYS_BUS_EHCI)
+#define SYS_BUS_EHCI_GET_CLASS(obj) \
+ OBJECT_GET_CLASS(SysBusEHCIClass, (obj), TYPE_SYS_BUS_EHCI)
+
+typedef struct EHCISysBusState {
+ /*< private >*/
+ SysBusDevice parent_obj;
+ /*< public >*/
+
+ EHCIState ehci;
+} EHCISysBusState;
+
+typedef struct SysBusEHCIClass {
+ /*< private >*/
+ SysBusDeviceClass parent_class;
+ /*< public >*/
+
+ uint16_t capsbase;
+ uint16_t opregbase;
+ uint16_t portscbase;
+ uint16_t portnr;
+} SysBusEHCIClass;
+
+#define FUSBH200_EHCI(obj) \
+ OBJECT_CHECK(FUSBH200EHCIState, (obj), TYPE_FUSBH200_EHCI)
+
+typedef struct FUSBH200EHCIState {
+ /*< private >*/
+ EHCISysBusState parent_obj;
+ /*< public >*/
+
+ MemoryRegion mem_vendor;
+} FUSBH200EHCIState;
+
+#endif
diff --git a/hw/usb/hcd-musb.c b/hw/usb/hcd-musb.c
index c707f7a2b..7968e17c3 100644
--- a/hw/usb/hcd-musb.c
+++ b/hw/usb/hcd-musb.c
@@ -21,7 +21,7 @@
* Only host-mode and non-DMA accesses are currently supported.
*/
#include "qemu-common.h"
-#include "qemu-timer.h"
+#include "qemu/timer.h"
#include "hw/usb.h"
#include "hw/irq.h"
#include "hw/hw.h"
@@ -625,7 +625,7 @@ static void musb_packet(MUSBState *s, MUSBEndPoint *ep,
/* A wild guess on the FADDR semantics... */
dev = usb_find_device(&s->port, ep->faddr[idx]);
uep = usb_ep_get(dev, pid, ep->type[idx] & 0xf);
- usb_packet_setup(&ep->packey[dir].p, pid, uep,
+ usb_packet_setup(&ep->packey[dir].p, pid, uep, 0,
(dev->addr << 16) | (uep->nr << 8) | pid, false, true);
usb_packet_addbuf(&ep->packey[dir].p, ep->buf[idx], len);
ep->packey[dir].ep = ep;
diff --git a/hw/usb/hcd-ohci.c b/hw/usb/hcd-ohci.c
index e16a2ecab..d7836d680 100644
--- a/hw/usb/hcd-ohci.c
+++ b/hw/usb/hcd-ohci.c
@@ -22,14 +22,13 @@
* o Allocate bandwidth in frames properly
* o Disable timers when nothing needs to be done, or remove timer usage
* all together.
- * o Handle unrecoverable errors properly
* o BIOS work to boot from USB storage
*/
#include "hw/hw.h"
-#include "qemu-timer.h"
+#include "qemu/timer.h"
#include "hw/usb.h"
-#include "hw/pci.h"
+#include "hw/pci/pci.h"
#include "hw/sysbus.h"
#include "hw/qdev-dma.h"
@@ -62,7 +61,7 @@ typedef struct {
USBBus bus;
qemu_irq irq;
MemoryRegion mem;
- DMAContext *dma;
+ AddressSpace *as;
int num_ports;
const char *name;
@@ -308,6 +307,8 @@ struct ohci_iso_td {
#define OHCI_HRESET_FSBIR (1 << 0)
+static void ohci_die(OHCIState *ohci);
+
/* Update IRQ levels */
static inline void ohci_intr_update(OHCIState *ohci)
{
@@ -430,6 +431,23 @@ static USBDevice *ohci_find_device(OHCIState *ohci, uint8_t addr)
return NULL;
}
+static void ohci_stop_endpoints(OHCIState *ohci)
+{
+ USBDevice *dev;
+ int i, j;
+
+ for (i = 0; i < ohci->num_ports; i++) {
+ dev = ohci->rhport[i].port.dev;
+ if (dev && dev->attached) {
+ usb_device_ep_stopped(dev, &dev->ep_ctl);
+ for (j = 0; j < USB_MAX_ENDPOINTS; j++) {
+ usb_device_ep_stopped(dev, &dev->ep_in[j]);
+ usb_device_ep_stopped(dev, &dev->ep_out[j]);
+ }
+ }
+ }
+}
+
/* Reset the controller */
static void ohci_reset(void *opaque)
{
@@ -478,6 +496,7 @@ static void ohci_reset(void *opaque)
usb_cancel_packet(&ohci->usb_packet);
ohci->async_td = 0;
}
+ ohci_stop_endpoints(ohci);
DPRINTF("usb-ohci: Reset %s\n", ohci->name);
}
@@ -490,11 +509,13 @@ static inline int get_dwords(OHCIState *ohci,
addr += ohci->localmem_base;
for (i = 0; i < num; i++, buf++, addr += sizeof(*buf)) {
- dma_memory_read(ohci->dma, addr, buf, sizeof(*buf));
+ if (dma_memory_read(ohci->as, addr, buf, sizeof(*buf))) {
+ return -1;
+ }
*buf = le32_to_cpu(*buf);
}
- return 1;
+ return 0;
}
/* Put an array of dwords in to main memory */
@@ -507,10 +528,12 @@ static inline int put_dwords(OHCIState *ohci,
for (i = 0; i < num; i++, buf++, addr += sizeof(*buf)) {
uint32_t tmp = cpu_to_le32(*buf);
- dma_memory_write(ohci->dma, addr, &tmp, sizeof(tmp));
+ if (dma_memory_write(ohci->as, addr, &tmp, sizeof(tmp))) {
+ return -1;
+ }
}
- return 1;
+ return 0;
}
/* Get an array of words from main memory */
@@ -522,11 +545,13 @@ static inline int get_words(OHCIState *ohci,
addr += ohci->localmem_base;
for (i = 0; i < num; i++, buf++, addr += sizeof(*buf)) {
- dma_memory_read(ohci->dma, addr, buf, sizeof(*buf));
+ if (dma_memory_read(ohci->as, addr, buf, sizeof(*buf))) {
+ return -1;
+ }
*buf = le16_to_cpu(*buf);
}
- return 1;
+ return 0;
}
/* Put an array of words in to main memory */
@@ -539,10 +564,12 @@ static inline int put_words(OHCIState *ohci,
for (i = 0; i < num; i++, buf++, addr += sizeof(*buf)) {
uint16_t tmp = cpu_to_le16(*buf);
- dma_memory_write(ohci->dma, addr, &tmp, sizeof(tmp));
+ if (dma_memory_write(ohci->as, addr, &tmp, sizeof(tmp))) {
+ return -1;
+ }
}
- return 1;
+ return 0;
}
static inline int ohci_read_ed(OHCIState *ohci,
@@ -560,15 +587,15 @@ static inline int ohci_read_td(OHCIState *ohci,
static inline int ohci_read_iso_td(OHCIState *ohci,
dma_addr_t addr, struct ohci_iso_td *td)
{
- return (get_dwords(ohci, addr, (uint32_t *)td, 4) &&
- get_words(ohci, addr + 16, td->offset, 8));
+ return get_dwords(ohci, addr, (uint32_t *)td, 4) ||
+ get_words(ohci, addr + 16, td->offset, 8);
}
static inline int ohci_read_hcca(OHCIState *ohci,
dma_addr_t addr, struct ohci_hcca *hcca)
{
- dma_memory_read(ohci->dma, addr + ohci->localmem_base, hcca, sizeof(*hcca));
- return 1;
+ return dma_memory_read(ohci->as, addr + ohci->localmem_base,
+ hcca, sizeof(*hcca));
}
static inline int ohci_put_ed(OHCIState *ohci,
@@ -592,23 +619,22 @@ static inline int ohci_put_td(OHCIState *ohci,
static inline int ohci_put_iso_td(OHCIState *ohci,
dma_addr_t addr, struct ohci_iso_td *td)
{
- return (put_dwords(ohci, addr, (uint32_t *)td, 4) &&
- put_words(ohci, addr + 16, td->offset, 8));
+ return put_dwords(ohci, addr, (uint32_t *)td, 4 ||
+ put_words(ohci, addr + 16, td->offset, 8));
}
static inline int ohci_put_hcca(OHCIState *ohci,
dma_addr_t addr, struct ohci_hcca *hcca)
{
- dma_memory_write(ohci->dma,
- addr + ohci->localmem_base + HCCA_WRITEBACK_OFFSET,
- (char *)hcca + HCCA_WRITEBACK_OFFSET,
- HCCA_WRITEBACK_SIZE);
- return 1;
+ return dma_memory_write(ohci->as,
+ addr + ohci->localmem_base + HCCA_WRITEBACK_OFFSET,
+ (char *)hcca + HCCA_WRITEBACK_OFFSET,
+ HCCA_WRITEBACK_SIZE);
}
/* Read/Write the contents of a TD from/to main memory. */
-static void ohci_copy_td(OHCIState *ohci, struct ohci_td *td,
- uint8_t *buf, int len, DMADirection dir)
+static int ohci_copy_td(OHCIState *ohci, struct ohci_td *td,
+ uint8_t *buf, int len, DMADirection dir)
{
dma_addr_t ptr, n;
@@ -616,18 +642,26 @@ static void ohci_copy_td(OHCIState *ohci, struct ohci_td *td,
n = 0x1000 - (ptr & 0xfff);
if (n > len)
n = len;
- dma_memory_rw(ohci->dma, ptr + ohci->localmem_base, buf, n, dir);
- if (n == len)
- return;
+
+ if (dma_memory_rw(ohci->as, ptr + ohci->localmem_base, buf, n, dir)) {
+ return -1;
+ }
+ if (n == len) {
+ return 0;
+ }
ptr = td->be & ~0xfffu;
buf += n;
- dma_memory_rw(ohci->dma, ptr + ohci->localmem_base, buf, len - n, dir);
+ if (dma_memory_rw(ohci->as, ptr + ohci->localmem_base, buf,
+ len - n, dir)) {
+ return -1;
+ }
+ return 0;
}
/* Read/Write the contents of an ISO TD from/to main memory. */
-static void ohci_copy_iso_td(OHCIState *ohci,
- uint32_t start_addr, uint32_t end_addr,
- uint8_t *buf, int len, DMADirection dir)
+static int ohci_copy_iso_td(OHCIState *ohci,
+ uint32_t start_addr, uint32_t end_addr,
+ uint8_t *buf, int len, DMADirection dir)
{
dma_addr_t ptr, n;
@@ -635,12 +669,20 @@ static void ohci_copy_iso_td(OHCIState *ohci,
n = 0x1000 - (ptr & 0xfff);
if (n > len)
n = len;
- dma_memory_rw(ohci->dma, ptr + ohci->localmem_base, buf, n, dir);
- if (n == len)
- return;
+
+ if (dma_memory_rw(ohci->as, ptr + ohci->localmem_base, buf, n, dir)) {
+ return -1;
+ }
+ if (n == len) {
+ return 0;
+ }
ptr = end_addr & ~0xfffu;
buf += n;
- dma_memory_rw(ohci->dma, ptr + ohci->localmem_base, buf, len - n, dir);
+ if (dma_memory_rw(ohci->as, ptr + ohci->localmem_base, buf,
+ len - n, dir)) {
+ return -1;
+ }
+ return 0;
}
static void ohci_process_lists(OHCIState *ohci, int completion);
@@ -680,8 +722,9 @@ static int ohci_service_iso_td(OHCIState *ohci, struct ohci_ed *ed,
addr = ed->head & OHCI_DPTR_MASK;
- if (!ohci_read_iso_td(ohci, addr, &iso_td)) {
+ if (ohci_read_iso_td(ohci, addr, &iso_td)) {
printf("usb-ohci: ISO_TD read error at %x\n", addr);
+ ohci_die(ohci);
return 0;
}
@@ -722,7 +765,10 @@ static int ohci_service_iso_td(OHCIState *ohci, struct ohci_ed *ed,
i = OHCI_BM(iso_td.flags, TD_DI);
if (i < ohci->done_count)
ohci->done_count = i;
- ohci_put_iso_td(ohci, addr, &iso_td);
+ if (ohci_put_iso_td(ohci, addr, &iso_td)) {
+ ohci_die(ohci);
+ return 1;
+ }
return 0;
}
@@ -803,8 +849,11 @@ static int ohci_service_iso_td(OHCIState *ohci, struct ohci_ed *ed,
}
if (len && dir != OHCI_TD_DIR_IN) {
- ohci_copy_iso_td(ohci, start_addr, end_addr, ohci->usb_buf, len,
- DMA_DIRECTION_TO_DEVICE);
+ if (ohci_copy_iso_td(ohci, start_addr, end_addr, ohci->usb_buf, len,
+ DMA_DIRECTION_TO_DEVICE)) {
+ ohci_die(ohci);
+ return 1;
+ }
}
if (!completion) {
@@ -812,7 +861,7 @@ static int ohci_service_iso_td(OHCIState *ohci, struct ohci_ed *ed,
OHCI_BM(iso_td.flags, TD_DI) == 0;
dev = ohci_find_device(ohci, OHCI_BM(ed->flags, ED_FA));
ep = usb_ep_get(dev, pid, OHCI_BM(ed->flags, ED_EN));
- usb_packet_setup(&ohci->usb_packet, pid, ep, addr, false, int_req);
+ usb_packet_setup(&ohci->usb_packet, pid, ep, 0, addr, false, int_req);
usb_packet_addbuf(&ohci->usb_packet, ohci->usb_buf, len);
usb_handle_packet(dev, &ohci->usb_packet);
if (ohci->usb_packet.status == USB_RET_ASYNC) {
@@ -834,8 +883,11 @@ static int ohci_service_iso_td(OHCIState *ohci, struct ohci_ed *ed,
/* Writeback */
if (dir == OHCI_TD_DIR_IN && ret >= 0 && ret <= len) {
/* IN transfer succeeded */
- ohci_copy_iso_td(ohci, start_addr, end_addr, ohci->usb_buf, ret,
- DMA_DIRECTION_FROM_DEVICE);
+ if (ohci_copy_iso_td(ohci, start_addr, end_addr, ohci->usb_buf, ret,
+ DMA_DIRECTION_FROM_DEVICE)) {
+ ohci_die(ohci);
+ return 1;
+ }
OHCI_SET_BM(iso_td.offset[relative_frame_number], TD_PSW_CC,
OHCI_CC_NOERROR);
OHCI_SET_BM(iso_td.offset[relative_frame_number], TD_PSW_SIZE, ret);
@@ -892,7 +944,9 @@ static int ohci_service_iso_td(OHCIState *ohci, struct ohci_ed *ed,
if (i < ohci->done_count)
ohci->done_count = i;
}
- ohci_put_iso_td(ohci, addr, &iso_td);
+ if (ohci_put_iso_td(ohci, addr, &iso_td)) {
+ ohci_die(ohci);
+ }
return 1;
}
@@ -925,8 +979,9 @@ static int ohci_service_td(OHCIState *ohci, struct ohci_ed *ed)
#endif
return 1;
}
- if (!ohci_read_td(ohci, addr, &td)) {
+ if (ohci_read_td(ohci, addr, &td)) {
fprintf(stderr, "usb-ohci: TD read error at %x\n", addr);
+ ohci_die(ohci);
return 0;
}
@@ -979,8 +1034,10 @@ static int ohci_service_td(OHCIState *ohci, struct ohci_ed *ed)
pktlen = len;
}
if (!completion) {
- ohci_copy_td(ohci, &td, ohci->usb_buf, pktlen,
- DMA_DIRECTION_TO_DEVICE);
+ if (ohci_copy_td(ohci, &td, ohci->usb_buf, pktlen,
+ DMA_DIRECTION_TO_DEVICE)) {
+ ohci_die(ohci);
+ }
}
}
}
@@ -1016,7 +1073,7 @@ static int ohci_service_td(OHCIState *ohci, struct ohci_ed *ed)
}
dev = ohci_find_device(ohci, OHCI_BM(ed->flags, ED_FA));
ep = usb_ep_get(dev, pid, OHCI_BM(ed->flags, ED_EN));
- usb_packet_setup(&ohci->usb_packet, pid, ep, addr, !flag_r,
+ usb_packet_setup(&ohci->usb_packet, pid, ep, 0, addr, !flag_r,
OHCI_BM(td.flags, TD_DI) == 0);
usb_packet_addbuf(&ohci->usb_packet, ohci->usb_buf, pktlen);
usb_handle_packet(dev, &ohci->usb_packet);
@@ -1037,8 +1094,10 @@ static int ohci_service_td(OHCIState *ohci, struct ohci_ed *ed)
if (ret >= 0) {
if (dir == OHCI_TD_DIR_IN) {
- ohci_copy_td(ohci, &td, ohci->usb_buf, ret,
- DMA_DIRECTION_FROM_DEVICE);
+ if (ohci_copy_td(ohci, &td, ohci->usb_buf, ret,
+ DMA_DIRECTION_FROM_DEVICE)) {
+ ohci_die(ohci);
+ }
#ifdef DEBUG_PACKET
DPRINTF(" data:");
for (i = 0; i < ret; i++)
@@ -1115,7 +1174,10 @@ static int ohci_service_td(OHCIState *ohci, struct ohci_ed *ed)
if (i < ohci->done_count)
ohci->done_count = i;
exit_no_retire:
- ohci_put_td(ohci, addr, &td);
+ if (ohci_put_td(ohci, addr, &td)) {
+ ohci_die(ohci);
+ return 1;
+ }
return OHCI_BM(td.flags, TD_CC) != OHCI_CC_NOERROR;
}
@@ -1133,8 +1195,9 @@ static int ohci_service_ed_list(OHCIState *ohci, uint32_t head, int completion)
return 0;
for (cur = head; cur; cur = next_ed) {
- if (!ohci_read_ed(ohci, cur, &ed)) {
+ if (ohci_read_ed(ohci, cur, &ed)) {
fprintf(stderr, "usb-ohci: ED read error at %x\n", cur);
+ ohci_die(ohci);
return 0;
}
@@ -1147,6 +1210,8 @@ static int ohci_service_ed_list(OHCIState *ohci, uint32_t head, int completion)
if (ohci->async_td && addr == ohci->async_td) {
usb_cancel_packet(&ohci->usb_packet);
ohci->async_td = 0;
+ usb_device_ep_stopped(ohci->usb_packet.ep->dev,
+ ohci->usb_packet.ep);
}
continue;
}
@@ -1174,7 +1239,10 @@ static int ohci_service_ed_list(OHCIState *ohci, uint32_t head, int completion)
}
}
- ohci_put_ed(ohci, cur, &ed);
+ if (ohci_put_ed(ohci, cur, &ed)) {
+ ohci_die(ohci);
+ return 0;
+ }
}
return active;
@@ -1216,7 +1284,11 @@ static void ohci_frame_boundary(void *opaque)
OHCIState *ohci = opaque;
struct ohci_hcca hcca;
- ohci_read_hcca(ohci, ohci->hcca, &hcca);
+ if (ohci_read_hcca(ohci, ohci->hcca, &hcca)) {
+ fprintf(stderr, "usb-ohci: HCCA read error at %x\n", ohci->hcca);
+ ohci_die(ohci);
+ return;
+ }
/* Process all the lists at the end of the frame */
if (ohci->ctl & OHCI_CTL_PLE) {
@@ -1227,14 +1299,21 @@ static void ohci_frame_boundary(void *opaque)
}
/* Cancel all pending packets if either of the lists has been disabled. */
- if (ohci->async_td &&
- ohci->old_ctl & (~ohci->ctl) & (OHCI_CTL_BLE | OHCI_CTL_CLE)) {
- usb_cancel_packet(&ohci->usb_packet);
- ohci->async_td = 0;
+ if (ohci->old_ctl & (~ohci->ctl) & (OHCI_CTL_BLE | OHCI_CTL_CLE)) {
+ if (ohci->async_td) {
+ usb_cancel_packet(&ohci->usb_packet);
+ ohci->async_td = 0;
+ }
+ ohci_stop_endpoints(ohci);
}
ohci->old_ctl = ohci->ctl;
ohci_process_lists(ohci, 0);
+ /* Stop if UnrecoverableError happened or ohci_sof will crash */
+ if (ohci->intr_status & OHCI_INTR_UE) {
+ return;
+ }
+
/* Frame boundary, so do EOF stuf here */
ohci->frt = ohci->fit;
@@ -1260,7 +1339,9 @@ static void ohci_frame_boundary(void *opaque)
ohci_sof(ohci);
/* Writeback HCCA */
- ohci_put_hcca(ohci, ohci->hcca, &hcca);
+ if (ohci_put_hcca(ohci, ohci->hcca, &hcca)) {
+ ohci_die(ohci);
+ }
}
/* Start sending SOF tokens across the USB bus, lists are processed in
@@ -1274,7 +1355,7 @@ static int ohci_bus_start(OHCIState *ohci)
if (ohci->eof_timer == NULL) {
fprintf(stderr, "usb-ohci: %s: qemu_new_timer_ns failed\n", ohci->name);
- /* TODO: Signal unrecoverable error */
+ ohci_die(ohci);
return 0;
}
@@ -1714,6 +1795,7 @@ static void ohci_mem_write(void *opaque,
/* PXA27x specific registers */
case 24: /* HcStatus */
ohci->hstatus &= ~(val & ohci->hmask);
+ break;
case 25: /* HcHReset */
ohci->hreset = val & ~OHCI_HRESET_FSBIR;
@@ -1765,11 +1847,11 @@ static USBBusOps ohci_bus_ops = {
static int usb_ohci_init(OHCIState *ohci, DeviceState *dev,
int num_ports, dma_addr_t localmem_base,
char *masterbus, uint32_t firstport,
- DMAContext *dma)
+ AddressSpace *as)
{
int i;
- ohci->dma = dma;
+ ohci->as = as;
if (usb_frame_time == 0) {
#ifdef OHCI_TIME_WARP
@@ -1807,7 +1889,8 @@ static int usb_ohci_init(OHCIState *ohci, DeviceState *dev,
}
}
- memory_region_init_io(&ohci->mem, &ohci_mem_ops, ohci, "ohci", 256);
+ memory_region_init_io(&ohci->mem, OBJECT(dev), &ohci_mem_ops,
+ ohci, "ohci", 256);
ohci->localmem_base = localmem_base;
ohci->name = object_get_typename(OBJECT(dev));
@@ -1819,51 +1902,77 @@ static int usb_ohci_init(OHCIState *ohci, DeviceState *dev,
return 0;
}
+#define TYPE_PCI_OHCI "pci-ohci"
+#define PCI_OHCI(obj) OBJECT_CHECK(OHCIPCIState, (obj), TYPE_PCI_OHCI)
+
typedef struct {
- PCIDevice pci_dev;
+ /*< private >*/
+ PCIDevice parent_obj;
+ /*< public >*/
+
OHCIState state;
char *masterbus;
uint32_t num_ports;
uint32_t firstport;
} OHCIPCIState;
-static int usb_ohci_initfn_pci(struct PCIDevice *dev)
+/** A typical O/EHCI will stop operating, set itself into error state
+ * (which can be queried by MMIO) and will set PERR in its config
+ * space to signal that it got an error
+ */
+static void ohci_die(OHCIState *ohci)
+{
+ OHCIPCIState *dev = container_of(ohci, OHCIPCIState, state);
+
+ fprintf(stderr, "%s: DMA error\n", __func__);
+
+ ohci_set_interrupt(ohci, OHCI_INTR_UE);
+ ohci_bus_stop(ohci);
+ pci_set_word(dev->parent_obj.config + PCI_STATUS,
+ PCI_STATUS_DETECTED_PARITY);
+}
+
+static int usb_ohci_initfn_pci(PCIDevice *dev)
{
- OHCIPCIState *ohci = DO_UPCAST(OHCIPCIState, pci_dev, dev);
+ OHCIPCIState *ohci = PCI_OHCI(dev);
- ohci->pci_dev.config[PCI_CLASS_PROG] = 0x10; /* OHCI */
- ohci->pci_dev.config[PCI_INTERRUPT_PIN] = 0x01; /* interrupt pin A */
+ dev->config[PCI_CLASS_PROG] = 0x10; /* OHCI */
+ dev->config[PCI_INTERRUPT_PIN] = 0x01; /* interrupt pin A */
- if (usb_ohci_init(&ohci->state, &dev->qdev, ohci->num_ports, 0,
+ if (usb_ohci_init(&ohci->state, DEVICE(dev), ohci->num_ports, 0,
ohci->masterbus, ohci->firstport,
- pci_dma_context(dev)) != 0) {
+ pci_get_address_space(dev)) != 0) {
return -1;
}
- ohci->state.irq = ohci->pci_dev.irq[0];
+ ohci->state.irq = dev->irq[0];
- /* TODO: avoid cast below by using dev */
- pci_register_bar(&ohci->pci_dev, 0, 0, &ohci->state.mem);
+ pci_register_bar(dev, 0, 0, &ohci->state.mem);
return 0;
}
+#define TYPE_SYSBUS_OHCI "sysbus-ohci"
+#define SYSBUS_OHCI(obj) OBJECT_CHECK(OHCISysBusState, (obj), TYPE_SYSBUS_OHCI)
+
typedef struct {
- SysBusDevice busdev;
+ /*< private >*/
+ SysBusDevice parent_obj;
+ /*< public >*/
+
OHCIState ohci;
uint32_t num_ports;
dma_addr_t dma_offset;
} OHCISysBusState;
-static int ohci_init_pxa(SysBusDevice *dev)
+static void ohci_realize_pxa(DeviceState *dev, Error **errp)
{
- OHCISysBusState *s = FROM_SYSBUS(OHCISysBusState, dev);
+ OHCISysBusState *s = SYSBUS_OHCI(dev);
+ SysBusDevice *sbd = SYS_BUS_DEVICE(dev);
/* Cannot fail as we pass NULL for masterbus */
- usb_ohci_init(&s->ohci, &dev->qdev, s->num_ports, s->dma_offset, NULL, 0,
- &dma_context_memory);
- sysbus_init_irq(dev, &s->ohci.irq);
- sysbus_init_mmio(dev, &s->ohci.mem);
-
- return 0;
+ usb_ohci_init(&s->ohci, dev, s->num_ports, s->dma_offset, NULL, 0,
+ &address_space_memory);
+ sysbus_init_irq(sbd, &s->ohci.irq);
+ sysbus_init_mmio(sbd, &s->ohci.mem);
}
static Property ohci_pci_properties[] = {
@@ -1883,12 +1992,13 @@ static void ohci_pci_class_init(ObjectClass *klass, void *data)
k->device_id = PCI_DEVICE_ID_APPLE_IPID_USB;
k->class_id = PCI_CLASS_SERIAL_USB;
k->no_hotplug = 1;
+ set_bit(DEVICE_CATEGORY_USB, dc->categories);
dc->desc = "Apple USB Controller";
dc->props = ohci_pci_properties;
}
-static TypeInfo ohci_pci_info = {
- .name = "pci-ohci",
+static const TypeInfo ohci_pci_info = {
+ .name = TYPE_PCI_OHCI,
.parent = TYPE_PCI_DEVICE,
.instance_size = sizeof(OHCIPCIState),
.class_init = ohci_pci_class_init,
@@ -1903,15 +2013,15 @@ static Property ohci_sysbus_properties[] = {
static void ohci_sysbus_class_init(ObjectClass *klass, void *data)
{
DeviceClass *dc = DEVICE_CLASS(klass);
- SysBusDeviceClass *sbc = SYS_BUS_DEVICE_CLASS(klass);
- sbc->init = ohci_init_pxa;
+ dc->realize = ohci_realize_pxa;
+ set_bit(DEVICE_CATEGORY_USB, dc->categories);
dc->desc = "OHCI USB Controller";
dc->props = ohci_sysbus_properties;
}
-static TypeInfo ohci_sysbus_info = {
- .name = "sysbus-ohci",
+static const TypeInfo ohci_sysbus_info = {
+ .name = TYPE_SYSBUS_OHCI,
.parent = TYPE_SYS_BUS_DEVICE,
.instance_size = sizeof(OHCISysBusState),
.class_init = ohci_sysbus_class_init,
diff --git a/hw/usb/hcd-uhci.c b/hw/usb/hcd-uhci.c
index d053791de..ac8283313 100644
--- a/hw/usb/hcd-uhci.c
+++ b/hw/usb/hcd-uhci.c
@@ -27,10 +27,10 @@
*/
#include "hw/hw.h"
#include "hw/usb.h"
-#include "hw/pci.h"
-#include "qemu-timer.h"
-#include "iov.h"
-#include "dma.h"
+#include "hw/pci/pci.h"
+#include "qemu/timer.h"
+#include "qemu/iov.h"
+#include "sysemu/dma.h"
#include "trace.h"
//#define DEBUG
@@ -75,6 +75,11 @@
#define FRAME_MAX_LOOPS 256
+/* Must be large enough to handle 10 frame delay for initial isoc requests */
+#define QH_VALID 32
+
+#define MAX_FRAMES_PER_TICK (QH_VALID / 2)
+
#define NB_PORTS 2
enum {
@@ -114,7 +119,8 @@ struct UHCIPCIDeviceClass {
struct UHCIAsync {
USBPacket packet;
- QEMUSGList sgl;
+ uint8_t static_buf[64]; /* 64 bytes is enough, except for isoc packets */
+ uint8_t *buf;
UHCIQueue *queue;
QTAILQ_ENTRY(UHCIAsync) next;
uint32_t td_addr;
@@ -166,6 +172,7 @@ struct UHCIState {
/* Properties */
char *masterbus;
uint32_t firstport;
+ uint32_t maxframes;
};
typedef struct UHCI_TD {
@@ -182,6 +189,7 @@ typedef struct UHCI_QH {
static void uhci_async_cancel(UHCIAsync *async);
static void uhci_queue_fill(UHCIQueue *q, UHCI_TD *td);
+static void uhci_resume(void *opaque);
static inline int32_t uhci_queue_token(UHCI_TD *td)
{
@@ -206,9 +214,7 @@ static UHCIQueue *uhci_queue_new(UHCIState *s, uint32_t qh_addr, UHCI_TD *td,
queue->ep = ep;
QTAILQ_INIT(&queue->asyncs);
QTAILQ_INSERT_HEAD(&s->queues, queue, next);
- /* valid needs to be large enough to handle 10 frame delay
- * for initial isochronous requests */
- queue->valid = 32;
+ queue->valid = QH_VALID;
trace_usb_uhci_queue_add(queue->token);
return queue;
}
@@ -222,6 +228,7 @@ static void uhci_queue_free(UHCIQueue *queue, const char *reason)
async = QTAILQ_FIRST(&queue->asyncs);
uhci_async_cancel(async);
}
+ usb_device_ep_stopped(queue->ep->dev, queue->ep);
trace_usb_uhci_queue_del(queue->token, reason);
QTAILQ_REMOVE(&s->queues, queue, next);
@@ -259,7 +266,6 @@ static UHCIAsync *uhci_async_alloc(UHCIQueue *queue, uint32_t td_addr)
async->queue = queue;
async->td_addr = td_addr;
usb_packet_init(&async->packet);
- pci_dma_sglist_init(&async->sgl, &queue->uhci->dev, 1);
trace_usb_uhci_packet_add(async->queue->token, async->td_addr);
return async;
@@ -269,7 +275,9 @@ static void uhci_async_free(UHCIAsync *async)
{
trace_usb_uhci_packet_del(async->queue->token, async->td_addr);
usb_packet_cleanup(&async->packet);
- qemu_sglist_destroy(&async->sgl);
+ if (async->buf != async->static_buf) {
+ g_free(async->buf);
+ }
g_free(async);
}
@@ -294,7 +302,6 @@ static void uhci_async_cancel(UHCIAsync *async)
async->done);
if (!async->done)
usb_cancel_packet(&async->packet);
- usb_packet_unmap(&async->packet, &async->sgl);
uhci_async_free(async);
}
@@ -433,7 +440,7 @@ static int uhci_post_load(void *opaque, int version_id)
static const VMStateDescription vmstate_uhci = {
.name = "uhci",
- .version_id = 2,
+ .version_id = 3,
.minimum_version_id = 1,
.minimum_version_id_old = 1,
.post_load = uhci_post_load,
@@ -451,44 +458,16 @@ static const VMStateDescription vmstate_uhci = {
VMSTATE_UINT8(status2, UHCIState),
VMSTATE_TIMER(frame_timer, UHCIState),
VMSTATE_INT64_V(expire_time, UHCIState, 2),
+ VMSTATE_UINT32_V(pending_int_mask, UHCIState, 3),
VMSTATE_END_OF_LIST()
}
};
-static void uhci_ioport_writeb(void *opaque, uint32_t addr, uint32_t val)
-{
- UHCIState *s = opaque;
-
- addr &= 0x1f;
- switch(addr) {
- case 0x0c:
- s->sof_timing = val;
- break;
- }
-}
-
-static uint32_t uhci_ioport_readb(void *opaque, uint32_t addr)
+static void uhci_port_write(void *opaque, hwaddr addr,
+ uint64_t val, unsigned size)
{
UHCIState *s = opaque;
- uint32_t val;
- addr &= 0x1f;
- switch(addr) {
- case 0x0c:
- val = s->sof_timing;
- break;
- default:
- val = 0xff;
- break;
- }
- return val;
-}
-
-static void uhci_ioport_writew(void *opaque, uint32_t addr, uint32_t val)
-{
- UHCIState *s = opaque;
-
- addr &= 0x1f;
trace_usb_uhci_mmio_writew(addr, val);
switch(addr) {
@@ -498,7 +477,7 @@ static void uhci_ioport_writew(void *opaque, uint32_t addr, uint32_t val)
trace_usb_uhci_schedule_start();
s->expire_time = qemu_get_clock_ns(vm_clock) +
(get_ticks_per_sec() / FRAME_TIMER_FREQ);
- qemu_mod_timer(s->frame_timer, qemu_get_clock_ns(vm_clock));
+ qemu_mod_timer(s->frame_timer, s->expire_time);
s->status &= ~UHCI_STS_HCHALTED;
} else if (!(val & UHCI_CMD_RS)) {
s->status |= UHCI_STS_HCHALTED;
@@ -520,6 +499,12 @@ static void uhci_ioport_writew(void *opaque, uint32_t addr, uint32_t val)
return;
}
s->cmd = val;
+ if (val & UHCI_CMD_EGSM) {
+ if ((s->ports[0].ctrl & UHCI_PORT_RD) ||
+ (s->ports[1].ctrl & UHCI_PORT_RD)) {
+ uhci_resume(s);
+ }
+ }
break;
case 0x02:
s->status &= ~val;
@@ -537,6 +522,17 @@ static void uhci_ioport_writew(void *opaque, uint32_t addr, uint32_t val)
if (s->status & UHCI_STS_HCHALTED)
s->frnum = val & 0x7ff;
break;
+ case 0x08:
+ s->fl_base_addr &= 0xffff0000;
+ s->fl_base_addr |= val & ~0xfff;
+ break;
+ case 0x0a:
+ s->fl_base_addr &= 0x0000ffff;
+ s->fl_base_addr |= (val << 16);
+ break;
+ case 0x0c:
+ s->sof_timing = val & 0xff;
+ break;
case 0x10 ... 0x1f:
{
UHCIPort *port;
@@ -568,12 +564,11 @@ static void uhci_ioport_writew(void *opaque, uint32_t addr, uint32_t val)
}
}
-static uint32_t uhci_ioport_readw(void *opaque, uint32_t addr)
+static uint64_t uhci_port_read(void *opaque, hwaddr addr, unsigned size)
{
UHCIState *s = opaque;
uint32_t val;
- addr &= 0x1f;
switch(addr) {
case 0x00:
val = s->cmd;
@@ -587,6 +582,15 @@ static uint32_t uhci_ioport_readw(void *opaque, uint32_t addr)
case 0x06:
val = s->frnum;
break;
+ case 0x08:
+ val = s->fl_base_addr & 0xffff;
+ break;
+ case 0x0a:
+ val = (s->fl_base_addr >> 16) & 0xffff;
+ break;
+ case 0x0c:
+ val = s->sof_timing;
+ break;
case 0x10 ... 0x1f:
{
UHCIPort *port;
@@ -609,38 +613,6 @@ static uint32_t uhci_ioport_readw(void *opaque, uint32_t addr)
return val;
}
-static void uhci_ioport_writel(void *opaque, uint32_t addr, uint32_t val)
-{
- UHCIState *s = opaque;
-
- addr &= 0x1f;
- trace_usb_uhci_mmio_writel(addr, val);
-
- switch(addr) {
- case 0x08:
- s->fl_base_addr = val & ~0xfff;
- break;
- }
-}
-
-static uint32_t uhci_ioport_readl(void *opaque, uint32_t addr)
-{
- UHCIState *s = opaque;
- uint32_t val;
-
- addr &= 0x1f;
- switch(addr) {
- case 0x08:
- val = s->fl_base_addr;
- break;
- default:
- val = 0xffffffff;
- break;
- }
- trace_usb_uhci_mmio_readl(addr, val);
- return val;
-}
-
/* signal resume if controller suspended */
static void uhci_resume (void *opaque)
{
@@ -810,6 +782,7 @@ static int uhci_complete_td(UHCIState *s, UHCI_TD *td, UHCIAsync *async, uint32_
*int_mask |= 0x01;
if (pid == USB_TOKEN_IN) {
+ pci_dma_write(&s->dev, td->buffer, async->buf, len);
if ((td->ctrl & TD_CTRL_SPD) && len < max_len) {
*int_mask |= 0x02;
/* short packet: do not update QH */
@@ -853,7 +826,7 @@ static int uhci_handle_td(UHCIState *s, UHCIQueue *q, uint32_t qh_addr,
}
if (q) {
- q->valid = 32;
+ q->valid = QH_VALID;
}
/* Is active ? */
@@ -915,14 +888,19 @@ static int uhci_handle_td(UHCIState *s, UHCIQueue *q, uint32_t qh_addr,
max_len = ((td->token >> 21) + 1) & 0x7ff;
spd = (pid == USB_TOKEN_IN && (td->ctrl & TD_CTRL_SPD) != 0);
- usb_packet_setup(&async->packet, pid, q->ep, td_addr, spd,
+ usb_packet_setup(&async->packet, pid, q->ep, 0, td_addr, spd,
(td->ctrl & TD_CTRL_IOC) != 0);
- qemu_sglist_add(&async->sgl, td->buffer, max_len);
- usb_packet_map(&async->packet, &async->sgl);
+ if (max_len <= sizeof(async->static_buf)) {
+ async->buf = async->static_buf;
+ } else {
+ async->buf = g_malloc(max_len);
+ }
+ usb_packet_addbuf(&async->packet, async->buf, max_len);
switch(pid) {
case USB_TOKEN_OUT:
case USB_TOKEN_SETUP:
+ pci_dma_read(&s->dev, td->buffer, async->buf, max_len);
usb_handle_packet(q->ep->dev, &async->packet);
if (async->packet.status == USB_RET_SUCCESS) {
async->packet.actual_length = max_len;
@@ -935,7 +913,6 @@ static int uhci_handle_td(UHCIState *s, UHCIQueue *q, uint32_t qh_addr,
default:
/* invalid pid : frame interrupted */
- usb_packet_unmap(&async->packet, &async->sgl);
uhci_async_free(async);
s->status |= UHCI_STS_HCPERR;
uhci_update_irq(s);
@@ -952,7 +929,6 @@ static int uhci_handle_td(UHCIState *s, UHCIQueue *q, uint32_t qh_addr,
done:
ret = uhci_complete_td(s, td, async, int_mask);
- usb_packet_unmap(&async->packet, &async->sgl);
uhci_async_free(async);
return ret;
}
@@ -1174,10 +1150,10 @@ static void uhci_bh(void *opaque)
static void uhci_frame_timer(void *opaque)
{
UHCIState *s = opaque;
+ uint64_t t_now, t_last_run;
+ int i, frames;
+ const uint64_t frame_t = get_ticks_per_sec() / FRAME_TIMER_FREQ;
- /* prepare the timer for the next frame */
- s->expire_time += (get_ticks_per_sec() / FRAME_TIMER_FREQ);
- s->frame_bytes = 0;
s->completions_only = false;
qemu_bh_cancel(s->bh);
@@ -1191,7 +1167,35 @@ static void uhci_frame_timer(void *opaque)
return;
}
- /* Complete the previous frame */
+ /* We still store expire_time in our state, for migration */
+ t_last_run = s->expire_time - frame_t;
+ t_now = qemu_get_clock_ns(vm_clock);
+
+ /* Process up to MAX_FRAMES_PER_TICK frames */
+ frames = (t_now - t_last_run) / frame_t;
+ if (frames > s->maxframes) {
+ int skipped = frames - s->maxframes;
+ s->expire_time += skipped * frame_t;
+ s->frnum = (s->frnum + skipped) & 0x7ff;
+ frames -= skipped;
+ }
+ if (frames > MAX_FRAMES_PER_TICK) {
+ frames = MAX_FRAMES_PER_TICK;
+ }
+
+ for (i = 0; i < frames; i++) {
+ s->frame_bytes = 0;
+ trace_usb_uhci_frame_start(s->frnum);
+ uhci_async_validate_begin(s);
+ uhci_process_frame(s);
+ uhci_async_validate_end(s);
+ /* The spec says frnum is the frame currently being processed, and
+ * the guest must look at frnum - 1 on interrupt, so inc frnum now */
+ s->frnum = (s->frnum + 1) & 0x7ff;
+ s->expire_time += frame_t;
+ }
+
+ /* Complete the previous frame(s) */
if (s->pending_int_mask) {
s->status2 |= s->pending_int_mask;
s->status |= UHCI_STS_USBINT;
@@ -1199,32 +1203,17 @@ static void uhci_frame_timer(void *opaque)
}
s->pending_int_mask = 0;
- /* Start new frame */
- s->frnum = (s->frnum + 1) & 0x7ff;
-
- trace_usb_uhci_frame_start(s->frnum);
-
- uhci_async_validate_begin(s);
-
- uhci_process_frame(s);
-
- uhci_async_validate_end(s);
-
- qemu_mod_timer(s->frame_timer, s->expire_time);
+ qemu_mod_timer(s->frame_timer, t_now + frame_t);
}
-static const MemoryRegionPortio uhci_portio[] = {
- { 0, 32, 2, .write = uhci_ioport_writew, },
- { 0, 32, 2, .read = uhci_ioport_readw, },
- { 0, 32, 4, .write = uhci_ioport_writel, },
- { 0, 32, 4, .read = uhci_ioport_readl, },
- { 0, 32, 1, .write = uhci_ioport_writeb, },
- { 0, 32, 1, .read = uhci_ioport_readb, },
- PORTIO_END_OF_LIST()
-};
-
static const MemoryRegionOps uhci_ioport_ops = {
- .old_portio = uhci_portio,
+ .read = uhci_port_read,
+ .write = uhci_port_write,
+ .valid.min_access_size = 1,
+ .valid.max_access_size = 4,
+ .impl.min_access_size = 2,
+ .impl.max_access_size = 2,
+ .endianness = DEVICE_LITTLE_ENDIAN,
};
static USBPortOps uhci_port_ops = {
@@ -1277,7 +1266,9 @@ static int usb_uhci_common_initfn(PCIDevice *dev)
qemu_register_reset(uhci_reset, s);
- memory_region_init_io(&s->io_bar, &uhci_ioport_ops, s, "uhci", 0x20);
+ memory_region_init_io(&s->io_bar, OBJECT(s), &uhci_ioport_ops, s,
+ "uhci", 0x20);
+
/* Use region 4 for consistency with real hardware. BSD guests seem
to rely on this. */
pci_register_bar(&s->dev, 4, PCI_BASE_ADDRESS_SPACE_IO, &s->io_bar);
@@ -1311,6 +1302,7 @@ static Property uhci_properties[] = {
DEFINE_PROP_STRING("masterbus", UHCIState, masterbus),
DEFINE_PROP_UINT32("firstport", UHCIState, firstport, 0),
DEFINE_PROP_UINT32("bandwidth", UHCIState, frame_bandwidth, 1280),
+ DEFINE_PROP_UINT32("maxframes", UHCIState, maxframes, 128),
DEFINE_PROP_END_OF_LIST(),
};
@@ -1330,6 +1322,7 @@ static void uhci_class_init(ObjectClass *klass, void *data)
k->no_hotplug = 1;
dc->vmsd = &vmstate_uhci;
dc->props = uhci_properties;
+ set_bit(DEVICE_CATEGORY_USB, dc->categories);
u->info = *info;
}
diff --git a/hw/usb/hcd-xhci.c b/hw/usb/hcd-xhci.c
index efb509e42..58c88b8a6 100644
--- a/hw/usb/hcd-xhci.c
+++ b/hw/usb/hcd-xhci.c
@@ -19,11 +19,11 @@
* License along with this library; if not, see <http://www.gnu.org/licenses/>.
*/
#include "hw/hw.h"
-#include "qemu-timer.h"
+#include "qemu/timer.h"
#include "hw/usb.h"
-#include "hw/pci.h"
-#include "hw/msi.h"
-#include "hw/msix.h"
+#include "hw/pci/pci.h"
+#include "hw/pci/msi.h"
+#include "hw/pci/msix.h"
#include "trace.h"
//#define DEBUG_XHCI
@@ -34,8 +34,8 @@
#else
#define DPRINTF(...) do {} while (0)
#endif
-#define FIXME() do { fprintf(stderr, "FIXME %s:%d\n", \
- __func__, __LINE__); abort(); } while (0)
+#define FIXME(_msg) do { fprintf(stderr, "FIXME %s:%d %s\n", \
+ __func__, __LINE__, _msg); abort(); } while (0)
#define MAXPORTS_2 15
#define MAXPORTS_3 15
@@ -301,6 +301,8 @@ typedef enum TRBCCode {
#define SLOT_CONTEXT_ENTRIES_SHIFT 27
typedef struct XHCIState XHCIState;
+typedef struct XHCIStreamContext XHCIStreamContext;
+typedef struct XHCIEPContext XHCIEPContext;
#define get_field(data, field) \
(((data) >> field##_SHIFT) & field##_MASK)
@@ -324,7 +326,6 @@ typedef enum EPType {
} EPType;
typedef struct XHCIRing {
- dma_addr_t base;
dma_addr_t dequeue;
bool ccs;
} XHCIRing;
@@ -351,6 +352,7 @@ typedef struct XHCITransfer {
unsigned int iso_pkts;
unsigned int slotid;
unsigned int epid;
+ unsigned int streamid;
bool in_xfer;
bool iso_xfer;
@@ -367,7 +369,14 @@ typedef struct XHCITransfer {
uint64_t mfindex_kick;
} XHCITransfer;
-typedef struct XHCIEPContext {
+struct XHCIStreamContext {
+ dma_addr_t pctx;
+ unsigned int sct;
+ XHCIRing ring;
+ XHCIStreamContext *sstreams;
+};
+
+struct XHCIEPContext {
XHCIState *xhci;
unsigned int slotid;
unsigned int epid;
@@ -382,17 +391,23 @@ typedef struct XHCIEPContext {
unsigned int max_psize;
uint32_t state;
+ /* streams */
+ unsigned int max_pstreams;
+ bool lsa;
+ unsigned int nr_pstreams;
+ XHCIStreamContext *pstreams;
+
/* iso xfer scheduling */
unsigned int interval;
int64_t mfindex_last;
QEMUTimer *kick_timer;
-} XHCIEPContext;
+};
typedef struct XHCISlot {
bool enabled;
+ bool addressed;
dma_addr_t ctx;
USBPort *uport;
- unsigned int devaddr;
XHCIEPContext * eps[31];
} XHCISlot;
@@ -428,7 +443,10 @@ typedef struct XHCIInterrupter {
} XHCIInterrupter;
struct XHCIState {
- PCIDevice pci_dev;
+ /*< private >*/
+ PCIDevice parent_obj;
+ /*< public >*/
+
USBBus bus;
qemu_irq irq;
MemoryRegion mem;
@@ -436,8 +454,6 @@ struct XHCIState {
MemoryRegion mem_oper;
MemoryRegion mem_runtime;
MemoryRegion mem_doorbell;
- const char *name;
- unsigned int devaddr;
/* properties */
uint32_t numports_2;
@@ -469,6 +485,11 @@ struct XHCIState {
XHCIRing cmd_ring;
};
+#define TYPE_XHCI "nec-usb-xhci"
+
+#define XHCI(obj) \
+ OBJECT_CHECK(XHCIState, (obj), TYPE_XHCI)
+
typedef struct XHCIEvRingSeg {
uint32_t addr_low;
uint32_t addr_high;
@@ -482,7 +503,7 @@ enum xhci_flags {
};
static void xhci_kick_ep(XHCIState *xhci, unsigned int slotid,
- unsigned int epid);
+ unsigned int epid, unsigned int streamid);
static TRBCCode xhci_disable_ep(XHCIState *xhci, unsigned int slotid,
unsigned int epid);
static void xhci_event(XHCIState *xhci, XHCIEvent *event, int v);
@@ -641,7 +662,7 @@ static inline void xhci_dma_read_u32s(XHCIState *xhci, dma_addr_t addr,
assert((len % sizeof(uint32_t)) == 0);
- pci_dma_read(&xhci->pci_dev, addr, buf, len);
+ pci_dma_read(PCI_DEVICE(xhci), addr, buf, len);
for (i = 0; i < (len / sizeof(uint32_t)); i++) {
buf[i] = le32_to_cpu(buf[i]);
@@ -659,7 +680,7 @@ static inline void xhci_dma_write_u32s(XHCIState *xhci, dma_addr_t addr,
for (i = 0; i < (len / sizeof(uint32_t)); i++) {
tmp[i] = cpu_to_le32(buf[i]);
}
- pci_dma_write(&xhci->pci_dev, addr, tmp, len);
+ pci_dma_write(PCI_DEVICE(xhci), addr, tmp, len);
}
static XHCIPort *xhci_lookup_port(XHCIState *xhci, struct USBPort *uport)
@@ -686,10 +707,11 @@ static XHCIPort *xhci_lookup_port(XHCIState *xhci, struct USBPort *uport)
static void xhci_intx_update(XHCIState *xhci)
{
+ PCIDevice *pci_dev = PCI_DEVICE(xhci);
int level = 0;
- if (msix_enabled(&xhci->pci_dev) ||
- msi_enabled(&xhci->pci_dev)) {
+ if (msix_enabled(pci_dev) ||
+ msi_enabled(pci_dev)) {
return;
}
@@ -705,9 +727,10 @@ static void xhci_intx_update(XHCIState *xhci)
static void xhci_msix_update(XHCIState *xhci, int v)
{
+ PCIDevice *pci_dev = PCI_DEVICE(xhci);
bool enabled;
- if (!msix_enabled(&xhci->pci_dev)) {
+ if (!msix_enabled(pci_dev)) {
return;
}
@@ -718,17 +741,19 @@ static void xhci_msix_update(XHCIState *xhci, int v)
if (enabled) {
trace_usb_xhci_irq_msix_use(v);
- msix_vector_use(&xhci->pci_dev, v);
+ msix_vector_use(pci_dev, v);
xhci->intr[v].msix_used = true;
} else {
trace_usb_xhci_irq_msix_unuse(v);
- msix_vector_unuse(&xhci->pci_dev, v);
+ msix_vector_unuse(pci_dev, v);
xhci->intr[v].msix_used = false;
}
}
static void xhci_intr_raise(XHCIState *xhci, int v)
{
+ PCIDevice *pci_dev = PCI_DEVICE(xhci);
+
xhci->intr[v].erdp_low |= ERDP_EHB;
xhci->intr[v].iman |= IMAN_IP;
xhci->usbsts |= USBSTS_EINT;
@@ -741,15 +766,15 @@ static void xhci_intr_raise(XHCIState *xhci, int v)
return;
}
- if (msix_enabled(&xhci->pci_dev)) {
+ if (msix_enabled(pci_dev)) {
trace_usb_xhci_irq_msix(v);
- msix_notify(&xhci->pci_dev, v);
+ msix_notify(pci_dev, v);
return;
}
- if (msi_enabled(&xhci->pci_dev)) {
+ if (msi_enabled(pci_dev)) {
trace_usb_xhci_irq_msi(v);
- msi_notify(&xhci->pci_dev, v);
+ msi_notify(pci_dev, v);
return;
}
@@ -772,6 +797,7 @@ static void xhci_die(XHCIState *xhci)
static void xhci_write_event(XHCIState *xhci, XHCIEvent *event, int v)
{
+ PCIDevice *pci_dev = PCI_DEVICE(xhci);
XHCIInterrupter *intr = &xhci->intr[v];
XHCITRB ev_trb;
dma_addr_t addr;
@@ -790,7 +816,7 @@ static void xhci_write_event(XHCIState *xhci, XHCIEvent *event, int v)
ev_trb.status, ev_trb.control);
addr = intr->er_start + TRB_SIZE*intr->er_ep_idx;
- pci_dma_write(&xhci->pci_dev, addr, &ev_trb, TRB_SIZE);
+ pci_dma_write(pci_dev, addr, &ev_trb, TRB_SIZE);
intr->er_ep_idx++;
if (intr->er_ep_idx >= intr->er_size) {
@@ -930,7 +956,6 @@ static void xhci_event(XHCIState *xhci, XHCIEvent *event, int v)
static void xhci_ring_init(XHCIState *xhci, XHCIRing *ring,
dma_addr_t base)
{
- ring->base = base;
ring->dequeue = base;
ring->ccs = 1;
}
@@ -938,9 +963,11 @@ static void xhci_ring_init(XHCIState *xhci, XHCIRing *ring,
static TRBType xhci_ring_fetch(XHCIState *xhci, XHCIRing *ring, XHCITRB *trb,
dma_addr_t *addr)
{
+ PCIDevice *pci_dev = PCI_DEVICE(xhci);
+
while (1) {
TRBType type;
- pci_dma_read(&xhci->pci_dev, ring->dequeue, trb, TRB_SIZE);
+ pci_dma_read(pci_dev, ring->dequeue, trb, TRB_SIZE);
trb->addr = ring->dequeue;
trb->ccs = ring->ccs;
le64_to_cpus(&trb->parameter);
@@ -973,6 +1000,7 @@ static TRBType xhci_ring_fetch(XHCIState *xhci, XHCIRing *ring, XHCITRB *trb,
static int xhci_ring_chain_length(XHCIState *xhci, const XHCIRing *ring)
{
+ PCIDevice *pci_dev = PCI_DEVICE(xhci);
XHCITRB trb;
int length = 0;
dma_addr_t dequeue = ring->dequeue;
@@ -982,7 +1010,7 @@ static int xhci_ring_chain_length(XHCIState *xhci, const XHCIRing *ring)
while (1) {
TRBType type;
- pci_dma_read(&xhci->pci_dev, dequeue, &trb, TRB_SIZE);
+ pci_dma_read(pci_dev, dequeue, &trb, TRB_SIZE);
le64_to_cpus(&trb.parameter);
le32_to_cpus(&trb.status);
le32_to_cpus(&trb.control);
@@ -1034,7 +1062,7 @@ static void xhci_er_reset(XHCIState *xhci, int v)
return;
}
dma_addr_t erstba = xhci_addr64(intr->erstba_low, intr->erstba_high);
- pci_dma_read(&xhci->pci_dev, erstba, &seg, sizeof(seg));
+ pci_dma_read(PCI_DEVICE(xhci), erstba, &seg, sizeof(seg));
le32_to_cpus(&seg.addr_low);
le32_to_cpus(&seg.addr_high);
le32_to_cpus(&seg.size);
@@ -1068,18 +1096,114 @@ static void xhci_stop(XHCIState *xhci)
xhci->crcr_low &= ~CRCR_CRR;
}
+static XHCIStreamContext *xhci_alloc_stream_contexts(unsigned count,
+ dma_addr_t base)
+{
+ XHCIStreamContext *stctx;
+ unsigned int i;
+
+ stctx = g_new0(XHCIStreamContext, count);
+ for (i = 0; i < count; i++) {
+ stctx[i].pctx = base + i * 16;
+ stctx[i].sct = -1;
+ }
+ return stctx;
+}
+
+static void xhci_reset_streams(XHCIEPContext *epctx)
+{
+ unsigned int i;
+
+ for (i = 0; i < epctx->nr_pstreams; i++) {
+ epctx->pstreams[i].sct = -1;
+ g_free(epctx->pstreams[i].sstreams);
+ }
+}
+
+static void xhci_alloc_streams(XHCIEPContext *epctx, dma_addr_t base)
+{
+ assert(epctx->pstreams == NULL);
+ epctx->nr_pstreams = 2 << epctx->max_pstreams;
+ epctx->pstreams = xhci_alloc_stream_contexts(epctx->nr_pstreams, base);
+}
+
+static void xhci_free_streams(XHCIEPContext *epctx)
+{
+ int i;
+
+ assert(epctx->pstreams != NULL);
+
+ if (!epctx->lsa) {
+ for (i = 0; i < epctx->nr_pstreams; i++) {
+ g_free(epctx->pstreams[i].sstreams);
+ }
+ }
+ g_free(epctx->pstreams);
+ epctx->pstreams = NULL;
+ epctx->nr_pstreams = 0;
+}
+
+static XHCIStreamContext *xhci_find_stream(XHCIEPContext *epctx,
+ unsigned int streamid,
+ uint32_t *cc_error)
+{
+ XHCIStreamContext *sctx;
+ dma_addr_t base;
+ uint32_t ctx[2], sct;
+
+ assert(streamid != 0);
+ if (epctx->lsa) {
+ if (streamid >= epctx->nr_pstreams) {
+ *cc_error = CC_INVALID_STREAM_ID_ERROR;
+ return NULL;
+ }
+ sctx = epctx->pstreams + streamid;
+ } else {
+ FIXME("secondary streams not implemented yet");
+ }
+
+ if (sctx->sct == -1) {
+ xhci_dma_read_u32s(epctx->xhci, sctx->pctx, ctx, sizeof(ctx));
+ fprintf(stderr, "%s: init sctx #%d @ " DMA_ADDR_FMT ": %08x %08x\n",
+ __func__, streamid, sctx->pctx, ctx[0], ctx[1]);
+ sct = (ctx[0] >> 1) & 0x07;
+ if (epctx->lsa && sct != 1) {
+ *cc_error = CC_INVALID_STREAM_TYPE_ERROR;
+ return NULL;
+ }
+ sctx->sct = sct;
+ base = xhci_addr64(ctx[0] & ~0xf, ctx[1]);
+ xhci_ring_init(epctx->xhci, &sctx->ring, base);
+ }
+ return sctx;
+}
+
static void xhci_set_ep_state(XHCIState *xhci, XHCIEPContext *epctx,
- uint32_t state)
+ XHCIStreamContext *sctx, uint32_t state)
{
uint32_t ctx[5];
+ uint32_t ctx2[2];
xhci_dma_read_u32s(xhci, epctx->pctx, ctx, sizeof(ctx));
ctx[0] &= ~EP_STATE_MASK;
ctx[0] |= state;
- ctx[2] = epctx->ring.dequeue | epctx->ring.ccs;
- ctx[3] = (epctx->ring.dequeue >> 16) >> 16;
- DPRINTF("xhci: set epctx: " DMA_ADDR_FMT " state=%d dequeue=%08x%08x\n",
- epctx->pctx, state, ctx[3], ctx[2]);
+
+ /* update ring dequeue ptr */
+ if (epctx->nr_pstreams) {
+ if (sctx != NULL) {
+ xhci_dma_read_u32s(xhci, sctx->pctx, ctx2, sizeof(ctx2));
+ ctx2[0] &= 0xe;
+ ctx2[0] |= sctx->ring.dequeue | sctx->ring.ccs;
+ ctx2[1] = (sctx->ring.dequeue >> 16) >> 16;
+ xhci_dma_write_u32s(xhci, sctx->pctx, ctx2, sizeof(ctx2));
+ }
+ } else {
+ ctx[2] = epctx->ring.dequeue | epctx->ring.ccs;
+ ctx[3] = (epctx->ring.dequeue >> 16) >> 16;
+ DPRINTF("xhci: set epctx: " DMA_ADDR_FMT " state=%d dequeue=%08x%08x\n",
+ epctx->pctx, state, ctx[3], ctx[2]);
+ }
+
xhci_dma_write_u32s(xhci, epctx->pctx, ctx, sizeof(ctx));
epctx->state = state;
}
@@ -1087,53 +1211,76 @@ static void xhci_set_ep_state(XHCIState *xhci, XHCIEPContext *epctx,
static void xhci_ep_kick_timer(void *opaque)
{
XHCIEPContext *epctx = opaque;
- xhci_kick_ep(epctx->xhci, epctx->slotid, epctx->epid);
+ xhci_kick_ep(epctx->xhci, epctx->slotid, epctx->epid, 0);
}
-static TRBCCode xhci_enable_ep(XHCIState *xhci, unsigned int slotid,
- unsigned int epid, dma_addr_t pctx,
- uint32_t *ctx)
+static XHCIEPContext *xhci_alloc_epctx(XHCIState *xhci,
+ unsigned int slotid,
+ unsigned int epid)
{
- XHCISlot *slot;
XHCIEPContext *epctx;
- dma_addr_t dequeue;
int i;
- trace_usb_xhci_ep_enable(slotid, epid);
- assert(slotid >= 1 && slotid <= xhci->numslots);
- assert(epid >= 1 && epid <= 31);
-
- slot = &xhci->slots[slotid-1];
- if (slot->eps[epid-1]) {
- xhci_disable_ep(xhci, slotid, epid);
- }
-
- epctx = g_malloc(sizeof(XHCIEPContext));
- memset(epctx, 0, sizeof(XHCIEPContext));
+ epctx = g_new0(XHCIEPContext, 1);
epctx->xhci = xhci;
epctx->slotid = slotid;
epctx->epid = epid;
- slot->eps[epid-1] = epctx;
+ for (i = 0; i < ARRAY_SIZE(epctx->transfers); i++) {
+ usb_packet_init(&epctx->transfers[i].packet);
+ }
+ epctx->kick_timer = qemu_new_timer_ns(vm_clock, xhci_ep_kick_timer, epctx);
+
+ return epctx;
+}
+
+static void xhci_init_epctx(XHCIEPContext *epctx,
+ dma_addr_t pctx, uint32_t *ctx)
+{
+ dma_addr_t dequeue;
dequeue = xhci_addr64(ctx[2] & ~0xf, ctx[3]);
- xhci_ring_init(xhci, &epctx->ring, dequeue);
- epctx->ring.ccs = ctx[2] & 1;
epctx->type = (ctx[1] >> EP_TYPE_SHIFT) & EP_TYPE_MASK;
DPRINTF("xhci: endpoint %d.%d type is %d\n", epid/2, epid%2, epctx->type);
epctx->pctx = pctx;
epctx->max_psize = ctx[1]>>16;
epctx->max_psize *= 1+((ctx[1]>>8)&0xff);
+ epctx->max_pstreams = (ctx[0] >> 10) & 0xf;
+ epctx->lsa = (ctx[0] >> 15) & 1;
DPRINTF("xhci: endpoint %d.%d max transaction (burst) size is %d\n",
epid/2, epid%2, epctx->max_psize);
- for (i = 0; i < ARRAY_SIZE(epctx->transfers); i++) {
- usb_packet_init(&epctx->transfers[i].packet);
+ if (epctx->max_pstreams) {
+ xhci_alloc_streams(epctx, dequeue);
+ } else {
+ xhci_ring_init(epctx->xhci, &epctx->ring, dequeue);
+ epctx->ring.ccs = ctx[2] & 1;
}
epctx->interval = 1 << (ctx[0] >> 16) & 0xff;
+}
+
+static TRBCCode xhci_enable_ep(XHCIState *xhci, unsigned int slotid,
+ unsigned int epid, dma_addr_t pctx,
+ uint32_t *ctx)
+{
+ XHCISlot *slot;
+ XHCIEPContext *epctx;
+
+ trace_usb_xhci_ep_enable(slotid, epid);
+ assert(slotid >= 1 && slotid <= xhci->numslots);
+ assert(epid >= 1 && epid <= 31);
+
+ slot = &xhci->slots[slotid-1];
+ if (slot->eps[epid-1]) {
+ xhci_disable_ep(xhci, slotid, epid);
+ }
+
+ epctx = xhci_alloc_epctx(xhci, slotid, epid);
+ slot->eps[epid-1] = epctx;
+ xhci_init_epctx(epctx, pctx, ctx);
+
epctx->mfindex_last = 0;
- epctx->kick_timer = qemu_new_timer_ns(vm_clock, xhci_ep_kick_timer, epctx);
epctx->state = EP_RUNNING;
ctx[0] &= ~EP_STATE_MASK;
@@ -1177,6 +1324,7 @@ static int xhci_ep_nuke_xfers(XHCIState *xhci, unsigned int slotid,
XHCISlot *slot;
XHCIEPContext *epctx;
int i, xferi, killed = 0;
+ USBEndpoint *ep = NULL;
assert(slotid >= 1 && slotid <= xhci->numslots);
assert(epid >= 1 && epid <= 31);
@@ -1192,9 +1340,16 @@ static int xhci_ep_nuke_xfers(XHCIState *xhci, unsigned int slotid,
xferi = epctx->next_xfer;
for (i = 0; i < TD_QUEUE; i++) {
+ if (epctx->transfers[xferi].packet.ep) {
+ ep = epctx->transfers[xferi].packet.ep;
+ }
killed += xhci_ep_nuke_one_xfer(&epctx->transfers[xferi]);
+ epctx->transfers[xferi].packet.ep = NULL;
xferi = (xferi + 1) % TD_QUEUE;
}
+ if (ep) {
+ usb_device_ep_stopped(ep->dev, ep);
+ }
return killed;
}
@@ -1219,7 +1374,11 @@ static TRBCCode xhci_disable_ep(XHCIState *xhci, unsigned int slotid,
epctx = slot->eps[epid-1];
- xhci_set_ep_state(xhci, epctx, EP_DISABLED);
+ if (epctx->nr_pstreams) {
+ xhci_free_streams(epctx);
+ }
+
+ xhci_set_ep_state(xhci, epctx, NULL, EP_DISABLED);
qemu_free_timer(epctx->kick_timer);
g_free(epctx);
@@ -1256,7 +1415,11 @@ static TRBCCode xhci_stop_ep(XHCIState *xhci, unsigned int slotid,
epctx = slot->eps[epid-1];
- xhci_set_ep_state(xhci, epctx, EP_STOPPED);
+ xhci_set_ep_state(xhci, epctx, NULL, EP_STOPPED);
+
+ if (epctx->nr_pstreams) {
+ xhci_reset_streams(epctx);
+ }
return CC_SUCCESS;
}
@@ -1266,7 +1429,6 @@ static TRBCCode xhci_reset_ep(XHCIState *xhci, unsigned int slotid,
{
XHCISlot *slot;
XHCIEPContext *epctx;
- USBDevice *dev;
trace_usb_xhci_ep_reset(slotid, epid);
assert(slotid >= 1 && slotid <= xhci->numslots);
@@ -1302,21 +1464,27 @@ static TRBCCode xhci_reset_ep(XHCIState *xhci, unsigned int slotid,
ep |= 0x80;
}
- dev = xhci->slots[slotid-1].uport->dev;
- if (!dev) {
+ if (!xhci->slots[slotid-1].uport ||
+ !xhci->slots[slotid-1].uport->dev) {
return CC_USB_TRANSACTION_ERROR;
}
- xhci_set_ep_state(xhci, epctx, EP_STOPPED);
+ xhci_set_ep_state(xhci, epctx, NULL, EP_STOPPED);
+
+ if (epctx->nr_pstreams) {
+ xhci_reset_streams(epctx);
+ }
return CC_SUCCESS;
}
static TRBCCode xhci_set_ep_dequeue(XHCIState *xhci, unsigned int slotid,
- unsigned int epid, uint64_t pdequeue)
+ unsigned int epid, unsigned int streamid,
+ uint64_t pdequeue)
{
XHCISlot *slot;
XHCIEPContext *epctx;
+ XHCIStreamContext *sctx;
dma_addr_t dequeue;
assert(slotid >= 1 && slotid <= xhci->numslots);
@@ -1326,7 +1494,7 @@ static TRBCCode xhci_set_ep_dequeue(XHCIState *xhci, unsigned int slotid,
return CC_TRB_ERROR;
}
- trace_usb_xhci_ep_set_dequeue(slotid, epid, pdequeue);
+ trace_usb_xhci_ep_set_dequeue(slotid, epid, streamid, pdequeue);
dequeue = xhci_mask64(pdequeue);
slot = &xhci->slots[slotid-1];
@@ -1338,16 +1506,26 @@ static TRBCCode xhci_set_ep_dequeue(XHCIState *xhci, unsigned int slotid,
epctx = slot->eps[epid-1];
-
if (epctx->state != EP_STOPPED) {
fprintf(stderr, "xhci: set EP dequeue pointer while EP %d not stopped\n", epid);
return CC_CONTEXT_STATE_ERROR;
}
- xhci_ring_init(xhci, &epctx->ring, dequeue & ~0xF);
- epctx->ring.ccs = dequeue & 1;
+ if (epctx->nr_pstreams) {
+ uint32_t err;
+ sctx = xhci_find_stream(epctx, streamid, &err);
+ if (sctx == NULL) {
+ return err;
+ }
+ xhci_ring_init(xhci, &sctx->ring, dequeue & ~0xf);
+ sctx->ring.ccs = dequeue & 1;
+ } else {
+ sctx = NULL;
+ xhci_ring_init(xhci, &epctx->ring, dequeue & ~0xF);
+ epctx->ring.ccs = dequeue & 1;
+ }
- xhci_set_ep_state(xhci, epctx, EP_STOPPED);
+ xhci_set_ep_state(xhci, epctx, sctx, EP_STOPPED);
return CC_SUCCESS;
}
@@ -1358,7 +1536,7 @@ static int xhci_xfer_create_sgl(XHCITransfer *xfer, int in_xfer)
int i;
xfer->int_req = false;
- pci_dma_sglist_init(&xfer->sgl, &xhci->pci_dev, xfer->trb_count);
+ pci_dma_sglist_init(&xfer->sgl, PCI_DEVICE(xhci), xfer->trb_count);
for (i = 0; i < xfer->trb_count; i++) {
XHCITRB *trb = &xfer->trbs[i];
dma_addr_t addr;
@@ -1476,12 +1654,22 @@ static void xhci_stall_ep(XHCITransfer *xfer)
XHCIState *xhci = xfer->xhci;
XHCISlot *slot = &xhci->slots[xfer->slotid-1];
XHCIEPContext *epctx = slot->eps[xfer->epid-1];
+ uint32_t err;
+ XHCIStreamContext *sctx;
- epctx->ring.dequeue = xfer->trbs[0].addr;
- epctx->ring.ccs = xfer->trbs[0].ccs;
- xhci_set_ep_state(xhci, epctx, EP_HALTED);
- DPRINTF("xhci: stalled slot %d ep %d\n", xfer->slotid, xfer->epid);
- DPRINTF("xhci: will continue at "DMA_ADDR_FMT"\n", epctx->ring.dequeue);
+ if (epctx->nr_pstreams) {
+ sctx = xhci_find_stream(epctx, xfer->streamid, &err);
+ if (sctx == NULL) {
+ return;
+ }
+ sctx->ring.dequeue = xfer->trbs[0].addr;
+ sctx->ring.ccs = xfer->trbs[0].ccs;
+ xhci_set_ep_state(xhci, epctx, sctx, EP_HALTED);
+ } else {
+ epctx->ring.dequeue = xfer->trbs[0].addr;
+ epctx->ring.ccs = xfer->trbs[0].ccs;
+ xhci_set_ep_state(xhci, epctx, NULL, EP_HALTED);
+ }
}
static int xhci_submit(XHCIState *xhci, XHCITransfer *xfer,
@@ -1510,8 +1698,8 @@ static int xhci_setup_packet(XHCITransfer *xfer)
}
xhci_xfer_create_sgl(xfer, dir == USB_TOKEN_IN); /* Also sets int_req */
- usb_packet_setup(&xfer->packet, dir, ep, xfer->trbs[0].addr, false,
- xfer->int_req);
+ usb_packet_setup(&xfer->packet, dir, ep, xfer->streamid,
+ xfer->trbs[0].addr, false, xfer->int_req);
usb_packet_map(&xfer->packet, &xfer->sgl);
DPRINTF("xhci: setup packet pid 0x%x addr %d ep %d\n",
xfer->packet.pid, dev->addr, ep->nr);
@@ -1552,6 +1740,7 @@ static int xhci_complete_packet(XHCITransfer *xfer)
trace_usb_xhci_xfer_error(xfer, xfer->packet.status);
switch (xfer->packet.status) {
case USB_RET_NODEV:
+ case USB_RET_IOERROR:
xfer->status = CC_USB_TRANSACTION_ERROR;
xhci_xfer_report(xfer);
xhci_stall_ep(xfer);
@@ -1561,10 +1750,15 @@ static int xhci_complete_packet(XHCITransfer *xfer)
xhci_xfer_report(xfer);
xhci_stall_ep(xfer);
break;
+ case USB_RET_BABBLE:
+ xfer->status = CC_BABBLE_DETECTED;
+ xhci_xfer_report(xfer);
+ xhci_stall_ep(xfer);
+ break;
default:
fprintf(stderr, "%s: FIXME: status = %d\n", __func__,
xfer->packet.status);
- FIXME();
+ FIXME("unhandled USB_RET_*");
}
return 0;
}
@@ -1577,7 +1771,7 @@ static int xhci_fire_ctl_transfer(XHCIState *xhci, XHCITransfer *xfer)
trb_setup = &xfer->trbs[0];
trb_status = &xfer->trbs[xfer->trb_count-1];
- trace_usb_xhci_xfer_start(xfer, xfer->slotid, xfer->epid);
+ trace_usb_xhci_xfer_start(xfer, xfer->slotid, xfer->epid, xfer->streamid);
/* at most one Event Data TRB allowed after STATUS */
if (TRB_TYPE(*trb_status) == TR_EVDATA && xfer->trb_count > 2) {
@@ -1619,7 +1813,7 @@ static int xhci_fire_ctl_transfer(XHCIState *xhci, XHCITransfer *xfer)
xhci_complete_packet(xfer);
if (!xfer->running_async && !xfer->running_retry) {
- xhci_kick_ep(xhci, xfer->slotid, xfer->epid);
+ xhci_kick_ep(xhci, xfer->slotid, xfer->epid, 0);
}
return 0;
}
@@ -1702,26 +1896,29 @@ static int xhci_submit(XHCIState *xhci, XHCITransfer *xfer, XHCIEPContext *epctx
xhci_complete_packet(xfer);
if (!xfer->running_async && !xfer->running_retry) {
- xhci_kick_ep(xhci, xfer->slotid, xfer->epid);
+ xhci_kick_ep(xhci, xfer->slotid, xfer->epid, xfer->streamid);
}
return 0;
}
static int xhci_fire_transfer(XHCIState *xhci, XHCITransfer *xfer, XHCIEPContext *epctx)
{
- trace_usb_xhci_xfer_start(xfer, xfer->slotid, xfer->epid);
+ trace_usb_xhci_xfer_start(xfer, xfer->slotid, xfer->epid, xfer->streamid);
return xhci_submit(xhci, xfer, epctx);
}
-static void xhci_kick_ep(XHCIState *xhci, unsigned int slotid, unsigned int epid)
+static void xhci_kick_ep(XHCIState *xhci, unsigned int slotid,
+ unsigned int epid, unsigned int streamid)
{
+ XHCIStreamContext *stctx;
XHCIEPContext *epctx;
+ XHCIRing *ring;
USBEndpoint *ep = NULL;
uint64_t mfindex;
int length;
int i;
- trace_usb_xhci_ep_kick(slotid, epid);
+ trace_usb_xhci_ep_kick(slotid, epid, streamid);
assert(slotid >= 1 && slotid <= xhci->numslots);
assert(epid >= 1 && epid <= 31);
@@ -1774,14 +1971,28 @@ static void xhci_kick_ep(XHCIState *xhci, unsigned int slotid, unsigned int epid
return;
}
- xhci_set_ep_state(xhci, epctx, EP_RUNNING);
+
+ if (epctx->nr_pstreams) {
+ uint32_t err;
+ stctx = xhci_find_stream(epctx, streamid, &err);
+ if (stctx == NULL) {
+ return;
+ }
+ ring = &stctx->ring;
+ xhci_set_ep_state(xhci, epctx, stctx, EP_RUNNING);
+ } else {
+ ring = &epctx->ring;
+ streamid = 0;
+ xhci_set_ep_state(xhci, epctx, NULL, EP_RUNNING);
+ }
+ assert(ring->dequeue != 0);
while (1) {
XHCITransfer *xfer = &epctx->transfers[epctx->next_xfer];
if (xfer->running_async || xfer->running_retry) {
break;
}
- length = xhci_ring_chain_length(xhci, &epctx->ring);
+ length = xhci_ring_chain_length(xhci, ring);
if (length < 0) {
break;
} else if (length == 0) {
@@ -1800,11 +2011,12 @@ static void xhci_kick_ep(XHCIState *xhci, unsigned int slotid, unsigned int epid
xfer->trb_count = length;
for (i = 0; i < length; i++) {
- assert(xhci_ring_fetch(xhci, &epctx->ring, &xfer->trbs[i], NULL));
+ assert(xhci_ring_fetch(xhci, ring, &xfer->trbs[i], NULL));
}
xfer->xhci = xhci;
xfer->epid = epid;
xfer->slotid = slotid;
+ xfer->streamid = streamid;
if (epid == 1) {
if (xhci_fire_ctl_transfer(xhci, xfer) >= 0) {
@@ -1863,6 +2075,7 @@ static TRBCCode xhci_disable_slot(XHCIState *xhci, unsigned int slotid)
}
xhci->slots[slotid-1].enabled = 0;
+ xhci->slots[slotid-1].addressed = 0;
return CC_SUCCESS;
}
@@ -1909,7 +2122,7 @@ static TRBCCode xhci_address_slot(XHCIState *xhci, unsigned int slotid,
assert(slotid >= 1 && slotid <= xhci->numslots);
dcbaap = xhci_addr64(xhci->dcbaap_low, xhci->dcbaap_high);
- poctx = ldq_le_pci_dma(&xhci->pci_dev, dcbaap + 8*slotid);
+ poctx = ldq_le_pci_dma(PCI_DEVICE(xhci), dcbaap + 8 * slotid);
ictx = xhci_mask64(pictx);
octx = xhci_mask64(poctx);
@@ -1963,13 +2176,20 @@ static TRBCCode xhci_address_slot(XHCIState *xhci, unsigned int slotid,
if (bsr) {
slot_ctx[3] = SLOT_DEFAULT << SLOT_STATE_SHIFT;
} else {
- slot->devaddr = xhci->devaddr++;
- slot_ctx[3] = (SLOT_ADDRESSED << SLOT_STATE_SHIFT) | slot->devaddr;
- DPRINTF("xhci: device address is %d\n", slot->devaddr);
+ USBPacket p;
+ uint8_t buf[1];
+
+ slot_ctx[3] = (SLOT_ADDRESSED << SLOT_STATE_SHIFT) | slotid;
usb_device_reset(dev);
- usb_device_handle_control(dev, NULL,
+ memset(&p, 0, sizeof(p));
+ usb_packet_addbuf(&p, buf, sizeof(buf));
+ usb_packet_setup(&p, USB_TOKEN_OUT,
+ usb_ep_get(dev, USB_TOKEN_OUT, 0), 0,
+ 0, false, false);
+ usb_device_handle_control(dev, &p,
DeviceOutRequest | USB_REQ_SET_ADDRESS,
- slot->devaddr, 0, 0, NULL);
+ slotid, 0, 0, NULL);
+ assert(p.status != USB_RET_ASYNC);
}
res = xhci_enable_ep(xhci, slotid, 1, octx+32, ep0_ctx);
@@ -1982,6 +2202,7 @@ static TRBCCode xhci_address_slot(XHCIState *xhci, unsigned int slotid,
xhci_dma_write_u32s(xhci, octx, slot_ctx, sizeof(slot_ctx));
xhci_dma_write_u32s(xhci, octx+32, ep0_ctx, sizeof(ep0_ctx));
+ xhci->slots[slotid-1].addressed = 1;
return res;
}
@@ -2186,6 +2407,28 @@ static unsigned int xhci_get_slot(XHCIState *xhci, XHCIEvent *event, XHCITRB *tr
return slotid;
}
+/* cleanup slot state on usb device detach */
+static void xhci_detach_slot(XHCIState *xhci, USBPort *uport)
+{
+ int slot, ep;
+
+ for (slot = 0; slot < xhci->numslots; slot++) {
+ if (xhci->slots[slot].uport == uport) {
+ break;
+ }
+ }
+ if (slot == xhci->numslots) {
+ return;
+ }
+
+ for (ep = 0; ep < 31; ep++) {
+ if (xhci->slots[slot].eps[ep]) {
+ xhci_ep_nuke_xfers(xhci, slot+1, ep+1);
+ }
+ }
+ xhci->slots[slot].uport = NULL;
+}
+
static TRBCCode xhci_get_port_bandwidth(XHCIState *xhci, uint64_t pctx)
{
dma_addr_t ctx;
@@ -2200,7 +2443,7 @@ static TRBCCode xhci_get_port_bandwidth(XHCIState *xhci, uint64_t pctx)
/* TODO: actually implement real values here */
bw_ctx[0] = 0;
memset(&bw_ctx[1], 80, xhci->numports); /* 80% */
- pci_dma_write(&xhci->pci_dev, ctx, bw_ctx, sizeof(bw_ctx));
+ pci_dma_write(PCI_DEVICE(xhci), ctx, bw_ctx, sizeof(bw_ctx));
return CC_SUCCESS;
}
@@ -2223,11 +2466,12 @@ static uint32_t xhci_nec_challenge(uint32_t hi, uint32_t lo)
static void xhci_via_challenge(XHCIState *xhci, uint64_t addr)
{
+ PCIDevice *pci_dev = PCI_DEVICE(xhci);
uint32_t buf[8];
uint32_t obuf[8];
dma_addr_t paddr = xhci_mask64(addr);
- pci_dma_read(&xhci->pci_dev, paddr, &buf, 32);
+ pci_dma_read(pci_dev, paddr, &buf, 32);
memcpy(obuf, buf, sizeof(obuf));
@@ -2243,7 +2487,7 @@ static void xhci_via_challenge(XHCIState *xhci, uint64_t addr)
obuf[7] = obuf[2] ^ obuf[3] ^ 0x65866593;
}
- pci_dma_write(&xhci->pci_dev, paddr, &obuf, 32);
+ pci_dma_write(pci_dev, paddr, &obuf, 32);
}
static void xhci_process_commands(XHCIState *xhci)
@@ -2326,7 +2570,9 @@ static void xhci_process_commands(XHCIState *xhci)
if (slotid) {
unsigned int epid = (trb.control >> TRB_CR_EPID_SHIFT)
& TRB_CR_EPID_MASK;
- event.ccode = xhci_set_ep_dequeue(xhci, slotid, epid,
+ unsigned int streamid = (trb.status >> 16) & 0xffff;
+ event.ccode = xhci_set_ep_dequeue(xhci, slotid,
+ epid, streamid,
trb.parameter);
}
break;
@@ -2358,7 +2604,7 @@ static void xhci_process_commands(XHCIState *xhci)
}
break;
default:
- fprintf(stderr, "xhci: unimplemented command %d\n", type);
+ trace_usb_xhci_unimplemented("command", type);
event.ccode = CC_TRB_ERROR;
break;
}
@@ -2386,6 +2632,7 @@ static void xhci_port_notify(XHCIPort *port, uint32_t bits)
if ((port->portsc & bits) == bits) {
return;
}
+ trace_usb_xhci_port_notify(port->portnr, bits);
port->portsc |= bits;
if (!xhci_running(port->xhci)) {
return;
@@ -2425,7 +2672,7 @@ static void xhci_port_update(XHCIPort *port, int is_detach)
xhci_port_notify(port, PORTSC_CSC);
}
-static void xhci_port_reset(XHCIPort *port)
+static void xhci_port_reset(XHCIPort *port, bool warm_reset)
{
trace_usb_xhci_port_reset(port->portnr);
@@ -2436,6 +2683,11 @@ static void xhci_port_reset(XHCIPort *port)
usb_device_reset(port->uport->dev);
switch (port->uport->dev->speed) {
+ case USB_SPEED_SUPER:
+ if (warm_reset) {
+ port->portsc |= PORTSC_WRC;
+ }
+ /* fall through */
case USB_SPEED_LOW:
case USB_SPEED_FULL:
case USB_SPEED_HIGH:
@@ -2451,7 +2703,7 @@ static void xhci_port_reset(XHCIPort *port)
static void xhci_reset(DeviceState *dev)
{
- XHCIState *xhci = DO_UPCAST(XHCIState, pci_dev.qdev, dev);
+ XHCIState *xhci = XHCI(dev);
int i;
trace_usb_xhci_reset();
@@ -2467,7 +2719,6 @@ static void xhci_reset(DeviceState *dev)
xhci->dcbaap_low = 0;
xhci->dcbaap_high = 0;
xhci->config = 0;
- xhci->devaddr = 2;
for (i = 0; i < xhci->numslots; i++) {
xhci_disable_slot(xhci, i+1);
@@ -2519,9 +2770,9 @@ static uint64_t xhci_cap_read(void *ptr, hwaddr reg, unsigned size)
break;
case 0x10: /* HCCPARAMS */
if (sizeof(dma_addr_t) == 4) {
- ret = 0x00081000;
+ ret = 0x00087000;
} else {
- ret = 0x00081001;
+ ret = 0x00087001;
}
break;
case 0x14: /* DBOFF */
@@ -2557,7 +2808,7 @@ static uint64_t xhci_cap_read(void *ptr, hwaddr reg, unsigned size)
ret = 0x00000000; /* reserved */
break;
default:
- fprintf(stderr, "xhci_cap_read: reg %d unimplemented\n", (int)reg);
+ trace_usb_xhci_unimplemented("cap read", reg);
ret = 0;
}
@@ -2580,8 +2831,7 @@ static uint64_t xhci_port_read(void *ptr, hwaddr reg, unsigned size)
break;
case 0x0c: /* reserved */
default:
- fprintf(stderr, "xhci_port_read (port %d): reg 0x%x unimplemented\n",
- port->portnr, (uint32_t)reg);
+ trace_usb_xhci_unimplemented("port read", reg);
ret = 0;
}
@@ -2593,36 +2843,66 @@ static void xhci_port_write(void *ptr, hwaddr reg,
uint64_t val, unsigned size)
{
XHCIPort *port = ptr;
- uint32_t portsc;
+ uint32_t portsc, notify;
trace_usb_xhci_port_write(port->portnr, reg, val);
switch (reg) {
case 0x00: /* PORTSC */
+ /* write-1-to-start bits */
+ if (val & PORTSC_WPR) {
+ xhci_port_reset(port, true);
+ break;
+ }
+ if (val & PORTSC_PR) {
+ xhci_port_reset(port, false);
+ break;
+ }
+
portsc = port->portsc;
+ notify = 0;
/* write-1-to-clear bits*/
portsc &= ~(val & (PORTSC_CSC|PORTSC_PEC|PORTSC_WRC|PORTSC_OCC|
PORTSC_PRC|PORTSC_PLC|PORTSC_CEC));
if (val & PORTSC_LWS) {
/* overwrite PLS only when LWS=1 */
- uint32_t pls = get_field(val, PORTSC_PLS);
- set_field(&portsc, pls, PORTSC_PLS);
- trace_usb_xhci_port_link(port->portnr, pls);
+ uint32_t old_pls = get_field(port->portsc, PORTSC_PLS);
+ uint32_t new_pls = get_field(val, PORTSC_PLS);
+ switch (new_pls) {
+ case PLS_U0:
+ if (old_pls != PLS_U0) {
+ set_field(&portsc, new_pls, PORTSC_PLS);
+ trace_usb_xhci_port_link(port->portnr, new_pls);
+ notify = PORTSC_PLC;
+ }
+ break;
+ case PLS_U3:
+ if (old_pls < PLS_U3) {
+ set_field(&portsc, new_pls, PORTSC_PLS);
+ trace_usb_xhci_port_link(port->portnr, new_pls);
+ }
+ break;
+ case PLS_RESUME:
+ /* windows does this for some reason, don't spam stderr */
+ break;
+ default:
+ fprintf(stderr, "%s: ignore pls write (old %d, new %d)\n",
+ __func__, old_pls, new_pls);
+ break;
+ }
}
/* read/write bits */
portsc &= ~(PORTSC_PP|PORTSC_WCE|PORTSC_WDE|PORTSC_WOE);
portsc |= (val & (PORTSC_PP|PORTSC_WCE|PORTSC_WDE|PORTSC_WOE));
port->portsc = portsc;
- /* write-1-to-start bits */
- if (val & PORTSC_PR) {
- xhci_port_reset(port);
+ if (notify) {
+ xhci_port_notify(port, notify);
}
break;
case 0x04: /* PORTPMSC */
case 0x08: /* PORTLI */
default:
- fprintf(stderr, "xhci_port_write (port %d): reg 0x%x unimplemented\n",
- port->portnr, (uint32_t)reg);
+ trace_usb_xhci_unimplemented("port write", reg);
}
}
@@ -2660,7 +2940,7 @@ static uint64_t xhci_oper_read(void *ptr, hwaddr reg, unsigned size)
ret = xhci->config;
break;
default:
- fprintf(stderr, "xhci_oper_read: reg 0x%x unimplemented\n", (int)reg);
+ trace_usb_xhci_unimplemented("oper read", reg);
ret = 0;
}
@@ -2672,6 +2952,7 @@ static void xhci_oper_write(void *ptr, hwaddr reg,
uint64_t val, unsigned size)
{
XHCIState *xhci = ptr;
+ DeviceState *d = DEVICE(ptr);
trace_usb_xhci_oper_write(reg, val);
@@ -2685,7 +2966,7 @@ static void xhci_oper_write(void *ptr, hwaddr reg,
xhci->usbcmd = val & 0xc0f;
xhci_mfwrap_update(xhci);
if (val & USBCMD_HCRST) {
- xhci_reset(&xhci->pci_dev.qdev);
+ xhci_reset(d);
}
xhci_intx_update(xhci);
break;
@@ -2725,7 +3006,7 @@ static void xhci_oper_write(void *ptr, hwaddr reg,
xhci->config = val & 0xff;
break;
default:
- fprintf(stderr, "xhci_oper_write: reg 0x%x unimplemented\n", (int)reg);
+ trace_usb_xhci_unimplemented("oper write", reg);
}
}
@@ -2741,8 +3022,7 @@ static uint64_t xhci_runtime_read(void *ptr, hwaddr reg,
ret = xhci_mfindex_get(xhci) & 0x3fff;
break;
default:
- fprintf(stderr, "xhci_runtime_read: reg 0x%x unimplemented\n",
- (int)reg);
+ trace_usb_xhci_unimplemented("runtime read", reg);
break;
}
} else {
@@ -2786,7 +3066,7 @@ static void xhci_runtime_write(void *ptr, hwaddr reg,
trace_usb_xhci_runtime_write(reg, val);
if (reg < 0x20) {
- fprintf(stderr, "%s: reg 0x%x unimplemented\n", __func__, (int)reg);
+ trace_usb_xhci_unimplemented("runtime write", reg);
return;
}
@@ -2828,8 +3108,7 @@ static void xhci_runtime_write(void *ptr, hwaddr reg,
xhci_events_update(xhci, v);
break;
default:
- fprintf(stderr, "xhci_oper_write: reg 0x%x unimplemented\n",
- (int)reg);
+ trace_usb_xhci_unimplemented("oper write", reg);
}
}
@@ -2845,6 +3124,7 @@ static void xhci_doorbell_write(void *ptr, hwaddr reg,
uint64_t val, unsigned size)
{
XHCIState *xhci = ptr;
+ unsigned int epid, streamid;
trace_usb_xhci_doorbell_write(reg, val);
@@ -2863,19 +3143,28 @@ static void xhci_doorbell_write(void *ptr, hwaddr reg,
(uint32_t)val);
}
} else {
+ epid = val & 0xff;
+ streamid = (val >> 16) & 0xffff;
if (reg > xhci->numslots) {
fprintf(stderr, "xhci: bad doorbell %d\n", (int)reg);
- } else if (val > 31) {
+ } else if (epid > 31) {
fprintf(stderr, "xhci: bad doorbell %d write: 0x%x\n",
(int)reg, (uint32_t)val);
} else {
- xhci_kick_ep(xhci, reg, val);
+ xhci_kick_ep(xhci, reg, epid, streamid);
}
}
}
+static void xhci_cap_write(void *opaque, hwaddr addr, uint64_t val,
+ unsigned width)
+{
+ /* nothing */
+}
+
static const MemoryRegionOps xhci_cap_ops = {
.read = xhci_cap_read,
+ .write = xhci_cap_write,
.valid.min_access_size = 1,
.valid.max_access_size = 4,
.impl.min_access_size = 4,
@@ -2928,6 +3217,7 @@ static void xhci_detach(USBPort *usbport)
XHCIState *xhci = usbport->opaque;
XHCIPort *port = xhci_lookup_port(xhci, usbport);
+ xhci_detach_slot(xhci, usbport);
xhci_port_update(port, 1);
}
@@ -2952,20 +3242,15 @@ static void xhci_complete(USBPort *port, USBPacket *packet)
return;
}
xhci_complete_packet(xfer);
- xhci_kick_ep(xfer->xhci, xfer->slotid, xfer->epid);
+ xhci_kick_ep(xfer->xhci, xfer->slotid, xfer->epid, xfer->streamid);
}
static void xhci_child_detach(USBPort *uport, USBDevice *child)
{
USBBus *bus = usb_bus_from_device(child);
XHCIState *xhci = container_of(bus, XHCIState, bus);
- int i;
- for (i = 0; i < xhci->numslots; i++) {
- if (xhci->slots[i].uport == uport) {
- xhci->slots[i].uport = NULL;
- }
- }
+ xhci_detach_slot(xhci, uport);
}
static USBPortOps xhci_uport_ops = {
@@ -2976,20 +3261,6 @@ static USBPortOps xhci_uport_ops = {
.child_detach = xhci_child_detach,
};
-static int xhci_find_slotid(XHCIState *xhci, USBDevice *dev)
-{
- XHCISlot *slot;
- int slotid;
-
- for (slotid = 1; slotid <= xhci->numslots; slotid++) {
- slot = &xhci->slots[slotid-1];
- if (slot->devaddr == dev->addr) {
- return slotid;
- }
- }
- return 0;
-}
-
static int xhci_find_epid(USBEndpoint *ep)
{
if (ep->nr == 0) {
@@ -3002,26 +3273,28 @@ static int xhci_find_epid(USBEndpoint *ep)
}
}
-static void xhci_wakeup_endpoint(USBBus *bus, USBEndpoint *ep)
+static void xhci_wakeup_endpoint(USBBus *bus, USBEndpoint *ep,
+ unsigned int stream)
{
XHCIState *xhci = container_of(bus, XHCIState, bus);
int slotid;
DPRINTF("%s\n", __func__);
- slotid = xhci_find_slotid(xhci, ep->dev);
+ slotid = ep->dev->addr;
if (slotid == 0 || !xhci->slots[slotid-1].enabled) {
DPRINTF("%s: oops, no slot for dev %d\n", __func__, ep->dev->addr);
return;
}
- xhci_kick_ep(xhci, slotid, xhci_find_epid(ep));
+ xhci_kick_ep(xhci, slotid, xhci_find_epid(ep), stream);
}
static USBBusOps xhci_bus_ops = {
.wakeup_endpoint = xhci_wakeup_endpoint,
};
-static void usb_xhci_init(XHCIState *xhci, DeviceState *dev)
+static void usb_xhci_init(XHCIState *xhci)
{
+ DeviceState *dev = DEVICE(xhci);
XHCIPort *port;
int i, usbports, speedmask;
@@ -3036,7 +3309,7 @@ static void usb_xhci_init(XHCIState *xhci, DeviceState *dev)
usbports = MAX(xhci->numports_2, xhci->numports_3);
xhci->numports = xhci->numports_2 + xhci->numports_3;
- usb_bus_new(&xhci->bus, &xhci_bus_ops, &xhci->pci_dev.qdev);
+ usb_bus_new(&xhci->bus, &xhci_bus_ops, dev);
for (i = 0; i < usbports; i++) {
speedmask = 0;
@@ -3068,18 +3341,21 @@ static int usb_xhci_initfn(struct PCIDevice *dev)
{
int i, ret;
- XHCIState *xhci = DO_UPCAST(XHCIState, pci_dev, dev);
+ XHCIState *xhci = XHCI(dev);
- xhci->pci_dev.config[PCI_CLASS_PROG] = 0x30; /* xHCI */
- xhci->pci_dev.config[PCI_INTERRUPT_PIN] = 0x01; /* interrupt pin 1 */
- xhci->pci_dev.config[PCI_CACHE_LINE_SIZE] = 0x10;
- xhci->pci_dev.config[0x60] = 0x30; /* release number */
+ dev->config[PCI_CLASS_PROG] = 0x30; /* xHCI */
+ dev->config[PCI_INTERRUPT_PIN] = 0x01; /* interrupt pin 1 */
+ dev->config[PCI_CACHE_LINE_SIZE] = 0x10;
+ dev->config[0x60] = 0x30; /* release number */
- usb_xhci_init(xhci, &dev->qdev);
+ usb_xhci_init(xhci);
if (xhci->numintrs > MAXINTRS) {
xhci->numintrs = MAXINTRS;
}
+ while (xhci->numintrs & (xhci->numintrs - 1)) { /* ! power of 2 */
+ xhci->numintrs++;
+ }
if (xhci->numintrs < 1) {
xhci->numintrs = 1;
}
@@ -3092,16 +3368,16 @@ static int usb_xhci_initfn(struct PCIDevice *dev)
xhci->mfwrap_timer = qemu_new_timer_ns(vm_clock, xhci_mfwrap_timer, xhci);
- xhci->irq = xhci->pci_dev.irq[0];
+ xhci->irq = dev->irq[0];
- memory_region_init(&xhci->mem, "xhci", LEN_REGS);
- memory_region_init_io(&xhci->mem_cap, &xhci_cap_ops, xhci,
+ memory_region_init(&xhci->mem, OBJECT(xhci), "xhci", LEN_REGS);
+ memory_region_init_io(&xhci->mem_cap, OBJECT(xhci), &xhci_cap_ops, xhci,
"capabilities", LEN_CAP);
- memory_region_init_io(&xhci->mem_oper, &xhci_oper_ops, xhci,
+ memory_region_init_io(&xhci->mem_oper, OBJECT(xhci), &xhci_oper_ops, xhci,
"operational", 0x400);
- memory_region_init_io(&xhci->mem_runtime, &xhci_runtime_ops, xhci,
+ memory_region_init_io(&xhci->mem_runtime, OBJECT(xhci), &xhci_runtime_ops, xhci,
"runtime", LEN_RUNTIME);
- memory_region_init_io(&xhci->mem_doorbell, &xhci_doorbell_ops, xhci,
+ memory_region_init_io(&xhci->mem_doorbell, OBJECT(xhci), &xhci_doorbell_ops, xhci,
"doorbell", LEN_DOORBELL);
memory_region_add_subregion(&xhci->mem, 0, &xhci->mem_cap);
@@ -3113,23 +3389,23 @@ static int usb_xhci_initfn(struct PCIDevice *dev)
XHCIPort *port = &xhci->ports[i];
uint32_t offset = OFF_OPER + 0x400 + 0x10 * i;
port->xhci = xhci;
- memory_region_init_io(&port->mem, &xhci_port_ops, port,
+ memory_region_init_io(&port->mem, OBJECT(xhci), &xhci_port_ops, port,
port->name, 0x10);
memory_region_add_subregion(&xhci->mem, offset, &port->mem);
}
- pci_register_bar(&xhci->pci_dev, 0,
+ pci_register_bar(dev, 0,
PCI_BASE_ADDRESS_SPACE_MEMORY|PCI_BASE_ADDRESS_MEM_TYPE_64,
&xhci->mem);
- ret = pcie_cap_init(&xhci->pci_dev, 0xa0, PCI_EXP_TYPE_ENDPOINT, 0);
+ ret = pcie_endpoint_cap_init(dev, 0xa0);
assert(ret >= 0);
if (xhci->flags & (1 << XHCI_FLAG_USE_MSI)) {
- msi_init(&xhci->pci_dev, 0x70, xhci->numintrs, true, false);
+ msi_init(dev, 0x70, xhci->numintrs, true, false);
}
if (xhci->flags & (1 << XHCI_FLAG_USE_MSI_X)) {
- msix_init(&xhci->pci_dev, xhci->numintrs,
+ msix_init(dev, xhci->numintrs,
&xhci->mem, 0, OFF_MSIX_TABLE,
&xhci->mem, 0, OFF_MSIX_PBA,
0x90);
@@ -3138,9 +3414,172 @@ static int usb_xhci_initfn(struct PCIDevice *dev)
return 0;
}
+static int usb_xhci_post_load(void *opaque, int version_id)
+{
+ XHCIState *xhci = opaque;
+ PCIDevice *pci_dev = PCI_DEVICE(xhci);
+ XHCISlot *slot;
+ XHCIEPContext *epctx;
+ dma_addr_t dcbaap, pctx;
+ uint32_t slot_ctx[4];
+ uint32_t ep_ctx[5];
+ int slotid, epid, state, intr;
+
+ dcbaap = xhci_addr64(xhci->dcbaap_low, xhci->dcbaap_high);
+
+ for (slotid = 1; slotid <= xhci->numslots; slotid++) {
+ slot = &xhci->slots[slotid-1];
+ if (!slot->addressed) {
+ continue;
+ }
+ slot->ctx =
+ xhci_mask64(ldq_le_pci_dma(pci_dev, dcbaap + 8 * slotid));
+ xhci_dma_read_u32s(xhci, slot->ctx, slot_ctx, sizeof(slot_ctx));
+ slot->uport = xhci_lookup_uport(xhci, slot_ctx);
+ assert(slot->uport && slot->uport->dev);
+
+ for (epid = 1; epid <= 32; epid++) {
+ pctx = slot->ctx + 32 * epid;
+ xhci_dma_read_u32s(xhci, pctx, ep_ctx, sizeof(ep_ctx));
+ state = ep_ctx[0] & EP_STATE_MASK;
+ if (state == EP_DISABLED) {
+ continue;
+ }
+ epctx = xhci_alloc_epctx(xhci, slotid, epid);
+ slot->eps[epid-1] = epctx;
+ xhci_init_epctx(epctx, pctx, ep_ctx);
+ epctx->state = state;
+ if (state == EP_RUNNING) {
+ /* kick endpoint after vmload is finished */
+ qemu_mod_timer(epctx->kick_timer, qemu_get_clock_ns(vm_clock));
+ }
+ }
+ }
+
+ for (intr = 0; intr < xhci->numintrs; intr++) {
+ if (xhci->intr[intr].msix_used) {
+ msix_vector_use(pci_dev, intr);
+ } else {
+ msix_vector_unuse(pci_dev, intr);
+ }
+ }
+
+ return 0;
+}
+
+static const VMStateDescription vmstate_xhci_ring = {
+ .name = "xhci-ring",
+ .version_id = 1,
+ .fields = (VMStateField[]) {
+ VMSTATE_UINT64(dequeue, XHCIRing),
+ VMSTATE_BOOL(ccs, XHCIRing),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+static const VMStateDescription vmstate_xhci_port = {
+ .name = "xhci-port",
+ .version_id = 1,
+ .fields = (VMStateField[]) {
+ VMSTATE_UINT32(portsc, XHCIPort),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+static const VMStateDescription vmstate_xhci_slot = {
+ .name = "xhci-slot",
+ .version_id = 1,
+ .fields = (VMStateField[]) {
+ VMSTATE_BOOL(enabled, XHCISlot),
+ VMSTATE_BOOL(addressed, XHCISlot),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+static const VMStateDescription vmstate_xhci_event = {
+ .name = "xhci-event",
+ .version_id = 1,
+ .fields = (VMStateField[]) {
+ VMSTATE_UINT32(type, XHCIEvent),
+ VMSTATE_UINT32(ccode, XHCIEvent),
+ VMSTATE_UINT64(ptr, XHCIEvent),
+ VMSTATE_UINT32(length, XHCIEvent),
+ VMSTATE_UINT32(flags, XHCIEvent),
+ VMSTATE_UINT8(slotid, XHCIEvent),
+ VMSTATE_UINT8(epid, XHCIEvent),
+ }
+};
+
+static bool xhci_er_full(void *opaque, int version_id)
+{
+ struct XHCIInterrupter *intr = opaque;
+ return intr->er_full;
+}
+
+static const VMStateDescription vmstate_xhci_intr = {
+ .name = "xhci-intr",
+ .version_id = 1,
+ .fields = (VMStateField[]) {
+ /* registers */
+ VMSTATE_UINT32(iman, XHCIInterrupter),
+ VMSTATE_UINT32(imod, XHCIInterrupter),
+ VMSTATE_UINT32(erstsz, XHCIInterrupter),
+ VMSTATE_UINT32(erstba_low, XHCIInterrupter),
+ VMSTATE_UINT32(erstba_high, XHCIInterrupter),
+ VMSTATE_UINT32(erdp_low, XHCIInterrupter),
+ VMSTATE_UINT32(erdp_high, XHCIInterrupter),
+
+ /* state */
+ VMSTATE_BOOL(msix_used, XHCIInterrupter),
+ VMSTATE_BOOL(er_pcs, XHCIInterrupter),
+ VMSTATE_UINT64(er_start, XHCIInterrupter),
+ VMSTATE_UINT32(er_size, XHCIInterrupter),
+ VMSTATE_UINT32(er_ep_idx, XHCIInterrupter),
+
+ /* event queue (used if ring is full) */
+ VMSTATE_BOOL(er_full, XHCIInterrupter),
+ VMSTATE_UINT32_TEST(ev_buffer_put, XHCIInterrupter, xhci_er_full),
+ VMSTATE_UINT32_TEST(ev_buffer_get, XHCIInterrupter, xhci_er_full),
+ VMSTATE_STRUCT_ARRAY_TEST(ev_buffer, XHCIInterrupter, EV_QUEUE,
+ xhci_er_full, 1,
+ vmstate_xhci_event, XHCIEvent),
+
+ VMSTATE_END_OF_LIST()
+ }
+};
+
static const VMStateDescription vmstate_xhci = {
.name = "xhci",
- .unmigratable = 1,
+ .version_id = 1,
+ .post_load = usb_xhci_post_load,
+ .fields = (VMStateField[]) {
+ VMSTATE_PCIE_DEVICE(parent_obj, XHCIState),
+ VMSTATE_MSIX(parent_obj, XHCIState),
+
+ VMSTATE_STRUCT_VARRAY_UINT32(ports, XHCIState, numports, 1,
+ vmstate_xhci_port, XHCIPort),
+ VMSTATE_STRUCT_VARRAY_UINT32(slots, XHCIState, numslots, 1,
+ vmstate_xhci_slot, XHCISlot),
+ VMSTATE_STRUCT_VARRAY_UINT32(intr, XHCIState, numintrs, 1,
+ vmstate_xhci_intr, XHCIInterrupter),
+
+ /* Operational Registers */
+ VMSTATE_UINT32(usbcmd, XHCIState),
+ VMSTATE_UINT32(usbsts, XHCIState),
+ VMSTATE_UINT32(dnctrl, XHCIState),
+ VMSTATE_UINT32(crcr_low, XHCIState),
+ VMSTATE_UINT32(crcr_high, XHCIState),
+ VMSTATE_UINT32(dcbaap_low, XHCIState),
+ VMSTATE_UINT32(dcbaap_high, XHCIState),
+ VMSTATE_UINT32(config, XHCIState),
+
+ /* Runtime Registers & state */
+ VMSTATE_INT64(mfindex_start, XHCIState),
+ VMSTATE_TIMER(mfwrap_timer, XHCIState),
+ VMSTATE_STRUCT(cmd_ring, XHCIState, 1, vmstate_xhci_ring, XHCIRing),
+
+ VMSTATE_END_OF_LIST()
+ }
};
static Property xhci_properties[] = {
@@ -3161,6 +3600,7 @@ static void xhci_class_init(ObjectClass *klass, void *data)
dc->vmsd = &vmstate_xhci;
dc->props = xhci_properties;
dc->reset = xhci_reset;
+ set_bit(DEVICE_CATEGORY_USB, dc->categories);
k->init = usb_xhci_initfn;
k->vendor_id = PCI_VENDOR_ID_NEC;
k->device_id = PCI_DEVICE_ID_NEC_UPD720200;
@@ -3170,8 +3610,8 @@ static void xhci_class_init(ObjectClass *klass, void *data)
k->no_hotplug = 1;
}
-static TypeInfo xhci_info = {
- .name = "nec-usb-xhci",
+static const TypeInfo xhci_info = {
+ .name = TYPE_XHCI,
.parent = TYPE_PCI_DEVICE,
.instance_size = sizeof(XHCIState),
.class_init = xhci_class_init,
diff --git a/hw/usb/host-bsd.c b/hw/usb/host-bsd.c
index 6473e8b74..39f22810b 100644
--- a/hw/usb/host-bsd.c
+++ b/hw/usb/host-bsd.c
@@ -25,7 +25,7 @@
*/
#include "qemu-common.h"
-#include "monitor.h"
+#include "monitor/monitor.h"
#include "hw/usb.h"
/* usb.h declares these */
@@ -292,6 +292,7 @@ static void usb_host_handle_destroy(USBDevice *opaque)
static int usb_host_initfn(USBDevice *dev)
{
+ dev->flags |= (1 << USB_DEV_FLAG_IS_HOST);
return 0;
}
@@ -406,7 +407,7 @@ static void usb_host_class_initfn(ObjectClass *klass, void *data)
uc->handle_destroy = usb_host_handle_destroy;
}
-static TypeInfo usb_host_dev_info = {
+static const TypeInfo usb_host_dev_info = {
.name = "usb-host",
.parent = TYPE_USB_DEVICE,
.instance_size = sizeof(USBHostDevice),
@@ -632,13 +633,7 @@ static int usb_host_info_device(void *opaque,
return 0;
}
-void usb_host_info(Monitor *mon)
+void usb_host_info(Monitor *mon, const QDict *qdict)
{
usb_host_scan(mon, usb_host_info_device);
}
-
-/* XXX add this */
-int usb_host_device_close(const char *devname)
-{
- return 0;
-}
diff --git a/hw/usb/host-legacy.c b/hw/usb/host-legacy.c
new file mode 100644
index 000000000..3a5f70572
--- /dev/null
+++ b/hw/usb/host-legacy.c
@@ -0,0 +1,144 @@
+/*
+ * Linux host USB redirector
+ *
+ * Copyright (c) 2005 Fabrice Bellard
+ *
+ * Copyright (c) 2008 Max Krasnyansky
+ * Support for host device auto connect & disconnect
+ * Major rewrite to support fully async operation
+ *
+ * Copyright 2008 TJ <linux@tjworld.net>
+ * Added flexible support for /dev/bus/usb /sys/bus/usb/devices in addition
+ * to the legacy /proc/bus/usb USB device discovery and handling
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+#include "qemu-common.h"
+#include "hw/usb.h"
+#include "hw/usb/host.h"
+
+/*
+ * Autoconnect filter
+ * Format:
+ * auto:bus:dev[:vid:pid]
+ * auto:bus.dev[:vid:pid]
+ *
+ * bus - bus number (dec, * means any)
+ * dev - device number (dec, * means any)
+ * vid - vendor id (hex, * means any)
+ * pid - product id (hex, * means any)
+ *
+ * See 'lsusb' output.
+ */
+static int parse_filter(const char *spec, struct USBAutoFilter *f)
+{
+ enum { BUS, DEV, VID, PID, DONE };
+ const char *p = spec;
+ int i;
+
+ f->bus_num = 0;
+ f->addr = 0;
+ f->vendor_id = 0;
+ f->product_id = 0;
+
+ for (i = BUS; i < DONE; i++) {
+ p = strpbrk(p, ":.");
+ if (!p) {
+ break;
+ }
+ p++;
+
+ if (*p == '*') {
+ continue;
+ }
+ switch (i) {
+ case BUS:
+ f->bus_num = strtol(p, NULL, 10);
+ break;
+ case DEV:
+ f->addr = strtol(p, NULL, 10);
+ break;
+ case VID:
+ f->vendor_id = strtol(p, NULL, 16);
+ break;
+ case PID:
+ f->product_id = strtol(p, NULL, 16);
+ break;
+ }
+ }
+
+ if (i < DEV) {
+ fprintf(stderr, "husb: invalid auto filter spec %s\n", spec);
+ return -1;
+ }
+
+ return 0;
+}
+
+USBDevice *usb_host_device_open(USBBus *bus, const char *devname)
+{
+ struct USBAutoFilter filter;
+ USBDevice *dev;
+ char *p;
+
+ dev = usb_create(bus, "usb-host");
+
+ if (strstr(devname, "auto:")) {
+ if (parse_filter(devname, &filter) < 0) {
+ goto fail;
+ }
+ } else {
+ p = strchr(devname, '.');
+ if (p) {
+ filter.bus_num = strtoul(devname, NULL, 0);
+ filter.addr = strtoul(p + 1, NULL, 0);
+ filter.vendor_id = 0;
+ filter.product_id = 0;
+ } else {
+ p = strchr(devname, ':');
+ if (p) {
+ filter.bus_num = 0;
+ filter.addr = 0;
+ filter.vendor_id = strtoul(devname, NULL, 16);
+ filter.product_id = strtoul(p + 1, NULL, 16);
+ } else {
+ goto fail;
+ }
+ }
+ }
+
+ qdev_prop_set_uint32(&dev->qdev, "hostbus", filter.bus_num);
+ qdev_prop_set_uint32(&dev->qdev, "hostaddr", filter.addr);
+ qdev_prop_set_uint32(&dev->qdev, "vendorid", filter.vendor_id);
+ qdev_prop_set_uint32(&dev->qdev, "productid", filter.product_id);
+ qdev_init_nofail(&dev->qdev);
+ return dev;
+
+fail:
+ qdev_free(&dev->qdev);
+ return NULL;
+}
+
+static void usb_host_register_types(void)
+{
+ usb_legacy_register("usb-host", "host", usb_host_device_open);
+}
+
+type_init(usb_host_register_types)
diff --git a/hw/usb/host-libusb.c b/hw/usb/host-libusb.c
new file mode 100644
index 000000000..f66077007
--- /dev/null
+++ b/hw/usb/host-libusb.c
@@ -0,0 +1,1528 @@
+/*
+ * Linux host USB redirector
+ *
+ * Copyright (c) 2005 Fabrice Bellard
+ *
+ * Copyright (c) 2008 Max Krasnyansky
+ * Support for host device auto connect & disconnect
+ * Major rewrite to support fully async operation
+ *
+ * Copyright 2008 TJ <linux@tjworld.net>
+ * Added flexible support for /dev/bus/usb /sys/bus/usb/devices in addition
+ * to the legacy /proc/bus/usb USB device discovery and handling
+ *
+ * (c) 2012 Gerd Hoffmann <kraxel@redhat.com>
+ * Completely rewritten to use libusb instead of usbfs ioctls.
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+#include <poll.h>
+#include <libusb.h>
+
+#include "qemu-common.h"
+#include "monitor/monitor.h"
+#include "sysemu/sysemu.h"
+#include "trace.h"
+
+#include "hw/usb.h"
+
+/* ------------------------------------------------------------------------ */
+
+#define TYPE_USB_HOST_DEVICE "usb-host"
+#define USB_HOST_DEVICE(obj) \
+ OBJECT_CHECK(USBHostDevice, (obj), TYPE_USB_HOST_DEVICE)
+
+typedef struct USBHostDevice USBHostDevice;
+typedef struct USBHostRequest USBHostRequest;
+typedef struct USBHostIsoXfer USBHostIsoXfer;
+typedef struct USBHostIsoRing USBHostIsoRing;
+
+struct USBAutoFilter {
+ uint32_t bus_num;
+ uint32_t addr;
+ char *port;
+ uint32_t vendor_id;
+ uint32_t product_id;
+};
+
+enum USBHostDeviceOptions {
+ USB_HOST_OPT_PIPELINE,
+};
+
+struct USBHostDevice {
+ USBDevice parent_obj;
+
+ /* properties */
+ struct USBAutoFilter match;
+ int32_t bootindex;
+ uint32_t iso_urb_count;
+ uint32_t iso_urb_frames;
+ uint32_t options;
+ uint32_t loglevel;
+
+ /* state */
+ QTAILQ_ENTRY(USBHostDevice) next;
+ int seen, errcount;
+ int bus_num;
+ int addr;
+ char port[16];
+
+ libusb_device *dev;
+ libusb_device_handle *dh;
+ struct libusb_device_descriptor ddesc;
+
+ struct {
+ bool detached;
+ bool claimed;
+ } ifs[USB_MAX_INTERFACES];
+
+ /* callbacks & friends */
+ QEMUBH *bh_nodev;
+ QEMUBH *bh_postld;
+ Notifier exit;
+
+ /* request queues */
+ QTAILQ_HEAD(, USBHostRequest) requests;
+ QTAILQ_HEAD(, USBHostIsoRing) isorings;
+};
+
+struct USBHostRequest {
+ USBHostDevice *host;
+ USBPacket *p;
+ bool in;
+ struct libusb_transfer *xfer;
+ unsigned char *buffer;
+ unsigned char *cbuf;
+ unsigned int clen;
+ QTAILQ_ENTRY(USBHostRequest) next;
+};
+
+struct USBHostIsoXfer {
+ USBHostIsoRing *ring;
+ struct libusb_transfer *xfer;
+ bool copy_complete;
+ unsigned int packet;
+ QTAILQ_ENTRY(USBHostIsoXfer) next;
+};
+
+struct USBHostIsoRing {
+ USBHostDevice *host;
+ USBEndpoint *ep;
+ QTAILQ_HEAD(, USBHostIsoXfer) unused;
+ QTAILQ_HEAD(, USBHostIsoXfer) inflight;
+ QTAILQ_HEAD(, USBHostIsoXfer) copy;
+ QTAILQ_ENTRY(USBHostIsoRing) next;
+};
+
+static QTAILQ_HEAD(, USBHostDevice) hostdevs =
+ QTAILQ_HEAD_INITIALIZER(hostdevs);
+
+static void usb_host_auto_check(void *unused);
+static void usb_host_release_interfaces(USBHostDevice *s);
+static void usb_host_nodev(USBHostDevice *s);
+static void usb_host_attach_kernel(USBHostDevice *s);
+
+/* ------------------------------------------------------------------------ */
+
+#define CONTROL_TIMEOUT 10000 /* 10 sec */
+#define BULK_TIMEOUT 0 /* unlimited */
+#define INTR_TIMEOUT 0 /* unlimited */
+
+static const char *speed_name[] = {
+ [LIBUSB_SPEED_UNKNOWN] = "?",
+ [LIBUSB_SPEED_LOW] = "1.5",
+ [LIBUSB_SPEED_FULL] = "12",
+ [LIBUSB_SPEED_HIGH] = "480",
+ [LIBUSB_SPEED_SUPER] = "5000",
+};
+
+static const unsigned int speed_map[] = {
+ [LIBUSB_SPEED_LOW] = USB_SPEED_LOW,
+ [LIBUSB_SPEED_FULL] = USB_SPEED_FULL,
+ [LIBUSB_SPEED_HIGH] = USB_SPEED_HIGH,
+ [LIBUSB_SPEED_SUPER] = USB_SPEED_SUPER,
+};
+
+static const unsigned int status_map[] = {
+ [LIBUSB_TRANSFER_COMPLETED] = USB_RET_SUCCESS,
+ [LIBUSB_TRANSFER_ERROR] = USB_RET_IOERROR,
+ [LIBUSB_TRANSFER_TIMED_OUT] = USB_RET_IOERROR,
+ [LIBUSB_TRANSFER_CANCELLED] = USB_RET_IOERROR,
+ [LIBUSB_TRANSFER_STALL] = USB_RET_STALL,
+ [LIBUSB_TRANSFER_NO_DEVICE] = USB_RET_NODEV,
+ [LIBUSB_TRANSFER_OVERFLOW] = USB_RET_BABBLE,
+};
+
+static const char *err_names[] = {
+ [-LIBUSB_ERROR_IO] = "IO",
+ [-LIBUSB_ERROR_INVALID_PARAM] = "INVALID_PARAM",
+ [-LIBUSB_ERROR_ACCESS] = "ACCESS",
+ [-LIBUSB_ERROR_NO_DEVICE] = "NO_DEVICE",
+ [-LIBUSB_ERROR_NOT_FOUND] = "NOT_FOUND",
+ [-LIBUSB_ERROR_BUSY] = "BUSY",
+ [-LIBUSB_ERROR_TIMEOUT] = "TIMEOUT",
+ [-LIBUSB_ERROR_OVERFLOW] = "OVERFLOW",
+ [-LIBUSB_ERROR_PIPE] = "PIPE",
+ [-LIBUSB_ERROR_INTERRUPTED] = "INTERRUPTED",
+ [-LIBUSB_ERROR_NO_MEM] = "NO_MEM",
+ [-LIBUSB_ERROR_NOT_SUPPORTED] = "NOT_SUPPORTED",
+ [-LIBUSB_ERROR_OTHER] = "OTHER",
+};
+
+static libusb_context *ctx;
+static uint32_t loglevel;
+
+static void usb_host_handle_fd(void *opaque)
+{
+ struct timeval tv = { 0, 0 };
+ libusb_handle_events_timeout(ctx, &tv);
+}
+
+static void usb_host_add_fd(int fd, short events, void *user_data)
+{
+ qemu_set_fd_handler(fd,
+ (events & POLLIN) ? usb_host_handle_fd : NULL,
+ (events & POLLOUT) ? usb_host_handle_fd : NULL,
+ ctx);
+}
+
+static void usb_host_del_fd(int fd, void *user_data)
+{
+ qemu_set_fd_handler(fd, NULL, NULL, NULL);
+}
+
+static int usb_host_init(void)
+{
+ const struct libusb_pollfd **poll;
+ int i, rc;
+
+ if (ctx) {
+ return 0;
+ }
+ rc = libusb_init(&ctx);
+ if (rc != 0) {
+ return -1;
+ }
+ libusb_set_debug(ctx, loglevel);
+
+ libusb_set_pollfd_notifiers(ctx, usb_host_add_fd,
+ usb_host_del_fd,
+ ctx);
+ poll = libusb_get_pollfds(ctx);
+ if (poll) {
+ for (i = 0; poll[i] != NULL; i++) {
+ usb_host_add_fd(poll[i]->fd, poll[i]->events, ctx);
+ }
+ }
+ free(poll);
+ return 0;
+}
+
+static int usb_host_get_port(libusb_device *dev, char *port, size_t len)
+{
+ uint8_t path[7];
+ size_t off;
+ int rc, i;
+
+#if LIBUSBX_API_VERSION >= 0x01000102
+ rc = libusb_get_port_numbers(dev, path, 7);
+#else
+ rc = libusb_get_port_path(ctx, dev, path, 7);
+#endif
+ if (rc < 0) {
+ return 0;
+ }
+ off = snprintf(port, len, "%d", path[0]);
+ for (i = 1; i < rc; i++) {
+ off += snprintf(port+off, len-off, ".%d", path[i]);
+ }
+ return off;
+}
+
+static void usb_host_libusb_error(const char *func, int rc)
+{
+ const char *errname;
+
+ if (rc >= 0) {
+ return;
+ }
+
+ if (-rc < ARRAY_SIZE(err_names) && err_names[-rc]) {
+ errname = err_names[-rc];
+ } else {
+ errname = "?";
+ }
+ fprintf(stderr, "%s: %d [%s]\n", func, rc, errname);
+}
+
+/* ------------------------------------------------------------------------ */
+
+static bool usb_host_use_combining(USBEndpoint *ep)
+{
+ int type;
+
+ if (!ep->pipeline) {
+ return false;
+ }
+ if (ep->pid != USB_TOKEN_IN) {
+ return false;
+ }
+ type = usb_ep_get_type(ep->dev, ep->pid, ep->nr);
+ if (type != USB_ENDPOINT_XFER_BULK) {
+ return false;
+ }
+ return true;
+}
+
+/* ------------------------------------------------------------------------ */
+
+static USBHostRequest *usb_host_req_alloc(USBHostDevice *s, USBPacket *p,
+ bool in, size_t bufsize)
+{
+ USBHostRequest *r = g_new0(USBHostRequest, 1);
+
+ r->host = s;
+ r->p = p;
+ r->in = in;
+ r->xfer = libusb_alloc_transfer(0);
+ if (bufsize) {
+ r->buffer = g_malloc(bufsize);
+ }
+ QTAILQ_INSERT_TAIL(&s->requests, r, next);
+ return r;
+}
+
+static void usb_host_req_free(USBHostRequest *r)
+{
+ if (r->host) {
+ QTAILQ_REMOVE(&r->host->requests, r, next);
+ }
+ libusb_free_transfer(r->xfer);
+ g_free(r->buffer);
+ g_free(r);
+}
+
+static USBHostRequest *usb_host_req_find(USBHostDevice *s, USBPacket *p)
+{
+ USBHostRequest *r;
+
+ QTAILQ_FOREACH(r, &s->requests, next) {
+ if (r->p == p) {
+ return r;
+ }
+ }
+ return NULL;
+}
+
+static void usb_host_req_complete_ctrl(struct libusb_transfer *xfer)
+{
+ USBHostRequest *r = xfer->user_data;
+ USBHostDevice *s = r->host;
+ bool disconnect = (xfer->status == LIBUSB_TRANSFER_NO_DEVICE);
+
+ if (r->p == NULL) {
+ goto out; /* request was canceled */
+ }
+
+ r->p->status = status_map[xfer->status];
+ r->p->actual_length = xfer->actual_length;
+ if (r->in && xfer->actual_length) {
+ memcpy(r->cbuf, r->buffer + 8, xfer->actual_length);
+ }
+ trace_usb_host_req_complete(s->bus_num, s->addr, r->p,
+ r->p->status, r->p->actual_length);
+ usb_generic_async_ctrl_complete(USB_DEVICE(s), r->p);
+
+out:
+ usb_host_req_free(r);
+ if (disconnect) {
+ usb_host_nodev(s);
+ }
+}
+
+static void usb_host_req_complete_data(struct libusb_transfer *xfer)
+{
+ USBHostRequest *r = xfer->user_data;
+ USBHostDevice *s = r->host;
+ bool disconnect = (xfer->status == LIBUSB_TRANSFER_NO_DEVICE);
+
+ if (r->p == NULL) {
+ goto out; /* request was canceled */
+ }
+
+ r->p->status = status_map[xfer->status];
+ if (r->in && xfer->actual_length) {
+ usb_packet_copy(r->p, r->buffer, xfer->actual_length);
+ }
+ trace_usb_host_req_complete(s->bus_num, s->addr, r->p,
+ r->p->status, r->p->actual_length);
+ if (usb_host_use_combining(r->p->ep)) {
+ usb_combined_input_packet_complete(USB_DEVICE(s), r->p);
+ } else {
+ usb_packet_complete(USB_DEVICE(s), r->p);
+ }
+
+out:
+ usb_host_req_free(r);
+ if (disconnect) {
+ usb_host_nodev(s);
+ }
+}
+
+static void usb_host_req_abort(USBHostRequest *r)
+{
+ USBHostDevice *s = r->host;
+ bool inflight = (r->p && r->p->state == USB_PACKET_ASYNC);
+
+ if (inflight) {
+ r->p->status = USB_RET_NODEV;
+ trace_usb_host_req_complete(s->bus_num, s->addr, r->p,
+ r->p->status, r->p->actual_length);
+ if (r->p->ep->nr == 0) {
+ usb_generic_async_ctrl_complete(USB_DEVICE(s), r->p);
+ } else {
+ usb_packet_complete(USB_DEVICE(s), r->p);
+ }
+ r->p = NULL;
+ }
+
+ QTAILQ_REMOVE(&r->host->requests, r, next);
+ r->host = NULL;
+
+ if (inflight) {
+ libusb_cancel_transfer(r->xfer);
+ }
+}
+
+/* ------------------------------------------------------------------------ */
+
+static void usb_host_req_complete_iso(struct libusb_transfer *transfer)
+{
+ USBHostIsoXfer *xfer = transfer->user_data;
+
+ if (!xfer) {
+ /* USBHostIsoXfer released while inflight */
+ g_free(transfer->buffer);
+ libusb_free_transfer(transfer);
+ return;
+ }
+
+ QTAILQ_REMOVE(&xfer->ring->inflight, xfer, next);
+ if (QTAILQ_EMPTY(&xfer->ring->inflight)) {
+ USBHostDevice *s = xfer->ring->host;
+ trace_usb_host_iso_stop(s->bus_num, s->addr, xfer->ring->ep->nr);
+ }
+ if (xfer->ring->ep->pid == USB_TOKEN_IN) {
+ QTAILQ_INSERT_TAIL(&xfer->ring->copy, xfer, next);
+ } else {
+ QTAILQ_INSERT_TAIL(&xfer->ring->unused, xfer, next);
+ }
+}
+
+static USBHostIsoRing *usb_host_iso_alloc(USBHostDevice *s, USBEndpoint *ep)
+{
+ USBHostIsoRing *ring = g_new0(USBHostIsoRing, 1);
+ USBHostIsoXfer *xfer;
+ /* FIXME: check interval (for now assume one xfer per frame) */
+ int packets = s->iso_urb_frames;
+ int i;
+
+ ring->host = s;
+ ring->ep = ep;
+ QTAILQ_INIT(&ring->unused);
+ QTAILQ_INIT(&ring->inflight);
+ QTAILQ_INIT(&ring->copy);
+ QTAILQ_INSERT_TAIL(&s->isorings, ring, next);
+
+ for (i = 0; i < s->iso_urb_count; i++) {
+ xfer = g_new0(USBHostIsoXfer, 1);
+ xfer->ring = ring;
+ xfer->xfer = libusb_alloc_transfer(packets);
+ xfer->xfer->dev_handle = s->dh;
+ xfer->xfer->type = LIBUSB_TRANSFER_TYPE_ISOCHRONOUS;
+
+ xfer->xfer->endpoint = ring->ep->nr;
+ if (ring->ep->pid == USB_TOKEN_IN) {
+ xfer->xfer->endpoint |= USB_DIR_IN;
+ }
+ xfer->xfer->callback = usb_host_req_complete_iso;
+ xfer->xfer->user_data = xfer;
+
+ xfer->xfer->num_iso_packets = packets;
+ xfer->xfer->length = ring->ep->max_packet_size * packets;
+ xfer->xfer->buffer = g_malloc0(xfer->xfer->length);
+
+ QTAILQ_INSERT_TAIL(&ring->unused, xfer, next);
+ }
+
+ return ring;
+}
+
+static USBHostIsoRing *usb_host_iso_find(USBHostDevice *s, USBEndpoint *ep)
+{
+ USBHostIsoRing *ring;
+
+ QTAILQ_FOREACH(ring, &s->isorings, next) {
+ if (ring->ep == ep) {
+ return ring;
+ }
+ }
+ return NULL;
+}
+
+static void usb_host_iso_reset_xfer(USBHostIsoXfer *xfer)
+{
+ libusb_set_iso_packet_lengths(xfer->xfer,
+ xfer->ring->ep->max_packet_size);
+ xfer->packet = 0;
+ xfer->copy_complete = false;
+}
+
+static void usb_host_iso_free_xfer(USBHostIsoXfer *xfer, bool inflight)
+{
+ if (inflight) {
+ xfer->xfer->user_data = NULL;
+ } else {
+ g_free(xfer->xfer->buffer);
+ libusb_free_transfer(xfer->xfer);
+ }
+ g_free(xfer);
+}
+
+static void usb_host_iso_free(USBHostIsoRing *ring)
+{
+ USBHostIsoXfer *xfer;
+
+ while ((xfer = QTAILQ_FIRST(&ring->inflight)) != NULL) {
+ QTAILQ_REMOVE(&ring->inflight, xfer, next);
+ usb_host_iso_free_xfer(xfer, true);
+ }
+ while ((xfer = QTAILQ_FIRST(&ring->unused)) != NULL) {
+ QTAILQ_REMOVE(&ring->unused, xfer, next);
+ usb_host_iso_free_xfer(xfer, false);
+ }
+ while ((xfer = QTAILQ_FIRST(&ring->copy)) != NULL) {
+ QTAILQ_REMOVE(&ring->copy, xfer, next);
+ usb_host_iso_free_xfer(xfer, false);
+ }
+
+ QTAILQ_REMOVE(&ring->host->isorings, ring, next);
+ g_free(ring);
+}
+
+static void usb_host_iso_free_all(USBHostDevice *s)
+{
+ USBHostIsoRing *ring;
+
+ while ((ring = QTAILQ_FIRST(&s->isorings)) != NULL) {
+ usb_host_iso_free(ring);
+ }
+}
+
+static bool usb_host_iso_data_copy(USBHostIsoXfer *xfer, USBPacket *p)
+{
+ unsigned int psize;
+ unsigned char *buf;
+
+ buf = libusb_get_iso_packet_buffer_simple(xfer->xfer, xfer->packet);
+ if (p->pid == USB_TOKEN_OUT) {
+ psize = p->iov.size;
+ if (psize > xfer->ring->ep->max_packet_size) {
+ /* should not happen (guest bug) */
+ psize = xfer->ring->ep->max_packet_size;
+ }
+ xfer->xfer->iso_packet_desc[xfer->packet].length = psize;
+ } else {
+ psize = xfer->xfer->iso_packet_desc[xfer->packet].actual_length;
+ if (psize > p->iov.size) {
+ /* should not happen (guest bug) */
+ psize = p->iov.size;
+ }
+ }
+ usb_packet_copy(p, buf, psize);
+ xfer->packet++;
+ xfer->copy_complete = (xfer->packet == xfer->xfer->num_iso_packets);
+ return xfer->copy_complete;
+}
+
+static void usb_host_iso_data_in(USBHostDevice *s, USBPacket *p)
+{
+ USBHostIsoRing *ring;
+ USBHostIsoXfer *xfer;
+ bool disconnect = false;
+ int rc;
+
+ ring = usb_host_iso_find(s, p->ep);
+ if (ring == NULL) {
+ ring = usb_host_iso_alloc(s, p->ep);
+ }
+
+ /* copy data to guest */
+ xfer = QTAILQ_FIRST(&ring->copy);
+ if (xfer != NULL) {
+ if (usb_host_iso_data_copy(xfer, p)) {
+ QTAILQ_REMOVE(&ring->copy, xfer, next);
+ QTAILQ_INSERT_TAIL(&ring->unused, xfer, next);
+ }
+ }
+
+ /* submit empty bufs to host */
+ while ((xfer = QTAILQ_FIRST(&ring->unused)) != NULL) {
+ QTAILQ_REMOVE(&ring->unused, xfer, next);
+ usb_host_iso_reset_xfer(xfer);
+ rc = libusb_submit_transfer(xfer->xfer);
+ if (rc != 0) {
+ usb_host_libusb_error("libusb_submit_transfer [iso]", rc);
+ QTAILQ_INSERT_TAIL(&ring->unused, xfer, next);
+ if (rc == LIBUSB_ERROR_NO_DEVICE) {
+ disconnect = true;
+ }
+ break;
+ }
+ if (QTAILQ_EMPTY(&ring->inflight)) {
+ trace_usb_host_iso_start(s->bus_num, s->addr, p->ep->nr);
+ }
+ QTAILQ_INSERT_TAIL(&ring->inflight, xfer, next);
+ }
+
+ if (disconnect) {
+ usb_host_nodev(s);
+ }
+}
+
+static void usb_host_iso_data_out(USBHostDevice *s, USBPacket *p)
+{
+ USBHostIsoRing *ring;
+ USBHostIsoXfer *xfer;
+ bool disconnect = false;
+ int rc, filled = 0;
+
+ ring = usb_host_iso_find(s, p->ep);
+ if (ring == NULL) {
+ ring = usb_host_iso_alloc(s, p->ep);
+ }
+
+ /* copy data from guest */
+ xfer = QTAILQ_FIRST(&ring->copy);
+ while (xfer != NULL && xfer->copy_complete) {
+ filled++;
+ xfer = QTAILQ_NEXT(xfer, next);
+ }
+ if (xfer == NULL) {
+ xfer = QTAILQ_FIRST(&ring->unused);
+ if (xfer == NULL) {
+ trace_usb_host_iso_out_of_bufs(s->bus_num, s->addr, p->ep->nr);
+ return;
+ }
+ QTAILQ_REMOVE(&ring->unused, xfer, next);
+ usb_host_iso_reset_xfer(xfer);
+ QTAILQ_INSERT_TAIL(&ring->copy, xfer, next);
+ }
+ usb_host_iso_data_copy(xfer, p);
+
+ if (QTAILQ_EMPTY(&ring->inflight)) {
+ /* wait until half of our buffers are filled
+ before kicking the iso out stream */
+ if (filled*2 < s->iso_urb_count) {
+ return;
+ }
+ }
+
+ /* submit filled bufs to host */
+ while ((xfer = QTAILQ_FIRST(&ring->copy)) != NULL &&
+ xfer->copy_complete) {
+ QTAILQ_REMOVE(&ring->copy, xfer, next);
+ rc = libusb_submit_transfer(xfer->xfer);
+ if (rc != 0) {
+ usb_host_libusb_error("libusb_submit_transfer [iso]", rc);
+ QTAILQ_INSERT_TAIL(&ring->unused, xfer, next);
+ if (rc == LIBUSB_ERROR_NO_DEVICE) {
+ disconnect = true;
+ }
+ break;
+ }
+ if (QTAILQ_EMPTY(&ring->inflight)) {
+ trace_usb_host_iso_start(s->bus_num, s->addr, p->ep->nr);
+ }
+ QTAILQ_INSERT_TAIL(&ring->inflight, xfer, next);
+ }
+
+ if (disconnect) {
+ usb_host_nodev(s);
+ }
+}
+
+/* ------------------------------------------------------------------------ */
+
+static bool usb_host_full_speed_compat(USBHostDevice *s)
+{
+ struct libusb_config_descriptor *conf;
+ const struct libusb_interface_descriptor *intf;
+ const struct libusb_endpoint_descriptor *endp;
+ uint8_t type;
+ int rc, c, i, a, e;
+
+ for (c = 0;; c++) {
+ rc = libusb_get_config_descriptor(s->dev, c, &conf);
+ if (rc != 0) {
+ break;
+ }
+ for (i = 0; i < conf->bNumInterfaces; i++) {
+ for (a = 0; a < conf->interface[i].num_altsetting; a++) {
+ intf = &conf->interface[i].altsetting[a];
+ for (e = 0; e < intf->bNumEndpoints; e++) {
+ endp = &intf->endpoint[e];
+ type = endp->bmAttributes & 0x3;
+ switch (type) {
+ case 0x01: /* ISO */
+ return false;
+ case 0x03: /* INTERRUPT */
+ if (endp->wMaxPacketSize > 64) {
+ return false;
+ }
+ break;
+ }
+ }
+ }
+ }
+ libusb_free_config_descriptor(conf);
+ }
+ return true;
+}
+
+static void usb_host_ep_update(USBHostDevice *s)
+{
+ static const char *tname[] = {
+ [USB_ENDPOINT_XFER_CONTROL] = "control",
+ [USB_ENDPOINT_XFER_ISOC] = "isoc",
+ [USB_ENDPOINT_XFER_BULK] = "bulk",
+ [USB_ENDPOINT_XFER_INT] = "int",
+ };
+ USBDevice *udev = USB_DEVICE(s);
+ struct libusb_config_descriptor *conf;
+ const struct libusb_interface_descriptor *intf;
+ const struct libusb_endpoint_descriptor *endp;
+ uint8_t devep, type;
+ int pid, ep;
+ int rc, i, e;
+
+ usb_ep_reset(udev);
+ rc = libusb_get_active_config_descriptor(s->dev, &conf);
+ if (rc != 0) {
+ return;
+ }
+ trace_usb_host_parse_config(s->bus_num, s->addr,
+ conf->bConfigurationValue, true);
+
+ for (i = 0; i < conf->bNumInterfaces; i++) {
+ assert(udev->altsetting[i] < conf->interface[i].num_altsetting);
+ intf = &conf->interface[i].altsetting[udev->altsetting[i]];
+ trace_usb_host_parse_interface(s->bus_num, s->addr,
+ intf->bInterfaceNumber,
+ intf->bAlternateSetting, true);
+ for (e = 0; e < intf->bNumEndpoints; e++) {
+ endp = &intf->endpoint[e];
+
+ devep = endp->bEndpointAddress;
+ pid = (devep & USB_DIR_IN) ? USB_TOKEN_IN : USB_TOKEN_OUT;
+ ep = devep & 0xf;
+ type = endp->bmAttributes & 0x3;
+
+ if (ep == 0) {
+ trace_usb_host_parse_error(s->bus_num, s->addr,
+ "invalid endpoint address");
+ return;
+ }
+ if (usb_ep_get_type(udev, pid, ep) != USB_ENDPOINT_XFER_INVALID) {
+ trace_usb_host_parse_error(s->bus_num, s->addr,
+ "duplicate endpoint address");
+ return;
+ }
+
+ trace_usb_host_parse_endpoint(s->bus_num, s->addr, ep,
+ (devep & USB_DIR_IN) ? "in" : "out",
+ tname[type], true);
+ usb_ep_set_max_packet_size(udev, pid, ep,
+ endp->wMaxPacketSize);
+ usb_ep_set_type(udev, pid, ep, type);
+ usb_ep_set_ifnum(udev, pid, ep, i);
+ usb_ep_set_halted(udev, pid, ep, 0);
+ }
+ }
+
+ libusb_free_config_descriptor(conf);
+}
+
+static int usb_host_open(USBHostDevice *s, libusb_device *dev)
+{
+ USBDevice *udev = USB_DEVICE(s);
+ int bus_num = libusb_get_bus_number(dev);
+ int addr = libusb_get_device_address(dev);
+ int rc;
+
+ trace_usb_host_open_started(bus_num, addr);
+
+ if (s->dh != NULL) {
+ goto fail;
+ }
+ rc = libusb_open(dev, &s->dh);
+ if (rc != 0) {
+ goto fail;
+ }
+
+ libusb_get_device_descriptor(dev, &s->ddesc);
+ s->dev = dev;
+ s->bus_num = bus_num;
+ s->addr = addr;
+ usb_host_get_port(s->dev, s->port, sizeof(s->port));
+
+ usb_ep_init(udev);
+ usb_host_ep_update(s);
+
+ udev->speed = speed_map[libusb_get_device_speed(dev)];
+ udev->speedmask = (1 << udev->speed);
+ if (udev->speed == USB_SPEED_HIGH && usb_host_full_speed_compat(s)) {
+ udev->speedmask |= USB_SPEED_MASK_FULL;
+ }
+
+ if (s->ddesc.iProduct) {
+ libusb_get_string_descriptor_ascii(s->dh, s->ddesc.iProduct,
+ (unsigned char *)udev->product_desc,
+ sizeof(udev->product_desc));
+ } else {
+ snprintf(udev->product_desc, sizeof(udev->product_desc),
+ "host:%d.%d", bus_num, addr);
+ }
+
+ rc = usb_device_attach(udev);
+ if (rc) {
+ goto fail;
+ }
+
+ trace_usb_host_open_success(bus_num, addr);
+ return 0;
+
+fail:
+ trace_usb_host_open_failure(bus_num, addr);
+ if (s->dh != NULL) {
+ libusb_close(s->dh);
+ s->dh = NULL;
+ s->dev = NULL;
+ }
+ return -1;
+}
+
+static void usb_host_abort_xfers(USBHostDevice *s)
+{
+ USBHostRequest *r, *rtmp;
+
+ QTAILQ_FOREACH_SAFE(r, &s->requests, next, rtmp) {
+ usb_host_req_abort(r);
+ }
+}
+
+static int usb_host_close(USBHostDevice *s)
+{
+ USBDevice *udev = USB_DEVICE(s);
+
+ if (s->dh == NULL) {
+ return -1;
+ }
+
+ trace_usb_host_close(s->bus_num, s->addr);
+
+ usb_host_abort_xfers(s);
+ usb_host_iso_free_all(s);
+
+ if (udev->attached) {
+ usb_device_detach(udev);
+ }
+
+ usb_host_release_interfaces(s);
+ libusb_reset_device(s->dh);
+ usb_host_attach_kernel(s);
+ libusb_close(s->dh);
+ s->dh = NULL;
+ s->dev = NULL;
+
+ usb_host_auto_check(NULL);
+ return 0;
+}
+
+static void usb_host_nodev_bh(void *opaque)
+{
+ USBHostDevice *s = opaque;
+ usb_host_close(s);
+}
+
+static void usb_host_nodev(USBHostDevice *s)
+{
+ if (!s->bh_nodev) {
+ s->bh_nodev = qemu_bh_new(usb_host_nodev_bh, s);
+ }
+ qemu_bh_schedule(s->bh_nodev);
+}
+
+static void usb_host_exit_notifier(struct Notifier *n, void *data)
+{
+ USBHostDevice *s = container_of(n, USBHostDevice, exit);
+
+ if (s->dh) {
+ usb_host_release_interfaces(s);
+ usb_host_attach_kernel(s);
+ }
+}
+
+static int usb_host_initfn(USBDevice *udev)
+{
+ USBHostDevice *s = USB_HOST_DEVICE(udev);
+
+ loglevel = s->loglevel;
+ udev->flags |= (1 << USB_DEV_FLAG_IS_HOST);
+ udev->auto_attach = 0;
+ QTAILQ_INIT(&s->requests);
+ QTAILQ_INIT(&s->isorings);
+
+ s->exit.notify = usb_host_exit_notifier;
+ qemu_add_exit_notifier(&s->exit);
+
+ QTAILQ_INSERT_TAIL(&hostdevs, s, next);
+ add_boot_device_path(s->bootindex, &udev->qdev, NULL);
+ usb_host_auto_check(NULL);
+ return 0;
+}
+
+static void usb_host_handle_destroy(USBDevice *udev)
+{
+ USBHostDevice *s = USB_HOST_DEVICE(udev);
+
+ qemu_remove_exit_notifier(&s->exit);
+ QTAILQ_REMOVE(&hostdevs, s, next);
+ usb_host_close(s);
+}
+
+static void usb_host_cancel_packet(USBDevice *udev, USBPacket *p)
+{
+ USBHostDevice *s = USB_HOST_DEVICE(udev);
+ USBHostRequest *r;
+
+ if (p->combined) {
+ usb_combined_packet_cancel(udev, p);
+ return;
+ }
+
+ trace_usb_host_req_canceled(s->bus_num, s->addr, p);
+
+ r = usb_host_req_find(s, p);
+ if (r && r->p) {
+ r->p = NULL; /* mark as dead */
+ libusb_cancel_transfer(r->xfer);
+ }
+}
+
+static void usb_host_detach_kernel(USBHostDevice *s)
+{
+ struct libusb_config_descriptor *conf;
+ int rc, i;
+
+ rc = libusb_get_active_config_descriptor(s->dev, &conf);
+ if (rc != 0) {
+ return;
+ }
+ for (i = 0; i < conf->bNumInterfaces; i++) {
+ rc = libusb_kernel_driver_active(s->dh, i);
+ usb_host_libusb_error("libusb_kernel_driver_active", rc);
+ if (rc != 1) {
+ continue;
+ }
+ trace_usb_host_detach_kernel(s->bus_num, s->addr, i);
+ rc = libusb_detach_kernel_driver(s->dh, i);
+ usb_host_libusb_error("libusb_detach_kernel_driver", rc);
+ s->ifs[i].detached = true;
+ }
+ libusb_free_config_descriptor(conf);
+}
+
+static void usb_host_attach_kernel(USBHostDevice *s)
+{
+ struct libusb_config_descriptor *conf;
+ int rc, i;
+
+ rc = libusb_get_active_config_descriptor(s->dev, &conf);
+ if (rc != 0) {
+ return;
+ }
+ for (i = 0; i < conf->bNumInterfaces; i++) {
+ if (!s->ifs[i].detached) {
+ continue;
+ }
+ trace_usb_host_attach_kernel(s->bus_num, s->addr, i);
+ libusb_attach_kernel_driver(s->dh, i);
+ s->ifs[i].detached = false;
+ }
+ libusb_free_config_descriptor(conf);
+}
+
+static int usb_host_claim_interfaces(USBHostDevice *s, int configuration)
+{
+ USBDevice *udev = USB_DEVICE(s);
+ struct libusb_config_descriptor *conf;
+ int rc, i;
+
+ for (i = 0; i < USB_MAX_INTERFACES; i++) {
+ udev->altsetting[i] = 0;
+ }
+ udev->ninterfaces = 0;
+ udev->configuration = 0;
+
+ if (configuration == 0) {
+ /* address state - ignore */
+ return USB_RET_SUCCESS;
+ }
+
+ usb_host_detach_kernel(s);
+
+ rc = libusb_get_active_config_descriptor(s->dev, &conf);
+ if (rc != 0) {
+ return USB_RET_STALL;
+ }
+
+ for (i = 0; i < conf->bNumInterfaces; i++) {
+ trace_usb_host_claim_interface(s->bus_num, s->addr, configuration, i);
+ rc = libusb_claim_interface(s->dh, i);
+ usb_host_libusb_error("libusb_claim_interface", rc);
+ if (rc != 0) {
+ return USB_RET_STALL;
+ }
+ s->ifs[i].claimed = true;
+ }
+
+ udev->ninterfaces = conf->bNumInterfaces;
+ udev->configuration = configuration;
+
+ libusb_free_config_descriptor(conf);
+ return USB_RET_SUCCESS;
+}
+
+static void usb_host_release_interfaces(USBHostDevice *s)
+{
+ USBDevice *udev = USB_DEVICE(s);
+ int i, rc;
+
+ for (i = 0; i < udev->ninterfaces; i++) {
+ if (!s->ifs[i].claimed) {
+ continue;
+ }
+ trace_usb_host_release_interface(s->bus_num, s->addr, i);
+ rc = libusb_release_interface(s->dh, i);
+ usb_host_libusb_error("libusb_release_interface", rc);
+ s->ifs[i].claimed = false;
+ }
+}
+
+static void usb_host_set_address(USBHostDevice *s, int addr)
+{
+ USBDevice *udev = USB_DEVICE(s);
+
+ trace_usb_host_set_address(s->bus_num, s->addr, addr);
+ udev->addr = addr;
+}
+
+static void usb_host_set_config(USBHostDevice *s, int config, USBPacket *p)
+{
+ int rc;
+
+ trace_usb_host_set_config(s->bus_num, s->addr, config);
+
+ usb_host_release_interfaces(s);
+ usb_host_detach_kernel(s);
+ rc = libusb_set_configuration(s->dh, config);
+ if (rc != 0) {
+ usb_host_libusb_error("libusb_set_configuration", rc);
+ p->status = USB_RET_STALL;
+ if (rc == LIBUSB_ERROR_NO_DEVICE) {
+ usb_host_nodev(s);
+ }
+ return;
+ }
+ p->status = usb_host_claim_interfaces(s, config);
+ if (p->status != USB_RET_SUCCESS) {
+ return;
+ }
+ usb_host_ep_update(s);
+}
+
+static void usb_host_set_interface(USBHostDevice *s, int iface, int alt,
+ USBPacket *p)
+{
+ USBDevice *udev = USB_DEVICE(s);
+ int rc;
+
+ trace_usb_host_set_interface(s->bus_num, s->addr, iface, alt);
+
+ usb_host_iso_free_all(s);
+
+ if (iface >= USB_MAX_INTERFACES) {
+ p->status = USB_RET_STALL;
+ return;
+ }
+
+ rc = libusb_set_interface_alt_setting(s->dh, iface, alt);
+ if (rc != 0) {
+ usb_host_libusb_error("libusb_set_interface_alt_setting", rc);
+ p->status = USB_RET_STALL;
+ if (rc == LIBUSB_ERROR_NO_DEVICE) {
+ usb_host_nodev(s);
+ }
+ return;
+ }
+
+ udev->altsetting[iface] = alt;
+ usb_host_ep_update(s);
+}
+
+static void usb_host_handle_control(USBDevice *udev, USBPacket *p,
+ int request, int value, int index,
+ int length, uint8_t *data)
+{
+ USBHostDevice *s = USB_HOST_DEVICE(udev);
+ USBHostRequest *r;
+ int rc;
+
+ trace_usb_host_req_control(s->bus_num, s->addr, p, request, value, index);
+
+ if (s->dh == NULL) {
+ p->status = USB_RET_NODEV;
+ trace_usb_host_req_emulated(s->bus_num, s->addr, p, p->status);
+ return;
+ }
+
+ switch (request) {
+ case DeviceOutRequest | USB_REQ_SET_ADDRESS:
+ usb_host_set_address(s, value);
+ trace_usb_host_req_emulated(s->bus_num, s->addr, p, p->status);
+ return;
+
+ case DeviceOutRequest | USB_REQ_SET_CONFIGURATION:
+ usb_host_set_config(s, value & 0xff, p);
+ trace_usb_host_req_emulated(s->bus_num, s->addr, p, p->status);
+ return;
+
+ case InterfaceOutRequest | USB_REQ_SET_INTERFACE:
+ usb_host_set_interface(s, index, value, p);
+ trace_usb_host_req_emulated(s->bus_num, s->addr, p, p->status);
+ return;
+
+ case EndpointOutRequest | USB_REQ_CLEAR_FEATURE:
+ if (value == 0) { /* clear halt */
+ int pid = (index & USB_DIR_IN) ? USB_TOKEN_IN : USB_TOKEN_OUT;
+ libusb_clear_halt(s->dh, index);
+ usb_ep_set_halted(udev, pid, index & 0x0f, 0);
+ trace_usb_host_req_emulated(s->bus_num, s->addr, p, p->status);
+ return;
+ }
+ }
+
+ r = usb_host_req_alloc(s, p, (request >> 8) & USB_DIR_IN, length + 8);
+ r->cbuf = data;
+ r->clen = length;
+ memcpy(r->buffer, udev->setup_buf, 8);
+ if (!r->in) {
+ memcpy(r->buffer + 8, r->cbuf, r->clen);
+ }
+
+ libusb_fill_control_transfer(r->xfer, s->dh, r->buffer,
+ usb_host_req_complete_ctrl, r,
+ CONTROL_TIMEOUT);
+ rc = libusb_submit_transfer(r->xfer);
+ if (rc != 0) {
+ p->status = USB_RET_NODEV;
+ trace_usb_host_req_complete(s->bus_num, s->addr, p,
+ p->status, p->actual_length);
+ if (rc == LIBUSB_ERROR_NO_DEVICE) {
+ usb_host_nodev(s);
+ }
+ return;
+ }
+
+ p->status = USB_RET_ASYNC;
+}
+
+static void usb_host_handle_data(USBDevice *udev, USBPacket *p)
+{
+ USBHostDevice *s = USB_HOST_DEVICE(udev);
+ USBHostRequest *r;
+ size_t size;
+ int ep, rc;
+
+ if (usb_host_use_combining(p->ep) && p->state == USB_PACKET_SETUP) {
+ p->status = USB_RET_ADD_TO_QUEUE;
+ return;
+ }
+
+ trace_usb_host_req_data(s->bus_num, s->addr, p,
+ p->pid == USB_TOKEN_IN,
+ p->ep->nr, p->iov.size);
+
+ if (s->dh == NULL) {
+ p->status = USB_RET_NODEV;
+ trace_usb_host_req_emulated(s->bus_num, s->addr, p, p->status);
+ return;
+ }
+ if (p->ep->halted) {
+ p->status = USB_RET_STALL;
+ trace_usb_host_req_emulated(s->bus_num, s->addr, p, p->status);
+ return;
+ }
+
+ switch (usb_ep_get_type(udev, p->pid, p->ep->nr)) {
+ case USB_ENDPOINT_XFER_BULK:
+ size = usb_packet_size(p);
+ r = usb_host_req_alloc(s, p, p->pid == USB_TOKEN_IN, size);
+ if (!r->in) {
+ usb_packet_copy(p, r->buffer, size);
+ }
+ ep = p->ep->nr | (r->in ? USB_DIR_IN : 0);
+ libusb_fill_bulk_transfer(r->xfer, s->dh, ep,
+ r->buffer, size,
+ usb_host_req_complete_data, r,
+ BULK_TIMEOUT);
+ break;
+ case USB_ENDPOINT_XFER_INT:
+ r = usb_host_req_alloc(s, p, p->pid == USB_TOKEN_IN, p->iov.size);
+ if (!r->in) {
+ usb_packet_copy(p, r->buffer, p->iov.size);
+ }
+ ep = p->ep->nr | (r->in ? USB_DIR_IN : 0);
+ libusb_fill_interrupt_transfer(r->xfer, s->dh, ep,
+ r->buffer, p->iov.size,
+ usb_host_req_complete_data, r,
+ INTR_TIMEOUT);
+ break;
+ case USB_ENDPOINT_XFER_ISOC:
+ if (p->pid == USB_TOKEN_IN) {
+ usb_host_iso_data_in(s, p);
+ } else {
+ usb_host_iso_data_out(s, p);
+ }
+ trace_usb_host_req_complete(s->bus_num, s->addr, p,
+ p->status, p->actual_length);
+ return;
+ default:
+ p->status = USB_RET_STALL;
+ trace_usb_host_req_complete(s->bus_num, s->addr, p,
+ p->status, p->actual_length);
+ return;
+ }
+
+ rc = libusb_submit_transfer(r->xfer);
+ if (rc != 0) {
+ p->status = USB_RET_NODEV;
+ trace_usb_host_req_complete(s->bus_num, s->addr, p,
+ p->status, p->actual_length);
+ if (rc == LIBUSB_ERROR_NO_DEVICE) {
+ usb_host_nodev(s);
+ }
+ return;
+ }
+
+ p->status = USB_RET_ASYNC;
+}
+
+static void usb_host_flush_ep_queue(USBDevice *dev, USBEndpoint *ep)
+{
+ if (usb_host_use_combining(ep)) {
+ usb_ep_combine_input_packets(ep);
+ }
+}
+
+static void usb_host_handle_reset(USBDevice *udev)
+{
+ USBHostDevice *s = USB_HOST_DEVICE(udev);
+
+ trace_usb_host_reset(s->bus_num, s->addr);
+
+ if (udev->configuration == 0) {
+ return;
+ }
+ usb_host_release_interfaces(s);
+ libusb_reset_device(s->dh);
+ usb_host_claim_interfaces(s, 0);
+ usb_host_ep_update(s);
+}
+
+/*
+ * This is *NOT* about restoring state. We have absolutely no idea
+ * what state the host device is in at the moment and whenever it is
+ * still present in the first place. Attemping to contine where we
+ * left off is impossible.
+ *
+ * What we are going to to to here is emulate a surprise removal of
+ * the usb device passed through, then kick host scan so the device
+ * will get re-attached (and re-initialized by the guest) in case it
+ * is still present.
+ *
+ * As the device removal will change the state of other devices (usb
+ * host controller, most likely interrupt controller too) we have to
+ * wait with it until *all* vmstate is loaded. Thus post_load just
+ * kicks a bottom half which then does the actual work.
+ */
+static void usb_host_post_load_bh(void *opaque)
+{
+ USBHostDevice *dev = opaque;
+ USBDevice *udev = USB_DEVICE(dev);
+
+ if (dev->dh != NULL) {
+ usb_host_close(dev);
+ }
+ if (udev->attached) {
+ usb_device_detach(udev);
+ }
+ usb_host_auto_check(NULL);
+}
+
+static int usb_host_post_load(void *opaque, int version_id)
+{
+ USBHostDevice *dev = opaque;
+
+ if (!dev->bh_postld) {
+ dev->bh_postld = qemu_bh_new(usb_host_post_load_bh, dev);
+ }
+ qemu_bh_schedule(dev->bh_postld);
+ return 0;
+}
+
+static const VMStateDescription vmstate_usb_host = {
+ .name = "usb-host",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .post_load = usb_host_post_load,
+ .fields = (VMStateField[]) {
+ VMSTATE_USB_DEVICE(parent_obj, USBHostDevice),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+static Property usb_host_dev_properties[] = {
+ DEFINE_PROP_UINT32("hostbus", USBHostDevice, match.bus_num, 0),
+ DEFINE_PROP_UINT32("hostaddr", USBHostDevice, match.addr, 0),
+ DEFINE_PROP_STRING("hostport", USBHostDevice, match.port),
+ DEFINE_PROP_HEX32("vendorid", USBHostDevice, match.vendor_id, 0),
+ DEFINE_PROP_HEX32("productid", USBHostDevice, match.product_id, 0),
+ DEFINE_PROP_UINT32("isobufs", USBHostDevice, iso_urb_count, 4),
+ DEFINE_PROP_UINT32("isobsize", USBHostDevice, iso_urb_frames, 32),
+ DEFINE_PROP_INT32("bootindex", USBHostDevice, bootindex, -1),
+ DEFINE_PROP_UINT32("loglevel", USBHostDevice, loglevel,
+ LIBUSB_LOG_LEVEL_WARNING),
+ DEFINE_PROP_BIT("pipeline", USBHostDevice, options,
+ USB_HOST_OPT_PIPELINE, true),
+ DEFINE_PROP_END_OF_LIST(),
+};
+
+static void usb_host_class_initfn(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ USBDeviceClass *uc = USB_DEVICE_CLASS(klass);
+
+ uc->init = usb_host_initfn;
+ uc->product_desc = "USB Host Device";
+ uc->cancel_packet = usb_host_cancel_packet;
+ uc->handle_data = usb_host_handle_data;
+ uc->handle_control = usb_host_handle_control;
+ uc->handle_reset = usb_host_handle_reset;
+ uc->handle_destroy = usb_host_handle_destroy;
+ uc->flush_ep_queue = usb_host_flush_ep_queue;
+ dc->vmsd = &vmstate_usb_host;
+ dc->props = usb_host_dev_properties;
+ set_bit(DEVICE_CATEGORY_BRIDGE, dc->categories);
+}
+
+static TypeInfo usb_host_dev_info = {
+ .name = TYPE_USB_HOST_DEVICE,
+ .parent = TYPE_USB_DEVICE,
+ .instance_size = sizeof(USBHostDevice),
+ .class_init = usb_host_class_initfn,
+};
+
+static void usb_host_register_types(void)
+{
+ type_register_static(&usb_host_dev_info);
+}
+
+type_init(usb_host_register_types)
+
+/* ------------------------------------------------------------------------ */
+
+static QEMUTimer *usb_auto_timer;
+static VMChangeStateEntry *usb_vmstate;
+
+static void usb_host_vm_state(void *unused, int running, RunState state)
+{
+ if (running) {
+ usb_host_auto_check(unused);
+ }
+}
+
+static void usb_host_auto_check(void *unused)
+{
+ struct USBHostDevice *s;
+ struct USBAutoFilter *f;
+ libusb_device **devs;
+ struct libusb_device_descriptor ddesc;
+ int unconnected = 0;
+ int i, n;
+
+ if (usb_host_init() != 0) {
+ return;
+ }
+
+ if (runstate_is_running()) {
+ n = libusb_get_device_list(ctx, &devs);
+ for (i = 0; i < n; i++) {
+ if (libusb_get_device_descriptor(devs[i], &ddesc) != 0) {
+ continue;
+ }
+ if (ddesc.bDeviceClass == LIBUSB_CLASS_HUB) {
+ continue;
+ }
+ QTAILQ_FOREACH(s, &hostdevs, next) {
+ f = &s->match;
+ if (f->bus_num > 0 &&
+ f->bus_num != libusb_get_bus_number(devs[i])) {
+ continue;
+ }
+ if (f->addr > 0 &&
+ f->addr != libusb_get_device_address(devs[i])) {
+ continue;
+ }
+ if (f->port != NULL) {
+ char port[16] = "-";
+ usb_host_get_port(devs[i], port, sizeof(port));
+ if (strcmp(f->port, port) != 0) {
+ continue;
+ }
+ }
+ if (f->vendor_id > 0 &&
+ f->vendor_id != ddesc.idVendor) {
+ continue;
+ }
+ if (f->product_id > 0 &&
+ f->product_id != ddesc.idProduct) {
+ continue;
+ }
+
+ /* We got a match */
+ s->seen++;
+ if (s->errcount >= 3) {
+ continue;
+ }
+ if (s->dh != NULL) {
+ continue;
+ }
+ if (usb_host_open(s, devs[i]) < 0) {
+ s->errcount++;
+ continue;
+ }
+ break;
+ }
+ }
+ libusb_free_device_list(devs, 1);
+
+ QTAILQ_FOREACH(s, &hostdevs, next) {
+ if (s->dh == NULL) {
+ unconnected++;
+ }
+ if (s->seen == 0) {
+ if (s->dh) {
+ usb_host_close(s);
+ }
+ s->errcount = 0;
+ }
+ s->seen = 0;
+ }
+
+#if 0
+ if (unconnected == 0) {
+ /* nothing to watch */
+ if (usb_auto_timer) {
+ qemu_del_timer(usb_auto_timer);
+ trace_usb_host_auto_scan_disabled();
+ }
+ return;
+ }
+#endif
+ }
+
+ if (!usb_vmstate) {
+ usb_vmstate = qemu_add_vm_change_state_handler(usb_host_vm_state, NULL);
+ }
+ if (!usb_auto_timer) {
+ usb_auto_timer = qemu_new_timer_ms(rt_clock, usb_host_auto_check, NULL);
+ if (!usb_auto_timer) {
+ return;
+ }
+ trace_usb_host_auto_scan_enabled();
+ }
+ qemu_mod_timer(usb_auto_timer, qemu_get_clock_ms(rt_clock) + 2000);
+}
+
+void usb_host_info(Monitor *mon, const QDict *qdict)
+{
+ libusb_device **devs;
+ struct libusb_device_descriptor ddesc;
+ char port[16];
+ int i, n;
+
+ if (usb_host_init() != 0) {
+ return;
+ }
+
+ n = libusb_get_device_list(ctx, &devs);
+ for (i = 0; i < n; i++) {
+ if (libusb_get_device_descriptor(devs[i], &ddesc) != 0) {
+ continue;
+ }
+ if (ddesc.bDeviceClass == LIBUSB_CLASS_HUB) {
+ continue;
+ }
+ usb_host_get_port(devs[i], port, sizeof(port));
+ monitor_printf(mon, " Bus %d, Addr %d, Port %s, Speed %s Mb/s\n",
+ libusb_get_bus_number(devs[i]),
+ libusb_get_device_address(devs[i]),
+ port,
+ speed_name[libusb_get_device_speed(devs[i])]);
+ monitor_printf(mon, " Class %02x:", ddesc.bDeviceClass);
+ monitor_printf(mon, " USB device %04x:%04x",
+ ddesc.idVendor, ddesc.idProduct);
+ if (ddesc.iProduct) {
+ libusb_device_handle *handle;
+ if (libusb_open(devs[i], &handle) == 0) {
+ unsigned char name[64] = "";
+ libusb_get_string_descriptor_ascii(handle,
+ ddesc.iProduct,
+ name, sizeof(name));
+ libusb_close(handle);
+ monitor_printf(mon, ", %s", name);
+ }
+ }
+ monitor_printf(mon, "\n");
+ }
+ libusb_free_device_list(devs, 1);
+}
diff --git a/hw/usb/host-linux.c b/hw/usb/host-linux.c
index aa77b7704..7901f4c01 100644
--- a/hw/usb/host-linux.c
+++ b/hw/usb/host-linux.c
@@ -31,9 +31,9 @@
*/
#include "qemu-common.h"
-#include "qemu-timer.h"
-#include "monitor.h"
-#include "sysemu.h"
+#include "qemu/timer.h"
+#include "monitor/monitor.h"
+#include "sysemu/sysemu.h"
#include "trace.h"
#include <dirent.h>
@@ -43,6 +43,13 @@
#include <linux/version.h>
#include "hw/usb.h"
#include "hw/usb/desc.h"
+#include "hw/usb/host.h"
+
+#ifdef CONFIG_USB_LIBUSB
+# define DEVNAME "usb-host-linux"
+#else
+# define DEVNAME "usb-host"
+#endif
/* We redefine it to avoid version problems */
struct usb_ctrltransfer {
@@ -87,14 +94,6 @@ struct endp_data {
int inflight;
};
-struct USBAutoFilter {
- uint32_t bus_num;
- uint32_t addr;
- char *port;
- uint32_t vendor_id;
- uint32_t product_id;
-};
-
enum USBHostDeviceOptions {
USB_HOST_OPT_PIPELINE,
};
@@ -131,7 +130,6 @@ typedef struct USBHostDevice {
static QTAILQ_HEAD(, USBHostDevice) hostdevs = QTAILQ_HEAD_INITIALIZER(hostdevs);
static int usb_host_close(USBHostDevice *dev);
-static int parse_filter(const char *spec, struct USBAutoFilter *f);
static void usb_host_auto_check(void *unused);
static int usb_host_read_file(char *line, size_t line_size,
const char *device_file, const char *device_name);
@@ -653,7 +651,7 @@ static void usb_host_handle_reset(USBDevice *dev)
trace_usb_host_reset(s->bus_num, s->addr);
- usb_host_do_reset(s);;
+ usb_host_do_reset(s);
usb_host_claim_interfaces(s, 0);
usb_linux_update_endp_table(s);
@@ -1314,7 +1312,7 @@ static int usb_host_open(USBHostDevice *dev, int bus_num,
dev->bus_num = bus_num;
dev->addr = addr;
- strcpy(dev->port, port);
+ pstrcpy(dev->port, sizeof(dev->port), port);
dev->fd = fd;
/* read the device description */
@@ -1431,7 +1429,7 @@ static void usb_host_exit_notifier(struct Notifier *n, void *data)
usb_host_release_port(s);
if (s->fd != -1) {
- usb_host_do_reset(s);;
+ usb_host_do_reset(s);
}
}
@@ -1476,6 +1474,7 @@ static int usb_host_initfn(USBDevice *dev)
{
USBHostDevice *s = DO_UPCAST(USBHostDevice, dev, dev);
+ dev->flags |= (1 << USB_DEV_FLAG_IS_HOST);
dev->auto_attach = 0;
s->fd = -1;
s->hub_fd = -1;
@@ -1494,7 +1493,7 @@ static int usb_host_initfn(USBDevice *dev)
}
static const VMStateDescription vmstate_usb_host = {
- .name = "usb-host",
+ .name = DEVNAME,
.version_id = 1,
.minimum_version_id = 1,
.post_load = usb_host_post_load,
@@ -1531,10 +1530,11 @@ static void usb_host_class_initfn(ObjectClass *klass, void *data)
uc->handle_destroy = usb_host_handle_destroy;
dc->vmsd = &vmstate_usb_host;
dc->props = usb_host_dev_properties;
+ set_bit(DEVICE_CATEGORY_BRIDGE, dc->categories);
}
-static TypeInfo usb_host_dev_info = {
- .name = "usb-host",
+static const TypeInfo usb_host_dev_info = {
+ .name = DEVNAME,
.parent = TYPE_USB_DEVICE,
.instance_size = sizeof(USBHostDevice),
.class_init = usb_host_class_initfn,
@@ -1543,75 +1543,10 @@ static TypeInfo usb_host_dev_info = {
static void usb_host_register_types(void)
{
type_register_static(&usb_host_dev_info);
- usb_legacy_register("usb-host", "host", usb_host_device_open);
}
type_init(usb_host_register_types)
-USBDevice *usb_host_device_open(USBBus *bus, const char *devname)
-{
- struct USBAutoFilter filter;
- USBDevice *dev;
- char *p;
-
- dev = usb_create(bus, "usb-host");
-
- if (strstr(devname, "auto:")) {
- if (parse_filter(devname, &filter) < 0) {
- goto fail;
- }
- } else {
- if ((p = strchr(devname, '.'))) {
- filter.bus_num = strtoul(devname, NULL, 0);
- filter.addr = strtoul(p + 1, NULL, 0);
- filter.vendor_id = 0;
- filter.product_id = 0;
- } else if ((p = strchr(devname, ':'))) {
- filter.bus_num = 0;
- filter.addr = 0;
- filter.vendor_id = strtoul(devname, NULL, 16);
- filter.product_id = strtoul(p + 1, NULL, 16);
- } else {
- goto fail;
- }
- }
-
- qdev_prop_set_uint32(&dev->qdev, "hostbus", filter.bus_num);
- qdev_prop_set_uint32(&dev->qdev, "hostaddr", filter.addr);
- qdev_prop_set_uint32(&dev->qdev, "vendorid", filter.vendor_id);
- qdev_prop_set_uint32(&dev->qdev, "productid", filter.product_id);
- qdev_init_nofail(&dev->qdev);
- return dev;
-
-fail:
- qdev_free(&dev->qdev);
- return NULL;
-}
-
-int usb_host_device_close(const char *devname)
-{
-#if 0
- char product_name[PRODUCT_NAME_SZ];
- int bus_num, addr;
- USBHostDevice *s;
-
- if (strstr(devname, "auto:")) {
- return usb_host_auto_del(devname);
- }
- if (usb_host_find_device(&bus_num, &addr, product_name,
- sizeof(product_name), devname) < 0) {
- return -1;
- }
- s = hostdev_find(bus_num, addr);
- if (s) {
- usb_device_delete_addr(s->bus_num, s->dev.addr);
- return 0;
- }
-#endif
-
- return -1;
-}
-
/*
* Read sys file-system device file
*
@@ -1759,7 +1694,7 @@ static int usb_host_auto_scan(void *opaque, int bus_num,
if (f->addr > 0 && f->addr != addr) {
continue;
}
- if (f->port != NULL && (port == NULL || strcmp(f->port, port) != 0)) {
+ if (f->port != NULL && strcmp(f->port, port) != 0) {
continue;
}
@@ -1839,55 +1774,7 @@ static void usb_host_auto_check(void *unused)
qemu_mod_timer(usb_auto_timer, qemu_get_clock_ms(rt_clock) + 2000);
}
-/*
- * Autoconnect filter
- * Format:
- * auto:bus:dev[:vid:pid]
- * auto:bus.dev[:vid:pid]
- *
- * bus - bus number (dec, * means any)
- * dev - device number (dec, * means any)
- * vid - vendor id (hex, * means any)
- * pid - product id (hex, * means any)
- *
- * See 'lsusb' output.
- */
-static int parse_filter(const char *spec, struct USBAutoFilter *f)
-{
- enum { BUS, DEV, VID, PID, DONE };
- const char *p = spec;
- int i;
-
- f->bus_num = 0;
- f->addr = 0;
- f->vendor_id = 0;
- f->product_id = 0;
-
- for (i = BUS; i < DONE; i++) {
- p = strpbrk(p, ":.");
- if (!p) {
- break;
- }
- p++;
-
- if (*p == '*') {
- continue;
- }
- switch(i) {
- case BUS: f->bus_num = strtol(p, NULL, 10); break;
- case DEV: f->addr = strtol(p, NULL, 10); break;
- case VID: f->vendor_id = strtol(p, NULL, 16); break;
- case PID: f->product_id = strtol(p, NULL, 16); break;
- }
- }
-
- if (i < DEV) {
- fprintf(stderr, "husb: invalid auto filter spec %s\n", spec);
- return -1;
- }
-
- return 0;
-}
+#ifndef CONFIG_USB_LIBUSB
/**********************/
/* USB host device info */
@@ -1997,7 +1884,7 @@ static void hex2str(int val, char *str, size_t size)
}
}
-void usb_host_info(Monitor *mon)
+void usb_host_info(Monitor *mon, const QDict *qdict)
{
struct USBAutoFilter *f;
struct USBHostDevice *s;
@@ -2020,3 +1907,5 @@ void usb_host_info(Monitor *mon)
bus, addr, f->port ? f->port : "*", vid, pid);
}
}
+
+#endif
diff --git a/hw/usb/host-stub.c b/hw/usb/host-stub.c
index b4e10c12c..28d8032ca 100644
--- a/hw/usb/host-stub.c
+++ b/hw/usb/host-stub.c
@@ -31,11 +31,11 @@
*/
#include "qemu-common.h"
-#include "console.h"
+#include "ui/console.h"
#include "hw/usb.h"
-#include "monitor.h"
+#include "monitor/monitor.h"
-void usb_host_info(Monitor *mon)
+void usb_host_info(Monitor *mon, const QDict *qdict)
{
monitor_printf(mon, "USB host devices not supported\n");
}
@@ -45,8 +45,3 @@ USBDevice *usb_host_device_open(USBBus *bus, const char *devname)
{
return NULL;
}
-
-int usb_host_device_close(const char *devname)
-{
- return 0;
-}
diff --git a/hw/usb/host.h b/hw/usb/host.h
new file mode 100644
index 000000000..048ff3b48
--- /dev/null
+++ b/hw/usb/host.h
@@ -0,0 +1,44 @@
+/*
+ * Linux host USB redirector
+ *
+ * Copyright (c) 2005 Fabrice Bellard
+ *
+ * Copyright (c) 2008 Max Krasnyansky
+ * Support for host device auto connect & disconnect
+ * Major rewrite to support fully async operation
+ *
+ * Copyright 2008 TJ <linux@tjworld.net>
+ * Added flexible support for /dev/bus/usb /sys/bus/usb/devices in addition
+ * to the legacy /proc/bus/usb USB device discovery and handling
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+#ifndef QEMU_USB_HOST_H
+#define QEMU_USB_HOST_H
+
+struct USBAutoFilter {
+ uint32_t bus_num;
+ uint32_t addr;
+ char *port;
+ uint32_t vendor_id;
+ uint32_t product_id;
+};
+
+#endif /* QEMU_USB_HOST_H */
diff --git a/hw/usb/libhw.c b/hw/usb/libhw.c
index 24d3cad3a..8df11c461 100644
--- a/hw/usb/libhw.c
+++ b/hw/usb/libhw.c
@@ -20,9 +20,9 @@
* THE SOFTWARE.
*/
#include "qemu-common.h"
-#include "cpu-common.h"
+#include "hw/hw.h"
#include "hw/usb.h"
-#include "dma.h"
+#include "sysemu/dma.h"
int usb_packet_map(USBPacket *p, QEMUSGList *sgl)
{
@@ -37,7 +37,7 @@ int usb_packet_map(USBPacket *p, QEMUSGList *sgl)
while (len) {
dma_addr_t xlen = len;
- mem = dma_memory_map(sgl->dma, base, &xlen, dir);
+ mem = dma_memory_map(sgl->as, base, &xlen, dir);
if (!mem) {
goto err;
}
@@ -63,7 +63,7 @@ void usb_packet_unmap(USBPacket *p, QEMUSGList *sgl)
int i;
for (i = 0; i < p->iov.niov; i++) {
- dma_memory_unmap(sgl->dma, p->iov.iov[i].iov_base,
+ dma_memory_unmap(sgl->as, p->iov.iov[i].iov_base,
p->iov.iov[i].iov_len, dir,
p->iov.iov[i].iov_len);
}
diff --git a/hw/usb/quirks-ftdi-ids.h b/hw/usb/quirks-ftdi-ids.h
new file mode 100644
index 000000000..57c12ef66
--- /dev/null
+++ b/hw/usb/quirks-ftdi-ids.h
@@ -0,0 +1,1255 @@
+/*
+ * vendor/product IDs (VID/PID) of devices using FTDI USB serial converters.
+ * Please keep numerically sorted within individual areas, thanks!
+ *
+ * Philipp Gühring - pg@futureware.at - added the Device ID of the USB relais
+ * from Rudolf Gugler
+ *
+ */
+
+
+/**********************************/
+/***** devices using FTDI VID *****/
+/**********************************/
+
+
+#define FTDI_VID 0x0403 /* Vendor Id */
+
+
+/*** "original" FTDI device PIDs ***/
+
+#define FTDI_8U232AM_PID 0x6001 /* Similar device to SIO above */
+#define FTDI_8U232AM_ALT_PID 0x6006 /* FTDI's alternate PID for above */
+#define FTDI_8U2232C_PID 0x6010 /* Dual channel device */
+#define FTDI_4232H_PID 0x6011 /* Quad channel hi-speed device */
+#define FTDI_232H_PID 0x6014 /* Single channel hi-speed device */
+#define FTDI_FTX_PID 0x6015 /* FT-X series (FT201X, FT230X, FT231X, etc) */
+#define FTDI_SIO_PID 0x8372 /* Product Id SIO application of 8U100AX */
+#define FTDI_232RL_PID 0xFBFA /* Product ID for FT232RL */
+
+
+/*** third-party PIDs (using FTDI_VID) ***/
+
+#define FTDI_LUMEL_PD12_PID 0x6002
+
+/*
+ * Marvell OpenRD Base, Client
+ * http://www.open-rd.org
+ * OpenRD Base, Client use VID 0x0403
+ */
+#define MARVELL_OPENRD_PID 0x9e90
+
+/* www.candapter.com Ewert Energy Systems CANdapter device */
+#define FTDI_CANDAPTER_PID 0x9F80 /* Product Id */
+
+/*
+ * Texas Instruments XDS100v2 JTAG / BeagleBone A3
+ * http://processors.wiki.ti.com/index.php/XDS100
+ * http://beagleboard.org/bone
+ */
+#define TI_XDS100V2_PID 0xa6d0
+
+#define FTDI_NXTCAM_PID 0xABB8 /* NXTCam for Mindstorms NXT */
+
+/* US Interface Navigator (http://www.usinterface.com/) */
+#define FTDI_USINT_CAT_PID 0xb810 /* Navigator CAT and 2nd PTT lines */
+#define FTDI_USINT_WKEY_PID 0xb811 /* Navigator WKEY and FSK lines */
+#define FTDI_USINT_RS232_PID 0xb812 /* Navigator RS232 and CONFIG lines */
+
+/* OOCDlink by Joern Kaipf <joernk@web.de>
+ * (http://www.joernonline.de/) */
+#define FTDI_OOCDLINK_PID 0xbaf8 /* Amontec JTAGkey */
+
+/* Luminary Micro Stellaris Boards, VID = FTDI_VID */
+/* FTDI 2332C Dual channel device, side A=245 FIFO (JTAG), Side B=RS232 UART */
+#define LMI_LM3S_DEVEL_BOARD_PID 0xbcd8
+#define LMI_LM3S_EVAL_BOARD_PID 0xbcd9
+#define LMI_LM3S_ICDI_BOARD_PID 0xbcda
+
+#define FTDI_TURTELIZER_PID 0xBDC8 /* JTAG/RS-232 adapter by egnite GmbH */
+
+/* OpenDCC (www.opendcc.de) product id */
+#define FTDI_OPENDCC_PID 0xBFD8
+#define FTDI_OPENDCC_SNIFFER_PID 0xBFD9
+#define FTDI_OPENDCC_THROTTLE_PID 0xBFDA
+#define FTDI_OPENDCC_GATEWAY_PID 0xBFDB
+#define FTDI_OPENDCC_GBM_PID 0xBFDC
+
+/* NZR SEM 16+ USB (http://www.nzr.de) */
+#define FTDI_NZR_SEM_USB_PID 0xC1E0 /* NZR SEM-LOG16+ */
+
+/*
+ * RR-CirKits LocoBuffer USB (http://www.rr-cirkits.com)
+ */
+#define FTDI_RRCIRKITS_LOCOBUFFER_PID 0xc7d0 /* LocoBuffer USB */
+
+/* DMX4ALL DMX Interfaces */
+#define FTDI_DMX4ALL 0xC850
+
+/*
+ * ASK.fr devices
+ */
+#define FTDI_ASK_RDR400_PID 0xC991 /* ASK RDR 400 series card reader */
+
+/* www.starting-point-systems.com µChameleon device */
+#define FTDI_MICRO_CHAMELEON_PID 0xCAA0 /* Product Id */
+
+/*
+ * Tactrix OpenPort (ECU) devices.
+ * OpenPort 1.3M submitted by Donour Sizemore.
+ * OpenPort 1.3S and 1.3U submitted by Ian Abbott.
+ */
+#define FTDI_TACTRIX_OPENPORT_13M_PID 0xCC48 /* OpenPort 1.3 Mitsubishi */
+#define FTDI_TACTRIX_OPENPORT_13S_PID 0xCC49 /* OpenPort 1.3 Subaru */
+#define FTDI_TACTRIX_OPENPORT_13U_PID 0xCC4A /* OpenPort 1.3 Universal */
+
+#define FTDI_DISTORTEC_JTAG_LOCK_PICK_PID 0xCFF8
+
+/* SCS HF Radio Modems PID's (http://www.scs-ptc.com) */
+/* the VID is the standard ftdi vid (FTDI_VID) */
+#define FTDI_SCS_DEVICE_0_PID 0xD010 /* SCS PTC-IIusb */
+#define FTDI_SCS_DEVICE_1_PID 0xD011 /* SCS Tracker / DSP TNC */
+#define FTDI_SCS_DEVICE_2_PID 0xD012
+#define FTDI_SCS_DEVICE_3_PID 0xD013
+#define FTDI_SCS_DEVICE_4_PID 0xD014
+#define FTDI_SCS_DEVICE_5_PID 0xD015
+#define FTDI_SCS_DEVICE_6_PID 0xD016
+#define FTDI_SCS_DEVICE_7_PID 0xD017
+
+/* iPlus device */
+#define FTDI_IPLUS_PID 0xD070 /* Product Id */
+#define FTDI_IPLUS2_PID 0xD071 /* Product Id */
+
+/*
+ * Gamma Scout (http://gamma-scout.com/). Submitted by rsc@runtux.com.
+ */
+#define FTDI_GAMMA_SCOUT_PID 0xD678 /* Gamma Scout online */
+
+/* Propox devices */
+#define FTDI_PROPOX_JTAGCABLEII_PID 0xD738
+#define FTDI_PROPOX_ISPCABLEIII_PID 0xD739
+
+/* Lenz LI-USB Computer Interface. */
+#define FTDI_LENZ_LIUSB_PID 0xD780
+
+/* Vardaan Enterprises Serial Interface VEUSB422R3 */
+#define FTDI_VARDAAN_PID 0xF070
+
+/*
+ * Xsens Technologies BV products (http://www.xsens.com).
+ */
+#define XSENS_CONVERTER_0_PID 0xD388
+#define XSENS_CONVERTER_1_PID 0xD389
+#define XSENS_CONVERTER_2_PID 0xD38A
+#define XSENS_CONVERTER_3_PID 0xD38B
+#define XSENS_CONVERTER_4_PID 0xD38C
+#define XSENS_CONVERTER_5_PID 0xD38D
+#define XSENS_CONVERTER_6_PID 0xD38E
+#define XSENS_CONVERTER_7_PID 0xD38F
+
+/*
+ * NDI (www.ndigital.com) product ids
+ */
+#define FTDI_NDI_HUC_PID 0xDA70 /* NDI Host USB Converter */
+#define FTDI_NDI_SPECTRA_SCU_PID 0xDA71 /* NDI Spectra SCU */
+#define FTDI_NDI_FUTURE_2_PID 0xDA72 /* NDI future device #2 */
+#define FTDI_NDI_FUTURE_3_PID 0xDA73 /* NDI future device #3 */
+#define FTDI_NDI_AURORA_SCU_PID 0xDA74 /* NDI Aurora SCU */
+
+/*
+ * ChamSys Limited (www.chamsys.co.uk) USB wing/interface product IDs
+ */
+#define FTDI_CHAMSYS_24_MASTER_WING_PID 0xDAF8
+#define FTDI_CHAMSYS_PC_WING_PID 0xDAF9
+#define FTDI_CHAMSYS_USB_DMX_PID 0xDAFA
+#define FTDI_CHAMSYS_MIDI_TIMECODE_PID 0xDAFB
+#define FTDI_CHAMSYS_MINI_WING_PID 0xDAFC
+#define FTDI_CHAMSYS_MAXI_WING_PID 0xDAFD
+#define FTDI_CHAMSYS_MEDIA_WING_PID 0xDAFE
+#define FTDI_CHAMSYS_WING_PID 0xDAFF
+
+/*
+ * Westrex International devices submitted by Cory Lee
+ */
+#define FTDI_WESTREX_MODEL_777_PID 0xDC00 /* Model 777 */
+#define FTDI_WESTREX_MODEL_8900F_PID 0xDC01 /* Model 8900F */
+
+/*
+ * ACG Identification Technologies GmbH products (http://www.acg.de/).
+ * Submitted by anton -at- goto10 -dot- org.
+ */
+#define FTDI_ACG_HFDUAL_PID 0xDD20 /* HF Dual ISO Reader (RFID) */
+
+/*
+ * Definitions for Artemis astronomical USB based cameras
+ * Check it at http://www.artemisccd.co.uk/
+ */
+#define FTDI_ARTEMIS_PID 0xDF28 /* All Artemis Cameras */
+
+/*
+ * Definitions for ATIK Instruments astronomical USB based cameras
+ * Check it at http://www.atik-instruments.com/
+ */
+#define FTDI_ATIK_ATK16_PID 0xDF30 /* ATIK ATK-16 Grayscale Camera */
+#define FTDI_ATIK_ATK16C_PID 0xDF32 /* ATIK ATK-16C Colour Camera */
+#define FTDI_ATIK_ATK16HR_PID 0xDF31 /* ATIK ATK-16HR Grayscale Camera */
+#define FTDI_ATIK_ATK16HRC_PID 0xDF33 /* ATIK ATK-16HRC Colour Camera */
+#define FTDI_ATIK_ATK16IC_PID 0xDF35 /* ATIK ATK-16IC Grayscale Camera */
+
+/*
+ * Yost Engineering, Inc. products (www.yostengineering.com).
+ * PID 0xE050 submitted by Aaron Prose.
+ */
+#define FTDI_YEI_SERVOCENTER31_PID 0xE050 /* YEI ServoCenter3.1 USB */
+
+/*
+ * ELV USB devices submitted by Christian Abt of ELV (www.elv.de).
+ * All of these devices use FTDI's vendor ID (0x0403).
+ * Further IDs taken from ELV Windows .inf file.
+ *
+ * The previously included PID for the UO 100 module was incorrect.
+ * In fact, that PID was for ELV's UR 100 USB-RS232 converter (0xFB58).
+ *
+ * Armin Laeuger originally sent the PID for the UM 100 module.
+ */
+#define FTDI_ELV_USR_PID 0xE000 /* ELV Universal-Sound-Recorder */
+#define FTDI_ELV_MSM1_PID 0xE001 /* ELV Mini-Sound-Modul */
+#define FTDI_ELV_KL100_PID 0xE002 /* ELV Kfz-Leistungsmesser KL 100 */
+#define FTDI_ELV_WS550_PID 0xE004 /* WS 550 */
+#define FTDI_ELV_EC3000_PID 0xE006 /* ENERGY CONTROL 3000 USB */
+#define FTDI_ELV_WS888_PID 0xE008 /* WS 888 */
+#define FTDI_ELV_TWS550_PID 0xE009 /* Technoline WS 550 */
+#define FTDI_ELV_FEM_PID 0xE00A /* Funk Energie Monitor */
+#define FTDI_ELV_FHZ1300PC_PID 0xE0E8 /* FHZ 1300 PC */
+#define FTDI_ELV_WS500_PID 0xE0E9 /* PC-Wetterstation (WS 500) */
+#define FTDI_ELV_HS485_PID 0xE0EA /* USB to RS-485 adapter */
+#define FTDI_ELV_UMS100_PID 0xE0EB /* ELV USB Master-Slave Schaltsteckdose UMS 100 */
+#define FTDI_ELV_TFD128_PID 0xE0EC /* ELV Temperatur-Feuchte-Datenlogger TFD 128 */
+#define FTDI_ELV_FM3RX_PID 0xE0ED /* ELV Messwertuebertragung FM3 RX */
+#define FTDI_ELV_WS777_PID 0xE0EE /* Conrad WS 777 */
+#define FTDI_ELV_EM1010PC_PID 0xE0EF /* Energy monitor EM 1010 PC */
+#define FTDI_ELV_CSI8_PID 0xE0F0 /* Computer-Schalt-Interface (CSI 8) */
+#define FTDI_ELV_EM1000DL_PID 0xE0F1 /* PC-Datenlogger fuer Energiemonitor (EM 1000 DL) */
+#define FTDI_ELV_PCK100_PID 0xE0F2 /* PC-Kabeltester (PCK 100) */
+#define FTDI_ELV_RFP500_PID 0xE0F3 /* HF-Leistungsmesser (RFP 500) */
+#define FTDI_ELV_FS20SIG_PID 0xE0F4 /* Signalgeber (FS 20 SIG) */
+#define FTDI_ELV_UTP8_PID 0xE0F5 /* ELV UTP 8 */
+#define FTDI_ELV_WS300PC_PID 0xE0F6 /* PC-Wetterstation (WS 300 PC) */
+#define FTDI_ELV_WS444PC_PID 0xE0F7 /* Conrad WS 444 PC */
+#define FTDI_PHI_FISCO_PID 0xE40B /* PHI Fisco USB to Serial cable */
+#define FTDI_ELV_UAD8_PID 0xF068 /* USB-AD-Wandler (UAD 8) */
+#define FTDI_ELV_UDA7_PID 0xF069 /* USB-DA-Wandler (UDA 7) */
+#define FTDI_ELV_USI2_PID 0xF06A /* USB-Schrittmotoren-Interface (USI 2) */
+#define FTDI_ELV_T1100_PID 0xF06B /* Thermometer (T 1100) */
+#define FTDI_ELV_PCD200_PID 0xF06C /* PC-Datenlogger (PCD 200) */
+#define FTDI_ELV_ULA200_PID 0xF06D /* USB-LCD-Ansteuerung (ULA 200) */
+#define FTDI_ELV_ALC8500_PID 0xF06E /* ALC 8500 Expert */
+#define FTDI_ELV_FHZ1000PC_PID 0xF06F /* FHZ 1000 PC */
+#define FTDI_ELV_UR100_PID 0xFB58 /* USB-RS232-Umsetzer (UR 100) */
+#define FTDI_ELV_UM100_PID 0xFB5A /* USB-Modul UM 100 */
+#define FTDI_ELV_UO100_PID 0xFB5B /* USB-Modul UO 100 */
+/* Additional ELV PIDs that default to using the FTDI D2XX drivers on
+ * MS Windows, rather than the FTDI Virtual Com Port drivers.
+ * Maybe these will be easier to use with the libftdi/libusb user-space
+ * drivers, or possibly the Comedi drivers in some cases. */
+#define FTDI_ELV_CLI7000_PID 0xFB59 /* Computer-Light-Interface (CLI 7000) */
+#define FTDI_ELV_PPS7330_PID 0xFB5C /* Processor-Power-Supply (PPS 7330) */
+#define FTDI_ELV_TFM100_PID 0xFB5D /* Temperatur-Feuchte-Messgeraet (TFM 100) */
+#define FTDI_ELV_UDF77_PID 0xFB5E /* USB DCF Funkuhr (UDF 77) */
+#define FTDI_ELV_UIO88_PID 0xFB5F /* USB-I/O Interface (UIO 88) */
+
+/*
+ * EVER Eco Pro UPS (http://www.ever.com.pl/)
+ */
+
+#define EVER_ECO_PRO_CDS 0xe520 /* RS-232 converter */
+
+/*
+ * Active Robots product ids.
+ */
+#define FTDI_ACTIVE_ROBOTS_PID 0xE548 /* USB comms board */
+
+/* Pyramid Computer GmbH */
+#define FTDI_PYRAMID_PID 0xE6C8 /* Pyramid Appliance Display */
+
+/* www.elsterelectricity.com Elster Unicom III Optical Probe */
+#define FTDI_ELSTER_UNICOM_PID 0xE700 /* Product Id */
+
+/*
+ * Gude Analog- und Digitalsysteme GmbH
+ */
+#define FTDI_GUDEADS_E808_PID 0xE808
+#define FTDI_GUDEADS_E809_PID 0xE809
+#define FTDI_GUDEADS_E80A_PID 0xE80A
+#define FTDI_GUDEADS_E80B_PID 0xE80B
+#define FTDI_GUDEADS_E80C_PID 0xE80C
+#define FTDI_GUDEADS_E80D_PID 0xE80D
+#define FTDI_GUDEADS_E80E_PID 0xE80E
+#define FTDI_GUDEADS_E80F_PID 0xE80F
+#define FTDI_GUDEADS_E888_PID 0xE888 /* Expert ISDN Control USB */
+#define FTDI_GUDEADS_E889_PID 0xE889 /* USB RS-232 OptoBridge */
+#define FTDI_GUDEADS_E88A_PID 0xE88A
+#define FTDI_GUDEADS_E88B_PID 0xE88B
+#define FTDI_GUDEADS_E88C_PID 0xE88C
+#define FTDI_GUDEADS_E88D_PID 0xE88D
+#define FTDI_GUDEADS_E88E_PID 0xE88E
+#define FTDI_GUDEADS_E88F_PID 0xE88F
+
+/*
+ * Eclo (http://www.eclo.pt/) product IDs.
+ * PID 0xEA90 submitted by Martin Grill.
+ */
+#define FTDI_ECLO_COM_1WIRE_PID 0xEA90 /* COM to 1-Wire USB adaptor */
+
+/* TNC-X USB-to-packet-radio adapter, versions prior to 3.0 (DLP module) */
+#define FTDI_TNC_X_PID 0xEBE0
+
+/*
+ * Teratronik product ids.
+ * Submitted by O. Wölfelschneider.
+ */
+#define FTDI_TERATRONIK_VCP_PID 0xEC88 /* Teratronik device (preferring VCP driver on windows) */
+#define FTDI_TERATRONIK_D2XX_PID 0xEC89 /* Teratronik device (preferring D2XX driver on windows) */
+
+/* Rig Expert Ukraine devices */
+#define FTDI_REU_TINY_PID 0xED22 /* RigExpert Tiny */
+
+/*
+ * Hameg HO820 and HO870 interface (using VID 0x0403)
+ */
+#define HAMEG_HO820_PID 0xed74
+#define HAMEG_HO730_PID 0xed73
+#define HAMEG_HO720_PID 0xed72
+#define HAMEG_HO870_PID 0xed71
+
+/*
+ * MaxStream devices www.maxstream.net
+ */
+#define FTDI_MAXSTREAM_PID 0xEE18 /* Xbee PKG-U Module */
+
+/*
+ * microHAM product IDs (http://www.microham.com).
+ * Submitted by Justin Burket (KL1RL) <zorton@jtan.com>
+ * and Mike Studer (K6EEP) <k6eep@hamsoftware.org>.
+ * Ian Abbott <abbotti@mev.co.uk> added a few more from the driver INF file.
+ */
+#define FTDI_MHAM_KW_PID 0xEEE8 /* USB-KW interface */
+#define FTDI_MHAM_YS_PID 0xEEE9 /* USB-YS interface */
+#define FTDI_MHAM_Y6_PID 0xEEEA /* USB-Y6 interface */
+#define FTDI_MHAM_Y8_PID 0xEEEB /* USB-Y8 interface */
+#define FTDI_MHAM_IC_PID 0xEEEC /* USB-IC interface */
+#define FTDI_MHAM_DB9_PID 0xEEED /* USB-DB9 interface */
+#define FTDI_MHAM_RS232_PID 0xEEEE /* USB-RS232 interface */
+#define FTDI_MHAM_Y9_PID 0xEEEF /* USB-Y9 interface */
+
+/* Domintell products http://www.domintell.com */
+#define FTDI_DOMINTELL_DGQG_PID 0xEF50 /* Master */
+#define FTDI_DOMINTELL_DUSB_PID 0xEF51 /* DUSB01 module */
+
+/*
+ * The following are the values for the Perle Systems
+ * UltraPort USB serial converters
+ */
+#define FTDI_PERLE_ULTRAPORT_PID 0xF0C0 /* Perle UltraPort Product Id */
+
+/* Sprog II (Andrew Crosland's SprogII DCC interface) */
+#define FTDI_SPROG_II 0xF0C8
+
+/* an infrared receiver for user access control with IR tags */
+#define FTDI_PIEGROUP_PID 0xF208 /* Product Id */
+
+/* ACT Solutions HomePro ZWave interface
+ (http://www.act-solutions.com/HomePro-Product-Matrix.html) */
+#define FTDI_ACTZWAVE_PID 0xF2D0
+
+/*
+ * 4N-GALAXY.DE PIDs for CAN-USB, USB-RS232, USB-RS422, USB-RS485,
+ * USB-TTY aktiv, USB-TTY passiv. Some PIDs are used by several devices
+ * and I'm not entirely sure which are used by which.
+ */
+#define FTDI_4N_GALAXY_DE_1_PID 0xF3C0
+#define FTDI_4N_GALAXY_DE_2_PID 0xF3C1
+#define FTDI_4N_GALAXY_DE_3_PID 0xF3C2
+
+/*
+ * Linx Technologies product ids
+ */
+#define LINX_SDMUSBQSS_PID 0xF448 /* Linx SDM-USB-QS-S */
+#define LINX_MASTERDEVEL2_PID 0xF449 /* Linx Master Development 2.0 */
+#define LINX_FUTURE_0_PID 0xF44A /* Linx future device */
+#define LINX_FUTURE_1_PID 0xF44B /* Linx future device */
+#define LINX_FUTURE_2_PID 0xF44C /* Linx future device */
+
+/*
+ * Oceanic product ids
+ */
+#define FTDI_OCEANIC_PID 0xF460 /* Oceanic dive instrument */
+
+/*
+ * SUUNTO product ids
+ */
+#define FTDI_SUUNTO_SPORTS_PID 0xF680 /* Suunto Sports instrument */
+
+/* USB-UIRT - An infrared receiver and transmitter using the 8U232AM chip */
+/* http://www.usbuirt.com/ */
+#define FTDI_USB_UIRT_PID 0xF850 /* Product Id */
+
+/* CCS Inc. ICDU/ICDU40 product ID -
+ * the FT232BM is used in an in-circuit-debugger unit for PIC16's/PIC18's */
+#define FTDI_CCSICDU20_0_PID 0xF9D0
+#define FTDI_CCSICDU40_1_PID 0xF9D1
+#define FTDI_CCSMACHX_2_PID 0xF9D2
+#define FTDI_CCSLOAD_N_GO_3_PID 0xF9D3
+#define FTDI_CCSICDU64_4_PID 0xF9D4
+#define FTDI_CCSPRIME8_5_PID 0xF9D5
+
+/*
+ * The following are the values for the Matrix Orbital LCD displays,
+ * which are the FT232BM ( similar to the 8U232AM )
+ */
+#define FTDI_MTXORB_0_PID 0xFA00 /* Matrix Orbital Product Id */
+#define FTDI_MTXORB_1_PID 0xFA01 /* Matrix Orbital Product Id */
+#define FTDI_MTXORB_2_PID 0xFA02 /* Matrix Orbital Product Id */
+#define FTDI_MTXORB_3_PID 0xFA03 /* Matrix Orbital Product Id */
+#define FTDI_MTXORB_4_PID 0xFA04 /* Matrix Orbital Product Id */
+#define FTDI_MTXORB_5_PID 0xFA05 /* Matrix Orbital Product Id */
+#define FTDI_MTXORB_6_PID 0xFA06 /* Matrix Orbital Product Id */
+
+/*
+ * Home Electronics (www.home-electro.com) USB gadgets
+ */
+#define FTDI_HE_TIRA1_PID 0xFA78 /* Tira-1 IR transceiver */
+
+/* Inside Accesso contactless reader (http://www.insidecontactless.com/) */
+#define INSIDE_ACCESSO 0xFAD0
+
+/*
+ * ThorLabs USB motor drivers
+ */
+#define FTDI_THORLABS_PID 0xfaf0 /* ThorLabs USB motor drivers */
+
+/*
+ * Protego product ids
+ */
+#define PROTEGO_SPECIAL_1 0xFC70 /* special/unknown device */
+#define PROTEGO_R2X0 0xFC71 /* R200-USB TRNG unit (R210, R220, and R230) */
+#define PROTEGO_SPECIAL_3 0xFC72 /* special/unknown device */
+#define PROTEGO_SPECIAL_4 0xFC73 /* special/unknown device */
+
+/*
+ * Sony Ericsson product ids
+ */
+#define FTDI_DSS20_PID 0xFC82 /* DSS-20 Sync Station for Sony Ericsson P800 */
+#define FTDI_URBAN_0_PID 0xFC8A /* Sony Ericsson Urban, uart #0 */
+#define FTDI_URBAN_1_PID 0xFC8B /* Sony Ericsson Urban, uart #1 */
+
+/* www.irtrans.de device */
+#define FTDI_IRTRANS_PID 0xFC60 /* Product Id */
+
+/*
+ * RM Michaelides CANview USB (http://www.rmcan.com) (FTDI_VID)
+ * CAN fieldbus interface adapter, added by port GmbH www.port.de)
+ * Ian Abbott changed the macro names for consistency.
+ */
+#define FTDI_RM_CANVIEW_PID 0xfd60 /* Product Id */
+/* www.thoughttechnology.com/ TT-USB provide with procomp use ftdi_sio */
+#define FTDI_TTUSB_PID 0xFF20 /* Product Id */
+
+#define FTDI_USBX_707_PID 0xF857 /* ADSTech IR Blaster USBX-707 (FTDI_VID) */
+
+#define FTDI_RELAIS_PID 0xFA10 /* Relais device from Rudolf Gugler */
+
+/*
+ * PCDJ use ftdi based dj-controllers. The following PID is
+ * for their DAC-2 device http://www.pcdjhardware.com/DAC2.asp
+ * (the VID is the standard ftdi vid (FTDI_VID), PID sent by Wouter Paesen)
+ */
+#define FTDI_PCDJ_DAC2_PID 0xFA88
+
+#define FTDI_R2000KU_TRUE_RNG 0xFB80 /* R2000KU TRUE RNG (FTDI_VID) */
+
+/*
+ * DIEBOLD BCS SE923 (FTDI_VID)
+ */
+#define DIEBOLD_BCS_SE923_PID 0xfb99
+
+/* www.crystalfontz.com devices
+ * - thanx for providing free devices for evaluation !
+ * they use the ftdi chipset for the USB interface
+ * and the vendor id is the same
+ */
+#define FTDI_XF_632_PID 0xFC08 /* 632: 16x2 Character Display */
+#define FTDI_XF_634_PID 0xFC09 /* 634: 20x4 Character Display */
+#define FTDI_XF_547_PID 0xFC0A /* 547: Two line Display */
+#define FTDI_XF_633_PID 0xFC0B /* 633: 16x2 Character Display with Keys */
+#define FTDI_XF_631_PID 0xFC0C /* 631: 20x2 Character Display */
+#define FTDI_XF_635_PID 0xFC0D /* 635: 20x4 Character Display */
+#define FTDI_XF_640_PID 0xFC0E /* 640: Two line Display */
+#define FTDI_XF_642_PID 0xFC0F /* 642: Two line Display */
+
+/*
+ * Video Networks Limited / Homechoice in the UK use an ftdi-based device
+ * for their 1Mb broadband internet service. The following PID is exhibited
+ * by the usb device supplied (the VID is the standard ftdi vid (FTDI_VID)
+ */
+#define FTDI_VNHCPCUSB_D_PID 0xfe38 /* Product Id */
+
+/* AlphaMicro Components AMC-232USB01 device (FTDI_VID) */
+#define FTDI_AMC232_PID 0xFF00 /* Product Id */
+
+/*
+ * IBS elektronik product ids (FTDI_VID)
+ * Submitted by Thomas Schleusener
+ */
+#define FTDI_IBS_US485_PID 0xff38 /* IBS US485 (USB<-->RS422/485 interface) */
+#define FTDI_IBS_PICPRO_PID 0xff39 /* IBS PIC-Programmer */
+#define FTDI_IBS_PCMCIA_PID 0xff3a /* IBS Card reader for PCMCIA SRAM-cards */
+#define FTDI_IBS_PK1_PID 0xff3b /* IBS PK1 - Particel counter */
+#define FTDI_IBS_RS232MON_PID 0xff3c /* IBS RS232 - Monitor */
+#define FTDI_IBS_APP70_PID 0xff3d /* APP 70 (dust monitoring system) */
+#define FTDI_IBS_PEDO_PID 0xff3e /* IBS PEDO-Modem (RF modem 868.35 MHz) */
+#define FTDI_IBS_PROD_PID 0xff3f /* future device */
+/* www.canusb.com Lawicel CANUSB device (FTDI_VID) */
+#define FTDI_CANUSB_PID 0xFFA8 /* Product Id */
+
+/*
+ * TavIR AVR product ids (FTDI_VID)
+ */
+#define FTDI_TAVIR_STK500_PID 0xFA33 /* STK500 AVR programmer */
+
+/*
+ * TIAO product ids (FTDI_VID)
+ * http://www.tiaowiki.com/w/Main_Page
+ */
+#define FTDI_TIAO_UMPA_PID 0x8a98 /* TIAO/DIYGADGET USB Multi-Protocol Adapter */
+
+
+/********************************/
+/** third-party VID/PID combos **/
+/********************************/
+
+
+
+/*
+ * Atmel STK541
+ */
+#define ATMEL_VID 0x03eb /* Vendor ID */
+#define STK541_PID 0x2109 /* Zigbee Controller */
+
+/*
+ * Blackfin gnICE JTAG
+ * http://docs.blackfin.uclinux.org/doku.php?id=hw:jtag:gnice
+ */
+#define ADI_VID 0x0456
+#define ADI_GNICE_PID 0xF000
+#define ADI_GNICEPLUS_PID 0xF001
+
+/*
+ * Microchip Technology, Inc.
+ *
+ * MICROCHIP_VID (0x04D8) and MICROCHIP_USB_BOARD_PID (0x000A) are
+ * used by single function CDC ACM class based firmware demo
+ * applications. The VID/PID has also been used in firmware
+ * emulating FTDI serial chips by:
+ * Hornby Elite - Digital Command Control Console
+ * http://www.hornby.com/hornby-dcc/controllers/
+ */
+#define MICROCHIP_VID 0x04D8
+#define MICROCHIP_USB_BOARD_PID 0x000A /* CDC RS-232 Emulation Demo */
+
+/*
+ * RATOC REX-USB60F
+ */
+#define RATOC_VENDOR_ID 0x0584
+#define RATOC_PRODUCT_ID_USB60F 0xb020
+
+/*
+ * Acton Research Corp.
+ */
+#define ACTON_VID 0x0647 /* Vendor ID */
+#define ACTON_SPECTRAPRO_PID 0x0100
+
+/*
+ * Contec products (http://www.contec.com)
+ * Submitted by Daniel Sangorrin
+ */
+#define CONTEC_VID 0x06CE /* Vendor ID */
+#define CONTEC_COM1USBH_PID 0x8311 /* COM-1(USB)H */
+
+/*
+ * Definitions for B&B Electronics products.
+ */
+#define BANDB_VID 0x0856 /* B&B Electronics Vendor ID */
+#define BANDB_USOTL4_PID 0xAC01 /* USOTL4 Isolated RS-485 Converter */
+#define BANDB_USTL4_PID 0xAC02 /* USTL4 RS-485 Converter */
+#define BANDB_USO9ML2_PID 0xAC03 /* USO9ML2 Isolated RS-232 Converter */
+#define BANDB_USOPTL4_PID 0xAC11
+#define BANDB_USPTL4_PID 0xAC12
+#define BANDB_USO9ML2DR_2_PID 0xAC16
+#define BANDB_USO9ML2DR_PID 0xAC17
+#define BANDB_USOPTL4DR2_PID 0xAC18 /* USOPTL4R-2 2-port Isolated RS-232 Converter */
+#define BANDB_USOPTL4DR_PID 0xAC19
+#define BANDB_485USB9F_2W_PID 0xAC25
+#define BANDB_485USB9F_4W_PID 0xAC26
+#define BANDB_232USB9M_PID 0xAC27
+#define BANDB_485USBTB_2W_PID 0xAC33
+#define BANDB_485USBTB_4W_PID 0xAC34
+#define BANDB_TTL5USB9M_PID 0xAC49
+#define BANDB_TTL3USB9M_PID 0xAC50
+#define BANDB_ZZ_PROG1_USB_PID 0xBA02
+
+/*
+ * Intrepid Control Systems (http://www.intrepidcs.com/) ValueCAN and NeoVI
+ */
+#define INTREPID_VID 0x093C
+#define INTREPID_VALUECAN_PID 0x0601
+#define INTREPID_NEOVI_PID 0x0701
+
+/*
+ * Definitions for ID TECH (www.idt-net.com) devices
+ */
+#define IDTECH_VID 0x0ACD /* ID TECH Vendor ID */
+#define IDTECH_IDT1221U_PID 0x0300 /* IDT1221U USB to RS-232 adapter */
+
+/*
+ * Definitions for Omnidirectional Control Technology, Inc. devices
+ */
+#define OCT_VID 0x0B39 /* OCT vendor ID */
+/* Note: OCT US101 is also rebadged as Dick Smith Electronics (NZ) XH6381 */
+/* Also rebadged as Dick Smith Electronics (Aus) XH6451 */
+/* Also rebadged as SIIG Inc. model US2308 hardware version 1 */
+#define OCT_DK201_PID 0x0103 /* OCT DK201 USB docking station */
+#define OCT_US101_PID 0x0421 /* OCT US101 USB to RS-232 */
+
+/*
+ * Definitions for Icom Inc. devices
+ */
+#define ICOM_VID 0x0C26 /* Icom vendor ID */
+/* Note: ID-1 is a communications tranceiver for HAM-radio operators */
+#define ICOM_ID_1_PID 0x0004 /* ID-1 USB to RS-232 */
+/* Note: OPC is an Optional cable to connect an Icom Tranceiver */
+#define ICOM_OPC_U_UC_PID 0x0018 /* OPC-478UC, OPC-1122U cloning cable */
+/* Note: ID-RP* devices are Icom Repeater Devices for HAM-radio */
+#define ICOM_ID_RP2C1_PID 0x0009 /* ID-RP2C Asset 1 to RS-232 */
+#define ICOM_ID_RP2C2_PID 0x000A /* ID-RP2C Asset 2 to RS-232 */
+#define ICOM_ID_RP2D_PID 0x000B /* ID-RP2D configuration port*/
+#define ICOM_ID_RP2VT_PID 0x000C /* ID-RP2V Transmit config port */
+#define ICOM_ID_RP2VR_PID 0x000D /* ID-RP2V Receive config port */
+#define ICOM_ID_RP4KVT_PID 0x0010 /* ID-RP4000V Transmit config port */
+#define ICOM_ID_RP4KVR_PID 0x0011 /* ID-RP4000V Receive config port */
+#define ICOM_ID_RP2KVT_PID 0x0012 /* ID-RP2000V Transmit config port */
+#define ICOM_ID_RP2KVR_PID 0x0013 /* ID-RP2000V Receive config port */
+
+/*
+ * GN Otometrics (http://www.otometrics.com)
+ * Submitted by Ville Sundberg.
+ */
+#define GN_OTOMETRICS_VID 0x0c33 /* Vendor ID */
+#define AURICAL_USB_PID 0x0010 /* Aurical USB Audiometer */
+
+/*
+ * The following are the values for the Sealevel SeaLINK+ adapters.
+ * (Original list sent by Tuan Hoang. Ian Abbott renamed the macros and
+ * removed some PIDs that don't seem to match any existing products.)
+ */
+#define SEALEVEL_VID 0x0c52 /* Sealevel Vendor ID */
+#define SEALEVEL_2101_PID 0x2101 /* SeaLINK+232 (2101/2105) */
+#define SEALEVEL_2102_PID 0x2102 /* SeaLINK+485 (2102) */
+#define SEALEVEL_2103_PID 0x2103 /* SeaLINK+232I (2103) */
+#define SEALEVEL_2104_PID 0x2104 /* SeaLINK+485I (2104) */
+#define SEALEVEL_2106_PID 0x9020 /* SeaLINK+422 (2106) */
+#define SEALEVEL_2201_1_PID 0x2211 /* SeaPORT+2/232 (2201) Port 1 */
+#define SEALEVEL_2201_2_PID 0x2221 /* SeaPORT+2/232 (2201) Port 2 */
+#define SEALEVEL_2202_1_PID 0x2212 /* SeaPORT+2/485 (2202) Port 1 */
+#define SEALEVEL_2202_2_PID 0x2222 /* SeaPORT+2/485 (2202) Port 2 */
+#define SEALEVEL_2203_1_PID 0x2213 /* SeaPORT+2 (2203) Port 1 */
+#define SEALEVEL_2203_2_PID 0x2223 /* SeaPORT+2 (2203) Port 2 */
+#define SEALEVEL_2401_1_PID 0x2411 /* SeaPORT+4/232 (2401) Port 1 */
+#define SEALEVEL_2401_2_PID 0x2421 /* SeaPORT+4/232 (2401) Port 2 */
+#define SEALEVEL_2401_3_PID 0x2431 /* SeaPORT+4/232 (2401) Port 3 */
+#define SEALEVEL_2401_4_PID 0x2441 /* SeaPORT+4/232 (2401) Port 4 */
+#define SEALEVEL_2402_1_PID 0x2412 /* SeaPORT+4/485 (2402) Port 1 */
+#define SEALEVEL_2402_2_PID 0x2422 /* SeaPORT+4/485 (2402) Port 2 */
+#define SEALEVEL_2402_3_PID 0x2432 /* SeaPORT+4/485 (2402) Port 3 */
+#define SEALEVEL_2402_4_PID 0x2442 /* SeaPORT+4/485 (2402) Port 4 */
+#define SEALEVEL_2403_1_PID 0x2413 /* SeaPORT+4 (2403) Port 1 */
+#define SEALEVEL_2403_2_PID 0x2423 /* SeaPORT+4 (2403) Port 2 */
+#define SEALEVEL_2403_3_PID 0x2433 /* SeaPORT+4 (2403) Port 3 */
+#define SEALEVEL_2403_4_PID 0x2443 /* SeaPORT+4 (2403) Port 4 */
+#define SEALEVEL_2801_1_PID 0X2811 /* SeaLINK+8/232 (2801) Port 1 */
+#define SEALEVEL_2801_2_PID 0X2821 /* SeaLINK+8/232 (2801) Port 2 */
+#define SEALEVEL_2801_3_PID 0X2831 /* SeaLINK+8/232 (2801) Port 3 */
+#define SEALEVEL_2801_4_PID 0X2841 /* SeaLINK+8/232 (2801) Port 4 */
+#define SEALEVEL_2801_5_PID 0X2851 /* SeaLINK+8/232 (2801) Port 5 */
+#define SEALEVEL_2801_6_PID 0X2861 /* SeaLINK+8/232 (2801) Port 6 */
+#define SEALEVEL_2801_7_PID 0X2871 /* SeaLINK+8/232 (2801) Port 7 */
+#define SEALEVEL_2801_8_PID 0X2881 /* SeaLINK+8/232 (2801) Port 8 */
+#define SEALEVEL_2802_1_PID 0X2812 /* SeaLINK+8/485 (2802) Port 1 */
+#define SEALEVEL_2802_2_PID 0X2822 /* SeaLINK+8/485 (2802) Port 2 */
+#define SEALEVEL_2802_3_PID 0X2832 /* SeaLINK+8/485 (2802) Port 3 */
+#define SEALEVEL_2802_4_PID 0X2842 /* SeaLINK+8/485 (2802) Port 4 */
+#define SEALEVEL_2802_5_PID 0X2852 /* SeaLINK+8/485 (2802) Port 5 */
+#define SEALEVEL_2802_6_PID 0X2862 /* SeaLINK+8/485 (2802) Port 6 */
+#define SEALEVEL_2802_7_PID 0X2872 /* SeaLINK+8/485 (2802) Port 7 */
+#define SEALEVEL_2802_8_PID 0X2882 /* SeaLINK+8/485 (2802) Port 8 */
+#define SEALEVEL_2803_1_PID 0X2813 /* SeaLINK+8 (2803) Port 1 */
+#define SEALEVEL_2803_2_PID 0X2823 /* SeaLINK+8 (2803) Port 2 */
+#define SEALEVEL_2803_3_PID 0X2833 /* SeaLINK+8 (2803) Port 3 */
+#define SEALEVEL_2803_4_PID 0X2843 /* SeaLINK+8 (2803) Port 4 */
+#define SEALEVEL_2803_5_PID 0X2853 /* SeaLINK+8 (2803) Port 5 */
+#define SEALEVEL_2803_6_PID 0X2863 /* SeaLINK+8 (2803) Port 6 */
+#define SEALEVEL_2803_7_PID 0X2873 /* SeaLINK+8 (2803) Port 7 */
+#define SEALEVEL_2803_8_PID 0X2883 /* SeaLINK+8 (2803) Port 8 */
+#define SEALEVEL_2803R_1_PID 0Xa02a /* SeaLINK+8 (2803-ROHS) Port 1+2 */
+#define SEALEVEL_2803R_2_PID 0Xa02b /* SeaLINK+8 (2803-ROHS) Port 3+4 */
+#define SEALEVEL_2803R_3_PID 0Xa02c /* SeaLINK+8 (2803-ROHS) Port 5+6 */
+#define SEALEVEL_2803R_4_PID 0Xa02d /* SeaLINK+8 (2803-ROHS) Port 7+8 */
+
+/*
+ * JETI SPECTROMETER SPECBOS 1201
+ * http://www.jeti.com/cms/index.php/instruments/other-instruments/specbos-2101
+ */
+#define JETI_VID 0x0c6c
+#define JETI_SPC1201_PID 0x04b2
+
+/*
+ * FTDI USB UART chips used in construction projects from the
+ * Elektor Electronics magazine (http://www.elektor.com/)
+ */
+#define ELEKTOR_VID 0x0C7D
+#define ELEKTOR_FT323R_PID 0x0005 /* RFID-Reader, issue 09-2006 */
+
+/*
+ * Posiflex inc retail equipment (http://www.posiflex.com.tw)
+ */
+#define POSIFLEX_VID 0x0d3a /* Vendor ID */
+#define POSIFLEX_PP7000_PID 0x0300 /* PP-7000II thermal printer */
+
+/*
+ * The following are the values for two KOBIL chipcard terminals.
+ */
+#define KOBIL_VID 0x0d46 /* KOBIL Vendor ID */
+#define KOBIL_CONV_B1_PID 0x2020 /* KOBIL Konverter for B1 */
+#define KOBIL_CONV_KAAN_PID 0x2021 /* KOBIL_Konverter for KAAN */
+
+#define FTDI_NF_RIC_VID 0x0DCD /* Vendor Id */
+#define FTDI_NF_RIC_PID 0x0001 /* Product Id */
+
+/*
+ * Falcom Wireless Communications GmbH
+ */
+#define FALCOM_VID 0x0F94 /* Vendor Id */
+#define FALCOM_TWIST_PID 0x0001 /* Falcom Twist USB GPRS modem */
+#define FALCOM_SAMBA_PID 0x0005 /* Falcom Samba USB GPRS modem */
+
+/* Larsen and Brusgaard AltiTrack/USBtrack */
+#define LARSENBRUSGAARD_VID 0x0FD8
+#define LB_ALTITRACK_PID 0x0001
+
+/*
+ * TTi (Thurlby Thandar Instruments)
+ */
+#define TTI_VID 0x103E /* Vendor Id */
+#define TTI_QL355P_PID 0x03E8 /* TTi QL355P power supply */
+
+/* Interbiometrics USB I/O Board */
+/* Developed for Interbiometrics by Rudolf Gugler */
+#define INTERBIOMETRICS_VID 0x1209
+#define INTERBIOMETRICS_IOBOARD_PID 0x1002
+#define INTERBIOMETRICS_MINI_IOBOARD_PID 0x1006
+
+/*
+ * Testo products (http://www.testo.com/)
+ * Submitted by Colin Leroy
+ */
+#define TESTO_VID 0x128D
+#define TESTO_USB_INTERFACE_PID 0x0001
+
+/*
+ * Mobility Electronics products.
+ */
+#define MOBILITY_VID 0x1342
+#define MOBILITY_USB_SERIAL_PID 0x0202 /* EasiDock USB 200 serial */
+
+/*
+ * FIC / OpenMoko, Inc. http://wiki.openmoko.org/wiki/Neo1973_Debug_Board_v3
+ * Submitted by Harald Welte <laforge@openmoko.org>
+ */
+#define FIC_VID 0x1457
+#define FIC_NEO1973_DEBUG_PID 0x5118
+
+/* Olimex */
+#define OLIMEX_VID 0x15BA
+#define OLIMEX_ARM_USB_OCD_PID 0x0003
+#define OLIMEX_ARM_USB_OCD_H_PID 0x002b
+
+/*
+ * Telldus Technologies
+ */
+#define TELLDUS_VID 0x1781 /* Vendor ID */
+#define TELLDUS_TELLSTICK_PID 0x0C30 /* RF control dongle 433 MHz using FT232RL */
+
+/*
+ * RT Systems programming cables for various ham radios
+ */
+#define RTSYSTEMS_VID 0x2100 /* Vendor ID */
+#define RTSYSTEMS_SERIAL_VX7_PID 0x9e52 /* Serial converter for VX-7 Radios using FT232RL */
+#define RTSYSTEMS_CT29B_PID 0x9e54 /* CT29B Radio Cable */
+#define RTSYSTEMS_RTS01_PID 0x9e57 /* USB-RTS01 Radio Cable */
+
+
+/*
+ * Physik Instrumente
+ * http://www.physikinstrumente.com/en/products/
+ */
+/* These two devices use the VID of FTDI */
+#define PI_C865_PID 0xe0a0 /* PI C-865 Piezomotor Controller */
+#define PI_C857_PID 0xe0a1 /* PI Encoder Trigger Box */
+
+#define PI_VID 0x1a72 /* Vendor ID */
+#define PI_C866_PID 0x1000 /* PI C-866 Piezomotor Controller */
+#define PI_C663_PID 0x1001 /* PI C-663 Mercury-Step */
+#define PI_C725_PID 0x1002 /* PI C-725 Piezomotor Controller */
+#define PI_E517_PID 0x1005 /* PI E-517 Digital Piezo Controller Operation Module */
+#define PI_C863_PID 0x1007 /* PI C-863 */
+#define PI_E861_PID 0x1008 /* PI E-861 Piezomotor Controller */
+#define PI_C867_PID 0x1009 /* PI C-867 Piezomotor Controller */
+#define PI_E609_PID 0x100D /* PI E-609 Digital Piezo Controller */
+#define PI_E709_PID 0x100E /* PI E-709 Digital Piezo Controller */
+#define PI_100F_PID 0x100F /* PI Digital Piezo Controller */
+#define PI_1011_PID 0x1011 /* PI Digital Piezo Controller */
+#define PI_1012_PID 0x1012 /* PI Motion Controller */
+#define PI_1013_PID 0x1013 /* PI Motion Controller */
+#define PI_1014_PID 0x1014 /* PI Device */
+#define PI_1015_PID 0x1015 /* PI Device */
+#define PI_1016_PID 0x1016 /* PI Digital Servo Module */
+
+/*
+ * Kondo Kagaku Co.Ltd.
+ * http://www.kondo-robot.com/EN
+ */
+#define KONDO_VID 0x165c
+#define KONDO_USB_SERIAL_PID 0x0002
+
+/*
+ * Bayer Ascensia Contour blood glucose meter USB-converter cable.
+ * http://winglucofacts.com/cables/
+ */
+#define BAYER_VID 0x1A79
+#define BAYER_CONTOUR_CABLE_PID 0x6001
+
+/*
+ * The following are the values for the Matrix Orbital FTDI Range
+ * Anything in this range will use an FT232RL.
+ */
+#define MTXORB_VID 0x1B3D
+#define MTXORB_FTDI_RANGE_0100_PID 0x0100
+#define MTXORB_FTDI_RANGE_0101_PID 0x0101
+#define MTXORB_FTDI_RANGE_0102_PID 0x0102
+#define MTXORB_FTDI_RANGE_0103_PID 0x0103
+#define MTXORB_FTDI_RANGE_0104_PID 0x0104
+#define MTXORB_FTDI_RANGE_0105_PID 0x0105
+#define MTXORB_FTDI_RANGE_0106_PID 0x0106
+#define MTXORB_FTDI_RANGE_0107_PID 0x0107
+#define MTXORB_FTDI_RANGE_0108_PID 0x0108
+#define MTXORB_FTDI_RANGE_0109_PID 0x0109
+#define MTXORB_FTDI_RANGE_010A_PID 0x010A
+#define MTXORB_FTDI_RANGE_010B_PID 0x010B
+#define MTXORB_FTDI_RANGE_010C_PID 0x010C
+#define MTXORB_FTDI_RANGE_010D_PID 0x010D
+#define MTXORB_FTDI_RANGE_010E_PID 0x010E
+#define MTXORB_FTDI_RANGE_010F_PID 0x010F
+#define MTXORB_FTDI_RANGE_0110_PID 0x0110
+#define MTXORB_FTDI_RANGE_0111_PID 0x0111
+#define MTXORB_FTDI_RANGE_0112_PID 0x0112
+#define MTXORB_FTDI_RANGE_0113_PID 0x0113
+#define MTXORB_FTDI_RANGE_0114_PID 0x0114
+#define MTXORB_FTDI_RANGE_0115_PID 0x0115
+#define MTXORB_FTDI_RANGE_0116_PID 0x0116
+#define MTXORB_FTDI_RANGE_0117_PID 0x0117
+#define MTXORB_FTDI_RANGE_0118_PID 0x0118
+#define MTXORB_FTDI_RANGE_0119_PID 0x0119
+#define MTXORB_FTDI_RANGE_011A_PID 0x011A
+#define MTXORB_FTDI_RANGE_011B_PID 0x011B
+#define MTXORB_FTDI_RANGE_011C_PID 0x011C
+#define MTXORB_FTDI_RANGE_011D_PID 0x011D
+#define MTXORB_FTDI_RANGE_011E_PID 0x011E
+#define MTXORB_FTDI_RANGE_011F_PID 0x011F
+#define MTXORB_FTDI_RANGE_0120_PID 0x0120
+#define MTXORB_FTDI_RANGE_0121_PID 0x0121
+#define MTXORB_FTDI_RANGE_0122_PID 0x0122
+#define MTXORB_FTDI_RANGE_0123_PID 0x0123
+#define MTXORB_FTDI_RANGE_0124_PID 0x0124
+#define MTXORB_FTDI_RANGE_0125_PID 0x0125
+#define MTXORB_FTDI_RANGE_0126_PID 0x0126
+#define MTXORB_FTDI_RANGE_0127_PID 0x0127
+#define MTXORB_FTDI_RANGE_0128_PID 0x0128
+#define MTXORB_FTDI_RANGE_0129_PID 0x0129
+#define MTXORB_FTDI_RANGE_012A_PID 0x012A
+#define MTXORB_FTDI_RANGE_012B_PID 0x012B
+#define MTXORB_FTDI_RANGE_012C_PID 0x012C
+#define MTXORB_FTDI_RANGE_012D_PID 0x012D
+#define MTXORB_FTDI_RANGE_012E_PID 0x012E
+#define MTXORB_FTDI_RANGE_012F_PID 0x012F
+#define MTXORB_FTDI_RANGE_0130_PID 0x0130
+#define MTXORB_FTDI_RANGE_0131_PID 0x0131
+#define MTXORB_FTDI_RANGE_0132_PID 0x0132
+#define MTXORB_FTDI_RANGE_0133_PID 0x0133
+#define MTXORB_FTDI_RANGE_0134_PID 0x0134
+#define MTXORB_FTDI_RANGE_0135_PID 0x0135
+#define MTXORB_FTDI_RANGE_0136_PID 0x0136
+#define MTXORB_FTDI_RANGE_0137_PID 0x0137
+#define MTXORB_FTDI_RANGE_0138_PID 0x0138
+#define MTXORB_FTDI_RANGE_0139_PID 0x0139
+#define MTXORB_FTDI_RANGE_013A_PID 0x013A
+#define MTXORB_FTDI_RANGE_013B_PID 0x013B
+#define MTXORB_FTDI_RANGE_013C_PID 0x013C
+#define MTXORB_FTDI_RANGE_013D_PID 0x013D
+#define MTXORB_FTDI_RANGE_013E_PID 0x013E
+#define MTXORB_FTDI_RANGE_013F_PID 0x013F
+#define MTXORB_FTDI_RANGE_0140_PID 0x0140
+#define MTXORB_FTDI_RANGE_0141_PID 0x0141
+#define MTXORB_FTDI_RANGE_0142_PID 0x0142
+#define MTXORB_FTDI_RANGE_0143_PID 0x0143
+#define MTXORB_FTDI_RANGE_0144_PID 0x0144
+#define MTXORB_FTDI_RANGE_0145_PID 0x0145
+#define MTXORB_FTDI_RANGE_0146_PID 0x0146
+#define MTXORB_FTDI_RANGE_0147_PID 0x0147
+#define MTXORB_FTDI_RANGE_0148_PID 0x0148
+#define MTXORB_FTDI_RANGE_0149_PID 0x0149
+#define MTXORB_FTDI_RANGE_014A_PID 0x014A
+#define MTXORB_FTDI_RANGE_014B_PID 0x014B
+#define MTXORB_FTDI_RANGE_014C_PID 0x014C
+#define MTXORB_FTDI_RANGE_014D_PID 0x014D
+#define MTXORB_FTDI_RANGE_014E_PID 0x014E
+#define MTXORB_FTDI_RANGE_014F_PID 0x014F
+#define MTXORB_FTDI_RANGE_0150_PID 0x0150
+#define MTXORB_FTDI_RANGE_0151_PID 0x0151
+#define MTXORB_FTDI_RANGE_0152_PID 0x0152
+#define MTXORB_FTDI_RANGE_0153_PID 0x0153
+#define MTXORB_FTDI_RANGE_0154_PID 0x0154
+#define MTXORB_FTDI_RANGE_0155_PID 0x0155
+#define MTXORB_FTDI_RANGE_0156_PID 0x0156
+#define MTXORB_FTDI_RANGE_0157_PID 0x0157
+#define MTXORB_FTDI_RANGE_0158_PID 0x0158
+#define MTXORB_FTDI_RANGE_0159_PID 0x0159
+#define MTXORB_FTDI_RANGE_015A_PID 0x015A
+#define MTXORB_FTDI_RANGE_015B_PID 0x015B
+#define MTXORB_FTDI_RANGE_015C_PID 0x015C
+#define MTXORB_FTDI_RANGE_015D_PID 0x015D
+#define MTXORB_FTDI_RANGE_015E_PID 0x015E
+#define MTXORB_FTDI_RANGE_015F_PID 0x015F
+#define MTXORB_FTDI_RANGE_0160_PID 0x0160
+#define MTXORB_FTDI_RANGE_0161_PID 0x0161
+#define MTXORB_FTDI_RANGE_0162_PID 0x0162
+#define MTXORB_FTDI_RANGE_0163_PID 0x0163
+#define MTXORB_FTDI_RANGE_0164_PID 0x0164
+#define MTXORB_FTDI_RANGE_0165_PID 0x0165
+#define MTXORB_FTDI_RANGE_0166_PID 0x0166
+#define MTXORB_FTDI_RANGE_0167_PID 0x0167
+#define MTXORB_FTDI_RANGE_0168_PID 0x0168
+#define MTXORB_FTDI_RANGE_0169_PID 0x0169
+#define MTXORB_FTDI_RANGE_016A_PID 0x016A
+#define MTXORB_FTDI_RANGE_016B_PID 0x016B
+#define MTXORB_FTDI_RANGE_016C_PID 0x016C
+#define MTXORB_FTDI_RANGE_016D_PID 0x016D
+#define MTXORB_FTDI_RANGE_016E_PID 0x016E
+#define MTXORB_FTDI_RANGE_016F_PID 0x016F
+#define MTXORB_FTDI_RANGE_0170_PID 0x0170
+#define MTXORB_FTDI_RANGE_0171_PID 0x0171
+#define MTXORB_FTDI_RANGE_0172_PID 0x0172
+#define MTXORB_FTDI_RANGE_0173_PID 0x0173
+#define MTXORB_FTDI_RANGE_0174_PID 0x0174
+#define MTXORB_FTDI_RANGE_0175_PID 0x0175
+#define MTXORB_FTDI_RANGE_0176_PID 0x0176
+#define MTXORB_FTDI_RANGE_0177_PID 0x0177
+#define MTXORB_FTDI_RANGE_0178_PID 0x0178
+#define MTXORB_FTDI_RANGE_0179_PID 0x0179
+#define MTXORB_FTDI_RANGE_017A_PID 0x017A
+#define MTXORB_FTDI_RANGE_017B_PID 0x017B
+#define MTXORB_FTDI_RANGE_017C_PID 0x017C
+#define MTXORB_FTDI_RANGE_017D_PID 0x017D
+#define MTXORB_FTDI_RANGE_017E_PID 0x017E
+#define MTXORB_FTDI_RANGE_017F_PID 0x017F
+#define MTXORB_FTDI_RANGE_0180_PID 0x0180
+#define MTXORB_FTDI_RANGE_0181_PID 0x0181
+#define MTXORB_FTDI_RANGE_0182_PID 0x0182
+#define MTXORB_FTDI_RANGE_0183_PID 0x0183
+#define MTXORB_FTDI_RANGE_0184_PID 0x0184
+#define MTXORB_FTDI_RANGE_0185_PID 0x0185
+#define MTXORB_FTDI_RANGE_0186_PID 0x0186
+#define MTXORB_FTDI_RANGE_0187_PID 0x0187
+#define MTXORB_FTDI_RANGE_0188_PID 0x0188
+#define MTXORB_FTDI_RANGE_0189_PID 0x0189
+#define MTXORB_FTDI_RANGE_018A_PID 0x018A
+#define MTXORB_FTDI_RANGE_018B_PID 0x018B
+#define MTXORB_FTDI_RANGE_018C_PID 0x018C
+#define MTXORB_FTDI_RANGE_018D_PID 0x018D
+#define MTXORB_FTDI_RANGE_018E_PID 0x018E
+#define MTXORB_FTDI_RANGE_018F_PID 0x018F
+#define MTXORB_FTDI_RANGE_0190_PID 0x0190
+#define MTXORB_FTDI_RANGE_0191_PID 0x0191
+#define MTXORB_FTDI_RANGE_0192_PID 0x0192
+#define MTXORB_FTDI_RANGE_0193_PID 0x0193
+#define MTXORB_FTDI_RANGE_0194_PID 0x0194
+#define MTXORB_FTDI_RANGE_0195_PID 0x0195
+#define MTXORB_FTDI_RANGE_0196_PID 0x0196
+#define MTXORB_FTDI_RANGE_0197_PID 0x0197
+#define MTXORB_FTDI_RANGE_0198_PID 0x0198
+#define MTXORB_FTDI_RANGE_0199_PID 0x0199
+#define MTXORB_FTDI_RANGE_019A_PID 0x019A
+#define MTXORB_FTDI_RANGE_019B_PID 0x019B
+#define MTXORB_FTDI_RANGE_019C_PID 0x019C
+#define MTXORB_FTDI_RANGE_019D_PID 0x019D
+#define MTXORB_FTDI_RANGE_019E_PID 0x019E
+#define MTXORB_FTDI_RANGE_019F_PID 0x019F
+#define MTXORB_FTDI_RANGE_01A0_PID 0x01A0
+#define MTXORB_FTDI_RANGE_01A1_PID 0x01A1
+#define MTXORB_FTDI_RANGE_01A2_PID 0x01A2
+#define MTXORB_FTDI_RANGE_01A3_PID 0x01A3
+#define MTXORB_FTDI_RANGE_01A4_PID 0x01A4
+#define MTXORB_FTDI_RANGE_01A5_PID 0x01A5
+#define MTXORB_FTDI_RANGE_01A6_PID 0x01A6
+#define MTXORB_FTDI_RANGE_01A7_PID 0x01A7
+#define MTXORB_FTDI_RANGE_01A8_PID 0x01A8
+#define MTXORB_FTDI_RANGE_01A9_PID 0x01A9
+#define MTXORB_FTDI_RANGE_01AA_PID 0x01AA
+#define MTXORB_FTDI_RANGE_01AB_PID 0x01AB
+#define MTXORB_FTDI_RANGE_01AC_PID 0x01AC
+#define MTXORB_FTDI_RANGE_01AD_PID 0x01AD
+#define MTXORB_FTDI_RANGE_01AE_PID 0x01AE
+#define MTXORB_FTDI_RANGE_01AF_PID 0x01AF
+#define MTXORB_FTDI_RANGE_01B0_PID 0x01B0
+#define MTXORB_FTDI_RANGE_01B1_PID 0x01B1
+#define MTXORB_FTDI_RANGE_01B2_PID 0x01B2
+#define MTXORB_FTDI_RANGE_01B3_PID 0x01B3
+#define MTXORB_FTDI_RANGE_01B4_PID 0x01B4
+#define MTXORB_FTDI_RANGE_01B5_PID 0x01B5
+#define MTXORB_FTDI_RANGE_01B6_PID 0x01B6
+#define MTXORB_FTDI_RANGE_01B7_PID 0x01B7
+#define MTXORB_FTDI_RANGE_01B8_PID 0x01B8
+#define MTXORB_FTDI_RANGE_01B9_PID 0x01B9
+#define MTXORB_FTDI_RANGE_01BA_PID 0x01BA
+#define MTXORB_FTDI_RANGE_01BB_PID 0x01BB
+#define MTXORB_FTDI_RANGE_01BC_PID 0x01BC
+#define MTXORB_FTDI_RANGE_01BD_PID 0x01BD
+#define MTXORB_FTDI_RANGE_01BE_PID 0x01BE
+#define MTXORB_FTDI_RANGE_01BF_PID 0x01BF
+#define MTXORB_FTDI_RANGE_01C0_PID 0x01C0
+#define MTXORB_FTDI_RANGE_01C1_PID 0x01C1
+#define MTXORB_FTDI_RANGE_01C2_PID 0x01C2
+#define MTXORB_FTDI_RANGE_01C3_PID 0x01C3
+#define MTXORB_FTDI_RANGE_01C4_PID 0x01C4
+#define MTXORB_FTDI_RANGE_01C5_PID 0x01C5
+#define MTXORB_FTDI_RANGE_01C6_PID 0x01C6
+#define MTXORB_FTDI_RANGE_01C7_PID 0x01C7
+#define MTXORB_FTDI_RANGE_01C8_PID 0x01C8
+#define MTXORB_FTDI_RANGE_01C9_PID 0x01C9
+#define MTXORB_FTDI_RANGE_01CA_PID 0x01CA
+#define MTXORB_FTDI_RANGE_01CB_PID 0x01CB
+#define MTXORB_FTDI_RANGE_01CC_PID 0x01CC
+#define MTXORB_FTDI_RANGE_01CD_PID 0x01CD
+#define MTXORB_FTDI_RANGE_01CE_PID 0x01CE
+#define MTXORB_FTDI_RANGE_01CF_PID 0x01CF
+#define MTXORB_FTDI_RANGE_01D0_PID 0x01D0
+#define MTXORB_FTDI_RANGE_01D1_PID 0x01D1
+#define MTXORB_FTDI_RANGE_01D2_PID 0x01D2
+#define MTXORB_FTDI_RANGE_01D3_PID 0x01D3
+#define MTXORB_FTDI_RANGE_01D4_PID 0x01D4
+#define MTXORB_FTDI_RANGE_01D5_PID 0x01D5
+#define MTXORB_FTDI_RANGE_01D6_PID 0x01D6
+#define MTXORB_FTDI_RANGE_01D7_PID 0x01D7
+#define MTXORB_FTDI_RANGE_01D8_PID 0x01D8
+#define MTXORB_FTDI_RANGE_01D9_PID 0x01D9
+#define MTXORB_FTDI_RANGE_01DA_PID 0x01DA
+#define MTXORB_FTDI_RANGE_01DB_PID 0x01DB
+#define MTXORB_FTDI_RANGE_01DC_PID 0x01DC
+#define MTXORB_FTDI_RANGE_01DD_PID 0x01DD
+#define MTXORB_FTDI_RANGE_01DE_PID 0x01DE
+#define MTXORB_FTDI_RANGE_01DF_PID 0x01DF
+#define MTXORB_FTDI_RANGE_01E0_PID 0x01E0
+#define MTXORB_FTDI_RANGE_01E1_PID 0x01E1
+#define MTXORB_FTDI_RANGE_01E2_PID 0x01E2
+#define MTXORB_FTDI_RANGE_01E3_PID 0x01E3
+#define MTXORB_FTDI_RANGE_01E4_PID 0x01E4
+#define MTXORB_FTDI_RANGE_01E5_PID 0x01E5
+#define MTXORB_FTDI_RANGE_01E6_PID 0x01E6
+#define MTXORB_FTDI_RANGE_01E7_PID 0x01E7
+#define MTXORB_FTDI_RANGE_01E8_PID 0x01E8
+#define MTXORB_FTDI_RANGE_01E9_PID 0x01E9
+#define MTXORB_FTDI_RANGE_01EA_PID 0x01EA
+#define MTXORB_FTDI_RANGE_01EB_PID 0x01EB
+#define MTXORB_FTDI_RANGE_01EC_PID 0x01EC
+#define MTXORB_FTDI_RANGE_01ED_PID 0x01ED
+#define MTXORB_FTDI_RANGE_01EE_PID 0x01EE
+#define MTXORB_FTDI_RANGE_01EF_PID 0x01EF
+#define MTXORB_FTDI_RANGE_01F0_PID 0x01F0
+#define MTXORB_FTDI_RANGE_01F1_PID 0x01F1
+#define MTXORB_FTDI_RANGE_01F2_PID 0x01F2
+#define MTXORB_FTDI_RANGE_01F3_PID 0x01F3
+#define MTXORB_FTDI_RANGE_01F4_PID 0x01F4
+#define MTXORB_FTDI_RANGE_01F5_PID 0x01F5
+#define MTXORB_FTDI_RANGE_01F6_PID 0x01F6
+#define MTXORB_FTDI_RANGE_01F7_PID 0x01F7
+#define MTXORB_FTDI_RANGE_01F8_PID 0x01F8
+#define MTXORB_FTDI_RANGE_01F9_PID 0x01F9
+#define MTXORB_FTDI_RANGE_01FA_PID 0x01FA
+#define MTXORB_FTDI_RANGE_01FB_PID 0x01FB
+#define MTXORB_FTDI_RANGE_01FC_PID 0x01FC
+#define MTXORB_FTDI_RANGE_01FD_PID 0x01FD
+#define MTXORB_FTDI_RANGE_01FE_PID 0x01FE
+#define MTXORB_FTDI_RANGE_01FF_PID 0x01FF
+
+
+
+/*
+ * The Mobility Lab (TML)
+ * Submitted by Pierre Castella
+ */
+#define TML_VID 0x1B91 /* Vendor ID */
+#define TML_USB_SERIAL_PID 0x0064 /* USB - Serial Converter */
+
+/* Alti-2 products http://www.alti-2.com */
+#define ALTI2_VID 0x1BC9
+#define ALTI2_N3_PID 0x6001 /* Neptune 3 */
+
+/*
+ * Ionics PlugComputer
+ */
+#define IONICS_VID 0x1c0c
+#define IONICS_PLUGCOMPUTER_PID 0x0102
+
+/*
+ * Dresden Elektronik Sensor Terminal Board
+ */
+#define DE_VID 0x1cf1 /* Vendor ID */
+#define STB_PID 0x0001 /* Sensor Terminal Board */
+#define WHT_PID 0x0004 /* Wireless Handheld Terminal */
+
+/*
+ * STMicroelectonics
+ */
+#define ST_VID 0x0483
+#define ST_STMCLT1030_PID 0x3747 /* ST Micro Connect Lite STMCLT1030 */
+
+/*
+ * Papouch products (http://www.papouch.com/)
+ * Submitted by Folkert van Heusden
+ */
+
+#define PAPOUCH_VID 0x5050 /* Vendor ID */
+#define PAPOUCH_SB485_PID 0x0100 /* Papouch SB485 USB-485/422 Converter */
+#define PAPOUCH_AP485_PID 0x0101 /* AP485 USB-RS485 Converter */
+#define PAPOUCH_SB422_PID 0x0102 /* Papouch SB422 USB-RS422 Converter */
+#define PAPOUCH_SB485_2_PID 0x0103 /* Papouch SB485 USB-485/422 Converter */
+#define PAPOUCH_AP485_2_PID 0x0104 /* AP485 USB-RS485 Converter */
+#define PAPOUCH_SB422_2_PID 0x0105 /* Papouch SB422 USB-RS422 Converter */
+#define PAPOUCH_SB485S_PID 0x0106 /* Papouch SB485S USB-485/422 Converter */
+#define PAPOUCH_SB485C_PID 0x0107 /* Papouch SB485C USB-485/422 Converter */
+#define PAPOUCH_LEC_PID 0x0300 /* LEC USB Converter */
+#define PAPOUCH_SB232_PID 0x0301 /* Papouch SB232 USB-RS232 Converter */
+#define PAPOUCH_TMU_PID 0x0400 /* TMU USB Thermometer */
+#define PAPOUCH_IRAMP_PID 0x0500 /* Papouch IRAmp Duplex */
+#define PAPOUCH_DRAK5_PID 0x0700 /* Papouch DRAK5 */
+#define PAPOUCH_QUIDO8x8_PID 0x0800 /* Papouch Quido 8/8 Module */
+#define PAPOUCH_QUIDO4x4_PID 0x0900 /* Papouch Quido 4/4 Module */
+#define PAPOUCH_QUIDO2x2_PID 0x0a00 /* Papouch Quido 2/2 Module */
+#define PAPOUCH_QUIDO10x1_PID 0x0b00 /* Papouch Quido 10/1 Module */
+#define PAPOUCH_QUIDO30x3_PID 0x0c00 /* Papouch Quido 30/3 Module */
+#define PAPOUCH_QUIDO60x3_PID 0x0d00 /* Papouch Quido 60(100)/3 Module */
+#define PAPOUCH_QUIDO2x16_PID 0x0e00 /* Papouch Quido 2/16 Module */
+#define PAPOUCH_QUIDO3x32_PID 0x0f00 /* Papouch Quido 3/32 Module */
+#define PAPOUCH_DRAK6_PID 0x1000 /* Papouch DRAK6 */
+#define PAPOUCH_UPSUSB_PID 0x8000 /* Papouch UPS-USB adapter */
+#define PAPOUCH_MU_PID 0x8001 /* MU controller */
+#define PAPOUCH_SIMUKEY_PID 0x8002 /* Papouch SimuKey */
+#define PAPOUCH_AD4USB_PID 0x8003 /* AD4USB Measurement Module */
+#define PAPOUCH_GMUX_PID 0x8004 /* Papouch GOLIATH MUX */
+#define PAPOUCH_GMSR_PID 0x8005 /* Papouch GOLIATH MSR */
+
+/*
+ * Marvell SheevaPlug
+ */
+#define MARVELL_VID 0x9e88
+#define MARVELL_SHEEVAPLUG_PID 0x9e8f
+
+/*
+ * Evolution Robotics products (http://www.evolution.com/).
+ * Submitted by Shawn M. Lavelle.
+ */
+#define EVOLUTION_VID 0xDEEE /* Vendor ID */
+#define EVOLUTION_ER1_PID 0x0300 /* ER1 Control Module */
+#define EVO_8U232AM_PID 0x02FF /* Evolution robotics RCM2 (FT232AM)*/
+#define EVO_HYBRID_PID 0x0302 /* Evolution robotics RCM4 PID (FT232BM)*/
+#define EVO_RCM4_PID 0x0303 /* Evolution robotics RCM4 PID */
+
+/*
+ * MJS Gadgets HD Radio / XM Radio / Sirius Radio interfaces (using VID 0x0403)
+ */
+#define MJSG_GENERIC_PID 0x9378
+#define MJSG_SR_RADIO_PID 0x9379
+#define MJSG_XM_RADIO_PID 0x937A
+#define MJSG_HD_RADIO_PID 0x937C
+
+/*
+ * D.O.Tec products (http://www.directout.eu)
+ */
+#define FTDI_DOTEC_PID 0x9868
+
+/*
+ * Xverve Signalyzer tools (http://www.signalyzer.com/)
+ */
+#define XVERVE_SIGNALYZER_ST_PID 0xBCA0
+#define XVERVE_SIGNALYZER_SLITE_PID 0xBCA1
+#define XVERVE_SIGNALYZER_SH2_PID 0xBCA2
+#define XVERVE_SIGNALYZER_SH4_PID 0xBCA4
+
+/*
+ * Segway Robotic Mobility Platform USB interface (using VID 0x0403)
+ * Submitted by John G. Rogers
+ */
+#define SEGWAY_RMP200_PID 0xe729
+
+
+/*
+ * Accesio USB Data Acquisition products (http://www.accesio.com/)
+ */
+#define ACCESIO_COM4SM_PID 0xD578
+
+/* www.sciencescope.co.uk educational dataloggers */
+#define FTDI_SCIENCESCOPE_LOGBOOKML_PID 0xFF18
+#define FTDI_SCIENCESCOPE_LS_LOGBOOK_PID 0xFF1C
+#define FTDI_SCIENCESCOPE_HS_LOGBOOK_PID 0xFF1D
+
+/*
+ * Milkymist One JTAG/Serial
+ */
+#define QIHARDWARE_VID 0x20B7
+#define MILKYMISTONE_JTAGSERIAL_PID 0x0713
+
+/*
+ * CTI GmbH RS485 Converter http://www.cti-lean.com/
+ */
+/* USB-485-Mini*/
+#define FTDI_CTI_MINI_PID 0xF608
+/* USB-Nano-485*/
+#define FTDI_CTI_NANO_PID 0xF60B
+
+/*
+ * ZeitControl cardsystems GmbH rfid-readers http://zeitconrol.de
+ */
+/* TagTracer MIFARE*/
+#define FTDI_ZEITCONTROL_TAGTRACE_MIFARE_PID 0xF7C0
+
+/*
+ * Rainforest Automation
+ */
+/* ZigBee controller */
+#define FTDI_RF_R106 0x8A28
+
+/*
+ * Product: HCP HIT GPRS modem
+ * Manufacturer: HCP d.o.o.
+ * ATI command output: Cinterion MC55i
+ */
+#define FTDI_CINTERION_MC55I_PID 0xA951
diff --git a/hw/usb/quirks-pl2303-ids.h b/hw/usb/quirks-pl2303-ids.h
new file mode 100644
index 000000000..8dbdb46ff
--- /dev/null
+++ b/hw/usb/quirks-pl2303-ids.h
@@ -0,0 +1,150 @@
+/*
+ * Prolific PL2303 USB to serial adaptor driver header file
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ */
+
+#define BENQ_VENDOR_ID 0x04a5
+#define BENQ_PRODUCT_ID_S81 0x4027
+
+#define PL2303_VENDOR_ID 0x067b
+#define PL2303_PRODUCT_ID 0x2303
+#define PL2303_PRODUCT_ID_RSAQ2 0x04bb
+#define PL2303_PRODUCT_ID_DCU11 0x1234
+#define PL2303_PRODUCT_ID_PHAROS 0xaaa0
+#define PL2303_PRODUCT_ID_RSAQ3 0xaaa2
+#define PL2303_PRODUCT_ID_ALDIGA 0x0611
+#define PL2303_PRODUCT_ID_MMX 0x0612
+#define PL2303_PRODUCT_ID_GPRS 0x0609
+#define PL2303_PRODUCT_ID_HCR331 0x331a
+#define PL2303_PRODUCT_ID_MOTOROLA 0x0307
+
+#define ATEN_VENDOR_ID 0x0557
+#define ATEN_VENDOR_ID2 0x0547
+#define ATEN_PRODUCT_ID 0x2008
+
+#define IODATA_VENDOR_ID 0x04bb
+#define IODATA_PRODUCT_ID 0x0a03
+#define IODATA_PRODUCT_ID_RSAQ5 0x0a0e
+
+#define ELCOM_VENDOR_ID 0x056e
+#define ELCOM_PRODUCT_ID 0x5003
+#define ELCOM_PRODUCT_ID_UCSGT 0x5004
+
+#define ITEGNO_VENDOR_ID 0x0eba
+#define ITEGNO_PRODUCT_ID 0x1080
+#define ITEGNO_PRODUCT_ID_2080 0x2080
+
+#define MA620_VENDOR_ID 0x0df7
+#define MA620_PRODUCT_ID 0x0620
+
+#define RATOC_VENDOR_ID 0x0584
+#define RATOC_PRODUCT_ID 0xb000
+
+#define TRIPP_VENDOR_ID 0x2478
+#define TRIPP_PRODUCT_ID 0x2008
+
+#define RADIOSHACK_VENDOR_ID 0x1453
+#define RADIOSHACK_PRODUCT_ID 0x4026
+
+#define DCU10_VENDOR_ID 0x0731
+#define DCU10_PRODUCT_ID 0x0528
+
+#define SITECOM_VENDOR_ID 0x6189
+#define SITECOM_PRODUCT_ID 0x2068
+
+/* Alcatel OT535/735 USB cable */
+#define ALCATEL_VENDOR_ID 0x11f7
+#define ALCATEL_PRODUCT_ID 0x02df
+
+/* Samsung I330 phone cradle */
+#define SAMSUNG_VENDOR_ID 0x04e8
+#define SAMSUNG_PRODUCT_ID 0x8001
+
+#define SIEMENS_VENDOR_ID 0x11f5
+#define SIEMENS_PRODUCT_ID_SX1 0x0001
+#define SIEMENS_PRODUCT_ID_X65 0x0003
+#define SIEMENS_PRODUCT_ID_X75 0x0004
+#define SIEMENS_PRODUCT_ID_EF81 0x0005
+
+#define SYNTECH_VENDOR_ID 0x0745
+#define SYNTECH_PRODUCT_ID 0x0001
+
+/* Nokia CA-42 Cable */
+#define NOKIA_CA42_VENDOR_ID 0x078b
+#define NOKIA_CA42_PRODUCT_ID 0x1234
+
+/* CA-42 CLONE Cable www.ca-42.com chipset: Prolific Technology Inc */
+#define CA_42_CA42_VENDOR_ID 0x10b5
+#define CA_42_CA42_PRODUCT_ID 0xac70
+
+#define SAGEM_VENDOR_ID 0x079b
+#define SAGEM_PRODUCT_ID 0x0027
+
+/* Leadtek GPS 9531 (ID 0413:2101) */
+#define LEADTEK_VENDOR_ID 0x0413
+#define LEADTEK_9531_PRODUCT_ID 0x2101
+
+/* USB GSM cable from Speed Dragon Multimedia, Ltd */
+#define SPEEDDRAGON_VENDOR_ID 0x0e55
+#define SPEEDDRAGON_PRODUCT_ID 0x110b
+
+/* DATAPILOT Universal-2 Phone Cable */
+#define DATAPILOT_U2_VENDOR_ID 0x0731
+#define DATAPILOT_U2_PRODUCT_ID 0x2003
+
+/* Belkin "F5U257" Serial Adapter */
+#define BELKIN_VENDOR_ID 0x050d
+#define BELKIN_PRODUCT_ID 0x0257
+
+/* Alcor Micro Corp. USB 2.0 TO RS-232 */
+#define ALCOR_VENDOR_ID 0x058F
+#define ALCOR_PRODUCT_ID 0x9720
+
+/* Willcom WS002IN Data Driver (by NetIndex Inc.) */
+#define WS002IN_VENDOR_ID 0x11f6
+#define WS002IN_PRODUCT_ID 0x2001
+
+/* Corega CG-USBRS232R Serial Adapter */
+#define COREGA_VENDOR_ID 0x07aa
+#define COREGA_PRODUCT_ID 0x002a
+
+/* Y.C. Cable U.S.A., Inc - USB to RS-232 */
+#define YCCABLE_VENDOR_ID 0x05ad
+#define YCCABLE_PRODUCT_ID 0x0fba
+
+/* "Superial" USB - Serial */
+#define SUPERIAL_VENDOR_ID 0x5372
+#define SUPERIAL_PRODUCT_ID 0x2303
+
+/* Hewlett-Packard LD220-HP POS Pole Display */
+#define HP_VENDOR_ID 0x03f0
+#define HP_LD220_PRODUCT_ID 0x3524
+
+/* Cressi Edy (diving computer) PC interface */
+#define CRESSI_VENDOR_ID 0x04b8
+#define CRESSI_EDY_PRODUCT_ID 0x0521
+
+/* Zeagle dive computer interface */
+#define ZEAGLE_VENDOR_ID 0x04b8
+#define ZEAGLE_N2ITION3_PRODUCT_ID 0x0522
+
+/* Sony, USB data cable for CMD-Jxx mobile phones */
+#define SONY_VENDOR_ID 0x054c
+#define SONY_QN3USB_PRODUCT_ID 0x0437
+
+/* Sanwa KB-USB2 multimeter cable (ID: 11ad:0001) */
+#define SANWA_VENDOR_ID 0x11ad
+#define SANWA_PRODUCT_ID 0x0001
+
+/* ADLINK ND-6530 RS232,RS485 and RS422 adapter */
+#define ADLINK_VENDOR_ID 0x0b63
+#define ADLINK_ND6530_PRODUCT_ID 0x6530
+
+/* SMART USB Serial Adapter */
+#define SMART_VENDOR_ID 0x0b8c
+#define SMART_PRODUCT_ID 0x2303
diff --git a/hw/usb/quirks.c b/hw/usb/quirks.c
new file mode 100644
index 000000000..a761a9603
--- /dev/null
+++ b/hw/usb/quirks.c
@@ -0,0 +1,53 @@
+/*
+ * USB quirk handling
+ *
+ * Copyright (c) 2012 Red Hat, Inc.
+ *
+ * Red Hat Authors:
+ * Hans de Goede <hdegoede@redhat.com>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ */
+
+#include "quirks.h"
+#include "hw/usb.h"
+
+static bool usb_id_match(const struct usb_device_id *ids,
+ uint16_t vendor_id, uint16_t product_id,
+ uint8_t interface_class, uint8_t interface_subclass,
+ uint8_t interface_protocol) {
+ int i;
+
+ for (i = 0; ids[i].vendor_id != -1; i++) {
+ if (ids[i].vendor_id == vendor_id &&
+ ids[i].product_id == product_id &&
+ (ids[i].interface_class == -1 ||
+ (ids[i].interface_class == interface_class &&
+ ids[i].interface_subclass == interface_subclass &&
+ ids[i].interface_protocol == interface_protocol))) {
+ return true;
+ }
+ }
+ return false;
+}
+
+int usb_get_quirks(uint16_t vendor_id, uint16_t product_id,
+ uint8_t interface_class, uint8_t interface_subclass,
+ uint8_t interface_protocol)
+{
+ int quirks = 0;
+
+ if (usb_id_match(usbredir_raw_serial_ids, vendor_id, product_id,
+ interface_class, interface_subclass, interface_protocol)) {
+ quirks |= USB_QUIRK_BUFFER_BULK_IN;
+ }
+ if (usb_id_match(usbredir_ftdi_serial_ids, vendor_id, product_id,
+ interface_class, interface_subclass, interface_protocol)) {
+ quirks |= USB_QUIRK_BUFFER_BULK_IN | USB_QUIRK_IS_FTDI;
+ }
+
+ return quirks;
+}
diff --git a/hw/usb/quirks.h b/hw/usb/quirks.h
new file mode 100644
index 000000000..8dc606552
--- /dev/null
+++ b/hw/usb/quirks.h
@@ -0,0 +1,910 @@
+/*
+ * USB quirk handling
+ *
+ * Copyright (c) 2012 Red Hat, Inc.
+ *
+ * Red Hat Authors:
+ * Hans de Goede <hdegoede@redhat.com>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ */
+
+/* 1 on 1 copy of linux/drivers/usb/serial/ftdi_sio_ids.h */
+#include "quirks-ftdi-ids.h"
+/* 1 on 1 copy of linux/drivers/usb/serial/pl2303.h */
+#include "quirks-pl2303-ids.h"
+
+struct usb_device_id {
+ int vendor_id;
+ int product_id;
+ int interface_class;
+ int interface_subclass;
+ int interface_protocol;
+};
+
+#define USB_DEVICE(vendor, product) \
+ .vendor_id = vendor, .product_id = product, .interface_class = -1,
+
+#define USB_DEVICE_AND_INTERFACE_INFO(vend, prod, iclass, isubclass, iproto) \
+ .vendor_id = vend, .product_id = prod, .interface_class = iclass, \
+ .interface_subclass = isubclass, .interface_protocol = iproto
+
+static const struct usb_device_id usbredir_raw_serial_ids[] = {
+ /*
+ * Silicon Laboratories CP210x USB to RS232 serial adapter ids
+ * copied from linux/drivers/usb/serial/cp210x.c
+ *
+ * Copyright (C) 2005 Craig Shelley (craig@microtron.org.uk)
+ */
+ { USB_DEVICE(0x045B, 0x0053) }, /* Renesas RX610 RX-Stick */
+ { USB_DEVICE(0x0471, 0x066A) }, /* AKTAKOM ACE-1001 cable */
+ { USB_DEVICE(0x0489, 0xE000) }, /* Pirelli Broadband S.p.A, DP-L10 SIP/GSM Mobile */
+ { USB_DEVICE(0x0489, 0xE003) }, /* Pirelli Broadband S.p.A, DP-L10 SIP/GSM Mobile */
+ { USB_DEVICE(0x0745, 0x1000) }, /* CipherLab USB CCD Barcode Scanner 1000 */
+ { USB_DEVICE(0x08e6, 0x5501) }, /* Gemalto Prox-PU/CU contactless smartcard reader */
+ { USB_DEVICE(0x08FD, 0x000A) }, /* Digianswer A/S , ZigBee/802.15.4 MAC Device */
+ { USB_DEVICE(0x0BED, 0x1100) }, /* MEI (TM) Cashflow-SC Bill/Voucher Acceptor */
+ { USB_DEVICE(0x0BED, 0x1101) }, /* MEI series 2000 Combo Acceptor */
+ { USB_DEVICE(0x0FCF, 0x1003) }, /* Dynastream ANT development board */
+ { USB_DEVICE(0x0FCF, 0x1004) }, /* Dynastream ANT2USB */
+ { USB_DEVICE(0x0FCF, 0x1006) }, /* Dynastream ANT development board */
+ { USB_DEVICE(0x10A6, 0xAA26) }, /* Knock-off DCU-11 cable */
+ { USB_DEVICE(0x10AB, 0x10C5) }, /* Siemens MC60 Cable */
+ { USB_DEVICE(0x10B5, 0xAC70) }, /* Nokia CA-42 USB */
+ { USB_DEVICE(0x10C4, 0x0F91) }, /* Vstabi */
+ { USB_DEVICE(0x10C4, 0x1101) }, /* Arkham Technology DS101 Bus Monitor */
+ { USB_DEVICE(0x10C4, 0x1601) }, /* Arkham Technology DS101 Adapter */
+ { USB_DEVICE(0x10C4, 0x800A) }, /* SPORTident BSM7-D-USB main station */
+ { USB_DEVICE(0x10C4, 0x803B) }, /* Pololu USB-serial converter */
+ { USB_DEVICE(0x10C4, 0x8044) }, /* Cygnal Debug Adapter */
+ { USB_DEVICE(0x10C4, 0x804E) }, /* Software Bisque Paramount ME build-in converter */
+ { USB_DEVICE(0x10C4, 0x8053) }, /* Enfora EDG1228 */
+ { USB_DEVICE(0x10C4, 0x8054) }, /* Enfora GSM2228 */
+ { USB_DEVICE(0x10C4, 0x8066) }, /* Argussoft In-System Programmer */
+ { USB_DEVICE(0x10C4, 0x806F) }, /* IMS USB to RS422 Converter Cable */
+ { USB_DEVICE(0x10C4, 0x807A) }, /* Crumb128 board */
+ { USB_DEVICE(0x10C4, 0x80C4) }, /* Cygnal Integrated Products, Inc., Optris infrared thermometer */
+ { USB_DEVICE(0x10C4, 0x80CA) }, /* Degree Controls Inc */
+ { USB_DEVICE(0x10C4, 0x80DD) }, /* Tracient RFID */
+ { USB_DEVICE(0x10C4, 0x80F6) }, /* Suunto sports instrument */
+ { USB_DEVICE(0x10C4, 0x8115) }, /* Arygon NFC/Mifare Reader */
+ { USB_DEVICE(0x10C4, 0x813D) }, /* Burnside Telecom Deskmobile */
+ { USB_DEVICE(0x10C4, 0x813F) }, /* Tams Master Easy Control */
+ { USB_DEVICE(0x10C4, 0x814A) }, /* West Mountain Radio RIGblaster P&P */
+ { USB_DEVICE(0x10C4, 0x814B) }, /* West Mountain Radio RIGtalk */
+ { USB_DEVICE(0x10C4, 0x8156) }, /* B&G H3000 link cable */
+ { USB_DEVICE(0x10C4, 0x815E) }, /* Helicomm IP-Link 1220-DVM */
+ { USB_DEVICE(0x10C4, 0x815F) }, /* Timewave HamLinkUSB */
+ { USB_DEVICE(0x10C4, 0x818B) }, /* AVIT Research USB to TTL */
+ { USB_DEVICE(0x10C4, 0x819F) }, /* MJS USB Toslink Switcher */
+ { USB_DEVICE(0x10C4, 0x81A6) }, /* ThinkOptics WavIt */
+ { USB_DEVICE(0x10C4, 0x81A9) }, /* Multiplex RC Interface */
+ { USB_DEVICE(0x10C4, 0x81AC) }, /* MSD Dash Hawk */
+ { USB_DEVICE(0x10C4, 0x81AD) }, /* INSYS USB Modem */
+ { USB_DEVICE(0x10C4, 0x81C8) }, /* Lipowsky Industrie Elektronik GmbH, Baby-JTAG */
+ { USB_DEVICE(0x10C4, 0x81E2) }, /* Lipowsky Industrie Elektronik GmbH, Baby-LIN */
+ { USB_DEVICE(0x10C4, 0x81E7) }, /* Aerocomm Radio */
+ { USB_DEVICE(0x10C4, 0x81E8) }, /* Zephyr Bioharness */
+ { USB_DEVICE(0x10C4, 0x81F2) }, /* C1007 HF band RFID controller */
+ { USB_DEVICE(0x10C4, 0x8218) }, /* Lipowsky Industrie Elektronik GmbH, HARP-1 */
+ { USB_DEVICE(0x10C4, 0x822B) }, /* Modem EDGE(GSM) Comander 2 */
+ { USB_DEVICE(0x10C4, 0x826B) }, /* Cygnal Integrated Products, Inc., Fasttrax GPS demonstration module */
+ { USB_DEVICE(0x10C4, 0x8293) }, /* Telegesis ETRX2USB */
+ { USB_DEVICE(0x10C4, 0x82F9) }, /* Procyon AVS */
+ { USB_DEVICE(0x10C4, 0x8341) }, /* Siemens MC35PU GPRS Modem */
+ { USB_DEVICE(0x10C4, 0x8382) }, /* Cygnal Integrated Products, Inc. */
+ { USB_DEVICE(0x10C4, 0x83A8) }, /* Amber Wireless AMB2560 */
+ { USB_DEVICE(0x10C4, 0x83D8) }, /* DekTec DTA Plus VHF/UHF Booster/Attenuator */
+ { USB_DEVICE(0x10C4, 0x8411) }, /* Kyocera GPS Module */
+ { USB_DEVICE(0x10C4, 0x8418) }, /* IRZ Automation Teleport SG-10 GSM/GPRS Modem */
+ { USB_DEVICE(0x10C4, 0x846E) }, /* BEI USB Sensor Interface (VCP) */
+ { USB_DEVICE(0x10C4, 0x8477) }, /* Balluff RFID */
+ { USB_DEVICE(0x10C4, 0x85EA) }, /* AC-Services IBUS-IF */
+ { USB_DEVICE(0x10C4, 0x85EB) }, /* AC-Services CIS-IBUS */
+ { USB_DEVICE(0x10C4, 0x8664) }, /* AC-Services CAN-IF */
+ { USB_DEVICE(0x10C4, 0x8665) }, /* AC-Services OBD-IF */
+ { USB_DEVICE(0x10C4, 0xEA60) }, /* Silicon Labs factory default */
+ { USB_DEVICE(0x10C4, 0xEA61) }, /* Silicon Labs factory default */
+ { USB_DEVICE(0x10C4, 0xEA70) }, /* Silicon Labs factory default */
+ { USB_DEVICE(0x10C4, 0xEA80) }, /* Silicon Labs factory default */
+ { USB_DEVICE(0x10C4, 0xEA71) }, /* Infinity GPS-MIC-1 Radio Monophone */
+ { USB_DEVICE(0x10C4, 0xF001) }, /* Elan Digital Systems USBscope50 */
+ { USB_DEVICE(0x10C4, 0xF002) }, /* Elan Digital Systems USBwave12 */
+ { USB_DEVICE(0x10C4, 0xF003) }, /* Elan Digital Systems USBpulse100 */
+ { USB_DEVICE(0x10C4, 0xF004) }, /* Elan Digital Systems USBcount50 */
+ { USB_DEVICE(0x10C5, 0xEA61) }, /* Silicon Labs MobiData GPRS USB Modem */
+ { USB_DEVICE(0x10CE, 0xEA6A) }, /* Silicon Labs MobiData GPRS USB Modem 100EU */
+ { USB_DEVICE(0x13AD, 0x9999) }, /* Baltech card reader */
+ { USB_DEVICE(0x1555, 0x0004) }, /* Owen AC4 USB-RS485 Converter */
+ { USB_DEVICE(0x166A, 0x0201) }, /* Clipsal 5500PACA C-Bus Pascal Automation Controller */
+ { USB_DEVICE(0x166A, 0x0301) }, /* Clipsal 5800PC C-Bus Wireless PC Interface */
+ { USB_DEVICE(0x166A, 0x0303) }, /* Clipsal 5500PCU C-Bus USB interface */
+ { USB_DEVICE(0x166A, 0x0304) }, /* Clipsal 5000CT2 C-Bus Black and White Touchscreen */
+ { USB_DEVICE(0x166A, 0x0305) }, /* Clipsal C-5000CT2 C-Bus Spectrum Colour Touchscreen */
+ { USB_DEVICE(0x166A, 0x0401) }, /* Clipsal L51xx C-Bus Architectural Dimmer */
+ { USB_DEVICE(0x166A, 0x0101) }, /* Clipsal 5560884 C-Bus Multi-room Audio Matrix Switcher */
+ { USB_DEVICE(0x16D6, 0x0001) }, /* Jablotron serial interface */
+ { USB_DEVICE(0x16DC, 0x0010) }, /* W-IE-NE-R Plein & Baus GmbH PL512 Power Supply */
+ { USB_DEVICE(0x16DC, 0x0011) }, /* W-IE-NE-R Plein & Baus GmbH RCM Remote Control for MARATON Power Supply */
+ { USB_DEVICE(0x16DC, 0x0012) }, /* W-IE-NE-R Plein & Baus GmbH MPOD Multi Channel Power Supply */
+ { USB_DEVICE(0x16DC, 0x0015) }, /* W-IE-NE-R Plein & Baus GmbH CML Control, Monitoring and Data Logger */
+ { USB_DEVICE(0x17A8, 0x0001) }, /* Kamstrup Optical Eye/3-wire */
+ { USB_DEVICE(0x17A8, 0x0005) }, /* Kamstrup M-Bus Master MultiPort 250D */
+ { USB_DEVICE(0x17F4, 0xAAAA) }, /* Wavesense Jazz blood glucose meter */
+ { USB_DEVICE(0x1843, 0x0200) }, /* Vaisala USB Instrument Cable */
+ { USB_DEVICE(0x18EF, 0xE00F) }, /* ELV USB-I2C-Interface */
+ { USB_DEVICE(0x1BE3, 0x07A6) }, /* WAGO 750-923 USB Service Cable */
+ { USB_DEVICE(0x1E29, 0x0102) }, /* Festo CPX-USB */
+ { USB_DEVICE(0x1E29, 0x0501) }, /* Festo CMSP */
+ { USB_DEVICE(0x3195, 0xF190) }, /* Link Instruments MSO-19 */
+ { USB_DEVICE(0x3195, 0xF280) }, /* Link Instruments MSO-28 */
+ { USB_DEVICE(0x3195, 0xF281) }, /* Link Instruments MSO-28 */
+ { USB_DEVICE(0x413C, 0x9500) }, /* DW700 GPS USB interface */
+
+ /*
+ * Prolific pl2303 USB to RS232 serial adapter ids
+ * copied from linux/drivers/usb/serial/pl2303.c
+ *
+ * Copyright (C) 2001-2007 Greg Kroah-Hartman (greg@kroah.com)
+ * Copyright (C) 2003 IBM Corp.
+ */
+ { USB_DEVICE(PL2303_VENDOR_ID, PL2303_PRODUCT_ID) },
+ { USB_DEVICE(PL2303_VENDOR_ID, PL2303_PRODUCT_ID_RSAQ2) },
+ { USB_DEVICE(PL2303_VENDOR_ID, PL2303_PRODUCT_ID_DCU11) },
+ { USB_DEVICE(PL2303_VENDOR_ID, PL2303_PRODUCT_ID_RSAQ3) },
+ { USB_DEVICE(PL2303_VENDOR_ID, PL2303_PRODUCT_ID_PHAROS) },
+ { USB_DEVICE(PL2303_VENDOR_ID, PL2303_PRODUCT_ID_ALDIGA) },
+ { USB_DEVICE(PL2303_VENDOR_ID, PL2303_PRODUCT_ID_MMX) },
+ { USB_DEVICE(PL2303_VENDOR_ID, PL2303_PRODUCT_ID_GPRS) },
+ { USB_DEVICE(PL2303_VENDOR_ID, PL2303_PRODUCT_ID_HCR331) },
+ { USB_DEVICE(PL2303_VENDOR_ID, PL2303_PRODUCT_ID_MOTOROLA) },
+ { USB_DEVICE(IODATA_VENDOR_ID, IODATA_PRODUCT_ID) },
+ { USB_DEVICE(IODATA_VENDOR_ID, IODATA_PRODUCT_ID_RSAQ5) },
+ { USB_DEVICE(ATEN_VENDOR_ID, ATEN_PRODUCT_ID) },
+ { USB_DEVICE(ATEN_VENDOR_ID2, ATEN_PRODUCT_ID) },
+ { USB_DEVICE(ELCOM_VENDOR_ID, ELCOM_PRODUCT_ID) },
+ { USB_DEVICE(ELCOM_VENDOR_ID, ELCOM_PRODUCT_ID_UCSGT) },
+ { USB_DEVICE(ITEGNO_VENDOR_ID, ITEGNO_PRODUCT_ID) },
+ { USB_DEVICE(ITEGNO_VENDOR_ID, ITEGNO_PRODUCT_ID_2080) },
+ { USB_DEVICE(MA620_VENDOR_ID, MA620_PRODUCT_ID) },
+ { USB_DEVICE(RATOC_VENDOR_ID, RATOC_PRODUCT_ID) },
+ { USB_DEVICE(TRIPP_VENDOR_ID, TRIPP_PRODUCT_ID) },
+ { USB_DEVICE(RADIOSHACK_VENDOR_ID, RADIOSHACK_PRODUCT_ID) },
+ { USB_DEVICE(DCU10_VENDOR_ID, DCU10_PRODUCT_ID) },
+ { USB_DEVICE(SITECOM_VENDOR_ID, SITECOM_PRODUCT_ID) },
+ { USB_DEVICE(ALCATEL_VENDOR_ID, ALCATEL_PRODUCT_ID) },
+ { USB_DEVICE(SAMSUNG_VENDOR_ID, SAMSUNG_PRODUCT_ID) },
+ { USB_DEVICE(SIEMENS_VENDOR_ID, SIEMENS_PRODUCT_ID_SX1) },
+ { USB_DEVICE(SIEMENS_VENDOR_ID, SIEMENS_PRODUCT_ID_X65) },
+ { USB_DEVICE(SIEMENS_VENDOR_ID, SIEMENS_PRODUCT_ID_X75) },
+ { USB_DEVICE(SIEMENS_VENDOR_ID, SIEMENS_PRODUCT_ID_EF81) },
+ { USB_DEVICE(BENQ_VENDOR_ID, BENQ_PRODUCT_ID_S81) }, /* Benq/Siemens S81 */
+ { USB_DEVICE(SYNTECH_VENDOR_ID, SYNTECH_PRODUCT_ID) },
+ { USB_DEVICE(NOKIA_CA42_VENDOR_ID, NOKIA_CA42_PRODUCT_ID) },
+ { USB_DEVICE(CA_42_CA42_VENDOR_ID, CA_42_CA42_PRODUCT_ID) },
+ { USB_DEVICE(SAGEM_VENDOR_ID, SAGEM_PRODUCT_ID) },
+ { USB_DEVICE(LEADTEK_VENDOR_ID, LEADTEK_9531_PRODUCT_ID) },
+ { USB_DEVICE(SPEEDDRAGON_VENDOR_ID, SPEEDDRAGON_PRODUCT_ID) },
+ { USB_DEVICE(DATAPILOT_U2_VENDOR_ID, DATAPILOT_U2_PRODUCT_ID) },
+ { USB_DEVICE(BELKIN_VENDOR_ID, BELKIN_PRODUCT_ID) },
+ { USB_DEVICE(ALCOR_VENDOR_ID, ALCOR_PRODUCT_ID) },
+ { USB_DEVICE(WS002IN_VENDOR_ID, WS002IN_PRODUCT_ID) },
+ { USB_DEVICE(COREGA_VENDOR_ID, COREGA_PRODUCT_ID) },
+ { USB_DEVICE(YCCABLE_VENDOR_ID, YCCABLE_PRODUCT_ID) },
+ { USB_DEVICE(SUPERIAL_VENDOR_ID, SUPERIAL_PRODUCT_ID) },
+ { USB_DEVICE(HP_VENDOR_ID, HP_LD220_PRODUCT_ID) },
+ { USB_DEVICE(CRESSI_VENDOR_ID, CRESSI_EDY_PRODUCT_ID) },
+ { USB_DEVICE(ZEAGLE_VENDOR_ID, ZEAGLE_N2ITION3_PRODUCT_ID) },
+ { USB_DEVICE(SONY_VENDOR_ID, SONY_QN3USB_PRODUCT_ID) },
+ { USB_DEVICE(SANWA_VENDOR_ID, SANWA_PRODUCT_ID) },
+ { USB_DEVICE(ADLINK_VENDOR_ID, ADLINK_ND6530_PRODUCT_ID) },
+ { USB_DEVICE(SMART_VENDOR_ID, SMART_PRODUCT_ID) },
+
+ { USB_DEVICE(-1, -1) } /* Terminating Entry */
+};
+
+static const struct usb_device_id usbredir_ftdi_serial_ids[] = {
+ /*
+ * FTDI USB to RS232 serial adapter ids
+ * copied from linux/drivers/usb/serial/ftdi_sio.c
+ *
+ * Copyright (C) 2009 - 2010
+ * Johan Hovold (jhovold@gmail.com)
+ * Copyright (C) 1999 - 2001
+ * Greg Kroah-Hartman (greg@kroah.com)
+ * Bill Ryder (bryder@sgi.com)
+ * Copyright (C) 2002
+ * Kuba Ober (kuba@mareimbrium.org)
+ */
+ { USB_DEVICE(FTDI_VID, FTDI_ZEITCONTROL_TAGTRACE_MIFARE_PID) },
+ { USB_DEVICE(FTDI_VID, FTDI_CTI_MINI_PID) },
+ { USB_DEVICE(FTDI_VID, FTDI_CTI_NANO_PID) },
+ { USB_DEVICE(FTDI_VID, FTDI_AMC232_PID) },
+ { USB_DEVICE(FTDI_VID, FTDI_CANUSB_PID) },
+ { USB_DEVICE(FTDI_VID, FTDI_CANDAPTER_PID) },
+ { USB_DEVICE(FTDI_VID, FTDI_NXTCAM_PID) },
+ { USB_DEVICE(FTDI_VID, FTDI_SCS_DEVICE_0_PID) },
+ { USB_DEVICE(FTDI_VID, FTDI_SCS_DEVICE_1_PID) },
+ { USB_DEVICE(FTDI_VID, FTDI_SCS_DEVICE_2_PID) },
+ { USB_DEVICE(FTDI_VID, FTDI_SCS_DEVICE_3_PID) },
+ { USB_DEVICE(FTDI_VID, FTDI_SCS_DEVICE_4_PID) },
+ { USB_DEVICE(FTDI_VID, FTDI_SCS_DEVICE_5_PID) },
+ { USB_DEVICE(FTDI_VID, FTDI_SCS_DEVICE_6_PID) },
+ { USB_DEVICE(FTDI_VID, FTDI_SCS_DEVICE_7_PID) },
+ { USB_DEVICE(FTDI_VID, FTDI_USINT_CAT_PID) },
+ { USB_DEVICE(FTDI_VID, FTDI_USINT_WKEY_PID) },
+ { USB_DEVICE(FTDI_VID, FTDI_USINT_RS232_PID) },
+ { USB_DEVICE(FTDI_VID, FTDI_ACTZWAVE_PID) },
+ { USB_DEVICE(FTDI_VID, FTDI_IRTRANS_PID) },
+ { USB_DEVICE(FTDI_VID, FTDI_IPLUS_PID) },
+ { USB_DEVICE(FTDI_VID, FTDI_IPLUS2_PID) },
+ { USB_DEVICE(FTDI_VID, FTDI_DMX4ALL) },
+ { USB_DEVICE(FTDI_VID, FTDI_SIO_PID) },
+ { USB_DEVICE(FTDI_VID, FTDI_8U232AM_PID) },
+ { USB_DEVICE(FTDI_VID, FTDI_8U232AM_ALT_PID) },
+ { USB_DEVICE(FTDI_VID, FTDI_232RL_PID) },
+ { USB_DEVICE(FTDI_VID, FTDI_8U2232C_PID) },
+ { USB_DEVICE(FTDI_VID, FTDI_4232H_PID) },
+ { USB_DEVICE(FTDI_VID, FTDI_232H_PID) },
+ { USB_DEVICE(FTDI_VID, FTDI_FTX_PID) },
+ { USB_DEVICE(FTDI_VID, FTDI_MICRO_CHAMELEON_PID) },
+ { USB_DEVICE(FTDI_VID, FTDI_RELAIS_PID) },
+ { USB_DEVICE(FTDI_VID, FTDI_OPENDCC_PID) },
+ { USB_DEVICE(FTDI_VID, FTDI_OPENDCC_SNIFFER_PID) },
+ { USB_DEVICE(FTDI_VID, FTDI_OPENDCC_THROTTLE_PID) },
+ { USB_DEVICE(FTDI_VID, FTDI_OPENDCC_GATEWAY_PID) },
+ { USB_DEVICE(FTDI_VID, FTDI_OPENDCC_GBM_PID) },
+ { USB_DEVICE(INTERBIOMETRICS_VID, INTERBIOMETRICS_IOBOARD_PID) },
+ { USB_DEVICE(INTERBIOMETRICS_VID, INTERBIOMETRICS_MINI_IOBOARD_PID) },
+ { USB_DEVICE(FTDI_VID, FTDI_SPROG_II) },
+ { USB_DEVICE(FTDI_VID, FTDI_LENZ_LIUSB_PID) },
+ { USB_DEVICE(FTDI_VID, FTDI_XF_632_PID) },
+ { USB_DEVICE(FTDI_VID, FTDI_XF_634_PID) },
+ { USB_DEVICE(FTDI_VID, FTDI_XF_547_PID) },
+ { USB_DEVICE(FTDI_VID, FTDI_XF_633_PID) },
+ { USB_DEVICE(FTDI_VID, FTDI_XF_631_PID) },
+ { USB_DEVICE(FTDI_VID, FTDI_XF_635_PID) },
+ { USB_DEVICE(FTDI_VID, FTDI_XF_640_PID) },
+ { USB_DEVICE(FTDI_VID, FTDI_XF_642_PID) },
+ { USB_DEVICE(FTDI_VID, FTDI_DSS20_PID) },
+ { USB_DEVICE(FTDI_VID, FTDI_URBAN_0_PID) },
+ { USB_DEVICE(FTDI_VID, FTDI_URBAN_1_PID) },
+ { USB_DEVICE(FTDI_NF_RIC_VID, FTDI_NF_RIC_PID) },
+ { USB_DEVICE(FTDI_VID, FTDI_VNHCPCUSB_D_PID) },
+ { USB_DEVICE(FTDI_VID, FTDI_MTXORB_0_PID) },
+ { USB_DEVICE(FTDI_VID, FTDI_MTXORB_1_PID) },
+ { USB_DEVICE(FTDI_VID, FTDI_MTXORB_2_PID) },
+ { USB_DEVICE(FTDI_VID, FTDI_MTXORB_3_PID) },
+ { USB_DEVICE(FTDI_VID, FTDI_MTXORB_4_PID) },
+ { USB_DEVICE(FTDI_VID, FTDI_MTXORB_5_PID) },
+ { USB_DEVICE(FTDI_VID, FTDI_MTXORB_6_PID) },
+ { USB_DEVICE(FTDI_VID, FTDI_R2000KU_TRUE_RNG) },
+ { USB_DEVICE(FTDI_VID, FTDI_VARDAAN_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_0100_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_0101_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_0102_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_0103_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_0104_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_0105_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_0106_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_0107_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_0108_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_0109_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_010A_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_010B_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_010C_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_010D_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_010E_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_010F_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_0110_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_0111_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_0112_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_0113_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_0114_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_0115_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_0116_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_0117_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_0118_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_0119_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_011A_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_011B_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_011C_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_011D_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_011E_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_011F_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_0120_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_0121_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_0122_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_0123_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_0124_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_0125_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_0126_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_0127_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_0128_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_0129_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_012A_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_012B_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_012C_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_012D_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_012E_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_012F_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_0130_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_0131_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_0132_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_0133_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_0134_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_0135_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_0136_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_0137_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_0138_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_0139_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_013A_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_013B_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_013C_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_013D_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_013E_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_013F_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_0140_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_0141_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_0142_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_0143_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_0144_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_0145_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_0146_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_0147_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_0148_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_0149_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_014A_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_014B_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_014C_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_014D_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_014E_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_014F_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_0150_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_0151_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_0152_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_0153_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_0154_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_0155_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_0156_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_0157_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_0158_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_0159_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_015A_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_015B_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_015C_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_015D_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_015E_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_015F_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_0160_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_0161_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_0162_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_0163_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_0164_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_0165_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_0166_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_0167_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_0168_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_0169_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_016A_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_016B_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_016C_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_016D_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_016E_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_016F_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_0170_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_0171_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_0172_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_0173_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_0174_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_0175_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_0176_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_0177_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_0178_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_0179_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_017A_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_017B_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_017C_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_017D_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_017E_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_017F_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_0180_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_0181_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_0182_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_0183_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_0184_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_0185_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_0186_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_0187_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_0188_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_0189_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_018A_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_018B_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_018C_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_018D_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_018E_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_018F_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_0190_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_0191_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_0192_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_0193_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_0194_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_0195_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_0196_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_0197_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_0198_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_0199_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_019A_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_019B_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_019C_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_019D_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_019E_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_019F_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_01A0_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_01A1_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_01A2_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_01A3_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_01A4_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_01A5_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_01A6_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_01A7_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_01A8_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_01A9_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_01AA_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_01AB_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_01AC_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_01AD_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_01AE_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_01AF_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_01B0_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_01B1_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_01B2_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_01B3_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_01B4_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_01B5_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_01B6_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_01B7_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_01B8_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_01B9_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_01BA_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_01BB_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_01BC_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_01BD_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_01BE_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_01BF_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_01C0_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_01C1_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_01C2_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_01C3_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_01C4_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_01C5_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_01C6_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_01C7_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_01C8_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_01C9_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_01CA_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_01CB_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_01CC_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_01CD_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_01CE_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_01CF_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_01D0_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_01D1_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_01D2_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_01D3_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_01D4_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_01D5_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_01D6_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_01D7_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_01D8_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_01D9_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_01DA_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_01DB_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_01DC_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_01DD_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_01DE_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_01DF_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_01E0_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_01E1_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_01E2_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_01E3_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_01E4_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_01E5_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_01E6_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_01E7_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_01E8_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_01E9_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_01EA_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_01EB_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_01EC_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_01ED_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_01EE_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_01EF_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_01F0_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_01F1_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_01F2_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_01F3_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_01F4_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_01F5_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_01F6_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_01F7_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_01F8_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_01F9_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_01FA_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_01FB_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_01FC_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_01FD_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_01FE_PID) },
+ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_01FF_PID) },
+ { USB_DEVICE(FTDI_VID, FTDI_PERLE_ULTRAPORT_PID) },
+ { USB_DEVICE(FTDI_VID, FTDI_PIEGROUP_PID) },
+ { USB_DEVICE(FTDI_VID, FTDI_TNC_X_PID) },
+ { USB_DEVICE(FTDI_VID, FTDI_USBX_707_PID) },
+ { USB_DEVICE(SEALEVEL_VID, SEALEVEL_2101_PID) },
+ { USB_DEVICE(SEALEVEL_VID, SEALEVEL_2102_PID) },
+ { USB_DEVICE(SEALEVEL_VID, SEALEVEL_2103_PID) },
+ { USB_DEVICE(SEALEVEL_VID, SEALEVEL_2104_PID) },
+ { USB_DEVICE(SEALEVEL_VID, SEALEVEL_2106_PID) },
+ { USB_DEVICE(SEALEVEL_VID, SEALEVEL_2201_1_PID) },
+ { USB_DEVICE(SEALEVEL_VID, SEALEVEL_2201_2_PID) },
+ { USB_DEVICE(SEALEVEL_VID, SEALEVEL_2202_1_PID) },
+ { USB_DEVICE(SEALEVEL_VID, SEALEVEL_2202_2_PID) },
+ { USB_DEVICE(SEALEVEL_VID, SEALEVEL_2203_1_PID) },
+ { USB_DEVICE(SEALEVEL_VID, SEALEVEL_2203_2_PID) },
+ { USB_DEVICE(SEALEVEL_VID, SEALEVEL_2401_1_PID) },
+ { USB_DEVICE(SEALEVEL_VID, SEALEVEL_2401_2_PID) },
+ { USB_DEVICE(SEALEVEL_VID, SEALEVEL_2401_3_PID) },
+ { USB_DEVICE(SEALEVEL_VID, SEALEVEL_2401_4_PID) },
+ { USB_DEVICE(SEALEVEL_VID, SEALEVEL_2402_1_PID) },
+ { USB_DEVICE(SEALEVEL_VID, SEALEVEL_2402_2_PID) },
+ { USB_DEVICE(SEALEVEL_VID, SEALEVEL_2402_3_PID) },
+ { USB_DEVICE(SEALEVEL_VID, SEALEVEL_2402_4_PID) },
+ { USB_DEVICE(SEALEVEL_VID, SEALEVEL_2403_1_PID) },
+ { USB_DEVICE(SEALEVEL_VID, SEALEVEL_2403_2_PID) },
+ { USB_DEVICE(SEALEVEL_VID, SEALEVEL_2403_3_PID) },
+ { USB_DEVICE(SEALEVEL_VID, SEALEVEL_2403_4_PID) },
+ { USB_DEVICE(SEALEVEL_VID, SEALEVEL_2801_1_PID) },
+ { USB_DEVICE(SEALEVEL_VID, SEALEVEL_2801_2_PID) },
+ { USB_DEVICE(SEALEVEL_VID, SEALEVEL_2801_3_PID) },
+ { USB_DEVICE(SEALEVEL_VID, SEALEVEL_2801_4_PID) },
+ { USB_DEVICE(SEALEVEL_VID, SEALEVEL_2801_5_PID) },
+ { USB_DEVICE(SEALEVEL_VID, SEALEVEL_2801_6_PID) },
+ { USB_DEVICE(SEALEVEL_VID, SEALEVEL_2801_7_PID) },
+ { USB_DEVICE(SEALEVEL_VID, SEALEVEL_2801_8_PID) },
+ { USB_DEVICE(SEALEVEL_VID, SEALEVEL_2802_1_PID) },
+ { USB_DEVICE(SEALEVEL_VID, SEALEVEL_2802_2_PID) },
+ { USB_DEVICE(SEALEVEL_VID, SEALEVEL_2802_3_PID) },
+ { USB_DEVICE(SEALEVEL_VID, SEALEVEL_2802_4_PID) },
+ { USB_DEVICE(SEALEVEL_VID, SEALEVEL_2802_5_PID) },
+ { USB_DEVICE(SEALEVEL_VID, SEALEVEL_2802_6_PID) },
+ { USB_DEVICE(SEALEVEL_VID, SEALEVEL_2802_7_PID) },
+ { USB_DEVICE(SEALEVEL_VID, SEALEVEL_2802_8_PID) },
+ { USB_DEVICE(SEALEVEL_VID, SEALEVEL_2803_1_PID) },
+ { USB_DEVICE(SEALEVEL_VID, SEALEVEL_2803_2_PID) },
+ { USB_DEVICE(SEALEVEL_VID, SEALEVEL_2803_3_PID) },
+ { USB_DEVICE(SEALEVEL_VID, SEALEVEL_2803_4_PID) },
+ { USB_DEVICE(SEALEVEL_VID, SEALEVEL_2803_5_PID) },
+ { USB_DEVICE(SEALEVEL_VID, SEALEVEL_2803_6_PID) },
+ { USB_DEVICE(SEALEVEL_VID, SEALEVEL_2803_7_PID) },
+ { USB_DEVICE(SEALEVEL_VID, SEALEVEL_2803_8_PID) },
+ { USB_DEVICE(SEALEVEL_VID, SEALEVEL_2803R_1_PID) },
+ { USB_DEVICE(SEALEVEL_VID, SEALEVEL_2803R_2_PID) },
+ { USB_DEVICE(SEALEVEL_VID, SEALEVEL_2803R_3_PID) },
+ { USB_DEVICE(SEALEVEL_VID, SEALEVEL_2803R_4_PID) },
+ { USB_DEVICE(IDTECH_VID, IDTECH_IDT1221U_PID) },
+ { USB_DEVICE(OCT_VID, OCT_US101_PID) },
+ { USB_DEVICE(OCT_VID, OCT_DK201_PID) },
+ { USB_DEVICE(FTDI_VID, FTDI_HE_TIRA1_PID) },
+ { USB_DEVICE(FTDI_VID, FTDI_USB_UIRT_PID) },
+ { USB_DEVICE(FTDI_VID, PROTEGO_SPECIAL_1) },
+ { USB_DEVICE(FTDI_VID, PROTEGO_R2X0) },
+ { USB_DEVICE(FTDI_VID, PROTEGO_SPECIAL_3) },
+ { USB_DEVICE(FTDI_VID, PROTEGO_SPECIAL_4) },
+ { USB_DEVICE(FTDI_VID, FTDI_GUDEADS_E808_PID) },
+ { USB_DEVICE(FTDI_VID, FTDI_GUDEADS_E809_PID) },
+ { USB_DEVICE(FTDI_VID, FTDI_GUDEADS_E80A_PID) },
+ { USB_DEVICE(FTDI_VID, FTDI_GUDEADS_E80B_PID) },
+ { USB_DEVICE(FTDI_VID, FTDI_GUDEADS_E80C_PID) },
+ { USB_DEVICE(FTDI_VID, FTDI_GUDEADS_E80D_PID) },
+ { USB_DEVICE(FTDI_VID, FTDI_GUDEADS_E80E_PID) },
+ { USB_DEVICE(FTDI_VID, FTDI_GUDEADS_E80F_PID) },
+ { USB_DEVICE(FTDI_VID, FTDI_GUDEADS_E888_PID) },
+ { USB_DEVICE(FTDI_VID, FTDI_GUDEADS_E889_PID) },
+ { USB_DEVICE(FTDI_VID, FTDI_GUDEADS_E88A_PID) },
+ { USB_DEVICE(FTDI_VID, FTDI_GUDEADS_E88B_PID) },
+ { USB_DEVICE(FTDI_VID, FTDI_GUDEADS_E88C_PID) },
+ { USB_DEVICE(FTDI_VID, FTDI_GUDEADS_E88D_PID) },
+ { USB_DEVICE(FTDI_VID, FTDI_GUDEADS_E88E_PID) },
+ { USB_DEVICE(FTDI_VID, FTDI_GUDEADS_E88F_PID) },
+ { USB_DEVICE(FTDI_VID, FTDI_ELV_UO100_PID) },
+ { USB_DEVICE(FTDI_VID, FTDI_ELV_UM100_PID) },
+ { USB_DEVICE(FTDI_VID, FTDI_ELV_UR100_PID) },
+ { USB_DEVICE(FTDI_VID, FTDI_ELV_ALC8500_PID) },
+ { USB_DEVICE(FTDI_VID, FTDI_PYRAMID_PID) },
+ { USB_DEVICE(FTDI_VID, FTDI_ELV_FHZ1000PC_PID) },
+ { USB_DEVICE(FTDI_VID, FTDI_IBS_US485_PID) },
+ { USB_DEVICE(FTDI_VID, FTDI_IBS_PICPRO_PID) },
+ { USB_DEVICE(FTDI_VID, FTDI_IBS_PCMCIA_PID) },
+ { USB_DEVICE(FTDI_VID, FTDI_IBS_PK1_PID) },
+ { USB_DEVICE(FTDI_VID, FTDI_IBS_RS232MON_PID) },
+ { USB_DEVICE(FTDI_VID, FTDI_IBS_APP70_PID) },
+ { USB_DEVICE(FTDI_VID, FTDI_IBS_PEDO_PID) },
+ { USB_DEVICE(FTDI_VID, FTDI_IBS_PROD_PID) },
+ { USB_DEVICE(FTDI_VID, FTDI_TAVIR_STK500_PID) },
+ { USB_DEVICE(FTDI_VID, FTDI_TIAO_UMPA_PID) },
+ /*
+ * ELV devices:
+ */
+ { USB_DEVICE(FTDI_VID, FTDI_ELV_USR_PID) },
+ { USB_DEVICE(FTDI_VID, FTDI_ELV_MSM1_PID) },
+ { USB_DEVICE(FTDI_VID, FTDI_ELV_KL100_PID) },
+ { USB_DEVICE(FTDI_VID, FTDI_ELV_WS550_PID) },
+ { USB_DEVICE(FTDI_VID, FTDI_ELV_EC3000_PID) },
+ { USB_DEVICE(FTDI_VID, FTDI_ELV_WS888_PID) },
+ { USB_DEVICE(FTDI_VID, FTDI_ELV_TWS550_PID) },
+ { USB_DEVICE(FTDI_VID, FTDI_ELV_FEM_PID) },
+ { USB_DEVICE(FTDI_VID, FTDI_ELV_CLI7000_PID) },
+ { USB_DEVICE(FTDI_VID, FTDI_ELV_PPS7330_PID) },
+ { USB_DEVICE(FTDI_VID, FTDI_ELV_TFM100_PID) },
+ { USB_DEVICE(FTDI_VID, FTDI_ELV_UDF77_PID) },
+ { USB_DEVICE(FTDI_VID, FTDI_ELV_UIO88_PID) },
+ { USB_DEVICE(FTDI_VID, FTDI_ELV_UAD8_PID) },
+ { USB_DEVICE(FTDI_VID, FTDI_ELV_UDA7_PID) },
+ { USB_DEVICE(FTDI_VID, FTDI_ELV_USI2_PID) },
+ { USB_DEVICE(FTDI_VID, FTDI_ELV_T1100_PID) },
+ { USB_DEVICE(FTDI_VID, FTDI_ELV_PCD200_PID) },
+ { USB_DEVICE(FTDI_VID, FTDI_ELV_ULA200_PID) },
+ { USB_DEVICE(FTDI_VID, FTDI_ELV_CSI8_PID) },
+ { USB_DEVICE(FTDI_VID, FTDI_ELV_EM1000DL_PID) },
+ { USB_DEVICE(FTDI_VID, FTDI_ELV_PCK100_PID) },
+ { USB_DEVICE(FTDI_VID, FTDI_ELV_RFP500_PID) },
+ { USB_DEVICE(FTDI_VID, FTDI_ELV_FS20SIG_PID) },
+ { USB_DEVICE(FTDI_VID, FTDI_ELV_UTP8_PID) },
+ { USB_DEVICE(FTDI_VID, FTDI_ELV_WS300PC_PID) },
+ { USB_DEVICE(FTDI_VID, FTDI_ELV_WS444PC_PID) },
+ { USB_DEVICE(FTDI_VID, FTDI_ELV_FHZ1300PC_PID) },
+ { USB_DEVICE(FTDI_VID, FTDI_ELV_EM1010PC_PID) },
+ { USB_DEVICE(FTDI_VID, FTDI_ELV_WS500_PID) },
+ { USB_DEVICE(FTDI_VID, FTDI_ELV_HS485_PID) },
+ { USB_DEVICE(FTDI_VID, FTDI_ELV_UMS100_PID) },
+ { USB_DEVICE(FTDI_VID, FTDI_ELV_TFD128_PID) },
+ { USB_DEVICE(FTDI_VID, FTDI_ELV_FM3RX_PID) },
+ { USB_DEVICE(FTDI_VID, FTDI_ELV_WS777_PID) },
+ { USB_DEVICE(FTDI_VID, LINX_SDMUSBQSS_PID) },
+ { USB_DEVICE(FTDI_VID, LINX_MASTERDEVEL2_PID) },
+ { USB_DEVICE(FTDI_VID, LINX_FUTURE_0_PID) },
+ { USB_DEVICE(FTDI_VID, LINX_FUTURE_1_PID) },
+ { USB_DEVICE(FTDI_VID, LINX_FUTURE_2_PID) },
+ { USB_DEVICE(FTDI_VID, FTDI_CCSICDU20_0_PID) },
+ { USB_DEVICE(FTDI_VID, FTDI_CCSICDU40_1_PID) },
+ { USB_DEVICE(FTDI_VID, FTDI_CCSMACHX_2_PID) },
+ { USB_DEVICE(FTDI_VID, FTDI_CCSLOAD_N_GO_3_PID) },
+ { USB_DEVICE(FTDI_VID, FTDI_CCSICDU64_4_PID) },
+ { USB_DEVICE(FTDI_VID, FTDI_CCSPRIME8_5_PID) },
+ { USB_DEVICE(FTDI_VID, INSIDE_ACCESSO) },
+ { USB_DEVICE(INTREPID_VID, INTREPID_VALUECAN_PID) },
+ { USB_DEVICE(INTREPID_VID, INTREPID_NEOVI_PID) },
+ { USB_DEVICE(FALCOM_VID, FALCOM_TWIST_PID) },
+ { USB_DEVICE(FALCOM_VID, FALCOM_SAMBA_PID) },
+ { USB_DEVICE(FTDI_VID, FTDI_SUUNTO_SPORTS_PID) },
+ { USB_DEVICE(FTDI_VID, FTDI_OCEANIC_PID) },
+ { USB_DEVICE(TTI_VID, TTI_QL355P_PID) },
+ { USB_DEVICE(FTDI_VID, FTDI_RM_CANVIEW_PID) },
+ { USB_DEVICE(ACTON_VID, ACTON_SPECTRAPRO_PID) },
+ { USB_DEVICE(CONTEC_VID, CONTEC_COM1USBH_PID) },
+ { USB_DEVICE(BANDB_VID, BANDB_USOTL4_PID) },
+ { USB_DEVICE(BANDB_VID, BANDB_USTL4_PID) },
+ { USB_DEVICE(BANDB_VID, BANDB_USO9ML2_PID) },
+ { USB_DEVICE(BANDB_VID, BANDB_USOPTL4_PID) },
+ { USB_DEVICE(BANDB_VID, BANDB_USPTL4_PID) },
+ { USB_DEVICE(BANDB_VID, BANDB_USO9ML2DR_2_PID) },
+ { USB_DEVICE(BANDB_VID, BANDB_USO9ML2DR_PID) },
+ { USB_DEVICE(BANDB_VID, BANDB_USOPTL4DR2_PID) },
+ { USB_DEVICE(BANDB_VID, BANDB_USOPTL4DR_PID) },
+ { USB_DEVICE(BANDB_VID, BANDB_485USB9F_2W_PID) },
+ { USB_DEVICE(BANDB_VID, BANDB_485USB9F_4W_PID) },
+ { USB_DEVICE(BANDB_VID, BANDB_232USB9M_PID) },
+ { USB_DEVICE(BANDB_VID, BANDB_485USBTB_2W_PID) },
+ { USB_DEVICE(BANDB_VID, BANDB_485USBTB_4W_PID) },
+ { USB_DEVICE(BANDB_VID, BANDB_TTL5USB9M_PID) },
+ { USB_DEVICE(BANDB_VID, BANDB_TTL3USB9M_PID) },
+ { USB_DEVICE(BANDB_VID, BANDB_ZZ_PROG1_USB_PID) },
+ { USB_DEVICE(FTDI_VID, EVER_ECO_PRO_CDS) },
+ { USB_DEVICE(FTDI_VID, FTDI_4N_GALAXY_DE_1_PID) },
+ { USB_DEVICE(FTDI_VID, FTDI_4N_GALAXY_DE_2_PID) },
+ { USB_DEVICE(FTDI_VID, FTDI_4N_GALAXY_DE_3_PID) },
+ { USB_DEVICE(FTDI_VID, XSENS_CONVERTER_0_PID) },
+ { USB_DEVICE(FTDI_VID, XSENS_CONVERTER_1_PID) },
+ { USB_DEVICE(FTDI_VID, XSENS_CONVERTER_2_PID) },
+ { USB_DEVICE(FTDI_VID, XSENS_CONVERTER_3_PID) },
+ { USB_DEVICE(FTDI_VID, XSENS_CONVERTER_4_PID) },
+ { USB_DEVICE(FTDI_VID, XSENS_CONVERTER_5_PID) },
+ { USB_DEVICE(FTDI_VID, XSENS_CONVERTER_6_PID) },
+ { USB_DEVICE(FTDI_VID, XSENS_CONVERTER_7_PID) },
+ { USB_DEVICE(MOBILITY_VID, MOBILITY_USB_SERIAL_PID) },
+ { USB_DEVICE(FTDI_VID, FTDI_ACTIVE_ROBOTS_PID) },
+ { USB_DEVICE(FTDI_VID, FTDI_MHAM_KW_PID) },
+ { USB_DEVICE(FTDI_VID, FTDI_MHAM_YS_PID) },
+ { USB_DEVICE(FTDI_VID, FTDI_MHAM_Y6_PID) },
+ { USB_DEVICE(FTDI_VID, FTDI_MHAM_Y8_PID) },
+ { USB_DEVICE(FTDI_VID, FTDI_MHAM_IC_PID) },
+ { USB_DEVICE(FTDI_VID, FTDI_MHAM_DB9_PID) },
+ { USB_DEVICE(FTDI_VID, FTDI_MHAM_RS232_PID) },
+ { USB_DEVICE(FTDI_VID, FTDI_MHAM_Y9_PID) },
+ { USB_DEVICE(FTDI_VID, FTDI_TERATRONIK_VCP_PID) },
+ { USB_DEVICE(FTDI_VID, FTDI_TERATRONIK_D2XX_PID) },
+ { USB_DEVICE(EVOLUTION_VID, EVOLUTION_ER1_PID) },
+ { USB_DEVICE(EVOLUTION_VID, EVO_HYBRID_PID) },
+ { USB_DEVICE(EVOLUTION_VID, EVO_RCM4_PID) },
+ { USB_DEVICE(FTDI_VID, FTDI_ARTEMIS_PID) },
+ { USB_DEVICE(FTDI_VID, FTDI_ATIK_ATK16_PID) },
+ { USB_DEVICE(FTDI_VID, FTDI_ATIK_ATK16C_PID) },
+ { USB_DEVICE(FTDI_VID, FTDI_ATIK_ATK16HR_PID) },
+ { USB_DEVICE(FTDI_VID, FTDI_ATIK_ATK16HRC_PID) },
+ { USB_DEVICE(FTDI_VID, FTDI_ATIK_ATK16IC_PID) },
+ { USB_DEVICE(KOBIL_VID, KOBIL_CONV_B1_PID) },
+ { USB_DEVICE(KOBIL_VID, KOBIL_CONV_KAAN_PID) },
+ { USB_DEVICE(POSIFLEX_VID, POSIFLEX_PP7000_PID) },
+ { USB_DEVICE(FTDI_VID, FTDI_TTUSB_PID) },
+ { USB_DEVICE(FTDI_VID, FTDI_ECLO_COM_1WIRE_PID) },
+ { USB_DEVICE(FTDI_VID, FTDI_WESTREX_MODEL_777_PID) },
+ { USB_DEVICE(FTDI_VID, FTDI_WESTREX_MODEL_8900F_PID) },
+ { USB_DEVICE(FTDI_VID, FTDI_PCDJ_DAC2_PID) },
+ { USB_DEVICE(FTDI_VID, FTDI_RRCIRKITS_LOCOBUFFER_PID) },
+ { USB_DEVICE(FTDI_VID, FTDI_ASK_RDR400_PID) },
+ { USB_DEVICE(FTDI_VID, FTDI_NZR_SEM_USB_PID) },
+ { USB_DEVICE(ICOM_VID, ICOM_ID_1_PID) },
+ { USB_DEVICE(ICOM_VID, ICOM_OPC_U_UC_PID) },
+ { USB_DEVICE(ICOM_VID, ICOM_ID_RP2C1_PID) },
+ { USB_DEVICE(ICOM_VID, ICOM_ID_RP2C2_PID) },
+ { USB_DEVICE(ICOM_VID, ICOM_ID_RP2D_PID) },
+ { USB_DEVICE(ICOM_VID, ICOM_ID_RP2VT_PID) },
+ { USB_DEVICE(ICOM_VID, ICOM_ID_RP2VR_PID) },
+ { USB_DEVICE(ICOM_VID, ICOM_ID_RP4KVT_PID) },
+ { USB_DEVICE(ICOM_VID, ICOM_ID_RP4KVR_PID) },
+ { USB_DEVICE(ICOM_VID, ICOM_ID_RP2KVT_PID) },
+ { USB_DEVICE(ICOM_VID, ICOM_ID_RP2KVR_PID) },
+ { USB_DEVICE(FTDI_VID, FTDI_ACG_HFDUAL_PID) },
+ { USB_DEVICE(FTDI_VID, FTDI_YEI_SERVOCENTER31_PID) },
+ { USB_DEVICE(FTDI_VID, FTDI_THORLABS_PID) },
+ { USB_DEVICE(TESTO_VID, TESTO_USB_INTERFACE_PID) },
+ { USB_DEVICE(FTDI_VID, FTDI_GAMMA_SCOUT_PID) },
+ { USB_DEVICE(FTDI_VID, FTDI_TACTRIX_OPENPORT_13M_PID) },
+ { USB_DEVICE(FTDI_VID, FTDI_TACTRIX_OPENPORT_13S_PID) },
+ { USB_DEVICE(FTDI_VID, FTDI_TACTRIX_OPENPORT_13U_PID) },
+ { USB_DEVICE(ELEKTOR_VID, ELEKTOR_FT323R_PID) },
+ { USB_DEVICE(FTDI_VID, FTDI_NDI_HUC_PID) },
+ { USB_DEVICE(FTDI_VID, FTDI_NDI_SPECTRA_SCU_PID) },
+ { USB_DEVICE(FTDI_VID, FTDI_NDI_FUTURE_2_PID) },
+ { USB_DEVICE(FTDI_VID, FTDI_NDI_FUTURE_3_PID) },
+ { USB_DEVICE(FTDI_VID, FTDI_NDI_AURORA_SCU_PID) },
+ { USB_DEVICE(TELLDUS_VID, TELLDUS_TELLSTICK_PID) },
+ { USB_DEVICE(RTSYSTEMS_VID, RTSYSTEMS_SERIAL_VX7_PID) },
+ { USB_DEVICE(RTSYSTEMS_VID, RTSYSTEMS_CT29B_PID) },
+ { USB_DEVICE(RTSYSTEMS_VID, RTSYSTEMS_RTS01_PID) },
+ { USB_DEVICE(FTDI_VID, FTDI_MAXSTREAM_PID) },
+ { USB_DEVICE(FTDI_VID, FTDI_PHI_FISCO_PID) },
+ { USB_DEVICE(TML_VID, TML_USB_SERIAL_PID) },
+ { USB_DEVICE(FTDI_VID, FTDI_ELSTER_UNICOM_PID) },
+ { USB_DEVICE(FTDI_VID, FTDI_PROPOX_JTAGCABLEII_PID) },
+ { USB_DEVICE(FTDI_VID, FTDI_PROPOX_ISPCABLEIII_PID) },
+ { USB_DEVICE(OLIMEX_VID, OLIMEX_ARM_USB_OCD_PID) },
+ { USB_DEVICE(OLIMEX_VID, OLIMEX_ARM_USB_OCD_H_PID) },
+ { USB_DEVICE(FIC_VID, FIC_NEO1973_DEBUG_PID) },
+ { USB_DEVICE(FTDI_VID, FTDI_OOCDLINK_PID) },
+ { USB_DEVICE(FTDI_VID, LMI_LM3S_DEVEL_BOARD_PID) },
+ { USB_DEVICE(FTDI_VID, LMI_LM3S_EVAL_BOARD_PID) },
+ { USB_DEVICE(FTDI_VID, LMI_LM3S_ICDI_BOARD_PID) },
+ { USB_DEVICE(FTDI_VID, FTDI_TURTELIZER_PID) },
+ { USB_DEVICE(RATOC_VENDOR_ID, RATOC_PRODUCT_ID_USB60F) },
+ { USB_DEVICE(FTDI_VID, FTDI_REU_TINY_PID) },
+
+ /* Papouch devices based on FTDI chip */
+ { USB_DEVICE(PAPOUCH_VID, PAPOUCH_SB485_PID) },
+ { USB_DEVICE(PAPOUCH_VID, PAPOUCH_AP485_PID) },
+ { USB_DEVICE(PAPOUCH_VID, PAPOUCH_SB422_PID) },
+ { USB_DEVICE(PAPOUCH_VID, PAPOUCH_SB485_2_PID) },
+ { USB_DEVICE(PAPOUCH_VID, PAPOUCH_AP485_2_PID) },
+ { USB_DEVICE(PAPOUCH_VID, PAPOUCH_SB422_2_PID) },
+ { USB_DEVICE(PAPOUCH_VID, PAPOUCH_SB485S_PID) },
+ { USB_DEVICE(PAPOUCH_VID, PAPOUCH_SB485C_PID) },
+ { USB_DEVICE(PAPOUCH_VID, PAPOUCH_LEC_PID) },
+ { USB_DEVICE(PAPOUCH_VID, PAPOUCH_SB232_PID) },
+ { USB_DEVICE(PAPOUCH_VID, PAPOUCH_TMU_PID) },
+ { USB_DEVICE(PAPOUCH_VID, PAPOUCH_IRAMP_PID) },
+ { USB_DEVICE(PAPOUCH_VID, PAPOUCH_DRAK5_PID) },
+ { USB_DEVICE(PAPOUCH_VID, PAPOUCH_QUIDO8x8_PID) },
+ { USB_DEVICE(PAPOUCH_VID, PAPOUCH_QUIDO4x4_PID) },
+ { USB_DEVICE(PAPOUCH_VID, PAPOUCH_QUIDO2x2_PID) },
+ { USB_DEVICE(PAPOUCH_VID, PAPOUCH_QUIDO10x1_PID) },
+ { USB_DEVICE(PAPOUCH_VID, PAPOUCH_QUIDO30x3_PID) },
+ { USB_DEVICE(PAPOUCH_VID, PAPOUCH_QUIDO60x3_PID) },
+ { USB_DEVICE(PAPOUCH_VID, PAPOUCH_QUIDO2x16_PID) },
+ { USB_DEVICE(PAPOUCH_VID, PAPOUCH_QUIDO3x32_PID) },
+ { USB_DEVICE(PAPOUCH_VID, PAPOUCH_DRAK6_PID) },
+ { USB_DEVICE(PAPOUCH_VID, PAPOUCH_UPSUSB_PID) },
+ { USB_DEVICE(PAPOUCH_VID, PAPOUCH_MU_PID) },
+ { USB_DEVICE(PAPOUCH_VID, PAPOUCH_SIMUKEY_PID) },
+ { USB_DEVICE(PAPOUCH_VID, PAPOUCH_AD4USB_PID) },
+ { USB_DEVICE(PAPOUCH_VID, PAPOUCH_GMUX_PID) },
+ { USB_DEVICE(PAPOUCH_VID, PAPOUCH_GMSR_PID) },
+
+ { USB_DEVICE(FTDI_VID, FTDI_DOMINTELL_DGQG_PID) },
+ { USB_DEVICE(FTDI_VID, FTDI_DOMINTELL_DUSB_PID) },
+ { USB_DEVICE(ALTI2_VID, ALTI2_N3_PID) },
+ { USB_DEVICE(FTDI_VID, DIEBOLD_BCS_SE923_PID) },
+ { USB_DEVICE(ATMEL_VID, STK541_PID) },
+ { USB_DEVICE(DE_VID, STB_PID) },
+ { USB_DEVICE(DE_VID, WHT_PID) },
+ { USB_DEVICE(ADI_VID, ADI_GNICE_PID) },
+ { USB_DEVICE(ADI_VID, ADI_GNICEPLUS_PID) },
+ { USB_DEVICE_AND_INTERFACE_INFO(MICROCHIP_VID, MICROCHIP_USB_BOARD_PID,
+ 0xff, 0xff, 0x00) },
+ { USB_DEVICE(JETI_VID, JETI_SPC1201_PID) },
+ { USB_DEVICE(MARVELL_VID, MARVELL_SHEEVAPLUG_PID) },
+ { USB_DEVICE(LARSENBRUSGAARD_VID, LB_ALTITRACK_PID) },
+ { USB_DEVICE(GN_OTOMETRICS_VID, AURICAL_USB_PID) },
+ { USB_DEVICE(FTDI_VID, PI_C865_PID) },
+ { USB_DEVICE(FTDI_VID, PI_C857_PID) },
+ { USB_DEVICE(PI_VID, PI_C866_PID) },
+ { USB_DEVICE(PI_VID, PI_C663_PID) },
+ { USB_DEVICE(PI_VID, PI_C725_PID) },
+ { USB_DEVICE(PI_VID, PI_E517_PID) },
+ { USB_DEVICE(PI_VID, PI_C863_PID) },
+ { USB_DEVICE(PI_VID, PI_E861_PID) },
+ { USB_DEVICE(PI_VID, PI_C867_PID) },
+ { USB_DEVICE(PI_VID, PI_E609_PID) },
+ { USB_DEVICE(PI_VID, PI_E709_PID) },
+ { USB_DEVICE(PI_VID, PI_100F_PID) },
+ { USB_DEVICE(PI_VID, PI_1011_PID) },
+ { USB_DEVICE(PI_VID, PI_1012_PID) },
+ { USB_DEVICE(PI_VID, PI_1013_PID) },
+ { USB_DEVICE(PI_VID, PI_1014_PID) },
+ { USB_DEVICE(PI_VID, PI_1015_PID) },
+ { USB_DEVICE(PI_VID, PI_1016_PID) },
+ { USB_DEVICE(KONDO_VID, KONDO_USB_SERIAL_PID) },
+ { USB_DEVICE(BAYER_VID, BAYER_CONTOUR_CABLE_PID) },
+ { USB_DEVICE(FTDI_VID, MARVELL_OPENRD_PID) },
+ { USB_DEVICE(FTDI_VID, TI_XDS100V2_PID) },
+ { USB_DEVICE(FTDI_VID, HAMEG_HO820_PID) },
+ { USB_DEVICE(FTDI_VID, HAMEG_HO720_PID) },
+ { USB_DEVICE(FTDI_VID, HAMEG_HO730_PID) },
+ { USB_DEVICE(FTDI_VID, HAMEG_HO870_PID) },
+ { USB_DEVICE(FTDI_VID, MJSG_GENERIC_PID) },
+ { USB_DEVICE(FTDI_VID, MJSG_SR_RADIO_PID) },
+ { USB_DEVICE(FTDI_VID, MJSG_HD_RADIO_PID) },
+ { USB_DEVICE(FTDI_VID, MJSG_XM_RADIO_PID) },
+ { USB_DEVICE(FTDI_VID, XVERVE_SIGNALYZER_ST_PID) },
+ { USB_DEVICE(FTDI_VID, XVERVE_SIGNALYZER_SLITE_PID) },
+ { USB_DEVICE(FTDI_VID, XVERVE_SIGNALYZER_SH2_PID) },
+ { USB_DEVICE(FTDI_VID, XVERVE_SIGNALYZER_SH4_PID) },
+ { USB_DEVICE(FTDI_VID, SEGWAY_RMP200_PID) },
+ { USB_DEVICE(FTDI_VID, ACCESIO_COM4SM_PID) },
+ { USB_DEVICE(IONICS_VID, IONICS_PLUGCOMPUTER_PID) },
+ { USB_DEVICE(FTDI_VID, FTDI_CHAMSYS_24_MASTER_WING_PID) },
+ { USB_DEVICE(FTDI_VID, FTDI_CHAMSYS_PC_WING_PID) },
+ { USB_DEVICE(FTDI_VID, FTDI_CHAMSYS_USB_DMX_PID) },
+ { USB_DEVICE(FTDI_VID, FTDI_CHAMSYS_MIDI_TIMECODE_PID) },
+ { USB_DEVICE(FTDI_VID, FTDI_CHAMSYS_MINI_WING_PID) },
+ { USB_DEVICE(FTDI_VID, FTDI_CHAMSYS_MAXI_WING_PID) },
+ { USB_DEVICE(FTDI_VID, FTDI_CHAMSYS_MEDIA_WING_PID) },
+ { USB_DEVICE(FTDI_VID, FTDI_CHAMSYS_WING_PID) },
+ { USB_DEVICE(FTDI_VID, FTDI_SCIENCESCOPE_LOGBOOKML_PID) },
+ { USB_DEVICE(FTDI_VID, FTDI_SCIENCESCOPE_LS_LOGBOOK_PID) },
+ { USB_DEVICE(FTDI_VID, FTDI_SCIENCESCOPE_HS_LOGBOOK_PID) },
+ { USB_DEVICE(FTDI_VID, FTDI_CINTERION_MC55I_PID) },
+ { USB_DEVICE(FTDI_VID, FTDI_DOTEC_PID) },
+ { USB_DEVICE(QIHARDWARE_VID, MILKYMISTONE_JTAGSERIAL_PID) },
+ { USB_DEVICE(ST_VID, ST_STMCLT1030_PID) },
+ { USB_DEVICE(FTDI_VID, FTDI_RF_R106) },
+ { USB_DEVICE(FTDI_VID, FTDI_DISTORTEC_JTAG_LOCK_PICK_PID) },
+ { USB_DEVICE(FTDI_VID, FTDI_LUMEL_PD12_PID) },
+
+ { USB_DEVICE(-1, -1) } /* Terminating Entry */
+};
+
+#undef USB_DEVICE
+#undef USB_DEVICE_AND_INTERFACE_INFO
diff --git a/hw/usb/redirect.c b/hw/usb/redirect.c
index 490c90fae..e3b9f324b 100644
--- a/hw/usb/redirect.c
+++ b/hw/usb/redirect.c
@@ -26,10 +26,11 @@
*/
#include "qemu-common.h"
-#include "qemu-timer.h"
-#include "monitor.h"
-#include "sysemu.h"
-#include "iov.h"
+#include "qemu/timer.h"
+#include "monitor/monitor.h"
+#include "sysemu/sysemu.h"
+#include "qemu/iov.h"
+#include "sysemu/char.h"
#include <dirent.h>
#include <sys/ioctl.h>
@@ -43,18 +44,26 @@
#define NO_INTERFACE_INFO 255 /* Valid interface_count always <= 32 */
#define EP2I(ep_address) (((ep_address & 0x80) >> 3) | (ep_address & 0x0f))
#define I2EP(i) (((i & 0x10) << 3) | (i & 0x0f))
+#define USBEP2I(usb_ep) (((usb_ep)->pid == USB_TOKEN_IN) ? \
+ ((usb_ep)->nr | 0x10) : ((usb_ep)->nr))
+#define I2USBEP(d, i) (usb_ep_get(&(d)->dev, \
+ ((i) & 0x10) ? USB_TOKEN_IN : USB_TOKEN_OUT, \
+ (i) & 0x0f))
typedef struct USBRedirDevice USBRedirDevice;
-/* Struct to hold buffered packets (iso or int input packets) */
+/* Struct to hold buffered packets */
struct buf_packet {
uint8_t *data;
- int len;
- int status;
+ void *free_on_destroy;
+ uint16_t len;
+ uint16_t offset;
+ uint8_t status;
QTAILQ_ENTRY(buf_packet)next;
};
struct endp_data {
+ USBRedirDevice *dev;
uint8_t type;
uint8_t interval;
uint8_t interface; /* bInterfaceNumber this ep belongs to */
@@ -63,11 +72,14 @@ struct endp_data {
uint8_t iso_error; /* For reporting iso errors to the HC */
uint8_t interrupt_started;
uint8_t interrupt_error;
+ uint8_t bulk_receiving_enabled;
+ uint8_t bulk_receiving_started;
uint8_t bufpq_prefilled;
uint8_t bufpq_dropping_packets;
QTAILQ_HEAD(, buf_packet) bufpq;
int32_t bufpq_size;
int32_t bufpq_target_size;
+ USBPacket *pending_async_packet;
};
struct PacketIdQueueEntry {
@@ -92,6 +104,8 @@ struct USBRedirDevice {
/* Data passed from chardev the fd_read cb to the usbredirparser read cb */
const uint8_t *read_buf;
int read_buf_size;
+ /* Active chardev-watch-tag */
+ guint watch;
/* For async handling of close */
QEMUBH *chardev_close_bh;
/* To delay the usb attach in case of quick chardev close + open */
@@ -101,6 +115,7 @@ struct USBRedirDevice {
struct endp_data endpoint[MAX_ENDPOINTS];
struct PacketIdQueue cancelled;
struct PacketIdQueue already_in_flight;
+ void (*buffered_bulk_in_complete)(USBRedirDevice *, USBPacket *, uint8_t);
/* Data for device filtering */
struct usb_redir_device_connect_header device_info;
struct usb_redir_interface_info_header interface_info;
@@ -128,6 +143,8 @@ static void usbredir_interrupt_receiving_status(void *priv, uint64_t id,
*interrupt_receiving_status);
static void usbredir_bulk_streams_status(void *priv, uint64_t id,
struct usb_redir_bulk_streams_status_header *bulk_streams_status);
+static void usbredir_bulk_receiving_status(void *priv, uint64_t id,
+ struct usb_redir_bulk_receiving_status_header *bulk_receiving_status);
static void usbredir_control_packet(void *priv, uint64_t id,
struct usb_redir_control_packet_header *control_packet,
uint8_t *data, int data_len);
@@ -140,6 +157,9 @@ static void usbredir_iso_packet(void *priv, uint64_t id,
static void usbredir_interrupt_packet(void *priv, uint64_t id,
struct usb_redir_interrupt_packet_header *interrupt_header,
uint8_t *data, int data_len);
+static void usbredir_buffered_bulk_packet(void *priv, uint64_t id,
+ struct usb_redir_buffered_bulk_packet_header *buffered_bulk_packet,
+ uint8_t *data, int data_len);
static void usbredir_handle_status(USBRedirDevice *dev, USBPacket *p,
int status);
@@ -236,11 +256,23 @@ static int usbredir_read(void *priv, uint8_t *data, int count)
return count;
}
+static gboolean usbredir_write_unblocked(GIOChannel *chan, GIOCondition cond,
+ void *opaque)
+{
+ USBRedirDevice *dev = opaque;
+
+ dev->watch = 0;
+ usbredirparser_do_write(dev->parser);
+
+ return FALSE;
+}
+
static int usbredir_write(void *priv, uint8_t *data, int count)
{
USBRedirDevice *dev = priv;
+ int r;
- if (!dev->cs->opened) {
+ if (!dev->cs->be_open) {
return 0;
}
@@ -249,7 +281,17 @@ static int usbredir_write(void *priv, uint8_t *data, int count)
return 0;
}
- return qemu_chr_fe_write(dev->cs, data, count);
+ r = qemu_chr_fe_write(dev->cs, data, count);
+ if (r < count) {
+ if (!dev->watch) {
+ dev->watch = qemu_chr_fe_add_watch(dev->cs, G_IO_OUT,
+ usbredir_write_unblocked, dev);
+ }
+ if (r < 0) {
+ r = 0;
+ }
+ }
+ return r;
}
/*
@@ -313,12 +355,19 @@ static void packet_id_queue_empty(struct PacketIdQueue *q)
static void usbredir_cancel_packet(USBDevice *udev, USBPacket *p)
{
USBRedirDevice *dev = DO_UPCAST(USBRedirDevice, dev, udev);
+ int i = USBEP2I(p->ep);
if (p->combined) {
usb_combined_packet_cancel(udev, p);
return;
}
+ if (dev->endpoint[i].pending_async_packet) {
+ assert(dev->endpoint[i].pending_async_packet == p);
+ dev->endpoint[i].pending_async_packet = NULL;
+ return;
+ }
+
packet_id_queue_add(&dev->cancelled, p->id);
usbredirparser_send_cancel_data_packet(dev->parser, p->id);
usbredirparser_do_write(dev->parser);
@@ -337,6 +386,11 @@ static void usbredir_fill_already_in_flight_from_ep(USBRedirDevice *dev,
{
static USBPacket *p;
+ /* async handled packets for bulk receiving eps do not count as inflight */
+ if (dev->endpoint[USBEP2I(ep)].bulk_receiving_started) {
+ return;
+ }
+
QTAILQ_FOREACH(p, &ep->queue, queue) {
/* Skip combined packets, except for the first */
if (p->combined && p != p->combined->first) {
@@ -384,8 +438,8 @@ static USBPacket *usbredir_find_packet_by_id(USBRedirDevice *dev,
return p;
}
-static void bufp_alloc(USBRedirDevice *dev,
- uint8_t *data, int len, int status, uint8_t ep)
+static void bufp_alloc(USBRedirDevice *dev, uint8_t *data, uint16_t len,
+ uint8_t status, uint8_t ep, void *free_on_destroy)
{
struct buf_packet *bufp;
@@ -409,7 +463,9 @@ static void bufp_alloc(USBRedirDevice *dev,
bufp = g_malloc(sizeof(struct buf_packet));
bufp->data = data;
bufp->len = len;
+ bufp->offset = 0;
bufp->status = status;
+ bufp->free_on_destroy = free_on_destroy;
QTAILQ_INSERT_TAIL(&dev->endpoint[EP2I(ep)].bufpq, bufp, next);
dev->endpoint[EP2I(ep)].bufpq_size++;
}
@@ -419,7 +475,7 @@ static void bufp_free(USBRedirDevice *dev, struct buf_packet *bufp,
{
QTAILQ_REMOVE(&dev->endpoint[EP2I(ep)].bufpq, bufp, next);
dev->endpoint[EP2I(ep)].bufpq_size--;
- free(bufp->data);
+ free(bufp->free_on_destroy);
g_free(bufp);
}
@@ -570,19 +626,162 @@ static void usbredir_stop_iso_stream(USBRedirDevice *dev, uint8_t ep)
usbredir_free_bufpq(dev, ep);
}
+/*
+ * The usb-host may poll the endpoint faster then our guest, resulting in lots
+ * of smaller bulkp-s. The below buffered_bulk_in_complete* functions combine
+ * data from multiple bulkp-s into a single packet, avoiding bufpq overflows.
+ */
+static void usbredir_buffered_bulk_add_data_to_packet(USBRedirDevice *dev,
+ struct buf_packet *bulkp, int count, USBPacket *p, uint8_t ep)
+{
+ usb_packet_copy(p, bulkp->data + bulkp->offset, count);
+ bulkp->offset += count;
+ if (bulkp->offset == bulkp->len) {
+ /* Store status in the last packet with data from this bulkp */
+ usbredir_handle_status(dev, p, bulkp->status);
+ bufp_free(dev, bulkp, ep);
+ }
+}
+
+static void usbredir_buffered_bulk_in_complete_raw(USBRedirDevice *dev,
+ USBPacket *p, uint8_t ep)
+{
+ struct buf_packet *bulkp;
+ int count;
+
+ while ((bulkp = QTAILQ_FIRST(&dev->endpoint[EP2I(ep)].bufpq)) &&
+ p->actual_length < p->iov.size && p->status == USB_RET_SUCCESS) {
+ count = bulkp->len - bulkp->offset;
+ if (count > (p->iov.size - p->actual_length)) {
+ count = p->iov.size - p->actual_length;
+ }
+ usbredir_buffered_bulk_add_data_to_packet(dev, bulkp, count, p, ep);
+ }
+}
+
+static void usbredir_buffered_bulk_in_complete_ftdi(USBRedirDevice *dev,
+ USBPacket *p, uint8_t ep)
+{
+ const int maxp = dev->endpoint[EP2I(ep)].max_packet_size;
+ uint8_t header[2] = { 0, 0 };
+ struct buf_packet *bulkp;
+ int count;
+
+ while ((bulkp = QTAILQ_FIRST(&dev->endpoint[EP2I(ep)].bufpq)) &&
+ p->actual_length < p->iov.size && p->status == USB_RET_SUCCESS) {
+ if (bulkp->len < 2) {
+ WARNING("malformed ftdi bulk in packet\n");
+ bufp_free(dev, bulkp, ep);
+ continue;
+ }
+
+ if ((p->actual_length % maxp) == 0) {
+ usb_packet_copy(p, bulkp->data, 2);
+ memcpy(header, bulkp->data, 2);
+ } else {
+ if (bulkp->data[0] != header[0] || bulkp->data[1] != header[1]) {
+ break; /* Different header, add to next packet */
+ }
+ }
+
+ if (bulkp->offset == 0) {
+ bulkp->offset = 2; /* Skip header */
+ }
+ count = bulkp->len - bulkp->offset;
+ /* Must repeat the header at maxp interval */
+ if (count > (maxp - (p->actual_length % maxp))) {
+ count = maxp - (p->actual_length % maxp);
+ }
+ usbredir_buffered_bulk_add_data_to_packet(dev, bulkp, count, p, ep);
+ }
+}
+
+static void usbredir_buffered_bulk_in_complete(USBRedirDevice *dev,
+ USBPacket *p, uint8_t ep)
+{
+ p->status = USB_RET_SUCCESS; /* Clear previous ASYNC status */
+ dev->buffered_bulk_in_complete(dev, p, ep);
+ DPRINTF("bulk-token-in ep %02X status %d len %d id %"PRIu64"\n",
+ ep, p->status, p->actual_length, p->id);
+}
+
+static void usbredir_handle_buffered_bulk_in_data(USBRedirDevice *dev,
+ USBPacket *p, uint8_t ep)
+{
+ /* Input bulk endpoint, buffered packet input */
+ if (!dev->endpoint[EP2I(ep)].bulk_receiving_started) {
+ int bpt;
+ struct usb_redir_start_bulk_receiving_header start = {
+ .endpoint = ep,
+ .stream_id = 0,
+ .no_transfers = 5,
+ };
+ /* Round bytes_per_transfer up to a multiple of max_packet_size */
+ bpt = 512 + dev->endpoint[EP2I(ep)].max_packet_size - 1;
+ bpt /= dev->endpoint[EP2I(ep)].max_packet_size;
+ bpt *= dev->endpoint[EP2I(ep)].max_packet_size;
+ start.bytes_per_transfer = bpt;
+ /* No id, we look at the ep when receiving a status back */
+ usbredirparser_send_start_bulk_receiving(dev->parser, 0, &start);
+ usbredirparser_do_write(dev->parser);
+ DPRINTF("bulk receiving started bytes/transfer %u count %d ep %02X\n",
+ start.bytes_per_transfer, start.no_transfers, ep);
+ dev->endpoint[EP2I(ep)].bulk_receiving_started = 1;
+ /* We don't really want to drop bulk packets ever, but
+ having some upper limit to how much we buffer is good. */
+ dev->endpoint[EP2I(ep)].bufpq_target_size = 5000;
+ dev->endpoint[EP2I(ep)].bufpq_dropping_packets = 0;
+ }
+
+ if (QTAILQ_EMPTY(&dev->endpoint[EP2I(ep)].bufpq)) {
+ DPRINTF("bulk-token-in ep %02X, no bulkp\n", ep);
+ assert(dev->endpoint[EP2I(ep)].pending_async_packet == NULL);
+ dev->endpoint[EP2I(ep)].pending_async_packet = p;
+ p->status = USB_RET_ASYNC;
+ return;
+ }
+ usbredir_buffered_bulk_in_complete(dev, p, ep);
+}
+
+static void usbredir_stop_bulk_receiving(USBRedirDevice *dev, uint8_t ep)
+{
+ struct usb_redir_stop_bulk_receiving_header stop_bulk = {
+ .endpoint = ep,
+ .stream_id = 0,
+ };
+ if (dev->endpoint[EP2I(ep)].bulk_receiving_started) {
+ usbredirparser_send_stop_bulk_receiving(dev->parser, 0, &stop_bulk);
+ DPRINTF("bulk receiving stopped ep %02X\n", ep);
+ dev->endpoint[EP2I(ep)].bulk_receiving_started = 0;
+ }
+ usbredir_free_bufpq(dev, ep);
+}
+
static void usbredir_handle_bulk_data(USBRedirDevice *dev, USBPacket *p,
uint8_t ep)
{
struct usb_redir_bulk_packet_header bulk_packet;
- size_t size = (p->combined) ? p->combined->iov.size : p->iov.size;
-
- DPRINTF("bulk-out ep %02X len %zd id %"PRIu64"\n", ep, size, p->id);
+ size_t size = usb_packet_size(p);
+ const int maxp = dev->endpoint[EP2I(ep)].max_packet_size;
if (usbredir_already_in_flight(dev, p->id)) {
p->status = USB_RET_ASYNC;
return;
}
+ if (dev->endpoint[EP2I(ep)].bulk_receiving_enabled) {
+ if (size != 0 && (size % maxp) == 0) {
+ usbredir_handle_buffered_bulk_in_data(dev, p, ep);
+ return;
+ }
+ WARNING("bulk recv invalid size %zd ep %02x, disabling\n", size, ep);
+ assert(dev->endpoint[EP2I(ep)].pending_async_packet == NULL);
+ usbredir_stop_bulk_receiving(dev, ep);
+ dev->endpoint[EP2I(ep)].bulk_receiving_enabled = 0;
+ }
+
+ DPRINTF("bulk-out ep %02X len %zd id %"PRIu64"\n", ep, size, p->id);
+
bulk_packet.endpoint = ep;
bulk_packet.length = size;
bulk_packet.stream_id = 0;
@@ -596,12 +795,7 @@ static void usbredir_handle_bulk_data(USBRedirDevice *dev, USBPacket *p,
&bulk_packet, NULL, 0);
} else {
uint8_t buf[size];
- if (p->combined) {
- iov_to_buf(p->combined->iov.iov, p->combined->iov.niov,
- 0, buf, size);
- } else {
- usb_packet_copy(p, buf, size);
- }
+ usb_packet_copy(p, buf, size);
usbredir_log_data(dev, "bulk data out:", buf, size);
usbredirparser_send_bulk_packet(dev->parser, p->id,
&bulk_packet, buf, size);
@@ -719,9 +913,6 @@ static void usbredir_handle_data(USBDevice *udev, USBPacket *p)
ERROR("handle_data called for control transfer on ep %02X\n", ep);
p->status = USB_RET_NAK;
break;
- case USB_ENDPOINT_XFER_ISOC:
- usbredir_handle_iso_data(dev, p, ep);
- break;
case USB_ENDPOINT_XFER_BULK:
if (p->state == USB_PACKET_SETUP && p->pid == USB_TOKEN_IN &&
p->ep->pipeline) {
@@ -730,6 +921,9 @@ static void usbredir_handle_data(USBDevice *udev, USBPacket *p)
}
usbredir_handle_bulk_data(dev, p, ep);
break;
+ case USB_ENDPOINT_XFER_ISOC:
+ usbredir_handle_iso_data(dev, p, ep);
+ break;
case USB_ENDPOINT_XFER_INT:
if (ep & USB_DIR_IN) {
usbredir_handle_interrupt_in_data(dev, p, ep);
@@ -751,6 +945,36 @@ static void usbredir_flush_ep_queue(USBDevice *dev, USBEndpoint *ep)
}
}
+static void usbredir_stop_ep(USBRedirDevice *dev, int i)
+{
+ uint8_t ep = I2EP(i);
+
+ switch (dev->endpoint[i].type) {
+ case USB_ENDPOINT_XFER_BULK:
+ if (ep & USB_DIR_IN) {
+ usbredir_stop_bulk_receiving(dev, ep);
+ }
+ break;
+ case USB_ENDPOINT_XFER_ISOC:
+ usbredir_stop_iso_stream(dev, ep);
+ break;
+ case USB_ENDPOINT_XFER_INT:
+ if (ep & USB_DIR_IN) {
+ usbredir_stop_interrupt_receiving(dev, ep);
+ }
+ break;
+ }
+ usbredir_free_bufpq(dev, ep);
+}
+
+static void usbredir_ep_stopped(USBDevice *udev, USBEndpoint *uep)
+{
+ USBRedirDevice *dev = DO_UPCAST(USBRedirDevice, dev, udev);
+
+ usbredir_stop_ep(dev, USBEP2I(uep));
+ usbredirparser_do_write(dev->parser);
+}
+
static void usbredir_set_config(USBRedirDevice *dev, USBPacket *p,
int config)
{
@@ -760,17 +984,7 @@ static void usbredir_set_config(USBRedirDevice *dev, USBPacket *p,
DPRINTF("set config %d id %"PRIu64"\n", config, p->id);
for (i = 0; i < MAX_ENDPOINTS; i++) {
- switch (dev->endpoint[i].type) {
- case USB_ENDPOINT_XFER_ISOC:
- usbredir_stop_iso_stream(dev, I2EP(i));
- break;
- case USB_ENDPOINT_XFER_INT:
- if (i & 0x10) {
- usbredir_stop_interrupt_receiving(dev, I2EP(i));
- }
- break;
- }
- usbredir_free_bufpq(dev, I2EP(i));
+ usbredir_stop_ep(dev, i);
}
set_config.configuration = config;
@@ -798,17 +1012,7 @@ static void usbredir_set_interface(USBRedirDevice *dev, USBPacket *p,
for (i = 0; i < MAX_ENDPOINTS; i++) {
if (dev->endpoint[i].interface == interface) {
- switch (dev->endpoint[i].type) {
- case USB_ENDPOINT_XFER_ISOC:
- usbredir_stop_iso_stream(dev, I2EP(i));
- break;
- case USB_ENDPOINT_XFER_INT:
- if (i & 0x10) {
- usbredir_stop_interrupt_receiving(dev, I2EP(i));
- }
- break;
- }
- usbredir_free_bufpq(dev, I2EP(i));
+ usbredir_stop_ep(dev, i);
}
}
@@ -905,6 +1109,10 @@ static void usbredir_chardev_close_bh(void *opaque)
usbredirparser_destroy(dev->parser);
dev->parser = NULL;
}
+ if (dev->watch) {
+ g_source_remove(dev->watch);
+ dev->watch = 0;
+ }
}
static void usbredir_create_parser(USBRedirDevice *dev)
@@ -930,10 +1138,12 @@ static void usbredir_create_parser(USBRedirDevice *dev)
dev->parser->interrupt_receiving_status_func =
usbredir_interrupt_receiving_status;
dev->parser->bulk_streams_status_func = usbredir_bulk_streams_status;
+ dev->parser->bulk_receiving_status_func = usbredir_bulk_receiving_status;
dev->parser->control_packet_func = usbredir_control_packet;
dev->parser->bulk_packet_func = usbredir_bulk_packet;
dev->parser->iso_packet_func = usbredir_iso_packet;
dev->parser->interrupt_packet_func = usbredir_interrupt_packet;
+ dev->parser->buffered_bulk_packet_func = usbredir_buffered_bulk_packet;
dev->read_buf = NULL;
dev->read_buf_size = 0;
@@ -942,6 +1152,7 @@ static void usbredir_create_parser(USBRedirDevice *dev)
usbredirparser_caps_set_cap(caps, usb_redir_cap_ep_info_max_packet_size);
usbredirparser_caps_set_cap(caps, usb_redir_cap_64bits_ids);
usbredirparser_caps_set_cap(caps, usb_redir_cap_32bits_bulk_length);
+ usbredirparser_caps_set_cap(caps, usb_redir_cap_bulk_receiving);
if (runstate_check(RUN_STATE_INMIGRATE)) {
flags |= usbredirparser_fl_no_hello;
@@ -969,6 +1180,8 @@ static void usbredir_do_attach(void *opaque)
usbredirparser_peer_has_cap(dev->parser,
usb_redir_cap_ep_info_max_packet_size) &&
usbredirparser_peer_has_cap(dev->parser,
+ usb_redir_cap_32bits_bulk_length) &&
+ usbredirparser_peer_has_cap(dev->parser,
usb_redir_cap_64bits_ids))) {
ERROR("usb-redir-host lacks capabilities needed for use with XHCI\n");
usbredir_reject_device(dev);
@@ -1050,6 +1263,18 @@ static void usbredir_vm_state_change(void *priv, int running, RunState state)
}
}
+static void usbredir_init_endpoints(USBRedirDevice *dev)
+{
+ int i;
+
+ usb_ep_init(&dev->dev);
+ memset(dev->endpoint, 0, sizeof(dev->endpoint));
+ for (i = 0; i < MAX_ENDPOINTS; i++) {
+ dev->endpoint[i].dev = dev;
+ QTAILQ_INIT(&dev->endpoint[i].bufpq);
+ }
+}
+
static int usbredir_initfn(USBDevice *udev)
{
USBRedirDevice *dev = DO_UPCAST(USBRedirDevice, dev, udev);
@@ -1076,9 +1301,7 @@ static int usbredir_initfn(USBDevice *udev)
packet_id_queue_init(&dev->cancelled, dev, "cancelled");
packet_id_queue_init(&dev->already_in_flight, dev, "already-in-flight");
- for (i = 0; i < MAX_ENDPOINTS; i++) {
- QTAILQ_INIT(&dev->endpoint[i].bufpq);
- }
+ usbredir_init_endpoints(dev);
/* We'll do the attach once we receive the speed from the usb-host */
udev->auto_attach = 0;
@@ -1087,7 +1310,6 @@ static int usbredir_initfn(USBDevice *udev)
dev->compatible_speedmask = USB_SPEED_MASK_FULL | USB_SPEED_MASK_HIGH;
/* Let the backend know we are ready */
- qemu_chr_fe_open(dev->cs);
qemu_chr_add_handlers(dev->cs, usbredir_chardev_can_read,
usbredir_chardev_read, usbredir_chardev_event, dev);
@@ -1111,8 +1333,8 @@ static void usbredir_handle_destroy(USBDevice *udev)
{
USBRedirDevice *dev = DO_UPCAST(USBRedirDevice, dev, udev);
- qemu_chr_fe_close(dev->cs);
qemu_chr_delete(dev->cs);
+ dev->cs = NULL;
/* Note must be done after qemu_chr_close, as that causes a close event */
qemu_bh_delete(dev->chardev_close_bh);
@@ -1124,6 +1346,9 @@ static void usbredir_handle_destroy(USBDevice *udev)
if (dev->parser) {
usbredirparser_destroy(dev->parser);
}
+ if (dev->watch) {
+ g_source_remove(dev->watch);
+ }
free(dev->filter_rules);
}
@@ -1168,6 +1393,52 @@ error:
return -1;
}
+static void usbredir_check_bulk_receiving(USBRedirDevice *dev)
+{
+ int i, j, quirks;
+
+ if (!usbredirparser_peer_has_cap(dev->parser,
+ usb_redir_cap_bulk_receiving)) {
+ return;
+ }
+
+ for (i = EP2I(USB_DIR_IN); i < MAX_ENDPOINTS; i++) {
+ dev->endpoint[i].bulk_receiving_enabled = 0;
+ }
+ for (i = 0; i < dev->interface_info.interface_count; i++) {
+ quirks = usb_get_quirks(dev->device_info.vendor_id,
+ dev->device_info.product_id,
+ dev->interface_info.interface_class[i],
+ dev->interface_info.interface_subclass[i],
+ dev->interface_info.interface_protocol[i]);
+ if (!(quirks & USB_QUIRK_BUFFER_BULK_IN)) {
+ continue;
+ }
+ if (quirks & USB_QUIRK_IS_FTDI) {
+ dev->buffered_bulk_in_complete =
+ usbredir_buffered_bulk_in_complete_ftdi;
+ } else {
+ dev->buffered_bulk_in_complete =
+ usbredir_buffered_bulk_in_complete_raw;
+ }
+
+ for (j = EP2I(USB_DIR_IN); j < MAX_ENDPOINTS; j++) {
+ if (dev->endpoint[j].interface ==
+ dev->interface_info.interface[i] &&
+ dev->endpoint[j].type == USB_ENDPOINT_XFER_BULK &&
+ dev->endpoint[j].max_packet_size != 0) {
+ dev->endpoint[j].bulk_receiving_enabled = 1;
+ /*
+ * With buffering pipelining is not necessary. Also packet
+ * combining and bulk in buffering don't play nice together!
+ */
+ I2USBEP(dev, j)->pipeline = false;
+ break; /* Only buffer for the first ep of each intf */
+ }
+ }
+ }
+}
+
/*
* usbredirparser packet complete callbacks
*/
@@ -1276,13 +1547,13 @@ static void usbredir_device_connect(void *priv,
return;
}
+ usbredir_check_bulk_receiving(dev);
qemu_mod_timer(dev->attach_timer, dev->next_attach_time);
}
static void usbredir_device_disconnect(void *priv)
{
USBRedirDevice *dev = priv;
- int i;
/* Stop any pending attaches */
qemu_del_timer(dev->attach_timer);
@@ -1299,11 +1570,7 @@ static void usbredir_device_disconnect(void *priv)
/* Reset state so that the next dev connected starts with a clean slate */
usbredir_cleanup_device_queues(dev);
- memset(dev->endpoint, 0, sizeof(dev->endpoint));
- for (i = 0; i < MAX_ENDPOINTS; i++) {
- QTAILQ_INIT(&dev->endpoint[i].bufpq);
- }
- usb_ep_init(&dev->dev);
+ usbredir_init_endpoints(dev);
dev->interface_info.interface_count = NO_INTERFACE_INFO;
dev->dev.addr = 0;
dev->dev.speed = 0;
@@ -1319,9 +1586,10 @@ static void usbredir_interface_info(void *priv,
/*
* If we receive interface info after the device has already been
- * connected (ie on a set_config), re-check the filter.
+ * connected (ie on a set_config), re-check interface dependent things.
*/
if (qemu_timer_pending(dev->attach_timer) || dev->dev.attached) {
+ usbredir_check_bulk_receiving(dev);
if (usbredir_check_filter(dev)) {
ERROR("Device no longer matches filter after interface info "
"change, disconnecting!\n");
@@ -1353,11 +1621,10 @@ static void usbredir_set_pipeline(USBRedirDevice *dev, struct USBEndpoint *uep)
static void usbredir_setup_usb_eps(USBRedirDevice *dev)
{
struct USBEndpoint *usb_ep;
- int i, pid;
+ int i;
for (i = 0; i < MAX_ENDPOINTS; i++) {
- pid = (i & 0x10) ? USB_TOKEN_IN : USB_TOKEN_OUT;
- usb_ep = usb_ep_get(&dev->dev, pid, i & 0x0f);
+ usb_ep = I2USBEP(dev, i);
usb_ep->type = dev->endpoint[i].type;
usb_ep->ifnum = dev->endpoint[i].interface;
usb_ep->max_packet_size = dev->endpoint[i].max_packet_size;
@@ -1423,6 +1690,7 @@ static void usbredir_ep_info(void *priv,
return;
}
usbredir_setup_usb_eps(dev);
+ usbredir_check_bulk_receiving(dev);
}
static void usbredir_configuration_status(void *priv, uint64_t id,
@@ -1513,6 +1781,25 @@ static void usbredir_bulk_streams_status(void *priv, uint64_t id,
{
}
+static void usbredir_bulk_receiving_status(void *priv, uint64_t id,
+ struct usb_redir_bulk_receiving_status_header *bulk_receiving_status)
+{
+ USBRedirDevice *dev = priv;
+ uint8_t ep = bulk_receiving_status->endpoint;
+
+ DPRINTF("bulk recv status %d ep %02X id %"PRIu64"\n",
+ bulk_receiving_status->status, ep, id);
+
+ if (!dev->dev.attached || !dev->endpoint[EP2I(ep)].bulk_receiving_started) {
+ return;
+ }
+
+ if (bulk_receiving_status->status == usb_redir_stall) {
+ DPRINTF("bulk receiving stopped by peer ep %02X\n", ep);
+ dev->endpoint[EP2I(ep)].bulk_receiving_started = 0;
+ }
+}
+
static void usbredir_control_packet(void *priv, uint64_t id,
struct usb_redir_control_packet_header *control_packet,
uint8_t *data, int data_len)
@@ -1568,7 +1855,7 @@ static void usbredir_bulk_packet(void *priv, uint64_t id,
p = usbredir_find_packet_by_id(dev, ep, id);
if (p) {
- size_t size = (p->combined) ? p->combined->iov.size : p->iov.size;
+ size_t size = usb_packet_size(p);
usbredir_handle_status(dev, p, bulk_packet->status);
if (data_len > 0) {
usbredir_log_data(dev, "bulk data in:", data, data_len);
@@ -1578,12 +1865,7 @@ static void usbredir_bulk_packet(void *priv, uint64_t id,
p->status = USB_RET_BABBLE;
data_len = len = size;
}
- if (p->combined) {
- iov_from_buf(p->combined->iov.iov, p->combined->iov.niov,
- 0, data, data_len);
- } else {
- usb_packet_copy(p, data, data_len);
- }
+ usb_packet_copy(p, data, data_len);
}
p->actual_length = len;
if (p->pid == USB_TOKEN_IN && p->ep->pipeline) {
@@ -1618,7 +1900,7 @@ static void usbredir_iso_packet(void *priv, uint64_t id,
}
/* bufp_alloc also adds the packet to the ep queue */
- bufp_alloc(dev, data, data_len, iso_packet->status, ep);
+ bufp_alloc(dev, data, data_len, iso_packet->status, ep, data);
}
static void usbredir_interrupt_packet(void *priv, uint64_t id,
@@ -1644,8 +1926,12 @@ static void usbredir_interrupt_packet(void *priv, uint64_t id,
return;
}
+ if (QTAILQ_EMPTY(&dev->endpoint[EP2I(ep)].bufpq)) {
+ usb_wakeup(usb_ep_get(&dev->dev, USB_TOKEN_IN, ep & 0x0f), 0);
+ }
+
/* bufp_alloc also adds the packet to the ep queue */
- bufp_alloc(dev, data, data_len, interrupt_packet->status, ep);
+ bufp_alloc(dev, data, data_len, interrupt_packet->status, ep, data);
} else {
/*
* We report output interrupt packets as completed directly upon
@@ -1658,6 +1944,52 @@ static void usbredir_interrupt_packet(void *priv, uint64_t id,
}
}
+static void usbredir_buffered_bulk_packet(void *priv, uint64_t id,
+ struct usb_redir_buffered_bulk_packet_header *buffered_bulk_packet,
+ uint8_t *data, int data_len)
+{
+ USBRedirDevice *dev = priv;
+ uint8_t status, ep = buffered_bulk_packet->endpoint;
+ void *free_on_destroy;
+ int i, len;
+
+ DPRINTF("buffered-bulk-in status %d ep %02X len %d id %"PRIu64"\n",
+ buffered_bulk_packet->status, ep, data_len, id);
+
+ if (dev->endpoint[EP2I(ep)].type != USB_ENDPOINT_XFER_BULK) {
+ ERROR("received buffered-bulk packet for non bulk ep %02X\n", ep);
+ free(data);
+ return;
+ }
+
+ if (dev->endpoint[EP2I(ep)].bulk_receiving_started == 0) {
+ DPRINTF("received buffered-bulk packet on not started ep %02X\n", ep);
+ free(data);
+ return;
+ }
+
+ /* Data must be in maxp chunks for buffered_bulk_add_*_data_to_packet */
+ len = dev->endpoint[EP2I(ep)].max_packet_size;
+ status = usb_redir_success;
+ free_on_destroy = NULL;
+ for (i = 0; i < data_len; i += len) {
+ if (len >= (data_len - i)) {
+ len = data_len - i;
+ status = buffered_bulk_packet->status;
+ free_on_destroy = data;
+ }
+ /* bufp_alloc also adds the packet to the ep queue */
+ bufp_alloc(dev, data + i, len, status, ep, free_on_destroy);
+ }
+
+ if (dev->endpoint[EP2I(ep)].pending_async_packet) {
+ USBPacket *p = dev->endpoint[EP2I(ep)].pending_async_packet;
+ dev->endpoint[EP2I(ep)].pending_async_packet = NULL;
+ usbredir_buffered_bulk_in_complete(dev, p, ep);
+ usb_packet_complete(&dev->dev, p);
+ }
+}
+
/*
* Migration code
*/
@@ -1673,6 +2005,10 @@ static int usbredir_post_load(void *priv, int version_id)
{
USBRedirDevice *dev = priv;
+ if (dev->parser == NULL) {
+ return 0;
+ }
+
switch (dev->device_info.speed) {
case usb_redir_speed_low:
dev->dev.speed = USB_SPEED_LOW;
@@ -1692,6 +2028,7 @@ static int usbredir_post_load(void *priv, int version_id)
dev->dev.speedmask = (1 << dev->dev.speed);
usbredir_setup_usb_eps(dev);
+ usbredir_check_bulk_receiving(dev);
return 0;
}
@@ -1763,22 +2100,27 @@ static const VMStateInfo usbredir_parser_vmstate_info = {
static void usbredir_put_bufpq(QEMUFile *f, void *priv, size_t unused)
{
struct endp_data *endp = priv;
+ USBRedirDevice *dev = endp->dev;
struct buf_packet *bufp;
- int remain = endp->bufpq_size;
+ int len, i = 0;
qemu_put_be32(f, endp->bufpq_size);
QTAILQ_FOREACH(bufp, &endp->bufpq, next) {
- qemu_put_be32(f, bufp->len);
+ len = bufp->len - bufp->offset;
+ DPRINTF("put_bufpq %d/%d len %d status %d\n", i + 1, endp->bufpq_size,
+ len, bufp->status);
+ qemu_put_be32(f, len);
qemu_put_be32(f, bufp->status);
- qemu_put_buffer(f, bufp->data, bufp->len);
- remain--;
+ qemu_put_buffer(f, bufp->data + bufp->offset, len);
+ i++;
}
- assert(remain == 0);
+ assert(i == endp->bufpq_size);
}
static int usbredir_get_bufpq(QEMUFile *f, void *priv, size_t unused)
{
struct endp_data *endp = priv;
+ USBRedirDevice *dev = endp->dev;
struct buf_packet *bufp;
int i;
@@ -1787,9 +2129,13 @@ static int usbredir_get_bufpq(QEMUFile *f, void *priv, size_t unused)
bufp = g_malloc(sizeof(struct buf_packet));
bufp->len = qemu_get_be32(f);
bufp->status = qemu_get_be32(f);
+ bufp->offset = 0;
bufp->data = qemu_oom_check(malloc(bufp->len)); /* regular malloc! */
+ bufp->free_on_destroy = bufp->data;
qemu_get_buffer(f, bufp->data, bufp->len);
QTAILQ_INSERT_TAIL(&endp->bufpq, bufp, next);
+ DPRINTF("get_bufpq %d/%d len %d status %d\n", i + 1, endp->bufpq_size,
+ bufp->len, bufp->status);
}
return 0;
}
@@ -1802,6 +2148,23 @@ static const VMStateInfo usbredir_ep_bufpq_vmstate_info = {
/* For endp_data migration */
+static const VMStateDescription usbredir_bulk_receiving_vmstate = {
+ .name = "usb-redir-ep/bulk-receiving",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .fields = (VMStateField[]) {
+ VMSTATE_UINT8(bulk_receiving_started, struct endp_data),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+static bool usbredir_bulk_receiving_needed(void *priv)
+{
+ struct endp_data *endp = priv;
+
+ return endp->bulk_receiving_started;
+}
+
static const VMStateDescription usbredir_ep_vmstate = {
.name = "usb-redir-ep",
.version_id = 1,
@@ -1828,6 +2191,14 @@ static const VMStateDescription usbredir_ep_vmstate = {
},
VMSTATE_INT32(bufpq_target_size, struct endp_data),
VMSTATE_END_OF_LIST()
+ },
+ .subsections = (VMStateSubsection[]) {
+ {
+ .vmsd = &usbredir_bulk_receiving_vmstate,
+ .needed = usbredir_bulk_receiving_needed,
+ }, {
+ /* empty */
+ }
}
};
@@ -1989,11 +2360,13 @@ static void usbredir_class_initfn(ObjectClass *klass, void *data)
uc->handle_data = usbredir_handle_data;
uc->handle_control = usbredir_handle_control;
uc->flush_ep_queue = usbredir_flush_ep_queue;
+ uc->ep_stopped = usbredir_ep_stopped;
dc->vmsd = &usbredir_vmstate;
dc->props = usbredir_properties;
+ set_bit(DEVICE_CATEGORY_MISC, dc->categories);
}
-static TypeInfo usbredir_dev_info = {
+static const TypeInfo usbredir_dev_info = {
.name = "usb-redir",
.parent = TYPE_USB_DEVICE,
.instance_size = sizeof(USBRedirDevice),
diff --git a/hw/versatile_i2c.c b/hw/versatile_i2c.c
deleted file mode 100644
index ad71e9d92..000000000
--- a/hw/versatile_i2c.c
+++ /dev/null
@@ -1,107 +0,0 @@
-/*
- * ARM Versatile I2C controller
- *
- * Copyright (c) 2006-2007 CodeSourcery.
- * Copyright (c) 2012 Oskar Andero <oskar.andero@gmail.com>
- *
- * This file is derived from hw/realview.c by Paul Brook
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License
- * as published by the Free Software Foundation; either version 2
- * of the License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, see <http://www.gnu.org/licenses/>.
- *
- */
-
-#include "sysbus.h"
-#include "bitbang_i2c.h"
-
-typedef struct {
- SysBusDevice busdev;
- MemoryRegion iomem;
- bitbang_i2c_interface *bitbang;
- int out;
- int in;
-} VersatileI2CState;
-
-static uint64_t versatile_i2c_read(void *opaque, hwaddr offset,
- unsigned size)
-{
- VersatileI2CState *s = (VersatileI2CState *)opaque;
-
- if (offset == 0) {
- return (s->out & 1) | (s->in << 1);
- } else {
- qemu_log_mask(LOG_GUEST_ERROR,
- "%s: Bad offset 0x%x\n", __func__, (int)offset);
- return -1;
- }
-}
-
-static void versatile_i2c_write(void *opaque, hwaddr offset,
- uint64_t value, unsigned size)
-{
- VersatileI2CState *s = (VersatileI2CState *)opaque;
-
- switch (offset) {
- case 0:
- s->out |= value & 3;
- break;
- case 4:
- s->out &= ~value;
- break;
- default:
- qemu_log_mask(LOG_GUEST_ERROR,
- "%s: Bad offset 0x%x\n", __func__, (int)offset);
- }
- bitbang_i2c_set(s->bitbang, BITBANG_I2C_SCL, (s->out & 1) != 0);
- s->in = bitbang_i2c_set(s->bitbang, BITBANG_I2C_SDA, (s->out & 2) != 0);
-}
-
-static const MemoryRegionOps versatile_i2c_ops = {
- .read = versatile_i2c_read,
- .write = versatile_i2c_write,
- .endianness = DEVICE_NATIVE_ENDIAN,
-};
-
-static int versatile_i2c_init(SysBusDevice *dev)
-{
- VersatileI2CState *s = FROM_SYSBUS(VersatileI2CState, dev);
- i2c_bus *bus;
-
- bus = i2c_init_bus(&dev->qdev, "i2c");
- s->bitbang = bitbang_i2c_init(bus);
- memory_region_init_io(&s->iomem, &versatile_i2c_ops, s,
- "versatile_i2c", 0x1000);
- sysbus_init_mmio(dev, &s->iomem);
- return 0;
-}
-
-static void versatile_i2c_class_init(ObjectClass *klass, void *data)
-{
- SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
-
- k->init = versatile_i2c_init;
-}
-
-static const TypeInfo versatile_i2c_info = {
- .name = "versatile_i2c",
- .parent = TYPE_SYS_BUS_DEVICE,
- .instance_size = sizeof(VersatileI2CState),
- .class_init = versatile_i2c_class_init,
-};
-
-static void versatile_i2c_register_types(void)
-{
- type_register_static(&versatile_i2c_info);
-}
-
-type_init(versatile_i2c_register_types)
diff --git a/hw/versatile_pci.c b/hw/versatile_pci.c
deleted file mode 100644
index e0c3ee36a..000000000
--- a/hw/versatile_pci.c
+++ /dev/null
@@ -1,164 +0,0 @@
-/*
- * ARM Versatile/PB PCI host controller
- *
- * Copyright (c) 2006-2009 CodeSourcery.
- * Written by Paul Brook
- *
- * This code is licensed under the LGPL.
- */
-
-#include "sysbus.h"
-#include "pci.h"
-#include "pci_host.h"
-#include "exec-memory.h"
-
-typedef struct {
- SysBusDevice busdev;
- qemu_irq irq[4];
- int realview;
- MemoryRegion mem_config;
- MemoryRegion mem_config2;
- MemoryRegion isa;
-} PCIVPBState;
-
-static inline uint32_t vpb_pci_config_addr(hwaddr addr)
-{
- return addr & 0xffffff;
-}
-
-static void pci_vpb_config_write(void *opaque, hwaddr addr,
- uint64_t val, unsigned size)
-{
- pci_data_write(opaque, vpb_pci_config_addr(addr), val, size);
-}
-
-static uint64_t pci_vpb_config_read(void *opaque, hwaddr addr,
- unsigned size)
-{
- uint32_t val;
- val = pci_data_read(opaque, vpb_pci_config_addr(addr), size);
- return val;
-}
-
-static const MemoryRegionOps pci_vpb_config_ops = {
- .read = pci_vpb_config_read,
- .write = pci_vpb_config_write,
- .endianness = DEVICE_NATIVE_ENDIAN,
-};
-
-static int pci_vpb_map_irq(PCIDevice *d, int irq_num)
-{
- return irq_num;
-}
-
-static void pci_vpb_set_irq(void *opaque, int irq_num, int level)
-{
- qemu_irq *pic = opaque;
-
- qemu_set_irq(pic[irq_num], level);
-}
-
-static int pci_vpb_init(SysBusDevice *dev)
-{
- PCIVPBState *s = FROM_SYSBUS(PCIVPBState, dev);
- PCIBus *bus;
- int i;
-
- for (i = 0; i < 4; i++) {
- sysbus_init_irq(dev, &s->irq[i]);
- }
- bus = pci_register_bus(&dev->qdev, "pci",
- pci_vpb_set_irq, pci_vpb_map_irq, s->irq,
- get_system_memory(), get_system_io(),
- PCI_DEVFN(11, 0), 4);
-
- /* ??? Register memory space. */
-
- /* Our memory regions are:
- * 0 : PCI self config window
- * 1 : PCI config window
- * 2 : PCI IO window (realview_pci only)
- */
- memory_region_init_io(&s->mem_config, &pci_vpb_config_ops, bus,
- "pci-vpb-selfconfig", 0x1000000);
- sysbus_init_mmio(dev, &s->mem_config);
- memory_region_init_io(&s->mem_config2, &pci_vpb_config_ops, bus,
- "pci-vpb-config", 0x1000000);
- sysbus_init_mmio(dev, &s->mem_config2);
- if (s->realview) {
- isa_mmio_setup(&s->isa, 0x0100000);
- sysbus_init_mmio(dev, &s->isa);
- }
-
- pci_create_simple(bus, -1, "versatile_pci_host");
- return 0;
-}
-
-static int pci_realview_init(SysBusDevice *dev)
-{
- PCIVPBState *s = FROM_SYSBUS(PCIVPBState, dev);
- s->realview = 1;
- return pci_vpb_init(dev);
-}
-
-static int versatile_pci_host_init(PCIDevice *d)
-{
- pci_set_word(d->config + PCI_STATUS,
- PCI_STATUS_66MHZ | PCI_STATUS_DEVSEL_MEDIUM);
- pci_set_byte(d->config + PCI_LATENCY_TIMER, 0x10);
- return 0;
-}
-
-static void versatile_pci_host_class_init(ObjectClass *klass, void *data)
-{
- PCIDeviceClass *k = PCI_DEVICE_CLASS(klass);
-
- k->init = versatile_pci_host_init;
- k->vendor_id = PCI_VENDOR_ID_XILINX;
- k->device_id = PCI_DEVICE_ID_XILINX_XC2VP30;
- k->class_id = PCI_CLASS_PROCESSOR_CO;
-}
-
-static TypeInfo versatile_pci_host_info = {
- .name = "versatile_pci_host",
- .parent = TYPE_PCI_DEVICE,
- .instance_size = sizeof(PCIDevice),
- .class_init = versatile_pci_host_class_init,
-};
-
-static void pci_vpb_class_init(ObjectClass *klass, void *data)
-{
- SysBusDeviceClass *sdc = SYS_BUS_DEVICE_CLASS(klass);
-
- sdc->init = pci_vpb_init;
-}
-
-static TypeInfo pci_vpb_info = {
- .name = "versatile_pci",
- .parent = TYPE_SYS_BUS_DEVICE,
- .instance_size = sizeof(PCIVPBState),
- .class_init = pci_vpb_class_init,
-};
-
-static void pci_realview_class_init(ObjectClass *klass, void *data)
-{
- SysBusDeviceClass *sdc = SYS_BUS_DEVICE_CLASS(klass);
-
- sdc->init = pci_realview_init;
-}
-
-static TypeInfo pci_realview_info = {
- .name = "realview_pci",
- .parent = TYPE_SYS_BUS_DEVICE,
- .instance_size = sizeof(PCIVPBState),
- .class_init = pci_realview_class_init,
-};
-
-static void versatile_pci_register_types(void)
-{
- type_register_static(&pci_vpb_info);
- type_register_static(&pci_realview_info);
- type_register_static(&versatile_pci_host_info);
-}
-
-type_init(versatile_pci_register_types)
diff --git a/hw/versatilepb.c b/hw/versatilepb.c
deleted file mode 100644
index 25e652b1a..000000000
--- a/hw/versatilepb.c
+++ /dev/null
@@ -1,401 +0,0 @@
-/*
- * ARM Versatile Platform/Application Baseboard System emulation.
- *
- * Copyright (c) 2005-2007 CodeSourcery.
- * Written by Paul Brook
- *
- * This code is licensed under the GPL.
- */
-
-#include "sysbus.h"
-#include "arm-misc.h"
-#include "devices.h"
-#include "net.h"
-#include "sysemu.h"
-#include "pci.h"
-#include "i2c.h"
-#include "boards.h"
-#include "blockdev.h"
-#include "exec-memory.h"
-#include "flash.h"
-
-#define VERSATILE_FLASH_ADDR 0x34000000
-#define VERSATILE_FLASH_SIZE (64 * 1024 * 1024)
-#define VERSATILE_FLASH_SECT_SIZE (256 * 1024)
-
-/* Primary interrupt controller. */
-
-typedef struct vpb_sic_state
-{
- SysBusDevice busdev;
- MemoryRegion iomem;
- uint32_t level;
- uint32_t mask;
- uint32_t pic_enable;
- qemu_irq parent[32];
- int irq;
-} vpb_sic_state;
-
-static const VMStateDescription vmstate_vpb_sic = {
- .name = "versatilepb_sic",
- .version_id = 1,
- .minimum_version_id = 1,
- .fields = (VMStateField[]) {
- VMSTATE_UINT32(level, vpb_sic_state),
- VMSTATE_UINT32(mask, vpb_sic_state),
- VMSTATE_UINT32(pic_enable, vpb_sic_state),
- VMSTATE_END_OF_LIST()
- }
-};
-
-static void vpb_sic_update(vpb_sic_state *s)
-{
- uint32_t flags;
-
- flags = s->level & s->mask;
- qemu_set_irq(s->parent[s->irq], flags != 0);
-}
-
-static void vpb_sic_update_pic(vpb_sic_state *s)
-{
- int i;
- uint32_t mask;
-
- for (i = 21; i <= 30; i++) {
- mask = 1u << i;
- if (!(s->pic_enable & mask))
- continue;
- qemu_set_irq(s->parent[i], (s->level & mask) != 0);
- }
-}
-
-static void vpb_sic_set_irq(void *opaque, int irq, int level)
-{
- vpb_sic_state *s = (vpb_sic_state *)opaque;
- if (level)
- s->level |= 1u << irq;
- else
- s->level &= ~(1u << irq);
- if (s->pic_enable & (1u << irq))
- qemu_set_irq(s->parent[irq], level);
- vpb_sic_update(s);
-}
-
-static uint64_t vpb_sic_read(void *opaque, hwaddr offset,
- unsigned size)
-{
- vpb_sic_state *s = (vpb_sic_state *)opaque;
-
- switch (offset >> 2) {
- case 0: /* STATUS */
- return s->level & s->mask;
- case 1: /* RAWSTAT */
- return s->level;
- case 2: /* ENABLE */
- return s->mask;
- case 4: /* SOFTINT */
- return s->level & 1;
- case 8: /* PICENABLE */
- return s->pic_enable;
- default:
- printf ("vpb_sic_read: Bad register offset 0x%x\n", (int)offset);
- return 0;
- }
-}
-
-static void vpb_sic_write(void *opaque, hwaddr offset,
- uint64_t value, unsigned size)
-{
- vpb_sic_state *s = (vpb_sic_state *)opaque;
-
- switch (offset >> 2) {
- case 2: /* ENSET */
- s->mask |= value;
- break;
- case 3: /* ENCLR */
- s->mask &= ~value;
- break;
- case 4: /* SOFTINTSET */
- if (value)
- s->mask |= 1;
- break;
- case 5: /* SOFTINTCLR */
- if (value)
- s->mask &= ~1u;
- break;
- case 8: /* PICENSET */
- s->pic_enable |= (value & 0x7fe00000);
- vpb_sic_update_pic(s);
- break;
- case 9: /* PICENCLR */
- s->pic_enable &= ~value;
- vpb_sic_update_pic(s);
- break;
- default:
- printf ("vpb_sic_write: Bad register offset 0x%x\n", (int)offset);
- return;
- }
- vpb_sic_update(s);
-}
-
-static const MemoryRegionOps vpb_sic_ops = {
- .read = vpb_sic_read,
- .write = vpb_sic_write,
- .endianness = DEVICE_NATIVE_ENDIAN,
-};
-
-static int vpb_sic_init(SysBusDevice *dev)
-{
- vpb_sic_state *s = FROM_SYSBUS(vpb_sic_state, dev);
- int i;
-
- qdev_init_gpio_in(&dev->qdev, vpb_sic_set_irq, 32);
- for (i = 0; i < 32; i++) {
- sysbus_init_irq(dev, &s->parent[i]);
- }
- s->irq = 31;
- memory_region_init_io(&s->iomem, &vpb_sic_ops, s, "vpb-sic", 0x1000);
- sysbus_init_mmio(dev, &s->iomem);
- return 0;
-}
-
-/* Board init. */
-
-/* The AB and PB boards both use the same core, just with different
- peripherals and expansion busses. For now we emulate a subset of the
- PB peripherals and just change the board ID. */
-
-static struct arm_boot_info versatile_binfo;
-
-static void versatile_init(QEMUMachineInitArgs *args, int board_id)
-{
- ARMCPU *cpu;
- MemoryRegion *sysmem = get_system_memory();
- MemoryRegion *ram = g_new(MemoryRegion, 1);
- qemu_irq *cpu_pic;
- qemu_irq pic[32];
- qemu_irq sic[32];
- DeviceState *dev, *sysctl;
- SysBusDevice *busdev;
- DeviceState *pl041;
- PCIBus *pci_bus;
- NICInfo *nd;
- i2c_bus *i2c;
- int n;
- int done_smc = 0;
- DriveInfo *dinfo;
-
- if (!args->cpu_model) {
- args->cpu_model = "arm926";
- }
- cpu = cpu_arm_init(args->cpu_model);
- if (!cpu) {
- fprintf(stderr, "Unable to find CPU definition\n");
- exit(1);
- }
- memory_region_init_ram(ram, "versatile.ram", args->ram_size);
- vmstate_register_ram_global(ram);
- /* ??? RAM should repeat to fill physical memory space. */
- /* SDRAM at address zero. */
- memory_region_add_subregion(sysmem, 0, ram);
-
- sysctl = qdev_create(NULL, "realview_sysctl");
- qdev_prop_set_uint32(sysctl, "sys_id", 0x41007004);
- qdev_prop_set_uint32(sysctl, "proc_id", 0x02000000);
- qdev_init_nofail(sysctl);
- sysbus_mmio_map(sysbus_from_qdev(sysctl), 0, 0x10000000);
-
- cpu_pic = arm_pic_init_cpu(cpu);
- dev = sysbus_create_varargs("pl190", 0x10140000,
- cpu_pic[ARM_PIC_CPU_IRQ],
- cpu_pic[ARM_PIC_CPU_FIQ], NULL);
- for (n = 0; n < 32; n++) {
- pic[n] = qdev_get_gpio_in(dev, n);
- }
- dev = sysbus_create_simple("versatilepb_sic", 0x10003000, NULL);
- for (n = 0; n < 32; n++) {
- sysbus_connect_irq(sysbus_from_qdev(dev), n, pic[n]);
- sic[n] = qdev_get_gpio_in(dev, n);
- }
-
- sysbus_create_simple("pl050_keyboard", 0x10006000, sic[3]);
- sysbus_create_simple("pl050_mouse", 0x10007000, sic[4]);
-
- dev = qdev_create(NULL, "versatile_pci");
- busdev = sysbus_from_qdev(dev);
- qdev_init_nofail(dev);
- sysbus_mmio_map(busdev, 0, 0x41000000); /* PCI self-config */
- sysbus_mmio_map(busdev, 1, 0x42000000); /* PCI config */
- sysbus_connect_irq(busdev, 0, sic[27]);
- sysbus_connect_irq(busdev, 1, sic[28]);
- sysbus_connect_irq(busdev, 2, sic[29]);
- sysbus_connect_irq(busdev, 3, sic[30]);
- pci_bus = (PCIBus *)qdev_get_child_bus(dev, "pci");
-
- /* The Versatile PCI bridge does not provide access to PCI IO space,
- so many of the qemu PCI devices are not useable. */
- for(n = 0; n < nb_nics; n++) {
- nd = &nd_table[n];
-
- if (!done_smc && (!nd->model || strcmp(nd->model, "smc91c111") == 0)) {
- smc91c111_init(nd, 0x10010000, sic[25]);
- done_smc = 1;
- } else {
- pci_nic_init_nofail(nd, "rtl8139", NULL);
- }
- }
- if (usb_enabled(false)) {
- pci_create_simple(pci_bus, -1, "pci-ohci");
- }
- n = drive_get_max_bus(IF_SCSI);
- while (n >= 0) {
- pci_create_simple(pci_bus, -1, "lsi53c895a");
- n--;
- }
-
- sysbus_create_simple("pl011", 0x101f1000, pic[12]);
- sysbus_create_simple("pl011", 0x101f2000, pic[13]);
- sysbus_create_simple("pl011", 0x101f3000, pic[14]);
- sysbus_create_simple("pl011", 0x10009000, sic[6]);
-
- sysbus_create_simple("pl080", 0x10130000, pic[17]);
- sysbus_create_simple("sp804", 0x101e2000, pic[4]);
- sysbus_create_simple("sp804", 0x101e3000, pic[5]);
-
- sysbus_create_simple("pl061", 0x101e4000, pic[6]);
- sysbus_create_simple("pl061", 0x101e5000, pic[7]);
- sysbus_create_simple("pl061", 0x101e6000, pic[8]);
- sysbus_create_simple("pl061", 0x101e7000, pic[9]);
-
- /* The versatile/PB actually has a modified Color LCD controller
- that includes hardware cursor support from the PL111. */
- dev = sysbus_create_simple("pl110_versatile", 0x10120000, pic[16]);
- /* Wire up the mux control signals from the SYS_CLCD register */
- qdev_connect_gpio_out(sysctl, 0, qdev_get_gpio_in(dev, 0));
-
- sysbus_create_varargs("pl181", 0x10005000, sic[22], sic[1], NULL);
- sysbus_create_varargs("pl181", 0x1000b000, sic[23], sic[2], NULL);
-
- /* Add PL031 Real Time Clock. */
- sysbus_create_simple("pl031", 0x101e8000, pic[10]);
-
- dev = sysbus_create_simple("versatile_i2c", 0x10002000, NULL);
- i2c = (i2c_bus *)qdev_get_child_bus(dev, "i2c");
- i2c_create_slave(i2c, "ds1338", 0x68);
-
- /* Add PL041 AACI Interface to the LM4549 codec */
- pl041 = qdev_create(NULL, "pl041");
- qdev_prop_set_uint32(pl041, "nc_fifo_depth", 512);
- qdev_init_nofail(pl041);
- sysbus_mmio_map(sysbus_from_qdev(pl041), 0, 0x10004000);
- sysbus_connect_irq(sysbus_from_qdev(pl041), 0, sic[24]);
-
- /* Memory map for Versatile/PB: */
- /* 0x10000000 System registers. */
- /* 0x10001000 PCI controller config registers. */
- /* 0x10002000 Serial bus interface. */
- /* 0x10003000 Secondary interrupt controller. */
- /* 0x10004000 AACI (audio). */
- /* 0x10005000 MMCI0. */
- /* 0x10006000 KMI0 (keyboard). */
- /* 0x10007000 KMI1 (mouse). */
- /* 0x10008000 Character LCD Interface. */
- /* 0x10009000 UART3. */
- /* 0x1000a000 Smart card 1. */
- /* 0x1000b000 MMCI1. */
- /* 0x10010000 Ethernet. */
- /* 0x10020000 USB. */
- /* 0x10100000 SSMC. */
- /* 0x10110000 MPMC. */
- /* 0x10120000 CLCD Controller. */
- /* 0x10130000 DMA Controller. */
- /* 0x10140000 Vectored interrupt controller. */
- /* 0x101d0000 AHB Monitor Interface. */
- /* 0x101e0000 System Controller. */
- /* 0x101e1000 Watchdog Interface. */
- /* 0x101e2000 Timer 0/1. */
- /* 0x101e3000 Timer 2/3. */
- /* 0x101e4000 GPIO port 0. */
- /* 0x101e5000 GPIO port 1. */
- /* 0x101e6000 GPIO port 2. */
- /* 0x101e7000 GPIO port 3. */
- /* 0x101e8000 RTC. */
- /* 0x101f0000 Smart card 0. */
- /* 0x101f1000 UART0. */
- /* 0x101f2000 UART1. */
- /* 0x101f3000 UART2. */
- /* 0x101f4000 SSPI. */
- /* 0x34000000 NOR Flash */
-
- dinfo = drive_get(IF_PFLASH, 0, 0);
- if (!pflash_cfi01_register(VERSATILE_FLASH_ADDR, NULL, "versatile.flash",
- VERSATILE_FLASH_SIZE, dinfo ? dinfo->bdrv : NULL,
- VERSATILE_FLASH_SECT_SIZE,
- VERSATILE_FLASH_SIZE / VERSATILE_FLASH_SECT_SIZE,
- 4, 0x0089, 0x0018, 0x0000, 0x0, 0)) {
- fprintf(stderr, "qemu: Error registering flash memory.\n");
- }
-
- versatile_binfo.ram_size = args->ram_size;
- versatile_binfo.kernel_filename = args->kernel_filename;
- versatile_binfo.kernel_cmdline = args->kernel_cmdline;
- versatile_binfo.initrd_filename = args->initrd_filename;
- versatile_binfo.board_id = board_id;
- arm_load_kernel(cpu, &versatile_binfo);
-}
-
-static void vpb_init(QEMUMachineInitArgs *args)
-{
- versatile_init(args, 0x183);
-}
-
-static void vab_init(QEMUMachineInitArgs *args)
-{
- versatile_init(args, 0x25e);
-}
-
-static QEMUMachine versatilepb_machine = {
- .name = "versatilepb",
- .desc = "ARM Versatile/PB (ARM926EJ-S)",
- .init = vpb_init,
- .use_scsi = 1,
-};
-
-static QEMUMachine versatileab_machine = {
- .name = "versatileab",
- .desc = "ARM Versatile/AB (ARM926EJ-S)",
- .init = vab_init,
- .use_scsi = 1,
-};
-
-static void versatile_machine_init(void)
-{
- qemu_register_machine(&versatilepb_machine);
- qemu_register_machine(&versatileab_machine);
-}
-
-machine_init(versatile_machine_init);
-
-static void vpb_sic_class_init(ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS(klass);
- SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
-
- k->init = vpb_sic_init;
- dc->no_user = 1;
- dc->vmsd = &vmstate_vpb_sic;
-}
-
-static TypeInfo vpb_sic_info = {
- .name = "versatilepb_sic",
- .parent = TYPE_SYS_BUS_DEVICE,
- .instance_size = sizeof(vpb_sic_state),
- .class_init = vpb_sic_class_init,
-};
-
-static void versatilepb_register_types(void)
-{
- type_register_static(&vpb_sic_info);
-}
-
-type_init(versatilepb_register_types)
diff --git a/hw/vexpress.c b/hw/vexpress.c
deleted file mode 100644
index d93f057bf..000000000
--- a/hw/vexpress.c
+++ /dev/null
@@ -1,498 +0,0 @@
-/*
- * ARM Versatile Express emulation.
- *
- * Copyright (c) 2010 - 2011 B Labs Ltd.
- * Copyright (c) 2011 Linaro Limited
- * Written by Bahadir Balban, Amit Mahajan, Peter Maydell
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License version 2 as
- * published by the Free Software Foundation.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, see <http://www.gnu.org/licenses/>.
- *
- * Contributions after 2012-01-13 are licensed under the terms of the
- * GNU GPL, version 2 or (at your option) any later version.
- */
-
-#include "sysbus.h"
-#include "arm-misc.h"
-#include "primecell.h"
-#include "devices.h"
-#include "net.h"
-#include "sysemu.h"
-#include "boards.h"
-#include "exec-memory.h"
-#include "blockdev.h"
-#include "flash.h"
-
-#define VEXPRESS_BOARD_ID 0x8e0
-#define VEXPRESS_FLASH_SIZE (64 * 1024 * 1024)
-#define VEXPRESS_FLASH_SECT_SIZE (256 * 1024)
-
-static struct arm_boot_info vexpress_binfo;
-
-/* Address maps for peripherals:
- * the Versatile Express motherboard has two possible maps,
- * the "legacy" one (used for A9) and the "Cortex-A Series"
- * map (used for newer cores).
- * Individual daughterboards can also have different maps for
- * their peripherals.
- */
-
-enum {
- VE_SYSREGS,
- VE_SP810,
- VE_SERIALPCI,
- VE_PL041,
- VE_MMCI,
- VE_KMI0,
- VE_KMI1,
- VE_UART0,
- VE_UART1,
- VE_UART2,
- VE_UART3,
- VE_WDT,
- VE_TIMER01,
- VE_TIMER23,
- VE_SERIALDVI,
- VE_RTC,
- VE_COMPACTFLASH,
- VE_CLCD,
- VE_NORFLASH0,
- VE_NORFLASH1,
- VE_SRAM,
- VE_VIDEORAM,
- VE_ETHERNET,
- VE_USB,
- VE_DAPROM,
-};
-
-static hwaddr motherboard_legacy_map[] = {
- /* CS7: 0x10000000 .. 0x10020000 */
- [VE_SYSREGS] = 0x10000000,
- [VE_SP810] = 0x10001000,
- [VE_SERIALPCI] = 0x10002000,
- [VE_PL041] = 0x10004000,
- [VE_MMCI] = 0x10005000,
- [VE_KMI0] = 0x10006000,
- [VE_KMI1] = 0x10007000,
- [VE_UART0] = 0x10009000,
- [VE_UART1] = 0x1000a000,
- [VE_UART2] = 0x1000b000,
- [VE_UART3] = 0x1000c000,
- [VE_WDT] = 0x1000f000,
- [VE_TIMER01] = 0x10011000,
- [VE_TIMER23] = 0x10012000,
- [VE_SERIALDVI] = 0x10016000,
- [VE_RTC] = 0x10017000,
- [VE_COMPACTFLASH] = 0x1001a000,
- [VE_CLCD] = 0x1001f000,
- /* CS0: 0x40000000 .. 0x44000000 */
- [VE_NORFLASH0] = 0x40000000,
- /* CS1: 0x44000000 .. 0x48000000 */
- [VE_NORFLASH1] = 0x44000000,
- /* CS2: 0x48000000 .. 0x4a000000 */
- [VE_SRAM] = 0x48000000,
- /* CS3: 0x4c000000 .. 0x50000000 */
- [VE_VIDEORAM] = 0x4c000000,
- [VE_ETHERNET] = 0x4e000000,
- [VE_USB] = 0x4f000000,
-};
-
-static hwaddr motherboard_aseries_map[] = {
- /* CS0: 0x08000000 .. 0x0c000000 */
- [VE_NORFLASH0] = 0x08000000,
- /* CS4: 0x0c000000 .. 0x10000000 */
- [VE_NORFLASH1] = 0x0c000000,
- /* CS5: 0x10000000 .. 0x14000000 */
- /* CS1: 0x14000000 .. 0x18000000 */
- [VE_SRAM] = 0x14000000,
- /* CS2: 0x18000000 .. 0x1c000000 */
- [VE_VIDEORAM] = 0x18000000,
- [VE_ETHERNET] = 0x1a000000,
- [VE_USB] = 0x1b000000,
- /* CS3: 0x1c000000 .. 0x20000000 */
- [VE_DAPROM] = 0x1c000000,
- [VE_SYSREGS] = 0x1c010000,
- [VE_SP810] = 0x1c020000,
- [VE_SERIALPCI] = 0x1c030000,
- [VE_PL041] = 0x1c040000,
- [VE_MMCI] = 0x1c050000,
- [VE_KMI0] = 0x1c060000,
- [VE_KMI1] = 0x1c070000,
- [VE_UART0] = 0x1c090000,
- [VE_UART1] = 0x1c0a0000,
- [VE_UART2] = 0x1c0b0000,
- [VE_UART3] = 0x1c0c0000,
- [VE_WDT] = 0x1c0f0000,
- [VE_TIMER01] = 0x1c110000,
- [VE_TIMER23] = 0x1c120000,
- [VE_SERIALDVI] = 0x1c160000,
- [VE_RTC] = 0x1c170000,
- [VE_COMPACTFLASH] = 0x1c1a0000,
- [VE_CLCD] = 0x1c1f0000,
-};
-
-/* Structure defining the peculiarities of a specific daughterboard */
-
-typedef struct VEDBoardInfo VEDBoardInfo;
-
-typedef void DBoardInitFn(const VEDBoardInfo *daughterboard,
- ram_addr_t ram_size,
- const char *cpu_model,
- qemu_irq *pic, uint32_t *proc_id);
-
-struct VEDBoardInfo {
- const hwaddr *motherboard_map;
- hwaddr loader_start;
- const hwaddr gic_cpu_if_addr;
- DBoardInitFn *init;
-};
-
-static void a9_daughterboard_init(const VEDBoardInfo *daughterboard,
- ram_addr_t ram_size,
- const char *cpu_model,
- qemu_irq *pic, uint32_t *proc_id)
-{
- MemoryRegion *sysmem = get_system_memory();
- MemoryRegion *ram = g_new(MemoryRegion, 1);
- MemoryRegion *lowram = g_new(MemoryRegion, 1);
- DeviceState *dev;
- SysBusDevice *busdev;
- qemu_irq *irqp;
- int n;
- qemu_irq cpu_irq[4];
- ram_addr_t low_ram_size;
-
- if (!cpu_model) {
- cpu_model = "cortex-a9";
- }
-
- *proc_id = 0x0c000191;
-
- for (n = 0; n < smp_cpus; n++) {
- ARMCPU *cpu = cpu_arm_init(cpu_model);
- if (!cpu) {
- fprintf(stderr, "Unable to find CPU definition\n");
- exit(1);
- }
- irqp = arm_pic_init_cpu(cpu);
- cpu_irq[n] = irqp[ARM_PIC_CPU_IRQ];
- }
-
- if (ram_size > 0x40000000) {
- /* 1GB is the maximum the address space permits */
- fprintf(stderr, "vexpress-a9: cannot model more than 1GB RAM\n");
- exit(1);
- }
-
- memory_region_init_ram(ram, "vexpress.highmem", ram_size);
- vmstate_register_ram_global(ram);
- low_ram_size = ram_size;
- if (low_ram_size > 0x4000000) {
- low_ram_size = 0x4000000;
- }
- /* RAM is from 0x60000000 upwards. The bottom 64MB of the
- * address space should in theory be remappable to various
- * things including ROM or RAM; we always map the RAM there.
- */
- memory_region_init_alias(lowram, "vexpress.lowmem", ram, 0, low_ram_size);
- memory_region_add_subregion(sysmem, 0x0, lowram);
- memory_region_add_subregion(sysmem, 0x60000000, ram);
-
- /* 0x1e000000 A9MPCore (SCU) private memory region */
- dev = qdev_create(NULL, "a9mpcore_priv");
- qdev_prop_set_uint32(dev, "num-cpu", smp_cpus);
- qdev_init_nofail(dev);
- busdev = sysbus_from_qdev(dev);
- sysbus_mmio_map(busdev, 0, 0x1e000000);
- for (n = 0; n < smp_cpus; n++) {
- sysbus_connect_irq(busdev, n, cpu_irq[n]);
- }
- /* Interrupts [42:0] are from the motherboard;
- * [47:43] are reserved; [63:48] are daughterboard
- * peripherals. Note that some documentation numbers
- * external interrupts starting from 32 (because the
- * A9MP has internal interrupts 0..31).
- */
- for (n = 0; n < 64; n++) {
- pic[n] = qdev_get_gpio_in(dev, n);
- }
-
- /* Daughterboard peripherals : 0x10020000 .. 0x20000000 */
-
- /* 0x10020000 PL111 CLCD (daughterboard) */
- sysbus_create_simple("pl111", 0x10020000, pic[44]);
-
- /* 0x10060000 AXI RAM */
- /* 0x100e0000 PL341 Dynamic Memory Controller */
- /* 0x100e1000 PL354 Static Memory Controller */
- /* 0x100e2000 System Configuration Controller */
-
- sysbus_create_simple("sp804", 0x100e4000, pic[48]);
- /* 0x100e5000 SP805 Watchdog module */
- /* 0x100e6000 BP147 TrustZone Protection Controller */
- /* 0x100e9000 PL301 'Fast' AXI matrix */
- /* 0x100ea000 PL301 'Slow' AXI matrix */
- /* 0x100ec000 TrustZone Address Space Controller */
- /* 0x10200000 CoreSight debug APB */
- /* 0x1e00a000 PL310 L2 Cache Controller */
- sysbus_create_varargs("l2x0", 0x1e00a000, NULL);
-}
-
-static const VEDBoardInfo a9_daughterboard = {
- .motherboard_map = motherboard_legacy_map,
- .loader_start = 0x60000000,
- .gic_cpu_if_addr = 0x1e000100,
- .init = a9_daughterboard_init,
-};
-
-static void a15_daughterboard_init(const VEDBoardInfo *daughterboard,
- ram_addr_t ram_size,
- const char *cpu_model,
- qemu_irq *pic, uint32_t *proc_id)
-{
- int n;
- MemoryRegion *sysmem = get_system_memory();
- MemoryRegion *ram = g_new(MemoryRegion, 1);
- MemoryRegion *sram = g_new(MemoryRegion, 1);
- qemu_irq cpu_irq[4];
- DeviceState *dev;
- SysBusDevice *busdev;
-
- if (!cpu_model) {
- cpu_model = "cortex-a15";
- }
-
- *proc_id = 0x14000217;
-
- for (n = 0; n < smp_cpus; n++) {
- ARMCPU *cpu;
- qemu_irq *irqp;
-
- cpu = cpu_arm_init(cpu_model);
- if (!cpu) {
- fprintf(stderr, "Unable to find CPU definition\n");
- exit(1);
- }
- irqp = arm_pic_init_cpu(cpu);
- cpu_irq[n] = irqp[ARM_PIC_CPU_IRQ];
- }
-
- {
- /* We have to use a separate 64 bit variable here to avoid the gcc
- * "comparison is always false due to limited range of data type"
- * warning if we are on a host where ram_addr_t is 32 bits.
- */
- uint64_t rsz = ram_size;
- if (rsz > (30ULL * 1024 * 1024 * 1024)) {
- fprintf(stderr, "vexpress-a15: cannot model more than 30GB RAM\n");
- exit(1);
- }
- }
-
- memory_region_init_ram(ram, "vexpress.highmem", ram_size);
- vmstate_register_ram_global(ram);
- /* RAM is from 0x80000000 upwards; there is no low-memory alias for it. */
- memory_region_add_subregion(sysmem, 0x80000000, ram);
-
- /* 0x2c000000 A15MPCore private memory region (GIC) */
- dev = qdev_create(NULL, "a15mpcore_priv");
- qdev_prop_set_uint32(dev, "num-cpu", smp_cpus);
- qdev_init_nofail(dev);
- busdev = sysbus_from_qdev(dev);
- sysbus_mmio_map(busdev, 0, 0x2c000000);
- for (n = 0; n < smp_cpus; n++) {
- sysbus_connect_irq(busdev, n, cpu_irq[n]);
- }
- /* Interrupts [42:0] are from the motherboard;
- * [47:43] are reserved; [63:48] are daughterboard
- * peripherals. Note that some documentation numbers
- * external interrupts starting from 32 (because there
- * are internal interrupts 0..31).
- */
- for (n = 0; n < 64; n++) {
- pic[n] = qdev_get_gpio_in(dev, n);
- }
-
- /* A15 daughterboard peripherals: */
-
- /* 0x20000000: CoreSight interfaces: not modelled */
- /* 0x2a000000: PL301 AXI interconnect: not modelled */
- /* 0x2a420000: SCC: not modelled */
- /* 0x2a430000: system counter: not modelled */
- /* 0x2b000000: HDLCD controller: not modelled */
- /* 0x2b060000: SP805 watchdog: not modelled */
- /* 0x2b0a0000: PL341 dynamic memory controller: not modelled */
- /* 0x2e000000: system SRAM */
- memory_region_init_ram(sram, "vexpress.a15sram", 0x10000);
- vmstate_register_ram_global(sram);
- memory_region_add_subregion(sysmem, 0x2e000000, sram);
-
- /* 0x7ffb0000: DMA330 DMA controller: not modelled */
- /* 0x7ffd0000: PL354 static memory controller: not modelled */
-}
-
-static const VEDBoardInfo a15_daughterboard = {
- .motherboard_map = motherboard_aseries_map,
- .loader_start = 0x80000000,
- .gic_cpu_if_addr = 0x2c002000,
- .init = a15_daughterboard_init,
-};
-
-static void vexpress_common_init(const VEDBoardInfo *daughterboard,
- QEMUMachineInitArgs *args)
-{
- DeviceState *dev, *sysctl, *pl041;
- qemu_irq pic[64];
- uint32_t proc_id;
- uint32_t sys_id;
- DriveInfo *dinfo;
- ram_addr_t vram_size, sram_size;
- MemoryRegion *sysmem = get_system_memory();
- MemoryRegion *vram = g_new(MemoryRegion, 1);
- MemoryRegion *sram = g_new(MemoryRegion, 1);
- const hwaddr *map = daughterboard->motherboard_map;
-
- daughterboard->init(daughterboard, args->ram_size, args->cpu_model,
- pic, &proc_id);
-
- /* Motherboard peripherals: the wiring is the same but the
- * addresses vary between the legacy and A-Series memory maps.
- */
-
- sys_id = 0x1190f500;
-
- sysctl = qdev_create(NULL, "realview_sysctl");
- qdev_prop_set_uint32(sysctl, "sys_id", sys_id);
- qdev_prop_set_uint32(sysctl, "proc_id", proc_id);
- qdev_init_nofail(sysctl);
- sysbus_mmio_map(sysbus_from_qdev(sysctl), 0, map[VE_SYSREGS]);
-
- /* VE_SP810: not modelled */
- /* VE_SERIALPCI: not modelled */
-
- pl041 = qdev_create(NULL, "pl041");
- qdev_prop_set_uint32(pl041, "nc_fifo_depth", 512);
- qdev_init_nofail(pl041);
- sysbus_mmio_map(sysbus_from_qdev(pl041), 0, map[VE_PL041]);
- sysbus_connect_irq(sysbus_from_qdev(pl041), 0, pic[11]);
-
- dev = sysbus_create_varargs("pl181", map[VE_MMCI], pic[9], pic[10], NULL);
- /* Wire up MMC card detect and read-only signals */
- qdev_connect_gpio_out(dev, 0,
- qdev_get_gpio_in(sysctl, ARM_SYSCTL_GPIO_MMC_WPROT));
- qdev_connect_gpio_out(dev, 1,
- qdev_get_gpio_in(sysctl, ARM_SYSCTL_GPIO_MMC_CARDIN));
-
- sysbus_create_simple("pl050_keyboard", map[VE_KMI0], pic[12]);
- sysbus_create_simple("pl050_mouse", map[VE_KMI1], pic[13]);
-
- sysbus_create_simple("pl011", map[VE_UART0], pic[5]);
- sysbus_create_simple("pl011", map[VE_UART1], pic[6]);
- sysbus_create_simple("pl011", map[VE_UART2], pic[7]);
- sysbus_create_simple("pl011", map[VE_UART3], pic[8]);
-
- sysbus_create_simple("sp804", map[VE_TIMER01], pic[2]);
- sysbus_create_simple("sp804", map[VE_TIMER23], pic[3]);
-
- /* VE_SERIALDVI: not modelled */
-
- sysbus_create_simple("pl031", map[VE_RTC], pic[4]); /* RTC */
-
- /* VE_COMPACTFLASH: not modelled */
-
- sysbus_create_simple("pl111", map[VE_CLCD], pic[14]);
-
- dinfo = drive_get_next(IF_PFLASH);
- if (!pflash_cfi01_register(map[VE_NORFLASH0], NULL, "vexpress.flash0",
- VEXPRESS_FLASH_SIZE, dinfo ? dinfo->bdrv : NULL,
- VEXPRESS_FLASH_SECT_SIZE,
- VEXPRESS_FLASH_SIZE / VEXPRESS_FLASH_SECT_SIZE, 4,
- 0x00, 0x89, 0x00, 0x18, 0)) {
- fprintf(stderr, "vexpress: error registering flash 0.\n");
- exit(1);
- }
-
- dinfo = drive_get_next(IF_PFLASH);
- if (!pflash_cfi01_register(map[VE_NORFLASH1], NULL, "vexpress.flash1",
- VEXPRESS_FLASH_SIZE, dinfo ? dinfo->bdrv : NULL,
- VEXPRESS_FLASH_SECT_SIZE,
- VEXPRESS_FLASH_SIZE / VEXPRESS_FLASH_SECT_SIZE, 4,
- 0x00, 0x89, 0x00, 0x18, 0)) {
- fprintf(stderr, "vexpress: error registering flash 1.\n");
- exit(1);
- }
-
- sram_size = 0x2000000;
- memory_region_init_ram(sram, "vexpress.sram", sram_size);
- vmstate_register_ram_global(sram);
- memory_region_add_subregion(sysmem, map[VE_SRAM], sram);
-
- vram_size = 0x800000;
- memory_region_init_ram(vram, "vexpress.vram", vram_size);
- vmstate_register_ram_global(vram);
- memory_region_add_subregion(sysmem, map[VE_VIDEORAM], vram);
-
- /* 0x4e000000 LAN9118 Ethernet */
- if (nd_table[0].used) {
- lan9118_init(&nd_table[0], map[VE_ETHERNET], pic[15]);
- }
-
- /* VE_USB: not modelled */
-
- /* VE_DAPROM: not modelled */
-
- vexpress_binfo.ram_size = args->ram_size;
- vexpress_binfo.kernel_filename = args->kernel_filename;
- vexpress_binfo.kernel_cmdline = args->kernel_cmdline;
- vexpress_binfo.initrd_filename = args->initrd_filename;
- vexpress_binfo.nb_cpus = smp_cpus;
- vexpress_binfo.board_id = VEXPRESS_BOARD_ID;
- vexpress_binfo.loader_start = daughterboard->loader_start;
- vexpress_binfo.smp_loader_start = map[VE_SRAM];
- vexpress_binfo.smp_bootreg_addr = map[VE_SYSREGS] + 0x30;
- vexpress_binfo.gic_cpu_if_addr = daughterboard->gic_cpu_if_addr;
- arm_load_kernel(arm_env_get_cpu(first_cpu), &vexpress_binfo);
-}
-
-static void vexpress_a9_init(QEMUMachineInitArgs *args)
-{
- vexpress_common_init(&a9_daughterboard, args);
-}
-
-static void vexpress_a15_init(QEMUMachineInitArgs *args)
-{
- vexpress_common_init(&a15_daughterboard, args);
-}
-
-static QEMUMachine vexpress_a9_machine = {
- .name = "vexpress-a9",
- .desc = "ARM Versatile Express for Cortex-A9",
- .init = vexpress_a9_init,
- .use_scsi = 1,
- .max_cpus = 4,
-};
-
-static QEMUMachine vexpress_a15_machine = {
- .name = "vexpress-a15",
- .desc = "ARM Versatile Express for Cortex-A15",
- .init = vexpress_a15_init,
- .use_scsi = 1,
- .max_cpus = 4,
-};
-
-static void vexpress_machine_init(void)
-{
- qemu_register_machine(&vexpress_a9_machine);
- qemu_register_machine(&vexpress_a15_machine);
-}
-
-machine_init(vexpress_machine_init);
diff --git a/hw/vfio_pci.c b/hw/vfio_pci.c
deleted file mode 100644
index 7c27834e0..000000000
--- a/hw/vfio_pci.c
+++ /dev/null
@@ -1,2115 +0,0 @@
-/*
- * vfio based device assignment support
- *
- * Copyright Red Hat, Inc. 2012
- *
- * Authors:
- * Alex Williamson <alex.williamson@redhat.com>
- *
- * This work is licensed under the terms of the GNU GPL, version 2. See
- * the COPYING file in the top-level directory.
- *
- * Based on qemu-kvm device-assignment:
- * Adapted for KVM by Qumranet.
- * Copyright (c) 2007, Neocleus, Alex Novik (alex@neocleus.com)
- * Copyright (c) 2007, Neocleus, Guy Zana (guy@neocleus.com)
- * Copyright (C) 2008, Qumranet, Amit Shah (amit.shah@qumranet.com)
- * Copyright (C) 2008, Red Hat, Amit Shah (amit.shah@redhat.com)
- * Copyright (C) 2008, IBM, Muli Ben-Yehuda (muli@il.ibm.com)
- */
-
-#include <dirent.h>
-#include <unistd.h>
-#include <sys/ioctl.h>
-#include <sys/mman.h>
-#include <sys/stat.h>
-#include <sys/types.h>
-#include <linux/vfio.h>
-
-#include "config.h"
-#include "event_notifier.h"
-#include "exec-memory.h"
-#include "kvm.h"
-#include "memory.h"
-#include "msi.h"
-#include "msix.h"
-#include "pci.h"
-#include "qemu-common.h"
-#include "qemu-error.h"
-#include "qemu-queue.h"
-#include "range.h"
-
-/* #define DEBUG_VFIO */
-#ifdef DEBUG_VFIO
-#define DPRINTF(fmt, ...) \
- do { fprintf(stderr, "vfio: " fmt, ## __VA_ARGS__); } while (0)
-#else
-#define DPRINTF(fmt, ...) \
- do { } while (0)
-#endif
-
-typedef struct VFIOBAR {
- off_t fd_offset; /* offset of BAR within device fd */
- int fd; /* device fd, allows us to pass VFIOBAR as opaque data */
- MemoryRegion mem; /* slow, read/write access */
- MemoryRegion mmap_mem; /* direct mapped access */
- void *mmap;
- size_t size;
- uint32_t flags; /* VFIO region flags (rd/wr/mmap) */
- uint8_t nr; /* cache the BAR number for debug */
-} VFIOBAR;
-
-typedef struct VFIOINTx {
- bool pending; /* interrupt pending */
- bool kvm_accel; /* set when QEMU bypass through KVM enabled */
- uint8_t pin; /* which pin to pull for qemu_set_irq */
- EventNotifier interrupt; /* eventfd triggered on interrupt */
- EventNotifier unmask; /* eventfd for unmask on QEMU bypass */
- PCIINTxRoute route; /* routing info for QEMU bypass */
- uint32_t mmap_timeout; /* delay to re-enable mmaps after interrupt */
- QEMUTimer *mmap_timer; /* enable mmaps after periods w/o interrupts */
-} VFIOINTx;
-
-struct VFIODevice;
-
-typedef struct VFIOMSIVector {
- EventNotifier interrupt; /* eventfd triggered on interrupt */
- struct VFIODevice *vdev; /* back pointer to device */
- int virq; /* KVM irqchip route for QEMU bypass */
- bool use;
-} VFIOMSIVector;
-
-enum {
- VFIO_INT_NONE = 0,
- VFIO_INT_INTx = 1,
- VFIO_INT_MSI = 2,
- VFIO_INT_MSIX = 3,
-};
-
-struct VFIOGroup;
-
-typedef struct VFIOContainer {
- int fd; /* /dev/vfio/vfio, empowered by the attached groups */
- struct {
- /* enable abstraction to support various iommu backends */
- union {
- MemoryListener listener; /* Used by type1 iommu */
- };
- void (*release)(struct VFIOContainer *);
- } iommu_data;
- QLIST_HEAD(, VFIOGroup) group_list;
- QLIST_ENTRY(VFIOContainer) next;
-} VFIOContainer;
-
-/* Cache of MSI-X setup plus extra mmap and memory region for split BAR map */
-typedef struct VFIOMSIXInfo {
- uint8_t table_bar;
- uint8_t pba_bar;
- uint16_t entries;
- uint32_t table_offset;
- uint32_t pba_offset;
- MemoryRegion mmap_mem;
- void *mmap;
-} VFIOMSIXInfo;
-
-typedef struct VFIODevice {
- PCIDevice pdev;
- int fd;
- VFIOINTx intx;
- unsigned int config_size;
- off_t config_offset; /* Offset of config space region within device fd */
- unsigned int rom_size;
- off_t rom_offset; /* Offset of ROM region within device fd */
- int msi_cap_size;
- VFIOMSIVector *msi_vectors;
- VFIOMSIXInfo *msix;
- int nr_vectors; /* Number of MSI/MSIX vectors currently in use */
- int interrupt; /* Current interrupt type */
- VFIOBAR bars[PCI_NUM_REGIONS - 1]; /* No ROM */
- PCIHostDeviceAddress host;
- QLIST_ENTRY(VFIODevice) next;
- struct VFIOGroup *group;
- bool reset_works;
-} VFIODevice;
-
-typedef struct VFIOGroup {
- int fd;
- int groupid;
- VFIOContainer *container;
- QLIST_HEAD(, VFIODevice) device_list;
- QLIST_ENTRY(VFIOGroup) next;
- QLIST_ENTRY(VFIOGroup) container_next;
-} VFIOGroup;
-
-#define MSIX_CAP_LENGTH 12
-
-static QLIST_HEAD(, VFIOContainer)
- container_list = QLIST_HEAD_INITIALIZER(container_list);
-
-static QLIST_HEAD(, VFIOGroup)
- group_list = QLIST_HEAD_INITIALIZER(group_list);
-
-static void vfio_disable_interrupts(VFIODevice *vdev);
-static uint32_t vfio_pci_read_config(PCIDevice *pdev, uint32_t addr, int len);
-static void vfio_mmap_set_enabled(VFIODevice *vdev, bool enabled);
-
-/*
- * Common VFIO interrupt disable
- */
-static void vfio_disable_irqindex(VFIODevice *vdev, int index)
-{
- struct vfio_irq_set irq_set = {
- .argsz = sizeof(irq_set),
- .flags = VFIO_IRQ_SET_DATA_NONE | VFIO_IRQ_SET_ACTION_TRIGGER,
- .index = index,
- .start = 0,
- .count = 0,
- };
-
- ioctl(vdev->fd, VFIO_DEVICE_SET_IRQS, &irq_set);
-}
-
-/*
- * INTx
- */
-static void vfio_unmask_intx(VFIODevice *vdev)
-{
- struct vfio_irq_set irq_set = {
- .argsz = sizeof(irq_set),
- .flags = VFIO_IRQ_SET_DATA_NONE | VFIO_IRQ_SET_ACTION_UNMASK,
- .index = VFIO_PCI_INTX_IRQ_INDEX,
- .start = 0,
- .count = 1,
- };
-
- ioctl(vdev->fd, VFIO_DEVICE_SET_IRQS, &irq_set);
-}
-
-#ifdef CONFIG_KVM /* Unused outside of CONFIG_KVM code */
-static void vfio_mask_intx(VFIODevice *vdev)
-{
- struct vfio_irq_set irq_set = {
- .argsz = sizeof(irq_set),
- .flags = VFIO_IRQ_SET_DATA_NONE | VFIO_IRQ_SET_ACTION_MASK,
- .index = VFIO_PCI_INTX_IRQ_INDEX,
- .start = 0,
- .count = 1,
- };
-
- ioctl(vdev->fd, VFIO_DEVICE_SET_IRQS, &irq_set);
-}
-#endif
-
-/*
- * Disabling BAR mmaping can be slow, but toggling it around INTx can
- * also be a huge overhead. We try to get the best of both worlds by
- * waiting until an interrupt to disable mmaps (subsequent transitions
- * to the same state are effectively no overhead). If the interrupt has
- * been serviced and the time gap is long enough, we re-enable mmaps for
- * performance. This works well for things like graphics cards, which
- * may not use their interrupt at all and are penalized to an unusable
- * level by read/write BAR traps. Other devices, like NICs, have more
- * regular interrupts and see much better latency by staying in non-mmap
- * mode. We therefore set the default mmap_timeout such that a ping
- * is just enough to keep the mmap disabled. Users can experiment with
- * other options with the x-intx-mmap-timeout-ms parameter (a value of
- * zero disables the timer).
- */
-static void vfio_intx_mmap_enable(void *opaque)
-{
- VFIODevice *vdev = opaque;
-
- if (vdev->intx.pending) {
- qemu_mod_timer(vdev->intx.mmap_timer,
- qemu_get_clock_ms(vm_clock) + vdev->intx.mmap_timeout);
- return;
- }
-
- vfio_mmap_set_enabled(vdev, true);
-}
-
-static void vfio_intx_interrupt(void *opaque)
-{
- VFIODevice *vdev = opaque;
-
- if (!event_notifier_test_and_clear(&vdev->intx.interrupt)) {
- return;
- }
-
- DPRINTF("%s(%04x:%02x:%02x.%x) Pin %c\n", __func__, vdev->host.domain,
- vdev->host.bus, vdev->host.slot, vdev->host.function,
- 'A' + vdev->intx.pin);
-
- vdev->intx.pending = true;
- qemu_set_irq(vdev->pdev.irq[vdev->intx.pin], 1);
- vfio_mmap_set_enabled(vdev, false);
- if (vdev->intx.mmap_timeout) {
- qemu_mod_timer(vdev->intx.mmap_timer,
- qemu_get_clock_ms(vm_clock) + vdev->intx.mmap_timeout);
- }
-}
-
-static void vfio_eoi(VFIODevice *vdev)
-{
- if (!vdev->intx.pending) {
- return;
- }
-
- DPRINTF("%s(%04x:%02x:%02x.%x) EOI\n", __func__, vdev->host.domain,
- vdev->host.bus, vdev->host.slot, vdev->host.function);
-
- vdev->intx.pending = false;
- qemu_set_irq(vdev->pdev.irq[vdev->intx.pin], 0);
- vfio_unmask_intx(vdev);
-}
-
-static void vfio_enable_intx_kvm(VFIODevice *vdev)
-{
-#ifdef CONFIG_KVM
- struct kvm_irqfd irqfd = {
- .fd = event_notifier_get_fd(&vdev->intx.interrupt),
- .gsi = vdev->intx.route.irq,
- .flags = KVM_IRQFD_FLAG_RESAMPLE,
- };
- struct vfio_irq_set *irq_set;
- int ret, argsz;
- int32_t *pfd;
-
- if (!kvm_irqchip_in_kernel() ||
- vdev->intx.route.mode != PCI_INTX_ENABLED ||
- !kvm_check_extension(kvm_state, KVM_CAP_IRQFD_RESAMPLE)) {
- return;
- }
-
- /* Get to a known interrupt state */
- qemu_set_fd_handler(irqfd.fd, NULL, NULL, vdev);
- vfio_mask_intx(vdev);
- vdev->intx.pending = false;
- qemu_set_irq(vdev->pdev.irq[vdev->intx.pin], 0);
-
- /* Get an eventfd for resample/unmask */
- if (event_notifier_init(&vdev->intx.unmask, 0)) {
- error_report("vfio: Error: event_notifier_init failed eoi\n");
- goto fail;
- }
-
- /* KVM triggers it, VFIO listens for it */
- irqfd.resamplefd = event_notifier_get_fd(&vdev->intx.unmask);
-
- if (kvm_vm_ioctl(kvm_state, KVM_IRQFD, &irqfd)) {
- error_report("vfio: Error: Failed to setup resample irqfd: %m\n");
- goto fail_irqfd;
- }
-
- argsz = sizeof(*irq_set) + sizeof(*pfd);
-
- irq_set = g_malloc0(argsz);
- irq_set->argsz = argsz;
- irq_set->flags = VFIO_IRQ_SET_DATA_EVENTFD | VFIO_IRQ_SET_ACTION_UNMASK;
- irq_set->index = VFIO_PCI_INTX_IRQ_INDEX;
- irq_set->start = 0;
- irq_set->count = 1;
- pfd = (int32_t *)&irq_set->data;
-
- *pfd = irqfd.resamplefd;
-
- ret = ioctl(vdev->fd, VFIO_DEVICE_SET_IRQS, irq_set);
- g_free(irq_set);
- if (ret) {
- error_report("vfio: Error: Failed to setup INTx unmask fd: %m\n");
- goto fail_vfio;
- }
-
- /* Let'em rip */
- vfio_unmask_intx(vdev);
-
- vdev->intx.kvm_accel = true;
-
- DPRINTF("%s(%04x:%02x:%02x.%x) KVM INTx accel enabled\n",
- __func__, vdev->host.domain, vdev->host.bus,
- vdev->host.slot, vdev->host.function);
-
- return;
-
-fail_vfio:
- irqfd.flags = KVM_IRQFD_FLAG_DEASSIGN;
- kvm_vm_ioctl(kvm_state, KVM_IRQFD, &irqfd);
-fail_irqfd:
- event_notifier_cleanup(&vdev->intx.unmask);
-fail:
- qemu_set_fd_handler(irqfd.fd, vfio_intx_interrupt, NULL, vdev);
- vfio_unmask_intx(vdev);
-#endif
-}
-
-static void vfio_disable_intx_kvm(VFIODevice *vdev)
-{
-#ifdef CONFIG_KVM
- struct kvm_irqfd irqfd = {
- .fd = event_notifier_get_fd(&vdev->intx.interrupt),
- .gsi = vdev->intx.route.irq,
- .flags = KVM_IRQFD_FLAG_DEASSIGN,
- };
-
- if (!vdev->intx.kvm_accel) {
- return;
- }
-
- /*
- * Get to a known state, hardware masked, QEMU ready to accept new
- * interrupts, QEMU IRQ de-asserted.
- */
- vfio_mask_intx(vdev);
- vdev->intx.pending = false;
- qemu_set_irq(vdev->pdev.irq[vdev->intx.pin], 0);
-
- /* Tell KVM to stop listening for an INTx irqfd */
- if (kvm_vm_ioctl(kvm_state, KVM_IRQFD, &irqfd)) {
- error_report("vfio: Error: Failed to disable INTx irqfd: %m\n");
- }
-
- /* We only need to close the eventfd for VFIO to cleanup the kernel side */
- event_notifier_cleanup(&vdev->intx.unmask);
-
- /* QEMU starts listening for interrupt events. */
- qemu_set_fd_handler(irqfd.fd, vfio_intx_interrupt, NULL, vdev);
-
- vdev->intx.kvm_accel = false;
-
- /* If we've missed an event, let it re-fire through QEMU */
- vfio_unmask_intx(vdev);
-
- DPRINTF("%s(%04x:%02x:%02x.%x) KVM INTx accel disabled\n",
- __func__, vdev->host.domain, vdev->host.bus,
- vdev->host.slot, vdev->host.function);
-#endif
-}
-
-static void vfio_update_irq(PCIDevice *pdev)
-{
- VFIODevice *vdev = DO_UPCAST(VFIODevice, pdev, pdev);
- PCIINTxRoute route;
-
- if (vdev->interrupt != VFIO_INT_INTx) {
- return;
- }
-
- route = pci_device_route_intx_to_irq(&vdev->pdev, vdev->intx.pin);
-
- if (!pci_intx_route_changed(&vdev->intx.route, &route)) {
- return; /* Nothing changed */
- }
-
- DPRINTF("%s(%04x:%02x:%02x.%x) IRQ moved %d -> %d\n", __func__,
- vdev->host.domain, vdev->host.bus, vdev->host.slot,
- vdev->host.function, vdev->intx.route.irq, route.irq);
-
- vfio_disable_intx_kvm(vdev);
-
- vdev->intx.route = route;
-
- if (route.mode != PCI_INTX_ENABLED) {
- return;
- }
-
- vfio_enable_intx_kvm(vdev);
-
- /* Re-enable the interrupt in cased we missed an EOI */
- vfio_eoi(vdev);
-}
-
-static int vfio_enable_intx(VFIODevice *vdev)
-{
- uint8_t pin = vfio_pci_read_config(&vdev->pdev, PCI_INTERRUPT_PIN, 1);
- int ret, argsz;
- struct vfio_irq_set *irq_set;
- int32_t *pfd;
-
- if (!pin) {
- return 0;
- }
-
- vfio_disable_interrupts(vdev);
-
- vdev->intx.pin = pin - 1; /* Pin A (1) -> irq[0] */
-
-#ifdef CONFIG_KVM
- /*
- * Only conditional to avoid generating error messages on platforms
- * where we won't actually use the result anyway.
- */
- if (kvm_check_extension(kvm_state, KVM_CAP_IRQFD_RESAMPLE)) {
- vdev->intx.route = pci_device_route_intx_to_irq(&vdev->pdev,
- vdev->intx.pin);
- }
-#endif
-
- ret = event_notifier_init(&vdev->intx.interrupt, 0);
- if (ret) {
- error_report("vfio: Error: event_notifier_init failed\n");
- return ret;
- }
-
- argsz = sizeof(*irq_set) + sizeof(*pfd);
-
- irq_set = g_malloc0(argsz);
- irq_set->argsz = argsz;
- irq_set->flags = VFIO_IRQ_SET_DATA_EVENTFD | VFIO_IRQ_SET_ACTION_TRIGGER;
- irq_set->index = VFIO_PCI_INTX_IRQ_INDEX;
- irq_set->start = 0;
- irq_set->count = 1;
- pfd = (int32_t *)&irq_set->data;
-
- *pfd = event_notifier_get_fd(&vdev->intx.interrupt);
- qemu_set_fd_handler(*pfd, vfio_intx_interrupt, NULL, vdev);
-
- ret = ioctl(vdev->fd, VFIO_DEVICE_SET_IRQS, irq_set);
- g_free(irq_set);
- if (ret) {
- error_report("vfio: Error: Failed to setup INTx fd: %m\n");
- qemu_set_fd_handler(*pfd, NULL, NULL, vdev);
- event_notifier_cleanup(&vdev->intx.interrupt);
- return -errno;
- }
-
- vfio_enable_intx_kvm(vdev);
-
- vdev->interrupt = VFIO_INT_INTx;
-
- DPRINTF("%s(%04x:%02x:%02x.%x)\n", __func__, vdev->host.domain,
- vdev->host.bus, vdev->host.slot, vdev->host.function);
-
- return 0;
-}
-
-static void vfio_disable_intx(VFIODevice *vdev)
-{
- int fd;
-
- qemu_del_timer(vdev->intx.mmap_timer);
- vfio_disable_intx_kvm(vdev);
- vfio_disable_irqindex(vdev, VFIO_PCI_INTX_IRQ_INDEX);
- vdev->intx.pending = false;
- qemu_set_irq(vdev->pdev.irq[vdev->intx.pin], 0);
- vfio_mmap_set_enabled(vdev, true);
-
- fd = event_notifier_get_fd(&vdev->intx.interrupt);
- qemu_set_fd_handler(fd, NULL, NULL, vdev);
- event_notifier_cleanup(&vdev->intx.interrupt);
-
- vdev->interrupt = VFIO_INT_NONE;
-
- DPRINTF("%s(%04x:%02x:%02x.%x)\n", __func__, vdev->host.domain,
- vdev->host.bus, vdev->host.slot, vdev->host.function);
-}
-
-/*
- * MSI/X
- */
-static void vfio_msi_interrupt(void *opaque)
-{
- VFIOMSIVector *vector = opaque;
- VFIODevice *vdev = vector->vdev;
- int nr = vector - vdev->msi_vectors;
-
- if (!event_notifier_test_and_clear(&vector->interrupt)) {
- return;
- }
-
- DPRINTF("%s(%04x:%02x:%02x.%x) vector %d\n", __func__,
- vdev->host.domain, vdev->host.bus, vdev->host.slot,
- vdev->host.function, nr);
-
- if (vdev->interrupt == VFIO_INT_MSIX) {
- msix_notify(&vdev->pdev, nr);
- } else if (vdev->interrupt == VFIO_INT_MSI) {
- msi_notify(&vdev->pdev, nr);
- } else {
- error_report("vfio: MSI interrupt receieved, but not enabled?\n");
- }
-}
-
-static int vfio_enable_vectors(VFIODevice *vdev, bool msix)
-{
- struct vfio_irq_set *irq_set;
- int ret = 0, i, argsz;
- int32_t *fds;
-
- argsz = sizeof(*irq_set) + (vdev->nr_vectors * sizeof(*fds));
-
- irq_set = g_malloc0(argsz);
- irq_set->argsz = argsz;
- irq_set->flags = VFIO_IRQ_SET_DATA_EVENTFD | VFIO_IRQ_SET_ACTION_TRIGGER;
- irq_set->index = msix ? VFIO_PCI_MSIX_IRQ_INDEX : VFIO_PCI_MSI_IRQ_INDEX;
- irq_set->start = 0;
- irq_set->count = vdev->nr_vectors;
- fds = (int32_t *)&irq_set->data;
-
- for (i = 0; i < vdev->nr_vectors; i++) {
- if (!vdev->msi_vectors[i].use) {
- fds[i] = -1;
- continue;
- }
-
- fds[i] = event_notifier_get_fd(&vdev->msi_vectors[i].interrupt);
- }
-
- ret = ioctl(vdev->fd, VFIO_DEVICE_SET_IRQS, irq_set);
-
- g_free(irq_set);
-
- return ret;
-}
-
-static int vfio_msix_vector_use(PCIDevice *pdev,
- unsigned int nr, MSIMessage msg)
-{
- VFIODevice *vdev = DO_UPCAST(VFIODevice, pdev, pdev);
- VFIOMSIVector *vector;
- int ret;
-
- DPRINTF("%s(%04x:%02x:%02x.%x) vector %d used\n", __func__,
- vdev->host.domain, vdev->host.bus, vdev->host.slot,
- vdev->host.function, nr);
-
- vector = &vdev->msi_vectors[nr];
- vector->vdev = vdev;
- vector->use = true;
-
- msix_vector_use(pdev, nr);
-
- if (event_notifier_init(&vector->interrupt, 0)) {
- error_report("vfio: Error: event_notifier_init failed\n");
- }
-
- /*
- * Attempt to enable route through KVM irqchip,
- * default to userspace handling if unavailable.
- */
- vector->virq = kvm_irqchip_add_msi_route(kvm_state, msg);
- if (vector->virq < 0 ||
- kvm_irqchip_add_irqfd_notifier(kvm_state, &vector->interrupt,
- vector->virq) < 0) {
- if (vector->virq >= 0) {
- kvm_irqchip_release_virq(kvm_state, vector->virq);
- vector->virq = -1;
- }
- qemu_set_fd_handler(event_notifier_get_fd(&vector->interrupt),
- vfio_msi_interrupt, NULL, vector);
- }
-
- /*
- * We don't want to have the host allocate all possible MSI vectors
- * for a device if they're not in use, so we shutdown and incrementally
- * increase them as needed.
- */
- if (vdev->nr_vectors < nr + 1) {
- vfio_disable_irqindex(vdev, VFIO_PCI_MSIX_IRQ_INDEX);
- vdev->nr_vectors = nr + 1;
- ret = vfio_enable_vectors(vdev, true);
- if (ret) {
- error_report("vfio: failed to enable vectors, %d\n", ret);
- }
- } else {
- int argsz;
- struct vfio_irq_set *irq_set;
- int32_t *pfd;
-
- argsz = sizeof(*irq_set) + sizeof(*pfd);
-
- irq_set = g_malloc0(argsz);
- irq_set->argsz = argsz;
- irq_set->flags = VFIO_IRQ_SET_DATA_EVENTFD |
- VFIO_IRQ_SET_ACTION_TRIGGER;
- irq_set->index = VFIO_PCI_MSIX_IRQ_INDEX;
- irq_set->start = nr;
- irq_set->count = 1;
- pfd = (int32_t *)&irq_set->data;
-
- *pfd = event_notifier_get_fd(&vector->interrupt);
-
- ret = ioctl(vdev->fd, VFIO_DEVICE_SET_IRQS, irq_set);
- g_free(irq_set);
- if (ret) {
- error_report("vfio: failed to modify vector, %d\n", ret);
- }
- }
-
- return 0;
-}
-
-static void vfio_msix_vector_release(PCIDevice *pdev, unsigned int nr)
-{
- VFIODevice *vdev = DO_UPCAST(VFIODevice, pdev, pdev);
- VFIOMSIVector *vector = &vdev->msi_vectors[nr];
- int argsz;
- struct vfio_irq_set *irq_set;
- int32_t *pfd;
-
- DPRINTF("%s(%04x:%02x:%02x.%x) vector %d released\n", __func__,
- vdev->host.domain, vdev->host.bus, vdev->host.slot,
- vdev->host.function, nr);
-
- /*
- * XXX What's the right thing to do here? This turns off the interrupt
- * completely, but do we really just want to switch the interrupt to
- * bouncing through userspace and let msix.c drop it? Not sure.
- */
- msix_vector_unuse(pdev, nr);
-
- argsz = sizeof(*irq_set) + sizeof(*pfd);
-
- irq_set = g_malloc0(argsz);
- irq_set->argsz = argsz;
- irq_set->flags = VFIO_IRQ_SET_DATA_EVENTFD |
- VFIO_IRQ_SET_ACTION_TRIGGER;
- irq_set->index = VFIO_PCI_MSIX_IRQ_INDEX;
- irq_set->start = nr;
- irq_set->count = 1;
- pfd = (int32_t *)&irq_set->data;
-
- *pfd = -1;
-
- ioctl(vdev->fd, VFIO_DEVICE_SET_IRQS, irq_set);
-
- g_free(irq_set);
-
- if (vector->virq < 0) {
- qemu_set_fd_handler(event_notifier_get_fd(&vector->interrupt),
- NULL, NULL, NULL);
- } else {
- kvm_irqchip_remove_irqfd_notifier(kvm_state, &vector->interrupt,
- vector->virq);
- kvm_irqchip_release_virq(kvm_state, vector->virq);
- vector->virq = -1;
- }
-
- event_notifier_cleanup(&vector->interrupt);
- vector->use = false;
-}
-
-static void vfio_enable_msix(VFIODevice *vdev)
-{
- vfio_disable_interrupts(vdev);
-
- vdev->msi_vectors = g_malloc0(vdev->msix->entries * sizeof(VFIOMSIVector));
-
- vdev->interrupt = VFIO_INT_MSIX;
-
- if (msix_set_vector_notifiers(&vdev->pdev, vfio_msix_vector_use,
- vfio_msix_vector_release)) {
- error_report("vfio: msix_set_vector_notifiers failed\n");
- }
-
- DPRINTF("%s(%04x:%02x:%02x.%x)\n", __func__, vdev->host.domain,
- vdev->host.bus, vdev->host.slot, vdev->host.function);
-}
-
-static void vfio_enable_msi(VFIODevice *vdev)
-{
- int ret, i;
-
- vfio_disable_interrupts(vdev);
-
- vdev->nr_vectors = msi_nr_vectors_allocated(&vdev->pdev);
-retry:
- vdev->msi_vectors = g_malloc0(vdev->nr_vectors * sizeof(VFIOMSIVector));
-
- for (i = 0; i < vdev->nr_vectors; i++) {
- MSIMessage msg;
- VFIOMSIVector *vector = &vdev->msi_vectors[i];
-
- vector->vdev = vdev;
- vector->use = true;
-
- if (event_notifier_init(&vector->interrupt, 0)) {
- error_report("vfio: Error: event_notifier_init failed\n");
- }
-
- msg = msi_get_message(&vdev->pdev, i);
-
- /*
- * Attempt to enable route through KVM irqchip,
- * default to userspace handling if unavailable.
- */
- vector->virq = kvm_irqchip_add_msi_route(kvm_state, msg);
- if (vector->virq < 0 ||
- kvm_irqchip_add_irqfd_notifier(kvm_state, &vector->interrupt,
- vector->virq) < 0) {
- qemu_set_fd_handler(event_notifier_get_fd(&vector->interrupt),
- vfio_msi_interrupt, NULL, vector);
- }
- }
-
- ret = vfio_enable_vectors(vdev, false);
- if (ret) {
- if (ret < 0) {
- error_report("vfio: Error: Failed to setup MSI fds: %m\n");
- } else if (ret != vdev->nr_vectors) {
- error_report("vfio: Error: Failed to enable %d "
- "MSI vectors, retry with %d\n", vdev->nr_vectors, ret);
- }
-
- for (i = 0; i < vdev->nr_vectors; i++) {
- VFIOMSIVector *vector = &vdev->msi_vectors[i];
- if (vector->virq >= 0) {
- kvm_irqchip_remove_irqfd_notifier(kvm_state, &vector->interrupt,
- vector->virq);
- kvm_irqchip_release_virq(kvm_state, vector->virq);
- vector->virq = -1;
- } else {
- qemu_set_fd_handler(event_notifier_get_fd(&vector->interrupt),
- NULL, NULL, NULL);
- }
- event_notifier_cleanup(&vector->interrupt);
- }
-
- g_free(vdev->msi_vectors);
-
- if (ret > 0 && ret != vdev->nr_vectors) {
- vdev->nr_vectors = ret;
- goto retry;
- }
- vdev->nr_vectors = 0;
-
- return;
- }
-
- vdev->interrupt = VFIO_INT_MSI;
-
- DPRINTF("%s(%04x:%02x:%02x.%x) Enabled %d MSI vectors\n", __func__,
- vdev->host.domain, vdev->host.bus, vdev->host.slot,
- vdev->host.function, vdev->nr_vectors);
-}
-
-static void vfio_disable_msi_common(VFIODevice *vdev)
-{
- g_free(vdev->msi_vectors);
- vdev->msi_vectors = NULL;
- vdev->nr_vectors = 0;
- vdev->interrupt = VFIO_INT_NONE;
-
- vfio_enable_intx(vdev);
-}
-
-static void vfio_disable_msix(VFIODevice *vdev)
-{
- msix_unset_vector_notifiers(&vdev->pdev);
-
- if (vdev->nr_vectors) {
- vfio_disable_irqindex(vdev, VFIO_PCI_MSIX_IRQ_INDEX);
- }
-
- vfio_disable_msi_common(vdev);
-
- DPRINTF("%s(%04x:%02x:%02x.%x)\n", __func__, vdev->host.domain,
- vdev->host.bus, vdev->host.slot, vdev->host.function);
-}
-
-static void vfio_disable_msi(VFIODevice *vdev)
-{
- int i;
-
- vfio_disable_irqindex(vdev, VFIO_PCI_MSI_IRQ_INDEX);
-
- for (i = 0; i < vdev->nr_vectors; i++) {
- VFIOMSIVector *vector = &vdev->msi_vectors[i];
-
- if (!vector->use) {
- continue;
- }
-
- if (vector->virq >= 0) {
- kvm_irqchip_remove_irqfd_notifier(kvm_state,
- &vector->interrupt, vector->virq);
- kvm_irqchip_release_virq(kvm_state, vector->virq);
- vector->virq = -1;
- } else {
- qemu_set_fd_handler(event_notifier_get_fd(&vector->interrupt),
- NULL, NULL, NULL);
- }
-
- event_notifier_cleanup(&vector->interrupt);
- }
-
- vfio_disable_msi_common(vdev);
-
- DPRINTF("%s(%04x:%02x:%02x.%x)\n", __func__, vdev->host.domain,
- vdev->host.bus, vdev->host.slot, vdev->host.function);
-}
-
-/*
- * IO Port/MMIO - Beware of the endians, VFIO is always little endian
- */
-static void vfio_bar_write(void *opaque, hwaddr addr,
- uint64_t data, unsigned size)
-{
- VFIOBAR *bar = opaque;
- union {
- uint8_t byte;
- uint16_t word;
- uint32_t dword;
- uint64_t qword;
- } buf;
-
- switch (size) {
- case 1:
- buf.byte = data;
- break;
- case 2:
- buf.word = cpu_to_le16(data);
- break;
- case 4:
- buf.dword = cpu_to_le32(data);
- break;
- default:
- hw_error("vfio: unsupported write size, %d bytes\n", size);
- break;
- }
-
- if (pwrite(bar->fd, &buf, size, bar->fd_offset + addr) != size) {
- error_report("%s(,0x%"HWADDR_PRIx", 0x%"PRIx64", %d) failed: %m\n",
- __func__, addr, data, size);
- }
-
- DPRINTF("%s(BAR%d+0x%"HWADDR_PRIx", 0x%"PRIx64", %d)\n",
- __func__, bar->nr, addr, data, size);
-
- /*
- * A read or write to a BAR always signals an INTx EOI. This will
- * do nothing if not pending (including not in INTx mode). We assume
- * that a BAR access is in response to an interrupt and that BAR
- * accesses will service the interrupt. Unfortunately, we don't know
- * which access will service the interrupt, so we're potentially
- * getting quite a few host interrupts per guest interrupt.
- */
- vfio_eoi(container_of(bar, VFIODevice, bars[bar->nr]));
-}
-
-static uint64_t vfio_bar_read(void *opaque,
- hwaddr addr, unsigned size)
-{
- VFIOBAR *bar = opaque;
- union {
- uint8_t byte;
- uint16_t word;
- uint32_t dword;
- uint64_t qword;
- } buf;
- uint64_t data = 0;
-
- if (pread(bar->fd, &buf, size, bar->fd_offset + addr) != size) {
- error_report("%s(,0x%"HWADDR_PRIx", %d) failed: %m\n",
- __func__, addr, size);
- return (uint64_t)-1;
- }
-
- switch (size) {
- case 1:
- data = buf.byte;
- break;
- case 2:
- data = le16_to_cpu(buf.word);
- break;
- case 4:
- data = le32_to_cpu(buf.dword);
- break;
- default:
- hw_error("vfio: unsupported read size, %d bytes\n", size);
- break;
- }
-
- DPRINTF("%s(BAR%d+0x%"HWADDR_PRIx", %d) = 0x%"PRIx64"\n",
- __func__, bar->nr, addr, size, data);
-
- /* Same as write above */
- vfio_eoi(container_of(bar, VFIODevice, bars[bar->nr]));
-
- return data;
-}
-
-static const MemoryRegionOps vfio_bar_ops = {
- .read = vfio_bar_read,
- .write = vfio_bar_write,
- .endianness = DEVICE_LITTLE_ENDIAN,
-};
-
-/*
- * PCI config space
- */
-static uint32_t vfio_pci_read_config(PCIDevice *pdev, uint32_t addr, int len)
-{
- VFIODevice *vdev = DO_UPCAST(VFIODevice, pdev, pdev);
- uint32_t val = 0;
-
- /*
- * We only need QEMU PCI config support for the ROM BAR, the MSI and MSIX
- * capabilities, and the multifunction bit below. We let VFIO handle
- * virtualizing everything else. Performance is not a concern here.
- */
- if (ranges_overlap(addr, len, PCI_ROM_ADDRESS, 4) ||
- (pdev->cap_present & QEMU_PCI_CAP_MSIX &&
- ranges_overlap(addr, len, pdev->msix_cap, MSIX_CAP_LENGTH)) ||
- (pdev->cap_present & QEMU_PCI_CAP_MSI &&
- ranges_overlap(addr, len, pdev->msi_cap, vdev->msi_cap_size))) {
-
- val = pci_default_read_config(pdev, addr, len);
- } else {
- if (pread(vdev->fd, &val, len, vdev->config_offset + addr) != len) {
- error_report("%s(%04x:%02x:%02x.%x, 0x%x, 0x%x) failed: %m\n",
- __func__, vdev->host.domain, vdev->host.bus,
- vdev->host.slot, vdev->host.function, addr, len);
- return -errno;
- }
- val = le32_to_cpu(val);
- }
-
- /* Multifunction bit is virualized in QEMU */
- if (unlikely(ranges_overlap(addr, len, PCI_HEADER_TYPE, 1))) {
- uint32_t mask = PCI_HEADER_TYPE_MULTI_FUNCTION;
-
- if (len == 4) {
- mask <<= 16;
- }
-
- if (pdev->cap_present & QEMU_PCI_CAP_MULTIFUNCTION) {
- val |= mask;
- } else {
- val &= ~mask;
- }
- }
-
- DPRINTF("%s(%04x:%02x:%02x.%x, @0x%x, len=0x%x) %x\n", __func__,
- vdev->host.domain, vdev->host.bus, vdev->host.slot,
- vdev->host.function, addr, len, val);
-
- return val;
-}
-
-static void vfio_pci_write_config(PCIDevice *pdev, uint32_t addr,
- uint32_t val, int len)
-{
- VFIODevice *vdev = DO_UPCAST(VFIODevice, pdev, pdev);
- uint32_t val_le = cpu_to_le32(val);
-
- DPRINTF("%s(%04x:%02x:%02x.%x, @0x%x, 0x%x, len=0x%x)\n", __func__,
- vdev->host.domain, vdev->host.bus, vdev->host.slot,
- vdev->host.function, addr, val, len);
-
- /* Write everything to VFIO, let it filter out what we can't write */
- if (pwrite(vdev->fd, &val_le, len, vdev->config_offset + addr) != len) {
- error_report("%s(%04x:%02x:%02x.%x, 0x%x, 0x%x, 0x%x) failed: %m\n",
- __func__, vdev->host.domain, vdev->host.bus,
- vdev->host.slot, vdev->host.function, addr, val, len);
- }
-
- /* Write standard header bits to emulation */
- if (addr < PCI_CONFIG_HEADER_SIZE) {
- pci_default_write_config(pdev, addr, val, len);
- return;
- }
-
- /* MSI/MSI-X Enabling/Disabling */
- if (pdev->cap_present & QEMU_PCI_CAP_MSI &&
- ranges_overlap(addr, len, pdev->msi_cap, vdev->msi_cap_size)) {
- int is_enabled, was_enabled = msi_enabled(pdev);
-
- pci_default_write_config(pdev, addr, val, len);
-
- is_enabled = msi_enabled(pdev);
-
- if (!was_enabled && is_enabled) {
- vfio_enable_msi(vdev);
- } else if (was_enabled && !is_enabled) {
- vfio_disable_msi(vdev);
- }
- }
-
- if (pdev->cap_present & QEMU_PCI_CAP_MSIX &&
- ranges_overlap(addr, len, pdev->msix_cap, MSIX_CAP_LENGTH)) {
- int is_enabled, was_enabled = msix_enabled(pdev);
-
- pci_default_write_config(pdev, addr, val, len);
-
- is_enabled = msix_enabled(pdev);
-
- if (!was_enabled && is_enabled) {
- vfio_enable_msix(vdev);
- } else if (was_enabled && !is_enabled) {
- vfio_disable_msix(vdev);
- }
- }
-}
-
-/*
- * DMA - Mapping and unmapping for the "type1" IOMMU interface used on x86
- */
-static int vfio_dma_unmap(VFIOContainer *container,
- hwaddr iova, ram_addr_t size)
-{
- struct vfio_iommu_type1_dma_unmap unmap = {
- .argsz = sizeof(unmap),
- .flags = 0,
- .iova = iova,
- .size = size,
- };
-
- if (ioctl(container->fd, VFIO_IOMMU_UNMAP_DMA, &unmap)) {
- DPRINTF("VFIO_UNMAP_DMA: %d\n", -errno);
- return -errno;
- }
-
- return 0;
-}
-
-static int vfio_dma_map(VFIOContainer *container, hwaddr iova,
- ram_addr_t size, void *vaddr, bool readonly)
-{
- struct vfio_iommu_type1_dma_map map = {
- .argsz = sizeof(map),
- .flags = VFIO_DMA_MAP_FLAG_READ,
- .vaddr = (__u64)(uintptr_t)vaddr,
- .iova = iova,
- .size = size,
- };
-
- if (!readonly) {
- map.flags |= VFIO_DMA_MAP_FLAG_WRITE;
- }
-
- /*
- * Try the mapping, if it fails with EBUSY, unmap the region and try
- * again. This shouldn't be necessary, but we sometimes see it in
- * the the VGA ROM space.
- */
- if (ioctl(container->fd, VFIO_IOMMU_MAP_DMA, &map) == 0 ||
- (errno == EBUSY && vfio_dma_unmap(container, iova, size) == 0 &&
- ioctl(container->fd, VFIO_IOMMU_MAP_DMA, &map) == 0)) {
- return 0;
- }
-
- DPRINTF("VFIO_MAP_DMA: %d\n", -errno);
- return -errno;
-}
-
-static bool vfio_listener_skipped_section(MemoryRegionSection *section)
-{
- return !memory_region_is_ram(section->mr);
-}
-
-static void vfio_listener_region_add(MemoryListener *listener,
- MemoryRegionSection *section)
-{
- VFIOContainer *container = container_of(listener, VFIOContainer,
- iommu_data.listener);
- hwaddr iova, end;
- void *vaddr;
- int ret;
-
- if (vfio_listener_skipped_section(section)) {
- DPRINTF("vfio: SKIPPING region_add %"HWADDR_PRIx" - %"PRIx64"\n",
- section->offset_within_address_space,
- section->offset_within_address_space + section->size - 1);
- return;
- }
-
- if (unlikely((section->offset_within_address_space & ~TARGET_PAGE_MASK) !=
- (section->offset_within_region & ~TARGET_PAGE_MASK))) {
- error_report("%s received unaligned region\n", __func__);
- return;
- }
-
- iova = TARGET_PAGE_ALIGN(section->offset_within_address_space);
- end = (section->offset_within_address_space + section->size) &
- TARGET_PAGE_MASK;
-
- if (iova >= end) {
- return;
- }
-
- vaddr = memory_region_get_ram_ptr(section->mr) +
- section->offset_within_region +
- (iova - section->offset_within_address_space);
-
- DPRINTF("vfio: region_add %"HWADDR_PRIx" - %"HWADDR_PRIx" [%p]\n",
- iova, end - 1, vaddr);
-
- ret = vfio_dma_map(container, iova, end - iova, vaddr, section->readonly);
- if (ret) {
- error_report("vfio_dma_map(%p, 0x%"HWADDR_PRIx", "
- "0x%"HWADDR_PRIx", %p) = %d (%m)\n",
- container, iova, end - iova, vaddr, ret);
- }
-}
-
-static void vfio_listener_region_del(MemoryListener *listener,
- MemoryRegionSection *section)
-{
- VFIOContainer *container = container_of(listener, VFIOContainer,
- iommu_data.listener);
- hwaddr iova, end;
- int ret;
-
- if (vfio_listener_skipped_section(section)) {
- DPRINTF("vfio: SKIPPING region_del %"HWADDR_PRIx" - %"PRIx64"\n",
- section->offset_within_address_space,
- section->offset_within_address_space + section->size - 1);
- return;
- }
-
- if (unlikely((section->offset_within_address_space & ~TARGET_PAGE_MASK) !=
- (section->offset_within_region & ~TARGET_PAGE_MASK))) {
- error_report("%s received unaligned region\n", __func__);
- return;
- }
-
- iova = TARGET_PAGE_ALIGN(section->offset_within_address_space);
- end = (section->offset_within_address_space + section->size) &
- TARGET_PAGE_MASK;
-
- if (iova >= end) {
- return;
- }
-
- DPRINTF("vfio: region_del %"HWADDR_PRIx" - %"HWADDR_PRIx"\n",
- iova, end - 1);
-
- ret = vfio_dma_unmap(container, iova, end - iova);
- if (ret) {
- error_report("vfio_dma_unmap(%p, 0x%"HWADDR_PRIx", "
- "0x%"HWADDR_PRIx") = %d (%m)\n",
- container, iova, end - iova, ret);
- }
-}
-
-static MemoryListener vfio_memory_listener = {
- .region_add = vfio_listener_region_add,
- .region_del = vfio_listener_region_del,
-};
-
-static void vfio_listener_release(VFIOContainer *container)
-{
- memory_listener_unregister(&container->iommu_data.listener);
-}
-
-/*
- * Interrupt setup
- */
-static void vfio_disable_interrupts(VFIODevice *vdev)
-{
- switch (vdev->interrupt) {
- case VFIO_INT_INTx:
- vfio_disable_intx(vdev);
- break;
- case VFIO_INT_MSI:
- vfio_disable_msi(vdev);
- break;
- case VFIO_INT_MSIX:
- vfio_disable_msix(vdev);
- break;
- }
-}
-
-static int vfio_setup_msi(VFIODevice *vdev, int pos)
-{
- uint16_t ctrl;
- bool msi_64bit, msi_maskbit;
- int ret, entries;
-
- if (pread(vdev->fd, &ctrl, sizeof(ctrl),
- vdev->config_offset + pos + PCI_CAP_FLAGS) != sizeof(ctrl)) {
- return -errno;
- }
- ctrl = le16_to_cpu(ctrl);
-
- msi_64bit = !!(ctrl & PCI_MSI_FLAGS_64BIT);
- msi_maskbit = !!(ctrl & PCI_MSI_FLAGS_MASKBIT);
- entries = 1 << ((ctrl & PCI_MSI_FLAGS_QMASK) >> 1);
-
- DPRINTF("%04x:%02x:%02x.%x PCI MSI CAP @0x%x\n", vdev->host.domain,
- vdev->host.bus, vdev->host.slot, vdev->host.function, pos);
-
- ret = msi_init(&vdev->pdev, pos, entries, msi_64bit, msi_maskbit);
- if (ret < 0) {
- if (ret == -ENOTSUP) {
- return 0;
- }
- error_report("vfio: msi_init failed\n");
- return ret;
- }
- vdev->msi_cap_size = 0xa + (msi_maskbit ? 0xa : 0) + (msi_64bit ? 0x4 : 0);
-
- return 0;
-}
-
-/*
- * We don't have any control over how pci_add_capability() inserts
- * capabilities into the chain. In order to setup MSI-X we need a
- * MemoryRegion for the BAR. In order to setup the BAR and not
- * attempt to mmap the MSI-X table area, which VFIO won't allow, we
- * need to first look for where the MSI-X table lives. So we
- * unfortunately split MSI-X setup across two functions.
- */
-static int vfio_early_setup_msix(VFIODevice *vdev)
-{
- uint8_t pos;
- uint16_t ctrl;
- uint32_t table, pba;
-
- pos = pci_find_capability(&vdev->pdev, PCI_CAP_ID_MSIX);
- if (!pos) {
- return 0;
- }
-
- if (pread(vdev->fd, &ctrl, sizeof(ctrl),
- vdev->config_offset + pos + PCI_CAP_FLAGS) != sizeof(ctrl)) {
- return -errno;
- }
-
- if (pread(vdev->fd, &table, sizeof(table),
- vdev->config_offset + pos + PCI_MSIX_TABLE) != sizeof(table)) {
- return -errno;
- }
-
- if (pread(vdev->fd, &pba, sizeof(pba),
- vdev->config_offset + pos + PCI_MSIX_PBA) != sizeof(pba)) {
- return -errno;
- }
-
- ctrl = le16_to_cpu(ctrl);
- table = le32_to_cpu(table);
- pba = le32_to_cpu(pba);
-
- vdev->msix = g_malloc0(sizeof(*(vdev->msix)));
- vdev->msix->table_bar = table & PCI_MSIX_FLAGS_BIRMASK;
- vdev->msix->table_offset = table & ~PCI_MSIX_FLAGS_BIRMASK;
- vdev->msix->pba_bar = pba & PCI_MSIX_FLAGS_BIRMASK;
- vdev->msix->pba_offset = pba & ~PCI_MSIX_FLAGS_BIRMASK;
- vdev->msix->entries = (ctrl & PCI_MSIX_FLAGS_QSIZE) + 1;
-
- DPRINTF("%04x:%02x:%02x.%x "
- "PCI MSI-X CAP @0x%x, BAR %d, offset 0x%x, entries %d\n",
- vdev->host.domain, vdev->host.bus, vdev->host.slot,
- vdev->host.function, pos, vdev->msix->table_bar,
- vdev->msix->table_offset, vdev->msix->entries);
-
- return 0;
-}
-
-static int vfio_setup_msix(VFIODevice *vdev, int pos)
-{
- int ret;
-
- ret = msix_init(&vdev->pdev, vdev->msix->entries,
- &vdev->bars[vdev->msix->table_bar].mem,
- vdev->msix->table_bar, vdev->msix->table_offset,
- &vdev->bars[vdev->msix->pba_bar].mem,
- vdev->msix->pba_bar, vdev->msix->pba_offset, pos);
- if (ret < 0) {
- if (ret == -ENOTSUP) {
- return 0;
- }
- error_report("vfio: msix_init failed\n");
- return ret;
- }
-
- return 0;
-}
-
-static void vfio_teardown_msi(VFIODevice *vdev)
-{
- msi_uninit(&vdev->pdev);
-
- if (vdev->msix) {
- msix_uninit(&vdev->pdev, &vdev->bars[vdev->msix->table_bar].mem,
- &vdev->bars[vdev->msix->pba_bar].mem);
- }
-}
-
-/*
- * Resource setup
- */
-static void vfio_mmap_set_enabled(VFIODevice *vdev, bool enabled)
-{
- int i;
-
- for (i = 0; i < PCI_ROM_SLOT; i++) {
- VFIOBAR *bar = &vdev->bars[i];
-
- if (!bar->size) {
- continue;
- }
-
- memory_region_set_enabled(&bar->mmap_mem, enabled);
- if (vdev->msix && vdev->msix->table_bar == i) {
- memory_region_set_enabled(&vdev->msix->mmap_mem, enabled);
- }
- }
-}
-
-static void vfio_unmap_bar(VFIODevice *vdev, int nr)
-{
- VFIOBAR *bar = &vdev->bars[nr];
-
- if (!bar->size) {
- return;
- }
-
- memory_region_del_subregion(&bar->mem, &bar->mmap_mem);
- munmap(bar->mmap, memory_region_size(&bar->mmap_mem));
-
- if (vdev->msix && vdev->msix->table_bar == nr) {
- memory_region_del_subregion(&bar->mem, &vdev->msix->mmap_mem);
- munmap(vdev->msix->mmap, memory_region_size(&vdev->msix->mmap_mem));
- }
-
- memory_region_destroy(&bar->mem);
-}
-
-static int vfio_mmap_bar(VFIOBAR *bar, MemoryRegion *mem, MemoryRegion *submem,
- void **map, size_t size, off_t offset,
- const char *name)
-{
- int ret = 0;
-
- if (size && bar->flags & VFIO_REGION_INFO_FLAG_MMAP) {
- int prot = 0;
-
- if (bar->flags & VFIO_REGION_INFO_FLAG_READ) {
- prot |= PROT_READ;
- }
-
- if (bar->flags & VFIO_REGION_INFO_FLAG_WRITE) {
- prot |= PROT_WRITE;
- }
-
- *map = mmap(NULL, size, prot, MAP_SHARED,
- bar->fd, bar->fd_offset + offset);
- if (*map == MAP_FAILED) {
- *map = NULL;
- ret = -errno;
- goto empty_region;
- }
-
- memory_region_init_ram_ptr(submem, name, size, *map);
- } else {
-empty_region:
- /* Create a zero sized sub-region to make cleanup easy. */
- memory_region_init(submem, name, 0);
- }
-
- memory_region_add_subregion(mem, offset, submem);
-
- return ret;
-}
-
-static void vfio_map_bar(VFIODevice *vdev, int nr)
-{
- VFIOBAR *bar = &vdev->bars[nr];
- unsigned size = bar->size;
- char name[64];
- uint32_t pci_bar;
- uint8_t type;
- int ret;
-
- /* Skip both unimplemented BARs and the upper half of 64bit BARS. */
- if (!size) {
- return;
- }
-
- snprintf(name, sizeof(name), "VFIO %04x:%02x:%02x.%x BAR %d",
- vdev->host.domain, vdev->host.bus, vdev->host.slot,
- vdev->host.function, nr);
-
- /* Determine what type of BAR this is for registration */
- ret = pread(vdev->fd, &pci_bar, sizeof(pci_bar),
- vdev->config_offset + PCI_BASE_ADDRESS_0 + (4 * nr));
- if (ret != sizeof(pci_bar)) {
- error_report("vfio: Failed to read BAR %d (%m)\n", nr);
- return;
- }
-
- pci_bar = le32_to_cpu(pci_bar);
- type = pci_bar & (pci_bar & PCI_BASE_ADDRESS_SPACE_IO ?
- ~PCI_BASE_ADDRESS_IO_MASK : ~PCI_BASE_ADDRESS_MEM_MASK);
-
- /* A "slow" read/write mapping underlies all BARs */
- memory_region_init_io(&bar->mem, &vfio_bar_ops, bar, name, size);
- pci_register_bar(&vdev->pdev, nr, type, &bar->mem);
-
- /*
- * We can't mmap areas overlapping the MSIX vector table, so we
- * potentially insert a direct-mapped subregion before and after it.
- */
- if (vdev->msix && vdev->msix->table_bar == nr) {
- size = vdev->msix->table_offset & TARGET_PAGE_MASK;
- }
-
- strncat(name, " mmap", sizeof(name) - strlen(name) - 1);
- if (vfio_mmap_bar(bar, &bar->mem,
- &bar->mmap_mem, &bar->mmap, size, 0, name)) {
- error_report("%s unsupported. Performance may be slow\n", name);
- }
-
- if (vdev->msix && vdev->msix->table_bar == nr) {
- unsigned start;
-
- start = TARGET_PAGE_ALIGN(vdev->msix->table_offset +
- (vdev->msix->entries * PCI_MSIX_ENTRY_SIZE));
-
- size = start < bar->size ? bar->size - start : 0;
- strncat(name, " msix-hi", sizeof(name) - strlen(name) - 1);
- /* VFIOMSIXInfo contains another MemoryRegion for this mapping */
- if (vfio_mmap_bar(bar, &bar->mem, &vdev->msix->mmap_mem,
- &vdev->msix->mmap, size, start, name)) {
- error_report("%s unsupported. Performance may be slow\n", name);
- }
- }
-}
-
-static void vfio_map_bars(VFIODevice *vdev)
-{
- int i;
-
- for (i = 0; i < PCI_ROM_SLOT; i++) {
- vfio_map_bar(vdev, i);
- }
-}
-
-static void vfio_unmap_bars(VFIODevice *vdev)
-{
- int i;
-
- for (i = 0; i < PCI_ROM_SLOT; i++) {
- vfio_unmap_bar(vdev, i);
- }
-}
-
-/*
- * General setup
- */
-static uint8_t vfio_std_cap_max_size(PCIDevice *pdev, uint8_t pos)
-{
- uint8_t tmp, next = 0xff;
-
- for (tmp = pdev->config[PCI_CAPABILITY_LIST]; tmp;
- tmp = pdev->config[tmp + 1]) {
- if (tmp > pos && tmp < next) {
- next = tmp;
- }
- }
-
- return next - pos;
-}
-
-static int vfio_add_std_cap(VFIODevice *vdev, uint8_t pos)
-{
- PCIDevice *pdev = &vdev->pdev;
- uint8_t cap_id, next, size;
- int ret;
-
- cap_id = pdev->config[pos];
- next = pdev->config[pos + 1];
-
- /*
- * If it becomes important to configure capabilities to their actual
- * size, use this as the default when it's something we don't recognize.
- * Since QEMU doesn't actually handle many of the config accesses,
- * exact size doesn't seem worthwhile.
- */
- size = vfio_std_cap_max_size(pdev, pos);
-
- /*
- * pci_add_capability always inserts the new capability at the head
- * of the chain. Therefore to end up with a chain that matches the
- * physical device, we insert from the end by making this recursive.
- * This is also why we pre-caclulate size above as cached config space
- * will be changed as we unwind the stack.
- */
- if (next) {
- ret = vfio_add_std_cap(vdev, next);
- if (ret) {
- return ret;
- }
- } else {
- pdev->config[PCI_CAPABILITY_LIST] = 0; /* Begin the rebuild */
- }
-
- switch (cap_id) {
- case PCI_CAP_ID_MSI:
- ret = vfio_setup_msi(vdev, pos);
- break;
- case PCI_CAP_ID_MSIX:
- ret = vfio_setup_msix(vdev, pos);
- break;
- default:
- ret = pci_add_capability(pdev, cap_id, pos, size);
- break;
- }
-
- if (ret < 0) {
- error_report("vfio: %04x:%02x:%02x.%x Error adding PCI capability "
- "0x%x[0x%x]@0x%x: %d\n", vdev->host.domain,
- vdev->host.bus, vdev->host.slot, vdev->host.function,
- cap_id, size, pos, ret);
- return ret;
- }
-
- return 0;
-}
-
-static int vfio_add_capabilities(VFIODevice *vdev)
-{
- PCIDevice *pdev = &vdev->pdev;
-
- if (!(pdev->config[PCI_STATUS] & PCI_STATUS_CAP_LIST) ||
- !pdev->config[PCI_CAPABILITY_LIST]) {
- return 0; /* Nothing to add */
- }
-
- return vfio_add_std_cap(vdev, pdev->config[PCI_CAPABILITY_LIST]);
-}
-
-static int vfio_load_rom(VFIODevice *vdev)
-{
- uint64_t size = vdev->rom_size;
- char name[32];
- off_t off = 0, voff = vdev->rom_offset;
- ssize_t bytes;
- void *ptr;
-
- /* If loading ROM from file, pci handles it */
- if (vdev->pdev.romfile || !vdev->pdev.rom_bar || !size) {
- return 0;
- }
-
- DPRINTF("%s(%04x:%02x:%02x.%x)\n", __func__, vdev->host.domain,
- vdev->host.bus, vdev->host.slot, vdev->host.function);
-
- snprintf(name, sizeof(name), "vfio[%04x:%02x:%02x.%x].rom",
- vdev->host.domain, vdev->host.bus, vdev->host.slot,
- vdev->host.function);
- memory_region_init_ram(&vdev->pdev.rom, name, size);
- ptr = memory_region_get_ram_ptr(&vdev->pdev.rom);
- memset(ptr, 0xff, size);
-
- while (size) {
- bytes = pread(vdev->fd, ptr + off, size, voff + off);
- if (bytes == 0) {
- break; /* expect that we could get back less than the ROM BAR */
- } else if (bytes > 0) {
- off += bytes;
- size -= bytes;
- } else {
- if (errno == EINTR || errno == EAGAIN) {
- continue;
- }
- error_report("vfio: Error reading device ROM: %m\n");
- memory_region_destroy(&vdev->pdev.rom);
- return -errno;
- }
- }
-
- pci_register_bar(&vdev->pdev, PCI_ROM_SLOT, 0, &vdev->pdev.rom);
- vdev->pdev.has_rom = true;
- return 0;
-}
-
-static int vfio_connect_container(VFIOGroup *group)
-{
- VFIOContainer *container;
- int ret, fd;
-
- if (group->container) {
- return 0;
- }
-
- QLIST_FOREACH(container, &container_list, next) {
- if (!ioctl(group->fd, VFIO_GROUP_SET_CONTAINER, &container->fd)) {
- group->container = container;
- QLIST_INSERT_HEAD(&container->group_list, group, container_next);
- return 0;
- }
- }
-
- fd = qemu_open("/dev/vfio/vfio", O_RDWR);
- if (fd < 0) {
- error_report("vfio: failed to open /dev/vfio/vfio: %m\n");
- return -errno;
- }
-
- ret = ioctl(fd, VFIO_GET_API_VERSION);
- if (ret != VFIO_API_VERSION) {
- error_report("vfio: supported vfio version: %d, "
- "reported version: %d\n", VFIO_API_VERSION, ret);
- close(fd);
- return -EINVAL;
- }
-
- container = g_malloc0(sizeof(*container));
- container->fd = fd;
-
- if (ioctl(fd, VFIO_CHECK_EXTENSION, VFIO_TYPE1_IOMMU)) {
- ret = ioctl(group->fd, VFIO_GROUP_SET_CONTAINER, &fd);
- if (ret) {
- error_report("vfio: failed to set group container: %m\n");
- g_free(container);
- close(fd);
- return -errno;
- }
-
- ret = ioctl(fd, VFIO_SET_IOMMU, VFIO_TYPE1_IOMMU);
- if (ret) {
- error_report("vfio: failed to set iommu for container: %m\n");
- g_free(container);
- close(fd);
- return -errno;
- }
-
- container->iommu_data.listener = vfio_memory_listener;
- container->iommu_data.release = vfio_listener_release;
-
- memory_listener_register(&container->iommu_data.listener, &address_space_memory);
- } else {
- error_report("vfio: No available IOMMU models\n");
- g_free(container);
- close(fd);
- return -EINVAL;
- }
-
- QLIST_INIT(&container->group_list);
- QLIST_INSERT_HEAD(&container_list, container, next);
-
- group->container = container;
- QLIST_INSERT_HEAD(&container->group_list, group, container_next);
-
- return 0;
-}
-
-static void vfio_disconnect_container(VFIOGroup *group)
-{
- VFIOContainer *container = group->container;
-
- if (ioctl(group->fd, VFIO_GROUP_UNSET_CONTAINER, &container->fd)) {
- error_report("vfio: error disconnecting group %d from container\n",
- group->groupid);
- }
-
- QLIST_REMOVE(group, container_next);
- group->container = NULL;
-
- if (QLIST_EMPTY(&container->group_list)) {
- if (container->iommu_data.release) {
- container->iommu_data.release(container);
- }
- QLIST_REMOVE(container, next);
- DPRINTF("vfio_disconnect_container: close container->fd\n");
- close(container->fd);
- g_free(container);
- }
-}
-
-static VFIOGroup *vfio_get_group(int groupid)
-{
- VFIOGroup *group;
- char path[32];
- struct vfio_group_status status = { .argsz = sizeof(status) };
-
- QLIST_FOREACH(group, &group_list, next) {
- if (group->groupid == groupid) {
- return group;
- }
- }
-
- group = g_malloc0(sizeof(*group));
-
- snprintf(path, sizeof(path), "/dev/vfio/%d", groupid);
- group->fd = qemu_open(path, O_RDWR);
- if (group->fd < 0) {
- error_report("vfio: error opening %s: %m\n", path);
- g_free(group);
- return NULL;
- }
-
- if (ioctl(group->fd, VFIO_GROUP_GET_STATUS, &status)) {
- error_report("vfio: error getting group status: %m\n");
- close(group->fd);
- g_free(group);
- return NULL;
- }
-
- if (!(status.flags & VFIO_GROUP_FLAGS_VIABLE)) {
- error_report("vfio: error, group %d is not viable, please ensure "
- "all devices within the iommu_group are bound to their "
- "vfio bus driver.\n", groupid);
- close(group->fd);
- g_free(group);
- return NULL;
- }
-
- group->groupid = groupid;
- QLIST_INIT(&group->device_list);
-
- if (vfio_connect_container(group)) {
- error_report("vfio: failed to setup container for group %d\n", groupid);
- close(group->fd);
- g_free(group);
- return NULL;
- }
-
- QLIST_INSERT_HEAD(&group_list, group, next);
-
- return group;
-}
-
-static void vfio_put_group(VFIOGroup *group)
-{
- if (!QLIST_EMPTY(&group->device_list)) {
- return;
- }
-
- vfio_disconnect_container(group);
- QLIST_REMOVE(group, next);
- DPRINTF("vfio_put_group: close group->fd\n");
- close(group->fd);
- g_free(group);
-}
-
-static int vfio_get_device(VFIOGroup *group, const char *name, VFIODevice *vdev)
-{
- struct vfio_device_info dev_info = { .argsz = sizeof(dev_info) };
- struct vfio_region_info reg_info = { .argsz = sizeof(reg_info) };
- int ret, i;
-
- ret = ioctl(group->fd, VFIO_GROUP_GET_DEVICE_FD, name);
- if (ret < 0) {
- error_report("vfio: error getting device %s from group %d: %m\n",
- name, group->groupid);
- error_report("Verify all devices in group %d are bound to vfio-pci "
- "or pci-stub and not already in use\n", group->groupid);
- return ret;
- }
-
- vdev->fd = ret;
- vdev->group = group;
- QLIST_INSERT_HEAD(&group->device_list, vdev, next);
-
- /* Sanity check device */
- ret = ioctl(vdev->fd, VFIO_DEVICE_GET_INFO, &dev_info);
- if (ret) {
- error_report("vfio: error getting device info: %m\n");
- goto error;
- }
-
- DPRINTF("Device %s flags: %u, regions: %u, irgs: %u\n", name,
- dev_info.flags, dev_info.num_regions, dev_info.num_irqs);
-
- if (!(dev_info.flags & VFIO_DEVICE_FLAGS_PCI)) {
- error_report("vfio: Um, this isn't a PCI device\n");
- goto error;
- }
-
- vdev->reset_works = !!(dev_info.flags & VFIO_DEVICE_FLAGS_RESET);
- if (!vdev->reset_works) {
- error_report("Warning, device %s does not support reset\n", name);
- }
-
- if (dev_info.num_regions != VFIO_PCI_NUM_REGIONS) {
- error_report("vfio: unexpected number of io regions %u\n",
- dev_info.num_regions);
- goto error;
- }
-
- if (dev_info.num_irqs != VFIO_PCI_NUM_IRQS) {
- error_report("vfio: unexpected number of irqs %u\n", dev_info.num_irqs);
- goto error;
- }
-
- for (i = VFIO_PCI_BAR0_REGION_INDEX; i < VFIO_PCI_ROM_REGION_INDEX; i++) {
- reg_info.index = i;
-
- ret = ioctl(vdev->fd, VFIO_DEVICE_GET_REGION_INFO, &reg_info);
- if (ret) {
- error_report("vfio: Error getting region %d info: %m\n", i);
- goto error;
- }
-
- DPRINTF("Device %s region %d:\n", name, i);
- DPRINTF(" size: 0x%lx, offset: 0x%lx, flags: 0x%lx\n",
- (unsigned long)reg_info.size, (unsigned long)reg_info.offset,
- (unsigned long)reg_info.flags);
-
- vdev->bars[i].flags = reg_info.flags;
- vdev->bars[i].size = reg_info.size;
- vdev->bars[i].fd_offset = reg_info.offset;
- vdev->bars[i].fd = vdev->fd;
- vdev->bars[i].nr = i;
- }
-
- reg_info.index = VFIO_PCI_ROM_REGION_INDEX;
-
- ret = ioctl(vdev->fd, VFIO_DEVICE_GET_REGION_INFO, &reg_info);
- if (ret) {
- error_report("vfio: Error getting ROM info: %m\n");
- goto error;
- }
-
- DPRINTF("Device %s ROM:\n", name);
- DPRINTF(" size: 0x%lx, offset: 0x%lx, flags: 0x%lx\n",
- (unsigned long)reg_info.size, (unsigned long)reg_info.offset,
- (unsigned long)reg_info.flags);
-
- vdev->rom_size = reg_info.size;
- vdev->rom_offset = reg_info.offset;
-
- reg_info.index = VFIO_PCI_CONFIG_REGION_INDEX;
-
- ret = ioctl(vdev->fd, VFIO_DEVICE_GET_REGION_INFO, &reg_info);
- if (ret) {
- error_report("vfio: Error getting config info: %m\n");
- goto error;
- }
-
- DPRINTF("Device %s config:\n", name);
- DPRINTF(" size: 0x%lx, offset: 0x%lx, flags: 0x%lx\n",
- (unsigned long)reg_info.size, (unsigned long)reg_info.offset,
- (unsigned long)reg_info.flags);
-
- vdev->config_size = reg_info.size;
- vdev->config_offset = reg_info.offset;
-
-error:
- if (ret) {
- QLIST_REMOVE(vdev, next);
- vdev->group = NULL;
- close(vdev->fd);
- }
- return ret;
-}
-
-static void vfio_put_device(VFIODevice *vdev)
-{
- QLIST_REMOVE(vdev, next);
- vdev->group = NULL;
- DPRINTF("vfio_put_device: close vdev->fd\n");
- close(vdev->fd);
- if (vdev->msix) {
- g_free(vdev->msix);
- vdev->msix = NULL;
- }
-}
-
-static int vfio_initfn(PCIDevice *pdev)
-{
- VFIODevice *pvdev, *vdev = DO_UPCAST(VFIODevice, pdev, pdev);
- VFIOGroup *group;
- char path[PATH_MAX], iommu_group_path[PATH_MAX], *group_name;
- ssize_t len;
- struct stat st;
- int groupid;
- int ret;
-
- /* Check that the host device exists */
- snprintf(path, sizeof(path),
- "/sys/bus/pci/devices/%04x:%02x:%02x.%01x/",
- vdev->host.domain, vdev->host.bus, vdev->host.slot,
- vdev->host.function);
- if (stat(path, &st) < 0) {
- error_report("vfio: error: no such host device: %s\n", path);
- return -errno;
- }
-
- strncat(path, "iommu_group", sizeof(path) - strlen(path) - 1);
-
- len = readlink(path, iommu_group_path, PATH_MAX);
- if (len <= 0) {
- error_report("vfio: error no iommu_group for device\n");
- return -errno;
- }
-
- iommu_group_path[len] = 0;
- group_name = basename(iommu_group_path);
-
- if (sscanf(group_name, "%d", &groupid) != 1) {
- error_report("vfio: error reading %s: %m\n", path);
- return -errno;
- }
-
- DPRINTF("%s(%04x:%02x:%02x.%x) group %d\n", __func__, vdev->host.domain,
- vdev->host.bus, vdev->host.slot, vdev->host.function, groupid);
-
- group = vfio_get_group(groupid);
- if (!group) {
- error_report("vfio: failed to get group %d\n", groupid);
- return -ENOENT;
- }
-
- snprintf(path, sizeof(path), "%04x:%02x:%02x.%01x",
- vdev->host.domain, vdev->host.bus, vdev->host.slot,
- vdev->host.function);
-
- QLIST_FOREACH(pvdev, &group->device_list, next) {
- if (pvdev->host.domain == vdev->host.domain &&
- pvdev->host.bus == vdev->host.bus &&
- pvdev->host.slot == vdev->host.slot &&
- pvdev->host.function == vdev->host.function) {
-
- error_report("vfio: error: device %s is already attached\n", path);
- vfio_put_group(group);
- return -EBUSY;
- }
- }
-
- ret = vfio_get_device(group, path, vdev);
- if (ret) {
- error_report("vfio: failed to get device %s\n", path);
- vfio_put_group(group);
- return ret;
- }
-
- /* Get a copy of config space */
- ret = pread(vdev->fd, vdev->pdev.config,
- MIN(pci_config_size(&vdev->pdev), vdev->config_size),
- vdev->config_offset);
- if (ret < (int)MIN(pci_config_size(&vdev->pdev), vdev->config_size)) {
- ret = ret < 0 ? -errno : -EFAULT;
- error_report("vfio: Failed to read device config space\n");
- goto out_put;
- }
-
- /*
- * Clear host resource mapping info. If we choose not to register a
- * BAR, such as might be the case with the option ROM, we can get
- * confusing, unwritable, residual addresses from the host here.
- */
- memset(&vdev->pdev.config[PCI_BASE_ADDRESS_0], 0, 24);
- memset(&vdev->pdev.config[PCI_ROM_ADDRESS], 0, 4);
-
- vfio_load_rom(vdev);
-
- ret = vfio_early_setup_msix(vdev);
- if (ret) {
- goto out_put;
- }
-
- vfio_map_bars(vdev);
-
- ret = vfio_add_capabilities(vdev);
- if (ret) {
- goto out_teardown;
- }
-
- if (vfio_pci_read_config(&vdev->pdev, PCI_INTERRUPT_PIN, 1)) {
- vdev->intx.mmap_timer = qemu_new_timer_ms(vm_clock,
- vfio_intx_mmap_enable, vdev);
- pci_device_set_intx_routing_notifier(&vdev->pdev, vfio_update_irq);
- ret = vfio_enable_intx(vdev);
- if (ret) {
- goto out_teardown;
- }
- }
-
- return 0;
-
-out_teardown:
- pci_device_set_intx_routing_notifier(&vdev->pdev, NULL);
- vfio_teardown_msi(vdev);
- vfio_unmap_bars(vdev);
-out_put:
- vfio_put_device(vdev);
- vfio_put_group(group);
- return ret;
-}
-
-static void vfio_exitfn(PCIDevice *pdev)
-{
- VFIODevice *vdev = DO_UPCAST(VFIODevice, pdev, pdev);
- VFIOGroup *group = vdev->group;
-
- pci_device_set_intx_routing_notifier(&vdev->pdev, NULL);
- vfio_disable_interrupts(vdev);
- if (vdev->intx.mmap_timer) {
- qemu_free_timer(vdev->intx.mmap_timer);
- }
- vfio_teardown_msi(vdev);
- vfio_unmap_bars(vdev);
- vfio_put_device(vdev);
- vfio_put_group(group);
-}
-
-static void vfio_pci_reset(DeviceState *dev)
-{
- PCIDevice *pdev = DO_UPCAST(PCIDevice, qdev, dev);
- VFIODevice *vdev = DO_UPCAST(VFIODevice, pdev, pdev);
- uint16_t cmd;
-
- DPRINTF("%s(%04x:%02x:%02x.%x)\n", __func__, vdev->host.domain,
- vdev->host.bus, vdev->host.slot, vdev->host.function);
-
- vfio_disable_interrupts(vdev);
-
- /*
- * Stop any ongoing DMA by disconecting I/O, MMIO, and bus master.
- * Also put INTx Disable in known state.
- */
- cmd = vfio_pci_read_config(pdev, PCI_COMMAND, 2);
- cmd &= ~(PCI_COMMAND_IO | PCI_COMMAND_MEMORY | PCI_COMMAND_MASTER |
- PCI_COMMAND_INTX_DISABLE);
- vfio_pci_write_config(pdev, PCI_COMMAND, cmd, 2);
-
- if (vdev->reset_works) {
- if (ioctl(vdev->fd, VFIO_DEVICE_RESET)) {
- error_report("vfio: Error unable to reset physical device "
- "(%04x:%02x:%02x.%x): %m\n", vdev->host.domain,
- vdev->host.bus, vdev->host.slot, vdev->host.function);
- }
- }
-
- vfio_enable_intx(vdev);
-}
-
-static Property vfio_pci_dev_properties[] = {
- DEFINE_PROP_PCI_HOST_DEVADDR("host", VFIODevice, host),
- DEFINE_PROP_UINT32("x-intx-mmap-timeout-ms", VFIODevice,
- intx.mmap_timeout, 1100),
- /*
- * TODO - support passed fds... is this necessary?
- * DEFINE_PROP_STRING("vfiofd", VFIODevice, vfiofd_name),
- * DEFINE_PROP_STRING("vfiogroupfd, VFIODevice, vfiogroupfd_name),
- */
- DEFINE_PROP_END_OF_LIST(),
-};
-
-static const VMStateDescription vfio_pci_vmstate = {
- .name = "vfio-pci",
- .unmigratable = 1,
-};
-
-static void vfio_pci_dev_class_init(ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS(klass);
- PCIDeviceClass *pdc = PCI_DEVICE_CLASS(klass);
-
- dc->reset = vfio_pci_reset;
- dc->props = vfio_pci_dev_properties;
- dc->vmsd = &vfio_pci_vmstate;
- dc->desc = "VFIO-based PCI device assignment";
- pdc->init = vfio_initfn;
- pdc->exit = vfio_exitfn;
- pdc->config_read = vfio_pci_read_config;
- pdc->config_write = vfio_pci_write_config;
-}
-
-static const TypeInfo vfio_pci_dev_info = {
- .name = "vfio-pci",
- .parent = TYPE_PCI_DEVICE,
- .instance_size = sizeof(VFIODevice),
- .class_init = vfio_pci_dev_class_init,
-};
-
-static void register_vfio_pci_dev_type(void)
-{
- type_register_static(&vfio_pci_dev_info);
-}
-
-type_init(register_vfio_pci_dev_type)
diff --git a/hw/vga-isa-mm.c b/hw/vga-isa-mm.c
deleted file mode 100644
index 8ef4320d0..000000000
--- a/hw/vga-isa-mm.c
+++ /dev/null
@@ -1,143 +0,0 @@
-/*
- * QEMU ISA MM VGA Emulator.
- *
- * Copyright (c) 2003 Fabrice Bellard
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
- * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
- * THE SOFTWARE.
- */
-#include "hw.h"
-#include "console.h"
-#include "pc.h"
-#include "vga_int.h"
-#include "pixel_ops.h"
-#include "qemu-timer.h"
-
-#define VGA_RAM_SIZE (8192 * 1024)
-
-typedef struct ISAVGAMMState {
- VGACommonState vga;
- int it_shift;
-} ISAVGAMMState;
-
-/* Memory mapped interface */
-static uint32_t vga_mm_readb (void *opaque, hwaddr addr)
-{
- ISAVGAMMState *s = opaque;
-
- return vga_ioport_read(&s->vga, addr >> s->it_shift) & 0xff;
-}
-
-static void vga_mm_writeb (void *opaque,
- hwaddr addr, uint32_t value)
-{
- ISAVGAMMState *s = opaque;
-
- vga_ioport_write(&s->vga, addr >> s->it_shift, value & 0xff);
-}
-
-static uint32_t vga_mm_readw (void *opaque, hwaddr addr)
-{
- ISAVGAMMState *s = opaque;
-
- return vga_ioport_read(&s->vga, addr >> s->it_shift) & 0xffff;
-}
-
-static void vga_mm_writew (void *opaque,
- hwaddr addr, uint32_t value)
-{
- ISAVGAMMState *s = opaque;
-
- vga_ioport_write(&s->vga, addr >> s->it_shift, value & 0xffff);
-}
-
-static uint32_t vga_mm_readl (void *opaque, hwaddr addr)
-{
- ISAVGAMMState *s = opaque;
-
- return vga_ioport_read(&s->vga, addr >> s->it_shift);
-}
-
-static void vga_mm_writel (void *opaque,
- hwaddr addr, uint32_t value)
-{
- ISAVGAMMState *s = opaque;
-
- vga_ioport_write(&s->vga, addr >> s->it_shift, value);
-}
-
-static const MemoryRegionOps vga_mm_ctrl_ops = {
- .old_mmio = {
- .read = {
- vga_mm_readb,
- vga_mm_readw,
- vga_mm_readl,
- },
- .write = {
- vga_mm_writeb,
- vga_mm_writew,
- vga_mm_writel,
- },
- },
- .endianness = DEVICE_NATIVE_ENDIAN,
-};
-
-static void vga_mm_init(ISAVGAMMState *s, hwaddr vram_base,
- hwaddr ctrl_base, int it_shift,
- MemoryRegion *address_space)
-{
- MemoryRegion *s_ioport_ctrl, *vga_io_memory;
-
- s->it_shift = it_shift;
- s_ioport_ctrl = g_malloc(sizeof(*s_ioport_ctrl));
- memory_region_init_io(s_ioport_ctrl, &vga_mm_ctrl_ops, s,
- "vga-mm-ctrl", 0x100000);
- memory_region_set_flush_coalesced(s_ioport_ctrl);
-
- vga_io_memory = g_malloc(sizeof(*vga_io_memory));
- /* XXX: endianness? */
- memory_region_init_io(vga_io_memory, &vga_mem_ops, &s->vga,
- "vga-mem", 0x20000);
-
- vmstate_register(NULL, 0, &vmstate_vga_common, s);
-
- memory_region_add_subregion(address_space, ctrl_base, s_ioport_ctrl);
- s->vga.bank_offset = 0;
- memory_region_add_subregion(address_space,
- vram_base + 0x000a0000, vga_io_memory);
- memory_region_set_coalescing(vga_io_memory);
-}
-
-int isa_vga_mm_init(hwaddr vram_base,
- hwaddr ctrl_base, int it_shift,
- MemoryRegion *address_space)
-{
- ISAVGAMMState *s;
-
- s = g_malloc0(sizeof(*s));
-
- s->vga.vram_size_mb = VGA_RAM_SIZE >> 20;
- vga_common_init(&s->vga);
- vga_mm_init(s, vram_base, ctrl_base, it_shift, address_space);
-
- s->vga.ds = graphic_console_init(s->vga.update, s->vga.invalidate,
- s->vga.screen_dump, s->vga.text_update, s);
-
- vga_init_vbe(&s->vga, address_space);
- return 0;
-}
diff --git a/hw/vga-isa.c b/hw/vga-isa.c
deleted file mode 100644
index 046602b3d..000000000
--- a/hw/vga-isa.c
+++ /dev/null
@@ -1,101 +0,0 @@
-/*
- * QEMU ISA VGA Emulator.
- *
- * see docs/specs/standard-vga.txt for virtual hardware specs.
- *
- * Copyright (c) 2003 Fabrice Bellard
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
- * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
- * THE SOFTWARE.
- */
-#include "hw.h"
-#include "console.h"
-#include "pc.h"
-#include "vga_int.h"
-#include "pixel_ops.h"
-#include "qemu-timer.h"
-#include "loader.h"
-
-typedef struct ISAVGAState {
- ISADevice dev;
- struct VGACommonState state;
-} ISAVGAState;
-
-static void vga_reset_isa(DeviceState *dev)
-{
- ISAVGAState *d = container_of(dev, ISAVGAState, dev.qdev);
- VGACommonState *s = &d->state;
-
- vga_common_reset(s);
-}
-
-static int vga_initfn(ISADevice *dev)
-{
- ISAVGAState *d = DO_UPCAST(ISAVGAState, dev, dev);
- VGACommonState *s = &d->state;
- MemoryRegion *vga_io_memory;
- const MemoryRegionPortio *vga_ports, *vbe_ports;
-
- vga_common_init(s);
- s->legacy_address_space = isa_address_space(dev);
- vga_io_memory = vga_init_io(s, &vga_ports, &vbe_ports);
- isa_register_portio_list(dev, 0x3b0, vga_ports, s, "vga");
- if (vbe_ports) {
- isa_register_portio_list(dev, 0x1ce, vbe_ports, s, "vbe");
- }
- memory_region_add_subregion_overlap(isa_address_space(dev),
- isa_mem_base + 0x000a0000,
- vga_io_memory, 1);
- memory_region_set_coalescing(vga_io_memory);
- s->ds = graphic_console_init(s->update, s->invalidate,
- s->screen_dump, s->text_update, s);
-
- vga_init_vbe(s, isa_address_space(dev));
- /* ROM BIOS */
- rom_add_vga(VGABIOS_FILENAME);
- return 0;
-}
-
-static Property vga_isa_properties[] = {
- DEFINE_PROP_UINT32("vgamem_mb", ISAVGAState, state.vram_size_mb, 8),
- DEFINE_PROP_END_OF_LIST(),
-};
-
-static void vga_class_initfn(ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS(klass);
- ISADeviceClass *ic = ISA_DEVICE_CLASS(klass);
- ic->init = vga_initfn;
- dc->reset = vga_reset_isa;
- dc->vmsd = &vmstate_vga_common;
- dc->props = vga_isa_properties;
-}
-
-static TypeInfo vga_info = {
- .name = "isa-vga",
- .parent = TYPE_ISA_DEVICE,
- .instance_size = sizeof(ISAVGAState),
- .class_init = vga_class_initfn,
-};
-
-static void vga_register_types(void)
-{
- type_register_static(&vga_info);
-}
-
-type_init(vga_register_types)
diff --git a/hw/vga-pci.c b/hw/vga-pci.c
deleted file mode 100644
index 947e35c76..000000000
--- a/hw/vga-pci.c
+++ /dev/null
@@ -1,215 +0,0 @@
-/*
- * QEMU PCI VGA Emulator.
- *
- * see docs/specs/standard-vga.txt for virtual hardware specs.
- *
- * Copyright (c) 2003 Fabrice Bellard
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
- * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
- * THE SOFTWARE.
- */
-#include "hw.h"
-#include "console.h"
-#include "pci.h"
-#include "vga_int.h"
-#include "pixel_ops.h"
-#include "qemu-timer.h"
-#include "loader.h"
-
-#define PCI_VGA_IOPORT_OFFSET 0x400
-#define PCI_VGA_IOPORT_SIZE (0x3e0 - 0x3c0)
-#define PCI_VGA_BOCHS_OFFSET 0x500
-#define PCI_VGA_BOCHS_SIZE (0x0b * 2)
-#define PCI_VGA_MMIO_SIZE 0x1000
-
-enum vga_pci_flags {
- PCI_VGA_FLAG_ENABLE_MMIO = 1,
-};
-
-typedef struct PCIVGAState {
- PCIDevice dev;
- VGACommonState vga;
- uint32_t flags;
- MemoryRegion mmio;
- MemoryRegion ioport;
- MemoryRegion bochs;
-} PCIVGAState;
-
-static const VMStateDescription vmstate_vga_pci = {
- .name = "vga",
- .version_id = 2,
- .minimum_version_id = 2,
- .minimum_version_id_old = 2,
- .fields = (VMStateField []) {
- VMSTATE_PCI_DEVICE(dev, PCIVGAState),
- VMSTATE_STRUCT(vga, PCIVGAState, 0, vmstate_vga_common, VGACommonState),
- VMSTATE_END_OF_LIST()
- }
-};
-
-static uint64_t pci_vga_ioport_read(void *ptr, hwaddr addr,
- unsigned size)
-{
- PCIVGAState *d = ptr;
- uint64_t ret = 0;
-
- switch (size) {
- case 1:
- ret = vga_ioport_read(&d->vga, addr);
- break;
- case 2:
- ret = vga_ioport_read(&d->vga, addr);
- ret |= vga_ioport_read(&d->vga, addr+1) << 8;
- break;
- }
- return ret;
-}
-
-static void pci_vga_ioport_write(void *ptr, hwaddr addr,
- uint64_t val, unsigned size)
-{
- PCIVGAState *d = ptr;
-
- switch (size) {
- case 1:
- vga_ioport_write(&d->vga, addr + 0x3c0, val);
- break;
- case 2:
- /*
- * Update bytes in little endian order. Allows to update
- * indexed registers with a single word write because the
- * index byte is updated first.
- */
- vga_ioport_write(&d->vga, addr + 0x3c0, val & 0xff);
- vga_ioport_write(&d->vga, addr + 0x3c1, (val >> 8) & 0xff);
- break;
- }
-}
-
-static const MemoryRegionOps pci_vga_ioport_ops = {
- .read = pci_vga_ioport_read,
- .write = pci_vga_ioport_write,
- .valid.min_access_size = 1,
- .valid.max_access_size = 4,
- .impl.min_access_size = 1,
- .impl.max_access_size = 2,
- .endianness = DEVICE_LITTLE_ENDIAN,
-};
-
-static uint64_t pci_vga_bochs_read(void *ptr, hwaddr addr,
- unsigned size)
-{
- PCIVGAState *d = ptr;
- int index = addr >> 1;
-
- vbe_ioport_write_index(&d->vga, 0, index);
- return vbe_ioport_read_data(&d->vga, 0);
-}
-
-static void pci_vga_bochs_write(void *ptr, hwaddr addr,
- uint64_t val, unsigned size)
-{
- PCIVGAState *d = ptr;
- int index = addr >> 1;
-
- vbe_ioport_write_index(&d->vga, 0, index);
- vbe_ioport_write_data(&d->vga, 0, val);
-}
-
-static const MemoryRegionOps pci_vga_bochs_ops = {
- .read = pci_vga_bochs_read,
- .write = pci_vga_bochs_write,
- .valid.min_access_size = 1,
- .valid.max_access_size = 4,
- .impl.min_access_size = 2,
- .impl.max_access_size = 2,
- .endianness = DEVICE_LITTLE_ENDIAN,
-};
-
-static int pci_std_vga_initfn(PCIDevice *dev)
-{
- PCIVGAState *d = DO_UPCAST(PCIVGAState, dev, dev);
- VGACommonState *s = &d->vga;
-
- /* vga + console init */
- vga_common_init(s);
- vga_init(s, pci_address_space(dev), pci_address_space_io(dev), true);
-
- s->ds = graphic_console_init(s->update, s->invalidate,
- s->screen_dump, s->text_update, s);
-
- /* XXX: VGA_RAM_SIZE must be a power of two */
- pci_register_bar(&d->dev, 0, PCI_BASE_ADDRESS_MEM_PREFETCH, &s->vram);
-
- /* mmio bar for vga register access */
- if (d->flags & (1 << PCI_VGA_FLAG_ENABLE_MMIO)) {
- memory_region_init(&d->mmio, "vga.mmio", 4096);
- memory_region_init_io(&d->ioport, &pci_vga_ioport_ops, d,
- "vga ioports remapped", PCI_VGA_IOPORT_SIZE);
- memory_region_init_io(&d->bochs, &pci_vga_bochs_ops, d,
- "bochs dispi interface", PCI_VGA_BOCHS_SIZE);
-
- memory_region_add_subregion(&d->mmio, PCI_VGA_IOPORT_OFFSET,
- &d->ioport);
- memory_region_add_subregion(&d->mmio, PCI_VGA_BOCHS_OFFSET,
- &d->bochs);
- pci_register_bar(&d->dev, 2, PCI_BASE_ADDRESS_SPACE_MEMORY, &d->mmio);
- }
-
- if (!dev->rom_bar) {
- /* compatibility with pc-0.13 and older */
- vga_init_vbe(s, pci_address_space(dev));
- }
-
- return 0;
-}
-
-static Property vga_pci_properties[] = {
- DEFINE_PROP_UINT32("vgamem_mb", PCIVGAState, vga.vram_size_mb, 16),
- DEFINE_PROP_BIT("mmio", PCIVGAState, flags, PCI_VGA_FLAG_ENABLE_MMIO, true),
- DEFINE_PROP_END_OF_LIST(),
-};
-
-static void vga_class_init(ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS(klass);
- PCIDeviceClass *k = PCI_DEVICE_CLASS(klass);
-
- k->no_hotplug = 1;
- k->init = pci_std_vga_initfn;
- k->romfile = "vgabios-stdvga.bin";
- k->vendor_id = PCI_VENDOR_ID_QEMU;
- k->device_id = PCI_DEVICE_ID_QEMU_VGA;
- k->class_id = PCI_CLASS_DISPLAY_VGA;
- dc->vmsd = &vmstate_vga_pci;
- dc->props = vga_pci_properties;
-}
-
-static TypeInfo vga_info = {
- .name = "VGA",
- .parent = TYPE_PCI_DEVICE,
- .instance_size = sizeof(PCIVGAState),
- .class_init = vga_class_init,
-};
-
-static void vga_register_types(void)
-{
- type_register_static(&vga_info);
-}
-
-type_init(vga_register_types)
diff --git a/hw/vga.c b/hw/vga.c
deleted file mode 100644
index 2b0200a16..000000000
--- a/hw/vga.c
+++ /dev/null
@@ -1,2450 +0,0 @@
-/*
- * QEMU VGA Emulator.
- *
- * Copyright (c) 2003 Fabrice Bellard
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
- * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
- * THE SOFTWARE.
- */
-#include "hw.h"
-#include "vga.h"
-#include "console.h"
-#include "pc.h"
-#include "pci.h"
-#include "vga_int.h"
-#include "pixel_ops.h"
-#include "qemu-timer.h"
-#include "xen.h"
-#include "trace.h"
-
-//#define DEBUG_VGA
-//#define DEBUG_VGA_MEM
-//#define DEBUG_VGA_REG
-
-//#define DEBUG_BOCHS_VBE
-
-/* 16 state changes per vertical frame @60 Hz */
-#define VGA_TEXT_CURSOR_PERIOD_MS (1000 * 2 * 16 / 60)
-
-/*
- * Video Graphics Array (VGA)
- *
- * Chipset docs for original IBM VGA:
- * http://www.mcamafia.de/pdf/ibm_vgaxga_trm2.pdf
- *
- * FreeVGA site:
- * http://www.osdever.net/FreeVGA/home.htm
- *
- * Standard VGA features and Bochs VBE extensions are implemented.
- */
-
-/* force some bits to zero */
-const uint8_t sr_mask[8] = {
- 0x03,
- 0x3d,
- 0x0f,
- 0x3f,
- 0x0e,
- 0x00,
- 0x00,
- 0xff,
-};
-
-const uint8_t gr_mask[16] = {
- 0x0f, /* 0x00 */
- 0x0f, /* 0x01 */
- 0x0f, /* 0x02 */
- 0x1f, /* 0x03 */
- 0x03, /* 0x04 */
- 0x7b, /* 0x05 */
- 0x0f, /* 0x06 */
- 0x0f, /* 0x07 */
- 0xff, /* 0x08 */
- 0x00, /* 0x09 */
- 0x00, /* 0x0a */
- 0x00, /* 0x0b */
- 0x00, /* 0x0c */
- 0x00, /* 0x0d */
- 0x00, /* 0x0e */
- 0x00, /* 0x0f */
-};
-
-#define cbswap_32(__x) \
-((uint32_t)( \
- (((uint32_t)(__x) & (uint32_t)0x000000ffUL) << 24) | \
- (((uint32_t)(__x) & (uint32_t)0x0000ff00UL) << 8) | \
- (((uint32_t)(__x) & (uint32_t)0x00ff0000UL) >> 8) | \
- (((uint32_t)(__x) & (uint32_t)0xff000000UL) >> 24) ))
-
-#ifdef HOST_WORDS_BIGENDIAN
-#define PAT(x) cbswap_32(x)
-#else
-#define PAT(x) (x)
-#endif
-
-#ifdef HOST_WORDS_BIGENDIAN
-#define BIG 1
-#else
-#define BIG 0
-#endif
-
-#ifdef HOST_WORDS_BIGENDIAN
-#define GET_PLANE(data, p) (((data) >> (24 - (p) * 8)) & 0xff)
-#else
-#define GET_PLANE(data, p) (((data) >> ((p) * 8)) & 0xff)
-#endif
-
-static const uint32_t mask16[16] = {
- PAT(0x00000000),
- PAT(0x000000ff),
- PAT(0x0000ff00),
- PAT(0x0000ffff),
- PAT(0x00ff0000),
- PAT(0x00ff00ff),
- PAT(0x00ffff00),
- PAT(0x00ffffff),
- PAT(0xff000000),
- PAT(0xff0000ff),
- PAT(0xff00ff00),
- PAT(0xff00ffff),
- PAT(0xffff0000),
- PAT(0xffff00ff),
- PAT(0xffffff00),
- PAT(0xffffffff),
-};
-
-#undef PAT
-
-#ifdef HOST_WORDS_BIGENDIAN
-#define PAT(x) (x)
-#else
-#define PAT(x) cbswap_32(x)
-#endif
-
-static const uint32_t dmask16[16] = {
- PAT(0x00000000),
- PAT(0x000000ff),
- PAT(0x0000ff00),
- PAT(0x0000ffff),
- PAT(0x00ff0000),
- PAT(0x00ff00ff),
- PAT(0x00ffff00),
- PAT(0x00ffffff),
- PAT(0xff000000),
- PAT(0xff0000ff),
- PAT(0xff00ff00),
- PAT(0xff00ffff),
- PAT(0xffff0000),
- PAT(0xffff00ff),
- PAT(0xffffff00),
- PAT(0xffffffff),
-};
-
-static const uint32_t dmask4[4] = {
- PAT(0x00000000),
- PAT(0x0000ffff),
- PAT(0xffff0000),
- PAT(0xffffffff),
-};
-
-static uint32_t expand4[256];
-static uint16_t expand2[256];
-static uint8_t expand4to8[16];
-
-static void vga_screen_dump(void *opaque, const char *filename, bool cswitch,
- Error **errp);
-
-static void vga_update_memory_access(VGACommonState *s)
-{
- MemoryRegion *region, *old_region = s->chain4_alias;
- hwaddr base, offset, size;
-
- s->chain4_alias = NULL;
-
- if ((s->sr[VGA_SEQ_PLANE_WRITE] & VGA_SR02_ALL_PLANES) ==
- VGA_SR02_ALL_PLANES && s->sr[VGA_SEQ_MEMORY_MODE] & VGA_SR04_CHN_4M) {
- offset = 0;
- switch ((s->gr[VGA_GFX_MISC] >> 2) & 3) {
- case 0:
- base = 0xa0000;
- size = 0x20000;
- break;
- case 1:
- base = 0xa0000;
- size = 0x10000;
- offset = s->bank_offset;
- break;
- case 2:
- base = 0xb0000;
- size = 0x8000;
- break;
- case 3:
- default:
- base = 0xb8000;
- size = 0x8000;
- break;
- }
- base += isa_mem_base;
- region = g_malloc(sizeof(*region));
- memory_region_init_alias(region, "vga.chain4", &s->vram, offset, size);
- memory_region_add_subregion_overlap(s->legacy_address_space, base,
- region, 2);
- s->chain4_alias = region;
- }
- if (old_region) {
- memory_region_del_subregion(s->legacy_address_space, old_region);
- memory_region_destroy(old_region);
- g_free(old_region);
- s->plane_updated = 0xf;
- }
-}
-
-static void vga_dumb_update_retrace_info(VGACommonState *s)
-{
- (void) s;
-}
-
-static void vga_precise_update_retrace_info(VGACommonState *s)
-{
- int htotal_chars;
- int hretr_start_char;
- int hretr_skew_chars;
- int hretr_end_char;
-
- int vtotal_lines;
- int vretr_start_line;
- int vretr_end_line;
-
- int dots;
-#if 0
- int div2, sldiv2;
-#endif
- int clocking_mode;
- int clock_sel;
- const int clk_hz[] = {25175000, 28322000, 25175000, 25175000};
- int64_t chars_per_sec;
- struct vga_precise_retrace *r = &s->retrace_info.precise;
-
- htotal_chars = s->cr[VGA_CRTC_H_TOTAL] + 5;
- hretr_start_char = s->cr[VGA_CRTC_H_SYNC_START];
- hretr_skew_chars = (s->cr[VGA_CRTC_H_SYNC_END] >> 5) & 3;
- hretr_end_char = s->cr[VGA_CRTC_H_SYNC_END] & 0x1f;
-
- vtotal_lines = (s->cr[VGA_CRTC_V_TOTAL] |
- (((s->cr[VGA_CRTC_OVERFLOW] & 1) |
- ((s->cr[VGA_CRTC_OVERFLOW] >> 4) & 2)) << 8)) + 2;
- vretr_start_line = s->cr[VGA_CRTC_V_SYNC_START] |
- ((((s->cr[VGA_CRTC_OVERFLOW] >> 2) & 1) |
- ((s->cr[VGA_CRTC_OVERFLOW] >> 6) & 2)) << 8);
- vretr_end_line = s->cr[VGA_CRTC_V_SYNC_END] & 0xf;
-
- clocking_mode = (s->sr[VGA_SEQ_CLOCK_MODE] >> 3) & 1;
- clock_sel = (s->msr >> 2) & 3;
- dots = (s->msr & 1) ? 8 : 9;
-
- chars_per_sec = clk_hz[clock_sel] / dots;
-
- htotal_chars <<= clocking_mode;
-
- r->total_chars = vtotal_lines * htotal_chars;
- if (r->freq) {
- r->ticks_per_char = get_ticks_per_sec() / (r->total_chars * r->freq);
- } else {
- r->ticks_per_char = get_ticks_per_sec() / chars_per_sec;
- }
-
- r->vstart = vretr_start_line;
- r->vend = r->vstart + vretr_end_line + 1;
-
- r->hstart = hretr_start_char + hretr_skew_chars;
- r->hend = r->hstart + hretr_end_char + 1;
- r->htotal = htotal_chars;
-
-#if 0
- div2 = (s->cr[VGA_CRTC_MODE] >> 2) & 1;
- sldiv2 = (s->cr[VGA_CRTC_MODE] >> 3) & 1;
- printf (
- "hz=%f\n"
- "htotal = %d\n"
- "hretr_start = %d\n"
- "hretr_skew = %d\n"
- "hretr_end = %d\n"
- "vtotal = %d\n"
- "vretr_start = %d\n"
- "vretr_end = %d\n"
- "div2 = %d sldiv2 = %d\n"
- "clocking_mode = %d\n"
- "clock_sel = %d %d\n"
- "dots = %d\n"
- "ticks/char = %" PRId64 "\n"
- "\n",
- (double) get_ticks_per_sec() / (r->ticks_per_char * r->total_chars),
- htotal_chars,
- hretr_start_char,
- hretr_skew_chars,
- hretr_end_char,
- vtotal_lines,
- vretr_start_line,
- vretr_end_line,
- div2, sldiv2,
- clocking_mode,
- clock_sel,
- clk_hz[clock_sel],
- dots,
- r->ticks_per_char
- );
-#endif
-}
-
-static uint8_t vga_precise_retrace(VGACommonState *s)
-{
- struct vga_precise_retrace *r = &s->retrace_info.precise;
- uint8_t val = s->st01 & ~(ST01_V_RETRACE | ST01_DISP_ENABLE);
-
- if (r->total_chars) {
- int cur_line, cur_line_char, cur_char;
- int64_t cur_tick;
-
- cur_tick = qemu_get_clock_ns(vm_clock);
-
- cur_char = (cur_tick / r->ticks_per_char) % r->total_chars;
- cur_line = cur_char / r->htotal;
-
- if (cur_line >= r->vstart && cur_line <= r->vend) {
- val |= ST01_V_RETRACE | ST01_DISP_ENABLE;
- } else {
- cur_line_char = cur_char % r->htotal;
- if (cur_line_char >= r->hstart && cur_line_char <= r->hend) {
- val |= ST01_DISP_ENABLE;
- }
- }
-
- return val;
- } else {
- return s->st01 ^ (ST01_V_RETRACE | ST01_DISP_ENABLE);
- }
-}
-
-static uint8_t vga_dumb_retrace(VGACommonState *s)
-{
- return s->st01 ^ (ST01_V_RETRACE | ST01_DISP_ENABLE);
-}
-
-int vga_ioport_invalid(VGACommonState *s, uint32_t addr)
-{
- if (s->msr & VGA_MIS_COLOR) {
- /* Color */
- return (addr >= 0x3b0 && addr <= 0x3bf);
- } else {
- /* Monochrome */
- return (addr >= 0x3d0 && addr <= 0x3df);
- }
-}
-
-uint32_t vga_ioport_read(void *opaque, uint32_t addr)
-{
- VGACommonState *s = opaque;
- int val, index;
-
- qemu_flush_coalesced_mmio_buffer();
-
- if (vga_ioport_invalid(s, addr)) {
- val = 0xff;
- } else {
- switch(addr) {
- case VGA_ATT_W:
- if (s->ar_flip_flop == 0) {
- val = s->ar_index;
- } else {
- val = 0;
- }
- break;
- case VGA_ATT_R:
- index = s->ar_index & 0x1f;
- if (index < VGA_ATT_C) {
- val = s->ar[index];
- } else {
- val = 0;
- }
- break;
- case VGA_MIS_W:
- val = s->st00;
- break;
- case VGA_SEQ_I:
- val = s->sr_index;
- break;
- case VGA_SEQ_D:
- val = s->sr[s->sr_index];
-#ifdef DEBUG_VGA_REG
- printf("vga: read SR%x = 0x%02x\n", s->sr_index, val);
-#endif
- break;
- case VGA_PEL_IR:
- val = s->dac_state;
- break;
- case VGA_PEL_IW:
- val = s->dac_write_index;
- break;
- case VGA_PEL_D:
- val = s->palette[s->dac_read_index * 3 + s->dac_sub_index];
- if (++s->dac_sub_index == 3) {
- s->dac_sub_index = 0;
- s->dac_read_index++;
- }
- break;
- case VGA_FTC_R:
- val = s->fcr;
- break;
- case VGA_MIS_R:
- val = s->msr;
- break;
- case VGA_GFX_I:
- val = s->gr_index;
- break;
- case VGA_GFX_D:
- val = s->gr[s->gr_index];
-#ifdef DEBUG_VGA_REG
- printf("vga: read GR%x = 0x%02x\n", s->gr_index, val);
-#endif
- break;
- case VGA_CRT_IM:
- case VGA_CRT_IC:
- val = s->cr_index;
- break;
- case VGA_CRT_DM:
- case VGA_CRT_DC:
- val = s->cr[s->cr_index];
-#ifdef DEBUG_VGA_REG
- printf("vga: read CR%x = 0x%02x\n", s->cr_index, val);
-#endif
- break;
- case VGA_IS1_RM:
- case VGA_IS1_RC:
- /* just toggle to fool polling */
- val = s->st01 = s->retrace(s);
- s->ar_flip_flop = 0;
- break;
- default:
- val = 0x00;
- break;
- }
- }
-#if defined(DEBUG_VGA)
- printf("VGA: read addr=0x%04x data=0x%02x\n", addr, val);
-#endif
- return val;
-}
-
-void vga_ioport_write(void *opaque, uint32_t addr, uint32_t val)
-{
- VGACommonState *s = opaque;
- int index;
-
- qemu_flush_coalesced_mmio_buffer();
-
- /* check port range access depending on color/monochrome mode */
- if (vga_ioport_invalid(s, addr)) {
- return;
- }
-#ifdef DEBUG_VGA
- printf("VGA: write addr=0x%04x data=0x%02x\n", addr, val);
-#endif
-
- switch(addr) {
- case VGA_ATT_W:
- if (s->ar_flip_flop == 0) {
- val &= 0x3f;
- s->ar_index = val;
- } else {
- index = s->ar_index & 0x1f;
- switch(index) {
- case VGA_ATC_PALETTE0 ... VGA_ATC_PALETTEF:
- s->ar[index] = val & 0x3f;
- break;
- case VGA_ATC_MODE:
- s->ar[index] = val & ~0x10;
- break;
- case VGA_ATC_OVERSCAN:
- s->ar[index] = val;
- break;
- case VGA_ATC_PLANE_ENABLE:
- s->ar[index] = val & ~0xc0;
- break;
- case VGA_ATC_PEL:
- s->ar[index] = val & ~0xf0;
- break;
- case VGA_ATC_COLOR_PAGE:
- s->ar[index] = val & ~0xf0;
- break;
- default:
- break;
- }
- }
- s->ar_flip_flop ^= 1;
- break;
- case VGA_MIS_W:
- s->msr = val & ~0x10;
- s->update_retrace_info(s);
- break;
- case VGA_SEQ_I:
- s->sr_index = val & 7;
- break;
- case VGA_SEQ_D:
-#ifdef DEBUG_VGA_REG
- printf("vga: write SR%x = 0x%02x\n", s->sr_index, val);
-#endif
- s->sr[s->sr_index] = val & sr_mask[s->sr_index];
- if (s->sr_index == VGA_SEQ_CLOCK_MODE) {
- s->update_retrace_info(s);
- }
- vga_update_memory_access(s);
- break;
- case VGA_PEL_IR:
- s->dac_read_index = val;
- s->dac_sub_index = 0;
- s->dac_state = 3;
- break;
- case VGA_PEL_IW:
- s->dac_write_index = val;
- s->dac_sub_index = 0;
- s->dac_state = 0;
- break;
- case VGA_PEL_D:
- s->dac_cache[s->dac_sub_index] = val;
- if (++s->dac_sub_index == 3) {
- memcpy(&s->palette[s->dac_write_index * 3], s->dac_cache, 3);
- s->dac_sub_index = 0;
- s->dac_write_index++;
- }
- break;
- case VGA_GFX_I:
- s->gr_index = val & 0x0f;
- break;
- case VGA_GFX_D:
-#ifdef DEBUG_VGA_REG
- printf("vga: write GR%x = 0x%02x\n", s->gr_index, val);
-#endif
- s->gr[s->gr_index] = val & gr_mask[s->gr_index];
- vga_update_memory_access(s);
- break;
- case VGA_CRT_IM:
- case VGA_CRT_IC:
- s->cr_index = val;
- break;
- case VGA_CRT_DM:
- case VGA_CRT_DC:
-#ifdef DEBUG_VGA_REG
- printf("vga: write CR%x = 0x%02x\n", s->cr_index, val);
-#endif
- /* handle CR0-7 protection */
- if ((s->cr[VGA_CRTC_V_SYNC_END] & VGA_CR11_LOCK_CR0_CR7) &&
- s->cr_index <= VGA_CRTC_OVERFLOW) {
- /* can always write bit 4 of CR7 */
- if (s->cr_index == VGA_CRTC_OVERFLOW) {
- s->cr[VGA_CRTC_OVERFLOW] = (s->cr[VGA_CRTC_OVERFLOW] & ~0x10) |
- (val & 0x10);
- }
- return;
- }
- s->cr[s->cr_index] = val;
-
- switch(s->cr_index) {
- case VGA_CRTC_H_TOTAL:
- case VGA_CRTC_H_SYNC_START:
- case VGA_CRTC_H_SYNC_END:
- case VGA_CRTC_V_TOTAL:
- case VGA_CRTC_OVERFLOW:
- case VGA_CRTC_V_SYNC_END:
- case VGA_CRTC_MODE:
- s->update_retrace_info(s);
- break;
- }
- break;
- case VGA_IS1_RM:
- case VGA_IS1_RC:
- s->fcr = val & 0x10;
- break;
- }
-}
-
-static uint32_t vbe_ioport_read_index(void *opaque, uint32_t addr)
-{
- VGACommonState *s = opaque;
- uint32_t val;
- val = s->vbe_index;
- return val;
-}
-
-uint32_t vbe_ioport_read_data(void *opaque, uint32_t addr)
-{
- VGACommonState *s = opaque;
- uint32_t val;
-
- if (s->vbe_index < VBE_DISPI_INDEX_NB) {
- if (s->vbe_regs[VBE_DISPI_INDEX_ENABLE] & VBE_DISPI_GETCAPS) {
- switch(s->vbe_index) {
- /* XXX: do not hardcode ? */
- case VBE_DISPI_INDEX_XRES:
- val = VBE_DISPI_MAX_XRES;
- break;
- case VBE_DISPI_INDEX_YRES:
- val = VBE_DISPI_MAX_YRES;
- break;
- case VBE_DISPI_INDEX_BPP:
- val = VBE_DISPI_MAX_BPP;
- break;
- default:
- val = s->vbe_regs[s->vbe_index];
- break;
- }
- } else {
- val = s->vbe_regs[s->vbe_index];
- }
- } else if (s->vbe_index == VBE_DISPI_INDEX_VIDEO_MEMORY_64K) {
- val = s->vram_size / (64 * 1024);
- } else {
- val = 0;
- }
-#ifdef DEBUG_BOCHS_VBE
- printf("VBE: read index=0x%x val=0x%x\n", s->vbe_index, val);
-#endif
- return val;
-}
-
-void vbe_ioport_write_index(void *opaque, uint32_t addr, uint32_t val)
-{
- VGACommonState *s = opaque;
- s->vbe_index = val;
-}
-
-void vbe_ioport_write_data(void *opaque, uint32_t addr, uint32_t val)
-{
- VGACommonState *s = opaque;
-
- if (s->vbe_index <= VBE_DISPI_INDEX_NB) {
-#ifdef DEBUG_BOCHS_VBE
- printf("VBE: write index=0x%x val=0x%x\n", s->vbe_index, val);
-#endif
- switch(s->vbe_index) {
- case VBE_DISPI_INDEX_ID:
- if (val == VBE_DISPI_ID0 ||
- val == VBE_DISPI_ID1 ||
- val == VBE_DISPI_ID2 ||
- val == VBE_DISPI_ID3 ||
- val == VBE_DISPI_ID4) {
- s->vbe_regs[s->vbe_index] = val;
- }
- break;
- case VBE_DISPI_INDEX_XRES:
- if ((val <= VBE_DISPI_MAX_XRES) && ((val & 7) == 0)) {
- s->vbe_regs[s->vbe_index] = val;
- }
- break;
- case VBE_DISPI_INDEX_YRES:
- if (val <= VBE_DISPI_MAX_YRES) {
- s->vbe_regs[s->vbe_index] = val;
- }
- break;
- case VBE_DISPI_INDEX_BPP:
- if (val == 0)
- val = 8;
- if (val == 4 || val == 8 || val == 15 ||
- val == 16 || val == 24 || val == 32) {
- s->vbe_regs[s->vbe_index] = val;
- }
- break;
- case VBE_DISPI_INDEX_BANK:
- if (s->vbe_regs[VBE_DISPI_INDEX_BPP] == 4) {
- val &= (s->vbe_bank_mask >> 2);
- } else {
- val &= s->vbe_bank_mask;
- }
- s->vbe_regs[s->vbe_index] = val;
- s->bank_offset = (val << 16);
- vga_update_memory_access(s);
- break;
- case VBE_DISPI_INDEX_ENABLE:
- if ((val & VBE_DISPI_ENABLED) &&
- !(s->vbe_regs[VBE_DISPI_INDEX_ENABLE] & VBE_DISPI_ENABLED)) {
- int h, shift_control;
-
- s->vbe_regs[VBE_DISPI_INDEX_VIRT_WIDTH] =
- s->vbe_regs[VBE_DISPI_INDEX_XRES];
- s->vbe_regs[VBE_DISPI_INDEX_VIRT_HEIGHT] =
- s->vbe_regs[VBE_DISPI_INDEX_YRES];
- s->vbe_regs[VBE_DISPI_INDEX_X_OFFSET] = 0;
- s->vbe_regs[VBE_DISPI_INDEX_Y_OFFSET] = 0;
-
- if (s->vbe_regs[VBE_DISPI_INDEX_BPP] == 4)
- s->vbe_line_offset = s->vbe_regs[VBE_DISPI_INDEX_XRES] >> 1;
- else
- s->vbe_line_offset = s->vbe_regs[VBE_DISPI_INDEX_XRES] *
- ((s->vbe_regs[VBE_DISPI_INDEX_BPP] + 7) >> 3);
- s->vbe_start_addr = 0;
-
- /* clear the screen (should be done in BIOS) */
- if (!(val & VBE_DISPI_NOCLEARMEM)) {
- memset(s->vram_ptr, 0,
- s->vbe_regs[VBE_DISPI_INDEX_YRES] * s->vbe_line_offset);
- }
-
- /* we initialize the VGA graphic mode (should be done
- in BIOS) */
- /* graphic mode + memory map 1 */
- s->gr[VGA_GFX_MISC] = (s->gr[VGA_GFX_MISC] & ~0x0c) | 0x04 |
- VGA_GR06_GRAPHICS_MODE;
- s->cr[VGA_CRTC_MODE] |= 3; /* no CGA modes */
- s->cr[VGA_CRTC_OFFSET] = s->vbe_line_offset >> 3;
- /* width */
- s->cr[VGA_CRTC_H_DISP] =
- (s->vbe_regs[VBE_DISPI_INDEX_XRES] >> 3) - 1;
- /* height (only meaningful if < 1024) */
- h = s->vbe_regs[VBE_DISPI_INDEX_YRES] - 1;
- s->cr[VGA_CRTC_V_DISP_END] = h;
- s->cr[VGA_CRTC_OVERFLOW] = (s->cr[VGA_CRTC_OVERFLOW] & ~0x42) |
- ((h >> 7) & 0x02) | ((h >> 3) & 0x40);
- /* line compare to 1023 */
- s->cr[VGA_CRTC_LINE_COMPARE] = 0xff;
- s->cr[VGA_CRTC_OVERFLOW] |= 0x10;
- s->cr[VGA_CRTC_MAX_SCAN] |= 0x40;
-
- if (s->vbe_regs[VBE_DISPI_INDEX_BPP] == 4) {
- shift_control = 0;
- s->sr[VGA_SEQ_CLOCK_MODE] &= ~8; /* no double line */
- } else {
- shift_control = 2;
- /* set chain 4 mode */
- s->sr[VGA_SEQ_MEMORY_MODE] |= VGA_SR04_CHN_4M;
- /* activate all planes */
- s->sr[VGA_SEQ_PLANE_WRITE] |= VGA_SR02_ALL_PLANES;
- }
- s->gr[VGA_GFX_MODE] = (s->gr[VGA_GFX_MODE] & ~0x60) |
- (shift_control << 5);
- s->cr[VGA_CRTC_MAX_SCAN] &= ~0x9f; /* no double scan */
- } else {
- /* XXX: the bios should do that */
- s->bank_offset = 0;
- }
- s->dac_8bit = (val & VBE_DISPI_8BIT_DAC) > 0;
- s->vbe_regs[s->vbe_index] = val;
- vga_update_memory_access(s);
- break;
- case VBE_DISPI_INDEX_VIRT_WIDTH:
- {
- int w, h, line_offset;
-
- if (val < s->vbe_regs[VBE_DISPI_INDEX_XRES])
- return;
- w = val;
- if (s->vbe_regs[VBE_DISPI_INDEX_BPP] == 4)
- line_offset = w >> 1;
- else
- line_offset = w * ((s->vbe_regs[VBE_DISPI_INDEX_BPP] + 7) >> 3);
- h = s->vram_size / line_offset;
- /* XXX: support weird bochs semantics ? */
- if (h < s->vbe_regs[VBE_DISPI_INDEX_YRES])
- return;
- s->vbe_regs[VBE_DISPI_INDEX_VIRT_WIDTH] = w;
- s->vbe_regs[VBE_DISPI_INDEX_VIRT_HEIGHT] = h;
- s->vbe_line_offset = line_offset;
- }
- break;
- case VBE_DISPI_INDEX_X_OFFSET:
- case VBE_DISPI_INDEX_Y_OFFSET:
- {
- int x;
- s->vbe_regs[s->vbe_index] = val;
- s->vbe_start_addr = s->vbe_line_offset * s->vbe_regs[VBE_DISPI_INDEX_Y_OFFSET];
- x = s->vbe_regs[VBE_DISPI_INDEX_X_OFFSET];
- if (s->vbe_regs[VBE_DISPI_INDEX_BPP] == 4)
- s->vbe_start_addr += x >> 1;
- else
- s->vbe_start_addr += x * ((s->vbe_regs[VBE_DISPI_INDEX_BPP] + 7) >> 3);
- s->vbe_start_addr >>= 2;
- }
- break;
- default:
- break;
- }
- }
-}
-
-/* called for accesses between 0xa0000 and 0xc0000 */
-uint32_t vga_mem_readb(VGACommonState *s, hwaddr addr)
-{
- int memory_map_mode, plane;
- uint32_t ret;
-
- /* convert to VGA memory offset */
- memory_map_mode = (s->gr[VGA_GFX_MISC] >> 2) & 3;
- addr &= 0x1ffff;
- switch(memory_map_mode) {
- case 0:
- break;
- case 1:
- if (addr >= 0x10000)
- return 0xff;
- addr += s->bank_offset;
- break;
- case 2:
- addr -= 0x10000;
- if (addr >= 0x8000)
- return 0xff;
- break;
- default:
- case 3:
- addr -= 0x18000;
- if (addr >= 0x8000)
- return 0xff;
- break;
- }
-
- if (s->sr[VGA_SEQ_MEMORY_MODE] & VGA_SR04_CHN_4M) {
- /* chain 4 mode : simplest access */
- ret = s->vram_ptr[addr];
- } else if (s->gr[VGA_GFX_MODE] & 0x10) {
- /* odd/even mode (aka text mode mapping) */
- plane = (s->gr[VGA_GFX_PLANE_READ] & 2) | (addr & 1);
- ret = s->vram_ptr[((addr & ~1) << 1) | plane];
- } else {
- /* standard VGA latched access */
- s->latch = ((uint32_t *)s->vram_ptr)[addr];
-
- if (!(s->gr[VGA_GFX_MODE] & 0x08)) {
- /* read mode 0 */
- plane = s->gr[VGA_GFX_PLANE_READ];
- ret = GET_PLANE(s->latch, plane);
- } else {
- /* read mode 1 */
- ret = (s->latch ^ mask16[s->gr[VGA_GFX_COMPARE_VALUE]]) &
- mask16[s->gr[VGA_GFX_COMPARE_MASK]];
- ret |= ret >> 16;
- ret |= ret >> 8;
- ret = (~ret) & 0xff;
- }
- }
- return ret;
-}
-
-/* called for accesses between 0xa0000 and 0xc0000 */
-void vga_mem_writeb(VGACommonState *s, hwaddr addr, uint32_t val)
-{
- int memory_map_mode, plane, write_mode, b, func_select, mask;
- uint32_t write_mask, bit_mask, set_mask;
-
-#ifdef DEBUG_VGA_MEM
- printf("vga: [0x" TARGET_FMT_plx "] = 0x%02x\n", addr, val);
-#endif
- /* convert to VGA memory offset */
- memory_map_mode = (s->gr[VGA_GFX_MISC] >> 2) & 3;
- addr &= 0x1ffff;
- switch(memory_map_mode) {
- case 0:
- break;
- case 1:
- if (addr >= 0x10000)
- return;
- addr += s->bank_offset;
- break;
- case 2:
- addr -= 0x10000;
- if (addr >= 0x8000)
- return;
- break;
- default:
- case 3:
- addr -= 0x18000;
- if (addr >= 0x8000)
- return;
- break;
- }
-
- if (s->sr[VGA_SEQ_MEMORY_MODE] & VGA_SR04_CHN_4M) {
- /* chain 4 mode : simplest access */
- plane = addr & 3;
- mask = (1 << plane);
- if (s->sr[VGA_SEQ_PLANE_WRITE] & mask) {
- s->vram_ptr[addr] = val;
-#ifdef DEBUG_VGA_MEM
- printf("vga: chain4: [0x" TARGET_FMT_plx "]\n", addr);
-#endif
- s->plane_updated |= mask; /* only used to detect font change */
- memory_region_set_dirty(&s->vram, addr, 1);
- }
- } else if (s->gr[VGA_GFX_MODE] & 0x10) {
- /* odd/even mode (aka text mode mapping) */
- plane = (s->gr[VGA_GFX_PLANE_READ] & 2) | (addr & 1);
- mask = (1 << plane);
- if (s->sr[VGA_SEQ_PLANE_WRITE] & mask) {
- addr = ((addr & ~1) << 1) | plane;
- s->vram_ptr[addr] = val;
-#ifdef DEBUG_VGA_MEM
- printf("vga: odd/even: [0x" TARGET_FMT_plx "]\n", addr);
-#endif
- s->plane_updated |= mask; /* only used to detect font change */
- memory_region_set_dirty(&s->vram, addr, 1);
- }
- } else {
- /* standard VGA latched access */
- write_mode = s->gr[VGA_GFX_MODE] & 3;
- switch(write_mode) {
- default:
- case 0:
- /* rotate */
- b = s->gr[VGA_GFX_DATA_ROTATE] & 7;
- val = ((val >> b) | (val << (8 - b))) & 0xff;
- val |= val << 8;
- val |= val << 16;
-
- /* apply set/reset mask */
- set_mask = mask16[s->gr[VGA_GFX_SR_ENABLE]];
- val = (val & ~set_mask) |
- (mask16[s->gr[VGA_GFX_SR_VALUE]] & set_mask);
- bit_mask = s->gr[VGA_GFX_BIT_MASK];
- break;
- case 1:
- val = s->latch;
- goto do_write;
- case 2:
- val = mask16[val & 0x0f];
- bit_mask = s->gr[VGA_GFX_BIT_MASK];
- break;
- case 3:
- /* rotate */
- b = s->gr[VGA_GFX_DATA_ROTATE] & 7;
- val = (val >> b) | (val << (8 - b));
-
- bit_mask = s->gr[VGA_GFX_BIT_MASK] & val;
- val = mask16[s->gr[VGA_GFX_SR_VALUE]];
- break;
- }
-
- /* apply logical operation */
- func_select = s->gr[VGA_GFX_DATA_ROTATE] >> 3;
- switch(func_select) {
- case 0:
- default:
- /* nothing to do */
- break;
- case 1:
- /* and */
- val &= s->latch;
- break;
- case 2:
- /* or */
- val |= s->latch;
- break;
- case 3:
- /* xor */
- val ^= s->latch;
- break;
- }
-
- /* apply bit mask */
- bit_mask |= bit_mask << 8;
- bit_mask |= bit_mask << 16;
- val = (val & bit_mask) | (s->latch & ~bit_mask);
-
- do_write:
- /* mask data according to sr[2] */
- mask = s->sr[VGA_SEQ_PLANE_WRITE];
- s->plane_updated |= mask; /* only used to detect font change */
- write_mask = mask16[mask];
- ((uint32_t *)s->vram_ptr)[addr] =
- (((uint32_t *)s->vram_ptr)[addr] & ~write_mask) |
- (val & write_mask);
-#ifdef DEBUG_VGA_MEM
- printf("vga: latch: [0x" TARGET_FMT_plx "] mask=0x%08x val=0x%08x\n",
- addr * 4, write_mask, val);
-#endif
- memory_region_set_dirty(&s->vram, addr << 2, sizeof(uint32_t));
- }
-}
-
-typedef void vga_draw_glyph8_func(uint8_t *d, int linesize,
- const uint8_t *font_ptr, int h,
- uint32_t fgcol, uint32_t bgcol);
-typedef void vga_draw_glyph9_func(uint8_t *d, int linesize,
- const uint8_t *font_ptr, int h,
- uint32_t fgcol, uint32_t bgcol, int dup9);
-typedef void vga_draw_line_func(VGACommonState *s1, uint8_t *d,
- const uint8_t *s, int width);
-
-#define DEPTH 8
-#include "vga_template.h"
-
-#define DEPTH 15
-#include "vga_template.h"
-
-#define BGR_FORMAT
-#define DEPTH 15
-#include "vga_template.h"
-
-#define DEPTH 16
-#include "vga_template.h"
-
-#define BGR_FORMAT
-#define DEPTH 16
-#include "vga_template.h"
-
-#define DEPTH 32
-#include "vga_template.h"
-
-#define BGR_FORMAT
-#define DEPTH 32
-#include "vga_template.h"
-
-static unsigned int rgb_to_pixel8_dup(unsigned int r, unsigned int g, unsigned b)
-{
- unsigned int col;
- col = rgb_to_pixel8(r, g, b);
- col |= col << 8;
- col |= col << 16;
- return col;
-}
-
-static unsigned int rgb_to_pixel15_dup(unsigned int r, unsigned int g, unsigned b)
-{
- unsigned int col;
- col = rgb_to_pixel15(r, g, b);
- col |= col << 16;
- return col;
-}
-
-static unsigned int rgb_to_pixel15bgr_dup(unsigned int r, unsigned int g,
- unsigned int b)
-{
- unsigned int col;
- col = rgb_to_pixel15bgr(r, g, b);
- col |= col << 16;
- return col;
-}
-
-static unsigned int rgb_to_pixel16_dup(unsigned int r, unsigned int g, unsigned b)
-{
- unsigned int col;
- col = rgb_to_pixel16(r, g, b);
- col |= col << 16;
- return col;
-}
-
-static unsigned int rgb_to_pixel16bgr_dup(unsigned int r, unsigned int g,
- unsigned int b)
-{
- unsigned int col;
- col = rgb_to_pixel16bgr(r, g, b);
- col |= col << 16;
- return col;
-}
-
-static unsigned int rgb_to_pixel32_dup(unsigned int r, unsigned int g, unsigned b)
-{
- unsigned int col;
- col = rgb_to_pixel32(r, g, b);
- return col;
-}
-
-static unsigned int rgb_to_pixel32bgr_dup(unsigned int r, unsigned int g, unsigned b)
-{
- unsigned int col;
- col = rgb_to_pixel32bgr(r, g, b);
- return col;
-}
-
-/* return true if the palette was modified */
-static int update_palette16(VGACommonState *s)
-{
- int full_update, i;
- uint32_t v, col, *palette;
-
- full_update = 0;
- palette = s->last_palette;
- for(i = 0; i < 16; i++) {
- v = s->ar[i];
- if (s->ar[VGA_ATC_MODE] & 0x80) {
- v = ((s->ar[VGA_ATC_COLOR_PAGE] & 0xf) << 4) | (v & 0xf);
- } else {
- v = ((s->ar[VGA_ATC_COLOR_PAGE] & 0xc) << 4) | (v & 0x3f);
- }
- v = v * 3;
- col = s->rgb_to_pixel(c6_to_8(s->palette[v]),
- c6_to_8(s->palette[v + 1]),
- c6_to_8(s->palette[v + 2]));
- if (col != palette[i]) {
- full_update = 1;
- palette[i] = col;
- }
- }
- return full_update;
-}
-
-/* return true if the palette was modified */
-static int update_palette256(VGACommonState *s)
-{
- int full_update, i;
- uint32_t v, col, *palette;
-
- full_update = 0;
- palette = s->last_palette;
- v = 0;
- for(i = 0; i < 256; i++) {
- if (s->dac_8bit) {
- col = s->rgb_to_pixel(s->palette[v],
- s->palette[v + 1],
- s->palette[v + 2]);
- } else {
- col = s->rgb_to_pixel(c6_to_8(s->palette[v]),
- c6_to_8(s->palette[v + 1]),
- c6_to_8(s->palette[v + 2]));
- }
- if (col != palette[i]) {
- full_update = 1;
- palette[i] = col;
- }
- v += 3;
- }
- return full_update;
-}
-
-static void vga_get_offsets(VGACommonState *s,
- uint32_t *pline_offset,
- uint32_t *pstart_addr,
- uint32_t *pline_compare)
-{
- uint32_t start_addr, line_offset, line_compare;
-
- if (s->vbe_regs[VBE_DISPI_INDEX_ENABLE] & VBE_DISPI_ENABLED) {
- line_offset = s->vbe_line_offset;
- start_addr = s->vbe_start_addr;
- line_compare = 65535;
- } else {
- /* compute line_offset in bytes */
- line_offset = s->cr[VGA_CRTC_OFFSET];
- line_offset <<= 3;
-
- /* starting address */
- start_addr = s->cr[VGA_CRTC_START_LO] |
- (s->cr[VGA_CRTC_START_HI] << 8);
-
- /* line compare */
- line_compare = s->cr[VGA_CRTC_LINE_COMPARE] |
- ((s->cr[VGA_CRTC_OVERFLOW] & 0x10) << 4) |
- ((s->cr[VGA_CRTC_MAX_SCAN] & 0x40) << 3);
- }
- *pline_offset = line_offset;
- *pstart_addr = start_addr;
- *pline_compare = line_compare;
-}
-
-/* update start_addr and line_offset. Return TRUE if modified */
-static int update_basic_params(VGACommonState *s)
-{
- int full_update;
- uint32_t start_addr, line_offset, line_compare;
-
- full_update = 0;
-
- s->get_offsets(s, &line_offset, &start_addr, &line_compare);
-
- if (line_offset != s->line_offset ||
- start_addr != s->start_addr ||
- line_compare != s->line_compare) {
- s->line_offset = line_offset;
- s->start_addr = start_addr;
- s->line_compare = line_compare;
- full_update = 1;
- }
- return full_update;
-}
-
-#define NB_DEPTHS 7
-
-static inline int get_depth_index(DisplayState *s)
-{
- switch(ds_get_bits_per_pixel(s)) {
- default:
- case 8:
- return 0;
- case 15:
- return 1;
- case 16:
- return 2;
- case 32:
- if (is_surface_bgr(s->surface))
- return 4;
- else
- return 3;
- }
-}
-
-static vga_draw_glyph8_func * const vga_draw_glyph8_table[NB_DEPTHS] = {
- vga_draw_glyph8_8,
- vga_draw_glyph8_16,
- vga_draw_glyph8_16,
- vga_draw_glyph8_32,
- vga_draw_glyph8_32,
- vga_draw_glyph8_16,
- vga_draw_glyph8_16,
-};
-
-static vga_draw_glyph8_func * const vga_draw_glyph16_table[NB_DEPTHS] = {
- vga_draw_glyph16_8,
- vga_draw_glyph16_16,
- vga_draw_glyph16_16,
- vga_draw_glyph16_32,
- vga_draw_glyph16_32,
- vga_draw_glyph16_16,
- vga_draw_glyph16_16,
-};
-
-static vga_draw_glyph9_func * const vga_draw_glyph9_table[NB_DEPTHS] = {
- vga_draw_glyph9_8,
- vga_draw_glyph9_16,
- vga_draw_glyph9_16,
- vga_draw_glyph9_32,
- vga_draw_glyph9_32,
- vga_draw_glyph9_16,
- vga_draw_glyph9_16,
-};
-
-static const uint8_t cursor_glyph[32 * 4] = {
- 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
- 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
- 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
- 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
- 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
- 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
- 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
- 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
- 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
- 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
- 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
- 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
- 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
- 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
- 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
- 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
-};
-
-static void vga_get_text_resolution(VGACommonState *s, int *pwidth, int *pheight,
- int *pcwidth, int *pcheight)
-{
- int width, cwidth, height, cheight;
-
- /* total width & height */
- cheight = (s->cr[VGA_CRTC_MAX_SCAN] & 0x1f) + 1;
- cwidth = 8;
- if (!(s->sr[VGA_SEQ_CLOCK_MODE] & VGA_SR01_CHAR_CLK_8DOTS)) {
- cwidth = 9;
- }
- if (s->sr[VGA_SEQ_CLOCK_MODE] & 0x08) {
- cwidth = 16; /* NOTE: no 18 pixel wide */
- }
- width = (s->cr[VGA_CRTC_H_DISP] + 1);
- if (s->cr[VGA_CRTC_V_TOTAL] == 100) {
- /* ugly hack for CGA 160x100x16 - explain me the logic */
- height = 100;
- } else {
- height = s->cr[VGA_CRTC_V_DISP_END] |
- ((s->cr[VGA_CRTC_OVERFLOW] & 0x02) << 7) |
- ((s->cr[VGA_CRTC_OVERFLOW] & 0x40) << 3);
- height = (height + 1) / cheight;
- }
-
- *pwidth = width;
- *pheight = height;
- *pcwidth = cwidth;
- *pcheight = cheight;
-}
-
-typedef unsigned int rgb_to_pixel_dup_func(unsigned int r, unsigned int g, unsigned b);
-
-static rgb_to_pixel_dup_func * const rgb_to_pixel_dup_table[NB_DEPTHS] = {
- rgb_to_pixel8_dup,
- rgb_to_pixel15_dup,
- rgb_to_pixel16_dup,
- rgb_to_pixel32_dup,
- rgb_to_pixel32bgr_dup,
- rgb_to_pixel15bgr_dup,
- rgb_to_pixel16bgr_dup,
-};
-
-/*
- * Text mode update
- * Missing:
- * - double scan
- * - double width
- * - underline
- * - flashing
- */
-static void vga_draw_text(VGACommonState *s, int full_update)
-{
- int cx, cy, cheight, cw, ch, cattr, height, width, ch_attr;
- int cx_min, cx_max, linesize, x_incr, line, line1;
- uint32_t offset, fgcol, bgcol, v, cursor_offset;
- uint8_t *d1, *d, *src, *dest, *cursor_ptr;
- const uint8_t *font_ptr, *font_base[2];
- int dup9, line_offset, depth_index;
- uint32_t *palette;
- uint32_t *ch_attr_ptr;
- vga_draw_glyph8_func *vga_draw_glyph8;
- vga_draw_glyph9_func *vga_draw_glyph9;
- int64_t now = qemu_get_clock_ms(vm_clock);
-
- /* compute font data address (in plane 2) */
- v = s->sr[VGA_SEQ_CHARACTER_MAP];
- offset = (((v >> 4) & 1) | ((v << 1) & 6)) * 8192 * 4 + 2;
- if (offset != s->font_offsets[0]) {
- s->font_offsets[0] = offset;
- full_update = 1;
- }
- font_base[0] = s->vram_ptr + offset;
-
- offset = (((v >> 5) & 1) | ((v >> 1) & 6)) * 8192 * 4 + 2;
- font_base[1] = s->vram_ptr + offset;
- if (offset != s->font_offsets[1]) {
- s->font_offsets[1] = offset;
- full_update = 1;
- }
- if (s->plane_updated & (1 << 2) || s->chain4_alias) {
- /* if the plane 2 was modified since the last display, it
- indicates the font may have been modified */
- s->plane_updated = 0;
- full_update = 1;
- }
- full_update |= update_basic_params(s);
-
- line_offset = s->line_offset;
-
- vga_get_text_resolution(s, &width, &height, &cw, &cheight);
- if ((height * width) <= 1) {
- /* better than nothing: exit if transient size is too small */
- return;
- }
- if ((height * width) > CH_ATTR_SIZE) {
- /* better than nothing: exit if transient size is too big */
- return;
- }
-
- if (width != s->last_width || height != s->last_height ||
- cw != s->last_cw || cheight != s->last_ch || s->last_depth) {
- s->last_scr_width = width * cw;
- s->last_scr_height = height * cheight;
- qemu_console_resize(s->ds, s->last_scr_width, s->last_scr_height);
- dpy_text_resize(s->ds, width, height);
- s->last_depth = 0;
- s->last_width = width;
- s->last_height = height;
- s->last_ch = cheight;
- s->last_cw = cw;
- full_update = 1;
- }
- s->rgb_to_pixel =
- rgb_to_pixel_dup_table[get_depth_index(s->ds)];
- full_update |= update_palette16(s);
- palette = s->last_palette;
- x_incr = cw * ((ds_get_bits_per_pixel(s->ds) + 7) >> 3);
-
- if (full_update) {
- s->full_update_text = 1;
- }
- if (s->full_update_gfx) {
- s->full_update_gfx = 0;
- full_update |= 1;
- }
-
- cursor_offset = ((s->cr[VGA_CRTC_CURSOR_HI] << 8) |
- s->cr[VGA_CRTC_CURSOR_LO]) - s->start_addr;
- if (cursor_offset != s->cursor_offset ||
- s->cr[VGA_CRTC_CURSOR_START] != s->cursor_start ||
- s->cr[VGA_CRTC_CURSOR_END] != s->cursor_end) {
- /* if the cursor position changed, we update the old and new
- chars */
- if (s->cursor_offset < CH_ATTR_SIZE)
- s->last_ch_attr[s->cursor_offset] = -1;
- if (cursor_offset < CH_ATTR_SIZE)
- s->last_ch_attr[cursor_offset] = -1;
- s->cursor_offset = cursor_offset;
- s->cursor_start = s->cr[VGA_CRTC_CURSOR_START];
- s->cursor_end = s->cr[VGA_CRTC_CURSOR_END];
- }
- cursor_ptr = s->vram_ptr + (s->start_addr + cursor_offset) * 4;
- if (now >= s->cursor_blink_time) {
- s->cursor_blink_time = now + VGA_TEXT_CURSOR_PERIOD_MS / 2;
- s->cursor_visible_phase = !s->cursor_visible_phase;
- }
-
- depth_index = get_depth_index(s->ds);
- if (cw == 16)
- vga_draw_glyph8 = vga_draw_glyph16_table[depth_index];
- else
- vga_draw_glyph8 = vga_draw_glyph8_table[depth_index];
- vga_draw_glyph9 = vga_draw_glyph9_table[depth_index];
-
- dest = ds_get_data(s->ds);
- linesize = ds_get_linesize(s->ds);
- ch_attr_ptr = s->last_ch_attr;
- line = 0;
- offset = s->start_addr * 4;
- for(cy = 0; cy < height; cy++) {
- d1 = dest;
- src = s->vram_ptr + offset;
- cx_min = width;
- cx_max = -1;
- for(cx = 0; cx < width; cx++) {
- ch_attr = *(uint16_t *)src;
- if (full_update || ch_attr != *ch_attr_ptr || src == cursor_ptr) {
- if (cx < cx_min)
- cx_min = cx;
- if (cx > cx_max)
- cx_max = cx;
- *ch_attr_ptr = ch_attr;
-#ifdef HOST_WORDS_BIGENDIAN
- ch = ch_attr >> 8;
- cattr = ch_attr & 0xff;
-#else
- ch = ch_attr & 0xff;
- cattr = ch_attr >> 8;
-#endif
- font_ptr = font_base[(cattr >> 3) & 1];
- font_ptr += 32 * 4 * ch;
- bgcol = palette[cattr >> 4];
- fgcol = palette[cattr & 0x0f];
- if (cw != 9) {
- vga_draw_glyph8(d1, linesize,
- font_ptr, cheight, fgcol, bgcol);
- } else {
- dup9 = 0;
- if (ch >= 0xb0 && ch <= 0xdf &&
- (s->ar[VGA_ATC_MODE] & 0x04)) {
- dup9 = 1;
- }
- vga_draw_glyph9(d1, linesize,
- font_ptr, cheight, fgcol, bgcol, dup9);
- }
- if (src == cursor_ptr &&
- !(s->cr[VGA_CRTC_CURSOR_START] & 0x20) &&
- s->cursor_visible_phase) {
- int line_start, line_last, h;
- /* draw the cursor */
- line_start = s->cr[VGA_CRTC_CURSOR_START] & 0x1f;
- line_last = s->cr[VGA_CRTC_CURSOR_END] & 0x1f;
- /* XXX: check that */
- if (line_last > cheight - 1)
- line_last = cheight - 1;
- if (line_last >= line_start && line_start < cheight) {
- h = line_last - line_start + 1;
- d = d1 + linesize * line_start;
- if (cw != 9) {
- vga_draw_glyph8(d, linesize,
- cursor_glyph, h, fgcol, bgcol);
- } else {
- vga_draw_glyph9(d, linesize,
- cursor_glyph, h, fgcol, bgcol, 1);
- }
- }
- }
- }
- d1 += x_incr;
- src += 4;
- ch_attr_ptr++;
- }
- if (cx_max != -1) {
- dpy_gfx_update(s->ds, cx_min * cw, cy * cheight,
- (cx_max - cx_min + 1) * cw, cheight);
- }
- dest += linesize * cheight;
- line1 = line + cheight;
- offset += line_offset;
- if (line < s->line_compare && line1 >= s->line_compare) {
- offset = 0;
- }
- line = line1;
- }
-}
-
-enum {
- VGA_DRAW_LINE2,
- VGA_DRAW_LINE2D2,
- VGA_DRAW_LINE4,
- VGA_DRAW_LINE4D2,
- VGA_DRAW_LINE8D2,
- VGA_DRAW_LINE8,
- VGA_DRAW_LINE15,
- VGA_DRAW_LINE16,
- VGA_DRAW_LINE24,
- VGA_DRAW_LINE32,
- VGA_DRAW_LINE_NB,
-};
-
-static vga_draw_line_func * const vga_draw_line_table[NB_DEPTHS * VGA_DRAW_LINE_NB] = {
- vga_draw_line2_8,
- vga_draw_line2_16,
- vga_draw_line2_16,
- vga_draw_line2_32,
- vga_draw_line2_32,
- vga_draw_line2_16,
- vga_draw_line2_16,
-
- vga_draw_line2d2_8,
- vga_draw_line2d2_16,
- vga_draw_line2d2_16,
- vga_draw_line2d2_32,
- vga_draw_line2d2_32,
- vga_draw_line2d2_16,
- vga_draw_line2d2_16,
-
- vga_draw_line4_8,
- vga_draw_line4_16,
- vga_draw_line4_16,
- vga_draw_line4_32,
- vga_draw_line4_32,
- vga_draw_line4_16,
- vga_draw_line4_16,
-
- vga_draw_line4d2_8,
- vga_draw_line4d2_16,
- vga_draw_line4d2_16,
- vga_draw_line4d2_32,
- vga_draw_line4d2_32,
- vga_draw_line4d2_16,
- vga_draw_line4d2_16,
-
- vga_draw_line8d2_8,
- vga_draw_line8d2_16,
- vga_draw_line8d2_16,
- vga_draw_line8d2_32,
- vga_draw_line8d2_32,
- vga_draw_line8d2_16,
- vga_draw_line8d2_16,
-
- vga_draw_line8_8,
- vga_draw_line8_16,
- vga_draw_line8_16,
- vga_draw_line8_32,
- vga_draw_line8_32,
- vga_draw_line8_16,
- vga_draw_line8_16,
-
- vga_draw_line15_8,
- vga_draw_line15_15,
- vga_draw_line15_16,
- vga_draw_line15_32,
- vga_draw_line15_32bgr,
- vga_draw_line15_15bgr,
- vga_draw_line15_16bgr,
-
- vga_draw_line16_8,
- vga_draw_line16_15,
- vga_draw_line16_16,
- vga_draw_line16_32,
- vga_draw_line16_32bgr,
- vga_draw_line16_15bgr,
- vga_draw_line16_16bgr,
-
- vga_draw_line24_8,
- vga_draw_line24_15,
- vga_draw_line24_16,
- vga_draw_line24_32,
- vga_draw_line24_32bgr,
- vga_draw_line24_15bgr,
- vga_draw_line24_16bgr,
-
- vga_draw_line32_8,
- vga_draw_line32_15,
- vga_draw_line32_16,
- vga_draw_line32_32,
- vga_draw_line32_32bgr,
- vga_draw_line32_15bgr,
- vga_draw_line32_16bgr,
-};
-
-static int vga_get_bpp(VGACommonState *s)
-{
- int ret;
-
- if (s->vbe_regs[VBE_DISPI_INDEX_ENABLE] & VBE_DISPI_ENABLED) {
- ret = s->vbe_regs[VBE_DISPI_INDEX_BPP];
- } else {
- ret = 0;
- }
- return ret;
-}
-
-static void vga_get_resolution(VGACommonState *s, int *pwidth, int *pheight)
-{
- int width, height;
-
- if (s->vbe_regs[VBE_DISPI_INDEX_ENABLE] & VBE_DISPI_ENABLED) {
- width = s->vbe_regs[VBE_DISPI_INDEX_XRES];
- height = s->vbe_regs[VBE_DISPI_INDEX_YRES];
- } else {
- width = (s->cr[VGA_CRTC_H_DISP] + 1) * 8;
- height = s->cr[VGA_CRTC_V_DISP_END] |
- ((s->cr[VGA_CRTC_OVERFLOW] & 0x02) << 7) |
- ((s->cr[VGA_CRTC_OVERFLOW] & 0x40) << 3);
- height = (height + 1);
- }
- *pwidth = width;
- *pheight = height;
-}
-
-void vga_invalidate_scanlines(VGACommonState *s, int y1, int y2)
-{
- int y;
- if (y1 >= VGA_MAX_HEIGHT)
- return;
- if (y2 >= VGA_MAX_HEIGHT)
- y2 = VGA_MAX_HEIGHT;
- for(y = y1; y < y2; y++) {
- s->invalidated_y_table[y >> 5] |= 1 << (y & 0x1f);
- }
-}
-
-void vga_sync_dirty_bitmap(VGACommonState *s)
-{
- memory_region_sync_dirty_bitmap(&s->vram);
-}
-
-void vga_dirty_log_start(VGACommonState *s)
-{
- memory_region_set_log(&s->vram, true, DIRTY_MEMORY_VGA);
-}
-
-void vga_dirty_log_stop(VGACommonState *s)
-{
- memory_region_set_log(&s->vram, false, DIRTY_MEMORY_VGA);
-}
-
-/*
- * graphic modes
- */
-static void vga_draw_graphic(VGACommonState *s, int full_update)
-{
- int y1, y, update, linesize, y_start, double_scan, mask, depth;
- int width, height, shift_control, line_offset, bwidth, bits;
- ram_addr_t page0, page1, page_min, page_max;
- int disp_width, multi_scan, multi_run;
- uint8_t *d;
- uint32_t v, addr1, addr;
- vga_draw_line_func *vga_draw_line;
-
- full_update |= update_basic_params(s);
-
- if (!full_update)
- vga_sync_dirty_bitmap(s);
-
- s->get_resolution(s, &width, &height);
- disp_width = width;
-
- shift_control = (s->gr[VGA_GFX_MODE] >> 5) & 3;
- double_scan = (s->cr[VGA_CRTC_MAX_SCAN] >> 7);
- if (shift_control != 1) {
- multi_scan = (((s->cr[VGA_CRTC_MAX_SCAN] & 0x1f) + 1) << double_scan)
- - 1;
- } else {
- /* in CGA modes, multi_scan is ignored */
- /* XXX: is it correct ? */
- multi_scan = double_scan;
- }
- multi_run = multi_scan;
- if (shift_control != s->shift_control ||
- double_scan != s->double_scan) {
- full_update = 1;
- s->shift_control = shift_control;
- s->double_scan = double_scan;
- }
-
- if (shift_control == 0) {
- if (s->sr[VGA_SEQ_CLOCK_MODE] & 8) {
- disp_width <<= 1;
- }
- } else if (shift_control == 1) {
- if (s->sr[VGA_SEQ_CLOCK_MODE] & 8) {
- disp_width <<= 1;
- }
- }
-
- depth = s->get_bpp(s);
- if (s->line_offset != s->last_line_offset ||
- disp_width != s->last_width ||
- height != s->last_height ||
- s->last_depth != depth) {
-#if defined(HOST_WORDS_BIGENDIAN) == defined(TARGET_WORDS_BIGENDIAN)
- if (depth == 16 || depth == 32) {
-#else
- if (depth == 32) {
-#endif
- qemu_free_displaysurface(s->ds);
- s->ds->surface = qemu_create_displaysurface_from(disp_width, height, depth,
- s->line_offset,
- s->vram_ptr + (s->start_addr * 4));
-#if defined(HOST_WORDS_BIGENDIAN) != defined(TARGET_WORDS_BIGENDIAN)
- s->ds->surface->pf = qemu_different_endianness_pixelformat(depth);
-#endif
- dpy_gfx_resize(s->ds);
- } else {
- qemu_console_resize(s->ds, disp_width, height);
- }
- s->last_scr_width = disp_width;
- s->last_scr_height = height;
- s->last_width = disp_width;
- s->last_height = height;
- s->last_line_offset = s->line_offset;
- s->last_depth = depth;
- full_update = 1;
- } else if (is_buffer_shared(s->ds->surface) &&
- (full_update || ds_get_data(s->ds) != s->vram_ptr
- + (s->start_addr * 4))) {
- qemu_free_displaysurface(s->ds);
- s->ds->surface = qemu_create_displaysurface_from(disp_width,
- height, depth,
- s->line_offset,
- s->vram_ptr + (s->start_addr * 4));
- dpy_gfx_setdata(s->ds);
- }
-
- s->rgb_to_pixel =
- rgb_to_pixel_dup_table[get_depth_index(s->ds)];
-
- if (shift_control == 0) {
- full_update |= update_palette16(s);
- if (s->sr[VGA_SEQ_CLOCK_MODE] & 8) {
- v = VGA_DRAW_LINE4D2;
- } else {
- v = VGA_DRAW_LINE4;
- }
- bits = 4;
- } else if (shift_control == 1) {
- full_update |= update_palette16(s);
- if (s->sr[VGA_SEQ_CLOCK_MODE] & 8) {
- v = VGA_DRAW_LINE2D2;
- } else {
- v = VGA_DRAW_LINE2;
- }
- bits = 4;
- } else {
- switch(s->get_bpp(s)) {
- default:
- case 0:
- full_update |= update_palette256(s);
- v = VGA_DRAW_LINE8D2;
- bits = 4;
- break;
- case 8:
- full_update |= update_palette256(s);
- v = VGA_DRAW_LINE8;
- bits = 8;
- break;
- case 15:
- v = VGA_DRAW_LINE15;
- bits = 16;
- break;
- case 16:
- v = VGA_DRAW_LINE16;
- bits = 16;
- break;
- case 24:
- v = VGA_DRAW_LINE24;
- bits = 24;
- break;
- case 32:
- v = VGA_DRAW_LINE32;
- bits = 32;
- break;
- }
- }
- vga_draw_line = vga_draw_line_table[v * NB_DEPTHS + get_depth_index(s->ds)];
-
- if (!is_buffer_shared(s->ds->surface) && s->cursor_invalidate)
- s->cursor_invalidate(s);
-
- line_offset = s->line_offset;
-#if 0
- printf("w=%d h=%d v=%d line_offset=%d cr[0x09]=0x%02x cr[0x17]=0x%02x linecmp=%d sr[0x01]=0x%02x\n",
- width, height, v, line_offset, s->cr[9], s->cr[VGA_CRTC_MODE],
- s->line_compare, s->sr[VGA_SEQ_CLOCK_MODE]);
-#endif
- addr1 = (s->start_addr * 4);
- bwidth = (width * bits + 7) / 8;
- y_start = -1;
- page_min = -1;
- page_max = 0;
- d = ds_get_data(s->ds);
- linesize = ds_get_linesize(s->ds);
- y1 = 0;
- for(y = 0; y < height; y++) {
- addr = addr1;
- if (!(s->cr[VGA_CRTC_MODE] & 1)) {
- int shift;
- /* CGA compatibility handling */
- shift = 14 + ((s->cr[VGA_CRTC_MODE] >> 6) & 1);
- addr = (addr & ~(1 << shift)) | ((y1 & 1) << shift);
- }
- if (!(s->cr[VGA_CRTC_MODE] & 2)) {
- addr = (addr & ~0x8000) | ((y1 & 2) << 14);
- }
- update = full_update;
- page0 = addr;
- page1 = addr + bwidth - 1;
- update |= memory_region_get_dirty(&s->vram, page0, page1 - page0,
- DIRTY_MEMORY_VGA);
- /* explicit invalidation for the hardware cursor */
- update |= (s->invalidated_y_table[y >> 5] >> (y & 0x1f)) & 1;
- if (update) {
- if (y_start < 0)
- y_start = y;
- if (page0 < page_min)
- page_min = page0;
- if (page1 > page_max)
- page_max = page1;
- if (!(is_buffer_shared(s->ds->surface))) {
- vga_draw_line(s, d, s->vram_ptr + addr, width);
- if (s->cursor_draw_line)
- s->cursor_draw_line(s, d, y);
- }
- } else {
- if (y_start >= 0) {
- /* flush to display */
- dpy_gfx_update(s->ds, 0, y_start,
- disp_width, y - y_start);
- y_start = -1;
- }
- }
- if (!multi_run) {
- mask = (s->cr[VGA_CRTC_MODE] & 3) ^ 3;
- if ((y1 & mask) == mask)
- addr1 += line_offset;
- y1++;
- multi_run = multi_scan;
- } else {
- multi_run--;
- }
- /* line compare acts on the displayed lines */
- if (y == s->line_compare)
- addr1 = 0;
- d += linesize;
- }
- if (y_start >= 0) {
- /* flush to display */
- dpy_gfx_update(s->ds, 0, y_start,
- disp_width, y - y_start);
- }
- /* reset modified pages */
- if (page_max >= page_min) {
- memory_region_reset_dirty(&s->vram,
- page_min,
- page_max - page_min,
- DIRTY_MEMORY_VGA);
- }
- memset(s->invalidated_y_table, 0, ((height + 31) >> 5) * 4);
-}
-
-static void vga_draw_blank(VGACommonState *s, int full_update)
-{
- int i, w, val;
- uint8_t *d;
-
- if (!full_update)
- return;
- if (s->last_scr_width <= 0 || s->last_scr_height <= 0)
- return;
-
- s->rgb_to_pixel =
- rgb_to_pixel_dup_table[get_depth_index(s->ds)];
- if (ds_get_bits_per_pixel(s->ds) == 8)
- val = s->rgb_to_pixel(0, 0, 0);
- else
- val = 0;
- w = s->last_scr_width * ((ds_get_bits_per_pixel(s->ds) + 7) >> 3);
- d = ds_get_data(s->ds);
- for(i = 0; i < s->last_scr_height; i++) {
- memset(d, val, w);
- d += ds_get_linesize(s->ds);
- }
- dpy_gfx_update(s->ds, 0, 0,
- s->last_scr_width, s->last_scr_height);
-}
-
-#define GMODE_TEXT 0
-#define GMODE_GRAPH 1
-#define GMODE_BLANK 2
-
-static void vga_update_display(void *opaque)
-{
- VGACommonState *s = opaque;
- int full_update, graphic_mode;
-
- qemu_flush_coalesced_mmio_buffer();
-
- if (ds_get_bits_per_pixel(s->ds) == 0) {
- /* nothing to do */
- } else {
- full_update = 0;
- if (!(s->ar_index & 0x20)) {
- graphic_mode = GMODE_BLANK;
- } else {
- graphic_mode = s->gr[VGA_GFX_MISC] & VGA_GR06_GRAPHICS_MODE;
- }
- if (graphic_mode != s->graphic_mode) {
- s->graphic_mode = graphic_mode;
- s->cursor_blink_time = qemu_get_clock_ms(vm_clock);
- full_update = 1;
- }
- switch(graphic_mode) {
- case GMODE_TEXT:
- vga_draw_text(s, full_update);
- break;
- case GMODE_GRAPH:
- vga_draw_graphic(s, full_update);
- break;
- case GMODE_BLANK:
- default:
- vga_draw_blank(s, full_update);
- break;
- }
- }
-}
-
-/* force a full display refresh */
-static void vga_invalidate_display(void *opaque)
-{
- VGACommonState *s = opaque;
-
- s->last_width = -1;
- s->last_height = -1;
-}
-
-void vga_common_reset(VGACommonState *s)
-{
- s->sr_index = 0;
- memset(s->sr, '\0', sizeof(s->sr));
- s->gr_index = 0;
- memset(s->gr, '\0', sizeof(s->gr));
- s->ar_index = 0;
- memset(s->ar, '\0', sizeof(s->ar));
- s->ar_flip_flop = 0;
- s->cr_index = 0;
- memset(s->cr, '\0', sizeof(s->cr));
- s->msr = 0;
- s->fcr = 0;
- s->st00 = 0;
- s->st01 = 0;
- s->dac_state = 0;
- s->dac_sub_index = 0;
- s->dac_read_index = 0;
- s->dac_write_index = 0;
- memset(s->dac_cache, '\0', sizeof(s->dac_cache));
- s->dac_8bit = 0;
- memset(s->palette, '\0', sizeof(s->palette));
- s->bank_offset = 0;
- s->vbe_index = 0;
- memset(s->vbe_regs, '\0', sizeof(s->vbe_regs));
- s->vbe_regs[VBE_DISPI_INDEX_ID] = VBE_DISPI_ID5;
- s->vbe_start_addr = 0;
- s->vbe_line_offset = 0;
- s->vbe_bank_mask = (s->vram_size >> 16) - 1;
- memset(s->font_offsets, '\0', sizeof(s->font_offsets));
- s->graphic_mode = -1; /* force full update */
- s->shift_control = 0;
- s->double_scan = 0;
- s->line_offset = 0;
- s->line_compare = 0;
- s->start_addr = 0;
- s->plane_updated = 0;
- s->last_cw = 0;
- s->last_ch = 0;
- s->last_width = 0;
- s->last_height = 0;
- s->last_scr_width = 0;
- s->last_scr_height = 0;
- s->cursor_start = 0;
- s->cursor_end = 0;
- s->cursor_offset = 0;
- memset(s->invalidated_y_table, '\0', sizeof(s->invalidated_y_table));
- memset(s->last_palette, '\0', sizeof(s->last_palette));
- memset(s->last_ch_attr, '\0', sizeof(s->last_ch_attr));
- switch (vga_retrace_method) {
- case VGA_RETRACE_DUMB:
- break;
- case VGA_RETRACE_PRECISE:
- memset(&s->retrace_info, 0, sizeof (s->retrace_info));
- break;
- }
- vga_update_memory_access(s);
-}
-
-static void vga_reset(void *opaque)
-{
- VGACommonState *s = opaque;
- vga_common_reset(s);
-}
-
-#define TEXTMODE_X(x) ((x) % width)
-#define TEXTMODE_Y(x) ((x) / width)
-#define VMEM2CHTYPE(v) ((v & 0xff0007ff) | \
- ((v & 0x00000800) << 10) | ((v & 0x00007000) >> 1))
-/* relay text rendering to the display driver
- * instead of doing a full vga_update_display() */
-static void vga_update_text(void *opaque, console_ch_t *chardata)
-{
- VGACommonState *s = opaque;
- int graphic_mode, i, cursor_offset, cursor_visible;
- int cw, cheight, width, height, size, c_min, c_max;
- uint32_t *src;
- console_ch_t *dst, val;
- char msg_buffer[80];
- int full_update = 0;
-
- qemu_flush_coalesced_mmio_buffer();
-
- if (!(s->ar_index & 0x20)) {
- graphic_mode = GMODE_BLANK;
- } else {
- graphic_mode = s->gr[VGA_GFX_MISC] & VGA_GR06_GRAPHICS_MODE;
- }
- if (graphic_mode != s->graphic_mode) {
- s->graphic_mode = graphic_mode;
- full_update = 1;
- }
- if (s->last_width == -1) {
- s->last_width = 0;
- full_update = 1;
- }
-
- switch (graphic_mode) {
- case GMODE_TEXT:
- /* TODO: update palette */
- full_update |= update_basic_params(s);
-
- /* total width & height */
- cheight = (s->cr[VGA_CRTC_MAX_SCAN] & 0x1f) + 1;
- cw = 8;
- if (!(s->sr[VGA_SEQ_CLOCK_MODE] & VGA_SR01_CHAR_CLK_8DOTS)) {
- cw = 9;
- }
- if (s->sr[VGA_SEQ_CLOCK_MODE] & 0x08) {
- cw = 16; /* NOTE: no 18 pixel wide */
- }
- width = (s->cr[VGA_CRTC_H_DISP] + 1);
- if (s->cr[VGA_CRTC_V_TOTAL] == 100) {
- /* ugly hack for CGA 160x100x16 - explain me the logic */
- height = 100;
- } else {
- height = s->cr[VGA_CRTC_V_DISP_END] |
- ((s->cr[VGA_CRTC_OVERFLOW] & 0x02) << 7) |
- ((s->cr[VGA_CRTC_OVERFLOW] & 0x40) << 3);
- height = (height + 1) / cheight;
- }
-
- size = (height * width);
- if (size > CH_ATTR_SIZE) {
- if (!full_update)
- return;
-
- snprintf(msg_buffer, sizeof(msg_buffer), "%i x %i Text mode",
- width, height);
- break;
- }
-
- if (width != s->last_width || height != s->last_height ||
- cw != s->last_cw || cheight != s->last_ch) {
- s->last_scr_width = width * cw;
- s->last_scr_height = height * cheight;
- qemu_console_resize(s->ds, s->last_scr_width, s->last_scr_height);
- dpy_text_resize(s->ds, width, height);
- s->last_depth = 0;
- s->last_width = width;
- s->last_height = height;
- s->last_ch = cheight;
- s->last_cw = cw;
- full_update = 1;
- }
-
- if (full_update) {
- s->full_update_gfx = 1;
- }
- if (s->full_update_text) {
- s->full_update_text = 0;
- full_update |= 1;
- }
-
- /* Update "hardware" cursor */
- cursor_offset = ((s->cr[VGA_CRTC_CURSOR_HI] << 8) |
- s->cr[VGA_CRTC_CURSOR_LO]) - s->start_addr;
- if (cursor_offset != s->cursor_offset ||
- s->cr[VGA_CRTC_CURSOR_START] != s->cursor_start ||
- s->cr[VGA_CRTC_CURSOR_END] != s->cursor_end || full_update) {
- cursor_visible = !(s->cr[VGA_CRTC_CURSOR_START] & 0x20);
- if (cursor_visible && cursor_offset < size && cursor_offset >= 0)
- dpy_text_cursor(s->ds,
- TEXTMODE_X(cursor_offset),
- TEXTMODE_Y(cursor_offset));
- else
- dpy_text_cursor(s->ds, -1, -1);
- s->cursor_offset = cursor_offset;
- s->cursor_start = s->cr[VGA_CRTC_CURSOR_START];
- s->cursor_end = s->cr[VGA_CRTC_CURSOR_END];
- }
-
- src = (uint32_t *) s->vram_ptr + s->start_addr;
- dst = chardata;
-
- if (full_update) {
- for (i = 0; i < size; src ++, dst ++, i ++)
- console_write_ch(dst, VMEM2CHTYPE(le32_to_cpu(*src)));
-
- dpy_text_update(s->ds, 0, 0, width, height);
- } else {
- c_max = 0;
-
- for (i = 0; i < size; src ++, dst ++, i ++) {
- console_write_ch(&val, VMEM2CHTYPE(le32_to_cpu(*src)));
- if (*dst != val) {
- *dst = val;
- c_max = i;
- break;
- }
- }
- c_min = i;
- for (; i < size; src ++, dst ++, i ++) {
- console_write_ch(&val, VMEM2CHTYPE(le32_to_cpu(*src)));
- if (*dst != val) {
- *dst = val;
- c_max = i;
- }
- }
-
- if (c_min <= c_max) {
- i = TEXTMODE_Y(c_min);
- dpy_text_update(s->ds, 0, i, width, TEXTMODE_Y(c_max) - i + 1);
- }
- }
-
- return;
- case GMODE_GRAPH:
- if (!full_update)
- return;
-
- s->get_resolution(s, &width, &height);
- snprintf(msg_buffer, sizeof(msg_buffer), "%i x %i Graphic mode",
- width, height);
- break;
- case GMODE_BLANK:
- default:
- if (!full_update)
- return;
-
- snprintf(msg_buffer, sizeof(msg_buffer), "VGA Blank mode");
- break;
- }
-
- /* Display a message */
- s->last_width = 60;
- s->last_height = height = 3;
- dpy_text_cursor(s->ds, -1, -1);
- dpy_text_resize(s->ds, s->last_width, height);
-
- for (dst = chardata, i = 0; i < s->last_width * height; i ++)
- console_write_ch(dst ++, ' ');
-
- size = strlen(msg_buffer);
- width = (s->last_width - size) / 2;
- dst = chardata + s->last_width + width;
- for (i = 0; i < size; i ++)
- console_write_ch(dst ++, 0x00200100 | msg_buffer[i]);
-
- dpy_text_update(s->ds, 0, 0, s->last_width, height);
-}
-
-static uint64_t vga_mem_read(void *opaque, hwaddr addr,
- unsigned size)
-{
- VGACommonState *s = opaque;
-
- return vga_mem_readb(s, addr);
-}
-
-static void vga_mem_write(void *opaque, hwaddr addr,
- uint64_t data, unsigned size)
-{
- VGACommonState *s = opaque;
-
- return vga_mem_writeb(s, addr, data);
-}
-
-const MemoryRegionOps vga_mem_ops = {
- .read = vga_mem_read,
- .write = vga_mem_write,
- .endianness = DEVICE_LITTLE_ENDIAN,
- .impl = {
- .min_access_size = 1,
- .max_access_size = 1,
- },
-};
-
-static int vga_common_post_load(void *opaque, int version_id)
-{
- VGACommonState *s = opaque;
-
- /* force refresh */
- s->graphic_mode = -1;
- return 0;
-}
-
-const VMStateDescription vmstate_vga_common = {
- .name = "vga",
- .version_id = 2,
- .minimum_version_id = 2,
- .minimum_version_id_old = 2,
- .post_load = vga_common_post_load,
- .fields = (VMStateField []) {
- VMSTATE_UINT32(latch, VGACommonState),
- VMSTATE_UINT8(sr_index, VGACommonState),
- VMSTATE_PARTIAL_BUFFER(sr, VGACommonState, 8),
- VMSTATE_UINT8(gr_index, VGACommonState),
- VMSTATE_PARTIAL_BUFFER(gr, VGACommonState, 16),
- VMSTATE_UINT8(ar_index, VGACommonState),
- VMSTATE_BUFFER(ar, VGACommonState),
- VMSTATE_INT32(ar_flip_flop, VGACommonState),
- VMSTATE_UINT8(cr_index, VGACommonState),
- VMSTATE_BUFFER(cr, VGACommonState),
- VMSTATE_UINT8(msr, VGACommonState),
- VMSTATE_UINT8(fcr, VGACommonState),
- VMSTATE_UINT8(st00, VGACommonState),
- VMSTATE_UINT8(st01, VGACommonState),
-
- VMSTATE_UINT8(dac_state, VGACommonState),
- VMSTATE_UINT8(dac_sub_index, VGACommonState),
- VMSTATE_UINT8(dac_read_index, VGACommonState),
- VMSTATE_UINT8(dac_write_index, VGACommonState),
- VMSTATE_BUFFER(dac_cache, VGACommonState),
- VMSTATE_BUFFER(palette, VGACommonState),
-
- VMSTATE_INT32(bank_offset, VGACommonState),
- VMSTATE_UINT8_EQUAL(is_vbe_vmstate, VGACommonState),
- VMSTATE_UINT16(vbe_index, VGACommonState),
- VMSTATE_UINT16_ARRAY(vbe_regs, VGACommonState, VBE_DISPI_INDEX_NB),
- VMSTATE_UINT32(vbe_start_addr, VGACommonState),
- VMSTATE_UINT32(vbe_line_offset, VGACommonState),
- VMSTATE_UINT32(vbe_bank_mask, VGACommonState),
- VMSTATE_END_OF_LIST()
- }
-};
-
-void vga_common_init(VGACommonState *s)
-{
- int i, j, v, b;
-
- for(i = 0;i < 256; i++) {
- v = 0;
- for(j = 0; j < 8; j++) {
- v |= ((i >> j) & 1) << (j * 4);
- }
- expand4[i] = v;
-
- v = 0;
- for(j = 0; j < 4; j++) {
- v |= ((i >> (2 * j)) & 3) << (j * 4);
- }
- expand2[i] = v;
- }
- for(i = 0; i < 16; i++) {
- v = 0;
- for(j = 0; j < 4; j++) {
- b = ((i >> j) & 1);
- v |= b << (2 * j);
- v |= b << (2 * j + 1);
- }
- expand4to8[i] = v;
- }
-
- /* valid range: 1 MB -> 256 MB */
- s->vram_size = 1024 * 1024;
- while (s->vram_size < (s->vram_size_mb << 20) &&
- s->vram_size < (256 << 20)) {
- s->vram_size <<= 1;
- }
- s->vram_size_mb = s->vram_size >> 20;
-
- s->is_vbe_vmstate = 1;
- memory_region_init_ram(&s->vram, "vga.vram", s->vram_size);
- vmstate_register_ram_global(&s->vram);
- xen_register_framebuffer(&s->vram);
- s->vram_ptr = memory_region_get_ram_ptr(&s->vram);
- s->get_bpp = vga_get_bpp;
- s->get_offsets = vga_get_offsets;
- s->get_resolution = vga_get_resolution;
- s->update = vga_update_display;
- s->invalidate = vga_invalidate_display;
- s->screen_dump = vga_screen_dump;
- s->text_update = vga_update_text;
- switch (vga_retrace_method) {
- case VGA_RETRACE_DUMB:
- s->retrace = vga_dumb_retrace;
- s->update_retrace_info = vga_dumb_update_retrace_info;
- break;
-
- case VGA_RETRACE_PRECISE:
- s->retrace = vga_precise_retrace;
- s->update_retrace_info = vga_precise_update_retrace_info;
- break;
- }
- vga_dirty_log_start(s);
-}
-
-static const MemoryRegionPortio vga_portio_list[] = {
- { 0x04, 2, 1, .read = vga_ioport_read, .write = vga_ioport_write }, /* 3b4 */
- { 0x0a, 1, 1, .read = vga_ioport_read, .write = vga_ioport_write }, /* 3ba */
- { 0x10, 16, 1, .read = vga_ioport_read, .write = vga_ioport_write }, /* 3c0 */
- { 0x24, 2, 1, .read = vga_ioport_read, .write = vga_ioport_write }, /* 3d4 */
- { 0x2a, 1, 1, .read = vga_ioport_read, .write = vga_ioport_write }, /* 3da */
- PORTIO_END_OF_LIST(),
-};
-
-static const MemoryRegionPortio vbe_portio_list[] = {
- { 0, 1, 2, .read = vbe_ioport_read_index, .write = vbe_ioport_write_index },
-# ifdef TARGET_I386
- { 1, 1, 2, .read = vbe_ioport_read_data, .write = vbe_ioport_write_data },
-# endif
- { 2, 1, 2, .read = vbe_ioport_read_data, .write = vbe_ioport_write_data },
- PORTIO_END_OF_LIST(),
-};
-
-/* Used by both ISA and PCI */
-MemoryRegion *vga_init_io(VGACommonState *s,
- const MemoryRegionPortio **vga_ports,
- const MemoryRegionPortio **vbe_ports)
-{
- MemoryRegion *vga_mem;
-
- *vga_ports = vga_portio_list;
- *vbe_ports = vbe_portio_list;
-
- vga_mem = g_malloc(sizeof(*vga_mem));
- memory_region_init_io(vga_mem, &vga_mem_ops, s,
- "vga-lowmem", 0x20000);
- memory_region_set_flush_coalesced(vga_mem);
-
- return vga_mem;
-}
-
-void vga_init(VGACommonState *s, MemoryRegion *address_space,
- MemoryRegion *address_space_io, bool init_vga_ports)
-{
- MemoryRegion *vga_io_memory;
- const MemoryRegionPortio *vga_ports, *vbe_ports;
- PortioList *vga_port_list = g_new(PortioList, 1);
- PortioList *vbe_port_list = g_new(PortioList, 1);
-
- qemu_register_reset(vga_reset, s);
-
- s->bank_offset = 0;
-
- s->legacy_address_space = address_space;
-
- vga_io_memory = vga_init_io(s, &vga_ports, &vbe_ports);
- memory_region_add_subregion_overlap(address_space,
- isa_mem_base + 0x000a0000,
- vga_io_memory,
- 1);
- memory_region_set_coalescing(vga_io_memory);
- if (init_vga_ports) {
- portio_list_init(vga_port_list, vga_ports, s, "vga");
- portio_list_add(vga_port_list, address_space_io, 0x3b0);
- }
- if (vbe_ports) {
- portio_list_init(vbe_port_list, vbe_ports, s, "vbe");
- portio_list_add(vbe_port_list, address_space_io, 0x1ce);
- }
-}
-
-void vga_init_vbe(VGACommonState *s, MemoryRegion *system_memory)
-{
- /* With pc-0.12 and below we map both the PCI BAR and the fixed VBE region,
- * so use an alias to avoid double-mapping the same region.
- */
- memory_region_init_alias(&s->vram_vbe, "vram.vbe",
- &s->vram, 0, memory_region_size(&s->vram));
- /* XXX: use optimized standard vga accesses */
- memory_region_add_subregion(system_memory,
- VBE_DISPI_LFB_PHYSICAL_ADDRESS,
- &s->vram_vbe);
- s->vbe_mapped = 1;
-}
-/********************************************************/
-/* vga screen dump */
-
-void ppm_save(const char *filename, struct DisplaySurface *ds, Error **errp)
-{
- int width = pixman_image_get_width(ds->image);
- int height = pixman_image_get_height(ds->image);
- FILE *f;
- int y;
- int ret;
- pixman_image_t *linebuf;
-
- trace_ppm_save(filename, ds);
- f = fopen(filename, "wb");
- if (!f) {
- error_setg(errp, "failed to open file '%s': %s", filename,
- strerror(errno));
- return;
- }
- ret = fprintf(f, "P6\n%d %d\n%d\n", width, height, 255);
- if (ret < 0) {
- linebuf = NULL;
- goto write_err;
- }
- linebuf = qemu_pixman_linebuf_create(PIXMAN_BE_r8g8b8, width);
- for (y = 0; y < height; y++) {
- qemu_pixman_linebuf_fill(linebuf, ds->image, width, y);
- clearerr(f);
- ret = fwrite(pixman_image_get_data(linebuf), 1,
- pixman_image_get_stride(linebuf), f);
- (void)ret;
- if (ferror(f)) {
- goto write_err;
- }
- }
-
-out:
- qemu_pixman_image_unref(linebuf);
- fclose(f);
- return;
-
-write_err:
- error_setg(errp, "failed to write to file '%s': %s", filename,
- strerror(errno));
- unlink(filename);
- goto out;
-}
-
-/* save the vga display in a PPM image even if no display is
- available */
-static void vga_screen_dump(void *opaque, const char *filename, bool cswitch,
- Error **errp)
-{
- VGACommonState *s = opaque;
-
- if (cswitch) {
- vga_invalidate_display(s);
- }
- vga_hw_update();
- ppm_save(filename, s->ds->surface, errp);
-}
diff --git a/hw/vga_int.h b/hw/vga_int.h
deleted file mode 100644
index bcb738d8c..000000000
--- a/hw/vga_int.h
+++ /dev/null
@@ -1,214 +0,0 @@
-/*
- * QEMU internal VGA defines.
- *
- * Copyright (c) 2003-2004 Fabrice Bellard
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
- * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
- * THE SOFTWARE.
- */
-
-#include <hw/hw.h>
-#include "error.h"
-#include "memory.h"
-
-#define ST01_V_RETRACE 0x08
-#define ST01_DISP_ENABLE 0x01
-
-#define VBE_DISPI_MAX_XRES 16000
-#define VBE_DISPI_MAX_YRES 12000
-#define VBE_DISPI_MAX_BPP 32
-
-#define VBE_DISPI_INDEX_ID 0x0
-#define VBE_DISPI_INDEX_XRES 0x1
-#define VBE_DISPI_INDEX_YRES 0x2
-#define VBE_DISPI_INDEX_BPP 0x3
-#define VBE_DISPI_INDEX_ENABLE 0x4
-#define VBE_DISPI_INDEX_BANK 0x5
-#define VBE_DISPI_INDEX_VIRT_WIDTH 0x6
-#define VBE_DISPI_INDEX_VIRT_HEIGHT 0x7
-#define VBE_DISPI_INDEX_X_OFFSET 0x8
-#define VBE_DISPI_INDEX_Y_OFFSET 0x9
-#define VBE_DISPI_INDEX_NB 0xa /* size of vbe_regs[] */
-#define VBE_DISPI_INDEX_VIDEO_MEMORY_64K 0xa /* read-only, not in vbe_regs */
-
-#define VBE_DISPI_ID0 0xB0C0
-#define VBE_DISPI_ID1 0xB0C1
-#define VBE_DISPI_ID2 0xB0C2
-#define VBE_DISPI_ID3 0xB0C3
-#define VBE_DISPI_ID4 0xB0C4
-#define VBE_DISPI_ID5 0xB0C5
-
-#define VBE_DISPI_DISABLED 0x00
-#define VBE_DISPI_ENABLED 0x01
-#define VBE_DISPI_GETCAPS 0x02
-#define VBE_DISPI_8BIT_DAC 0x20
-#define VBE_DISPI_LFB_ENABLED 0x40
-#define VBE_DISPI_NOCLEARMEM 0x80
-
-#define VBE_DISPI_LFB_PHYSICAL_ADDRESS 0xE0000000
-
-#define CH_ATTR_SIZE (160 * 100)
-#define VGA_MAX_HEIGHT 2048
-
-struct vga_precise_retrace {
- int64_t ticks_per_char;
- int64_t total_chars;
- int htotal;
- int hstart;
- int hend;
- int vstart;
- int vend;
- int freq;
-};
-
-union vga_retrace {
- struct vga_precise_retrace precise;
-};
-
-struct VGACommonState;
-typedef uint8_t (* vga_retrace_fn)(struct VGACommonState *s);
-typedef void (* vga_update_retrace_info_fn)(struct VGACommonState *s);
-
-typedef struct VGACommonState {
- MemoryRegion *legacy_address_space;
- uint8_t *vram_ptr;
- MemoryRegion vram;
- MemoryRegion vram_vbe;
- uint32_t vram_size;
- uint32_t vram_size_mb; /* property */
- uint32_t latch;
- MemoryRegion *chain4_alias;
- uint8_t sr_index;
- uint8_t sr[256];
- uint8_t gr_index;
- uint8_t gr[256];
- uint8_t ar_index;
- uint8_t ar[21];
- int ar_flip_flop;
- uint8_t cr_index;
- uint8_t cr[256]; /* CRT registers */
- uint8_t msr; /* Misc Output Register */
- uint8_t fcr; /* Feature Control Register */
- uint8_t st00; /* status 0 */
- uint8_t st01; /* status 1 */
- uint8_t dac_state;
- uint8_t dac_sub_index;
- uint8_t dac_read_index;
- uint8_t dac_write_index;
- uint8_t dac_cache[3]; /* used when writing */
- int dac_8bit;
- uint8_t palette[768];
- int32_t bank_offset;
- int (*get_bpp)(struct VGACommonState *s);
- void (*get_offsets)(struct VGACommonState *s,
- uint32_t *pline_offset,
- uint32_t *pstart_addr,
- uint32_t *pline_compare);
- void (*get_resolution)(struct VGACommonState *s,
- int *pwidth,
- int *pheight);
- /* bochs vbe state */
- uint16_t vbe_index;
- uint16_t vbe_regs[VBE_DISPI_INDEX_NB];
- uint32_t vbe_start_addr;
- uint32_t vbe_line_offset;
- uint32_t vbe_bank_mask;
- int vbe_mapped;
- /* display refresh support */
- DisplayState *ds;
- uint32_t font_offsets[2];
- int graphic_mode;
- uint8_t shift_control;
- uint8_t double_scan;
- uint32_t line_offset;
- uint32_t line_compare;
- uint32_t start_addr;
- uint32_t plane_updated;
- uint32_t last_line_offset;
- uint8_t last_cw, last_ch;
- uint32_t last_width, last_height; /* in chars or pixels */
- uint32_t last_scr_width, last_scr_height; /* in pixels */
- uint32_t last_depth; /* in bits */
- uint8_t cursor_start, cursor_end;
- bool cursor_visible_phase;
- int64_t cursor_blink_time;
- uint32_t cursor_offset;
- unsigned int (*rgb_to_pixel)(unsigned int r,
- unsigned int g, unsigned b);
- vga_hw_update_ptr update;
- vga_hw_invalidate_ptr invalidate;
- vga_hw_screen_dump_ptr screen_dump;
- vga_hw_text_update_ptr text_update;
- bool full_update_text;
- bool full_update_gfx;
- /* hardware mouse cursor support */
- uint32_t invalidated_y_table[VGA_MAX_HEIGHT / 32];
- void (*cursor_invalidate)(struct VGACommonState *s);
- void (*cursor_draw_line)(struct VGACommonState *s, uint8_t *d, int y);
- /* tell for each page if it has been updated since the last time */
- uint32_t last_palette[256];
- uint32_t last_ch_attr[CH_ATTR_SIZE]; /* XXX: make it dynamic */
- /* retrace */
- vga_retrace_fn retrace;
- vga_update_retrace_info_fn update_retrace_info;
- union vga_retrace retrace_info;
- uint8_t is_vbe_vmstate;
-} VGACommonState;
-
-static inline int c6_to_8(int v)
-{
- int b;
- v &= 0x3f;
- b = v & 1;
- return (v << 2) | (b << 1) | b;
-}
-
-void vga_common_init(VGACommonState *s);
-void vga_init(VGACommonState *s, MemoryRegion *address_space,
- MemoryRegion *address_space_io, bool init_vga_ports);
-MemoryRegion *vga_init_io(VGACommonState *s,
- const MemoryRegionPortio **vga_ports,
- const MemoryRegionPortio **vbe_ports);
-void vga_common_reset(VGACommonState *s);
-
-void vga_sync_dirty_bitmap(VGACommonState *s);
-void vga_dirty_log_start(VGACommonState *s);
-void vga_dirty_log_stop(VGACommonState *s);
-
-extern const VMStateDescription vmstate_vga_common;
-uint32_t vga_ioport_read(void *opaque, uint32_t addr);
-void vga_ioport_write(void *opaque, uint32_t addr, uint32_t val);
-uint32_t vga_mem_readb(VGACommonState *s, hwaddr addr);
-void vga_mem_writeb(VGACommonState *s, hwaddr addr, uint32_t val);
-void vga_invalidate_scanlines(VGACommonState *s, int y1, int y2);
-void ppm_save(const char *filename, struct DisplaySurface *ds, Error **errp);
-
-int vga_ioport_invalid(VGACommonState *s, uint32_t addr);
-
-void vga_init_vbe(VGACommonState *s, MemoryRegion *address_space);
-uint32_t vbe_ioport_read_data(void *opaque, uint32_t addr);
-void vbe_ioport_write_index(void *opaque, uint32_t addr, uint32_t val);
-void vbe_ioport_write_data(void *opaque, uint32_t addr, uint32_t val);
-
-extern const uint8_t sr_mask[8];
-extern const uint8_t gr_mask[16];
-
-#define VGABIOS_FILENAME "vgabios.bin"
-#define VGABIOS_CIRRUS_FILENAME "vgabios-cirrus.bin"
-
-extern const MemoryRegionOps vga_mem_ops;
diff --git a/hw/vhost.c b/hw/vhost.c
deleted file mode 100644
index 16322a14f..000000000
--- a/hw/vhost.c
+++ /dev/null
@@ -1,964 +0,0 @@
-/*
- * vhost support
- *
- * Copyright Red Hat, Inc. 2010
- *
- * Authors:
- * Michael S. Tsirkin <mst@redhat.com>
- *
- * This work is licensed under the terms of the GNU GPL, version 2. See
- * the COPYING file in the top-level directory.
- *
- * Contributions after 2012-01-13 are licensed under the terms of the
- * GNU GPL, version 2 or (at your option) any later version.
- */
-
-#include <sys/ioctl.h>
-#include "vhost.h"
-#include "hw/hw.h"
-#include "range.h"
-#include <linux/vhost.h>
-#include "exec-memory.h"
-
-static void vhost_dev_sync_region(struct vhost_dev *dev,
- MemoryRegionSection *section,
- uint64_t mfirst, uint64_t mlast,
- uint64_t rfirst, uint64_t rlast)
-{
- uint64_t start = MAX(mfirst, rfirst);
- uint64_t end = MIN(mlast, rlast);
- vhost_log_chunk_t *from = dev->log + start / VHOST_LOG_CHUNK;
- vhost_log_chunk_t *to = dev->log + end / VHOST_LOG_CHUNK + 1;
- uint64_t addr = (start / VHOST_LOG_CHUNK) * VHOST_LOG_CHUNK;
-
- if (end < start) {
- return;
- }
- assert(end / VHOST_LOG_CHUNK < dev->log_size);
- assert(start / VHOST_LOG_CHUNK < dev->log_size);
-
- for (;from < to; ++from) {
- vhost_log_chunk_t log;
- int bit;
- /* We first check with non-atomic: much cheaper,
- * and we expect non-dirty to be the common case. */
- if (!*from) {
- addr += VHOST_LOG_CHUNK;
- continue;
- }
- /* Data must be read atomically. We don't really
- * need the barrier semantics of __sync
- * builtins, but it's easier to use them than
- * roll our own. */
- log = __sync_fetch_and_and(from, 0);
- while ((bit = sizeof(log) > sizeof(int) ?
- ffsll(log) : ffs(log))) {
- ram_addr_t ram_addr;
- bit -= 1;
- ram_addr = section->offset_within_region + bit * VHOST_LOG_PAGE;
- memory_region_set_dirty(section->mr, ram_addr, VHOST_LOG_PAGE);
- log &= ~(0x1ull << bit);
- }
- addr += VHOST_LOG_CHUNK;
- }
-}
-
-static int vhost_sync_dirty_bitmap(struct vhost_dev *dev,
- MemoryRegionSection *section,
- hwaddr start_addr,
- hwaddr end_addr)
-{
- int i;
-
- if (!dev->log_enabled || !dev->started) {
- return 0;
- }
- for (i = 0; i < dev->mem->nregions; ++i) {
- struct vhost_memory_region *reg = dev->mem->regions + i;
- vhost_dev_sync_region(dev, section, start_addr, end_addr,
- reg->guest_phys_addr,
- range_get_last(reg->guest_phys_addr,
- reg->memory_size));
- }
- for (i = 0; i < dev->nvqs; ++i) {
- struct vhost_virtqueue *vq = dev->vqs + i;
- vhost_dev_sync_region(dev, section, start_addr, end_addr, vq->used_phys,
- range_get_last(vq->used_phys, vq->used_size));
- }
- return 0;
-}
-
-static void vhost_log_sync(MemoryListener *listener,
- MemoryRegionSection *section)
-{
- struct vhost_dev *dev = container_of(listener, struct vhost_dev,
- memory_listener);
- hwaddr start_addr = section->offset_within_address_space;
- hwaddr end_addr = start_addr + section->size;
-
- vhost_sync_dirty_bitmap(dev, section, start_addr, end_addr);
-}
-
-/* Assign/unassign. Keep an unsorted array of non-overlapping
- * memory regions in dev->mem. */
-static void vhost_dev_unassign_memory(struct vhost_dev *dev,
- uint64_t start_addr,
- uint64_t size)
-{
- int from, to, n = dev->mem->nregions;
- /* Track overlapping/split regions for sanity checking. */
- int overlap_start = 0, overlap_end = 0, overlap_middle = 0, split = 0;
-
- for (from = 0, to = 0; from < n; ++from, ++to) {
- struct vhost_memory_region *reg = dev->mem->regions + to;
- uint64_t reglast;
- uint64_t memlast;
- uint64_t change;
-
- /* clone old region */
- if (to != from) {
- memcpy(reg, dev->mem->regions + from, sizeof *reg);
- }
-
- /* No overlap is simple */
- if (!ranges_overlap(reg->guest_phys_addr, reg->memory_size,
- start_addr, size)) {
- continue;
- }
-
- /* Split only happens if supplied region
- * is in the middle of an existing one. Thus it can not
- * overlap with any other existing region. */
- assert(!split);
-
- reglast = range_get_last(reg->guest_phys_addr, reg->memory_size);
- memlast = range_get_last(start_addr, size);
-
- /* Remove whole region */
- if (start_addr <= reg->guest_phys_addr && memlast >= reglast) {
- --dev->mem->nregions;
- --to;
- ++overlap_middle;
- continue;
- }
-
- /* Shrink region */
- if (memlast >= reglast) {
- reg->memory_size = start_addr - reg->guest_phys_addr;
- assert(reg->memory_size);
- assert(!overlap_end);
- ++overlap_end;
- continue;
- }
-
- /* Shift region */
- if (start_addr <= reg->guest_phys_addr) {
- change = memlast + 1 - reg->guest_phys_addr;
- reg->memory_size -= change;
- reg->guest_phys_addr += change;
- reg->userspace_addr += change;
- assert(reg->memory_size);
- assert(!overlap_start);
- ++overlap_start;
- continue;
- }
-
- /* This only happens if supplied region
- * is in the middle of an existing one. Thus it can not
- * overlap with any other existing region. */
- assert(!overlap_start);
- assert(!overlap_end);
- assert(!overlap_middle);
- /* Split region: shrink first part, shift second part. */
- memcpy(dev->mem->regions + n, reg, sizeof *reg);
- reg->memory_size = start_addr - reg->guest_phys_addr;
- assert(reg->memory_size);
- change = memlast + 1 - reg->guest_phys_addr;
- reg = dev->mem->regions + n;
- reg->memory_size -= change;
- assert(reg->memory_size);
- reg->guest_phys_addr += change;
- reg->userspace_addr += change;
- /* Never add more than 1 region */
- assert(dev->mem->nregions == n);
- ++dev->mem->nregions;
- ++split;
- }
-}
-
-/* Called after unassign, so no regions overlap the given range. */
-static void vhost_dev_assign_memory(struct vhost_dev *dev,
- uint64_t start_addr,
- uint64_t size,
- uint64_t uaddr)
-{
- int from, to;
- struct vhost_memory_region *merged = NULL;
- for (from = 0, to = 0; from < dev->mem->nregions; ++from, ++to) {
- struct vhost_memory_region *reg = dev->mem->regions + to;
- uint64_t prlast, urlast;
- uint64_t pmlast, umlast;
- uint64_t s, e, u;
-
- /* clone old region */
- if (to != from) {
- memcpy(reg, dev->mem->regions + from, sizeof *reg);
- }
- prlast = range_get_last(reg->guest_phys_addr, reg->memory_size);
- pmlast = range_get_last(start_addr, size);
- urlast = range_get_last(reg->userspace_addr, reg->memory_size);
- umlast = range_get_last(uaddr, size);
-
- /* check for overlapping regions: should never happen. */
- assert(prlast < start_addr || pmlast < reg->guest_phys_addr);
- /* Not an adjacent or overlapping region - do not merge. */
- if ((prlast + 1 != start_addr || urlast + 1 != uaddr) &&
- (pmlast + 1 != reg->guest_phys_addr ||
- umlast + 1 != reg->userspace_addr)) {
- continue;
- }
-
- if (merged) {
- --to;
- assert(to >= 0);
- } else {
- merged = reg;
- }
- u = MIN(uaddr, reg->userspace_addr);
- s = MIN(start_addr, reg->guest_phys_addr);
- e = MAX(pmlast, prlast);
- uaddr = merged->userspace_addr = u;
- start_addr = merged->guest_phys_addr = s;
- size = merged->memory_size = e - s + 1;
- assert(merged->memory_size);
- }
-
- if (!merged) {
- struct vhost_memory_region *reg = dev->mem->regions + to;
- memset(reg, 0, sizeof *reg);
- reg->memory_size = size;
- assert(reg->memory_size);
- reg->guest_phys_addr = start_addr;
- reg->userspace_addr = uaddr;
- ++to;
- }
- assert(to <= dev->mem->nregions + 1);
- dev->mem->nregions = to;
-}
-
-static uint64_t vhost_get_log_size(struct vhost_dev *dev)
-{
- uint64_t log_size = 0;
- int i;
- for (i = 0; i < dev->mem->nregions; ++i) {
- struct vhost_memory_region *reg = dev->mem->regions + i;
- uint64_t last = range_get_last(reg->guest_phys_addr,
- reg->memory_size);
- log_size = MAX(log_size, last / VHOST_LOG_CHUNK + 1);
- }
- for (i = 0; i < dev->nvqs; ++i) {
- struct vhost_virtqueue *vq = dev->vqs + i;
- uint64_t last = vq->used_phys + vq->used_size - 1;
- log_size = MAX(log_size, last / VHOST_LOG_CHUNK + 1);
- }
- return log_size;
-}
-
-static inline void vhost_dev_log_resize(struct vhost_dev* dev, uint64_t size)
-{
- vhost_log_chunk_t *log;
- uint64_t log_base;
- int r, i;
- if (size) {
- log = g_malloc0(size * sizeof *log);
- } else {
- log = NULL;
- }
- log_base = (uint64_t)(unsigned long)log;
- r = ioctl(dev->control, VHOST_SET_LOG_BASE, &log_base);
- assert(r >= 0);
- for (i = 0; i < dev->n_mem_sections; ++i) {
- /* Sync only the range covered by the old log */
- vhost_sync_dirty_bitmap(dev, &dev->mem_sections[i], 0,
- dev->log_size * VHOST_LOG_CHUNK - 1);
- }
- if (dev->log) {
- g_free(dev->log);
- }
- dev->log = log;
- dev->log_size = size;
-}
-
-static int vhost_verify_ring_mappings(struct vhost_dev *dev,
- uint64_t start_addr,
- uint64_t size)
-{
- int i;
- for (i = 0; i < dev->nvqs; ++i) {
- struct vhost_virtqueue *vq = dev->vqs + i;
- hwaddr l;
- void *p;
-
- if (!ranges_overlap(start_addr, size, vq->ring_phys, vq->ring_size)) {
- continue;
- }
- l = vq->ring_size;
- p = cpu_physical_memory_map(vq->ring_phys, &l, 1);
- if (!p || l != vq->ring_size) {
- fprintf(stderr, "Unable to map ring buffer for ring %d\n", i);
- return -ENOMEM;
- }
- if (p != vq->ring) {
- fprintf(stderr, "Ring buffer relocated for ring %d\n", i);
- return -EBUSY;
- }
- cpu_physical_memory_unmap(p, l, 0, 0);
- }
- return 0;
-}
-
-static struct vhost_memory_region *vhost_dev_find_reg(struct vhost_dev *dev,
- uint64_t start_addr,
- uint64_t size)
-{
- int i, n = dev->mem->nregions;
- for (i = 0; i < n; ++i) {
- struct vhost_memory_region *reg = dev->mem->regions + i;
- if (ranges_overlap(reg->guest_phys_addr, reg->memory_size,
- start_addr, size)) {
- return reg;
- }
- }
- return NULL;
-}
-
-static bool vhost_dev_cmp_memory(struct vhost_dev *dev,
- uint64_t start_addr,
- uint64_t size,
- uint64_t uaddr)
-{
- struct vhost_memory_region *reg = vhost_dev_find_reg(dev, start_addr, size);
- uint64_t reglast;
- uint64_t memlast;
-
- if (!reg) {
- return true;
- }
-
- reglast = range_get_last(reg->guest_phys_addr, reg->memory_size);
- memlast = range_get_last(start_addr, size);
-
- /* Need to extend region? */
- if (start_addr < reg->guest_phys_addr || memlast > reglast) {
- return true;
- }
- /* userspace_addr changed? */
- return uaddr != reg->userspace_addr + start_addr - reg->guest_phys_addr;
-}
-
-static void vhost_set_memory(MemoryListener *listener,
- MemoryRegionSection *section,
- bool add)
-{
- struct vhost_dev *dev = container_of(listener, struct vhost_dev,
- memory_listener);
- hwaddr start_addr = section->offset_within_address_space;
- ram_addr_t size = section->size;
- bool log_dirty = memory_region_is_logging(section->mr);
- int s = offsetof(struct vhost_memory, regions) +
- (dev->mem->nregions + 1) * sizeof dev->mem->regions[0];
- uint64_t log_size;
- int r;
- void *ram;
-
- dev->mem = g_realloc(dev->mem, s);
-
- if (log_dirty) {
- add = false;
- }
-
- assert(size);
-
- /* Optimize no-change case. At least cirrus_vga does this a lot at this time. */
- ram = memory_region_get_ram_ptr(section->mr) + section->offset_within_region;
- if (add) {
- if (!vhost_dev_cmp_memory(dev, start_addr, size, (uintptr_t)ram)) {
- /* Region exists with same address. Nothing to do. */
- return;
- }
- } else {
- if (!vhost_dev_find_reg(dev, start_addr, size)) {
- /* Removing region that we don't access. Nothing to do. */
- return;
- }
- }
-
- vhost_dev_unassign_memory(dev, start_addr, size);
- if (add) {
- /* Add given mapping, merging adjacent regions if any */
- vhost_dev_assign_memory(dev, start_addr, size, (uintptr_t)ram);
- } else {
- /* Remove old mapping for this memory, if any. */
- vhost_dev_unassign_memory(dev, start_addr, size);
- }
-
- if (!dev->started) {
- return;
- }
-
- if (dev->started) {
- r = vhost_verify_ring_mappings(dev, start_addr, size);
- assert(r >= 0);
- }
-
- if (!dev->log_enabled) {
- r = ioctl(dev->control, VHOST_SET_MEM_TABLE, dev->mem);
- assert(r >= 0);
- return;
- }
- log_size = vhost_get_log_size(dev);
- /* We allocate an extra 4K bytes to log,
- * to reduce the * number of reallocations. */
-#define VHOST_LOG_BUFFER (0x1000 / sizeof *dev->log)
- /* To log more, must increase log size before table update. */
- if (dev->log_size < log_size) {
- vhost_dev_log_resize(dev, log_size + VHOST_LOG_BUFFER);
- }
- r = ioctl(dev->control, VHOST_SET_MEM_TABLE, dev->mem);
- assert(r >= 0);
- /* To log less, can only decrease log size after table update. */
- if (dev->log_size > log_size + VHOST_LOG_BUFFER) {
- vhost_dev_log_resize(dev, log_size);
- }
-}
-
-static bool vhost_section(MemoryRegionSection *section)
-{
- return memory_region_is_ram(section->mr);
-}
-
-static void vhost_begin(MemoryListener *listener)
-{
-}
-
-static void vhost_commit(MemoryListener *listener)
-{
-}
-
-static void vhost_region_add(MemoryListener *listener,
- MemoryRegionSection *section)
-{
- struct vhost_dev *dev = container_of(listener, struct vhost_dev,
- memory_listener);
-
- if (!vhost_section(section)) {
- return;
- }
-
- ++dev->n_mem_sections;
- dev->mem_sections = g_renew(MemoryRegionSection, dev->mem_sections,
- dev->n_mem_sections);
- dev->mem_sections[dev->n_mem_sections - 1] = *section;
- vhost_set_memory(listener, section, true);
-}
-
-static void vhost_region_del(MemoryListener *listener,
- MemoryRegionSection *section)
-{
- struct vhost_dev *dev = container_of(listener, struct vhost_dev,
- memory_listener);
- int i;
-
- if (!vhost_section(section)) {
- return;
- }
-
- vhost_set_memory(listener, section, false);
- for (i = 0; i < dev->n_mem_sections; ++i) {
- if (dev->mem_sections[i].offset_within_address_space
- == section->offset_within_address_space) {
- --dev->n_mem_sections;
- memmove(&dev->mem_sections[i], &dev->mem_sections[i+1],
- (dev->n_mem_sections - i) * sizeof(*dev->mem_sections));
- break;
- }
- }
-}
-
-static void vhost_region_nop(MemoryListener *listener,
- MemoryRegionSection *section)
-{
-}
-
-static int vhost_virtqueue_set_addr(struct vhost_dev *dev,
- struct vhost_virtqueue *vq,
- unsigned idx, bool enable_log)
-{
- struct vhost_vring_addr addr = {
- .index = idx,
- .desc_user_addr = (uint64_t)(unsigned long)vq->desc,
- .avail_user_addr = (uint64_t)(unsigned long)vq->avail,
- .used_user_addr = (uint64_t)(unsigned long)vq->used,
- .log_guest_addr = vq->used_phys,
- .flags = enable_log ? (1 << VHOST_VRING_F_LOG) : 0,
- };
- int r = ioctl(dev->control, VHOST_SET_VRING_ADDR, &addr);
- if (r < 0) {
- return -errno;
- }
- return 0;
-}
-
-static int vhost_dev_set_features(struct vhost_dev *dev, bool enable_log)
-{
- uint64_t features = dev->acked_features;
- int r;
- if (enable_log) {
- features |= 0x1 << VHOST_F_LOG_ALL;
- }
- r = ioctl(dev->control, VHOST_SET_FEATURES, &features);
- return r < 0 ? -errno : 0;
-}
-
-static int vhost_dev_set_log(struct vhost_dev *dev, bool enable_log)
-{
- int r, t, i;
- r = vhost_dev_set_features(dev, enable_log);
- if (r < 0) {
- goto err_features;
- }
- for (i = 0; i < dev->nvqs; ++i) {
- r = vhost_virtqueue_set_addr(dev, dev->vqs + i, i,
- enable_log);
- if (r < 0) {
- goto err_vq;
- }
- }
- return 0;
-err_vq:
- for (; i >= 0; --i) {
- t = vhost_virtqueue_set_addr(dev, dev->vqs + i, i,
- dev->log_enabled);
- assert(t >= 0);
- }
- t = vhost_dev_set_features(dev, dev->log_enabled);
- assert(t >= 0);
-err_features:
- return r;
-}
-
-static int vhost_migration_log(MemoryListener *listener, int enable)
-{
- struct vhost_dev *dev = container_of(listener, struct vhost_dev,
- memory_listener);
- int r;
- if (!!enable == dev->log_enabled) {
- return 0;
- }
- if (!dev->started) {
- dev->log_enabled = enable;
- return 0;
- }
- if (!enable) {
- r = vhost_dev_set_log(dev, false);
- if (r < 0) {
- return r;
- }
- if (dev->log) {
- g_free(dev->log);
- }
- dev->log = NULL;
- dev->log_size = 0;
- } else {
- vhost_dev_log_resize(dev, vhost_get_log_size(dev));
- r = vhost_dev_set_log(dev, true);
- if (r < 0) {
- return r;
- }
- }
- dev->log_enabled = enable;
- return 0;
-}
-
-static void vhost_log_global_start(MemoryListener *listener)
-{
- int r;
-
- r = vhost_migration_log(listener, true);
- if (r < 0) {
- abort();
- }
-}
-
-static void vhost_log_global_stop(MemoryListener *listener)
-{
- int r;
-
- r = vhost_migration_log(listener, false);
- if (r < 0) {
- abort();
- }
-}
-
-static void vhost_log_start(MemoryListener *listener,
- MemoryRegionSection *section)
-{
- /* FIXME: implement */
-}
-
-static void vhost_log_stop(MemoryListener *listener,
- MemoryRegionSection *section)
-{
- /* FIXME: implement */
-}
-
-static int vhost_virtqueue_init(struct vhost_dev *dev,
- struct VirtIODevice *vdev,
- struct vhost_virtqueue *vq,
- unsigned idx)
-{
- hwaddr s, l, a;
- int r;
- struct vhost_vring_file file = {
- .index = idx,
- };
- struct vhost_vring_state state = {
- .index = idx,
- };
- struct VirtQueue *vvq = virtio_get_queue(vdev, idx);
-
- vq->num = state.num = virtio_queue_get_num(vdev, idx);
- r = ioctl(dev->control, VHOST_SET_VRING_NUM, &state);
- if (r) {
- return -errno;
- }
-
- state.num = virtio_queue_get_last_avail_idx(vdev, idx);
- r = ioctl(dev->control, VHOST_SET_VRING_BASE, &state);
- if (r) {
- return -errno;
- }
-
- s = l = virtio_queue_get_desc_size(vdev, idx);
- a = virtio_queue_get_desc_addr(vdev, idx);
- vq->desc = cpu_physical_memory_map(a, &l, 0);
- if (!vq->desc || l != s) {
- r = -ENOMEM;
- goto fail_alloc_desc;
- }
- s = l = virtio_queue_get_avail_size(vdev, idx);
- a = virtio_queue_get_avail_addr(vdev, idx);
- vq->avail = cpu_physical_memory_map(a, &l, 0);
- if (!vq->avail || l != s) {
- r = -ENOMEM;
- goto fail_alloc_avail;
- }
- vq->used_size = s = l = virtio_queue_get_used_size(vdev, idx);
- vq->used_phys = a = virtio_queue_get_used_addr(vdev, idx);
- vq->used = cpu_physical_memory_map(a, &l, 1);
- if (!vq->used || l != s) {
- r = -ENOMEM;
- goto fail_alloc_used;
- }
-
- vq->ring_size = s = l = virtio_queue_get_ring_size(vdev, idx);
- vq->ring_phys = a = virtio_queue_get_ring_addr(vdev, idx);
- vq->ring = cpu_physical_memory_map(a, &l, 1);
- if (!vq->ring || l != s) {
- r = -ENOMEM;
- goto fail_alloc_ring;
- }
-
- r = vhost_virtqueue_set_addr(dev, vq, idx, dev->log_enabled);
- if (r < 0) {
- r = -errno;
- goto fail_alloc;
- }
- file.fd = event_notifier_get_fd(virtio_queue_get_host_notifier(vvq));
- r = ioctl(dev->control, VHOST_SET_VRING_KICK, &file);
- if (r) {
- r = -errno;
- goto fail_kick;
- }
-
- file.fd = event_notifier_get_fd(virtio_queue_get_guest_notifier(vvq));
- r = ioctl(dev->control, VHOST_SET_VRING_CALL, &file);
- if (r) {
- r = -errno;
- goto fail_call;
- }
-
- return 0;
-
-fail_call:
-fail_kick:
-fail_alloc:
- cpu_physical_memory_unmap(vq->ring, virtio_queue_get_ring_size(vdev, idx),
- 0, 0);
-fail_alloc_ring:
- cpu_physical_memory_unmap(vq->used, virtio_queue_get_used_size(vdev, idx),
- 0, 0);
-fail_alloc_used:
- cpu_physical_memory_unmap(vq->avail, virtio_queue_get_avail_size(vdev, idx),
- 0, 0);
-fail_alloc_avail:
- cpu_physical_memory_unmap(vq->desc, virtio_queue_get_desc_size(vdev, idx),
- 0, 0);
-fail_alloc_desc:
- return r;
-}
-
-static void vhost_virtqueue_cleanup(struct vhost_dev *dev,
- struct VirtIODevice *vdev,
- struct vhost_virtqueue *vq,
- unsigned idx)
-{
- struct vhost_vring_state state = {
- .index = idx,
- };
- int r;
- r = ioctl(dev->control, VHOST_GET_VRING_BASE, &state);
- if (r < 0) {
- fprintf(stderr, "vhost VQ %d ring restore failed: %d\n", idx, r);
- fflush(stderr);
- }
- virtio_queue_set_last_avail_idx(vdev, idx, state.num);
- assert (r >= 0);
- cpu_physical_memory_unmap(vq->ring, virtio_queue_get_ring_size(vdev, idx),
- 0, virtio_queue_get_ring_size(vdev, idx));
- cpu_physical_memory_unmap(vq->used, virtio_queue_get_used_size(vdev, idx),
- 1, virtio_queue_get_used_size(vdev, idx));
- cpu_physical_memory_unmap(vq->avail, virtio_queue_get_avail_size(vdev, idx),
- 0, virtio_queue_get_avail_size(vdev, idx));
- cpu_physical_memory_unmap(vq->desc, virtio_queue_get_desc_size(vdev, idx),
- 0, virtio_queue_get_desc_size(vdev, idx));
-}
-
-static void vhost_eventfd_add(MemoryListener *listener,
- MemoryRegionSection *section,
- bool match_data, uint64_t data, EventNotifier *e)
-{
-}
-
-static void vhost_eventfd_del(MemoryListener *listener,
- MemoryRegionSection *section,
- bool match_data, uint64_t data, EventNotifier *e)
-{
-}
-
-int vhost_dev_init(struct vhost_dev *hdev, int devfd, const char *devpath,
- bool force)
-{
- uint64_t features;
- int r;
- if (devfd >= 0) {
- hdev->control = devfd;
- } else {
- hdev->control = open(devpath, O_RDWR);
- if (hdev->control < 0) {
- return -errno;
- }
- }
- r = ioctl(hdev->control, VHOST_SET_OWNER, NULL);
- if (r < 0) {
- goto fail;
- }
-
- r = ioctl(hdev->control, VHOST_GET_FEATURES, &features);
- if (r < 0) {
- goto fail;
- }
- hdev->features = features;
-
- hdev->memory_listener = (MemoryListener) {
- .begin = vhost_begin,
- .commit = vhost_commit,
- .region_add = vhost_region_add,
- .region_del = vhost_region_del,
- .region_nop = vhost_region_nop,
- .log_start = vhost_log_start,
- .log_stop = vhost_log_stop,
- .log_sync = vhost_log_sync,
- .log_global_start = vhost_log_global_start,
- .log_global_stop = vhost_log_global_stop,
- .eventfd_add = vhost_eventfd_add,
- .eventfd_del = vhost_eventfd_del,
- .priority = 10
- };
- hdev->mem = g_malloc0(offsetof(struct vhost_memory, regions));
- hdev->n_mem_sections = 0;
- hdev->mem_sections = NULL;
- hdev->log = NULL;
- hdev->log_size = 0;
- hdev->log_enabled = false;
- hdev->started = false;
- memory_listener_register(&hdev->memory_listener, &address_space_memory);
- hdev->force = force;
- return 0;
-fail:
- r = -errno;
- close(hdev->control);
- return r;
-}
-
-void vhost_dev_cleanup(struct vhost_dev *hdev)
-{
- memory_listener_unregister(&hdev->memory_listener);
- g_free(hdev->mem);
- g_free(hdev->mem_sections);
- close(hdev->control);
-}
-
-bool vhost_dev_query(struct vhost_dev *hdev, VirtIODevice *vdev)
-{
- return !vdev->binding->query_guest_notifiers ||
- vdev->binding->query_guest_notifiers(vdev->binding_opaque) ||
- hdev->force;
-}
-
-/* Stop processing guest IO notifications in qemu.
- * Start processing them in vhost in kernel.
- */
-int vhost_dev_enable_notifiers(struct vhost_dev *hdev, VirtIODevice *vdev)
-{
- int i, r;
- if (!vdev->binding->set_host_notifier) {
- fprintf(stderr, "binding does not support host notifiers\n");
- r = -ENOSYS;
- goto fail;
- }
-
- for (i = 0; i < hdev->nvqs; ++i) {
- r = vdev->binding->set_host_notifier(vdev->binding_opaque, i, true);
- if (r < 0) {
- fprintf(stderr, "vhost VQ %d notifier binding failed: %d\n", i, -r);
- goto fail_vq;
- }
- }
-
- return 0;
-fail_vq:
- while (--i >= 0) {
- r = vdev->binding->set_host_notifier(vdev->binding_opaque, i, false);
- if (r < 0) {
- fprintf(stderr, "vhost VQ %d notifier cleanup error: %d\n", i, -r);
- fflush(stderr);
- }
- assert (r >= 0);
- }
-fail:
- return r;
-}
-
-/* Stop processing guest IO notifications in vhost.
- * Start processing them in qemu.
- * This might actually run the qemu handlers right away,
- * so virtio in qemu must be completely setup when this is called.
- */
-void vhost_dev_disable_notifiers(struct vhost_dev *hdev, VirtIODevice *vdev)
-{
- int i, r;
-
- for (i = 0; i < hdev->nvqs; ++i) {
- r = vdev->binding->set_host_notifier(vdev->binding_opaque, i, false);
- if (r < 0) {
- fprintf(stderr, "vhost VQ %d notifier cleanup failed: %d\n", i, -r);
- fflush(stderr);
- }
- assert (r >= 0);
- }
-}
-
-/* Host notifiers must be enabled at this point. */
-int vhost_dev_start(struct vhost_dev *hdev, VirtIODevice *vdev)
-{
- int i, r;
- if (!vdev->binding->set_guest_notifiers) {
- fprintf(stderr, "binding does not support guest notifiers\n");
- r = -ENOSYS;
- goto fail;
- }
-
- r = vdev->binding->set_guest_notifiers(vdev->binding_opaque, true);
- if (r < 0) {
- fprintf(stderr, "Error binding guest notifier: %d\n", -r);
- goto fail_notifiers;
- }
-
- r = vhost_dev_set_features(hdev, hdev->log_enabled);
- if (r < 0) {
- goto fail_features;
- }
- r = ioctl(hdev->control, VHOST_SET_MEM_TABLE, hdev->mem);
- if (r < 0) {
- r = -errno;
- goto fail_mem;
- }
- for (i = 0; i < hdev->nvqs; ++i) {
- r = vhost_virtqueue_init(hdev,
- vdev,
- hdev->vqs + i,
- i);
- if (r < 0) {
- goto fail_vq;
- }
- }
-
- if (hdev->log_enabled) {
- hdev->log_size = vhost_get_log_size(hdev);
- hdev->log = hdev->log_size ?
- g_malloc0(hdev->log_size * sizeof *hdev->log) : NULL;
- r = ioctl(hdev->control, VHOST_SET_LOG_BASE,
- (uint64_t)(unsigned long)hdev->log);
- if (r < 0) {
- r = -errno;
- goto fail_log;
- }
- }
-
- hdev->started = true;
-
- return 0;
-fail_log:
-fail_vq:
- while (--i >= 0) {
- vhost_virtqueue_cleanup(hdev,
- vdev,
- hdev->vqs + i,
- i);
- }
-fail_mem:
-fail_features:
- vdev->binding->set_guest_notifiers(vdev->binding_opaque, false);
-fail_notifiers:
-fail:
- return r;
-}
-
-/* Host notifiers must be enabled at this point. */
-void vhost_dev_stop(struct vhost_dev *hdev, VirtIODevice *vdev)
-{
- int i, r;
-
- for (i = 0; i < hdev->nvqs; ++i) {
- vhost_virtqueue_cleanup(hdev,
- vdev,
- hdev->vqs + i,
- i);
- }
- for (i = 0; i < hdev->n_mem_sections; ++i) {
- vhost_sync_dirty_bitmap(hdev, &hdev->mem_sections[i],
- 0, (hwaddr)~0x0ull);
- }
- r = vdev->binding->set_guest_notifiers(vdev->binding_opaque, false);
- if (r < 0) {
- fprintf(stderr, "vhost guest notifier cleanup failed: %d\n", r);
- fflush(stderr);
- }
- assert (r >= 0);
-
- hdev->started = false;
- g_free(hdev->log);
- hdev->log = NULL;
- hdev->log_size = 0;
-}
diff --git a/hw/vhost.h b/hw/vhost.h
deleted file mode 100644
index 0c47229f9..000000000
--- a/hw/vhost.h
+++ /dev/null
@@ -1,56 +0,0 @@
-#ifndef VHOST_H
-#define VHOST_H
-
-#include "hw/hw.h"
-#include "hw/virtio.h"
-#include "memory.h"
-
-/* Generic structures common for any vhost based device. */
-struct vhost_virtqueue {
- int kick;
- int call;
- void *desc;
- void *avail;
- void *used;
- int num;
- unsigned long long used_phys;
- unsigned used_size;
- void *ring;
- unsigned long long ring_phys;
- unsigned ring_size;
-};
-
-typedef unsigned long vhost_log_chunk_t;
-#define VHOST_LOG_PAGE 0x1000
-#define VHOST_LOG_BITS (8 * sizeof(vhost_log_chunk_t))
-#define VHOST_LOG_CHUNK (VHOST_LOG_PAGE * VHOST_LOG_BITS)
-
-struct vhost_memory;
-struct vhost_dev {
- MemoryListener memory_listener;
- int control;
- struct vhost_memory *mem;
- int n_mem_sections;
- MemoryRegionSection *mem_sections;
- struct vhost_virtqueue *vqs;
- int nvqs;
- unsigned long long features;
- unsigned long long acked_features;
- unsigned long long backend_features;
- bool started;
- bool log_enabled;
- vhost_log_chunk_t *log;
- unsigned long long log_size;
- bool force;
-};
-
-int vhost_dev_init(struct vhost_dev *hdev, int devfd, const char *devpath,
- bool force);
-void vhost_dev_cleanup(struct vhost_dev *hdev);
-bool vhost_dev_query(struct vhost_dev *hdev, VirtIODevice *vdev);
-int vhost_dev_start(struct vhost_dev *hdev, VirtIODevice *vdev);
-void vhost_dev_stop(struct vhost_dev *hdev, VirtIODevice *vdev);
-int vhost_dev_enable_notifiers(struct vhost_dev *hdev, VirtIODevice *vdev);
-void vhost_dev_disable_notifiers(struct vhost_dev *hdev, VirtIODevice *vdev);
-
-#endif
diff --git a/hw/vhost_net.c b/hw/vhost_net.c
deleted file mode 100644
index 824160153..000000000
--- a/hw/vhost_net.c
+++ /dev/null
@@ -1,237 +0,0 @@
-/*
- * vhost-net support
- *
- * Copyright Red Hat, Inc. 2010
- *
- * Authors:
- * Michael S. Tsirkin <mst@redhat.com>
- *
- * This work is licensed under the terms of the GNU GPL, version 2. See
- * the COPYING file in the top-level directory.
- *
- * Contributions after 2012-01-13 are licensed under the terms of the
- * GNU GPL, version 2 or (at your option) any later version.
- */
-
-#include "net.h"
-#include "net/tap.h"
-
-#include "virtio-net.h"
-#include "vhost_net.h"
-#include "qemu-error.h"
-
-#include "config.h"
-
-#ifdef CONFIG_VHOST_NET
-#include <linux/vhost.h>
-#include <sys/socket.h>
-#include <linux/kvm.h>
-#include <fcntl.h>
-#include <sys/ioctl.h>
-#include <linux/virtio_ring.h>
-#include <netpacket/packet.h>
-#include <net/ethernet.h>
-#include <net/if.h>
-#include <netinet/in.h>
-
-#include <stdio.h>
-
-#include "vhost.h"
-
-struct vhost_net {
- struct vhost_dev dev;
- struct vhost_virtqueue vqs[2];
- int backend;
- NetClientState *nc;
-};
-
-unsigned vhost_net_get_features(struct vhost_net *net, unsigned features)
-{
- /* Clear features not supported by host kernel. */
- if (!(net->dev.features & (1 << VIRTIO_F_NOTIFY_ON_EMPTY))) {
- features &= ~(1 << VIRTIO_F_NOTIFY_ON_EMPTY);
- }
- if (!(net->dev.features & (1 << VIRTIO_RING_F_INDIRECT_DESC))) {
- features &= ~(1 << VIRTIO_RING_F_INDIRECT_DESC);
- }
- if (!(net->dev.features & (1 << VIRTIO_RING_F_EVENT_IDX))) {
- features &= ~(1 << VIRTIO_RING_F_EVENT_IDX);
- }
- if (!(net->dev.features & (1 << VIRTIO_NET_F_MRG_RXBUF))) {
- features &= ~(1 << VIRTIO_NET_F_MRG_RXBUF);
- }
- return features;
-}
-
-void vhost_net_ack_features(struct vhost_net *net, unsigned features)
-{
- net->dev.acked_features = net->dev.backend_features;
- if (features & (1 << VIRTIO_F_NOTIFY_ON_EMPTY)) {
- net->dev.acked_features |= (1 << VIRTIO_F_NOTIFY_ON_EMPTY);
- }
- if (features & (1 << VIRTIO_RING_F_INDIRECT_DESC)) {
- net->dev.acked_features |= (1 << VIRTIO_RING_F_INDIRECT_DESC);
- }
- if (features & (1 << VIRTIO_RING_F_EVENT_IDX)) {
- net->dev.acked_features |= (1 << VIRTIO_RING_F_EVENT_IDX);
- }
- if (features & (1 << VIRTIO_NET_F_MRG_RXBUF)) {
- net->dev.acked_features |= (1 << VIRTIO_NET_F_MRG_RXBUF);
- }
-}
-
-static int vhost_net_get_fd(NetClientState *backend)
-{
- switch (backend->info->type) {
- case NET_CLIENT_OPTIONS_KIND_TAP:
- return tap_get_fd(backend);
- default:
- fprintf(stderr, "vhost-net requires tap backend\n");
- return -EBADFD;
- }
-}
-
-struct vhost_net *vhost_net_init(NetClientState *backend, int devfd,
- bool force)
-{
- int r;
- struct vhost_net *net = g_malloc(sizeof *net);
- if (!backend) {
- fprintf(stderr, "vhost-net requires backend to be setup\n");
- goto fail;
- }
- r = vhost_net_get_fd(backend);
- if (r < 0) {
- goto fail;
- }
- net->nc = backend;
- net->dev.backend_features = tap_has_vnet_hdr(backend) ? 0 :
- (1 << VHOST_NET_F_VIRTIO_NET_HDR);
- net->backend = r;
-
- r = vhost_dev_init(&net->dev, devfd, "/dev/vhost-net", force);
- if (r < 0) {
- goto fail;
- }
- if (!tap_has_vnet_hdr_len(backend,
- sizeof(struct virtio_net_hdr_mrg_rxbuf))) {
- net->dev.features &= ~(1 << VIRTIO_NET_F_MRG_RXBUF);
- }
- if (~net->dev.features & net->dev.backend_features) {
- fprintf(stderr, "vhost lacks feature mask %" PRIu64 " for backend\n",
- (uint64_t)(~net->dev.features & net->dev.backend_features));
- vhost_dev_cleanup(&net->dev);
- goto fail;
- }
-
- /* Set sane init value. Override when guest acks. */
- vhost_net_ack_features(net, 0);
- return net;
-fail:
- g_free(net);
- return NULL;
-}
-
-bool vhost_net_query(VHostNetState *net, VirtIODevice *dev)
-{
- return vhost_dev_query(&net->dev, dev);
-}
-
-int vhost_net_start(struct vhost_net *net,
- VirtIODevice *dev)
-{
- struct vhost_vring_file file = { };
- int r;
-
- net->dev.nvqs = 2;
- net->dev.vqs = net->vqs;
-
- r = vhost_dev_enable_notifiers(&net->dev, dev);
- if (r < 0) {
- goto fail_notifiers;
- }
-
- r = vhost_dev_start(&net->dev, dev);
- if (r < 0) {
- goto fail_start;
- }
-
- net->nc->info->poll(net->nc, false);
- qemu_set_fd_handler(net->backend, NULL, NULL, NULL);
- file.fd = net->backend;
- for (file.index = 0; file.index < net->dev.nvqs; ++file.index) {
- r = ioctl(net->dev.control, VHOST_NET_SET_BACKEND, &file);
- if (r < 0) {
- r = -errno;
- goto fail;
- }
- }
- return 0;
-fail:
- file.fd = -1;
- while (file.index-- > 0) {
- int r = ioctl(net->dev.control, VHOST_NET_SET_BACKEND, &file);
- assert(r >= 0);
- }
- net->nc->info->poll(net->nc, true);
- vhost_dev_stop(&net->dev, dev);
-fail_start:
- vhost_dev_disable_notifiers(&net->dev, dev);
-fail_notifiers:
- return r;
-}
-
-void vhost_net_stop(struct vhost_net *net,
- VirtIODevice *dev)
-{
- struct vhost_vring_file file = { .fd = -1 };
-
- for (file.index = 0; file.index < net->dev.nvqs; ++file.index) {
- int r = ioctl(net->dev.control, VHOST_NET_SET_BACKEND, &file);
- assert(r >= 0);
- }
- net->nc->info->poll(net->nc, true);
- vhost_dev_stop(&net->dev, dev);
- vhost_dev_disable_notifiers(&net->dev, dev);
-}
-
-void vhost_net_cleanup(struct vhost_net *net)
-{
- vhost_dev_cleanup(&net->dev);
- g_free(net);
-}
-#else
-struct vhost_net *vhost_net_init(NetClientState *backend, int devfd,
- bool force)
-{
- error_report("vhost-net support is not compiled in");
- return NULL;
-}
-
-bool vhost_net_query(VHostNetState *net, VirtIODevice *dev)
-{
- return false;
-}
-
-int vhost_net_start(struct vhost_net *net,
- VirtIODevice *dev)
-{
- return -ENOSYS;
-}
-void vhost_net_stop(struct vhost_net *net,
- VirtIODevice *dev)
-{
-}
-
-void vhost_net_cleanup(struct vhost_net *net)
-{
-}
-
-unsigned vhost_net_get_features(struct vhost_net *net, unsigned features)
-{
- return features;
-}
-void vhost_net_ack_features(struct vhost_net *net, unsigned features)
-{
-}
-#endif
diff --git a/hw/vhost_net.h b/hw/vhost_net.h
deleted file mode 100644
index a9db23423..000000000
--- a/hw/vhost_net.h
+++ /dev/null
@@ -1,20 +0,0 @@
-#ifndef VHOST_NET_H
-#define VHOST_NET_H
-
-#include "net.h"
-
-struct vhost_net;
-typedef struct vhost_net VHostNetState;
-
-VHostNetState *vhost_net_init(NetClientState *backend, int devfd, bool force);
-
-bool vhost_net_query(VHostNetState *net, VirtIODevice *dev);
-int vhost_net_start(VHostNetState *net, VirtIODevice *dev);
-void vhost_net_stop(VHostNetState *net, VirtIODevice *dev);
-
-void vhost_net_cleanup(VHostNetState *net);
-
-unsigned vhost_net_get_features(VHostNetState *net, unsigned features);
-void vhost_net_ack_features(VHostNetState *net, unsigned features);
-
-#endif
diff --git a/hw/virtex_ml507.c b/hw/virtex_ml507.c
deleted file mode 100644
index 6ab8fee0c..000000000
--- a/hw/virtex_ml507.c
+++ /dev/null
@@ -1,274 +0,0 @@
-/*
- * Model of Xilinx Virtex5 ML507 PPC-440 refdesign.
- *
- * Copyright (c) 2010 Edgar E. Iglesias.
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
- * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
- * THE SOFTWARE.
- */
-
-#include "sysbus.h"
-#include "hw.h"
-#include "serial.h"
-#include "net.h"
-#include "flash.h"
-#include "sysemu.h"
-#include "devices.h"
-#include "boards.h"
-#include "device_tree.h"
-#include "loader.h"
-#include "elf.h"
-#include "qemu-log.h"
-#include "exec-memory.h"
-
-#include "ppc.h"
-#include "ppc4xx.h"
-#include "ppc405.h"
-
-#include "blockdev.h"
-#include "xilinx.h"
-
-#define EPAPR_MAGIC (0x45504150)
-#define FLASH_SIZE (16 * 1024 * 1024)
-
-static struct boot_info
-{
- uint32_t bootstrap_pc;
- uint32_t cmdline;
- uint32_t fdt;
- uint32_t ima_size;
- void *vfdt;
-} boot_info;
-
-/* Create reset TLB entries for BookE, spanning the 32bit addr space. */
-static void mmubooke_create_initial_mapping(CPUPPCState *env,
- target_ulong va,
- hwaddr pa)
-{
- ppcemb_tlb_t *tlb = &env->tlb.tlbe[0];
-
- tlb->attr = 0;
- tlb->prot = PAGE_VALID | ((PAGE_READ | PAGE_WRITE | PAGE_EXEC) << 4);
- tlb->size = 1 << 31; /* up to 0x80000000 */
- tlb->EPN = va & TARGET_PAGE_MASK;
- tlb->RPN = pa & TARGET_PAGE_MASK;
- tlb->PID = 0;
-
- tlb = &env->tlb.tlbe[1];
- tlb->attr = 0;
- tlb->prot = PAGE_VALID | ((PAGE_READ | PAGE_WRITE | PAGE_EXEC) << 4);
- tlb->size = 1 << 31; /* up to 0xffffffff */
- tlb->EPN = 0x80000000 & TARGET_PAGE_MASK;
- tlb->RPN = 0x80000000 & TARGET_PAGE_MASK;
- tlb->PID = 0;
-}
-
-static PowerPCCPU *ppc440_init_xilinx(ram_addr_t *ram_size,
- int do_init,
- const char *cpu_model,
- uint32_t sysclk)
-{
- PowerPCCPU *cpu;
- CPUPPCState *env;
- qemu_irq *irqs;
-
- cpu = cpu_ppc_init(cpu_model);
- if (cpu == NULL) {
- fprintf(stderr, "Unable to initialize CPU!\n");
- exit(1);
- }
- env = &cpu->env;
-
- ppc_booke_timers_init(env, sysclk, 0/* no flags */);
-
- ppc_dcr_init(env, NULL, NULL);
-
- /* interrupt controller */
- irqs = g_malloc0(sizeof(qemu_irq) * PPCUIC_OUTPUT_NB);
- irqs[PPCUIC_OUTPUT_INT] = ((qemu_irq *)env->irq_inputs)[PPC40x_INPUT_INT];
- irqs[PPCUIC_OUTPUT_CINT] = ((qemu_irq *)env->irq_inputs)[PPC40x_INPUT_CINT];
- ppcuic_init(env, irqs, 0x0C0, 0, 1);
- return cpu;
-}
-
-static void main_cpu_reset(void *opaque)
-{
- PowerPCCPU *cpu = opaque;
- CPUPPCState *env = &cpu->env;
- struct boot_info *bi = env->load_info;
-
- cpu_reset(CPU(cpu));
- /* Linux Kernel Parameters (passing device tree):
- * r3: pointer to the fdt
- * r4: 0
- * r5: 0
- * r6: epapr magic
- * r7: size of IMA in bytes
- * r8: 0
- * r9: 0
- */
- env->gpr[1] = (16<<20) - 8;
- /* Provide a device-tree. */
- env->gpr[3] = bi->fdt;
- env->nip = bi->bootstrap_pc;
-
- /* Create a mapping for the kernel. */
- mmubooke_create_initial_mapping(env, 0, 0);
- env->gpr[6] = tswap32(EPAPR_MAGIC);
- env->gpr[7] = bi->ima_size;
-}
-
-#define BINARY_DEVICE_TREE_FILE "virtex-ml507.dtb"
-static int xilinx_load_device_tree(hwaddr addr,
- uint32_t ramsize,
- hwaddr initrd_base,
- hwaddr initrd_size,
- const char *kernel_cmdline)
-{
- char *path;
- int fdt_size;
-#ifdef CONFIG_FDT
- void *fdt;
- int r;
-
- /* Try the local "ppc.dtb" override. */
- fdt = load_device_tree("ppc.dtb", &fdt_size);
- if (!fdt) {
- path = qemu_find_file(QEMU_FILE_TYPE_BIOS, BINARY_DEVICE_TREE_FILE);
- if (path) {
- fdt = load_device_tree(path, &fdt_size);
- g_free(path);
- }
- if (!fdt) {
- return 0;
- }
- }
-
- r = qemu_devtree_setprop_string(fdt, "/chosen", "bootargs", kernel_cmdline);
- if (r < 0)
- fprintf(stderr, "couldn't set /chosen/bootargs\n");
- cpu_physical_memory_write (addr, (void *)fdt, fdt_size);
-#else
- /* We lack libfdt so we cannot manipulate the fdt. Just pass on the blob
- to the kernel. */
- fdt_size = load_image_targphys("ppc.dtb", addr, 0x10000);
- if (fdt_size < 0) {
- path = qemu_find_file(QEMU_FILE_TYPE_BIOS, BINARY_DEVICE_TREE_FILE);
- if (path) {
- fdt_size = load_image_targphys(path, addr, 0x10000);
- g_free(path);
- }
- }
-
- if (kernel_cmdline) {
- fprintf(stderr,
- "Warning: missing libfdt, cannot pass cmdline to kernel!\n");
- }
-#endif
- return fdt_size;
-}
-
-static void virtex_init(QEMUMachineInitArgs *args)
-{
- ram_addr_t ram_size = args->ram_size;
- const char *cpu_model = args->cpu_model;
- const char *kernel_filename = args->kernel_filename;
- const char *kernel_cmdline = args->kernel_cmdline;
- MemoryRegion *address_space_mem = get_system_memory();
- DeviceState *dev;
- PowerPCCPU *cpu;
- CPUPPCState *env;
- hwaddr ram_base = 0;
- DriveInfo *dinfo;
- MemoryRegion *phys_ram = g_new(MemoryRegion, 1);
- qemu_irq irq[32], *cpu_irq;
- int kernel_size;
- int i;
-
- /* init CPUs */
- if (cpu_model == NULL) {
- cpu_model = "440-Xilinx";
- }
-
- cpu = ppc440_init_xilinx(&ram_size, 1, cpu_model, 400000000);
- env = &cpu->env;
- qemu_register_reset(main_cpu_reset, cpu);
-
- memory_region_init_ram(phys_ram, "ram", ram_size);
- vmstate_register_ram_global(phys_ram);
- memory_region_add_subregion(address_space_mem, ram_base, phys_ram);
-
- dinfo = drive_get(IF_PFLASH, 0, 0);
- pflash_cfi01_register(0xfc000000, NULL, "virtex.flash", FLASH_SIZE,
- dinfo ? dinfo->bdrv : NULL, (64 * 1024),
- FLASH_SIZE >> 16,
- 1, 0x89, 0x18, 0x0000, 0x0, 1);
-
- cpu_irq = (qemu_irq *) &env->irq_inputs[PPC40x_INPUT_INT];
- dev = xilinx_intc_create(0x81800000, cpu_irq[0], 0);
- for (i = 0; i < 32; i++) {
- irq[i] = qdev_get_gpio_in(dev, i);
- }
-
- serial_mm_init(address_space_mem, 0x83e01003ULL, 2, irq[9], 115200,
- serial_hds[0], DEVICE_LITTLE_ENDIAN);
-
- /* 2 timers at irq 2 @ 62 Mhz. */
- xilinx_timer_create(0x83c00000, irq[3], 0, 62 * 1000000);
-
- if (kernel_filename) {
- uint64_t entry, low, high;
- hwaddr boot_offset;
-
- /* Boots a kernel elf binary. */
- kernel_size = load_elf(kernel_filename, NULL, NULL,
- &entry, &low, &high, 1, ELF_MACHINE, 0);
- boot_info.bootstrap_pc = entry & 0x00ffffff;
-
- if (kernel_size < 0) {
- boot_offset = 0x1200000;
- /* If we failed loading ELF's try a raw image. */
- kernel_size = load_image_targphys(kernel_filename,
- boot_offset,
- ram_size);
- boot_info.bootstrap_pc = boot_offset;
- high = boot_info.bootstrap_pc + kernel_size + 8192;
- }
-
- boot_info.ima_size = kernel_size;
-
- /* Provide a device-tree. */
- boot_info.fdt = high + (8192 * 2);
- boot_info.fdt &= ~8191;
- xilinx_load_device_tree(boot_info.fdt, ram_size, 0, 0, kernel_cmdline);
- }
- env->load_info = &boot_info;
-}
-
-static QEMUMachine virtex_machine = {
- .name = "virtex-ml507",
- .desc = "Xilinx Virtex ML507 reference design",
- .init = virtex_init,
-};
-
-static void virtex_machine_init(void)
-{
- qemu_register_machine(&virtex_machine);
-}
-
-machine_init(virtex_machine_init);
diff --git a/hw/virtio-balloon.c b/hw/virtio-balloon.c
deleted file mode 100644
index dd1a6506c..000000000
--- a/hw/virtio-balloon.c
+++ /dev/null
@@ -1,274 +0,0 @@
-/*
- * Virtio Balloon Device
- *
- * Copyright IBM, Corp. 2008
- * Copyright (C) 2011 Red Hat, Inc.
- * Copyright (C) 2011 Amit Shah <amit.shah@redhat.com>
- *
- * Authors:
- * Anthony Liguori <aliguori@us.ibm.com>
- *
- * This work is licensed under the terms of the GNU GPL, version 2. See
- * the COPYING file in the top-level directory.
- *
- */
-
-#include "iov.h"
-#include "qemu-common.h"
-#include "virtio.h"
-#include "pc.h"
-#include "cpu.h"
-#include "balloon.h"
-#include "virtio-balloon.h"
-#include "kvm.h"
-#include "exec-memory.h"
-
-#if defined(__linux__)
-#include <sys/mman.h>
-#endif
-
-typedef struct VirtIOBalloon
-{
- VirtIODevice vdev;
- VirtQueue *ivq, *dvq, *svq;
- uint32_t num_pages;
- uint32_t actual;
- uint64_t stats[VIRTIO_BALLOON_S_NR];
- VirtQueueElement stats_vq_elem;
- size_t stats_vq_offset;
- DeviceState *qdev;
-} VirtIOBalloon;
-
-static VirtIOBalloon *to_virtio_balloon(VirtIODevice *vdev)
-{
- return (VirtIOBalloon *)vdev;
-}
-
-static void balloon_page(void *addr, int deflate)
-{
-#if defined(__linux__)
- if (!kvm_enabled() || kvm_has_sync_mmu())
- qemu_madvise(addr, TARGET_PAGE_SIZE,
- deflate ? QEMU_MADV_WILLNEED : QEMU_MADV_DONTNEED);
-#endif
-}
-
-/*
- * reset_stats - Mark all items in the stats array as unset
- *
- * This function needs to be called at device intialization and before
- * before updating to a set of newly-generated stats. This will ensure that no
- * stale values stick around in case the guest reports a subset of the supported
- * statistics.
- */
-static inline void reset_stats(VirtIOBalloon *dev)
-{
- int i;
- for (i = 0; i < VIRTIO_BALLOON_S_NR; dev->stats[i++] = -1);
-}
-
-static void virtio_balloon_handle_output(VirtIODevice *vdev, VirtQueue *vq)
-{
- VirtIOBalloon *s = to_virtio_balloon(vdev);
- VirtQueueElement elem;
- MemoryRegionSection section;
-
- while (virtqueue_pop(vq, &elem)) {
- size_t offset = 0;
- uint32_t pfn;
-
- while (iov_to_buf(elem.out_sg, elem.out_num, offset, &pfn, 4) == 4) {
- ram_addr_t pa;
- ram_addr_t addr;
-
- pa = (ram_addr_t)ldl_p(&pfn) << VIRTIO_BALLOON_PFN_SHIFT;
- offset += 4;
-
- /* FIXME: remove get_system_memory(), but how? */
- section = memory_region_find(get_system_memory(), pa, 1);
- if (!section.size || !memory_region_is_ram(section.mr))
- continue;
-
- /* Using memory_region_get_ram_ptr is bending the rules a bit, but
- should be OK because we only want a single page. */
- addr = section.offset_within_region;
- balloon_page(memory_region_get_ram_ptr(section.mr) + addr,
- !!(vq == s->dvq));
- }
-
- virtqueue_push(vq, &elem, offset);
- virtio_notify(vdev, vq);
- }
-}
-
-static void virtio_balloon_receive_stats(VirtIODevice *vdev, VirtQueue *vq)
-{
- VirtIOBalloon *s = DO_UPCAST(VirtIOBalloon, vdev, vdev);
- VirtQueueElement *elem = &s->stats_vq_elem;
- VirtIOBalloonStat stat;
- size_t offset = 0;
-
- if (!virtqueue_pop(vq, elem)) {
- return;
- }
-
- /* Initialize the stats to get rid of any stale values. This is only
- * needed to handle the case where a guest supports fewer stats than it
- * used to (ie. it has booted into an old kernel).
- */
- reset_stats(s);
-
- while (iov_to_buf(elem->out_sg, elem->out_num, offset, &stat, sizeof(stat))
- == sizeof(stat)) {
- uint16_t tag = tswap16(stat.tag);
- uint64_t val = tswap64(stat.val);
-
- offset += sizeof(stat);
- if (tag < VIRTIO_BALLOON_S_NR)
- s->stats[tag] = val;
- }
- s->stats_vq_offset = offset;
-}
-
-static void virtio_balloon_get_config(VirtIODevice *vdev, uint8_t *config_data)
-{
- VirtIOBalloon *dev = to_virtio_balloon(vdev);
- struct virtio_balloon_config config;
-
- config.num_pages = cpu_to_le32(dev->num_pages);
- config.actual = cpu_to_le32(dev->actual);
-
- memcpy(config_data, &config, 8);
-}
-
-static void virtio_balloon_set_config(VirtIODevice *vdev,
- const uint8_t *config_data)
-{
- VirtIOBalloon *dev = to_virtio_balloon(vdev);
- struct virtio_balloon_config config;
- uint32_t oldactual = dev->actual;
- memcpy(&config, config_data, 8);
- dev->actual = le32_to_cpu(config.actual);
- if (dev->actual != oldactual) {
- qemu_balloon_changed(ram_size -
- (dev->actual << VIRTIO_BALLOON_PFN_SHIFT));
- }
-}
-
-static uint32_t virtio_balloon_get_features(VirtIODevice *vdev, uint32_t f)
-{
- f |= (1 << VIRTIO_BALLOON_F_STATS_VQ);
- return f;
-}
-
-static void virtio_balloon_stat(void *opaque, BalloonInfo *info)
-{
- VirtIOBalloon *dev = opaque;
-
-#if 0
- /* Disable guest-provided stats for now. For more details please check:
- * https://bugzilla.redhat.com/show_bug.cgi?id=623903
- *
- * If you do enable it (which is probably not going to happen as we
- * need a new command for it), remember that you also need to fill the
- * appropriate members of the BalloonInfo structure so that the stats
- * are returned to the client.
- */
- if (dev->vdev.guest_features & (1 << VIRTIO_BALLOON_F_STATS_VQ)) {
- virtqueue_push(dev->svq, &dev->stats_vq_elem, dev->stats_vq_offset);
- virtio_notify(&dev->vdev, dev->svq);
- return;
- }
-#endif
-
- /* Stats are not supported. Clear out any stale values that might
- * have been set by a more featureful guest kernel.
- */
- reset_stats(dev);
-
- info->actual = ram_size - ((uint64_t) dev->actual <<
- VIRTIO_BALLOON_PFN_SHIFT);
-}
-
-static void virtio_balloon_to_target(void *opaque, ram_addr_t target)
-{
- VirtIOBalloon *dev = opaque;
-
- if (target > ram_size) {
- target = ram_size;
- }
- if (target) {
- dev->num_pages = (ram_size - target) >> VIRTIO_BALLOON_PFN_SHIFT;
- virtio_notify_config(&dev->vdev);
- }
-}
-
-static void virtio_balloon_save(QEMUFile *f, void *opaque)
-{
- VirtIOBalloon *s = opaque;
-
- virtio_save(&s->vdev, f);
-
- qemu_put_be32(f, s->num_pages);
- qemu_put_be32(f, s->actual);
-}
-
-static int virtio_balloon_load(QEMUFile *f, void *opaque, int version_id)
-{
- VirtIOBalloon *s = opaque;
- int ret;
-
- if (version_id != 1)
- return -EINVAL;
-
- ret = virtio_load(&s->vdev, f);
- if (ret) {
- return ret;
- }
-
- s->num_pages = qemu_get_be32(f);
- s->actual = qemu_get_be32(f);
- return 0;
-}
-
-VirtIODevice *virtio_balloon_init(DeviceState *dev)
-{
- VirtIOBalloon *s;
- int ret;
-
- s = (VirtIOBalloon *)virtio_common_init("virtio-balloon",
- VIRTIO_ID_BALLOON,
- 8, sizeof(VirtIOBalloon));
-
- s->vdev.get_config = virtio_balloon_get_config;
- s->vdev.set_config = virtio_balloon_set_config;
- s->vdev.get_features = virtio_balloon_get_features;
-
- ret = qemu_add_balloon_handler(virtio_balloon_to_target,
- virtio_balloon_stat, s);
- if (ret < 0) {
- virtio_cleanup(&s->vdev);
- return NULL;
- }
-
- s->ivq = virtio_add_queue(&s->vdev, 128, virtio_balloon_handle_output);
- s->dvq = virtio_add_queue(&s->vdev, 128, virtio_balloon_handle_output);
- s->svq = virtio_add_queue(&s->vdev, 128, virtio_balloon_receive_stats);
-
- reset_stats(s);
-
- s->qdev = dev;
- register_savevm(dev, "virtio-balloon", -1, 1,
- virtio_balloon_save, virtio_balloon_load, s);
-
- return &s->vdev;
-}
-
-void virtio_balloon_exit(VirtIODevice *vdev)
-{
- VirtIOBalloon *s = DO_UPCAST(VirtIOBalloon, vdev, vdev);
-
- qemu_remove_balloon_handler(s);
- unregister_savevm(s->qdev, "virtio-balloon", s);
- virtio_cleanup(vdev);
-}
diff --git a/hw/virtio-balloon.h b/hw/virtio-balloon.h
deleted file mode 100644
index 73300ddc8..000000000
--- a/hw/virtio-balloon.h
+++ /dev/null
@@ -1,55 +0,0 @@
-/*
- * Virtio Support
- *
- * Copyright IBM, Corp. 2007-2008
- *
- * Authors:
- * Anthony Liguori <aliguori@us.ibm.com>
- * Rusty Russell <rusty@rustcorp.com.au>
- *
- * This work is licensed under the terms of the GNU GPL, version 2. See
- * the COPYING file in the top-level directory.
- *
- */
-
-#ifndef _QEMU_VIRTIO_BALLOON_H
-#define _QEMU_VIRTIO_BALLOON_H
-
-#include "virtio.h"
-#include "pci.h"
-
-/* from Linux's linux/virtio_balloon.h */
-
-/* The ID for virtio_balloon */
-#define VIRTIO_ID_BALLOON 5
-
-/* The feature bitmap for virtio balloon */
-#define VIRTIO_BALLOON_F_MUST_TELL_HOST 0 /* Tell before reclaiming pages */
-#define VIRTIO_BALLOON_F_STATS_VQ 1 /* Memory stats virtqueue */
-
-/* Size of a PFN in the balloon interface. */
-#define VIRTIO_BALLOON_PFN_SHIFT 12
-
-struct virtio_balloon_config
-{
- /* Number of pages host wants Guest to give up. */
- uint32_t num_pages;
- /* Number of pages we've actually got in balloon. */
- uint32_t actual;
-};
-
-/* Memory Statistics */
-#define VIRTIO_BALLOON_S_SWAP_IN 0 /* Amount of memory swapped in */
-#define VIRTIO_BALLOON_S_SWAP_OUT 1 /* Amount of memory swapped out */
-#define VIRTIO_BALLOON_S_MAJFLT 2 /* Number of major faults */
-#define VIRTIO_BALLOON_S_MINFLT 3 /* Number of minor faults */
-#define VIRTIO_BALLOON_S_MEMFREE 4 /* Total amount of free memory */
-#define VIRTIO_BALLOON_S_MEMTOT 5 /* Total amount of memory */
-#define VIRTIO_BALLOON_S_NR 6
-
-typedef struct VirtIOBalloonStat {
- uint16_t tag;
- uint64_t val;
-} QEMU_PACKED VirtIOBalloonStat;
-
-#endif
diff --git a/hw/virtio-blk.c b/hw/virtio-blk.c
deleted file mode 100644
index e25cc9647..000000000
--- a/hw/virtio-blk.c
+++ /dev/null
@@ -1,658 +0,0 @@
-/*
- * Virtio Block Device
- *
- * Copyright IBM, Corp. 2007
- *
- * Authors:
- * Anthony Liguori <aliguori@us.ibm.com>
- *
- * This work is licensed under the terms of the GNU GPL, version 2. See
- * the COPYING file in the top-level directory.
- *
- */
-
-#include "qemu-common.h"
-#include "qemu-error.h"
-#include "trace.h"
-#include "hw/block-common.h"
-#include "blockdev.h"
-#include "virtio-blk.h"
-#include "scsi-defs.h"
-#ifdef __linux__
-# include <scsi/sg.h>
-#endif
-
-typedef struct VirtIOBlock
-{
- VirtIODevice vdev;
- BlockDriverState *bs;
- VirtQueue *vq;
- void *rq;
- QEMUBH *bh;
- BlockConf *conf;
- VirtIOBlkConf *blk;
- unsigned short sector_mask;
- DeviceState *qdev;
-} VirtIOBlock;
-
-static VirtIOBlock *to_virtio_blk(VirtIODevice *vdev)
-{
- return (VirtIOBlock *)vdev;
-}
-
-typedef struct VirtIOBlockReq
-{
- VirtIOBlock *dev;
- VirtQueueElement elem;
- struct virtio_blk_inhdr *in;
- struct virtio_blk_outhdr *out;
- struct virtio_scsi_inhdr *scsi;
- QEMUIOVector qiov;
- struct VirtIOBlockReq *next;
- BlockAcctCookie acct;
-} VirtIOBlockReq;
-
-static void virtio_blk_req_complete(VirtIOBlockReq *req, int status)
-{
- VirtIOBlock *s = req->dev;
-
- trace_virtio_blk_req_complete(req, status);
-
- stb_p(&req->in->status, status);
- virtqueue_push(s->vq, &req->elem, req->qiov.size + sizeof(*req->in));
- virtio_notify(&s->vdev, s->vq);
-}
-
-static int virtio_blk_handle_rw_error(VirtIOBlockReq *req, int error,
- bool is_read)
-{
- BlockErrorAction action = bdrv_get_error_action(req->dev->bs, is_read, error);
- VirtIOBlock *s = req->dev;
-
- if (action == BDRV_ACTION_STOP) {
- req->next = s->rq;
- s->rq = req;
- } else if (action == BDRV_ACTION_REPORT) {
- virtio_blk_req_complete(req, VIRTIO_BLK_S_IOERR);
- bdrv_acct_done(s->bs, &req->acct);
- g_free(req);
- }
-
- bdrv_error_action(s->bs, action, is_read, error);
- return action != BDRV_ACTION_IGNORE;
-}
-
-static void virtio_blk_rw_complete(void *opaque, int ret)
-{
- VirtIOBlockReq *req = opaque;
-
- trace_virtio_blk_rw_complete(req, ret);
-
- if (ret) {
- bool is_read = !(ldl_p(&req->out->type) & VIRTIO_BLK_T_OUT);
- if (virtio_blk_handle_rw_error(req, -ret, is_read))
- return;
- }
-
- virtio_blk_req_complete(req, VIRTIO_BLK_S_OK);
- bdrv_acct_done(req->dev->bs, &req->acct);
- g_free(req);
-}
-
-static void virtio_blk_flush_complete(void *opaque, int ret)
-{
- VirtIOBlockReq *req = opaque;
-
- if (ret) {
- if (virtio_blk_handle_rw_error(req, -ret, 0)) {
- return;
- }
- }
-
- virtio_blk_req_complete(req, VIRTIO_BLK_S_OK);
- bdrv_acct_done(req->dev->bs, &req->acct);
- g_free(req);
-}
-
-static VirtIOBlockReq *virtio_blk_alloc_request(VirtIOBlock *s)
-{
- VirtIOBlockReq *req = g_malloc(sizeof(*req));
- req->dev = s;
- req->qiov.size = 0;
- req->next = NULL;
- return req;
-}
-
-static VirtIOBlockReq *virtio_blk_get_request(VirtIOBlock *s)
-{
- VirtIOBlockReq *req = virtio_blk_alloc_request(s);
-
- if (req != NULL) {
- if (!virtqueue_pop(s->vq, &req->elem)) {
- g_free(req);
- return NULL;
- }
- }
-
- return req;
-}
-
-static void virtio_blk_handle_scsi(VirtIOBlockReq *req)
-{
-#ifdef __linux__
- int ret;
- int i;
-#endif
- int status = VIRTIO_BLK_S_OK;
-
- /*
- * We require at least one output segment each for the virtio_blk_outhdr
- * and the SCSI command block.
- *
- * We also at least require the virtio_blk_inhdr, the virtio_scsi_inhdr
- * and the sense buffer pointer in the input segments.
- */
- if (req->elem.out_num < 2 || req->elem.in_num < 3) {
- virtio_blk_req_complete(req, VIRTIO_BLK_S_IOERR);
- g_free(req);
- return;
- }
-
- /*
- * The scsi inhdr is placed in the second-to-last input segment, just
- * before the regular inhdr.
- */
- req->scsi = (void *)req->elem.in_sg[req->elem.in_num - 2].iov_base;
-
- if (!req->dev->blk->scsi) {
- status = VIRTIO_BLK_S_UNSUPP;
- goto fail;
- }
-
- /*
- * No support for bidirection commands yet.
- */
- if (req->elem.out_num > 2 && req->elem.in_num > 3) {
- status = VIRTIO_BLK_S_UNSUPP;
- goto fail;
- }
-
-#ifdef __linux__
- struct sg_io_hdr hdr;
- memset(&hdr, 0, sizeof(struct sg_io_hdr));
- hdr.interface_id = 'S';
- hdr.cmd_len = req->elem.out_sg[1].iov_len;
- hdr.cmdp = req->elem.out_sg[1].iov_base;
- hdr.dxfer_len = 0;
-
- if (req->elem.out_num > 2) {
- /*
- * If there are more than the minimally required 2 output segments
- * there is write payload starting from the third iovec.
- */
- hdr.dxfer_direction = SG_DXFER_TO_DEV;
- hdr.iovec_count = req->elem.out_num - 2;
-
- for (i = 0; i < hdr.iovec_count; i++)
- hdr.dxfer_len += req->elem.out_sg[i + 2].iov_len;
-
- hdr.dxferp = req->elem.out_sg + 2;
-
- } else if (req->elem.in_num > 3) {
- /*
- * If we have more than 3 input segments the guest wants to actually
- * read data.
- */
- hdr.dxfer_direction = SG_DXFER_FROM_DEV;
- hdr.iovec_count = req->elem.in_num - 3;
- for (i = 0; i < hdr.iovec_count; i++)
- hdr.dxfer_len += req->elem.in_sg[i].iov_len;
-
- hdr.dxferp = req->elem.in_sg;
- } else {
- /*
- * Some SCSI commands don't actually transfer any data.
- */
- hdr.dxfer_direction = SG_DXFER_NONE;
- }
-
- hdr.sbp = req->elem.in_sg[req->elem.in_num - 3].iov_base;
- hdr.mx_sb_len = req->elem.in_sg[req->elem.in_num - 3].iov_len;
-
- ret = bdrv_ioctl(req->dev->bs, SG_IO, &hdr);
- if (ret) {
- status = VIRTIO_BLK_S_UNSUPP;
- goto fail;
- }
-
- /*
- * From SCSI-Generic-HOWTO: "Some lower level drivers (e.g. ide-scsi)
- * clear the masked_status field [hence status gets cleared too, see
- * block/scsi_ioctl.c] even when a CHECK_CONDITION or COMMAND_TERMINATED
- * status has occurred. However they do set DRIVER_SENSE in driver_status
- * field. Also a (sb_len_wr > 0) indicates there is a sense buffer.
- */
- if (hdr.status == 0 && hdr.sb_len_wr > 0) {
- hdr.status = CHECK_CONDITION;
- }
-
- stl_p(&req->scsi->errors,
- hdr.status | (hdr.msg_status << 8) |
- (hdr.host_status << 16) | (hdr.driver_status << 24));
- stl_p(&req->scsi->residual, hdr.resid);
- stl_p(&req->scsi->sense_len, hdr.sb_len_wr);
- stl_p(&req->scsi->data_len, hdr.dxfer_len);
-
- virtio_blk_req_complete(req, status);
- g_free(req);
- return;
-#else
- abort();
-#endif
-
-fail:
- /* Just put anything nonzero so that the ioctl fails in the guest. */
- stl_p(&req->scsi->errors, 255);
- virtio_blk_req_complete(req, status);
- g_free(req);
-}
-
-typedef struct MultiReqBuffer {
- BlockRequest blkreq[32];
- unsigned int num_writes;
-} MultiReqBuffer;
-
-static void virtio_submit_multiwrite(BlockDriverState *bs, MultiReqBuffer *mrb)
-{
- int i, ret;
-
- if (!mrb->num_writes) {
- return;
- }
-
- ret = bdrv_aio_multiwrite(bs, mrb->blkreq, mrb->num_writes);
- if (ret != 0) {
- for (i = 0; i < mrb->num_writes; i++) {
- if (mrb->blkreq[i].error) {
- virtio_blk_rw_complete(mrb->blkreq[i].opaque, -EIO);
- }
- }
- }
-
- mrb->num_writes = 0;
-}
-
-static void virtio_blk_handle_flush(VirtIOBlockReq *req, MultiReqBuffer *mrb)
-{
- bdrv_acct_start(req->dev->bs, &req->acct, 0, BDRV_ACCT_FLUSH);
-
- /*
- * Make sure all outstanding writes are posted to the backing device.
- */
- virtio_submit_multiwrite(req->dev->bs, mrb);
- bdrv_aio_flush(req->dev->bs, virtio_blk_flush_complete, req);
-}
-
-static void virtio_blk_handle_write(VirtIOBlockReq *req, MultiReqBuffer *mrb)
-{
- BlockRequest *blkreq;
- uint64_t sector;
-
- sector = ldq_p(&req->out->sector);
-
- bdrv_acct_start(req->dev->bs, &req->acct, req->qiov.size, BDRV_ACCT_WRITE);
-
- trace_virtio_blk_handle_write(req, sector, req->qiov.size / 512);
-
- if (sector & req->dev->sector_mask) {
- virtio_blk_rw_complete(req, -EIO);
- return;
- }
- if (req->qiov.size % req->dev->conf->logical_block_size) {
- virtio_blk_rw_complete(req, -EIO);
- return;
- }
-
- if (mrb->num_writes == 32) {
- virtio_submit_multiwrite(req->dev->bs, mrb);
- }
-
- blkreq = &mrb->blkreq[mrb->num_writes];
- blkreq->sector = sector;
- blkreq->nb_sectors = req->qiov.size / BDRV_SECTOR_SIZE;
- blkreq->qiov = &req->qiov;
- blkreq->cb = virtio_blk_rw_complete;
- blkreq->opaque = req;
- blkreq->error = 0;
-
- mrb->num_writes++;
-}
-
-static void virtio_blk_handle_read(VirtIOBlockReq *req)
-{
- uint64_t sector;
-
- sector = ldq_p(&req->out->sector);
-
- bdrv_acct_start(req->dev->bs, &req->acct, req->qiov.size, BDRV_ACCT_READ);
-
- trace_virtio_blk_handle_read(req, sector, req->qiov.size / 512);
-
- if (sector & req->dev->sector_mask) {
- virtio_blk_rw_complete(req, -EIO);
- return;
- }
- if (req->qiov.size % req->dev->conf->logical_block_size) {
- virtio_blk_rw_complete(req, -EIO);
- return;
- }
- bdrv_aio_readv(req->dev->bs, sector, &req->qiov,
- req->qiov.size / BDRV_SECTOR_SIZE,
- virtio_blk_rw_complete, req);
-}
-
-static void virtio_blk_handle_request(VirtIOBlockReq *req,
- MultiReqBuffer *mrb)
-{
- uint32_t type;
-
- if (req->elem.out_num < 1 || req->elem.in_num < 1) {
- error_report("virtio-blk missing headers");
- exit(1);
- }
-
- if (req->elem.out_sg[0].iov_len < sizeof(*req->out) ||
- req->elem.in_sg[req->elem.in_num - 1].iov_len < sizeof(*req->in)) {
- error_report("virtio-blk header not in correct element");
- exit(1);
- }
-
- req->out = (void *)req->elem.out_sg[0].iov_base;
- req->in = (void *)req->elem.in_sg[req->elem.in_num - 1].iov_base;
-
- type = ldl_p(&req->out->type);
-
- if (type & VIRTIO_BLK_T_FLUSH) {
- virtio_blk_handle_flush(req, mrb);
- } else if (type & VIRTIO_BLK_T_SCSI_CMD) {
- virtio_blk_handle_scsi(req);
- } else if (type & VIRTIO_BLK_T_GET_ID) {
- VirtIOBlock *s = req->dev;
-
- /*
- * NB: per existing s/n string convention the string is
- * terminated by '\0' only when shorter than buffer.
- */
- strncpy(req->elem.in_sg[0].iov_base,
- s->blk->serial ? s->blk->serial : "",
- MIN(req->elem.in_sg[0].iov_len, VIRTIO_BLK_ID_BYTES));
- virtio_blk_req_complete(req, VIRTIO_BLK_S_OK);
- g_free(req);
- } else if (type & VIRTIO_BLK_T_OUT) {
- qemu_iovec_init_external(&req->qiov, &req->elem.out_sg[1],
- req->elem.out_num - 1);
- virtio_blk_handle_write(req, mrb);
- } else {
- qemu_iovec_init_external(&req->qiov, &req->elem.in_sg[0],
- req->elem.in_num - 1);
- virtio_blk_handle_read(req);
- }
-}
-
-static void virtio_blk_handle_output(VirtIODevice *vdev, VirtQueue *vq)
-{
- VirtIOBlock *s = to_virtio_blk(vdev);
- VirtIOBlockReq *req;
- MultiReqBuffer mrb = {
- .num_writes = 0,
- };
-
- while ((req = virtio_blk_get_request(s))) {
- virtio_blk_handle_request(req, &mrb);
- }
-
- virtio_submit_multiwrite(s->bs, &mrb);
-
- /*
- * FIXME: Want to check for completions before returning to guest mode,
- * so cached reads and writes are reported as quickly as possible. But
- * that should be done in the generic block layer.
- */
-}
-
-static void virtio_blk_dma_restart_bh(void *opaque)
-{
- VirtIOBlock *s = opaque;
- VirtIOBlockReq *req = s->rq;
- MultiReqBuffer mrb = {
- .num_writes = 0,
- };
-
- qemu_bh_delete(s->bh);
- s->bh = NULL;
-
- s->rq = NULL;
-
- while (req) {
- virtio_blk_handle_request(req, &mrb);
- req = req->next;
- }
-
- virtio_submit_multiwrite(s->bs, &mrb);
-}
-
-static void virtio_blk_dma_restart_cb(void *opaque, int running,
- RunState state)
-{
- VirtIOBlock *s = opaque;
-
- if (!running)
- return;
-
- if (!s->bh) {
- s->bh = qemu_bh_new(virtio_blk_dma_restart_bh, s);
- qemu_bh_schedule(s->bh);
- }
-}
-
-static void virtio_blk_reset(VirtIODevice *vdev)
-{
- /*
- * This should cancel pending requests, but can't do nicely until there
- * are per-device request lists.
- */
- bdrv_drain_all();
-}
-
-/* coalesce internal state, copy to pci i/o region 0
- */
-static void virtio_blk_update_config(VirtIODevice *vdev, uint8_t *config)
-{
- VirtIOBlock *s = to_virtio_blk(vdev);
- struct virtio_blk_config blkcfg;
- uint64_t capacity;
- int blk_size = s->conf->logical_block_size;
-
- bdrv_get_geometry(s->bs, &capacity);
- memset(&blkcfg, 0, sizeof(blkcfg));
- stq_raw(&blkcfg.capacity, capacity);
- stl_raw(&blkcfg.seg_max, 128 - 2);
- stw_raw(&blkcfg.cylinders, s->conf->cyls);
- stl_raw(&blkcfg.blk_size, blk_size);
- stw_raw(&blkcfg.min_io_size, s->conf->min_io_size / blk_size);
- stw_raw(&blkcfg.opt_io_size, s->conf->opt_io_size / blk_size);
- blkcfg.heads = s->conf->heads;
- /*
- * We must ensure that the block device capacity is a multiple of
- * the logical block size. If that is not the case, lets use
- * sector_mask to adopt the geometry to have a correct picture.
- * For those devices where the capacity is ok for the given geometry
- * we dont touch the sector value of the geometry, since some devices
- * (like s390 dasd) need a specific value. Here the capacity is already
- * cyls*heads*secs*blk_size and the sector value is not block size
- * divided by 512 - instead it is the amount of blk_size blocks
- * per track (cylinder).
- */
- if (bdrv_getlength(s->bs) / s->conf->heads / s->conf->secs % blk_size) {
- blkcfg.sectors = s->conf->secs & ~s->sector_mask;
- } else {
- blkcfg.sectors = s->conf->secs;
- }
- blkcfg.size_max = 0;
- blkcfg.physical_block_exp = get_physical_block_exp(s->conf);
- blkcfg.alignment_offset = 0;
- blkcfg.wce = bdrv_enable_write_cache(s->bs);
- memcpy(config, &blkcfg, sizeof(struct virtio_blk_config));
-}
-
-static void virtio_blk_set_config(VirtIODevice *vdev, const uint8_t *config)
-{
- VirtIOBlock *s = to_virtio_blk(vdev);
- struct virtio_blk_config blkcfg;
-
- memcpy(&blkcfg, config, sizeof(blkcfg));
- bdrv_set_enable_write_cache(s->bs, blkcfg.wce != 0);
-}
-
-static uint32_t virtio_blk_get_features(VirtIODevice *vdev, uint32_t features)
-{
- VirtIOBlock *s = to_virtio_blk(vdev);
-
- features |= (1 << VIRTIO_BLK_F_SEG_MAX);
- features |= (1 << VIRTIO_BLK_F_GEOMETRY);
- features |= (1 << VIRTIO_BLK_F_TOPOLOGY);
- features |= (1 << VIRTIO_BLK_F_BLK_SIZE);
- features |= (1 << VIRTIO_BLK_F_SCSI);
-
- if (bdrv_enable_write_cache(s->bs))
- features |= (1 << VIRTIO_BLK_F_WCE);
-
- if (bdrv_is_read_only(s->bs))
- features |= 1 << VIRTIO_BLK_F_RO;
-
- return features;
-}
-
-static void virtio_blk_set_status(VirtIODevice *vdev, uint8_t status)
-{
- VirtIOBlock *s = to_virtio_blk(vdev);
- uint32_t features;
-
- if (!(status & VIRTIO_CONFIG_S_DRIVER_OK)) {
- return;
- }
-
- features = vdev->guest_features;
- bdrv_set_enable_write_cache(s->bs, !!(features & (1 << VIRTIO_BLK_F_WCE)));
-}
-
-static void virtio_blk_save(QEMUFile *f, void *opaque)
-{
- VirtIOBlock *s = opaque;
- VirtIOBlockReq *req = s->rq;
-
- virtio_save(&s->vdev, f);
-
- while (req) {
- qemu_put_sbyte(f, 1);
- qemu_put_buffer(f, (unsigned char*)&req->elem, sizeof(req->elem));
- req = req->next;
- }
- qemu_put_sbyte(f, 0);
-}
-
-static int virtio_blk_load(QEMUFile *f, void *opaque, int version_id)
-{
- VirtIOBlock *s = opaque;
- int ret;
-
- if (version_id != 2)
- return -EINVAL;
-
- ret = virtio_load(&s->vdev, f);
- if (ret) {
- return ret;
- }
-
- while (qemu_get_sbyte(f)) {
- VirtIOBlockReq *req = virtio_blk_alloc_request(s);
- qemu_get_buffer(f, (unsigned char*)&req->elem, sizeof(req->elem));
- req->next = s->rq;
- s->rq = req;
-
- virtqueue_map_sg(req->elem.in_sg, req->elem.in_addr,
- req->elem.in_num, 1);
- virtqueue_map_sg(req->elem.out_sg, req->elem.out_addr,
- req->elem.out_num, 0);
- }
-
- return 0;
-}
-
-static void virtio_blk_resize(void *opaque)
-{
- VirtIOBlock *s = opaque;
-
- virtio_notify_config(&s->vdev);
-}
-
-static const BlockDevOps virtio_block_ops = {
- .resize_cb = virtio_blk_resize,
-};
-
-VirtIODevice *virtio_blk_init(DeviceState *dev, VirtIOBlkConf *blk)
-{
- VirtIOBlock *s;
- static int virtio_blk_id;
-
- if (!blk->conf.bs) {
- error_report("drive property not set");
- return NULL;
- }
- if (!bdrv_is_inserted(blk->conf.bs)) {
- error_report("Device needs media, but drive is empty");
- return NULL;
- }
-
- blkconf_serial(&blk->conf, &blk->serial);
- if (blkconf_geometry(&blk->conf, NULL, 65535, 255, 255) < 0) {
- return NULL;
- }
-
- s = (VirtIOBlock *)virtio_common_init("virtio-blk", VIRTIO_ID_BLOCK,
- sizeof(struct virtio_blk_config),
- sizeof(VirtIOBlock));
-
- s->vdev.get_config = virtio_blk_update_config;
- s->vdev.set_config = virtio_blk_set_config;
- s->vdev.get_features = virtio_blk_get_features;
- s->vdev.set_status = virtio_blk_set_status;
- s->vdev.reset = virtio_blk_reset;
- s->bs = blk->conf.bs;
- s->conf = &blk->conf;
- s->blk = blk;
- s->rq = NULL;
- s->sector_mask = (s->conf->logical_block_size / BDRV_SECTOR_SIZE) - 1;
-
- s->vq = virtio_add_queue(&s->vdev, 128, virtio_blk_handle_output);
-
- qemu_add_vm_change_state_handler(virtio_blk_dma_restart_cb, s);
- s->qdev = dev;
- register_savevm(dev, "virtio-blk", virtio_blk_id++, 2,
- virtio_blk_save, virtio_blk_load, s);
- bdrv_set_dev_ops(s->bs, &virtio_block_ops, s);
- bdrv_set_buffer_alignment(s->bs, s->conf->logical_block_size);
-
- bdrv_iostatus_enable(s->bs);
- add_boot_device_path(s->conf->bootindex, dev, "/disk@0,0");
-
- return &s->vdev;
-}
-
-void virtio_blk_exit(VirtIODevice *vdev)
-{
- VirtIOBlock *s = to_virtio_blk(vdev);
- unregister_savevm(s->qdev, "virtio-blk", s);
- blockdev_mark_auto_del(s->bs);
- virtio_cleanup(vdev);
-}
diff --git a/hw/virtio-blk.h b/hw/virtio-blk.h
deleted file mode 100644
index f0740d01a..000000000
--- a/hw/virtio-blk.h
+++ /dev/null
@@ -1,114 +0,0 @@
-/*
- * Virtio Block Device
- *
- * Copyright IBM, Corp. 2007
- *
- * Authors:
- * Anthony Liguori <aliguori@us.ibm.com>
- *
- * This work is licensed under the terms of the GNU GPL, version 2. See
- * the COPYING file in the top-level directory.
- *
- */
-
-#ifndef _QEMU_VIRTIO_BLK_H
-#define _QEMU_VIRTIO_BLK_H
-
-#include "virtio.h"
-#include "hw/block-common.h"
-
-/* from Linux's linux/virtio_blk.h */
-
-/* The ID for virtio_block */
-#define VIRTIO_ID_BLOCK 2
-
-/* Feature bits */
-#define VIRTIO_BLK_F_BARRIER 0 /* Does host support barriers? */
-#define VIRTIO_BLK_F_SIZE_MAX 1 /* Indicates maximum segment size */
-#define VIRTIO_BLK_F_SEG_MAX 2 /* Indicates maximum # of segments */
-#define VIRTIO_BLK_F_GEOMETRY 4 /* Indicates support of legacy geometry */
-#define VIRTIO_BLK_F_RO 5 /* Disk is read-only */
-#define VIRTIO_BLK_F_BLK_SIZE 6 /* Block size of disk is available*/
-#define VIRTIO_BLK_F_SCSI 7 /* Supports scsi command passthru */
-/* #define VIRTIO_BLK_F_IDENTIFY 8 ATA IDENTIFY supported, DEPRECATED */
-#define VIRTIO_BLK_F_WCE 9 /* write cache enabled */
-#define VIRTIO_BLK_F_TOPOLOGY 10 /* Topology information is available */
-#define VIRTIO_BLK_F_CONFIG_WCE 11 /* write cache configurable */
-
-#define VIRTIO_BLK_ID_BYTES 20 /* ID string length */
-
-struct virtio_blk_config
-{
- uint64_t capacity;
- uint32_t size_max;
- uint32_t seg_max;
- uint16_t cylinders;
- uint8_t heads;
- uint8_t sectors;
- uint32_t blk_size;
- uint8_t physical_block_exp;
- uint8_t alignment_offset;
- uint16_t min_io_size;
- uint32_t opt_io_size;
- uint8_t wce;
-} QEMU_PACKED;
-
-/* These two define direction. */
-#define VIRTIO_BLK_T_IN 0
-#define VIRTIO_BLK_T_OUT 1
-
-/* This bit says it's a scsi command, not an actual read or write. */
-#define VIRTIO_BLK_T_SCSI_CMD 2
-
-/* Flush the volatile write cache */
-#define VIRTIO_BLK_T_FLUSH 4
-
-/* return the device ID string */
-#define VIRTIO_BLK_T_GET_ID 8
-
-/* Barrier before this op. */
-#define VIRTIO_BLK_T_BARRIER 0x80000000
-
-/* This is the first element of the read scatter-gather list. */
-struct virtio_blk_outhdr
-{
- /* VIRTIO_BLK_T* */
- uint32_t type;
- /* io priority. */
- uint32_t ioprio;
- /* Sector (ie. 512 byte offset) */
- uint64_t sector;
-};
-
-#define VIRTIO_BLK_S_OK 0
-#define VIRTIO_BLK_S_IOERR 1
-#define VIRTIO_BLK_S_UNSUPP 2
-
-/* This is the last element of the write scatter-gather list */
-struct virtio_blk_inhdr
-{
- unsigned char status;
-};
-
-/* SCSI pass-through header */
-struct virtio_scsi_inhdr
-{
- uint32_t errors;
- uint32_t data_len;
- uint32_t sense_len;
- uint32_t residual;
-};
-
-struct VirtIOBlkConf
-{
- BlockConf conf;
- char *serial;
- uint32_t scsi;
- uint32_t config_wce;
-};
-
-#define DEFINE_VIRTIO_BLK_FEATURES(_state, _field) \
- DEFINE_VIRTIO_COMMON_FEATURES(_state, _field), \
- DEFINE_PROP_BIT("config-wce", _state, _field, VIRTIO_BLK_F_CONFIG_WCE, true)
-
-#endif
diff --git a/hw/virtio-console.c b/hw/virtio-console.c
deleted file mode 100644
index cffee3d47..000000000
--- a/hw/virtio-console.c
+++ /dev/null
@@ -1,182 +0,0 @@
-/*
- * Virtio Console and Generic Serial Port Devices
- *
- * Copyright Red Hat, Inc. 2009, 2010
- *
- * Authors:
- * Amit Shah <amit.shah@redhat.com>
- *
- * This work is licensed under the terms of the GNU GPL, version 2. See
- * the COPYING file in the top-level directory.
- */
-
-#include "qemu-char.h"
-#include "qemu-error.h"
-#include "trace.h"
-#include "virtio-serial.h"
-
-typedef struct VirtConsole {
- VirtIOSerialPort port;
- CharDriverState *chr;
-} VirtConsole;
-
-
-/* Callback function that's called when the guest sends us data */
-static ssize_t flush_buf(VirtIOSerialPort *port, const uint8_t *buf, size_t len)
-{
- VirtConsole *vcon = DO_UPCAST(VirtConsole, port, port);
- ssize_t ret;
-
- if (!vcon->chr) {
- /* If there's no backend, we can just say we consumed all data. */
- return len;
- }
-
- ret = qemu_chr_fe_write(vcon->chr, buf, len);
- trace_virtio_console_flush_buf(port->id, len, ret);
-
- if (ret < 0) {
- /*
- * Ideally we'd get a better error code than just -1, but
- * that's what the chardev interface gives us right now. If
- * we had a finer-grained message, like -EPIPE, we could close
- * this connection. Absent such error messages, the most we
- * can do is to return 0 here.
- *
- * This will prevent stray -1 values to go to
- * virtio-serial-bus.c and cause abort()s in
- * do_flush_queued_data().
- */
- ret = 0;
- }
- return ret;
-}
-
-/* Callback function that's called when the guest opens the port */
-static void guest_open(VirtIOSerialPort *port)
-{
- VirtConsole *vcon = DO_UPCAST(VirtConsole, port, port);
-
- if (!vcon->chr) {
- return;
- }
- qemu_chr_fe_open(vcon->chr);
-}
-
-/* Callback function that's called when the guest closes the port */
-static void guest_close(VirtIOSerialPort *port)
-{
- VirtConsole *vcon = DO_UPCAST(VirtConsole, port, port);
-
- if (!vcon->chr) {
- return;
- }
- qemu_chr_fe_close(vcon->chr);
-}
-
-/* Readiness of the guest to accept data on a port */
-static int chr_can_read(void *opaque)
-{
- VirtConsole *vcon = opaque;
-
- return virtio_serial_guest_ready(&vcon->port);
-}
-
-/* Send data from a char device over to the guest */
-static void chr_read(void *opaque, const uint8_t *buf, int size)
-{
- VirtConsole *vcon = opaque;
-
- trace_virtio_console_chr_read(vcon->port.id, size);
- virtio_serial_write(&vcon->port, buf, size);
-}
-
-static void chr_event(void *opaque, int event)
-{
- VirtConsole *vcon = opaque;
-
- trace_virtio_console_chr_event(vcon->port.id, event);
- switch (event) {
- case CHR_EVENT_OPENED:
- virtio_serial_open(&vcon->port);
- break;
- case CHR_EVENT_CLOSED:
- virtio_serial_close(&vcon->port);
- break;
- }
-}
-
-static int virtconsole_initfn(VirtIOSerialPort *port)
-{
- VirtConsole *vcon = DO_UPCAST(VirtConsole, port, port);
- VirtIOSerialPortClass *k = VIRTIO_SERIAL_PORT_GET_CLASS(port);
-
- if (port->id == 0 && !k->is_console) {
- error_report("Port number 0 on virtio-serial devices reserved for virtconsole devices for backward compatibility.");
- return -1;
- }
-
- if (vcon->chr) {
- qemu_chr_add_handlers(vcon->chr, chr_can_read, chr_read, chr_event,
- vcon);
- }
-
- return 0;
-}
-
-static Property virtconsole_properties[] = {
- DEFINE_PROP_CHR("chardev", VirtConsole, chr),
- DEFINE_PROP_END_OF_LIST(),
-};
-
-static void virtconsole_class_init(ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS(klass);
- VirtIOSerialPortClass *k = VIRTIO_SERIAL_PORT_CLASS(klass);
-
- k->is_console = true;
- k->init = virtconsole_initfn;
- k->have_data = flush_buf;
- k->guest_open = guest_open;
- k->guest_close = guest_close;
- dc->props = virtconsole_properties;
-}
-
-static TypeInfo virtconsole_info = {
- .name = "virtconsole",
- .parent = TYPE_VIRTIO_SERIAL_PORT,
- .instance_size = sizeof(VirtConsole),
- .class_init = virtconsole_class_init,
-};
-
-static Property virtserialport_properties[] = {
- DEFINE_PROP_CHR("chardev", VirtConsole, chr),
- DEFINE_PROP_END_OF_LIST(),
-};
-
-static void virtserialport_class_init(ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS(klass);
- VirtIOSerialPortClass *k = VIRTIO_SERIAL_PORT_CLASS(klass);
-
- k->init = virtconsole_initfn;
- k->have_data = flush_buf;
- k->guest_open = guest_open;
- k->guest_close = guest_close;
- dc->props = virtserialport_properties;
-}
-
-static TypeInfo virtserialport_info = {
- .name = "virtserialport",
- .parent = TYPE_VIRTIO_SERIAL_PORT,
- .instance_size = sizeof(VirtConsole),
- .class_init = virtserialport_class_init,
-};
-
-static void virtconsole_register_types(void)
-{
- type_register_static(&virtconsole_info);
- type_register_static(&virtserialport_info);
-}
-
-type_init(virtconsole_register_types)
diff --git a/hw/virtio-net.c b/hw/virtio-net.c
deleted file mode 100644
index 108ce07cf..000000000
--- a/hw/virtio-net.c
+++ /dev/null
@@ -1,1103 +0,0 @@
-/*
- * Virtio Network Device
- *
- * Copyright IBM, Corp. 2007
- *
- * Authors:
- * Anthony Liguori <aliguori@us.ibm.com>
- *
- * This work is licensed under the terms of the GNU GPL, version 2. See
- * the COPYING file in the top-level directory.
- *
- */
-
-#include "iov.h"
-#include "virtio.h"
-#include "net.h"
-#include "net/checksum.h"
-#include "net/tap.h"
-#include "qemu-error.h"
-#include "qemu-timer.h"
-#include "virtio-net.h"
-#include "vhost_net.h"
-
-#define VIRTIO_NET_VM_VERSION 11
-
-#define MAC_TABLE_ENTRIES 64
-#define MAX_VLAN (1 << 12) /* Per 802.1Q definition */
-
-typedef struct VirtIONet
-{
- VirtIODevice vdev;
- uint8_t mac[ETH_ALEN];
- uint16_t status;
- VirtQueue *rx_vq;
- VirtQueue *tx_vq;
- VirtQueue *ctrl_vq;
- NICState *nic;
- QEMUTimer *tx_timer;
- QEMUBH *tx_bh;
- uint32_t tx_timeout;
- int32_t tx_burst;
- int tx_waiting;
- uint32_t has_vnet_hdr;
- size_t host_hdr_len;
- size_t guest_hdr_len;
- uint8_t has_ufo;
- struct {
- VirtQueueElement elem;
- ssize_t len;
- } async_tx;
- int mergeable_rx_bufs;
- uint8_t promisc;
- uint8_t allmulti;
- uint8_t alluni;
- uint8_t nomulti;
- uint8_t nouni;
- uint8_t nobcast;
- uint8_t vhost_started;
- struct {
- int in_use;
- int first_multi;
- uint8_t multi_overflow;
- uint8_t uni_overflow;
- uint8_t *macs;
- } mac_table;
- uint32_t *vlans;
- DeviceState *qdev;
-} VirtIONet;
-
-/* TODO
- * - we could suppress RX interrupt if we were so inclined.
- */
-
-static VirtIONet *to_virtio_net(VirtIODevice *vdev)
-{
- return (VirtIONet *)vdev;
-}
-
-static void virtio_net_get_config(VirtIODevice *vdev, uint8_t *config)
-{
- VirtIONet *n = to_virtio_net(vdev);
- struct virtio_net_config netcfg;
-
- stw_p(&netcfg.status, n->status);
- memcpy(netcfg.mac, n->mac, ETH_ALEN);
- memcpy(config, &netcfg, sizeof(netcfg));
-}
-
-static void virtio_net_set_config(VirtIODevice *vdev, const uint8_t *config)
-{
- VirtIONet *n = to_virtio_net(vdev);
- struct virtio_net_config netcfg;
-
- memcpy(&netcfg, config, sizeof(netcfg));
-
- if (memcmp(netcfg.mac, n->mac, ETH_ALEN)) {
- memcpy(n->mac, netcfg.mac, ETH_ALEN);
- qemu_format_nic_info_str(&n->nic->nc, n->mac);
- }
-}
-
-static bool virtio_net_started(VirtIONet *n, uint8_t status)
-{
- return (status & VIRTIO_CONFIG_S_DRIVER_OK) &&
- (n->status & VIRTIO_NET_S_LINK_UP) && n->vdev.vm_running;
-}
-
-static void virtio_net_vhost_status(VirtIONet *n, uint8_t status)
-{
- if (!n->nic->nc.peer) {
- return;
- }
- if (n->nic->nc.peer->info->type != NET_CLIENT_OPTIONS_KIND_TAP) {
- return;
- }
-
- if (!tap_get_vhost_net(n->nic->nc.peer)) {
- return;
- }
- if (!!n->vhost_started == virtio_net_started(n, status) &&
- !n->nic->nc.peer->link_down) {
- return;
- }
- if (!n->vhost_started) {
- int r;
- if (!vhost_net_query(tap_get_vhost_net(n->nic->nc.peer), &n->vdev)) {
- return;
- }
- r = vhost_net_start(tap_get_vhost_net(n->nic->nc.peer), &n->vdev);
- if (r < 0) {
- error_report("unable to start vhost net: %d: "
- "falling back on userspace virtio", -r);
- } else {
- n->vhost_started = 1;
- }
- } else {
- vhost_net_stop(tap_get_vhost_net(n->nic->nc.peer), &n->vdev);
- n->vhost_started = 0;
- }
-}
-
-static void virtio_net_set_status(struct VirtIODevice *vdev, uint8_t status)
-{
- VirtIONet *n = to_virtio_net(vdev);
-
- virtio_net_vhost_status(n, status);
-
- if (!n->tx_waiting) {
- return;
- }
-
- if (virtio_net_started(n, status) && !n->vhost_started) {
- if (n->tx_timer) {
- qemu_mod_timer(n->tx_timer,
- qemu_get_clock_ns(vm_clock) + n->tx_timeout);
- } else {
- qemu_bh_schedule(n->tx_bh);
- }
- } else {
- if (n->tx_timer) {
- qemu_del_timer(n->tx_timer);
- } else {
- qemu_bh_cancel(n->tx_bh);
- }
- }
-}
-
-static void virtio_net_set_link_status(NetClientState *nc)
-{
- VirtIONet *n = DO_UPCAST(NICState, nc, nc)->opaque;
- uint16_t old_status = n->status;
-
- if (nc->link_down)
- n->status &= ~VIRTIO_NET_S_LINK_UP;
- else
- n->status |= VIRTIO_NET_S_LINK_UP;
-
- if (n->status != old_status)
- virtio_notify_config(&n->vdev);
-
- virtio_net_set_status(&n->vdev, n->vdev.status);
-}
-
-static void virtio_net_reset(VirtIODevice *vdev)
-{
- VirtIONet *n = to_virtio_net(vdev);
-
- /* Reset back to compatibility mode */
- n->promisc = 1;
- n->allmulti = 0;
- n->alluni = 0;
- n->nomulti = 0;
- n->nouni = 0;
- n->nobcast = 0;
-
- /* Flush any MAC and VLAN filter table state */
- n->mac_table.in_use = 0;
- n->mac_table.first_multi = 0;
- n->mac_table.multi_overflow = 0;
- n->mac_table.uni_overflow = 0;
- memset(n->mac_table.macs, 0, MAC_TABLE_ENTRIES * ETH_ALEN);
- memset(n->vlans, 0, MAX_VLAN >> 3);
-}
-
-static void peer_test_vnet_hdr(VirtIONet *n)
-{
- if (!n->nic->nc.peer)
- return;
-
- if (n->nic->nc.peer->info->type != NET_CLIENT_OPTIONS_KIND_TAP)
- return;
-
- n->has_vnet_hdr = tap_has_vnet_hdr(n->nic->nc.peer);
-}
-
-static int peer_has_vnet_hdr(VirtIONet *n)
-{
- return n->has_vnet_hdr;
-}
-
-static int peer_has_ufo(VirtIONet *n)
-{
- if (!peer_has_vnet_hdr(n))
- return 0;
-
- n->has_ufo = tap_has_ufo(n->nic->nc.peer);
-
- return n->has_ufo;
-}
-
-static void virtio_net_set_mrg_rx_bufs(VirtIONet *n, int mergeable_rx_bufs)
-{
- n->mergeable_rx_bufs = mergeable_rx_bufs;
-
- n->guest_hdr_len = n->mergeable_rx_bufs ?
- sizeof(struct virtio_net_hdr_mrg_rxbuf) : sizeof(struct virtio_net_hdr);
-
- if (peer_has_vnet_hdr(n) &&
- tap_has_vnet_hdr_len(n->nic->nc.peer, n->guest_hdr_len)) {
- tap_set_vnet_hdr_len(n->nic->nc.peer, n->guest_hdr_len);
- n->host_hdr_len = n->guest_hdr_len;
- }
-}
-
-static uint32_t virtio_net_get_features(VirtIODevice *vdev, uint32_t features)
-{
- VirtIONet *n = to_virtio_net(vdev);
-
- features |= (1 << VIRTIO_NET_F_MAC);
-
- if (!peer_has_vnet_hdr(n)) {
- features &= ~(0x1 << VIRTIO_NET_F_CSUM);
- features &= ~(0x1 << VIRTIO_NET_F_HOST_TSO4);
- features &= ~(0x1 << VIRTIO_NET_F_HOST_TSO6);
- features &= ~(0x1 << VIRTIO_NET_F_HOST_ECN);
-
- features &= ~(0x1 << VIRTIO_NET_F_GUEST_CSUM);
- features &= ~(0x1 << VIRTIO_NET_F_GUEST_TSO4);
- features &= ~(0x1 << VIRTIO_NET_F_GUEST_TSO6);
- features &= ~(0x1 << VIRTIO_NET_F_GUEST_ECN);
- }
-
- if (!peer_has_vnet_hdr(n) || !peer_has_ufo(n)) {
- features &= ~(0x1 << VIRTIO_NET_F_GUEST_UFO);
- features &= ~(0x1 << VIRTIO_NET_F_HOST_UFO);
- }
-
- if (!n->nic->nc.peer ||
- n->nic->nc.peer->info->type != NET_CLIENT_OPTIONS_KIND_TAP) {
- return features;
- }
- if (!tap_get_vhost_net(n->nic->nc.peer)) {
- return features;
- }
- return vhost_net_get_features(tap_get_vhost_net(n->nic->nc.peer), features);
-}
-
-static uint32_t virtio_net_bad_features(VirtIODevice *vdev)
-{
- uint32_t features = 0;
-
- /* Linux kernel 2.6.25. It understood MAC (as everyone must),
- * but also these: */
- features |= (1 << VIRTIO_NET_F_MAC);
- features |= (1 << VIRTIO_NET_F_CSUM);
- features |= (1 << VIRTIO_NET_F_HOST_TSO4);
- features |= (1 << VIRTIO_NET_F_HOST_TSO6);
- features |= (1 << VIRTIO_NET_F_HOST_ECN);
-
- return features;
-}
-
-static void virtio_net_set_features(VirtIODevice *vdev, uint32_t features)
-{
- VirtIONet *n = to_virtio_net(vdev);
-
- virtio_net_set_mrg_rx_bufs(n, !!(features & (1 << VIRTIO_NET_F_MRG_RXBUF)));
-
- if (n->has_vnet_hdr) {
- tap_set_offload(n->nic->nc.peer,
- (features >> VIRTIO_NET_F_GUEST_CSUM) & 1,
- (features >> VIRTIO_NET_F_GUEST_TSO4) & 1,
- (features >> VIRTIO_NET_F_GUEST_TSO6) & 1,
- (features >> VIRTIO_NET_F_GUEST_ECN) & 1,
- (features >> VIRTIO_NET_F_GUEST_UFO) & 1);
- }
- if (!n->nic->nc.peer ||
- n->nic->nc.peer->info->type != NET_CLIENT_OPTIONS_KIND_TAP) {
- return;
- }
- if (!tap_get_vhost_net(n->nic->nc.peer)) {
- return;
- }
- vhost_net_ack_features(tap_get_vhost_net(n->nic->nc.peer), features);
-}
-
-static int virtio_net_handle_rx_mode(VirtIONet *n, uint8_t cmd,
- VirtQueueElement *elem)
-{
- uint8_t on;
-
- if (elem->out_num != 2 || elem->out_sg[1].iov_len != sizeof(on)) {
- error_report("virtio-net ctrl invalid rx mode command");
- exit(1);
- }
-
- on = ldub_p(elem->out_sg[1].iov_base);
-
- if (cmd == VIRTIO_NET_CTRL_RX_MODE_PROMISC)
- n->promisc = on;
- else if (cmd == VIRTIO_NET_CTRL_RX_MODE_ALLMULTI)
- n->allmulti = on;
- else if (cmd == VIRTIO_NET_CTRL_RX_MODE_ALLUNI)
- n->alluni = on;
- else if (cmd == VIRTIO_NET_CTRL_RX_MODE_NOMULTI)
- n->nomulti = on;
- else if (cmd == VIRTIO_NET_CTRL_RX_MODE_NOUNI)
- n->nouni = on;
- else if (cmd == VIRTIO_NET_CTRL_RX_MODE_NOBCAST)
- n->nobcast = on;
- else
- return VIRTIO_NET_ERR;
-
- return VIRTIO_NET_OK;
-}
-
-static int virtio_net_handle_mac(VirtIONet *n, uint8_t cmd,
- VirtQueueElement *elem)
-{
- struct virtio_net_ctrl_mac mac_data;
-
- if (cmd != VIRTIO_NET_CTRL_MAC_TABLE_SET || elem->out_num != 3 ||
- elem->out_sg[1].iov_len < sizeof(mac_data) ||
- elem->out_sg[2].iov_len < sizeof(mac_data))
- return VIRTIO_NET_ERR;
-
- n->mac_table.in_use = 0;
- n->mac_table.first_multi = 0;
- n->mac_table.uni_overflow = 0;
- n->mac_table.multi_overflow = 0;
- memset(n->mac_table.macs, 0, MAC_TABLE_ENTRIES * ETH_ALEN);
-
- mac_data.entries = ldl_p(elem->out_sg[1].iov_base);
-
- if (sizeof(mac_data.entries) +
- (mac_data.entries * ETH_ALEN) > elem->out_sg[1].iov_len)
- return VIRTIO_NET_ERR;
-
- if (mac_data.entries <= MAC_TABLE_ENTRIES) {
- memcpy(n->mac_table.macs, elem->out_sg[1].iov_base + sizeof(mac_data),
- mac_data.entries * ETH_ALEN);
- n->mac_table.in_use += mac_data.entries;
- } else {
- n->mac_table.uni_overflow = 1;
- }
-
- n->mac_table.first_multi = n->mac_table.in_use;
-
- mac_data.entries = ldl_p(elem->out_sg[2].iov_base);
-
- if (sizeof(mac_data.entries) +
- (mac_data.entries * ETH_ALEN) > elem->out_sg[2].iov_len)
- return VIRTIO_NET_ERR;
-
- if (mac_data.entries) {
- if (n->mac_table.in_use + mac_data.entries <= MAC_TABLE_ENTRIES) {
- memcpy(n->mac_table.macs + (n->mac_table.in_use * ETH_ALEN),
- elem->out_sg[2].iov_base + sizeof(mac_data),
- mac_data.entries * ETH_ALEN);
- n->mac_table.in_use += mac_data.entries;
- } else {
- n->mac_table.multi_overflow = 1;
- }
- }
-
- return VIRTIO_NET_OK;
-}
-
-static int virtio_net_handle_vlan_table(VirtIONet *n, uint8_t cmd,
- VirtQueueElement *elem)
-{
- uint16_t vid;
-
- if (elem->out_num != 2 || elem->out_sg[1].iov_len != sizeof(vid)) {
- error_report("virtio-net ctrl invalid vlan command");
- return VIRTIO_NET_ERR;
- }
-
- vid = lduw_p(elem->out_sg[1].iov_base);
-
- if (vid >= MAX_VLAN)
- return VIRTIO_NET_ERR;
-
- if (cmd == VIRTIO_NET_CTRL_VLAN_ADD)
- n->vlans[vid >> 5] |= (1U << (vid & 0x1f));
- else if (cmd == VIRTIO_NET_CTRL_VLAN_DEL)
- n->vlans[vid >> 5] &= ~(1U << (vid & 0x1f));
- else
- return VIRTIO_NET_ERR;
-
- return VIRTIO_NET_OK;
-}
-
-static void virtio_net_handle_ctrl(VirtIODevice *vdev, VirtQueue *vq)
-{
- VirtIONet *n = to_virtio_net(vdev);
- struct virtio_net_ctrl_hdr ctrl;
- virtio_net_ctrl_ack status = VIRTIO_NET_ERR;
- VirtQueueElement elem;
-
- while (virtqueue_pop(vq, &elem)) {
- if ((elem.in_num < 1) || (elem.out_num < 1)) {
- error_report("virtio-net ctrl missing headers");
- exit(1);
- }
-
- if (elem.out_sg[0].iov_len < sizeof(ctrl) ||
- elem.in_sg[elem.in_num - 1].iov_len < sizeof(status)) {
- error_report("virtio-net ctrl header not in correct element");
- exit(1);
- }
-
- ctrl.class = ldub_p(elem.out_sg[0].iov_base);
- ctrl.cmd = ldub_p(elem.out_sg[0].iov_base + sizeof(ctrl.class));
-
- if (ctrl.class == VIRTIO_NET_CTRL_RX_MODE)
- status = virtio_net_handle_rx_mode(n, ctrl.cmd, &elem);
- else if (ctrl.class == VIRTIO_NET_CTRL_MAC)
- status = virtio_net_handle_mac(n, ctrl.cmd, &elem);
- else if (ctrl.class == VIRTIO_NET_CTRL_VLAN)
- status = virtio_net_handle_vlan_table(n, ctrl.cmd, &elem);
-
- stb_p(elem.in_sg[elem.in_num - 1].iov_base, status);
-
- virtqueue_push(vq, &elem, sizeof(status));
- virtio_notify(vdev, vq);
- }
-}
-
-/* RX */
-
-static void virtio_net_handle_rx(VirtIODevice *vdev, VirtQueue *vq)
-{
- VirtIONet *n = to_virtio_net(vdev);
-
- qemu_flush_queued_packets(&n->nic->nc);
-}
-
-static int virtio_net_can_receive(NetClientState *nc)
-{
- VirtIONet *n = DO_UPCAST(NICState, nc, nc)->opaque;
- if (!n->vdev.vm_running) {
- return 0;
- }
-
- if (!virtio_queue_ready(n->rx_vq) ||
- !(n->vdev.status & VIRTIO_CONFIG_S_DRIVER_OK))
- return 0;
-
- return 1;
-}
-
-static int virtio_net_has_buffers(VirtIONet *n, int bufsize)
-{
- if (virtio_queue_empty(n->rx_vq) ||
- (n->mergeable_rx_bufs &&
- !virtqueue_avail_bytes(n->rx_vq, bufsize, 0))) {
- virtio_queue_set_notification(n->rx_vq, 1);
-
- /* To avoid a race condition where the guest has made some buffers
- * available after the above check but before notification was
- * enabled, check for available buffers again.
- */
- if (virtio_queue_empty(n->rx_vq) ||
- (n->mergeable_rx_bufs &&
- !virtqueue_avail_bytes(n->rx_vq, bufsize, 0)))
- return 0;
- }
-
- virtio_queue_set_notification(n->rx_vq, 0);
- return 1;
-}
-
-/* dhclient uses AF_PACKET but doesn't pass auxdata to the kernel so
- * it never finds out that the packets don't have valid checksums. This
- * causes dhclient to get upset. Fedora's carried a patch for ages to
- * fix this with Xen but it hasn't appeared in an upstream release of
- * dhclient yet.
- *
- * To avoid breaking existing guests, we catch udp packets and add
- * checksums. This is terrible but it's better than hacking the guest
- * kernels.
- *
- * N.B. if we introduce a zero-copy API, this operation is no longer free so
- * we should provide a mechanism to disable it to avoid polluting the host
- * cache.
- */
-static void work_around_broken_dhclient(struct virtio_net_hdr *hdr,
- uint8_t *buf, size_t size)
-{
- if ((hdr->flags & VIRTIO_NET_HDR_F_NEEDS_CSUM) && /* missing csum */
- (size > 27 && size < 1500) && /* normal sized MTU */
- (buf[12] == 0x08 && buf[13] == 0x00) && /* ethertype == IPv4 */
- (buf[23] == 17) && /* ip.protocol == UDP */
- (buf[34] == 0 && buf[35] == 67)) { /* udp.srcport == bootps */
- net_checksum_calculate(buf, size);
- hdr->flags &= ~VIRTIO_NET_HDR_F_NEEDS_CSUM;
- }
-}
-
-static void receive_header(VirtIONet *n, const struct iovec *iov, int iov_cnt,
- const void *buf, size_t size)
-{
- if (n->has_vnet_hdr) {
- /* FIXME this cast is evil */
- void *wbuf = (void *)buf;
- work_around_broken_dhclient(wbuf, wbuf + n->host_hdr_len,
- size - n->host_hdr_len);
- iov_from_buf(iov, iov_cnt, 0, buf, sizeof(struct virtio_net_hdr));
- } else {
- struct virtio_net_hdr hdr = {
- .flags = 0,
- .gso_type = VIRTIO_NET_HDR_GSO_NONE
- };
- iov_from_buf(iov, iov_cnt, 0, &hdr, sizeof hdr);
- }
-}
-
-static int receive_filter(VirtIONet *n, const uint8_t *buf, int size)
-{
- static const uint8_t bcast[] = {0xff, 0xff, 0xff, 0xff, 0xff, 0xff};
- static const uint8_t vlan[] = {0x81, 0x00};
- uint8_t *ptr = (uint8_t *)buf;
- int i;
-
- if (n->promisc)
- return 1;
-
- ptr += n->host_hdr_len;
-
- if (!memcmp(&ptr[12], vlan, sizeof(vlan))) {
- int vid = be16_to_cpup((uint16_t *)(ptr + 14)) & 0xfff;
- if (!(n->vlans[vid >> 5] & (1U << (vid & 0x1f))))
- return 0;
- }
-
- if (ptr[0] & 1) { // multicast
- if (!memcmp(ptr, bcast, sizeof(bcast))) {
- return !n->nobcast;
- } else if (n->nomulti) {
- return 0;
- } else if (n->allmulti || n->mac_table.multi_overflow) {
- return 1;
- }
-
- for (i = n->mac_table.first_multi; i < n->mac_table.in_use; i++) {
- if (!memcmp(ptr, &n->mac_table.macs[i * ETH_ALEN], ETH_ALEN)) {
- return 1;
- }
- }
- } else { // unicast
- if (n->nouni) {
- return 0;
- } else if (n->alluni || n->mac_table.uni_overflow) {
- return 1;
- } else if (!memcmp(ptr, n->mac, ETH_ALEN)) {
- return 1;
- }
-
- for (i = 0; i < n->mac_table.first_multi; i++) {
- if (!memcmp(ptr, &n->mac_table.macs[i * ETH_ALEN], ETH_ALEN)) {
- return 1;
- }
- }
- }
-
- return 0;
-}
-
-static ssize_t virtio_net_receive(NetClientState *nc, const uint8_t *buf, size_t size)
-{
- VirtIONet *n = DO_UPCAST(NICState, nc, nc)->opaque;
- struct iovec mhdr_sg[VIRTQUEUE_MAX_SIZE];
- struct virtio_net_hdr_mrg_rxbuf mhdr;
- unsigned mhdr_cnt = 0;
- size_t offset, i, guest_offset;
-
- if (!virtio_net_can_receive(&n->nic->nc))
- return -1;
-
- /* hdr_len refers to the header we supply to the guest */
- if (!virtio_net_has_buffers(n, size + n->guest_hdr_len - n->host_hdr_len))
- return 0;
-
- if (!receive_filter(n, buf, size))
- return size;
-
- offset = i = 0;
-
- while (offset < size) {
- VirtQueueElement elem;
- int len, total;
- const struct iovec *sg = elem.in_sg;
-
- total = 0;
-
- if (virtqueue_pop(n->rx_vq, &elem) == 0) {
- if (i == 0)
- return -1;
- error_report("virtio-net unexpected empty queue: "
- "i %zd mergeable %d offset %zd, size %zd, "
- "guest hdr len %zd, host hdr len %zd guest features 0x%x",
- i, n->mergeable_rx_bufs, offset, size,
- n->guest_hdr_len, n->host_hdr_len, n->vdev.guest_features);
- exit(1);
- }
-
- if (elem.in_num < 1) {
- error_report("virtio-net receive queue contains no in buffers");
- exit(1);
- }
-
- if (i == 0) {
- assert(offset == 0);
- if (n->mergeable_rx_bufs) {
- mhdr_cnt = iov_copy(mhdr_sg, ARRAY_SIZE(mhdr_sg),
- sg, elem.in_num,
- offsetof(typeof(mhdr), num_buffers),
- sizeof(mhdr.num_buffers));
- }
-
- receive_header(n, sg, elem.in_num, buf, size);
- offset = n->host_hdr_len;
- total += n->guest_hdr_len;
- guest_offset = n->guest_hdr_len;
- } else {
- guest_offset = 0;
- }
-
- /* copy in packet. ugh */
- len = iov_from_buf(sg, elem.in_num, guest_offset,
- buf + offset, size - offset);
- total += len;
- offset += len;
- /* If buffers can't be merged, at this point we
- * must have consumed the complete packet.
- * Otherwise, drop it. */
- if (!n->mergeable_rx_bufs && offset < size) {
-#if 0
- error_report("virtio-net truncated non-mergeable packet: "
- "i %zd mergeable %d offset %zd, size %zd, "
- "guest hdr len %zd, host hdr len %zd",
- i, n->mergeable_rx_bufs,
- offset, size, n->guest_hdr_len, n->host_hdr_len);
-#endif
- return size;
- }
-
- /* signal other side */
- virtqueue_fill(n->rx_vq, &elem, total, i++);
- }
-
- if (mhdr_cnt) {
- stw_p(&mhdr.num_buffers, i);
- iov_from_buf(mhdr_sg, mhdr_cnt,
- 0,
- &mhdr.num_buffers, sizeof mhdr.num_buffers);
- }
-
- virtqueue_flush(n->rx_vq, i);
- virtio_notify(&n->vdev, n->rx_vq);
-
- return size;
-}
-
-static int32_t virtio_net_flush_tx(VirtIONet *n, VirtQueue *vq);
-
-static void virtio_net_tx_complete(NetClientState *nc, ssize_t len)
-{
- VirtIONet *n = DO_UPCAST(NICState, nc, nc)->opaque;
-
- virtqueue_push(n->tx_vq, &n->async_tx.elem, 0);
- virtio_notify(&n->vdev, n->tx_vq);
-
- n->async_tx.elem.out_num = n->async_tx.len = 0;
-
- virtio_queue_set_notification(n->tx_vq, 1);
- virtio_net_flush_tx(n, n->tx_vq);
-}
-
-/* TX */
-static int32_t virtio_net_flush_tx(VirtIONet *n, VirtQueue *vq)
-{
- VirtQueueElement elem;
- int32_t num_packets = 0;
- if (!(n->vdev.status & VIRTIO_CONFIG_S_DRIVER_OK)) {
- return num_packets;
- }
-
- assert(n->vdev.vm_running);
-
- if (n->async_tx.elem.out_num) {
- virtio_queue_set_notification(n->tx_vq, 0);
- return num_packets;
- }
-
- while (virtqueue_pop(vq, &elem)) {
- ssize_t ret, len;
- unsigned int out_num = elem.out_num;
- struct iovec *out_sg = &elem.out_sg[0];
- struct iovec sg[VIRTQUEUE_MAX_SIZE];
-
- if (out_num < 1) {
- error_report("virtio-net header not in first element");
- exit(1);
- }
-
- /*
- * If host wants to see the guest header as is, we can
- * pass it on unchanged. Otherwise, copy just the parts
- * that host is interested in.
- */
- assert(n->host_hdr_len <= n->guest_hdr_len);
- if (n->host_hdr_len != n->guest_hdr_len) {
- unsigned sg_num = iov_copy(sg, ARRAY_SIZE(sg),
- out_sg, out_num,
- 0, n->host_hdr_len);
- sg_num += iov_copy(sg + sg_num, ARRAY_SIZE(sg) - sg_num,
- out_sg, out_num,
- n->guest_hdr_len, -1);
- out_num = sg_num;
- out_sg = sg;
- }
-
- len = n->guest_hdr_len;
-
- ret = qemu_sendv_packet_async(&n->nic->nc, out_sg, out_num,
- virtio_net_tx_complete);
- if (ret == 0) {
- virtio_queue_set_notification(n->tx_vq, 0);
- n->async_tx.elem = elem;
- n->async_tx.len = len;
- return -EBUSY;
- }
-
- len += ret;
-
- virtqueue_push(vq, &elem, 0);
- virtio_notify(&n->vdev, vq);
-
- if (++num_packets >= n->tx_burst) {
- break;
- }
- }
- return num_packets;
-}
-
-static void virtio_net_handle_tx_timer(VirtIODevice *vdev, VirtQueue *vq)
-{
- VirtIONet *n = to_virtio_net(vdev);
-
- /* This happens when device was stopped but VCPU wasn't. */
- if (!n->vdev.vm_running) {
- n->tx_waiting = 1;
- return;
- }
-
- if (n->tx_waiting) {
- virtio_queue_set_notification(vq, 1);
- qemu_del_timer(n->tx_timer);
- n->tx_waiting = 0;
- virtio_net_flush_tx(n, vq);
- } else {
- qemu_mod_timer(n->tx_timer,
- qemu_get_clock_ns(vm_clock) + n->tx_timeout);
- n->tx_waiting = 1;
- virtio_queue_set_notification(vq, 0);
- }
-}
-
-static void virtio_net_handle_tx_bh(VirtIODevice *vdev, VirtQueue *vq)
-{
- VirtIONet *n = to_virtio_net(vdev);
-
- if (unlikely(n->tx_waiting)) {
- return;
- }
- n->tx_waiting = 1;
- /* This happens when device was stopped but VCPU wasn't. */
- if (!n->vdev.vm_running) {
- return;
- }
- virtio_queue_set_notification(vq, 0);
- qemu_bh_schedule(n->tx_bh);
-}
-
-static void virtio_net_tx_timer(void *opaque)
-{
- VirtIONet *n = opaque;
- assert(n->vdev.vm_running);
-
- n->tx_waiting = 0;
-
- /* Just in case the driver is not ready on more */
- if (!(n->vdev.status & VIRTIO_CONFIG_S_DRIVER_OK))
- return;
-
- virtio_queue_set_notification(n->tx_vq, 1);
- virtio_net_flush_tx(n, n->tx_vq);
-}
-
-static void virtio_net_tx_bh(void *opaque)
-{
- VirtIONet *n = opaque;
- int32_t ret;
-
- assert(n->vdev.vm_running);
-
- n->tx_waiting = 0;
-
- /* Just in case the driver is not ready on more */
- if (unlikely(!(n->vdev.status & VIRTIO_CONFIG_S_DRIVER_OK)))
- return;
-
- ret = virtio_net_flush_tx(n, n->tx_vq);
- if (ret == -EBUSY) {
- return; /* Notification re-enable handled by tx_complete */
- }
-
- /* If we flush a full burst of packets, assume there are
- * more coming and immediately reschedule */
- if (ret >= n->tx_burst) {
- qemu_bh_schedule(n->tx_bh);
- n->tx_waiting = 1;
- return;
- }
-
- /* If less than a full burst, re-enable notification and flush
- * anything that may have come in while we weren't looking. If
- * we find something, assume the guest is still active and reschedule */
- virtio_queue_set_notification(n->tx_vq, 1);
- if (virtio_net_flush_tx(n, n->tx_vq) > 0) {
- virtio_queue_set_notification(n->tx_vq, 0);
- qemu_bh_schedule(n->tx_bh);
- n->tx_waiting = 1;
- }
-}
-
-static void virtio_net_save(QEMUFile *f, void *opaque)
-{
- VirtIONet *n = opaque;
-
- /* At this point, backend must be stopped, otherwise
- * it might keep writing to memory. */
- assert(!n->vhost_started);
- virtio_save(&n->vdev, f);
-
- qemu_put_buffer(f, n->mac, ETH_ALEN);
- qemu_put_be32(f, n->tx_waiting);
- qemu_put_be32(f, n->mergeable_rx_bufs);
- qemu_put_be16(f, n->status);
- qemu_put_byte(f, n->promisc);
- qemu_put_byte(f, n->allmulti);
- qemu_put_be32(f, n->mac_table.in_use);
- qemu_put_buffer(f, n->mac_table.macs, n->mac_table.in_use * ETH_ALEN);
- qemu_put_buffer(f, (uint8_t *)n->vlans, MAX_VLAN >> 3);
- qemu_put_be32(f, n->has_vnet_hdr);
- qemu_put_byte(f, n->mac_table.multi_overflow);
- qemu_put_byte(f, n->mac_table.uni_overflow);
- qemu_put_byte(f, n->alluni);
- qemu_put_byte(f, n->nomulti);
- qemu_put_byte(f, n->nouni);
- qemu_put_byte(f, n->nobcast);
- qemu_put_byte(f, n->has_ufo);
-}
-
-static int virtio_net_load(QEMUFile *f, void *opaque, int version_id)
-{
- VirtIONet *n = opaque;
- int i;
- int ret;
-
- if (version_id < 2 || version_id > VIRTIO_NET_VM_VERSION)
- return -EINVAL;
-
- ret = virtio_load(&n->vdev, f);
- if (ret) {
- return ret;
- }
-
- qemu_get_buffer(f, n->mac, ETH_ALEN);
- n->tx_waiting = qemu_get_be32(f);
-
- virtio_net_set_mrg_rx_bufs(n, qemu_get_be32(f));
-
- if (version_id >= 3)
- n->status = qemu_get_be16(f);
-
- if (version_id >= 4) {
- if (version_id < 8) {
- n->promisc = qemu_get_be32(f);
- n->allmulti = qemu_get_be32(f);
- } else {
- n->promisc = qemu_get_byte(f);
- n->allmulti = qemu_get_byte(f);
- }
- }
-
- if (version_id >= 5) {
- n->mac_table.in_use = qemu_get_be32(f);
- /* MAC_TABLE_ENTRIES may be different from the saved image */
- if (n->mac_table.in_use <= MAC_TABLE_ENTRIES) {
- qemu_get_buffer(f, n->mac_table.macs,
- n->mac_table.in_use * ETH_ALEN);
- } else if (n->mac_table.in_use) {
- uint8_t *buf = g_malloc0(n->mac_table.in_use);
- qemu_get_buffer(f, buf, n->mac_table.in_use * ETH_ALEN);
- g_free(buf);
- n->mac_table.multi_overflow = n->mac_table.uni_overflow = 1;
- n->mac_table.in_use = 0;
- }
- }
-
- if (version_id >= 6)
- qemu_get_buffer(f, (uint8_t *)n->vlans, MAX_VLAN >> 3);
-
- if (version_id >= 7) {
- if (qemu_get_be32(f) && !peer_has_vnet_hdr(n)) {
- error_report("virtio-net: saved image requires vnet_hdr=on");
- return -1;
- }
-
- if (n->has_vnet_hdr) {
- tap_set_offload(n->nic->nc.peer,
- (n->vdev.guest_features >> VIRTIO_NET_F_GUEST_CSUM) & 1,
- (n->vdev.guest_features >> VIRTIO_NET_F_GUEST_TSO4) & 1,
- (n->vdev.guest_features >> VIRTIO_NET_F_GUEST_TSO6) & 1,
- (n->vdev.guest_features >> VIRTIO_NET_F_GUEST_ECN) & 1,
- (n->vdev.guest_features >> VIRTIO_NET_F_GUEST_UFO) & 1);
- }
- }
-
- if (version_id >= 9) {
- n->mac_table.multi_overflow = qemu_get_byte(f);
- n->mac_table.uni_overflow = qemu_get_byte(f);
- }
-
- if (version_id >= 10) {
- n->alluni = qemu_get_byte(f);
- n->nomulti = qemu_get_byte(f);
- n->nouni = qemu_get_byte(f);
- n->nobcast = qemu_get_byte(f);
- }
-
- if (version_id >= 11) {
- if (qemu_get_byte(f) && !peer_has_ufo(n)) {
- error_report("virtio-net: saved image requires TUN_F_UFO support");
- return -1;
- }
- }
-
- /* Find the first multicast entry in the saved MAC filter */
- for (i = 0; i < n->mac_table.in_use; i++) {
- if (n->mac_table.macs[i * ETH_ALEN] & 1) {
- break;
- }
- }
- n->mac_table.first_multi = i;
-
- /* nc.link_down can't be migrated, so infer link_down according
- * to link status bit in n->status */
- n->nic->nc.link_down = (n->status & VIRTIO_NET_S_LINK_UP) == 0;
-
- return 0;
-}
-
-static void virtio_net_cleanup(NetClientState *nc)
-{
- VirtIONet *n = DO_UPCAST(NICState, nc, nc)->opaque;
-
- n->nic = NULL;
-}
-
-static NetClientInfo net_virtio_info = {
- .type = NET_CLIENT_OPTIONS_KIND_NIC,
- .size = sizeof(NICState),
- .can_receive = virtio_net_can_receive,
- .receive = virtio_net_receive,
- .cleanup = virtio_net_cleanup,
- .link_status_changed = virtio_net_set_link_status,
-};
-
-VirtIODevice *virtio_net_init(DeviceState *dev, NICConf *conf,
- virtio_net_conf *net)
-{
- VirtIONet *n;
-
- n = (VirtIONet *)virtio_common_init("virtio-net", VIRTIO_ID_NET,
- sizeof(struct virtio_net_config),
- sizeof(VirtIONet));
-
- n->vdev.get_config = virtio_net_get_config;
- n->vdev.set_config = virtio_net_set_config;
- n->vdev.get_features = virtio_net_get_features;
- n->vdev.set_features = virtio_net_set_features;
- n->vdev.bad_features = virtio_net_bad_features;
- n->vdev.reset = virtio_net_reset;
- n->vdev.set_status = virtio_net_set_status;
- n->rx_vq = virtio_add_queue(&n->vdev, 256, virtio_net_handle_rx);
-
- if (net->tx && strcmp(net->tx, "timer") && strcmp(net->tx, "bh")) {
- error_report("virtio-net: "
- "Unknown option tx=%s, valid options: \"timer\" \"bh\"",
- net->tx);
- error_report("Defaulting to \"bh\"");
- }
-
- if (net->tx && !strcmp(net->tx, "timer")) {
- n->tx_vq = virtio_add_queue(&n->vdev, 256, virtio_net_handle_tx_timer);
- n->tx_timer = qemu_new_timer_ns(vm_clock, virtio_net_tx_timer, n);
- n->tx_timeout = net->txtimer;
- } else {
- n->tx_vq = virtio_add_queue(&n->vdev, 256, virtio_net_handle_tx_bh);
- n->tx_bh = qemu_bh_new(virtio_net_tx_bh, n);
- }
- n->ctrl_vq = virtio_add_queue(&n->vdev, 64, virtio_net_handle_ctrl);
- qemu_macaddr_default_if_unset(&conf->macaddr);
- memcpy(&n->mac[0], &conf->macaddr, sizeof(n->mac));
- n->status = VIRTIO_NET_S_LINK_UP;
-
- n->nic = qemu_new_nic(&net_virtio_info, conf, object_get_typename(OBJECT(dev)), dev->id, n);
- peer_test_vnet_hdr(n);
- if (peer_has_vnet_hdr(n)) {
- tap_using_vnet_hdr(n->nic->nc.peer, 1);
- n->host_hdr_len = sizeof(struct virtio_net_hdr);
- } else {
- n->host_hdr_len = 0;
- }
-
- qemu_format_nic_info_str(&n->nic->nc, conf->macaddr.a);
-
- n->tx_waiting = 0;
- n->tx_burst = net->txburst;
- virtio_net_set_mrg_rx_bufs(n, 0);
- n->promisc = 1; /* for compatibility */
-
- n->mac_table.macs = g_malloc0(MAC_TABLE_ENTRIES * ETH_ALEN);
-
- n->vlans = g_malloc0(MAX_VLAN >> 3);
-
- n->qdev = dev;
- register_savevm(dev, "virtio-net", -1, VIRTIO_NET_VM_VERSION,
- virtio_net_save, virtio_net_load, n);
-
- add_boot_device_path(conf->bootindex, dev, "/ethernet-phy@0");
-
- return &n->vdev;
-}
-
-void virtio_net_exit(VirtIODevice *vdev)
-{
- VirtIONet *n = DO_UPCAST(VirtIONet, vdev, vdev);
-
- /* This will stop vhost backend if appropriate. */
- virtio_net_set_status(vdev, 0);
-
- qemu_purge_queued_packets(&n->nic->nc);
-
- unregister_savevm(n->qdev, "virtio-net", n);
-
- g_free(n->mac_table.macs);
- g_free(n->vlans);
-
- if (n->tx_timer) {
- qemu_del_timer(n->tx_timer);
- qemu_free_timer(n->tx_timer);
- } else {
- qemu_bh_delete(n->tx_bh);
- }
-
- qemu_del_net_client(&n->nic->nc);
- virtio_cleanup(&n->vdev);
-}
diff --git a/hw/virtio-net.h b/hw/virtio-net.h
deleted file mode 100644
index 36aa46381..000000000
--- a/hw/virtio-net.h
+++ /dev/null
@@ -1,190 +0,0 @@
-/*
- * Virtio Network Device
- *
- * Copyright IBM, Corp. 2007
- *
- * Authors:
- * Anthony Liguori <aliguori@us.ibm.com>
- *
- * This work is licensed under the terms of the GNU GPL, version 2. See
- * the COPYING file in the top-level directory.
- *
- */
-
-#ifndef _QEMU_VIRTIO_NET_H
-#define _QEMU_VIRTIO_NET_H
-
-#include "virtio.h"
-#include "net.h"
-#include "pci.h"
-
-#define ETH_ALEN 6
-
-/* from Linux's virtio_net.h */
-
-/* The ID for virtio_net */
-#define VIRTIO_ID_NET 1
-
-/* The feature bitmap for virtio net */
-#define VIRTIO_NET_F_CSUM 0 /* Host handles pkts w/ partial csum */
-#define VIRTIO_NET_F_GUEST_CSUM 1 /* Guest handles pkts w/ partial csum */
-#define VIRTIO_NET_F_MAC 5 /* Host has given MAC address. */
-#define VIRTIO_NET_F_GSO 6 /* Host handles pkts w/ any GSO type */
-#define VIRTIO_NET_F_GUEST_TSO4 7 /* Guest can handle TSOv4 in. */
-#define VIRTIO_NET_F_GUEST_TSO6 8 /* Guest can handle TSOv6 in. */
-#define VIRTIO_NET_F_GUEST_ECN 9 /* Guest can handle TSO[6] w/ ECN in. */
-#define VIRTIO_NET_F_GUEST_UFO 10 /* Guest can handle UFO in. */
-#define VIRTIO_NET_F_HOST_TSO4 11 /* Host can handle TSOv4 in. */
-#define VIRTIO_NET_F_HOST_TSO6 12 /* Host can handle TSOv6 in. */
-#define VIRTIO_NET_F_HOST_ECN 13 /* Host can handle TSO[6] w/ ECN in. */
-#define VIRTIO_NET_F_HOST_UFO 14 /* Host can handle UFO in. */
-#define VIRTIO_NET_F_MRG_RXBUF 15 /* Host can merge receive buffers. */
-#define VIRTIO_NET_F_STATUS 16 /* virtio_net_config.status available */
-#define VIRTIO_NET_F_CTRL_VQ 17 /* Control channel available */
-#define VIRTIO_NET_F_CTRL_RX 18 /* Control channel RX mode support */
-#define VIRTIO_NET_F_CTRL_VLAN 19 /* Control channel VLAN filtering */
-#define VIRTIO_NET_F_CTRL_RX_EXTRA 20 /* Extra RX mode control support */
-
-#define VIRTIO_NET_S_LINK_UP 1 /* Link is up */
-
-#define TX_TIMER_INTERVAL 150000 /* 150 us */
-
-/* Limit the number of packets that can be sent via a single flush
- * of the TX queue. This gives us a guaranteed exit condition and
- * ensures fairness in the io path. 256 conveniently matches the
- * length of the TX queue and shows a good balance of performance
- * and latency. */
-#define TX_BURST 256
-
-typedef struct virtio_net_conf
-{
- uint32_t txtimer;
- int32_t txburst;
- char *tx;
-} virtio_net_conf;
-
-/* Maximum packet size we can receive from tap device: header + 64k */
-#define VIRTIO_NET_MAX_BUFSIZE (sizeof(struct virtio_net_hdr) + (64 << 10))
-
-struct virtio_net_config
-{
- /* The config defining mac address ($ETH_ALEN bytes) */
- uint8_t mac[ETH_ALEN];
- /* See VIRTIO_NET_F_STATUS and VIRTIO_NET_S_* above */
- uint16_t status;
-} QEMU_PACKED;
-
-/* This is the first element of the scatter-gather list. If you don't
- * specify GSO or CSUM features, you can simply ignore the header. */
-struct virtio_net_hdr
-{
-#define VIRTIO_NET_HDR_F_NEEDS_CSUM 1 // Use csum_start, csum_offset
-#define VIRTIO_NET_HDR_F_DATA_VALID 2 // Csum is valid
- uint8_t flags;
-#define VIRTIO_NET_HDR_GSO_NONE 0 // Not a GSO frame
-#define VIRTIO_NET_HDR_GSO_TCPV4 1 // GSO frame, IPv4 TCP (TSO)
-#define VIRTIO_NET_HDR_GSO_UDP 3 // GSO frame, IPv4 UDP (UFO)
-#define VIRTIO_NET_HDR_GSO_TCPV6 4 // GSO frame, IPv6 TCP
-#define VIRTIO_NET_HDR_GSO_ECN 0x80 // TCP has ECN set
- uint8_t gso_type;
- uint16_t hdr_len;
- uint16_t gso_size;
- uint16_t csum_start;
- uint16_t csum_offset;
-};
-
-/* This is the version of the header to use when the MRG_RXBUF
- * feature has been negotiated. */
-struct virtio_net_hdr_mrg_rxbuf
-{
- struct virtio_net_hdr hdr;
- uint16_t num_buffers; /* Number of merged rx buffers */
-};
-
-/*
- * Control virtqueue data structures
- *
- * The control virtqueue expects a header in the first sg entry
- * and an ack/status response in the last entry. Data for the
- * command goes in between.
- */
-struct virtio_net_ctrl_hdr {
- uint8_t class;
- uint8_t cmd;
-};
-
-typedef uint8_t virtio_net_ctrl_ack;
-
-#define VIRTIO_NET_OK 0
-#define VIRTIO_NET_ERR 1
-
-/*
- * Control the RX mode, ie. promisucous, allmulti, etc...
- * All commands require an "out" sg entry containing a 1 byte
- * state value, zero = disable, non-zero = enable. Commands
- * 0 and 1 are supported with the VIRTIO_NET_F_CTRL_RX feature.
- * Commands 2-5 are added with VIRTIO_NET_F_CTRL_RX_EXTRA.
- */
-#define VIRTIO_NET_CTRL_RX_MODE 0
- #define VIRTIO_NET_CTRL_RX_MODE_PROMISC 0
- #define VIRTIO_NET_CTRL_RX_MODE_ALLMULTI 1
- #define VIRTIO_NET_CTRL_RX_MODE_ALLUNI 2
- #define VIRTIO_NET_CTRL_RX_MODE_NOMULTI 3
- #define VIRTIO_NET_CTRL_RX_MODE_NOUNI 4
- #define VIRTIO_NET_CTRL_RX_MODE_NOBCAST 5
-
-/*
- * Control the MAC filter table.
- *
- * The MAC filter table is managed by the hypervisor, the guest should
- * assume the size is infinite. Filtering should be considered
- * non-perfect, ie. based on hypervisor resources, the guest may
- * received packets from sources not specified in the filter list.
- *
- * In addition to the class/cmd header, the TABLE_SET command requires
- * two out scatterlists. Each contains a 4 byte count of entries followed
- * by a concatenated byte stream of the ETH_ALEN MAC addresses. The
- * first sg list contains unicast addresses, the second is for multicast.
- * This functionality is present if the VIRTIO_NET_F_CTRL_RX feature
- * is available.
- */
-struct virtio_net_ctrl_mac {
- uint32_t entries;
- uint8_t macs[][ETH_ALEN];
-};
-#define VIRTIO_NET_CTRL_MAC 1
- #define VIRTIO_NET_CTRL_MAC_TABLE_SET 0
-
-/*
- * Control VLAN filtering
- *
- * The VLAN filter table is controlled via a simple ADD/DEL interface.
- * VLAN IDs not added may be filterd by the hypervisor. Del is the
- * opposite of add. Both commands expect an out entry containing a 2
- * byte VLAN ID. VLAN filterting is available with the
- * VIRTIO_NET_F_CTRL_VLAN feature bit.
- */
-#define VIRTIO_NET_CTRL_VLAN 2
- #define VIRTIO_NET_CTRL_VLAN_ADD 0
- #define VIRTIO_NET_CTRL_VLAN_DEL 1
-
-#define DEFINE_VIRTIO_NET_FEATURES(_state, _field) \
- DEFINE_VIRTIO_COMMON_FEATURES(_state, _field), \
- DEFINE_PROP_BIT("csum", _state, _field, VIRTIO_NET_F_CSUM, true), \
- DEFINE_PROP_BIT("guest_csum", _state, _field, VIRTIO_NET_F_GUEST_CSUM, true), \
- DEFINE_PROP_BIT("gso", _state, _field, VIRTIO_NET_F_GSO, true), \
- DEFINE_PROP_BIT("guest_tso4", _state, _field, VIRTIO_NET_F_GUEST_TSO4, true), \
- DEFINE_PROP_BIT("guest_tso6", _state, _field, VIRTIO_NET_F_GUEST_TSO6, true), \
- DEFINE_PROP_BIT("guest_ecn", _state, _field, VIRTIO_NET_F_GUEST_ECN, true), \
- DEFINE_PROP_BIT("guest_ufo", _state, _field, VIRTIO_NET_F_GUEST_UFO, true), \
- DEFINE_PROP_BIT("host_tso4", _state, _field, VIRTIO_NET_F_HOST_TSO4, true), \
- DEFINE_PROP_BIT("host_tso6", _state, _field, VIRTIO_NET_F_HOST_TSO6, true), \
- DEFINE_PROP_BIT("host_ecn", _state, _field, VIRTIO_NET_F_HOST_ECN, true), \
- DEFINE_PROP_BIT("host_ufo", _state, _field, VIRTIO_NET_F_HOST_UFO, true), \
- DEFINE_PROP_BIT("mrg_rxbuf", _state, _field, VIRTIO_NET_F_MRG_RXBUF, true), \
- DEFINE_PROP_BIT("status", _state, _field, VIRTIO_NET_F_STATUS, true), \
- DEFINE_PROP_BIT("ctrl_vq", _state, _field, VIRTIO_NET_F_CTRL_VQ, true), \
- DEFINE_PROP_BIT("ctrl_rx", _state, _field, VIRTIO_NET_F_CTRL_RX, true), \
- DEFINE_PROP_BIT("ctrl_vlan", _state, _field, VIRTIO_NET_F_CTRL_VLAN, true), \
- DEFINE_PROP_BIT("ctrl_rx_extra", _state, _field, VIRTIO_NET_F_CTRL_RX_EXTRA, true)
-#endif
diff --git a/hw/virtio-pci.c b/hw/virtio-pci.c
deleted file mode 100644
index 71f4fb5dc..000000000
--- a/hw/virtio-pci.c
+++ /dev/null
@@ -1,1131 +0,0 @@
-/*
- * Virtio PCI Bindings
- *
- * Copyright IBM, Corp. 2007
- * Copyright (c) 2009 CodeSourcery
- *
- * Authors:
- * Anthony Liguori <aliguori@us.ibm.com>
- * Paul Brook <paul@codesourcery.com>
- *
- * This work is licensed under the terms of the GNU GPL, version 2. See
- * the COPYING file in the top-level directory.
- *
- * Contributions after 2012-01-13 are licensed under the terms of the
- * GNU GPL, version 2 or (at your option) any later version.
- */
-
-#include <inttypes.h>
-
-#include "virtio.h"
-#include "virtio-blk.h"
-#include "virtio-net.h"
-#include "virtio-serial.h"
-#include "virtio-scsi.h"
-#include "pci.h"
-#include "qemu-error.h"
-#include "msi.h"
-#include "msix.h"
-#include "net.h"
-#include "loader.h"
-#include "kvm.h"
-#include "blockdev.h"
-#include "virtio-pci.h"
-#include "range.h"
-
-/* from Linux's linux/virtio_pci.h */
-
-/* A 32-bit r/o bitmask of the features supported by the host */
-#define VIRTIO_PCI_HOST_FEATURES 0
-
-/* A 32-bit r/w bitmask of features activated by the guest */
-#define VIRTIO_PCI_GUEST_FEATURES 4
-
-/* A 32-bit r/w PFN for the currently selected queue */
-#define VIRTIO_PCI_QUEUE_PFN 8
-
-/* A 16-bit r/o queue size for the currently selected queue */
-#define VIRTIO_PCI_QUEUE_NUM 12
-
-/* A 16-bit r/w queue selector */
-#define VIRTIO_PCI_QUEUE_SEL 14
-
-/* A 16-bit r/w queue notifier */
-#define VIRTIO_PCI_QUEUE_NOTIFY 16
-
-/* An 8-bit device status register. */
-#define VIRTIO_PCI_STATUS 18
-
-/* An 8-bit r/o interrupt status register. Reading the value will return the
- * current contents of the ISR and will also clear it. This is effectively
- * a read-and-acknowledge. */
-#define VIRTIO_PCI_ISR 19
-
-/* MSI-X registers: only enabled if MSI-X is enabled. */
-/* A 16-bit vector for configuration changes. */
-#define VIRTIO_MSI_CONFIG_VECTOR 20
-/* A 16-bit vector for selected queue notifications. */
-#define VIRTIO_MSI_QUEUE_VECTOR 22
-
-/* Config space size */
-#define VIRTIO_PCI_CONFIG_NOMSI 20
-#define VIRTIO_PCI_CONFIG_MSI 24
-#define VIRTIO_PCI_REGION_SIZE(dev) (msix_present(dev) ? \
- VIRTIO_PCI_CONFIG_MSI : \
- VIRTIO_PCI_CONFIG_NOMSI)
-
-/* The remaining space is defined by each driver as the per-driver
- * configuration space */
-#define VIRTIO_PCI_CONFIG(dev) (msix_enabled(dev) ? \
- VIRTIO_PCI_CONFIG_MSI : \
- VIRTIO_PCI_CONFIG_NOMSI)
-
-/* How many bits to shift physical queue address written to QUEUE_PFN.
- * 12 is historical, and due to x86 page size. */
-#define VIRTIO_PCI_QUEUE_ADDR_SHIFT 12
-
-/* Flags track per-device state like workarounds for quirks in older guests. */
-#define VIRTIO_PCI_FLAG_BUS_MASTER_BUG (1 << 0)
-
-/* QEMU doesn't strictly need write barriers since everything runs in
- * lock-step. We'll leave the calls to wmb() in though to make it obvious for
- * KVM or if kqemu gets SMP support.
- */
-#define wmb() do { } while (0)
-
-/* HACK for virtio to determine if it's running a big endian guest */
-bool virtio_is_big_endian(void);
-
-/* virtio device */
-
-static void virtio_pci_notify(void *opaque, uint16_t vector)
-{
- VirtIOPCIProxy *proxy = opaque;
- if (msix_enabled(&proxy->pci_dev))
- msix_notify(&proxy->pci_dev, vector);
- else
- qemu_set_irq(proxy->pci_dev.irq[0], proxy->vdev->isr & 1);
-}
-
-static void virtio_pci_save_config(void * opaque, QEMUFile *f)
-{
- VirtIOPCIProxy *proxy = opaque;
- pci_device_save(&proxy->pci_dev, f);
- msix_save(&proxy->pci_dev, f);
- if (msix_present(&proxy->pci_dev))
- qemu_put_be16(f, proxy->vdev->config_vector);
-}
-
-static void virtio_pci_save_queue(void * opaque, int n, QEMUFile *f)
-{
- VirtIOPCIProxy *proxy = opaque;
- if (msix_present(&proxy->pci_dev))
- qemu_put_be16(f, virtio_queue_vector(proxy->vdev, n));
-}
-
-static int virtio_pci_load_config(void * opaque, QEMUFile *f)
-{
- VirtIOPCIProxy *proxy = opaque;
- int ret;
- ret = pci_device_load(&proxy->pci_dev, f);
- if (ret) {
- return ret;
- }
- msix_unuse_all_vectors(&proxy->pci_dev);
- msix_load(&proxy->pci_dev, f);
- if (msix_present(&proxy->pci_dev)) {
- qemu_get_be16s(f, &proxy->vdev->config_vector);
- } else {
- proxy->vdev->config_vector = VIRTIO_NO_VECTOR;
- }
- if (proxy->vdev->config_vector != VIRTIO_NO_VECTOR) {
- return msix_vector_use(&proxy->pci_dev, proxy->vdev->config_vector);
- }
- return 0;
-}
-
-static int virtio_pci_load_queue(void * opaque, int n, QEMUFile *f)
-{
- VirtIOPCIProxy *proxy = opaque;
- uint16_t vector;
- if (msix_present(&proxy->pci_dev)) {
- qemu_get_be16s(f, &vector);
- } else {
- vector = VIRTIO_NO_VECTOR;
- }
- virtio_queue_set_vector(proxy->vdev, n, vector);
- if (vector != VIRTIO_NO_VECTOR) {
- return msix_vector_use(&proxy->pci_dev, vector);
- }
- return 0;
-}
-
-static int virtio_pci_set_host_notifier_internal(VirtIOPCIProxy *proxy,
- int n, bool assign, bool set_handler)
-{
- VirtQueue *vq = virtio_get_queue(proxy->vdev, n);
- EventNotifier *notifier = virtio_queue_get_host_notifier(vq);
- int r = 0;
-
- if (assign) {
- r = event_notifier_init(notifier, 1);
- if (r < 0) {
- error_report("%s: unable to init event notifier: %d",
- __func__, r);
- return r;
- }
- virtio_queue_set_host_notifier_fd_handler(vq, true, set_handler);
- memory_region_add_eventfd(&proxy->bar, VIRTIO_PCI_QUEUE_NOTIFY, 2,
- true, n, notifier);
- } else {
- memory_region_del_eventfd(&proxy->bar, VIRTIO_PCI_QUEUE_NOTIFY, 2,
- true, n, notifier);
- virtio_queue_set_host_notifier_fd_handler(vq, false, false);
- event_notifier_cleanup(notifier);
- }
- return r;
-}
-
-static void virtio_pci_start_ioeventfd(VirtIOPCIProxy *proxy)
-{
- int n, r;
-
- if (!(proxy->flags & VIRTIO_PCI_FLAG_USE_IOEVENTFD) ||
- proxy->ioeventfd_disabled ||
- proxy->ioeventfd_started) {
- return;
- }
-
- for (n = 0; n < VIRTIO_PCI_QUEUE_MAX; n++) {
- if (!virtio_queue_get_num(proxy->vdev, n)) {
- continue;
- }
-
- r = virtio_pci_set_host_notifier_internal(proxy, n, true, true);
- if (r < 0) {
- goto assign_error;
- }
- }
- proxy->ioeventfd_started = true;
- return;
-
-assign_error:
- while (--n >= 0) {
- if (!virtio_queue_get_num(proxy->vdev, n)) {
- continue;
- }
-
- r = virtio_pci_set_host_notifier_internal(proxy, n, false, false);
- assert(r >= 0);
- }
- proxy->ioeventfd_started = false;
- error_report("%s: failed. Fallback to a userspace (slower).", __func__);
-}
-
-static void virtio_pci_stop_ioeventfd(VirtIOPCIProxy *proxy)
-{
- int r;
- int n;
-
- if (!proxy->ioeventfd_started) {
- return;
- }
-
- for (n = 0; n < VIRTIO_PCI_QUEUE_MAX; n++) {
- if (!virtio_queue_get_num(proxy->vdev, n)) {
- continue;
- }
-
- r = virtio_pci_set_host_notifier_internal(proxy, n, false, false);
- assert(r >= 0);
- }
- proxy->ioeventfd_started = false;
-}
-
-void virtio_pci_reset(DeviceState *d)
-{
- VirtIOPCIProxy *proxy = container_of(d, VirtIOPCIProxy, pci_dev.qdev);
- virtio_pci_stop_ioeventfd(proxy);
- virtio_reset(proxy->vdev);
- msix_unuse_all_vectors(&proxy->pci_dev);
- proxy->flags &= ~VIRTIO_PCI_FLAG_BUS_MASTER_BUG;
-}
-
-static void virtio_ioport_write(void *opaque, uint32_t addr, uint32_t val)
-{
- VirtIOPCIProxy *proxy = opaque;
- VirtIODevice *vdev = proxy->vdev;
- hwaddr pa;
-
- switch (addr) {
- case VIRTIO_PCI_GUEST_FEATURES:
- /* Guest does not negotiate properly? We have to assume nothing. */
- if (val & (1 << VIRTIO_F_BAD_FEATURE)) {
- val = vdev->bad_features ? vdev->bad_features(vdev) : 0;
- }
- virtio_set_features(vdev, val);
- break;
- case VIRTIO_PCI_QUEUE_PFN:
- pa = (hwaddr)val << VIRTIO_PCI_QUEUE_ADDR_SHIFT;
- if (pa == 0) {
- virtio_pci_stop_ioeventfd(proxy);
- virtio_reset(proxy->vdev);
- msix_unuse_all_vectors(&proxy->pci_dev);
- }
- else
- virtio_queue_set_addr(vdev, vdev->queue_sel, pa);
- break;
- case VIRTIO_PCI_QUEUE_SEL:
- if (val < VIRTIO_PCI_QUEUE_MAX)
- vdev->queue_sel = val;
- break;
- case VIRTIO_PCI_QUEUE_NOTIFY:
- if (val < VIRTIO_PCI_QUEUE_MAX) {
- virtio_queue_notify(vdev, val);
- }
- break;
- case VIRTIO_PCI_STATUS:
- if (!(val & VIRTIO_CONFIG_S_DRIVER_OK)) {
- virtio_pci_stop_ioeventfd(proxy);
- }
-
- virtio_set_status(vdev, val & 0xFF);
-
- if (val & VIRTIO_CONFIG_S_DRIVER_OK) {
- virtio_pci_start_ioeventfd(proxy);
- }
-
- if (vdev->status == 0) {
- virtio_reset(proxy->vdev);
- msix_unuse_all_vectors(&proxy->pci_dev);
- }
-
- /* Linux before 2.6.34 sets the device as OK without enabling
- the PCI device bus master bit. In this case we need to disable
- some safety checks. */
- if ((val & VIRTIO_CONFIG_S_DRIVER_OK) &&
- !(proxy->pci_dev.config[PCI_COMMAND] & PCI_COMMAND_MASTER)) {
- proxy->flags |= VIRTIO_PCI_FLAG_BUS_MASTER_BUG;
- }
- break;
- case VIRTIO_MSI_CONFIG_VECTOR:
- msix_vector_unuse(&proxy->pci_dev, vdev->config_vector);
- /* Make it possible for guest to discover an error took place. */
- if (msix_vector_use(&proxy->pci_dev, val) < 0)
- val = VIRTIO_NO_VECTOR;
- vdev->config_vector = val;
- break;
- case VIRTIO_MSI_QUEUE_VECTOR:
- msix_vector_unuse(&proxy->pci_dev,
- virtio_queue_vector(vdev, vdev->queue_sel));
- /* Make it possible for guest to discover an error took place. */
- if (msix_vector_use(&proxy->pci_dev, val) < 0)
- val = VIRTIO_NO_VECTOR;
- virtio_queue_set_vector(vdev, vdev->queue_sel, val);
- break;
- default:
- error_report("%s: unexpected address 0x%x value 0x%x",
- __func__, addr, val);
- break;
- }
-}
-
-static uint32_t virtio_ioport_read(VirtIOPCIProxy *proxy, uint32_t addr)
-{
- VirtIODevice *vdev = proxy->vdev;
- uint32_t ret = 0xFFFFFFFF;
-
- switch (addr) {
- case VIRTIO_PCI_HOST_FEATURES:
- ret = proxy->host_features;
- break;
- case VIRTIO_PCI_GUEST_FEATURES:
- ret = vdev->guest_features;
- break;
- case VIRTIO_PCI_QUEUE_PFN:
- ret = virtio_queue_get_addr(vdev, vdev->queue_sel)
- >> VIRTIO_PCI_QUEUE_ADDR_SHIFT;
- break;
- case VIRTIO_PCI_QUEUE_NUM:
- ret = virtio_queue_get_num(vdev, vdev->queue_sel);
- break;
- case VIRTIO_PCI_QUEUE_SEL:
- ret = vdev->queue_sel;
- break;
- case VIRTIO_PCI_STATUS:
- ret = vdev->status;
- break;
- case VIRTIO_PCI_ISR:
- /* reading from the ISR also clears it. */
- ret = vdev->isr;
- vdev->isr = 0;
- qemu_set_irq(proxy->pci_dev.irq[0], 0);
- break;
- case VIRTIO_MSI_CONFIG_VECTOR:
- ret = vdev->config_vector;
- break;
- case VIRTIO_MSI_QUEUE_VECTOR:
- ret = virtio_queue_vector(vdev, vdev->queue_sel);
- break;
- default:
- break;
- }
-
- return ret;
-}
-
-static uint64_t virtio_pci_config_read(void *opaque, hwaddr addr,
- unsigned size)
-{
- VirtIOPCIProxy *proxy = opaque;
- uint32_t config = VIRTIO_PCI_CONFIG(&proxy->pci_dev);
- uint64_t val = 0;
- if (addr < config) {
- return virtio_ioport_read(proxy, addr);
- }
- addr -= config;
-
- switch (size) {
- case 1:
- val = virtio_config_readb(proxy->vdev, addr);
- break;
- case 2:
- val = virtio_config_readw(proxy->vdev, addr);
- if (virtio_is_big_endian()) {
- val = bswap16(val);
- }
- break;
- case 4:
- val = virtio_config_readl(proxy->vdev, addr);
- if (virtio_is_big_endian()) {
- val = bswap32(val);
- }
- break;
- }
- return val;
-}
-
-static void virtio_pci_config_write(void *opaque, hwaddr addr,
- uint64_t val, unsigned size)
-{
- VirtIOPCIProxy *proxy = opaque;
- uint32_t config = VIRTIO_PCI_CONFIG(&proxy->pci_dev);
- if (addr < config) {
- virtio_ioport_write(proxy, addr, val);
- return;
- }
- addr -= config;
- /*
- * Virtio-PCI is odd. Ioports are LE but config space is target native
- * endian.
- */
- switch (size) {
- case 1:
- virtio_config_writeb(proxy->vdev, addr, val);
- break;
- case 2:
- if (virtio_is_big_endian()) {
- val = bswap16(val);
- }
- virtio_config_writew(proxy->vdev, addr, val);
- break;
- case 4:
- if (virtio_is_big_endian()) {
- val = bswap32(val);
- }
- virtio_config_writel(proxy->vdev, addr, val);
- break;
- }
-}
-
-static const MemoryRegionOps virtio_pci_config_ops = {
- .read = virtio_pci_config_read,
- .write = virtio_pci_config_write,
- .impl = {
- .min_access_size = 1,
- .max_access_size = 4,
- },
- .endianness = DEVICE_LITTLE_ENDIAN,
-};
-
-static void virtio_write_config(PCIDevice *pci_dev, uint32_t address,
- uint32_t val, int len)
-{
- VirtIOPCIProxy *proxy = DO_UPCAST(VirtIOPCIProxy, pci_dev, pci_dev);
-
- pci_default_write_config(pci_dev, address, val, len);
-
- if (range_covers_byte(address, len, PCI_COMMAND) &&
- !(pci_dev->config[PCI_COMMAND] & PCI_COMMAND_MASTER) &&
- !(proxy->flags & VIRTIO_PCI_FLAG_BUS_MASTER_BUG)) {
- virtio_pci_stop_ioeventfd(proxy);
- virtio_set_status(proxy->vdev,
- proxy->vdev->status & ~VIRTIO_CONFIG_S_DRIVER_OK);
- }
-}
-
-static unsigned virtio_pci_get_features(void *opaque)
-{
- VirtIOPCIProxy *proxy = opaque;
- return proxy->host_features;
-}
-
-static int kvm_virtio_pci_vq_vector_use(VirtIOPCIProxy *proxy,
- unsigned int queue_no,
- unsigned int vector,
- MSIMessage msg)
-{
- VirtQueue *vq = virtio_get_queue(proxy->vdev, queue_no);
- EventNotifier *n = virtio_queue_get_guest_notifier(vq);
- VirtIOIRQFD *irqfd = &proxy->vector_irqfd[vector];
- int ret;
-
- if (irqfd->users == 0) {
- ret = kvm_irqchip_add_msi_route(kvm_state, msg);
- if (ret < 0) {
- return ret;
- }
- irqfd->virq = ret;
- }
- irqfd->users++;
-
- ret = kvm_irqchip_add_irqfd_notifier(kvm_state, n, irqfd->virq);
- if (ret < 0) {
- if (--irqfd->users == 0) {
- kvm_irqchip_release_virq(kvm_state, irqfd->virq);
- }
- return ret;
- }
-
- virtio_queue_set_guest_notifier_fd_handler(vq, true, true);
- return 0;
-}
-
-static void kvm_virtio_pci_vq_vector_release(VirtIOPCIProxy *proxy,
- unsigned int queue_no,
- unsigned int vector)
-{
- VirtQueue *vq = virtio_get_queue(proxy->vdev, queue_no);
- EventNotifier *n = virtio_queue_get_guest_notifier(vq);
- VirtIOIRQFD *irqfd = &proxy->vector_irqfd[vector];
- int ret;
-
- ret = kvm_irqchip_remove_irqfd_notifier(kvm_state, n, irqfd->virq);
- assert(ret == 0);
-
- if (--irqfd->users == 0) {
- kvm_irqchip_release_virq(kvm_state, irqfd->virq);
- }
-
- virtio_queue_set_guest_notifier_fd_handler(vq, true, false);
-}
-
-static int kvm_virtio_pci_vector_use(PCIDevice *dev, unsigned vector,
- MSIMessage msg)
-{
- VirtIOPCIProxy *proxy = container_of(dev, VirtIOPCIProxy, pci_dev);
- VirtIODevice *vdev = proxy->vdev;
- int ret, queue_no;
-
- for (queue_no = 0; queue_no < VIRTIO_PCI_QUEUE_MAX; queue_no++) {
- if (!virtio_queue_get_num(vdev, queue_no)) {
- break;
- }
- if (virtio_queue_vector(vdev, queue_no) != vector) {
- continue;
- }
- ret = kvm_virtio_pci_vq_vector_use(proxy, queue_no, vector, msg);
- if (ret < 0) {
- goto undo;
- }
- }
- return 0;
-
-undo:
- while (--queue_no >= 0) {
- if (virtio_queue_vector(vdev, queue_no) != vector) {
- continue;
- }
- kvm_virtio_pci_vq_vector_release(proxy, queue_no, vector);
- }
- return ret;
-}
-
-static void kvm_virtio_pci_vector_release(PCIDevice *dev, unsigned vector)
-{
- VirtIOPCIProxy *proxy = container_of(dev, VirtIOPCIProxy, pci_dev);
- VirtIODevice *vdev = proxy->vdev;
- int queue_no;
-
- for (queue_no = 0; queue_no < VIRTIO_PCI_QUEUE_MAX; queue_no++) {
- if (!virtio_queue_get_num(vdev, queue_no)) {
- break;
- }
- if (virtio_queue_vector(vdev, queue_no) != vector) {
- continue;
- }
- kvm_virtio_pci_vq_vector_release(proxy, queue_no, vector);
- }
-}
-
-static int virtio_pci_set_guest_notifier(void *opaque, int n, bool assign)
-{
- VirtIOPCIProxy *proxy = opaque;
- VirtQueue *vq = virtio_get_queue(proxy->vdev, n);
- EventNotifier *notifier = virtio_queue_get_guest_notifier(vq);
-
- if (assign) {
- int r = event_notifier_init(notifier, 0);
- if (r < 0) {
- return r;
- }
- virtio_queue_set_guest_notifier_fd_handler(vq, true, false);
- } else {
- virtio_queue_set_guest_notifier_fd_handler(vq, false, false);
- event_notifier_cleanup(notifier);
- }
-
- return 0;
-}
-
-static bool virtio_pci_query_guest_notifiers(void *opaque)
-{
- VirtIOPCIProxy *proxy = opaque;
- return msix_enabled(&proxy->pci_dev);
-}
-
-static int virtio_pci_set_guest_notifiers(void *opaque, bool assign)
-{
- VirtIOPCIProxy *proxy = opaque;
- VirtIODevice *vdev = proxy->vdev;
- int r, n;
-
- /* Must unset vector notifier while guest notifier is still assigned */
- if (kvm_msi_via_irqfd_enabled() && !assign) {
- msix_unset_vector_notifiers(&proxy->pci_dev);
- g_free(proxy->vector_irqfd);
- proxy->vector_irqfd = NULL;
- }
-
- for (n = 0; n < VIRTIO_PCI_QUEUE_MAX; n++) {
- if (!virtio_queue_get_num(vdev, n)) {
- break;
- }
-
- r = virtio_pci_set_guest_notifier(opaque, n, assign);
- if (r < 0) {
- goto assign_error;
- }
- }
-
- /* Must set vector notifier after guest notifier has been assigned */
- if (kvm_msi_via_irqfd_enabled() && assign) {
- proxy->vector_irqfd =
- g_malloc0(sizeof(*proxy->vector_irqfd) *
- msix_nr_vectors_allocated(&proxy->pci_dev));
- r = msix_set_vector_notifiers(&proxy->pci_dev,
- kvm_virtio_pci_vector_use,
- kvm_virtio_pci_vector_release);
- if (r < 0) {
- goto assign_error;
- }
- }
-
- return 0;
-
-assign_error:
- /* We get here on assignment failure. Recover by undoing for VQs 0 .. n. */
- assert(assign);
- while (--n >= 0) {
- virtio_pci_set_guest_notifier(opaque, n, !assign);
- }
- return r;
-}
-
-static int virtio_pci_set_host_notifier(void *opaque, int n, bool assign)
-{
- VirtIOPCIProxy *proxy = opaque;
-
- /* Stop using ioeventfd for virtqueue kick if the device starts using host
- * notifiers. This makes it easy to avoid stepping on each others' toes.
- */
- proxy->ioeventfd_disabled = assign;
- if (assign) {
- virtio_pci_stop_ioeventfd(proxy);
- }
- /* We don't need to start here: it's not needed because backend
- * currently only stops on status change away from ok,
- * reset, vmstop and such. If we do add code to start here,
- * need to check vmstate, device state etc. */
- return virtio_pci_set_host_notifier_internal(proxy, n, assign, false);
-}
-
-static void virtio_pci_vmstate_change(void *opaque, bool running)
-{
- VirtIOPCIProxy *proxy = opaque;
-
- if (running) {
- /* Try to find out if the guest has bus master disabled, but is
- in ready state. Then we have a buggy guest OS. */
- if ((proxy->vdev->status & VIRTIO_CONFIG_S_DRIVER_OK) &&
- !(proxy->pci_dev.config[PCI_COMMAND] & PCI_COMMAND_MASTER)) {
- proxy->flags |= VIRTIO_PCI_FLAG_BUS_MASTER_BUG;
- }
- virtio_pci_start_ioeventfd(proxy);
- } else {
- virtio_pci_stop_ioeventfd(proxy);
- }
-}
-
-static const VirtIOBindings virtio_pci_bindings = {
- .notify = virtio_pci_notify,
- .save_config = virtio_pci_save_config,
- .load_config = virtio_pci_load_config,
- .save_queue = virtio_pci_save_queue,
- .load_queue = virtio_pci_load_queue,
- .get_features = virtio_pci_get_features,
- .query_guest_notifiers = virtio_pci_query_guest_notifiers,
- .set_host_notifier = virtio_pci_set_host_notifier,
- .set_guest_notifiers = virtio_pci_set_guest_notifiers,
- .vmstate_change = virtio_pci_vmstate_change,
-};
-
-void virtio_init_pci(VirtIOPCIProxy *proxy, VirtIODevice *vdev)
-{
- uint8_t *config;
- uint32_t size;
-
- proxy->vdev = vdev;
-
- config = proxy->pci_dev.config;
-
- if (proxy->class_code) {
- pci_config_set_class(config, proxy->class_code);
- }
- pci_set_word(config + PCI_SUBSYSTEM_VENDOR_ID,
- pci_get_word(config + PCI_VENDOR_ID));
- pci_set_word(config + PCI_SUBSYSTEM_ID, vdev->device_id);
- config[PCI_INTERRUPT_PIN] = 1;
-
- if (vdev->nvectors &&
- msix_init_exclusive_bar(&proxy->pci_dev, vdev->nvectors, 1)) {
- vdev->nvectors = 0;
- }
-
- proxy->pci_dev.config_write = virtio_write_config;
-
- size = VIRTIO_PCI_REGION_SIZE(&proxy->pci_dev) + vdev->config_len;
- if (size & (size-1))
- size = 1 << qemu_fls(size);
-
- memory_region_init_io(&proxy->bar, &virtio_pci_config_ops, proxy,
- "virtio-pci", size);
- pci_register_bar(&proxy->pci_dev, 0, PCI_BASE_ADDRESS_SPACE_IO,
- &proxy->bar);
-
- if (!kvm_has_many_ioeventfds()) {
- proxy->flags &= ~VIRTIO_PCI_FLAG_USE_IOEVENTFD;
- }
-
- virtio_bind_device(vdev, &virtio_pci_bindings, proxy);
- proxy->host_features |= 0x1 << VIRTIO_F_NOTIFY_ON_EMPTY;
- proxy->host_features |= 0x1 << VIRTIO_F_BAD_FEATURE;
- proxy->host_features = vdev->get_features(vdev, proxy->host_features);
-}
-
-static int virtio_blk_init_pci(PCIDevice *pci_dev)
-{
- VirtIOPCIProxy *proxy = DO_UPCAST(VirtIOPCIProxy, pci_dev, pci_dev);
- VirtIODevice *vdev;
-
- if (proxy->class_code != PCI_CLASS_STORAGE_SCSI &&
- proxy->class_code != PCI_CLASS_STORAGE_OTHER)
- proxy->class_code = PCI_CLASS_STORAGE_SCSI;
-
- vdev = virtio_blk_init(&pci_dev->qdev, &proxy->blk);
- if (!vdev) {
- return -1;
- }
- vdev->nvectors = proxy->nvectors;
- virtio_init_pci(proxy, vdev);
- /* make the actual value visible */
- proxy->nvectors = vdev->nvectors;
- return 0;
-}
-
-static void virtio_exit_pci(PCIDevice *pci_dev)
-{
- VirtIOPCIProxy *proxy = DO_UPCAST(VirtIOPCIProxy, pci_dev, pci_dev);
-
- memory_region_destroy(&proxy->bar);
- msix_uninit_exclusive_bar(pci_dev);
-}
-
-static void virtio_blk_exit_pci(PCIDevice *pci_dev)
-{
- VirtIOPCIProxy *proxy = DO_UPCAST(VirtIOPCIProxy, pci_dev, pci_dev);
-
- virtio_pci_stop_ioeventfd(proxy);
- virtio_blk_exit(proxy->vdev);
- virtio_exit_pci(pci_dev);
-}
-
-static int virtio_serial_init_pci(PCIDevice *pci_dev)
-{
- VirtIOPCIProxy *proxy = DO_UPCAST(VirtIOPCIProxy, pci_dev, pci_dev);
- VirtIODevice *vdev;
-
- if (proxy->class_code != PCI_CLASS_COMMUNICATION_OTHER &&
- proxy->class_code != PCI_CLASS_DISPLAY_OTHER && /* qemu 0.10 */
- proxy->class_code != PCI_CLASS_OTHERS) /* qemu-kvm */
- proxy->class_code = PCI_CLASS_COMMUNICATION_OTHER;
-
- vdev = virtio_serial_init(&pci_dev->qdev, &proxy->serial);
- if (!vdev) {
- return -1;
- }
- vdev->nvectors = proxy->nvectors == DEV_NVECTORS_UNSPECIFIED
- ? proxy->serial.max_virtserial_ports + 1
- : proxy->nvectors;
- virtio_init_pci(proxy, vdev);
- proxy->nvectors = vdev->nvectors;
- return 0;
-}
-
-static void virtio_serial_exit_pci(PCIDevice *pci_dev)
-{
- VirtIOPCIProxy *proxy = DO_UPCAST(VirtIOPCIProxy, pci_dev, pci_dev);
-
- virtio_pci_stop_ioeventfd(proxy);
- virtio_serial_exit(proxy->vdev);
- virtio_exit_pci(pci_dev);
-}
-
-static int virtio_net_init_pci(PCIDevice *pci_dev)
-{
- VirtIOPCIProxy *proxy = DO_UPCAST(VirtIOPCIProxy, pci_dev, pci_dev);
- VirtIODevice *vdev;
-
- vdev = virtio_net_init(&pci_dev->qdev, &proxy->nic, &proxy->net);
-
- vdev->nvectors = proxy->nvectors;
- virtio_init_pci(proxy, vdev);
-
- /* make the actual value visible */
- proxy->nvectors = vdev->nvectors;
- return 0;
-}
-
-static void virtio_net_exit_pci(PCIDevice *pci_dev)
-{
- VirtIOPCIProxy *proxy = DO_UPCAST(VirtIOPCIProxy, pci_dev, pci_dev);
-
- virtio_pci_stop_ioeventfd(proxy);
- virtio_net_exit(proxy->vdev);
- virtio_exit_pci(pci_dev);
-}
-
-static int virtio_balloon_init_pci(PCIDevice *pci_dev)
-{
- VirtIOPCIProxy *proxy = DO_UPCAST(VirtIOPCIProxy, pci_dev, pci_dev);
- VirtIODevice *vdev;
-
- if (proxy->class_code != PCI_CLASS_OTHERS &&
- proxy->class_code != PCI_CLASS_MEMORY_RAM) { /* qemu < 1.1 */
- proxy->class_code = PCI_CLASS_OTHERS;
- }
-
- vdev = virtio_balloon_init(&pci_dev->qdev);
- if (!vdev) {
- return -1;
- }
- virtio_init_pci(proxy, vdev);
- return 0;
-}
-
-static void virtio_balloon_exit_pci(PCIDevice *pci_dev)
-{
- VirtIOPCIProxy *proxy = DO_UPCAST(VirtIOPCIProxy, pci_dev, pci_dev);
-
- virtio_pci_stop_ioeventfd(proxy);
- virtio_balloon_exit(proxy->vdev);
- virtio_exit_pci(pci_dev);
-}
-
-static int virtio_rng_init_pci(PCIDevice *pci_dev)
-{
- VirtIOPCIProxy *proxy = DO_UPCAST(VirtIOPCIProxy, pci_dev, pci_dev);
- VirtIODevice *vdev;
-
- if (proxy->rng.rng == NULL) {
- proxy->rng.default_backend = RNG_RANDOM(object_new(TYPE_RNG_RANDOM));
-
- object_property_add_child(OBJECT(pci_dev),
- "default-backend",
- OBJECT(proxy->rng.default_backend),
- NULL);
-
- object_property_set_link(OBJECT(pci_dev),
- OBJECT(proxy->rng.default_backend),
- "rng", NULL);
- }
-
- vdev = virtio_rng_init(&pci_dev->qdev, &proxy->rng);
- if (!vdev) {
- return -1;
- }
- virtio_init_pci(proxy, vdev);
- return 0;
-}
-
-static void virtio_rng_exit_pci(PCIDevice *pci_dev)
-{
- VirtIOPCIProxy *proxy = DO_UPCAST(VirtIOPCIProxy, pci_dev, pci_dev);
-
- virtio_pci_stop_ioeventfd(proxy);
- virtio_rng_exit(proxy->vdev);
- virtio_exit_pci(pci_dev);
-}
-
-static Property virtio_blk_properties[] = {
- DEFINE_PROP_HEX32("class", VirtIOPCIProxy, class_code, 0),
- DEFINE_BLOCK_PROPERTIES(VirtIOPCIProxy, blk.conf),
- DEFINE_BLOCK_CHS_PROPERTIES(VirtIOPCIProxy, blk.conf),
- DEFINE_PROP_STRING("serial", VirtIOPCIProxy, blk.serial),
-#ifdef __linux__
- DEFINE_PROP_BIT("scsi", VirtIOPCIProxy, blk.scsi, 0, true),
-#endif
- DEFINE_PROP_BIT("config-wce", VirtIOPCIProxy, blk.config_wce, 0, true),
- DEFINE_PROP_BIT("ioeventfd", VirtIOPCIProxy, flags, VIRTIO_PCI_FLAG_USE_IOEVENTFD_BIT, true),
- DEFINE_PROP_UINT32("vectors", VirtIOPCIProxy, nvectors, 2),
- DEFINE_VIRTIO_BLK_FEATURES(VirtIOPCIProxy, host_features),
- DEFINE_PROP_END_OF_LIST(),
-};
-
-static void virtio_blk_class_init(ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS(klass);
- PCIDeviceClass *k = PCI_DEVICE_CLASS(klass);
-
- k->init = virtio_blk_init_pci;
- k->exit = virtio_blk_exit_pci;
- k->vendor_id = PCI_VENDOR_ID_REDHAT_QUMRANET;
- k->device_id = PCI_DEVICE_ID_VIRTIO_BLOCK;
- k->revision = VIRTIO_PCI_ABI_VERSION;
- k->class_id = PCI_CLASS_STORAGE_SCSI;
- dc->reset = virtio_pci_reset;
- dc->props = virtio_blk_properties;
-}
-
-static TypeInfo virtio_blk_info = {
- .name = "virtio-blk-pci",
- .parent = TYPE_PCI_DEVICE,
- .instance_size = sizeof(VirtIOPCIProxy),
- .class_init = virtio_blk_class_init,
-};
-
-static Property virtio_net_properties[] = {
- DEFINE_PROP_BIT("ioeventfd", VirtIOPCIProxy, flags, VIRTIO_PCI_FLAG_USE_IOEVENTFD_BIT, false),
- DEFINE_PROP_UINT32("vectors", VirtIOPCIProxy, nvectors, 3),
- DEFINE_VIRTIO_NET_FEATURES(VirtIOPCIProxy, host_features),
- DEFINE_NIC_PROPERTIES(VirtIOPCIProxy, nic),
- DEFINE_PROP_UINT32("x-txtimer", VirtIOPCIProxy, net.txtimer, TX_TIMER_INTERVAL),
- DEFINE_PROP_INT32("x-txburst", VirtIOPCIProxy, net.txburst, TX_BURST),
- DEFINE_PROP_STRING("tx", VirtIOPCIProxy, net.tx),
- DEFINE_PROP_END_OF_LIST(),
-};
-
-static void virtio_net_class_init(ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS(klass);
- PCIDeviceClass *k = PCI_DEVICE_CLASS(klass);
-
- k->init = virtio_net_init_pci;
- k->exit = virtio_net_exit_pci;
- k->romfile = "pxe-virtio.rom";
- k->vendor_id = PCI_VENDOR_ID_REDHAT_QUMRANET;
- k->device_id = PCI_DEVICE_ID_VIRTIO_NET;
- k->revision = VIRTIO_PCI_ABI_VERSION;
- k->class_id = PCI_CLASS_NETWORK_ETHERNET;
- dc->reset = virtio_pci_reset;
- dc->props = virtio_net_properties;
-}
-
-static TypeInfo virtio_net_info = {
- .name = "virtio-net-pci",
- .parent = TYPE_PCI_DEVICE,
- .instance_size = sizeof(VirtIOPCIProxy),
- .class_init = virtio_net_class_init,
-};
-
-static Property virtio_serial_properties[] = {
- DEFINE_PROP_BIT("ioeventfd", VirtIOPCIProxy, flags, VIRTIO_PCI_FLAG_USE_IOEVENTFD_BIT, true),
- DEFINE_PROP_UINT32("vectors", VirtIOPCIProxy, nvectors, DEV_NVECTORS_UNSPECIFIED),
- DEFINE_PROP_HEX32("class", VirtIOPCIProxy, class_code, 0),
- DEFINE_VIRTIO_COMMON_FEATURES(VirtIOPCIProxy, host_features),
- DEFINE_PROP_UINT32("max_ports", VirtIOPCIProxy, serial.max_virtserial_ports, 31),
- DEFINE_PROP_END_OF_LIST(),
-};
-
-static void virtio_serial_class_init(ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS(klass);
- PCIDeviceClass *k = PCI_DEVICE_CLASS(klass);
-
- k->init = virtio_serial_init_pci;
- k->exit = virtio_serial_exit_pci;
- k->vendor_id = PCI_VENDOR_ID_REDHAT_QUMRANET;
- k->device_id = PCI_DEVICE_ID_VIRTIO_CONSOLE;
- k->revision = VIRTIO_PCI_ABI_VERSION;
- k->class_id = PCI_CLASS_COMMUNICATION_OTHER;
- dc->reset = virtio_pci_reset;
- dc->props = virtio_serial_properties;
-}
-
-static TypeInfo virtio_serial_info = {
- .name = "virtio-serial-pci",
- .parent = TYPE_PCI_DEVICE,
- .instance_size = sizeof(VirtIOPCIProxy),
- .class_init = virtio_serial_class_init,
-};
-
-static Property virtio_balloon_properties[] = {
- DEFINE_VIRTIO_COMMON_FEATURES(VirtIOPCIProxy, host_features),
- DEFINE_PROP_HEX32("class", VirtIOPCIProxy, class_code, 0),
- DEFINE_PROP_END_OF_LIST(),
-};
-
-static void virtio_balloon_class_init(ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS(klass);
- PCIDeviceClass *k = PCI_DEVICE_CLASS(klass);
-
- k->init = virtio_balloon_init_pci;
- k->exit = virtio_balloon_exit_pci;
- k->vendor_id = PCI_VENDOR_ID_REDHAT_QUMRANET;
- k->device_id = PCI_DEVICE_ID_VIRTIO_BALLOON;
- k->revision = VIRTIO_PCI_ABI_VERSION;
- k->class_id = PCI_CLASS_OTHERS;
- dc->reset = virtio_pci_reset;
- dc->props = virtio_balloon_properties;
-}
-
-static TypeInfo virtio_balloon_info = {
- .name = "virtio-balloon-pci",
- .parent = TYPE_PCI_DEVICE,
- .instance_size = sizeof(VirtIOPCIProxy),
- .class_init = virtio_balloon_class_init,
-};
-
-static void virtio_rng_initfn(Object *obj)
-{
- PCIDevice *pci_dev = PCI_DEVICE(obj);
- VirtIOPCIProxy *proxy = DO_UPCAST(VirtIOPCIProxy, pci_dev, pci_dev);
-
- object_property_add_link(obj, "rng", TYPE_RNG_BACKEND,
- (Object **)&proxy->rng.rng, NULL);
-}
-
-static Property virtio_rng_properties[] = {
- DEFINE_VIRTIO_COMMON_FEATURES(VirtIOPCIProxy, host_features),
- /* Set a default rate limit of 2^47 bytes per minute or roughly 2TB/s. If
- you have an entropy source capable of generating more entropy than this
- and you can pass it through via virtio-rng, then hats off to you. Until
- then, this is unlimited for all practical purposes.
- */
- DEFINE_PROP_UINT64("max-bytes", VirtIOPCIProxy, rng.max_bytes, INT64_MAX),
- DEFINE_PROP_UINT32("period", VirtIOPCIProxy, rng.period_ms, 1 << 16),
- DEFINE_PROP_END_OF_LIST(),
-};
-
-static void virtio_rng_class_init(ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS(klass);
- PCIDeviceClass *k = PCI_DEVICE_CLASS(klass);
-
- k->init = virtio_rng_init_pci;
- k->exit = virtio_rng_exit_pci;
- k->vendor_id = PCI_VENDOR_ID_REDHAT_QUMRANET;
- k->device_id = PCI_DEVICE_ID_VIRTIO_RNG;
- k->revision = VIRTIO_PCI_ABI_VERSION;
- k->class_id = PCI_CLASS_OTHERS;
- dc->reset = virtio_pci_reset;
- dc->props = virtio_rng_properties;
-}
-
-static TypeInfo virtio_rng_info = {
- .name = "virtio-rng-pci",
- .parent = TYPE_PCI_DEVICE,
- .instance_size = sizeof(VirtIOPCIProxy),
- .instance_init = virtio_rng_initfn,
- .class_init = virtio_rng_class_init,
-};
-
-static int virtio_scsi_init_pci(PCIDevice *pci_dev)
-{
- VirtIOPCIProxy *proxy = DO_UPCAST(VirtIOPCIProxy, pci_dev, pci_dev);
- VirtIODevice *vdev;
-
- vdev = virtio_scsi_init(&pci_dev->qdev, &proxy->scsi);
- if (!vdev) {
- return -EINVAL;
- }
-
- vdev->nvectors = proxy->nvectors == DEV_NVECTORS_UNSPECIFIED
- ? proxy->scsi.num_queues + 3
- : proxy->nvectors;
- virtio_init_pci(proxy, vdev);
-
- /* make the actual value visible */
- proxy->nvectors = vdev->nvectors;
- return 0;
-}
-
-static void virtio_scsi_exit_pci(PCIDevice *pci_dev)
-{
- VirtIOPCIProxy *proxy = DO_UPCAST(VirtIOPCIProxy, pci_dev, pci_dev);
-
- virtio_scsi_exit(proxy->vdev);
- virtio_exit_pci(pci_dev);
-}
-
-static Property virtio_scsi_properties[] = {
- DEFINE_PROP_BIT("ioeventfd", VirtIOPCIProxy, flags, VIRTIO_PCI_FLAG_USE_IOEVENTFD_BIT, true),
- DEFINE_PROP_UINT32("vectors", VirtIOPCIProxy, nvectors, DEV_NVECTORS_UNSPECIFIED),
- DEFINE_VIRTIO_SCSI_PROPERTIES(VirtIOPCIProxy, host_features, scsi),
- DEFINE_PROP_END_OF_LIST(),
-};
-
-static void virtio_scsi_class_init(ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS(klass);
- PCIDeviceClass *k = PCI_DEVICE_CLASS(klass);
-
- k->init = virtio_scsi_init_pci;
- k->exit = virtio_scsi_exit_pci;
- k->vendor_id = PCI_VENDOR_ID_REDHAT_QUMRANET;
- k->device_id = PCI_DEVICE_ID_VIRTIO_SCSI;
- k->revision = 0x00;
- k->class_id = PCI_CLASS_STORAGE_SCSI;
- dc->reset = virtio_pci_reset;
- dc->props = virtio_scsi_properties;
-}
-
-static TypeInfo virtio_scsi_info = {
- .name = "virtio-scsi-pci",
- .parent = TYPE_PCI_DEVICE,
- .instance_size = sizeof(VirtIOPCIProxy),
- .class_init = virtio_scsi_class_init,
-};
-
-static void virtio_pci_register_types(void)
-{
- type_register_static(&virtio_blk_info);
- type_register_static(&virtio_net_info);
- type_register_static(&virtio_serial_info);
- type_register_static(&virtio_balloon_info);
- type_register_static(&virtio_scsi_info);
- type_register_static(&virtio_rng_info);
-}
-
-type_init(virtio_pci_register_types)
diff --git a/hw/virtio-pci.h b/hw/virtio-pci.h
deleted file mode 100644
index b58d9a2d1..000000000
--- a/hw/virtio-pci.h
+++ /dev/null
@@ -1,62 +0,0 @@
-/*
- * Virtio PCI Bindings
- *
- * Copyright IBM, Corp. 2007
- * Copyright (c) 2009 CodeSourcery
- *
- * Authors:
- * Anthony Liguori <aliguori@us.ibm.com>
- * Paul Brook <paul@codesourcery.com>
- *
- * This work is licensed under the terms of the GNU GPL, version 2. See
- * the COPYING file in the top-level directory.
- */
-
-#ifndef QEMU_VIRTIO_PCI_H
-#define QEMU_VIRTIO_PCI_H
-
-#include "virtio-blk.h"
-#include "virtio-net.h"
-#include "virtio-rng.h"
-#include "virtio-serial.h"
-#include "virtio-scsi.h"
-
-/* Performance improves when virtqueue kick processing is decoupled from the
- * vcpu thread using ioeventfd for some devices. */
-#define VIRTIO_PCI_FLAG_USE_IOEVENTFD_BIT 1
-#define VIRTIO_PCI_FLAG_USE_IOEVENTFD (1 << VIRTIO_PCI_FLAG_USE_IOEVENTFD_BIT)
-
-typedef struct {
- int virq;
- unsigned int users;
-} VirtIOIRQFD;
-
-typedef struct {
- PCIDevice pci_dev;
- VirtIODevice *vdev;
- MemoryRegion bar;
- uint32_t flags;
- uint32_t class_code;
- uint32_t nvectors;
- VirtIOBlkConf blk;
- NICConf nic;
- uint32_t host_features;
-#ifdef CONFIG_LINUX
- V9fsConf fsconf;
-#endif
- virtio_serial_conf serial;
- virtio_net_conf net;
- VirtIOSCSIConf scsi;
- VirtIORNGConf rng;
- bool ioeventfd_disabled;
- bool ioeventfd_started;
- VirtIOIRQFD *vector_irqfd;
-} VirtIOPCIProxy;
-
-void virtio_init_pci(VirtIOPCIProxy *proxy, VirtIODevice *vdev);
-void virtio_pci_reset(DeviceState *d);
-
-/* Virtio ABI version, if we increment this, we break the guest driver. */
-#define VIRTIO_PCI_ABI_VERSION 0
-
-#endif
diff --git a/hw/virtio-rng.c b/hw/virtio-rng.c
deleted file mode 100644
index a73ef8e33..000000000
--- a/hw/virtio-rng.c
+++ /dev/null
@@ -1,205 +0,0 @@
-/*
- * A virtio device implementing a hardware random number generator.
- *
- * Copyright 2012 Red Hat, Inc.
- * Copyright 2012 Amit Shah <amit.shah@redhat.com>
- *
- * This work is licensed under the terms of the GNU GPL, version 2 or
- * (at your option) any later version. See the COPYING file in the
- * top-level directory.
- */
-
-#include "iov.h"
-#include "qdev.h"
-#include "virtio.h"
-#include "virtio-rng.h"
-#include "qemu/rng.h"
-
-typedef struct VirtIORNG {
- VirtIODevice vdev;
-
- DeviceState *qdev;
-
- /* Only one vq - guest puts buffer(s) on it when it needs entropy */
- VirtQueue *vq;
-
- VirtIORNGConf *conf;
-
- RngBackend *rng;
-
- /* We purposefully don't migrate this state. The quota will reset on the
- * destination as a result. Rate limiting is host state, not guest state.
- */
- QEMUTimer *rate_limit_timer;
- int64_t quota_remaining;
-} VirtIORNG;
-
-static bool is_guest_ready(VirtIORNG *vrng)
-{
- if (virtio_queue_ready(vrng->vq)
- && (vrng->vdev.status & VIRTIO_CONFIG_S_DRIVER_OK)) {
- return true;
- }
- return false;
-}
-
-static size_t get_request_size(VirtQueue *vq, unsigned quota)
-{
- unsigned int in, out;
-
- virtqueue_get_avail_bytes(vq, &in, &out, quota, 0);
- return in;
-}
-
-static void virtio_rng_process(VirtIORNG *vrng);
-
-/* Send data from a char device over to the guest */
-static void chr_read(void *opaque, const void *buf, size_t size)
-{
- VirtIORNG *vrng = opaque;
- VirtQueueElement elem;
- size_t len;
- int offset;
-
- if (!is_guest_ready(vrng)) {
- return;
- }
-
- vrng->quota_remaining -= size;
-
- offset = 0;
- while (offset < size) {
- if (!virtqueue_pop(vrng->vq, &elem)) {
- break;
- }
- len = iov_from_buf(elem.in_sg, elem.in_num,
- 0, buf + offset, size - offset);
- offset += len;
-
- virtqueue_push(vrng->vq, &elem, len);
- }
- virtio_notify(&vrng->vdev, vrng->vq);
-}
-
-static void virtio_rng_process(VirtIORNG *vrng)
-{
- size_t size;
- unsigned quota;
-
- if (!is_guest_ready(vrng)) {
- return;
- }
-
- if (vrng->quota_remaining < 0) {
- quota = 0;
- } else {
- quota = MIN((uint64_t)vrng->quota_remaining, (uint64_t)UINT32_MAX);
- }
- size = get_request_size(vrng->vq, quota);
- size = MIN(vrng->quota_remaining, size);
- if (size) {
- rng_backend_request_entropy(vrng->rng, size, chr_read, vrng);
- }
-}
-
-static void handle_input(VirtIODevice *vdev, VirtQueue *vq)
-{
- VirtIORNG *vrng = DO_UPCAST(VirtIORNG, vdev, vdev);
- virtio_rng_process(vrng);
-}
-
-static uint32_t get_features(VirtIODevice *vdev, uint32_t f)
-{
- return f;
-}
-
-static void virtio_rng_save(QEMUFile *f, void *opaque)
-{
- VirtIORNG *vrng = opaque;
-
- virtio_save(&vrng->vdev, f);
-}
-
-static int virtio_rng_load(QEMUFile *f, void *opaque, int version_id)
-{
- VirtIORNG *vrng = opaque;
-
- if (version_id != 1) {
- return -EINVAL;
- }
- virtio_load(&vrng->vdev, f);
-
- /* We may have an element ready but couldn't process it due to a quota
- * limit. Make sure to try again after live migration when the quota may
- * have been reset.
- */
- virtio_rng_process(vrng);
-
- return 0;
-}
-
-static void check_rate_limit(void *opaque)
-{
- VirtIORNG *s = opaque;
-
- s->quota_remaining = s->conf->max_bytes;
- virtio_rng_process(s);
- qemu_mod_timer(s->rate_limit_timer,
- qemu_get_clock_ms(vm_clock) + s->conf->period_ms);
-}
-
-
-VirtIODevice *virtio_rng_init(DeviceState *dev, VirtIORNGConf *conf)
-{
- VirtIORNG *vrng;
- VirtIODevice *vdev;
- Error *local_err = NULL;
-
- vdev = virtio_common_init("virtio-rng", VIRTIO_ID_RNG, 0,
- sizeof(VirtIORNG));
-
- vrng = DO_UPCAST(VirtIORNG, vdev, vdev);
-
- vrng->rng = conf->rng;
- if (vrng->rng == NULL) {
- qerror_report(QERR_INVALID_PARAMETER_VALUE, "rng", "a valid object");
- return NULL;
- }
-
- rng_backend_open(vrng->rng, &local_err);
- if (local_err) {
- qerror_report_err(local_err);
- error_free(local_err);
- return NULL;
- }
-
- vrng->vq = virtio_add_queue(vdev, 8, handle_input);
- vrng->vdev.get_features = get_features;
-
- vrng->qdev = dev;
- vrng->conf = conf;
-
- assert(vrng->conf->max_bytes <= INT64_MAX);
- vrng->quota_remaining = vrng->conf->max_bytes;
-
- vrng->rate_limit_timer = qemu_new_timer_ms(vm_clock,
- check_rate_limit, vrng);
-
- qemu_mod_timer(vrng->rate_limit_timer,
- qemu_get_clock_ms(vm_clock) + vrng->conf->period_ms);
-
- register_savevm(dev, "virtio-rng", -1, 1, virtio_rng_save,
- virtio_rng_load, vrng);
-
- return vdev;
-}
-
-void virtio_rng_exit(VirtIODevice *vdev)
-{
- VirtIORNG *vrng = DO_UPCAST(VirtIORNG, vdev, vdev);
-
- qemu_del_timer(vrng->rate_limit_timer);
- qemu_free_timer(vrng->rate_limit_timer);
- unregister_savevm(vrng->qdev, "virtio-rng", vrng);
- virtio_cleanup(vdev);
-}
diff --git a/hw/virtio-rng.h b/hw/virtio-rng.h
deleted file mode 100644
index f42d748eb..000000000
--- a/hw/virtio-rng.h
+++ /dev/null
@@ -1,28 +0,0 @@
-/*
- * Virtio RNG Support
- *
- * Copyright Red Hat, Inc. 2012
- * Copyright Amit Shah <amit.shah@redhat.com>
- *
- * This work is licensed under the terms of the GNU GPL, version 2 or
- * (at your option) any later version. See the COPYING file in the
- * top-level directory.
- */
-
-#ifndef _QEMU_VIRTIO_RNG_H
-#define _QEMU_VIRTIO_RNG_H
-
-#include "qemu/rng.h"
-#include "qemu/rng-random.h"
-
-/* The Virtio ID for the virtio rng device */
-#define VIRTIO_ID_RNG 4
-
-struct VirtIORNGConf {
- RngBackend *rng;
- uint64_t max_bytes;
- uint32_t period_ms;
- RndRandom *default_backend;
-};
-
-#endif
diff --git a/hw/virtio-scsi.c b/hw/virtio-scsi.c
deleted file mode 100644
index bfe186050..000000000
--- a/hw/virtio-scsi.c
+++ /dev/null
@@ -1,744 +0,0 @@
-/*
- * Virtio SCSI HBA
- *
- * Copyright IBM, Corp. 2010
- * Copyright Red Hat, Inc. 2011
- *
- * Authors:
- * Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
- * Paolo Bonzini <pbonzini@redhat.com>
- *
- * This work is licensed under the terms of the GNU GPL, version 2 or later.
- * See the COPYING file in the top-level directory.
- *
- */
-
-#include "virtio-scsi.h"
-#include <hw/scsi.h>
-#include <hw/scsi-defs.h>
-
-#define VIRTIO_SCSI_VQ_SIZE 128
-#define VIRTIO_SCSI_CDB_SIZE 32
-#define VIRTIO_SCSI_SENSE_SIZE 96
-#define VIRTIO_SCSI_MAX_CHANNEL 0
-#define VIRTIO_SCSI_MAX_TARGET 255
-#define VIRTIO_SCSI_MAX_LUN 16383
-
-/* Response codes */
-#define VIRTIO_SCSI_S_OK 0
-#define VIRTIO_SCSI_S_OVERRUN 1
-#define VIRTIO_SCSI_S_ABORTED 2
-#define VIRTIO_SCSI_S_BAD_TARGET 3
-#define VIRTIO_SCSI_S_RESET 4
-#define VIRTIO_SCSI_S_BUSY 5
-#define VIRTIO_SCSI_S_TRANSPORT_FAILURE 6
-#define VIRTIO_SCSI_S_TARGET_FAILURE 7
-#define VIRTIO_SCSI_S_NEXUS_FAILURE 8
-#define VIRTIO_SCSI_S_FAILURE 9
-#define VIRTIO_SCSI_S_FUNCTION_SUCCEEDED 10
-#define VIRTIO_SCSI_S_FUNCTION_REJECTED 11
-#define VIRTIO_SCSI_S_INCORRECT_LUN 12
-
-/* Controlq type codes. */
-#define VIRTIO_SCSI_T_TMF 0
-#define VIRTIO_SCSI_T_AN_QUERY 1
-#define VIRTIO_SCSI_T_AN_SUBSCRIBE 2
-
-/* Valid TMF subtypes. */
-#define VIRTIO_SCSI_T_TMF_ABORT_TASK 0
-#define VIRTIO_SCSI_T_TMF_ABORT_TASK_SET 1
-#define VIRTIO_SCSI_T_TMF_CLEAR_ACA 2
-#define VIRTIO_SCSI_T_TMF_CLEAR_TASK_SET 3
-#define VIRTIO_SCSI_T_TMF_I_T_NEXUS_RESET 4
-#define VIRTIO_SCSI_T_TMF_LOGICAL_UNIT_RESET 5
-#define VIRTIO_SCSI_T_TMF_QUERY_TASK 6
-#define VIRTIO_SCSI_T_TMF_QUERY_TASK_SET 7
-
-/* Events. */
-#define VIRTIO_SCSI_T_EVENTS_MISSED 0x80000000
-#define VIRTIO_SCSI_T_NO_EVENT 0
-#define VIRTIO_SCSI_T_TRANSPORT_RESET 1
-#define VIRTIO_SCSI_T_ASYNC_NOTIFY 2
-#define VIRTIO_SCSI_T_PARAM_CHANGE 3
-
-/* Reasons for transport reset event */
-#define VIRTIO_SCSI_EVT_RESET_HARD 0
-#define VIRTIO_SCSI_EVT_RESET_RESCAN 1
-#define VIRTIO_SCSI_EVT_RESET_REMOVED 2
-
-/* SCSI command request, followed by data-out */
-typedef struct {
- uint8_t lun[8]; /* Logical Unit Number */
- uint64_t tag; /* Command identifier */
- uint8_t task_attr; /* Task attribute */
- uint8_t prio;
- uint8_t crn;
- uint8_t cdb[];
-} QEMU_PACKED VirtIOSCSICmdReq;
-
-/* Response, followed by sense data and data-in */
-typedef struct {
- uint32_t sense_len; /* Sense data length */
- uint32_t resid; /* Residual bytes in data buffer */
- uint16_t status_qualifier; /* Status qualifier */
- uint8_t status; /* Command completion status */
- uint8_t response; /* Response values */
- uint8_t sense[];
-} QEMU_PACKED VirtIOSCSICmdResp;
-
-/* Task Management Request */
-typedef struct {
- uint32_t type;
- uint32_t subtype;
- uint8_t lun[8];
- uint64_t tag;
-} QEMU_PACKED VirtIOSCSICtrlTMFReq;
-
-typedef struct {
- uint8_t response;
-} QEMU_PACKED VirtIOSCSICtrlTMFResp;
-
-/* Asynchronous notification query/subscription */
-typedef struct {
- uint32_t type;
- uint8_t lun[8];
- uint32_t event_requested;
-} QEMU_PACKED VirtIOSCSICtrlANReq;
-
-typedef struct {
- uint32_t event_actual;
- uint8_t response;
-} QEMU_PACKED VirtIOSCSICtrlANResp;
-
-typedef struct {
- uint32_t event;
- uint8_t lun[8];
- uint32_t reason;
-} QEMU_PACKED VirtIOSCSIEvent;
-
-typedef struct {
- uint32_t num_queues;
- uint32_t seg_max;
- uint32_t max_sectors;
- uint32_t cmd_per_lun;
- uint32_t event_info_size;
- uint32_t sense_size;
- uint32_t cdb_size;
- uint16_t max_channel;
- uint16_t max_target;
- uint32_t max_lun;
-} QEMU_PACKED VirtIOSCSIConfig;
-
-typedef struct {
- VirtIODevice vdev;
- DeviceState *qdev;
- VirtIOSCSIConf *conf;
-
- SCSIBus bus;
- uint32_t sense_size;
- uint32_t cdb_size;
- int resetting;
- bool events_dropped;
- VirtQueue *ctrl_vq;
- VirtQueue *event_vq;
- VirtQueue *cmd_vqs[0];
-} VirtIOSCSI;
-
-typedef struct VirtIOSCSIReq {
- VirtIOSCSI *dev;
- VirtQueue *vq;
- VirtQueueElement elem;
- QEMUSGList qsgl;
- SCSIRequest *sreq;
- union {
- char *buf;
- VirtIOSCSICmdReq *cmd;
- VirtIOSCSICtrlTMFReq *tmf;
- VirtIOSCSICtrlANReq *an;
- } req;
- union {
- char *buf;
- VirtIOSCSICmdResp *cmd;
- VirtIOSCSICtrlTMFResp *tmf;
- VirtIOSCSICtrlANResp *an;
- VirtIOSCSIEvent *event;
- } resp;
-} VirtIOSCSIReq;
-
-static inline int virtio_scsi_get_lun(uint8_t *lun)
-{
- return ((lun[2] << 8) | lun[3]) & 0x3FFF;
-}
-
-static inline SCSIDevice *virtio_scsi_device_find(VirtIOSCSI *s, uint8_t *lun)
-{
- if (lun[0] != 1) {
- return NULL;
- }
- if (lun[2] != 0 && !(lun[2] >= 0x40 && lun[2] < 0x80)) {
- return NULL;
- }
- return scsi_device_find(&s->bus, 0, lun[1], virtio_scsi_get_lun(lun));
-}
-
-static void virtio_scsi_complete_req(VirtIOSCSIReq *req)
-{
- VirtIOSCSI *s = req->dev;
- VirtQueue *vq = req->vq;
- virtqueue_push(vq, &req->elem, req->qsgl.size + req->elem.in_sg[0].iov_len);
- qemu_sglist_destroy(&req->qsgl);
- if (req->sreq) {
- req->sreq->hba_private = NULL;
- scsi_req_unref(req->sreq);
- }
- g_free(req);
- virtio_notify(&s->vdev, vq);
-}
-
-static void virtio_scsi_bad_req(void)
-{
- error_report("wrong size for virtio-scsi headers");
- exit(1);
-}
-
-static void qemu_sgl_init_external(QEMUSGList *qsgl, struct iovec *sg,
- hwaddr *addr, int num)
-{
- qemu_sglist_init(qsgl, num, &dma_context_memory);
- while (num--) {
- qemu_sglist_add(qsgl, *(addr++), (sg++)->iov_len);
- }
-}
-
-static void virtio_scsi_parse_req(VirtIOSCSI *s, VirtQueue *vq,
- VirtIOSCSIReq *req)
-{
- assert(req->elem.in_num);
- req->vq = vq;
- req->dev = s;
- req->sreq = NULL;
- if (req->elem.out_num) {
- req->req.buf = req->elem.out_sg[0].iov_base;
- }
- req->resp.buf = req->elem.in_sg[0].iov_base;
-
- if (req->elem.out_num > 1) {
- qemu_sgl_init_external(&req->qsgl, &req->elem.out_sg[1],
- &req->elem.out_addr[1],
- req->elem.out_num - 1);
- } else {
- qemu_sgl_init_external(&req->qsgl, &req->elem.in_sg[1],
- &req->elem.in_addr[1],
- req->elem.in_num - 1);
- }
-}
-
-static VirtIOSCSIReq *virtio_scsi_pop_req(VirtIOSCSI *s, VirtQueue *vq)
-{
- VirtIOSCSIReq *req;
- req = g_malloc(sizeof(*req));
- if (!virtqueue_pop(vq, &req->elem)) {
- g_free(req);
- return NULL;
- }
-
- virtio_scsi_parse_req(s, vq, req);
- return req;
-}
-
-static void virtio_scsi_save_request(QEMUFile *f, SCSIRequest *sreq)
-{
- VirtIOSCSIReq *req = sreq->hba_private;
- uint32_t n = virtio_queue_get_id(req->vq) - 2;
-
- assert(n < req->dev->conf->num_queues);
- qemu_put_be32s(f, &n);
- qemu_put_buffer(f, (unsigned char *)&req->elem, sizeof(req->elem));
-}
-
-static void *virtio_scsi_load_request(QEMUFile *f, SCSIRequest *sreq)
-{
- SCSIBus *bus = sreq->bus;
- VirtIOSCSI *s = container_of(bus, VirtIOSCSI, bus);
- VirtIOSCSIReq *req;
- uint32_t n;
-
- req = g_malloc(sizeof(*req));
- qemu_get_be32s(f, &n);
- assert(n < s->conf->num_queues);
- qemu_get_buffer(f, (unsigned char *)&req->elem, sizeof(req->elem));
- virtio_scsi_parse_req(s, s->cmd_vqs[n], req);
-
- scsi_req_ref(sreq);
- req->sreq = sreq;
- if (req->sreq->cmd.mode != SCSI_XFER_NONE) {
- int req_mode =
- (req->elem.in_num > 1 ? SCSI_XFER_FROM_DEV : SCSI_XFER_TO_DEV);
-
- assert(req->sreq->cmd.mode == req_mode);
- }
- return req;
-}
-
-static void virtio_scsi_do_tmf(VirtIOSCSI *s, VirtIOSCSIReq *req)
-{
- SCSIDevice *d = virtio_scsi_device_find(s, req->req.tmf->lun);
- SCSIRequest *r, *next;
- BusChild *kid;
- int target;
-
- /* Here VIRTIO_SCSI_S_OK means "FUNCTION COMPLETE". */
- req->resp.tmf->response = VIRTIO_SCSI_S_OK;
-
- switch (req->req.tmf->subtype) {
- case VIRTIO_SCSI_T_TMF_ABORT_TASK:
- case VIRTIO_SCSI_T_TMF_QUERY_TASK:
- if (!d) {
- goto fail;
- }
- if (d->lun != virtio_scsi_get_lun(req->req.tmf->lun)) {
- goto incorrect_lun;
- }
- QTAILQ_FOREACH_SAFE(r, &d->requests, next, next) {
- VirtIOSCSIReq *cmd_req = r->hba_private;
- if (cmd_req && cmd_req->req.cmd->tag == req->req.tmf->tag) {
- break;
- }
- }
- if (r) {
- /*
- * Assert that the request has not been completed yet, we
- * check for it in the loop above.
- */
- assert(r->hba_private);
- if (req->req.tmf->subtype == VIRTIO_SCSI_T_TMF_QUERY_TASK) {
- /* "If the specified command is present in the task set, then
- * return a service response set to FUNCTION SUCCEEDED".
- */
- req->resp.tmf->response = VIRTIO_SCSI_S_FUNCTION_SUCCEEDED;
- } else {
- scsi_req_cancel(r);
- }
- }
- break;
-
- case VIRTIO_SCSI_T_TMF_LOGICAL_UNIT_RESET:
- if (!d) {
- goto fail;
- }
- if (d->lun != virtio_scsi_get_lun(req->req.tmf->lun)) {
- goto incorrect_lun;
- }
- s->resetting++;
- qdev_reset_all(&d->qdev);
- s->resetting--;
- break;
-
- case VIRTIO_SCSI_T_TMF_ABORT_TASK_SET:
- case VIRTIO_SCSI_T_TMF_CLEAR_TASK_SET:
- case VIRTIO_SCSI_T_TMF_QUERY_TASK_SET:
- if (!d) {
- goto fail;
- }
- if (d->lun != virtio_scsi_get_lun(req->req.tmf->lun)) {
- goto incorrect_lun;
- }
- QTAILQ_FOREACH_SAFE(r, &d->requests, next, next) {
- if (r->hba_private) {
- if (req->req.tmf->subtype == VIRTIO_SCSI_T_TMF_QUERY_TASK_SET) {
- /* "If there is any command present in the task set, then
- * return a service response set to FUNCTION SUCCEEDED".
- */
- req->resp.tmf->response = VIRTIO_SCSI_S_FUNCTION_SUCCEEDED;
- break;
- } else {
- scsi_req_cancel(r);
- }
- }
- }
- break;
-
- case VIRTIO_SCSI_T_TMF_I_T_NEXUS_RESET:
- target = req->req.tmf->lun[1];
- s->resetting++;
- QTAILQ_FOREACH(kid, &s->bus.qbus.children, sibling) {
- d = DO_UPCAST(SCSIDevice, qdev, kid->child);
- if (d->channel == 0 && d->id == target) {
- qdev_reset_all(&d->qdev);
- }
- }
- s->resetting--;
- break;
-
- case VIRTIO_SCSI_T_TMF_CLEAR_ACA:
- default:
- req->resp.tmf->response = VIRTIO_SCSI_S_FUNCTION_REJECTED;
- break;
- }
-
- return;
-
-incorrect_lun:
- req->resp.tmf->response = VIRTIO_SCSI_S_INCORRECT_LUN;
- return;
-
-fail:
- req->resp.tmf->response = VIRTIO_SCSI_S_BAD_TARGET;
-}
-
-static void virtio_scsi_handle_ctrl(VirtIODevice *vdev, VirtQueue *vq)
-{
- VirtIOSCSI *s = (VirtIOSCSI *)vdev;
- VirtIOSCSIReq *req;
-
- while ((req = virtio_scsi_pop_req(s, vq))) {
- int out_size, in_size;
- if (req->elem.out_num < 1 || req->elem.in_num < 1) {
- virtio_scsi_bad_req();
- continue;
- }
-
- out_size = req->elem.out_sg[0].iov_len;
- in_size = req->elem.in_sg[0].iov_len;
- if (req->req.tmf->type == VIRTIO_SCSI_T_TMF) {
- if (out_size < sizeof(VirtIOSCSICtrlTMFReq) ||
- in_size < sizeof(VirtIOSCSICtrlTMFResp)) {
- virtio_scsi_bad_req();
- }
- virtio_scsi_do_tmf(s, req);
-
- } else if (req->req.tmf->type == VIRTIO_SCSI_T_AN_QUERY ||
- req->req.tmf->type == VIRTIO_SCSI_T_AN_SUBSCRIBE) {
- if (out_size < sizeof(VirtIOSCSICtrlANReq) ||
- in_size < sizeof(VirtIOSCSICtrlANResp)) {
- virtio_scsi_bad_req();
- }
- req->resp.an->event_actual = 0;
- req->resp.an->response = VIRTIO_SCSI_S_OK;
- }
- virtio_scsi_complete_req(req);
- }
-}
-
-static void virtio_scsi_command_complete(SCSIRequest *r, uint32_t status,
- size_t resid)
-{
- VirtIOSCSIReq *req = r->hba_private;
- uint32_t sense_len;
-
- req->resp.cmd->response = VIRTIO_SCSI_S_OK;
- req->resp.cmd->status = status;
- if (req->resp.cmd->status == GOOD) {
- req->resp.cmd->resid = tswap32(resid);
- } else {
- req->resp.cmd->resid = 0;
- sense_len = scsi_req_get_sense(r, req->resp.cmd->sense,
- VIRTIO_SCSI_SENSE_SIZE);
- req->resp.cmd->sense_len = tswap32(sense_len);
- }
- virtio_scsi_complete_req(req);
-}
-
-static QEMUSGList *virtio_scsi_get_sg_list(SCSIRequest *r)
-{
- VirtIOSCSIReq *req = r->hba_private;
-
- return &req->qsgl;
-}
-
-static void virtio_scsi_request_cancelled(SCSIRequest *r)
-{
- VirtIOSCSIReq *req = r->hba_private;
-
- if (!req) {
- return;
- }
- if (req->dev->resetting) {
- req->resp.cmd->response = VIRTIO_SCSI_S_RESET;
- } else {
- req->resp.cmd->response = VIRTIO_SCSI_S_ABORTED;
- }
- virtio_scsi_complete_req(req);
-}
-
-static void virtio_scsi_fail_cmd_req(VirtIOSCSIReq *req)
-{
- req->resp.cmd->response = VIRTIO_SCSI_S_FAILURE;
- virtio_scsi_complete_req(req);
-}
-
-static void virtio_scsi_handle_cmd(VirtIODevice *vdev, VirtQueue *vq)
-{
- VirtIOSCSI *s = (VirtIOSCSI *)vdev;
- VirtIOSCSIReq *req;
- int n;
-
- while ((req = virtio_scsi_pop_req(s, vq))) {
- SCSIDevice *d;
- int out_size, in_size;
- if (req->elem.out_num < 1 || req->elem.in_num < 1) {
- virtio_scsi_bad_req();
- }
-
- out_size = req->elem.out_sg[0].iov_len;
- in_size = req->elem.in_sg[0].iov_len;
- if (out_size < sizeof(VirtIOSCSICmdReq) + s->cdb_size ||
- in_size < sizeof(VirtIOSCSICmdResp) + s->sense_size) {
- virtio_scsi_bad_req();
- }
-
- if (req->elem.out_num > 1 && req->elem.in_num > 1) {
- virtio_scsi_fail_cmd_req(req);
- continue;
- }
-
- d = virtio_scsi_device_find(s, req->req.cmd->lun);
- if (!d) {
- req->resp.cmd->response = VIRTIO_SCSI_S_BAD_TARGET;
- virtio_scsi_complete_req(req);
- continue;
- }
- req->sreq = scsi_req_new(d, req->req.cmd->tag,
- virtio_scsi_get_lun(req->req.cmd->lun),
- req->req.cmd->cdb, req);
-
- if (req->sreq->cmd.mode != SCSI_XFER_NONE) {
- int req_mode =
- (req->elem.in_num > 1 ? SCSI_XFER_FROM_DEV : SCSI_XFER_TO_DEV);
-
- if (req->sreq->cmd.mode != req_mode ||
- req->sreq->cmd.xfer > req->qsgl.size) {
- req->resp.cmd->response = VIRTIO_SCSI_S_OVERRUN;
- virtio_scsi_complete_req(req);
- continue;
- }
- }
-
- n = scsi_req_enqueue(req->sreq);
- if (n) {
- scsi_req_continue(req->sreq);
- }
- }
-}
-
-static void virtio_scsi_get_config(VirtIODevice *vdev,
- uint8_t *config)
-{
- VirtIOSCSIConfig *scsiconf = (VirtIOSCSIConfig *)config;
- VirtIOSCSI *s = (VirtIOSCSI *)vdev;
-
- stl_raw(&scsiconf->num_queues, s->conf->num_queues);
- stl_raw(&scsiconf->seg_max, 128 - 2);
- stl_raw(&scsiconf->max_sectors, s->conf->max_sectors);
- stl_raw(&scsiconf->cmd_per_lun, s->conf->cmd_per_lun);
- stl_raw(&scsiconf->event_info_size, sizeof(VirtIOSCSIEvent));
- stl_raw(&scsiconf->sense_size, s->sense_size);
- stl_raw(&scsiconf->cdb_size, s->cdb_size);
- stw_raw(&scsiconf->max_channel, VIRTIO_SCSI_MAX_CHANNEL);
- stw_raw(&scsiconf->max_target, VIRTIO_SCSI_MAX_TARGET);
- stl_raw(&scsiconf->max_lun, VIRTIO_SCSI_MAX_LUN);
-}
-
-static void virtio_scsi_set_config(VirtIODevice *vdev,
- const uint8_t *config)
-{
- VirtIOSCSIConfig *scsiconf = (VirtIOSCSIConfig *)config;
- VirtIOSCSI *s = (VirtIOSCSI *)vdev;
-
- if ((uint32_t) ldl_raw(&scsiconf->sense_size) >= 65536 ||
- (uint32_t) ldl_raw(&scsiconf->cdb_size) >= 256) {
- error_report("bad data written to virtio-scsi configuration space");
- exit(1);
- }
-
- s->sense_size = ldl_raw(&scsiconf->sense_size);
- s->cdb_size = ldl_raw(&scsiconf->cdb_size);
-}
-
-static uint32_t virtio_scsi_get_features(VirtIODevice *vdev,
- uint32_t requested_features)
-{
- return requested_features;
-}
-
-static void virtio_scsi_reset(VirtIODevice *vdev)
-{
- VirtIOSCSI *s = (VirtIOSCSI *)vdev;
-
- s->sense_size = VIRTIO_SCSI_SENSE_SIZE;
- s->cdb_size = VIRTIO_SCSI_CDB_SIZE;
- s->events_dropped = false;
-}
-
-/* The device does not have anything to save beyond the virtio data.
- * Request data is saved with callbacks from SCSI devices.
- */
-static void virtio_scsi_save(QEMUFile *f, void *opaque)
-{
- VirtIOSCSI *s = opaque;
- virtio_save(&s->vdev, f);
-}
-
-static int virtio_scsi_load(QEMUFile *f, void *opaque, int version_id)
-{
- VirtIOSCSI *s = opaque;
- int ret;
-
- ret = virtio_load(&s->vdev, f);
- if (ret) {
- return ret;
- }
- return 0;
-}
-
-static void virtio_scsi_push_event(VirtIOSCSI *s, SCSIDevice *dev,
- uint32_t event, uint32_t reason)
-{
- VirtIOSCSIReq *req = virtio_scsi_pop_req(s, s->event_vq);
- VirtIOSCSIEvent *evt;
- int in_size;
-
- if (!(s->vdev.status & VIRTIO_CONFIG_S_DRIVER_OK)) {
- return;
- }
-
- if (!req) {
- s->events_dropped = true;
- return;
- }
-
- if (req->elem.out_num || req->elem.in_num != 1) {
- virtio_scsi_bad_req();
- }
-
- if (s->events_dropped) {
- event |= VIRTIO_SCSI_T_EVENTS_MISSED;
- s->events_dropped = false;
- }
-
- in_size = req->elem.in_sg[0].iov_len;
- if (in_size < sizeof(VirtIOSCSIEvent)) {
- virtio_scsi_bad_req();
- }
-
- evt = req->resp.event;
- memset(evt, 0, sizeof(VirtIOSCSIEvent));
- evt->event = event;
- evt->reason = reason;
- if (!dev) {
- assert(event == VIRTIO_SCSI_T_NO_EVENT);
- } else {
- evt->lun[0] = 1;
- evt->lun[1] = dev->id;
-
- /* Linux wants us to keep the same encoding we use for REPORT LUNS. */
- if (dev->lun >= 256) {
- evt->lun[2] = (dev->lun >> 8) | 0x40;
- }
- evt->lun[3] = dev->lun & 0xFF;
- }
- virtio_scsi_complete_req(req);
-}
-
-static void virtio_scsi_handle_event(VirtIODevice *vdev, VirtQueue *vq)
-{
- VirtIOSCSI *s = (VirtIOSCSI *)vdev;
-
- if (s->events_dropped) {
- virtio_scsi_push_event(s, NULL, VIRTIO_SCSI_T_NO_EVENT, 0);
- }
-}
-
-static void virtio_scsi_change(SCSIBus *bus, SCSIDevice *dev, SCSISense sense)
-{
- VirtIOSCSI *s = container_of(bus, VirtIOSCSI, bus);
-
- if (((s->vdev.guest_features >> VIRTIO_SCSI_F_CHANGE) & 1) &&
- dev->type != TYPE_ROM) {
- virtio_scsi_push_event(s, dev, VIRTIO_SCSI_T_PARAM_CHANGE,
- sense.asc | (sense.ascq << 8));
- }
-}
-
-static void virtio_scsi_hotplug(SCSIBus *bus, SCSIDevice *dev)
-{
- VirtIOSCSI *s = container_of(bus, VirtIOSCSI, bus);
-
- if ((s->vdev.guest_features >> VIRTIO_SCSI_F_HOTPLUG) & 1) {
- virtio_scsi_push_event(s, dev, VIRTIO_SCSI_T_TRANSPORT_RESET,
- VIRTIO_SCSI_EVT_RESET_RESCAN);
- }
-}
-
-static void virtio_scsi_hot_unplug(SCSIBus *bus, SCSIDevice *dev)
-{
- VirtIOSCSI *s = container_of(bus, VirtIOSCSI, bus);
-
- if ((s->vdev.guest_features >> VIRTIO_SCSI_F_HOTPLUG) & 1) {
- virtio_scsi_push_event(s, dev, VIRTIO_SCSI_T_TRANSPORT_RESET,
- VIRTIO_SCSI_EVT_RESET_REMOVED);
- }
-}
-
-static struct SCSIBusInfo virtio_scsi_scsi_info = {
- .tcq = true,
- .max_channel = VIRTIO_SCSI_MAX_CHANNEL,
- .max_target = VIRTIO_SCSI_MAX_TARGET,
- .max_lun = VIRTIO_SCSI_MAX_LUN,
-
- .complete = virtio_scsi_command_complete,
- .cancel = virtio_scsi_request_cancelled,
- .change = virtio_scsi_change,
- .hotplug = virtio_scsi_hotplug,
- .hot_unplug = virtio_scsi_hot_unplug,
- .get_sg_list = virtio_scsi_get_sg_list,
- .save_request = virtio_scsi_save_request,
- .load_request = virtio_scsi_load_request,
-};
-
-VirtIODevice *virtio_scsi_init(DeviceState *dev, VirtIOSCSIConf *proxyconf)
-{
- VirtIOSCSI *s;
- static int virtio_scsi_id;
- size_t sz;
- int i;
-
- sz = sizeof(VirtIOSCSI) + proxyconf->num_queues * sizeof(VirtQueue *);
- s = (VirtIOSCSI *)virtio_common_init("virtio-scsi", VIRTIO_ID_SCSI,
- sizeof(VirtIOSCSIConfig), sz);
-
- s->qdev = dev;
- s->conf = proxyconf;
-
- /* TODO set up vdev function pointers */
- s->vdev.get_config = virtio_scsi_get_config;
- s->vdev.set_config = virtio_scsi_set_config;
- s->vdev.get_features = virtio_scsi_get_features;
- s->vdev.reset = virtio_scsi_reset;
-
- s->ctrl_vq = virtio_add_queue(&s->vdev, VIRTIO_SCSI_VQ_SIZE,
- virtio_scsi_handle_ctrl);
- s->event_vq = virtio_add_queue(&s->vdev, VIRTIO_SCSI_VQ_SIZE,
- virtio_scsi_handle_event);
- for (i = 0; i < s->conf->num_queues; i++) {
- s->cmd_vqs[i] = virtio_add_queue(&s->vdev, VIRTIO_SCSI_VQ_SIZE,
- virtio_scsi_handle_cmd);
- }
-
- scsi_bus_new(&s->bus, dev, &virtio_scsi_scsi_info);
- if (!dev->hotplugged) {
- scsi_bus_legacy_handle_cmdline(&s->bus);
- }
-
- register_savevm(dev, "virtio-scsi", virtio_scsi_id++, 1,
- virtio_scsi_save, virtio_scsi_load, s);
-
- return &s->vdev;
-}
-
-void virtio_scsi_exit(VirtIODevice *vdev)
-{
- VirtIOSCSI *s = (VirtIOSCSI *)vdev;
- unregister_savevm(s->qdev, "virtio-scsi", s);
- virtio_cleanup(vdev);
-}
diff --git a/hw/virtio-scsi.h b/hw/virtio-scsi.h
deleted file mode 100644
index 91924f6df..000000000
--- a/hw/virtio-scsi.h
+++ /dev/null
@@ -1,43 +0,0 @@
-/*
- * Virtio SCSI HBA
- *
- * Copyright IBM, Corp. 2010
- *
- * Authors:
- * Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
- *
- * This work is licensed under the terms of the GNU GPL, version 2. See
- * the COPYING file in the top-level directory.
- *
- */
-
-#ifndef _QEMU_VIRTIO_SCSI_H
-#define _QEMU_VIRTIO_SCSI_H
-
-#include "virtio.h"
-#include "net.h"
-#include "pci.h"
-
-/* The ID for virtio_scsi */
-#define VIRTIO_ID_SCSI 8
-
-/* Feature Bits */
-#define VIRTIO_SCSI_F_INOUT 0
-#define VIRTIO_SCSI_F_HOTPLUG 1
-#define VIRTIO_SCSI_F_CHANGE 2
-
-struct VirtIOSCSIConf {
- uint32_t num_queues;
- uint32_t max_sectors;
- uint32_t cmd_per_lun;
-};
-
-#define DEFINE_VIRTIO_SCSI_PROPERTIES(_state, _features_field, _conf_field) \
- DEFINE_VIRTIO_COMMON_FEATURES(_state, _features_field), \
- DEFINE_PROP_UINT32("num_queues", _state, _conf_field.num_queues, 1), \
- DEFINE_PROP_UINT32("max_sectors", _state, _conf_field.max_sectors, 0xFFFF), \
- DEFINE_PROP_UINT32("cmd_per_lun", _state, _conf_field.cmd_per_lun, 128), \
- DEFINE_PROP_BIT("hotplug", _state, _features_field, VIRTIO_SCSI_F_HOTPLUG, true), \
- DEFINE_PROP_BIT("param_change", _state, _features_field, VIRTIO_SCSI_F_CHANGE, true)
-
-#endif /* _QEMU_VIRTIO_SCSI_H */
diff --git a/hw/virtio-serial-bus.c b/hw/virtio-serial-bus.c
deleted file mode 100644
index 155da58dc..000000000
--- a/hw/virtio-serial-bus.c
+++ /dev/null
@@ -1,1045 +0,0 @@
-/*
- * A bus for connecting virtio serial and console ports
- *
- * Copyright (C) 2009, 2010 Red Hat, Inc.
- *
- * Author(s):
- * Amit Shah <amit.shah@redhat.com>
- *
- * Some earlier parts are:
- * Copyright IBM, Corp. 2008
- * authored by
- * Christian Ehrhardt <ehrhardt@linux.vnet.ibm.com>
- *
- * This work is licensed under the terms of the GNU GPL, version 2. See
- * the COPYING file in the top-level directory.
- *
- * Contributions after 2012-01-13 are licensed under the terms of the
- * GNU GPL, version 2 or (at your option) any later version.
- */
-
-#include "iov.h"
-#include "monitor.h"
-#include "qemu-queue.h"
-#include "sysbus.h"
-#include "trace.h"
-#include "virtio-serial.h"
-
-/* The virtio-serial bus on top of which the ports will ride as devices */
-struct VirtIOSerialBus {
- BusState qbus;
-
- /* This is the parent device that provides the bus for ports. */
- VirtIOSerial *vser;
-
- /* The maximum number of ports that can ride on top of this bus */
- uint32_t max_nr_ports;
-};
-
-struct VirtIOSerial {
- VirtIODevice vdev;
-
- VirtQueue *c_ivq, *c_ovq;
- /* Arrays of ivqs and ovqs: one per port */
- VirtQueue **ivqs, **ovqs;
-
- VirtIOSerialBus bus;
-
- DeviceState *qdev;
-
- QTAILQ_HEAD(, VirtIOSerialPort) ports;
-
- /* bitmap for identifying active ports */
- uint32_t *ports_map;
-
- struct virtio_console_config config;
-
- struct {
- QEMUTimer *timer;
- int nr_active_ports;
- struct {
- VirtIOSerialPort *port;
- uint8_t host_connected;
- } *connected;
- } post_load;
-};
-
-static VirtIOSerialPort *find_port_by_id(VirtIOSerial *vser, uint32_t id)
-{
- VirtIOSerialPort *port;
-
- if (id == VIRTIO_CONSOLE_BAD_ID) {
- return NULL;
- }
-
- QTAILQ_FOREACH(port, &vser->ports, next) {
- if (port->id == id)
- return port;
- }
- return NULL;
-}
-
-static VirtIOSerialPort *find_port_by_vq(VirtIOSerial *vser, VirtQueue *vq)
-{
- VirtIOSerialPort *port;
-
- QTAILQ_FOREACH(port, &vser->ports, next) {
- if (port->ivq == vq || port->ovq == vq)
- return port;
- }
- return NULL;
-}
-
-static bool use_multiport(VirtIOSerial *vser)
-{
- return vser->vdev.guest_features & (1 << VIRTIO_CONSOLE_F_MULTIPORT);
-}
-
-static size_t write_to_port(VirtIOSerialPort *port,
- const uint8_t *buf, size_t size)
-{
- VirtQueueElement elem;
- VirtQueue *vq;
- size_t offset;
-
- vq = port->ivq;
- if (!virtio_queue_ready(vq)) {
- return 0;
- }
-
- offset = 0;
- while (offset < size) {
- size_t len;
-
- if (!virtqueue_pop(vq, &elem)) {
- break;
- }
-
- len = iov_from_buf(elem.in_sg, elem.in_num, 0,
- buf + offset, size - offset);
- offset += len;
-
- virtqueue_push(vq, &elem, len);
- }
-
- virtio_notify(&port->vser->vdev, vq);
- return offset;
-}
-
-static void discard_vq_data(VirtQueue *vq, VirtIODevice *vdev)
-{
- VirtQueueElement elem;
-
- if (!virtio_queue_ready(vq)) {
- return;
- }
- while (virtqueue_pop(vq, &elem)) {
- virtqueue_push(vq, &elem, 0);
- }
- virtio_notify(vdev, vq);
-}
-
-static void do_flush_queued_data(VirtIOSerialPort *port, VirtQueue *vq,
- VirtIODevice *vdev)
-{
- VirtIOSerialPortClass *vsc;
-
- assert(port);
- assert(virtio_queue_ready(vq));
-
- vsc = VIRTIO_SERIAL_PORT_GET_CLASS(port);
-
- while (!port->throttled) {
- unsigned int i;
-
- /* Pop an elem only if we haven't left off a previous one mid-way */
- if (!port->elem.out_num) {
- if (!virtqueue_pop(vq, &port->elem)) {
- break;
- }
- port->iov_idx = 0;
- port->iov_offset = 0;
- }
-
- for (i = port->iov_idx; i < port->elem.out_num; i++) {
- size_t buf_size;
- ssize_t ret;
-
- buf_size = port->elem.out_sg[i].iov_len - port->iov_offset;
- ret = vsc->have_data(port,
- port->elem.out_sg[i].iov_base
- + port->iov_offset,
- buf_size);
- if (ret < 0 && ret != -EAGAIN) {
- /* We don't handle any other type of errors here */
- abort();
- }
- if (ret == -EAGAIN || (ret >= 0 && ret < buf_size)) {
- /*
- * this is a temporary check until chardevs can signal to
- * frontends that they are writable again. This prevents
- * the console from going into throttled mode (forever)
- * if virtio-console is connected to a pty without a
- * listener. Otherwise the guest spins forever.
- * We can revert this if
- * 1: chardevs can notify frondends
- * 2: the guest driver does not spin in these cases
- */
- if (!vsc->is_console) {
- virtio_serial_throttle_port(port, true);
- }
- port->iov_idx = i;
- if (ret > 0) {
- port->iov_offset += ret;
- }
- break;
- }
- port->iov_offset = 0;
- }
- if (port->throttled) {
- break;
- }
- virtqueue_push(vq, &port->elem, 0);
- port->elem.out_num = 0;
- }
- virtio_notify(vdev, vq);
-}
-
-static void flush_queued_data(VirtIOSerialPort *port)
-{
- assert(port);
-
- if (!virtio_queue_ready(port->ovq)) {
- return;
- }
- do_flush_queued_data(port, port->ovq, &port->vser->vdev);
-}
-
-static size_t send_control_msg(VirtIOSerialPort *port, void *buf, size_t len)
-{
- VirtQueueElement elem;
- VirtQueue *vq;
- struct virtio_console_control *cpkt;
-
- vq = port->vser->c_ivq;
- if (!virtio_queue_ready(vq)) {
- return 0;
- }
- if (!virtqueue_pop(vq, &elem)) {
- return 0;
- }
-
- cpkt = (struct virtio_console_control *)buf;
- stl_p(&cpkt->id, port->id);
- memcpy(elem.in_sg[0].iov_base, buf, len);
-
- virtqueue_push(vq, &elem, len);
- virtio_notify(&port->vser->vdev, vq);
- return len;
-}
-
-static size_t send_control_event(VirtIOSerialPort *port, uint16_t event,
- uint16_t value)
-{
- struct virtio_console_control cpkt;
-
- stw_p(&cpkt.event, event);
- stw_p(&cpkt.value, value);
-
- trace_virtio_serial_send_control_event(port->id, event, value);
- return send_control_msg(port, &cpkt, sizeof(cpkt));
-}
-
-/* Functions for use inside qemu to open and read from/write to ports */
-int virtio_serial_open(VirtIOSerialPort *port)
-{
- /* Don't allow opening an already-open port */
- if (port->host_connected) {
- return 0;
- }
- /* Send port open notification to the guest */
- port->host_connected = true;
- send_control_event(port, VIRTIO_CONSOLE_PORT_OPEN, 1);
-
- return 0;
-}
-
-int virtio_serial_close(VirtIOSerialPort *port)
-{
- port->host_connected = false;
- /*
- * If there's any data the guest sent which the app didn't
- * consume, reset the throttling flag and discard the data.
- */
- port->throttled = false;
- discard_vq_data(port->ovq, &port->vser->vdev);
-
- send_control_event(port, VIRTIO_CONSOLE_PORT_OPEN, 0);
-
- return 0;
-}
-
-/* Individual ports/apps call this function to write to the guest. */
-ssize_t virtio_serial_write(VirtIOSerialPort *port, const uint8_t *buf,
- size_t size)
-{
- if (!port || !port->host_connected || !port->guest_connected) {
- return 0;
- }
- return write_to_port(port, buf, size);
-}
-
-/*
- * Readiness of the guest to accept data on a port.
- * Returns max. data the guest can receive
- */
-size_t virtio_serial_guest_ready(VirtIOSerialPort *port)
-{
- VirtQueue *vq = port->ivq;
- unsigned int bytes;
-
- if (!virtio_queue_ready(vq) ||
- !(port->vser->vdev.status & VIRTIO_CONFIG_S_DRIVER_OK) ||
- virtio_queue_empty(vq)) {
- return 0;
- }
- if (use_multiport(port->vser) && !port->guest_connected) {
- return 0;
- }
- virtqueue_get_avail_bytes(vq, &bytes, NULL, 4096, 0);
- return bytes;
-}
-
-static void flush_queued_data_bh(void *opaque)
-{
- VirtIOSerialPort *port = opaque;
-
- flush_queued_data(port);
-}
-
-void virtio_serial_throttle_port(VirtIOSerialPort *port, bool throttle)
-{
- if (!port) {
- return;
- }
-
- trace_virtio_serial_throttle_port(port->id, throttle);
- port->throttled = throttle;
- if (throttle) {
- return;
- }
- qemu_bh_schedule(port->bh);
-}
-
-/* Guest wants to notify us of some event */
-static void handle_control_message(VirtIOSerial *vser, void *buf, size_t len)
-{
- struct VirtIOSerialPort *port;
- VirtIOSerialPortClass *vsc;
- struct virtio_console_control cpkt, *gcpkt;
- uint8_t *buffer;
- size_t buffer_len;
-
- gcpkt = buf;
-
- if (len < sizeof(cpkt)) {
- /* The guest sent an invalid control packet */
- return;
- }
-
- cpkt.event = lduw_p(&gcpkt->event);
- cpkt.value = lduw_p(&gcpkt->value);
-
- trace_virtio_serial_handle_control_message(cpkt.event, cpkt.value);
-
- if (cpkt.event == VIRTIO_CONSOLE_DEVICE_READY) {
- if (!cpkt.value) {
- error_report("virtio-serial-bus: Guest failure in adding device %s",
- vser->bus.qbus.name);
- return;
- }
- /*
- * The device is up, we can now tell the device about all the
- * ports we have here.
- */
- QTAILQ_FOREACH(port, &vser->ports, next) {
- send_control_event(port, VIRTIO_CONSOLE_PORT_ADD, 1);
- }
- return;
- }
-
- port = find_port_by_id(vser, ldl_p(&gcpkt->id));
- if (!port) {
- error_report("virtio-serial-bus: Unexpected port id %u for device %s",
- ldl_p(&gcpkt->id), vser->bus.qbus.name);
- return;
- }
-
- trace_virtio_serial_handle_control_message_port(port->id);
-
- vsc = VIRTIO_SERIAL_PORT_GET_CLASS(port);
-
- switch(cpkt.event) {
- case VIRTIO_CONSOLE_PORT_READY:
- if (!cpkt.value) {
- error_report("virtio-serial-bus: Guest failure in adding port %u for device %s",
- port->id, vser->bus.qbus.name);
- break;
- }
- /*
- * Now that we know the guest asked for the port name, we're
- * sure the guest has initialised whatever state is necessary
- * for this port. Now's a good time to let the guest know if
- * this port is a console port so that the guest can hook it
- * up to hvc.
- */
- if (vsc->is_console) {
- send_control_event(port, VIRTIO_CONSOLE_CONSOLE_PORT, 1);
- }
-
- if (port->name) {
- stw_p(&cpkt.event, VIRTIO_CONSOLE_PORT_NAME);
- stw_p(&cpkt.value, 1);
-
- buffer_len = sizeof(cpkt) + strlen(port->name) + 1;
- buffer = g_malloc(buffer_len);
-
- memcpy(buffer, &cpkt, sizeof(cpkt));
- memcpy(buffer + sizeof(cpkt), port->name, strlen(port->name));
- buffer[buffer_len - 1] = 0;
-
- send_control_msg(port, buffer, buffer_len);
- g_free(buffer);
- }
-
- if (port->host_connected) {
- send_control_event(port, VIRTIO_CONSOLE_PORT_OPEN, 1);
- }
-
- /*
- * When the guest has asked us for this information it means
- * the guest is all setup and has its virtqueues
- * initialised. If some app is interested in knowing about
- * this event, let it know.
- */
- if (vsc->guest_ready) {
- vsc->guest_ready(port);
- }
- break;
-
- case VIRTIO_CONSOLE_PORT_OPEN:
- port->guest_connected = cpkt.value;
- if (cpkt.value && vsc->guest_open) {
- /* Send the guest opened notification if an app is interested */
- vsc->guest_open(port);
- }
-
- if (!cpkt.value && vsc->guest_close) {
- /* Send the guest closed notification if an app is interested */
- vsc->guest_close(port);
- }
- break;
- }
-}
-
-static void control_in(VirtIODevice *vdev, VirtQueue *vq)
-{
-}
-
-static void control_out(VirtIODevice *vdev, VirtQueue *vq)
-{
- VirtQueueElement elem;
- VirtIOSerial *vser;
- uint8_t *buf;
- size_t len;
-
- vser = DO_UPCAST(VirtIOSerial, vdev, vdev);
-
- len = 0;
- buf = NULL;
- while (virtqueue_pop(vq, &elem)) {
- size_t cur_len;
-
- cur_len = iov_size(elem.out_sg, elem.out_num);
- /*
- * Allocate a new buf only if we didn't have one previously or
- * if the size of the buf differs
- */
- if (cur_len > len) {
- g_free(buf);
-
- buf = g_malloc(cur_len);
- len = cur_len;
- }
- iov_to_buf(elem.out_sg, elem.out_num, 0, buf, cur_len);
-
- handle_control_message(vser, buf, cur_len);
- virtqueue_push(vq, &elem, 0);
- }
- g_free(buf);
- virtio_notify(vdev, vq);
-}
-
-/* Guest wrote something to some port. */
-static void handle_output(VirtIODevice *vdev, VirtQueue *vq)
-{
- VirtIOSerial *vser;
- VirtIOSerialPort *port;
-
- vser = DO_UPCAST(VirtIOSerial, vdev, vdev);
- port = find_port_by_vq(vser, vq);
-
- if (!port || !port->host_connected) {
- discard_vq_data(vq, vdev);
- return;
- }
-
- if (!port->throttled) {
- do_flush_queued_data(port, vq, vdev);
- return;
- }
-}
-
-static void handle_input(VirtIODevice *vdev, VirtQueue *vq)
-{
-}
-
-static uint32_t get_features(VirtIODevice *vdev, uint32_t features)
-{
- VirtIOSerial *vser;
-
- vser = DO_UPCAST(VirtIOSerial, vdev, vdev);
-
- if (vser->bus.max_nr_ports > 1) {
- features |= (1 << VIRTIO_CONSOLE_F_MULTIPORT);
- }
- return features;
-}
-
-/* Guest requested config info */
-static void get_config(VirtIODevice *vdev, uint8_t *config_data)
-{
- VirtIOSerial *vser;
-
- vser = DO_UPCAST(VirtIOSerial, vdev, vdev);
- memcpy(config_data, &vser->config, sizeof(struct virtio_console_config));
-}
-
-static void set_config(VirtIODevice *vdev, const uint8_t *config_data)
-{
- struct virtio_console_config config;
-
- memcpy(&config, config_data, sizeof(config));
-}
-
-static void guest_reset(VirtIOSerial *vser)
-{
- VirtIOSerialPort *port;
- VirtIOSerialPortClass *vsc;
-
- QTAILQ_FOREACH(port, &vser->ports, next) {
- vsc = VIRTIO_SERIAL_PORT_GET_CLASS(port);
- if (port->guest_connected) {
- port->guest_connected = false;
-
- if (vsc->guest_close)
- vsc->guest_close(port);
- }
- }
-}
-
-static void set_status(VirtIODevice *vdev, uint8_t status)
-{
- VirtIOSerial *vser;
- VirtIOSerialPort *port;
-
- vser = DO_UPCAST(VirtIOSerial, vdev, vdev);
- port = find_port_by_id(vser, 0);
-
- if (port && !use_multiport(port->vser)
- && (status & VIRTIO_CONFIG_S_DRIVER_OK)) {
- /*
- * Non-multiport guests won't be able to tell us guest
- * open/close status. Such guests can only have a port at id
- * 0, so set guest_connected for such ports as soon as guest
- * is up.
- */
- port->guest_connected = true;
- }
- if (!(status & VIRTIO_CONFIG_S_DRIVER_OK)) {
- guest_reset(vser);
- }
-}
-
-static void vser_reset(VirtIODevice *vdev)
-{
- VirtIOSerial *vser;
-
- vser = DO_UPCAST(VirtIOSerial, vdev, vdev);
- guest_reset(vser);
-}
-
-static void virtio_serial_save(QEMUFile *f, void *opaque)
-{
- VirtIOSerial *s = opaque;
- VirtIOSerialPort *port;
- uint32_t nr_active_ports;
- unsigned int i, max_nr_ports;
-
- /* The virtio device */
- virtio_save(&s->vdev, f);
-
- /* The config space */
- qemu_put_be16s(f, &s->config.cols);
- qemu_put_be16s(f, &s->config.rows);
-
- qemu_put_be32s(f, &s->config.max_nr_ports);
-
- /* The ports map */
- max_nr_ports = tswap32(s->config.max_nr_ports);
- for (i = 0; i < (max_nr_ports + 31) / 32; i++) {
- qemu_put_be32s(f, &s->ports_map[i]);
- }
-
- /* Ports */
-
- nr_active_ports = 0;
- QTAILQ_FOREACH(port, &s->ports, next) {
- nr_active_ports++;
- }
-
- qemu_put_be32s(f, &nr_active_ports);
-
- /*
- * Items in struct VirtIOSerialPort.
- */
- QTAILQ_FOREACH(port, &s->ports, next) {
- uint32_t elem_popped;
-
- qemu_put_be32s(f, &port->id);
- qemu_put_byte(f, port->guest_connected);
- qemu_put_byte(f, port->host_connected);
-
- elem_popped = 0;
- if (port->elem.out_num) {
- elem_popped = 1;
- }
- qemu_put_be32s(f, &elem_popped);
- if (elem_popped) {
- qemu_put_be32s(f, &port->iov_idx);
- qemu_put_be64s(f, &port->iov_offset);
-
- qemu_put_buffer(f, (unsigned char *)&port->elem,
- sizeof(port->elem));
- }
- }
-}
-
-static void virtio_serial_post_load_timer_cb(void *opaque)
-{
- int i;
- VirtIOSerial *s = opaque;
- VirtIOSerialPort *port;
- uint8_t host_connected;
-
- for (i = 0 ; i < s->post_load.nr_active_ports; ++i) {
- port = s->post_load.connected[i].port;
- host_connected = s->post_load.connected[i].host_connected;
- if (host_connected != port->host_connected) {
- /*
- * We have to let the guest know of the host connection
- * status change
- */
- send_control_event(port, VIRTIO_CONSOLE_PORT_OPEN,
- port->host_connected);
- }
- }
- g_free(s->post_load.connected);
- s->post_load.connected = NULL;
-}
-
-static int virtio_serial_load(QEMUFile *f, void *opaque, int version_id)
-{
- VirtIOSerial *s = opaque;
- VirtIOSerialPort *port;
- uint32_t max_nr_ports, nr_active_ports, ports_map;
- unsigned int i;
- int ret;
-
- if (version_id > 3) {
- return -EINVAL;
- }
-
- /* The virtio device */
- ret = virtio_load(&s->vdev, f);
- if (ret) {
- return ret;
- }
-
- if (version_id < 2) {
- return 0;
- }
-
- /* The config space */
- qemu_get_be16s(f, &s->config.cols);
- qemu_get_be16s(f, &s->config.rows);
-
- qemu_get_be32s(f, &max_nr_ports);
- tswap32s(&max_nr_ports);
- if (max_nr_ports > tswap32(s->config.max_nr_ports)) {
- /* Source could have had more ports than us. Fail migration. */
- return -EINVAL;
- }
-
- for (i = 0; i < (max_nr_ports + 31) / 32; i++) {
- qemu_get_be32s(f, &ports_map);
-
- if (ports_map != s->ports_map[i]) {
- /*
- * Ports active on source and destination don't
- * match. Fail migration.
- */
- return -EINVAL;
- }
- }
-
- qemu_get_be32s(f, &nr_active_ports);
-
- s->post_load.nr_active_ports = nr_active_ports;
- s->post_load.connected =
- g_malloc0(sizeof(*s->post_load.connected) * nr_active_ports);
-
- /* Items in struct VirtIOSerialPort */
- for (i = 0; i < nr_active_ports; i++) {
- uint32_t id;
-
- id = qemu_get_be32(f);
- port = find_port_by_id(s, id);
- if (!port) {
- return -EINVAL;
- }
-
- port->guest_connected = qemu_get_byte(f);
- s->post_load.connected[i].port = port;
- s->post_load.connected[i].host_connected = qemu_get_byte(f);
-
- if (version_id > 2) {
- uint32_t elem_popped;
-
- qemu_get_be32s(f, &elem_popped);
- if (elem_popped) {
- qemu_get_be32s(f, &port->iov_idx);
- qemu_get_be64s(f, &port->iov_offset);
-
- qemu_get_buffer(f, (unsigned char *)&port->elem,
- sizeof(port->elem));
- virtqueue_map_sg(port->elem.in_sg, port->elem.in_addr,
- port->elem.in_num, 1);
- virtqueue_map_sg(port->elem.out_sg, port->elem.out_addr,
- port->elem.out_num, 1);
-
- /*
- * Port was throttled on source machine. Let's
- * unthrottle it here so data starts flowing again.
- */
- virtio_serial_throttle_port(port, false);
- }
- }
- }
- qemu_mod_timer(s->post_load.timer, 1);
- return 0;
-}
-
-static void virtser_bus_dev_print(Monitor *mon, DeviceState *qdev, int indent);
-
-static Property virtser_props[] = {
- DEFINE_PROP_UINT32("nr", VirtIOSerialPort, id, VIRTIO_CONSOLE_BAD_ID),
- DEFINE_PROP_STRING("name", VirtIOSerialPort, name),
- DEFINE_PROP_END_OF_LIST()
-};
-
-#define TYPE_VIRTIO_SERIAL_BUS "virtio-serial-bus"
-#define VIRTIO_SERIAL_BUS(obj) \
- OBJECT_CHECK(VirtIOSerialBus, (obj), TYPE_VIRTIO_SERIAL_BUS)
-
-static void virtser_bus_class_init(ObjectClass *klass, void *data)
-{
- BusClass *k = BUS_CLASS(klass);
- k->print_dev = virtser_bus_dev_print;
-}
-
-static const TypeInfo virtser_bus_info = {
- .name = TYPE_VIRTIO_SERIAL_BUS,
- .parent = TYPE_BUS,
- .instance_size = sizeof(VirtIOSerialBus),
- .class_init = virtser_bus_class_init,
-};
-
-static void virtser_bus_dev_print(Monitor *mon, DeviceState *qdev, int indent)
-{
- VirtIOSerialPort *port = DO_UPCAST(VirtIOSerialPort, dev, qdev);
-
- monitor_printf(mon, "%*sport %d, guest %s, host %s, throttle %s\n",
- indent, "", port->id,
- port->guest_connected ? "on" : "off",
- port->host_connected ? "on" : "off",
- port->throttled ? "on" : "off");
-}
-
-/* This function is only used if a port id is not provided by the user */
-static uint32_t find_free_port_id(VirtIOSerial *vser)
-{
- unsigned int i, max_nr_ports;
-
- max_nr_ports = tswap32(vser->config.max_nr_ports);
- for (i = 0; i < (max_nr_ports + 31) / 32; i++) {
- uint32_t map, bit;
-
- map = vser->ports_map[i];
- bit = ffs(~map);
- if (bit) {
- return (bit - 1) + i * 32;
- }
- }
- return VIRTIO_CONSOLE_BAD_ID;
-}
-
-static void mark_port_added(VirtIOSerial *vser, uint32_t port_id)
-{
- unsigned int i;
-
- i = port_id / 32;
- vser->ports_map[i] |= 1U << (port_id % 32);
-}
-
-static void add_port(VirtIOSerial *vser, uint32_t port_id)
-{
- mark_port_added(vser, port_id);
-
- send_control_event(find_port_by_id(vser, port_id),
- VIRTIO_CONSOLE_PORT_ADD, 1);
-}
-
-static void remove_port(VirtIOSerial *vser, uint32_t port_id)
-{
- VirtIOSerialPort *port;
- unsigned int i;
-
- i = port_id / 32;
- vser->ports_map[i] &= ~(1U << (port_id % 32));
-
- port = find_port_by_id(vser, port_id);
- /* Flush out any unconsumed buffers first */
- discard_vq_data(port->ovq, &port->vser->vdev);
-
- send_control_event(port, VIRTIO_CONSOLE_PORT_REMOVE, 1);
-}
-
-static int virtser_port_qdev_init(DeviceState *qdev)
-{
- VirtIOSerialPort *port = DO_UPCAST(VirtIOSerialPort, dev, qdev);
- VirtIOSerialPortClass *vsc = VIRTIO_SERIAL_PORT_GET_CLASS(port);
- VirtIOSerialBus *bus = DO_UPCAST(VirtIOSerialBus, qbus, qdev->parent_bus);
- int ret, max_nr_ports;
- bool plugging_port0;
-
- port->vser = bus->vser;
- port->bh = qemu_bh_new(flush_queued_data_bh, port);
-
- assert(vsc->have_data);
-
- /*
- * Is the first console port we're seeing? If so, put it up at
- * location 0. This is done for backward compatibility (old
- * kernel, new qemu).
- */
- plugging_port0 = vsc->is_console && !find_port_by_id(port->vser, 0);
-
- if (find_port_by_id(port->vser, port->id)) {
- error_report("virtio-serial-bus: A port already exists at id %u",
- port->id);
- return -1;
- }
-
- if (port->id == VIRTIO_CONSOLE_BAD_ID) {
- if (plugging_port0) {
- port->id = 0;
- } else {
- port->id = find_free_port_id(port->vser);
- if (port->id == VIRTIO_CONSOLE_BAD_ID) {
- error_report("virtio-serial-bus: Maximum port limit for this device reached");
- return -1;
- }
- }
- }
-
- max_nr_ports = tswap32(port->vser->config.max_nr_ports);
- if (port->id >= max_nr_ports) {
- error_report("virtio-serial-bus: Out-of-range port id specified, max. allowed: %u",
- max_nr_ports - 1);
- return -1;
- }
-
- ret = vsc->init(port);
- if (ret) {
- return ret;
- }
-
- port->elem.out_num = 0;
-
- QTAILQ_INSERT_TAIL(&port->vser->ports, port, next);
- port->ivq = port->vser->ivqs[port->id];
- port->ovq = port->vser->ovqs[port->id];
-
- add_port(port->vser, port->id);
-
- /* Send an update to the guest about this new port added */
- virtio_notify_config(&port->vser->vdev);
-
- return ret;
-}
-
-static int virtser_port_qdev_exit(DeviceState *qdev)
-{
- VirtIOSerialPort *port = DO_UPCAST(VirtIOSerialPort, dev, qdev);
- VirtIOSerialPortClass *vsc = VIRTIO_SERIAL_PORT_GET_CLASS(port);
- VirtIOSerial *vser = port->vser;
-
- qemu_bh_delete(port->bh);
- remove_port(port->vser, port->id);
-
- QTAILQ_REMOVE(&vser->ports, port, next);
-
- if (vsc->exit) {
- vsc->exit(port);
- }
- return 0;
-}
-
-VirtIODevice *virtio_serial_init(DeviceState *dev, virtio_serial_conf *conf)
-{
- VirtIOSerial *vser;
- VirtIODevice *vdev;
- uint32_t i, max_supported_ports;
-
- if (!conf->max_virtserial_ports)
- return NULL;
-
- /* Each port takes 2 queues, and one pair is for the control queue */
- max_supported_ports = VIRTIO_PCI_QUEUE_MAX / 2 - 1;
-
- if (conf->max_virtserial_ports > max_supported_ports) {
- error_report("maximum ports supported: %u", max_supported_ports);
- return NULL;
- }
-
- vdev = virtio_common_init("virtio-serial", VIRTIO_ID_CONSOLE,
- sizeof(struct virtio_console_config),
- sizeof(VirtIOSerial));
-
- vser = DO_UPCAST(VirtIOSerial, vdev, vdev);
-
- /* Spawn a new virtio-serial bus on which the ports will ride as devices */
- qbus_create_inplace(&vser->bus.qbus, TYPE_VIRTIO_SERIAL_BUS, dev, NULL);
- vser->bus.qbus.allow_hotplug = 1;
- vser->bus.vser = vser;
- QTAILQ_INIT(&vser->ports);
-
- vser->bus.max_nr_ports = conf->max_virtserial_ports;
- vser->ivqs = g_malloc(conf->max_virtserial_ports * sizeof(VirtQueue *));
- vser->ovqs = g_malloc(conf->max_virtserial_ports * sizeof(VirtQueue *));
-
- /* Add a queue for host to guest transfers for port 0 (backward compat) */
- vser->ivqs[0] = virtio_add_queue(vdev, 128, handle_input);
- /* Add a queue for guest to host transfers for port 0 (backward compat) */
- vser->ovqs[0] = virtio_add_queue(vdev, 128, handle_output);
-
- /* TODO: host to guest notifications can get dropped
- * if the queue fills up. Implement queueing in host,
- * this might also make it possible to reduce the control
- * queue size: as guest preposts buffers there,
- * this will save 4Kbyte of guest memory per entry. */
-
- /* control queue: host to guest */
- vser->c_ivq = virtio_add_queue(vdev, 32, control_in);
- /* control queue: guest to host */
- vser->c_ovq = virtio_add_queue(vdev, 32, control_out);
-
- for (i = 1; i < vser->bus.max_nr_ports; i++) {
- /* Add a per-port queue for host to guest transfers */
- vser->ivqs[i] = virtio_add_queue(vdev, 128, handle_input);
- /* Add a per-per queue for guest to host transfers */
- vser->ovqs[i] = virtio_add_queue(vdev, 128, handle_output);
- }
-
- vser->config.max_nr_ports = tswap32(conf->max_virtserial_ports);
- vser->ports_map = g_malloc0(((conf->max_virtserial_ports + 31) / 32)
- * sizeof(vser->ports_map[0]));
- /*
- * Reserve location 0 for a console port for backward compat
- * (old kernel, new qemu)
- */
- mark_port_added(vser, 0);
-
- vser->vdev.get_features = get_features;
- vser->vdev.get_config = get_config;
- vser->vdev.set_config = set_config;
- vser->vdev.set_status = set_status;
- vser->vdev.reset = vser_reset;
-
- vser->qdev = dev;
-
- /*
- * Register for the savevm section with the virtio-console name
- * to preserve backward compat
- */
- register_savevm(dev, "virtio-console", -1, 3, virtio_serial_save,
- virtio_serial_load, vser);
-
- vser->post_load.timer = qemu_new_timer_ns(vm_clock,
- virtio_serial_post_load_timer_cb, vser);
-
- return vdev;
-}
-
-void virtio_serial_exit(VirtIODevice *vdev)
-{
- VirtIOSerial *vser = DO_UPCAST(VirtIOSerial, vdev, vdev);
-
- unregister_savevm(vser->qdev, "virtio-console", vser);
-
- g_free(vser->ivqs);
- g_free(vser->ovqs);
- g_free(vser->ports_map);
- g_free(vser->post_load.connected);
- qemu_free_timer(vser->post_load.timer);
-
- virtio_cleanup(vdev);
-}
-
-static void virtio_serial_port_class_init(ObjectClass *klass, void *data)
-{
- DeviceClass *k = DEVICE_CLASS(klass);
- k->init = virtser_port_qdev_init;
- k->bus_type = TYPE_VIRTIO_SERIAL_BUS;
- k->exit = virtser_port_qdev_exit;
- k->unplug = qdev_simple_unplug_cb;
- k->props = virtser_props;
-}
-
-static TypeInfo virtio_serial_port_type_info = {
- .name = TYPE_VIRTIO_SERIAL_PORT,
- .parent = TYPE_DEVICE,
- .instance_size = sizeof(VirtIOSerialPort),
- .abstract = true,
- .class_size = sizeof(VirtIOSerialPortClass),
- .class_init = virtio_serial_port_class_init,
-};
-
-static void virtio_serial_register_types(void)
-{
- type_register_static(&virtser_bus_info);
- type_register_static(&virtio_serial_port_type_info);
-}
-
-type_init(virtio_serial_register_types)
diff --git a/hw/virtio-serial.h b/hw/virtio-serial.h
deleted file mode 100644
index 16e39820a..000000000
--- a/hw/virtio-serial.h
+++ /dev/null
@@ -1,208 +0,0 @@
-/*
- * Virtio Serial / Console Support
- *
- * Copyright IBM, Corp. 2008
- * Copyright Red Hat, Inc. 2009, 2010
- *
- * Authors:
- * Christian Ehrhardt <ehrhardt@linux.vnet.ibm.com>
- * Amit Shah <amit.shah@redhat.com>
- *
- * This work is licensed under the terms of the GNU GPL, version 2. See
- * the COPYING file in the top-level directory.
- *
- */
-#ifndef _QEMU_VIRTIO_SERIAL_H
-#define _QEMU_VIRTIO_SERIAL_H
-
-#include "qdev.h"
-#include "virtio.h"
-
-/* == Interface shared between the guest kernel and qemu == */
-
-/* The Virtio ID for virtio console / serial ports */
-#define VIRTIO_ID_CONSOLE 3
-
-/* Features supported */
-#define VIRTIO_CONSOLE_F_MULTIPORT 1
-
-#define VIRTIO_CONSOLE_BAD_ID (~(uint32_t)0)
-
-struct virtio_console_config {
- /*
- * These two fields are used by VIRTIO_CONSOLE_F_SIZE which
- * isn't implemented here yet
- */
- uint16_t cols;
- uint16_t rows;
-
- uint32_t max_nr_ports;
-} QEMU_PACKED;
-
-struct virtio_console_control {
- uint32_t id; /* Port number */
- uint16_t event; /* The kind of control event (see below) */
- uint16_t value; /* Extra information for the key */
-};
-
-struct virtio_serial_conf {
- /* Max. number of ports we can have for a virtio-serial device */
- uint32_t max_virtserial_ports;
-};
-
-/* Some events for the internal messages (control packets) */
-#define VIRTIO_CONSOLE_DEVICE_READY 0
-#define VIRTIO_CONSOLE_PORT_ADD 1
-#define VIRTIO_CONSOLE_PORT_REMOVE 2
-#define VIRTIO_CONSOLE_PORT_READY 3
-#define VIRTIO_CONSOLE_CONSOLE_PORT 4
-#define VIRTIO_CONSOLE_RESIZE 5
-#define VIRTIO_CONSOLE_PORT_OPEN 6
-#define VIRTIO_CONSOLE_PORT_NAME 7
-
-/* == In-qemu interface == */
-
-#define TYPE_VIRTIO_SERIAL_PORT "virtio-serial-port"
-#define VIRTIO_SERIAL_PORT(obj) \
- OBJECT_CHECK(VirtIOSerialPort, (obj), TYPE_VIRTIO_SERIAL_PORT)
-#define VIRTIO_SERIAL_PORT_CLASS(klass) \
- OBJECT_CLASS_CHECK(VirtIOSerialPortClass, (klass), TYPE_VIRTIO_SERIAL_PORT)
-#define VIRTIO_SERIAL_PORT_GET_CLASS(obj) \
- OBJECT_GET_CLASS(VirtIOSerialPortClass, (obj), TYPE_VIRTIO_SERIAL_PORT)
-
-typedef struct VirtIOSerial VirtIOSerial;
-typedef struct VirtIOSerialBus VirtIOSerialBus;
-typedef struct VirtIOSerialPort VirtIOSerialPort;
-
-typedef struct VirtIOSerialPortClass {
- DeviceClass parent_class;
-
- /* Is this a device that binds with hvc in the guest? */
- bool is_console;
-
- /*
- * The per-port (or per-app) init function that's called when a
- * new device is found on the bus.
- */
- int (*init)(VirtIOSerialPort *port);
- /*
- * Per-port exit function that's called when a port gets
- * hot-unplugged or removed.
- */
- int (*exit)(VirtIOSerialPort *port);
-
- /* Callbacks for guest events */
- /* Guest opened device. */
- void (*guest_open)(VirtIOSerialPort *port);
- /* Guest closed device. */
- void (*guest_close)(VirtIOSerialPort *port);
-
- /* Guest is now ready to accept data (virtqueues set up). */
- void (*guest_ready)(VirtIOSerialPort *port);
-
- /*
- * Guest wrote some data to the port. This data is handed over to
- * the app via this callback. The app can return a size less than
- * 'len'. In this case, throttling will be enabled for this port.
- */
- ssize_t (*have_data)(VirtIOSerialPort *port, const uint8_t *buf,
- size_t len);
-} VirtIOSerialPortClass;
-
-/*
- * This is the state that's shared between all the ports. Some of the
- * state is configurable via command-line options. Some of it can be
- * set by individual devices in their initfn routines. Some of the
- * state is set by the generic qdev device init routine.
- */
-struct VirtIOSerialPort {
- DeviceState dev;
-
- QTAILQ_ENTRY(VirtIOSerialPort) next;
-
- /*
- * This field gives us the virtio device as well as the qdev bus
- * that we are associated with
- */
- VirtIOSerial *vser;
-
- VirtQueue *ivq, *ovq;
-
- /*
- * This name is sent to the guest and exported via sysfs.
- * The guest could create symlinks based on this information.
- * The name is in the reverse fqdn format, like org.qemu.console.0
- */
- char *name;
-
- /*
- * This id helps identify ports between the guest and the host.
- * The guest sends a "header" with this id with each data packet
- * that it sends and the host can then find out which associated
- * device to send out this data to
- */
- uint32_t id;
-
- /*
- * This is the elem that we pop from the virtqueue. A slow
- * backend that consumes guest data (e.g. the file backend for
- * qemu chardevs) can cause the guest to block till all the output
- * is flushed. This isn't desired, so we keep a note of the last
- * element popped and continue consuming it once the backend
- * becomes writable again.
- */
- VirtQueueElement elem;
-
- /*
- * The index and the offset into the iov buffer that was popped in
- * elem above.
- */
- uint32_t iov_idx;
- uint64_t iov_offset;
-
- /*
- * When unthrottling we use a bottom-half to call flush_queued_data.
- */
- QEMUBH *bh;
-
- /* Is the corresponding guest device open? */
- bool guest_connected;
- /* Is this device open for IO on the host? */
- bool host_connected;
- /* Do apps not want to receive data? */
- bool throttled;
-};
-
-/* Interface to the virtio-serial bus */
-
-/*
- * Open a connection to the port
- * Returns 0 on success (always).
- */
-int virtio_serial_open(VirtIOSerialPort *port);
-
-/*
- * Close the connection to the port
- * Returns 0 on success (always).
- */
-int virtio_serial_close(VirtIOSerialPort *port);
-
-/*
- * Send data to Guest
- */
-ssize_t virtio_serial_write(VirtIOSerialPort *port, const uint8_t *buf,
- size_t size);
-
-/*
- * Query whether a guest is ready to receive data.
- */
-size_t virtio_serial_guest_ready(VirtIOSerialPort *port);
-
-/*
- * Flow control: Ports can signal to the virtio-serial core to stop
- * sending data or re-start sending data, depending on the 'throttle'
- * value here.
- */
-void virtio_serial_throttle_port(VirtIOSerialPort *port, bool throttle);
-
-#endif
diff --git a/hw/virtio.c b/hw/virtio.c
deleted file mode 100644
index f40a8c557..000000000
--- a/hw/virtio.c
+++ /dev/null
@@ -1,1058 +0,0 @@
-/*
- * Virtio Support
- *
- * Copyright IBM, Corp. 2007
- *
- * Authors:
- * Anthony Liguori <aliguori@us.ibm.com>
- *
- * This work is licensed under the terms of the GNU GPL, version 2. See
- * the COPYING file in the top-level directory.
- *
- */
-
-#include <inttypes.h>
-
-#include "trace.h"
-#include "qemu-error.h"
-#include "virtio.h"
-#include "qemu-barrier.h"
-
-/* The alignment to use between consumer and producer parts of vring.
- * x86 pagesize again. */
-#define VIRTIO_PCI_VRING_ALIGN 4096
-
-typedef struct VRingDesc
-{
- uint64_t addr;
- uint32_t len;
- uint16_t flags;
- uint16_t next;
-} VRingDesc;
-
-typedef struct VRingAvail
-{
- uint16_t flags;
- uint16_t idx;
- uint16_t ring[0];
-} VRingAvail;
-
-typedef struct VRingUsedElem
-{
- uint32_t id;
- uint32_t len;
-} VRingUsedElem;
-
-typedef struct VRingUsed
-{
- uint16_t flags;
- uint16_t idx;
- VRingUsedElem ring[0];
-} VRingUsed;
-
-typedef struct VRing
-{
- unsigned int num;
- hwaddr desc;
- hwaddr avail;
- hwaddr used;
-} VRing;
-
-struct VirtQueue
-{
- VRing vring;
- hwaddr pa;
- uint16_t last_avail_idx;
- /* Last used index value we have signalled on */
- uint16_t signalled_used;
-
- /* Last used index value we have signalled on */
- bool signalled_used_valid;
-
- /* Notification enabled? */
- bool notification;
-
- int inuse;
-
- uint16_t vector;
- void (*handle_output)(VirtIODevice *vdev, VirtQueue *vq);
- VirtIODevice *vdev;
- EventNotifier guest_notifier;
- EventNotifier host_notifier;
-};
-
-/* virt queue functions */
-static void virtqueue_init(VirtQueue *vq)
-{
- hwaddr pa = vq->pa;
-
- vq->vring.desc = pa;
- vq->vring.avail = pa + vq->vring.num * sizeof(VRingDesc);
- vq->vring.used = vring_align(vq->vring.avail +
- offsetof(VRingAvail, ring[vq->vring.num]),
- VIRTIO_PCI_VRING_ALIGN);
-}
-
-static inline uint64_t vring_desc_addr(hwaddr desc_pa, int i)
-{
- hwaddr pa;
- pa = desc_pa + sizeof(VRingDesc) * i + offsetof(VRingDesc, addr);
- return ldq_phys(pa);
-}
-
-static inline uint32_t vring_desc_len(hwaddr desc_pa, int i)
-{
- hwaddr pa;
- pa = desc_pa + sizeof(VRingDesc) * i + offsetof(VRingDesc, len);
- return ldl_phys(pa);
-}
-
-static inline uint16_t vring_desc_flags(hwaddr desc_pa, int i)
-{
- hwaddr pa;
- pa = desc_pa + sizeof(VRingDesc) * i + offsetof(VRingDesc, flags);
- return lduw_phys(pa);
-}
-
-static inline uint16_t vring_desc_next(hwaddr desc_pa, int i)
-{
- hwaddr pa;
- pa = desc_pa + sizeof(VRingDesc) * i + offsetof(VRingDesc, next);
- return lduw_phys(pa);
-}
-
-static inline uint16_t vring_avail_flags(VirtQueue *vq)
-{
- hwaddr pa;
- pa = vq->vring.avail + offsetof(VRingAvail, flags);
- return lduw_phys(pa);
-}
-
-static inline uint16_t vring_avail_idx(VirtQueue *vq)
-{
- hwaddr pa;
- pa = vq->vring.avail + offsetof(VRingAvail, idx);
- return lduw_phys(pa);
-}
-
-static inline uint16_t vring_avail_ring(VirtQueue *vq, int i)
-{
- hwaddr pa;
- pa = vq->vring.avail + offsetof(VRingAvail, ring[i]);
- return lduw_phys(pa);
-}
-
-static inline uint16_t vring_used_event(VirtQueue *vq)
-{
- return vring_avail_ring(vq, vq->vring.num);
-}
-
-static inline void vring_used_ring_id(VirtQueue *vq, int i, uint32_t val)
-{
- hwaddr pa;
- pa = vq->vring.used + offsetof(VRingUsed, ring[i].id);
- stl_phys(pa, val);
-}
-
-static inline void vring_used_ring_len(VirtQueue *vq, int i, uint32_t val)
-{
- hwaddr pa;
- pa = vq->vring.used + offsetof(VRingUsed, ring[i].len);
- stl_phys(pa, val);
-}
-
-static uint16_t vring_used_idx(VirtQueue *vq)
-{
- hwaddr pa;
- pa = vq->vring.used + offsetof(VRingUsed, idx);
- return lduw_phys(pa);
-}
-
-static inline void vring_used_idx_set(VirtQueue *vq, uint16_t val)
-{
- hwaddr pa;
- pa = vq->vring.used + offsetof(VRingUsed, idx);
- stw_phys(pa, val);
-}
-
-static inline void vring_used_flags_set_bit(VirtQueue *vq, int mask)
-{
- hwaddr pa;
- pa = vq->vring.used + offsetof(VRingUsed, flags);
- stw_phys(pa, lduw_phys(pa) | mask);
-}
-
-static inline void vring_used_flags_unset_bit(VirtQueue *vq, int mask)
-{
- hwaddr pa;
- pa = vq->vring.used + offsetof(VRingUsed, flags);
- stw_phys(pa, lduw_phys(pa) & ~mask);
-}
-
-static inline void vring_avail_event(VirtQueue *vq, uint16_t val)
-{
- hwaddr pa;
- if (!vq->notification) {
- return;
- }
- pa = vq->vring.used + offsetof(VRingUsed, ring[vq->vring.num]);
- stw_phys(pa, val);
-}
-
-void virtio_queue_set_notification(VirtQueue *vq, int enable)
-{
- vq->notification = enable;
- if (vq->vdev->guest_features & (1 << VIRTIO_RING_F_EVENT_IDX)) {
- vring_avail_event(vq, vring_avail_idx(vq));
- } else if (enable) {
- vring_used_flags_unset_bit(vq, VRING_USED_F_NO_NOTIFY);
- } else {
- vring_used_flags_set_bit(vq, VRING_USED_F_NO_NOTIFY);
- }
- if (enable) {
- /* Expose avail event/used flags before caller checks the avail idx. */
- smp_mb();
- }
-}
-
-int virtio_queue_ready(VirtQueue *vq)
-{
- return vq->vring.avail != 0;
-}
-
-int virtio_queue_empty(VirtQueue *vq)
-{
- return vring_avail_idx(vq) == vq->last_avail_idx;
-}
-
-void virtqueue_fill(VirtQueue *vq, const VirtQueueElement *elem,
- unsigned int len, unsigned int idx)
-{
- unsigned int offset;
- int i;
-
- trace_virtqueue_fill(vq, elem, len, idx);
-
- offset = 0;
- for (i = 0; i < elem->in_num; i++) {
- size_t size = MIN(len - offset, elem->in_sg[i].iov_len);
-
- cpu_physical_memory_unmap(elem->in_sg[i].iov_base,
- elem->in_sg[i].iov_len,
- 1, size);
-
- offset += size;
- }
-
- for (i = 0; i < elem->out_num; i++)
- cpu_physical_memory_unmap(elem->out_sg[i].iov_base,
- elem->out_sg[i].iov_len,
- 0, elem->out_sg[i].iov_len);
-
- idx = (idx + vring_used_idx(vq)) % vq->vring.num;
-
- /* Get a pointer to the next entry in the used ring. */
- vring_used_ring_id(vq, idx, elem->index);
- vring_used_ring_len(vq, idx, len);
-}
-
-void virtqueue_flush(VirtQueue *vq, unsigned int count)
-{
- uint16_t old, new;
- /* Make sure buffer is written before we update index. */
- smp_wmb();
- trace_virtqueue_flush(vq, count);
- old = vring_used_idx(vq);
- new = old + count;
- vring_used_idx_set(vq, new);
- vq->inuse -= count;
- if (unlikely((int16_t)(new - vq->signalled_used) < (uint16_t)(new - old)))
- vq->signalled_used_valid = false;
-}
-
-void virtqueue_push(VirtQueue *vq, const VirtQueueElement *elem,
- unsigned int len)
-{
- virtqueue_fill(vq, elem, len, 0);
- virtqueue_flush(vq, 1);
-}
-
-static int virtqueue_num_heads(VirtQueue *vq, unsigned int idx)
-{
- uint16_t num_heads = vring_avail_idx(vq) - idx;
-
- /* Check it isn't doing very strange things with descriptor numbers. */
- if (num_heads > vq->vring.num) {
- error_report("Guest moved used index from %u to %u",
- idx, vring_avail_idx(vq));
- exit(1);
- }
- /* On success, callers read a descriptor at vq->last_avail_idx.
- * Make sure descriptor read does not bypass avail index read. */
- if (num_heads) {
- smp_rmb();
- }
-
- return num_heads;
-}
-
-static unsigned int virtqueue_get_head(VirtQueue *vq, unsigned int idx)
-{
- unsigned int head;
-
- /* Grab the next descriptor number they're advertising, and increment
- * the index we've seen. */
- head = vring_avail_ring(vq, idx % vq->vring.num);
-
- /* If their number is silly, that's a fatal mistake. */
- if (head >= vq->vring.num) {
- error_report("Guest says index %u is available", head);
- exit(1);
- }
-
- return head;
-}
-
-static unsigned virtqueue_next_desc(hwaddr desc_pa,
- unsigned int i, unsigned int max)
-{
- unsigned int next;
-
- /* If this descriptor says it doesn't chain, we're done. */
- if (!(vring_desc_flags(desc_pa, i) & VRING_DESC_F_NEXT))
- return max;
-
- /* Check they're not leading us off end of descriptors. */
- next = vring_desc_next(desc_pa, i);
- /* Make sure compiler knows to grab that: we don't want it changing! */
- smp_wmb();
-
- if (next >= max) {
- error_report("Desc next is %u", next);
- exit(1);
- }
-
- return next;
-}
-
-void virtqueue_get_avail_bytes(VirtQueue *vq, unsigned int *in_bytes,
- unsigned int *out_bytes,
- unsigned max_in_bytes, unsigned max_out_bytes)
-{
- unsigned int idx;
- unsigned int total_bufs, in_total, out_total;
-
- idx = vq->last_avail_idx;
-
- total_bufs = in_total = out_total = 0;
- while (virtqueue_num_heads(vq, idx)) {
- unsigned int max, num_bufs, indirect = 0;
- hwaddr desc_pa;
- int i;
-
- max = vq->vring.num;
- num_bufs = total_bufs;
- i = virtqueue_get_head(vq, idx++);
- desc_pa = vq->vring.desc;
-
- if (vring_desc_flags(desc_pa, i) & VRING_DESC_F_INDIRECT) {
- if (vring_desc_len(desc_pa, i) % sizeof(VRingDesc)) {
- error_report("Invalid size for indirect buffer table");
- exit(1);
- }
-
- /* If we've got too many, that implies a descriptor loop. */
- if (num_bufs >= max) {
- error_report("Looped descriptor");
- exit(1);
- }
-
- /* loop over the indirect descriptor table */
- indirect = 1;
- max = vring_desc_len(desc_pa, i) / sizeof(VRingDesc);
- num_bufs = i = 0;
- desc_pa = vring_desc_addr(desc_pa, i);
- }
-
- do {
- /* If we've got too many, that implies a descriptor loop. */
- if (++num_bufs > max) {
- error_report("Looped descriptor");
- exit(1);
- }
-
- if (vring_desc_flags(desc_pa, i) & VRING_DESC_F_WRITE) {
- in_total += vring_desc_len(desc_pa, i);
- } else {
- out_total += vring_desc_len(desc_pa, i);
- }
- if (in_total >= max_in_bytes && out_total >= max_out_bytes) {
- goto done;
- }
- } while ((i = virtqueue_next_desc(desc_pa, i, max)) != max);
-
- if (!indirect)
- total_bufs = num_bufs;
- else
- total_bufs++;
- }
-done:
- if (in_bytes) {
- *in_bytes = in_total;
- }
- if (out_bytes) {
- *out_bytes = out_total;
- }
-}
-
-int virtqueue_avail_bytes(VirtQueue *vq, unsigned int in_bytes,
- unsigned int out_bytes)
-{
- unsigned int in_total, out_total;
-
- virtqueue_get_avail_bytes(vq, &in_total, &out_total, in_bytes, out_bytes);
- return in_bytes <= in_total && out_bytes <= out_total;
-}
-
-void virtqueue_map_sg(struct iovec *sg, hwaddr *addr,
- size_t num_sg, int is_write)
-{
- unsigned int i;
- hwaddr len;
-
- for (i = 0; i < num_sg; i++) {
- len = sg[i].iov_len;
- sg[i].iov_base = cpu_physical_memory_map(addr[i], &len, is_write);
- if (sg[i].iov_base == NULL || len != sg[i].iov_len) {
- error_report("virtio: trying to map MMIO memory");
- exit(1);
- }
- }
-}
-
-int virtqueue_pop(VirtQueue *vq, VirtQueueElement *elem)
-{
- unsigned int i, head, max;
- hwaddr desc_pa = vq->vring.desc;
-
- if (!virtqueue_num_heads(vq, vq->last_avail_idx))
- return 0;
-
- /* When we start there are none of either input nor output. */
- elem->out_num = elem->in_num = 0;
-
- max = vq->vring.num;
-
- i = head = virtqueue_get_head(vq, vq->last_avail_idx++);
- if (vq->vdev->guest_features & (1 << VIRTIO_RING_F_EVENT_IDX)) {
- vring_avail_event(vq, vring_avail_idx(vq));
- }
-
- if (vring_desc_flags(desc_pa, i) & VRING_DESC_F_INDIRECT) {
- if (vring_desc_len(desc_pa, i) % sizeof(VRingDesc)) {
- error_report("Invalid size for indirect buffer table");
- exit(1);
- }
-
- /* loop over the indirect descriptor table */
- max = vring_desc_len(desc_pa, i) / sizeof(VRingDesc);
- desc_pa = vring_desc_addr(desc_pa, i);
- i = 0;
- }
-
- /* Collect all the descriptors */
- do {
- struct iovec *sg;
-
- if (vring_desc_flags(desc_pa, i) & VRING_DESC_F_WRITE) {
- if (elem->in_num >= ARRAY_SIZE(elem->in_sg)) {
- error_report("Too many write descriptors in indirect table");
- exit(1);
- }
- elem->in_addr[elem->in_num] = vring_desc_addr(desc_pa, i);
- sg = &elem->in_sg[elem->in_num++];
- } else {
- if (elem->out_num >= ARRAY_SIZE(elem->out_sg)) {
- error_report("Too many read descriptors in indirect table");
- exit(1);
- }
- elem->out_addr[elem->out_num] = vring_desc_addr(desc_pa, i);
- sg = &elem->out_sg[elem->out_num++];
- }
-
- sg->iov_len = vring_desc_len(desc_pa, i);
-
- /* If we've got too many, that implies a descriptor loop. */
- if ((elem->in_num + elem->out_num) > max) {
- error_report("Looped descriptor");
- exit(1);
- }
- } while ((i = virtqueue_next_desc(desc_pa, i, max)) != max);
-
- /* Now map what we have collected */
- virtqueue_map_sg(elem->in_sg, elem->in_addr, elem->in_num, 1);
- virtqueue_map_sg(elem->out_sg, elem->out_addr, elem->out_num, 0);
-
- elem->index = head;
-
- vq->inuse++;
-
- trace_virtqueue_pop(vq, elem, elem->in_num, elem->out_num);
- return elem->in_num + elem->out_num;
-}
-
-/* virtio device */
-static void virtio_notify_vector(VirtIODevice *vdev, uint16_t vector)
-{
- if (vdev->binding->notify) {
- vdev->binding->notify(vdev->binding_opaque, vector);
- }
-}
-
-void virtio_update_irq(VirtIODevice *vdev)
-{
- virtio_notify_vector(vdev, VIRTIO_NO_VECTOR);
-}
-
-void virtio_set_status(VirtIODevice *vdev, uint8_t val)
-{
- trace_virtio_set_status(vdev, val);
-
- if (vdev->set_status) {
- vdev->set_status(vdev, val);
- }
- vdev->status = val;
-}
-
-void virtio_reset(void *opaque)
-{
- VirtIODevice *vdev = opaque;
- int i;
-
- virtio_set_status(vdev, 0);
-
- if (vdev->reset)
- vdev->reset(vdev);
-
- vdev->guest_features = 0;
- vdev->queue_sel = 0;
- vdev->status = 0;
- vdev->isr = 0;
- vdev->config_vector = VIRTIO_NO_VECTOR;
- virtio_notify_vector(vdev, vdev->config_vector);
-
- for(i = 0; i < VIRTIO_PCI_QUEUE_MAX; i++) {
- vdev->vq[i].vring.desc = 0;
- vdev->vq[i].vring.avail = 0;
- vdev->vq[i].vring.used = 0;
- vdev->vq[i].last_avail_idx = 0;
- vdev->vq[i].pa = 0;
- vdev->vq[i].vector = VIRTIO_NO_VECTOR;
- vdev->vq[i].signalled_used = 0;
- vdev->vq[i].signalled_used_valid = false;
- vdev->vq[i].notification = true;
- }
-}
-
-uint32_t virtio_config_readb(VirtIODevice *vdev, uint32_t addr)
-{
- uint8_t val;
-
- vdev->get_config(vdev, vdev->config);
-
- if (addr > (vdev->config_len - sizeof(val)))
- return (uint32_t)-1;
-
- val = ldub_p(vdev->config + addr);
- return val;
-}
-
-uint32_t virtio_config_readw(VirtIODevice *vdev, uint32_t addr)
-{
- uint16_t val;
-
- vdev->get_config(vdev, vdev->config);
-
- if (addr > (vdev->config_len - sizeof(val)))
- return (uint32_t)-1;
-
- val = lduw_p(vdev->config + addr);
- return val;
-}
-
-uint32_t virtio_config_readl(VirtIODevice *vdev, uint32_t addr)
-{
- uint32_t val;
-
- vdev->get_config(vdev, vdev->config);
-
- if (addr > (vdev->config_len - sizeof(val)))
- return (uint32_t)-1;
-
- val = ldl_p(vdev->config + addr);
- return val;
-}
-
-void virtio_config_writeb(VirtIODevice *vdev, uint32_t addr, uint32_t data)
-{
- uint8_t val = data;
-
- if (addr > (vdev->config_len - sizeof(val)))
- return;
-
- stb_p(vdev->config + addr, val);
-
- if (vdev->set_config)
- vdev->set_config(vdev, vdev->config);
-}
-
-void virtio_config_writew(VirtIODevice *vdev, uint32_t addr, uint32_t data)
-{
- uint16_t val = data;
-
- if (addr > (vdev->config_len - sizeof(val)))
- return;
-
- stw_p(vdev->config + addr, val);
-
- if (vdev->set_config)
- vdev->set_config(vdev, vdev->config);
-}
-
-void virtio_config_writel(VirtIODevice *vdev, uint32_t addr, uint32_t data)
-{
- uint32_t val = data;
-
- if (addr > (vdev->config_len - sizeof(val)))
- return;
-
- stl_p(vdev->config + addr, val);
-
- if (vdev->set_config)
- vdev->set_config(vdev, vdev->config);
-}
-
-void virtio_queue_set_addr(VirtIODevice *vdev, int n, hwaddr addr)
-{
- vdev->vq[n].pa = addr;
- virtqueue_init(&vdev->vq[n]);
-}
-
-hwaddr virtio_queue_get_addr(VirtIODevice *vdev, int n)
-{
- return vdev->vq[n].pa;
-}
-
-int virtio_queue_get_num(VirtIODevice *vdev, int n)
-{
- return vdev->vq[n].vring.num;
-}
-
-int virtio_queue_get_id(VirtQueue *vq)
-{
- VirtIODevice *vdev = vq->vdev;
- assert(vq >= &vdev->vq[0] && vq < &vdev->vq[VIRTIO_PCI_QUEUE_MAX]);
- return vq - &vdev->vq[0];
-}
-
-void virtio_queue_notify_vq(VirtQueue *vq)
-{
- if (vq->vring.desc) {
- VirtIODevice *vdev = vq->vdev;
- trace_virtio_queue_notify(vdev, vq - vdev->vq, vq);
- vq->handle_output(vdev, vq);
- }
-}
-
-void virtio_queue_notify(VirtIODevice *vdev, int n)
-{
- virtio_queue_notify_vq(&vdev->vq[n]);
-}
-
-uint16_t virtio_queue_vector(VirtIODevice *vdev, int n)
-{
- return n < VIRTIO_PCI_QUEUE_MAX ? vdev->vq[n].vector :
- VIRTIO_NO_VECTOR;
-}
-
-void virtio_queue_set_vector(VirtIODevice *vdev, int n, uint16_t vector)
-{
- if (n < VIRTIO_PCI_QUEUE_MAX)
- vdev->vq[n].vector = vector;
-}
-
-VirtQueue *virtio_add_queue(VirtIODevice *vdev, int queue_size,
- void (*handle_output)(VirtIODevice *, VirtQueue *))
-{
- int i;
-
- for (i = 0; i < VIRTIO_PCI_QUEUE_MAX; i++) {
- if (vdev->vq[i].vring.num == 0)
- break;
- }
-
- if (i == VIRTIO_PCI_QUEUE_MAX || queue_size > VIRTQUEUE_MAX_SIZE)
- abort();
-
- vdev->vq[i].vring.num = queue_size;
- vdev->vq[i].handle_output = handle_output;
-
- return &vdev->vq[i];
-}
-
-void virtio_irq(VirtQueue *vq)
-{
- trace_virtio_irq(vq);
- vq->vdev->isr |= 0x01;
- virtio_notify_vector(vq->vdev, vq->vector);
-}
-
-/* Assuming a given event_idx value from the other size, if
- * we have just incremented index from old to new_idx,
- * should we trigger an event? */
-static inline int vring_need_event(uint16_t event, uint16_t new, uint16_t old)
-{
- /* Note: Xen has similar logic for notification hold-off
- * in include/xen/interface/io/ring.h with req_event and req_prod
- * corresponding to event_idx + 1 and new respectively.
- * Note also that req_event and req_prod in Xen start at 1,
- * event indexes in virtio start at 0. */
- return (uint16_t)(new - event - 1) < (uint16_t)(new - old);
-}
-
-static bool vring_notify(VirtIODevice *vdev, VirtQueue *vq)
-{
- uint16_t old, new;
- bool v;
- /* We need to expose used array entries before checking used event. */
- smp_mb();
- /* Always notify when queue is empty (when feature acknowledge) */
- if (((vdev->guest_features & (1 << VIRTIO_F_NOTIFY_ON_EMPTY)) &&
- !vq->inuse && vring_avail_idx(vq) == vq->last_avail_idx)) {
- return true;
- }
-
- if (!(vdev->guest_features & (1 << VIRTIO_RING_F_EVENT_IDX))) {
- return !(vring_avail_flags(vq) & VRING_AVAIL_F_NO_INTERRUPT);
- }
-
- v = vq->signalled_used_valid;
- vq->signalled_used_valid = true;
- old = vq->signalled_used;
- new = vq->signalled_used = vring_used_idx(vq);
- return !v || vring_need_event(vring_used_event(vq), new, old);
-}
-
-void virtio_notify(VirtIODevice *vdev, VirtQueue *vq)
-{
- if (!vring_notify(vdev, vq)) {
- return;
- }
-
- trace_virtio_notify(vdev, vq);
- vdev->isr |= 0x01;
- virtio_notify_vector(vdev, vq->vector);
-}
-
-void virtio_notify_config(VirtIODevice *vdev)
-{
- if (!(vdev->status & VIRTIO_CONFIG_S_DRIVER_OK))
- return;
-
- vdev->isr |= 0x03;
- virtio_notify_vector(vdev, vdev->config_vector);
-}
-
-void virtio_save(VirtIODevice *vdev, QEMUFile *f)
-{
- int i;
-
- if (vdev->binding->save_config)
- vdev->binding->save_config(vdev->binding_opaque, f);
-
- qemu_put_8s(f, &vdev->status);
- qemu_put_8s(f, &vdev->isr);
- qemu_put_be16s(f, &vdev->queue_sel);
- qemu_put_be32s(f, &vdev->guest_features);
- qemu_put_be32(f, vdev->config_len);
- qemu_put_buffer(f, vdev->config, vdev->config_len);
-
- for (i = 0; i < VIRTIO_PCI_QUEUE_MAX; i++) {
- if (vdev->vq[i].vring.num == 0)
- break;
- }
-
- qemu_put_be32(f, i);
-
- for (i = 0; i < VIRTIO_PCI_QUEUE_MAX; i++) {
- if (vdev->vq[i].vring.num == 0)
- break;
-
- qemu_put_be32(f, vdev->vq[i].vring.num);
- qemu_put_be64(f, vdev->vq[i].pa);
- qemu_put_be16s(f, &vdev->vq[i].last_avail_idx);
- if (vdev->binding->save_queue)
- vdev->binding->save_queue(vdev->binding_opaque, i, f);
- }
-}
-
-int virtio_set_features(VirtIODevice *vdev, uint32_t val)
-{
- uint32_t supported_features =
- vdev->binding->get_features(vdev->binding_opaque);
- bool bad = (val & ~supported_features) != 0;
-
- val &= supported_features;
- if (vdev->set_features) {
- vdev->set_features(vdev, val);
- }
- vdev->guest_features = val;
- return bad ? -1 : 0;
-}
-
-int virtio_load(VirtIODevice *vdev, QEMUFile *f)
-{
- int num, i, ret;
- uint32_t features;
- uint32_t supported_features;
-
- if (vdev->binding->load_config) {
- ret = vdev->binding->load_config(vdev->binding_opaque, f);
- if (ret)
- return ret;
- }
-
- qemu_get_8s(f, &vdev->status);
- qemu_get_8s(f, &vdev->isr);
- qemu_get_be16s(f, &vdev->queue_sel);
- qemu_get_be32s(f, &features);
-
- if (virtio_set_features(vdev, features) < 0) {
- supported_features = vdev->binding->get_features(vdev->binding_opaque);
- error_report("Features 0x%x unsupported. Allowed features: 0x%x",
- features, supported_features);
- return -1;
- }
- vdev->config_len = qemu_get_be32(f);
- qemu_get_buffer(f, vdev->config, vdev->config_len);
-
- num = qemu_get_be32(f);
-
- for (i = 0; i < num; i++) {
- vdev->vq[i].vring.num = qemu_get_be32(f);
- vdev->vq[i].pa = qemu_get_be64(f);
- qemu_get_be16s(f, &vdev->vq[i].last_avail_idx);
- vdev->vq[i].signalled_used_valid = false;
- vdev->vq[i].notification = true;
-
- if (vdev->vq[i].pa) {
- uint16_t nheads;
- virtqueue_init(&vdev->vq[i]);
- nheads = vring_avail_idx(&vdev->vq[i]) - vdev->vq[i].last_avail_idx;
- /* Check it isn't doing very strange things with descriptor numbers. */
- if (nheads > vdev->vq[i].vring.num) {
- error_report("VQ %d size 0x%x Guest index 0x%x "
- "inconsistent with Host index 0x%x: delta 0x%x",
- i, vdev->vq[i].vring.num,
- vring_avail_idx(&vdev->vq[i]),
- vdev->vq[i].last_avail_idx, nheads);
- return -1;
- }
- } else if (vdev->vq[i].last_avail_idx) {
- error_report("VQ %d address 0x0 "
- "inconsistent with Host index 0x%x",
- i, vdev->vq[i].last_avail_idx);
- return -1;
- }
- if (vdev->binding->load_queue) {
- ret = vdev->binding->load_queue(vdev->binding_opaque, i, f);
- if (ret)
- return ret;
- }
- }
-
- virtio_notify_vector(vdev, VIRTIO_NO_VECTOR);
- return 0;
-}
-
-void virtio_cleanup(VirtIODevice *vdev)
-{
- qemu_del_vm_change_state_handler(vdev->vmstate);
- g_free(vdev->config);
- g_free(vdev->vq);
- g_free(vdev);
-}
-
-static void virtio_vmstate_change(void *opaque, int running, RunState state)
-{
- VirtIODevice *vdev = opaque;
- bool backend_run = running && (vdev->status & VIRTIO_CONFIG_S_DRIVER_OK);
- vdev->vm_running = running;
-
- if (backend_run) {
- virtio_set_status(vdev, vdev->status);
- }
-
- if (vdev->binding->vmstate_change) {
- vdev->binding->vmstate_change(vdev->binding_opaque, backend_run);
- }
-
- if (!backend_run) {
- virtio_set_status(vdev, vdev->status);
- }
-}
-
-VirtIODevice *virtio_common_init(const char *name, uint16_t device_id,
- size_t config_size, size_t struct_size)
-{
- VirtIODevice *vdev;
- int i;
-
- vdev = g_malloc0(struct_size);
-
- vdev->device_id = device_id;
- vdev->status = 0;
- vdev->isr = 0;
- vdev->queue_sel = 0;
- vdev->config_vector = VIRTIO_NO_VECTOR;
- vdev->vq = g_malloc0(sizeof(VirtQueue) * VIRTIO_PCI_QUEUE_MAX);
- vdev->vm_running = runstate_is_running();
- for(i = 0; i < VIRTIO_PCI_QUEUE_MAX; i++) {
- vdev->vq[i].vector = VIRTIO_NO_VECTOR;
- vdev->vq[i].vdev = vdev;
- }
-
- vdev->name = name;
- vdev->config_len = config_size;
- if (vdev->config_len)
- vdev->config = g_malloc0(config_size);
- else
- vdev->config = NULL;
-
- vdev->vmstate = qemu_add_vm_change_state_handler(virtio_vmstate_change, vdev);
-
- return vdev;
-}
-
-void virtio_bind_device(VirtIODevice *vdev, const VirtIOBindings *binding,
- void *opaque)
-{
- vdev->binding = binding;
- vdev->binding_opaque = opaque;
-}
-
-hwaddr virtio_queue_get_desc_addr(VirtIODevice *vdev, int n)
-{
- return vdev->vq[n].vring.desc;
-}
-
-hwaddr virtio_queue_get_avail_addr(VirtIODevice *vdev, int n)
-{
- return vdev->vq[n].vring.avail;
-}
-
-hwaddr virtio_queue_get_used_addr(VirtIODevice *vdev, int n)
-{
- return vdev->vq[n].vring.used;
-}
-
-hwaddr virtio_queue_get_ring_addr(VirtIODevice *vdev, int n)
-{
- return vdev->vq[n].vring.desc;
-}
-
-hwaddr virtio_queue_get_desc_size(VirtIODevice *vdev, int n)
-{
- return sizeof(VRingDesc) * vdev->vq[n].vring.num;
-}
-
-hwaddr virtio_queue_get_avail_size(VirtIODevice *vdev, int n)
-{
- return offsetof(VRingAvail, ring) +
- sizeof(uint64_t) * vdev->vq[n].vring.num;
-}
-
-hwaddr virtio_queue_get_used_size(VirtIODevice *vdev, int n)
-{
- return offsetof(VRingUsed, ring) +
- sizeof(VRingUsedElem) * vdev->vq[n].vring.num;
-}
-
-hwaddr virtio_queue_get_ring_size(VirtIODevice *vdev, int n)
-{
- return vdev->vq[n].vring.used - vdev->vq[n].vring.desc +
- virtio_queue_get_used_size(vdev, n);
-}
-
-uint16_t virtio_queue_get_last_avail_idx(VirtIODevice *vdev, int n)
-{
- return vdev->vq[n].last_avail_idx;
-}
-
-void virtio_queue_set_last_avail_idx(VirtIODevice *vdev, int n, uint16_t idx)
-{
- vdev->vq[n].last_avail_idx = idx;
-}
-
-VirtQueue *virtio_get_queue(VirtIODevice *vdev, int n)
-{
- return vdev->vq + n;
-}
-
-static void virtio_queue_guest_notifier_read(EventNotifier *n)
-{
- VirtQueue *vq = container_of(n, VirtQueue, guest_notifier);
- if (event_notifier_test_and_clear(n)) {
- virtio_irq(vq);
- }
-}
-
-void virtio_queue_set_guest_notifier_fd_handler(VirtQueue *vq, bool assign,
- bool with_irqfd)
-{
- if (assign && !with_irqfd) {
- event_notifier_set_handler(&vq->guest_notifier,
- virtio_queue_guest_notifier_read);
- } else {
- event_notifier_set_handler(&vq->guest_notifier, NULL);
- }
- if (!assign) {
- /* Test and clear notifier before closing it,
- * in case poll callback didn't have time to run. */
- virtio_queue_guest_notifier_read(&vq->guest_notifier);
- }
-}
-
-EventNotifier *virtio_queue_get_guest_notifier(VirtQueue *vq)
-{
- return &vq->guest_notifier;
-}
-
-static void virtio_queue_host_notifier_read(EventNotifier *n)
-{
- VirtQueue *vq = container_of(n, VirtQueue, host_notifier);
- if (event_notifier_test_and_clear(n)) {
- virtio_queue_notify_vq(vq);
- }
-}
-
-void virtio_queue_set_host_notifier_fd_handler(VirtQueue *vq, bool assign,
- bool set_handler)
-{
- if (assign && set_handler) {
- event_notifier_set_handler(&vq->host_notifier,
- virtio_queue_host_notifier_read);
- } else {
- event_notifier_set_handler(&vq->host_notifier, NULL);
- }
- if (!assign) {
- /* Test and clear notifier before after disabling event,
- * in case poll callback didn't have time to run. */
- virtio_queue_host_notifier_read(&vq->host_notifier);
- }
-}
-
-EventNotifier *virtio_queue_get_host_notifier(VirtQueue *vq)
-{
- return &vq->host_notifier;
-}
diff --git a/hw/virtio.h b/hw/virtio.h
deleted file mode 100644
index 7c17f7ba0..000000000
--- a/hw/virtio.h
+++ /dev/null
@@ -1,247 +0,0 @@
-/*
- * Virtio Support
- *
- * Copyright IBM, Corp. 2007
- *
- * Authors:
- * Anthony Liguori <aliguori@us.ibm.com>
- *
- * This work is licensed under the terms of the GNU GPL, version 2. See
- * the COPYING file in the top-level directory.
- *
- */
-
-#ifndef _QEMU_VIRTIO_H
-#define _QEMU_VIRTIO_H
-
-#include "hw.h"
-#include "net.h"
-#include "qdev.h"
-#include "sysemu.h"
-#include "event_notifier.h"
-#ifdef CONFIG_LINUX
-#include "9p.h"
-#endif
-
-/* from Linux's linux/virtio_config.h */
-
-/* Status byte for guest to report progress, and synchronize features. */
-/* We have seen device and processed generic fields (VIRTIO_CONFIG_F_VIRTIO) */
-#define VIRTIO_CONFIG_S_ACKNOWLEDGE 1
-/* We have found a driver for the device. */
-#define VIRTIO_CONFIG_S_DRIVER 2
-/* Driver has used its parts of the config, and is happy */
-#define VIRTIO_CONFIG_S_DRIVER_OK 4
-/* We've given up on this device. */
-#define VIRTIO_CONFIG_S_FAILED 0x80
-
-/* Some virtio feature bits (currently bits 28 through 31) are reserved for the
- * transport being used (eg. virtio_ring), the rest are per-device feature bits. */
-#define VIRTIO_TRANSPORT_F_START 28
-#define VIRTIO_TRANSPORT_F_END 32
-
-/* We notify when the ring is completely used, even if the guest is suppressing
- * callbacks */
-#define VIRTIO_F_NOTIFY_ON_EMPTY 24
-/* We support indirect buffer descriptors */
-#define VIRTIO_RING_F_INDIRECT_DESC 28
-/* The Guest publishes the used index for which it expects an interrupt
- * at the end of the avail ring. Host should ignore the avail->flags field. */
-/* The Host publishes the avail index for which it expects a kick
- * at the end of the used ring. Guest should ignore the used->flags field. */
-#define VIRTIO_RING_F_EVENT_IDX 29
-/* A guest should never accept this. It implies negotiation is broken. */
-#define VIRTIO_F_BAD_FEATURE 30
-
-/* from Linux's linux/virtio_ring.h */
-
-/* This marks a buffer as continuing via the next field. */
-#define VRING_DESC_F_NEXT 1
-/* This marks a buffer as write-only (otherwise read-only). */
-#define VRING_DESC_F_WRITE 2
-/* This means the buffer contains a list of buffer descriptors. */
-#define VRING_DESC_F_INDIRECT 4
-
-/* This means don't notify other side when buffer added. */
-#define VRING_USED_F_NO_NOTIFY 1
-/* This means don't interrupt guest when buffer consumed. */
-#define VRING_AVAIL_F_NO_INTERRUPT 1
-
-struct VirtQueue;
-
-static inline hwaddr vring_align(hwaddr addr,
- unsigned long align)
-{
- return (addr + align - 1) & ~(align - 1);
-}
-
-typedef struct VirtQueue VirtQueue;
-
-#define VIRTQUEUE_MAX_SIZE 1024
-
-typedef struct VirtQueueElement
-{
- unsigned int index;
- unsigned int out_num;
- unsigned int in_num;
- hwaddr in_addr[VIRTQUEUE_MAX_SIZE];
- hwaddr out_addr[VIRTQUEUE_MAX_SIZE];
- struct iovec in_sg[VIRTQUEUE_MAX_SIZE];
- struct iovec out_sg[VIRTQUEUE_MAX_SIZE];
-} VirtQueueElement;
-
-typedef struct {
- void (*notify)(void * opaque, uint16_t vector);
- void (*save_config)(void * opaque, QEMUFile *f);
- void (*save_queue)(void * opaque, int n, QEMUFile *f);
- int (*load_config)(void * opaque, QEMUFile *f);
- int (*load_queue)(void * opaque, int n, QEMUFile *f);
- int (*load_done)(void * opaque, QEMUFile *f);
- unsigned (*get_features)(void * opaque);
- bool (*query_guest_notifiers)(void * opaque);
- int (*set_guest_notifiers)(void * opaque, bool assigned);
- int (*set_host_notifier)(void * opaque, int n, bool assigned);
- void (*vmstate_change)(void * opaque, bool running);
-} VirtIOBindings;
-
-#define VIRTIO_PCI_QUEUE_MAX 64
-
-#define VIRTIO_NO_VECTOR 0xffff
-
-struct VirtIODevice
-{
- const char *name;
- uint8_t status;
- uint8_t isr;
- uint16_t queue_sel;
- uint32_t guest_features;
- size_t config_len;
- void *config;
- uint16_t config_vector;
- int nvectors;
- uint32_t (*get_features)(VirtIODevice *vdev, uint32_t requested_features);
- uint32_t (*bad_features)(VirtIODevice *vdev);
- void (*set_features)(VirtIODevice *vdev, uint32_t val);
- void (*get_config)(VirtIODevice *vdev, uint8_t *config);
- void (*set_config)(VirtIODevice *vdev, const uint8_t *config);
- void (*reset)(VirtIODevice *vdev);
- void (*set_status)(VirtIODevice *vdev, uint8_t val);
- VirtQueue *vq;
- const VirtIOBindings *binding;
- void *binding_opaque;
- uint16_t device_id;
- bool vm_running;
- VMChangeStateEntry *vmstate;
-};
-
-VirtQueue *virtio_add_queue(VirtIODevice *vdev, int queue_size,
- void (*handle_output)(VirtIODevice *,
- VirtQueue *));
-
-void virtqueue_push(VirtQueue *vq, const VirtQueueElement *elem,
- unsigned int len);
-void virtqueue_flush(VirtQueue *vq, unsigned int count);
-void virtqueue_fill(VirtQueue *vq, const VirtQueueElement *elem,
- unsigned int len, unsigned int idx);
-
-void virtqueue_map_sg(struct iovec *sg, hwaddr *addr,
- size_t num_sg, int is_write);
-int virtqueue_pop(VirtQueue *vq, VirtQueueElement *elem);
-int virtqueue_avail_bytes(VirtQueue *vq, unsigned int in_bytes,
- unsigned int out_bytes);
-void virtqueue_get_avail_bytes(VirtQueue *vq, unsigned int *in_bytes,
- unsigned int *out_bytes,
- unsigned max_in_bytes, unsigned max_out_bytes);
-
-void virtio_notify(VirtIODevice *vdev, VirtQueue *vq);
-
-void virtio_save(VirtIODevice *vdev, QEMUFile *f);
-
-int virtio_load(VirtIODevice *vdev, QEMUFile *f);
-
-void virtio_cleanup(VirtIODevice *vdev);
-
-void virtio_notify_config(VirtIODevice *vdev);
-
-void virtio_queue_set_notification(VirtQueue *vq, int enable);
-
-int virtio_queue_ready(VirtQueue *vq);
-
-int virtio_queue_empty(VirtQueue *vq);
-
-/* Host binding interface. */
-
-VirtIODevice *virtio_common_init(const char *name, uint16_t device_id,
- size_t config_size, size_t struct_size);
-uint32_t virtio_config_readb(VirtIODevice *vdev, uint32_t addr);
-uint32_t virtio_config_readw(VirtIODevice *vdev, uint32_t addr);
-uint32_t virtio_config_readl(VirtIODevice *vdev, uint32_t addr);
-void virtio_config_writeb(VirtIODevice *vdev, uint32_t addr, uint32_t data);
-void virtio_config_writew(VirtIODevice *vdev, uint32_t addr, uint32_t data);
-void virtio_config_writel(VirtIODevice *vdev, uint32_t addr, uint32_t data);
-void virtio_queue_set_addr(VirtIODevice *vdev, int n, hwaddr addr);
-hwaddr virtio_queue_get_addr(VirtIODevice *vdev, int n);
-int virtio_queue_get_num(VirtIODevice *vdev, int n);
-void virtio_queue_notify(VirtIODevice *vdev, int n);
-uint16_t virtio_queue_vector(VirtIODevice *vdev, int n);
-void virtio_queue_set_vector(VirtIODevice *vdev, int n, uint16_t vector);
-void virtio_set_status(VirtIODevice *vdev, uint8_t val);
-void virtio_reset(void *opaque);
-void virtio_update_irq(VirtIODevice *vdev);
-int virtio_set_features(VirtIODevice *vdev, uint32_t val);
-
-void virtio_bind_device(VirtIODevice *vdev, const VirtIOBindings *binding,
- void *opaque);
-
-/* Base devices. */
-typedef struct VirtIOBlkConf VirtIOBlkConf;
-VirtIODevice *virtio_blk_init(DeviceState *dev, VirtIOBlkConf *blk);
-struct virtio_net_conf;
-VirtIODevice *virtio_net_init(DeviceState *dev, NICConf *conf,
- struct virtio_net_conf *net);
-typedef struct virtio_serial_conf virtio_serial_conf;
-VirtIODevice *virtio_serial_init(DeviceState *dev, virtio_serial_conf *serial);
-VirtIODevice *virtio_balloon_init(DeviceState *dev);
-typedef struct VirtIOSCSIConf VirtIOSCSIConf;
-VirtIODevice *virtio_scsi_init(DeviceState *dev, VirtIOSCSIConf *conf);
-typedef struct VirtIORNGConf VirtIORNGConf;
-VirtIODevice *virtio_rng_init(DeviceState *dev, VirtIORNGConf *conf);
-#ifdef CONFIG_LINUX
-VirtIODevice *virtio_9p_init(DeviceState *dev, V9fsConf *conf);
-#endif
-
-
-void virtio_net_exit(VirtIODevice *vdev);
-void virtio_blk_exit(VirtIODevice *vdev);
-void virtio_serial_exit(VirtIODevice *vdev);
-void virtio_balloon_exit(VirtIODevice *vdev);
-void virtio_scsi_exit(VirtIODevice *vdev);
-void virtio_rng_exit(VirtIODevice *vdev);
-
-#define DEFINE_VIRTIO_COMMON_FEATURES(_state, _field) \
- DEFINE_PROP_BIT("indirect_desc", _state, _field, \
- VIRTIO_RING_F_INDIRECT_DESC, true), \
- DEFINE_PROP_BIT("event_idx", _state, _field, \
- VIRTIO_RING_F_EVENT_IDX, true)
-
-hwaddr virtio_queue_get_desc_addr(VirtIODevice *vdev, int n);
-hwaddr virtio_queue_get_avail_addr(VirtIODevice *vdev, int n);
-hwaddr virtio_queue_get_used_addr(VirtIODevice *vdev, int n);
-hwaddr virtio_queue_get_ring_addr(VirtIODevice *vdev, int n);
-hwaddr virtio_queue_get_desc_size(VirtIODevice *vdev, int n);
-hwaddr virtio_queue_get_avail_size(VirtIODevice *vdev, int n);
-hwaddr virtio_queue_get_used_size(VirtIODevice *vdev, int n);
-hwaddr virtio_queue_get_ring_size(VirtIODevice *vdev, int n);
-uint16_t virtio_queue_get_last_avail_idx(VirtIODevice *vdev, int n);
-void virtio_queue_set_last_avail_idx(VirtIODevice *vdev, int n, uint16_t idx);
-VirtQueue *virtio_get_queue(VirtIODevice *vdev, int n);
-int virtio_queue_get_id(VirtQueue *vq);
-EventNotifier *virtio_queue_get_guest_notifier(VirtQueue *vq);
-void virtio_queue_set_guest_notifier_fd_handler(VirtQueue *vq, bool assign,
- bool with_irqfd);
-EventNotifier *virtio_queue_get_host_notifier(VirtQueue *vq);
-void virtio_queue_set_host_notifier_fd_handler(VirtQueue *vq, bool assign,
- bool set_handler);
-void virtio_queue_notify_vq(VirtQueue *vq);
-void virtio_irq(VirtQueue *vq);
-#endif
diff --git a/hw/virtio/Makefile.objs b/hw/virtio/Makefile.objs
new file mode 100644
index 000000000..1ba53d9cc
--- /dev/null
+++ b/hw/virtio/Makefile.objs
@@ -0,0 +1,8 @@
+common-obj-y += virtio-rng.o
+common-obj-$(CONFIG_VIRTIO_PCI) += virtio-pci.o
+common-obj-y += virtio-bus.o
+common-obj-y += virtio-mmio.o
+common-obj-$(CONFIG_VIRTIO_BLK_DATA_PLANE) += dataplane/
+
+obj-y += virtio.o virtio-balloon.o
+obj-$(CONFIG_LINUX) += vhost.o
diff --git a/hw/virtio/dataplane/Makefile.objs b/hw/virtio/dataplane/Makefile.objs
new file mode 100644
index 000000000..a91bf33c8
--- /dev/null
+++ b/hw/virtio/dataplane/Makefile.objs
@@ -0,0 +1 @@
+common-obj-y += hostmem.o vring.o
diff --git a/hw/virtio/dataplane/hostmem.c b/hw/virtio/dataplane/hostmem.c
new file mode 100644
index 000000000..901d98b8a
--- /dev/null
+++ b/hw/virtio/dataplane/hostmem.c
@@ -0,0 +1,183 @@
+/*
+ * Thread-safe guest to host memory mapping
+ *
+ * Copyright 2012 Red Hat, Inc. and/or its affiliates
+ *
+ * Authors:
+ * Stefan Hajnoczi <stefanha@redhat.com>
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or later.
+ * See the COPYING file in the top-level directory.
+ *
+ */
+
+#include "exec/address-spaces.h"
+#include "hw/virtio/dataplane/hostmem.h"
+
+static int hostmem_lookup_cmp(const void *phys_, const void *region_)
+{
+ hwaddr phys = *(const hwaddr *)phys_;
+ const HostMemRegion *region = region_;
+
+ if (phys < region->guest_addr) {
+ return -1;
+ } else if (phys >= region->guest_addr + region->size) {
+ return 1;
+ } else {
+ return 0;
+ }
+}
+
+/**
+ * Map guest physical address to host pointer
+ */
+void *hostmem_lookup(HostMem *hostmem, hwaddr phys, hwaddr len, bool is_write)
+{
+ HostMemRegion *region;
+ void *host_addr = NULL;
+ hwaddr offset_within_region;
+
+ qemu_mutex_lock(&hostmem->current_regions_lock);
+ region = bsearch(&phys, hostmem->current_regions,
+ hostmem->num_current_regions,
+ sizeof(hostmem->current_regions[0]),
+ hostmem_lookup_cmp);
+ if (!region) {
+ goto out;
+ }
+ if (is_write && region->readonly) {
+ goto out;
+ }
+ offset_within_region = phys - region->guest_addr;
+ if (len <= region->size - offset_within_region) {
+ host_addr = region->host_addr + offset_within_region;
+ }
+out:
+ qemu_mutex_unlock(&hostmem->current_regions_lock);
+
+ return host_addr;
+}
+
+/**
+ * Install new regions list
+ */
+static void hostmem_listener_commit(MemoryListener *listener)
+{
+ HostMem *hostmem = container_of(listener, HostMem, listener);
+ int i;
+
+ qemu_mutex_lock(&hostmem->current_regions_lock);
+ for (i = 0; i < hostmem->num_current_regions; i++) {
+ memory_region_unref(hostmem->current_regions[i].mr);
+ }
+ g_free(hostmem->current_regions);
+ hostmem->current_regions = hostmem->new_regions;
+ hostmem->num_current_regions = hostmem->num_new_regions;
+ qemu_mutex_unlock(&hostmem->current_regions_lock);
+
+ /* Reset new regions list */
+ hostmem->new_regions = NULL;
+ hostmem->num_new_regions = 0;
+}
+
+/**
+ * Add a MemoryRegionSection to the new regions list
+ */
+static void hostmem_append_new_region(HostMem *hostmem,
+ MemoryRegionSection *section)
+{
+ void *ram_ptr = memory_region_get_ram_ptr(section->mr);
+ size_t num = hostmem->num_new_regions;
+ size_t new_size = (num + 1) * sizeof(hostmem->new_regions[0]);
+
+ hostmem->new_regions = g_realloc(hostmem->new_regions, new_size);
+ hostmem->new_regions[num] = (HostMemRegion){
+ .host_addr = ram_ptr + section->offset_within_region,
+ .guest_addr = section->offset_within_address_space,
+ .size = int128_get64(section->size),
+ .readonly = section->readonly,
+ .mr = section->mr,
+ };
+ hostmem->num_new_regions++;
+
+ memory_region_ref(section->mr);
+}
+
+static void hostmem_listener_append_region(MemoryListener *listener,
+ MemoryRegionSection *section)
+{
+ HostMem *hostmem = container_of(listener, HostMem, listener);
+
+ /* Ignore non-RAM regions, we may not be able to map them */
+ if (!memory_region_is_ram(section->mr)) {
+ return;
+ }
+
+ /* Ignore regions with dirty logging, we cannot mark them dirty */
+ if (memory_region_is_logging(section->mr)) {
+ return;
+ }
+
+ hostmem_append_new_region(hostmem, section);
+}
+
+/* We don't implement most MemoryListener callbacks, use these nop stubs */
+static void hostmem_listener_dummy(MemoryListener *listener)
+{
+}
+
+static void hostmem_listener_section_dummy(MemoryListener *listener,
+ MemoryRegionSection *section)
+{
+}
+
+static void hostmem_listener_eventfd_dummy(MemoryListener *listener,
+ MemoryRegionSection *section,
+ bool match_data, uint64_t data,
+ EventNotifier *e)
+{
+}
+
+static void hostmem_listener_coalesced_mmio_dummy(MemoryListener *listener,
+ MemoryRegionSection *section,
+ hwaddr addr, hwaddr len)
+{
+}
+
+void hostmem_init(HostMem *hostmem)
+{
+ memset(hostmem, 0, sizeof(*hostmem));
+
+ qemu_mutex_init(&hostmem->current_regions_lock);
+
+ hostmem->listener = (MemoryListener){
+ .begin = hostmem_listener_dummy,
+ .commit = hostmem_listener_commit,
+ .region_add = hostmem_listener_append_region,
+ .region_del = hostmem_listener_section_dummy,
+ .region_nop = hostmem_listener_append_region,
+ .log_start = hostmem_listener_section_dummy,
+ .log_stop = hostmem_listener_section_dummy,
+ .log_sync = hostmem_listener_section_dummy,
+ .log_global_start = hostmem_listener_dummy,
+ .log_global_stop = hostmem_listener_dummy,
+ .eventfd_add = hostmem_listener_eventfd_dummy,
+ .eventfd_del = hostmem_listener_eventfd_dummy,
+ .coalesced_mmio_add = hostmem_listener_coalesced_mmio_dummy,
+ .coalesced_mmio_del = hostmem_listener_coalesced_mmio_dummy,
+ .priority = 10,
+ };
+
+ memory_listener_register(&hostmem->listener, &address_space_memory);
+ if (hostmem->num_new_regions > 0) {
+ hostmem_listener_commit(&hostmem->listener);
+ }
+}
+
+void hostmem_finalize(HostMem *hostmem)
+{
+ memory_listener_unregister(&hostmem->listener);
+ g_free(hostmem->new_regions);
+ g_free(hostmem->current_regions);
+ qemu_mutex_destroy(&hostmem->current_regions_lock);
+}
diff --git a/hw/virtio/dataplane/vring.c b/hw/virtio/dataplane/vring.c
new file mode 100644
index 000000000..351a34380
--- /dev/null
+++ b/hw/virtio/dataplane/vring.c
@@ -0,0 +1,366 @@
+/* Copyright 2012 Red Hat, Inc.
+ * Copyright IBM, Corp. 2012
+ *
+ * Based on Linux 2.6.39 vhost code:
+ * Copyright (C) 2009 Red Hat, Inc.
+ * Copyright (C) 2006 Rusty Russell IBM Corporation
+ *
+ * Author: Michael S. Tsirkin <mst@redhat.com>
+ * Stefan Hajnoczi <stefanha@redhat.com>
+ *
+ * Inspiration, some code, and most witty comments come from
+ * Documentation/virtual/lguest/lguest.c, by Rusty Russell
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2.
+ */
+
+#include "trace.h"
+#include "hw/virtio/dataplane/vring.h"
+#include "qemu/error-report.h"
+
+/* Map the guest's vring to host memory */
+bool vring_setup(Vring *vring, VirtIODevice *vdev, int n)
+{
+ hwaddr vring_addr = virtio_queue_get_ring_addr(vdev, n);
+ hwaddr vring_size = virtio_queue_get_ring_size(vdev, n);
+ void *vring_ptr;
+
+ vring->broken = false;
+
+ hostmem_init(&vring->hostmem);
+ vring_ptr = hostmem_lookup(&vring->hostmem, vring_addr, vring_size, true);
+ if (!vring_ptr) {
+ error_report("Failed to map vring "
+ "addr %#" HWADDR_PRIx " size %" HWADDR_PRIu,
+ vring_addr, vring_size);
+ vring->broken = true;
+ return false;
+ }
+
+ vring_init(&vring->vr, virtio_queue_get_num(vdev, n), vring_ptr, 4096);
+
+ vring->last_avail_idx = virtio_queue_get_last_avail_idx(vdev, n);
+ vring->last_used_idx = vring->vr.used->idx;
+ vring->signalled_used = 0;
+ vring->signalled_used_valid = false;
+
+ trace_vring_setup(virtio_queue_get_ring_addr(vdev, n),
+ vring->vr.desc, vring->vr.avail, vring->vr.used);
+ return true;
+}
+
+void vring_teardown(Vring *vring, VirtIODevice *vdev, int n)
+{
+ virtio_queue_set_last_avail_idx(vdev, n, vring->last_avail_idx);
+ virtio_queue_invalidate_signalled_used(vdev, n);
+
+ hostmem_finalize(&vring->hostmem);
+}
+
+/* Disable guest->host notifies */
+void vring_disable_notification(VirtIODevice *vdev, Vring *vring)
+{
+ if (!(vdev->guest_features & (1 << VIRTIO_RING_F_EVENT_IDX))) {
+ vring->vr.used->flags |= VRING_USED_F_NO_NOTIFY;
+ }
+}
+
+/* Enable guest->host notifies
+ *
+ * Return true if the vring is empty, false if there are more requests.
+ */
+bool vring_enable_notification(VirtIODevice *vdev, Vring *vring)
+{
+ if (vdev->guest_features & (1 << VIRTIO_RING_F_EVENT_IDX)) {
+ vring_avail_event(&vring->vr) = vring->vr.avail->idx;
+ } else {
+ vring->vr.used->flags &= ~VRING_USED_F_NO_NOTIFY;
+ }
+ smp_mb(); /* ensure update is seen before reading avail_idx */
+ return !vring_more_avail(vring);
+}
+
+/* This is stolen from linux/drivers/vhost/vhost.c:vhost_notify() */
+bool vring_should_notify(VirtIODevice *vdev, Vring *vring)
+{
+ uint16_t old, new;
+ bool v;
+ /* Flush out used index updates. This is paired
+ * with the barrier that the Guest executes when enabling
+ * interrupts. */
+ smp_mb();
+
+ if ((vdev->guest_features & VIRTIO_F_NOTIFY_ON_EMPTY) &&
+ unlikely(vring->vr.avail->idx == vring->last_avail_idx)) {
+ return true;
+ }
+
+ if (!(vdev->guest_features & VIRTIO_RING_F_EVENT_IDX)) {
+ return !(vring->vr.avail->flags & VRING_AVAIL_F_NO_INTERRUPT);
+ }
+ old = vring->signalled_used;
+ v = vring->signalled_used_valid;
+ new = vring->signalled_used = vring->last_used_idx;
+ vring->signalled_used_valid = true;
+
+ if (unlikely(!v)) {
+ return true;
+ }
+
+ return vring_need_event(vring_used_event(&vring->vr), new, old);
+}
+
+/* This is stolen from linux/drivers/vhost/vhost.c. */
+static int get_indirect(Vring *vring,
+ struct iovec iov[], struct iovec *iov_end,
+ unsigned int *out_num, unsigned int *in_num,
+ struct vring_desc *indirect)
+{
+ struct vring_desc desc;
+ unsigned int i = 0, count, found = 0;
+
+ /* Sanity check */
+ if (unlikely(indirect->len % sizeof(desc))) {
+ error_report("Invalid length in indirect descriptor: "
+ "len %#x not multiple of %#zx",
+ indirect->len, sizeof(desc));
+ vring->broken = true;
+ return -EFAULT;
+ }
+
+ count = indirect->len / sizeof(desc);
+ /* Buffers are chained via a 16 bit next field, so
+ * we can have at most 2^16 of these. */
+ if (unlikely(count > USHRT_MAX + 1)) {
+ error_report("Indirect buffer length too big: %d", indirect->len);
+ vring->broken = true;
+ return -EFAULT;
+ }
+
+ do {
+ struct vring_desc *desc_ptr;
+
+ /* Translate indirect descriptor */
+ desc_ptr = hostmem_lookup(&vring->hostmem,
+ indirect->addr + found * sizeof(desc),
+ sizeof(desc), false);
+ if (!desc_ptr) {
+ error_report("Failed to map indirect descriptor "
+ "addr %#" PRIx64 " len %zu",
+ (uint64_t)indirect->addr + found * sizeof(desc),
+ sizeof(desc));
+ vring->broken = true;
+ return -EFAULT;
+ }
+ desc = *desc_ptr;
+
+ /* Ensure descriptor has been loaded before accessing fields */
+ barrier(); /* read_barrier_depends(); */
+
+ if (unlikely(++found > count)) {
+ error_report("Loop detected: last one at %u "
+ "indirect size %u", i, count);
+ vring->broken = true;
+ return -EFAULT;
+ }
+
+ if (unlikely(desc.flags & VRING_DESC_F_INDIRECT)) {
+ error_report("Nested indirect descriptor");
+ vring->broken = true;
+ return -EFAULT;
+ }
+
+ /* Stop for now if there are not enough iovecs available. */
+ if (iov >= iov_end) {
+ return -ENOBUFS;
+ }
+
+ iov->iov_base = hostmem_lookup(&vring->hostmem, desc.addr, desc.len,
+ desc.flags & VRING_DESC_F_WRITE);
+ if (!iov->iov_base) {
+ error_report("Failed to map indirect descriptor"
+ "addr %#" PRIx64 " len %u",
+ (uint64_t)desc.addr, desc.len);
+ vring->broken = true;
+ return -EFAULT;
+ }
+ iov->iov_len = desc.len;
+ iov++;
+
+ /* If this is an input descriptor, increment that count. */
+ if (desc.flags & VRING_DESC_F_WRITE) {
+ *in_num += 1;
+ } else {
+ /* If it's an output descriptor, they're all supposed
+ * to come before any input descriptors. */
+ if (unlikely(*in_num)) {
+ error_report("Indirect descriptor "
+ "has out after in: idx %u", i);
+ vring->broken = true;
+ return -EFAULT;
+ }
+ *out_num += 1;
+ }
+ i = desc.next;
+ } while (desc.flags & VRING_DESC_F_NEXT);
+ return 0;
+}
+
+/* This looks in the virtqueue and for the first available buffer, and converts
+ * it to an iovec for convenient access. Since descriptors consist of some
+ * number of output then some number of input descriptors, it's actually two
+ * iovecs, but we pack them into one and note how many of each there were.
+ *
+ * This function returns the descriptor number found, or vq->num (which is
+ * never a valid descriptor number) if none was found. A negative code is
+ * returned on error.
+ *
+ * Stolen from linux/drivers/vhost/vhost.c.
+ */
+int vring_pop(VirtIODevice *vdev, Vring *vring,
+ struct iovec iov[], struct iovec *iov_end,
+ unsigned int *out_num, unsigned int *in_num)
+{
+ struct vring_desc desc;
+ unsigned int i, head, found = 0, num = vring->vr.num;
+ uint16_t avail_idx, last_avail_idx;
+
+ /* If there was a fatal error then refuse operation */
+ if (vring->broken) {
+ return -EFAULT;
+ }
+
+ /* Check it isn't doing very strange things with descriptor numbers. */
+ last_avail_idx = vring->last_avail_idx;
+ avail_idx = vring->vr.avail->idx;
+ barrier(); /* load indices now and not again later */
+
+ if (unlikely((uint16_t)(avail_idx - last_avail_idx) > num)) {
+ error_report("Guest moved used index from %u to %u",
+ last_avail_idx, avail_idx);
+ vring->broken = true;
+ return -EFAULT;
+ }
+
+ /* If there's nothing new since last we looked. */
+ if (avail_idx == last_avail_idx) {
+ return -EAGAIN;
+ }
+
+ /* Only get avail ring entries after they have been exposed by guest. */
+ smp_rmb();
+
+ /* Grab the next descriptor number they're advertising, and increment
+ * the index we've seen. */
+ head = vring->vr.avail->ring[last_avail_idx % num];
+
+ /* If their number is silly, that's an error. */
+ if (unlikely(head >= num)) {
+ error_report("Guest says index %u > %u is available", head, num);
+ vring->broken = true;
+ return -EFAULT;
+ }
+
+ if (vdev->guest_features & (1 << VIRTIO_RING_F_EVENT_IDX)) {
+ vring_avail_event(&vring->vr) = vring->vr.avail->idx;
+ }
+
+ /* When we start there are none of either input nor output. */
+ *out_num = *in_num = 0;
+
+ i = head;
+ do {
+ if (unlikely(i >= num)) {
+ error_report("Desc index is %u > %u, head = %u", i, num, head);
+ vring->broken = true;
+ return -EFAULT;
+ }
+ if (unlikely(++found > num)) {
+ error_report("Loop detected: last one at %u vq size %u head %u",
+ i, num, head);
+ vring->broken = true;
+ return -EFAULT;
+ }
+ desc = vring->vr.desc[i];
+
+ /* Ensure descriptor is loaded before accessing fields */
+ barrier();
+
+ if (desc.flags & VRING_DESC_F_INDIRECT) {
+ int ret = get_indirect(vring, iov, iov_end, out_num, in_num, &desc);
+ if (ret < 0) {
+ return ret;
+ }
+ continue;
+ }
+
+ /* If there are not enough iovecs left, stop for now. The caller
+ * should check if there are more descs available once they have dealt
+ * with the current set.
+ */
+ if (iov >= iov_end) {
+ return -ENOBUFS;
+ }
+
+ /* TODO handle non-contiguous memory across region boundaries */
+ iov->iov_base = hostmem_lookup(&vring->hostmem, desc.addr, desc.len,
+ desc.flags & VRING_DESC_F_WRITE);
+ if (!iov->iov_base) {
+ error_report("Failed to map vring desc addr %#" PRIx64 " len %u",
+ (uint64_t)desc.addr, desc.len);
+ vring->broken = true;
+ return -EFAULT;
+ }
+ iov->iov_len = desc.len;
+ iov++;
+
+ if (desc.flags & VRING_DESC_F_WRITE) {
+ /* If this is an input descriptor,
+ * increment that count. */
+ *in_num += 1;
+ } else {
+ /* If it's an output descriptor, they're all supposed
+ * to come before any input descriptors. */
+ if (unlikely(*in_num)) {
+ error_report("Descriptor has out after in: idx %d", i);
+ vring->broken = true;
+ return -EFAULT;
+ }
+ *out_num += 1;
+ }
+ i = desc.next;
+ } while (desc.flags & VRING_DESC_F_NEXT);
+
+ /* On success, increment avail index. */
+ vring->last_avail_idx++;
+ return head;
+}
+
+/* After we've used one of their buffers, we tell them about it.
+ *
+ * Stolen from linux/drivers/vhost/vhost.c.
+ */
+void vring_push(Vring *vring, unsigned int head, int len)
+{
+ struct vring_used_elem *used;
+ uint16_t new;
+
+ /* Don't touch vring if a fatal error occurred */
+ if (vring->broken) {
+ return;
+ }
+
+ /* The virtqueue contains a ring of used buffers. Get a pointer to the
+ * next entry in that used ring. */
+ used = &vring->vr.used->ring[vring->last_used_idx % vring->vr.num];
+ used->id = head;
+ used->len = len;
+
+ /* Make sure buffer is written before we update index. */
+ smp_wmb();
+
+ new = vring->vr.used->idx = ++vring->last_used_idx;
+ if (unlikely((int16_t)(new - vring->signalled_used) < (uint16_t)1)) {
+ vring->signalled_used_valid = false;
+ }
+}
diff --git a/hw/virtio/vhost.c b/hw/virtio/vhost.c
new file mode 100644
index 000000000..9e336ad81
--- /dev/null
+++ b/hw/virtio/vhost.c
@@ -0,0 +1,1072 @@
+/*
+ * vhost support
+ *
+ * Copyright Red Hat, Inc. 2010
+ *
+ * Authors:
+ * Michael S. Tsirkin <mst@redhat.com>
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2. See
+ * the COPYING file in the top-level directory.
+ *
+ * Contributions after 2012-01-13 are licensed under the terms of the
+ * GNU GPL, version 2 or (at your option) any later version.
+ */
+
+#include <sys/ioctl.h>
+#include "hw/virtio/vhost.h"
+#include "hw/hw.h"
+#include "qemu/atomic.h"
+#include "qemu/range.h"
+#include <linux/vhost.h>
+#include "exec/address-spaces.h"
+#include "hw/virtio/virtio-bus.h"
+
+static void vhost_dev_sync_region(struct vhost_dev *dev,
+ MemoryRegionSection *section,
+ uint64_t mfirst, uint64_t mlast,
+ uint64_t rfirst, uint64_t rlast)
+{
+ uint64_t start = MAX(mfirst, rfirst);
+ uint64_t end = MIN(mlast, rlast);
+ vhost_log_chunk_t *from = dev->log + start / VHOST_LOG_CHUNK;
+ vhost_log_chunk_t *to = dev->log + end / VHOST_LOG_CHUNK + 1;
+ uint64_t addr = (start / VHOST_LOG_CHUNK) * VHOST_LOG_CHUNK;
+
+ if (end < start) {
+ return;
+ }
+ assert(end / VHOST_LOG_CHUNK < dev->log_size);
+ assert(start / VHOST_LOG_CHUNK < dev->log_size);
+
+ for (;from < to; ++from) {
+ vhost_log_chunk_t log;
+ int bit;
+ /* We first check with non-atomic: much cheaper,
+ * and we expect non-dirty to be the common case. */
+ if (!*from) {
+ addr += VHOST_LOG_CHUNK;
+ continue;
+ }
+ /* Data must be read atomically. We don't really need barrier semantics
+ * but it's easier to use atomic_* than roll our own. */
+ log = atomic_xchg(from, 0);
+ while ((bit = sizeof(log) > sizeof(int) ?
+ ffsll(log) : ffs(log))) {
+ hwaddr page_addr;
+ hwaddr section_offset;
+ hwaddr mr_offset;
+ bit -= 1;
+ page_addr = addr + bit * VHOST_LOG_PAGE;
+ section_offset = page_addr - section->offset_within_address_space;
+ mr_offset = section_offset + section->offset_within_region;
+ memory_region_set_dirty(section->mr, mr_offset, VHOST_LOG_PAGE);
+ log &= ~(0x1ull << bit);
+ }
+ addr += VHOST_LOG_CHUNK;
+ }
+}
+
+static int vhost_sync_dirty_bitmap(struct vhost_dev *dev,
+ MemoryRegionSection *section,
+ hwaddr first,
+ hwaddr last)
+{
+ int i;
+ hwaddr start_addr;
+ hwaddr end_addr;
+
+ if (!dev->log_enabled || !dev->started) {
+ return 0;
+ }
+ start_addr = section->offset_within_address_space;
+ end_addr = range_get_last(start_addr, int128_get64(section->size));
+ start_addr = MAX(first, start_addr);
+ end_addr = MIN(last, end_addr);
+
+ for (i = 0; i < dev->mem->nregions; ++i) {
+ struct vhost_memory_region *reg = dev->mem->regions + i;
+ vhost_dev_sync_region(dev, section, start_addr, end_addr,
+ reg->guest_phys_addr,
+ range_get_last(reg->guest_phys_addr,
+ reg->memory_size));
+ }
+ for (i = 0; i < dev->nvqs; ++i) {
+ struct vhost_virtqueue *vq = dev->vqs + i;
+ vhost_dev_sync_region(dev, section, start_addr, end_addr, vq->used_phys,
+ range_get_last(vq->used_phys, vq->used_size));
+ }
+ return 0;
+}
+
+static void vhost_log_sync(MemoryListener *listener,
+ MemoryRegionSection *section)
+{
+ struct vhost_dev *dev = container_of(listener, struct vhost_dev,
+ memory_listener);
+ vhost_sync_dirty_bitmap(dev, section, 0x0, ~0x0ULL);
+}
+
+static void vhost_log_sync_range(struct vhost_dev *dev,
+ hwaddr first, hwaddr last)
+{
+ int i;
+ /* FIXME: this is N^2 in number of sections */
+ for (i = 0; i < dev->n_mem_sections; ++i) {
+ MemoryRegionSection *section = &dev->mem_sections[i];
+ vhost_sync_dirty_bitmap(dev, section, first, last);
+ }
+}
+
+/* Assign/unassign. Keep an unsorted array of non-overlapping
+ * memory regions in dev->mem. */
+static void vhost_dev_unassign_memory(struct vhost_dev *dev,
+ uint64_t start_addr,
+ uint64_t size)
+{
+ int from, to, n = dev->mem->nregions;
+ /* Track overlapping/split regions for sanity checking. */
+ int overlap_start = 0, overlap_end = 0, overlap_middle = 0, split = 0;
+
+ for (from = 0, to = 0; from < n; ++from, ++to) {
+ struct vhost_memory_region *reg = dev->mem->regions + to;
+ uint64_t reglast;
+ uint64_t memlast;
+ uint64_t change;
+
+ /* clone old region */
+ if (to != from) {
+ memcpy(reg, dev->mem->regions + from, sizeof *reg);
+ }
+
+ /* No overlap is simple */
+ if (!ranges_overlap(reg->guest_phys_addr, reg->memory_size,
+ start_addr, size)) {
+ continue;
+ }
+
+ /* Split only happens if supplied region
+ * is in the middle of an existing one. Thus it can not
+ * overlap with any other existing region. */
+ assert(!split);
+
+ reglast = range_get_last(reg->guest_phys_addr, reg->memory_size);
+ memlast = range_get_last(start_addr, size);
+
+ /* Remove whole region */
+ if (start_addr <= reg->guest_phys_addr && memlast >= reglast) {
+ --dev->mem->nregions;
+ --to;
+ ++overlap_middle;
+ continue;
+ }
+
+ /* Shrink region */
+ if (memlast >= reglast) {
+ reg->memory_size = start_addr - reg->guest_phys_addr;
+ assert(reg->memory_size);
+ assert(!overlap_end);
+ ++overlap_end;
+ continue;
+ }
+
+ /* Shift region */
+ if (start_addr <= reg->guest_phys_addr) {
+ change = memlast + 1 - reg->guest_phys_addr;
+ reg->memory_size -= change;
+ reg->guest_phys_addr += change;
+ reg->userspace_addr += change;
+ assert(reg->memory_size);
+ assert(!overlap_start);
+ ++overlap_start;
+ continue;
+ }
+
+ /* This only happens if supplied region
+ * is in the middle of an existing one. Thus it can not
+ * overlap with any other existing region. */
+ assert(!overlap_start);
+ assert(!overlap_end);
+ assert(!overlap_middle);
+ /* Split region: shrink first part, shift second part. */
+ memcpy(dev->mem->regions + n, reg, sizeof *reg);
+ reg->memory_size = start_addr - reg->guest_phys_addr;
+ assert(reg->memory_size);
+ change = memlast + 1 - reg->guest_phys_addr;
+ reg = dev->mem->regions + n;
+ reg->memory_size -= change;
+ assert(reg->memory_size);
+ reg->guest_phys_addr += change;
+ reg->userspace_addr += change;
+ /* Never add more than 1 region */
+ assert(dev->mem->nregions == n);
+ ++dev->mem->nregions;
+ ++split;
+ }
+}
+
+/* Called after unassign, so no regions overlap the given range. */
+static void vhost_dev_assign_memory(struct vhost_dev *dev,
+ uint64_t start_addr,
+ uint64_t size,
+ uint64_t uaddr)
+{
+ int from, to;
+ struct vhost_memory_region *merged = NULL;
+ for (from = 0, to = 0; from < dev->mem->nregions; ++from, ++to) {
+ struct vhost_memory_region *reg = dev->mem->regions + to;
+ uint64_t prlast, urlast;
+ uint64_t pmlast, umlast;
+ uint64_t s, e, u;
+
+ /* clone old region */
+ if (to != from) {
+ memcpy(reg, dev->mem->regions + from, sizeof *reg);
+ }
+ prlast = range_get_last(reg->guest_phys_addr, reg->memory_size);
+ pmlast = range_get_last(start_addr, size);
+ urlast = range_get_last(reg->userspace_addr, reg->memory_size);
+ umlast = range_get_last(uaddr, size);
+
+ /* check for overlapping regions: should never happen. */
+ assert(prlast < start_addr || pmlast < reg->guest_phys_addr);
+ /* Not an adjacent or overlapping region - do not merge. */
+ if ((prlast + 1 != start_addr || urlast + 1 != uaddr) &&
+ (pmlast + 1 != reg->guest_phys_addr ||
+ umlast + 1 != reg->userspace_addr)) {
+ continue;
+ }
+
+ if (merged) {
+ --to;
+ assert(to >= 0);
+ } else {
+ merged = reg;
+ }
+ u = MIN(uaddr, reg->userspace_addr);
+ s = MIN(start_addr, reg->guest_phys_addr);
+ e = MAX(pmlast, prlast);
+ uaddr = merged->userspace_addr = u;
+ start_addr = merged->guest_phys_addr = s;
+ size = merged->memory_size = e - s + 1;
+ assert(merged->memory_size);
+ }
+
+ if (!merged) {
+ struct vhost_memory_region *reg = dev->mem->regions + to;
+ memset(reg, 0, sizeof *reg);
+ reg->memory_size = size;
+ assert(reg->memory_size);
+ reg->guest_phys_addr = start_addr;
+ reg->userspace_addr = uaddr;
+ ++to;
+ }
+ assert(to <= dev->mem->nregions + 1);
+ dev->mem->nregions = to;
+}
+
+static uint64_t vhost_get_log_size(struct vhost_dev *dev)
+{
+ uint64_t log_size = 0;
+ int i;
+ for (i = 0; i < dev->mem->nregions; ++i) {
+ struct vhost_memory_region *reg = dev->mem->regions + i;
+ uint64_t last = range_get_last(reg->guest_phys_addr,
+ reg->memory_size);
+ log_size = MAX(log_size, last / VHOST_LOG_CHUNK + 1);
+ }
+ for (i = 0; i < dev->nvqs; ++i) {
+ struct vhost_virtqueue *vq = dev->vqs + i;
+ uint64_t last = vq->used_phys + vq->used_size - 1;
+ log_size = MAX(log_size, last / VHOST_LOG_CHUNK + 1);
+ }
+ return log_size;
+}
+
+static inline void vhost_dev_log_resize(struct vhost_dev* dev, uint64_t size)
+{
+ vhost_log_chunk_t *log;
+ uint64_t log_base;
+ int r;
+
+ log = g_malloc0(size * sizeof *log);
+ log_base = (uint64_t)(unsigned long)log;
+ r = ioctl(dev->control, VHOST_SET_LOG_BASE, &log_base);
+ assert(r >= 0);
+ /* Sync only the range covered by the old log */
+ if (dev->log_size) {
+ vhost_log_sync_range(dev, 0, dev->log_size * VHOST_LOG_CHUNK - 1);
+ }
+ if (dev->log) {
+ g_free(dev->log);
+ }
+ dev->log = log;
+ dev->log_size = size;
+}
+
+static int vhost_verify_ring_mappings(struct vhost_dev *dev,
+ uint64_t start_addr,
+ uint64_t size)
+{
+ int i;
+ for (i = 0; i < dev->nvqs; ++i) {
+ struct vhost_virtqueue *vq = dev->vqs + i;
+ hwaddr l;
+ void *p;
+
+ if (!ranges_overlap(start_addr, size, vq->ring_phys, vq->ring_size)) {
+ continue;
+ }
+ l = vq->ring_size;
+ p = cpu_physical_memory_map(vq->ring_phys, &l, 1);
+ if (!p || l != vq->ring_size) {
+ fprintf(stderr, "Unable to map ring buffer for ring %d\n", i);
+ return -ENOMEM;
+ }
+ if (p != vq->ring) {
+ fprintf(stderr, "Ring buffer relocated for ring %d\n", i);
+ return -EBUSY;
+ }
+ cpu_physical_memory_unmap(p, l, 0, 0);
+ }
+ return 0;
+}
+
+static struct vhost_memory_region *vhost_dev_find_reg(struct vhost_dev *dev,
+ uint64_t start_addr,
+ uint64_t size)
+{
+ int i, n = dev->mem->nregions;
+ for (i = 0; i < n; ++i) {
+ struct vhost_memory_region *reg = dev->mem->regions + i;
+ if (ranges_overlap(reg->guest_phys_addr, reg->memory_size,
+ start_addr, size)) {
+ return reg;
+ }
+ }
+ return NULL;
+}
+
+static bool vhost_dev_cmp_memory(struct vhost_dev *dev,
+ uint64_t start_addr,
+ uint64_t size,
+ uint64_t uaddr)
+{
+ struct vhost_memory_region *reg = vhost_dev_find_reg(dev, start_addr, size);
+ uint64_t reglast;
+ uint64_t memlast;
+
+ if (!reg) {
+ return true;
+ }
+
+ reglast = range_get_last(reg->guest_phys_addr, reg->memory_size);
+ memlast = range_get_last(start_addr, size);
+
+ /* Need to extend region? */
+ if (start_addr < reg->guest_phys_addr || memlast > reglast) {
+ return true;
+ }
+ /* userspace_addr changed? */
+ return uaddr != reg->userspace_addr + start_addr - reg->guest_phys_addr;
+}
+
+static void vhost_set_memory(MemoryListener *listener,
+ MemoryRegionSection *section,
+ bool add)
+{
+ struct vhost_dev *dev = container_of(listener, struct vhost_dev,
+ memory_listener);
+ hwaddr start_addr = section->offset_within_address_space;
+ ram_addr_t size = int128_get64(section->size);
+ bool log_dirty = memory_region_is_logging(section->mr);
+ int s = offsetof(struct vhost_memory, regions) +
+ (dev->mem->nregions + 1) * sizeof dev->mem->regions[0];
+ void *ram;
+
+ dev->mem = g_realloc(dev->mem, s);
+
+ if (log_dirty) {
+ add = false;
+ }
+
+ assert(size);
+
+ /* Optimize no-change case. At least cirrus_vga does this a lot at this time. */
+ ram = memory_region_get_ram_ptr(section->mr) + section->offset_within_region;
+ if (add) {
+ if (!vhost_dev_cmp_memory(dev, start_addr, size, (uintptr_t)ram)) {
+ /* Region exists with same address. Nothing to do. */
+ return;
+ }
+ } else {
+ if (!vhost_dev_find_reg(dev, start_addr, size)) {
+ /* Removing region that we don't access. Nothing to do. */
+ return;
+ }
+ }
+
+ vhost_dev_unassign_memory(dev, start_addr, size);
+ if (add) {
+ /* Add given mapping, merging adjacent regions if any */
+ vhost_dev_assign_memory(dev, start_addr, size, (uintptr_t)ram);
+ } else {
+ /* Remove old mapping for this memory, if any. */
+ vhost_dev_unassign_memory(dev, start_addr, size);
+ }
+ dev->mem_changed_start_addr = MIN(dev->mem_changed_start_addr, start_addr);
+ dev->mem_changed_end_addr = MAX(dev->mem_changed_end_addr, start_addr + size - 1);
+ dev->memory_changed = true;
+}
+
+static bool vhost_section(MemoryRegionSection *section)
+{
+ return memory_region_is_ram(section->mr);
+}
+
+static void vhost_begin(MemoryListener *listener)
+{
+ struct vhost_dev *dev = container_of(listener, struct vhost_dev,
+ memory_listener);
+ dev->mem_changed_end_addr = 0;
+ dev->mem_changed_start_addr = -1;
+}
+
+static void vhost_commit(MemoryListener *listener)
+{
+ struct vhost_dev *dev = container_of(listener, struct vhost_dev,
+ memory_listener);
+ hwaddr start_addr = 0;
+ ram_addr_t size = 0;
+ uint64_t log_size;
+ int r;
+
+ if (!dev->memory_changed) {
+ return;
+ }
+ if (!dev->started) {
+ return;
+ }
+ if (dev->mem_changed_start_addr > dev->mem_changed_end_addr) {
+ return;
+ }
+
+ if (dev->started) {
+ start_addr = dev->mem_changed_start_addr;
+ size = dev->mem_changed_end_addr - dev->mem_changed_start_addr + 1;
+
+ r = vhost_verify_ring_mappings(dev, start_addr, size);
+ assert(r >= 0);
+ }
+
+ if (!dev->log_enabled) {
+ r = ioctl(dev->control, VHOST_SET_MEM_TABLE, dev->mem);
+ assert(r >= 0);
+ dev->memory_changed = false;
+ return;
+ }
+ log_size = vhost_get_log_size(dev);
+ /* We allocate an extra 4K bytes to log,
+ * to reduce the * number of reallocations. */
+#define VHOST_LOG_BUFFER (0x1000 / sizeof *dev->log)
+ /* To log more, must increase log size before table update. */
+ if (dev->log_size < log_size) {
+ vhost_dev_log_resize(dev, log_size + VHOST_LOG_BUFFER);
+ }
+ r = ioctl(dev->control, VHOST_SET_MEM_TABLE, dev->mem);
+ assert(r >= 0);
+ /* To log less, can only decrease log size after table update. */
+ if (dev->log_size > log_size + VHOST_LOG_BUFFER) {
+ vhost_dev_log_resize(dev, log_size);
+ }
+ dev->memory_changed = false;
+}
+
+static void vhost_region_add(MemoryListener *listener,
+ MemoryRegionSection *section)
+{
+ struct vhost_dev *dev = container_of(listener, struct vhost_dev,
+ memory_listener);
+
+ if (!vhost_section(section)) {
+ return;
+ }
+
+ ++dev->n_mem_sections;
+ dev->mem_sections = g_renew(MemoryRegionSection, dev->mem_sections,
+ dev->n_mem_sections);
+ dev->mem_sections[dev->n_mem_sections - 1] = *section;
+ memory_region_ref(section->mr);
+ vhost_set_memory(listener, section, true);
+}
+
+static void vhost_region_del(MemoryListener *listener,
+ MemoryRegionSection *section)
+{
+ struct vhost_dev *dev = container_of(listener, struct vhost_dev,
+ memory_listener);
+ int i;
+
+ if (!vhost_section(section)) {
+ return;
+ }
+
+ vhost_set_memory(listener, section, false);
+ memory_region_unref(section->mr);
+ for (i = 0; i < dev->n_mem_sections; ++i) {
+ if (dev->mem_sections[i].offset_within_address_space
+ == section->offset_within_address_space) {
+ --dev->n_mem_sections;
+ memmove(&dev->mem_sections[i], &dev->mem_sections[i+1],
+ (dev->n_mem_sections - i) * sizeof(*dev->mem_sections));
+ break;
+ }
+ }
+}
+
+static void vhost_region_nop(MemoryListener *listener,
+ MemoryRegionSection *section)
+{
+}
+
+static int vhost_virtqueue_set_addr(struct vhost_dev *dev,
+ struct vhost_virtqueue *vq,
+ unsigned idx, bool enable_log)
+{
+ struct vhost_vring_addr addr = {
+ .index = idx,
+ .desc_user_addr = (uint64_t)(unsigned long)vq->desc,
+ .avail_user_addr = (uint64_t)(unsigned long)vq->avail,
+ .used_user_addr = (uint64_t)(unsigned long)vq->used,
+ .log_guest_addr = vq->used_phys,
+ .flags = enable_log ? (1 << VHOST_VRING_F_LOG) : 0,
+ };
+ int r = ioctl(dev->control, VHOST_SET_VRING_ADDR, &addr);
+ if (r < 0) {
+ return -errno;
+ }
+ return 0;
+}
+
+static int vhost_dev_set_features(struct vhost_dev *dev, bool enable_log)
+{
+ uint64_t features = dev->acked_features;
+ int r;
+ if (enable_log) {
+ features |= 0x1 << VHOST_F_LOG_ALL;
+ }
+ r = ioctl(dev->control, VHOST_SET_FEATURES, &features);
+ return r < 0 ? -errno : 0;
+}
+
+static int vhost_dev_set_log(struct vhost_dev *dev, bool enable_log)
+{
+ int r, t, i;
+ r = vhost_dev_set_features(dev, enable_log);
+ if (r < 0) {
+ goto err_features;
+ }
+ for (i = 0; i < dev->nvqs; ++i) {
+ r = vhost_virtqueue_set_addr(dev, dev->vqs + i, i,
+ enable_log);
+ if (r < 0) {
+ goto err_vq;
+ }
+ }
+ return 0;
+err_vq:
+ for (; i >= 0; --i) {
+ t = vhost_virtqueue_set_addr(dev, dev->vqs + i, i,
+ dev->log_enabled);
+ assert(t >= 0);
+ }
+ t = vhost_dev_set_features(dev, dev->log_enabled);
+ assert(t >= 0);
+err_features:
+ return r;
+}
+
+static int vhost_migration_log(MemoryListener *listener, int enable)
+{
+ struct vhost_dev *dev = container_of(listener, struct vhost_dev,
+ memory_listener);
+ int r;
+ if (!!enable == dev->log_enabled) {
+ return 0;
+ }
+ if (!dev->started) {
+ dev->log_enabled = enable;
+ return 0;
+ }
+ if (!enable) {
+ r = vhost_dev_set_log(dev, false);
+ if (r < 0) {
+ return r;
+ }
+ if (dev->log) {
+ g_free(dev->log);
+ }
+ dev->log = NULL;
+ dev->log_size = 0;
+ } else {
+ vhost_dev_log_resize(dev, vhost_get_log_size(dev));
+ r = vhost_dev_set_log(dev, true);
+ if (r < 0) {
+ return r;
+ }
+ }
+ dev->log_enabled = enable;
+ return 0;
+}
+
+static void vhost_log_global_start(MemoryListener *listener)
+{
+ int r;
+
+ r = vhost_migration_log(listener, true);
+ if (r < 0) {
+ abort();
+ }
+}
+
+static void vhost_log_global_stop(MemoryListener *listener)
+{
+ int r;
+
+ r = vhost_migration_log(listener, false);
+ if (r < 0) {
+ abort();
+ }
+}
+
+static void vhost_log_start(MemoryListener *listener,
+ MemoryRegionSection *section)
+{
+ /* FIXME: implement */
+}
+
+static void vhost_log_stop(MemoryListener *listener,
+ MemoryRegionSection *section)
+{
+ /* FIXME: implement */
+}
+
+static int vhost_virtqueue_start(struct vhost_dev *dev,
+ struct VirtIODevice *vdev,
+ struct vhost_virtqueue *vq,
+ unsigned idx)
+{
+ hwaddr s, l, a;
+ int r;
+ int vhost_vq_index = idx - dev->vq_index;
+ struct vhost_vring_file file = {
+ .index = vhost_vq_index
+ };
+ struct vhost_vring_state state = {
+ .index = vhost_vq_index
+ };
+ struct VirtQueue *vvq = virtio_get_queue(vdev, idx);
+
+ assert(idx >= dev->vq_index && idx < dev->vq_index + dev->nvqs);
+
+ vq->num = state.num = virtio_queue_get_num(vdev, idx);
+ r = ioctl(dev->control, VHOST_SET_VRING_NUM, &state);
+ if (r) {
+ return -errno;
+ }
+
+ state.num = virtio_queue_get_last_avail_idx(vdev, idx);
+ r = ioctl(dev->control, VHOST_SET_VRING_BASE, &state);
+ if (r) {
+ return -errno;
+ }
+
+ s = l = virtio_queue_get_desc_size(vdev, idx);
+ a = virtio_queue_get_desc_addr(vdev, idx);
+ vq->desc = cpu_physical_memory_map(a, &l, 0);
+ if (!vq->desc || l != s) {
+ r = -ENOMEM;
+ goto fail_alloc_desc;
+ }
+ s = l = virtio_queue_get_avail_size(vdev, idx);
+ a = virtio_queue_get_avail_addr(vdev, idx);
+ vq->avail = cpu_physical_memory_map(a, &l, 0);
+ if (!vq->avail || l != s) {
+ r = -ENOMEM;
+ goto fail_alloc_avail;
+ }
+ vq->used_size = s = l = virtio_queue_get_used_size(vdev, idx);
+ vq->used_phys = a = virtio_queue_get_used_addr(vdev, idx);
+ vq->used = cpu_physical_memory_map(a, &l, 1);
+ if (!vq->used || l != s) {
+ r = -ENOMEM;
+ goto fail_alloc_used;
+ }
+
+ vq->ring_size = s = l = virtio_queue_get_ring_size(vdev, idx);
+ vq->ring_phys = a = virtio_queue_get_ring_addr(vdev, idx);
+ vq->ring = cpu_physical_memory_map(a, &l, 1);
+ if (!vq->ring || l != s) {
+ r = -ENOMEM;
+ goto fail_alloc_ring;
+ }
+
+ r = vhost_virtqueue_set_addr(dev, vq, vhost_vq_index, dev->log_enabled);
+ if (r < 0) {
+ r = -errno;
+ goto fail_alloc;
+ }
+
+ file.fd = event_notifier_get_fd(virtio_queue_get_host_notifier(vvq));
+ r = ioctl(dev->control, VHOST_SET_VRING_KICK, &file);
+ if (r) {
+ r = -errno;
+ goto fail_kick;
+ }
+
+ /* Clear and discard previous events if any. */
+ event_notifier_test_and_clear(&vq->masked_notifier);
+
+ return 0;
+
+fail_kick:
+fail_alloc:
+ cpu_physical_memory_unmap(vq->ring, virtio_queue_get_ring_size(vdev, idx),
+ 0, 0);
+fail_alloc_ring:
+ cpu_physical_memory_unmap(vq->used, virtio_queue_get_used_size(vdev, idx),
+ 0, 0);
+fail_alloc_used:
+ cpu_physical_memory_unmap(vq->avail, virtio_queue_get_avail_size(vdev, idx),
+ 0, 0);
+fail_alloc_avail:
+ cpu_physical_memory_unmap(vq->desc, virtio_queue_get_desc_size(vdev, idx),
+ 0, 0);
+fail_alloc_desc:
+ return r;
+}
+
+static void vhost_virtqueue_stop(struct vhost_dev *dev,
+ struct VirtIODevice *vdev,
+ struct vhost_virtqueue *vq,
+ unsigned idx)
+{
+ struct vhost_vring_state state = {
+ .index = idx - dev->vq_index
+ };
+ int r;
+ assert(idx >= dev->vq_index && idx < dev->vq_index + dev->nvqs);
+ r = ioctl(dev->control, VHOST_GET_VRING_BASE, &state);
+ if (r < 0) {
+ fprintf(stderr, "vhost VQ %d ring restore failed: %d\n", idx, r);
+ fflush(stderr);
+ }
+ virtio_queue_set_last_avail_idx(vdev, idx, state.num);
+ virtio_queue_invalidate_signalled_used(vdev, idx);
+ assert (r >= 0);
+ cpu_physical_memory_unmap(vq->ring, virtio_queue_get_ring_size(vdev, idx),
+ 0, virtio_queue_get_ring_size(vdev, idx));
+ cpu_physical_memory_unmap(vq->used, virtio_queue_get_used_size(vdev, idx),
+ 1, virtio_queue_get_used_size(vdev, idx));
+ cpu_physical_memory_unmap(vq->avail, virtio_queue_get_avail_size(vdev, idx),
+ 0, virtio_queue_get_avail_size(vdev, idx));
+ cpu_physical_memory_unmap(vq->desc, virtio_queue_get_desc_size(vdev, idx),
+ 0, virtio_queue_get_desc_size(vdev, idx));
+}
+
+static void vhost_eventfd_add(MemoryListener *listener,
+ MemoryRegionSection *section,
+ bool match_data, uint64_t data, EventNotifier *e)
+{
+}
+
+static void vhost_eventfd_del(MemoryListener *listener,
+ MemoryRegionSection *section,
+ bool match_data, uint64_t data, EventNotifier *e)
+{
+}
+
+static int vhost_virtqueue_init(struct vhost_dev *dev,
+ struct vhost_virtqueue *vq, int n)
+{
+ struct vhost_vring_file file = {
+ .index = n,
+ };
+ int r = event_notifier_init(&vq->masked_notifier, 0);
+ if (r < 0) {
+ return r;
+ }
+
+ file.fd = event_notifier_get_fd(&vq->masked_notifier);
+ r = ioctl(dev->control, VHOST_SET_VRING_CALL, &file);
+ if (r) {
+ r = -errno;
+ goto fail_call;
+ }
+ return 0;
+fail_call:
+ event_notifier_cleanup(&vq->masked_notifier);
+ return r;
+}
+
+static void vhost_virtqueue_cleanup(struct vhost_virtqueue *vq)
+{
+ event_notifier_cleanup(&vq->masked_notifier);
+}
+
+int vhost_dev_init(struct vhost_dev *hdev, int devfd, const char *devpath,
+ bool force)
+{
+ uint64_t features;
+ int i, r;
+ if (devfd >= 0) {
+ hdev->control = devfd;
+ } else {
+ hdev->control = open(devpath, O_RDWR);
+ if (hdev->control < 0) {
+ return -errno;
+ }
+ }
+ r = ioctl(hdev->control, VHOST_SET_OWNER, NULL);
+ if (r < 0) {
+ goto fail;
+ }
+
+ r = ioctl(hdev->control, VHOST_GET_FEATURES, &features);
+ if (r < 0) {
+ goto fail;
+ }
+
+ for (i = 0; i < hdev->nvqs; ++i) {
+ r = vhost_virtqueue_init(hdev, hdev->vqs + i, i);
+ if (r < 0) {
+ goto fail_vq;
+ }
+ }
+ hdev->features = features;
+
+ hdev->memory_listener = (MemoryListener) {
+ .begin = vhost_begin,
+ .commit = vhost_commit,
+ .region_add = vhost_region_add,
+ .region_del = vhost_region_del,
+ .region_nop = vhost_region_nop,
+ .log_start = vhost_log_start,
+ .log_stop = vhost_log_stop,
+ .log_sync = vhost_log_sync,
+ .log_global_start = vhost_log_global_start,
+ .log_global_stop = vhost_log_global_stop,
+ .eventfd_add = vhost_eventfd_add,
+ .eventfd_del = vhost_eventfd_del,
+ .priority = 10
+ };
+ hdev->mem = g_malloc0(offsetof(struct vhost_memory, regions));
+ hdev->n_mem_sections = 0;
+ hdev->mem_sections = NULL;
+ hdev->log = NULL;
+ hdev->log_size = 0;
+ hdev->log_enabled = false;
+ hdev->started = false;
+ hdev->memory_changed = false;
+ memory_listener_register(&hdev->memory_listener, &address_space_memory);
+ hdev->force = force;
+ return 0;
+fail_vq:
+ while (--i >= 0) {
+ vhost_virtqueue_cleanup(hdev->vqs + i);
+ }
+fail:
+ r = -errno;
+ close(hdev->control);
+ return r;
+}
+
+void vhost_dev_cleanup(struct vhost_dev *hdev)
+{
+ int i;
+ for (i = 0; i < hdev->nvqs; ++i) {
+ vhost_virtqueue_cleanup(hdev->vqs + i);
+ }
+ memory_listener_unregister(&hdev->memory_listener);
+ g_free(hdev->mem);
+ g_free(hdev->mem_sections);
+ close(hdev->control);
+}
+
+bool vhost_dev_query(struct vhost_dev *hdev, VirtIODevice *vdev)
+{
+ BusState *qbus = BUS(qdev_get_parent_bus(DEVICE(vdev)));
+ VirtioBusState *vbus = VIRTIO_BUS(qbus);
+ VirtioBusClass *k = VIRTIO_BUS_GET_CLASS(vbus);
+
+ return !k->query_guest_notifiers ||
+ k->query_guest_notifiers(qbus->parent) ||
+ hdev->force;
+}
+
+/* Stop processing guest IO notifications in qemu.
+ * Start processing them in vhost in kernel.
+ */
+int vhost_dev_enable_notifiers(struct vhost_dev *hdev, VirtIODevice *vdev)
+{
+ BusState *qbus = BUS(qdev_get_parent_bus(DEVICE(vdev)));
+ VirtioBusState *vbus = VIRTIO_BUS(qbus);
+ VirtioBusClass *k = VIRTIO_BUS_GET_CLASS(vbus);
+ int i, r;
+ if (!k->set_host_notifier) {
+ fprintf(stderr, "binding does not support host notifiers\n");
+ r = -ENOSYS;
+ goto fail;
+ }
+
+ for (i = 0; i < hdev->nvqs; ++i) {
+ r = k->set_host_notifier(qbus->parent, hdev->vq_index + i, true);
+ if (r < 0) {
+ fprintf(stderr, "vhost VQ %d notifier binding failed: %d\n", i, -r);
+ goto fail_vq;
+ }
+ }
+
+ return 0;
+fail_vq:
+ while (--i >= 0) {
+ r = k->set_host_notifier(qbus->parent, hdev->vq_index + i, false);
+ if (r < 0) {
+ fprintf(stderr, "vhost VQ %d notifier cleanup error: %d\n", i, -r);
+ fflush(stderr);
+ }
+ assert (r >= 0);
+ }
+fail:
+ return r;
+}
+
+/* Stop processing guest IO notifications in vhost.
+ * Start processing them in qemu.
+ * This might actually run the qemu handlers right away,
+ * so virtio in qemu must be completely setup when this is called.
+ */
+void vhost_dev_disable_notifiers(struct vhost_dev *hdev, VirtIODevice *vdev)
+{
+ BusState *qbus = BUS(qdev_get_parent_bus(DEVICE(vdev)));
+ VirtioBusState *vbus = VIRTIO_BUS(qbus);
+ VirtioBusClass *k = VIRTIO_BUS_GET_CLASS(vbus);
+ int i, r;
+
+ for (i = 0; i < hdev->nvqs; ++i) {
+ r = k->set_host_notifier(qbus->parent, hdev->vq_index + i, false);
+ if (r < 0) {
+ fprintf(stderr, "vhost VQ %d notifier cleanup failed: %d\n", i, -r);
+ fflush(stderr);
+ }
+ assert (r >= 0);
+ }
+}
+
+/* Test and clear event pending status.
+ * Should be called after unmask to avoid losing events.
+ */
+bool vhost_virtqueue_pending(struct vhost_dev *hdev, int n)
+{
+ struct vhost_virtqueue *vq = hdev->vqs + n - hdev->vq_index;
+ assert(hdev->started);
+ assert(n >= hdev->vq_index && n < hdev->vq_index + hdev->nvqs);
+ return event_notifier_test_and_clear(&vq->masked_notifier);
+}
+
+/* Mask/unmask events from this vq. */
+void vhost_virtqueue_mask(struct vhost_dev *hdev, VirtIODevice *vdev, int n,
+ bool mask)
+{
+ struct VirtQueue *vvq = virtio_get_queue(vdev, n);
+ int r, index = n - hdev->vq_index;
+
+ assert(hdev->started);
+ assert(n >= hdev->vq_index && n < hdev->vq_index + hdev->nvqs);
+
+ struct vhost_vring_file file = {
+ .index = index
+ };
+ if (mask) {
+ file.fd = event_notifier_get_fd(&hdev->vqs[index].masked_notifier);
+ } else {
+ file.fd = event_notifier_get_fd(virtio_queue_get_guest_notifier(vvq));
+ }
+ r = ioctl(hdev->control, VHOST_SET_VRING_CALL, &file);
+ assert(r >= 0);
+}
+
+/* Host notifiers must be enabled at this point. */
+int vhost_dev_start(struct vhost_dev *hdev, VirtIODevice *vdev)
+{
+ int i, r;
+
+ hdev->started = true;
+
+ r = vhost_dev_set_features(hdev, hdev->log_enabled);
+ if (r < 0) {
+ goto fail_features;
+ }
+ r = ioctl(hdev->control, VHOST_SET_MEM_TABLE, hdev->mem);
+ if (r < 0) {
+ r = -errno;
+ goto fail_mem;
+ }
+ for (i = 0; i < hdev->nvqs; ++i) {
+ r = vhost_virtqueue_start(hdev,
+ vdev,
+ hdev->vqs + i,
+ hdev->vq_index + i);
+ if (r < 0) {
+ goto fail_vq;
+ }
+ }
+
+ if (hdev->log_enabled) {
+ hdev->log_size = vhost_get_log_size(hdev);
+ hdev->log = hdev->log_size ?
+ g_malloc0(hdev->log_size * sizeof *hdev->log) : NULL;
+ r = ioctl(hdev->control, VHOST_SET_LOG_BASE,
+ (uint64_t)(unsigned long)hdev->log);
+ if (r < 0) {
+ r = -errno;
+ goto fail_log;
+ }
+ }
+
+ return 0;
+fail_log:
+fail_vq:
+ while (--i >= 0) {
+ vhost_virtqueue_stop(hdev,
+ vdev,
+ hdev->vqs + i,
+ hdev->vq_index + i);
+ }
+ i = hdev->nvqs;
+fail_mem:
+fail_features:
+
+ hdev->started = false;
+ return r;
+}
+
+/* Host notifiers must be enabled at this point. */
+void vhost_dev_stop(struct vhost_dev *hdev, VirtIODevice *vdev)
+{
+ int i;
+
+ for (i = 0; i < hdev->nvqs; ++i) {
+ vhost_virtqueue_stop(hdev,
+ vdev,
+ hdev->vqs + i,
+ hdev->vq_index + i);
+ }
+ vhost_log_sync_range(hdev, 0, ~0x0ull);
+
+ hdev->started = false;
+ g_free(hdev->log);
+ hdev->log = NULL;
+ hdev->log_size = 0;
+}
+
diff --git a/hw/virtio/virtio-balloon.c b/hw/virtio/virtio-balloon.c
new file mode 100644
index 000000000..aac7f83cc
--- /dev/null
+++ b/hw/virtio/virtio-balloon.c
@@ -0,0 +1,414 @@
+/*
+ * Virtio Balloon Device
+ *
+ * Copyright IBM, Corp. 2008
+ * Copyright (C) 2011 Red Hat, Inc.
+ * Copyright (C) 2011 Amit Shah <amit.shah@redhat.com>
+ *
+ * Authors:
+ * Anthony Liguori <aliguori@us.ibm.com>
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2. See
+ * the COPYING file in the top-level directory.
+ *
+ */
+
+#include "qemu/iov.h"
+#include "qemu/timer.h"
+#include "qemu-common.h"
+#include "hw/virtio/virtio.h"
+#include "hw/i386/pc.h"
+#include "cpu.h"
+#include "sysemu/balloon.h"
+#include "hw/virtio/virtio-balloon.h"
+#include "sysemu/kvm.h"
+#include "exec/address-spaces.h"
+#include "qapi/visitor.h"
+
+#if defined(__linux__)
+#include <sys/mman.h>
+#endif
+
+#include "hw/virtio/virtio-bus.h"
+
+static void balloon_page(void *addr, int deflate)
+{
+#if defined(__linux__)
+ if (!kvm_enabled() || kvm_has_sync_mmu())
+ qemu_madvise(addr, TARGET_PAGE_SIZE,
+ deflate ? QEMU_MADV_WILLNEED : QEMU_MADV_DONTNEED);
+#endif
+}
+
+static const char *balloon_stat_names[] = {
+ [VIRTIO_BALLOON_S_SWAP_IN] = "stat-swap-in",
+ [VIRTIO_BALLOON_S_SWAP_OUT] = "stat-swap-out",
+ [VIRTIO_BALLOON_S_MAJFLT] = "stat-major-faults",
+ [VIRTIO_BALLOON_S_MINFLT] = "stat-minor-faults",
+ [VIRTIO_BALLOON_S_MEMFREE] = "stat-free-memory",
+ [VIRTIO_BALLOON_S_MEMTOT] = "stat-total-memory",
+ [VIRTIO_BALLOON_S_NR] = NULL
+};
+
+/*
+ * reset_stats - Mark all items in the stats array as unset
+ *
+ * This function needs to be called at device initialization and before
+ * updating to a set of newly-generated stats. This will ensure that no
+ * stale values stick around in case the guest reports a subset of the supported
+ * statistics.
+ */
+static inline void reset_stats(VirtIOBalloon *dev)
+{
+ int i;
+ for (i = 0; i < VIRTIO_BALLOON_S_NR; dev->stats[i++] = -1);
+}
+
+static bool balloon_stats_supported(const VirtIOBalloon *s)
+{
+ VirtIODevice *vdev = VIRTIO_DEVICE(s);
+ return vdev->guest_features & (1 << VIRTIO_BALLOON_F_STATS_VQ);
+}
+
+static bool balloon_stats_enabled(const VirtIOBalloon *s)
+{
+ return s->stats_poll_interval > 0;
+}
+
+static void balloon_stats_destroy_timer(VirtIOBalloon *s)
+{
+ if (balloon_stats_enabled(s)) {
+ qemu_del_timer(s->stats_timer);
+ qemu_free_timer(s->stats_timer);
+ s->stats_timer = NULL;
+ s->stats_poll_interval = 0;
+ }
+}
+
+static void balloon_stats_change_timer(VirtIOBalloon *s, int secs)
+{
+ qemu_mod_timer(s->stats_timer, qemu_get_clock_ms(vm_clock) + secs * 1000);
+}
+
+static void balloon_stats_poll_cb(void *opaque)
+{
+ VirtIOBalloon *s = opaque;
+ VirtIODevice *vdev = VIRTIO_DEVICE(s);
+
+ if (!balloon_stats_supported(s)) {
+ /* re-schedule */
+ balloon_stats_change_timer(s, s->stats_poll_interval);
+ return;
+ }
+
+ virtqueue_push(s->svq, &s->stats_vq_elem, s->stats_vq_offset);
+ virtio_notify(vdev, s->svq);
+}
+
+static void balloon_stats_get_all(Object *obj, struct Visitor *v,
+ void *opaque, const char *name, Error **errp)
+{
+ VirtIOBalloon *s = opaque;
+ int i;
+
+ if (!s->stats_last_update) {
+ error_setg(errp, "guest hasn't updated any stats yet");
+ return;
+ }
+
+ visit_start_struct(v, NULL, "guest-stats", name, 0, errp);
+ visit_type_int(v, &s->stats_last_update, "last-update", errp);
+
+ visit_start_struct(v, NULL, NULL, "stats", 0, errp);
+ for (i = 0; i < VIRTIO_BALLOON_S_NR; i++) {
+ visit_type_int64(v, (int64_t *) &s->stats[i], balloon_stat_names[i],
+ errp);
+ }
+ visit_end_struct(v, errp);
+
+ visit_end_struct(v, errp);
+}
+
+static void balloon_stats_get_poll_interval(Object *obj, struct Visitor *v,
+ void *opaque, const char *name,
+ Error **errp)
+{
+ VirtIOBalloon *s = opaque;
+ visit_type_int(v, &s->stats_poll_interval, name, errp);
+}
+
+static void balloon_stats_set_poll_interval(Object *obj, struct Visitor *v,
+ void *opaque, const char *name,
+ Error **errp)
+{
+ VirtIOBalloon *s = opaque;
+ int64_t value;
+
+ visit_type_int(v, &value, name, errp);
+ if (error_is_set(errp)) {
+ return;
+ }
+
+ if (value < 0) {
+ error_setg(errp, "timer value must be greater than zero");
+ return;
+ }
+
+ if (value == s->stats_poll_interval) {
+ return;
+ }
+
+ if (value == 0) {
+ /* timer=0 disables the timer */
+ balloon_stats_destroy_timer(s);
+ return;
+ }
+
+ if (balloon_stats_enabled(s)) {
+ /* timer interval change */
+ s->stats_poll_interval = value;
+ balloon_stats_change_timer(s, value);
+ return;
+ }
+
+ /* create a new timer */
+ g_assert(s->stats_timer == NULL);
+ s->stats_timer = qemu_new_timer_ms(vm_clock, balloon_stats_poll_cb, s);
+ s->stats_poll_interval = value;
+ balloon_stats_change_timer(s, 0);
+}
+
+static void virtio_balloon_handle_output(VirtIODevice *vdev, VirtQueue *vq)
+{
+ VirtIOBalloon *s = VIRTIO_BALLOON(vdev);
+ VirtQueueElement elem;
+ MemoryRegionSection section;
+
+ while (virtqueue_pop(vq, &elem)) {
+ size_t offset = 0;
+ uint32_t pfn;
+
+ while (iov_to_buf(elem.out_sg, elem.out_num, offset, &pfn, 4) == 4) {
+ ram_addr_t pa;
+ ram_addr_t addr;
+
+ pa = (ram_addr_t)ldl_p(&pfn) << VIRTIO_BALLOON_PFN_SHIFT;
+ offset += 4;
+
+ /* FIXME: remove get_system_memory(), but how? */
+ section = memory_region_find(get_system_memory(), pa, 1);
+ if (!int128_nz(section.size) || !memory_region_is_ram(section.mr))
+ continue;
+
+ /* Using memory_region_get_ram_ptr is bending the rules a bit, but
+ should be OK because we only want a single page. */
+ addr = section.offset_within_region;
+ balloon_page(memory_region_get_ram_ptr(section.mr) + addr,
+ !!(vq == s->dvq));
+ memory_region_unref(section.mr);
+ }
+
+ virtqueue_push(vq, &elem, offset);
+ virtio_notify(vdev, vq);
+ }
+}
+
+static void virtio_balloon_receive_stats(VirtIODevice *vdev, VirtQueue *vq)
+{
+ VirtIOBalloon *s = VIRTIO_BALLOON(vdev);
+ VirtQueueElement *elem = &s->stats_vq_elem;
+ VirtIOBalloonStat stat;
+ size_t offset = 0;
+ qemu_timeval tv;
+
+ if (!virtqueue_pop(vq, elem)) {
+ goto out;
+ }
+
+ /* Initialize the stats to get rid of any stale values. This is only
+ * needed to handle the case where a guest supports fewer stats than it
+ * used to (ie. it has booted into an old kernel).
+ */
+ reset_stats(s);
+
+ while (iov_to_buf(elem->out_sg, elem->out_num, offset, &stat, sizeof(stat))
+ == sizeof(stat)) {
+ uint16_t tag = tswap16(stat.tag);
+ uint64_t val = tswap64(stat.val);
+
+ offset += sizeof(stat);
+ if (tag < VIRTIO_BALLOON_S_NR)
+ s->stats[tag] = val;
+ }
+ s->stats_vq_offset = offset;
+
+ if (qemu_gettimeofday(&tv) < 0) {
+ fprintf(stderr, "warning: %s: failed to get time of day\n", __func__);
+ goto out;
+ }
+
+ s->stats_last_update = tv.tv_sec;
+
+out:
+ if (balloon_stats_enabled(s)) {
+ balloon_stats_change_timer(s, s->stats_poll_interval);
+ }
+}
+
+static void virtio_balloon_get_config(VirtIODevice *vdev, uint8_t *config_data)
+{
+ VirtIOBalloon *dev = VIRTIO_BALLOON(vdev);
+ struct virtio_balloon_config config;
+
+ config.num_pages = cpu_to_le32(dev->num_pages);
+ config.actual = cpu_to_le32(dev->actual);
+
+ memcpy(config_data, &config, 8);
+}
+
+static void virtio_balloon_set_config(VirtIODevice *vdev,
+ const uint8_t *config_data)
+{
+ VirtIOBalloon *dev = VIRTIO_BALLOON(vdev);
+ struct virtio_balloon_config config;
+ uint32_t oldactual = dev->actual;
+ memcpy(&config, config_data, 8);
+ dev->actual = le32_to_cpu(config.actual);
+ if (dev->actual != oldactual) {
+ qemu_balloon_changed(ram_size -
+ ((ram_addr_t) dev->actual << VIRTIO_BALLOON_PFN_SHIFT));
+ }
+}
+
+static uint32_t virtio_balloon_get_features(VirtIODevice *vdev, uint32_t f)
+{
+ f |= (1 << VIRTIO_BALLOON_F_STATS_VQ);
+ return f;
+}
+
+static void virtio_balloon_stat(void *opaque, BalloonInfo *info)
+{
+ VirtIOBalloon *dev = opaque;
+ info->actual = ram_size - ((uint64_t) dev->actual <<
+ VIRTIO_BALLOON_PFN_SHIFT);
+}
+
+static void virtio_balloon_to_target(void *opaque, ram_addr_t target)
+{
+ VirtIOBalloon *dev = VIRTIO_BALLOON(opaque);
+ VirtIODevice *vdev = VIRTIO_DEVICE(dev);
+
+ if (target > ram_size) {
+ target = ram_size;
+ }
+ if (target) {
+ dev->num_pages = (ram_size - target) >> VIRTIO_BALLOON_PFN_SHIFT;
+ virtio_notify_config(vdev);
+ }
+}
+
+static void virtio_balloon_save(QEMUFile *f, void *opaque)
+{
+ VirtIOBalloon *s = VIRTIO_BALLOON(opaque);
+ VirtIODevice *vdev = VIRTIO_DEVICE(s);
+
+ virtio_save(vdev, f);
+
+ qemu_put_be32(f, s->num_pages);
+ qemu_put_be32(f, s->actual);
+}
+
+static int virtio_balloon_load(QEMUFile *f, void *opaque, int version_id)
+{
+ VirtIOBalloon *s = VIRTIO_BALLOON(opaque);
+ VirtIODevice *vdev = VIRTIO_DEVICE(s);
+ int ret;
+
+ if (version_id != 1)
+ return -EINVAL;
+
+ ret = virtio_load(vdev, f);
+ if (ret) {
+ return ret;
+ }
+
+ s->num_pages = qemu_get_be32(f);
+ s->actual = qemu_get_be32(f);
+ return 0;
+}
+
+static int virtio_balloon_device_init(VirtIODevice *vdev)
+{
+ DeviceState *qdev = DEVICE(vdev);
+ VirtIOBalloon *s = VIRTIO_BALLOON(vdev);
+ int ret;
+
+ virtio_init(vdev, "virtio-balloon", VIRTIO_ID_BALLOON, 8);
+
+ ret = qemu_add_balloon_handler(virtio_balloon_to_target,
+ virtio_balloon_stat, s);
+
+ if (ret < 0) {
+ virtio_cleanup(VIRTIO_DEVICE(s));
+ return -1;
+ }
+
+ s->ivq = virtio_add_queue(vdev, 128, virtio_balloon_handle_output);
+ s->dvq = virtio_add_queue(vdev, 128, virtio_balloon_handle_output);
+ s->svq = virtio_add_queue(vdev, 128, virtio_balloon_receive_stats);
+
+ register_savevm(qdev, "virtio-balloon", -1, 1,
+ virtio_balloon_save, virtio_balloon_load, s);
+
+ object_property_add(OBJECT(qdev), "guest-stats", "guest statistics",
+ balloon_stats_get_all, NULL, NULL, s, NULL);
+
+ object_property_add(OBJECT(qdev), "guest-stats-polling-interval", "int",
+ balloon_stats_get_poll_interval,
+ balloon_stats_set_poll_interval,
+ NULL, s, NULL);
+ return 0;
+}
+
+static int virtio_balloon_device_exit(DeviceState *qdev)
+{
+ VirtIOBalloon *s = VIRTIO_BALLOON(qdev);
+ VirtIODevice *vdev = VIRTIO_DEVICE(qdev);
+
+ balloon_stats_destroy_timer(s);
+ qemu_remove_balloon_handler(s);
+ unregister_savevm(qdev, "virtio-balloon", s);
+ virtio_cleanup(vdev);
+ return 0;
+}
+
+static Property virtio_balloon_properties[] = {
+ DEFINE_PROP_END_OF_LIST(),
+};
+
+static void virtio_balloon_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ VirtioDeviceClass *vdc = VIRTIO_DEVICE_CLASS(klass);
+ dc->exit = virtio_balloon_device_exit;
+ dc->props = virtio_balloon_properties;
+ set_bit(DEVICE_CATEGORY_MISC, dc->categories);
+ vdc->init = virtio_balloon_device_init;
+ vdc->get_config = virtio_balloon_get_config;
+ vdc->set_config = virtio_balloon_set_config;
+ vdc->get_features = virtio_balloon_get_features;
+}
+
+static const TypeInfo virtio_balloon_info = {
+ .name = TYPE_VIRTIO_BALLOON,
+ .parent = TYPE_VIRTIO_DEVICE,
+ .instance_size = sizeof(VirtIOBalloon),
+ .class_init = virtio_balloon_class_init,
+};
+
+static void virtio_register_types(void)
+{
+ type_register_static(&virtio_balloon_info);
+}
+
+type_init(virtio_register_types)
diff --git a/hw/virtio/virtio-bus.c b/hw/virtio/virtio-bus.c
new file mode 100644
index 000000000..6849a018a
--- /dev/null
+++ b/hw/virtio/virtio-bus.c
@@ -0,0 +1,190 @@
+/*
+ * VirtioBus
+ *
+ * Copyright (C) 2012 : GreenSocs Ltd
+ * http://www.greensocs.com/ , email: info@greensocs.com
+ *
+ * Developed by :
+ * Frederic Konrad <fred.konrad@greensocs.com>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+#include "hw/hw.h"
+#include "qemu/error-report.h"
+#include "hw/qdev.h"
+#include "hw/virtio/virtio-bus.h"
+#include "hw/virtio/virtio.h"
+
+/* #define DEBUG_VIRTIO_BUS */
+
+#ifdef DEBUG_VIRTIO_BUS
+#define DPRINTF(fmt, ...) \
+do { printf("virtio_bus: " fmt , ## __VA_ARGS__); } while (0)
+#else
+#define DPRINTF(fmt, ...) do { } while (0)
+#endif
+
+/* Plug the VirtIODevice */
+int virtio_bus_plug_device(VirtIODevice *vdev)
+{
+ DeviceState *qdev = DEVICE(vdev);
+ BusState *qbus = BUS(qdev_get_parent_bus(qdev));
+ VirtioBusState *bus = VIRTIO_BUS(qbus);
+ VirtioBusClass *klass = VIRTIO_BUS_GET_CLASS(bus);
+ DPRINTF("%s: plug device.\n", qbus->name);
+
+ bus->vdev = vdev;
+
+ if (klass->device_plugged != NULL) {
+ klass->device_plugged(qbus->parent);
+ }
+
+ return 0;
+}
+
+/* Reset the virtio_bus */
+void virtio_bus_reset(VirtioBusState *bus)
+{
+ DPRINTF("%s: reset device.\n", qbus->name);
+ if (bus->vdev != NULL) {
+ virtio_reset(bus->vdev);
+ }
+}
+
+/* Destroy the VirtIODevice */
+void virtio_bus_destroy_device(VirtioBusState *bus)
+{
+ DeviceState *qdev;
+ BusState *qbus = BUS(bus);
+ VirtioBusClass *klass = VIRTIO_BUS_GET_CLASS(bus);
+ DPRINTF("%s: remove device.\n", qbus->name);
+
+ if (bus->vdev != NULL) {
+ if (klass->device_unplug != NULL) {
+ klass->device_unplug(qbus->parent);
+ }
+ qdev = DEVICE(bus->vdev);
+ qdev_free(qdev);
+ bus->vdev = NULL;
+ }
+}
+
+/* Get the device id of the plugged device. */
+uint16_t virtio_bus_get_vdev_id(VirtioBusState *bus)
+{
+ assert(bus->vdev != NULL);
+ return bus->vdev->device_id;
+}
+
+/* Get the config_len field of the plugged device. */
+size_t virtio_bus_get_vdev_config_len(VirtioBusState *bus)
+{
+ assert(bus->vdev != NULL);
+ return bus->vdev->config_len;
+}
+
+/* Get the features of the plugged device. */
+uint32_t virtio_bus_get_vdev_features(VirtioBusState *bus,
+ uint32_t requested_features)
+{
+ VirtioDeviceClass *k;
+ assert(bus->vdev != NULL);
+ k = VIRTIO_DEVICE_GET_CLASS(bus->vdev);
+ assert(k->get_features != NULL);
+ return k->get_features(bus->vdev, requested_features);
+}
+
+/* Set the features of the plugged device. */
+void virtio_bus_set_vdev_features(VirtioBusState *bus,
+ uint32_t requested_features)
+{
+ VirtioDeviceClass *k;
+ assert(bus->vdev != NULL);
+ k = VIRTIO_DEVICE_GET_CLASS(bus->vdev);
+ if (k->set_features != NULL) {
+ k->set_features(bus->vdev, requested_features);
+ }
+}
+
+/* Get bad features of the plugged device. */
+uint32_t virtio_bus_get_vdev_bad_features(VirtioBusState *bus)
+{
+ VirtioDeviceClass *k;
+ assert(bus->vdev != NULL);
+ k = VIRTIO_DEVICE_GET_CLASS(bus->vdev);
+ if (k->bad_features != NULL) {
+ return k->bad_features(bus->vdev);
+ } else {
+ return 0;
+ }
+}
+
+/* Get config of the plugged device. */
+void virtio_bus_get_vdev_config(VirtioBusState *bus, uint8_t *config)
+{
+ VirtioDeviceClass *k;
+ assert(bus->vdev != NULL);
+ k = VIRTIO_DEVICE_GET_CLASS(bus->vdev);
+ if (k->get_config != NULL) {
+ k->get_config(bus->vdev, config);
+ }
+}
+
+/* Set config of the plugged device. */
+void virtio_bus_set_vdev_config(VirtioBusState *bus, uint8_t *config)
+{
+ VirtioDeviceClass *k;
+ assert(bus->vdev != NULL);
+ k = VIRTIO_DEVICE_GET_CLASS(bus->vdev);
+ if (k->set_config != NULL) {
+ k->set_config(bus->vdev, config);
+ }
+}
+
+static char *virtio_bus_get_dev_path(DeviceState *dev)
+{
+ BusState *bus = qdev_get_parent_bus(dev);
+ DeviceState *proxy = DEVICE(bus->parent);
+ return qdev_get_dev_path(proxy);
+}
+
+static char *virtio_bus_get_fw_dev_path(DeviceState *dev)
+{
+ return NULL;
+}
+
+static void virtio_bus_class_init(ObjectClass *klass, void *data)
+{
+ BusClass *bus_class = BUS_CLASS(klass);
+ bus_class->get_dev_path = virtio_bus_get_dev_path;
+ bus_class->get_fw_dev_path = virtio_bus_get_fw_dev_path;
+}
+
+static const TypeInfo virtio_bus_info = {
+ .name = TYPE_VIRTIO_BUS,
+ .parent = TYPE_BUS,
+ .instance_size = sizeof(VirtioBusState),
+ .abstract = true,
+ .class_size = sizeof(VirtioBusClass),
+ .class_init = virtio_bus_class_init
+};
+
+static void virtio_register_types(void)
+{
+ type_register_static(&virtio_bus_info);
+}
+
+type_init(virtio_register_types)
diff --git a/hw/virtio/virtio-mmio.c b/hw/virtio/virtio-mmio.c
new file mode 100644
index 000000000..4bd29533f
--- /dev/null
+++ b/hw/virtio/virtio-mmio.c
@@ -0,0 +1,425 @@
+/*
+ * Virtio MMIO bindings
+ *
+ * Copyright (c) 2011 Linaro Limited
+ *
+ * Author:
+ * Peter Maydell <peter.maydell@linaro.org>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License; either version 2
+ * of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "hw/sysbus.h"
+#include "hw/virtio/virtio.h"
+#include "qemu/host-utils.h"
+#include "hw/virtio/virtio-bus.h"
+
+/* #define DEBUG_VIRTIO_MMIO */
+
+#ifdef DEBUG_VIRTIO_MMIO
+
+#define DPRINTF(fmt, ...) \
+do { printf("virtio_mmio: " fmt , ## __VA_ARGS__); } while (0)
+#else
+#define DPRINTF(fmt, ...) do {} while (0)
+#endif
+
+/* QOM macros */
+/* virtio-mmio-bus */
+#define TYPE_VIRTIO_MMIO_BUS "virtio-mmio-bus"
+#define VIRTIO_MMIO_BUS(obj) \
+ OBJECT_CHECK(VirtioBusState, (obj), TYPE_VIRTIO_MMIO_BUS)
+#define VIRTIO_MMIO_BUS_GET_CLASS(obj) \
+ OBJECT_GET_CLASS(VirtioBusClass, (obj), TYPE_VIRTIO_MMIO_BUS)
+#define VIRTIO_MMIO_BUS_CLASS(klass) \
+ OBJECT_CLASS_CHECK(VirtioBusClass, (klass), TYPE_VIRTIO_MMIO_BUS)
+
+/* virtio-mmio */
+#define TYPE_VIRTIO_MMIO "virtio-mmio"
+#define VIRTIO_MMIO(obj) \
+ OBJECT_CHECK(VirtIOMMIOProxy, (obj), TYPE_VIRTIO_MMIO)
+
+/* Memory mapped register offsets */
+#define VIRTIO_MMIO_MAGIC 0x0
+#define VIRTIO_MMIO_VERSION 0x4
+#define VIRTIO_MMIO_DEVICEID 0x8
+#define VIRTIO_MMIO_VENDORID 0xc
+#define VIRTIO_MMIO_HOSTFEATURES 0x10
+#define VIRTIO_MMIO_HOSTFEATURESSEL 0x14
+#define VIRTIO_MMIO_GUESTFEATURES 0x20
+#define VIRTIO_MMIO_GUESTFEATURESSEL 0x24
+#define VIRTIO_MMIO_GUESTPAGESIZE 0x28
+#define VIRTIO_MMIO_QUEUESEL 0x30
+#define VIRTIO_MMIO_QUEUENUMMAX 0x34
+#define VIRTIO_MMIO_QUEUENUM 0x38
+#define VIRTIO_MMIO_QUEUEALIGN 0x3c
+#define VIRTIO_MMIO_QUEUEPFN 0x40
+#define VIRTIO_MMIO_QUEUENOTIFY 0x50
+#define VIRTIO_MMIO_INTERRUPTSTATUS 0x60
+#define VIRTIO_MMIO_INTERRUPTACK 0x64
+#define VIRTIO_MMIO_STATUS 0x70
+/* Device specific config space starts here */
+#define VIRTIO_MMIO_CONFIG 0x100
+
+#define VIRT_MAGIC 0x74726976 /* 'virt' */
+#define VIRT_VERSION 1
+#define VIRT_VENDOR 0x554D4551 /* 'QEMU' */
+
+typedef struct {
+ /* Generic */
+ SysBusDevice parent_obj;
+ MemoryRegion iomem;
+ qemu_irq irq;
+ uint32_t host_features;
+ /* Guest accessible state needing migration and reset */
+ uint32_t host_features_sel;
+ uint32_t guest_features_sel;
+ uint32_t guest_page_shift;
+ /* virtio-bus */
+ VirtioBusState bus;
+} VirtIOMMIOProxy;
+
+static void virtio_mmio_bus_new(VirtioBusState *bus, VirtIOMMIOProxy *dev);
+
+static uint64_t virtio_mmio_read(void *opaque, hwaddr offset, unsigned size)
+{
+ VirtIOMMIOProxy *proxy = (VirtIOMMIOProxy *)opaque;
+ VirtIODevice *vdev = proxy->bus.vdev;
+
+ DPRINTF("virtio_mmio_read offset 0x%x\n", (int)offset);
+
+ if (!vdev) {
+ /* If no backend is present, we treat most registers as
+ * read-as-zero, except for the magic number, version and
+ * vendor ID. This is not strictly sanctioned by the virtio
+ * spec, but it allows us to provide transports with no backend
+ * plugged in which don't confuse Linux's virtio code: the
+ * probe won't complain about the bad magic number, but the
+ * device ID of zero means no backend will claim it.
+ */
+ switch (offset) {
+ case VIRTIO_MMIO_MAGIC:
+ return VIRT_MAGIC;
+ case VIRTIO_MMIO_VERSION:
+ return VIRT_VERSION;
+ case VIRTIO_MMIO_VENDORID:
+ return VIRT_VENDOR;
+ default:
+ return 0;
+ }
+ }
+
+ if (offset >= VIRTIO_MMIO_CONFIG) {
+ offset -= VIRTIO_MMIO_CONFIG;
+ switch (size) {
+ case 1:
+ return virtio_config_readb(vdev, offset);
+ case 2:
+ return virtio_config_readw(vdev, offset);
+ case 4:
+ return virtio_config_readl(vdev, offset);
+ default:
+ abort();
+ }
+ }
+ if (size != 4) {
+ DPRINTF("wrong size access to register!\n");
+ return 0;
+ }
+ switch (offset) {
+ case VIRTIO_MMIO_MAGIC:
+ return VIRT_MAGIC;
+ case VIRTIO_MMIO_VERSION:
+ return VIRT_VERSION;
+ case VIRTIO_MMIO_DEVICEID:
+ return vdev->device_id;
+ case VIRTIO_MMIO_VENDORID:
+ return VIRT_VENDOR;
+ case VIRTIO_MMIO_HOSTFEATURES:
+ if (proxy->host_features_sel) {
+ return 0;
+ }
+ return proxy->host_features;
+ case VIRTIO_MMIO_QUEUENUMMAX:
+ if (!virtio_queue_get_num(vdev, vdev->queue_sel)) {
+ return 0;
+ }
+ return VIRTQUEUE_MAX_SIZE;
+ case VIRTIO_MMIO_QUEUEPFN:
+ return virtio_queue_get_addr(vdev, vdev->queue_sel)
+ >> proxy->guest_page_shift;
+ case VIRTIO_MMIO_INTERRUPTSTATUS:
+ return vdev->isr;
+ case VIRTIO_MMIO_STATUS:
+ return vdev->status;
+ case VIRTIO_MMIO_HOSTFEATURESSEL:
+ case VIRTIO_MMIO_GUESTFEATURES:
+ case VIRTIO_MMIO_GUESTFEATURESSEL:
+ case VIRTIO_MMIO_GUESTPAGESIZE:
+ case VIRTIO_MMIO_QUEUESEL:
+ case VIRTIO_MMIO_QUEUENUM:
+ case VIRTIO_MMIO_QUEUEALIGN:
+ case VIRTIO_MMIO_QUEUENOTIFY:
+ case VIRTIO_MMIO_INTERRUPTACK:
+ DPRINTF("read of write-only register\n");
+ return 0;
+ default:
+ DPRINTF("bad register offset\n");
+ return 0;
+ }
+ return 0;
+}
+
+static void virtio_mmio_write(void *opaque, hwaddr offset, uint64_t value,
+ unsigned size)
+{
+ VirtIOMMIOProxy *proxy = (VirtIOMMIOProxy *)opaque;
+ VirtIODevice *vdev = proxy->bus.vdev;
+
+ DPRINTF("virtio_mmio_write offset 0x%x value 0x%" PRIx64 "\n",
+ (int)offset, value);
+
+ if (!vdev) {
+ /* If no backend is present, we just make all registers
+ * write-ignored. This allows us to provide transports with
+ * no backend plugged in.
+ */
+ return;
+ }
+
+ if (offset >= VIRTIO_MMIO_CONFIG) {
+ offset -= VIRTIO_MMIO_CONFIG;
+ switch (size) {
+ case 1:
+ virtio_config_writeb(vdev, offset, value);
+ break;
+ case 2:
+ virtio_config_writew(vdev, offset, value);
+ break;
+ case 4:
+ virtio_config_writel(vdev, offset, value);
+ break;
+ default:
+ abort();
+ }
+ return;
+ }
+ if (size != 4) {
+ DPRINTF("wrong size access to register!\n");
+ return;
+ }
+ switch (offset) {
+ case VIRTIO_MMIO_HOSTFEATURESSEL:
+ proxy->host_features_sel = value;
+ break;
+ case VIRTIO_MMIO_GUESTFEATURES:
+ if (!proxy->guest_features_sel) {
+ virtio_set_features(vdev, value);
+ }
+ break;
+ case VIRTIO_MMIO_GUESTFEATURESSEL:
+ proxy->guest_features_sel = value;
+ break;
+ case VIRTIO_MMIO_GUESTPAGESIZE:
+ proxy->guest_page_shift = ctz32(value);
+ if (proxy->guest_page_shift > 31) {
+ proxy->guest_page_shift = 0;
+ }
+ DPRINTF("guest page size %" PRIx64 " shift %d\n", value,
+ proxy->guest_page_shift);
+ break;
+ case VIRTIO_MMIO_QUEUESEL:
+ if (value < VIRTIO_PCI_QUEUE_MAX) {
+ vdev->queue_sel = value;
+ }
+ break;
+ case VIRTIO_MMIO_QUEUENUM:
+ DPRINTF("mmio_queue write %d max %d\n", (int)value, VIRTQUEUE_MAX_SIZE);
+ virtio_queue_set_num(vdev, vdev->queue_sel, value);
+ break;
+ case VIRTIO_MMIO_QUEUEALIGN:
+ virtio_queue_set_align(vdev, vdev->queue_sel, value);
+ break;
+ case VIRTIO_MMIO_QUEUEPFN:
+ if (value == 0) {
+ virtio_reset(vdev);
+ } else {
+ virtio_queue_set_addr(vdev, vdev->queue_sel,
+ value << proxy->guest_page_shift);
+ }
+ break;
+ case VIRTIO_MMIO_QUEUENOTIFY:
+ if (value < VIRTIO_PCI_QUEUE_MAX) {
+ virtio_queue_notify(vdev, value);
+ }
+ break;
+ case VIRTIO_MMIO_INTERRUPTACK:
+ vdev->isr &= ~value;
+ virtio_update_irq(vdev);
+ break;
+ case VIRTIO_MMIO_STATUS:
+ virtio_set_status(vdev, value & 0xff);
+ if (vdev->status == 0) {
+ virtio_reset(vdev);
+ }
+ break;
+ case VIRTIO_MMIO_MAGIC:
+ case VIRTIO_MMIO_VERSION:
+ case VIRTIO_MMIO_DEVICEID:
+ case VIRTIO_MMIO_VENDORID:
+ case VIRTIO_MMIO_HOSTFEATURES:
+ case VIRTIO_MMIO_QUEUENUMMAX:
+ case VIRTIO_MMIO_INTERRUPTSTATUS:
+ DPRINTF("write to readonly register\n");
+ break;
+
+ default:
+ DPRINTF("bad register offset\n");
+ }
+}
+
+static const MemoryRegionOps virtio_mem_ops = {
+ .read = virtio_mmio_read,
+ .write = virtio_mmio_write,
+ .endianness = DEVICE_NATIVE_ENDIAN,
+};
+
+static void virtio_mmio_update_irq(DeviceState *opaque, uint16_t vector)
+{
+ VirtIOMMIOProxy *proxy = VIRTIO_MMIO(opaque);
+ int level;
+
+ if (!proxy->bus.vdev) {
+ return;
+ }
+ level = (proxy->bus.vdev->isr != 0);
+ DPRINTF("virtio_mmio setting IRQ %d\n", level);
+ qemu_set_irq(proxy->irq, level);
+}
+
+static unsigned int virtio_mmio_get_features(DeviceState *opaque)
+{
+ VirtIOMMIOProxy *proxy = VIRTIO_MMIO(opaque);
+
+ return proxy->host_features;
+}
+
+static int virtio_mmio_load_config(DeviceState *opaque, QEMUFile *f)
+{
+ VirtIOMMIOProxy *proxy = VIRTIO_MMIO(opaque);
+
+ proxy->host_features_sel = qemu_get_be32(f);
+ proxy->guest_features_sel = qemu_get_be32(f);
+ proxy->guest_page_shift = qemu_get_be32(f);
+ return 0;
+}
+
+static void virtio_mmio_save_config(DeviceState *opaque, QEMUFile *f)
+{
+ VirtIOMMIOProxy *proxy = VIRTIO_MMIO(opaque);
+
+ qemu_put_be32(f, proxy->host_features_sel);
+ qemu_put_be32(f, proxy->guest_features_sel);
+ qemu_put_be32(f, proxy->guest_page_shift);
+}
+
+static void virtio_mmio_reset(DeviceState *d)
+{
+ VirtIOMMIOProxy *proxy = VIRTIO_MMIO(d);
+
+ virtio_bus_reset(&proxy->bus);
+ proxy->host_features_sel = 0;
+ proxy->guest_features_sel = 0;
+ proxy->guest_page_shift = 0;
+}
+
+/* virtio-mmio device */
+
+/* This is called by virtio-bus just after the device is plugged. */
+static void virtio_mmio_device_plugged(DeviceState *opaque)
+{
+ VirtIOMMIOProxy *proxy = VIRTIO_MMIO(opaque);
+
+ proxy->host_features |= (0x1 << VIRTIO_F_NOTIFY_ON_EMPTY);
+ proxy->host_features = virtio_bus_get_vdev_features(&proxy->bus,
+ proxy->host_features);
+}
+
+static void virtio_mmio_realizefn(DeviceState *d, Error **errp)
+{
+ VirtIOMMIOProxy *proxy = VIRTIO_MMIO(d);
+ SysBusDevice *sbd = SYS_BUS_DEVICE(d);
+
+ virtio_mmio_bus_new(&proxy->bus, proxy);
+ sysbus_init_irq(sbd, &proxy->irq);
+ memory_region_init_io(&proxy->iomem, OBJECT(d), &virtio_mem_ops, proxy,
+ TYPE_VIRTIO_MMIO, 0x200);
+ sysbus_init_mmio(sbd, &proxy->iomem);
+}
+
+static void virtio_mmio_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+
+ dc->realize = virtio_mmio_realizefn;
+ dc->reset = virtio_mmio_reset;
+ set_bit(DEVICE_CATEGORY_MISC, dc->categories);
+}
+
+static const TypeInfo virtio_mmio_info = {
+ .name = TYPE_VIRTIO_MMIO,
+ .parent = TYPE_SYS_BUS_DEVICE,
+ .instance_size = sizeof(VirtIOMMIOProxy),
+ .class_init = virtio_mmio_class_init,
+};
+
+/* virtio-mmio-bus. */
+
+static void virtio_mmio_bus_new(VirtioBusState *bus, VirtIOMMIOProxy *dev)
+{
+ DeviceState *qdev = DEVICE(dev);
+ BusState *qbus;
+
+ qbus_create_inplace((BusState *)bus, TYPE_VIRTIO_MMIO_BUS, qdev, NULL);
+ qbus = BUS(bus);
+ qbus->allow_hotplug = 0;
+}
+
+static void virtio_mmio_bus_class_init(ObjectClass *klass, void *data)
+{
+ BusClass *bus_class = BUS_CLASS(klass);
+ VirtioBusClass *k = VIRTIO_BUS_CLASS(klass);
+
+ k->notify = virtio_mmio_update_irq;
+ k->save_config = virtio_mmio_save_config;
+ k->load_config = virtio_mmio_load_config;
+ k->get_features = virtio_mmio_get_features;
+ k->device_plugged = virtio_mmio_device_plugged;
+ k->has_variable_vring_alignment = true;
+ bus_class->max_dev = 1;
+}
+
+static const TypeInfo virtio_mmio_bus_info = {
+ .name = TYPE_VIRTIO_MMIO_BUS,
+ .parent = TYPE_VIRTIO_BUS,
+ .instance_size = sizeof(VirtioBusState),
+ .class_init = virtio_mmio_bus_class_init,
+};
+
+static void virtio_mmio_register_types(void)
+{
+ type_register_static(&virtio_mmio_bus_info);
+ type_register_static(&virtio_mmio_info);
+}
+
+type_init(virtio_mmio_register_types)
diff --git a/hw/virtio/virtio-pci.c b/hw/virtio/virtio-pci.c
new file mode 100644
index 000000000..d37037ef1
--- /dev/null
+++ b/hw/virtio/virtio-pci.c
@@ -0,0 +1,1562 @@
+/*
+ * Virtio PCI Bindings
+ *
+ * Copyright IBM, Corp. 2007
+ * Copyright (c) 2009 CodeSourcery
+ *
+ * Authors:
+ * Anthony Liguori <aliguori@us.ibm.com>
+ * Paul Brook <paul@codesourcery.com>
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2. See
+ * the COPYING file in the top-level directory.
+ *
+ * Contributions after 2012-01-13 are licensed under the terms of the
+ * GNU GPL, version 2 or (at your option) any later version.
+ */
+
+#include <inttypes.h>
+
+#include "hw/virtio/virtio.h"
+#include "hw/virtio/virtio-blk.h"
+#include "hw/virtio/virtio-net.h"
+#include "hw/virtio/virtio-serial.h"
+#include "hw/virtio/virtio-scsi.h"
+#include "hw/virtio/virtio-balloon.h"
+#include "hw/pci/pci.h"
+#include "qemu/error-report.h"
+#include "hw/pci/msi.h"
+#include "hw/pci/msix.h"
+#include "hw/loader.h"
+#include "sysemu/kvm.h"
+#include "sysemu/blockdev.h"
+#include "virtio-pci.h"
+#include "qemu/range.h"
+#include "hw/virtio/virtio-bus.h"
+#include "qapi/visitor.h"
+
+/* from Linux's linux/virtio_pci.h */
+
+/* A 32-bit r/o bitmask of the features supported by the host */
+#define VIRTIO_PCI_HOST_FEATURES 0
+
+/* A 32-bit r/w bitmask of features activated by the guest */
+#define VIRTIO_PCI_GUEST_FEATURES 4
+
+/* A 32-bit r/w PFN for the currently selected queue */
+#define VIRTIO_PCI_QUEUE_PFN 8
+
+/* A 16-bit r/o queue size for the currently selected queue */
+#define VIRTIO_PCI_QUEUE_NUM 12
+
+/* A 16-bit r/w queue selector */
+#define VIRTIO_PCI_QUEUE_SEL 14
+
+/* A 16-bit r/w queue notifier */
+#define VIRTIO_PCI_QUEUE_NOTIFY 16
+
+/* An 8-bit device status register. */
+#define VIRTIO_PCI_STATUS 18
+
+/* An 8-bit r/o interrupt status register. Reading the value will return the
+ * current contents of the ISR and will also clear it. This is effectively
+ * a read-and-acknowledge. */
+#define VIRTIO_PCI_ISR 19
+
+/* MSI-X registers: only enabled if MSI-X is enabled. */
+/* A 16-bit vector for configuration changes. */
+#define VIRTIO_MSI_CONFIG_VECTOR 20
+/* A 16-bit vector for selected queue notifications. */
+#define VIRTIO_MSI_QUEUE_VECTOR 22
+
+/* Config space size */
+#define VIRTIO_PCI_CONFIG_NOMSI 20
+#define VIRTIO_PCI_CONFIG_MSI 24
+#define VIRTIO_PCI_REGION_SIZE(dev) (msix_present(dev) ? \
+ VIRTIO_PCI_CONFIG_MSI : \
+ VIRTIO_PCI_CONFIG_NOMSI)
+
+/* The remaining space is defined by each driver as the per-driver
+ * configuration space */
+#define VIRTIO_PCI_CONFIG(dev) (msix_enabled(dev) ? \
+ VIRTIO_PCI_CONFIG_MSI : \
+ VIRTIO_PCI_CONFIG_NOMSI)
+
+/* How many bits to shift physical queue address written to QUEUE_PFN.
+ * 12 is historical, and due to x86 page size. */
+#define VIRTIO_PCI_QUEUE_ADDR_SHIFT 12
+
+/* Flags track per-device state like workarounds for quirks in older guests. */
+#define VIRTIO_PCI_FLAG_BUS_MASTER_BUG (1 << 0)
+
+/* HACK for virtio to determine if it's running a big endian guest */
+bool virtio_is_big_endian(void);
+
+static void virtio_pci_bus_new(VirtioBusState *bus, VirtIOPCIProxy *dev);
+
+/* virtio device */
+/* DeviceState to VirtIOPCIProxy. For use off data-path. TODO: use QOM. */
+static inline VirtIOPCIProxy *to_virtio_pci_proxy(DeviceState *d)
+{
+ return container_of(d, VirtIOPCIProxy, pci_dev.qdev);
+}
+
+/* DeviceState to VirtIOPCIProxy. Note: used on datapath,
+ * be careful and test performance if you change this.
+ */
+static inline VirtIOPCIProxy *to_virtio_pci_proxy_fast(DeviceState *d)
+{
+ return container_of(d, VirtIOPCIProxy, pci_dev.qdev);
+}
+
+static void virtio_pci_notify(DeviceState *d, uint16_t vector)
+{
+ VirtIOPCIProxy *proxy = to_virtio_pci_proxy_fast(d);
+ if (msix_enabled(&proxy->pci_dev))
+ msix_notify(&proxy->pci_dev, vector);
+ else
+ qemu_set_irq(proxy->pci_dev.irq[0], proxy->vdev->isr & 1);
+}
+
+static void virtio_pci_save_config(DeviceState *d, QEMUFile *f)
+{
+ VirtIOPCIProxy *proxy = to_virtio_pci_proxy(d);
+ pci_device_save(&proxy->pci_dev, f);
+ msix_save(&proxy->pci_dev, f);
+ if (msix_present(&proxy->pci_dev))
+ qemu_put_be16(f, proxy->vdev->config_vector);
+}
+
+static void virtio_pci_save_queue(DeviceState *d, int n, QEMUFile *f)
+{
+ VirtIOPCIProxy *proxy = to_virtio_pci_proxy(d);
+ if (msix_present(&proxy->pci_dev))
+ qemu_put_be16(f, virtio_queue_vector(proxy->vdev, n));
+}
+
+static int virtio_pci_load_config(DeviceState *d, QEMUFile *f)
+{
+ VirtIOPCIProxy *proxy = to_virtio_pci_proxy(d);
+ int ret;
+ ret = pci_device_load(&proxy->pci_dev, f);
+ if (ret) {
+ return ret;
+ }
+ msix_unuse_all_vectors(&proxy->pci_dev);
+ msix_load(&proxy->pci_dev, f);
+ if (msix_present(&proxy->pci_dev)) {
+ qemu_get_be16s(f, &proxy->vdev->config_vector);
+ } else {
+ proxy->vdev->config_vector = VIRTIO_NO_VECTOR;
+ }
+ if (proxy->vdev->config_vector != VIRTIO_NO_VECTOR) {
+ return msix_vector_use(&proxy->pci_dev, proxy->vdev->config_vector);
+ }
+ return 0;
+}
+
+static int virtio_pci_load_queue(DeviceState *d, int n, QEMUFile *f)
+{
+ VirtIOPCIProxy *proxy = to_virtio_pci_proxy(d);
+ uint16_t vector;
+ if (msix_present(&proxy->pci_dev)) {
+ qemu_get_be16s(f, &vector);
+ } else {
+ vector = VIRTIO_NO_VECTOR;
+ }
+ virtio_queue_set_vector(proxy->vdev, n, vector);
+ if (vector != VIRTIO_NO_VECTOR) {
+ return msix_vector_use(&proxy->pci_dev, vector);
+ }
+ return 0;
+}
+
+static int virtio_pci_set_host_notifier_internal(VirtIOPCIProxy *proxy,
+ int n, bool assign, bool set_handler)
+{
+ VirtQueue *vq = virtio_get_queue(proxy->vdev, n);
+ EventNotifier *notifier = virtio_queue_get_host_notifier(vq);
+ int r = 0;
+
+ if (assign) {
+ r = event_notifier_init(notifier, 1);
+ if (r < 0) {
+ error_report("%s: unable to init event notifier: %d",
+ __func__, r);
+ return r;
+ }
+ virtio_queue_set_host_notifier_fd_handler(vq, true, set_handler);
+ memory_region_add_eventfd(&proxy->bar, VIRTIO_PCI_QUEUE_NOTIFY, 2,
+ true, n, notifier);
+ } else {
+ memory_region_del_eventfd(&proxy->bar, VIRTIO_PCI_QUEUE_NOTIFY, 2,
+ true, n, notifier);
+ virtio_queue_set_host_notifier_fd_handler(vq, false, false);
+ event_notifier_cleanup(notifier);
+ }
+ return r;
+}
+
+static void virtio_pci_start_ioeventfd(VirtIOPCIProxy *proxy)
+{
+ int n, r;
+
+ if (!(proxy->flags & VIRTIO_PCI_FLAG_USE_IOEVENTFD) ||
+ proxy->ioeventfd_disabled ||
+ proxy->ioeventfd_started) {
+ return;
+ }
+
+ for (n = 0; n < VIRTIO_PCI_QUEUE_MAX; n++) {
+ if (!virtio_queue_get_num(proxy->vdev, n)) {
+ continue;
+ }
+
+ r = virtio_pci_set_host_notifier_internal(proxy, n, true, true);
+ if (r < 0) {
+ goto assign_error;
+ }
+ }
+ proxy->ioeventfd_started = true;
+ return;
+
+assign_error:
+ while (--n >= 0) {
+ if (!virtio_queue_get_num(proxy->vdev, n)) {
+ continue;
+ }
+
+ r = virtio_pci_set_host_notifier_internal(proxy, n, false, false);
+ assert(r >= 0);
+ }
+ proxy->ioeventfd_started = false;
+ error_report("%s: failed. Fallback to a userspace (slower).", __func__);
+}
+
+static void virtio_pci_stop_ioeventfd(VirtIOPCIProxy *proxy)
+{
+ int r;
+ int n;
+
+ if (!proxy->ioeventfd_started) {
+ return;
+ }
+
+ for (n = 0; n < VIRTIO_PCI_QUEUE_MAX; n++) {
+ if (!virtio_queue_get_num(proxy->vdev, n)) {
+ continue;
+ }
+
+ r = virtio_pci_set_host_notifier_internal(proxy, n, false, false);
+ assert(r >= 0);
+ }
+ proxy->ioeventfd_started = false;
+}
+
+static void virtio_ioport_write(void *opaque, uint32_t addr, uint32_t val)
+{
+ VirtIOPCIProxy *proxy = opaque;
+ VirtIODevice *vdev = proxy->vdev;
+ hwaddr pa;
+
+ switch (addr) {
+ case VIRTIO_PCI_GUEST_FEATURES:
+ /* Guest does not negotiate properly? We have to assume nothing. */
+ if (val & (1 << VIRTIO_F_BAD_FEATURE)) {
+ val = virtio_bus_get_vdev_bad_features(&proxy->bus);
+ }
+ virtio_set_features(vdev, val);
+ break;
+ case VIRTIO_PCI_QUEUE_PFN:
+ pa = (hwaddr)val << VIRTIO_PCI_QUEUE_ADDR_SHIFT;
+ if (pa == 0) {
+ virtio_pci_stop_ioeventfd(proxy);
+ virtio_reset(proxy->vdev);
+ msix_unuse_all_vectors(&proxy->pci_dev);
+ }
+ else
+ virtio_queue_set_addr(vdev, vdev->queue_sel, pa);
+ break;
+ case VIRTIO_PCI_QUEUE_SEL:
+ if (val < VIRTIO_PCI_QUEUE_MAX)
+ vdev->queue_sel = val;
+ break;
+ case VIRTIO_PCI_QUEUE_NOTIFY:
+ if (val < VIRTIO_PCI_QUEUE_MAX) {
+ virtio_queue_notify(vdev, val);
+ }
+ break;
+ case VIRTIO_PCI_STATUS:
+ if (!(val & VIRTIO_CONFIG_S_DRIVER_OK)) {
+ virtio_pci_stop_ioeventfd(proxy);
+ }
+
+ virtio_set_status(vdev, val & 0xFF);
+
+ if (val & VIRTIO_CONFIG_S_DRIVER_OK) {
+ virtio_pci_start_ioeventfd(proxy);
+ }
+
+ if (vdev->status == 0) {
+ virtio_reset(proxy->vdev);
+ msix_unuse_all_vectors(&proxy->pci_dev);
+ }
+
+ /* Linux before 2.6.34 sets the device as OK without enabling
+ the PCI device bus master bit. In this case we need to disable
+ some safety checks. */
+ if ((val & VIRTIO_CONFIG_S_DRIVER_OK) &&
+ !(proxy->pci_dev.config[PCI_COMMAND] & PCI_COMMAND_MASTER)) {
+ proxy->flags |= VIRTIO_PCI_FLAG_BUS_MASTER_BUG;
+ }
+ break;
+ case VIRTIO_MSI_CONFIG_VECTOR:
+ msix_vector_unuse(&proxy->pci_dev, vdev->config_vector);
+ /* Make it possible for guest to discover an error took place. */
+ if (msix_vector_use(&proxy->pci_dev, val) < 0)
+ val = VIRTIO_NO_VECTOR;
+ vdev->config_vector = val;
+ break;
+ case VIRTIO_MSI_QUEUE_VECTOR:
+ msix_vector_unuse(&proxy->pci_dev,
+ virtio_queue_vector(vdev, vdev->queue_sel));
+ /* Make it possible for guest to discover an error took place. */
+ if (msix_vector_use(&proxy->pci_dev, val) < 0)
+ val = VIRTIO_NO_VECTOR;
+ virtio_queue_set_vector(vdev, vdev->queue_sel, val);
+ break;
+ default:
+ error_report("%s: unexpected address 0x%x value 0x%x",
+ __func__, addr, val);
+ break;
+ }
+}
+
+static uint32_t virtio_ioport_read(VirtIOPCIProxy *proxy, uint32_t addr)
+{
+ VirtIODevice *vdev = proxy->vdev;
+ uint32_t ret = 0xFFFFFFFF;
+
+ switch (addr) {
+ case VIRTIO_PCI_HOST_FEATURES:
+ ret = proxy->host_features;
+ break;
+ case VIRTIO_PCI_GUEST_FEATURES:
+ ret = vdev->guest_features;
+ break;
+ case VIRTIO_PCI_QUEUE_PFN:
+ ret = virtio_queue_get_addr(vdev, vdev->queue_sel)
+ >> VIRTIO_PCI_QUEUE_ADDR_SHIFT;
+ break;
+ case VIRTIO_PCI_QUEUE_NUM:
+ ret = virtio_queue_get_num(vdev, vdev->queue_sel);
+ break;
+ case VIRTIO_PCI_QUEUE_SEL:
+ ret = vdev->queue_sel;
+ break;
+ case VIRTIO_PCI_STATUS:
+ ret = vdev->status;
+ break;
+ case VIRTIO_PCI_ISR:
+ /* reading from the ISR also clears it. */
+ ret = vdev->isr;
+ vdev->isr = 0;
+ qemu_set_irq(proxy->pci_dev.irq[0], 0);
+ break;
+ case VIRTIO_MSI_CONFIG_VECTOR:
+ ret = vdev->config_vector;
+ break;
+ case VIRTIO_MSI_QUEUE_VECTOR:
+ ret = virtio_queue_vector(vdev, vdev->queue_sel);
+ break;
+ default:
+ break;
+ }
+
+ return ret;
+}
+
+static uint64_t virtio_pci_config_read(void *opaque, hwaddr addr,
+ unsigned size)
+{
+ VirtIOPCIProxy *proxy = opaque;
+ uint32_t config = VIRTIO_PCI_CONFIG(&proxy->pci_dev);
+ uint64_t val = 0;
+ if (addr < config) {
+ return virtio_ioport_read(proxy, addr);
+ }
+ addr -= config;
+
+ switch (size) {
+ case 1:
+ val = virtio_config_readb(proxy->vdev, addr);
+ break;
+ case 2:
+ val = virtio_config_readw(proxy->vdev, addr);
+ if (virtio_is_big_endian()) {
+ val = bswap16(val);
+ }
+ break;
+ case 4:
+ val = virtio_config_readl(proxy->vdev, addr);
+ if (virtio_is_big_endian()) {
+ val = bswap32(val);
+ }
+ break;
+ }
+ return val;
+}
+
+static void virtio_pci_config_write(void *opaque, hwaddr addr,
+ uint64_t val, unsigned size)
+{
+ VirtIOPCIProxy *proxy = opaque;
+ uint32_t config = VIRTIO_PCI_CONFIG(&proxy->pci_dev);
+ if (addr < config) {
+ virtio_ioport_write(proxy, addr, val);
+ return;
+ }
+ addr -= config;
+ /*
+ * Virtio-PCI is odd. Ioports are LE but config space is target native
+ * endian.
+ */
+ switch (size) {
+ case 1:
+ virtio_config_writeb(proxy->vdev, addr, val);
+ break;
+ case 2:
+ if (virtio_is_big_endian()) {
+ val = bswap16(val);
+ }
+ virtio_config_writew(proxy->vdev, addr, val);
+ break;
+ case 4:
+ if (virtio_is_big_endian()) {
+ val = bswap32(val);
+ }
+ virtio_config_writel(proxy->vdev, addr, val);
+ break;
+ }
+}
+
+static const MemoryRegionOps virtio_pci_config_ops = {
+ .read = virtio_pci_config_read,
+ .write = virtio_pci_config_write,
+ .impl = {
+ .min_access_size = 1,
+ .max_access_size = 4,
+ },
+ .endianness = DEVICE_LITTLE_ENDIAN,
+};
+
+static void virtio_write_config(PCIDevice *pci_dev, uint32_t address,
+ uint32_t val, int len)
+{
+ VirtIOPCIProxy *proxy = DO_UPCAST(VirtIOPCIProxy, pci_dev, pci_dev);
+
+ pci_default_write_config(pci_dev, address, val, len);
+
+ if (range_covers_byte(address, len, PCI_COMMAND) &&
+ !(pci_dev->config[PCI_COMMAND] & PCI_COMMAND_MASTER) &&
+ !(proxy->flags & VIRTIO_PCI_FLAG_BUS_MASTER_BUG)) {
+ virtio_pci_stop_ioeventfd(proxy);
+ virtio_set_status(proxy->vdev,
+ proxy->vdev->status & ~VIRTIO_CONFIG_S_DRIVER_OK);
+ }
+}
+
+static unsigned virtio_pci_get_features(DeviceState *d)
+{
+ VirtIOPCIProxy *proxy = to_virtio_pci_proxy(d);
+ return proxy->host_features;
+}
+
+static int kvm_virtio_pci_vq_vector_use(VirtIOPCIProxy *proxy,
+ unsigned int queue_no,
+ unsigned int vector,
+ MSIMessage msg)
+{
+ VirtIOIRQFD *irqfd = &proxy->vector_irqfd[vector];
+ int ret;
+
+ if (irqfd->users == 0) {
+ ret = kvm_irqchip_add_msi_route(kvm_state, msg);
+ if (ret < 0) {
+ return ret;
+ }
+ irqfd->virq = ret;
+ }
+ irqfd->users++;
+ return 0;
+}
+
+static void kvm_virtio_pci_vq_vector_release(VirtIOPCIProxy *proxy,
+ unsigned int vector)
+{
+ VirtIOIRQFD *irqfd = &proxy->vector_irqfd[vector];
+ if (--irqfd->users == 0) {
+ kvm_irqchip_release_virq(kvm_state, irqfd->virq);
+ }
+}
+
+static int kvm_virtio_pci_irqfd_use(VirtIOPCIProxy *proxy,
+ unsigned int queue_no,
+ unsigned int vector)
+{
+ VirtIOIRQFD *irqfd = &proxy->vector_irqfd[vector];
+ VirtQueue *vq = virtio_get_queue(proxy->vdev, queue_no);
+ EventNotifier *n = virtio_queue_get_guest_notifier(vq);
+ int ret;
+ ret = kvm_irqchip_add_irqfd_notifier(kvm_state, n, irqfd->virq);
+ return ret;
+}
+
+static void kvm_virtio_pci_irqfd_release(VirtIOPCIProxy *proxy,
+ unsigned int queue_no,
+ unsigned int vector)
+{
+ VirtQueue *vq = virtio_get_queue(proxy->vdev, queue_no);
+ EventNotifier *n = virtio_queue_get_guest_notifier(vq);
+ VirtIOIRQFD *irqfd = &proxy->vector_irqfd[vector];
+ int ret;
+
+ ret = kvm_irqchip_remove_irqfd_notifier(kvm_state, n, irqfd->virq);
+ assert(ret == 0);
+}
+
+static int kvm_virtio_pci_vector_use(VirtIOPCIProxy *proxy, int nvqs)
+{
+ PCIDevice *dev = &proxy->pci_dev;
+ VirtIODevice *vdev = proxy->vdev;
+ VirtioDeviceClass *k = VIRTIO_DEVICE_GET_CLASS(vdev);
+ unsigned int vector;
+ int ret, queue_no;
+ MSIMessage msg;
+
+ for (queue_no = 0; queue_no < nvqs; queue_no++) {
+ if (!virtio_queue_get_num(vdev, queue_no)) {
+ break;
+ }
+ vector = virtio_queue_vector(vdev, queue_no);
+ if (vector >= msix_nr_vectors_allocated(dev)) {
+ continue;
+ }
+ msg = msix_get_message(dev, vector);
+ ret = kvm_virtio_pci_vq_vector_use(proxy, queue_no, vector, msg);
+ if (ret < 0) {
+ goto undo;
+ }
+ /* If guest supports masking, set up irqfd now.
+ * Otherwise, delay until unmasked in the frontend.
+ */
+ if (k->guest_notifier_mask) {
+ ret = kvm_virtio_pci_irqfd_use(proxy, queue_no, vector);
+ if (ret < 0) {
+ kvm_virtio_pci_vq_vector_release(proxy, vector);
+ goto undo;
+ }
+ }
+ }
+ return 0;
+
+undo:
+ while (--queue_no >= 0) {
+ vector = virtio_queue_vector(vdev, queue_no);
+ if (vector >= msix_nr_vectors_allocated(dev)) {
+ continue;
+ }
+ if (k->guest_notifier_mask) {
+ kvm_virtio_pci_irqfd_release(proxy, queue_no, vector);
+ }
+ kvm_virtio_pci_vq_vector_release(proxy, vector);
+ }
+ return ret;
+}
+
+static void kvm_virtio_pci_vector_release(VirtIOPCIProxy *proxy, int nvqs)
+{
+ PCIDevice *dev = &proxy->pci_dev;
+ VirtIODevice *vdev = proxy->vdev;
+ unsigned int vector;
+ int queue_no;
+ VirtioDeviceClass *k = VIRTIO_DEVICE_GET_CLASS(vdev);
+
+ for (queue_no = 0; queue_no < nvqs; queue_no++) {
+ if (!virtio_queue_get_num(vdev, queue_no)) {
+ break;
+ }
+ vector = virtio_queue_vector(vdev, queue_no);
+ if (vector >= msix_nr_vectors_allocated(dev)) {
+ continue;
+ }
+ /* If guest supports masking, clean up irqfd now.
+ * Otherwise, it was cleaned when masked in the frontend.
+ */
+ if (k->guest_notifier_mask) {
+ kvm_virtio_pci_irqfd_release(proxy, queue_no, vector);
+ }
+ kvm_virtio_pci_vq_vector_release(proxy, vector);
+ }
+}
+
+static int virtio_pci_vq_vector_unmask(VirtIOPCIProxy *proxy,
+ unsigned int queue_no,
+ unsigned int vector,
+ MSIMessage msg)
+{
+ VirtioDeviceClass *k = VIRTIO_DEVICE_GET_CLASS(proxy->vdev);
+ VirtQueue *vq = virtio_get_queue(proxy->vdev, queue_no);
+ EventNotifier *n = virtio_queue_get_guest_notifier(vq);
+ VirtIOIRQFD *irqfd;
+ int ret = 0;
+
+ if (proxy->vector_irqfd) {
+ irqfd = &proxy->vector_irqfd[vector];
+ if (irqfd->msg.data != msg.data || irqfd->msg.address != msg.address) {
+ ret = kvm_irqchip_update_msi_route(kvm_state, irqfd->virq, msg);
+ if (ret < 0) {
+ return ret;
+ }
+ }
+ }
+
+ /* If guest supports masking, irqfd is already setup, unmask it.
+ * Otherwise, set it up now.
+ */
+ if (k->guest_notifier_mask) {
+ k->guest_notifier_mask(proxy->vdev, queue_no, false);
+ /* Test after unmasking to avoid losing events. */
+ if (k->guest_notifier_pending &&
+ k->guest_notifier_pending(proxy->vdev, queue_no)) {
+ event_notifier_set(n);
+ }
+ } else {
+ ret = kvm_virtio_pci_irqfd_use(proxy, queue_no, vector);
+ }
+ return ret;
+}
+
+static void virtio_pci_vq_vector_mask(VirtIOPCIProxy *proxy,
+ unsigned int queue_no,
+ unsigned int vector)
+{
+ VirtioDeviceClass *k = VIRTIO_DEVICE_GET_CLASS(proxy->vdev);
+
+ /* If guest supports masking, keep irqfd but mask it.
+ * Otherwise, clean it up now.
+ */
+ if (k->guest_notifier_mask) {
+ k->guest_notifier_mask(proxy->vdev, queue_no, true);
+ } else {
+ kvm_virtio_pci_irqfd_release(proxy, queue_no, vector);
+ }
+}
+
+static int virtio_pci_vector_unmask(PCIDevice *dev, unsigned vector,
+ MSIMessage msg)
+{
+ VirtIOPCIProxy *proxy = container_of(dev, VirtIOPCIProxy, pci_dev);
+ VirtIODevice *vdev = proxy->vdev;
+ int ret, queue_no;
+
+ for (queue_no = 0; queue_no < proxy->nvqs_with_notifiers; queue_no++) {
+ if (!virtio_queue_get_num(vdev, queue_no)) {
+ break;
+ }
+ if (virtio_queue_vector(vdev, queue_no) != vector) {
+ continue;
+ }
+ ret = virtio_pci_vq_vector_unmask(proxy, queue_no, vector, msg);
+ if (ret < 0) {
+ goto undo;
+ }
+ }
+ return 0;
+
+undo:
+ while (--queue_no >= 0) {
+ if (virtio_queue_vector(vdev, queue_no) != vector) {
+ continue;
+ }
+ virtio_pci_vq_vector_mask(proxy, queue_no, vector);
+ }
+ return ret;
+}
+
+static void virtio_pci_vector_mask(PCIDevice *dev, unsigned vector)
+{
+ VirtIOPCIProxy *proxy = container_of(dev, VirtIOPCIProxy, pci_dev);
+ VirtIODevice *vdev = proxy->vdev;
+ int queue_no;
+
+ for (queue_no = 0; queue_no < proxy->nvqs_with_notifiers; queue_no++) {
+ if (!virtio_queue_get_num(vdev, queue_no)) {
+ break;
+ }
+ if (virtio_queue_vector(vdev, queue_no) != vector) {
+ continue;
+ }
+ virtio_pci_vq_vector_mask(proxy, queue_no, vector);
+ }
+}
+
+static void virtio_pci_vector_poll(PCIDevice *dev,
+ unsigned int vector_start,
+ unsigned int vector_end)
+{
+ VirtIOPCIProxy *proxy = container_of(dev, VirtIOPCIProxy, pci_dev);
+ VirtIODevice *vdev = proxy->vdev;
+ VirtioDeviceClass *k = VIRTIO_DEVICE_GET_CLASS(vdev);
+ int queue_no;
+ unsigned int vector;
+ EventNotifier *notifier;
+ VirtQueue *vq;
+
+ for (queue_no = 0; queue_no < proxy->nvqs_with_notifiers; queue_no++) {
+ if (!virtio_queue_get_num(vdev, queue_no)) {
+ break;
+ }
+ vector = virtio_queue_vector(vdev, queue_no);
+ if (vector < vector_start || vector >= vector_end ||
+ !msix_is_masked(dev, vector)) {
+ continue;
+ }
+ vq = virtio_get_queue(vdev, queue_no);
+ notifier = virtio_queue_get_guest_notifier(vq);
+ if (k->guest_notifier_pending) {
+ if (k->guest_notifier_pending(vdev, queue_no)) {
+ msix_set_pending(dev, vector);
+ }
+ } else if (event_notifier_test_and_clear(notifier)) {
+ msix_set_pending(dev, vector);
+ }
+ }
+}
+
+static int virtio_pci_set_guest_notifier(DeviceState *d, int n, bool assign,
+ bool with_irqfd)
+{
+ VirtIOPCIProxy *proxy = to_virtio_pci_proxy(d);
+ VirtioDeviceClass *vdc = VIRTIO_DEVICE_GET_CLASS(proxy->vdev);
+ VirtQueue *vq = virtio_get_queue(proxy->vdev, n);
+ EventNotifier *notifier = virtio_queue_get_guest_notifier(vq);
+
+ if (assign) {
+ int r = event_notifier_init(notifier, 0);
+ if (r < 0) {
+ return r;
+ }
+ virtio_queue_set_guest_notifier_fd_handler(vq, true, with_irqfd);
+ } else {
+ virtio_queue_set_guest_notifier_fd_handler(vq, false, with_irqfd);
+ event_notifier_cleanup(notifier);
+ }
+
+ if (!msix_enabled(&proxy->pci_dev) && vdc->guest_notifier_mask) {
+ vdc->guest_notifier_mask(proxy->vdev, n, !assign);
+ }
+
+ return 0;
+}
+
+static bool virtio_pci_query_guest_notifiers(DeviceState *d)
+{
+ VirtIOPCIProxy *proxy = to_virtio_pci_proxy(d);
+ return msix_enabled(&proxy->pci_dev);
+}
+
+static int virtio_pci_set_guest_notifiers(DeviceState *d, int nvqs, bool assign)
+{
+ VirtIOPCIProxy *proxy = to_virtio_pci_proxy(d);
+ VirtIODevice *vdev = proxy->vdev;
+ VirtioDeviceClass *k = VIRTIO_DEVICE_GET_CLASS(vdev);
+ int r, n;
+ bool with_irqfd = msix_enabled(&proxy->pci_dev) &&
+ kvm_msi_via_irqfd_enabled();
+
+ nvqs = MIN(nvqs, VIRTIO_PCI_QUEUE_MAX);
+
+ /* When deassigning, pass a consistent nvqs value
+ * to avoid leaking notifiers.
+ */
+ assert(assign || nvqs == proxy->nvqs_with_notifiers);
+
+ proxy->nvqs_with_notifiers = nvqs;
+
+ /* Must unset vector notifier while guest notifier is still assigned */
+ if ((proxy->vector_irqfd || k->guest_notifier_mask) && !assign) {
+ msix_unset_vector_notifiers(&proxy->pci_dev);
+ if (proxy->vector_irqfd) {
+ kvm_virtio_pci_vector_release(proxy, nvqs);
+ g_free(proxy->vector_irqfd);
+ proxy->vector_irqfd = NULL;
+ }
+ }
+
+ for (n = 0; n < nvqs; n++) {
+ if (!virtio_queue_get_num(vdev, n)) {
+ break;
+ }
+
+ r = virtio_pci_set_guest_notifier(d, n, assign,
+ kvm_msi_via_irqfd_enabled());
+ if (r < 0) {
+ goto assign_error;
+ }
+ }
+
+ /* Must set vector notifier after guest notifier has been assigned */
+ if ((with_irqfd || k->guest_notifier_mask) && assign) {
+ if (with_irqfd) {
+ proxy->vector_irqfd =
+ g_malloc0(sizeof(*proxy->vector_irqfd) *
+ msix_nr_vectors_allocated(&proxy->pci_dev));
+ r = kvm_virtio_pci_vector_use(proxy, nvqs);
+ if (r < 0) {
+ goto assign_error;
+ }
+ }
+ r = msix_set_vector_notifiers(&proxy->pci_dev,
+ virtio_pci_vector_unmask,
+ virtio_pci_vector_mask,
+ virtio_pci_vector_poll);
+ if (r < 0) {
+ goto notifiers_error;
+ }
+ }
+
+ return 0;
+
+notifiers_error:
+ if (with_irqfd) {
+ assert(assign);
+ kvm_virtio_pci_vector_release(proxy, nvqs);
+ }
+
+assign_error:
+ /* We get here on assignment failure. Recover by undoing for VQs 0 .. n. */
+ assert(assign);
+ while (--n >= 0) {
+ virtio_pci_set_guest_notifier(d, n, !assign, with_irqfd);
+ }
+ return r;
+}
+
+static int virtio_pci_set_host_notifier(DeviceState *d, int n, bool assign)
+{
+ VirtIOPCIProxy *proxy = to_virtio_pci_proxy(d);
+
+ /* Stop using ioeventfd for virtqueue kick if the device starts using host
+ * notifiers. This makes it easy to avoid stepping on each others' toes.
+ */
+ proxy->ioeventfd_disabled = assign;
+ if (assign) {
+ virtio_pci_stop_ioeventfd(proxy);
+ }
+ /* We don't need to start here: it's not needed because backend
+ * currently only stops on status change away from ok,
+ * reset, vmstop and such. If we do add code to start here,
+ * need to check vmstate, device state etc. */
+ return virtio_pci_set_host_notifier_internal(proxy, n, assign, false);
+}
+
+static void virtio_pci_vmstate_change(DeviceState *d, bool running)
+{
+ VirtIOPCIProxy *proxy = to_virtio_pci_proxy(d);
+
+ if (running) {
+ /* Try to find out if the guest has bus master disabled, but is
+ in ready state. Then we have a buggy guest OS. */
+ if ((proxy->vdev->status & VIRTIO_CONFIG_S_DRIVER_OK) &&
+ !(proxy->pci_dev.config[PCI_COMMAND] & PCI_COMMAND_MASTER)) {
+ proxy->flags |= VIRTIO_PCI_FLAG_BUS_MASTER_BUG;
+ }
+ virtio_pci_start_ioeventfd(proxy);
+ } else {
+ virtio_pci_stop_ioeventfd(proxy);
+ }
+}
+
+#ifdef CONFIG_VIRTFS
+static int virtio_9p_init_pci(VirtIOPCIProxy *vpci_dev)
+{
+ V9fsPCIState *dev = VIRTIO_9P_PCI(vpci_dev);
+ DeviceState *vdev = DEVICE(&dev->vdev);
+
+ qdev_set_parent_bus(vdev, BUS(&vpci_dev->bus));
+ if (qdev_init(vdev) < 0) {
+ return -1;
+ }
+ return 0;
+}
+
+static Property virtio_9p_pci_properties[] = {
+ DEFINE_PROP_BIT("ioeventfd", VirtIOPCIProxy, flags,
+ VIRTIO_PCI_FLAG_USE_IOEVENTFD_BIT, true),
+ DEFINE_PROP_UINT32("vectors", VirtIOPCIProxy, nvectors, 2),
+ DEFINE_VIRTIO_COMMON_FEATURES(VirtIOPCIProxy, host_features),
+ DEFINE_VIRTIO_9P_PROPERTIES(V9fsPCIState, vdev.fsconf),
+ DEFINE_PROP_END_OF_LIST(),
+};
+
+static void virtio_9p_pci_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ PCIDeviceClass *pcidev_k = PCI_DEVICE_CLASS(klass);
+ VirtioPCIClass *k = VIRTIO_PCI_CLASS(klass);
+
+ k->init = virtio_9p_init_pci;
+ pcidev_k->vendor_id = PCI_VENDOR_ID_REDHAT_QUMRANET;
+ pcidev_k->device_id = PCI_DEVICE_ID_VIRTIO_9P;
+ pcidev_k->revision = VIRTIO_PCI_ABI_VERSION;
+ pcidev_k->class_id = 0x2;
+ set_bit(DEVICE_CATEGORY_STORAGE, dc->categories);
+ dc->props = virtio_9p_pci_properties;
+}
+
+static void virtio_9p_pci_instance_init(Object *obj)
+{
+ V9fsPCIState *dev = VIRTIO_9P_PCI(obj);
+ object_initialize(OBJECT(&dev->vdev), TYPE_VIRTIO_9P);
+ object_property_add_child(obj, "virtio-backend", OBJECT(&dev->vdev), NULL);
+}
+
+static const TypeInfo virtio_9p_pci_info = {
+ .name = TYPE_VIRTIO_9P_PCI,
+ .parent = TYPE_VIRTIO_PCI,
+ .instance_size = sizeof(V9fsPCIState),
+ .instance_init = virtio_9p_pci_instance_init,
+ .class_init = virtio_9p_pci_class_init,
+};
+#endif /* CONFIG_VIRTFS */
+
+/*
+ * virtio-pci: This is the PCIDevice which has a virtio-pci-bus.
+ */
+
+/* This is called by virtio-bus just after the device is plugged. */
+static void virtio_pci_device_plugged(DeviceState *d)
+{
+ VirtIOPCIProxy *proxy = VIRTIO_PCI(d);
+ VirtioBusState *bus = &proxy->bus;
+ uint8_t *config;
+ uint32_t size;
+
+ proxy->vdev = bus->vdev;
+
+ config = proxy->pci_dev.config;
+ if (proxy->class_code) {
+ pci_config_set_class(config, proxy->class_code);
+ }
+ pci_set_word(config + PCI_SUBSYSTEM_VENDOR_ID,
+ pci_get_word(config + PCI_VENDOR_ID));
+ pci_set_word(config + PCI_SUBSYSTEM_ID, virtio_bus_get_vdev_id(bus));
+ config[PCI_INTERRUPT_PIN] = 1;
+
+ if (proxy->nvectors &&
+ msix_init_exclusive_bar(&proxy->pci_dev, proxy->nvectors, 1)) {
+ proxy->nvectors = 0;
+ }
+
+ proxy->pci_dev.config_write = virtio_write_config;
+
+ size = VIRTIO_PCI_REGION_SIZE(&proxy->pci_dev)
+ + virtio_bus_get_vdev_config_len(bus);
+ if (size & (size - 1)) {
+ size = 1 << qemu_fls(size);
+ }
+
+ memory_region_init_io(&proxy->bar, OBJECT(proxy), &virtio_pci_config_ops,
+ proxy, "virtio-pci", size);
+ pci_register_bar(&proxy->pci_dev, 0, PCI_BASE_ADDRESS_SPACE_IO,
+ &proxy->bar);
+
+ if (!kvm_has_many_ioeventfds()) {
+ proxy->flags &= ~VIRTIO_PCI_FLAG_USE_IOEVENTFD;
+ }
+
+ proxy->host_features |= 0x1 << VIRTIO_F_NOTIFY_ON_EMPTY;
+ proxy->host_features |= 0x1 << VIRTIO_F_BAD_FEATURE;
+ proxy->host_features = virtio_bus_get_vdev_features(bus,
+ proxy->host_features);
+}
+
+static int virtio_pci_init(PCIDevice *pci_dev)
+{
+ VirtIOPCIProxy *dev = VIRTIO_PCI(pci_dev);
+ VirtioPCIClass *k = VIRTIO_PCI_GET_CLASS(pci_dev);
+ virtio_pci_bus_new(&dev->bus, dev);
+ if (k->init != NULL) {
+ return k->init(dev);
+ }
+ return 0;
+}
+
+static void virtio_pci_exit(PCIDevice *pci_dev)
+{
+ VirtIOPCIProxy *proxy = VIRTIO_PCI(pci_dev);
+ virtio_pci_stop_ioeventfd(proxy);
+ memory_region_destroy(&proxy->bar);
+ msix_uninit_exclusive_bar(pci_dev);
+}
+
+static void virtio_pci_reset(DeviceState *qdev)
+{
+ VirtIOPCIProxy *proxy = VIRTIO_PCI(qdev);
+ VirtioBusState *bus = VIRTIO_BUS(&proxy->bus);
+ virtio_pci_stop_ioeventfd(proxy);
+ virtio_bus_reset(bus);
+ msix_unuse_all_vectors(&proxy->pci_dev);
+ proxy->flags &= ~VIRTIO_PCI_FLAG_BUS_MASTER_BUG;
+}
+
+static void virtio_pci_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ PCIDeviceClass *k = PCI_DEVICE_CLASS(klass);
+
+ k->init = virtio_pci_init;
+ k->exit = virtio_pci_exit;
+ k->vendor_id = PCI_VENDOR_ID_REDHAT_QUMRANET;
+ k->revision = VIRTIO_PCI_ABI_VERSION;
+ k->class_id = PCI_CLASS_OTHERS;
+ dc->reset = virtio_pci_reset;
+}
+
+static const TypeInfo virtio_pci_info = {
+ .name = TYPE_VIRTIO_PCI,
+ .parent = TYPE_PCI_DEVICE,
+ .instance_size = sizeof(VirtIOPCIProxy),
+ .class_init = virtio_pci_class_init,
+ .class_size = sizeof(VirtioPCIClass),
+ .abstract = true,
+};
+
+/* virtio-blk-pci */
+
+static Property virtio_blk_pci_properties[] = {
+ DEFINE_PROP_HEX32("class", VirtIOPCIProxy, class_code, 0),
+ DEFINE_PROP_BIT("ioeventfd", VirtIOPCIProxy, flags,
+ VIRTIO_PCI_FLAG_USE_IOEVENTFD_BIT, true),
+ DEFINE_PROP_UINT32("vectors", VirtIOPCIProxy, nvectors, 2),
+#ifdef CONFIG_VIRTIO_BLK_DATA_PLANE
+ DEFINE_PROP_BIT("x-data-plane", VirtIOBlkPCI, blk.data_plane, 0, false),
+#endif
+ DEFINE_VIRTIO_BLK_FEATURES(VirtIOPCIProxy, host_features),
+ DEFINE_VIRTIO_BLK_PROPERTIES(VirtIOBlkPCI, blk),
+ DEFINE_PROP_END_OF_LIST(),
+};
+
+static int virtio_blk_pci_init(VirtIOPCIProxy *vpci_dev)
+{
+ VirtIOBlkPCI *dev = VIRTIO_BLK_PCI(vpci_dev);
+ DeviceState *vdev = DEVICE(&dev->vdev);
+ virtio_blk_set_conf(vdev, &(dev->blk));
+ qdev_set_parent_bus(vdev, BUS(&vpci_dev->bus));
+ if (qdev_init(vdev) < 0) {
+ return -1;
+ }
+ return 0;
+}
+
+static void virtio_blk_pci_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ VirtioPCIClass *k = VIRTIO_PCI_CLASS(klass);
+ PCIDeviceClass *pcidev_k = PCI_DEVICE_CLASS(klass);
+
+ set_bit(DEVICE_CATEGORY_STORAGE, dc->categories);
+ dc->props = virtio_blk_pci_properties;
+ k->init = virtio_blk_pci_init;
+ pcidev_k->vendor_id = PCI_VENDOR_ID_REDHAT_QUMRANET;
+ pcidev_k->device_id = PCI_DEVICE_ID_VIRTIO_BLOCK;
+ pcidev_k->revision = VIRTIO_PCI_ABI_VERSION;
+ pcidev_k->class_id = PCI_CLASS_STORAGE_SCSI;
+}
+
+static void virtio_blk_pci_instance_init(Object *obj)
+{
+ VirtIOBlkPCI *dev = VIRTIO_BLK_PCI(obj);
+ object_initialize(OBJECT(&dev->vdev), TYPE_VIRTIO_BLK);
+ object_property_add_child(obj, "virtio-backend", OBJECT(&dev->vdev), NULL);
+}
+
+static const TypeInfo virtio_blk_pci_info = {
+ .name = TYPE_VIRTIO_BLK_PCI,
+ .parent = TYPE_VIRTIO_PCI,
+ .instance_size = sizeof(VirtIOBlkPCI),
+ .instance_init = virtio_blk_pci_instance_init,
+ .class_init = virtio_blk_pci_class_init,
+};
+
+/* virtio-scsi-pci */
+
+static Property virtio_scsi_pci_properties[] = {
+ DEFINE_PROP_BIT("ioeventfd", VirtIOPCIProxy, flags,
+ VIRTIO_PCI_FLAG_USE_IOEVENTFD_BIT, true),
+ DEFINE_PROP_UINT32("vectors", VirtIOPCIProxy, nvectors,
+ DEV_NVECTORS_UNSPECIFIED),
+ DEFINE_VIRTIO_SCSI_FEATURES(VirtIOPCIProxy, host_features),
+ DEFINE_VIRTIO_SCSI_PROPERTIES(VirtIOSCSIPCI, vdev.parent_obj.conf),
+ DEFINE_PROP_END_OF_LIST(),
+};
+
+static int virtio_scsi_pci_init_pci(VirtIOPCIProxy *vpci_dev)
+{
+ VirtIOSCSIPCI *dev = VIRTIO_SCSI_PCI(vpci_dev);
+ DeviceState *vdev = DEVICE(&dev->vdev);
+ VirtIOSCSICommon *vs = VIRTIO_SCSI_COMMON(vdev);
+ DeviceState *proxy = DEVICE(vpci_dev);
+ char *bus_name;
+
+ if (vpci_dev->nvectors == DEV_NVECTORS_UNSPECIFIED) {
+ vpci_dev->nvectors = vs->conf.num_queues + 3;
+ }
+
+ /*
+ * For command line compatibility, this sets the virtio-scsi-device bus
+ * name as before.
+ */
+ if (proxy->id) {
+ bus_name = g_strdup_printf("%s.0", proxy->id);
+ virtio_device_set_child_bus_name(VIRTIO_DEVICE(vdev), bus_name);
+ g_free(bus_name);
+ }
+
+ qdev_set_parent_bus(vdev, BUS(&vpci_dev->bus));
+ if (qdev_init(vdev) < 0) {
+ return -1;
+ }
+ return 0;
+}
+
+static void virtio_scsi_pci_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ VirtioPCIClass *k = VIRTIO_PCI_CLASS(klass);
+ PCIDeviceClass *pcidev_k = PCI_DEVICE_CLASS(klass);
+ k->init = virtio_scsi_pci_init_pci;
+ set_bit(DEVICE_CATEGORY_STORAGE, dc->categories);
+ dc->props = virtio_scsi_pci_properties;
+ pcidev_k->vendor_id = PCI_VENDOR_ID_REDHAT_QUMRANET;
+ pcidev_k->device_id = PCI_DEVICE_ID_VIRTIO_SCSI;
+ pcidev_k->revision = 0x00;
+ pcidev_k->class_id = PCI_CLASS_STORAGE_SCSI;
+}
+
+static void virtio_scsi_pci_instance_init(Object *obj)
+{
+ VirtIOSCSIPCI *dev = VIRTIO_SCSI_PCI(obj);
+ object_initialize(OBJECT(&dev->vdev), TYPE_VIRTIO_SCSI);
+ object_property_add_child(obj, "virtio-backend", OBJECT(&dev->vdev), NULL);
+}
+
+static const TypeInfo virtio_scsi_pci_info = {
+ .name = TYPE_VIRTIO_SCSI_PCI,
+ .parent = TYPE_VIRTIO_PCI,
+ .instance_size = sizeof(VirtIOSCSIPCI),
+ .instance_init = virtio_scsi_pci_instance_init,
+ .class_init = virtio_scsi_pci_class_init,
+};
+
+/* vhost-scsi-pci */
+
+#ifdef CONFIG_VHOST_SCSI
+static Property vhost_scsi_pci_properties[] = {
+ DEFINE_PROP_UINT32("vectors", VirtIOPCIProxy, nvectors,
+ DEV_NVECTORS_UNSPECIFIED),
+ DEFINE_VIRTIO_COMMON_FEATURES(VirtIOPCIProxy, host_features),
+ DEFINE_VHOST_SCSI_PROPERTIES(VHostSCSIPCI, vdev.parent_obj.conf),
+ DEFINE_PROP_END_OF_LIST(),
+};
+
+static int vhost_scsi_pci_init_pci(VirtIOPCIProxy *vpci_dev)
+{
+ VHostSCSIPCI *dev = VHOST_SCSI_PCI(vpci_dev);
+ DeviceState *vdev = DEVICE(&dev->vdev);
+ VirtIOSCSICommon *vs = VIRTIO_SCSI_COMMON(vdev);
+
+ if (vpci_dev->nvectors == DEV_NVECTORS_UNSPECIFIED) {
+ vpci_dev->nvectors = vs->conf.num_queues + 3;
+ }
+
+ qdev_set_parent_bus(vdev, BUS(&vpci_dev->bus));
+ if (qdev_init(vdev) < 0) {
+ return -1;
+ }
+ return 0;
+}
+
+static void vhost_scsi_pci_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ VirtioPCIClass *k = VIRTIO_PCI_CLASS(klass);
+ PCIDeviceClass *pcidev_k = PCI_DEVICE_CLASS(klass);
+ k->init = vhost_scsi_pci_init_pci;
+ set_bit(DEVICE_CATEGORY_STORAGE, dc->categories);
+ dc->props = vhost_scsi_pci_properties;
+ pcidev_k->vendor_id = PCI_VENDOR_ID_REDHAT_QUMRANET;
+ pcidev_k->device_id = PCI_DEVICE_ID_VIRTIO_SCSI;
+ pcidev_k->revision = 0x00;
+ pcidev_k->class_id = PCI_CLASS_STORAGE_SCSI;
+}
+
+static void vhost_scsi_pci_instance_init(Object *obj)
+{
+ VHostSCSIPCI *dev = VHOST_SCSI_PCI(obj);
+ object_initialize(OBJECT(&dev->vdev), TYPE_VHOST_SCSI);
+ object_property_add_child(obj, "virtio-backend", OBJECT(&dev->vdev), NULL);
+}
+
+static const TypeInfo vhost_scsi_pci_info = {
+ .name = TYPE_VHOST_SCSI_PCI,
+ .parent = TYPE_VIRTIO_PCI,
+ .instance_size = sizeof(VHostSCSIPCI),
+ .instance_init = vhost_scsi_pci_instance_init,
+ .class_init = vhost_scsi_pci_class_init,
+};
+#endif
+
+/* virtio-balloon-pci */
+
+static void balloon_pci_stats_get_all(Object *obj, struct Visitor *v,
+ void *opaque, const char *name,
+ Error **errp)
+{
+ VirtIOBalloonPCI *dev = opaque;
+ object_property_get(OBJECT(&dev->vdev), v, "guest-stats", errp);
+}
+
+static void balloon_pci_stats_get_poll_interval(Object *obj, struct Visitor *v,
+ void *opaque, const char *name,
+ Error **errp)
+{
+ VirtIOBalloonPCI *dev = opaque;
+ object_property_get(OBJECT(&dev->vdev), v, "guest-stats-polling-interval",
+ errp);
+}
+
+static void balloon_pci_stats_set_poll_interval(Object *obj, struct Visitor *v,
+ void *opaque, const char *name,
+ Error **errp)
+{
+ VirtIOBalloonPCI *dev = opaque;
+ object_property_set(OBJECT(&dev->vdev), v, "guest-stats-polling-interval",
+ errp);
+}
+
+static Property virtio_balloon_pci_properties[] = {
+ DEFINE_VIRTIO_COMMON_FEATURES(VirtIOPCIProxy, host_features),
+ DEFINE_PROP_HEX32("class", VirtIOPCIProxy, class_code, 0),
+ DEFINE_PROP_END_OF_LIST(),
+};
+
+static int virtio_balloon_pci_init(VirtIOPCIProxy *vpci_dev)
+{
+ VirtIOBalloonPCI *dev = VIRTIO_BALLOON_PCI(vpci_dev);
+ DeviceState *vdev = DEVICE(&dev->vdev);
+
+ if (vpci_dev->class_code != PCI_CLASS_OTHERS &&
+ vpci_dev->class_code != PCI_CLASS_MEMORY_RAM) { /* qemu < 1.1 */
+ vpci_dev->class_code = PCI_CLASS_OTHERS;
+ }
+
+ qdev_set_parent_bus(vdev, BUS(&vpci_dev->bus));
+ if (qdev_init(vdev) < 0) {
+ return -1;
+ }
+ return 0;
+}
+
+static void virtio_balloon_pci_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ VirtioPCIClass *k = VIRTIO_PCI_CLASS(klass);
+ PCIDeviceClass *pcidev_k = PCI_DEVICE_CLASS(klass);
+ k->init = virtio_balloon_pci_init;
+ set_bit(DEVICE_CATEGORY_MISC, dc->categories);
+ dc->props = virtio_balloon_pci_properties;
+ pcidev_k->vendor_id = PCI_VENDOR_ID_REDHAT_QUMRANET;
+ pcidev_k->device_id = PCI_DEVICE_ID_VIRTIO_BALLOON;
+ pcidev_k->revision = VIRTIO_PCI_ABI_VERSION;
+ pcidev_k->class_id = PCI_CLASS_OTHERS;
+}
+
+static void virtio_balloon_pci_instance_init(Object *obj)
+{
+ VirtIOBalloonPCI *dev = VIRTIO_BALLOON_PCI(obj);
+ object_initialize(OBJECT(&dev->vdev), TYPE_VIRTIO_BALLOON);
+ object_property_add_child(obj, "virtio-backend", OBJECT(&dev->vdev), NULL);
+
+ object_property_add(obj, "guest-stats", "guest statistics",
+ balloon_pci_stats_get_all, NULL, NULL, dev,
+ NULL);
+
+ object_property_add(obj, "guest-stats-polling-interval", "int",
+ balloon_pci_stats_get_poll_interval,
+ balloon_pci_stats_set_poll_interval,
+ NULL, dev, NULL);
+}
+
+static const TypeInfo virtio_balloon_pci_info = {
+ .name = TYPE_VIRTIO_BALLOON_PCI,
+ .parent = TYPE_VIRTIO_PCI,
+ .instance_size = sizeof(VirtIOBalloonPCI),
+ .instance_init = virtio_balloon_pci_instance_init,
+ .class_init = virtio_balloon_pci_class_init,
+};
+
+/* virtio-serial-pci */
+
+static int virtio_serial_pci_init(VirtIOPCIProxy *vpci_dev)
+{
+ VirtIOSerialPCI *dev = VIRTIO_SERIAL_PCI(vpci_dev);
+ DeviceState *vdev = DEVICE(&dev->vdev);
+ DeviceState *proxy = DEVICE(vpci_dev);
+ char *bus_name;
+
+ if (vpci_dev->class_code != PCI_CLASS_COMMUNICATION_OTHER &&
+ vpci_dev->class_code != PCI_CLASS_DISPLAY_OTHER && /* qemu 0.10 */
+ vpci_dev->class_code != PCI_CLASS_OTHERS) { /* qemu-kvm */
+ vpci_dev->class_code = PCI_CLASS_COMMUNICATION_OTHER;
+ }
+
+ /* backwards-compatibility with machines that were created with
+ DEV_NVECTORS_UNSPECIFIED */
+ if (vpci_dev->nvectors == DEV_NVECTORS_UNSPECIFIED) {
+ vpci_dev->nvectors = dev->vdev.serial.max_virtserial_ports + 1;
+ }
+
+ /*
+ * For command line compatibility, this sets the virtio-serial-device bus
+ * name as before.
+ */
+ if (proxy->id) {
+ bus_name = g_strdup_printf("%s.0", proxy->id);
+ virtio_device_set_child_bus_name(VIRTIO_DEVICE(vdev), bus_name);
+ g_free(bus_name);
+ }
+
+ qdev_set_parent_bus(vdev, BUS(&vpci_dev->bus));
+ if (qdev_init(vdev) < 0) {
+ return -1;
+ }
+ return 0;
+}
+
+static Property virtio_serial_pci_properties[] = {
+ DEFINE_PROP_BIT("ioeventfd", VirtIOPCIProxy, flags,
+ VIRTIO_PCI_FLAG_USE_IOEVENTFD_BIT, true),
+ DEFINE_PROP_UINT32("vectors", VirtIOPCIProxy, nvectors, 2),
+ DEFINE_PROP_HEX32("class", VirtIOPCIProxy, class_code, 0),
+ DEFINE_VIRTIO_COMMON_FEATURES(VirtIOPCIProxy, host_features),
+ DEFINE_VIRTIO_SERIAL_PROPERTIES(VirtIOSerialPCI, vdev.serial),
+ DEFINE_PROP_END_OF_LIST(),
+};
+
+static void virtio_serial_pci_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ VirtioPCIClass *k = VIRTIO_PCI_CLASS(klass);
+ PCIDeviceClass *pcidev_k = PCI_DEVICE_CLASS(klass);
+ k->init = virtio_serial_pci_init;
+ set_bit(DEVICE_CATEGORY_INPUT, dc->categories);
+ dc->props = virtio_serial_pci_properties;
+ pcidev_k->vendor_id = PCI_VENDOR_ID_REDHAT_QUMRANET;
+ pcidev_k->device_id = PCI_DEVICE_ID_VIRTIO_CONSOLE;
+ pcidev_k->revision = VIRTIO_PCI_ABI_VERSION;
+ pcidev_k->class_id = PCI_CLASS_COMMUNICATION_OTHER;
+}
+
+static void virtio_serial_pci_instance_init(Object *obj)
+{
+ VirtIOSerialPCI *dev = VIRTIO_SERIAL_PCI(obj);
+ object_initialize(OBJECT(&dev->vdev), TYPE_VIRTIO_SERIAL);
+ object_property_add_child(obj, "virtio-backend", OBJECT(&dev->vdev), NULL);
+}
+
+static const TypeInfo virtio_serial_pci_info = {
+ .name = TYPE_VIRTIO_SERIAL_PCI,
+ .parent = TYPE_VIRTIO_PCI,
+ .instance_size = sizeof(VirtIOSerialPCI),
+ .instance_init = virtio_serial_pci_instance_init,
+ .class_init = virtio_serial_pci_class_init,
+};
+
+/* virtio-net-pci */
+
+static Property virtio_net_properties[] = {
+ DEFINE_PROP_BIT("ioeventfd", VirtIOPCIProxy, flags,
+ VIRTIO_PCI_FLAG_USE_IOEVENTFD_BIT, false),
+ DEFINE_PROP_UINT32("vectors", VirtIOPCIProxy, nvectors, 3),
+ DEFINE_VIRTIO_NET_FEATURES(VirtIOPCIProxy, host_features),
+ DEFINE_NIC_PROPERTIES(VirtIONetPCI, vdev.nic_conf),
+ DEFINE_VIRTIO_NET_PROPERTIES(VirtIONetPCI, vdev.net_conf),
+ DEFINE_PROP_END_OF_LIST(),
+};
+
+static int virtio_net_pci_init(VirtIOPCIProxy *vpci_dev)
+{
+ DeviceState *qdev = DEVICE(vpci_dev);
+ VirtIONetPCI *dev = VIRTIO_NET_PCI(vpci_dev);
+ DeviceState *vdev = DEVICE(&dev->vdev);
+
+ virtio_net_set_config_size(&dev->vdev, vpci_dev->host_features);
+ virtio_net_set_netclient_name(&dev->vdev, qdev->id,
+ object_get_typename(OBJECT(qdev)));
+ qdev_set_parent_bus(vdev, BUS(&vpci_dev->bus));
+ if (qdev_init(vdev) < 0) {
+ return -1;
+ }
+ return 0;
+}
+
+static void virtio_net_pci_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ PCIDeviceClass *k = PCI_DEVICE_CLASS(klass);
+ VirtioPCIClass *vpciklass = VIRTIO_PCI_CLASS(klass);
+
+ k->romfile = "efi-virtio.rom";
+ k->vendor_id = PCI_VENDOR_ID_REDHAT_QUMRANET;
+ k->device_id = PCI_DEVICE_ID_VIRTIO_NET;
+ k->revision = VIRTIO_PCI_ABI_VERSION;
+ k->class_id = PCI_CLASS_NETWORK_ETHERNET;
+ set_bit(DEVICE_CATEGORY_NETWORK, dc->categories);
+ dc->props = virtio_net_properties;
+ vpciklass->init = virtio_net_pci_init;
+}
+
+static void virtio_net_pci_instance_init(Object *obj)
+{
+ VirtIONetPCI *dev = VIRTIO_NET_PCI(obj);
+ object_initialize(OBJECT(&dev->vdev), TYPE_VIRTIO_NET);
+ object_property_add_child(obj, "virtio-backend", OBJECT(&dev->vdev), NULL);
+}
+
+static const TypeInfo virtio_net_pci_info = {
+ .name = TYPE_VIRTIO_NET_PCI,
+ .parent = TYPE_VIRTIO_PCI,
+ .instance_size = sizeof(VirtIONetPCI),
+ .instance_init = virtio_net_pci_instance_init,
+ .class_init = virtio_net_pci_class_init,
+};
+
+/* virtio-rng-pci */
+
+static Property virtio_rng_pci_properties[] = {
+ DEFINE_VIRTIO_COMMON_FEATURES(VirtIOPCIProxy, host_features),
+ DEFINE_VIRTIO_RNG_PROPERTIES(VirtIORngPCI, vdev.conf),
+ DEFINE_PROP_END_OF_LIST(),
+};
+
+static int virtio_rng_pci_init(VirtIOPCIProxy *vpci_dev)
+{
+ VirtIORngPCI *vrng = VIRTIO_RNG_PCI(vpci_dev);
+ DeviceState *vdev = DEVICE(&vrng->vdev);
+
+ qdev_set_parent_bus(vdev, BUS(&vpci_dev->bus));
+ if (qdev_init(vdev) < 0) {
+ return -1;
+ }
+
+ object_property_set_link(OBJECT(vrng),
+ OBJECT(vrng->vdev.conf.rng), "rng",
+ NULL);
+
+ return 0;
+}
+
+static void virtio_rng_pci_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ VirtioPCIClass *k = VIRTIO_PCI_CLASS(klass);
+ PCIDeviceClass *pcidev_k = PCI_DEVICE_CLASS(klass);
+
+ k->init = virtio_rng_pci_init;
+ set_bit(DEVICE_CATEGORY_MISC, dc->categories);
+ dc->props = virtio_rng_pci_properties;
+
+ pcidev_k->vendor_id = PCI_VENDOR_ID_REDHAT_QUMRANET;
+ pcidev_k->device_id = PCI_DEVICE_ID_VIRTIO_RNG;
+ pcidev_k->revision = VIRTIO_PCI_ABI_VERSION;
+ pcidev_k->class_id = PCI_CLASS_OTHERS;
+}
+
+static void virtio_rng_initfn(Object *obj)
+{
+ VirtIORngPCI *dev = VIRTIO_RNG_PCI(obj);
+ object_initialize(OBJECT(&dev->vdev), TYPE_VIRTIO_RNG);
+ object_property_add_child(obj, "virtio-backend", OBJECT(&dev->vdev), NULL);
+ object_property_add_link(obj, "rng", TYPE_RNG_BACKEND,
+ (Object **)&dev->vdev.conf.rng, NULL);
+
+}
+
+static const TypeInfo virtio_rng_pci_info = {
+ .name = TYPE_VIRTIO_RNG_PCI,
+ .parent = TYPE_VIRTIO_PCI,
+ .instance_size = sizeof(VirtIORngPCI),
+ .instance_init = virtio_rng_initfn,
+ .class_init = virtio_rng_pci_class_init,
+};
+
+/* virtio-pci-bus */
+
+static void virtio_pci_bus_new(VirtioBusState *bus, VirtIOPCIProxy *dev)
+{
+ DeviceState *qdev = DEVICE(dev);
+ BusState *qbus;
+ char virtio_bus_name[] = "virtio-bus";
+
+ qbus_create_inplace((BusState *)bus, TYPE_VIRTIO_PCI_BUS, qdev,
+ virtio_bus_name);
+ qbus = BUS(bus);
+ qbus->allow_hotplug = 1;
+}
+
+static void virtio_pci_bus_class_init(ObjectClass *klass, void *data)
+{
+ BusClass *bus_class = BUS_CLASS(klass);
+ VirtioBusClass *k = VIRTIO_BUS_CLASS(klass);
+ bus_class->max_dev = 1;
+ k->notify = virtio_pci_notify;
+ k->save_config = virtio_pci_save_config;
+ k->load_config = virtio_pci_load_config;
+ k->save_queue = virtio_pci_save_queue;
+ k->load_queue = virtio_pci_load_queue;
+ k->get_features = virtio_pci_get_features;
+ k->query_guest_notifiers = virtio_pci_query_guest_notifiers;
+ k->set_host_notifier = virtio_pci_set_host_notifier;
+ k->set_guest_notifiers = virtio_pci_set_guest_notifiers;
+ k->vmstate_change = virtio_pci_vmstate_change;
+ k->device_plugged = virtio_pci_device_plugged;
+}
+
+static const TypeInfo virtio_pci_bus_info = {
+ .name = TYPE_VIRTIO_PCI_BUS,
+ .parent = TYPE_VIRTIO_BUS,
+ .instance_size = sizeof(VirtioPCIBusState),
+ .class_init = virtio_pci_bus_class_init,
+};
+
+static void virtio_pci_register_types(void)
+{
+ type_register_static(&virtio_rng_pci_info);
+ type_register_static(&virtio_pci_bus_info);
+ type_register_static(&virtio_pci_info);
+#ifdef CONFIG_VIRTFS
+ type_register_static(&virtio_9p_pci_info);
+#endif
+ type_register_static(&virtio_blk_pci_info);
+ type_register_static(&virtio_scsi_pci_info);
+ type_register_static(&virtio_balloon_pci_info);
+ type_register_static(&virtio_serial_pci_info);
+ type_register_static(&virtio_net_pci_info);
+#ifdef CONFIG_VHOST_SCSI
+ type_register_static(&vhost_scsi_pci_info);
+#endif
+}
+
+type_init(virtio_pci_register_types)
diff --git a/hw/virtio/virtio-pci.h b/hw/virtio/virtio-pci.h
new file mode 100644
index 000000000..917bcc534
--- /dev/null
+++ b/hw/virtio/virtio-pci.h
@@ -0,0 +1,206 @@
+/*
+ * Virtio PCI Bindings
+ *
+ * Copyright IBM, Corp. 2007
+ * Copyright (c) 2009 CodeSourcery
+ *
+ * Authors:
+ * Anthony Liguori <aliguori@us.ibm.com>
+ * Paul Brook <paul@codesourcery.com>
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2. See
+ * the COPYING file in the top-level directory.
+ */
+
+#ifndef QEMU_VIRTIO_PCI_H
+#define QEMU_VIRTIO_PCI_H
+
+#include "hw/pci/msi.h"
+#include "hw/virtio/virtio-blk.h"
+#include "hw/virtio/virtio-net.h"
+#include "hw/virtio/virtio-rng.h"
+#include "hw/virtio/virtio-serial.h"
+#include "hw/virtio/virtio-scsi.h"
+#include "hw/virtio/virtio-balloon.h"
+#include "hw/virtio/virtio-bus.h"
+#include "hw/virtio/virtio-9p.h"
+#ifdef CONFIG_VIRTFS
+#include "hw/9pfs/virtio-9p.h"
+#endif
+#ifdef CONFIG_VHOST_SCSI
+#include "hw/virtio/vhost-scsi.h"
+#endif
+
+typedef struct VirtIOPCIProxy VirtIOPCIProxy;
+typedef struct VirtIOBlkPCI VirtIOBlkPCI;
+typedef struct VirtIOSCSIPCI VirtIOSCSIPCI;
+typedef struct VirtIOBalloonPCI VirtIOBalloonPCI;
+typedef struct VirtIOSerialPCI VirtIOSerialPCI;
+typedef struct VirtIONetPCI VirtIONetPCI;
+typedef struct VHostSCSIPCI VHostSCSIPCI;
+typedef struct VirtIORngPCI VirtIORngPCI;
+
+/* virtio-pci-bus */
+
+typedef struct VirtioBusState VirtioPCIBusState;
+typedef struct VirtioBusClass VirtioPCIBusClass;
+
+#define TYPE_VIRTIO_PCI_BUS "virtio-pci-bus"
+#define VIRTIO_PCI_BUS(obj) \
+ OBJECT_CHECK(VirtioPCIBusState, (obj), TYPE_VIRTIO_PCI_BUS)
+#define VIRTIO_PCI_BUS_GET_CLASS(obj) \
+ OBJECT_GET_CLASS(VirtioPCIBusClass, obj, TYPE_VIRTIO_PCI_BUS)
+#define VIRTIO_PCI_BUS_CLASS(klass) \
+ OBJECT_CLASS_CHECK(VirtioPCIBusClass, klass, TYPE_VIRTIO_PCI_BUS)
+
+/* Performance improves when virtqueue kick processing is decoupled from the
+ * vcpu thread using ioeventfd for some devices. */
+#define VIRTIO_PCI_FLAG_USE_IOEVENTFD_BIT 1
+#define VIRTIO_PCI_FLAG_USE_IOEVENTFD (1 << VIRTIO_PCI_FLAG_USE_IOEVENTFD_BIT)
+
+typedef struct {
+ MSIMessage msg;
+ int virq;
+ unsigned int users;
+} VirtIOIRQFD;
+
+/*
+ * virtio-pci: This is the PCIDevice which has a virtio-pci-bus.
+ */
+#define TYPE_VIRTIO_PCI "virtio-pci"
+#define VIRTIO_PCI_GET_CLASS(obj) \
+ OBJECT_GET_CLASS(VirtioPCIClass, obj, TYPE_VIRTIO_PCI)
+#define VIRTIO_PCI_CLASS(klass) \
+ OBJECT_CLASS_CHECK(VirtioPCIClass, klass, TYPE_VIRTIO_PCI)
+#define VIRTIO_PCI(obj) \
+ OBJECT_CHECK(VirtIOPCIProxy, (obj), TYPE_VIRTIO_PCI)
+
+typedef struct VirtioPCIClass {
+ PCIDeviceClass parent_class;
+ int (*init)(VirtIOPCIProxy *vpci_dev);
+} VirtioPCIClass;
+
+struct VirtIOPCIProxy {
+ PCIDevice pci_dev;
+ VirtIODevice *vdev;
+ MemoryRegion bar;
+ uint32_t flags;
+ uint32_t class_code;
+ uint32_t nvectors;
+ uint32_t host_features;
+ bool ioeventfd_disabled;
+ bool ioeventfd_started;
+ VirtIOIRQFD *vector_irqfd;
+ int nvqs_with_notifiers;
+ VirtioBusState bus;
+};
+
+
+/*
+ * virtio-scsi-pci: This extends VirtioPCIProxy.
+ */
+#define TYPE_VIRTIO_SCSI_PCI "virtio-scsi-pci"
+#define VIRTIO_SCSI_PCI(obj) \
+ OBJECT_CHECK(VirtIOSCSIPCI, (obj), TYPE_VIRTIO_SCSI_PCI)
+
+struct VirtIOSCSIPCI {
+ VirtIOPCIProxy parent_obj;
+ VirtIOSCSI vdev;
+};
+
+#ifdef CONFIG_VHOST_SCSI
+/*
+ * vhost-scsi-pci: This extends VirtioPCIProxy.
+ */
+#define TYPE_VHOST_SCSI_PCI "vhost-scsi-pci"
+#define VHOST_SCSI_PCI(obj) \
+ OBJECT_CHECK(VHostSCSIPCI, (obj), TYPE_VHOST_SCSI_PCI)
+
+struct VHostSCSIPCI {
+ VirtIOPCIProxy parent_obj;
+ VHostSCSI vdev;
+};
+#endif
+
+/*
+ * virtio-blk-pci: This extends VirtioPCIProxy.
+ */
+#define TYPE_VIRTIO_BLK_PCI "virtio-blk-pci"
+#define VIRTIO_BLK_PCI(obj) \
+ OBJECT_CHECK(VirtIOBlkPCI, (obj), TYPE_VIRTIO_BLK_PCI)
+
+struct VirtIOBlkPCI {
+ VirtIOPCIProxy parent_obj;
+ VirtIOBlock vdev;
+ VirtIOBlkConf blk;
+};
+
+/*
+ * virtio-balloon-pci: This extends VirtioPCIProxy.
+ */
+#define TYPE_VIRTIO_BALLOON_PCI "virtio-balloon-pci"
+#define VIRTIO_BALLOON_PCI(obj) \
+ OBJECT_CHECK(VirtIOBalloonPCI, (obj), TYPE_VIRTIO_BALLOON_PCI)
+
+struct VirtIOBalloonPCI {
+ VirtIOPCIProxy parent_obj;
+ VirtIOBalloon vdev;
+};
+
+/*
+ * virtio-serial-pci: This extends VirtioPCIProxy.
+ */
+#define TYPE_VIRTIO_SERIAL_PCI "virtio-serial-pci"
+#define VIRTIO_SERIAL_PCI(obj) \
+ OBJECT_CHECK(VirtIOSerialPCI, (obj), TYPE_VIRTIO_SERIAL_PCI)
+
+struct VirtIOSerialPCI {
+ VirtIOPCIProxy parent_obj;
+ VirtIOSerial vdev;
+};
+
+/*
+ * virtio-net-pci: This extends VirtioPCIProxy.
+ */
+#define TYPE_VIRTIO_NET_PCI "virtio-net-pci"
+#define VIRTIO_NET_PCI(obj) \
+ OBJECT_CHECK(VirtIONetPCI, (obj), TYPE_VIRTIO_NET_PCI)
+
+struct VirtIONetPCI {
+ VirtIOPCIProxy parent_obj;
+ VirtIONet vdev;
+};
+
+/*
+ * virtio-9p-pci: This extends VirtioPCIProxy.
+ */
+
+#ifdef CONFIG_VIRTFS
+
+#define TYPE_VIRTIO_9P_PCI "virtio-9p-pci"
+#define VIRTIO_9P_PCI(obj) \
+ OBJECT_CHECK(V9fsPCIState, (obj), TYPE_VIRTIO_9P_PCI)
+
+typedef struct V9fsPCIState {
+ VirtIOPCIProxy parent_obj;
+ V9fsState vdev;
+} V9fsPCIState;
+
+#endif
+
+/*
+ * virtio-rng-pci: This extends VirtioPCIProxy.
+ */
+#define TYPE_VIRTIO_RNG_PCI "virtio-rng-pci"
+#define VIRTIO_RNG_PCI(obj) \
+ OBJECT_CHECK(VirtIORngPCI, (obj), TYPE_VIRTIO_RNG_PCI)
+
+struct VirtIORngPCI {
+ VirtIOPCIProxy parent_obj;
+ VirtIORNG vdev;
+};
+
+/* Virtio ABI version, if we increment this, we break the guest driver. */
+#define VIRTIO_PCI_ABI_VERSION 0
+
+#endif
diff --git a/hw/virtio/virtio-rng.c b/hw/virtio/virtio-rng.c
new file mode 100644
index 000000000..bac8421a2
--- /dev/null
+++ b/hw/virtio/virtio-rng.c
@@ -0,0 +1,236 @@
+/*
+ * A virtio device implementing a hardware random number generator.
+ *
+ * Copyright 2012 Red Hat, Inc.
+ * Copyright 2012 Amit Shah <amit.shah@redhat.com>
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or
+ * (at your option) any later version. See the COPYING file in the
+ * top-level directory.
+ */
+
+#include "qemu/iov.h"
+#include "hw/qdev.h"
+#include "qapi/qmp/qerror.h"
+#include "hw/virtio/virtio.h"
+#include "hw/virtio/virtio-rng.h"
+#include "sysemu/rng.h"
+
+static bool is_guest_ready(VirtIORNG *vrng)
+{
+ VirtIODevice *vdev = VIRTIO_DEVICE(vrng);
+ if (virtio_queue_ready(vrng->vq)
+ && (vdev->status & VIRTIO_CONFIG_S_DRIVER_OK)) {
+ return true;
+ }
+ return false;
+}
+
+static size_t get_request_size(VirtQueue *vq, unsigned quota)
+{
+ unsigned int in, out;
+
+ virtqueue_get_avail_bytes(vq, &in, &out, quota, 0);
+ return in;
+}
+
+static void virtio_rng_process(VirtIORNG *vrng);
+
+/* Send data from a char device over to the guest */
+static void chr_read(void *opaque, const void *buf, size_t size)
+{
+ VirtIORNG *vrng = opaque;
+ VirtIODevice *vdev = VIRTIO_DEVICE(vrng);
+ VirtQueueElement elem;
+ size_t len;
+ int offset;
+
+ if (!is_guest_ready(vrng)) {
+ return;
+ }
+
+ vrng->quota_remaining -= size;
+
+ offset = 0;
+ while (offset < size) {
+ if (!virtqueue_pop(vrng->vq, &elem)) {
+ break;
+ }
+ len = iov_from_buf(elem.in_sg, elem.in_num,
+ 0, buf + offset, size - offset);
+ offset += len;
+
+ virtqueue_push(vrng->vq, &elem, len);
+ }
+ virtio_notify(vdev, vrng->vq);
+}
+
+static void virtio_rng_process(VirtIORNG *vrng)
+{
+ size_t size;
+ unsigned quota;
+
+ if (!is_guest_ready(vrng)) {
+ return;
+ }
+
+ if (vrng->quota_remaining < 0) {
+ quota = 0;
+ } else {
+ quota = MIN((uint64_t)vrng->quota_remaining, (uint64_t)UINT32_MAX);
+ }
+ size = get_request_size(vrng->vq, quota);
+ size = MIN(vrng->quota_remaining, size);
+ if (size) {
+ rng_backend_request_entropy(vrng->rng, size, chr_read, vrng);
+ }
+}
+
+static void handle_input(VirtIODevice *vdev, VirtQueue *vq)
+{
+ VirtIORNG *vrng = VIRTIO_RNG(vdev);
+ virtio_rng_process(vrng);
+}
+
+static uint32_t get_features(VirtIODevice *vdev, uint32_t f)
+{
+ return f;
+}
+
+static void virtio_rng_save(QEMUFile *f, void *opaque)
+{
+ VirtIODevice *vdev = opaque;
+
+ virtio_save(vdev, f);
+}
+
+static int virtio_rng_load(QEMUFile *f, void *opaque, int version_id)
+{
+ VirtIORNG *vrng = opaque;
+ VirtIODevice *vdev = VIRTIO_DEVICE(vrng);
+
+ if (version_id != 1) {
+ return -EINVAL;
+ }
+ virtio_load(vdev, f);
+
+ /* We may have an element ready but couldn't process it due to a quota
+ * limit. Make sure to try again after live migration when the quota may
+ * have been reset.
+ */
+ virtio_rng_process(vrng);
+
+ return 0;
+}
+
+static void check_rate_limit(void *opaque)
+{
+ VirtIORNG *vrng = opaque;
+
+ vrng->quota_remaining = vrng->conf.max_bytes;
+ virtio_rng_process(vrng);
+ qemu_mod_timer(vrng->rate_limit_timer,
+ qemu_get_clock_ms(vm_clock) + vrng->conf.period_ms);
+}
+
+static int virtio_rng_device_init(VirtIODevice *vdev)
+{
+ DeviceState *qdev = DEVICE(vdev);
+ VirtIORNG *vrng = VIRTIO_RNG(vdev);
+ Error *local_err = NULL;
+
+ if (vrng->conf.rng == NULL) {
+ vrng->conf.default_backend = RNG_RANDOM(object_new(TYPE_RNG_RANDOM));
+
+ object_property_add_child(OBJECT(qdev),
+ "default-backend",
+ OBJECT(vrng->conf.default_backend),
+ NULL);
+
+ object_property_set_link(OBJECT(qdev),
+ OBJECT(vrng->conf.default_backend),
+ "rng", NULL);
+ }
+
+ virtio_init(vdev, "virtio-rng", VIRTIO_ID_RNG, 0);
+
+ vrng->rng = vrng->conf.rng;
+ if (vrng->rng == NULL) {
+ qerror_report(QERR_INVALID_PARAMETER_VALUE, "rng", "a valid object");
+ return -1;
+ }
+
+ rng_backend_open(vrng->rng, &local_err);
+ if (local_err) {
+ qerror_report_err(local_err);
+ error_free(local_err);
+ return -1;
+ }
+
+ vrng->vq = virtio_add_queue(vdev, 8, handle_input);
+
+ assert(vrng->conf.max_bytes <= INT64_MAX);
+ vrng->quota_remaining = vrng->conf.max_bytes;
+
+ vrng->rate_limit_timer = qemu_new_timer_ms(vm_clock,
+ check_rate_limit, vrng);
+
+ qemu_mod_timer(vrng->rate_limit_timer,
+ qemu_get_clock_ms(vm_clock) + vrng->conf.period_ms);
+
+ register_savevm(qdev, "virtio-rng", -1, 1, virtio_rng_save,
+ virtio_rng_load, vrng);
+
+ return 0;
+}
+
+static int virtio_rng_device_exit(DeviceState *qdev)
+{
+ VirtIORNG *vrng = VIRTIO_RNG(qdev);
+ VirtIODevice *vdev = VIRTIO_DEVICE(qdev);
+
+ qemu_del_timer(vrng->rate_limit_timer);
+ qemu_free_timer(vrng->rate_limit_timer);
+ unregister_savevm(qdev, "virtio-rng", vrng);
+ virtio_cleanup(vdev);
+ return 0;
+}
+
+static Property virtio_rng_properties[] = {
+ DEFINE_VIRTIO_RNG_PROPERTIES(VirtIORNG, conf),
+ DEFINE_PROP_END_OF_LIST(),
+};
+
+static void virtio_rng_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ VirtioDeviceClass *vdc = VIRTIO_DEVICE_CLASS(klass);
+ dc->exit = virtio_rng_device_exit;
+ dc->props = virtio_rng_properties;
+ set_bit(DEVICE_CATEGORY_MISC, dc->categories);
+ vdc->init = virtio_rng_device_init;
+ vdc->get_features = get_features;
+}
+
+static void virtio_rng_initfn(Object *obj)
+{
+ VirtIORNG *vrng = VIRTIO_RNG(obj);
+
+ object_property_add_link(obj, "rng", TYPE_RNG_BACKEND,
+ (Object **)&vrng->conf.rng, NULL);
+}
+
+static const TypeInfo virtio_rng_info = {
+ .name = TYPE_VIRTIO_RNG,
+ .parent = TYPE_VIRTIO_DEVICE,
+ .instance_size = sizeof(VirtIORNG),
+ .instance_init = virtio_rng_initfn,
+ .class_init = virtio_rng_class_init,
+};
+
+static void virtio_register_types(void)
+{
+ type_register_static(&virtio_rng_info);
+}
+
+type_init(virtio_register_types)
diff --git a/hw/virtio/virtio.c b/hw/virtio/virtio.c
new file mode 100644
index 000000000..f03c45dff
--- /dev/null
+++ b/hw/virtio/virtio.c
@@ -0,0 +1,1199 @@
+/*
+ * Virtio Support
+ *
+ * Copyright IBM, Corp. 2007
+ *
+ * Authors:
+ * Anthony Liguori <aliguori@us.ibm.com>
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2. See
+ * the COPYING file in the top-level directory.
+ *
+ */
+
+#include <inttypes.h>
+
+#include "trace.h"
+#include "qemu/error-report.h"
+#include "hw/virtio/virtio.h"
+#include "qemu/atomic.h"
+#include "hw/virtio/virtio-bus.h"
+
+/*
+ * The alignment to use between consumer and producer parts of vring.
+ * x86 pagesize again. This is the default, used by transports like PCI
+ * which don't provide a means for the guest to tell the host the alignment.
+ */
+#define VIRTIO_PCI_VRING_ALIGN 4096
+
+typedef struct VRingDesc
+{
+ uint64_t addr;
+ uint32_t len;
+ uint16_t flags;
+ uint16_t next;
+} VRingDesc;
+
+typedef struct VRingAvail
+{
+ uint16_t flags;
+ uint16_t idx;
+ uint16_t ring[0];
+} VRingAvail;
+
+typedef struct VRingUsedElem
+{
+ uint32_t id;
+ uint32_t len;
+} VRingUsedElem;
+
+typedef struct VRingUsed
+{
+ uint16_t flags;
+ uint16_t idx;
+ VRingUsedElem ring[0];
+} VRingUsed;
+
+typedef struct VRing
+{
+ unsigned int num;
+ unsigned int align;
+ hwaddr desc;
+ hwaddr avail;
+ hwaddr used;
+} VRing;
+
+struct VirtQueue
+{
+ VRing vring;
+ hwaddr pa;
+ uint16_t last_avail_idx;
+ /* Last used index value we have signalled on */
+ uint16_t signalled_used;
+
+ /* Last used index value we have signalled on */
+ bool signalled_used_valid;
+
+ /* Notification enabled? */
+ bool notification;
+
+ uint16_t queue_index;
+
+ int inuse;
+
+ uint16_t vector;
+ void (*handle_output)(VirtIODevice *vdev, VirtQueue *vq);
+ VirtIODevice *vdev;
+ EventNotifier guest_notifier;
+ EventNotifier host_notifier;
+};
+
+/* virt queue functions */
+static void virtqueue_init(VirtQueue *vq)
+{
+ hwaddr pa = vq->pa;
+
+ vq->vring.desc = pa;
+ vq->vring.avail = pa + vq->vring.num * sizeof(VRingDesc);
+ vq->vring.used = vring_align(vq->vring.avail +
+ offsetof(VRingAvail, ring[vq->vring.num]),
+ vq->vring.align);
+}
+
+static inline uint64_t vring_desc_addr(hwaddr desc_pa, int i)
+{
+ hwaddr pa;
+ pa = desc_pa + sizeof(VRingDesc) * i + offsetof(VRingDesc, addr);
+ return ldq_phys(pa);
+}
+
+static inline uint32_t vring_desc_len(hwaddr desc_pa, int i)
+{
+ hwaddr pa;
+ pa = desc_pa + sizeof(VRingDesc) * i + offsetof(VRingDesc, len);
+ return ldl_phys(pa);
+}
+
+static inline uint16_t vring_desc_flags(hwaddr desc_pa, int i)
+{
+ hwaddr pa;
+ pa = desc_pa + sizeof(VRingDesc) * i + offsetof(VRingDesc, flags);
+ return lduw_phys(pa);
+}
+
+static inline uint16_t vring_desc_next(hwaddr desc_pa, int i)
+{
+ hwaddr pa;
+ pa = desc_pa + sizeof(VRingDesc) * i + offsetof(VRingDesc, next);
+ return lduw_phys(pa);
+}
+
+static inline uint16_t vring_avail_flags(VirtQueue *vq)
+{
+ hwaddr pa;
+ pa = vq->vring.avail + offsetof(VRingAvail, flags);
+ return lduw_phys(pa);
+}
+
+static inline uint16_t vring_avail_idx(VirtQueue *vq)
+{
+ hwaddr pa;
+ pa = vq->vring.avail + offsetof(VRingAvail, idx);
+ return lduw_phys(pa);
+}
+
+static inline uint16_t vring_avail_ring(VirtQueue *vq, int i)
+{
+ hwaddr pa;
+ pa = vq->vring.avail + offsetof(VRingAvail, ring[i]);
+ return lduw_phys(pa);
+}
+
+static inline uint16_t vring_used_event(VirtQueue *vq)
+{
+ return vring_avail_ring(vq, vq->vring.num);
+}
+
+static inline void vring_used_ring_id(VirtQueue *vq, int i, uint32_t val)
+{
+ hwaddr pa;
+ pa = vq->vring.used + offsetof(VRingUsed, ring[i].id);
+ stl_phys(pa, val);
+}
+
+static inline void vring_used_ring_len(VirtQueue *vq, int i, uint32_t val)
+{
+ hwaddr pa;
+ pa = vq->vring.used + offsetof(VRingUsed, ring[i].len);
+ stl_phys(pa, val);
+}
+
+static uint16_t vring_used_idx(VirtQueue *vq)
+{
+ hwaddr pa;
+ pa = vq->vring.used + offsetof(VRingUsed, idx);
+ return lduw_phys(pa);
+}
+
+static inline void vring_used_idx_set(VirtQueue *vq, uint16_t val)
+{
+ hwaddr pa;
+ pa = vq->vring.used + offsetof(VRingUsed, idx);
+ stw_phys(pa, val);
+}
+
+static inline void vring_used_flags_set_bit(VirtQueue *vq, int mask)
+{
+ hwaddr pa;
+ pa = vq->vring.used + offsetof(VRingUsed, flags);
+ stw_phys(pa, lduw_phys(pa) | mask);
+}
+
+static inline void vring_used_flags_unset_bit(VirtQueue *vq, int mask)
+{
+ hwaddr pa;
+ pa = vq->vring.used + offsetof(VRingUsed, flags);
+ stw_phys(pa, lduw_phys(pa) & ~mask);
+}
+
+static inline void vring_avail_event(VirtQueue *vq, uint16_t val)
+{
+ hwaddr pa;
+ if (!vq->notification) {
+ return;
+ }
+ pa = vq->vring.used + offsetof(VRingUsed, ring[vq->vring.num]);
+ stw_phys(pa, val);
+}
+
+void virtio_queue_set_notification(VirtQueue *vq, int enable)
+{
+ vq->notification = enable;
+ if (vq->vdev->guest_features & (1 << VIRTIO_RING_F_EVENT_IDX)) {
+ vring_avail_event(vq, vring_avail_idx(vq));
+ } else if (enable) {
+ vring_used_flags_unset_bit(vq, VRING_USED_F_NO_NOTIFY);
+ } else {
+ vring_used_flags_set_bit(vq, VRING_USED_F_NO_NOTIFY);
+ }
+ if (enable) {
+ /* Expose avail event/used flags before caller checks the avail idx. */
+ smp_mb();
+ }
+}
+
+int virtio_queue_ready(VirtQueue *vq)
+{
+ return vq->vring.avail != 0;
+}
+
+int virtio_queue_empty(VirtQueue *vq)
+{
+ return vring_avail_idx(vq) == vq->last_avail_idx;
+}
+
+void virtqueue_fill(VirtQueue *vq, const VirtQueueElement *elem,
+ unsigned int len, unsigned int idx)
+{
+ unsigned int offset;
+ int i;
+
+ trace_virtqueue_fill(vq, elem, len, idx);
+
+ offset = 0;
+ for (i = 0; i < elem->in_num; i++) {
+ size_t size = MIN(len - offset, elem->in_sg[i].iov_len);
+
+ cpu_physical_memory_unmap(elem->in_sg[i].iov_base,
+ elem->in_sg[i].iov_len,
+ 1, size);
+
+ offset += size;
+ }
+
+ for (i = 0; i < elem->out_num; i++)
+ cpu_physical_memory_unmap(elem->out_sg[i].iov_base,
+ elem->out_sg[i].iov_len,
+ 0, elem->out_sg[i].iov_len);
+
+ idx = (idx + vring_used_idx(vq)) % vq->vring.num;
+
+ /* Get a pointer to the next entry in the used ring. */
+ vring_used_ring_id(vq, idx, elem->index);
+ vring_used_ring_len(vq, idx, len);
+}
+
+void virtqueue_flush(VirtQueue *vq, unsigned int count)
+{
+ uint16_t old, new;
+ /* Make sure buffer is written before we update index. */
+ smp_wmb();
+ trace_virtqueue_flush(vq, count);
+ old = vring_used_idx(vq);
+ new = old + count;
+ vring_used_idx_set(vq, new);
+ vq->inuse -= count;
+ if (unlikely((int16_t)(new - vq->signalled_used) < (uint16_t)(new - old)))
+ vq->signalled_used_valid = false;
+}
+
+void virtqueue_push(VirtQueue *vq, const VirtQueueElement *elem,
+ unsigned int len)
+{
+ virtqueue_fill(vq, elem, len, 0);
+ virtqueue_flush(vq, 1);
+}
+
+static int virtqueue_num_heads(VirtQueue *vq, unsigned int idx)
+{
+ uint16_t num_heads = vring_avail_idx(vq) - idx;
+
+ /* Check it isn't doing very strange things with descriptor numbers. */
+ if (num_heads > vq->vring.num) {
+ error_report("Guest moved used index from %u to %u",
+ idx, vring_avail_idx(vq));
+ exit(1);
+ }
+ /* On success, callers read a descriptor at vq->last_avail_idx.
+ * Make sure descriptor read does not bypass avail index read. */
+ if (num_heads) {
+ smp_rmb();
+ }
+
+ return num_heads;
+}
+
+static unsigned int virtqueue_get_head(VirtQueue *vq, unsigned int idx)
+{
+ unsigned int head;
+
+ /* Grab the next descriptor number they're advertising, and increment
+ * the index we've seen. */
+ head = vring_avail_ring(vq, idx % vq->vring.num);
+
+ /* If their number is silly, that's a fatal mistake. */
+ if (head >= vq->vring.num) {
+ error_report("Guest says index %u is available", head);
+ exit(1);
+ }
+
+ return head;
+}
+
+static unsigned virtqueue_next_desc(hwaddr desc_pa,
+ unsigned int i, unsigned int max)
+{
+ unsigned int next;
+
+ /* If this descriptor says it doesn't chain, we're done. */
+ if (!(vring_desc_flags(desc_pa, i) & VRING_DESC_F_NEXT))
+ return max;
+
+ /* Check they're not leading us off end of descriptors. */
+ next = vring_desc_next(desc_pa, i);
+ /* Make sure compiler knows to grab that: we don't want it changing! */
+ smp_wmb();
+
+ if (next >= max) {
+ error_report("Desc next is %u", next);
+ exit(1);
+ }
+
+ return next;
+}
+
+void virtqueue_get_avail_bytes(VirtQueue *vq, unsigned int *in_bytes,
+ unsigned int *out_bytes,
+ unsigned max_in_bytes, unsigned max_out_bytes)
+{
+ unsigned int idx;
+ unsigned int total_bufs, in_total, out_total;
+
+ idx = vq->last_avail_idx;
+
+ total_bufs = in_total = out_total = 0;
+ while (virtqueue_num_heads(vq, idx)) {
+ unsigned int max, num_bufs, indirect = 0;
+ hwaddr desc_pa;
+ int i;
+
+ max = vq->vring.num;
+ num_bufs = total_bufs;
+ i = virtqueue_get_head(vq, idx++);
+ desc_pa = vq->vring.desc;
+
+ if (vring_desc_flags(desc_pa, i) & VRING_DESC_F_INDIRECT) {
+ if (vring_desc_len(desc_pa, i) % sizeof(VRingDesc)) {
+ error_report("Invalid size for indirect buffer table");
+ exit(1);
+ }
+
+ /* If we've got too many, that implies a descriptor loop. */
+ if (num_bufs >= max) {
+ error_report("Looped descriptor");
+ exit(1);
+ }
+
+ /* loop over the indirect descriptor table */
+ indirect = 1;
+ max = vring_desc_len(desc_pa, i) / sizeof(VRingDesc);
+ num_bufs = i = 0;
+ desc_pa = vring_desc_addr(desc_pa, i);
+ }
+
+ do {
+ /* If we've got too many, that implies a descriptor loop. */
+ if (++num_bufs > max) {
+ error_report("Looped descriptor");
+ exit(1);
+ }
+
+ if (vring_desc_flags(desc_pa, i) & VRING_DESC_F_WRITE) {
+ in_total += vring_desc_len(desc_pa, i);
+ } else {
+ out_total += vring_desc_len(desc_pa, i);
+ }
+ if (in_total >= max_in_bytes && out_total >= max_out_bytes) {
+ goto done;
+ }
+ } while ((i = virtqueue_next_desc(desc_pa, i, max)) != max);
+
+ if (!indirect)
+ total_bufs = num_bufs;
+ else
+ total_bufs++;
+ }
+done:
+ if (in_bytes) {
+ *in_bytes = in_total;
+ }
+ if (out_bytes) {
+ *out_bytes = out_total;
+ }
+}
+
+int virtqueue_avail_bytes(VirtQueue *vq, unsigned int in_bytes,
+ unsigned int out_bytes)
+{
+ unsigned int in_total, out_total;
+
+ virtqueue_get_avail_bytes(vq, &in_total, &out_total, in_bytes, out_bytes);
+ return in_bytes <= in_total && out_bytes <= out_total;
+}
+
+void virtqueue_map_sg(struct iovec *sg, hwaddr *addr,
+ size_t num_sg, int is_write)
+{
+ unsigned int i;
+ hwaddr len;
+
+ for (i = 0; i < num_sg; i++) {
+ len = sg[i].iov_len;
+ sg[i].iov_base = cpu_physical_memory_map(addr[i], &len, is_write);
+ if (sg[i].iov_base == NULL || len != sg[i].iov_len) {
+ error_report("virtio: trying to map MMIO memory");
+ exit(1);
+ }
+ }
+}
+
+int virtqueue_pop(VirtQueue *vq, VirtQueueElement *elem)
+{
+ unsigned int i, head, max;
+ hwaddr desc_pa = vq->vring.desc;
+
+ if (!virtqueue_num_heads(vq, vq->last_avail_idx))
+ return 0;
+
+ /* When we start there are none of either input nor output. */
+ elem->out_num = elem->in_num = 0;
+
+ max = vq->vring.num;
+
+ i = head = virtqueue_get_head(vq, vq->last_avail_idx++);
+ if (vq->vdev->guest_features & (1 << VIRTIO_RING_F_EVENT_IDX)) {
+ vring_avail_event(vq, vring_avail_idx(vq));
+ }
+
+ if (vring_desc_flags(desc_pa, i) & VRING_DESC_F_INDIRECT) {
+ if (vring_desc_len(desc_pa, i) % sizeof(VRingDesc)) {
+ error_report("Invalid size for indirect buffer table");
+ exit(1);
+ }
+
+ /* loop over the indirect descriptor table */
+ max = vring_desc_len(desc_pa, i) / sizeof(VRingDesc);
+ desc_pa = vring_desc_addr(desc_pa, i);
+ i = 0;
+ }
+
+ /* Collect all the descriptors */
+ do {
+ struct iovec *sg;
+
+ if (vring_desc_flags(desc_pa, i) & VRING_DESC_F_WRITE) {
+ if (elem->in_num >= ARRAY_SIZE(elem->in_sg)) {
+ error_report("Too many write descriptors in indirect table");
+ exit(1);
+ }
+ elem->in_addr[elem->in_num] = vring_desc_addr(desc_pa, i);
+ sg = &elem->in_sg[elem->in_num++];
+ } else {
+ if (elem->out_num >= ARRAY_SIZE(elem->out_sg)) {
+ error_report("Too many read descriptors in indirect table");
+ exit(1);
+ }
+ elem->out_addr[elem->out_num] = vring_desc_addr(desc_pa, i);
+ sg = &elem->out_sg[elem->out_num++];
+ }
+
+ sg->iov_len = vring_desc_len(desc_pa, i);
+
+ /* If we've got too many, that implies a descriptor loop. */
+ if ((elem->in_num + elem->out_num) > max) {
+ error_report("Looped descriptor");
+ exit(1);
+ }
+ } while ((i = virtqueue_next_desc(desc_pa, i, max)) != max);
+
+ /* Now map what we have collected */
+ virtqueue_map_sg(elem->in_sg, elem->in_addr, elem->in_num, 1);
+ virtqueue_map_sg(elem->out_sg, elem->out_addr, elem->out_num, 0);
+
+ elem->index = head;
+
+ vq->inuse++;
+
+ trace_virtqueue_pop(vq, elem, elem->in_num, elem->out_num);
+ return elem->in_num + elem->out_num;
+}
+
+/* virtio device */
+static void virtio_notify_vector(VirtIODevice *vdev, uint16_t vector)
+{
+ BusState *qbus = qdev_get_parent_bus(DEVICE(vdev));
+ VirtioBusClass *k = VIRTIO_BUS_GET_CLASS(qbus);
+
+ if (k->notify) {
+ k->notify(qbus->parent, vector);
+ }
+}
+
+void virtio_update_irq(VirtIODevice *vdev)
+{
+ virtio_notify_vector(vdev, VIRTIO_NO_VECTOR);
+}
+
+void virtio_set_status(VirtIODevice *vdev, uint8_t val)
+{
+ VirtioDeviceClass *k = VIRTIO_DEVICE_GET_CLASS(vdev);
+ trace_virtio_set_status(vdev, val);
+
+ if (k->set_status) {
+ k->set_status(vdev, val);
+ }
+ vdev->status = val;
+}
+
+void virtio_reset(void *opaque)
+{
+ VirtIODevice *vdev = opaque;
+ VirtioDeviceClass *k = VIRTIO_DEVICE_GET_CLASS(vdev);
+ int i;
+
+ virtio_set_status(vdev, 0);
+
+ if (k->reset) {
+ k->reset(vdev);
+ }
+
+ vdev->guest_features = 0;
+ vdev->queue_sel = 0;
+ vdev->status = 0;
+ vdev->isr = 0;
+ vdev->config_vector = VIRTIO_NO_VECTOR;
+ virtio_notify_vector(vdev, vdev->config_vector);
+
+ for(i = 0; i < VIRTIO_PCI_QUEUE_MAX; i++) {
+ vdev->vq[i].vring.desc = 0;
+ vdev->vq[i].vring.avail = 0;
+ vdev->vq[i].vring.used = 0;
+ vdev->vq[i].last_avail_idx = 0;
+ vdev->vq[i].pa = 0;
+ vdev->vq[i].vector = VIRTIO_NO_VECTOR;
+ vdev->vq[i].signalled_used = 0;
+ vdev->vq[i].signalled_used_valid = false;
+ vdev->vq[i].notification = true;
+ }
+}
+
+uint32_t virtio_config_readb(VirtIODevice *vdev, uint32_t addr)
+{
+ VirtioDeviceClass *k = VIRTIO_DEVICE_GET_CLASS(vdev);
+ uint8_t val;
+
+ if (addr + sizeof(val) > vdev->config_len) {
+ return (uint32_t)-1;
+ }
+
+ k->get_config(vdev, vdev->config);
+
+ val = ldub_p(vdev->config + addr);
+ return val;
+}
+
+uint32_t virtio_config_readw(VirtIODevice *vdev, uint32_t addr)
+{
+ VirtioDeviceClass *k = VIRTIO_DEVICE_GET_CLASS(vdev);
+ uint16_t val;
+
+ if (addr + sizeof(val) > vdev->config_len) {
+ return (uint32_t)-1;
+ }
+
+ k->get_config(vdev, vdev->config);
+
+ val = lduw_p(vdev->config + addr);
+ return val;
+}
+
+uint32_t virtio_config_readl(VirtIODevice *vdev, uint32_t addr)
+{
+ VirtioDeviceClass *k = VIRTIO_DEVICE_GET_CLASS(vdev);
+ uint32_t val;
+
+ if (addr + sizeof(val) > vdev->config_len) {
+ return (uint32_t)-1;
+ }
+
+ k->get_config(vdev, vdev->config);
+
+ val = ldl_p(vdev->config + addr);
+ return val;
+}
+
+void virtio_config_writeb(VirtIODevice *vdev, uint32_t addr, uint32_t data)
+{
+ VirtioDeviceClass *k = VIRTIO_DEVICE_GET_CLASS(vdev);
+ uint8_t val = data;
+
+ if (addr + sizeof(val) > vdev->config_len) {
+ return;
+ }
+
+ stb_p(vdev->config + addr, val);
+
+ if (k->set_config) {
+ k->set_config(vdev, vdev->config);
+ }
+}
+
+void virtio_config_writew(VirtIODevice *vdev, uint32_t addr, uint32_t data)
+{
+ VirtioDeviceClass *k = VIRTIO_DEVICE_GET_CLASS(vdev);
+ uint16_t val = data;
+
+ if (addr + sizeof(val) > vdev->config_len) {
+ return;
+ }
+
+ stw_p(vdev->config + addr, val);
+
+ if (k->set_config) {
+ k->set_config(vdev, vdev->config);
+ }
+}
+
+void virtio_config_writel(VirtIODevice *vdev, uint32_t addr, uint32_t data)
+{
+ VirtioDeviceClass *k = VIRTIO_DEVICE_GET_CLASS(vdev);
+ uint32_t val = data;
+
+ if (addr + sizeof(val) > vdev->config_len) {
+ return;
+ }
+
+ stl_p(vdev->config + addr, val);
+
+ if (k->set_config) {
+ k->set_config(vdev, vdev->config);
+ }
+}
+
+void virtio_queue_set_addr(VirtIODevice *vdev, int n, hwaddr addr)
+{
+ vdev->vq[n].pa = addr;
+ virtqueue_init(&vdev->vq[n]);
+}
+
+hwaddr virtio_queue_get_addr(VirtIODevice *vdev, int n)
+{
+ return vdev->vq[n].pa;
+}
+
+void virtio_queue_set_num(VirtIODevice *vdev, int n, int num)
+{
+ /* Don't allow guest to flip queue between existent and
+ * nonexistent states, or to set it to an invalid size.
+ */
+ if (!!num != !!vdev->vq[n].vring.num ||
+ num > VIRTQUEUE_MAX_SIZE ||
+ num < 0) {
+ return;
+ }
+ vdev->vq[n].vring.num = num;
+ virtqueue_init(&vdev->vq[n]);
+}
+
+int virtio_queue_get_num(VirtIODevice *vdev, int n)
+{
+ return vdev->vq[n].vring.num;
+}
+
+int virtio_queue_get_id(VirtQueue *vq)
+{
+ VirtIODevice *vdev = vq->vdev;
+ assert(vq >= &vdev->vq[0] && vq < &vdev->vq[VIRTIO_PCI_QUEUE_MAX]);
+ return vq - &vdev->vq[0];
+}
+
+void virtio_queue_set_align(VirtIODevice *vdev, int n, int align)
+{
+ BusState *qbus = qdev_get_parent_bus(DEVICE(vdev));
+ VirtioBusClass *k = VIRTIO_BUS_GET_CLASS(qbus);
+
+ /* Check that the transport told us it was going to do this
+ * (so a buggy transport will immediately assert rather than
+ * silently failing to migrate this state)
+ */
+ assert(k->has_variable_vring_alignment);
+
+ vdev->vq[n].vring.align = align;
+ virtqueue_init(&vdev->vq[n]);
+}
+
+void virtio_queue_notify_vq(VirtQueue *vq)
+{
+ if (vq->vring.desc) {
+ VirtIODevice *vdev = vq->vdev;
+ trace_virtio_queue_notify(vdev, vq - vdev->vq, vq);
+ vq->handle_output(vdev, vq);
+ }
+}
+
+void virtio_queue_notify(VirtIODevice *vdev, int n)
+{
+ virtio_queue_notify_vq(&vdev->vq[n]);
+}
+
+uint16_t virtio_queue_vector(VirtIODevice *vdev, int n)
+{
+ return n < VIRTIO_PCI_QUEUE_MAX ? vdev->vq[n].vector :
+ VIRTIO_NO_VECTOR;
+}
+
+void virtio_queue_set_vector(VirtIODevice *vdev, int n, uint16_t vector)
+{
+ if (n < VIRTIO_PCI_QUEUE_MAX)
+ vdev->vq[n].vector = vector;
+}
+
+VirtQueue *virtio_add_queue(VirtIODevice *vdev, int queue_size,
+ void (*handle_output)(VirtIODevice *, VirtQueue *))
+{
+ int i;
+
+ for (i = 0; i < VIRTIO_PCI_QUEUE_MAX; i++) {
+ if (vdev->vq[i].vring.num == 0)
+ break;
+ }
+
+ if (i == VIRTIO_PCI_QUEUE_MAX || queue_size > VIRTQUEUE_MAX_SIZE)
+ abort();
+
+ vdev->vq[i].vring.num = queue_size;
+ vdev->vq[i].vring.align = VIRTIO_PCI_VRING_ALIGN;
+ vdev->vq[i].handle_output = handle_output;
+
+ return &vdev->vq[i];
+}
+
+void virtio_del_queue(VirtIODevice *vdev, int n)
+{
+ if (n < 0 || n >= VIRTIO_PCI_QUEUE_MAX) {
+ abort();
+ }
+
+ vdev->vq[n].vring.num = 0;
+}
+
+void virtio_irq(VirtQueue *vq)
+{
+ trace_virtio_irq(vq);
+ vq->vdev->isr |= 0x01;
+ virtio_notify_vector(vq->vdev, vq->vector);
+}
+
+/* Assuming a given event_idx value from the other size, if
+ * we have just incremented index from old to new_idx,
+ * should we trigger an event? */
+static inline int vring_need_event(uint16_t event, uint16_t new, uint16_t old)
+{
+ /* Note: Xen has similar logic for notification hold-off
+ * in include/xen/interface/io/ring.h with req_event and req_prod
+ * corresponding to event_idx + 1 and new respectively.
+ * Note also that req_event and req_prod in Xen start at 1,
+ * event indexes in virtio start at 0. */
+ return (uint16_t)(new - event - 1) < (uint16_t)(new - old);
+}
+
+static bool vring_notify(VirtIODevice *vdev, VirtQueue *vq)
+{
+ uint16_t old, new;
+ bool v;
+ /* We need to expose used array entries before checking used event. */
+ smp_mb();
+ /* Always notify when queue is empty (when feature acknowledge) */
+ if (((vdev->guest_features & (1 << VIRTIO_F_NOTIFY_ON_EMPTY)) &&
+ !vq->inuse && vring_avail_idx(vq) == vq->last_avail_idx)) {
+ return true;
+ }
+
+ if (!(vdev->guest_features & (1 << VIRTIO_RING_F_EVENT_IDX))) {
+ return !(vring_avail_flags(vq) & VRING_AVAIL_F_NO_INTERRUPT);
+ }
+
+ v = vq->signalled_used_valid;
+ vq->signalled_used_valid = true;
+ old = vq->signalled_used;
+ new = vq->signalled_used = vring_used_idx(vq);
+ return !v || vring_need_event(vring_used_event(vq), new, old);
+}
+
+void virtio_notify(VirtIODevice *vdev, VirtQueue *vq)
+{
+ if (!vring_notify(vdev, vq)) {
+ return;
+ }
+
+ trace_virtio_notify(vdev, vq);
+ vdev->isr |= 0x01;
+ virtio_notify_vector(vdev, vq->vector);
+}
+
+void virtio_notify_config(VirtIODevice *vdev)
+{
+ if (!(vdev->status & VIRTIO_CONFIG_S_DRIVER_OK))
+ return;
+
+ vdev->isr |= 0x03;
+ virtio_notify_vector(vdev, vdev->config_vector);
+}
+
+void virtio_save(VirtIODevice *vdev, QEMUFile *f)
+{
+ BusState *qbus = qdev_get_parent_bus(DEVICE(vdev));
+ VirtioBusClass *k = VIRTIO_BUS_GET_CLASS(qbus);
+ int i;
+
+ if (k->save_config) {
+ k->save_config(qbus->parent, f);
+ }
+
+ qemu_put_8s(f, &vdev->status);
+ qemu_put_8s(f, &vdev->isr);
+ qemu_put_be16s(f, &vdev->queue_sel);
+ qemu_put_be32s(f, &vdev->guest_features);
+ qemu_put_be32(f, vdev->config_len);
+ qemu_put_buffer(f, vdev->config, vdev->config_len);
+
+ for (i = 0; i < VIRTIO_PCI_QUEUE_MAX; i++) {
+ if (vdev->vq[i].vring.num == 0)
+ break;
+ }
+
+ qemu_put_be32(f, i);
+
+ for (i = 0; i < VIRTIO_PCI_QUEUE_MAX; i++) {
+ if (vdev->vq[i].vring.num == 0)
+ break;
+
+ qemu_put_be32(f, vdev->vq[i].vring.num);
+ if (k->has_variable_vring_alignment) {
+ qemu_put_be32(f, vdev->vq[i].vring.align);
+ }
+ qemu_put_be64(f, vdev->vq[i].pa);
+ qemu_put_be16s(f, &vdev->vq[i].last_avail_idx);
+ if (k->save_queue) {
+ k->save_queue(qbus->parent, i, f);
+ }
+ }
+}
+
+int virtio_set_features(VirtIODevice *vdev, uint32_t val)
+{
+ BusState *qbus = qdev_get_parent_bus(DEVICE(vdev));
+ VirtioBusClass *vbusk = VIRTIO_BUS_GET_CLASS(qbus);
+ VirtioDeviceClass *k = VIRTIO_DEVICE_GET_CLASS(vdev);
+ uint32_t supported_features = vbusk->get_features(qbus->parent);
+ bool bad = (val & ~supported_features) != 0;
+
+ val &= supported_features;
+ if (k->set_features) {
+ k->set_features(vdev, val);
+ }
+ vdev->guest_features = val;
+ return bad ? -1 : 0;
+}
+
+int virtio_load(VirtIODevice *vdev, QEMUFile *f)
+{
+ int num, i, ret;
+ uint32_t features;
+ uint32_t supported_features;
+ BusState *qbus = qdev_get_parent_bus(DEVICE(vdev));
+ VirtioBusClass *k = VIRTIO_BUS_GET_CLASS(qbus);
+
+ if (k->load_config) {
+ ret = k->load_config(qbus->parent, f);
+ if (ret)
+ return ret;
+ }
+
+ qemu_get_8s(f, &vdev->status);
+ qemu_get_8s(f, &vdev->isr);
+ qemu_get_be16s(f, &vdev->queue_sel);
+ qemu_get_be32s(f, &features);
+
+ if (virtio_set_features(vdev, features) < 0) {
+ supported_features = k->get_features(qbus->parent);
+ error_report("Features 0x%x unsupported. Allowed features: 0x%x",
+ features, supported_features);
+ return -1;
+ }
+ vdev->config_len = qemu_get_be32(f);
+ qemu_get_buffer(f, vdev->config, vdev->config_len);
+
+ num = qemu_get_be32(f);
+
+ for (i = 0; i < num; i++) {
+ vdev->vq[i].vring.num = qemu_get_be32(f);
+ if (k->has_variable_vring_alignment) {
+ vdev->vq[i].vring.align = qemu_get_be32(f);
+ }
+ vdev->vq[i].pa = qemu_get_be64(f);
+ qemu_get_be16s(f, &vdev->vq[i].last_avail_idx);
+ vdev->vq[i].signalled_used_valid = false;
+ vdev->vq[i].notification = true;
+
+ if (vdev->vq[i].pa) {
+ uint16_t nheads;
+ virtqueue_init(&vdev->vq[i]);
+ nheads = vring_avail_idx(&vdev->vq[i]) - vdev->vq[i].last_avail_idx;
+ /* Check it isn't doing very strange things with descriptor numbers. */
+ if (nheads > vdev->vq[i].vring.num) {
+ error_report("VQ %d size 0x%x Guest index 0x%x "
+ "inconsistent with Host index 0x%x: delta 0x%x",
+ i, vdev->vq[i].vring.num,
+ vring_avail_idx(&vdev->vq[i]),
+ vdev->vq[i].last_avail_idx, nheads);
+ return -1;
+ }
+ } else if (vdev->vq[i].last_avail_idx) {
+ error_report("VQ %d address 0x0 "
+ "inconsistent with Host index 0x%x",
+ i, vdev->vq[i].last_avail_idx);
+ return -1;
+ }
+ if (k->load_queue) {
+ ret = k->load_queue(qbus->parent, i, f);
+ if (ret)
+ return ret;
+ }
+ }
+
+ virtio_notify_vector(vdev, VIRTIO_NO_VECTOR);
+ return 0;
+}
+
+void virtio_cleanup(VirtIODevice *vdev)
+{
+ qemu_del_vm_change_state_handler(vdev->vmstate);
+ g_free(vdev->config);
+ g_free(vdev->vq);
+}
+
+static void virtio_vmstate_change(void *opaque, int running, RunState state)
+{
+ VirtIODevice *vdev = opaque;
+ BusState *qbus = qdev_get_parent_bus(DEVICE(vdev));
+ VirtioBusClass *k = VIRTIO_BUS_GET_CLASS(qbus);
+ bool backend_run = running && (vdev->status & VIRTIO_CONFIG_S_DRIVER_OK);
+ vdev->vm_running = running;
+
+ if (backend_run) {
+ virtio_set_status(vdev, vdev->status);
+ }
+
+ if (k->vmstate_change) {
+ k->vmstate_change(qbus->parent, backend_run);
+ }
+
+ if (!backend_run) {
+ virtio_set_status(vdev, vdev->status);
+ }
+}
+
+void virtio_init(VirtIODevice *vdev, const char *name,
+ uint16_t device_id, size_t config_size)
+{
+ int i;
+ vdev->device_id = device_id;
+ vdev->status = 0;
+ vdev->isr = 0;
+ vdev->queue_sel = 0;
+ vdev->config_vector = VIRTIO_NO_VECTOR;
+ vdev->vq = g_malloc0(sizeof(VirtQueue) * VIRTIO_PCI_QUEUE_MAX);
+ vdev->vm_running = runstate_is_running();
+ for (i = 0; i < VIRTIO_PCI_QUEUE_MAX; i++) {
+ vdev->vq[i].vector = VIRTIO_NO_VECTOR;
+ vdev->vq[i].vdev = vdev;
+ vdev->vq[i].queue_index = i;
+ }
+
+ vdev->name = name;
+ vdev->config_len = config_size;
+ if (vdev->config_len) {
+ vdev->config = g_malloc0(config_size);
+ } else {
+ vdev->config = NULL;
+ }
+ vdev->vmstate = qemu_add_vm_change_state_handler(virtio_vmstate_change,
+ vdev);
+}
+
+hwaddr virtio_queue_get_desc_addr(VirtIODevice *vdev, int n)
+{
+ return vdev->vq[n].vring.desc;
+}
+
+hwaddr virtio_queue_get_avail_addr(VirtIODevice *vdev, int n)
+{
+ return vdev->vq[n].vring.avail;
+}
+
+hwaddr virtio_queue_get_used_addr(VirtIODevice *vdev, int n)
+{
+ return vdev->vq[n].vring.used;
+}
+
+hwaddr virtio_queue_get_ring_addr(VirtIODevice *vdev, int n)
+{
+ return vdev->vq[n].vring.desc;
+}
+
+hwaddr virtio_queue_get_desc_size(VirtIODevice *vdev, int n)
+{
+ return sizeof(VRingDesc) * vdev->vq[n].vring.num;
+}
+
+hwaddr virtio_queue_get_avail_size(VirtIODevice *vdev, int n)
+{
+ return offsetof(VRingAvail, ring) +
+ sizeof(uint64_t) * vdev->vq[n].vring.num;
+}
+
+hwaddr virtio_queue_get_used_size(VirtIODevice *vdev, int n)
+{
+ return offsetof(VRingUsed, ring) +
+ sizeof(VRingUsedElem) * vdev->vq[n].vring.num;
+}
+
+hwaddr virtio_queue_get_ring_size(VirtIODevice *vdev, int n)
+{
+ return vdev->vq[n].vring.used - vdev->vq[n].vring.desc +
+ virtio_queue_get_used_size(vdev, n);
+}
+
+uint16_t virtio_queue_get_last_avail_idx(VirtIODevice *vdev, int n)
+{
+ return vdev->vq[n].last_avail_idx;
+}
+
+void virtio_queue_set_last_avail_idx(VirtIODevice *vdev, int n, uint16_t idx)
+{
+ vdev->vq[n].last_avail_idx = idx;
+}
+
+void virtio_queue_invalidate_signalled_used(VirtIODevice *vdev, int n)
+{
+ vdev->vq[n].signalled_used_valid = false;
+}
+
+VirtQueue *virtio_get_queue(VirtIODevice *vdev, int n)
+{
+ return vdev->vq + n;
+}
+
+uint16_t virtio_get_queue_index(VirtQueue *vq)
+{
+ return vq->queue_index;
+}
+
+static void virtio_queue_guest_notifier_read(EventNotifier *n)
+{
+ VirtQueue *vq = container_of(n, VirtQueue, guest_notifier);
+ if (event_notifier_test_and_clear(n)) {
+ virtio_irq(vq);
+ }
+}
+
+void virtio_queue_set_guest_notifier_fd_handler(VirtQueue *vq, bool assign,
+ bool with_irqfd)
+{
+ if (assign && !with_irqfd) {
+ event_notifier_set_handler(&vq->guest_notifier,
+ virtio_queue_guest_notifier_read);
+ } else {
+ event_notifier_set_handler(&vq->guest_notifier, NULL);
+ }
+ if (!assign) {
+ /* Test and clear notifier before closing it,
+ * in case poll callback didn't have time to run. */
+ virtio_queue_guest_notifier_read(&vq->guest_notifier);
+ }
+}
+
+EventNotifier *virtio_queue_get_guest_notifier(VirtQueue *vq)
+{
+ return &vq->guest_notifier;
+}
+
+static void virtio_queue_host_notifier_read(EventNotifier *n)
+{
+ VirtQueue *vq = container_of(n, VirtQueue, host_notifier);
+ if (event_notifier_test_and_clear(n)) {
+ virtio_queue_notify_vq(vq);
+ }
+}
+
+void virtio_queue_set_host_notifier_fd_handler(VirtQueue *vq, bool assign,
+ bool set_handler)
+{
+ if (assign && set_handler) {
+ event_notifier_set_handler(&vq->host_notifier,
+ virtio_queue_host_notifier_read);
+ } else {
+ event_notifier_set_handler(&vq->host_notifier, NULL);
+ }
+ if (!assign) {
+ /* Test and clear notifier before after disabling event,
+ * in case poll callback didn't have time to run. */
+ virtio_queue_host_notifier_read(&vq->host_notifier);
+ }
+}
+
+EventNotifier *virtio_queue_get_host_notifier(VirtQueue *vq)
+{
+ return &vq->host_notifier;
+}
+
+void virtio_device_set_child_bus_name(VirtIODevice *vdev, char *bus_name)
+{
+ if (vdev->bus_name) {
+ g_free(vdev->bus_name);
+ vdev->bus_name = NULL;
+ }
+
+ if (bus_name) {
+ vdev->bus_name = g_strdup(bus_name);
+ }
+}
+
+static int virtio_device_init(DeviceState *qdev)
+{
+ VirtIODevice *vdev = VIRTIO_DEVICE(qdev);
+ VirtioDeviceClass *k = VIRTIO_DEVICE_GET_CLASS(qdev);
+ assert(k->init != NULL);
+ if (k->init(vdev) < 0) {
+ return -1;
+ }
+ virtio_bus_plug_device(vdev);
+ return 0;
+}
+
+static int virtio_device_exit(DeviceState *qdev)
+{
+ VirtIODevice *vdev = VIRTIO_DEVICE(qdev);
+
+ if (vdev->bus_name) {
+ g_free(vdev->bus_name);
+ vdev->bus_name = NULL;
+ }
+ return 0;
+}
+
+static void virtio_device_class_init(ObjectClass *klass, void *data)
+{
+ /* Set the default value here. */
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ dc->init = virtio_device_init;
+ dc->exit = virtio_device_exit;
+ dc->bus_type = TYPE_VIRTIO_BUS;
+}
+
+static const TypeInfo virtio_device_info = {
+ .name = TYPE_VIRTIO_DEVICE,
+ .parent = TYPE_DEVICE,
+ .instance_size = sizeof(VirtIODevice),
+ .class_init = virtio_device_class_init,
+ .abstract = true,
+ .class_size = sizeof(VirtioDeviceClass),
+};
+
+static void virtio_register_types(void)
+{
+ type_register_static(&virtio_device_info);
+}
+
+type_init(virtio_register_types)
diff --git a/hw/vmmouse.c b/hw/vmmouse.c
deleted file mode 100644
index 6338efa1c..000000000
--- a/hw/vmmouse.c
+++ /dev/null
@@ -1,302 +0,0 @@
-/*
- * QEMU VMMouse emulation
- *
- * Copyright (C) 2007 Anthony Liguori <anthony@codemonkey.ws>
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
- * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
- * THE SOFTWARE.
- */
-#include "hw.h"
-#include "console.h"
-#include "ps2.h"
-#include "pc.h"
-#include "qdev.h"
-
-/* debug only vmmouse */
-//#define DEBUG_VMMOUSE
-
-/* VMMouse Commands */
-#define VMMOUSE_GETVERSION 10
-#define VMMOUSE_DATA 39
-#define VMMOUSE_STATUS 40
-#define VMMOUSE_COMMAND 41
-
-#define VMMOUSE_READ_ID 0x45414552
-#define VMMOUSE_DISABLE 0x000000f5
-#define VMMOUSE_REQUEST_RELATIVE 0x4c455252
-#define VMMOUSE_REQUEST_ABSOLUTE 0x53424152
-
-#define VMMOUSE_QUEUE_SIZE 1024
-
-#define VMMOUSE_VERSION 0x3442554a
-
-#ifdef DEBUG_VMMOUSE
-#define DPRINTF(fmt, ...) printf(fmt, ## __VA_ARGS__)
-#else
-#define DPRINTF(fmt, ...) do { } while (0)
-#endif
-
-typedef struct _VMMouseState
-{
- ISADevice dev;
- uint32_t queue[VMMOUSE_QUEUE_SIZE];
- int32_t queue_size;
- uint16_t nb_queue;
- uint16_t status;
- uint8_t absolute;
- QEMUPutMouseEntry *entry;
- void *ps2_mouse;
-} VMMouseState;
-
-static uint32_t vmmouse_get_status(VMMouseState *s)
-{
- DPRINTF("vmmouse_get_status()\n");
- return (s->status << 16) | s->nb_queue;
-}
-
-static void vmmouse_mouse_event(void *opaque, int x, int y, int dz, int buttons_state)
-{
- VMMouseState *s = opaque;
- int buttons = 0;
-
- if (s->nb_queue > (VMMOUSE_QUEUE_SIZE - 4))
- return;
-
- DPRINTF("vmmouse_mouse_event(%d, %d, %d, %d)\n",
- x, y, dz, buttons_state);
-
- if ((buttons_state & MOUSE_EVENT_LBUTTON))
- buttons |= 0x20;
- if ((buttons_state & MOUSE_EVENT_RBUTTON))
- buttons |= 0x10;
- if ((buttons_state & MOUSE_EVENT_MBUTTON))
- buttons |= 0x08;
-
- if (s->absolute) {
- x <<= 1;
- y <<= 1;
- }
-
- s->queue[s->nb_queue++] = buttons;
- s->queue[s->nb_queue++] = x;
- s->queue[s->nb_queue++] = y;
- s->queue[s->nb_queue++] = dz;
-
- /* need to still generate PS2 events to notify driver to
- read from queue */
- i8042_isa_mouse_fake_event(s->ps2_mouse);
-}
-
-static void vmmouse_remove_handler(VMMouseState *s)
-{
- if (s->entry) {
- qemu_remove_mouse_event_handler(s->entry);
- s->entry = NULL;
- }
-}
-
-static void vmmouse_update_handler(VMMouseState *s, int absolute)
-{
- if (s->status != 0) {
- return;
- }
- if (s->absolute != absolute) {
- s->absolute = absolute;
- vmmouse_remove_handler(s);
- }
- if (s->entry == NULL) {
- s->entry = qemu_add_mouse_event_handler(vmmouse_mouse_event,
- s, s->absolute,
- "vmmouse");
- qemu_activate_mouse_event_handler(s->entry);
- }
-}
-
-static void vmmouse_read_id(VMMouseState *s)
-{
- DPRINTF("vmmouse_read_id()\n");
-
- if (s->nb_queue == VMMOUSE_QUEUE_SIZE)
- return;
-
- s->queue[s->nb_queue++] = VMMOUSE_VERSION;
- s->status = 0;
-}
-
-static void vmmouse_request_relative(VMMouseState *s)
-{
- DPRINTF("vmmouse_request_relative()\n");
- vmmouse_update_handler(s, 0);
-}
-
-static void vmmouse_request_absolute(VMMouseState *s)
-{
- DPRINTF("vmmouse_request_absolute()\n");
- vmmouse_update_handler(s, 1);
-}
-
-static void vmmouse_disable(VMMouseState *s)
-{
- DPRINTF("vmmouse_disable()\n");
- s->status = 0xffff;
- vmmouse_remove_handler(s);
-}
-
-static void vmmouse_data(VMMouseState *s, uint32_t *data, uint32_t size)
-{
- int i;
-
- DPRINTF("vmmouse_data(%d)\n", size);
-
- if (size == 0 || size > 6 || size > s->nb_queue) {
- printf("vmmouse: driver requested too much data %d\n", size);
- s->status = 0xffff;
- vmmouse_remove_handler(s);
- return;
- }
-
- for (i = 0; i < size; i++)
- data[i] = s->queue[i];
-
- s->nb_queue -= size;
- if (s->nb_queue)
- memmove(s->queue, &s->queue[size], sizeof(s->queue[0]) * s->nb_queue);
-}
-
-static uint32_t vmmouse_ioport_read(void *opaque, uint32_t addr)
-{
- VMMouseState *s = opaque;
- uint32_t data[6];
- uint16_t command;
-
- vmmouse_get_data(data);
-
- command = data[2] & 0xFFFF;
-
- switch (command) {
- case VMMOUSE_STATUS:
- data[0] = vmmouse_get_status(s);
- break;
- case VMMOUSE_COMMAND:
- switch (data[1]) {
- case VMMOUSE_DISABLE:
- vmmouse_disable(s);
- break;
- case VMMOUSE_READ_ID:
- vmmouse_read_id(s);
- break;
- case VMMOUSE_REQUEST_RELATIVE:
- vmmouse_request_relative(s);
- break;
- case VMMOUSE_REQUEST_ABSOLUTE:
- vmmouse_request_absolute(s);
- break;
- default:
- printf("vmmouse: unknown command %x\n", data[1]);
- break;
- }
- break;
- case VMMOUSE_DATA:
- vmmouse_data(s, data, data[1]);
- break;
- default:
- printf("vmmouse: unknown command %x\n", command);
- break;
- }
-
- vmmouse_set_data(data);
- return data[0];
-}
-
-static int vmmouse_post_load(void *opaque, int version_id)
-{
- VMMouseState *s = opaque;
-
- vmmouse_remove_handler(s);
- vmmouse_update_handler(s, s->absolute);
- return 0;
-}
-
-static const VMStateDescription vmstate_vmmouse = {
- .name = "vmmouse",
- .version_id = 0,
- .minimum_version_id = 0,
- .minimum_version_id_old = 0,
- .post_load = vmmouse_post_load,
- .fields = (VMStateField []) {
- VMSTATE_INT32_EQUAL(queue_size, VMMouseState),
- VMSTATE_UINT32_ARRAY(queue, VMMouseState, VMMOUSE_QUEUE_SIZE),
- VMSTATE_UINT16(nb_queue, VMMouseState),
- VMSTATE_UINT16(status, VMMouseState),
- VMSTATE_UINT8(absolute, VMMouseState),
- VMSTATE_END_OF_LIST()
- }
-};
-
-static void vmmouse_reset(DeviceState *d)
-{
- VMMouseState *s = container_of(d, VMMouseState, dev.qdev);
-
- s->status = 0xffff;
- s->queue_size = VMMOUSE_QUEUE_SIZE;
-
- vmmouse_disable(s);
-}
-
-static int vmmouse_initfn(ISADevice *dev)
-{
- VMMouseState *s = DO_UPCAST(VMMouseState, dev, dev);
-
- DPRINTF("vmmouse_init\n");
-
- vmport_register(VMMOUSE_STATUS, vmmouse_ioport_read, s);
- vmport_register(VMMOUSE_COMMAND, vmmouse_ioport_read, s);
- vmport_register(VMMOUSE_DATA, vmmouse_ioport_read, s);
-
- return 0;
-}
-
-static Property vmmouse_properties[] = {
- DEFINE_PROP_PTR("ps2_mouse", VMMouseState, ps2_mouse),
- DEFINE_PROP_END_OF_LIST(),
-};
-
-static void vmmouse_class_initfn(ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS(klass);
- ISADeviceClass *ic = ISA_DEVICE_CLASS(klass);
- ic->init = vmmouse_initfn;
- dc->no_user = 1;
- dc->reset = vmmouse_reset;
- dc->vmsd = &vmstate_vmmouse;
- dc->props = vmmouse_properties;
-}
-
-static TypeInfo vmmouse_info = {
- .name = "vmmouse",
- .parent = TYPE_ISA_DEVICE,
- .instance_size = sizeof(VMMouseState),
- .class_init = vmmouse_class_initfn,
-};
-
-static void vmmouse_register_types(void)
-{
- type_register_static(&vmmouse_info);
-}
-
-type_init(vmmouse_register_types)
diff --git a/hw/vmport.c b/hw/vmport.c
deleted file mode 100644
index 3ab3a1405..000000000
--- a/hw/vmport.c
+++ /dev/null
@@ -1,170 +0,0 @@
-/*
- * QEMU VMPort emulation
- *
- * Copyright (C) 2007 Hervé Poussineau
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
- * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
- * THE SOFTWARE.
- */
-#include "hw.h"
-#include "isa.h"
-#include "pc.h"
-#include "kvm.h"
-#include "qdev.h"
-
-//#define VMPORT_DEBUG
-
-#define VMPORT_CMD_GETVERSION 0x0a
-#define VMPORT_CMD_GETRAMSIZE 0x14
-
-#define VMPORT_ENTRIES 0x2c
-#define VMPORT_MAGIC 0x564D5868
-
-typedef struct _VMPortState
-{
- ISADevice dev;
- MemoryRegion io;
- IOPortReadFunc *func[VMPORT_ENTRIES];
- void *opaque[VMPORT_ENTRIES];
-} VMPortState;
-
-static VMPortState *port_state;
-
-void vmport_register(unsigned char command, IOPortReadFunc *func, void *opaque)
-{
- if (command >= VMPORT_ENTRIES)
- return;
-
- port_state->func[command] = func;
- port_state->opaque[command] = opaque;
-}
-
-static uint64_t vmport_ioport_read(void *opaque, hwaddr addr,
- unsigned size)
-{
- VMPortState *s = opaque;
- CPUX86State *env = cpu_single_env;
- unsigned char command;
- uint32_t eax;
-
- cpu_synchronize_state(env);
-
- eax = env->regs[R_EAX];
- if (eax != VMPORT_MAGIC)
- return eax;
-
- command = env->regs[R_ECX];
- if (command >= VMPORT_ENTRIES)
- return eax;
- if (!s->func[command])
- {
-#ifdef VMPORT_DEBUG
- fprintf(stderr, "vmport: unknown command %x\n", command);
-#endif
- return eax;
- }
-
- return s->func[command](s->opaque[command], addr);
-}
-
-static void vmport_ioport_write(void *opaque, hwaddr addr,
- uint64_t val, unsigned size)
-{
- CPUX86State *env = cpu_single_env;
-
- env->regs[R_EAX] = vmport_ioport_read(opaque, addr, 4);
-}
-
-static uint32_t vmport_cmd_get_version(void *opaque, uint32_t addr)
-{
- CPUX86State *env = cpu_single_env;
- env->regs[R_EBX] = VMPORT_MAGIC;
- return 6;
-}
-
-static uint32_t vmport_cmd_ram_size(void *opaque, uint32_t addr)
-{
- CPUX86State *env = cpu_single_env;
- env->regs[R_EBX] = 0x1177;
- return ram_size;
-}
-
-/* vmmouse helpers */
-void vmmouse_get_data(uint32_t *data)
-{
- CPUX86State *env = cpu_single_env;
-
- data[0] = env->regs[R_EAX]; data[1] = env->regs[R_EBX];
- data[2] = env->regs[R_ECX]; data[3] = env->regs[R_EDX];
- data[4] = env->regs[R_ESI]; data[5] = env->regs[R_EDI];
-}
-
-void vmmouse_set_data(const uint32_t *data)
-{
- CPUX86State *env = cpu_single_env;
-
- env->regs[R_EAX] = data[0]; env->regs[R_EBX] = data[1];
- env->regs[R_ECX] = data[2]; env->regs[R_EDX] = data[3];
- env->regs[R_ESI] = data[4]; env->regs[R_EDI] = data[5];
-}
-
-static const MemoryRegionOps vmport_ops = {
- .read = vmport_ioport_read,
- .write = vmport_ioport_write,
- .impl = {
- .min_access_size = 4,
- .max_access_size = 4,
- },
- .endianness = DEVICE_LITTLE_ENDIAN,
-};
-
-static int vmport_initfn(ISADevice *dev)
-{
- VMPortState *s = DO_UPCAST(VMPortState, dev, dev);
-
- memory_region_init_io(&s->io, &vmport_ops, s, "vmport", 1);
- isa_register_ioport(dev, &s->io, 0x5658);
-
- port_state = s;
- /* Register some generic port commands */
- vmport_register(VMPORT_CMD_GETVERSION, vmport_cmd_get_version, NULL);
- vmport_register(VMPORT_CMD_GETRAMSIZE, vmport_cmd_ram_size, NULL);
- return 0;
-}
-
-static void vmport_class_initfn(ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS(klass);
- ISADeviceClass *ic = ISA_DEVICE_CLASS(klass);
- ic->init = vmport_initfn;
- dc->no_user = 1;
-}
-
-static TypeInfo vmport_info = {
- .name = "vmport",
- .parent = TYPE_ISA_DEVICE,
- .instance_size = sizeof(VMPortState),
- .class_init = vmport_class_initfn,
-};
-
-static void vmport_register_types(void)
-{
- type_register_static(&vmport_info);
-}
-
-type_init(vmport_register_types)
diff --git a/hw/vmware_vga.c b/hw/vmware_vga.c
deleted file mode 100644
index 834588daf..000000000
--- a/hw/vmware_vga.c
+++ /dev/null
@@ -1,1259 +0,0 @@
-/*
- * QEMU VMware-SVGA "chipset".
- *
- * Copyright (c) 2007 Andrzej Zaborowski <balrog@zabor.org>
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
- * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
- * THE SOFTWARE.
- */
-#include "hw.h"
-#include "loader.h"
-#include "console.h"
-#include "pci.h"
-
-#undef VERBOSE
-#define HW_RECT_ACCEL
-#define HW_FILL_ACCEL
-#define HW_MOUSE_ACCEL
-
-#include "vga_int.h"
-
-/* See http://vmware-svga.sf.net/ for some documentation on VMWare SVGA */
-
-struct vmsvga_state_s {
- VGACommonState vga;
-
- int invalidated;
- int depth;
- int bypp;
- int enable;
- int config;
- struct {
- int id;
- int x;
- int y;
- int on;
- } cursor;
-
- int index;
- int scratch_size;
- uint32_t *scratch;
- int new_width;
- int new_height;
- uint32_t guest;
- uint32_t svgaid;
- uint32_t wred;
- uint32_t wgreen;
- uint32_t wblue;
- int syncing;
-
- MemoryRegion fifo_ram;
- uint8_t *fifo_ptr;
- unsigned int fifo_size;
-
- union {
- uint32_t *fifo;
- struct QEMU_PACKED {
- uint32_t min;
- uint32_t max;
- uint32_t next_cmd;
- uint32_t stop;
- /* Add registers here when adding capabilities. */
- uint32_t fifo[0];
- } *cmd;
- };
-
-#define REDRAW_FIFO_LEN 512
- struct vmsvga_rect_s {
- int x, y, w, h;
- } redraw_fifo[REDRAW_FIFO_LEN];
- int redraw_fifo_first, redraw_fifo_last;
-};
-
-struct pci_vmsvga_state_s {
- PCIDevice card;
- struct vmsvga_state_s chip;
- MemoryRegion io_bar;
-};
-
-#define SVGA_MAGIC 0x900000UL
-#define SVGA_MAKE_ID(ver) (SVGA_MAGIC << 8 | (ver))
-#define SVGA_ID_0 SVGA_MAKE_ID(0)
-#define SVGA_ID_1 SVGA_MAKE_ID(1)
-#define SVGA_ID_2 SVGA_MAKE_ID(2)
-
-#define SVGA_LEGACY_BASE_PORT 0x4560
-#define SVGA_INDEX_PORT 0x0
-#define SVGA_VALUE_PORT 0x1
-#define SVGA_BIOS_PORT 0x2
-
-#define SVGA_VERSION_2
-
-#ifdef SVGA_VERSION_2
-# define SVGA_ID SVGA_ID_2
-# define SVGA_IO_BASE SVGA_LEGACY_BASE_PORT
-# define SVGA_IO_MUL 1
-# define SVGA_FIFO_SIZE 0x10000
-# define SVGA_PCI_DEVICE_ID PCI_DEVICE_ID_VMWARE_SVGA2
-#else
-# define SVGA_ID SVGA_ID_1
-# define SVGA_IO_BASE SVGA_LEGACY_BASE_PORT
-# define SVGA_IO_MUL 4
-# define SVGA_FIFO_SIZE 0x10000
-# define SVGA_PCI_DEVICE_ID PCI_DEVICE_ID_VMWARE_SVGA
-#endif
-
-enum {
- /* ID 0, 1 and 2 registers */
- SVGA_REG_ID = 0,
- SVGA_REG_ENABLE = 1,
- SVGA_REG_WIDTH = 2,
- SVGA_REG_HEIGHT = 3,
- SVGA_REG_MAX_WIDTH = 4,
- SVGA_REG_MAX_HEIGHT = 5,
- SVGA_REG_DEPTH = 6,
- SVGA_REG_BITS_PER_PIXEL = 7, /* Current bpp in the guest */
- SVGA_REG_PSEUDOCOLOR = 8,
- SVGA_REG_RED_MASK = 9,
- SVGA_REG_GREEN_MASK = 10,
- SVGA_REG_BLUE_MASK = 11,
- SVGA_REG_BYTES_PER_LINE = 12,
- SVGA_REG_FB_START = 13,
- SVGA_REG_FB_OFFSET = 14,
- SVGA_REG_VRAM_SIZE = 15,
- SVGA_REG_FB_SIZE = 16,
-
- /* ID 1 and 2 registers */
- SVGA_REG_CAPABILITIES = 17,
- SVGA_REG_MEM_START = 18, /* Memory for command FIFO */
- SVGA_REG_MEM_SIZE = 19,
- SVGA_REG_CONFIG_DONE = 20, /* Set when memory area configured */
- SVGA_REG_SYNC = 21, /* Write to force synchronization */
- SVGA_REG_BUSY = 22, /* Read to check if sync is done */
- SVGA_REG_GUEST_ID = 23, /* Set guest OS identifier */
- SVGA_REG_CURSOR_ID = 24, /* ID of cursor */
- SVGA_REG_CURSOR_X = 25, /* Set cursor X position */
- SVGA_REG_CURSOR_Y = 26, /* Set cursor Y position */
- SVGA_REG_CURSOR_ON = 27, /* Turn cursor on/off */
- SVGA_REG_HOST_BITS_PER_PIXEL = 28, /* Current bpp in the host */
- SVGA_REG_SCRATCH_SIZE = 29, /* Number of scratch registers */
- SVGA_REG_MEM_REGS = 30, /* Number of FIFO registers */
- SVGA_REG_NUM_DISPLAYS = 31, /* Number of guest displays */
- SVGA_REG_PITCHLOCK = 32, /* Fixed pitch for all modes */
-
- SVGA_PALETTE_BASE = 1024, /* Base of SVGA color map */
- SVGA_PALETTE_END = SVGA_PALETTE_BASE + 767,
- SVGA_SCRATCH_BASE = SVGA_PALETTE_BASE + 768,
-};
-
-#define SVGA_CAP_NONE 0
-#define SVGA_CAP_RECT_FILL (1 << 0)
-#define SVGA_CAP_RECT_COPY (1 << 1)
-#define SVGA_CAP_RECT_PAT_FILL (1 << 2)
-#define SVGA_CAP_LEGACY_OFFSCREEN (1 << 3)
-#define SVGA_CAP_RASTER_OP (1 << 4)
-#define SVGA_CAP_CURSOR (1 << 5)
-#define SVGA_CAP_CURSOR_BYPASS (1 << 6)
-#define SVGA_CAP_CURSOR_BYPASS_2 (1 << 7)
-#define SVGA_CAP_8BIT_EMULATION (1 << 8)
-#define SVGA_CAP_ALPHA_CURSOR (1 << 9)
-#define SVGA_CAP_GLYPH (1 << 10)
-#define SVGA_CAP_GLYPH_CLIPPING (1 << 11)
-#define SVGA_CAP_OFFSCREEN_1 (1 << 12)
-#define SVGA_CAP_ALPHA_BLEND (1 << 13)
-#define SVGA_CAP_3D (1 << 14)
-#define SVGA_CAP_EXTENDED_FIFO (1 << 15)
-#define SVGA_CAP_MULTIMON (1 << 16)
-#define SVGA_CAP_PITCHLOCK (1 << 17)
-
-/*
- * FIFO offsets (seen as an array of 32-bit words)
- */
-enum {
- /*
- * The original defined FIFO offsets
- */
- SVGA_FIFO_MIN = 0,
- SVGA_FIFO_MAX, /* The distance from MIN to MAX must be at least 10K */
- SVGA_FIFO_NEXT_CMD,
- SVGA_FIFO_STOP,
-
- /*
- * Additional offsets added as of SVGA_CAP_EXTENDED_FIFO
- */
- SVGA_FIFO_CAPABILITIES = 4,
- SVGA_FIFO_FLAGS,
- SVGA_FIFO_FENCE,
- SVGA_FIFO_3D_HWVERSION,
- SVGA_FIFO_PITCHLOCK,
-};
-
-#define SVGA_FIFO_CAP_NONE 0
-#define SVGA_FIFO_CAP_FENCE (1 << 0)
-#define SVGA_FIFO_CAP_ACCELFRONT (1 << 1)
-#define SVGA_FIFO_CAP_PITCHLOCK (1 << 2)
-
-#define SVGA_FIFO_FLAG_NONE 0
-#define SVGA_FIFO_FLAG_ACCELFRONT (1 << 0)
-
-/* These values can probably be changed arbitrarily. */
-#define SVGA_SCRATCH_SIZE 0x8000
-#define SVGA_MAX_WIDTH 2360
-#define SVGA_MAX_HEIGHT 1770
-
-#ifdef VERBOSE
-# define GUEST_OS_BASE 0x5001
-static const char *vmsvga_guest_id[] = {
- [0x00] = "Dos",
- [0x01] = "Windows 3.1",
- [0x02] = "Windows 95",
- [0x03] = "Windows 98",
- [0x04] = "Windows ME",
- [0x05] = "Windows NT",
- [0x06] = "Windows 2000",
- [0x07] = "Linux",
- [0x08] = "OS/2",
- [0x09] = "an unknown OS",
- [0x0a] = "BSD",
- [0x0b] = "Whistler",
- [0x0c] = "an unknown OS",
- [0x0d] = "an unknown OS",
- [0x0e] = "an unknown OS",
- [0x0f] = "an unknown OS",
- [0x10] = "an unknown OS",
- [0x11] = "an unknown OS",
- [0x12] = "an unknown OS",
- [0x13] = "an unknown OS",
- [0x14] = "an unknown OS",
- [0x15] = "Windows 2003",
-};
-#endif
-
-enum {
- SVGA_CMD_INVALID_CMD = 0,
- SVGA_CMD_UPDATE = 1,
- SVGA_CMD_RECT_FILL = 2,
- SVGA_CMD_RECT_COPY = 3,
- SVGA_CMD_DEFINE_BITMAP = 4,
- SVGA_CMD_DEFINE_BITMAP_SCANLINE = 5,
- SVGA_CMD_DEFINE_PIXMAP = 6,
- SVGA_CMD_DEFINE_PIXMAP_SCANLINE = 7,
- SVGA_CMD_RECT_BITMAP_FILL = 8,
- SVGA_CMD_RECT_PIXMAP_FILL = 9,
- SVGA_CMD_RECT_BITMAP_COPY = 10,
- SVGA_CMD_RECT_PIXMAP_COPY = 11,
- SVGA_CMD_FREE_OBJECT = 12,
- SVGA_CMD_RECT_ROP_FILL = 13,
- SVGA_CMD_RECT_ROP_COPY = 14,
- SVGA_CMD_RECT_ROP_BITMAP_FILL = 15,
- SVGA_CMD_RECT_ROP_PIXMAP_FILL = 16,
- SVGA_CMD_RECT_ROP_BITMAP_COPY = 17,
- SVGA_CMD_RECT_ROP_PIXMAP_COPY = 18,
- SVGA_CMD_DEFINE_CURSOR = 19,
- SVGA_CMD_DISPLAY_CURSOR = 20,
- SVGA_CMD_MOVE_CURSOR = 21,
- SVGA_CMD_DEFINE_ALPHA_CURSOR = 22,
- SVGA_CMD_DRAW_GLYPH = 23,
- SVGA_CMD_DRAW_GLYPH_CLIPPED = 24,
- SVGA_CMD_UPDATE_VERBOSE = 25,
- SVGA_CMD_SURFACE_FILL = 26,
- SVGA_CMD_SURFACE_COPY = 27,
- SVGA_CMD_SURFACE_ALPHA_BLEND = 28,
- SVGA_CMD_FRONT_ROP_FILL = 29,
- SVGA_CMD_FENCE = 30,
-};
-
-/* Legal values for the SVGA_REG_CURSOR_ON register in cursor bypass mode */
-enum {
- SVGA_CURSOR_ON_HIDE = 0,
- SVGA_CURSOR_ON_SHOW = 1,
- SVGA_CURSOR_ON_REMOVE_FROM_FB = 2,
- SVGA_CURSOR_ON_RESTORE_TO_FB = 3,
-};
-
-static inline void vmsvga_update_rect(struct vmsvga_state_s *s,
- int x, int y, int w, int h)
-{
- int line;
- int bypl;
- int width;
- int start;
- uint8_t *src;
- uint8_t *dst;
-
- if (x + w > ds_get_width(s->vga.ds)) {
- fprintf(stderr, "%s: update width too large x: %d, w: %d\n",
- __func__, x, w);
- x = MIN(x, ds_get_width(s->vga.ds));
- w = ds_get_width(s->vga.ds) - x;
- }
-
- if (y + h > ds_get_height(s->vga.ds)) {
- fprintf(stderr, "%s: update height too large y: %d, h: %d\n",
- __func__, y, h);
- y = MIN(y, ds_get_height(s->vga.ds));
- h = ds_get_height(s->vga.ds) - y;
- }
-
- bypl = ds_get_linesize(s->vga.ds);
- width = ds_get_bytes_per_pixel(s->vga.ds) * w;
- start = ds_get_bytes_per_pixel(s->vga.ds) * x + bypl * y;
- src = s->vga.vram_ptr + start;
- dst = ds_get_data(s->vga.ds) + start;
-
- for (line = h; line > 0; line--, src += bypl, dst += bypl) {
- memcpy(dst, src, width);
- }
- dpy_gfx_update(s->vga.ds, x, y, w, h);
-}
-
-static inline void vmsvga_update_rect_delayed(struct vmsvga_state_s *s,
- int x, int y, int w, int h)
-{
- struct vmsvga_rect_s *rect = &s->redraw_fifo[s->redraw_fifo_last++];
-
- s->redraw_fifo_last &= REDRAW_FIFO_LEN - 1;
- rect->x = x;
- rect->y = y;
- rect->w = w;
- rect->h = h;
-}
-
-static inline void vmsvga_update_rect_flush(struct vmsvga_state_s *s)
-{
- struct vmsvga_rect_s *rect;
-
- if (s->invalidated) {
- s->redraw_fifo_first = s->redraw_fifo_last;
- return;
- }
- /* Overlapping region updates can be optimised out here - if someone
- * knows a smart algorithm to do that, please share. */
- while (s->redraw_fifo_first != s->redraw_fifo_last) {
- rect = &s->redraw_fifo[s->redraw_fifo_first++];
- s->redraw_fifo_first &= REDRAW_FIFO_LEN - 1;
- vmsvga_update_rect(s, rect->x, rect->y, rect->w, rect->h);
- }
-}
-
-#ifdef HW_RECT_ACCEL
-static inline void vmsvga_copy_rect(struct vmsvga_state_s *s,
- int x0, int y0, int x1, int y1, int w, int h)
-{
- uint8_t *vram = s->vga.vram_ptr;
- int bypl = ds_get_linesize(s->vga.ds);
- int bypp = ds_get_bytes_per_pixel(s->vga.ds);
- int width = bypp * w;
- int line = h;
- uint8_t *ptr[2];
-
- if (y1 > y0) {
- ptr[0] = vram + bypp * x0 + bypl * (y0 + h - 1);
- ptr[1] = vram + bypp * x1 + bypl * (y1 + h - 1);
- for (; line > 0; line --, ptr[0] -= bypl, ptr[1] -= bypl) {
- memmove(ptr[1], ptr[0], width);
- }
- } else {
- ptr[0] = vram + bypp * x0 + bypl * y0;
- ptr[1] = vram + bypp * x1 + bypl * y1;
- for (; line > 0; line --, ptr[0] += bypl, ptr[1] += bypl) {
- memmove(ptr[1], ptr[0], width);
- }
- }
-
- vmsvga_update_rect_delayed(s, x1, y1, w, h);
-}
-#endif
-
-#ifdef HW_FILL_ACCEL
-static inline void vmsvga_fill_rect(struct vmsvga_state_s *s,
- uint32_t c, int x, int y, int w, int h)
-{
- int bypl = ds_get_linesize(s->vga.ds);
- int width = ds_get_bytes_per_pixel(s->vga.ds) * w;
- int line = h;
- int column;
- uint8_t *fst;
- uint8_t *dst;
- uint8_t *src;
- uint8_t col[4];
-
- col[0] = c;
- col[1] = c >> 8;
- col[2] = c >> 16;
- col[3] = c >> 24;
-
- fst = s->vga.vram_ptr + ds_get_bytes_per_pixel(s->vga.ds) * x + bypl * y;
-
- if (line--) {
- dst = fst;
- src = col;
- for (column = width; column > 0; column--) {
- *(dst++) = *(src++);
- if (src - col == ds_get_bytes_per_pixel(s->vga.ds)) {
- src = col;
- }
- }
- dst = fst;
- for (; line > 0; line--) {
- dst += bypl;
- memcpy(dst, fst, width);
- }
- }
-
- vmsvga_update_rect_delayed(s, x, y, w, h);
-}
-#endif
-
-struct vmsvga_cursor_definition_s {
- int width;
- int height;
- int id;
- int bpp;
- int hot_x;
- int hot_y;
- uint32_t mask[1024];
- uint32_t image[4096];
-};
-
-#define SVGA_BITMAP_SIZE(w, h) ((((w) + 31) >> 5) * (h))
-#define SVGA_PIXMAP_SIZE(w, h, bpp) (((((w) * (bpp)) + 31) >> 5) * (h))
-
-#ifdef HW_MOUSE_ACCEL
-static inline void vmsvga_cursor_define(struct vmsvga_state_s *s,
- struct vmsvga_cursor_definition_s *c)
-{
- QEMUCursor *qc;
- int i, pixels;
-
- qc = cursor_alloc(c->width, c->height);
- qc->hot_x = c->hot_x;
- qc->hot_y = c->hot_y;
- switch (c->bpp) {
- case 1:
- cursor_set_mono(qc, 0xffffff, 0x000000, (void *)c->image,
- 1, (void *)c->mask);
-#ifdef DEBUG
- cursor_print_ascii_art(qc, "vmware/mono");
-#endif
- break;
- case 32:
- /* fill alpha channel from mask, set color to zero */
- cursor_set_mono(qc, 0x000000, 0x000000, (void *)c->mask,
- 1, (void *)c->mask);
- /* add in rgb values */
- pixels = c->width * c->height;
- for (i = 0; i < pixels; i++) {
- qc->data[i] |= c->image[i] & 0xffffff;
- }
-#ifdef DEBUG
- cursor_print_ascii_art(qc, "vmware/32bit");
-#endif
- break;
- default:
- fprintf(stderr, "%s: unhandled bpp %d, using fallback cursor\n",
- __func__, c->bpp);
- cursor_put(qc);
- qc = cursor_builtin_left_ptr();
- }
-
- dpy_cursor_define(s->vga.ds, qc);
- cursor_put(qc);
-}
-#endif
-
-#define CMD(f) le32_to_cpu(s->cmd->f)
-
-static inline int vmsvga_fifo_length(struct vmsvga_state_s *s)
-{
- int num;
-
- if (!s->config || !s->enable) {
- return 0;
- }
- num = CMD(next_cmd) - CMD(stop);
- if (num < 0) {
- num += CMD(max) - CMD(min);
- }
- return num >> 2;
-}
-
-static inline uint32_t vmsvga_fifo_read_raw(struct vmsvga_state_s *s)
-{
- uint32_t cmd = s->fifo[CMD(stop) >> 2];
-
- s->cmd->stop = cpu_to_le32(CMD(stop) + 4);
- if (CMD(stop) >= CMD(max)) {
- s->cmd->stop = s->cmd->min;
- }
- return cmd;
-}
-
-static inline uint32_t vmsvga_fifo_read(struct vmsvga_state_s *s)
-{
- return le32_to_cpu(vmsvga_fifo_read_raw(s));
-}
-
-static void vmsvga_fifo_run(struct vmsvga_state_s *s)
-{
- uint32_t cmd, colour;
- int args, len;
- int x, y, dx, dy, width, height;
- struct vmsvga_cursor_definition_s cursor;
- uint32_t cmd_start;
-
- len = vmsvga_fifo_length(s);
- while (len > 0) {
- /* May need to go back to the start of the command if incomplete */
- cmd_start = s->cmd->stop;
-
- switch (cmd = vmsvga_fifo_read(s)) {
- case SVGA_CMD_UPDATE:
- case SVGA_CMD_UPDATE_VERBOSE:
- len -= 5;
- if (len < 0) {
- goto rewind;
- }
-
- x = vmsvga_fifo_read(s);
- y = vmsvga_fifo_read(s);
- width = vmsvga_fifo_read(s);
- height = vmsvga_fifo_read(s);
- vmsvga_update_rect_delayed(s, x, y, width, height);
- break;
-
- case SVGA_CMD_RECT_FILL:
- len -= 6;
- if (len < 0) {
- goto rewind;
- }
-
- colour = vmsvga_fifo_read(s);
- x = vmsvga_fifo_read(s);
- y = vmsvga_fifo_read(s);
- width = vmsvga_fifo_read(s);
- height = vmsvga_fifo_read(s);
-#ifdef HW_FILL_ACCEL
- vmsvga_fill_rect(s, colour, x, y, width, height);
- break;
-#else
- args = 0;
- goto badcmd;
-#endif
-
- case SVGA_CMD_RECT_COPY:
- len -= 7;
- if (len < 0) {
- goto rewind;
- }
-
- x = vmsvga_fifo_read(s);
- y = vmsvga_fifo_read(s);
- dx = vmsvga_fifo_read(s);
- dy = vmsvga_fifo_read(s);
- width = vmsvga_fifo_read(s);
- height = vmsvga_fifo_read(s);
-#ifdef HW_RECT_ACCEL
- vmsvga_copy_rect(s, x, y, dx, dy, width, height);
- break;
-#else
- args = 0;
- goto badcmd;
-#endif
-
- case SVGA_CMD_DEFINE_CURSOR:
- len -= 8;
- if (len < 0) {
- goto rewind;
- }
-
- cursor.id = vmsvga_fifo_read(s);
- cursor.hot_x = vmsvga_fifo_read(s);
- cursor.hot_y = vmsvga_fifo_read(s);
- cursor.width = x = vmsvga_fifo_read(s);
- cursor.height = y = vmsvga_fifo_read(s);
- vmsvga_fifo_read(s);
- cursor.bpp = vmsvga_fifo_read(s);
-
- args = SVGA_BITMAP_SIZE(x, y) + SVGA_PIXMAP_SIZE(x, y, cursor.bpp);
- if (SVGA_BITMAP_SIZE(x, y) > sizeof cursor.mask ||
- SVGA_PIXMAP_SIZE(x, y, cursor.bpp) > sizeof cursor.image) {
- goto badcmd;
- }
-
- len -= args;
- if (len < 0) {
- goto rewind;
- }
-
- for (args = 0; args < SVGA_BITMAP_SIZE(x, y); args++) {
- cursor.mask[args] = vmsvga_fifo_read_raw(s);
- }
- for (args = 0; args < SVGA_PIXMAP_SIZE(x, y, cursor.bpp); args++) {
- cursor.image[args] = vmsvga_fifo_read_raw(s);
- }
-#ifdef HW_MOUSE_ACCEL
- vmsvga_cursor_define(s, &cursor);
- break;
-#else
- args = 0;
- goto badcmd;
-#endif
-
- /*
- * Other commands that we at least know the number of arguments
- * for so we can avoid FIFO desync if driver uses them illegally.
- */
- case SVGA_CMD_DEFINE_ALPHA_CURSOR:
- len -= 6;
- if (len < 0) {
- goto rewind;
- }
- vmsvga_fifo_read(s);
- vmsvga_fifo_read(s);
- vmsvga_fifo_read(s);
- x = vmsvga_fifo_read(s);
- y = vmsvga_fifo_read(s);
- args = x * y;
- goto badcmd;
- case SVGA_CMD_RECT_ROP_FILL:
- args = 6;
- goto badcmd;
- case SVGA_CMD_RECT_ROP_COPY:
- args = 7;
- goto badcmd;
- case SVGA_CMD_DRAW_GLYPH_CLIPPED:
- len -= 4;
- if (len < 0) {
- goto rewind;
- }
- vmsvga_fifo_read(s);
- vmsvga_fifo_read(s);
- args = 7 + (vmsvga_fifo_read(s) >> 2);
- goto badcmd;
- case SVGA_CMD_SURFACE_ALPHA_BLEND:
- args = 12;
- goto badcmd;
-
- /*
- * Other commands that are not listed as depending on any
- * CAPABILITIES bits, but are not described in the README either.
- */
- case SVGA_CMD_SURFACE_FILL:
- case SVGA_CMD_SURFACE_COPY:
- case SVGA_CMD_FRONT_ROP_FILL:
- case SVGA_CMD_FENCE:
- case SVGA_CMD_INVALID_CMD:
- break; /* Nop */
-
- default:
- args = 0;
- badcmd:
- len -= args;
- if (len < 0) {
- goto rewind;
- }
- while (args--) {
- vmsvga_fifo_read(s);
- }
- printf("%s: Unknown command 0x%02x in SVGA command FIFO\n",
- __func__, cmd);
- break;
-
- rewind:
- s->cmd->stop = cmd_start;
- break;
- }
- }
-
- s->syncing = 0;
-}
-
-static uint32_t vmsvga_index_read(void *opaque, uint32_t address)
-{
- struct vmsvga_state_s *s = opaque;
-
- return s->index;
-}
-
-static void vmsvga_index_write(void *opaque, uint32_t address, uint32_t index)
-{
- struct vmsvga_state_s *s = opaque;
-
- s->index = index;
-}
-
-static uint32_t vmsvga_value_read(void *opaque, uint32_t address)
-{
- uint32_t caps;
- struct vmsvga_state_s *s = opaque;
-
- switch (s->index) {
- case SVGA_REG_ID:
- return s->svgaid;
-
- case SVGA_REG_ENABLE:
- return s->enable;
-
- case SVGA_REG_WIDTH:
- return ds_get_width(s->vga.ds);
-
- case SVGA_REG_HEIGHT:
- return ds_get_height(s->vga.ds);
-
- case SVGA_REG_MAX_WIDTH:
- return SVGA_MAX_WIDTH;
-
- case SVGA_REG_MAX_HEIGHT:
- return SVGA_MAX_HEIGHT;
-
- case SVGA_REG_DEPTH:
- return s->depth;
-
- case SVGA_REG_BITS_PER_PIXEL:
- return (s->depth + 7) & ~7;
-
- case SVGA_REG_PSEUDOCOLOR:
- return 0x0;
-
- case SVGA_REG_RED_MASK:
- return s->wred;
-
- case SVGA_REG_GREEN_MASK:
- return s->wgreen;
-
- case SVGA_REG_BLUE_MASK:
- return s->wblue;
-
- case SVGA_REG_BYTES_PER_LINE:
- return s->bypp * s->new_width;
-
- case SVGA_REG_FB_START: {
- struct pci_vmsvga_state_s *pci_vmsvga
- = container_of(s, struct pci_vmsvga_state_s, chip);
- return pci_get_bar_addr(&pci_vmsvga->card, 1);
- }
-
- case SVGA_REG_FB_OFFSET:
- return 0x0;
-
- case SVGA_REG_VRAM_SIZE:
- return s->vga.vram_size; /* No physical VRAM besides the framebuffer */
-
- case SVGA_REG_FB_SIZE:
- return s->vga.vram_size;
-
- case SVGA_REG_CAPABILITIES:
- caps = SVGA_CAP_NONE;
-#ifdef HW_RECT_ACCEL
- caps |= SVGA_CAP_RECT_COPY;
-#endif
-#ifdef HW_FILL_ACCEL
- caps |= SVGA_CAP_RECT_FILL;
-#endif
-#ifdef HW_MOUSE_ACCEL
- if (dpy_cursor_define_supported(s->vga.ds)) {
- caps |= SVGA_CAP_CURSOR | SVGA_CAP_CURSOR_BYPASS_2 |
- SVGA_CAP_CURSOR_BYPASS;
- }
-#endif
- return caps;
-
- case SVGA_REG_MEM_START: {
- struct pci_vmsvga_state_s *pci_vmsvga
- = container_of(s, struct pci_vmsvga_state_s, chip);
- return pci_get_bar_addr(&pci_vmsvga->card, 2);
- }
-
- case SVGA_REG_MEM_SIZE:
- return s->fifo_size;
-
- case SVGA_REG_CONFIG_DONE:
- return s->config;
-
- case SVGA_REG_SYNC:
- case SVGA_REG_BUSY:
- return s->syncing;
-
- case SVGA_REG_GUEST_ID:
- return s->guest;
-
- case SVGA_REG_CURSOR_ID:
- return s->cursor.id;
-
- case SVGA_REG_CURSOR_X:
- return s->cursor.x;
-
- case SVGA_REG_CURSOR_Y:
- return s->cursor.x;
-
- case SVGA_REG_CURSOR_ON:
- return s->cursor.on;
-
- case SVGA_REG_HOST_BITS_PER_PIXEL:
- return (s->depth + 7) & ~7;
-
- case SVGA_REG_SCRATCH_SIZE:
- return s->scratch_size;
-
- case SVGA_REG_MEM_REGS:
- case SVGA_REG_NUM_DISPLAYS:
- case SVGA_REG_PITCHLOCK:
- case SVGA_PALETTE_BASE ... SVGA_PALETTE_END:
- return 0;
-
- default:
- if (s->index >= SVGA_SCRATCH_BASE &&
- s->index < SVGA_SCRATCH_BASE + s->scratch_size) {
- return s->scratch[s->index - SVGA_SCRATCH_BASE];
- }
- printf("%s: Bad register %02x\n", __func__, s->index);
- }
-
- return 0;
-}
-
-static void vmsvga_value_write(void *opaque, uint32_t address, uint32_t value)
-{
- struct vmsvga_state_s *s = opaque;
-
- switch (s->index) {
- case SVGA_REG_ID:
- if (value == SVGA_ID_2 || value == SVGA_ID_1 || value == SVGA_ID_0) {
- s->svgaid = value;
- }
- break;
-
- case SVGA_REG_ENABLE:
- s->enable = !!value;
- s->invalidated = 1;
- s->vga.invalidate(&s->vga);
- if (s->enable && s->config) {
- vga_dirty_log_stop(&s->vga);
- } else {
- vga_dirty_log_start(&s->vga);
- }
- break;
-
- case SVGA_REG_WIDTH:
- if (value <= SVGA_MAX_WIDTH) {
- s->new_width = value;
- s->invalidated = 1;
- } else {
- printf("%s: Bad width: %i\n", __func__, value);
- }
- break;
-
- case SVGA_REG_HEIGHT:
- if (value <= SVGA_MAX_HEIGHT) {
- s->new_height = value;
- s->invalidated = 1;
- } else {
- printf("%s: Bad height: %i\n", __func__, value);
- }
- break;
-
- case SVGA_REG_BITS_PER_PIXEL:
- if (value != s->depth) {
- printf("%s: Bad bits per pixel: %i bits\n", __func__, value);
- s->config = 0;
- }
- break;
-
- case SVGA_REG_CONFIG_DONE:
- if (value) {
- s->fifo = (uint32_t *) s->fifo_ptr;
- /* Check range and alignment. */
- if ((CMD(min) | CMD(max) | CMD(next_cmd) | CMD(stop)) & 3) {
- break;
- }
- if (CMD(min) < (uint8_t *) s->cmd->fifo - (uint8_t *) s->fifo) {
- break;
- }
- if (CMD(max) > SVGA_FIFO_SIZE) {
- break;
- }
- if (CMD(max) < CMD(min) + 10 * 1024) {
- break;
- }
- vga_dirty_log_stop(&s->vga);
- }
- s->config = !!value;
- break;
-
- case SVGA_REG_SYNC:
- s->syncing = 1;
- vmsvga_fifo_run(s); /* Or should we just wait for update_display? */
- break;
-
- case SVGA_REG_GUEST_ID:
- s->guest = value;
-#ifdef VERBOSE
- if (value >= GUEST_OS_BASE && value < GUEST_OS_BASE +
- ARRAY_SIZE(vmsvga_guest_id)) {
- printf("%s: guest runs %s.\n", __func__,
- vmsvga_guest_id[value - GUEST_OS_BASE]);
- }
-#endif
- break;
-
- case SVGA_REG_CURSOR_ID:
- s->cursor.id = value;
- break;
-
- case SVGA_REG_CURSOR_X:
- s->cursor.x = value;
- break;
-
- case SVGA_REG_CURSOR_Y:
- s->cursor.y = value;
- break;
-
- case SVGA_REG_CURSOR_ON:
- s->cursor.on |= (value == SVGA_CURSOR_ON_SHOW);
- s->cursor.on &= (value != SVGA_CURSOR_ON_HIDE);
-#ifdef HW_MOUSE_ACCEL
- if (value <= SVGA_CURSOR_ON_SHOW) {
- dpy_mouse_set(s->vga.ds, s->cursor.x, s->cursor.y, s->cursor.on);
- }
-#endif
- break;
-
- case SVGA_REG_DEPTH:
- case SVGA_REG_MEM_REGS:
- case SVGA_REG_NUM_DISPLAYS:
- case SVGA_REG_PITCHLOCK:
- case SVGA_PALETTE_BASE ... SVGA_PALETTE_END:
- break;
-
- default:
- if (s->index >= SVGA_SCRATCH_BASE &&
- s->index < SVGA_SCRATCH_BASE + s->scratch_size) {
- s->scratch[s->index - SVGA_SCRATCH_BASE] = value;
- break;
- }
- printf("%s: Bad register %02x\n", __func__, s->index);
- }
-}
-
-static uint32_t vmsvga_bios_read(void *opaque, uint32_t address)
-{
- printf("%s: what are we supposed to return?\n", __func__);
- return 0xcafe;
-}
-
-static void vmsvga_bios_write(void *opaque, uint32_t address, uint32_t data)
-{
- printf("%s: what are we supposed to do with (%08x)?\n", __func__, data);
-}
-
-static inline void vmsvga_check_size(struct vmsvga_state_s *s)
-{
- if (s->new_width != ds_get_width(s->vga.ds) ||
- s->new_height != ds_get_height(s->vga.ds)) {
- qemu_console_resize(s->vga.ds, s->new_width, s->new_height);
- s->invalidated = 1;
- }
-}
-
-static void vmsvga_update_display(void *opaque)
-{
- struct vmsvga_state_s *s = opaque;
- bool dirty = false;
-
- if (!s->enable) {
- s->vga.update(&s->vga);
- return;
- }
-
- vmsvga_check_size(s);
-
- vmsvga_fifo_run(s);
- vmsvga_update_rect_flush(s);
-
- /*
- * Is it more efficient to look at vram VGA-dirty bits or wait
- * for the driver to issue SVGA_CMD_UPDATE?
- */
- if (memory_region_is_logging(&s->vga.vram)) {
- vga_sync_dirty_bitmap(&s->vga);
- dirty = memory_region_get_dirty(&s->vga.vram, 0,
- ds_get_linesize(s->vga.ds) * ds_get_height(s->vga.ds),
- DIRTY_MEMORY_VGA);
- }
- if (s->invalidated || dirty) {
- s->invalidated = 0;
- memcpy(ds_get_data(s->vga.ds), s->vga.vram_ptr,
- ds_get_linesize(s->vga.ds) * ds_get_height(s->vga.ds));
- dpy_gfx_update(s->vga.ds, 0, 0,
- ds_get_width(s->vga.ds), ds_get_height(s->vga.ds));
- }
- if (dirty) {
- memory_region_reset_dirty(&s->vga.vram, 0,
- ds_get_linesize(s->vga.ds) * ds_get_height(s->vga.ds),
- DIRTY_MEMORY_VGA);
- }
-}
-
-static void vmsvga_reset(DeviceState *dev)
-{
- struct pci_vmsvga_state_s *pci =
- DO_UPCAST(struct pci_vmsvga_state_s, card.qdev, dev);
- struct vmsvga_state_s *s = &pci->chip;
-
- s->index = 0;
- s->enable = 0;
- s->config = 0;
- s->svgaid = SVGA_ID;
- s->cursor.on = 0;
- s->redraw_fifo_first = 0;
- s->redraw_fifo_last = 0;
- s->syncing = 0;
-
- vga_dirty_log_start(&s->vga);
-}
-
-static void vmsvga_invalidate_display(void *opaque)
-{
- struct vmsvga_state_s *s = opaque;
- if (!s->enable) {
- s->vga.invalidate(&s->vga);
- return;
- }
-
- s->invalidated = 1;
-}
-
-/* save the vga display in a PPM image even if no display is
- available */
-static void vmsvga_screen_dump(void *opaque, const char *filename, bool cswitch,
- Error **errp)
-{
- struct vmsvga_state_s *s = opaque;
- if (!s->enable) {
- s->vga.screen_dump(&s->vga, filename, cswitch, errp);
- return;
- }
-
- if (ds_get_bits_per_pixel(s->vga.ds) == 32) {
- DisplaySurface *ds = qemu_create_displaysurface_from(
- ds_get_width(s->vga.ds),
- ds_get_height(s->vga.ds),
- 32,
- ds_get_linesize(s->vga.ds),
- s->vga.vram_ptr);
- ppm_save(filename, ds, errp);
- g_free(ds);
- }
-}
-
-static void vmsvga_text_update(void *opaque, console_ch_t *chardata)
-{
- struct vmsvga_state_s *s = opaque;
-
- if (s->vga.text_update) {
- s->vga.text_update(&s->vga, chardata);
- }
-}
-
-static int vmsvga_post_load(void *opaque, int version_id)
-{
- struct vmsvga_state_s *s = opaque;
-
- s->invalidated = 1;
- if (s->config) {
- s->fifo = (uint32_t *) s->fifo_ptr;
- }
- return 0;
-}
-
-static const VMStateDescription vmstate_vmware_vga_internal = {
- .name = "vmware_vga_internal",
- .version_id = 0,
- .minimum_version_id = 0,
- .minimum_version_id_old = 0,
- .post_load = vmsvga_post_load,
- .fields = (VMStateField[]) {
- VMSTATE_INT32_EQUAL(depth, struct vmsvga_state_s),
- VMSTATE_INT32(enable, struct vmsvga_state_s),
- VMSTATE_INT32(config, struct vmsvga_state_s),
- VMSTATE_INT32(cursor.id, struct vmsvga_state_s),
- VMSTATE_INT32(cursor.x, struct vmsvga_state_s),
- VMSTATE_INT32(cursor.y, struct vmsvga_state_s),
- VMSTATE_INT32(cursor.on, struct vmsvga_state_s),
- VMSTATE_INT32(index, struct vmsvga_state_s),
- VMSTATE_VARRAY_INT32(scratch, struct vmsvga_state_s,
- scratch_size, 0, vmstate_info_uint32, uint32_t),
- VMSTATE_INT32(new_width, struct vmsvga_state_s),
- VMSTATE_INT32(new_height, struct vmsvga_state_s),
- VMSTATE_UINT32(guest, struct vmsvga_state_s),
- VMSTATE_UINT32(svgaid, struct vmsvga_state_s),
- VMSTATE_INT32(syncing, struct vmsvga_state_s),
- VMSTATE_UNUSED(4), /* was fb_size */
- VMSTATE_END_OF_LIST()
- }
-};
-
-static const VMStateDescription vmstate_vmware_vga = {
- .name = "vmware_vga",
- .version_id = 0,
- .minimum_version_id = 0,
- .minimum_version_id_old = 0,
- .fields = (VMStateField[]) {
- VMSTATE_PCI_DEVICE(card, struct pci_vmsvga_state_s),
- VMSTATE_STRUCT(chip, struct pci_vmsvga_state_s, 0,
- vmstate_vmware_vga_internal, struct vmsvga_state_s),
- VMSTATE_END_OF_LIST()
- }
-};
-
-static void vmsvga_init(struct vmsvga_state_s *s,
- MemoryRegion *address_space, MemoryRegion *io)
-{
- s->scratch_size = SVGA_SCRATCH_SIZE;
- s->scratch = g_malloc(s->scratch_size * 4);
-
- s->vga.ds = graphic_console_init(vmsvga_update_display,
- vmsvga_invalidate_display,
- vmsvga_screen_dump,
- vmsvga_text_update, s);
-
-
- s->fifo_size = SVGA_FIFO_SIZE;
- memory_region_init_ram(&s->fifo_ram, "vmsvga.fifo", s->fifo_size);
- vmstate_register_ram_global(&s->fifo_ram);
- s->fifo_ptr = memory_region_get_ram_ptr(&s->fifo_ram);
-
- vga_common_init(&s->vga);
- vga_init(&s->vga, address_space, io, true);
- vmstate_register(NULL, 0, &vmstate_vga_common, &s->vga);
- /* Save some values here in case they are changed later.
- * This is suspicious and needs more though why it is needed. */
- s->depth = ds_get_bits_per_pixel(s->vga.ds);
- s->bypp = ds_get_bytes_per_pixel(s->vga.ds);
- s->wred = ds_get_rmask(s->vga.ds);
- s->wgreen = ds_get_gmask(s->vga.ds);
- s->wblue = ds_get_bmask(s->vga.ds);
-}
-
-static uint64_t vmsvga_io_read(void *opaque, hwaddr addr, unsigned size)
-{
- struct vmsvga_state_s *s = opaque;
-
- switch (addr) {
- case SVGA_IO_MUL * SVGA_INDEX_PORT: return vmsvga_index_read(s, addr);
- case SVGA_IO_MUL * SVGA_VALUE_PORT: return vmsvga_value_read(s, addr);
- case SVGA_IO_MUL * SVGA_BIOS_PORT: return vmsvga_bios_read(s, addr);
- default: return -1u;
- }
-}
-
-static void vmsvga_io_write(void *opaque, hwaddr addr,
- uint64_t data, unsigned size)
-{
- struct vmsvga_state_s *s = opaque;
-
- switch (addr) {
- case SVGA_IO_MUL * SVGA_INDEX_PORT:
- vmsvga_index_write(s, addr, data);
- break;
- case SVGA_IO_MUL * SVGA_VALUE_PORT:
- vmsvga_value_write(s, addr, data);
- break;
- case SVGA_IO_MUL * SVGA_BIOS_PORT:
- vmsvga_bios_write(s, addr, data);
- break;
- }
-}
-
-static const MemoryRegionOps vmsvga_io_ops = {
- .read = vmsvga_io_read,
- .write = vmsvga_io_write,
- .endianness = DEVICE_LITTLE_ENDIAN,
- .valid = {
- .min_access_size = 4,
- .max_access_size = 4,
- },
-};
-
-static int pci_vmsvga_initfn(PCIDevice *dev)
-{
- struct pci_vmsvga_state_s *s =
- DO_UPCAST(struct pci_vmsvga_state_s, card, dev);
-
- s->card.config[PCI_CACHE_LINE_SIZE] = 0x08; /* Cache line size */
- s->card.config[PCI_LATENCY_TIMER] = 0x40; /* Latency timer */
- s->card.config[PCI_INTERRUPT_LINE] = 0xff; /* End */
-
- memory_region_init_io(&s->io_bar, &vmsvga_io_ops, &s->chip,
- "vmsvga-io", 0x10);
- memory_region_set_flush_coalesced(&s->io_bar);
- pci_register_bar(&s->card, 0, PCI_BASE_ADDRESS_SPACE_IO, &s->io_bar);
-
- vmsvga_init(&s->chip, pci_address_space(dev), pci_address_space_io(dev));
-
- pci_register_bar(&s->card, 1, PCI_BASE_ADDRESS_MEM_PREFETCH,
- &s->chip.vga.vram);
- pci_register_bar(&s->card, 2, PCI_BASE_ADDRESS_MEM_PREFETCH,
- &s->chip.fifo_ram);
-
- if (!dev->rom_bar) {
- /* compatibility with pc-0.13 and older */
- vga_init_vbe(&s->chip.vga, pci_address_space(dev));
- }
-
- return 0;
-}
-
-static Property vga_vmware_properties[] = {
- DEFINE_PROP_UINT32("vgamem_mb", struct pci_vmsvga_state_s,
- chip.vga.vram_size_mb, 16),
- DEFINE_PROP_END_OF_LIST(),
-};
-
-static void vmsvga_class_init(ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS(klass);
- PCIDeviceClass *k = PCI_DEVICE_CLASS(klass);
-
- k->no_hotplug = 1;
- k->init = pci_vmsvga_initfn;
- k->romfile = "vgabios-vmware.bin";
- k->vendor_id = PCI_VENDOR_ID_VMWARE;
- k->device_id = SVGA_PCI_DEVICE_ID;
- k->class_id = PCI_CLASS_DISPLAY_VGA;
- k->subsystem_vendor_id = PCI_VENDOR_ID_VMWARE;
- k->subsystem_id = SVGA_PCI_DEVICE_ID;
- dc->reset = vmsvga_reset;
- dc->vmsd = &vmstate_vmware_vga;
- dc->props = vga_vmware_properties;
-}
-
-static TypeInfo vmsvga_info = {
- .name = "vmware-svga",
- .parent = TYPE_PCI_DEVICE,
- .instance_size = sizeof(struct pci_vmsvga_state_s),
- .class_init = vmsvga_class_init,
-};
-
-static void vmsvga_register_types(void)
-{
- type_register_static(&vmsvga_info);
-}
-
-type_init(vmsvga_register_types)
diff --git a/hw/vt82c686.c b/hw/vt82c686.c
deleted file mode 100644
index 5d7c00cf4..000000000
--- a/hw/vt82c686.c
+++ /dev/null
@@ -1,559 +0,0 @@
-/*
- * VT82C686B south bridge support
- *
- * Copyright (c) 2008 yajin (yajin@vm-kernel.org)
- * Copyright (c) 2009 chenming (chenming@rdc.faw.com.cn)
- * Copyright (c) 2010 Huacai Chen (zltjiangshi@gmail.com)
- * This code is licensed under the GNU GPL v2.
- *
- * Contributions after 2012-01-13 are licensed under the terms of the
- * GNU GPL, version 2 or (at your option) any later version.
- */
-
-#include "hw.h"
-#include "pc.h"
-#include "vt82c686.h"
-#include "i2c.h"
-#include "smbus.h"
-#include "pci.h"
-#include "isa.h"
-#include "sysbus.h"
-#include "mips.h"
-#include "apm.h"
-#include "acpi.h"
-#include "pm_smbus.h"
-#include "sysemu.h"
-#include "qemu-timer.h"
-
-typedef uint32_t pci_addr_t;
-#include "pci_host.h"
-//#define DEBUG_VT82C686B
-
-#ifdef DEBUG_VT82C686B
-#define DPRINTF(fmt, ...) fprintf(stderr, "%s: " fmt, __FUNCTION__, ##__VA_ARGS__)
-#else
-#define DPRINTF(fmt, ...)
-#endif
-
-typedef struct SuperIOConfig
-{
- uint8_t config[0xff];
- uint8_t index;
- uint8_t data;
-} SuperIOConfig;
-
-typedef struct VT82C686BState {
- PCIDevice dev;
- SuperIOConfig superio_conf;
-} VT82C686BState;
-
-static void superio_ioport_writeb(void *opaque, uint32_t addr, uint32_t data)
-{
- int can_write;
- SuperIOConfig *superio_conf = opaque;
-
- DPRINTF("superio_ioport_writeb address 0x%x val 0x%x\n", addr, data);
- if (addr == 0x3f0) {
- superio_conf->index = data & 0xff;
- } else {
- /* 0x3f1 */
- switch (superio_conf->index) {
- case 0x00 ... 0xdf:
- case 0xe4:
- case 0xe5:
- case 0xe9 ... 0xed:
- case 0xf3:
- case 0xf5:
- case 0xf7:
- case 0xf9 ... 0xfb:
- case 0xfd ... 0xff:
- can_write = 0;
- break;
- default:
- can_write = 1;
-
- if (can_write) {
- switch (superio_conf->index) {
- case 0xe7:
- if ((data & 0xff) != 0xfe) {
- DPRINTF("chage uart 1 base. unsupported yet\n");
- }
- break;
- case 0xe8:
- if ((data & 0xff) != 0xbe) {
- DPRINTF("chage uart 2 base. unsupported yet\n");
- }
- break;
-
- default:
- superio_conf->config[superio_conf->index] = data & 0xff;
- }
- }
- }
- superio_conf->config[superio_conf->index] = data & 0xff;
- }
-}
-
-static uint32_t superio_ioport_readb(void *opaque, uint32_t addr)
-{
- SuperIOConfig *superio_conf = opaque;
-
- DPRINTF("superio_ioport_readb address 0x%x\n", addr);
- return (superio_conf->config[superio_conf->index]);
-}
-
-static void vt82c686b_reset(void * opaque)
-{
- PCIDevice *d = opaque;
- uint8_t *pci_conf = d->config;
- VT82C686BState *vt82c = DO_UPCAST(VT82C686BState, dev, d);
-
- pci_set_long(pci_conf + PCI_CAPABILITY_LIST, 0x000000c0);
- pci_set_word(pci_conf + PCI_COMMAND, PCI_COMMAND_IO | PCI_COMMAND_MEMORY |
- PCI_COMMAND_MASTER | PCI_COMMAND_SPECIAL);
- pci_set_word(pci_conf + PCI_STATUS, PCI_STATUS_DEVSEL_MEDIUM);
-
- pci_conf[0x48] = 0x01; /* Miscellaneous Control 3 */
- pci_conf[0x4a] = 0x04; /* IDE interrupt Routing */
- pci_conf[0x4f] = 0x03; /* DMA/Master Mem Access Control 3 */
- pci_conf[0x50] = 0x2d; /* PnP DMA Request Control */
- pci_conf[0x59] = 0x04;
- pci_conf[0x5a] = 0x04; /* KBC/RTC Control*/
- pci_conf[0x5f] = 0x04;
- pci_conf[0x77] = 0x10; /* GPIO Control 1/2/3/4 */
-
- vt82c->superio_conf.config[0xe0] = 0x3c;
- vt82c->superio_conf.config[0xe2] = 0x03;
- vt82c->superio_conf.config[0xe3] = 0xfc;
- vt82c->superio_conf.config[0xe6] = 0xde;
- vt82c->superio_conf.config[0xe7] = 0xfe;
- vt82c->superio_conf.config[0xe8] = 0xbe;
-}
-
-/* write config pci function0 registers. PCI-ISA bridge */
-static void vt82c686b_write_config(PCIDevice * d, uint32_t address,
- uint32_t val, int len)
-{
- VT82C686BState *vt686 = DO_UPCAST(VT82C686BState, dev, d);
-
- DPRINTF("vt82c686b_write_config address 0x%x val 0x%x len 0x%x\n",
- address, val, len);
-
- pci_default_write_config(d, address, val, len);
- if (address == 0x85) { /* enable or disable super IO configure */
- if (val & 0x2) {
- /* floppy also uses 0x3f0 and 0x3f1.
- * But we do not emulate flopy,so just set it here. */
- isa_unassign_ioport(0x3f0, 2);
- register_ioport_read(0x3f0, 2, 1, superio_ioport_readb,
- &vt686->superio_conf);
- register_ioport_write(0x3f0, 2, 1, superio_ioport_writeb,
- &vt686->superio_conf);
- } else {
- isa_unassign_ioport(0x3f0, 2);
- }
- }
-}
-
-#define ACPI_DBG_IO_ADDR 0xb044
-
-typedef struct VT686PMState {
- PCIDevice dev;
- ACPIREGS ar;
- APMState apm;
- PMSMBus smb;
- uint32_t smb_io_base;
-} VT686PMState;
-
-typedef struct VT686AC97State {
- PCIDevice dev;
-} VT686AC97State;
-
-typedef struct VT686MC97State {
- PCIDevice dev;
-} VT686MC97State;
-
-static void pm_update_sci(VT686PMState *s)
-{
- int sci_level, pmsts;
-
- pmsts = acpi_pm1_evt_get_sts(&s->ar);
- sci_level = (((pmsts & s->ar.pm1.evt.en) &
- (ACPI_BITMASK_RT_CLOCK_ENABLE |
- ACPI_BITMASK_POWER_BUTTON_ENABLE |
- ACPI_BITMASK_GLOBAL_LOCK_ENABLE |
- ACPI_BITMASK_TIMER_ENABLE)) != 0);
- qemu_set_irq(s->dev.irq[0], sci_level);
- /* schedule a timer interruption if needed */
- acpi_pm_tmr_update(&s->ar, (s->ar.pm1.evt.en & ACPI_BITMASK_TIMER_ENABLE) &&
- !(pmsts & ACPI_BITMASK_TIMER_STATUS));
-}
-
-static void pm_tmr_timer(ACPIREGS *ar)
-{
- VT686PMState *s = container_of(ar, VT686PMState, ar);
- pm_update_sci(s);
-}
-
-static void pm_ioport_writew(void *opaque, uint32_t addr, uint32_t val)
-{
- VT686PMState *s = opaque;
-
- addr &= 0x0f;
- switch (addr) {
- case 0x00:
- acpi_pm1_evt_write_sts(&s->ar, val);
- pm_update_sci(s);
- break;
- case 0x02:
- acpi_pm1_evt_write_en(&s->ar, val);
- pm_update_sci(s);
- break;
- case 0x04:
- acpi_pm1_cnt_write(&s->ar, val, 0);
- break;
- default:
- break;
- }
- DPRINTF("PM writew port=0x%04x val=0x%02x\n", addr, val);
-}
-
-static uint32_t pm_ioport_readw(void *opaque, uint32_t addr)
-{
- VT686PMState *s = opaque;
- uint32_t val;
-
- addr &= 0x0f;
- switch (addr) {
- case 0x00:
- val = acpi_pm1_evt_get_sts(&s->ar);
- break;
- case 0x02:
- val = s->ar.pm1.evt.en;
- break;
- case 0x04:
- val = s->ar.pm1.cnt.cnt;
- break;
- default:
- val = 0;
- break;
- }
- DPRINTF("PM readw port=0x%04x val=0x%02x\n", addr, val);
- return val;
-}
-
-static void pm_ioport_writel(void *opaque, uint32_t addr, uint32_t val)
-{
- addr &= 0x0f;
- DPRINTF("PM writel port=0x%04x val=0x%08x\n", addr, val);
-}
-
-static uint32_t pm_ioport_readl(void *opaque, uint32_t addr)
-{
- VT686PMState *s = opaque;
- uint32_t val;
-
- addr &= 0x0f;
- switch (addr) {
- case 0x08:
- val = acpi_pm_tmr_get(&s->ar);
- break;
- default:
- val = 0;
- break;
- }
- DPRINTF("PM readl port=0x%04x val=0x%08x\n", addr, val);
- return val;
-}
-
-static void pm_io_space_update(VT686PMState *s)
-{
- uint32_t pm_io_base;
-
- if (s->dev.config[0x80] & 1) {
- pm_io_base = pci_get_long(s->dev.config + 0x40);
- pm_io_base &= 0xffc0;
-
- /* XXX: need to improve memory and ioport allocation */
- DPRINTF("PM: mapping to 0x%x\n", pm_io_base);
- register_ioport_write(pm_io_base, 64, 2, pm_ioport_writew, s);
- register_ioport_read(pm_io_base, 64, 2, pm_ioport_readw, s);
- register_ioport_write(pm_io_base, 64, 4, pm_ioport_writel, s);
- register_ioport_read(pm_io_base, 64, 4, pm_ioport_readl, s);
- }
-}
-
-static void pm_write_config(PCIDevice *d,
- uint32_t address, uint32_t val, int len)
-{
- DPRINTF("pm_write_config address 0x%x val 0x%x len 0x%x\n",
- address, val, len);
- pci_default_write_config(d, address, val, len);
-}
-
-static int vmstate_acpi_post_load(void *opaque, int version_id)
-{
- VT686PMState *s = opaque;
-
- pm_io_space_update(s);
- return 0;
-}
-
-static const VMStateDescription vmstate_acpi = {
- .name = "vt82c686b_pm",
- .version_id = 1,
- .minimum_version_id = 1,
- .minimum_version_id_old = 1,
- .post_load = vmstate_acpi_post_load,
- .fields = (VMStateField []) {
- VMSTATE_PCI_DEVICE(dev, VT686PMState),
- VMSTATE_UINT16(ar.pm1.evt.sts, VT686PMState),
- VMSTATE_UINT16(ar.pm1.evt.en, VT686PMState),
- VMSTATE_UINT16(ar.pm1.cnt.cnt, VT686PMState),
- VMSTATE_STRUCT(apm, VT686PMState, 0, vmstate_apm, APMState),
- VMSTATE_TIMER(ar.tmr.timer, VT686PMState),
- VMSTATE_INT64(ar.tmr.overflow_time, VT686PMState),
- VMSTATE_END_OF_LIST()
- }
-};
-
-/*
- * TODO: vt82c686b_ac97_init() and vt82c686b_mc97_init()
- * just register a PCI device now, functionalities will be implemented later.
- */
-
-static int vt82c686b_ac97_initfn(PCIDevice *dev)
-{
- VT686AC97State *s = DO_UPCAST(VT686AC97State, dev, dev);
- uint8_t *pci_conf = s->dev.config;
-
- pci_set_word(pci_conf + PCI_COMMAND, PCI_COMMAND_INVALIDATE |
- PCI_COMMAND_PARITY);
- pci_set_word(pci_conf + PCI_STATUS, PCI_STATUS_CAP_LIST |
- PCI_STATUS_DEVSEL_MEDIUM);
- pci_set_long(pci_conf + PCI_INTERRUPT_PIN, 0x03);
-
- return 0;
-}
-
-void vt82c686b_ac97_init(PCIBus *bus, int devfn)
-{
- PCIDevice *dev;
-
- dev = pci_create(bus, devfn, "VT82C686B_AC97");
- qdev_init_nofail(&dev->qdev);
-}
-
-static void via_ac97_class_init(ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS(klass);
- PCIDeviceClass *k = PCI_DEVICE_CLASS(klass);
-
- k->init = vt82c686b_ac97_initfn;
- k->vendor_id = PCI_VENDOR_ID_VIA;
- k->device_id = PCI_DEVICE_ID_VIA_AC97;
- k->revision = 0x50;
- k->class_id = PCI_CLASS_MULTIMEDIA_AUDIO;
- dc->desc = "AC97";
-}
-
-static TypeInfo via_ac97_info = {
- .name = "VT82C686B_AC97",
- .parent = TYPE_PCI_DEVICE,
- .instance_size = sizeof(VT686AC97State),
- .class_init = via_ac97_class_init,
-};
-
-static int vt82c686b_mc97_initfn(PCIDevice *dev)
-{
- VT686MC97State *s = DO_UPCAST(VT686MC97State, dev, dev);
- uint8_t *pci_conf = s->dev.config;
-
- pci_set_word(pci_conf + PCI_COMMAND, PCI_COMMAND_INVALIDATE |
- PCI_COMMAND_VGA_PALETTE);
- pci_set_word(pci_conf + PCI_STATUS, PCI_STATUS_DEVSEL_MEDIUM);
- pci_set_long(pci_conf + PCI_INTERRUPT_PIN, 0x03);
-
- return 0;
-}
-
-void vt82c686b_mc97_init(PCIBus *bus, int devfn)
-{
- PCIDevice *dev;
-
- dev = pci_create(bus, devfn, "VT82C686B_MC97");
- qdev_init_nofail(&dev->qdev);
-}
-
-static void via_mc97_class_init(ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS(klass);
- PCIDeviceClass *k = PCI_DEVICE_CLASS(klass);
-
- k->init = vt82c686b_mc97_initfn;
- k->vendor_id = PCI_VENDOR_ID_VIA;
- k->device_id = PCI_DEVICE_ID_VIA_MC97;
- k->class_id = PCI_CLASS_COMMUNICATION_OTHER;
- k->revision = 0x30;
- dc->desc = "MC97";
-}
-
-static TypeInfo via_mc97_info = {
- .name = "VT82C686B_MC97",
- .parent = TYPE_PCI_DEVICE,
- .instance_size = sizeof(VT686MC97State),
- .class_init = via_mc97_class_init,
-};
-
-/* vt82c686 pm init */
-static int vt82c686b_pm_initfn(PCIDevice *dev)
-{
- VT686PMState *s = DO_UPCAST(VT686PMState, dev, dev);
- uint8_t *pci_conf;
-
- pci_conf = s->dev.config;
- pci_set_word(pci_conf + PCI_COMMAND, 0);
- pci_set_word(pci_conf + PCI_STATUS, PCI_STATUS_FAST_BACK |
- PCI_STATUS_DEVSEL_MEDIUM);
-
- /* 0x48-0x4B is Power Management I/O Base */
- pci_set_long(pci_conf + 0x48, 0x00000001);
-
- /* SMB ports:0xeee0~0xeeef */
- s->smb_io_base =((s->smb_io_base & 0xfff0) + 0x0);
- pci_conf[0x90] = s->smb_io_base | 1;
- pci_conf[0x91] = s->smb_io_base >> 8;
- pci_conf[0xd2] = 0x90;
- register_ioport_write(s->smb_io_base, 0xf, 1, smb_ioport_writeb, &s->smb);
- register_ioport_read(s->smb_io_base, 0xf, 1, smb_ioport_readb, &s->smb);
-
- apm_init(&s->apm, NULL, s);
-
- acpi_pm_tmr_init(&s->ar, pm_tmr_timer);
- acpi_pm1_cnt_init(&s->ar);
-
- pm_smbus_init(&s->dev.qdev, &s->smb);
-
- return 0;
-}
-
-i2c_bus *vt82c686b_pm_init(PCIBus *bus, int devfn, uint32_t smb_io_base,
- qemu_irq sci_irq)
-{
- PCIDevice *dev;
- VT686PMState *s;
-
- dev = pci_create(bus, devfn, "VT82C686B_PM");
- qdev_prop_set_uint32(&dev->qdev, "smb_io_base", smb_io_base);
-
- s = DO_UPCAST(VT686PMState, dev, dev);
-
- qdev_init_nofail(&dev->qdev);
-
- return s->smb.smbus;
-}
-
-static Property via_pm_properties[] = {
- DEFINE_PROP_UINT32("smb_io_base", VT686PMState, smb_io_base, 0),
- DEFINE_PROP_END_OF_LIST(),
-};
-
-static void via_pm_class_init(ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS(klass);
- PCIDeviceClass *k = PCI_DEVICE_CLASS(klass);
-
- k->init = vt82c686b_pm_initfn;
- k->config_write = pm_write_config;
- k->vendor_id = PCI_VENDOR_ID_VIA;
- k->device_id = PCI_DEVICE_ID_VIA_ACPI;
- k->class_id = PCI_CLASS_BRIDGE_OTHER;
- k->revision = 0x40;
- dc->desc = "PM";
- dc->vmsd = &vmstate_acpi;
- dc->props = via_pm_properties;
-}
-
-static TypeInfo via_pm_info = {
- .name = "VT82C686B_PM",
- .parent = TYPE_PCI_DEVICE,
- .instance_size = sizeof(VT686PMState),
- .class_init = via_pm_class_init,
-};
-
-static const VMStateDescription vmstate_via = {
- .name = "vt82c686b",
- .version_id = 1,
- .minimum_version_id = 1,
- .minimum_version_id_old = 1,
- .fields = (VMStateField []) {
- VMSTATE_PCI_DEVICE(dev, VT82C686BState),
- VMSTATE_END_OF_LIST()
- }
-};
-
-/* init the PCI-to-ISA bridge */
-static int vt82c686b_initfn(PCIDevice *d)
-{
- uint8_t *pci_conf;
- uint8_t *wmask;
- int i;
-
- isa_bus_new(&d->qdev, pci_address_space_io(d));
-
- pci_conf = d->config;
- pci_config_set_prog_interface(pci_conf, 0x0);
-
- wmask = d->wmask;
- for (i = 0x00; i < 0xff; i++) {
- if (i<=0x03 || (i>=0x08 && i<=0x3f)) {
- wmask[i] = 0x00;
- }
- }
-
- qemu_register_reset(vt82c686b_reset, d);
-
- return 0;
-}
-
-ISABus *vt82c686b_init(PCIBus *bus, int devfn)
-{
- PCIDevice *d;
-
- d = pci_create_simple_multifunction(bus, devfn, true, "VT82C686B");
-
- return DO_UPCAST(ISABus, qbus, qdev_get_child_bus(&d->qdev, "isa.0"));
-}
-
-static void via_class_init(ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS(klass);
- PCIDeviceClass *k = PCI_DEVICE_CLASS(klass);
-
- k->init = vt82c686b_initfn;
- k->config_write = vt82c686b_write_config;
- k->vendor_id = PCI_VENDOR_ID_VIA;
- k->device_id = PCI_DEVICE_ID_VIA_ISA_BRIDGE;
- k->class_id = PCI_CLASS_BRIDGE_ISA;
- k->revision = 0x40;
- dc->desc = "ISA bridge";
- dc->no_user = 1;
- dc->vmsd = &vmstate_via;
-}
-
-static TypeInfo via_info = {
- .name = "VT82C686B",
- .parent = TYPE_PCI_DEVICE,
- .instance_size = sizeof(VT82C686BState),
- .class_init = via_class_init,
-};
-
-static void vt82c686b_register_types(void)
-{
- type_register_static(&via_ac97_info);
- type_register_static(&via_mc97_info);
- type_register_static(&via_pm_info);
- type_register_static(&via_info);
-}
-
-type_init(vt82c686b_register_types)
diff --git a/hw/vt82c686.h b/hw/vt82c686.h
deleted file mode 100644
index 6ef876d26..000000000
--- a/hw/vt82c686.h
+++ /dev/null
@@ -1,11 +0,0 @@
-#ifndef HW_VT82C686_H
-#define HW_VT82C686_H
-
-/* vt82c686.c */
-ISABus *vt82c686b_init(PCIBus * bus, int devfn);
-void vt82c686b_ac97_init(PCIBus *bus, int devfn);
-void vt82c686b_mc97_init(PCIBus *bus, int devfn);
-i2c_bus *vt82c686b_pm_init(PCIBus *bus, int devfn, uint32_t smb_io_base,
- qemu_irq sci_irq);
-
-#endif
diff --git a/hw/watchdog.c b/hw/watchdog.c
deleted file mode 100644
index b52acedd9..000000000
--- a/hw/watchdog.c
+++ /dev/null
@@ -1,147 +0,0 @@
-/*
- * Virtual hardware watchdog.
- *
- * Copyright (C) 2009 Red Hat Inc.
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License
- * as published by the Free Software Foundation; either version 2
- * of the License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, see <http://www.gnu.org/licenses/>.
- *
- * By Richard W.M. Jones (rjones@redhat.com).
- */
-
-#include "qemu-common.h"
-#include "qemu-option.h"
-#include "qemu-config.h"
-#include "qemu-queue.h"
-#include "qemu-objects.h"
-#include "monitor.h"
-#include "sysemu.h"
-#include "hw/watchdog.h"
-
-/* Possible values for action parameter. */
-#define WDT_RESET 1 /* Hard reset. */
-#define WDT_SHUTDOWN 2 /* Shutdown. */
-#define WDT_POWEROFF 3 /* Quit. */
-#define WDT_PAUSE 4 /* Pause. */
-#define WDT_DEBUG 5 /* Prints a message and continues running. */
-#define WDT_NONE 6 /* Do nothing. */
-
-static int watchdog_action = WDT_RESET;
-static QLIST_HEAD(watchdog_list, WatchdogTimerModel) watchdog_list;
-
-void watchdog_add_model(WatchdogTimerModel *model)
-{
- QLIST_INSERT_HEAD(&watchdog_list, model, entry);
-}
-
-/* Returns:
- * 0 = continue
- * 1 = exit program with error
- * 2 = exit program without error
- */
-int select_watchdog(const char *p)
-{
- WatchdogTimerModel *model;
- QemuOpts *opts;
-
- /* -watchdog ? lists available devices and exits cleanly. */
- if (is_help_option(p)) {
- QLIST_FOREACH(model, &watchdog_list, entry) {
- fprintf(stderr, "\t%s\t%s\n",
- model->wdt_name, model->wdt_description);
- }
- return 2;
- }
-
- QLIST_FOREACH(model, &watchdog_list, entry) {
- if (strcasecmp(model->wdt_name, p) == 0) {
- /* add the device */
- opts = qemu_opts_create(qemu_find_opts("device"), NULL, 0, NULL);
- qemu_opt_set(opts, "driver", p);
- return 0;
- }
- }
-
- fprintf(stderr, "Unknown -watchdog device. Supported devices are:\n");
- QLIST_FOREACH(model, &watchdog_list, entry) {
- fprintf(stderr, "\t%s\t%s\n",
- model->wdt_name, model->wdt_description);
- }
- return 1;
-}
-
-int select_watchdog_action(const char *p)
-{
- if (strcasecmp(p, "reset") == 0)
- watchdog_action = WDT_RESET;
- else if (strcasecmp(p, "shutdown") == 0)
- watchdog_action = WDT_SHUTDOWN;
- else if (strcasecmp(p, "poweroff") == 0)
- watchdog_action = WDT_POWEROFF;
- else if (strcasecmp(p, "pause") == 0)
- watchdog_action = WDT_PAUSE;
- else if (strcasecmp(p, "debug") == 0)
- watchdog_action = WDT_DEBUG;
- else if (strcasecmp(p, "none") == 0)
- watchdog_action = WDT_NONE;
- else
- return -1;
-
- return 0;
-}
-
-static void watchdog_mon_event(const char *action)
-{
- QObject *data;
-
- data = qobject_from_jsonf("{ 'action': %s }", action);
- monitor_protocol_event(QEVENT_WATCHDOG, data);
- qobject_decref(data);
-}
-
-/* This actually performs the "action" once a watchdog has expired,
- * ie. reboot, shutdown, exit, etc.
- */
-void watchdog_perform_action(void)
-{
- switch(watchdog_action) {
- case WDT_RESET: /* same as 'system_reset' in monitor */
- watchdog_mon_event("reset");
- qemu_system_reset_request();
- break;
-
- case WDT_SHUTDOWN: /* same as 'system_powerdown' in monitor */
- watchdog_mon_event("shutdown");
- qemu_system_powerdown_request();
- break;
-
- case WDT_POWEROFF: /* same as 'quit' command in monitor */
- watchdog_mon_event("poweroff");
- exit(0);
- break;
-
- case WDT_PAUSE: /* same as 'stop' command in monitor */
- watchdog_mon_event("pause");
- vm_stop(RUN_STATE_WATCHDOG);
- break;
-
- case WDT_DEBUG:
- watchdog_mon_event("debug");
- fprintf(stderr, "watchdog: timer fired\n");
- break;
-
- case WDT_NONE:
- watchdog_mon_event("none");
- break;
- }
-}
diff --git a/hw/watchdog.h b/hw/watchdog.h
deleted file mode 100644
index c12a29311..000000000
--- a/hw/watchdog.h
+++ /dev/null
@@ -1,43 +0,0 @@
-/*
- * Virtual hardware watchdog.
- *
- * Copyright (C) 2009 Red Hat Inc.
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License
- * as published by the Free Software Foundation; either version 2
- * of the License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, see <http://www.gnu.org/licenses/>.
- *
- * By Richard W.M. Jones (rjones@redhat.com).
- */
-
-#ifndef QEMU_WATCHDOG_H
-#define QEMU_WATCHDOG_H
-
-#include "qemu-queue.h"
-
-struct WatchdogTimerModel {
- QLIST_ENTRY(WatchdogTimerModel) entry;
-
- /* Short name of the device - used to select it on the command line. */
- const char *wdt_name;
- /* Longer description (eg. manufacturer and full model number). */
- const char *wdt_description;
-};
-typedef struct WatchdogTimerModel WatchdogTimerModel;
-
-/* in hw/watchdog.c */
-int select_watchdog(const char *p);
-int select_watchdog_action(const char *action);
-void watchdog_add_model(WatchdogTimerModel *model);
-void watchdog_perform_action(void);
-
-#endif /* QEMU_WATCHDOG_H */
diff --git a/hw/watchdog/Makefile.objs b/hw/watchdog/Makefile.objs
new file mode 100644
index 000000000..4b0374a55
--- /dev/null
+++ b/hw/watchdog/Makefile.objs
@@ -0,0 +1,3 @@
+common-obj-y += watchdog.o
+common-obj-$(CONFIG_WDT_IB6300ESB) += wdt_i6300esb.o
+common-obj-$(CONFIG_WDT_IB700) += wdt_ib700.o
diff --git a/hw/watchdog/watchdog.c b/hw/watchdog/watchdog.c
new file mode 100644
index 000000000..387962ec4
--- /dev/null
+++ b/hw/watchdog/watchdog.c
@@ -0,0 +1,146 @@
+/*
+ * Virtual hardware watchdog.
+ *
+ * Copyright (C) 2009 Red Hat Inc.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ *
+ * By Richard W.M. Jones (rjones@redhat.com).
+ */
+
+#include "qemu-common.h"
+#include "qemu/option.h"
+#include "qemu/config-file.h"
+#include "qemu/queue.h"
+#include "qapi/qmp/types.h"
+#include "monitor/monitor.h"
+#include "sysemu/sysemu.h"
+#include "sysemu/watchdog.h"
+
+/* Possible values for action parameter. */
+#define WDT_RESET 1 /* Hard reset. */
+#define WDT_SHUTDOWN 2 /* Shutdown. */
+#define WDT_POWEROFF 3 /* Quit. */
+#define WDT_PAUSE 4 /* Pause. */
+#define WDT_DEBUG 5 /* Prints a message and continues running. */
+#define WDT_NONE 6 /* Do nothing. */
+
+static int watchdog_action = WDT_RESET;
+static QLIST_HEAD(watchdog_list, WatchdogTimerModel) watchdog_list;
+
+void watchdog_add_model(WatchdogTimerModel *model)
+{
+ QLIST_INSERT_HEAD(&watchdog_list, model, entry);
+}
+
+/* Returns:
+ * 0 = continue
+ * 1 = exit program with error
+ * 2 = exit program without error
+ */
+int select_watchdog(const char *p)
+{
+ WatchdogTimerModel *model;
+ QemuOpts *opts;
+
+ /* -watchdog ? lists available devices and exits cleanly. */
+ if (is_help_option(p)) {
+ QLIST_FOREACH(model, &watchdog_list, entry) {
+ fprintf(stderr, "\t%s\t%s\n",
+ model->wdt_name, model->wdt_description);
+ }
+ return 2;
+ }
+
+ QLIST_FOREACH(model, &watchdog_list, entry) {
+ if (strcasecmp(model->wdt_name, p) == 0) {
+ /* add the device */
+ opts = qemu_opts_create_nofail(qemu_find_opts("device"));
+ qemu_opt_set(opts, "driver", p);
+ return 0;
+ }
+ }
+
+ fprintf(stderr, "Unknown -watchdog device. Supported devices are:\n");
+ QLIST_FOREACH(model, &watchdog_list, entry) {
+ fprintf(stderr, "\t%s\t%s\n",
+ model->wdt_name, model->wdt_description);
+ }
+ return 1;
+}
+
+int select_watchdog_action(const char *p)
+{
+ if (strcasecmp(p, "reset") == 0)
+ watchdog_action = WDT_RESET;
+ else if (strcasecmp(p, "shutdown") == 0)
+ watchdog_action = WDT_SHUTDOWN;
+ else if (strcasecmp(p, "poweroff") == 0)
+ watchdog_action = WDT_POWEROFF;
+ else if (strcasecmp(p, "pause") == 0)
+ watchdog_action = WDT_PAUSE;
+ else if (strcasecmp(p, "debug") == 0)
+ watchdog_action = WDT_DEBUG;
+ else if (strcasecmp(p, "none") == 0)
+ watchdog_action = WDT_NONE;
+ else
+ return -1;
+
+ return 0;
+}
+
+static void watchdog_mon_event(const char *action)
+{
+ QObject *data;
+
+ data = qobject_from_jsonf("{ 'action': %s }", action);
+ monitor_protocol_event(QEVENT_WATCHDOG, data);
+ qobject_decref(data);
+}
+
+/* This actually performs the "action" once a watchdog has expired,
+ * ie. reboot, shutdown, exit, etc.
+ */
+void watchdog_perform_action(void)
+{
+ switch(watchdog_action) {
+ case WDT_RESET: /* same as 'system_reset' in monitor */
+ watchdog_mon_event("reset");
+ qemu_system_reset_request();
+ break;
+
+ case WDT_SHUTDOWN: /* same as 'system_powerdown' in monitor */
+ watchdog_mon_event("shutdown");
+ qemu_system_powerdown_request();
+ break;
+
+ case WDT_POWEROFF: /* same as 'quit' command in monitor */
+ watchdog_mon_event("poweroff");
+ exit(0);
+
+ case WDT_PAUSE: /* same as 'stop' command in monitor */
+ watchdog_mon_event("pause");
+ vm_stop(RUN_STATE_WATCHDOG);
+ break;
+
+ case WDT_DEBUG:
+ watchdog_mon_event("debug");
+ fprintf(stderr, "watchdog: timer fired\n");
+ break;
+
+ case WDT_NONE:
+ watchdog_mon_event("none");
+ break;
+ }
+}
diff --git a/hw/watchdog/wdt_i6300esb.c b/hw/watchdog/wdt_i6300esb.c
new file mode 100644
index 000000000..2e064bac8
--- /dev/null
+++ b/hw/watchdog/wdt_i6300esb.c
@@ -0,0 +1,470 @@
+/*
+ * Virtual hardware watchdog.
+ *
+ * Copyright (C) 2009 Red Hat Inc.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ *
+ * By Richard W.M. Jones (rjones@redhat.com).
+ */
+
+#include <inttypes.h>
+
+#include "qemu-common.h"
+#include "qemu/timer.h"
+#include "sysemu/watchdog.h"
+#include "hw/hw.h"
+#include "hw/pci/pci.h"
+
+/*#define I6300ESB_DEBUG 1*/
+
+#ifdef I6300ESB_DEBUG
+#define i6300esb_debug(fs,...) \
+ fprintf(stderr,"i6300esb: %s: "fs,__func__,##__VA_ARGS__)
+#else
+#define i6300esb_debug(fs,...)
+#endif
+
+/* PCI configuration registers */
+#define ESB_CONFIG_REG 0x60 /* Config register */
+#define ESB_LOCK_REG 0x68 /* WDT lock register */
+
+/* Memory mapped registers (offset from base address) */
+#define ESB_TIMER1_REG 0x00 /* Timer1 value after each reset */
+#define ESB_TIMER2_REG 0x04 /* Timer2 value after each reset */
+#define ESB_GINTSR_REG 0x08 /* General Interrupt Status Register */
+#define ESB_RELOAD_REG 0x0c /* Reload register */
+
+/* Lock register bits */
+#define ESB_WDT_FUNC (0x01 << 2) /* Watchdog functionality */
+#define ESB_WDT_ENABLE (0x01 << 1) /* Enable WDT */
+#define ESB_WDT_LOCK (0x01 << 0) /* Lock (nowayout) */
+
+/* Config register bits */
+#define ESB_WDT_REBOOT (0x01 << 5) /* Enable reboot on timeout */
+#define ESB_WDT_FREQ (0x01 << 2) /* Decrement frequency */
+#define ESB_WDT_INTTYPE (0x11 << 0) /* Interrupt type on timer1 timeout */
+
+/* Reload register bits */
+#define ESB_WDT_RELOAD (0x01 << 8) /* prevent timeout */
+
+/* Magic constants */
+#define ESB_UNLOCK1 0x80 /* Step 1 to unlock reset registers */
+#define ESB_UNLOCK2 0x86 /* Step 2 to unlock reset registers */
+
+/* Device state. */
+struct I6300State {
+ PCIDevice dev;
+ MemoryRegion io_mem;
+
+ int reboot_enabled; /* "Reboot" on timer expiry. The real action
+ * performed depends on the -watchdog-action
+ * param passed on QEMU command line.
+ */
+ int clock_scale; /* Clock scale. */
+#define CLOCK_SCALE_1KHZ 0
+#define CLOCK_SCALE_1MHZ 1
+
+ int int_type; /* Interrupt type generated. */
+#define INT_TYPE_IRQ 0 /* APIC 1, INT 10 */
+#define INT_TYPE_SMI 2
+#define INT_TYPE_DISABLED 3
+
+ int free_run; /* If true, reload timer on expiry. */
+ int locked; /* If true, enabled field cannot be changed. */
+ int enabled; /* If true, watchdog is enabled. */
+
+ QEMUTimer *timer; /* The actual watchdog timer. */
+
+ uint32_t timer1_preload; /* Values preloaded into timer1, timer2. */
+ uint32_t timer2_preload;
+ int stage; /* Stage (1 or 2). */
+
+ int unlock_state; /* Guest writes 0x80, 0x86 to unlock the
+ * registers, and we transition through
+ * states 0 -> 1 -> 2 when this happens.
+ */
+
+ int previous_reboot_flag; /* If the watchdog caused the previous
+ * reboot, this flag will be set.
+ */
+};
+
+typedef struct I6300State I6300State;
+
+/* This function is called when the watchdog has either been enabled
+ * (hence it starts counting down) or has been keep-alived.
+ */
+static void i6300esb_restart_timer(I6300State *d, int stage)
+{
+ int64_t timeout;
+
+ if (!d->enabled)
+ return;
+
+ d->stage = stage;
+
+ if (d->stage <= 1)
+ timeout = d->timer1_preload;
+ else
+ timeout = d->timer2_preload;
+
+ if (d->clock_scale == CLOCK_SCALE_1KHZ)
+ timeout <<= 15;
+ else
+ timeout <<= 5;
+
+ /* Get the timeout in units of ticks_per_sec. */
+ timeout = get_ticks_per_sec() * timeout / 33000000;
+
+ i6300esb_debug("stage %d, timeout %" PRIi64 "\n", d->stage, timeout);
+
+ qemu_mod_timer(d->timer, qemu_get_clock_ns(vm_clock) + timeout);
+}
+
+/* This is called when the guest disables the watchdog. */
+static void i6300esb_disable_timer(I6300State *d)
+{
+ i6300esb_debug("timer disabled\n");
+
+ qemu_del_timer(d->timer);
+}
+
+static void i6300esb_reset(DeviceState *dev)
+{
+ PCIDevice *pdev = PCI_DEVICE(dev);
+ I6300State *d = DO_UPCAST(I6300State, dev, pdev);
+
+ i6300esb_debug("I6300State = %p\n", d);
+
+ i6300esb_disable_timer(d);
+
+ /* NB: Don't change d->previous_reboot_flag in this function. */
+
+ d->reboot_enabled = 1;
+ d->clock_scale = CLOCK_SCALE_1KHZ;
+ d->int_type = INT_TYPE_IRQ;
+ d->free_run = 0;
+ d->locked = 0;
+ d->enabled = 0;
+ d->timer1_preload = 0xfffff;
+ d->timer2_preload = 0xfffff;
+ d->stage = 1;
+ d->unlock_state = 0;
+}
+
+/* This function is called when the watchdog expires. Note that
+ * the hardware has two timers, and so expiry happens in two stages.
+ * If d->stage == 1 then we perform the first stage action (usually,
+ * sending an interrupt) and then restart the timer again for the
+ * second stage. If the second stage expires then the watchdog
+ * really has run out.
+ */
+static void i6300esb_timer_expired(void *vp)
+{
+ I6300State *d = vp;
+
+ i6300esb_debug("stage %d\n", d->stage);
+
+ if (d->stage == 1) {
+ /* What to do at the end of stage 1? */
+ switch (d->int_type) {
+ case INT_TYPE_IRQ:
+ fprintf(stderr, "i6300esb_timer_expired: I would send APIC 1 INT 10 here if I knew how (XXX)\n");
+ break;
+ case INT_TYPE_SMI:
+ fprintf(stderr, "i6300esb_timer_expired: I would send SMI here if I knew how (XXX)\n");
+ break;
+ }
+
+ /* Start the second stage. */
+ i6300esb_restart_timer(d, 2);
+ } else {
+ /* Second stage expired, reboot for real. */
+ if (d->reboot_enabled) {
+ d->previous_reboot_flag = 1;
+ watchdog_perform_action(); /* This reboots, exits, etc */
+ i6300esb_reset(&d->dev.qdev);
+ }
+
+ /* In "free running mode" we start stage 1 again. */
+ if (d->free_run)
+ i6300esb_restart_timer(d, 1);
+ }
+}
+
+static void i6300esb_config_write(PCIDevice *dev, uint32_t addr,
+ uint32_t data, int len)
+{
+ I6300State *d = DO_UPCAST(I6300State, dev, dev);
+ int old;
+
+ i6300esb_debug("addr = %x, data = %x, len = %d\n", addr, data, len);
+
+ if (addr == ESB_CONFIG_REG && len == 2) {
+ d->reboot_enabled = (data & ESB_WDT_REBOOT) == 0;
+ d->clock_scale =
+ (data & ESB_WDT_FREQ) != 0 ? CLOCK_SCALE_1MHZ : CLOCK_SCALE_1KHZ;
+ d->int_type = (data & ESB_WDT_INTTYPE);
+ } else if (addr == ESB_LOCK_REG && len == 1) {
+ if (!d->locked) {
+ d->locked = (data & ESB_WDT_LOCK) != 0;
+ d->free_run = (data & ESB_WDT_FUNC) != 0;
+ old = d->enabled;
+ d->enabled = (data & ESB_WDT_ENABLE) != 0;
+ if (!old && d->enabled) /* Enabled transitioned from 0 -> 1 */
+ i6300esb_restart_timer(d, 1);
+ else if (!d->enabled)
+ i6300esb_disable_timer(d);
+ }
+ } else {
+ pci_default_write_config(dev, addr, data, len);
+ }
+}
+
+static uint32_t i6300esb_config_read(PCIDevice *dev, uint32_t addr, int len)
+{
+ I6300State *d = DO_UPCAST(I6300State, dev, dev);
+ uint32_t data;
+
+ i6300esb_debug ("addr = %x, len = %d\n", addr, len);
+
+ if (addr == ESB_CONFIG_REG && len == 2) {
+ data =
+ (d->reboot_enabled ? 0 : ESB_WDT_REBOOT) |
+ (d->clock_scale == CLOCK_SCALE_1MHZ ? ESB_WDT_FREQ : 0) |
+ d->int_type;
+ return data;
+ } else if (addr == ESB_LOCK_REG && len == 1) {
+ data =
+ (d->free_run ? ESB_WDT_FUNC : 0) |
+ (d->locked ? ESB_WDT_LOCK : 0) |
+ (d->enabled ? ESB_WDT_ENABLE : 0);
+ return data;
+ } else {
+ return pci_default_read_config(dev, addr, len);
+ }
+}
+
+static uint32_t i6300esb_mem_readb(void *vp, hwaddr addr)
+{
+ i6300esb_debug ("addr = %x\n", (int) addr);
+
+ return 0;
+}
+
+static uint32_t i6300esb_mem_readw(void *vp, hwaddr addr)
+{
+ uint32_t data = 0;
+ I6300State *d = vp;
+
+ i6300esb_debug("addr = %x\n", (int) addr);
+
+ if (addr == 0xc) {
+ /* The previous reboot flag is really bit 9, but there is
+ * a bug in the Linux driver where it thinks it's bit 12.
+ * Set both.
+ */
+ data = d->previous_reboot_flag ? 0x1200 : 0;
+ }
+
+ return data;
+}
+
+static uint32_t i6300esb_mem_readl(void *vp, hwaddr addr)
+{
+ i6300esb_debug("addr = %x\n", (int) addr);
+
+ return 0;
+}
+
+static void i6300esb_mem_writeb(void *vp, hwaddr addr, uint32_t val)
+{
+ I6300State *d = vp;
+
+ i6300esb_debug("addr = %x, val = %x\n", (int) addr, val);
+
+ if (addr == 0xc && val == 0x80)
+ d->unlock_state = 1;
+ else if (addr == 0xc && val == 0x86 && d->unlock_state == 1)
+ d->unlock_state = 2;
+}
+
+static void i6300esb_mem_writew(void *vp, hwaddr addr, uint32_t val)
+{
+ I6300State *d = vp;
+
+ i6300esb_debug("addr = %x, val = %x\n", (int) addr, val);
+
+ if (addr == 0xc && val == 0x80)
+ d->unlock_state = 1;
+ else if (addr == 0xc && val == 0x86 && d->unlock_state == 1)
+ d->unlock_state = 2;
+ else {
+ if (d->unlock_state == 2) {
+ if (addr == 0xc) {
+ if ((val & 0x100) != 0)
+ /* This is the "ping" from the userspace watchdog in
+ * the guest ...
+ */
+ i6300esb_restart_timer(d, 1);
+
+ /* Setting bit 9 resets the previous reboot flag.
+ * There's a bug in the Linux driver where it sets
+ * bit 12 instead.
+ */
+ if ((val & 0x200) != 0 || (val & 0x1000) != 0) {
+ d->previous_reboot_flag = 0;
+ }
+ }
+
+ d->unlock_state = 0;
+ }
+ }
+}
+
+static void i6300esb_mem_writel(void *vp, hwaddr addr, uint32_t val)
+{
+ I6300State *d = vp;
+
+ i6300esb_debug ("addr = %x, val = %x\n", (int) addr, val);
+
+ if (addr == 0xc && val == 0x80)
+ d->unlock_state = 1;
+ else if (addr == 0xc && val == 0x86 && d->unlock_state == 1)
+ d->unlock_state = 2;
+ else {
+ if (d->unlock_state == 2) {
+ if (addr == 0)
+ d->timer1_preload = val & 0xfffff;
+ else if (addr == 4)
+ d->timer2_preload = val & 0xfffff;
+
+ d->unlock_state = 0;
+ }
+ }
+}
+
+static const MemoryRegionOps i6300esb_ops = {
+ .old_mmio = {
+ .read = {
+ i6300esb_mem_readb,
+ i6300esb_mem_readw,
+ i6300esb_mem_readl,
+ },
+ .write = {
+ i6300esb_mem_writeb,
+ i6300esb_mem_writew,
+ i6300esb_mem_writel,
+ },
+ },
+ .endianness = DEVICE_NATIVE_ENDIAN,
+};
+
+static const VMStateDescription vmstate_i6300esb = {
+ .name = "i6300esb_wdt",
+ /* With this VMSD's introduction, version_id/minimum_version_id were
+ * erroneously set to sizeof(I6300State), causing a somewhat random
+ * version_id to be set for every build. This eventually broke
+ * migration.
+ *
+ * To correct this without breaking old->new migration for older versions
+ * of QEMU, we've set version_id to a value high enough to exceed all past
+ * values of sizeof(I6300State) across various build environments, and have
+ * reset minimum_version_id_old/minimum_version_id to 1, since this VMSD
+ * has never changed and thus can accept all past versions.
+ *
+ * For future changes we can treat these values as we normally would.
+ */
+ .version_id = 10000,
+ .minimum_version_id = 1,
+ .minimum_version_id_old = 1,
+ .fields = (VMStateField []) {
+ VMSTATE_PCI_DEVICE(dev, I6300State),
+ VMSTATE_INT32(reboot_enabled, I6300State),
+ VMSTATE_INT32(clock_scale, I6300State),
+ VMSTATE_INT32(int_type, I6300State),
+ VMSTATE_INT32(free_run, I6300State),
+ VMSTATE_INT32(locked, I6300State),
+ VMSTATE_INT32(enabled, I6300State),
+ VMSTATE_TIMER(timer, I6300State),
+ VMSTATE_UINT32(timer1_preload, I6300State),
+ VMSTATE_UINT32(timer2_preload, I6300State),
+ VMSTATE_INT32(stage, I6300State),
+ VMSTATE_INT32(unlock_state, I6300State),
+ VMSTATE_INT32(previous_reboot_flag, I6300State),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+static int i6300esb_init(PCIDevice *dev)
+{
+ I6300State *d = DO_UPCAST(I6300State, dev, dev);
+
+ i6300esb_debug("I6300State = %p\n", d);
+
+ d->timer = qemu_new_timer_ns(vm_clock, i6300esb_timer_expired, d);
+ d->previous_reboot_flag = 0;
+
+ memory_region_init_io(&d->io_mem, OBJECT(d), &i6300esb_ops, d,
+ "i6300esb", 0x10);
+ pci_register_bar(&d->dev, 0, 0, &d->io_mem);
+ /* qemu_register_coalesced_mmio (addr, 0x10); ? */
+
+ return 0;
+}
+
+static void i6300esb_exit(PCIDevice *dev)
+{
+ I6300State *d = DO_UPCAST(I6300State, dev, dev);
+
+ memory_region_destroy(&d->io_mem);
+}
+
+static WatchdogTimerModel model = {
+ .wdt_name = "i6300esb",
+ .wdt_description = "Intel 6300ESB",
+};
+
+static void i6300esb_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ PCIDeviceClass *k = PCI_DEVICE_CLASS(klass);
+
+ k->config_read = i6300esb_config_read;
+ k->config_write = i6300esb_config_write;
+ k->init = i6300esb_init;
+ k->exit = i6300esb_exit;
+ k->vendor_id = PCI_VENDOR_ID_INTEL;
+ k->device_id = PCI_DEVICE_ID_INTEL_ESB_9;
+ k->class_id = PCI_CLASS_SYSTEM_OTHER;
+ dc->reset = i6300esb_reset;
+ dc->vmsd = &vmstate_i6300esb;
+ set_bit(DEVICE_CATEGORY_MISC, dc->categories);
+}
+
+static const TypeInfo i6300esb_info = {
+ .name = "i6300esb",
+ .parent = TYPE_PCI_DEVICE,
+ .instance_size = sizeof(I6300State),
+ .class_init = i6300esb_class_init,
+};
+
+static void i6300esb_register_types(void)
+{
+ watchdog_add_model(&model);
+ type_register_static(&i6300esb_info);
+}
+
+type_init(i6300esb_register_types)
diff --git a/hw/watchdog/wdt_ib700.c b/hw/watchdog/wdt_ib700.c
new file mode 100644
index 000000000..e97b4c304
--- /dev/null
+++ b/hw/watchdog/wdt_ib700.c
@@ -0,0 +1,156 @@
+/*
+ * Virtual hardware watchdog.
+ *
+ * Copyright (C) 2009 Red Hat Inc.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ *
+ * By Richard W.M. Jones (rjones@redhat.com).
+ */
+
+#include "qemu-common.h"
+#include "qemu/timer.h"
+#include "sysemu/watchdog.h"
+#include "hw/hw.h"
+#include "hw/isa/isa.h"
+#include "hw/i386/pc.h"
+
+/*#define IB700_DEBUG 1*/
+
+#ifdef IB700_DEBUG
+#define ib700_debug(fs,...) \
+ fprintf(stderr,"ib700: %s: "fs,__func__,##__VA_ARGS__)
+#else
+#define ib700_debug(fs,...)
+#endif
+
+#define TYPE_IB700 "ib700"
+#define IB700(obj) OBJECT_CHECK(IB700State, (obj), TYPE_IB700)
+
+typedef struct IB700state {
+ ISADevice parent_obj;
+
+ QEMUTimer *timer;
+} IB700State;
+
+/* This is the timer. We use a global here because the watchdog
+ * code ensures there is only one watchdog (it is located at a fixed,
+ * unchangeable IO port, so there could only ever be one anyway).
+ */
+
+/* A write to this register enables the timer. */
+static void ib700_write_enable_reg(void *vp, uint32_t addr, uint32_t data)
+{
+ IB700State *s = vp;
+ static int time_map[] = {
+ 30, 28, 26, 24, 22, 20, 18, 16,
+ 14, 12, 10, 8, 6, 4, 2, 0
+ };
+ int64_t timeout;
+
+ ib700_debug("addr = %x, data = %x\n", addr, data);
+
+ timeout = (int64_t) time_map[data & 0xF] * get_ticks_per_sec();
+ qemu_mod_timer(s->timer, qemu_get_clock_ns (vm_clock) + timeout);
+}
+
+/* A write (of any value) to this register disables the timer. */
+static void ib700_write_disable_reg(void *vp, uint32_t addr, uint32_t data)
+{
+ IB700State *s = vp;
+
+ ib700_debug("addr = %x, data = %x\n", addr, data);
+
+ qemu_del_timer(s->timer);
+}
+
+/* This is called when the watchdog expires. */
+static void ib700_timer_expired(void *vp)
+{
+ IB700State *s = vp;
+
+ ib700_debug("watchdog expired\n");
+
+ watchdog_perform_action();
+ qemu_del_timer(s->timer);
+}
+
+static const VMStateDescription vmstate_ib700 = {
+ .name = "ib700_wdt",
+ .version_id = 0,
+ .minimum_version_id = 0,
+ .minimum_version_id_old = 0,
+ .fields = (VMStateField []) {
+ VMSTATE_TIMER(timer, IB700State),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+static const MemoryRegionPortio wdt_portio_list[] = {
+ { 0x441, 2, 1, .write = ib700_write_disable_reg, },
+ { 0x443, 2, 1, .write = ib700_write_enable_reg, },
+ PORTIO_END_OF_LIST(),
+};
+
+static void wdt_ib700_realize(DeviceState *dev, Error **errp)
+{
+ IB700State *s = IB700(dev);
+ PortioList *port_list = g_new(PortioList, 1);
+
+ ib700_debug("watchdog init\n");
+
+ s->timer = qemu_new_timer_ns(vm_clock, ib700_timer_expired, s);
+
+ portio_list_init(port_list, OBJECT(s), wdt_portio_list, s, "ib700");
+ portio_list_add(port_list, isa_address_space_io(&s->parent_obj), 0);
+}
+
+static void wdt_ib700_reset(DeviceState *dev)
+{
+ IB700State *s = IB700(dev);
+
+ ib700_debug("watchdog reset\n");
+
+ qemu_del_timer(s->timer);
+}
+
+static WatchdogTimerModel model = {
+ .wdt_name = "ib700",
+ .wdt_description = "iBASE 700",
+};
+
+static void wdt_ib700_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+
+ dc->realize = wdt_ib700_realize;
+ dc->reset = wdt_ib700_reset;
+ dc->vmsd = &vmstate_ib700;
+ set_bit(DEVICE_CATEGORY_MISC, dc->categories);
+}
+
+static const TypeInfo wdt_ib700_info = {
+ .name = TYPE_IB700,
+ .parent = TYPE_ISA_DEVICE,
+ .instance_size = sizeof(IB700State),
+ .class_init = wdt_ib700_class_init,
+};
+
+static void wdt_ib700_register_types(void)
+{
+ watchdog_add_model(&model);
+ type_register_static(&wdt_ib700_info);
+}
+
+type_init(wdt_ib700_register_types)
diff --git a/hw/wdt_i6300esb.c b/hw/wdt_i6300esb.c
deleted file mode 100644
index da15c7391..000000000
--- a/hw/wdt_i6300esb.c
+++ /dev/null
@@ -1,455 +0,0 @@
-/*
- * Virtual hardware watchdog.
- *
- * Copyright (C) 2009 Red Hat Inc.
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License
- * as published by the Free Software Foundation; either version 2
- * of the License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, see <http://www.gnu.org/licenses/>.
- *
- * By Richard W.M. Jones (rjones@redhat.com).
- */
-
-#include <inttypes.h>
-
-#include "qemu-common.h"
-#include "qemu-timer.h"
-#include "watchdog.h"
-#include "hw.h"
-#include "pci.h"
-
-/*#define I6300ESB_DEBUG 1*/
-
-#ifdef I6300ESB_DEBUG
-#define i6300esb_debug(fs,...) \
- fprintf(stderr,"i6300esb: %s: "fs,__func__,##__VA_ARGS__)
-#else
-#define i6300esb_debug(fs,...)
-#endif
-
-/* PCI configuration registers */
-#define ESB_CONFIG_REG 0x60 /* Config register */
-#define ESB_LOCK_REG 0x68 /* WDT lock register */
-
-/* Memory mapped registers (offset from base address) */
-#define ESB_TIMER1_REG 0x00 /* Timer1 value after each reset */
-#define ESB_TIMER2_REG 0x04 /* Timer2 value after each reset */
-#define ESB_GINTSR_REG 0x08 /* General Interrupt Status Register */
-#define ESB_RELOAD_REG 0x0c /* Reload register */
-
-/* Lock register bits */
-#define ESB_WDT_FUNC (0x01 << 2) /* Watchdog functionality */
-#define ESB_WDT_ENABLE (0x01 << 1) /* Enable WDT */
-#define ESB_WDT_LOCK (0x01 << 0) /* Lock (nowayout) */
-
-/* Config register bits */
-#define ESB_WDT_REBOOT (0x01 << 5) /* Enable reboot on timeout */
-#define ESB_WDT_FREQ (0x01 << 2) /* Decrement frequency */
-#define ESB_WDT_INTTYPE (0x11 << 0) /* Interrupt type on timer1 timeout */
-
-/* Reload register bits */
-#define ESB_WDT_RELOAD (0x01 << 8) /* prevent timeout */
-
-/* Magic constants */
-#define ESB_UNLOCK1 0x80 /* Step 1 to unlock reset registers */
-#define ESB_UNLOCK2 0x86 /* Step 2 to unlock reset registers */
-
-/* Device state. */
-struct I6300State {
- PCIDevice dev;
- MemoryRegion io_mem;
-
- int reboot_enabled; /* "Reboot" on timer expiry. The real action
- * performed depends on the -watchdog-action
- * param passed on QEMU command line.
- */
- int clock_scale; /* Clock scale. */
-#define CLOCK_SCALE_1KHZ 0
-#define CLOCK_SCALE_1MHZ 1
-
- int int_type; /* Interrupt type generated. */
-#define INT_TYPE_IRQ 0 /* APIC 1, INT 10 */
-#define INT_TYPE_SMI 2
-#define INT_TYPE_DISABLED 3
-
- int free_run; /* If true, reload timer on expiry. */
- int locked; /* If true, enabled field cannot be changed. */
- int enabled; /* If true, watchdog is enabled. */
-
- QEMUTimer *timer; /* The actual watchdog timer. */
-
- uint32_t timer1_preload; /* Values preloaded into timer1, timer2. */
- uint32_t timer2_preload;
- int stage; /* Stage (1 or 2). */
-
- int unlock_state; /* Guest writes 0x80, 0x86 to unlock the
- * registers, and we transition through
- * states 0 -> 1 -> 2 when this happens.
- */
-
- int previous_reboot_flag; /* If the watchdog caused the previous
- * reboot, this flag will be set.
- */
-};
-
-typedef struct I6300State I6300State;
-
-/* This function is called when the watchdog has either been enabled
- * (hence it starts counting down) or has been keep-alived.
- */
-static void i6300esb_restart_timer(I6300State *d, int stage)
-{
- int64_t timeout;
-
- if (!d->enabled)
- return;
-
- d->stage = stage;
-
- if (d->stage <= 1)
- timeout = d->timer1_preload;
- else
- timeout = d->timer2_preload;
-
- if (d->clock_scale == CLOCK_SCALE_1KHZ)
- timeout <<= 15;
- else
- timeout <<= 5;
-
- /* Get the timeout in units of ticks_per_sec. */
- timeout = get_ticks_per_sec() * timeout / 33000000;
-
- i6300esb_debug("stage %d, timeout %" PRIi64 "\n", d->stage, timeout);
-
- qemu_mod_timer(d->timer, qemu_get_clock_ns(vm_clock) + timeout);
-}
-
-/* This is called when the guest disables the watchdog. */
-static void i6300esb_disable_timer(I6300State *d)
-{
- i6300esb_debug("timer disabled\n");
-
- qemu_del_timer(d->timer);
-}
-
-static void i6300esb_reset(DeviceState *dev)
-{
- PCIDevice *pdev = PCI_DEVICE(dev);
- I6300State *d = DO_UPCAST(I6300State, dev, pdev);
-
- i6300esb_debug("I6300State = %p\n", d);
-
- i6300esb_disable_timer(d);
-
- /* NB: Don't change d->previous_reboot_flag in this function. */
-
- d->reboot_enabled = 1;
- d->clock_scale = CLOCK_SCALE_1KHZ;
- d->int_type = INT_TYPE_IRQ;
- d->free_run = 0;
- d->locked = 0;
- d->enabled = 0;
- d->timer1_preload = 0xfffff;
- d->timer2_preload = 0xfffff;
- d->stage = 1;
- d->unlock_state = 0;
-}
-
-/* This function is called when the watchdog expires. Note that
- * the hardware has two timers, and so expiry happens in two stages.
- * If d->stage == 1 then we perform the first stage action (usually,
- * sending an interrupt) and then restart the timer again for the
- * second stage. If the second stage expires then the watchdog
- * really has run out.
- */
-static void i6300esb_timer_expired(void *vp)
-{
- I6300State *d = vp;
-
- i6300esb_debug("stage %d\n", d->stage);
-
- if (d->stage == 1) {
- /* What to do at the end of stage 1? */
- switch (d->int_type) {
- case INT_TYPE_IRQ:
- fprintf(stderr, "i6300esb_timer_expired: I would send APIC 1 INT 10 here if I knew how (XXX)\n");
- break;
- case INT_TYPE_SMI:
- fprintf(stderr, "i6300esb_timer_expired: I would send SMI here if I knew how (XXX)\n");
- break;
- }
-
- /* Start the second stage. */
- i6300esb_restart_timer(d, 2);
- } else {
- /* Second stage expired, reboot for real. */
- if (d->reboot_enabled) {
- d->previous_reboot_flag = 1;
- watchdog_perform_action(); /* This reboots, exits, etc */
- i6300esb_reset(&d->dev.qdev);
- }
-
- /* In "free running mode" we start stage 1 again. */
- if (d->free_run)
- i6300esb_restart_timer(d, 1);
- }
-}
-
-static void i6300esb_config_write(PCIDevice *dev, uint32_t addr,
- uint32_t data, int len)
-{
- I6300State *d = DO_UPCAST(I6300State, dev, dev);
- int old;
-
- i6300esb_debug("addr = %x, data = %x, len = %d\n", addr, data, len);
-
- if (addr == ESB_CONFIG_REG && len == 2) {
- d->reboot_enabled = (data & ESB_WDT_REBOOT) == 0;
- d->clock_scale =
- (data & ESB_WDT_FREQ) != 0 ? CLOCK_SCALE_1MHZ : CLOCK_SCALE_1KHZ;
- d->int_type = (data & ESB_WDT_INTTYPE);
- } else if (addr == ESB_LOCK_REG && len == 1) {
- if (!d->locked) {
- d->locked = (data & ESB_WDT_LOCK) != 0;
- d->free_run = (data & ESB_WDT_FUNC) != 0;
- old = d->enabled;
- d->enabled = (data & ESB_WDT_ENABLE) != 0;
- if (!old && d->enabled) /* Enabled transitioned from 0 -> 1 */
- i6300esb_restart_timer(d, 1);
- else if (!d->enabled)
- i6300esb_disable_timer(d);
- }
- } else {
- pci_default_write_config(dev, addr, data, len);
- }
-}
-
-static uint32_t i6300esb_config_read(PCIDevice *dev, uint32_t addr, int len)
-{
- I6300State *d = DO_UPCAST(I6300State, dev, dev);
- uint32_t data;
-
- i6300esb_debug ("addr = %x, len = %d\n", addr, len);
-
- if (addr == ESB_CONFIG_REG && len == 2) {
- data =
- (d->reboot_enabled ? 0 : ESB_WDT_REBOOT) |
- (d->clock_scale == CLOCK_SCALE_1MHZ ? ESB_WDT_FREQ : 0) |
- d->int_type;
- return data;
- } else if (addr == ESB_LOCK_REG && len == 1) {
- data =
- (d->free_run ? ESB_WDT_FUNC : 0) |
- (d->locked ? ESB_WDT_LOCK : 0) |
- (d->enabled ? ESB_WDT_ENABLE : 0);
- return data;
- } else {
- return pci_default_read_config(dev, addr, len);
- }
-}
-
-static uint32_t i6300esb_mem_readb(void *vp, hwaddr addr)
-{
- i6300esb_debug ("addr = %x\n", (int) addr);
-
- return 0;
-}
-
-static uint32_t i6300esb_mem_readw(void *vp, hwaddr addr)
-{
- uint32_t data = 0;
- I6300State *d = vp;
-
- i6300esb_debug("addr = %x\n", (int) addr);
-
- if (addr == 0xc) {
- /* The previous reboot flag is really bit 9, but there is
- * a bug in the Linux driver where it thinks it's bit 12.
- * Set both.
- */
- data = d->previous_reboot_flag ? 0x1200 : 0;
- }
-
- return data;
-}
-
-static uint32_t i6300esb_mem_readl(void *vp, hwaddr addr)
-{
- i6300esb_debug("addr = %x\n", (int) addr);
-
- return 0;
-}
-
-static void i6300esb_mem_writeb(void *vp, hwaddr addr, uint32_t val)
-{
- I6300State *d = vp;
-
- i6300esb_debug("addr = %x, val = %x\n", (int) addr, val);
-
- if (addr == 0xc && val == 0x80)
- d->unlock_state = 1;
- else if (addr == 0xc && val == 0x86 && d->unlock_state == 1)
- d->unlock_state = 2;
-}
-
-static void i6300esb_mem_writew(void *vp, hwaddr addr, uint32_t val)
-{
- I6300State *d = vp;
-
- i6300esb_debug("addr = %x, val = %x\n", (int) addr, val);
-
- if (addr == 0xc && val == 0x80)
- d->unlock_state = 1;
- else if (addr == 0xc && val == 0x86 && d->unlock_state == 1)
- d->unlock_state = 2;
- else {
- if (d->unlock_state == 2) {
- if (addr == 0xc) {
- if ((val & 0x100) != 0)
- /* This is the "ping" from the userspace watchdog in
- * the guest ...
- */
- i6300esb_restart_timer(d, 1);
-
- /* Setting bit 9 resets the previous reboot flag.
- * There's a bug in the Linux driver where it sets
- * bit 12 instead.
- */
- if ((val & 0x200) != 0 || (val & 0x1000) != 0) {
- d->previous_reboot_flag = 0;
- }
- }
-
- d->unlock_state = 0;
- }
- }
-}
-
-static void i6300esb_mem_writel(void *vp, hwaddr addr, uint32_t val)
-{
- I6300State *d = vp;
-
- i6300esb_debug ("addr = %x, val = %x\n", (int) addr, val);
-
- if (addr == 0xc && val == 0x80)
- d->unlock_state = 1;
- else if (addr == 0xc && val == 0x86 && d->unlock_state == 1)
- d->unlock_state = 2;
- else {
- if (d->unlock_state == 2) {
- if (addr == 0)
- d->timer1_preload = val & 0xfffff;
- else if (addr == 4)
- d->timer2_preload = val & 0xfffff;
-
- d->unlock_state = 0;
- }
- }
-}
-
-static const MemoryRegionOps i6300esb_ops = {
- .old_mmio = {
- .read = {
- i6300esb_mem_readb,
- i6300esb_mem_readw,
- i6300esb_mem_readl,
- },
- .write = {
- i6300esb_mem_writeb,
- i6300esb_mem_writew,
- i6300esb_mem_writel,
- },
- },
- .endianness = DEVICE_NATIVE_ENDIAN,
-};
-
-static const VMStateDescription vmstate_i6300esb = {
- .name = "i6300esb_wdt",
- .version_id = sizeof(I6300State),
- .minimum_version_id = sizeof(I6300State),
- .minimum_version_id_old = sizeof(I6300State),
- .fields = (VMStateField []) {
- VMSTATE_PCI_DEVICE(dev, I6300State),
- VMSTATE_INT32(reboot_enabled, I6300State),
- VMSTATE_INT32(clock_scale, I6300State),
- VMSTATE_INT32(int_type, I6300State),
- VMSTATE_INT32(free_run, I6300State),
- VMSTATE_INT32(locked, I6300State),
- VMSTATE_INT32(enabled, I6300State),
- VMSTATE_TIMER(timer, I6300State),
- VMSTATE_UINT32(timer1_preload, I6300State),
- VMSTATE_UINT32(timer2_preload, I6300State),
- VMSTATE_INT32(stage, I6300State),
- VMSTATE_INT32(unlock_state, I6300State),
- VMSTATE_INT32(previous_reboot_flag, I6300State),
- VMSTATE_END_OF_LIST()
- }
-};
-
-static int i6300esb_init(PCIDevice *dev)
-{
- I6300State *d = DO_UPCAST(I6300State, dev, dev);
-
- i6300esb_debug("I6300State = %p\n", d);
-
- d->timer = qemu_new_timer_ns(vm_clock, i6300esb_timer_expired, d);
- d->previous_reboot_flag = 0;
-
- memory_region_init_io(&d->io_mem, &i6300esb_ops, d, "i6300esb", 0x10);
- pci_register_bar(&d->dev, 0, 0, &d->io_mem);
- /* qemu_register_coalesced_mmio (addr, 0x10); ? */
-
- return 0;
-}
-
-static void i6300esb_exit(PCIDevice *dev)
-{
- I6300State *d = DO_UPCAST(I6300State, dev, dev);
-
- memory_region_destroy(&d->io_mem);
-}
-
-static WatchdogTimerModel model = {
- .wdt_name = "i6300esb",
- .wdt_description = "Intel 6300ESB",
-};
-
-static void i6300esb_class_init(ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS(klass);
- PCIDeviceClass *k = PCI_DEVICE_CLASS(klass);
-
- k->config_read = i6300esb_config_read;
- k->config_write = i6300esb_config_write;
- k->init = i6300esb_init;
- k->exit = i6300esb_exit;
- k->vendor_id = PCI_VENDOR_ID_INTEL;
- k->device_id = PCI_DEVICE_ID_INTEL_ESB_9;
- k->class_id = PCI_CLASS_SYSTEM_OTHER;
- dc->reset = i6300esb_reset;
- dc->vmsd = &vmstate_i6300esb;
-}
-
-static TypeInfo i6300esb_info = {
- .name = "i6300esb",
- .parent = TYPE_PCI_DEVICE,
- .instance_size = sizeof(I6300State),
- .class_init = i6300esb_class_init,
-};
-
-static void i6300esb_register_types(void)
-{
- watchdog_add_model(&model);
- type_register_static(&i6300esb_info);
-}
-
-type_init(i6300esb_register_types)
diff --git a/hw/wdt_ib700.c b/hw/wdt_ib700.c
deleted file mode 100644
index 7f6c21d80..000000000
--- a/hw/wdt_ib700.c
+++ /dev/null
@@ -1,145 +0,0 @@
-/*
- * Virtual hardware watchdog.
- *
- * Copyright (C) 2009 Red Hat Inc.
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License
- * as published by the Free Software Foundation; either version 2
- * of the License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, see <http://www.gnu.org/licenses/>.
- *
- * By Richard W.M. Jones (rjones@redhat.com).
- */
-
-#include "qemu-common.h"
-#include "qemu-timer.h"
-#include "watchdog.h"
-#include "hw.h"
-#include "isa.h"
-#include "pc.h"
-
-/*#define IB700_DEBUG 1*/
-
-#ifdef IB700_DEBUG
-#define ib700_debug(fs,...) \
- fprintf(stderr,"ib700: %s: "fs,__func__,##__VA_ARGS__)
-#else
-#define ib700_debug(fs,...)
-#endif
-
-typedef struct IB700state {
- ISADevice dev;
- QEMUTimer *timer;
-} IB700State;
-
-/* This is the timer. We use a global here because the watchdog
- * code ensures there is only one watchdog (it is located at a fixed,
- * unchangeable IO port, so there could only ever be one anyway).
- */
-
-/* A write to this register enables the timer. */
-static void ib700_write_enable_reg(void *vp, uint32_t addr, uint32_t data)
-{
- IB700State *s = vp;
- static int time_map[] = {
- 30, 28, 26, 24, 22, 20, 18, 16,
- 14, 12, 10, 8, 6, 4, 2, 0
- };
- int64_t timeout;
-
- ib700_debug("addr = %x, data = %x\n", addr, data);
-
- timeout = (int64_t) time_map[data & 0xF] * get_ticks_per_sec();
- qemu_mod_timer(s->timer, qemu_get_clock_ns (vm_clock) + timeout);
-}
-
-/* A write (of any value) to this register disables the timer. */
-static void ib700_write_disable_reg(void *vp, uint32_t addr, uint32_t data)
-{
- IB700State *s = vp;
-
- ib700_debug("addr = %x, data = %x\n", addr, data);
-
- qemu_del_timer(s->timer);
-}
-
-/* This is called when the watchdog expires. */
-static void ib700_timer_expired(void *vp)
-{
- IB700State *s = vp;
-
- ib700_debug("watchdog expired\n");
-
- watchdog_perform_action();
- qemu_del_timer(s->timer);
-}
-
-static const VMStateDescription vmstate_ib700 = {
- .name = "ib700_wdt",
- .version_id = 0,
- .minimum_version_id = 0,
- .minimum_version_id_old = 0,
- .fields = (VMStateField []) {
- VMSTATE_TIMER(timer, IB700State),
- VMSTATE_END_OF_LIST()
- }
-};
-
-static int wdt_ib700_init(ISADevice *dev)
-{
- IB700State *s = DO_UPCAST(IB700State, dev, dev);
-
- ib700_debug("watchdog init\n");
-
- s->timer = qemu_new_timer_ns(vm_clock, ib700_timer_expired, s);
- register_ioport_write(0x441, 2, 1, ib700_write_disable_reg, s);
- register_ioport_write(0x443, 2, 1, ib700_write_enable_reg, s);
-
- return 0;
-}
-
-static void wdt_ib700_reset(DeviceState *dev)
-{
- IB700State *s = DO_UPCAST(IB700State, dev.qdev, dev);
-
- ib700_debug("watchdog reset\n");
-
- qemu_del_timer(s->timer);
-}
-
-static WatchdogTimerModel model = {
- .wdt_name = "ib700",
- .wdt_description = "iBASE 700",
-};
-
-static void wdt_ib700_class_init(ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS(klass);
- ISADeviceClass *ic = ISA_DEVICE_CLASS(klass);
- ic->init = wdt_ib700_init;
- dc->reset = wdt_ib700_reset;
- dc->vmsd = &vmstate_ib700;
-}
-
-static TypeInfo wdt_ib700_info = {
- .name = "ib700",
- .parent = TYPE_ISA_DEVICE,
- .instance_size = sizeof(IB700State),
- .class_init = wdt_ib700_class_init,
-};
-
-static void wdt_ib700_register_types(void)
-{
- watchdog_add_model(&model);
- type_register_static(&wdt_ib700_info);
-}
-
-type_init(wdt_ib700_register_types)
diff --git a/hw/wm8750.c b/hw/wm8750.c
deleted file mode 100644
index 44f138fd5..000000000
--- a/hw/wm8750.c
+++ /dev/null
@@ -1,716 +0,0 @@
-/*
- * WM8750 audio CODEC.
- *
- * Copyright (c) 2006 Openedhand Ltd.
- * Written by Andrzej Zaborowski <balrog@zabor.org>
- *
- * This file is licensed under GNU GPL.
- */
-
-#include "hw.h"
-#include "i2c.h"
-#include "audio/audio.h"
-
-#define IN_PORT_N 3
-#define OUT_PORT_N 3
-
-#define CODEC "wm8750"
-
-typedef struct {
- int adc;
- int adc_hz;
- int dac;
- int dac_hz;
-} WMRate;
-
-typedef struct {
- I2CSlave i2c;
- uint8_t i2c_data[2];
- int i2c_len;
- QEMUSoundCard card;
- SWVoiceIn *adc_voice[IN_PORT_N];
- SWVoiceOut *dac_voice[OUT_PORT_N];
- int enable;
- void (*data_req)(void *, int, int);
- void *opaque;
- uint8_t data_in[4096];
- uint8_t data_out[4096];
- int idx_in, req_in;
- int idx_out, req_out;
-
- SWVoiceOut **out[2];
- uint8_t outvol[7], outmute[2];
- SWVoiceIn **in[2];
- uint8_t invol[4], inmute[2];
-
- uint8_t diff[2], pol, ds, monomix[2], alc, mute;
- uint8_t path[4], mpath[2], power, format;
- const WMRate *rate;
- uint8_t rate_vmstate;
- int adc_hz, dac_hz, ext_adc_hz, ext_dac_hz, master;
-} WM8750State;
-
-/* pow(10.0, -i / 20.0) * 255, i = 0..42 */
-static const uint8_t wm8750_vol_db_table[] = {
- 255, 227, 203, 181, 161, 143, 128, 114, 102, 90, 81, 72, 64, 57, 51, 45,
- 40, 36, 32, 29, 26, 23, 20, 18, 16, 14, 13, 11, 10, 9, 8, 7, 6, 6, 5, 5,
- 4, 4, 3, 3, 3, 2, 2
-};
-
-#define WM8750_OUTVOL_TRANSFORM(x) wm8750_vol_db_table[(0x7f - x) / 3]
-#define WM8750_INVOL_TRANSFORM(x) (x << 2)
-
-static inline void wm8750_in_load(WM8750State *s)
-{
- if (s->idx_in + s->req_in <= sizeof(s->data_in))
- return;
- s->idx_in = audio_MAX(0, (int) sizeof(s->data_in) - s->req_in);
- AUD_read(*s->in[0], s->data_in + s->idx_in,
- sizeof(s->data_in) - s->idx_in);
-}
-
-static inline void wm8750_out_flush(WM8750State *s)
-{
- int sent = 0;
- while (sent < s->idx_out)
- sent += AUD_write(*s->out[0], s->data_out + sent, s->idx_out - sent)
- ?: s->idx_out;
- s->idx_out = 0;
-}
-
-static void wm8750_audio_in_cb(void *opaque, int avail_b)
-{
- WM8750State *s = (WM8750State *) opaque;
- s->req_in = avail_b;
- s->data_req(s->opaque, s->req_out >> 2, avail_b >> 2);
-}
-
-static void wm8750_audio_out_cb(void *opaque, int free_b)
-{
- WM8750State *s = (WM8750State *) opaque;
-
- if (s->idx_out >= free_b) {
- s->idx_out = free_b;
- s->req_out = 0;
- wm8750_out_flush(s);
- } else
- s->req_out = free_b - s->idx_out;
-
- s->data_req(s->opaque, s->req_out >> 2, s->req_in >> 2);
-}
-
-static const WMRate wm_rate_table[] = {
- { 256, 48000, 256, 48000 }, /* SR: 00000 */
- { 384, 48000, 384, 48000 }, /* SR: 00001 */
- { 256, 48000, 1536, 8000 }, /* SR: 00010 */
- { 384, 48000, 2304, 8000 }, /* SR: 00011 */
- { 1536, 8000, 256, 48000 }, /* SR: 00100 */
- { 2304, 8000, 384, 48000 }, /* SR: 00101 */
- { 1536, 8000, 1536, 8000 }, /* SR: 00110 */
- { 2304, 8000, 2304, 8000 }, /* SR: 00111 */
- { 1024, 12000, 1024, 12000 }, /* SR: 01000 */
- { 1526, 12000, 1536, 12000 }, /* SR: 01001 */
- { 768, 16000, 768, 16000 }, /* SR: 01010 */
- { 1152, 16000, 1152, 16000 }, /* SR: 01011 */
- { 384, 32000, 384, 32000 }, /* SR: 01100 */
- { 576, 32000, 576, 32000 }, /* SR: 01101 */
- { 128, 96000, 128, 96000 }, /* SR: 01110 */
- { 192, 96000, 192, 96000 }, /* SR: 01111 */
- { 256, 44100, 256, 44100 }, /* SR: 10000 */
- { 384, 44100, 384, 44100 }, /* SR: 10001 */
- { 256, 44100, 1408, 8018 }, /* SR: 10010 */
- { 384, 44100, 2112, 8018 }, /* SR: 10011 */
- { 1408, 8018, 256, 44100 }, /* SR: 10100 */
- { 2112, 8018, 384, 44100 }, /* SR: 10101 */
- { 1408, 8018, 1408, 8018 }, /* SR: 10110 */
- { 2112, 8018, 2112, 8018 }, /* SR: 10111 */
- { 1024, 11025, 1024, 11025 }, /* SR: 11000 */
- { 1536, 11025, 1536, 11025 }, /* SR: 11001 */
- { 512, 22050, 512, 22050 }, /* SR: 11010 */
- { 768, 22050, 768, 22050 }, /* SR: 11011 */
- { 512, 24000, 512, 24000 }, /* SR: 11100 */
- { 768, 24000, 768, 24000 }, /* SR: 11101 */
- { 128, 88200, 128, 88200 }, /* SR: 11110 */
- { 192, 88200, 192, 88200 }, /* SR: 11111 */
-};
-
-static void wm8750_vol_update(WM8750State *s)
-{
- /* FIXME: multiply all volumes by s->invol[2], s->invol[3] */
-
- AUD_set_volume_in(s->adc_voice[0], s->mute,
- s->inmute[0] ? 0 : WM8750_INVOL_TRANSFORM(s->invol[0]),
- s->inmute[1] ? 0 : WM8750_INVOL_TRANSFORM(s->invol[1]));
- AUD_set_volume_in(s->adc_voice[1], s->mute,
- s->inmute[0] ? 0 : WM8750_INVOL_TRANSFORM(s->invol[0]),
- s->inmute[1] ? 0 : WM8750_INVOL_TRANSFORM(s->invol[1]));
- AUD_set_volume_in(s->adc_voice[2], s->mute,
- s->inmute[0] ? 0 : WM8750_INVOL_TRANSFORM(s->invol[0]),
- s->inmute[1] ? 0 : WM8750_INVOL_TRANSFORM(s->invol[1]));
-
- /* FIXME: multiply all volumes by s->outvol[0], s->outvol[1] */
-
- /* Speaker: LOUT2VOL ROUT2VOL */
- AUD_set_volume_out(s->dac_voice[0], s->mute,
- s->outmute[0] ? 0 : WM8750_OUTVOL_TRANSFORM(s->outvol[4]),
- s->outmute[1] ? 0 : WM8750_OUTVOL_TRANSFORM(s->outvol[5]));
-
- /* Headphone: LOUT1VOL ROUT1VOL */
- AUD_set_volume_out(s->dac_voice[1], s->mute,
- s->outmute[0] ? 0 : WM8750_OUTVOL_TRANSFORM(s->outvol[2]),
- s->outmute[1] ? 0 : WM8750_OUTVOL_TRANSFORM(s->outvol[3]));
-
- /* MONOOUT: MONOVOL MONOVOL */
- AUD_set_volume_out(s->dac_voice[2], s->mute,
- s->outmute[0] ? 0 : WM8750_OUTVOL_TRANSFORM(s->outvol[6]),
- s->outmute[1] ? 0 : WM8750_OUTVOL_TRANSFORM(s->outvol[6]));
-}
-
-static void wm8750_set_format(WM8750State *s)
-{
- int i;
- struct audsettings in_fmt;
- struct audsettings out_fmt;
-
- wm8750_out_flush(s);
-
- if (s->in[0] && *s->in[0])
- AUD_set_active_in(*s->in[0], 0);
- if (s->out[0] && *s->out[0])
- AUD_set_active_out(*s->out[0], 0);
-
- for (i = 0; i < IN_PORT_N; i ++)
- if (s->adc_voice[i]) {
- AUD_close_in(&s->card, s->adc_voice[i]);
- s->adc_voice[i] = NULL;
- }
- for (i = 0; i < OUT_PORT_N; i ++)
- if (s->dac_voice[i]) {
- AUD_close_out(&s->card, s->dac_voice[i]);
- s->dac_voice[i] = NULL;
- }
-
- if (!s->enable)
- return;
-
- /* Setup input */
- in_fmt.endianness = 0;
- in_fmt.nchannels = 2;
- in_fmt.freq = s->adc_hz;
- in_fmt.fmt = AUD_FMT_S16;
-
- s->adc_voice[0] = AUD_open_in(&s->card, s->adc_voice[0],
- CODEC ".input1", s, wm8750_audio_in_cb, &in_fmt);
- s->adc_voice[1] = AUD_open_in(&s->card, s->adc_voice[1],
- CODEC ".input2", s, wm8750_audio_in_cb, &in_fmt);
- s->adc_voice[2] = AUD_open_in(&s->card, s->adc_voice[2],
- CODEC ".input3", s, wm8750_audio_in_cb, &in_fmt);
-
- /* Setup output */
- out_fmt.endianness = 0;
- out_fmt.nchannels = 2;
- out_fmt.freq = s->dac_hz;
- out_fmt.fmt = AUD_FMT_S16;
-
- s->dac_voice[0] = AUD_open_out(&s->card, s->dac_voice[0],
- CODEC ".speaker", s, wm8750_audio_out_cb, &out_fmt);
- s->dac_voice[1] = AUD_open_out(&s->card, s->dac_voice[1],
- CODEC ".headphone", s, wm8750_audio_out_cb, &out_fmt);
- /* MONOMIX is also in stereo for simplicity */
- s->dac_voice[2] = AUD_open_out(&s->card, s->dac_voice[2],
- CODEC ".monomix", s, wm8750_audio_out_cb, &out_fmt);
- /* no sense emulating OUT3 which is a mix of other outputs */
-
- wm8750_vol_update(s);
-
- /* We should connect the left and right channels to their
- * respective inputs/outputs but we have completely no need
- * for mixing or combining paths to different ports, so we
- * connect both channels to where the left channel is routed. */
- if (s->in[0] && *s->in[0])
- AUD_set_active_in(*s->in[0], 1);
- if (s->out[0] && *s->out[0])
- AUD_set_active_out(*s->out[0], 1);
-}
-
-static void wm8750_clk_update(WM8750State *s, int ext)
-{
- if (s->master || !s->ext_dac_hz)
- s->dac_hz = s->rate->dac_hz;
- else
- s->dac_hz = s->ext_dac_hz;
-
- if (s->master || !s->ext_adc_hz)
- s->adc_hz = s->rate->adc_hz;
- else
- s->adc_hz = s->ext_adc_hz;
-
- if (s->master || (!s->ext_dac_hz && !s->ext_adc_hz)) {
- if (!ext)
- wm8750_set_format(s);
- } else {
- if (ext)
- wm8750_set_format(s);
- }
-}
-
-static void wm8750_reset(I2CSlave *i2c)
-{
- WM8750State *s = (WM8750State *) i2c;
- s->rate = &wm_rate_table[0];
- s->enable = 0;
- wm8750_clk_update(s, 1);
- s->diff[0] = 0;
- s->diff[1] = 0;
- s->ds = 0;
- s->alc = 0;
- s->in[0] = &s->adc_voice[0];
- s->invol[0] = 0x17;
- s->invol[1] = 0x17;
- s->invol[2] = 0xc3;
- s->invol[3] = 0xc3;
- s->out[0] = &s->dac_voice[0];
- s->outvol[0] = 0xff;
- s->outvol[1] = 0xff;
- s->outvol[2] = 0x79;
- s->outvol[3] = 0x79;
- s->outvol[4] = 0x79;
- s->outvol[5] = 0x79;
- s->outvol[6] = 0x79;
- s->inmute[0] = 0;
- s->inmute[1] = 0;
- s->outmute[0] = 0;
- s->outmute[1] = 0;
- s->mute = 1;
- s->path[0] = 0;
- s->path[1] = 0;
- s->path[2] = 0;
- s->path[3] = 0;
- s->mpath[0] = 0;
- s->mpath[1] = 0;
- s->format = 0x0a;
- s->idx_in = sizeof(s->data_in);
- s->req_in = 0;
- s->idx_out = 0;
- s->req_out = 0;
- wm8750_vol_update(s);
- s->i2c_len = 0;
-}
-
-static void wm8750_event(I2CSlave *i2c, enum i2c_event event)
-{
- WM8750State *s = (WM8750State *) i2c;
-
- switch (event) {
- case I2C_START_SEND:
- s->i2c_len = 0;
- break;
- case I2C_FINISH:
-#ifdef VERBOSE
- if (s->i2c_len < 2)
- printf("%s: message too short (%i bytes)\n",
- __FUNCTION__, s->i2c_len);
-#endif
- break;
- default:
- break;
- }
-}
-
-#define WM8750_LINVOL 0x00
-#define WM8750_RINVOL 0x01
-#define WM8750_LOUT1V 0x02
-#define WM8750_ROUT1V 0x03
-#define WM8750_ADCDAC 0x05
-#define WM8750_IFACE 0x07
-#define WM8750_SRATE 0x08
-#define WM8750_LDAC 0x0a
-#define WM8750_RDAC 0x0b
-#define WM8750_BASS 0x0c
-#define WM8750_TREBLE 0x0d
-#define WM8750_RESET 0x0f
-#define WM8750_3D 0x10
-#define WM8750_ALC1 0x11
-#define WM8750_ALC2 0x12
-#define WM8750_ALC3 0x13
-#define WM8750_NGATE 0x14
-#define WM8750_LADC 0x15
-#define WM8750_RADC 0x16
-#define WM8750_ADCTL1 0x17
-#define WM8750_ADCTL2 0x18
-#define WM8750_PWR1 0x19
-#define WM8750_PWR2 0x1a
-#define WM8750_ADCTL3 0x1b
-#define WM8750_ADCIN 0x1f
-#define WM8750_LADCIN 0x20
-#define WM8750_RADCIN 0x21
-#define WM8750_LOUTM1 0x22
-#define WM8750_LOUTM2 0x23
-#define WM8750_ROUTM1 0x24
-#define WM8750_ROUTM2 0x25
-#define WM8750_MOUTM1 0x26
-#define WM8750_MOUTM2 0x27
-#define WM8750_LOUT2V 0x28
-#define WM8750_ROUT2V 0x29
-#define WM8750_MOUTV 0x2a
-
-static int wm8750_tx(I2CSlave *i2c, uint8_t data)
-{
- WM8750State *s = (WM8750State *) i2c;
- uint8_t cmd;
- uint16_t value;
-
- if (s->i2c_len >= 2) {
-#ifdef VERBOSE
- printf("%s: long message (%i bytes)\n", __func__, s->i2c_len);
-#endif
- return 1;
- }
- s->i2c_data[s->i2c_len ++] = data;
- if (s->i2c_len != 2)
- return 0;
-
- cmd = s->i2c_data[0] >> 1;
- value = ((s->i2c_data[0] << 8) | s->i2c_data[1]) & 0x1ff;
-
- switch (cmd) {
- case WM8750_LADCIN: /* ADC Signal Path Control (Left) */
- s->diff[0] = (((value >> 6) & 3) == 3); /* LINSEL */
- if (s->diff[0])
- s->in[0] = &s->adc_voice[0 + s->ds * 1];
- else
- s->in[0] = &s->adc_voice[((value >> 6) & 3) * 1 + 0];
- break;
-
- case WM8750_RADCIN: /* ADC Signal Path Control (Right) */
- s->diff[1] = (((value >> 6) & 3) == 3); /* RINSEL */
- if (s->diff[1])
- s->in[1] = &s->adc_voice[0 + s->ds * 1];
- else
- s->in[1] = &s->adc_voice[((value >> 6) & 3) * 1 + 0];
- break;
-
- case WM8750_ADCIN: /* ADC Input Mode */
- s->ds = (value >> 8) & 1; /* DS */
- if (s->diff[0])
- s->in[0] = &s->adc_voice[0 + s->ds * 1];
- if (s->diff[1])
- s->in[1] = &s->adc_voice[0 + s->ds * 1];
- s->monomix[0] = (value >> 6) & 3; /* MONOMIX */
- break;
-
- case WM8750_ADCTL1: /* Additional Control (1) */
- s->monomix[1] = (value >> 1) & 1; /* DMONOMIX */
- break;
-
- case WM8750_PWR1: /* Power Management (1) */
- s->enable = ((value >> 6) & 7) == 3; /* VMIDSEL, VREF */
- wm8750_set_format(s);
- break;
-
- case WM8750_LINVOL: /* Left Channel PGA */
- s->invol[0] = value & 0x3f; /* LINVOL */
- s->inmute[0] = (value >> 7) & 1; /* LINMUTE */
- wm8750_vol_update(s);
- break;
-
- case WM8750_RINVOL: /* Right Channel PGA */
- s->invol[1] = value & 0x3f; /* RINVOL */
- s->inmute[1] = (value >> 7) & 1; /* RINMUTE */
- wm8750_vol_update(s);
- break;
-
- case WM8750_ADCDAC: /* ADC and DAC Control */
- s->pol = (value >> 5) & 3; /* ADCPOL */
- s->mute = (value >> 3) & 1; /* DACMU */
- wm8750_vol_update(s);
- break;
-
- case WM8750_ADCTL3: /* Additional Control (3) */
- break;
-
- case WM8750_LADC: /* Left ADC Digital Volume */
- s->invol[2] = value & 0xff; /* LADCVOL */
- wm8750_vol_update(s);
- break;
-
- case WM8750_RADC: /* Right ADC Digital Volume */
- s->invol[3] = value & 0xff; /* RADCVOL */
- wm8750_vol_update(s);
- break;
-
- case WM8750_ALC1: /* ALC Control (1) */
- s->alc = (value >> 7) & 3; /* ALCSEL */
- break;
-
- case WM8750_NGATE: /* Noise Gate Control */
- case WM8750_3D: /* 3D enhance */
- break;
-
- case WM8750_LDAC: /* Left Channel Digital Volume */
- s->outvol[0] = value & 0xff; /* LDACVOL */
- wm8750_vol_update(s);
- break;
-
- case WM8750_RDAC: /* Right Channel Digital Volume */
- s->outvol[1] = value & 0xff; /* RDACVOL */
- wm8750_vol_update(s);
- break;
-
- case WM8750_BASS: /* Bass Control */
- break;
-
- case WM8750_LOUTM1: /* Left Mixer Control (1) */
- s->path[0] = (value >> 8) & 1; /* LD2LO */
- /* TODO: mute/unmute respective paths */
- wm8750_vol_update(s);
- break;
-
- case WM8750_LOUTM2: /* Left Mixer Control (2) */
- s->path[1] = (value >> 8) & 1; /* RD2LO */
- /* TODO: mute/unmute respective paths */
- wm8750_vol_update(s);
- break;
-
- case WM8750_ROUTM1: /* Right Mixer Control (1) */
- s->path[2] = (value >> 8) & 1; /* LD2RO */
- /* TODO: mute/unmute respective paths */
- wm8750_vol_update(s);
- break;
-
- case WM8750_ROUTM2: /* Right Mixer Control (2) */
- s->path[3] = (value >> 8) & 1; /* RD2RO */
- /* TODO: mute/unmute respective paths */
- wm8750_vol_update(s);
- break;
-
- case WM8750_MOUTM1: /* Mono Mixer Control (1) */
- s->mpath[0] = (value >> 8) & 1; /* LD2MO */
- /* TODO: mute/unmute respective paths */
- wm8750_vol_update(s);
- break;
-
- case WM8750_MOUTM2: /* Mono Mixer Control (2) */
- s->mpath[1] = (value >> 8) & 1; /* RD2MO */
- /* TODO: mute/unmute respective paths */
- wm8750_vol_update(s);
- break;
-
- case WM8750_LOUT1V: /* LOUT1 Volume */
- s->outvol[2] = value & 0x7f; /* LOUT1VOL */
- wm8750_vol_update(s);
- break;
-
- case WM8750_LOUT2V: /* LOUT2 Volume */
- s->outvol[4] = value & 0x7f; /* LOUT2VOL */
- wm8750_vol_update(s);
- break;
-
- case WM8750_ROUT1V: /* ROUT1 Volume */
- s->outvol[3] = value & 0x7f; /* ROUT1VOL */
- wm8750_vol_update(s);
- break;
-
- case WM8750_ROUT2V: /* ROUT2 Volume */
- s->outvol[5] = value & 0x7f; /* ROUT2VOL */
- wm8750_vol_update(s);
- break;
-
- case WM8750_MOUTV: /* MONOOUT Volume */
- s->outvol[6] = value & 0x7f; /* MONOOUTVOL */
- wm8750_vol_update(s);
- break;
-
- case WM8750_ADCTL2: /* Additional Control (2) */
- break;
-
- case WM8750_PWR2: /* Power Management (2) */
- s->power = value & 0x7e;
- /* TODO: mute/unmute respective paths */
- wm8750_vol_update(s);
- break;
-
- case WM8750_IFACE: /* Digital Audio Interface Format */
- s->format = value;
- s->master = (value >> 6) & 1; /* MS */
- wm8750_clk_update(s, s->master);
- break;
-
- case WM8750_SRATE: /* Clocking and Sample Rate Control */
- s->rate = &wm_rate_table[(value >> 1) & 0x1f];
- wm8750_clk_update(s, 0);
- break;
-
- case WM8750_RESET: /* Reset */
- wm8750_reset(&s->i2c);
- break;
-
-#ifdef VERBOSE
- default:
- printf("%s: unknown register %02x\n", __FUNCTION__, cmd);
-#endif
- }
-
- return 0;
-}
-
-static int wm8750_rx(I2CSlave *i2c)
-{
- return 0x00;
-}
-
-static void wm8750_pre_save(void *opaque)
-{
- WM8750State *s = opaque;
-
- s->rate_vmstate = s->rate - wm_rate_table;
-}
-
-static int wm8750_post_load(void *opaque, int version_id)
-{
- WM8750State *s = opaque;
-
- s->rate = &wm_rate_table[s->rate_vmstate & 0x1f];
- return 0;
-}
-
-static const VMStateDescription vmstate_wm8750 = {
- .name = CODEC,
- .version_id = 0,
- .minimum_version_id = 0,
- .minimum_version_id_old = 0,
- .pre_save = wm8750_pre_save,
- .post_load = wm8750_post_load,
- .fields = (VMStateField []) {
- VMSTATE_UINT8_ARRAY(i2c_data, WM8750State, 2),
- VMSTATE_INT32(i2c_len, WM8750State),
- VMSTATE_INT32(enable, WM8750State),
- VMSTATE_INT32(idx_in, WM8750State),
- VMSTATE_INT32(req_in, WM8750State),
- VMSTATE_INT32(idx_out, WM8750State),
- VMSTATE_INT32(req_out, WM8750State),
- VMSTATE_UINT8_ARRAY(outvol, WM8750State, 7),
- VMSTATE_UINT8_ARRAY(outmute, WM8750State, 2),
- VMSTATE_UINT8_ARRAY(invol, WM8750State, 4),
- VMSTATE_UINT8_ARRAY(inmute, WM8750State, 2),
- VMSTATE_UINT8_ARRAY(diff, WM8750State, 2),
- VMSTATE_UINT8(pol, WM8750State),
- VMSTATE_UINT8(ds, WM8750State),
- VMSTATE_UINT8_ARRAY(monomix, WM8750State, 2),
- VMSTATE_UINT8(alc, WM8750State),
- VMSTATE_UINT8(mute, WM8750State),
- VMSTATE_UINT8_ARRAY(path, WM8750State, 4),
- VMSTATE_UINT8_ARRAY(mpath, WM8750State, 2),
- VMSTATE_UINT8(format, WM8750State),
- VMSTATE_UINT8(power, WM8750State),
- VMSTATE_UINT8(rate_vmstate, WM8750State),
- VMSTATE_I2C_SLAVE(i2c, WM8750State),
- VMSTATE_END_OF_LIST()
- }
-};
-
-static int wm8750_init(I2CSlave *i2c)
-{
- WM8750State *s = FROM_I2C_SLAVE(WM8750State, i2c);
-
- AUD_register_card(CODEC, &s->card);
- wm8750_reset(&s->i2c);
-
- return 0;
-}
-
-#if 0
-static void wm8750_fini(I2CSlave *i2c)
-{
- WM8750State *s = (WM8750State *) i2c;
- wm8750_reset(&s->i2c);
- AUD_remove_card(&s->card);
- g_free(s);
-}
-#endif
-
-void wm8750_data_req_set(DeviceState *dev,
- void (*data_req)(void *, int, int), void *opaque)
-{
- WM8750State *s = FROM_I2C_SLAVE(WM8750State, I2C_SLAVE_FROM_QDEV(dev));
- s->data_req = data_req;
- s->opaque = opaque;
-}
-
-void wm8750_dac_dat(void *opaque, uint32_t sample)
-{
- WM8750State *s = (WM8750State *) opaque;
-
- *(uint32_t *) &s->data_out[s->idx_out] = sample;
- s->req_out -= 4;
- s->idx_out += 4;
- if (s->idx_out >= sizeof(s->data_out) || s->req_out <= 0)
- wm8750_out_flush(s);
-}
-
-void *wm8750_dac_buffer(void *opaque, int samples)
-{
- WM8750State *s = (WM8750State *) opaque;
- /* XXX: Should check if there are <i>samples</i> free samples available */
- void *ret = s->data_out + s->idx_out;
-
- s->idx_out += samples << 2;
- s->req_out -= samples << 2;
- return ret;
-}
-
-void wm8750_dac_commit(void *opaque)
-{
- WM8750State *s = (WM8750State *) opaque;
-
- wm8750_out_flush(s);
-}
-
-uint32_t wm8750_adc_dat(void *opaque)
-{
- WM8750State *s = (WM8750State *) opaque;
- uint32_t *data;
-
- if (s->idx_in >= sizeof(s->data_in))
- wm8750_in_load(s);
-
- data = (uint32_t *) &s->data_in[s->idx_in];
- s->req_in -= 4;
- s->idx_in += 4;
- return *data;
-}
-
-void wm8750_set_bclk_in(void *opaque, int new_hz)
-{
- WM8750State *s = (WM8750State *) opaque;
-
- s->ext_adc_hz = new_hz;
- s->ext_dac_hz = new_hz;
- wm8750_clk_update(s, 1);
-}
-
-static void wm8750_class_init(ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS(klass);
- I2CSlaveClass *sc = I2C_SLAVE_CLASS(klass);
-
- sc->init = wm8750_init;
- sc->event = wm8750_event;
- sc->recv = wm8750_rx;
- sc->send = wm8750_tx;
- dc->vmsd = &vmstate_wm8750;
-}
-
-static TypeInfo wm8750_info = {
- .name = "wm8750",
- .parent = TYPE_I2C_SLAVE,
- .instance_size = sizeof(WM8750State),
- .class_init = wm8750_class_init,
-};
-
-static void wm8750_register_types(void)
-{
- type_register_static(&wm8750_info);
-}
-
-type_init(wm8750_register_types)
diff --git a/hw/xen-host-pci-device.h b/hw/xen-host-pci-device.h
deleted file mode 100644
index 0079daca5..000000000
--- a/hw/xen-host-pci-device.h
+++ /dev/null
@@ -1,55 +0,0 @@
-#ifndef XEN_HOST_PCI_DEVICE_H
-#define XEN_HOST_PCI_DEVICE_H
-
-#include "pci.h"
-
-enum {
- XEN_HOST_PCI_REGION_TYPE_IO = 1 << 1,
- XEN_HOST_PCI_REGION_TYPE_MEM = 1 << 2,
- XEN_HOST_PCI_REGION_TYPE_PREFETCH = 1 << 3,
- XEN_HOST_PCI_REGION_TYPE_MEM_64 = 1 << 4,
-};
-
-typedef struct XenHostPCIIORegion {
- pcibus_t base_addr;
- pcibus_t size;
- uint8_t type;
- uint8_t bus_flags; /* Bus-specific bits */
-} XenHostPCIIORegion;
-
-typedef struct XenHostPCIDevice {
- uint16_t domain;
- uint8_t bus;
- uint8_t dev;
- uint8_t func;
-
- uint16_t vendor_id;
- uint16_t device_id;
- int irq;
-
- XenHostPCIIORegion io_regions[PCI_NUM_REGIONS - 1];
- XenHostPCIIORegion rom;
-
- bool is_virtfn;
-
- int config_fd;
-} XenHostPCIDevice;
-
-int xen_host_pci_device_get(XenHostPCIDevice *d, uint16_t domain,
- uint8_t bus, uint8_t dev, uint8_t func);
-void xen_host_pci_device_put(XenHostPCIDevice *pci_dev);
-
-int xen_host_pci_get_byte(XenHostPCIDevice *d, int pos, uint8_t *p);
-int xen_host_pci_get_word(XenHostPCIDevice *d, int pos, uint16_t *p);
-int xen_host_pci_get_long(XenHostPCIDevice *d, int pos, uint32_t *p);
-int xen_host_pci_get_block(XenHostPCIDevice *d, int pos, uint8_t *buf,
- int len);
-int xen_host_pci_set_byte(XenHostPCIDevice *d, int pos, uint8_t data);
-int xen_host_pci_set_word(XenHostPCIDevice *d, int pos, uint16_t data);
-int xen_host_pci_set_long(XenHostPCIDevice *d, int pos, uint32_t data);
-int xen_host_pci_set_block(XenHostPCIDevice *d, int pos, uint8_t *buf,
- int len);
-
-int xen_host_pci_find_ext_cap_offset(XenHostPCIDevice *s, uint32_t cap);
-
-#endif /* !XEN_HOST_PCI_DEVICE_H_ */
diff --git a/hw/xen.h b/hw/xen.h
deleted file mode 100644
index e3cca7fb9..000000000
--- a/hw/xen.h
+++ /dev/null
@@ -1,62 +0,0 @@
-#ifndef QEMU_HW_XEN_H
-#define QEMU_HW_XEN_H 1
-/*
- * public xen header
- * stuff needed outside xen-*.c, i.e. interfaces to qemu.
- * must not depend on any xen headers being present in
- * /usr/include/xen, so it can be included unconditionally.
- */
-#include <inttypes.h>
-
-#include "hw/irq.h"
-#include "qemu-common.h"
-
-/* xen-machine.c */
-enum xen_mode {
- XEN_EMULATE = 0, // xen emulation, using xenner (default)
- XEN_CREATE, // create xen domain
- XEN_ATTACH // attach to xen domain created by xend
-};
-
-extern uint32_t xen_domid;
-extern enum xen_mode xen_mode;
-
-extern int xen_allowed;
-
-static inline int xen_enabled(void)
-{
-#if defined(CONFIG_XEN_BACKEND) && !defined(CONFIG_NO_XEN)
- return xen_allowed;
-#else
- return 0;
-#endif
-}
-
-int xen_pci_slot_get_pirq(PCIDevice *pci_dev, int irq_num);
-void xen_piix3_set_irq(void *opaque, int irq_num, int level);
-void xen_piix_pci_write_config_client(uint32_t address, uint32_t val, int len);
-void xen_hvm_inject_msi(uint64_t addr, uint32_t data);
-void xen_cmos_set_s3_resume(void *opaque, int irq, int level);
-
-qemu_irq *xen_interrupt_controller_init(void);
-
-int xen_init(void);
-int xen_hvm_init(void);
-void xen_vcpu_init(void);
-void xenstore_store_pv_console_info(int i, struct CharDriverState *chr);
-
-#if defined(NEED_CPU_H) && !defined(CONFIG_USER_ONLY)
-struct MemoryRegion;
-void xen_ram_alloc(ram_addr_t ram_addr, ram_addr_t size,
- struct MemoryRegion *mr);
-void xen_modified_memory(ram_addr_t start, ram_addr_t length);
-#endif
-
-struct MemoryRegion;
-void xen_register_framebuffer(struct MemoryRegion *mr);
-
-#if defined(CONFIG_XEN) && CONFIG_XEN_CTRL_INTERFACE_VERSION < 400
-# define HVM_MAX_VCPUS 32
-#endif
-
-#endif /* QEMU_HW_XEN_H */
diff --git a/hw/xen/Makefile.objs b/hw/xen/Makefile.objs
new file mode 100644
index 000000000..ce640c61a
--- /dev/null
+++ b/hw/xen/Makefile.objs
@@ -0,0 +1,6 @@
+# xen backend driver support
+common-obj-$(CONFIG_XEN_BACKEND) += xen_backend.o xen_devconfig.o
+
+obj-$(CONFIG_XEN_I386) += xen_platform.o xen_apic.o xen_pvdevice.o
+obj-$(CONFIG_XEN_PCI_PASSTHROUGH) += xen-host-pci-device.o
+obj-$(CONFIG_XEN_PCI_PASSTHROUGH) += xen_pt.o xen_pt_config_init.o xen_pt_msi.o
diff --git a/hw/xen-host-pci-device.c b/hw/xen/xen-host-pci-device.c
index 743b37b99..743b37b99 100644
--- a/hw/xen-host-pci-device.c
+++ b/hw/xen/xen-host-pci-device.c
diff --git a/hw/xen/xen-host-pci-device.h b/hw/xen/xen-host-pci-device.h
new file mode 100644
index 000000000..c2486f0c1
--- /dev/null
+++ b/hw/xen/xen-host-pci-device.h
@@ -0,0 +1,55 @@
+#ifndef XEN_HOST_PCI_DEVICE_H
+#define XEN_HOST_PCI_DEVICE_H
+
+#include "hw/pci/pci.h"
+
+enum {
+ XEN_HOST_PCI_REGION_TYPE_IO = 1 << 1,
+ XEN_HOST_PCI_REGION_TYPE_MEM = 1 << 2,
+ XEN_HOST_PCI_REGION_TYPE_PREFETCH = 1 << 3,
+ XEN_HOST_PCI_REGION_TYPE_MEM_64 = 1 << 4,
+};
+
+typedef struct XenHostPCIIORegion {
+ pcibus_t base_addr;
+ pcibus_t size;
+ uint8_t type;
+ uint8_t bus_flags; /* Bus-specific bits */
+} XenHostPCIIORegion;
+
+typedef struct XenHostPCIDevice {
+ uint16_t domain;
+ uint8_t bus;
+ uint8_t dev;
+ uint8_t func;
+
+ uint16_t vendor_id;
+ uint16_t device_id;
+ int irq;
+
+ XenHostPCIIORegion io_regions[PCI_NUM_REGIONS - 1];
+ XenHostPCIIORegion rom;
+
+ bool is_virtfn;
+
+ int config_fd;
+} XenHostPCIDevice;
+
+int xen_host_pci_device_get(XenHostPCIDevice *d, uint16_t domain,
+ uint8_t bus, uint8_t dev, uint8_t func);
+void xen_host_pci_device_put(XenHostPCIDevice *pci_dev);
+
+int xen_host_pci_get_byte(XenHostPCIDevice *d, int pos, uint8_t *p);
+int xen_host_pci_get_word(XenHostPCIDevice *d, int pos, uint16_t *p);
+int xen_host_pci_get_long(XenHostPCIDevice *d, int pos, uint32_t *p);
+int xen_host_pci_get_block(XenHostPCIDevice *d, int pos, uint8_t *buf,
+ int len);
+int xen_host_pci_set_byte(XenHostPCIDevice *d, int pos, uint8_t data);
+int xen_host_pci_set_word(XenHostPCIDevice *d, int pos, uint16_t data);
+int xen_host_pci_set_long(XenHostPCIDevice *d, int pos, uint32_t data);
+int xen_host_pci_set_block(XenHostPCIDevice *d, int pos, uint8_t *buf,
+ int len);
+
+int xen_host_pci_find_ext_cap_offset(XenHostPCIDevice *s, uint32_t cap);
+
+#endif /* !XEN_HOST_PCI_DEVICE_H_ */
diff --git a/hw/xen/xen_apic.c b/hw/xen/xen_apic.c
new file mode 100644
index 000000000..9f91e0f0c
--- /dev/null
+++ b/hw/xen/xen_apic.c
@@ -0,0 +1,95 @@
+/*
+ * Xen basic APIC support
+ *
+ * Copyright (c) 2012 Citrix
+ *
+ * Authors:
+ * Wei Liu <wei.liu2@citrix.com>
+ *
+ * This work is licensed under the terms of the GNU GPL version 2 or
+ * later. See the COPYING file in the top-level directory.
+ */
+#include "hw/i386/apic_internal.h"
+#include "hw/pci/msi.h"
+#include "hw/xen/xen.h"
+
+static uint64_t xen_apic_mem_read(void *opaque, hwaddr addr,
+ unsigned size)
+{
+ return ~(uint64_t)0;
+}
+
+static void xen_apic_mem_write(void *opaque, hwaddr addr,
+ uint64_t data, unsigned size)
+{
+ if (size != sizeof(uint32_t)) {
+ fprintf(stderr, "Xen: APIC write data size = %d, invalid\n", size);
+ return;
+ }
+
+ xen_hvm_inject_msi(addr, data);
+}
+
+static const MemoryRegionOps xen_apic_io_ops = {
+ .read = xen_apic_mem_read,
+ .write = xen_apic_mem_write,
+ .endianness = DEVICE_NATIVE_ENDIAN,
+};
+
+static void xen_apic_init(APICCommonState *s)
+{
+ memory_region_init_io(&s->io_memory, OBJECT(s), &xen_apic_io_ops, s,
+ "xen-apic-msi", APIC_SPACE_SIZE);
+
+#if defined(CONFIG_XEN_CTRL_INTERFACE_VERSION) \
+ && CONFIG_XEN_CTRL_INTERFACE_VERSION >= 420
+ msi_supported = true;
+#endif
+}
+
+static void xen_apic_set_base(APICCommonState *s, uint64_t val)
+{
+}
+
+static void xen_apic_set_tpr(APICCommonState *s, uint8_t val)
+{
+}
+
+static uint8_t xen_apic_get_tpr(APICCommonState *s)
+{
+ return 0;
+}
+
+static void xen_apic_vapic_base_update(APICCommonState *s)
+{
+}
+
+static void xen_apic_external_nmi(APICCommonState *s)
+{
+}
+
+static void xen_apic_class_init(ObjectClass *klass, void *data)
+{
+ APICCommonClass *k = APIC_COMMON_CLASS(klass);
+
+ k->init = xen_apic_init;
+ k->set_base = xen_apic_set_base;
+ k->set_tpr = xen_apic_set_tpr;
+ k->get_tpr = xen_apic_get_tpr;
+ k->vapic_base_update = xen_apic_vapic_base_update;
+ k->external_nmi = xen_apic_external_nmi;
+}
+
+static const TypeInfo xen_apic_info = {
+ .name = "xen-apic",
+ .parent = TYPE_APIC_COMMON,
+ .instance_size = sizeof(APICCommonState),
+ .class_init = xen_apic_class_init,
+};
+
+static void xen_apic_register_types(void)
+{
+ type_register_static(&xen_apic_info);
+}
+
+type_init(xen_apic_register_types)
diff --git a/hw/xen/xen_backend.c b/hw/xen/xen_backend.c
new file mode 100644
index 000000000..d82ce5d8a
--- /dev/null
+++ b/hw/xen/xen_backend.c
@@ -0,0 +1,800 @@
+/*
+ * xen backend driver infrastructure
+ * (c) 2008 Gerd Hoffmann <kraxel@redhat.com>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; under version 2 of the License.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, see <http://www.gnu.org/licenses/>.
+ *
+ * Contributions after 2012-01-13 are licensed under the terms of the
+ * GNU GPL, version 2 or (at your option) any later version.
+ */
+
+/*
+ * TODO: add some xenbus / xenstore concepts overview here.
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <stdarg.h>
+#include <string.h>
+#include <unistd.h>
+#include <fcntl.h>
+#include <inttypes.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <sys/mman.h>
+#include <sys/signal.h>
+
+#include "hw/hw.h"
+#include "sysemu/char.h"
+#include "qemu/log.h"
+#include "hw/xen/xen_backend.h"
+
+#include <xen/grant_table.h>
+
+/* ------------------------------------------------------------- */
+
+/* public */
+XenXC xen_xc = XC_HANDLER_INITIAL_VALUE;
+XenGnttab xen_xcg = XC_HANDLER_INITIAL_VALUE;
+struct xs_handle *xenstore = NULL;
+const char *xen_protocol;
+
+/* private */
+static QTAILQ_HEAD(XenDeviceHead, XenDevice) xendevs = QTAILQ_HEAD_INITIALIZER(xendevs);
+static int debug = 0;
+
+/* ------------------------------------------------------------- */
+
+int xenstore_write_str(const char *base, const char *node, const char *val)
+{
+ char abspath[XEN_BUFSIZE];
+
+ snprintf(abspath, sizeof(abspath), "%s/%s", base, node);
+ if (!xs_write(xenstore, 0, abspath, val, strlen(val))) {
+ return -1;
+ }
+ return 0;
+}
+
+char *xenstore_read_str(const char *base, const char *node)
+{
+ char abspath[XEN_BUFSIZE];
+ unsigned int len;
+ char *str, *ret = NULL;
+
+ snprintf(abspath, sizeof(abspath), "%s/%s", base, node);
+ str = xs_read(xenstore, 0, abspath, &len);
+ if (str != NULL) {
+ /* move to qemu-allocated memory to make sure
+ * callers can savely g_free() stuff. */
+ ret = g_strdup(str);
+ free(str);
+ }
+ return ret;
+}
+
+int xenstore_write_int(const char *base, const char *node, int ival)
+{
+ char val[12];
+
+ snprintf(val, sizeof(val), "%d", ival);
+ return xenstore_write_str(base, node, val);
+}
+
+int xenstore_write_int64(const char *base, const char *node, int64_t ival)
+{
+ char val[21];
+
+ snprintf(val, sizeof(val), "%"PRId64, ival);
+ return xenstore_write_str(base, node, val);
+}
+
+int xenstore_read_int(const char *base, const char *node, int *ival)
+{
+ char *val;
+ int rc = -1;
+
+ val = xenstore_read_str(base, node);
+ if (val && 1 == sscanf(val, "%d", ival)) {
+ rc = 0;
+ }
+ g_free(val);
+ return rc;
+}
+
+int xenstore_write_be_str(struct XenDevice *xendev, const char *node, const char *val)
+{
+ return xenstore_write_str(xendev->be, node, val);
+}
+
+int xenstore_write_be_int(struct XenDevice *xendev, const char *node, int ival)
+{
+ return xenstore_write_int(xendev->be, node, ival);
+}
+
+int xenstore_write_be_int64(struct XenDevice *xendev, const char *node, int64_t ival)
+{
+ return xenstore_write_int64(xendev->be, node, ival);
+}
+
+char *xenstore_read_be_str(struct XenDevice *xendev, const char *node)
+{
+ return xenstore_read_str(xendev->be, node);
+}
+
+int xenstore_read_be_int(struct XenDevice *xendev, const char *node, int *ival)
+{
+ return xenstore_read_int(xendev->be, node, ival);
+}
+
+char *xenstore_read_fe_str(struct XenDevice *xendev, const char *node)
+{
+ return xenstore_read_str(xendev->fe, node);
+}
+
+int xenstore_read_fe_int(struct XenDevice *xendev, const char *node, int *ival)
+{
+ return xenstore_read_int(xendev->fe, node, ival);
+}
+
+/* ------------------------------------------------------------- */
+
+const char *xenbus_strstate(enum xenbus_state state)
+{
+ static const char *const name[] = {
+ [ XenbusStateUnknown ] = "Unknown",
+ [ XenbusStateInitialising ] = "Initialising",
+ [ XenbusStateInitWait ] = "InitWait",
+ [ XenbusStateInitialised ] = "Initialised",
+ [ XenbusStateConnected ] = "Connected",
+ [ XenbusStateClosing ] = "Closing",
+ [ XenbusStateClosed ] = "Closed",
+ };
+ return (state < ARRAY_SIZE(name)) ? name[state] : "INVALID";
+}
+
+int xen_be_set_state(struct XenDevice *xendev, enum xenbus_state state)
+{
+ int rc;
+
+ rc = xenstore_write_be_int(xendev, "state", state);
+ if (rc < 0) {
+ return rc;
+ }
+ xen_be_printf(xendev, 1, "backend state: %s -> %s\n",
+ xenbus_strstate(xendev->be_state), xenbus_strstate(state));
+ xendev->be_state = state;
+ return 0;
+}
+
+/* ------------------------------------------------------------- */
+
+struct XenDevice *xen_be_find_xendev(const char *type, int dom, int dev)
+{
+ struct XenDevice *xendev;
+
+ QTAILQ_FOREACH(xendev, &xendevs, next) {
+ if (xendev->dom != dom) {
+ continue;
+ }
+ if (xendev->dev != dev) {
+ continue;
+ }
+ if (strcmp(xendev->type, type) != 0) {
+ continue;
+ }
+ return xendev;
+ }
+ return NULL;
+}
+
+/*
+ * get xen backend device, allocate a new one if it doesn't exist.
+ */
+static struct XenDevice *xen_be_get_xendev(const char *type, int dom, int dev,
+ struct XenDevOps *ops)
+{
+ struct XenDevice *xendev;
+ char *dom0;
+
+ xendev = xen_be_find_xendev(type, dom, dev);
+ if (xendev) {
+ return xendev;
+ }
+
+ /* init new xendev */
+ xendev = g_malloc0(ops->size);
+ xendev->type = type;
+ xendev->dom = dom;
+ xendev->dev = dev;
+ xendev->ops = ops;
+
+ dom0 = xs_get_domain_path(xenstore, 0);
+ snprintf(xendev->be, sizeof(xendev->be), "%s/backend/%s/%d/%d",
+ dom0, xendev->type, xendev->dom, xendev->dev);
+ snprintf(xendev->name, sizeof(xendev->name), "%s-%d",
+ xendev->type, xendev->dev);
+ free(dom0);
+
+ xendev->debug = debug;
+ xendev->local_port = -1;
+
+ xendev->evtchndev = xen_xc_evtchn_open(NULL, 0);
+ if (xendev->evtchndev == XC_HANDLER_INITIAL_VALUE) {
+ xen_be_printf(NULL, 0, "can't open evtchn device\n");
+ g_free(xendev);
+ return NULL;
+ }
+ fcntl(xc_evtchn_fd(xendev->evtchndev), F_SETFD, FD_CLOEXEC);
+
+ if (ops->flags & DEVOPS_FLAG_NEED_GNTDEV) {
+ xendev->gnttabdev = xen_xc_gnttab_open(NULL, 0);
+ if (xendev->gnttabdev == XC_HANDLER_INITIAL_VALUE) {
+ xen_be_printf(NULL, 0, "can't open gnttab device\n");
+ xc_evtchn_close(xendev->evtchndev);
+ g_free(xendev);
+ return NULL;
+ }
+ } else {
+ xendev->gnttabdev = XC_HANDLER_INITIAL_VALUE;
+ }
+
+ QTAILQ_INSERT_TAIL(&xendevs, xendev, next);
+
+ if (xendev->ops->alloc) {
+ xendev->ops->alloc(xendev);
+ }
+
+ return xendev;
+}
+
+/*
+ * release xen backend device.
+ */
+static struct XenDevice *xen_be_del_xendev(int dom, int dev)
+{
+ struct XenDevice *xendev, *xnext;
+
+ /*
+ * This is pretty much like QTAILQ_FOREACH(xendev, &xendevs, next) but
+ * we save the next pointer in xnext because we might free xendev.
+ */
+ xnext = xendevs.tqh_first;
+ while (xnext) {
+ xendev = xnext;
+ xnext = xendev->next.tqe_next;
+
+ if (xendev->dom != dom) {
+ continue;
+ }
+ if (xendev->dev != dev && dev != -1) {
+ continue;
+ }
+
+ if (xendev->ops->free) {
+ xendev->ops->free(xendev);
+ }
+
+ if (xendev->fe) {
+ char token[XEN_BUFSIZE];
+ snprintf(token, sizeof(token), "fe:%p", xendev);
+ xs_unwatch(xenstore, xendev->fe, token);
+ g_free(xendev->fe);
+ }
+
+ if (xendev->evtchndev != XC_HANDLER_INITIAL_VALUE) {
+ xc_evtchn_close(xendev->evtchndev);
+ }
+ if (xendev->gnttabdev != XC_HANDLER_INITIAL_VALUE) {
+ xc_gnttab_close(xendev->gnttabdev);
+ }
+
+ QTAILQ_REMOVE(&xendevs, xendev, next);
+ g_free(xendev);
+ }
+ return NULL;
+}
+
+/*
+ * Sync internal data structures on xenstore updates.
+ * Node specifies the changed field. node = NULL means
+ * update all fields (used for initialization).
+ */
+static void xen_be_backend_changed(struct XenDevice *xendev, const char *node)
+{
+ if (node == NULL || strcmp(node, "online") == 0) {
+ if (xenstore_read_be_int(xendev, "online", &xendev->online) == -1) {
+ xendev->online = 0;
+ }
+ }
+
+ if (node) {
+ xen_be_printf(xendev, 2, "backend update: %s\n", node);
+ if (xendev->ops->backend_changed) {
+ xendev->ops->backend_changed(xendev, node);
+ }
+ }
+}
+
+static void xen_be_frontend_changed(struct XenDevice *xendev, const char *node)
+{
+ int fe_state;
+
+ if (node == NULL || strcmp(node, "state") == 0) {
+ if (xenstore_read_fe_int(xendev, "state", &fe_state) == -1) {
+ fe_state = XenbusStateUnknown;
+ }
+ if (xendev->fe_state != fe_state) {
+ xen_be_printf(xendev, 1, "frontend state: %s -> %s\n",
+ xenbus_strstate(xendev->fe_state),
+ xenbus_strstate(fe_state));
+ }
+ xendev->fe_state = fe_state;
+ }
+ if (node == NULL || strcmp(node, "protocol") == 0) {
+ g_free(xendev->protocol);
+ xendev->protocol = xenstore_read_fe_str(xendev, "protocol");
+ if (xendev->protocol) {
+ xen_be_printf(xendev, 1, "frontend protocol: %s\n", xendev->protocol);
+ }
+ }
+
+ if (node) {
+ xen_be_printf(xendev, 2, "frontend update: %s\n", node);
+ if (xendev->ops->frontend_changed) {
+ xendev->ops->frontend_changed(xendev, node);
+ }
+ }
+}
+
+/* ------------------------------------------------------------- */
+/* Check for possible state transitions and perform them. */
+
+/*
+ * Initial xendev setup. Read frontend path, register watch for it.
+ * Should succeed once xend finished setting up the backend device.
+ *
+ * Also sets initial state (-> Initializing) when done. Which
+ * only affects the xendev->be_state variable as xenbus should
+ * already be put into that state by xend.
+ */
+static int xen_be_try_setup(struct XenDevice *xendev)
+{
+ char token[XEN_BUFSIZE];
+ int be_state;
+
+ if (xenstore_read_be_int(xendev, "state", &be_state) == -1) {
+ xen_be_printf(xendev, 0, "reading backend state failed\n");
+ return -1;
+ }
+
+ if (be_state != XenbusStateInitialising) {
+ xen_be_printf(xendev, 0, "initial backend state is wrong (%s)\n",
+ xenbus_strstate(be_state));
+ return -1;
+ }
+
+ xendev->fe = xenstore_read_be_str(xendev, "frontend");
+ if (xendev->fe == NULL) {
+ xen_be_printf(xendev, 0, "reading frontend path failed\n");
+ return -1;
+ }
+
+ /* setup frontend watch */
+ snprintf(token, sizeof(token), "fe:%p", xendev);
+ if (!xs_watch(xenstore, xendev->fe, token)) {
+ xen_be_printf(xendev, 0, "watching frontend path (%s) failed\n",
+ xendev->fe);
+ return -1;
+ }
+ xen_be_set_state(xendev, XenbusStateInitialising);
+
+ xen_be_backend_changed(xendev, NULL);
+ xen_be_frontend_changed(xendev, NULL);
+ return 0;
+}
+
+/*
+ * Try initialize xendev. Prepare everything the backend can do
+ * without synchronizing with the frontend. Fakes hotplug-status. No
+ * hotplug involved here because this is about userspace drivers, thus
+ * there are kernel backend devices which could invoke hotplug.
+ *
+ * Goes to InitWait on success.
+ */
+static int xen_be_try_init(struct XenDevice *xendev)
+{
+ int rc = 0;
+
+ if (!xendev->online) {
+ xen_be_printf(xendev, 1, "not online\n");
+ return -1;
+ }
+
+ if (xendev->ops->init) {
+ rc = xendev->ops->init(xendev);
+ }
+ if (rc != 0) {
+ xen_be_printf(xendev, 1, "init() failed\n");
+ return rc;
+ }
+
+ xenstore_write_be_str(xendev, "hotplug-status", "connected");
+ xen_be_set_state(xendev, XenbusStateInitWait);
+ return 0;
+}
+
+/*
+ * Try to initialise xendev. Depends on the frontend being ready
+ * for it (shared ring and evtchn info in xenstore, state being
+ * Initialised or Connected).
+ *
+ * Goes to Connected on success.
+ */
+static int xen_be_try_initialise(struct XenDevice *xendev)
+{
+ int rc = 0;
+
+ if (xendev->fe_state != XenbusStateInitialised &&
+ xendev->fe_state != XenbusStateConnected) {
+ if (xendev->ops->flags & DEVOPS_FLAG_IGNORE_STATE) {
+ xen_be_printf(xendev, 2, "frontend not ready, ignoring\n");
+ } else {
+ xen_be_printf(xendev, 2, "frontend not ready (yet)\n");
+ return -1;
+ }
+ }
+
+ if (xendev->ops->initialise) {
+ rc = xendev->ops->initialise(xendev);
+ }
+ if (rc != 0) {
+ xen_be_printf(xendev, 0, "initialise() failed\n");
+ return rc;
+ }
+
+ xen_be_set_state(xendev, XenbusStateConnected);
+ return 0;
+}
+
+/*
+ * Try to let xendev know that it is connected. Depends on the
+ * frontend being Connected. Note that this may be called more
+ * than once since the backend state is not modified.
+ */
+static void xen_be_try_connected(struct XenDevice *xendev)
+{
+ if (!xendev->ops->connected) {
+ return;
+ }
+
+ if (xendev->fe_state != XenbusStateConnected) {
+ if (xendev->ops->flags & DEVOPS_FLAG_IGNORE_STATE) {
+ xen_be_printf(xendev, 2, "frontend not ready, ignoring\n");
+ } else {
+ xen_be_printf(xendev, 2, "frontend not ready (yet)\n");
+ return;
+ }
+ }
+
+ xendev->ops->connected(xendev);
+}
+
+/*
+ * Teardown connection.
+ *
+ * Goes to Closed when done.
+ */
+static void xen_be_disconnect(struct XenDevice *xendev, enum xenbus_state state)
+{
+ if (xendev->be_state != XenbusStateClosing &&
+ xendev->be_state != XenbusStateClosed &&
+ xendev->ops->disconnect) {
+ xendev->ops->disconnect(xendev);
+ }
+ if (xendev->be_state != state) {
+ xen_be_set_state(xendev, state);
+ }
+}
+
+/*
+ * Try to reset xendev, for reconnection by another frontend instance.
+ */
+static int xen_be_try_reset(struct XenDevice *xendev)
+{
+ if (xendev->fe_state != XenbusStateInitialising) {
+ return -1;
+ }
+
+ xen_be_printf(xendev, 1, "device reset (for re-connect)\n");
+ xen_be_set_state(xendev, XenbusStateInitialising);
+ return 0;
+}
+
+/*
+ * state change dispatcher function
+ */
+void xen_be_check_state(struct XenDevice *xendev)
+{
+ int rc = 0;
+
+ /* frontend may request shutdown from almost anywhere */
+ if (xendev->fe_state == XenbusStateClosing ||
+ xendev->fe_state == XenbusStateClosed) {
+ xen_be_disconnect(xendev, xendev->fe_state);
+ return;
+ }
+
+ /* check for possible backend state transitions */
+ for (;;) {
+ switch (xendev->be_state) {
+ case XenbusStateUnknown:
+ rc = xen_be_try_setup(xendev);
+ break;
+ case XenbusStateInitialising:
+ rc = xen_be_try_init(xendev);
+ break;
+ case XenbusStateInitWait:
+ rc = xen_be_try_initialise(xendev);
+ break;
+ case XenbusStateConnected:
+ /* xendev->be_state doesn't change */
+ xen_be_try_connected(xendev);
+ rc = -1;
+ break;
+ case XenbusStateClosed:
+ rc = xen_be_try_reset(xendev);
+ break;
+ default:
+ rc = -1;
+ }
+ if (rc != 0) {
+ break;
+ }
+ }
+}
+
+/* ------------------------------------------------------------- */
+
+static int xenstore_scan(const char *type, int dom, struct XenDevOps *ops)
+{
+ struct XenDevice *xendev;
+ char path[XEN_BUFSIZE], token[XEN_BUFSIZE];
+ char **dev = NULL, *dom0;
+ unsigned int cdev, j;
+
+ /* setup watch */
+ dom0 = xs_get_domain_path(xenstore, 0);
+ snprintf(token, sizeof(token), "be:%p:%d:%p", type, dom, ops);
+ snprintf(path, sizeof(path), "%s/backend/%s/%d", dom0, type, dom);
+ free(dom0);
+ if (!xs_watch(xenstore, path, token)) {
+ xen_be_printf(NULL, 0, "xen be: watching backend path (%s) failed\n", path);
+ return -1;
+ }
+
+ /* look for backends */
+ dev = xs_directory(xenstore, 0, path, &cdev);
+ if (!dev) {
+ return 0;
+ }
+ for (j = 0; j < cdev; j++) {
+ xendev = xen_be_get_xendev(type, dom, atoi(dev[j]), ops);
+ if (xendev == NULL) {
+ continue;
+ }
+ xen_be_check_state(xendev);
+ }
+ free(dev);
+ return 0;
+}
+
+static void xenstore_update_be(char *watch, char *type, int dom,
+ struct XenDevOps *ops)
+{
+ struct XenDevice *xendev;
+ char path[XEN_BUFSIZE], *dom0, *bepath;
+ unsigned int len, dev;
+
+ dom0 = xs_get_domain_path(xenstore, 0);
+ len = snprintf(path, sizeof(path), "%s/backend/%s/%d", dom0, type, dom);
+ free(dom0);
+ if (strncmp(path, watch, len) != 0) {
+ return;
+ }
+ if (sscanf(watch+len, "/%u/%255s", &dev, path) != 2) {
+ strcpy(path, "");
+ if (sscanf(watch+len, "/%u", &dev) != 1) {
+ dev = -1;
+ }
+ }
+ if (dev == -1) {
+ return;
+ }
+
+ xendev = xen_be_get_xendev(type, dom, dev, ops);
+ if (xendev != NULL) {
+ bepath = xs_read(xenstore, 0, xendev->be, &len);
+ if (bepath == NULL) {
+ xen_be_del_xendev(dom, dev);
+ } else {
+ free(bepath);
+ xen_be_backend_changed(xendev, path);
+ xen_be_check_state(xendev);
+ }
+ }
+}
+
+static void xenstore_update_fe(char *watch, struct XenDevice *xendev)
+{
+ char *node;
+ unsigned int len;
+
+ len = strlen(xendev->fe);
+ if (strncmp(xendev->fe, watch, len) != 0) {
+ return;
+ }
+ if (watch[len] != '/') {
+ return;
+ }
+ node = watch + len + 1;
+
+ xen_be_frontend_changed(xendev, node);
+ xen_be_check_state(xendev);
+}
+
+static void xenstore_update(void *unused)
+{
+ char **vec = NULL;
+ intptr_t type, ops, ptr;
+ unsigned int dom, count;
+
+ vec = xs_read_watch(xenstore, &count);
+ if (vec == NULL) {
+ goto cleanup;
+ }
+
+ if (sscanf(vec[XS_WATCH_TOKEN], "be:%" PRIxPTR ":%d:%" PRIxPTR,
+ &type, &dom, &ops) == 3) {
+ xenstore_update_be(vec[XS_WATCH_PATH], (void*)type, dom, (void*)ops);
+ }
+ if (sscanf(vec[XS_WATCH_TOKEN], "fe:%" PRIxPTR, &ptr) == 1) {
+ xenstore_update_fe(vec[XS_WATCH_PATH], (void*)ptr);
+ }
+
+cleanup:
+ free(vec);
+}
+
+static void xen_be_evtchn_event(void *opaque)
+{
+ struct XenDevice *xendev = opaque;
+ evtchn_port_t port;
+
+ port = xc_evtchn_pending(xendev->evtchndev);
+ if (port != xendev->local_port) {
+ xen_be_printf(xendev, 0, "xc_evtchn_pending returned %d (expected %d)\n",
+ port, xendev->local_port);
+ return;
+ }
+ xc_evtchn_unmask(xendev->evtchndev, port);
+
+ if (xendev->ops->event) {
+ xendev->ops->event(xendev);
+ }
+}
+
+/* -------------------------------------------------------------------- */
+
+int xen_be_init(void)
+{
+ xenstore = xs_daemon_open();
+ if (!xenstore) {
+ xen_be_printf(NULL, 0, "can't connect to xenstored\n");
+ return -1;
+ }
+
+ if (qemu_set_fd_handler(xs_fileno(xenstore), xenstore_update, NULL, NULL) < 0) {
+ goto err;
+ }
+
+ if (xen_xc == XC_HANDLER_INITIAL_VALUE) {
+ /* Check if xen_init() have been called */
+ goto err;
+ }
+ return 0;
+
+err:
+ qemu_set_fd_handler(xs_fileno(xenstore), NULL, NULL, NULL);
+ xs_daemon_close(xenstore);
+ xenstore = NULL;
+
+ return -1;
+}
+
+int xen_be_register(const char *type, struct XenDevOps *ops)
+{
+ return xenstore_scan(type, xen_domid, ops);
+}
+
+int xen_be_bind_evtchn(struct XenDevice *xendev)
+{
+ if (xendev->local_port != -1) {
+ return 0;
+ }
+ xendev->local_port = xc_evtchn_bind_interdomain
+ (xendev->evtchndev, xendev->dom, xendev->remote_port);
+ if (xendev->local_port == -1) {
+ xen_be_printf(xendev, 0, "xc_evtchn_bind_interdomain failed\n");
+ return -1;
+ }
+ xen_be_printf(xendev, 2, "bind evtchn port %d\n", xendev->local_port);
+ qemu_set_fd_handler(xc_evtchn_fd(xendev->evtchndev),
+ xen_be_evtchn_event, NULL, xendev);
+ return 0;
+}
+
+void xen_be_unbind_evtchn(struct XenDevice *xendev)
+{
+ if (xendev->local_port == -1) {
+ return;
+ }
+ qemu_set_fd_handler(xc_evtchn_fd(xendev->evtchndev), NULL, NULL, NULL);
+ xc_evtchn_unbind(xendev->evtchndev, xendev->local_port);
+ xen_be_printf(xendev, 2, "unbind evtchn port %d\n", xendev->local_port);
+ xendev->local_port = -1;
+}
+
+int xen_be_send_notify(struct XenDevice *xendev)
+{
+ return xc_evtchn_notify(xendev->evtchndev, xendev->local_port);
+}
+
+/*
+ * msg_level:
+ * 0 == errors (stderr + logfile).
+ * 1 == informative debug messages (logfile only).
+ * 2 == noisy debug messages (logfile only).
+ * 3 == will flood your log (logfile only).
+ */
+void xen_be_printf(struct XenDevice *xendev, int msg_level, const char *fmt, ...)
+{
+ va_list args;
+
+ if (xendev) {
+ if (msg_level > xendev->debug) {
+ return;
+ }
+ qemu_log("xen be: %s: ", xendev->name);
+ if (msg_level == 0) {
+ fprintf(stderr, "xen be: %s: ", xendev->name);
+ }
+ } else {
+ if (msg_level > debug) {
+ return;
+ }
+ qemu_log("xen be core: ");
+ if (msg_level == 0) {
+ fprintf(stderr, "xen be core: ");
+ }
+ }
+ va_start(args, fmt);
+ qemu_log_vprintf(fmt, args);
+ va_end(args);
+ if (msg_level == 0) {
+ va_start(args, fmt);
+ vfprintf(stderr, fmt, args);
+ va_end(args);
+ }
+ qemu_log_flush();
+}
diff --git a/hw/xen/xen_devconfig.c b/hw/xen/xen_devconfig.c
new file mode 100644
index 000000000..fa998eff0
--- /dev/null
+++ b/hw/xen/xen_devconfig.c
@@ -0,0 +1,174 @@
+#include "hw/xen/xen_backend.h"
+#include "sysemu/blockdev.h"
+
+/* ------------------------------------------------------------- */
+
+struct xs_dirs {
+ char *xs_dir;
+ QTAILQ_ENTRY(xs_dirs) list;
+};
+static QTAILQ_HEAD(xs_dirs_head, xs_dirs) xs_cleanup = QTAILQ_HEAD_INITIALIZER(xs_cleanup);
+
+static void xen_config_cleanup_dir(char *dir)
+{
+ struct xs_dirs *d;
+
+ d = g_malloc(sizeof(*d));
+ d->xs_dir = dir;
+ QTAILQ_INSERT_TAIL(&xs_cleanup, d, list);
+}
+
+void xen_config_cleanup(void)
+{
+ struct xs_dirs *d;
+
+ QTAILQ_FOREACH(d, &xs_cleanup, list) {
+ xs_rm(xenstore, 0, d->xs_dir);
+ }
+}
+
+/* ------------------------------------------------------------- */
+
+static int xen_config_dev_mkdir(char *dev, int p)
+{
+ struct xs_permissions perms[2] = {{
+ .id = 0, /* set owner: dom0 */
+ },{
+ .id = xen_domid,
+ .perms = p,
+ }};
+
+ if (!xs_mkdir(xenstore, 0, dev)) {
+ xen_be_printf(NULL, 0, "xs_mkdir %s: failed\n", dev);
+ return -1;
+ }
+ xen_config_cleanup_dir(g_strdup(dev));
+
+ if (!xs_set_permissions(xenstore, 0, dev, perms, 2)) {
+ xen_be_printf(NULL, 0, "xs_set_permissions %s: failed\n", dev);
+ return -1;
+ }
+ return 0;
+}
+
+static int xen_config_dev_dirs(const char *ftype, const char *btype, int vdev,
+ char *fe, char *be, int len)
+{
+ char *dom;
+
+ dom = xs_get_domain_path(xenstore, xen_domid);
+ snprintf(fe, len, "%s/device/%s/%d", dom, ftype, vdev);
+ free(dom);
+
+ dom = xs_get_domain_path(xenstore, 0);
+ snprintf(be, len, "%s/backend/%s/%d/%d", dom, btype, xen_domid, vdev);
+ free(dom);
+
+ xen_config_dev_mkdir(fe, XS_PERM_READ | XS_PERM_WRITE);
+ xen_config_dev_mkdir(be, XS_PERM_READ);
+ return 0;
+}
+
+static int xen_config_dev_all(char *fe, char *be)
+{
+ /* frontend */
+ if (xen_protocol)
+ xenstore_write_str(fe, "protocol", xen_protocol);
+
+ xenstore_write_int(fe, "state", XenbusStateInitialising);
+ xenstore_write_int(fe, "backend-id", 0);
+ xenstore_write_str(fe, "backend", be);
+
+ /* backend */
+ xenstore_write_str(be, "domain", qemu_name ? qemu_name : "no-name");
+ xenstore_write_int(be, "online", 1);
+ xenstore_write_int(be, "state", XenbusStateInitialising);
+ xenstore_write_int(be, "frontend-id", xen_domid);
+ xenstore_write_str(be, "frontend", fe);
+
+ return 0;
+}
+
+/* ------------------------------------------------------------- */
+
+int xen_config_dev_blk(DriveInfo *disk)
+{
+ char fe[256], be[256], device_name[32];
+ int vdev = 202 * 256 + 16 * disk->unit;
+ int cdrom = disk->media_cd;
+ const char *devtype = cdrom ? "cdrom" : "disk";
+ const char *mode = cdrom ? "r" : "w";
+ const char *filename = qemu_opt_get(disk->opts, "file");
+
+ snprintf(device_name, sizeof(device_name), "xvd%c", 'a' + disk->unit);
+ xen_be_printf(NULL, 1, "config disk %d [%s]: %s\n",
+ disk->unit, device_name, filename);
+ xen_config_dev_dirs("vbd", "qdisk", vdev, fe, be, sizeof(fe));
+
+ /* frontend */
+ xenstore_write_int(fe, "virtual-device", vdev);
+ xenstore_write_str(fe, "device-type", devtype);
+
+ /* backend */
+ xenstore_write_str(be, "dev", device_name);
+ xenstore_write_str(be, "type", "file");
+ xenstore_write_str(be, "params", filename);
+ xenstore_write_str(be, "mode", mode);
+
+ /* common stuff */
+ return xen_config_dev_all(fe, be);
+}
+
+int xen_config_dev_nic(NICInfo *nic)
+{
+ char fe[256], be[256];
+ char mac[20];
+ int vlan_id = -1;
+
+ net_hub_id_for_client(nic->netdev, &vlan_id);
+ snprintf(mac, sizeof(mac), "%02x:%02x:%02x:%02x:%02x:%02x",
+ nic->macaddr.a[0], nic->macaddr.a[1], nic->macaddr.a[2],
+ nic->macaddr.a[3], nic->macaddr.a[4], nic->macaddr.a[5]);
+ xen_be_printf(NULL, 1, "config nic %d: mac=\"%s\"\n", vlan_id, mac);
+ xen_config_dev_dirs("vif", "qnic", vlan_id, fe, be, sizeof(fe));
+
+ /* frontend */
+ xenstore_write_int(fe, "handle", vlan_id);
+ xenstore_write_str(fe, "mac", mac);
+
+ /* backend */
+ xenstore_write_int(be, "handle", vlan_id);
+ xenstore_write_str(be, "mac", mac);
+
+ /* common stuff */
+ return xen_config_dev_all(fe, be);
+}
+
+int xen_config_dev_vfb(int vdev, const char *type)
+{
+ char fe[256], be[256];
+
+ xen_config_dev_dirs("vfb", "vfb", vdev, fe, be, sizeof(fe));
+
+ /* backend */
+ xenstore_write_str(be, "type", type);
+
+ /* common stuff */
+ return xen_config_dev_all(fe, be);
+}
+
+int xen_config_dev_vkbd(int vdev)
+{
+ char fe[256], be[256];
+
+ xen_config_dev_dirs("vkbd", "vkbd", vdev, fe, be, sizeof(fe));
+ return xen_config_dev_all(fe, be);
+}
+
+int xen_config_dev_console(int vdev)
+{
+ char fe[256], be[256];
+
+ xen_config_dev_dirs("console", "console", vdev, fe, be, sizeof(fe));
+ return xen_config_dev_all(fe, be);
+}
diff --git a/hw/xen/xen_platform.c b/hw/xen/xen_platform.c
new file mode 100644
index 000000000..79bf0b33d
--- /dev/null
+++ b/hw/xen/xen_platform.c
@@ -0,0 +1,449 @@
+/*
+ * XEN platform pci device, formerly known as the event channel device
+ *
+ * Copyright (c) 2003-2004 Intel Corp.
+ * Copyright (c) 2006 XenSource
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+#include <assert.h>
+
+#include "hw/hw.h"
+#include "hw/i386/pc.h"
+#include "hw/pci/pci.h"
+#include "hw/irq.h"
+#include "hw/xen/xen_common.h"
+#include "hw/xen/xen_backend.h"
+#include "trace.h"
+#include "exec/address-spaces.h"
+
+#include <xenguest.h>
+
+//#define DEBUG_PLATFORM
+
+#ifdef DEBUG_PLATFORM
+#define DPRINTF(fmt, ...) do { \
+ fprintf(stderr, "xen_platform: " fmt, ## __VA_ARGS__); \
+} while (0)
+#else
+#define DPRINTF(fmt, ...) do { } while (0)
+#endif
+
+#define PFFLAG_ROM_LOCK 1 /* Sets whether ROM memory area is RW or RO */
+
+typedef struct PCIXenPlatformState {
+ /*< private >*/
+ PCIDevice parent_obj;
+ /*< public >*/
+
+ MemoryRegion fixed_io;
+ MemoryRegion bar;
+ MemoryRegion mmio_bar;
+ uint8_t flags; /* used only for version_id == 2 */
+ int drivers_blacklisted;
+ uint16_t driver_product_version;
+
+ /* Log from guest drivers */
+ char log_buffer[4096];
+ int log_buffer_off;
+} PCIXenPlatformState;
+
+#define TYPE_XEN_PLATFORM "xen-platform"
+#define XEN_PLATFORM(obj) \
+ OBJECT_CHECK(PCIXenPlatformState, (obj), TYPE_XEN_PLATFORM)
+
+#define XEN_PLATFORM_IOPORT 0x10
+
+/* Send bytes to syslog */
+static void log_writeb(PCIXenPlatformState *s, char val)
+{
+ if (val == '\n' || s->log_buffer_off == sizeof(s->log_buffer) - 1) {
+ /* Flush buffer */
+ s->log_buffer[s->log_buffer_off] = 0;
+ trace_xen_platform_log(s->log_buffer);
+ s->log_buffer_off = 0;
+ } else {
+ s->log_buffer[s->log_buffer_off++] = val;
+ }
+}
+
+/* Xen Platform, Fixed IOPort */
+#define UNPLUG_ALL_IDE_DISKS 1
+#define UNPLUG_ALL_NICS 2
+#define UNPLUG_AUX_IDE_DISKS 4
+
+static void unplug_nic(PCIBus *b, PCIDevice *d, void *o)
+{
+ /* We have to ignore passthrough devices */
+ if (pci_get_word(d->config + PCI_CLASS_DEVICE) ==
+ PCI_CLASS_NETWORK_ETHERNET
+ && strcmp(d->name, "xen-pci-passthrough") != 0) {
+ qdev_free(DEVICE(d));
+ }
+}
+
+static void pci_unplug_nics(PCIBus *bus)
+{
+ pci_for_each_device(bus, 0, unplug_nic, NULL);
+}
+
+static void unplug_disks(PCIBus *b, PCIDevice *d, void *o)
+{
+ /* We have to ignore passthrough devices */
+ if (pci_get_word(d->config + PCI_CLASS_DEVICE) ==
+ PCI_CLASS_STORAGE_IDE
+ && strcmp(d->name, "xen-pci-passthrough") != 0) {
+ qdev_unplug(DEVICE(d), NULL);
+ }
+}
+
+static void pci_unplug_disks(PCIBus *bus)
+{
+ pci_for_each_device(bus, 0, unplug_disks, NULL);
+}
+
+static void platform_fixed_ioport_writew(void *opaque, uint32_t addr, uint32_t val)
+{
+ PCIXenPlatformState *s = opaque;
+
+ switch (addr) {
+ case 0: {
+ PCIDevice *pci_dev = PCI_DEVICE(s);
+ /* Unplug devices. Value is a bitmask of which devices to
+ unplug, with bit 0 the IDE devices, bit 1 the network
+ devices, and bit 2 the non-primary-master IDE devices. */
+ if (val & UNPLUG_ALL_IDE_DISKS) {
+ DPRINTF("unplug disks\n");
+ bdrv_drain_all();
+ bdrv_flush_all();
+ pci_unplug_disks(pci_dev->bus);
+ }
+ if (val & UNPLUG_ALL_NICS) {
+ DPRINTF("unplug nics\n");
+ pci_unplug_nics(pci_dev->bus);
+ }
+ if (val & UNPLUG_AUX_IDE_DISKS) {
+ DPRINTF("unplug auxiliary disks not supported\n");
+ }
+ break;
+ }
+ case 2:
+ switch (val) {
+ case 1:
+ DPRINTF("Citrix Windows PV drivers loaded in guest\n");
+ break;
+ case 0:
+ DPRINTF("Guest claimed to be running PV product 0?\n");
+ break;
+ default:
+ DPRINTF("Unknown PV product %d loaded in guest\n", val);
+ break;
+ }
+ s->driver_product_version = val;
+ break;
+ }
+}
+
+static void platform_fixed_ioport_writel(void *opaque, uint32_t addr,
+ uint32_t val)
+{
+ switch (addr) {
+ case 0:
+ /* PV driver version */
+ break;
+ }
+}
+
+static void platform_fixed_ioport_writeb(void *opaque, uint32_t addr, uint32_t val)
+{
+ PCIXenPlatformState *s = opaque;
+
+ switch (addr) {
+ case 0: /* Platform flags */ {
+ hvmmem_type_t mem_type = (val & PFFLAG_ROM_LOCK) ?
+ HVMMEM_ram_ro : HVMMEM_ram_rw;
+ if (xc_hvm_set_mem_type(xen_xc, xen_domid, mem_type, 0xc0, 0x40)) {
+ DPRINTF("unable to change ro/rw state of ROM memory area!\n");
+ } else {
+ s->flags = val & PFFLAG_ROM_LOCK;
+ DPRINTF("changed ro/rw state of ROM memory area. now is %s state.\n",
+ (mem_type == HVMMEM_ram_ro ? "ro":"rw"));
+ }
+ break;
+ }
+ case 2:
+ log_writeb(s, val);
+ break;
+ }
+}
+
+static uint32_t platform_fixed_ioport_readw(void *opaque, uint32_t addr)
+{
+ PCIXenPlatformState *s = opaque;
+
+ switch (addr) {
+ case 0:
+ if (s->drivers_blacklisted) {
+ /* The drivers will recognise this magic number and refuse
+ * to do anything. */
+ return 0xd249;
+ } else {
+ /* Magic value so that you can identify the interface. */
+ return 0x49d2;
+ }
+ default:
+ return 0xffff;
+ }
+}
+
+static uint32_t platform_fixed_ioport_readb(void *opaque, uint32_t addr)
+{
+ PCIXenPlatformState *s = opaque;
+
+ switch (addr) {
+ case 0:
+ /* Platform flags */
+ return s->flags;
+ case 2:
+ /* Version number */
+ return 1;
+ default:
+ return 0xff;
+ }
+}
+
+static void platform_fixed_ioport_reset(void *opaque)
+{
+ PCIXenPlatformState *s = opaque;
+
+ platform_fixed_ioport_writeb(s, 0, 0);
+}
+
+static uint64_t platform_fixed_ioport_read(void *opaque,
+ hwaddr addr,
+ unsigned size)
+{
+ switch (size) {
+ case 1:
+ return platform_fixed_ioport_readb(opaque, addr);
+ case 2:
+ return platform_fixed_ioport_readw(opaque, addr);
+ default:
+ return -1;
+ }
+}
+
+static void platform_fixed_ioport_write(void *opaque, hwaddr addr,
+
+ uint64_t val, unsigned size)
+{
+ switch (size) {
+ case 1:
+ platform_fixed_ioport_writeb(opaque, addr, val);
+ break;
+ case 2:
+ platform_fixed_ioport_writew(opaque, addr, val);
+ break;
+ case 4:
+ platform_fixed_ioport_writel(opaque, addr, val);
+ break;
+ }
+}
+
+
+static const MemoryRegionOps platform_fixed_io_ops = {
+ .read = platform_fixed_ioport_read,
+ .write = platform_fixed_ioport_write,
+ .valid = {
+ .unaligned = true,
+ },
+ .impl = {
+ .min_access_size = 1,
+ .max_access_size = 4,
+ .unaligned = true,
+ },
+ .endianness = DEVICE_LITTLE_ENDIAN,
+};
+
+static void platform_fixed_ioport_init(PCIXenPlatformState* s)
+{
+ memory_region_init_io(&s->fixed_io, OBJECT(s), &platform_fixed_io_ops, s,
+ "xen-fixed", 16);
+ memory_region_add_subregion(get_system_io(), XEN_PLATFORM_IOPORT,
+ &s->fixed_io);
+}
+
+/* Xen Platform PCI Device */
+
+static uint64_t xen_platform_ioport_readb(void *opaque, hwaddr addr,
+ unsigned int size)
+{
+ if (addr == 0) {
+ return platform_fixed_ioport_readb(opaque, 0);
+ } else {
+ return ~0u;
+ }
+}
+
+static void xen_platform_ioport_writeb(void *opaque, hwaddr addr,
+ uint64_t val, unsigned int size)
+{
+ PCIXenPlatformState *s = opaque;
+
+ switch (addr) {
+ case 0: /* Platform flags */
+ platform_fixed_ioport_writeb(opaque, 0, (uint32_t)val);
+ break;
+ case 8:
+ log_writeb(s, (uint32_t)val);
+ break;
+ default:
+ break;
+ }
+}
+
+static const MemoryRegionOps xen_pci_io_ops = {
+ .read = xen_platform_ioport_readb,
+ .write = xen_platform_ioport_writeb,
+ .impl.min_access_size = 1,
+ .impl.max_access_size = 1,
+};
+
+static void platform_ioport_bar_setup(PCIXenPlatformState *d)
+{
+ memory_region_init_io(&d->bar, OBJECT(d), &xen_pci_io_ops, d,
+ "xen-pci", 0x100);
+}
+
+static uint64_t platform_mmio_read(void *opaque, hwaddr addr,
+ unsigned size)
+{
+ DPRINTF("Warning: attempted read from physical address "
+ "0x" TARGET_FMT_plx " in xen platform mmio space\n", addr);
+
+ return 0;
+}
+
+static void platform_mmio_write(void *opaque, hwaddr addr,
+ uint64_t val, unsigned size)
+{
+ DPRINTF("Warning: attempted write of 0x%"PRIx64" to physical "
+ "address 0x" TARGET_FMT_plx " in xen platform mmio space\n",
+ val, addr);
+}
+
+static const MemoryRegionOps platform_mmio_handler = {
+ .read = &platform_mmio_read,
+ .write = &platform_mmio_write,
+ .endianness = DEVICE_NATIVE_ENDIAN,
+};
+
+static void platform_mmio_setup(PCIXenPlatformState *d)
+{
+ memory_region_init_io(&d->mmio_bar, OBJECT(d), &platform_mmio_handler, d,
+ "xen-mmio", 0x1000000);
+}
+
+static int xen_platform_post_load(void *opaque, int version_id)
+{
+ PCIXenPlatformState *s = opaque;
+
+ platform_fixed_ioport_writeb(s, 0, s->flags);
+
+ return 0;
+}
+
+static const VMStateDescription vmstate_xen_platform = {
+ .name = "platform",
+ .version_id = 4,
+ .minimum_version_id = 4,
+ .minimum_version_id_old = 4,
+ .post_load = xen_platform_post_load,
+ .fields = (VMStateField []) {
+ VMSTATE_PCI_DEVICE(parent_obj, PCIXenPlatformState),
+ VMSTATE_UINT8(flags, PCIXenPlatformState),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+static int xen_platform_initfn(PCIDevice *dev)
+{
+ PCIXenPlatformState *d = XEN_PLATFORM(dev);
+ uint8_t *pci_conf;
+
+ pci_conf = dev->config;
+
+ pci_set_word(pci_conf + PCI_COMMAND, PCI_COMMAND_IO | PCI_COMMAND_MEMORY);
+
+ pci_config_set_prog_interface(pci_conf, 0);
+
+ pci_conf[PCI_INTERRUPT_PIN] = 1;
+
+ platform_ioport_bar_setup(d);
+ pci_register_bar(dev, 0, PCI_BASE_ADDRESS_SPACE_IO, &d->bar);
+
+ /* reserve 16MB mmio address for share memory*/
+ platform_mmio_setup(d);
+ pci_register_bar(dev, 1, PCI_BASE_ADDRESS_MEM_PREFETCH,
+ &d->mmio_bar);
+
+ platform_fixed_ioport_init(d);
+
+ return 0;
+}
+
+static void platform_reset(DeviceState *dev)
+{
+ PCIXenPlatformState *s = XEN_PLATFORM(dev);
+
+ platform_fixed_ioport_reset(s);
+}
+
+static void xen_platform_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ PCIDeviceClass *k = PCI_DEVICE_CLASS(klass);
+
+ k->init = xen_platform_initfn;
+ k->vendor_id = PCI_VENDOR_ID_XEN;
+ k->device_id = PCI_DEVICE_ID_XEN_PLATFORM;
+ k->class_id = PCI_CLASS_OTHERS << 8 | 0x80;
+ k->subsystem_vendor_id = PCI_VENDOR_ID_XEN;
+ k->subsystem_id = PCI_DEVICE_ID_XEN_PLATFORM;
+ k->revision = 1;
+ set_bit(DEVICE_CATEGORY_MISC, dc->categories);
+ dc->desc = "XEN platform pci device";
+ dc->reset = platform_reset;
+ dc->vmsd = &vmstate_xen_platform;
+}
+
+static const TypeInfo xen_platform_info = {
+ .name = TYPE_XEN_PLATFORM,
+ .parent = TYPE_PCI_DEVICE,
+ .instance_size = sizeof(PCIXenPlatformState),
+ .class_init = xen_platform_class_init,
+};
+
+static void xen_platform_register_types(void)
+{
+ type_register_static(&xen_platform_info);
+}
+
+type_init(xen_platform_register_types)
diff --git a/hw/xen/xen_pt.c b/hw/xen/xen_pt.c
new file mode 100644
index 000000000..ca2d46078
--- /dev/null
+++ b/hw/xen/xen_pt.c
@@ -0,0 +1,850 @@
+/*
+ * Copyright (c) 2007, Neocleus Corporation.
+ * Copyright (c) 2007, Intel Corporation.
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2. See
+ * the COPYING file in the top-level directory.
+ *
+ * Alex Novik <alex@neocleus.com>
+ * Allen Kay <allen.m.kay@intel.com>
+ * Guy Zana <guy@neocleus.com>
+ *
+ * This file implements direct PCI assignment to a HVM guest
+ */
+
+/*
+ * Interrupt Disable policy:
+ *
+ * INTx interrupt:
+ * Initialize(register_real_device)
+ * Map INTx(xc_physdev_map_pirq):
+ * <fail>
+ * - Set real Interrupt Disable bit to '1'.
+ * - Set machine_irq and assigned_device->machine_irq to '0'.
+ * * Don't bind INTx.
+ *
+ * Bind INTx(xc_domain_bind_pt_pci_irq):
+ * <fail>
+ * - Set real Interrupt Disable bit to '1'.
+ * - Unmap INTx.
+ * - Decrement xen_pt_mapped_machine_irq[machine_irq]
+ * - Set assigned_device->machine_irq to '0'.
+ *
+ * Write to Interrupt Disable bit by guest software(xen_pt_cmd_reg_write)
+ * Write '0'
+ * - Set real bit to '0' if assigned_device->machine_irq isn't '0'.
+ *
+ * Write '1'
+ * - Set real bit to '1'.
+ *
+ * MSI interrupt:
+ * Initialize MSI register(xen_pt_msi_setup, xen_pt_msi_update)
+ * Bind MSI(xc_domain_update_msi_irq)
+ * <fail>
+ * - Unmap MSI.
+ * - Set dev->msi->pirq to '-1'.
+ *
+ * MSI-X interrupt:
+ * Initialize MSI-X register(xen_pt_msix_update_one)
+ * Bind MSI-X(xc_domain_update_msi_irq)
+ * <fail>
+ * - Unmap MSI-X.
+ * - Set entry->pirq to '-1'.
+ */
+
+#include <sys/ioctl.h>
+
+#include "hw/pci/pci.h"
+#include "hw/xen/xen.h"
+#include "hw/xen/xen_backend.h"
+#include "xen_pt.h"
+#include "qemu/range.h"
+#include "exec/address-spaces.h"
+
+#define XEN_PT_NR_IRQS (256)
+static uint8_t xen_pt_mapped_machine_irq[XEN_PT_NR_IRQS] = {0};
+
+void xen_pt_log(const PCIDevice *d, const char *f, ...)
+{
+ va_list ap;
+
+ va_start(ap, f);
+ if (d) {
+ fprintf(stderr, "[%02x:%02x.%d] ", pci_bus_num(d->bus),
+ PCI_SLOT(d->devfn), PCI_FUNC(d->devfn));
+ }
+ vfprintf(stderr, f, ap);
+ va_end(ap);
+}
+
+/* Config Space */
+
+static int xen_pt_pci_config_access_check(PCIDevice *d, uint32_t addr, int len)
+{
+ /* check offset range */
+ if (addr >= 0xFF) {
+ XEN_PT_ERR(d, "Failed to access register with offset exceeding 0xFF. "
+ "(addr: 0x%02x, len: %d)\n", addr, len);
+ return -1;
+ }
+
+ /* check read size */
+ if ((len != 1) && (len != 2) && (len != 4)) {
+ XEN_PT_ERR(d, "Failed to access register with invalid access length. "
+ "(addr: 0x%02x, len: %d)\n", addr, len);
+ return -1;
+ }
+
+ /* check offset alignment */
+ if (addr & (len - 1)) {
+ XEN_PT_ERR(d, "Failed to access register with invalid access size "
+ "alignment. (addr: 0x%02x, len: %d)\n", addr, len);
+ return -1;
+ }
+
+ return 0;
+}
+
+int xen_pt_bar_offset_to_index(uint32_t offset)
+{
+ int index = 0;
+
+ /* check Exp ROM BAR */
+ if (offset == PCI_ROM_ADDRESS) {
+ return PCI_ROM_SLOT;
+ }
+
+ /* calculate BAR index */
+ index = (offset - PCI_BASE_ADDRESS_0) >> 2;
+ if (index >= PCI_NUM_REGIONS) {
+ return -1;
+ }
+
+ return index;
+}
+
+static uint32_t xen_pt_pci_read_config(PCIDevice *d, uint32_t addr, int len)
+{
+ XenPCIPassthroughState *s = DO_UPCAST(XenPCIPassthroughState, dev, d);
+ uint32_t val = 0;
+ XenPTRegGroup *reg_grp_entry = NULL;
+ XenPTReg *reg_entry = NULL;
+ int rc = 0;
+ int emul_len = 0;
+ uint32_t find_addr = addr;
+
+ if (xen_pt_pci_config_access_check(d, addr, len)) {
+ goto exit;
+ }
+
+ /* find register group entry */
+ reg_grp_entry = xen_pt_find_reg_grp(s, addr);
+ if (reg_grp_entry) {
+ /* check 0-Hardwired register group */
+ if (reg_grp_entry->reg_grp->grp_type == XEN_PT_GRP_TYPE_HARDWIRED) {
+ /* no need to emulate, just return 0 */
+ val = 0;
+ goto exit;
+ }
+ }
+
+ /* read I/O device register value */
+ rc = xen_host_pci_get_block(&s->real_device, addr, (uint8_t *)&val, len);
+ if (rc < 0) {
+ XEN_PT_ERR(d, "pci_read_block failed. return value: %d.\n", rc);
+ memset(&val, 0xff, len);
+ }
+
+ /* just return the I/O device register value for
+ * passthrough type register group */
+ if (reg_grp_entry == NULL) {
+ goto exit;
+ }
+
+ /* adjust the read value to appropriate CFC-CFF window */
+ val <<= (addr & 3) << 3;
+ emul_len = len;
+
+ /* loop around the guest requested size */
+ while (emul_len > 0) {
+ /* find register entry to be emulated */
+ reg_entry = xen_pt_find_reg(reg_grp_entry, find_addr);
+ if (reg_entry) {
+ XenPTRegInfo *reg = reg_entry->reg;
+ uint32_t real_offset = reg_grp_entry->base_offset + reg->offset;
+ uint32_t valid_mask = 0xFFFFFFFF >> ((4 - emul_len) << 3);
+ uint8_t *ptr_val = NULL;
+
+ valid_mask <<= (find_addr - real_offset) << 3;
+ ptr_val = (uint8_t *)&val + (real_offset & 3);
+
+ /* do emulation based on register size */
+ switch (reg->size) {
+ case 1:
+ if (reg->u.b.read) {
+ rc = reg->u.b.read(s, reg_entry, ptr_val, valid_mask);
+ }
+ break;
+ case 2:
+ if (reg->u.w.read) {
+ rc = reg->u.w.read(s, reg_entry,
+ (uint16_t *)ptr_val, valid_mask);
+ }
+ break;
+ case 4:
+ if (reg->u.dw.read) {
+ rc = reg->u.dw.read(s, reg_entry,
+ (uint32_t *)ptr_val, valid_mask);
+ }
+ break;
+ }
+
+ if (rc < 0) {
+ xen_shutdown_fatal_error("Internal error: Invalid read "
+ "emulation. (%s, rc: %d)\n",
+ __func__, rc);
+ return 0;
+ }
+
+ /* calculate next address to find */
+ emul_len -= reg->size;
+ if (emul_len > 0) {
+ find_addr = real_offset + reg->size;
+ }
+ } else {
+ /* nothing to do with passthrough type register,
+ * continue to find next byte */
+ emul_len--;
+ find_addr++;
+ }
+ }
+
+ /* need to shift back before returning them to pci bus emulator */
+ val >>= ((addr & 3) << 3);
+
+exit:
+ XEN_PT_LOG_CONFIG(d, addr, val, len);
+ return val;
+}
+
+static void xen_pt_pci_write_config(PCIDevice *d, uint32_t addr,
+ uint32_t val, int len)
+{
+ XenPCIPassthroughState *s = DO_UPCAST(XenPCIPassthroughState, dev, d);
+ int index = 0;
+ XenPTRegGroup *reg_grp_entry = NULL;
+ int rc = 0;
+ uint32_t read_val = 0;
+ int emul_len = 0;
+ XenPTReg *reg_entry = NULL;
+ uint32_t find_addr = addr;
+ XenPTRegInfo *reg = NULL;
+
+ if (xen_pt_pci_config_access_check(d, addr, len)) {
+ return;
+ }
+
+ XEN_PT_LOG_CONFIG(d, addr, val, len);
+
+ /* check unused BAR register */
+ index = xen_pt_bar_offset_to_index(addr);
+ if ((index >= 0) && (val > 0 && val < XEN_PT_BAR_ALLF) &&
+ (s->bases[index].bar_flag == XEN_PT_BAR_FLAG_UNUSED)) {
+ XEN_PT_WARN(d, "Guest attempt to set address to unused Base Address "
+ "Register. (addr: 0x%02x, len: %d)\n", addr, len);
+ }
+
+ /* find register group entry */
+ reg_grp_entry = xen_pt_find_reg_grp(s, addr);
+ if (reg_grp_entry) {
+ /* check 0-Hardwired register group */
+ if (reg_grp_entry->reg_grp->grp_type == XEN_PT_GRP_TYPE_HARDWIRED) {
+ /* ignore silently */
+ XEN_PT_WARN(d, "Access to 0-Hardwired register. "
+ "(addr: 0x%02x, len: %d)\n", addr, len);
+ return;
+ }
+ }
+
+ rc = xen_host_pci_get_block(&s->real_device, addr,
+ (uint8_t *)&read_val, len);
+ if (rc < 0) {
+ XEN_PT_ERR(d, "pci_read_block failed. return value: %d.\n", rc);
+ memset(&read_val, 0xff, len);
+ }
+
+ /* pass directly to the real device for passthrough type register group */
+ if (reg_grp_entry == NULL) {
+ goto out;
+ }
+
+ memory_region_transaction_begin();
+ pci_default_write_config(d, addr, val, len);
+
+ /* adjust the read and write value to appropriate CFC-CFF window */
+ read_val <<= (addr & 3) << 3;
+ val <<= (addr & 3) << 3;
+ emul_len = len;
+
+ /* loop around the guest requested size */
+ while (emul_len > 0) {
+ /* find register entry to be emulated */
+ reg_entry = xen_pt_find_reg(reg_grp_entry, find_addr);
+ if (reg_entry) {
+ reg = reg_entry->reg;
+ uint32_t real_offset = reg_grp_entry->base_offset + reg->offset;
+ uint32_t valid_mask = 0xFFFFFFFF >> ((4 - emul_len) << 3);
+ uint8_t *ptr_val = NULL;
+
+ valid_mask <<= (find_addr - real_offset) << 3;
+ ptr_val = (uint8_t *)&val + (real_offset & 3);
+
+ /* do emulation based on register size */
+ switch (reg->size) {
+ case 1:
+ if (reg->u.b.write) {
+ rc = reg->u.b.write(s, reg_entry, ptr_val,
+ read_val >> ((real_offset & 3) << 3),
+ valid_mask);
+ }
+ break;
+ case 2:
+ if (reg->u.w.write) {
+ rc = reg->u.w.write(s, reg_entry, (uint16_t *)ptr_val,
+ (read_val >> ((real_offset & 3) << 3)),
+ valid_mask);
+ }
+ break;
+ case 4:
+ if (reg->u.dw.write) {
+ rc = reg->u.dw.write(s, reg_entry, (uint32_t *)ptr_val,
+ (read_val >> ((real_offset & 3) << 3)),
+ valid_mask);
+ }
+ break;
+ }
+
+ if (rc < 0) {
+ xen_shutdown_fatal_error("Internal error: Invalid write"
+ " emulation. (%s, rc: %d)\n",
+ __func__, rc);
+ return;
+ }
+
+ /* calculate next address to find */
+ emul_len -= reg->size;
+ if (emul_len > 0) {
+ find_addr = real_offset + reg->size;
+ }
+ } else {
+ /* nothing to do with passthrough type register,
+ * continue to find next byte */
+ emul_len--;
+ find_addr++;
+ }
+ }
+
+ /* need to shift back before passing them to xen_host_pci_device */
+ val >>= (addr & 3) << 3;
+
+ memory_region_transaction_commit();
+
+out:
+ if (!(reg && reg->no_wb)) {
+ /* unknown regs are passed through */
+ rc = xen_host_pci_set_block(&s->real_device, addr,
+ (uint8_t *)&val, len);
+
+ if (rc < 0) {
+ XEN_PT_ERR(d, "pci_write_block failed. return value: %d.\n", rc);
+ }
+ }
+}
+
+/* register regions */
+
+static uint64_t xen_pt_bar_read(void *o, hwaddr addr,
+ unsigned size)
+{
+ PCIDevice *d = o;
+ /* if this function is called, that probably means that there is a
+ * misconfiguration of the IOMMU. */
+ XEN_PT_ERR(d, "Should not read BAR through QEMU. @0x"TARGET_FMT_plx"\n",
+ addr);
+ return 0;
+}
+static void xen_pt_bar_write(void *o, hwaddr addr, uint64_t val,
+ unsigned size)
+{
+ PCIDevice *d = o;
+ /* Same comment as xen_pt_bar_read function */
+ XEN_PT_ERR(d, "Should not write BAR through QEMU. @0x"TARGET_FMT_plx"\n",
+ addr);
+}
+
+static const MemoryRegionOps ops = {
+ .endianness = DEVICE_NATIVE_ENDIAN,
+ .read = xen_pt_bar_read,
+ .write = xen_pt_bar_write,
+};
+
+static int xen_pt_register_regions(XenPCIPassthroughState *s)
+{
+ int i = 0;
+ XenHostPCIDevice *d = &s->real_device;
+
+ /* Register PIO/MMIO BARs */
+ for (i = 0; i < PCI_ROM_SLOT; i++) {
+ XenHostPCIIORegion *r = &d->io_regions[i];
+ uint8_t type;
+
+ if (r->base_addr == 0 || r->size == 0) {
+ continue;
+ }
+
+ s->bases[i].access.u = r->base_addr;
+
+ if (r->type & XEN_HOST_PCI_REGION_TYPE_IO) {
+ type = PCI_BASE_ADDRESS_SPACE_IO;
+ } else {
+ type = PCI_BASE_ADDRESS_SPACE_MEMORY;
+ if (r->type & XEN_HOST_PCI_REGION_TYPE_PREFETCH) {
+ type |= PCI_BASE_ADDRESS_MEM_PREFETCH;
+ }
+ if (r->type & XEN_HOST_PCI_REGION_TYPE_MEM_64) {
+ type |= PCI_BASE_ADDRESS_MEM_TYPE_64;
+ }
+ }
+
+ memory_region_init_io(&s->bar[i], OBJECT(s), &ops, &s->dev,
+ "xen-pci-pt-bar", r->size);
+ pci_register_bar(&s->dev, i, type, &s->bar[i]);
+
+ XEN_PT_LOG(&s->dev, "IO region %i registered (size=0x%lx"PRIx64
+ " base_addr=0x%lx"PRIx64" type: %#x)\n",
+ i, r->size, r->base_addr, type);
+ }
+
+ /* Register expansion ROM address */
+ if (d->rom.base_addr && d->rom.size) {
+ uint32_t bar_data = 0;
+
+ /* Re-set BAR reported by OS, otherwise ROM can't be read. */
+ if (xen_host_pci_get_long(d, PCI_ROM_ADDRESS, &bar_data)) {
+ return 0;
+ }
+ if ((bar_data & PCI_ROM_ADDRESS_MASK) == 0) {
+ bar_data |= d->rom.base_addr & PCI_ROM_ADDRESS_MASK;
+ xen_host_pci_set_long(d, PCI_ROM_ADDRESS, bar_data);
+ }
+
+ s->bases[PCI_ROM_SLOT].access.maddr = d->rom.base_addr;
+
+ memory_region_init_rom_device(&s->rom, OBJECT(s), NULL, NULL,
+ "xen-pci-pt-rom", d->rom.size);
+ pci_register_bar(&s->dev, PCI_ROM_SLOT, PCI_BASE_ADDRESS_MEM_PREFETCH,
+ &s->rom);
+
+ XEN_PT_LOG(&s->dev, "Expansion ROM registered (size=0x%08"PRIx64
+ " base_addr=0x%08"PRIx64")\n",
+ d->rom.size, d->rom.base_addr);
+ }
+
+ return 0;
+}
+
+static void xen_pt_unregister_regions(XenPCIPassthroughState *s)
+{
+ XenHostPCIDevice *d = &s->real_device;
+ int i;
+
+ for (i = 0; i < PCI_NUM_REGIONS - 1; i++) {
+ XenHostPCIIORegion *r = &d->io_regions[i];
+
+ if (r->base_addr == 0 || r->size == 0) {
+ continue;
+ }
+
+ memory_region_destroy(&s->bar[i]);
+ }
+ if (d->rom.base_addr && d->rom.size) {
+ memory_region_destroy(&s->rom);
+ }
+}
+
+/* region mapping */
+
+static int xen_pt_bar_from_region(XenPCIPassthroughState *s, MemoryRegion *mr)
+{
+ int i = 0;
+
+ for (i = 0; i < PCI_NUM_REGIONS - 1; i++) {
+ if (mr == &s->bar[i]) {
+ return i;
+ }
+ }
+ if (mr == &s->rom) {
+ return PCI_ROM_SLOT;
+ }
+ return -1;
+}
+
+/*
+ * This function checks if an io_region overlaps an io_region from another
+ * device. The io_region to check is provided with (addr, size and type)
+ * A callback can be provided and will be called for every region that is
+ * overlapped.
+ * The return value indicates if the region is overlappsed */
+struct CheckBarArgs {
+ XenPCIPassthroughState *s;
+ pcibus_t addr;
+ pcibus_t size;
+ uint8_t type;
+ bool rc;
+};
+static void xen_pt_check_bar_overlap(PCIBus *bus, PCIDevice *d, void *opaque)
+{
+ struct CheckBarArgs *arg = opaque;
+ XenPCIPassthroughState *s = arg->s;
+ uint8_t type = arg->type;
+ int i;
+
+ if (d->devfn == s->dev.devfn) {
+ return;
+ }
+
+ /* xxx: This ignores bridges. */
+ for (i = 0; i < PCI_NUM_REGIONS; i++) {
+ const PCIIORegion *r = &d->io_regions[i];
+
+ if (!r->size) {
+ continue;
+ }
+ if ((type & PCI_BASE_ADDRESS_SPACE_IO)
+ != (r->type & PCI_BASE_ADDRESS_SPACE_IO)) {
+ continue;
+ }
+
+ if (ranges_overlap(arg->addr, arg->size, r->addr, r->size)) {
+ XEN_PT_WARN(&s->dev,
+ "Overlapped to device [%02x:%02x.%d] Region: %i"
+ " (addr: %#"FMT_PCIBUS", len: %#"FMT_PCIBUS")\n",
+ pci_bus_num(bus), PCI_SLOT(d->devfn),
+ PCI_FUNC(d->devfn), i, r->addr, r->size);
+ arg->rc = true;
+ }
+ }
+}
+
+static void xen_pt_region_update(XenPCIPassthroughState *s,
+ MemoryRegionSection *sec, bool adding)
+{
+ PCIDevice *d = &s->dev;
+ MemoryRegion *mr = sec->mr;
+ int bar = -1;
+ int rc;
+ int op = adding ? DPCI_ADD_MAPPING : DPCI_REMOVE_MAPPING;
+ struct CheckBarArgs args = {
+ .s = s,
+ .addr = sec->offset_within_address_space,
+ .size = int128_get64(sec->size),
+ .rc = false,
+ };
+
+ bar = xen_pt_bar_from_region(s, mr);
+ if (bar == -1 && (!s->msix || &s->msix->mmio != mr)) {
+ return;
+ }
+
+ if (s->msix && &s->msix->mmio == mr) {
+ if (adding) {
+ s->msix->mmio_base_addr = sec->offset_within_address_space;
+ rc = xen_pt_msix_update_remap(s, s->msix->bar_index);
+ }
+ return;
+ }
+
+ args.type = d->io_regions[bar].type;
+ pci_for_each_device(d->bus, pci_bus_num(d->bus),
+ xen_pt_check_bar_overlap, &args);
+ if (args.rc) {
+ XEN_PT_WARN(d, "Region: %d (addr: %#"FMT_PCIBUS
+ ", len: %#"FMT_PCIBUS") is overlapped.\n",
+ bar, sec->offset_within_address_space, sec->size);
+ }
+
+ if (d->io_regions[bar].type & PCI_BASE_ADDRESS_SPACE_IO) {
+ uint32_t guest_port = sec->offset_within_address_space;
+ uint32_t machine_port = s->bases[bar].access.pio_base;
+ uint32_t size = int128_get64(sec->size);
+ rc = xc_domain_ioport_mapping(xen_xc, xen_domid,
+ guest_port, machine_port, size,
+ op);
+ if (rc) {
+ XEN_PT_ERR(d, "%s ioport mapping failed! (rc: %i)\n",
+ adding ? "create new" : "remove old", rc);
+ }
+ } else {
+ pcibus_t guest_addr = sec->offset_within_address_space;
+ pcibus_t machine_addr = s->bases[bar].access.maddr
+ + sec->offset_within_region;
+ pcibus_t size = int128_get64(sec->size);
+ rc = xc_domain_memory_mapping(xen_xc, xen_domid,
+ XEN_PFN(guest_addr + XC_PAGE_SIZE - 1),
+ XEN_PFN(machine_addr + XC_PAGE_SIZE - 1),
+ XEN_PFN(size + XC_PAGE_SIZE - 1),
+ op);
+ if (rc) {
+ XEN_PT_ERR(d, "%s mem mapping failed! (rc: %i)\n",
+ adding ? "create new" : "remove old", rc);
+ }
+ }
+}
+
+static void xen_pt_region_add(MemoryListener *l, MemoryRegionSection *sec)
+{
+ XenPCIPassthroughState *s = container_of(l, XenPCIPassthroughState,
+ memory_listener);
+
+ memory_region_ref(sec->mr);
+ xen_pt_region_update(s, sec, true);
+}
+
+static void xen_pt_region_del(MemoryListener *l, MemoryRegionSection *sec)
+{
+ XenPCIPassthroughState *s = container_of(l, XenPCIPassthroughState,
+ memory_listener);
+
+ xen_pt_region_update(s, sec, false);
+ memory_region_unref(sec->mr);
+}
+
+static void xen_pt_io_region_add(MemoryListener *l, MemoryRegionSection *sec)
+{
+ XenPCIPassthroughState *s = container_of(l, XenPCIPassthroughState,
+ io_listener);
+
+ memory_region_ref(sec->mr);
+ xen_pt_region_update(s, sec, true);
+}
+
+static void xen_pt_io_region_del(MemoryListener *l, MemoryRegionSection *sec)
+{
+ XenPCIPassthroughState *s = container_of(l, XenPCIPassthroughState,
+ io_listener);
+
+ xen_pt_region_update(s, sec, false);
+ memory_region_unref(sec->mr);
+}
+
+static const MemoryListener xen_pt_memory_listener = {
+ .region_add = xen_pt_region_add,
+ .region_del = xen_pt_region_del,
+ .priority = 10,
+};
+
+static const MemoryListener xen_pt_io_listener = {
+ .region_add = xen_pt_io_region_add,
+ .region_del = xen_pt_io_region_del,
+ .priority = 10,
+};
+
+/* init */
+
+static int xen_pt_initfn(PCIDevice *d)
+{
+ XenPCIPassthroughState *s = DO_UPCAST(XenPCIPassthroughState, dev, d);
+ int rc = 0;
+ uint8_t machine_irq = 0;
+ int pirq = XEN_PT_UNASSIGNED_PIRQ;
+
+ /* register real device */
+ XEN_PT_LOG(d, "Assigning real physical device %02x:%02x.%d"
+ " to devfn %#x\n",
+ s->hostaddr.bus, s->hostaddr.slot, s->hostaddr.function,
+ s->dev.devfn);
+
+ rc = xen_host_pci_device_get(&s->real_device,
+ s->hostaddr.domain, s->hostaddr.bus,
+ s->hostaddr.slot, s->hostaddr.function);
+ if (rc) {
+ XEN_PT_ERR(d, "Failed to \"open\" the real pci device. rc: %i\n", rc);
+ return -1;
+ }
+
+ s->is_virtfn = s->real_device.is_virtfn;
+ if (s->is_virtfn) {
+ XEN_PT_LOG(d, "%04x:%02x:%02x.%d is a SR-IOV Virtual Function\n",
+ s->real_device.domain, s->real_device.bus,
+ s->real_device.dev, s->real_device.func);
+ }
+
+ /* Initialize virtualized PCI configuration (Extended 256 Bytes) */
+ if (xen_host_pci_get_block(&s->real_device, 0, d->config,
+ PCI_CONFIG_SPACE_SIZE) == -1) {
+ xen_host_pci_device_put(&s->real_device);
+ return -1;
+ }
+
+ s->memory_listener = xen_pt_memory_listener;
+ s->io_listener = xen_pt_io_listener;
+
+ /* Handle real device's MMIO/PIO BARs */
+ xen_pt_register_regions(s);
+
+ /* reinitialize each config register to be emulated */
+ if (xen_pt_config_init(s)) {
+ XEN_PT_ERR(d, "PCI Config space initialisation failed.\n");
+ xen_host_pci_device_put(&s->real_device);
+ return -1;
+ }
+
+ /* Bind interrupt */
+ if (!s->dev.config[PCI_INTERRUPT_PIN]) {
+ XEN_PT_LOG(d, "no pin interrupt\n");
+ goto out;
+ }
+
+ machine_irq = s->real_device.irq;
+ rc = xc_physdev_map_pirq(xen_xc, xen_domid, machine_irq, &pirq);
+
+ if (rc < 0) {
+ XEN_PT_ERR(d, "Mapping machine irq %u to pirq %i failed, (rc: %d)\n",
+ machine_irq, pirq, rc);
+
+ /* Disable PCI intx assertion (turn on bit10 of devctl) */
+ xen_host_pci_set_word(&s->real_device,
+ PCI_COMMAND,
+ pci_get_word(s->dev.config + PCI_COMMAND)
+ | PCI_COMMAND_INTX_DISABLE);
+ machine_irq = 0;
+ s->machine_irq = 0;
+ } else {
+ machine_irq = pirq;
+ s->machine_irq = pirq;
+ xen_pt_mapped_machine_irq[machine_irq]++;
+ }
+
+ /* bind machine_irq to device */
+ if (machine_irq != 0) {
+ uint8_t e_intx = xen_pt_pci_intx(s);
+
+ rc = xc_domain_bind_pt_pci_irq(xen_xc, xen_domid, machine_irq,
+ pci_bus_num(d->bus),
+ PCI_SLOT(d->devfn),
+ e_intx);
+ if (rc < 0) {
+ XEN_PT_ERR(d, "Binding of interrupt %i failed! (rc: %d)\n",
+ e_intx, rc);
+
+ /* Disable PCI intx assertion (turn on bit10 of devctl) */
+ xen_host_pci_set_word(&s->real_device, PCI_COMMAND,
+ *(uint16_t *)(&s->dev.config[PCI_COMMAND])
+ | PCI_COMMAND_INTX_DISABLE);
+ xen_pt_mapped_machine_irq[machine_irq]--;
+
+ if (xen_pt_mapped_machine_irq[machine_irq] == 0) {
+ if (xc_physdev_unmap_pirq(xen_xc, xen_domid, machine_irq)) {
+ XEN_PT_ERR(d, "Unmapping of machine interrupt %i failed!"
+ " (rc: %d)\n", machine_irq, rc);
+ }
+ }
+ s->machine_irq = 0;
+ }
+ }
+
+out:
+ memory_listener_register(&s->memory_listener, &address_space_memory);
+ memory_listener_register(&s->io_listener, &address_space_io);
+ XEN_PT_LOG(d,
+ "Real physical device %02x:%02x.%d registered successfully!\n",
+ s->hostaddr.bus, s->hostaddr.slot, s->hostaddr.function);
+
+ return 0;
+}
+
+static void xen_pt_unregister_device(PCIDevice *d)
+{
+ XenPCIPassthroughState *s = DO_UPCAST(XenPCIPassthroughState, dev, d);
+ uint8_t machine_irq = s->machine_irq;
+ uint8_t intx = xen_pt_pci_intx(s);
+ int rc;
+
+ if (machine_irq) {
+ rc = xc_domain_unbind_pt_irq(xen_xc, xen_domid, machine_irq,
+ PT_IRQ_TYPE_PCI,
+ pci_bus_num(d->bus),
+ PCI_SLOT(s->dev.devfn),
+ intx,
+ 0 /* isa_irq */);
+ if (rc < 0) {
+ XEN_PT_ERR(d, "unbinding of interrupt INT%c failed."
+ " (machine irq: %i, rc: %d)"
+ " But bravely continuing on..\n",
+ 'a' + intx, machine_irq, rc);
+ }
+ }
+
+ if (s->msi) {
+ xen_pt_msi_disable(s);
+ }
+ if (s->msix) {
+ xen_pt_msix_disable(s);
+ }
+
+ if (machine_irq) {
+ xen_pt_mapped_machine_irq[machine_irq]--;
+
+ if (xen_pt_mapped_machine_irq[machine_irq] == 0) {
+ rc = xc_physdev_unmap_pirq(xen_xc, xen_domid, machine_irq);
+
+ if (rc < 0) {
+ XEN_PT_ERR(d, "unmapping of interrupt %i failed. (rc: %d)"
+ " But bravely continuing on..\n",
+ machine_irq, rc);
+ }
+ }
+ }
+
+ /* delete all emulated config registers */
+ xen_pt_config_delete(s);
+
+ xen_pt_unregister_regions(s);
+ memory_listener_unregister(&s->memory_listener);
+ memory_listener_unregister(&s->io_listener);
+
+ xen_host_pci_device_put(&s->real_device);
+}
+
+static Property xen_pci_passthrough_properties[] = {
+ DEFINE_PROP_PCI_HOST_DEVADDR("hostaddr", XenPCIPassthroughState, hostaddr),
+ DEFINE_PROP_END_OF_LIST(),
+};
+
+static void xen_pci_passthrough_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ PCIDeviceClass *k = PCI_DEVICE_CLASS(klass);
+
+ k->init = xen_pt_initfn;
+ k->exit = xen_pt_unregister_device;
+ k->config_read = xen_pt_pci_read_config;
+ k->config_write = xen_pt_pci_write_config;
+ set_bit(DEVICE_CATEGORY_MISC, dc->categories);
+ dc->desc = "Assign an host PCI device with Xen";
+ dc->props = xen_pci_passthrough_properties;
+};
+
+static const TypeInfo xen_pci_passthrough_info = {
+ .name = "xen-pci-passthrough",
+ .parent = TYPE_PCI_DEVICE,
+ .instance_size = sizeof(XenPCIPassthroughState),
+ .class_init = xen_pci_passthrough_class_init,
+};
+
+static void xen_pci_passthrough_register_types(void)
+{
+ type_register_static(&xen_pci_passthrough_info);
+}
+
+type_init(xen_pci_passthrough_register_types)
diff --git a/hw/xen/xen_pt.h b/hw/xen/xen_pt.h
new file mode 100644
index 000000000..942dc60cc
--- /dev/null
+++ b/hw/xen/xen_pt.h
@@ -0,0 +1,302 @@
+#ifndef XEN_PT_H
+#define XEN_PT_H
+
+#include "qemu-common.h"
+#include "hw/xen/xen_common.h"
+#include "hw/pci/pci.h"
+#include "xen-host-pci-device.h"
+
+void xen_pt_log(const PCIDevice *d, const char *f, ...) GCC_FMT_ATTR(2, 3);
+
+#define XEN_PT_ERR(d, _f, _a...) xen_pt_log(d, "%s: Error: "_f, __func__, ##_a)
+
+#ifdef XEN_PT_LOGGING_ENABLED
+# define XEN_PT_LOG(d, _f, _a...) xen_pt_log(d, "%s: " _f, __func__, ##_a)
+# define XEN_PT_WARN(d, _f, _a...) \
+ xen_pt_log(d, "%s: Warning: "_f, __func__, ##_a)
+#else
+# define XEN_PT_LOG(d, _f, _a...)
+# define XEN_PT_WARN(d, _f, _a...)
+#endif
+
+#ifdef XEN_PT_DEBUG_PCI_CONFIG_ACCESS
+# define XEN_PT_LOG_CONFIG(d, addr, val, len) \
+ xen_pt_log(d, "%s: address=0x%04x val=0x%08x len=%d\n", \
+ __func__, addr, val, len)
+#else
+# define XEN_PT_LOG_CONFIG(d, addr, val, len)
+#endif
+
+
+/* Helper */
+#define XEN_PFN(x) ((x) >> XC_PAGE_SHIFT)
+
+typedef struct XenPTRegInfo XenPTRegInfo;
+typedef struct XenPTReg XenPTReg;
+
+typedef struct XenPCIPassthroughState XenPCIPassthroughState;
+
+/* function type for config reg */
+typedef int (*xen_pt_conf_reg_init)
+ (XenPCIPassthroughState *, XenPTRegInfo *, uint32_t real_offset,
+ uint32_t *data);
+typedef int (*xen_pt_conf_dword_write)
+ (XenPCIPassthroughState *, XenPTReg *cfg_entry,
+ uint32_t *val, uint32_t dev_value, uint32_t valid_mask);
+typedef int (*xen_pt_conf_word_write)
+ (XenPCIPassthroughState *, XenPTReg *cfg_entry,
+ uint16_t *val, uint16_t dev_value, uint16_t valid_mask);
+typedef int (*xen_pt_conf_byte_write)
+ (XenPCIPassthroughState *, XenPTReg *cfg_entry,
+ uint8_t *val, uint8_t dev_value, uint8_t valid_mask);
+typedef int (*xen_pt_conf_dword_read)
+ (XenPCIPassthroughState *, XenPTReg *cfg_entry,
+ uint32_t *val, uint32_t valid_mask);
+typedef int (*xen_pt_conf_word_read)
+ (XenPCIPassthroughState *, XenPTReg *cfg_entry,
+ uint16_t *val, uint16_t valid_mask);
+typedef int (*xen_pt_conf_byte_read)
+ (XenPCIPassthroughState *, XenPTReg *cfg_entry,
+ uint8_t *val, uint8_t valid_mask);
+
+#define XEN_PT_BAR_ALLF 0xFFFFFFFF
+#define XEN_PT_BAR_UNMAPPED (-1)
+
+#define PCI_CAP_MAX 48
+
+
+typedef enum {
+ XEN_PT_GRP_TYPE_HARDWIRED = 0, /* 0 Hardwired reg group */
+ XEN_PT_GRP_TYPE_EMU, /* emul reg group */
+} XenPTRegisterGroupType;
+
+typedef enum {
+ XEN_PT_BAR_FLAG_MEM = 0, /* Memory type BAR */
+ XEN_PT_BAR_FLAG_IO, /* I/O type BAR */
+ XEN_PT_BAR_FLAG_UPPER, /* upper 64bit BAR */
+ XEN_PT_BAR_FLAG_UNUSED, /* unused BAR */
+} XenPTBarFlag;
+
+
+typedef struct XenPTRegion {
+ /* BAR flag */
+ XenPTBarFlag bar_flag;
+ /* Translation of the emulated address */
+ union {
+ uint64_t maddr;
+ uint64_t pio_base;
+ uint64_t u;
+ } access;
+} XenPTRegion;
+
+/* XenPTRegInfo declaration
+ * - only for emulated register (either a part or whole bit).
+ * - for passthrough register that need special behavior (like interacting with
+ * other component), set emu_mask to all 0 and specify r/w func properly.
+ * - do NOT use ALL F for init_val, otherwise the tbl will not be registered.
+ */
+
+/* emulated register information */
+struct XenPTRegInfo {
+ uint32_t offset;
+ uint32_t size;
+ uint32_t init_val;
+ /* reg read only field mask (ON:RO/ROS, OFF:other) */
+ uint32_t ro_mask;
+ /* reg emulate field mask (ON:emu, OFF:passthrough) */
+ uint32_t emu_mask;
+ /* no write back allowed */
+ uint32_t no_wb;
+ xen_pt_conf_reg_init init;
+ /* read/write function pointer
+ * for double_word/word/byte size */
+ union {
+ struct {
+ xen_pt_conf_dword_write write;
+ xen_pt_conf_dword_read read;
+ } dw;
+ struct {
+ xen_pt_conf_word_write write;
+ xen_pt_conf_word_read read;
+ } w;
+ struct {
+ xen_pt_conf_byte_write write;
+ xen_pt_conf_byte_read read;
+ } b;
+ } u;
+};
+
+/* emulated register management */
+struct XenPTReg {
+ QLIST_ENTRY(XenPTReg) entries;
+ XenPTRegInfo *reg;
+ uint32_t data; /* emulated value */
+};
+
+typedef struct XenPTRegGroupInfo XenPTRegGroupInfo;
+
+/* emul reg group size initialize method */
+typedef int (*xen_pt_reg_size_init_fn)
+ (XenPCIPassthroughState *, const XenPTRegGroupInfo *,
+ uint32_t base_offset, uint8_t *size);
+
+/* emulated register group information */
+struct XenPTRegGroupInfo {
+ uint8_t grp_id;
+ XenPTRegisterGroupType grp_type;
+ uint8_t grp_size;
+ xen_pt_reg_size_init_fn size_init;
+ XenPTRegInfo *emu_regs;
+};
+
+/* emul register group management table */
+typedef struct XenPTRegGroup {
+ QLIST_ENTRY(XenPTRegGroup) entries;
+ const XenPTRegGroupInfo *reg_grp;
+ uint32_t base_offset;
+ uint8_t size;
+ QLIST_HEAD(, XenPTReg) reg_tbl_list;
+} XenPTRegGroup;
+
+
+#define XEN_PT_UNASSIGNED_PIRQ (-1)
+typedef struct XenPTMSI {
+ uint16_t flags;
+ uint32_t addr_lo; /* guest message address */
+ uint32_t addr_hi; /* guest message upper address */
+ uint16_t data; /* guest message data */
+ uint32_t ctrl_offset; /* saved control offset */
+ int pirq; /* guest pirq corresponding */
+ bool initialized; /* when guest MSI is initialized */
+ bool mapped; /* when pirq is mapped */
+} XenPTMSI;
+
+typedef struct XenPTMSIXEntry {
+ int pirq;
+ uint64_t addr;
+ uint32_t data;
+ uint32_t vector_ctrl;
+ bool updated; /* indicate whether MSI ADDR or DATA is updated */
+} XenPTMSIXEntry;
+typedef struct XenPTMSIX {
+ uint32_t ctrl_offset;
+ bool enabled;
+ int total_entries;
+ int bar_index;
+ uint64_t table_base;
+ uint32_t table_offset_adjust; /* page align mmap */
+ uint64_t mmio_base_addr;
+ MemoryRegion mmio;
+ void *phys_iomem_base;
+ XenPTMSIXEntry msix_entry[0];
+} XenPTMSIX;
+
+struct XenPCIPassthroughState {
+ PCIDevice dev;
+
+ PCIHostDeviceAddress hostaddr;
+ bool is_virtfn;
+ XenHostPCIDevice real_device;
+ XenPTRegion bases[PCI_NUM_REGIONS]; /* Access regions */
+ QLIST_HEAD(, XenPTRegGroup) reg_grps;
+
+ uint32_t machine_irq;
+
+ XenPTMSI *msi;
+ XenPTMSIX *msix;
+
+ MemoryRegion bar[PCI_NUM_REGIONS - 1];
+ MemoryRegion rom;
+
+ MemoryListener memory_listener;
+ MemoryListener io_listener;
+};
+
+int xen_pt_config_init(XenPCIPassthroughState *s);
+void xen_pt_config_delete(XenPCIPassthroughState *s);
+XenPTRegGroup *xen_pt_find_reg_grp(XenPCIPassthroughState *s, uint32_t address);
+XenPTReg *xen_pt_find_reg(XenPTRegGroup *reg_grp, uint32_t address);
+int xen_pt_bar_offset_to_index(uint32_t offset);
+
+static inline pcibus_t xen_pt_get_emul_size(XenPTBarFlag flag, pcibus_t r_size)
+{
+ /* align resource size (memory type only) */
+ if (flag == XEN_PT_BAR_FLAG_MEM) {
+ return (r_size + XC_PAGE_SIZE - 1) & XC_PAGE_MASK;
+ } else {
+ return r_size;
+ }
+}
+
+/* INTx */
+/* The PCI Local Bus Specification, Rev. 3.0,
+ * Section 6.2.4 Miscellaneous Registers, pp 223
+ * outlines 5 valid values for the interrupt pin (intx).
+ * 0: For devices (or device functions) that don't use an interrupt in
+ * 1: INTA#
+ * 2: INTB#
+ * 3: INTC#
+ * 4: INTD#
+ *
+ * Xen uses the following 4 values for intx
+ * 0: INTA#
+ * 1: INTB#
+ * 2: INTC#
+ * 3: INTD#
+ *
+ * Observing that these list of values are not the same, xen_pt_pci_read_intx()
+ * uses the following mapping from hw to xen values.
+ * This seems to reflect the current usage within Xen.
+ *
+ * PCI hardware | Xen | Notes
+ * ----------------+-----+----------------------------------------------------
+ * 0 | 0 | No interrupt
+ * 1 | 0 | INTA#
+ * 2 | 1 | INTB#
+ * 3 | 2 | INTC#
+ * 4 | 3 | INTD#
+ * any other value | 0 | This should never happen, log error message
+ */
+
+static inline uint8_t xen_pt_pci_read_intx(XenPCIPassthroughState *s)
+{
+ uint8_t v = 0;
+ xen_host_pci_get_byte(&s->real_device, PCI_INTERRUPT_PIN, &v);
+ return v;
+}
+
+static inline uint8_t xen_pt_pci_intx(XenPCIPassthroughState *s)
+{
+ uint8_t r_val = xen_pt_pci_read_intx(s);
+
+ XEN_PT_LOG(&s->dev, "intx=%i\n", r_val);
+ if (r_val < 1 || r_val > 4) {
+ XEN_PT_LOG(&s->dev, "Interrupt pin read from hardware is out of range:"
+ " value=%i, acceptable range is 1 - 4\n", r_val);
+ r_val = 0;
+ } else {
+ r_val -= 1;
+ }
+
+ return r_val;
+}
+
+/* MSI/MSI-X */
+int xen_pt_msi_set_enable(XenPCIPassthroughState *s, bool en);
+int xen_pt_msi_setup(XenPCIPassthroughState *s);
+int xen_pt_msi_update(XenPCIPassthroughState *d);
+void xen_pt_msi_disable(XenPCIPassthroughState *s);
+
+int xen_pt_msix_init(XenPCIPassthroughState *s, uint32_t base);
+void xen_pt_msix_delete(XenPCIPassthroughState *s);
+int xen_pt_msix_update(XenPCIPassthroughState *s);
+int xen_pt_msix_update_remap(XenPCIPassthroughState *s, int bar_index);
+void xen_pt_msix_disable(XenPCIPassthroughState *s);
+
+static inline bool xen_pt_has_msix_mapping(XenPCIPassthroughState *s, int bar)
+{
+ return s->msix && s->msix->bar_index == bar;
+}
+
+
+#endif /* !XEN_PT_H */
diff --git a/hw/xen/xen_pt_config_init.c b/hw/xen/xen_pt_config_init.c
new file mode 100644
index 000000000..8ccc2e4b9
--- /dev/null
+++ b/hw/xen/xen_pt_config_init.c
@@ -0,0 +1,1882 @@
+/*
+ * Copyright (c) 2007, Neocleus Corporation.
+ * Copyright (c) 2007, Intel Corporation.
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2. See
+ * the COPYING file in the top-level directory.
+ *
+ * Alex Novik <alex@neocleus.com>
+ * Allen Kay <allen.m.kay@intel.com>
+ * Guy Zana <guy@neocleus.com>
+ *
+ * This file implements direct PCI assignment to a HVM guest
+ */
+
+#include "qemu/timer.h"
+#include "hw/xen/xen_backend.h"
+#include "xen_pt.h"
+
+#define XEN_PT_MERGE_VALUE(value, data, val_mask) \
+ (((value) & (val_mask)) | ((data) & ~(val_mask)))
+
+#define XEN_PT_INVALID_REG 0xFFFFFFFF /* invalid register value */
+
+/* prototype */
+
+static int xen_pt_ptr_reg_init(XenPCIPassthroughState *s, XenPTRegInfo *reg,
+ uint32_t real_offset, uint32_t *data);
+
+
+/* helper */
+
+/* A return value of 1 means the capability should NOT be exposed to guest. */
+static int xen_pt_hide_dev_cap(const XenHostPCIDevice *d, uint8_t grp_id)
+{
+ switch (grp_id) {
+ case PCI_CAP_ID_EXP:
+ /* The PCI Express Capability Structure of the VF of Intel 82599 10GbE
+ * Controller looks trivial, e.g., the PCI Express Capabilities
+ * Register is 0. We should not try to expose it to guest.
+ *
+ * The datasheet is available at
+ * http://download.intel.com/design/network/datashts/82599_datasheet.pdf
+ *
+ * See 'Table 9.7. VF PCIe Configuration Space' of the datasheet, the
+ * PCI Express Capability Structure of the VF of Intel 82599 10GbE
+ * Controller looks trivial, e.g., the PCI Express Capabilities
+ * Register is 0, so the Capability Version is 0 and
+ * xen_pt_pcie_size_init() would fail.
+ */
+ if (d->vendor_id == PCI_VENDOR_ID_INTEL &&
+ d->device_id == PCI_DEVICE_ID_INTEL_82599_SFP_VF) {
+ return 1;
+ }
+ break;
+ }
+ return 0;
+}
+
+/* find emulate register group entry */
+XenPTRegGroup *xen_pt_find_reg_grp(XenPCIPassthroughState *s, uint32_t address)
+{
+ XenPTRegGroup *entry = NULL;
+
+ /* find register group entry */
+ QLIST_FOREACH(entry, &s->reg_grps, entries) {
+ /* check address */
+ if ((entry->base_offset <= address)
+ && ((entry->base_offset + entry->size) > address)) {
+ return entry;
+ }
+ }
+
+ /* group entry not found */
+ return NULL;
+}
+
+/* find emulate register entry */
+XenPTReg *xen_pt_find_reg(XenPTRegGroup *reg_grp, uint32_t address)
+{
+ XenPTReg *reg_entry = NULL;
+ XenPTRegInfo *reg = NULL;
+ uint32_t real_offset = 0;
+
+ /* find register entry */
+ QLIST_FOREACH(reg_entry, &reg_grp->reg_tbl_list, entries) {
+ reg = reg_entry->reg;
+ real_offset = reg_grp->base_offset + reg->offset;
+ /* check address */
+ if ((real_offset <= address)
+ && ((real_offset + reg->size) > address)) {
+ return reg_entry;
+ }
+ }
+
+ return NULL;
+}
+
+
+/****************
+ * general register functions
+ */
+
+/* register initialization function */
+
+static int xen_pt_common_reg_init(XenPCIPassthroughState *s,
+ XenPTRegInfo *reg, uint32_t real_offset,
+ uint32_t *data)
+{
+ *data = reg->init_val;
+ return 0;
+}
+
+/* Read register functions */
+
+static int xen_pt_byte_reg_read(XenPCIPassthroughState *s, XenPTReg *cfg_entry,
+ uint8_t *value, uint8_t valid_mask)
+{
+ XenPTRegInfo *reg = cfg_entry->reg;
+ uint8_t valid_emu_mask = 0;
+
+ /* emulate byte register */
+ valid_emu_mask = reg->emu_mask & valid_mask;
+ *value = XEN_PT_MERGE_VALUE(*value, cfg_entry->data, ~valid_emu_mask);
+
+ return 0;
+}
+static int xen_pt_word_reg_read(XenPCIPassthroughState *s, XenPTReg *cfg_entry,
+ uint16_t *value, uint16_t valid_mask)
+{
+ XenPTRegInfo *reg = cfg_entry->reg;
+ uint16_t valid_emu_mask = 0;
+
+ /* emulate word register */
+ valid_emu_mask = reg->emu_mask & valid_mask;
+ *value = XEN_PT_MERGE_VALUE(*value, cfg_entry->data, ~valid_emu_mask);
+
+ return 0;
+}
+static int xen_pt_long_reg_read(XenPCIPassthroughState *s, XenPTReg *cfg_entry,
+ uint32_t *value, uint32_t valid_mask)
+{
+ XenPTRegInfo *reg = cfg_entry->reg;
+ uint32_t valid_emu_mask = 0;
+
+ /* emulate long register */
+ valid_emu_mask = reg->emu_mask & valid_mask;
+ *value = XEN_PT_MERGE_VALUE(*value, cfg_entry->data, ~valid_emu_mask);
+
+ return 0;
+}
+
+/* Write register functions */
+
+static int xen_pt_byte_reg_write(XenPCIPassthroughState *s, XenPTReg *cfg_entry,
+ uint8_t *val, uint8_t dev_value,
+ uint8_t valid_mask)
+{
+ XenPTRegInfo *reg = cfg_entry->reg;
+ uint8_t writable_mask = 0;
+ uint8_t throughable_mask = 0;
+
+ /* modify emulate register */
+ writable_mask = reg->emu_mask & ~reg->ro_mask & valid_mask;
+ cfg_entry->data = XEN_PT_MERGE_VALUE(*val, cfg_entry->data, writable_mask);
+
+ /* create value for writing to I/O device register */
+ throughable_mask = ~reg->emu_mask & valid_mask;
+ *val = XEN_PT_MERGE_VALUE(*val, dev_value, throughable_mask);
+
+ return 0;
+}
+static int xen_pt_word_reg_write(XenPCIPassthroughState *s, XenPTReg *cfg_entry,
+ uint16_t *val, uint16_t dev_value,
+ uint16_t valid_mask)
+{
+ XenPTRegInfo *reg = cfg_entry->reg;
+ uint16_t writable_mask = 0;
+ uint16_t throughable_mask = 0;
+
+ /* modify emulate register */
+ writable_mask = reg->emu_mask & ~reg->ro_mask & valid_mask;
+ cfg_entry->data = XEN_PT_MERGE_VALUE(*val, cfg_entry->data, writable_mask);
+
+ /* create value for writing to I/O device register */
+ throughable_mask = ~reg->emu_mask & valid_mask;
+ *val = XEN_PT_MERGE_VALUE(*val, dev_value, throughable_mask);
+
+ return 0;
+}
+static int xen_pt_long_reg_write(XenPCIPassthroughState *s, XenPTReg *cfg_entry,
+ uint32_t *val, uint32_t dev_value,
+ uint32_t valid_mask)
+{
+ XenPTRegInfo *reg = cfg_entry->reg;
+ uint32_t writable_mask = 0;
+ uint32_t throughable_mask = 0;
+
+ /* modify emulate register */
+ writable_mask = reg->emu_mask & ~reg->ro_mask & valid_mask;
+ cfg_entry->data = XEN_PT_MERGE_VALUE(*val, cfg_entry->data, writable_mask);
+
+ /* create value for writing to I/O device register */
+ throughable_mask = ~reg->emu_mask & valid_mask;
+ *val = XEN_PT_MERGE_VALUE(*val, dev_value, throughable_mask);
+
+ return 0;
+}
+
+
+/* XenPTRegInfo declaration
+ * - only for emulated register (either a part or whole bit).
+ * - for passthrough register that need special behavior (like interacting with
+ * other component), set emu_mask to all 0 and specify r/w func properly.
+ * - do NOT use ALL F for init_val, otherwise the tbl will not be registered.
+ */
+
+/********************
+ * Header Type0
+ */
+
+static int xen_pt_vendor_reg_init(XenPCIPassthroughState *s,
+ XenPTRegInfo *reg, uint32_t real_offset,
+ uint32_t *data)
+{
+ *data = s->real_device.vendor_id;
+ return 0;
+}
+static int xen_pt_device_reg_init(XenPCIPassthroughState *s,
+ XenPTRegInfo *reg, uint32_t real_offset,
+ uint32_t *data)
+{
+ *data = s->real_device.device_id;
+ return 0;
+}
+static int xen_pt_status_reg_init(XenPCIPassthroughState *s,
+ XenPTRegInfo *reg, uint32_t real_offset,
+ uint32_t *data)
+{
+ XenPTRegGroup *reg_grp_entry = NULL;
+ XenPTReg *reg_entry = NULL;
+ uint32_t reg_field = 0;
+
+ /* find Header register group */
+ reg_grp_entry = xen_pt_find_reg_grp(s, PCI_CAPABILITY_LIST);
+ if (reg_grp_entry) {
+ /* find Capabilities Pointer register */
+ reg_entry = xen_pt_find_reg(reg_grp_entry, PCI_CAPABILITY_LIST);
+ if (reg_entry) {
+ /* check Capabilities Pointer register */
+ if (reg_entry->data) {
+ reg_field |= PCI_STATUS_CAP_LIST;
+ } else {
+ reg_field &= ~PCI_STATUS_CAP_LIST;
+ }
+ } else {
+ xen_shutdown_fatal_error("Internal error: Couldn't find XenPTReg*"
+ " for Capabilities Pointer register."
+ " (%s)\n", __func__);
+ return -1;
+ }
+ } else {
+ xen_shutdown_fatal_error("Internal error: Couldn't find XenPTRegGroup"
+ " for Header. (%s)\n", __func__);
+ return -1;
+ }
+
+ *data = reg_field;
+ return 0;
+}
+static int xen_pt_header_type_reg_init(XenPCIPassthroughState *s,
+ XenPTRegInfo *reg, uint32_t real_offset,
+ uint32_t *data)
+{
+ /* read PCI_HEADER_TYPE */
+ *data = reg->init_val | 0x80;
+ return 0;
+}
+
+/* initialize Interrupt Pin register */
+static int xen_pt_irqpin_reg_init(XenPCIPassthroughState *s,
+ XenPTRegInfo *reg, uint32_t real_offset,
+ uint32_t *data)
+{
+ *data = xen_pt_pci_read_intx(s);
+ return 0;
+}
+
+/* Command register */
+static int xen_pt_cmd_reg_read(XenPCIPassthroughState *s, XenPTReg *cfg_entry,
+ uint16_t *value, uint16_t valid_mask)
+{
+ XenPTRegInfo *reg = cfg_entry->reg;
+ uint16_t valid_emu_mask = 0;
+ uint16_t emu_mask = reg->emu_mask;
+
+ if (s->is_virtfn) {
+ emu_mask |= PCI_COMMAND_MEMORY;
+ }
+
+ /* emulate word register */
+ valid_emu_mask = emu_mask & valid_mask;
+ *value = XEN_PT_MERGE_VALUE(*value, cfg_entry->data, ~valid_emu_mask);
+
+ return 0;
+}
+static int xen_pt_cmd_reg_write(XenPCIPassthroughState *s, XenPTReg *cfg_entry,
+ uint16_t *val, uint16_t dev_value,
+ uint16_t valid_mask)
+{
+ XenPTRegInfo *reg = cfg_entry->reg;
+ uint16_t writable_mask = 0;
+ uint16_t throughable_mask = 0;
+ uint16_t emu_mask = reg->emu_mask;
+
+ if (s->is_virtfn) {
+ emu_mask |= PCI_COMMAND_MEMORY;
+ }
+
+ /* modify emulate register */
+ writable_mask = ~reg->ro_mask & valid_mask;
+ cfg_entry->data = XEN_PT_MERGE_VALUE(*val, cfg_entry->data, writable_mask);
+
+ /* create value for writing to I/O device register */
+ throughable_mask = ~emu_mask & valid_mask;
+
+ if (*val & PCI_COMMAND_INTX_DISABLE) {
+ throughable_mask |= PCI_COMMAND_INTX_DISABLE;
+ } else {
+ if (s->machine_irq) {
+ throughable_mask |= PCI_COMMAND_INTX_DISABLE;
+ }
+ }
+
+ *val = XEN_PT_MERGE_VALUE(*val, dev_value, throughable_mask);
+
+ return 0;
+}
+
+/* BAR */
+#define XEN_PT_BAR_MEM_RO_MASK 0x0000000F /* BAR ReadOnly mask(Memory) */
+#define XEN_PT_BAR_MEM_EMU_MASK 0xFFFFFFF0 /* BAR emul mask(Memory) */
+#define XEN_PT_BAR_IO_RO_MASK 0x00000003 /* BAR ReadOnly mask(I/O) */
+#define XEN_PT_BAR_IO_EMU_MASK 0xFFFFFFFC /* BAR emul mask(I/O) */
+
+static bool is_64bit_bar(PCIIORegion *r)
+{
+ return !!(r->type & PCI_BASE_ADDRESS_MEM_TYPE_64);
+}
+
+static uint64_t xen_pt_get_bar_size(PCIIORegion *r)
+{
+ if (is_64bit_bar(r)) {
+ uint64_t size64;
+ size64 = (r + 1)->size;
+ size64 <<= 32;
+ size64 += r->size;
+ return size64;
+ }
+ return r->size;
+}
+
+static XenPTBarFlag xen_pt_bar_reg_parse(XenPCIPassthroughState *s,
+ XenPTRegInfo *reg)
+{
+ PCIDevice *d = &s->dev;
+ XenPTRegion *region = NULL;
+ PCIIORegion *r;
+ int index = 0;
+
+ /* check 64bit BAR */
+ index = xen_pt_bar_offset_to_index(reg->offset);
+ if ((0 < index) && (index < PCI_ROM_SLOT)) {
+ int type = s->real_device.io_regions[index - 1].type;
+
+ if ((type & XEN_HOST_PCI_REGION_TYPE_MEM)
+ && (type & XEN_HOST_PCI_REGION_TYPE_MEM_64)) {
+ region = &s->bases[index - 1];
+ if (region->bar_flag != XEN_PT_BAR_FLAG_UPPER) {
+ return XEN_PT_BAR_FLAG_UPPER;
+ }
+ }
+ }
+
+ /* check unused BAR */
+ r = &d->io_regions[index];
+ if (!xen_pt_get_bar_size(r)) {
+ return XEN_PT_BAR_FLAG_UNUSED;
+ }
+
+ /* for ExpROM BAR */
+ if (index == PCI_ROM_SLOT) {
+ return XEN_PT_BAR_FLAG_MEM;
+ }
+
+ /* check BAR I/O indicator */
+ if (s->real_device.io_regions[index].type & XEN_HOST_PCI_REGION_TYPE_IO) {
+ return XEN_PT_BAR_FLAG_IO;
+ } else {
+ return XEN_PT_BAR_FLAG_MEM;
+ }
+}
+
+static inline uint32_t base_address_with_flags(XenHostPCIIORegion *hr)
+{
+ if (hr->type & XEN_HOST_PCI_REGION_TYPE_IO) {
+ return hr->base_addr | (hr->bus_flags & ~PCI_BASE_ADDRESS_IO_MASK);
+ } else {
+ return hr->base_addr | (hr->bus_flags & ~PCI_BASE_ADDRESS_MEM_MASK);
+ }
+}
+
+static int xen_pt_bar_reg_init(XenPCIPassthroughState *s, XenPTRegInfo *reg,
+ uint32_t real_offset, uint32_t *data)
+{
+ uint32_t reg_field = 0;
+ int index;
+
+ index = xen_pt_bar_offset_to_index(reg->offset);
+ if (index < 0 || index >= PCI_NUM_REGIONS) {
+ XEN_PT_ERR(&s->dev, "Internal error: Invalid BAR index [%d].\n", index);
+ return -1;
+ }
+
+ /* set BAR flag */
+ s->bases[index].bar_flag = xen_pt_bar_reg_parse(s, reg);
+ if (s->bases[index].bar_flag == XEN_PT_BAR_FLAG_UNUSED) {
+ reg_field = XEN_PT_INVALID_REG;
+ }
+
+ *data = reg_field;
+ return 0;
+}
+static int xen_pt_bar_reg_read(XenPCIPassthroughState *s, XenPTReg *cfg_entry,
+ uint32_t *value, uint32_t valid_mask)
+{
+ XenPTRegInfo *reg = cfg_entry->reg;
+ uint32_t valid_emu_mask = 0;
+ uint32_t bar_emu_mask = 0;
+ int index;
+
+ /* get BAR index */
+ index = xen_pt_bar_offset_to_index(reg->offset);
+ if (index < 0 || index >= PCI_NUM_REGIONS) {
+ XEN_PT_ERR(&s->dev, "Internal error: Invalid BAR index [%d].\n", index);
+ return -1;
+ }
+
+ /* use fixed-up value from kernel sysfs */
+ *value = base_address_with_flags(&s->real_device.io_regions[index]);
+
+ /* set emulate mask depend on BAR flag */
+ switch (s->bases[index].bar_flag) {
+ case XEN_PT_BAR_FLAG_MEM:
+ bar_emu_mask = XEN_PT_BAR_MEM_EMU_MASK;
+ break;
+ case XEN_PT_BAR_FLAG_IO:
+ bar_emu_mask = XEN_PT_BAR_IO_EMU_MASK;
+ break;
+ case XEN_PT_BAR_FLAG_UPPER:
+ bar_emu_mask = XEN_PT_BAR_ALLF;
+ break;
+ default:
+ break;
+ }
+
+ /* emulate BAR */
+ valid_emu_mask = bar_emu_mask & valid_mask;
+ *value = XEN_PT_MERGE_VALUE(*value, cfg_entry->data, ~valid_emu_mask);
+
+ return 0;
+}
+static int xen_pt_bar_reg_write(XenPCIPassthroughState *s, XenPTReg *cfg_entry,
+ uint32_t *val, uint32_t dev_value,
+ uint32_t valid_mask)
+{
+ XenPTRegInfo *reg = cfg_entry->reg;
+ XenPTRegion *base = NULL;
+ PCIDevice *d = &s->dev;
+ const PCIIORegion *r;
+ uint32_t writable_mask = 0;
+ uint32_t throughable_mask = 0;
+ uint32_t bar_emu_mask = 0;
+ uint32_t bar_ro_mask = 0;
+ uint32_t r_size = 0;
+ int index = 0;
+
+ index = xen_pt_bar_offset_to_index(reg->offset);
+ if (index < 0 || index >= PCI_NUM_REGIONS) {
+ XEN_PT_ERR(d, "Internal error: Invalid BAR index [%d].\n", index);
+ return -1;
+ }
+
+ r = &d->io_regions[index];
+ base = &s->bases[index];
+ r_size = xen_pt_get_emul_size(base->bar_flag, r->size);
+
+ /* set emulate mask and read-only mask values depend on the BAR flag */
+ switch (s->bases[index].bar_flag) {
+ case XEN_PT_BAR_FLAG_MEM:
+ bar_emu_mask = XEN_PT_BAR_MEM_EMU_MASK;
+ if (!r_size) {
+ /* low 32 bits mask for 64 bit bars */
+ bar_ro_mask = XEN_PT_BAR_ALLF;
+ } else {
+ bar_ro_mask = XEN_PT_BAR_MEM_RO_MASK | (r_size - 1);
+ }
+ break;
+ case XEN_PT_BAR_FLAG_IO:
+ bar_emu_mask = XEN_PT_BAR_IO_EMU_MASK;
+ bar_ro_mask = XEN_PT_BAR_IO_RO_MASK | (r_size - 1);
+ break;
+ case XEN_PT_BAR_FLAG_UPPER:
+ bar_emu_mask = XEN_PT_BAR_ALLF;
+ bar_ro_mask = r_size ? r_size - 1 : 0;
+ break;
+ default:
+ break;
+ }
+
+ /* modify emulate register */
+ writable_mask = bar_emu_mask & ~bar_ro_mask & valid_mask;
+ cfg_entry->data = XEN_PT_MERGE_VALUE(*val, cfg_entry->data, writable_mask);
+
+ /* check whether we need to update the virtual region address or not */
+ switch (s->bases[index].bar_flag) {
+ case XEN_PT_BAR_FLAG_UPPER:
+ case XEN_PT_BAR_FLAG_MEM:
+ /* nothing to do */
+ break;
+ case XEN_PT_BAR_FLAG_IO:
+ /* nothing to do */
+ break;
+ default:
+ break;
+ }
+
+ /* create value for writing to I/O device register */
+ throughable_mask = ~bar_emu_mask & valid_mask;
+ *val = XEN_PT_MERGE_VALUE(*val, dev_value, throughable_mask);
+
+ return 0;
+}
+
+/* write Exp ROM BAR */
+static int xen_pt_exp_rom_bar_reg_write(XenPCIPassthroughState *s,
+ XenPTReg *cfg_entry, uint32_t *val,
+ uint32_t dev_value, uint32_t valid_mask)
+{
+ XenPTRegInfo *reg = cfg_entry->reg;
+ XenPTRegion *base = NULL;
+ PCIDevice *d = (PCIDevice *)&s->dev;
+ uint32_t writable_mask = 0;
+ uint32_t throughable_mask = 0;
+ pcibus_t r_size = 0;
+ uint32_t bar_emu_mask = 0;
+ uint32_t bar_ro_mask = 0;
+
+ r_size = d->io_regions[PCI_ROM_SLOT].size;
+ base = &s->bases[PCI_ROM_SLOT];
+ /* align memory type resource size */
+ r_size = xen_pt_get_emul_size(base->bar_flag, r_size);
+
+ /* set emulate mask and read-only mask */
+ bar_emu_mask = reg->emu_mask;
+ bar_ro_mask = (reg->ro_mask | (r_size - 1)) & ~PCI_ROM_ADDRESS_ENABLE;
+
+ /* modify emulate register */
+ writable_mask = ~bar_ro_mask & valid_mask;
+ cfg_entry->data = XEN_PT_MERGE_VALUE(*val, cfg_entry->data, writable_mask);
+
+ /* create value for writing to I/O device register */
+ throughable_mask = ~bar_emu_mask & valid_mask;
+ *val = XEN_PT_MERGE_VALUE(*val, dev_value, throughable_mask);
+
+ return 0;
+}
+
+/* Header Type0 reg static information table */
+static XenPTRegInfo xen_pt_emu_reg_header0[] = {
+ /* Vendor ID reg */
+ {
+ .offset = PCI_VENDOR_ID,
+ .size = 2,
+ .init_val = 0x0000,
+ .ro_mask = 0xFFFF,
+ .emu_mask = 0xFFFF,
+ .init = xen_pt_vendor_reg_init,
+ .u.w.read = xen_pt_word_reg_read,
+ .u.w.write = xen_pt_word_reg_write,
+ },
+ /* Device ID reg */
+ {
+ .offset = PCI_DEVICE_ID,
+ .size = 2,
+ .init_val = 0x0000,
+ .ro_mask = 0xFFFF,
+ .emu_mask = 0xFFFF,
+ .init = xen_pt_device_reg_init,
+ .u.w.read = xen_pt_word_reg_read,
+ .u.w.write = xen_pt_word_reg_write,
+ },
+ /* Command reg */
+ {
+ .offset = PCI_COMMAND,
+ .size = 2,
+ .init_val = 0x0000,
+ .ro_mask = 0xF880,
+ .emu_mask = 0x0740,
+ .init = xen_pt_common_reg_init,
+ .u.w.read = xen_pt_cmd_reg_read,
+ .u.w.write = xen_pt_cmd_reg_write,
+ },
+ /* Capabilities Pointer reg */
+ {
+ .offset = PCI_CAPABILITY_LIST,
+ .size = 1,
+ .init_val = 0x00,
+ .ro_mask = 0xFF,
+ .emu_mask = 0xFF,
+ .init = xen_pt_ptr_reg_init,
+ .u.b.read = xen_pt_byte_reg_read,
+ .u.b.write = xen_pt_byte_reg_write,
+ },
+ /* Status reg */
+ /* use emulated Cap Ptr value to initialize,
+ * so need to be declared after Cap Ptr reg
+ */
+ {
+ .offset = PCI_STATUS,
+ .size = 2,
+ .init_val = 0x0000,
+ .ro_mask = 0x06FF,
+ .emu_mask = 0x0010,
+ .init = xen_pt_status_reg_init,
+ .u.w.read = xen_pt_word_reg_read,
+ .u.w.write = xen_pt_word_reg_write,
+ },
+ /* Cache Line Size reg */
+ {
+ .offset = PCI_CACHE_LINE_SIZE,
+ .size = 1,
+ .init_val = 0x00,
+ .ro_mask = 0x00,
+ .emu_mask = 0xFF,
+ .init = xen_pt_common_reg_init,
+ .u.b.read = xen_pt_byte_reg_read,
+ .u.b.write = xen_pt_byte_reg_write,
+ },
+ /* Latency Timer reg */
+ {
+ .offset = PCI_LATENCY_TIMER,
+ .size = 1,
+ .init_val = 0x00,
+ .ro_mask = 0x00,
+ .emu_mask = 0xFF,
+ .init = xen_pt_common_reg_init,
+ .u.b.read = xen_pt_byte_reg_read,
+ .u.b.write = xen_pt_byte_reg_write,
+ },
+ /* Header Type reg */
+ {
+ .offset = PCI_HEADER_TYPE,
+ .size = 1,
+ .init_val = 0x00,
+ .ro_mask = 0xFF,
+ .emu_mask = 0x00,
+ .init = xen_pt_header_type_reg_init,
+ .u.b.read = xen_pt_byte_reg_read,
+ .u.b.write = xen_pt_byte_reg_write,
+ },
+ /* Interrupt Line reg */
+ {
+ .offset = PCI_INTERRUPT_LINE,
+ .size = 1,
+ .init_val = 0x00,
+ .ro_mask = 0x00,
+ .emu_mask = 0xFF,
+ .init = xen_pt_common_reg_init,
+ .u.b.read = xen_pt_byte_reg_read,
+ .u.b.write = xen_pt_byte_reg_write,
+ },
+ /* Interrupt Pin reg */
+ {
+ .offset = PCI_INTERRUPT_PIN,
+ .size = 1,
+ .init_val = 0x00,
+ .ro_mask = 0xFF,
+ .emu_mask = 0xFF,
+ .init = xen_pt_irqpin_reg_init,
+ .u.b.read = xen_pt_byte_reg_read,
+ .u.b.write = xen_pt_byte_reg_write,
+ },
+ /* BAR 0 reg */
+ /* mask of BAR need to be decided later, depends on IO/MEM type */
+ {
+ .offset = PCI_BASE_ADDRESS_0,
+ .size = 4,
+ .init_val = 0x00000000,
+ .init = xen_pt_bar_reg_init,
+ .u.dw.read = xen_pt_bar_reg_read,
+ .u.dw.write = xen_pt_bar_reg_write,
+ },
+ /* BAR 1 reg */
+ {
+ .offset = PCI_BASE_ADDRESS_1,
+ .size = 4,
+ .init_val = 0x00000000,
+ .init = xen_pt_bar_reg_init,
+ .u.dw.read = xen_pt_bar_reg_read,
+ .u.dw.write = xen_pt_bar_reg_write,
+ },
+ /* BAR 2 reg */
+ {
+ .offset = PCI_BASE_ADDRESS_2,
+ .size = 4,
+ .init_val = 0x00000000,
+ .init = xen_pt_bar_reg_init,
+ .u.dw.read = xen_pt_bar_reg_read,
+ .u.dw.write = xen_pt_bar_reg_write,
+ },
+ /* BAR 3 reg */
+ {
+ .offset = PCI_BASE_ADDRESS_3,
+ .size = 4,
+ .init_val = 0x00000000,
+ .init = xen_pt_bar_reg_init,
+ .u.dw.read = xen_pt_bar_reg_read,
+ .u.dw.write = xen_pt_bar_reg_write,
+ },
+ /* BAR 4 reg */
+ {
+ .offset = PCI_BASE_ADDRESS_4,
+ .size = 4,
+ .init_val = 0x00000000,
+ .init = xen_pt_bar_reg_init,
+ .u.dw.read = xen_pt_bar_reg_read,
+ .u.dw.write = xen_pt_bar_reg_write,
+ },
+ /* BAR 5 reg */
+ {
+ .offset = PCI_BASE_ADDRESS_5,
+ .size = 4,
+ .init_val = 0x00000000,
+ .init = xen_pt_bar_reg_init,
+ .u.dw.read = xen_pt_bar_reg_read,
+ .u.dw.write = xen_pt_bar_reg_write,
+ },
+ /* Expansion ROM BAR reg */
+ {
+ .offset = PCI_ROM_ADDRESS,
+ .size = 4,
+ .init_val = 0x00000000,
+ .ro_mask = 0x000007FE,
+ .emu_mask = 0xFFFFF800,
+ .init = xen_pt_bar_reg_init,
+ .u.dw.read = xen_pt_long_reg_read,
+ .u.dw.write = xen_pt_exp_rom_bar_reg_write,
+ },
+ {
+ .size = 0,
+ },
+};
+
+
+/*********************************
+ * Vital Product Data Capability
+ */
+
+/* Vital Product Data Capability Structure reg static information table */
+static XenPTRegInfo xen_pt_emu_reg_vpd[] = {
+ {
+ .offset = PCI_CAP_LIST_NEXT,
+ .size = 1,
+ .init_val = 0x00,
+ .ro_mask = 0xFF,
+ .emu_mask = 0xFF,
+ .init = xen_pt_ptr_reg_init,
+ .u.b.read = xen_pt_byte_reg_read,
+ .u.b.write = xen_pt_byte_reg_write,
+ },
+ {
+ .size = 0,
+ },
+};
+
+
+/**************************************
+ * Vendor Specific Capability
+ */
+
+/* Vendor Specific Capability Structure reg static information table */
+static XenPTRegInfo xen_pt_emu_reg_vendor[] = {
+ {
+ .offset = PCI_CAP_LIST_NEXT,
+ .size = 1,
+ .init_val = 0x00,
+ .ro_mask = 0xFF,
+ .emu_mask = 0xFF,
+ .init = xen_pt_ptr_reg_init,
+ .u.b.read = xen_pt_byte_reg_read,
+ .u.b.write = xen_pt_byte_reg_write,
+ },
+ {
+ .size = 0,
+ },
+};
+
+
+/*****************************
+ * PCI Express Capability
+ */
+
+static inline uint8_t get_capability_version(XenPCIPassthroughState *s,
+ uint32_t offset)
+{
+ uint8_t flags = pci_get_byte(s->dev.config + offset + PCI_EXP_FLAGS);
+ return flags & PCI_EXP_FLAGS_VERS;
+}
+
+static inline uint8_t get_device_type(XenPCIPassthroughState *s,
+ uint32_t offset)
+{
+ uint8_t flags = pci_get_byte(s->dev.config + offset + PCI_EXP_FLAGS);
+ return (flags & PCI_EXP_FLAGS_TYPE) >> 4;
+}
+
+/* initialize Link Control register */
+static int xen_pt_linkctrl_reg_init(XenPCIPassthroughState *s,
+ XenPTRegInfo *reg, uint32_t real_offset,
+ uint32_t *data)
+{
+ uint8_t cap_ver = get_capability_version(s, real_offset - reg->offset);
+ uint8_t dev_type = get_device_type(s, real_offset - reg->offset);
+
+ /* no need to initialize in case of Root Complex Integrated Endpoint
+ * with cap_ver 1.x
+ */
+ if ((dev_type == PCI_EXP_TYPE_RC_END) && (cap_ver == 1)) {
+ *data = XEN_PT_INVALID_REG;
+ }
+
+ *data = reg->init_val;
+ return 0;
+}
+/* initialize Device Control 2 register */
+static int xen_pt_devctrl2_reg_init(XenPCIPassthroughState *s,
+ XenPTRegInfo *reg, uint32_t real_offset,
+ uint32_t *data)
+{
+ uint8_t cap_ver = get_capability_version(s, real_offset - reg->offset);
+
+ /* no need to initialize in case of cap_ver 1.x */
+ if (cap_ver == 1) {
+ *data = XEN_PT_INVALID_REG;
+ }
+
+ *data = reg->init_val;
+ return 0;
+}
+/* initialize Link Control 2 register */
+static int xen_pt_linkctrl2_reg_init(XenPCIPassthroughState *s,
+ XenPTRegInfo *reg, uint32_t real_offset,
+ uint32_t *data)
+{
+ uint8_t cap_ver = get_capability_version(s, real_offset - reg->offset);
+ uint32_t reg_field = 0;
+
+ /* no need to initialize in case of cap_ver 1.x */
+ if (cap_ver == 1) {
+ reg_field = XEN_PT_INVALID_REG;
+ } else {
+ /* set Supported Link Speed */
+ uint8_t lnkcap = pci_get_byte(s->dev.config + real_offset - reg->offset
+ + PCI_EXP_LNKCAP);
+ reg_field |= PCI_EXP_LNKCAP_SLS & lnkcap;
+ }
+
+ *data = reg_field;
+ return 0;
+}
+
+/* PCI Express Capability Structure reg static information table */
+static XenPTRegInfo xen_pt_emu_reg_pcie[] = {
+ /* Next Pointer reg */
+ {
+ .offset = PCI_CAP_LIST_NEXT,
+ .size = 1,
+ .init_val = 0x00,
+ .ro_mask = 0xFF,
+ .emu_mask = 0xFF,
+ .init = xen_pt_ptr_reg_init,
+ .u.b.read = xen_pt_byte_reg_read,
+ .u.b.write = xen_pt_byte_reg_write,
+ },
+ /* Device Capabilities reg */
+ {
+ .offset = PCI_EXP_DEVCAP,
+ .size = 4,
+ .init_val = 0x00000000,
+ .ro_mask = 0x1FFCFFFF,
+ .emu_mask = 0x10000000,
+ .init = xen_pt_common_reg_init,
+ .u.dw.read = xen_pt_long_reg_read,
+ .u.dw.write = xen_pt_long_reg_write,
+ },
+ /* Device Control reg */
+ {
+ .offset = PCI_EXP_DEVCTL,
+ .size = 2,
+ .init_val = 0x2810,
+ .ro_mask = 0x8400,
+ .emu_mask = 0xFFFF,
+ .init = xen_pt_common_reg_init,
+ .u.w.read = xen_pt_word_reg_read,
+ .u.w.write = xen_pt_word_reg_write,
+ },
+ /* Link Control reg */
+ {
+ .offset = PCI_EXP_LNKCTL,
+ .size = 2,
+ .init_val = 0x0000,
+ .ro_mask = 0xFC34,
+ .emu_mask = 0xFFFF,
+ .init = xen_pt_linkctrl_reg_init,
+ .u.w.read = xen_pt_word_reg_read,
+ .u.w.write = xen_pt_word_reg_write,
+ },
+ /* Device Control 2 reg */
+ {
+ .offset = 0x28,
+ .size = 2,
+ .init_val = 0x0000,
+ .ro_mask = 0xFFE0,
+ .emu_mask = 0xFFFF,
+ .init = xen_pt_devctrl2_reg_init,
+ .u.w.read = xen_pt_word_reg_read,
+ .u.w.write = xen_pt_word_reg_write,
+ },
+ /* Link Control 2 reg */
+ {
+ .offset = 0x30,
+ .size = 2,
+ .init_val = 0x0000,
+ .ro_mask = 0xE040,
+ .emu_mask = 0xFFFF,
+ .init = xen_pt_linkctrl2_reg_init,
+ .u.w.read = xen_pt_word_reg_read,
+ .u.w.write = xen_pt_word_reg_write,
+ },
+ {
+ .size = 0,
+ },
+};
+
+
+/*********************************
+ * Power Management Capability
+ */
+
+/* read Power Management Control/Status register */
+static int xen_pt_pmcsr_reg_read(XenPCIPassthroughState *s, XenPTReg *cfg_entry,
+ uint16_t *value, uint16_t valid_mask)
+{
+ XenPTRegInfo *reg = cfg_entry->reg;
+ uint16_t valid_emu_mask = reg->emu_mask;
+
+ valid_emu_mask |= PCI_PM_CTRL_STATE_MASK | PCI_PM_CTRL_NO_SOFT_RESET;
+
+ valid_emu_mask = valid_emu_mask & valid_mask;
+ *value = XEN_PT_MERGE_VALUE(*value, cfg_entry->data, ~valid_emu_mask);
+
+ return 0;
+}
+/* write Power Management Control/Status register */
+static int xen_pt_pmcsr_reg_write(XenPCIPassthroughState *s,
+ XenPTReg *cfg_entry, uint16_t *val,
+ uint16_t dev_value, uint16_t valid_mask)
+{
+ XenPTRegInfo *reg = cfg_entry->reg;
+ uint16_t emu_mask = reg->emu_mask;
+ uint16_t writable_mask = 0;
+ uint16_t throughable_mask = 0;
+
+ emu_mask |= PCI_PM_CTRL_STATE_MASK | PCI_PM_CTRL_NO_SOFT_RESET;
+
+ /* modify emulate register */
+ writable_mask = emu_mask & ~reg->ro_mask & valid_mask;
+ cfg_entry->data = XEN_PT_MERGE_VALUE(*val, cfg_entry->data, writable_mask);
+
+ /* create value for writing to I/O device register */
+ throughable_mask = ~emu_mask & valid_mask;
+ *val = XEN_PT_MERGE_VALUE(*val, dev_value, throughable_mask);
+
+ return 0;
+}
+
+/* Power Management Capability reg static information table */
+static XenPTRegInfo xen_pt_emu_reg_pm[] = {
+ /* Next Pointer reg */
+ {
+ .offset = PCI_CAP_LIST_NEXT,
+ .size = 1,
+ .init_val = 0x00,
+ .ro_mask = 0xFF,
+ .emu_mask = 0xFF,
+ .init = xen_pt_ptr_reg_init,
+ .u.b.read = xen_pt_byte_reg_read,
+ .u.b.write = xen_pt_byte_reg_write,
+ },
+ /* Power Management Capabilities reg */
+ {
+ .offset = PCI_CAP_FLAGS,
+ .size = 2,
+ .init_val = 0x0000,
+ .ro_mask = 0xFFFF,
+ .emu_mask = 0xF9C8,
+ .init = xen_pt_common_reg_init,
+ .u.w.read = xen_pt_word_reg_read,
+ .u.w.write = xen_pt_word_reg_write,
+ },
+ /* PCI Power Management Control/Status reg */
+ {
+ .offset = PCI_PM_CTRL,
+ .size = 2,
+ .init_val = 0x0008,
+ .ro_mask = 0xE1FC,
+ .emu_mask = 0x8100,
+ .init = xen_pt_common_reg_init,
+ .u.w.read = xen_pt_pmcsr_reg_read,
+ .u.w.write = xen_pt_pmcsr_reg_write,
+ },
+ {
+ .size = 0,
+ },
+};
+
+
+/********************************
+ * MSI Capability
+ */
+
+/* Helper */
+static bool xen_pt_msgdata_check_type(uint32_t offset, uint16_t flags)
+{
+ /* check the offset whether matches the type or not */
+ bool is_32 = (offset == PCI_MSI_DATA_32) && !(flags & PCI_MSI_FLAGS_64BIT);
+ bool is_64 = (offset == PCI_MSI_DATA_64) && (flags & PCI_MSI_FLAGS_64BIT);
+ return is_32 || is_64;
+}
+
+/* Message Control register */
+static int xen_pt_msgctrl_reg_init(XenPCIPassthroughState *s,
+ XenPTRegInfo *reg, uint32_t real_offset,
+ uint32_t *data)
+{
+ PCIDevice *d = &s->dev;
+ XenPTMSI *msi = s->msi;
+ uint16_t reg_field = 0;
+
+ /* use I/O device register's value as initial value */
+ reg_field = pci_get_word(d->config + real_offset);
+
+ if (reg_field & PCI_MSI_FLAGS_ENABLE) {
+ XEN_PT_LOG(&s->dev, "MSI already enabled, disabling it first\n");
+ xen_host_pci_set_word(&s->real_device, real_offset,
+ reg_field & ~PCI_MSI_FLAGS_ENABLE);
+ }
+ msi->flags |= reg_field;
+ msi->ctrl_offset = real_offset;
+ msi->initialized = false;
+ msi->mapped = false;
+
+ *data = reg->init_val;
+ return 0;
+}
+static int xen_pt_msgctrl_reg_write(XenPCIPassthroughState *s,
+ XenPTReg *cfg_entry, uint16_t *val,
+ uint16_t dev_value, uint16_t valid_mask)
+{
+ XenPTRegInfo *reg = cfg_entry->reg;
+ XenPTMSI *msi = s->msi;
+ uint16_t writable_mask = 0;
+ uint16_t throughable_mask = 0;
+ uint16_t raw_val;
+
+ /* Currently no support for multi-vector */
+ if (*val & PCI_MSI_FLAGS_QSIZE) {
+ XEN_PT_WARN(&s->dev, "Tries to set more than 1 vector ctrl %x\n", *val);
+ }
+
+ /* modify emulate register */
+ writable_mask = reg->emu_mask & ~reg->ro_mask & valid_mask;
+ cfg_entry->data = XEN_PT_MERGE_VALUE(*val, cfg_entry->data, writable_mask);
+ msi->flags |= cfg_entry->data & ~PCI_MSI_FLAGS_ENABLE;
+
+ /* create value for writing to I/O device register */
+ raw_val = *val;
+ throughable_mask = ~reg->emu_mask & valid_mask;
+ *val = XEN_PT_MERGE_VALUE(*val, dev_value, throughable_mask);
+
+ /* update MSI */
+ if (raw_val & PCI_MSI_FLAGS_ENABLE) {
+ /* setup MSI pirq for the first time */
+ if (!msi->initialized) {
+ /* Init physical one */
+ XEN_PT_LOG(&s->dev, "setup MSI\n");
+ if (xen_pt_msi_setup(s)) {
+ /* We do not broadcast the error to the framework code, so
+ * that MSI errors are contained in MSI emulation code and
+ * QEMU can go on running.
+ * Guest MSI would be actually not working.
+ */
+ *val &= ~PCI_MSI_FLAGS_ENABLE;
+ XEN_PT_WARN(&s->dev, "Can not map MSI.\n");
+ return 0;
+ }
+ if (xen_pt_msi_update(s)) {
+ *val &= ~PCI_MSI_FLAGS_ENABLE;
+ XEN_PT_WARN(&s->dev, "Can not bind MSI\n");
+ return 0;
+ }
+ msi->initialized = true;
+ msi->mapped = true;
+ }
+ msi->flags |= PCI_MSI_FLAGS_ENABLE;
+ } else {
+ msi->flags &= ~PCI_MSI_FLAGS_ENABLE;
+ }
+
+ /* pass through MSI_ENABLE bit */
+ *val &= ~PCI_MSI_FLAGS_ENABLE;
+ *val |= raw_val & PCI_MSI_FLAGS_ENABLE;
+
+ return 0;
+}
+
+/* initialize Message Upper Address register */
+static int xen_pt_msgaddr64_reg_init(XenPCIPassthroughState *s,
+ XenPTRegInfo *reg, uint32_t real_offset,
+ uint32_t *data)
+{
+ /* no need to initialize in case of 32 bit type */
+ if (!(s->msi->flags & PCI_MSI_FLAGS_64BIT)) {
+ *data = XEN_PT_INVALID_REG;
+ } else {
+ *data = reg->init_val;
+ }
+
+ return 0;
+}
+/* this function will be called twice (for 32 bit and 64 bit type) */
+/* initialize Message Data register */
+static int xen_pt_msgdata_reg_init(XenPCIPassthroughState *s,
+ XenPTRegInfo *reg, uint32_t real_offset,
+ uint32_t *data)
+{
+ uint32_t flags = s->msi->flags;
+ uint32_t offset = reg->offset;
+
+ /* check the offset whether matches the type or not */
+ if (xen_pt_msgdata_check_type(offset, flags)) {
+ *data = reg->init_val;
+ } else {
+ *data = XEN_PT_INVALID_REG;
+ }
+ return 0;
+}
+
+/* write Message Address register */
+static int xen_pt_msgaddr32_reg_write(XenPCIPassthroughState *s,
+ XenPTReg *cfg_entry, uint32_t *val,
+ uint32_t dev_value, uint32_t valid_mask)
+{
+ XenPTRegInfo *reg = cfg_entry->reg;
+ uint32_t writable_mask = 0;
+ uint32_t throughable_mask = 0;
+ uint32_t old_addr = cfg_entry->data;
+
+ /* modify emulate register */
+ writable_mask = reg->emu_mask & ~reg->ro_mask & valid_mask;
+ cfg_entry->data = XEN_PT_MERGE_VALUE(*val, cfg_entry->data, writable_mask);
+ s->msi->addr_lo = cfg_entry->data;
+
+ /* create value for writing to I/O device register */
+ throughable_mask = ~reg->emu_mask & valid_mask;
+ *val = XEN_PT_MERGE_VALUE(*val, dev_value, throughable_mask);
+
+ /* update MSI */
+ if (cfg_entry->data != old_addr) {
+ if (s->msi->mapped) {
+ xen_pt_msi_update(s);
+ }
+ }
+
+ return 0;
+}
+/* write Message Upper Address register */
+static int xen_pt_msgaddr64_reg_write(XenPCIPassthroughState *s,
+ XenPTReg *cfg_entry, uint32_t *val,
+ uint32_t dev_value, uint32_t valid_mask)
+{
+ XenPTRegInfo *reg = cfg_entry->reg;
+ uint32_t writable_mask = 0;
+ uint32_t throughable_mask = 0;
+ uint32_t old_addr = cfg_entry->data;
+
+ /* check whether the type is 64 bit or not */
+ if (!(s->msi->flags & PCI_MSI_FLAGS_64BIT)) {
+ XEN_PT_ERR(&s->dev,
+ "Can't write to the upper address without 64 bit support\n");
+ return -1;
+ }
+
+ /* modify emulate register */
+ writable_mask = reg->emu_mask & ~reg->ro_mask & valid_mask;
+ cfg_entry->data = XEN_PT_MERGE_VALUE(*val, cfg_entry->data, writable_mask);
+ /* update the msi_info too */
+ s->msi->addr_hi = cfg_entry->data;
+
+ /* create value for writing to I/O device register */
+ throughable_mask = ~reg->emu_mask & valid_mask;
+ *val = XEN_PT_MERGE_VALUE(*val, dev_value, throughable_mask);
+
+ /* update MSI */
+ if (cfg_entry->data != old_addr) {
+ if (s->msi->mapped) {
+ xen_pt_msi_update(s);
+ }
+ }
+
+ return 0;
+}
+
+
+/* this function will be called twice (for 32 bit and 64 bit type) */
+/* write Message Data register */
+static int xen_pt_msgdata_reg_write(XenPCIPassthroughState *s,
+ XenPTReg *cfg_entry, uint16_t *val,
+ uint16_t dev_value, uint16_t valid_mask)
+{
+ XenPTRegInfo *reg = cfg_entry->reg;
+ XenPTMSI *msi = s->msi;
+ uint16_t writable_mask = 0;
+ uint16_t throughable_mask = 0;
+ uint16_t old_data = cfg_entry->data;
+ uint32_t offset = reg->offset;
+
+ /* check the offset whether matches the type or not */
+ if (!xen_pt_msgdata_check_type(offset, msi->flags)) {
+ /* exit I/O emulator */
+ XEN_PT_ERR(&s->dev, "the offset does not match the 32/64 bit type!\n");
+ return -1;
+ }
+
+ /* modify emulate register */
+ writable_mask = reg->emu_mask & ~reg->ro_mask & valid_mask;
+ cfg_entry->data = XEN_PT_MERGE_VALUE(*val, cfg_entry->data, writable_mask);
+ /* update the msi_info too */
+ msi->data = cfg_entry->data;
+
+ /* create value for writing to I/O device register */
+ throughable_mask = ~reg->emu_mask & valid_mask;
+ *val = XEN_PT_MERGE_VALUE(*val, dev_value, throughable_mask);
+
+ /* update MSI */
+ if (cfg_entry->data != old_data) {
+ if (msi->mapped) {
+ xen_pt_msi_update(s);
+ }
+ }
+
+ return 0;
+}
+
+/* MSI Capability Structure reg static information table */
+static XenPTRegInfo xen_pt_emu_reg_msi[] = {
+ /* Next Pointer reg */
+ {
+ .offset = PCI_CAP_LIST_NEXT,
+ .size = 1,
+ .init_val = 0x00,
+ .ro_mask = 0xFF,
+ .emu_mask = 0xFF,
+ .init = xen_pt_ptr_reg_init,
+ .u.b.read = xen_pt_byte_reg_read,
+ .u.b.write = xen_pt_byte_reg_write,
+ },
+ /* Message Control reg */
+ {
+ .offset = PCI_MSI_FLAGS,
+ .size = 2,
+ .init_val = 0x0000,
+ .ro_mask = 0xFF8E,
+ .emu_mask = 0x007F,
+ .init = xen_pt_msgctrl_reg_init,
+ .u.w.read = xen_pt_word_reg_read,
+ .u.w.write = xen_pt_msgctrl_reg_write,
+ },
+ /* Message Address reg */
+ {
+ .offset = PCI_MSI_ADDRESS_LO,
+ .size = 4,
+ .init_val = 0x00000000,
+ .ro_mask = 0x00000003,
+ .emu_mask = 0xFFFFFFFF,
+ .no_wb = 1,
+ .init = xen_pt_common_reg_init,
+ .u.dw.read = xen_pt_long_reg_read,
+ .u.dw.write = xen_pt_msgaddr32_reg_write,
+ },
+ /* Message Upper Address reg (if PCI_MSI_FLAGS_64BIT set) */
+ {
+ .offset = PCI_MSI_ADDRESS_HI,
+ .size = 4,
+ .init_val = 0x00000000,
+ .ro_mask = 0x00000000,
+ .emu_mask = 0xFFFFFFFF,
+ .no_wb = 1,
+ .init = xen_pt_msgaddr64_reg_init,
+ .u.dw.read = xen_pt_long_reg_read,
+ .u.dw.write = xen_pt_msgaddr64_reg_write,
+ },
+ /* Message Data reg (16 bits of data for 32-bit devices) */
+ {
+ .offset = PCI_MSI_DATA_32,
+ .size = 2,
+ .init_val = 0x0000,
+ .ro_mask = 0x0000,
+ .emu_mask = 0xFFFF,
+ .no_wb = 1,
+ .init = xen_pt_msgdata_reg_init,
+ .u.w.read = xen_pt_word_reg_read,
+ .u.w.write = xen_pt_msgdata_reg_write,
+ },
+ /* Message Data reg (16 bits of data for 64-bit devices) */
+ {
+ .offset = PCI_MSI_DATA_64,
+ .size = 2,
+ .init_val = 0x0000,
+ .ro_mask = 0x0000,
+ .emu_mask = 0xFFFF,
+ .no_wb = 1,
+ .init = xen_pt_msgdata_reg_init,
+ .u.w.read = xen_pt_word_reg_read,
+ .u.w.write = xen_pt_msgdata_reg_write,
+ },
+ {
+ .size = 0,
+ },
+};
+
+
+/**************************************
+ * MSI-X Capability
+ */
+
+/* Message Control register for MSI-X */
+static int xen_pt_msixctrl_reg_init(XenPCIPassthroughState *s,
+ XenPTRegInfo *reg, uint32_t real_offset,
+ uint32_t *data)
+{
+ PCIDevice *d = &s->dev;
+ uint16_t reg_field = 0;
+
+ /* use I/O device register's value as initial value */
+ reg_field = pci_get_word(d->config + real_offset);
+
+ if (reg_field & PCI_MSIX_FLAGS_ENABLE) {
+ XEN_PT_LOG(d, "MSIX already enabled, disabling it first\n");
+ xen_host_pci_set_word(&s->real_device, real_offset,
+ reg_field & ~PCI_MSIX_FLAGS_ENABLE);
+ }
+
+ s->msix->ctrl_offset = real_offset;
+
+ *data = reg->init_val;
+ return 0;
+}
+static int xen_pt_msixctrl_reg_write(XenPCIPassthroughState *s,
+ XenPTReg *cfg_entry, uint16_t *val,
+ uint16_t dev_value, uint16_t valid_mask)
+{
+ XenPTRegInfo *reg = cfg_entry->reg;
+ uint16_t writable_mask = 0;
+ uint16_t throughable_mask = 0;
+ int debug_msix_enabled_old;
+
+ /* modify emulate register */
+ writable_mask = reg->emu_mask & ~reg->ro_mask & valid_mask;
+ cfg_entry->data = XEN_PT_MERGE_VALUE(*val, cfg_entry->data, writable_mask);
+
+ /* create value for writing to I/O device register */
+ throughable_mask = ~reg->emu_mask & valid_mask;
+ *val = XEN_PT_MERGE_VALUE(*val, dev_value, throughable_mask);
+
+ /* update MSI-X */
+ if ((*val & PCI_MSIX_FLAGS_ENABLE)
+ && !(*val & PCI_MSIX_FLAGS_MASKALL)) {
+ xen_pt_msix_update(s);
+ }
+
+ debug_msix_enabled_old = s->msix->enabled;
+ s->msix->enabled = !!(*val & PCI_MSIX_FLAGS_ENABLE);
+ if (s->msix->enabled != debug_msix_enabled_old) {
+ XEN_PT_LOG(&s->dev, "%s MSI-X\n",
+ s->msix->enabled ? "enable" : "disable");
+ }
+
+ return 0;
+}
+
+/* MSI-X Capability Structure reg static information table */
+static XenPTRegInfo xen_pt_emu_reg_msix[] = {
+ /* Next Pointer reg */
+ {
+ .offset = PCI_CAP_LIST_NEXT,
+ .size = 1,
+ .init_val = 0x00,
+ .ro_mask = 0xFF,
+ .emu_mask = 0xFF,
+ .init = xen_pt_ptr_reg_init,
+ .u.b.read = xen_pt_byte_reg_read,
+ .u.b.write = xen_pt_byte_reg_write,
+ },
+ /* Message Control reg */
+ {
+ .offset = PCI_MSI_FLAGS,
+ .size = 2,
+ .init_val = 0x0000,
+ .ro_mask = 0x3FFF,
+ .emu_mask = 0x0000,
+ .init = xen_pt_msixctrl_reg_init,
+ .u.w.read = xen_pt_word_reg_read,
+ .u.w.write = xen_pt_msixctrl_reg_write,
+ },
+ {
+ .size = 0,
+ },
+};
+
+
+/****************************
+ * Capabilities
+ */
+
+/* capability structure register group size functions */
+
+static int xen_pt_reg_grp_size_init(XenPCIPassthroughState *s,
+ const XenPTRegGroupInfo *grp_reg,
+ uint32_t base_offset, uint8_t *size)
+{
+ *size = grp_reg->grp_size;
+ return 0;
+}
+/* get Vendor Specific Capability Structure register group size */
+static int xen_pt_vendor_size_init(XenPCIPassthroughState *s,
+ const XenPTRegGroupInfo *grp_reg,
+ uint32_t base_offset, uint8_t *size)
+{
+ *size = pci_get_byte(s->dev.config + base_offset + 0x02);
+ return 0;
+}
+/* get PCI Express Capability Structure register group size */
+static int xen_pt_pcie_size_init(XenPCIPassthroughState *s,
+ const XenPTRegGroupInfo *grp_reg,
+ uint32_t base_offset, uint8_t *size)
+{
+ PCIDevice *d = &s->dev;
+ uint8_t version = get_capability_version(s, base_offset);
+ uint8_t type = get_device_type(s, base_offset);
+ uint8_t pcie_size = 0;
+
+
+ /* calculate size depend on capability version and device/port type */
+ /* in case of PCI Express Base Specification Rev 1.x */
+ if (version == 1) {
+ /* The PCI Express Capabilities, Device Capabilities, and Device
+ * Status/Control registers are required for all PCI Express devices.
+ * The Link Capabilities and Link Status/Control are required for all
+ * Endpoints that are not Root Complex Integrated Endpoints. Endpoints
+ * are not required to implement registers other than those listed
+ * above and terminate the capability structure.
+ */
+ switch (type) {
+ case PCI_EXP_TYPE_ENDPOINT:
+ case PCI_EXP_TYPE_LEG_END:
+ pcie_size = 0x14;
+ break;
+ case PCI_EXP_TYPE_RC_END:
+ /* has no link */
+ pcie_size = 0x0C;
+ break;
+ /* only EndPoint passthrough is supported */
+ case PCI_EXP_TYPE_ROOT_PORT:
+ case PCI_EXP_TYPE_UPSTREAM:
+ case PCI_EXP_TYPE_DOWNSTREAM:
+ case PCI_EXP_TYPE_PCI_BRIDGE:
+ case PCI_EXP_TYPE_PCIE_BRIDGE:
+ case PCI_EXP_TYPE_RC_EC:
+ default:
+ XEN_PT_ERR(d, "Unsupported device/port type %#x.\n", type);
+ return -1;
+ }
+ }
+ /* in case of PCI Express Base Specification Rev 2.0 */
+ else if (version == 2) {
+ switch (type) {
+ case PCI_EXP_TYPE_ENDPOINT:
+ case PCI_EXP_TYPE_LEG_END:
+ case PCI_EXP_TYPE_RC_END:
+ /* For Functions that do not implement the registers,
+ * these spaces must be hardwired to 0b.
+ */
+ pcie_size = 0x3C;
+ break;
+ /* only EndPoint passthrough is supported */
+ case PCI_EXP_TYPE_ROOT_PORT:
+ case PCI_EXP_TYPE_UPSTREAM:
+ case PCI_EXP_TYPE_DOWNSTREAM:
+ case PCI_EXP_TYPE_PCI_BRIDGE:
+ case PCI_EXP_TYPE_PCIE_BRIDGE:
+ case PCI_EXP_TYPE_RC_EC:
+ default:
+ XEN_PT_ERR(d, "Unsupported device/port type %#x.\n", type);
+ return -1;
+ }
+ } else {
+ XEN_PT_ERR(d, "Unsupported capability version %#x.\n", version);
+ return -1;
+ }
+
+ *size = pcie_size;
+ return 0;
+}
+/* get MSI Capability Structure register group size */
+static int xen_pt_msi_size_init(XenPCIPassthroughState *s,
+ const XenPTRegGroupInfo *grp_reg,
+ uint32_t base_offset, uint8_t *size)
+{
+ PCIDevice *d = &s->dev;
+ uint16_t msg_ctrl = 0;
+ uint8_t msi_size = 0xa;
+
+ msg_ctrl = pci_get_word(d->config + (base_offset + PCI_MSI_FLAGS));
+
+ /* check if 64-bit address is capable of per-vector masking */
+ if (msg_ctrl & PCI_MSI_FLAGS_64BIT) {
+ msi_size += 4;
+ }
+ if (msg_ctrl & PCI_MSI_FLAGS_MASKBIT) {
+ msi_size += 10;
+ }
+
+ s->msi = g_new0(XenPTMSI, 1);
+ s->msi->pirq = XEN_PT_UNASSIGNED_PIRQ;
+
+ *size = msi_size;
+ return 0;
+}
+/* get MSI-X Capability Structure register group size */
+static int xen_pt_msix_size_init(XenPCIPassthroughState *s,
+ const XenPTRegGroupInfo *grp_reg,
+ uint32_t base_offset, uint8_t *size)
+{
+ int rc = 0;
+
+ rc = xen_pt_msix_init(s, base_offset);
+
+ if (rc < 0) {
+ XEN_PT_ERR(&s->dev, "Internal error: Invalid xen_pt_msix_init.\n");
+ return rc;
+ }
+
+ *size = grp_reg->grp_size;
+ return 0;
+}
+
+
+static const XenPTRegGroupInfo xen_pt_emu_reg_grps[] = {
+ /* Header Type0 reg group */
+ {
+ .grp_id = 0xFF,
+ .grp_type = XEN_PT_GRP_TYPE_EMU,
+ .grp_size = 0x40,
+ .size_init = xen_pt_reg_grp_size_init,
+ .emu_regs = xen_pt_emu_reg_header0,
+ },
+ /* PCI PowerManagement Capability reg group */
+ {
+ .grp_id = PCI_CAP_ID_PM,
+ .grp_type = XEN_PT_GRP_TYPE_EMU,
+ .grp_size = PCI_PM_SIZEOF,
+ .size_init = xen_pt_reg_grp_size_init,
+ .emu_regs = xen_pt_emu_reg_pm,
+ },
+ /* AGP Capability Structure reg group */
+ {
+ .grp_id = PCI_CAP_ID_AGP,
+ .grp_type = XEN_PT_GRP_TYPE_HARDWIRED,
+ .grp_size = 0x30,
+ .size_init = xen_pt_reg_grp_size_init,
+ },
+ /* Vital Product Data Capability Structure reg group */
+ {
+ .grp_id = PCI_CAP_ID_VPD,
+ .grp_type = XEN_PT_GRP_TYPE_EMU,
+ .grp_size = 0x08,
+ .size_init = xen_pt_reg_grp_size_init,
+ .emu_regs = xen_pt_emu_reg_vpd,
+ },
+ /* Slot Identification reg group */
+ {
+ .grp_id = PCI_CAP_ID_SLOTID,
+ .grp_type = XEN_PT_GRP_TYPE_HARDWIRED,
+ .grp_size = 0x04,
+ .size_init = xen_pt_reg_grp_size_init,
+ },
+ /* MSI Capability Structure reg group */
+ {
+ .grp_id = PCI_CAP_ID_MSI,
+ .grp_type = XEN_PT_GRP_TYPE_EMU,
+ .grp_size = 0xFF,
+ .size_init = xen_pt_msi_size_init,
+ .emu_regs = xen_pt_emu_reg_msi,
+ },
+ /* PCI-X Capabilities List Item reg group */
+ {
+ .grp_id = PCI_CAP_ID_PCIX,
+ .grp_type = XEN_PT_GRP_TYPE_HARDWIRED,
+ .grp_size = 0x18,
+ .size_init = xen_pt_reg_grp_size_init,
+ },
+ /* Vendor Specific Capability Structure reg group */
+ {
+ .grp_id = PCI_CAP_ID_VNDR,
+ .grp_type = XEN_PT_GRP_TYPE_EMU,
+ .grp_size = 0xFF,
+ .size_init = xen_pt_vendor_size_init,
+ .emu_regs = xen_pt_emu_reg_vendor,
+ },
+ /* SHPC Capability List Item reg group */
+ {
+ .grp_id = PCI_CAP_ID_SHPC,
+ .grp_type = XEN_PT_GRP_TYPE_HARDWIRED,
+ .grp_size = 0x08,
+ .size_init = xen_pt_reg_grp_size_init,
+ },
+ /* Subsystem ID and Subsystem Vendor ID Capability List Item reg group */
+ {
+ .grp_id = PCI_CAP_ID_SSVID,
+ .grp_type = XEN_PT_GRP_TYPE_HARDWIRED,
+ .grp_size = 0x08,
+ .size_init = xen_pt_reg_grp_size_init,
+ },
+ /* AGP 8x Capability Structure reg group */
+ {
+ .grp_id = PCI_CAP_ID_AGP3,
+ .grp_type = XEN_PT_GRP_TYPE_HARDWIRED,
+ .grp_size = 0x30,
+ .size_init = xen_pt_reg_grp_size_init,
+ },
+ /* PCI Express Capability Structure reg group */
+ {
+ .grp_id = PCI_CAP_ID_EXP,
+ .grp_type = XEN_PT_GRP_TYPE_EMU,
+ .grp_size = 0xFF,
+ .size_init = xen_pt_pcie_size_init,
+ .emu_regs = xen_pt_emu_reg_pcie,
+ },
+ /* MSI-X Capability Structure reg group */
+ {
+ .grp_id = PCI_CAP_ID_MSIX,
+ .grp_type = XEN_PT_GRP_TYPE_EMU,
+ .grp_size = 0x0C,
+ .size_init = xen_pt_msix_size_init,
+ .emu_regs = xen_pt_emu_reg_msix,
+ },
+ {
+ .grp_size = 0,
+ },
+};
+
+/* initialize Capabilities Pointer or Next Pointer register */
+static int xen_pt_ptr_reg_init(XenPCIPassthroughState *s,
+ XenPTRegInfo *reg, uint32_t real_offset,
+ uint32_t *data)
+{
+ int i;
+ uint8_t *config = s->dev.config;
+ uint32_t reg_field = pci_get_byte(config + real_offset);
+ uint8_t cap_id = 0;
+
+ /* find capability offset */
+ while (reg_field) {
+ for (i = 0; xen_pt_emu_reg_grps[i].grp_size != 0; i++) {
+ if (xen_pt_hide_dev_cap(&s->real_device,
+ xen_pt_emu_reg_grps[i].grp_id)) {
+ continue;
+ }
+
+ cap_id = pci_get_byte(config + reg_field + PCI_CAP_LIST_ID);
+ if (xen_pt_emu_reg_grps[i].grp_id == cap_id) {
+ if (xen_pt_emu_reg_grps[i].grp_type == XEN_PT_GRP_TYPE_EMU) {
+ goto out;
+ }
+ /* ignore the 0 hardwired capability, find next one */
+ break;
+ }
+ }
+
+ /* next capability */
+ reg_field = pci_get_byte(config + reg_field + PCI_CAP_LIST_NEXT);
+ }
+
+out:
+ *data = reg_field;
+ return 0;
+}
+
+
+/*************
+ * Main
+ */
+
+static uint8_t find_cap_offset(XenPCIPassthroughState *s, uint8_t cap)
+{
+ uint8_t id;
+ unsigned max_cap = PCI_CAP_MAX;
+ uint8_t pos = PCI_CAPABILITY_LIST;
+ uint8_t status = 0;
+
+ if (xen_host_pci_get_byte(&s->real_device, PCI_STATUS, &status)) {
+ return 0;
+ }
+ if ((status & PCI_STATUS_CAP_LIST) == 0) {
+ return 0;
+ }
+
+ while (max_cap--) {
+ if (xen_host_pci_get_byte(&s->real_device, pos, &pos)) {
+ break;
+ }
+ if (pos < PCI_CONFIG_HEADER_SIZE) {
+ break;
+ }
+
+ pos &= ~3;
+ if (xen_host_pci_get_byte(&s->real_device,
+ pos + PCI_CAP_LIST_ID, &id)) {
+ break;
+ }
+
+ if (id == 0xff) {
+ break;
+ }
+ if (id == cap) {
+ return pos;
+ }
+
+ pos += PCI_CAP_LIST_NEXT;
+ }
+ return 0;
+}
+
+static int xen_pt_config_reg_init(XenPCIPassthroughState *s,
+ XenPTRegGroup *reg_grp, XenPTRegInfo *reg)
+{
+ XenPTReg *reg_entry;
+ uint32_t data = 0;
+ int rc = 0;
+
+ reg_entry = g_new0(XenPTReg, 1);
+ reg_entry->reg = reg;
+
+ if (reg->init) {
+ /* initialize emulate register */
+ rc = reg->init(s, reg_entry->reg,
+ reg_grp->base_offset + reg->offset, &data);
+ if (rc < 0) {
+ g_free(reg_entry);
+ return rc;
+ }
+ if (data == XEN_PT_INVALID_REG) {
+ /* free unused BAR register entry */
+ g_free(reg_entry);
+ return 0;
+ }
+ /* set register value */
+ reg_entry->data = data;
+ }
+ /* list add register entry */
+ QLIST_INSERT_HEAD(&reg_grp->reg_tbl_list, reg_entry, entries);
+
+ return 0;
+}
+
+int xen_pt_config_init(XenPCIPassthroughState *s)
+{
+ int i, rc;
+
+ QLIST_INIT(&s->reg_grps);
+
+ for (i = 0; xen_pt_emu_reg_grps[i].grp_size != 0; i++) {
+ uint32_t reg_grp_offset = 0;
+ XenPTRegGroup *reg_grp_entry = NULL;
+
+ if (xen_pt_emu_reg_grps[i].grp_id != 0xFF) {
+ if (xen_pt_hide_dev_cap(&s->real_device,
+ xen_pt_emu_reg_grps[i].grp_id)) {
+ continue;
+ }
+
+ reg_grp_offset = find_cap_offset(s, xen_pt_emu_reg_grps[i].grp_id);
+
+ if (!reg_grp_offset) {
+ continue;
+ }
+ }
+
+ reg_grp_entry = g_new0(XenPTRegGroup, 1);
+ QLIST_INIT(&reg_grp_entry->reg_tbl_list);
+ QLIST_INSERT_HEAD(&s->reg_grps, reg_grp_entry, entries);
+
+ reg_grp_entry->base_offset = reg_grp_offset;
+ reg_grp_entry->reg_grp = xen_pt_emu_reg_grps + i;
+ if (xen_pt_emu_reg_grps[i].size_init) {
+ /* get register group size */
+ rc = xen_pt_emu_reg_grps[i].size_init(s, reg_grp_entry->reg_grp,
+ reg_grp_offset,
+ &reg_grp_entry->size);
+ if (rc < 0) {
+ xen_pt_config_delete(s);
+ return rc;
+ }
+ }
+
+ if (xen_pt_emu_reg_grps[i].grp_type == XEN_PT_GRP_TYPE_EMU) {
+ if (xen_pt_emu_reg_grps[i].emu_regs) {
+ int j = 0;
+ XenPTRegInfo *regs = xen_pt_emu_reg_grps[i].emu_regs;
+ /* initialize capability register */
+ for (j = 0; regs->size != 0; j++, regs++) {
+ /* initialize capability register */
+ rc = xen_pt_config_reg_init(s, reg_grp_entry, regs);
+ if (rc < 0) {
+ xen_pt_config_delete(s);
+ return rc;
+ }
+ }
+ }
+ }
+ }
+
+ return 0;
+}
+
+/* delete all emulate register */
+void xen_pt_config_delete(XenPCIPassthroughState *s)
+{
+ struct XenPTRegGroup *reg_group, *next_grp;
+ struct XenPTReg *reg, *next_reg;
+
+ /* free MSI/MSI-X info table */
+ if (s->msix) {
+ xen_pt_msix_delete(s);
+ }
+ if (s->msi) {
+ g_free(s->msi);
+ }
+
+ /* free all register group entry */
+ QLIST_FOREACH_SAFE(reg_group, &s->reg_grps, entries, next_grp) {
+ /* free all register entry */
+ QLIST_FOREACH_SAFE(reg, &reg_group->reg_tbl_list, entries, next_reg) {
+ QLIST_REMOVE(reg, entries);
+ g_free(reg);
+ }
+
+ QLIST_REMOVE(reg_group, entries);
+ g_free(reg_group);
+ }
+}
diff --git a/hw/xen/xen_pt_msi.c b/hw/xen/xen_pt_msi.c
new file mode 100644
index 000000000..6fbe0cc86
--- /dev/null
+++ b/hw/xen/xen_pt_msi.c
@@ -0,0 +1,621 @@
+/*
+ * Copyright (c) 2007, Intel Corporation.
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2. See
+ * the COPYING file in the top-level directory.
+ *
+ * Jiang Yunhong <yunhong.jiang@intel.com>
+ *
+ * This file implements direct PCI assignment to a HVM guest
+ */
+
+#include <sys/mman.h>
+
+#include "hw/xen/xen_backend.h"
+#include "xen_pt.h"
+#include "hw/i386/apic-msidef.h"
+
+
+#define XEN_PT_AUTO_ASSIGN -1
+
+/* shift count for gflags */
+#define XEN_PT_GFLAGS_SHIFT_DEST_ID 0
+#define XEN_PT_GFLAGS_SHIFT_RH 8
+#define XEN_PT_GFLAGS_SHIFT_DM 9
+#define XEN_PT_GFLAGSSHIFT_DELIV_MODE 12
+#define XEN_PT_GFLAGSSHIFT_TRG_MODE 15
+
+
+/*
+ * Helpers
+ */
+
+static inline uint8_t msi_vector(uint32_t data)
+{
+ return (data & MSI_DATA_VECTOR_MASK) >> MSI_DATA_VECTOR_SHIFT;
+}
+
+static inline uint8_t msi_dest_id(uint32_t addr)
+{
+ return (addr & MSI_ADDR_DEST_ID_MASK) >> MSI_ADDR_DEST_ID_SHIFT;
+}
+
+static inline uint32_t msi_ext_dest_id(uint32_t addr_hi)
+{
+ return addr_hi & 0xffffff00;
+}
+
+static uint32_t msi_gflags(uint32_t data, uint64_t addr)
+{
+ uint32_t result = 0;
+ int rh, dm, dest_id, deliv_mode, trig_mode;
+
+ rh = (addr >> MSI_ADDR_REDIRECTION_SHIFT) & 0x1;
+ dm = (addr >> MSI_ADDR_DEST_MODE_SHIFT) & 0x1;
+ dest_id = msi_dest_id(addr);
+ deliv_mode = (data >> MSI_DATA_DELIVERY_MODE_SHIFT) & 0x7;
+ trig_mode = (data >> MSI_DATA_TRIGGER_SHIFT) & 0x1;
+
+ result = dest_id | (rh << XEN_PT_GFLAGS_SHIFT_RH)
+ | (dm << XEN_PT_GFLAGS_SHIFT_DM)
+ | (deliv_mode << XEN_PT_GFLAGSSHIFT_DELIV_MODE)
+ | (trig_mode << XEN_PT_GFLAGSSHIFT_TRG_MODE);
+
+ return result;
+}
+
+static inline uint64_t msi_addr64(XenPTMSI *msi)
+{
+ return (uint64_t)msi->addr_hi << 32 | msi->addr_lo;
+}
+
+static int msi_msix_enable(XenPCIPassthroughState *s,
+ uint32_t address,
+ uint16_t flag,
+ bool enable)
+{
+ uint16_t val = 0;
+
+ if (!address) {
+ return -1;
+ }
+
+ xen_host_pci_get_word(&s->real_device, address, &val);
+ if (enable) {
+ val |= flag;
+ } else {
+ val &= ~flag;
+ }
+ xen_host_pci_set_word(&s->real_device, address, val);
+ return 0;
+}
+
+static int msi_msix_setup(XenPCIPassthroughState *s,
+ uint64_t addr,
+ uint32_t data,
+ int *ppirq,
+ bool is_msix,
+ int msix_entry,
+ bool is_not_mapped)
+{
+ uint8_t gvec = msi_vector(data);
+ int rc = 0;
+
+ assert((!is_msix && msix_entry == 0) || is_msix);
+
+ if (gvec == 0) {
+ /* if gvec is 0, the guest is asking for a particular pirq that
+ * is passed as dest_id */
+ *ppirq = msi_ext_dest_id(addr >> 32) | msi_dest_id(addr);
+ if (!*ppirq) {
+ /* this probably identifies an misconfiguration of the guest,
+ * try the emulated path */
+ *ppirq = XEN_PT_UNASSIGNED_PIRQ;
+ } else {
+ XEN_PT_LOG(&s->dev, "requested pirq %d for MSI%s"
+ " (vec: %#x, entry: %#x)\n",
+ *ppirq, is_msix ? "-X" : "", gvec, msix_entry);
+ }
+ }
+
+ if (is_not_mapped) {
+ uint64_t table_base = 0;
+
+ if (is_msix) {
+ table_base = s->msix->table_base;
+ }
+
+ rc = xc_physdev_map_pirq_msi(xen_xc, xen_domid, XEN_PT_AUTO_ASSIGN,
+ ppirq, PCI_DEVFN(s->real_device.dev,
+ s->real_device.func),
+ s->real_device.bus,
+ msix_entry, table_base);
+ if (rc) {
+ XEN_PT_ERR(&s->dev,
+ "Mapping of MSI%s (rc: %i, vec: %#x, entry %#x)\n",
+ is_msix ? "-X" : "", rc, gvec, msix_entry);
+ return rc;
+ }
+ }
+
+ return 0;
+}
+static int msi_msix_update(XenPCIPassthroughState *s,
+ uint64_t addr,
+ uint32_t data,
+ int pirq,
+ bool is_msix,
+ int msix_entry,
+ int *old_pirq)
+{
+ PCIDevice *d = &s->dev;
+ uint8_t gvec = msi_vector(data);
+ uint32_t gflags = msi_gflags(data, addr);
+ int rc = 0;
+ uint64_t table_addr = 0;
+
+ XEN_PT_LOG(d, "Updating MSI%s with pirq %d gvec %#x gflags %#x"
+ " (entry: %#x)\n",
+ is_msix ? "-X" : "", pirq, gvec, gflags, msix_entry);
+
+ if (is_msix) {
+ table_addr = s->msix->mmio_base_addr;
+ }
+
+ rc = xc_domain_update_msi_irq(xen_xc, xen_domid, gvec,
+ pirq, gflags, table_addr);
+
+ if (rc) {
+ XEN_PT_ERR(d, "Updating of MSI%s failed. (rc: %d)\n",
+ is_msix ? "-X" : "", rc);
+
+ if (xc_physdev_unmap_pirq(xen_xc, xen_domid, *old_pirq)) {
+ XEN_PT_ERR(d, "Unmapping of MSI%s pirq %d failed.\n",
+ is_msix ? "-X" : "", *old_pirq);
+ }
+ *old_pirq = XEN_PT_UNASSIGNED_PIRQ;
+ }
+ return rc;
+}
+
+static int msi_msix_disable(XenPCIPassthroughState *s,
+ uint64_t addr,
+ uint32_t data,
+ int pirq,
+ bool is_msix,
+ bool is_binded)
+{
+ PCIDevice *d = &s->dev;
+ uint8_t gvec = msi_vector(data);
+ uint32_t gflags = msi_gflags(data, addr);
+ int rc = 0;
+
+ if (pirq == XEN_PT_UNASSIGNED_PIRQ) {
+ return 0;
+ }
+
+ if (is_binded) {
+ XEN_PT_LOG(d, "Unbind MSI%s with pirq %d, gvec %#x\n",
+ is_msix ? "-X" : "", pirq, gvec);
+ rc = xc_domain_unbind_msi_irq(xen_xc, xen_domid, gvec, pirq, gflags);
+ if (rc) {
+ XEN_PT_ERR(d, "Unbinding of MSI%s failed. (pirq: %d, gvec: %#x)\n",
+ is_msix ? "-X" : "", pirq, gvec);
+ return rc;
+ }
+ }
+
+ XEN_PT_LOG(d, "Unmap MSI%s pirq %d\n", is_msix ? "-X" : "", pirq);
+ rc = xc_physdev_unmap_pirq(xen_xc, xen_domid, pirq);
+ if (rc) {
+ XEN_PT_ERR(d, "Unmapping of MSI%s pirq %d failed. (rc: %i)\n",
+ is_msix ? "-X" : "", pirq, rc);
+ return rc;
+ }
+
+ return 0;
+}
+
+/*
+ * MSI virtualization functions
+ */
+
+int xen_pt_msi_set_enable(XenPCIPassthroughState *s, bool enable)
+{
+ XEN_PT_LOG(&s->dev, "%s MSI.\n", enable ? "enabling" : "disabling");
+
+ if (!s->msi) {
+ return -1;
+ }
+
+ return msi_msix_enable(s, s->msi->ctrl_offset, PCI_MSI_FLAGS_ENABLE,
+ enable);
+}
+
+/* setup physical msi, but don't enable it */
+int xen_pt_msi_setup(XenPCIPassthroughState *s)
+{
+ int pirq = XEN_PT_UNASSIGNED_PIRQ;
+ int rc = 0;
+ XenPTMSI *msi = s->msi;
+
+ if (msi->initialized) {
+ XEN_PT_ERR(&s->dev,
+ "Setup physical MSI when it has been properly initialized.\n");
+ return -1;
+ }
+
+ rc = msi_msix_setup(s, msi_addr64(msi), msi->data, &pirq, false, 0, true);
+ if (rc) {
+ return rc;
+ }
+
+ if (pirq < 0) {
+ XEN_PT_ERR(&s->dev, "Invalid pirq number: %d.\n", pirq);
+ return -1;
+ }
+
+ msi->pirq = pirq;
+ XEN_PT_LOG(&s->dev, "MSI mapped with pirq %d.\n", pirq);
+
+ return 0;
+}
+
+int xen_pt_msi_update(XenPCIPassthroughState *s)
+{
+ XenPTMSI *msi = s->msi;
+ return msi_msix_update(s, msi_addr64(msi), msi->data, msi->pirq,
+ false, 0, &msi->pirq);
+}
+
+void xen_pt_msi_disable(XenPCIPassthroughState *s)
+{
+ XenPTMSI *msi = s->msi;
+
+ if (!msi) {
+ return;
+ }
+
+ xen_pt_msi_set_enable(s, false);
+
+ msi_msix_disable(s, msi_addr64(msi), msi->data, msi->pirq, false,
+ msi->initialized);
+
+ /* clear msi info */
+ msi->flags = 0;
+ msi->mapped = false;
+ msi->pirq = XEN_PT_UNASSIGNED_PIRQ;
+}
+
+/*
+ * MSI-X virtualization functions
+ */
+
+static int msix_set_enable(XenPCIPassthroughState *s, bool enabled)
+{
+ XEN_PT_LOG(&s->dev, "%s MSI-X.\n", enabled ? "enabling" : "disabling");
+
+ if (!s->msix) {
+ return -1;
+ }
+
+ return msi_msix_enable(s, s->msix->ctrl_offset, PCI_MSIX_FLAGS_ENABLE,
+ enabled);
+}
+
+static int xen_pt_msix_update_one(XenPCIPassthroughState *s, int entry_nr)
+{
+ XenPTMSIXEntry *entry = NULL;
+ int pirq;
+ int rc;
+
+ if (entry_nr < 0 || entry_nr >= s->msix->total_entries) {
+ return -EINVAL;
+ }
+
+ entry = &s->msix->msix_entry[entry_nr];
+
+ if (!entry->updated) {
+ return 0;
+ }
+
+ pirq = entry->pirq;
+
+ rc = msi_msix_setup(s, entry->addr, entry->data, &pirq, true, entry_nr,
+ entry->pirq == XEN_PT_UNASSIGNED_PIRQ);
+ if (rc) {
+ return rc;
+ }
+ if (entry->pirq == XEN_PT_UNASSIGNED_PIRQ) {
+ entry->pirq = pirq;
+ }
+
+ rc = msi_msix_update(s, entry->addr, entry->data, pirq, true,
+ entry_nr, &entry->pirq);
+
+ if (!rc) {
+ entry->updated = false;
+ }
+
+ return rc;
+}
+
+int xen_pt_msix_update(XenPCIPassthroughState *s)
+{
+ XenPTMSIX *msix = s->msix;
+ int i;
+
+ for (i = 0; i < msix->total_entries; i++) {
+ xen_pt_msix_update_one(s, i);
+ }
+
+ return 0;
+}
+
+void xen_pt_msix_disable(XenPCIPassthroughState *s)
+{
+ int i = 0;
+
+ msix_set_enable(s, false);
+
+ for (i = 0; i < s->msix->total_entries; i++) {
+ XenPTMSIXEntry *entry = &s->msix->msix_entry[i];
+
+ msi_msix_disable(s, entry->addr, entry->data, entry->pirq, true, true);
+
+ /* clear MSI-X info */
+ entry->pirq = XEN_PT_UNASSIGNED_PIRQ;
+ entry->updated = false;
+ }
+}
+
+int xen_pt_msix_update_remap(XenPCIPassthroughState *s, int bar_index)
+{
+ XenPTMSIXEntry *entry;
+ int i, ret;
+
+ if (!(s->msix && s->msix->bar_index == bar_index)) {
+ return 0;
+ }
+
+ for (i = 0; i < s->msix->total_entries; i++) {
+ entry = &s->msix->msix_entry[i];
+ if (entry->pirq != XEN_PT_UNASSIGNED_PIRQ) {
+ ret = xc_domain_unbind_pt_irq(xen_xc, xen_domid, entry->pirq,
+ PT_IRQ_TYPE_MSI, 0, 0, 0, 0);
+ if (ret) {
+ XEN_PT_ERR(&s->dev, "unbind MSI-X entry %d failed\n",
+ entry->pirq);
+ }
+ entry->updated = true;
+ }
+ }
+ return xen_pt_msix_update(s);
+}
+
+static uint32_t get_entry_value(XenPTMSIXEntry *e, int offset)
+{
+ switch (offset) {
+ case PCI_MSIX_ENTRY_LOWER_ADDR:
+ return e->addr & UINT32_MAX;
+ case PCI_MSIX_ENTRY_UPPER_ADDR:
+ return e->addr >> 32;
+ case PCI_MSIX_ENTRY_DATA:
+ return e->data;
+ case PCI_MSIX_ENTRY_VECTOR_CTRL:
+ return e->vector_ctrl;
+ default:
+ return 0;
+ }
+}
+
+static void set_entry_value(XenPTMSIXEntry *e, int offset, uint32_t val)
+{
+ switch (offset) {
+ case PCI_MSIX_ENTRY_LOWER_ADDR:
+ e->addr = (e->addr & ((uint64_t)UINT32_MAX << 32)) | val;
+ break;
+ case PCI_MSIX_ENTRY_UPPER_ADDR:
+ e->addr = (uint64_t)val << 32 | (e->addr & UINT32_MAX);
+ break;
+ case PCI_MSIX_ENTRY_DATA:
+ e->data = val;
+ break;
+ case PCI_MSIX_ENTRY_VECTOR_CTRL:
+ e->vector_ctrl = val;
+ break;
+ }
+}
+
+static void pci_msix_write(void *opaque, hwaddr addr,
+ uint64_t val, unsigned size)
+{
+ XenPCIPassthroughState *s = opaque;
+ XenPTMSIX *msix = s->msix;
+ XenPTMSIXEntry *entry;
+ int entry_nr, offset;
+
+ entry_nr = addr / PCI_MSIX_ENTRY_SIZE;
+ if (entry_nr < 0 || entry_nr >= msix->total_entries) {
+ XEN_PT_ERR(&s->dev, "asked MSI-X entry '%i' invalid!\n", entry_nr);
+ return;
+ }
+ entry = &msix->msix_entry[entry_nr];
+ offset = addr % PCI_MSIX_ENTRY_SIZE;
+
+ if (offset != PCI_MSIX_ENTRY_VECTOR_CTRL) {
+ const volatile uint32_t *vec_ctrl;
+
+ if (get_entry_value(entry, offset) == val) {
+ return;
+ }
+
+ /*
+ * If Xen intercepts the mask bit access, entry->vec_ctrl may not be
+ * up-to-date. Read from hardware directly.
+ */
+ vec_ctrl = s->msix->phys_iomem_base + entry_nr * PCI_MSIX_ENTRY_SIZE
+ + PCI_MSIX_ENTRY_VECTOR_CTRL;
+
+ if (msix->enabled && !(*vec_ctrl & PCI_MSIX_ENTRY_CTRL_MASKBIT)) {
+ XEN_PT_ERR(&s->dev, "Can't update msix entry %d since MSI-X is"
+ " already enabled.\n", entry_nr);
+ return;
+ }
+
+ entry->updated = true;
+ }
+
+ set_entry_value(entry, offset, val);
+
+ if (offset == PCI_MSIX_ENTRY_VECTOR_CTRL) {
+ if (msix->enabled && !(val & PCI_MSIX_ENTRY_CTRL_MASKBIT)) {
+ xen_pt_msix_update_one(s, entry_nr);
+ }
+ }
+}
+
+static uint64_t pci_msix_read(void *opaque, hwaddr addr,
+ unsigned size)
+{
+ XenPCIPassthroughState *s = opaque;
+ XenPTMSIX *msix = s->msix;
+ int entry_nr, offset;
+
+ entry_nr = addr / PCI_MSIX_ENTRY_SIZE;
+ if (entry_nr < 0) {
+ XEN_PT_ERR(&s->dev, "asked MSI-X entry '%i' invalid!\n", entry_nr);
+ return 0;
+ }
+
+ offset = addr % PCI_MSIX_ENTRY_SIZE;
+
+ if (addr < msix->total_entries * PCI_MSIX_ENTRY_SIZE) {
+ return get_entry_value(&msix->msix_entry[entry_nr], offset);
+ } else {
+ /* Pending Bit Array (PBA) */
+ return *(uint32_t *)(msix->phys_iomem_base + addr);
+ }
+}
+
+static const MemoryRegionOps pci_msix_ops = {
+ .read = pci_msix_read,
+ .write = pci_msix_write,
+ .endianness = DEVICE_NATIVE_ENDIAN,
+ .valid = {
+ .min_access_size = 4,
+ .max_access_size = 4,
+ .unaligned = false,
+ },
+};
+
+int xen_pt_msix_init(XenPCIPassthroughState *s, uint32_t base)
+{
+ uint8_t id = 0;
+ uint16_t control = 0;
+ uint32_t table_off = 0;
+ int i, total_entries, bar_index;
+ XenHostPCIDevice *hd = &s->real_device;
+ PCIDevice *d = &s->dev;
+ int fd = -1;
+ XenPTMSIX *msix = NULL;
+ int rc = 0;
+
+ rc = xen_host_pci_get_byte(hd, base + PCI_CAP_LIST_ID, &id);
+ if (rc) {
+ return rc;
+ }
+
+ if (id != PCI_CAP_ID_MSIX) {
+ XEN_PT_ERR(d, "Invalid id %#x base %#x\n", id, base);
+ return -1;
+ }
+
+ xen_host_pci_get_word(hd, base + PCI_MSIX_FLAGS, &control);
+ total_entries = control & PCI_MSIX_FLAGS_QSIZE;
+ total_entries += 1;
+
+ s->msix = g_malloc0(sizeof (XenPTMSIX)
+ + total_entries * sizeof (XenPTMSIXEntry));
+ msix = s->msix;
+
+ msix->total_entries = total_entries;
+ for (i = 0; i < total_entries; i++) {
+ msix->msix_entry[i].pirq = XEN_PT_UNASSIGNED_PIRQ;
+ }
+
+ memory_region_init_io(&msix->mmio, OBJECT(s), &pci_msix_ops,
+ s, "xen-pci-pt-msix",
+ (total_entries * PCI_MSIX_ENTRY_SIZE
+ + XC_PAGE_SIZE - 1)
+ & XC_PAGE_MASK);
+
+ xen_host_pci_get_long(hd, base + PCI_MSIX_TABLE, &table_off);
+ bar_index = msix->bar_index = table_off & PCI_MSIX_FLAGS_BIRMASK;
+ table_off = table_off & ~PCI_MSIX_FLAGS_BIRMASK;
+ msix->table_base = s->real_device.io_regions[bar_index].base_addr;
+ XEN_PT_LOG(d, "get MSI-X table BAR base 0x%"PRIx64"\n", msix->table_base);
+
+ fd = open("/dev/mem", O_RDWR);
+ if (fd == -1) {
+ rc = -errno;
+ XEN_PT_ERR(d, "Can't open /dev/mem: %s\n", strerror(errno));
+ goto error_out;
+ }
+ XEN_PT_LOG(d, "table_off = %#x, total_entries = %d\n",
+ table_off, total_entries);
+ msix->table_offset_adjust = table_off & 0x0fff;
+ msix->phys_iomem_base =
+ mmap(NULL,
+ total_entries * PCI_MSIX_ENTRY_SIZE + msix->table_offset_adjust,
+ PROT_READ,
+ MAP_SHARED | MAP_LOCKED,
+ fd,
+ msix->table_base + table_off - msix->table_offset_adjust);
+ close(fd);
+ if (msix->phys_iomem_base == MAP_FAILED) {
+ rc = -errno;
+ XEN_PT_ERR(d, "Can't map physical MSI-X table: %s\n", strerror(errno));
+ goto error_out;
+ }
+ msix->phys_iomem_base = (char *)msix->phys_iomem_base
+ + msix->table_offset_adjust;
+
+ XEN_PT_LOG(d, "mapping physical MSI-X table to %p\n",
+ msix->phys_iomem_base);
+
+ memory_region_add_subregion_overlap(&s->bar[bar_index], table_off,
+ &msix->mmio,
+ 2); /* Priority: pci default + 1 */
+
+ return 0;
+
+error_out:
+ memory_region_destroy(&msix->mmio);
+ g_free(s->msix);
+ s->msix = NULL;
+ return rc;
+}
+
+void xen_pt_msix_delete(XenPCIPassthroughState *s)
+{
+ XenPTMSIX *msix = s->msix;
+
+ if (!msix) {
+ return;
+ }
+
+ /* unmap the MSI-X memory mapped register area */
+ if (msix->phys_iomem_base) {
+ XEN_PT_LOG(&s->dev, "unmapping physical MSI-X table from %p\n",
+ msix->phys_iomem_base);
+ munmap(msix->phys_iomem_base, msix->total_entries * PCI_MSIX_ENTRY_SIZE
+ + msix->table_offset_adjust);
+ }
+
+ memory_region_del_subregion(&s->bar[msix->bar_index], &msix->mmio);
+ memory_region_destroy(&msix->mmio);
+
+ g_free(s->msix);
+ s->msix = NULL;
+}
diff --git a/hw/xen/xen_pvdevice.c b/hw/xen/xen_pvdevice.c
new file mode 100644
index 000000000..1132c8934
--- /dev/null
+++ b/hw/xen/xen_pvdevice.c
@@ -0,0 +1,131 @@
+/* Copyright (c) Citrix Systems Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms,
+ * with or without modification, are permitted provided
+ * that the following conditions are met:
+ *
+ * * Redistributions of source code must retain the above
+ * copyright notice, this list of conditions and the
+ * following disclaimer.
+ * * Redistributions in binary form must reproduce the above
+ * copyright notice, this list of conditions and the
+ * following disclaimer in the documentation and/or other
+ * materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND
+ * CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+ * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "hw/hw.h"
+#include "hw/pci/pci.h"
+#include "trace.h"
+
+#define TYPE_XEN_PV_DEVICE "xen-pvdevice"
+
+#define XEN_PV_DEVICE(obj) \
+ OBJECT_CHECK(XenPVDevice, (obj), TYPE_XEN_PV_DEVICE)
+
+typedef struct XenPVDevice {
+ /*< private >*/
+ PCIDevice parent_obj;
+ /*< public >*/
+ uint16_t vendor_id;
+ uint16_t device_id;
+ uint8_t revision;
+ uint32_t size;
+ MemoryRegion mmio;
+} XenPVDevice;
+
+static uint64_t xen_pv_mmio_read(void *opaque, hwaddr addr,
+ unsigned size)
+{
+ trace_xen_pv_mmio_read(addr);
+
+ return ~(uint64_t)0;
+}
+
+static void xen_pv_mmio_write(void *opaque, hwaddr addr,
+ uint64_t val, unsigned size)
+{
+ trace_xen_pv_mmio_write(addr);
+}
+
+static const MemoryRegionOps xen_pv_mmio_ops = {
+ .read = &xen_pv_mmio_read,
+ .write = &xen_pv_mmio_write,
+ .endianness = DEVICE_LITTLE_ENDIAN,
+};
+
+static int xen_pv_init(PCIDevice *pci_dev)
+{
+ XenPVDevice *d = XEN_PV_DEVICE(pci_dev);
+ uint8_t *pci_conf;
+
+ pci_conf = pci_dev->config;
+
+ pci_set_word(pci_conf + PCI_VENDOR_ID, d->vendor_id);
+ pci_set_word(pci_conf + PCI_SUBSYSTEM_VENDOR_ID, d->vendor_id);
+ pci_set_word(pci_conf + PCI_DEVICE_ID, d->device_id);
+ pci_set_word(pci_conf + PCI_SUBSYSTEM_ID, d->device_id);
+ pci_set_byte(pci_conf + PCI_REVISION_ID, d->revision);
+
+ pci_set_word(pci_conf + PCI_COMMAND, PCI_COMMAND_MEMORY);
+
+ pci_config_set_prog_interface(pci_conf, 0);
+
+ pci_conf[PCI_INTERRUPT_PIN] = 1;
+
+ memory_region_init_io(&d->mmio, NULL, &xen_pv_mmio_ops, d,
+ "mmio", d->size);
+
+ pci_register_bar(pci_dev, 1, PCI_BASE_ADDRESS_MEM_PREFETCH,
+ &d->mmio);
+
+ return 0;
+}
+
+static Property xen_pv_props[] = {
+ DEFINE_PROP_UINT16("vendor-id", XenPVDevice, vendor_id, PCI_VENDOR_ID_XEN),
+ DEFINE_PROP_UINT16("device-id", XenPVDevice, device_id, PCI_DEVICE_ID_XEN_PVDEVICE),
+ DEFINE_PROP_UINT8("revision", XenPVDevice, revision, 0x01),
+ DEFINE_PROP_UINT32("size", XenPVDevice, size, 0x400000),
+ DEFINE_PROP_END_OF_LIST()
+};
+
+static void xen_pv_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ PCIDeviceClass *k = PCI_DEVICE_CLASS(klass);
+
+ k->init = xen_pv_init;
+ k->class_id = PCI_CLASS_SYSTEM_OTHER;
+ dc->desc = "Xen PV Device";
+ dc->props = xen_pv_props;
+}
+
+static const TypeInfo xen_pv_type_info = {
+ .name = TYPE_XEN_PV_DEVICE,
+ .parent = TYPE_PCI_DEVICE,
+ .instance_size = sizeof(XenPVDevice),
+ .class_init = xen_pv_class_init,
+};
+
+static void xen_pv_register_types(void)
+{
+ type_register_static(&xen_pv_type_info);
+}
+
+type_init(xen_pv_register_types)
diff --git a/hw/xen_apic.c b/hw/xen_apic.c
deleted file mode 100644
index fc4536651..000000000
--- a/hw/xen_apic.c
+++ /dev/null
@@ -1,95 +0,0 @@
-/*
- * Xen basic APIC support
- *
- * Copyright (c) 2012 Citrix
- *
- * Authors:
- * Wei Liu <wei.liu2@citrix.com>
- *
- * This work is licensed under the terms of the GNU GPL version 2 or
- * later. See the COPYING file in the top-level directory.
- */
-#include "hw/apic_internal.h"
-#include "hw/msi.h"
-#include "xen.h"
-
-static uint64_t xen_apic_mem_read(void *opaque, hwaddr addr,
- unsigned size)
-{
- return ~(uint64_t)0;
-}
-
-static void xen_apic_mem_write(void *opaque, hwaddr addr,
- uint64_t data, unsigned size)
-{
- if (size != sizeof(uint32_t)) {
- fprintf(stderr, "Xen: APIC write data size = %d, invalid\n", size);
- return;
- }
-
- xen_hvm_inject_msi(addr, data);
-}
-
-static const MemoryRegionOps xen_apic_io_ops = {
- .read = xen_apic_mem_read,
- .write = xen_apic_mem_write,
- .endianness = DEVICE_NATIVE_ENDIAN,
-};
-
-static void xen_apic_init(APICCommonState *s)
-{
- memory_region_init_io(&s->io_memory, &xen_apic_io_ops, s, "xen-apic-msi",
- MSI_SPACE_SIZE);
-
-#if defined(CONFIG_XEN_CTRL_INTERFACE_VERSION) \
- && CONFIG_XEN_CTRL_INTERFACE_VERSION >= 420
- msi_supported = true;
-#endif
-}
-
-static void xen_apic_set_base(APICCommonState *s, uint64_t val)
-{
-}
-
-static void xen_apic_set_tpr(APICCommonState *s, uint8_t val)
-{
-}
-
-static uint8_t xen_apic_get_tpr(APICCommonState *s)
-{
- return 0;
-}
-
-static void xen_apic_vapic_base_update(APICCommonState *s)
-{
-}
-
-static void xen_apic_external_nmi(APICCommonState *s)
-{
-}
-
-static void xen_apic_class_init(ObjectClass *klass, void *data)
-{
- APICCommonClass *k = APIC_COMMON_CLASS(klass);
-
- k->init = xen_apic_init;
- k->set_base = xen_apic_set_base;
- k->set_tpr = xen_apic_set_tpr;
- k->get_tpr = xen_apic_get_tpr;
- k->vapic_base_update = xen_apic_vapic_base_update;
- k->external_nmi = xen_apic_external_nmi;
-}
-
-static TypeInfo xen_apic_info = {
- .name = "xen-apic",
- .parent = TYPE_APIC_COMMON,
- .instance_size = sizeof(APICCommonState),
- .class_init = xen_apic_class_init,
-};
-
-static void xen_apic_register_types(void)
-{
- type_register_static(&xen_apic_info);
-}
-
-type_init(xen_apic_register_types)
diff --git a/hw/xen_backend.c b/hw/xen_backend.c
deleted file mode 100644
index f83a1e1d0..000000000
--- a/hw/xen_backend.c
+++ /dev/null
@@ -1,787 +0,0 @@
-/*
- * xen backend driver infrastructure
- * (c) 2008 Gerd Hoffmann <kraxel@redhat.com>
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; under version 2 of the License.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, see <http://www.gnu.org/licenses/>.
- *
- * Contributions after 2012-01-13 are licensed under the terms of the
- * GNU GPL, version 2 or (at your option) any later version.
- */
-
-/*
- * TODO: add some xenbus / xenstore concepts overview here.
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <stdarg.h>
-#include <string.h>
-#include <unistd.h>
-#include <fcntl.h>
-#include <inttypes.h>
-#include <sys/types.h>
-#include <sys/stat.h>
-#include <sys/mman.h>
-#include <sys/signal.h>
-
-#include "hw.h"
-#include "qemu-char.h"
-#include "qemu-log.h"
-#include "xen_backend.h"
-
-#include <xen/grant_table.h>
-
-/* ------------------------------------------------------------- */
-
-/* public */
-XenXC xen_xc = XC_HANDLER_INITIAL_VALUE;
-XenGnttab xen_xcg = XC_HANDLER_INITIAL_VALUE;
-struct xs_handle *xenstore = NULL;
-const char *xen_protocol;
-
-/* private */
-static QTAILQ_HEAD(XenDeviceHead, XenDevice) xendevs = QTAILQ_HEAD_INITIALIZER(xendevs);
-static int debug = 0;
-
-/* ------------------------------------------------------------- */
-
-int xenstore_write_str(const char *base, const char *node, const char *val)
-{
- char abspath[XEN_BUFSIZE];
-
- snprintf(abspath, sizeof(abspath), "%s/%s", base, node);
- if (!xs_write(xenstore, 0, abspath, val, strlen(val))) {
- return -1;
- }
- return 0;
-}
-
-char *xenstore_read_str(const char *base, const char *node)
-{
- char abspath[XEN_BUFSIZE];
- unsigned int len;
- char *str, *ret = NULL;
-
- snprintf(abspath, sizeof(abspath), "%s/%s", base, node);
- str = xs_read(xenstore, 0, abspath, &len);
- if (str != NULL) {
- /* move to qemu-allocated memory to make sure
- * callers can savely g_free() stuff. */
- ret = g_strdup(str);
- free(str);
- }
- return ret;
-}
-
-int xenstore_write_int(const char *base, const char *node, int ival)
-{
- char val[32];
-
- snprintf(val, sizeof(val), "%d", ival);
- return xenstore_write_str(base, node, val);
-}
-
-int xenstore_read_int(const char *base, const char *node, int *ival)
-{
- char *val;
- int rc = -1;
-
- val = xenstore_read_str(base, node);
- if (val && 1 == sscanf(val, "%d", ival)) {
- rc = 0;
- }
- g_free(val);
- return rc;
-}
-
-int xenstore_write_be_str(struct XenDevice *xendev, const char *node, const char *val)
-{
- return xenstore_write_str(xendev->be, node, val);
-}
-
-int xenstore_write_be_int(struct XenDevice *xendev, const char *node, int ival)
-{
- return xenstore_write_int(xendev->be, node, ival);
-}
-
-char *xenstore_read_be_str(struct XenDevice *xendev, const char *node)
-{
- return xenstore_read_str(xendev->be, node);
-}
-
-int xenstore_read_be_int(struct XenDevice *xendev, const char *node, int *ival)
-{
- return xenstore_read_int(xendev->be, node, ival);
-}
-
-char *xenstore_read_fe_str(struct XenDevice *xendev, const char *node)
-{
- return xenstore_read_str(xendev->fe, node);
-}
-
-int xenstore_read_fe_int(struct XenDevice *xendev, const char *node, int *ival)
-{
- return xenstore_read_int(xendev->fe, node, ival);
-}
-
-/* ------------------------------------------------------------- */
-
-const char *xenbus_strstate(enum xenbus_state state)
-{
- static const char *const name[] = {
- [ XenbusStateUnknown ] = "Unknown",
- [ XenbusStateInitialising ] = "Initialising",
- [ XenbusStateInitWait ] = "InitWait",
- [ XenbusStateInitialised ] = "Initialised",
- [ XenbusStateConnected ] = "Connected",
- [ XenbusStateClosing ] = "Closing",
- [ XenbusStateClosed ] = "Closed",
- };
- return (state < ARRAY_SIZE(name)) ? name[state] : "INVALID";
-}
-
-int xen_be_set_state(struct XenDevice *xendev, enum xenbus_state state)
-{
- int rc;
-
- rc = xenstore_write_be_int(xendev, "state", state);
- if (rc < 0) {
- return rc;
- }
- xen_be_printf(xendev, 1, "backend state: %s -> %s\n",
- xenbus_strstate(xendev->be_state), xenbus_strstate(state));
- xendev->be_state = state;
- return 0;
-}
-
-/* ------------------------------------------------------------- */
-
-struct XenDevice *xen_be_find_xendev(const char *type, int dom, int dev)
-{
- struct XenDevice *xendev;
-
- QTAILQ_FOREACH(xendev, &xendevs, next) {
- if (xendev->dom != dom) {
- continue;
- }
- if (xendev->dev != dev) {
- continue;
- }
- if (strcmp(xendev->type, type) != 0) {
- continue;
- }
- return xendev;
- }
- return NULL;
-}
-
-/*
- * get xen backend device, allocate a new one if it doesn't exist.
- */
-static struct XenDevice *xen_be_get_xendev(const char *type, int dom, int dev,
- struct XenDevOps *ops)
-{
- struct XenDevice *xendev;
- char *dom0;
-
- xendev = xen_be_find_xendev(type, dom, dev);
- if (xendev) {
- return xendev;
- }
-
- /* init new xendev */
- xendev = g_malloc0(ops->size);
- xendev->type = type;
- xendev->dom = dom;
- xendev->dev = dev;
- xendev->ops = ops;
-
- dom0 = xs_get_domain_path(xenstore, 0);
- snprintf(xendev->be, sizeof(xendev->be), "%s/backend/%s/%d/%d",
- dom0, xendev->type, xendev->dom, xendev->dev);
- snprintf(xendev->name, sizeof(xendev->name), "%s-%d",
- xendev->type, xendev->dev);
- free(dom0);
-
- xendev->debug = debug;
- xendev->local_port = -1;
-
- xendev->evtchndev = xen_xc_evtchn_open(NULL, 0);
- if (xendev->evtchndev == XC_HANDLER_INITIAL_VALUE) {
- xen_be_printf(NULL, 0, "can't open evtchn device\n");
- g_free(xendev);
- return NULL;
- }
- fcntl(xc_evtchn_fd(xendev->evtchndev), F_SETFD, FD_CLOEXEC);
-
- if (ops->flags & DEVOPS_FLAG_NEED_GNTDEV) {
- xendev->gnttabdev = xen_xc_gnttab_open(NULL, 0);
- if (xendev->gnttabdev == XC_HANDLER_INITIAL_VALUE) {
- xen_be_printf(NULL, 0, "can't open gnttab device\n");
- xc_evtchn_close(xendev->evtchndev);
- g_free(xendev);
- return NULL;
- }
- } else {
- xendev->gnttabdev = XC_HANDLER_INITIAL_VALUE;
- }
-
- QTAILQ_INSERT_TAIL(&xendevs, xendev, next);
-
- if (xendev->ops->alloc) {
- xendev->ops->alloc(xendev);
- }
-
- return xendev;
-}
-
-/*
- * release xen backend device.
- */
-static struct XenDevice *xen_be_del_xendev(int dom, int dev)
-{
- struct XenDevice *xendev, *xnext;
-
- /*
- * This is pretty much like QTAILQ_FOREACH(xendev, &xendevs, next) but
- * we save the next pointer in xnext because we might free xendev.
- */
- xnext = xendevs.tqh_first;
- while (xnext) {
- xendev = xnext;
- xnext = xendev->next.tqe_next;
-
- if (xendev->dom != dom) {
- continue;
- }
- if (xendev->dev != dev && dev != -1) {
- continue;
- }
-
- if (xendev->ops->free) {
- xendev->ops->free(xendev);
- }
-
- if (xendev->fe) {
- char token[XEN_BUFSIZE];
- snprintf(token, sizeof(token), "fe:%p", xendev);
- xs_unwatch(xenstore, xendev->fe, token);
- g_free(xendev->fe);
- }
-
- if (xendev->evtchndev != XC_HANDLER_INITIAL_VALUE) {
- xc_evtchn_close(xendev->evtchndev);
- }
- if (xendev->gnttabdev != XC_HANDLER_INITIAL_VALUE) {
- xc_gnttab_close(xendev->gnttabdev);
- }
-
- QTAILQ_REMOVE(&xendevs, xendev, next);
- g_free(xendev);
- }
- return NULL;
-}
-
-/*
- * Sync internal data structures on xenstore updates.
- * Node specifies the changed field. node = NULL means
- * update all fields (used for initialization).
- */
-static void xen_be_backend_changed(struct XenDevice *xendev, const char *node)
-{
- if (node == NULL || strcmp(node, "online") == 0) {
- if (xenstore_read_be_int(xendev, "online", &xendev->online) == -1) {
- xendev->online = 0;
- }
- }
-
- if (node) {
- xen_be_printf(xendev, 2, "backend update: %s\n", node);
- if (xendev->ops->backend_changed) {
- xendev->ops->backend_changed(xendev, node);
- }
- }
-}
-
-static void xen_be_frontend_changed(struct XenDevice *xendev, const char *node)
-{
- int fe_state;
-
- if (node == NULL || strcmp(node, "state") == 0) {
- if (xenstore_read_fe_int(xendev, "state", &fe_state) == -1) {
- fe_state = XenbusStateUnknown;
- }
- if (xendev->fe_state != fe_state) {
- xen_be_printf(xendev, 1, "frontend state: %s -> %s\n",
- xenbus_strstate(xendev->fe_state),
- xenbus_strstate(fe_state));
- }
- xendev->fe_state = fe_state;
- }
- if (node == NULL || strcmp(node, "protocol") == 0) {
- g_free(xendev->protocol);
- xendev->protocol = xenstore_read_fe_str(xendev, "protocol");
- if (xendev->protocol) {
- xen_be_printf(xendev, 1, "frontend protocol: %s\n", xendev->protocol);
- }
- }
-
- if (node) {
- xen_be_printf(xendev, 2, "frontend update: %s\n", node);
- if (xendev->ops->frontend_changed) {
- xendev->ops->frontend_changed(xendev, node);
- }
- }
-}
-
-/* ------------------------------------------------------------- */
-/* Check for possible state transitions and perform them. */
-
-/*
- * Initial xendev setup. Read frontend path, register watch for it.
- * Should succeed once xend finished setting up the backend device.
- *
- * Also sets initial state (-> Initializing) when done. Which
- * only affects the xendev->be_state variable as xenbus should
- * already be put into that state by xend.
- */
-static int xen_be_try_setup(struct XenDevice *xendev)
-{
- char token[XEN_BUFSIZE];
- int be_state;
-
- if (xenstore_read_be_int(xendev, "state", &be_state) == -1) {
- xen_be_printf(xendev, 0, "reading backend state failed\n");
- return -1;
- }
-
- if (be_state != XenbusStateInitialising) {
- xen_be_printf(xendev, 0, "initial backend state is wrong (%s)\n",
- xenbus_strstate(be_state));
- return -1;
- }
-
- xendev->fe = xenstore_read_be_str(xendev, "frontend");
- if (xendev->fe == NULL) {
- xen_be_printf(xendev, 0, "reading frontend path failed\n");
- return -1;
- }
-
- /* setup frontend watch */
- snprintf(token, sizeof(token), "fe:%p", xendev);
- if (!xs_watch(xenstore, xendev->fe, token)) {
- xen_be_printf(xendev, 0, "watching frontend path (%s) failed\n",
- xendev->fe);
- return -1;
- }
- xen_be_set_state(xendev, XenbusStateInitialising);
-
- xen_be_backend_changed(xendev, NULL);
- xen_be_frontend_changed(xendev, NULL);
- return 0;
-}
-
-/*
- * Try initialize xendev. Prepare everything the backend can do
- * without synchronizing with the frontend. Fakes hotplug-status. No
- * hotplug involved here because this is about userspace drivers, thus
- * there are kernel backend devices which could invoke hotplug.
- *
- * Goes to InitWait on success.
- */
-static int xen_be_try_init(struct XenDevice *xendev)
-{
- int rc = 0;
-
- if (!xendev->online) {
- xen_be_printf(xendev, 1, "not online\n");
- return -1;
- }
-
- if (xendev->ops->init) {
- rc = xendev->ops->init(xendev);
- }
- if (rc != 0) {
- xen_be_printf(xendev, 1, "init() failed\n");
- return rc;
- }
-
- xenstore_write_be_str(xendev, "hotplug-status", "connected");
- xen_be_set_state(xendev, XenbusStateInitWait);
- return 0;
-}
-
-/*
- * Try to initialise xendev. Depends on the frontend being ready
- * for it (shared ring and evtchn info in xenstore, state being
- * Initialised or Connected).
- *
- * Goes to Connected on success.
- */
-static int xen_be_try_initialise(struct XenDevice *xendev)
-{
- int rc = 0;
-
- if (xendev->fe_state != XenbusStateInitialised &&
- xendev->fe_state != XenbusStateConnected) {
- if (xendev->ops->flags & DEVOPS_FLAG_IGNORE_STATE) {
- xen_be_printf(xendev, 2, "frontend not ready, ignoring\n");
- } else {
- xen_be_printf(xendev, 2, "frontend not ready (yet)\n");
- return -1;
- }
- }
-
- if (xendev->ops->initialise) {
- rc = xendev->ops->initialise(xendev);
- }
- if (rc != 0) {
- xen_be_printf(xendev, 0, "initialise() failed\n");
- return rc;
- }
-
- xen_be_set_state(xendev, XenbusStateConnected);
- return 0;
-}
-
-/*
- * Try to let xendev know that it is connected. Depends on the
- * frontend being Connected. Note that this may be called more
- * than once since the backend state is not modified.
- */
-static void xen_be_try_connected(struct XenDevice *xendev)
-{
- if (!xendev->ops->connected) {
- return;
- }
-
- if (xendev->fe_state != XenbusStateConnected) {
- if (xendev->ops->flags & DEVOPS_FLAG_IGNORE_STATE) {
- xen_be_printf(xendev, 2, "frontend not ready, ignoring\n");
- } else {
- xen_be_printf(xendev, 2, "frontend not ready (yet)\n");
- return;
- }
- }
-
- xendev->ops->connected(xendev);
-}
-
-/*
- * Teardown connection.
- *
- * Goes to Closed when done.
- */
-static void xen_be_disconnect(struct XenDevice *xendev, enum xenbus_state state)
-{
- if (xendev->be_state != XenbusStateClosing &&
- xendev->be_state != XenbusStateClosed &&
- xendev->ops->disconnect) {
- xendev->ops->disconnect(xendev);
- }
- if (xendev->be_state != state) {
- xen_be_set_state(xendev, state);
- }
-}
-
-/*
- * Try to reset xendev, for reconnection by another frontend instance.
- */
-static int xen_be_try_reset(struct XenDevice *xendev)
-{
- if (xendev->fe_state != XenbusStateInitialising) {
- return -1;
- }
-
- xen_be_printf(xendev, 1, "device reset (for re-connect)\n");
- xen_be_set_state(xendev, XenbusStateInitialising);
- return 0;
-}
-
-/*
- * state change dispatcher function
- */
-void xen_be_check_state(struct XenDevice *xendev)
-{
- int rc = 0;
-
- /* frontend may request shutdown from almost anywhere */
- if (xendev->fe_state == XenbusStateClosing ||
- xendev->fe_state == XenbusStateClosed) {
- xen_be_disconnect(xendev, xendev->fe_state);
- return;
- }
-
- /* check for possible backend state transitions */
- for (;;) {
- switch (xendev->be_state) {
- case XenbusStateUnknown:
- rc = xen_be_try_setup(xendev);
- break;
- case XenbusStateInitialising:
- rc = xen_be_try_init(xendev);
- break;
- case XenbusStateInitWait:
- rc = xen_be_try_initialise(xendev);
- break;
- case XenbusStateConnected:
- /* xendev->be_state doesn't change */
- xen_be_try_connected(xendev);
- rc = -1;
- break;
- case XenbusStateClosed:
- rc = xen_be_try_reset(xendev);
- break;
- default:
- rc = -1;
- }
- if (rc != 0) {
- break;
- }
- }
-}
-
-/* ------------------------------------------------------------- */
-
-static int xenstore_scan(const char *type, int dom, struct XenDevOps *ops)
-{
- struct XenDevice *xendev;
- char path[XEN_BUFSIZE], token[XEN_BUFSIZE];
- char **dev = NULL, *dom0;
- unsigned int cdev, j;
-
- /* setup watch */
- dom0 = xs_get_domain_path(xenstore, 0);
- snprintf(token, sizeof(token), "be:%p:%d:%p", type, dom, ops);
- snprintf(path, sizeof(path), "%s/backend/%s/%d", dom0, type, dom);
- free(dom0);
- if (!xs_watch(xenstore, path, token)) {
- xen_be_printf(NULL, 0, "xen be: watching backend path (%s) failed\n", path);
- return -1;
- }
-
- /* look for backends */
- dev = xs_directory(xenstore, 0, path, &cdev);
- if (!dev) {
- return 0;
- }
- for (j = 0; j < cdev; j++) {
- xendev = xen_be_get_xendev(type, dom, atoi(dev[j]), ops);
- if (xendev == NULL) {
- continue;
- }
- xen_be_check_state(xendev);
- }
- free(dev);
- return 0;
-}
-
-static void xenstore_update_be(char *watch, char *type, int dom,
- struct XenDevOps *ops)
-{
- struct XenDevice *xendev;
- char path[XEN_BUFSIZE], *dom0, *bepath;
- unsigned int len, dev;
-
- dom0 = xs_get_domain_path(xenstore, 0);
- len = snprintf(path, sizeof(path), "%s/backend/%s/%d", dom0, type, dom);
- free(dom0);
- if (strncmp(path, watch, len) != 0) {
- return;
- }
- if (sscanf(watch+len, "/%u/%255s", &dev, path) != 2) {
- strcpy(path, "");
- if (sscanf(watch+len, "/%u", &dev) != 1) {
- dev = -1;
- }
- }
- if (dev == -1) {
- return;
- }
-
- xendev = xen_be_get_xendev(type, dom, dev, ops);
- if (xendev != NULL) {
- bepath = xs_read(xenstore, 0, xendev->be, &len);
- if (bepath == NULL) {
- xen_be_del_xendev(dom, dev);
- } else {
- free(bepath);
- xen_be_backend_changed(xendev, path);
- xen_be_check_state(xendev);
- }
- }
-}
-
-static void xenstore_update_fe(char *watch, struct XenDevice *xendev)
-{
- char *node;
- unsigned int len;
-
- len = strlen(xendev->fe);
- if (strncmp(xendev->fe, watch, len) != 0) {
- return;
- }
- if (watch[len] != '/') {
- return;
- }
- node = watch + len + 1;
-
- xen_be_frontend_changed(xendev, node);
- xen_be_check_state(xendev);
-}
-
-static void xenstore_update(void *unused)
-{
- char **vec = NULL;
- intptr_t type, ops, ptr;
- unsigned int dom, count;
-
- vec = xs_read_watch(xenstore, &count);
- if (vec == NULL) {
- goto cleanup;
- }
-
- if (sscanf(vec[XS_WATCH_TOKEN], "be:%" PRIxPTR ":%d:%" PRIxPTR,
- &type, &dom, &ops) == 3) {
- xenstore_update_be(vec[XS_WATCH_PATH], (void*)type, dom, (void*)ops);
- }
- if (sscanf(vec[XS_WATCH_TOKEN], "fe:%" PRIxPTR, &ptr) == 1) {
- xenstore_update_fe(vec[XS_WATCH_PATH], (void*)ptr);
- }
-
-cleanup:
- free(vec);
-}
-
-static void xen_be_evtchn_event(void *opaque)
-{
- struct XenDevice *xendev = opaque;
- evtchn_port_t port;
-
- port = xc_evtchn_pending(xendev->evtchndev);
- if (port != xendev->local_port) {
- xen_be_printf(xendev, 0, "xc_evtchn_pending returned %d (expected %d)\n",
- port, xendev->local_port);
- return;
- }
- xc_evtchn_unmask(xendev->evtchndev, port);
-
- if (xendev->ops->event) {
- xendev->ops->event(xendev);
- }
-}
-
-/* -------------------------------------------------------------------- */
-
-int xen_be_init(void)
-{
- xenstore = xs_daemon_open();
- if (!xenstore) {
- xen_be_printf(NULL, 0, "can't connect to xenstored\n");
- return -1;
- }
-
- if (qemu_set_fd_handler(xs_fileno(xenstore), xenstore_update, NULL, NULL) < 0) {
- goto err;
- }
-
- if (xen_xc == XC_HANDLER_INITIAL_VALUE) {
- /* Check if xen_init() have been called */
- goto err;
- }
- return 0;
-
-err:
- qemu_set_fd_handler(xs_fileno(xenstore), NULL, NULL, NULL);
- xs_daemon_close(xenstore);
- xenstore = NULL;
-
- return -1;
-}
-
-int xen_be_register(const char *type, struct XenDevOps *ops)
-{
- return xenstore_scan(type, xen_domid, ops);
-}
-
-int xen_be_bind_evtchn(struct XenDevice *xendev)
-{
- if (xendev->local_port != -1) {
- return 0;
- }
- xendev->local_port = xc_evtchn_bind_interdomain
- (xendev->evtchndev, xendev->dom, xendev->remote_port);
- if (xendev->local_port == -1) {
- xen_be_printf(xendev, 0, "xc_evtchn_bind_interdomain failed\n");
- return -1;
- }
- xen_be_printf(xendev, 2, "bind evtchn port %d\n", xendev->local_port);
- qemu_set_fd_handler(xc_evtchn_fd(xendev->evtchndev),
- xen_be_evtchn_event, NULL, xendev);
- return 0;
-}
-
-void xen_be_unbind_evtchn(struct XenDevice *xendev)
-{
- if (xendev->local_port == -1) {
- return;
- }
- qemu_set_fd_handler(xc_evtchn_fd(xendev->evtchndev), NULL, NULL, NULL);
- xc_evtchn_unbind(xendev->evtchndev, xendev->local_port);
- xen_be_printf(xendev, 2, "unbind evtchn port %d\n", xendev->local_port);
- xendev->local_port = -1;
-}
-
-int xen_be_send_notify(struct XenDevice *xendev)
-{
- return xc_evtchn_notify(xendev->evtchndev, xendev->local_port);
-}
-
-/*
- * msg_level:
- * 0 == errors (stderr + logfile).
- * 1 == informative debug messages (logfile only).
- * 2 == noisy debug messages (logfile only).
- * 3 == will flood your log (logfile only).
- */
-void xen_be_printf(struct XenDevice *xendev, int msg_level, const char *fmt, ...)
-{
- va_list args;
-
- if (xendev) {
- if (msg_level > xendev->debug) {
- return;
- }
- qemu_log("xen be: %s: ", xendev->name);
- if (msg_level == 0) {
- fprintf(stderr, "xen be: %s: ", xendev->name);
- }
- } else {
- if (msg_level > debug) {
- return;
- }
- qemu_log("xen be core: ");
- if (msg_level == 0) {
- fprintf(stderr, "xen be core: ");
- }
- }
- va_start(args, fmt);
- qemu_log_vprintf(fmt, args);
- va_end(args);
- if (msg_level == 0) {
- va_start(args, fmt);
- vfprintf(stderr, fmt, args);
- va_end(args);
- }
- qemu_log_flush();
-}
diff --git a/hw/xen_backend.h b/hw/xen_backend.h
deleted file mode 100644
index fea86dd78..000000000
--- a/hw/xen_backend.h
+++ /dev/null
@@ -1,108 +0,0 @@
-#ifndef QEMU_HW_XEN_BACKEND_H
-#define QEMU_HW_XEN_BACKEND_H 1
-
-#include "xen_common.h"
-#include "sysemu.h"
-#include "net.h"
-#include "net/hub.h"
-
-/* ------------------------------------------------------------- */
-
-#define XEN_BUFSIZE 1024
-
-struct XenDevice;
-
-/* driver uses grant tables -> open gntdev device (xendev->gnttabdev) */
-#define DEVOPS_FLAG_NEED_GNTDEV 1
-/* don't expect frontend doing correct state transitions (aka console quirk) */
-#define DEVOPS_FLAG_IGNORE_STATE 2
-
-struct XenDevOps {
- size_t size;
- uint32_t flags;
- void (*alloc)(struct XenDevice *xendev);
- int (*init)(struct XenDevice *xendev);
- int (*initialise)(struct XenDevice *xendev);
- void (*connected)(struct XenDevice *xendev);
- void (*event)(struct XenDevice *xendev);
- void (*disconnect)(struct XenDevice *xendev);
- int (*free)(struct XenDevice *xendev);
- void (*backend_changed)(struct XenDevice *xendev, const char *node);
- void (*frontend_changed)(struct XenDevice *xendev, const char *node);
-};
-
-struct XenDevice {
- const char *type;
- int dom;
- int dev;
- char name[64];
- int debug;
-
- enum xenbus_state be_state;
- enum xenbus_state fe_state;
- int online;
- char be[XEN_BUFSIZE];
- char *fe;
- char *protocol;
- int remote_port;
- int local_port;
-
- XenEvtchn evtchndev;
- XenGnttab gnttabdev;
-
- struct XenDevOps *ops;
- QTAILQ_ENTRY(XenDevice) next;
-};
-
-/* ------------------------------------------------------------- */
-
-/* variables */
-extern XenXC xen_xc;
-extern struct xs_handle *xenstore;
-extern const char *xen_protocol;
-
-/* xenstore helper functions */
-int xenstore_write_str(const char *base, const char *node, const char *val);
-int xenstore_write_int(const char *base, const char *node, int ival);
-char *xenstore_read_str(const char *base, const char *node);
-int xenstore_read_int(const char *base, const char *node, int *ival);
-
-int xenstore_write_be_str(struct XenDevice *xendev, const char *node, const char *val);
-int xenstore_write_be_int(struct XenDevice *xendev, const char *node, int ival);
-char *xenstore_read_be_str(struct XenDevice *xendev, const char *node);
-int xenstore_read_be_int(struct XenDevice *xendev, const char *node, int *ival);
-char *xenstore_read_fe_str(struct XenDevice *xendev, const char *node);
-int xenstore_read_fe_int(struct XenDevice *xendev, const char *node, int *ival);
-
-const char *xenbus_strstate(enum xenbus_state state);
-struct XenDevice *xen_be_find_xendev(const char *type, int dom, int dev);
-void xen_be_check_state(struct XenDevice *xendev);
-
-/* xen backend driver bits */
-int xen_be_init(void);
-int xen_be_register(const char *type, struct XenDevOps *ops);
-int xen_be_set_state(struct XenDevice *xendev, enum xenbus_state state);
-int xen_be_bind_evtchn(struct XenDevice *xendev);
-void xen_be_unbind_evtchn(struct XenDevice *xendev);
-int xen_be_send_notify(struct XenDevice *xendev);
-void xen_be_printf(struct XenDevice *xendev, int msg_level, const char *fmt, ...)
- GCC_FMT_ATTR(3, 4);
-
-/* actual backend drivers */
-extern struct XenDevOps xen_console_ops; /* xen_console.c */
-extern struct XenDevOps xen_kbdmouse_ops; /* xen_framebuffer.c */
-extern struct XenDevOps xen_framebuffer_ops; /* xen_framebuffer.c */
-extern struct XenDevOps xen_blkdev_ops; /* xen_disk.c */
-extern struct XenDevOps xen_netdev_ops; /* xen_nic.c */
-
-void xen_init_display(int domid);
-
-/* configuration (aka xenbus setup) */
-void xen_config_cleanup(void);
-int xen_config_dev_blk(DriveInfo *disk);
-int xen_config_dev_nic(NICInfo *nic);
-int xen_config_dev_vfb(int vdev, const char *type);
-int xen_config_dev_vkbd(int vdev);
-int xen_config_dev_console(int vdev);
-
-#endif /* QEMU_HW_XEN_BACKEND_H */
diff --git a/hw/xen_common.h b/hw/xen_common.h
deleted file mode 100644
index 727757afb..000000000
--- a/hw/xen_common.h
+++ /dev/null
@@ -1,160 +0,0 @@
-#ifndef QEMU_HW_XEN_COMMON_H
-#define QEMU_HW_XEN_COMMON_H 1
-
-#include "config-host.h"
-
-#include <stddef.h>
-#include <inttypes.h>
-
-#include <xenctrl.h>
-#if CONFIG_XEN_CTRL_INTERFACE_VERSION < 420
-# include <xs.h>
-#else
-# include <xenstore.h>
-#endif
-#include <xen/io/xenbus.h>
-
-#include "hw.h"
-#include "xen.h"
-#include "qemu-queue.h"
-
-/*
- * We don't support Xen prior to 3.3.0.
- */
-
-/* Xen before 4.0 */
-#if CONFIG_XEN_CTRL_INTERFACE_VERSION < 400
-static inline void *xc_map_foreign_bulk(int xc_handle, uint32_t dom, int prot,
- xen_pfn_t *arr, int *err,
- unsigned int num)
-{
- return xc_map_foreign_batch(xc_handle, dom, prot, arr, num);
-}
-#endif
-
-
-/* Xen before 4.1 */
-#if CONFIG_XEN_CTRL_INTERFACE_VERSION < 410
-
-typedef int XenXC;
-typedef int XenEvtchn;
-typedef int XenGnttab;
-
-# define XC_INTERFACE_FMT "%i"
-# define XC_HANDLER_INITIAL_VALUE -1
-
-static inline XenEvtchn xen_xc_evtchn_open(void *logger,
- unsigned int open_flags)
-{
- return xc_evtchn_open();
-}
-
-static inline XenGnttab xen_xc_gnttab_open(void *logger,
- unsigned int open_flags)
-{
- return xc_gnttab_open();
-}
-
-static inline XenXC xen_xc_interface_open(void *logger, void *dombuild_logger,
- unsigned int open_flags)
-{
- return xc_interface_open();
-}
-
-static inline int xc_fd(int xen_xc)
-{
- return xen_xc;
-}
-
-
-static inline int xc_domain_populate_physmap_exact
- (XenXC xc_handle, uint32_t domid, unsigned long nr_extents,
- unsigned int extent_order, unsigned int mem_flags, xen_pfn_t *extent_start)
-{
- return xc_domain_memory_populate_physmap
- (xc_handle, domid, nr_extents, extent_order, mem_flags, extent_start);
-}
-
-static inline int xc_domain_add_to_physmap(int xc_handle, uint32_t domid,
- unsigned int space, unsigned long idx,
- xen_pfn_t gpfn)
-{
- struct xen_add_to_physmap xatp = {
- .domid = domid,
- .space = space,
- .idx = idx,
- .gpfn = gpfn,
- };
-
- return xc_memory_op(xc_handle, XENMEM_add_to_physmap, &xatp);
-}
-
-static inline struct xs_handle *xs_open(unsigned long flags)
-{
- return xs_daemon_open();
-}
-
-static inline void xs_close(struct xs_handle *xsh)
-{
- if (xsh != NULL) {
- xs_daemon_close(xsh);
- }
-}
-
-
-/* Xen 4.1 */
-#else
-
-typedef xc_interface *XenXC;
-typedef xc_evtchn *XenEvtchn;
-typedef xc_gnttab *XenGnttab;
-
-# define XC_INTERFACE_FMT "%p"
-# define XC_HANDLER_INITIAL_VALUE NULL
-
-static inline XenEvtchn xen_xc_evtchn_open(void *logger,
- unsigned int open_flags)
-{
- return xc_evtchn_open(logger, open_flags);
-}
-
-static inline XenGnttab xen_xc_gnttab_open(void *logger,
- unsigned int open_flags)
-{
- return xc_gnttab_open(logger, open_flags);
-}
-
-static inline XenXC xen_xc_interface_open(void *logger, void *dombuild_logger,
- unsigned int open_flags)
-{
- return xc_interface_open(logger, dombuild_logger, open_flags);
-}
-
-/* FIXME There is now way to have the xen fd */
-static inline int xc_fd(xc_interface *xen_xc)
-{
- return -1;
-}
-#endif
-
-/* Xen before 4.2 */
-#if CONFIG_XEN_CTRL_INTERFACE_VERSION < 420
-static inline int xen_xc_hvm_inject_msi(XenXC xen_xc, domid_t dom,
- uint64_t addr, uint32_t data)
-{
- return -ENOSYS;
-}
-#else
-static inline int xen_xc_hvm_inject_msi(XenXC xen_xc, domid_t dom,
- uint64_t addr, uint32_t data)
-{
- return xc_hvm_inject_msi(xen_xc, dom, addr, data);
-}
-#endif
-
-void destroy_hvm_domain(bool reboot);
-
-/* shutdown/destroy current domain because of an error */
-void xen_shutdown_fatal_error(const char *fmt, ...) GCC_FMT_ATTR(1, 2);
-
-#endif /* QEMU_HW_XEN_COMMON_H */
diff --git a/hw/xen_console.c b/hw/xen_console.c
deleted file mode 100644
index 9426d7374..000000000
--- a/hw/xen_console.c
+++ /dev/null
@@ -1,281 +0,0 @@
-/*
- * Copyright (C) International Business Machines Corp., 2005
- * Author(s): Anthony Liguori <aliguori@us.ibm.com>
- *
- * Copyright (C) Red Hat 2007
- *
- * Xen Console
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; under version 2 of the License.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, see <http://www.gnu.org/licenses/>.
- */
-
-#include <stdlib.h>
-#include <errno.h>
-#include <string.h>
-#include <sys/select.h>
-#include <fcntl.h>
-#include <unistd.h>
-#include <termios.h>
-#include <stdarg.h>
-#include <sys/mman.h>
-
-#include "hw.h"
-#include "qemu-char.h"
-#include "xen_backend.h"
-
-#include <xen/io/console.h>
-
-struct buffer {
- uint8_t *data;
- size_t consumed;
- size_t size;
- size_t capacity;
- size_t max_capacity;
-};
-
-struct XenConsole {
- struct XenDevice xendev; /* must be first */
- struct buffer buffer;
- char console[XEN_BUFSIZE];
- int ring_ref;
- void *sring;
- CharDriverState *chr;
- int backlog;
-};
-
-static void buffer_append(struct XenConsole *con)
-{
- struct buffer *buffer = &con->buffer;
- XENCONS_RING_IDX cons, prod, size;
- struct xencons_interface *intf = con->sring;
-
- cons = intf->out_cons;
- prod = intf->out_prod;
- xen_mb();
-
- size = prod - cons;
- if ((size == 0) || (size > sizeof(intf->out)))
- return;
-
- if ((buffer->capacity - buffer->size) < size) {
- buffer->capacity += (size + 1024);
- buffer->data = g_realloc(buffer->data, buffer->capacity);
- }
-
- while (cons != prod)
- buffer->data[buffer->size++] = intf->out[
- MASK_XENCONS_IDX(cons++, intf->out)];
-
- xen_mb();
- intf->out_cons = cons;
- xen_be_send_notify(&con->xendev);
-
- if (buffer->max_capacity &&
- buffer->size > buffer->max_capacity) {
- /* Discard the middle of the data. */
-
- size_t over = buffer->size - buffer->max_capacity;
- uint8_t *maxpos = buffer->data + buffer->max_capacity;
-
- memmove(maxpos - over, maxpos, over);
- buffer->data = g_realloc(buffer->data, buffer->max_capacity);
- buffer->size = buffer->capacity = buffer->max_capacity;
-
- if (buffer->consumed > buffer->max_capacity - over)
- buffer->consumed = buffer->max_capacity - over;
- }
-}
-
-static void buffer_advance(struct buffer *buffer, size_t len)
-{
- buffer->consumed += len;
- if (buffer->consumed == buffer->size) {
- buffer->consumed = 0;
- buffer->size = 0;
- }
-}
-
-static int ring_free_bytes(struct XenConsole *con)
-{
- struct xencons_interface *intf = con->sring;
- XENCONS_RING_IDX cons, prod, space;
-
- cons = intf->in_cons;
- prod = intf->in_prod;
- xen_mb();
-
- space = prod - cons;
- if (space > sizeof(intf->in))
- return 0; /* ring is screwed: ignore it */
-
- return (sizeof(intf->in) - space);
-}
-
-static int xencons_can_receive(void *opaque)
-{
- struct XenConsole *con = opaque;
- return ring_free_bytes(con);
-}
-
-static void xencons_receive(void *opaque, const uint8_t *buf, int len)
-{
- struct XenConsole *con = opaque;
- struct xencons_interface *intf = con->sring;
- XENCONS_RING_IDX prod;
- int i, max;
-
- max = ring_free_bytes(con);
- /* The can_receive() func limits this, but check again anyway */
- if (max < len)
- len = max;
-
- prod = intf->in_prod;
- for (i = 0; i < len; i++) {
- intf->in[MASK_XENCONS_IDX(prod++, intf->in)] =
- buf[i];
- }
- xen_wmb();
- intf->in_prod = prod;
- xen_be_send_notify(&con->xendev);
-}
-
-static void xencons_send(struct XenConsole *con)
-{
- ssize_t len, size;
-
- size = con->buffer.size - con->buffer.consumed;
- if (con->chr)
- len = qemu_chr_fe_write(con->chr, con->buffer.data + con->buffer.consumed,
- size);
- else
- len = size;
- if (len < 1) {
- if (!con->backlog) {
- con->backlog = 1;
- xen_be_printf(&con->xendev, 1, "backlog piling up, nobody listening?\n");
- }
- } else {
- buffer_advance(&con->buffer, len);
- if (con->backlog && len == size) {
- con->backlog = 0;
- xen_be_printf(&con->xendev, 1, "backlog is gone\n");
- }
- }
-}
-
-/* -------------------------------------------------------------------- */
-
-static int con_init(struct XenDevice *xendev)
-{
- struct XenConsole *con = container_of(xendev, struct XenConsole, xendev);
- char *type, *dom, label[32];
- int ret = 0;
- const char *output;
-
- /* setup */
- dom = xs_get_domain_path(xenstore, con->xendev.dom);
- snprintf(con->console, sizeof(con->console), "%s/console", dom);
- free(dom);
-
- type = xenstore_read_str(con->console, "type");
- if (!type || strcmp(type, "ioemu") != 0) {
- xen_be_printf(xendev, 1, "not for me (type=%s)\n", type);
- ret = -1;
- goto out;
- }
-
- output = xenstore_read_str(con->console, "output");
-
- /* no Xen override, use qemu output device */
- if (output == NULL) {
- con->chr = serial_hds[con->xendev.dev];
- } else {
- snprintf(label, sizeof(label), "xencons%d", con->xendev.dev);
- con->chr = qemu_chr_new(label, output, NULL);
- }
-
- xenstore_store_pv_console_info(con->xendev.dev, con->chr);
-
-out:
- g_free(type);
- return ret;
-}
-
-static int con_initialise(struct XenDevice *xendev)
-{
- struct XenConsole *con = container_of(xendev, struct XenConsole, xendev);
- int limit;
-
- if (xenstore_read_int(con->console, "ring-ref", &con->ring_ref) == -1)
- return -1;
- if (xenstore_read_int(con->console, "port", &con->xendev.remote_port) == -1)
- return -1;
- if (xenstore_read_int(con->console, "limit", &limit) == 0)
- con->buffer.max_capacity = limit;
-
- con->sring = xc_map_foreign_range(xen_xc, con->xendev.dom,
- XC_PAGE_SIZE,
- PROT_READ|PROT_WRITE,
- con->ring_ref);
- if (!con->sring)
- return -1;
-
- xen_be_bind_evtchn(&con->xendev);
- if (con->chr)
- qemu_chr_add_handlers(con->chr, xencons_can_receive, xencons_receive,
- NULL, con);
-
- xen_be_printf(xendev, 1, "ring mfn %d, remote port %d, local port %d, limit %zd\n",
- con->ring_ref,
- con->xendev.remote_port,
- con->xendev.local_port,
- con->buffer.max_capacity);
- return 0;
-}
-
-static void con_disconnect(struct XenDevice *xendev)
-{
- struct XenConsole *con = container_of(xendev, struct XenConsole, xendev);
-
- if (!xendev->dev) {
- return;
- }
- if (con->chr)
- qemu_chr_add_handlers(con->chr, NULL, NULL, NULL, NULL);
- xen_be_unbind_evtchn(&con->xendev);
-
- if (con->sring) {
- munmap(con->sring, XC_PAGE_SIZE);
- con->sring = NULL;
- }
-}
-
-static void con_event(struct XenDevice *xendev)
-{
- struct XenConsole *con = container_of(xendev, struct XenConsole, xendev);
-
- buffer_append(con);
- if (con->buffer.size - con->buffer.consumed)
- xencons_send(con);
-}
-
-/* -------------------------------------------------------------------- */
-
-struct XenDevOps xen_console_ops = {
- .size = sizeof(struct XenConsole),
- .flags = DEVOPS_FLAG_IGNORE_STATE,
- .init = con_init,
- .initialise = con_initialise,
- .event = con_event,
- .disconnect = con_disconnect,
-};
diff --git a/hw/xen_devconfig.c b/hw/xen_devconfig.c
deleted file mode 100644
index d83e8d0f6..000000000
--- a/hw/xen_devconfig.c
+++ /dev/null
@@ -1,174 +0,0 @@
-#include "xen_backend.h"
-#include "blockdev.h"
-
-/* ------------------------------------------------------------- */
-
-struct xs_dirs {
- char *xs_dir;
- QTAILQ_ENTRY(xs_dirs) list;
-};
-static QTAILQ_HEAD(xs_dirs_head, xs_dirs) xs_cleanup = QTAILQ_HEAD_INITIALIZER(xs_cleanup);
-
-static void xen_config_cleanup_dir(char *dir)
-{
- struct xs_dirs *d;
-
- d = g_malloc(sizeof(*d));
- d->xs_dir = dir;
- QTAILQ_INSERT_TAIL(&xs_cleanup, d, list);
-}
-
-void xen_config_cleanup(void)
-{
- struct xs_dirs *d;
-
- QTAILQ_FOREACH(d, &xs_cleanup, list) {
- xs_rm(xenstore, 0, d->xs_dir);
- }
-}
-
-/* ------------------------------------------------------------- */
-
-static int xen_config_dev_mkdir(char *dev, int p)
-{
- struct xs_permissions perms[2] = {{
- .id = 0, /* set owner: dom0 */
- },{
- .id = xen_domid,
- .perms = p,
- }};
-
- if (!xs_mkdir(xenstore, 0, dev)) {
- xen_be_printf(NULL, 0, "xs_mkdir %s: failed\n", dev);
- return -1;
- }
- xen_config_cleanup_dir(g_strdup(dev));
-
- if (!xs_set_permissions(xenstore, 0, dev, perms, 2)) {
- xen_be_printf(NULL, 0, "xs_set_permissions %s: failed\n", dev);
- return -1;
- }
- return 0;
-}
-
-static int xen_config_dev_dirs(const char *ftype, const char *btype, int vdev,
- char *fe, char *be, int len)
-{
- char *dom;
-
- dom = xs_get_domain_path(xenstore, xen_domid);
- snprintf(fe, len, "%s/device/%s/%d", dom, ftype, vdev);
- free(dom);
-
- dom = xs_get_domain_path(xenstore, 0);
- snprintf(be, len, "%s/backend/%s/%d/%d", dom, btype, xen_domid, vdev);
- free(dom);
-
- xen_config_dev_mkdir(fe, XS_PERM_READ | XS_PERM_WRITE);
- xen_config_dev_mkdir(be, XS_PERM_READ);
- return 0;
-}
-
-static int xen_config_dev_all(char *fe, char *be)
-{
- /* frontend */
- if (xen_protocol)
- xenstore_write_str(fe, "protocol", xen_protocol);
-
- xenstore_write_int(fe, "state", XenbusStateInitialising);
- xenstore_write_int(fe, "backend-id", 0);
- xenstore_write_str(fe, "backend", be);
-
- /* backend */
- xenstore_write_str(be, "domain", qemu_name ? qemu_name : "no-name");
- xenstore_write_int(be, "online", 1);
- xenstore_write_int(be, "state", XenbusStateInitialising);
- xenstore_write_int(be, "frontend-id", xen_domid);
- xenstore_write_str(be, "frontend", fe);
-
- return 0;
-}
-
-/* ------------------------------------------------------------- */
-
-int xen_config_dev_blk(DriveInfo *disk)
-{
- char fe[256], be[256], device_name[32];
- int vdev = 202 * 256 + 16 * disk->unit;
- int cdrom = disk->media_cd;
- const char *devtype = cdrom ? "cdrom" : "disk";
- const char *mode = cdrom ? "r" : "w";
- const char *filename = qemu_opt_get(disk->opts, "file");
-
- snprintf(device_name, sizeof(device_name), "xvd%c", 'a' + disk->unit);
- xen_be_printf(NULL, 1, "config disk %d [%s]: %s\n",
- disk->unit, device_name, filename);
- xen_config_dev_dirs("vbd", "qdisk", vdev, fe, be, sizeof(fe));
-
- /* frontend */
- xenstore_write_int(fe, "virtual-device", vdev);
- xenstore_write_str(fe, "device-type", devtype);
-
- /* backend */
- xenstore_write_str(be, "dev", device_name);
- xenstore_write_str(be, "type", "file");
- xenstore_write_str(be, "params", filename);
- xenstore_write_str(be, "mode", mode);
-
- /* common stuff */
- return xen_config_dev_all(fe, be);
-}
-
-int xen_config_dev_nic(NICInfo *nic)
-{
- char fe[256], be[256];
- char mac[20];
- int vlan_id = -1;
-
- net_hub_id_for_client(nic->netdev, &vlan_id);
- snprintf(mac, sizeof(mac), "%02x:%02x:%02x:%02x:%02x:%02x",
- nic->macaddr.a[0], nic->macaddr.a[1], nic->macaddr.a[2],
- nic->macaddr.a[3], nic->macaddr.a[4], nic->macaddr.a[5]);
- xen_be_printf(NULL, 1, "config nic %d: mac=\"%s\"\n", vlan_id, mac);
- xen_config_dev_dirs("vif", "qnic", vlan_id, fe, be, sizeof(fe));
-
- /* frontend */
- xenstore_write_int(fe, "handle", vlan_id);
- xenstore_write_str(fe, "mac", mac);
-
- /* backend */
- xenstore_write_int(be, "handle", vlan_id);
- xenstore_write_str(be, "mac", mac);
-
- /* common stuff */
- return xen_config_dev_all(fe, be);
-}
-
-int xen_config_dev_vfb(int vdev, const char *type)
-{
- char fe[256], be[256];
-
- xen_config_dev_dirs("vfb", "vfb", vdev, fe, be, sizeof(fe));
-
- /* backend */
- xenstore_write_str(be, "type", type);
-
- /* common stuff */
- return xen_config_dev_all(fe, be);
-}
-
-int xen_config_dev_vkbd(int vdev)
-{
- char fe[256], be[256];
-
- xen_config_dev_dirs("vkbd", "vkbd", vdev, fe, be, sizeof(fe));
- return xen_config_dev_all(fe, be);
-}
-
-int xen_config_dev_console(int vdev)
-{
- char fe[256], be[256];
-
- xen_config_dev_dirs("console", "console", vdev, fe, be, sizeof(fe));
- return xen_config_dev_all(fe, be);
-}
diff --git a/hw/xen_disk.c b/hw/xen_disk.c
deleted file mode 100644
index e6bb2f20b..000000000
--- a/hw/xen_disk.c
+++ /dev/null
@@ -1,805 +0,0 @@
-/*
- * xen paravirt block device backend
- *
- * (c) Gerd Hoffmann <kraxel@redhat.com>
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; under version 2 of the License.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, see <http://www.gnu.org/licenses/>.
- *
- * Contributions after 2012-01-13 are licensed under the terms of the
- * GNU GPL, version 2 or (at your option) any later version.
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <stdarg.h>
-#include <string.h>
-#include <unistd.h>
-#include <signal.h>
-#include <inttypes.h>
-#include <time.h>
-#include <fcntl.h>
-#include <errno.h>
-#include <sys/ioctl.h>
-#include <sys/types.h>
-#include <sys/stat.h>
-#include <sys/mman.h>
-#include <sys/uio.h>
-
-#include "hw.h"
-#include "qemu-char.h"
-#include "xen_backend.h"
-#include "xen_blkif.h"
-#include "blockdev.h"
-
-/* ------------------------------------------------------------- */
-
-static int batch_maps = 0;
-
-static int max_requests = 32;
-
-/* ------------------------------------------------------------- */
-
-#define BLOCK_SIZE 512
-#define IOCB_COUNT (BLKIF_MAX_SEGMENTS_PER_REQUEST + 2)
-
-struct ioreq {
- blkif_request_t req;
- int16_t status;
-
- /* parsed request */
- off_t start;
- QEMUIOVector v;
- int presync;
- int postsync;
- uint8_t mapped;
-
- /* grant mapping */
- uint32_t domids[BLKIF_MAX_SEGMENTS_PER_REQUEST];
- uint32_t refs[BLKIF_MAX_SEGMENTS_PER_REQUEST];
- int prot;
- void *page[BLKIF_MAX_SEGMENTS_PER_REQUEST];
- void *pages;
-
- /* aio status */
- int aio_inflight;
- int aio_errors;
-
- struct XenBlkDev *blkdev;
- QLIST_ENTRY(ioreq) list;
- BlockAcctCookie acct;
-};
-
-struct XenBlkDev {
- struct XenDevice xendev; /* must be first */
- char *params;
- char *mode;
- char *type;
- char *dev;
- char *devtype;
- const char *fileproto;
- const char *filename;
- int ring_ref;
- void *sring;
- int64_t file_blk;
- int64_t file_size;
- int protocol;
- blkif_back_rings_t rings;
- int more_work;
- int cnt_map;
-
- /* request lists */
- QLIST_HEAD(inflight_head, ioreq) inflight;
- QLIST_HEAD(finished_head, ioreq) finished;
- QLIST_HEAD(freelist_head, ioreq) freelist;
- int requests_total;
- int requests_inflight;
- int requests_finished;
-
- /* qemu block driver */
- DriveInfo *dinfo;
- BlockDriverState *bs;
- QEMUBH *bh;
-};
-
-/* ------------------------------------------------------------- */
-
-static struct ioreq *ioreq_start(struct XenBlkDev *blkdev)
-{
- struct ioreq *ioreq = NULL;
-
- if (QLIST_EMPTY(&blkdev->freelist)) {
- if (blkdev->requests_total >= max_requests) {
- goto out;
- }
- /* allocate new struct */
- ioreq = g_malloc0(sizeof(*ioreq));
- ioreq->blkdev = blkdev;
- blkdev->requests_total++;
- qemu_iovec_init(&ioreq->v, BLKIF_MAX_SEGMENTS_PER_REQUEST);
- } else {
- /* get one from freelist */
- ioreq = QLIST_FIRST(&blkdev->freelist);
- QLIST_REMOVE(ioreq, list);
- qemu_iovec_reset(&ioreq->v);
- }
- QLIST_INSERT_HEAD(&blkdev->inflight, ioreq, list);
- blkdev->requests_inflight++;
-
-out:
- return ioreq;
-}
-
-static void ioreq_finish(struct ioreq *ioreq)
-{
- struct XenBlkDev *blkdev = ioreq->blkdev;
-
- QLIST_REMOVE(ioreq, list);
- QLIST_INSERT_HEAD(&blkdev->finished, ioreq, list);
- blkdev->requests_inflight--;
- blkdev->requests_finished++;
-}
-
-static void ioreq_release(struct ioreq *ioreq, bool finish)
-{
- struct XenBlkDev *blkdev = ioreq->blkdev;
-
- QLIST_REMOVE(ioreq, list);
- memset(ioreq, 0, sizeof(*ioreq));
- ioreq->blkdev = blkdev;
- QLIST_INSERT_HEAD(&blkdev->freelist, ioreq, list);
- if (finish) {
- blkdev->requests_finished--;
- } else {
- blkdev->requests_inflight--;
- }
-}
-
-/*
- * translate request into iovec + start offset
- * do sanity checks along the way
- */
-static int ioreq_parse(struct ioreq *ioreq)
-{
- struct XenBlkDev *blkdev = ioreq->blkdev;
- uintptr_t mem;
- size_t len;
- int i;
-
- xen_be_printf(&blkdev->xendev, 3,
- "op %d, nr %d, handle %d, id %" PRId64 ", sector %" PRId64 "\n",
- ioreq->req.operation, ioreq->req.nr_segments,
- ioreq->req.handle, ioreq->req.id, ioreq->req.sector_number);
- switch (ioreq->req.operation) {
- case BLKIF_OP_READ:
- ioreq->prot = PROT_WRITE; /* to memory */
- break;
- case BLKIF_OP_WRITE_BARRIER:
- if (!ioreq->req.nr_segments) {
- ioreq->presync = 1;
- return 0;
- }
- ioreq->presync = ioreq->postsync = 1;
- /* fall through */
- case BLKIF_OP_WRITE:
- ioreq->prot = PROT_READ; /* from memory */
- break;
- default:
- xen_be_printf(&blkdev->xendev, 0, "error: unknown operation (%d)\n",
- ioreq->req.operation);
- goto err;
- };
-
- if (ioreq->req.operation != BLKIF_OP_READ && blkdev->mode[0] != 'w') {
- xen_be_printf(&blkdev->xendev, 0, "error: write req for ro device\n");
- goto err;
- }
-
- ioreq->start = ioreq->req.sector_number * blkdev->file_blk;
- for (i = 0; i < ioreq->req.nr_segments; i++) {
- if (i == BLKIF_MAX_SEGMENTS_PER_REQUEST) {
- xen_be_printf(&blkdev->xendev, 0, "error: nr_segments too big\n");
- goto err;
- }
- if (ioreq->req.seg[i].first_sect > ioreq->req.seg[i].last_sect) {
- xen_be_printf(&blkdev->xendev, 0, "error: first > last sector\n");
- goto err;
- }
- if (ioreq->req.seg[i].last_sect * BLOCK_SIZE >= XC_PAGE_SIZE) {
- xen_be_printf(&blkdev->xendev, 0, "error: page crossing\n");
- goto err;
- }
-
- ioreq->domids[i] = blkdev->xendev.dom;
- ioreq->refs[i] = ioreq->req.seg[i].gref;
-
- mem = ioreq->req.seg[i].first_sect * blkdev->file_blk;
- len = (ioreq->req.seg[i].last_sect - ioreq->req.seg[i].first_sect + 1) * blkdev->file_blk;
- qemu_iovec_add(&ioreq->v, (void*)mem, len);
- }
- if (ioreq->start + ioreq->v.size > blkdev->file_size) {
- xen_be_printf(&blkdev->xendev, 0, "error: access beyond end of file\n");
- goto err;
- }
- return 0;
-
-err:
- ioreq->status = BLKIF_RSP_ERROR;
- return -1;
-}
-
-static void ioreq_unmap(struct ioreq *ioreq)
-{
- XenGnttab gnt = ioreq->blkdev->xendev.gnttabdev;
- int i;
-
- if (ioreq->v.niov == 0 || ioreq->mapped == 0) {
- return;
- }
- if (batch_maps) {
- if (!ioreq->pages) {
- return;
- }
- if (xc_gnttab_munmap(gnt, ioreq->pages, ioreq->v.niov) != 0) {
- xen_be_printf(&ioreq->blkdev->xendev, 0, "xc_gnttab_munmap failed: %s\n",
- strerror(errno));
- }
- ioreq->blkdev->cnt_map -= ioreq->v.niov;
- ioreq->pages = NULL;
- } else {
- for (i = 0; i < ioreq->v.niov; i++) {
- if (!ioreq->page[i]) {
- continue;
- }
- if (xc_gnttab_munmap(gnt, ioreq->page[i], 1) != 0) {
- xen_be_printf(&ioreq->blkdev->xendev, 0, "xc_gnttab_munmap failed: %s\n",
- strerror(errno));
- }
- ioreq->blkdev->cnt_map--;
- ioreq->page[i] = NULL;
- }
- }
- ioreq->mapped = 0;
-}
-
-static int ioreq_map(struct ioreq *ioreq)
-{
- XenGnttab gnt = ioreq->blkdev->xendev.gnttabdev;
- int i;
-
- if (ioreq->v.niov == 0 || ioreq->mapped == 1) {
- return 0;
- }
- if (batch_maps) {
- ioreq->pages = xc_gnttab_map_grant_refs
- (gnt, ioreq->v.niov, ioreq->domids, ioreq->refs, ioreq->prot);
- if (ioreq->pages == NULL) {
- xen_be_printf(&ioreq->blkdev->xendev, 0,
- "can't map %d grant refs (%s, %d maps)\n",
- ioreq->v.niov, strerror(errno), ioreq->blkdev->cnt_map);
- return -1;
- }
- for (i = 0; i < ioreq->v.niov; i++) {
- ioreq->v.iov[i].iov_base = ioreq->pages + i * XC_PAGE_SIZE +
- (uintptr_t)ioreq->v.iov[i].iov_base;
- }
- ioreq->blkdev->cnt_map += ioreq->v.niov;
- } else {
- for (i = 0; i < ioreq->v.niov; i++) {
- ioreq->page[i] = xc_gnttab_map_grant_ref
- (gnt, ioreq->domids[i], ioreq->refs[i], ioreq->prot);
- if (ioreq->page[i] == NULL) {
- xen_be_printf(&ioreq->blkdev->xendev, 0,
- "can't map grant ref %d (%s, %d maps)\n",
- ioreq->refs[i], strerror(errno), ioreq->blkdev->cnt_map);
- ioreq_unmap(ioreq);
- return -1;
- }
- ioreq->v.iov[i].iov_base = ioreq->page[i] + (uintptr_t)ioreq->v.iov[i].iov_base;
- ioreq->blkdev->cnt_map++;
- }
- }
- ioreq->mapped = 1;
- return 0;
-}
-
-static int ioreq_runio_qemu_aio(struct ioreq *ioreq);
-
-static void qemu_aio_complete(void *opaque, int ret)
-{
- struct ioreq *ioreq = opaque;
-
- if (ret != 0) {
- xen_be_printf(&ioreq->blkdev->xendev, 0, "%s I/O error\n",
- ioreq->req.operation == BLKIF_OP_READ ? "read" : "write");
- ioreq->aio_errors++;
- }
-
- ioreq->aio_inflight--;
- if (ioreq->presync) {
- ioreq->presync = 0;
- ioreq_runio_qemu_aio(ioreq);
- return;
- }
- if (ioreq->aio_inflight > 0) {
- return;
- }
- if (ioreq->postsync) {
- ioreq->postsync = 0;
- ioreq->aio_inflight++;
- bdrv_aio_flush(ioreq->blkdev->bs, qemu_aio_complete, ioreq);
- return;
- }
-
- ioreq->status = ioreq->aio_errors ? BLKIF_RSP_ERROR : BLKIF_RSP_OKAY;
- ioreq_unmap(ioreq);
- ioreq_finish(ioreq);
- bdrv_acct_done(ioreq->blkdev->bs, &ioreq->acct);
- qemu_bh_schedule(ioreq->blkdev->bh);
-}
-
-static int ioreq_runio_qemu_aio(struct ioreq *ioreq)
-{
- struct XenBlkDev *blkdev = ioreq->blkdev;
-
- if (ioreq->req.nr_segments && ioreq_map(ioreq) == -1) {
- goto err_no_map;
- }
-
- ioreq->aio_inflight++;
- if (ioreq->presync) {
- bdrv_aio_flush(ioreq->blkdev->bs, qemu_aio_complete, ioreq);
- return 0;
- }
-
- switch (ioreq->req.operation) {
- case BLKIF_OP_READ:
- bdrv_acct_start(blkdev->bs, &ioreq->acct, ioreq->v.size, BDRV_ACCT_READ);
- ioreq->aio_inflight++;
- bdrv_aio_readv(blkdev->bs, ioreq->start / BLOCK_SIZE,
- &ioreq->v, ioreq->v.size / BLOCK_SIZE,
- qemu_aio_complete, ioreq);
- break;
- case BLKIF_OP_WRITE:
- case BLKIF_OP_WRITE_BARRIER:
- if (!ioreq->req.nr_segments) {
- break;
- }
-
- bdrv_acct_start(blkdev->bs, &ioreq->acct, ioreq->v.size, BDRV_ACCT_WRITE);
- ioreq->aio_inflight++;
- bdrv_aio_writev(blkdev->bs, ioreq->start / BLOCK_SIZE,
- &ioreq->v, ioreq->v.size / BLOCK_SIZE,
- qemu_aio_complete, ioreq);
- break;
- default:
- /* unknown operation (shouldn't happen -- parse catches this) */
- goto err;
- }
-
- qemu_aio_complete(ioreq, 0);
-
- return 0;
-
-err:
- ioreq_unmap(ioreq);
-err_no_map:
- ioreq_finish(ioreq);
- ioreq->status = BLKIF_RSP_ERROR;
- return -1;
-}
-
-static int blk_send_response_one(struct ioreq *ioreq)
-{
- struct XenBlkDev *blkdev = ioreq->blkdev;
- int send_notify = 0;
- int have_requests = 0;
- blkif_response_t resp;
- void *dst;
-
- resp.id = ioreq->req.id;
- resp.operation = ioreq->req.operation;
- resp.status = ioreq->status;
-
- /* Place on the response ring for the relevant domain. */
- switch (blkdev->protocol) {
- case BLKIF_PROTOCOL_NATIVE:
- dst = RING_GET_RESPONSE(&blkdev->rings.native, blkdev->rings.native.rsp_prod_pvt);
- break;
- case BLKIF_PROTOCOL_X86_32:
- dst = RING_GET_RESPONSE(&blkdev->rings.x86_32_part,
- blkdev->rings.x86_32_part.rsp_prod_pvt);
- break;
- case BLKIF_PROTOCOL_X86_64:
- dst = RING_GET_RESPONSE(&blkdev->rings.x86_64_part,
- blkdev->rings.x86_64_part.rsp_prod_pvt);
- break;
- default:
- dst = NULL;
- }
- memcpy(dst, &resp, sizeof(resp));
- blkdev->rings.common.rsp_prod_pvt++;
-
- RING_PUSH_RESPONSES_AND_CHECK_NOTIFY(&blkdev->rings.common, send_notify);
- if (blkdev->rings.common.rsp_prod_pvt == blkdev->rings.common.req_cons) {
- /*
- * Tail check for pending requests. Allows frontend to avoid
- * notifications if requests are already in flight (lower
- * overheads and promotes batching).
- */
- RING_FINAL_CHECK_FOR_REQUESTS(&blkdev->rings.common, have_requests);
- } else if (RING_HAS_UNCONSUMED_REQUESTS(&blkdev->rings.common)) {
- have_requests = 1;
- }
-
- if (have_requests) {
- blkdev->more_work++;
- }
- return send_notify;
-}
-
-/* walk finished list, send outstanding responses, free requests */
-static void blk_send_response_all(struct XenBlkDev *blkdev)
-{
- struct ioreq *ioreq;
- int send_notify = 0;
-
- while (!QLIST_EMPTY(&blkdev->finished)) {
- ioreq = QLIST_FIRST(&blkdev->finished);
- send_notify += blk_send_response_one(ioreq);
- ioreq_release(ioreq, true);
- }
- if (send_notify) {
- xen_be_send_notify(&blkdev->xendev);
- }
-}
-
-static int blk_get_request(struct XenBlkDev *blkdev, struct ioreq *ioreq, RING_IDX rc)
-{
- switch (blkdev->protocol) {
- case BLKIF_PROTOCOL_NATIVE:
- memcpy(&ioreq->req, RING_GET_REQUEST(&blkdev->rings.native, rc),
- sizeof(ioreq->req));
- break;
- case BLKIF_PROTOCOL_X86_32:
- blkif_get_x86_32_req(&ioreq->req,
- RING_GET_REQUEST(&blkdev->rings.x86_32_part, rc));
- break;
- case BLKIF_PROTOCOL_X86_64:
- blkif_get_x86_64_req(&ioreq->req,
- RING_GET_REQUEST(&blkdev->rings.x86_64_part, rc));
- break;
- }
- return 0;
-}
-
-static void blk_handle_requests(struct XenBlkDev *blkdev)
-{
- RING_IDX rc, rp;
- struct ioreq *ioreq;
-
- blkdev->more_work = 0;
-
- rc = blkdev->rings.common.req_cons;
- rp = blkdev->rings.common.sring->req_prod;
- xen_rmb(); /* Ensure we see queued requests up to 'rp'. */
-
- blk_send_response_all(blkdev);
- while (rc != rp) {
- /* pull request from ring */
- if (RING_REQUEST_CONS_OVERFLOW(&blkdev->rings.common, rc)) {
- break;
- }
- ioreq = ioreq_start(blkdev);
- if (ioreq == NULL) {
- blkdev->more_work++;
- break;
- }
- blk_get_request(blkdev, ioreq, rc);
- blkdev->rings.common.req_cons = ++rc;
-
- /* parse them */
- if (ioreq_parse(ioreq) != 0) {
- if (blk_send_response_one(ioreq)) {
- xen_be_send_notify(&blkdev->xendev);
- }
- ioreq_release(ioreq, false);
- continue;
- }
-
- ioreq_runio_qemu_aio(ioreq);
- }
-
- if (blkdev->more_work && blkdev->requests_inflight < max_requests) {
- qemu_bh_schedule(blkdev->bh);
- }
-}
-
-/* ------------------------------------------------------------- */
-
-static void blk_bh(void *opaque)
-{
- struct XenBlkDev *blkdev = opaque;
- blk_handle_requests(blkdev);
-}
-
-/*
- * We need to account for the grant allocations requiring contiguous
- * chunks; the worst case number would be
- * max_req * max_seg + (max_req - 1) * (max_seg - 1) + 1,
- * but in order to keep things simple just use
- * 2 * max_req * max_seg.
- */
-#define MAX_GRANTS(max_req, max_seg) (2 * (max_req) * (max_seg))
-
-static void blk_alloc(struct XenDevice *xendev)
-{
- struct XenBlkDev *blkdev = container_of(xendev, struct XenBlkDev, xendev);
-
- QLIST_INIT(&blkdev->inflight);
- QLIST_INIT(&blkdev->finished);
- QLIST_INIT(&blkdev->freelist);
- blkdev->bh = qemu_bh_new(blk_bh, blkdev);
- if (xen_mode != XEN_EMULATE) {
- batch_maps = 1;
- }
- if (xc_gnttab_set_max_grants(xendev->gnttabdev,
- MAX_GRANTS(max_requests, BLKIF_MAX_SEGMENTS_PER_REQUEST)) < 0) {
- xen_be_printf(xendev, 0, "xc_gnttab_set_max_grants failed: %s\n",
- strerror(errno));
- }
-}
-
-static int blk_init(struct XenDevice *xendev)
-{
- struct XenBlkDev *blkdev = container_of(xendev, struct XenBlkDev, xendev);
- int index, qflags, info = 0;
-
- /* read xenstore entries */
- if (blkdev->params == NULL) {
- char *h = NULL;
- blkdev->params = xenstore_read_be_str(&blkdev->xendev, "params");
- if (blkdev->params != NULL) {
- h = strchr(blkdev->params, ':');
- }
- if (h != NULL) {
- blkdev->fileproto = blkdev->params;
- blkdev->filename = h+1;
- *h = 0;
- } else {
- blkdev->fileproto = "<unset>";
- blkdev->filename = blkdev->params;
- }
- }
- if (!strcmp("aio", blkdev->fileproto)) {
- blkdev->fileproto = "raw";
- }
- if (blkdev->mode == NULL) {
- blkdev->mode = xenstore_read_be_str(&blkdev->xendev, "mode");
- }
- if (blkdev->type == NULL) {
- blkdev->type = xenstore_read_be_str(&blkdev->xendev, "type");
- }
- if (blkdev->dev == NULL) {
- blkdev->dev = xenstore_read_be_str(&blkdev->xendev, "dev");
- }
- if (blkdev->devtype == NULL) {
- blkdev->devtype = xenstore_read_be_str(&blkdev->xendev, "device-type");
- }
-
- /* do we have all we need? */
- if (blkdev->params == NULL ||
- blkdev->mode == NULL ||
- blkdev->type == NULL ||
- blkdev->dev == NULL) {
- goto out_error;
- }
-
- /* read-only ? */
- qflags = BDRV_O_NOCACHE | BDRV_O_CACHE_WB | BDRV_O_NATIVE_AIO;
- if (strcmp(blkdev->mode, "w") == 0) {
- qflags |= BDRV_O_RDWR;
- } else {
- info |= VDISK_READONLY;
- }
-
- /* cdrom ? */
- if (blkdev->devtype && !strcmp(blkdev->devtype, "cdrom")) {
- info |= VDISK_CDROM;
- }
-
- /* init qemu block driver */
- index = (blkdev->xendev.dev - 202 * 256) / 16;
- blkdev->dinfo = drive_get(IF_XEN, 0, index);
- if (!blkdev->dinfo) {
- /* setup via xenbus -> create new block driver instance */
- xen_be_printf(&blkdev->xendev, 2, "create new bdrv (xenbus setup)\n");
- blkdev->bs = bdrv_new(blkdev->dev);
- if (blkdev->bs) {
- if (bdrv_open(blkdev->bs, blkdev->filename, qflags,
- bdrv_find_whitelisted_format(blkdev->fileproto)) != 0) {
- bdrv_delete(blkdev->bs);
- blkdev->bs = NULL;
- }
- }
- if (!blkdev->bs) {
- goto out_error;
- }
- } else {
- /* setup via qemu cmdline -> already setup for us */
- xen_be_printf(&blkdev->xendev, 2, "get configured bdrv (cmdline setup)\n");
- blkdev->bs = blkdev->dinfo->bdrv;
- }
- bdrv_attach_dev_nofail(blkdev->bs, blkdev);
- blkdev->file_blk = BLOCK_SIZE;
- blkdev->file_size = bdrv_getlength(blkdev->bs);
- if (blkdev->file_size < 0) {
- xen_be_printf(&blkdev->xendev, 1, "bdrv_getlength: %d (%s) | drv %s\n",
- (int)blkdev->file_size, strerror(-blkdev->file_size),
- bdrv_get_format_name(blkdev->bs) ?: "-");
- blkdev->file_size = 0;
- }
-
- xen_be_printf(xendev, 1, "type \"%s\", fileproto \"%s\", filename \"%s\","
- " size %" PRId64 " (%" PRId64 " MB)\n",
- blkdev->type, blkdev->fileproto, blkdev->filename,
- blkdev->file_size, blkdev->file_size >> 20);
-
- /* fill info */
- xenstore_write_be_int(&blkdev->xendev, "feature-barrier", 1);
- xenstore_write_be_int(&blkdev->xendev, "info", info);
- xenstore_write_be_int(&blkdev->xendev, "sector-size", blkdev->file_blk);
- xenstore_write_be_int(&blkdev->xendev, "sectors",
- blkdev->file_size / blkdev->file_blk);
- return 0;
-
-out_error:
- g_free(blkdev->params);
- blkdev->params = NULL;
- g_free(blkdev->mode);
- blkdev->mode = NULL;
- g_free(blkdev->type);
- blkdev->type = NULL;
- g_free(blkdev->dev);
- blkdev->dev = NULL;
- g_free(blkdev->devtype);
- blkdev->devtype = NULL;
- return -1;
-}
-
-static int blk_connect(struct XenDevice *xendev)
-{
- struct XenBlkDev *blkdev = container_of(xendev, struct XenBlkDev, xendev);
-
- if (xenstore_read_fe_int(&blkdev->xendev, "ring-ref", &blkdev->ring_ref) == -1) {
- return -1;
- }
- if (xenstore_read_fe_int(&blkdev->xendev, "event-channel",
- &blkdev->xendev.remote_port) == -1) {
- return -1;
- }
-
- blkdev->protocol = BLKIF_PROTOCOL_NATIVE;
- if (blkdev->xendev.protocol) {
- if (strcmp(blkdev->xendev.protocol, XEN_IO_PROTO_ABI_X86_32) == 0) {
- blkdev->protocol = BLKIF_PROTOCOL_X86_32;
- }
- if (strcmp(blkdev->xendev.protocol, XEN_IO_PROTO_ABI_X86_64) == 0) {
- blkdev->protocol = BLKIF_PROTOCOL_X86_64;
- }
- }
-
- blkdev->sring = xc_gnttab_map_grant_ref(blkdev->xendev.gnttabdev,
- blkdev->xendev.dom,
- blkdev->ring_ref,
- PROT_READ | PROT_WRITE);
- if (!blkdev->sring) {
- return -1;
- }
- blkdev->cnt_map++;
-
- switch (blkdev->protocol) {
- case BLKIF_PROTOCOL_NATIVE:
- {
- blkif_sring_t *sring_native = blkdev->sring;
- BACK_RING_INIT(&blkdev->rings.native, sring_native, XC_PAGE_SIZE);
- break;
- }
- case BLKIF_PROTOCOL_X86_32:
- {
- blkif_x86_32_sring_t *sring_x86_32 = blkdev->sring;
-
- BACK_RING_INIT(&blkdev->rings.x86_32_part, sring_x86_32, XC_PAGE_SIZE);
- break;
- }
- case BLKIF_PROTOCOL_X86_64:
- {
- blkif_x86_64_sring_t *sring_x86_64 = blkdev->sring;
-
- BACK_RING_INIT(&blkdev->rings.x86_64_part, sring_x86_64, XC_PAGE_SIZE);
- break;
- }
- }
-
- xen_be_bind_evtchn(&blkdev->xendev);
-
- xen_be_printf(&blkdev->xendev, 1, "ok: proto %s, ring-ref %d, "
- "remote port %d, local port %d\n",
- blkdev->xendev.protocol, blkdev->ring_ref,
- blkdev->xendev.remote_port, blkdev->xendev.local_port);
- return 0;
-}
-
-static void blk_disconnect(struct XenDevice *xendev)
-{
- struct XenBlkDev *blkdev = container_of(xendev, struct XenBlkDev, xendev);
-
- if (blkdev->bs) {
- if (!blkdev->dinfo) {
- /* close/delete only if we created it ourself */
- bdrv_close(blkdev->bs);
- bdrv_detach_dev(blkdev->bs, blkdev);
- bdrv_delete(blkdev->bs);
- }
- blkdev->bs = NULL;
- }
- xen_be_unbind_evtchn(&blkdev->xendev);
-
- if (blkdev->sring) {
- xc_gnttab_munmap(blkdev->xendev.gnttabdev, blkdev->sring, 1);
- blkdev->cnt_map--;
- blkdev->sring = NULL;
- }
-}
-
-static int blk_free(struct XenDevice *xendev)
-{
- struct XenBlkDev *blkdev = container_of(xendev, struct XenBlkDev, xendev);
- struct ioreq *ioreq;
-
- if (blkdev->bs || blkdev->sring) {
- blk_disconnect(xendev);
- }
-
- while (!QLIST_EMPTY(&blkdev->freelist)) {
- ioreq = QLIST_FIRST(&blkdev->freelist);
- QLIST_REMOVE(ioreq, list);
- qemu_iovec_destroy(&ioreq->v);
- g_free(ioreq);
- }
-
- g_free(blkdev->params);
- g_free(blkdev->mode);
- g_free(blkdev->type);
- g_free(blkdev->dev);
- g_free(blkdev->devtype);
- qemu_bh_delete(blkdev->bh);
- return 0;
-}
-
-static void blk_event(struct XenDevice *xendev)
-{
- struct XenBlkDev *blkdev = container_of(xendev, struct XenBlkDev, xendev);
-
- qemu_bh_schedule(blkdev->bh);
-}
-
-struct XenDevOps xen_blkdev_ops = {
- .size = sizeof(struct XenBlkDev),
- .flags = DEVOPS_FLAG_NEED_GNTDEV,
- .alloc = blk_alloc,
- .init = blk_init,
- .initialise = blk_connect,
- .disconnect = blk_disconnect,
- .event = blk_event,
- .free = blk_free,
-};
diff --git a/hw/xen_domainbuild.c b/hw/xen_domainbuild.c
deleted file mode 100644
index db1497469..000000000
--- a/hw/xen_domainbuild.c
+++ /dev/null
@@ -1,299 +0,0 @@
-#include <signal.h>
-#include "xen_backend.h"
-#include "xen_domainbuild.h"
-#include "qemu-timer.h"
-#include "qemu-log.h"
-
-#include <xenguest.h>
-
-static int xenstore_domain_mkdir(char *path)
-{
- struct xs_permissions perms_ro[] = {{
- .id = 0, /* set owner: dom0 */
- },{
- .id = xen_domid,
- .perms = XS_PERM_READ,
- }};
- struct xs_permissions perms_rw[] = {{
- .id = 0, /* set owner: dom0 */
- },{
- .id = xen_domid,
- .perms = XS_PERM_READ | XS_PERM_WRITE,
- }};
- const char *writable[] = { "device", "control", "error", NULL };
- char subpath[256];
- int i;
-
- if (!xs_mkdir(xenstore, 0, path)) {
- fprintf(stderr, "%s: xs_mkdir %s: failed\n", __FUNCTION__, path);
- return -1;
- }
- if (!xs_set_permissions(xenstore, 0, path, perms_ro, 2)) {
- fprintf(stderr, "%s: xs_set_permissions failed\n", __FUNCTION__);
- return -1;
- }
-
- for (i = 0; writable[i]; i++) {
- snprintf(subpath, sizeof(subpath), "%s/%s", path, writable[i]);
- if (!xs_mkdir(xenstore, 0, subpath)) {
- fprintf(stderr, "%s: xs_mkdir %s: failed\n", __FUNCTION__, subpath);
- return -1;
- }
- if (!xs_set_permissions(xenstore, 0, subpath, perms_rw, 2)) {
- fprintf(stderr, "%s: xs_set_permissions failed\n", __FUNCTION__);
- return -1;
- }
- }
- return 0;
-}
-
-int xenstore_domain_init1(const char *kernel, const char *ramdisk,
- const char *cmdline)
-{
- char *dom, uuid_string[42], vm[256], path[256];
- int i;
-
- snprintf(uuid_string, sizeof(uuid_string), UUID_FMT,
- qemu_uuid[0], qemu_uuid[1], qemu_uuid[2], qemu_uuid[3],
- qemu_uuid[4], qemu_uuid[5], qemu_uuid[6], qemu_uuid[7],
- qemu_uuid[8], qemu_uuid[9], qemu_uuid[10], qemu_uuid[11],
- qemu_uuid[12], qemu_uuid[13], qemu_uuid[14], qemu_uuid[15]);
- dom = xs_get_domain_path(xenstore, xen_domid);
- snprintf(vm, sizeof(vm), "/vm/%s", uuid_string);
-
- xenstore_domain_mkdir(dom);
-
- xenstore_write_str(vm, "image/ostype", "linux");
- if (kernel)
- xenstore_write_str(vm, "image/kernel", kernel);
- if (ramdisk)
- xenstore_write_str(vm, "image/ramdisk", ramdisk);
- if (cmdline)
- xenstore_write_str(vm, "image/cmdline", cmdline);
-
- /* name + id */
- xenstore_write_str(vm, "name", qemu_name ? qemu_name : "no-name");
- xenstore_write_str(vm, "uuid", uuid_string);
- xenstore_write_str(dom, "name", qemu_name ? qemu_name : "no-name");
- xenstore_write_int(dom, "domid", xen_domid);
- xenstore_write_str(dom, "vm", vm);
-
- /* memory */
- xenstore_write_int(dom, "memory/target", ram_size >> 10); // kB
- xenstore_write_int(vm, "memory", ram_size >> 20); // MB
- xenstore_write_int(vm, "maxmem", ram_size >> 20); // MB
-
- /* cpus */
- for (i = 0; i < smp_cpus; i++) {
- snprintf(path, sizeof(path), "cpu/%d/availability",i);
- xenstore_write_str(dom, path, "online");
- }
- xenstore_write_int(vm, "vcpu_avail", smp_cpus);
- xenstore_write_int(vm, "vcpus", smp_cpus);
-
- /* vnc password */
- xenstore_write_str(vm, "vncpassword", "" /* FIXME */);
-
- free(dom);
- return 0;
-}
-
-int xenstore_domain_init2(int xenstore_port, int xenstore_mfn,
- int console_port, int console_mfn)
-{
- char *dom;
-
- dom = xs_get_domain_path(xenstore, xen_domid);
-
- /* signal new domain */
- xs_introduce_domain(xenstore,
- xen_domid,
- xenstore_mfn,
- xenstore_port);
-
- /* xenstore */
- xenstore_write_int(dom, "store/ring-ref", xenstore_mfn);
- xenstore_write_int(dom, "store/port", xenstore_port);
-
- /* console */
- xenstore_write_str(dom, "console/type", "ioemu");
- xenstore_write_int(dom, "console/limit", 128 * 1024);
- xenstore_write_int(dom, "console/ring-ref", console_mfn);
- xenstore_write_int(dom, "console/port", console_port);
- xen_config_dev_console(0);
-
- free(dom);
- return 0;
-}
-
-/* ------------------------------------------------------------- */
-
-static QEMUTimer *xen_poll;
-
-/* check domain state once per second */
-static void xen_domain_poll(void *opaque)
-{
- struct xc_dominfo info;
- int rc;
-
- rc = xc_domain_getinfo(xen_xc, xen_domid, 1, &info);
- if ((rc != 1) || (info.domid != xen_domid)) {
- qemu_log("xen: domain %d is gone\n", xen_domid);
- goto quit;
- }
- if (info.dying) {
- qemu_log("xen: domain %d is dying (%s%s)\n", xen_domid,
- info.crashed ? "crashed" : "",
- info.shutdown ? "shutdown" : "");
- goto quit;
- }
-
- qemu_mod_timer(xen_poll, qemu_get_clock_ms(rt_clock) + 1000);
- return;
-
-quit:
- qemu_system_shutdown_request();
-}
-
-static int xen_domain_watcher(void)
-{
- int qemu_running = 1;
- int fd[2], i, n, rc;
- char byte;
-
- if (pipe(fd) != 0) {
- qemu_log("%s: Huh? pipe error: %s\n", __FUNCTION__, strerror(errno));
- return -1;
- }
- if (fork() != 0)
- return 0; /* not child */
-
- /* close all file handles, except stdio/out/err,
- * our watch pipe and the xen interface handle */
- n = getdtablesize();
- for (i = 3; i < n; i++) {
- if (i == fd[0])
- continue;
- if (i == xc_fd(xen_xc)) {
- continue;
- }
- close(i);
- }
-
- /* ignore term signals */
- signal(SIGINT, SIG_IGN);
- signal(SIGTERM, SIG_IGN);
-
- /* wait for qemu exiting */
- while (qemu_running) {
- rc = read(fd[0], &byte, 1);
- switch (rc) {
- case -1:
- if (errno == EINTR)
- continue;
- qemu_log("%s: Huh? read error: %s\n", __FUNCTION__, strerror(errno));
- qemu_running = 0;
- break;
- case 0:
- /* EOF -> qemu exited */
- qemu_running = 0;
- break;
- default:
- qemu_log("%s: Huh? data on the watch pipe?\n", __FUNCTION__);
- break;
- }
- }
-
- /* cleanup */
- qemu_log("%s: destroy domain %d\n", __FUNCTION__, xen_domid);
- xc_domain_destroy(xen_xc, xen_domid);
- _exit(0);
-}
-
-/* normal cleanup */
-static void xen_domain_cleanup(void)
-{
- char *dom;
-
- dom = xs_get_domain_path(xenstore, xen_domid);
- if (dom) {
- xs_rm(xenstore, 0, dom);
- free(dom);
- }
- xs_release_domain(xenstore, xen_domid);
-}
-
-int xen_domain_build_pv(const char *kernel, const char *ramdisk,
- const char *cmdline)
-{
- uint32_t ssidref = 0;
- uint32_t flags = 0;
- xen_domain_handle_t uuid;
- unsigned int xenstore_port = 0, console_port = 0;
- unsigned long xenstore_mfn = 0, console_mfn = 0;
- int rc;
-
- memcpy(uuid, qemu_uuid, sizeof(uuid));
- rc = xc_domain_create(xen_xc, ssidref, uuid, flags, &xen_domid);
- if (rc < 0) {
- fprintf(stderr, "xen: xc_domain_create() failed\n");
- goto err;
- }
- qemu_log("xen: created domain %d\n", xen_domid);
- atexit(xen_domain_cleanup);
- if (xen_domain_watcher() == -1) {
- goto err;
- }
-
- xenstore_domain_init1(kernel, ramdisk, cmdline);
-
- rc = xc_domain_max_vcpus(xen_xc, xen_domid, smp_cpus);
- if (rc < 0) {
- fprintf(stderr, "xen: xc_domain_max_vcpus() failed\n");
- goto err;
- }
-
-#if 0
- rc = xc_domain_setcpuweight(xen_xc, xen_domid, 256);
- if (rc < 0) {
- fprintf(stderr, "xen: xc_domain_setcpuweight() failed\n");
- goto err;
- }
-#endif
-
- rc = xc_domain_setmaxmem(xen_xc, xen_domid, ram_size >> 10);
- if (rc < 0) {
- fprintf(stderr, "xen: xc_domain_setmaxmem() failed\n");
- goto err;
- }
-
- xenstore_port = xc_evtchn_alloc_unbound(xen_xc, xen_domid, 0);
- console_port = xc_evtchn_alloc_unbound(xen_xc, xen_domid, 0);
-
- rc = xc_linux_build(xen_xc, xen_domid, ram_size >> 20,
- kernel, ramdisk, cmdline,
- 0, flags,
- xenstore_port, &xenstore_mfn,
- console_port, &console_mfn);
- if (rc < 0) {
- fprintf(stderr, "xen: xc_linux_build() failed\n");
- goto err;
- }
-
- xenstore_domain_init2(xenstore_port, xenstore_mfn,
- console_port, console_mfn);
-
- qemu_log("xen: unpausing domain %d\n", xen_domid);
- rc = xc_domain_unpause(xen_xc, xen_domid);
- if (rc < 0) {
- fprintf(stderr, "xen: xc_domain_unpause() failed\n");
- goto err;
- }
-
- xen_poll = qemu_new_timer_ms(rt_clock, xen_domain_poll, NULL);
- qemu_mod_timer(xen_poll, qemu_get_clock_ms(rt_clock) + 1000);
- return 0;
-
-err:
- return -1;
-}
diff --git a/hw/xen_domainbuild.h b/hw/xen_domainbuild.h
deleted file mode 100644
index dea012186..000000000
--- a/hw/xen_domainbuild.h
+++ /dev/null
@@ -1,13 +0,0 @@
-#ifndef QEMU_HW_XEN_DOMAINBUILD_H
-#define QEMU_HW_XEN_DOMAINBUILD_H 1
-
-#include "xen_common.h"
-
-int xenstore_domain_init1(const char *kernel, const char *ramdisk,
- const char *cmdline);
-int xenstore_domain_init2(int xenstore_port, int xenstore_mfn,
- int console_port, int console_mfn);
-int xen_domain_build_pv(const char *kernel, const char *ramdisk,
- const char *cmdline);
-
-#endif /* QEMU_HW_XEN_DOMAINBUILD_H */
diff --git a/hw/xen_machine_pv.c b/hw/xen_machine_pv.c
deleted file mode 100644
index 426470351..000000000
--- a/hw/xen_machine_pv.c
+++ /dev/null
@@ -1,125 +0,0 @@
-/*
- * QEMU Xen PV Machine
- *
- * Copyright (c) 2007 Red Hat
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
- * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
- * THE SOFTWARE.
- */
-
-#include "hw.h"
-#include "pc.h"
-#include "boards.h"
-#include "xen_backend.h"
-#include "xen_domainbuild.h"
-#include "blockdev.h"
-
-static void xen_init_pv(QEMUMachineInitArgs *args)
-{
- const char *cpu_model = args->cpu_model;
- const char *kernel_filename = args->kernel_filename;
- const char *kernel_cmdline = args->kernel_cmdline;
- const char *initrd_filename = args->initrd_filename;
- X86CPU *cpu;
- CPUX86State *env;
- DriveInfo *dinfo;
- int i;
-
- /* Initialize a dummy CPU */
- if (cpu_model == NULL) {
-#ifdef TARGET_X86_64
- cpu_model = "qemu64";
-#else
- cpu_model = "qemu32";
-#endif
- }
- cpu = cpu_x86_init(cpu_model);
- env = &cpu->env;
- env->halted = 1;
-
- /* Initialize backend core & drivers */
- if (xen_be_init() != 0) {
- fprintf(stderr, "%s: xen backend core setup failed\n", __FUNCTION__);
- exit(1);
- }
-
- switch (xen_mode) {
- case XEN_ATTACH:
- /* nothing to do, xend handles everything */
- break;
- case XEN_CREATE:
- if (xen_domain_build_pv(kernel_filename, initrd_filename,
- kernel_cmdline) < 0) {
- fprintf(stderr, "xen pv domain creation failed\n");
- exit(1);
- }
- break;
- case XEN_EMULATE:
- fprintf(stderr, "xen emulation not implemented (yet)\n");
- exit(1);
- break;
- }
-
- xen_be_register("console", &xen_console_ops);
- xen_be_register("vkbd", &xen_kbdmouse_ops);
- xen_be_register("vfb", &xen_framebuffer_ops);
- xen_be_register("qdisk", &xen_blkdev_ops);
- xen_be_register("qnic", &xen_netdev_ops);
-
- /* configure framebuffer */
- if (xenfb_enabled) {
- xen_config_dev_vfb(0, "vnc");
- xen_config_dev_vkbd(0);
- }
-
- /* configure disks */
- for (i = 0; i < 16; i++) {
- dinfo = drive_get(IF_XEN, 0, i);
- if (!dinfo)
- continue;
- xen_config_dev_blk(dinfo);
- }
-
- /* configure nics */
- for (i = 0; i < nb_nics; i++) {
- if (!nd_table[i].model || 0 != strcmp(nd_table[i].model, "xen"))
- continue;
- xen_config_dev_nic(nd_table + i);
- }
-
- /* config cleanup hook */
- atexit(xen_config_cleanup);
-
- /* setup framebuffer */
- xen_init_display(xen_domid);
-}
-
-static QEMUMachine xenpv_machine = {
- .name = "xenpv",
- .desc = "Xen Para-virtualized PC",
- .init = xen_init_pv,
- .max_cpus = 1,
- .default_machine_opts = "accel=xen",
-};
-
-static void xenpv_machine_init(void)
-{
- qemu_register_machine(&xenpv_machine);
-}
-
-machine_init(xenpv_machine_init);
diff --git a/hw/xen_nic.c b/hw/xen_nic.c
deleted file mode 100644
index cf7d5591b..000000000
--- a/hw/xen_nic.c
+++ /dev/null
@@ -1,439 +0,0 @@
-/*
- * xen paravirt network card backend
- *
- * (c) Gerd Hoffmann <kraxel@redhat.com>
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; under version 2 of the License.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, see <http://www.gnu.org/licenses/>.
- *
- * Contributions after 2012-01-13 are licensed under the terms of the
- * GNU GPL, version 2 or (at your option) any later version.
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <stdarg.h>
-#include <string.h>
-#include <unistd.h>
-#include <signal.h>
-#include <inttypes.h>
-#include <fcntl.h>
-#include <errno.h>
-#include <sys/socket.h>
-#include <sys/ioctl.h>
-#include <sys/types.h>
-#include <sys/stat.h>
-#include <sys/mman.h>
-#include <sys/wait.h>
-
-#include "hw.h"
-#include "net.h"
-#include "net/checksum.h"
-#include "net/util.h"
-#include "qemu-char.h"
-#include "xen_backend.h"
-
-#include <xen/io/netif.h>
-
-/* ------------------------------------------------------------- */
-
-struct XenNetDev {
- struct XenDevice xendev; /* must be first */
- char *mac;
- int tx_work;
- int tx_ring_ref;
- int rx_ring_ref;
- struct netif_tx_sring *txs;
- struct netif_rx_sring *rxs;
- netif_tx_back_ring_t tx_ring;
- netif_rx_back_ring_t rx_ring;
- NICConf conf;
- NICState *nic;
-};
-
-/* ------------------------------------------------------------- */
-
-static void net_tx_response(struct XenNetDev *netdev, netif_tx_request_t *txp, int8_t st)
-{
- RING_IDX i = netdev->tx_ring.rsp_prod_pvt;
- netif_tx_response_t *resp;
- int notify;
-
- resp = RING_GET_RESPONSE(&netdev->tx_ring, i);
- resp->id = txp->id;
- resp->status = st;
-
-#if 0
- if (txp->flags & NETTXF_extra_info) {
- RING_GET_RESPONSE(&netdev->tx_ring, ++i)->status = NETIF_RSP_NULL;
- }
-#endif
-
- netdev->tx_ring.rsp_prod_pvt = ++i;
- RING_PUSH_RESPONSES_AND_CHECK_NOTIFY(&netdev->tx_ring, notify);
- if (notify) {
- xen_be_send_notify(&netdev->xendev);
- }
-
- if (i == netdev->tx_ring.req_cons) {
- int more_to_do;
- RING_FINAL_CHECK_FOR_REQUESTS(&netdev->tx_ring, more_to_do);
- if (more_to_do) {
- netdev->tx_work++;
- }
- }
-}
-
-static void net_tx_error(struct XenNetDev *netdev, netif_tx_request_t *txp, RING_IDX end)
-{
-#if 0
- /*
- * Hmm, why netback fails everything in the ring?
- * Should we do that even when not supporting SG and TSO?
- */
- RING_IDX cons = netdev->tx_ring.req_cons;
-
- do {
- make_tx_response(netif, txp, NETIF_RSP_ERROR);
- if (cons >= end) {
- break;
- }
- txp = RING_GET_REQUEST(&netdev->tx_ring, cons++);
- } while (1);
- netdev->tx_ring.req_cons = cons;
- netif_schedule_work(netif);
- netif_put(netif);
-#else
- net_tx_response(netdev, txp, NETIF_RSP_ERROR);
-#endif
-}
-
-static void net_tx_packets(struct XenNetDev *netdev)
-{
- netif_tx_request_t txreq;
- RING_IDX rc, rp;
- void *page;
- void *tmpbuf = NULL;
-
- for (;;) {
- rc = netdev->tx_ring.req_cons;
- rp = netdev->tx_ring.sring->req_prod;
- xen_rmb(); /* Ensure we see queued requests up to 'rp'. */
-
- while ((rc != rp)) {
- if (RING_REQUEST_CONS_OVERFLOW(&netdev->tx_ring, rc)) {
- break;
- }
- memcpy(&txreq, RING_GET_REQUEST(&netdev->tx_ring, rc), sizeof(txreq));
- netdev->tx_ring.req_cons = ++rc;
-
-#if 1
- /* should not happen in theory, we don't announce the *
- * feature-{sg,gso,whatelse} flags in xenstore (yet?) */
- if (txreq.flags & NETTXF_extra_info) {
- xen_be_printf(&netdev->xendev, 0, "FIXME: extra info flag\n");
- net_tx_error(netdev, &txreq, rc);
- continue;
- }
- if (txreq.flags & NETTXF_more_data) {
- xen_be_printf(&netdev->xendev, 0, "FIXME: more data flag\n");
- net_tx_error(netdev, &txreq, rc);
- continue;
- }
-#endif
-
- if (txreq.size < 14) {
- xen_be_printf(&netdev->xendev, 0, "bad packet size: %d\n", txreq.size);
- net_tx_error(netdev, &txreq, rc);
- continue;
- }
-
- if ((txreq.offset + txreq.size) > XC_PAGE_SIZE) {
- xen_be_printf(&netdev->xendev, 0, "error: page crossing\n");
- net_tx_error(netdev, &txreq, rc);
- continue;
- }
-
- xen_be_printf(&netdev->xendev, 3, "tx packet ref %d, off %d, len %d, flags 0x%x%s%s%s%s\n",
- txreq.gref, txreq.offset, txreq.size, txreq.flags,
- (txreq.flags & NETTXF_csum_blank) ? " csum_blank" : "",
- (txreq.flags & NETTXF_data_validated) ? " data_validated" : "",
- (txreq.flags & NETTXF_more_data) ? " more_data" : "",
- (txreq.flags & NETTXF_extra_info) ? " extra_info" : "");
-
- page = xc_gnttab_map_grant_ref(netdev->xendev.gnttabdev,
- netdev->xendev.dom,
- txreq.gref, PROT_READ);
- if (page == NULL) {
- xen_be_printf(&netdev->xendev, 0, "error: tx gref dereference failed (%d)\n",
- txreq.gref);
- net_tx_error(netdev, &txreq, rc);
- continue;
- }
- if (txreq.flags & NETTXF_csum_blank) {
- /* have read-only mapping -> can't fill checksum in-place */
- if (!tmpbuf) {
- tmpbuf = g_malloc(XC_PAGE_SIZE);
- }
- memcpy(tmpbuf, page + txreq.offset, txreq.size);
- net_checksum_calculate(tmpbuf, txreq.size);
- qemu_send_packet(&netdev->nic->nc, tmpbuf, txreq.size);
- } else {
- qemu_send_packet(&netdev->nic->nc, page + txreq.offset, txreq.size);
- }
- xc_gnttab_munmap(netdev->xendev.gnttabdev, page, 1);
- net_tx_response(netdev, &txreq, NETIF_RSP_OKAY);
- }
- if (!netdev->tx_work) {
- break;
- }
- netdev->tx_work = 0;
- }
- g_free(tmpbuf);
-}
-
-/* ------------------------------------------------------------- */
-
-static void net_rx_response(struct XenNetDev *netdev,
- netif_rx_request_t *req, int8_t st,
- uint16_t offset, uint16_t size,
- uint16_t flags)
-{
- RING_IDX i = netdev->rx_ring.rsp_prod_pvt;
- netif_rx_response_t *resp;
- int notify;
-
- resp = RING_GET_RESPONSE(&netdev->rx_ring, i);
- resp->offset = offset;
- resp->flags = flags;
- resp->id = req->id;
- resp->status = (int16_t)size;
- if (st < 0) {
- resp->status = (int16_t)st;
- }
-
- xen_be_printf(&netdev->xendev, 3, "rx response: idx %d, status %d, flags 0x%x\n",
- i, resp->status, resp->flags);
-
- netdev->rx_ring.rsp_prod_pvt = ++i;
- RING_PUSH_RESPONSES_AND_CHECK_NOTIFY(&netdev->rx_ring, notify);
- if (notify) {
- xen_be_send_notify(&netdev->xendev);
- }
-}
-
-#define NET_IP_ALIGN 2
-
-static int net_rx_ok(NetClientState *nc)
-{
- struct XenNetDev *netdev = DO_UPCAST(NICState, nc, nc)->opaque;
- RING_IDX rc, rp;
-
- if (netdev->xendev.be_state != XenbusStateConnected) {
- return 0;
- }
-
- rc = netdev->rx_ring.req_cons;
- rp = netdev->rx_ring.sring->req_prod;
- xen_rmb();
-
- if (rc == rp || RING_REQUEST_CONS_OVERFLOW(&netdev->rx_ring, rc)) {
- xen_be_printf(&netdev->xendev, 2, "%s: no rx buffers (%d/%d)\n",
- __FUNCTION__, rc, rp);
- return 0;
- }
- return 1;
-}
-
-static ssize_t net_rx_packet(NetClientState *nc, const uint8_t *buf, size_t size)
-{
- struct XenNetDev *netdev = DO_UPCAST(NICState, nc, nc)->opaque;
- netif_rx_request_t rxreq;
- RING_IDX rc, rp;
- void *page;
-
- if (netdev->xendev.be_state != XenbusStateConnected) {
- return -1;
- }
-
- rc = netdev->rx_ring.req_cons;
- rp = netdev->rx_ring.sring->req_prod;
- xen_rmb(); /* Ensure we see queued requests up to 'rp'. */
-
- if (rc == rp || RING_REQUEST_CONS_OVERFLOW(&netdev->rx_ring, rc)) {
- xen_be_printf(&netdev->xendev, 2, "no buffer, drop packet\n");
- return -1;
- }
- if (size > XC_PAGE_SIZE - NET_IP_ALIGN) {
- xen_be_printf(&netdev->xendev, 0, "packet too big (%lu > %ld)",
- (unsigned long)size, XC_PAGE_SIZE - NET_IP_ALIGN);
- return -1;
- }
-
- memcpy(&rxreq, RING_GET_REQUEST(&netdev->rx_ring, rc), sizeof(rxreq));
- netdev->rx_ring.req_cons = ++rc;
-
- page = xc_gnttab_map_grant_ref(netdev->xendev.gnttabdev,
- netdev->xendev.dom,
- rxreq.gref, PROT_WRITE);
- if (page == NULL) {
- xen_be_printf(&netdev->xendev, 0, "error: rx gref dereference failed (%d)\n",
- rxreq.gref);
- net_rx_response(netdev, &rxreq, NETIF_RSP_ERROR, 0, 0, 0);
- return -1;
- }
- memcpy(page + NET_IP_ALIGN, buf, size);
- xc_gnttab_munmap(netdev->xendev.gnttabdev, page, 1);
- net_rx_response(netdev, &rxreq, NETIF_RSP_OKAY, NET_IP_ALIGN, size, 0);
-
- return size;
-}
-
-/* ------------------------------------------------------------- */
-
-static NetClientInfo net_xen_info = {
- .type = NET_CLIENT_OPTIONS_KIND_NIC,
- .size = sizeof(NICState),
- .can_receive = net_rx_ok,
- .receive = net_rx_packet,
-};
-
-static int net_init(struct XenDevice *xendev)
-{
- struct XenNetDev *netdev = container_of(xendev, struct XenNetDev, xendev);
-
- /* read xenstore entries */
- if (netdev->mac == NULL) {
- netdev->mac = xenstore_read_be_str(&netdev->xendev, "mac");
- }
-
- /* do we have all we need? */
- if (netdev->mac == NULL) {
- return -1;
- }
-
- if (net_parse_macaddr(netdev->conf.macaddr.a, netdev->mac) < 0) {
- return -1;
- }
-
- netdev->conf.peer = NULL;
-
- netdev->nic = qemu_new_nic(&net_xen_info, &netdev->conf,
- "xen", NULL, netdev);
-
- snprintf(netdev->nic->nc.info_str, sizeof(netdev->nic->nc.info_str),
- "nic: xenbus vif macaddr=%s", netdev->mac);
-
- /* fill info */
- xenstore_write_be_int(&netdev->xendev, "feature-rx-copy", 1);
- xenstore_write_be_int(&netdev->xendev, "feature-rx-flip", 0);
-
- return 0;
-}
-
-static int net_connect(struct XenDevice *xendev)
-{
- struct XenNetDev *netdev = container_of(xendev, struct XenNetDev, xendev);
- int rx_copy;
-
- if (xenstore_read_fe_int(&netdev->xendev, "tx-ring-ref",
- &netdev->tx_ring_ref) == -1) {
- return -1;
- }
- if (xenstore_read_fe_int(&netdev->xendev, "rx-ring-ref",
- &netdev->rx_ring_ref) == -1) {
- return 1;
- }
- if (xenstore_read_fe_int(&netdev->xendev, "event-channel",
- &netdev->xendev.remote_port) == -1) {
- return -1;
- }
-
- if (xenstore_read_fe_int(&netdev->xendev, "request-rx-copy", &rx_copy) == -1) {
- rx_copy = 0;
- }
- if (rx_copy == 0) {
- xen_be_printf(&netdev->xendev, 0, "frontend doesn't support rx-copy.\n");
- return -1;
- }
-
- netdev->txs = xc_gnttab_map_grant_ref(netdev->xendev.gnttabdev,
- netdev->xendev.dom,
- netdev->tx_ring_ref,
- PROT_READ | PROT_WRITE);
- netdev->rxs = xc_gnttab_map_grant_ref(netdev->xendev.gnttabdev,
- netdev->xendev.dom,
- netdev->rx_ring_ref,
- PROT_READ | PROT_WRITE);
- if (!netdev->txs || !netdev->rxs) {
- return -1;
- }
- BACK_RING_INIT(&netdev->tx_ring, netdev->txs, XC_PAGE_SIZE);
- BACK_RING_INIT(&netdev->rx_ring, netdev->rxs, XC_PAGE_SIZE);
-
- xen_be_bind_evtchn(&netdev->xendev);
-
- xen_be_printf(&netdev->xendev, 1, "ok: tx-ring-ref %d, rx-ring-ref %d, "
- "remote port %d, local port %d\n",
- netdev->tx_ring_ref, netdev->rx_ring_ref,
- netdev->xendev.remote_port, netdev->xendev.local_port);
-
- net_tx_packets(netdev);
- return 0;
-}
-
-static void net_disconnect(struct XenDevice *xendev)
-{
- struct XenNetDev *netdev = container_of(xendev, struct XenNetDev, xendev);
-
- xen_be_unbind_evtchn(&netdev->xendev);
-
- if (netdev->txs) {
- xc_gnttab_munmap(netdev->xendev.gnttabdev, netdev->txs, 1);
- netdev->txs = NULL;
- }
- if (netdev->rxs) {
- xc_gnttab_munmap(netdev->xendev.gnttabdev, netdev->rxs, 1);
- netdev->rxs = NULL;
- }
- if (netdev->nic) {
- qemu_del_net_client(&netdev->nic->nc);
- netdev->nic = NULL;
- }
-}
-
-static void net_event(struct XenDevice *xendev)
-{
- struct XenNetDev *netdev = container_of(xendev, struct XenNetDev, xendev);
- net_tx_packets(netdev);
- qemu_flush_queued_packets(&netdev->nic->nc);
-}
-
-static int net_free(struct XenDevice *xendev)
-{
- struct XenNetDev *netdev = container_of(xendev, struct XenNetDev, xendev);
-
- g_free(netdev->mac);
- return 0;
-}
-
-/* ------------------------------------------------------------- */
-
-struct XenDevOps xen_netdev_ops = {
- .size = sizeof(struct XenNetDev),
- .flags = DEVOPS_FLAG_NEED_GNTDEV,
- .init = net_init,
- .initialise = net_connect,
- .event = net_event,
- .disconnect = net_disconnect,
- .free = net_free,
-};
diff --git a/hw/xen_platform.c b/hw/xen_platform.c
deleted file mode 100644
index a54e7a2cd..000000000
--- a/hw/xen_platform.c
+++ /dev/null
@@ -1,436 +0,0 @@
-/*
- * XEN platform pci device, formerly known as the event channel device
- *
- * Copyright (c) 2003-2004 Intel Corp.
- * Copyright (c) 2006 XenSource
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
- * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
- * THE SOFTWARE.
- */
-
-#include <assert.h>
-
-#include "hw.h"
-#include "pc.h"
-#include "pci.h"
-#include "irq.h"
-#include "xen_common.h"
-#include "net.h"
-#include "xen_backend.h"
-#include "trace.h"
-#include "exec-memory.h"
-
-#include <xenguest.h>
-
-//#define DEBUG_PLATFORM
-
-#ifdef DEBUG_PLATFORM
-#define DPRINTF(fmt, ...) do { \
- fprintf(stderr, "xen_platform: " fmt, ## __VA_ARGS__); \
-} while (0)
-#else
-#define DPRINTF(fmt, ...) do { } while (0)
-#endif
-
-#define PFFLAG_ROM_LOCK 1 /* Sets whether ROM memory area is RW or RO */
-
-typedef struct PCIXenPlatformState {
- PCIDevice pci_dev;
- MemoryRegion fixed_io;
- MemoryRegion bar;
- MemoryRegion mmio_bar;
- uint8_t flags; /* used only for version_id == 2 */
- int drivers_blacklisted;
- uint16_t driver_product_version;
-
- /* Log from guest drivers */
- char log_buffer[4096];
- int log_buffer_off;
-} PCIXenPlatformState;
-
-#define XEN_PLATFORM_IOPORT 0x10
-
-/* Send bytes to syslog */
-static void log_writeb(PCIXenPlatformState *s, char val)
-{
- if (val == '\n' || s->log_buffer_off == sizeof(s->log_buffer) - 1) {
- /* Flush buffer */
- s->log_buffer[s->log_buffer_off] = 0;
- trace_xen_platform_log(s->log_buffer);
- s->log_buffer_off = 0;
- } else {
- s->log_buffer[s->log_buffer_off++] = val;
- }
-}
-
-/* Xen Platform, Fixed IOPort */
-#define UNPLUG_ALL_IDE_DISKS 1
-#define UNPLUG_ALL_NICS 2
-#define UNPLUG_AUX_IDE_DISKS 4
-
-static void unplug_nic(PCIBus *b, PCIDevice *d, void *o)
-{
- /* We have to ignore passthrough devices */
- if (pci_get_word(d->config + PCI_CLASS_DEVICE) ==
- PCI_CLASS_NETWORK_ETHERNET
- && strcmp(d->name, "xen-pci-passthrough") != 0) {
- qdev_free(&d->qdev);
- }
-}
-
-static void pci_unplug_nics(PCIBus *bus)
-{
- pci_for_each_device(bus, 0, unplug_nic, NULL);
-}
-
-static void unplug_disks(PCIBus *b, PCIDevice *d, void *o)
-{
- /* We have to ignore passthrough devices */
- if (pci_get_word(d->config + PCI_CLASS_DEVICE) ==
- PCI_CLASS_STORAGE_IDE
- && strcmp(d->name, "xen-pci-passthrough") != 0) {
- qdev_unplug(&(d->qdev), NULL);
- }
-}
-
-static void pci_unplug_disks(PCIBus *bus)
-{
- pci_for_each_device(bus, 0, unplug_disks, NULL);
-}
-
-static void platform_fixed_ioport_writew(void *opaque, uint32_t addr, uint32_t val)
-{
- PCIXenPlatformState *s = opaque;
-
- switch (addr) {
- case 0:
- /* Unplug devices. Value is a bitmask of which devices to
- unplug, with bit 0 the IDE devices, bit 1 the network
- devices, and bit 2 the non-primary-master IDE devices. */
- if (val & UNPLUG_ALL_IDE_DISKS) {
- DPRINTF("unplug disks\n");
- bdrv_drain_all();
- bdrv_flush_all();
- pci_unplug_disks(s->pci_dev.bus);
- }
- if (val & UNPLUG_ALL_NICS) {
- DPRINTF("unplug nics\n");
- pci_unplug_nics(s->pci_dev.bus);
- }
- if (val & UNPLUG_AUX_IDE_DISKS) {
- DPRINTF("unplug auxiliary disks not supported\n");
- }
- break;
- case 2:
- switch (val) {
- case 1:
- DPRINTF("Citrix Windows PV drivers loaded in guest\n");
- break;
- case 0:
- DPRINTF("Guest claimed to be running PV product 0?\n");
- break;
- default:
- DPRINTF("Unknown PV product %d loaded in guest\n", val);
- break;
- }
- s->driver_product_version = val;
- break;
- }
-}
-
-static void platform_fixed_ioport_writel(void *opaque, uint32_t addr,
- uint32_t val)
-{
- switch (addr) {
- case 0:
- /* PV driver version */
- break;
- }
-}
-
-static void platform_fixed_ioport_writeb(void *opaque, uint32_t addr, uint32_t val)
-{
- PCIXenPlatformState *s = opaque;
-
- switch (addr) {
- case 0: /* Platform flags */ {
- hvmmem_type_t mem_type = (val & PFFLAG_ROM_LOCK) ?
- HVMMEM_ram_ro : HVMMEM_ram_rw;
- if (xc_hvm_set_mem_type(xen_xc, xen_domid, mem_type, 0xc0, 0x40)) {
- DPRINTF("unable to change ro/rw state of ROM memory area!\n");
- } else {
- s->flags = val & PFFLAG_ROM_LOCK;
- DPRINTF("changed ro/rw state of ROM memory area. now is %s state.\n",
- (mem_type == HVMMEM_ram_ro ? "ro":"rw"));
- }
- break;
- }
- case 2:
- log_writeb(s, val);
- break;
- }
-}
-
-static uint32_t platform_fixed_ioport_readw(void *opaque, uint32_t addr)
-{
- PCIXenPlatformState *s = opaque;
-
- switch (addr) {
- case 0:
- if (s->drivers_blacklisted) {
- /* The drivers will recognise this magic number and refuse
- * to do anything. */
- return 0xd249;
- } else {
- /* Magic value so that you can identify the interface. */
- return 0x49d2;
- }
- default:
- return 0xffff;
- }
-}
-
-static uint32_t platform_fixed_ioport_readb(void *opaque, uint32_t addr)
-{
- PCIXenPlatformState *s = opaque;
-
- switch (addr) {
- case 0:
- /* Platform flags */
- return s->flags;
- case 2:
- /* Version number */
- return 1;
- default:
- return 0xff;
- }
-}
-
-static void platform_fixed_ioport_reset(void *opaque)
-{
- PCIXenPlatformState *s = opaque;
-
- platform_fixed_ioport_writeb(s, 0, 0);
-}
-
-static uint64_t platform_fixed_ioport_read(void *opaque,
- hwaddr addr,
- unsigned size)
-{
- switch (size) {
- case 1:
- return platform_fixed_ioport_readb(opaque, addr);
- case 2:
- return platform_fixed_ioport_readw(opaque, addr);
- default:
- return -1;
- }
-}
-
-static void platform_fixed_ioport_write(void *opaque, hwaddr addr,
-
- uint64_t val, unsigned size)
-{
- switch (size) {
- case 1:
- platform_fixed_ioport_writeb(opaque, addr, val);
- break;
- case 2:
- platform_fixed_ioport_writew(opaque, addr, val);
- break;
- case 4:
- platform_fixed_ioport_writel(opaque, addr, val);
- break;
- }
-}
-
-
-static const MemoryRegionOps platform_fixed_io_ops = {
- .read = platform_fixed_ioport_read,
- .write = platform_fixed_ioport_write,
- .impl = {
- .min_access_size = 1,
- .max_access_size = 4,
- },
- .endianness = DEVICE_LITTLE_ENDIAN,
-};
-
-static void platform_fixed_ioport_init(PCIXenPlatformState* s)
-{
- memory_region_init_io(&s->fixed_io, &platform_fixed_io_ops, s,
- "xen-fixed", 16);
- memory_region_add_subregion(get_system_io(), XEN_PLATFORM_IOPORT,
- &s->fixed_io);
-}
-
-/* Xen Platform PCI Device */
-
-static uint32_t xen_platform_ioport_readb(void *opaque, uint32_t addr)
-{
- if (addr == 0) {
- return platform_fixed_ioport_readb(opaque, 0);
- } else {
- return ~0u;
- }
-}
-
-static void xen_platform_ioport_writeb(void *opaque, uint32_t addr, uint32_t val)
-{
- PCIXenPlatformState *s = opaque;
-
- switch (addr) {
- case 0: /* Platform flags */
- platform_fixed_ioport_writeb(opaque, 0, val);
- break;
- case 8:
- log_writeb(s, val);
- break;
- default:
- break;
- }
-}
-
-static MemoryRegionPortio xen_pci_portio[] = {
- { 0, 0x100, 1, .read = xen_platform_ioport_readb, },
- { 0, 0x100, 1, .write = xen_platform_ioport_writeb, },
- PORTIO_END_OF_LIST()
-};
-
-static const MemoryRegionOps xen_pci_io_ops = {
- .old_portio = xen_pci_portio,
-};
-
-static void platform_ioport_bar_setup(PCIXenPlatformState *d)
-{
- memory_region_init_io(&d->bar, &xen_pci_io_ops, d, "xen-pci", 0x100);
-}
-
-static uint64_t platform_mmio_read(void *opaque, hwaddr addr,
- unsigned size)
-{
- DPRINTF("Warning: attempted read from physical address "
- "0x" TARGET_FMT_plx " in xen platform mmio space\n", addr);
-
- return 0;
-}
-
-static void platform_mmio_write(void *opaque, hwaddr addr,
- uint64_t val, unsigned size)
-{
- DPRINTF("Warning: attempted write of 0x%"PRIx64" to physical "
- "address 0x" TARGET_FMT_plx " in xen platform mmio space\n",
- val, addr);
-}
-
-static const MemoryRegionOps platform_mmio_handler = {
- .read = &platform_mmio_read,
- .write = &platform_mmio_write,
- .endianness = DEVICE_NATIVE_ENDIAN,
-};
-
-static void platform_mmio_setup(PCIXenPlatformState *d)
-{
- memory_region_init_io(&d->mmio_bar, &platform_mmio_handler, d,
- "xen-mmio", 0x1000000);
-}
-
-static int xen_platform_post_load(void *opaque, int version_id)
-{
- PCIXenPlatformState *s = opaque;
-
- platform_fixed_ioport_writeb(s, 0, s->flags);
-
- return 0;
-}
-
-static const VMStateDescription vmstate_xen_platform = {
- .name = "platform",
- .version_id = 4,
- .minimum_version_id = 4,
- .minimum_version_id_old = 4,
- .post_load = xen_platform_post_load,
- .fields = (VMStateField []) {
- VMSTATE_PCI_DEVICE(pci_dev, PCIXenPlatformState),
- VMSTATE_UINT8(flags, PCIXenPlatformState),
- VMSTATE_END_OF_LIST()
- }
-};
-
-static int xen_platform_initfn(PCIDevice *dev)
-{
- PCIXenPlatformState *d = DO_UPCAST(PCIXenPlatformState, pci_dev, dev);
- uint8_t *pci_conf;
-
- pci_conf = d->pci_dev.config;
-
- pci_set_word(pci_conf + PCI_COMMAND, PCI_COMMAND_IO | PCI_COMMAND_MEMORY);
-
- pci_config_set_prog_interface(pci_conf, 0);
-
- pci_conf[PCI_INTERRUPT_PIN] = 1;
-
- platform_ioport_bar_setup(d);
- pci_register_bar(&d->pci_dev, 0, PCI_BASE_ADDRESS_SPACE_IO, &d->bar);
-
- /* reserve 16MB mmio address for share memory*/
- platform_mmio_setup(d);
- pci_register_bar(&d->pci_dev, 1, PCI_BASE_ADDRESS_MEM_PREFETCH,
- &d->mmio_bar);
-
- platform_fixed_ioport_init(d);
-
- return 0;
-}
-
-static void platform_reset(DeviceState *dev)
-{
- PCIXenPlatformState *s = DO_UPCAST(PCIXenPlatformState, pci_dev.qdev, dev);
-
- platform_fixed_ioport_reset(s);
-}
-
-static void xen_platform_class_init(ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS(klass);
- PCIDeviceClass *k = PCI_DEVICE_CLASS(klass);
-
- k->init = xen_platform_initfn;
- k->vendor_id = PCI_VENDOR_ID_XEN;
- k->device_id = PCI_DEVICE_ID_XEN_PLATFORM;
- k->class_id = PCI_CLASS_OTHERS << 8 | 0x80;
- k->subsystem_vendor_id = PCI_VENDOR_ID_XEN;
- k->subsystem_id = PCI_DEVICE_ID_XEN_PLATFORM;
- k->revision = 1;
- dc->desc = "XEN platform pci device";
- dc->reset = platform_reset;
- dc->vmsd = &vmstate_xen_platform;
-}
-
-static TypeInfo xen_platform_info = {
- .name = "xen-platform",
- .parent = TYPE_PCI_DEVICE,
- .instance_size = sizeof(PCIXenPlatformState),
- .class_init = xen_platform_class_init,
-};
-
-static void xen_platform_register_types(void)
-{
- type_register_static(&xen_platform_info);
-}
-
-type_init(xen_platform_register_types)
diff --git a/hw/xen_pt.c b/hw/xen_pt.c
deleted file mode 100644
index 7a3846e64..000000000
--- a/hw/xen_pt.c
+++ /dev/null
@@ -1,843 +0,0 @@
-/*
- * Copyright (c) 2007, Neocleus Corporation.
- * Copyright (c) 2007, Intel Corporation.
- *
- * This work is licensed under the terms of the GNU GPL, version 2. See
- * the COPYING file in the top-level directory.
- *
- * Alex Novik <alex@neocleus.com>
- * Allen Kay <allen.m.kay@intel.com>
- * Guy Zana <guy@neocleus.com>
- *
- * This file implements direct PCI assignment to a HVM guest
- */
-
-/*
- * Interrupt Disable policy:
- *
- * INTx interrupt:
- * Initialize(register_real_device)
- * Map INTx(xc_physdev_map_pirq):
- * <fail>
- * - Set real Interrupt Disable bit to '1'.
- * - Set machine_irq and assigned_device->machine_irq to '0'.
- * * Don't bind INTx.
- *
- * Bind INTx(xc_domain_bind_pt_pci_irq):
- * <fail>
- * - Set real Interrupt Disable bit to '1'.
- * - Unmap INTx.
- * - Decrement xen_pt_mapped_machine_irq[machine_irq]
- * - Set assigned_device->machine_irq to '0'.
- *
- * Write to Interrupt Disable bit by guest software(xen_pt_cmd_reg_write)
- * Write '0'
- * - Set real bit to '0' if assigned_device->machine_irq isn't '0'.
- *
- * Write '1'
- * - Set real bit to '1'.
- *
- * MSI interrupt:
- * Initialize MSI register(xen_pt_msi_setup, xen_pt_msi_update)
- * Bind MSI(xc_domain_update_msi_irq)
- * <fail>
- * - Unmap MSI.
- * - Set dev->msi->pirq to '-1'.
- *
- * MSI-X interrupt:
- * Initialize MSI-X register(xen_pt_msix_update_one)
- * Bind MSI-X(xc_domain_update_msi_irq)
- * <fail>
- * - Unmap MSI-X.
- * - Set entry->pirq to '-1'.
- */
-
-#include <sys/ioctl.h>
-
-#include "pci.h"
-#include "xen.h"
-#include "xen_backend.h"
-#include "xen_pt.h"
-#include "range.h"
-#include "exec-memory.h"
-
-#define XEN_PT_NR_IRQS (256)
-static uint8_t xen_pt_mapped_machine_irq[XEN_PT_NR_IRQS] = {0};
-
-void xen_pt_log(const PCIDevice *d, const char *f, ...)
-{
- va_list ap;
-
- va_start(ap, f);
- if (d) {
- fprintf(stderr, "[%02x:%02x.%d] ", pci_bus_num(d->bus),
- PCI_SLOT(d->devfn), PCI_FUNC(d->devfn));
- }
- vfprintf(stderr, f, ap);
- va_end(ap);
-}
-
-/* Config Space */
-
-static int xen_pt_pci_config_access_check(PCIDevice *d, uint32_t addr, int len)
-{
- /* check offset range */
- if (addr >= 0xFF) {
- XEN_PT_ERR(d, "Failed to access register with offset exceeding 0xFF. "
- "(addr: 0x%02x, len: %d)\n", addr, len);
- return -1;
- }
-
- /* check read size */
- if ((len != 1) && (len != 2) && (len != 4)) {
- XEN_PT_ERR(d, "Failed to access register with invalid access length. "
- "(addr: 0x%02x, len: %d)\n", addr, len);
- return -1;
- }
-
- /* check offset alignment */
- if (addr & (len - 1)) {
- XEN_PT_ERR(d, "Failed to access register with invalid access size "
- "alignment. (addr: 0x%02x, len: %d)\n", addr, len);
- return -1;
- }
-
- return 0;
-}
-
-int xen_pt_bar_offset_to_index(uint32_t offset)
-{
- int index = 0;
-
- /* check Exp ROM BAR */
- if (offset == PCI_ROM_ADDRESS) {
- return PCI_ROM_SLOT;
- }
-
- /* calculate BAR index */
- index = (offset - PCI_BASE_ADDRESS_0) >> 2;
- if (index >= PCI_NUM_REGIONS) {
- return -1;
- }
-
- return index;
-}
-
-static uint32_t xen_pt_pci_read_config(PCIDevice *d, uint32_t addr, int len)
-{
- XenPCIPassthroughState *s = DO_UPCAST(XenPCIPassthroughState, dev, d);
- uint32_t val = 0;
- XenPTRegGroup *reg_grp_entry = NULL;
- XenPTReg *reg_entry = NULL;
- int rc = 0;
- int emul_len = 0;
- uint32_t find_addr = addr;
-
- if (xen_pt_pci_config_access_check(d, addr, len)) {
- goto exit;
- }
-
- /* find register group entry */
- reg_grp_entry = xen_pt_find_reg_grp(s, addr);
- if (reg_grp_entry) {
- /* check 0-Hardwired register group */
- if (reg_grp_entry->reg_grp->grp_type == XEN_PT_GRP_TYPE_HARDWIRED) {
- /* no need to emulate, just return 0 */
- val = 0;
- goto exit;
- }
- }
-
- /* read I/O device register value */
- rc = xen_host_pci_get_block(&s->real_device, addr, (uint8_t *)&val, len);
- if (rc < 0) {
- XEN_PT_ERR(d, "pci_read_block failed. return value: %d.\n", rc);
- memset(&val, 0xff, len);
- }
-
- /* just return the I/O device register value for
- * passthrough type register group */
- if (reg_grp_entry == NULL) {
- goto exit;
- }
-
- /* adjust the read value to appropriate CFC-CFF window */
- val <<= (addr & 3) << 3;
- emul_len = len;
-
- /* loop around the guest requested size */
- while (emul_len > 0) {
- /* find register entry to be emulated */
- reg_entry = xen_pt_find_reg(reg_grp_entry, find_addr);
- if (reg_entry) {
- XenPTRegInfo *reg = reg_entry->reg;
- uint32_t real_offset = reg_grp_entry->base_offset + reg->offset;
- uint32_t valid_mask = 0xFFFFFFFF >> ((4 - emul_len) << 3);
- uint8_t *ptr_val = NULL;
-
- valid_mask <<= (find_addr - real_offset) << 3;
- ptr_val = (uint8_t *)&val + (real_offset & 3);
-
- /* do emulation based on register size */
- switch (reg->size) {
- case 1:
- if (reg->u.b.read) {
- rc = reg->u.b.read(s, reg_entry, ptr_val, valid_mask);
- }
- break;
- case 2:
- if (reg->u.w.read) {
- rc = reg->u.w.read(s, reg_entry,
- (uint16_t *)ptr_val, valid_mask);
- }
- break;
- case 4:
- if (reg->u.dw.read) {
- rc = reg->u.dw.read(s, reg_entry,
- (uint32_t *)ptr_val, valid_mask);
- }
- break;
- }
-
- if (rc < 0) {
- xen_shutdown_fatal_error("Internal error: Invalid read "
- "emulation. (%s, rc: %d)\n",
- __func__, rc);
- return 0;
- }
-
- /* calculate next address to find */
- emul_len -= reg->size;
- if (emul_len > 0) {
- find_addr = real_offset + reg->size;
- }
- } else {
- /* nothing to do with passthrough type register,
- * continue to find next byte */
- emul_len--;
- find_addr++;
- }
- }
-
- /* need to shift back before returning them to pci bus emulator */
- val >>= ((addr & 3) << 3);
-
-exit:
- XEN_PT_LOG_CONFIG(d, addr, val, len);
- return val;
-}
-
-static void xen_pt_pci_write_config(PCIDevice *d, uint32_t addr,
- uint32_t val, int len)
-{
- XenPCIPassthroughState *s = DO_UPCAST(XenPCIPassthroughState, dev, d);
- int index = 0;
- XenPTRegGroup *reg_grp_entry = NULL;
- int rc = 0;
- uint32_t read_val = 0;
- int emul_len = 0;
- XenPTReg *reg_entry = NULL;
- uint32_t find_addr = addr;
- XenPTRegInfo *reg = NULL;
-
- if (xen_pt_pci_config_access_check(d, addr, len)) {
- return;
- }
-
- XEN_PT_LOG_CONFIG(d, addr, val, len);
-
- /* check unused BAR register */
- index = xen_pt_bar_offset_to_index(addr);
- if ((index >= 0) && (val > 0 && val < XEN_PT_BAR_ALLF) &&
- (s->bases[index].bar_flag == XEN_PT_BAR_FLAG_UNUSED)) {
- XEN_PT_WARN(d, "Guest attempt to set address to unused Base Address "
- "Register. (addr: 0x%02x, len: %d)\n", addr, len);
- }
-
- /* find register group entry */
- reg_grp_entry = xen_pt_find_reg_grp(s, addr);
- if (reg_grp_entry) {
- /* check 0-Hardwired register group */
- if (reg_grp_entry->reg_grp->grp_type == XEN_PT_GRP_TYPE_HARDWIRED) {
- /* ignore silently */
- XEN_PT_WARN(d, "Access to 0-Hardwired register. "
- "(addr: 0x%02x, len: %d)\n", addr, len);
- return;
- }
- }
-
- rc = xen_host_pci_get_block(&s->real_device, addr,
- (uint8_t *)&read_val, len);
- if (rc < 0) {
- XEN_PT_ERR(d, "pci_read_block failed. return value: %d.\n", rc);
- memset(&read_val, 0xff, len);
- }
-
- /* pass directly to the real device for passthrough type register group */
- if (reg_grp_entry == NULL) {
- goto out;
- }
-
- memory_region_transaction_begin();
- pci_default_write_config(d, addr, val, len);
-
- /* adjust the read and write value to appropriate CFC-CFF window */
- read_val <<= (addr & 3) << 3;
- val <<= (addr & 3) << 3;
- emul_len = len;
-
- /* loop around the guest requested size */
- while (emul_len > 0) {
- /* find register entry to be emulated */
- reg_entry = xen_pt_find_reg(reg_grp_entry, find_addr);
- if (reg_entry) {
- reg = reg_entry->reg;
- uint32_t real_offset = reg_grp_entry->base_offset + reg->offset;
- uint32_t valid_mask = 0xFFFFFFFF >> ((4 - emul_len) << 3);
- uint8_t *ptr_val = NULL;
-
- valid_mask <<= (find_addr - real_offset) << 3;
- ptr_val = (uint8_t *)&val + (real_offset & 3);
-
- /* do emulation based on register size */
- switch (reg->size) {
- case 1:
- if (reg->u.b.write) {
- rc = reg->u.b.write(s, reg_entry, ptr_val,
- read_val >> ((real_offset & 3) << 3),
- valid_mask);
- }
- break;
- case 2:
- if (reg->u.w.write) {
- rc = reg->u.w.write(s, reg_entry, (uint16_t *)ptr_val,
- (read_val >> ((real_offset & 3) << 3)),
- valid_mask);
- }
- break;
- case 4:
- if (reg->u.dw.write) {
- rc = reg->u.dw.write(s, reg_entry, (uint32_t *)ptr_val,
- (read_val >> ((real_offset & 3) << 3)),
- valid_mask);
- }
- break;
- }
-
- if (rc < 0) {
- xen_shutdown_fatal_error("Internal error: Invalid write"
- " emulation. (%s, rc: %d)\n",
- __func__, rc);
- return;
- }
-
- /* calculate next address to find */
- emul_len -= reg->size;
- if (emul_len > 0) {
- find_addr = real_offset + reg->size;
- }
- } else {
- /* nothing to do with passthrough type register,
- * continue to find next byte */
- emul_len--;
- find_addr++;
- }
- }
-
- /* need to shift back before passing them to xen_host_pci_device */
- val >>= (addr & 3) << 3;
-
- memory_region_transaction_commit();
-
-out:
- if (!(reg && reg->no_wb)) {
- /* unknown regs are passed through */
- rc = xen_host_pci_set_block(&s->real_device, addr,
- (uint8_t *)&val, len);
-
- if (rc < 0) {
- XEN_PT_ERR(d, "pci_write_block failed. return value: %d.\n", rc);
- }
- }
-}
-
-/* register regions */
-
-static uint64_t xen_pt_bar_read(void *o, hwaddr addr,
- unsigned size)
-{
- PCIDevice *d = o;
- /* if this function is called, that probably means that there is a
- * misconfiguration of the IOMMU. */
- XEN_PT_ERR(d, "Should not read BAR through QEMU. @0x"TARGET_FMT_plx"\n",
- addr);
- return 0;
-}
-static void xen_pt_bar_write(void *o, hwaddr addr, uint64_t val,
- unsigned size)
-{
- PCIDevice *d = o;
- /* Same comment as xen_pt_bar_read function */
- XEN_PT_ERR(d, "Should not write BAR through QEMU. @0x"TARGET_FMT_plx"\n",
- addr);
-}
-
-static const MemoryRegionOps ops = {
- .endianness = DEVICE_NATIVE_ENDIAN,
- .read = xen_pt_bar_read,
- .write = xen_pt_bar_write,
-};
-
-static int xen_pt_register_regions(XenPCIPassthroughState *s)
-{
- int i = 0;
- XenHostPCIDevice *d = &s->real_device;
-
- /* Register PIO/MMIO BARs */
- for (i = 0; i < PCI_ROM_SLOT; i++) {
- XenHostPCIIORegion *r = &d->io_regions[i];
- uint8_t type;
-
- if (r->base_addr == 0 || r->size == 0) {
- continue;
- }
-
- s->bases[i].access.u = r->base_addr;
-
- if (r->type & XEN_HOST_PCI_REGION_TYPE_IO) {
- type = PCI_BASE_ADDRESS_SPACE_IO;
- } else {
- type = PCI_BASE_ADDRESS_SPACE_MEMORY;
- if (r->type & XEN_HOST_PCI_REGION_TYPE_PREFETCH) {
- type |= PCI_BASE_ADDRESS_MEM_PREFETCH;
- }
- if (r->type & XEN_HOST_PCI_REGION_TYPE_MEM_64) {
- type |= PCI_BASE_ADDRESS_MEM_TYPE_64;
- }
- }
-
- memory_region_init_io(&s->bar[i], &ops, &s->dev,
- "xen-pci-pt-bar", r->size);
- pci_register_bar(&s->dev, i, type, &s->bar[i]);
-
- XEN_PT_LOG(&s->dev, "IO region %i registered (size=0x%lx"PRIx64
- " base_addr=0x%lx"PRIx64" type: %#x)\n",
- i, r->size, r->base_addr, type);
- }
-
- /* Register expansion ROM address */
- if (d->rom.base_addr && d->rom.size) {
- uint32_t bar_data = 0;
-
- /* Re-set BAR reported by OS, otherwise ROM can't be read. */
- if (xen_host_pci_get_long(d, PCI_ROM_ADDRESS, &bar_data)) {
- return 0;
- }
- if ((bar_data & PCI_ROM_ADDRESS_MASK) == 0) {
- bar_data |= d->rom.base_addr & PCI_ROM_ADDRESS_MASK;
- xen_host_pci_set_long(d, PCI_ROM_ADDRESS, bar_data);
- }
-
- s->bases[PCI_ROM_SLOT].access.maddr = d->rom.base_addr;
-
- memory_region_init_rom_device(&s->rom, NULL, NULL,
- "xen-pci-pt-rom", d->rom.size);
- pci_register_bar(&s->dev, PCI_ROM_SLOT, PCI_BASE_ADDRESS_MEM_PREFETCH,
- &s->rom);
-
- XEN_PT_LOG(&s->dev, "Expansion ROM registered (size=0x%08"PRIx64
- " base_addr=0x%08"PRIx64")\n",
- d->rom.size, d->rom.base_addr);
- }
-
- return 0;
-}
-
-static void xen_pt_unregister_regions(XenPCIPassthroughState *s)
-{
- XenHostPCIDevice *d = &s->real_device;
- int i;
-
- for (i = 0; i < PCI_NUM_REGIONS - 1; i++) {
- XenHostPCIIORegion *r = &d->io_regions[i];
-
- if (r->base_addr == 0 || r->size == 0) {
- continue;
- }
-
- memory_region_destroy(&s->bar[i]);
- }
- if (d->rom.base_addr && d->rom.size) {
- memory_region_destroy(&s->rom);
- }
-}
-
-/* region mapping */
-
-static int xen_pt_bar_from_region(XenPCIPassthroughState *s, MemoryRegion *mr)
-{
- int i = 0;
-
- for (i = 0; i < PCI_NUM_REGIONS - 1; i++) {
- if (mr == &s->bar[i]) {
- return i;
- }
- }
- if (mr == &s->rom) {
- return PCI_ROM_SLOT;
- }
- return -1;
-}
-
-/*
- * This function checks if an io_region overlaps an io_region from another
- * device. The io_region to check is provided with (addr, size and type)
- * A callback can be provided and will be called for every region that is
- * overlapped.
- * The return value indicates if the region is overlappsed */
-struct CheckBarArgs {
- XenPCIPassthroughState *s;
- pcibus_t addr;
- pcibus_t size;
- uint8_t type;
- bool rc;
-};
-static void xen_pt_check_bar_overlap(PCIBus *bus, PCIDevice *d, void *opaque)
-{
- struct CheckBarArgs *arg = opaque;
- XenPCIPassthroughState *s = arg->s;
- uint8_t type = arg->type;
- int i;
-
- if (d->devfn == s->dev.devfn) {
- return;
- }
-
- /* xxx: This ignores bridges. */
- for (i = 0; i < PCI_NUM_REGIONS; i++) {
- const PCIIORegion *r = &d->io_regions[i];
-
- if (!r->size) {
- continue;
- }
- if ((type & PCI_BASE_ADDRESS_SPACE_IO)
- != (r->type & PCI_BASE_ADDRESS_SPACE_IO)) {
- continue;
- }
-
- if (ranges_overlap(arg->addr, arg->size, r->addr, r->size)) {
- XEN_PT_WARN(&s->dev,
- "Overlapped to device [%02x:%02x.%d] Region: %i"
- " (addr: %#"FMT_PCIBUS", len: %#"FMT_PCIBUS")\n",
- pci_bus_num(bus), PCI_SLOT(d->devfn),
- PCI_FUNC(d->devfn), i, r->addr, r->size);
- arg->rc = true;
- }
- }
-}
-
-static void xen_pt_region_update(XenPCIPassthroughState *s,
- MemoryRegionSection *sec, bool adding)
-{
- PCIDevice *d = &s->dev;
- MemoryRegion *mr = sec->mr;
- int bar = -1;
- int rc;
- int op = adding ? DPCI_ADD_MAPPING : DPCI_REMOVE_MAPPING;
- struct CheckBarArgs args = {
- .s = s,
- .addr = sec->offset_within_address_space,
- .size = sec->size,
- .rc = false,
- };
-
- bar = xen_pt_bar_from_region(s, mr);
- if (bar == -1 && (!s->msix || &s->msix->mmio != mr)) {
- return;
- }
-
- if (s->msix && &s->msix->mmio == mr) {
- if (adding) {
- s->msix->mmio_base_addr = sec->offset_within_address_space;
- rc = xen_pt_msix_update_remap(s, s->msix->bar_index);
- }
- return;
- }
-
- args.type = d->io_regions[bar].type;
- pci_for_each_device(d->bus, pci_bus_num(d->bus),
- xen_pt_check_bar_overlap, &args);
- if (args.rc) {
- XEN_PT_WARN(d, "Region: %d (addr: %#"FMT_PCIBUS
- ", len: %#"FMT_PCIBUS") is overlapped.\n",
- bar, sec->offset_within_address_space, sec->size);
- }
-
- if (d->io_regions[bar].type & PCI_BASE_ADDRESS_SPACE_IO) {
- uint32_t guest_port = sec->offset_within_address_space;
- uint32_t machine_port = s->bases[bar].access.pio_base;
- uint32_t size = sec->size;
- rc = xc_domain_ioport_mapping(xen_xc, xen_domid,
- guest_port, machine_port, size,
- op);
- if (rc) {
- XEN_PT_ERR(d, "%s ioport mapping failed! (rc: %i)\n",
- adding ? "create new" : "remove old", rc);
- }
- } else {
- pcibus_t guest_addr = sec->offset_within_address_space;
- pcibus_t machine_addr = s->bases[bar].access.maddr
- + sec->offset_within_region;
- pcibus_t size = sec->size;
- rc = xc_domain_memory_mapping(xen_xc, xen_domid,
- XEN_PFN(guest_addr + XC_PAGE_SIZE - 1),
- XEN_PFN(machine_addr + XC_PAGE_SIZE - 1),
- XEN_PFN(size + XC_PAGE_SIZE - 1),
- op);
- if (rc) {
- XEN_PT_ERR(d, "%s mem mapping failed! (rc: %i)\n",
- adding ? "create new" : "remove old", rc);
- }
- }
-}
-
-static void xen_pt_region_add(MemoryListener *l, MemoryRegionSection *sec)
-{
- XenPCIPassthroughState *s = container_of(l, XenPCIPassthroughState,
- memory_listener);
-
- xen_pt_region_update(s, sec, true);
-}
-
-static void xen_pt_region_del(MemoryListener *l, MemoryRegionSection *sec)
-{
- XenPCIPassthroughState *s = container_of(l, XenPCIPassthroughState,
- memory_listener);
-
- xen_pt_region_update(s, sec, false);
-}
-
-static void xen_pt_io_region_add(MemoryListener *l, MemoryRegionSection *sec)
-{
- XenPCIPassthroughState *s = container_of(l, XenPCIPassthroughState,
- io_listener);
-
- xen_pt_region_update(s, sec, true);
-}
-
-static void xen_pt_io_region_del(MemoryListener *l, MemoryRegionSection *sec)
-{
- XenPCIPassthroughState *s = container_of(l, XenPCIPassthroughState,
- io_listener);
-
- xen_pt_region_update(s, sec, false);
-}
-
-static const MemoryListener xen_pt_memory_listener = {
- .region_add = xen_pt_region_add,
- .region_del = xen_pt_region_del,
- .priority = 10,
-};
-
-static const MemoryListener xen_pt_io_listener = {
- .region_add = xen_pt_io_region_add,
- .region_del = xen_pt_io_region_del,
- .priority = 10,
-};
-
-/* init */
-
-static int xen_pt_initfn(PCIDevice *d)
-{
- XenPCIPassthroughState *s = DO_UPCAST(XenPCIPassthroughState, dev, d);
- int rc = 0;
- uint8_t machine_irq = 0;
- int pirq = XEN_PT_UNASSIGNED_PIRQ;
-
- /* register real device */
- XEN_PT_LOG(d, "Assigning real physical device %02x:%02x.%d"
- " to devfn %#x\n",
- s->hostaddr.bus, s->hostaddr.slot, s->hostaddr.function,
- s->dev.devfn);
-
- rc = xen_host_pci_device_get(&s->real_device,
- s->hostaddr.domain, s->hostaddr.bus,
- s->hostaddr.slot, s->hostaddr.function);
- if (rc) {
- XEN_PT_ERR(d, "Failed to \"open\" the real pci device. rc: %i\n", rc);
- return -1;
- }
-
- s->is_virtfn = s->real_device.is_virtfn;
- if (s->is_virtfn) {
- XEN_PT_LOG(d, "%04x:%02x:%02x.%d is a SR-IOV Virtual Function\n",
- s->real_device.domain, bus, slot, func);
- }
-
- /* Initialize virtualized PCI configuration (Extended 256 Bytes) */
- if (xen_host_pci_get_block(&s->real_device, 0, d->config,
- PCI_CONFIG_SPACE_SIZE) == -1) {
- xen_host_pci_device_put(&s->real_device);
- return -1;
- }
-
- s->memory_listener = xen_pt_memory_listener;
- s->io_listener = xen_pt_io_listener;
-
- /* Handle real device's MMIO/PIO BARs */
- xen_pt_register_regions(s);
-
- /* reinitialize each config register to be emulated */
- if (xen_pt_config_init(s)) {
- XEN_PT_ERR(d, "PCI Config space initialisation failed.\n");
- xen_host_pci_device_put(&s->real_device);
- return -1;
- }
-
- /* Bind interrupt */
- if (!s->dev.config[PCI_INTERRUPT_PIN]) {
- XEN_PT_LOG(d, "no pin interrupt\n");
- goto out;
- }
-
- machine_irq = s->real_device.irq;
- rc = xc_physdev_map_pirq(xen_xc, xen_domid, machine_irq, &pirq);
-
- if (rc < 0) {
- XEN_PT_ERR(d, "Mapping machine irq %u to pirq %i failed, (rc: %d)\n",
- machine_irq, pirq, rc);
-
- /* Disable PCI intx assertion (turn on bit10 of devctl) */
- xen_host_pci_set_word(&s->real_device,
- PCI_COMMAND,
- pci_get_word(s->dev.config + PCI_COMMAND)
- | PCI_COMMAND_INTX_DISABLE);
- machine_irq = 0;
- s->machine_irq = 0;
- } else {
- machine_irq = pirq;
- s->machine_irq = pirq;
- xen_pt_mapped_machine_irq[machine_irq]++;
- }
-
- /* bind machine_irq to device */
- if (machine_irq != 0) {
- uint8_t e_intx = xen_pt_pci_intx(s);
-
- rc = xc_domain_bind_pt_pci_irq(xen_xc, xen_domid, machine_irq,
- pci_bus_num(d->bus),
- PCI_SLOT(d->devfn),
- e_intx);
- if (rc < 0) {
- XEN_PT_ERR(d, "Binding of interrupt %i failed! (rc: %d)\n",
- e_intx, rc);
-
- /* Disable PCI intx assertion (turn on bit10 of devctl) */
- xen_host_pci_set_word(&s->real_device, PCI_COMMAND,
- *(uint16_t *)(&s->dev.config[PCI_COMMAND])
- | PCI_COMMAND_INTX_DISABLE);
- xen_pt_mapped_machine_irq[machine_irq]--;
-
- if (xen_pt_mapped_machine_irq[machine_irq] == 0) {
- if (xc_physdev_unmap_pirq(xen_xc, xen_domid, machine_irq)) {
- XEN_PT_ERR(d, "Unmapping of machine interrupt %i failed!"
- " (rc: %d)\n", machine_irq, rc);
- }
- }
- s->machine_irq = 0;
- }
- }
-
-out:
- memory_listener_register(&s->memory_listener, &address_space_memory);
- memory_listener_register(&s->io_listener, &address_space_io);
- XEN_PT_LOG(d, "Real physical device %02x:%02x.%d registered successfuly!\n",
- bus, slot, func);
-
- return 0;
-}
-
-static void xen_pt_unregister_device(PCIDevice *d)
-{
- XenPCIPassthroughState *s = DO_UPCAST(XenPCIPassthroughState, dev, d);
- uint8_t machine_irq = s->machine_irq;
- uint8_t intx = xen_pt_pci_intx(s);
- int rc;
-
- if (machine_irq) {
- rc = xc_domain_unbind_pt_irq(xen_xc, xen_domid, machine_irq,
- PT_IRQ_TYPE_PCI,
- pci_bus_num(d->bus),
- PCI_SLOT(s->dev.devfn),
- intx,
- 0 /* isa_irq */);
- if (rc < 0) {
- XEN_PT_ERR(d, "unbinding of interrupt INT%c failed."
- " (machine irq: %i, rc: %d)"
- " But bravely continuing on..\n",
- 'a' + intx, machine_irq, rc);
- }
- }
-
- if (s->msi) {
- xen_pt_msi_disable(s);
- }
- if (s->msix) {
- xen_pt_msix_disable(s);
- }
-
- if (machine_irq) {
- xen_pt_mapped_machine_irq[machine_irq]--;
-
- if (xen_pt_mapped_machine_irq[machine_irq] == 0) {
- rc = xc_physdev_unmap_pirq(xen_xc, xen_domid, machine_irq);
-
- if (rc < 0) {
- XEN_PT_ERR(d, "unmapping of interrupt %i failed. (rc: %d)"
- " But bravely continuing on..\n",
- machine_irq, rc);
- }
- }
- }
-
- /* delete all emulated config registers */
- xen_pt_config_delete(s);
-
- xen_pt_unregister_regions(s);
- memory_listener_unregister(&s->memory_listener);
- memory_listener_unregister(&s->io_listener);
-
- xen_host_pci_device_put(&s->real_device);
-}
-
-static Property xen_pci_passthrough_properties[] = {
- DEFINE_PROP_PCI_HOST_DEVADDR("hostaddr", XenPCIPassthroughState, hostaddr),
- DEFINE_PROP_END_OF_LIST(),
-};
-
-static void xen_pci_passthrough_class_init(ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS(klass);
- PCIDeviceClass *k = PCI_DEVICE_CLASS(klass);
-
- k->init = xen_pt_initfn;
- k->exit = xen_pt_unregister_device;
- k->config_read = xen_pt_pci_read_config;
- k->config_write = xen_pt_pci_write_config;
- dc->desc = "Assign an host PCI device with Xen";
- dc->props = xen_pci_passthrough_properties;
-};
-
-static TypeInfo xen_pci_passthrough_info = {
- .name = "xen-pci-passthrough",
- .parent = TYPE_PCI_DEVICE,
- .instance_size = sizeof(XenPCIPassthroughState),
- .class_init = xen_pci_passthrough_class_init,
-};
-
-static void xen_pci_passthrough_register_types(void)
-{
- type_register_static(&xen_pci_passthrough_info);
-}
-
-type_init(xen_pci_passthrough_register_types)
diff --git a/hw/xen_pt.h b/hw/xen_pt.h
deleted file mode 100644
index f15e69a29..000000000
--- a/hw/xen_pt.h
+++ /dev/null
@@ -1,302 +0,0 @@
-#ifndef XEN_PT_H
-#define XEN_PT_H
-
-#include "qemu-common.h"
-#include "xen_common.h"
-#include "pci.h"
-#include "xen-host-pci-device.h"
-
-void xen_pt_log(const PCIDevice *d, const char *f, ...) GCC_FMT_ATTR(2, 3);
-
-#define XEN_PT_ERR(d, _f, _a...) xen_pt_log(d, "%s: Error: "_f, __func__, ##_a)
-
-#ifdef XEN_PT_LOGGING_ENABLED
-# define XEN_PT_LOG(d, _f, _a...) xen_pt_log(d, "%s: " _f, __func__, ##_a)
-# define XEN_PT_WARN(d, _f, _a...) \
- xen_pt_log(d, "%s: Warning: "_f, __func__, ##_a)
-#else
-# define XEN_PT_LOG(d, _f, _a...)
-# define XEN_PT_WARN(d, _f, _a...)
-#endif
-
-#ifdef XEN_PT_DEBUG_PCI_CONFIG_ACCESS
-# define XEN_PT_LOG_CONFIG(d, addr, val, len) \
- xen_pt_log(d, "%s: address=0x%04x val=0x%08x len=%d\n", \
- __func__, addr, val, len)
-#else
-# define XEN_PT_LOG_CONFIG(d, addr, val, len)
-#endif
-
-
-/* Helper */
-#define XEN_PFN(x) ((x) >> XC_PAGE_SHIFT)
-
-typedef struct XenPTRegInfo XenPTRegInfo;
-typedef struct XenPTReg XenPTReg;
-
-typedef struct XenPCIPassthroughState XenPCIPassthroughState;
-
-/* function type for config reg */
-typedef int (*xen_pt_conf_reg_init)
- (XenPCIPassthroughState *, XenPTRegInfo *, uint32_t real_offset,
- uint32_t *data);
-typedef int (*xen_pt_conf_dword_write)
- (XenPCIPassthroughState *, XenPTReg *cfg_entry,
- uint32_t *val, uint32_t dev_value, uint32_t valid_mask);
-typedef int (*xen_pt_conf_word_write)
- (XenPCIPassthroughState *, XenPTReg *cfg_entry,
- uint16_t *val, uint16_t dev_value, uint16_t valid_mask);
-typedef int (*xen_pt_conf_byte_write)
- (XenPCIPassthroughState *, XenPTReg *cfg_entry,
- uint8_t *val, uint8_t dev_value, uint8_t valid_mask);
-typedef int (*xen_pt_conf_dword_read)
- (XenPCIPassthroughState *, XenPTReg *cfg_entry,
- uint32_t *val, uint32_t valid_mask);
-typedef int (*xen_pt_conf_word_read)
- (XenPCIPassthroughState *, XenPTReg *cfg_entry,
- uint16_t *val, uint16_t valid_mask);
-typedef int (*xen_pt_conf_byte_read)
- (XenPCIPassthroughState *, XenPTReg *cfg_entry,
- uint8_t *val, uint8_t valid_mask);
-
-#define XEN_PT_BAR_ALLF 0xFFFFFFFF
-#define XEN_PT_BAR_UNMAPPED (-1)
-
-#define PCI_CAP_MAX 48
-
-
-typedef enum {
- XEN_PT_GRP_TYPE_HARDWIRED = 0, /* 0 Hardwired reg group */
- XEN_PT_GRP_TYPE_EMU, /* emul reg group */
-} XenPTRegisterGroupType;
-
-typedef enum {
- XEN_PT_BAR_FLAG_MEM = 0, /* Memory type BAR */
- XEN_PT_BAR_FLAG_IO, /* I/O type BAR */
- XEN_PT_BAR_FLAG_UPPER, /* upper 64bit BAR */
- XEN_PT_BAR_FLAG_UNUSED, /* unused BAR */
-} XenPTBarFlag;
-
-
-typedef struct XenPTRegion {
- /* BAR flag */
- XenPTBarFlag bar_flag;
- /* Translation of the emulated address */
- union {
- uint64_t maddr;
- uint64_t pio_base;
- uint64_t u;
- } access;
-} XenPTRegion;
-
-/* XenPTRegInfo declaration
- * - only for emulated register (either a part or whole bit).
- * - for passthrough register that need special behavior (like interacting with
- * other component), set emu_mask to all 0 and specify r/w func properly.
- * - do NOT use ALL F for init_val, otherwise the tbl will not be registered.
- */
-
-/* emulated register information */
-struct XenPTRegInfo {
- uint32_t offset;
- uint32_t size;
- uint32_t init_val;
- /* reg read only field mask (ON:RO/ROS, OFF:other) */
- uint32_t ro_mask;
- /* reg emulate field mask (ON:emu, OFF:passthrough) */
- uint32_t emu_mask;
- /* no write back allowed */
- uint32_t no_wb;
- xen_pt_conf_reg_init init;
- /* read/write function pointer
- * for double_word/word/byte size */
- union {
- struct {
- xen_pt_conf_dword_write write;
- xen_pt_conf_dword_read read;
- } dw;
- struct {
- xen_pt_conf_word_write write;
- xen_pt_conf_word_read read;
- } w;
- struct {
- xen_pt_conf_byte_write write;
- xen_pt_conf_byte_read read;
- } b;
- } u;
-};
-
-/* emulated register management */
-struct XenPTReg {
- QLIST_ENTRY(XenPTReg) entries;
- XenPTRegInfo *reg;
- uint32_t data; /* emulated value */
-};
-
-typedef struct XenPTRegGroupInfo XenPTRegGroupInfo;
-
-/* emul reg group size initialize method */
-typedef int (*xen_pt_reg_size_init_fn)
- (XenPCIPassthroughState *, const XenPTRegGroupInfo *,
- uint32_t base_offset, uint8_t *size);
-
-/* emulated register group information */
-struct XenPTRegGroupInfo {
- uint8_t grp_id;
- XenPTRegisterGroupType grp_type;
- uint8_t grp_size;
- xen_pt_reg_size_init_fn size_init;
- XenPTRegInfo *emu_regs;
-};
-
-/* emul register group management table */
-typedef struct XenPTRegGroup {
- QLIST_ENTRY(XenPTRegGroup) entries;
- const XenPTRegGroupInfo *reg_grp;
- uint32_t base_offset;
- uint8_t size;
- QLIST_HEAD(, XenPTReg) reg_tbl_list;
-} XenPTRegGroup;
-
-
-#define XEN_PT_UNASSIGNED_PIRQ (-1)
-typedef struct XenPTMSI {
- uint16_t flags;
- uint32_t addr_lo; /* guest message address */
- uint32_t addr_hi; /* guest message upper address */
- uint16_t data; /* guest message data */
- uint32_t ctrl_offset; /* saved control offset */
- int pirq; /* guest pirq corresponding */
- bool initialized; /* when guest MSI is initialized */
- bool mapped; /* when pirq is mapped */
-} XenPTMSI;
-
-typedef struct XenPTMSIXEntry {
- int pirq;
- uint64_t addr;
- uint32_t data;
- uint32_t vector_ctrl;
- bool updated; /* indicate whether MSI ADDR or DATA is updated */
-} XenPTMSIXEntry;
-typedef struct XenPTMSIX {
- uint32_t ctrl_offset;
- bool enabled;
- int total_entries;
- int bar_index;
- uint64_t table_base;
- uint32_t table_offset_adjust; /* page align mmap */
- uint64_t mmio_base_addr;
- MemoryRegion mmio;
- void *phys_iomem_base;
- XenPTMSIXEntry msix_entry[0];
-} XenPTMSIX;
-
-struct XenPCIPassthroughState {
- PCIDevice dev;
-
- PCIHostDeviceAddress hostaddr;
- bool is_virtfn;
- XenHostPCIDevice real_device;
- XenPTRegion bases[PCI_NUM_REGIONS]; /* Access regions */
- QLIST_HEAD(, XenPTRegGroup) reg_grps;
-
- uint32_t machine_irq;
-
- XenPTMSI *msi;
- XenPTMSIX *msix;
-
- MemoryRegion bar[PCI_NUM_REGIONS - 1];
- MemoryRegion rom;
-
- MemoryListener memory_listener;
- MemoryListener io_listener;
-};
-
-int xen_pt_config_init(XenPCIPassthroughState *s);
-void xen_pt_config_delete(XenPCIPassthroughState *s);
-XenPTRegGroup *xen_pt_find_reg_grp(XenPCIPassthroughState *s, uint32_t address);
-XenPTReg *xen_pt_find_reg(XenPTRegGroup *reg_grp, uint32_t address);
-int xen_pt_bar_offset_to_index(uint32_t offset);
-
-static inline pcibus_t xen_pt_get_emul_size(XenPTBarFlag flag, pcibus_t r_size)
-{
- /* align resource size (memory type only) */
- if (flag == XEN_PT_BAR_FLAG_MEM) {
- return (r_size + XC_PAGE_SIZE - 1) & XC_PAGE_MASK;
- } else {
- return r_size;
- }
-}
-
-/* INTx */
-/* The PCI Local Bus Specification, Rev. 3.0,
- * Section 6.2.4 Miscellaneous Registers, pp 223
- * outlines 5 valid values for the interrupt pin (intx).
- * 0: For devices (or device functions) that don't use an interrupt in
- * 1: INTA#
- * 2: INTB#
- * 3: INTC#
- * 4: INTD#
- *
- * Xen uses the following 4 values for intx
- * 0: INTA#
- * 1: INTB#
- * 2: INTC#
- * 3: INTD#
- *
- * Observing that these list of values are not the same, xen_pt_pci_read_intx()
- * uses the following mapping from hw to xen values.
- * This seems to reflect the current usage within Xen.
- *
- * PCI hardware | Xen | Notes
- * ----------------+-----+----------------------------------------------------
- * 0 | 0 | No interrupt
- * 1 | 0 | INTA#
- * 2 | 1 | INTB#
- * 3 | 2 | INTC#
- * 4 | 3 | INTD#
- * any other value | 0 | This should never happen, log error message
- */
-
-static inline uint8_t xen_pt_pci_read_intx(XenPCIPassthroughState *s)
-{
- uint8_t v = 0;
- xen_host_pci_get_byte(&s->real_device, PCI_INTERRUPT_PIN, &v);
- return v;
-}
-
-static inline uint8_t xen_pt_pci_intx(XenPCIPassthroughState *s)
-{
- uint8_t r_val = xen_pt_pci_read_intx(s);
-
- XEN_PT_LOG(&s->dev, "intx=%i\n", r_val);
- if (r_val < 1 || r_val > 4) {
- XEN_PT_LOG(&s->dev, "Interrupt pin read from hardware is out of range:"
- " value=%i, acceptable range is 1 - 4\n", r_val);
- r_val = 0;
- } else {
- r_val -= 1;
- }
-
- return r_val;
-}
-
-/* MSI/MSI-X */
-int xen_pt_msi_set_enable(XenPCIPassthroughState *s, bool en);
-int xen_pt_msi_setup(XenPCIPassthroughState *s);
-int xen_pt_msi_update(XenPCIPassthroughState *d);
-void xen_pt_msi_disable(XenPCIPassthroughState *s);
-
-int xen_pt_msix_init(XenPCIPassthroughState *s, uint32_t base);
-void xen_pt_msix_delete(XenPCIPassthroughState *s);
-int xen_pt_msix_update(XenPCIPassthroughState *s);
-int xen_pt_msix_update_remap(XenPCIPassthroughState *s, int bar_index);
-void xen_pt_msix_disable(XenPCIPassthroughState *s);
-
-static inline bool xen_pt_has_msix_mapping(XenPCIPassthroughState *s, int bar)
-{
- return s->msix && s->msix->bar_index == bar;
-}
-
-
-#endif /* !XEN_PT_H */
diff --git a/hw/xen_pt_config_init.c b/hw/xen_pt_config_init.c
deleted file mode 100644
index 0a5f82cb8..000000000
--- a/hw/xen_pt_config_init.c
+++ /dev/null
@@ -1,1882 +0,0 @@
-/*
- * Copyright (c) 2007, Neocleus Corporation.
- * Copyright (c) 2007, Intel Corporation.
- *
- * This work is licensed under the terms of the GNU GPL, version 2. See
- * the COPYING file in the top-level directory.
- *
- * Alex Novik <alex@neocleus.com>
- * Allen Kay <allen.m.kay@intel.com>
- * Guy Zana <guy@neocleus.com>
- *
- * This file implements direct PCI assignment to a HVM guest
- */
-
-#include "qemu-timer.h"
-#include "xen_backend.h"
-#include "xen_pt.h"
-
-#define XEN_PT_MERGE_VALUE(value, data, val_mask) \
- (((value) & (val_mask)) | ((data) & ~(val_mask)))
-
-#define XEN_PT_INVALID_REG 0xFFFFFFFF /* invalid register value */
-
-/* prototype */
-
-static int xen_pt_ptr_reg_init(XenPCIPassthroughState *s, XenPTRegInfo *reg,
- uint32_t real_offset, uint32_t *data);
-
-
-/* helper */
-
-/* A return value of 1 means the capability should NOT be exposed to guest. */
-static int xen_pt_hide_dev_cap(const XenHostPCIDevice *d, uint8_t grp_id)
-{
- switch (grp_id) {
- case PCI_CAP_ID_EXP:
- /* The PCI Express Capability Structure of the VF of Intel 82599 10GbE
- * Controller looks trivial, e.g., the PCI Express Capabilities
- * Register is 0. We should not try to expose it to guest.
- *
- * The datasheet is available at
- * http://download.intel.com/design/network/datashts/82599_datasheet.pdf
- *
- * See 'Table 9.7. VF PCIe Configuration Space' of the datasheet, the
- * PCI Express Capability Structure of the VF of Intel 82599 10GbE
- * Controller looks trivial, e.g., the PCI Express Capabilities
- * Register is 0, so the Capability Version is 0 and
- * xen_pt_pcie_size_init() would fail.
- */
- if (d->vendor_id == PCI_VENDOR_ID_INTEL &&
- d->device_id == PCI_DEVICE_ID_INTEL_82599_SFP_VF) {
- return 1;
- }
- break;
- }
- return 0;
-}
-
-/* find emulate register group entry */
-XenPTRegGroup *xen_pt_find_reg_grp(XenPCIPassthroughState *s, uint32_t address)
-{
- XenPTRegGroup *entry = NULL;
-
- /* find register group entry */
- QLIST_FOREACH(entry, &s->reg_grps, entries) {
- /* check address */
- if ((entry->base_offset <= address)
- && ((entry->base_offset + entry->size) > address)) {
- return entry;
- }
- }
-
- /* group entry not found */
- return NULL;
-}
-
-/* find emulate register entry */
-XenPTReg *xen_pt_find_reg(XenPTRegGroup *reg_grp, uint32_t address)
-{
- XenPTReg *reg_entry = NULL;
- XenPTRegInfo *reg = NULL;
- uint32_t real_offset = 0;
-
- /* find register entry */
- QLIST_FOREACH(reg_entry, &reg_grp->reg_tbl_list, entries) {
- reg = reg_entry->reg;
- real_offset = reg_grp->base_offset + reg->offset;
- /* check address */
- if ((real_offset <= address)
- && ((real_offset + reg->size) > address)) {
- return reg_entry;
- }
- }
-
- return NULL;
-}
-
-
-/****************
- * general register functions
- */
-
-/* register initialization function */
-
-static int xen_pt_common_reg_init(XenPCIPassthroughState *s,
- XenPTRegInfo *reg, uint32_t real_offset,
- uint32_t *data)
-{
- *data = reg->init_val;
- return 0;
-}
-
-/* Read register functions */
-
-static int xen_pt_byte_reg_read(XenPCIPassthroughState *s, XenPTReg *cfg_entry,
- uint8_t *value, uint8_t valid_mask)
-{
- XenPTRegInfo *reg = cfg_entry->reg;
- uint8_t valid_emu_mask = 0;
-
- /* emulate byte register */
- valid_emu_mask = reg->emu_mask & valid_mask;
- *value = XEN_PT_MERGE_VALUE(*value, cfg_entry->data, ~valid_emu_mask);
-
- return 0;
-}
-static int xen_pt_word_reg_read(XenPCIPassthroughState *s, XenPTReg *cfg_entry,
- uint16_t *value, uint16_t valid_mask)
-{
- XenPTRegInfo *reg = cfg_entry->reg;
- uint16_t valid_emu_mask = 0;
-
- /* emulate word register */
- valid_emu_mask = reg->emu_mask & valid_mask;
- *value = XEN_PT_MERGE_VALUE(*value, cfg_entry->data, ~valid_emu_mask);
-
- return 0;
-}
-static int xen_pt_long_reg_read(XenPCIPassthroughState *s, XenPTReg *cfg_entry,
- uint32_t *value, uint32_t valid_mask)
-{
- XenPTRegInfo *reg = cfg_entry->reg;
- uint32_t valid_emu_mask = 0;
-
- /* emulate long register */
- valid_emu_mask = reg->emu_mask & valid_mask;
- *value = XEN_PT_MERGE_VALUE(*value, cfg_entry->data, ~valid_emu_mask);
-
- return 0;
-}
-
-/* Write register functions */
-
-static int xen_pt_byte_reg_write(XenPCIPassthroughState *s, XenPTReg *cfg_entry,
- uint8_t *val, uint8_t dev_value,
- uint8_t valid_mask)
-{
- XenPTRegInfo *reg = cfg_entry->reg;
- uint8_t writable_mask = 0;
- uint8_t throughable_mask = 0;
-
- /* modify emulate register */
- writable_mask = reg->emu_mask & ~reg->ro_mask & valid_mask;
- cfg_entry->data = XEN_PT_MERGE_VALUE(*val, cfg_entry->data, writable_mask);
-
- /* create value for writing to I/O device register */
- throughable_mask = ~reg->emu_mask & valid_mask;
- *val = XEN_PT_MERGE_VALUE(*val, dev_value, throughable_mask);
-
- return 0;
-}
-static int xen_pt_word_reg_write(XenPCIPassthroughState *s, XenPTReg *cfg_entry,
- uint16_t *val, uint16_t dev_value,
- uint16_t valid_mask)
-{
- XenPTRegInfo *reg = cfg_entry->reg;
- uint16_t writable_mask = 0;
- uint16_t throughable_mask = 0;
-
- /* modify emulate register */
- writable_mask = reg->emu_mask & ~reg->ro_mask & valid_mask;
- cfg_entry->data = XEN_PT_MERGE_VALUE(*val, cfg_entry->data, writable_mask);
-
- /* create value for writing to I/O device register */
- throughable_mask = ~reg->emu_mask & valid_mask;
- *val = XEN_PT_MERGE_VALUE(*val, dev_value, throughable_mask);
-
- return 0;
-}
-static int xen_pt_long_reg_write(XenPCIPassthroughState *s, XenPTReg *cfg_entry,
- uint32_t *val, uint32_t dev_value,
- uint32_t valid_mask)
-{
- XenPTRegInfo *reg = cfg_entry->reg;
- uint32_t writable_mask = 0;
- uint32_t throughable_mask = 0;
-
- /* modify emulate register */
- writable_mask = reg->emu_mask & ~reg->ro_mask & valid_mask;
- cfg_entry->data = XEN_PT_MERGE_VALUE(*val, cfg_entry->data, writable_mask);
-
- /* create value for writing to I/O device register */
- throughable_mask = ~reg->emu_mask & valid_mask;
- *val = XEN_PT_MERGE_VALUE(*val, dev_value, throughable_mask);
-
- return 0;
-}
-
-
-/* XenPTRegInfo declaration
- * - only for emulated register (either a part or whole bit).
- * - for passthrough register that need special behavior (like interacting with
- * other component), set emu_mask to all 0 and specify r/w func properly.
- * - do NOT use ALL F for init_val, otherwise the tbl will not be registered.
- */
-
-/********************
- * Header Type0
- */
-
-static int xen_pt_vendor_reg_init(XenPCIPassthroughState *s,
- XenPTRegInfo *reg, uint32_t real_offset,
- uint32_t *data)
-{
- *data = s->real_device.vendor_id;
- return 0;
-}
-static int xen_pt_device_reg_init(XenPCIPassthroughState *s,
- XenPTRegInfo *reg, uint32_t real_offset,
- uint32_t *data)
-{
- *data = s->real_device.device_id;
- return 0;
-}
-static int xen_pt_status_reg_init(XenPCIPassthroughState *s,
- XenPTRegInfo *reg, uint32_t real_offset,
- uint32_t *data)
-{
- XenPTRegGroup *reg_grp_entry = NULL;
- XenPTReg *reg_entry = NULL;
- uint32_t reg_field = 0;
-
- /* find Header register group */
- reg_grp_entry = xen_pt_find_reg_grp(s, PCI_CAPABILITY_LIST);
- if (reg_grp_entry) {
- /* find Capabilities Pointer register */
- reg_entry = xen_pt_find_reg(reg_grp_entry, PCI_CAPABILITY_LIST);
- if (reg_entry) {
- /* check Capabilities Pointer register */
- if (reg_entry->data) {
- reg_field |= PCI_STATUS_CAP_LIST;
- } else {
- reg_field &= ~PCI_STATUS_CAP_LIST;
- }
- } else {
- xen_shutdown_fatal_error("Internal error: Couldn't find XenPTReg*"
- " for Capabilities Pointer register."
- " (%s)\n", __func__);
- return -1;
- }
- } else {
- xen_shutdown_fatal_error("Internal error: Couldn't find XenPTRegGroup"
- " for Header. (%s)\n", __func__);
- return -1;
- }
-
- *data = reg_field;
- return 0;
-}
-static int xen_pt_header_type_reg_init(XenPCIPassthroughState *s,
- XenPTRegInfo *reg, uint32_t real_offset,
- uint32_t *data)
-{
- /* read PCI_HEADER_TYPE */
- *data = reg->init_val | 0x80;
- return 0;
-}
-
-/* initialize Interrupt Pin register */
-static int xen_pt_irqpin_reg_init(XenPCIPassthroughState *s,
- XenPTRegInfo *reg, uint32_t real_offset,
- uint32_t *data)
-{
- *data = xen_pt_pci_read_intx(s);
- return 0;
-}
-
-/* Command register */
-static int xen_pt_cmd_reg_read(XenPCIPassthroughState *s, XenPTReg *cfg_entry,
- uint16_t *value, uint16_t valid_mask)
-{
- XenPTRegInfo *reg = cfg_entry->reg;
- uint16_t valid_emu_mask = 0;
- uint16_t emu_mask = reg->emu_mask;
-
- if (s->is_virtfn) {
- emu_mask |= PCI_COMMAND_MEMORY;
- }
-
- /* emulate word register */
- valid_emu_mask = emu_mask & valid_mask;
- *value = XEN_PT_MERGE_VALUE(*value, cfg_entry->data, ~valid_emu_mask);
-
- return 0;
-}
-static int xen_pt_cmd_reg_write(XenPCIPassthroughState *s, XenPTReg *cfg_entry,
- uint16_t *val, uint16_t dev_value,
- uint16_t valid_mask)
-{
- XenPTRegInfo *reg = cfg_entry->reg;
- uint16_t writable_mask = 0;
- uint16_t throughable_mask = 0;
- uint16_t emu_mask = reg->emu_mask;
-
- if (s->is_virtfn) {
- emu_mask |= PCI_COMMAND_MEMORY;
- }
-
- /* modify emulate register */
- writable_mask = ~reg->ro_mask & valid_mask;
- cfg_entry->data = XEN_PT_MERGE_VALUE(*val, cfg_entry->data, writable_mask);
-
- /* create value for writing to I/O device register */
- throughable_mask = ~emu_mask & valid_mask;
-
- if (*val & PCI_COMMAND_INTX_DISABLE) {
- throughable_mask |= PCI_COMMAND_INTX_DISABLE;
- } else {
- if (s->machine_irq) {
- throughable_mask |= PCI_COMMAND_INTX_DISABLE;
- }
- }
-
- *val = XEN_PT_MERGE_VALUE(*val, dev_value, throughable_mask);
-
- return 0;
-}
-
-/* BAR */
-#define XEN_PT_BAR_MEM_RO_MASK 0x0000000F /* BAR ReadOnly mask(Memory) */
-#define XEN_PT_BAR_MEM_EMU_MASK 0xFFFFFFF0 /* BAR emul mask(Memory) */
-#define XEN_PT_BAR_IO_RO_MASK 0x00000003 /* BAR ReadOnly mask(I/O) */
-#define XEN_PT_BAR_IO_EMU_MASK 0xFFFFFFFC /* BAR emul mask(I/O) */
-
-static bool is_64bit_bar(PCIIORegion *r)
-{
- return !!(r->type & PCI_BASE_ADDRESS_MEM_TYPE_64);
-}
-
-static uint64_t xen_pt_get_bar_size(PCIIORegion *r)
-{
- if (is_64bit_bar(r)) {
- uint64_t size64;
- size64 = (r + 1)->size;
- size64 <<= 32;
- size64 += r->size;
- return size64;
- }
- return r->size;
-}
-
-static XenPTBarFlag xen_pt_bar_reg_parse(XenPCIPassthroughState *s,
- XenPTRegInfo *reg)
-{
- PCIDevice *d = &s->dev;
- XenPTRegion *region = NULL;
- PCIIORegion *r;
- int index = 0;
-
- /* check 64bit BAR */
- index = xen_pt_bar_offset_to_index(reg->offset);
- if ((0 < index) && (index < PCI_ROM_SLOT)) {
- int type = s->real_device.io_regions[index - 1].type;
-
- if ((type & XEN_HOST_PCI_REGION_TYPE_MEM)
- && (type & XEN_HOST_PCI_REGION_TYPE_MEM_64)) {
- region = &s->bases[index - 1];
- if (region->bar_flag != XEN_PT_BAR_FLAG_UPPER) {
- return XEN_PT_BAR_FLAG_UPPER;
- }
- }
- }
-
- /* check unused BAR */
- r = &d->io_regions[index];
- if (!xen_pt_get_bar_size(r)) {
- return XEN_PT_BAR_FLAG_UNUSED;
- }
-
- /* for ExpROM BAR */
- if (index == PCI_ROM_SLOT) {
- return XEN_PT_BAR_FLAG_MEM;
- }
-
- /* check BAR I/O indicator */
- if (s->real_device.io_regions[index].type & XEN_HOST_PCI_REGION_TYPE_IO) {
- return XEN_PT_BAR_FLAG_IO;
- } else {
- return XEN_PT_BAR_FLAG_MEM;
- }
-}
-
-static inline uint32_t base_address_with_flags(XenHostPCIIORegion *hr)
-{
- if (hr->type & XEN_HOST_PCI_REGION_TYPE_IO) {
- return hr->base_addr | (hr->bus_flags & ~PCI_BASE_ADDRESS_IO_MASK);
- } else {
- return hr->base_addr | (hr->bus_flags & ~PCI_BASE_ADDRESS_MEM_MASK);
- }
-}
-
-static int xen_pt_bar_reg_init(XenPCIPassthroughState *s, XenPTRegInfo *reg,
- uint32_t real_offset, uint32_t *data)
-{
- uint32_t reg_field = 0;
- int index;
-
- index = xen_pt_bar_offset_to_index(reg->offset);
- if (index < 0 || index >= PCI_NUM_REGIONS) {
- XEN_PT_ERR(&s->dev, "Internal error: Invalid BAR index [%d].\n", index);
- return -1;
- }
-
- /* set BAR flag */
- s->bases[index].bar_flag = xen_pt_bar_reg_parse(s, reg);
- if (s->bases[index].bar_flag == XEN_PT_BAR_FLAG_UNUSED) {
- reg_field = XEN_PT_INVALID_REG;
- }
-
- *data = reg_field;
- return 0;
-}
-static int xen_pt_bar_reg_read(XenPCIPassthroughState *s, XenPTReg *cfg_entry,
- uint32_t *value, uint32_t valid_mask)
-{
- XenPTRegInfo *reg = cfg_entry->reg;
- uint32_t valid_emu_mask = 0;
- uint32_t bar_emu_mask = 0;
- int index;
-
- /* get BAR index */
- index = xen_pt_bar_offset_to_index(reg->offset);
- if (index < 0 || index >= PCI_NUM_REGIONS) {
- XEN_PT_ERR(&s->dev, "Internal error: Invalid BAR index [%d].\n", index);
- return -1;
- }
-
- /* use fixed-up value from kernel sysfs */
- *value = base_address_with_flags(&s->real_device.io_regions[index]);
-
- /* set emulate mask depend on BAR flag */
- switch (s->bases[index].bar_flag) {
- case XEN_PT_BAR_FLAG_MEM:
- bar_emu_mask = XEN_PT_BAR_MEM_EMU_MASK;
- break;
- case XEN_PT_BAR_FLAG_IO:
- bar_emu_mask = XEN_PT_BAR_IO_EMU_MASK;
- break;
- case XEN_PT_BAR_FLAG_UPPER:
- bar_emu_mask = XEN_PT_BAR_ALLF;
- break;
- default:
- break;
- }
-
- /* emulate BAR */
- valid_emu_mask = bar_emu_mask & valid_mask;
- *value = XEN_PT_MERGE_VALUE(*value, cfg_entry->data, ~valid_emu_mask);
-
- return 0;
-}
-static int xen_pt_bar_reg_write(XenPCIPassthroughState *s, XenPTReg *cfg_entry,
- uint32_t *val, uint32_t dev_value,
- uint32_t valid_mask)
-{
- XenPTRegInfo *reg = cfg_entry->reg;
- XenPTRegion *base = NULL;
- PCIDevice *d = &s->dev;
- const PCIIORegion *r;
- uint32_t writable_mask = 0;
- uint32_t throughable_mask = 0;
- uint32_t bar_emu_mask = 0;
- uint32_t bar_ro_mask = 0;
- uint32_t r_size = 0;
- int index = 0;
-
- index = xen_pt_bar_offset_to_index(reg->offset);
- if (index < 0 || index >= PCI_NUM_REGIONS) {
- XEN_PT_ERR(d, "Internal error: Invalid BAR index [%d].\n", index);
- return -1;
- }
-
- r = &d->io_regions[index];
- base = &s->bases[index];
- r_size = xen_pt_get_emul_size(base->bar_flag, r->size);
-
- /* set emulate mask and read-only mask values depend on the BAR flag */
- switch (s->bases[index].bar_flag) {
- case XEN_PT_BAR_FLAG_MEM:
- bar_emu_mask = XEN_PT_BAR_MEM_EMU_MASK;
- if (!r_size) {
- /* low 32 bits mask for 64 bit bars */
- bar_ro_mask = XEN_PT_BAR_ALLF;
- } else {
- bar_ro_mask = XEN_PT_BAR_MEM_RO_MASK | (r_size - 1);
- }
- break;
- case XEN_PT_BAR_FLAG_IO:
- bar_emu_mask = XEN_PT_BAR_IO_EMU_MASK;
- bar_ro_mask = XEN_PT_BAR_IO_RO_MASK | (r_size - 1);
- break;
- case XEN_PT_BAR_FLAG_UPPER:
- bar_emu_mask = XEN_PT_BAR_ALLF;
- bar_ro_mask = r_size ? r_size - 1 : 0;
- break;
- default:
- break;
- }
-
- /* modify emulate register */
- writable_mask = bar_emu_mask & ~bar_ro_mask & valid_mask;
- cfg_entry->data = XEN_PT_MERGE_VALUE(*val, cfg_entry->data, writable_mask);
-
- /* check whether we need to update the virtual region address or not */
- switch (s->bases[index].bar_flag) {
- case XEN_PT_BAR_FLAG_UPPER:
- case XEN_PT_BAR_FLAG_MEM:
- /* nothing to do */
- break;
- case XEN_PT_BAR_FLAG_IO:
- /* nothing to do */
- break;
- default:
- break;
- }
-
- /* create value for writing to I/O device register */
- throughable_mask = ~bar_emu_mask & valid_mask;
- *val = XEN_PT_MERGE_VALUE(*val, dev_value, throughable_mask);
-
- return 0;
-}
-
-/* write Exp ROM BAR */
-static int xen_pt_exp_rom_bar_reg_write(XenPCIPassthroughState *s,
- XenPTReg *cfg_entry, uint32_t *val,
- uint32_t dev_value, uint32_t valid_mask)
-{
- XenPTRegInfo *reg = cfg_entry->reg;
- XenPTRegion *base = NULL;
- PCIDevice *d = (PCIDevice *)&s->dev;
- uint32_t writable_mask = 0;
- uint32_t throughable_mask = 0;
- pcibus_t r_size = 0;
- uint32_t bar_emu_mask = 0;
- uint32_t bar_ro_mask = 0;
-
- r_size = d->io_regions[PCI_ROM_SLOT].size;
- base = &s->bases[PCI_ROM_SLOT];
- /* align memory type resource size */
- r_size = xen_pt_get_emul_size(base->bar_flag, r_size);
-
- /* set emulate mask and read-only mask */
- bar_emu_mask = reg->emu_mask;
- bar_ro_mask = (reg->ro_mask | (r_size - 1)) & ~PCI_ROM_ADDRESS_ENABLE;
-
- /* modify emulate register */
- writable_mask = ~bar_ro_mask & valid_mask;
- cfg_entry->data = XEN_PT_MERGE_VALUE(*val, cfg_entry->data, writable_mask);
-
- /* create value for writing to I/O device register */
- throughable_mask = ~bar_emu_mask & valid_mask;
- *val = XEN_PT_MERGE_VALUE(*val, dev_value, throughable_mask);
-
- return 0;
-}
-
-/* Header Type0 reg static information table */
-static XenPTRegInfo xen_pt_emu_reg_header0[] = {
- /* Vendor ID reg */
- {
- .offset = PCI_VENDOR_ID,
- .size = 2,
- .init_val = 0x0000,
- .ro_mask = 0xFFFF,
- .emu_mask = 0xFFFF,
- .init = xen_pt_vendor_reg_init,
- .u.w.read = xen_pt_word_reg_read,
- .u.w.write = xen_pt_word_reg_write,
- },
- /* Device ID reg */
- {
- .offset = PCI_DEVICE_ID,
- .size = 2,
- .init_val = 0x0000,
- .ro_mask = 0xFFFF,
- .emu_mask = 0xFFFF,
- .init = xen_pt_device_reg_init,
- .u.w.read = xen_pt_word_reg_read,
- .u.w.write = xen_pt_word_reg_write,
- },
- /* Command reg */
- {
- .offset = PCI_COMMAND,
- .size = 2,
- .init_val = 0x0000,
- .ro_mask = 0xF880,
- .emu_mask = 0x0740,
- .init = xen_pt_common_reg_init,
- .u.w.read = xen_pt_cmd_reg_read,
- .u.w.write = xen_pt_cmd_reg_write,
- },
- /* Capabilities Pointer reg */
- {
- .offset = PCI_CAPABILITY_LIST,
- .size = 1,
- .init_val = 0x00,
- .ro_mask = 0xFF,
- .emu_mask = 0xFF,
- .init = xen_pt_ptr_reg_init,
- .u.b.read = xen_pt_byte_reg_read,
- .u.b.write = xen_pt_byte_reg_write,
- },
- /* Status reg */
- /* use emulated Cap Ptr value to initialize,
- * so need to be declared after Cap Ptr reg
- */
- {
- .offset = PCI_STATUS,
- .size = 2,
- .init_val = 0x0000,
- .ro_mask = 0x06FF,
- .emu_mask = 0x0010,
- .init = xen_pt_status_reg_init,
- .u.w.read = xen_pt_word_reg_read,
- .u.w.write = xen_pt_word_reg_write,
- },
- /* Cache Line Size reg */
- {
- .offset = PCI_CACHE_LINE_SIZE,
- .size = 1,
- .init_val = 0x00,
- .ro_mask = 0x00,
- .emu_mask = 0xFF,
- .init = xen_pt_common_reg_init,
- .u.b.read = xen_pt_byte_reg_read,
- .u.b.write = xen_pt_byte_reg_write,
- },
- /* Latency Timer reg */
- {
- .offset = PCI_LATENCY_TIMER,
- .size = 1,
- .init_val = 0x00,
- .ro_mask = 0x00,
- .emu_mask = 0xFF,
- .init = xen_pt_common_reg_init,
- .u.b.read = xen_pt_byte_reg_read,
- .u.b.write = xen_pt_byte_reg_write,
- },
- /* Header Type reg */
- {
- .offset = PCI_HEADER_TYPE,
- .size = 1,
- .init_val = 0x00,
- .ro_mask = 0xFF,
- .emu_mask = 0x00,
- .init = xen_pt_header_type_reg_init,
- .u.b.read = xen_pt_byte_reg_read,
- .u.b.write = xen_pt_byte_reg_write,
- },
- /* Interrupt Line reg */
- {
- .offset = PCI_INTERRUPT_LINE,
- .size = 1,
- .init_val = 0x00,
- .ro_mask = 0x00,
- .emu_mask = 0xFF,
- .init = xen_pt_common_reg_init,
- .u.b.read = xen_pt_byte_reg_read,
- .u.b.write = xen_pt_byte_reg_write,
- },
- /* Interrupt Pin reg */
- {
- .offset = PCI_INTERRUPT_PIN,
- .size = 1,
- .init_val = 0x00,
- .ro_mask = 0xFF,
- .emu_mask = 0xFF,
- .init = xen_pt_irqpin_reg_init,
- .u.b.read = xen_pt_byte_reg_read,
- .u.b.write = xen_pt_byte_reg_write,
- },
- /* BAR 0 reg */
- /* mask of BAR need to be decided later, depends on IO/MEM type */
- {
- .offset = PCI_BASE_ADDRESS_0,
- .size = 4,
- .init_val = 0x00000000,
- .init = xen_pt_bar_reg_init,
- .u.dw.read = xen_pt_bar_reg_read,
- .u.dw.write = xen_pt_bar_reg_write,
- },
- /* BAR 1 reg */
- {
- .offset = PCI_BASE_ADDRESS_1,
- .size = 4,
- .init_val = 0x00000000,
- .init = xen_pt_bar_reg_init,
- .u.dw.read = xen_pt_bar_reg_read,
- .u.dw.write = xen_pt_bar_reg_write,
- },
- /* BAR 2 reg */
- {
- .offset = PCI_BASE_ADDRESS_2,
- .size = 4,
- .init_val = 0x00000000,
- .init = xen_pt_bar_reg_init,
- .u.dw.read = xen_pt_bar_reg_read,
- .u.dw.write = xen_pt_bar_reg_write,
- },
- /* BAR 3 reg */
- {
- .offset = PCI_BASE_ADDRESS_3,
- .size = 4,
- .init_val = 0x00000000,
- .init = xen_pt_bar_reg_init,
- .u.dw.read = xen_pt_bar_reg_read,
- .u.dw.write = xen_pt_bar_reg_write,
- },
- /* BAR 4 reg */
- {
- .offset = PCI_BASE_ADDRESS_4,
- .size = 4,
- .init_val = 0x00000000,
- .init = xen_pt_bar_reg_init,
- .u.dw.read = xen_pt_bar_reg_read,
- .u.dw.write = xen_pt_bar_reg_write,
- },
- /* BAR 5 reg */
- {
- .offset = PCI_BASE_ADDRESS_5,
- .size = 4,
- .init_val = 0x00000000,
- .init = xen_pt_bar_reg_init,
- .u.dw.read = xen_pt_bar_reg_read,
- .u.dw.write = xen_pt_bar_reg_write,
- },
- /* Expansion ROM BAR reg */
- {
- .offset = PCI_ROM_ADDRESS,
- .size = 4,
- .init_val = 0x00000000,
- .ro_mask = 0x000007FE,
- .emu_mask = 0xFFFFF800,
- .init = xen_pt_bar_reg_init,
- .u.dw.read = xen_pt_long_reg_read,
- .u.dw.write = xen_pt_exp_rom_bar_reg_write,
- },
- {
- .size = 0,
- },
-};
-
-
-/*********************************
- * Vital Product Data Capability
- */
-
-/* Vital Product Data Capability Structure reg static information table */
-static XenPTRegInfo xen_pt_emu_reg_vpd[] = {
- {
- .offset = PCI_CAP_LIST_NEXT,
- .size = 1,
- .init_val = 0x00,
- .ro_mask = 0xFF,
- .emu_mask = 0xFF,
- .init = xen_pt_ptr_reg_init,
- .u.b.read = xen_pt_byte_reg_read,
- .u.b.write = xen_pt_byte_reg_write,
- },
- {
- .size = 0,
- },
-};
-
-
-/**************************************
- * Vendor Specific Capability
- */
-
-/* Vendor Specific Capability Structure reg static information table */
-static XenPTRegInfo xen_pt_emu_reg_vendor[] = {
- {
- .offset = PCI_CAP_LIST_NEXT,
- .size = 1,
- .init_val = 0x00,
- .ro_mask = 0xFF,
- .emu_mask = 0xFF,
- .init = xen_pt_ptr_reg_init,
- .u.b.read = xen_pt_byte_reg_read,
- .u.b.write = xen_pt_byte_reg_write,
- },
- {
- .size = 0,
- },
-};
-
-
-/*****************************
- * PCI Express Capability
- */
-
-static inline uint8_t get_capability_version(XenPCIPassthroughState *s,
- uint32_t offset)
-{
- uint8_t flags = pci_get_byte(s->dev.config + offset + PCI_EXP_FLAGS);
- return flags & PCI_EXP_FLAGS_VERS;
-}
-
-static inline uint8_t get_device_type(XenPCIPassthroughState *s,
- uint32_t offset)
-{
- uint8_t flags = pci_get_byte(s->dev.config + offset + PCI_EXP_FLAGS);
- return (flags & PCI_EXP_FLAGS_TYPE) >> 4;
-}
-
-/* initialize Link Control register */
-static int xen_pt_linkctrl_reg_init(XenPCIPassthroughState *s,
- XenPTRegInfo *reg, uint32_t real_offset,
- uint32_t *data)
-{
- uint8_t cap_ver = get_capability_version(s, real_offset - reg->offset);
- uint8_t dev_type = get_device_type(s, real_offset - reg->offset);
-
- /* no need to initialize in case of Root Complex Integrated Endpoint
- * with cap_ver 1.x
- */
- if ((dev_type == PCI_EXP_TYPE_RC_END) && (cap_ver == 1)) {
- *data = XEN_PT_INVALID_REG;
- }
-
- *data = reg->init_val;
- return 0;
-}
-/* initialize Device Control 2 register */
-static int xen_pt_devctrl2_reg_init(XenPCIPassthroughState *s,
- XenPTRegInfo *reg, uint32_t real_offset,
- uint32_t *data)
-{
- uint8_t cap_ver = get_capability_version(s, real_offset - reg->offset);
-
- /* no need to initialize in case of cap_ver 1.x */
- if (cap_ver == 1) {
- *data = XEN_PT_INVALID_REG;
- }
-
- *data = reg->init_val;
- return 0;
-}
-/* initialize Link Control 2 register */
-static int xen_pt_linkctrl2_reg_init(XenPCIPassthroughState *s,
- XenPTRegInfo *reg, uint32_t real_offset,
- uint32_t *data)
-{
- uint8_t cap_ver = get_capability_version(s, real_offset - reg->offset);
- uint32_t reg_field = 0;
-
- /* no need to initialize in case of cap_ver 1.x */
- if (cap_ver == 1) {
- reg_field = XEN_PT_INVALID_REG;
- } else {
- /* set Supported Link Speed */
- uint8_t lnkcap = pci_get_byte(s->dev.config + real_offset - reg->offset
- + PCI_EXP_LNKCAP);
- reg_field |= PCI_EXP_LNKCAP_SLS & lnkcap;
- }
-
- *data = reg_field;
- return 0;
-}
-
-/* PCI Express Capability Structure reg static information table */
-static XenPTRegInfo xen_pt_emu_reg_pcie[] = {
- /* Next Pointer reg */
- {
- .offset = PCI_CAP_LIST_NEXT,
- .size = 1,
- .init_val = 0x00,
- .ro_mask = 0xFF,
- .emu_mask = 0xFF,
- .init = xen_pt_ptr_reg_init,
- .u.b.read = xen_pt_byte_reg_read,
- .u.b.write = xen_pt_byte_reg_write,
- },
- /* Device Capabilities reg */
- {
- .offset = PCI_EXP_DEVCAP,
- .size = 4,
- .init_val = 0x00000000,
- .ro_mask = 0x1FFCFFFF,
- .emu_mask = 0x10000000,
- .init = xen_pt_common_reg_init,
- .u.dw.read = xen_pt_long_reg_read,
- .u.dw.write = xen_pt_long_reg_write,
- },
- /* Device Control reg */
- {
- .offset = PCI_EXP_DEVCTL,
- .size = 2,
- .init_val = 0x2810,
- .ro_mask = 0x8400,
- .emu_mask = 0xFFFF,
- .init = xen_pt_common_reg_init,
- .u.w.read = xen_pt_word_reg_read,
- .u.w.write = xen_pt_word_reg_write,
- },
- /* Link Control reg */
- {
- .offset = PCI_EXP_LNKCTL,
- .size = 2,
- .init_val = 0x0000,
- .ro_mask = 0xFC34,
- .emu_mask = 0xFFFF,
- .init = xen_pt_linkctrl_reg_init,
- .u.w.read = xen_pt_word_reg_read,
- .u.w.write = xen_pt_word_reg_write,
- },
- /* Device Control 2 reg */
- {
- .offset = 0x28,
- .size = 2,
- .init_val = 0x0000,
- .ro_mask = 0xFFE0,
- .emu_mask = 0xFFFF,
- .init = xen_pt_devctrl2_reg_init,
- .u.w.read = xen_pt_word_reg_read,
- .u.w.write = xen_pt_word_reg_write,
- },
- /* Link Control 2 reg */
- {
- .offset = 0x30,
- .size = 2,
- .init_val = 0x0000,
- .ro_mask = 0xE040,
- .emu_mask = 0xFFFF,
- .init = xen_pt_linkctrl2_reg_init,
- .u.w.read = xen_pt_word_reg_read,
- .u.w.write = xen_pt_word_reg_write,
- },
- {
- .size = 0,
- },
-};
-
-
-/*********************************
- * Power Management Capability
- */
-
-/* read Power Management Control/Status register */
-static int xen_pt_pmcsr_reg_read(XenPCIPassthroughState *s, XenPTReg *cfg_entry,
- uint16_t *value, uint16_t valid_mask)
-{
- XenPTRegInfo *reg = cfg_entry->reg;
- uint16_t valid_emu_mask = reg->emu_mask;
-
- valid_emu_mask |= PCI_PM_CTRL_STATE_MASK | PCI_PM_CTRL_NO_SOFT_RESET;
-
- valid_emu_mask = valid_emu_mask & valid_mask;
- *value = XEN_PT_MERGE_VALUE(*value, cfg_entry->data, ~valid_emu_mask);
-
- return 0;
-}
-/* write Power Management Control/Status register */
-static int xen_pt_pmcsr_reg_write(XenPCIPassthroughState *s,
- XenPTReg *cfg_entry, uint16_t *val,
- uint16_t dev_value, uint16_t valid_mask)
-{
- XenPTRegInfo *reg = cfg_entry->reg;
- uint16_t emu_mask = reg->emu_mask;
- uint16_t writable_mask = 0;
- uint16_t throughable_mask = 0;
-
- emu_mask |= PCI_PM_CTRL_STATE_MASK | PCI_PM_CTRL_NO_SOFT_RESET;
-
- /* modify emulate register */
- writable_mask = emu_mask & ~reg->ro_mask & valid_mask;
- cfg_entry->data = XEN_PT_MERGE_VALUE(*val, cfg_entry->data, writable_mask);
-
- /* create value for writing to I/O device register */
- throughable_mask = ~emu_mask & valid_mask;
- *val = XEN_PT_MERGE_VALUE(*val, dev_value, throughable_mask);
-
- return 0;
-}
-
-/* Power Management Capability reg static information table */
-static XenPTRegInfo xen_pt_emu_reg_pm[] = {
- /* Next Pointer reg */
- {
- .offset = PCI_CAP_LIST_NEXT,
- .size = 1,
- .init_val = 0x00,
- .ro_mask = 0xFF,
- .emu_mask = 0xFF,
- .init = xen_pt_ptr_reg_init,
- .u.b.read = xen_pt_byte_reg_read,
- .u.b.write = xen_pt_byte_reg_write,
- },
- /* Power Management Capabilities reg */
- {
- .offset = PCI_CAP_FLAGS,
- .size = 2,
- .init_val = 0x0000,
- .ro_mask = 0xFFFF,
- .emu_mask = 0xF9C8,
- .init = xen_pt_common_reg_init,
- .u.w.read = xen_pt_word_reg_read,
- .u.w.write = xen_pt_word_reg_write,
- },
- /* PCI Power Management Control/Status reg */
- {
- .offset = PCI_PM_CTRL,
- .size = 2,
- .init_val = 0x0008,
- .ro_mask = 0xE1FC,
- .emu_mask = 0x8100,
- .init = xen_pt_common_reg_init,
- .u.w.read = xen_pt_pmcsr_reg_read,
- .u.w.write = xen_pt_pmcsr_reg_write,
- },
- {
- .size = 0,
- },
-};
-
-
-/********************************
- * MSI Capability
- */
-
-/* Helper */
-static bool xen_pt_msgdata_check_type(uint32_t offset, uint16_t flags)
-{
- /* check the offset whether matches the type or not */
- bool is_32 = (offset == PCI_MSI_DATA_32) && !(flags & PCI_MSI_FLAGS_64BIT);
- bool is_64 = (offset == PCI_MSI_DATA_64) && (flags & PCI_MSI_FLAGS_64BIT);
- return is_32 || is_64;
-}
-
-/* Message Control register */
-static int xen_pt_msgctrl_reg_init(XenPCIPassthroughState *s,
- XenPTRegInfo *reg, uint32_t real_offset,
- uint32_t *data)
-{
- PCIDevice *d = &s->dev;
- XenPTMSI *msi = s->msi;
- uint16_t reg_field = 0;
-
- /* use I/O device register's value as initial value */
- reg_field = pci_get_word(d->config + real_offset);
-
- if (reg_field & PCI_MSI_FLAGS_ENABLE) {
- XEN_PT_LOG(&s->dev, "MSI already enabled, disabling it first\n");
- xen_host_pci_set_word(&s->real_device, real_offset,
- reg_field & ~PCI_MSI_FLAGS_ENABLE);
- }
- msi->flags |= reg_field;
- msi->ctrl_offset = real_offset;
- msi->initialized = false;
- msi->mapped = false;
-
- *data = reg->init_val;
- return 0;
-}
-static int xen_pt_msgctrl_reg_write(XenPCIPassthroughState *s,
- XenPTReg *cfg_entry, uint16_t *val,
- uint16_t dev_value, uint16_t valid_mask)
-{
- XenPTRegInfo *reg = cfg_entry->reg;
- XenPTMSI *msi = s->msi;
- uint16_t writable_mask = 0;
- uint16_t throughable_mask = 0;
- uint16_t raw_val;
-
- /* Currently no support for multi-vector */
- if (*val & PCI_MSI_FLAGS_QSIZE) {
- XEN_PT_WARN(&s->dev, "Tries to set more than 1 vector ctrl %x\n", *val);
- }
-
- /* modify emulate register */
- writable_mask = reg->emu_mask & ~reg->ro_mask & valid_mask;
- cfg_entry->data = XEN_PT_MERGE_VALUE(*val, cfg_entry->data, writable_mask);
- msi->flags |= cfg_entry->data & ~PCI_MSI_FLAGS_ENABLE;
-
- /* create value for writing to I/O device register */
- raw_val = *val;
- throughable_mask = ~reg->emu_mask & valid_mask;
- *val = XEN_PT_MERGE_VALUE(*val, dev_value, throughable_mask);
-
- /* update MSI */
- if (raw_val & PCI_MSI_FLAGS_ENABLE) {
- /* setup MSI pirq for the first time */
- if (!msi->initialized) {
- /* Init physical one */
- XEN_PT_LOG(&s->dev, "setup MSI\n");
- if (xen_pt_msi_setup(s)) {
- /* We do not broadcast the error to the framework code, so
- * that MSI errors are contained in MSI emulation code and
- * QEMU can go on running.
- * Guest MSI would be actually not working.
- */
- *val &= ~PCI_MSI_FLAGS_ENABLE;
- XEN_PT_WARN(&s->dev, "Can not map MSI.\n");
- return 0;
- }
- if (xen_pt_msi_update(s)) {
- *val &= ~PCI_MSI_FLAGS_ENABLE;
- XEN_PT_WARN(&s->dev, "Can not bind MSI\n");
- return 0;
- }
- msi->initialized = true;
- msi->mapped = true;
- }
- msi->flags |= PCI_MSI_FLAGS_ENABLE;
- } else {
- msi->flags &= ~PCI_MSI_FLAGS_ENABLE;
- }
-
- /* pass through MSI_ENABLE bit */
- *val &= ~PCI_MSI_FLAGS_ENABLE;
- *val |= raw_val & PCI_MSI_FLAGS_ENABLE;
-
- return 0;
-}
-
-/* initialize Message Upper Address register */
-static int xen_pt_msgaddr64_reg_init(XenPCIPassthroughState *s,
- XenPTRegInfo *reg, uint32_t real_offset,
- uint32_t *data)
-{
- /* no need to initialize in case of 32 bit type */
- if (!(s->msi->flags & PCI_MSI_FLAGS_64BIT)) {
- *data = XEN_PT_INVALID_REG;
- } else {
- *data = reg->init_val;
- }
-
- return 0;
-}
-/* this function will be called twice (for 32 bit and 64 bit type) */
-/* initialize Message Data register */
-static int xen_pt_msgdata_reg_init(XenPCIPassthroughState *s,
- XenPTRegInfo *reg, uint32_t real_offset,
- uint32_t *data)
-{
- uint32_t flags = s->msi->flags;
- uint32_t offset = reg->offset;
-
- /* check the offset whether matches the type or not */
- if (xen_pt_msgdata_check_type(offset, flags)) {
- *data = reg->init_val;
- } else {
- *data = XEN_PT_INVALID_REG;
- }
- return 0;
-}
-
-/* write Message Address register */
-static int xen_pt_msgaddr32_reg_write(XenPCIPassthroughState *s,
- XenPTReg *cfg_entry, uint32_t *val,
- uint32_t dev_value, uint32_t valid_mask)
-{
- XenPTRegInfo *reg = cfg_entry->reg;
- uint32_t writable_mask = 0;
- uint32_t throughable_mask = 0;
- uint32_t old_addr = cfg_entry->data;
-
- /* modify emulate register */
- writable_mask = reg->emu_mask & ~reg->ro_mask & valid_mask;
- cfg_entry->data = XEN_PT_MERGE_VALUE(*val, cfg_entry->data, writable_mask);
- s->msi->addr_lo = cfg_entry->data;
-
- /* create value for writing to I/O device register */
- throughable_mask = ~reg->emu_mask & valid_mask;
- *val = XEN_PT_MERGE_VALUE(*val, dev_value, throughable_mask);
-
- /* update MSI */
- if (cfg_entry->data != old_addr) {
- if (s->msi->mapped) {
- xen_pt_msi_update(s);
- }
- }
-
- return 0;
-}
-/* write Message Upper Address register */
-static int xen_pt_msgaddr64_reg_write(XenPCIPassthroughState *s,
- XenPTReg *cfg_entry, uint32_t *val,
- uint32_t dev_value, uint32_t valid_mask)
-{
- XenPTRegInfo *reg = cfg_entry->reg;
- uint32_t writable_mask = 0;
- uint32_t throughable_mask = 0;
- uint32_t old_addr = cfg_entry->data;
-
- /* check whether the type is 64 bit or not */
- if (!(s->msi->flags & PCI_MSI_FLAGS_64BIT)) {
- XEN_PT_ERR(&s->dev,
- "Can't write to the upper address without 64 bit support\n");
- return -1;
- }
-
- /* modify emulate register */
- writable_mask = reg->emu_mask & ~reg->ro_mask & valid_mask;
- cfg_entry->data = XEN_PT_MERGE_VALUE(*val, cfg_entry->data, writable_mask);
- /* update the msi_info too */
- s->msi->addr_hi = cfg_entry->data;
-
- /* create value for writing to I/O device register */
- throughable_mask = ~reg->emu_mask & valid_mask;
- *val = XEN_PT_MERGE_VALUE(*val, dev_value, throughable_mask);
-
- /* update MSI */
- if (cfg_entry->data != old_addr) {
- if (s->msi->mapped) {
- xen_pt_msi_update(s);
- }
- }
-
- return 0;
-}
-
-
-/* this function will be called twice (for 32 bit and 64 bit type) */
-/* write Message Data register */
-static int xen_pt_msgdata_reg_write(XenPCIPassthroughState *s,
- XenPTReg *cfg_entry, uint16_t *val,
- uint16_t dev_value, uint16_t valid_mask)
-{
- XenPTRegInfo *reg = cfg_entry->reg;
- XenPTMSI *msi = s->msi;
- uint16_t writable_mask = 0;
- uint16_t throughable_mask = 0;
- uint16_t old_data = cfg_entry->data;
- uint32_t offset = reg->offset;
-
- /* check the offset whether matches the type or not */
- if (!xen_pt_msgdata_check_type(offset, msi->flags)) {
- /* exit I/O emulator */
- XEN_PT_ERR(&s->dev, "the offset does not match the 32/64 bit type!\n");
- return -1;
- }
-
- /* modify emulate register */
- writable_mask = reg->emu_mask & ~reg->ro_mask & valid_mask;
- cfg_entry->data = XEN_PT_MERGE_VALUE(*val, cfg_entry->data, writable_mask);
- /* update the msi_info too */
- msi->data = cfg_entry->data;
-
- /* create value for writing to I/O device register */
- throughable_mask = ~reg->emu_mask & valid_mask;
- *val = XEN_PT_MERGE_VALUE(*val, dev_value, throughable_mask);
-
- /* update MSI */
- if (cfg_entry->data != old_data) {
- if (msi->mapped) {
- xen_pt_msi_update(s);
- }
- }
-
- return 0;
-}
-
-/* MSI Capability Structure reg static information table */
-static XenPTRegInfo xen_pt_emu_reg_msi[] = {
- /* Next Pointer reg */
- {
- .offset = PCI_CAP_LIST_NEXT,
- .size = 1,
- .init_val = 0x00,
- .ro_mask = 0xFF,
- .emu_mask = 0xFF,
- .init = xen_pt_ptr_reg_init,
- .u.b.read = xen_pt_byte_reg_read,
- .u.b.write = xen_pt_byte_reg_write,
- },
- /* Message Control reg */
- {
- .offset = PCI_MSI_FLAGS,
- .size = 2,
- .init_val = 0x0000,
- .ro_mask = 0xFF8E,
- .emu_mask = 0x007F,
- .init = xen_pt_msgctrl_reg_init,
- .u.w.read = xen_pt_word_reg_read,
- .u.w.write = xen_pt_msgctrl_reg_write,
- },
- /* Message Address reg */
- {
- .offset = PCI_MSI_ADDRESS_LO,
- .size = 4,
- .init_val = 0x00000000,
- .ro_mask = 0x00000003,
- .emu_mask = 0xFFFFFFFF,
- .no_wb = 1,
- .init = xen_pt_common_reg_init,
- .u.dw.read = xen_pt_long_reg_read,
- .u.dw.write = xen_pt_msgaddr32_reg_write,
- },
- /* Message Upper Address reg (if PCI_MSI_FLAGS_64BIT set) */
- {
- .offset = PCI_MSI_ADDRESS_HI,
- .size = 4,
- .init_val = 0x00000000,
- .ro_mask = 0x00000000,
- .emu_mask = 0xFFFFFFFF,
- .no_wb = 1,
- .init = xen_pt_msgaddr64_reg_init,
- .u.dw.read = xen_pt_long_reg_read,
- .u.dw.write = xen_pt_msgaddr64_reg_write,
- },
- /* Message Data reg (16 bits of data for 32-bit devices) */
- {
- .offset = PCI_MSI_DATA_32,
- .size = 2,
- .init_val = 0x0000,
- .ro_mask = 0x0000,
- .emu_mask = 0xFFFF,
- .no_wb = 1,
- .init = xen_pt_msgdata_reg_init,
- .u.w.read = xen_pt_word_reg_read,
- .u.w.write = xen_pt_msgdata_reg_write,
- },
- /* Message Data reg (16 bits of data for 64-bit devices) */
- {
- .offset = PCI_MSI_DATA_64,
- .size = 2,
- .init_val = 0x0000,
- .ro_mask = 0x0000,
- .emu_mask = 0xFFFF,
- .no_wb = 1,
- .init = xen_pt_msgdata_reg_init,
- .u.w.read = xen_pt_word_reg_read,
- .u.w.write = xen_pt_msgdata_reg_write,
- },
- {
- .size = 0,
- },
-};
-
-
-/**************************************
- * MSI-X Capability
- */
-
-/* Message Control register for MSI-X */
-static int xen_pt_msixctrl_reg_init(XenPCIPassthroughState *s,
- XenPTRegInfo *reg, uint32_t real_offset,
- uint32_t *data)
-{
- PCIDevice *d = &s->dev;
- uint16_t reg_field = 0;
-
- /* use I/O device register's value as initial value */
- reg_field = pci_get_word(d->config + real_offset);
-
- if (reg_field & PCI_MSIX_FLAGS_ENABLE) {
- XEN_PT_LOG(d, "MSIX already enabled, disabling it first\n");
- xen_host_pci_set_word(&s->real_device, real_offset,
- reg_field & ~PCI_MSIX_FLAGS_ENABLE);
- }
-
- s->msix->ctrl_offset = real_offset;
-
- *data = reg->init_val;
- return 0;
-}
-static int xen_pt_msixctrl_reg_write(XenPCIPassthroughState *s,
- XenPTReg *cfg_entry, uint16_t *val,
- uint16_t dev_value, uint16_t valid_mask)
-{
- XenPTRegInfo *reg = cfg_entry->reg;
- uint16_t writable_mask = 0;
- uint16_t throughable_mask = 0;
- int debug_msix_enabled_old;
-
- /* modify emulate register */
- writable_mask = reg->emu_mask & ~reg->ro_mask & valid_mask;
- cfg_entry->data = XEN_PT_MERGE_VALUE(*val, cfg_entry->data, writable_mask);
-
- /* create value for writing to I/O device register */
- throughable_mask = ~reg->emu_mask & valid_mask;
- *val = XEN_PT_MERGE_VALUE(*val, dev_value, throughable_mask);
-
- /* update MSI-X */
- if ((*val & PCI_MSIX_FLAGS_ENABLE)
- && !(*val & PCI_MSIX_FLAGS_MASKALL)) {
- xen_pt_msix_update(s);
- }
-
- debug_msix_enabled_old = s->msix->enabled;
- s->msix->enabled = !!(*val & PCI_MSIX_FLAGS_ENABLE);
- if (s->msix->enabled != debug_msix_enabled_old) {
- XEN_PT_LOG(&s->dev, "%s MSI-X\n",
- s->msix->enabled ? "enable" : "disable");
- }
-
- return 0;
-}
-
-/* MSI-X Capability Structure reg static information table */
-static XenPTRegInfo xen_pt_emu_reg_msix[] = {
- /* Next Pointer reg */
- {
- .offset = PCI_CAP_LIST_NEXT,
- .size = 1,
- .init_val = 0x00,
- .ro_mask = 0xFF,
- .emu_mask = 0xFF,
- .init = xen_pt_ptr_reg_init,
- .u.b.read = xen_pt_byte_reg_read,
- .u.b.write = xen_pt_byte_reg_write,
- },
- /* Message Control reg */
- {
- .offset = PCI_MSI_FLAGS,
- .size = 2,
- .init_val = 0x0000,
- .ro_mask = 0x3FFF,
- .emu_mask = 0x0000,
- .init = xen_pt_msixctrl_reg_init,
- .u.w.read = xen_pt_word_reg_read,
- .u.w.write = xen_pt_msixctrl_reg_write,
- },
- {
- .size = 0,
- },
-};
-
-
-/****************************
- * Capabilities
- */
-
-/* capability structure register group size functions */
-
-static int xen_pt_reg_grp_size_init(XenPCIPassthroughState *s,
- const XenPTRegGroupInfo *grp_reg,
- uint32_t base_offset, uint8_t *size)
-{
- *size = grp_reg->grp_size;
- return 0;
-}
-/* get Vendor Specific Capability Structure register group size */
-static int xen_pt_vendor_size_init(XenPCIPassthroughState *s,
- const XenPTRegGroupInfo *grp_reg,
- uint32_t base_offset, uint8_t *size)
-{
- *size = pci_get_byte(s->dev.config + base_offset + 0x02);
- return 0;
-}
-/* get PCI Express Capability Structure register group size */
-static int xen_pt_pcie_size_init(XenPCIPassthroughState *s,
- const XenPTRegGroupInfo *grp_reg,
- uint32_t base_offset, uint8_t *size)
-{
- PCIDevice *d = &s->dev;
- uint8_t version = get_capability_version(s, base_offset);
- uint8_t type = get_device_type(s, base_offset);
- uint8_t pcie_size = 0;
-
-
- /* calculate size depend on capability version and device/port type */
- /* in case of PCI Express Base Specification Rev 1.x */
- if (version == 1) {
- /* The PCI Express Capabilities, Device Capabilities, and Device
- * Status/Control registers are required for all PCI Express devices.
- * The Link Capabilities and Link Status/Control are required for all
- * Endpoints that are not Root Complex Integrated Endpoints. Endpoints
- * are not required to implement registers other than those listed
- * above and terminate the capability structure.
- */
- switch (type) {
- case PCI_EXP_TYPE_ENDPOINT:
- case PCI_EXP_TYPE_LEG_END:
- pcie_size = 0x14;
- break;
- case PCI_EXP_TYPE_RC_END:
- /* has no link */
- pcie_size = 0x0C;
- break;
- /* only EndPoint passthrough is supported */
- case PCI_EXP_TYPE_ROOT_PORT:
- case PCI_EXP_TYPE_UPSTREAM:
- case PCI_EXP_TYPE_DOWNSTREAM:
- case PCI_EXP_TYPE_PCI_BRIDGE:
- case PCI_EXP_TYPE_PCIE_BRIDGE:
- case PCI_EXP_TYPE_RC_EC:
- default:
- XEN_PT_ERR(d, "Unsupported device/port type %#x.\n", type);
- return -1;
- }
- }
- /* in case of PCI Express Base Specification Rev 2.0 */
- else if (version == 2) {
- switch (type) {
- case PCI_EXP_TYPE_ENDPOINT:
- case PCI_EXP_TYPE_LEG_END:
- case PCI_EXP_TYPE_RC_END:
- /* For Functions that do not implement the registers,
- * these spaces must be hardwired to 0b.
- */
- pcie_size = 0x3C;
- break;
- /* only EndPoint passthrough is supported */
- case PCI_EXP_TYPE_ROOT_PORT:
- case PCI_EXP_TYPE_UPSTREAM:
- case PCI_EXP_TYPE_DOWNSTREAM:
- case PCI_EXP_TYPE_PCI_BRIDGE:
- case PCI_EXP_TYPE_PCIE_BRIDGE:
- case PCI_EXP_TYPE_RC_EC:
- default:
- XEN_PT_ERR(d, "Unsupported device/port type %#x.\n", type);
- return -1;
- }
- } else {
- XEN_PT_ERR(d, "Unsupported capability version %#x.\n", version);
- return -1;
- }
-
- *size = pcie_size;
- return 0;
-}
-/* get MSI Capability Structure register group size */
-static int xen_pt_msi_size_init(XenPCIPassthroughState *s,
- const XenPTRegGroupInfo *grp_reg,
- uint32_t base_offset, uint8_t *size)
-{
- PCIDevice *d = &s->dev;
- uint16_t msg_ctrl = 0;
- uint8_t msi_size = 0xa;
-
- msg_ctrl = pci_get_word(d->config + (base_offset + PCI_MSI_FLAGS));
-
- /* check if 64-bit address is capable of per-vector masking */
- if (msg_ctrl & PCI_MSI_FLAGS_64BIT) {
- msi_size += 4;
- }
- if (msg_ctrl & PCI_MSI_FLAGS_MASKBIT) {
- msi_size += 10;
- }
-
- s->msi = g_new0(XenPTMSI, 1);
- s->msi->pirq = XEN_PT_UNASSIGNED_PIRQ;
-
- *size = msi_size;
- return 0;
-}
-/* get MSI-X Capability Structure register group size */
-static int xen_pt_msix_size_init(XenPCIPassthroughState *s,
- const XenPTRegGroupInfo *grp_reg,
- uint32_t base_offset, uint8_t *size)
-{
- int rc = 0;
-
- rc = xen_pt_msix_init(s, base_offset);
-
- if (rc < 0) {
- XEN_PT_ERR(&s->dev, "Internal error: Invalid xen_pt_msix_init.\n");
- return rc;
- }
-
- *size = grp_reg->grp_size;
- return 0;
-}
-
-
-static const XenPTRegGroupInfo xen_pt_emu_reg_grps[] = {
- /* Header Type0 reg group */
- {
- .grp_id = 0xFF,
- .grp_type = XEN_PT_GRP_TYPE_EMU,
- .grp_size = 0x40,
- .size_init = xen_pt_reg_grp_size_init,
- .emu_regs = xen_pt_emu_reg_header0,
- },
- /* PCI PowerManagement Capability reg group */
- {
- .grp_id = PCI_CAP_ID_PM,
- .grp_type = XEN_PT_GRP_TYPE_EMU,
- .grp_size = PCI_PM_SIZEOF,
- .size_init = xen_pt_reg_grp_size_init,
- .emu_regs = xen_pt_emu_reg_pm,
- },
- /* AGP Capability Structure reg group */
- {
- .grp_id = PCI_CAP_ID_AGP,
- .grp_type = XEN_PT_GRP_TYPE_HARDWIRED,
- .grp_size = 0x30,
- .size_init = xen_pt_reg_grp_size_init,
- },
- /* Vital Product Data Capability Structure reg group */
- {
- .grp_id = PCI_CAP_ID_VPD,
- .grp_type = XEN_PT_GRP_TYPE_EMU,
- .grp_size = 0x08,
- .size_init = xen_pt_reg_grp_size_init,
- .emu_regs = xen_pt_emu_reg_vpd,
- },
- /* Slot Identification reg group */
- {
- .grp_id = PCI_CAP_ID_SLOTID,
- .grp_type = XEN_PT_GRP_TYPE_HARDWIRED,
- .grp_size = 0x04,
- .size_init = xen_pt_reg_grp_size_init,
- },
- /* MSI Capability Structure reg group */
- {
- .grp_id = PCI_CAP_ID_MSI,
- .grp_type = XEN_PT_GRP_TYPE_EMU,
- .grp_size = 0xFF,
- .size_init = xen_pt_msi_size_init,
- .emu_regs = xen_pt_emu_reg_msi,
- },
- /* PCI-X Capabilities List Item reg group */
- {
- .grp_id = PCI_CAP_ID_PCIX,
- .grp_type = XEN_PT_GRP_TYPE_HARDWIRED,
- .grp_size = 0x18,
- .size_init = xen_pt_reg_grp_size_init,
- },
- /* Vendor Specific Capability Structure reg group */
- {
- .grp_id = PCI_CAP_ID_VNDR,
- .grp_type = XEN_PT_GRP_TYPE_EMU,
- .grp_size = 0xFF,
- .size_init = xen_pt_vendor_size_init,
- .emu_regs = xen_pt_emu_reg_vendor,
- },
- /* SHPC Capability List Item reg group */
- {
- .grp_id = PCI_CAP_ID_SHPC,
- .grp_type = XEN_PT_GRP_TYPE_HARDWIRED,
- .grp_size = 0x08,
- .size_init = xen_pt_reg_grp_size_init,
- },
- /* Subsystem ID and Subsystem Vendor ID Capability List Item reg group */
- {
- .grp_id = PCI_CAP_ID_SSVID,
- .grp_type = XEN_PT_GRP_TYPE_HARDWIRED,
- .grp_size = 0x08,
- .size_init = xen_pt_reg_grp_size_init,
- },
- /* AGP 8x Capability Structure reg group */
- {
- .grp_id = PCI_CAP_ID_AGP3,
- .grp_type = XEN_PT_GRP_TYPE_HARDWIRED,
- .grp_size = 0x30,
- .size_init = xen_pt_reg_grp_size_init,
- },
- /* PCI Express Capability Structure reg group */
- {
- .grp_id = PCI_CAP_ID_EXP,
- .grp_type = XEN_PT_GRP_TYPE_EMU,
- .grp_size = 0xFF,
- .size_init = xen_pt_pcie_size_init,
- .emu_regs = xen_pt_emu_reg_pcie,
- },
- /* MSI-X Capability Structure reg group */
- {
- .grp_id = PCI_CAP_ID_MSIX,
- .grp_type = XEN_PT_GRP_TYPE_EMU,
- .grp_size = 0x0C,
- .size_init = xen_pt_msix_size_init,
- .emu_regs = xen_pt_emu_reg_msix,
- },
- {
- .grp_size = 0,
- },
-};
-
-/* initialize Capabilities Pointer or Next Pointer register */
-static int xen_pt_ptr_reg_init(XenPCIPassthroughState *s,
- XenPTRegInfo *reg, uint32_t real_offset,
- uint32_t *data)
-{
- int i;
- uint8_t *config = s->dev.config;
- uint32_t reg_field = pci_get_byte(config + real_offset);
- uint8_t cap_id = 0;
-
- /* find capability offset */
- while (reg_field) {
- for (i = 0; xen_pt_emu_reg_grps[i].grp_size != 0; i++) {
- if (xen_pt_hide_dev_cap(&s->real_device,
- xen_pt_emu_reg_grps[i].grp_id)) {
- continue;
- }
-
- cap_id = pci_get_byte(config + reg_field + PCI_CAP_LIST_ID);
- if (xen_pt_emu_reg_grps[i].grp_id == cap_id) {
- if (xen_pt_emu_reg_grps[i].grp_type == XEN_PT_GRP_TYPE_EMU) {
- goto out;
- }
- /* ignore the 0 hardwired capability, find next one */
- break;
- }
- }
-
- /* next capability */
- reg_field = pci_get_byte(config + reg_field + PCI_CAP_LIST_NEXT);
- }
-
-out:
- *data = reg_field;
- return 0;
-}
-
-
-/*************
- * Main
- */
-
-static uint8_t find_cap_offset(XenPCIPassthroughState *s, uint8_t cap)
-{
- uint8_t id;
- unsigned max_cap = PCI_CAP_MAX;
- uint8_t pos = PCI_CAPABILITY_LIST;
- uint8_t status = 0;
-
- if (xen_host_pci_get_byte(&s->real_device, PCI_STATUS, &status)) {
- return 0;
- }
- if ((status & PCI_STATUS_CAP_LIST) == 0) {
- return 0;
- }
-
- while (max_cap--) {
- if (xen_host_pci_get_byte(&s->real_device, pos, &pos)) {
- break;
- }
- if (pos < PCI_CONFIG_HEADER_SIZE) {
- break;
- }
-
- pos &= ~3;
- if (xen_host_pci_get_byte(&s->real_device,
- pos + PCI_CAP_LIST_ID, &id)) {
- break;
- }
-
- if (id == 0xff) {
- break;
- }
- if (id == cap) {
- return pos;
- }
-
- pos += PCI_CAP_LIST_NEXT;
- }
- return 0;
-}
-
-static int xen_pt_config_reg_init(XenPCIPassthroughState *s,
- XenPTRegGroup *reg_grp, XenPTRegInfo *reg)
-{
- XenPTReg *reg_entry;
- uint32_t data = 0;
- int rc = 0;
-
- reg_entry = g_new0(XenPTReg, 1);
- reg_entry->reg = reg;
-
- if (reg->init) {
- /* initialize emulate register */
- rc = reg->init(s, reg_entry->reg,
- reg_grp->base_offset + reg->offset, &data);
- if (rc < 0) {
- free(reg_entry);
- return rc;
- }
- if (data == XEN_PT_INVALID_REG) {
- /* free unused BAR register entry */
- free(reg_entry);
- return 0;
- }
- /* set register value */
- reg_entry->data = data;
- }
- /* list add register entry */
- QLIST_INSERT_HEAD(&reg_grp->reg_tbl_list, reg_entry, entries);
-
- return 0;
-}
-
-int xen_pt_config_init(XenPCIPassthroughState *s)
-{
- int i, rc;
-
- QLIST_INIT(&s->reg_grps);
-
- for (i = 0; xen_pt_emu_reg_grps[i].grp_size != 0; i++) {
- uint32_t reg_grp_offset = 0;
- XenPTRegGroup *reg_grp_entry = NULL;
-
- if (xen_pt_emu_reg_grps[i].grp_id != 0xFF) {
- if (xen_pt_hide_dev_cap(&s->real_device,
- xen_pt_emu_reg_grps[i].grp_id)) {
- continue;
- }
-
- reg_grp_offset = find_cap_offset(s, xen_pt_emu_reg_grps[i].grp_id);
-
- if (!reg_grp_offset) {
- continue;
- }
- }
-
- reg_grp_entry = g_new0(XenPTRegGroup, 1);
- QLIST_INIT(&reg_grp_entry->reg_tbl_list);
- QLIST_INSERT_HEAD(&s->reg_grps, reg_grp_entry, entries);
-
- reg_grp_entry->base_offset = reg_grp_offset;
- reg_grp_entry->reg_grp = xen_pt_emu_reg_grps + i;
- if (xen_pt_emu_reg_grps[i].size_init) {
- /* get register group size */
- rc = xen_pt_emu_reg_grps[i].size_init(s, reg_grp_entry->reg_grp,
- reg_grp_offset,
- &reg_grp_entry->size);
- if (rc < 0) {
- xen_pt_config_delete(s);
- return rc;
- }
- }
-
- if (xen_pt_emu_reg_grps[i].grp_type == XEN_PT_GRP_TYPE_EMU) {
- if (xen_pt_emu_reg_grps[i].emu_regs) {
- int j = 0;
- XenPTRegInfo *regs = xen_pt_emu_reg_grps[i].emu_regs;
- /* initialize capability register */
- for (j = 0; regs->size != 0; j++, regs++) {
- /* initialize capability register */
- rc = xen_pt_config_reg_init(s, reg_grp_entry, regs);
- if (rc < 0) {
- xen_pt_config_delete(s);
- return rc;
- }
- }
- }
- }
- }
-
- return 0;
-}
-
-/* delete all emulate register */
-void xen_pt_config_delete(XenPCIPassthroughState *s)
-{
- struct XenPTRegGroup *reg_group, *next_grp;
- struct XenPTReg *reg, *next_reg;
-
- /* free MSI/MSI-X info table */
- if (s->msix) {
- xen_pt_msix_delete(s);
- }
- if (s->msi) {
- g_free(s->msi);
- }
-
- /* free all register group entry */
- QLIST_FOREACH_SAFE(reg_group, &s->reg_grps, entries, next_grp) {
- /* free all register entry */
- QLIST_FOREACH_SAFE(reg, &reg_group->reg_tbl_list, entries, next_reg) {
- QLIST_REMOVE(reg, entries);
- g_free(reg);
- }
-
- QLIST_REMOVE(reg_group, entries);
- g_free(reg_group);
- }
-}
diff --git a/hw/xen_pt_msi.c b/hw/xen_pt_msi.c
deleted file mode 100644
index 680767229..000000000
--- a/hw/xen_pt_msi.c
+++ /dev/null
@@ -1,620 +0,0 @@
-/*
- * Copyright (c) 2007, Intel Corporation.
- *
- * This work is licensed under the terms of the GNU GPL, version 2. See
- * the COPYING file in the top-level directory.
- *
- * Jiang Yunhong <yunhong.jiang@intel.com>
- *
- * This file implements direct PCI assignment to a HVM guest
- */
-
-#include <sys/mman.h>
-
-#include "xen_backend.h"
-#include "xen_pt.h"
-#include "apic-msidef.h"
-
-
-#define XEN_PT_AUTO_ASSIGN -1
-
-/* shift count for gflags */
-#define XEN_PT_GFLAGS_SHIFT_DEST_ID 0
-#define XEN_PT_GFLAGS_SHIFT_RH 8
-#define XEN_PT_GFLAGS_SHIFT_DM 9
-#define XEN_PT_GFLAGSSHIFT_DELIV_MODE 12
-#define XEN_PT_GFLAGSSHIFT_TRG_MODE 15
-
-
-/*
- * Helpers
- */
-
-static inline uint8_t msi_vector(uint32_t data)
-{
- return (data & MSI_DATA_VECTOR_MASK) >> MSI_DATA_VECTOR_SHIFT;
-}
-
-static inline uint8_t msi_dest_id(uint32_t addr)
-{
- return (addr & MSI_ADDR_DEST_ID_MASK) >> MSI_ADDR_DEST_ID_SHIFT;
-}
-
-static inline uint32_t msi_ext_dest_id(uint32_t addr_hi)
-{
- return addr_hi & 0xffffff00;
-}
-
-static uint32_t msi_gflags(uint32_t data, uint64_t addr)
-{
- uint32_t result = 0;
- int rh, dm, dest_id, deliv_mode, trig_mode;
-
- rh = (addr >> MSI_ADDR_REDIRECTION_SHIFT) & 0x1;
- dm = (addr >> MSI_ADDR_DEST_MODE_SHIFT) & 0x1;
- dest_id = msi_dest_id(addr);
- deliv_mode = (data >> MSI_DATA_DELIVERY_MODE_SHIFT) & 0x7;
- trig_mode = (data >> MSI_DATA_TRIGGER_SHIFT) & 0x1;
-
- result = dest_id | (rh << XEN_PT_GFLAGS_SHIFT_RH)
- | (dm << XEN_PT_GFLAGS_SHIFT_DM)
- | (deliv_mode << XEN_PT_GFLAGSSHIFT_DELIV_MODE)
- | (trig_mode << XEN_PT_GFLAGSSHIFT_TRG_MODE);
-
- return result;
-}
-
-static inline uint64_t msi_addr64(XenPTMSI *msi)
-{
- return (uint64_t)msi->addr_hi << 32 | msi->addr_lo;
-}
-
-static int msi_msix_enable(XenPCIPassthroughState *s,
- uint32_t address,
- uint16_t flag,
- bool enable)
-{
- uint16_t val = 0;
-
- if (!address) {
- return -1;
- }
-
- xen_host_pci_get_word(&s->real_device, address, &val);
- if (enable) {
- val |= flag;
- } else {
- val &= ~flag;
- }
- xen_host_pci_set_word(&s->real_device, address, val);
- return 0;
-}
-
-static int msi_msix_setup(XenPCIPassthroughState *s,
- uint64_t addr,
- uint32_t data,
- int *ppirq,
- bool is_msix,
- int msix_entry,
- bool is_not_mapped)
-{
- uint8_t gvec = msi_vector(data);
- int rc = 0;
-
- assert((!is_msix && msix_entry == 0) || is_msix);
-
- if (gvec == 0) {
- /* if gvec is 0, the guest is asking for a particular pirq that
- * is passed as dest_id */
- *ppirq = msi_ext_dest_id(addr >> 32) | msi_dest_id(addr);
- if (!*ppirq) {
- /* this probably identifies an misconfiguration of the guest,
- * try the emulated path */
- *ppirq = XEN_PT_UNASSIGNED_PIRQ;
- } else {
- XEN_PT_LOG(&s->dev, "requested pirq %d for MSI%s"
- " (vec: %#x, entry: %#x)\n",
- *ppirq, is_msix ? "-X" : "", gvec, msix_entry);
- }
- }
-
- if (is_not_mapped) {
- uint64_t table_base = 0;
-
- if (is_msix) {
- table_base = s->msix->table_base;
- }
-
- rc = xc_physdev_map_pirq_msi(xen_xc, xen_domid, XEN_PT_AUTO_ASSIGN,
- ppirq, PCI_DEVFN(s->real_device.dev,
- s->real_device.func),
- s->real_device.bus,
- msix_entry, table_base);
- if (rc) {
- XEN_PT_ERR(&s->dev,
- "Mapping of MSI%s (rc: %i, vec: %#x, entry %#x)\n",
- is_msix ? "-X" : "", rc, gvec, msix_entry);
- return rc;
- }
- }
-
- return 0;
-}
-static int msi_msix_update(XenPCIPassthroughState *s,
- uint64_t addr,
- uint32_t data,
- int pirq,
- bool is_msix,
- int msix_entry,
- int *old_pirq)
-{
- PCIDevice *d = &s->dev;
- uint8_t gvec = msi_vector(data);
- uint32_t gflags = msi_gflags(data, addr);
- int rc = 0;
- uint64_t table_addr = 0;
-
- XEN_PT_LOG(d, "Updating MSI%s with pirq %d gvec %#x gflags %#x"
- " (entry: %#x)\n",
- is_msix ? "-X" : "", pirq, gvec, gflags, msix_entry);
-
- if (is_msix) {
- table_addr = s->msix->mmio_base_addr;
- }
-
- rc = xc_domain_update_msi_irq(xen_xc, xen_domid, gvec,
- pirq, gflags, table_addr);
-
- if (rc) {
- XEN_PT_ERR(d, "Updating of MSI%s failed. (rc: %d)\n",
- is_msix ? "-X" : "", rc);
-
- if (xc_physdev_unmap_pirq(xen_xc, xen_domid, *old_pirq)) {
- XEN_PT_ERR(d, "Unmapping of MSI%s pirq %d failed.\n",
- is_msix ? "-X" : "", *old_pirq);
- }
- *old_pirq = XEN_PT_UNASSIGNED_PIRQ;
- }
- return rc;
-}
-
-static int msi_msix_disable(XenPCIPassthroughState *s,
- uint64_t addr,
- uint32_t data,
- int pirq,
- bool is_msix,
- bool is_binded)
-{
- PCIDevice *d = &s->dev;
- uint8_t gvec = msi_vector(data);
- uint32_t gflags = msi_gflags(data, addr);
- int rc = 0;
-
- if (pirq == XEN_PT_UNASSIGNED_PIRQ) {
- return 0;
- }
-
- if (is_binded) {
- XEN_PT_LOG(d, "Unbind MSI%s with pirq %d, gvec %#x\n",
- is_msix ? "-X" : "", pirq, gvec);
- rc = xc_domain_unbind_msi_irq(xen_xc, xen_domid, gvec, pirq, gflags);
- if (rc) {
- XEN_PT_ERR(d, "Unbinding of MSI%s failed. (pirq: %d, gvec: %#x)\n",
- is_msix ? "-X" : "", pirq, gvec);
- return rc;
- }
- }
-
- XEN_PT_LOG(d, "Unmap MSI%s pirq %d\n", is_msix ? "-X" : "", pirq);
- rc = xc_physdev_unmap_pirq(xen_xc, xen_domid, pirq);
- if (rc) {
- XEN_PT_ERR(d, "Unmapping of MSI%s pirq %d failed. (rc: %i)\n",
- is_msix ? "-X" : "", pirq, rc);
- return rc;
- }
-
- return 0;
-}
-
-/*
- * MSI virtualization functions
- */
-
-int xen_pt_msi_set_enable(XenPCIPassthroughState *s, bool enable)
-{
- XEN_PT_LOG(&s->dev, "%s MSI.\n", enable ? "enabling" : "disabling");
-
- if (!s->msi) {
- return -1;
- }
-
- return msi_msix_enable(s, s->msi->ctrl_offset, PCI_MSI_FLAGS_ENABLE,
- enable);
-}
-
-/* setup physical msi, but don't enable it */
-int xen_pt_msi_setup(XenPCIPassthroughState *s)
-{
- int pirq = XEN_PT_UNASSIGNED_PIRQ;
- int rc = 0;
- XenPTMSI *msi = s->msi;
-
- if (msi->initialized) {
- XEN_PT_ERR(&s->dev,
- "Setup physical MSI when it has been properly initialized.\n");
- return -1;
- }
-
- rc = msi_msix_setup(s, msi_addr64(msi), msi->data, &pirq, false, 0, true);
- if (rc) {
- return rc;
- }
-
- if (pirq < 0) {
- XEN_PT_ERR(&s->dev, "Invalid pirq number: %d.\n", pirq);
- return -1;
- }
-
- msi->pirq = pirq;
- XEN_PT_LOG(&s->dev, "MSI mapped with pirq %d.\n", pirq);
-
- return 0;
-}
-
-int xen_pt_msi_update(XenPCIPassthroughState *s)
-{
- XenPTMSI *msi = s->msi;
- return msi_msix_update(s, msi_addr64(msi), msi->data, msi->pirq,
- false, 0, &msi->pirq);
-}
-
-void xen_pt_msi_disable(XenPCIPassthroughState *s)
-{
- XenPTMSI *msi = s->msi;
-
- if (!msi) {
- return;
- }
-
- xen_pt_msi_set_enable(s, false);
-
- msi_msix_disable(s, msi_addr64(msi), msi->data, msi->pirq, false,
- msi->initialized);
-
- /* clear msi info */
- msi->flags = 0;
- msi->mapped = false;
- msi->pirq = XEN_PT_UNASSIGNED_PIRQ;
-}
-
-/*
- * MSI-X virtualization functions
- */
-
-static int msix_set_enable(XenPCIPassthroughState *s, bool enabled)
-{
- XEN_PT_LOG(&s->dev, "%s MSI-X.\n", enabled ? "enabling" : "disabling");
-
- if (!s->msix) {
- return -1;
- }
-
- return msi_msix_enable(s, s->msix->ctrl_offset, PCI_MSIX_FLAGS_ENABLE,
- enabled);
-}
-
-static int xen_pt_msix_update_one(XenPCIPassthroughState *s, int entry_nr)
-{
- XenPTMSIXEntry *entry = NULL;
- int pirq;
- int rc;
-
- if (entry_nr < 0 || entry_nr >= s->msix->total_entries) {
- return -EINVAL;
- }
-
- entry = &s->msix->msix_entry[entry_nr];
-
- if (!entry->updated) {
- return 0;
- }
-
- pirq = entry->pirq;
-
- rc = msi_msix_setup(s, entry->data, entry->data, &pirq, true, entry_nr,
- entry->pirq == XEN_PT_UNASSIGNED_PIRQ);
- if (rc) {
- return rc;
- }
- if (entry->pirq == XEN_PT_UNASSIGNED_PIRQ) {
- entry->pirq = pirq;
- }
-
- rc = msi_msix_update(s, entry->addr, entry->data, pirq, true,
- entry_nr, &entry->pirq);
-
- if (!rc) {
- entry->updated = false;
- }
-
- return rc;
-}
-
-int xen_pt_msix_update(XenPCIPassthroughState *s)
-{
- XenPTMSIX *msix = s->msix;
- int i;
-
- for (i = 0; i < msix->total_entries; i++) {
- xen_pt_msix_update_one(s, i);
- }
-
- return 0;
-}
-
-void xen_pt_msix_disable(XenPCIPassthroughState *s)
-{
- int i = 0;
-
- msix_set_enable(s, false);
-
- for (i = 0; i < s->msix->total_entries; i++) {
- XenPTMSIXEntry *entry = &s->msix->msix_entry[i];
-
- msi_msix_disable(s, entry->addr, entry->data, entry->pirq, true, true);
-
- /* clear MSI-X info */
- entry->pirq = XEN_PT_UNASSIGNED_PIRQ;
- entry->updated = false;
- }
-}
-
-int xen_pt_msix_update_remap(XenPCIPassthroughState *s, int bar_index)
-{
- XenPTMSIXEntry *entry;
- int i, ret;
-
- if (!(s->msix && s->msix->bar_index == bar_index)) {
- return 0;
- }
-
- for (i = 0; i < s->msix->total_entries; i++) {
- entry = &s->msix->msix_entry[i];
- if (entry->pirq != XEN_PT_UNASSIGNED_PIRQ) {
- ret = xc_domain_unbind_pt_irq(xen_xc, xen_domid, entry->pirq,
- PT_IRQ_TYPE_MSI, 0, 0, 0, 0);
- if (ret) {
- XEN_PT_ERR(&s->dev, "unbind MSI-X entry %d failed\n",
- entry->pirq);
- }
- entry->updated = true;
- }
- }
- return xen_pt_msix_update(s);
-}
-
-static uint32_t get_entry_value(XenPTMSIXEntry *e, int offset)
-{
- switch (offset) {
- case PCI_MSIX_ENTRY_LOWER_ADDR:
- return e->addr & UINT32_MAX;
- case PCI_MSIX_ENTRY_UPPER_ADDR:
- return e->addr >> 32;
- case PCI_MSIX_ENTRY_DATA:
- return e->data;
- case PCI_MSIX_ENTRY_VECTOR_CTRL:
- return e->vector_ctrl;
- default:
- return 0;
- }
-}
-
-static void set_entry_value(XenPTMSIXEntry *e, int offset, uint32_t val)
-{
- switch (offset) {
- case PCI_MSIX_ENTRY_LOWER_ADDR:
- e->addr = (e->addr & ((uint64_t)UINT32_MAX << 32)) | val;
- break;
- case PCI_MSIX_ENTRY_UPPER_ADDR:
- e->addr = (uint64_t)val << 32 | (e->addr & UINT32_MAX);
- break;
- case PCI_MSIX_ENTRY_DATA:
- e->data = val;
- break;
- case PCI_MSIX_ENTRY_VECTOR_CTRL:
- e->vector_ctrl = val;
- break;
- }
-}
-
-static void pci_msix_write(void *opaque, hwaddr addr,
- uint64_t val, unsigned size)
-{
- XenPCIPassthroughState *s = opaque;
- XenPTMSIX *msix = s->msix;
- XenPTMSIXEntry *entry;
- int entry_nr, offset;
-
- entry_nr = addr / PCI_MSIX_ENTRY_SIZE;
- if (entry_nr < 0 || entry_nr >= msix->total_entries) {
- XEN_PT_ERR(&s->dev, "asked MSI-X entry '%i' invalid!\n", entry_nr);
- return;
- }
- entry = &msix->msix_entry[entry_nr];
- offset = addr % PCI_MSIX_ENTRY_SIZE;
-
- if (offset != PCI_MSIX_ENTRY_VECTOR_CTRL) {
- const volatile uint32_t *vec_ctrl;
-
- if (get_entry_value(entry, offset) == val) {
- return;
- }
-
- /*
- * If Xen intercepts the mask bit access, entry->vec_ctrl may not be
- * up-to-date. Read from hardware directly.
- */
- vec_ctrl = s->msix->phys_iomem_base + entry_nr * PCI_MSIX_ENTRY_SIZE
- + PCI_MSIX_ENTRY_VECTOR_CTRL;
-
- if (msix->enabled && !(*vec_ctrl & PCI_MSIX_ENTRY_CTRL_MASKBIT)) {
- XEN_PT_ERR(&s->dev, "Can't update msix entry %d since MSI-X is"
- " already enabled.\n", entry_nr);
- return;
- }
-
- entry->updated = true;
- }
-
- set_entry_value(entry, offset, val);
-
- if (offset == PCI_MSIX_ENTRY_VECTOR_CTRL) {
- if (msix->enabled && !(val & PCI_MSIX_ENTRY_CTRL_MASKBIT)) {
- xen_pt_msix_update_one(s, entry_nr);
- }
- }
-}
-
-static uint64_t pci_msix_read(void *opaque, hwaddr addr,
- unsigned size)
-{
- XenPCIPassthroughState *s = opaque;
- XenPTMSIX *msix = s->msix;
- int entry_nr, offset;
-
- entry_nr = addr / PCI_MSIX_ENTRY_SIZE;
- if (entry_nr < 0) {
- XEN_PT_ERR(&s->dev, "asked MSI-X entry '%i' invalid!\n", entry_nr);
- return 0;
- }
-
- offset = addr % PCI_MSIX_ENTRY_SIZE;
-
- if (addr < msix->total_entries * PCI_MSIX_ENTRY_SIZE) {
- return get_entry_value(&msix->msix_entry[entry_nr], offset);
- } else {
- /* Pending Bit Array (PBA) */
- return *(uint32_t *)(msix->phys_iomem_base + addr);
- }
-}
-
-static const MemoryRegionOps pci_msix_ops = {
- .read = pci_msix_read,
- .write = pci_msix_write,
- .endianness = DEVICE_NATIVE_ENDIAN,
- .valid = {
- .min_access_size = 4,
- .max_access_size = 4,
- .unaligned = false,
- },
-};
-
-int xen_pt_msix_init(XenPCIPassthroughState *s, uint32_t base)
-{
- uint8_t id = 0;
- uint16_t control = 0;
- uint32_t table_off = 0;
- int i, total_entries, bar_index;
- XenHostPCIDevice *hd = &s->real_device;
- PCIDevice *d = &s->dev;
- int fd = -1;
- XenPTMSIX *msix = NULL;
- int rc = 0;
-
- rc = xen_host_pci_get_byte(hd, base + PCI_CAP_LIST_ID, &id);
- if (rc) {
- return rc;
- }
-
- if (id != PCI_CAP_ID_MSIX) {
- XEN_PT_ERR(d, "Invalid id %#x base %#x\n", id, base);
- return -1;
- }
-
- xen_host_pci_get_word(hd, base + PCI_MSIX_FLAGS, &control);
- total_entries = control & PCI_MSIX_FLAGS_QSIZE;
- total_entries += 1;
-
- s->msix = g_malloc0(sizeof (XenPTMSIX)
- + total_entries * sizeof (XenPTMSIXEntry));
- msix = s->msix;
-
- msix->total_entries = total_entries;
- for (i = 0; i < total_entries; i++) {
- msix->msix_entry[i].pirq = XEN_PT_UNASSIGNED_PIRQ;
- }
-
- memory_region_init_io(&msix->mmio, &pci_msix_ops, s, "xen-pci-pt-msix",
- (total_entries * PCI_MSIX_ENTRY_SIZE
- + XC_PAGE_SIZE - 1)
- & XC_PAGE_MASK);
-
- xen_host_pci_get_long(hd, base + PCI_MSIX_TABLE, &table_off);
- bar_index = msix->bar_index = table_off & PCI_MSIX_FLAGS_BIRMASK;
- table_off = table_off & ~PCI_MSIX_FLAGS_BIRMASK;
- msix->table_base = s->real_device.io_regions[bar_index].base_addr;
- XEN_PT_LOG(d, "get MSI-X table BAR base 0x%"PRIx64"\n", msix->table_base);
-
- fd = open("/dev/mem", O_RDWR);
- if (fd == -1) {
- rc = -errno;
- XEN_PT_ERR(d, "Can't open /dev/mem: %s\n", strerror(errno));
- goto error_out;
- }
- XEN_PT_LOG(d, "table_off = %#x, total_entries = %d\n",
- table_off, total_entries);
- msix->table_offset_adjust = table_off & 0x0fff;
- msix->phys_iomem_base =
- mmap(NULL,
- total_entries * PCI_MSIX_ENTRY_SIZE + msix->table_offset_adjust,
- PROT_READ,
- MAP_SHARED | MAP_LOCKED,
- fd,
- msix->table_base + table_off - msix->table_offset_adjust);
- close(fd);
- if (msix->phys_iomem_base == MAP_FAILED) {
- rc = -errno;
- XEN_PT_ERR(d, "Can't map physical MSI-X table: %s\n", strerror(errno));
- goto error_out;
- }
- msix->phys_iomem_base = (char *)msix->phys_iomem_base
- + msix->table_offset_adjust;
-
- XEN_PT_LOG(d, "mapping physical MSI-X table to %p\n",
- msix->phys_iomem_base);
-
- memory_region_add_subregion_overlap(&s->bar[bar_index], table_off,
- &msix->mmio,
- 2); /* Priority: pci default + 1 */
-
- return 0;
-
-error_out:
- memory_region_destroy(&msix->mmio);
- g_free(s->msix);
- s->msix = NULL;
- return rc;
-}
-
-void xen_pt_msix_delete(XenPCIPassthroughState *s)
-{
- XenPTMSIX *msix = s->msix;
-
- if (!msix) {
- return;
- }
-
- /* unmap the MSI-X memory mapped register area */
- if (msix->phys_iomem_base) {
- XEN_PT_LOG(&s->dev, "unmapping physical MSI-X table from %p\n",
- msix->phys_iomem_base);
- munmap(msix->phys_iomem_base, msix->total_entries * PCI_MSIX_ENTRY_SIZE
- + msix->table_offset_adjust);
- }
-
- memory_region_del_subregion(&s->bar[msix->bar_index], &msix->mmio);
- memory_region_destroy(&msix->mmio);
-
- g_free(s->msix);
- s->msix = NULL;
-}
diff --git a/hw/xenfb.c b/hw/xenfb.c
deleted file mode 100644
index 442a63a32..000000000
--- a/hw/xenfb.c
+++ /dev/null
@@ -1,1025 +0,0 @@
-/*
- * xen paravirt framebuffer backend
- *
- * Copyright IBM, Corp. 2005-2006
- * Copyright Red Hat, Inc. 2006-2008
- *
- * Authors:
- * Anthony Liguori <aliguori@us.ibm.com>,
- * Markus Armbruster <armbru@redhat.com>,
- * Daniel P. Berrange <berrange@redhat.com>,
- * Pat Campbell <plc@novell.com>,
- * Gerd Hoffmann <kraxel@redhat.com>
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; under version 2 of the License.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, see <http://www.gnu.org/licenses/>.
- */
-
-#include <stdarg.h>
-#include <stdlib.h>
-#include <sys/types.h>
-#include <fcntl.h>
-#include <unistd.h>
-#include <sys/mman.h>
-#include <errno.h>
-#include <stdio.h>
-#include <string.h>
-#include <time.h>
-
-#include "hw.h"
-#include "console.h"
-#include "qemu-char.h"
-#include "xen_backend.h"
-
-#include <xen/event_channel.h>
-#include <xen/io/fbif.h>
-#include <xen/io/kbdif.h>
-#include <xen/io/protocols.h>
-
-#ifndef BTN_LEFT
-#define BTN_LEFT 0x110 /* from <linux/input.h> */
-#endif
-
-/* -------------------------------------------------------------------- */
-
-struct common {
- struct XenDevice xendev; /* must be first */
- void *page;
- DisplayState *ds;
-};
-
-struct XenInput {
- struct common c;
- int abs_pointer_wanted; /* Whether guest supports absolute pointer */
- int button_state; /* Last seen pointer button state */
- int extended;
- QEMUPutMouseEntry *qmouse;
-};
-
-#define UP_QUEUE 8
-
-struct XenFB {
- struct common c;
- size_t fb_len;
- int row_stride;
- int depth;
- int width;
- int height;
- int offset;
- void *pixels;
- int fbpages;
- int feature_update;
- int refresh_period;
- int bug_trigger;
- int have_console;
- int do_resize;
-
- struct {
- int x,y,w,h;
- } up_rects[UP_QUEUE];
- int up_count;
- int up_fullscreen;
-};
-
-/* -------------------------------------------------------------------- */
-
-static int common_bind(struct common *c)
-{
- int mfn;
-
- if (xenstore_read_fe_int(&c->xendev, "page-ref", &mfn) == -1)
- return -1;
- if (xenstore_read_fe_int(&c->xendev, "event-channel", &c->xendev.remote_port) == -1)
- return -1;
-
- c->page = xc_map_foreign_range(xen_xc, c->xendev.dom,
- XC_PAGE_SIZE,
- PROT_READ | PROT_WRITE, mfn);
- if (c->page == NULL)
- return -1;
-
- xen_be_bind_evtchn(&c->xendev);
- xen_be_printf(&c->xendev, 1, "ring mfn %d, remote-port %d, local-port %d\n",
- mfn, c->xendev.remote_port, c->xendev.local_port);
-
- return 0;
-}
-
-static void common_unbind(struct common *c)
-{
- xen_be_unbind_evtchn(&c->xendev);
- if (c->page) {
- munmap(c->page, XC_PAGE_SIZE);
- c->page = NULL;
- }
-}
-
-/* -------------------------------------------------------------------- */
-
-#if 0
-/*
- * These two tables are not needed any more, but left in here
- * intentionally as documentation, to show how scancode2linux[]
- * was generated.
- *
- * Tables to map from scancode to Linux input layer keycode.
- * Scancodes are hardware-specific. These maps assumes a
- * standard AT or PS/2 keyboard which is what QEMU feeds us.
- */
-const unsigned char atkbd_set2_keycode[512] = {
-
- 0, 67, 65, 63, 61, 59, 60, 88, 0, 68, 66, 64, 62, 15, 41,117,
- 0, 56, 42, 93, 29, 16, 2, 0, 0, 0, 44, 31, 30, 17, 3, 0,
- 0, 46, 45, 32, 18, 5, 4, 95, 0, 57, 47, 33, 20, 19, 6,183,
- 0, 49, 48, 35, 34, 21, 7,184, 0, 0, 50, 36, 22, 8, 9,185,
- 0, 51, 37, 23, 24, 11, 10, 0, 0, 52, 53, 38, 39, 25, 12, 0,
- 0, 89, 40, 0, 26, 13, 0, 0, 58, 54, 28, 27, 0, 43, 0, 85,
- 0, 86, 91, 90, 92, 0, 14, 94, 0, 79,124, 75, 71,121, 0, 0,
- 82, 83, 80, 76, 77, 72, 1, 69, 87, 78, 81, 74, 55, 73, 70, 99,
-
- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
- 217,100,255, 0, 97,165, 0, 0,156, 0, 0, 0, 0, 0, 0,125,
- 173,114, 0,113, 0, 0, 0,126,128, 0, 0,140, 0, 0, 0,127,
- 159, 0,115, 0,164, 0, 0,116,158, 0,150,166, 0, 0, 0,142,
- 157, 0, 0, 0, 0, 0, 0, 0,155, 0, 98, 0, 0,163, 0, 0,
- 226, 0, 0, 0, 0, 0, 0, 0, 0,255, 96, 0, 0, 0,143, 0,
- 0, 0, 0, 0, 0, 0, 0, 0, 0,107, 0,105,102, 0, 0,112,
- 110,111,108,112,106,103, 0,119, 0,118,109, 0, 99,104,119, 0,
-
-};
-
-const unsigned char atkbd_unxlate_table[128] = {
-
- 0,118, 22, 30, 38, 37, 46, 54, 61, 62, 70, 69, 78, 85,102, 13,
- 21, 29, 36, 45, 44, 53, 60, 67, 68, 77, 84, 91, 90, 20, 28, 27,
- 35, 43, 52, 51, 59, 66, 75, 76, 82, 14, 18, 93, 26, 34, 33, 42,
- 50, 49, 58, 65, 73, 74, 89,124, 17, 41, 88, 5, 6, 4, 12, 3,
- 11, 2, 10, 1, 9,119,126,108,117,125,123,107,115,116,121,105,
- 114,122,112,113,127, 96, 97,120, 7, 15, 23, 31, 39, 47, 55, 63,
- 71, 79, 86, 94, 8, 16, 24, 32, 40, 48, 56, 64, 72, 80, 87,111,
- 19, 25, 57, 81, 83, 92, 95, 98, 99,100,101,103,104,106,109,110
-
-};
-#endif
-
-/*
- * for (i = 0; i < 128; i++) {
- * scancode2linux[i] = atkbd_set2_keycode[atkbd_unxlate_table[i]];
- * scancode2linux[i | 0x80] = atkbd_set2_keycode[atkbd_unxlate_table[i] | 0x80];
- * }
- */
-static const unsigned char scancode2linux[512] = {
- 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15,
- 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31,
- 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47,
- 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63,
- 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79,
- 80, 81, 82, 83, 99, 0, 86, 87, 88,117, 0, 0, 95,183,184,185,
- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
- 93, 0, 0, 89, 0, 0, 85, 91, 90, 92, 0, 94, 0,124,121, 0,
-
- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
- 165, 0, 0, 0, 0, 0, 0, 0, 0,163, 0, 0, 96, 97, 0, 0,
- 113,140,164, 0,166, 0, 0, 0, 0, 0,255, 0, 0, 0,114, 0,
- 115, 0,150, 0, 0, 98,255, 99,100, 0, 0, 0, 0, 0, 0, 0,
- 0, 0, 0, 0, 0,119,119,102,103,104, 0,105,112,106,118,107,
- 108,109,110,111, 0, 0, 0, 0, 0, 0, 0,125,126,127,116,142,
- 0, 0, 0,143, 0,217,156,173,128,159,158,157,155,226, 0,112,
- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
-};
-
-/* Send an event to the keyboard frontend driver */
-static int xenfb_kbd_event(struct XenInput *xenfb,
- union xenkbd_in_event *event)
-{
- struct xenkbd_page *page = xenfb->c.page;
- uint32_t prod;
-
- if (xenfb->c.xendev.be_state != XenbusStateConnected)
- return 0;
- if (!page)
- return 0;
-
- prod = page->in_prod;
- if (prod - page->in_cons == XENKBD_IN_RING_LEN) {
- errno = EAGAIN;
- return -1;
- }
-
- xen_mb(); /* ensure ring space available */
- XENKBD_IN_RING_REF(page, prod) = *event;
- xen_wmb(); /* ensure ring contents visible */
- page->in_prod = prod + 1;
- return xen_be_send_notify(&xenfb->c.xendev);
-}
-
-/* Send a keyboard (or mouse button) event */
-static int xenfb_send_key(struct XenInput *xenfb, bool down, int keycode)
-{
- union xenkbd_in_event event;
-
- memset(&event, 0, XENKBD_IN_EVENT_SIZE);
- event.type = XENKBD_TYPE_KEY;
- event.key.pressed = down ? 1 : 0;
- event.key.keycode = keycode;
-
- return xenfb_kbd_event(xenfb, &event);
-}
-
-/* Send a relative mouse movement event */
-static int xenfb_send_motion(struct XenInput *xenfb,
- int rel_x, int rel_y, int rel_z)
-{
- union xenkbd_in_event event;
-
- memset(&event, 0, XENKBD_IN_EVENT_SIZE);
- event.type = XENKBD_TYPE_MOTION;
- event.motion.rel_x = rel_x;
- event.motion.rel_y = rel_y;
-#if __XEN_LATEST_INTERFACE_VERSION__ >= 0x00030207
- event.motion.rel_z = rel_z;
-#endif
-
- return xenfb_kbd_event(xenfb, &event);
-}
-
-/* Send an absolute mouse movement event */
-static int xenfb_send_position(struct XenInput *xenfb,
- int abs_x, int abs_y, int z)
-{
- union xenkbd_in_event event;
-
- memset(&event, 0, XENKBD_IN_EVENT_SIZE);
- event.type = XENKBD_TYPE_POS;
- event.pos.abs_x = abs_x;
- event.pos.abs_y = abs_y;
-#if __XEN_LATEST_INTERFACE_VERSION__ == 0x00030207
- event.pos.abs_z = z;
-#endif
-#if __XEN_LATEST_INTERFACE_VERSION__ >= 0x00030208
- event.pos.rel_z = z;
-#endif
-
- return xenfb_kbd_event(xenfb, &event);
-}
-
-/*
- * Send a key event from the client to the guest OS
- * QEMU gives us a raw scancode from an AT / PS/2 style keyboard.
- * We have to turn this into a Linux Input layer keycode.
- *
- * Extra complexity from the fact that with extended scancodes
- * (like those produced by arrow keys) this method gets called
- * twice, but we only want to send a single event. So we have to
- * track the '0xe0' scancode state & collapse the extended keys
- * as needed.
- *
- * Wish we could just send scancodes straight to the guest which
- * already has code for dealing with this...
- */
-static void xenfb_key_event(void *opaque, int scancode)
-{
- struct XenInput *xenfb = opaque;
- int down = 1;
-
- if (scancode == 0xe0) {
- xenfb->extended = 1;
- return;
- } else if (scancode & 0x80) {
- scancode &= 0x7f;
- down = 0;
- }
- if (xenfb->extended) {
- scancode |= 0x80;
- xenfb->extended = 0;
- }
- xenfb_send_key(xenfb, down, scancode2linux[scancode]);
-}
-
-/*
- * Send a mouse event from the client to the guest OS
- *
- * The QEMU mouse can be in either relative, or absolute mode.
- * Movement is sent separately from button state, which has to
- * be encoded as virtual key events. We also don't actually get
- * given any button up/down events, so have to track changes in
- * the button state.
- */
-static void xenfb_mouse_event(void *opaque,
- int dx, int dy, int dz, int button_state)
-{
- struct XenInput *xenfb = opaque;
- int dw = ds_get_width(xenfb->c.ds);
- int dh = ds_get_height(xenfb->c.ds);
- int i;
-
- if (xenfb->abs_pointer_wanted)
- xenfb_send_position(xenfb,
- dx * (dw - 1) / 0x7fff,
- dy * (dh - 1) / 0x7fff,
- dz);
- else
- xenfb_send_motion(xenfb, dx, dy, dz);
-
- for (i = 0 ; i < 8 ; i++) {
- int lastDown = xenfb->button_state & (1 << i);
- int down = button_state & (1 << i);
- if (down == lastDown)
- continue;
-
- if (xenfb_send_key(xenfb, down, BTN_LEFT+i) < 0)
- return;
- }
- xenfb->button_state = button_state;
-}
-
-static int input_init(struct XenDevice *xendev)
-{
- xenstore_write_be_int(xendev, "feature-abs-pointer", 1);
- return 0;
-}
-
-static int input_initialise(struct XenDevice *xendev)
-{
- struct XenInput *in = container_of(xendev, struct XenInput, c.xendev);
- int rc;
-
- if (!in->c.ds) {
- char *vfb = xenstore_read_str(NULL, "device/vfb");
- if (vfb == NULL) {
- /* there is no vfb, run vkbd on its own */
- in->c.ds = get_displaystate();
- } else {
- g_free(vfb);
- xen_be_printf(xendev, 1, "ds not set (yet)\n");
- return -1;
- }
- }
-
- rc = common_bind(&in->c);
- if (rc != 0)
- return rc;
-
- qemu_add_kbd_event_handler(xenfb_key_event, in);
- return 0;
-}
-
-static void input_connected(struct XenDevice *xendev)
-{
- struct XenInput *in = container_of(xendev, struct XenInput, c.xendev);
-
- if (xenstore_read_fe_int(xendev, "request-abs-pointer",
- &in->abs_pointer_wanted) == -1) {
- in->abs_pointer_wanted = 0;
- }
-
- if (in->qmouse) {
- qemu_remove_mouse_event_handler(in->qmouse);
- }
- in->qmouse = qemu_add_mouse_event_handler(xenfb_mouse_event, in,
- in->abs_pointer_wanted,
- "Xen PVFB Mouse");
-}
-
-static void input_disconnect(struct XenDevice *xendev)
-{
- struct XenInput *in = container_of(xendev, struct XenInput, c.xendev);
-
- if (in->qmouse) {
- qemu_remove_mouse_event_handler(in->qmouse);
- in->qmouse = NULL;
- }
- qemu_add_kbd_event_handler(NULL, NULL);
- common_unbind(&in->c);
-}
-
-static void input_event(struct XenDevice *xendev)
-{
- struct XenInput *xenfb = container_of(xendev, struct XenInput, c.xendev);
- struct xenkbd_page *page = xenfb->c.page;
-
- /* We don't understand any keyboard events, so just ignore them. */
- if (page->out_prod == page->out_cons)
- return;
- page->out_cons = page->out_prod;
- xen_be_send_notify(&xenfb->c.xendev);
-}
-
-/* -------------------------------------------------------------------- */
-
-static void xenfb_copy_mfns(int mode, int count, unsigned long *dst, void *src)
-{
- uint32_t *src32 = src;
- uint64_t *src64 = src;
- int i;
-
- for (i = 0; i < count; i++)
- dst[i] = (mode == 32) ? src32[i] : src64[i];
-}
-
-static int xenfb_map_fb(struct XenFB *xenfb)
-{
- struct xenfb_page *page = xenfb->c.page;
- char *protocol = xenfb->c.xendev.protocol;
- int n_fbdirs;
- unsigned long *pgmfns = NULL;
- unsigned long *fbmfns = NULL;
- void *map, *pd;
- int mode, ret = -1;
-
- /* default to native */
- pd = page->pd;
- mode = sizeof(unsigned long) * 8;
-
- if (!protocol) {
- /*
- * Undefined protocol, some guesswork needed.
- *
- * Old frontends which don't set the protocol use
- * one page directory only, thus pd[1] must be zero.
- * pd[1] of the 32bit struct layout and the lower
- * 32 bits of pd[0] of the 64bit struct layout have
- * the same location, so we can check that ...
- */
- uint32_t *ptr32 = NULL;
- uint32_t *ptr64 = NULL;
-#if defined(__i386__)
- ptr32 = (void*)page->pd;
- ptr64 = ((void*)page->pd) + 4;
-#elif defined(__x86_64__)
- ptr32 = ((void*)page->pd) - 4;
- ptr64 = (void*)page->pd;
-#endif
- if (ptr32) {
- if (ptr32[1] == 0) {
- mode = 32;
- pd = ptr32;
- } else {
- mode = 64;
- pd = ptr64;
- }
- }
-#if defined(__x86_64__)
- } else if (strcmp(protocol, XEN_IO_PROTO_ABI_X86_32) == 0) {
- /* 64bit dom0, 32bit domU */
- mode = 32;
- pd = ((void*)page->pd) - 4;
-#elif defined(__i386__)
- } else if (strcmp(protocol, XEN_IO_PROTO_ABI_X86_64) == 0) {
- /* 32bit dom0, 64bit domU */
- mode = 64;
- pd = ((void*)page->pd) + 4;
-#endif
- }
-
- if (xenfb->pixels) {
- munmap(xenfb->pixels, xenfb->fbpages * XC_PAGE_SIZE);
- xenfb->pixels = NULL;
- }
-
- xenfb->fbpages = (xenfb->fb_len + (XC_PAGE_SIZE - 1)) / XC_PAGE_SIZE;
- n_fbdirs = xenfb->fbpages * mode / 8;
- n_fbdirs = (n_fbdirs + (XC_PAGE_SIZE - 1)) / XC_PAGE_SIZE;
-
- pgmfns = g_malloc0(sizeof(unsigned long) * n_fbdirs);
- fbmfns = g_malloc0(sizeof(unsigned long) * xenfb->fbpages);
-
- xenfb_copy_mfns(mode, n_fbdirs, pgmfns, pd);
- map = xc_map_foreign_pages(xen_xc, xenfb->c.xendev.dom,
- PROT_READ, pgmfns, n_fbdirs);
- if (map == NULL)
- goto out;
- xenfb_copy_mfns(mode, xenfb->fbpages, fbmfns, map);
- munmap(map, n_fbdirs * XC_PAGE_SIZE);
-
- xenfb->pixels = xc_map_foreign_pages(xen_xc, xenfb->c.xendev.dom,
- PROT_READ | PROT_WRITE, fbmfns, xenfb->fbpages);
- if (xenfb->pixels == NULL)
- goto out;
-
- ret = 0; /* all is fine */
-
-out:
- g_free(pgmfns);
- g_free(fbmfns);
- return ret;
-}
-
-static int xenfb_configure_fb(struct XenFB *xenfb, size_t fb_len_lim,
- int width, int height, int depth,
- size_t fb_len, int offset, int row_stride)
-{
- size_t mfn_sz = sizeof(*((struct xenfb_page *)0)->pd);
- size_t pd_len = sizeof(((struct xenfb_page *)0)->pd) / mfn_sz;
- size_t fb_pages = pd_len * XC_PAGE_SIZE / mfn_sz;
- size_t fb_len_max = fb_pages * XC_PAGE_SIZE;
- int max_width, max_height;
-
- if (fb_len_lim > fb_len_max) {
- xen_be_printf(&xenfb->c.xendev, 0, "fb size limit %zu exceeds %zu, corrected\n",
- fb_len_lim, fb_len_max);
- fb_len_lim = fb_len_max;
- }
- if (fb_len_lim && fb_len > fb_len_lim) {
- xen_be_printf(&xenfb->c.xendev, 0, "frontend fb size %zu limited to %zu\n",
- fb_len, fb_len_lim);
- fb_len = fb_len_lim;
- }
- if (depth != 8 && depth != 16 && depth != 24 && depth != 32) {
- xen_be_printf(&xenfb->c.xendev, 0, "can't handle frontend fb depth %d\n",
- depth);
- return -1;
- }
- if (row_stride <= 0 || row_stride > fb_len) {
- xen_be_printf(&xenfb->c.xendev, 0, "invalid frontend stride %d\n", row_stride);
- return -1;
- }
- max_width = row_stride / (depth / 8);
- if (width < 0 || width > max_width) {
- xen_be_printf(&xenfb->c.xendev, 0, "invalid frontend width %d limited to %d\n",
- width, max_width);
- width = max_width;
- }
- if (offset < 0 || offset >= fb_len) {
- xen_be_printf(&xenfb->c.xendev, 0, "invalid frontend offset %d (max %zu)\n",
- offset, fb_len - 1);
- return -1;
- }
- max_height = (fb_len - offset) / row_stride;
- if (height < 0 || height > max_height) {
- xen_be_printf(&xenfb->c.xendev, 0, "invalid frontend height %d limited to %d\n",
- height, max_height);
- height = max_height;
- }
- xenfb->fb_len = fb_len;
- xenfb->row_stride = row_stride;
- xenfb->depth = depth;
- xenfb->width = width;
- xenfb->height = height;
- xenfb->offset = offset;
- xenfb->up_fullscreen = 1;
- xenfb->do_resize = 1;
- xen_be_printf(&xenfb->c.xendev, 1, "framebuffer %dx%dx%d offset %d stride %d\n",
- width, height, depth, offset, row_stride);
- return 0;
-}
-
-/* A convenient function for munging pixels between different depths */
-#define BLT(SRC_T,DST_T,RSB,GSB,BSB,RDB,GDB,BDB) \
- for (line = y ; line < (y+h) ; line++) { \
- SRC_T *src = (SRC_T *)(xenfb->pixels \
- + xenfb->offset \
- + (line * xenfb->row_stride) \
- + (x * xenfb->depth / 8)); \
- DST_T *dst = (DST_T *)(data \
- + (line * linesize) \
- + (x * bpp / 8)); \
- int col; \
- const int RSS = 32 - (RSB + GSB + BSB); \
- const int GSS = 32 - (GSB + BSB); \
- const int BSS = 32 - (BSB); \
- const uint32_t RSM = (~0U) << (32 - RSB); \
- const uint32_t GSM = (~0U) << (32 - GSB); \
- const uint32_t BSM = (~0U) << (32 - BSB); \
- const int RDS = 32 - (RDB + GDB + BDB); \
- const int GDS = 32 - (GDB + BDB); \
- const int BDS = 32 - (BDB); \
- const uint32_t RDM = (~0U) << (32 - RDB); \
- const uint32_t GDM = (~0U) << (32 - GDB); \
- const uint32_t BDM = (~0U) << (32 - BDB); \
- for (col = x ; col < (x+w) ; col++) { \
- uint32_t spix = *src; \
- *dst = (((spix << RSS) & RSM & RDM) >> RDS) | \
- (((spix << GSS) & GSM & GDM) >> GDS) | \
- (((spix << BSS) & BSM & BDM) >> BDS); \
- src = (SRC_T *) ((unsigned long) src + xenfb->depth / 8); \
- dst = (DST_T *) ((unsigned long) dst + bpp / 8); \
- } \
- }
-
-
-/*
- * This copies data from the guest framebuffer region, into QEMU's
- * displaysurface. qemu uses 16 or 32 bpp. In case the pv framebuffer
- * uses something else we must convert and copy, otherwise we can
- * supply the buffer directly and no thing here.
- */
-static void xenfb_guest_copy(struct XenFB *xenfb, int x, int y, int w, int h)
-{
- int line, oops = 0;
- int bpp = ds_get_bits_per_pixel(xenfb->c.ds);
- int linesize = ds_get_linesize(xenfb->c.ds);
- uint8_t *data = ds_get_data(xenfb->c.ds);
-
- if (!is_buffer_shared(xenfb->c.ds->surface)) {
- switch (xenfb->depth) {
- case 8:
- if (bpp == 16) {
- BLT(uint8_t, uint16_t, 3, 3, 2, 5, 6, 5);
- } else if (bpp == 32) {
- BLT(uint8_t, uint32_t, 3, 3, 2, 8, 8, 8);
- } else {
- oops = 1;
- }
- break;
- case 24:
- if (bpp == 16) {
- BLT(uint32_t, uint16_t, 8, 8, 8, 5, 6, 5);
- } else if (bpp == 32) {
- BLT(uint32_t, uint32_t, 8, 8, 8, 8, 8, 8);
- } else {
- oops = 1;
- }
- break;
- default:
- oops = 1;
- }
- }
- if (oops) /* should not happen */
- xen_be_printf(&xenfb->c.xendev, 0, "%s: oops: convert %d -> %d bpp?\n",
- __FUNCTION__, xenfb->depth, bpp);
-
- dpy_gfx_update(xenfb->c.ds, x, y, w, h);
-}
-
-#ifdef XENFB_TYPE_REFRESH_PERIOD
-static int xenfb_queue_full(struct XenFB *xenfb)
-{
- struct xenfb_page *page = xenfb->c.page;
- uint32_t cons, prod;
-
- if (!page)
- return 1;
-
- prod = page->in_prod;
- cons = page->in_cons;
- return prod - cons == XENFB_IN_RING_LEN;
-}
-
-static void xenfb_send_event(struct XenFB *xenfb, union xenfb_in_event *event)
-{
- uint32_t prod;
- struct xenfb_page *page = xenfb->c.page;
-
- prod = page->in_prod;
- /* caller ensures !xenfb_queue_full() */
- xen_mb(); /* ensure ring space available */
- XENFB_IN_RING_REF(page, prod) = *event;
- xen_wmb(); /* ensure ring contents visible */
- page->in_prod = prod + 1;
-
- xen_be_send_notify(&xenfb->c.xendev);
-}
-
-static void xenfb_send_refresh_period(struct XenFB *xenfb, int period)
-{
- union xenfb_in_event event;
-
- memset(&event, 0, sizeof(event));
- event.type = XENFB_TYPE_REFRESH_PERIOD;
- event.refresh_period.period = period;
- xenfb_send_event(xenfb, &event);
-}
-#endif
-
-/*
- * Periodic update of display.
- * Also transmit the refresh interval to the frontend.
- *
- * Never ever do any qemu display operations
- * (resize, screen update) outside this function.
- * Our screen might be inactive. When asked for
- * an update we know it is active.
- */
-static void xenfb_update(void *opaque)
-{
- struct XenFB *xenfb = opaque;
- int i;
-
- if (xenfb->c.xendev.be_state != XenbusStateConnected)
- return;
-
- if (xenfb->feature_update) {
-#ifdef XENFB_TYPE_REFRESH_PERIOD
- struct DisplayChangeListener *l;
- int period = 99999999;
- int idle = 1;
-
- if (xenfb_queue_full(xenfb))
- return;
-
- QLIST_FOREACH(l, &xenfb->c.ds->listeners, next) {
- if (l->idle)
- continue;
- idle = 0;
- if (!l->gui_timer_interval) {
- if (period > GUI_REFRESH_INTERVAL)
- period = GUI_REFRESH_INTERVAL;
- } else {
- if (period > l->gui_timer_interval)
- period = l->gui_timer_interval;
- }
- }
- if (idle)
- period = XENFB_NO_REFRESH;
-
- if (xenfb->refresh_period != period) {
- xenfb_send_refresh_period(xenfb, period);
- xenfb->refresh_period = period;
- xen_be_printf(&xenfb->c.xendev, 1, "refresh period: %d\n", period);
- }
-#else
- ; /* nothing */
-#endif
- } else {
- /* we don't get update notifications, thus use the
- * sledge hammer approach ... */
- xenfb->up_fullscreen = 1;
- }
-
- /* resize if needed */
- if (xenfb->do_resize) {
- xenfb->do_resize = 0;
- switch (xenfb->depth) {
- case 16:
- case 32:
- /* console.c supported depth -> buffer can be used directly */
- qemu_free_displaysurface(xenfb->c.ds);
- xenfb->c.ds->surface = qemu_create_displaysurface_from
- (xenfb->width, xenfb->height, xenfb->depth,
- xenfb->row_stride, xenfb->pixels + xenfb->offset);
- break;
- default:
- /* we must convert stuff */
- qemu_resize_displaysurface(xenfb->c.ds, xenfb->width, xenfb->height);
- break;
- }
- xen_be_printf(&xenfb->c.xendev, 1, "update: resizing: %dx%d @ %d bpp%s\n",
- xenfb->width, xenfb->height, xenfb->depth,
- is_buffer_shared(xenfb->c.ds->surface) ? " (shared)" : "");
- dpy_gfx_resize(xenfb->c.ds);
- xenfb->up_fullscreen = 1;
- }
-
- /* run queued updates */
- if (xenfb->up_fullscreen) {
- xen_be_printf(&xenfb->c.xendev, 3, "update: fullscreen\n");
- xenfb_guest_copy(xenfb, 0, 0, xenfb->width, xenfb->height);
- } else if (xenfb->up_count) {
- xen_be_printf(&xenfb->c.xendev, 3, "update: %d rects\n", xenfb->up_count);
- for (i = 0; i < xenfb->up_count; i++)
- xenfb_guest_copy(xenfb,
- xenfb->up_rects[i].x,
- xenfb->up_rects[i].y,
- xenfb->up_rects[i].w,
- xenfb->up_rects[i].h);
- } else {
- xen_be_printf(&xenfb->c.xendev, 3, "update: nothing\n");
- }
- xenfb->up_count = 0;
- xenfb->up_fullscreen = 0;
-}
-
-/* QEMU display state changed, so refresh the framebuffer copy */
-static void xenfb_invalidate(void *opaque)
-{
- struct XenFB *xenfb = opaque;
- xenfb->up_fullscreen = 1;
-}
-
-static void xenfb_handle_events(struct XenFB *xenfb)
-{
- uint32_t prod, cons;
- struct xenfb_page *page = xenfb->c.page;
-
- prod = page->out_prod;
- if (prod == page->out_cons)
- return;
- xen_rmb(); /* ensure we see ring contents up to prod */
- for (cons = page->out_cons; cons != prod; cons++) {
- union xenfb_out_event *event = &XENFB_OUT_RING_REF(page, cons);
- int x, y, w, h;
-
- switch (event->type) {
- case XENFB_TYPE_UPDATE:
- if (xenfb->up_count == UP_QUEUE)
- xenfb->up_fullscreen = 1;
- if (xenfb->up_fullscreen)
- break;
- x = MAX(event->update.x, 0);
- y = MAX(event->update.y, 0);
- w = MIN(event->update.width, xenfb->width - x);
- h = MIN(event->update.height, xenfb->height - y);
- if (w < 0 || h < 0) {
- xen_be_printf(&xenfb->c.xendev, 1, "bogus update ignored\n");
- break;
- }
- if (x != event->update.x ||
- y != event->update.y ||
- w != event->update.width ||
- h != event->update.height) {
- xen_be_printf(&xenfb->c.xendev, 1, "bogus update clipped\n");
- }
- if (w == xenfb->width && h > xenfb->height / 2) {
- /* scroll detector: updated more than 50% of the lines,
- * don't bother keeping track of the rectangles then */
- xenfb->up_fullscreen = 1;
- } else {
- xenfb->up_rects[xenfb->up_count].x = x;
- xenfb->up_rects[xenfb->up_count].y = y;
- xenfb->up_rects[xenfb->up_count].w = w;
- xenfb->up_rects[xenfb->up_count].h = h;
- xenfb->up_count++;
- }
- break;
-#ifdef XENFB_TYPE_RESIZE
- case XENFB_TYPE_RESIZE:
- if (xenfb_configure_fb(xenfb, xenfb->fb_len,
- event->resize.width,
- event->resize.height,
- event->resize.depth,
- xenfb->fb_len,
- event->resize.offset,
- event->resize.stride) < 0)
- break;
- xenfb_invalidate(xenfb);
- break;
-#endif
- }
- }
- xen_mb(); /* ensure we're done with ring contents */
- page->out_cons = cons;
-}
-
-static int fb_init(struct XenDevice *xendev)
-{
- struct XenFB *fb = container_of(xendev, struct XenFB, c.xendev);
-
- fb->refresh_period = -1;
-
-#ifdef XENFB_TYPE_RESIZE
- xenstore_write_be_int(xendev, "feature-resize", 1);
-#endif
- return 0;
-}
-
-static int fb_initialise(struct XenDevice *xendev)
-{
- struct XenFB *fb = container_of(xendev, struct XenFB, c.xendev);
- struct xenfb_page *fb_page;
- int videoram;
- int rc;
-
- if (xenstore_read_fe_int(xendev, "videoram", &videoram) == -1)
- videoram = 0;
-
- rc = common_bind(&fb->c);
- if (rc != 0)
- return rc;
-
- fb_page = fb->c.page;
- rc = xenfb_configure_fb(fb, videoram * 1024 * 1024U,
- fb_page->width, fb_page->height, fb_page->depth,
- fb_page->mem_length, 0, fb_page->line_length);
- if (rc != 0)
- return rc;
-
- rc = xenfb_map_fb(fb);
- if (rc != 0)
- return rc;
-
-#if 0 /* handled in xen_init_display() for now */
- if (!fb->have_console) {
- fb->c.ds = graphic_console_init(xenfb_update,
- xenfb_invalidate,
- NULL,
- NULL,
- fb);
- fb->have_console = 1;
- }
-#endif
-
- if (xenstore_read_fe_int(xendev, "feature-update", &fb->feature_update) == -1)
- fb->feature_update = 0;
- if (fb->feature_update)
- xenstore_write_be_int(xendev, "request-update", 1);
-
- xen_be_printf(xendev, 1, "feature-update=%d, videoram=%d\n",
- fb->feature_update, videoram);
- return 0;
-}
-
-static void fb_disconnect(struct XenDevice *xendev)
-{
- struct XenFB *fb = container_of(xendev, struct XenFB, c.xendev);
-
- /*
- * FIXME: qemu can't un-init gfx display (yet?).
- * Replacing the framebuffer with anonymous shared memory
- * instead. This releases the guest pages and keeps qemu happy.
- */
- fb->pixels = mmap(fb->pixels, fb->fbpages * XC_PAGE_SIZE,
- PROT_READ | PROT_WRITE, MAP_SHARED | MAP_ANON,
- -1, 0);
- common_unbind(&fb->c);
- fb->feature_update = 0;
- fb->bug_trigger = 0;
-}
-
-static void fb_frontend_changed(struct XenDevice *xendev, const char *node)
-{
- struct XenFB *fb = container_of(xendev, struct XenFB, c.xendev);
-
- /*
- * Set state to Connected *again* once the frontend switched
- * to connected. We must trigger the watch a second time to
- * workaround a frontend bug.
- */
- if (fb->bug_trigger == 0 && strcmp(node, "state") == 0 &&
- xendev->fe_state == XenbusStateConnected &&
- xendev->be_state == XenbusStateConnected) {
- xen_be_printf(xendev, 2, "re-trigger connected (frontend bug)\n");
- xen_be_set_state(xendev, XenbusStateConnected);
- fb->bug_trigger = 1; /* only once */
- }
-}
-
-static void fb_event(struct XenDevice *xendev)
-{
- struct XenFB *xenfb = container_of(xendev, struct XenFB, c.xendev);
-
- xenfb_handle_events(xenfb);
- xen_be_send_notify(&xenfb->c.xendev);
-}
-
-/* -------------------------------------------------------------------- */
-
-struct XenDevOps xen_kbdmouse_ops = {
- .size = sizeof(struct XenInput),
- .init = input_init,
- .initialise = input_initialise,
- .connected = input_connected,
- .disconnect = input_disconnect,
- .event = input_event,
-};
-
-struct XenDevOps xen_framebuffer_ops = {
- .size = sizeof(struct XenFB),
- .init = fb_init,
- .initialise = fb_initialise,
- .disconnect = fb_disconnect,
- .event = fb_event,
- .frontend_changed = fb_frontend_changed,
-};
-
-/*
- * FIXME/TODO: Kill this.
- * Temporary needed while DisplayState reorganization is in flight.
- */
-void xen_init_display(int domid)
-{
- struct XenDevice *xfb, *xin;
- struct XenFB *fb;
- struct XenInput *in;
- int i = 0;
-
-wait_more:
- i++;
- main_loop_wait(true);
- xfb = xen_be_find_xendev("vfb", domid, 0);
- xin = xen_be_find_xendev("vkbd", domid, 0);
- if (!xfb || !xin) {
- if (i < 256) {
- usleep(10000);
- goto wait_more;
- }
- xen_be_printf(NULL, 1, "displaystate setup failed\n");
- return;
- }
-
- /* vfb */
- fb = container_of(xfb, struct XenFB, c.xendev);
- fb->c.ds = graphic_console_init(xenfb_update,
- xenfb_invalidate,
- NULL,
- NULL,
- fb);
- fb->have_console = 1;
-
- /* vkbd */
- in = container_of(xin, struct XenInput, c.xendev);
- in->c.ds = fb->c.ds;
-
- /* retry ->init() */
- xen_be_check_state(xin);
- xen_be_check_state(xfb);
-}
diff --git a/hw/xgmac.c b/hw/xgmac.c
deleted file mode 100644
index ec50c745d..000000000
--- a/hw/xgmac.c
+++ /dev/null
@@ -1,433 +0,0 @@
-/*
- * QEMU model of XGMAC Ethernet.
- *
- * derived from the Xilinx AXI-Ethernet by Edgar E. Iglesias.
- *
- * Copyright (c) 2011 Calxeda, Inc.
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
- * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
- * THE SOFTWARE.
- */
-
-#include "sysbus.h"
-#include "qemu-char.h"
-#include "qemu-log.h"
-#include "net.h"
-#include "net/checksum.h"
-
-#ifdef DEBUG_XGMAC
-#define DEBUGF_BRK(message, args...) do { \
- fprintf(stderr, (message), ## args); \
- } while (0)
-#else
-#define DEBUGF_BRK(message, args...) do { } while (0)
-#endif
-
-#define XGMAC_CONTROL 0x00000000 /* MAC Configuration */
-#define XGMAC_FRAME_FILTER 0x00000001 /* MAC Frame Filter */
-#define XGMAC_FLOW_CTRL 0x00000006 /* MAC Flow Control */
-#define XGMAC_VLAN_TAG 0x00000007 /* VLAN Tags */
-#define XGMAC_VERSION 0x00000008 /* Version */
-/* VLAN tag for insertion or replacement into tx frames */
-#define XGMAC_VLAN_INCL 0x00000009
-#define XGMAC_LPI_CTRL 0x0000000a /* LPI Control and Status */
-#define XGMAC_LPI_TIMER 0x0000000b /* LPI Timers Control */
-#define XGMAC_TX_PACE 0x0000000c /* Transmit Pace and Stretch */
-#define XGMAC_VLAN_HASH 0x0000000d /* VLAN Hash Table */
-#define XGMAC_DEBUG 0x0000000e /* Debug */
-#define XGMAC_INT_STATUS 0x0000000f /* Interrupt and Control */
-/* HASH table registers */
-#define XGMAC_HASH(n) ((0x00000300/4) + (n))
-#define XGMAC_NUM_HASH 16
-/* Operation Mode */
-#define XGMAC_OPMODE (0x00000400/4)
-/* Remote Wake-Up Frame Filter */
-#define XGMAC_REMOTE_WAKE (0x00000700/4)
-/* PMT Control and Status */
-#define XGMAC_PMT (0x00000704/4)
-
-#define XGMAC_ADDR_HIGH(reg) (0x00000010+((reg) * 2))
-#define XGMAC_ADDR_LOW(reg) (0x00000011+((reg) * 2))
-
-#define DMA_BUS_MODE 0x000003c0 /* Bus Mode */
-#define DMA_XMT_POLL_DEMAND 0x000003c1 /* Transmit Poll Demand */
-#define DMA_RCV_POLL_DEMAND 0x000003c2 /* Received Poll Demand */
-#define DMA_RCV_BASE_ADDR 0x000003c3 /* Receive List Base */
-#define DMA_TX_BASE_ADDR 0x000003c4 /* Transmit List Base */
-#define DMA_STATUS 0x000003c5 /* Status Register */
-#define DMA_CONTROL 0x000003c6 /* Ctrl (Operational Mode) */
-#define DMA_INTR_ENA 0x000003c7 /* Interrupt Enable */
-#define DMA_MISSED_FRAME_CTR 0x000003c8 /* Missed Frame Counter */
-/* Receive Interrupt Watchdog Timer */
-#define DMA_RI_WATCHDOG_TIMER 0x000003c9
-#define DMA_AXI_BUS 0x000003ca /* AXI Bus Mode */
-#define DMA_AXI_STATUS 0x000003cb /* AXI Status */
-#define DMA_CUR_TX_DESC_ADDR 0x000003d2 /* Current Host Tx Descriptor */
-#define DMA_CUR_RX_DESC_ADDR 0x000003d3 /* Current Host Rx Descriptor */
-#define DMA_CUR_TX_BUF_ADDR 0x000003d4 /* Current Host Tx Buffer */
-#define DMA_CUR_RX_BUF_ADDR 0x000003d5 /* Current Host Rx Buffer */
-#define DMA_HW_FEATURE 0x000003d6 /* Enabled Hardware Features */
-
-/* DMA Status register defines */
-#define DMA_STATUS_GMI 0x08000000 /* MMC interrupt */
-#define DMA_STATUS_GLI 0x04000000 /* GMAC Line interface int */
-#define DMA_STATUS_EB_MASK 0x00380000 /* Error Bits Mask */
-#define DMA_STATUS_EB_TX_ABORT 0x00080000 /* Error Bits - TX Abort */
-#define DMA_STATUS_EB_RX_ABORT 0x00100000 /* Error Bits - RX Abort */
-#define DMA_STATUS_TS_MASK 0x00700000 /* Transmit Process State */
-#define DMA_STATUS_TS_SHIFT 20
-#define DMA_STATUS_RS_MASK 0x000e0000 /* Receive Process State */
-#define DMA_STATUS_RS_SHIFT 17
-#define DMA_STATUS_NIS 0x00010000 /* Normal Interrupt Summary */
-#define DMA_STATUS_AIS 0x00008000 /* Abnormal Interrupt Summary */
-#define DMA_STATUS_ERI 0x00004000 /* Early Receive Interrupt */
-#define DMA_STATUS_FBI 0x00002000 /* Fatal Bus Error Interrupt */
-#define DMA_STATUS_ETI 0x00000400 /* Early Transmit Interrupt */
-#define DMA_STATUS_RWT 0x00000200 /* Receive Watchdog Timeout */
-#define DMA_STATUS_RPS 0x00000100 /* Receive Process Stopped */
-#define DMA_STATUS_RU 0x00000080 /* Receive Buffer Unavailable */
-#define DMA_STATUS_RI 0x00000040 /* Receive Interrupt */
-#define DMA_STATUS_UNF 0x00000020 /* Transmit Underflow */
-#define DMA_STATUS_OVF 0x00000010 /* Receive Overflow */
-#define DMA_STATUS_TJT 0x00000008 /* Transmit Jabber Timeout */
-#define DMA_STATUS_TU 0x00000004 /* Transmit Buffer Unavailable */
-#define DMA_STATUS_TPS 0x00000002 /* Transmit Process Stopped */
-#define DMA_STATUS_TI 0x00000001 /* Transmit Interrupt */
-
-/* DMA Control register defines */
-#define DMA_CONTROL_ST 0x00002000 /* Start/Stop Transmission */
-#define DMA_CONTROL_SR 0x00000002 /* Start/Stop Receive */
-#define DMA_CONTROL_DFF 0x01000000 /* Disable flush of rx frames */
-
-struct desc {
- uint32_t ctl_stat;
- uint16_t buffer1_size;
- uint16_t buffer2_size;
- uint32_t buffer1_addr;
- uint32_t buffer2_addr;
- uint32_t ext_stat;
- uint32_t res[3];
-};
-
-#define R_MAX 0x400
-
-typedef struct RxTxStats {
- uint64_t rx_bytes;
- uint64_t tx_bytes;
-
- uint64_t rx;
- uint64_t rx_bcast;
- uint64_t rx_mcast;
-} RxTxStats;
-
-typedef struct XgmacState {
- SysBusDevice busdev;
- MemoryRegion iomem;
- qemu_irq sbd_irq;
- qemu_irq pmt_irq;
- qemu_irq mci_irq;
- NICState *nic;
- NICConf conf;
-
- struct RxTxStats stats;
- uint32_t regs[R_MAX];
-} XgmacState;
-
-const VMStateDescription vmstate_rxtx_stats = {
- .name = "xgmac_stats",
- .version_id = 1,
- .minimum_version_id = 1,
- .fields = (VMStateField[]) {
- VMSTATE_UINT64(rx_bytes, RxTxStats),
- VMSTATE_UINT64(tx_bytes, RxTxStats),
- VMSTATE_UINT64(rx, RxTxStats),
- VMSTATE_UINT64(rx_bcast, RxTxStats),
- VMSTATE_UINT64(rx_mcast, RxTxStats),
- VMSTATE_END_OF_LIST()
- }
-};
-
-static const VMStateDescription vmstate_xgmac = {
- .name = "xgmac",
- .version_id = 1,
- .minimum_version_id = 1,
- .fields = (VMStateField[]) {
- VMSTATE_STRUCT(stats, XgmacState, 0, vmstate_rxtx_stats, RxTxStats),
- VMSTATE_UINT32_ARRAY(regs, XgmacState, R_MAX),
- VMSTATE_END_OF_LIST()
- }
-};
-
-static void xgmac_read_desc(struct XgmacState *s, struct desc *d, int rx)
-{
- uint32_t addr = rx ? s->regs[DMA_CUR_RX_DESC_ADDR] :
- s->regs[DMA_CUR_TX_DESC_ADDR];
- cpu_physical_memory_read(addr, d, sizeof(*d));
-}
-
-static void xgmac_write_desc(struct XgmacState *s, struct desc *d, int rx)
-{
- int reg = rx ? DMA_CUR_RX_DESC_ADDR : DMA_CUR_TX_DESC_ADDR;
- uint32_t addr = s->regs[reg];
-
- if (!rx && (d->ctl_stat & 0x00200000)) {
- s->regs[reg] = s->regs[DMA_TX_BASE_ADDR];
- } else if (rx && (d->buffer1_size & 0x8000)) {
- s->regs[reg] = s->regs[DMA_RCV_BASE_ADDR];
- } else {
- s->regs[reg] += sizeof(*d);
- }
- cpu_physical_memory_write(addr, d, sizeof(*d));
-}
-
-static void xgmac_enet_send(struct XgmacState *s)
-{
- struct desc bd;
- int frame_size;
- int len;
- uint8_t frame[8192];
- uint8_t *ptr;
-
- ptr = frame;
- frame_size = 0;
- while (1) {
- xgmac_read_desc(s, &bd, 0);
- if ((bd.ctl_stat & 0x80000000) == 0) {
- /* Run out of descriptors to transmit. */
- break;
- }
- len = (bd.buffer1_size & 0xfff) + (bd.buffer2_size & 0xfff);
-
- if ((bd.buffer1_size & 0xfff) > 2048) {
- DEBUGF_BRK("qemu:%s:ERROR...ERROR...ERROR... -- "
- "xgmac buffer 1 len on send > 2048 (0x%x)\n",
- __func__, bd.buffer1_size & 0xfff);
- }
- if ((bd.buffer2_size & 0xfff) != 0) {
- DEBUGF_BRK("qemu:%s:ERROR...ERROR...ERROR... -- "
- "xgmac buffer 2 len on send != 0 (0x%x)\n",
- __func__, bd.buffer2_size & 0xfff);
- }
- if (len >= sizeof(frame)) {
- DEBUGF_BRK("qemu:%s: buffer overflow %d read into %zu "
- "buffer\n" , __func__, len, sizeof(frame));
- DEBUGF_BRK("qemu:%s: buffer1.size=%d; buffer2.size=%d\n",
- __func__, bd.buffer1_size, bd.buffer2_size);
- }
-
- cpu_physical_memory_read(bd.buffer1_addr, ptr, len);
- ptr += len;
- frame_size += len;
- if (bd.ctl_stat & 0x20000000) {
- /* Last buffer in frame. */
- qemu_send_packet(&s->nic->nc, frame, len);
- ptr = frame;
- frame_size = 0;
- s->regs[DMA_STATUS] |= DMA_STATUS_TI | DMA_STATUS_NIS;
- }
- bd.ctl_stat &= ~0x80000000;
- /* Write back the modified descriptor. */
- xgmac_write_desc(s, &bd, 0);
- }
-}
-
-static void enet_update_irq(struct XgmacState *s)
-{
- int stat = s->regs[DMA_STATUS] & s->regs[DMA_INTR_ENA];
- qemu_set_irq(s->sbd_irq, !!stat);
-}
-
-static uint64_t enet_read(void *opaque, hwaddr addr, unsigned size)
-{
- struct XgmacState *s = opaque;
- uint64_t r = 0;
- addr >>= 2;
-
- switch (addr) {
- case XGMAC_VERSION:
- r = 0x1012;
- break;
- default:
- if (addr < ARRAY_SIZE(s->regs)) {
- r = s->regs[addr];
- }
- break;
- }
- return r;
-}
-
-static void enet_write(void *opaque, hwaddr addr,
- uint64_t value, unsigned size)
-{
- struct XgmacState *s = opaque;
-
- addr >>= 2;
- switch (addr) {
- case DMA_BUS_MODE:
- s->regs[DMA_BUS_MODE] = value & ~0x1;
- break;
- case DMA_XMT_POLL_DEMAND:
- xgmac_enet_send(s);
- break;
- case DMA_STATUS:
- s->regs[DMA_STATUS] = s->regs[DMA_STATUS] & ~value;
- break;
- case DMA_RCV_BASE_ADDR:
- s->regs[DMA_RCV_BASE_ADDR] = s->regs[DMA_CUR_RX_DESC_ADDR] = value;
- break;
- case DMA_TX_BASE_ADDR:
- s->regs[DMA_TX_BASE_ADDR] = s->regs[DMA_CUR_TX_DESC_ADDR] = value;
- break;
- default:
- if (addr < ARRAY_SIZE(s->regs)) {
- s->regs[addr] = value;
- }
- break;
- }
- enet_update_irq(s);
-}
-
-static const MemoryRegionOps enet_mem_ops = {
- .read = enet_read,
- .write = enet_write,
- .endianness = DEVICE_LITTLE_ENDIAN,
-};
-
-static int eth_can_rx(NetClientState *nc)
-{
- struct XgmacState *s = DO_UPCAST(NICState, nc, nc)->opaque;
-
- /* RX enabled? */
- return s->regs[DMA_CONTROL] & DMA_CONTROL_SR;
-}
-
-static ssize_t eth_rx(NetClientState *nc, const uint8_t *buf, size_t size)
-{
- struct XgmacState *s = DO_UPCAST(NICState, nc, nc)->opaque;
- static const unsigned char sa_bcast[6] = {0xff, 0xff, 0xff,
- 0xff, 0xff, 0xff};
- int unicast, broadcast, multicast;
- struct desc bd;
- ssize_t ret;
-
- unicast = ~buf[0] & 0x1;
- broadcast = memcmp(buf, sa_bcast, 6) == 0;
- multicast = !unicast && !broadcast;
- if (size < 12) {
- s->regs[DMA_STATUS] |= DMA_STATUS_RI | DMA_STATUS_NIS;
- ret = -1;
- goto out;
- }
-
- xgmac_read_desc(s, &bd, 1);
- if ((bd.ctl_stat & 0x80000000) == 0) {
- s->regs[DMA_STATUS] |= DMA_STATUS_RU | DMA_STATUS_AIS;
- ret = size;
- goto out;
- }
-
- cpu_physical_memory_write(bd.buffer1_addr, buf, size);
-
- /* Add in the 4 bytes for crc (the real hw returns length incl crc) */
- size += 4;
- bd.ctl_stat = (size << 16) | 0x300;
- xgmac_write_desc(s, &bd, 1);
-
- s->stats.rx_bytes += size;
- s->stats.rx++;
- if (multicast) {
- s->stats.rx_mcast++;
- } else if (broadcast) {
- s->stats.rx_bcast++;
- }
-
- s->regs[DMA_STATUS] |= DMA_STATUS_RI | DMA_STATUS_NIS;
- ret = size;
-
-out:
- enet_update_irq(s);
- return ret;
-}
-
-static void eth_cleanup(NetClientState *nc)
-{
- struct XgmacState *s = DO_UPCAST(NICState, nc, nc)->opaque;
- s->nic = NULL;
-}
-
-static NetClientInfo net_xgmac_enet_info = {
- .type = NET_CLIENT_OPTIONS_KIND_NIC,
- .size = sizeof(NICState),
- .can_receive = eth_can_rx,
- .receive = eth_rx,
- .cleanup = eth_cleanup,
-};
-
-static int xgmac_enet_init(SysBusDevice *dev)
-{
- struct XgmacState *s = FROM_SYSBUS(typeof(*s), dev);
-
- memory_region_init_io(&s->iomem, &enet_mem_ops, s, "xgmac", 0x1000);
- sysbus_init_mmio(dev, &s->iomem);
- sysbus_init_irq(dev, &s->sbd_irq);
- sysbus_init_irq(dev, &s->pmt_irq);
- sysbus_init_irq(dev, &s->mci_irq);
-
- qemu_macaddr_default_if_unset(&s->conf.macaddr);
- s->nic = qemu_new_nic(&net_xgmac_enet_info, &s->conf,
- object_get_typename(OBJECT(dev)), dev->qdev.id, s);
- qemu_format_nic_info_str(&s->nic->nc, s->conf.macaddr.a);
-
- s->regs[XGMAC_ADDR_HIGH(0)] = (s->conf.macaddr.a[5] << 8) |
- s->conf.macaddr.a[4];
- s->regs[XGMAC_ADDR_LOW(0)] = (s->conf.macaddr.a[3] << 24) |
- (s->conf.macaddr.a[2] << 16) |
- (s->conf.macaddr.a[1] << 8) |
- s->conf.macaddr.a[0];
-
- return 0;
-}
-
-static Property xgmac_properties[] = {
- DEFINE_NIC_PROPERTIES(struct XgmacState, conf),
- DEFINE_PROP_END_OF_LIST(),
-};
-
-static void xgmac_enet_class_init(ObjectClass *klass, void *data)
-{
- SysBusDeviceClass *sbc = SYS_BUS_DEVICE_CLASS(klass);
- DeviceClass *dc = DEVICE_CLASS(klass);
-
- sbc->init = xgmac_enet_init;
- dc->vmsd = &vmstate_xgmac;
- dc->props = xgmac_properties;
-}
-
-static TypeInfo xgmac_enet_info = {
- .name = "xgmac",
- .parent = TYPE_SYS_BUS_DEVICE,
- .instance_size = sizeof(struct XgmacState),
- .class_init = xgmac_enet_class_init,
-};
-
-static void xgmac_enet_register_types(void)
-{
- type_register_static(&xgmac_enet_info);
-}
-
-type_init(xgmac_enet_register_types)
diff --git a/hw/xics.c b/hw/xics.c
deleted file mode 100644
index 1da310653..000000000
--- a/hw/xics.c
+++ /dev/null
@@ -1,573 +0,0 @@
-/*
- * QEMU PowerPC pSeries Logical Partition (aka sPAPR) hardware System Emulator
- *
- * PAPR Virtualized Interrupt System, aka ICS/ICP aka xics
- *
- * Copyright (c) 2010,2011 David Gibson, IBM Corporation.
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
- * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
- * THE SOFTWARE.
- *
- */
-
-#include "hw.h"
-#include "hw/spapr.h"
-#include "hw/xics.h"
-
-/*
- * ICP: Presentation layer
- */
-
-struct icp_server_state {
- uint32_t xirr;
- uint8_t pending_priority;
- uint8_t mfrr;
- qemu_irq output;
-};
-
-#define XISR_MASK 0x00ffffff
-#define CPPR_MASK 0xff000000
-
-#define XISR(ss) (((ss)->xirr) & XISR_MASK)
-#define CPPR(ss) (((ss)->xirr) >> 24)
-
-struct ics_state;
-
-struct icp_state {
- long nr_servers;
- struct icp_server_state *ss;
- struct ics_state *ics;
-};
-
-static void ics_reject(struct ics_state *ics, int nr);
-static void ics_resend(struct ics_state *ics);
-static void ics_eoi(struct ics_state *ics, int nr);
-
-static void icp_check_ipi(struct icp_state *icp, int server)
-{
- struct icp_server_state *ss = icp->ss + server;
-
- if (XISR(ss) && (ss->pending_priority <= ss->mfrr)) {
- return;
- }
-
- if (XISR(ss)) {
- ics_reject(icp->ics, XISR(ss));
- }
-
- ss->xirr = (ss->xirr & ~XISR_MASK) | XICS_IPI;
- ss->pending_priority = ss->mfrr;
- qemu_irq_raise(ss->output);
-}
-
-static void icp_resend(struct icp_state *icp, int server)
-{
- struct icp_server_state *ss = icp->ss + server;
-
- if (ss->mfrr < CPPR(ss)) {
- icp_check_ipi(icp, server);
- }
- ics_resend(icp->ics);
-}
-
-static void icp_set_cppr(struct icp_state *icp, int server, uint8_t cppr)
-{
- struct icp_server_state *ss = icp->ss + server;
- uint8_t old_cppr;
- uint32_t old_xisr;
-
- old_cppr = CPPR(ss);
- ss->xirr = (ss->xirr & ~CPPR_MASK) | (cppr << 24);
-
- if (cppr < old_cppr) {
- if (XISR(ss) && (cppr <= ss->pending_priority)) {
- old_xisr = XISR(ss);
- ss->xirr &= ~XISR_MASK; /* Clear XISR */
- qemu_irq_lower(ss->output);
- ics_reject(icp->ics, old_xisr);
- }
- } else {
- if (!XISR(ss)) {
- icp_resend(icp, server);
- }
- }
-}
-
-static void icp_set_mfrr(struct icp_state *icp, int server, uint8_t mfrr)
-{
- struct icp_server_state *ss = icp->ss + server;
-
- ss->mfrr = mfrr;
- if (mfrr < CPPR(ss)) {
- icp_check_ipi(icp, server);
- }
-}
-
-static uint32_t icp_accept(struct icp_server_state *ss)
-{
- uint32_t xirr;
-
- qemu_irq_lower(ss->output);
- xirr = ss->xirr;
- ss->xirr = ss->pending_priority << 24;
- return xirr;
-}
-
-static void icp_eoi(struct icp_state *icp, int server, uint32_t xirr)
-{
- struct icp_server_state *ss = icp->ss + server;
-
- /* Send EOI -> ICS */
- ss->xirr = (ss->xirr & ~CPPR_MASK) | (xirr & CPPR_MASK);
- ics_eoi(icp->ics, xirr & XISR_MASK);
- if (!XISR(ss)) {
- icp_resend(icp, server);
- }
-}
-
-static void icp_irq(struct icp_state *icp, int server, int nr, uint8_t priority)
-{
- struct icp_server_state *ss = icp->ss + server;
-
- if ((priority >= CPPR(ss))
- || (XISR(ss) && (ss->pending_priority <= priority))) {
- ics_reject(icp->ics, nr);
- } else {
- if (XISR(ss)) {
- ics_reject(icp->ics, XISR(ss));
- }
- ss->xirr = (ss->xirr & ~XISR_MASK) | (nr & XISR_MASK);
- ss->pending_priority = priority;
- qemu_irq_raise(ss->output);
- }
-}
-
-/*
- * ICS: Source layer
- */
-
-struct ics_irq_state {
- int server;
- uint8_t priority;
- uint8_t saved_priority;
-#define XICS_STATUS_ASSERTED 0x1
-#define XICS_STATUS_SENT 0x2
-#define XICS_STATUS_REJECTED 0x4
-#define XICS_STATUS_MASKED_PENDING 0x8
- uint8_t status;
- bool lsi;
-};
-
-struct ics_state {
- int nr_irqs;
- int offset;
- qemu_irq *qirqs;
- struct ics_irq_state *irqs;
- struct icp_state *icp;
-};
-
-static int ics_valid_irq(struct ics_state *ics, uint32_t nr)
-{
- return (nr >= ics->offset)
- && (nr < (ics->offset + ics->nr_irqs));
-}
-
-static void resend_msi(struct ics_state *ics, int srcno)
-{
- struct ics_irq_state *irq = ics->irqs + srcno;
-
- /* FIXME: filter by server#? */
- if (irq->status & XICS_STATUS_REJECTED) {
- irq->status &= ~XICS_STATUS_REJECTED;
- if (irq->priority != 0xff) {
- icp_irq(ics->icp, irq->server, srcno + ics->offset,
- irq->priority);
- }
- }
-}
-
-static void resend_lsi(struct ics_state *ics, int srcno)
-{
- struct ics_irq_state *irq = ics->irqs + srcno;
-
- if ((irq->priority != 0xff)
- && (irq->status & XICS_STATUS_ASSERTED)
- && !(irq->status & XICS_STATUS_SENT)) {
- irq->status |= XICS_STATUS_SENT;
- icp_irq(ics->icp, irq->server, srcno + ics->offset, irq->priority);
- }
-}
-
-static void set_irq_msi(struct ics_state *ics, int srcno, int val)
-{
- struct ics_irq_state *irq = ics->irqs + srcno;
-
- if (val) {
- if (irq->priority == 0xff) {
- irq->status |= XICS_STATUS_MASKED_PENDING;
- /* masked pending */ ;
- } else {
- icp_irq(ics->icp, irq->server, srcno + ics->offset, irq->priority);
- }
- }
-}
-
-static void set_irq_lsi(struct ics_state *ics, int srcno, int val)
-{
- struct ics_irq_state *irq = ics->irqs + srcno;
-
- if (val) {
- irq->status |= XICS_STATUS_ASSERTED;
- } else {
- irq->status &= ~XICS_STATUS_ASSERTED;
- }
- resend_lsi(ics, srcno);
-}
-
-static void ics_set_irq(void *opaque, int srcno, int val)
-{
- struct ics_state *ics = (struct ics_state *)opaque;
- struct ics_irq_state *irq = ics->irqs + srcno;
-
- if (irq->lsi) {
- set_irq_lsi(ics, srcno, val);
- } else {
- set_irq_msi(ics, srcno, val);
- }
-}
-
-static void write_xive_msi(struct ics_state *ics, int srcno)
-{
- struct ics_irq_state *irq = ics->irqs + srcno;
-
- if (!(irq->status & XICS_STATUS_MASKED_PENDING)
- || (irq->priority == 0xff)) {
- return;
- }
-
- irq->status &= ~XICS_STATUS_MASKED_PENDING;
- icp_irq(ics->icp, irq->server, srcno + ics->offset, irq->priority);
-}
-
-static void write_xive_lsi(struct ics_state *ics, int srcno)
-{
- resend_lsi(ics, srcno);
-}
-
-static void ics_write_xive(struct ics_state *ics, int nr, int server,
- uint8_t priority, uint8_t saved_priority)
-{
- int srcno = nr - ics->offset;
- struct ics_irq_state *irq = ics->irqs + srcno;
-
- irq->server = server;
- irq->priority = priority;
- irq->saved_priority = saved_priority;
-
- if (irq->lsi) {
- write_xive_lsi(ics, srcno);
- } else {
- write_xive_msi(ics, srcno);
- }
-}
-
-static void ics_reject(struct ics_state *ics, int nr)
-{
- struct ics_irq_state *irq = ics->irqs + nr - ics->offset;
-
- irq->status |= XICS_STATUS_REJECTED; /* Irrelevant but harmless for LSI */
- irq->status &= ~XICS_STATUS_SENT; /* Irrelevant but harmless for MSI */
-}
-
-static void ics_resend(struct ics_state *ics)
-{
- int i;
-
- for (i = 0; i < ics->nr_irqs; i++) {
- struct ics_irq_state *irq = ics->irqs + i;
-
- /* FIXME: filter by server#? */
- if (irq->lsi) {
- resend_lsi(ics, i);
- } else {
- resend_msi(ics, i);
- }
- }
-}
-
-static void ics_eoi(struct ics_state *ics, int nr)
-{
- int srcno = nr - ics->offset;
- struct ics_irq_state *irq = ics->irqs + srcno;
-
- if (irq->lsi) {
- irq->status &= ~XICS_STATUS_SENT;
- }
-}
-
-/*
- * Exported functions
- */
-
-qemu_irq xics_get_qirq(struct icp_state *icp, int irq)
-{
- if (!ics_valid_irq(icp->ics, irq)) {
- return NULL;
- }
-
- return icp->ics->qirqs[irq - icp->ics->offset];
-}
-
-void xics_set_irq_type(struct icp_state *icp, int irq, bool lsi)
-{
- assert(ics_valid_irq(icp->ics, irq));
-
- icp->ics->irqs[irq - icp->ics->offset].lsi = lsi;
-}
-
-static target_ulong h_cppr(PowerPCCPU *cpu, sPAPREnvironment *spapr,
- target_ulong opcode, target_ulong *args)
-{
- CPUPPCState *env = &cpu->env;
- target_ulong cppr = args[0];
-
- icp_set_cppr(spapr->icp, env->cpu_index, cppr);
- return H_SUCCESS;
-}
-
-static target_ulong h_ipi(PowerPCCPU *cpu, sPAPREnvironment *spapr,
- target_ulong opcode, target_ulong *args)
-{
- target_ulong server = args[0];
- target_ulong mfrr = args[1];
-
- if (server >= spapr->icp->nr_servers) {
- return H_PARAMETER;
- }
-
- icp_set_mfrr(spapr->icp, server, mfrr);
- return H_SUCCESS;
-
-}
-
-static target_ulong h_xirr(PowerPCCPU *cpu, sPAPREnvironment *spapr,
- target_ulong opcode, target_ulong *args)
-{
- CPUPPCState *env = &cpu->env;
- uint32_t xirr = icp_accept(spapr->icp->ss + env->cpu_index);
-
- args[0] = xirr;
- return H_SUCCESS;
-}
-
-static target_ulong h_eoi(PowerPCCPU *cpu, sPAPREnvironment *spapr,
- target_ulong opcode, target_ulong *args)
-{
- CPUPPCState *env = &cpu->env;
- target_ulong xirr = args[0];
-
- icp_eoi(spapr->icp, env->cpu_index, xirr);
- return H_SUCCESS;
-}
-
-static void rtas_set_xive(sPAPREnvironment *spapr, uint32_t token,
- uint32_t nargs, target_ulong args,
- uint32_t nret, target_ulong rets)
-{
- struct ics_state *ics = spapr->icp->ics;
- uint32_t nr, server, priority;
-
- if ((nargs != 3) || (nret != 1)) {
- rtas_st(rets, 0, -3);
- return;
- }
-
- nr = rtas_ld(args, 0);
- server = rtas_ld(args, 1);
- priority = rtas_ld(args, 2);
-
- if (!ics_valid_irq(ics, nr) || (server >= ics->icp->nr_servers)
- || (priority > 0xff)) {
- rtas_st(rets, 0, -3);
- return;
- }
-
- ics_write_xive(ics, nr, server, priority, priority);
-
- rtas_st(rets, 0, 0); /* Success */
-}
-
-static void rtas_get_xive(sPAPREnvironment *spapr, uint32_t token,
- uint32_t nargs, target_ulong args,
- uint32_t nret, target_ulong rets)
-{
- struct ics_state *ics = spapr->icp->ics;
- uint32_t nr;
-
- if ((nargs != 1) || (nret != 3)) {
- rtas_st(rets, 0, -3);
- return;
- }
-
- nr = rtas_ld(args, 0);
-
- if (!ics_valid_irq(ics, nr)) {
- rtas_st(rets, 0, -3);
- return;
- }
-
- rtas_st(rets, 0, 0); /* Success */
- rtas_st(rets, 1, ics->irqs[nr - ics->offset].server);
- rtas_st(rets, 2, ics->irqs[nr - ics->offset].priority);
-}
-
-static void rtas_int_off(sPAPREnvironment *spapr, uint32_t token,
- uint32_t nargs, target_ulong args,
- uint32_t nret, target_ulong rets)
-{
- struct ics_state *ics = spapr->icp->ics;
- uint32_t nr;
-
- if ((nargs != 1) || (nret != 1)) {
- rtas_st(rets, 0, -3);
- return;
- }
-
- nr = rtas_ld(args, 0);
-
- if (!ics_valid_irq(ics, nr)) {
- rtas_st(rets, 0, -3);
- return;
- }
-
- ics_write_xive(ics, nr, ics->irqs[nr - ics->offset].server, 0xff,
- ics->irqs[nr - ics->offset].priority);
-
- rtas_st(rets, 0, 0); /* Success */
-}
-
-static void rtas_int_on(sPAPREnvironment *spapr, uint32_t token,
- uint32_t nargs, target_ulong args,
- uint32_t nret, target_ulong rets)
-{
- struct ics_state *ics = spapr->icp->ics;
- uint32_t nr;
-
- if ((nargs != 1) || (nret != 1)) {
- rtas_st(rets, 0, -3);
- return;
- }
-
- nr = rtas_ld(args, 0);
-
- if (!ics_valid_irq(ics, nr)) {
- rtas_st(rets, 0, -3);
- return;
- }
-
- ics_write_xive(ics, nr, ics->irqs[nr - ics->offset].server,
- ics->irqs[nr - ics->offset].saved_priority,
- ics->irqs[nr - ics->offset].saved_priority);
-
- rtas_st(rets, 0, 0); /* Success */
-}
-
-static void xics_reset(void *opaque)
-{
- struct icp_state *icp = (struct icp_state *)opaque;
- struct ics_state *ics = icp->ics;
- int i;
-
- for (i = 0; i < icp->nr_servers; i++) {
- icp->ss[i].xirr = 0;
- icp->ss[i].pending_priority = 0;
- icp->ss[i].mfrr = 0xff;
- /* Make all outputs are deasserted */
- qemu_set_irq(icp->ss[i].output, 0);
- }
-
- for (i = 0; i < ics->nr_irqs; i++) {
- /* Reset everything *except* the type */
- ics->irqs[i].server = 0;
- ics->irqs[i].status = 0;
- ics->irqs[i].priority = 0xff;
- ics->irqs[i].saved_priority = 0xff;
- }
-}
-
-struct icp_state *xics_system_init(int nr_irqs)
-{
- CPUPPCState *env;
- int max_server_num;
- struct icp_state *icp;
- struct ics_state *ics;
-
- max_server_num = -1;
- for (env = first_cpu; env != NULL; env = env->next_cpu) {
- if (env->cpu_index > max_server_num) {
- max_server_num = env->cpu_index;
- }
- }
-
- icp = g_malloc0(sizeof(*icp));
- icp->nr_servers = max_server_num + 1;
- icp->ss = g_malloc0(icp->nr_servers*sizeof(struct icp_server_state));
-
- for (env = first_cpu; env != NULL; env = env->next_cpu) {
- struct icp_server_state *ss = &icp->ss[env->cpu_index];
-
- switch (PPC_INPUT(env)) {
- case PPC_FLAGS_INPUT_POWER7:
- ss->output = env->irq_inputs[POWER7_INPUT_INT];
- break;
-
- case PPC_FLAGS_INPUT_970:
- ss->output = env->irq_inputs[PPC970_INPUT_INT];
- break;
-
- default:
- hw_error("XICS interrupt model does not support this CPU bus "
- "model\n");
- exit(1);
- }
- }
-
- ics = g_malloc0(sizeof(*ics));
- ics->nr_irqs = nr_irqs;
- ics->offset = 16;
- ics->irqs = g_malloc0(nr_irqs * sizeof(struct ics_irq_state));
-
- icp->ics = ics;
- ics->icp = icp;
-
- ics->qirqs = qemu_allocate_irqs(ics_set_irq, ics, nr_irqs);
-
- spapr_register_hypercall(H_CPPR, h_cppr);
- spapr_register_hypercall(H_IPI, h_ipi);
- spapr_register_hypercall(H_XIRR, h_xirr);
- spapr_register_hypercall(H_EOI, h_eoi);
-
- spapr_rtas_register("ibm,set-xive", rtas_set_xive);
- spapr_rtas_register("ibm,get-xive", rtas_get_xive);
- spapr_rtas_register("ibm,int-off", rtas_int_off);
- spapr_rtas_register("ibm,int-on", rtas_int_on);
-
- qemu_register_reset(xics_reset, icp);
-
- return icp;
-}
diff --git a/hw/xics.h b/hw/xics.h
deleted file mode 100644
index 681726869..000000000
--- a/hw/xics.h
+++ /dev/null
@@ -1,39 +0,0 @@
-/*
- * QEMU PowerPC pSeries Logical Partition (aka sPAPR) hardware System Emulator
- *
- * PAPR Virtualized Interrupt System, aka ICS/ICP aka xics
- *
- * Copyright (c) 2010,2011 David Gibson, IBM Corporation.
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
- * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
- * THE SOFTWARE.
- *
- */
-#if !defined(__XICS_H__)
-#define __XICS_H__
-
-#define XICS_IPI 0x2
-
-struct icp_state;
-
-qemu_irq xics_get_qirq(struct icp_state *icp, int irq);
-void xics_set_irq_type(struct icp_state *icp, int irq, bool lsi);
-
-struct icp_state *xics_system_init(int nr_irqs);
-
-#endif /* __XICS_H__ */
diff --git a/hw/xilinx.h b/hw/xilinx.h
deleted file mode 100644
index 9323fd07c..000000000
--- a/hw/xilinx.h
+++ /dev/null
@@ -1,92 +0,0 @@
-#include "stream.h"
-#include "qemu-common.h"
-#include "net.h"
-
-static inline DeviceState *
-xilinx_intc_create(hwaddr base, qemu_irq irq, int kind_of_intr)
-{
- DeviceState *dev;
-
- dev = qdev_create(NULL, "xlnx.xps-intc");
- qdev_prop_set_uint32(dev, "kind-of-intr", kind_of_intr);
- qdev_init_nofail(dev);
- sysbus_mmio_map(sysbus_from_qdev(dev), 0, base);
- sysbus_connect_irq(sysbus_from_qdev(dev), 0, irq);
- return dev;
-}
-
-/* OPB Timer/Counter. */
-static inline DeviceState *
-xilinx_timer_create(hwaddr base, qemu_irq irq, int oto, int freq)
-{
- DeviceState *dev;
-
- dev = qdev_create(NULL, "xlnx.xps-timer");
- qdev_prop_set_uint32(dev, "one-timer-only", oto);
- qdev_prop_set_uint32(dev, "clock-frequency", freq);
- qdev_init_nofail(dev);
- sysbus_mmio_map(sysbus_from_qdev(dev), 0, base);
- sysbus_connect_irq(sysbus_from_qdev(dev), 0, irq);
- return dev;
-}
-
-/* XPS Ethernet Lite MAC. */
-static inline DeviceState *
-xilinx_ethlite_create(NICInfo *nd, hwaddr base, qemu_irq irq,
- int txpingpong, int rxpingpong)
-{
- DeviceState *dev;
-
- qemu_check_nic_model(nd, "xlnx.xps-ethernetlite");
-
- dev = qdev_create(NULL, "xlnx.xps-ethernetlite");
- qdev_set_nic_properties(dev, nd);
- qdev_prop_set_uint32(dev, "tx-ping-pong", txpingpong);
- qdev_prop_set_uint32(dev, "rx-ping-pong", rxpingpong);
- qdev_init_nofail(dev);
- sysbus_mmio_map(sysbus_from_qdev(dev), 0, base);
- sysbus_connect_irq(sysbus_from_qdev(dev), 0, irq);
- return dev;
-}
-
-static inline DeviceState *
-xilinx_axiethernet_create(NICInfo *nd, StreamSlave *peer,
- hwaddr base, qemu_irq irq,
- int txmem, int rxmem)
-{
- DeviceState *dev;
- Error *errp = NULL;
-
- qemu_check_nic_model(nd, "xlnx.axi-ethernet");
-
- dev = qdev_create(NULL, "xlnx.axi-ethernet");
- qdev_set_nic_properties(dev, nd);
- qdev_prop_set_uint32(dev, "rxmem", rxmem);
- qdev_prop_set_uint32(dev, "txmem", txmem);
- object_property_set_link(OBJECT(dev), OBJECT(peer), "axistream-connected",
- &errp);
- assert_no_error(errp);
- qdev_init_nofail(dev);
- sysbus_mmio_map(sysbus_from_qdev(dev), 0, base);
- sysbus_connect_irq(sysbus_from_qdev(dev), 0, irq);
-
- return dev;
-}
-
-static inline void
-xilinx_axiethernetdma_init(DeviceState *dev, StreamSlave *peer,
- hwaddr base, qemu_irq irq,
- qemu_irq irq2, int freqhz)
-{
- Error *errp = NULL;
-
- qdev_prop_set_uint32(dev, "freqhz", freqhz);
- object_property_set_link(OBJECT(dev), OBJECT(peer), "axistream-connected",
- &errp);
- assert_no_error(errp);
- qdev_init_nofail(dev);
-
- sysbus_mmio_map(sysbus_from_qdev(dev), 0, base);
- sysbus_connect_irq(sysbus_from_qdev(dev), 0, irq);
- sysbus_connect_irq(sysbus_from_qdev(dev), 1, irq2);
-}
diff --git a/hw/xilinx_axidma.c b/hw/xilinx_axidma.c
deleted file mode 100644
index 4575da176..000000000
--- a/hw/xilinx_axidma.c
+++ /dev/null
@@ -1,524 +0,0 @@
-/*
- * QEMU model of Xilinx AXI-DMA block.
- *
- * Copyright (c) 2011 Edgar E. Iglesias.
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
- * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
- * THE SOFTWARE.
- */
-
-#include "sysbus.h"
-#include "qemu-char.h"
-#include "qemu-timer.h"
-#include "ptimer.h"
-#include "qemu-log.h"
-#include "qdev-addr.h"
-
-#include "stream.h"
-
-#define D(x)
-
-#define R_DMACR (0x00 / 4)
-#define R_DMASR (0x04 / 4)
-#define R_CURDESC (0x08 / 4)
-#define R_TAILDESC (0x10 / 4)
-#define R_MAX (0x30 / 4)
-
-enum {
- DMACR_RUNSTOP = 1,
- DMACR_TAILPTR_MODE = 2,
- DMACR_RESET = 4
-};
-
-enum {
- DMASR_HALTED = 1,
- DMASR_IDLE = 2,
- DMASR_IOC_IRQ = 1 << 12,
- DMASR_DLY_IRQ = 1 << 13,
-
- DMASR_IRQ_MASK = 7 << 12
-};
-
-struct SDesc {
- uint64_t nxtdesc;
- uint64_t buffer_address;
- uint64_t reserved;
- uint32_t control;
- uint32_t status;
- uint32_t app[6];
-};
-
-enum {
- SDESC_CTRL_EOF = (1 << 26),
- SDESC_CTRL_SOF = (1 << 27),
-
- SDESC_CTRL_LEN_MASK = (1 << 23) - 1
-};
-
-enum {
- SDESC_STATUS_EOF = (1 << 26),
- SDESC_STATUS_SOF_BIT = 27,
- SDESC_STATUS_SOF = (1 << SDESC_STATUS_SOF_BIT),
- SDESC_STATUS_COMPLETE = (1 << 31)
-};
-
-struct Stream {
- QEMUBH *bh;
- ptimer_state *ptimer;
- qemu_irq irq;
-
- int nr;
-
- struct SDesc desc;
- int pos;
- unsigned int complete_cnt;
- uint32_t regs[R_MAX];
-};
-
-struct XilinxAXIDMA {
- SysBusDevice busdev;
- MemoryRegion iomem;
- uint32_t freqhz;
- StreamSlave *tx_dev;
-
- struct Stream streams[2];
-};
-
-/*
- * Helper calls to extract info from desriptors and other trivial
- * state from regs.
- */
-static inline int stream_desc_sof(struct SDesc *d)
-{
- return d->control & SDESC_CTRL_SOF;
-}
-
-static inline int stream_desc_eof(struct SDesc *d)
-{
- return d->control & SDESC_CTRL_EOF;
-}
-
-static inline int stream_resetting(struct Stream *s)
-{
- return !!(s->regs[R_DMACR] & DMACR_RESET);
-}
-
-static inline int stream_running(struct Stream *s)
-{
- return s->regs[R_DMACR] & DMACR_RUNSTOP;
-}
-
-static inline int stream_halted(struct Stream *s)
-{
- return s->regs[R_DMASR] & DMASR_HALTED;
-}
-
-static inline int stream_idle(struct Stream *s)
-{
- return !!(s->regs[R_DMASR] & DMASR_IDLE);
-}
-
-static void stream_reset(struct Stream *s)
-{
- s->regs[R_DMASR] = DMASR_HALTED; /* starts up halted. */
- s->regs[R_DMACR] = 1 << 16; /* Starts with one in compl threshold. */
-}
-
-/* Map an offset addr into a channel index. */
-static inline int streamid_from_addr(hwaddr addr)
-{
- int sid;
-
- sid = addr / (0x30);
- sid &= 1;
- return sid;
-}
-
-#ifdef DEBUG_ENET
-static void stream_desc_show(struct SDesc *d)
-{
- qemu_log("buffer_addr = " PRIx64 "\n", d->buffer_address);
- qemu_log("nxtdesc = " PRIx64 "\n", d->nxtdesc);
- qemu_log("control = %x\n", d->control);
- qemu_log("status = %x\n", d->status);
-}
-#endif
-
-static void stream_desc_load(struct Stream *s, hwaddr addr)
-{
- struct SDesc *d = &s->desc;
- int i;
-
- cpu_physical_memory_read(addr, (void *) d, sizeof *d);
-
- /* Convert from LE into host endianness. */
- d->buffer_address = le64_to_cpu(d->buffer_address);
- d->nxtdesc = le64_to_cpu(d->nxtdesc);
- d->control = le32_to_cpu(d->control);
- d->status = le32_to_cpu(d->status);
- for (i = 0; i < ARRAY_SIZE(d->app); i++) {
- d->app[i] = le32_to_cpu(d->app[i]);
- }
-}
-
-static void stream_desc_store(struct Stream *s, hwaddr addr)
-{
- struct SDesc *d = &s->desc;
- int i;
-
- /* Convert from host endianness into LE. */
- d->buffer_address = cpu_to_le64(d->buffer_address);
- d->nxtdesc = cpu_to_le64(d->nxtdesc);
- d->control = cpu_to_le32(d->control);
- d->status = cpu_to_le32(d->status);
- for (i = 0; i < ARRAY_SIZE(d->app); i++) {
- d->app[i] = cpu_to_le32(d->app[i]);
- }
- cpu_physical_memory_write(addr, (void *) d, sizeof *d);
-}
-
-static void stream_update_irq(struct Stream *s)
-{
- unsigned int pending, mask, irq;
-
- pending = s->regs[R_DMASR] & DMASR_IRQ_MASK;
- mask = s->regs[R_DMACR] & DMASR_IRQ_MASK;
-
- irq = pending & mask;
-
- qemu_set_irq(s->irq, !!irq);
-}
-
-static void stream_reload_complete_cnt(struct Stream *s)
-{
- unsigned int comp_th;
- comp_th = (s->regs[R_DMACR] >> 16) & 0xff;
- s->complete_cnt = comp_th;
-}
-
-static void timer_hit(void *opaque)
-{
- struct Stream *s = opaque;
-
- stream_reload_complete_cnt(s);
- s->regs[R_DMASR] |= DMASR_DLY_IRQ;
- stream_update_irq(s);
-}
-
-static void stream_complete(struct Stream *s)
-{
- unsigned int comp_delay;
-
- /* Start the delayed timer. */
- comp_delay = s->regs[R_DMACR] >> 24;
- if (comp_delay) {
- ptimer_stop(s->ptimer);
- ptimer_set_count(s->ptimer, comp_delay);
- ptimer_run(s->ptimer, 1);
- }
-
- s->complete_cnt--;
- if (s->complete_cnt == 0) {
- /* Raise the IOC irq. */
- s->regs[R_DMASR] |= DMASR_IOC_IRQ;
- stream_reload_complete_cnt(s);
- }
-}
-
-static void stream_process_mem2s(struct Stream *s,
- StreamSlave *tx_dev)
-{
- uint32_t prev_d;
- unsigned char txbuf[16 * 1024];
- unsigned int txlen;
- uint32_t app[6];
-
- if (!stream_running(s) || stream_idle(s)) {
- return;
- }
-
- while (1) {
- stream_desc_load(s, s->regs[R_CURDESC]);
-
- if (s->desc.status & SDESC_STATUS_COMPLETE) {
- s->regs[R_DMASR] |= DMASR_IDLE;
- break;
- }
-
- if (stream_desc_sof(&s->desc)) {
- s->pos = 0;
- memcpy(app, s->desc.app, sizeof app);
- }
-
- txlen = s->desc.control & SDESC_CTRL_LEN_MASK;
- if ((txlen + s->pos) > sizeof txbuf) {
- hw_error("%s: too small internal txbuf! %d\n", __func__,
- txlen + s->pos);
- }
-
- cpu_physical_memory_read(s->desc.buffer_address,
- txbuf + s->pos, txlen);
- s->pos += txlen;
-
- if (stream_desc_eof(&s->desc)) {
- stream_push(tx_dev, txbuf, s->pos, app);
- s->pos = 0;
- stream_complete(s);
- }
-
- /* Update the descriptor. */
- s->desc.status = txlen | SDESC_STATUS_COMPLETE;
- stream_desc_store(s, s->regs[R_CURDESC]);
-
- /* Advance. */
- prev_d = s->regs[R_CURDESC];
- s->regs[R_CURDESC] = s->desc.nxtdesc;
- if (prev_d == s->regs[R_TAILDESC]) {
- s->regs[R_DMASR] |= DMASR_IDLE;
- break;
- }
- }
-}
-
-static void stream_process_s2mem(struct Stream *s,
- unsigned char *buf, size_t len, uint32_t *app)
-{
- uint32_t prev_d;
- unsigned int rxlen;
- int pos = 0;
- int sof = 1;
-
- if (!stream_running(s) || stream_idle(s)) {
- return;
- }
-
- while (len) {
- stream_desc_load(s, s->regs[R_CURDESC]);
-
- if (s->desc.status & SDESC_STATUS_COMPLETE) {
- s->regs[R_DMASR] |= DMASR_IDLE;
- break;
- }
-
- rxlen = s->desc.control & SDESC_CTRL_LEN_MASK;
- if (rxlen > len) {
- /* It fits. */
- rxlen = len;
- }
-
- cpu_physical_memory_write(s->desc.buffer_address, buf + pos, rxlen);
- len -= rxlen;
- pos += rxlen;
-
- /* Update the descriptor. */
- if (!len) {
- int i;
-
- stream_complete(s);
- for (i = 0; i < 5; i++) {
- s->desc.app[i] = app[i];
- }
- s->desc.status |= SDESC_STATUS_EOF;
- }
-
- s->desc.status |= sof << SDESC_STATUS_SOF_BIT;
- s->desc.status |= SDESC_STATUS_COMPLETE;
- stream_desc_store(s, s->regs[R_CURDESC]);
- sof = 0;
-
- /* Advance. */
- prev_d = s->regs[R_CURDESC];
- s->regs[R_CURDESC] = s->desc.nxtdesc;
- if (prev_d == s->regs[R_TAILDESC]) {
- s->regs[R_DMASR] |= DMASR_IDLE;
- break;
- }
- }
-}
-
-static void
-axidma_push(StreamSlave *obj, unsigned char *buf, size_t len, uint32_t *app)
-{
- struct XilinxAXIDMA *d = FROM_SYSBUS(typeof(*d), SYS_BUS_DEVICE(obj));
- struct Stream *s = &d->streams[1];
-
- if (!app) {
- hw_error("No stream app data!\n");
- }
- stream_process_s2mem(s, buf, len, app);
- stream_update_irq(s);
-}
-
-static uint64_t axidma_read(void *opaque, hwaddr addr,
- unsigned size)
-{
- struct XilinxAXIDMA *d = opaque;
- struct Stream *s;
- uint32_t r = 0;
- int sid;
-
- sid = streamid_from_addr(addr);
- s = &d->streams[sid];
-
- addr = addr % 0x30;
- addr >>= 2;
- switch (addr) {
- case R_DMACR:
- /* Simulate one cycles reset delay. */
- s->regs[addr] &= ~DMACR_RESET;
- r = s->regs[addr];
- break;
- case R_DMASR:
- s->regs[addr] &= 0xffff;
- s->regs[addr] |= (s->complete_cnt & 0xff) << 16;
- s->regs[addr] |= (ptimer_get_count(s->ptimer) & 0xff) << 24;
- r = s->regs[addr];
- break;
- default:
- r = s->regs[addr];
- D(qemu_log("%s ch=%d addr=" TARGET_FMT_plx " v=%x\n",
- __func__, sid, addr * 4, r));
- break;
- }
- return r;
-
-}
-
-static void axidma_write(void *opaque, hwaddr addr,
- uint64_t value, unsigned size)
-{
- struct XilinxAXIDMA *d = opaque;
- struct Stream *s;
- int sid;
-
- sid = streamid_from_addr(addr);
- s = &d->streams[sid];
-
- addr = addr % 0x30;
- addr >>= 2;
- switch (addr) {
- case R_DMACR:
- /* Tailptr mode is always on. */
- value |= DMACR_TAILPTR_MODE;
- /* Remember our previous reset state. */
- value |= (s->regs[addr] & DMACR_RESET);
- s->regs[addr] = value;
-
- if (value & DMACR_RESET) {
- stream_reset(s);
- }
-
- if ((value & 1) && !stream_resetting(s)) {
- /* Start processing. */
- s->regs[R_DMASR] &= ~(DMASR_HALTED | DMASR_IDLE);
- }
- stream_reload_complete_cnt(s);
- break;
-
- case R_DMASR:
- /* Mask away write to clear irq lines. */
- value &= ~(value & DMASR_IRQ_MASK);
- s->regs[addr] = value;
- break;
-
- case R_TAILDESC:
- s->regs[addr] = value;
- s->regs[R_DMASR] &= ~DMASR_IDLE; /* Not idle. */
- if (!sid) {
- stream_process_mem2s(s, d->tx_dev);
- }
- break;
- default:
- D(qemu_log("%s: ch=%d addr=" TARGET_FMT_plx " v=%x\n",
- __func__, sid, addr * 4, value));
- s->regs[addr] = value;
- break;
- }
- stream_update_irq(s);
-}
-
-static const MemoryRegionOps axidma_ops = {
- .read = axidma_read,
- .write = axidma_write,
- .endianness = DEVICE_NATIVE_ENDIAN,
-};
-
-static int xilinx_axidma_init(SysBusDevice *dev)
-{
- struct XilinxAXIDMA *s = FROM_SYSBUS(typeof(*s), dev);
- int i;
-
- sysbus_init_irq(dev, &s->streams[0].irq);
- sysbus_init_irq(dev, &s->streams[1].irq);
-
- memory_region_init_io(&s->iomem, &axidma_ops, s,
- "xlnx.axi-dma", R_MAX * 4 * 2);
- sysbus_init_mmio(dev, &s->iomem);
-
- for (i = 0; i < 2; i++) {
- stream_reset(&s->streams[i]);
- s->streams[i].nr = i;
- s->streams[i].bh = qemu_bh_new(timer_hit, &s->streams[i]);
- s->streams[i].ptimer = ptimer_init(s->streams[i].bh);
- ptimer_set_freq(s->streams[i].ptimer, s->freqhz);
- }
- return 0;
-}
-
-static void xilinx_axidma_initfn(Object *obj)
-{
- struct XilinxAXIDMA *s = FROM_SYSBUS(typeof(*s), SYS_BUS_DEVICE(obj));
-
- object_property_add_link(obj, "axistream-connected", TYPE_STREAM_SLAVE,
- (Object **) &s->tx_dev, NULL);
-}
-
-static Property axidma_properties[] = {
- DEFINE_PROP_UINT32("freqhz", struct XilinxAXIDMA, freqhz, 50000000),
- DEFINE_PROP_END_OF_LIST(),
-};
-
-static void axidma_class_init(ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS(klass);
- SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
- StreamSlaveClass *ssc = STREAM_SLAVE_CLASS(klass);
-
- k->init = xilinx_axidma_init;
- dc->props = axidma_properties;
- ssc->push = axidma_push;
-}
-
-static TypeInfo axidma_info = {
- .name = "xlnx.axi-dma",
- .parent = TYPE_SYS_BUS_DEVICE,
- .instance_size = sizeof(struct XilinxAXIDMA),
- .class_init = axidma_class_init,
- .instance_init = xilinx_axidma_initfn,
- .interfaces = (InterfaceInfo[]) {
- { TYPE_STREAM_SLAVE },
- { }
- }
-};
-
-static void xilinx_axidma_register_types(void)
-{
- type_register_static(&axidma_info);
-}
-
-type_init(xilinx_axidma_register_types)
diff --git a/hw/xilinx_axienet.c b/hw/xilinx_axienet.c
deleted file mode 100644
index baae02bd6..000000000
--- a/hw/xilinx_axienet.c
+++ /dev/null
@@ -1,910 +0,0 @@
-/*
- * QEMU model of Xilinx AXI-Ethernet.
- *
- * Copyright (c) 2011 Edgar E. Iglesias.
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
- * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
- * THE SOFTWARE.
- */
-
-#include "sysbus.h"
-#include "qemu-char.h"
-#include "qemu-log.h"
-#include "net.h"
-#include "net/checksum.h"
-
-#include "stream.h"
-
-#define DPHY(x)
-
-/* Advertisement control register. */
-#define ADVERTISE_10HALF 0x0020 /* Try for 10mbps half-duplex */
-#define ADVERTISE_10FULL 0x0040 /* Try for 10mbps full-duplex */
-#define ADVERTISE_100HALF 0x0080 /* Try for 100mbps half-duplex */
-#define ADVERTISE_100FULL 0x0100 /* Try for 100mbps full-duplex */
-
-struct PHY {
- uint32_t regs[32];
-
- int link;
-
- unsigned int (*read)(struct PHY *phy, unsigned int req);
- void (*write)(struct PHY *phy, unsigned int req,
- unsigned int data);
-};
-
-static unsigned int tdk_read(struct PHY *phy, unsigned int req)
-{
- int regnum;
- unsigned r = 0;
-
- regnum = req & 0x1f;
-
- switch (regnum) {
- case 1:
- if (!phy->link) {
- break;
- }
- /* MR1. */
- /* Speeds and modes. */
- r |= (1 << 13) | (1 << 14);
- r |= (1 << 11) | (1 << 12);
- r |= (1 << 5); /* Autoneg complete. */
- r |= (1 << 3); /* Autoneg able. */
- r |= (1 << 2); /* link. */
- r |= (1 << 1); /* link. */
- break;
- case 5:
- /* Link partner ability.
- We are kind; always agree with whatever best mode
- the guest advertises. */
- r = 1 << 14; /* Success. */
- /* Copy advertised modes. */
- r |= phy->regs[4] & (15 << 5);
- /* Autoneg support. */
- r |= 1;
- break;
- case 17:
- /* Marvel PHY on many xilinx boards. */
- r = 0x8000; /* 1000Mb */
- break;
- case 18:
- {
- /* Diagnostics reg. */
- int duplex = 0;
- int speed_100 = 0;
-
- if (!phy->link) {
- break;
- }
-
- /* Are we advertising 100 half or 100 duplex ? */
- speed_100 = !!(phy->regs[4] & ADVERTISE_100HALF);
- speed_100 |= !!(phy->regs[4] & ADVERTISE_100FULL);
-
- /* Are we advertising 10 duplex or 100 duplex ? */
- duplex = !!(phy->regs[4] & ADVERTISE_100FULL);
- duplex |= !!(phy->regs[4] & ADVERTISE_10FULL);
- r = (speed_100 << 10) | (duplex << 11);
- }
- break;
-
- default:
- r = phy->regs[regnum];
- break;
- }
- DPHY(qemu_log("\n%s %x = reg[%d]\n", __func__, r, regnum));
- return r;
-}
-
-static void
-tdk_write(struct PHY *phy, unsigned int req, unsigned int data)
-{
- int regnum;
-
- regnum = req & 0x1f;
- DPHY(qemu_log("%s reg[%d] = %x\n", __func__, regnum, data));
- switch (regnum) {
- default:
- phy->regs[regnum] = data;
- break;
- }
-}
-
-static void
-tdk_init(struct PHY *phy)
-{
- phy->regs[0] = 0x3100;
- /* PHY Id. */
- phy->regs[2] = 0x0300;
- phy->regs[3] = 0xe400;
- /* Autonegotiation advertisement reg. */
- phy->regs[4] = 0x01E1;
- phy->link = 1;
-
- phy->read = tdk_read;
- phy->write = tdk_write;
-}
-
-struct MDIOBus {
- /* bus. */
- int mdc;
- int mdio;
-
- /* decoder. */
- enum {
- PREAMBLE,
- SOF,
- OPC,
- ADDR,
- REQ,
- TURNAROUND,
- DATA
- } state;
- unsigned int drive;
-
- unsigned int cnt;
- unsigned int addr;
- unsigned int opc;
- unsigned int req;
- unsigned int data;
-
- struct PHY *devs[32];
-};
-
-static void
-mdio_attach(struct MDIOBus *bus, struct PHY *phy, unsigned int addr)
-{
- bus->devs[addr & 0x1f] = phy;
-}
-
-#ifdef USE_THIS_DEAD_CODE
-static void
-mdio_detach(struct MDIOBus *bus, struct PHY *phy, unsigned int addr)
-{
- bus->devs[addr & 0x1f] = NULL;
-}
-#endif
-
-static uint16_t mdio_read_req(struct MDIOBus *bus, unsigned int addr,
- unsigned int reg)
-{
- struct PHY *phy;
- uint16_t data;
-
- phy = bus->devs[addr];
- if (phy && phy->read) {
- data = phy->read(phy, reg);
- } else {
- data = 0xffff;
- }
- DPHY(qemu_log("%s addr=%d reg=%d data=%x\n", __func__, addr, reg, data));
- return data;
-}
-
-static void mdio_write_req(struct MDIOBus *bus, unsigned int addr,
- unsigned int reg, uint16_t data)
-{
- struct PHY *phy;
-
- DPHY(qemu_log("%s addr=%d reg=%d data=%x\n", __func__, addr, reg, data));
- phy = bus->devs[addr];
- if (phy && phy->write) {
- phy->write(phy, reg, data);
- }
-}
-
-#define DENET(x)
-
-#define R_RAF (0x000 / 4)
-enum {
- RAF_MCAST_REJ = (1 << 1),
- RAF_BCAST_REJ = (1 << 2),
- RAF_EMCF_EN = (1 << 12),
- RAF_NEWFUNC_EN = (1 << 11)
-};
-
-#define R_IS (0x00C / 4)
-enum {
- IS_HARD_ACCESS_COMPLETE = 1,
- IS_AUTONEG = (1 << 1),
- IS_RX_COMPLETE = (1 << 2),
- IS_RX_REJECT = (1 << 3),
- IS_TX_COMPLETE = (1 << 5),
- IS_RX_DCM_LOCK = (1 << 6),
- IS_MGM_RDY = (1 << 7),
- IS_PHY_RST_DONE = (1 << 8),
-};
-
-#define R_IP (0x010 / 4)
-#define R_IE (0x014 / 4)
-#define R_UAWL (0x020 / 4)
-#define R_UAWU (0x024 / 4)
-#define R_PPST (0x030 / 4)
-enum {
- PPST_LINKSTATUS = (1 << 0),
- PPST_PHY_LINKSTATUS = (1 << 7),
-};
-
-#define R_STATS_RX_BYTESL (0x200 / 4)
-#define R_STATS_RX_BYTESH (0x204 / 4)
-#define R_STATS_TX_BYTESL (0x208 / 4)
-#define R_STATS_TX_BYTESH (0x20C / 4)
-#define R_STATS_RXL (0x290 / 4)
-#define R_STATS_RXH (0x294 / 4)
-#define R_STATS_RX_BCASTL (0x2a0 / 4)
-#define R_STATS_RX_BCASTH (0x2a4 / 4)
-#define R_STATS_RX_MCASTL (0x2a8 / 4)
-#define R_STATS_RX_MCASTH (0x2ac / 4)
-
-#define R_RCW0 (0x400 / 4)
-#define R_RCW1 (0x404 / 4)
-enum {
- RCW1_VLAN = (1 << 27),
- RCW1_RX = (1 << 28),
- RCW1_FCS = (1 << 29),
- RCW1_JUM = (1 << 30),
- RCW1_RST = (1 << 31),
-};
-
-#define R_TC (0x408 / 4)
-enum {
- TC_VLAN = (1 << 27),
- TC_TX = (1 << 28),
- TC_FCS = (1 << 29),
- TC_JUM = (1 << 30),
- TC_RST = (1 << 31),
-};
-
-#define R_EMMC (0x410 / 4)
-enum {
- EMMC_LINKSPEED_10MB = (0 << 30),
- EMMC_LINKSPEED_100MB = (1 << 30),
- EMMC_LINKSPEED_1000MB = (2 << 30),
-};
-
-#define R_PHYC (0x414 / 4)
-
-#define R_MC (0x500 / 4)
-#define MC_EN (1 << 6)
-
-#define R_MCR (0x504 / 4)
-#define R_MWD (0x508 / 4)
-#define R_MRD (0x50c / 4)
-#define R_MIS (0x600 / 4)
-#define R_MIP (0x620 / 4)
-#define R_MIE (0x640 / 4)
-#define R_MIC (0x640 / 4)
-
-#define R_UAW0 (0x700 / 4)
-#define R_UAW1 (0x704 / 4)
-#define R_FMI (0x708 / 4)
-#define R_AF0 (0x710 / 4)
-#define R_AF1 (0x714 / 4)
-#define R_MAX (0x34 / 4)
-
-/* Indirect registers. */
-struct TEMAC {
- struct MDIOBus mdio_bus;
- struct PHY phy;
-
- void *parent;
-};
-
-struct XilinxAXIEnet {
- SysBusDevice busdev;
- MemoryRegion iomem;
- qemu_irq irq;
- StreamSlave *tx_dev;
- NICState *nic;
- NICConf conf;
-
-
- uint32_t c_rxmem;
- uint32_t c_txmem;
- uint32_t c_phyaddr;
-
- struct TEMAC TEMAC;
-
- /* MII regs. */
- union {
- uint32_t regs[4];
- struct {
- uint32_t mc;
- uint32_t mcr;
- uint32_t mwd;
- uint32_t mrd;
- };
- } mii;
-
- struct {
- uint64_t rx_bytes;
- uint64_t tx_bytes;
-
- uint64_t rx;
- uint64_t rx_bcast;
- uint64_t rx_mcast;
- } stats;
-
- /* Receive configuration words. */
- uint32_t rcw[2];
- /* Transmit config. */
- uint32_t tc;
- uint32_t emmc;
- uint32_t phyc;
-
- /* Unicast Address Word. */
- uint32_t uaw[2];
- /* Unicast address filter used with extended mcast. */
- uint32_t ext_uaw[2];
- uint32_t fmi;
-
- uint32_t regs[R_MAX];
-
- /* Multicast filter addrs. */
- uint32_t maddr[4][2];
- /* 32K x 1 lookup filter. */
- uint32_t ext_mtable[1024];
-
-
- uint8_t *rxmem;
-};
-
-static void axienet_rx_reset(struct XilinxAXIEnet *s)
-{
- s->rcw[1] = RCW1_JUM | RCW1_FCS | RCW1_RX | RCW1_VLAN;
-}
-
-static void axienet_tx_reset(struct XilinxAXIEnet *s)
-{
- s->tc = TC_JUM | TC_TX | TC_VLAN;
-}
-
-static inline int axienet_rx_resetting(struct XilinxAXIEnet *s)
-{
- return s->rcw[1] & RCW1_RST;
-}
-
-static inline int axienet_rx_enabled(struct XilinxAXIEnet *s)
-{
- return s->rcw[1] & RCW1_RX;
-}
-
-static inline int axienet_extmcf_enabled(struct XilinxAXIEnet *s)
-{
- return !!(s->regs[R_RAF] & RAF_EMCF_EN);
-}
-
-static inline int axienet_newfunc_enabled(struct XilinxAXIEnet *s)
-{
- return !!(s->regs[R_RAF] & RAF_NEWFUNC_EN);
-}
-
-static void axienet_reset(struct XilinxAXIEnet *s)
-{
- axienet_rx_reset(s);
- axienet_tx_reset(s);
-
- s->regs[R_PPST] = PPST_LINKSTATUS | PPST_PHY_LINKSTATUS;
- s->regs[R_IS] = IS_AUTONEG | IS_RX_DCM_LOCK | IS_MGM_RDY | IS_PHY_RST_DONE;
-
- s->emmc = EMMC_LINKSPEED_100MB;
-}
-
-static void enet_update_irq(struct XilinxAXIEnet *s)
-{
- s->regs[R_IP] = s->regs[R_IS] & s->regs[R_IE];
- qemu_set_irq(s->irq, !!s->regs[R_IP]);
-}
-
-static uint64_t enet_read(void *opaque, hwaddr addr, unsigned size)
-{
- struct XilinxAXIEnet *s = opaque;
- uint32_t r = 0;
- addr >>= 2;
-
- switch (addr) {
- case R_RCW0:
- case R_RCW1:
- r = s->rcw[addr & 1];
- break;
-
- case R_TC:
- r = s->tc;
- break;
-
- case R_EMMC:
- r = s->emmc;
- break;
-
- case R_PHYC:
- r = s->phyc;
- break;
-
- case R_MCR:
- r = s->mii.regs[addr & 3] | (1 << 7); /* Always ready. */
- break;
-
- case R_STATS_RX_BYTESL:
- case R_STATS_RX_BYTESH:
- r = s->stats.rx_bytes >> (32 * (addr & 1));
- break;
-
- case R_STATS_TX_BYTESL:
- case R_STATS_TX_BYTESH:
- r = s->stats.tx_bytes >> (32 * (addr & 1));
- break;
-
- case R_STATS_RXL:
- case R_STATS_RXH:
- r = s->stats.rx >> (32 * (addr & 1));
- break;
- case R_STATS_RX_BCASTL:
- case R_STATS_RX_BCASTH:
- r = s->stats.rx_bcast >> (32 * (addr & 1));
- break;
- case R_STATS_RX_MCASTL:
- case R_STATS_RX_MCASTH:
- r = s->stats.rx_mcast >> (32 * (addr & 1));
- break;
-
- case R_MC:
- case R_MWD:
- case R_MRD:
- r = s->mii.regs[addr & 3];
- break;
-
- case R_UAW0:
- case R_UAW1:
- r = s->uaw[addr & 1];
- break;
-
- case R_UAWU:
- case R_UAWL:
- r = s->ext_uaw[addr & 1];
- break;
-
- case R_FMI:
- r = s->fmi;
- break;
-
- case R_AF0:
- case R_AF1:
- r = s->maddr[s->fmi & 3][addr & 1];
- break;
-
- case 0x8000 ... 0x83ff:
- r = s->ext_mtable[addr - 0x8000];
- break;
-
- default:
- if (addr < ARRAY_SIZE(s->regs)) {
- r = s->regs[addr];
- }
- DENET(qemu_log("%s addr=" TARGET_FMT_plx " v=%x\n",
- __func__, addr * 4, r));
- break;
- }
- return r;
-}
-
-static void enet_write(void *opaque, hwaddr addr,
- uint64_t value, unsigned size)
-{
- struct XilinxAXIEnet *s = opaque;
- struct TEMAC *t = &s->TEMAC;
-
- addr >>= 2;
- switch (addr) {
- case R_RCW0:
- case R_RCW1:
- s->rcw[addr & 1] = value;
- if ((addr & 1) && value & RCW1_RST) {
- axienet_rx_reset(s);
- }
- break;
-
- case R_TC:
- s->tc = value;
- if (value & TC_RST) {
- axienet_tx_reset(s);
- }
- break;
-
- case R_EMMC:
- s->emmc = value;
- break;
-
- case R_PHYC:
- s->phyc = value;
- break;
-
- case R_MC:
- value &= ((1 < 7) - 1);
-
- /* Enable the MII. */
- if (value & MC_EN) {
- unsigned int miiclkdiv = value & ((1 << 6) - 1);
- if (!miiclkdiv) {
- qemu_log("AXIENET: MDIO enabled but MDIOCLK is zero!\n");
- }
- }
- s->mii.mc = value;
- break;
-
- case R_MCR: {
- unsigned int phyaddr = (value >> 24) & 0x1f;
- unsigned int regaddr = (value >> 16) & 0x1f;
- unsigned int op = (value >> 14) & 3;
- unsigned int initiate = (value >> 11) & 1;
-
- if (initiate) {
- if (op == 1) {
- mdio_write_req(&t->mdio_bus, phyaddr, regaddr, s->mii.mwd);
- } else if (op == 2) {
- s->mii.mrd = mdio_read_req(&t->mdio_bus, phyaddr, regaddr);
- } else {
- qemu_log("AXIENET: invalid MDIOBus OP=%d\n", op);
- }
- }
- s->mii.mcr = value;
- break;
- }
-
- case R_MWD:
- case R_MRD:
- s->mii.regs[addr & 3] = value;
- break;
-
-
- case R_UAW0:
- case R_UAW1:
- s->uaw[addr & 1] = value;
- break;
-
- case R_UAWL:
- case R_UAWU:
- s->ext_uaw[addr & 1] = value;
- break;
-
- case R_FMI:
- s->fmi = value;
- break;
-
- case R_AF0:
- case R_AF1:
- s->maddr[s->fmi & 3][addr & 1] = value;
- break;
-
- case 0x8000 ... 0x83ff:
- s->ext_mtable[addr - 0x8000] = value;
- break;
-
- default:
- DENET(qemu_log("%s addr=" TARGET_FMT_plx " v=%x\n",
- __func__, addr * 4, (unsigned)value));
- if (addr < ARRAY_SIZE(s->regs)) {
- s->regs[addr] = value;
- }
- break;
- }
- enet_update_irq(s);
-}
-
-static const MemoryRegionOps enet_ops = {
- .read = enet_read,
- .write = enet_write,
- .endianness = DEVICE_LITTLE_ENDIAN,
-};
-
-static int eth_can_rx(NetClientState *nc)
-{
- struct XilinxAXIEnet *s = DO_UPCAST(NICState, nc, nc)->opaque;
-
- /* RX enabled? */
- return !axienet_rx_resetting(s) && axienet_rx_enabled(s);
-}
-
-static int enet_match_addr(const uint8_t *buf, uint32_t f0, uint32_t f1)
-{
- int match = 1;
-
- if (memcmp(buf, &f0, 4)) {
- match = 0;
- }
-
- if (buf[4] != (f1 & 0xff) || buf[5] != ((f1 >> 8) & 0xff)) {
- match = 0;
- }
-
- return match;
-}
-
-static ssize_t eth_rx(NetClientState *nc, const uint8_t *buf, size_t size)
-{
- struct XilinxAXIEnet *s = DO_UPCAST(NICState, nc, nc)->opaque;
- static const unsigned char sa_bcast[6] = {0xff, 0xff, 0xff,
- 0xff, 0xff, 0xff};
- static const unsigned char sa_ipmcast[3] = {0x01, 0x00, 0x52};
- uint32_t app[6] = {0};
- int promisc = s->fmi & (1 << 31);
- int unicast, broadcast, multicast, ip_multicast = 0;
- uint32_t csum32;
- uint16_t csum16;
- int i;
-
- DENET(qemu_log("%s: %zd bytes\n", __func__, size));
-
- unicast = ~buf[0] & 0x1;
- broadcast = memcmp(buf, sa_bcast, 6) == 0;
- multicast = !unicast && !broadcast;
- if (multicast && (memcmp(sa_ipmcast, buf, sizeof sa_ipmcast) == 0)) {
- ip_multicast = 1;
- }
-
- /* Jumbo or vlan sizes ? */
- if (!(s->rcw[1] & RCW1_JUM)) {
- if (size > 1518 && size <= 1522 && !(s->rcw[1] & RCW1_VLAN)) {
- return size;
- }
- }
-
- /* Basic Address filters. If you want to use the extended filters
- you'll generally have to place the ethernet mac into promiscuous mode
- to avoid the basic filtering from dropping most frames. */
- if (!promisc) {
- if (unicast) {
- if (!enet_match_addr(buf, s->uaw[0], s->uaw[1])) {
- return size;
- }
- } else {
- if (broadcast) {
- /* Broadcast. */
- if (s->regs[R_RAF] & RAF_BCAST_REJ) {
- return size;
- }
- } else {
- int drop = 1;
-
- /* Multicast. */
- if (s->regs[R_RAF] & RAF_MCAST_REJ) {
- return size;
- }
-
- for (i = 0; i < 4; i++) {
- if (enet_match_addr(buf, s->maddr[i][0], s->maddr[i][1])) {
- drop = 0;
- break;
- }
- }
-
- if (drop) {
- return size;
- }
- }
- }
- }
-
- /* Extended mcast filtering enabled? */
- if (axienet_newfunc_enabled(s) && axienet_extmcf_enabled(s)) {
- if (unicast) {
- if (!enet_match_addr(buf, s->ext_uaw[0], s->ext_uaw[1])) {
- return size;
- }
- } else {
- if (broadcast) {
- /* Broadcast. ??? */
- if (s->regs[R_RAF] & RAF_BCAST_REJ) {
- return size;
- }
- } else {
- int idx, bit;
-
- /* Multicast. */
- if (!memcmp(buf, sa_ipmcast, 3)) {
- return size;
- }
-
- idx = (buf[4] & 0x7f) << 8;
- idx |= buf[5];
-
- bit = 1 << (idx & 0x1f);
- idx >>= 5;
-
- if (!(s->ext_mtable[idx] & bit)) {
- return size;
- }
- }
- }
- }
-
- if (size < 12) {
- s->regs[R_IS] |= IS_RX_REJECT;
- enet_update_irq(s);
- return -1;
- }
-
- if (size > (s->c_rxmem - 4)) {
- size = s->c_rxmem - 4;
- }
-
- memcpy(s->rxmem, buf, size);
- memset(s->rxmem + size, 0, 4); /* Clear the FCS. */
-
- if (s->rcw[1] & RCW1_FCS) {
- size += 4; /* fcs is inband. */
- }
-
- app[0] = 5 << 28;
- csum32 = net_checksum_add(size - 14, (uint8_t *)s->rxmem + 14);
- /* Fold it once. */
- csum32 = (csum32 & 0xffff) + (csum32 >> 16);
- /* And twice to get rid of possible carries. */
- csum16 = (csum32 & 0xffff) + (csum32 >> 16);
- app[3] = csum16;
- app[4] = size & 0xffff;
-
- s->stats.rx_bytes += size;
- s->stats.rx++;
- if (multicast) {
- s->stats.rx_mcast++;
- app[2] |= 1 | (ip_multicast << 1);
- } else if (broadcast) {
- s->stats.rx_bcast++;
- app[2] |= 1 << 3;
- }
-
- /* Good frame. */
- app[2] |= 1 << 6;
-
- stream_push(s->tx_dev, (void *)s->rxmem, size, app);
-
- s->regs[R_IS] |= IS_RX_COMPLETE;
- enet_update_irq(s);
- return size;
-}
-
-static void eth_cleanup(NetClientState *nc)
-{
- /* FIXME. */
- struct XilinxAXIEnet *s = DO_UPCAST(NICState, nc, nc)->opaque;
- g_free(s->rxmem);
- g_free(s);
-}
-
-static void
-axienet_stream_push(StreamSlave *obj, uint8_t *buf, size_t size, uint32_t *hdr)
-{
- struct XilinxAXIEnet *s = FROM_SYSBUS(typeof(*s), SYS_BUS_DEVICE(obj));
-
- /* TX enable ? */
- if (!(s->tc & TC_TX)) {
- return;
- }
-
- /* Jumbo or vlan sizes ? */
- if (!(s->tc & TC_JUM)) {
- if (size > 1518 && size <= 1522 && !(s->tc & TC_VLAN)) {
- return;
- }
- }
-
- if (hdr[0] & 1) {
- unsigned int start_off = hdr[1] >> 16;
- unsigned int write_off = hdr[1] & 0xffff;
- uint32_t tmp_csum;
- uint16_t csum;
-
- tmp_csum = net_checksum_add(size - start_off,
- (uint8_t *)buf + start_off);
- /* Accumulate the seed. */
- tmp_csum += hdr[2] & 0xffff;
-
- /* Fold the 32bit partial checksum. */
- csum = net_checksum_finish(tmp_csum);
-
- /* Writeback. */
- buf[write_off] = csum >> 8;
- buf[write_off + 1] = csum & 0xff;
- }
-
- qemu_send_packet(&s->nic->nc, buf, size);
-
- s->stats.tx_bytes += size;
- s->regs[R_IS] |= IS_TX_COMPLETE;
- enet_update_irq(s);
-}
-
-static NetClientInfo net_xilinx_enet_info = {
- .type = NET_CLIENT_OPTIONS_KIND_NIC,
- .size = sizeof(NICState),
- .can_receive = eth_can_rx,
- .receive = eth_rx,
- .cleanup = eth_cleanup,
-};
-
-static int xilinx_enet_init(SysBusDevice *dev)
-{
- struct XilinxAXIEnet *s = FROM_SYSBUS(typeof(*s), dev);
-
- sysbus_init_irq(dev, &s->irq);
-
- memory_region_init_io(&s->iomem, &enet_ops, s, "enet", 0x40000);
- sysbus_init_mmio(dev, &s->iomem);
-
- qemu_macaddr_default_if_unset(&s->conf.macaddr);
- s->nic = qemu_new_nic(&net_xilinx_enet_info, &s->conf,
- object_get_typename(OBJECT(dev)), dev->qdev.id, s);
- qemu_format_nic_info_str(&s->nic->nc, s->conf.macaddr.a);
-
- tdk_init(&s->TEMAC.phy);
- mdio_attach(&s->TEMAC.mdio_bus, &s->TEMAC.phy, s->c_phyaddr);
-
- s->TEMAC.parent = s;
-
- s->rxmem = g_malloc(s->c_rxmem);
- axienet_reset(s);
-
- return 0;
-}
-
-static void xilinx_enet_initfn(Object *obj)
-{
- struct XilinxAXIEnet *s = FROM_SYSBUS(typeof(*s), SYS_BUS_DEVICE(obj));
-
- object_property_add_link(obj, "axistream-connected", TYPE_STREAM_SLAVE,
- (Object **) &s->tx_dev, NULL);
-}
-
-static Property xilinx_enet_properties[] = {
- DEFINE_PROP_UINT32("phyaddr", struct XilinxAXIEnet, c_phyaddr, 7),
- DEFINE_PROP_UINT32("rxmem", struct XilinxAXIEnet, c_rxmem, 0x1000),
- DEFINE_PROP_UINT32("txmem", struct XilinxAXIEnet, c_txmem, 0x1000),
- DEFINE_NIC_PROPERTIES(struct XilinxAXIEnet, conf),
- DEFINE_PROP_END_OF_LIST(),
-};
-
-static void xilinx_enet_class_init(ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS(klass);
- SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
- StreamSlaveClass *ssc = STREAM_SLAVE_CLASS(klass);
-
- k->init = xilinx_enet_init;
- dc->props = xilinx_enet_properties;
- ssc->push = axienet_stream_push;
-}
-
-static TypeInfo xilinx_enet_info = {
- .name = "xlnx.axi-ethernet",
- .parent = TYPE_SYS_BUS_DEVICE,
- .instance_size = sizeof(struct XilinxAXIEnet),
- .class_init = xilinx_enet_class_init,
- .instance_init = xilinx_enet_initfn,
- .interfaces = (InterfaceInfo[]) {
- { TYPE_STREAM_SLAVE },
- { }
- }
-};
-
-static void xilinx_enet_register_types(void)
-{
- type_register_static(&xilinx_enet_info);
-}
-
-type_init(xilinx_enet_register_types)
diff --git a/hw/xilinx_ethlite.c b/hw/xilinx_ethlite.c
deleted file mode 100644
index 13bd45613..000000000
--- a/hw/xilinx_ethlite.c
+++ /dev/null
@@ -1,258 +0,0 @@
-/*
- * QEMU model of the Xilinx Ethernet Lite MAC.
- *
- * Copyright (c) 2009 Edgar E. Iglesias.
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
- * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
- * THE SOFTWARE.
- */
-
-#include "sysbus.h"
-#include "hw.h"
-#include "net.h"
-
-#define D(x)
-#define R_TX_BUF0 0
-#define R_TX_LEN0 (0x07f4 / 4)
-#define R_TX_GIE0 (0x07f8 / 4)
-#define R_TX_CTRL0 (0x07fc / 4)
-#define R_TX_BUF1 (0x0800 / 4)
-#define R_TX_LEN1 (0x0ff4 / 4)
-#define R_TX_CTRL1 (0x0ffc / 4)
-
-#define R_RX_BUF0 (0x1000 / 4)
-#define R_RX_CTRL0 (0x17fc / 4)
-#define R_RX_BUF1 (0x1800 / 4)
-#define R_RX_CTRL1 (0x1ffc / 4)
-#define R_MAX (0x2000 / 4)
-
-#define GIE_GIE 0x80000000
-
-#define CTRL_I 0x8
-#define CTRL_P 0x2
-#define CTRL_S 0x1
-
-struct xlx_ethlite
-{
- SysBusDevice busdev;
- MemoryRegion mmio;
- qemu_irq irq;
- NICState *nic;
- NICConf conf;
-
- uint32_t c_tx_pingpong;
- uint32_t c_rx_pingpong;
- unsigned int txbuf;
- unsigned int rxbuf;
-
- uint32_t regs[R_MAX];
-};
-
-static inline void eth_pulse_irq(struct xlx_ethlite *s)
-{
- /* Only the first gie reg is active. */
- if (s->regs[R_TX_GIE0] & GIE_GIE) {
- qemu_irq_pulse(s->irq);
- }
-}
-
-static uint64_t
-eth_read(void *opaque, hwaddr addr, unsigned int size)
-{
- struct xlx_ethlite *s = opaque;
- uint32_t r = 0;
-
- addr >>= 2;
-
- switch (addr)
- {
- case R_TX_GIE0:
- case R_TX_LEN0:
- case R_TX_LEN1:
- case R_TX_CTRL1:
- case R_TX_CTRL0:
- case R_RX_CTRL1:
- case R_RX_CTRL0:
- r = s->regs[addr];
- D(qemu_log("%s %x=%x\n", __func__, addr * 4, r));
- break;
-
- default:
- r = tswap32(s->regs[addr]);
- break;
- }
- return r;
-}
-
-static void
-eth_write(void *opaque, hwaddr addr,
- uint64_t val64, unsigned int size)
-{
- struct xlx_ethlite *s = opaque;
- unsigned int base = 0;
- uint32_t value = val64;
-
- addr >>= 2;
- switch (addr)
- {
- case R_TX_CTRL0:
- case R_TX_CTRL1:
- if (addr == R_TX_CTRL1)
- base = 0x800 / 4;
-
- D(qemu_log("%s addr=%x val=%x\n", __func__, addr * 4, value));
- if ((value & (CTRL_P | CTRL_S)) == CTRL_S) {
- qemu_send_packet(&s->nic->nc,
- (void *) &s->regs[base],
- s->regs[base + R_TX_LEN0]);
- D(qemu_log("eth_tx %d\n", s->regs[base + R_TX_LEN0]));
- if (s->regs[base + R_TX_CTRL0] & CTRL_I)
- eth_pulse_irq(s);
- } else if ((value & (CTRL_P | CTRL_S)) == (CTRL_P | CTRL_S)) {
- memcpy(&s->conf.macaddr.a[0], &s->regs[base], 6);
- if (s->regs[base + R_TX_CTRL0] & CTRL_I)
- eth_pulse_irq(s);
- }
-
- /* We are fast and get ready pretty much immediately so
- we actually never flip the S nor P bits to one. */
- s->regs[addr] = value & ~(CTRL_P | CTRL_S);
- break;
-
- /* Keep these native. */
- case R_TX_LEN0:
- case R_TX_LEN1:
- case R_TX_GIE0:
- case R_RX_CTRL0:
- case R_RX_CTRL1:
- D(qemu_log("%s addr=%x val=%x\n", __func__, addr * 4, value));
- s->regs[addr] = value;
- break;
-
- default:
- s->regs[addr] = tswap32(value);
- break;
- }
-}
-
-static const MemoryRegionOps eth_ops = {
- .read = eth_read,
- .write = eth_write,
- .endianness = DEVICE_NATIVE_ENDIAN,
- .valid = {
- .min_access_size = 4,
- .max_access_size = 4
- }
-};
-
-static int eth_can_rx(NetClientState *nc)
-{
- struct xlx_ethlite *s = DO_UPCAST(NICState, nc, nc)->opaque;
- int r;
- r = !(s->regs[R_RX_CTRL0] & CTRL_S);
- return r;
-}
-
-static ssize_t eth_rx(NetClientState *nc, const uint8_t *buf, size_t size)
-{
- struct xlx_ethlite *s = DO_UPCAST(NICState, nc, nc)->opaque;
- unsigned int rxbase = s->rxbuf * (0x800 / 4);
-
- /* DA filter. */
- if (!(buf[0] & 0x80) && memcmp(&s->conf.macaddr.a[0], buf, 6))
- return size;
-
- if (s->regs[rxbase + R_RX_CTRL0] & CTRL_S) {
- D(qemu_log("ethlite lost packet %x\n", s->regs[R_RX_CTRL0]));
- return -1;
- }
-
- D(qemu_log("%s %d rxbase=%x\n", __func__, size, rxbase));
- memcpy(&s->regs[rxbase + R_RX_BUF0], buf, size);
-
- s->regs[rxbase + R_RX_CTRL0] |= CTRL_S;
- if (s->regs[rxbase + R_RX_CTRL0] & CTRL_I)
- eth_pulse_irq(s);
-
- /* If c_rx_pingpong was set flip buffers. */
- s->rxbuf ^= s->c_rx_pingpong;
- return size;
-}
-
-static void eth_cleanup(NetClientState *nc)
-{
- struct xlx_ethlite *s = DO_UPCAST(NICState, nc, nc)->opaque;
-
- s->nic = NULL;
-}
-
-static NetClientInfo net_xilinx_ethlite_info = {
- .type = NET_CLIENT_OPTIONS_KIND_NIC,
- .size = sizeof(NICState),
- .can_receive = eth_can_rx,
- .receive = eth_rx,
- .cleanup = eth_cleanup,
-};
-
-static int xilinx_ethlite_init(SysBusDevice *dev)
-{
- struct xlx_ethlite *s = FROM_SYSBUS(typeof (*s), dev);
-
- sysbus_init_irq(dev, &s->irq);
- s->rxbuf = 0;
-
- memory_region_init_io(&s->mmio, &eth_ops, s, "xlnx.xps-ethernetlite",
- R_MAX * 4);
- sysbus_init_mmio(dev, &s->mmio);
-
- qemu_macaddr_default_if_unset(&s->conf.macaddr);
- s->nic = qemu_new_nic(&net_xilinx_ethlite_info, &s->conf,
- object_get_typename(OBJECT(dev)), dev->qdev.id, s);
- qemu_format_nic_info_str(&s->nic->nc, s->conf.macaddr.a);
- return 0;
-}
-
-static Property xilinx_ethlite_properties[] = {
- DEFINE_PROP_UINT32("tx-ping-pong", struct xlx_ethlite, c_tx_pingpong, 1),
- DEFINE_PROP_UINT32("rx-ping-pong", struct xlx_ethlite, c_rx_pingpong, 1),
- DEFINE_NIC_PROPERTIES(struct xlx_ethlite, conf),
- DEFINE_PROP_END_OF_LIST(),
-};
-
-static void xilinx_ethlite_class_init(ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS(klass);
- SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
-
- k->init = xilinx_ethlite_init;
- dc->props = xilinx_ethlite_properties;
-}
-
-static TypeInfo xilinx_ethlite_info = {
- .name = "xlnx.xps-ethernetlite",
- .parent = TYPE_SYS_BUS_DEVICE,
- .instance_size = sizeof(struct xlx_ethlite),
- .class_init = xilinx_ethlite_class_init,
-};
-
-static void xilinx_ethlite_register_types(void)
-{
- type_register_static(&xilinx_ethlite_info);
-}
-
-type_init(xilinx_ethlite_register_types)
diff --git a/hw/xilinx_intc.c b/hw/xilinx_intc.c
deleted file mode 100644
index 776507980..000000000
--- a/hw/xilinx_intc.c
+++ /dev/null
@@ -1,190 +0,0 @@
-/*
- * QEMU Xilinx OPB Interrupt Controller.
- *
- * Copyright (c) 2009 Edgar E. Iglesias.
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
- * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
- * THE SOFTWARE.
- */
-
-#include "sysbus.h"
-#include "hw.h"
-
-#define D(x)
-
-#define R_ISR 0
-#define R_IPR 1
-#define R_IER 2
-#define R_IAR 3
-#define R_SIE 4
-#define R_CIE 5
-#define R_IVR 6
-#define R_MER 7
-#define R_MAX 8
-
-struct xlx_pic
-{
- SysBusDevice busdev;
- MemoryRegion mmio;
- qemu_irq parent_irq;
-
- /* Configuration reg chosen at synthesis-time. QEMU populates
- the bits at board-setup. */
- uint32_t c_kind_of_intr;
-
- /* Runtime control registers. */
- uint32_t regs[R_MAX];
-};
-
-static void update_irq(struct xlx_pic *p)
-{
- uint32_t i;
- /* Update the pending register. */
- p->regs[R_IPR] = p->regs[R_ISR] & p->regs[R_IER];
-
- /* Update the vector register. */
- for (i = 0; i < 32; i++) {
- if (p->regs[R_IPR] & (1 << i))
- break;
- }
- if (i == 32)
- i = ~0;
-
- p->regs[R_IVR] = i;
- if ((p->regs[R_MER] & 1) && p->regs[R_IPR]) {
- qemu_irq_raise(p->parent_irq);
- } else {
- qemu_irq_lower(p->parent_irq);
- }
-}
-
-static uint64_t
-pic_read(void *opaque, hwaddr addr, unsigned int size)
-{
- struct xlx_pic *p = opaque;
- uint32_t r = 0;
-
- addr >>= 2;
- switch (addr)
- {
- default:
- if (addr < ARRAY_SIZE(p->regs))
- r = p->regs[addr];
- break;
-
- }
- D(printf("%s %x=%x\n", __func__, addr * 4, r));
- return r;
-}
-
-static void
-pic_write(void *opaque, hwaddr addr,
- uint64_t val64, unsigned int size)
-{
- struct xlx_pic *p = opaque;
- uint32_t value = val64;
-
- addr >>= 2;
- D(qemu_log("%s addr=%x val=%x\n", __func__, addr * 4, value));
- switch (addr)
- {
- case R_IAR:
- p->regs[R_ISR] &= ~value; /* ACK. */
- break;
- case R_SIE:
- p->regs[R_IER] |= value; /* Atomic set ie. */
- break;
- case R_CIE:
- p->regs[R_IER] &= ~value; /* Atomic clear ie. */
- break;
- default:
- if (addr < ARRAY_SIZE(p->regs))
- p->regs[addr] = value;
- break;
- }
- update_irq(p);
-}
-
-static const MemoryRegionOps pic_ops = {
- .read = pic_read,
- .write = pic_write,
- .endianness = DEVICE_NATIVE_ENDIAN,
- .valid = {
- .min_access_size = 4,
- .max_access_size = 4
- }
-};
-
-static void irq_handler(void *opaque, int irq, int level)
-{
- struct xlx_pic *p = opaque;
-
- if (!(p->regs[R_MER] & 2)) {
- qemu_irq_lower(p->parent_irq);
- return;
- }
-
- /* Update source flops. Don't clear unless level triggered.
- Edge triggered interrupts only go away when explicitely acked to
- the interrupt controller. */
- if (!(p->c_kind_of_intr & (1 << irq)) || level) {
- p->regs[R_ISR] &= ~(1 << irq);
- p->regs[R_ISR] |= (level << irq);
- }
- update_irq(p);
-}
-
-static int xilinx_intc_init(SysBusDevice *dev)
-{
- struct xlx_pic *p = FROM_SYSBUS(typeof (*p), dev);
-
- qdev_init_gpio_in(&dev->qdev, irq_handler, 32);
- sysbus_init_irq(dev, &p->parent_irq);
-
- memory_region_init_io(&p->mmio, &pic_ops, p, "xlnx.xps-intc", R_MAX * 4);
- sysbus_init_mmio(dev, &p->mmio);
- return 0;
-}
-
-static Property xilinx_intc_properties[] = {
- DEFINE_PROP_UINT32("kind-of-intr", struct xlx_pic, c_kind_of_intr, 0),
- DEFINE_PROP_END_OF_LIST(),
-};
-
-static void xilinx_intc_class_init(ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS(klass);
- SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
-
- k->init = xilinx_intc_init;
- dc->props = xilinx_intc_properties;
-}
-
-static TypeInfo xilinx_intc_info = {
- .name = "xlnx.xps-intc",
- .parent = TYPE_SYS_BUS_DEVICE,
- .instance_size = sizeof(struct xlx_pic),
- .class_init = xilinx_intc_class_init,
-};
-
-static void xilinx_intc_register_types(void)
-{
- type_register_static(&xilinx_intc_info);
-}
-
-type_init(xilinx_intc_register_types)
diff --git a/hw/xilinx_spi.c b/hw/xilinx_spi.c
deleted file mode 100644
index 039027442..000000000
--- a/hw/xilinx_spi.c
+++ /dev/null
@@ -1,385 +0,0 @@
-/*
- * QEMU model of the Xilinx SPI Controller
- *
- * Copyright (C) 2010 Edgar E. Iglesias.
- * Copyright (C) 2012 Peter A. G. Crosthwaite <peter.crosthwaite@petalogix.com>
- * Copyright (C) 2012 PetaLogix
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
- * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
- * THE SOFTWARE.
- */
-
-#include "sysbus.h"
-#include "sysemu.h"
-#include "qemu-log.h"
-#include "fifo.h"
-
-#include "ssi.h"
-
-#ifdef XILINX_SPI_ERR_DEBUG
-#define DB_PRINT(...) do { \
- fprintf(stderr, ": %s: ", __func__); \
- fprintf(stderr, ## __VA_ARGS__); \
- } while (0);
-#else
- #define DB_PRINT(...)
-#endif
-
-#define R_DGIER (0x1c / 4)
-#define R_DGIER_IE (1 << 31)
-
-#define R_IPISR (0x20 / 4)
-#define IRQ_DRR_NOT_EMPTY (1 << (31 - 23))
-#define IRQ_DRR_OVERRUN (1 << (31 - 26))
-#define IRQ_DRR_FULL (1 << (31 - 27))
-#define IRQ_TX_FF_HALF_EMPTY (1 << 6)
-#define IRQ_DTR_UNDERRUN (1 << 3)
-#define IRQ_DTR_EMPTY (1 << (31 - 29))
-
-#define R_IPIER (0x28 / 4)
-#define R_SRR (0x40 / 4)
-#define R_SPICR (0x60 / 4)
-#define R_SPICR_TXFF_RST (1 << 5)
-#define R_SPICR_RXFF_RST (1 << 6)
-#define R_SPICR_MTI (1 << 8)
-
-#define R_SPISR (0x64 / 4)
-#define SR_TX_FULL (1 << 3)
-#define SR_TX_EMPTY (1 << 2)
-#define SR_RX_FULL (1 << 1)
-#define SR_RX_EMPTY (1 << 0)
-
-#define R_SPIDTR (0x68 / 4)
-#define R_SPIDRR (0x6C / 4)
-#define R_SPISSR (0x70 / 4)
-#define R_TX_FF_OCY (0x74 / 4)
-#define R_RX_FF_OCY (0x78 / 4)
-#define R_MAX (0x7C / 4)
-
-#define FIFO_CAPACITY 256
-
-typedef struct XilinxSPI {
- SysBusDevice busdev;
- MemoryRegion mmio;
-
- qemu_irq irq;
- int irqline;
-
- uint8_t num_cs;
- qemu_irq *cs_lines;
-
- SSIBus *spi;
-
- Fifo8 rx_fifo;
- Fifo8 tx_fifo;
-
- uint32_t regs[R_MAX];
-} XilinxSPI;
-
-static void txfifo_reset(XilinxSPI *s)
-{
- fifo8_reset(&s->tx_fifo);
-
- s->regs[R_SPISR] &= ~SR_TX_FULL;
- s->regs[R_SPISR] |= SR_TX_EMPTY;
-}
-
-static void rxfifo_reset(XilinxSPI *s)
-{
- fifo8_reset(&s->rx_fifo);
-
- s->regs[R_SPISR] |= SR_RX_EMPTY;
- s->regs[R_SPISR] &= ~SR_RX_FULL;
-}
-
-static void xlx_spi_update_cs(XilinxSPI *s)
-{
- int i;
-
- for (i = 0; i < s->num_cs; ++i) {
- qemu_set_irq(s->cs_lines[i], !(~s->regs[R_SPISSR] & 1 << i));
- }
-}
-
-static void xlx_spi_update_irq(XilinxSPI *s)
-{
- uint32_t pending;
-
- s->regs[R_IPISR] |=
- (!fifo8_is_empty(&s->rx_fifo) ? IRQ_DRR_NOT_EMPTY : 0) |
- (fifo8_is_full(&s->rx_fifo) ? IRQ_DRR_FULL : 0);
-
- pending = s->regs[R_IPISR] & s->regs[R_IPIER];
-
- pending = pending && (s->regs[R_DGIER] & R_DGIER_IE);
- pending = !!pending;
-
- /* This call lies right in the data paths so don't call the
- irq chain unless things really changed. */
- if (pending != s->irqline) {
- s->irqline = pending;
- DB_PRINT("irq_change of state %d ISR:%x IER:%X\n",
- pending, s->regs[R_IPISR], s->regs[R_IPIER]);
- qemu_set_irq(s->irq, pending);
- }
-
-}
-
-static void xlx_spi_do_reset(XilinxSPI *s)
-{
- memset(s->regs, 0, sizeof s->regs);
-
- rxfifo_reset(s);
- txfifo_reset(s);
-
- s->regs[R_SPISSR] = ~0;
- xlx_spi_update_irq(s);
- xlx_spi_update_cs(s);
-}
-
-static void xlx_spi_reset(DeviceState *d)
-{
- xlx_spi_do_reset(DO_UPCAST(XilinxSPI, busdev.qdev, d));
-}
-
-static inline int spi_master_enabled(XilinxSPI *s)
-{
- return !(s->regs[R_SPICR] & R_SPICR_MTI);
-}
-
-static void spi_flush_txfifo(XilinxSPI *s)
-{
- uint32_t tx;
- uint32_t rx;
-
- while (!fifo8_is_empty(&s->tx_fifo)) {
- tx = (uint32_t)fifo8_pop(&s->tx_fifo);
- DB_PRINT("data tx:%x\n", tx);
- rx = ssi_transfer(s->spi, tx);
- DB_PRINT("data rx:%x\n", rx);
- if (fifo8_is_full(&s->rx_fifo)) {
- s->regs[R_IPISR] |= IRQ_DRR_OVERRUN;
- } else {
- fifo8_push(&s->rx_fifo, (uint8_t)rx);
- if (fifo8_is_full(&s->rx_fifo)) {
- s->regs[R_SPISR] |= SR_RX_FULL;
- s->regs[R_IPISR] |= IRQ_DRR_FULL;
- }
- }
-
- s->regs[R_SPISR] &= ~SR_RX_EMPTY;
- s->regs[R_SPISR] &= ~SR_TX_FULL;
- s->regs[R_SPISR] |= SR_TX_EMPTY;
-
- s->regs[R_IPISR] |= IRQ_DTR_EMPTY;
- s->regs[R_IPISR] |= IRQ_DRR_NOT_EMPTY;
- }
-
-}
-
-static uint64_t
-spi_read(void *opaque, hwaddr addr, unsigned int size)
-{
- XilinxSPI *s = opaque;
- uint32_t r = 0;
-
- addr >>= 2;
- switch (addr) {
- case R_SPIDRR:
- if (fifo8_is_empty(&s->rx_fifo)) {
- DB_PRINT("Read from empty FIFO!\n");
- return 0xdeadbeef;
- }
-
- s->regs[R_SPISR] &= ~SR_RX_FULL;
- r = fifo8_pop(&s->rx_fifo);
- if (fifo8_is_empty(&s->rx_fifo)) {
- s->regs[R_SPISR] |= SR_RX_EMPTY;
- }
- break;
-
- case R_SPISR:
- r = s->regs[addr];
- break;
-
- default:
- if (addr < ARRAY_SIZE(s->regs)) {
- r = s->regs[addr];
- }
- break;
-
- }
- DB_PRINT("addr=" TARGET_FMT_plx " = %x\n", addr * 4, r);
- xlx_spi_update_irq(s);
- return r;
-}
-
-static void
-spi_write(void *opaque, hwaddr addr,
- uint64_t val64, unsigned int size)
-{
- XilinxSPI *s = opaque;
- uint32_t value = val64;
-
- DB_PRINT("addr=" TARGET_FMT_plx " = %x\n", addr, value);
- addr >>= 2;
- switch (addr) {
- case R_SRR:
- if (value != 0xa) {
- DB_PRINT("Invalid write to SRR %x\n", value);
- } else {
- xlx_spi_do_reset(s);
- }
- break;
-
- case R_SPIDTR:
- s->regs[R_SPISR] &= ~SR_TX_EMPTY;
- fifo8_push(&s->tx_fifo, (uint8_t)value);
- if (fifo8_is_full(&s->tx_fifo)) {
- s->regs[R_SPISR] |= SR_TX_FULL;
- }
- if (!spi_master_enabled(s)) {
- goto done;
- } else {
- DB_PRINT("DTR and master enabled\n");
- }
- spi_flush_txfifo(s);
- break;
-
- case R_SPISR:
- DB_PRINT("Invalid write to SPISR %x\n", value);
- break;
-
- case R_IPISR:
- /* Toggle the bits. */
- s->regs[addr] ^= value;
- break;
-
- /* Slave Select Register. */
- case R_SPISSR:
- s->regs[addr] = value;
- xlx_spi_update_cs(s);
- break;
-
- case R_SPICR:
- /* FIXME: reset irq and sr state to empty queues. */
- if (value & R_SPICR_RXFF_RST) {
- rxfifo_reset(s);
- }
-
- if (value & R_SPICR_TXFF_RST) {
- txfifo_reset(s);
- }
- value &= ~(R_SPICR_RXFF_RST | R_SPICR_TXFF_RST);
- s->regs[addr] = value;
-
- if (!(value & R_SPICR_MTI)) {
- spi_flush_txfifo(s);
- }
- break;
-
- default:
- if (addr < ARRAY_SIZE(s->regs)) {
- s->regs[addr] = value;
- }
- break;
- }
-
-done:
- xlx_spi_update_irq(s);
-}
-
-static const MemoryRegionOps spi_ops = {
- .read = spi_read,
- .write = spi_write,
- .endianness = DEVICE_NATIVE_ENDIAN,
- .valid = {
- .min_access_size = 4,
- .max_access_size = 4
- }
-};
-
-static int xilinx_spi_init(SysBusDevice *dev)
-{
- int i;
- XilinxSPI *s = FROM_SYSBUS(typeof(*s), dev);
-
- DB_PRINT("\n");
-
- s->spi = ssi_create_bus(&dev->qdev, "spi");
-
- sysbus_init_irq(dev, &s->irq);
- s->cs_lines = g_new(qemu_irq, s->num_cs);
- ssi_auto_connect_slaves(DEVICE(s), s->cs_lines, s->spi);
- for (i = 0; i < s->num_cs; ++i) {
- sysbus_init_irq(dev, &s->cs_lines[i]);
- }
-
- memory_region_init_io(&s->mmio, &spi_ops, s, "xilinx-spi", R_MAX * 4);
- sysbus_init_mmio(dev, &s->mmio);
-
- s->irqline = -1;
-
- fifo8_create(&s->tx_fifo, FIFO_CAPACITY);
- fifo8_create(&s->rx_fifo, FIFO_CAPACITY);
-
- return 0;
-}
-
-static const VMStateDescription vmstate_xilinx_spi = {
- .name = "xilinx_spi",
- .version_id = 1,
- .minimum_version_id = 1,
- .minimum_version_id_old = 1,
- .fields = (VMStateField[]) {
- VMSTATE_FIFO8(tx_fifo, XilinxSPI),
- VMSTATE_FIFO8(rx_fifo, XilinxSPI),
- VMSTATE_UINT32_ARRAY(regs, XilinxSPI, R_MAX),
- VMSTATE_END_OF_LIST()
- }
-};
-
-static Property xilinx_spi_properties[] = {
- DEFINE_PROP_UINT8("num-ss-bits", XilinxSPI, num_cs, 1),
- DEFINE_PROP_END_OF_LIST(),
-};
-
-static void xilinx_spi_class_init(ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS(klass);
- SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
-
- k->init = xilinx_spi_init;
- dc->reset = xlx_spi_reset;
- dc->props = xilinx_spi_properties;
- dc->vmsd = &vmstate_xilinx_spi;
-}
-
-static TypeInfo xilinx_spi_info = {
- .name = "xlnx.xps-spi",
- .parent = TYPE_SYS_BUS_DEVICE,
- .instance_size = sizeof(XilinxSPI),
- .class_init = xilinx_spi_class_init,
-};
-
-static void xilinx_spi_register_types(void)
-{
- type_register_static(&xilinx_spi_info);
-}
-
-type_init(xilinx_spi_register_types)
diff --git a/hw/xilinx_spips.c b/hw/xilinx_spips.c
deleted file mode 100644
index ee7656d7d..000000000
--- a/hw/xilinx_spips.c
+++ /dev/null
@@ -1,575 +0,0 @@
-/*
- * QEMU model of the Xilinx Zynq SPI controller
- *
- * Copyright (c) 2012 Peter A. G. Crosthwaite
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
- * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
- * THE SOFTWARE.
- */
-
-#include "sysbus.h"
-#include "sysemu.h"
-#include "ptimer.h"
-#include "qemu-log.h"
-#include "fifo.h"
-#include "ssi.h"
-#include "bitops.h"
-
-#ifdef XILINX_SPIPS_ERR_DEBUG
-#define DB_PRINT(...) do { \
- fprintf(stderr, ": %s: ", __func__); \
- fprintf(stderr, ## __VA_ARGS__); \
- } while (0);
-#else
- #define DB_PRINT(...)
-#endif
-
-/* config register */
-#define R_CONFIG (0x00 / 4)
-#define IFMODE (1 << 31)
-#define ENDIAN (1 << 26)
-#define MODEFAIL_GEN_EN (1 << 17)
-#define MAN_START_COM (1 << 16)
-#define MAN_START_EN (1 << 15)
-#define MANUAL_CS (1 << 14)
-#define CS (0xF << 10)
-#define CS_SHIFT (10)
-#define PERI_SEL (1 << 9)
-#define REF_CLK (1 << 8)
-#define FIFO_WIDTH (3 << 6)
-#define BAUD_RATE_DIV (7 << 3)
-#define CLK_PH (1 << 2)
-#define CLK_POL (1 << 1)
-#define MODE_SEL (1 << 0)
-
-/* interrupt mechanism */
-#define R_INTR_STATUS (0x04 / 4)
-#define R_INTR_EN (0x08 / 4)
-#define R_INTR_DIS (0x0C / 4)
-#define R_INTR_MASK (0x10 / 4)
-#define IXR_TX_FIFO_UNDERFLOW (1 << 6)
-#define IXR_RX_FIFO_FULL (1 << 5)
-#define IXR_RX_FIFO_NOT_EMPTY (1 << 4)
-#define IXR_TX_FIFO_FULL (1 << 3)
-#define IXR_TX_FIFO_NOT_FULL (1 << 2)
-#define IXR_TX_FIFO_MODE_FAIL (1 << 1)
-#define IXR_RX_FIFO_OVERFLOW (1 << 0)
-#define IXR_ALL ((IXR_TX_FIFO_UNDERFLOW<<1)-1)
-
-#define R_EN (0x14 / 4)
-#define R_DELAY (0x18 / 4)
-#define R_TX_DATA (0x1C / 4)
-#define R_RX_DATA (0x20 / 4)
-#define R_SLAVE_IDLE_COUNT (0x24 / 4)
-#define R_TX_THRES (0x28 / 4)
-#define R_RX_THRES (0x2C / 4)
-#define R_TXD1 (0x80 / 4)
-#define R_TXD2 (0x84 / 4)
-#define R_TXD3 (0x88 / 4)
-
-#define R_LQSPI_CFG (0xa0 / 4)
-#define R_LQSPI_CFG_RESET 0x03A002EB
-#define LQSPI_CFG_LQ_MODE (1 << 31)
-#define LQSPI_CFG_TWO_MEM (1 << 30)
-#define LQSPI_CFG_SEP_BUS (1 << 30)
-#define LQSPI_CFG_U_PAGE (1 << 28)
-#define LQSPI_CFG_MODE_EN (1 << 25)
-#define LQSPI_CFG_MODE_WIDTH 8
-#define LQSPI_CFG_MODE_SHIFT 16
-#define LQSPI_CFG_DUMMY_WIDTH 3
-#define LQSPI_CFG_DUMMY_SHIFT 8
-#define LQSPI_CFG_INST_CODE 0xFF
-
-#define R_LQSPI_STS (0xA4 / 4)
-#define LQSPI_STS_WR_RECVD (1 << 1)
-
-#define R_MOD_ID (0xFC / 4)
-
-#define R_MAX (R_MOD_ID+1)
-
-/* size of TXRX FIFOs */
-#define RXFF_A 32
-#define TXFF_A 32
-
-/* 16MB per linear region */
-#define LQSPI_ADDRESS_BITS 24
-/* Bite off 4k chunks at a time */
-#define LQSPI_CACHE_SIZE 1024
-
-#define SNOOP_CHECKING 0xFF
-#define SNOOP_NONE 0xFE
-#define SNOOP_STRIPING 0
-
-typedef struct {
- SysBusDevice busdev;
- MemoryRegion iomem;
- MemoryRegion mmlqspi;
-
- qemu_irq irq;
- int irqline;
-
- uint8_t num_cs;
- uint8_t num_busses;
-
- uint8_t snoop_state;
- qemu_irq *cs_lines;
- SSIBus **spi;
-
- Fifo8 rx_fifo;
- Fifo8 tx_fifo;
-
- uint8_t num_txrx_bytes;
-
- uint32_t regs[R_MAX];
-
- uint32_t lqspi_buf[LQSPI_CACHE_SIZE];
- hwaddr lqspi_cached_addr;
-} XilinxSPIPS;
-
-static inline int num_effective_busses(XilinxSPIPS *s)
-{
- return (s->regs[R_LQSPI_STS] & LQSPI_CFG_SEP_BUS &&
- s->regs[R_LQSPI_STS] & LQSPI_CFG_TWO_MEM) ? s->num_busses : 1;
-}
-
-static void xilinx_spips_update_cs_lines(XilinxSPIPS *s)
-{
- int i, j;
- bool found = false;
- int field = s->regs[R_CONFIG] >> CS_SHIFT;
-
- for (i = 0; i < s->num_cs; i++) {
- for (j = 0; j < num_effective_busses(s); j++) {
- int upage = !!(s->regs[R_LQSPI_STS] & LQSPI_CFG_U_PAGE);
- int cs_to_set = (j * s->num_cs + i + upage) %
- (s->num_cs * s->num_busses);
-
- if (~field & (1 << i) && !found) {
- DB_PRINT("selecting slave %d\n", i);
- qemu_set_irq(s->cs_lines[cs_to_set], 0);
- } else {
- qemu_set_irq(s->cs_lines[cs_to_set], 1);
- }
- }
- if (~field & (1 << i)) {
- found = true;
- }
- }
- if (!found) {
- s->snoop_state = SNOOP_CHECKING;
- }
-}
-
-static void xilinx_spips_update_ixr(XilinxSPIPS *s)
-{
- /* These are set/cleared as they occur */
- s->regs[R_INTR_STATUS] &= (IXR_TX_FIFO_UNDERFLOW | IXR_RX_FIFO_OVERFLOW |
- IXR_TX_FIFO_MODE_FAIL);
- /* these are pure functions of fifo state, set them here */
- s->regs[R_INTR_STATUS] |=
- (fifo8_is_full(&s->rx_fifo) ? IXR_RX_FIFO_FULL : 0) |
- (s->rx_fifo.num >= s->regs[R_RX_THRES] ? IXR_RX_FIFO_NOT_EMPTY : 0) |
- (fifo8_is_full(&s->tx_fifo) ? IXR_TX_FIFO_FULL : 0) |
- (s->tx_fifo.num < s->regs[R_TX_THRES] ? IXR_TX_FIFO_NOT_FULL : 0);
- /* drive external interrupt pin */
- int new_irqline = !!(s->regs[R_INTR_MASK] & s->regs[R_INTR_STATUS] &
- IXR_ALL);
- if (new_irqline != s->irqline) {
- s->irqline = new_irqline;
- qemu_set_irq(s->irq, s->irqline);
- }
-}
-
-static void xilinx_spips_reset(DeviceState *d)
-{
- XilinxSPIPS *s = DO_UPCAST(XilinxSPIPS, busdev.qdev, d);
-
- int i;
- for (i = 0; i < R_MAX; i++) {
- s->regs[i] = 0;
- }
-
- fifo8_reset(&s->rx_fifo);
- fifo8_reset(&s->rx_fifo);
- /* non zero resets */
- s->regs[R_CONFIG] |= MODEFAIL_GEN_EN;
- s->regs[R_SLAVE_IDLE_COUNT] = 0xFF;
- s->regs[R_TX_THRES] = 1;
- s->regs[R_RX_THRES] = 1;
- /* FIXME: move magic number definition somewhere sensible */
- s->regs[R_MOD_ID] = 0x01090106;
- s->regs[R_LQSPI_CFG] = R_LQSPI_CFG_RESET;
- s->snoop_state = SNOOP_CHECKING;
- xilinx_spips_update_ixr(s);
- xilinx_spips_update_cs_lines(s);
-}
-
-static void xilinx_spips_flush_txfifo(XilinxSPIPS *s)
-{
- for (;;) {
- int i;
- uint8_t rx;
- uint8_t tx = 0;
-
- for (i = 0; i < num_effective_busses(s); ++i) {
- if (!i || s->snoop_state == SNOOP_STRIPING) {
- if (fifo8_is_empty(&s->tx_fifo)) {
- s->regs[R_INTR_STATUS] |= IXR_TX_FIFO_UNDERFLOW;
- xilinx_spips_update_ixr(s);
- return;
- } else {
- tx = fifo8_pop(&s->tx_fifo);
- }
- }
- rx = ssi_transfer(s->spi[i], (uint32_t)tx);
- DB_PRINT("tx = %02x rx = %02x\n", tx, rx);
- if (!i || s->snoop_state == SNOOP_STRIPING) {
- if (fifo8_is_full(&s->rx_fifo)) {
- s->regs[R_INTR_STATUS] |= IXR_RX_FIFO_OVERFLOW;
- DB_PRINT("rx FIFO overflow");
- } else {
- fifo8_push(&s->rx_fifo, (uint8_t)rx);
- }
- }
- }
-
- switch (s->snoop_state) {
- case (SNOOP_CHECKING):
- switch (tx) { /* new instruction code */
- case 0x0b: /* dual/quad output read DOR/QOR */
- case 0x6b:
- s->snoop_state = 4;
- break;
- /* FIXME: these vary between vendor - set to spansion */
- case 0xbb: /* high performance dual read DIOR */
- s->snoop_state = 4;
- break;
- case 0xeb: /* high performance quad read QIOR */
- s->snoop_state = 6;
- break;
- default:
- s->snoop_state = SNOOP_NONE;
- }
- break;
- case (SNOOP_STRIPING):
- case (SNOOP_NONE):
- break;
- default:
- s->snoop_state--;
- }
- }
-}
-
-static inline void rx_data_bytes(XilinxSPIPS *s, uint32_t *value, int max)
-{
- int i;
-
- *value = 0;
- for (i = 0; i < max && !fifo8_is_empty(&s->rx_fifo); ++i) {
- uint32_t next = fifo8_pop(&s->rx_fifo) & 0xFF;
- *value |= next << 8 * (s->regs[R_CONFIG] & ENDIAN ? 3-i : i);
- }
-}
-
-static uint64_t xilinx_spips_read(void *opaque, hwaddr addr,
- unsigned size)
-{
- XilinxSPIPS *s = opaque;
- uint32_t mask = ~0;
- uint32_t ret;
-
- addr >>= 2;
- switch (addr) {
- case R_CONFIG:
- mask = 0x0002FFFF;
- break;
- case R_INTR_STATUS:
- case R_INTR_MASK:
- mask = IXR_ALL;
- break;
- case R_EN:
- mask = 0x1;
- break;
- case R_SLAVE_IDLE_COUNT:
- mask = 0xFF;
- break;
- case R_MOD_ID:
- mask = 0x01FFFFFF;
- break;
- case R_INTR_EN:
- case R_INTR_DIS:
- case R_TX_DATA:
- mask = 0;
- break;
- case R_RX_DATA:
- rx_data_bytes(s, &ret, s->num_txrx_bytes);
- DB_PRINT("addr=" TARGET_FMT_plx " = %x\n", addr * 4, ret);
- xilinx_spips_update_ixr(s);
- return ret;
- }
- DB_PRINT("addr=" TARGET_FMT_plx " = %x\n", addr * 4, s->regs[addr] & mask);
- return s->regs[addr] & mask;
-
-}
-
-static inline void tx_data_bytes(XilinxSPIPS *s, uint32_t value, int num)
-{
- int i;
- for (i = 0; i < num && !fifo8_is_full(&s->tx_fifo); ++i) {
- if (s->regs[R_CONFIG] & ENDIAN) {
- fifo8_push(&s->tx_fifo, (uint8_t)(value >> 24));
- value <<= 8;
- } else {
- fifo8_push(&s->tx_fifo, (uint8_t)value);
- value >>= 8;
- }
- }
-}
-
-static void xilinx_spips_write(void *opaque, hwaddr addr,
- uint64_t value, unsigned size)
-{
- int mask = ~0;
- int man_start_com = 0;
- XilinxSPIPS *s = opaque;
-
- DB_PRINT("addr=" TARGET_FMT_plx " = %x\n", addr, (unsigned)value);
- addr >>= 2;
- switch (addr) {
- case R_CONFIG:
- mask = 0x0002FFFF;
- if (value & MAN_START_COM) {
- man_start_com = 1;
- }
- break;
- case R_INTR_STATUS:
- mask = IXR_ALL;
- s->regs[R_INTR_STATUS] &= ~(mask & value);
- goto no_reg_update;
- case R_INTR_DIS:
- mask = IXR_ALL;
- s->regs[R_INTR_MASK] &= ~(mask & value);
- goto no_reg_update;
- case R_INTR_EN:
- mask = IXR_ALL;
- s->regs[R_INTR_MASK] |= mask & value;
- goto no_reg_update;
- case R_EN:
- mask = 0x1;
- break;
- case R_SLAVE_IDLE_COUNT:
- mask = 0xFF;
- break;
- case R_RX_DATA:
- case R_INTR_MASK:
- case R_MOD_ID:
- mask = 0;
- break;
- case R_TX_DATA:
- tx_data_bytes(s, (uint32_t)value, s->num_txrx_bytes);
- goto no_reg_update;
- case R_TXD1:
- tx_data_bytes(s, (uint32_t)value, 1);
- goto no_reg_update;
- case R_TXD2:
- tx_data_bytes(s, (uint32_t)value, 2);
- goto no_reg_update;
- case R_TXD3:
- tx_data_bytes(s, (uint32_t)value, 3);
- goto no_reg_update;
- }
- s->regs[addr] = (s->regs[addr] & ~mask) | (value & mask);
-no_reg_update:
- if (man_start_com) {
- xilinx_spips_flush_txfifo(s);
- }
- xilinx_spips_update_ixr(s);
- xilinx_spips_update_cs_lines(s);
-}
-
-static const MemoryRegionOps spips_ops = {
- .read = xilinx_spips_read,
- .write = xilinx_spips_write,
- .endianness = DEVICE_LITTLE_ENDIAN,
-};
-
-#define LQSPI_CACHE_SIZE 1024
-
-static uint64_t
-lqspi_read(void *opaque, hwaddr addr, unsigned int size)
-{
- int i;
- XilinxSPIPS *s = opaque;
-
- if (addr >= s->lqspi_cached_addr &&
- addr <= s->lqspi_cached_addr + LQSPI_CACHE_SIZE - 4) {
- return s->lqspi_buf[(addr - s->lqspi_cached_addr) >> 2];
- } else {
- int flash_addr = (addr / num_effective_busses(s));
- int slave = flash_addr >> LQSPI_ADDRESS_BITS;
- int cache_entry = 0;
-
- DB_PRINT("config reg status: %08x\n", s->regs[R_LQSPI_CFG]);
-
- fifo8_reset(&s->tx_fifo);
- fifo8_reset(&s->rx_fifo);
-
- s->regs[R_CONFIG] &= ~CS;
- s->regs[R_CONFIG] |= (~(1 << slave) << CS_SHIFT) & CS;
- xilinx_spips_update_cs_lines(s);
-
- /* instruction */
- DB_PRINT("pushing read instruction: %02x\n",
- (uint8_t)(s->regs[R_LQSPI_CFG] & LQSPI_CFG_INST_CODE));
- fifo8_push(&s->tx_fifo, s->regs[R_LQSPI_CFG] & LQSPI_CFG_INST_CODE);
- /* read address */
- DB_PRINT("pushing read address %06x\n", flash_addr);
- fifo8_push(&s->tx_fifo, (uint8_t)(flash_addr >> 16));
- fifo8_push(&s->tx_fifo, (uint8_t)(flash_addr >> 8));
- fifo8_push(&s->tx_fifo, (uint8_t)flash_addr);
- /* mode bits */
- if (s->regs[R_LQSPI_CFG] & LQSPI_CFG_MODE_EN) {
- fifo8_push(&s->tx_fifo, extract32(s->regs[R_LQSPI_CFG],
- LQSPI_CFG_MODE_SHIFT,
- LQSPI_CFG_MODE_WIDTH));
- }
- /* dummy bytes */
- for (i = 0; i < (extract32(s->regs[R_LQSPI_CFG], LQSPI_CFG_DUMMY_SHIFT,
- LQSPI_CFG_DUMMY_WIDTH)); ++i) {
- DB_PRINT("pushing dummy byte\n");
- fifo8_push(&s->tx_fifo, 0);
- }
- xilinx_spips_flush_txfifo(s);
- fifo8_reset(&s->rx_fifo);
-
- DB_PRINT("starting QSPI data read\n");
-
- for (i = 0; i < LQSPI_CACHE_SIZE / 4; ++i) {
- tx_data_bytes(s, 0, 4);
- xilinx_spips_flush_txfifo(s);
- rx_data_bytes(s, &s->lqspi_buf[cache_entry], 4);
- cache_entry++;
- }
-
- s->regs[R_CONFIG] |= CS;
- xilinx_spips_update_cs_lines(s);
-
- s->lqspi_cached_addr = addr;
- return lqspi_read(opaque, addr, size);
- }
-}
-
-static const MemoryRegionOps lqspi_ops = {
- .read = lqspi_read,
- .endianness = DEVICE_NATIVE_ENDIAN,
- .valid = {
- .min_access_size = 4,
- .max_access_size = 4
- }
-};
-
-static int xilinx_spips_init(SysBusDevice *dev)
-{
- XilinxSPIPS *s = FROM_SYSBUS(typeof(*s), dev);
- int i;
-
- DB_PRINT("inited device model\n");
-
- s->spi = g_new(SSIBus *, s->num_busses);
- for (i = 0; i < s->num_busses; ++i) {
- char bus_name[16];
- snprintf(bus_name, 16, "spi%d", i);
- s->spi[i] = ssi_create_bus(&dev->qdev, bus_name);
- }
-
- s->cs_lines = g_new(qemu_irq, s->num_cs * s->num_busses);
- ssi_auto_connect_slaves(DEVICE(s), s->cs_lines, s->spi[0]);
- ssi_auto_connect_slaves(DEVICE(s), s->cs_lines, s->spi[1]);
- sysbus_init_irq(dev, &s->irq);
- for (i = 0; i < s->num_cs * s->num_busses; ++i) {
- sysbus_init_irq(dev, &s->cs_lines[i]);
- }
-
- memory_region_init_io(&s->iomem, &spips_ops, s, "spi", R_MAX*4);
- sysbus_init_mmio(dev, &s->iomem);
-
- memory_region_init_io(&s->mmlqspi, &lqspi_ops, s, "lqspi",
- (1 << LQSPI_ADDRESS_BITS) * 2);
- sysbus_init_mmio(dev, &s->mmlqspi);
-
- s->irqline = -1;
- s->lqspi_cached_addr = ~0ULL;
-
- fifo8_create(&s->rx_fifo, RXFF_A);
- fifo8_create(&s->tx_fifo, TXFF_A);
-
- return 0;
-}
-
-static int xilinx_spips_post_load(void *opaque, int version_id)
-{
- xilinx_spips_update_ixr((XilinxSPIPS *)opaque);
- xilinx_spips_update_cs_lines((XilinxSPIPS *)opaque);
- return 0;
-}
-
-static const VMStateDescription vmstate_xilinx_spips = {
- .name = "xilinx_spips",
- .version_id = 2,
- .minimum_version_id = 2,
- .minimum_version_id_old = 2,
- .post_load = xilinx_spips_post_load,
- .fields = (VMStateField[]) {
- VMSTATE_FIFO8(tx_fifo, XilinxSPIPS),
- VMSTATE_FIFO8(rx_fifo, XilinxSPIPS),
- VMSTATE_UINT32_ARRAY(regs, XilinxSPIPS, R_MAX),
- VMSTATE_UINT8(snoop_state, XilinxSPIPS),
- VMSTATE_END_OF_LIST()
- }
-};
-
-static Property xilinx_spips_properties[] = {
- DEFINE_PROP_UINT8("num-busses", XilinxSPIPS, num_busses, 1),
- DEFINE_PROP_UINT8("num-ss-bits", XilinxSPIPS, num_cs, 4),
- DEFINE_PROP_UINT8("num-txrx-bytes", XilinxSPIPS, num_txrx_bytes, 1),
- DEFINE_PROP_END_OF_LIST(),
-};
-static void xilinx_spips_class_init(ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS(klass);
- SysBusDeviceClass *sdc = SYS_BUS_DEVICE_CLASS(klass);
-
- sdc->init = xilinx_spips_init;
- dc->reset = xilinx_spips_reset;
- dc->props = xilinx_spips_properties;
- dc->vmsd = &vmstate_xilinx_spips;
-}
-
-static const TypeInfo xilinx_spips_info = {
- .name = "xilinx,spips",
- .parent = TYPE_SYS_BUS_DEVICE,
- .instance_size = sizeof(XilinxSPIPS),
- .class_init = xilinx_spips_class_init,
-};
-
-static void xilinx_spips_register_types(void)
-{
- type_register_static(&xilinx_spips_info);
-}
-
-type_init(xilinx_spips_register_types)
diff --git a/hw/xilinx_timer.c b/hw/xilinx_timer.c
deleted file mode 100644
index 2b01dc286..000000000
--- a/hw/xilinx_timer.c
+++ /dev/null
@@ -1,255 +0,0 @@
-/*
- * QEMU model of the Xilinx timer block.
- *
- * Copyright (c) 2009 Edgar E. Iglesias.
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
- * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
- * THE SOFTWARE.
- */
-
-#include "sysbus.h"
-#include "ptimer.h"
-#include "qemu-log.h"
-
-#define D(x)
-
-#define R_TCSR 0
-#define R_TLR 1
-#define R_TCR 2
-#define R_MAX 4
-
-#define TCSR_MDT (1<<0)
-#define TCSR_UDT (1<<1)
-#define TCSR_GENT (1<<2)
-#define TCSR_CAPT (1<<3)
-#define TCSR_ARHT (1<<4)
-#define TCSR_LOAD (1<<5)
-#define TCSR_ENIT (1<<6)
-#define TCSR_ENT (1<<7)
-#define TCSR_TINT (1<<8)
-#define TCSR_PWMA (1<<9)
-#define TCSR_ENALL (1<<10)
-
-struct xlx_timer
-{
- QEMUBH *bh;
- ptimer_state *ptimer;
- void *parent;
- int nr; /* for debug. */
-
- unsigned long timer_div;
-
- uint32_t regs[R_MAX];
-};
-
-struct timerblock
-{
- SysBusDevice busdev;
- MemoryRegion mmio;
- qemu_irq irq;
- uint8_t one_timer_only;
- uint32_t freq_hz;
- struct xlx_timer *timers;
-};
-
-static inline unsigned int num_timers(struct timerblock *t)
-{
- return 2 - t->one_timer_only;
-}
-
-static inline unsigned int timer_from_addr(hwaddr addr)
-{
- /* Timers get a 4x32bit control reg area each. */
- return addr >> 2;
-}
-
-static void timer_update_irq(struct timerblock *t)
-{
- unsigned int i, irq = 0;
- uint32_t csr;
-
- for (i = 0; i < num_timers(t); i++) {
- csr = t->timers[i].regs[R_TCSR];
- irq |= (csr & TCSR_TINT) && (csr & TCSR_ENIT);
- }
-
- /* All timers within the same slave share a single IRQ line. */
- qemu_set_irq(t->irq, !!irq);
-}
-
-static uint64_t
-timer_read(void *opaque, hwaddr addr, unsigned int size)
-{
- struct timerblock *t = opaque;
- struct xlx_timer *xt;
- uint32_t r = 0;
- unsigned int timer;
-
- addr >>= 2;
- timer = timer_from_addr(addr);
- xt = &t->timers[timer];
- /* Further decoding to address a specific timers reg. */
- addr &= 0x3;
- switch (addr)
- {
- case R_TCR:
- r = ptimer_get_count(xt->ptimer);
- if (!(xt->regs[R_TCSR] & TCSR_UDT))
- r = ~r;
- D(qemu_log("xlx_timer t=%d read counter=%x udt=%d\n",
- timer, r, xt->regs[R_TCSR] & TCSR_UDT));
- break;
- default:
- if (addr < ARRAY_SIZE(xt->regs))
- r = xt->regs[addr];
- break;
-
- }
- D(fprintf(stderr, "%s timer=%d %x=%x\n", __func__, timer, addr * 4, r));
- return r;
-}
-
-static void timer_enable(struct xlx_timer *xt)
-{
- uint64_t count;
-
- D(fprintf(stderr, "%s timer=%d down=%d\n", __func__,
- xt->nr, xt->regs[R_TCSR] & TCSR_UDT));
-
- ptimer_stop(xt->ptimer);
-
- if (xt->regs[R_TCSR] & TCSR_UDT)
- count = xt->regs[R_TLR];
- else
- count = ~0 - xt->regs[R_TLR];
- ptimer_set_limit(xt->ptimer, count, 1);
- ptimer_run(xt->ptimer, 1);
-}
-
-static void
-timer_write(void *opaque, hwaddr addr,
- uint64_t val64, unsigned int size)
-{
- struct timerblock *t = opaque;
- struct xlx_timer *xt;
- unsigned int timer;
- uint32_t value = val64;
-
- addr >>= 2;
- timer = timer_from_addr(addr);
- xt = &t->timers[timer];
- D(fprintf(stderr, "%s addr=%x val=%x (timer=%d off=%d)\n",
- __func__, addr * 4, value, timer, addr & 3));
- /* Further decoding to address a specific timers reg. */
- addr &= 3;
- switch (addr)
- {
- case R_TCSR:
- if (value & TCSR_TINT)
- value &= ~TCSR_TINT;
-
- xt->regs[addr] = value;
- if (value & TCSR_ENT)
- timer_enable(xt);
- break;
-
- default:
- if (addr < ARRAY_SIZE(xt->regs))
- xt->regs[addr] = value;
- break;
- }
- timer_update_irq(t);
-}
-
-static const MemoryRegionOps timer_ops = {
- .read = timer_read,
- .write = timer_write,
- .endianness = DEVICE_NATIVE_ENDIAN,
- .valid = {
- .min_access_size = 4,
- .max_access_size = 4
- }
-};
-
-static void timer_hit(void *opaque)
-{
- struct xlx_timer *xt = opaque;
- struct timerblock *t = xt->parent;
- D(fprintf(stderr, "%s %d\n", __func__, xt->nr));
- xt->regs[R_TCSR] |= TCSR_TINT;
-
- if (xt->regs[R_TCSR] & TCSR_ARHT)
- timer_enable(xt);
- timer_update_irq(t);
-}
-
-static int xilinx_timer_init(SysBusDevice *dev)
-{
- struct timerblock *t = FROM_SYSBUS(typeof (*t), dev);
- unsigned int i;
-
- /* All timers share a single irq line. */
- sysbus_init_irq(dev, &t->irq);
-
- /* Init all the ptimers. */
- t->timers = g_malloc0(sizeof t->timers[0] * num_timers(t));
- for (i = 0; i < num_timers(t); i++) {
- struct xlx_timer *xt = &t->timers[i];
-
- xt->parent = t;
- xt->nr = i;
- xt->bh = qemu_bh_new(timer_hit, xt);
- xt->ptimer = ptimer_init(xt->bh);
- ptimer_set_freq(xt->ptimer, t->freq_hz);
- }
-
- memory_region_init_io(&t->mmio, &timer_ops, t, "xlnx.xps-timer",
- R_MAX * 4 * num_timers(t));
- sysbus_init_mmio(dev, &t->mmio);
- return 0;
-}
-
-static Property xilinx_timer_properties[] = {
- DEFINE_PROP_UINT32("clock-frequency", struct timerblock, freq_hz,
- 62 * 1000000),
- DEFINE_PROP_UINT8("one-timer-only", struct timerblock, one_timer_only, 0),
- DEFINE_PROP_END_OF_LIST(),
-};
-
-static void xilinx_timer_class_init(ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS(klass);
- SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
-
- k->init = xilinx_timer_init;
- dc->props = xilinx_timer_properties;
-}
-
-static TypeInfo xilinx_timer_info = {
- .name = "xlnx.xps-timer",
- .parent = TYPE_SYS_BUS_DEVICE,
- .instance_size = sizeof(struct timerblock),
- .class_init = xilinx_timer_class_init,
-};
-
-static void xilinx_timer_register_types(void)
-{
- type_register_static(&xilinx_timer_info);
-}
-
-type_init(xilinx_timer_register_types)
diff --git a/hw/xilinx_uartlite.c b/hw/xilinx_uartlite.c
deleted file mode 100644
index d20fc4124..000000000
--- a/hw/xilinx_uartlite.c
+++ /dev/null
@@ -1,234 +0,0 @@
-/*
- * QEMU model of Xilinx uartlite.
- *
- * Copyright (c) 2009 Edgar E. Iglesias.
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
- * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
- * THE SOFTWARE.
- */
-
-#include "sysbus.h"
-#include "qemu-char.h"
-
-#define DUART(x)
-
-#define R_RX 0
-#define R_TX 1
-#define R_STATUS 2
-#define R_CTRL 3
-#define R_MAX 4
-
-#define STATUS_RXVALID 0x01
-#define STATUS_RXFULL 0x02
-#define STATUS_TXEMPTY 0x04
-#define STATUS_TXFULL 0x08
-#define STATUS_IE 0x10
-#define STATUS_OVERRUN 0x20
-#define STATUS_FRAME 0x40
-#define STATUS_PARITY 0x80
-
-#define CONTROL_RST_TX 0x01
-#define CONTROL_RST_RX 0x02
-#define CONTROL_IE 0x10
-
-struct xlx_uartlite
-{
- SysBusDevice busdev;
- MemoryRegion mmio;
- CharDriverState *chr;
- qemu_irq irq;
-
- uint8_t rx_fifo[8];
- unsigned int rx_fifo_pos;
- unsigned int rx_fifo_len;
-
- uint32_t regs[R_MAX];
-};
-
-static void uart_update_irq(struct xlx_uartlite *s)
-{
- unsigned int irq;
-
- if (s->rx_fifo_len)
- s->regs[R_STATUS] |= STATUS_IE;
-
- irq = (s->regs[R_STATUS] & STATUS_IE) && (s->regs[R_CTRL] & CONTROL_IE);
- qemu_set_irq(s->irq, irq);
-}
-
-static void uart_update_status(struct xlx_uartlite *s)
-{
- uint32_t r;
-
- r = s->regs[R_STATUS];
- r &= ~7;
- r |= 1 << 2; /* Tx fifo is always empty. We are fast :) */
- r |= (s->rx_fifo_len == sizeof (s->rx_fifo)) << 1;
- r |= (!!s->rx_fifo_len);
- s->regs[R_STATUS] = r;
-}
-
-static uint64_t
-uart_read(void *opaque, hwaddr addr, unsigned int size)
-{
- struct xlx_uartlite *s = opaque;
- uint32_t r = 0;
- addr >>= 2;
- switch (addr)
- {
- case R_RX:
- r = s->rx_fifo[(s->rx_fifo_pos - s->rx_fifo_len) & 7];
- if (s->rx_fifo_len)
- s->rx_fifo_len--;
- uart_update_status(s);
- uart_update_irq(s);
- break;
-
- default:
- if (addr < ARRAY_SIZE(s->regs))
- r = s->regs[addr];
- DUART(qemu_log("%s addr=%x v=%x\n", __func__, addr, r));
- break;
- }
- return r;
-}
-
-static void
-uart_write(void *opaque, hwaddr addr,
- uint64_t val64, unsigned int size)
-{
- struct xlx_uartlite *s = opaque;
- uint32_t value = val64;
- unsigned char ch = value;
-
- addr >>= 2;
- switch (addr)
- {
- case R_STATUS:
- hw_error("write to UART STATUS?\n");
- break;
-
- case R_CTRL:
- if (value & CONTROL_RST_RX) {
- s->rx_fifo_pos = 0;
- s->rx_fifo_len = 0;
- }
- s->regs[addr] = value;
- break;
-
- case R_TX:
- if (s->chr)
- qemu_chr_fe_write(s->chr, &ch, 1);
-
- s->regs[addr] = value;
-
- /* hax. */
- s->regs[R_STATUS] |= STATUS_IE;
- break;
-
- default:
- DUART(printf("%s addr=%x v=%x\n", __func__, addr, value));
- if (addr < ARRAY_SIZE(s->regs))
- s->regs[addr] = value;
- break;
- }
- uart_update_status(s);
- uart_update_irq(s);
-}
-
-static const MemoryRegionOps uart_ops = {
- .read = uart_read,
- .write = uart_write,
- .endianness = DEVICE_NATIVE_ENDIAN,
- .valid = {
- .min_access_size = 1,
- .max_access_size = 4
- }
-};
-
-static void uart_rx(void *opaque, const uint8_t *buf, int size)
-{
- struct xlx_uartlite *s = opaque;
-
- /* Got a byte. */
- if (s->rx_fifo_len >= 8) {
- printf("WARNING: UART dropped char.\n");
- return;
- }
- s->rx_fifo[s->rx_fifo_pos] = *buf;
- s->rx_fifo_pos++;
- s->rx_fifo_pos &= 0x7;
- s->rx_fifo_len++;
-
- uart_update_status(s);
- uart_update_irq(s);
-}
-
-static int uart_can_rx(void *opaque)
-{
- struct xlx_uartlite *s = opaque;
- int r;
-
- r = s->rx_fifo_len < sizeof(s->rx_fifo);
- if (!r)
- printf("cannot receive!\n");
- return r;
-}
-
-static void uart_event(void *opaque, int event)
-{
-
-}
-
-static int xilinx_uartlite_init(SysBusDevice *dev)
-{
- struct xlx_uartlite *s = FROM_SYSBUS(typeof (*s), dev);
-
- sysbus_init_irq(dev, &s->irq);
-
- uart_update_status(s);
- memory_region_init_io(&s->mmio, &uart_ops, s, "xlnx.xps-uartlite",
- R_MAX * 4);
- sysbus_init_mmio(dev, &s->mmio);
-
- s->chr = qemu_char_get_next_serial();
- if (s->chr)
- qemu_chr_add_handlers(s->chr, uart_can_rx, uart_rx, uart_event, s);
- return 0;
-}
-
-static void xilinx_uartlite_class_init(ObjectClass *klass, void *data)
-{
- SysBusDeviceClass *sdc = SYS_BUS_DEVICE_CLASS(klass);
-
- sdc->init = xilinx_uartlite_init;
-}
-
-static TypeInfo xilinx_uartlite_info = {
- .name = "xlnx.xps-uartlite",
- .parent = TYPE_SYS_BUS_DEVICE,
- .instance_size = sizeof (struct xlx_uartlite),
- .class_init = xilinx_uartlite_class_init,
-};
-
-static void xilinx_uart_register_types(void)
-{
- type_register_static(&xilinx_uartlite_info);
-}
-
-type_init(xilinx_uart_register_types)
diff --git a/hw/xilinx_zynq.c b/hw/xilinx_zynq.c
deleted file mode 100644
index 1f12a3d1a..000000000
--- a/hw/xilinx_zynq.c
+++ /dev/null
@@ -1,213 +0,0 @@
-/*
- * Xilinx Zynq Baseboard System emulation.
- *
- * Copyright (c) 2010 Xilinx.
- * Copyright (c) 2012 Peter A.G. Crosthwaite (peter.croshtwaite@petalogix.com)
- * Copyright (c) 2012 Petalogix Pty Ltd.
- * Written by Haibing Ma
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License
- * as published by the Free Software Foundation; either version
- * 2 of the License, or (at your option) any later version.
- *
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, see <http://www.gnu.org/licenses/>.
- */
-
-#include "sysbus.h"
-#include "arm-misc.h"
-#include "net.h"
-#include "exec-memory.h"
-#include "sysemu.h"
-#include "boards.h"
-#include "flash.h"
-#include "blockdev.h"
-#include "loader.h"
-#include "ssi.h"
-
-#define NUM_SPI_FLASHES 4
-#define NUM_QSPI_FLASHES 2
-#define NUM_QSPI_BUSSES 2
-
-#define FLASH_SIZE (64 * 1024 * 1024)
-#define FLASH_SECTOR_SIZE (128 * 1024)
-
-#define IRQ_OFFSET 32 /* pic interrupts start from index 32 */
-
-static struct arm_boot_info zynq_binfo = {};
-
-static void gem_init(NICInfo *nd, uint32_t base, qemu_irq irq)
-{
- DeviceState *dev;
- SysBusDevice *s;
-
- qemu_check_nic_model(nd, "cadence_gem");
- dev = qdev_create(NULL, "cadence_gem");
- qdev_set_nic_properties(dev, nd);
- qdev_init_nofail(dev);
- s = sysbus_from_qdev(dev);
- sysbus_mmio_map(s, 0, base);
- sysbus_connect_irq(s, 0, irq);
-}
-
-static inline void zynq_init_spi_flashes(uint32_t base_addr, qemu_irq irq,
- bool is_qspi)
-{
- DeviceState *dev;
- SysBusDevice *busdev;
- SSIBus *spi;
- int i, j;
- int num_busses = is_qspi ? NUM_QSPI_BUSSES : 1;
- int num_ss = is_qspi ? NUM_QSPI_FLASHES : NUM_SPI_FLASHES;
-
- dev = qdev_create(NULL, "xilinx,spips");
- qdev_prop_set_uint8(dev, "num-txrx-bytes", is_qspi ? 4 : 1);
- qdev_prop_set_uint8(dev, "num-ss-bits", num_ss);
- qdev_prop_set_uint8(dev, "num-busses", num_busses);
- qdev_init_nofail(dev);
- busdev = sysbus_from_qdev(dev);
- sysbus_mmio_map(busdev, 0, base_addr);
- if (is_qspi) {
- sysbus_mmio_map(busdev, 1, 0xFC000000);
- }
- sysbus_connect_irq(busdev, 0, irq);
-
- for (i = 0; i < num_busses; ++i) {
- char bus_name[16];
- qemu_irq cs_line;
-
- snprintf(bus_name, 16, "spi%d", i);
- spi = (SSIBus *)qdev_get_child_bus(dev, bus_name);
-
- for (j = 0; j < num_ss; ++j) {
- dev = ssi_create_slave_no_init(spi, "m25p80");
- qdev_prop_set_string(dev, "partname", "n25q128");
- qdev_init_nofail(dev);
-
- cs_line = qdev_get_gpio_in(dev, 0);
- sysbus_connect_irq(busdev, i * num_ss + j + 1, cs_line);
- }
- }
-
-}
-
-static void zynq_init(QEMUMachineInitArgs *args)
-{
- ram_addr_t ram_size = args->ram_size;
- const char *cpu_model = args->cpu_model;
- const char *kernel_filename = args->kernel_filename;
- const char *kernel_cmdline = args->kernel_cmdline;
- const char *initrd_filename = args->initrd_filename;
- ARMCPU *cpu;
- MemoryRegion *address_space_mem = get_system_memory();
- MemoryRegion *ext_ram = g_new(MemoryRegion, 1);
- MemoryRegion *ocm_ram = g_new(MemoryRegion, 1);
- DeviceState *dev;
- SysBusDevice *busdev;
- qemu_irq *irqp;
- qemu_irq pic[64];
- NICInfo *nd;
- int n;
- qemu_irq cpu_irq;
-
- if (!cpu_model) {
- cpu_model = "cortex-a9";
- }
-
- cpu = cpu_arm_init(cpu_model);
- if (!cpu) {
- fprintf(stderr, "Unable to find CPU definition\n");
- exit(1);
- }
- irqp = arm_pic_init_cpu(cpu);
- cpu_irq = irqp[ARM_PIC_CPU_IRQ];
-
- /* max 2GB ram */
- if (ram_size > 0x80000000) {
- ram_size = 0x80000000;
- }
-
- /* DDR remapped to address zero. */
- memory_region_init_ram(ext_ram, "zynq.ext_ram", ram_size);
- vmstate_register_ram_global(ext_ram);
- memory_region_add_subregion(address_space_mem, 0, ext_ram);
-
- /* 256K of on-chip memory */
- memory_region_init_ram(ocm_ram, "zynq.ocm_ram", 256 << 10);
- vmstate_register_ram_global(ocm_ram);
- memory_region_add_subregion(address_space_mem, 0xFFFC0000, ocm_ram);
-
- DriveInfo *dinfo = drive_get(IF_PFLASH, 0, 0);
-
- /* AMD */
- pflash_cfi02_register(0xe2000000, NULL, "zynq.pflash", FLASH_SIZE,
- dinfo ? dinfo->bdrv : NULL, FLASH_SECTOR_SIZE,
- FLASH_SIZE/FLASH_SECTOR_SIZE, 1,
- 1, 0x0066, 0x0022, 0x0000, 0x0000, 0x0555, 0x2aa,
- 0);
-
- dev = qdev_create(NULL, "xilinx,zynq_slcr");
- qdev_init_nofail(dev);
- sysbus_mmio_map(sysbus_from_qdev(dev), 0, 0xF8000000);
-
- dev = qdev_create(NULL, "a9mpcore_priv");
- qdev_prop_set_uint32(dev, "num-cpu", 1);
- qdev_init_nofail(dev);
- busdev = sysbus_from_qdev(dev);
- sysbus_mmio_map(busdev, 0, 0xF8F00000);
- sysbus_connect_irq(busdev, 0, cpu_irq);
-
- for (n = 0; n < 64; n++) {
- pic[n] = qdev_get_gpio_in(dev, n);
- }
-
- zynq_init_spi_flashes(0xE0006000, pic[58-IRQ_OFFSET], false);
- zynq_init_spi_flashes(0xE0007000, pic[81-IRQ_OFFSET], false);
- zynq_init_spi_flashes(0xE000D000, pic[51-IRQ_OFFSET], true);
-
- sysbus_create_simple("xlnx,ps7-usb", 0xE0002000, pic[53-IRQ_OFFSET]);
- sysbus_create_simple("xlnx,ps7-usb", 0xE0003000, pic[75-IRQ_OFFSET]);
-
- sysbus_create_simple("cadence_uart", 0xE0000000, pic[59-IRQ_OFFSET]);
- sysbus_create_simple("cadence_uart", 0xE0001000, pic[82-IRQ_OFFSET]);
-
- sysbus_create_varargs("cadence_ttc", 0xF8001000,
- pic[42-IRQ_OFFSET], pic[43-IRQ_OFFSET], pic[44-IRQ_OFFSET], NULL);
- sysbus_create_varargs("cadence_ttc", 0xF8002000,
- pic[69-IRQ_OFFSET], pic[70-IRQ_OFFSET], pic[71-IRQ_OFFSET], NULL);
-
- for (n = 0; n < nb_nics; n++) {
- nd = &nd_table[n];
- if (n == 0) {
- gem_init(nd, 0xE000B000, pic[54-IRQ_OFFSET]);
- } else if (n == 1) {
- gem_init(nd, 0xE000C000, pic[77-IRQ_OFFSET]);
- }
- }
-
- zynq_binfo.ram_size = ram_size;
- zynq_binfo.kernel_filename = kernel_filename;
- zynq_binfo.kernel_cmdline = kernel_cmdline;
- zynq_binfo.initrd_filename = initrd_filename;
- zynq_binfo.nb_cpus = 1;
- zynq_binfo.board_id = 0xd32;
- zynq_binfo.loader_start = 0;
- arm_load_kernel(arm_env_get_cpu(first_cpu), &zynq_binfo);
-}
-
-static QEMUMachine zynq_machine = {
- .name = "xilinx-zynq-a9",
- .desc = "Xilinx Zynq Platform Baseboard for Cortex-A9",
- .init = zynq_init,
- .use_scsi = 1,
- .max_cpus = 1,
- .no_sdcard = 1
-};
-
-static void zynq_machine_init(void)
-{
- qemu_register_machine(&zynq_machine);
-}
-
-machine_init(zynq_machine_init);
diff --git a/hw/xio3130_downstream.c b/hw/xio3130_downstream.c
deleted file mode 100644
index 0d8a5e702..000000000
--- a/hw/xio3130_downstream.c
+++ /dev/null
@@ -1,217 +0,0 @@
-/*
- * x3130_downstream.c
- * TI X3130 pci express downstream port switch
- *
- * Copyright (c) 2010 Isaku Yamahata <yamahata at valinux co jp>
- * VA Linux Systems Japan K.K.
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, see <http://www.gnu.org/licenses/>.
- */
-
-#include "pci_ids.h"
-#include "msi.h"
-#include "pcie.h"
-#include "xio3130_downstream.h"
-
-#define PCI_DEVICE_ID_TI_XIO3130D 0x8233 /* downstream port */
-#define XIO3130_REVISION 0x1
-#define XIO3130_MSI_OFFSET 0x70
-#define XIO3130_MSI_SUPPORTED_FLAGS PCI_MSI_FLAGS_64BIT
-#define XIO3130_MSI_NR_VECTOR 1
-#define XIO3130_SSVID_OFFSET 0x80
-#define XIO3130_SSVID_SVID 0
-#define XIO3130_SSVID_SSID 0
-#define XIO3130_EXP_OFFSET 0x90
-#define XIO3130_AER_OFFSET 0x100
-
-static void xio3130_downstream_write_config(PCIDevice *d, uint32_t address,
- uint32_t val, int len)
-{
- pci_bridge_write_config(d, address, val, len);
- pcie_cap_flr_write_config(d, address, val, len);
- pcie_cap_slot_write_config(d, address, val, len);
- pcie_aer_write_config(d, address, val, len);
-}
-
-static void xio3130_downstream_reset(DeviceState *qdev)
-{
- PCIDevice *d = PCI_DEVICE(qdev);
-
- pcie_cap_deverr_reset(d);
- pcie_cap_slot_reset(d);
- pcie_cap_ari_reset(d);
- pci_bridge_reset(qdev);
-}
-
-static int xio3130_downstream_initfn(PCIDevice *d)
-{
- PCIBridge* br = DO_UPCAST(PCIBridge, dev, d);
- PCIEPort *p = DO_UPCAST(PCIEPort, br, br);
- PCIESlot *s = DO_UPCAST(PCIESlot, port, p);
- int rc;
-
- rc = pci_bridge_initfn(d);
- if (rc < 0) {
- return rc;
- }
-
- pcie_port_init_reg(d);
-
- rc = msi_init(d, XIO3130_MSI_OFFSET, XIO3130_MSI_NR_VECTOR,
- XIO3130_MSI_SUPPORTED_FLAGS & PCI_MSI_FLAGS_64BIT,
- XIO3130_MSI_SUPPORTED_FLAGS & PCI_MSI_FLAGS_MASKBIT);
- if (rc < 0) {
- goto err_bridge;
- }
- rc = pci_bridge_ssvid_init(d, XIO3130_SSVID_OFFSET,
- XIO3130_SSVID_SVID, XIO3130_SSVID_SSID);
- if (rc < 0) {
- goto err_bridge;
- }
- rc = pcie_cap_init(d, XIO3130_EXP_OFFSET, PCI_EXP_TYPE_DOWNSTREAM,
- p->port);
- if (rc < 0) {
- goto err_msi;
- }
- pcie_cap_flr_init(d);
- pcie_cap_deverr_init(d);
- pcie_cap_slot_init(d, s->slot);
- pcie_chassis_create(s->chassis);
- rc = pcie_chassis_add_slot(s);
- if (rc < 0) {
- goto err_pcie_cap;
- }
- pcie_cap_ari_init(d);
- rc = pcie_aer_init(d, XIO3130_AER_OFFSET);
- if (rc < 0) {
- goto err;
- }
-
- return 0;
-
-err:
- pcie_chassis_del_slot(s);
-err_pcie_cap:
- pcie_cap_exit(d);
-err_msi:
- msi_uninit(d);
-err_bridge:
- pci_bridge_exitfn(d);
- return rc;
-}
-
-static void xio3130_downstream_exitfn(PCIDevice *d)
-{
- PCIBridge* br = DO_UPCAST(PCIBridge, dev, d);
- PCIEPort *p = DO_UPCAST(PCIEPort, br, br);
- PCIESlot *s = DO_UPCAST(PCIESlot, port, p);
-
- pcie_aer_exit(d);
- pcie_chassis_del_slot(s);
- pcie_cap_exit(d);
- msi_uninit(d);
- pci_bridge_exitfn(d);
-}
-
-PCIESlot *xio3130_downstream_init(PCIBus *bus, int devfn, bool multifunction,
- const char *bus_name, pci_map_irq_fn map_irq,
- uint8_t port, uint8_t chassis,
- uint16_t slot)
-{
- PCIDevice *d;
- PCIBridge *br;
- DeviceState *qdev;
-
- d = pci_create_multifunction(bus, devfn, multifunction,
- "xio3130-downstream");
- if (!d) {
- return NULL;
- }
- br = DO_UPCAST(PCIBridge, dev, d);
-
- qdev = &br->dev.qdev;
- pci_bridge_map_irq(br, bus_name, map_irq);
- qdev_prop_set_uint8(qdev, "port", port);
- qdev_prop_set_uint8(qdev, "chassis", chassis);
- qdev_prop_set_uint16(qdev, "slot", slot);
- qdev_init_nofail(qdev);
-
- return DO_UPCAST(PCIESlot, port, DO_UPCAST(PCIEPort, br, br));
-}
-
-static const VMStateDescription vmstate_xio3130_downstream = {
- .name = "xio3130-express-downstream-port",
- .version_id = 1,
- .minimum_version_id = 1,
- .minimum_version_id_old = 1,
- .post_load = pcie_cap_slot_post_load,
- .fields = (VMStateField[]) {
- VMSTATE_PCIE_DEVICE(port.br.dev, PCIESlot),
- VMSTATE_STRUCT(port.br.dev.exp.aer_log, PCIESlot, 0,
- vmstate_pcie_aer_log, PCIEAERLog),
- VMSTATE_END_OF_LIST()
- }
-};
-
-static Property xio3130_downstream_properties[] = {
- DEFINE_PROP_UINT8("port", PCIESlot, port.port, 0),
- DEFINE_PROP_UINT8("chassis", PCIESlot, chassis, 0),
- DEFINE_PROP_UINT16("slot", PCIESlot, slot, 0),
- DEFINE_PROP_UINT16("aer_log_max", PCIESlot,
- port.br.dev.exp.aer_log.log_max,
- PCIE_AER_LOG_MAX_DEFAULT),
- DEFINE_PROP_END_OF_LIST(),
-};
-
-static void xio3130_downstream_class_init(ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS(klass);
- PCIDeviceClass *k = PCI_DEVICE_CLASS(klass);
-
- k->is_express = 1;
- k->is_bridge = 1;
- k->config_write = xio3130_downstream_write_config;
- k->init = xio3130_downstream_initfn;
- k->exit = xio3130_downstream_exitfn;
- k->vendor_id = PCI_VENDOR_ID_TI;
- k->device_id = PCI_DEVICE_ID_TI_XIO3130D;
- k->revision = XIO3130_REVISION;
- dc->desc = "TI X3130 Downstream Port of PCI Express Switch";
- dc->reset = xio3130_downstream_reset;
- dc->vmsd = &vmstate_xio3130_downstream;
- dc->props = xio3130_downstream_properties;
-}
-
-static TypeInfo xio3130_downstream_info = {
- .name = "xio3130-downstream",
- .parent = TYPE_PCI_DEVICE,
- .instance_size = sizeof(PCIESlot),
- .class_init = xio3130_downstream_class_init,
-};
-
-static void xio3130_downstream_register_types(void)
-{
- type_register_static(&xio3130_downstream_info);
-}
-
-type_init(xio3130_downstream_register_types)
-
-/*
- * Local variables:
- * c-indent-level: 4
- * c-basic-offset: 4
- * tab-width: 8
- * indent-tab-mode: nil
- * End:
- */
diff --git a/hw/xio3130_downstream.h b/hw/xio3130_downstream.h
deleted file mode 100644
index 010487f2d..000000000
--- a/hw/xio3130_downstream.h
+++ /dev/null
@@ -1,11 +0,0 @@
-#ifndef QEMU_XIO3130_DOWNSTREAM_H
-#define QEMU_XIO3130_DOWNSTREAM_H
-
-#include "pcie_port.h"
-
-PCIESlot *xio3130_downstream_init(PCIBus *bus, int devfn, bool multifunction,
- const char *bus_name, pci_map_irq_fn map_irq,
- uint8_t port, uint8_t chassis,
- uint16_t slot);
-
-#endif /* QEMU_XIO3130_DOWNSTREAM_H */
diff --git a/hw/xio3130_upstream.c b/hw/xio3130_upstream.c
deleted file mode 100644
index d46b86c74..000000000
--- a/hw/xio3130_upstream.c
+++ /dev/null
@@ -1,192 +0,0 @@
-/*
- * xio3130_upstream.c
- * TI X3130 pci express upstream port switch
- *
- * Copyright (c) 2010 Isaku Yamahata <yamahata at valinux co jp>
- * VA Linux Systems Japan K.K.
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, see <http://www.gnu.org/licenses/>.
- */
-
-#include "pci_ids.h"
-#include "msi.h"
-#include "pcie.h"
-#include "xio3130_upstream.h"
-
-#define PCI_DEVICE_ID_TI_XIO3130U 0x8232 /* upstream port */
-#define XIO3130_REVISION 0x2
-#define XIO3130_MSI_OFFSET 0x70
-#define XIO3130_MSI_SUPPORTED_FLAGS PCI_MSI_FLAGS_64BIT
-#define XIO3130_MSI_NR_VECTOR 1
-#define XIO3130_SSVID_OFFSET 0x80
-#define XIO3130_SSVID_SVID 0
-#define XIO3130_SSVID_SSID 0
-#define XIO3130_EXP_OFFSET 0x90
-#define XIO3130_AER_OFFSET 0x100
-
-static void xio3130_upstream_write_config(PCIDevice *d, uint32_t address,
- uint32_t val, int len)
-{
- pci_bridge_write_config(d, address, val, len);
- pcie_cap_flr_write_config(d, address, val, len);
- pcie_aer_write_config(d, address, val, len);
-}
-
-static void xio3130_upstream_reset(DeviceState *qdev)
-{
- PCIDevice *d = PCI_DEVICE(qdev);
-
- pci_bridge_reset(qdev);
- pcie_cap_deverr_reset(d);
-}
-
-static int xio3130_upstream_initfn(PCIDevice *d)
-{
- PCIBridge* br = DO_UPCAST(PCIBridge, dev, d);
- PCIEPort *p = DO_UPCAST(PCIEPort, br, br);
- int rc;
-
- rc = pci_bridge_initfn(d);
- if (rc < 0) {
- return rc;
- }
-
- pcie_port_init_reg(d);
-
- rc = msi_init(d, XIO3130_MSI_OFFSET, XIO3130_MSI_NR_VECTOR,
- XIO3130_MSI_SUPPORTED_FLAGS & PCI_MSI_FLAGS_64BIT,
- XIO3130_MSI_SUPPORTED_FLAGS & PCI_MSI_FLAGS_MASKBIT);
- if (rc < 0) {
- goto err_bridge;
- }
- rc = pci_bridge_ssvid_init(d, XIO3130_SSVID_OFFSET,
- XIO3130_SSVID_SVID, XIO3130_SSVID_SSID);
- if (rc < 0) {
- goto err_bridge;
- }
- rc = pcie_cap_init(d, XIO3130_EXP_OFFSET, PCI_EXP_TYPE_UPSTREAM,
- p->port);
- if (rc < 0) {
- goto err_msi;
- }
- pcie_cap_flr_init(d);
- pcie_cap_deverr_init(d);
- rc = pcie_aer_init(d, XIO3130_AER_OFFSET);
- if (rc < 0) {
- goto err;
- }
-
- return 0;
-
-err:
- pcie_cap_exit(d);
-err_msi:
- msi_uninit(d);
-err_bridge:
- pci_bridge_exitfn(d);
- return rc;
-}
-
-static void xio3130_upstream_exitfn(PCIDevice *d)
-{
- pcie_aer_exit(d);
- pcie_cap_exit(d);
- msi_uninit(d);
- pci_bridge_exitfn(d);
-}
-
-PCIEPort *xio3130_upstream_init(PCIBus *bus, int devfn, bool multifunction,
- const char *bus_name, pci_map_irq_fn map_irq,
- uint8_t port)
-{
- PCIDevice *d;
- PCIBridge *br;
- DeviceState *qdev;
-
- d = pci_create_multifunction(bus, devfn, multifunction, "x3130-upstream");
- if (!d) {
- return NULL;
- }
- br = DO_UPCAST(PCIBridge, dev, d);
-
- qdev = &br->dev.qdev;
- pci_bridge_map_irq(br, bus_name, map_irq);
- qdev_prop_set_uint8(qdev, "port", port);
- qdev_init_nofail(qdev);
-
- return DO_UPCAST(PCIEPort, br, br);
-}
-
-static const VMStateDescription vmstate_xio3130_upstream = {
- .name = "xio3130-express-upstream-port",
- .version_id = 1,
- .minimum_version_id = 1,
- .minimum_version_id_old = 1,
- .fields = (VMStateField[]) {
- VMSTATE_PCIE_DEVICE(br.dev, PCIEPort),
- VMSTATE_STRUCT(br.dev.exp.aer_log, PCIEPort, 0, vmstate_pcie_aer_log,
- PCIEAERLog),
- VMSTATE_END_OF_LIST()
- }
-};
-
-static Property xio3130_upstream_properties[] = {
- DEFINE_PROP_UINT8("port", PCIEPort, port, 0),
- DEFINE_PROP_UINT16("aer_log_max", PCIEPort, br.dev.exp.aer_log.log_max,
- PCIE_AER_LOG_MAX_DEFAULT),
- DEFINE_PROP_END_OF_LIST(),
-};
-
-static void xio3130_upstream_class_init(ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS(klass);
- PCIDeviceClass *k = PCI_DEVICE_CLASS(klass);
-
- k->is_express = 1;
- k->is_bridge = 1;
- k->config_write = xio3130_upstream_write_config;
- k->init = xio3130_upstream_initfn;
- k->exit = xio3130_upstream_exitfn;
- k->vendor_id = PCI_VENDOR_ID_TI;
- k->device_id = PCI_DEVICE_ID_TI_XIO3130U;
- k->revision = XIO3130_REVISION;
- dc->desc = "TI X3130 Upstream Port of PCI Express Switch";
- dc->reset = xio3130_upstream_reset;
- dc->vmsd = &vmstate_xio3130_upstream;
- dc->props = xio3130_upstream_properties;
-}
-
-static TypeInfo xio3130_upstream_info = {
- .name = "x3130-upstream",
- .parent = TYPE_PCI_DEVICE,
- .instance_size = sizeof(PCIEPort),
- .class_init = xio3130_upstream_class_init,
-};
-
-static void xio3130_upstream_register_types(void)
-{
- type_register_static(&xio3130_upstream_info);
-}
-
-type_init(xio3130_upstream_register_types)
-
-
-/*
- * Local variables:
- * c-indent-level: 4
- * c-basic-offset: 4
- * tab-width: 8
- * indent-tab-mode: nil
- * End:
- */
diff --git a/hw/xio3130_upstream.h b/hw/xio3130_upstream.h
deleted file mode 100644
index e9969975f..000000000
--- a/hw/xio3130_upstream.h
+++ /dev/null
@@ -1,10 +0,0 @@
-#ifndef QEMU_XIO3130_UPSTREAM_H
-#define QEMU_XIO3130_UPSTREAM_H
-
-#include "pcie_port.h"
-
-PCIEPort *xio3130_upstream_init(PCIBus *bus, int devfn, bool multifunction,
- const char *bus_name, pci_map_irq_fn map_irq,
- uint8_t port);
-
-#endif /* QEMU_XIO3130_H */
diff --git a/hw/xtensa/Makefile.objs b/hw/xtensa/Makefile.objs
index 79698e903..6ead7820c 100644
--- a/hw/xtensa/Makefile.objs
+++ b/hw/xtensa/Makefile.objs
@@ -1,5 +1,3 @@
-obj-y += xtensa_pic.o
+obj-y += pic_cpu.o
obj-y += xtensa_sim.o
obj-y += xtensa_lx60.o
-
-obj-y := $(addprefix ../,$(obj-y))
diff --git a/hw/xtensa/pic_cpu.c b/hw/xtensa/pic_cpu.c
new file mode 100644
index 000000000..7f015ff5a
--- /dev/null
+++ b/hw/xtensa/pic_cpu.c
@@ -0,0 +1,166 @@
+/*
+ * Copyright (c) 2011, Max Filippov, Open Source and Linux Lab.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * * Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * * Neither the name of the Open Source and Linux Lab nor the
+ * names of its contributors may be used to endorse or promote products
+ * derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "hw/hw.h"
+#include "qemu/log.h"
+#include "qemu/timer.h"
+
+void xtensa_advance_ccount(CPUXtensaState *env, uint32_t d)
+{
+ uint32_t old_ccount = env->sregs[CCOUNT];
+
+ env->sregs[CCOUNT] += d;
+
+ if (xtensa_option_enabled(env->config, XTENSA_OPTION_TIMER_INTERRUPT)) {
+ int i;
+ for (i = 0; i < env->config->nccompare; ++i) {
+ if (env->sregs[CCOMPARE + i] - old_ccount <= d) {
+ xtensa_timer_irq(env, i, 1);
+ }
+ }
+ }
+}
+
+void check_interrupts(CPUXtensaState *env)
+{
+ CPUState *cs = CPU(xtensa_env_get_cpu(env));
+ int minlevel = xtensa_get_cintlevel(env);
+ uint32_t int_set_enabled = env->sregs[INTSET] & env->sregs[INTENABLE];
+ int level;
+
+ /* If the CPU is halted advance CCOUNT according to the vm_clock time
+ * elapsed since the moment when it was advanced last time.
+ */
+ if (cs->halted) {
+ int64_t now = qemu_get_clock_ns(vm_clock);
+
+ xtensa_advance_ccount(env,
+ muldiv64(now - env->halt_clock,
+ env->config->clock_freq_khz, 1000000));
+ env->halt_clock = now;
+ }
+ for (level = env->config->nlevel; level > minlevel; --level) {
+ if (env->config->level_mask[level] & int_set_enabled) {
+ env->pending_irq_level = level;
+ cpu_interrupt(cs, CPU_INTERRUPT_HARD);
+ qemu_log_mask(CPU_LOG_INT,
+ "%s level = %d, cintlevel = %d, "
+ "pc = %08x, a0 = %08x, ps = %08x, "
+ "intset = %08x, intenable = %08x, "
+ "ccount = %08x\n",
+ __func__, level, xtensa_get_cintlevel(env),
+ env->pc, env->regs[0], env->sregs[PS],
+ env->sregs[INTSET], env->sregs[INTENABLE],
+ env->sregs[CCOUNT]);
+ return;
+ }
+ }
+ env->pending_irq_level = 0;
+ cpu_reset_interrupt(cs, CPU_INTERRUPT_HARD);
+}
+
+static void xtensa_set_irq(void *opaque, int irq, int active)
+{
+ CPUXtensaState *env = opaque;
+
+ if (irq >= env->config->ninterrupt) {
+ qemu_log("%s: bad IRQ %d\n", __func__, irq);
+ } else {
+ uint32_t irq_bit = 1 << irq;
+
+ if (active) {
+ env->sregs[INTSET] |= irq_bit;
+ } else if (env->config->interrupt[irq].inttype == INTTYPE_LEVEL) {
+ env->sregs[INTSET] &= ~irq_bit;
+ }
+
+ check_interrupts(env);
+ }
+}
+
+void xtensa_timer_irq(CPUXtensaState *env, uint32_t id, uint32_t active)
+{
+ qemu_set_irq(env->irq_inputs[env->config->timerint[id]], active);
+}
+
+void xtensa_rearm_ccompare_timer(CPUXtensaState *env)
+{
+ int i;
+ uint32_t wake_ccount = env->sregs[CCOUNT] - 1;
+
+ for (i = 0; i < env->config->nccompare; ++i) {
+ if (env->sregs[CCOMPARE + i] - env->sregs[CCOUNT] <
+ wake_ccount - env->sregs[CCOUNT]) {
+ wake_ccount = env->sregs[CCOMPARE + i];
+ }
+ }
+ env->wake_ccount = wake_ccount;
+ qemu_mod_timer(env->ccompare_timer, env->halt_clock +
+ muldiv64(wake_ccount - env->sregs[CCOUNT],
+ 1000000, env->config->clock_freq_khz));
+}
+
+static void xtensa_ccompare_cb(void *opaque)
+{
+ XtensaCPU *cpu = opaque;
+ CPUXtensaState *env = &cpu->env;
+ CPUState *cs = CPU(cpu);
+
+ if (cs->halted) {
+ env->halt_clock = qemu_get_clock_ns(vm_clock);
+ xtensa_advance_ccount(env, env->wake_ccount - env->sregs[CCOUNT]);
+ if (!cpu_has_work(cs)) {
+ env->sregs[CCOUNT] = env->wake_ccount + 1;
+ xtensa_rearm_ccompare_timer(env);
+ }
+ }
+}
+
+void xtensa_irq_init(CPUXtensaState *env)
+{
+ XtensaCPU *cpu = xtensa_env_get_cpu(env);
+
+ env->irq_inputs = (void **)qemu_allocate_irqs(
+ xtensa_set_irq, env, env->config->ninterrupt);
+ if (xtensa_option_enabled(env->config, XTENSA_OPTION_TIMER_INTERRUPT) &&
+ env->config->nccompare > 0) {
+ env->ccompare_timer =
+ qemu_new_timer_ns(vm_clock, &xtensa_ccompare_cb, cpu);
+ }
+}
+
+void *xtensa_get_extint(CPUXtensaState *env, unsigned extint)
+{
+ if (extint < env->config->nextint) {
+ unsigned irq = env->config->extint[extint];
+ return env->irq_inputs[irq];
+ } else {
+ qemu_log("%s: trying to acquire invalid external interrupt %d\n",
+ __func__, extint);
+ return NULL;
+ }
+}
diff --git a/hw/xtensa_bootparam.h b/hw/xtensa/xtensa_bootparam.h
index 38ef32bdb..38ef32bdb 100644
--- a/hw/xtensa_bootparam.h
+++ b/hw/xtensa/xtensa_bootparam.h
diff --git a/hw/xtensa/xtensa_lx60.c b/hw/xtensa/xtensa_lx60.c
new file mode 100644
index 000000000..1138666ca
--- /dev/null
+++ b/hw/xtensa/xtensa_lx60.c
@@ -0,0 +1,317 @@
+/*
+ * Copyright (c) 2011, Max Filippov, Open Source and Linux Lab.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * * Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * * Neither the name of the Open Source and Linux Lab nor the
+ * names of its contributors may be used to endorse or promote products
+ * derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "sysemu/sysemu.h"
+#include "hw/boards.h"
+#include "hw/loader.h"
+#include "elf.h"
+#include "exec/memory.h"
+#include "exec/address-spaces.h"
+#include "hw/char/serial.h"
+#include "net/net.h"
+#include "hw/sysbus.h"
+#include "hw/block/flash.h"
+#include "sysemu/blockdev.h"
+#include "sysemu/char.h"
+#include "xtensa_bootparam.h"
+
+typedef struct LxBoardDesc {
+ size_t flash_size;
+ size_t flash_sector_size;
+ size_t sram_size;
+} LxBoardDesc;
+
+typedef struct Lx60FpgaState {
+ MemoryRegion iomem;
+ uint32_t leds;
+ uint32_t switches;
+} Lx60FpgaState;
+
+static void lx60_fpga_reset(void *opaque)
+{
+ Lx60FpgaState *s = opaque;
+
+ s->leds = 0;
+ s->switches = 0;
+}
+
+static uint64_t lx60_fpga_read(void *opaque, hwaddr addr,
+ unsigned size)
+{
+ Lx60FpgaState *s = opaque;
+
+ switch (addr) {
+ case 0x0: /*build date code*/
+ return 0x09272011;
+
+ case 0x4: /*processor clock frequency, Hz*/
+ return 10000000;
+
+ case 0x8: /*LEDs (off = 0, on = 1)*/
+ return s->leds;
+
+ case 0xc: /*DIP switches (off = 0, on = 1)*/
+ return s->switches;
+ }
+ return 0;
+}
+
+static void lx60_fpga_write(void *opaque, hwaddr addr,
+ uint64_t val, unsigned size)
+{
+ Lx60FpgaState *s = opaque;
+
+ switch (addr) {
+ case 0x8: /*LEDs (off = 0, on = 1)*/
+ s->leds = val;
+ break;
+
+ case 0x10: /*board reset*/
+ if (val == 0xdead) {
+ qemu_system_reset_request();
+ }
+ break;
+ }
+}
+
+static const MemoryRegionOps lx60_fpga_ops = {
+ .read = lx60_fpga_read,
+ .write = lx60_fpga_write,
+ .endianness = DEVICE_NATIVE_ENDIAN,
+};
+
+static Lx60FpgaState *lx60_fpga_init(MemoryRegion *address_space,
+ hwaddr base)
+{
+ Lx60FpgaState *s = g_malloc(sizeof(Lx60FpgaState));
+
+ memory_region_init_io(&s->iomem, NULL, &lx60_fpga_ops, s,
+ "lx60.fpga", 0x10000);
+ memory_region_add_subregion(address_space, base, &s->iomem);
+ lx60_fpga_reset(s);
+ qemu_register_reset(lx60_fpga_reset, s);
+ return s;
+}
+
+static void lx60_net_init(MemoryRegion *address_space,
+ hwaddr base,
+ hwaddr descriptors,
+ hwaddr buffers,
+ qemu_irq irq, NICInfo *nd)
+{
+ DeviceState *dev;
+ SysBusDevice *s;
+ MemoryRegion *ram;
+
+ dev = qdev_create(NULL, "open_eth");
+ qdev_set_nic_properties(dev, nd);
+ qdev_init_nofail(dev);
+
+ s = SYS_BUS_DEVICE(dev);
+ sysbus_connect_irq(s, 0, irq);
+ memory_region_add_subregion(address_space, base,
+ sysbus_mmio_get_region(s, 0));
+ memory_region_add_subregion(address_space, descriptors,
+ sysbus_mmio_get_region(s, 1));
+
+ ram = g_malloc(sizeof(*ram));
+ memory_region_init_ram(ram, OBJECT(s), "open_eth.ram", 16384);
+ vmstate_register_ram_global(ram);
+ memory_region_add_subregion(address_space, buffers, ram);
+}
+
+static uint64_t translate_phys_addr(void *opaque, uint64_t addr)
+{
+ XtensaCPU *cpu = opaque;
+
+ return cpu_get_phys_page_debug(CPU(cpu), addr);
+}
+
+static void lx60_reset(void *opaque)
+{
+ XtensaCPU *cpu = opaque;
+
+ cpu_reset(CPU(cpu));
+}
+
+static void lx_init(const LxBoardDesc *board, QEMUMachineInitArgs *args)
+{
+#ifdef TARGET_WORDS_BIGENDIAN
+ int be = 1;
+#else
+ int be = 0;
+#endif
+ MemoryRegion *system_memory = get_system_memory();
+ XtensaCPU *cpu = NULL;
+ CPUXtensaState *env = NULL;
+ MemoryRegion *ram, *rom, *system_io;
+ DriveInfo *dinfo;
+ pflash_t *flash = NULL;
+ const char *cpu_model = args->cpu_model;
+ const char *kernel_filename = args->kernel_filename;
+ const char *kernel_cmdline = args->kernel_cmdline;
+ int n;
+
+ if (!cpu_model) {
+ cpu_model = XTENSA_DEFAULT_CPU_MODEL;
+ }
+
+ for (n = 0; n < smp_cpus; n++) {
+ cpu = cpu_xtensa_init(cpu_model);
+ if (cpu == NULL) {
+ fprintf(stderr, "Unable to find CPU definition\n");
+ exit(1);
+ }
+ env = &cpu->env;
+
+ env->sregs[PRID] = n;
+ qemu_register_reset(lx60_reset, cpu);
+ /* Need MMU initialized prior to ELF loading,
+ * so that ELF gets loaded into virtual addresses
+ */
+ cpu_reset(CPU(cpu));
+ }
+
+ ram = g_malloc(sizeof(*ram));
+ memory_region_init_ram(ram, NULL, "lx60.dram", args->ram_size);
+ vmstate_register_ram_global(ram);
+ memory_region_add_subregion(system_memory, 0, ram);
+
+ system_io = g_malloc(sizeof(*system_io));
+ memory_region_init(system_io, NULL, "lx60.io", 224 * 1024 * 1024);
+ memory_region_add_subregion(system_memory, 0xf0000000, system_io);
+ lx60_fpga_init(system_io, 0x0d020000);
+ if (nd_table[0].used) {
+ lx60_net_init(system_io, 0x0d030000, 0x0d030400, 0x0d800000,
+ xtensa_get_extint(env, 1), nd_table);
+ }
+
+ if (!serial_hds[0]) {
+ serial_hds[0] = qemu_chr_new("serial0", "null", NULL);
+ }
+
+ serial_mm_init(system_io, 0x0d050020, 2, xtensa_get_extint(env, 0),
+ 115200, serial_hds[0], DEVICE_NATIVE_ENDIAN);
+
+ dinfo = drive_get(IF_PFLASH, 0, 0);
+ if (dinfo) {
+ flash = pflash_cfi01_register(0xf8000000,
+ NULL, "lx60.io.flash", board->flash_size,
+ dinfo->bdrv, board->flash_sector_size,
+ board->flash_size / board->flash_sector_size,
+ 4, 0x0000, 0x0000, 0x0000, 0x0000, be);
+ if (flash == NULL) {
+ fprintf(stderr, "Unable to mount pflash\n");
+ exit(1);
+ }
+ }
+
+ /* Use presence of kernel file name as 'boot from SRAM' switch. */
+ if (kernel_filename) {
+ rom = g_malloc(sizeof(*rom));
+ memory_region_init_ram(rom, NULL, "lx60.sram", board->sram_size);
+ vmstate_register_ram_global(rom);
+ memory_region_add_subregion(system_memory, 0xfe000000, rom);
+
+ /* Put kernel bootparameters to the end of that SRAM */
+ if (kernel_cmdline) {
+ size_t cmdline_size = strlen(kernel_cmdline) + 1;
+ size_t bp_size = sizeof(BpTag[4]) + cmdline_size;
+ uint32_t tagptr = (0xfe000000 + board->sram_size - bp_size) & ~0xff;
+
+ env->regs[2] = tagptr;
+
+ tagptr = put_tag(tagptr, 0x7b0b, 0, NULL);
+ if (cmdline_size > 1) {
+ tagptr = put_tag(tagptr, 0x1001,
+ cmdline_size, kernel_cmdline);
+ }
+ tagptr = put_tag(tagptr, 0x7e0b, 0, NULL);
+ }
+ uint64_t elf_entry;
+ uint64_t elf_lowaddr;
+ int success = load_elf(kernel_filename, translate_phys_addr, cpu,
+ &elf_entry, &elf_lowaddr, NULL, be, ELF_MACHINE, 0);
+ if (success > 0) {
+ env->pc = elf_entry;
+ }
+ } else {
+ if (flash) {
+ MemoryRegion *flash_mr = pflash_cfi01_get_memory(flash);
+ MemoryRegion *flash_io = g_malloc(sizeof(*flash_io));
+
+ memory_region_init_alias(flash_io, NULL, "lx60.flash",
+ flash_mr, 0, board->flash_size);
+ memory_region_add_subregion(system_memory, 0xfe000000,
+ flash_io);
+ }
+ }
+}
+
+static void xtensa_lx60_init(QEMUMachineInitArgs *args)
+{
+ static const LxBoardDesc lx60_board = {
+ .flash_size = 0x400000,
+ .flash_sector_size = 0x10000,
+ .sram_size = 0x20000,
+ };
+ lx_init(&lx60_board, args);
+}
+
+static void xtensa_lx200_init(QEMUMachineInitArgs *args)
+{
+ static const LxBoardDesc lx200_board = {
+ .flash_size = 0x1000000,
+ .flash_sector_size = 0x20000,
+ .sram_size = 0x2000000,
+ };
+ lx_init(&lx200_board, args);
+}
+
+static QEMUMachine xtensa_lx60_machine = {
+ .name = "lx60",
+ .desc = "lx60 EVB (" XTENSA_DEFAULT_CPU_MODEL ")",
+ .init = xtensa_lx60_init,
+ .max_cpus = 4,
+ DEFAULT_MACHINE_OPTIONS,
+};
+
+static QEMUMachine xtensa_lx200_machine = {
+ .name = "lx200",
+ .desc = "lx200 EVB (" XTENSA_DEFAULT_CPU_MODEL ")",
+ .init = xtensa_lx200_init,
+ .max_cpus = 4,
+ DEFAULT_MACHINE_OPTIONS,
+};
+
+static void xtensa_lx_machines_init(void)
+{
+ qemu_register_machine(&xtensa_lx60_machine);
+ qemu_register_machine(&xtensa_lx200_machine);
+}
+
+machine_init(xtensa_lx_machines_init);
diff --git a/hw/xtensa/xtensa_sim.c b/hw/xtensa/xtensa_sim.c
new file mode 100644
index 000000000..ea91162b6
--- /dev/null
+++ b/hw/xtensa/xtensa_sim.c
@@ -0,0 +1,119 @@
+/*
+ * Copyright (c) 2011, Max Filippov, Open Source and Linux Lab.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * * Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * * Neither the name of the Open Source and Linux Lab nor the
+ * names of its contributors may be used to endorse or promote products
+ * derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "sysemu/sysemu.h"
+#include "hw/boards.h"
+#include "hw/loader.h"
+#include "elf.h"
+#include "exec/memory.h"
+#include "exec/address-spaces.h"
+
+static uint64_t translate_phys_addr(void *opaque, uint64_t addr)
+{
+ XtensaCPU *cpu = opaque;
+
+ return cpu_get_phys_page_debug(CPU(cpu), addr);
+}
+
+static void sim_reset(void *opaque)
+{
+ XtensaCPU *cpu = opaque;
+
+ cpu_reset(CPU(cpu));
+}
+
+static void xtensa_sim_init(QEMUMachineInitArgs *args)
+{
+ XtensaCPU *cpu = NULL;
+ CPUXtensaState *env = NULL;
+ MemoryRegion *ram, *rom;
+ ram_addr_t ram_size = args->ram_size;
+ const char *cpu_model = args->cpu_model;
+ const char *kernel_filename = args->kernel_filename;
+ int n;
+
+ if (!cpu_model) {
+ cpu_model = XTENSA_DEFAULT_CPU_MODEL;
+ }
+
+ for (n = 0; n < smp_cpus; n++) {
+ cpu = cpu_xtensa_init(cpu_model);
+ if (cpu == NULL) {
+ fprintf(stderr, "Unable to find CPU definition\n");
+ exit(1);
+ }
+ env = &cpu->env;
+
+ env->sregs[PRID] = n;
+ qemu_register_reset(sim_reset, cpu);
+ /* Need MMU initialized prior to ELF loading,
+ * so that ELF gets loaded into virtual addresses
+ */
+ sim_reset(cpu);
+ }
+
+ ram = g_malloc(sizeof(*ram));
+ memory_region_init_ram(ram, NULL, "xtensa.sram", ram_size);
+ vmstate_register_ram_global(ram);
+ memory_region_add_subregion(get_system_memory(), 0, ram);
+
+ rom = g_malloc(sizeof(*rom));
+ memory_region_init_ram(rom, NULL, "xtensa.rom", 0x1000);
+ vmstate_register_ram_global(rom);
+ memory_region_add_subregion(get_system_memory(), 0xfe000000, rom);
+
+ if (kernel_filename) {
+ uint64_t elf_entry;
+ uint64_t elf_lowaddr;
+#ifdef TARGET_WORDS_BIGENDIAN
+ int success = load_elf(kernel_filename, translate_phys_addr, cpu,
+ &elf_entry, &elf_lowaddr, NULL, 1, ELF_MACHINE, 0);
+#else
+ int success = load_elf(kernel_filename, translate_phys_addr, cpu,
+ &elf_entry, &elf_lowaddr, NULL, 0, ELF_MACHINE, 0);
+#endif
+ if (success > 0) {
+ env->pc = elf_entry;
+ }
+ }
+}
+
+static QEMUMachine xtensa_sim_machine = {
+ .name = "sim",
+ .desc = "sim machine (" XTENSA_DEFAULT_CPU_MODEL ")",
+ .is_default = true,
+ .init = xtensa_sim_init,
+ .max_cpus = 4,
+ DEFAULT_MACHINE_OPTIONS,
+};
+
+static void xtensa_sim_machine_init(void)
+{
+ qemu_register_machine(&xtensa_sim_machine);
+}
+
+machine_init(xtensa_sim_machine_init);
diff --git a/hw/xtensa_lx60.c b/hw/xtensa_lx60.c
deleted file mode 100644
index 4c42edc4e..000000000
--- a/hw/xtensa_lx60.c
+++ /dev/null
@@ -1,312 +0,0 @@
-/*
- * Copyright (c) 2011, Max Filippov, Open Source and Linux Lab.
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions are met:
- * * Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * * Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * * Neither the name of the Open Source and Linux Lab nor the
- * names of its contributors may be used to endorse or promote products
- * derived from this software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
- * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
- * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
- * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
- * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-#include "sysemu.h"
-#include "boards.h"
-#include "loader.h"
-#include "elf.h"
-#include "memory.h"
-#include "exec-memory.h"
-#include "serial.h"
-#include "net.h"
-#include "sysbus.h"
-#include "flash.h"
-#include "blockdev.h"
-#include "xtensa_bootparam.h"
-
-typedef struct LxBoardDesc {
- size_t flash_size;
- size_t flash_sector_size;
- size_t sram_size;
-} LxBoardDesc;
-
-typedef struct Lx60FpgaState {
- MemoryRegion iomem;
- uint32_t leds;
- uint32_t switches;
-} Lx60FpgaState;
-
-static void lx60_fpga_reset(void *opaque)
-{
- Lx60FpgaState *s = opaque;
-
- s->leds = 0;
- s->switches = 0;
-}
-
-static uint64_t lx60_fpga_read(void *opaque, hwaddr addr,
- unsigned size)
-{
- Lx60FpgaState *s = opaque;
-
- switch (addr) {
- case 0x0: /*build date code*/
- return 0x09272011;
-
- case 0x4: /*processor clock frequency, Hz*/
- return 10000000;
-
- case 0x8: /*LEDs (off = 0, on = 1)*/
- return s->leds;
-
- case 0xc: /*DIP switches (off = 0, on = 1)*/
- return s->switches;
- }
- return 0;
-}
-
-static void lx60_fpga_write(void *opaque, hwaddr addr,
- uint64_t val, unsigned size)
-{
- Lx60FpgaState *s = opaque;
-
- switch (addr) {
- case 0x8: /*LEDs (off = 0, on = 1)*/
- s->leds = val;
- break;
-
- case 0x10: /*board reset*/
- if (val == 0xdead) {
- qemu_system_reset_request();
- }
- break;
- }
-}
-
-static const MemoryRegionOps lx60_fpga_ops = {
- .read = lx60_fpga_read,
- .write = lx60_fpga_write,
- .endianness = DEVICE_NATIVE_ENDIAN,
-};
-
-static Lx60FpgaState *lx60_fpga_init(MemoryRegion *address_space,
- hwaddr base)
-{
- Lx60FpgaState *s = g_malloc(sizeof(Lx60FpgaState));
-
- memory_region_init_io(&s->iomem, &lx60_fpga_ops, s,
- "lx60.fpga", 0x10000);
- memory_region_add_subregion(address_space, base, &s->iomem);
- lx60_fpga_reset(s);
- qemu_register_reset(lx60_fpga_reset, s);
- return s;
-}
-
-static void lx60_net_init(MemoryRegion *address_space,
- hwaddr base,
- hwaddr descriptors,
- hwaddr buffers,
- qemu_irq irq, NICInfo *nd)
-{
- DeviceState *dev;
- SysBusDevice *s;
- MemoryRegion *ram;
-
- dev = qdev_create(NULL, "open_eth");
- qdev_set_nic_properties(dev, nd);
- qdev_init_nofail(dev);
-
- s = sysbus_from_qdev(dev);
- sysbus_connect_irq(s, 0, irq);
- memory_region_add_subregion(address_space, base,
- sysbus_mmio_get_region(s, 0));
- memory_region_add_subregion(address_space, descriptors,
- sysbus_mmio_get_region(s, 1));
-
- ram = g_malloc(sizeof(*ram));
- memory_region_init_ram(ram, "open_eth.ram", 16384);
- vmstate_register_ram_global(ram);
- memory_region_add_subregion(address_space, buffers, ram);
-}
-
-static uint64_t translate_phys_addr(void *env, uint64_t addr)
-{
- return cpu_get_phys_page_debug(env, addr);
-}
-
-static void lx60_reset(void *opaque)
-{
- XtensaCPU *cpu = opaque;
-
- cpu_reset(CPU(cpu));
-}
-
-static void lx_init(const LxBoardDesc *board, QEMUMachineInitArgs *args)
-{
-#ifdef TARGET_WORDS_BIGENDIAN
- int be = 1;
-#else
- int be = 0;
-#endif
- MemoryRegion *system_memory = get_system_memory();
- XtensaCPU *cpu = NULL;
- CPUXtensaState *env = NULL;
- MemoryRegion *ram, *rom, *system_io;
- DriveInfo *dinfo;
- pflash_t *flash = NULL;
- const char *cpu_model = args->cpu_model;
- const char *kernel_filename = args->kernel_filename;
- const char *kernel_cmdline = args->kernel_cmdline;
- int n;
-
- if (!cpu_model) {
- cpu_model = XTENSA_DEFAULT_CPU_MODEL;
- }
-
- for (n = 0; n < smp_cpus; n++) {
- cpu = cpu_xtensa_init(cpu_model);
- if (cpu == NULL) {
- fprintf(stderr, "Unable to find CPU definition\n");
- exit(1);
- }
- env = &cpu->env;
-
- env->sregs[PRID] = n;
- qemu_register_reset(lx60_reset, cpu);
- /* Need MMU initialized prior to ELF loading,
- * so that ELF gets loaded into virtual addresses
- */
- cpu_reset(CPU(cpu));
- }
-
- ram = g_malloc(sizeof(*ram));
- memory_region_init_ram(ram, "lx60.dram", args->ram_size);
- vmstate_register_ram_global(ram);
- memory_region_add_subregion(system_memory, 0, ram);
-
- system_io = g_malloc(sizeof(*system_io));
- memory_region_init(system_io, "lx60.io", 224 * 1024 * 1024);
- memory_region_add_subregion(system_memory, 0xf0000000, system_io);
- lx60_fpga_init(system_io, 0x0d020000);
- if (nd_table[0].used) {
- lx60_net_init(system_io, 0x0d030000, 0x0d030400, 0x0d800000,
- xtensa_get_extint(env, 1), nd_table);
- }
-
- if (!serial_hds[0]) {
- serial_hds[0] = qemu_chr_new("serial0", "null", NULL);
- }
-
- serial_mm_init(system_io, 0x0d050020, 2, xtensa_get_extint(env, 0),
- 115200, serial_hds[0], DEVICE_NATIVE_ENDIAN);
-
- dinfo = drive_get(IF_PFLASH, 0, 0);
- if (dinfo) {
- flash = pflash_cfi01_register(0xf8000000,
- NULL, "lx60.io.flash", board->flash_size,
- dinfo->bdrv, board->flash_sector_size,
- board->flash_size / board->flash_sector_size,
- 4, 0x0000, 0x0000, 0x0000, 0x0000, be);
- if (flash == NULL) {
- fprintf(stderr, "Unable to mount pflash\n");
- exit(1);
- }
- }
-
- /* Use presence of kernel file name as 'boot from SRAM' switch. */
- if (kernel_filename) {
- rom = g_malloc(sizeof(*rom));
- memory_region_init_ram(rom, "lx60.sram", board->sram_size);
- vmstate_register_ram_global(rom);
- memory_region_add_subregion(system_memory, 0xfe000000, rom);
-
- /* Put kernel bootparameters to the end of that SRAM */
- if (kernel_cmdline) {
- size_t cmdline_size = strlen(kernel_cmdline) + 1;
- size_t bp_size = sizeof(BpTag[4]) + cmdline_size;
- uint32_t tagptr = (0xfe000000 + board->sram_size - bp_size) & ~0xff;
-
- env->regs[2] = tagptr;
-
- tagptr = put_tag(tagptr, 0x7b0b, 0, NULL);
- if (cmdline_size > 1) {
- tagptr = put_tag(tagptr, 0x1001,
- cmdline_size, kernel_cmdline);
- }
- tagptr = put_tag(tagptr, 0x7e0b, 0, NULL);
- }
- uint64_t elf_entry;
- uint64_t elf_lowaddr;
- int success = load_elf(kernel_filename, translate_phys_addr, env,
- &elf_entry, &elf_lowaddr, NULL, be, ELF_MACHINE, 0);
- if (success > 0) {
- env->pc = elf_entry;
- }
- } else {
- if (flash) {
- MemoryRegion *flash_mr = pflash_cfi01_get_memory(flash);
- MemoryRegion *flash_io = g_malloc(sizeof(*flash_io));
-
- memory_region_init_alias(flash_io, "lx60.flash",
- flash_mr, 0, board->flash_size);
- memory_region_add_subregion(system_memory, 0xfe000000,
- flash_io);
- }
- }
-}
-
-static void xtensa_lx60_init(QEMUMachineInitArgs *args)
-{
- static const LxBoardDesc lx60_board = {
- .flash_size = 0x400000,
- .flash_sector_size = 0x10000,
- .sram_size = 0x20000,
- };
- lx_init(&lx60_board, args);
-}
-
-static void xtensa_lx200_init(QEMUMachineInitArgs *args)
-{
- static const LxBoardDesc lx200_board = {
- .flash_size = 0x1000000,
- .flash_sector_size = 0x20000,
- .sram_size = 0x2000000,
- };
- lx_init(&lx200_board, args);
-}
-
-static QEMUMachine xtensa_lx60_machine = {
- .name = "lx60",
- .desc = "lx60 EVB (" XTENSA_DEFAULT_CPU_MODEL ")",
- .init = xtensa_lx60_init,
- .max_cpus = 4,
-};
-
-static QEMUMachine xtensa_lx200_machine = {
- .name = "lx200",
- .desc = "lx200 EVB (" XTENSA_DEFAULT_CPU_MODEL ")",
- .init = xtensa_lx200_init,
- .max_cpus = 4,
-};
-
-static void xtensa_lx_machines_init(void)
-{
- qemu_register_machine(&xtensa_lx60_machine);
- qemu_register_machine(&xtensa_lx200_machine);
-}
-
-machine_init(xtensa_lx_machines_init);
diff --git a/hw/xtensa_pic.c b/hw/xtensa_pic.c
deleted file mode 100644
index 1ec70cd96..000000000
--- a/hw/xtensa_pic.c
+++ /dev/null
@@ -1,164 +0,0 @@
-/*
- * Copyright (c) 2011, Max Filippov, Open Source and Linux Lab.
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions are met:
- * * Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * * Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * * Neither the name of the Open Source and Linux Lab nor the
- * names of its contributors may be used to endorse or promote products
- * derived from this software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
- * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
- * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
- * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
- * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-#include "hw.h"
-#include "qemu-log.h"
-#include "qemu-timer.h"
-
-void xtensa_advance_ccount(CPUXtensaState *env, uint32_t d)
-{
- uint32_t old_ccount = env->sregs[CCOUNT];
-
- env->sregs[CCOUNT] += d;
-
- if (xtensa_option_enabled(env->config, XTENSA_OPTION_TIMER_INTERRUPT)) {
- int i;
- for (i = 0; i < env->config->nccompare; ++i) {
- if (env->sregs[CCOMPARE + i] - old_ccount <= d) {
- xtensa_timer_irq(env, i, 1);
- }
- }
- }
-}
-
-void check_interrupts(CPUXtensaState *env)
-{
- int minlevel = xtensa_get_cintlevel(env);
- uint32_t int_set_enabled = env->sregs[INTSET] & env->sregs[INTENABLE];
- int level;
-
- /* If the CPU is halted advance CCOUNT according to the vm_clock time
- * elapsed since the moment when it was advanced last time.
- */
- if (env->halted) {
- int64_t now = qemu_get_clock_ns(vm_clock);
-
- xtensa_advance_ccount(env,
- muldiv64(now - env->halt_clock,
- env->config->clock_freq_khz, 1000000));
- env->halt_clock = now;
- }
- for (level = env->config->nlevel; level > minlevel; --level) {
- if (env->config->level_mask[level] & int_set_enabled) {
- env->pending_irq_level = level;
- cpu_interrupt(env, CPU_INTERRUPT_HARD);
- qemu_log_mask(CPU_LOG_INT,
- "%s level = %d, cintlevel = %d, "
- "pc = %08x, a0 = %08x, ps = %08x, "
- "intset = %08x, intenable = %08x, "
- "ccount = %08x\n",
- __func__, level, xtensa_get_cintlevel(env),
- env->pc, env->regs[0], env->sregs[PS],
- env->sregs[INTSET], env->sregs[INTENABLE],
- env->sregs[CCOUNT]);
- return;
- }
- }
- env->pending_irq_level = 0;
- cpu_reset_interrupt(env, CPU_INTERRUPT_HARD);
-}
-
-static void xtensa_set_irq(void *opaque, int irq, int active)
-{
- CPUXtensaState *env = opaque;
-
- if (irq >= env->config->ninterrupt) {
- qemu_log("%s: bad IRQ %d\n", __func__, irq);
- } else {
- uint32_t irq_bit = 1 << irq;
-
- if (active) {
- env->sregs[INTSET] |= irq_bit;
- } else if (env->config->interrupt[irq].inttype == INTTYPE_LEVEL) {
- env->sregs[INTSET] &= ~irq_bit;
- }
-
- check_interrupts(env);
- }
-}
-
-void xtensa_timer_irq(CPUXtensaState *env, uint32_t id, uint32_t active)
-{
- qemu_set_irq(env->irq_inputs[env->config->timerint[id]], active);
-}
-
-void xtensa_rearm_ccompare_timer(CPUXtensaState *env)
-{
- int i;
- uint32_t wake_ccount = env->sregs[CCOUNT] - 1;
-
- for (i = 0; i < env->config->nccompare; ++i) {
- if (env->sregs[CCOMPARE + i] - env->sregs[CCOUNT] <
- wake_ccount - env->sregs[CCOUNT]) {
- wake_ccount = env->sregs[CCOMPARE + i];
- }
- }
- env->wake_ccount = wake_ccount;
- qemu_mod_timer(env->ccompare_timer, env->halt_clock +
- muldiv64(wake_ccount - env->sregs[CCOUNT],
- 1000000, env->config->clock_freq_khz));
-}
-
-static void xtensa_ccompare_cb(void *opaque)
-{
- XtensaCPU *cpu = opaque;
- CPUXtensaState *env = &cpu->env;
-
- if (env->halted) {
- env->halt_clock = qemu_get_clock_ns(vm_clock);
- xtensa_advance_ccount(env, env->wake_ccount - env->sregs[CCOUNT]);
- if (!cpu_has_work(CPU(cpu))) {
- env->sregs[CCOUNT] = env->wake_ccount + 1;
- xtensa_rearm_ccompare_timer(env);
- }
- }
-}
-
-void xtensa_irq_init(CPUXtensaState *env)
-{
- XtensaCPU *cpu = xtensa_env_get_cpu(env);
-
- env->irq_inputs = (void **)qemu_allocate_irqs(
- xtensa_set_irq, env, env->config->ninterrupt);
- if (xtensa_option_enabled(env->config, XTENSA_OPTION_TIMER_INTERRUPT) &&
- env->config->nccompare > 0) {
- env->ccompare_timer =
- qemu_new_timer_ns(vm_clock, &xtensa_ccompare_cb, cpu);
- }
-}
-
-void *xtensa_get_extint(CPUXtensaState *env, unsigned extint)
-{
- if (extint < env->config->nextint) {
- unsigned irq = env->config->extint[extint];
- return env->irq_inputs[irq];
- } else {
- qemu_log("%s: trying to acquire invalid external interrupt %d\n",
- __func__, extint);
- return NULL;
- }
-}
diff --git a/hw/xtensa_sim.c b/hw/xtensa_sim.c
deleted file mode 100644
index 0d633e472..000000000
--- a/hw/xtensa_sim.c
+++ /dev/null
@@ -1,116 +0,0 @@
-/*
- * Copyright (c) 2011, Max Filippov, Open Source and Linux Lab.
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions are met:
- * * Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * * Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * * Neither the name of the Open Source and Linux Lab nor the
- * names of its contributors may be used to endorse or promote products
- * derived from this software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
- * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
- * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
- * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
- * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-#include "sysemu.h"
-#include "boards.h"
-#include "loader.h"
-#include "elf.h"
-#include "memory.h"
-#include "exec-memory.h"
-
-static uint64_t translate_phys_addr(void *env, uint64_t addr)
-{
- return cpu_get_phys_page_debug(env, addr);
-}
-
-static void sim_reset(void *opaque)
-{
- XtensaCPU *cpu = opaque;
-
- cpu_reset(CPU(cpu));
-}
-
-static void xtensa_sim_init(QEMUMachineInitArgs *args)
-{
- XtensaCPU *cpu = NULL;
- CPUXtensaState *env = NULL;
- MemoryRegion *ram, *rom;
- ram_addr_t ram_size = args->ram_size;
- const char *cpu_model = args->cpu_model;
- const char *kernel_filename = args->kernel_filename;
- int n;
-
- if (!cpu_model) {
- cpu_model = XTENSA_DEFAULT_CPU_MODEL;
- }
-
- for (n = 0; n < smp_cpus; n++) {
- cpu = cpu_xtensa_init(cpu_model);
- if (cpu == NULL) {
- fprintf(stderr, "Unable to find CPU definition\n");
- exit(1);
- }
- env = &cpu->env;
-
- env->sregs[PRID] = n;
- qemu_register_reset(sim_reset, cpu);
- /* Need MMU initialized prior to ELF loading,
- * so that ELF gets loaded into virtual addresses
- */
- sim_reset(cpu);
- }
-
- ram = g_malloc(sizeof(*ram));
- memory_region_init_ram(ram, "xtensa.sram", ram_size);
- vmstate_register_ram_global(ram);
- memory_region_add_subregion(get_system_memory(), 0, ram);
-
- rom = g_malloc(sizeof(*rom));
- memory_region_init_ram(rom, "xtensa.rom", 0x1000);
- vmstate_register_ram_global(rom);
- memory_region_add_subregion(get_system_memory(), 0xfe000000, rom);
-
- if (kernel_filename) {
- uint64_t elf_entry;
- uint64_t elf_lowaddr;
-#ifdef TARGET_WORDS_BIGENDIAN
- int success = load_elf(kernel_filename, translate_phys_addr, env,
- &elf_entry, &elf_lowaddr, NULL, 1, ELF_MACHINE, 0);
-#else
- int success = load_elf(kernel_filename, translate_phys_addr, env,
- &elf_entry, &elf_lowaddr, NULL, 0, ELF_MACHINE, 0);
-#endif
- if (success > 0) {
- env->pc = elf_entry;
- }
- }
-}
-
-static QEMUMachine xtensa_sim_machine = {
- .name = "sim",
- .desc = "sim machine (" XTENSA_DEFAULT_CPU_MODEL ")",
- .is_default = true,
- .init = xtensa_sim_init,
- .max_cpus = 4,
-};
-
-static void xtensa_sim_machine_init(void)
-{
- qemu_register_machine(&xtensa_sim_machine);
-}
-
-machine_init(xtensa_sim_machine_init);
diff --git a/hw/z2.c b/hw/z2.c
deleted file mode 100644
index f62b8067b..000000000
--- a/hw/z2.c
+++ /dev/null
@@ -1,383 +0,0 @@
-/*
- * PXA270-based Zipit Z2 device
- *
- * Copyright (c) 2011 by Vasily Khoruzhick <anarsoul@gmail.com>
- *
- * Code is based on mainstone platform.
- *
- * This code is licensed under the GNU GPL v2.
- *
- * Contributions after 2012-01-13 are licensed under the terms of the
- * GNU GPL, version 2 or (at your option) any later version.
- */
-
-#include "hw.h"
-#include "pxa.h"
-#include "arm-misc.h"
-#include "devices.h"
-#include "i2c.h"
-#include "ssi.h"
-#include "boards.h"
-#include "sysemu.h"
-#include "flash.h"
-#include "blockdev.h"
-#include "console.h"
-#include "audio/audio.h"
-#include "exec-memory.h"
-
-#ifdef DEBUG_Z2
-#define DPRINTF(fmt, ...) \
- printf(fmt, ## __VA_ARGS__)
-#else
-#define DPRINTF(fmt, ...)
-#endif
-
-static struct keymap map[0x100] = {
- [0 ... 0xff] = { -1, -1 },
- [0x3b] = {0, 0}, /* Option = F1 */
- [0xc8] = {0, 1}, /* Up */
- [0xd0] = {0, 2}, /* Down */
- [0xcb] = {0, 3}, /* Left */
- [0xcd] = {0, 4}, /* Right */
- [0xcf] = {0, 5}, /* End */
- [0x0d] = {0, 6}, /* KPPLUS */
- [0xc7] = {1, 0}, /* Home */
- [0x10] = {1, 1}, /* Q */
- [0x17] = {1, 2}, /* I */
- [0x22] = {1, 3}, /* G */
- [0x2d] = {1, 4}, /* X */
- [0x1c] = {1, 5}, /* Enter */
- [0x0c] = {1, 6}, /* KPMINUS */
- [0xc9] = {2, 0}, /* PageUp */
- [0x11] = {2, 1}, /* W */
- [0x18] = {2, 2}, /* O */
- [0x23] = {2, 3}, /* H */
- [0x2e] = {2, 4}, /* C */
- [0x38] = {2, 5}, /* LeftAlt */
- [0xd1] = {3, 0}, /* PageDown */
- [0x12] = {3, 1}, /* E */
- [0x19] = {3, 2}, /* P */
- [0x24] = {3, 3}, /* J */
- [0x2f] = {3, 4}, /* V */
- [0x2a] = {3, 5}, /* LeftShift */
- [0x01] = {4, 0}, /* Esc */
- [0x13] = {4, 1}, /* R */
- [0x1e] = {4, 2}, /* A */
- [0x25] = {4, 3}, /* K */
- [0x30] = {4, 4}, /* B */
- [0x1d] = {4, 5}, /* LeftCtrl */
- [0x0f] = {5, 0}, /* Tab */
- [0x14] = {5, 1}, /* T */
- [0x1f] = {5, 2}, /* S */
- [0x26] = {5, 3}, /* L */
- [0x31] = {5, 4}, /* N */
- [0x39] = {5, 5}, /* Space */
- [0x3c] = {6, 0}, /* Stop = F2 */
- [0x15] = {6, 1}, /* Y */
- [0x20] = {6, 2}, /* D */
- [0x0e] = {6, 3}, /* Backspace */
- [0x32] = {6, 4}, /* M */
- [0x33] = {6, 5}, /* Comma */
- [0x3d] = {7, 0}, /* Play = F3 */
- [0x16] = {7, 1}, /* U */
- [0x21] = {7, 2}, /* F */
- [0x2c] = {7, 3}, /* Z */
- [0x27] = {7, 4}, /* Semicolon */
- [0x34] = {7, 5}, /* Dot */
-};
-
-#define Z2_RAM_SIZE 0x02000000
-#define Z2_FLASH_BASE 0x00000000
-#define Z2_FLASH_SIZE 0x00800000
-
-static struct arm_boot_info z2_binfo = {
- .loader_start = PXA2XX_SDRAM_BASE,
- .ram_size = Z2_RAM_SIZE,
-};
-
-#define Z2_GPIO_SD_DETECT 96
-#define Z2_GPIO_AC_IN 0
-#define Z2_GPIO_KEY_ON 1
-#define Z2_GPIO_LCD_CS 88
-
-typedef struct {
- SSISlave ssidev;
- int32_t selected;
- int32_t enabled;
- uint8_t buf[3];
- uint32_t cur_reg;
- int pos;
-} ZipitLCD;
-
-static uint32_t zipit_lcd_transfer(SSISlave *dev, uint32_t value)
-{
- ZipitLCD *z = FROM_SSI_SLAVE(ZipitLCD, dev);
- uint16_t val;
- if (z->selected) {
- z->buf[z->pos] = value & 0xff;
- z->pos++;
- }
- if (z->pos == 3) {
- switch (z->buf[0]) {
- case 0x74:
- DPRINTF("%s: reg: 0x%.2x\n", __func__, z->buf[2]);
- z->cur_reg = z->buf[2];
- break;
- case 0x76:
- val = z->buf[1] << 8 | z->buf[2];
- DPRINTF("%s: value: 0x%.4x\n", __func__, val);
- if (z->cur_reg == 0x22 && val == 0x0000) {
- z->enabled = 1;
- printf("%s: LCD enabled\n", __func__);
- } else if (z->cur_reg == 0x10 && val == 0x0000) {
- z->enabled = 0;
- printf("%s: LCD disabled\n", __func__);
- }
- break;
- default:
- DPRINTF("%s: unknown command!\n", __func__);
- break;
- }
- z->pos = 0;
- }
- return 0;
-}
-
-static void z2_lcd_cs(void *opaque, int line, int level)
-{
- ZipitLCD *z2_lcd = opaque;
- z2_lcd->selected = !level;
-}
-
-static int zipit_lcd_init(SSISlave *dev)
-{
- ZipitLCD *z = FROM_SSI_SLAVE(ZipitLCD, dev);
- z->selected = 0;
- z->enabled = 0;
- z->pos = 0;
-
- return 0;
-}
-
-static VMStateDescription vmstate_zipit_lcd_state = {
- .name = "zipit-lcd",
- .version_id = 2,
- .minimum_version_id = 2,
- .minimum_version_id_old = 2,
- .fields = (VMStateField[]) {
- VMSTATE_SSI_SLAVE(ssidev, ZipitLCD),
- VMSTATE_INT32(selected, ZipitLCD),
- VMSTATE_INT32(enabled, ZipitLCD),
- VMSTATE_BUFFER(buf, ZipitLCD),
- VMSTATE_UINT32(cur_reg, ZipitLCD),
- VMSTATE_INT32(pos, ZipitLCD),
- VMSTATE_END_OF_LIST(),
- }
-};
-
-static void zipit_lcd_class_init(ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS(klass);
- SSISlaveClass *k = SSI_SLAVE_CLASS(klass);
-
- k->init = zipit_lcd_init;
- k->transfer = zipit_lcd_transfer;
- dc->vmsd = &vmstate_zipit_lcd_state;
-}
-
-static TypeInfo zipit_lcd_info = {
- .name = "zipit-lcd",
- .parent = TYPE_SSI_SLAVE,
- .instance_size = sizeof(ZipitLCD),
- .class_init = zipit_lcd_class_init,
-};
-
-typedef struct {
- I2CSlave i2c;
- int len;
- uint8_t buf[3];
-} AER915State;
-
-static int aer915_send(I2CSlave *i2c, uint8_t data)
-{
- AER915State *s = FROM_I2C_SLAVE(AER915State, i2c);
- s->buf[s->len] = data;
- if (s->len++ > 2) {
- DPRINTF("%s: message too long (%i bytes)\n",
- __func__, s->len);
- return 1;
- }
-
- if (s->len == 2) {
- DPRINTF("%s: reg %d value 0x%02x\n", __func__,
- s->buf[0], s->buf[1]);
- }
-
- return 0;
-}
-
-static void aer915_event(I2CSlave *i2c, enum i2c_event event)
-{
- AER915State *s = FROM_I2C_SLAVE(AER915State, i2c);
- switch (event) {
- case I2C_START_SEND:
- s->len = 0;
- break;
- case I2C_START_RECV:
- if (s->len != 1) {
- DPRINTF("%s: short message!?\n", __func__);
- }
- break;
- case I2C_FINISH:
- break;
- default:
- break;
- }
-}
-
-static int aer915_recv(I2CSlave *slave)
-{
- int retval = 0x00;
- AER915State *s = FROM_I2C_SLAVE(AER915State, slave);
-
- switch (s->buf[0]) {
- /* Return hardcoded battery voltage,
- * 0xf0 means ~4.1V
- */
- case 0x02:
- retval = 0xf0;
- break;
- /* Return 0x00 for other regs,
- * we don't know what they are for,
- * anyway they return 0x00 on real hardware.
- */
- default:
- break;
- }
-
- return retval;
-}
-
-static int aer915_init(I2CSlave *i2c)
-{
- /* Nothing to do. */
- return 0;
-}
-
-static VMStateDescription vmstate_aer915_state = {
- .name = "aer915",
- .version_id = 1,
- .minimum_version_id = 1,
- .minimum_version_id_old = 1,
- .fields = (VMStateField[]) {
- VMSTATE_INT32(len, AER915State),
- VMSTATE_BUFFER(buf, AER915State),
- VMSTATE_END_OF_LIST(),
- }
-};
-
-static void aer915_class_init(ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS(klass);
- I2CSlaveClass *k = I2C_SLAVE_CLASS(klass);
-
- k->init = aer915_init;
- k->event = aer915_event;
- k->recv = aer915_recv;
- k->send = aer915_send;
- dc->vmsd = &vmstate_aer915_state;
-}
-
-static TypeInfo aer915_info = {
- .name = "aer915",
- .parent = TYPE_I2C_SLAVE,
- .instance_size = sizeof(AER915State),
- .class_init = aer915_class_init,
-};
-
-static void z2_init(QEMUMachineInitArgs *args)
-{
- const char *cpu_model = args->cpu_model;
- const char *kernel_filename = args->kernel_filename;
- const char *kernel_cmdline = args->kernel_cmdline;
- const char *initrd_filename = args->initrd_filename;
- MemoryRegion *address_space_mem = get_system_memory();
- uint32_t sector_len = 0x10000;
- PXA2xxState *mpu;
- DriveInfo *dinfo;
- int be;
- void *z2_lcd;
- i2c_bus *bus;
- DeviceState *wm;
-
- if (!cpu_model) {
- cpu_model = "pxa270-c5";
- }
-
- /* Setup CPU & memory */
- mpu = pxa270_init(address_space_mem, z2_binfo.ram_size, cpu_model);
-
-#ifdef TARGET_WORDS_BIGENDIAN
- be = 1;
-#else
- be = 0;
-#endif
- dinfo = drive_get(IF_PFLASH, 0, 0);
- if (!dinfo) {
- fprintf(stderr, "Flash image must be given with the "
- "'pflash' parameter\n");
- exit(1);
- }
-
- if (!pflash_cfi01_register(Z2_FLASH_BASE,
- NULL, "z2.flash0", Z2_FLASH_SIZE,
- dinfo->bdrv, sector_len,
- Z2_FLASH_SIZE / sector_len, 4, 0, 0, 0, 0,
- be)) {
- fprintf(stderr, "qemu: Error registering flash memory.\n");
- exit(1);
- }
-
- /* setup keypad */
- pxa27x_register_keypad(mpu->kp, map, 0x100);
-
- /* MMC/SD host */
- pxa2xx_mmci_handlers(mpu->mmc,
- NULL,
- qdev_get_gpio_in(mpu->gpio, Z2_GPIO_SD_DETECT));
-
- type_register_static(&zipit_lcd_info);
- type_register_static(&aer915_info);
- z2_lcd = ssi_create_slave(mpu->ssp[1], "zipit-lcd");
- bus = pxa2xx_i2c_bus(mpu->i2c[0]);
- i2c_create_slave(bus, "aer915", 0x55);
- wm = i2c_create_slave(bus, "wm8750", 0x1b);
- mpu->i2s->opaque = wm;
- mpu->i2s->codec_out = wm8750_dac_dat;
- mpu->i2s->codec_in = wm8750_adc_dat;
- wm8750_data_req_set(wm, mpu->i2s->data_req, mpu->i2s);
-
- qdev_connect_gpio_out(mpu->gpio, Z2_GPIO_LCD_CS,
- qemu_allocate_irqs(z2_lcd_cs, z2_lcd, 1)[0]);
-
- if (kernel_filename) {
- z2_binfo.kernel_filename = kernel_filename;
- z2_binfo.kernel_cmdline = kernel_cmdline;
- z2_binfo.initrd_filename = initrd_filename;
- z2_binfo.board_id = 0x6dd;
- arm_load_kernel(mpu->cpu, &z2_binfo);
- }
-}
-
-static QEMUMachine z2_machine = {
- .name = "z2",
- .desc = "Zipit Z2 (PXA27x)",
- .init = z2_init,
-};
-
-static void z2_machine_init(void)
-{
- qemu_register_machine(&z2_machine);
-}
-
-machine_init(z2_machine_init);
diff --git a/hw/zaurus.c b/hw/zaurus.c
deleted file mode 100644
index d77b34ecc..000000000
--- a/hw/zaurus.c
+++ /dev/null
@@ -1,292 +0,0 @@
-/*
- * Copyright (c) 2006-2008 Openedhand Ltd.
- * Written by Andrzej Zaborowski <balrog@zabor.org>
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License as
- * published by the Free Software Foundation; either version 2 or
- * (at your option) version 3 of the License.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, see <http://www.gnu.org/licenses/>.
- */
-#include "hw.h"
-#include "sharpsl.h"
-#include "sysbus.h"
-
-#undef REG_FMT
-#define REG_FMT "0x%02lx"
-
-/* SCOOP devices */
-
-typedef struct ScoopInfo ScoopInfo;
-struct ScoopInfo {
- SysBusDevice busdev;
- qemu_irq handler[16];
- MemoryRegion iomem;
- uint16_t status;
- uint16_t power;
- uint32_t gpio_level;
- uint32_t gpio_dir;
- uint32_t prev_level;
-
- uint16_t mcr;
- uint16_t cdr;
- uint16_t ccr;
- uint16_t irr;
- uint16_t imr;
- uint16_t isr;
-};
-
-#define SCOOP_MCR 0x00
-#define SCOOP_CDR 0x04
-#define SCOOP_CSR 0x08
-#define SCOOP_CPR 0x0c
-#define SCOOP_CCR 0x10
-#define SCOOP_IRR_IRM 0x14
-#define SCOOP_IMR 0x18
-#define SCOOP_ISR 0x1c
-#define SCOOP_GPCR 0x20
-#define SCOOP_GPWR 0x24
-#define SCOOP_GPRR 0x28
-
-static inline void scoop_gpio_handler_update(ScoopInfo *s) {
- uint32_t level, diff;
- int bit;
- level = s->gpio_level & s->gpio_dir;
-
- for (diff = s->prev_level ^ level; diff; diff ^= 1 << bit) {
- bit = ffs(diff) - 1;
- qemu_set_irq(s->handler[bit], (level >> bit) & 1);
- }
-
- s->prev_level = level;
-}
-
-static uint64_t scoop_read(void *opaque, hwaddr addr,
- unsigned size)
-{
- ScoopInfo *s = (ScoopInfo *) opaque;
-
- switch (addr & 0x3f) {
- case SCOOP_MCR:
- return s->mcr;
- case SCOOP_CDR:
- return s->cdr;
- case SCOOP_CSR:
- return s->status;
- case SCOOP_CPR:
- return s->power;
- case SCOOP_CCR:
- return s->ccr;
- case SCOOP_IRR_IRM:
- return s->irr;
- case SCOOP_IMR:
- return s->imr;
- case SCOOP_ISR:
- return s->isr;
- case SCOOP_GPCR:
- return s->gpio_dir;
- case SCOOP_GPWR:
- case SCOOP_GPRR:
- return s->gpio_level;
- default:
- zaurus_printf("Bad register offset " REG_FMT "\n", (unsigned long)addr);
- }
-
- return 0;
-}
-
-static void scoop_write(void *opaque, hwaddr addr,
- uint64_t value, unsigned size)
-{
- ScoopInfo *s = (ScoopInfo *) opaque;
- value &= 0xffff;
-
- switch (addr & 0x3f) {
- case SCOOP_MCR:
- s->mcr = value;
- break;
- case SCOOP_CDR:
- s->cdr = value;
- break;
- case SCOOP_CPR:
- s->power = value;
- if (value & 0x80)
- s->power |= 0x8040;
- break;
- case SCOOP_CCR:
- s->ccr = value;
- break;
- case SCOOP_IRR_IRM:
- s->irr = value;
- break;
- case SCOOP_IMR:
- s->imr = value;
- break;
- case SCOOP_ISR:
- s->isr = value;
- break;
- case SCOOP_GPCR:
- s->gpio_dir = value;
- scoop_gpio_handler_update(s);
- break;
- case SCOOP_GPWR:
- case SCOOP_GPRR: /* GPRR is probably R/O in real HW */
- s->gpio_level = value & s->gpio_dir;
- scoop_gpio_handler_update(s);
- break;
- default:
- zaurus_printf("Bad register offset " REG_FMT "\n", (unsigned long)addr);
- }
-}
-
-static const MemoryRegionOps scoop_ops = {
- .read = scoop_read,
- .write = scoop_write,
- .endianness = DEVICE_NATIVE_ENDIAN,
-};
-
-static void scoop_gpio_set(void *opaque, int line, int level)
-{
- ScoopInfo *s = (ScoopInfo *) opaque;
-
- if (level)
- s->gpio_level |= (1 << line);
- else
- s->gpio_level &= ~(1 << line);
-}
-
-static int scoop_init(SysBusDevice *dev)
-{
- ScoopInfo *s = FROM_SYSBUS(ScoopInfo, dev);
-
- s->status = 0x02;
- qdev_init_gpio_out(&s->busdev.qdev, s->handler, 16);
- qdev_init_gpio_in(&s->busdev.qdev, scoop_gpio_set, 16);
- memory_region_init_io(&s->iomem, &scoop_ops, s, "scoop", 0x1000);
-
- sysbus_init_mmio(dev, &s->iomem);
-
- return 0;
-}
-
-static int scoop_post_load(void *opaque, int version_id)
-{
- ScoopInfo *s = (ScoopInfo *) opaque;
- int i;
- uint32_t level;
-
- level = s->gpio_level & s->gpio_dir;
-
- for (i = 0; i < 16; i++) {
- qemu_set_irq(s->handler[i], (level >> i) & 1);
- }
-
- s->prev_level = level;
-
- return 0;
-}
-
-static bool is_version_0 (void *opaque, int version_id)
-{
- return version_id == 0;
-}
-
-static const VMStateDescription vmstate_scoop_regs = {
- .name = "scoop",
- .version_id = 1,
- .minimum_version_id = 0,
- .minimum_version_id_old = 0,
- .post_load = scoop_post_load,
- .fields = (VMStateField []) {
- VMSTATE_UINT16(status, ScoopInfo),
- VMSTATE_UINT16(power, ScoopInfo),
- VMSTATE_UINT32(gpio_level, ScoopInfo),
- VMSTATE_UINT32(gpio_dir, ScoopInfo),
- VMSTATE_UINT32(prev_level, ScoopInfo),
- VMSTATE_UINT16(mcr, ScoopInfo),
- VMSTATE_UINT16(cdr, ScoopInfo),
- VMSTATE_UINT16(ccr, ScoopInfo),
- VMSTATE_UINT16(irr, ScoopInfo),
- VMSTATE_UINT16(imr, ScoopInfo),
- VMSTATE_UINT16(isr, ScoopInfo),
- VMSTATE_UNUSED_TEST(is_version_0, 2),
- VMSTATE_END_OF_LIST(),
- },
-};
-
-static Property scoop_sysbus_properties[] = {
- DEFINE_PROP_END_OF_LIST(),
-};
-
-static void scoop_sysbus_class_init(ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS(klass);
- SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
-
- k->init = scoop_init;
- dc->desc = "Scoop2 Sharp custom ASIC";
- dc->vmsd = &vmstate_scoop_regs;
- dc->props = scoop_sysbus_properties;
-}
-
-static TypeInfo scoop_sysbus_info = {
- .name = "scoop",
- .parent = TYPE_SYS_BUS_DEVICE,
- .instance_size = sizeof(ScoopInfo),
- .class_init = scoop_sysbus_class_init,
-};
-
-static void scoop_register_types(void)
-{
- type_register_static(&scoop_sysbus_info);
-}
-
-type_init(scoop_register_types)
-
-/* Write the bootloader parameters memory area. */
-
-#define MAGIC_CHG(a, b, c, d) ((d << 24) | (c << 16) | (b << 8) | a)
-
-static struct QEMU_PACKED sl_param_info {
- uint32_t comadj_keyword;
- int32_t comadj;
-
- uint32_t uuid_keyword;
- char uuid[16];
-
- uint32_t touch_keyword;
- int32_t touch_xp;
- int32_t touch_yp;
- int32_t touch_xd;
- int32_t touch_yd;
-
- uint32_t adadj_keyword;
- int32_t adadj;
-
- uint32_t phad_keyword;
- int32_t phadadj;
-} zaurus_bootparam = {
- .comadj_keyword = MAGIC_CHG('C', 'M', 'A', 'D'),
- .comadj = 125,
- .uuid_keyword = MAGIC_CHG('U', 'U', 'I', 'D'),
- .uuid = { -1 },
- .touch_keyword = MAGIC_CHG('T', 'U', 'C', 'H'),
- .touch_xp = -1,
- .adadj_keyword = MAGIC_CHG('B', 'V', 'A', 'D'),
- .adadj = -1,
- .phad_keyword = MAGIC_CHG('P', 'H', 'A', 'D'),
- .phadadj = 0x01,
-};
-
-void sl_bootparam_write(hwaddr ptr)
-{
- cpu_physical_memory_write(ptr, (void *)&zaurus_bootparam,
- sizeof(struct sl_param_info));
-}
diff --git a/hw/zynq_slcr.c b/hw/zynq_slcr.c
deleted file mode 100644
index dde430619..000000000
--- a/hw/zynq_slcr.c
+++ /dev/null
@@ -1,535 +0,0 @@
-/*
- * Status and system control registers for Xilinx Zynq Platform
- *
- * Copyright (c) 2011 Michal Simek <monstr@monstr.eu>
- * Copyright (c) 2012 PetaLogix Pty Ltd.
- * Based on hw/arm_sysctl.c, written by Paul Brook
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License
- * as published by the Free Software Foundation; either version
- * 2 of the License, or (at your option) any later version.
- *
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, see <http://www.gnu.org/licenses/>.
- */
-
-#include "hw.h"
-#include "qemu-timer.h"
-#include "sysbus.h"
-#include "sysemu.h"
-
-#ifdef ZYNQ_ARM_SLCR_ERR_DEBUG
-#define DB_PRINT(...) do { \
- fprintf(stderr, ": %s: ", __func__); \
- fprintf(stderr, ## __VA_ARGS__); \
- } while (0);
-#else
- #define DB_PRINT(...)
-#endif
-
-#define XILINX_LOCK_KEY 0x767b
-#define XILINX_UNLOCK_KEY 0xdf0d
-
-typedef enum {
- ARM_PLL_CTRL,
- DDR_PLL_CTRL,
- IO_PLL_CTRL,
- PLL_STATUS,
- ARM_PPL_CFG,
- DDR_PLL_CFG,
- IO_PLL_CFG,
- PLL_BG_CTRL,
- PLL_MAX
-} PLLValues;
-
-typedef enum {
- ARM_CLK_CTRL,
- DDR_CLK_CTRL,
- DCI_CLK_CTRL,
- APER_CLK_CTRL,
- USB0_CLK_CTRL,
- USB1_CLK_CTRL,
- GEM0_RCLK_CTRL,
- GEM1_RCLK_CTRL,
- GEM0_CLK_CTRL,
- GEM1_CLK_CTRL,
- SMC_CLK_CTRL,
- LQSPI_CLK_CTRL,
- SDIO_CLK_CTRL,
- UART_CLK_CTRL,
- SPI_CLK_CTRL,
- CAN_CLK_CTRL,
- CAN_MIOCLK_CTRL,
- DBG_CLK_CTRL,
- PCAP_CLK_CTRL,
- TOPSW_CLK_CTRL,
- CLK_MAX
-} ClkValues;
-
-typedef enum {
- CLK_CTRL,
- THR_CTRL,
- THR_CNT,
- THR_STA,
- FPGA_MAX
-} FPGAValues;
-
-typedef enum {
- SYNC_CTRL,
- SYNC_STATUS,
- BANDGAP_TRIP,
- CC_TEST,
- PLL_PREDIVISOR,
- CLK_621_TRUE,
- PICTURE_DBG,
- PICTURE_DBG_UCNT,
- PICTURE_DBG_LCNT,
- MISC_MAX
-} MiscValues;
-
-typedef enum {
- PSS,
- DDDR,
- DMAC = 3,
- USB,
- GEM,
- SDIO,
- SPI,
- CAN,
- I2C,
- UART,
- GPIO,
- LQSPI,
- SMC,
- OCM,
- DEVCI,
- FPGA,
- A9_CPU,
- RS_AWDT,
- RST_REASON,
- RST_REASON_CLR,
- REBOOT_STATUS,
- BOOT_MODE,
- RESET_MAX
-} ResetValues;
-
-typedef struct {
- SysBusDevice busdev;
- MemoryRegion iomem;
-
- union {
- struct {
- uint16_t scl;
- uint16_t lockval;
- uint32_t pll[PLL_MAX]; /* 0x100 - 0x11C */
- uint32_t clk[CLK_MAX]; /* 0x120 - 0x16C */
- uint32_t fpga[4][FPGA_MAX]; /* 0x170 - 0x1AC */
- uint32_t misc[MISC_MAX]; /* 0x1B0 - 0x1D8 */
- uint32_t reset[RESET_MAX]; /* 0x200 - 0x25C */
- uint32_t apu_ctrl; /* 0x300 */
- uint32_t wdt_clk_sel; /* 0x304 */
- uint32_t tz_ocm[3]; /* 0x400 - 0x408 */
- uint32_t tz_ddr; /* 0x430 */
- uint32_t tz_dma[3]; /* 0x440 - 0x448 */
- uint32_t tz_misc[3]; /* 0x450 - 0x458 */
- uint32_t tz_fpga[2]; /* 0x484 - 0x488 */
- uint32_t dbg_ctrl; /* 0x500 */
- uint32_t pss_idcode; /* 0x530 */
- uint32_t ddr[8]; /* 0x600 - 0x620 - 0x604-missing */
- uint32_t mio[54]; /* 0x700 - 0x7D4 */
- uint32_t mio_func[4]; /* 0x800 - 0x810 */
- uint32_t sd[2]; /* 0x830 - 0x834 */
- uint32_t lvl_shftr_en; /* 0x900 */
- uint32_t ocm_cfg; /* 0x910 */
- uint32_t cpu_ram[8]; /* 0xA00 - 0xA1C */
- uint32_t iou[7]; /* 0xA30 - 0xA48 */
- uint32_t dmac_ram; /* 0xA50 */
- uint32_t afi[4][3]; /* 0xA60 - 0xA8C */
- uint32_t ocm[3]; /* 0xA90 - 0xA98 */
- uint32_t devci_ram; /* 0xAA0 */
- uint32_t csg_ram; /* 0xAB0 */
- uint32_t gpiob[12]; /* 0xB00 - 0xB2C */
- uint32_t ddriob[14]; /* 0xB40 - 0xB74 */
- };
- uint8_t data[0x1000];
- };
-} ZynqSLCRState;
-
-static void zynq_slcr_reset(DeviceState *d)
-{
- int i;
- ZynqSLCRState *s =
- FROM_SYSBUS(ZynqSLCRState, sysbus_from_qdev(d));
-
- DB_PRINT("RESET\n");
-
- s->lockval = 1;
- /* 0x100 - 0x11C */
- s->pll[ARM_PLL_CTRL] = 0x0001A008;
- s->pll[DDR_PLL_CTRL] = 0x0001A008;
- s->pll[IO_PLL_CTRL] = 0x0001A008;
- s->pll[PLL_STATUS] = 0x0000003F;
- s->pll[ARM_PPL_CFG] = 0x00014000;
- s->pll[DDR_PLL_CFG] = 0x00014000;
- s->pll[IO_PLL_CFG] = 0x00014000;
-
- /* 0x120 - 0x16C */
- s->clk[ARM_CLK_CTRL] = 0x1F000400;
- s->clk[DDR_CLK_CTRL] = 0x18400003;
- s->clk[DCI_CLK_CTRL] = 0x01E03201;
- s->clk[APER_CLK_CTRL] = 0x01FFCCCD;
- s->clk[USB0_CLK_CTRL] = s->clk[USB1_CLK_CTRL] = 0x00101941;
- s->clk[GEM0_RCLK_CTRL] = s->clk[GEM1_RCLK_CTRL] = 0x00000001;
- s->clk[GEM0_CLK_CTRL] = s->clk[GEM1_CLK_CTRL] = 0x00003C01;
- s->clk[SMC_CLK_CTRL] = 0x00003C01;
- s->clk[LQSPI_CLK_CTRL] = 0x00002821;
- s->clk[SDIO_CLK_CTRL] = 0x00001E03;
- s->clk[UART_CLK_CTRL] = 0x00003F03;
- s->clk[SPI_CLK_CTRL] = 0x00003F03;
- s->clk[CAN_CLK_CTRL] = 0x00501903;
- s->clk[DBG_CLK_CTRL] = 0x00000F03;
- s->clk[PCAP_CLK_CTRL] = 0x00000F01;
-
- /* 0x170 - 0x1AC */
- s->fpga[0][CLK_CTRL] = s->fpga[1][CLK_CTRL] = s->fpga[2][CLK_CTRL] =
- s->fpga[3][CLK_CTRL] = 0x00101800;
- s->fpga[0][THR_STA] = s->fpga[1][THR_STA] = s->fpga[2][THR_STA] =
- s->fpga[3][THR_STA] = 0x00010000;
-
- /* 0x1B0 - 0x1D8 */
- s->misc[BANDGAP_TRIP] = 0x0000001F;
- s->misc[PLL_PREDIVISOR] = 0x00000001;
- s->misc[CLK_621_TRUE] = 0x00000001;
-
- /* 0x200 - 0x25C */
- s->reset[FPGA] = 0x01F33F0F;
- s->reset[RST_REASON] = 0x00000040;
-
- /* 0x700 - 0x7D4 */
- for (i = 0; i < 54; i++) {
- s->mio[i] = 0x00001601;
- }
- for (i = 2; i <= 8; i++) {
- s->mio[i] = 0x00000601;
- }
-
- /* MIO_MST_TRI0, MIO_MST_TRI1 */
- s->mio_func[2] = s->mio_func[3] = 0xFFFFFFFF;
-
- s->cpu_ram[0] = s->cpu_ram[1] = s->cpu_ram[3] =
- s->cpu_ram[4] = s->cpu_ram[7] = 0x00010101;
- s->cpu_ram[2] = s->cpu_ram[5] = 0x01010101;
- s->cpu_ram[6] = 0x00000001;
-
- s->iou[0] = s->iou[1] = s->iou[2] = s->iou[3] = 0x09090909;
- s->iou[4] = s->iou[5] = 0x00090909;
- s->iou[6] = 0x00000909;
-
- s->dmac_ram = 0x00000009;
-
- s->afi[0][0] = s->afi[0][1] = 0x09090909;
- s->afi[1][0] = s->afi[1][1] = 0x09090909;
- s->afi[2][0] = s->afi[2][1] = 0x09090909;
- s->afi[3][0] = s->afi[3][1] = 0x09090909;
- s->afi[0][2] = s->afi[1][2] = s->afi[2][2] = s->afi[3][2] = 0x00000909;
-
- s->ocm[0] = 0x01010101;
- s->ocm[1] = s->ocm[2] = 0x09090909;
-
- s->devci_ram = 0x00000909;
- s->csg_ram = 0x00000001;
-
- s->ddriob[0] = s->ddriob[1] = s->ddriob[2] = s->ddriob[3] = 0x00000e00;
- s->ddriob[4] = s->ddriob[5] = s->ddriob[6] = 0x00000e00;
- s->ddriob[12] = 0x00000021;
-}
-
-static inline uint32_t zynq_slcr_read_imp(void *opaque,
- hwaddr offset)
-{
- ZynqSLCRState *s = (ZynqSLCRState *)opaque;
-
- switch (offset) {
- case 0x0: /* SCL */
- return s->scl;
- case 0x4: /* LOCK */
- case 0x8: /* UNLOCK */
- DB_PRINT("Reading SCLR_LOCK/UNLOCK is not enabled\n");
- return 0;
- case 0x0C: /* LOCKSTA */
- return s->lockval;
- case 0x100 ... 0x11C:
- return s->pll[(offset - 0x100) / 4];
- case 0x120 ... 0x16C:
- return s->clk[(offset - 0x120) / 4];
- case 0x170 ... 0x1AC:
- return s->fpga[0][(offset - 0x170) / 4];
- case 0x1B0 ... 0x1D8:
- return s->misc[(offset - 0x1B0) / 4];
- case 0x200 ... 0x258:
- return s->reset[(offset - 0x200) / 4];
- case 0x25c:
- return 1;
- case 0x300:
- return s->apu_ctrl;
- case 0x304:
- return s->wdt_clk_sel;
- case 0x400 ... 0x408:
- return s->tz_ocm[(offset - 0x400) / 4];
- case 0x430:
- return s->tz_ddr;
- case 0x440 ... 0x448:
- return s->tz_dma[(offset - 0x440) / 4];
- case 0x450 ... 0x458:
- return s->tz_misc[(offset - 0x450) / 4];
- case 0x484 ... 0x488:
- return s->tz_fpga[(offset - 0x484) / 4];
- case 0x500:
- return s->dbg_ctrl;
- case 0x530:
- return s->pss_idcode;
- case 0x600 ... 0x620:
- if (offset == 0x604) {
- goto bad_reg;
- }
- return s->ddr[(offset - 0x600) / 4];
- case 0x700 ... 0x7D4:
- return s->mio[(offset - 0x700) / 4];
- case 0x800 ... 0x810:
- return s->mio_func[(offset - 0x800) / 4];
- case 0x830 ... 0x834:
- return s->sd[(offset - 0x830) / 4];
- case 0x900:
- return s->lvl_shftr_en;
- case 0x910:
- return s->ocm_cfg;
- case 0xA00 ... 0xA1C:
- return s->cpu_ram[(offset - 0xA00) / 4];
- case 0xA30 ... 0xA48:
- return s->iou[(offset - 0xA30) / 4];
- case 0xA50:
- return s->dmac_ram;
- case 0xA60 ... 0xA8C:
- return s->afi[0][(offset - 0xA60) / 4];
- case 0xA90 ... 0xA98:
- return s->ocm[(offset - 0xA90) / 4];
- case 0xAA0:
- return s->devci_ram;
- case 0xAB0:
- return s->csg_ram;
- case 0xB00 ... 0xB2C:
- return s->gpiob[(offset - 0xB00) / 4];
- case 0xB40 ... 0xB74:
- return s->ddriob[(offset - 0xB40) / 4];
- default:
- bad_reg:
- DB_PRINT("Bad register offset 0x%x\n", (int)offset);
- return 0;
- }
-}
-
-static uint64_t zynq_slcr_read(void *opaque, hwaddr offset,
- unsigned size)
-{
- uint32_t ret = zynq_slcr_read_imp(opaque, offset);
-
- DB_PRINT("addr: %08x data: %08x\n", offset, ret);
- return ret;
-}
-
-static void zynq_slcr_write(void *opaque, hwaddr offset,
- uint64_t val, unsigned size)
-{
- ZynqSLCRState *s = (ZynqSLCRState *)opaque;
-
- DB_PRINT("offset: %08x data: %08x\n", offset, (unsigned)val);
-
- switch (offset) {
- case 0x00: /* SCL */
- s->scl = val & 0x1;
- return;
- case 0x4: /* SLCR_LOCK */
- if ((val & 0xFFFF) == XILINX_LOCK_KEY) {
- DB_PRINT("XILINX LOCK 0xF8000000 + 0x%x <= 0x%x\n", (int)offset,
- (unsigned)val & 0xFFFF);
- s->lockval = 1;
- } else {
- DB_PRINT("WRONG XILINX LOCK KEY 0xF8000000 + 0x%x <= 0x%x\n",
- (int)offset, (unsigned)val & 0xFFFF);
- }
- return;
- case 0x8: /* SLCR_UNLOCK */
- if ((val & 0xFFFF) == XILINX_UNLOCK_KEY) {
- DB_PRINT("XILINX UNLOCK 0xF8000000 + 0x%x <= 0x%x\n", (int)offset,
- (unsigned)val & 0xFFFF);
- s->lockval = 0;
- } else {
- DB_PRINT("WRONG XILINX UNLOCK KEY 0xF8000000 + 0x%x <= 0x%x\n",
- (int)offset, (unsigned)val & 0xFFFF);
- }
- return;
- case 0xc: /* LOCKSTA */
- DB_PRINT("Writing SCLR_LOCKSTA is not enabled\n");
- return;
- }
-
- if (!s->lockval) {
- switch (offset) {
- case 0x100 ... 0x11C:
- if (offset == 0x10C) {
- goto bad_reg;
- }
- s->pll[(offset - 0x100) / 4] = val;
- break;
- case 0x120 ... 0x16C:
- s->clk[(offset - 0x120) / 4] = val;
- break;
- case 0x170 ... 0x1AC:
- s->fpga[0][(offset - 0x170) / 4] = val;
- break;
- case 0x1B0 ... 0x1D8:
- s->misc[(offset - 0x1B0) / 4] = val;
- break;
- case 0x200 ... 0x25C:
- if (offset == 0x250) {
- goto bad_reg;
- }
- s->reset[(offset - 0x200) / 4] = val;
- break;
- case 0x300:
- s->apu_ctrl = val;
- break;
- case 0x304:
- s->wdt_clk_sel = val;
- break;
- case 0x400 ... 0x408:
- s->tz_ocm[(offset - 0x400) / 4] = val;
- break;
- case 0x430:
- s->tz_ddr = val;
- break;
- case 0x440 ... 0x448:
- s->tz_dma[(offset - 0x440) / 4] = val;
- break;
- case 0x450 ... 0x458:
- s->tz_misc[(offset - 0x450) / 4] = val;
- break;
- case 0x484 ... 0x488:
- s->tz_fpga[(offset - 0x484) / 4] = val;
- break;
- case 0x500:
- s->dbg_ctrl = val;
- break;
- case 0x530:
- s->pss_idcode = val;
- break;
- case 0x600 ... 0x620:
- if (offset == 0x604) {
- goto bad_reg;
- }
- s->ddr[(offset - 0x600) / 4] = val;
- break;
- case 0x700 ... 0x7D4:
- s->mio[(offset - 0x700) / 4] = val;
- break;
- case 0x800 ... 0x810:
- s->mio_func[(offset - 0x800) / 4] = val;
- break;
- case 0x830 ... 0x834:
- s->sd[(offset - 0x830) / 4] = val;
- break;
- case 0x900:
- s->lvl_shftr_en = val;
- break;
- case 0x910:
- break;
- case 0xA00 ... 0xA1C:
- s->cpu_ram[(offset - 0xA00) / 4] = val;
- break;
- case 0xA30 ... 0xA48:
- s->iou[(offset - 0xA30) / 4] = val;
- break;
- case 0xA50:
- s->dmac_ram = val;
- break;
- case 0xA60 ... 0xA8C:
- s->afi[0][(offset - 0xA60) / 4] = val;
- break;
- case 0xA90:
- s->ocm[0] = val;
- break;
- case 0xAA0:
- s->devci_ram = val;
- break;
- case 0xAB0:
- s->csg_ram = val;
- break;
- case 0xB00 ... 0xB2C:
- if (offset == 0xB20 || offset == 0xB2C) {
- goto bad_reg;
- }
- s->gpiob[(offset - 0xB00) / 4] = val;
- break;
- case 0xB40 ... 0xB74:
- s->ddriob[(offset - 0xB40) / 4] = val;
- break;
- default:
- bad_reg:
- DB_PRINT("Bad register write %x <= %08x\n", (int)offset, val);
- }
- } else {
- DB_PRINT("SCLR registers are locked. Unlock them first\n");
- }
-}
-
-static const MemoryRegionOps slcr_ops = {
- .read = zynq_slcr_read,
- .write = zynq_slcr_write,
- .endianness = DEVICE_NATIVE_ENDIAN,
-};
-
-static int zynq_slcr_init(SysBusDevice *dev)
-{
- ZynqSLCRState *s = FROM_SYSBUS(ZynqSLCRState, dev);
-
- memory_region_init_io(&s->iomem, &slcr_ops, s, "slcr", 0x1000);
- sysbus_init_mmio(dev, &s->iomem);
-
- return 0;
-}
-
-static const VMStateDescription vmstate_zynq_slcr = {
- .name = "zynq_slcr",
- .version_id = 1,
- .minimum_version_id = 1,
- .minimum_version_id_old = 1,
- .fields = (VMStateField[]) {
- VMSTATE_UINT8_ARRAY(data, ZynqSLCRState, 0x1000),
- VMSTATE_END_OF_LIST()
- }
-};
-
-static void zynq_slcr_class_init(ObjectClass *klass, void *data)
-{
- DeviceClass *dc = DEVICE_CLASS(klass);
- SysBusDeviceClass *sdc = SYS_BUS_DEVICE_CLASS(klass);
-
- sdc->init = zynq_slcr_init;
- dc->vmsd = &vmstate_zynq_slcr;
- dc->reset = zynq_slcr_reset;
-}
-
-static TypeInfo zynq_slcr_info = {
- .class_init = zynq_slcr_class_init,
- .name = "xilinx,zynq_slcr",
- .parent = TYPE_SYS_BUS_DEVICE,
- .instance_size = sizeof(ZynqSLCRState),
-};
-
-static void zynq_slcr_register_types(void)
-{
- type_register_static(&zynq_slcr_info);
-}
-
-type_init(zynq_slcr_register_types)